aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211/work.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211/work.c')
-rw-r--r--net/mac80211/work.c27
1 files changed, 25 insertions, 2 deletions
diff --git a/net/mac80211/work.c b/net/mac80211/work.c
index 3dd07600199d..be3d4a698692 100644
--- a/net/mac80211/work.c
+++ b/net/mac80211/work.c
@@ -33,6 +33,7 @@
33#define IEEE80211_MAX_PROBE_TRIES 5 33#define IEEE80211_MAX_PROBE_TRIES 5
34 34
35enum work_action { 35enum work_action {
36 WORK_ACT_MISMATCH,
36 WORK_ACT_NONE, 37 WORK_ACT_NONE,
37 WORK_ACT_TIMEOUT, 38 WORK_ACT_TIMEOUT,
38 WORK_ACT_DONE, 39 WORK_ACT_DONE,
@@ -585,7 +586,7 @@ ieee80211_rx_mgmt_auth(struct ieee80211_work *wk,
585 u16 auth_alg, auth_transaction, status_code; 586 u16 auth_alg, auth_transaction, status_code;
586 587
587 if (wk->type != IEEE80211_WORK_AUTH) 588 if (wk->type != IEEE80211_WORK_AUTH)
588 return WORK_ACT_NONE; 589 return WORK_ACT_MISMATCH;
589 590
590 if (len < 24 + 6) 591 if (len < 24 + 6)
591 return WORK_ACT_NONE; 592 return WORK_ACT_NONE;
@@ -636,6 +637,9 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk,
636 struct ieee802_11_elems elems; 637 struct ieee802_11_elems elems;
637 u8 *pos; 638 u8 *pos;
638 639
640 if (wk->type != IEEE80211_WORK_ASSOC)
641 return WORK_ACT_MISMATCH;
642
639 /* 643 /*
640 * AssocResp and ReassocResp have identical structure, so process both 644 * AssocResp and ReassocResp have identical structure, so process both
641 * of them in this function. 645 * of them in this function.
@@ -691,6 +695,12 @@ ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk,
691 695
692 ASSERT_WORK_MTX(local); 696 ASSERT_WORK_MTX(local);
693 697
698 if (wk->type != IEEE80211_WORK_DIRECT_PROBE)
699 return WORK_ACT_MISMATCH;
700
701 if (len < 24 + 12)
702 return WORK_ACT_NONE;
703
694 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 704 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
695 if (baselen > len) 705 if (baselen > len)
696 return WORK_ACT_NONE; 706 return WORK_ACT_NONE;
@@ -705,7 +715,7 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
705 struct ieee80211_rx_status *rx_status; 715 struct ieee80211_rx_status *rx_status;
706 struct ieee80211_mgmt *mgmt; 716 struct ieee80211_mgmt *mgmt;
707 struct ieee80211_work *wk; 717 struct ieee80211_work *wk;
708 enum work_action rma = WORK_ACT_NONE; 718 enum work_action rma;
709 u16 fc; 719 u16 fc;
710 720
711 rx_status = (struct ieee80211_rx_status *) skb->cb; 721 rx_status = (struct ieee80211_rx_status *) skb->cb;
@@ -752,7 +762,17 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
752 break; 762 break;
753 default: 763 default:
754 WARN_ON(1); 764 WARN_ON(1);
765 rma = WORK_ACT_NONE;
755 } 766 }
767
768 /*
769 * We've either received an unexpected frame, or we have
770 * multiple work items and need to match the frame to the
771 * right one.
772 */
773 if (rma == WORK_ACT_MISMATCH)
774 continue;
775
756 /* 776 /*
757 * We've processed this frame for that work, so it can't 777 * We've processed this frame for that work, so it can't
758 * belong to another work struct. 778 * belong to another work struct.
@@ -762,6 +782,9 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
762 } 782 }
763 783
764 switch (rma) { 784 switch (rma) {
785 case WORK_ACT_MISMATCH:
786 /* ignore this unmatched frame */
787 break;
765 case WORK_ACT_NONE: 788 case WORK_ACT_NONE:
766 break; 789 break;
767 case WORK_ACT_DONE: 790 case WORK_ACT_DONE: