+++ /dev/null
-From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
-Date: Mon, 18 Nov 2019 11:52:41 +0100
-Subject: [PATCH FIX] brcmfmac: disable PCIe interrupts before bus reset
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Keeping interrupts on could result in brcmfmac freeing some resources
-and then IRQ handlers trying to use them. That was obviously a straight
-path for crashing a kernel.
-
-Example:
-CPU0 CPU1
----- ----
-brcmf_pcie_reset
- brcmf_pcie_bus_console_read
- brcmf_detach
- ...
- brcmf_fweh_detach
- brcmf_proto_detach
- brcmf_pcie_isr_thread
- ...
- brcmf_proto_msgbuf_rx_trigger
- ...
- drvr->proto->pd
- brcmf_pcie_release_irq
-
-[ 363.789218] Unable to handle kernel NULL pointer dereference at virtual address 00000038
-[ 363.797339] pgd = c0004000
-[ 363.800050] [00000038] *pgd=00000000
-[ 363.803635] Internal error: Oops: 17 [#1] SMP ARM
-(...)
-[ 364.029209] Backtrace:
-[ 364.031725] [<bf243838>] (brcmf_proto_msgbuf_rx_trigger [brcmfmac]) from [<bf2471dc>] (brcmf_pcie_isr_thread+0x228/0x274 [brcmfmac])
-[ 364.043662] r7:00000001 r6:c8ca0000 r5:00010000 r4:c7b4f800
-
-Fixes: 4684997d9eea ("brcmfmac: reset PCIe bus on a firmware crash")
-Cc: stable@vger.kernel.org # v5.2+
-Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
----
- drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 2 ++
- 1 file changed, 2 insertions(+)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
-@@ -1427,6 +1427,8 @@ static int brcmf_pcie_reset(struct devic
- struct brcmf_fw_request *fwreq;
- int err;
-
-+ brcmf_pcie_intr_disable(devinfo);
-+
- brcmf_pcie_bus_console_read(devinfo, true);
-
- brcmf_detach(dev);
+++ /dev/null
-From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
-Date: Mon, 18 Nov 2019 13:35:20 +0100
-Subject: [PATCH 5.5] brcmfmac: remove monitor interface when detaching
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This fixes a minor WARNING in the cfg80211:
-[ 130.658034] ------------[ cut here ]------------
-[ 130.662805] WARNING: CPU: 1 PID: 610 at net/wireless/core.c:954 wiphy_unregister+0xb4/0x198 [cfg80211]
-
-Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
----
- drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-@@ -1371,6 +1371,11 @@ void brcmf_detach(struct device *dev)
- brcmf_fweh_detach(drvr);
- brcmf_proto_detach(drvr);
-
-+ if (drvr->mon_if) {
-+ brcmf_net_detach(drvr->mon_if->ndev, false);
-+ drvr->mon_if = NULL;
-+ }
-+
- /* make sure primary interface removed last */
- for (i = BRCMF_MAX_IFS - 1; i > -1; i--) {
- if (drvr->iflist[i])
--- /dev/null
+From 1524cbf3621576c639405e7aabeac415f9617c8d Mon Sep 17 00:00:00 2001
+From: Adrian Ratiu <adrian.ratiu@collabora.com>
+Date: Wed, 25 Sep 2019 16:44:57 +0300
+Subject: [PATCH] brcmfmac: don't WARN when there are no requests
+
+When n_reqs == 0 there is nothing to do so it doesn't make sense to
+search for requests and issue a warning because none is found.
+
+Signed-off-by: Martyn Welch <martyn.welch@collabora.com>
+Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/pno.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pno.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pno.c
+@@ -57,6 +57,10 @@ static int brcmf_pno_remove_request(stru
+
+ mutex_lock(&pi->req_lock);
+
++ /* Nothing to do if we have no requests */
++ if (pi->n_reqs == 0)
++ goto done;
++
+ /* find request */
+ for (i = 0; i < pi->n_reqs; i++) {
+ if (pi->reqs[i]->reqid == reqid)
--- /dev/null
+From e0ae4bac22effbd644add326f658a3aeeb8d45ee Mon Sep 17 00:00:00 2001
+From: Adrian Ratiu <adrian.ratiu@collabora.com>
+Date: Wed, 25 Sep 2019 16:44:58 +0300
+Subject: [PATCH] brcmfmac: fix suspend/resume when power is cut off
+
+brcmfmac assumed the wifi device always remains powered on and thus
+hardcoded the MMC_PM_KEEP_POWER flag expecting the wifi device to
+remain on even during suspend/resume cycles.
+
+This is not always the case, some appliances cut power to everything
+connected via SDIO for efficiency reasons and this leads to wifi not
+being usable after coming out of suspend because the device was not
+correctly reinitialized.
+
+So we check for the keep_power capability and if it's not present then
+we remove the device and probe it again during resume to mirror what's
+happening in hardware and ensure correct reinitialization in the case
+when MMC_PM_KEEP_POWER is not supported.
+
+Suggested-by: Gustavo Padovan <gustavo.padovan@collabora.com>
+Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ .../broadcom/brcm80211/brcmfmac/bcmsdh.c | 53 ++++++++++++++-----
+ 1 file changed, 39 insertions(+), 14 deletions(-)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c
+@@ -1108,7 +1108,8 @@ static int brcmf_ops_sdio_suspend(struct
+ struct sdio_func *func;
+ struct brcmf_bus *bus_if;
+ struct brcmf_sdio_dev *sdiodev;
+- mmc_pm_flag_t sdio_flags;
++ mmc_pm_flag_t pm_caps, sdio_flags;
++ int ret = 0;
+
+ func = container_of(dev, struct sdio_func, dev);
+ brcmf_dbg(SDIO, "Enter: F%d\n", func->num);
+@@ -1119,19 +1120,33 @@ static int brcmf_ops_sdio_suspend(struct
+ bus_if = dev_get_drvdata(dev);
+ sdiodev = bus_if->bus_priv.sdio;
+
+- brcmf_sdiod_freezer_on(sdiodev);
+- brcmf_sdio_wd_timer(sdiodev->bus, 0);
++ pm_caps = sdio_get_host_pm_caps(func);
+
+- sdio_flags = MMC_PM_KEEP_POWER;
+- if (sdiodev->wowl_enabled) {
+- if (sdiodev->settings->bus.sdio.oob_irq_supported)
+- enable_irq_wake(sdiodev->settings->bus.sdio.oob_irq_nr);
+- else
+- sdio_flags |= MMC_PM_WAKE_SDIO_IRQ;
++ if (pm_caps & MMC_PM_KEEP_POWER) {
++ /* preserve card power during suspend */
++ brcmf_sdiod_freezer_on(sdiodev);
++ brcmf_sdio_wd_timer(sdiodev->bus, 0);
++
++ sdio_flags = MMC_PM_KEEP_POWER;
++ if (sdiodev->wowl_enabled) {
++ if (sdiodev->settings->bus.sdio.oob_irq_supported)
++ enable_irq_wake(sdiodev->settings->bus.sdio.oob_irq_nr);
++ else
++ sdio_flags |= MMC_PM_WAKE_SDIO_IRQ;
++ }
++
++ if (sdio_set_host_pm_flags(sdiodev->func1, sdio_flags))
++ brcmf_err("Failed to set pm_flags %x\n", sdio_flags);
++
++ } else {
++ /* power will be cut so remove device, probe again in resume */
++ brcmf_sdiod_intr_unregister(sdiodev);
++ ret = brcmf_sdiod_remove(sdiodev);
++ if (ret)
++ brcmf_err("Failed to remove device on suspend\n");
+ }
+- if (sdio_set_host_pm_flags(sdiodev->func1, sdio_flags))
+- brcmf_err("Failed to set pm_flags %x\n", sdio_flags);
+- return 0;
++
++ return ret;
+ }
+
+ static int brcmf_ops_sdio_resume(struct device *dev)
+@@ -1139,13 +1154,23 @@ static int brcmf_ops_sdio_resume(struct
+ struct brcmf_bus *bus_if = dev_get_drvdata(dev);
+ struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio;
+ struct sdio_func *func = container_of(dev, struct sdio_func, dev);
++ mmc_pm_flag_t pm_caps = sdio_get_host_pm_caps(func);
++ int ret = 0;
+
+ brcmf_dbg(SDIO, "Enter: F%d\n", func->num);
+ if (func->num != 2)
+ return 0;
+
+- brcmf_sdiod_freezer_off(sdiodev);
+- return 0;
++ if (!(pm_caps & MMC_PM_KEEP_POWER)) {
++ /* bus was powered off and device removed, probe again */
++ ret = brcmf_sdiod_probe(sdiodev);
++ if (ret)
++ brcmf_err("Failed to probe device on resume\n");
++ } else {
++ brcmf_sdiod_freezer_off(sdiodev);
++ }
++
++ return ret;
+ }
+
+ static const struct dev_pm_ops brcmf_sdio_pm_ops = {
--- /dev/null
+From 7af496b9eb0433bc4cb478c9a46f85509cdb5541 Mon Sep 17 00:00:00 2001
+From: zhengbin <zhengbin13@huawei.com>
+Date: Sat, 16 Nov 2019 15:22:47 +0800
+Subject: [PATCH] brcmfmac: remove set but not used variable
+ 'mpnum','nsp','nmp'
+
+Fixes gcc '-Wunused-but-set-variable' warning:
+
+drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c: In function brcmf_chip_dmp_get_regaddr:
+drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:790:5: warning: variable mpnum set but not used [-Wunused-but-set-variable]
+drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c: In function brcmf_chip_dmp_erom_scan:
+drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:866:10: warning: variable nsp set but not used [-Wunused-but-set-variable]
+drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c: In function brcmf_chip_dmp_erom_scan:
+drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:866:5: warning: variable nmp set but not used [-Wunused-but-set-variable]
+
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: zhengbin <zhengbin13@huawei.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c
+@@ -778,7 +778,6 @@ static int brcmf_chip_dmp_get_regaddr(st
+ {
+ u8 desc;
+ u32 val, szdesc;
+- u8 mpnum = 0;
+ u8 stype, sztype, wraptype;
+
+ *regbase = 0;
+@@ -786,7 +785,6 @@ static int brcmf_chip_dmp_get_regaddr(st
+
+ val = brcmf_chip_dmp_get_desc(ci, eromaddr, &desc);
+ if (desc == DMP_DESC_MASTER_PORT) {
+- mpnum = (val & DMP_MASTER_PORT_NUM) >> DMP_MASTER_PORT_NUM_S;
+ wraptype = DMP_SLAVE_TYPE_MWRAP;
+ } else if (desc == DMP_DESC_ADDRESS) {
+ /* revert erom address */
+@@ -854,7 +852,7 @@ int brcmf_chip_dmp_erom_scan(struct brcm
+ u8 desc_type = 0;
+ u32 val;
+ u16 id;
+- u8 nmp, nsp, nmw, nsw, rev;
++ u8 nmw, nsw, rev;
+ u32 base, wrap;
+ int err;
+
+@@ -880,8 +878,6 @@ int brcmf_chip_dmp_erom_scan(struct brcm
+ return -EFAULT;
+
+ /* only look at cores with master port(s) */
+- nmp = (val & DMP_COMP_NUM_MPORT) >> DMP_COMP_NUM_MPORT_S;
+- nsp = (val & DMP_COMP_NUM_SPORT) >> DMP_COMP_NUM_SPORT_S;
+ nmw = (val & DMP_COMP_NUM_MWRAP) >> DMP_COMP_NUM_MWRAP_S;
+ nsw = (val & DMP_COMP_NUM_SWRAP) >> DMP_COMP_NUM_SWRAP_S;
+ rev = (val & DMP_COMP_REVISION) >> DMP_COMP_REVISION_S;
--- /dev/null
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Mon, 18 Nov 2019 11:52:41 +0100
+Subject: [PATCH FIX] brcmfmac: disable PCIe interrupts before bus reset
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Keeping interrupts on could result in brcmfmac freeing some resources
+and then IRQ handlers trying to use them. That was obviously a straight
+path for crashing a kernel.
