From 7c15430822e71e90203d87e6d0cfe83fa058b0dc Mon Sep 17 00:00:00 2001 From: Len Brown Date: Wed, 1 Feb 2023 12:32:01 -0600 Subject: wifi: ath11k: allow system suspend to survive ath11k When ath11k runs into internal errors upon suspend, it returns an error code to pci_pm_suspend, which aborts the entire system suspend. The driver should not abort system suspend, but should keep its internal errors to itself, and allow the system to suspend. Otherwise, a user can suspend a laptop by closing the lid and sealing it into a case, assuming that is will suspend, rather than heating up and draining the battery when in transit. In practice, the ath11k device seems to have plenty of transient errors, and subsequent suspend cycles after this failure often succeed. https://bugzilla.kernel.org/show_bug.cgi?id=216968 Fixes: d1b0c33850d29 ("ath11k: implement suspend for QCA6390 PCI devices") Signed-off-by: Len Brown Cc: stable@vger.kernel.org Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230201183201.14431-1-len.brown@intel.com --- drivers/net/wireless/ath/ath11k/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers') diff --git a/drivers/net/wireless/ath/ath11k/pci.c b/drivers/net/wireless/ath/ath11k/pci.c index 776362d151cb..0aeef2948ff5 100644 --- a/drivers/net/wireless/ath/ath11k/pci.c +++ b/drivers/net/wireless/ath/ath11k/pci.c @@ -981,7 +981,7 @@ static __maybe_unused int ath11k_pci_pm_suspend(struct device *dev) if (ret) ath11k_warn(ab, "failed to suspend core: %d\n", ret); - return ret; + return 0; } static __maybe_unused int ath11k_pci_pm_resume(struct device *dev) -- cgit v1.2.3 From cf45efcb250ea788085f330db972256735f970e0 Mon Sep 17 00:00:00 2001 From: Lorenzo Bianconi Date: Fri, 24 Feb 2023 00:02:17 +0100 Subject: wifi: mt76: usb: fix use-after-free in mt76u_free_rx_queue Fix the following use-after-free issue in mt76u_free_rx_queue routine: usb 3-3.3.4: reset high-speed USB device number 8 using xhci_hcd iwlwifi 0000:05:00.0: Detected RF HR B3, rfid=0x10a100 iwlwifi 0000:05:00.0: base HW address: 50:eb:71:79:02:57 iwlwifi 0000:05:00.0 wlp5s0: renamed from wlan0 mt76x2u 3-3.3.4:1.0: ASIC revision: 76320044 usb 3-3.3.1: 1:3 : unsupported format bits 0x100000000 mt76x2u 3-3.3.4:1.0: could not get hardware semaphore for ROM PATCH ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 13 PID: 983 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110 Modules linked in: snd_seq_midi snd_seq_midi_event mt76x2u(+) mt76x2_common mt76x02_usb mt76_usb iwlmvm mt76x02_lib mt76 snd_hda_codec_realtek intel_rapl_msr snd_hda_codec_generic snd_hda_codec_hdmi intel_rapl_common snd_hda_intel mac80211 snd_intel_dspcfg snd_usb_audio(+) snd_intel_sdw_acpi btusb edac_mce_amd snd_hda_codec btrtl btbcm snd_usbmidi_lib snd_hda_core btintel snd_rawmidi btmtk snd_hwdep libarc4 mc iwlwifi kvm_amd snd_seq vfat bluetooth eeepc_wmi asus_ec_sensors snd_seq_device fat kvm cfg80211 asus_wmi snd_pcm irqbypass ledtrig_audio sparse_keymap rapl wmi_bmof platform_profile xpad snd_timer k10temp ff_memless i2c_piix4 rfkill snd joydev soundcore acpi_cpufreq loop zram amdgpu crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic drm_ttm_helper ttm video iommu_v2 ucsi_ccg drm_buddy gpu_sched typec_ucsi ghash_clmulni_intel drm_display_helper igb sha512_ssse3 typec ccp nvme cec sp5100_tco nvme_core dca nvme_common wmi ip6_tables ip_tables fuse BTRFS info (device nvme1n1): enabling ssd optimizations CPU: 13 PID: 983 Comm: (udev-worker) Tainted: G W L ------- --- 6.3.0-0.rc0.20230222git5b7c4cabbb65.3.fc39.x86_64+debug