| From 937e79c67740d1d84736730d679f3cb2552f990e Mon Sep 17 00:00:00 2001 |
| From: Arnd Bergmann <arnd@arndb.de> |
| Date: Wed, 20 Oct 2021 11:59:07 +0300 |
| Subject: ath10k: fix invalid dma_addr_t token assignment |
| |
| From: Arnd Bergmann <arnd@arndb.de> |
| |
| commit 937e79c67740d1d84736730d679f3cb2552f990e upstream. |
| |
| Using a kernel pointer in place of a dma_addr_t token can |
| lead to undefined behavior if that makes it into cache |
| management functions. The compiler caught one such attempt |
| in a cast: |
| |
| drivers/net/wireless/ath/ath10k/mac.c: In function 'ath10k_add_interface': |
| drivers/net/wireless/ath/ath10k/mac.c:5586:47: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast] |
| 5586 | arvif->beacon_paddr = (dma_addr_t)arvif->beacon_buf; |
| | ^ |
| |
| Looking through how this gets used down the way, I'm fairly |
| sure that beacon_paddr is never accessed again for ATH10K_DEV_TYPE_HL |
| devices, and if it was accessed, that would be a bug. |
| |
| Change the assignment to use a known-invalid address token |
| instead, which avoids the warning and makes it easier to catch |
| bugs if it does end up getting used. |
| |
| Fixes: e263bdab9c0e ("ath10k: high latency fixes for beacon buffer") |
| Signed-off-by: Arnd Bergmann <arnd@arndb.de> |
| Signed-off-by: Kalle Valo <kvalo@codeaurora.org> |
| Link: https://lore.kernel.org/r/20211014075153.3655910-1-arnd@kernel.org |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/net/wireless/ath/ath10k/mac.c | 10 +++++++++- |
| 1 file changed, 9 insertions(+), 1 deletion(-) |
| |
| --- a/drivers/net/wireless/ath/ath10k/mac.c |
| +++ b/drivers/net/wireless/ath/ath10k/mac.c |
| @@ -5258,7 +5258,15 @@ static int ath10k_add_interface(struct i |
| if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) { |
| arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN, |
| GFP_KERNEL); |
| - arvif->beacon_paddr = (dma_addr_t)arvif->beacon_buf; |
| + |
| + /* Using a kernel pointer in place of a dma_addr_t |
| + * token can lead to undefined behavior if that |
| + * makes it into cache management functions. Use a |
| + * known-invalid address token instead, which |
| + * avoids the warning and makes it easier to catch |
| + * bugs if it does end up getting used. |
| + */ |
| + arvif->beacon_paddr = DMA_MAPPING_ERROR; |
| } else { |
| arvif->beacon_buf = |
| dma_alloc_coherent(ar->dev, |