wireless: check for dangling wdev->current_bss pointer

If it *is* still set when the netdev is being deleted,
then we are about to leak a pointer.  Warn and clean up
in that case.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/wireless/core.c b/net/wireless/core.c
index 4224e7554a769ed7a9e3d1ea9a7f6b7cb2a38d54..672459b9483b48ac19184bc223cd80c6a8b75cf9 100644 (file)
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -934,6 +934,12 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
                 * freed.
                 */
                cfg80211_process_wdev_events(wdev);
+
+               if (WARN_ON(wdev->current_bss)) {
+                       cfg80211_unhold_bss(wdev->current_bss);
+                       cfg80211_put_bss(wdev->wiphy, &wdev->current_bss->pub);
+                       wdev->current_bss = NULL;
+               }
                break;
        case NETDEV_PRE_UP:
                if (!(wdev->wiphy->interface_modes & BIT(wdev->iftype)))