From: Johannes Berg Date: Fri, 4 Apr 2008 21:40:35 +0000 (+0200) Subject: mac80211: fix ieee80211_ioctl_giwrate X-Git-Tag: v2.6.26-rc1~1138^2~166 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=380a942b9177dcae1429fdd0f3639f92d9ab139d;p=linux-2.6 mac80211: fix ieee80211_ioctl_giwrate The ieee80211_ioctl_giwrate() ioctl handler doesn't rcu_read_lock() its access to the sta table, fix it. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c index b047eebb63..41130b3031 100644 --- a/net/mac80211/ieee80211_ioctl.c +++ b/net/mac80211/ieee80211_ioctl.c @@ -586,19 +586,25 @@ static int ieee80211_ioctl_giwrate(struct net_device *dev, sdata = IEEE80211_DEV_TO_SUB_IF(dev); - if (sdata->vif.type == IEEE80211_IF_TYPE_STA) - sta = sta_info_get(local, sdata->u.sta.bssid); - else + if (sdata->vif.type != IEEE80211_IF_TYPE_STA) return -EOPNOTSUPP; - if (!sta) - return -ENODEV; sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; - if (sta->txrate_idx < sband->n_bitrates) + rcu_read_lock(); + + sta = sta_info_get(local, sdata->u.sta.bssid); + + if (sta && sta->txrate_idx < sband->n_bitrates) rate->value = sband->bitrates[sta->txrate_idx].bitrate; else rate->value = 0; + + rcu_read_unlock(); + + if (!sta) + return -ENODEV; + rate->value *= 100000; return 0;