qcacmn: Fix invalid memory access while adding napi
When new napi is added unique napi_id is assigned and an entry is allocated in kernel napi hash table of size 256, vice versa napi del will remove the entry from hash table. Currently during driver unload dummy rx napi's(added for GRO case) are not deleted which causes resource leakage in kernel napi hash table. While adding new napi if napi_id exceeds hash table size, then entry from zero index is accessed to find unclaimed hash entry which trigger invalid entry access since previous driver unload did not delete napis properly. In use case where multiple wlan driver instances are used this issue can be quickly reproducible since it triggers napi_id to exceed hash table size within less number of driver load/unload. Fix is to delete rx dummy napi's during driver unload Change-Id: Idfb24c5c09ebc131c2b19d894d08a8ea34675ed6 CRs-Fixed: 2288118
This commit is contained in:

committed by
nshrivas

parent
7f9c050df4
commit
c1b9dcf734
@@ -82,10 +82,25 @@ static void hif_init_rx_thread_napi(struct qca_napi_info *napii)
|
||||
hif_rxthread_napi_poll, 64);
|
||||
napi_enable(&napii->rx_thread_napi);
|
||||
}
|
||||
|
||||
/**
|
||||
* hif_deinit_rx_thread_napi() - Deinitialize dummy Rx_thread NAPI
|
||||
* @napii: Handle to napi_info holding rx_thread napi
|
||||
*
|
||||
* Return: None
|
||||
*/
|
||||
static void hif_deinit_rx_thread_napi(struct qca_napi_info *napii)
|
||||
{
|
||||
netif_napi_del(&napii->rx_thread_napi);
|
||||
}
|
||||
#else /* RECEIVE_OFFLOAD */
|
||||
static void hif_init_rx_thread_napi(struct qca_napi_info *napii)
|
||||
{
|
||||
}
|
||||
|
||||
static void hif_deinit_rx_thread_napi(struct qca_napi_info *napii)
|
||||
{
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
@@ -373,6 +388,7 @@ int hif_napi_destroy(struct hif_opaque_softc *hif_ctx,
|
||||
|
||||
qdf_lro_deinit(napii->lro_ctx);
|
||||
netif_napi_del(&(napii->napi));
|
||||
hif_deinit_rx_thread_napi(napii);
|
||||
|
||||
napid->ce_map &= ~(0x01 << ce);
|
||||
napid->napis[ce] = NULL;
|
||||
|
Reference in New Issue
Block a user