[ 3.8.y.z extended stable ] Patch "mac80211: close AP_VLAN interfaces before unregistering all" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Fri Jun 7 20:29:19 UTC 2013 

This is a note to let you know that I have just added a patch titled

    mac80211: close AP_VLAN interfaces before unregistering all

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.3.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From cdc0a2e8a0addd34d861719f55252f9a99d1afd5 Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg at intel.com>
Date: Fri, 24 May 2013 01:06:09 +0200
Subject: mac80211: close AP_VLAN interfaces before unregistering all

commit c8aa22db0112f640ac6631347f850879c621840b upstream.

Since Eric's commit efe117ab8 ("Speedup ieee80211_remove_interfaces")
there's a bug in mac80211 when it unregisters with AP_VLAN interfaces
up. If the AP_VLAN interface was registered after the AP it belongs
to (which is the typical case) and then we get into this code path,
unregister_netdevice_many() will crash because it isn't prepared to
deal with interfaces being closed in the middle of it. Exactly this
happens though, because we iterate the list, find the AP master this
AP_VLAN belongs to and dev_close() the dependent VLANs. After this,
unregister_netdevice_many() won't pick up the fact that the AP_VLAN
is already down and will do it again, causing a crash.

Cc: Eric Dumazet <eric.dumazet at gmail.com>
Signed-off-by: Johannes Berg <johannes.berg at intel.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 net/mac80211/iface.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 8be854e..00bd646 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -1657,6 +1657,15 @@ void ieee80211_remove_interfaces(struct ieee80211_local *local)

 	ASSERT_RTNL();

+	/*
+	 * Close all AP_VLAN interfaces first, as otherwise they
+	 * might be closed while the AP interface they belong to
+	 * is closed, causing unregister_netdevice_many() to crash.
+	 */
+	list_for_each_entry(sdata, &local->interfaces, list)
+		if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
+			dev_close(sdata->dev);
+
 	mutex_lock(&local->iflist_mtx);
 	list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
 		list_del(&sdata->list);
--
1.8.1.2

More information about the kernel-team mailing list