kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   13386489b3715713e9c83ba6d27e2fb084ec5f4d
  2.   patches.suse
  3.   mt76-stop-rx-aggregation-on-station-removal.patch
Blob Blame History Raw 
From 58bab0d42f25fca97f35719f381485fdc873643e Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Mon, 12 Aug 2019 15:48:53 +0200
Subject: [PATCH] mt76: stop rx aggregation on station removal
Git-commit: 58bab0d42f25fca97f35719f381485fdc873643e
Patch-mainline: v5.4-rc1
References: git-fixes

Fixes use-after-free issues on forced station removal during hardware restart
on MT76x02

Fixes: aee5b8cf2477 ("mt76: implement A-MPDU rx reordering in the driver code")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Acked-by: Takashi Iwai <tiwai@suse.de>

---
 drivers/net/wireless/mediatek/mt76/mac80211.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/wireless/mediatek/mt76/mac80211.c b/drivers/net/wireless/mediatek/mt76/mac80211.c
index aeb535204c4d..32ddbf088817 100644
--- a/drivers/net/wireless/mediatek/mt76/mac80211.c
+++ b/drivers/net/wireless/mediatek/mt76/mac80211.c
@@ -708,6 +708,9 @@ void __mt76_sta_remove(struct mt76_dev *dev, struct ieee80211_vif *vif,
 	rcu_assign_pointer(dev->wcid[idx], NULL);
 	synchronize_rcu();
 
+	for (i = 0; i < ARRAY_SIZE(wcid->aggr); i++)
+		mt76_rx_aggr_stop(dev, wcid, i);
+
 	if (dev->drv->sta_remove)
 		dev->drv->sta_remove(dev, vif, sta);
 
-- 
2.16.4
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.