Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit ccb6c1360f8dd43303c659db718e7e0b24175db5

Authored by Johannes Berg
Committed by John W. Linville
1 parent 31e79a5954
Exists in master and in 7 other branches imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

cfg80211: don't get expired BSSes 

When kernel-internal users use cfg80211_get_bss()
to get a reference to a BSS struct, they may end
up getting one that would have been removed from
the list if there had been any userspace access
to the list. This leads to inconsistencies and
problems.

Fix it by making cfg80211_get_bss() ignore BSSes
that cfg80211_bss_expire() would remove.

Fixes http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2180

Cc: stable@kernel.org
Reported-by: Jiajia Zheng <jiajia.zheng@intel.com>
Tested-by: Jiajia Zheng <jiajia.zheng@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

Showing 1 changed file with 5 additions and 0 deletions Side-by-side Diff

... ... @@ -275,6 +275,7 @@
275 275 {
276 276 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
277 277 struct cfg80211_internal_bss *bss, *res = NULL;
  278 + unsigned long now = jiffies;
278 279  
279 280 spin_lock_bh(&dev->bss_lock);
280 281  
... ... @@ -282,6 +283,10 @@
282 283 if ((bss->pub.capability & capa_mask) != capa_val)
283 284 continue;
284 285 if (channel && bss->pub.channel != channel)
  286 + continue;
  287 + /* Don't get expired BSS structs */
  288 + if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) &&
  289 + !atomic_read(&bss->hold))
285 290 continue;
286 291 if (is_bss(&bss->pub, bssid, ssid, ssid_len)) {
287 292 res = bss;