From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>,
Luca Coelho <luciano.coelho@intel.com>,
Sasha Levin <sashal@kernel.org>,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 160/191] iwlwifi: dbg: don't crash if the firmware crashes in the middle of a debug dump
Date: Sat, 9 Nov 2019 21:39:42 -0500 [thread overview]
Message-ID: <20191110024013.29782-160-sashal@kernel.org> (raw)
In-Reply-To: <20191110024013.29782-1-sashal@kernel.org>
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
[ Upstream commit 79f25b10c9da3dbc953e47033d0494e51580ac3b ]
We can dump data from the firmware either when it crashes,
or when the firmware is alive.
Not all the data is available if the firmware is running
(like the Tx / Rx FIFOs which are available only when the
firmware is halted), so we first check that the firmware
is alive to compute the required size for the dump and then
fill the buffer with the data.
When we allocate the buffer, we test the STATUS_FW_ERROR
bit to check if the firmware is alive or not. This bit
can be changed during the course of the dump since it is
modified in the interrupt handler.
We hit a case where we allocate the buffer while the
firmware is sill working, and while we start to fill the
buffer, the firmware crashes. Then we test STATUS_FW_ERROR
again and decide to fill the buffer with data like the
FIFOs even if no room was allocated for this data in the
buffer. This means that we overflow the buffer that was
allocated leading to memory corruption.
To fix this, test the STATUS_FW_ERROR bit only once and
rely on local variables to check if we should dump fifos
or other firmware components.
Fixes: 04fd2c28226f ("iwlwifi: mvm: add rxf and txf to dump data")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
index a31a42e673c46..37657e999ff8b 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
@@ -824,7 +824,7 @@ void iwl_fw_error_dump(struct iwl_fw_runtime *fwrt)
}
/* We only dump the FIFOs if the FW is in error state */
- if (test_bit(STATUS_FW_ERROR, &fwrt->trans->status)) {
+ if (fifo_data_len) {
iwl_fw_dump_fifos(fwrt, &dump_data);
if (radio_len)
iwl_read_radio_regs(fwrt, &dump_data);
--
2.20.1
next prev parent reply other threads:[~2019-11-10 3:09 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20191110024013.29782-1-sashal@kernel.org>
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 007/191] net: socionext: Fix two sleep-in-atomic-context bugs in ave_rxfifo_reset() Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 015/191] samples/bpf: fix a compilation failure Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 023/191] net: hns3: fix return type of ndo_start_xmit function Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 024/191] net: cavium: " Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 025/191] net: ibm: " Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 039/191] net: mvpp2: fix the number of queues per cpu for PPv2.2 Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 040/191] net: marvell: fix return type of ndo_start_xmit function Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 041/191] net: toshiba: " Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 042/191] net: xilinx: " Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 043/191] net: broadcom: " Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 044/191] net: amd: " Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 045/191] net: sun: " Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 046/191] net: hns3: Fix for setting speed for phy failed problem Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 047/191] net: hns3: Fix cmdq registers initialization issue for vf Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 048/191] net: hns3: Clear client pointer when initialize client failed or unintialize finished Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 049/191] net: hns3: Fix client initialize state issue when roce client initialize failed Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 050/191] net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() Sasha Levin
2019-11-10 2:37 ` [PATCH AUTOSEL 4.19 051/191] nfp: provide a better warning when ring allocation fails Sasha Levin
2019-11-10 2:38 ` [PATCH AUTOSEL 4.19 058/191] brcmfmac: increase buffer for obtaining firmware capabilities Sasha Levin
2019-11-10 2:38 ` [PATCH AUTOSEL 4.19 059/191] brcmsmac: Use kvmalloc() for ucode allocations Sasha Levin
2019-11-10 2:38 ` [PATCH AUTOSEL 4.19 060/191] mlxsw: spectrum: Init shaper for TCs 8..15 Sasha Levin
2019-11-10 2:38 ` [PATCH AUTOSEL 4.19 078/191] bnx2x: Ignore bandwidth attention in single function mode Sasha Levin
2019-11-10 2:38 ` [PATCH AUTOSEL 4.19 082/191] samples/bpf: fix compilation failure Sasha Levin
2019-11-10 2:38 ` [PATCH AUTOSEL 4.19 083/191] net: phy: mdio-bcm-unimac: Allow configuring MDIO clock divider Sasha Levin
2019-11-10 2:38 ` [PATCH AUTOSEL 4.19 084/191] net: micrel: fix return type of ndo_start_xmit function Sasha Levin
2019-11-10 2:38 ` [PATCH AUTOSEL 4.19 085/191] net: freescale: " Sasha Levin
2019-11-10 2:38 ` [PATCH AUTOSEL 4.19 091/191] mlxsw: Make MLXSW_SP1_FWREV_MINOR a hard requirement Sasha Levin
2019-11-10 2:39 ` [PATCH AUTOSEL 4.19 143/191] net: smsc: fix return type of ndo_start_xmit function Sasha Levin
2019-11-10 2:39 ` [PATCH AUTOSEL 4.19 144/191] net: faraday: " Sasha Levin
2019-11-10 2:39 ` [PATCH AUTOSEL 4.19 154/191] Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS Sasha Levin
2019-11-10 2:39 ` Sasha Levin [this message]
2019-11-10 2:39 ` [PATCH AUTOSEL 4.19 161/191] iwlwifi: fix non_shared_ant for 22000 devices Sasha Levin
2019-11-10 2:39 ` [PATCH AUTOSEL 4.19 162/191] iwlwifi: pcie: read correct prph address for newer devices Sasha Levin
2019-11-10 2:39 ` [PATCH AUTOSEL 4.19 163/191] iwlwifi: api: annotate compressed BA notif array sizes Sasha Levin
2019-11-10 2:39 ` [PATCH AUTOSEL 4.19 164/191] iwlwifi: pcie: gen2: build A-MSDU only for GSO Sasha Levin
2019-11-10 2:39 ` [PATCH AUTOSEL 4.19 165/191] iwlwifi: pcie: fit reclaim msg to MAX_MSG_LEN Sasha Levin
2019-11-10 2:39 ` [PATCH AUTOSEL 4.19 166/191] iwlwifi: mvm: use correct FIFO length Sasha Levin
2019-11-10 2:39 ` [PATCH AUTOSEL 4.19 167/191] iwlwifi: mvm: Allow TKIP for AP mode Sasha Levin
2019-11-10 2:40 ` [PATCH AUTOSEL 4.19 183/191] netfilter: masquerade: don't flush all conntracks if only one address deleted on device Sasha Levin
2019-11-10 2:40 ` [PATCH AUTOSEL 4.19 190/191] net: phy: mdio-bcm-unimac: mark PM functions as __maybe_unused Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191110024013.29782-160-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=emmanuel.grumbach@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=luciano.coelho@intel.com \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).