Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp2134414rdd; Thu, 11 Jan 2024 23:31:29 -0800 (PST) X-Google-Smtp-Source: AGHT+IHPv8YKpqtoosTeOLrZq5rmhJwME+IoW/ghOi5x+VRh5OBtgYDyAqU3yEieDvAJcVRHTfo8 X-Received: by 2002:a05:6359:3202:b0:175:6d25:5fea with SMTP id rj2-20020a056359320200b001756d255feamr926838rwb.17.1705044688906; Thu, 11 Jan 2024 23:31:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705044688; cv=none; d=google.com; s=arc-20160816; b=Q9fkkKb9belU0fsdHm/DgAVwdYh8HzPmTmnx/7ngHDMpQfRuVySwh7+WviZrwR2OZC WIdezRcWDYmcL7Bt3vmWrFq+mciXaQlfaU/2t/PtxsRDCE6YxDRcReExFcSNqQGwJW3/ 1jPfhGmfttcPgLl+ATWQDmMiXaSVGMr6RO/UJw73ToVPtEbgY1RkCtUZQmY2xSVgORIW mdI1qgj6pEcSDx/ucO0sQ6Am9A25hrxkHQ4yKoVxV+YMGWtqXRTQ58degAQRpAtzskQO IiL5Lqpn8mRt5UcjcqMi2sICI4Aa0Uadil02v9V8NmSIOD2KXcBErcL3+bsySY8ut8jp ue6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=UzmJYQifp0tT8HMYxNeNkEtPO1O5pS2d3JZ6MMXiyEw=; fh=sGkcPHp4CPie6AlPjZM+m9+1UcOdKUHafF7Zncvl4fo=; b=vT0ErrBsBdxAJrG6VRUaUBV2HpWovlDLdaPVIm851cOWgdP6nG1Tr/6KEEsDNQJpPi 2YijRkig0+T9wyCfnKOfsIQwR8UVVsmt+j5y4atMyszZskeRu8748U00b2YzcXZtSHWV krgT7GWgSPvn+6g4K/sFLXNbk03atLcbzM9XteVhBQzc9Qz/n5SizIX2HA1ZXkt1fEoR iGgFT2yKF6RJYnJGsdZNMgtl39JFkZFskInt2Sc1uOqL7U/bfreVizky1Mt2R36Sx0l7 r5NTtbFuspYtT7LQvRUqsmkor9YWg4+agQGpjDy+n33TJjIrAAL7gQ+o/ensKWQ1hcH3 dx4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IY3Lh7uO; spf=pass (google.com: domain of linux-wireless+bounces-1791-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-wireless+bounces-1791-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id f16-20020a056a0022d000b006d9b4950515si2823678pfj.57.2024.01.11.23.31.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Jan 2024 23:31:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless+bounces-1791-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IY3Lh7uO; spf=pass (google.com: domain of linux-wireless+bounces-1791-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-wireless+bounces-1791-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 04152B2305E for ; Fri, 12 Jan 2024 07:31:27 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A33C15C917; Fri, 12 Jan 2024 07:31:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IY3Lh7uO" X-Original-To: linux-wireless@vger.kernel.org Received: from mail-qv1-f47.google.com (mail-qv1-f47.google.com [209.85.219.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 240F03D7C; Fri, 12 Jan 2024 07:31:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-qv1-f47.google.com with SMTP id 6a1803df08f44-680f48ce344so12108636d6.0; Thu, 11 Jan 2024 23:31:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705044679; x=1705649479; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=UzmJYQifp0tT8HMYxNeNkEtPO1O5pS2d3JZ6MMXiyEw=; b=IY3Lh7uOc/dMZEhAufI1uVfI7QxieDfcnJ3P9P5ksWIDqVvU7NBx33+VTolRoebLH3 AhXUlm42txQtnznibN+00oQlsyqMHo/tw1+yvPtRRbZy72GQJ1wlQuYx1VmhDzv5ZWo6 tTTRvRTqxt4c8av/aXEYWJkMR6xfei0v+ZoDLEvOyo3BwwAx+v8notIxKdxGPjjqTTKb IDLk876L8d7xjDfx0zixISJQoeN027SuiYeXUB+eaJ9pEM78a7jcdpxu5xbDCYFQqGtr iXqlf/BH9RGKKmp2aGVYdqS6hR3cyDD4Mid55Aj9Fz+Gx5zwWNLf0lPiW8N5KCXAJRiw 8bow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705044679; x=1705649479; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UzmJYQifp0tT8HMYxNeNkEtPO1O5pS2d3JZ6MMXiyEw=; b=gToEMxDNFW00bHt1uiQmCfIeFNjAi/BAVXQw6BAe4+IbgntZm+P7D+0/USU6ImZPa4 qhGz5I2MHSpLwNaPopg8rr0icplzLRzCqDFp3YiEs38dXmNNiG2VFrmGqDhfOuab/cST RXbt7oUKz1Aa7wg4ZW0J889c6/D6Ln6Yui8yrrALox5gbPkKhGIgG60IAjfKT3JN7M19 etlDlw/iyTeTvCwFA08zjqMFXfn4m83zBHvgZBgN1kdIi5JQlEhm/WS2JYiI2Hcw6zBp 0vS7XTvrjuS3uyEMdgRqcWleAHbxOxgNIVHBANXqCbsmsic+gXkVXmCas7S4n9lxq/gE hCnw== X-Gm-Message-State: AOJu0Yyy63Z37EAPBy7KdCrD1jmFqXGP5EmhInPW9PmImCn0Tx5e53x3 fNsfEmPg5QCE6j6oaIyvR53fwRqdzuaheqvqBmY= X-Received: by 2002:a05:6214:246d:b0:681:16ec:25e2 with SMTP id im13-20020a056214246d00b0068116ec25e2mr822887qvb.6.1705044678915; Thu, 11 Jan 2024 23:31:18 -0800 (PST) Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: In-Reply-To: From: Mikhail Gavrilov Date: Fri, 12 Jan 2024 12:31:07 +0500 Message-ID: Subject: Re: [BUG] Unloading mt7921e module cause use-after-free To: =?UTF-8?B?RGVyZW4gV3UgKOatpuW+t+S7gSk=?= Cc: "linux-wireless@vger.kernel.org" , "nbd@nbd.name" , "angelogioacchino.delregno@collabora.com" , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Jan 12, 2024 at 10:34=E2=80=AFAM Deren Wu (=E6=AD=A6=E5=BE=B7=E4=BB= =81) wrote: > > Hi Mikhail, > > I can reproduce a similar problem when CONFI_DEBUG_SHIRQ is enabled. > > Pleaese try this patch in mainline kernel (6.7+) > --- > --- a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c > +++ b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c > @@ -387,6 +387,7 @@ static void mt7921_pci_remove(struct pci_dev *pdev) > struct mt792x_dev *dev =3D container_of(mdev, struct mt792x_dev, > mt76); > > mt7921e_unregister_device(dev); > + set_bit(MT76_REMOVED, &mdev->phy.state); > devm_free_irq(&pdev->dev, pdev->irq, dev); > mt76_free_device(&dev->mt76); > pci_free_irq_vectors(pdev); > diff --git a/drivers/net/wireless/mediatek/mt76/mt792x_dma.c > b/drivers/net/wireless/mediatek/mt76/mt792x_dma.c > index 488326ce5ed4..3893dbe866fe 100644 > --- a/drivers/net/wireless/mediatek/mt76/mt792x_dma.c > +++ b/drivers/net/wireless/mediatek/mt76/mt792x_dma.c > @@ -12,6 +12,8 @@ irqreturn_t mt792x_irq_handler(int irq, void > *dev_instance) > { > struct mt792x_dev *dev =3D dev_instance; > > + if (test_bit(MT76_REMOVED, &dev->mt76.phy.state)) > + return IRQ_NONE; > mt76_wr(dev, dev->irq_map->host_irq_enable, 0); > > if (!test_bit(MT76_STATE_INITIALIZED, &dev->mphy.state)) > > Thanks, this patch looks good to me. Demonstration: https://youtu.be/nKnA2ftVoXw Tested-by: Mikhail Gavrilov --=20 Best Regards, Mike Gavrilov.