mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr()
ieee80211_find_sta_by_ifaddr() must be called under the RCU lock and the resulting pointer is only valid under RCU lock as well. Fix ath10k_wmi_tlv_op_pull_peer_stats_info() to hold RCU lock before it calls ieee80211_find_sta_by_ifaddr() and release it when the resulting pointer is no longer needed. This problem was found while reviewing code to debug RCU warn from ath10k_wmi_tlv_parse_peer_stats_info(). Link: https://lore.kernel.org/linux-wireless/7230c9e5-2632-b77e-c4f9-10eca557a5bb@linuxfoundation.org/ Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20210210212107.40373-1-skhan@linuxfoundation.org
This commit is contained in:
		
							parent
							
								
									83bae26532
								
							
						
					
					
						commit
						09078368d5
					
				| @ -576,13 +576,13 @@ static void ath10k_wmi_event_tdls_peer(struct ath10k *ar, struct sk_buff *skb) | |||||||
| 	case WMI_TDLS_TEARDOWN_REASON_TX: | 	case WMI_TDLS_TEARDOWN_REASON_TX: | ||||||
| 	case WMI_TDLS_TEARDOWN_REASON_RSSI: | 	case WMI_TDLS_TEARDOWN_REASON_RSSI: | ||||||
| 	case WMI_TDLS_TEARDOWN_REASON_PTR_TIMEOUT: | 	case WMI_TDLS_TEARDOWN_REASON_PTR_TIMEOUT: | ||||||
|  | 		rcu_read_lock(); | ||||||
| 		station = ieee80211_find_sta_by_ifaddr(ar->hw, | 		station = ieee80211_find_sta_by_ifaddr(ar->hw, | ||||||
| 						       ev->peer_macaddr.addr, | 						       ev->peer_macaddr.addr, | ||||||
| 						       NULL); | 						       NULL); | ||||||
| 		if (!station) { | 		if (!station) { | ||||||
| 			ath10k_warn(ar, "did not find station from tdls peer event"); | 			ath10k_warn(ar, "did not find station from tdls peer event"); | ||||||
| 			kfree(tb); | 			goto exit; | ||||||
| 			return; |  | ||||||
| 		} | 		} | ||||||
| 		arvif = ath10k_get_arvif(ar, __le32_to_cpu(ev->vdev_id)); | 		arvif = ath10k_get_arvif(ar, __le32_to_cpu(ev->vdev_id)); | ||||||
| 		ieee80211_tdls_oper_request( | 		ieee80211_tdls_oper_request( | ||||||
| @ -593,6 +593,9 @@ static void ath10k_wmi_event_tdls_peer(struct ath10k *ar, struct sk_buff *skb) | |||||||
| 					); | 					); | ||||||
| 		break; | 		break; | ||||||
| 	} | 	} | ||||||
|  | 
 | ||||||
|  | exit: | ||||||
|  | 	rcu_read_unlock(); | ||||||
| 	kfree(tb); | 	kfree(tb); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Shuah Khan
						Shuah Khan