wil6210: fix kernel OOPS when stopping interface during Rx traffic
authorHamad Kadmany <qca_hkadmany@qca.qualcomm.com>
Wed, 16 Dec 2015 15:51:45 +0000 (17:51 +0200)
committerKalle Valo <kvalo@qca.qualcomm.com>
Thu, 7 Jan 2016 13:00:32 +0000 (15:00 +0200)
When network interface is stopping, some resources may
be already released by the network stack, and Rx frames
cause kernel OOPS (observed one is in netfilter code)

Proper solution is to drop packets pending in reorder buffer.

Signed-off-by: Hamad Kadmany <qca_hkadmany@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Maya Erez <qca_merez@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
drivers/net/wireless/ath/wil6210/rx_reorder.c

index e3d1be82f314d32d84d06c82efe9717d1c61377a..32031e7a11d58a96b1b83671ab45c519e3282f99 100644 (file)
@@ -261,9 +261,19 @@ struct wil_tid_ampdu_rx *wil_tid_ampdu_rx_alloc(struct wil6210_priv *wil,
 void wil_tid_ampdu_rx_free(struct wil6210_priv *wil,
                           struct wil_tid_ampdu_rx *r)
 {
+       int i;
+
        if (!r)
                return;
-       wil_release_reorder_frames(wil, r, r->head_seq_num + r->buf_size);
+
+       /* Do not pass remaining frames to the network stack - it may be
+        * not expecting to get any more Rx. Rx from here may lead to
+        * kernel OOPS since some per-socket accounting info was already
+        * released.
+        */
+       for (i = 0; i < r->buf_size; i++)
+               kfree_skb(r->reorder_buf[i]);
+
        kfree(r->reorder_buf);
        kfree(r->reorder_time);
        kfree(r);