Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit abf4c2e9 authored by Subash Abhinov Kasiviswanathan's avatar Subash Abhinov Kasiviswanathan
Browse files

net: rmnet_data: Handle info pointer from netdevice notifier 



Commit 351638e7 ("net: pass info struct via netdevice notifier")
adds support for passing a custom struct rather than a net device.

BUG: KASan: out of bounds on stack in rmnet_config_notify_cb+0x11c/0x728i
at addr ffffffc01232fb48
Read of size 8 by task WifiStateMachin/2268
page:ffffffbb056ce3e8 count:0 mapcount:0 mapping:        (null) index:0x2
flags: 0x0()
page dumped because: kasan: bad access detected
CPU: 2 PID: 2268 Comm: WifiStateMachin Tainted: G        W  O
3.18.0-g092b7e8-dirty #6
Hardware name: Qualcomm Technologies, Inc. MSM 8996 v2 + PMI8994 MTP (DT)
Call trace:
[<ffffffc000089c70>] dump_backtrace+0x0/0x1c4
[<ffffffc000089e44>] show_stack+0x10/0x1c
[<ffffffc0010cae0c>] dump_stack+0x74/0xc8
[<ffffffc00020e360>] kasan_report_error+0x2ac/0x3d0
[<ffffffc00020e560>] kasan_report+0x34/0x40
[<ffffffc00020d520>] __asan_load8+0x84/0x90
[<ffffffc0010ba434>] rmnet_config_notify_cb+0x118/0x728
[<ffffffc0000d1858>] notifier_call_chain+0x68/0xb4
[<ffffffc0000d1940>] raw_notifier_call_chain+0x10/0x1c
[<ffffffc000e2a39c>] call_netdevice_notifiers_info+0x60/0x74
[<ffffffc000e2a418>] call_netdevice_notifiers+0x68/0x84
[<ffffffc000e367c8>] netdev_run_todo+0x100/0x348
[<ffffffc000e4545c>] rtnl_unlock+0x8/0x14
[<ffffffc000e31a4c>] unregister_netdev+0x20/0x30
[<ffffffbffc02420c>] hdd_cleanup_adapter+0x88/0x9c [wlan]
[<ffffffbffc026630>] hdd_close_all_adapters+0xc4/0x128 [wlan]
[<ffffffbffc02a8d4>] hdd_wlan_exit+0x660/0x744 [wlan]
[<ffffffbffc02c388>] __hdd_wlan_exit+0x104/0x138 [wlan]
[<ffffffbffc284410>] hif_pci_remove+0x68/0x114 [wlan]
[<ffffffc0007f45c8>] cnss_wlan_unregister_driver+0xa0/0x21c
[<ffffffbffc286118>] hif_unregister_driver+0x14/0x20 [wlan]
[<ffffffbffc2a0288>] hdd_module_exit+0x1b4/0x218 [wlan]
[<ffffffc00014f804>] SyS_delete_module+0x1f4/0x290
Memory state around the buggy address:
ffffffc01232fa00: f1 f1 00 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00
ffffffc01232fa80: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4
>ffffffc01232fb00: f4 f4 f2 f2 f2 f2 00 f4 f4 f4 f2 f2 f2 f2 00 00
                                              ^
ffffffc01232fb80: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00
ffffffc01232fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Update the netdevice callback to handle this change.
Also remove a redundant check for associated devices.

CRs-Fixed: 865889
Change-Id: I96461807631447aef84eb3eac906057e3ce6827c
Signed-off-by: default avatarSubash Abhinov Kasiviswanathan <subashab@codeaurora.org>
parent c3b02802
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment