MLK-12077-2 bcmdhd: fix module re-load crash issue

Fix the following crash during module removing.
root@imx6qdlsolo:~# modprobe -r bcmdhd
dhd_prot_ioctl : bus is down. we have nothing to do
dhd_wlfc_deinit():3271, ampdu_hostreorder get failed Err = -1
dhd_prot_ioctl : bus is down. we have nothing to do
dhd_wlfc_deinit():3294 failed to enable/disable bdcv2 tlv signaling Err = -1
dhd_detach(): thread:dhd_watchdog_thread:34f terminated OK
dhd_dpc_thread: Unexpected up_cnt 0
dhd_detach(): thread:dhd_dpc:350 terminated OK
CFG80211-ERROR) wl_event_handler : was terminated
wl_destroy_event_handler(): thread:wl_event_handler:34e terminated OK
------------[ cut here ]------------
Kernel BUG at 800e0f40 [verbose debug info unavailable]
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in: bcmdhd(-) evbug ov5647_camera_mipi mxc_mipi_csi mx6s_capture [last unloaded: bcmdhd]
CPU: 0 PID: 854 Comm: modprobe Not tainted 4.1.15-01434-g70f4b36 #1311
Hardware name: Freescale i.MX7 Dual (Device Tree)
task: a97fc4c0 ti: a912e000 task.ti: a912e000
PC is at kfree+0x188/0x18c
LR is at wiphy_unregister+0x17c/0x204
pc : [<800e0f40>]    lr : [<80712184>]    psr: 400d0013
sp : a912fe30  ip : 00080353  fp : a8647970
r10: 7f219440  r9 : a9420140  r8 : ac75fa60
r7 : a9420000  r6 : 00000000  r5 : 00000000  r4 : a9420140
r3 : 00000000  r2 : 00000000  r1 : 07ffffff  r0 : 00353443
Flags: nZcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 10c53c7d  Table: a940c06a  DAC: 00000015
Process modprobe (pid: 854, stack limit = 0xa912e210)
Stack: (0xa912fe30 to 0xa9130000)
fe20:                                     7f219440 a9420140 00000000 00000000
fe40: a9420000 a94203a0 a9420140 7f219440 a8647970 80712184 00000000 7f219440
fe60: a8647970 805e1994 7f21d5d8 a8500000 a8574840 a94203a0 00000000 a8647000
fe80: a94203a0 7f1cb9ec 00000000 00000000 a8644000 a8647000 a8644000 7f21d5d8
fea0: 7f219440 7f1adf28 00000001 a956d000 7f219440 a9770440 00000000 8000f644
fec0: a912e000 00000000 002691a0 7f1f4cbc a8644000 7f219440 a956d000 00000000
fee0: 00000081 7f1f65ec 7f1f65b0 a9770b40 a9770b00 7f1e9310 a96f6000 a9770440
ff00: 7f21b414 7f1ea950 7f1ea908 a8fdba08 a8fdba00 8050ee74 a8fdba08 7f21b414
ff20: a8fdba3c 80379744 7f21b414 a8fdba08 7f21b414 80379ed4 7f21b414 002691dc
ff40: 002691a0 803794a4 7f21b478 7f1ff6bc 7f1ff690 8008fec0 00000000 646d6362
ff60: c0006468 00000000 a97fc8b8 00000000 a97fc8b8 00000000 80b41528 a97fc4c0
ff80: 002691a0 80049c60 a8576540 a912e000 8000f644 0012ffb0 00000006 002691a0
ffa0: 002691dc 8000f4c0 002691a0 002691dc 002691dc 00000800 76e72f78 00000000
ffc0: 002691a0 002691dc 002691a0 00000081 00000001 00000000 00000001 002691a0
ffe0: 76e388a0 7ec089f4 0001f008 76e388ac 600d0010 002691dc 00656e6f 635f6c77
[<800e0f40>] (kfree) from [<80712184>] (wiphy_unregister+0x17c/0x204)
[<80712184>] (wiphy_unregister) from [<7f1cb9ec>] (wl_free_wdev+0x40/0x148 [bcmdhd])
[<7f1cb9ec>] (wl_free_wdev [bcmdhd]) from [<7f1adf28>] (dhd_detach+0x280/0x438 [bcmdhd])
[<7f1adf28>] (dhd_detach [bcmdhd]) from [<7f1f4cbc>] (dhdsdio_release+0x4c/0x1dc [bcmdhd])
[<7f1f4cbc>] (dhdsdio_release [bcmdhd]) from [<7f1f65ec>] (dhdsdio_disconnect+0x3c/0xa0 [bcmdhd])
[<7f1f65ec>] (dhdsdio_disconnect [bcmdhd]) from [<7f1e9310>] (bcmsdh_remove+0x3c/0x60 [bcmdhd])
[<7f1e9310>] (bcmsdh_remove [bcmdhd]) from [<7f1ea950>] (bcmsdh_sdmmc_remove+0x48/0x60 [bcmdhd])
[<7f1ea950>] (bcmsdh_sdmmc_remove [bcmdhd]) from [<8050ee74>] (sdio_bus_remove+0x30/0xf8)
[<8050ee74>] (sdio_bus_remove) from [<80379744>] (__device_release_driver+0x70/0xe4)
[<80379744>] (__device_release_driver) from [<80379ed4>] (driver_detach+0xac/0xb0)
[<80379ed4>] (driver_detach) from [<803794a4>] (bus_remove_driver+0x4c/0xa0)
[<803794a4>] (bus_remove_driver) from [<7f1ff6bc>] (dhd_module_cleanup+0x2c/0x3c [bcmdhd])
[<7f1ff6bc>] (dhd_module_cleanup [bcmdhd]) from [<8008fec0>] (SyS_delete_module+0x174/0x1b8)
[<8008fec0>] (SyS_delete_module) from [<8000f4c0>] (ret_fast_syscall+0x0/0x3c)
Code: e1a03007 e28dd004 e8bd4ff0 eafffd59 (e7f001f2)
---[ end trace 49de84cadd3d030b ]---
Segmentation fault
root@imx6qdlsolo:~#

