staging: wfx: fix RCU usage in wfx_join_finalize()

Access to sta->ht_cap is protected by RCU. However,
hif_set_association_mode() may sleep, so it can't be called in RCU.

This patch fix this behavior by handling sta and its RCU directly from
function hif_set_association_mode().

Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Fixes: d00149011066 ("staging: wfx: fix RCU usage")
Link: https://lore.kernel.org/r/20200310101356.182818-5-Jerome.Pouiller@silabs.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/wfx/hif_tx_mib.h b/drivers/staging/wfx/hif_tx_mib.h
index bf3769c2a9b63487818673b01ee020526d1cb971..26b1406f9f6c462ce552bbdc25e44a920dd5d3a7 100644 (file)
--- a/drivers/staging/wfx/hif_tx_mib.h
+++ b/drivers/staging/wfx/hif_tx_mib.h
@@ -191,10 +191,10 @@ static inline int hif_set_block_ack_policy(struct wfx_vif *wvif,
 }
 
 static inline int hif_set_association_mode(struct wfx_vif *wvif,
-                                          struct ieee80211_bss_conf *info,
-                                          struct ieee80211_sta_ht_cap *ht_cap)
+                                          struct ieee80211_bss_conf *info)
 {
        int basic_rates = wfx_rate_mask_to_hw(wvif->wdev, info->basic_rates);
+       struct ieee80211_sta *sta = NULL;
        struct hif_mib_set_association_mode val = {
                .preambtype_use = 1,
                .mode = 1,
@@ -204,12 +204,17 @@ static inline int hif_set_association_mode(struct wfx_vif *wvif,
                .basic_rate_set = cpu_to_le32(basic_rates)
        };
 
+       rcu_read_lock(); // protect sta
+       if (info->bssid && !info->ibss_joined)
+               sta = ieee80211_find_sta(wvif->vif, info->bssid);
+
        // FIXME: it is strange to not retrieve all information from bss_info
-       if (ht_cap && ht_cap->ht_supported) {
-               val.mpdu_start_spacing = ht_cap->ampdu_density;
+       if (sta && sta->ht_cap.ht_supported) {
+               val.mpdu_start_spacing = sta->ht_cap.ampdu_density;
                if (!(info->ht_operation_mode & IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT))
-                       val.greenfield = !!(ht_cap->cap & IEEE80211_HT_CAP_GRN_FLD);
+                       val.greenfield = !!(sta->ht_cap.cap & IEEE80211_HT_CAP_GRN_FLD);
        }
+       rcu_read_unlock();
 
        return hif_write_mib(wvif->wdev, wvif->id,
                             HIF_MIB_ID_SET_ASSOCIATION_MODE, &val, sizeof(val));

diff --git a/drivers/staging/wfx/sta.c b/drivers/staging/wfx/sta.c
index 010e13bcd33efb8da8125e4fcecce10250b9542a..ed16475c207ca4cd698eee98eb909087ebdf79f3 100644 (file)
--- a/drivers/staging/wfx/sta.c
+++ b/drivers/staging/wfx/sta.c
@@ -691,6 +691,7 @@ static void wfx_join_finalize(struct wfx_vif *wvif,
                        wfx_rate_mask_to_hw(wvif->wdev, sta->supp_rates[wvif->channel->band]);
        else
                wvif->bss_params.operational_rate_set = -1;
+       rcu_read_unlock();
        if (sta &&
            info->ht_operation_mode & IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT)
                hif_dual_cts_protection(wvif, true);
@@ -703,8 +704,7 @@ static void wfx_join_finalize(struct wfx_vif *wvif,
        wvif->bss_params.beacon_lost_count = 20;
        wvif->bss_params.aid = info->aid;
 
-       hif_set_association_mode(wvif, info, sta ? &sta->ht_cap : NULL);
-       rcu_read_unlock();
+       hif_set_association_mode(wvif, info);
 
        if (!info->ibss_joined) {
                hif_keep_alive_period(wvif, 30 /* sec */);