Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1633382ybv;
        Fri, 21 Feb 2020 00:40:45 -0800 (PST)
X-Google-Smtp-Source: APXvYqytWoDkBiKlvFY4rNtWkRaii8KKc01jot6Udb4bkl2q0i9iRaAIbTcuhbs9sTzmALHAIUiJ
X-Received: by 2002:a05:6808:a8a:: with SMTP id q10mr1050969oij.66.1582274444936;
        Fri, 21 Feb 2020 00:40:44 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1582274444; cv=none;
        d=google.com; s=arc-20160816;
        b=XMptsByIm7KnhrrQxBmEdjX2urbwI6s6S8S+3cOsnYxPH1aOBbqcl0oRkwRJw8zCLB
         CV+YGMAnPgDjRU38btXaGdngk0dS71w6nImboG8oSF8+4/ehEBpZnjfeWtWCy2xl3Isr
         q1sxxBnzWkxqFOmyQ/AepiXizl5vZW+wrZoLkirP9NOqYdxcCg4keDjJSV2DijAJHiU7
         rVbXDoZ9HNSlHujsVh/xIms0TxlCFepfvToS3/y4gfcjUkJn9WQ6BY29aW+r7nH+ewub
         R6g2es8wOm+XCS3OBeWx2Hq4BkDrCJIVzU8JmoKbM9B9rkaK6XUPq3bD5r+l2vIpFJEA
         cmlA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=0KrnWE0eOv0af804/88jTRZM7Why5RsGYBMLrxz+/Ek=;
        b=jVTtJegFWLiPGN7V0WjqUdULVpnchuQYC9VX95e9UFLlXV+ms93kueCYp8mMGRneVj
         fqmu6sPm814yl5y07ZkmaVyOx97Ce8B4CXi0/cxaE9iJ63kYdcthNRLLOLUWiA9p1e/t
         f7ih/eQoADAUUhquT766eh1EPlIkmL19L54iUKJWLvg0DMRYg4y3d6+1Yu3I4kijgMoC
         KHmilHKsI1zLeMAON2BrXgNAaaCZrfxFsBhgWyejChTOeOaILwROZ29Um1qrG2suRXzd
         gWgG/m+lvCjcnmVUjyCdzIYV4Nd0tjRQjfsKzZOdAW9WL9FQ3+8U9NbOUSqdsvN8BRqI
         2vqA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=A4KeaO3t;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w24si421598oic.260.2020.02.21.00.40.32;
        Fri, 21 Feb 2020 00:40:44 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=A4KeaO3t;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731537AbgBUIjz (ORCPT <rfc822;tanxianhu@gmail.com> + 99 others);
        Fri, 21 Feb 2020 03:39:55 -0500
Received: from mail.kernel.org ([198.145.29.99]:60470 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730713AbgBUIAI (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 21 Feb 2020 03:00:08 -0500
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 589A42073A;
        Fri, 21 Feb 2020 08:00:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1582272007;
        bh=FE0Z1BJ3NywBOscUKuwrnwjE3YVONSdmK2+ECjDwfX8=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=A4KeaO3tYktjRh0yDbLywSyUbcFTR8N2podbZv9naSxtUcX5KJ3ZzYKt0GByY5WYE
         Mt37DGYzJaMsuBHSxTHHFxzhk0LnQS+q0u3Vc05LdMFyGqD/w3MGeLl72wBFGVH/h4
         aOINdQCiNUbZnk4ai11fMpletTfSWbkibMIEv+hU=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Andrei Otcheretianski <andrei.otcheretianski@intel.com>,
        Luca Coelho <luciano.coelho@intel.com>,
        Kalle Valo <kvalo@codeaurora.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.5 381/399] iwlwifi: mvm: Check the sta is not NULL in iwl_mvm_cfg_he_sta()
Date:   Fri, 21 Feb 2020 08:41:46 +0100
Message-Id: <20200221072437.235810823@linuxfoundation.org>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200221072402.315346745@linuxfoundation.org>
References: <20200221072402.315346745@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

[ Upstream commit 12d47f0ea5e0aa63f19ba618da55a7c67850ca10 ]

Fix a kernel panic by checking that the sta is not NULL.
This could happen during a reconfig flow, as mac80211 moves the sta
between all the states without really checking if the previous state was
successfully set. So, if for some reason we failed to add back the
station, subsequent calls to sta_state() callback will be done when the
station is NULL. This would result in a following panic:

BUG: unable to handle kernel NULL pointer dereference at
0000000000000040
IP: iwl_mvm_cfg_he_sta+0xfc/0x690 [iwlmvm]
[..]
Call Trace:
 iwl_mvm_mac_sta_state+0x629/0x6f0 [iwlmvm]
 drv_sta_state+0xf4/0x950 [mac80211]
 ieee80211_reconfig+0xa12/0x2180 [mac80211]
 ieee80211_restart_work+0xbb/0xe0 [mac80211]
 process_one_work+0x1e2/0x610
 worker_thread+0x4d/0x3e0
[..]

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
index efdf15f57f163..02df603b64000 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -5,10 +5,9 @@
  *
  * GPL LICENSE SUMMARY
  *
- * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
  * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
  * Copyright(c) 2016 - 2017 Intel Deutschland GmbH
- * Copyright(c) 2018 - 2019 Intel Corporation
+ * Copyright(c) 2012 - 2014, 2018 - 2020 Intel Corporation
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -28,10 +27,9 @@
  *
  * BSD LICENSE
  *
- * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
  * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
  * Copyright(c) 2016 - 2017 Intel Deutschland GmbH
- * Copyright(c) 2018 - 2019 Intel Corporation
+ * Copyright(c) 2012 - 2014, 2018 - 2020 Intel Corporation
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -2037,7 +2035,7 @@ static void iwl_mvm_cfg_he_sta(struct iwl_mvm *mvm,
 	rcu_read_lock();
 
 	sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_ctxt_cmd.sta_id]);
-	if (IS_ERR(sta)) {
+	if (IS_ERR_OR_NULL(sta)) {
 		rcu_read_unlock();
 		WARN(1, "Can't find STA to configure HE\n");
 		return;
-- 
2.20.1