On 10/05/2010 01:10 PM, Johannes Berg wrote:
On Tue, 2010-10-05 at 21:40 +0200, Johannes Berg wrote:
From: Johannes Berg<johannes.berg@xxxxxxxxx>
We never delete the addBA response timer, which
is typically fine, but if the station it belongs
to is deleted very quickly after starting the BA
session, before the peer had a chance to reply,
the timer may fire after the station struct has
been freed already. Therefore, we need to delete
the timer in a suitable spot -- best when the
session is being stopped (which will happen even
then) in which case the delete will be a no-op
most of the time.
I've reproduced the scenario and tested the fix.
Ok, can you add:
This fixes the crash reported at
http://mid.gmane.org/4CAB6F96.6090701@xxxxxxxxxxxxxxx
I can no longer reproduce that problem, so it looks fixed
to me.
The data corruption issue still exists, however...
Thanks!
Ben
to the changelog?
johannes
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Ben Greear <greearb@xxxxxxxxxxxxxxx>
Candela Technologies Inc http://www.candelatech.com
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
