mac80211: backport from trunk r48782 + required kernel patches and mt76, mwlwifi

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48822 3c298f89-4303-0410-b956-a3cf2f4a3e73

1 files changed, 27 insertions, 0 deletions

diff --git a/package/kernel/mac80211/patches/312-mac80211-fix-txq-queue-related-crashes.patch b/package/kernel/mac80211/patches/312-mac80211-fix-txq-queue-related-crashes.patch
new file mode 100644
index 0000000000..61cafc7625
--- /dev/null
+++ b/package/kernel/mac80211/patches/312-mac80211-fix-txq-queue-related-crashes.patch
@@ -0,0 +1,27 @@
+From: Michal Kazior <michal.kazior@tieto.com>
+Date: Thu, 21 Jan 2016 14:23:07 +0100
+Subject: [PATCH] mac80211: fix txq queue related crashes
+
+The driver can access the queue simultanously
+while mac80211 tears down the interface. Without
+spinlock protection this could lead to corrupting
+sk_buff_head and subsequently to an invalid
+pointer dereference.
+
+Fixes: ba8c3d6f16a1 ("mac80211: add an intermediate software queue implementation")
+Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
+---
+
+--- a/net/mac80211/iface.c
++++ b/net/mac80211/iface.c
+@@ -977,7 +977,10 @@ static void ieee80211_do_stop(struct iee
+ 	if (sdata->vif.txq) {
+ 		struct txq_info *txqi = to_txq_info(sdata->vif.txq);
+ 
++		spin_lock_bh(&txqi->queue.lock);
+ 		ieee80211_purge_tx_queue(&local->hw, &txqi->queue);
++		spin_unlock_bh(&txqi->queue.lock);
++
+ 		atomic_set(&sdata->txqs_len[txqi->txq.ac], 0);
+ 	}
+