wil6210: fix kernel OOPS when stopping interface during Rx traffic

When network interface is stopping, some resources may
be already released by the network stack, and Rx frames
cause kernel OOPS (observed one is in netfilter code)

Proper solution is to drop packets pending in reorder buffer.

Signed-off-by: Hamad Kadmany <qca_hkadmany@qca.qualcomm.com>
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Maya Erez <qca_merez@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>

diff --git a/drivers/net/wireless/ath/wil6210/rx_reorder.c b/drivers/net/wireless/ath/wil6210/rx_reorder.c
index e3d1be8..32031e7 100644 (file)
--- a/drivers/net/wireless/ath/wil6210/rx_reorder.c
+++ b/drivers/net/wireless/ath/wil6210/rx_reorder.c
@@ -261,9 +261,19 @@ struct wil_tid_ampdu_rx *wil_tid_ampdu_rx_alloc(struct wil6210_priv *wil,
 void wil_tid_ampdu_rx_free(struct wil6210_priv *wil,
                           struct wil_tid_ampdu_rx *r)
 {
+       int i;
+
        if (!r)
                return;
-       wil_release_reorder_frames(wil, r, r->head_seq_num + r->buf_size);
+
+       /* Do not pass remaining frames to the network stack - it may be
+        * not expecting to get any more Rx. Rx from here may lead to
+        * kernel OOPS since some per-socket accounting info was already
+        * released.
+        */
+       for (i = 0; i < r->buf_size; i++)
+               kfree_skb(r->reorder_buf[i]);
+
        kfree(r->reorder_buf);
        kfree(r->reorder_time);
        kfree(r);