提交 9b0b4d8a 编写于 作者: M Michael Buesch 提交者: John W. Linville

[PATCH] softmac: fix spinlock recursion on reassoc

This fixes a spinlock recursion on receiving a reassoc request.

On reassoc, the softmac calls back into the driver. This results in a
driver lock recursion. This schedules the assoc workqueue, instead
of calling it directly.

Probably, we should defer the _whole_ management frame processing
to a tasklet or workqueue, because it does several callbacks into the driver.
That is dangerous.

This fix should go into linus's tree, before 2.6.17 is released, because it
is remote exploitable (DoS by crash).
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
上级 c1783454
...@@ -391,6 +391,7 @@ ieee80211softmac_handle_reassoc_req(struct net_device * dev, ...@@ -391,6 +391,7 @@ ieee80211softmac_handle_reassoc_req(struct net_device * dev,
dprintkl(KERN_INFO PFX "reassoc request from unknown network\n"); dprintkl(KERN_INFO PFX "reassoc request from unknown network\n");
return 0; return 0;
} }
ieee80211softmac_assoc(mac, network); schedule_work(&mac->associnfo.work);
return 0; return 0;
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册