From patchwork Sat Dec 21 04:30:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Praneesh P X-Patchwork-Id: 853643 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 19A5C1E9B2D for ; Sat, 21 Dec 2024 04:31:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734755481; cv=none; b=XFuMhUkJIdJt0La2E/Y9HUz883GL9FqqhJq/X8JafNh+D57YJIUMn/klc9NZA6MyhNbN8ofpRi8nitB0avdAFZuV7V/gMx4UZn2iTyOunAmWIaMRZRTNV3wDFOQXweyfzILJrbDN6Rw7mGDsnvX8ottkSEFZIw8IFVJbq9CSmqc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734755481; c=relaxed/simple; bh=mwYI5wmnnb6p7fsqq9rsHthfu2CEWhUhGpkjUobI3ZM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=mnUU+jz2AIwXVDq1tCEeyvq/UONkOZkc03yj0mrR1jyeA5PdVBX5Ps8kS4bXQewk7l41BFwmYQ0f2qp+dRPAffekrW0ORKoyVYvlDgrKwiACS87y4JqykSEwPveR31IOAZQMaEvCT6hglrNspDoxldT+LOa4qb8euMAujEV4oZE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=R9eQLXaH; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="R9eQLXaH" Received: from pps.filterd (m0279866.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4BKLgWRQ011581; Sat, 21 Dec 2024 04:31:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= 4IiA3wJYQt3PNcW8ccvOzikIzdlziyNvG41A/BJc9lY=; b=R9eQLXaH0nVf7Hj+ rd8GaH7VFL10/v7SOPtCLM/qxaF9BmxTJzPaQ3dzvSI/S3/smJfgykTIBCMD5aC1 jzEOsUzZvrsFdf1Voc3fuuV/zoo+TuizNZZyaQRjaYVKV3GRDQJvRv1pP9Il3dof fDx6GgP2cWSKiufA3rJk1mFd21HzHHDfwzTs3M4EC9wYar6cWZ1u8xOwegG0l1mH VAfN54trHMBCLyS3TkdPOZX5W6oR/0+/V7UD+p9LuTWOqTh8tVR3vdgcc2Br1ryF 5JU9UuZDH2HXr3SUPE2x2pVUPYRBehu187EU4+mRk5UgfseeG7q1giHTQjYJEuev rJrYxw== Received: from nalasppmta01.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 43ngr08nkc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 21 Dec 2024 04:31:18 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA01.qualcomm.com (8.18.1.2/8.18.1.2) with ESMTPS id 4BL4VH3p012941 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 21 Dec 2024 04:31:17 GMT Received: from hu-ppranees-blr.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.9; Fri, 20 Dec 2024 20:31:15 -0800 From: P Praneesh To: CC: , P Praneesh Subject: [PATCH 06/14] wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Date: Sat, 21 Dec 2024 10:00:06 +0530 Message-ID: <20241221043014.1252841-7-quic_ppranees@quicinc.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241221043014.1252841-1-quic_ppranees@quicinc.com> References: <20241221043014.1252841-1-quic_ppranees@quicinc.com> Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: rXqvIHywZKdgwFxyTgoCJUh2W29_28UQ X-Proofpoint-GUID: rXqvIHywZKdgwFxyTgoCJUh2W29_28UQ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-06_09,2024-09-06_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 mlxlogscore=999 spamscore=0 priorityscore=1501 bulkscore=0 phishscore=0 impostorscore=0 lowpriorityscore=0 malwarescore=0 adultscore=0 suspectscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2412210035 Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to fetch the next entry from the destination ring. This is incorrect because ath12k_hal_srng_src_get_next_entry is intended for source rings, not destination rings. This leads to invalid entry fetches, causing potential data corruption or crashes due to accessing incorrect memory locations. This happens because the source ring and destination ring have different handling mechanisms and using the wrong function results in incorrect pointer arithmetic and ring management. To fix this issue, replace the call to ath12k_hal_srng_src_get_next_entry with ath12k_hal_srng_dst_get_next_entry in ath12k_dp_mon_srng_process. This ensures that the correct function is used for fetching entries from the destination ring, preventing invalid memory accesses. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Signed-off-by: P Praneesh --- drivers/net/wireless/ath/ath12k/dp_mon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath12k/dp_mon.c b/drivers/net/wireless/ath/ath12k/dp_mon.c index f9fd28ce801a..236456b02198 100644 --- a/drivers/net/wireless/ath/ath12k/dp_mon.c +++ b/drivers/net/wireless/ath/ath12k/dp_mon.c @@ -2379,7 +2379,7 @@ int ath12k_dp_mon_srng_process(struct ath12k *ar, int *budget, move_next: ath12k_dp_mon_buf_replenish(ab, buf_ring, 1); - ath12k_hal_srng_src_get_next_entry(ab, srng); + ath12k_hal_srng_dst_get_next_entry(ab, srng); num_buffs_reaped++; }