> b43 has a FIXME about locking in the mac80211 set-beacon-int callback for a long time. > As it turns out there actually is a tiny race window that could result in > a use-after-free bug of the 'current_beacon' memory. > Nobody ever reported this, so it probably never happened. > > Fix this by adding a spin lock that protects the current_beacon access. > We must not be in atomic context while accessing hardware (due to SDIO), > so the beacon update bottom half has to clone the skb and release the lock > before writing it to hardware. > > Let's all hope that this stops the troll who is trying to submit incorrect > fixes for this issue repeatedly. > And let's hope that I'm not a troll, too, who just hides even more evil code > in an even more complex attempt to fix the issue. > > Signed-off-by: Michael Buesch <m@xxxxxxx> > Tested-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Thanks, applied to wireless-drivers-next.git. Kalle Valo -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
