summaryrefslogtreecommitdiffstats
path: root/net/mac80211/tx.c
diff options
context:
space:
mode:
authorTomas Winkler <tomas.winkler@intel.com>2008-05-27 16:50:51 +0200
committerJohn W. Linville <linville@tuxdriver.com>2008-06-03 21:00:16 +0200
commit747cf5e924a469a15a454b88a813236460b30975 (patch)
tree561ebdf183e01b54bce155e4ab5998f7e21b3d8f /net/mac80211/tx.c
parentrndis_wlan: use ARRAY_SIZE instead of sizeof when adding 11g rates (diff)
downloadlinux-747cf5e924a469a15a454b88a813236460b30975.tar.xz
linux-747cf5e924a469a15a454b88a813236460b30975.zip
mac80211: fix ieee80211_get_buffered_bc
fix bss not initialized in ieee80211_get_buffered_bc and unbalanced locking Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/tx.c')
-rw-r--r--net/mac80211/tx.c16
1 files changed, 7 insertions, 9 deletions
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index dac44cbd036f..16af30811f98 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1947,7 +1947,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
struct ieee80211_vif *vif)
{
struct ieee80211_local *local = hw_to_local(hw);
- struct sk_buff *skb;
+ struct sk_buff *skb = NULL;
struct sta_info *sta;
ieee80211_tx_handler *handler;
struct ieee80211_tx_data tx;
@@ -1960,7 +1960,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
sdata = vif_to_sdata(vif);
bdev = sdata->dev;
-
+ bss = &sdata->u.ap;
if (!bss)
return NULL;
@@ -1968,19 +1968,16 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
rcu_read_lock();
beacon = rcu_dereference(bss->beacon);
- if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon ||
- !beacon->head) {
- rcu_read_unlock();
- return NULL;
- }
+ if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon || !beacon->head)
+ goto out;
if (bss->dtim_count != 0)
- return NULL; /* send buffered bc/mc only after DTIM beacon */
+ goto out; /* send buffered bc/mc only after DTIM beacon */
while (1) {
skb = skb_dequeue(&bss->ps_bc_buf);
if (!skb)
- return NULL;
+ goto out;
local->total_ps_buffered--;
if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) {
@@ -2023,6 +2020,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
skb = NULL;
}
+out:
rcu_read_unlock();
return skb;