Add the missing unlock before return from function cw1200_hw_scan()
in the error handling case.
Fixes: 4f68ef64cd7f ("cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()")
Signed-off-by: Wei Yongjun <[email protected]>
---
drivers/net/wireless/st/cw1200/scan.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/st/cw1200/scan.c b/drivers/net/wireless/st/cw1200/scan.c
index 0a9eac9..71e9b91 100644
--- a/drivers/net/wireless/st/cw1200/scan.c
+++ b/drivers/net/wireless/st/cw1200/scan.c
@@ -84,8 +84,11 @@ int cw1200_hw_scan(struct ieee80211_hw *hw,
frame.skb = ieee80211_probereq_get(hw, priv->vif->addr, NULL, 0,
req->ie_len);
- if (!frame.skb)
+ if (!frame.skb) {
+ mutex_unlock(&priv->conf_mutex);
+ up(&priv->scan.lock);
return -ENOMEM;
+ }
if (req->ie_len)
skb_put_data(frame.skb, req->ie, req->ie_len);
Oh, I forgot to handle the error case in my previous commit 4f68ef64cd7f...
Thanks for this patch :)
On 2018/12/22 18:34, Wei Yongjun wrote:
> Add the missing unlock before return from function cw1200_hw_scan()
> in the error handling case.
>
> Fixes: 4f68ef64cd7f ("cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()")
> Signed-off-by: Wei Yongjun <[email protected]>
> ---
> drivers/net/wireless/st/cw1200/scan.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/wireless/st/cw1200/scan.c b/drivers/net/wireless/st/cw1200/scan.c
> index 0a9eac9..71e9b91 100644
> --- a/drivers/net/wireless/st/cw1200/scan.c
> +++ b/drivers/net/wireless/st/cw1200/scan.c
> @@ -84,8 +84,11 @@ int cw1200_hw_scan(struct ieee80211_hw *hw,
>
> frame.skb = ieee80211_probereq_get(hw, priv->vif->addr, NULL, 0,
> req->ie_len);
> - if (!frame.skb)
> + if (!frame.skb) {
> + mutex_unlock(&priv->conf_mutex);
> + up(&priv->scan.lock);
> return -ENOMEM;
> + }
>
> if (req->ie_len)
> skb_put_data(frame.skb, req->ie, req->ie_len);
>
>
>
Acked-by: Jia-Ju Bai <[email protected]>
Wei Yongjun <[email protected]> wrote:
> Add the missing unlock before return from function cw1200_hw_scan()
> in the error handling case.
>
> Fixes: 4f68ef64cd7f ("cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()")
> Signed-off-by: Wei Yongjun <[email protected]>
> Acked-by: Jia-Ju Bai <[email protected]>
cw1200 patches go to wireless-drivers-next, not net-next. In the future please
don't mark them for net-next to avoid any confusion.
--
https://patchwork.kernel.org/patch/10741431/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Wei Yongjun <[email protected]> wrote:
> Add the missing unlock before return from function cw1200_hw_scan()
> in the error handling case.
>
> Fixes: 4f68ef64cd7f ("cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()")
> Signed-off-by: Wei Yongjun <[email protected]>
> Acked-by: Jia-Ju Bai <[email protected]>
Patch applied to wireless-drivers-next.git, thanks.
51c8d24101c7 cw1200: fix missing unlock on error in cw1200_hw_scan()
--
https://patchwork.kernel.org/patch/10741431/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches