diff options
| author | Johannes Berg <johannes@sipsolutions.net> | 2009-10-29 03:34:00 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2009-10-30 15:50:25 -0400 |
| commit | 2171abc58644e09dbba546d91366b12743115396 (patch) | |
| tree | b4b75fad9bb425034f71cf995586dd4898c93c2f /net | |
| parent | e55ea2b152569f09ef6bb28d5a341a4e5a21f5ce (diff) | |
mac80211: fix addba timer
The addba timer function acquires the sta spinlock,
but at the same time we try to del_timer_sync() it
under the spinlock which can produce deadlocks.
To fix this, always del_timer_sync() the timer in
ieee80211_process_addba_resp() and add it again
after checking the conditions, if necessary.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/mac80211/agg-tx.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c index bd765f30dba2..b09948ceec4a 100644 --- a/net/mac80211/agg-tx.c +++ b/net/mac80211/agg-tx.c | |||
| @@ -666,26 +666,25 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local, | |||
| 666 | 666 | ||
| 667 | state = &sta->ampdu_mlme.tid_state_tx[tid]; | 667 | state = &sta->ampdu_mlme.tid_state_tx[tid]; |
| 668 | 668 | ||
| 669 | del_timer_sync(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); | ||
| 670 | |||
| 669 | spin_lock_bh(&sta->lock); | 671 | spin_lock_bh(&sta->lock); |
| 670 | 672 | ||
| 671 | if (!(*state & HT_ADDBA_REQUESTED_MSK)) { | 673 | if (!(*state & HT_ADDBA_REQUESTED_MSK)) |
| 672 | spin_unlock_bh(&sta->lock); | 674 | goto timer_still_needed; |
| 673 | return; | ||
| 674 | } | ||
| 675 | 675 | ||
| 676 | if (mgmt->u.action.u.addba_resp.dialog_token != | 676 | if (mgmt->u.action.u.addba_resp.dialog_token != |
| 677 | sta->ampdu_mlme.tid_tx[tid]->dialog_token) { | 677 | sta->ampdu_mlme.tid_tx[tid]->dialog_token) { |
| 678 | spin_unlock_bh(&sta->lock); | ||
| 679 | #ifdef CONFIG_MAC80211_HT_DEBUG | 678 | #ifdef CONFIG_MAC80211_HT_DEBUG |
| 680 | printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid); | 679 | printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid); |
| 681 | #endif /* CONFIG_MAC80211_HT_DEBUG */ | 680 | #endif /* CONFIG_MAC80211_HT_DEBUG */ |
| 682 | return; | 681 | goto timer_still_needed; |
| 683 | } | 682 | } |
| 684 | 683 | ||
| 685 | del_timer_sync(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); | ||
| 686 | #ifdef CONFIG_MAC80211_HT_DEBUG | 684 | #ifdef CONFIG_MAC80211_HT_DEBUG |
| 687 | printk(KERN_DEBUG "switched off addBA timer for tid %d \n", tid); | 685 | printk(KERN_DEBUG "switched off addBA timer for tid %d \n", tid); |
| 688 | #endif /* CONFIG_MAC80211_HT_DEBUG */ | 686 | #endif /* CONFIG_MAC80211_HT_DEBUG */ |
| 687 | |||
| 689 | if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) | 688 | if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) |
| 690 | == WLAN_STATUS_SUCCESS) { | 689 | == WLAN_STATUS_SUCCESS) { |
| 691 | u8 curstate = *state; | 690 | u8 curstate = *state; |
| @@ -699,5 +698,11 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local, | |||
| 699 | } else { | 698 | } else { |
| 700 | ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); | 699 | ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); |
| 701 | } | 700 | } |
| 701 | |||
| 702 | goto out; | ||
| 703 | |||
| 704 | timer_still_needed: | ||
| 705 | add_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); | ||
| 706 | out: | ||
| 702 | spin_unlock_bh(&sta->lock); | 707 | spin_unlock_bh(&sta->lock); |
| 703 | } | 708 | } |