Received: by 10.213.65.68 with SMTP id h4csp1723054imn;
        Mon, 19 Mar 2018 11:28:04 -0700 (PDT)
X-Google-Smtp-Source: AG47ELuZAP6pP6X3QiSFRTbxvebNMK72wzuflJWkUhY8mOQpanDgVfr6ke97jRtVxPWji5YlIl09
X-Received: by 10.101.87.136 with SMTP id b8mr9693259pgr.282.1521484084567;
        Mon, 19 Mar 2018 11:28:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521484084; cv=none;
        d=google.com; s=arc-20160816;
        b=bivrpjyRPyYTSimjUppcmd0aqxxK4U2uxJgSH4PwDGGn+usW2WsoibWULudN5SAz0w
         yB9DQ+Pm8Soo66EinGWX1rVuGupzTPvdJ1ymXJ9tuzYIAAzgYTxAzfyJXodR0baTJ0vT
         DacvXS+cPY93fgDhTLNQbPZGQ1tgHAhJr9Mk0Nbwtu0+6UBEPrD/UoG9F5xJs7rCeuEK
         THe531X+wT6BY7k2mKdUtSnnzVLhGzNJyJYzYACP4XDLPSELn7H1MicoVHRa9iAAQG4O
         uMOEQnxsjrS1nyJz4UJQ5YHLiyfxzeEOneXPBxp4YSAjXzH8a1wYe2rzf7xnoQHLgZdI
         Cdtw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=NHp19sSJc0Ysj3WJ7hHXTQ6LofK8SlRHymmjPM4Fwug=;
        b=gFp4SNsfRdYVLgWH6W2qO5aa2xOP/M8ZKA2bPflUHfDNBi729HP5fnCf787n+anf9x
         ZLtoZLxdMYh8ZPnwu93008LkruqsQ4ir+rZ38L4kjl6xTAZzUHnTfqCBzjrj8kcwp74J
         GG44YVLHVl3B0v8C+UvVGEnAoM/J5uOguNvocRSg6o3gTW5nh24j66pdOX4e9cpuRb7b
         cAXfcxEd5UjKgDjHiUCElBxD7XWGUJSN25s7SQjpvM6sDpWy9+C6D1G5eIrlV3NBfpjV
         2AlC/yEPmYgJrOyBOIm0Xra1uSISAa5eg58iHioFi5YEqnm7jElDy7xQTV/RHRpCIbyE
         5V1Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g11-v6si429122pll.155.2018.03.19.11.27.50;
        Mon, 19 Mar 2018 11:28:04 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1031640AbeCSS00 (ORCPT <rfc822;austinkernel.kim@gmail.com>
        + 99 others); Mon, 19 Mar 2018 14:26:26 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:50772 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S969892AbeCSS0W (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 19 Mar 2018 14:26:22 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id D08F2113C;
        Mon, 19 Mar 2018 18:26:21 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Limin Zhu <liminzhu@marvell.com>,
        Xinming Hu <huxm@marvell.com>,
        Kalle Valo <kvalo@codeaurora.org>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.9 189/241] mwifiex: cfg80211: do not change virtual interface during scan processing
Date:   Mon, 19 Mar 2018 19:07:34 +0100
Message-Id: <20180319180758.971784748@linuxfoundation.org>
X-Mailer: git-send-email 2.16.2
In-Reply-To: <20180319180751.172155436@linuxfoundation.org>
References: <20180319180751.172155436@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Limin Zhu <liminzhu@marvell.com>


[ Upstream commit c61cfe49f0f0f0d1f8b56d0b045838d597e8c3a3 ]

(1) Change virtual interface operation in cfg80211 process reset and
reinitilize private data structure.
(2) Scan result event processed in main process will dereference private
data structure concurrently, ocassionly crash the kernel.

The cornel case could be trigger by below steps:
(1) wpa_cli mlan0 scan
(2) ./hostapd mlan0.conf

Cfg80211 asynchronous scan procedure is not all the time operated
under rtnl lock, here we add the protect to serialize the cfg80211
scan and change_virtual interface operation.

Signed-off-by: Limin Zhu <liminzhu@marvell.com>
Signed-off-by: Xinming Hu <huxm@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/wireless/marvell/mwifiex/cfg80211.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
@@ -1109,6 +1109,12 @@ mwifiex_cfg80211_change_virtual_intf(str
 	struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev);
 	enum nl80211_iftype curr_iftype = dev->ieee80211_ptr->iftype;
 
+	if (priv->scan_request) {
+		mwifiex_dbg(priv->adapter, ERROR,
+			    "change virtual interface: scan in process\n");
+		return -EBUSY;
+	}
+
 	switch (curr_iftype) {
 	case NL80211_IFTYPE_ADHOC:
 		switch (type) {