From: Kalle Valo <kvalo@codeaurora.org>
To: zhichen@codeaurora.org
Cc: ath10k@lists.infradead.org, linux-wireless@vger.kernel.org,
kvalo@qca.qualcomm.com, Zhi Chen <zhichen@codeaurora.org>
Subject: Re: ath10k: fixed scan crash
Date: Thu, 28 Jun 2018 09:35:31 +0000 (UTC) [thread overview]
Message-ID: <20180628093531.5333060791@smtp.codeaurora.org> (raw)
In-Reply-To: <1523345994-28800-1-git-send-email-zhichen@codeaurora.org>
zhichen@codeaurora.org wrote:
> Length of WMI scan message was not calculated correctly. The allocated
> buffer was smaller than what we expected. So WMI message corrupted
> skb_info, which is at the end of skb->data. This fix takes TLV header
> into account even if the element is zero-length.
>
> Crash log:
> [49.629986] Unhandled kernel unaligned access[#1]:
> [49.634932] CPU: 0 PID: 1176 Comm: logd Not tainted 4.4.60 #180
> [49.641040] task: 83051460 ti: 8329c000 task.ti: 8329c000
> [49.646608] $ 0 : 00000000 00000001 80984a80 00000000
> [49.652038] $ 4 : 45259e89 8046d484 8046df30 8024ba70
> [49.657468] $ 8 : 00000000 804cc4c0 00000001 20306320
> [49.662898] $12 : 33322037 000110f2 00000000 31203930
> [49.668327] $16 : 82792b40 80984a80 00000001 804207fc
> [49.673757] $20 : 00000000 0000012c 00000040 80470000
> [49.679186] $24 : 00000000 8024af7c
> [49.684617] $28 : 8329c000 8329db88 00000001 802c58d0
> [49.690046] Hi : 00000000
> [49.693022] Lo : 453c0000
> [49.696013] epc : 800efae4 put_page+0x0/0x58
> [49.700615] ra : 802c58d0 skb_release_data+0x148/0x1d4
> [49.706184] Status: 1000fc03 KERNEL EXL IE
> [49.710531] Cause : 00800010 (ExcCode 04)
> [49.714669] BadVA : 45259e89
> [49.717644] PrId : 00019374 (MIPS 24Kc)
>
> Signed-off-by: Zhi Chen <zhichen@codeaurora.org>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Patch applied to ath-next branch of ath.git, thanks.
c82919888064 ath10k: fix scan crash due to incorrect length calculation
--
https://patchwork.kernel.org/patch/10332445/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
prev parent reply other threads:[~2018-06-28 9:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-10 7:39 [PATCH] ath10k: fixed scan crash zhichen
2018-04-10 7:39 ` [PATCH] ath10k: fix tlv 5ghz channel missing issue zhichen
2018-06-28 9:38 ` Kalle Valo
2018-04-24 8:08 ` [PATCH] ath10k: fixed scan crash Kalle Valo
2018-06-28 9:35 ` Kalle Valo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180628093531.5333060791@smtp.codeaurora.org \
--to=kvalo@codeaurora.org \
--cc=ath10k@lists.infradead.org \
--cc=kvalo@qca.qualcomm.com \
--cc=linux-wireless@vger.kernel.org \
--cc=zhichen@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).