diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2012-06-01 06:50:54 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2012-06-06 15:20:22 -0400 |
| commit | ebf348fcd088e3ffc6e76f6f349e27d30604865b (patch) | |
| tree | 62a01fcfad441b28acf6e39703ec37004a60ab36 /net/wireless/nl80211.c | |
| parent | ccaf8c32d5ed08bfb4c45492f8f1c145fd45f4e8 (diff) | |
cfg80211: validate remain-on-channel time better
The remain-on-channel time validation shouldn't
depend on the value of HZ, as it does now with
the check against jiffies, since then you might
use a value that works on one system but not on
another. Fix it by checking against a minimum
that's fixed.
Also add validation of the wait duration for a
management frame TX since this also translates
into remain-on-channel internally.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/wireless/nl80211.c')
| -rw-r--r-- | net/wireless/nl80211.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 5e29bd38e7d..7ae54b82291 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
| @@ -5545,18 +5545,18 @@ static int nl80211_remain_on_channel(struct sk_buff *skb, | |||
| 5545 | 5545 | ||
| 5546 | duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); | 5546 | duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); |
| 5547 | 5547 | ||
| 5548 | if (!rdev->ops->remain_on_channel || | ||
| 5549 | !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) | ||
| 5550 | return -EOPNOTSUPP; | ||
| 5551 | |||
| 5548 | /* | 5552 | /* |
| 5549 | * We should be on that channel for at least one jiffie, | 5553 | * We should be on that channel for at least a minimum amount of |
| 5550 | * and more than 5 seconds seems excessive. | 5554 | * time (10ms) but no longer than the driver supports. |
| 5551 | */ | 5555 | */ |
| 5552 | if (!duration || !msecs_to_jiffies(duration) || | 5556 | if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || |
| 5553 | duration > rdev->wiphy.max_remain_on_channel_duration) | 5557 | duration > rdev->wiphy.max_remain_on_channel_duration) |
| 5554 | return -EINVAL; | 5558 | return -EINVAL; |
| 5555 | 5559 | ||
| 5556 | if (!rdev->ops->remain_on_channel || | ||
| 5557 | !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) | ||
| 5558 | return -EOPNOTSUPP; | ||
| 5559 | |||
| 5560 | if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] && | 5560 | if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] && |
| 5561 | !nl80211_valid_channel_type(info, &channel_type)) | 5561 | !nl80211_valid_channel_type(info, &channel_type)) |
| 5562 | return -EINVAL; | 5562 | return -EINVAL; |
| @@ -5827,6 +5827,15 @@ static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) | |||
| 5827 | if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) | 5827 | if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) |
| 5828 | return -EINVAL; | 5828 | return -EINVAL; |
| 5829 | wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); | 5829 | wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); |
| 5830 | |||
| 5831 | /* | ||
| 5832 | * We should wait on the channel for at least a minimum amount | ||
| 5833 | * of time (10ms) but no longer than the driver supports. | ||
| 5834 | */ | ||
| 5835 | if (wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || | ||
| 5836 | wait > rdev->wiphy.max_remain_on_channel_duration) | ||
| 5837 | return -EINVAL; | ||
| 5838 | |||
| 5830 | } | 5839 | } |
| 5831 | 5840 | ||
| 5832 | if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { | 5841 | if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { |