mac80211: fix auth/assoc data & timer leak

When removing an interface while it is in the process of authenticating or associating, we leak the auth_data or assoc_data, and leave the timer pending. The timer then crashes the system when it fires as its data is gone. Fix this by explicitly deleting all the data when the interface is removed. This uncovered another bug -- this problem should have been detected by the sta_info_flush() warning but that function doesn't ever return non-zero, I'll fix that in a separate patch. Reported-by: Hieu Nguyen <hieux.c.nguyen@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Johannes Berg <johannes.berg@intel.com> 2012-02-25 15:48:08 -0500
committer: John W. Linville <linville@tuxdriver.com> 2012-02-27 14:06:42 -0500
commit: 54e4ffb2abb3c086637cbc75a2bfe55a8ce987c8 (patch)
tree: 85ffa4a2295970bb5b1ea7601544fa03a2fc2f4b /net/mac80211/mlme.c
parent: fda82417884eecd9f2c8b4e6bb2039def0da7ec4 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 1495fb99b379..0c220e1b6c9c 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -3513,6 +3513,19 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
        return 0;
 }
+void ieee80211_mgd_teardown(struct ieee80211_sub_if_data *sdata)
+{
+        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
+        mutex_lock(&ifmgd->mtx);
+        if (ifmgd->assoc_data)
+                ieee80211_destroy_assoc_data(sdata, false);
+        if (ifmgd->auth_data)
+                ieee80211_destroy_auth_data(sdata, false);
+        del_timer_sync(&ifmgd->timer);
+        mutex_unlock(&ifmgd->mtx);
+}
 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
                               enum nl80211_cqm_rssi_threshold_event rssi_event,
                               gfp_t gfp)
author	Johannes Berg <johannes.berg@intel.com>	2012-02-25 15:48:08 -0500
committer	John W. Linville <linville@tuxdriver.com>	2012-02-27 14:06:42 -0500
commit	54e4ffb2abb3c086637cbc75a2bfe55a8ce987c8 (patch)
tree	85ffa4a2295970bb5b1ea7601544fa03a2fc2f4b /net/mac80211/mlme.c
parent	fda82417884eecd9f2c8b4e6bb2039def0da7ec4 (diff)

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 1495fb99b379..0c220e1b6c9c 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c
@@ -3513,6 +3513,19 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
3513	return 0;	3513	return 0;
3514	}	3514	}
3515		3515
		3516	void ieee80211_mgd_teardown(struct ieee80211_sub_if_data *sdata)
		3517	{
		3518	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
		3519
		3520	mutex_lock(&ifmgd->mtx);
		3521	if (ifmgd->assoc_data)
		3522	ieee80211_destroy_assoc_data(sdata, false);
		3523	if (ifmgd->auth_data)
		3524	ieee80211_destroy_auth_data(sdata, false);
		3525	del_timer_sync(&ifmgd->timer);
		3526	mutex_unlock(&ifmgd->mtx);
		3527	}
		3528
3516	void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,	3529	void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
3517	enum nl80211_cqm_rssi_threshold_event rssi_event,	3530	enum nl80211_cqm_rssi_threshold_event rssi_event,
3518	gfp_t gfp)	3531	gfp_t gfp)