mac80211: fix non RCU-safe sta_list manipulation

commit 794454ce72a298de6f4536ade597bdcc7dcde7c7 upstream. sta_info_cleanup locks the sta_list using rcu_read_lock however the delete operation isn't rcu safe. A race between sta_info_cleanup timer being called and a STA being removed can occur which leads to a panic while traversing sta_list. Fix this by switching to the RCU-safe versions. Reported-by: Eyal Shapira <eyal@wizery.com> Signed-off-by: Arik Nemtsov <arik@wizery.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Arik Nemtsov <arik@wizery.com> 2012-06-03 23:32:32 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-06-17 11:21:25 -0700
commit: 073e100877a39f36163398cde868e98fa6d3f0a1 (patch)
tree: def5d17b06e3a4fd0688783568fc82d4dfd6c855 /net
parent: d4bb7f49f4d5ea7a287899178df55b4725bb32d2 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 38137cb5f6f0..d93d39b84344 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -378,7 +378,7 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
 	/* make the station visible */
 	sta_info_hash_add(local, sta);
 
-	list_add(&sta->list, &local->sta_list);
+	list_add_rcu(&sta->list, &local->sta_list);
 
 	set_sta_flag(sta, WLAN_STA_INSERTED);
 
@@ -688,7 +688,7 @@ int __must_check __sta_info_destroy(struct sta_info *sta)
 	if (ret)
 		return ret;
 
-	list_del(&sta->list);
+	list_del_rcu(&sta->list);
 
 	mutex_lock(&local->key_mtx);
 	for (i = 0; i < NUM_DEFAULT_KEYS; i++)
author	Arik Nemtsov <arik@wizery.com>	2012-06-03 23:32:32 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-06-17 11:21:25 -0700
commit	073e100877a39f36163398cde868e98fa6d3f0a1 (patch)
tree	def5d17b06e3a4fd0688783568fc82d4dfd6c855 /net
parent	d4bb7f49f4d5ea7a287899178df55b4725bb32d2 (diff)