1 From 3811fa1f231f1a3e29759efef4992116604aab8b Mon Sep 17 00:00:00 2001
2 From: Sowmiya Sree Elavalagan <quic_ssreeela@quicinc.com>
3 Date: Tue, 11 Oct 2022 15:23:46 +0530
4 Subject: [PATCH] wifi: ath11k: Fix firmware crash on vdev delete race
7 Current code does not wait for vdev delete completion on vdev create
8 failures and tries to send another vdev create followed by vdev set
9 param to firmware with same vdev id. This causes firmware crash.
10 Fix this crash by waiting for vdev delete completion on vdev
13 Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.6.0.1-00905-QCAHKSWPL_SILICONZ-1
15 Signed-off-by: Sowmiya Sree Elavalagan <quic_ssreeela@quicinc.com>
16 Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
17 Link: https://lore.kernel.org/r/20221011095346.3901-1-quic_ssreeela@quicinc.com
19 drivers/net/wireless/ath/ath11k/mac.c | 60 +++++++++++++++++----------
20 1 file changed, 37 insertions(+), 23 deletions(-)
22 --- a/drivers/net/wireless/ath/ath11k/mac.c
23 +++ b/drivers/net/wireless/ath/ath11k/mac.c
24 @@ -6233,6 +6233,40 @@ void ath11k_mac_11d_scan_stop_all(struct
28 +static int ath11k_mac_vdev_delete(struct ath11k *ar, struct ath11k_vif *arvif)
30 + unsigned long time_left;
31 + struct ieee80211_vif *vif = arvif->vif;
34 + lockdep_assert_held(&ar->conf_mutex);
36 + reinit_completion(&ar->vdev_delete_done);
38 + ret = ath11k_wmi_vdev_delete(ar, arvif->vdev_id);
40 + ath11k_warn(ar->ab, "failed to delete WMI vdev %d: %d\n",
41 + arvif->vdev_id, ret);
45 + time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
46 + ATH11K_VDEV_DELETE_TIMEOUT_HZ);
47 + if (time_left == 0) {
48 + ath11k_warn(ar->ab, "Timeout in receiving vdev delete response\n");
52 + ar->ab->free_vdev_map |= 1LL << (arvif->vdev_id);
53 + ar->allocated_vdev_map &= ~(1LL << arvif->vdev_id);
54 + ar->num_created_vdevs--;
56 + ath11k_dbg(ar->ab, ATH11K_DBG_MAC, "vdev %pM deleted, vdev_id %d\n",
57 + vif->addr, arvif->vdev_id);
62 static int ath11k_mac_op_add_interface(struct ieee80211_hw *hw,
63 struct ieee80211_vif *vif)
65 @@ -6468,10 +6502,7 @@ err_peer_del:
69 - ath11k_wmi_vdev_delete(ar, arvif->vdev_id);
70 - ar->num_created_vdevs--;
71 - ar->allocated_vdev_map &= ~(1LL << arvif->vdev_id);
72 - ab->free_vdev_map |= 1LL << arvif->vdev_id;
73 + ath11k_mac_vdev_delete(ar, arvif);
74 spin_lock_bh(&ar->data_lock);
75 list_del(&arvif->list);
76 spin_unlock_bh(&ar->data_lock);
77 @@ -6499,7 +6530,6 @@ static void ath11k_mac_op_remove_interfa
78 struct ath11k *ar = hw->priv;
79 struct ath11k_vif *arvif = ath11k_vif_to_arvif(vif);
80 struct ath11k_base *ab = ar->ab;
81 - unsigned long time_left;
85 @@ -6520,29 +6550,13 @@ static void ath11k_mac_op_remove_interfa
89 - reinit_completion(&ar->vdev_delete_done);
91 - ret = ath11k_wmi_vdev_delete(ar, arvif->vdev_id);
92 + ret = ath11k_mac_vdev_delete(ar, arvif);
94 - ath11k_warn(ab, "failed to delete WMI vdev %d: %d\n",
95 + ath11k_warn(ab, "failed to delete vdev %d: %d\n",
100 - time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
101 - ATH11K_VDEV_DELETE_TIMEOUT_HZ);
102 - if (time_left == 0) {
103 - ath11k_warn(ab, "Timeout in receiving vdev delete response\n");
107 - ab->free_vdev_map |= 1LL << (arvif->vdev_id);
108 - ar->allocated_vdev_map &= ~(1LL << arvif->vdev_id);
109 - ar->num_created_vdevs--;
111 - ath11k_dbg(ab, ATH11K_DBG_MAC, "vdev %pM deleted, vdev_id %d\n",
112 - vif->addr, arvif->vdev_id);
114 if (arvif->vdev_type == WMI_VDEV_TYPE_MONITOR) {
115 clear_bit(ATH11K_FLAG_MONITOR_VDEV_CREATED, &ar->monitor_flags);
116 ar->monitor_vdev_id = -1;
projects / librecmc / librecmc.git / blob