lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 11 Jan 2022 15:31:23 -0800
From:   Ben Greear <greearb@...delatech.com>
To:     Khalid Aziz <khalid@...ehiking.org>, nbd@....name,
        lorenzo.bianconi83@...il.com, ryder.lee@...iatek.com,
        shayne.chen@...iatek.com, sean.wang@...iatek.com, kvalo@...nel.org
Cc:     davem@...emloft.net, kuba@...nel.org, matthias.bgg@...il.com,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [Bug] mt7921e driver in 5.16 causes kernel panic

On 1/11/22 3:17 PM, Khalid Aziz wrote:
> I am seeing an intermittent bug in mt7921e driver. When the driver module is loaded
> and is being initialized, almost every other time it seems to write to some wild
> memory location. This results in driver failing to initialize with message
> "Timeout for driver own" and at the same time I start to see "Bad page state" messages
> for random processes. Here is the relevant part of dmesg:

Please see if this helps?

From: Ben Greear <greearb@...delatech.com>

If the nic fails to start, it is possible that the
reset_work has already been scheduled.  Ensure the
work item is canceled so we do not have use-after-free
crash in case cleanup is called before the work item
is executed.

This fixes crash on my x86_64 apu2 when mt7921k radio
fails to work.  Radio still fails, but OS does not
crash.

Signed-off-by: Ben Greear <greearb@...delatech.com>
---
  drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
index 6073bedaa1c08..9b33002dcba4a 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
@@ -272,6 +272,7 @@ static void mt7921_stop(struct ieee80211_hw *hw)

  	cancel_delayed_work_sync(&dev->pm.ps_work);
  	cancel_work_sync(&dev->pm.wake_work);
+	cancel_work_sync(&dev->reset_work);
  	mt76_connac_free_pending_tx_skbs(&dev->pm, NULL);

  	mt7921_mutex_acquire(dev);
-- 
2.26.3


Thanks,
Ben


-- 
Ben Greear <greearb@...delatech.com>
Candela Technologies Inc  http://www.candelatech.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