diff mbox

[4.2.y-ckt,stable] Patch "ath10k: fix kernel panic, move arvifs list head init before htt init" has been added to the 4.2.y-ckt tree

Message ID 1465482864-21721-1-git-send-email-kamal@canonical.com
State New
Headers show

Commit Message

Kamal Mostafa June 9, 2016, 2:34 p.m. UTC 
This is a note to let you know that I have just added a patch titled

    ath10k: fix kernel panic, move arvifs list head init before htt init

to the linux-4.2.y-queue branch of the 4.2.y-ckt extended stable tree 
which can be found at:

    https://git.launchpad.net/~canonical-kernel/linux/+git/linux-stable-ckt/log/?h=linux-4.2.y-queue

This patch is scheduled to be released in version 4.2.8-ckt12.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 4.2.y-ckt tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

---8<------------------------------------------------------------

From 3b967f6f9104ac40f0181e654423c5d08b107b95 Mon Sep 17 00:00:00 2001
From: Anilkumar Kolli <akolli@qti.qualcomm.com>
Date: Tue, 26 Apr 2016 21:35:48 +0530
Subject: ath10k: fix kernel panic, move arvifs list head init before htt init

commit 4ad24a9d83bd4bf0a85e95bf144e18d3fda4fbf1 upstream.

It is observed that while loading and unloading ath10k modules
in an infinite loop, before ath10k_core_start() completion HTT
rx frames are received, while processing these frames,
dereferencing the arvifs list code is getting hit before
initilizing the arvifs list, causing a kernel panic.

This patch initilizes the arvifs list before initilizing htt.

Fixes the below issue:
 [<bf88b058>] (ath10k_htt_rx_pktlog_completion_handler+0x278/0xd08 [ath10k_core])
 [<bf88b058>] (ath10k_htt_rx_pktlog_completion_handler [ath10k_core])
 [<bf88c0dc>] (ath10k_htt_txrx_compl_task+0x5f4/0xeb0 [ath10k_core])
 [<bf88c0dc>] (ath10k_htt_txrx_compl_task [ath10k_core])
 [<c0234100>] (tasklet_action+0x8c/0xec)
 [<c0234100>] (tasklet_action)
 [<c02337c0>] (__do_softirq+0xf8/0x228)
 [<c02337c0>] (__do_softirq)  [<c0233920>] (run_ksoftirqd+0x30/0x90)
 Code: e5954ad8 e2899008 e1540009 0a00000d (e5943008)
 ---[ end trace 71de5c2e011dbf56 ]---
 Kernel panic - not syncing: Fatal exception in interrupt

Fixes: 500ff9f9389d ("ath10k: implement chanctx API")
Signed-off-by: Anilkumar Kolli <akolli@qti.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
 drivers/net/wireless/ath/ath10k/core.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--
2.7.4
diff mbox

Patch

diff --git a/drivers/net/wireless/ath/ath10k/core.c b/drivers/net/wireless/ath/ath10k/core.c
index 59496a9..b67cdec 100644
--- a/drivers/net/wireless/ath/ath10k/core.c
+++ b/drivers/net/wireless/ath/ath10k/core.c
@@ -1214,6 +1214,10 @@  int ath10k_core_start(struct ath10k *ar, enum ath10k_firmware_mode mode)
 		goto err_hif_stop;
 	}

+	ar->free_vdev_map = (1LL << ar->max_num_vdevs) - 1;
+
+	INIT_LIST_HEAD(&ar->arvifs);
+
 	/* we don't care about HTT in UTF mode */
 	if (mode == ATH10K_FIRMWARE_MODE_NORMAL) {
 		status = ath10k_htt_setup(&ar->htt);
@@ -1227,10 +1231,6 @@  int ath10k_core_start(struct ath10k *ar, enum ath10k_firmware_mode mode)
 	if (status)
 		goto err_hif_stop;

-	ar->free_vdev_map = (1LL << ar->max_num_vdevs) - 1;
-
-	INIT_LIST_HEAD(&ar->arvifs);
-
 	return 0;

 err_hif_stop: