From: Jouni Malinen Date: Fri, 13 Mar 2009 11:59:39 +0000 (+0200) Subject: mac80211: Fix panic on fragmentation with power saving X-Git-Tag: firefly_0821_release~15263^2~22^2~1 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=055249d20de06c290fe7625be0a7164bef3958f5;p=firefly-linux-kernel-4.4.55.git mac80211: Fix panic on fragmentation with power saving It was possible to hit a kernel panic on NULL pointer dereference in dev_queue_xmit() when sending power save buffered frames to a STA that woke up from sleep. This happened when the buffered frame was requeued for transmission in ap_sta_ps_end(). In order to avoid the panic, copy the skb->dev and skb->iif values from the first fragment to all other fragments. Signed-off-by: Jouni Malinen Signed-off-by: John W. Linville --- diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 94de5033f0b6..37e3d5ef7e3f 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -752,6 +752,8 @@ ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx) skb_copy_queue_mapping(frag, first); frag->do_not_encrypt = first->do_not_encrypt; + frag->dev = first->dev; + frag->iif = first->iif; pos += copylen; left -= copylen;