From: Kalle Valo <kvalo@codeaurora.org>
To: zhichen@codeaurora.org
Cc: linux-wireless@vger.kernel.org, ath10k@lists.infradead.org
Subject: Re: [PATCH] ath10k: fixed scan crash
Date: Tue, 24 Apr 2018 11:08:19 +0300 [thread overview]
Message-ID: <87vachaux8.fsf@kamboji.qca.qualcomm.com> (raw)
In-Reply-To: <1523345994-28800-1-git-send-email-zhichen@codeaurora.org> (zhichen@codeaurora.org's message of "Tue, 10 Apr 2018 15:39:53 +0800")
zhichen@codeaurora.org writes:
> From: Zhi Chen <zhichen@codeaurora.org>
>
> Length of WMI scan message was not calculated correctly. The allocated
> buffer was smaller than what we expected. So WMI message corrupted
> skb_info, which is at the end of skb->data. This fix takes TLV header
> into account even if the element is zero-length.
> Crash log:
> [49.629986] Unhandled kernel unaligned access[#1]:
> [49.634932] CPU: 0 PID: 1176 Comm: logd Not tainted 4.4.60 #180
> [49.641040] task: 83051460 ti: 8329c000 task.ti: 8329c000
> [49.646608] $ 0 : 00000000 00000001 80984a80 00000000
> [49.652038] $ 4 : 45259e89 8046d484 8046df30 8024ba70
> [49.657468] $ 8 : 00000000 804cc4c0 00000001 20306320
> [49.662898] $12 : 33322037 000110f2 00000000 31203930
> [49.668327] $16 : 82792b40 80984a80 00000001 804207fc
> [49.673757] $20 : 00000000 0000012c 00000040 80470000
> [49.679186] $24 : 00000000 8024af7c
> [49.684617] $28 : 8329c000 8329db88 00000001 802c58d0
> [49.690046] Hi : 00000000
> [49.693022] Lo : 453c0000
> [49.696013] epc : 800efae4 put_page+0x0/0x58
> [49.700615] ra : 802c58d0 skb_release_data+0x148/0x1d4
> [49.706184] Status: 1000fc03 KERNEL EXL IE
> [49.710531] Cause : 00800010 (ExcCode 04)
> [49.714669] BadVA : 45259e89
> [49.717644] PrId : 00019374 (MIPS 24Kc)
>
> Signed-off-by: Zhi Chen <zhichen@codeaurora.org>
Your name in patchwork is wrong and hence my script uses the wrong
name. Please fix it by registering to patchwork[1] where it's possible
to change your name during registration, but only one time. If that
doesn't work then send a request to helpdesk@kernel.org and the admins
can fix it.
[1] https://patchwork.kernel.org/register/
--
Kalle Valo
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
WARNING: multiple messages have this Message-ID (diff)
From: Kalle Valo <kvalo@codeaurora.org>
To: zhichen@codeaurora.org
Cc: ath10k@lists.infradead.org, linux-wireless@vger.kernel.org
Subject: Re: [PATCH] ath10k: fixed scan crash
Date: Tue, 24 Apr 2018 11:08:19 +0300 [thread overview]
Message-ID: <87vachaux8.fsf@kamboji.qca.qualcomm.com> (raw)
In-Reply-To: <1523345994-28800-1-git-send-email-zhichen@codeaurora.org> (zhichen@codeaurora.org's message of "Tue, 10 Apr 2018 15:39:53 +0800")
zhichen@codeaurora.org writes:
> From: Zhi Chen <zhichen@codeaurora.org>
>
> Length of WMI scan message was not calculated correctly. The allocated
> buffer was smaller than what we expected. So WMI message corrupted
> skb_info, which is at the end of skb->data. This fix takes TLV header
> into account even if the element is zero-length.
> Crash log:
> [49.629986] Unhandled kernel unaligned access[#1]:
> [49.634932] CPU: 0 PID: 1176 Comm: logd Not tainted 4.4.60 #180
> [49.641040] task: 83051460 ti: 8329c000 task.ti: 8329c000
> [49.646608] $ 0 : 00000000 00000001 80984a80 00000000
> [49.652038] $ 4 : 45259e89 8046d484 8046df30 8024ba70
> [49.657468] $ 8 : 00000000 804cc4c0 00000001 20306320
> [49.662898] $12 : 33322037 000110f2 00000000 31203930
> [49.668327] $16 : 82792b40 80984a80 00000001 804207fc
> [49.673757] $20 : 00000000 0000012c 00000040 80470000
> [49.679186] $24 : 00000000 8024af7c
> [49.684617] $28 : 8329c000 8329db88 00000001 802c58d0
> [49.690046] Hi : 00000000
> [49.693022] Lo : 453c0000
> [49.696013] epc : 800efae4 put_page+0x0/0x58
> [49.700615] ra : 802c58d0 skb_release_data+0x148/0x1d4
> [49.706184] Status: 1000fc03 KERNEL EXL IE
> [49.710531] Cause : 00800010 (ExcCode 04)
> [49.714669] BadVA : 45259e89
> [49.717644] PrId : 00019374 (MIPS 24Kc)
>
> Signed-off-by: Zhi Chen <zhichen@codeaurora.org>
Your name in patchwork is wrong and hence my script uses the wrong
name. Please fix it by registering to patchwork[1] where it's possible
to change your name during registration, but only one time. If that
doesn't work then send a request to helpdesk@kernel.org and the admins
can fix it.
[1] https://patchwork.kernel.org/register/
--
Kalle Valo
next prev parent reply other threads:[~2018-04-24 8:08 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-10 7:39 [PATCH] ath10k: fixed scan crash zhichen
2018-04-10 7:39 ` zhichen
2018-04-10 7:39 ` [PATCH] ath10k: fix tlv 5ghz channel missing issue zhichen
2018-04-10 7:39 ` zhichen
2018-06-28 9:38 ` Kalle Valo
2018-06-28 9:38 ` Kalle Valo
2018-04-24 8:08 ` Kalle Valo [this message]
2018-04-24 8:08 ` [PATCH] ath10k: fixed scan crash Kalle Valo
2018-06-28 9:35 ` Kalle Valo
2018-06-28 9:35 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87vachaux8.fsf@kamboji.qca.qualcomm.com \
--to=kvalo@codeaurora.org \
--cc=ath10k@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=zhichen@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.