diff options
| author | Gregory Greenman <gregory.greenman@intel.com> | 2023-04-16 18:55:38 +0300 |
|---|---|---|
| committer | iwlwifi publisher <> | 2023-05-03 10:50:53 +0000 |
| commit | a2c83c62fb0aa54cc7f55d4e3dabd2e7c1035d21 (patch) | |
| tree | 0474f5ab2c20e88d16b294300935d03fa8e1a464 | |
| parent | ca4786fd0e471bd1589ccb1c69215783b00093b0 (diff) | |
| download | backport-iwlwifi-a2c83c62fb0aa54cc7f55d4e3dabd2e7c1035d21.tar.gz | |
[BUGFIX] wifi: iwlwifi: debug: catch early out of range worker index
We see occusionally "BUG: KFENCE: out-of-bounds read" pointing
an invalid worker index. This patch doesn't fix the root cause,
but will try to catch a case of invalid worker index and report
it in the log.
type=bugfix
ticket=jira:WIFI-266628
fixes=unknown
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Change-Id: I5a1385fa52b2653521253d6afca00d27578bc7d0
Reviewed-on: https://gerritwcs.ir.intel.com/c/iwlwifi-stack-dev/+/51384
automatic-review: iil_jenkins <EC.GER.UNIX.IIL.JENKINS@INTEL.COM>
tested: iil_jenkins <EC.GER.UNIX.IIL.JENKINS@INTEL.COM>
Tested-by: iil_jenkins <EC.GER.UNIX.IIL.JENKINS@INTEL.COM>
Reviewed-by: Berg, Johannes <johannes.berg@intel.com>
x-iwlwifi-stack-dev: dafa781673d865fca3af74454668919752b7fa14
| -rw-r--r-- | drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 11 | ||||
| -rw-r--r-- | versions | 2 |
2 files changed, 10 insertions, 3 deletions
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c index 995c20e500..31ffa1d45a 100644 --- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c +++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c @@ -3057,8 +3057,15 @@ void iwl_fw_error_dump_wk(struct work_struct *work) { struct iwl_fwrt_wk_data *wks = container_of(work, typeof(*wks), wk.work); - struct iwl_fw_runtime *fwrt = - container_of(wks, typeof(*fwrt), dump.wks[wks->idx]); + struct iwl_fw_runtime *fwrt; + + if (wks->idx >= IWL_FW_RUNTIME_DUMP_WK_NUM) { + fwrt = container_of(wks, typeof(*fwrt), dump.wks[0]); + IWL_ERR(fwrt, "invalid worker index %d\n", wks->idx); + return; + } + + fwrt = container_of(wks, typeof(*fwrt), dump.wks[wks->idx]); /* assumes the op mode mutex is locked in dump_start since * iwl_fw_dbg_collect_sync can't run in parallel @@ -2,4 +2,4 @@ BACKPORTS_VERSION="(see git)" BACKPORTED_KERNEL_VERSION="(see git)" BACKPORTED_KERNEL_NAME="iwlwifi" BACKPORTS_BUILD_TSTAMP=__DATE__ \" \" __TIME__ -BACKPORTS_GIT_TRACKED="iwlwifi-stack-public:master:11188:9ba32689" +BACKPORTS_GIT_TRACKED="iwlwifi-stack-public:master:11189:dafa7816" |