diff options
| author | Ben Greear <greearb@candelatech.com> | 2013-06-12 17:08:44 -0400 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2013-06-13 04:27:07 -0400 |
| commit | e562078a19226660299eeaf40a50752672214f11 (patch) | |
| tree | 09e911481176393b8e47913a594fce34828fb8a9 | |
| parent | 661eb3811df568161399af0048f1ecb4ac073687 (diff) | |
mac80211: Ensure tid_start_tx is protected by sta->lock
All accesses of the tid_start_tx lock should be protected
by sta->lock if there is any chance that another thread
could still be accessing the sta object.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| -rw-r--r-- | net/mac80211/ht.c | 4 | ||||
| -rw-r--r-- | net/mac80211/sta_info.h | 1 |
2 files changed, 4 insertions, 1 deletions
diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c index 75dff338f581..f83534f6a2ee 100644 --- a/net/mac80211/ht.c +++ b/net/mac80211/ht.c | |||
| @@ -281,13 +281,14 @@ void ieee80211_ba_session_work(struct work_struct *work) | |||
| 281 | sta, tid, WLAN_BACK_RECIPIENT, | 281 | sta, tid, WLAN_BACK_RECIPIENT, |
| 282 | WLAN_REASON_UNSPECIFIED, true); | 282 | WLAN_REASON_UNSPECIFIED, true); |
| 283 | 283 | ||
| 284 | spin_lock_bh(&sta->lock); | ||
| 285 | |||
| 284 | tid_tx = sta->ampdu_mlme.tid_start_tx[tid]; | 286 | tid_tx = sta->ampdu_mlme.tid_start_tx[tid]; |
| 285 | if (tid_tx) { | 287 | if (tid_tx) { |
| 286 | /* | 288 | /* |
| 287 | * Assign it over to the normal tid_tx array | 289 | * Assign it over to the normal tid_tx array |
| 288 | * where it "goes live". | 290 | * where it "goes live". |
| 289 | */ | 291 | */ |
| 290 | spin_lock_bh(&sta->lock); | ||
| 291 | 292 | ||
| 292 | sta->ampdu_mlme.tid_start_tx[tid] = NULL; | 293 | sta->ampdu_mlme.tid_start_tx[tid] = NULL; |
| 293 | /* could there be a race? */ | 294 | /* could there be a race? */ |
| @@ -300,6 +301,7 @@ void ieee80211_ba_session_work(struct work_struct *work) | |||
| 300 | ieee80211_tx_ba_session_handle_start(sta, tid); | 301 | ieee80211_tx_ba_session_handle_start(sta, tid); |
| 301 | continue; | 302 | continue; |
| 302 | } | 303 | } |
| 304 | spin_unlock_bh(&sta->lock); | ||
| 303 | 305 | ||
| 304 | tid_tx = rcu_dereference_protected_tid_tx(sta, tid); | 306 | tid_tx = rcu_dereference_protected_tid_tx(sta, tid); |
| 305 | if (tid_tx && test_and_clear_bit(HT_AGG_STATE_WANT_STOP, | 307 | if (tid_tx && test_and_clear_bit(HT_AGG_STATE_WANT_STOP, |
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h index bd12fc54266c..4208dbd5861f 100644 --- a/net/mac80211/sta_info.h +++ b/net/mac80211/sta_info.h | |||
| @@ -203,6 +203,7 @@ struct tid_ampdu_rx { | |||
| 203 | * driver requested to close until the work for it runs | 203 | * driver requested to close until the work for it runs |
| 204 | * @mtx: mutex to protect all TX data (except non-NULL assignments | 204 | * @mtx: mutex to protect all TX data (except non-NULL assignments |
| 205 | * to tid_tx[idx], which are protected by the sta spinlock) | 205 | * to tid_tx[idx], which are protected by the sta spinlock) |
| 206 | * tid_start_tx is also protected by sta->lock. | ||
| 206 | */ | 207 | */ |
| 207 | struct sta_ampdu_mlme { | 208 | struct sta_ampdu_mlme { |
| 208 | struct mutex mtx; | 209 | struct mutex mtx; |