linux/drivers/net
Stanislaw Gruszka 9186a1fd9e iwlwifi: dvm: fix calling ieee80211_chswitch_done() with NULL
If channel switch is pending and we remove interface we can
crash like showed below due to passing NULL vif to mac80211:

BUG: unable to handle kernel paging request at fffffffffffff8cc
IP: [<ffffffff8130924d>] strnlen+0xd/0x40
Call Trace:
 [<ffffffff8130ad2e>] string.isra.3+0x3e/0xd0
 [<ffffffff8130bf99>] vsnprintf+0x219/0x640
 [<ffffffff8130c481>] vscnprintf+0x11/0x30
 [<ffffffff81061585>] vprintk_emit+0x115/0x4f0
 [<ffffffff81657bd5>] printk+0x61/0x63
 [<ffffffffa048987f>] ieee80211_chswitch_done+0xaf/0xd0 [mac80211]
 [<ffffffffa04e7b34>] iwl_chswitch_done+0x34/0x40 [iwldvm]
 [<ffffffffa04f83c3>] iwlagn_commit_rxon+0x2a3/0xdc0 [iwldvm]
 [<ffffffffa04ebc50>] ? iwlagn_set_rxon_chain+0x180/0x2c0 [iwldvm]
 [<ffffffffa04e5e76>] iwl_set_mode+0x36/0x40 [iwldvm]
 [<ffffffffa04e5f0d>] iwlagn_mac_remove_interface+0x8d/0x1b0 [iwldvm]
 [<ffffffffa0459b3d>] ieee80211_do_stop+0x29d/0x7f0 [mac80211]

This is because we nulify ctx->vif in iwlagn_mac_remove_interface()
before calling some other functions that teardown interface. To fix
just check ctx->vif on iwl_chswitch_done(). We should not call
ieee80211_chswitch_done() as channel switch works were already canceled
by mac80211 in ieee80211_do_stop() -> ieee80211_mgd_stop().

Resolve:
https://bugzilla.redhat.com/show_bug.cgi?id=979581

Cc: stable@vger.kernel.org
Reported-by: Lukasz Jagiello <jagiello.lukasz@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-07-31 08:54:25 +02:00
..
appletalk
arcnet
bonding Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-07-03 14:55:13 -07:00
caif drivers/net: caif: fix wrong rtnl_is_locked() usage 2013-07-09 12:55:48 -07:00
can drivers/net/can/c_can: don't use devm_pinctrl_get_select_default() in probe 2013-07-11 17:18:26 -07:00
cris
dsa
ethernet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-07-13 17:42:22 -07:00
fddi net/fddi/skfp/skfddi: Use module_pci_driver to register driver 2013-05-22 14:35:05 -07:00
hamradio net: pass info struct via netdevice notifier 2013-05-28 13:11:01 -07:00
hippi net/hippi/rrunner: Use module_pci_driver to register driver 2013-05-22 14:35:05 -07:00
hyperv Fix the VLAN_TAG_PRESENT in netvsc_recv_callback() 2013-06-17 15:58:11 -07:00
ieee802154 drivers/net/ieee802154: don't use devm_pinctrl_get_select_default() in probe 2013-07-11 17:18:27 -07:00
irda net: irda: remove unnecessary platform_set_drvdata() 2013-05-27 22:34:51 -07:00
phy Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-07-13 17:42:22 -07:00
plip
ppp net: pass info struct via netdevice notifier 2013-05-28 13:11:01 -07:00
slip
team Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-06-19 16:49:39 -07:00
usb usb/net/r815x: fix cast to restricted __le32 2013-07-12 16:13:34 -07:00
vmxnet3 net: vlan: add protocol argument to packet tagging functions 2013-04-19 14:46:06 -04:00
wan Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-07-03 14:55:13 -07:00
wimax
wireless iwlwifi: dvm: fix calling ieee80211_chswitch_done() with NULL 2013-07-31 08:54:25 +02:00
xen-netback xen-netback: xenbus.c: use more current logging styles 2013-07-02 00:52:55 -07:00
dummy.c dummy: fix oops when loading the dummy failed 2013-07-11 11:59:20 -07:00
eql.c
ifb.c ifb: fix oops when loading the ifb failed 2013-07-11 12:00:05 -07:00
Kconfig packet: nlmon: virtual netlink monitoring device for packet sockets 2013-06-24 16:39:05 -07:00
LICENSE.SRC
loopback.c
macvlan.c macvtap: Let TUNSETOFFLOAD actually controll offload features. 2013-06-25 16:44:56 -07:00
macvtap.c macvtap: correctly linearize skb when zerocopy is used 2013-07-10 18:45:52 -07:00
Makefile packet: nlmon: virtual netlink monitoring device for packet sockets 2013-06-24 16:39:05 -07:00
mdio.c
mii.c
netconsole.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-07-09 18:24:39 -07:00
nlmon.c nlmon: use standard rtnetlink link api for add/del devices 2013-07-02 12:53:17 -07:00
ntb_netdev.c ntb_netdev: remove from list on exit 2013-05-15 10:58:14 -07:00
rionet.c rapidio/rionet: rework driver initialization and removal 2013-07-03 16:08:04 -07:00
sb1000.c
Space.c
sungem_phy.c
tun.c tuntap: correctly linearize skb when zerocopy is used 2013-07-10 18:45:52 -07:00
veth.c veth: remove redundant call of dev_alloc_name 2013-06-12 01:21:20 -07:00
virtio_net.c No real surprises. 2013-07-10 14:50:58 -07:00
vxlan.c vxlan: Fix kernel crash on rmmod. 2013-07-11 11:45:36 -07:00
xen-netfront.c xen: Use more current logging styles 2013-07-01 13:31:25 -07:00