Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-01 17:51:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
487f0e010c
linux/net
History
Johannes Berg ec25acc46a mac80211: fix sta assignment 
I just had the following:
WARNING: at drivers/net/wireless/iwlwifi/iwl-agn-tx.c:574 iwlagn_tx_skb+0x1576/0x15f0 [iwlagn]()
Call Trace:
 <IRQ>  [<ffffffff8105c5df>] warn_slowpath_common+0x7f/0xc0
 [<ffffffff8105c63a>] warn_slowpath_null+0x1a/0x20
 [<ffffffffa0290b46>] iwlagn_tx_skb+0x1576/0x15f0 [iwlagn]
 [<ffffffffa027076c>] iwl_mac_tx+0x5c/0x260 [iwlagn]
 [<ffffffffa01bdf5b>] __ieee80211_tx+0x10b/0x1a0 [mac80211]
 [<ffffffffa01bfb86>] ieee80211_tx_pending+0x186/0x2d0 [mac80211]
 [<ffffffff81062ea5>] tasklet_action+0x125/0x130
 [<ffffffff810634a6>] __do_softirq+0x106/0x270
 [<ffffffff8100c09c>] call_softirq+0x1c/0x30
iwlagn 0000:02:00.0: Attempting to modify non-existing station 107

Note that 107 == 0x6b which is slab poison.

The reason is that mac80211 passed a freed station
pointer to mac80211, because as it happened iwlwifi
reset itself while mac80211 was disconnecting from
the network.

It turns out that we do take care to look up the
station pointer in ieee80211_tx_pending_skb, but
then don't use it, which obviously is a bug. Fix
this by removing the ieee80211_tx_h_sta handler
and assigning the station pointer directly.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-07-26 15:32:42 -04:00
..
9p net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
802 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
8021q net: Remove unnecessary semicolons after switch statements 2010-05-17 17:44:35 -07:00
appletalk Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
atm net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
ax25 net: sk_sleep() helper 2010-04-20 16:37:13 -07:00
bluetooth net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
bridge bridge: fix build for CONFIG_SYSFS disabled 2010-05-18 12:26:27 -07:00
caif net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
can net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
core net: fix problem in dequeuing from input_pkt_queue 2010-05-21 00:38:33 -07:00
dcb include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
dccp net: sock_def_readable() and friends RCU conversion 2010-05-01 15:00:15 -07:00
decnet net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
dsa Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
econet include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ethernet net: Inline skb_pull() in eth_type_trans(). 2010-05-02 02:21:44 -07:00
ieee802154 ieee802154: Fix oops during ieee802154_sock_ioctl 2010-04-26 11:20:32 -07:00
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
ipv6 ipv6: Never schedule DAD timer on dead address 2010-05-18 15:56:06 -07:00
ipx include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
irda net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
iucv net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
key pfkey: add severity to printk 2010-05-17 23:23:13 -07:00
l2tp l2tp_eth: fix memory allocation 2010-04-23 16:37:33 -07:00
lapb include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
llc Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-05-12 00:05:35 -07:00
mac80211 mac80211: fix sta assignment 2010-07-26 15:32:42 -04:00
netfilter Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2010-05-20 23:12:18 -07:00
netlabel net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
netlink Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
netrom net: sk_sleep() helper 2010-04-20 16:37:13 -07:00
packet Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-21 01:14:25 -07:00
phonet net: sock_def_readable() and friends RCU conversion 2010-05-01 15:00:15 -07:00
rds net: Remove unnecessary semicolons after switch statements 2010-05-17 17:44:35 -07:00
rfkill Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
rose net: sk_sleep() helper 2010-04-20 16:37:13 -07:00
rxrpc net: sock_def_readable() and friends RCU conversion 2010-05-01 15:00:15 -07:00
sched net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
sctp net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
sunrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
tipc tipc: Reduce footprint by un-inlining tipc_msg_* routines 2010-05-12 23:02:29 -07:00
unix unix/garbage: kill copy of the skb queue walker 2010-05-03 15:39:58 -07:00
wanrouter headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
wimax Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
wireless cfg80211: fix IBSS default management key 2010-07-26 15:32:41 -04:00
x25 X25: Remove bkl in sockopts 2010-05-17 17:39:28 -07:00
xfrm net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
compat.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
Kconfig l2tp: Split pppol2tp patch into separate l2tp and ppp parts 2010-04-03 14:56:02 -07:00
Makefile l2tp: Split pppol2tp patch into separate l2tp and ppp parts 2010-04-03 14:56:02 -07:00
nonet.c
socket.c net: Remove unnecessary semicolons after switch statements 2010-05-17 17:44:35 -07:00
sysctl_net.c net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
TUNABLE