| Message ID | 20250429022046.1656056-1-megi@xff.cz |
|---|---|
| Headers | show |
| Series | Fix inadverent sharing of struct ieee80211_supported_band data | expand |
Ondřej Jirman <megi@xff.cz> wrote: > > This is a series of patches requested by Ping-Ke Shih in response to > https://lore.kernel.org/lkml/20250427002414.410791-1-megi@xff.cz/ > > Please take a look. > > (hw->wiphy->bands[*] are no longer being NULLed when probe fails and on > remove(), but I guess that should not be an issue? I tried unbinding the > device and it worked fine without any crash) The original code set bands[] to NULL, because the error path could call free function twice, so set NULL to prevent double free. After using devm_ series, it becomes unnecessary.
Ondřej Jirman <megi@xff.cz> wrote: > Internally wiphy writes to individual channels in this structure, > so we must not share one static definition of channel list between > multiple device instances, because that causes hard to debug > breakage. > > For example, with two rtw89 driven devices in the system, channel > information may get incoherent, preventing channel use. > > Signed-off-by: Ondrej Jirman <megi@xff.cz> > --- > drivers/net/wireless/realtek/rtw89/core.c | 33 +++++++++++++++++++---- > 1 file changed, 28 insertions(+), 5 deletions(-) > > diff --git a/drivers/net/wireless/realtek/rtw89/core.c b/drivers/net/wireless/realtek/rtw89/core.c > index b164bc767e82..48e21a3549ff 100644 > --- a/drivers/net/wireless/realtek/rtw89/core.c > +++ b/drivers/net/wireless/realtek/rtw89/core.c > @@ -4400,17 +4400,40 @@ static int rtw89_init_he_eht_cap(struct rtw89_dev *rtwdev, > return 0; > } > > +static struct ieee80211_supported_band * > +rtw89_core_sband_dup(struct rtw89_dev *rtwdev, > + const struct ieee80211_supported_band *sband) > +{ > + struct ieee80211_supported_band *dup; > + > + dup = devm_kmemdup(rtwdev->dev, sband, sizeof(*sband), GFP_KERNEL); > + if (!dup) > + return NULL; > + > + dup->channels = devm_kmemdup(rtwdev->dev, sband->channels, > + sizeof(struct ieee80211_channel) * sband->n_channels, sizeof(*sband->channels) * sband->n_channels, > + GFP_KERNEL); > + if (!dup->channels) > + return NULL; > + > + dup->bitrates = devm_kmemdup(rtwdev->dev, sband->bitrates, > + sizeof(struct ieee80211_rate) * sband->n_bitrates, sizeof(*sband->bitrates) * sband->n_bitrates, > + GFP_KERNEL); > + if (!dup->bitrates) > + return NULL; > + > + return dup; > +} > + [...]
From: Ondrej Jirman <megi@xff.cz> This is a series of patches requested by Ping-Ke Shih in response to https://lore.kernel.org/lkml/20250427002414.410791-1-megi@xff.cz/ Please take a look. (hw->wiphy->bands[*] are no longer being NULLed when probe fails and on remove(), but I guess that should not be an issue? I tried unbinding the device and it worked fine without any crash) thank you and regards, Ondrej Jirman Changes since v1: - added patch to convert some memory allocations to be devm_* managed - check for NULL from kmemdup() - rename rtw89_copy_sband - drop some kfree due to them not being needed because failed rtw89_core_set_supported_band() results in abandoned probe() and devm_* will take care of that - add error return to rtw89_init_he_eht_cap and check for it Ondrej Jirman (2): wifi: rtw89: Convert rtw89_core_set_supported_band to use devm_* wifi: rtw89: Fix inadverent sharing of struct ieee80211_supported_band data drivers/net/wireless/realtek/rtw89/core.c | 124 +++++++++++----------- 1 file changed, 60 insertions(+), 64 deletions(-)