Arend van Spriel 37afef393d brcmfmac: obtain platform data upon module initialization ... commit db4efbbeb4 upstream. The driver uses platform_driver_probe() to obtain platform data if any. However, that function is placed in the .init section so it must be called upon driver module initialization. The problem was reported by Fenguang Wu resulting in a kernel oops because the .init section was already freed. [ 48.966342] Switched to clocksource tsc [ 48.970002] kernel tried to execute NX-protected page - exploit attempt? (uid: 0) [ 48.970851] BUG: unable to handle kernel paging request at ffffffff82196446 [ 48.970957] IP: [<ffffffff82196446>] classes_init+0x26/0x26 [ 48.970957] PGD 1e76067 PUD 1e77063 PMD f388063 PTE 8000000002196163 [ 48.970957] Oops: 0011 [#1] [ 48.970957] CPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 3.11.0-rc7-00444-gc52dd7f #23 [ 48.970957] Workqueue: events brcmf_driver_init [ 48.970957] task: ffff8800001d2000 ti: ffff8800001d4000 task.ti: ffff8800001d4000 [ 48.970957] RIP: 0010:[<ffffffff82196446>] [<ffffffff82196446>] classes_init+0x26/0x26 [ 48.970957] RSP: 0000:ffff8800001d5d40 EFLAGS: 00000286 [ 48.970957] RAX: 0000000000000001 RBX: ffffffff820c5620 RCX: 0000000000000000 [ 48.970957] RDX: 0000000000000001 RSI: ffffffff816f7380 RDI: ffffffff820c56c0 [ 48.970957] RBP: ffff8800001d5d50 R08: ffff8800001d2508 R09: 0000000000000002 [ 48.970957] R10: 0000000000000000 R11: 0001f7ce298c5620 R12: ffff8800001c76b0 [ 48.970957] R13: ffffffff81e91d40 R14: 0000000000000000 R15: ffff88000e0ce300 [ 48.970957] FS: 0000000000000000(0000) GS:ffffffff81e84000(0000) knlGS:0000000000000000 [ 48.970957] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 48.970957] CR2: ffffffff82196446 CR3: 0000000001e75000 CR4: 00000000000006b0 [ 48.970957] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.970957] DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000 [ 48.970957] Stack: [ 48.970957] ffffffff816f7df8 ffffffff820c5620 ffff8800001d5d60 ffffffff816eeec9 [ 48.970957] ffff8800001d5de0 ffffffff81073dc5 ffffffff81073d68 ffff8800001d5db8 [ 48.970957] 0000000000000086 ffffffff820c5620 ffffffff824f7fd0 0000000000000000 [ 48.970957] Call Trace: [ 48.970957] [<ffffffff816f7df8>] ? brcmf_sdio_init+0x18/0x70 [ 48.970957] [<ffffffff816eeec9>] brcmf_driver_init+0x9/0x10 [ 48.970957] [<ffffffff81073dc5>] process_one_work+0x1d5/0x480 [ 48.970957] [<ffffffff81073d68>] ? process_one_work+0x178/0x480 [ 48.970957] [<ffffffff81074188>] worker_thread+0x118/0x3a0 [ 48.970957] [<ffffffff81074070>] ? process_one_work+0x480/0x480 [ 48.970957] [<ffffffff8107aa17>] kthread+0xe7/0xf0 [ 48.970957] [<ffffffff810829f7>] ? finish_task_switch.constprop.57+0x37/0xd0 [ 48.970957] [<ffffffff8107a930>] ? __kthread_parkme+0x80/0x80 [ 48.970957] [<ffffffff81a6923a>] ret_from_fork+0x7a/0xb0 [ 48.970957] [<ffffffff8107a930>] ? __kthread_parkme+0x80/0x80 [ 48.970957] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <cc> cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc [ 48.970957] RIP [<ffffffff82196446>] classes_init+0x26/0x26 [ 48.970957] RSP <ffff8800001d5d40> [ 48.970957] CR2: ffffffff82196446 [ 48.970957] ---[ end trace 62980817cd525f14 ]--- Reported-by: Fengguang Wu <fengguang.wu@intel.com> Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Tested-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2013-10-13 16:08:32 -07:00
..
appletalk
arcnet	arcnet: cleanup sizeof parameter	2013-08-11 18:35:25 -07:00
bonding	bonding: Fix broken promiscuity reference counting issue	2013-10-13 16:08:30 -07:00
caif	caif: CAIF_VIRTIO should depend on HAS_DMA	2013-05-11 16:28:24 -07:00
can	can: pcan_usb: fix wrong memcpy() bytes length	2013-08-20 08:43:03 -07:00
cris
dsa
ethernet	ll_temac: Reset dma descriptors indexes on ndo_open	2013-10-13 16:08:30 -07:00
fddi
hamradio	drivers/net: rename random32() to prandom_u32()	2013-05-07 18:38:27 -07:00
hippi
hyperv	hyperv: Fix the NETIF_F_SG flag setting in netvsc	2013-07-28 16:30:04 -07:00
ieee802154
irda	net/irda: fix error return code in bfin_sir_open()	2013-05-08 13:13:29 -07:00
phy	net: phy: fix a bug when verify the EEE support	2013-05-27 23:30:09 -07:00
plip
ppp	ip: generate unique IP identificator if local fragmentation is allowed	2013-10-13 16:08:30 -07:00
slip
team	team: move add to port list before port enablement	2013-06-12 00:56:27 -07:00
usb	dm9601: fix IFF_ALLMULTI handling	2013-10-13 16:08:30 -07:00
vmxnet3	net: vlan: add protocol argument to packet tagging functions	2013-04-19 14:46:06 -04:00
wan	dlci: validate the net device in dlci_del()	2013-06-26 15:36:42 -07:00
wimax
wireless	brcmfmac: obtain platform data upon module initialization	2013-10-13 16:08:32 -07:00
xen-netback	xen-netback: count number required slots for an skb more carefully	2013-10-13 16:08:29 -07:00
dummy.c	dummy: fix oops when loading the dummy failed	2013-07-28 16:30:01 -07:00
eql.c
ifb.c	ifb: fix oops when loading the ifb failed	2013-07-28 16:30:01 -07:00
Kconfig
LICENSE.SRC
loopback.c
macvlan.c	macvlan: validate flags	2013-09-14 06:54:54 -07:00
macvtap.c	macvtap: do not zerocopy if iov needs more pages than MAX_SKB_FRAGS	2013-07-28 16:30:05 -07:00
Makefile
mdio.c
mii.c
netconsole.c
ntb_netdev.c	ntb_netdev: remove from list on exit	2013-05-15 10:58:14 -07:00
rionet.c
sb1000.c
Space.c
sungem_phy.c
tun.c	tuntap: correctly handle error in tun_set_iff()	2013-10-13 16:08:29 -07:00
veth.c	net: vlan: announce STAG offload capability in some drivers	2013-04-19 14:46:06 -04:00
virtio_net.c	virtio_net: fix race in RX VQ processing	2013-07-28 16:29:56 -07:00
vxlan.c	ip_tunnel: Do not use inner ip-header-id for tunnel ip-header-id.	2013-09-14 06:54:55 -07:00
xen-netfront.c	xen-netfront: pull on receive skb may need to happen earlier	2013-08-04 16:50:53 +08:00