Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 747cf5e9 authored by Tomas Winkler's avatar Tomas Winkler Committed by John W. Linville
Browse files

mac80211: fix ieee80211_get_buffered_bc 



fix bss not initialized in ieee80211_get_buffered_bc
and unbalanced locking

Signed-off-by: default avatarTomas Winkler <tomas.winkler@intel.com>
Signed-off-by: default avatarZhu Yi <yi.zhu@intel.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 20ad4fd5

net/mac80211/tx.c

+7 −9
Original line number Diff line number Diff line
@@ -1947,7 +1947,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw, 
			  struct ieee80211_vif *vif)

{

	struct ieee80211_local *local = hw_to_local(hw);

	struct sk_buff *skb;

	struct sk_buff *skb = NULL;

	struct sta_info *sta;

	ieee80211_tx_handler *handler;

	struct ieee80211_tx_data tx;
@@ -1960,7 +1960,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw, 


	sdata = vif_to_sdata(vif);

	bdev = sdata->dev;



	bss = &sdata->u.ap;



	if (!bss)

		return NULL;
@@ -1968,19 +1968,16 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw, 
	rcu_read_lock();

	beacon = rcu_dereference(bss->beacon);



	if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon ||

	    !beacon->head) {

		rcu_read_unlock();

		return NULL;

	}

	if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon || !beacon->head)

		goto out;



	if (bss->dtim_count != 0)

		return NULL; /* send buffered bc/mc only after DTIM beacon */

		goto out; /* send buffered bc/mc only after DTIM beacon */



	while (1) {

		skb = skb_dequeue(&bss->ps_bc_buf);

		if (!skb)

			return NULL;

			goto out;

		local->total_ps_buffered--;



		if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) {
@@ -2023,6 +2020,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw, 
		skb = NULL;

	}



out:

	rcu_read_unlock();



	return skb;