diff options
| author | Ansuel Smith <ansuelsmth@gmail.com> | 2018-07-08 16:04:15 +0200 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2018-07-22 22:25:33 +0200 |
| commit | 2dcd955aea1ab715d048910322b05d1af0b69748 (patch) | |
| tree | 9f7e269a5a6a886bfe625aa9a42be536e84a20c9 /package/kernel/mac80211/patches/380-0004-ath10k-Fix-kernel-panic-while-using-worker-ath10k_st.patch | |
| parent | 57b808ec88315db6743b3159a04dbb16097597ea (diff) | |
| download | mtk-20170518-2dcd955aea1ab715d048910322b05d1af0b69748.zip mtk-20170518-2dcd955aea1ab715d048910322b05d1af0b69748.tar.gz mtk-20170518-2dcd955aea1ab715d048910322b05d1af0b69748.tar.bz2 | |
mac80211: backport and update patches for ath10k
This commit refreshes and updates the VHT160 ath10k support fix patches
and adds a number of backports from ath-next:
* 8ed05ed06fca ath10k: handle tdls peer events
* 229329ff345f ath10k: wmi: modify svc bitmap parsing for wcn3990
* 14d65775687c ath10k: advertise TDLS wider bandwidth support for 5GHz
* bc64d05220f3 ath10k: debugfs support to get final TPC stats for 10.4 variants
* 8b2d93dd2261 ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
* 4b190675ad06 ath10k: fix kernel panic while reading tpc_stats
* be8cce96f14d ath10k: add support to configure channel dwell time
* f40105e67478 ath: add support to get the detected radar specifications
* 6f6eb1bcbeff ath10k: DFS Host Confirmation
* 260e629bbf44 ath10k: fix memory leak of tpc_stats
* 38441fb6fcbb ath10k: support use of channel 173
* 2e9bcd0d7324 ath10k: fix spectral scan for QCA9984 and QCA9888 chipsets
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[move backported patches in the 3xx number space, bring in upstream order,
replace incomplete patch files with git format-patch ones, rewrite commit
message, fix subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'package/kernel/mac80211/patches/380-0004-ath10k-Fix-kernel-panic-while-using-worker-ath10k_st.patch')
| -rw-r--r-- | package/kernel/mac80211/patches/380-0004-ath10k-Fix-kernel-panic-while-using-worker-ath10k_st.patch | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/package/kernel/mac80211/patches/380-0004-ath10k-Fix-kernel-panic-while-using-worker-ath10k_st.patch b/package/kernel/mac80211/patches/380-0004-ath10k-Fix-kernel-panic-while-using-worker-ath10k_st.patch new file mode 100644 index 0000000..888cedd --- /dev/null +++ b/package/kernel/mac80211/patches/380-0004-ath10k-Fix-kernel-panic-while-using-worker-ath10k_st.patch @@ -0,0 +1,99 @@ +From 8b2d93dd22615cb7f3046a5a2083a6f8bb8052ed Mon Sep 17 00:00:00 2001 +From: Karthikeyan Periyasamy <periyasa@codeaurora.org> +Date: Mon, 12 Mar 2018 17:09:40 +0530 +Subject: [PATCH] ath10k: Fix kernel panic while using worker + (ath10k_sta_rc_update_wk) + +When attempt to run worker (ath10k_sta_rc_update_wk) after the station object +(ieee80211_sta) delete will trigger the kernel panic. + +This problem arise in AP + Mesh configuration, Where the current node AP VAP +and neighbor node mesh VAP MAC address are same. When the current mesh node +try to establish the mesh link with neighbor node, driver peer creation for +the neighbor mesh node fails due to duplication MAC address. Already the AP +VAP created with same MAC address. + +It is caused by the following scenario steps. + +Steps: +1. In above condition, ath10k driver sta_state callback (ath10k_sta_state) + fails to do the state change for a station from IEEE80211_STA_NOTEXIST + to IEEE80211_STA_NONE due to peer creation fails. Sta_state callback is + called from ieee80211_add_station() to handle the new station + (neighbor mesh node) request from the wpa_supplicant. +2. Concurrently ath10k receive the sta_rc_update callback notification from + the mesh_neighbour_update() to handle the beacon frames of the above + neighbor mesh node. since its atomic callback, ath10k driver queue the + work (ath10k_sta_rc_update_wk) to handle rc update. +3. Due to driver sta_state callback fails (step 1), mac80211 free the station + object. +4. When the worker (ath10k_sta_rc_update_wk) scheduled to run, it will access + the station object which is already deleted. so it will trigger kernel + panic. + +Added the peer exist check in sta_rc_update callback before queue the work. + +Kernel Panic log: + +Unable to handle kernel NULL pointer dereference at virtual address 00000000 +pgd = c0204000 +[00000000] *pgd=00000000 +Internal error: Oops: 17 [#1] PREEMPT SMP ARM +CPU: 1 PID: 1833 Comm: kworker/u4:2 Not tainted 3.14.77 #1 +task: dcef0000 ti: d72b6000 task.ti: d72b6000 +PC is at pwq_activate_delayed_work+0x10/0x40 +LR is at pwq_activate_delayed_work+0xc/0x40 +pc : [<c023f988>] lr : [<c023f984>] psr: 40000193 +sp : d72b7f18 ip : 0000007a fp : d72b6000 +r10: 00000000 r9 : dd404414 r8 : d8c31998 +r7 : d72b6038 r6 : 00000004 r5 : d4907ec8 r4 : dcee1300 +r3 : ffffffe0 r2 : 00000000 r1 : 00000001 r0 : 00000000 +Flags: nZcv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel +Control: 10c5787d Table: 595bc06a DAC: 00000015 +... +Process kworker/u4:2 (pid: 1833, stack limit = 0xd72b6238) +Stack: (0xd72b7f18 to 0xd72b8000) +7f00: 00000001 dcee1300 +7f20: 00000001 c02410dc d8c31980 dd404400 dd404400 c0242790 d8c31980 00000089 +7f40: 00000000 d93e1340 00000000 d8c31980 c0242568 00000000 00000000 00000000 +7f60: 00000000 c02474dc 00000000 00000000 000000f8 d8c31980 00000000 00000000 +7f80: d72b7f80 d72b7f80 00000000 00000000 d72b7f90 d72b7f90 d72b7fac d93e1340 +7fa0: c0247404 00000000 00000000 c0208d20 00000000 00000000 00000000 00000000 +7fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 +7fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 +[<c023f988>] (pwq_activate_delayed_work) from [<c02410dc>] (pwq_dec_nr_in_flight+0x58/0xc4) +[<c02410dc>] (pwq_dec_nr_in_flight) from [<c0242790>] (worker_thread+0x228/0x360) +[<c0242790>] (worker_thread) from [<c02474dc>] (kthread+0xd8/0xec) +[<c02474dc>] (kthread) from [<c0208d20>] (ret_from_fork+0x14/0x34) +Code: e92d4038 e1a05000 ebffffbc[69210.619376] SMP: failed to stop secondary CPUs +Rebooting in 3 seconds.. + +Signed-off-by: Karthikeyan Periyasamy <periyasa@codeaurora.org> +Signed-off-by: Kalle Valo <kvalo@codeaurora.org> +--- + drivers/net/wireless/ath/ath10k/mac.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/drivers/net/wireless/ath/ath10k/mac.c ++++ b/drivers/net/wireless/ath/ath10k/mac.c +@@ -7065,10 +7065,20 @@ static void ath10k_sta_rc_update(struct + { + struct ath10k *ar = hw->priv; + struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv; ++ struct ath10k_vif *arvif = (void *)vif->drv_priv; ++ struct ath10k_peer *peer; + u32 bw, smps; + + spin_lock_bh(&ar->data_lock); + ++ peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr); ++ if (!peer) { ++ spin_unlock_bh(&ar->data_lock); ++ ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n", ++ sta->addr, arvif->vdev_id); ++ return; ++ } ++ + ath10k_dbg(ar, ATH10K_DBG_MAC, + "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n", + sta->addr, changed, sta->bandwidth, sta->rx_nss, |