* [PATCH 1/2] rsi: fix memory alignment issue in ARM32 platforms
@ 2018-08-27 11:35 Siva Rebbagondla
2018-08-27 11:35 ` [PATCH 2/2] rsi: improve kernel thread handling to fix kernel panic Siva Rebbagondla
2018-08-31 15:51 ` [PATCH 1/2] rsi: fix memory alignment issue in ARM32 platforms Kalle Valo
0 siblings, 2 replies; 3+ messages in thread
From: Siva Rebbagondla @ 2018-08-27 11:35 UTC (permalink / raw)
To: Kalle Valo
Cc: linux-wireless, Sasidhar Mudigonda, Siva Rebbagondla,
Sanjay Konduri
From: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
During testing in ARM32 platforms, observed below kernel panic, as driver
accessing data beyond the allocated memory while submitting URB to USB.
Fix: Resolved this by specifying correct length by considering 64 bit
alignment. so that, USB bus driver will access only allocated memory.
Unit-test: Tested and confirm that driver bring up and scanning,
connection and data transfer works fine with this fix.
...skipping...
[ 25.389450] Unable to handle kernel paging request at virtual
address 5aa11422
[ 25.403078] Internal error: Oops: 5 [#1] SMP ARM
[ 25.407703] Modules linked in: rsi_usb
[ 25.411473] CPU: 1 PID: 317 Comm: RX-Thread Not tainted 4.18.0-rc7 #1
[ 25.419221] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[ 25.425764] PC is at skb_release_data+0x90/0x168
[ 25.430393] LR is at skb_release_all+0x28/0x2c
[ 25.434842] pc : [<807435b0>] lr : [<80742ba0>] psr: 200e0013 5aa1141e
[ 25.464633] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 25.477524] Process RX-Thread (pid: 317, stack limit = 0x(ptrval))
[ 25.483709] Stack: (0xedf69ed8 to 0xedf6a000)
[ 25.569907] Backtrace:
[ 25.572368] [<80743520>] (skb_release_data) from [<80742ba0>]
(skb_release_all+0x28/0x2c)
[ 25.580555] r9:7f00258c r8:00000001 r7:ee355000 r6:eddab0d0
r5:eddab000 r4:eddbb840
[ 25.588308] [<80742b78>] (skb_release_all) from [<807432cc>]
(consume_skb+0x30/0x50)
[ 25.596055] r5:eddab000 r4:eddbb840
[ 25.599648] [<8074329c>] (consume_skb) from [<7f00117c>]
(rsi_usb_rx_thread+0x64/0x12c [rsi_usb])
[ 25.608524] r5:eddab000 r4:eddbb840
[ 25.612116] [<7f001118>] (rsi_usb_rx_thread [rsi_usb]) from
[<80142750>] (kthread+0x11c/0x15c)
[ 25.620735] r10:ee9ff9e0 r9:edcde3b8 r8:ee355000 r7:edf68000
r6:edd3a780 r5:00000000
[ 25.628567] r4:edcde380
[ 25.631110] [<80142634>] (kthread) from [<801010e8>]
(ret_from_fork+0x14/0x2c)
[ 25.638336] Exception stack(0xedf69fb0 to 0xedf69ff8)
[ 25.682929] ---[ end trace 8236a5496f5b5d3b ]---
Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
---
drivers/net/wireless/rsi/rsi_91x_usb.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/rsi/rsi_91x_usb.c b/drivers/net/wireless/rsi/rsi_91x_usb.c
index c0a163e..f360690 100644
--- a/drivers/net/wireless/rsi/rsi_91x_usb.c
+++ b/drivers/net/wireless/rsi/rsi_91x_usb.c
@@ -266,15 +266,17 @@ static void rsi_rx_done_handler(struct urb *urb)
if (urb->status)
goto out;
- if (urb->actual_length <= 0) {
- rsi_dbg(INFO_ZONE, "%s: Zero length packet\n", __func__);
+ if (urb->actual_length <= 0 ||
+ urb->actual_length > rx_cb->rx_skb->len) {
+ rsi_dbg(INFO_ZONE, "%s: Invalid packet length = %d\n",
+ __func__, urb->actual_length);
goto out;
}
if (skb_queue_len(&dev->rx_q) >= RSI_MAX_RX_PKTS) {
rsi_dbg(INFO_ZONE, "Max RX packets reached\n");
goto out;
}
- skb_put(rx_cb->rx_skb, urb->actual_length);
+ skb_trim(rx_cb->rx_skb, urb->actual_length);
skb_queue_tail(&dev->rx_q, rx_cb->rx_skb);
rsi_set_event(&dev->rx_thread.event);
@@ -308,6 +310,7 @@ static int rsi_rx_urb_submit(struct rsi_hw *adapter, u8 ep_num)
if (!skb)
return -ENOMEM;
skb_reserve(skb, MAX_DWORD_ALIGN_BYTES);
+ skb_put(skb, RSI_MAX_RX_USB_PKT_SIZE - MAX_DWORD_ALIGN_BYTES);
dword_align_bytes = (unsigned long)skb->data & 0x3f;
if (dword_align_bytes > 0)
