Received: by 2002:a05:7412:f690:b0:e2:908c:2ebd with SMTP id ej16csp436490rdb;
        Thu, 19 Oct 2023 08:33:03 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHMSZXfHsOi9dzvHVcmuOETKH15KaEAt9u6iahUuy21vRnKPRekasZoKmYv9UEFz30LaWbH
X-Received: by 2002:aa7:88d0:0:b0:6b1:bf32:4fc3 with SMTP id k16-20020aa788d0000000b006b1bf324fc3mr2369888pff.19.1697729583073;
        Thu, 19 Oct 2023 08:33:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697729583; cv=none;
        d=google.com; s=arc-20160816;
        b=Fh0oyrF5ifMB/tZft0mS9h6+iHxQrzvFlJ2+J4BZg/bNvIS0zw7aOwibgrGfHzw9OM
         xXjZvcHl/LOZPwAmShPCpmBgbV5tV/xYINt7terQOxehESmg+cWLcxn86J1ZwGNLU6W1
         9U+qssVCo/YRFTl35uoEnBpkmRcOmLm3Snot141w06l022U2+Y6L/gkUtNJilOo+Bd7S
         A+9sOrkQz4Q818k8DXlVRHmNw6/xboyfo7Ti6LErG8d1H1AmjPUMUGN0Ijdua80tFUqE
         ky53CtufFCZLZB/qokFKxShlCYTB7gq0pZIOb2IwRKIeSeDQ5wWafNdaxG9R3kiwdOMZ
         RjJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=FhZ4Z75mCIeHkcTMQZzKJW1u19UywH2LlJgOT/Wh2jE=;
        fh=wVjIh4Ry7X7gqxD7x4+f60lKPnJwP7xEuzok5FQ1a8Q=;
        b=Ng4wosVRhiFvD1mBYve5yKS2fqBWqz3pYKm243l50iA5xkKyT6bAj1+hsdxtW2P474
         buB5u9z6Ut5GAs9tZyLBU94s3BZ3UPF6oCJRckn9OzLSsV4Zf6IvBvjwvFTQbAADXdGG
         LMszK7jp+m9iNFP1ce9wF7gBlBauy1hcI1XmuvSA+D/qddM3kidn84La5UPLPeX5S6gg
         YdtEFAQC7tl0FR3ZsPpc7xU3nQvrvdAGlHScvlzt391ja1z/Y+tWoN75fYTHDtifWjk0
         JdyJxNqS/E3Z6J+0AU1AXvzBqSbBk54AP78ZiLYCTlpRVLaJdPRAxZdLrkBJQNd8V0rZ
         JhRQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=POBMJg19;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-wireless-owner@vger.kernel.org>
Received: from morse.vger.email (morse.vger.email. [23.128.96.31])
        by mx.google.com with ESMTPS id f21-20020a056a00239500b006b8e367ed42si4393187pfc.54.2023.10.19.08.33.02
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 19 Oct 2023 08:33:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=POBMJg19;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by morse.vger.email (Postfix) with ESMTP id DECCB832CBFF;
	Thu, 19 Oct 2023 08:32:59 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1346239AbjJSPc6 (ORCPT <rfc822;h4nn35.work@gmail.com>
        + 52 others); Thu, 19 Oct 2023 11:32:58 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49054 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1345747AbjJSPc6 (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Thu, 19 Oct 2023 11:32:58 -0400
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD24312F;
        Thu, 19 Oct 2023 08:32:56 -0700 (PDT)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6655CC433C8;
        Thu, 19 Oct 2023 15:32:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1697729576;
        bh=JmxVPCdruKLMQZ5RUKgTCknlS6N8U4MPq35+pkolZUQ=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=POBMJg19qSQ8erDJJsBUAf4QYH8J8D1C98PNUaEeDBax10sfUqooXE+3ZKs22bFFx
         Tg9fXsoNI6LSy/j0et+lzIy5ceQrs4BsPjQwjk6tD+nHsf2hGul/MyaheRNwH/wszt
         xHYnJlyz6oQmakAfMzDckwV0XWI316CcWj3YbngQAeHnep2LSdzgNys2eLGFEu5KNM
         HddIU7Bp2dEJECPMzwA191ONt1VSdxObTlvZ+T1OKmQWSXiA7A6TOvMFzR4bwLKq8l
         or2NE7fzpEJnHxWyFEMg+AOLSbqyFlZjJejvqN1n0klNmtRYMy+tSULs0BB/IKbE4I
         Zwz+s+1Czk0Aw==
Received: from johan by xi.lan with local (Exim 4.96)
        (envelope-from <johan+linaro@kernel.org>)
        id 1qtV1A-0006tC-0o;
        Thu, 19 Oct 2023 17:33:00 +0200
From:   Johan Hovold <johan+linaro@kernel.org>
To:     Kalle Valo <kvalo@kernel.org>
Cc:     Jeff Johnson <quic_jjohnson@quicinc.com>,
        ath11k@lists.infradead.org, linux-wireless@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        Johan Hovold <johan+linaro@kernel.org>, stable@vger.kernel.org
Subject: [PATCH v2 2/2] wifi: ath11k: fix dfs radar event locking
Date:   Thu, 19 Oct 2023 17:31:15 +0200
Message-ID: <20231019153115.26401-3-johan+linaro@kernel.org>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20231019153115.26401-1-johan+linaro@kernel.org>
References: <20231019153115.26401-1-johan+linaro@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Thu, 19 Oct 2023 08:32:59 -0700 (PDT)

The ath11k active pdevs are protected by RCU but the DFS radar event
handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a
read-side critical section.

Mark the code in question as an RCU read-side critical section to avoid
any potential use-after-free issues.

Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Cc: stable@vger.kernel.org      # 5.6
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
---
 drivers/net/wireless/ath/ath11k/wmi.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/net/wireless/ath/ath11k/wmi.c b/drivers/net/wireless/ath/ath11k/wmi.c
index da1582b8dc30..f0eac6cb84fd 100644
--- a/drivers/net/wireless/ath/ath11k/wmi.c
+++ b/drivers/net/wireless/ath/ath11k/wmi.c
@@ -8337,6 +8337,8 @@ ath11k_wmi_pdev_dfs_radar_detected_event(struct ath11k_base *ab, struct sk_buff
 		   ev->detector_id, ev->segment_id, ev->timestamp, ev->is_chirp,
 		   ev->freq_offset, ev->sidx);
 
+	rcu_read_lock();
+
 	ar = ath11k_mac_get_ar_by_pdev_id(ab, ev->pdev_id);
 
 	if (!ar) {
@@ -8354,6 +8356,8 @@ ath11k_wmi_pdev_dfs_radar_detected_event(struct ath11k_base *ab, struct sk_buff
 		ieee80211_radar_detected(ar->hw);
 
 exit:
+	rcu_read_unlock();
+
 	kfree(tb);
 }
 
-- 
2.41.0