proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-12-08 16:04:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
454994cfa9
mirror_ubuntu-kernels/drivers/net/wireless/ath
History
Fedor Pchelkin 454994cfa9 wifi: ath9k: protect WMI command response buffer replacement with a lock 
If ath9k_wmi_cmd() has exited with a timeout, it is possible that during
next ath9k_wmi_cmd() call the wmi_rsp callback for previous wmi command
writes to new wmi->cmd_rsp_buf and makes a completion. This results in an
invalid ath9k_wmi_cmd() return value.

Move the replacement of WMI command response buffer and length under
wmi_lock. Note that last_seq_id value is updated there, too.

Thus, the buffer cannot be written to by a belated wmi_rsp callback
because that path is properly rejected by the last_seq_id check.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Fixes: fb9987d0f7 ("ath9k_htc: Support for AR9271 chipset.")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230425192607.18015-2-pchelkin@ispras.ru
2023-08-22 16:35:17 +03:00
..
ar5523 Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git 2022-10-29 08:25:50 +03:00
ath5k wifi: ath5k: Remove redundant dev_err() 2023-08-22 16:32:52 +03:00
ath6kl wireless-next patches for v6.6 2023-08-04 18:34:25 -07:00
ath9k wifi: ath9k: protect WMI command response buffer replacement with a lock 2023-08-22 16:35:17 +03:00
ath10k wifi: drivers: Explicitly include correct DT includes 2023-08-01 17:48:38 +03:00
ath11k wireless-next patches for v6.6 2023-08-04 18:34:25 -07:00
ath12k Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-08-10 14:10:53 -07:00
carl9170 wifi: carl9170: Replace fake flex-array with flexible-array member 2023-03-24 16:54:01 +02:00
wcn36xx wifi: drivers: Explicitly include correct DT includes 2023-08-01 17:48:38 +03:00
wil6210 wifi: wil6210: fix fortify warnings 2023-07-27 19:12:49 +03:00
ath.h wifi: ath: Silence memcpy run-time false positive warning 2023-02-17 18:24:16 +02:00
debug.c
dfs_pattern_detector.c ath: dfs_pattern_detector: Avoid open coded arithmetic in memory allocation 2022-01-17 14:41:51 +02:00
dfs_pattern_detector.h
dfs_pri_detector.c
dfs_pri_detector.h
hw.c wifi: ath: fix repeated words in comments 2022-07-18 13:04:50 +03:00
Kconfig wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices 2022-11-29 12:49:06 +02:00
key.c wifi: ath: Silence memcpy run-time false positive warning 2023-02-17 18:24:16 +02:00
main.c
Makefile wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices 2022-11-29 12:49:06 +02:00
reg.h
regd_common.h ath: regdom: extend South Korea regulatory domain support 2021-12-08 10:37:38 +02:00
regd.c Revert "ath: add support for special 0x0 regulatory domain" 2022-03-07 19:45:08 +02:00
regd.h ath: regdom: extend South Korea regulatory domain support 2021-12-08 10:37:38 +02:00
spectral_common.h ath: Replace zero-length arrays with flexible-array members 2022-02-21 12:26:28 +02:00
trace.c
trace.h tracing/ath: Use the new __vstring() helper 2022-07-15 17:44:40 -04:00