On Tue, 2014-03-11 at 14:25 +0100, Michal Kazior wrote: > > Ok. However, I'm not sure that we should ever really run into this? At > > least with Luca's patches we want to not go through NULL state to start > > with. > > Current channel reservation patches do a sequence of > unassign_vif_chanctx() followed by assign_vif_chanctx(). This implies > you have no chanctx for a split second. All places that aren't > protected by chanctx_mtx (i.e. RCU) can get NULL chanctx during the > reassignment. > > One way to trigger that would be to spam-call ieee80211_get_station(). > If you get a NULL chanctx and you have 5GHz only hardware you get NULL > dereference kernel splat. > > With multi-vif CSA the vulnerability timeframe will increase. Luca is just fixing his patches to not go through the NULL state and directly go from the old to the new context, so that will no longer be a concern. johannes -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
