From: Johannes Berg <johannes.berg@intel.com>
Date: Mon, 9 Aug 2010 13:52:03 +0000 (+0200)
Subject: cfg80211: fix locking in action frame TX
X-Git-Tag: v2.6.35.4~92
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=57001f2240b0cba6ec95f460da34c0e81f52b4c2;p=thirdparty%2Fkernel%2Fstable.git

cfg80211: fix locking in action frame TX

commit fe100acddf438591ecf3582cb57241e560da70b7 upstream.

Accesses to "wdev->current_bss" must be
locked with the wdev lock, which action
frame transmission is missing.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index ef17fcf850927..e4be688761847 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -842,12 +842,18 @@ int cfg80211_mlme_action(struct cfg80211_registered_device *rdev,
 		return -EINVAL;
 	if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
 		/* Verify that we are associated with the destination AP */
+		wdev_lock(wdev);
+
 		if (!wdev->current_bss ||
 		    memcmp(wdev->current_bss->pub.bssid, mgmt->bssid,
 			   ETH_ALEN) != 0 ||
 		    memcmp(wdev->current_bss->pub.bssid, mgmt->da,
-			   ETH_ALEN) != 0)
+			    ETH_ALEN) != 0) {
+			wdev_unlock(wdev);
 			return -ENOTCONN;
+		}
+		wdev_unlock(wdev);
+
 	}
 
 	if (memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0)