ath10k: merge some pending stability fixes
[openwrt/openwrt.git] / package / kernel / mac80211 / patches / 306-ath10k-Ensure-peer_map-references-are-cleaned-up.patch
1 From: Ben Greear <greearb@candelatech.com>
2 Date: Fri, 1 Apr 2016 14:12:09 -0700
3 Subject: [PATCH] ath10k: Ensure peer_map references are cleaned up.
4
5 While debugging OS crashes due to firmware crashes, I enabled
6 kasan, and it noticed that peer objects were being used-after-freed.
7
8 Looks like there are two places we could be leaving stale references
9 in the peer-map, so clean that up.
10
11 Signed-off-by: Ben Greear <greearb@candelatech.com>
12 ---
13
14 --- a/drivers/net/wireless/ath/ath10k/mac.c
15 +++ b/drivers/net/wireless/ath/ath10k/mac.c
16 @@ -773,6 +773,7 @@ static void ath10k_peer_cleanup(struct a
17 {
18 struct ath10k_peer *peer, *tmp;
19 int peer_id;
20 + int i;
21
22 lockdep_assert_held(&ar->conf_mutex);
23
24 @@ -789,6 +790,17 @@ static void ath10k_peer_cleanup(struct a
25 ar->peer_map[peer_id] = NULL;
26 }
27
28 + /* Double check that peer is properly un-referenced from
29 + * the peer_map
30 + */
31 + for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
32 + if (ar->peer_map[i] == peer) {
33 + ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %p idx %d)\n",
34 + peer->addr, peer, i);
35 + ar->peer_map[i] = NULL;
36 + }
37 + }
38 +
39 list_del(&peer->list);
40 kfree(peer);
41 ar->num_peers--;
42 @@ -799,6 +811,7 @@ static void ath10k_peer_cleanup(struct a
43 static void ath10k_peer_cleanup_all(struct ath10k *ar)
44 {
45 struct ath10k_peer *peer, *tmp;
46 + int i;
47
48 lockdep_assert_held(&ar->conf_mutex);
49
50 @@ -807,6 +820,10 @@ static void ath10k_peer_cleanup_all(stru
51 list_del(&peer->list);
52 kfree(peer);
53 }
54 +
55 + for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
56 + ar->peer_map[i] = NULL;
57 +
58 spin_unlock_bh(&ar->data_lock);
59
60 ar->num_peers = 0;