mwifiex: check tx_hw_pending before downloading sleep confirm
authorShengzhen Li <szli@marvell.com>
Fri, 18 Nov 2016 14:00:24 +0000 (19:30 +0530)
committerKalle Valo <kvalo@codeaurora.org>
Sat, 19 Nov 2016 07:18:46 +0000 (09:18 +0200)
We may get SLEEP event from firmware even if TXDone interrupt
for last Tx packet is still pending. In this case, we may
end up accessing PCIe memory for handling TXDone after power
save handshake is completed. This causes kernel crash with
external abort.

This patch will only allow downloading sleep confirm
when no tx done interrupt is pending in the hardware.

Signed-off-by: Cathy Luo <cluo@marvell.com>
Signed-off-by: Shengzhen Li <szli@marvell.com>
Tested-by: Xinming Hu <huxm@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
drivers/net/wireless/marvell/mwifiex/cmdevt.c
drivers/net/wireless/marvell/mwifiex/init.c
drivers/net/wireless/marvell/mwifiex/main.h
drivers/net/wireless/marvell/mwifiex/pcie.c

index 53477280f39c21d6daab9effa2c31b474fd78461..25a7475702f7fa9166098e9ca97e9cdd268682a8 100644 (file)
@@ -1118,13 +1118,14 @@ mwifiex_cancel_pending_ioctl(struct mwifiex_adapter *adapter)
 void
 mwifiex_check_ps_cond(struct mwifiex_adapter *adapter)
 {
-       if (!adapter->cmd_sent &&
+       if (!adapter->cmd_sent && !atomic_read(&adapter->tx_hw_pending) &&
            !adapter->curr_cmd && !IS_CARD_RX_RCVD(adapter))
                mwifiex_dnld_sleep_confirm_cmd(adapter);
        else
                mwifiex_dbg(adapter, CMD,
-                           "cmd: Delay Sleep Confirm (%s%s%s)\n",
+                           "cmd: Delay Sleep Confirm (%s%s%s%s)\n",
                            (adapter->cmd_sent) ? "D" : "",
+                           atomic_read(&adapter->tx_hw_pending) ? "T" : "",
                            (adapter->curr_cmd) ? "C" : "",
                            (IS_CARD_RX_RCVD(adapter)) ? "R" : "");
 }
index 82839d9f079fd5bba41effb4b7c8bf067feba09a..b36cb3fef35881112e7ff1246f9fb085e393bdb1 100644 (file)
@@ -270,6 +270,7 @@ static void mwifiex_init_adapter(struct mwifiex_adapter *adapter)
        adapter->adhoc_11n_enabled = false;
 
        mwifiex_wmm_init(adapter);
+       atomic_set(&adapter->tx_hw_pending, 0);
 
        sleep_cfm_buf = (struct mwifiex_opt_sleep_confirm *)
                                        adapter->sleep_cfm->data;
index ae5afe5829eadd46776e7f08c722c6f7ad94bb00..904a2edefc06440fa8fb02b8e9b41fb6f08efb1a 100644 (file)
@@ -857,6 +857,7 @@ struct mwifiex_adapter {
        atomic_t rx_pending;
        atomic_t tx_pending;
        atomic_t cmd_pending;
+       atomic_t tx_hw_pending;
        struct workqueue_struct *workqueue;
        struct work_struct main_work;
        struct workqueue_struct *rx_workqueue;
index 2ab1d179f16c525c3fb35dfb0e26d73bce8ea81d..cfb45ef9f85fea662402df0fffab381305634a7b 100644 (file)
@@ -516,6 +516,7 @@ static int mwifiex_pcie_disable_host_int(struct mwifiex_adapter *adapter)
                }
        }
 
+       atomic_set(&adapter->tx_hw_pending, 0);
        return 0;
 }
 
@@ -715,6 +716,7 @@ static void mwifiex_cleanup_txq_ring(struct mwifiex_adapter *adapter)
                card->tx_buf_list[i] = NULL;
        }
 
+       atomic_set(&adapter->tx_hw_pending, 0);
        return;
 }
 
@@ -1152,6 +1154,7 @@ static int mwifiex_pcie_send_data_complete(struct mwifiex_adapter *adapter)
                                                            -1);
                        else
                                mwifiex_write_data_complete(adapter, skb, 0, 0);
+                       atomic_dec(&adapter->tx_hw_pending);
                }
 
                card->tx_buf_list[wrdoneidx] = NULL;
@@ -1244,6 +1247,7 @@ mwifiex_pcie_send_data(struct mwifiex_adapter *adapter, struct sk_buff *skb,
                wrindx = (card->txbd_wrptr & reg->tx_mask) >> reg->tx_start_ptr;
                buf_pa = MWIFIEX_SKB_DMA_ADDR(skb);
                card->tx_buf_list[wrindx] = skb;
+               atomic_inc(&adapter->tx_hw_pending);
 
                if (reg->pfu_enabled) {
                        desc2 = card->txbd_ring[wrindx];
@@ -1321,6 +1325,7 @@ mwifiex_pcie_send_data(struct mwifiex_adapter *adapter, struct sk_buff *skb,
 done_unmap:
        mwifiex_unmap_pci_memory(adapter, skb, PCI_DMA_TODEVICE);
        card->tx_buf_list[wrindx] = NULL;
+       atomic_dec(&adapter->tx_hw_pending);
        if (reg->pfu_enabled)
                memset(desc2, 0, sizeof(*desc2));
        else