| Message ID | 1603768580-2798-1-git-send-email-WeitaoWang-oc@zhaoxin.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | rtlwifi: Fix non-canonical address access issues | expand |
On Tue, 2020-10-27 at 11:16 +0800, WeitaoWangoc wrote: > During realtek USB wireless NIC initialization, it's unexpected > disconnection will cause urb sumbmit fail. On the one hand, > _rtl_usb_cleanup_rx will be called to clean up rx stuff, especially for > rtl_wq. On the other hand, disconnection will cause rtl_usb_disconnect > and _rtl_usb_cleanup_rx to be called. So, rtl_wq will be flush/destroy > twice, which will cause non-canonical address 0xdead000000000122 access > and general protection fault. > > Fixed this issue by remove _rtl_usb_cleanup_rx when urb sumbmit fail. > > Signed-off-by: WeitaoWangoc <WeitaoWang-oc@zhaoxin.com> Thanks for your patch. Acked-by: Ping-Ke Shih <pkshih@realtek.com> > --- > drivers/net/wireless/realtek/rtlwifi/usb.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c > b/drivers/net/wireless/realtek/rtlwifi/usb.c > index 06e073d..d62b87f 100644 > --- a/drivers/net/wireless/realtek/rtlwifi/usb.c > +++ b/drivers/net/wireless/realtek/rtlwifi/usb.c > @@ -731,7 +731,6 @@ static int _rtl_usb_receive(struct ieee80211_hw *hw) > > err_out: > usb_kill_anchored_urbs(&rtlusb->rx_submitted); > - _rtl_usb_cleanup_rx(hw); > return err; > } >
WeitaoWangoc <WeitaoWang-oc@zhaoxin.com> wrote: > During realtek USB wireless NIC initialization, it's unexpected > disconnection will cause urb sumbmit fail. On the one hand, > _rtl_usb_cleanup_rx will be called to clean up rx stuff, especially for > rtl_wq. On the other hand, disconnection will cause rtl_usb_disconnect > and _rtl_usb_cleanup_rx to be called. So, rtl_wq will be flush/destroy > twice, which will cause non-canonical address 0xdead000000000122 access > and general protection fault. > > Fixed this issue by remove _rtl_usb_cleanup_rx when urb sumbmit fail. > > Signed-off-by: WeitaoWangoc <WeitaoWang-oc@zhaoxin.com> > Acked-by: Ping-Ke Shih <pkshih@realtek.com> Patch applied to wireless-drivers-next.git, thanks. c521d7e0ff05 rtlwifi: Fix non-canonical address access issues
diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c index 06e073d..d62b87f 100644 --- a/drivers/net/wireless/realtek/rtlwifi/usb.c +++ b/drivers/net/wireless/realtek/rtlwifi/usb.c @@ -731,7 +731,6 @@ static int _rtl_usb_receive(struct ieee80211_hw *hw) err_out: usb_kill_anchored_urbs(&rtlusb->rx_submitted); - _rtl_usb_cleanup_rx(hw); return err; }
During realtek USB wireless NIC initialization, it's unexpected disconnection will cause urb sumbmit fail. On the one hand, _rtl_usb_cleanup_rx will be called to clean up rx stuff, especially for rtl_wq. On the other hand, disconnection will cause rtl_usb_disconnect and _rtl_usb_cleanup_rx to be called. So, rtl_wq will be flush/destroy twice, which will cause non-canonical address 0xdead000000000122 access and general protection fault. Fixed this issue by remove _rtl_usb_cleanup_rx when urb sumbmit fail. Signed-off-by: WeitaoWangoc <WeitaoWang-oc@zhaoxin.com> --- drivers/net/wireless/realtek/rtlwifi/usb.c | 1 - 1 file changed, 1 deletion(-)