Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 83c7aa1a authored Feb 05, 2013 by Johannes Berg

cfg80211: remove scan ies NULL check



There's no way scan BSS IEs can be NULL as even
if the allocation fails the frame is discarded.
Remove some code checking for this and document
that it is always non-NULL.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

parent b207cdb0

drivers/net/wireless/mwifiex/sta_ioctl.c

+0 −5

Original line number	Diff line number	Diff line
		@@ -162,11 +162,6 @@ int mwifiex_fill_new_bss_desc(struct mwifiex_private *priv,

		rcu_read_lock();
		ies = rcu_dereference(bss->ies);
		if (WARN_ON(!ies)) {
		/* should never happen */
		rcu_read_unlock();
		return -EINVAL;
		}
		beacon_ie = kmemdup(ies->data, ies->len, GFP_ATOMIC);
		beacon_ie_len = ies->len;
		rcu_read_unlock();

include/net/cfg80211.h

+4 −4

Original line number	Diff line number	Diff line
		@@ -1287,10 +1287,10 @@ struct cfg80211_bss_ies {
		* @tsf: timestamp of last received update
		* @beacon_interval: the beacon interval as from the frame
		* @capability: the capability field in host byte order
		* @ies: the information elements (Note that there
		* is no guarantee that these are well-formed!); this is a pointer to
		* either the beacon_ies or proberesp_ies depending on whether Probe
		* Response frame has been received
		* @ies: the information elements (Note that there is no guarantee that these
		* are well-formed!); this is a pointer to either the beacon_ies or
		* proberesp_ies depending on whether Probe Response frame has been
		* received. It is always non-%NULL.
		* @beacon_ies: the information elements from the last Beacon frame
		* (implementation note: if @hidden_beacon_bss is set this struct doesn't
		* own the beacon_ies, but they're just pointers to the ones from the

net/wireless/scan.c

+3 −8

Original line number	Diff line number	Diff line
		@@ -1293,15 +1293,10 @@ ieee80211_bss(struct wiphy wiphy, struct iw_request_info info,

		rcu_read_lock();
		ies = rcu_dereference(bss->pub.ies);
		if (ies) {
		rem = ies->len;
		ie = ies->data;
		} else {
		rem = 0;
		ie = NULL;
		}

		while (ies && rem >= 2) {
		while (rem >= 2) {
		/* invalid data */
		if (ie[1] > rem - 2)
		break;