We have some validation code in mac80211 but said code will force an invalid AID to 0 which isn't a valid AID either; instead require a valid AID (1-2007) to be passed in from userspace in cfg80211 already. Also move the code before the race comment since it can only be executed during STA addition and thus is not racy. Signed-off-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx> --- net/mac80211/cfg.c | 13 +++++++------ net/wireless/nl80211.c | 4 ++++ 2 files changed, 11 insertions(+), 6 deletions(-) --- wireless-testing.orig/net/mac80211/cfg.c 2009-05-24 16:40:30.000000000 +0200 +++ wireless-testing/net/mac80211/cfg.c 2009-05-24 16:40:42.000000000 +0200 @@ -664,18 +664,19 @@ static void sta_apply_parameters(struct spin_unlock_bh(&sta->lock); /* + * cfg80211 validates this (1-2007) and allows setting the AID + * only when creating a new station entry + */ + if (params->aid) + sta->sta.aid = params->aid; + + /* * FIXME: updating the following information is racy when this * function is called from ieee80211_change_station(). * However, all this information should be static so * maybe we should just reject attemps to change it. */ - if (params->aid) { - sta->sta.aid = params->aid; - if (sta->sta.aid > IEEE80211_MAX_AID) - sta->sta.aid = 0; /* XXX: should this be an error? */ - } - if (params->listen_interval >= 0) sta->listen_interval = params->listen_interval; --- wireless-testing.orig/net/wireless/nl80211.c 2009-05-24 16:40:33.000000000 +0200 +++ wireless-testing/net/wireless/nl80211.c 2009-05-24 16:40:42.000000000 +0200 @@ -1738,7 +1738,11 @@ static int nl80211_new_station(struct sk nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); params.listen_interval = nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); + params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); + if (!params.aid || params.aid > IEEE80211_MAX_AID) + return -EINVAL; + if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) params.ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html