From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from smtp.codeaurora.org ([198.145.29.96]:51606 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751792AbeD0LeD (ORCPT ); Fri, 27 Apr 2018 07:34:03 -0400 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Subject: Re: [PATCHv3] ath10k: fix kernel panic while reading tpc_stats From: Kalle Valo In-Reply-To: <1524460922-12780-1-git-send-email-tamizhr@codeaurora.org> References: <1524460922-12780-1-git-send-email-tamizhr@codeaurora.org> To: tamizhr@codeaurora.org Cc: ath10k@lists.infradead.org, linux-wireless@vger.kernel.org, Tamizh chelvam Message-Id: <20180427113403.08CEA60767@smtp.codeaurora.org> (sfid-20180427_133407_744330_D1DFB6F9) Date: Fri, 27 Apr 2018 11:34:03 +0000 (UTC) Sender: linux-wireless-owner@vger.kernel.org List-ID: tamizhr@codeaurora.org wrote: > When attempt to read tpc_stats for the chipsets which support > more than 3 tx chain will trigger kernel panic(kernel stack is corrupted) > due to writing values on rate_code array out of range. > This patch changes the array size depends on the WMI_TPC_TX_N_CHAIN and > added check to avoid write values on the array if the num tx chain > get in tpc config event is greater than WMI_TPC_TX_N_CHAIN. > > Tested on QCA9984 with firmware-5.bin_10.4-3.5.3-00057 > > Kernel panic log : > > [ 323.510944] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: bf90c654 > [ 323.510944] > [ 323.524390] CPU: 0 PID: 1908 Comm: cat Not tainted 3.14.77 #31 > [ 323.530224] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) > [ 323.537941] [] (show_stack) from [] (dump_stack+0x80/0xa0) > [ 323.545146] [] (dump_stack) from [] (panic+0x84/0x1e4) > [ 323.552000] [] (panic) from [] (__stack_chk_fail+0x10/0x14) > [ 323.559350] [] (__stack_chk_fail) from [] (ath10k_wmi_event_pdev_tpc_config+0x424/0x438 [ath10k_core]) > [ 323.570471] [] (ath10k_wmi_event_pdev_tpc_config [ath10k_core]) from [] (ath10k_wmi_10_4_op_rx+0x2f0/0x39c [ath10k_core]) > [ 323.583047] [] (ath10k_wmi_10_4_op_rx [ath10k_core]) from [] (ath10k_htc_rx_completion_handler+0x170/0x1a0 [ath10k_core]) > [ 323.595702] [] (ath10k_htc_rx_completion_handler [ath10k_core]) from [] (ath10k_pci_hif_send_complete_check+0x1f0/0x220 [ath10k_pci]) > [ 323.609421] [] (ath10k_pci_hif_send_complete_check [ath10k_pci]) from [] (ath10k_ce_per_engine_service+0x74/0xc4 [ath10k_pci]) > [ 323.622490] [] (ath10k_ce_per_engine_service [ath10k_pci]) from [] (ath10k_ce_per_engine_service_any+0x74/0x80 [ath10k_pci]) > [ 323.635423] [] (ath10k_ce_per_engine_service_any [ath10k_pci]) from [] (ath10k_pci_napi_poll+0x44/0xe8 [ath10k_pci]) > [ 323.647665] [] (ath10k_pci_napi_poll [ath10k_pci]) from [] (net_rx_action+0xac/0x160) > [ 323.657208] [] (net_rx_action) from [] (__do_softirq+0x104/0x294) > [ 323.665017] [] (__do_softirq) from [] (irq_exit+0x9c/0x11c) > [ 323.672314] [] (irq_exit) from [] (handle_IRQ+0x6c/0x90) > [ 323.679341] [] (handle_IRQ) from [] (gic_handle_irq+0x3c/0x60) > [ 323.686893] [] (gic_handle_irq) from [] (__irq_svc+0x40/0x70) > [ 323.694349] Exception stack(0xdd489c58 to 0xdd489ca0) > [ 323.699384] 9c40: 00000000 a0000013 > [ 323.707547] 9c60: 00000000 dc4bce40 60000013 ddc1d800 dd488000 00000990 00000000 c085c800 > [ 323.715707] 9c80: 00000000 dd489d44 0000092d dd489ca0 c026e664 c026e668 60000013 ffffffff > [ 323.723877] [] (__irq_svc) from [] (rcu_note_context_switch+0x170/0x184) > [ 323.732298] [] (rcu_note_context_switch) from [] (__schedule+0x50/0x4d4) > [ 323.740716] [] (__schedule) from [] (schedule_timeout+0x148/0x178) > [ 323.748611] [] (schedule_timeout) from [] (wait_for_common+0x114/0x154) > [ 323.756972] [] (wait_for_common) from [] (ath10k_tpc_stats_open+0xc8/0x340 [ath10k_core]) > [ 323.766873] [] (ath10k_tpc_stats_open [ath10k_core]) from [] (do_dentry_open+0x1ac/0x274) > [ 323.776741] [] (do_dentry_open) from [] (do_last+0x8c0/0xb08) > [ 323.784201] [] (do_last) from [] (path_openat+0x210/0x598) > [ 323.791408] [] (path_openat) from [] (do_filp_open+0x2c/0x78) > [ 323.798873] [] (do_filp_open) from [] (do_sys_open+0x114/0x1b4) > [ 323.806509] [] (do_sys_open) from [] (ret_fast_syscall+0x0/0x44) > [ 323.814241] CPU1: stopping > [ 323.816927] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 3.14.77 #31 > [ 323.823008] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) > [ 323.830731] [] (show_stack) from [] (dump_stack+0x80/0xa0) > [ 323.837934] [] (dump_stack) from [] (handle_IPI+0xb8/0x140) > [ 323.845224] [] (handle_IPI) from [] (gic_handle_irq+0x58/0x60) > [ 323.852774] [] (gic_handle_irq) from [] (__irq_svc+0x40/0x70) > [ 323.860233] Exception stack(0xdd499fa0 to 0xdd499fe8) > [ 323.865273] 9fa0: ffffffed 00000000 1d3c9000 00000000 dd498000 dd498030 10c0387d c08b62c8 > [ 323.873432] 9fc0: 4220406a 512f04d0 00000000 00000000 00000001 dd499fe8 c021838c c0218390 > [ 323.881588] 9fe0: 60000013 ffffffff > [ 323.885070] [] (__irq_svc) from [] (arch_cpu_idle+0x30/0x50) > [ 323.892454] [] (arch_cpu_idle) from [] (cpu_startup_entry+0xa4/0x108) > [ 323.900690] [] (cpu_startup_entry) from [<422085a4>] (0x422085a4) > > Signed-off-by: Tamizh chelvam > Signed-off-by: Kalle Valo Patch applied to ath-next branch of ath.git, thanks. 4b190675ad06 ath10k: fix kernel panic while reading tpc_stats -- https://patchwork.kernel.org/patch/10356155/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches