linux/drivers
Miaoqing Pan 07246c1158 ath9k: fix an invalid pointer dereference in ath9k_rng_stop()
The bug was triggered when do suspend/resuming continuously
on Dell XPS L322X/0PJHXN version 9333 (2013) with kernel
4.12.0-041200rc4-generic. But can't reproduce on DELL
E5440 + AR9300 PCIE chips.

The warning is caused by accessing invalid pointer sc->rng_task.
sc->rng_task is not be cleared after kthread_stop(sc->rng_task)
be called in ath9k_rng_stop(). Because the kthread is stopped
before ath9k_rng_kthread() be scheduled.

So set sc->rng_task to null after kthread_stop(sc->rng_task) to
resolve this issue.

WARNING: CPU: 0 PID: 984 at linux/kernel/kthread.c:71 kthread_stop+0xf1/0x100
CPU: 0 PID: 984 Comm: NetworkManager Not tainted 4.12.0-041200rc4-generic #201706042031
Hardware name: Dell Inc.          Dell System XPS L322X/0PJHXN, BIOS A09 05/15/2013
task: ffff950170fdda00 task.stack: ffffa22c01538000
RIP: 0010:kthread_stop+0xf1/0x100
RSP: 0018:ffffa22c0153b5b0 EFLAGS: 00010246
RAX: ffffffffa6257800 RBX: ffff950171b79560 RCX: 0000000000000000
RDX: 0000000080000000 RSI: 000000007fffffff RDI: ffff9500ac9a9680
RBP: ffffa22c0153b5c8 R08: 0000000000000000 R09: 0000000000000000
R10: ffffa22c0153b648 R11: ffff9501768004b8 R12: ffff9500ac9a9680
R13: ffff950171b79f70 R14: ffff950171b78780 R15: ffff9501749dc018
FS:  00007f0d6bfd5540(0000) GS:ffff95017f200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc190161a08 CR3: 0000000232906000 CR4: 00000000001406f0
Call Trace:
  ath9k_rng_stop+0x1a/0x20 [ath9k]
  ath9k_stop+0x3b/0x1d0 [ath9k]
  drv_stop+0x33/0xf0 [mac80211]
  ieee80211_stop_device+0x43/0x50 [mac80211]
  ieee80211_do_stop+0x4f2/0x810 [mac80211]

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=196043
Reported-by: Giulio Genovese <giulio.genovese@gmail.com>
Tested-by: Giulio Genovese <giulio.genovese@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Miaoqing Pan <miaoqing@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2017-06-28 19:54:33 +03:00
..
accessibility
acpi Merge branch 'acpica-fixes' 2017-06-15 01:52:32 +02:00
amba
android
ata libata: fix error checking in in ata_parse_force_one() 2017-05-31 14:26:26 -04:00
atm networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
auxdisplay Merge branch 'for-4.11/libnvdimm' into for-4.12/dax 2017-04-12 21:59:01 -07:00
base Merge branches 'intel_pstate' and 'pm-sleep' 2017-06-09 01:25:16 +02:00
bcma
block Fix loop device flush before configure v3 2017-06-08 08:04:18 -06:00
bluetooth networking: add and use skb_put_u8() 2017-06-16 11:48:40 -04:00
bus
cdrom scsi: introduce a result field in struct scsi_request 2017-04-20 12:16:10 -06:00
char networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
clk Allwinner clock fixes for 4.12 2017-06-14 16:48:03 -07:00
clocksource Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-12 10:43:25 -07:00
connector
cpufreq Merge branches 'pm-cpufreq', 'pm-cpuidle' and 'pm-devfreq' 2017-06-15 01:51:33 +02:00
cpuidle Merge branches 'pm-cpufreq', 'pm-cpuidle' and 'pm-devfreq' 2017-06-15 01:51:33 +02:00
crypto net: introduce __skb_put_[zero, data, u8] 2017-06-20 13:30:14 -04:00
dax device-dax: fix 'dax' device filesystem inode destruction crash 2017-06-09 08:50:49 -07:00
dca
devfreq PM / devfreq: exynos-ppmu: Staticize event list 2017-06-12 10:12:07 +09:00
dio
dma dmaengine: pl330: fix warning in pl330_remove 2017-06-02 11:49:44 +05:30
dma-buf dma-buf: Rename dma-ops to prevent conflict with kunmap_atomic macro 2017-04-20 13:47:46 +05:30
edac EDAC, amd64: Fix reporting of Chip Select sizes on Fam17h 2017-05-03 16:27:36 +02:00
eisa
extcon
firewire networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
firmware Merge branch 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2017-06-16 17:13:06 +09:00
fmc
fpga fpga fr br: update supported version numbers 2017-04-26 11:38:56 +02:00
fsi
gpio gpio: mvebu: fix gpio bank registration when pwm is used 2017-06-09 09:38:27 +02:00
gpu Merge tag 'drm-intel-fixes-2017-06-15' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes 2017-06-16 10:01:52 +10:00
hid Merge branch 'for-4.12/upstream-fixes' into for-linus 2017-06-20 10:52:46 +02:00
hsi hsi: Fix build regression due to netdev destructor fix. 2017-06-08 10:16:05 -04:00
hv char/misc patches for 4.12-rc1 2017-05-04 19:15:35 -07:00
hwmon hwmon: (aspeed-pwm-tacho) make fan/pwm names start with index 1 2017-06-03 03:55:43 -07:00
hwspinlock
hwtracing drivers/hwtracing/intel_th/msu.c: use set_memory.h header 2017-05-08 17:15:14 -07:00
i2c i2c: ismt: fix wrong device address when unmap the data buffer 2017-06-15 16:07:03 +02:00
ide ide: don't call memcpy with the same source and destination 2017-05-08 17:36:39 -04:00
idle x86/intel_idle: add Gemini Lake support 2017-05-01 23:17:37 +02:00
iio iio: buffer-dmaengine: Add missing header buffer_impl.h 2017-06-13 20:56:05 +01:00
infiniband net: add netlink_ext_ack argument to rtnl_link_ops.changelink 2017-06-26 23:13:22 -04:00
input Input: synaptics-rmi4 - register F03 port as pass-through serio 2017-06-09 09:57:19 -07:00
iommu iommu/of: Ignore all errors except EPROBE_DEFER 2017-05-30 11:31:32 +02:00
ipack
irqchip Xtensa fixes for v4.12-rc6 2017-06-13 15:09:10 +09:00
isdn idsn: fix wrong skb_put() used 2017-06-21 09:46:02 -04:00
leds LED fixes for 4.12-rc6 2017-06-18 08:51:35 +09:00
lguest
lightnvm lightnvm: fix bad back free on error path 2017-05-04 07:53:04 -06:00
macintosh DeviceTree for 4.12: 2017-05-05 19:33:07 -07:00
mailbox mailbox: handle empty message in tx_tick 2017-04-27 16:20:04 +05:30
mcb
md md: initialise ->writes_pending in personality modules. 2017-06-05 16:04:35 -07:00
media networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
memory Merge tag 'at91-4.12-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux into fixes 2017-06-01 17:07:31 -07:00
memstick
message scsi: mpt: Move scsi_remove_host() out of mptscsih_remove_host() 2017-04-24 18:21:17 -04:00
mfd mfd: axp20x: Support AXP803 variant 2017-04-27 11:54:49 +01:00
misc networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
mmc mmc: meson-gx: work around broken SDIO with certain WiFi chips 2017-06-12 08:58:16 +02:00
mtd mtd: nand: make nand_ooblayout_lp_hamming_ops static 2017-05-22 09:42:29 +02:00
net ath9k: fix an invalid pointer dereference in ath9k_rng_stop() 2017-06-28 19:54:33 +03:00
nfc net: manual clean code which call skb_put_[data:zero] 2017-06-20 13:30:15 -04:00
ntb ntb: no sleep in ntb_async_tx_submit 2017-06-19 14:24:41 -04:00
nubus nubus: Clean up whitespace 2017-04-20 09:54:24 +02:00
nvdimm Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm 2017-05-12 15:43:10 -07:00
nvme nvme: relax APST default max latency to 100ms 2017-06-07 11:08:55 +02:00
nvmem ARM: SoC driver updates 2017-05-09 10:01:15 -07:00
of Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-15 11:59:32 -04:00
oprofile
parisc
parport Annotate hardware config module parameters in drivers/parport/ 2017-04-20 12:02:32 +01:00
pci PCI: endpoint: Select CRC32 to fix test build error 2017-06-12 15:46:13 -05:00
pcmcia Annotation of module parameters that specify device settings 2017-05-10 19:13:03 -07:00
perf drivers/perf: arm_pmu_acpi: avoid perf IRQ init when guest PMU is off 2017-05-30 12:40:03 +01:00
phy phy: qualcomm: phy-qcom-qmp: fix application of sizeof to pointer 2017-06-01 15:03:41 +05:30
pinctrl pinctrl: stm32: Fix bad function call 2017-06-09 10:51:54 +02:00
platform platform-drivers-x86 for v4.12-2 2017-06-16 17:30:44 +09:00
pnp
power power supply and reset changes for the v4.12 series (part 2) 2017-05-12 12:02:21 -07:00
powercap PowerCap: Fix an error code in powercap_register_zone() 2017-05-14 13:30:05 +02:00
pps
ps3
ptp ptp: Add a ptp clock driver for Broadcom DTE 2017-06-15 12:07:15 -04:00
pwm Merge branch 'for-4.12/drivers' into for-next 2017-04-13 17:41:50 +02:00
rapidio char/misc patches for 4.12-rc1 2017-05-04 19:15:35 -07:00
ras
regulator Merge remote-tracking branch 'regulator/topic/vctrl' into regulator-next 2017-04-30 22:17:44 +09:00
remoteproc virtio: fixes, cleanups, performance 2017-05-10 11:33:08 -07:00
reset reset: hi6220: Set module license so that it can be loaded 2017-05-24 10:53:41 +02:00
rpmsg networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
rtc Merge branches 'pm-sleep' and 'powercap' 2017-05-22 20:32:05 +02:00
s390 s390/qeth: use diag26c to get MAC address on L2 2017-06-20 15:44:21 -04:00
sbus
scsi networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
sfi
sh
sn
soc ARM: SoC fixes (and a cross-arch dt-include fix) 2017-05-19 13:36:56 -07:00
spi Merge remote-tracking branches 'spi/topic/ti-qspi' and 'spi/topic/xlp' into spi-next 2017-04-26 15:58:22 +01:00
spmi
ssb ssb: Delete an error message for a failed memory allocation in ssb_devices_register() 2017-05-24 16:46:51 +03:00
staging Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-21 17:35:22 -04:00
target net: introduce __skb_put_[zero, data, u8] 2017-06-20 13:30:14 -04:00
tc
tee Linux 4.12-rc1 2017-05-18 23:54:47 -07:00
thermal thermal: broadcom: ns-thermal: default on iProc SoCs 2017-05-23 20:09:34 -07:00
thunderbolt
tty networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
uio uio: fix incorrect memory leak cleanup 2017-05-16 23:06:41 +02:00
usb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-21 17:35:22 -04:00
uwb uwb: fix device quirk on big-endian hosts 2017-05-17 11:27:41 +02:00
vfio powerpc updates for 4.12 part 1. 2017-05-05 11:36:44 -07:00
vhost vhost_net: try batch dequing from skb array 2017-05-18 10:07:42 -04:00
video video: fbdev: udlfb: drop log level for blanking 2017-06-14 12:40:36 +02:00
virt drivers/virt/fsl_hypervisor.c: use get_user_pages_unlocked() 2017-05-08 17:15:10 -07:00
virtio virtio_balloon: disable VIOMMU support 2017-06-18 23:13:35 +03:00
vlynq
vme
w1
watchdog watchdog: bcm281xx: Fix use of uninitialized spinlock. 2017-05-19 10:42:25 +02:00
xen xen: fix for 4.12 rc5 2017-06-09 09:59:51 -07:00
zorro
Kconfig
Makefile Merge branch 'tee/initial-merge' into fixes 2017-05-10 21:03:31 +02:00