Commit 6863255b authored by Stanislaw Gruszka's avatar Stanislaw Gruszka Committed by Johannes Berg

cfg80211/mac80211: avoid state mishmash on deauth

Avoid situation when we are on associate state in mac80211 and
on disassociate state in cfg80211. This can results on crash
during modules unload (like showed on this thread:
http://marc.info/?t=134373976300001&r=1&w=2) and possibly other
problems.
Reported-by: default avatarPedro Francisco <pedrogfrancisco@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: default avatarStanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent df9b4296
...@@ -1218,6 +1218,7 @@ struct cfg80211_deauth_request { ...@@ -1218,6 +1218,7 @@ struct cfg80211_deauth_request {
const u8 *ie; const u8 *ie;
size_t ie_len; size_t ie_len;
u16 reason_code; u16 reason_code;
bool local_state_change;
}; };
/** /**
......
...@@ -3549,6 +3549,7 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, ...@@ -3549,6 +3549,7 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
{ {
struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
bool tx = !req->local_state_change;
mutex_lock(&ifmgd->mtx); mutex_lock(&ifmgd->mtx);
...@@ -3565,12 +3566,12 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, ...@@ -3565,12 +3566,12 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
if (ifmgd->associated && if (ifmgd->associated &&
ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
req->reason_code, true, frame_buf); req->reason_code, tx, frame_buf);
} else { } else {
drv_mgd_prepare_tx(sdata->local, sdata); drv_mgd_prepare_tx(sdata->local, sdata);
ieee80211_send_deauth_disassoc(sdata, req->bssid, ieee80211_send_deauth_disassoc(sdata, req->bssid,
IEEE80211_STYPE_DEAUTH, IEEE80211_STYPE_DEAUTH,
req->reason_code, true, req->reason_code, tx,
frame_buf); frame_buf);
} }
......
...@@ -457,20 +457,14 @@ int __cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, ...@@ -457,20 +457,14 @@ int __cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
.reason_code = reason, .reason_code = reason,
.ie = ie, .ie = ie,
.ie_len = ie_len, .ie_len = ie_len,
.local_state_change = local_state_change,
}; };
ASSERT_WDEV_LOCK(wdev); ASSERT_WDEV_LOCK(wdev);
if (local_state_change) { if (local_state_change && (!wdev->current_bss ||
if (wdev->current_bss && !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) {
cfg80211_unhold_bss(wdev->current_bss);
cfg80211_put_bss(&wdev->current_bss->pub);
wdev->current_bss = NULL;
}
return 0; return 0;
}
return rdev->ops->deauth(&rdev->wiphy, dev, &req); return rdev->ops->deauth(&rdev->wiphy, dev, &req);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment