Rafał Miłecki <[email protected]> writes: > From: Hante Meuleman <[email protected]> > > New generation devices have firmware which has more than 256 flowrings. > E.g. following debugging message comes from 14e4:4365 BCM4366: > [ 194.606245] brcmfmac: brcmf_pcie_init_ringbuffers Nr of flowrings is 264 > > At various code places (related to flowrings) we were using u8 which > could lead to storing wrong number or infinite loops when indexing with > this type. This issue was quite easy to spot in brcmf_flowring_detach > where it led to infinite loop e.g. on failed initialization. > > This patch switches code to proper types and increases the maximum > number of supported flowrings to 512. > > Originally this change was sent in September 2015, but back it was > causing a regression on BCM43602 resulting in: > Unable to handle kernel NULL pointer dereference at virtual address ... > > The reason for this regression was missing update (s/u8/u16) of struct > brcmf_flowring_ring. This problem was handled in 9f64df9 ("brcmfmac: Fix > bug in flowring management."). Starting with that it's safe to apply > this original patch as it doesn't cause a regression anymore. > > This patch fixes an infinite loop on BCM4366 which is supported since > 4.4 so it makes sense to apply it to stable 4.4+. > > Cc: <[email protected]> # 4.4+ > Reviewed-by: Arend Van Spriel <[email protected]> > Reviewed-by: Franky (Zhenhui) Lin <[email protected]> > Reviewed-by: Pieter-Paul Giesberts <[email protected]> > Signed-off-by: Hante Meuleman <[email protected]> > Signed-off-by: Arend van Spriel <[email protected]> > Signed-off-by: Rafał Miłecki <[email protected]>
Applied manually, thanks. -- Kalle Valo -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
