summaryrefslogtreecommitdiff
path: root/drivers/net/wireless/ath/ath10k/core.h
diff options
context:
space:
mode:
authorMichal Kazior <michal.kazior@tieto.com>2017-01-12 16:14:30 +0100
committerKalle Valo <kvalo@qca.qualcomm.com>2017-01-19 15:17:58 +0200
commit0a744d927406389e00687560d9ce3c5ab0e58db9 (patch)
treeb9b66844baf2d89795d64fee7157279b7c90bd46 /drivers/net/wireless/ath/ath10k/core.h
parent96d179b517a91008f1e335a8c12533a952925ab3 (diff)
ath10k: prevent sta pointer rcu violation
Station pointers are RCU protected so driver must be extra careful if it tries to store them internally for later use outside of the RCU section it obtained it in. It was possible for station teardown to race with some htt events. The possible outcome could be a use-after-free and a crash. Only peer-flow-control capable firmware was affected (so hardware-wise qca99x0 and qca4019). This could be done in sta_state() itself via explicit synchronize_net() call but there's already a convenient sta_pre_rcu_remove() op that can be hooked up to avoid extra rcu stall. The peer->sta pointer itself can't be set to NULL/ERR_PTR because it is later used in sta_state() for extra sanity checks. Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Diffstat (limited to 'drivers/net/wireless/ath/ath10k/core.h')
-rw-r--r--drivers/net/wireless/ath/ath10k/core.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/net/wireless/ath/ath10k/core.h b/drivers/net/wireless/ath/ath10k/core.h
index c7664d6569fa..1ab589296dff 100644
--- a/drivers/net/wireless/ath/ath10k/core.h
+++ b/drivers/net/wireless/ath/ath10k/core.h
@@ -314,6 +314,7 @@ struct ath10k_peer {
struct ieee80211_vif *vif;
struct ieee80211_sta *sta;
+ bool removed;
int vdev_id;
u8 addr[ETH_ALEN];
DECLARE_BITMAP(peer_ids, ATH10K_MAX_NUM_PEER_IDS);