diff options
author | Felix Fietkau <nbd@openwrt.org> | 2016-01-28 22:42:10 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2016-01-28 22:42:10 +0000 |
commit | c1e6ef488f6b61156164ea4fe0328e9e36a305aa (patch) | |
tree | b312eb71149421f5e77cc157f216bdec1c36a573 /package/kernel/mac80211/patches/312-mac80211-fix-txq-queue-related-crashes.patch | |
parent | c0edf30bdce48f83a56e24bfd1caae17e206e840 (diff) | |
download | upstream-c1e6ef488f6b61156164ea4fe0328e9e36a305aa.tar.gz upstream-c1e6ef488f6b61156164ea4fe0328e9e36a305aa.tar.bz2 upstream-c1e6ef488f6b61156164ea4fe0328e9e36a305aa.zip |
mac80211: merge a bunch of pending fixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 48536
Diffstat (limited to 'package/kernel/mac80211/patches/312-mac80211-fix-txq-queue-related-crashes.patch')
-rw-r--r-- | package/kernel/mac80211/patches/312-mac80211-fix-txq-queue-related-crashes.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/package/kernel/mac80211/patches/312-mac80211-fix-txq-queue-related-crashes.patch b/package/kernel/mac80211/patches/312-mac80211-fix-txq-queue-related-crashes.patch new file mode 100644 index 0000000000..61cafc7625 --- /dev/null +++ b/package/kernel/mac80211/patches/312-mac80211-fix-txq-queue-related-crashes.patch @@ -0,0 +1,27 @@ +From: Michal Kazior <michal.kazior@tieto.com> +Date: Thu, 21 Jan 2016 14:23:07 +0100 +Subject: [PATCH] mac80211: fix txq queue related crashes + +The driver can access the queue simultanously +while mac80211 tears down the interface. Without +spinlock protection this could lead to corrupting +sk_buff_head and subsequently to an invalid +pointer dereference. + +Fixes: ba8c3d6f16a1 ("mac80211: add an intermediate software queue implementation") +Signed-off-by: Michal Kazior <michal.kazior@tieto.com> +--- + +--- a/net/mac80211/iface.c ++++ b/net/mac80211/iface.c +@@ -977,7 +977,10 @@ static void ieee80211_do_stop(struct iee + if (sdata->vif.txq) { + struct txq_info *txqi = to_txq_info(sdata->vif.txq); + ++ spin_lock_bh(&txqi->queue.lock); + ieee80211_purge_tx_queue(&local->hw, &txqi->queue); ++ spin_unlock_bh(&txqi->queue.lock); ++ + atomic_set(&sdata->txqs_len[txqi->txq.ac], 0); + } + |