[PATCH 1/3] wifi: ath11k: fix double free of peer rx_tid during reo cmd failure
Kalle Valo
kvalo at kernel.org
Wed Apr 19 07:22:58 PDT 2023
Harshitha Prem <quic_hprem at quicinc.com> wrote:
> Peer rx_tid is locally copied thrice during peer_rx_tid_cleanup to
> send REO_CMD_UPDATE_RX_QUEUE followed by REO_CMD_FLUSH_CACHE to flush
> all aged REO descriptors from HW cache.
>
> When sending REO_CMD_FLUSH_CACHE fails, we do dma unmap of already
> mapped rx_tid->vaddr and free it. This is not checked during
> reo_cmd_list_cleanup() and dp_reo_cmd_free() before trying to free and
> unmap again.
>
> Fix this by setting rx_tid->vaddr NULL in rx tid delete and also
> wherever freeing it to check in reo_cmd_list_cleanup() and
> reo_cmd_free() before trying to free again.
>
> Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
> Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
>
> Signed-off-by: Sathishkumar Muruganandam <quic_murugana at quicinc.com>
> Signed-off-by: Harshitha Prem <quic_hprem at quicinc.com>
> Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
3 patches applied to ath-next branch of ath.git, thanks.
93a91f40c25c wifi: ath11k: fix double free of peer rx_tid during reo cmd failure
a8ae833657a4 wifi: ath11k: Prevent REO cmd failures
20487cc3ff36 wifi: ath11k: add peer mac information in failure cases
--
https://patchwork.kernel.org/project/linux-wireless/patch/20230403182420.23375-2-quic_hprem@quicinc.com/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
More information about the ath11k
mailing list