diff options
author | Johannes Berg <johannes.berg@intel.com> | 2010-08-09 09:52:03 -0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2010-08-09 15:18:57 -0400 |
commit | fe100acddf438591ecf3582cb57241e560da70b7 (patch) | |
tree | a8fd5763ca3e161ce3de271289e7adec668795c0 | |
parent | a9fda88b27e71d727b6c85b3792b34a8a4bebf13 (diff) |
cfg80211: fix locking in action frame TX
Accesses to "wdev->current_bss" must be
locked with the wdev lock, which action
frame transmission is missing.
Cc: stable@kernel.org [2.6.33+]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r-- | net/wireless/mlme.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c index e74a1a2119d3..d1a3fb99fdf2 100644 --- a/net/wireless/mlme.c +++ b/net/wireless/mlme.c | |||
@@ -843,13 +843,19 @@ int cfg80211_mlme_action(struct cfg80211_registered_device *rdev, | |||
843 | return -EINVAL; | 843 | return -EINVAL; |
844 | if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { | 844 | if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { |
845 | /* Verify that we are associated with the destination AP */ | 845 | /* Verify that we are associated with the destination AP */ |
846 | wdev_lock(wdev); | ||
847 | |||
846 | if (!wdev->current_bss || | 848 | if (!wdev->current_bss || |
847 | memcmp(wdev->current_bss->pub.bssid, mgmt->bssid, | 849 | memcmp(wdev->current_bss->pub.bssid, mgmt->bssid, |
848 | ETH_ALEN) != 0 || | 850 | ETH_ALEN) != 0 || |
849 | (wdev->iftype == NL80211_IFTYPE_STATION && | 851 | (wdev->iftype == NL80211_IFTYPE_STATION && |
850 | memcmp(wdev->current_bss->pub.bssid, mgmt->da, | 852 | memcmp(wdev->current_bss->pub.bssid, mgmt->da, |
851 | ETH_ALEN) != 0)) | 853 | ETH_ALEN) != 0)) { |
854 | wdev_unlock(wdev); | ||
852 | return -ENOTCONN; | 855 | return -ENOTCONN; |
856 | } | ||
857 | |||
858 | wdev_unlock(wdev); | ||
853 | } | 859 | } |
854 | 860 | ||
855 | if (memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0) | 861 | if (memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0) |