Fix workqueue crash in mac80211 (rhbz 920218)

kernel.spec

@@ -62,7 +62,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 1
+%global baserelease 2
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -740,6 +740,9 @@ Patch21271: drm-i915-bounds-check-execbuffer-relocation-count.patch
 Patch21273: cfg80211-mac80211-disconnect-on-suspend.patch
 Patch21274: mac80211_fixes_for_ieee80211_do_stop_while_suspend_v3.9.patch
 
+#rhbz 920218
+Patch21276: mac80211-Dont-restart-sta-timer-if-not-running.patch
+
 #rhbz 859282
 Patch21275: VMX-x86-handle-host-TSC-calibration-failure.patch
 
@@ -1443,6 +1446,9 @@ ApplyPatch mac80211_fixes_for_ieee80211_do_stop_while_suspend_v3.9.patch
 #rhbz 859282
 ApplyPatch VMX-x86-handle-host-TSC-calibration-failure.patch
 
+#rhbz 920218
+ApplyPatch mac80211-Dont-restart-sta-timer-if-not-running.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2275,6 +2281,9 @@ fi
 # and build.
 
 %changelog
+* Thu Mar 21 2013 Josh Boyer <jwboyer@redhat.com>
+- Fix workqueue crash in mac80211 (rhbz 920218)
+
 * Thu Mar 21 2013 Josh Boyer <jwboyer@redhat.com> - 3.9.0-0.rc3.git1.1
 - Linux v3.9-rc3-148-g2ffdd7e
 - Fixes CVE-2013-1796, CVE-2013-1797, CVE-2013-1798 in kvm.

mac80211-Dont-restart-sta-timer-if-not-running.patch

@@ -0,0 +1,55 @@
+From: Ben Greear <greearb@candelatech.com>
+
+I found another crash when deleting lots of virtual stations
+in a congested environment.  I think the problem is that
+the ieee80211_mlme_notify_scan_completed could call
+ieee80211_restart_sta_timer for a stopped interface
+that was about to be deleted.  Fix similar problem for
+mesh interfaces as well.
+
+Signed-off-by: Ben Greear <greearb@candelatech.com>
+---
+v4:  Fix up mesh as well, add check in calling code instead of
+    in the methods that mucks iwth the timers.
+
+:100644 100644 67fcfdf... 02e3d75... M	net/mac80211/mesh.c
+:100644 100644 aec786d... 1d237e9... M	net/mac80211/mlme.c
+ net/mac80211/mesh.c |    3 ++-
+ net/mac80211/mlme.c |    3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
+index 67fcfdf..02e3d75 100644
+--- a/net/mac80211/mesh.c
++++ b/net/mac80211/mesh.c
+@@ -779,7 +779,8 @@ void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local)
+ 
+ 	rcu_read_lock();
+ 	list_for_each_entry_rcu(sdata, &local->interfaces, list)
+-		if (ieee80211_vif_is_mesh(&sdata->vif))
++		if (ieee80211_sdata_running(sdata)
++		    && ieee80211_vif_is_mesh(&sdata->vif))
+ 			ieee80211_queue_work(&local->hw, &sdata->work);
+ 	rcu_read_unlock();
+ }
+diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
+index aec786d..1d237e9 100644
+--- a/net/mac80211/mlme.c
++++ b/net/mac80211/mlme.c
+@@ -3054,7 +3054,8 @@ void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
+ 	/* Restart STA timers */
+ 	rcu_read_lock();
+ 	list_for_each_entry_rcu(sdata, &local->interfaces, list)
+-		ieee80211_restart_sta_timer(sdata);
++		if (ieee80211_sdata_running(sdata))
++			ieee80211_restart_sta_timer(sdata);
+ 	rcu_read_unlock();
+ }
+ 
+-- 
+1.7.3.4
+
+--
+To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html