ath11k: Fix crash during firmware recovery on reo cmd ring access
In scenario when a peer is disassociating, there could be
multiple places where a reo cmd ring is accessed, such as
during aggregation teardown, tid queue cleanup, etc.
When this happens during firmware recovery where accessing of FW/HW
resources/registers is not recommended, accessing reo cmd ring in
this case could lead to crash or undefined behaviour.
Hence avoid this by checking for corresponding flag to avoid
accessing reo cmd ring during firmware recovery.
Sample crash:
[ 3936.456050] Unhandled fault: imprecise external abort (0x1c06) at 0x54bb842a
[ 3936.456411] WARN: Access Violation!!!, Run "cat /sys/kernel/debug/qcom_debug_logs/tz_log" for more details
[ 3936.467997] pgd =
b4474000
[ 3936.477440] [
54bb842a] *pgd=
6fa61831, *pte=
7f95d59f, *ppte=
7f95de7e
<snip>
[ 3937.177436] [<
8030ab10>] (_raw_spin_unlock_bh) from [<
7f5e9eb8>] (ath11k_hal_reo_cmd_send+0x440/0x458 [ath11k])
[ 3937.185730] [<
7f5e9eb8>] (ath11k_hal_reo_cmd_send [ath11k]) from [<
7f601c4c>] (ath11k_dp_tx_send_reo_cmd+0x2c/0xcc [ath11k])
[ 3937.195524] [<
7f601c4c>] (ath11k_dp_tx_send_reo_cmd [ath11k]) from [<
7f602f10>] (ath11k_peer_rx_tid_reo_update+0x84/0xbc [ath11k])
[ 3937.206984] [<
7f602f10>] (ath11k_peer_rx_tid_reo_update [ath11k]) from [<
7f605a9c>] (ath11k_dp_rx_ampdu_stop+0xa8/0x130 [ath11k])
[ 3937.218532] [<
7f605a9c>] (ath11k_dp_rx_ampdu_stop [ath11k]) from [<
7f5f6730>] (ath11k_mac_op_ampdu_action+0x6c/0x98 [ath11k])
[ 3937.230250] [<
7f5f6730>] (ath11k_mac_op_ampdu_action [ath11k]) from [<
c7b6e890>] (___ieee80211_stop_rx_ba_session+0x98/0x144 [mac80211])
[ 3937.241499] [<
c7b6e890>] (___ieee80211_stop_rx_ba_session [mac80211]) from [<
c7b6cdd8>] (ieee80211_sta_tear_down_BA_sessions+0x4c/0xf4 [)
[ 3937.253833] [<
c7b6cdd8>] (ieee80211_sta_tear_down_BA_sessions [mac80211]) from [<
c7b63460>] (ieee80211_sta_eosp+0x5b8/0x960 [mac80211])
[ 3937.266764] [<
c7b63460>] (ieee80211_sta_eosp [mac80211]) from [<
c7b66da8>] (__sta_info_flush+0x9c/0x134 [mac80211])
[ 3937.278826] [<
c7b66da8>] (__sta_info_flush [mac80211]) from [<
c7b7bd00>] (ieee80211_stop_ap+0x14c/0x28c [mac80211])
[ 3937.289240] [<
c7b7bd00>] (ieee80211_stop_ap [mac80211]) from [<
7f509cf0>] (__cfg80211_stop_ap+0x4c/0xd8 [cfg80211])
[ 3937.299629] [<
7f509cf0>] (__cfg80211_stop_ap [cfg80211]) from [<
7f4dddec>] (cfg80211_leave+0x24/0x30 [cfg80211])
[ 3937.310041] [<
7f4dddec>] (cfg80211_leave [cfg80211]) from [<
7f4de03c>] (cfg80211_netdev_notifier_call+0x174/0x48c [cfg80211])
[ 3937.320457] [<
7f4de03c>] (cfg80211_netdev_notifier_call [cfg80211]) from [<
80339928>] (notifier_call_chain+0x40/0x68)
[ 3937.331636] [<
80339928>] (notifier_call_chain) from [<
803399a8>] (raw_notifier_call_chain+0x14/0x1c)
[ 3937.342221] [<
803399a8>] (raw_notifier_call_chain) from [<
8073bb00>] (call_netdevice_notifiers+0xc/0x14)
Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.1.0.1-01240-QCAHKSWPL_SILICONZ-1
Signed-off-by: Sriram R <srirrama@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210721212029.142388-7-jouni@codeaurora.org
projects / kernel.git / commit