cfg80211: validate remain-on-channel time better
authorJohannes Berg <johannes.berg@intel.com>
Fri, 1 Jun 2012 10:50:54 +0000 (12:50 +0200)
committerJohn W. Linville <linville@tuxdriver.com>
Wed, 6 Jun 2012 19:20:22 +0000 (15:20 -0400)
The remain-on-channel time validation shouldn't
depend on the value of HZ, as it does now with
the check against jiffies, since then you might
use a value that works on one system but not on
another. Fix it by checking against a minimum
that's fixed.

Also add validation of the wait duration for a
management frame TX since this also translates
into remain-on-channel internally.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
include/linux/nl80211.h
net/wireless/nl80211.c

index 85e5037a218d5e416a2d8b6d83f59dcf82b74b62..970afdf5a605ae65fa7ab4aca1a8eba7485368ab 100644 (file)
@@ -1522,6 +1522,8 @@ enum nl80211_attrs {
 #define NL80211_MAX_NR_CIPHER_SUITES           5
 #define NL80211_MAX_NR_AKM_SUITES              2
 
+#define NL80211_MIN_REMAIN_ON_CHANNEL_TIME     10
+
 /**
  * enum nl80211_iftype - (virtual) interface types
  *
index 5e29bd38e7dff0f49cf27ec44cf065d628812a9c..7ae54b82291f636280f7821c597f3ae45f110a15 100644 (file)
@@ -5545,18 +5545,18 @@ static int nl80211_remain_on_channel(struct sk_buff *skb,
 
        duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
 
+       if (!rdev->ops->remain_on_channel ||
+           !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
+               return -EOPNOTSUPP;
+
        /*
-        * We should be on that channel for at least one jiffie,
-        * and more than 5 seconds seems excessive.
+        * We should be on that channel for at least a minimum amount of
+        * time (10ms) but no longer than the driver supports.
         */
-       if (!duration || !msecs_to_jiffies(duration) ||
+       if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
            duration > rdev->wiphy.max_remain_on_channel_duration)
                return -EINVAL;
 
-       if (!rdev->ops->remain_on_channel ||
-           !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
-               return -EOPNOTSUPP;
-
        if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] &&
            !nl80211_valid_channel_type(info, &channel_type))
                return -EINVAL;
@@ -5827,6 +5827,15 @@ static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
                if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
                        return -EINVAL;
                wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
+
+               /*
+                * We should wait on the channel for at least a minimum amount
+                * of time (10ms) but no longer than the driver supports.
+                */
+               if (wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
+                   wait > rdev->wiphy.max_remain_on_channel_duration)
+                       return -EINVAL;
+
        }
 
        if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {