From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, "Ben Greear" <greearb@candelatech.com>,
"Toke Høiland-Jørgensen" <toke@toke.dk>,
"Kalle Valo" <kvalo@codeaurora.org>
Subject: [PATCH 4.15 24/53] ath9k: Protect queue draining by rcu_read_lock()
Date: Tue, 17 Apr 2018 17:58:49 +0200 [thread overview]
Message-ID: <20180417155724.294002947@linuxfoundation.org> (raw)
In-Reply-To: <20180417155723.091120060@linuxfoundation.org>
4.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Toke Høiland-Jørgensen <toke@toke.dk>
commit 182b1917109892ab9f26d66bfdcbc4ba6f0a0a65 upstream.
When ath9k was switched over to use the mac80211 intermediate queues,
node cleanup now drains the mac80211 queues. However, this call path is
not protected by rcu_read_lock() as it was previously entirely internal
to the driver which uses its own locking.
This leads to a possible rcu_dereference() without holding
rcu_read_lock(); but only if a station is cleaned up while having
packets queued on the TXQ. Fix this by adding the rcu_read_lock() to the
caller in ath9k.
Fixes: 50f08edf9809 ("ath9k: Switch to using mac80211 intermediate software queues.")
Cc: stable@vger.kernel.org
Reported-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath9k/xmit.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -2892,6 +2892,8 @@ void ath_tx_node_cleanup(struct ath_soft
struct ath_txq *txq;
int tidno;
+ rcu_read_lock();
+
for (tidno = 0; tidno < IEEE80211_NUM_TIDS; tidno++) {
tid = ath_node_to_tid(an, tidno);
txq = tid->txq;
@@ -2909,6 +2911,8 @@ void ath_tx_node_cleanup(struct ath_soft
if (!an->sta)
break; /* just one multicast ath_atx_tid */
}
+
+ rcu_read_unlock();
}
#ifdef CONFIG_ATH9K_TX99
next prev parent reply other threads:[~2018-04-17 15:58 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-17 15:58 [PATCH 4.15 00/53] 4.15.18-stable review Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 01/53] drm/i915/edp: Do not do link training fallback or prune modes on EDP Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 02/53] netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 03/53] cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 04/53] rds: MP-RDS may use an invalid c_path Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 05/53] slip: Check if rstate is initialized before uncompressing Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 06/53] vhost: fix vhost_vq_access_ok() log check Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 07/53] l2tp: fix races in tunnel creation Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 08/53] l2tp: fix race in duplicate tunnel detection Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 09/53] ip_gre: clear feature flags when incompatible o_flags are set Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 10/53] vhost: Fix vhost_copy_to_user() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 11/53] lan78xx: Correctly indicate invalid OTP Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 12/53] media: v4l2-compat-ioctl32: dont oops on overlay Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 13/53] media: v4l: vsp1: Fix header display list status check in continuous mode Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 14/53] ipmi: Fix some error cleanup issues Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 15/53] parisc: Fix out of array access in match_pci_device() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 16/53] parisc: Fix HPMC handler by increasing size to multiple of 16 bytes Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 17/53] Drivers: hv: vmbus: do not mark HV_PCIE as perf_device Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 18/53] PCI: hv: Serialize the present and eject work items Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 19/53] PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 20/53] KVM: PPC: Book3S HV: trace_tlbie must not be called in realmode Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 21/53] perf/core: Fix use-after-free in uprobe_perf_close() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 22/53] x86/mce/AMD: Get address from already initialized block Greg Kroah-Hartman
2018-04-17 15:58 ` [4.15,22/53] " Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 23/53] hwmon: (ina2xx) Fix access to uninitialized mutex Greg Kroah-Hartman
2018-04-17 15:58 ` Greg Kroah-Hartman [this message]
2018-04-17 15:58 ` [PATCH 4.15 25/53] x86/apic: Fix signedness bug in APIC ID validity checks Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 26/53] sunrpc: remove incorrect HMAC request initialization Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 27/53] f2fs: fix heap mode to reset it back Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 28/53] block: Change a rcu_read_{lock,unlock}_sched() pair into rcu_read_{lock,unlock}() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 29/53] nvme: Skip checking heads without namespaces Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 30/53] lib: fix stall in __bitmap_parselist() Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 31/53] blk-mq: order getting budget and driver tag Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 32/53] blk-mq: dont keep offline CPUs mapped to hctx 0 Greg Kroah-Hartman
2018-04-17 15:58 ` Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 33/53] ovl: fix lookup with middle layer opaque dir and absolute path redirects Greg Kroah-Hartman
2018-04-17 15:58 ` [PATCH 4.15 34/53] xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 35/53] hugetlbfs: fix bug in pgoff overflow checking Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 36/53] nfsd: fix incorrect umasks Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 37/53] scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 38/53] apparmor: fix logging of the existence test for signals Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 39/53] apparmor: fix display of .ns_name for containers Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 40/53] apparmor: fix resource audit messages when auditing peer Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 41/53] block/loop: fix deadlock after loop_set_status Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 42/53] nfit: fix region registration vs block-data-window ranges Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 43/53] s390/qdio: dont retry EQBS after CCQ 96 Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 44/53] s390/qdio: dont merge ERROR output buffers Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 45/53] s390/ipl: ensure loadparm valid flag is set Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 46/53] s390/compat: fix setup_frame32 Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 47/53] get_user_pages_fast(): return -EFAULT on access_ok failure Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 48/53] mm/gup_benchmark: handle gup failures Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 49/53] getname_kernel() needs to make sure that ->name != ->iname in long case Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 50/53] Bluetooth: Fix connection if directed advertising and privacy is used Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 51/53] Bluetooth: hci_bcm: Treat Interrupt ACPI resources as always being active-low Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 52/53] rtl8187: Fix NULL pointer dereference in priv->conf_mutex Greg Kroah-Hartman
2018-04-17 15:59 ` [PATCH 4.15 53/53] ovl: set lower layer st_dev only if setting lower st_ino Greg Kroah-Hartman
2018-04-17 21:03 ` [PATCH 4.15 00/53] 4.15.18-stable review kernelci.org bot
2018-04-17 21:04 ` Shuah Khan
2018-04-18 5:22 ` Naresh Kamboju
2018-04-18 15:39 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180417155724.294002947@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=greearb@candelatech.com \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=toke@toke.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.