mac80211: fix rx monitor filter refcounters

This patch fixes an refcounting bug. Previously it was possible to corrupt the per-device recv. filter and monitor management counters when: iw dev wlanX set monitor [new flags] was issued on an active monitor interface. Acked-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Christian Lamparter <chunkeey@googlemail.com> 2010-10-02 07:17:07 -0400
committer: John W. Linville <linville@tuxdriver.com> 2010-10-05 13:35:21 -0400
commit: 85416a4fa193754ef36e12b20bb02fe661cb7f17 (patch)
tree: 45228e888bd76a5f1251c55ea28377ddedfe2914 /net/mac80211/iface.c
parent: 5a254ffe3ffdfa84fe076009bd8e88da412180d2 (diff)
1 files changed, 22 insertions, 22 deletions
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 66785739dad3..1300e8859ea7 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -148,6 +148,26 @@ static int ieee80211_check_concurrent_iface(struct ieee80211_sub_if_data *sdata,
        return 0;
 }
+void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata,
+                                    const int offset)
+{
+        struct ieee80211_local *local = sdata->local;
+        u32 flags = sdata->u.mntr_flags;
+#define ADJUST(_f, _s)  do {                                    \
+        if (flags & MONITOR_FLAG_##_f)                          \
+                local->fif_##_s += offset;                      \
+        } while (0)
+        ADJUST(FCSFAIL, fcsfail);
+        ADJUST(PLCPFAIL, plcpfail);
+        ADJUST(CONTROL, control);
+        ADJUST(CONTROL, pspoll);
+        ADJUST(OTHER_BSS, other_bss);
+#undef ADJUST
+}
 /*
 * NOTE: Be very careful when changing this function, it must NOT return
 * an error on interface type changes that have been pre-checked, so most
@@ -240,17 +260,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
                        hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
                }
-                if (sdata->u.mntr_flags & MONITOR_FLAG_FCSFAIL)
+                ieee80211_adjust_monitor_flags(sdata, 1);
-                        local->fif_fcsfail++;
-                if (sdata->u.mntr_flags & MONITOR_FLAG_PLCPFAIL)
-                        local->fif_plcpfail++;
-                if (sdata->u.mntr_flags & MONITOR_FLAG_CONTROL) {
-                        local->fif_control++;
-                        local->fif_pspoll++;
-                }
-                if (sdata->u.mntr_flags & MONITOR_FLAG_OTHER_BSS)
-                        local->fif_other_bss++;
                ieee80211_configure_filter(local);
                netif_carrier_on(dev);
@@ -477,17 +487,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
                        hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
                }
-                if (sdata->u.mntr_flags & MONITOR_FLAG_FCSFAIL)
+                ieee80211_adjust_monitor_flags(sdata, -1);
-                        local->fif_fcsfail--;
-                if (sdata->u.mntr_flags & MONITOR_FLAG_PLCPFAIL)
-                        local->fif_plcpfail--;
-                if (sdata->u.mntr_flags & MONITOR_FLAG_CONTROL) {
-                        local->fif_pspoll--;
-                        local->fif_control--;
-                }
-                if (sdata->u.mntr_flags & MONITOR_FLAG_OTHER_BSS)
-                        local->fif_other_bss--;
                ieee80211_configure_filter(local);
                break;
        case NL80211_IFTYPE_MESH_POINT:
author	Christian Lamparter <chunkeey@googlemail.com>	2010-10-02 07:17:07 -0400
committer	John W. Linville <linville@tuxdriver.com>	2010-10-05 13:35:21 -0400
commit	85416a4fa193754ef36e12b20bb02fe661cb7f17 (patch)
tree	45228e888bd76a5f1251c55ea28377ddedfe2914 /net/mac80211/iface.c
parent	5a254ffe3ffdfa84fe076009bd8e88da412180d2 (diff)