| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= <[email protected]>
- Date: Fri, 2 Feb 2018 11:36:45 +0100
- Subject: [PATCH] ath9k: Protect queue draining by rcu_read_lock()
- MIME-Version: 1.0
- Content-Type: text/plain; charset=UTF-8
- Content-Transfer-Encoding: 8bit
- When ath9k was switched over to use the mac80211 intermediate queues,
- node cleanup now drains the mac80211 queues. However, this call path is
- not protected by rcu_read_lock() as it was previously entirely internal
- to the driver which uses its own locking.
- This leads to a possible rcu_dereference() without holding
- rcu_read_lock(); but only if a station is cleaned up while having
- packets queued on the TXQ. Fix this by adding the rcu_read_lock() to the
- caller in ath9k.
- Fixes: 50f08edf9809 ("ath9k: Switch to using mac80211 intermediate software queues.")
- Cc: [email protected]
- Reported-by: Ben Greear <[email protected]>
- Signed-off-by: Toke Høiland-Jørgensen <[email protected]>
- ---
- --- a/drivers/net/wireless/ath/ath9k/xmit.c
- +++ b/drivers/net/wireless/ath/ath9k/xmit.c
- @@ -2930,6 +2930,8 @@ void ath_tx_node_cleanup(struct ath_soft
- struct ath_txq *txq;
- int tidno;
-
- + rcu_read_lock();
- +
- for (tidno = 0; tidno < IEEE80211_NUM_TIDS; tidno++) {
- tid = ath_node_to_tid(an, tidno);
- txq = tid->txq;
- @@ -2947,6 +2949,8 @@ void ath_tx_node_cleanup(struct ath_soft
- if (!an->sta)
- break; /* just one multicast ath_atx_tid */
- }
- +
- + rcu_read_unlock();
- }
-
- #ifdef CPTCFG_ATH9K_TX99
|
