[kernel/f17] Fix race in regulatory code (rhbz 919176)

Josh Boyer jwboyer at fedoraproject.org
Tue Apr 16 14:43:52 UTC 2013 

commit aa9dea0e34a6d64a815f325699c1200c1d87431c
Author: Josh Boyer <jwboyer at redhat.com>
Date:   Tue Apr 16 10:36:56 2013 -0400

    Fix race in regulatory code (rhbz 919176)

 kernel.spec                                        |    9 ++++
 ...tory-fix-channel-disabling-race-condition.patch |   40 ++++++++++++++++++++
 2 files changed, 49 insertions(+), 0 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index f2da59d..611d4d1 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -780,6 +780,9 @@ Patch25008: 0001-bluetooth-Add-support-for-atheros-04ca-3004-device-t.patch
 #CVE-xxxx-xxxx rhbz 952197 952217
 Patch25009: tracing-Fix-possible-NULL-pointer-dereferences.patch
 
+#rhbz 919176
+Patch25010: wireless-regulatory-fix-channel-disabling-race-condition.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1518,6 +1521,9 @@ ApplyPatch 0001-bluetooth-Add-support-for-atheros-04ca-3004-device-t.patch
 #CVE-xxxx-xxxx rhbz 952197 952217
 ApplyPatch tracing-Fix-possible-NULL-pointer-dereferences.patch
 
+#rhbz 919176
+ApplyPatch wireless-regulatory-fix-channel-disabling-race-condition.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2374,6 +2380,9 @@ fi
 #    '-'      |  |
 #              '-'
 %changelog
+* Tue Apr 16 2013 Josh Boyer <jwboyer at redhat.com>
+- Fix race in regulatory code (rhbz 919176)
+
 * Mon Apr 15 2013 Josh Boyer <jwboyer at redhat.com>
 - tracing: NULL pointer dereference (rhbz 952197 952217)
 - Fix debug patches to build on s390x/ppc
diff --git a/wireless-regulatory-fix-channel-disabling-race-condition.patch b/wireless-regulatory-fix-channel-disabling-race-condition.patch
new file mode 100644
index 0000000..3137353
--- /dev/null
+++ b/wireless-regulatory-fix-channel-disabling-race-condition.patch
@@ -0,0 +1,40 @@
+From: Johannes Berg <johannes.berg at intel.com>
+
+When a full scan 2.4 and 5 GHz scan is scheduled, but then the 2.4 GHz
+part of the scan disables a 5.2 GHz channel due to, e.g. receiving
+country or frequency information, that 5.2 GHz channel might already
+be in the list of channels to scan next. Then, when the driver checks
+if it should do a passive scan, that will return false and attempt an
+active scan. This is not only wrong but can also lead to the iwlwifi
+device firmware crashing since it checks regulatory as well.
+
+Fix this by not setting the channel flags to just disabled but rather
+OR'ing in the disabled flag. That way, even if the race happens, the
+channel will be scanned passively which is still (mostly) correct.
+
+Cc: stable at vger.kernel.org
+Signed-off-by: Johannes Berg <johannes.berg at intel.com>
+---
+ net/wireless/reg.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/wireless/reg.c b/net/wireless/reg.c
+index 93ab840..507c28e 100644
+--- a/net/wireless/reg.c
++++ b/net/wireless/reg.c
+@@ -855,7 +855,7 @@ static void handle_channel(struct wiphy *wiphy,
+ 			return;
+ 
+ 		REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq);
+-		chan->flags = IEEE80211_CHAN_DISABLED;
++		chan->flags |= IEEE80211_CHAN_DISABLED;
+ 		return;
+ 	}
+ 
+-- 
+1.8.0
+
+--
+To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
+the body of a message to majordomo at vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
\ No newline at end of file

More information about the scm-commits mailing list