• Daniel Mack's avatar
    wcn36xx: don't keep reference to skb if transmission failed · 271f1e65
    Daniel Mack authored
    When wcn36xx_dxe_tx_frame() fails to transmit the TX frame, the driver
    will call into ieee80211_free_txskb() for the skb in flight, so it'll no
    longer be valid. Hence, we shouldn't keep a reference to it in ctl->skb.
    Also, if the skb has IEEE80211_TX_CTL_REQ_TX_STATUS set, a pointer to
    it will currently remain in wcn->tx_ack_skb, which will potentially lead
    to a crash if accessed later.
    
    Fix this by checking the return value of wcn36xx_dxe_tx_frame(), and
    nullify wcn->tx_ack_skb again in case of errors. Move the assignment
    of ctl->skb in wcn36xx_dxe_tx_frame() so it only happens when the
    transmission is successful.
    Signed-off-by: default avatarDaniel Mack <daniel@zonque.org>
    Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
    271f1e65
dxe.c 24 KB