From: Johannes Berg <johannes@sipsolutions.net>
To: linville@tuxdriver.com
Cc: linux-wireless@vger.kernel.org
Subject: [PATCH v2] mac80211: fix deauth race
Date: Sat, 06 Feb 2010 15:20:13 +0100 [thread overview]
Message-ID: <1265466013.4041.26.camel@johannes.local> (raw)
In-Reply-To: <1265465415.4041.25.camel@johannes.local>
When userspace requests a deauth while the
authentication work is pending in the auth
(not probe) state, we do not properly abort
the work and then things get confused.
Fix that and also improve the checks here
to include the correct virtual interface,
just in case two virtual interfaces would
ever try to connect to the same BSS.
Also fix a bug -- need to use list_del_rcu
instead of just list_del to free a work
item.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
---
net/mac80211/mlme.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- wireless-testing.orig/net/mac80211/mlme.c 2010-02-06 15:07:37.000000000 +0100
+++ wireless-testing/net/mac80211/mlme.c 2010-02-06 15:18:58.000000000 +0100
@@ -2007,12 +2007,18 @@ int ieee80211_mgd_deauth(struct ieee8021
mutex_lock(&local->work_mtx);
list_for_each_entry(wk, &local->work_list, list) {
- if (wk->type != IEEE80211_WORK_DIRECT_PROBE)
+ if (wk->sdata != sdata)
continue;
+
+ if (wk->type != IEEE80211_WORK_DIRECT_PROBE &&
+ wk->type != IEEE80211_WORK_AUTH)
+ continue;
+
if (memcmp(req->bss->bssid, wk->filter_ta, ETH_ALEN))
continue;
- not_auth_yet = true;
- list_del(&wk->list);
+
+ not_auth_yet = wk->type == IEEE80211_WORK_DIRECT_PROBE;
+ list_del_rcu(&wk->list);
free_work(wk);
break;
}
prev parent reply other threads:[~2010-02-06 14:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-06 14:10 [PATCH] mac80211: fix deauth race Johannes Berg
2010-02-06 14:20 ` Johannes Berg [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1265466013.4041.26.camel@johannes.local \
--to=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox