> -----Original Message-----
> From: Bitterblue Smith <rtl8821cerfe2@xxxxxxxxx>
> Sent: Tuesday, November 22, 2022 4:57 AM
> To: linux-wireless@xxxxxxxxxxxxxxx
> Cc: Jes Sorensen <Jes.Sorensen@xxxxxxxxx>; Ping-Ke Shih <pkshih@xxxxxxxxxxx>
> Subject: [PATCH v2] wifi: rtl8xxxu: Fix use after rcu_read_unlock in rtl8xxxu_bss_info_changed
>
> Commit a8b5aef2cca1 ("wifi: rtl8xxxu: gen2: Enable 40 MHz channel width")
> introduced a line where the pointer returned by ieee80211_find_sta() is
> used after rcu_read_unlock().
>
> Move rcu_read_unlock() a bit lower to fix this.
>
> Fixes: a8b5aef2cca1 ("wifi: rtl8xxxu: gen2: Enable 40 MHz channel width")
> Signed-off-by: Bitterblue Smith <rtl8821cerfe2@xxxxxxxxx>
Reviewed-by: Ping-Ke Shih <pkshih@xxxxxxxxxxx>
> ---
> v2:
> - Adjust the commit message.
> ---
> drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
> b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
> index e8fcd531c437..28f136064297 100644
> --- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
> +++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
> @@ -4645,7 +4645,6 @@ rtl8xxxu_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
> if (sta->deflink.ht_cap.cap &
> (IEEE80211_HT_CAP_SGI_40 | IEEE80211_HT_CAP_SGI_20))
> sgi = 1;
> - rcu_read_unlock();
>
> highest_rate = fls(ramask) - 1;
> if (highest_rate < DESC_RATE_MCS0) {
> @@ -4670,6 +4669,7 @@ rtl8xxxu_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
> else
> rarpt->txrate.bw = RATE_INFO_BW_20;
> }
> + rcu_read_unlock();
> bit_rate = cfg80211_calculate_bitrate(&rarpt->txrate);
> rarpt->bit_rate = bit_rate;
> rarpt->desc_rate = highest_rate;
> --
> 2.38.0
>
> ------Please consider the environment before printing this e-mail.