Signed-off-by: Dong Aisheng <aisheng.dong@nxp.com>

diff --git a/drivers/net/wireless/bcmdhd/dhd_linux.c b/drivers/net/wireless/bcmdhd/dhd_linux.c
index 203f895..0c3cf26 100644 (file)
--- a/drivers/net/wireless/bcmdhd/dhd_linux.c
+++ b/drivers/net/wireless/bcmdhd/dhd_linux.c
@@ -5768,7 +5768,9 @@ void dhd_detach(dhd_pub_t *dhdp)
        }
 
 #ifdef WL_CFG80211
-       wl_cfg80211_down(NULL);
+       if ((dhd->dhd_state & DHD_ATTACH_STATE_CFG80211)) {
+               wl_cfg80211_down(NULL);
+       }
 #endif /* WL_CFG80211 */
 
        if (dhd->dhd_state & DHD_ATTACH_STATE_PROT_ATTACH) {

diff --git a/drivers/net/wireless/bcmdhd/wl_cfg80211.c b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
index 5204649..887bb04 100644 (file)
--- a/drivers/net/wireless/bcmdhd/wl_cfg80211.c
+++ b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
@@ -7650,6 +7650,7 @@ static s32 wl_setup_wiphy(struct wireless_dev *wdev, struct device *sdiofunc_dev
                brcm_wowlan_config->patterns = NULL;
                brcm_wowlan_config->n_patterns = 0;
                brcm_wowlan_config->tcp = NULL;
+               brcm_wowlan_config->nd_config = NULL;
        } else {
                WL_ERR(("Can not allocate memory for brcm_wowlan_config,"
                        " So wiphy->wowlan_config is set to NULL\n"));
@@ -11527,13 +11528,14 @@ static s32 __wl_cfg80211_up(struct bcm_cfg80211 *cfg)
                        return err;
                }
        }
-
-       err = wl_create_event_handler(cfg);
-       if (err) {
-               WL_ERR(("wl_create_event_handler failed\n"));
-               return err;
+       if (!dhd_download_fw_on_driverload) {
+               err = wl_create_event_handler(cfg);
+               if (err) {
+                       WL_ERR(("wl_create_event_handler failed\n"));
+                       return err;
+               }
+               wl_init_event_handler(cfg);
        }
-       wl_init_event_handler(cfg);
 
        err = wl_init_scan(cfg);
        if (err) {
@@ -11641,9 +11643,11 @@ static s32 __wl_cfg80211_down(struct bcm_cfg80211 *cfg)
        DNGL_FUNC(dhd_cfg80211_down, (cfg));
 
        /* Avoid deadlock from wl_cfg80211_down */
-       mutex_unlock(&cfg->usr_sync);
-       wl_destroy_event_handler(cfg);
-       mutex_lock(&cfg->usr_sync);
+       if (!dhd_download_fw_on_driverload) {
+               mutex_unlock(&cfg->usr_sync);
+               wl_destroy_event_handler(cfg);
+               mutex_lock(&cfg->usr_sync);
+       }
        wl_flush_eq(cfg);
        wl_link_down(cfg);
        if (cfg->p2p_supported) {