skb_push(skb, dword_align_bytes);
@@ -319,7 +322,7 @@ static int rsi_rx_urb_submit(struct rsi_hw *adapter, u8 ep_num)
usb_rcvbulkpipe(dev->usbdev,
dev->bulkin_endpoint_addr[ep_num - 1]),
urb->transfer_buffer,
- RSI_MAX_RX_USB_PKT_SIZE,
+ skb->len,
rsi_rx_done_handler,
rx_cb);
--
2.5.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] rsi: improve kernel thread handling to fix kernel panic
2018-08-27 11:35 [PATCH 1/2] rsi: fix memory alignment issue in ARM32 platforms Siva Rebbagondla
@ 2018-08-27 11:35 ` Siva Rebbagondla
2018-08-31 15:51 ` [PATCH 1/2] rsi: fix memory alignment issue in ARM32 platforms Kalle Valo
1 sibling, 0 replies; 3+ messages in thread
From: Siva Rebbagondla @ 2018-08-27 11:35 UTC (permalink / raw)
To: Kalle Valo
Cc: linux-wireless, Sasidhar Mudigonda, Siva Rebbagondla,
Sanjay Konduri
From: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
While running regressions, observed below kernel panic when sdio disconnect
called. This is because of, kthread_stop() is taking care of
wait_for_completion() by default. When wait_for_completion triggered
in kthread_stop and as it was done already, giving kernel panic.
Hence, removing redundant wait_for_completion() from rsi_kill_thread().
... skipping ...
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff810a63df>] exit_creds+0x1f/0x50
PGD 0
Oops: 0002 [#1] SMP
CPU: 0 PID: 6502 Comm: rmmod Tainted: G OE 4.15.9-Generic #154-Ubuntu
Hardware name: Dell Inc. Edge Gateway 3003/ , BIOS 01.00.00 04/17/2017
Stack:
ffff88007392e600 ffff880075847dc0 ffffffff8108160a 0000000000000000
ffff88007392e600 ffff880075847de8 ffffffff810a484b ffff880076127000
ffff88003cd3a800 ffff880074f12a00 ffff880075847e28 ffffffffc09bed15
Call Trace:
[<ffffffff8108160a>] __put_task_struct+0x5a/0x140
[<ffffffff810a484b>] kthread_stop+0x10b/0x110
[<ffffffffc09bed15>] rsi_disconnect+0x2f5/0x300 [ven_rsi_sdio]
[<ffffffff81578bcb>] ? __pm_runtime_resume+0x5b/0x80
[<ffffffff816f0918>] sdio_bus_remove+0x38/0x100
[<ffffffff8156cc64>] __device_release_driver+0xa4/0x150
[<ffffffff8156d7a5>] driver_detach+0xb5/0xc0
[<ffffffff8156c6c5>] bus_remove_driver+0x55/0xd0
[<ffffffff8156dfbc>] driver_unregister+0x2c/0x50
[<ffffffff816f0b8a>] sdio_unregister_driver+0x1a/0x20
[<ffffffffc09bf0f5>] rsi_module_exit+0x15/0x30 [ven_rsi_sdio]
[<ffffffff8110cad8>] SyS_delete_module+0x1b8/0x210
[<ffffffff81851dc8>] entry_SYSCALL_64_fastpath+0x1c/0xbb
Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
---
drivers/net/wireless/rsi/rsi_common.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/wireless/rsi/rsi_common.h b/drivers/net/wireless/rsi/rsi_common.h
index d9ff3b8..60f1f28 100644
--- a/drivers/net/wireless/rsi/rsi_common.h
+++ b/drivers/net/wireless/rsi/rsi_common.h
@@ -75,7 +75,6 @@ static inline int rsi_kill_thread(struct rsi_thread *handle)
atomic_inc(&handle->thread_done);
rsi_set_event(&handle->event);
- wait_for_completion(&handle->completion);
return kthread_stop(handle->task);
}
--
2.5.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 1/2] rsi: fix memory alignment issue in ARM32 platforms
2018-08-27 11:35 [PATCH 1/2] rsi: fix memory alignment issue in ARM32 platforms Siva Rebbagondla
2018-08-27 11:35 ` [PATCH 2/2] rsi: improve kernel thread handling to fix kernel panic Siva Rebbagondla
@ 2018-08-31 15:51 ` Kalle Valo
1 sibling, 0 replies; 3+ messages in thread
From: Kalle Valo @ 2018-08-31 15:51 UTC (permalink / raw)
To: Siva Rebbagondla
Cc: linux-wireless, Sasidhar Mudigonda, Siva Rebbagondla,
Sanjay Konduri
Siva Rebbagondla <siva8118@gmail.com> wrote:
> From: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
>
> During testing in ARM32 platforms, observed below kernel panic, as driver
> accessing data beyond the allocated memory while submitting URB to USB.
