Rafał Miłecki <zajec5@xxxxxxxxx> writes:
> From: Hante Meuleman <meuleman@xxxxxxxxxxxx>
>
> New generation devices have firmware which has more than 256 flowrings.
> E.g. following debugging message comes from 14e4:4365 BCM4366:
> [ 194.606245] brcmfmac: brcmf_pcie_init_ringbuffers Nr of flowrings is 264
>
> At various code places (related to flowrings) we were using u8 which
> could lead to storing wrong number or infinite loops when indexing with
> this type. This issue was quite easy to spot in brcmf_flowring_detach
> where it led to infinite loop e.g. on failed initialization.
>
> This patch switches code to proper types and increases the maximum
> number of supported flowrings to 512.
>
> Originally this change was sent in September 2015, but back it was
> causing a regression on BCM43602 resulting in:
> Unable to handle kernel NULL pointer dereference at virtual address ...
>
> The reason for this regression was missing update (s/u8/u16) of struct
> brcmf_flowring_ring. This problem was handled in 9f64df9 ("brcmfmac: Fix
> bug in flowring management."). Starting with that it's safe to apply
> this original patch as it doesn't cause a regression anymore.
>
> This patch fixes an infinite loop on BCM4366 which is supported since
> 4.4 so it makes sense to apply it to stable 4.4+.
>
> Cc: <stable@xxxxxxxxxxxxxxx> # 4.4+
> Reviewed-by: Arend Van Spriel <arend@xxxxxxxxxxxx>
> Reviewed-by: Franky (Zhenhui) Lin <frankyl@xxxxxxxxxxxx>
> Reviewed-by: Pieter-Paul Giesberts <pieterpg@xxxxxxxxxxxx>
> Signed-off-by: Hante Meuleman <meuleman@xxxxxxxxxxxx>
> Signed-off-by: Arend van Spriel <arend@xxxxxxxxxxxx>
> Signed-off-by: Rafał Miłecki <zajec5@xxxxxxxxx>
Applied manually, thanks.
--
Kalle Valo
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html