| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250423065931.4017574-1-usama.anjum@collabora.com>
Date: Wed, 23 Apr 2025 11:59:30 +0500
From: Muhammad Usama Anjum <usama.anjum@...labora.com>
To: quic_bqiang@...cinc.com,
Jeff Johnson <jjohnson@...nel.org>,
Kalle Valo <kvalo@...nel.org>,
Anilkumar Kolli <quic_akolli@...cinc.com>
Cc: Muhammad Usama Anjum <usama.anjum@...labora.com>,
kernel@...labora.com,
linux-wireless@...r.kernel.org,
ath11k@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: [PATCH v2] wifi: ath11k: Fix memory reuse logic
Firmware requests 2 segments at first. The first segment is of 6799360
whose allocation fails due to dma remapping not available. The success
is returned to firmware. Then firmware asks for 22 smaller segments
instead of 2 big ones. Those get allocated successfully. At suspend/
hibernation time, these segments aren't freed as they will be reused
by firmware after resuming.
After resume the firmware asks for 2 segments again with first segment
of 6799360 and vaddr is not NULL. We compare the type and size with
previous type and size to know if it can be reused or not.
Unfortunately, we detect that it cannot be reuses and this first smaller
segment is freed. Then we continue to allocate 6799360 size memory from
dma which fails and we call ath11k_qmi_free_target_mem_chunk() which
frees the second smaller segment as well. Later success is returned to
firmware which asks for 22 smaller segments again. But as we had freed 2
segments already, we'll allocate the first 2 new smaller segments again
and reuse the remaining 20. Hence we aren't reusing the all 22 small
segments, but only 20.
This patch is correcting the skip logic when vaddr is set, but size/type
don't match. In this case, we should use the same skip and success logic
as used when dma_alloc_coherent fails without freeing the memory area.
We had got reports that memory allocation in this function failed at
resume [1] which made us debug why the reuse logic is wrong. Those
failures weren't because of the bigger chunk allocation failure as they
are skipped. Rather these failures were because of smaller chunk
allocation failures. This issue is in the kernel side as because of
memory pressure or fragmentation, the dma memory allocation fails. This
patch fixes freeing and allocation of 2 smaller chunks.
Tested-on: WCN6855 WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6
[1] https://lore.kernel.org/all/b30bc7f6-845d-4f9d-967e-c04a2b5f13f5@collabora.com
Signed-off-by: Muhammad Usama Anjum <usama.anjum@...labora.com>
---
Changes since v1:
- Update description
Fixes: 5962f370ce41 ("ath11k: Reuse the available memory after firmware reload")
I think we should keep fixes tag as ^ claimed that its adding reuse
support. But it left a bug in reuse which we are fixing.
Feel free to add it or leave it as it is.
---
drivers/net/wireless/ath/ath11k/qmi.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath11k/qmi.c b/drivers/net/wireless/ath/ath11k/qmi.c
index 47b9d4126d3a9..3c26f4dcf5d29 100644
--- a/drivers/net/wireless/ath/ath11k/qmi.c
+++ b/drivers/net/wireless/ath/ath11k/qmi.c
@@ -1990,8 +1990,16 @@ static int ath11k_qmi_alloc_target_mem_chunk(struct ath11k_base *ab)
*/
if (chunk->vaddr) {
if (chunk->prev_type == chunk->type &&
- chunk->prev_size == chunk->size)
+ chunk->prev_size == chunk->size) {
continue;
+ } else if (ab->qmi.mem_seg_count <= ATH11K_QMI_FW_MEM_REQ_SEGMENT_CNT) {
+ ath11k_dbg(ab, ATH11K_DBG_QMI,
+ "size/type mismatch (current %d %u) (prev %d %u), try later with small size\n",
+ chunk->size, chunk->type,
+ chunk->prev_size, chunk->prev_type);
+ ab->qmi.target_mem_delayed = true;
+ return 0;
+ }
/* cannot reuse the existing chunk */
dma_free_coherent(ab->dev, chunk->prev_size,
--
2.43.0
Powered by blists - more mailing lists