mac80211: fix a crash on accessing stale skb->dev references

SVN-Revision: 33279
owl
Felix Fietkau 2012-08-27 12:23:25 +00:00
parent 4a04899c5e
commit e85962926a
1 changed files with 32 additions and 0 deletions

View File

@ -0,0 +1,32 @@
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -517,6 +517,8 @@ void ieee80211_tx_status(struct ieee8021
if (info->flags & IEEE80211_TX_INTFL_NL80211_FRAME_TX) {
u64 cookie = (unsigned long)skb;
+ bool found = false;
+
acked = info->flags & IEEE80211_TX_STAT_ACK;
/*
@@ -524,8 +526,18 @@ void ieee80211_tx_status(struct ieee8021
* we cannot use skb->dev->ieee80211_ptr
*/
- if (ieee80211_is_nullfunc(hdr->frame_control) ||
- ieee80211_is_qos_nullfunc(hdr->frame_control))
+ list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+ if (skb->dev != sdata->dev)
+ continue;
+
+ found = true;
+ break;
+ }
+
+ if (!found)
+ skb->dev = NULL;
+ else if (ieee80211_is_nullfunc(hdr->frame_control) ||
+ ieee80211_is_qos_nullfunc(hdr->frame_control))
cfg80211_probe_status(skb->dev, hdr->addr1,
cookie, acked, GFP_ATOMIC);
else