On Thu, 2013-12-05 at 17:39 +0200, Eliad Peller wrote:
> On Thu, Dec 5, 2013 at 4:43 PM, Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote:
> > On Thu, 2013-12-05 at 16:36 +0200, Eliad Peller wrote:
> >> On Thu, Dec 5, 2013 at 4:31 PM, Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote:
> >> > On Thu, 2013-12-05 at 11:21 +0200, Eliad Peller wrote:
> >> >
> >> >> @@ -219,8 +221,13 @@ void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak)
> >> >> * the scan request or not ... if it accesses the dev
> >> >> * in there (it shouldn't anyway) then it may crash.
> >> >> */
> >> >> - if (!leak)
> >> >> - kfree(request);
> >> >> + if (leak) {
> >> >> + request->pending_cleanup = true;
> >> >> + return;
> >> >
> >> > This seems insufficient, if the driver never indicates completion, we'd
> >> > never clear rdev->scan_req?
> >> >
> >> right, but i think it somehow makes sense (i.e. the driver must
> >> indicate completion...)?
> >
> > But the whole thing was intended to catch buggy drivers :)
> >
> yeah, you have a point here :)
> anyway, i guess it's either leaking scan_req and hoping the driver
> really forgot about it, or keeping it and hoping the driver will
> finally indicate completion.
>
> since i don't think this is a real-world scenario, i'm ok with
> dropping this patch.
Well, it can be made to crash, so ...
Can we maybe avoid the crash in a different way? Disallow a new scan
somehow?
> > Btw, should any of this go to 3.13?
> maybe the first one. it's the only "real" issue.
Thanks.
johannes
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
