aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2010-08-09 09:52:03 -0400
committerJohn W. Linville <linville@tuxdriver.com>2010-08-09 15:18:57 -0400
commitfe100acddf438591ecf3582cb57241e560da70b7 (patch)
treea8fd5763ca3e161ce3de271289e7adec668795c0
parenta9fda88b27e71d727b6c85b3792b34a8a4bebf13 (diff)
cfg80211: fix locking in action frame TX
Accesses to "wdev->current_bss" must be locked with the wdev lock, which action frame transmission is missing. Cc: stable@kernel.org [2.6.33+] Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--net/wireless/mlme.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index e74a1a2119d3..d1a3fb99fdf2 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -843,13 +843,19 @@ int cfg80211_mlme_action(struct cfg80211_registered_device *rdev,
843 return -EINVAL; 843 return -EINVAL;
844 if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { 844 if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
845 /* Verify that we are associated with the destination AP */ 845 /* Verify that we are associated with the destination AP */
846 wdev_lock(wdev);
847
846 if (!wdev->current_bss || 848 if (!wdev->current_bss ||
847 memcmp(wdev->current_bss->pub.bssid, mgmt->bssid, 849 memcmp(wdev->current_bss->pub.bssid, mgmt->bssid,
848 ETH_ALEN) != 0 || 850 ETH_ALEN) != 0 ||
849 (wdev->iftype == NL80211_IFTYPE_STATION && 851 (wdev->iftype == NL80211_IFTYPE_STATION &&
850 memcmp(wdev->current_bss->pub.bssid, mgmt->da, 852 memcmp(wdev->current_bss->pub.bssid, mgmt->da,
851 ETH_ALEN) != 0)) 853 ETH_ALEN) != 0)) {
854 wdev_unlock(wdev);
852 return -ENOTCONN; 855 return -ENOTCONN;
856 }
857
858 wdev_unlock(wdev);
853 } 859 }
854 860
855 if (memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0) 861 if (memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0)