[PATCH] mac80211: fix iff_promiscs, iff_allmultis race
When we update the counters iff_promiscs and iff_allmultis
in struct ieee80211_local we have no common lock held to
protect them. The problem is that the update to each counter
may not be atomic, so we could end up with iff_promiscs == -1
in unfortunate conditions. To fix it, use atomic_t values.
It doesn't matter whether the two counters are updated
together atomically or not, if there are two invocations
of set_multicast_list we will end up with multiple
configure_filter() invocations of which the latter will always
be correct.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
index b118053..2501bff 100644
--- a/net/mac80211/ieee80211.c
+++ b/net/mac80211/ieee80211.c
@@ -59,10 +59,10 @@
unsigned int changed_flags;
unsigned int new_flags = 0;
- if (local->iff_promiscs)
+ if (atomic_read(&local->iff_promiscs))
new_flags |= FIF_PROMISC_IN_BSS;
- if (local->iff_allmultis)
+ if (atomic_read(&local->iff_allmultis))
new_flags |= FIF_ALLMULTI;
if (local->monitors)
@@ -521,17 +521,17 @@
if (allmulti != sdata_allmulti) {
if (dev->flags & IFF_ALLMULTI)
- local->iff_allmultis++;
+ atomic_inc(&local->iff_allmultis);
else
- local->iff_allmultis--;
+ atomic_dec(&local->iff_allmultis);
sdata->flags ^= IEEE80211_SDATA_ALLMULTI;
}
if (promisc != sdata_promisc) {
if (dev->flags & IFF_PROMISC)
- local->iff_promiscs++;
+ atomic_inc(&local->iff_promiscs);
else
- local->iff_promiscs--;
+ atomic_dec(&local->iff_promiscs);
sdata->flags ^= IEEE80211_SDATA_PROMISC;
}