rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix race in regulatory code (rhbz 919176)

This commit is contained in:
Josh Boyer 2013-04-16 10:36:56 -04:00
parent 5df5912517
commit 9266085284
2 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
kernel.spec
View File

@ -796,6 +796,9 @@ Patch25008: 0001-bluetooth-Add-support-for-atheros-04ca-3004-device-t.patch
#CVE-xxxx-xxxx rhbz 952197 952217
Patch25009: tracing-Fix-possible-NULL-pointer-dereferences.patch
#rhbz 919176
Patch25010: wireless-regulatory-fix-channel-disabling-race-condition.patch
# END OF PATCH DEFINITIONS
%endif
@ -1542,6 +1545,9 @@ ApplyPatch 0001-bluetooth-Add-support-for-atheros-04ca-3004-device-t.patch
#CVE-xxxx-xxxx rhbz 952197 952217
ApplyPatch tracing-Fix-possible-NULL-pointer-dereferences.patch
#rhbz 919176
ApplyPatch wireless-regulatory-fix-channel-disabling-race-condition.patch
# END OF PATCH APPLICATIONS
%endif
@ -2399,6 +2405,9 @@ fi
# ||----w |
# || ||
%changelog
* Tue Apr 16 2013 Josh Boyer <jwboyer@redhat.com>
- Fix race in regulatory code (rhbz 919176)
* Mon Apr 15 2013 Josh Boyer <jwboyer@redhat.com>
- tracing: NULL pointer dereference (rhbz 952197 952217)
- Fix debug patches to build on s390x/ppc

40
wireless-regulatory-fix-channel-disabling-race-condition.patch Normal file
View File

@ -0,0 +1,40 @@
From: Johannes Berg <johannes.berg@intel.com>
When a full scan 2.4 and 5 GHz scan is scheduled, but then the 2.4 GHz
part of the scan disables a 5.2 GHz channel due to, e.g. receiving
country or frequency information, that 5.2 GHz channel might already
be in the list of channels to scan next. Then, when the driver checks
if it should do a passive scan, that will return false and attempt an
active scan. This is not only wrong but can also lead to the iwlwifi
device firmware crashing since it checks regulatory as well.
Fix this by not setting the channel flags to just disabled but rather
OR'ing in the disabled flag. That way, even if the race happens, the
channel will be scanned passively which is still (mostly) correct.
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/wireless/reg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 93ab840..507c28e 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -855,7 +855,7 @@ static void handle_channel(struct wiphy *wiphy,
return;
REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq);
- chan->flags = IEEE80211_CHAN_DISABLED;
+ chan->flags |= IEEE80211_CHAN_DISABLED;
return;
}
--
1.8.0
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html