BTRFS info (device nvme1n1): auto enabling async discard Hardware name: System manufacturer System Product Name/ROG STRIX X570-I GAMING, BIOS 4601 02/02/2023 RIP: 0010:refcount_warn_saturate+0xba/0x110 Code: 01 01 e8 69 a6 83 ff 0f 0b e9 52 f4 85 00 80 3d 69 6f ec 01 00 75 85 48 c7 c7 d0 25 b3 a9 c6 05 59 6f ec 01 01 e8 46 a6 83 ff <0f> 0b e9 2f f4 85 00 80 3d 47 6f ec 01 00 0f 85 5e ff ff ff 48 c7 RSP: 0018:ffffb4010456fb78 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000080000000 RCX: 0000000000000000 RDX: 0000000000000002 RSI: ffffffffa9b17e3e RDI: 00000000ffffffff RBP: ffff8d15877336c0 R08: 0000000000000000 R09: ffffb4010456fa00 R10: 0000000000000003 R11: ffff8d246e2fffe8 R12: 0000000000000080 R13: ffff8d15b42fd000 R14: 0000000000000000 R15: ffff8d1587736a58 FS: 00007fc05ae34940(0000) GS:ffff8d2425e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055d801f1d540 CR3: 000000011df60000 CR4: 0000000000350ee0 Call Trace: mt76u_queues_deinit+0x2a0/0x370 [mt76_usb] mt76x2u_probe+0xf3/0x130 [mt76x2u] usb_probe_interface+0xe8/0x300 really_probe+0x1b6/0x410 __driver_probe_device+0x78/0x170 driver_probe_device+0x1f/0x90 __driver_attach+0xd2/0x1c0 ? __pfx___driver_attach+0x10/0x10 bus_for_each_dev+0x8a/0xd0 bus_add_driver+0x141/0x230 driver_register+0x77/0x120 usb_register_driver+0xaf/0x170 ? __pfx_init_module+0x10/0x10 [mt76x2u] do_one_initcall+0x6e/0x350 do_init_module+0x4a/0x220 __do_sys_init_module+0x192/0x1c0 ? lock_is_held_type+0xce/0x120 do_syscall_64+0x5b/0x80 ? lock_is_held_type+0xce/0x120 ? asm_exc_page_fault+0x22/0x30 ? lockdep_hardirqs_on+0x7d/0x100 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7fc05b1351be Code: 48 8b 0d 4d 0c 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 af 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1a 0c 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007ffd947c0988 EFLAGS: 00000246 ORIG_RAX: 00000000000000af RAX: ffffffffffffffda RBX: 000055d801f2b090 RCX: 00007fc05b1351be RDX: 00007fc05b65c07d RSI: 00000000000234be RDI: 000055d802c6b170 RBP: 00007ffd947c0a40 R08: 000055d8019b4690 R09: 0000000000022000 R10: 000000055d8019b4 R11: 0000000000000246 R12: 00007fc05b65c07d R13: 0000000000020000 R14: 000055d801f39770 R15: 000055d801f47780 irq event stamp: 186313 hardirqs last enabled at (186323): [] __up_console_sem+0x5e/0x70 hardirqs last disabled at (186332): [] __up_console_sem+0x43/0x70 softirqs last enabled at (186022): [] __irq_exit_rcu+0xd7/0x160 softirqs last disabled at (186017): [] __irq_exit_rcu+0xd7/0x160 ---[ end trace 0000000000000000 ]--- mt76x2u: probe of 3-3.3.4:1.0 failed with error -110 usbcore: registered new interface driver mt76x2u kauditd_printk_skb: 32 callbacks suppressed Fixes: 2f5c3c77fc9b ("wifi: mt76: switch to page_pool allocator") Tested-by: Mikhail Gavrilov Signed-off-by: Lorenzo Bianconi Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/f2398f68011c976510c81e1964975b677e65860e.1677193208.git.lorenzo@kernel.org --- drivers/net/wireless/mediatek/mt76/usb.c | 1 + 1 file changed, 1 insertion(+) (limited to 'drivers') diff --git a/drivers/net/wireless/mediatek/mt76/usb.c b/drivers/net/wireless/mediatek/mt76/usb.c index b88959ef38aa..5e5c7bf51174 100644 --- a/drivers/net/wireless/mediatek/mt76/usb.c +++ b/drivers/net/wireless/mediatek/mt76/usb.c @@ -706,6 +706,7 @@ mt76u_free_rx_queue(struct mt76_dev *dev, struct mt76_queue *q) q->entry[i].urb = NULL; } page_pool_destroy(q->page_pool); + q->page_pool = NULL; } static void mt76u_free_rx(struct mt76_dev *dev) -- cgit v1.2.3