aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-10-10 20:29:55 -0400
committerJohn W. Linville <linville@tuxdriver.com>2008-10-14 21:08:11 -0400
commitd048e503a2b01e771ee87921c24d89d7ec3f0c2f (patch)
tree71df617d24f8ba4cc349b3588e9ee87a5b891b7a
parentc25bab54fe30d26a2cddf7058d77da72be630b23 (diff)
mac80211: Fix scan RX processing oops
ieee80211_bss_info_update() can return NULL. Verify that this is not the case before calling ieee802111_rx_bss_put() which would trigger an oops in interrupt context in atomic_dec_and_lock(). Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Benoit Papillault <benoit.papillault@free.fr> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--net/mac80211/scan.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 8e6685e7ae85..416bb41099f3 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -388,7 +388,8 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb,
388 bss = ieee80211_bss_info_update(sdata->local, rx_status, 388 bss = ieee80211_bss_info_update(sdata->local, rx_status,
389 mgmt, skb->len, &elems, 389 mgmt, skb->len, &elems,
390 freq, beacon); 390 freq, beacon);
391 ieee80211_rx_bss_put(sdata->local, bss); 391 if (bss)
392 ieee80211_rx_bss_put(sdata->local, bss);
392 393
393 dev_kfree_skb(skb); 394 dev_kfree_skb(skb);
394 return RX_QUEUED; 395 return RX_QUEUED;