From: Javier Cardona Date: Mon, 29 Aug 2011 20:23:03 +0000 (-0700) Subject: mac80211: Fix RCU pointer dereference in mesh_path_discard_frame() X-Git-Tag: MMI-PSA29.97-13-9~18194^2~254^2~105 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=af089c15cb13e1c5d984e41f495c8363dd5b1e30;p=GitHub%2FMotorolaMobilityLLC%2Fkernel-slsi.git mac80211: Fix RCU pointer dereference in mesh_path_discard_frame() Reported by Pedro Larbig (ASPj) Signed-off-by: Javier Cardona Signed-off-by: John W. Linville --- diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c index ede4f5242e0b..2218eaf48bcb 100644 --- a/net/mac80211/mesh_pathtbl.c +++ b/net/mac80211/mesh_pathtbl.c @@ -991,9 +991,14 @@ void mesh_path_discard_frame(struct sk_buff *skb, da = hdr->addr3; ra = hdr->addr1; + rcu_read_lock(); mpath = mesh_path_lookup(da, sdata); - if (mpath) + if (mpath) { + spin_lock_bh(&mpath->state_lock); sn = ++mpath->sn; + spin_unlock_bh(&mpath->state_lock); + } + rcu_read_unlock(); mesh_path_error_tx(sdata->u.mesh.mshcfg.element_ttl, skb->data, cpu_to_le32(sn), reason, ra, sdata); }