| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Nov 2018 12:03:09 +0100
From: Lorenzo Bianconi <lorenzo.bianconi@...hat.com>
To: kvalo@...eaurora.org
Cc: nbd@....name, sgruszka@...hat.com, linux-wireless@...r.kernel.org,
netdev@...r.kernel.org
Subject: [PATCH] mt76: fix uninitialized mutex access setting rts threshold
Fix following crash due to a leftover uninitialized mutex access
in mt76x2_set_rts_threshold routine.
[ 31.018059] Call Trace:
[ 31.018341] register_lock_class+0x51f/0x530
[ 31.018828] __lock_acquire+0x6c/0x1580
[ 31.019247] lock_acquire+0x88/0x120
[ 31.021089] __mutex_lock+0x4a/0x4f0
[ 31.023343] mt76x2_set_rts_threshold+0x28/0x50
[ 31.023831] ieee80211_set_wiphy_params+0x16d/0x4e0
[ 31.024344] nl80211_set_wiphy+0x72b/0xbc0
[ 31.024781] genl_family_rcv_msg+0x192/0x3a0
[ 31.025233] genl_rcv_msg+0x42/0x89
[ 31.026079] netlink_rcv_skb+0x38/0x100
[ 31.026475] genl_rcv+0x1f/0x30
[ 31.026804] netlink_unicast+0x19c/0x250
[ 31.027212] netlink_sendmsg+0x1ed/0x390
[ 31.027615] sock_sendmsg+0x31/0x40
[ 31.027973] ___sys_sendmsg+0x23c/0x280
[ 31.030414] __sys_sendmsg+0x42/0x80
[ 31.030783] do_syscall_64+0x4a/0x170
[ 31.031160] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 31.031677] RIP: 0033:0x7f3498b39ba7
[ 31.033953] RSP: 002b:00007fffe19675b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 31.034883] RAX: ffffffffffffffda RBX: 00000000012d5350 RCX: 00007f3498b39ba7
[ 31.035756] RDX: 0000000000000000 RSI: 00007fffe19675f0 RDI: 0000000000000003
[ 31.036587] RBP: 00000000012da740 R08: 0000000000000002 R09: 0000000000000000
[ 31.037422] R10: 0000000000000006 R11: 0000000000000246 R12: 00000000012da880
[ 31.038252] R13: 00007fffe19675f0 R14: 00007fffe19678c0 R15: 00000000012da880
Fixes: 108a4861ef19 ("mt76: create new mt76x02-lib module for common
mt76x{0,2} code")
Reported-by: lorenzo.trisolini@...idmesh.com
Reported-by: luca.bisti@...idmesh.com
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@...hat.com>
---
This patch is for 4.20
---
drivers/net/wireless/mediatek/mt76/mt76x02.h | 1 -
drivers/net/wireless/mediatek/mt76/mt76x2/pci_main.c | 4 ++--
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02.h b/drivers/net/wireless/mediatek/mt76/mt76x02.h
index 47c42c607964..7806963b1905 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76x02.h
+++ b/drivers/net/wireless/mediatek/mt76/mt76x02.h
@@ -71,7 +71,6 @@ struct mt76x02_dev {
struct mac_address macaddr_list[8];
struct mutex phy_mutex;
- struct mutex mutex;
u8 txdone_seq;
DECLARE_KFIFO_PTR(txstatus_fifo, struct mt76x02_tx_status);
diff --git a/drivers/net/wireless/mediatek/mt76/mt76x2/pci_main.c b/drivers/net/wireless/mediatek/mt76/mt76x2/pci_main.c
index 034a06295668..3f001bd6806c 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76x2/pci_main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x2/pci_main.c
@@ -272,9 +272,9 @@ mt76x2_set_rts_threshold(struct ieee80211_hw *hw, u32 val)
if (val != ~0 && val > 0xffff)
return -EINVAL;
- mutex_lock(&dev->mutex);
+ mutex_lock(&dev->mt76.mutex);
mt76x2_mac_set_tx_protection(dev, val);
- mutex_unlock(&dev->mutex);
+ mutex_unlock(&dev->mt76.mutex);
return 0;
}
--
2.19.1
Powered by blists - more mailing lists