[WCNCR00158507] misc: Fix function callback panic for USB disconnected
[Description]
Fix reg_notifier callback panic after USB disconnected
1. After USB disconnected, WiFi driver has called wlanRemove()
to release resources. But sometimes kernel calls mtk_reg_notify
after that and causes kernel panic.
2. Add a g_u4HaltFlag checker to avoid that case.
3. Problem log:
cfg80211: Calling CRDA to update world regulatory domain
BUG task_struct (Not tainted): Poison overwritten
Stack:
kfree+0x73c/0xad0
cnmMemFree+0x138/0x268 [wlan_mt76x8_usb]
rlmDomainSendDomainInfoCmd_V2+0x108/0x1f8 [wlan_mt76x8_usb]
rlmDomainSendDomainInfoCmd+0x144/0x1dc [wlan_mt76x8_usb]
rlmDomainSendCmd+0x30/0x48 [wlan_mt76x8_usb]
mtk_reg_notify+0xe0/0x4bc [wlan_mt76x8_usb]
wiphy_update_regulatory+0x3f4/0x4c0 [cfg80211]
set_regdom+0x45c/0x714 [cfg80211]
reg_regdb_search+0x118/0x14c [cfg80211]
Fix get_sta_stat panic after USB disconnected
1. After USB disconnected, WiFi driver has called wlanRemove() to
release resources. But upper layer calls riv_driver_get_sta_stat
after that and causes kernel panic.
2. Add a g_u4HaltFlag checker to in driver command handler.
3. Problem log:
mtk_usb_disconnect:(HAL STATE) mtk_usb_disconnect()
Unable to handle kernel NULL pointer dereference at virtual
address 00000058
PC is at priv_driver_get_sta_stat+0x2f0/0x157c [wlan_mt76x8_usb]
LR is at priv_driver_get_sta_stat+0xec/0x157c [wlan_mt76x8_usb]
[<ffffffbffc3569c0>] priv_driver_get_sta_stat+0x2f0/0x157c
[wlan_mt76x8_usb]
[<ffffffbffc2dcf04>] priv_driver_cmds+0x9bc/0x2830
[wlan_mt76x8_usb]
[<ffffffbffc2dee44>] priv_set_driver+0xcc/0x4c8
[wlan_mt76x8_usb]
[<ffffffc000793400>] ioctl_private_iw_point.isra.2+0xf8/0x1cc
Change-Id: Ic9f8146d58cf30de818815594381eba1fcf58f7a
CR-Id: WCNCR00158507
Feature: misc
Signed-off-by: Alice Ou <alice.ou@mediatek.com>
(cherry picked from commit c8f3a4b93d94c19519d3e1732d4588fdbf5cf5f8)
diff --git a/os/linux/gl_cfg80211.c b/os/linux/gl_cfg80211.c
index fa8d4f6..9224841 100644
--- a/os/linux/gl_cfg80211.c
+++ b/os/linux/gl_cfg80211.c
@@ -3283,6 +3283,11 @@
return;
}
+ if (g_u4HaltFlag) {
+ DBGLOG(RLM, WARN, "wlan is halt, skip reg callback\n");
+ return;
+ }
+
/*
* Magic flow for driver to send inband command after kernel's calling reg_notifier callback
*/
diff --git a/os/linux/gl_wext_priv.c b/os/linux/gl_wext_priv.c
index 0f38c75..81168ba 100644
--- a/os/linux/gl_wext_priv.c
+++ b/os/linux/gl_wext_priv.c
@@ -10048,6 +10048,11 @@
INT_32 i4BytesWritten = 0;
INT_32 i4CmdFound = 0;
+ if (g_u4HaltFlag) {
+ DBGLOG(REQ, WARN, "wlan is halt, skip priv_driver_cmds\n");
+ return -1;
+ }
+
if (GLUE_CHK_PR2(prNetDev, pcCommand) == FALSE)
return -1;
prGlueInfo = *((P_GLUE_INFO_T *) netdev_priv(prNetDev));
