[PATCH] mt76: mt7921: fix the coredump is being truncated
sean.wang at mediatek.com
sean.wang at mediatek.com
Thu Jun 17 10:19:35 PDT 2021
From: Sean Wang <sean.wang at mediatek.com>
>> From: Sean Wang <sean.wang at mediatek.com>
>>
>> Fix the maximum size of the coredump generated with current mt7921
>> firmware. Otherwise, a truncated coredump would be reported to
>> userland via dev_coredumpv.
>>
>> Also, there is an additional error handling enhanced in the patch to
>> avoid the possible invalid buffer access when the system failed to
>> create the buffer to hold the coredump.
>>
>> Fixes: 0da3c795d07b ("mt76: mt7921: add coredump support")
>> Co-developed-by: YN Chen <YN.Chen at mediatek.com>
>> Signed-off-by: YN Chen <YN.Chen at mediatek.com>
>> Signed-off-by: Sean Wang <sean.wang at mediatek.com>
>> ---
>> drivers/net/wireless/mediatek/mt76/mt76_connac.h | 2 +-
>> drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 9 ++++++---
>> 2 files changed, 7 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/net/wireless/mediatek/mt76/mt76_connac.h
>> b/drivers/net/wireless/mediatek/mt76/mt76_connac.h
>> index 9b3f8d22f17e..d93ab1ece8ae 100644
>> --- a/drivers/net/wireless/mediatek/mt76/mt76_connac.h
>> +++ b/drivers/net/wireless/mediatek/mt76/mt76_connac.h
>> @@ -13,7 +13,7 @@
>> #define MT76_CONNAC_MAX_SCAN_MATCH 16
>>
>> #define MT76_CONNAC_COREDUMP_TIMEOUT (HZ / 20)
>> -#define MT76_CONNAC_COREDUMP_SZ (128 * 1024)
>> +#define MT76_CONNAC_COREDUMP_SZ (1300 * 1024)
>>
>> enum {
>> CMD_CBW_20MHZ = IEEE80211_STA_RX_BW_20, diff --git
>> a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
>> b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
>> index fb4de73df701..905dddbfbb0b 100644
>> --- a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
>> +++ b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
>> @@ -1557,7 +1557,7 @@ void mt7921_coredump_work(struct work_struct *work)
>> break;
>>
>> skb_pull(skb, sizeof(struct mt7921_mcu_rxd));
>> - if (data + skb->len - dump > MT76_CONNAC_COREDUMP_SZ) {
>> + if (!dump || data + skb->len - dump > MT76_CONNAC_COREDUMP_SZ) {
>
>why not just return if dump allocation fails? Doing so we will reset the device even if dump is NULL, do you think it is a real use-case?
We cannot just return if dump allocation fails because we still must properly free skb in coredump.msg_list to avoid
the memory leak.
Reset the device is eventually required even dump is NULL because mt7921 cannot work anymore in case coredump happens
so that needs the following reset to recover it back in time.
>Regards,
>Lorenzo
>
>> dev_kfree_skb(skb);
>> continue;
>> }
>> @@ -1567,7 +1567,10 @@ void mt7921_coredump_work(struct work_struct
>> *work)
>>
>> dev_kfree_skb(skb);
>> }
>> - dev_coredumpv(dev->mt76.dev, dump, MT76_CONNAC_COREDUMP_SZ,
>> - GFP_KERNEL);
>> +
>> + if (dump)
>> + dev_coredumpv(dev->mt76.dev, dump, MT76_CONNAC_COREDUMP_SZ,
>> + GFP_KERNEL);
>> +
>> mt7921_reset(&dev->mt76);
>> }
>> --
>> 2.25.1
>>
>
More information about the Linux-mediatek
mailing list