CVE-2024-58096

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: ath11k: add srng-&gt;lock for ath11k_hal_srng_* in monitor mode<br /> <br /> ath11k_hal_srng_* should be used with srng-&gt;lock to protect srng data.<br /> <br /> For ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(),<br /> they use ath11k_hal_srng_* for many times but never call srng-&gt;lock.<br /> <br /> So when running (full) monitor mode, warning will occur:<br /> RIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]<br /> Call Trace:<br /> ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]<br /> ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k]<br /> ? idr_alloc_u32+0x97/0xd0<br /> ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k]<br /> ath11k_dp_service_srng+0x289/0x5a0 [ath11k]<br /> ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k]<br /> __napi_poll+0x30/0x1f0<br /> net_rx_action+0x198/0x320<br /> __do_softirq+0xdd/0x319<br /> <br /> So add srng-&gt;lock for them to avoid such warnings.<br /> <br /> Inorder to fetch the srng-&gt;lock, should change srng&amp;#39;s definition from<br /> &amp;#39;void&amp;#39; to &amp;#39;struct hal_srng&amp;#39;. And initialize them elsewhere to prevent<br /> one line of code from being too long. This is consistent with other ring<br /> process functions, such as ath11k_dp_process_rx().<br /> <br /> Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30<br /> Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1