From: Bob Copeland <me@bobcopeland.com>
Date: Sat, 19 Mar 2016 02:11:28 +0000 (-0400)
Subject: mac80211: mesh: handle failed alloc for rmc cache
X-Git-Tag: v4.7-rc1~154^2~326^2~20
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0aa7fabbd5d9da1f8a8fdc3e2837c532bcfa5664;p=platform%2Fkernel%2Flinux-exynos.git

mac80211: mesh: handle failed alloc for rmc cache

In the unlikely case that mesh_rmc_init() fails with -ENOMEM,
the rmc pointer will be left as NULL but the interface is still
operational because ieee80211_mesh_init_sdata() is not allowed
to fail.

If this happens, we would blindly dereference rmc when checking
whether a multicast frame is in the cache.  Instead just drop the
frames in the forwarding path.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---

diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index a216c43..d0d8eea 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -220,6 +220,9 @@ int mesh_rmc_check(struct ieee80211_sub_if_data *sdata,
 	u8 idx;
 	struct rmc_entry *p, *n;
 
+	if (!rmc)
+		return -1;
+
 	/* Don't care about endianness since only match matters */
 	memcpy(&seqnum, &mesh_hdr->seqnum, sizeof(mesh_hdr->seqnum));
 	idx = le32_to_cpu(mesh_hdr->seqnum) & rmc->idx_mask;