lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20250418120951.94021-1-usama.anjum@collabora.com>
Date: Fri, 18 Apr 2025 17:09:51 +0500
From: Muhammad Usama Anjum <usama.anjum@...labora.com>
To: Jeff Johnson <jjohnson@...nel.org>,
	Kalle Valo <kvalo@...nel.org>,
	Anilkumar Kolli <quic_akolli@...cinc.com>
Cc: Muhammad Usama Anjum <usama.anjum@...labora.com>,
	kernel@...labora.com,
	linux-wireless@...r.kernel.org,
	ath11k@...ts.infradead.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] wifi: ath11k: Fix memory reuse logic

Firmware requests 2 segments at first. 1st segment is of 6799360 whose
allocation fails and we return success to firmware. Then firmware asks
for 22 smaller segments. Those get allocated. At suspend/hibernation
time, these segments aren't freed as they are reused by firmware.

After resume the firmware asks for 2 segments again with first segment
of 6799360 and with same vaddr of the first smaller segment which we had
allocated. Hence vaddr isn't NULL and we compare the type and size if it
can be reused. Unfornately, we detect that we cannot reuse it and this
first smaller segment is freed. Then we continue to allocate 6799360 size
memory from dma which fails and we call ath11k_qmi_free_target_mem_chunk()
which frees the second smaller segment as well. Later success is returned
to firmware which asks for 22 smaller segments again. But as we had freed
2 segments already, we'll allocate the first 2 new segments again and
reuse the remaining 20.

This patch is correctiong the skip logic when vaddr is set, but size/type
don't match. In this case, we should use the same skip and success logic
as used when dma_alloc_coherent fails without freeing the memory area.

We had got reports that memory allocation in this function failed at
resume which made us debug why the reuse logic is wrong. Those failures
weren't because of the bigger chunk allocation failure as they are
skipped. Rather these failures were because of smaller chunk allocation
failures. This patch fixes freeing and allocation of 2 smaller chunks.

Tested-on: QCNFA765 WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6

Fixes: 5962f370ce41 ("ath11k: Reuse the available memory after firmware reload")
Signed-off-by: Muhammad Usama Anjum <usama.anjum@...labora.com>
---
 drivers/net/wireless/ath/ath11k/qmi.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath11k/qmi.c b/drivers/net/wireless/ath/ath11k/qmi.c
index 47b9d4126d3a9..3c26f4dcf5d29 100644
--- a/drivers/net/wireless/ath/ath11k/qmi.c
+++ b/drivers/net/wireless/ath/ath11k/qmi.c
@@ -1990,8 +1990,16 @@ static int ath11k_qmi_alloc_target_mem_chunk(struct ath11k_base *ab)
 		 */
 		if (chunk->vaddr) {
 			if (chunk->prev_type == chunk->type &&
-			    chunk->prev_size == chunk->size)
+			    chunk->prev_size == chunk->size) {
 				continue;
+			} else if (ab->qmi.mem_seg_count <= ATH11K_QMI_FW_MEM_REQ_SEGMENT_CNT) {
+				ath11k_dbg(ab, ATH11K_DBG_QMI,
+					   "size/type mismatch (current %d %u) (prev %d %u), try later with small size\n",
+					    chunk->size, chunk->type,
+					    chunk->prev_size, chunk->prev_type);
+				ab->qmi.target_mem_delayed = true;
+				return 0;
+			}
 
 			/* cannot reuse the existing chunk */
 			dma_free_coherent(ab->dev, chunk->prev_size,
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