iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mwifiex: fix kernel crash for USB chipsets

Browse Source 
Following crash issue is observed during TCP traffic stress
test

[ 2253.625439] NMI watchdog: BUG: soft lockup - CPU#3 stuck for 22s!
[kworker/u17:1:5191]
[ 2253.625520] Call Trace:
[ 2253.625527]  [<ffffffffc0b47030>] ? moal_spin_lock+0x30/0x30
[usb8xxx]
[ 2253.625533]  [<ffffffffc0ac3ceb>] ? wlan_wmm_lists_empty+0xb/0xf0
[mlan]
[ 2253.625537]  [<ffffffffc0ab0ea3>] mlan_main_process+0x1b3/0x720
[mlan]
[ 2253.625540]  [<ffffffffc0b337f5>] woal_main_work_queue+0x45/0x80
[usb8xxx]
[ 2253.625543]  [<ffffffff8108aaf0>] process_one_work+0x150/0x3f0
[ 2253.625545]  [<ffffffff8108b1e1>] worker_thread+0x121/0x520
[ 2253.625547]  [<ffffffff8108b0c0>] ? rescuer_thread+0x330/0x330
[ 2253.625549]  [<ffffffff81090222>] kthread+0xd2/0xf0
[ 2253.625551]  [<ffffffff81090150>] ?
kthread_create_on_node+0x1c0/0x1c0
[ 2253.625553]  [<ffffffff8179423c>] ret_from_fork+0x7c/0xb0
[ 2253.625555]  [<ffffffff81090150>] ?
kthread_create_on_node+0x1c0/0x1c0

In mwifiex_usb_tx_complete(), we are updating port->block_status first
and then freeing the skb attached to that URB. We may end up attaching
new skb to URB in a corner case and same will be freed. This results in
the kernel crash. The problem is solved by changing the sequence.

Signed-off-by: Cathy Luo <cluo@marvell.com>
Signed-off-by: Shengzhen Li <szli@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This commit is contained in:
Cathy Luo 2016-09-20 20:49:02 +05:30 committed by Kalle Valo
parent 92c3136047
commit 1afac196c1
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/net/wireless/marvell/mwifiex/usb.c
View File

@ -273,6 +273,8 @@ static void mwifiex_usb_tx_complete(struct urb *urb)
} else {
mwifiex_dbg(adapter, DATA,
"%s: DATA\n", __func__);
mwifiex_write_data_complete(adapter, context->skb, 0,
urb->status ? -1 : 0);
for (i = 0; i < MWIFIEX_TX_DATA_PORT; i++) {
port = &card->port[i];
if (context->ep == port->tx_data_ep) {
@ -282,8 +284,6 @@ static void mwifiex_usb_tx_complete(struct urb *urb)
}
}
adapter->data_sent = false;
mwifiex_write_data_complete(adapter, context->skb, 0,
urb->status ? -1 : 0);
}
if (card->mc_resync_flag)