Rafał Miłecki wrote:
> From: Rafał Miłecki <rafal@xxxxxxxxxx>
>
> Keeping interrupts on could result in brcmfmac freeing some resources
> and then IRQ handlers trying to use them. That was obviously a straight
> path for crashing a kernel.
>
> Example:
> CPU0 CPU1
> ---- ----
> brcmf_pcie_reset
> brcmf_pcie_bus_console_read
> brcmf_detach
> ...
> brcmf_fweh_detach
> brcmf_proto_detach
> brcmf_pcie_isr_thread
> ...
> brcmf_proto_msgbuf_rx_trigger
> ...
> drvr->proto->pd
> brcmf_pcie_release_irq
>
> [ 363.789218] Unable to handle kernel NULL pointer dereference at virtual address 00000038
> [ 363.797339] pgd = c0004000
> [ 363.800050] [00000038] *pgd=00000000
> [ 363.803635] Internal error: Oops: 17 [#1] SMP ARM
> (...)
> [ 364.029209] Backtrace:
> [ 364.031725] [<bf243838>] (brcmf_proto_msgbuf_rx_trigger [brcmfmac]) from [<bf2471dc>] (brcmf_pcie_isr_thread+0x228/0x274 [brcmfmac])
> [ 364.043662] r7:00000001 r6:c8ca0000 r5:00010000 r4:c7b4f800
>
> Fixes: 4684997d9eea ("brcmfmac: reset PCIe bus on a firmware crash")
> Cc: stable@xxxxxxxxxxxxxxx # v5.2+
> Signed-off-by: Rafał Miłecki <rafal@xxxxxxxxxx>
Patch applied to wireless-drivers-next.git, thanks.
5d26a6a6150c brcmfmac: disable PCIe interrupts before bus reset
--
https://patchwork.kernel.org/patch/11249683/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
