review.tizen.org Git - platform/kernel/linux-stable.git/commit

projects / platform / kernel / linux-stable.git / commit

author	Johannes Berg <johannes.berg@intel.com>
	Thu, 29 Nov 2012 00:25:20 +0000 (01:25 +0100)
committer	Johannes Berg <johannes.berg@intel.com>
	Fri, 30 Nov 2012 12:42:20 +0000 (13:42 +0100)
commit	9caf03640279e64d0ba36539b42daa1b43a49486
tree	cb094a4a577f61421d1b402e16f0e68f151d5726	tree \| snapshot
parent	b9a9ada14aab17f08c1d9735601f1097cdcfc6de	commit \| diff

cfg80211: fix BSS struct IE access races

When a BSS struct is updated, the IEs are currently
overwritten or freed. This can lead to races if some
other CPU is accessing the BSS struct and using the
IEs concurrently.

Fix this by always allocating the IEs in a new struct
that holds the data and length and protecting access
to this new struct with RCU.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

12 files changed:

Domain: System / Kernel;

RSS Atom

drivers/net/wireless/libertas/cfg.c		diff \| blob \| history
drivers/net/wireless/mwifiex/sta_ioctl.c		diff \| blob \| history
include/net/cfg80211.h		diff \| blob \| history
net/mac80211/mlme.c		diff \| blob \| history
net/wireless/core.h		diff \| blob \| history
net/wireless/nl80211.c		diff \| blob \| history
net/wireless/reg.c		diff \| blob \| history
net/wireless/reg.h		diff \| blob \| history
net/wireless/scan.c		diff \| blob \| history
net/wireless/sme.c		diff \| blob \| history
net/wireless/util.c		diff \| blob \| history
net/wireless/wext-sme.c		diff \| blob \| history