Re: [PATCH] cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()

Jia-Ju Bai wrote: > The function cw1200_bss_info_changed() and cw1200_hw_scan() can be > concurrently executed. > The two functions both access a possible shared variable "frame.skb". > > This shared variable is freed by dev_kfree_skb() in cw1200_upload_beacon(), > which is called by

[PATCH] cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()

The function cw1200_bss_info_changed() and cw1200_hw_scan() can be concurrently executed. The two functions both access a possible shared variable "frame.skb". This shared variable is freed by dev_kfree_skb() in cw1200_upload_beacon(), which is called by cw1200_bss_info_changed(). The free