openwrtv4/package/kernel/mac80211/patches/322-brcmfmac-only-call-brcmf_cfg80211_detach-when-attach.patch
Rafał Miłecki 2cd72294b6 mac80211: add pending brcmfmac patches fixing multiple interfaces
So far support for multiple interface was somehow broken in brcmfmac.
Driver couldn't correctly match firmware and system interfaces resulting
in not working APs and WARNINGs. This pending patches fixes that :)

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46734
2015-08-26 22:10:14 +00:00

92 lines
4.4 KiB
Diff

From: Arend van Spriel <arend@broadcom.com>
Date: Wed, 26 Aug 2015 22:14:56 +0200
Subject: [PATCH] brcmfmac: only call brcmf_cfg80211_detach() when attach
was successful
In brcmf_bus_start() the function brcmf_cfg80211_attach() is called which
may fail. If this happens we should not call brcmf_cfg80211_detach() in
the failure path as it will result in NULL pointer dereference:
brcmf_fweh_activate_events: Set event_msgs error (-5)
brcmf_bus_start: failed: -5
brcmf_sdio_firmware_callback: dongle is not responding
BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
IP: [<ffffffff811e8f08>] kernfs_find_ns+0x18/0xd0
PGD 0
Oops: 0000 [#1] SMP
Modules linked in: brcmfmac(O) brcmutil(O) cfg80211 auth_rpcgss
CPU: 1 PID: 45 Comm: kworker/1:1 Tainted: G O
Hardware name: Dell Inc. Latitude E6410/07XJP9, BIOS A07 02/15/2011
Workqueue: events request_firmware_work_func
task: ffff880036c09ac0 ti: ffff880036dd4000 task.ti: ffff880036dd4000
RIP: 0010:[<ffffffff811e8f08>] [<ffffffff811e8f08>] kernfs_find_ns+0x18/0xd0
RSP: 0018:ffff880036dd7a28 EFLAGS: 00010246
RAX: ffff880036c09ac0 RBX: 0000000000000000 RCX: 000000007fffffff
RDX: 0000000000000000 RSI: ffffffff816578b9 RDI: 0000000000000000
RBP: ffff880036dd7a48 R08: 0000000000000000 R09: ffff880036c0b340
R10: 00000000000002ec R11: ffff880036dd7b08 R12: ffffffff816578b9
R13: 0000000000000000 R14: ffffffff816578b9 R15: ffff8800c6c87000
FS: 0000000000000000(0000) GS:ffff88012bc40000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000068 CR3: 0000000001a0b000 CR4: 00000000000006e0
Stack:
0000000000000000 ffffffff816578b9 0000000000000000 ffff8800c0d003c8
ffff880036dd7a78 ffffffff811e8ff5 0000000ffffffff1 ffffffff81a9b060
ffff8800c789f880 ffff8800c0d00000 ffff880036dd7a98 ffffffff811ebe0d
Call Trace:
[<ffffffff811e8ff5>] kernfs_find_and_get_ns+0x35/0x60
[<ffffffff811ebe0d>] sysfs_unmerge_group+0x1d/0x60
[<ffffffff81404ef2>] dpm_sysfs_remove+0x22/0x60
[<ffffffff813f9db9>] device_del+0x49/0x240
[<ffffffff815da768>] rfkill_unregister+0x58/0xc0
[<ffffffffa06bd91b>] wiphy_unregister+0xab/0x2f0 [cfg80211]
[<ffffffffa0742fe3>] brcmf_cfg80211_detach+0x23/0x50 [brcmfmac]
[<ffffffffa074d986>] brcmf_detach+0x86/0xe0 [brcmfmac]
[<ffffffffa0757de8>] brcmf_sdio_remove+0x48/0x120 [brcmfmac]
[<ffffffffa0758ed9>] brcmf_sdiod_remove+0x29/0xd0 [brcmfmac]
[<ffffffffa0759031>] brcmf_ops_sdio_remove+0xb1/0x110 [brcmfmac]
[<ffffffffa001c267>] sdio_bus_remove+0x37/0x100 [mmc_core]
[<ffffffff813fe026>] __device_release_driver+0x96/0x130
[<ffffffff813fe0e3>] device_release_driver+0x23/0x30
[<ffffffffa0754bc8>] brcmf_sdio_firmware_callback+0x2a8/0x5d0 [brcmfmac]
[<ffffffffa074deaf>] brcmf_fw_request_nvram_done+0x15f/0x5e0 [brcmfmac]
[<ffffffff8140142f>] ? devres_add+0x3f/0x50
[<ffffffff810642b5>] ? usermodehelper_read_unlock+0x15/0x20
[<ffffffff81400000>] ? platform_match+0x70/0xa0
[<ffffffff8140f400>] request_firmware_work_func+0x30/0x60
[<ffffffff8106828c>] process_one_work+0x14c/0x3d0
[<ffffffff8106862a>] worker_thread+0x11a/0x450
[<ffffffff81068510>] ? process_one_work+0x3d0/0x3d0
[<ffffffff8106d692>] kthread+0xd2/0xf0
[<ffffffff8106d5c0>] ? kthread_create_on_node+0x180/0x180
[<ffffffff815ed35f>] ret_from_fork+0x3f/0x70
[<ffffffff8106d5c0>] ? kthread_create_on_node+0x180/0x180
Code: e9 40 fe ff ff 48 89 d8 eb 87 66 0f 1f 84 00 00 00 00 00 66 66 66 66
90 55 48 89 e5 41 56 49 89 f6 41 55 49 89 d5 31 d2 41 54 53 <0f> b7
47 68 48 8b 5f 48 66 c1 e8 05 83 e0 01 4d 85 ed 0f b6 c8
RIP [<ffffffff811e8f08>] kernfs_find_ns+0x18/0xd0
RSP <ffff880036dd7a28>
CR2: 0000000000000068
---[ end trace 87d6ec0d3fe46740 ]---
Reported-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
---
--- a/drivers/net/wireless/brcm80211/brcmfmac/core.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/core.c
@@ -1049,7 +1049,10 @@ int brcmf_bus_start(struct device *dev)
fail:
if (ret < 0) {
brcmf_err("failed: %d\n", ret);
- brcmf_cfg80211_detach(drvr->config);
+ if (drvr->config) {
+ brcmf_cfg80211_detach(drvr->config);
+ drvr->config = NULL;
+ }
if (drvr->fws) {
brcmf_fws_del_interface(ifp);
brcmf_fws_deinit(drvr);