Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity

mac80211: Fix panic on fragmentation with power saving

Browse source 
It was possible to hit a kernel panic on NULL pointer dereference in
dev_queue_xmit() when sending power save buffered frames to a STA that
woke up from sleep. This happened when the buffered frame was requeued
for transmission in ap_sta_ps_end(). In order to avoid the panic, copy
the skb->dev and skb->iif values from the first fragment to all other
fragments.

Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Jouni Malinen 2009-03-13 13:59:39 +02:00 committed by John W. Linville
parent 5ec905a8df
commit 055249d20d
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/mac80211/tx.c
View file

@ -752,6 +752,8 @@ ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
skb_copy_queue_mapping(frag, first);
frag->do_not_encrypt = first->do_not_encrypt;
frag->dev = first->dev;
frag->iif = first->iif;
pos += copylen;
left -= copylen;