[RFC,2/2] wireless: Make sure __cfg80211_connect_result always puts bss.

Message ID	1371515281-26879-2-git-send-email-greearb@candelatech.com (mailing list archive)
State	Not Applicable, archived
Headers	show Return-Path: <linux-wireless-owner@kernel.org> From: greearb@candelatech.com To: linux-wireless@vger.kernel.org Cc: Ben Greear <greearb@candelatech.com> Subject: [RFC 2/2] wireless: Make sure __cfg80211_connect_result always puts bss. Date: Mon, 17 Jun 2013 17:28:01 -0700 Message-Id: <1371515281-26879-2-git-send-email-greearb@candelatech.com> In-Reply-To: <1371515281-26879-1-git-send-email-greearb@candelatech.com> References: <1371515281-26879-1-git-send-email-greearb@candelatech.com> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk

Message ID

1371515281-26879-2-git-send-email-greearb@candelatech.com (mailing list archive)

State

Not Applicable, archived

Headers

From: greearb@candelatech.com
To: linux-wireless@vger.kernel.org
Cc: Ben Greear <greearb@candelatech.com>
Subject: [RFC 2/2] wireless: Make sure __cfg80211_connect_result always puts
	bss.
Date: Mon, 17 Jun 2013 17:28:01 -0700
Message-Id: <1371515281-26879-2-git-send-email-greearb@candelatech.com>
In-Reply-To: <1371515281-26879-1-git-send-email-greearb@candelatech.com>
References: <1371515281-26879-1-git-send-email-greearb@candelatech.com>
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk

From: Ben Greear <greearb@candelatech.com> Otherwise, we can leak a bss reference. Signed-off-by: Ben Greear <greearb@candelatech.com> --- net/wireless/sme.c | 11 +++++++++-- 1 files changed, 9 insertions(+), 2 deletions(-)

Comments

Johannes Berg June 18, 2013, 12:19 p.m. UTC | #1

On Mon, 2013-06-17 at 17:28 -0700, greearb@candelatech.com wrote:
> From: Ben Greear <greearb@candelatech.com>
> 
> Otherwise, we can leak a bss reference.
> 
> Signed-off-by: Ben Greear <greearb@candelatech.com>
> ---
>  net/wireless/sme.c |   11 +++++++++--
>  1 files changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/net/wireless/sme.c b/net/wireless/sme.c
> index 6066720..ea2ce33 100644
> --- a/net/wireless/sme.c
> +++ b/net/wireless/sme.c
> @@ -420,6 +420,7 @@ void cfg80211_sme_failed_assoc(struct wireless_dev *wdev)
>  	schedule_work(&rdev->conn_work);
>  }
>  
> +/** This method must consume bss one way or another */
>  void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
>  			       const u8 *req_ie, size_t req_ie_len,
>  			       const u8 *resp_ie, size_t resp_ie_len,
> @@ -435,11 +436,17 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
>  	ASSERT_WDEV_LOCK(wdev);
>  
>  	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
> -		    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
> +		    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) {
> +		if (bss)
> +			cfg80211_put_bss(wdev->wiphy, bss);
>  		return;
> +	}

This is reasonable, though it'd be stupid to call it in this case, I'm
not worried about leaking when the warning triggers.

> -	if (wdev->sme_state != CFG80211_SME_CONNECTING)
> +	if (wdev->sme_state != CFG80211_SME_CONNECTING) {
> +		if (bss)
> +			cfg80211_put_bss(wdev->wiphy, bss);
>  		return;
> +	}

This code doesn't exist any more.

johannes

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 6066720..ea2ce33 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -420,6 +420,7 @@  void cfg80211_sme_failed_assoc(struct wireless_dev *wdev)
 	schedule_work(&rdev->conn_work);
 }
 
+/** This method must consume bss one way or another */
 void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
 			       const u8 *req_ie, size_t req_ie_len,
 			       const u8 *resp_ie, size_t resp_ie_len,
@@ -435,11 +436,17 @@  void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
 	ASSERT_WDEV_LOCK(wdev);
 
 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
-		    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
+		    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) {
+		if (bss)
+			cfg80211_put_bss(wdev->wiphy, bss);
 		return;
+	}
 
-	if (wdev->sme_state != CFG80211_SME_CONNECTING)
+	if (wdev->sme_state != CFG80211_SME_CONNECTING) {
+		if (bss)
+			cfg80211_put_bss(wdev->wiphy, bss);
 		return;
+	}
 
 	nl80211_send_connect_result(wiphy_to_dev(wdev->wiphy), dev,
 				    bssid, req_ie, req_ie_len,

[RFC,2/2] wireless: Make sure __cfg80211_connect_result always puts bss.

Commit Message

Comments

Patch