• Michal Kazior's avatar
    ath10k: prevent sta pointer rcu violation · 0a744d92
    Michal Kazior authored
    Station pointers are RCU protected so driver must
    be extra careful if it tries to store them
    internally for later use outside of the RCU
    section it obtained it in.
    
    It was possible for station teardown to race with
    some htt events. The possible outcome could be a
    use-after-free and a crash.
    
    Only peer-flow-control capable firmware was
    affected (so hardware-wise qca99x0 and qca4019).
    
    This could be done in sta_state() itself via
    explicit synchronize_net() call but there's
    already a convenient sta_pre_rcu_remove() op that
    can be hooked up to avoid extra rcu stall.
    
    The peer->sta pointer itself can't be set to
    NULL/ERR_PTR because it is later used in
    sta_state() for extra sanity checks.
    Signed-off-by: default avatarMichal Kazior <michal.kazior@tieto.com>
    Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
    0a744d92
mac.c 208 KB