5cdb0ef614
In case USB disconnect happens at the moment transmitting workqueue is in progress the underlying interface may be gone causing a NULL pointer dereference. Add synchronization of the workqueue destruction with the detach implementation in core so that the transmitting workqueue is stopped during detach before the interfaces are removed. Fix following Oops: Unable to handle kernel NULL pointer dereference at virtual address 00000008 pgd = 9e6a802d [00000008] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM Modules linked in: nf_log_ipv4 nf_log_common xt_LOG xt_limit iptable_mangle xt_connmark xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter ip_tables x_tables usb_f_mass_storage usb_f_rndis u_ether usb_serial_simple usbserial cdc_acm brcmfmac brcmutil smsc95xx usbnet ci_hdrc_imx ci_hdrc ulpi usbmisc_imx 8250_exar 8250_pci 8250 8250_base libcomposite configfs udc_core CPU: 0 PID: 7 Comm: kworker/u8:0 Not tainted 4.19.23-00076-g03740aa-dirty #102 Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) Workqueue: brcmf_fws_wq brcmf_fws_dequeue_worker [brcmfmac] PC is at brcmf_txfinalize+0x34/0x90 [brcmfmac] LR is at brcmf_fws_dequeue_worker+0x218/0x33c [brcmfmac] pc : [<7f0dee64>] lr : [<7f0e4140>] psr: 60010093 sp : ee8abef0 ip : 00000000 fp : edf38000 r10: ffffffed r9 : edf38970 r8 :edf38004r7 : edf3e970 r6 : 00000000 r5 : ede69000 r4 : 00000000 r3 : 00000a97 r2 : 00000000 r1 : 0000888e r0 : ede69000 Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: 7d03c04a DAC: 00000051 Process kworker/u8:0 (pid: 7, stack limit = 0x24ec3e04) Stack: (0xee8abef0 to 0xee8ac000) bee0: ede69000 00000000 ed56c3e0 7f0e4140 bf00: 00000001 00000000edf38004edf3e99c ed56c3e0 80d03d00 edfea43a edf3e970 bf20: ee809880 ee804200 ee971100 00000000 edf3e974 00000000 ee804200 80135a70 bf40: 80d03d00 ee804218 ee809880 ee809894 ee804200 80d03d00 ee804218 ee8aa000 bf60: 00000088 80135d5c 00000000 ee829f00 ee829dc0 00000000 ee809880 80135d30 bf80: ee829f1c ee873eac 00000000 8013b1a0 ee829dc0 8013b07c 00000000 00000000 bfa0: 00000000 00000000 00000000 801010e8 00000000 00000000 00000000 00000000 bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [<7f0dee64>] (brcmf_txfinalize [brcmfmac]) from [<7f0e4140>] (brcmf_fws_dequeue_worker+0x218/0x33c [brcmfmac]) [<7f0e4140>] (brcmf_fws_dequeue_worker [brcmfmac]) from [<80135a70>] (process_one_work+0x138/0x3f8) [<80135a70>] (process_one_work) from [<80135d5c>] (worker_thread+0x2c/0x554) [<80135d5c>] (worker_thread) from [<8013b1a0>] (kthread+0x124/0x154) [<8013b1a0>] (kthread) from [<801010e8>] (ret_from_fork+0x14/0x2c) Exception stack(0xee8abfb0 to 0xee8abff8) bfa0: 00000000 00000000 00000000 00000000 bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 Code: e1530001 0a000007 e3560000 e1a00005 (05942008) ---[ end trace 079239dd31c86e90 ]--- Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
167 lines
4.7 KiB
C
167 lines
4.7 KiB
C
/*
|
|
* Copyright (c) 2013 Broadcom Corporation
|
|
*
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
*/
|
|
#ifndef BRCMFMAC_PROTO_H
|
|
#define BRCMFMAC_PROTO_H
|
|
|
|
|
|
enum proto_addr_mode {
|
|
ADDR_INDIRECT = 0,
|
|
ADDR_DIRECT
|
|
};
|
|
|
|
struct brcmf_skb_reorder_data {
|
|
u8 *reorder;
|
|
};
|
|
|
|
struct brcmf_proto {
|
|
int (*hdrpull)(struct brcmf_pub *drvr, bool do_fws,
|
|
struct sk_buff *skb, struct brcmf_if **ifp);
|
|
int (*query_dcmd)(struct brcmf_pub *drvr, int ifidx, uint cmd,
|
|
void *buf, uint len, int *fwerr);
|
|
int (*set_dcmd)(struct brcmf_pub *drvr, int ifidx, uint cmd, void *buf,
|
|
uint len, int *fwerr);
|
|
int (*tx_queue_data)(struct brcmf_pub *drvr, int ifidx,
|
|
struct sk_buff *skb);
|
|
int (*txdata)(struct brcmf_pub *drvr, int ifidx, u8 offset,
|
|
struct sk_buff *skb);
|
|
void (*configure_addr_mode)(struct brcmf_pub *drvr, int ifidx,
|
|
enum proto_addr_mode addr_mode);
|
|
void (*delete_peer)(struct brcmf_pub *drvr, int ifidx,
|
|
u8 peer[ETH_ALEN]);
|
|
void (*add_tdls_peer)(struct brcmf_pub *drvr, int ifidx,
|
|
u8 peer[ETH_ALEN]);
|
|
void (*rxreorder)(struct brcmf_if *ifp, struct sk_buff *skb);
|
|
void (*add_if)(struct brcmf_if *ifp);
|
|
void (*del_if)(struct brcmf_if *ifp);
|
|
void (*reset_if)(struct brcmf_if *ifp);
|
|
int (*init_done)(struct brcmf_pub *drvr);
|
|
void (*debugfs_create)(struct brcmf_pub *drvr);
|
|
void *pd;
|
|
};
|
|
|
|
|
|
int brcmf_proto_attach(struct brcmf_pub *drvr);
|
|
void brcmf_proto_detach_pre_delif(struct brcmf_pub *drvr);
|
|
void brcmf_proto_detach_post_delif(struct brcmf_pub *drvr);
|
|
|
|
static inline int brcmf_proto_hdrpull(struct brcmf_pub *drvr, bool do_fws,
|
|
struct sk_buff *skb,
|
|
struct brcmf_if **ifp)
|
|
{
|
|
struct brcmf_if *tmp = NULL;
|
|
|
|
/* assure protocol is always called with
|
|
* non-null initialized pointer.
|
|
*/
|
|
if (ifp)
|
|
*ifp = NULL;
|
|
else
|
|
ifp = &tmp;
|
|
return drvr->proto->hdrpull(drvr, do_fws, skb, ifp);
|
|
}
|
|
static inline int brcmf_proto_query_dcmd(struct brcmf_pub *drvr, int ifidx,
|
|
uint cmd, void *buf, uint len,
|
|
int *fwerr)
|
|
{
|
|
return drvr->proto->query_dcmd(drvr, ifidx, cmd, buf, len,fwerr);
|
|
}
|
|
static inline int brcmf_proto_set_dcmd(struct brcmf_pub *drvr, int ifidx,
|
|
uint cmd, void *buf, uint len,
|
|
int *fwerr)
|
|
{
|
|
return drvr->proto->set_dcmd(drvr, ifidx, cmd, buf, len, fwerr);
|
|
}
|
|
|
|
static inline int brcmf_proto_tx_queue_data(struct brcmf_pub *drvr, int ifidx,
|
|
struct sk_buff *skb)
|
|
{
|
|
return drvr->proto->tx_queue_data(drvr, ifidx, skb);
|
|
}
|
|
|
|
static inline int brcmf_proto_txdata(struct brcmf_pub *drvr, int ifidx,
|
|
u8 offset, struct sk_buff *skb)
|
|
{
|
|
return drvr->proto->txdata(drvr, ifidx, offset, skb);
|
|
}
|
|
static inline void
|
|
brcmf_proto_configure_addr_mode(struct brcmf_pub *drvr, int ifidx,
|
|
enum proto_addr_mode addr_mode)
|
|
{
|
|
drvr->proto->configure_addr_mode(drvr, ifidx, addr_mode);
|
|
}
|
|
static inline void
|
|
brcmf_proto_delete_peer(struct brcmf_pub *drvr, int ifidx, u8 peer[ETH_ALEN])
|
|
{
|
|
drvr->proto->delete_peer(drvr, ifidx, peer);
|
|
}
|
|
static inline void
|
|
brcmf_proto_add_tdls_peer(struct brcmf_pub *drvr, int ifidx, u8 peer[ETH_ALEN])
|
|
{
|
|
drvr->proto->add_tdls_peer(drvr, ifidx, peer);
|
|
}
|
|
static inline bool brcmf_proto_is_reorder_skb(struct sk_buff *skb)
|
|
{
|
|
struct brcmf_skb_reorder_data *rd;
|
|
|
|
rd = (struct brcmf_skb_reorder_data *)skb->cb;
|
|
return !!rd->reorder;
|
|
}
|
|
|
|
static inline void
|
|
brcmf_proto_rxreorder(struct brcmf_if *ifp, struct sk_buff *skb)
|
|
{
|
|
ifp->drvr->proto->rxreorder(ifp, skb);
|
|
}
|
|
|
|
static inline void
|
|
brcmf_proto_add_if(struct brcmf_pub *drvr, struct brcmf_if *ifp)
|
|
{
|
|
if (!drvr->proto->add_if)
|
|
return;
|
|
drvr->proto->add_if(ifp);
|
|
}
|
|
|
|
static inline void
|
|
brcmf_proto_del_if(struct brcmf_pub *drvr, struct brcmf_if *ifp)
|
|
{
|
|
if (!drvr->proto->del_if)
|
|
return;
|
|
drvr->proto->del_if(ifp);
|
|
}
|
|
|
|
static inline void
|
|
brcmf_proto_reset_if(struct brcmf_pub *drvr, struct brcmf_if *ifp)
|
|
{
|
|
if (!drvr->proto->reset_if)
|
|
return;
|
|
drvr->proto->reset_if(ifp);
|
|
}
|
|
|
|
static inline int
|
|
brcmf_proto_init_done(struct brcmf_pub *drvr)
|
|
{
|
|
if (!drvr->proto->init_done)
|
|
return 0;
|
|
return drvr->proto->init_done(drvr);
|
|
}
|
|
|
|
static inline void
|
|
brcmf_proto_debugfs_create(struct brcmf_pub *drvr)
|
|
{
|
|
drvr->proto->debugfs_create(drvr);
|
|
}
|
|
|
|
#endif /* BRCMFMAC_PROTO_H */
|