| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 May 2023 21:22:06 +0200
From: Philipp Hortmann <philipp.g.hortmann@...il.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: [PATCH] staging: rtl8192e: Unlock wx_mutex not in rtllib_wx_set_scan
On start of rtllib_wx_set_scan lock was taken with
mutex_lock(&ieee->wx_mutex). Unlocking was done at the end of
schedule_work(&ieee->wx_sync_scan_wq) which lead to the error "lock held
when returning to user space!". Pushing lock to beginning of
ieee->wx_sync_scan_wq to improve overview. Removed lock from
rtllib_wx_set_scan as ieee->state, ieee->iw_mode and ieee->proto_started
are not protected in many other places.
Signed-off-by: Philipp Hortmann <philipp.g.hortmann@...il.com>
---
Tested with rtl8192e (WLL6130-D99)
Transferred this patch over wlan connection of rtl8192e
[ 7379.147691] ================================================
[ 7379.147693] WARNING: lock held when returning to user space!
[ 7379.147694] 6.3.0+ #8 Tainted: G C OE
[ 7379.147696] ------------------------------------------------
[ 7379.147697] wpa_supplicant/1193 is leaving the kernel with locks still held!
[ 7379.147699] 1 lock held by wpa_supplicant/1193:
[ 7379.147701] #0: ffff8c54dd0090b0 (&ieee->wx_mutex){+.+.}-{4:4}, at: rtllib_wx_set_scan+0x22/0x80 [rtllib]
---
drivers/staging/rtl8192e/rtllib_softmac_wx.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/staging/rtl8192e/rtllib_softmac_wx.c b/drivers/staging/rtl8192e/rtllib_softmac_wx.c
index 371864f0087f..e93da95f175b 100644
--- a/drivers/staging/rtl8192e/rtllib_softmac_wx.c
+++ b/drivers/staging/rtl8192e/rtllib_softmac_wx.c
@@ -332,6 +332,7 @@ void rtllib_wx_sync_scan_wq(void *data)
enum ht_channel_width bandwidth = 0;
int b40M = 0;
+ mutex_lock(&ieee->wx_mutex);
if (!(ieee->softmac_features & IEEE_SOFTMAC_SCAN)) {
rtllib_start_scan_syncro(ieee, 0);
goto out;
@@ -404,8 +405,6 @@ int rtllib_wx_set_scan(struct rtllib_device *ieee, struct iw_request_info *a,
{
int ret = 0;
- mutex_lock(&ieee->wx_mutex);
-
if (ieee->iw_mode == IW_MODE_MONITOR || !(ieee->proto_started)) {
ret = -1;
goto out;
@@ -418,7 +417,6 @@ int rtllib_wx_set_scan(struct rtllib_device *ieee, struct iw_request_info *a,
}
out:
- mutex_unlock(&ieee->wx_mutex);
return ret;
}
EXPORT_SYMBOL(rtllib_wx_set_scan);
--
2.40.1
Powered by blists - more mailing lists