[PATCH] softmac: fix spinlock recursion on reassoc
authorMichael Buesch <mb@bu3sch.de>
Thu, 6 Apr 2006 23:42:55 +0000 (01:42 +0200)
committerJohn W. Linville <linville@tuxdriver.com>
Wed, 19 Apr 2006 21:25:38 +0000 (17:25 -0400)
This fixes a spinlock recursion on receiving a reassoc request.

On reassoc, the softmac calls back into the driver. This results in a
driver lock recursion. This schedules the assoc workqueue, instead
of calling it directly.

Probably, we should defer the _whole_ management frame processing
to a tasklet or workqueue, because it does several callbacks into the driver.
That is dangerous.

This fix should go into linus's tree, before 2.6.17 is released, because it
is remote exploitable (DoS by crash).

Signed-off-by: John W. Linville <linville@tuxdriver.com>
net/ieee80211/softmac/ieee80211softmac_assoc.c

index be61de78dfa4a6dc01f6a653e3b6efee89ceac54..cb9fca86c26bb42ab4692edac881877fdb30b1e3 100644 (file)
@@ -391,6 +391,7 @@ ieee80211softmac_handle_reassoc_req(struct net_device * dev,
                dprintkl(KERN_INFO PFX "reassoc request from unknown network\n");
                return 0;
        }
-       ieee80211softmac_assoc(mac, network);
+       schedule_work(&mac->associnfo.work);
+
        return 0;
 }