ath10k: fix kernel panic, move arvifs list head init before htt init

It is observed that while loading and unloading ath10k modules in an infinite loop, before ath10k_core_start() completion HTT rx frames are received, while processing these frames, dereferencing the arvifs list code is getting hit before initilizing the arvifs list, causing a kernel panic. This patch initilizes the arvifs list before initilizing htt. Fixes the below issue: [<bf88b058>] (ath10k_htt_rx_pktlog_completion_handler+0x278/0xd08 [ath10k_core]) [<bf88b058>] (ath10k_htt_rx_pktlog_completion_handler [ath10k_core]) [<bf88c0dc>] (ath10k_htt_txrx_compl_task+0x5f4/0xeb0 [ath10k_core]) [<bf88c0dc>] (ath10k_htt_txrx_compl_task [ath10k_core]) [<c0234100>] (tasklet_action+0x8c/0xec) [<c0234100>] (tasklet_action) [<c02337c0>] (__do_softirq+0xf8/0x228) [<c02337c0>] (__do_softirq) [<c0233920>] (run_ksoftirqd+0x30/0x90) Code: e5954ad8 e2899008 e1540009 0a00000d (e5943008) ---[ end trace 71de5c2e011dbf56 ]--- Kernel panic - not syncing: Fatal exception in interrupt Fixes: 500ff9f9 ("ath10k: implement chanctx API") Cc: <stable@vger.kernel.org> Signed-off-by: Anilkumar Kolli <akolli@qti.qualcomm.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>

ath10k: fix kernel panic, move arvifs list head init before htt init
It is observed that while loading and unloading ath10k modules in an infinite loop, before ath10k_core_start() completion HTT rx frames are received, while processing these frames, dereferencing the arvifs list code is getting hit before initilizing the arvifs list, causing a kernel panic. This patch initilizes the arvifs list before initilizing htt. Fixes the below issue: [<bf88b058>] (ath10k_htt_rx_pktlog_completion_handler+0x278/0xd08 [ath10k_core]) [<bf88b058>] (ath10k_htt_rx_pktlog_completion_handler [ath10k_core]) [<bf88c0dc>] (ath10k_htt_txrx_compl_task+0x5f4/0xeb0 [ath10k_core]) [<bf88c0dc>] (ath10k_htt_txrx_compl_task [ath10k_core]) [<c0234100>] (tasklet_action+0x8c/0xec) [<c0234100>] (tasklet_action) [<c02337c0>] (__do_softirq+0xf8/0x228) [<c02337c0>] (__do_softirq) [<c0233920>] (run_ksoftirqd+0x30/0x90) Code: e5954ad8 e2899008 e1540009 0a00000d (e5943008) ---[ end trace 71de5c2e011dbf56 ]--- Kernel panic - not syncing: Fatal exception in interrupt Fixes: 500ff9f9 ("ath10k: implement chanctx API") Cc: <stable@vger.kernel.org> Signed-off-by: Anilkumar Kolli <akolli@qti.qualcomm.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
4ad24a9d · Anilkumar Kolli · Kalle Valo · de46d165 · 4ad24a9d
Commit 4ad24a9d authored Apr 26, 2016 by Anilkumar Kolli Committed by Kalle Valo May 06, 2016
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

drivers/net/wireless/ath/ath10k/core.c drivers/net/wireless/ath/ath10k/core.c +4 -4

No files found.
--- a/drivers/net/wireless/ath/ath10k/core.c
+++ b/drivers/net/wireless/ath/ath10k/core.c
@@ -1758,6 +1758,10 @@ int ath10k_core_start(struct ath10k *ar, enum ath10k_firmware_mode mode,
 		goto err_hif_stop;
 	}
+	ar->free_vdev_map = (1LL << ar->max_num_vdevs) - 1;
+	INIT_LIST_HEAD(&ar->arvifs);
 	/* we don't care about HTT in UTF mode */
 	if (mode == ATH10K_FIRMWARE_MODE_NORMAL) {
 		status = ath10k_htt_setup(&ar->htt);
@@ -1771,10 +1775,6 @@ int ath10k_core_start(struct ath10k *ar, enum ath10k_firmware_mode mode,
 	if (status)
 		goto err_hif_stop;
-	ar->free_vdev_map = (1LL << ar->max_num_vdevs) - 1;
-	INIT_LIST_HEAD(&ar->arvifs);
 	return 0;
 err_hif_stop: