From 07460b92db7c2d0808cfaae02b325a52c2f7c7a8 Mon Sep 17 00:00:00 2001
From: Sven Eckelmann <sven@narfation.org>
Date: Mon, 13 Feb 2017 16:56:48 +0100
Subject: ath9k: Access rchan::buf only with per_cpu helper

The relayfs was changed to use per CPU constructs to handle the rchan
buffers. But the users of the rchan buffers in other parts of the kernel
were not modified. This caused crashes like

  BUG: unable to handle kernel paging request at 00003a5198a0b910
  IP: [<ffffffffa973cb3a>] ath_cmn_process_fft+0xea/0x610
  PGD 0 [  179.522449]
  Oops: 0000 [#1] SMP
  Modules linked in:
  CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.0-rc5 #1
  [...]
  Call Trace:
   <IRQ> [  179.656426]  [<ffffffffa9704373>] ? ath_rx_tasklet+0x2f3/0xd10
   [<ffffffffa9702106>] ? ath9k_tasklet+0x1b6/0x230
   [<ffffffffa90dcbd1>] ? tasklet_action+0xf1/0x100
   [<ffffffffa9a3cb3f>] ? __do_softirq+0xef/0x284
   [<ffffffffa90dd22e>] ? irq_exit+0xae/0xb0
   [<ffffffffa9a3c89f>] ? do_IRQ+0x4f/0xd0
   [<ffffffffa9a3aa42>] ? common_interrupt+0x82/0x82
   <EOI> [  179.703152]  [<ffffffffa9a39c1d>] ? poll_idle+0x2d/0x57
   [<ffffffffa908c845>] ? sched_clock+0x5/0x10
   [<ffffffffa97bc8d6>] ? cpuidle_enter_state+0xf6/0x2d0
   [<ffffffffa911988e>] ? cpu_startup_entry+0x14e/0x230
   [<ffffffffaa3cdf70>] ? start_kernel+0x461/0x481
   [<ffffffffaa3cd120>] ? early_idt_handler_array+0x120/0x120
   [<ffffffffaa3cd413>] ? x86_64_start_kernel+0x14c/0x170
  Code: 31 db 41 be ff ff ff ff 4c 8b 26 48 8b 6e 08 49 8b 84 24 60 05 00
        00 48 8b 00 0f b7 40 04 66 89 44 24 48 eb 11 48 8b 55 40 48 98 <48>
        8b 3c c2 e8 ad a0 a4 ff 01 c3 41 8d 56 01 be 00 02 00 00 48
  RIP  [<ffffffffa973cb3a>] ath_cmn_process_fft+0xea/0x610
   RSP <ffff9b43e7003d20>
  CR2: 00003a5198a0b910

Fixes: 017c59c042d0 ("relay: Use per CPU constructs for the relay channel buffer pointers")
Cc: Akash Goel <akash.goel@intel.com>
Cc: Nick Kossifidis <mickflemm@gmail.com>
Reported-by: Mathias Kretschmer <mathias.kretschmer@fit.fraunhofer.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
---
 drivers/net/wireless/ath/ath9k/common-spectral.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath9k/common-spectral.c b/drivers/net/wireless/ath/ath9k/common-spectral.c
index 789a3dbe8341..0ffa23a61568 100644
--- a/drivers/net/wireless/ath/ath9k/common-spectral.c
+++ b/drivers/net/wireless/ath/ath9k/common-spectral.c
@@ -482,7 +482,7 @@ ath_cmn_is_fft_buf_full(struct ath_spec_scan_priv *spec_priv)
 	struct rchan *rc = spec_priv->rfs_chan_spec_scan;
 
 	for_each_online_cpu(i)
-		ret += relay_buf_full(rc->buf[i]);
+		ret += relay_buf_full(*per_cpu_ptr(rc->buf, i));
 
 	i = num_online_cpus();
 
-- 
cgit v1.2.3-59-g8ed1b