diff options
author | Emmanuel Grumbach <emmanuel.grumbach@intel.com> | 2016-05-15 09:20:29 +0200 |
---|---|---|
committer | Luca Coelho <luciano.coelho@intel.com> | 2016-06-10 12:32:25 +0200 |
commit | 7d6a1ab6a2db180122dee8db6c201f2dcf677813 (patch) | |
tree | 89246d4fbaf251dae20ba4568b7c494e0f7c0d85 /drivers/net | |
parent | iwlwifi: mvm: increase scan timeout to 20 seconds (diff) | |
download | linux-7d6a1ab6a2db180122dee8db6c201f2dcf677813.tar.xz linux-7d6a1ab6a2db180122dee8db6c201f2dcf677813.zip |
iwlwifi: mvm: fix RCU splat in TKIP's update_key
The commit below mistakenly changed an rcu_dereference_check
to a rcu_dereference_protected which introduced the
following RCU warning:
[ INFO: suspicious RCU usage. ]
4.6.0-rc7-next-20160513-dbg-00004-g8de8b92-dirty #655 Not tainted
-------------------------------
drivers/net/wireless/intel/iwlwifi/mvm/mvm.h:1069 suspicious rcu_dereference_protected() usage!
Call Trace:
[<ffffffff8106b836>] lockdep_rcu_suspicious+0xf7/0x100
[<ffffffffa03b2321>] iwl_mvm_get_key_sta.part.0+0x5d/0x80 [iwlmvm]
[<ffffffffa03b4acb>] iwl_mvm_update_tkip_key+0xd3/0x162 [iwlmvm]
[<ffffffffa03a2b60>] iwl_mvm_mac_update_tkip_key+0x17/0x19 [iwlmvm]
[<ffffffffa0329646>] ieee80211_tkip_decrypt_data+0x22c/0x24b [mac80211]
[<ffffffffa0318bb1>] ieee80211_crypto_tkip_decrypt+0xc5/0x110 [mac80211]
[<ffffffffa033102e>] ieee80211_rx_handlers+0x9bb/0x1fe1 [mac80211]
Fixes: 13303c0fb148 ("iwlwifi: mvm: use helpers to get iwl_mvm_sta")
Reported-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Diffstat (limited to 'drivers/net')
-rw-r--r-- | drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c index fea4d3437e2f..0454bfe0ef6c 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c @@ -1852,12 +1852,18 @@ static struct iwl_mvm_sta *iwl_mvm_get_key_sta(struct iwl_mvm *mvm, mvmvif->ap_sta_id != IWL_MVM_STATION_COUNT) { u8 sta_id = mvmvif->ap_sta_id; + sta = rcu_dereference_check(mvm->fw_id_to_mac_id[sta_id], + lockdep_is_held(&mvm->mutex)); + /* * It is possible that the 'sta' parameter is NULL, * for example when a GTK is removed - the sta_id will then * be the AP ID, and no station was passed by mac80211. */ - return iwl_mvm_sta_from_staid_protected(mvm, sta_id); + if (IS_ERR_OR_NULL(sta)) + return NULL; + + return iwl_mvm_sta_from_mac80211(sta); } return NULL; |