From: John W. Linville <linville@tuxdriver.com>
Date: Fri, 24 Sep 2010 19:52:49 +0000 (-0400)
Subject: Revert "mac80211: fix use-after-free"
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=7c1e183186377e84e6f4e457be0514887f2df4ef;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git

Revert "mac80211: fix use-after-free"

This reverts commit cd87a2d3a33d75a646f1aa1aa2ee5bf712d6f963.

Author reports it conflicts with proper fixes, applied hereafter.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
---

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 50c0803a63ba..29a582df6371 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2286,6 +2286,9 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
 	struct net_device *prev_dev = NULL;
 	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
 
+	if (status->flag & RX_FLAG_INTERNAL_CMTR)
+		goto out_free_skb;
+
 	if (skb_headroom(skb) < sizeof(*rthdr) &&
 	    pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC))
 		goto out_free_skb;
@@ -2344,6 +2347,7 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
 	} else
 		goto out_free_skb;
 
+	status->flag |= RX_FLAG_INTERNAL_CMTR;
 	return;
 
  out_free_skb: