kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/drivers/net/wireless/mediatek/mt76
History
Lorenzo Bianconi b3098121c4 mt76: usb: do not run mt76u_queues_deinit twice 
Do not call mt76u_queues_deinit routine in mt76u_alloc_queues error path
since it will be run in mt76x0u_register_device or
mt76x2u_register_device error path. Current implementation triggers the
following kernel warning:

[   67.005516] WARNING: CPU: 2 PID: 761 at lib/refcount.c:187 refcount_sub_and_test_checked+0xa4/0xb8
[   67.019513] refcount_t: underflow; use-after-free.
[   67.099872] Hardware name: BCM2835
[   67.106268] Backtrace:
[   67.111584] [<8010c91c>] (dump_backtrace) from [<8010cc00>] (show_stack+0x20/0x24)
[   67.124974]  r6:60000013 r5:ffffffff r4:00000000 r3:a50bade6
[   67.132226] [<8010cbe0>] (show_stack) from [<807ca5f4>] (dump_stack+0xc8/0x114)
[   67.141225] [<807ca52c>] (dump_stack) from [<8011e65c>] (__warn+0xf4/0x120)
[   67.149849]  r9:000000bb r8:804d0138 r7:00000009 r6:8099dc84 r5:00000000 r4:b66c7b58
[   67.160767] [<8011e568>] (__warn) from [<8011e6d0>] (warn_slowpath_fmt+0x48/0x50)
[   67.171436]  r9:7f65e128 r8:80d1419c r7:80c0bac4 r6:b97b3044 r5:b7368e00 r4:00000000
[   67.182433] [<8011e68c>] (warn_slowpath_fmt) from [<804d0138>] (refcount_sub_and_test_checked+0xa4/0xb8)
[   67.195221]  r3:80c91c25 r2:8099dc94
[   67.200370]  r4:00000000
[   67.204397] [<804d0094>] (refcount_sub_and_test_checked) from [<804d0164>] (refcount_dec_and_test_checked+0x18/0x1c)
[   67.218046]  r4:b7368e00 r3:00000001
[   67.223125] [<804d014c>] (refcount_dec_and_test_checked) from [<805db49c>] (usb_free_urb+0x20/0x4c)
[   67.235358] [<805db47c>] (usb_free_urb) from [<7f639804>] (mt76u_buf_free+0x98/0xac [mt76_usb])
[   67.247302]  r4:00000001 r3:00000001
[   67.252468] [<7f63976c>] (mt76u_buf_free [mt76_usb]) from [<7f639ef8>] (mt76u_queues_deinit+0x44/0x100 [mt76_usb])
[   67.266102]  r8:b8fe8600 r7:b5dac480 r6:b5dace20 r5:00000001 r4:00000000 r3:00000080
[   67.277132] [<7f639eb4>] (mt76u_queues_deinit [mt76_usb]) from [<7f65c040>] (mt76x0u_cleanup+0x40/0x4c [mt76x0u])
[   67.290737]  r7:b5dac480 r6:b8fe8600 r5:ffffffea r4:b5dace20
[   67.298069] [<7f65c000>] (mt76x0u_cleanup [mt76x0u]) from [<7f65c564>] (mt76x0u_probe+0x1f0/0x354 [mt76x0u])
[   67.311174]  r4:b5dace20 r3:00000000
[   67.316312] [<7f65c374>] (mt76x0u_probe [mt76x0u]) from [<805e0b6c>] (usb_probe_interface+0x104/0x240)
[   67.328915]  r7:00000000 r6:7f65e034 r5:b6634800 r4:b8fe8620
[   67.336276] [<805e0a68>] (usb_probe_interface) from [<8056a8bc>] (really_probe+0x224/0x2f8)
[   67.347965]  r10:b65f0a00 r9:00000019 r8:7f65e034 r7:80d3e124 r6:00000000 r5:80d3e120
[   67.359175]  r4:b8fe8620 r3:805e0a68
[   67.364384] [<8056a698>] (really_probe) from [<8056ab60>] (driver_probe_device+0x6c/0x180)
[   67.375974]  r10:b65f0a00 r9:7f65e2c0 r8:b8fe8620 r7:00000000 r6:7f65e034 r5:7f65e034
[   67.387170]  r4:b8fe8620 r3:00000000
[   67.392378] [<8056aaf4>] (driver_probe_device) from [<8056ad54>] (__driver_attach+0xe0/0xe4)
[   67.404097]  r9:7f65e2c0 r8:7f65d22c r7:00000000 r6:b8fe8654 r5:7f65e034 r4:b8fe8620
[   67.415122] [<8056ac74>] (__driver_attach) from [<8056880c>] (bus_for_each_dev+0x68/0xa0)
[   67.426628]  r6:8056ac74 r5:7f65e034 r4:00000000 r3:00000027
[   67.434017] [<805687a4>] (bus_for_each_dev) from [<8056a1cc>] (driver_attach+0x28/0x30)
[   67.445394]  r6:80c6ddc8 r5:b7368f80 r4:7f65e034
[   67.451703] [<8056a1a4>] (driver_attach) from [<80569c24>] (bus_add_driver+0x194/0x21c)
[   67.463081] [<80569a90>] (bus_add_driver) from [<8056b504>] (driver_register+0x8c/0x124)
[   67.474560]  r7:80c6ddc8 r6:7f65e034 r5:00000000 r4:7f65e034
[   67.481964] [<8056b478>] (driver_register) from [<805df510>] (usb_register_driver+0x74/0x140)
[   67.493901]  r5:00000000 r4:7f65e000
[   67.499131] [<805df49c>] (usb_register_driver) from [<7f661024>] (mt76x0_driver_init+0x24/0x1000 [mt76x0u])
[   67.512258]  r9:00000001 r8:7f65e308 r7:00000000 r6:80c08d48 r5:7f661000 r4:7f65e2c0
[   67.523404] [<7f661000>] (mt76x0_driver_init [mt76x0u]) from [<80102f6c>] (do_one_initcall+0x4c/0x210)
[   67.536142] [<80102f20>] (do_one_initcall) from [<801ae63c>] (do_init_module+0x6c/0x21c)
[   67.547639]  r8:7f65e308 r7:80c08d48 r6:b65f0ac0 r5:7f65e2c0 r4:7f65e2c0
[   67.556129] [<801ae5d0>] (do_init_module) from [<801ad68c>] (load_module+0x1d10/0x2304)

Fixes: b40b15e152 ("mt76: add usb support to mt76 layer")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-18 19:55:51 +01:00
..
mt76x0 mt76x0: init: introduce mt76x0_init_txpower routine 2019-02-18 19:54:34 +01:00
mt76x2 mt76x2: remove mt76x2_alloc_device routine 2019-02-18 19:54:34 +01:00
agg-rx.c mt76x2: add napi struct to mt76_rx_poll_complete/mt76_rx_complete signatures 2018-08-02 21:47:57 +03:00
debugfs.c mt76: move rate_txpower handler in mt76 debugfs 2018-10-01 12:34:02 +02:00
dma.c mt76: change the return type of mt76_dma_attach() 2019-02-18 19:54:34 +01:00
dma.h mt76: change the return type of mt76_dma_attach() 2019-02-18 19:54:34 +01:00
eeprom.c
Kconfig mt76: fix building without CONFIG_LEDS_CLASS 2018-11-06 18:46:33 +02:00
mac80211.c mt76: move alloc_device common code in mt76_alloc_device 2019-02-18 19:54:34 +01:00
Makefile mt76: move mt76_mcu_msg_alloc in mt76-core 2019-02-18 19:54:33 +01:00
mcu.c mt76: move mt76_mcu_rx_event in mt76-core 2019-02-18 19:54:33 +01:00
mmio.c mt76: allow to identify bus 2018-10-13 17:39:11 +02:00
mt76.h mt76x02u: use usb_bulk_msg to upload firmware 2019-02-18 19:54:34 +01:00
mt76x02.h mt76: measure the time between mt76x02_edcca_check runs 2019-02-18 19:54:33 +01:00
mt76x02_debugfs.c mt76: mmio: introduce mt76x02_check_tx_hang watchdog 2019-01-11 15:10:19 +01:00
mt76x02_dfs.c mt76: explicitly disable energy detect cca during scan 2019-02-18 19:54:33 +01:00
mt76x02_dfs.h mt76x0: pci: add DFS support 2018-11-30 12:21:42 +01:00
mt76x02_dma.h mt76: move tx_tasklet management in mt76x02-lib moudle 2018-10-05 20:05:46 +02:00
mt76x02_eeprom.c mt76: move mt76x02_eeprom_copy in mt76x02-lib module 2018-11-30 12:21:43 +01:00
mt76x02_eeprom.h mt76x0: phy: introduce tssi calibration support 2018-11-30 12:21:43 +01:00
mt76x02_mac.c mt76: increase ED/CCA tx block threshold 2019-02-18 19:54:34 +01:00
mt76x02_mac.h mt76: explicitly disable energy detect cca during scan 2019-02-18 19:54:33 +01:00
mt76x02_mcu.c mt76: move mt76_dma_tx_queue_skb_raw in mt76-core module 2019-02-18 19:54:33 +01:00
mt76x02_mcu.h mt76: move mt76_mcu_msg_alloc in mt76-core 2019-02-18 19:54:33 +01:00
mt76x02_mmio.c mt76: add channel switch announcement support 2019-01-17 14:50:15 +01:00
mt76x02_phy.c mt76: move mt76x02_phy_get_min_avg_rssi to mt76 core 2019-01-17 14:50:15 +01:00
mt76x02_phy.h mt76: move mt76x02_phy_get_min_avg_rssi to mt76 core 2019-01-17 14:50:15 +01:00
mt76x02_regs.h mt76: add led support to mt76x0e driver 2019-01-11 15:10:19 +01:00
mt76x02_trace.c mt76: move mt76x02_mac_poll_tx_status in mt76x02-lib moudle 2018-10-05 20:05:46 +02:00
mt76x02_trace.h mt76: move irq handler in mt76x02-lib moudle 2018-10-05 20:05:46 +02:00
mt76x02_txrx.c mt76: fix software encryption issues 2019-02-18 19:54:33 +01:00
mt76x02_usb.h mt76: use mt76x02_dev instead of mt76_dev in mt76x02_mac.c 2018-10-13 17:39:22 +02:00
mt76x02_usb_core.c mt76: fix tx status reporting for non-probing frames 2019-01-17 14:44:57 +01:00
mt76x02_usb_mcu.c mt76x02u: use usb_bulk_msg to upload firmware 2019-02-18 19:54:34 +01:00
mt76x02_util.c mt76x02: enable support for IBSS and MESH 2019-02-18 19:54:32 +01:00
trace.c
trace.h
tx.c mt76: avoid scheduling tx queues for powersave stations 2019-01-22 16:37:35 +01:00
usb.c mt76: usb: do not run mt76u_queues_deinit twice 2019-02-18 19:55:51 +01:00
usb_mcu.c mt76: usb: fix possible NULL pointer dereference in mt76u_mcu_deinit 2019-02-18 19:55:49 +01:00
usb_trace.c mt76: add usb support to mt76 layer 2018-08-02 21:48:16 +03:00
usb_trace.h mt76: usb: fix static tracepoints 2018-11-30 12:21:40 +01:00
util.c mt76: fix rssi ewma tracking 2019-01-17 14:50:15 +01:00
util.h