NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_msm-6.1_noth.../net
History
Léo Lam 75c27bdb21 wifi: nl80211: fix deadlock in nl80211_set_cqm_rssi (6.6.x) 
Commit 008afb9f3d57 ("wifi: cfg80211: fix CQM for non-range use"
backported to 6.6.x) causes nl80211_set_cqm_rssi not to release the
wdev lock in some of the error paths.

Of course, the ensuing deadlock causes userland network managers to
break pretty badly, and on typical systems this also causes lockups on
on suspend, poweroff and reboot. See [1], [2], [3] for example reports.

The upstream commit 7e7efdda6adb ("wifi: cfg80211: fix CQM for non-range
use"), committed in November 2023, is completely fine because there was
another commit in August 2023 that removed the wdev lock:
see commit 076fc8775daf ("wifi: cfg80211: remove wdev mutex").

The reason things broke in 6.6.5 is that commit 4338058f6009 was applied
without also applying 076fc8775daf.

Commit 076fc8775daf ("wifi: cfg80211: remove wdev mutex") is a rather
large commit; adjusting the error handling (which is what this commit does)
yields a much simpler patch and was tested to work properly.

Fix the deadlock by releasing the lock before returning.

[1] https://bugzilla.kernel.org/show_bug.cgi?id=218247
[2] https://bbs.archlinux.org/viewtopic.php?id=290976
[3] https://lore.kernel.org/all/87sf4belmm.fsf@turtle.gmx.de/

