| From d079636fd48f40101a5bc86a01ecec6cd32cdc36 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Fri, 31 Jan 2020 15:45:28 +0200 |
| Subject: iwlwifi: mvm: Check the sta is not NULL in iwl_mvm_cfg_he_sta() |
| |
| From: Andrei Otcheretianski <andrei.otcheretianski@intel.com> |
| |
| [ Upstream commit 12d47f0ea5e0aa63f19ba618da55a7c67850ca10 ] |
| |
| Fix a kernel panic by checking that the sta is not NULL. |
| This could happen during a reconfig flow, as mac80211 moves the sta |
| between all the states without really checking if the previous state was |
| successfully set. So, if for some reason we failed to add back the |
| station, subsequent calls to sta_state() callback will be done when the |
| station is NULL. This would result in a following panic: |
| |
| BUG: unable to handle kernel NULL pointer dereference at |
| 0000000000000040 |
| IP: iwl_mvm_cfg_he_sta+0xfc/0x690 [iwlmvm] |
| [..] |
| Call Trace: |
| iwl_mvm_mac_sta_state+0x629/0x6f0 [iwlmvm] |
| drv_sta_state+0xf4/0x950 [mac80211] |
| ieee80211_reconfig+0xa12/0x2180 [mac80211] |
| ieee80211_restart_work+0xbb/0xe0 [mac80211] |
| process_one_work+0x1e2/0x610 |
| worker_thread+0x4d/0x3e0 |
| [..] |
| |
| Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> |
| Signed-off-by: Luca Coelho <luciano.coelho@intel.com> |
| Signed-off-by: Kalle Valo <kvalo@codeaurora.org> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 8 +++----- |
| 1 file changed, 3 insertions(+), 5 deletions(-) |
| |
| diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c |
| index 18ccc2692437f..6ca087ffd163b 100644 |
| --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c |
| +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c |
| @@ -5,10 +5,9 @@ |
| * |
| * GPL LICENSE SUMMARY |
| * |
| - * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved. |
| * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH |
| * Copyright(c) 2016 - 2017 Intel Deutschland GmbH |
| - * Copyright(c) 2018 - 2019 Intel Corporation |
| + * Copyright(c) 2012 - 2014, 2018 - 2020 Intel Corporation |
| * |
| * This program is free software; you can redistribute it and/or modify |
| * it under the terms of version 2 of the GNU General Public License as |
| @@ -28,10 +27,9 @@ |
| * |
| * BSD LICENSE |
| * |
| - * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved. |
| * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH |
| * Copyright(c) 2016 - 2017 Intel Deutschland GmbH |
| - * Copyright(c) 2018 - 2019 Intel Corporation |
| + * Copyright(c) 2012 - 2014, 2018 - 2020 Intel Corporation |
| * All rights reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| @@ -2025,7 +2023,7 @@ static void iwl_mvm_cfg_he_sta(struct iwl_mvm *mvm, |
| rcu_read_lock(); |
| |
| sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_ctxt_cmd.sta_id]); |
| - if (IS_ERR(sta)) { |
| + if (IS_ERR_OR_NULL(sta)) { |
| rcu_read_unlock(); |
| WARN(1, "Can't find STA to configure HE\n"); |
| return; |
| -- |
| 2.20.1 |
| |