From 60b78be5a968238192c843b00d54de7fbb6e25c2 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Thu, 21 Mar 2013 09:04:30 -0400 Subject: [PATCH] Fix workqueue crash in mac80211 (rhbz 920218) --- kernel.spec | 11 +++- ...ont-restart-sta-timer-if-not-running.patch | 55 +++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 mac80211-Dont-restart-sta-timer-if-not-running.patch diff --git a/kernel.spec b/kernel.spec index 557baebc2..1f56d3aaf 100644 --- a/kernel.spec +++ b/kernel.spec @@ -62,7 +62,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 1 +%global baserelease 2 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -740,6 +740,9 @@ Patch21271: drm-i915-bounds-check-execbuffer-relocation-count.patch Patch21273: cfg80211-mac80211-disconnect-on-suspend.patch Patch21274: mac80211_fixes_for_ieee80211_do_stop_while_suspend_v3.9.patch +#rhbz 920218 +Patch21276: mac80211-Dont-restart-sta-timer-if-not-running.patch + #rhbz 859282 Patch21275: VMX-x86-handle-host-TSC-calibration-failure.patch @@ -1443,6 +1446,9 @@ ApplyPatch mac80211_fixes_for_ieee80211_do_stop_while_suspend_v3.9.patch #rhbz 859282 ApplyPatch VMX-x86-handle-host-TSC-calibration-failure.patch +#rhbz 920218 +ApplyPatch mac80211-Dont-restart-sta-timer-if-not-running.patch + # END OF PATCH APPLICATIONS %endif @@ -2284,6 +2290,9 @@ fi # ||----w | # || || %changelog +* Thu Mar 21 2013 Josh Boyer +- Fix workqueue crash in mac80211 (rhbz 920218) + * Thu Mar 21 2013 Josh Boyer - 3.9.0-0.rc3.git1.1 - Linux v3.9-rc3-148-g2ffdd7e - Fixes CVE-2013-1796, CVE-2013-1797, CVE-2013-1798 in kvm. diff --git a/mac80211-Dont-restart-sta-timer-if-not-running.patch b/mac80211-Dont-restart-sta-timer-if-not-running.patch new file mode 100644 index 000000000..7727ad8f2 --- /dev/null +++ b/mac80211-Dont-restart-sta-timer-if-not-running.patch @@ -0,0 +1,55 @@ +From: Ben Greear + +I found another crash when deleting lots of virtual stations +in a congested environment. I think the problem is that +the ieee80211_mlme_notify_scan_completed could call +ieee80211_restart_sta_timer for a stopped interface +that was about to be deleted. Fix similar problem for +mesh interfaces as well. + +Signed-off-by: Ben Greear +--- +v4: Fix up mesh as well, add check in calling code instead of + in the methods that mucks iwth the timers. + +:100644 100644 67fcfdf... 02e3d75... M net/mac80211/mesh.c +:100644 100644 aec786d... 1d237e9... M net/mac80211/mlme.c + net/mac80211/mesh.c | 3 ++- + net/mac80211/mlme.c | 3 ++- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c +index 67fcfdf..02e3d75 100644 +--- a/net/mac80211/mesh.c ++++ b/net/mac80211/mesh.c +@@ -779,7 +779,8 @@ void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local) + + rcu_read_lock(); + list_for_each_entry_rcu(sdata, &local->interfaces, list) +- if (ieee80211_vif_is_mesh(&sdata->vif)) ++ if (ieee80211_sdata_running(sdata) ++ && ieee80211_vif_is_mesh(&sdata->vif)) + ieee80211_queue_work(&local->hw, &sdata->work); + rcu_read_unlock(); + } +diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c +index aec786d..1d237e9 100644 +--- a/net/mac80211/mlme.c ++++ b/net/mac80211/mlme.c +@@ -3054,7 +3054,8 @@ void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) + /* Restart STA timers */ + rcu_read_lock(); + list_for_each_entry_rcu(sdata, &local->interfaces, list) +- ieee80211_restart_sta_timer(sdata); ++ if (ieee80211_sdata_running(sdata)) ++ ieee80211_restart_sta_timer(sdata); + rcu_read_unlock(); + } + +-- +1.7.3.4 + +-- +To unsubscribe from this list: send the line "unsubscribe linux-wireless" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html \ No newline at end of file