Michal Kazior <michal.kazior@xxxxxxxxx> writes: > If DMA mapping of next beacon failed it was > possible for next SWBA to access a pointer that > was already unmapped and freed. This could cause > memory corruption. > > Signed-off-by: Michal Kazior <michal.kazior@xxxxxxxxx> > --- > drivers/net/wireless/ath/ath10k/wmi.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/net/wireless/ath/ath10k/wmi.c b/drivers/net/wireless/ath/ath10k/wmi.c > index d4b48ef..35c7d52 100644 > --- a/drivers/net/wireless/ath/ath10k/wmi.c > +++ b/drivers/net/wireless/ath/ath10k/wmi.c > @@ -1441,6 +1441,8 @@ static void ath10k_wmi_event_host_swba(struct ath10k *ar, struct sk_buff *skb) > dev_kfree_skb_any(arvif->beacon); > } > > + arvif->beacon = NULL; Why have this outside the "if (arvif->beacon)" check? If it's already NULL, there's no need to set it to NULL again. And besides, at least for me, it's more intuitive to reset the variable immeadiately after dev_kfree_skb_any(). -- Kalle Valo -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
