BugLink: http://bugs.launchpad.net/bugs/793702
commit
a3836e02ba4c50db958d32d710b226f2408623dc upstream.
A few configuration functions correctly do
rcu_read_lock() but don't correctly reference
some pointers protected by RCU. Fix that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
+ key = rcu_dereference(sta->ptk);
else if (key_idx < NUM_DEFAULT_KEYS)
else if (key_idx < NUM_DEFAULT_KEYS)
- key = sta->gtk[key_idx];
+ key = rcu_dereference(sta->gtk[key_idx]);
- key = sdata->keys[key_idx];
+ key = rcu_dereference(sdata->keys[key_idx]);
static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop,
struct mpath_info *pinfo)
{
static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop,
struct mpath_info *pinfo)
{
- if (mpath->next_hop)
- memcpy(next_hop, mpath->next_hop->sta.addr, ETH_ALEN);
+ struct sta_info *next_hop_sta = rcu_dereference(mpath->next_hop);
+
+ if (next_hop_sta)
+ memcpy(next_hop, next_hop_sta->sta.addr, ETH_ALEN);
else
memset(next_hop, 0, ETH_ALEN);
else
memset(next_hop, 0, ETH_ALEN);