From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 24 Apr 2018 15:27:58 +0000 (+0200)
Subject: drop broken 4.16 mac80211 patch
X-Git-Tag: v4.16.5~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=55b2fa649ae42949c8f8ee8bd6c7c4f59aa052b6;p=thirdparty%2Fkernel%2Fstable-queue.git

drop broken 4.16 mac80211 patch
---

diff --git a/queue-4.16/mac80211_hwsim-fix-use-after-free-bug-in-hwsim_exit_net.patch b/queue-4.16/mac80211_hwsim-fix-use-after-free-bug-in-hwsim_exit_net.patch
deleted file mode 100644
index 503c3a3141f..00000000000
--- a/queue-4.16/mac80211_hwsim-fix-use-after-free-bug-in-hwsim_exit_net.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 8cfd36a0b53aeb4ec21d81eb79706697b84dfc3d Mon Sep 17 00:00:00 2001
-From: Benjamin Beichler <benjamin.beichler@uni-rostock.de>
-Date: Wed, 7 Mar 2018 18:11:07 +0100
-Subject: mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
-
-From: Benjamin Beichler <benjamin.beichler@uni-rostock.de>
-
-commit 8cfd36a0b53aeb4ec21d81eb79706697b84dfc3d upstream.
-
-When destroying a net namespace, all hwsim interfaces, which are not
-created in default namespace are deleted. But the async deletion of the
-interfaces could last longer than the actual destruction of the
-namespace, which results to an use after free bug. Therefore use
-synchronous deletion in this case.
-
-Fixes: 100cb9ff40e0 ("mac80211_hwsim: Allow managing radios from non-initial namespaces")
-Reported-by: syzbot+70ce058e01259de7bb1d@syzkaller.appspotmail.com
-Signed-off-by: Benjamin Beichler <benjamin.beichler@uni-rostock.de>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/net/wireless/mac80211_hwsim.c |    8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
---- a/drivers/net/wireless/mac80211_hwsim.c
-+++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -3484,8 +3484,12 @@ static void __net_exit hwsim_exit_net(st
- 		list_del(&data->list);
- 		rhashtable_remove_fast(&hwsim_radios_rht, &data->rht,
- 				       hwsim_rht_params);
--		INIT_WORK(&data->destroy_work, destroy_radio);
--		queue_work(hwsim_wq, &data->destroy_work);
-+		hwsim_radios_generation++;
-+		spin_unlock_bh(&hwsim_radio_lock);
-+		mac80211_hwsim_del_radio(data,
-+					 wiphy_name(data->hw->wiphy),
-+					 NULL);
-+		spin_lock_bh(&hwsim_radio_lock);
- 	}
- 	spin_unlock_bh(&hwsim_radio_lock);
- }
diff --git a/queue-4.16/series b/queue-4.16/series
index ce91c7451ef..5ccfea2940f 100644
--- a/queue-4.16/series
+++ b/queue-4.16/series
@@ -14,7 +14,6 @@ drm-i915-audio-fix-audio-detection-issue-on-glk.patch
 drm-i915-do-no-use-kfree-to-free-a-kmem_cache_alloc-return-value.patch
 drm-i915-fix-lspcon-tmds-output-buffer-enabling-from-low-power-state.patch
 alarmtimer-init-nanosleep-alarm-timer-on-stack.patch
-mac80211_hwsim-fix-use-after-free-bug-in-hwsim_exit_net.patch
 mm-vmscan-allow-preallocating-memory-for-register_shrinker.patch
 netfilter-x_tables-cap-allocations-at-512-mbyte.patch
 netfilter-x_tables-add-counters-allocation-wrapper.patch