linux/net/mac80211
Johannes Berg ec25acc46a mac80211: fix sta assignment
I just had the following:
WARNING: at drivers/net/wireless/iwlwifi/iwl-agn-tx.c:574 iwlagn_tx_skb+0x1576/0x15f0 [iwlagn]()
Call Trace:
 <IRQ>  [<ffffffff8105c5df>] warn_slowpath_common+0x7f/0xc0
 [<ffffffff8105c63a>] warn_slowpath_null+0x1a/0x20
 [<ffffffffa0290b46>] iwlagn_tx_skb+0x1576/0x15f0 [iwlagn]
 [<ffffffffa027076c>] iwl_mac_tx+0x5c/0x260 [iwlagn]
 [<ffffffffa01bdf5b>] __ieee80211_tx+0x10b/0x1a0 [mac80211]
 [<ffffffffa01bfb86>] ieee80211_tx_pending+0x186/0x2d0 [mac80211]
 [<ffffffff81062ea5>] tasklet_action+0x125/0x130
 [<ffffffff810634a6>] __do_softirq+0x106/0x270
 [<ffffffff8100c09c>] call_softirq+0x1c/0x30
iwlagn 0000:02:00.0: Attempting to modify non-existing station 107

Note that 107 == 0x6b which is slab poison.

The reason is that mac80211 passed a freed station
pointer to mac80211, because as it happened iwlwifi
reset itself while mac80211 was disconnecting from
the network.

It turns out that we do take care to look up the
station pointer in ieee80211_tx_pending_skb, but
then don't use it, which obviously is a bug. Fix
this by removing the ieee80211_tx_h_sta handler
and assigning the station pointer directly.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-07-26 15:32:42 -04:00
..
aes_ccm.c
aes_ccm.h
aes_cmac.c
aes_cmac.h
agg-rx.c mac80211: update aggregation documentation 2010-06-14 15:39:28 -04:00
agg-tx.c mac80211: update aggregation documentation 2010-06-14 15:39:28 -04:00
cfg.c mac80211: remove bogus rcu_read_lock() 2010-07-26 15:32:41 -04:00
cfg.h
chan.c mac80211: make a function static 2010-05-28 13:41:27 -04:00
debugfs_key.c mac80211: Use a separate CCMP PN receive counter for management frames 2010-06-15 16:00:49 -04:00
debugfs_key.h
debugfs_netdev.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem 2010-04-15 16:21:34 -04:00
debugfs_netdev.h mac80211: reduce reliance on netdev 2009-12-21 18:38:52 -05:00
debugfs_sta.c mac80211: make TX aggregation start/stop request async 2010-06-14 15:39:27 -04:00
debugfs_sta.h
debugfs.c mac80211: reduce debugfs code size 2010-06-03 14:14:41 -04:00
debugfs.h net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
driver-ops.h mac80211: add basic tracing to drv_get_survey 2010-06-29 14:51:23 -04:00
driver-trace.c
driver-trace.h mac80211: add basic tracing to drv_get_survey 2010-06-29 14:51:23 -04:00
event.c
ht.c mac80211: skip HT parsing if HW does not support HT 2010-07-16 14:03:42 -04:00
ibss.c mac80211: proper IBSS locking 2010-07-21 15:13:42 -04:00
ieee80211_i.h mac80211: proper IBSS locking 2010-07-21 15:13:42 -04:00
iface.c mac80211: set carrier on for monitor interfaces on ieee80211_open 2010-07-20 16:02:58 -04:00
Kconfig mac82011: Allow selection of minstrel_ht as default rc algorithm 2010-06-30 15:00:53 -04:00
key.c mac80211: Use a separate CCMP PN receive counter for management frames 2010-06-15 16:00:49 -04:00
key.h mac80211: Use a separate CCMP PN receive counter for management frames 2010-06-15 16:00:49 -04:00
led.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
led.h
main.c mac80211: remove wep dependency 2010-07-08 16:35:50 -04:00
Makefile mac80211: add the minstrel_ht rate control algorithm 2010-06-02 16:12:59 -04:00
mesh_hwmp.c mac80211: use common work struct 2010-06-14 15:38:17 -04:00
mesh_pathtbl.c mac80211: use common work struct 2010-06-14 15:38:17 -04:00
mesh_plink.c mac80211: avoid scheduling while atomic in mesh_rx_plink_frame 2010-06-24 15:42:30 -04:00
mesh.c mac80211: pull mgmt frame rx into rx handler 2010-06-14 15:39:26 -04:00
mesh.h mac80211: pull mgmt frame rx into rx handler 2010-06-14 15:39:26 -04:00
michael.c
michael.h
mlme.c mac80211: refuse shared key auth when WEP is unavailable 2010-07-21 15:13:42 -04:00
offchannel.c mac80211: Fixed netif_tx_wake_all_queues in IBSS mode 2010-01-15 16:58:28 -05:00
pm.c mac80211: use common work struct 2010-06-14 15:38:17 -04:00
rate.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
rate.h mac80211: add the minstrel_ht rate control algorithm 2010-06-02 16:12:59 -04:00
rc80211_minstrel_debugfs.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
rc80211_minstrel_ht_debugfs.c minstrel_ht: move minstrel_mcs_groups declaration to header file 2010-06-24 15:42:18 -04:00
rc80211_minstrel_ht.c mac80211: freeing the wrong variable 2010-07-26 15:32:41 -04:00
rc80211_minstrel_ht.h minstrel_ht: move minstrel_mcs_groups declaration to header file 2010-06-24 15:42:18 -04:00
rc80211_minstrel.c minstrel: don't complain about feedback for unrequested rates 2010-07-26 15:09:04 -04:00
rc80211_minstrel.h minstrel: make the rate control ops reusable from another rc implementation 2010-03-10 17:44:23 -05:00
rc80211_pid_algo.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
rc80211_pid_debugfs.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
rc80211_pid.h
rx.c mac80211: use netif_receive_skb in ieee80211_rx callpath 2010-06-28 15:14:51 -04:00
scan.c mac80211: Fix compile warning in scan.c. 2010-06-21 15:39:59 -04:00
spectmgmt.c mac80211: reduce reliance on netdev 2009-12-21 18:38:52 -05:00
sta_info.c mac80211: change RX aggregation locking 2010-06-14 15:39:28 -04:00
sta_info.h mac80211: fix the for_each_sta_info macro 2010-06-28 15:16:20 -04:00
status.c mac80211: use netif_receive_skb in ieee80211_tx_status callpath 2010-06-28 15:14:51 -04:00
tkip.c mac80211: remove wep dependency 2010-07-08 16:35:50 -04:00
tkip.h mac80211: remove wep dependency 2010-07-08 16:35:50 -04:00
tx.c mac80211: fix sta assignment 2010-07-26 15:32:42 -04:00
util.c mac80211: move QoS-enable to BSS info 2010-07-20 16:02:58 -04:00
wep.c mac80211: improve error checking if WEP fails to init 2010-07-16 14:03:42 -04:00
wep.h mac80211: remove wep dependency 2010-07-08 16:35:50 -04:00
wme.c mac80211: fix-up build breakage in 2.6.33 2010-01-06 15:35:49 -05:00
wme.h mac80211: fix skb buffering issue 2010-01-05 16:21:40 -05:00
work.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2010-06-17 16:21:14 -04:00
wpa.c mac80211: remove wep dependency 2010-07-08 16:35:50 -04:00
wpa.h