mac80211: mesh: handle failed alloc for rmc cache

In the unlikely case that mesh_rmc_init() fails with -ENOMEM, the rmc pointer will be left as NULL but the interface is still operational because ieee80211_mesh_init_sdata() is not allowed to fail. If this happens, we would blindly dereference rmc when checking whether a multicast frame is in the cache. Instead just drop the frames in the forwarding path. Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Bob Copeland <me@bobcopeland.com> 2016-03-19 02:11:28 (GMT)
committer: Johannes Berg <johannes.berg@intel.com> 2016-04-05 19:34:50 (GMT)
commit: 0aa7fabbd5d9da1f8a8fdc3e2837c532bcfa5664 (patch)
tree: bb69412b2a94fe667a655be8ef40f974cb5fab9a /net
parent: 749329594b5e0fb612b2de642a692323ddf661dd (diff)
download: linux-0aa7fabbd5d9da1f8a8fdc3e2837c532bcfa5664.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index a216c43..d0d8eea 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -220,6 +220,9 @@ int mesh_rmc_check(struct ieee80211_sub_if_data *sdata,
 	u8 idx;
 	struct rmc_entry *p, *n;
 
+	if (!rmc)
+		return -1;
+
 	/* Don't care about endianness since only match matters */
 	memcpy(&seqnum, &mesh_hdr->seqnum, sizeof(mesh_hdr->seqnum));
 	idx = le32_to_cpu(mesh_hdr->seqnum) & rmc->idx_mask;
author	Bob Copeland <me@bobcopeland.com>	2016-03-19 02:11:28 (GMT)
committer	Johannes Berg <johannes.berg@intel.com>	2016-04-05 19:34:50 (GMT)
commit	0aa7fabbd5d9da1f8a8fdc3e2837c532bcfa5664 (patch)
tree	bb69412b2a94fe667a655be8ef40f974cb5fab9a /net
parent	749329594b5e0fb612b2de642a692323ddf661dd (diff)
download	linux-0aa7fabbd5d9da1f8a8fdc3e2837c532bcfa5664.tar.xz