From e87355474fa851bde244b4ef5fa502439ad788ad Mon Sep 17 00:00:00 2001 From: jinweic chen Date: Tue, 6 Mar 2018 16:48:42 +0800 Subject: [PATCH] qcacmn: fix monitor nbuf double unmap when rmmod When reaping rx monitor msdu in dp_rx_mon_mpdu_pop, if msdu_ppdu_id > ppdu_id, then the corresbonding dp_rx_desc will not be added to free list, and in_use flag still is 1 but it has done nbuf unmap which linked to this rx desc. meantime, if rmmod triggered then it will go through the rx desc pool and unmap the linked nbuf that in_use flag is 1, panic happened. add unmapped flag checking to avoid double unmap. CRs-fixed: 2201071 Change-Id: Idead32b189f513897deebf646b72585b257151c2 --- dp/wifi3.0/dp_rx_desc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dp/wifi3.0/dp_rx_desc.c b/dp/wifi3.0/dp_rx_desc.c index 8a7c9a2eb3..074bf646a0 100644 --- a/dp/wifi3.0/dp_rx_desc.c +++ b/dp/wifi3.0/dp_rx_desc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2016-2018 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -81,7 +81,8 @@ void dp_rx_desc_pool_free(struct dp_soc *soc, uint32_t pool_id, qdf_spin_lock_bh(&soc->rx_desc_mutex[pool_id]); for (i = 0; i < rx_desc_pool->pool_size; i++) { if (rx_desc_pool->array[i].rx_desc.in_use) { - qdf_nbuf_unmap_single(soc->osdev, + if (!(rx_desc_pool->array[i].rx_desc.unmapped)) + qdf_nbuf_unmap_single(soc->osdev, rx_desc_pool->array[i].rx_desc.nbuf, QDF_DMA_BIDIRECTIONAL); qdf_nbuf_free(rx_desc_pool->array[i].rx_desc.nbuf);