mac80211: fix ieee80211_get_buffered_bc
fix bss not initialized in ieee80211_get_buffered_bc
and unbalanced locking
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index dac44cb..16af308 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1947,7 +1947,7 @@
struct ieee80211_vif *vif)
{
struct ieee80211_local *local = hw_to_local(hw);
- struct sk_buff *skb;
+ struct sk_buff *skb = NULL;
struct sta_info *sta;
ieee80211_tx_handler *handler;
struct ieee80211_tx_data tx;
@@ -1960,7 +1960,7 @@
sdata = vif_to_sdata(vif);
bdev = sdata->dev;
-
+ bss = &sdata->u.ap;
if (!bss)
return NULL;
@@ -1968,19 +1968,16 @@
rcu_read_lock();
beacon = rcu_dereference(bss->beacon);
- if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon ||
- !beacon->head) {
- rcu_read_unlock();
- return NULL;
- }
+ if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon || !beacon->head)
+ goto out;
if (bss->dtim_count != 0)
- return NULL; /* send buffered bc/mc only after DTIM beacon */
+ goto out; /* send buffered bc/mc only after DTIM beacon */
while (1) {
skb = skb_dequeue(&bss->ps_bc_buf);
if (!skb)
- return NULL;
+ goto out;
local->total_ps_buffered--;
if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) {
@@ -2023,6 +2020,7 @@
skb = NULL;
}
+out:
rcu_read_unlock();
return skb;