Thread (44 messages) 44 messages, 2 authors, 2012-06-15

[ 22/42] mac80211: fix non RCU-safe sta_list manipulation

From: Greg KH <gregkh@linuxfoundation.org>
Date: 2012-06-15 00:00:00
Also in: lkml

3.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arik Nemtsov <redacted>

commit 794454ce72a298de6f4536ade597bdcc7dcde7c7 upstream.

sta_info_cleanup locks the sta_list using rcu_read_lock however
the delete operation isn't rcu safe. A race between sta_info_cleanup
timer being called and a STA being removed can occur which leads
to a panic while traversing sta_list. Fix this by switching to the
RCU-safe versions.

Reported-by: Eyal Shapira <redacted>
Signed-off-by: Arik Nemtsov <redacted>
Signed-off-by: John W. Linville <redacted>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/mac80211/sta_info.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -378,7 +378,7 @@ static int sta_info_insert_finish(struct
 	/* make the station visible */
 	sta_info_hash_add(local, sta);
 
-	list_add(&sta->list, &local->sta_list);
+	list_add_rcu(&sta->list, &local->sta_list);
 
 	set_sta_flag(sta, WLAN_STA_INSERTED);
 
@@ -688,7 +688,7 @@ int __must_check __sta_info_destroy(stru
 	if (ret)
 		return ret;
 
-	list_del(&sta->list);
+	list_del_rcu(&sta->list);
 
 	mutex_lock(&local->key_mtx);
 	for (i = 0; i < NUM_DEFAULT_KEYS; i++)

Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help