From 87048d88845905ce3a61a68a11abb5cfdd8e86b5 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 16 Apr 2013 10:36:56 -0400 Subject: [PATCH] Fix race in regulatory code (rhbz 919176) --- kernel.spec | 9 +++++ ...fix-channel-disabling-race-condition.patch | 40 +++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 wireless-regulatory-fix-channel-disabling-race-condition.patch diff --git a/kernel.spec b/kernel.spec index e935a6b56..cb6e15d21 100644 --- a/kernel.spec +++ b/kernel.spec @@ -745,6 +745,9 @@ Patch23006: fix-child-thread-introspection.patch #rhbz 928024 Patch23008: forcedeth-dma-error-check.patch +#rhbz 919176 +Patch25010: wireless-regulatory-fix-channel-disabling-race-condition.patch + # END OF PATCH DEFINITIONS %endif @@ -1440,6 +1443,9 @@ ApplyPatch fix-child-thread-introspection.patch #rhbz 928024 ApplyPatch forcedeth-dma-error-check.patch +#rhbz 919176 +ApplyPatch wireless-regulatory-fix-channel-disabling-race-condition.patch + # END OF PATCH APPLICATIONS %endif @@ -2273,6 +2279,9 @@ fi # ||----w | # || || %changelog +* Tue Apr 16 2013 Josh Boyer +- Fix race in regulatory code (rhbz 919176) + * Mon Apr 15 2013 Josh Boyer - Fix debug patches to build on s390x/ppc diff --git a/wireless-regulatory-fix-channel-disabling-race-condition.patch b/wireless-regulatory-fix-channel-disabling-race-condition.patch new file mode 100644 index 000000000..313735377 --- /dev/null +++ b/wireless-regulatory-fix-channel-disabling-race-condition.patch @@ -0,0 +1,40 @@ +From: Johannes Berg + +When a full scan 2.4 and 5 GHz scan is scheduled, but then the 2.4 GHz +part of the scan disables a 5.2 GHz channel due to, e.g. receiving +country or frequency information, that 5.2 GHz channel might already +be in the list of channels to scan next. Then, when the driver checks +if it should do a passive scan, that will return false and attempt an +active scan. This is not only wrong but can also lead to the iwlwifi +device firmware crashing since it checks regulatory as well. + +Fix this by not setting the channel flags to just disabled but rather +OR'ing in the disabled flag. That way, even if the race happens, the +channel will be scanned passively which is still (mostly) correct. + +Cc: stable@vger.kernel.org +Signed-off-by: Johannes Berg +--- + net/wireless/reg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/wireless/reg.c b/net/wireless/reg.c +index 93ab840..507c28e 100644 +--- a/net/wireless/reg.c ++++ b/net/wireless/reg.c +@@ -855,7 +855,7 @@ static void handle_channel(struct wiphy *wiphy, + return; + + REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq); +- chan->flags = IEEE80211_CHAN_DISABLED; ++ chan->flags |= IEEE80211_CHAN_DISABLED; + return; + } + +-- +1.8.0 + +-- +To unsubscribe from this list: send the line "unsubscribe linux-wireless" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html \ No newline at end of file