* [PATCH] mwifiex: duplicate static structs used in driver instances
@ 2024-08-09 8:11 Sascha Hauer
2024-08-09 8:14 ` Kalle Valo
` (4 more replies)
0 siblings, 5 replies; 9+ messages in thread
From: Sascha Hauer @ 2024-08-09 8:11 UTC (permalink / raw)
To: Brian Norris, Francesco Dolcini, Kalle Valo, Yogesh Ashok Powar,
Bing Zhao, John W. Linville, Amitkumar Karwar, Avinash Patil
Cc: Kiran Divekar, linux-wireless, linux-kernel, kernel, stable,
Sascha Hauer
mwifiex_band_2ghz and mwifiex_band_5ghz are statically allocated, but
used and modified in driver instances. Duplicate them before using
them in driver instances so that different driver instances do not
influence each other.
This was observed on a board which has one PCIe and one SDIO mwifiex
adapter. It blew up in mwifiex_setup_ht_caps(). This was called with
the statically allocated struct which is modified in this function.
Cc: stable@vger.kernel.org
Fixes: d6bffe8bb520 ("mwifiex: support for creation of AP interface")
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 ++++++++++++++++++++-----
1 file changed, 26 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
index b909a7665e9cc..d2e4153192032 100644
--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
@@ -4361,11 +4361,27 @@ int mwifiex_register_cfg80211(struct mwifiex_adapter *adapter)
if (ISSUPP_ADHOC_ENABLED(adapter->fw_cap_info))
wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
- wiphy->bands[NL80211_BAND_2GHZ] = &mwifiex_band_2ghz;
- if (adapter->config_bands & BAND_A)
- wiphy->bands[NL80211_BAND_5GHZ] = &mwifiex_band_5ghz;
- else
+ wiphy->bands[NL80211_BAND_2GHZ] = devm_kmemdup(adapter->dev,
+ &mwifiex_band_2ghz,
+ sizeof(mwifiex_band_2ghz),
+ GFP_KERNEL);
+ if (!wiphy->bands[NL80211_BAND_2GHZ]) {
+ ret = -ENOMEM;
+ goto err;
+ }
+
+ if (adapter->config_bands & BAND_A) {
+ wiphy->bands[NL80211_BAND_5GHZ] = devm_kmemdup(adapter->dev,
+ &mwifiex_band_5ghz,
+ sizeof(mwifiex_band_5ghz),
+ GFP_KERNEL);
+ if (!wiphy->bands[NL80211_BAND_5GHZ]) {
+ ret = -ENOMEM;
+ goto err;
+ }
+ } else {
wiphy->bands[NL80211_BAND_5GHZ] = NULL;
+ }
if (adapter->drcs_enabled && ISSUPP_DRCS_ENABLED(adapter->fw_cap_info))
wiphy->iface_combinations = &mwifiex_iface_comb_ap_sta_drcs;
@@ -4459,8 +4475,7 @@ int mwifiex_register_cfg80211(struct mwifiex_adapter *adapter)
if (ret < 0) {
mwifiex_dbg(adapter, ERROR,
"%s: wiphy_register failed: %d\n", __func__, ret);
- wiphy_free(wiphy);
- return ret;
+ goto err;
}
if (!adapter->regd) {
@@ -4502,4 +4517,9 @@ int mwifiex_register_cfg80211(struct mwifiex_adapter *adapter)
adapter->wiphy = wiphy;
return ret;
+
+err:
+ wiphy_free(wiphy);
+
+ return ret;
}
---
base-commit: 0c3836482481200ead7b416ca80c68a29cfdaabd
change-id: 20240809-mwifiex-duplicate-static-structs-f6355e8da797
Best regards,
--
Sascha Hauer <s.hauer@pengutronix.de>
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] mwifiex: duplicate static structs used in driver instances
2024-08-09 8:11 [PATCH] mwifiex: duplicate static structs used in driver instances Sascha Hauer
@ 2024-08-09 8:14 ` Kalle Valo
2024-08-09 8:23 ` Sascha Hauer
2024-08-09 8:49 ` Ping-Ke Shih
` (3 subsequent siblings)
4 siblings, 1 reply; 9+ messages in thread
From: Kalle Valo @ 2024-08-09 8:14 UTC (permalink / raw)
To: Sascha Hauer
Cc: Brian Norris, Francesco Dolcini, Yogesh Ashok Powar, Bing Zhao,
John W. Linville, Amitkumar Karwar, Avinash Patil, Kiran Divekar,
linux-wireless, linux-kernel, kernel, stable
Sascha Hauer <s.hauer@pengutronix.de> writes:
> mwifiex_band_2ghz and mwifiex_band_5ghz are statically allocated, but
> used and modified in driver instances. Duplicate them before using
> them in driver instances so that different driver instances do not
> influence each other.
>
> This was observed on a board which has one PCIe and one SDIO mwifiex
> adapter. It blew up in mwifiex_setup_ht_caps(). This was called with
> the statically allocated struct which is modified in this function.
>
> Cc: stable@vger.kernel.org
> Fixes: d6bffe8bb520 ("mwifiex: support for creation of AP interface")
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Should this go to wireless tree for v6.11?
"wifi:" missing in subject but I can add that, no need to resend because
of this.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] mwifiex: duplicate static structs used in driver instances
2024-08-09 8:14 ` Kalle Valo
@ 2024-08-09 8:23 ` Sascha Hauer
0 siblings, 0 replies; 9+ messages in thread
From: Sascha Hauer @ 2024-08-09 8:23 UTC (permalink / raw)
To: Kalle Valo
Cc: Brian Norris, Francesco Dolcini, Yogesh Ashok Powar, Bing Zhao,
John W. Linville, Amitkumar Karwar, Avinash Patil, Kiran Divekar,
linux-wireless, linux-kernel, kernel, stable
On Fri, Aug 09, 2024 at 11:14:36AM +0300, Kalle Valo wrote:
> Sascha Hauer <s.hauer@pengutronix.de> writes:
>
> > mwifiex_band_2ghz and mwifiex_band_5ghz are statically allocated, but
> > used and modified in driver instances. Duplicate them before using
> > them in driver instances so that different driver instances do not
> > influence each other.
> >
> > This was observed on a board which has one PCIe and one SDIO mwifiex
> > adapter. It blew up in mwifiex_setup_ht_caps(). This was called with
> > the statically allocated struct which is modified in this function.
> >
> > Cc: stable@vger.kernel.org
> > Fixes: d6bffe8bb520 ("mwifiex: support for creation of AP interface")
> > Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
>
> Should this go to wireless tree for v6.11?
Yes, that would be great.
>
> "wifi:" missing in subject but I can add that, no need to resend because
> of this.
Ok, thanks. I'll keep that in mind for the next patches.
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [PATCH] mwifiex: duplicate static structs used in driver instances
2024-08-09 8:11 [PATCH] mwifiex: duplicate static structs used in driver instances Sascha Hauer
2024-08-09 8:14 ` Kalle Valo
@ 2024-08-09 8:49 ` Ping-Ke Shih
2024-08-09 9:12 ` Sascha Hauer
2024-08-09 12:42 ` Francesco Dolcini
` (2 subsequent siblings)
4 siblings, 1 reply; 9+ messages in thread
From: Ping-Ke Shih @ 2024-08-09 8:49 UTC (permalink / raw)
To: Sascha Hauer, Brian Norris, Francesco Dolcini, Kalle Valo,
Yogesh Ashok Powar, Bing Zhao, John W. Linville, Amitkumar Karwar,
Avinash Patil
Cc: Kiran Divekar, linux-wireless@vger.kernel.org,
linux-kernel@vger.kernel.org, kernel@pengutronix.de,
stable@vger.kernel.org
Sascha Hauer <s.hauer@pengutronix.de> wrote:
> + wiphy->bands[NL80211_BAND_2GHZ] = devm_kmemdup(adapter->dev,
> + &mwifiex_band_2ghz,
> + sizeof(mwifiex_band_2ghz),
> + GFP_KERNEL);
It seems like you forget to free the duplicate memory somewhere?
