From b566c41880bca78f8153ab1b22942b63188c5517 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 24 Mar 2020 14:05:48 +0100 Subject: [PATCH] CHROMIUM: iwl7000: mvm: limit maximum queue appropriately Due to some hardware issues, queue 32 isn't usable on devices that have 32 queues (7000, 8000, 9000 families), which is correctly reflected in the configuration and TX queue initialization. However, the firmware API and queue allocation code assumes that there are 32 queues, and if something actually attempts to use #31 this leads to a NULL-pointer dereference since it's not allocated. Fix this by limiting to 31 in the IWL_MVM_DQA_MAX_DATA_QUEUE, and also add some code to catch this earlier in the future, if the configuration changes perhaps. Change-Id: I3a4af6b03b87a6bc18db9b1ff9a812f397bee1fc Signed-off-by: Johannes Berg Signed-off-by: Luca Coelho iwl7000-tree: b2fb45bcf5ac4071bc76d27685cfba0c05827a77 --- drivers/net/wireless/iwl7000/iwlwifi/fw/api/txq.h | 6 +++--- drivers/net/wireless/iwl7000/iwlwifi/mvm/sta.c | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/iwl7000/iwlwifi/fw/api/txq.h b/drivers/net/wireless/iwl7000/iwlwifi/fw/api/txq.h index 73196cbc7fbefd..75d958bab0e380 100644 --- a/drivers/net/wireless/iwl7000/iwlwifi/fw/api/txq.h +++ b/drivers/net/wireless/iwl7000/iwlwifi/fw/api/txq.h @@ -8,7 +8,7 @@ * Copyright(c) 2007 - 2014 Intel Corporation. All rights reserved. * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH * Copyright(c) 2016 - 2017 Intel Deutschland GmbH - * Copyright(c) 2019 Intel Corporation + * Copyright(c) 2019 - 2020 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of version 2 of the GNU General Public License as @@ -31,7 +31,7 @@ * Copyright(c) 2005 - 2014 Intel Corporation. All rights reserved. * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH * Copyright(c) 2016 - 2017 Intel Deutschland GmbH - * Copyright(c) 2019 Intel Corporation + * Copyright(c) 2019 - 2020 Intel Corporation * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -99,7 +99,7 @@ enum iwl_mvm_dqa_txq { IWL_MVM_DQA_MAX_MGMT_QUEUE = 8, IWL_MVM_DQA_AP_PROBE_RESP_QUEUE = 9, IWL_MVM_DQA_MIN_DATA_QUEUE = 10, - IWL_MVM_DQA_MAX_DATA_QUEUE = 31, + IWL_MVM_DQA_MAX_DATA_QUEUE = 30, }; enum iwl_mvm_tx_fifo { diff --git a/drivers/net/wireless/iwl7000/iwlwifi/mvm/sta.c b/drivers/net/wireless/iwl7000/iwlwifi/mvm/sta.c index c42b9c97fc55ef..f0081a6ad71e00 100644 --- a/drivers/net/wireless/iwl7000/iwlwifi/mvm/sta.c +++ b/drivers/net/wireless/iwl7000/iwlwifi/mvm/sta.c @@ -722,6 +722,11 @@ static int iwl_mvm_find_free_queue(struct iwl_mvm *mvm, u8 sta_id, lockdep_assert_held(&mvm->mutex); + if (WARN(maxq >= mvm->trans->trans_cfg->base_params->num_of_queues, + "max queue %d >= num_of_queues (%d)", maxq, + mvm->trans->trans_cfg->base_params->num_of_queues)) + maxq = mvm->trans->trans_cfg->base_params->num_of_queues - 1; + /* This should not be hit with new TX path */ if (WARN_ON(iwl_mvm_has_new_tx_api(mvm))) return -ENOSPC;