Skip to content

Commit

Permalink
mac80211: fix txq queue related crashes
Browse files Browse the repository at this point in the history 
The driver can access the queue simultanously
while mac80211 tears down the interface. Without
spinlock protection this could lead to corrupting
sk_buff_head and subsequently to an invalid
pointer dereference.

Fixes: ba8c3d6 ("mac80211: add an intermediate software queue implementation")
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  • Loading branch information
Michal Kazior authored and Johannes Berg committed Feb 24, 2016
1 parent b8631c0 commit 2a58d42
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions net/mac80211/iface.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -977,7 +977,10 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
if (sdata->vif.txq) {
struct txq_info *txqi = to_txq_info(sdata->vif.txq);

spin_lock_bh(&txqi->queue.lock);
ieee80211_purge_tx_queue(&local->hw, &txqi->queue);
spin_unlock_bh(&txqi->queue.lock);

atomic_set(&sdata->txqs_len[txqi->txq.ac], 0);
}

Expand Down

0 comments on commit 2a58d42

Please sign in to comment.