wifi: cfg80211: fix cqm_config access race
Max Schulze reports crashes with brcmfmac. The reason seems to be a race between userspace removing the CQM config and the driver calling cfg80211_cqm_rssi_notify(), where if the data is freed while cfg80211_cqm_rssi_notify() runs it will crash since it assumes wdev->cqm_config is set. This can't be fixed with a simple non-NULL check since there's nothing we can do for locking easily, so use RCU instead to protect the pointer, but that requires pulling the updates out into an asynchronous worker so they can sleep and call back into the driver. Since we need to change the free anyway, also change it to go back to the old settings if changing the settings fails. Reported-and-tested-by: Max Schulze <max.schulze@online.de> Closes: https://lore.kernel.org/r/ac96309a-8d8d-4435-36e6-6d152eb31876@online.de Fixes: 4a4b8169 ("cfg80211: Accept multiple RSSI thresholds for CQM") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
parent
8ba438ef
-
mentioned in commit c797498e
-
mentioned in commit fb195ff4
-
mentioned in commit 3fcc6d7d
-
mentioned in commit 2ae4585f
-
mentioned in commit 42970d32
-
mentioned in commit 32fb9b7d
-
mentioned in commit e851875c
-
mentioned in commit 307a6525
-
mentioned in commit 4a7e9255
-
mentioned in commit 15577a98
-
mentioned in commit d6730990
Please register or sign in to comment