Applying any "flashpatch" on BCM4356 fails

[itsmattkc]

I'm attempting to apply a patch to the ROM of a BCM4356. I have been able to patch RAM locations with success, however as soon as any "flashpatch" is added to the code, the following error is thrown to dmesg upon reloading the kernel module:

brcmfmac: brcmf_pcie_download_fw_nvram: FW failed to initialize

This can be triggered with the following minimal example:

#pragma NEXMON targetregion "patch"

#include <patcher.h>
#include <firmware_version.h>

__attribute__((at(0x0008b1d8, "flashpatch", CHIP_VER_BCM4356, FW_VER_ALL)))
GenericPatch4(RSN_CIPHER_SUITE_CCMP, 0x00ac0f00)

These last two lines actually do nothing (i.e. they set the bytes to the same bytes they already are on the ROM), however the firmware fails if they (or any other "flashpatch") are present. If I comment them out, the firmware loads fine and the OS recognizes the Wi-Fi adapter.

I'm not sure if I'm doing something wrong or if there's an issue with the "flashpatch" definitions for this adapter. I wasn't able to find any other examples of "flashpatch" being used on BCM4356 (the closest thing I could find was this one which has been commented out), so I don't have anything else to test/compare my patch to.

[jlinktu]

I haven't added support for the bcm4356 myself and could therefore only make unfounded assumptions without looking further into this. But for locating the issue you might want to look at a diff between hexdumps of the working firmware without flashpatch and the non-functional one with your flashpatch.