Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
OpenWrt
/
openwrt
-ын хуулбар https://github.com/openwrt/openwrt.git
2
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Мод: c8a30172f8
Салаанууд Тагууд
openwrt
/
package
/
kernel
/
mac80211
/
patches
/
subsys
/
381-mac80211-fix-a-kernel-panic-when-TXing-after-TXQ-tea.patch

381-mac80211-fix-a-kernel-panic-when-TXing-after-TXQ-tea.patch 2.3 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. From a50e5fb8db83c5b57392204c21ea6c5c4ccefde6 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Sara Sharon <[email protected]>
    3. 

  3. Date: Sat, 15 Dec 2018 11:03:10 +0200
    4. 

  4. Subject: [PATCH 1/3] mac80211: fix a kernel panic when TXing after TXQ
    5. 

  5.  teardown
    6. 

  6. 

  7. Recently TXQ teardown was moved earlier in ieee80211_unregister_hw(),
    8. 

  8. to avoid a use-after-free of the netdev data. However, interfaces
    9. 

  9. aren't fully removed at the point, and cfg80211_shutdown_all_interfaces
    10. 

  10. can for example, TX a deauth frame. Move the TXQ teardown to the
    11. 

  11. point between cfg80211_shutdown_all_interfaces and the free of
    12. 

  12. netdev queues, so we can be sure they are torn down before netdev
    13. 

  13. is freed, but after there is no ongoing TX.
    14. 

  14. 

  15. Fixes: 77cfaf52eca5 ("mac80211: Run TXQ teardown code before de-registering interfaces")
    16. 

  16. Signed-off-by: Sara Sharon <[email protected]>
    17. 

  17. Signed-off-by: Luca Coelho <[email protected]>
    18. 

  18. Signed-off-by: Johannes Berg <[email protected]>
    19. 

  19. ---
    20. 

  20.  net/mac80211/iface.c | 3 +++
    21. 

  21.  net/mac80211/main.c  | 2 --
    22. 

  22.  2 files changed, 3 insertions(+), 2 deletions(-)
    23. 

  23. 

  24. --- a/net/mac80211/iface.c
    25. 

  25. +++ b/net/mac80211/iface.c
    26. 

  26. @@ -7,6 +7,7 @@
    27. 

  27.   * Copyright 2008, Johannes Berg <[email protected]>
    28. 

  28.   * Copyright 2013-2014  Intel Mobile Communications GmbH
    29. 

  29.   * Copyright (c) 2016        Intel Deutschland GmbH
    30. 

  30. + * Copyright (C) 2018 Intel Corporation
    31. 

  31.   *
    32. 

  32.   * This program is free software; you can redistribute it and/or modify
    33. 

  33.   * it under the terms of the GNU General Public License version 2 as
    34. 

  34. @@ -2035,6 +2036,8 @@ void ieee80211_remove_interfaces(struct
    35. 

  35.  	WARN(local->open_count, "%s: open count remains %d\n",
    36. 

  36.  	     wiphy_name(local->hw.wiphy), local->open_count);
    37. 

  37.  
    38. 

  38. +	ieee80211_txq_teardown_flows(local);
    39. 

  39. +
    40. 

  40.  	mutex_lock(&local->iflist_mtx);
    41. 

  41.  	list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
    42. 

  42.  		list_del(&sdata->list);
    43. 

  43. --- a/net/mac80211/main.c
    44. 

  44. +++ b/net/mac80211/main.c
    45. 

  45. @@ -1200,7 +1200,6 @@ int ieee80211_register_hw(struct ieee802
    46. 

  46.  	rtnl_unlock();
    47. 

  47.  	ieee80211_led_exit(local);
    48. 

  48.  	ieee80211_wep_free(local);
    49. 

  49. -	ieee80211_txq_teardown_flows(local);
    50. 

  50.   fail_flows:
    51. 

  51.  	destroy_workqueue(local->workqueue);
    52. 

  52.   fail_workqueue:
    53. 

  53. @@ -1226,7 +1225,6 @@ void ieee80211_unregister_hw(struct ieee
    54. 

  54.  #if IS_ENABLED(__disabled__CONFIG_IPV6)
    55. 

  55.  	unregister_inet6addr_notifier(&local->ifa6_notifier);
    56. 

  56.  #endif
    57. 

  57. -	ieee80211_txq_teardown_flows(local);
    58. 

  58.  
    59. 

  59.  	rtnl_lock();
    60. 

  60.  
    61.