UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers
History
Hauke Mehrtens 1cfd3426ef ath10k: Fix NULL pointer dereference in AHB device probe 
This fixes a NULL pointer dereference in the probe path for AHB devices.
There attr parameter in the ath10k_ce_alloc_pipe() function is not
initialized, but accessed. This function is called by
ath10k_pci_setup_resource() which is called by ath10k_ahb_probe().

The struct ath10k_pci is also used for AHB devices and not only for PCI
devices.

The initialization of the new members of struct ath10k_pci is moved to
ath10k_pci_setup_resource() which is used by the PCI and the AHB code.

This also fixes a use after free bug in ath10k_pci_remove() when ar_pci
is accessed after ath10k_core_destroy() was called, which calls
ieee80211_free_hw() and frees this memory.

This fixes the following bug seen with backports-5.8-rc2 on OpenWrt on a
IPQ4019 device:

[   11.117462] 8<--- cut here ---
[   11.117494] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[   11.119510] pgd = f377fd58
[   11.127657] [00000000] *pgd=8e9a0835, *pte=00000000, *ppte=00000000
[   11.130206] Internal error: Oops: 17 [#1] SMP ARM
[   11.136339] Modules linked in: ath10k_pci(+) ath10k_core ath xt_state xt_nat xt_conntrack xt_REDIRECT xt_MASQUERADE xt_FLOWOFFLOAD pppox ppp_generic nf_nat nf_flow_table_hw nf_flow_table nf_conntrack_rtcache nf_conntrack mac80211 ipt_REJECT cfg80211 xt_time xt_tcpudp xt_multiport xt_mark xt_mac xt_limit xt_comment xt_TCPMSS xt_LOG slhc nf_reject_ipv4 nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_filter ip_tables crc_ccitt compat nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_qcom gpio_button_hotplug
[   11.174355] CPU: 2 PID: 257 Comm: kmodloader Not tainted 5.4.51 #0
[   11.196585] Hardware name: Generic DT based system
[   11.202746] PC is at ath10k_ce_alloc_pipe+0x58/0x180 [ath10k_core]
[   11.207459] LR is at ath10k_pci_alloc_pipes+0x94/0xc8 [ath10k_pci]
[   11.213600] pc : [<bf2c96cc>]    lr : [<bf2fbf98>]    psr: 80000013
[   11.219760] sp : cea0dc90  ip : cf4001f0  fp : 00000001
[   11.225923] r10: 00000000  r9 : 00000018  r8 : ce4963b4
[   11.231133] r7 : 00000000  r6 : ce491ea0  r5 : 00000000  r4 : ce4963b4
[   11.236342] r3 : 0004a000  r2 : 0004a000  r1 : bf2d0d70  r0 : 00000006
[   11.242942] Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[   11.249452] Control: 10c5387d  Table: 8e9c006a  DAC: 00000051
[   11.256656] Process kmodloader (pid: 257, stack limit = 0xaba286ca)
[   11.262386] Stack: (0xcea0dc90 to 0xcea0e000)
[   11.268462] dc80:                                     00000000 ce49629c ce491ea0 ce4963bc
[   11.272984] dca0: ce495ea0 bf2fbf98 00000002 ce4963a8 ce495ea0 00000000 ce491ea0 cf95d800
[   11.281142] dcc0: cf95d810 cf95d810 00000001 bf2fc854 00000000 cf95d800 bf300748 ce495ea0
[   11.289304] dce0: ce491ea0 d1300000 cf95d800 bf2fde8c 00000000 00000001 ce49cea0 00000000
[   11.297462] dd00: 00000000 00000000 bf3010a0 cf95d810 bf3010a0 c0b61580 00000000 00000000
[   11.305624] dd20: bf3010a0 0000000b c0b04e48 c06110c8 c0b61588 cf95d810 c0b61580 c060f740
[   11.313781] dd40: cf95d810 00000000 bf3010a0 00000000 00000000 ce49d2a4 bf301100 c060fc90
[   11.321943] dd60: 00000000 bf3010a0 cf95d810 c060fcf0 cf95d810 bf3010a0 c060fc98 c060dca4
[   11.330101] dd80: cf809d58 cf952cb4 bf3010a0 ce967900 c0b1f2c8 c060ec28 bf3007b8 bf301038
[   11.338263] dda0: bf3010a0 bf3010a0 c0b2d4d4 ffffe000 bf304000 c0610278 c0b04e48 c0b2d4d4
[   11.346422] ddc0: ffffe000 bf2fe2b4 c0b04e48 bf30403c c0b04e48 c0302764 8040003f 00000001
[   11.354582] dde0: 38e38e39 ce513580 c0b2cb50 cf801e00 cffbc6ac ce513600 cf801e00 cffbc6ac
[   11.362740] de00: 8040003e ce49d280 00000001 c0428d54 00000001 cf801e00 cffbc6ac ce513580
[   11.370900] de20: ce49d280 0e391998 bf301100 ce49d340 d12d2000 ce49d280 00000001 c0398c2c
[   11.379061] de40: 00000001 cea0df34 cea0df34 00000001 d12d2000 c039ae48 bf30110c 00007fff
[   11.387221] de60: bf301100 c0398044 cf804028 bf301148 c0397674 bf30126c c08ee5c0 c08ee70c
[   11.395380] de80: bf30110c c0b04e48 c08ee518 00000000 c08ee570 c0b04e48 ce513600 fffff000
[   11.403540] dea0: 00000001 ce513580 0000000d 0000000d 00000000 00000000 00000000 00000000
[   11.411698] dec0: 00000000 00000000 6e72656b 00006c65 00000000 00000000 00000000 00000000
[   11.419858] dee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   11.428018] df00: 00000000 0e391998 00000000 0000c610 d12de610 00000000 0062c620 ffffe000
[   11.436180] df20: 000129d1 00000051 00000000 c039b228 00000000 d12d7afd d12d8e80 d12d2000
[   11.444337] df40: 0000c610 d12de0e8 d12ddfa8 d12dab74 00009000 00009570 00003a2c 00009cae
[   11.452498] df60: 00000000 00000000 00000000 00003a1c 0000001e 0000001f 00000018 00000000
[   11.460656] df80: 00000010 00000000 00000000 00000000 00000003 00000080 c0301204 cea0c000
[   11.468817] dfa0: 00000080 c0301000 00000000 00000000 00620010 0000c610 000129d1 00000014
[   11.476975] dfc0: 00000000 00000000 00000003 00000080 0000c610 00000000 b6fc1d20 00000000
[   11.485137] dfe0: bef0ad14 bef0acf8 00011e14 b6f74c94 60000010 00620010 00000000 00000000
[   11.493390] [<bf2c96cc>] (ath10k_ce_alloc_pipe [ath10k_core]) from [<bf2fbf98>] (ath10k_pci_alloc_pipes+0x94/0xc8 [ath10k_pci])
[   11.501498] [<bf2fbf98>] (ath10k_pci_alloc_pipes [ath10k_pci]) from [<bf2fc854>] (ath10k_pci_setup_resource+0xb8/0xf0 [ath10k_pci])
[   11.512773] [<bf2fc854>] (ath10k_pci_setup_resource [ath10k_pci]) from [<bf2fde8c>] (ath10k_ahb_probe+0x32c/0x670 [ath10k_pci])
[   11.524566] [<bf2fde8c>] (ath10k_ahb_probe [ath10k_pci]) from [<c06110c8>] (platform_drv_probe+0x34/0x70)
[   11.536016] [<c06110c8>] (platform_drv_probe) from [<c060f740>] (really_probe+0x1f0/0x358)
[   11.545729] [<c060f740>] (really_probe) from [<c060fc90>] (device_driver_attach+0x58/0x60)
[   11.553886] [<c060fc90>] (device_driver_attach) from [<c060fcf0>] (__driver_attach+0x58/0xcc)
[   11.562134] [<c060fcf0>] (__driver_attach) from [<c060dca4>] (bus_for_each_dev+0x68/0x8c)
[   11.570731] [<c060dca4>] (bus_for_each_dev) from [<c060ec28>] (bus_add_driver+0x1c8/0x1d8)
[   11.578886] [<c060ec28>] (bus_add_driver) from [<c0610278>] (driver_register+0x74/0x108)
[   11.587060] [<c0610278>] (driver_register) from [<bf2fe2b4>] (ath10k_ahb_init+0x18/0x38 [ath10k_pci])
[   11.595320] [<bf2fe2b4>] (ath10k_ahb_init [ath10k_pci]) from [<bf30403c>] (init_module+0x3c/0x1000 [ath10k_pci])
[   11.604432] [<bf30403c>] (init_module [ath10k_pci]) from [<c0302764>] (do_one_initcall+0x84/0x1d8)
[   11.614657] [<c0302764>] (do_one_initcall) from [<c0398c2c>] (do_init_module+0x5c/0x228)
[   11.623421] [<c0398c2c>] (do_init_module) from [<c039ae48>] (load_module+0x1fc8/0x224c)
[   11.631663] [<c039ae48>] (load_module) from [<c039b228>] (sys_init_module+0x15c/0x17c)
[   11.639390] [<c039b228>] (sys_init_module) from [<c0301000>] (ret_fast_syscall+0x0/0x54)
[   11.647370] Exception stack(0xcea0dfa8 to 0xcea0dff0)
[   11.655615] dfa0:                   00000000 00000000 00620010 0000c610 000129d1 00000014
[   11.660569] dfc0: 00000000 00000000 00000003 00000080 0000c610 00000000 b6fc1d20 00000000
[   11.668725] dfe0: bef0ad14 bef0acf8 00011e14 b6f74c94
[   11.676886] Code: e1c321d4 e0433002 e0232397 e5843014 (e5953000)
[   11.681958] ---[ end trace 8f35917de2e76854 ]---

Fixes: 521fc37be3 ("ath10k: Avoid override CE5 configuration for QCA99X0 chipsets")
Reported-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq40xx/ map-ac2200]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200714205802.17688-1-hauke@hauke-m.de
 		2020-07-20 20:23:48 +03:00
..
accessibility treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
acpi libnvdimm for 5.8 2020-06-13 13:04:36 -07:00
amba ARM: SoC changes for v5.8 2020-06-04 19:47:11 -07:00
android treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ata treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
atm treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
auxdisplay treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
base linux-kselftest-kunit-5.8-rc1 2020-06-09 10:04:47 -07:00
bcma
block Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
bus Char/Misc driver patches for 5.8-rc1 2020-06-07 10:59:32 -07:00
cdrom Merge branch 'work.sysctl' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-06-10 16:05:54 -07:00
char treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
clk treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
clocksource clocksource/drivers/timer-riscv: Use per-CPU timer interrupt 2020-06-09 19:11:22 -07:00
connector treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
counter
cpufreq treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
cpuidle - Add the hwmon support on the i.MX SC (Anson Huang) 2020-06-12 14:10:21 -07:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-06-13 16:27:13 -07:00
dax device-dax: add memory via add_memory_driver_managed() 2020-06-04 19:06:23 -07:00
dca
devfreq
dio
dma treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
dma-buf treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
edac Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
eisa treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
extcon
firewire
firmware Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
fpga Char/Misc driver patches for 5.8-rc1 2020-06-07 10:59:32 -07:00
fsi treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
gnss treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
gpio treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
gpu Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
greybus treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
hid treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
hsi treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
hv hyperv-next for 5.8 2020-06-03 15:00:05 -07:00
hwmon Merge branch 'x86/entry' into ras/core 2020-06-11 15:17:57 +02:00
hwspinlock
hwtracing Char/Misc driver patches for 5.8-rc1 2020-06-07 10:59:32 -07:00
i2c Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
i3c
ide treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
idle
iio treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
infiniband treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
input treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
interconnect More power management updates for 5.8-rc1 2020-06-10 14:04:39 -07:00
iommu Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
ipack treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
irqchip clocksource/drivers/timer-riscv: Use per-CPU timer interrupt 2020-06-09 19:11:22 -07:00
isdn treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
leds LEDs pull request for 5.8-rc1. 2020-06-04 11:03:45 -07:00
lightnvm for-5.8/block-2020-06-01 2020-06-02 15:29:19 -07:00
macintosh treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mailbox mailbox: qcom: Add ipq6018 apcs compatible 2020-06-10 22:43:57 -05:00
mcb
md treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
media Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
memory
memstick
message treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mfd treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
misc treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mmc treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
most
mtd This pull request contains a single change for UBI: 2020-06-10 13:24:40 -07:00
mux
net ath10k: Fix NULL pointer dereference in AHB device probe 2020-07-20 20:23:48 +03:00
nfc treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ntb NTB: perf: Fix race condition when run with ntb_test 2020-06-05 20:02:09 -04:00
nubus
nvdimm libnvdimm for 5.8 2020-06-13 13:04:36 -07:00
nvme Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
nvmem
of Driver core patches for 5.8-rc1 2020-06-07 10:53:36 -07:00
opp treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
oprofile mmap locking API: convert mmap_sem comments 2020-06-09 09:39:14 -07:00
parisc
parport treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
pci Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
pcmcia treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
perf arm64 merge window fixes for -rc1 2020-06-11 12:53:23 -07:00
phy
pinctrl This is the bulk of pin control changes for the v5.8 2020-06-07 16:13:43 -07:00
platform Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
pnp treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
power power supply and reset changes for the v5.8 series 2020-06-10 11:28:35 -07:00
powercap Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
pps treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ps3
ptp treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
pwm pwm: Add missing "CONFIG_" prefix 2020-06-04 19:09:28 +02:00
rapidio treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ras
regulator Merge remote-tracking branch 'regulator/for-5.8' into regulator-linus 2020-06-01 13:01:44 +01:00
remoteproc remoteproc updates for v5.8 2020-06-08 13:01:08 -07:00
reset Char/Misc driver patches for 5.8-rc1 2020-06-07 10:59:32 -07:00
rpmsg remoteproc updates for v5.8 2020-06-08 13:01:08 -07:00
rtc RTC for 5.8 2020-06-07 16:11:23 -07:00
s390 s390 updates for the 5.8 merge window 2020-06-08 12:05:31 -07:00
sbus treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
scsi Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
sfi treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
sh
siox
slimbus
soc treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
soundwire
spi Char/Misc driver patches for 5.8-rc1 2020-06-07 10:59:32 -07:00
spmi
ssb
staging Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
target Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
tc
tee mmap locking API: use coccinelle to convert mmap_sem rwsem call sites 2020-06-09 09:39:14 -07:00
thermal - Add the hwmon support on the i.MX SC (Anson Huang) 2020-06-12 14:10:21 -07:00
thunderbolt USB/PHY driver updates for 5.8-rc1 2020-06-07 09:42:16 -07:00
tty treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
uio
usb Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
vdpa ifcvf: implement config interrupt in IFCVF 2020-06-06 16:26:47 -04:00
vfio kernel: better document the use_mm/unuse_mm API contract 2020-06-10 19:14:18 -07:00
vhost Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
video treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
virt treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
virtio treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
visorbus treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
vlynq
vme treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
w1 treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
watchdog treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
xen The X86 entry, exception and interrupt code rework 2020-06-13 10:05:47 -07:00
zorro treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Kconfig
Makefile