From: Johannes Berg Date: Tue, 20 Sep 2011 15:40:51 +0000 (+0200) Subject: mac80211: fix AP/VLAN PS buffer race X-Git-Tag: firefly_0821_release~3680^2~4273^2~183^2~52 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=6f2d93353a48af4d5b6ea2a79994d7c9a94b356a;p=firefly-linux-kernel-4.4.55.git mac80211: fix AP/VLAN PS buffer race When an AP interface is removed without the AP/VLAN interfaces having been removed before already, the AP-VLAN interface might still have sleeping stations and buffer multicast frames which will happen on the AP interface. Thus, we need to remove AP/VLAN interfaces before purging buffered broadcast frames. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index eaa80a3d412b..4116a7542b6b 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -460,17 +460,15 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, synchronize_rcu(); kfree(old_beacon); - /* free all potentially still buffered bcast frames */ - while ((skb = skb_dequeue(&sdata->u.ap.ps_bc_buf))) { - local->total_ps_buffered--; - dev_kfree_skb(skb); - } - /* down all dependent devices, that is VLANs */ list_for_each_entry_safe(vlan, tmpsdata, &sdata->u.ap.vlans, u.vlan.list) dev_close(vlan->dev); WARN_ON(!list_empty(&sdata->u.ap.vlans)); + + /* free all potentially still buffered bcast frames */ + local->total_ps_buffered -= skb_queue_len(&sdata->u.ap.ps_bc_buf); + skb_queue_purge(&sdata->u.ap.ps_bc_buf); } if (going_down)