summaryrefslogtreecommitdiff
path: root/net/mac80211/debugfs_netdev.c
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2012-11-05 20:27:57 +0100
committerJohannes Berg <johannes.berg@intel.com>2012-11-07 18:01:39 +0100
commit41c97a2032e753d7975828c51b23b570dc6f9b0d (patch)
tree6de866bd4f98224d1f4f9b6797f436d1c8620512 /net/mac80211/debugfs_netdev.c
parent28656a111af70116027fb0a0931df4b46d7375b1 (diff)
downloadlwn-41c97a2032e753d7975828c51b23b570dc6f9b0d.tar.gz
lwn-41c97a2032e753d7975828c51b23b570dc6f9b0d.zip
mac80211: fix race in TKIP MIC test debugfs file
Accessing sdata->vif.bss_conf.bssid without any protection here is racy, use u.mgd.associated instead and lock the correct mutex for it. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211/debugfs_netdev.c')
-rw-r--r--net/mac80211/debugfs_netdev.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 4b68ec770bdd..99ce871bfcf9 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -284,13 +284,16 @@ static ssize_t ieee80211_if_parse_tkip_mic_test(
case NL80211_IFTYPE_STATION:
fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
/* BSSID SA DA */
- if (sdata->vif.bss_conf.bssid == NULL) {
+ mutex_lock(&sdata->u.mgd.mtx);
+ if (!sdata->u.mgd.associated) {
+ mutex_unlock(&sdata->u.mgd.mtx);
dev_kfree_skb(skb);
return -ENOTCONN;
}
- memcpy(hdr->addr1, sdata->vif.bss_conf.bssid, ETH_ALEN);
+ memcpy(hdr->addr1, sdata->u.mgd.associated->bssid, ETH_ALEN);
memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
memcpy(hdr->addr3, addr, ETH_ALEN);
+ mutex_unlock(&sdata->u.mgd.mtx);
break;
default:
dev_kfree_skb(skb);