[PATCH] mac80211: Fix race between ieee80211_rx_bss_put and lookup routines.

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Pavel Emelyanov <xemul@...>

To: Johannes Berg <johannes@...>, John W. Linville <linville@...>

Cc: Linux Netdev List <netdev@...>, <linux-wireless@...>

Subject: [PATCH] mac80211: Fix race between ieee80211_rx_bss_put and lookup routines.

Date: Wednesday, April 23, 2008 - 3:47 am

The put routine first decrements the users counter and then
(if it is zero) locks the sta_bss_lock and removes one from
the list and the hash.

Thus, any of ieee80211_sta_config_auth, ieee80211_rx_bss_get
or ieee80211_rx_mesh_bss_get can race with it by finding a
bss that is about to get kfree-ed.

Using atomic_dec_and_lock in ieee80211_rx_bss_put takes care
of this race.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>

---

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 6b75cb6..dac3c2a 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -2248,10 +2248,13 @@ static void ieee80211_rx_bss_put(struct net_device *dev,
 				 struct ieee80211_sta_bss *bss)
 {
 	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-	if (!atomic_dec_and_test(&bss->users))
+
+	local_bh_disable();
+	if (!atomic_dec_and_lock(&bss->users, &local->sta_bss_lock)) {
+		local_bh_enable();
 		return;
+	}
 
-	spin_lock_bh(&local->sta_bss_lock);
 	__ieee80211_rx_bss_hash_del(dev, bss);
 	list_del(&bss->list);
 	spin_unlock_bh(&local->sta_bss_lock);
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] mac80211: Fix race between ieee80211_rx_bss_put and ..., Pavel Emelyanov, (Wed Apr 23, 3:47 am)

Re: [PATCH] mac80211: Fix race between ieee80211_rx_bss_put ..., Johannes Berg, (Wed Apr 23, 3:53 am)


linux-kernel:
Karl Meyer	PROBLEM: 2.6.23-rc "NETDEV WATCHDOG: eth0: transmit timed out"
Justin Piszcz	Linux Software RAID 5 Performance Optimizations: 2.6.19.1: (211MB/s read & 195...
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
David P. Quigley	[RFC v3] Security Label Support for NFSv4
linux-netdev:
YOSHIFUJI Hideaki /	[GIT PULL] [IPV6] COMPAT: Fix SSM applications on 64bit kernels.
Krzysztof Halasa	Re: [PATCH v2] Re: WAN: new PPP code for generic HDLC
Pavel Emelyanov	[PATCH][CAN]: Fix copy_from_user() results interpretation.
Roel Kluin	[PATCH 1] net: fix and typo's
git:
Peter Stahlir	Git as a filesystem
Miklos Vajna	[rfc] git submodules howto
Dan Zwell	$GIT_DIR usage
Wink Saville	Resolving conflicts
openbsd-misc:
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Xavier Mertens	newfs: cg 0: bad magic number
Laurent CARON	IPSEC VPN between OpenBSD and Linux (OpenSwan)
Didier Wiroth	win32-codecs, avi and amd64 question


Netfilter kernel module	8 hours ago	Linux kernel
serial driver xmit problem	11 hours ago	Linux kernel
Why Windows is better than Linux	11 hours ago	Linux general
How can I see my kernel messages in vt12?	18 hours ago	Linux kernel
Grub	1 day ago	Linux general
vmalloc_fault handling in x86_64	1 day ago	Linux kernel
epoll_wait()ing on epoll FD	1 day ago	Linux kernel
Framebuffer in x86_64 causes problems to multiseat	1 day ago	Linux kernel
Difference between 2.4 and 2.6 regarding thread creation	1 day ago	Linux general
Compiling gfs2 on kernel 2.6.27	2 days ago	Linux kernel

[PATCH] mac80211: Fix race between ieee80211_rx_bss_put and lookup routines.

Online users