When userspace requests a deauth while the
authentication work is pending in the auth
(not probe) state, we do not properly abort
the work and then things get confused.
Fix that and also improve the checks here
to include the correct virtual interface,
just in case two virtual interfaces would
ever try to connect to the same BSS.
Also fix a bug -- need to use list_del_rcu
instead of just list_del to free a work
item.
Signed-off-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx>
---
net/mac80211/mlme.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- wireless-testing.orig/net/mac80211/mlme.c 2010-02-06 15:07:37.000000000 +0100
+++ wireless-testing/net/mac80211/mlme.c 2010-02-06 15:18:58.000000000 +0100
@@ -2007,12 +2007,18 @@ int ieee80211_mgd_deauth(struct ieee8021
mutex_lock(&local->work_mtx);
list_for_each_entry(wk, &local->work_list, list) {
- if (wk->type != IEEE80211_WORK_DIRECT_PROBE)
+ if (wk->sdata != sdata)
continue;
+
+ if (wk->type != IEEE80211_WORK_DIRECT_PROBE &&
+ wk->type != IEEE80211_WORK_AUTH)
+ continue;
+
if (memcmp(req->bss->bssid, wk->filter_ta, ETH_ALEN))
continue;
- not_auth_yet = true;
- list_del(&wk->list);
+
+ not_auth_yet = wk->type == IEEE80211_WORK_DIRECT_PROBE;
+ list_del_rcu(&wk->list);
free_work(wk);
break;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
