github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-12 00:23:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
cdaedaba68
linux/drivers/net/wireless
History
Guenter Roeck 46eafd0f59 brcmfmac: abort and release host after error 
[ Upstream commit 863844ee3b ]

With commit 216b44000a ("brcmfmac: Fix use after free in
brcmf_sdio_readframes()") applied, we see locking timeouts in
brcmf_sdio_watchdog_thread().

brcmfmac: brcmf_escan_timeout: timer expired
INFO: task brcmf_wdog/mmc1:621 blocked for more than 120 seconds.
Not tainted 4.19.94-07984-g24ff99a0f713 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
brcmf_wdog/mmc1 D    0   621      2 0x00000000 last_sleep: 2440793077.  last_runnable: 2440766827
[<c0aa1e60>] (__schedule) from [<c0aa2100>] (schedule+0x98/0xc4)
[<c0aa2100>] (schedule) from [<c0853830>] (__mmc_claim_host+0x154/0x274)
[<c0853830>] (__mmc_claim_host) from [<bf10c5b8>] (brcmf_sdio_watchdog_thread+0x1b0/0x1f8 [brcmfmac])
[<bf10c5b8>] (brcmf_sdio_watchdog_thread [brcmfmac]) from [<c02570b8>] (kthread+0x178/0x180)

In addition to restarting or exiting the loop, it is also necessary to
abort the command and to release the host.

Fixes: 216b44000a ("brcmfmac: Fix use after free in brcmf_sdio_readframes()")
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Matthias Kaehlcke <mka@chromium.org>
Cc: Brian Norris <briannorris@chromium.org>
Cc: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Acked-by: franky.lin@broadcom.com
Acked-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-05-27 17:37:42 +02:00
..
admtek
ath wil6210: remove reset file from debugfs 2020-04-21 09:03:13 +02:00
atmel at76c50x-usb: Don't register led_trigger if usb_register_driver failed 2019-05-31 06:46:05 -07:00
broadcom brcmfmac: abort and release host after error 2020-05-27 17:37:42 +02:00
cisco airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE 2020-02-05 14:43:51 +00:00
intel iwlwifi: mvm: beacon statistics shouldn't go backwards 2020-04-29 16:31:31 +02:00
intersil hostap: Adjust indentation in prism2_hostapd_add_sta 2020-02-24 08:34:51 +01:00
marvell mwifiex: delete unused mwifiex_get_intf_num() 2020-03-05 16:42:21 +01:00
mediatek mt76: fix array overflow on receiving too many fragments for a packet 2020-03-18 07:14:22 +01:00
quantenna qtnfmac: drop error reports for out-of-bounds key indexes 2019-11-24 08:20:21 +01:00
ralink rt2x00: do not increment sequence number while re-transmitting 2019-04-27 09:36:38 +02:00
realtek rtlwifi: rtl_pci: Fix -Wcast-function-type 2020-02-24 08:34:42 +01:00
rsi rsi: fix use-after-free on failed probe and unbind 2020-02-05 14:43:33 +00:00
st cw1200: Fix a signedness bug in cw1200_load_firmware() 2020-01-23 08:21:36 +01:00
ti wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' 2019-12-01 09:17:21 +01:00
zydas zd1211rw: fix storage endpoint lookup 2020-02-01 09:37:05 +00:00
Kconfig
mac80211_hwsim.c mac80211_hwsim: Use kstrndup() in place of kasprintf() 2020-04-21 09:03:09 +02:00
mac80211_hwsim.h
Makefile
ray_cs.c
ray_cs.h
rayctl.h
rndis_wlan.c
wl3501_cs.c
wl3501.h