From: Wei Yongjun <weiyongj...@huawei.com>
commit 51c8d24101c79ffce3e79137e2cee5dfeb956dd7 upstream.
Add the missing unlock before return from function cw1200_hw_scan()
in the error handling case.
Fixes: 4f68ef64cd7f ("cw1200: Fix concurrency use-after-free bugs in
cw1200_hw_scan()")
Signed-off-by: Wei Yongjun <weiyongj...@huawei.com>
Acked-by: Jia-Ju Bai <baijiaju1...@gmail.com>
Signed-off-by: Kalle Valo <kv...@codeaurora.org>
[iwamatsu: Change the patching file from drivers/net/wireless/st/cw1200/scan.c
to
drivers/net/wireless/cw1200/scan.c]
Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwama...@toshiba.co.jp>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
---
drivers/net/wireless/cw1200/scan.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/cw1200/scan.c
+++ b/drivers/net/wireless/cw1200/scan.c
@@ -84,8 +84,11 @@ int cw1200_hw_scan(struct ieee80211_hw *
frame.skb = ieee80211_probereq_get(hw, priv->vif->addr, NULL, 0,
req->ie_len);
- if (!frame.skb)
+ if (!frame.skb) {
+ mutex_unlock(&priv->conf_mutex);
+ up(&priv->scan.lock);
return -ENOMEM;
+ }
if (req->ie_len)
memcpy(skb_put(frame.skb, req->ie_len), req->ie, req->ie_len);
