• Mohammed Shafi Shajakhan's avatar
    mac80211: fix kernel panic in IBSS due to a regression · e46a2cf9
    Mohammed Shafi Shajakhan authored
    kernel panic occurs when we create an IBSS mode and leave it for
    sometime without any joiner and this is introduced by the
    commit ec2b774e where we don't
    put proper braces for 'list_for_each_entry_safe' and we pass an
    invalid 'sta' pointer to __sta_info_destroy
    
    EIP is at __list_add+0xe/0xa0
    EAX: f3b63db4 EBX: 00000000 ECX: eab88c1c EDX: 00000000
    ESI: 00000000 EDI: 00000246 EBP: f3b63d80 ESP: f3b63d58
    DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
    Process kworker/u:2 (pid: 198, ti=f3b62000 task=f3afbea0
    task.ti=f3b62000)
    Stack:
    00000000 00000000 f9ef9821 00000000 00000000 eab88c30
    f3b63d80 c017f623
    eab88bf0 eab88bf0 f3b63dd0 c066f925 00000000 00000002
    00000000 f9ef9821
    f3b63da0 c0180a2b eab88c1c eab88c30 00000002 f3afbea0
    eab88bf4 f3b63db4
     Call Trace:
    [<f9ef9821>] ? __ieee80211_stop_tx_ba_session+0x31/0x60
    [mac80211]
    [<c017f623>] ? debug_mutex_add_waiter+0x23/0x60
    [<c066f925>] __mutex_lock_common+0xd5/0x390
    [<f9ef9821>] ? __ieee80211_stop_tx_ba_session+0x31/0x60
    [mac80211]
    [<c0180a2b>] ? trace_hardirqs_off+0xb/0x10
    [<c066fd37>] mutex_lock_nested+0x47/0x60
    [<f9ef9821>] ? __ieee80211_stop_tx_ba_session+0x31/0x60
    [mac80211]
    [<f9ef9821>] __ieee80211_stop_tx_ba_session+0x31/0x60
    [mac80211]
    [<f9ef8989>] ieee80211_sta_tear_down_BA_sessions+0x39/0x60 [mac80211]
    [<f9ef1a67>] __sta_info_destroy+0x57/0x780 [mac80211]
    [<f9ef2223>] ieee80211_sta_expire+0x93/0xb0 [mac80211]
    [<f9efc8f6>] ieee80211_ibss_work+0x2d6/0x530 [mac80211]
    
    Cc: Marek Lindner <lindner_marek@yahoo.de>
    Signed-off-by: default avatarMohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
    Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    e46a2cf9
sta_info.c 37 KB