6.14-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Wed, 23 Apr 2025 11:23:12 +0000 (13:23 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Wed, 23 Apr 2025 11:23:12 +0000 (13:23 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 23 Apr 2025 11:23:12 +0000 (13:23 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 23 Apr 2025 11:23:12 +0000 (13:23 +0200)
diff --git a/queue-6.14/series b/queue-6.14/series

index 1e9b1fe2158d47cf09891f7224fa4ba612971b32..40bb08b16af6af405e13b7e689747b07d49de73a 100644 (file)
--- a/queue-6.14/series
+++ b/queue-6.14/series
@@ -238,3 +238,4 @@ revert-wifi-ath12k-fix-invalid-entry-fetch-in-ath12k_dp_mon_srng_process.patch
  mips-dec-declare-which_prom-as-static.patch
  mips-cevt-ds1287-add-missing-ds1287.h-include.patch
  mips-ds1287-match-ds1287_set_base_clock-function-types.patch
+wifi-ath12k-fix-invalid-entry-fetch-in-ath12k_dp_mon_srng_process.patch
diff --git a/queue-6.14/wifi-ath12k-fix-invalid-entry-fetch-in-ath12k_dp_mon_srng_process.patch b/queue-6.14/wifi-ath12k-fix-invalid-entry-fetch-in-ath12k_dp_mon_srng_process.patch

new file mode 100644 (file)

index 0000000..e523dac
--- /dev/null
+++ b/queue-6.14/wifi-ath12k-fix-invalid-entry-fetch-in-ath12k_dp_mon_srng_process.patch
@@ -0,0 +1,45 @@
+From 63fdc4509bcf483e79548de6bc08bf3c8e504bb3 Mon Sep 17 00:00:00 2001
+From: P Praneesh <quic_ppranees@quicinc.com>
+Date: Mon, 23 Dec 2024 11:31:24 +0530
+Subject: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
+
+From: P Praneesh <quic_ppranees@quicinc.com>
+
+commit 63fdc4509bcf483e79548de6bc08bf3c8e504bb3 upstream.
+
+Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry
+to fetch the next entry from the destination ring. This is incorrect because
+ath12k_hal_srng_src_get_next_entry is intended for source rings, not destination
+rings. This leads to invalid entry fetches, causing potential data corruption or
+crashes due to accessing incorrect memory locations. This happens because the
+source ring and destination ring have different handling mechanisms and using
+the wrong function results in incorrect pointer arithmetic and ring management.
+
+To fix this issue, replace the call to ath12k_hal_srng_src_get_next_entry with
+ath12k_hal_srng_dst_get_next_entry in ath12k_dp_mon_srng_process. This ensures
+that the correct function is used for fetching entries from the destination
+ring, preventing invalid memory accesses.
+
+Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1
+Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
+
+Signed-off-by: P Praneesh <quic_ppranees@quicinc.com>
+Link: https://patch.msgid.link/20241223060132.3506372-7-quic_ppranees@quicinc.com
+Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
+Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/wireless/ath/ath12k/dp_mon.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath12k/dp_mon.c
++++ b/drivers/net/wireless/ath/ath12k/dp_mon.c
+@@ -2054,7 +2054,7 @@ int ath12k_dp_mon_srng_process(struct at
+               dest_idx = 0;
+ move_next:
+               ath12k_dp_mon_buf_replenish(ab, buf_ring, 1);
+-              ath12k_hal_srng_src_get_next_entry(ab, srng);
++              ath12k_hal_srng_dst_get_next_entry(ab, srng);
+               num_buffs_reaped++;
+       }
+
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 23 Apr 2025 11:23:12 +0000 (13:23 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 23 Apr 2025 11:23:12 +0000 (13:23 +0200)
queue-6.14/series		patch \| blob \| blame \| history
queue-6.14/wifi-ath12k-fix-invalid-entry-fetch-in-ath12k_dp_mon_srng_process.patch	[new file with mode: 0644]	patch \| blob