From af089c15cb13e1c5d984e41f495c8363dd5b1e30 Mon Sep 17 00:00:00 2001 From: Javier Cardona Date: Mon, 29 Aug 2011 13:23:03 -0700 Subject: [PATCH] mac80211: Fix RCU pointer dereference in mesh_path_discard_frame() Reported by Pedro Larbig (ASPj) Signed-off-by: Javier Cardona Signed-off-by: John W. Linville --- net/mac80211/mesh_pathtbl.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c index ede4f5242e0b..2218eaf48bcb 100644 --- a/net/mac80211/mesh_pathtbl.c +++ b/net/mac80211/mesh_pathtbl.c @@ -991,9 +991,14 @@ void mesh_path_discard_frame(struct sk_buff *skb, da = hdr->addr3; ra = hdr->addr1; + rcu_read_lock(); mpath = mesh_path_lookup(da, sdata); - if (mpath) + if (mpath) { + spin_lock_bh(&mpath->state_lock); sn = ++mpath->sn; + spin_unlock_bh(&mpath->state_lock); + } + rcu_read_unlock(); mesh_path_error_tx(sdata->u.mesh.mshcfg.element_ttl, skb->data, cpu_to_le32(sn), reason, ra, sdata); } -- 2.20.1