forked from Minki/linux
mac80211: safely free beacon in ieee80211_if_reinit
If ieee80211_if_reinit() is called from ieee80211_unregister_hw() then it is possible that the driver will still request a beacon (it is allowed to until ieee80211_unregister_hw() has returned.) This means we need to use an RCU-protected write to the beacon information even in this function. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
parent
2485f7105f
commit
e6a5ddf208
@ -193,6 +193,7 @@ void ieee80211_if_reinit(struct net_device *dev)
|
||||
/* Remove all virtual interfaces that use this BSS
|
||||
* as their sdata->bss */
|
||||
struct ieee80211_sub_if_data *tsdata, *n;
|
||||
struct beacon_data *beacon;
|
||||
|
||||
list_for_each_entry_safe(tsdata, n, &local->interfaces, list) {
|
||||
if (tsdata != sdata && tsdata->bss == &sdata->u.ap) {
|
||||
@ -210,7 +211,10 @@ void ieee80211_if_reinit(struct net_device *dev)
|
||||
}
|
||||
}
|
||||
|
||||
kfree(sdata->u.ap.beacon);
|
||||
beacon = sdata->u.ap.beacon;
|
||||
rcu_assign_pointer(sdata->u.ap.beacon, NULL);
|
||||
synchronize_rcu();
|
||||
kfree(beacon);
|
||||
|
||||
while ((skb = skb_dequeue(&sdata->u.ap.ps_bc_buf))) {
|
||||
local->total_ps_buffered--;
|
||||
|
Loading…
Reference in New Issue
Block a user