On Wed, 2009-08-19 at 01:04 +0100, David Kilroy wrote:
> @@ -791,18 +824,55 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev,
>
> return err;
> } else {
> + struct cfg80211_bss *bss;
> +
> wdev->sme_state = CFG80211_SME_CONNECTING;
> wdev->connect_keys = connkeys;
> +
> + bss = cfg80211_get_bss(wdev->wiphy, NULL, connect->bssid,
> + connect->ssid, connect->ssid_len,
> + WLAN_CAPABILITY_ESS,
> + WLAN_CAPABILITY_ESS);
Hmm. What if the bssid isn't set? Then the card might select a different
BSS than the one we have on the scan list.
> + /* Failed to clone (or scan), so we can't
> + * delay the connect. Free everything up and
> + * go ahead with the connect */
> + if (wdev->conn)
> + kfree(wdev->conn->ie);
> + kfree(wdev->conn);
> + wdev->conn = NULL;
and that would then run into the warning and the problem anyway? Better
to just reject with -ENOMEM I think? Also, I really don't think you
should use wdev->conn anywhere in this code path, because some code
looks at that to figure out whether or not the cfg80211 SME is used.
> + } else {
> + cfg80211_put_bss(bss);
> err = rdev->ops->connect(&rdev->wiphy, dev, connect);
And it's all racy too -- by the time the driver calls connect_result(),
the BSS might have expired after it was found here now.
I don't think this is really feasible to implement in cfg80211. Couldn't
the driver do a probe to the BSS that the device selected, and report
that before the connect result?
johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
