From patchwork Thu Sep 20 05:04:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Govind Singh X-Patchwork-Id: 10606859 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E31776CB for ; Thu, 20 Sep 2018 05:04:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D19DA2B9D0 for ; Thu, 20 Sep 2018 05:04:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C38642BAD5; Thu, 20 Sep 2018 05:04:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 40BFB2B9D0 for ; Thu, 20 Sep 2018 05:04:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727165AbeITKqE (ORCPT ); Thu, 20 Sep 2018 06:46:04 -0400 Received: from smtp.codeaurora.org ([198.145.29.96]:43842 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726982AbeITKqE (ORCPT ); Thu, 20 Sep 2018 06:46:04 -0400 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id E290160BE3; Thu, 20 Sep 2018 05:04:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1537419873; bh=N1bgpLhIh+f1cwhutS9lEDF4oxuQ7BwF0uIpvXXHVkQ=; h=From:To:Cc:Subject:Date:From; b=GdaFwUniNatLPk1yfk0nmXYuubpYOtTpm87Wy5YwiZwZbfiULsKBG3kQIeDscMO87 6M6gt65AlGiy2RlIF+HNYD0a351kSPTSmL9PpjAH34VC6sS7SjrUDjpKc7PBO2Gg6y x8MuGy3krrwjj0dvyVBSdSAyF7vKQ28F7oSGHSJ4= Received: from govinds-linux.qualcomm.com (blr-c-bdr-fw-01_globalnat_allzones-outside.qualcomm.com [103.229.19.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: govinds@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id 4C12C60214; Thu, 20 Sep 2018 05:04:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1537419873; bh=N1bgpLhIh+f1cwhutS9lEDF4oxuQ7BwF0uIpvXXHVkQ=; h=From:To:Cc:Subject:Date:From; b=GdaFwUniNatLPk1yfk0nmXYuubpYOtTpm87Wy5YwiZwZbfiULsKBG3kQIeDscMO87 6M6gt65AlGiy2RlIF+HNYD0a351kSPTSmL9PpjAH34VC6sS7SjrUDjpKc7PBO2Gg6y x8MuGy3krrwjj0dvyVBSdSAyF7vKQ28F7oSGHSJ4= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 4C12C60214 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=govinds@codeaurora.org From: Govind Singh To: ath10k@lists.infradead.org Cc: linux-wireless@vger.kernel.org, Govind Singh Subject: [PATCH 1/2] ath10k: Move napi_enable to hif_start for consistent pairing Date: Thu, 20 Sep 2018 10:34:25 +0530 Message-Id: <20180920050426.4113-1-govinds@codeaurora.org> X-Mailer: git-send-email 2.19.0 MIME-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP There is unbalanced napi_{enable,disable}() behavior as they are being called from hif_snoc_{power_up/stop). The fix is to call napi_enable() from ath10k_snoc_hif_start() so that it matches with napi_disable() being called from ath10k_snoc_hif_stop(). Signed-off-by: Govind Singh --- drivers/net/wireless/ath/ath10k/snoc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath10k/snoc.c b/drivers/net/wireless/ath/ath10k/snoc.c index ed52a6308f76..dd043b858c8e 100644 --- a/drivers/net/wireless/ath/ath10k/snoc.c +++ b/drivers/net/wireless/ath/ath10k/snoc.c @@ -919,6 +919,7 @@ static void ath10k_snoc_hif_stop(struct ath10k *ar) static int ath10k_snoc_hif_start(struct ath10k *ar) { + napi_enable(&ar->napi); ath10k_snoc_irq_enable(ar); ath10k_snoc_rx_post(ar); @@ -1017,7 +1018,6 @@ static int ath10k_snoc_hif_power_up(struct ath10k *ar) goto err_wlan_enable; } - napi_enable(&ar->napi); return 0; err_wlan_enable: From patchwork Thu Sep 20 05:04:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Govind Singh X-Patchwork-Id: 10606861 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 751A86CB for ; Thu, 20 Sep 2018 05:04:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 649EA2B9D0 for ; Thu, 20 Sep 2018 05:04:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 575752BAD5; Thu, 20 Sep 2018 05:04:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0D7072B9D0 for ; Thu, 20 Sep 2018 05:04:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730965AbeITKqI (ORCPT ); Thu, 20 Sep 2018 06:46:08 -0400 Received: from smtp.codeaurora.org ([198.145.29.96]:43910 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726982AbeITKqI (ORCPT ); Thu, 20 Sep 2018 06:46:08 -0400 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id 5D66760B7F; Thu, 20 Sep 2018 05:04:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1537419877; bh=GcidKvFMpTnl001YYjxOHhjYO3wM04hHe0pDftwrzMg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bwe8eBIu8qJdy+bpfXTLbn4U7TMsyK61+BF3qbdtUqtHqkJZ5RjHqtUkgje/iO5a5 zkM8c0vJpqOg6bRP2a8Mc8SKu9qZWbo0N1VD1q5ROzqWO5SqfMe0aNPczldurP/I89 Wx6ztF3ozPkWeciavK/AWKDptS0M0A6EVmZOGJA4= Received: from govinds-linux.qualcomm.com (blr-c-bdr-fw-01_globalnat_allzones-outside.qualcomm.com [103.229.19.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: govinds@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id A8201607F7; Thu, 20 Sep 2018 05:04:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1537419877; bh=GcidKvFMpTnl001YYjxOHhjYO3wM04hHe0pDftwrzMg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bwe8eBIu8qJdy+bpfXTLbn4U7TMsyK61+BF3qbdtUqtHqkJZ5RjHqtUkgje/iO5a5 zkM8c0vJpqOg6bRP2a8Mc8SKu9qZWbo0N1VD1q5ROzqWO5SqfMe0aNPczldurP/I89 Wx6ztF3ozPkWeciavK/AWKDptS0M0A6EVmZOGJA4= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org A8201607F7 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=govinds@codeaurora.org From: Govind Singh To: ath10k@lists.infradead.org Cc: linux-wireless@vger.kernel.org, Govind Singh Subject: [PATCH 2/2] ath10k: Disable napi before resource cleanup to avoid "use after free" Date: Thu, 20 Sep 2018 10:34:26 +0530 Message-Id: <20180920050426.4113-2-govinds@codeaurora.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180920050426.4113-1-govinds@codeaurora.org> References: <20180920050426.4113-1-govinds@codeaurora.org> MIME-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP CE buffers are cleaned up prior to napi disable and this is causing NULL pointer dereference due to "use after free". Disable napi before resource cleanup to avoid "use after free". Signed-off-by: Govind Singh --- drivers/net/wireless/ath/ath10k/snoc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath10k/snoc.c b/drivers/net/wireless/ath/ath10k/snoc.c index dd043b858c8e..6da951eea345 100644 --- a/drivers/net/wireless/ath/ath10k/snoc.c +++ b/drivers/net/wireless/ath/ath10k/snoc.c @@ -911,9 +911,9 @@ static void ath10k_snoc_buffer_cleanup(struct ath10k *ar) static void ath10k_snoc_hif_stop(struct ath10k *ar) { ath10k_snoc_irq_disable(ar); - ath10k_snoc_buffer_cleanup(ar); napi_synchronize(&ar->napi); napi_disable(&ar->napi); + ath10k_snoc_buffer_cleanup(ar); ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot hif stop\n"); }