rtlwifi: Fix kernel oops introduced with commit e49656147359

With commit e49656147359 {"rtlwifi: Use dev_kfree_skb_irq instead of
kfree_skb"), the method used to free an skb was changed because the
kfree_skb() was inside a spinlock. What was forgotten is that kfree_skb()
guards against a NULL value for the argument. Routine dev_kfree_skb_irq()
does not, and a test is needed to prevent kernel panics.

Fixes: e49656147359 ("rtlwifi: Use dev_kfree_skb_irq instead of kfree_skb")
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org> # 4.9+
Cc: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

diff --git a/drivers/net/wireless/realtek/rtlwifi/core.c b/drivers/net/wireless/realtek/rtlwifi/core.c
index 2caa4ad04dba4a6e66a02b74173ab1b016ca7af1..ded1493fee9c975742ede341b991b4446a48e3d7 100644 (file)
--- a/drivers/net/wireless/realtek/rtlwifi/core.c
+++ b/drivers/net/wireless/realtek/rtlwifi/core.c
@@ -1829,7 +1829,8 @@ bool rtl_cmd_send_packet(struct ieee80211_hw *hw, struct sk_buff *skb)
 
        spin_lock_irqsave(&rtlpriv->locks.irq_th_lock, flags);
        pskb = __skb_dequeue(&ring->queue);
-       dev_kfree_skb_irq(pskb);
+       if (pskb)
+               dev_kfree_skb_irq(pskb);
 
        /*this is wrong, fill_tx_cmddesc needs update*/
        pdesc = &ring->desc[0];