aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/work.c27
1 files changed, 25 insertions, 2 deletions
diff --git a/net/mac80211/work.c b/net/mac80211/work.c
index 4c7de72c27e7..ad0bf5828140 100644
--- a/net/mac80211/work.c
+++ b/net/mac80211/work.c
@@ -32,6 +32,7 @@
32#define IEEE80211_MAX_PROBE_TRIES 5 32#define IEEE80211_MAX_PROBE_TRIES 5
33 33
34enum work_action { 34enum work_action {
35 WORK_ACT_MISMATCH,
35 WORK_ACT_NONE, 36 WORK_ACT_NONE,
36 WORK_ACT_TIMEOUT, 37 WORK_ACT_TIMEOUT,
37 WORK_ACT_DONE, 38 WORK_ACT_DONE,
@@ -584,7 +585,7 @@ ieee80211_rx_mgmt_auth(struct ieee80211_work *wk,
584 u16 auth_alg, auth_transaction, status_code; 585 u16 auth_alg, auth_transaction, status_code;
585 586
586 if (wk->type != IEEE80211_WORK_AUTH) 587 if (wk->type != IEEE80211_WORK_AUTH)
587 return WORK_ACT_NONE; 588 return WORK_ACT_MISMATCH;
588 589
589 if (len < 24 + 6) 590 if (len < 24 + 6)
590 return WORK_ACT_NONE; 591 return WORK_ACT_NONE;
@@ -635,6 +636,9 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk,
635 struct ieee802_11_elems elems; 636 struct ieee802_11_elems elems;
636 u8 *pos; 637 u8 *pos;
637 638
639 if (wk->type != IEEE80211_WORK_ASSOC)
640 return WORK_ACT_MISMATCH;
641
638 /* 642 /*
639 * AssocResp and ReassocResp have identical structure, so process both 643 * AssocResp and ReassocResp have identical structure, so process both
640 * of them in this function. 644 * of them in this function.
@@ -690,6 +694,12 @@ ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk,
690 694
691 ASSERT_WORK_MTX(local); 695 ASSERT_WORK_MTX(local);
692 696
697 if (wk->type != IEEE80211_WORK_DIRECT_PROBE)
698 return WORK_ACT_MISMATCH;
699
700 if (len < 24 + 12)
701 return WORK_ACT_NONE;
702
693 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 703 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
694 if (baselen > len) 704 if (baselen > len)
695 return WORK_ACT_NONE; 705 return WORK_ACT_NONE;
@@ -704,7 +714,7 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
704 struct ieee80211_rx_status *rx_status; 714 struct ieee80211_rx_status *rx_status;
705 struct ieee80211_mgmt *mgmt; 715 struct ieee80211_mgmt *mgmt;
706 struct ieee80211_work *wk; 716 struct ieee80211_work *wk;
707 enum work_action rma = WORK_ACT_NONE; 717 enum work_action rma;
708 u16 fc; 718 u16 fc;
709 719
710 rx_status = (struct ieee80211_rx_status *) skb->cb; 720 rx_status = (struct ieee80211_rx_status *) skb->cb;
@@ -751,7 +761,17 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
751 break; 761 break;
752 default: 762 default:
753 WARN_ON(1); 763 WARN_ON(1);
764 rma = WORK_ACT_NONE;
754 } 765 }
766
767 /*
768 * We've either received an unexpected frame, or we have
769 * multiple work items and need to match the frame to the
770 * right one.
771 */
772 if (rma == WORK_ACT_MISMATCH)
773 continue;
774
755 /* 775 /*
756 * We've processed this frame for that work, so it can't 776 * We've processed this frame for that work, so it can't
757 * belong to another work struct. 777 * belong to another work struct.
@@ -761,6 +781,9 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
761 } 781 }
762 782
763 switch (rma) { 783 switch (rma) {
784 case WORK_ACT_MISMATCH:
785 /* ignore this unmatched frame */
786 break;
764 case WORK_ACT_NONE: 787 case WORK_ACT_NONE:
765 break; 788 break;
766 case WORK_ACT_DONE: 789 case WORK_ACT_DONE: