iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1c626cf472
linux/drivers/net/wireless
History
Arend van Spriel 1c626cf472 brcmfmac: only call brcmf_cfg80211_detach() when attach was successful 
In brcmf_bus_start() the function brcmf_cfg80211_attach() is called which
may fail. If this happens we should not call brcmf_cfg80211_detach() in
the failure path as it will result in NULL pointer dereference:

  brcmf_fweh_activate_events: Set event_msgs error (-5)
  brcmf_bus_start: failed: -5
  brcmf_sdio_firmware_callback: dongle is not responding
  BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
  IP: [<ffffffff811e8f08>] kernfs_find_ns+0x18/0xd0
  PGD 0
  Oops: 0000 [#1] SMP
  Modules linked in: brcmfmac(O) brcmutil(O) cfg80211 auth_rpcgss
  CPU: 1 PID: 45 Comm: kworker/1:1 Tainted: G           O
  Hardware name: Dell Inc. Latitude E6410/07XJP9, BIOS A07 02/15/2011
  Workqueue: events request_firmware_work_func
  task: ffff880036c09ac0 ti: ffff880036dd4000 task.ti: ffff880036dd4000
  RIP: 0010:[<ffffffff811e8f08>]  [<ffffffff811e8f08>] kernfs_find_ns+0x18/0xd0
  RSP: 0018:ffff880036dd7a28  EFLAGS: 00010246
  RAX: ffff880036c09ac0 RBX: 0000000000000000 RCX: 000000007fffffff
  RDX: 0000000000000000 RSI: ffffffff816578b9 RDI: 0000000000000000
  RBP: ffff880036dd7a48 R08: 0000000000000000 R09: ffff880036c0b340
  R10: 00000000000002ec R11: ffff880036dd7b08 R12: ffffffff816578b9
  R13: 0000000000000000 R14: ffffffff816578b9 R15: ffff8800c6c87000
  FS:  0000000000000000(0000) GS:ffff88012bc40000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: 0000000000000068 CR3: 0000000001a0b000 CR4: 00000000000006e0
  Stack:
   0000000000000000 ffffffff816578b9 0000000000000000 ffff8800c0d003c8
   ffff880036dd7a78 ffffffff811e8ff5 0000000ffffffff1 ffffffff81a9b060
   ffff8800c789f880 ffff8800c0d00000 ffff880036dd7a98 ffffffff811ebe0d
  Call Trace:
   [<ffffffff811e8ff5>] kernfs_find_and_get_ns+0x35/0x60
   [<ffffffff811ebe0d>] sysfs_unmerge_group+0x1d/0x60
   [<ffffffff81404ef2>] dpm_sysfs_remove+0x22/0x60
   [<ffffffff813f9db9>] device_del+0x49/0x240
   [<ffffffff815da768>] rfkill_unregister+0x58/0xc0
   [<ffffffffa06bd91b>] wiphy_unregister+0xab/0x2f0 [cfg80211]
   [<ffffffffa0742fe3>] brcmf_cfg80211_detach+0x23/0x50 [brcmfmac]
   [<ffffffffa074d986>] brcmf_detach+0x86/0xe0 [brcmfmac]
   [<ffffffffa0757de8>] brcmf_sdio_remove+0x48/0x120 [brcmfmac]
   [<ffffffffa0758ed9>] brcmf_sdiod_remove+0x29/0xd0 [brcmfmac]
   [<ffffffffa0759031>] brcmf_ops_sdio_remove+0xb1/0x110 [brcmfmac]
   [<ffffffffa001c267>] sdio_bus_remove+0x37/0x100 [mmc_core]
   [<ffffffff813fe026>] __device_release_driver+0x96/0x130
   [<ffffffff813fe0e3>] device_release_driver+0x23/0x30
   [<ffffffffa0754bc8>] brcmf_sdio_firmware_callback+0x2a8/0x5d0 [brcmfmac]
   [<ffffffffa074deaf>] brcmf_fw_request_nvram_done+0x15f/0x5e0 [brcmfmac]
   [<ffffffff8140142f>] ? devres_add+0x3f/0x50
   [<ffffffff810642b5>] ? usermodehelper_read_unlock+0x15/0x20
   [<ffffffff81400000>] ? platform_match+0x70/0xa0
   [<ffffffff8140f400>] request_firmware_work_func+0x30/0x60
   [<ffffffff8106828c>] process_one_work+0x14c/0x3d0
   [<ffffffff8106862a>] worker_thread+0x11a/0x450
   [<ffffffff81068510>] ? process_one_work+0x3d0/0x3d0
   [<ffffffff8106d692>] kthread+0xd2/0xf0
   [<ffffffff8106d5c0>] ? kthread_create_on_node+0x180/0x180
   [<ffffffff815ed35f>] ret_from_fork+0x3f/0x70
   [<ffffffff8106d5c0>] ? kthread_create_on_node+0x180/0x180
  Code: e9 40 fe ff ff 48 89 d8 eb 87 66 0f 1f 84 00 00 00 00 00 66 66 66 66
	90 55 48 89 e5 41 56 49 89 f6 41 55 49 89 d5 31 d2 41 54 53 <0f> b7
	47 68 48 8b 5f 48 66 c1 e8 05 83 e0 01 4d 85 ed 0f b6 c8
  RIP  [<ffffffff811e8f08>] kernfs_find_ns+0x18/0xd0
   RSP <ffff880036dd7a28>
  CR2: 0000000000000068
  ---[ end trace 87d6ec0d3fe46740 ]---

Reported-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2015-09-29 10:28:37 +03:00
..
ath ath9k_htc: introduce support for different fw versions 2015-09-18 10:40:14 +03:00
b43 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-08-13 16:23:11 -07:00
b43legacy mac80211: convert HW flags to unsigned long bitmap 2015-06-10 16:05:36 +02:00
brcm80211 brcmfmac: only call brcmf_cfg80211_detach() when attach was successful 2015-09-29 10:28:37 +03:00
cw1200 wireless: cw1200: Remove redundant spi driver bus initialization 2015-07-21 16:43:46 +03:00
hostap net: hostap: convert to using IFF_NO_QUEUE 2015-08-18 11:55:07 -07:00
ipw2x00 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-09-03 08:08:17 -07:00
iwlegacy iwlegacy: convert hex_dump_to_buffer() to %*ph 2015-07-21 18:08:21 +03:00
iwlwifi iwlwifi: mvm: add debug print for d0i3 exit indication 2015-09-21 18:08:46 +03:00
libertas cfg80211: properly send NL80211_ATTR_DISCONNECTED_BY_AP in disconnect 2015-05-26 15:21:27 +02:00
libertas_tf Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
mediatek mt7601u: lock out rx path and tx status reporting 2015-08-10 22:19:35 +03:00
mwifiex mwifiex: claim sdio bus while downloading the firmware 2015-08-13 15:35:55 +03:00
orinoco orinoco: Do not call wiphy_unregister() from free_orinocodev() 2015-08-13 15:36:47 +03:00
p54 mac80211: convert HW flags to unsigned long bitmap 2015-06-10 16:05:36 +02:00
prism54
rsi rsi: Fix possible leak when loading firmware 2015-08-25 15:37:41 +03:00
rt2x00 Major changes: 2015-08-20 14:13:25 -07:00
rtl818x mac80211: convert HW flags to unsigned long bitmap 2015-06-10 16:05:36 +02:00
rtlwifi rtlwifi: rtl8192cu: Add new device ID 2015-08-25 15:25:19 +03:00
ti wl18xx: add diversity statistics 2015-08-18 09:06:06 +03:00
zd1211rw mac80211: convert HW flags to unsigned long bitmap 2015-06-10 16:05:36 +02:00
adm8211.c mac80211: convert HW flags to unsigned long bitmap 2015-06-10 16:05:36 +02:00
adm8211.h
airo_cs.c
airo.c
airo.h
at76c50x-usb.c mac80211: convert HW flags to unsigned long bitmap 2015-06-10 16:05:36 +02:00
at76c50x-usb.h mac80211: remove support for IFF_PROMISC 2015-04-24 11:14:13 +02:00
atmel_cs.c
atmel_pci.c
atmel.c
atmel.h
Kconfig add mt7601u driver 2015-05-28 11:33:20 +03:00
mac80211_hwsim.c net: mac80211_hwsim: convert to using IFF_NO_QUEUE 2015-08-18 11:55:07 -07:00
mac80211_hwsim.h
Makefile add mt7601u driver 2015-05-28 11:33:20 +03:00
mwl8k.c mwl8k: refactor some conditionals for clarity 2015-08-18 09:03:22 +03:00
ray_cs.c ray_cs: Change 1 to true for bool type variable. 2015-06-02 23:30:14 +03:00
ray_cs.h
rayctl.h
rndis_wlan.c new driver mt7601u for MediaTek Wi-Fi devices MT7601U 2015-06-03 23:44:57 -07:00
wl3501_cs.c
wl3501.h
zd1201.c
zd1201.h