[PATCH] ath10k: fix kernel panic while shutting down AP

[Kalle Valo]

Rajkumar Manoharan <rmanohar at qti.qualcomm.com> writes:

> The commit "ath10k: workaround fw beaconing bug" is freeing
> DMA-coherent memory in irq context which is hitting BUG ON
> in ARM platforms. Fix this by moving dma_free out of spin
> lock.
>
> kernel BUG at mm/vmalloc.c:1512!
> Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
> CPU: 0 PID: 722 Comm: hostapd Not tainted 3.14.0 #3
> task: dd58b840 ti: da6a6000 task.ti: da6a6000
> PC is at vunmap+0x24/0x34
> LR is at __arm_dma_free.isra.21+0x12c/0x190
> [<c02a97d0>] (vunmap) from [<c021f81c>] (__arm_dma_free.isra.21+0x12c/0x190)
> [<c021f81c>] (__arm_dma_free.isra.21) from [<bf3b2440>]
> 			(ath10k_mac_vif_beacon_free+0xf4/0x100 [ath10k_core])
> [<bf3b2440>] (ath10k_mac_vif_beacon_free [ath10k_core]) from [<bf3b2490>]
> 			(ath10k_remove_interface+0x44/0x1ec [ath10k_core])
> [<bf3b2490>] (ath10k_remove_interface [ath10k_core]) from [<bf3352e4>]
> 			(ieee80211_add_virtual_monitor+0x9d8/0x9f0 [mac80211])
> [<bf3352e4>] (ieee80211_add_virtual_monitor [mac80211]) from [<bf33530c>]
> 			(ieee80211_stop+0x10/0x18 [mac80211])
> [<bf33530c>] (ieee80211_stop [mac80211]) from [<c040d144>]
> 			(__dev_close_many+0x9c/0xcc)
>
> Cc: Michal Kazior <michal.kazior at tieto.com>
> Signed-off-by: Rajkumar Manoharan <rmanohar at qti.qualcomm.com>

[...]

> @@ -2404,8 +2389,15 @@ void ath10k_halt(struct ath10k *ar)
>  
>  	spin_lock_bh(&ar->data_lock);
>  	list_for_each_entry(arvif, &ar->arvifs, list)
> -		ath10k_mac_vif_beacon_cleanup(arvif);
> +		ath10k_mac_vif_beacon_free(arvif);
>  	spin_unlock_bh(&ar->data_lock);
> +	list_for_each_entry(arvif, &ar->arvifs, list) {
> +		if (!arvif->beacon_buf)
> +			continue;
> +		dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
> +				  arvif->beacon_buf, arvif->beacon_paddr);
> +		arvif->beacon_buf = NULL;
> +	}
>  }

Until now we have protected arvif->beacon_buf with data_lock. How do we
know that this is safe to do without taking data_lock?

-- 
Kalle Valo