Commit a71d62db authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville

cfg80211: fix race in giwrate

cfg80211_wext_giwrate doesn't lock the wdev, so it
cannot access current_bss race-free. Also, there's
little point in trying to ask the driver for an AP
that it never told us about, so avoid that case.
Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent e0f114e8
...@@ -1127,7 +1127,7 @@ int cfg80211_wext_giwrate(struct net_device *dev, ...@@ -1127,7 +1127,7 @@ int cfg80211_wext_giwrate(struct net_device *dev,
struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
/* we are under RTNL - globally locked - so can use a static struct */ /* we are under RTNL - globally locked - so can use a static struct */
static struct station_info sinfo; static struct station_info sinfo;
u8 *addr; u8 addr[ETH_ALEN];
int err; int err;
if (wdev->iftype != NL80211_IFTYPE_STATION) if (wdev->iftype != NL80211_IFTYPE_STATION)
...@@ -1136,12 +1136,15 @@ int cfg80211_wext_giwrate(struct net_device *dev, ...@@ -1136,12 +1136,15 @@ int cfg80211_wext_giwrate(struct net_device *dev,
if (!rdev->ops->get_station) if (!rdev->ops->get_station)
return -EOPNOTSUPP; return -EOPNOTSUPP;
err = 0;
wdev_lock(wdev);
if (wdev->current_bss) if (wdev->current_bss)
addr = wdev->current_bss->pub.bssid; memcpy(addr, wdev->current_bss->pub.bssid, ETH_ALEN);
else if (wdev->wext.connect.bssid)
addr = wdev->wext.connect.bssid;
else else
return -EOPNOTSUPP; err = -EOPNOTSUPP;
wdev_unlock(wdev);
if (err)
return err;
err = rdev->ops->get_station(&rdev->wiphy, dev, addr, &sinfo); err = rdev->ops->get_station(&rdev->wiphy, dev, addr, &sinfo);
if (err) if (err)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment