bcmsdh: correctly free resources

when wifi adapter is disabled and immediately enabled back kernel bug happens

[36116.055584@2] Kernel BUG at ffffff800920cae8 [verbose debug info unavailable]
[36116.055587@2] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[36116.055620@2] Modules linked in: 8021q fuse ir_rc6_decoder ir_nec_decoder ir_lirc_codec lirc_dev meson_ir rc_core hci_uart btqca btbcm btintel bluetooth dhd(O) joydev mali_kbase(O) xpad wireguard ip6_udp_tunnel udp_tunnel overlay wifi_dummy(O) amvdec_vp9(O) amvdec_vc1(O) amvdec_real(O) amvdec_ports(O) v4l2_common videobuf2_dma_contig videobuf2_memops v4l2_mem2mem videobuf2_v4l2 videobuf2_core amvdec_mpeg4(O) amvdec_mpeg12(O) amvdec_mmpeg4(O) amvdec_mmpeg12(O) amvdec_mmjpeg(O) amvdec_mjpeg(O) amvdec_mh264(O) amvdec_h265(O) amvdec_h264mvc(O) amvdec_h264(O) amvdec_mavs(O) amvdec_avs(O) amvdec_avs2(O) stream_input(O) decoder_common(O) firmware(O) media_clock(O) amlvideodri videobuf_res videobuf_core videodev media fbcon bitblit softcursor font
[36116.120953@2] CPU: 2 PID: 4132 Comm: connmand Tainted: G           O    4.9.113 #1
[36116.128490@2] Hardware name: Beelink (DT)
[36116.132477@2] task: ffffffc0cc7a1c00 task.stack: ffffffc0c4524000
[36116.138549@2] PC is at kfree+0x260/0x2b8
[36116.142623@2] LR is at dhd_conf_free_chip_nv_path_list+0x38/0xa8 [dhd]
......................

Change-Id: I860e44805a7ad90720957676076c9a13d5014e96

diff --git a/bcmdhd.100.10.545.x/dhd_config.c b/bcmdhd.100.10.545.x/dhd_config.c
index 73918ec94827dd26f20651b8aa304b9c8bdd6c55..02f16a997ae4d5c4ff463f53e4f06bcebb88d27f 100644 (file)
--- a/bcmdhd.100.10.545.x/dhd_config.c
+++ b/bcmdhd.100.10.545.x/dhd_config.c
@@ -151,11 +151,12 @@ dhd_conf_free_chip_nv_path_list(wl_chip_nv_path_list_ctrl_t *chip_nv_list)
 {
        CONFIG_TRACE("called\n");
 
-       if (chip_nv_list->m_chip_nv_path_head) {
+       if (chip_nv_list->count > 0 && chip_nv_list->m_chip_nv_path_head) {
                CONFIG_TRACE("Free %p\n", chip_nv_list->m_chip_nv_path_head);
                kfree(chip_nv_list->m_chip_nv_path_head);
        }
        chip_nv_list->count = 0;
+       chip_nv_list->m_chip_nv_path_head = NULL;
 }
 
 #ifdef BCMSDIO

diff --git a/bcmdhd.101.10.240.x/dhd_config.c b/bcmdhd.101.10.240.x/dhd_config.c
index 03731320e0847c9c4110c371aa6d5ac6b255ea39..bebb9529d0117531ed0c454dbb1dac780cf54b1d 100644 (file)
--- a/bcmdhd.101.10.240.x/dhd_config.c
+++ b/bcmdhd.101.10.240.x/dhd_config.c
@@ -151,11 +151,12 @@ dhd_conf_free_chip_nv_path_list(wl_chip_nv_path_list_ctrl_t *chip_nv_list)
 {\r
        CONFIG_TRACE("called\n");\r
 \r
-       if (chip_nv_list->m_chip_nv_path_head) {\r
+       if (chip_nv_list->count > 0 && chip_nv_list->m_chip_nv_path_head) {\r
                CONFIG_TRACE("Free %p\n", chip_nv_list->m_chip_nv_path_head);\r
                kfree(chip_nv_list->m_chip_nv_path_head);\r
        }\r
        chip_nv_list->count = 0;\r
+       chip_nv_list->m_chip_nv_path_head = NULL;\r
 }\r
 \r
 #ifdef BCMSDIO\r

diff --git a/bcmdhd.101.10.361.x/dhd_config.c b/bcmdhd.101.10.361.x/dhd_config.c
index 77028e0a15e8850fe3e1ca3b4fb3ff91c32670b1..0c623d663ee145b897338a5d757e3ae48269b4d7 100755 (executable)
--- a/bcmdhd.101.10.361.x/dhd_config.c
+++ b/bcmdhd.101.10.361.x/dhd_config.c
@@ -218,12 +218,13 @@ dhd_conf_free_chip_nv_path_list(wl_chip_nv_path_list_ctrl_t *chip_nv_list)
 {
        CONFIG_TRACE("called\n");
 
-       if (chip_nv_list->m_chip_nv_path_head) {
+       if (chip_nv_list->count > 0 && chip_nv_list->m_chip_nv_path_head) {
                CONFIG_TRACE("Free %p\n", chip_nv_list->m_chip_nv_path_head);
                kfree(chip_nv_list->m_chip_nv_path_head);
                chip_nv_list->m_chip_nv_path_head = NULL;
        }
        chip_nv_list->count = 0;
+       chip_nv_list->m_chip_nv_path_head = NULL;
 }
 
 #if defined(BCMSDIO) || defined(BCMPCIE)