Commit eb2428fb authored by Shengzhen Li's avatar Shengzhen Li Committed by Kalle Valo

mwifiex: check tx_hw_pending before downloading sleep confirm

We may get SLEEP event from firmware even if TXDone interrupt
for last Tx packet is still pending. In this case, we may
end up accessing PCIe memory for handling TXDone after power
save handshake is completed. This causes kernel crash with
external abort.

This patch will only allow downloading sleep confirm
when no tx done interrupt is pending in the hardware.
Signed-off-by: default avatarCathy Luo <cluo@marvell.com>
Signed-off-by: default avatarShengzhen Li <szli@marvell.com>
Tested-by: default avatarXinming Hu <huxm@marvell.com>
Signed-off-by: default avatarAmitkumar Karwar <akarwar@marvell.com>
Reviewed-by: default avatarBrian Norris <briannorris@chromium.org>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
parent 853402a0
...@@ -1118,13 +1118,14 @@ mwifiex_cancel_pending_ioctl(struct mwifiex_adapter *adapter) ...@@ -1118,13 +1118,14 @@ mwifiex_cancel_pending_ioctl(struct mwifiex_adapter *adapter)
void void
mwifiex_check_ps_cond(struct mwifiex_adapter *adapter) mwifiex_check_ps_cond(struct mwifiex_adapter *adapter)
{ {
if (!adapter->cmd_sent && if (!adapter->cmd_sent && !atomic_read(&adapter->tx_hw_pending) &&
!adapter->curr_cmd && !IS_CARD_RX_RCVD(adapter)) !adapter->curr_cmd && !IS_CARD_RX_RCVD(adapter))
mwifiex_dnld_sleep_confirm_cmd(adapter); mwifiex_dnld_sleep_confirm_cmd(adapter);
else else
mwifiex_dbg(adapter, CMD, mwifiex_dbg(adapter, CMD,
"cmd: Delay Sleep Confirm (%s%s%s)\n", "cmd: Delay Sleep Confirm (%s%s%s%s)\n",
(adapter->cmd_sent) ? "D" : "", (adapter->cmd_sent) ? "D" : "",
atomic_read(&adapter->tx_hw_pending) ? "T" : "",
(adapter->curr_cmd) ? "C" : "", (adapter->curr_cmd) ? "C" : "",
(IS_CARD_RX_RCVD(adapter)) ? "R" : ""); (IS_CARD_RX_RCVD(adapter)) ? "R" : "");
} }
......
...@@ -270,6 +270,7 @@ static void mwifiex_init_adapter(struct mwifiex_adapter *adapter) ...@@ -270,6 +270,7 @@ static void mwifiex_init_adapter(struct mwifiex_adapter *adapter)
adapter->adhoc_11n_enabled = false; adapter->adhoc_11n_enabled = false;
mwifiex_wmm_init(adapter); mwifiex_wmm_init(adapter);
atomic_set(&adapter->tx_hw_pending, 0);
sleep_cfm_buf = (struct mwifiex_opt_sleep_confirm *) sleep_cfm_buf = (struct mwifiex_opt_sleep_confirm *)
adapter->sleep_cfm->data; adapter->sleep_cfm->data;
......
...@@ -857,6 +857,7 @@ struct mwifiex_adapter { ...@@ -857,6 +857,7 @@ struct mwifiex_adapter {
atomic_t rx_pending; atomic_t rx_pending;
atomic_t tx_pending; atomic_t tx_pending;
atomic_t cmd_pending; atomic_t cmd_pending;
atomic_t tx_hw_pending;
struct workqueue_struct *workqueue; struct workqueue_struct *workqueue;
struct work_struct main_work; struct work_struct main_work;
struct workqueue_struct *rx_workqueue; struct workqueue_struct *rx_workqueue;
......
...@@ -516,6 +516,7 @@ static int mwifiex_pcie_disable_host_int(struct mwifiex_adapter *adapter) ...@@ -516,6 +516,7 @@ static int mwifiex_pcie_disable_host_int(struct mwifiex_adapter *adapter)
} }
} }
atomic_set(&adapter->tx_hw_pending, 0);
return 0; return 0;
} }
...@@ -715,6 +716,7 @@ static void mwifiex_cleanup_txq_ring(struct mwifiex_adapter *adapter) ...@@ -715,6 +716,7 @@ static void mwifiex_cleanup_txq_ring(struct mwifiex_adapter *adapter)
card->tx_buf_list[i] = NULL; card->tx_buf_list[i] = NULL;
} }
atomic_set(&adapter->tx_hw_pending, 0);
return; return;
} }
...@@ -1152,6 +1154,7 @@ static int mwifiex_pcie_send_data_complete(struct mwifiex_adapter *adapter) ...@@ -1152,6 +1154,7 @@ static int mwifiex_pcie_send_data_complete(struct mwifiex_adapter *adapter)
-1); -1);
else else
mwifiex_write_data_complete(adapter, skb, 0, 0); mwifiex_write_data_complete(adapter, skb, 0, 0);
atomic_dec(&adapter->tx_hw_pending);
} }
card->tx_buf_list[wrdoneidx] = NULL; card->tx_buf_list[wrdoneidx] = NULL;
...@@ -1244,6 +1247,7 @@ mwifiex_pcie_send_data(struct mwifiex_adapter *adapter, struct sk_buff *skb, ...@@ -1244,6 +1247,7 @@ mwifiex_pcie_send_data(struct mwifiex_adapter *adapter, struct sk_buff *skb,
wrindx = (card->txbd_wrptr & reg->tx_mask) >> reg->tx_start_ptr; wrindx = (card->txbd_wrptr & reg->tx_mask) >> reg->tx_start_ptr;
buf_pa = MWIFIEX_SKB_DMA_ADDR(skb); buf_pa = MWIFIEX_SKB_DMA_ADDR(skb);
card->tx_buf_list[wrindx] = skb; card->tx_buf_list[wrindx] = skb;
atomic_inc(&adapter->tx_hw_pending);
if (reg->pfu_enabled) { if (reg->pfu_enabled) {
desc2 = card->txbd_ring[wrindx]; desc2 = card->txbd_ring[wrindx];
...@@ -1321,6 +1325,7 @@ mwifiex_pcie_send_data(struct mwifiex_adapter *adapter, struct sk_buff *skb, ...@@ -1321,6 +1325,7 @@ mwifiex_pcie_send_data(struct mwifiex_adapter *adapter, struct sk_buff *skb,
done_unmap: done_unmap:
mwifiex_unmap_pci_memory(adapter, skb, PCI_DMA_TODEVICE); mwifiex_unmap_pci_memory(adapter, skb, PCI_DMA_TODEVICE);
card->tx_buf_list[wrindx] = NULL; card->tx_buf_list[wrindx] = NULL;
atomic_dec(&adapter->tx_hw_pending);
if (reg->pfu_enabled) if (reg->pfu_enabled)
memset(desc2, 0, sizeof(*desc2)); memset(desc2, 0, sizeof(*desc2));
else else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment