Commit fa28981b authored by Johannes Berg's avatar Johannes Berg

wifi: mac80211: fix link data leak

During the code reshuffling, I accidentally set this to
NULL before using it, fix that to fix the link data leak.

Fixes: d3e2439b ("wifi: mac80211: fix link manipulation")
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent a94c90d3
...@@ -514,18 +514,18 @@ static int ieee80211_vif_update_links(struct ieee80211_sub_if_data *sdata, ...@@ -514,18 +514,18 @@ static int ieee80211_vif_update_links(struct ieee80211_sub_if_data *sdata,
/* grab old links to free later */ /* grab old links to free later */
for_each_set_bit(link_id, &rem, IEEE80211_MLD_MAX_NUM_LINKS) { for_each_set_bit(link_id, &rem, IEEE80211_MLD_MAX_NUM_LINKS) {
if (rcu_access_pointer(sdata->link[link_id]) != &sdata->deflink) {
/*
* we must have allocated the data through this path so
* we know we can free both at the same time
*/
to_free[link_id] = container_of(rcu_access_pointer(sdata->link[link_id]),
typeof(*links[link_id]),
data);
}
RCU_INIT_POINTER(sdata->link[link_id], NULL); RCU_INIT_POINTER(sdata->link[link_id], NULL);
RCU_INIT_POINTER(sdata->vif.link_conf[link_id], NULL); RCU_INIT_POINTER(sdata->vif.link_conf[link_id], NULL);
if (rcu_access_pointer(sdata->link[link_id]) == &sdata->deflink)
continue;
/*
* we must have allocated the data through this path so
* we know we can free both at the same time
*/
to_free[link_id] = container_of(rcu_access_pointer(sdata->link[link_id]),
typeof(*links[link_id]),
data);
} }
/* link them into data structures */ /* link them into data structures */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment