diff options
author | Johannes Berg <johannes@sipsolutions.net> | 2009-10-29 03:34:00 -0400 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2009-10-30 15:50:25 -0400 |
commit | 2171abc58644e09dbba546d91366b12743115396 (patch) | |
tree | b4b75fad9bb425034f71cf995586dd4898c93c2f | |
parent | e55ea2b152569f09ef6bb28d5a341a4e5a21f5ce (diff) |
mac80211: fix addba timer
The addba timer function acquires the sta spinlock,
but at the same time we try to del_timer_sync() it
under the spinlock which can produce deadlocks.
To fix this, always del_timer_sync() the timer in
ieee80211_process_addba_resp() and add it again
after checking the conditions, if necessary.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r-- | net/mac80211/agg-tx.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c index bd765f30dba2..b09948ceec4a 100644 --- a/net/mac80211/agg-tx.c +++ b/net/mac80211/agg-tx.c | |||
@@ -666,26 +666,25 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local, | |||
666 | 666 | ||
667 | state = &sta->ampdu_mlme.tid_state_tx[tid]; | 667 | state = &sta->ampdu_mlme.tid_state_tx[tid]; |
668 | 668 | ||
669 | del_timer_sync(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); | ||
670 | |||
669 | spin_lock_bh(&sta->lock); | 671 | spin_lock_bh(&sta->lock); |
670 | 672 | ||
671 | if (!(*state & HT_ADDBA_REQUESTED_MSK)) { | 673 | if (!(*state & HT_ADDBA_REQUESTED_MSK)) |
672 | spin_unlock_bh(&sta->lock); | 674 | goto timer_still_needed; |
673 | return; | ||
674 | } | ||
675 | 675 | ||
676 | if (mgmt->u.action.u.addba_resp.dialog_token != | 676 | if (mgmt->u.action.u.addba_resp.dialog_token != |
677 | sta->ampdu_mlme.tid_tx[tid]->dialog_token) { | 677 | sta->ampdu_mlme.tid_tx[tid]->dialog_token) { |
678 | spin_unlock_bh(&sta->lock); | ||
679 | #ifdef CONFIG_MAC80211_HT_DEBUG | 678 | #ifdef CONFIG_MAC80211_HT_DEBUG |
680 | printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid); | 679 | printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid); |
681 | #endif /* CONFIG_MAC80211_HT_DEBUG */ | 680 | #endif /* CONFIG_MAC80211_HT_DEBUG */ |
682 | return; | 681 | goto timer_still_needed; |
683 | } | 682 | } |
684 | 683 | ||
685 | del_timer_sync(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); | ||
686 | #ifdef CONFIG_MAC80211_HT_DEBUG | 684 | #ifdef CONFIG_MAC80211_HT_DEBUG |
687 | printk(KERN_DEBUG "switched off addBA timer for tid %d \n", tid); | 685 | printk(KERN_DEBUG "switched off addBA timer for tid %d \n", tid); |
688 | #endif /* CONFIG_MAC80211_HT_DEBUG */ | 686 | #endif /* CONFIG_MAC80211_HT_DEBUG */ |
687 | |||
689 | if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) | 688 | if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) |
690 | == WLAN_STATUS_SUCCESS) { | 689 | == WLAN_STATUS_SUCCESS) { |
691 | u8 curstate = *state; | 690 | u8 curstate = *state; |
@@ -699,5 +698,11 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local, | |||
699 | } else { | 698 | } else { |
700 | ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); | 699 | ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); |
701 | } | 700 | } |
701 | |||
702 | goto out; | ||
703 | |||
704 | timer_still_needed: | ||
705 | add_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); | ||
706 | out: | ||
702 | spin_unlock_bh(&sta->lock); | 707 | spin_unlock_bh(&sta->lock); |
703 | } | 708 | } |