>
> Fix: Resolved this by specifying correct length by considering 64 bit
> alignment. so that, USB bus driver will access only allocated memory.
>
> Unit-test: Tested and confirm that driver bring up and scanning,
> connection and data transfer works fine with this fix.
>
> ...skipping...
> [ 25.389450] Unable to handle kernel paging request at virtual
> address 5aa11422
> [ 25.403078] Internal error: Oops: 5 [#1] SMP ARM
> [ 25.407703] Modules linked in: rsi_usb
> [ 25.411473] CPU: 1 PID: 317 Comm: RX-Thread Not tainted 4.18.0-rc7 #1
> [ 25.419221] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
> [ 25.425764] PC is at skb_release_data+0x90/0x168
> [ 25.430393] LR is at skb_release_all+0x28/0x2c
> [ 25.434842] pc : [<807435b0>] lr : [<80742ba0>] psr: 200e0013 5aa1141e
> [ 25.464633] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
> [ 25.477524] Process RX-Thread (pid: 317, stack limit = 0x(ptrval))
> [ 25.483709] Stack: (0xedf69ed8 to 0xedf6a000)
> [ 25.569907] Backtrace:
> [ 25.572368] [<80743520>] (skb_release_data) from [<80742ba0>]
> (skb_release_all+0x28/0x2c)
> [ 25.580555] r9:7f00258c r8:00000001 r7:ee355000 r6:eddab0d0
> r5:eddab000 r4:eddbb840
> [ 25.588308] [<80742b78>] (skb_release_all) from [<807432cc>]
> (consume_skb+0x30/0x50)
> [ 25.596055] r5:eddab000 r4:eddbb840
> [ 25.599648] [<8074329c>] (consume_skb) from [<7f00117c>]
> (rsi_usb_rx_thread+0x64/0x12c [rsi_usb])
> [ 25.608524] r5:eddab000 r4:eddbb840
> [ 25.612116] [<7f001118>] (rsi_usb_rx_thread [rsi_usb]) from
> [<80142750>] (kthread+0x11c/0x15c)
> [ 25.620735] r10:ee9ff9e0 r9:edcde3b8 r8:ee355000 r7:edf68000
> r6:edd3a780 r5:00000000
> [ 25.628567] r4:edcde380
> [ 25.631110] [<80142634>] (kthread) from [<801010e8>]
> (ret_from_fork+0x14/0x2c)
> [ 25.638336] Exception stack(0xedf69fb0 to 0xedf69ff8)
> [ 25.682929] ---[ end trace 8236a5496f5b5d3b ]---
>
> Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
2 patches applied to wireless-drivers-next.git, thanks.
baa8caf4ab7a rsi: fix memory alignment issue in ARM32 platforms
4c62764d0fc2 rsi: improve kernel thread handling to fix kernel panic
--
https://patchwork.kernel.org/patch/10577019/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-08-31 20:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-08-27 11:35 [PATCH 1/2] rsi: fix memory alignment issue in ARM32 platforms Siva Rebbagondla
2018-08-27 11:35 ` [PATCH 2/2] rsi: improve kernel thread handling to fix kernel panic Siva Rebbagondla
2018-08-31 15:51 ` [PATCH 1/2] rsi: fix memory alignment issue in ARM32 platforms Kalle Valo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).