diff options
author | Tomas Winkler <tomas.winkler@intel.com> | 2008-05-27 16:50:51 +0200 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2008-06-03 21:00:16 +0200 |
commit | 747cf5e924a469a15a454b88a813236460b30975 (patch) | |
tree | 561ebdf183e01b54bce155e4ab5998f7e21b3d8f /net/mac80211 | |
parent | rndis_wlan: use ARRAY_SIZE instead of sizeof when adding 11g rates (diff) | |
download | linux-747cf5e924a469a15a454b88a813236460b30975.tar.xz linux-747cf5e924a469a15a454b88a813236460b30975.zip |
mac80211: fix ieee80211_get_buffered_bc
fix bss not initialized in ieee80211_get_buffered_bc
and unbalanced locking
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211')
-rw-r--r-- | net/mac80211/tx.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index dac44cbd036f..16af30811f98 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -1947,7 +1947,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw, struct ieee80211_vif *vif) { struct ieee80211_local *local = hw_to_local(hw); - struct sk_buff *skb; + struct sk_buff *skb = NULL; struct sta_info *sta; ieee80211_tx_handler *handler; struct ieee80211_tx_data tx; @@ -1960,7 +1960,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw, sdata = vif_to_sdata(vif); bdev = sdata->dev; - + bss = &sdata->u.ap; if (!bss) return NULL; @@ -1968,19 +1968,16 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw, rcu_read_lock(); beacon = rcu_dereference(bss->beacon); - if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon || - !beacon->head) { - rcu_read_unlock(); - return NULL; - } + if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon || !beacon->head) + goto out; if (bss->dtim_count != 0) - return NULL; /* send buffered bc/mc only after DTIM beacon */ + goto out; /* send buffered bc/mc only after DTIM beacon */ while (1) { skb = skb_dequeue(&bss->ps_bc_buf); if (!skb) - return NULL; + goto out; local->total_ps_buffered--; if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) { @@ -2023,6 +2020,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw, skb = NULL; } +out: rcu_read_unlock(); return skb; |