diff options
author | Johannes Berg <johannes.berg@intel.com> | 2011-05-13 13:35:40 +0200 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2011-05-16 14:10:40 -0400 |
commit | ec034b208dc8aa5dc73ec46c3f27e34c5efbf113 (patch) | |
tree | 56140fc3a4115441822b5cc2aa9de5224bcb8654 /net/mac80211/ht.c | |
parent | 7527a782e187d1214a5b3dc2897ce441033bb4ef (diff) | |
download | op-kernel-dev-ec034b208dc8aa5dc73ec46c3f27e34c5efbf113.zip op-kernel-dev-ec034b208dc8aa5dc73ec46c3f27e34c5efbf113.tar.gz |
mac80211: fix TX a-MPDU locking
During my quest to make mac80211 not have any RCU
warnings from sparse, I came across the a-MPDU code
again and it wasn't quite clear why it isn't racy.
So instead of assigning the tid_tx array with just
the spinlock held in ieee80211_start_tx_ba_session
use a separate temporary array protected only by
the spinlock and protect all assignments to the
"live" array by both the spinlock and the mutex so
that other code is easily verified to be correct.
Due to pointer assignment atomicity I don't think
this is a real issue, but I'm not sure, especially
on Alpha the current code might be problematic.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/ht.c')
-rw-r--r-- | net/mac80211/ht.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c index b9e4b9b..9f5842a 100644 --- a/net/mac80211/ht.c +++ b/net/mac80211/ht.c @@ -140,14 +140,29 @@ void ieee80211_ba_session_work(struct work_struct *work) sta, tid, WLAN_BACK_RECIPIENT, WLAN_REASON_QSTA_TIMEOUT, true); - tid_tx = sta->ampdu_mlme.tid_tx[tid]; - if (!tid_tx) - continue; + tid_tx = sta->ampdu_mlme.tid_start_tx[tid]; + if (tid_tx) { + /* + * Assign it over to the normal tid_tx array + * where it "goes live". + */ + spin_lock_bh(&sta->lock); + + sta->ampdu_mlme.tid_start_tx[tid] = NULL; + /* could there be a race? */ + if (sta->ampdu_mlme.tid_tx[tid]) + kfree(tid_tx); + else + ieee80211_assign_tid_tx(sta, tid, tid_tx); + spin_unlock_bh(&sta->lock); - if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) ieee80211_tx_ba_session_handle_start(sta, tid); - else if (test_and_clear_bit(HT_AGG_STATE_WANT_STOP, - &tid_tx->state)) + continue; + } + + tid_tx = sta->ampdu_mlme.tid_tx[tid]; + if (tid_tx && test_and_clear_bit(HT_AGG_STATE_WANT_STOP, + &tid_tx->state)) ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR, true); |