diff options
author | Felix Fietkau <nbd@nbd.name> | 2018-02-22 15:36:05 +0100 |
---|---|---|
committer | Felix Fietkau <nbd@nbd.name> | 2018-02-22 15:37:59 +0100 |
commit | 848a4abf27d8fb49714330d6ecafa6a51104d611 (patch) | |
tree | eaf3c39e9b9ce5c2a18dd6307d72043ddcfa511a | |
parent | 94a3af88f309d69c10fde6874256ebff858c6330 (diff) | |
download | upstream-848a4abf27d8fb49714330d6ecafa6a51104d611.tar.gz upstream-848a4abf27d8fb49714330d6ecafa6a51104d611.tar.bz2 upstream-848a4abf27d8fb49714330d6ecafa6a51104d611.zip |
ath9k: merge a RCU fix for station tx cleanup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
-rw-r--r-- | package/kernel/mac80211/patches/330-ath9k-Protect-queue-draining-by-rcu_read_lock.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/package/kernel/mac80211/patches/330-ath9k-Protect-queue-draining-by-rcu_read_lock.patch b/package/kernel/mac80211/patches/330-ath9k-Protect-queue-draining-by-rcu_read_lock.patch new file mode 100644 index 0000000000..9970574e14 --- /dev/null +++ b/package/kernel/mac80211/patches/330-ath9k-Protect-queue-draining-by-rcu_read_lock.patch @@ -0,0 +1,43 @@ +From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk> +Date: Fri, 2 Feb 2018 11:36:45 +0100 +Subject: [PATCH] ath9k: Protect queue draining by rcu_read_lock() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When ath9k was switched over to use the mac80211 intermediate queues, +node cleanup now drains the mac80211 queues. However, this call path is +not protected by rcu_read_lock() as it was previously entirely internal +to the driver which uses its own locking. + +This leads to a possible rcu_dereference() without holding +rcu_read_lock(); but only if a station is cleaned up while having +packets queued on the TXQ. Fix this by adding the rcu_read_lock() to the +caller in ath9k. + +Fixes: 50f08edf9809 ("ath9k: Switch to using mac80211 intermediate software queues.") +Cc: stable@vger.kernel.org +Reported-by: Ben Greear <greearb@candelatech.com> +Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk> +--- + +--- a/drivers/net/wireless/ath/ath9k/xmit.c ++++ b/drivers/net/wireless/ath/ath9k/xmit.c +@@ -2930,6 +2930,8 @@ void ath_tx_node_cleanup(struct ath_soft + struct ath_txq *txq; + int tidno; + ++ rcu_read_lock(); ++ + for (tidno = 0; tidno < IEEE80211_NUM_TIDS; tidno++) { + tid = ath_node_to_tid(an, tidno); + txq = tid->txq; +@@ -2947,6 +2949,8 @@ void ath_tx_node_cleanup(struct ath_soft + if (!an->sta) + break; /* just one multicast ath_atx_tid */ + } ++ ++ rcu_read_unlock(); + } + + #ifdef CPTCFG_ATH9K_TX99 |