[ 22/42] mac80211: fix non RCU-safe sta_list manipulation
From: Greg KH <gregkh@linuxfoundation.org>
Date: 2012-06-15 00:00:00
Also in:
lkml
3.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Arik Nemtsov <redacted> commit 794454ce72a298de6f4536ade597bdcc7dcde7c7 upstream. sta_info_cleanup locks the sta_list using rcu_read_lock however the delete operation isn't rcu safe. A race between sta_info_cleanup timer being called and a STA being removed can occur which leads to a panic while traversing sta_list. Fix this by switching to the RCU-safe versions. Reported-by: Eyal Shapira <redacted> Signed-off-by: Arik Nemtsov <redacted> Signed-off-by: John W. Linville <redacted> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> --- net/mac80211/sta_info.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c@@ -378,7 +378,7 @@ static int sta_info_insert_finish(struct /* make the station visible */ sta_info_hash_add(local, sta); - list_add(&sta->list, &local->sta_list); + list_add_rcu(&sta->list, &local->sta_list); set_sta_flag(sta, WLAN_STA_INSERTED);
@@ -688,7 +688,7 @@ int __must_check __sta_info_destroy(stru if (ret) return ret; - list_del(&sta->list); + list_del_rcu(&sta->list); mutex_lock(&local->key_mtx); for (i = 0; i < NUM_DEFAULT_KEYS; i++)