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] mwifiex: duplicate static structs used in driver instances
2024-08-09 8:49 ` Ping-Ke Shih
@ 2024-08-09 9:12 ` Sascha Hauer
2024-08-09 9:26 ` Ping-Ke Shih
0 siblings, 1 reply; 9+ messages in thread
From: Sascha Hauer @ 2024-08-09 9:12 UTC (permalink / raw)
To: Ping-Ke Shih
Cc: Brian Norris, Francesco Dolcini, Kalle Valo, Yogesh Ashok Powar,
Bing Zhao, John W. Linville, Amitkumar Karwar, Avinash Patil,
Kiran Divekar, linux-wireless@vger.kernel.org,
linux-kernel@vger.kernel.org, kernel@pengutronix.de,
stable@vger.kernel.org
On Fri, Aug 09, 2024 at 08:49:32AM +0000, Ping-Ke Shih wrote:
> Sascha Hauer <s.hauer@pengutronix.de> wrote:
> > + wiphy->bands[NL80211_BAND_2GHZ] = devm_kmemdup(adapter->dev,
> > + &mwifiex_band_2ghz,
> > + sizeof(mwifiex_band_2ghz),
> > + GFP_KERNEL);
>
> It seems like you forget to free the duplicate memory somewhere?
It's freed automatically when adapter->dev is released, see the various
devm_* functions
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [PATCH] mwifiex: duplicate static structs used in driver instances
2024-08-09 9:12 ` Sascha Hauer
@ 2024-08-09 9:26 ` Ping-Ke Shih
0 siblings, 0 replies; 9+ messages in thread
From: Ping-Ke Shih @ 2024-08-09 9:26 UTC (permalink / raw)
To: Sascha Hauer
Cc: Brian Norris, Francesco Dolcini, Kalle Valo, Yogesh Ashok Powar,
Bing Zhao, John W. Linville, Amitkumar Karwar, Avinash Patil,
Kiran Divekar, linux-wireless@vger.kernel.org,
linux-kernel@vger.kernel.org, kernel@pengutronix.de,
stable@vger.kernel.org
Sascha Hauer <s.hauer@pengutronix.de> wrote:
> On Fri, Aug 09, 2024 at 08:49:32AM +0000, Ping-Ke Shih wrote:
> > Sascha Hauer <s.hauer@pengutronix.de> wrote:
> > > + wiphy->bands[NL80211_BAND_2GHZ] = devm_kmemdup(adapter->dev,
> > > + &mwifiex_band_2ghz,
> > > + sizeof(mwifiex_band_2ghz),
> > > + GFP_KERNEL);
> >
> > It seems like you forget to free the duplicate memory somewhere?
>
> It's freed automatically when adapter->dev is released, see the various
> devm_* functions
>
Cool. Thanks for the info.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] mwifiex: duplicate static structs used in driver instances
2024-08-09 8:11 [PATCH] mwifiex: duplicate static structs used in driver instances Sascha Hauer
2024-08-09 8:14 ` Kalle Valo
2024-08-09 8:49 ` Ping-Ke Shih
@ 2024-08-09 12:42 ` Francesco Dolcini
2024-08-13 16:47 ` Brian Norris
2024-08-16 9:48 ` wifi: " Kalle Valo
4 siblings, 0 replies; 9+ messages in thread
From: Francesco Dolcini @ 2024-08-09 12:42 UTC (permalink / raw)
To: Sascha Hauer
Cc: Brian Norris, Francesco Dolcini, Kalle Valo, Yogesh Ashok Powar,
Bing Zhao, John W. Linville, Amitkumar Karwar, Avinash Patil,
Kiran Divekar, linux-wireless, linux-kernel, kernel, stable
On Fri, Aug 09, 2024 at 10:11:33AM +0200, Sascha Hauer wrote:
> mwifiex_band_2ghz and mwifiex_band_5ghz are statically allocated, but
> used and modified in driver instances. Duplicate them before using
> them in driver instances so that different driver instances do not
> influence each other.
>
> This was observed on a board which has one PCIe and one SDIO mwifiex
> adapter. It blew up in mwifiex_setup_ht_caps(). This was called with
> the statically allocated struct which is modified in this function.
>
> Cc: stable@vger.kernel.org
> Fixes: d6bffe8bb520 ("mwifiex: support for creation of AP interface")
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Reviewed-by: Francesco Dolcini <francesco.dolcini@toradex.com>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] mwifiex: duplicate static structs used in driver instances
2024-08-09 8:11 [PATCH] mwifiex: duplicate static structs used in driver instances Sascha Hauer
` (2 preceding siblings ...)
2024-08-09 12:42 ` Francesco Dolcini
@ 2024-08-13 16:47 ` Brian Norris
2024-08-16 9:48 ` wifi: " Kalle Valo
4 siblings, 0 replies; 9+ messages in thread
From: Brian Norris @ 2024-08-13 16:47 UTC (permalink / raw)
To: Sascha Hauer
Cc: Francesco Dolcini, Kalle Valo, Yogesh Ashok Powar, Bing Zhao,
John W. Linville, Amitkumar Karwar, Avinash Patil, Kiran Divekar,
linux-wireless, linux-kernel, kernel, stable
On Fri, Aug 09, 2024 at 10:11:33AM +0200, Sascha Hauer wrote:
> mwifiex_band_2ghz and mwifiex_band_5ghz are statically allocated, but
> used and modified in driver instances. Duplicate them before using
> them in driver instances so that different driver instances do not
> influence each other.
Ugh, I caught a few problems like this on the first several passes of
review, but I missed a few more. Thanks for the catches.
> This was observed on a board which has one PCIe and one SDIO mwifiex
> adapter. It blew up in mwifiex_setup_ht_caps(). This was called with
> the statically allocated struct which is modified in this function.
>
> Cc: stable@vger.kernel.org
> Fixes: d6bffe8bb520 ("mwifiex: support for creation of AP interface")
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Acked-by: Brian Norris <briannorris@chromium.org>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: wifi: mwifiex: duplicate static structs used in driver instances
2024-08-09 8:11 [PATCH] mwifiex: duplicate static structs used in driver instances Sascha Hauer
` (3 preceding siblings ...)
2024-08-13 16:47 ` Brian Norris
@ 2024-08-16 9:48 ` Kalle Valo
4 siblings, 0 replies; 9+ messages in thread
From: Kalle Valo @ 2024-08-16 9:48 UTC (permalink / raw)
To: Sascha Hauer
Cc: Brian Norris, Francesco Dolcini, Yogesh Ashok Powar, Bing Zhao,
John W. Linville, Amitkumar Karwar, Avinash Patil, Kiran Divekar,
linux-wireless, linux-kernel, kernel, stable, Sascha Hauer
Sascha Hauer <s.hauer@pengutronix.de> wrote:
> mwifiex_band_2ghz and mwifiex_band_5ghz are statically allocated, but
> used and modified in driver instances. Duplicate them before using
> them in driver instances so that different driver instances do not
> influence each other.
>
> This was observed on a board which has one PCIe and one SDIO mwifiex
> adapter. It blew up in mwifiex_setup_ht_caps(). This was called with
> the statically allocated struct which is modified in this function.
>
> Cc: stable@vger.kernel.org
> Fixes: d6bffe8bb520 ("mwifiex: support for creation of AP interface")
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> Reviewed-by: Francesco Dolcini <francesco.dolcini@toradex.com>
> Acked-by: Brian Norris <briannorris@chromium.org>
Patch applied to wireless.git, thanks.
27ec3c57fcad wifi: mwifiex: duplicate static structs used in driver instances
--
https://patchwork.kernel.org/project/linux-wireless/patch/20240809-mwifiex-duplicate-static-structs-v1-1-6837b903b1a4@pengutronix.de/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-08-16 9:48 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-09 8:11 [PATCH] mwifiex: duplicate static structs used in driver instances Sascha Hauer
2024-08-09 8:14 ` Kalle Valo
2024-08-09 8:23 ` Sascha Hauer
2024-08-09 8:49 ` Ping-Ke Shih
2024-08-09 9:12 ` Sascha Hauer
2024-08-09 9:26 ` Ping-Ke Shih
2024-08-09 12:42 ` Francesco Dolcini
2024-08-13 16:47 ` Brian Norris
2024-08-16 9:48 ` wifi: " Kalle Valo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).