]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5ff705f) | patch
mac80211: fix remain-on-channel cancel crash
authorJohannes Berg <johannes.berg@intel.com>
Mon, 25 Mar 2013 10:51:14 +0000 (11:51 +0100)
committerJohannes Berg <johannes.berg@intel.com>
Mon, 25 Mar 2013 12:50:33 +0000 (13:50 +0100)
commit47d88b3c14cdd126bbd06588e04217634b4c2860
treee19f4ad8aeda39090f26643c2063fc1050300391tree | snapshot
parent5ff705fad3a12475d34f59cd5e536d1cd9a63f3fcommit | diff
mac80211: fix remain-on-channel cancel crash

If a ROC item is canceled just as it expires, the work
struct may be scheduled while it is running (and waiting
for the mutex). This results in it being run after being
freed, which obviously crashes.

To fix this don't free it when aborting is requested but
instead mark it as "to be freed", which makes the work a
no-op and allows freeing it outside.

Cc: stable@vger.kernel.org [3.6+]
Reported-by: Jouni Malinen <j@w1.fi>
Tested-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/mac80211/cfg.c diff | blob | history
net/mac80211/ieee80211_i.h diff | blob | history
net/mac80211/offchannel.c diff | blob | history
Linux Kernel Source Tree.