wil6210: AP: prevent connecting to already connected station

wmi_evt_connect doesn't check if the connect event is received for an already connected station. This can lead to memory leak as a new vring is allocated without freeing the previously allocated vring and to unexpected behavior of nl80211 layer due to unexpected notification of a new station. Add a check in wmi_evt_connect in AP mode to verify that the requested CID is not associated to an already connected station. Signed-off-by: Maya Erez <qca_merez@qca.qualcomm.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
author: Maya Erez <qca_merez@qca.qualcomm.com> 2016-03-01 12:18:05 -0500
committer: Kalle Valo <kvalo@qca.qualcomm.com> 2016-03-07 04:43:19 -0500
commit: 3d287fb398c03189a1394778162f6404e4d44ad2 (patch)
tree: ed6167b1c399f626043c6e3694e77aafad554b56 /drivers/net/wireless/ath/wil6210/wmi.c
parent: 361486b27c7e57dab657dbffd1e17818c7911c72 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/drivers/net/wireless/ath/wil6210/wmi.c b/drivers/net/wireless/ath/wil6210/wmi.c
index 493e721c4fa7..fb090350df6d 100644
--- a/drivers/net/wireless/ath/wil6210/wmi.c
+++ b/drivers/net/wireless/ath/wil6210/wmi.c
@@ -487,6 +487,14 @@ static void wmi_evt_connect(struct wil6210_priv *wil, int id, void *d, int len)
                        return;
                }
                del_timer_sync(&wil->connect_timer);
+        } else if ((wdev->iftype == NL80211_IFTYPE_AP) ||
+                   (wdev->iftype == NL80211_IFTYPE_P2P_GO)) {
+                if (wil->sta[evt->cid].status != wil_sta_unused) {
+                        wil_err(wil, "%s: AP: Invalid status %d for CID %d\n",
+                                __func__, wil->sta[evt->cid].status, evt->cid);
+                        mutex_unlock(&wil->mutex);
+                        return;
+                }
        }
        /* FIXME FW can transmit only ucast frames to peer */
author	Maya Erez <qca_merez@qca.qualcomm.com>	2016-03-01 12:18:05 -0500
committer	Kalle Valo <kvalo@qca.qualcomm.com>	2016-03-07 04:43:19 -0500
commit	3d287fb398c03189a1394778162f6404e4d44ad2 (patch)
tree	ed6167b1c399f626043c6e3694e77aafad554b56 /drivers/net/wireless/ath/wil6210/wmi.c
parent	361486b27c7e57dab657dbffd1e17818c7911c72 (diff)

diff --git a/drivers/net/wireless/ath/wil6210/wmi.c b/drivers/net/wireless/ath/wil6210/wmi.c index 493e721c4fa7..fb090350df6d 100644 --- a/drivers/net/wireless/ath/wil6210/wmi.c +++ b/drivers/net/wireless/ath/wil6210/wmi.c
@@ -487,6 +487,14 @@ static void wmi_evt_connect(struct wil6210_priv wil, int id, void d, int len)
487	return;	487	return;
488	}	488	}
489	del_timer_sync(&wil->connect_timer);	489	del_timer_sync(&wil->connect_timer);
		490	} else if ((wdev->iftype == NL80211_IFTYPE_AP) \|\|
		491	(wdev->iftype == NL80211_IFTYPE_P2P_GO)) {
		492	if (wil->sta[evt->cid].status != wil_sta_unused) {
		493	wil_err(wil, "%s: AP: Invalid status %d for CID %d\n",
		494	__func__, wil->sta[evt->cid].status, evt->cid);
		495	mutex_unlock(&wil->mutex);
		496	return;
		497	}
490	}	498	}
491		499
492	/* FIXME FW can transmit only ucast frames to peer */	500	/* FIXME FW can transmit only ucast frames to peer */