Hi, > I larded up my 5.4 kernel with KASAN and lockdep, and ran some tests. This is with my > patch that keeps from busy-spinning forever (see previous ignored patch). Right, sorry, hadn't gotten to patches in a while. > After a few restarts and FW crashes, the ax200 could not recover firmware. There > were lots of sdata-in-driver errors, and then KASAN hit a use-after-free issue > related to ax200 accessing sta object that was previously deleted. > > Now, I think I know why: > > In the ieee80211_handle_reconfig_failure(struct ieee80211_local *local) > method, it will clear the SDATA_IN_DRIVER flag, and according to comments, > this is run when firmware cannot be recovered. But, just because FW is > dead does not mean that the driver itself has cleaned up its state. > > So question is, should ax200 (and all drivers) be responsible for cleaning > up all state when FW cannot be recovered, or should instead mac80211 do cleanup > in this case by, among other things, not clearing that flag (and probably > not doing the ctx->driver_present = false; config as well)? I think it should be the driver. It's not clear _why_ the driver failed, after all. If the firmware is still alive and just rejected something then perhaps rolling things back will work. But if the firmware just died again, that will just cause even more trouble. johannes
