mac80211: protect rx-path with spinlock

This patch fixes the problem which was discussed in "mac80211: Fix PN corruption in case of multiple virtual interface" [1]. Amit Shakya reported a serious issue with my patch: mac80211: serialize rx path workers" [2]: In case, ieee80211_rx_handlers processing is going on for skbs received on one vif and at the same time, rx aggregation reorder timer expires on another vif then sta_rx_agg_reorder_timer_expired is invoked and it will push skbs into the single queue (local->rx_skb_queue). ieee80211_rx_handlers in the while loop assumes that the skbs are for the same sdata and sta. This assumption doesn't hold good in this scenario and the PN gets corrupted by PN received in other vif's skb, causing traffic to stop due to PN mismatch." [1] Message-Id: http://mid.gmane.org/201302041844.44436.chunkeey@googlemail.com [2] Commit-Id: 24a8fdad35835e8d71f7 Reported-by: Amit Shakya <amit.shakya@stericsson.com> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Christian Lamparter <chunkeey@googlemail.com> 2013-02-04 12:44:44 -0500
committer: Johannes Berg <johannes.berg@intel.com> 2013-02-11 12:44:55 -0500
commit: f9e124fbd8cbea974b5dc7e9dafddd17d21df7e2 (patch)
tree: f09c89096de26a4211d73742933260d5d240b58e /net/mac80211/main.c
parent: 601513aa208f27ea87400a410d42c978421530ec (diff)
1 files changed, 1 insertions, 13 deletions
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 2bdd454e8bcf..2220331f4b7c 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -34,8 +34,6 @@
 #include "cfg.h"
 #include "debugfs.h"
-static struct lock_class_key ieee80211_rx_skb_queue_class;
 void ieee80211_configure_filter(struct ieee80211_local *local)
 {
        u64 mc;
@@ -613,21 +611,12 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
        mutex_init(&local->key_mtx);
        spin_lock_init(&local->filter_lock);
+        spin_lock_init(&local->rx_path_lock);
        spin_lock_init(&local->queue_stop_reason_lock);
        INIT_LIST_HEAD(&local->chanctx_list);
        mutex_init(&local->chanctx_mtx);
-        /*
-         * The rx_skb_queue is only accessed from tasklets,
-         * but other SKB queues are used from within IRQ
-         * context. Therefore, this one needs a different
-         * locking class so our direct, non-irq-safe use of
-         * the queue's lock doesn't throw lockdep warnings.
-         */
-        skb_queue_head_init_class(&local->rx_skb_queue,
-                                  &ieee80211_rx_skb_queue_class);
        INIT_DELAYED_WORK(&local->scan_work, ieee80211_scan_work);
        INIT_WORK(&local->restart_work, ieee80211_restart_work);
@@ -1089,7 +1078,6 @@ void ieee80211_unregister_hw(struct ieee80211_hw *hw)
                wiphy_warn(local->hw.wiphy, "skb_queue not empty\n");
        skb_queue_purge(&local->skb_queue);
        skb_queue_purge(&local->skb_queue_unreliable);
-        skb_queue_purge(&local->rx_skb_queue);
        destroy_workqueue(local->workqueue);
        wiphy_unregister(local->hw.wiphy);
author	Christian Lamparter <chunkeey@googlemail.com>	2013-02-04 12:44:44 -0500
committer	Johannes Berg <johannes.berg@intel.com>	2013-02-11 12:44:55 -0500
commit	f9e124fbd8cbea974b5dc7e9dafddd17d21df7e2 (patch)
tree	f09c89096de26a4211d73742933260d5d240b58e /net/mac80211/main.c
parent	601513aa208f27ea87400a410d42c978421530ec (diff)