From: Sasha Levin <Alexander.Levin@microsoft.com>
To: "stable@vger.kernel.org" <stable@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Ben Greear <greearb@candelatech.com>,
Kalle Valo <kvalo@codeaurora.org>,
Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [PATCH AUTOSEL 4.4 32/43] ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
Date: Mon, 17 Sep 2018 03:05:09 +0000 [thread overview]
Message-ID: <20180917030445.484-32-alexander.levin@microsoft.com> (raw)
In-Reply-To: <20180917030445.484-1-alexander.levin@microsoft.com>
From: Ben Greear <greearb@candelatech.com>
[ Upstream commit 168f75f11fe68455e0d058a818ebccfc329d8685 ]
While debugging driver crashes related to a buggy firmware
crashing under load, I noticed that ath10k_htt_rx_ring_free
could be called without being under lock. I'm not sure if this
is the root cause of the crash or not, but it seems prudent to
protect it.
Originally tested on 4.16+ kernel with ath10k-ct 10.4 firmware
running on 9984 NIC.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/net/wireless/ath/ath10k/htt_rx.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath10k/htt_rx.c b/drivers/net/wireless/ath/ath10k/htt_rx.c
index b32c47fe926d..a65b5d7f59f4 100644
--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
@@ -212,11 +212,12 @@ int ath10k_htt_rx_ring_refill(struct ath10k *ar)
spin_lock_bh(&htt->rx_ring.lock);
ret = ath10k_htt_rx_ring_fill_n(htt, (htt->rx_ring.fill_level -
htt->rx_ring.fill_cnt));
- spin_unlock_bh(&htt->rx_ring.lock);
if (ret)
ath10k_htt_rx_ring_free(htt);
+ spin_unlock_bh(&htt->rx_ring.lock);
+
return ret;
}
@@ -230,7 +231,9 @@ void ath10k_htt_rx_free(struct ath10k_htt *htt)
skb_queue_purge(&htt->rx_compl_q);
skb_queue_purge(&htt->rx_in_ord_compl_q);
+ spin_lock_bh(&htt->rx_ring.lock);
ath10k_htt_rx_ring_free(htt);
+ spin_unlock_bh(&htt->rx_ring.lock);
dma_free_coherent(htt->ar->dev,
(htt->rx_ring.size *
--
2.17.1
next prev parent reply other threads:[~2018-09-17 3:05 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-17 3:04 [PATCH AUTOSEL 4.4 01/43] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 02/43] tsl2550: fix lux1_input error in low light Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 03/43] vmci: type promotion bug in qp_host_get_user_memory() Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 05/43] staging: rts5208: fix missing error check on call to rtsx_write_register Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 04/43] x86/numa_emulation: Fix emulated-to-physical node mapping Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 07/43] power: vexpress: fix corruption in notifier registration Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 06/43] uwb: hwa-rc: fix memory leak at probe Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 08/43] Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 09/43] USB: serial: kobil_sct: fix modem-status error handling Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 10/43] 6lowpan: iphc: reset mac_header after decompress to fix panic Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 11/43] md-cluster: clear another node's suspend_area after the copy is finished Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 12/43] media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 13/43] powerpc/kdump: Handle crashkernel memory reservation failure Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 14/43] media: fsl-viu: fix error handling in viu_of_probe() Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 15/43] x86/tsc: Add missing header to tsc_msr.c Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 16/43] x86/entry/64: Add two more instruction suffixes Sasha Levin
2018-09-17 3:04 ` [PATCH AUTOSEL 4.4 17/43] scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 18/43] scsi: klist: Make it safe to use klists in atomic context Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 19/43] scsi: ibmvscsi: Improve strings handling Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 20/43] usb: wusbcore: security: cast sizeof to int for comparison Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 22/43] alarmtimer: Prevent overflow for relative nanosleep Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 21/43] powerpc/powernv/ioda2: Reduce upper limit for DMA window size Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 24/43] ALSA: snd-aoa: add of_node_put() in error path Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 23/43] s390/extmem: fix gcc 8 stringop-overflow warning Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 25/43] media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 26/43] media: soc_camera: ov772x: correct setting of banding filter Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 27/43] media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 28/43] staging: android: ashmem: Fix mmap size validation Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 29/43] drivers/tty: add error handling for pcmcia_loop_config Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 31/43] ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 30/43] media: tm6000: add error handling for dvb_register_adapter Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 33/43] rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Sasha Levin
2018-09-17 3:05 ` Sasha Levin [this message]
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 34/43] wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 36/43] HID: hid-ntrig: add error handling for sysfs_create_group Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 35/43] ARM: mvebu: declare asm symbols as character arrays in pmsu.c Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 38/43] audit: Fix extended comparison of GID/EGID Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 37/43] scsi: bnx2i: add error handling for ioremap_nocache Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 39/43] EDAC, i7core: Fix memleaks and use-after-free on probe and remove Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 40/43] ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 42/43] nfsd: fix corrupted reply to badly ordered compound Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 41/43] module: exclude SHN_UNDEF symbols from kallsyms api Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 4.4 43/43] ARM: dts: dra7: fix DCAN node addresses Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180917030445.484-32-alexander.levin@microsoft.com \
--to=alexander.levin@microsoft.com \
--cc=greearb@candelatech.com \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).