Patchwork [BUG] mt76x0u: Probing issues on Raspberry Pi 3 B+

login
register
mail settings
Submitter Lorenzo Bianconi
Date Feb. 10, 2019, 5:39 p.m.
Message ID <CAJ0CqmVhS+qny0nLdjBDzzgxAEN4UNxN9jQR0CrH7urGbX390Q@mail.gmail.com>
Download mbox | patch
Permalink /patch/722353/
State New
Headers show

Comments

Lorenzo Bianconi - Feb. 10, 2019, 5:39 p.m.
> > sorry for all the confusion (i never tested the foundation kernel). I made my functional tests with arm/multi_v7_defconfig which doesn't need any patches to work.
> >
> > Here the current results for next-2019-02-08:
> >
> > arm/multi_v7_defconfig w/o any patches -> wlan0 online
> > arm64/defconfig w/o any patches -> timeout during firmware upload
> > arm64/defconfig w Lorenzo's series -> driver probe, but dhcp doesn't work (could be a problem in my arm64 rootfs)
> > arm/multi_v7_defconfig w Stanislaw's patch -> NULL pointer dereference
> >

Hi Stefan,

Could you please try the following patch? It should fix the  NULL
pointer dereference crash.
Anyway in order to enable mt76x0u on rpi3 we will need the RFC series

Regards,
Lorenzo

>
> I am looking at this issue, it is not related to Stanislaw's patch,
> there is a bug in the error code path.
> Anyway we will need to avoid SG since dwc_otg controller does not support it
>
> Regards,
> Lorenzo
>
> > I will test linux-4.19 and linux-5.0-rc5 to get a better picture ...
> >
> > >
> > > Stanislaw

Patch

From 181a696adeeb77bc4ac05190763240735234fdbb Mon Sep 17 00:00:00 2001
Message-Id: <181a696adeeb77bc4ac05190763240735234fdbb.1549820280.git.me@lorenzobianconi.net>
In-Reply-To: <cover.1549820280.git.me@lorenzobianconi.net>
References: <cover.1549820280.git.me@lorenzobianconi.net>
From: Lorenzo Bianconi <me@lorenzobianconi.net>
Date: Sun, 10 Feb 2019 18:37:38 +0100
Subject: [PATCH] mt76: fix NULL pointer dereference in mt76u_mcu_deinit

Signed-off-by: Lorenzo Bianconi <me@lorenzobianconi.net>
---
 drivers/net/wireless/mediatek/mt76/usb.c     | 15 ++++-----------
 drivers/net/wireless/mediatek/mt76/usb_mcu.c |  8 +++++---
 2 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/drivers/net/wireless/mediatek/mt76/usb.c b/drivers/net/wireless/mediatek/mt76/usb.c
index b061263453d4..15ef1a8754ab 100644
--- a/drivers/net/wireless/mediatek/mt76/usb.c
+++ b/drivers/net/wireless/mediatek/mt76/usb.c
@@ -765,8 +765,7 @@  static int mt76u_alloc_tx(struct mt76_dev *dev)
 		if (!q->entry)
 			return -ENOMEM;
 
-		q->ndesc = MT_NUM_TX_ENTRIES;
-		for (j = 0; j < q->ndesc; j++) {
+		for (j = 0; j < MT_NUM_TX_ENTRIES; j++) {
 			buf = &q->entry[j].ubuf;
 			buf->dev = dev;
 
@@ -778,6 +777,7 @@  static int mt76u_alloc_tx(struct mt76_dev *dev)
 			if (!buf->urb->sg)
 				return -ENOMEM;
 		}
+		q->ndesc = MT_NUM_TX_ENTRIES;
 	}
 	return 0;
 }
@@ -838,16 +838,9 @@  int mt76u_alloc_queues(struct mt76_dev *dev)
 
 	err = mt76u_alloc_rx(dev);
 	if (err < 0)
-		goto err;
-
-	err = mt76u_alloc_tx(dev);
-	if (err < 0)
-		goto err;
+		return err;
 
-	return 0;
-err:
-	mt76u_queues_deinit(dev);
-	return err;
+	return mt76u_alloc_tx(dev);
 }
 EXPORT_SYMBOL_GPL(mt76u_alloc_queues);
 
diff --git a/drivers/net/wireless/mediatek/mt76/usb_mcu.c b/drivers/net/wireless/mediatek/mt76/usb_mcu.c
index 036be4163e69..9527e1216f3d 100644
--- a/drivers/net/wireless/mediatek/mt76/usb_mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/usb_mcu.c
@@ -48,9 +48,11 @@  EXPORT_SYMBOL_GPL(mt76u_mcu_init_rx);
 
 void mt76u_mcu_deinit(struct mt76_dev *dev)
 {
-	struct mt76_usb *usb = &dev->usb;
+	struct mt76u_buf *buf = &dev->usb.mcu.res;
 
-	usb_kill_urb(usb->mcu.res.urb);
-	mt76u_buf_free(&usb->mcu.res);
+	if (buf->urb) {
+		usb_kill_urb(buf->urb);
+		mt76u_buf_free(buf);
+	}
 }
 EXPORT_SYMBOL_GPL(mt76u_mcu_deinit);
-- 
2.20.1