ath10k: prevent sta pointer rcu violation
Kalle Valo
kvalo at qca.qualcomm.com
Thu Jan 19 05:18:20 PST 2017
Michal Kazior <michal.kazior at tieto.com> wrote:
> Station pointers are RCU protected so driver must
> be extra careful if it tries to store them
> internally for later use outside of the RCU
> section it obtained it in.
>
> It was possible for station teardown to race with
> some htt events. The possible outcome could be a
> use-after-free and a crash.
>
> Only peer-flow-control capable firmware was
> affected (so hardware-wise qca99x0 and qca4019).
>
> This could be done in sta_state() itself via
> explicit synchronize_net() call but there's
> already a convenient sta_pre_rcu_remove() op that
> can be hooked up to avoid extra rcu stall.
>
> The peer->sta pointer itself can't be set to
> NULL/ERR_PTR because it is later used in
> sta_state() for extra sanity checks.
>
> Signed-off-by: Michal Kazior <michal.kazior at tieto.com>
Patch applied to ath-next branch of ath.git, thanks.
0a744d927406 ath10k: prevent sta pointer rcu violation
--
https://patchwork.kernel.org/patch/9513391/
Documentation about submitting wireless patches and checking status
from patchwork:
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
More information about the ath10k
mailing list