github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-31 18:43:33 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

wifi: rtw89: use skb_dequeue() for queued ROC packets to prevent racing

Browse Source 
TX task can enqueue ROC skb, but other tasks dequeue the skb. Using
skb_queue_walk_safe() without locking will cause potential racing.
Use skb_dequeue() with lock instead.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20251021133402.15467-3-pkshih@realtek.com
This commit is contained in:
Ping-Ke Shih 2025-10-21 21:33:56 +08:00
parent b47d748110
commit f44a9b14a7
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
drivers/net/wireless/realtek/rtw89/core.c
View File

@ -3632,12 +3632,10 @@ void rtw89_core_free_sta_pending_roc_tx(struct rtw89_dev *rtwdev,
struct ieee80211_sta *sta)
{
struct rtw89_sta *rtwsta = sta_to_rtwsta(sta);
struct sk_buff *skb, *tmp;
struct sk_buff *skb;
skb_queue_walk_safe(&rtwsta->roc_queue, skb, tmp) {
skb_unlink(skb, &rtwsta->roc_queue);
while ((skb = skb_dequeue(&rtwsta->roc_queue)))
dev_kfree_skb_any(skb);
}
}
static void rtw89_core_stop_tx_ba_session(struct rtw89_dev *rtwdev,
@ -3881,8 +3879,8 @@ static void rtw89_core_sta_pending_tx_iter(void *data,
struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
struct rtw89_vif_link *target = data;
struct rtw89_vif_link *rtwvif_link;
struct sk_buff *skb, *tmp;
unsigned int link_id;
struct sk_buff *skb;
int qsel, ret;
rtw89_vif_for_each_link(rtwvif, rtwvif_link, link_id)
@ -3895,9 +3893,7 @@ static void rtw89_core_sta_pending_tx_iter(void *data,
if (skb_queue_len(&rtwsta->roc_queue) == 0)
return;
skb_queue_walk_safe(&rtwsta->roc_queue, skb, tmp) {
skb_unlink(skb, &rtwsta->roc_queue);
while ((skb = skb_dequeue(&rtwsta->roc_queue))) {
ret = rtw89_core_tx_write(rtwdev, vif, sta, skb, &qsel);
if (ret) {
rtw89_warn(rtwdev, "pending tx failed with %d\n", ret);