unimore/kernel-hacking-2024-linux-steffo
unimore/kernel-hacking-2024-linux-steffo
1
Fork 0
Code Pull requests 5 Wiki Activity
kernel-hacking-2024-linux-s.../net/wireless
History
Johannes Berg a617302c53 cfg80211: fix scan done race 
When an interface/wdev is removed, any ongoing scan should be
cancelled by the driver. This will make it call cfg80211, which
only queues a work struct. If interface/wdev removal is quick
enough, this can leave the scan request pending and processed
only after the interface is gone, causing a use-after-free.

Fix this by making sure the scan request is not pending after
the interface is destroyed. We can't flush or cancel the work
item due to locking concerns, but when it'll run it shouldn't
find anything to do. This leaves a potential issue, if a new
scan gets requested before the work runs, it prematurely stops
the running scan, potentially causing another crash. I'll fix
that in the next patch.

This was particularly observed with P2P_DEVICE wdevs, likely
because freeing them is quicker than freeing netdevs.

Reported-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Fixes: 4a58e7c384 ("cfg80211: don't "leak" uncompleted scans")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-02-06 09:55:19 +01:00
..
.gitignore
ap.c cfg80211: Add support for QoS mapping 2013-12-19 16:29:22 +01:00
chan.c cfg80211: allow beaconing after DFS CAC 2013-11-25 20:50:49 +01:00
core.c cfg80211: fix scan done race 2014-02-06 09:55:19 +01:00
core.h Merge remote-tracking branch 'wireless-next/master' into mac80211-next 2013-12-16 11:23:45 +01:00
db.txt
debugfs.c mac80211: fix some snprintf misuses 2013-10-01 12:16:51 +02:00
debugfs.h
ethtool.c
ethtool.h
genregdb.awk cfg80211: fix parsing when db.txt ends on a rule 2013-11-25 20:50:58 +01:00
ibss.c cfg80211: Add support for QoS mapping 2013-12-19 16:29:22 +01:00
Kconfig
lib80211.c
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c
lib80211_crypt_wep.c
Makefile
mesh.c cfg80211: Add support for QoS mapping 2013-12-19 16:29:22 +01:00
mlme.c cfg80211: aggregate mgmt_tx parameters into a struct 2013-12-02 11:51:52 +01:00
nl80211.c nl80211: Reset split_start when netlink skb is exhausted 2014-02-06 09:55:17 +01:00
nl80211.h cfg80211/mac80211: DFS setup chandef for cac event 2013-11-25 20:50:46 +01:00
radiotap.c radiotap: fix bitmap-end-finding buffer overrun 2013-12-16 12:06:43 +01:00
rdev-ops.h cfg80211: Add support for QoS mapping 2013-12-19 16:29:22 +01:00
reg.c cfg80211: make regulatory_hint() remove REGULATORY_CUSTOM_REG 2014-01-13 14:46:58 -05:00
reg.h cfg80211: add reg_get_dfs_region() 2013-12-03 13:53:40 +01:00
regdb.h
scan.c cfg80211: Add a function to get the number of supported channels 2014-01-09 14:24:24 +01:00
sme.c Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next 2014-01-13 14:40:59 -05:00
sysfs.c net: wireless: convert class code to use dev_groups 2013-07-25 16:34:40 -07:00
sysfs.h net: misc: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
trace.c
trace.h cfg80211: Add support for QoS mapping 2013-12-19 16:29:22 +01:00
util.c cfg80211: Add a function to get the number of supported channels 2014-01-09 14:24:24 +01:00
wext-compat.c cfg80211: add sanity check for retry limit in wext-compat 2014-01-09 17:05:28 +01:00
wext-compat.h
wext-core.c
wext-priv.c
wext-proc.c
wext-sme.c cfg80211: separate internal SME implementation 2013-06-04 13:03:11 +02:00
wext-spy.c