From patchwork Tue Apr 22 03:39:34 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Luis R. Rodriguez" X-Patchwork-Id: 4028021 Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 475249F387 for ; Tue, 22 Apr 2014 03:39:54 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 5F7B52021F for ; Tue, 22 Apr 2014 03:39:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 762B12020F for ; Tue, 22 Apr 2014 03:39:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754398AbaDVDju (ORCPT ); Mon, 21 Apr 2014 23:39:50 -0400 Received: from mail-pa0-f51.google.com ([209.85.220.51]:46498 "EHLO mail-pa0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754142AbaDVDjs (ORCPT ); Mon, 21 Apr 2014 23:39:48 -0400 Received: by mail-pa0-f51.google.com with SMTP id kq14so4436303pab.38 for ; Mon, 21 Apr 2014 20:39:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=lpqsPAeSjNp08hJyB7mELrbnSg/0SfhnPAmZyPlx9Es=; b=B50NPsZIqwrkJMZVqXkarlDcQC/Ec/zA4XYq7Ol3IJ48P0gEB4zJqgdKkHVXd5WF5O 2ekDcjc6O9oh4+v7LKtt2DxhQMcv7MaHgHNPNSwsvMjpnmhchl+MFkYqoaGFz5AQvgjS omjEJeCrL3+ynifY2gIUwYCIYWeVvW8nrbsnL+Kuj7VTrut7bbg/Sf3ZEX9jf6pdFt/k 2k6rFmdwrv33251S17D6vdbgAbkHwt01/pcsEtaZMYbid6bbaRuAOqY0xuc+P2AAucCA 7rSYD1JFwn9UpU5my4McdAlB31FYgSre6gkHXU1VTlzoDPrhFIjjMPiq+cDa2mrFbTve fBcg== X-Received: by 10.66.149.231 with SMTP id ud7mr42133673pab.8.1398137988565; Mon, 21 Apr 2014 20:39:48 -0700 (PDT) Received: from mcgrof@gmail.com (c-98-234-145-61.hsd1.ca.comcast.net. [98.234.145.61]) by mx.google.com with ESMTPSA id tf10sm81375289pbc.70.2014.04.21.20.39.44 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 21 Apr 2014 20:39:46 -0700 (PDT) Received: by mcgrof@gmail.com (sSMTP sendmail emulation); Mon, 21 Apr 2014 20:39:43 -0700 From: "Luis R. Rodriguez" To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, lkml20140418@newton.leun.net, arik@wizery.com, linux@eikelenboom.it, "Luis R. Rodriguez" Subject: [PATCH 1/2] cfg80211: avoid freeing last_request while in flight Date: Mon, 21 Apr 2014 20:39:34 -0700 Message-Id: <1398137975-14275-2-git-send-email-mcgrof@do-not-panic.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1398137975-14275-1-git-send-email-mcgrof@do-not-panic.com> References: <1398137975-14275-1-git-send-email-mcgrof@do-not-panic.com> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Arik Nemtsov Avoid freeing the last request while it is being processed. This can happen in some cases if reg_work is kicked for some reason while the currently pending request is in flight. Cc: Sander Eikelenboom Signed-off-by: Arik Nemtsov Signed-off-by: Luis R. Rodriguez --- net/wireless/reg.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/net/wireless/reg.c b/net/wireless/reg.c index 9d32633..081c571 100644 --- a/net/wireless/reg.c +++ b/net/wireless/reg.c @@ -263,8 +263,16 @@ static char user_alpha2[2]; module_param(ieee80211_regdom, charp, 0444); MODULE_PARM_DESC(ieee80211_regdom, "IEEE 802.11 regulatory domain code"); -static void reg_free_request(struct regulatory_request *lr) +static void reg_free_request(struct regulatory_request *request) { + if (request != get_last_request()) + kfree(request); +} + +static void reg_free_last_request(void) +{ + struct regulatory_request *lr = get_last_request(); + if (lr != &core_request_world && lr) kfree_rcu(lr, rcu_head); } @@ -277,7 +285,7 @@ static void reg_update_last_request(struct regulatory_request *request) if (lr == request) return; - reg_free_request(lr); + reg_free_last_request(); rcu_assign_pointer(last_request, request); } @@ -1661,7 +1669,7 @@ reg_process_hint_user(struct regulatory_request *user_request) if (treatment == REG_REQ_IGNORE || treatment == REG_REQ_ALREADY_SET || treatment == REG_REQ_USER_HINT_HANDLED) { - kfree(user_request); + reg_free_request(user_request); return treatment; } @@ -1722,14 +1730,14 @@ reg_process_hint_driver(struct wiphy *wiphy, break; case REG_REQ_IGNORE: case REG_REQ_USER_HINT_HANDLED: - kfree(driver_request); + reg_free_request(driver_request); return treatment; case REG_REQ_INTERSECT: /* fall through */ case REG_REQ_ALREADY_SET: regd = reg_copy_regd(get_cfg80211_regdom()); if (IS_ERR(regd)) { - kfree(driver_request); + reg_free_request(driver_request); return REG_REQ_IGNORE; } rcu_assign_pointer(wiphy->regd, regd); @@ -1824,10 +1832,10 @@ reg_process_hint_country_ie(struct wiphy *wiphy, case REG_REQ_USER_HINT_HANDLED: /* fall through */ case REG_REQ_ALREADY_SET: - kfree(country_ie_request); + reg_free_request(country_ie_request); return treatment; case REG_REQ_INTERSECT: - kfree(country_ie_request); + reg_free_request(country_ie_request); /* * This doesn't happen yet, not sure we * ever want to support it for this case. @@ -1888,7 +1896,7 @@ static void reg_process_hint(struct regulatory_request *reg_request) return; out_free: - kfree(reg_request); + reg_free_request(reg_request); } /*