From patchwork Tue Mar 10 10:13:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?SsOpcsO0bWUgUG91aWxsZXI=?= X-Patchwork-Id: 216333 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.7 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, MSGID_FROM_MTA_HEADER, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7C050C10F27 for ; Tue, 10 Mar 2020 10:14:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2758F24682 for ; Tue, 10 Mar 2020 10:14:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=silabs.onmicrosoft.com header.i=@silabs.onmicrosoft.com header.b="SCC36KLO" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726681AbgCJKOX (ORCPT ); Tue, 10 Mar 2020 06:14:23 -0400 Received: from mail-bn8nam12on2076.outbound.protection.outlook.com ([40.107.237.76]:6032 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726244AbgCJKOX (ORCPT ); Tue, 10 Mar 2020 06:14:23 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dQ10AYxyTu8wXZ0bvYUOurraAdby+LCmX6CvhAoLWll/TEe07jrIY9A7BFJOT+VvPCMkzwm4hKbQfzuDPSalT3AM/ID76rj/Kc1RNoqlszlfxCFF1Kyl1z4w72Hu21703Tgrqh+8eSVgbvNhmLgmEkD+Zfc6H5BWgJSMW6nv+IMphnT9jZoyZmVj7fZ/vrbo7eMz4AVT3URBCTOphzaOgo092VHJzcGX5g79ojBtJlVyVHswJ/2LBelGByFRrGEDKjJH3fTSTfgeR+8l1cquPz2pIbSkzq1V11oIzhIKkOG+lVxrtY3JAOMS6uvGU1SSGwITngU7Pnj9T+w5hXyrSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qTt99lXlWBT9SkY2K/ce2HXok0D7kEfBX17sz2YNvwc=; b=UTly7mayQ8iV1LBtnXpJ44AKGaGwOA+lELWW1o/4egT8XjqsSqoK9M2mNMucEtr6pxalYFM7fn8zMYZyQ4Ey4hYtZd3QC+ef6k+gZ0Nf+eJdRt1PXst3HCYJIfqTEl5dcilZ9i8EhSXWKEywn0B+WQ0BcBF5DqeAlGQKBZUFf0b+CXHFdj8X2Y+QQ+cpcQvNf5ndGLnziCY2c3NpudRVYeQ8tUTl80tZHtUkJG2/NfXLvMYOBWZYRI5e9Ib2zycUOIwgRJaCOVzxLDA/FP4718f4ReIVPqxXF9c58QmQfsB386cKoRZzmUojfCVdpEQ/WgvOfVtJwTEkDNSv3DjU/Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=silabs.com; dmarc=pass action=none header.from=silabs.com; dkim=pass header.d=silabs.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=silabs.onmicrosoft.com; s=selector2-silabs-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qTt99lXlWBT9SkY2K/ce2HXok0D7kEfBX17sz2YNvwc=; b=SCC36KLO7bE6kuhRlXbPv1RQDnOqPv1hg5YTtfGQOJ5RnNnLgaJtsj6KAv2ylfJm6PfSuNVxg85rjmg4ssNFgrwgi0z2gAjqWPuKtu0Jg+C8p2LXDnlev2SKgo6+Wzwi5cuPM5Yp8IinqL+MmwiOjNeiNUJhs2gwbtuXkKFMnfk= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Jerome.Pouiller@silabs.com; Received: from MN2PR11MB4063.namprd11.prod.outlook.com (2603:10b6:208:13f::22) by MN2PR11MB3615.namprd11.prod.outlook.com (2603:10b6:208:ec::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.17; Tue, 10 Mar 2020 10:14:20 +0000 Received: from MN2PR11MB4063.namprd11.prod.outlook.com ([fe80::ade4:5702:1c8b:a2b3]) by MN2PR11MB4063.namprd11.prod.outlook.com ([fe80::ade4:5702:1c8b:a2b3%7]) with mapi id 15.20.2793.013; Tue, 10 Mar 2020 10:14:20 +0000 From: Jerome Pouiller To: devel@driverdev.osuosl.org, linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Greg Kroah-Hartman , Kalle Valo , "David S . Miller" , =?utf-8?b?SsOpcsO0bWUgUG91aWxsZXI=?= Subject: [PATCH 5/5] staging: wfx: fix RCU usage between hif_join() and ieee80211_bss_get_ie() Date: Tue, 10 Mar 2020 11:13:56 +0100 Message-Id: <20200310101356.182818-6-Jerome.Pouiller@silabs.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200310101356.182818-1-Jerome.Pouiller@silabs.com> References: <20200310101356.182818-1-Jerome.Pouiller@silabs.com> X-ClientProxiedBy: PR0P264CA0180.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:1c::24) To MN2PR11MB4063.namprd11.prod.outlook.com (2603:10b6:208:13f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from pc-42.silabs.com (37.71.187.125) by PR0P264CA0180.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:1c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.14 via Frontend Transport; Tue, 10 Mar 2020 10:14:19 +0000 X-Mailer: git-send-email 2.25.1 X-Originating-IP: [37.71.187.125] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b2d1c9ed-6be5-44b9-abf0-08d7c4dbcc76 X-MS-TrafficTypeDiagnostic: MN2PR11MB3615: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:619; X-Forefront-PRVS: 033857D0BD X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39850400004)(136003)(366004)(376002)(396003)(346002)(189003)(199004)(6666004)(52116002)(5660300002)(2616005)(86362001)(316002)(956004)(36756003)(478600001)(7696005)(8936002)(54906003)(4326008)(16526019)(186003)(26005)(6486002)(66574012)(66946007)(8676002)(1076003)(81166006)(2906002)(66476007)(81156014)(66556008)(107886003); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3615; H:MN2PR11MB4063.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: silabs.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Sed0HcwAVpiToN/fG4X5x3hQMDBGULBMd7rqU+9s0n2ye+ceS19kYr6xL/ZjbjmhjInJohx+LVz49Ul7LVKm/5coiOCxaPFbw6PAi7LqL0VSmt0L3X/T1dBunbJRMXwlld33/kdcavMSTEBpO5J+XeqwPVNav0yhcWdatU//MAvJ4kctDx44hb13LuOqNYwzLiN5DvXZvX1FW9gRtV5tliLdcNkzVCZ7mC7VAp8H5RDF60Y7bL1Co5zmRVXuTN6y+f1qrJAxN7mzpbGTzxmKmJyh9ihMoe1x5YknCrPsxPksmosQlMOdEm9vcFLmJstEN1ESVttkWV6/HvJZqyzNgd1jka0TJQachCsDObaTehYvuAtDfhZmTMqzRNTm9M2en+zrt/7W491v5t6ylY3Dihj81dVVUJCy2LdQ9Cn9qNMwHfuzbIrD1s4Uf7Aq5SFP X-MS-Exchange-AntiSpam-MessageData: GBHhyoH9ZlxpCMcbh+zi6C50TAACtENbeOjHuQ6fA8m5zgBiWZcnjW6YXnxryr8hxG5gaIM3FxYP2cPWd4SuYTQDJ8AGSoFpFj4Rcml6Q4Gq1/TwY3grrTKWhsHoWBkIDyCJjMW3egZnp5LDA1O9zw== X-OriginatorOrg: silabs.com X-MS-Exchange-CrossTenant-Network-Message-Id: b2d1c9ed-6be5-44b9-abf0-08d7c4dbcc76 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Mar 2020 10:14:20.4984 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 54dbd822-5231-4b20-944d-6f4abcd541fb X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Cgchuckw79sx9+IpY3w9F/NvB3Ib5Nuk6dQ2DH7uljFcpBD/cMYw/lYHX2XOACUhrBoP3LLrTG5Y7iYCW7MgcQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3615 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Jérôme Pouiller Access to result of ieee80211_bss_get_ie() is protected by RCU. In other hand, function hif_join() can sleep and cannot be called with RCU locked. Provide a copy of "ssidie" to hif_join() to solve this behavior. Fixes: 9ced9b593741 ("staging: wfx: simplify hif_join()") Signed-off-by: Jérôme Pouiller --- drivers/staging/wfx/hif_tx.c | 8 ++++---- drivers/staging/wfx/hif_tx.h | 2 +- drivers/staging/wfx/sta.c | 17 ++++++++++------- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/drivers/staging/wfx/hif_tx.c b/drivers/staging/wfx/hif_tx.c index 7a56e45bcdaa..77bca43aca42 100644 --- a/drivers/staging/wfx/hif_tx.c +++ b/drivers/staging/wfx/hif_tx.c @@ -290,7 +290,7 @@ int hif_stop_scan(struct wfx_vif *wvif) } int hif_join(struct wfx_vif *wvif, const struct ieee80211_bss_conf *conf, - const struct ieee80211_channel *channel, const u8 *ssidie) + struct ieee80211_channel *channel, const u8 *ssid, int ssidlen) { int ret; struct hif_msg *hif; @@ -308,9 +308,9 @@ int hif_join(struct wfx_vif *wvif, const struct ieee80211_bss_conf *conf, body->basic_rate_set = cpu_to_le32(wfx_rate_mask_to_hw(wvif->wdev, conf->basic_rates)); memcpy(body->bssid, conf->bssid, sizeof(body->bssid)); - if (!conf->ibss_joined && ssidie) { - body->ssid_length = cpu_to_le32(ssidie[1]); - memcpy(body->ssid, &ssidie[2], ssidie[1]); + if (!conf->ibss_joined && ssid) { + body->ssid_length = cpu_to_le32(ssidlen); + memcpy(body->ssid, ssid, ssidlen); } wfx_fill_header(hif, wvif->id, HIF_REQ_ID_JOIN, sizeof(*body)); ret = wfx_cmd_send(wvif->wdev, hif, NULL, 0, false); diff --git a/drivers/staging/wfx/hif_tx.h b/drivers/staging/wfx/hif_tx.h index 20977e461718..f8520a14c14c 100644 --- a/drivers/staging/wfx/hif_tx.h +++ b/drivers/staging/wfx/hif_tx.h @@ -46,7 +46,7 @@ int hif_scan(struct wfx_vif *wvif, struct cfg80211_scan_request *req80211, int chan_start, int chan_num); int hif_stop_scan(struct wfx_vif *wvif); int hif_join(struct wfx_vif *wvif, const struct ieee80211_bss_conf *conf, - const struct ieee80211_channel *channel, const u8 *ssidie); + struct ieee80211_channel *channel, const u8 *ssid, int ssidlen); int hif_set_pm(struct wfx_vif *wvif, bool ps, int dynamic_ps_timeout); int hif_set_bss_params(struct wfx_vif *wvif, const struct hif_req_set_bss_params *arg); diff --git a/drivers/staging/wfx/sta.c b/drivers/staging/wfx/sta.c index ed16475c207c..af4f4bbd0572 100644 --- a/drivers/staging/wfx/sta.c +++ b/drivers/staging/wfx/sta.c @@ -491,9 +491,11 @@ static void wfx_set_mfp(struct wfx_vif *wvif, static void wfx_do_join(struct wfx_vif *wvif) { int ret; - const u8 *ssidie; struct ieee80211_bss_conf *conf = &wvif->vif->bss_conf; struct cfg80211_bss *bss = NULL; + u8 ssid[IEEE80211_MAX_SSID_LEN]; + const u8 *ssidie = NULL; + int ssidlen = 0; wfx_tx_lock_flush(wvif->wdev); @@ -514,11 +516,14 @@ static void wfx_do_join(struct wfx_vif *wvif) if (!wvif->beacon_int) wvif->beacon_int = 1; - rcu_read_lock(); + rcu_read_lock(); // protect ssidie if (!conf->ibss_joined) ssidie = ieee80211_bss_get_ie(bss, WLAN_EID_SSID); - else - ssidie = NULL; + if (ssidie) { + ssidlen = ssidie[1]; + memcpy(ssid, &ssidie[2], ssidie[1]); + } + rcu_read_unlock(); wfx_tx_flush(wvif->wdev); @@ -527,10 +532,8 @@ static void wfx_do_join(struct wfx_vif *wvif) wfx_set_mfp(wvif, bss); - /* Perform actual join */ wvif->wdev->tx_burst_idx = -1; - ret = hif_join(wvif, conf, wvif->channel, ssidie); - rcu_read_unlock(); + ret = hif_join(wvif, conf, wvif->channel, ssid, ssidlen); if (ret) { ieee80211_connection_loss(wvif->vif); wvif->join_complete_status = -1;