[21/91] cfg80211: fix locking in action frame TX

From: Greg KH
Date: Tue Aug 24 2010 - 19:38:32 EST


2.6.34-stable review patch. If anyone has any objections, please let us know.

------------------

From: Johannes Berg <johannes.berg@xxxxxxxxx>

commit fe100acddf438591ecf3582cb57241e560da70b7 upstream.

Accesses to "wdev->current_bss" must be
locked with the wdev lock, which action
frame transmission is missing.

Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
net/wireless/mlme.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -825,12 +825,18 @@ int cfg80211_mlme_action(struct cfg80211
return -EINVAL;
if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
/* Verify that we are associated with the destination AP */
+ wdev_lock(wdev);
+
if (!wdev->current_bss ||
memcmp(wdev->current_bss->pub.bssid, mgmt->bssid,
ETH_ALEN) != 0 ||
memcmp(wdev->current_bss->pub.bssid, mgmt->da,
- ETH_ALEN) != 0)
+ ETH_ALEN) != 0) {
+ wdev_unlock(wdev);
return -ENOTCONN;
+ }
+ wdev_unlock(wdev);
+
}

if (memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0)


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/