wifi: ath12k: fix warning when unbinding

If there is an error during some initialization related to firmware,
the buffers dp->tx_ring[i].tx_status are released.
However this is released again when the device is unbinded (ath12k_pci),
and we get:
WARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 free_large_kmalloc+0x4d/0x80
Call Trace:
free_large_kmalloc
ath12k_dp_free
ath12k_core_deinit
ath12k_pci_remove
...

The issue is always reproducible from a VM because the MSI addressing
initialization is failing.

In order to fix the issue, just set the buffers to NULL after releasing in
order to avoid the double free.

cc: stable@vger.kernel.org
Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
Link: https://patch.msgid.link/20241017181004.199589-3-jtornosm@redhat.com
Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>

diff --git a/drivers/net/wireless/ath/ath12k/dp.c b/drivers/net/wireless/ath/ath12k/dp.c
index 959bc516f8b8b99808cb04f9490cb4f730cd5203..c99e9ceb1a6e8ca4187d90b0988f64c2bc92cb36 100644 (file)
--- a/drivers/net/wireless/ath/ath12k/dp.c
+++ b/drivers/net/wireless/ath/ath12k/dp.c
@@ -1286,8 +1286,10 @@ void ath12k_dp_free(struct ath12k_base *ab)
 
        ath12k_dp_rx_reo_cmd_list_cleanup(ab);
 
-       for (i = 0; i < ab->hw_params->max_tx_ring; i++)
+       for (i = 0; i < ab->hw_params->max_tx_ring; i++) {
                kfree(dp->tx_ring[i].tx_status);
+               dp->tx_ring[i].tx_status = NULL;
+       }
 
        ath12k_dp_rx_free(ab);
        /* Deinit any SOC level resource */