[kernel/f14/master] mac80211 fix for hard lockup in sta_addba_resp_timer_expired (sgruszka, #667459)
Jarod Wilson
jwilson at fedoraproject.org
Mon Jan 10 22:29:33 UTC 2011
commit b97dc7392d3023c515d6fb0adfa31547ca3915b8
Author: Jarod Wilson <jarod at redhat.com>
Date: Mon Jan 10 15:58:16 2011 -0500
mac80211 fix for hard lockup in sta_addba_resp_timer_expired (sgruszka, #667459)
Signed-off-by: Jarod Wilson <jarod at redhat.com>
kernel.spec | 6 +++
...rd-lockup-in-sta_addba_resp_timer_expired.patch | 35 ++++++++++++++++++++
2 files changed, 41 insertions(+), 0 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index c476857..b7a3e3d 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -812,6 +812,8 @@ Patch13697: fs-call-security_d_instantiate-in-d_obtain_alias.patch
Patch13698: net-AF_PACKET-vmalloc.patch
+Patch13699: mac80211-fix-hard-lockup-in-sta_addba_resp_timer_expired.patch
+
# rhbz#652744
Patch13700: e1000e-cleanup-e1000_sw_lcd_config_ich8lan.patch
Patch13701: e1000e-82566DC-fails-to-get-link.patch
@@ -1531,6 +1533,9 @@ ApplyPatch orinoco-initialise-priv_hw-before-assigning-the-interrupt.patch
# rhbz#637619
ApplyPatch net-AF_PACKET-vmalloc.patch
+# rhbz#667459
+ApplyPatch mac80211-fix-hard-lockup-in-sta_addba_resp_timer_expired.patch
+
# rhbz#652744
ApplyPatch e1000e-cleanup-e1000_sw_lcd_config_ich8lan.patch
ApplyPatch e1000e-82566DC-fails-to-get-link.patch
@@ -2129,6 +2134,7 @@ fi
- Add missing --with/--without pae build flag support
- Restore imon mce default proto modparam, since ir-keytable currently
won't work with the 2.6.35.x input layer ioctls
+- mac80211 fix for hard lockup in sta_addba_resp_timer_expired (sgruszka, #667459)
* Mon Jan 10 2011 Chuck Ebbert <cebbert at redhat.com>
- CVE-2010-4668: kernel panic with 0-length IOV
diff --git a/mac80211-fix-hard-lockup-in-sta_addba_resp_timer_expired.patch b/mac80211-fix-hard-lockup-in-sta_addba_resp_timer_expired.patch
new file mode 100644
index 0000000..e1ead8e
--- /dev/null
+++ b/mac80211-fix-hard-lockup-in-sta_addba_resp_timer_expired.patch
@@ -0,0 +1,35 @@
+Problem is 2.6.35 specific, bug was introduced in backport
+of upstream 44271488b91c9eecf249e075a1805dd887e222d2 commit.
+
+We can not call del_timer_sync(addba_resp_timer) from
+___ieee80211_stop_tx_ba_session(), as this function can be called from
+that timer callback. To fix, simply use not synchronous del_timer().
+
+Resolve https://bugzilla.redhat.com/show_bug.cgi?id=667459
+
+Reported-and-tested-by: Mathieu Chouquet-Stringer <mathieu-acct at csetco.com>
+Signed-off-by: Stanislaw Gruszka <sgruszka at redhat.com>
+---
+ net/mac80211/agg-tx.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
+index f935490..72ab63d 100644
+--- a/net/mac80211/agg-tx.c
++++ b/net/mac80211/agg-tx.c
+@@ -138,7 +138,7 @@ int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
+ sta->sta.addr, tid);
+ #endif /* CONFIG_MAC80211_HT_DEBUG */
+
+- del_timer_sync(&tid_tx->addba_resp_timer);
++ del_timer(&tid_tx->addba_resp_timer);
+
+ state = &sta->ampdu_mlme.tid_state_tx[tid];
+
+--
+1.7.3.4
+
+_______________________________________________
+kernel mailing list
+kernel at lists.fedoraproject.org
+https://admin.fedoraproject.org/mailman/listinfo/kernel
More information about the scm-commits
mailing list