From 9e73dee7d38e9fa00f6dd1492cfbbc5719378e4a Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 7 May 2012 17:57:36 +0200 Subject: [PATCH] mac80211: fix TX aggregation session timer In commit 12d3952fc4a1cd96234bc7023bf7eefeb0bb6355 ("mac80211: optimize aggregation session timeout handling") two bugs were introduced: 1) RCU usage was completely broken since no locks are held 2) the timer must not rearm when agg session is stopping Reported-and-tested-by: Larry Finger Cc: Felix Fietkau Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/agg-tx.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c index 5b7053c58732..7cf07158805c 100644 --- a/net/mac80211/agg-tx.c +++ b/net/mac80211/agg-tx.c @@ -421,16 +421,22 @@ static void sta_tx_agg_session_timer_expired(unsigned long data) struct tid_ampdu_tx *tid_tx; unsigned long timeout; - tid_tx = rcu_dereference_protected_tid_tx(sta, *ptid); - if (!tid_tx) + rcu_read_lock(); + tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[*ptid]); + if (!tid_tx || test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) { + rcu_read_unlock(); return; + } timeout = tid_tx->last_tx + TU_TO_JIFFIES(tid_tx->timeout); if (time_is_after_jiffies(timeout)) { mod_timer(&tid_tx->session_timer, timeout); + rcu_read_unlock(); return; } + rcu_read_unlock(); + #ifdef CONFIG_MAC80211_HT_DEBUG printk(KERN_DEBUG "tx session timer expired on tid %d\n", (u16)*ptid); #endif -- 2.30.2