| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Jan 2022 16:05:15 -0800
From: Ben Greear <greearb@...delatech.com>
To: khalid@...ehiking.org, nbd@....name, lorenzo.bianconi83@...il.com,
ryder.lee@...iatek.com, shayne.chen@...iatek.com,
sean.wang@...iatek.com, kvalo@...nel.org
Cc: davem@...emloft.net, kuba@...nel.org, matthias.bgg@...il.com,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [Bug] mt7921e driver in 5.16 causes kernel panic
On 1/11/22 3:58 PM, Khalid Aziz wrote:
> On 1/11/22 16:31, Ben Greear wrote:
>> On 1/11/22 3:17 PM, Khalid Aziz wrote:
>>> I am seeing an intermittent bug in mt7921e driver. When the driver module is loaded
>>> and is being initialized, almost every other time it seems to write to some wild
>>> memory location. This results in driver failing to initialize with message
>>> "Timeout for driver own" and at the same time I start to see "Bad page state" messages
>>> for random processes. Here is the relevant part of dmesg:
>>
>> Please see if this helps?
>>
>> From: Ben Greear <greearb@...delatech.com>
>>
>> If the nic fails to start, it is possible that the
>> reset_work has already been scheduled. Ensure the
>> work item is canceled so we do not have use-after-free
>> crash in case cleanup is called before the work item
>> is executed.
>>
>> This fixes crash on my x86_64 apu2 when mt7921k radio
>> fails to work. Radio still fails, but OS does not
>> crash.
>>
>> Signed-off-by: Ben Greear <greearb@...delatech.com>
>> ---
>> drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
>> index 6073bedaa1c08..9b33002dcba4a 100644
>> --- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
>> +++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
>> @@ -272,6 +272,7 @@ static void mt7921_stop(struct ieee80211_hw *hw)
>>
>> cancel_delayed_work_sync(&dev->pm.ps_work);
>> cancel_work_sync(&dev->pm.wake_work);
>> + cancel_work_sync(&dev->reset_work);
>> mt76_connac_free_pending_tx_skbs(&dev->pm, NULL);
>>
>> mt7921_mutex_acquire(dev);
>
> Hi Ben,
>
> Unfortunately that did not help. I still saw the same messages and a kernel panic. I do not see this bug if I power down the laptop before booting it up, so
> mt7921_stop() would make sense as the reasonable place to fix it.
I think there are bugs around soft power cycle in these radios. (And today someone reported
to me same type of problem in some 7915 radio, though my 7915 radios work in that regard for me.) The patch above
fixes a crash I saw on a system with 7921k radio when the radio fails to boot properly for some reason
or another. I guess there must be more bugs in the radio bringup logic and you are hitting something
different from what I hit.
Thanks,
Ben
--
Ben Greear <greearb@...delatech.com>
Candela Technologies Inc http://www.candelatech.com
Powered by blists - more mailing lists