lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20260123190132.1060514-1-n7l8m4@u.northwestern.edu>
Date: Fri, 23 Jan 2026 19:01:32 +0000
From: Ziyi Guo <n7l8m4@...orthwestern.edu>
To: Kalle Valo <kvalo@...nel.org>
Cc: Jeff Johnson <jjohnson@...nel.org>,
	linux-wireless@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Ziyi Guo <n7l8m4@...orthwestern.edu>
Subject: [PATCH] wifi: wil6210: add missing mutex protection in WMI event handlers

wmi_evt_auth_status() and wmi_evt_reassoc_status() call wil6210_disconnect
in their error paths without holding wil->mutex. This eventually leads to
wil_ring_fini_tx() and wil_ring_free_edma() being called, both of which
require the mutex to be held as indicated by lockdep_assert_held().

Other callers of wil6210_disconnect() (wil_cfg80211_del_station,
wil_vif_remove, wil_reset) properly acquire the mutex before calling.

Add mutex_lock()/mutex_unlock() around the wil6210_disconnect() calls
in the WMI event handlers to fix the missing lock protection.

Signed-off-by: Ziyi Guo <n7l8m4@...orthwestern.edu>
---
 drivers/net/wireless/ath/wil6210/wmi.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/net/wireless/ath/wil6210/wmi.c b/drivers/net/wireless/ath/wil6210/wmi.c
index 6d376f85fbde..2bd09a225ad0 100644
--- a/drivers/net/wireless/ath/wil6210/wmi.c
+++ b/drivers/net/wireless/ath/wil6210/wmi.c
@@ -1703,7 +1703,9 @@ wmi_evt_auth_status(struct wil6210_vif *vif, int id, void *d, int len)
 	return;
 
 fail:
+	mutex_lock(&wil->mutex);
 	wil6210_disconnect(vif, NULL, WLAN_REASON_PREV_AUTH_NOT_VALID);
+	mutex_unlock(&wil->mutex);
 }
 
 static void
@@ -1832,7 +1834,9 @@ wmi_evt_reassoc_status(struct wil6210_vif *vif, int id, void *d, int len)
 	return;
 
 fail:
+	mutex_lock(&wil->mutex);
 	wil6210_disconnect(vif, NULL, WLAN_REASON_PREV_AUTH_NOT_VALID);
+	mutex_unlock(&wil->mutex);
 }
 
 static void
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