linux-hardened/net/mac80211
Ben Greear 499218595a mac80211: Fix crash due to un-canceled work-items
Some mlme work structs are not cancelled on disassociation
nor interface deletion, which leads to them running after
the memory has been freed

There is not a clean way to cancel these in the disassociation
logic because they must be canceled outside of the ifmgd->mtx
lock, so just cancel them in mgd_stop logic that tears down
the station.

This fixes the crashes we see in 3.7.9+.  The crash stack
trace itself isn't so helpful, but this warning gives
more useful info:

WARNING: at /home/greearb/git/linux-3.7.dev.y/lib/debugobjects.c:261 debug_print_object+0x7c/0x8d()
ODEBUG: free active (active state 0) object type: work_struct hint: ieee80211_sta_monitor_work+0x0/0x14 [mac80211]
Modules linked in: [...]
Pid: 14743, comm: iw Tainted: G         C O 3.7.9+ #11
Call Trace:
 [<ffffffff81087ef8>] warn_slowpath_common+0x80/0x98
 [<ffffffff81087fa4>] warn_slowpath_fmt+0x41/0x43
 [<ffffffff812a2608>] debug_print_object+0x7c/0x8d
 [<ffffffff812a2bca>] debug_check_no_obj_freed+0x95/0x1c3
 [<ffffffff8114cc69>] slab_free_hook+0x70/0x79
 [<ffffffff8114ea3e>] kfree+0x62/0xb7
 [<ffffffff8149f465>] netdev_release+0x39/0x3e
 [<ffffffff8136ad67>] device_release+0x52/0x8a
 [<ffffffff812937db>] kobject_release+0x121/0x158
 [<ffffffff81293612>] kobject_put+0x4c/0x50
 [<ffffffff8148f0d7>] netdev_run_todo+0x25c/0x27e

Cc: stable@vger.kernel.org
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-02-26 22:49:05 +01:00
..
aes_ccm.c mac80211: use AES_BLOCK_SIZE 2011-07-08 11:11:24 -04:00
aes_ccm.h mac80211: use AES_BLOCK_SIZE 2011-07-08 11:11:24 -04:00
aes_cmac.c mac80211: include export.h in aes_cmac 2012-11-07 18:01:54 +01:00
aes_cmac.h mac80211: fix CMAC races 2011-07-08 11:11:20 -04:00
agg-rx.c mac80211: improve aggregation debug messages 2013-01-18 21:55:15 +01:00
agg-tx.c mac80211: fix aggregation state with current drivers 2013-01-24 15:43:51 +01:00
cfg.c mac80211: fix monitor mode channel reporting 2013-02-26 21:53:38 +01:00
cfg.h
chan.c mac80211: add ieee80211_vif_change_bandwidth 2013-02-15 09:41:36 +01:00
debug.h mac80211: mesh power save basics 2013-02-04 18:57:47 +01:00
debugfs.c mac80211: remove IEEE80211_HW_SCAN_WHILE_IDLE 2013-02-11 18:45:01 +01:00
debugfs.h mac80211: use __printf attribute in debugfs 2012-10-18 09:01:57 +02:00
debugfs_key.c mac80211: add debug file for mic failure 2012-12-05 09:44:41 +01:00
debugfs_key.h
debugfs_netdev.c mac80211: mesh power save basics 2013-02-04 18:57:47 +01:00
debugfs_netdev.h
debugfs_sta.c mac80211: mesh power save basics 2013-02-04 18:57:47 +01:00
debugfs_sta.h
driver-ops.h mac80211: don't call bss_info_changed on p2p-device/monitor 2013-02-15 09:41:11 +01:00
event.c
ht.c mac80211: stop modifying HT SMPS capability 2013-02-15 09:41:41 +01:00
ibss.c mac80211: stop toggling IEEE80211_HT_CAP_SUP_WIDTH_20_40 2013-02-15 09:41:30 +01:00
ieee80211_i.h mac80211: cache mesh beacon 2013-02-15 09:41:40 +01:00
iface.c mac80211: fix idle handling in monitor mode 2013-02-26 21:53:01 +01:00
Kconfig mac80211: mesh power save basics 2013-02-04 18:57:47 +01:00
key.c mac80211: add op to configure default key id 2013-01-18 13:30:21 +01:00
key.h mac80211: add debug file for mic failure 2012-12-05 09:44:41 +01:00
led.c leds: Rename led_brightness_set() to led_set_brightness() 2012-07-24 07:52:34 +08:00
led.h
main.c mac80211: clean up mesh code 2013-02-15 15:46:37 +01:00
Makefile mac80211: mesh power save basics 2013-02-04 18:57:47 +01:00
mesh.c mac80211: don't spam mesh probe response messages 2013-02-18 15:31:24 +01:00
mesh.h mac80211: clean up mesh code 2013-02-15 15:46:37 +01:00
mesh_hwmp.c mac80211: clean up mesh code 2013-02-15 15:46:37 +01:00
mesh_pathtbl.c mac80211: clean up mesh code 2013-02-15 15:46:37 +01:00
mesh_plink.c mac80211: stringify mesh peering events 2013-02-18 15:31:23 +01:00
mesh_ps.c mac80211: consolidate MBSS change notification 2013-02-15 09:41:09 +01:00
mesh_sync.c mac80211: clean up mesh code 2013-02-15 15:46:37 +01:00
michael.c
michael.h
mlme.c mac80211: Fix crash due to un-canceled work-items 2013-02-26 22:49:05 +01:00
offchannel.c mac80211: Add flushes before going off-channel 2013-02-11 22:52:21 +01:00
pm.c mac80211: add radar detection command/event 2013-02-15 09:41:04 +01:00
rate.c mac80211: convert to channel definition struct 2012-11-26 12:42:59 +01:00
rate.h mac80211: track number of spatial streams 2013-02-15 09:41:31 +01:00
rc80211_minstrel.c mac80211/minstrel_ht: add support for using CCK rates 2013-02-13 10:56:33 +01:00
rc80211_minstrel.h mac80211/minstrel_ht: add support for using CCK rates 2013-02-13 10:56:33 +01:00
rc80211_minstrel_debugfs.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
rc80211_minstrel_ht.c mac80211: stop modifying HT SMPS capability 2013-02-15 09:41:41 +01:00
rc80211_minstrel_ht.h mac80211/minstrel_ht: add support for using CCK rates 2013-02-13 10:56:33 +01:00
rc80211_minstrel_ht_debugfs.c mac80211/minstrel_ht: add support for using CCK rates 2013-02-13 10:56:33 +01:00
rc80211_pid.h Fix common misspellings 2011-03-31 11:26:23 -03:00
rc80211_pid_algo.c net: fix assignment of 0/1 to bool variables. 2011-12-19 22:27:29 -05:00
rc80211_pid_debugfs.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
rx.c mac80211: clean up mesh code 2013-02-15 15:46:37 +01:00
scan.c mac80211: add radar detection command/event 2013-02-15 09:41:04 +01:00
spectmgmt.c mac80211: Remove unnecessary OOM logging messages 2011-09-13 15:45:02 -04:00
sta_info.c mac80211: stop modifying HT SMPS capability 2013-02-15 09:41:41 +01:00
sta_info.h mac80211: clean up mesh HT operation 2013-02-18 15:31:23 +01:00
status.c mac80211: mesh power save basics 2013-02-04 18:57:47 +01:00
tkip.c mac80211: use spin_lock_bh() for TKIP lock 2013-02-15 09:41:13 +01:00
tkip.h mac80211: fix TKIP races, make API easier to use 2011-07-08 11:11:19 -04:00
trace.c mac80211: trace debug messages 2012-06-24 11:33:18 +02:00
trace.h mac80211: Fix incorrect use of STA_PR_FMT in trace points 2013-02-15 20:25:11 +01:00
tx.c mac80211: Ensure off-channel frames don't get queued 2013-02-26 21:04:58 +01:00
util.c mac80211: constify IE parsing 2013-02-15 09:41:39 +01:00
vht.c mac80211: constify IE parsing 2013-02-15 09:41:39 +01:00
wep.c mac80211: fix network header location when adding encryption headers 2012-05-16 12:47:43 -04:00
wep.h mac80211: move RX WEP weak IV counting 2012-03-13 14:54:16 -04:00
wme.c mac80211: mesh power save basics 2013-02-04 18:57:47 +01:00
wme.h mac80211: save wmm_acm per sdata 2012-06-20 17:35:22 +02:00
wpa.c mac80211: use spin_lock_bh() for TKIP lock 2013-02-15 09:41:13 +01:00
wpa.h mac80211: fix tx->skb NULL pointer dereference 2012-01-16 15:01:16 -05:00