From 2eda907ab5fa31ee8ed2127f7326d2c5fd63aa12 Mon Sep 17 00:00:00 2001
From: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Date: Thu, 2 Jul 2015 19:13:00 -0600
Subject: net: rmnet_data: Handle info pointer from netdevice notifier

Commit 351638e7deeed2e ("net: pass info struct via netdevice notifier")
adds support for passing a custom struct rather than a net device.

BUG: KASan: out of bounds on stack in rmnet_config_notify_cb+0x11c/0x728i
at addr ffffffc01232fb48
Read of size 8 by task WifiStateMachin/2268
page:ffffffbb056ce3e8 count:0 mapcount:0 mapping:        (null) index:0x2
flags: 0x0()
page dumped because: kasan: bad access detected
CPU: 2 PID: 2268 Comm: WifiStateMachin Tainted: G        W  O
3.18.0-g092b7e8-dirty #6
Hardware name: Qualcomm Technologies, Inc. MSM 8996 v2 + PMI8994 MTP (DT)
Call trace:
[<ffffffc000089c70>] dump_backtrace+0x0/0x1c4
[<ffffffc000089e44>] show_stack+0x10/0x1c
[<ffffffc0010cae0c>] dump_stack+0x74/0xc8
[<ffffffc00020e360>] kasan_report_error+0x2ac/0x3d0
[<ffffffc00020e560>] kasan_report+0x34/0x40
[<ffffffc00020d520>] __asan_load8+0x84/0x90
[<ffffffc0010ba434>] rmnet_config_notify_cb+0x118/0x728
[<ffffffc0000d1858>] notifier_call_chain+0x68/0xb4
[<ffffffc0000d1940>] raw_notifier_call_chain+0x10/0x1c
[<ffffffc000e2a39c>] call_netdevice_notifiers_info+0x60/0x74
[<ffffffc000e2a418>] call_netdevice_notifiers+0x68/0x84
[<ffffffc000e367c8>] netdev_run_todo+0x100/0x348
[<ffffffc000e4545c>] rtnl_unlock+0x8/0x14
[<ffffffc000e31a4c>] unregister_netdev+0x20/0x30
[<ffffffbffc02420c>] hdd_cleanup_adapter+0x88/0x9c [wlan]
[<ffffffbffc026630>] hdd_close_all_adapters+0xc4/0x128 [wlan]
[<ffffffbffc02a8d4>] hdd_wlan_exit+0x660/0x744 [wlan]
[<ffffffbffc02c388>] __hdd_wlan_exit+0x104/0x138 [wlan]
[<ffffffbffc284410>] hif_pci_remove+0x68/0x114 [wlan]
[<ffffffc0007f45c8>] cnss_wlan_unregister_driver+0xa0/0x21c
[<ffffffbffc286118>] hif_unregister_driver+0x14/0x20 [wlan]
[<ffffffbffc2a0288>] hdd_module_exit+0x1b4/0x218 [wlan]
[<ffffffc00014f804>] SyS_delete_module+0x1f4/0x290
Memory state around the buggy address:
ffffffc01232fa00: f1 f1 00 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00
ffffffc01232fa80: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4
>ffffffc01232fb00: f4 f4 f2 f2 f2 f2 00 f4 f4 f4 f2 f2 f2 f2 00 00
                                              ^
ffffffc01232fb80: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00
ffffffc01232fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Update the netdevice callback to handle this change.
Also remove a redundant check for associated devices.

CRs-Fixed: 865889
Change-Id: I96461807631447aef84eb3eac906057e3ce6827c
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
---
 net/rmnet_data/rmnet_data_config.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'net/rmnet_data')

diff --git a/net/rmnet_data/rmnet_data_config.c b/net/rmnet_data/rmnet_data_config.c
index a166a60cd1b7..c49393924e26 100644
--- a/net/rmnet_data/rmnet_data_config.c
+++ b/net/rmnet_data/rmnet_data_config.c
@@ -1195,7 +1195,7 @@ static void rmnet_force_unassociate_device(struct net_device *dev)
 int rmnet_config_notify_cb(struct notifier_block *nb,
 				  unsigned long event, void *data)
 {
-	struct net_device *dev = (struct net_device *)data;
+	struct net_device *dev = netdev_notifier_info_to_dev(data);
 
 	if (!dev)
 		BUG();
@@ -1206,10 +1206,8 @@ int rmnet_config_notify_cb(struct notifier_block *nb,
 	case NETDEV_UNREGISTER_FINAL:
 	case NETDEV_UNREGISTER:
 		trace_rmnet_unregister_cb_entry(dev);
-		if (_rmnet_is_physical_endpoint_associated(dev)) {
-			LOGH("Kernel is trying to unregister %s", dev->name);
-			rmnet_force_unassociate_device(dev);
-		}
+		LOGH("Kernel is trying to unregister %s", dev->name);
+		rmnet_force_unassociate_device(dev);
 		trace_rmnet_unregister_cb_exit(dev);
 		break;
 
-- 
cgit v1.2.3