aboutsummaryrefslogtreecommitdiffstats
path: root/net/wireless
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2010-07-13 04:55:38 -0400
committerJohn W. Linville <linville@tuxdriver.com>2010-07-14 13:52:45 -0400
commitccb6c1360f8dd43303c659db718e7e0b24175db5 (patch)
tree185c730d80f48f5bf8d3c9dc4cb73bb8f397b7b3 /net/wireless
parent31e79a5954b78fbed15de2c8974d5a2b6019199a (diff)
cfg80211: don't get expired BSSes
When kernel-internal users use cfg80211_get_bss() to get a reference to a BSS struct, they may end up getting one that would have been removed from the list if there had been any userspace access to the list. This leads to inconsistencies and problems. Fix it by making cfg80211_get_bss() ignore BSSes that cfg80211_bss_expire() would remove. Fixes http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2180 Cc: stable@kernel.org Reported-by: Jiajia Zheng <jiajia.zheng@intel.com> Tested-by: Jiajia Zheng <jiajia.zheng@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/wireless')
-rw-r--r--net/wireless/scan.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 58401d246bda..5ca8c7180141 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -275,6 +275,7 @@ struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy,
275{ 275{
276 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy); 276 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
277 struct cfg80211_internal_bss *bss, *res = NULL; 277 struct cfg80211_internal_bss *bss, *res = NULL;
278 unsigned long now = jiffies;
278 279
279 spin_lock_bh(&dev->bss_lock); 280 spin_lock_bh(&dev->bss_lock);
280 281
@@ -283,6 +284,10 @@ struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy,
283 continue; 284 continue;
284 if (channel && bss->pub.channel != channel) 285 if (channel && bss->pub.channel != channel)
285 continue; 286 continue;
287 /* Don't get expired BSS structs */
288 if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) &&
289 !atomic_read(&bss->hold))
290 continue;
286 if (is_bss(&bss->pub, bssid, ssid, ssid_len)) { 291 if (is_bss(&bss->pub, bssid, ssid, ssid_len)) {
287 res = bss; 292 res = bss;
288 kref_get(&res->ref); 293 kref_get(&res->ref);