diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2013-10-21 11:33:35 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-12-04 10:57:30 -0800 |
| commit | f98c4b05dc4582055fdb58635d99232e3c6ffc47 (patch) | |
| tree | d291348cb21338063612913039a1ad8b21fd49fc | |
| parent | 7c5f3874d9d697f9e21acbdd8be9e65af6f5a880 (diff) | |
| download | linux-stable-f98c4b05dc4582055fdb58635d99232e3c6ffc47.tar.gz linux-stable-f98c4b05dc4582055fdb58635d99232e3c6ffc47.tar.bz2 linux-stable-f98c4b05dc4582055fdb58635d99232e3c6ffc47.zip | |
cfg80211: fix scheduled scan pointer access
commit 79845c662eeb95c9a180b9bd0d3ad848ee65b94c upstream.
Since rdev->sched_scan_req is dereferenced outside the
lock protecting it, this might be done at the wrong
time, causing crashes. Move the dereference to where
it should be - inside the RTNL locked section.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | net/wireless/scan.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/wireless/scan.c b/net/wireless/scan.c index fd99ea495b7e..81019ee3ddc8 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -253,10 +253,10 @@ void __cfg80211_sched_scan_results(struct work_struct *wk) rdev = container_of(wk, struct cfg80211_registered_device, sched_scan_results_wk); - request = rdev->sched_scan_req; - mutex_lock(&rdev->sched_scan_mtx); + request = rdev->sched_scan_req; + /* we don't have sched_scan_req anymore if the scan is stopping */ if (request) { if (request->flags & NL80211_SCAN_FLAG_FLUSH) { |