[LEDE-DEV] Fwd: [PATCH] ath9k: Protect queue draining by rcu_read_lock()

Nick Lowe nick.lowe at gmail.com
Mon Feb 19 10:15:58 PST 2018 

I suggest that this gets merged to OpenWRT/LEDE before this makes
mainline and the long term support branches of the upstream Kernel.

Nick


---------- Forwarded message ----------
From: Toke Høiland-Jørgensen <toke at toke.dk>
Date: Fri, Feb 2, 2018 at 10:36 AM
Subject: [PATCH] ath9k: Protect queue draining by rcu_read_lock()
To: linux-wireless at vger.kernel.org
Cc: Toke Høiland-Jørgensen <toke at toke.dk>, stable at vger.kernel.org


When ath9k was switched over to use the mac80211 intermediate queues,
node cleanup now drains the mac80211 queues. However, this call path is
not protected by rcu_read_lock() as it was previously entirely internal
to the driver which uses its own locking.

This leads to a possible rcu_dereference() without holding
rcu_read_lock(); but only if a station is cleaned up while having
packets queued on the TXQ. Fix this by adding the rcu_read_lock() to the
caller in ath9k.

Fixes: 50f08edf9809 ("ath9k: Switch to using mac80211 intermediate
software queues.")
Cc: stable at vger.kernel.org
Reported-by: Ben Greear <greearb at candelatech.com>
Signed-off-by: Toke Høiland-Jørgensen <toke at toke.dk>
---
 drivers/net/wireless/ath/ath9k/xmit.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/net/wireless/ath/ath9k/xmit.c
b/drivers/net/wireless/ath/ath9k/xmit.c
index 396bf05c6bf6..d8b041f48ca8 100644
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -2892,6 +2892,8 @@ void ath_tx_node_cleanup(struct ath_softc *sc,
struct ath_node *an)
        struct ath_txq *txq;
        int tidno;

+       rcu_read_lock();
+
        for (tidno = 0; tidno < IEEE80211_NUM_TIDS; tidno++) {
                tid = ath_node_to_tid(an, tidno);
                txq = tid->txq;
@@ -2909,6 +2911,8 @@ void ath_tx_node_cleanup(struct ath_softc *sc,
struct ath_node *an)
                if (!an->sta)
                        break; /* just one multicast ath_atx_tid */
        }
+
+       rcu_read_unlock();
 }

 #ifdef CONFIG_ATH9K_TX99
--
2.16.0

More information about the Lede-dev mailing list