From 747cf5e924a469a15a454b88a813236460b30975 Mon Sep 17 00:00:00 2001 From: Tomas Winkler Date: Tue, 27 May 2008 17:50:51 +0300 Subject: [PATCH] mac80211: fix ieee80211_get_buffered_bc fix bss not initialized in ieee80211_get_buffered_bc and unbalanced locking Signed-off-by: Tomas Winkler Signed-off-by: Zhu Yi Signed-off-by: John W. Linville --- net/mac80211/tx.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index dac44cbd036..16af30811f9 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -1947,7 +1947,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw, struct ieee80211_vif *vif) { struct ieee80211_local *local = hw_to_local(hw); - struct sk_buff *skb; + struct sk_buff *skb = NULL; struct sta_info *sta; ieee80211_tx_handler *handler; struct ieee80211_tx_data tx; @@ -1960,7 +1960,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw, sdata = vif_to_sdata(vif); bdev = sdata->dev; - + bss = &sdata->u.ap; if (!bss) return NULL; @@ -1968,19 +1968,16 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw, rcu_read_lock(); beacon = rcu_dereference(bss->beacon); - if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon || - !beacon->head) { - rcu_read_unlock(); - return NULL; - } + if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon || !beacon->head) + goto out; if (bss->dtim_count != 0) - return NULL; /* send buffered bc/mc only after DTIM beacon */ + goto out; /* send buffered bc/mc only after DTIM beacon */ while (1) { skb = skb_dequeue(&bss->ps_bc_buf); if (!skb) - return NULL; + goto out; local->total_ps_buffered--; if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) { @@ -2023,6 +2020,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw, skb = NULL; } +out: rcu_read_unlock(); return skb; -- 2.46.0