Hi all,
Today's linux-next merge of the wireless-next tree got a conflict in:
net/wireless/nl80211.c
between commit:
37c20b2effe9 ("wifi: cfg80211: fix cqm_config access race")
from the wireless tree and commit:
076fc8775daf ("wifi: cfg80211: remove wdev mutex")
from the wireless-next tree.
I fixed it up (I used a supplied resolution from Johannes - see below)
and can carry the fix as necessary. This is now fixed as far as
linux-next is concerned, but any non trivial conflicts should be
mentioned to your upstream maintainer when your tree is submitted for
merging. You may also want to consider cooperating with the maintainer
of the conflicting tree to minimise any particularly complex conflicts.
--
Cheers,
Stephen Rothwell
diff --cc net/wireless/nl80211.c
index 7a88361b3414,ab0aea7dca7d..fe06c238d4ef
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@@ -6191,12 -6135,8 +6150,12 @@@ static int nl80211_start_ap(struct sk_b
err = nl80211_calculate_ap_params(params);
if (err)
- goto out_unlock;
+ goto out;
+ err = nl80211_validate_ap_phy_operation(params);
+ if (err)
- goto out_unlock;
++ goto out;
+
if (info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS])
params->flags = nla_get_u32(
info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]);
@@@ -12884,11 -12747,10 +12767,11 @@@ static int nl80211_set_cqm_rssi(struct
u32 hysteresis)
{
struct cfg80211_registered_device *rdev = info->user_ptr[0];
+ struct cfg80211_cqm_config *cqm_config = NULL, *old;
struct net_device *dev = info->user_ptr[1];
struct wireless_dev *wdev = dev->ieee80211_ptr;
- int i, err;
s32 prev = S32_MIN;
- int i;
++ int i, err;
/* Check all values negative and sorted */
for (i = 0; i < n_thresholds; i++) {
@@@ -12917,11 -12781,9 +12800,9 @@@
if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
n_thresholds = 0;
- wdev_lock(wdev);
- old = rcu_dereference_protected(wdev->cqm_config,
- lockdep_is_held(&wdev->mtx));
- if (n_thresholds) {
- struct cfg80211_cqm_config *cqm_config;
++ old = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
+ if (n_thresholds) {
cqm_config = kzalloc(struct_size(cqm_config, rssi_thresholds,
n_thresholds),
GFP_KERNEL);
@@@ -12936,22 -12796,10 +12815,20 @@@
flex_array_size(cqm_config, rssi_thresholds,
n_thresholds));
- wdev->cqm_config = cqm_config;
+ rcu_assign_pointer(wdev->cqm_config, cqm_config);
+ } else {
+ RCU_INIT_POINTER(wdev->cqm_config, NULL);
}
- return cfg80211_cqm_rssi_update(rdev, dev);
+ err = cfg80211_cqm_rssi_update(rdev, dev, cqm_config);
+ if (err) {
+ rcu_assign_pointer(wdev->cqm_config, old);
+ kfree_rcu(cqm_config, rcu_head);
+ } else {
+ kfree_rcu(old, rcu_head);
+ }
- unlock:
- wdev_unlock(wdev);
+
+ return err;
}
static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
@@@ -19107,41 -18879,18 +18907,39 @@@ void cfg80211_cqm_rssi_notify(struct ne
rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
return;
- if (wdev->cqm_config) {
- wdev->cqm_config->last_rssi_event_value = rssi_level;
+ rcu_read_lock();
+ cqm_config = rcu_dereference(wdev->cqm_config);
+ if (cqm_config) {
+ cqm_config->last_rssi_event_value = rssi_level;
+ cqm_config->last_rssi_event_type = rssi_event;
+ wiphy_work_queue(wdev->wiphy, &wdev->cqm_rssi_work);
+ }
+ rcu_read_unlock();
+}
+EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
+
+void cfg80211_cqm_rssi_notify_work(struct wiphy *wiphy, struct wiphy_work *work)
+{
+ struct wireless_dev *wdev = container_of(work, struct wireless_dev,
+ cqm_rssi_work);
+ struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
+ enum nl80211_cqm_rssi_threshold_event rssi_event;
+ struct cfg80211_cqm_config *cqm_config;
+ struct sk_buff *msg;
+ s32 rssi_level;
+
- wdev_lock(wdev);
- cqm_config = rcu_dereference_protected(wdev->cqm_config,
- lockdep_is_held(&wdev->mtx));
++ cqm_config = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
+ if (!wdev->cqm_config)
- goto unlock;
++ return;
- cfg80211_cqm_rssi_update(rdev, dev);
+ cfg80211_cqm_rssi_update(rdev, wdev->netdev, cqm_config);
- if (rssi_level == 0)
- rssi_level = wdev->cqm_config->last_rssi_event_value;
- }
+ rssi_level = cqm_config->last_rssi_event_value;
+ rssi_event = cqm_config->last_rssi_event_type;
- msg = cfg80211_prepare_cqm(dev, NULL, gfp);
+ msg = cfg80211_prepare_cqm(wdev->netdev, NULL, GFP_KERNEL);
if (!msg)
- goto unlock;
+ return;
if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
rssi_event))
@@@ -19151,15 -18900,14 +18949,13 @@@
rssi_level))
goto nla_put_failure;
- cfg80211_send_cqm(msg, gfp);
+ cfg80211_send_cqm(msg, GFP_KERNEL);
- goto unlock;
+ return;
nla_put_failure:
nlmsg_free(msg);
- unlock:
- wdev_unlock(wdev);
}
-EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
void cfg80211_cqm_txe_notify(struct net_device *dev,
const u8 *peer, u32 num_packets,
On Tue, 2023-09-26 at 12:41 +1000, Stephen Rothwell wrote:
> Hi all,
>
> On Tue, 26 Sep 2023 12:02:53 +1000 Stephen Rothwell <[email protected]> wrote:
> >
> > Today's linux-next merge of the wireless-next tree got conflicts in:
> >
> > net/mac80211/cfg.c
> >
> > between commit:
> >
> > 31db78a4923e ("wifi: mac80211: fix potential key use-after-free")
> >
> > from the wireless tree and commit:
> >
> > 4d3acf4311a0 ("wifi: mac80211: remove sta_mtx")
> >
> > from the wireless-next tree.
> >
> > I fixed it up (see below) and can carry the fix as necessary. This
> > is now fixed as far as linux-next is concerned, but any non trivial
> > conflicts should be mentioned to your upstream maintainer when your tree
> > is submitted for merging. You may also want to consider cooperating
> > with the maintainer of the conflicting tree to minimise any particularly
> > complex conflicts.
>
> That wasn't quite right. The final resolution is below.
Thanks Stephen, also for the other one!
I knew about the new ones as well but forgot to give you a heads-up, my
bad, I'm sorry.
I'm planning to submit a wireless pull request today or tomorrow, and
then merge back into wireless-next once it settles in, so this should
hopefully be resolved by the end of the week or so.
Thanks,
johannes