This patch fixes a bug with padding of the skb data buffer. Since skb_trim can only be used to reduce the skb len, it is useless when we pad (increase the length of) the skb. Instead we allocate a new buffer with enough space to contain both the TX data and padding. Since some skb's have multiple references, we can't use skb_put_padto() to extend and pad skb->data (since it causes a panic if there is more than one reference). Also, in order to avoid the following possible deadlock issue (reported by lockdep): [ 26.508508] Possible interrupt unsafe locking scenario: [ 26.508508] [ 26.515314] CPU0 CPU1 [ 26.519862] ---- ---- [ 26.524408] lock(fs_reclaim); [ 26.527573] local_irq_disable(); [ 26.533508] lock(_xmit_ETHER#2); [ 26.539453] lock(fs_reclaim); [ 26.545135] <Interrupt> [ 26.547769] lock(_xmit_ETHER#2); [ 26.551370] [ 26.551370] *** DEADLOCK *** ... we use the GFP_NOFS flag with kzalloc() Signed-off-by: Erik Stromdahl <erik.stromdahl@xxxxxxxxx> --- drivers/net/wireless/ath/ath10k/sdio.c | 27 ++++++++++++++++++++------ drivers/net/wireless/ath/ath10k/sdio.h | 2 ++ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/sdio.c b/drivers/net/wireless/ath/ath10k/sdio.c index b8b3059721ee..68d8e2d1b2ed 100644 --- a/drivers/net/wireless/ath/ath10k/sdio.c +++ b/drivers/net/wireless/ath/ath10k/sdio.c @@ -1279,6 +1279,7 @@ static void ath10k_sdio_free_bus_req(struct ath10k *ar, { struct ath10k_sdio *ar_sdio = ath10k_sdio_priv(ar); + kfree(bus_req->buf); memset(bus_req, 0, sizeof(*bus_req)); spin_lock_bh(&ar_sdio->lock); @@ -1294,7 +1295,7 @@ static void __ath10k_sdio_write_async(struct ath10k *ar, int ret; skb = req->skb; - ret = ath10k_sdio_write(ar, req->address, skb->data, skb->len); + ret = ath10k_sdio_write(ar, req->address, req->buf, req->buf_len); if (ret) ath10k_warn(ar, "failed to write skb to 0x%x asynchronously: %d", req->address, ret); @@ -1330,6 +1331,7 @@ static void ath10k_sdio_write_async_work(struct work_struct *work) static int ath10k_sdio_prep_async_req(struct ath10k *ar, u32 addr, struct sk_buff *skb, + size_t alloc_len, struct completion *comp, bool htc_msg, enum ath10k_htc_ep_id eid) { @@ -1343,9 +1345,17 @@ static int ath10k_sdio_prep_async_req(struct ath10k *ar, u32 addr, if (!bus_req) { ath10k_warn(ar, "unable to allocate bus request for async request\n"); - return -ENOMEM; + goto err; } + bus_req->buf_len = alloc_len; + bus_req->buf = kzalloc(alloc_len, GFP_NOFS); + if (!bus_req->buf) { + ath10k_warn(ar, + "unable to allocate data buffer for bus request\n"); + goto err_free_bus_req; + } + memcpy(bus_req->buf, skb->data, skb->len); bus_req->skb = skb; bus_req->eid = eid; bus_req->address = addr; @@ -1357,6 +1367,11 @@ static int ath10k_sdio_prep_async_req(struct ath10k *ar, u32 addr, spin_unlock_bh(&ar_sdio->wr_async_lock); return 0; + +err_free_bus_req: + ath10k_sdio_free_bus_req(ar, bus_req); +err: + return -ENOMEM; } /* IRQ handler */ @@ -1501,12 +1516,11 @@ static int ath10k_sdio_hif_tx_sg(struct ath10k *ar, u8 pipe_id, skb = items[i].transfer_context; padded_len = ath10k_sdio_calc_txrx_padded_len(ar_sdio, skb->len); - skb_trim(skb, padded_len); /* Write TX data to the end of the mbox address space */ address = ar_sdio->mbox_addr[eid] + ar_sdio->mbox_size[eid] - - skb->len; - ret = ath10k_sdio_prep_async_req(ar, address, skb, + padded_len; + ret = ath10k_sdio_prep_async_req(ar, address, skb, padded_len, NULL, true, eid); if (ret) return ret; @@ -1761,7 +1775,8 @@ static void ath10k_sdio_irq_disable(struct ath10k *ar) init_completion(&irqs_disabled_comp); ret = ath10k_sdio_prep_async_req(ar, MBOX_INT_STATUS_ENABLE_ADDRESS, - skb, &irqs_disabled_comp, false, 0); + skb, skb->len, &irqs_disabled_comp, + false, 0); if (ret) goto out; diff --git a/drivers/net/wireless/ath/ath10k/sdio.h b/drivers/net/wireless/ath/ath10k/sdio.h index 07e2cc6a3bd8..5a727993fbda 100644 --- a/drivers/net/wireless/ath/ath10k/sdio.h +++ b/drivers/net/wireless/ath/ath10k/sdio.h @@ -105,6 +105,8 @@ struct ath10k_sdio_bus_request { u32 address; struct sk_buff *skb; + u8 *buf; + size_t buf_len; enum ath10k_htc_ep_id eid; int status; /* Specifies if the current request is an HTC message. -- 2.19.1