On Wed, Nov 13, 2013 at 10:20:37PM +0100, Johannes Berg wrote: > On Wed, 2013-11-13 at 19:12 +0100, Luis R. Rodriguez wrote: > > This also records the wdev on the last regulatory request, > > this can be used later to help quiesce wdev's at appropriate > > times by the regulatory core. > > > +++ b/net/wireless/reg.c > > @@ -1871,12 +1871,14 @@ int regulatory_hint(struct wiphy *wiphy, const char *alpha2) > > } > > EXPORT_SYMBOL(regulatory_hint); > > > > -void regulatory_hint_country_ie(struct wiphy *wiphy, enum ieee80211_band band, > > +void regulatory_hint_country_ie(struct wireless_dev *wdev, > > + enum ieee80211_band band, > > const u8 *country_ie, u8 country_ie_len) > ... > > + request->wdev = wdev; > > > You have absolutely no validation of this pointer - the lifetime of the > request object and the wdev aren't necessarily the same. Agreed. > At least you should very carefully document that this pointer is a > cookie (if it really is) and must never be dereferenced. OK, I could also validate it upon processing but we'd need to loop over the rdev wdev list for the country IE hint, if that is acceptable upon procesing it'd be valid and we'd avoid corner case issues. Thoughts? Luis -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
