diff options
| author | Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com> | 2013-11-15 10:51:54 +0530 |
|---|---|---|
| committer | Madan Mohan Koyyalamudi <mkoyyala@qca.qualcomm.com> | 2013-11-27 20:02:34 -0800 |
| commit | 057ab598b879e0886d9cfad18b8e3eb484fb7ae3 (patch) | |
| tree | 019bf153b6153fd41fba89a3f308df5914f5ca1e | |
| parent | 8850c4ec8515fd57fc4366052d00714939a44c57 (diff) | |
CLD/CE: Fix kernel crash in copy engine
During module load/unload stress, it is possible
for isr to access copy engine related memory which
could have freed much before in HTCStop() and
HTCDestroy() which are called from vos_close().
Fix this freed memory access, make sure to stop
the tasklet and disable the interrupt before freeing
the memory which will be accessed in the respective
handlers.
Change-Id: I382c342ed6b410936fa645043bedfee4864d8f3b
CRs-Fixed: 568737
| -rw-r--r-- | CORE/SERVICES/HIF/PCIe/if_pci.c | 28 | ||||
| -rw-r--r-- | CORE/SERVICES/HIF/PCIe/if_pci.h | 1 | ||||
| -rw-r--r-- | CORE/VOSS/src/vos_api.c | 4 |
3 files changed, 23 insertions, 10 deletions
diff --git a/CORE/SERVICES/HIF/PCIe/if_pci.c b/CORE/SERVICES/HIF/PCIe/if_pci.c index a637a5c791b7..d395e29c37db 100644 --- a/CORE/SERVICES/HIF/PCIe/if_pci.c +++ b/CORE/SERVICES/HIF/PCIe/if_pci.c @@ -858,16 +858,6 @@ hif_pci_remove(struct pci_dev *pdev) mem = (void __iomem *)sc->mem; - hif_nointrs(sc); -#if CONFIG_PCIE_64BIT_MSI - OS_FREE_CONSISTENT(scn->sc_osdev, 4, scn->MSI_magic, scn->MSI_magic_dma, - OS_GET_DMA_MEM_CONTEXT(scn, MSI_dmacontext)); - scn->MSI_magic = NULL; - scn->MSI_magic_dma = 0; -#endif - /* Cancel the pending tasklet */ - tasklet_kill(&sc->intr_tq); - #if defined(CPU_WARM_RESET_WAR) /* Currently CPU warm reset sequence is tested only for AR9888_REV2 * Need to enable for AR9888_REV1 once CPU warm reset sequence is @@ -1060,3 +1050,21 @@ void hif_init_pdev_txrx_handle(void *ol_sc, void *txrx_handle) struct ol_softc *sc = (struct ol_softc *)ol_sc; sc->pdev_txrx_handle = txrx_handle; } + +void hif_disable_isr(void *ol_sc) +{ + struct ol_softc *sc = (struct ol_softc *)ol_sc; + struct hif_pci_softc *hif_sc = sc->hif_sc; + struct ol_softc *scn; + + scn = hif_sc->ol_sc; + hif_nointrs(hif_sc); +#if CONFIG_PCIE_64BIT_MSI + OS_FREE_CONSISTENT(scn->sc_osdev, 4, scn->MSI_magic, scn->MSI_magic_dma, + OS_GET_DMA_MEM_CONTEXT(scn, MSI_dmacontext)); + scn->MSI_magic = NULL; + scn->MSI_magic_dma = 0; +#endif + /* Cancel the pending tasklet */ + tasklet_kill(&hif_sc->intr_tq); +} diff --git a/CORE/SERVICES/HIF/PCIe/if_pci.h b/CORE/SERVICES/HIF/PCIe/if_pci.h index 79f6159fa197..886161dae20a 100644 --- a/CORE/SERVICES/HIF/PCIe/if_pci.h +++ b/CORE/SERVICES/HIF/PCIe/if_pci.h @@ -108,6 +108,7 @@ adf_os_size_t initBufferCount(adf_os_size_t maxSize); /* Function to set the TXRX handle in the ol_sc context */ void hif_init_pdev_txrx_handle(void *ol_sc, void *txrx_handle); +void hif_disable_isr(void *ol_sc); #ifndef REMOVE_PKT_LOG extern int pktlogmod_init(void *context); diff --git a/CORE/VOSS/src/vos_api.c b/CORE/VOSS/src/vos_api.c index 4637bd05db4e..5fd53fbf4caf 100644 --- a/CORE/VOSS/src/vos_api.c +++ b/CORE/VOSS/src/vos_api.c @@ -88,6 +88,7 @@ #include "bmi.h" #include "ol_fw.h" #include "ol_if_athvar.h" +#include "if_pci.h" #else #include "htc_api.h" #endif /* #ifndef QCA_WIFI_ISOC */ @@ -951,6 +952,9 @@ VOS_STATUS vos_stop( v_CONTEXT_t vosContext ) VOS_ASSERT( VOS_IS_STATUS_SUCCESS( vosStatus ) ); } +#ifndef QCA_WIFI_ISOC + hif_disable_isr(((VosContextType*)vosContext)->pHIFContext); +#endif return VOS_STATUS_SUCCESS; } |