From e6a7eacfeac6bfcc6ffd7efca766b1e85e1b133d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Mon, 18 Nov 2019 14:45:59 +0100 Subject: [PATCH] mac80211: brcmfmac: fix PCIe reset crash and WARNING MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Rafał Miłecki (cherry picked from commit cde8c2f2fba019c4cd3b9f6ad463ff86cc783061) --- ...ble-PCIe-interrupts-before-bus-reset.patch | 54 +++++++++++++++++++ ...ove-monitor-interface-when-detaching.patch | 30 +++++++++++ ...-register-wiphy-s-during-module_init.patch | 2 +- 3 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 package/kernel/mac80211/patches/501-brcmfmac-disable-PCIe-interrupts-before-bus-reset.patch create mode 100644 package/kernel/mac80211/patches/502-brcmfmac-remove-monitor-interface-when-detaching.patch diff --git a/package/kernel/mac80211/patches/501-brcmfmac-disable-PCIe-interrupts-before-bus-reset.patch b/package/kernel/mac80211/patches/501-brcmfmac-disable-PCIe-interrupts-before-bus-reset.patch new file mode 100644 index 0000000000..a9b4e8fc79 --- /dev/null +++ b/package/kernel/mac80211/patches/501-brcmfmac-disable-PCIe-interrupts-before-bus-reset.patch @@ -0,0 +1,54 @@ +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Mon, 18 Nov 2019 11:52:41 +0100 +Subject: [PATCH FIX] brcmfmac: disable PCIe interrupts before bus reset +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Keeping interrupts on could result in brcmfmac freeing some resources +and then IRQ handlers trying to use them. That was obviously a straight +path for crashing a kernel. + +Example: +CPU0 CPU1 +---- ---- +brcmf_pcie_reset + brcmf_pcie_bus_console_read + brcmf_detach + ... + brcmf_fweh_detach + brcmf_proto_detach + brcmf_pcie_isr_thread + ... + brcmf_proto_msgbuf_rx_trigger + ... + drvr->proto->pd + brcmf_pcie_release_irq + +[ 363.789218] Unable to handle kernel NULL pointer dereference at virtual address 00000038 +[ 363.797339] pgd = c0004000 +[ 363.800050] [00000038] *pgd=00000000 +[ 363.803635] Internal error: Oops: 17 [#1] SMP ARM +(...) +[ 364.029209] Backtrace: +[ 364.031725] [] (brcmf_proto_msgbuf_rx_trigger [brcmfmac]) from [] (brcmf_pcie_isr_thread+0x228/0x274 [brcmfmac]) +[ 364.043662] r7:00000001 r6:c8ca0000 r5:00010000 r4:c7b4f800 + +Fixes: 4684997d9eea ("brcmfmac: reset PCIe bus on a firmware crash") +Cc: stable@vger.kernel.org # v5.2+ +Signed-off-by: Rafał Miłecki +--- + drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c +@@ -1437,6 +1437,8 @@ static int brcmf_pcie_reset(struct devic + struct brcmf_fw_request *fwreq; + int err; + ++ brcmf_pcie_intr_disable(devinfo); ++ + brcmf_pcie_bus_console_read(devinfo, true); + + brcmf_detach(dev); diff --git a/package/kernel/mac80211/patches/502-brcmfmac-remove-monitor-interface-when-detaching.patch b/package/kernel/mac80211/patches/502-brcmfmac-remove-monitor-interface-when-detaching.patch new file mode 100644 index 0000000000..b6c75181ee --- /dev/null +++ b/package/kernel/mac80211/patches/502-brcmfmac-remove-monitor-interface-when-detaching.patch @@ -0,0 +1,30 @@ +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Mon, 18 Nov 2019 13:35:20 +0100 +Subject: [PATCH 5.5] brcmfmac: remove monitor interface when detaching +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes a minor WARNING in the cfg80211: +[ 130.658034] ------------[ cut here ]------------ +[ 130.662805] WARNING: CPU: 1 PID: 610 at net/wireless/core.c:954 wiphy_unregister+0xb4/0x198 [cfg80211] + +Signed-off-by: Rafał Miłecki +--- + drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c +@@ -1380,6 +1380,11 @@ void brcmf_detach(struct device *dev) + brcmf_fweh_detach(drvr); + brcmf_proto_detach(drvr); + ++ if (drvr->mon_if) { ++ brcmf_net_detach(drvr->mon_if->ndev, false); ++ drvr->mon_if = NULL; ++ } ++ + /* make sure primary interface removed last */ + for (i = BRCMF_MAX_IFS - 1; i > -1; i--) { + if (drvr->iflist[i]) diff --git a/package/kernel/mac80211/patches/860-brcmfmac-register-wiphy-s-during-module_init.patch b/package/kernel/mac80211/patches/860-brcmfmac-register-wiphy-s-during-module_init.patch index f640ae0748..f25346d945 100644 --- a/package/kernel/mac80211/patches/860-brcmfmac-register-wiphy-s-during-module_init.patch +++ b/package/kernel/mac80211/patches/860-brcmfmac-register-wiphy-s-during-module_init.patch @@ -13,7 +13,7 @@ Signed-off-by: Rafał Miłecki --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c -@@ -1481,6 +1481,7 @@ int __init brcmf_core_init(void) +@@ -1486,6 +1486,7 @@ int __init brcmf_core_init(void) { if (!schedule_work(&brcmf_driver_work)) return -EBUSY; -- 2.30.2