wifi: ath12k: check M3 buffer size as well whey trying to reuse it

Currently in recovery/resume cases, we do not free M3 buffer but
instead will reuse it. This is done by checking m3_mem->vaddr: if it
is not NULL we believe M3 buffer is ready and go ahead to reuse it.

Note that m3_mem->size is not checked. This is safe for now because
currently M3 reuse logic only gets executed in recovery/resume cases
and the size keeps unchanged in either of them.

However ideally the size should be checked as well, to make the code
safer. So add the check there. Now if that check fails, free old M3
buffer and reallocate a new one.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

Fixes: 303c017821d8 ("wifi: ath12k: fix kernel crash during resume")
Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://msgid.link/20240425021740.29221-1-quic_bqiang@quicinc.com

diff --git a/drivers/net/wireless/ath/ath12k/qmi.c b/drivers/net/wireless/ath/ath12k/qmi.c
index ebb20fc8e3ba5bdd87926025a872b17da72c2b1d..5484112859a667e26d171eda47346cb7801f51a1 100644 (file)
--- a/drivers/net/wireless/ath/ath12k/qmi.c
+++ b/drivers/net/wireless/ath/ath12k/qmi.c
@@ -2717,6 +2717,19 @@ out:
        return ret;
 }
 
+static void ath12k_qmi_m3_free(struct ath12k_base *ab)
+{
+       struct m3_mem_region *m3_mem = &ab->qmi.m3_mem;
+
+       if (!m3_mem->vaddr)
+               return;
+
+       dma_free_coherent(ab->dev, m3_mem->size,
+                         m3_mem->vaddr, m3_mem->paddr);
+       m3_mem->vaddr = NULL;
+       m3_mem->size = 0;
+}
+
 static int ath12k_qmi_m3_load(struct ath12k_base *ab)
 {
        struct m3_mem_region *m3_mem = &ab->qmi.m3_mem;
@@ -2747,8 +2760,14 @@ static int ath12k_qmi_m3_load(struct ath12k_base *ab)
                m3_len = fw->size;
        }
 
-       if (m3_mem->vaddr)
-               goto skip_m3_alloc;
+       /* In recovery/resume cases, M3 buffer is not freed, try to reuse that */
+       if (m3_mem->vaddr) {
+               if (m3_mem->size >= m3_len)
+                       goto skip_m3_alloc;
+
+               /* Old buffer is too small, free and reallocate */
+               ath12k_qmi_m3_free(ab);
+       }
 
        m3_mem->vaddr = dma_alloc_coherent(ab->dev,
                                           m3_len, &m3_mem->paddr,
@@ -2772,19 +2791,6 @@ out:
        return ret;
 }
 
-static void ath12k_qmi_m3_free(struct ath12k_base *ab)
-{
-       struct m3_mem_region *m3_mem = &ab->qmi.m3_mem;
-
-       if (!m3_mem->vaddr)
-               return;
-
-       dma_free_coherent(ab->dev, m3_mem->size,
-                         m3_mem->vaddr, m3_mem->paddr);
-       m3_mem->vaddr = NULL;
-       m3_mem->size = 0;
-}
-
 static int ath12k_qmi_wlanfw_m3_info_send(struct ath12k_base *ab)
 {
        struct m3_mem_region *m3_mem = &ab->qmi.m3_mem;