aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2009-07-07 17:41:27 -0400
committerJohn W. Linville <linville@tuxdriver.com>2009-07-24 15:05:06 -0400
commita71d62dbf3f0523b7a456333196cb26cf783fe92 (patch)
tree5464eb108c6e9a2849cb81c81473713ce8c84d12
parente0f114e82e3781087a0ad0e92c94ff0d55012c1a (diff)
cfg80211: fix race in giwrate
cfg80211_wext_giwrate doesn't lock the wdev, so it cannot access current_bss race-free. Also, there's little point in trying to ask the driver for an AP that it never told us about, so avoid that case. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--net/wireless/wext-compat.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/net/wireless/wext-compat.c b/net/wireless/wext-compat.c
index 9d101d566bb1..5088d89a30fc 100644
--- a/net/wireless/wext-compat.c
+++ b/net/wireless/wext-compat.c
@@ -1127,7 +1127,7 @@ int cfg80211_wext_giwrate(struct net_device *dev,
1127 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 1127 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
1128 /* we are under RTNL - globally locked - so can use a static struct */ 1128 /* we are under RTNL - globally locked - so can use a static struct */
1129 static struct station_info sinfo; 1129 static struct station_info sinfo;
1130 u8 *addr; 1130 u8 addr[ETH_ALEN];
1131 int err; 1131 int err;
1132 1132
1133 if (wdev->iftype != NL80211_IFTYPE_STATION) 1133 if (wdev->iftype != NL80211_IFTYPE_STATION)
@@ -1136,12 +1136,15 @@ int cfg80211_wext_giwrate(struct net_device *dev,
1136 if (!rdev->ops->get_station) 1136 if (!rdev->ops->get_station)
1137 return -EOPNOTSUPP; 1137 return -EOPNOTSUPP;
1138 1138
1139 err = 0;
1140 wdev_lock(wdev);
1139 if (wdev->current_bss) 1141 if (wdev->current_bss)
1140 addr = wdev->current_bss->pub.bssid; 1142 memcpy(addr, wdev->current_bss->pub.bssid, ETH_ALEN);
1141 else if (wdev->wext.connect.bssid)
1142 addr = wdev->wext.connect.bssid;
1143 else 1143 else
1144 return -EOPNOTSUPP; 1144 err = -EOPNOTSUPP;
1145 wdev_unlock(wdev);
1146 if (err)
1147 return err;
1145 1148
1146 err = rdev->ops->get_station(&rdev->wiphy, dev, addr, &sinfo); 1149 err = rdev->ops->get_station(&rdev->wiphy, dev, addr, &sinfo);
1147 if (err) 1150 if (err)