On Mon, 2015-06-29 at 19:41 +0100, Tom Hughes wrote: > On 29/06/15 11:28, Tom Hughes wrote: > > On 29/06/15 11:24, Tom Hughes wrote: > > > > > So I think this happens when hostapd switches the interface > > > to AP mode, which causes the netdev to be torn down and then > > > recreated, and the debugfs directory along with it. > > > > > > Except that if the netlink message to change the mode was > > > sent from a daemon whose selinux context prevents searching > > > debugfs the recreation somehow fails and leaves an invalid > > > state that later causes the null pointer deref. > > > > Think I have it... > > > > The teardown runs ieee80211_debugfs_remove_netdev > > which clears sdata->vif.debugfs_dir but does not clear > > sdata->debugfs.subdir_stations so that when > > ieee80211_debugfs_add_netdev > > later fails to create the top level > > netdev directory we are left with a bogus pointer for the stations > > directory. > > > > Then when we try and add an entry to the stations directory things > > blow up. > > Here's a proposed patch. I have booted 4.0.6 with this applied and so > far > it hasn't failed even with selinux in enforcing mode. > > commit 30624496e9f411081d7ea1a407deabe0e32d0c62 > Author: Tom Hughes <tom@xxxxxxxxxx> > Date: Mon Jun 29 11:31:04 2015 +0100 > > Clear subdir_stations when stations directory is removed > > If we don't do this, and we then fail to recreate the debugfs > directory during a mode change, then we will fail later trying > to add stations to this now bogus directory: > > BUG: unable to handle kernel NULL pointer dereference at 0000006c > IP: [<c0a92202>] mutex_lock+0x12/0x30 > Call Trace: > [<c0678ab4>] start_creating+0x44/0xc0 > [<c0679203>] debugfs_create_dir+0x13/0xf0 > [<f8a938ae>] ieee80211_sta_debugfs_add+0x6e/0x490 [mac80211] > > Signed-off-by: Tom Hughes <tom@xxxxxxxxxx> > Applied. johannes -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html