• Hante Meuleman's avatar
    brcmfmac: Increase nr of supported flowrings. · 19c8f421
    Hante Meuleman authored
    New generation devices have firmware which has more than 256 flowrings.
    E.g. following debugging message comes from 14e4:4365 BCM4366:
    [  194.606245] brcmfmac: brcmf_pcie_init_ringbuffers Nr of flowrings is 264
    
    At various code places (related to flowrings) we were using u8 which
    could lead to storing wrong number or infinite loops when indexing with
    this type. This issue was quite easy to spot in brcmf_flowring_detach
    where it led to infinite loop e.g. on failed initialization.
    
    This patch switches code to proper types and increases the maximum
    number of supported flowrings to 512.
    
    Originally this change was sent in September 2015, but back it was
    causing a regression on BCM43602 resulting in:
    Unable to handle kernel NULL pointer dereference at virtual address ...
    
    The reason for this regression was missing update (s/u8/u16) of struct
    brcmf_flowring_ring. This problem was handled in 9f64df94 ("brcmfmac: Fix
    bug in flowring management."). Starting with that it's safe to apply
    this original patch as it doesn't cause a regression anymore.
    
    This patch fixes an infinite loop on BCM4366 which is supported since
    4.4 so it makes sense to apply it to stable 4.4+.
    
    Cc: <stable@vger.kernel.org> # 4.4+
    Reviewed-by: default avatarArend Van Spriel <arend@broadcom.com>
    Reviewed-by: default avatarFranky (Zhenhui) Lin <frankyl@broadcom.com>
    Reviewed-by: default avatarPieter-Paul Giesberts <pieterpg@broadcom.com>
    Signed-off-by: default avatarHante Meuleman <meuleman@broadcom.com>
    Signed-off-by: default avatarArend van Spriel <arend@broadcom.com>
    Signed-off-by: default avatarRafał Miłecki <zajec5@gmail.com>
    Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
    19c8f421
msgbuf.c 41.2 KB