On 05/17/2012 09:06 AM, Eliad Peller wrote:
cfg80211_dev_free() calls cfg80211_put_bss() directly on all the remaining bss entries, skipping the proper bss entry cleanup that usually made by __cfg80211_unlink_bss(), and leaving the bss_list and the rb_tree with dangling pointers. Fix it by calling cfg80211_unlink_bss() instead.
This doesn't apply clean against 3.3..though not too hard to fix it up by hand. Do you know how far back this does need to be applied (3.0, for instance)? Thanks, Ben
Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Eliad Peller<eliad@xxxxxxxxxx> --- net/wireless/core.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/wireless/core.c b/net/wireless/core.c index 4e86a86..232c385 100644 --- a/net/wireless/core.c +++ b/net/wireless/core.c @@ -729,7 +729,7 @@ void cfg80211_dev_free(struct cfg80211_registered_device *rdev) mutex_destroy(&rdev->devlist_mtx); mutex_destroy(&rdev->sched_scan_mtx); list_for_each_entry_safe(scan, tmp,&rdev->bss_list, list) - cfg80211_put_bss(&scan->pub); + cfg80211_unlink_bss(&rdev->wiphy,&scan->pub); kfree(rdev); }
-- Ben Greear <greearb@xxxxxxxxxxxxxxx> Candela Technologies Inc http://www.candelatech.com -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
