[PATCH] [OEM-B] rsi: fix for system crash while reboot/shutdown

ganapathirajukondraju at gmail.com ganapathirajukondraju at gmail.com
Wed Jul 24 06:42:00 UTC 2019 

From: Ganapathi Kondraju <ganapathirajukondraju at gmail.com>

BugLink: http://bugs.launchpad.net/bugs/1836215

Getting null pointer dereferencing crash while rebooting or shutting
down the caracalla gateway.
This is because the device operating mode selection is done from
/etc/modprobe.d/rs9113.conf. Initially it is (13 - WiFi + BT),
all WiFi and BT related structures are initialized, but if the
operating mode is (8 - BT LE alone), WiFi related structures are not
been initialized, dereferencing the NULL structures in the
rsi_shutdown function causing this issue.
Handled it by putting proper null checks.

...skipping...
[  403.492455] BUG: unable to handle kernel NULL pointer dereference at
0000000000000038
[  403.501251] IP: rsi_shutdown+0x2c/0xf0 [rsi_sdio]
[  403.506513] PGD 0 P4D 0
[  403.509357] Oops: 0000 [#1] SMP PTI
[  403.513259] Modules linked in: uas usb_storage wdat_wdt iTCO_wdt
iTCO_vendor_support ipmi_devintf ipmi_msghandler cmac bnep nls_iso8859_1
intel_soc_dts_thermal intel_soc_dts_iosf intel_powerclamp coretemp
kvm_intel kvm irqbypass rsi_sdio punit_atom_debug intel_cstate
rsi_91x btrsi bluetooth ecdh_generic mac80211 dell_wmi dell_smbios cfg80211
wmi_bmof sparse_keymap dell_wmi_descriptor cdc_mbim cdc_wdm cdc_ncm usbnet
xr_usb_serial_common cdc_acm mei_txe mei lpc_ich st_pressure_i2c
st_accel_i2c dw_dmac st_pressure dw_dmac_core st_sensors_i2c st_accel
hts221_i2c hts221 ad5593r st_sensors ad5592r_base
industrialio_triggered_buffer kfifo_buf pwm_lpss_platform industrialio
pwm_lpss 8250_dw mac_hid spi_pxa2xx_platform sch_fq_codel ib_iser rdma_cm
iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
[  403.593738]  dcdbas ip_tables x_tables autofs4 btrfs zstd_compress raid10
raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor
raid6_pq libcrc32c raid1 raid0 multipath linear mmc_block crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd
glue_helper cryptd r8169 wmi mii video sdhci_acpi sdhci
[  403.628162] CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 4.15.18-custom #1
[  403.636141] Hardware name: Dell Inc. Edge Gateway 3001/0YMHCG,
BIOS 01.00.08 10/23/2018
[  403.645104] RIP: 0010:rsi_shutdown+0x2c/0xf0 [rsi_sdio]
[  403.650951] RSP: 0018:ffffa23a4000bd60 EFLAGS: 00010246
[  403.656797] RAX: 0000000000000000 RBX: ffff8cd07cbe4c00 RCX: 0000000000000000
[  403.664778] RDX: 0000000000000002 RSI: ffffffffc057377f RDI: 0000000000000001
[  403.672751] RBP: ffffa23a4000bd78 R08: 0000000000000000 R09: ffff8cd0b0c00000
[  403.680732] R10: 0000000000000000 R11: 00000000000002fa R12: ffff8cd0b78a5800
[  403.688714] R13: ffff8cd07cbaf008 R14: ffffffff9e148f07 R15: ffff8cd07cbaf068
[  403.696697] FS:  00007fc5bf254940(0000) GS:ffff8cd0b0c00000(0000)
knlGS:0000000000000000
[  403.705747] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  403.712165] CR2: 0000000000000038 CR3: 0000000069132000 CR4: 00000000001006f0
[  403.720138] Call Trace:
[  403.722881]  device_shutdown+0x148/0x200
[  403.727280]  kernel_restart_prepare+0x36/0x40
[  403.732158]  kernel_restart+0x12/0x60
[  403.736258]  SYSC_reboot+0x1e7/0x210
[  403.740268]  ? __alloc_fd+0x46/0x170
[  403.744276]  ? do_writev+0x61/0xf0
[  403.748085]  ? do_writev+0x61/0xf0
[  403.751895]  SyS_reboot+0xe/0x10
[  403.755512]  do_syscall_64+0x6d/0x130
[  403.759615]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  403.765269] RIP: 0033:0x7fc5bed6d373
[  403.769268] RSP: 002b:00007ffcfb4e7668 EFLAGS: 00000202
ORIG_RAX: 00000000000000a9
[  403.777740] RAX: ffffffffffffffda RBX: 0000000001234567 RCX: 00007fc5bed6d373
[  403.785721] RDX: 0000000001234567 RSI: 0000000028121969 RDI: 00000000fee1dead
[  403.793694] RBP: 00007ffcfb4e76d0 R08: 0000000000002008 R09: 0000000000000000
[  403.801667] R10: 0000000000000002 R11: 0000000000000202 R12: 00007ffcfb4e76d8
[  403.809648] R13: 0000000000000000 R14: 0000001b00000004 R15: 00007ffcfb4e79c8
[  403.817632] Code: 1f 44 00 00 55 48 c7 c6 7f 37 57 c0 48 89 e5 41 55 41 54 53
48 8b 9f 98 00 00 00 bf 01 00 00 00 48 8b 43 10 4c 8b a3 98 03 00 00 <48> 8b 40
38 4c 8b a8 b0 00 00 00 e8 64 b5 fe ff 48 89 df 4c 89
[  403.838931] RIP: rsi_shutdown+0x2c/0xf0 [rsi_sdio] RSP: ffffa23a4000bd60
[  403.846424] CR2: 0000000000000038
[  403.850231] ---[ end trace e9c88509890a7e1e ]---

Signed-off-by: Ganapathi Kondraju <ganapathirajukondraju at gmail.com>
---
 drivers/net/wireless/rsi/rsi_91x_sdio.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireless/rsi/rsi_91x_sdio.c b/drivers/net/wireless/rsi/rsi_91x_sdio.c
index a1727d6f3dad..75d2308d0f10 100644
--- a/drivers/net/wireless/rsi/rsi_91x_sdio.c
+++ b/drivers/net/wireless/rsi/rsi_91x_sdio.c
@@ -1375,12 +1375,14 @@ static void rsi_shutdown(struct device *dev)
 	struct rsi_91x_sdiodev *sdev =
 		(struct rsi_91x_sdiodev *)adapter->rsi_dev;
 	struct ieee80211_hw *hw = adapter->hw;
-	struct cfg80211_wowlan *wowlan = hw->wiphy->wowlan_config;
+	struct cfg80211_wowlan *wowlan = NULL;
 
+	if (hw) {
+		wowlan = hw->wiphy->wowlan_config;
+		if (rsi_config_wowlan(adapter, wowlan))
+			rsi_dbg(ERR_ZONE, "Failed to configure WoWLAN\n");
+	}
 	rsi_dbg(ERR_ZONE, "SDIO Bus shutdown =====>\n");
-
-	if (rsi_config_wowlan(adapter, wowlan))
-		rsi_dbg(ERR_ZONE, "Failed to configure WoWLAN\n");
 #ifdef CONFIG_RSI_COEX
 	if (adapter->priv->coex_mode > 1 && adapter->priv->bt_adapter) {
 		rsi_bt_ops.detach(adapter->priv->bt_adapter);
-- 
2.17.1

More information about the kernel-team mailing list