github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-11 16:13:03 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
58dfc497b9
linux/net/mac80211
History
Luis R. Rodriguez 416fbdff21 mac80211: fix panic when splicing unprepared TIDs 
We splice skbs from the pending queue for a TID
onto the local pending queue when tearing down a
block ack request. This is not necessary unless we
actually have received a request to start a block ack
request (rate control, for example). If we never received
that request we should not be splicing the tid pending
queue as it would be null, causing a panic.

Not sure yet how exactly we allowed through a call when the
tid state does not have at least HT_ADDBA_REQUESTED_MSK set,
that will require some further review as it is not quite
obvious.

For more information see the bug report:

http://bugzilla.kernel.org/show_bug.cgi?id=13922

This fixes this oops:

BUG: unable to handle kernel NULL pointer dereference at 00000030
IP: [<f8806c70>] ieee80211_agg_splice_packets+0x40/0xc0 [mac80211]
*pdpt = 0000000002d1e001 *pde = 0000000000000000
Thread overran stack, or stack corrupted
Oops: 0000 [#1] SMP
last sysfs file: /sys/module/aes_generic/initstate
Modules linked in: <bleh>

Pid: 0, comm: swapper Not tainted (2.6.31-rc5-wl #2) Dell DV051
EIP: 0060:[<f8806c70>] EFLAGS: 00010292 CPU: 0
EIP is at ieee80211_agg_splice_packets+0x40/0xc0 [mac80211]
EAX: 00000030 EBX: 0000004c ECX: 00000003 EDX: 00000000
ESI: c1c98000 EDI: f745a1c0 EBP: c076be58 ESP: c076be38
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process swapper (pid: 0, ti=c076a000 task=c0709160 task.ti=c076a000)
Stack: <bleh2>
Call Trace:
 [<f8806edb>] ? ieee80211_stop_tx_ba_cb+0xab/0x150 [mac80211]
 [<f8802f1e>] ? ieee80211_tasklet_handler+0xce/0x110 [mac80211]
 [<c04862ff>] ? net_rx_action+0xef/0x1d0
 [<c0149378>] ? tasklet_action+0x58/0xc0
 [<c014a0f2>] ? __do_softirq+0xc2/0x190
 [<c018eb48>] ? handle_IRQ_event+0x58/0x140
 [<c01205fe>] ? ack_apic_level+0x7e/0x270
 [<c014a1fd>] ? do_softirq+0x3d/0x40
 [<c014a345>] ? irq_exit+0x65/0x90
 [<c010a6af>] ? do_IRQ+0x4f/0xc0
 [<c014a35d>] ? irq_exit+0x7d/0x90
 [<c011d547>] ? smp_apic_timer_interrupt+0x57/0x90
 [<c01094a9>] ? common_interrupt+0x29/0x30
 [<c010fd9e>] ? mwait_idle+0xbe/0x100
 [<c0107e42>] ? cpu_idle+0x52/0x90
 [<c054b1a5>] ? rest_init+0x55/0x60
 [<c077492d>] ? start_kernel+0x315/0x37d
 [<c07743ce>] ? unknown_bootoption+0x0/0x1f9
 [<c0774099>] ? i386_start_kernel+0x79/0x81
Code: <bleh3>
EIP: [<f8806c70>] ieee80211_agg_splice_packets+0x40/0xc0 [mac80211] SS:ESP 0068:c076be38
CR2: 0000000000000030

Cc: stable@kernel.org
Testedy-by: Jack Lau <jackelectronics@hotmail.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-08-13 14:47:42 -04:00
..
aes_ccm.c mac80211: aes_ccm.c remove crypto wrapper and extra args 2008-07-08 14:16:02 -04:00
aes_ccm.h mac80211: pass scratch buffer directly, remove additional pointers 2008-07-08 14:16:02 -04:00
aes_cmac.c mac80211: 802.11w - Add BIP (AES-128-CMAC) 2009-01-29 16:00:02 -05:00
aes_cmac.h mac80211: 802.11w - Add BIP (AES-128-CMAC) 2009-01-29 16:00:02 -05:00
agg-rx.c mac80211: Add a timeout for frames in the RX reorder buffer 2009-05-06 15:15:04 -04:00
agg-tx.c mac80211: fix panic when splicing unprepared TIDs 2009-08-13 14:47:42 -04:00
cfg.c mac80211: don't use master netdev name 2009-06-10 13:28:39 -04:00
cfg.h [MAC80211]: rename ieee80211_cfg.h to cfg.h 2007-10-10 16:52:34 -07:00
debugfs_key.c mac80211: 802.11w - Use BIP (AES-128-CMAC) 2009-01-29 16:00:03 -05:00
debugfs_key.h mac80211: 802.11w - Use BIP (AES-128-CMAC) 2009-01-29 16:00:03 -05:00
debugfs_netdev.c mac80211: split IBSS/managed code 2009-02-27 14:51:42 -05:00
debugfs_netdev.h mac80211: revamp virtual interface handling 2008-07-14 14:30:07 -04:00
debugfs_sta.c mac80211: 802.11w - STA flag for MFP 2009-01-29 16:00:00 -05:00
debugfs_sta.h mac80211: RCU-ify STA info structure access 2008-03-06 15:30:46 -05:00
debugfs.c mac80211: add queue debugfs file 2009-06-15 15:05:57 -04:00
debugfs.h [MAC80211]: Add debugfs attributes. 2007-05-05 11:46:38 -07:00
driver-ops.h cfg80211: add rfkill support 2009-06-03 14:06:14 -04:00
event.c nl80211: Add Michael MIC failure event 2009-04-22 16:54:28 -04:00
ht.c cfg80211: clean up includes 2009-04-22 16:57:17 -04:00
ibss.c mac80211: fix parameter confusion when finding IBSS 2009-05-20 14:46:36 -04:00
ieee80211_i.h mac80211: disconnect when user changes channel 2009-06-15 15:05:58 -04:00
iface.c cfg80211: add rfkill support 2009-06-03 14:06:14 -04:00
Kconfig mac80211: disable mesh 2009-07-21 12:07:35 -04:00
key.c nl80211: Validate NL80211_ATTR_KEY_SEQ length 2009-05-20 14:46:25 -04:00
key.h nl80211: Add RSC configuration for new keys 2009-05-13 15:44:39 -04:00
led.c mac80211: rename files 2008-04-08 16:44:45 -04:00
led.h mac80211: rename files 2008-04-08 16:44:45 -04:00
main.c mac80211: do not pass PS frames out of mac80211 again 2009-06-10 13:28:37 -04:00
Makefile mac80211: split IBSS/managed code 2009-02-27 14:51:42 -05:00
mesh_hwmp.c mac80211: fix allocation in mesh_queue_preq 2009-07-07 12:55:27 -04:00
mesh_pathtbl.c mac80211: use correct address for mesh Path Error 2009-07-21 12:07:40 -04:00
mesh_plink.c mac80211: cancel/restart all timers across suspend/resume 2009-05-20 14:46:25 -04:00
mesh.c mac80211: Use rcu_barrier() on unload. 2009-06-26 13:51:36 -07:00
mesh.h wireless: move some utility functions from mac80211 to cfg80211 2009-05-22 14:06:02 -04:00
michael.c mac80211: remove ieee80211_get_hdr_info 2008-07-08 14:16:01 -04:00
michael.h mac80211: remove ieee80211_get_hdr_info 2008-07-08 14:16:01 -04:00
mlme.c mac80211: do not queue work after suspend in the dynamic ps timer 2009-07-27 15:19:38 -04:00
pm.c mac80211: fix suspend 2009-07-29 14:52:01 -04:00
rate.c mac80211: rate control status only for controlled packets 2009-03-27 20:13:15 -04:00
rate.h mac80211: rate control status only for controlled packets 2009-03-27 20:13:15 -04:00
rc80211_minstrel_debugfs.c mac80211: correct warnings in minstrel rate control algorithm 2008-10-27 17:46:11 -04:00
rc80211_minstrel.c mac80211: minstrel: avoid accessing negative indices in rix_to_ndx() 2009-07-07 12:55:28 -04:00
rc80211_minstrel.h minstrel: improve performance for non-MRR drivers 2008-10-31 19:00:36 -04:00
rc80211_pid_algo.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-05-18 21:08:20 -07:00
rc80211_pid_debugfs.c mac80211/drivers: rewrite the rate control API 2008-10-31 19:00:23 -04:00
rc80211_pid.h mac80211/drivers: rewrite the rate control API 2008-10-31 19:00:23 -04:00
rx.c mac80211: fix suspend 2009-07-29 14:52:01 -04:00
scan.c mac80211: cancel/restart all timers across suspend/resume 2009-05-20 14:46:25 -04:00
spectmgmt.c mac80211: move channel switch code 2009-05-20 14:46:25 -04:00
sta_info.c mac80211: extend sta kdoc - explain when they are added 2009-06-03 14:06:15 -04:00
sta_info.h mac80211: fix kernel-doc 2009-05-20 14:46:32 -04:00
tkip.c mac80211: add driver ops wrappers 2009-05-06 15:14:37 -04:00
tkip.h mac80211: tkip.c consolidate tkip IV writing in helper 2008-06-14 12:18:13 -04:00
tx.c mac80211: fix injection in monitor mode 2009-07-21 12:07:38 -04:00
util.c mac80211: disconnect when user changes channel 2009-06-15 15:05:58 -04:00
wep.c mac80211: rewrite fragmentation 2009-03-27 20:13:21 -04:00
wep.h mac80211: minor code cleanups 2008-10-31 18:05:59 -04:00
wext.c mac80211: disconnect when user changes channel 2009-06-15 15:05:58 -04:00
wme.c mac80211: do not pass PS frames out of mac80211 again 2009-06-10 13:28:37 -04:00
wme.h mac80211: fix aggregation for hardware with ampdu queues 2009-02-27 14:51:42 -05:00
wpa.c nl80211: Add Michael MIC failure event 2009-04-22 16:54:28 -04:00
wpa.h mac80211: 802.11w - Add BIP (AES-128-CMAC) 2009-01-29 16:00:02 -05:00