mwl8k: Fixing sta dereference when ieee80211_tx_info->control.sta is NULL
authorYogesh Ashok Powar <yogeshp@marvell.com>
Wed, 13 Jul 2011 12:12:06 +0000 (17:42 +0530)
committerJohn W. Linville <linville@tuxdriver.com>
Fri, 15 Jul 2011 17:38:30 +0000 (13:38 -0400)
Following oops was seen on SMP machine

>BUG: unable to handle kernel NULL pointer dereference at 00000012
>IP: [<f8c56691>] mwl8k_tx+0x20e/0x561 [mwl8k]
>*pde = 00000000
>Oops: 0000 [#1] SMP
>Modules linked in: mwl8k mac80211 cfg80211 [last unloaded: cfg80211]

As ieee80211_tx_info->control.sta may be NULL during ->tx call, avoiding sta
dereference in such scenario with the following patch.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/mwl8k.c

index aeac3cc4dbe45d6df570a636ffafbfcc3ce104cf..a09b94509f0448bcd13dbfa5fc9c6bfd168574c7 100644 (file)
@@ -1891,9 +1891,9 @@ mwl8k_txq_xmit(struct ieee80211_hw *hw, int index, struct sk_buff *skb)
 
        txpriority = index;
 
-       if (ieee80211_is_data_qos(wh->frame_control) &&
-           skb->protocol != cpu_to_be16(ETH_P_PAE) &&
-           sta->ht_cap.ht_supported && priv->ap_fw) {
+       if (priv->ap_fw && sta && sta->ht_cap.ht_supported
+                       && skb->protocol != cpu_to_be16(ETH_P_PAE)
+                       && ieee80211_is_data_qos(wh->frame_control)) {
                tid = qos & 0xf;
                mwl8k_tx_count_packet(sta, tid);
                spin_lock(&priv->stream_lock);