lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230807150542.247801-10-jerome.pouiller@silabs.com>
Date:   Mon,  7 Aug 2023 17:05:42 +0200
From:   Jérôme Pouiller 
        <jerome.pouiller@...abs.com>
To:     Kalle Valo <kvalo@...nel.org>
Cc:     linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org,
        Jérôme Pouiller 
        <jerome.pouiller@...abs.com>
Subject: [PATCH 9/9] wifi: wfx: fix possible lock-up between scan and Rx filters

The device ignore the rx filters during the scan operation.
wfx_configure_filter() acquires scan_lock to reflect this restriction.
However, it is not really necessary since mac80211 don't try to
configure Rx filters during scan.

However, the things are changing. The scan operation is also used to
implement remain-on-channel. In this case, wfx_configure_filter() can be
called during the scan. Currently, this scenario generate a delay that
end with a timeout in the upper layers. For the final user, some
scenario of the EasyConnect specification end with a failure.

So, avoid acquiring the scan_lock and just return.

Signed-off-by: Jérôme Pouiller <jerome.pouiller@...abs.com>
---
 drivers/net/wireless/silabs/wfx/sta.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/silabs/wfx/sta.c b/drivers/net/wireless/silabs/wfx/sta.c
index 496b93de3ee58..1b6c158457b42 100644
--- a/drivers/net/wireless/silabs/wfx/sta.c
+++ b/drivers/net/wireless/silabs/wfx/sta.c
@@ -96,8 +96,11 @@ void wfx_configure_filter(struct ieee80211_hw *hw, unsigned int changed_flags,
 	*total_flags &= FIF_BCN_PRBRESP_PROMISC | FIF_ALLMULTI | FIF_OTHER_BSS |
 			FIF_PROBE_REQ | FIF_PSPOLL;
 
+	/* Filters are ignored during the scan. No frames are filtered. */
+	if (mutex_is_locked(&wdev->scan_lock))
+		return;
+
 	mutex_lock(&wdev->conf_mutex);
-	mutex_lock(&wdev->scan_lock);
 	while ((wvif = wvif_iterate(wdev, wvif)) != NULL) {
 		/* Note: FIF_BCN_PRBRESP_PROMISC covers probe response and
 		 * beacons from other BSS
@@ -126,7 +129,6 @@ void wfx_configure_filter(struct ieee80211_hw *hw, unsigned int changed_flags,
 			filter_prbreq = true;
 		wfx_hif_set_rx_filter(wvif, filter_bssid, filter_prbreq);
 	}
-	mutex_unlock(&wdev->scan_lock);
 	mutex_unlock(&wdev->conf_mutex);
 }
 
-- 
2.39.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