wifi: brcmfmac: fix invalid address access when enabling SCAN log level
The variable i is changed when setting random MAC address and causes
invalid address access when printing the value of pi->reqs[i]->reqid.
We replace reqs index with ri to fix the issue.
[ 136.726473] Unable to handle kernel access to user memory outside uaccess routines at virtual address
0000000000000000
[ 136.737365] Mem abort info:
[ 136.740172] ESR = 0x96000004
[ 136.743359] Exception class = DABT (current EL), IL = 32 bits
[ 136.749294] SET = 0, FnV = 0
[ 136.752481] EA = 0, S1PTW = 0
[ 136.755635] Data abort info:
[ 136.758514] ISV = 0, ISS = 0x00000004
[ 136.762487] CM = 0, WnR = 0
[ 136.765522] user pgtable: 4k pages, 48-bit VAs, pgdp =
000000005c4e2577
[ 136.772265] [
0000000000000000] pgd=
0000000000000000
[ 136.777160] Internal error: Oops:
96000004 [#1] PREEMPT SMP
[ 136.782732] Modules linked in: brcmfmac(O) brcmutil(O) cfg80211(O) compat(O)
[ 136.789788] Process wificond (pid: 3175, stack limit = 0x00000000053048fb)
[ 136.796664] CPU: 3 PID: 3175 Comm: wificond Tainted: G O
4.19.42-00001-g531a5f5 #1
[ 136.805532] Hardware name: Freescale i.MX8MQ EVK (DT)
[ 136.810584] pstate:
60400005 (nZCv daif +PAN -UAO)
[ 136.815429] pc : brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]
[ 136.821811] lr : brcmf_pno_config_sched_scans+0x67c/0xa80 [brcmfmac]
[ 136.828162] sp :
ffff00000e9a3880
[ 136.831475] x29:
ffff00000e9a3890 x28:
ffff800020543400
[ 136.836786] x27:
ffff8000b1008880 x26:
ffff0000012bf6a0
[ 136.842098] x25:
ffff80002054345c x24:
ffff800088d22400
[ 136.847409] x23:
ffff0000012bf638 x22:
ffff0000012bf6d8
[ 136.852721] x21:
ffff8000aced8fc0 x20:
ffff8000ac164400
[ 136.858032] x19:
ffff00000e9a3946 x18:
0000000000000000
[ 136.863343] x17:
0000000000000000 x16:
0000000000000000
[ 136.868655] x15:
ffff0000093f3b37 x14:
0000000000000050
[ 136.873966] x13:
0000000000003135 x12:
0000000000000000
[ 136.879277] x11:
0000000000000000 x10:
ffff000009a61888
[ 136.884589] x9 :
000000000000000f x8 :
0000000000000008
[ 136.889900] x7 :
303a32303d726464 x6 :
ffff00000a1f957d
[ 136.895211] x5 :
0000000000000000 x4 :
ffff00000e9a3942
[ 136.900523] x3 :
0000000000000000 x2 :
ffff0000012cead8
[ 136.905834] x1 :
ffff0000012bf6d8 x0 :
0000000000000000
[ 136.911146] Call trace:
[ 136.913623] brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]
[ 136.919658] brcmf_pno_start_sched_scan+0xa4/0x118 [brcmfmac]
[ 136.925430] brcmf_cfg80211_sched_scan_start+0x80/0xe0 [brcmfmac]
[ 136.931636] nl80211_start_sched_scan+0x140/0x308 [cfg80211]
[ 136.937298] genl_rcv_msg+0x358/0x3f4
[ 136.940960] netlink_rcv_skb+0xb4/0x118
[ 136.944795] genl_rcv+0x34/0x48
[ 136.947935] netlink_unicast+0x264/0x300
[ 136.951856] netlink_sendmsg+0x2e4/0x33c
[ 136.955781] __sys_sendto+0x120/0x19c
Signed-off-by: Wright Feng <wright.feng@cypress.com>
Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Alvin Šipraga <alsi@bang-olufsen.dk>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220722115632.620681-4-alvin@pqrs.dk
projects / platform / kernel / linux-rpi.git / commit