Search Linux Wireless

[PATCH] rtw88: fix skb_under_panic in tx path

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hello :)

this change fixes a reliable crash on my thinkpad A485.

please note i have no prior experience doing kernel development or
sending patches, and i'm not sure if this is a correct approach.

--

>From aa589182d30a0f99e1b3201ed4f3830e8af71dac Mon Sep 17 00:00:00 2001
From: Nick Owens <mischief@xxxxxxxxxxxx>
Date: Thu, 25 Jun 2020 12:55:41 -0700
Subject: [PATCH] rtw88: fix skb_under_panic in tx path

fixes the following panic on my thinkpad A485

Oops#1 Part3
<0>[ 3743.881656] skbuff: skb_under_panic: text:000000005f69fd98 len:208 put:48 head:000000009e2719e8 data:00000000bd3795e0 tail:0xc2 end:0x2c0 dev:wlp2s0
<4>[ 3743.881675] ------------[ cut here ]------------
<2>[ 3743.881677] kernel BUG at net/core/skbuff.c:109!
<4>[ 3743.881688] invalid opcode: 0000 [#1] SMP NOPTI
<4>[ 3743.881693] CPU: 7 PID: 665 Comm: irq/85-rtwpci Tainted: G            E     5.7.5 #31
<4>[ 3743.881695] Hardware name: LENOVO 20MU000TUS/20MU000TUS, BIOS R0WET56W (1.24 ) 06/28/2019
<4>[ 3743.881703] RIP: 0010:skb_panic+0x48/0x4a
<4>[ 3743.881706] Code: 4f 70 50 8b 87 bc 00 00 00 50 8b 87 b8 00 00 00 50 ff b7 c8 00 00 00 4c 8b 8f c0 00 00 00 48 c7 c7 68 14 51 bd e8 d5 22 ab ff <0f> 0b 48 8b 14 24 48 c7 c1 00 c7 2c bd e8 a6 ff ff ff 48 c7 c6 40
<4>[ 3743.881708] RSP: 0018:ffffb354002fce00 EFLAGS: 00010246
<4>[ 3743.881711] RAX: 0000000000000088 RBX: ffff954377fe1e80 RCX: 0000000000000000
<4>[ 3743.881713] RDX: 0000000000000000 RSI: ffff95437ffd8968 RDI: ffff95437ffd8968
<4>[ 3743.881714] RBP: ffff954362d7d000 R08: 0000000000000485 R09: 0000000000000097
<4>[ 3743.881716] R10: 0000000000000000 R11: ffffb354002fccb0 R12: 0000000000000030
<4>[ 3743.881717] R13: 0000000000000001 R14: ffffb354002fcf08 R15: ffffffffc163aba0
<4>[ 3743.881720] FS:  0000000000000000(0000) GS:ffff95437ffc0000(0000) knlGS:0000000000000000
<4>[ 3743.881721] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 3743.881723] CR2: 00007f63e45e8cb0 CR3: 00000003c7fb0000 CR4: 00000000003406e0
<4>[ 3743.881724] Call Trace:
<4>[ 3743.881728]  <IRQ>
<4>[ 3743.881733]  skb_push.cold.98+0x10/0x10
<4>[ 3743.881741]  rtw_pci_tx_write_data+0xb1/0x4e0 [rtwpci]
<4>[ 3743.881746]  rtw_pci_tx_write+0x59/0xe7 [rtwpci]
Panic#2 Part3
<4>[ 3743.881755]  rtw_tx_tasklet+0xfd/0x1f0 [rtw88]
<4>[ 3743.881763]  tasklet_action_common.isra.20+0x4e/0xf0
<4>[ 3743.881769]  __do_softirq+0xd9/0x2d9
<4>[ 3743.881773]  do_softirq_own_stack+0x2a/0x40
<4>[ 3743.881775]  </IRQ>
<4>[ 3743.881778]  do_softirq.part.18+0x2b/0x30
<4>[ 3743.881780]  __local_bh_enable_ip+0x4b/0x50
<4>[ 3743.881784]  rtw_pci_interrupt_threadfn+0x154/0x230 [rtwpci]
<4>[ 3743.881789]  ? irq_forced_thread_fn+0x70/0x70
<4>[ 3743.881791]  irq_thread_fn+0x1f/0x50
<4>[ 3743.881794]  irq_thread+0xe7/0x160
<4>[ 3743.881797]  ? wake_threads_waitq+0x30/0x30
<4>[ 3743.881800]  ? irq_thread_check_affinity+0x80/0x80
<4>[ 3743.881804]  kthread+0x112/0x130
<4>[ 3743.881807]  ? kthread_park+0x80/0x80
<4>[ 3743.881810]  ret_from_fork+0x22/0x40
<4>[ 3743.881813] Modules linked in: ctr(E) ccm(E) xt_MASQUERADE(E) nf_conntrack_netlink(E) xfrm_user(E) xfrm_algo(E) nft_counter(E) nft_chain_nat(E) xt_addrtype(E) nft_compat(E) nf_tables(E) nfnetlink(E) xt_conntrack(E) nf_nat(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) br_netfilter(E) bridge(E) stp(E) llc(E) overlay(E) cmac(E) bnep(E) nls_ascii(E) nls_cp437(E) vfat(E) snd_hda_codec_realtek(E) fat(E) btusb(E) btrtl(E) snd_hda_codec_generic(E) btbcm(E) rtwpci(E) btintel(E) uvcvideo(E) snd_hda_codec_hdmi(E) bluetooth(E) rtw88(E) videobuf2_vmalloc(E) edac_mce_amd(E) snd_hda_intel(E) videobuf2_memops(E) snd_intel_dspcfg(E) videobuf2_v4l2(E) mac80211(E) videobuf2_common(E) snd_hda_codec(E) drbg(E) efi_pstore(E) kvm_amd(E) ansi_cprng(E) joydev(E) snd_hda_core(E) kvm(E) snd_hwdep(E) videodev(E) ecdh_generic(E) snd_pcm(E) irqbypass(E) pcspkr(E) serio_raw(E) efivars(E) ftdi_sio(E) wmi_bmof(E) k10temp(E) mc(E) sp5100_tco(E) ecc(E) tpm_crb(E) usbserial(E) snd_timer(E) ccp(E) cfg80211(E)

Signed-off-by: Nick Owens <mischief@xxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
---
 drivers/net/wireless/realtek/rtw88/pci.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/net/wireless/realtek/rtw88/pci.c b/drivers/net/wireless/realtek/rtw88/pci.c
index d735f3127fe8..21b3b268cb25 100644
--- a/drivers/net/wireless/realtek/rtw88/pci.c
+++ b/drivers/net/wireless/realtek/rtw88/pci.c
@@ -741,6 +741,12 @@ static int rtw_pci_tx_write_data(struct rtw_dev *rtwdev,
 	else if (!avail_desc(ring->r.wp, ring->r.rp, ring->r.len))
 		return -ENOSPC;
 
+	if (skb_headroom(skb) < chip->tx_pkt_desc_sz &&
+	    pskb_expand_head(skb, chip->tx_pkt_desc_sz - skb_headroom(skb), 0, GFP_ATOMIC)) {
+		dev_err(rtwdev->dev, "no headroom available");
+		return -ENOMEM;
+	}
+
 	pkt_desc = skb_push(skb, chip->tx_pkt_desc_sz);
 	memset(pkt_desc, 0, tx_pkt_desc_sz);
 	pkt_info->qsel = rtw_pci_get_tx_qsel(skb, queue);
-- 
2.20.1
[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux