From: James Prestwood <prestwoj at gmail.com>
To: iwd at lists.01.org
Subject: [PATCH] netdev: fix crash from not cancelling netdev_get_oci
Date: Mon, 07 Feb 2022 11:43:34 -0800 [thread overview]
Message-ID: <20220207194334.402597-1-prestwoj@gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1721 bytes --]
If netdev_connect_failed is called before netdev_get_oci_cb() the
netdev's handshake will be destroyed and ultimately crash when the
callback is called.
This patch moves the cancelation into netdev_connect_free rather than
netdev_free.
++++++++ backtrace ++++++++
0 0x7f4e1787d320 in /lib64/libc.so.6
1 0x42634c in handshake_state_set_chandef() at src/handshake.c:1057
2 0x40a11b in netdev_get_oci_cb() at src/netdev.c:2387
3 0x483d7b in process_unicast() at ell/genl.c:986
4 0x480d3c in io_callback() at ell/io.c:120
5 0x48004d in l_main_iterate() at ell/main.c:472 (discriminator 2)
6 0x4800fc in l_main_run() at ell/main.c:521
7 0x48032c in l_main_run_with_signal() at ell/main.c:649
8 0x403e95 in main() at src/main.c:532
9 0x7f4e17867b75 in /lib64/libc.so.6
+++++++++++++++++++++++++++
---
src/netdev.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/netdev.c b/src/netdev.c
index cda0c7fc..bac6860c 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -838,6 +838,11 @@ static void netdev_connect_free(struct netdev *netdev)
netdev->disconnect_cmd_id = 0;
}
+ if (netdev->get_oci_cmd_id) {
+ l_genl_family_cancel(nl80211, netdev->get_oci_cmd_id);
+ netdev->get_oci_cmd_id = 0;
+ }
+
if (netdev->ft_ds_list) {
l_queue_destroy(netdev->ft_ds_list, netdev_ft_ds_entry_free);
netdev->ft_ds_list = NULL;
@@ -949,11 +954,6 @@ static void netdev_free(void *data)
netdev->get_station_cmd_id = 0;
}
- if (netdev->get_oci_cmd_id) {
- l_genl_family_cancel(nl80211, netdev->get_oci_cmd_id);
- netdev->get_oci_cmd_id = 0;
- }
-
if (netdev->fw_roam_bss)
scan_bss_free(netdev->fw_roam_bss);
--
2.31.1
next reply other threads:[~2022-02-07 19:43 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-07 19:43 James Prestwood [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-02-07 19:52 [PATCH] netdev: fix crash from not cancelling netdev_get_oci Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220207194334.402597-1-prestwoj@gmail.com \
--to=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox