Commit d048e503 authored by Jouni Malinen's avatar Jouni Malinen Committed by John W. Linville

mac80211: Fix scan RX processing oops

ieee80211_bss_info_update() can return NULL. Verify that this is not the
case before calling ieee802111_rx_bss_put() which would trigger an oops
in interrupt context in atomic_dec_and_lock().
Signed-off-by: default avatarJouni Malinen <jouni.malinen@atheros.com>
Acked-by: default avatarJohannes Berg <johannes@sipsolutions.net>
Acked-by: default avatarBenoit Papillault <benoit.papillault@free.fr>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent c25bab54
...@@ -388,7 +388,8 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb, ...@@ -388,7 +388,8 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb,
bss = ieee80211_bss_info_update(sdata->local, rx_status, bss = ieee80211_bss_info_update(sdata->local, rx_status,
mgmt, skb->len, &elems, mgmt, skb->len, &elems,
freq, beacon); freq, beacon);
ieee80211_rx_bss_put(sdata->local, bss); if (bss)
ieee80211_rx_bss_put(sdata->local, bss);
dev_kfree_skb(skb); dev_kfree_skb(skb);
return RX_QUEUED; return RX_QUEUED;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment