• Kalle Valo's avatar
    ath10k: fix napi crash during rmmod when probe firmware fails · 02d009e8
    Kalle Valo authored
    commit 1427228d upstream.
    
    This fixes the below crash when ath10k probe firmware fails, NAPI polling tries
    to access a rx ring resource which was never allocated. An easy way to
    reproduce this is easy to remove all the firmware files, load ath10k modules
    and ath10k will crash when calling 'rmmod ath10k_pci'. The fix is to call
    napi_enable() from ath10k_pci_hif_start() so that it matches with
    napi_disable() being called from ath10k_pci_hif_stop().
    
    Big thanks to Mohammed Shafi Shajakhan who debugged this and provided first
    version of the fix. In this patch I just fix the actual problem in pci.c
    instead of having a workaround in core.c.
    
    BUG: unable to handle kernel NULL pointer dereference at (null)
    IP:  __ath10k_htt_rx_ring_fill_n+0x19/0x230 [ath10k_core]
    __ath10k_htt_rx_ring_fill_n+0x19/0x230 [ath10k_core]
    
    Call Trace:
    
    [<ffffffffa113ec62>] ath10k_htt_rx_msdu_buff_replenish+0x42/0x90
    [ath10k_core]
    [<ffffffffa113f393>] ath10k_htt_txrx_compl_task+0x433/0x17d0
    [ath10k_core]
    [<ffffffff8114406d>] ? __wake_up_common+0x4d/0x80
    [<ffffffff811349ec>] ? cpu_load_update+0xdc/0x150
    [<ffffffffa119301d>] ? ath10k_pci_read32+0xd/0x10 [ath10k_pci]
    [<ffffffffa1195b17>] ath10k_pci_napi_poll+0x47/0x110 [ath10k_pci]
    [<ffffffff817863af>] net_rx_action+0x20f/0x370
    Reported-by: default avatarBen Greear <greearb@candelatech.com>
    Fixes: 3c97f5de ("ath10k: implement NAPI support")
    Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    02d009e8
pci.c 84.5 KB