aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2009-07-27 04:33:31 -0400
committerJohn W. Linville <linville@tuxdriver.com>2009-07-29 15:46:13 -0400
commita7bc376c858e0e724b8cb2db09b6874562d377ca (patch)
tree0588a4d51146ea54ffc949bce9d2cc52d90943b1 /net
parentf9d6b402603a63b5e5b56bd7a79fa72a818be55b (diff)
mac80211: verify info->control.vif is not NULL
When enqueuing packets on the internal packet queue, we need to ensure that we have a valid vif pointer since that is required since the net namespace work. Add some assertions to verify this, but also don't crash is for some reason we don't end up with a vif pointer -- warn and drop the packet in all these cases. Since this code touches a number of hotpaths, it is intended to be temporary, or maybe configurable in the future, at least the bit that is in the path that gets hit for every packet, ieee80211_tx_pending(). Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
-rw-r--r--net/mac80211/tx.c5
-rw-r--r--net/mac80211/util.c13
2 files changed, 18 insertions, 0 deletions
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 9e5dff1c8f27..4e1b2ba122cd 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1889,6 +1889,11 @@ void ieee80211_tx_pending(unsigned long data)
1889 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1889 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1890 struct ieee80211_sub_if_data *sdata; 1890 struct ieee80211_sub_if_data *sdata;
1891 1891
1892 if (WARN_ON(!info->control.vif)) {
1893 kfree_skb(skb);
1894 continue;
1895 }
1896
1892 sdata = vif_to_sdata(info->control.vif); 1897 sdata = vif_to_sdata(info->control.vif);
1893 dev_hold(sdata->dev); 1898 dev_hold(sdata->dev);
1894 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1899 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 7fc55846d601..8502936e5314 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -336,6 +336,12 @@ void ieee80211_add_pending_skb(struct ieee80211_local *local,
336 struct ieee80211_hw *hw = &local->hw; 336 struct ieee80211_hw *hw = &local->hw;
337 unsigned long flags; 337 unsigned long flags;
338 int queue = skb_get_queue_mapping(skb); 338 int queue = skb_get_queue_mapping(skb);
339 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
340
341 if (WARN_ON(!info->control.vif)) {
342 kfree(skb);
343 return;
344 }
339 345
340 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 346 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
341 __ieee80211_stop_queue(hw, queue, IEEE80211_QUEUE_STOP_REASON_SKB_ADD); 347 __ieee80211_stop_queue(hw, queue, IEEE80211_QUEUE_STOP_REASON_SKB_ADD);
@@ -358,6 +364,13 @@ int ieee80211_add_pending_skbs(struct ieee80211_local *local,
358 IEEE80211_QUEUE_STOP_REASON_SKB_ADD); 364 IEEE80211_QUEUE_STOP_REASON_SKB_ADD);
359 365
360 while ((skb = skb_dequeue(skbs))) { 366 while ((skb = skb_dequeue(skbs))) {
367 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
368
369 if (WARN_ON(!info->control.vif)) {
370 kfree(skb);
371 continue;
372 }
373
361 ret++; 374 ret++;
362 queue = skb_get_queue_mapping(skb); 375 queue = skb_get_queue_mapping(skb);
363 __skb_queue_tail(&local->pending[queue], skb); 376 __skb_queue_tail(&local->pending[queue], skb);