From patchwork Mon Dec 23 06:01:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: P Praneesh X-Patchwork-Id: 853190 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 278C918BBAE for ; Mon, 23 Dec 2024 06:02:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734933723; cv=none; b=ZnU7HY58hMvxQcX1u/Rb/nnfIvr8pPH/ut5q9gocYpSla47Z/kg5dRfzOpkE+3emTrbR1N+3dWGaSPWJO0oL9Tuhe6fkrpm4O8m1AolYL/D8iPkNPhU5f1dLXFoLzDRtEcqDfGcnrYxneG6eroeZXUIGIyygPwGSN/K0+fZMQus= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734933723; c=relaxed/simple; bh=mwYI5wmnnb6p7fsqq9rsHthfu2CEWhUhGpkjUobI3ZM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tC+bJsl+c1aIiD6RIbFlqsziCYFbu3ZcDxInkdEd1g8pmRLlGSEfTA8neluiINYJyuk/atdW93keq9fP6VENc5HBLdmvUxzWhxdhME+C9+PaWpGrXIhuus8nQySmVhYvciKHL1F1zGLipeIkjdPg3P8q0RlDE5TJbzrGTIqPSes= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=j9ASqNyK; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="j9ASqNyK" Received: from pps.filterd (m0279865.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4BN5rSVX018251; Mon, 23 Dec 2024 06:02:00 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= 4IiA3wJYQt3PNcW8ccvOzikIzdlziyNvG41A/BJc9lY=; b=j9ASqNyKUIXKCcY4 OlyoObif2I5azbpbZRThO1ZkLYWa2LFHf5CTqAKkWPth8hDk5x8mnX81wZFJmnuV Gwl3w8UJBmYPf6QGc5mQEHV3w3jXBEDVkKsauJcx1wEwQR3NMXKJIdO9COV6dAjW VGy+PNEDy4IkYoG4wFOXeo9lBCb52ILqQmu4DiNQF+vLaZrTOD+4uBQ0bw88vqnB UxRPk13JQfmVP3uTVGU1n25zGAWFEOtEGXSCYnQAZgCU4CuMiClcrTXLXFMvAxfS Qq5BLUqa+qJffsaF1qnB0h93uyT4D7n297/8ERYMEcfN5eF6c+IGaqwGcYLkUmo8 z62MRQ== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 43q245811m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Dec 2024 06:02:00 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.18.1.2/8.18.1.2) with ESMTPS id 4BN61xJ7017459 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Dec 2024 06:01:59 GMT Received: from hu-ppranees-blr.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.9; Sun, 22 Dec 2024 22:01:57 -0800 From: P Praneesh To: CC: , P Praneesh Subject: [PATCH v2 06/14] wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Date: Mon, 23 Dec 2024 11:31:24 +0530 Message-ID: <20241223060132.3506372-7-quic_ppranees@quicinc.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241223060132.3506372-1-quic_ppranees@quicinc.com> References: <20241223060132.3506372-1-quic_ppranees@quicinc.com> Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: ug97e_rxiEO8QjHQ3NUwYft7UKzGCw0a X-Proofpoint-GUID: ug97e_rxiEO8QjHQ3NUwYft7UKzGCw0a X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-06_09,2024-09-06_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 adultscore=0 mlxlogscore=999 priorityscore=1501 malwarescore=0 mlxscore=0 spamscore=0 suspectscore=0 impostorscore=0 clxscore=1015 lowpriorityscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2412230052 Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to fetch the next entry from the destination ring. This is incorrect because ath12k_hal_srng_src_get_next_entry is intended for source rings, not destination rings. This leads to invalid entry fetches, causing potential data corruption or crashes due to accessing incorrect memory locations. This happens because the source ring and destination ring have different handling mechanisms and using the wrong function results in incorrect pointer arithmetic and ring management. To fix this issue, replace the call to ath12k_hal_srng_src_get_next_entry with ath12k_hal_srng_dst_get_next_entry in ath12k_dp_mon_srng_process. This ensures that the correct function is used for fetching entries from the destination ring, preventing invalid memory accesses. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Signed-off-by: P Praneesh --- drivers/net/wireless/ath/ath12k/dp_mon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath12k/dp_mon.c b/drivers/net/wireless/ath/ath12k/dp_mon.c index f9fd28ce801a..236456b02198 100644 --- a/drivers/net/wireless/ath/ath12k/dp_mon.c +++ b/drivers/net/wireless/ath/ath12k/dp_mon.c @@ -2379,7 +2379,7 @@ int ath12k_dp_mon_srng_process(struct ath12k *ar, int *budget, move_next: ath12k_dp_mon_buf_replenish(ab, buf_ring, 1); - ath12k_hal_srng_src_get_next_entry(ab, srng); + ath12k_hal_srng_dst_get_next_entry(ab, srng); num_buffs_reaped++; }