git.osdn.net Git - android-x86/kernel.git/commit

author	Michal Kazior <michal.kazior@tieto.com>
	Thu, 12 Jan 2017 15:14:30 +0000 (16:14 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 8 Oct 2017 08:26:06 +0000 (10:26 +0200)
commit	874b5acede7892b24cb883b61c1aee9d8842fd0f
tree	027c0a5944a73f8f1ed7451592619359caaedfd3	tree \| snapshot
parent	91e66498a96a1cfac4b7c0c82b0027232856623c	commit \| diff

ath10k: prevent sta pointer rcu violation

[ Upstream commit 0a744d927406389e00687560d9ce3c5ab0e58db9 ]

Station pointers are RCU protected so driver must
be extra careful if it tries to store them
internally for later use outside of the RCU
section it obtained it in.

It was possible for station teardown to race with
some htt events. The possible outcome could be a
use-after-free and a crash.

Only peer-flow-control capable firmware was
affected (so hardware-wise qca99x0 and qca4019).

This could be done in sta_state() itself via
explicit synchronize_net() call but there's
already a convenient sta_pre_rcu_remove() op that
can be hooked up to avoid extra rcu stall.

The peer->sta pointer itself can't be set to
NULL/ERR_PTR because it is later used in
sta_state() for extra sanity checks.

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/net/wireless/ath/ath10k/core.h		diff \| blob \| history
drivers/net/wireless/ath/ath10k/mac.c		diff \| blob \| history