On Thu, 2011-09-22 at 10:34 +0300, Arik Nemtsov wrote: > > Also accessing u.mgd.associated as a bool like this is fine, but > > obviously racy. How do we deal with that? Do we even tear down links > > when disassociating, and do we even need to beyond just killing the > > station entries? > > We don't tear down links just before disassociating (there are too > many corner cases here). We just disable the links post-factum. > Killing the station entries won't help for packets meant to be sent > over the AP. I guess we can take the mutex for a little extra safely > (but it won't do much). > > The race is even worse - from queuing until the actual Tx, we could > have disconnected from this AP and connected do a totally different > one. But this shouldn't happen in reality (and we can add some guards > to wpa_supplicant to make sure). > Do you see this as a security threat? I don't really know :-) I just saw the possible race here. If you remove the TDLS station entries when disassociating then it shouldn't be an issue, right? Since you require a station entry pretty early on anyway. johannes -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
