From: Tomas Winkler <tomas.winkler@xxxxxxxxx>
The patch fixes bss not initialized in ieee80211_get_buffered_bc
and unbalanced locking.
Signed-off-by: Tomas Winkler <tomas.winkler@xxxxxxxxx>
Signed-off-by: Zhu Yi <yi.zhu@xxxxxxxxx>
---
net/mac80211/tx.c | 16 +++++++---------
1 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index baa1be0..f974d02 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1908,7 +1908,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
struct ieee80211_vif *vif)
{
struct ieee80211_local *local = hw_to_local(hw);
- struct sk_buff *skb;
+ struct sk_buff *skb = NULL;
struct sta_info *sta;
ieee80211_tx_handler *handler;
struct ieee80211_tx_data tx;
@@ -1921,7 +1921,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
sdata = vif_to_sdata(vif);
bdev = sdata->dev;
-
+ bss = &sdata->u.ap;
if (!bss)
return NULL;
@@ -1929,19 +1929,16 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
rcu_read_lock();
beacon = rcu_dereference(bss->beacon);
- if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon ||
- !beacon->head) {
- rcu_read_unlock();
- return NULL;
- }
+ if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon || !beacon->head)
+ goto out;
if (bss->dtim_count != 0)
- return NULL; /* send buffered bc/mc only after DTIM beacon */
+ goto out; /* send buffered bc/mc only after DTIM beacon */
while (1) {
skb = skb_dequeue(&bss->ps_bc_buf);
if (!skb)
- return NULL;
+ goto out;
local->total_ps_buffered--;
if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) {
@@ -1984,6 +1981,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
skb = NULL;
}
+out:
rcu_read_unlock();
return skb;
--
1.5.3.6
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
