diff mbox series

[2/2] ath11k: fix missing skb drop on htc_tx_completion error

Message ID 20220528142516.20819-2-ansuelsmth@gmail.com
State New
Headers show
Series [1/2] ath11k: fix missing srng_access_end in CE | expand

Commit Message

Christian Marangi May 28, 2022, 2:25 p.m. UTC
On htc_tx_completion error the skb is not dropped. This is wrong since
the completion_handler logic expect the skb to be consumed anyway even
when an error is triggerer. Not freeing the skb on error is a memory
leak since the skb won't be freed anywere else. Correctly free the
packet on eid >= ATH11K_HTC_EP_COUNT before returning.

Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1

Fixes: f951380a6022 ("ath11k: Disabling credit flow for WMI path")
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
---
 drivers/net/wireless/ath/ath11k/htc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Jeff Johnson May 31, 2022, 8:32 p.m. UTC | #1
On 5/28/2022 7:25 AM, Christian 'Ansuel' Marangi wrote:
> On htc_tx_completion error the skb is not dropped. This is wrong since
> the completion_handler logic expect the skb to be consumed anyway even
> when an error is triggerer. Not freeing the skb on error is a memory

nit: s/triggerer/triggered/

Kalle can fix this when he merges so no need to post a correction

> leak since the skb won't be freed anywere else. Correctly free the
> packet on eid >= ATH11K_HTC_EP_COUNT before returning.
> 
> Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
> 
> Fixes: f951380a6022 ("ath11k: Disabling credit flow for WMI path")
> Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>

Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>

> ---
>   drivers/net/wireless/ath/ath11k/htc.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/net/wireless/ath/ath11k/htc.c b/drivers/net/wireless/ath/ath11k/htc.c
> index 069c29a4fac7..ca3aedc0252d 100644
> --- a/drivers/net/wireless/ath/ath11k/htc.c
> +++ b/drivers/net/wireless/ath/ath11k/htc.c
> @@ -258,8 +258,10 @@ void ath11k_htc_tx_completion_handler(struct ath11k_base *ab,
>   	u8 eid;
>   
>   	eid = ATH11K_SKB_CB(skb)->eid;
> -	if (eid >= ATH11K_HTC_EP_COUNT)
> +	if (eid >= ATH11K_HTC_EP_COUNT) {
> +		dev_kfree_skb_any(skb);
>   		return;
> +	}
>   
>   	ep = &htc->endpoint[eid];
>   	spin_lock_bh(&htc->tx_lock);
Kalle Valo June 1, 2022, 6:18 a.m. UTC | #2
Jeff Johnson <quic_jjohnson@quicinc.com> writes:

> On 5/28/2022 7:25 AM, Christian 'Ansuel' Marangi wrote:
>> On htc_tx_completion error the skb is not dropped. This is wrong since
>> the completion_handler logic expect the skb to be consumed anyway even
>> when an error is triggerer. Not freeing the skb on error is a memory
>
> nit: s/triggerer/triggered/
>
> Kalle can fix this when he merges so no need to post a correction

Yup, fixed now in the pending branch.
Kalle Valo June 6, 2022, 2:07 p.m. UTC | #3
Christian 'Ansuel' Marangi <ansuelsmth@gmail.com> wrote:

> On htc_tx_completion error the skb is not dropped. This is wrong since
> the completion_handler logic expect the skb to be consumed anyway even
> when an error is triggered. Not freeing the skb on error is a memory
> leak since the skb won't be freed anywere else. Correctly free the
> packet on eid >= ATH11K_HTC_EP_COUNT before returning.
> 
> Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
> 
> Fixes: f951380a6022 ("ath11k: Disabling credit flow for WMI path")
> Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
> Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>

Patch applied to ath-next branch of ath.git, thanks.

e5646fe3b7ef ath11k: fix missing skb drop on htc_tx_completion error
diff mbox series

Patch

diff --git a/drivers/net/wireless/ath/ath11k/htc.c b/drivers/net/wireless/ath/ath11k/htc.c
index 069c29a4fac7..ca3aedc0252d 100644
--- a/drivers/net/wireless/ath/ath11k/htc.c
+++ b/drivers/net/wireless/ath/ath11k/htc.c
@@ -258,8 +258,10 @@  void ath11k_htc_tx_completion_handler(struct ath11k_base *ab,
 	u8 eid;
 
 	eid = ATH11K_SKB_CB(skb)->eid;
-	if (eid >= ATH11K_HTC_EP_COUNT)
+	if (eid >= ATH11K_HTC_EP_COUNT) {
+		dev_kfree_skb_any(skb);
 		return;
+	}
 
 	ep = &htc->endpoint[eid];
 	spin_lock_bh(&htc->tx_lock);