Commit 9e2db50f authored by Johannes Berg's avatar Johannes Berg

mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection

This is needed since it might use (and pass out) pointers to
e.g. keys protected by RCU. Can't really happen here as the
frames aren't encrypted, but we need to still adhere to the
rules.

Fixes: cacfddf8 ("mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work")
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20220505230421.5f139f9de173.I77ae111a28f7c0e9fd1ebcee7f39dbec5c606770@changeidSigned-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent a59d5556
...@@ -2478,11 +2478,13 @@ static void hw_scan_work(struct work_struct *work) ...@@ -2478,11 +2478,13 @@ static void hw_scan_work(struct work_struct *work)
if (req->ie_len) if (req->ie_len)
skb_put_data(probe, req->ie, req->ie_len); skb_put_data(probe, req->ie, req->ie_len);
rcu_read_lock();
if (!ieee80211_tx_prepare_skb(hwsim->hw, if (!ieee80211_tx_prepare_skb(hwsim->hw,
hwsim->hw_scan_vif, hwsim->hw_scan_vif,
probe, probe,
hwsim->tmp_chan->band, hwsim->tmp_chan->band,
NULL)) { NULL)) {
rcu_read_unlock();
kfree_skb(probe); kfree_skb(probe);
continue; continue;
} }
...@@ -2490,6 +2492,7 @@ static void hw_scan_work(struct work_struct *work) ...@@ -2490,6 +2492,7 @@ static void hw_scan_work(struct work_struct *work)
local_bh_disable(); local_bh_disable();
mac80211_hwsim_tx_frame(hwsim->hw, probe, mac80211_hwsim_tx_frame(hwsim->hw, probe,
hwsim->tmp_chan); hwsim->tmp_chan);
rcu_read_unlock();
local_bh_enable(); local_bh_enable();
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment