Commit 9b0b4d8a authored Apr 07, 2006 by Michael Buesch Committed by John W. Linville Apr 19, 2006

[PATCH] softmac: fix spinlock recursion on reassoc



This fixes a spinlock recursion on receiving a reassoc request.

On reassoc, the softmac calls back into the driver. This results in a
driver lock recursion. This schedules the assoc workqueue, instead
of calling it directly.

Probably, we should defer the _whole_ management frame processing
to a tasklet or workqueue, because it does several callbacks into the driver.
That is dangerous.

This fix should go into linus's tree, before 2.6.17 is released, because it
is remote exploitable (DoS by crash).

Signed-off-by: John W. Linville <linville@tuxdriver.com>

parent c1783454

net/ieee80211/softmac/ieee80211softmac_assoc.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -391,6 +391,7 @@ ieee80211softmac_handle_reassoc_req(struct net_device * dev,
		dprintkl(KERN_INFO PFX "reassoc request from unknown network\n");
		return 0;
		}
		ieee80211softmac_assoc(mac, network);
		schedule_work(&mac->associnfo.work);

		return 0;
		}