* [PATCH] cfg80211: fix locking in action frame TX
@ 2010-08-09 13:52 Johannes Berg
0 siblings, 0 replies; only message in thread
From: Johannes Berg @ 2010-08-09 13:52 UTC (permalink / raw)
To: John Linville; +Cc: linux-wireless, Jouni Malinen
From: Johannes Berg <johannes.berg@intel.com>
Accesses to "wdev->current_bss" must be
locked with the wdev lock, which action
frame transmission is missing.
Cc: stable@kernel.org [2.6.33+]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/wireless/mlme.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- wireless-testing.orig/net/wireless/mlme.c 2010-08-09 15:23:36.000000000 +0200
+++ wireless-testing/net/wireless/mlme.c 2010-08-09 15:25:30.000000000 +0200
@@ -844,13 +844,19 @@ int cfg80211_mlme_action(struct cfg80211
return -EINVAL;
if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
/* Verify that we are associated with the destination AP */
+ wdev_lock(wdev);
+
if (!wdev->current_bss ||
memcmp(wdev->current_bss->pub.bssid, mgmt->bssid,
ETH_ALEN) != 0 ||
(wdev->iftype == NL80211_IFTYPE_STATION &&
memcmp(wdev->current_bss->pub.bssid, mgmt->da,
- ETH_ALEN) != 0))
+ ETH_ALEN) != 0)) {
+ wdev_unlock(wdev);
return -ENOTCONN;
+ }
+
+ wdev_unlock(wdev);
}
if (memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-08-09 13:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-09 13:52 [PATCH] cfg80211: fix locking in action frame TX Johannes Berg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).