ath9k: merge a RCU fix for station tx cleanup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
parent
94a3af88f3
commit
848a4abf27
1 changed files with 43 additions and 0 deletions
|
@ -0,0 +1,43 @@
|
||||||
|
From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
|
||||||
|
Date: Fri, 2 Feb 2018 11:36:45 +0100
|
||||||
|
Subject: [PATCH] ath9k: Protect queue draining by rcu_read_lock()
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
When ath9k was switched over to use the mac80211 intermediate queues,
|
||||||
|
node cleanup now drains the mac80211 queues. However, this call path is
|
||||||
|
not protected by rcu_read_lock() as it was previously entirely internal
|
||||||
|
to the driver which uses its own locking.
|
||||||
|
|
||||||
|
This leads to a possible rcu_dereference() without holding
|
||||||
|
rcu_read_lock(); but only if a station is cleaned up while having
|
||||||
|
packets queued on the TXQ. Fix this by adding the rcu_read_lock() to the
|
||||||
|
caller in ath9k.
|
||||||
|
|
||||||
|
Fixes: 50f08edf9809 ("ath9k: Switch to using mac80211 intermediate software queues.")
|
||||||
|
Cc: stable@vger.kernel.org
|
||||||
|
Reported-by: Ben Greear <greearb@candelatech.com>
|
||||||
|
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
|
||||||
|
---
|
||||||
|
|
||||||
|
--- a/drivers/net/wireless/ath/ath9k/xmit.c
|
||||||
|
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
|
||||||
|
@@ -2930,6 +2930,8 @@ void ath_tx_node_cleanup(struct ath_soft
|
||||||
|
struct ath_txq *txq;
|
||||||
|
int tidno;
|
||||||
|
|
||||||
|
+ rcu_read_lock();
|
||||||
|
+
|
||||||
|
for (tidno = 0; tidno < IEEE80211_NUM_TIDS; tidno++) {
|
||||||
|
tid = ath_node_to_tid(an, tidno);
|
||||||
|
txq = tid->txq;
|
||||||
|
@@ -2947,6 +2949,8 @@ void ath_tx_node_cleanup(struct ath_soft
|
||||||
|
if (!an->sta)
|
||||||
|
break; /* just one multicast ath_atx_tid */
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ rcu_read_unlock();
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef CPTCFG_ATH9K_TX99
|
Loading…
Reference in a new issue