| commit | e67fa7fb36b1a982cb1fae132e0703d596b5e1cf | |
| author | Rafał Miłecki <rafal@milecki.pl> | |
| Mon, 18 Nov 2019 11:53:08 +0000 (18 12:53 +0100) | ||
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| Tue, 17 Dec 2019 18:55:52 +0000 (17 19:55 +0100) | ||
| tree | 78ea92c863c6d6b1e50e6f9f4a8ac9ed55a7424e | treesnapshot (tar.gz zip) |
| parent | dc69bd239348021a6de499660189f34d9b6809c7 | commitdiff |
brcmfmac: disable PCIe interrupts before bus reset
commit 5d26a6a6150c486f51ea2aaab33af04db02f63b8 upstream.
Keeping interrupts on could result in brcmfmac freeing some resources
and then IRQ handlers trying to use them. That was obviously a straight
path for crashing a kernel.
Example:
CPU0 CPU1
---- ----
brcmf_pcie_reset
brcmf_pcie_bus_console_read
brcmf_detach
...
brcmf_fweh_detach
brcmf_proto_detach
brcmf_pcie_isr_thread
...
brcmf_proto_msgbuf_rx_trigger
...
drvr->proto->pd
brcmf_pcie_release_irq
[ 363.789218] Unable to handle kernel NULL pointer dereference at virtual address 00000038
[ 363.797339] pgd = c0004000
[ 363.800050] [00000038] *pgd=00000000
[ 363.803635] Internal error: Oops: 17 [#1] SMP ARM
(...)
[ 364.029209] Backtrace:
[ 364.031725] [<bf243838>] (brcmf_proto_msgbuf_rx_trigger [brcmfmac]) from [<bf2471dc>] (brcmf_pcie_isr_thread+0x228/0x274 [brcmfmac])
[ 364.043662] r7:00000001 r6:c8ca0000 r5:00010000 r4:c7b4f800
Fixes: 4684997d9eea ("brcmfmac: reset PCIe bus on a firmware crash")
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5d26a6a6150c486f51ea2aaab33af04db02f63b8 upstream.
Keeping interrupts on could result in brcmfmac freeing some resources
and then IRQ handlers trying to use them. That was obviously a straight
path for crashing a kernel.
Example:
CPU0 CPU1
---- ----
brcmf_pcie_reset
brcmf_pcie_bus_console_read
brcmf_detach
...
brcmf_fweh_detach
brcmf_proto_detach
brcmf_pcie_isr_thread
...
brcmf_proto_msgbuf_rx_trigger
...
drvr->proto->pd
brcmf_pcie_release_irq
[ 363.789218] Unable to handle kernel NULL pointer dereference at virtual address 00000038
[ 363.797339] pgd = c0004000
[ 363.800050] [00000038] *pgd=00000000
[ 363.803635] Internal error: Oops: 17 [#1] SMP ARM
(...)
[ 364.029209] Backtrace:
[ 364.031725] [<bf243838>] (brcmf_proto_msgbuf_rx_trigger [brcmfmac]) from [<bf2471dc>] (brcmf_pcie_isr_thread+0x228/0x274 [brcmfmac])
[ 364.043662] r7:00000001 r6:c8ca0000 r5:00010000 r4:c7b4f800
Fixes: 4684997d9eea ("brcmfmac: reset PCIe bus on a firmware crash")
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | diffblobblamehistory |