Does the reg_addr/reg_value reading work?

Michal Kazior michal.kazior at tieto.com
Thu Jun 11 00:45:15 PDT 2015


On 8 June 2015 at 23:28, Ben Greear <greearb at candelatech.com> wrote:
> On 06/08/2015 02:23 PM, Sebastian Gottschall wrote:
>> Am 08.06.2015 um 22:02 schrieb Ben Greear:
>>> On 06/08/2015 12:45 PM, Ben Greear wrote:
>>>> On 06/08/2015 09:46 AM, Sebastian Gottschall wrote:
[...]
>>>>> echo 0x2080e0 > /debug/ieee80211/wiphy0/ath10k/reg_addr
>>>> This crashes my kernel....I instrumented the place that crashed in ath10k/pci.h:
>>>>
>>>> [  100.676013] ath10k-pci-read32: ar ffff88020279ae20  ar_pci ffff88020279df08  offset: 0x2080e0
>>>> [  100.676016]   ar_pci->mem: 0xffffc90019c80000
>>>> [  100.676031] BUG: unable to handle kernel paging request at ffffc90019e880e0
>>>> [  100.681752] IP: [<ffffffff81364ad4>] ioread32+0x9/0x2f
>>>>
>>>> Have you tried this on a 10.1.467 firmware?
>>>>
>>>> And, what kernel?  I'm trying 4.0.4+
>>> I was using the wrong address value..it should be 0x280e0.  Maybe the driver should still keep us from
>>> crashing the whole kernel (while holding locks!), but at least it works when I put in
>>> the right value.
>> now that you say it. i see it too. but playing direct register writes can always lead to problematic scenarios. its a debug register. from my oppinion, a debug
>> register should allow
>> whatever is possible. even crashing something. its like using /dev/kmem
>
> I am guessing the driver knows the pci address space that is available..it could probably
> just limit any access outside those bounds since they can never work anyway.
>
> Anyway, I'll let someone else deal with it if they want.

Yep. I've just sent a patch for review which introduces a sanity check
to prevent out of bounds MMIO access.


Michał



More information about the ath10k mailing list