Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp3540332rwe; Sun, 16 Apr 2023 22:48:58 -0700 (PDT) X-Google-Smtp-Source: AKy350Yz+Eom+9YrrqYM/5h/3NS/ZqtzwdfE/QMEN4ELy1PjMcWsAk/LNCJMk+HscIB92modBSzN X-Received: by 2002:a17:902:850c:b0:1a1:f0ad:8657 with SMTP id bj12-20020a170902850c00b001a1f0ad8657mr9504509plb.37.1681710538078; Sun, 16 Apr 2023 22:48:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681710538; cv=none; d=google.com; s=arc-20160816; b=bnZ9xgBUVIlopS9W88uhtNLJS198gIDFi/S5ij9CPKoa/3pNUxgIdIBSIaPA+hVyqm kuGeFrLNqLWbiD1T8+JOlbsDSZaaFjDNt1xKJKicrwF9bdPvlIjnE8YmXAeyprAMwkD1 45yFJpUxlmDiGJZYPHjS/efvWw7PAPU9BxfqR8OPqC1gJr2fmmeJbxtmYmFRaELIXsVa MhG8RadXM2D8Pw5TbmUc9HWsiR2CXF3WGEyBk4yUmo3noO/of/DPOWuzB6obuvtJbMB+ L2E1nZkGWRnSHbgaAYnUCtuHB2H9zI/+27Af2Qk6EdsWNwQG8mJe8G8y1pLrX1sC+8QH zOcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=1FPaZK0DujB4XMNr4uk9x6Gwk6/TlGiCl5E079UHItA=; b=DN11WgEQYtiQKfK5xmvwCW4/J1atZqUqNJSM5KqYOuE5vZGqjicDxEBxwn+6oD3XhD GnMa0R6lAK1eUEpB9TcBriEbQyg2E+vG4lr3pzY2+YlzXyBRU8PDYOblEis1nIknvLC6 1F8NhVrgurkUPw7fZo97QNKSXRt3ccejPAZrRslY4J5CeHyyB8TbhPS3Y1KqxIsXZZax u5F19WD+QaJynEPPwsp1TCGJslcbbqHNhiDblvdF+4SiSblt9BvjvQRJrN2z++g155XO T715rjYKdBr+DZPQFC6WzW3KpJTTid8ytyPPN21G59B1RI0Y0eENsXC4ocxFKpNLR40W B8Fg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=eyTqYqy7; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bj2-20020a170902850200b001a216fddcffsi10318341plb.645.2023.04.16.22.48.50; Sun, 16 Apr 2023 22:48:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=eyTqYqy7; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230002AbjDQFmZ (ORCPT + 63 others); Mon, 17 Apr 2023 01:42:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34040 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229631AbjDQFmV (ORCPT ); Mon, 17 Apr 2023 01:42:21 -0400 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 242613C12 for ; Sun, 16 Apr 2023 22:42:14 -0700 (PDT) Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 33H5Lj7c030400; Mon, 17 Apr 2023 05:42:05 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=qcppdkim1; bh=1FPaZK0DujB4XMNr4uk9x6Gwk6/TlGiCl5E079UHItA=; b=eyTqYqy7c7y6Pj8aB6AgzZAUwDcTqMIVpZy1uqTbfg1use4NroRPLXvS9Uf00lfsKcED eI6a6AJBalOUL1zjUMGp1R+5acQir3FqRADsf8++ympYAv7dK8+ktdwdlfXX9Yd44px8 Sj85xiPRv7f7/VZesupQ7aMuL5rK75W/8t6x1eJSNdsE1g2zJEn5z5AgFRS8i3TtnNbJ fjbQCRkNvaGJNy7fGijq/0R/eYinCnMY4Qc3xbK/JISYuXszcJ1lF5u8+Zb+Vkaph8PN 9AynMwi232N0vybaZldvZcxOtrnA49I08BT+u3GHCi2RK9Yyeh/aIhyuTjmgpvNfAW2W lA== Received: from nalasppmta04.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3pymp4ap4r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 17 Apr 2023 05:42:04 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA04.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 33H5g3xH008811 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 17 Apr 2023 05:42:03 GMT Received: from hu-mpubbise-hyd.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.42; Sun, 16 Apr 2023 22:42:01 -0700 From: Manikanta Pubbisetty To: CC: , Manikanta Pubbisetty Subject: [PATCH v5 1/3] wifi: ath11k: Fix double free issue during SRNG deinit Date: Mon, 17 Apr 2023 11:11:43 +0530 Message-ID: <20230417054145.12359-2-quic_mpubbise@quicinc.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230417054145.12359-1-quic_mpubbise@quicinc.com> References: <20230417054145.12359-1-quic_mpubbise@quicinc.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: WfIjgyziw7Tuw68VhU_p81CAdVku7APH X-Proofpoint-ORIG-GUID: WfIjgyziw7Tuw68VhU_p81CAdVku7APH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-04-17_02,2023-04-14_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 malwarescore=0 impostorscore=0 spamscore=0 mlxlogscore=692 lowpriorityscore=0 phishscore=0 priorityscore=1501 bulkscore=0 adultscore=0 suspectscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2304170051 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Currently struct ath11k_hal::srng_config pointer is not assigned to NULL after freeing the memory in ath11k_hal_srng_deinit(). This could lead to double free issue in a scenario where ath11k_hal_srng_deinit() is invoked back to back. In the current code, although the chances are very low, the above said scenario could happen when hardware recovery has failed and then there is another FW assert where ath11k_hal_srng_deinit() is invoked once again as part of recovery. Addressing this issue is important when low power mode support is enabled in the driver (will be added by a future patch) where this scenario is likely. Fix this by assigning the struct ath11k_hal::srng_config pointer to NULL after freeing the memory. Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1 Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.16 Tested-on: IPQ5018 hw1.0 AHB WLAN.HK.2.6.0.1-00861-QCAHKSWPL_SILICONZ-1 Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 Signed-off-by: Manikanta Pubbisetty --- drivers/net/wireless/ath/ath11k/hal.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/wireless/ath/ath11k/hal.c b/drivers/net/wireless/ath/ath11k/hal.c index 22422237500c..a20bf2792672 100644 --- a/drivers/net/wireless/ath/ath11k/hal.c +++ b/drivers/net/wireless/ath/ath11k/hal.c @@ -1324,6 +1324,7 @@ void ath11k_hal_srng_deinit(struct ath11k_base *ab) ath11k_hal_free_cont_rdp(ab); ath11k_hal_free_cont_wrp(ab); kfree(hal->srng_config); + hal->srng_config = NULL; } EXPORT_SYMBOL(ath11k_hal_srng_deinit); -- 2.17.1