From: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: <linville@tuxdriver.com>, <linux-wireless@vger.kernel.org>
Subject: Re: [PATCH] cfg80211: Fix race in bss timeout
Date: Wed, 7 Dec 2011 21:00:53 +0530 [thread overview]
Message-ID: <20111207153052.GB12498@chvasanth-lnx> (raw)
In-Reply-To: <1323271070.3404.40.camel@jlt3.sipsolutions.net>
On Wed, Dec 07, 2011 at 04:17:50PM +0100, Johannes Berg wrote:
> On Wed, 2011-12-07 at 20:41 +0530, Vasanthakumar Thiagarajan wrote:
>
> > + spin_lock_bh(&dev->bss_lock);
> > + memcpy(bssid, bss->bssid, ETH_ALEN);
> > + spin_unlock_bh(&dev->bss_lock);
>
> I don't think this is necessary.
Right, i don't see any race either.
>
> > nl80211_send_roamed(wiphy_to_dev(wdev->wiphy), wdev->netdev, bssid,
> > req_ie, req_ie_len, resp_ie, resp_ie_len,
> > GFP_KERNEL);
> > @@ -615,40 +612,65 @@ void __cfg80211_roamed(struct wireless_dev *wdev,
> > wdev->wext.prev_bssid_valid = true;
> > wireless_send_event(wdev->netdev, SIOCGIWAP, &wrqu, NULL);
> > #endif
> > +
> > + return;
> > +out:
> > + if (bss)
> > + cfg80211_put_bss(bss);
> > }
>
> Doesn't that leak the reference if you return? It'll also give you an
> smatch warning since the function assumes the "bss" pointer that was
> passed in is not NULL, no?
Oops, sorry, i'll fix it. I may need to run smatch as well.
>
> > +static void cfg80211_roamed_bss(struct net_device *dev,
> > + struct cfg80211_bss *bss, const u8 *req_ie,
> > + size_t req_ie_len, const u8 *resp_ie,
> > + size_t resp_ie_len, gfp_t gfp)
> > {
> > struct wireless_dev *wdev = dev->ieee80211_ptr;
> > struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
> > struct cfg80211_event *ev;
> > unsigned long flags;
> >
> > - CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTED);
> >
> > ev = kzalloc(sizeof(*ev) + req_ie_len + resp_ie_len, gfp);
>
> Why remove that warning? Also maybe do something like
>
> if (WARN_ON(!bss))
> return;
>
> (before allocating memory)
These warnings are added in cfg80211_roamed().
Thanks!
Vasanth
next prev parent reply other threads:[~2011-12-07 15:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-07 15:11 [PATCH] cfg80211: Fix race in bss timeout Vasanthakumar Thiagarajan
2011-12-07 15:17 ` Johannes Berg
2011-12-07 15:30 ` Vasanthakumar Thiagarajan [this message]
2011-12-07 15:37 ` Johannes Berg
2011-12-07 15:53 ` Vasanthakumar Thiagarajan
2011-12-07 15:56 ` Johannes Berg
2011-12-07 16:03 ` Vasanthakumar Thiagarajan
2011-12-08 8:33 ` Vasanthakumar Thiagarajan
2011-12-08 8:38 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111207153052.GB12498@chvasanth-lnx \
--to=vthiagar@qca.qualcomm.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).