diff options
| author | Johannes Berg <johannes@sipsolutions.net> | 2009-07-27 10:33:31 +0200 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2009-07-29 15:46:13 -0400 |
| commit | a7bc376c858e0e724b8cb2db09b6874562d377ca (patch) | |
| tree | 0588a4d51146ea54ffc949bce9d2cc52d90943b1 | |
| parent | f9d6b402603a63b5e5b56bd7a79fa72a818be55b (diff) | |
mac80211: verify info->control.vif is not NULL
When enqueuing packets on the internal packet queue, we
need to ensure that we have a valid vif pointer since
that is required since the net namespace work. Add some
assertions to verify this, but also don't crash is for
some reason we don't end up with a vif pointer -- warn
and drop the packet in all these cases.
Since this code touches a number of hotpaths, it is
intended to be temporary, or maybe configurable in the
future, at least the bit that is in the path that gets
hit for every packet, ieee80211_tx_pending().
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
| -rw-r--r-- | net/mac80211/tx.c | 5 | ||||
| -rw-r--r-- | net/mac80211/util.c | 13 |
2 files changed, 18 insertions, 0 deletions
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 9e5dff1c8f2..4e1b2ba122c 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -1889,6 +1889,11 @@ void ieee80211_tx_pending(unsigned long data) struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); struct ieee80211_sub_if_data *sdata; + if (WARN_ON(!info->control.vif)) { + kfree_skb(skb); + continue; + } + sdata = vif_to_sdata(info->control.vif); dev_hold(sdata->dev); spin_unlock_irqrestore(&local->queue_stop_reason_lock, diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 7fc55846d60..8502936e531 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -336,6 +336,12 @@ void ieee80211_add_pending_skb(struct ieee80211_local *local, struct ieee80211_hw *hw = &local->hw; unsigned long flags; int queue = skb_get_queue_mapping(skb); + struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); + + if (WARN_ON(!info->control.vif)) { + kfree(skb); + return; + } spin_lock_irqsave(&local->queue_stop_reason_lock, flags); __ieee80211_stop_queue(hw, queue, IEEE80211_QUEUE_STOP_REASON_SKB_ADD); @@ -358,6 +364,13 @@ int ieee80211_add_pending_skbs(struct ieee80211_local *local, IEEE80211_QUEUE_STOP_REASON_SKB_ADD); while ((skb = skb_dequeue(skbs))) { + struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); + + if (WARN_ON(!info->control.vif)) { + kfree(skb); + continue; + } + ret++; queue = skb_get_queue_mapping(skb); __skb_queue_tail(&local->pending[queue], skb); |