projects / GitHub / LineageOS / android_kernel_samsung_universal7580.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5982b47)
mac80211: Fix RCU pointer dereference in mesh_path_discard_frame()
authorJavier Cardona <javier@cozybit.com>
Mon, 29 Aug 2011 20:23:03 +0000 (13:23 -0700)
committerJohn W. Linville <linville@tuxdriver.com>
Tue, 13 Sep 2011 19:42:32 +0000 (15:42 -0400)
Reported by Pedro Larbig (ASPj)

Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
net/mac80211/mesh_pathtbl.c patch | blob | blame | history

diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index ede4f5242e0b7e1be9fc36cbda954a8ed9d7e5c0..2218eaf48bcbebe7e6fa5c9f1cb4d0238a9c99f6 100644 (file)
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -991,9 +991,14 @@ void mesh_path_discard_frame(struct sk_buff *skb,
 
                da = hdr->addr3;
                ra = hdr->addr1;
+               rcu_read_lock();
                mpath = mesh_path_lookup(da, sdata);
-               if (mpath)
+               if (mpath) {
+                       spin_lock_bh(&mpath->state_lock);
                        sn = ++mpath->sn;
+                       spin_unlock_bh(&mpath->state_lock);
+               }
+               rcu_read_unlock();
                mesh_path_error_tx(sdata->u.mesh.mshcfg.element_ttl, skb->data,
                                   cpu_to_le32(sn), reason, ra, sdata);
        }