From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Michael Trimarchi <michael@amarulasolutions.com>,
Arend van Spriel <arend.vanspriel@broadcom.com>,
Andy Shevchenko <andy.shevchenko@gmail.com>,
Kalle Valo <kvalo@codeaurora.org>,
Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 3.18 29/56] brcmfmac: stop watchdog before detach and free everything
Date: Sun, 26 Aug 2018 08:44:50 +0200 [thread overview]
Message-ID: <20180826064233.790726174@linuxfoundation.org> (raw)
In-Reply-To: <20180826064232.320669119@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Trimarchi <michael@amarulasolutions.com>
[ Upstream commit 373c83a801f15b1e3d02d855fad89112bd4ccbe0 ]
Using built-in in kernel image without a firmware in filesystem
or in the kernel image can lead to a kernel NULL pointer deference.
Watchdog need to be stopped in brcmf_sdio_remove
The system is going down NOW!
[ 1348.110759] Unable to handle kernel NULL pointer dereference at virtual address 000002f8
Sent SIGTERM to all processes
[ 1348.121412] Mem abort info:
[ 1348.126962] ESR = 0x96000004
[ 1348.130023] Exception class = DABT (current EL), IL = 32 bits
[ 1348.135948] SET = 0, FnV = 0
[ 1348.138997] EA = 0, S1PTW = 0
[ 1348.142154] Data abort info:
[ 1348.145045] ISV = 0, ISS = 0x00000004
[ 1348.148884] CM = 0, WnR = 0
[ 1348.151861] user pgtable: 4k pages, 48-bit VAs, pgdp = (____ptrval____)
[ 1348.158475] [00000000000002f8] pgd=0000000000000000
[ 1348.163364] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 1348.168927] Modules linked in: ipv6
[ 1348.172421] CPU: 3 PID: 1421 Comm: brcmf_wdog/mmc0 Not tainted 4.17.0-rc5-next-20180517 #18
[ 1348.180757] Hardware name: Amarula A64-Relic (DT)
[ 1348.185455] pstate: 60000005 (nZCv daif -PAN -UAO)
[ 1348.190251] pc : brcmf_sdiod_freezer_count+0x0/0x20
[ 1348.195124] lr : brcmf_sdio_watchdog_thread+0x64/0x290
[ 1348.200253] sp : ffff00000b85be30
[ 1348.203561] x29: ffff00000b85be30 x28: 0000000000000000
[ 1348.208868] x27: ffff00000b6cb918 x26: ffff80003b990638
[ 1348.214176] x25: ffff0000087b1a20 x24: ffff80003b94f800
[ 1348.219483] x23: ffff000008e620c8 x22: ffff000008f0b660
[ 1348.224790] x21: ffff000008c6a858 x20: 00000000fffffe00
[ 1348.230097] x19: ffff80003b94f800 x18: 0000000000000001
[ 1348.235404] x17: 0000ffffab2e8a74 x16: ffff0000080d7de8
[ 1348.240711] x15: 0000000000000000 x14: 0000000000000400
[ 1348.246018] x13: 0000000000000400 x12: 0000000000000001
[ 1348.251324] x11: 00000000000002c4 x10: 0000000000000a10
[ 1348.256631] x9 : ffff00000b85bc40 x8 : ffff80003be11870
[ 1348.261937] x7 : ffff80003dfc7308 x6 : 000000078ff08b55
[ 1348.267243] x5 : 00000139e1058400 x4 : 0000000000000000
[ 1348.272550] x3 : dead000000000100 x2 : 958f2788d6618100
[ 1348.277856] x1 : 00000000fffffe00 x0 : 0000000000000000
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Tested-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c
+++ b/drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c
@@ -4201,6 +4201,13 @@ void brcmf_sdio_remove(struct brcmf_sdio
brcmf_dbg(TRACE, "Enter\n");
if (bus) {
+ /* Stop watchdog task */
+ if (bus->watchdog_tsk) {
+ send_sig(SIGTERM, bus->watchdog_tsk, 1);
+ kthread_stop(bus->watchdog_tsk);
+ bus->watchdog_tsk = NULL;
+ }
+
/* De-register interrupt handler */
brcmf_sdiod_intr_unregister(bus->sdiodev);
next prev parent reply other threads:[~2018-08-26 6:46 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-26 6:44 [PATCH 3.18 00/56] 3.18.120-stable review Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 01/56] dccp: fix undefined behavior with cwnd shift in ccid2_cwnd_restart() Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 02/56] l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 03/56] llc: use refcount_inc_not_zero() for llc_sap_find() Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 04/56] net_sched: Fix missing res info when create new tc_index filter Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 05/56] net_sched: fix NULL pointer dereference when delete tcindex filter Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 06/56] vsock: split dwork to avoid reinitializations Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 07/56] ALSA: vx222: Fix invalid endian conversions Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 08/56] ALSA: virmidi: Fix too long output trigger loop Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 09/56] ALSA: cs5535audio: Fix invalid endian conversion Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 10/56] ALSA: memalloc: Dont exceed over the requested size Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 11/56] ALSA: vxpocket: Fix invalid endian conversions Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 12/56] USB: serial: sierra: fix potential deadlock at close Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 13/56] serial: 8250_dw: always set baud rate in dw8250_set_termios Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 14/56] Bluetooth: avoid killing an already killed socket Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 15/56] isdn: Disable IIOCDBGVAR Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 16/56] netfilter: ipv6: nf_defrag: reduce struct net memory waste Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 17/56] selftests: sync: add config fragment for testing sync framework Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 18/56] usb: dwc2: fix isoc split in transfer with no data Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 19/56] usb: gadget: composite: fix delayed_status race condition when set_interface Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 20/56] arm64: make secondary_start_kernel() notrace Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 21/56] enic: initialize enic->rfs_h.lock in enic_probe Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 22/56] net: hamradio: use eth_broadcast_addr Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 23/56] net: propagate dev_get_valid_name return code Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 24/56] net: davinci_emac: match the mdio device against its compatible if possible Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 25/56] locking/lockdep: Do not record IRQ state within lockdep code Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 26/56] ipv6: mcast: fix unsolicited report interval after receiving querys Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 27/56] Smack: Mark inode instant in smack_task_to_inode Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 28/56] cxgb4: when disabling dcb set txq dcb priority to 0 Greg Kroah-Hartman
2018-08-26 6:44 ` Greg Kroah-Hartman [this message]
2018-08-26 6:44 ` [PATCH 3.18 30/56] ARM: dts: am437x: make edt-ft5x06 a wakeup source Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 31/56] perf report powerpc: Fix crash if callchain is empty Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 32/56] ARM: dts: da850: Fix interrups property for gpio Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 33/56] dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 34/56] md/raid10: fix that replacement cannot complete recovery after reassemble Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 35/56] drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 36/56] bnx2x: Fix receiving tx-timeout in error or recovery state Greg Kroah-Hartman
2018-08-26 6:44 ` [PATCH 3.18 38/56] ARM: imx_v4_v5_defconfig: Select ULPI support Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 40/56] smsc75xx: Add workaround for gigabit link up hardware errata Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 41/56] netfilter: x_tables: set module owner for icmp(6) matches Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 42/56] ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 43/56] drm/armada: fix colorkey mode property Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 44/56] ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 45/56] ixgbe: Be more careful when modifying MAC filters Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 46/56] qlogic: check kstrtoul() for errors Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 47/56] net: usb: rtl8150: demote allmulti message to dev_dbg() Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 48/56] net: qca_spi: Avoid packet drop during initial sync Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 49/56] net: qca_spi: Make sure the QCA7000 reset is triggered Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 51/56] staging: android: ion: check for kref overflow Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 52/56] xfrm_user: prevent leaking 2 bytes of kernel memory Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 53/56] netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 54/56] packet: refine ring v3 block size test to hold one frame Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 55/56] PCI: hotplug: Dont leak pci_slot on registration failure Greg Kroah-Hartman
2018-08-26 6:45 ` [PATCH 3.18 56/56] reiserfs: fix broken xattr handling (heap corruption, bad retval) Greg Kroah-Hartman
2018-08-26 8:14 ` [PATCH 3.18 00/56] 3.18.120-stable review Nathan Chancellor
2018-08-26 8:44 ` Greg Kroah-Hartman
2018-08-26 14:04 ` Guenter Roeck
2018-08-27 19:30 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180826064233.790726174@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alexander.levin@microsoft.com \
--cc=andy.shevchenko@gmail.com \
--cc=arend.vanspriel@broadcom.com \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael@amarulasolutions.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).