Link: https://lore.kernel.org/stable/e374bb16-5b13-44cc-b11a-2f4eefb1ecf5@manjaro.org/
Fixes: 008afb9f3d57 ("wifi: cfg80211: fix CQM for non-range use")
Tested-by: "Léo Lam" <leo@leolam.fr>
Tested-by: "Philip Müller" <philm@manjaro.org>
Cc: stable@vger.kernel.org
Cc: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: "Léo Lam" <leo@leolam.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-01-01 12:39:09 +00:00
..
6lowpan
9p net: 9p: avoid freeing uninit memory in p9pdu_vreadf 2024-01-01 12:39:04 +00:00
802 mrp: introduce active flags to prevent UAF when applicant uninit 2022-12-31 13:33:02 +01:00
8021q net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() 2024-01-01 12:38:57 +00:00
appletalk appletalk: Fix Use-After-Free in atalk_ioctl 2023-12-20 17:00:19 +01:00
atm atm: Fix Use-After-Free in do_vcc_ioctl 2023-12-20 17:00:17 +01:00
ax25 ax25: move from strlcpy with unused retval to strscpy 2022-08-22 17:55:50 -07:00
batman-adv net: vlan: introduce skb_vlan_eth_hdr() 2023-12-20 17:00:16 +01:00
bluetooth Bluetooth: Add more enc key size check 2024-01-01 12:39:03 +00:00
bpf Revert "bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES" 2023-03-17 08:50:32 +01:00
bpfilter
bridge netfilter: nf_conntrack_bridge: initialize err to 0 2023-11-28 17:07:05 +00:00
caif net: caif: Fix use-after-free in cfusbl_device_notify() 2023-03-17 08:50:24 +01:00
can can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior 2023-10-19 23:08:52 +02:00
ceph libceph: use kernel_connect() 2023-10-19 23:08:56 +02:00
core net: check dev->gso_max_size in gso_features_check() 2024-01-01 12:38:58 +00:00
dcb net: dcb: choose correct policy to parse DCB_ATTR_BCN 2023-08-11 12:08:17 +02:00
dccp dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:52:16 +01:00
devlink devlink: remove reload failed checks in params get/set callbacks 2023-09-23 11:11:01 +02:00
dns_resolver keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry 2024-01-01 12:38:58 +00:00
dsa net: dsa: sja1105: always enable the send_meta options 2023-07-19 16:22:06 +02:00
ethernet net: gro: skb_gro_header helper function 2022-08-25 10:33:21 +02:00
ethtool ipv6: Remove in6addr_any alternatives. 2023-09-19 12:28:10 +02:00
hsr hsr: Prevent use after free in prp_create_tagged_frame() 2023-11-20 11:52:15 +01:00
ieee802154 net: ieee802154: fix error return code in dgram_bind() 2022-10-07 09:29:17 +02:00
ife net: sched: ife: fix potential use-after-free 2024-01-01 12:38:56 +00:00
ipv4 net: Remove acked SYN flag from packet in the transmit queue correctly 2023-12-20 17:00:18 +01:00
ipv6 net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX 2023-12-20 17:00:15 +01:00
iucv net/iucv: Fix size of interrupt data 2023-03-22 13:33:50 +01:00
kcm kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). 2023-09-19 12:28:10 +02:00
key net: af_key: fix sadb_x_filter validation 2023-08-23 17:52:32 +02:00
l2tp ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() 2023-10-10 22:00:42 +02:00
l3mdev
lapb
llc llc: verify mac len before reading mac header 2023-11-20 11:52:15 +01:00
mac80211 wifi: mac80211: mesh_plink: fix matches_local logic 2024-01-01 12:38:54 +00:00
mac802154 mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() 2022-12-05 09:53:08 +01:00
mctp mctp: perform route lookups under a RCU read-side lock 2023-10-19 23:08:57 +02:00
mpls net: mpls: fix stale pointer if allocation fails during device rename 2023-02-22 12:59:53 +01:00
mptcp mptcp: fix setsockopt(IP_TOS) subflow locking 2023-11-28 17:07:20 +00:00
ncsi Revert ncsi: Propagate carrier gain/loss events to the NCSI controller 2023-11-28 17:07:18 +00:00
netfilter netfilter: nft_set_pipapo: skip inactive elements during set walk 2023-12-13 18:39:29 +01:00
netlabel netlabel: fix shift wrapping bug in netlbl_catmap_setlong() 2023-09-13 09:42:24 +02:00
netlink drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group 2023-12-13 18:39:12 +01:00
netrom netrom: Deny concurrent connect(). 2023-09-13 09:42:35 +02:00
nfc nfc: nci: fix possible NULL pointer dereference in send_acknowledge() 2023-10-25 12:03:04 +02:00
nsh net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() 2023-05-24 17:32:45 +01:00
openvswitch net: openvswitch: reject negative ifindex 2023-08-23 17:52:35 +02:00
packet packet: Move reference count in packet_sock to atomic_long_t 2023-12-13 18:39:20 +01:00
phonet
psample psample: Require 'CAP_NET_ADMIN' when joining "packets" group 2023-12-13 18:39:11 +01:00
qrtr net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() 2023-04-20 12:35:09 +02:00
rds net: prevent address rewrite in kernel_bind() 2023-10-19 23:08:50 +02:00
rfkill net: rfkill: gpio: set GPIO direction 2024-01-01 12:39:04 +00:00
rose net/rose: fix races in rose_kill_by_device() 2024-01-01 12:38:57 +00:00
rxrpc rxrpc: Fix hard call timeout units 2023-05-17 11:53:35 +02:00
sched net: sched: cls_u32: Fix allocation size in u32_init() 2023-11-08 14:10:57 +01:00
sctp sctp: update hb timer immediately after users change hb_interval 2023-10-10 22:00:44 +02:00
smc net/smc: avoid data corruption caused by decline 2023-12-03 07:32:08 +01:00
strparser
sunrpc svcrdma: Drop connection after an RDMA Read error 2023-11-28 17:07:11 +00:00
switchdev
tipc tipc: Fix kernel-infoleak due to uninitialized TLV value 2023-11-28 17:07:05 +00:00
tls net: tls, update curr on splice as well 2023-12-20 17:00:28 +01:00
unix af_unix: fix use-after-free in unix_stream_read_actor() 2023-11-28 17:07:05 +00:00
vmw_vsock vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() 2023-12-20 17:00:19 +01:00
wireless wifi: nl80211: fix deadlock in nl80211_set_cqm_rssi (6.6.x) 2024-01-01 12:39:09 +00:00
x25 net/x25: Fix to not accept on connected socket 2023-02-09 11:28:13 +01:00
xdp xsk: Skip polling event check for unbound socket 2023-12-13 18:39:08 +01:00
xfrm net: xfrm: skip policies marked as dead while reinserting policies 2023-10-25 12:03:12 +02:00
compat.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
devres.c
Kconfig Remove DECnet support from kernel 2022-08-22 14:26:30 +01:00
Kconfig.debug net: make NET_(DEV|NS)_REFCNT_TRACKER depend on NET 2022-09-20 14:23:56 -07:00
Makefile devlink: move code to a dedicated directory 2023-08-30 16:11:00 +02:00
socket.c net: prevent address rewrite in kernel_bind() 2023-10-19 23:08:50 +02:00
sysctl_net.c