Commit beaa2ecc authored by Rafał Miłecki's avatar Rafał Miłecki

mac80211: brcmfmac: fix PCIe reset crash and WARNING

Signed-off-by: default avatarRafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cde8c2f2)
parent 0d38db6a
From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
Date: Mon, 18 Nov 2019 11:52:41 +0100
Subject: [PATCH FIX] brcmfmac: disable PCIe interrupts before bus reset
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Keeping interrupts on could result in brcmfmac freeing some resources
and then IRQ handlers trying to use them. That was obviously a straight
path for crashing a kernel.
Example:
CPU0 CPU1
---- ----
brcmf_pcie_reset
brcmf_pcie_bus_console_read
brcmf_detach
...
brcmf_fweh_detach
brcmf_proto_detach
brcmf_pcie_isr_thread
...
brcmf_proto_msgbuf_rx_trigger
...
drvr->proto->pd
brcmf_pcie_release_irq
[ 363.789218] Unable to handle kernel NULL pointer dereference at virtual address 00000038
[ 363.797339] pgd = c0004000
[ 363.800050] [00000038] *pgd=00000000
[ 363.803635] Internal error: Oops: 17 [#1] SMP ARM
(...)
[ 364.029209] Backtrace:
[ 364.031725] [<bf243838>] (brcmf_proto_msgbuf_rx_trigger [brcmfmac]) from [<bf2471dc>] (brcmf_pcie_isr_thread+0x228/0x274 [brcmfmac])
[ 364.043662] r7:00000001 r6:c8ca0000 r5:00010000 r4:c7b4f800
Fixes: 4684997d9eea ("brcmfmac: reset PCIe bus on a firmware crash")
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
@@ -1409,6 +1409,8 @@ static int brcmf_pcie_reset(struct devic
u16 bus_nr;
int err;
+ brcmf_pcie_intr_disable(devinfo);
+
brcmf_pcie_bus_console_read(devinfo, true);
brcmf_detach(dev);
From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
Date: Mon, 18 Nov 2019 13:35:20 +0100
Subject: [PATCH 5.5] brcmfmac: remove monitor interface when detaching
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This fixes a minor WARNING in the cfg80211:
[ 130.658034] ------------[ cut here ]------------
[ 130.662805] WARNING: CPU: 1 PID: 610 at net/wireless/core.c:954 wiphy_unregister+0xb4/0x198 [cfg80211]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
@@ -1320,6 +1320,11 @@ void brcmf_detach(struct device *dev)
brcmf_proto_detach(drvr);
brcmf_debug_detach(drvr);
+ if (drvr->mon_if) {
+ brcmf_net_detach(drvr->mon_if->ndev, false);
+ drvr->mon_if = NULL;
+ }
+
/* make sure primary interface removed last */
for (i = BRCMF_MAX_IFS - 1; i > -1; i--) {
if (drvr->iflist[i])
......@@ -13,7 +13,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
@@ -1404,6 +1404,7 @@ int __init brcmf_core_init(void)
@@ -1409,6 +1409,7 @@ int __init brcmf_core_init(void)
{
if (!schedule_work(&brcmf_driver_work))
return -EBUSY;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment