1
linux/net/mac80211
Stanislaw Gruszka d72308bff5 mac80211: fix possible tid_rx->reorder_timer use after free
Is possible that we will arm the tid_rx->reorder_timer after
del_timer_sync() in ___ieee80211_stop_rx_ba_session(). We need to stop
timer after RCU grace period finish, so move it to
ieee80211_free_tid_rx(). Timer will not be armed again, as
rcu_dereference(sta->ampdu_mlme.tid_rx[tid]) will return NULL.

Debug object detected problem with the following warning:
ODEBUG: free active (active state 0) object type: timer_list hint: sta_rx_agg_reorder_timer_expired+0x0/0xf0 [mac80211]

Bug report (with all warning messages):
https://bugzilla.redhat.com/show_bug.cgi?id=804007

Reported-by: "jan p. springer" <jsd@igroup.org>
Cc: stable@vger.kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-03-26 15:07:29 -04:00
..
aes_ccm.c mac80211: use AES_BLOCK_SIZE 2011-07-08 11:11:24 -04:00
aes_ccm.h mac80211: use AES_BLOCK_SIZE 2011-07-08 11:11:24 -04:00
aes_cmac.c mac80211: use AES_BLOCK_SIZE 2011-07-08 11:11:24 -04:00
aes_cmac.h mac80211: fix CMAC races 2011-07-08 11:11:20 -04:00
agg-rx.c mac80211: fix possible tid_rx->reorder_timer use after free 2012-03-26 15:07:29 -04:00
agg-tx.c mac80211: split addba retries in time 2011-12-19 14:31:37 -05:00
cfg.c mac80211: fix mesh airtime link metric estimating 2012-03-06 15:16:17 -05:00
cfg.h
chan.c mac80211: Don't let regulatory make us deaf 2012-03-13 14:55:53 -04:00
debugfs_key.c mac80211: fix debugfs key->station symlink 2012-01-18 14:38:05 -05:00
debugfs_key.h mac80211: support separate default keys 2010-12-13 15:23:29 -05:00
debugfs_netdev.c mac80211: make uapsd_* keys per-vif 2012-03-15 13:43:12 -04:00
debugfs_netdev.h
debugfs_sta.c mac80211: call rate control only after init 2012-02-15 13:56:06 -05:00
debugfs_sta.h
debugfs.c mac80211: make uapsd_* keys per-vif 2012-03-15 13:43:12 -04:00
debugfs.h mac80211: refactor debugfs function generation code 2010-11-15 13:24:48 -05:00
driver-ops.h mac80211: remove tx_sync 2012-03-12 14:19:38 -04:00
driver-trace.c
driver-trace.h mac80211: rename bss_conf timestamp to last_tsf 2012-03-13 14:54:20 -04:00
event.c
ht.c mac80211: Use appropriate TID for sending BAR, ADDBA and DELBA frames 2011-12-15 14:46:35 -05:00
ibss.c mac80211: use compare_ether_addr on MAC addresses instead of memcmp 2012-03-05 15:38:31 -05:00
ieee80211_i.h mac80211: make uapsd_* keys per-vif 2012-03-15 13:43:12 -04:00
iface.c mac80211: combine QoS with other BSS changes 2012-03-05 15:53:46 -05:00
Kconfig mac80211: remove tracing config symbol 2011-11-28 14:44:09 -05:00
key.c mac80211: clean up asm/unaligned.h inclusion 2012-02-27 14:06:32 -05:00
key.h mac80211: allow driver to disconnect after resume 2011-07-13 14:49:43 -04:00
led.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
led.h mac80211: selective throughput LED trigger active 2010-12-22 14:33:37 -05:00
main.c mac80211: remove outdated comment 2012-03-26 15:07:27 -04:00
Makefile mac80211: redesign auth/assoc 2012-02-06 14:50:37 -05:00
mesh_hwmp.c mac80211: fix mesh airtime link metric estimating 2012-03-06 15:16:17 -05:00
mesh_pathtbl.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-03-20 21:04:47 -07:00
mesh_plink.c mac80211: Fix potential null pointer dereferencing 2012-03-07 13:51:47 -05:00
mesh.c mac80211: use compare_ether_addr on MAC addresses instead of memcmp 2012-03-05 15:38:31 -05:00
mesh.h mac80211: Fix the generation of PREQs in proactive RANN mechanism of HWMP 2012-03-05 15:23:14 -05:00
michael.c
michael.h
mlme.c mac80211: make uapsd_* keys per-vif 2012-03-15 13:43:12 -04:00
offchannel.c mac80211: remove dead code 2012-01-04 14:31:47 -05:00
pm.c mac80211: use proper sub_if_data on suspend path 2012-02-27 14:06:40 -05:00
rate.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless 2012-02-29 14:53:21 -05:00
rate.h mac80211: do not call rate control .tx_status before .rate_init 2012-02-15 13:56:06 -05:00
rc80211_minstrel_debugfs.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
rc80211_minstrel_ht_debugfs.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
rc80211_minstrel_ht.c mac80211: Don't sample max throughput rate in minstrel_ht 2012-03-15 13:40:33 -04:00
rc80211_minstrel_ht.h minstrel_ht: move minstrel_mcs_groups declaration to header file 2010-06-24 15:42:18 -04:00
rc80211_minstrel.c minstrel: Remove unused function parameter in calc_rate_durations() 2011-11-11 12:32:52 -05:00
rc80211_minstrel.h minstrel_ht: fixed rate mode through debugfs 2011-06-01 15:12:29 -04:00
rc80211_pid_algo.c net: fix assignment of 0/1 to bool variables. 2011-12-19 22:27:29 -05:00
rc80211_pid_debugfs.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
rc80211_pid.h Fix common misspellings 2011-03-31 11:26:23 -03:00
rx.c mac80211: Don't let regulatory make us deaf 2012-03-13 14:55:53 -04:00
scan.c mac80211: Filter duplicate IE ids 2012-03-07 13:51:37 -05:00
spectmgmt.c mac80211: Remove unnecessary OOM logging messages 2011-09-13 15:45:02 -04:00
sta_info.c mac80211: use compare_ether_addr on MAC addresses instead of memcmp 2012-03-05 15:38:31 -05:00
sta_info.h mac80211: fix mesh airtime link metric estimating 2012-03-06 15:16:17 -05:00
status.c mac80211: use compare_ether_addr on MAC addresses instead of memcmp 2012-03-05 15:38:31 -05:00
tkip.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
tkip.h mac80211: fix TKIP races, make API easier to use 2011-07-08 11:11:19 -04:00
tx.c mac80211: make uapsd_* keys per-vif 2012-03-15 13:43:12 -04:00
util.c mac80211: Filter duplicate IE ids 2012-03-07 13:51:37 -05:00
wep.c mac80211: linearize SKBs as needed for crypto 2012-03-13 14:54:17 -04:00
wep.h mac80211: move RX WEP weak IV counting 2012-03-13 14:54:16 -04:00
wme.c mac80211: fix forwarded mesh frame queue mapping 2011-11-28 14:44:05 -05:00
wme.h mac80211: fix forwarded mesh frame queue mapping 2011-11-28 14:44:05 -05:00
work.c mac80211: redesign auth/assoc 2012-02-06 14:50:37 -05:00
wpa.c mac80211: linearize SKBs as needed for crypto 2012-03-13 14:54:17 -04:00
wpa.h mac80211: fix tx->skb NULL pointer dereference 2012-01-16 15:01:16 -05:00