diff options
author | Johannes Berg <johannes@sipsolutions.net> | 2009-07-08 01:41:27 +0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2009-07-24 23:05:06 +0400 |
commit | a71d62dbf3f0523b7a456333196cb26cf783fe92 (patch) | |
tree | 5464eb108c6e9a2849cb81c81473713ce8c84d12 /net | |
parent | e0f114e82e3781087a0ad0e92c94ff0d55012c1a (diff) | |
download | linux-a71d62dbf3f0523b7a456333196cb26cf783fe92.tar.xz |
cfg80211: fix race in giwrate
cfg80211_wext_giwrate doesn't lock the wdev, so it
cannot access current_bss race-free. Also, there's
little point in trying to ask the driver for an AP
that it never told us about, so avoid that case.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/wireless/wext-compat.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/net/wireless/wext-compat.c b/net/wireless/wext-compat.c index 9d101d566bb1..5088d89a30fc 100644 --- a/net/wireless/wext-compat.c +++ b/net/wireless/wext-compat.c @@ -1127,7 +1127,7 @@ int cfg80211_wext_giwrate(struct net_device *dev, struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); /* we are under RTNL - globally locked - so can use a static struct */ static struct station_info sinfo; - u8 *addr; + u8 addr[ETH_ALEN]; int err; if (wdev->iftype != NL80211_IFTYPE_STATION) @@ -1136,12 +1136,15 @@ int cfg80211_wext_giwrate(struct net_device *dev, if (!rdev->ops->get_station) return -EOPNOTSUPP; + err = 0; + wdev_lock(wdev); if (wdev->current_bss) - addr = wdev->current_bss->pub.bssid; - else if (wdev->wext.connect.bssid) - addr = wdev->wext.connect.bssid; + memcpy(addr, wdev->current_bss->pub.bssid, ETH_ALEN); else - return -EOPNOTSUPP; + err = -EOPNOTSUPP; + wdev_unlock(wdev); + if (err) + return err; err = rdev->ops->get_station(&rdev->wiphy, dev, addr, &sinfo); if (err) |