linux

mirror of synced 2025-03-06 20:59:54 +01:00

History

Pali Rohár fb312ac5cc ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() I got this crash more times during debugging of PCIe controller and crash happens somehow at the time when PCIe kernel code started link retraining (as part of ASPM code) when at the same time PCIe link went down and ath9k probably executed hw reset procedure. Currently I'm not able to reproduce this issue as it looks like to be some race condition between link training, ASPM, link down and reset path. And as always, race conditions which depends on more input parameters are hard to reproduce as it depends on precise timings. But it is clear that pointers are zero in this case and should be properly filled as same code pattern is used in ath9k_stop() function. Anyway I was able to reproduce this crash by manually triggering ath reset worker prior putting card up. I created simple patch to export reset functionality via debugfs and use it to "simulate" of triggering reset. s proved that NULL-pointer dereference issue is there. Function ath9k_hw_reset() is dereferencing chan structure pointer, so it needs to be non-NULL pointer. Function ath9k_stop() already contains code which sets ah->curchan to valid non-NULL pointer prior calling ath9k_hw_reset() function. Add same code pattern also into ath_reset_internal() function to prevent kernel NULL pointer dereference in ath9k_hw_reset() function. This change fixes kernel NULL pointer dereference in ath9k_hw_reset() which is caused by calling ath9k_hw_reset() from ath_reset_internal() with NULL chan structure. [ 45.334305] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 [ 45.344417] Mem abort info: [ 45.347301] ESR = 0x96000005 [ 45.350448] EC = 0x25: DABT (current EL), IL = 32 bits [ 45.356166] SET = 0, FnV = 0 [ 45.359350] EA = 0, S1PTW = 0 [ 45.362596] Data abort info: [ 45.365756] ISV = 0, ISS = 0x00000005 [ 45.369735] CM = 0, WnR = 0 [ 45.372814] user pgtable: 4k pages, 39-bit VAs, pgdp=000000000685d000 [ 45.379663] [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 45.388856] Internal error: Oops: 96000005 [#1] SMP [ 45.393897] Modules linked in: ath9k ath9k_common ath9k_hw [ 45.399574] CPU: 1 PID: 309 Comm: kworker/u4:2 Not tainted 5.12.0-rc2-dirty #785 [ 45.414746] Workqueue: phy0 ath_reset_work [ath9k] [ 45.419713] pstate: 40000005 (nZcv daif -PAN -UAO -TCO BTYPE=--) [ 45.425910] pc : ath9k_hw_reset+0xc4/0x1c48 [ath9k_hw] [ 45.431234] lr : ath9k_hw_reset+0xc0/0x1c48 [ath9k_hw] [ 45.436548] sp : ffffffc0118dbca0 [ 45.439961] x29: ffffffc0118dbca0 x28: 0000000000000000 [ 45.445442] x27: ffffff800dee4080 x26: 0000000000000000 [ 45.450923] x25: ffffff800df9b9d8 x24: 0000000000000000 [ 45.456404] x23: ffffffc0115f6000 x22: ffffffc008d0d408 [ 45.461885] x21: ffffff800dee5080 x20: ffffff800df9b9d8 [ 45.467366] x19: 0000000000000000 x18: 0000000000000000 [ 45.472846] x17: 0000000000000000 x16: 0000000000000000 [ 45.478326] x15: 0000000000000010 x14: ffffffffffffffff [ 45.483807] x13: ffffffc0918db94f x12: ffffffc011498720 [ 45.489289] x11: 0000000000000003 x10: ffffffc0114806e0 [ 45.494770] x9 : ffffffc01014b2ec x8 : 0000000000017fe8 [ 45.500251] x7 : c0000000ffffefff x6 : 0000000000000001 [ 45.505733] x5 : 0000000000000000 x4 : 0000000000000000 [ 45.511213] x3 : 0000000000000000 x2 : ffffff801fece870 [ 45.516693] x1 : ffffffc00eded000 x0 : 000000000000003f [ 45.522174] Call trace: [ 45.524695] ath9k_hw_reset+0xc4/0x1c48 [ath9k_hw] [ 45.529653] ath_reset_internal+0x1a8/0x2b8 [ath9k] [ 45.534696] ath_reset_work+0x2c/0x40 [ath9k] [ 45.539198] process_one_work+0x210/0x480 [ 45.543339] worker_thread+0x5c/0x510 [ 45.547115] kthread+0x12c/0x130 [ 45.550445] ret_from_fork+0x10/0x1c [ 45.554138] Code: 910922c2 9117e021 95ff0398 b4000294 (b9400a61) [ 45.560430] ---[ end trace 566410ba90b50e8b ]--- [ 45.565193] Kernel panic - not syncing: Oops: Fatal exception in interrupt [ 45.572282] SMP: stopping secondary CPUs [ 45.576331] Kernel Offset: disabled [ 45.579924] CPU features: 0x00040002,0000200c [ 45.584416] Memory Limit: none [ 45.587564] Rebooting in 3 seconds.. Signed-off-by: Pali Rohár <pali@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20210402122653.24014-1-pali@kernel.org		2021-06-12 13:23:56 +03:00
..
ahb.c	remove ioremap_nocache and devm_ioremap_nocache	2020-01-06 09:45:59 +01:00
ani.c	ath9k: Replace HTTP links with HTTPS ones	2020-08-14 17:44:14 +03:00
ani.h	ath9k_hw: tweak noise immunity thresholds for older chipsets	2014-03-03 15:35:55 -05:00
antenna.c	ath9k: fix RX_STAT_INC() etc macros	2018-10-13 20:27:35 +03:00
ar953x_initvals.h	ath9k: Update QCA953x initvals	2016-03-11 13:59:56 +02:00
ar955x_1p0_initvals.h	ath9k: Update AR955x initvals	2016-03-11 13:59:58 +02:00
ar956x_initvals.h	ath9k: Update QCA956x initvals	2016-03-11 13:59:59 +02:00
ar5008_initvals.h	ath9k: ar5008_initvals: Move ar5416Bank{0,1,2,3,7} to where they are used	2020-08-27 13:17:40 +03:00
ar5008_phy.c	ath9k: ar5008_phy: Demote half completed function headers	2020-11-07 10:07:51 +02:00
ar9001_initvals.h	ath9k: ar9001_initvals: Remove unused array 'ar5416Bank6_9100'	2020-08-27 13:17:35 +03:00
ar9002_calib.c	ath9k: add calibration timeout for AR9002	2020-04-28 12:07:21 +03:00
ar9002_hw.c	ath9k: replace eeprom_param EEP_MINOR_REV with get_eeprom_rev	2016-12-15 10:26:27 +02:00
ar9002_initvals.h	ath9k: ar9002_initvals: Remove unused array 'ar9280PciePhy_clkreq_off_L1_9280'	2020-08-27 13:17:32 +03:00
ar9002_mac.c	ath9k: Use fallthrough pseudo-keyword	2020-08-14 18:04:06 +03:00
ar9002_phy.c	ath9k: Use fallthrough pseudo-keyword	2020-08-14 18:04:06 +03:00
ar9002_phy.h	ath9k_hw: fix spectral scan on AR9285 and newer	2016-07-19 20:58:07 +03:00
ar9003_2p2_initvals.h	ath9k: ar9003_2p2_initvals: Remove unused const variables	2020-11-07 10:07:48 +02:00
ar9003_aic.c	ath9k: use true,false for bool variable	2020-01-26 12:19:02 +02:00
ar9003_aic.h	ath9k: reduce stack usage in ar9003_aic_cal_post_process	2016-03-03 19:27:17 +02:00
ar9003_buffalo_initvals.h	ath9k: Use a separate TX gain table for WZR-HP-G450H	2013-12-09 15:37:58 -05:00
ar9003_calib.c	Revert "ath9k_hw: implement temperature compensation support for AR9003+"	2016-10-13 14:11:30 +03:00
ar9003_eeprom.c	ath9k_hw: fix uninitialized variable data	2019-10-01 14:18:43 +03:00
ar9003_eeprom.h	ath9k: Read noise floor calibration data from eeprom	2018-01-25 07:33:36 +02:00
ar9003_hw.c	net: Fix misspellings of "configure" and "configuration"	2019-10-28 13:41:01 -07:00
ar9003_mac.c	ath9k: ar9003_mac: read STBC indicator from rx descriptor	2021-05-30 12:04:19 +03:00
ar9003_mac.h
ar9003_mci.c	ath9k: remove set but not used variable 'new_flags'	2018-11-05 13:18:34 +02:00
ar9003_mci.h	ath9k: Fix GPM initialization	2015-03-03 14:55:24 +02:00
ar9003_paprd.c	treewide: kmalloc() -> kmalloc_array()	2018-06-12 16:19:22 -07:00
ar9003_phy.c	ath9k: drop redundant code in ar9003_hw_set_channel	2019-04-29 17:56:03 +03:00
ar9003_phy.h	ath9k_hw: fix duplicate (and partially wrong) definition of AR_CH0_THERM	2016-07-19 20:59:04 +03:00
ar9003_rtt.c	ath9k: Fix RTT chainmask usage	2015-03-13 15:19:36 +02:00
ar9003_rtt.h	ath9k_hw: make support for PC-OEM cards optional	2014-10-27 14:16:18 -04:00
ar9003_wow.c	ath9k: Restart TSF2 timers on wakeup	2015-02-26 14:58:46 +02:00
ar9330_1p1_initvals.h	ath9k: ar9330_1p1_initvals: Remove unused const variable 'ar9331_common_tx_gain_offset1_1'	2020-11-07 10:07:39 +02:00
ar9330_1p2_initvals.h	ath9k: Update AR933x initvals	2016-03-11 13:59:57 +02:00
ar9340_initvals.h	ath9k: ar9340_initvals: Remove unused const variable 'ar9340Modes_ub124_tx_gain_table_1p0'	2020-11-07 10:07:42 +02:00
ar9462_2p0_initvals.h	ath9k: Update AR9462 initvals	2016-03-11 13:59:57 +02:00
ar9462_2p1_initvals.h	ath9k: Update AR9462 initvals	2016-03-11 13:59:57 +02:00
ar9485_initvals.h	ath9k: ar9485_initvals: Remove unused const variable 'ar9485_fast_clock_1_1_baseband_postamble'	2020-11-07 10:07:45 +02:00
ar9565_1p0_initvals.h	ath9k: Update AR9565 initvals	2016-03-11 13:59:58 +02:00
ar9565_1p1_initvals.h	ath9k: Add initvals for AR9565 1.1	2013-12-02 14:25:01 -05:00
ar9580_1p0_initvals.h	ath9k: Remove set but not used variable	2020-09-29 11:29:20 +03:00
ath9k.h	ath9k: fix transmitting to stations in dynamic SMPS mode	2021-02-18 08:07:25 +02:00
ath9k_pci_owl_loader.c	ath9k: use iowrite32 over __raw_writel	2019-11-28 10:18:51 +02:00
beacon.c	ath9k: Use tasklet_disable_in_atomic()	2021-03-17 16:34:02 +01:00
btcoex.c	ath9k: fix BTCoex configuration for SOC chips	2016-03-11 14:00:04 +02:00
btcoex.h	ath9k: fix BTCoex configuration for SOC chips	2016-03-11 14:00:04 +02:00
calib.c	ath9k: add calibration timeout for AR9002	2020-04-28 12:07:21 +03:00
calib.h	ath9k: restart hardware after noise floor calibration failure	2014-10-27 14:16:18 -04:00
channel.c	ath9k: Use fallthrough pseudo-keyword	2020-08-14 18:04:06 +03:00
common-beacon.c	ath9k: remove ath9k_mod_tsf64_tu	2015-12-08 16:51:05 +02:00
common-beacon.h	ath9k: move ath9k_beacon_config_ap common	2014-03-17 13:13:08 -04:00
common-debug.c	ath9k: remove trailing semicolon in macro definition	2020-12-07 18:13:18 +02:00
common-debug.h	ath9k: add counters for good and errorneous FFT/spectral frames	2018-10-02 07:43:32 +03:00
common-init.c	ath9k: spelling s/premble/preamble/	2018-03-26 18:22:44 +03:00
common-init.h	ath9k: move ath9k_reload_chainmask_settings to common	2014-02-28 14:33:16 -05:00
common-spectral.c	ath9k: make relay callbacks const	2020-12-15 22:46:18 -08:00
common-spectral.h	ath9k: fix and simplify FFT max index retrieval	2018-10-02 07:43:56 +03:00
common.c	Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git	2017-05-19 11:47:44 +03:00
common.h	ath9k: Fix beacon configuration for addition/removal of interfaces	2016-07-08 17:03:41 +03:00
debug.c	ath9k: fix data bus crash when setting nf_override via debugfs	2021-02-11 08:49:45 +02:00
debug.h	ath9k: Switch to mac80211 TXQ scheduling and airtime APIs	2019-02-12 20:44:41 +02:00
debug_sta.c	ath9k: Switch to mac80211 TXQ scheduling and airtime APIs	2019-02-12 20:44:41 +02:00
dfs.c	ath: add support to get the detected radar specifications	2018-05-25 13:15:21 +03:00
dfs.h	ath9k/ath: move dfs pattern detector to ath	2013-10-18 14:03:54 -04:00
dfs_debug.c	ath9k: remove trailing semicolon in macro definition	2020-12-07 18:13:18 +02:00
dfs_debug.h	ath9k: simplify DFS pulse interval debug printing	2014-05-29 13:08:10 -04:00
dynack.c	ath9k: work around false-positive gcc warning	2020-11-10 20:12:42 +02:00
dynack.h	ath9k: dynack: make ewma estimation faster	2018-11-06 18:26:50 +02:00
eeprom.c	ath9k: Differentiate between max combined and per chain power	2019-04-29 17:53:43 +03:00
eeprom.h	ath9k: Add cast to u8 to FREQ2FBIN macro	2017-04-19 17:00:48 +03:00
eeprom_4k.c	ath9k: Differentiate between max combined and per chain power	2019-04-29 17:53:43 +03:00
eeprom_9287.c	ath9k: move RELAY and DEBUG_FS to ATH9K[_HTC]_DEBUGFS	2017-01-13 15:29:24 +02:00
eeprom_def.c	ath9k: Use fallthrough pseudo-keyword	2020-08-14 18:04:06 +03:00
gpio.c	ath: Convert timers to use timer_setup()	2017-10-27 16:54:19 +03:00
hif_usb.c	ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()	2020-09-21 16:05:43 +03:00
hif_usb.h	ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb	2020-04-07 07:57:26 +03:00
htc.h	ath9k: convert tasklets to use new tasklet_setup() API	2020-08-27 13:16:18 +03:00
htc_drv_beacon.c	mac80211: rename csa counters to countdown counters	2020-08-27 14:12:15 +02:00
htc_drv_debug.c	wireless: Use octal not symbolic permissions	2018-03-27 11:01:13 +03:00
htc_drv_gpio.c	ath9k: free GPIO resource for SOC GPIOs	2016-03-11 14:00:02 +02:00
htc_drv_init.c	ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices	2021-04-22 16:37:54 +03:00
htc_drv_main.c	ath: Modify ath_key_delete() to not need full key entry	2020-12-17 08:51:17 +02:00
htc_drv_txrx.c	ath9k_htc: adhere to the DONT_REORDER transmit flag	2020-12-09 09:05:20 +02:00
htc_hst.c	ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()	2020-08-17 13:24:01 +03:00
htc_hst.h	ath9k_htc: catch fw panic pattern	2014-02-12 15:36:03 -05:00
hw-ops.h	ath9k: Register private AIC ops	2015-03-20 08:27:17 +02:00
hw.c	ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices	2021-04-22 16:37:54 +03:00
hw.h	ath9k: Postpone key cache entry deletion for TXQ frames reference it	2020-12-17 08:51:20 +02:00
init.c	of: net: pass the dst buffer to of_get_mac_address()	2021-04-13 14:35:02 -07:00
Kconfig	ath9k: fix build error with LEDS_CLASS=m	2021-01-28 09:29:34 +02:00
link.c	ath: Convert timers to use timer_setup()	2017-10-27 16:54:19 +03:00
mac.c	ath9k: add MSI support	2018-01-16 16:29:22 +02:00
mac.h	mac80211: separate encoding/bandwidth from flags	2017-04-28 10:41:45 +02:00
main.c	ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()	2021-06-12 13:23:56 +03:00
Makefile	ath9k: add loader for AR92XX (and older) pci(e)	2019-09-04 09:12:35 +03:00
mci.c	ath9k: remove cast to void pointer	2017-09-25 10:13:58 +03:00
mci.h
pci.c	ath9k: Check the return value of pcie_capability_read_*()	2020-07-20 20:09:36 +03:00
phy.h	ath9k: Fix diversity combining for AR9285	2013-07-24 11:02:39 -04:00
recv.c	ath9k: Set RX filter based to allow broadcast Action frame RX	2020-05-30 17:17:20 +03:00
reg.h	ath9k: add MSI support	2018-01-16 16:29:22 +02:00
reg_aic.h	ath9k: Add register definitions for AIC	2015-03-20 08:27:19 +02:00
reg_mci.h	ath9k: Mute BT properly	2015-03-03 14:55:27 +02:00
reg_wow.h	ath9k: Clear additional WoW events	2015-02-26 14:58:43 +02:00
rng.c	ath9k: avoid potential freezing during random generator read	2017-06-28 19:54:38 +03:00
tx99.c	ath9k: add back support for using active monitor interfaces for tx99	2018-10-02 07:54:26 +03:00
wmi.c	ath9k: convert tasklets to use new tasklet_setup() API	2020-08-27 13:16:18 +03:00
wmi.h	ath9k: convert tasklets to use new tasklet_setup() API	2020-08-27 13:16:18 +03:00
wow.c	ath9k: Register correct WOW details with mac80211	2015-02-06 08:39:21 +02:00
xmit.c	ath9k: fix transmitting to stations in dynamic SMPS mode	2021-02-18 08:07:25 +02:00