mac80211: fix channel switch for chanctx-based drivers
authorMichal Kazior <michal.kazior@tieto.com>
Mon, 18 Aug 2014 11:19:09 +0000 (13:19 +0200)
committerLinus Torvalds <torvalds@linux-foundation.org>
Fri, 22 Aug 2014 21:45:49 +0000 (14:45 -0700)
The new_ctx pointer is set only for non-chanctx drivers.  This yielded a
crash for chanctx-based drivers during channel switch finalization:

  BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
  IP: ieee80211_vif_use_reserved_switch+0x71c/0xb00 [mac80211]

Use an adequate chanctx pointer to fix this.

Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
net/mac80211/chan.c

index 6d537f03c0baa0450eefc5c22f496be085072cfd..0375009ddc0db39fd5a365db8cb5e4122219d864 100644 (file)
@@ -1444,7 +1444,7 @@ ieee80211_vif_use_reserved_switch(struct ieee80211_local *local)
 
                        list_del(&sdata->reserved_chanctx_list);
                        list_move(&sdata->assigned_chanctx_list,
-                                 &new_ctx->assigned_vifs);
+                                 &ctx->assigned_vifs);
                        sdata->reserved_chanctx = NULL;
 
                        ieee80211_vif_chanctx_reservation_complete(sdata);