From patchwork Tue Mar 1 17:18:05 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maya Erez X-Patchwork-Id: 8467661 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 6A7619F9A0 for ; Tue, 1 Mar 2016 17:18:37 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id A565D202E5 for ; Tue, 1 Mar 2016 17:18:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0691F202FF for ; Tue, 1 Mar 2016 17:18:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752707AbcCARS1 (ORCPT ); Tue, 1 Mar 2016 12:18:27 -0500 Received: from wolverine02.qualcomm.com ([199.106.114.251]:31382 "EHLO wolverine02.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752637AbcCARS0 (ORCPT ); Tue, 1 Mar 2016 12:18:26 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qca.qualcomm.com; i=@qca.qualcomm.com; q=dns/txt; s=qcdkim; t=1456852706; x=1488388706; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=aHq3q2i1xRBFLeBNNnnqX7ci58IZnH2oK5qPwGcZVQo=; b=KMWvOj1dHcjzree3QNljWgXL87sSXsMKbiwrfuk5S17F3SJCEhqY4Tos 9tT4ot5dQAkUwidTtU8KnmmdvWVJGY0oePXlUAknlCLyf4JvAV6kJGk17 xr0Tz/6q1FUFURNgwdrRvVhU0hOZW2PADFVojILlE1bXQmlz28AdLdz4R k=; X-IronPort-AV: E=Sophos;i="5.22,524,1449561600"; d="scan'208";a="267574388" Received: from ironmsg02-l-new.qualcomm.com (HELO ironmsg02-L.qualcomm.com) ([10.53.140.109]) by wolverine02.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 01 Mar 2016 09:18:26 -0800 X-IronPort-AV: E=McAfee;i="5700,7163,8090"; a="648103978" Received: from lx-merez.mea.qualcomm.com ([10.18.177.171]) by ironmsg02-L.qualcomm.com with ESMTP; 01 Mar 2016 09:18:24 -0800 From: Maya Erez To: Kalle Valo Cc: Maya Erez , linux-wireless@vger.kernel.org, wil6210@qca.qualcomm.com Subject: [PATCH v2 02/15] wil6210: AP: prevent connecting to already connected station Date: Tue, 1 Mar 2016 19:18:05 +0200 Message-Id: <1456852698-26808-3-git-send-email-qca_merez@qca.qualcomm.com> X-Mailer: git-send-email 1.8.5.2 In-Reply-To: <1456852698-26808-1-git-send-email-qca_merez@qca.qualcomm.com> References: <1456852698-26808-1-git-send-email-qca_merez@qca.qualcomm.com> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP wmi_evt_connect doesn't check if the connect event is received for an already connected station. This can lead to memory leak as a new vring is allocated without freeing the previously allocated vring and to unexpected behavior of nl80211 layer due to unexpected notification of a new station. Add a check in wmi_evt_connect in AP mode to verify that the requested CID is not associated to an already connected station. Signed-off-by: Maya Erez --- drivers/net/wireless/ath/wil6210/wmi.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/net/wireless/ath/wil6210/wmi.c b/drivers/net/wireless/ath/wil6210/wmi.c index 493e721..fb09035 100644 --- a/drivers/net/wireless/ath/wil6210/wmi.c +++ b/drivers/net/wireless/ath/wil6210/wmi.c @@ -487,6 +487,14 @@ static void wmi_evt_connect(struct wil6210_priv *wil, int id, void *d, int len) return; } del_timer_sync(&wil->connect_timer); + } else if ((wdev->iftype == NL80211_IFTYPE_AP) || + (wdev->iftype == NL80211_IFTYPE_P2P_GO)) { + if (wil->sta[evt->cid].status != wil_sta_unused) { + wil_err(wil, "%s: AP: Invalid status %d for CID %d\n", + __func__, wil->sta[evt->cid].status, evt->cid); + mutex_unlock(&wil->mutex); + return; + } } /* FIXME FW can transmit only ucast frames to peer */