diff options
author | 2016-03-01 19:18:14 +0200 | |
---|---|---|
committer | 2016-03-07 11:43:20 +0200 | |
commit | 280ab987ef21d1c196acb3af4663a99f94d9da00 (patch) | |
tree | b853e200d91f4acaab7d09b00aa2b628da86aaa2 /drivers/net/wireless/ath/wil6210/wil6210.h | |
parent | wil6210: P2P_DEVICE virtual interface support (diff) | |
download | linux-dev-280ab987ef21d1c196acb3af4663a99f94d9da00.tar.xz linux-dev-280ab987ef21d1c196acb3af4663a99f94d9da00.zip |
wil6210: fix race conditions in p2p listen and search
Fix 2 race conditions found during test runs of P2P discovery:
1. Because wil_p2p_cancel_listen was not protected, user space
could start a new P2P listen/search before wmi_stop_discovery
completed. This caused a crash in the firmware.
2. In P2P listen, when listen timer expires and user space calls
cancel_remain_on_channel at the same time, code could send the
cfg80211_remain_on_channel_expired notification twice.
Added protections with wil->mutex to several places that call
wmi_stop_discovery.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Signed-off-by: Maya Erez <qca_merez@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Diffstat (limited to 'drivers/net/wireless/ath/wil6210/wil6210.h')
-rw-r--r-- | drivers/net/wireless/ath/wil6210/wil6210.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/net/wireless/ath/wil6210/wil6210.h b/drivers/net/wireless/ath/wil6210/wil6210.h index 9b77a0844a83..68f60eadde13 100644 --- a/drivers/net/wireless/ath/wil6210/wil6210.h +++ b/drivers/net/wireless/ath/wil6210/wil6210.h @@ -775,8 +775,8 @@ int wil_p2p_search(struct wil6210_priv *wil, struct cfg80211_scan_request *request); int wil_p2p_listen(struct wil6210_priv *wil, unsigned int duration, struct ieee80211_channel *chan, u64 *cookie); -void wil_p2p_stop_discovery(struct wil6210_priv *wil); -void wil_p2p_cancel_listen(struct wil6210_priv *wil, u64 cookie); +u8 wil_p2p_stop_discovery(struct wil6210_priv *wil); +int wil_p2p_cancel_listen(struct wil6210_priv *wil, u64 cookie); void wil_p2p_listen_expired(struct work_struct *work); void wil_p2p_search_expired(struct work_struct *work); |