+
+Example:
+CPU0 CPU1
+---- ----
+brcmf_pcie_reset
+ brcmf_pcie_bus_console_read
+ brcmf_detach
+ ...
+ brcmf_fweh_detach
+ brcmf_proto_detach
+ brcmf_pcie_isr_thread
+ ...
+ brcmf_proto_msgbuf_rx_trigger
+ ...
+ drvr->proto->pd
+ brcmf_pcie_release_irq
+
+[ 363.789218] Unable to handle kernel NULL pointer dereference at virtual address 00000038
+[ 363.797339] pgd = c0004000
+[ 363.800050] [00000038] *pgd=00000000
+[ 363.803635] Internal error: Oops: 17 [#1] SMP ARM
+(...)
+[ 364.029209] Backtrace:
+[ 364.031725] [<bf243838>] (brcmf_proto_msgbuf_rx_trigger [brcmfmac]) from [<bf2471dc>] (brcmf_pcie_isr_thread+0x228/0x274 [brcmfmac])
+[ 364.043662] r7:00000001 r6:c8ca0000 r5:00010000 r4:c7b4f800
+
+Fixes: 4684997d9eea ("brcmfmac: reset PCIe bus on a firmware crash")
+Cc: stable@vger.kernel.org # v5.2+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
+@@ -1427,6 +1427,8 @@ static int brcmf_pcie_reset(struct devic
+ struct brcmf_fw_request *fwreq;
+ int err;
+
++ brcmf_pcie_intr_disable(devinfo);
++
+ brcmf_pcie_bus_console_read(devinfo, true);
+
+ brcmf_detach(dev);
--- /dev/null
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Mon, 18 Nov 2019 13:35:20 +0100
+Subject: [PATCH 5.5] brcmfmac: remove monitor interface when detaching
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This fixes a minor WARNING in the cfg80211:
+[ 130.658034] ------------[ cut here ]------------
+[ 130.662805] WARNING: CPU: 1 PID: 610 at net/wireless/core.c:954 wiphy_unregister+0xb4/0x198 [cfg80211]
+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+@@ -1371,6 +1371,11 @@ void brcmf_detach(struct device *dev)
+ brcmf_fweh_detach(drvr);
+ brcmf_proto_detach(drvr);
+
++ if (drvr->mon_if) {
++ brcmf_net_detach(drvr->mon_if->ndev, false);
++ drvr->mon_if = NULL;
++ }
++
+ /* make sure primary interface removed last */
+ for (i = BRCMF_MAX_IFS - 1; i > -1; i--) {
+ if (drvr->iflist[i])
--- /dev/null
+From 5cc509aa83c6acd2c5cd94f99065c39d2bd0a490 Mon Sep 17 00:00:00 2001
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+Date: Fri, 22 Nov 2019 13:19:48 -0600
+Subject: [PATCH] brcmfmac: Fix memory leak in brcmf_p2p_create_p2pdev()
+
+In the implementation of brcmf_p2p_create_p2pdev() the allocated memory
+for p2p_vif is leaked when the mac address is the same as primary
+interface. To fix this, go to error path to release p2p_vif via
+brcmf_free_vif().
+
+Fixes: cb746e47837a ("brcmfmac: check p2pdev mac address uniqueness")
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c
+@@ -2092,7 +2092,8 @@ static struct wireless_dev *brcmf_p2p_cr
+ /* firmware requires unique mac address for p2pdev interface */
+ if (addr && ether_addr_equal(addr, pri_ifp->mac_addr)) {
+ bphy_err(drvr, "discovery vif must be different from primary interface\n");
+- return ERR_PTR(-EINVAL);
++ err = -EINVAL;
++ goto fail;
+ }
+
+ brcmf_p2p_generate_bss_mac(p2p, addr);
--- /dev/null
+From 216b44000ada87a63891a8214c347e05a4aea8fe Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Tue, 3 Dec 2019 12:58:55 +0300
+Subject: [PATCH] brcmfmac: Fix use after free in brcmf_sdio_readframes()
+
+The brcmu_pkt_buf_free_skb() function frees "pkt" so it leads to a
+static checker warning:
+
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c:1974 brcmf_sdio_readframes()
+ error: dereferencing freed memory 'pkt'
+
+It looks like there was supposed to be a continue after we free "pkt".
+
+Fixes: 4754fceeb9a6 ("brcmfmac: streamline SDIO read frame routine")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Franky Lin <franky.lin@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
+@@ -1935,6 +1935,7 @@ static uint brcmf_sdio_readframes(struct
+ BRCMF_SDIO_FT_NORMAL)) {
+ rd->len = 0;
+ brcmu_pkt_buf_free_skb(pkt);
++ continue;
+ }
+ bus->sdcnt.rx_readahead_cnt++;
+ if (rd->len != roundup(rd_new.len, 16)) {
--- /dev/null
+From 8d9627b05b2c33e4468e65739eb7caf9c3f274d8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Tue, 10 Dec 2019 12:35:55 +0100
+Subject: [PATCH] brcmfmac: set interface carrier to off by default
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+It's important as brcmfmac creates one main interface for each PHY and
+doesn't allow deleting it. Not setting carrier could result in other
+subsystems misbehaving (e.g. LEDs "netdev" trigger turning LED on).
+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+@@ -678,6 +678,8 @@ int brcmf_net_attach(struct brcmf_if *if
+ goto fail;
+ }
+
++ netif_carrier_off(ndev);
++
+ netdev_set_priv_destructor(ndev, brcmf_cfg80211_free_netdev);
+ brcmf_dbg(INFO, "%s: Broadcom Dongle Host Driver\n", ndev->name);
+ return 0;
--- /dev/null
+From 3428fbcd6e6c0850b1a8b2a12082b7b2aabb3da3 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Tue, 10 Dec 2019 12:44:22 +0100
+Subject: [PATCH] brcmfmac: fix interface sanity check
+
+Make sure to use the current alternate setting when verifying the
+interface descriptors to avoid binding to an invalid interface.
+
+Failing to do so could cause the driver to misbehave or trigger a WARN()
+in usb_submit_urb() that kernels with panic_on_warn set would choke on.
+
+Fixes: 71bb244ba2fd ("brcm80211: fmac: add USB support for bcm43235/6/8 chipsets")
+Cc: stable <stable@vger.kernel.org> # 3.4
+Cc: Arend van Spriel <arend@broadcom.com>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
+@@ -1348,7 +1348,7 @@ brcmf_usb_probe(struct usb_interface *in
+ goto fail;
+ }
+
+- desc = &intf->altsetting[0].desc;
++ desc = &intf->cur_altsetting->desc;
+ if ((desc->bInterfaceClass != USB_CLASS_VENDOR_SPEC) ||
+ (desc->bInterfaceSubClass != 2) ||
+ (desc->bInterfaceProtocol != 0xff)) {
+@@ -1361,7 +1361,7 @@ brcmf_usb_probe(struct usb_interface *in
+
+ num_of_eps = desc->bNumEndpoints;
+ for (ep = 0; ep < num_of_eps; ep++) {
+- endpoint = &intf->altsetting[0].endpoint[ep].desc;
++ endpoint = &intf->cur_altsetting->endpoint[ep].desc;
+ endpoint_num = usb_endpoint_num(endpoint);
+ if (!usb_endpoint_xfer_bulk(endpoint))
+ continue;
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-@@ -1477,6 +1477,7 @@ int __init brcmf_core_init(void)
+@@ -1479,6 +1479,7 @@ int __init brcmf_core_init(void)
{
if (!schedule_work(&brcmf_driver_work))
return -EBUSY;
projects / openwrt / openwrt.git / commitdiff