Skip to content

Commit

Permalink
[PATCH] softmac: fix spinlock recursion on reassoc
Browse files Browse the repository at this point in the history 
This fixes a spinlock recursion on receiving a reassoc request.

On reassoc, the softmac calls back into the driver. This results in a
driver lock recursion. This schedules the assoc workqueue, instead
of calling it directly.

Probably, we should defer the _whole_ management frame processing
to a tasklet or workqueue, because it does several callbacks into the driver.
That is dangerous.

This fix should go into linus's tree, before 2.6.17 is released, because it
is remote exploitable (DoS by crash).

Signed-off-by: John W. Linville <linville@tuxdriver.com>
  • Loading branch information
Michael Buesch authored and John W. Linville committed Apr 19, 2006
1 parent c178345 commit 9b0b4d8
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion net/ieee80211/softmac/ieee80211softmac_assoc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -391,6 +391,7 @@ ieee80211softmac_handle_reassoc_req(struct net_device * dev,
dprintkl(KERN_INFO PFX "reassoc request from unknown network\n");
return 0;
}
ieee80211softmac_assoc(mac, network);
schedule_work(&mac->associnfo.work);

return 0;
}

0 comments on commit 9b0b4d8

Please sign in to comment.