linux

History

Stanislaw Gruszka d72308bff5 mac80211: fix possible tid_rx->reorder_timer use after free Is possible that we will arm the tid_rx->reorder_timer after del_timer_sync() in ___ieee80211_stop_rx_ba_session(). We need to stop timer after RCU grace period finish, so move it to ieee80211_free_tid_rx(). Timer will not be armed again, as rcu_dereference(sta->ampdu_mlme.tid_rx[tid]) will return NULL. Debug object detected problem with the following warning: ODEBUG: free active (active state 0) object type: timer_list hint: sta_rx_agg_reorder_timer_expired+0x0/0xf0 [mac80211] Bug report (with all warning messages): https://bugzilla.redhat.com/show_bug.cgi?id=804007 Reported-by: "jan p. springer" <jsd@igroup.org> Cc: stable@vger.kernel.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>		2012-03-26 15:07:29 -04:00
..
9p
802
8021q
appletalk
atm
ax25
batman-adv	Merge tag 'batman-adv-for-davem' of git://git.open-mesh.org/linux-merge	2012-03-11 15:36:34 -07:00
bluetooth	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2012-03-20 21:04:47 -07:00
bridge	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2012-03-09 14:34:20 -08:00
caif	caif: make zero a legal caif connetion id.	2012-03-11 15:38:16 -07:00
can
ceph
core	net: fix napi_reuse_skb() skb reserve	2012-03-21 16:52:09 -04:00
dcb
dccp
decnet
dns_resolver
dsa
econet
ethernet
ieee802154
ipv4	bonding: remove entries for master_ip and vlan_ip and query devices instead	2012-03-22 22:36:17 -04:00
ipv6	netfilter: remove forward module param confusion.	2012-03-22 22:36:17 -04:00
ipx
irda	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2012-03-20 21:04:47 -07:00
iucv	af_iucv: add shutdown for HS transport	2012-03-07 22:52:24 -08:00
key
l2tp	l2tp: enable automatic module loading for l2tp_ppp	2012-03-21 22:14:56 -04:00
lapb
llc
mac80211	mac80211: fix possible tid_rx->reorder_timer use after free	2012-03-26 15:07:29 -04:00
netfilter	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2012-03-20 21:04:47 -07:00
netlabel	netlabel: use GFP flags from caller instead of GFP_ATOMIC	2012-03-22 19:29:57 -04:00
netlink
netrom
nfc	NFC: NCI code identation fixes	2012-03-06 15:16:25 -05:00
openvswitch	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2012-03-09 14:34:20 -08:00
packet
phonet
rds	RDS: use gfp flags from caller in conn_alloc()	2012-03-22 19:29:58 -04:00
rfkill
rose
rxrpc
sched	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2012-03-20 21:04:47 -07:00
sctp	sctp: Export sctp_do_peeloff	2012-03-08 13:52:08 -08:00
sunrpc	sunrpc: remove the second argument of k[un]map_atomic()	2012-03-20 21:48:28 +08:00
tipc
unix
wanrouter
wimax
wireless	cfg80211: allow CFG80211_SIGNAL_TYPE_UNSPEC in station_info	2012-03-26 15:07:25 -04:00
x25
xfrm	xfrm: Access the replay notify functions via the registered callbacks	2012-03-22 19:29:58 -04:00
compat.c	net: get rid of some pointless casts to sockaddr	2012-03-11 19:11:22 -07:00
Kconfig
Makefile
nonet.c
socket.c	net: get rid of some pointless casts to sockaddr	2012-03-11 19:11:22 -07:00
sysctl_net.c