mac80211_hwsim: avoid NULL access There's a race condition -- started can be set to true before channel is set due to the way mac80211 callbacks currently work (->start should probably pass the channel we would like to have initially). For now simply add a check to hwsim to avoid dereferencing the NULL channel pointer. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>

commit: 4ff176674e75bdee9022dded415fb805f15700ad [log] [tgz]
author: Johannes Berg <johannes@sipsolutions.net> Tue Jul 07 03:43:02 2009 +0200
committer: John W. Linville <linville@tuxdriver.com> Wed Jul 08 15:24:26 2009 -0400
tree: d4a103ec06836e07927930c6c86594ca00270a08
parent: 2fbddeb5c409c90be4706ea2beb7f1fc02100c72 [diff] [blame]
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index e789c6e..a111bda 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c

@@ -418,6 +418,7 @@
 			continue;
 
 		if (!data2->started || !hwsim_ps_rx_ok(data2, skb) ||
+		    !data->channel || !data2->channel ||
 		    data->channel->center_freq != data2->channel->center_freq ||
 		    !(data->group & data2->group))
 			continue;
commit	4ff176674e75bdee9022dded415fb805f15700ad	[log] [tgz]
author	Johannes Berg <johannes@sipsolutions.net>	Tue Jul 07 03:43:02 2009 +0200
committer	John W. Linville <linville@tuxdriver.com>	Wed Jul 08 15:24:26 2009 -0400
tree	d4a103ec06836e07927930c6c86594ca00270a08
parent	2fbddeb5c409c90be4706ea2beb7f1fc02100c72 [diff] [blame]