Fix the NULL check for padapter->pnetdev->rx_handler_data. The current code calls rcu_dereference while it holds the rcu read lock and checks the pointer after releasing the lock. An rcu pointer may only be used between calls to rcu_read_lock and rcu_read_unlock. Replace the check with rcu_access_pointer. My understanding is that this function returns the value of the pointer and needs no locking. We can then check the pointer but we must not dereference it. Signed-off-by: Martin Kaiser <martin@xxxxxxxxx> --- drivers/staging/r8188eu/core/rtw_xmit.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/staging/r8188eu/core/rtw_xmit.c b/drivers/staging/r8188eu/core/rtw_xmit.c index 91f92ec5ef69..18941320e70e 100644 --- a/drivers/staging/r8188eu/core/rtw_xmit.c +++ b/drivers/staging/r8188eu/core/rtw_xmit.c @@ -1631,18 +1631,14 @@ s32 rtw_xmit(struct adapter *padapter, struct sk_buff **ppkt) struct xmit_priv *pxmitpriv = &padapter->xmitpriv; struct xmit_frame *pxmitframe = NULL; struct mlme_priv *pmlmepriv = &padapter->mlmepriv; - void *br_port = NULL; s32 res; pxmitframe = rtw_alloc_xmitframe(pxmitpriv); if (!pxmitframe) return -1; - rcu_read_lock(); - br_port = rcu_dereference(padapter->pnetdev->rx_handler_data); - rcu_read_unlock(); - - if (br_port && check_fwstate(pmlmepriv, WIFI_STATION_STATE | WIFI_ADHOC_STATE)) { + if (rcu_access_pointer(padapter->pnetdev->rx_handler_data) && + check_fwstate(pmlmepriv, WIFI_STATION_STATE | WIFI_ADHOC_STATE)) { res = rtw_br_client_tx(padapter, ppkt); if (res == -1) { rtw_free_xmitframe(pxmitpriv, pxmitframe); -- 2.30.2