cfg80211: don't get expired BSSes
authorJohannes Berg <johannes.berg@intel.com>
Tue, 13 Jul 2010 08:55:38 +0000 (10:55 +0200)
committerJohn W. Linville <linville@tuxdriver.com>
Wed, 14 Jul 2010 17:52:45 +0000 (13:52 -0400)
When kernel-internal users use cfg80211_get_bss()
to get a reference to a BSS struct, they may end
up getting one that would have been removed from
the list if there had been any userspace access
to the list. This leads to inconsistencies and
problems.

Fix it by making cfg80211_get_bss() ignore BSSes
that cfg80211_bss_expire() would remove.

Fixes http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2180

Cc: stable@kernel.org
Reported-by: Jiajia Zheng <jiajia.zheng@intel.com>
Tested-by: Jiajia Zheng <jiajia.zheng@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
net/wireless/scan.c

index 58401d246bda9defe3a142f1c64c0b048530fd63..5ca8c7180141d8dc9bc43d607eb26395cd0268bf 100644 (file)
@@ -275,6 +275,7 @@ struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy,
 {
        struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy);
        struct cfg80211_internal_bss *bss, *res = NULL;
+       unsigned long now = jiffies;
 
        spin_lock_bh(&dev->bss_lock);
 
@@ -283,6 +284,10 @@ struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy,
                        continue;
                if (channel && bss->pub.channel != channel)
                        continue;
+               /* Don't get expired BSS structs */
+               if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) &&
+                   !atomic_read(&bss->hold))
+                       continue;
                if (is_bss(&bss->pub, bssid, ssid, ssid_len)) {
                        res = bss;
                        kref_get(&res->ref);