Aditya Kumar Singh <quic_adisi@xxxxxxxxxxx> wrote:
> Currently, in ath11k_ahb_fw_resources_init(), iommu domain
> mapping is done only for the chipsets having fixed firmware
> memory. Also, for such chipsets, mapping is done only if it
> does not have TrustZone support.
>
> During deinitialization, only if TrustZone support is not there,
> iommu is unmapped back. However, for non fixed firmware memory
> chipsets, TrustZone support is not there and this makes the
> condition check to true and it tries to unmap the memory which
> was not mapped during initialization.
>
> This leads to the following trace -
>
> [ 83.198790] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
> [ 83.259537] Modules linked in: ath11k_ahb ath11k qmi_helpers
> .. snip ..
> [ 83.280286] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> [ 83.287228] pc : __iommu_unmap+0x30/0x140
> [ 83.293907] lr : iommu_unmap+0x5c/0xa4
> [ 83.298072] sp : ffff80000b3abad0
> .. snip ..
> [ 83.369175] Call trace:
> [ 83.376282] __iommu_unmap+0x30/0x140
> [ 83.378541] iommu_unmap+0x5c/0xa4
> [ 83.382360] ath11k_ahb_fw_resource_deinit.part.12+0x2c/0xac [ath11k_ahb]
> [ 83.385666] ath11k_ahb_free_resources+0x140/0x17c [ath11k_ahb]
> [ 83.392521] ath11k_ahb_shutdown+0x34/0x40 [ath11k_ahb]
> [ 83.398248] platform_shutdown+0x20/0x2c
> [ 83.403455] device_shutdown+0x16c/0x1c4
> [ 83.407621] kernel_restart_prepare+0x34/0x3c
> [ 83.411529] kernel_restart+0x14/0x74
> [ 83.415781] __do_sys_reboot+0x1c4/0x22c
> [ 83.419427] __arm64_sys_reboot+0x1c/0x24
> [ 83.423420] invoke_syscall+0x44/0xfc
> [ 83.427326] el0_svc_common.constprop.3+0xac/0xe8
> [ 83.430974] do_el0_svc+0xa0/0xa8
> [ 83.435659] el0_svc+0x1c/0x44
> [ 83.438957] el0t_64_sync_handler+0x60/0x144
> [ 83.441910] el0t_64_sync+0x15c/0x160
> [ 83.446343] Code: aa0103f4 f9400001 f90027a1 d2800001 (f94006a0)
> [ 83.449903] ---[ end trace 0000000000000000 ]---
>
> This can be reproduced by probing an AHB chipset which is not
> having a fixed memory region. During reboot (or rmmod) trace
> can be seen.
>
> Fix this issue by adding a condition check on firmware fixed memory
> hw_param as done in the counter initialization function.
>
> Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
>
> Fixes: f9eec4947add ("ath11k: Add support for targets without trustzone")
> Signed-off-by: Aditya Kumar Singh <quic_adisi@xxxxxxxxxxx>
> Signed-off-by: Kalle Valo <quic_kvalo@xxxxxxxxxxx>
Patch applied to ath-next branch of ath.git, thanks.
5a78ac33e3cb wifi: ath11k: fix deinitialization of firmware resources
--
https://patchwork.kernel.org/project/linux-wireless/patch/20230309095308.24937-1-quic_adisi@xxxxxxxxxxx/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
