lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 05 Aug 2009 07:03:19 +0200
From:	Johannes Berg <johannes@...solutions.net>
To:	reinette chatre <reinette.chatre@...el.com>
Cc:	Zdenek Kabelac <zdenek.kabelac@...il.com>,
	"John W. Linville" <linville@...driver.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>
Subject: Re: regression IWl3945 - doesn't work with recent 2.6.30-rcX

Hi Reinette,

> I think I can see how this could happen. From what I can tell there is
> no checking if a scan is in progress when userspace triggers a new scan.

There isn't anywhere in mac80211, but all scans are now triggered by
cfg80211, which does the checking.

> ieee80211_scan -> ieee80211_request_scan -> __ieee80211_start_scan
> without local->hw_scanning or local->sw_scanning being checked.
> 
> Considering this the above warning could happen in the following
> scenario:
> * userspace triggers scan, this sets local->hw_scanning and goes off
> scanning
> * userspace triggers another scan, even though local->hw_scanning is set
> it continues anyway and calls the drivers scanning function, this
> function returns error (which will cause ieee80211_scan_completed to be
> called) or calls ieee80211_scan_completed immediately because it is
> still busy with previous scan
> * now original scan completes and it tries to call
> ieee80211_scan_completed, but this triggers the warning because previous
> call of ieee80211_scan_completed cleared local->hw_scanning

Due to the check in cfg80211, I don't see how this could possibly
happen. But there are IWL_DEBUG_MAC80211 calls, so it should be easy to
figure it out if reproducible.

Zdenek, are you taking the interface down at the same time maybe? I
could see a race condition here where mac80211 assumes the scan must
have finished when the interface goes down, and maybe iwlwifi does that
too or something. Haven't looked at the code right now.

johannes

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