Received: by 10.213.65.68 with SMTP id h4csp1723054imn; Mon, 19 Mar 2018 11:28:04 -0700 (PDT) X-Google-Smtp-Source: AG47ELuZAP6pP6X3QiSFRTbxvebNMK72wzuflJWkUhY8mOQpanDgVfr6ke97jRtVxPWji5YlIl09 X-Received: by 10.101.87.136 with SMTP id b8mr9693259pgr.282.1521484084567; Mon, 19 Mar 2018 11:28:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521484084; cv=none; d=google.com; s=arc-20160816; b=bivrpjyRPyYTSimjUppcmd0aqxxK4U2uxJgSH4PwDGGn+usW2WsoibWULudN5SAz0w yB9DQ+Pm8Soo66EinGWX1rVuGupzTPvdJ1ymXJ9tuzYIAAzgYTxAzfyJXodR0baTJ0vT DacvXS+cPY93fgDhTLNQbPZGQ1tgHAhJr9Mk0Nbwtu0+6UBEPrD/UoG9F5xJs7rCeuEK THe531X+wT6BY7k2mKdUtSnnzVLhGzNJyJYzYACP4XDLPSELn7H1MicoVHRa9iAAQG4O uMOEQnxsjrS1nyJz4UJQ5YHLiyfxzeEOneXPBxp4YSAjXzH8a1wYe2rzf7xnoQHLgZdI Cdtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=NHp19sSJc0Ysj3WJ7hHXTQ6LofK8SlRHymmjPM4Fwug=; b=gFp4SNsfRdYVLgWH6W2qO5aa2xOP/M8ZKA2bPflUHfDNBi729HP5fnCf787n+anf9x ZLtoZLxdMYh8ZPnwu93008LkruqsQ4ir+rZ38L4kjl6xTAZzUHnTfqCBzjrj8kcwp74J GG44YVLHVl3B0v8C+UvVGEnAoM/J5uOguNvocRSg6o3gTW5nh24j66pdOX4e9cpuRb7b cAXfcxEd5UjKgDjHiUCElBxD7XWGUJSN25s7SQjpvM6sDpWy9+C6D1G5eIrlV3NBfpjV 2AlC/yEPmYgJrOyBOIm0Xra1uSISAa5eg58iHioFi5YEqnm7jElDy7xQTV/RHRpCIbyE 5V1Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g11-v6si429122pll.155.2018.03.19.11.27.50; Mon, 19 Mar 2018 11:28:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1031640AbeCSS00 (ORCPT + 99 others); Mon, 19 Mar 2018 14:26:26 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:50772 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S969892AbeCSS0W (ORCPT ); Mon, 19 Mar 2018 14:26:22 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id D08F2113C; Mon, 19 Mar 2018 18:26:21 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Limin Zhu , Xinming Hu , Kalle Valo , Sasha Levin Subject: [PATCH 4.9 189/241] mwifiex: cfg80211: do not change virtual interface during scan processing Date: Mon, 19 Mar 2018 19:07:34 +0100 Message-Id: <20180319180758.971784748@linuxfoundation.org> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20180319180751.172155436@linuxfoundation.org> References: <20180319180751.172155436@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Limin Zhu [ Upstream commit c61cfe49f0f0f0d1f8b56d0b045838d597e8c3a3 ] (1) Change virtual interface operation in cfg80211 process reset and reinitilize private data structure. (2) Scan result event processed in main process will dereference private data structure concurrently, ocassionly crash the kernel. The cornel case could be trigger by below steps: (1) wpa_cli mlan0 scan (2) ./hostapd mlan0.conf Cfg80211 asynchronous scan procedure is not all the time operated under rtnl lock, here we add the protect to serialize the cfg80211 scan and change_virtual interface operation. Signed-off-by: Limin Zhu Signed-off-by: Xinming Hu Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c +++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c @@ -1109,6 +1109,12 @@ mwifiex_cfg80211_change_virtual_intf(str struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev); enum nl80211_iftype curr_iftype = dev->ieee80211_ptr->iftype; + if (priv->scan_request) { + mwifiex_dbg(priv->adapter, ERROR, + "change virtual interface: scan in process\n"); + return -EBUSY; + } + switch (curr_iftype) { case NL80211_IFTYPE_ADHOC: switch (type) {