提交 a7bc376c 编写于 作者: J Johannes Berg 提交者: John W. Linville

mac80211: verify info->control.vif is not NULL

When enqueuing packets on the internal packet queue, we
need to ensure that we have a valid vif pointer since
that is required since the net namespace work. Add some
assertions to verify this, but also don't crash is for
some reason we don't end up with a vif pointer -- warn
and drop the packet in all these cases.

Since this code touches a number of hotpaths, it is
intended to be temporary, or maybe configurable in the
future, at least the bit that is in the path that gets
hit for every packet, ieee80211_tx_pending().
Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
上级 f9d6b402
...@@ -1889,6 +1889,11 @@ void ieee80211_tx_pending(unsigned long data) ...@@ -1889,6 +1889,11 @@ void ieee80211_tx_pending(unsigned long data)
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
struct ieee80211_sub_if_data *sdata; struct ieee80211_sub_if_data *sdata;
if (WARN_ON(!info->control.vif)) {
kfree_skb(skb);
continue;
}
sdata = vif_to_sdata(info->control.vif); sdata = vif_to_sdata(info->control.vif);
dev_hold(sdata->dev); dev_hold(sdata->dev);
spin_unlock_irqrestore(&local->queue_stop_reason_lock, spin_unlock_irqrestore(&local->queue_stop_reason_lock,
......
...@@ -336,6 +336,12 @@ void ieee80211_add_pending_skb(struct ieee80211_local *local, ...@@ -336,6 +336,12 @@ void ieee80211_add_pending_skb(struct ieee80211_local *local,
struct ieee80211_hw *hw = &local->hw; struct ieee80211_hw *hw = &local->hw;
unsigned long flags; unsigned long flags;
int queue = skb_get_queue_mapping(skb); int queue = skb_get_queue_mapping(skb);
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
if (WARN_ON(!info->control.vif)) {
kfree(skb);
return;
}
spin_lock_irqsave(&local->queue_stop_reason_lock, flags); spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
__ieee80211_stop_queue(hw, queue, IEEE80211_QUEUE_STOP_REASON_SKB_ADD); __ieee80211_stop_queue(hw, queue, IEEE80211_QUEUE_STOP_REASON_SKB_ADD);
...@@ -358,6 +364,13 @@ int ieee80211_add_pending_skbs(struct ieee80211_local *local, ...@@ -358,6 +364,13 @@ int ieee80211_add_pending_skbs(struct ieee80211_local *local,
IEEE80211_QUEUE_STOP_REASON_SKB_ADD); IEEE80211_QUEUE_STOP_REASON_SKB_ADD);
while ((skb = skb_dequeue(skbs))) { while ((skb = skb_dequeue(skbs))) {
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
if (WARN_ON(!info->control.vif)) {
kfree(skb);
continue;
}
ret++; ret++;
queue = skb_get_queue_mapping(skb); queue = skb_get_queue_mapping(skb);
__skb_queue_tail(&local->pending[queue], skb); __skb_queue_tail(&local->pending[queue], skb);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册