UPSTREAM: mac80211: Fix kernel panic due to use of txq after free
The txq of vif is added to active_txqs list for ATF TXQ scheduling in the function ieee80211_queue_skb(), but it was not properly removed before freeing the txq object. It was causing use after free of the txq objects from the active_txqs list, result was kernel panic due to invalid memory access. Fix kernel invalid memory access by properly removing txq object from active_txqs list before free the object. Signed-off-by:Bhagavathi Perumal S <bperumal@codeaurora.org> Acked-by:
Toke Hiland-Jrgensen <toke@redhat.com> Signed-off-by:
Johannes Berg <johannes.berg@intel.com> (cherry picked from commit f1267cf3) BUG=b:131197056 TEST=No kernel panic when bring wireless interface down. Signed-off-by:
Kan Yan <kyan@google.com> Change-Id: I83b58b95ef0701059925e94c733ad655234e6ded Reviewed-on: https://chromium-review.googlesource.com/1703103 Tested-by:
Julan Hsu <julanhsu@google.com> Reviewed-by:
Sean Paul <seanpaul@chromium.org> Reviewed-by:
Kan Yan <kyan@chromium.org>
Loading
Please sign in to comment