[kernel/f19] Fix race in regulatory code (rhbz 919176)

Josh Boyer jwboyer at fedoraproject.org
Tue Apr 16 14:44:12 UTC 2013 

commit e175b26961d921c5048e57225bb07014fa6ee704
Author: Josh Boyer <jwboyer at redhat.com>
Date:   Tue Apr 16 10:36:56 2013 -0400

    Fix race in regulatory code (rhbz 919176)

 kernel.spec                                        |    9 ++++
 ...tory-fix-channel-disabling-race-condition.patch |   40 ++++++++++++++++++++
 2 files changed, 49 insertions(+), 0 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index 00ca859..bd131cb 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -755,6 +755,9 @@ Patch23007: libsas-use-right-function-to-alloc-smp-response.patch
 #rhbz 947142
 Patch23009: efi-space-fixes.patch
 
+#rhbz 919176
+Patch25010: wireless-regulatory-fix-channel-disabling-race-condition.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1460,6 +1463,9 @@ ApplyPatch libsas-use-right-function-to-alloc-smp-response.patch
 #rhbz 947142
 ApplyPatch efi-space-fixes.patch
 
+#rhbz 919176
+ApplyPatch wireless-regulatory-fix-channel-disabling-race-condition.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2292,6 +2298,9 @@ fi
 # and build.
 
 %changelog
+* Tue Apr 16 2013 Josh Boyer <jwboyer at redhat.com>
+- Fix race in regulatory code (rhbz 919176)
+
 * Mon Apr 15 2013 Josh Boyer <jwboyer at redhat.com>
 - Fix debug patches to build on s390x/ppc
 
diff --git a/wireless-regulatory-fix-channel-disabling-race-condition.patch b/wireless-regulatory-fix-channel-disabling-race-condition.patch
new file mode 100644
index 0000000..3137353
--- /dev/null
+++ b/wireless-regulatory-fix-channel-disabling-race-condition.patch
@@ -0,0 +1,40 @@
+From: Johannes Berg <johannes.berg at intel.com>
+
+When a full scan 2.4 and 5 GHz scan is scheduled, but then the 2.4 GHz
+part of the scan disables a 5.2 GHz channel due to, e.g. receiving
+country or frequency information, that 5.2 GHz channel might already
+be in the list of channels to scan next. Then, when the driver checks
+if it should do a passive scan, that will return false and attempt an
+active scan. This is not only wrong but can also lead to the iwlwifi
+device firmware crashing since it checks regulatory as well.
+
+Fix this by not setting the channel flags to just disabled but rather
+OR'ing in the disabled flag. That way, even if the race happens, the
+channel will be scanned passively which is still (mostly) correct.
+
+Cc: stable at vger.kernel.org
+Signed-off-by: Johannes Berg <johannes.berg at intel.com>
+---
+ net/wireless/reg.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/wireless/reg.c b/net/wireless/reg.c
+index 93ab840..507c28e 100644
+--- a/net/wireless/reg.c
++++ b/net/wireless/reg.c
+@@ -855,7 +855,7 @@ static void handle_channel(struct wiphy *wiphy,
+ 			return;
+ 
+ 		REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq);
+-		chan->flags = IEEE80211_CHAN_DISABLED;
++		chan->flags |= IEEE80211_CHAN_DISABLED;
+ 		return;
+ 	}
+ 
+-- 
+1.8.0
+
+--
+To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
+the body of a message to majordomo at vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
\ No newline at end of file

More information about the scm-commits mailing list