aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2010-02-06 09:20:13 -0500
committerJohn W. Linville <linville@tuxdriver.com>2010-02-08 16:50:59 -0500
commit29165e4c8b265a415f1fd1dca947b5d4c72abc47 (patch)
treec10e69c0cafa08c75c2f8ded623c2d66a15b6953 /net/mac80211
parent21b2d8bd2f0d4e0f21ade147fd193c8b9c1fd2b9 (diff)
mac80211: fix deauth race
When userspace requests a deauth while the authentication work is pending in the auth (not probe) state, we do not properly abort the work and then things get confused. Fix that and also improve the checks here to include the correct virtual interface, just in case two virtual interfaces would ever try to connect to the same BSS. Also fix a bug -- need to use list_del_rcu instead of just list_del to free a work item. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/mlme.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index ac9429e8d72b..7a7921476582 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1995,12 +1995,18 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
1995 1995
1996 mutex_lock(&local->work_mtx); 1996 mutex_lock(&local->work_mtx);
1997 list_for_each_entry(wk, &local->work_list, list) { 1997 list_for_each_entry(wk, &local->work_list, list) {
1998 if (wk->type != IEEE80211_WORK_DIRECT_PROBE) 1998 if (wk->sdata != sdata)
1999 continue; 1999 continue;
2000
2001 if (wk->type != IEEE80211_WORK_DIRECT_PROBE &&
2002 wk->type != IEEE80211_WORK_AUTH)
2003 continue;
2004
2000 if (memcmp(req->bss->bssid, wk->filter_ta, ETH_ALEN)) 2005 if (memcmp(req->bss->bssid, wk->filter_ta, ETH_ALEN))
2001 continue; 2006 continue;
2002 not_auth_yet = true; 2007
2003 list_del(&wk->list); 2008 not_auth_yet = wk->type == IEEE80211_WORK_DIRECT_PROBE;
2009 list_del_rcu(&wk->list);
2004 free_work(wk); 2010 free_work(wk);
2005 break; 2011 break;
2006 } 2012 }