首页 发现 帮助
注册 登录
phyus
/
linux-vybrid_public
8
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

ath9k_htc: Fix bug in aggregation initiation

Accessing the sta pointer in TX completion without
approprate RCU protection is wrong. Fix this.

Also, RCU protection is needed when the station's
aggregation state is updated. Handle this properly.

Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Sujith 15 年之前
父节点
0995d11011
当前提交
ef98c3cd9b
共有 2 个文件被更改,包括 24 次插入15 次删除
合并视图 显示文件统计
  1. 12 13
      drivers/net/wireless/ath/ath9k/htc_drv_main.c
  2. 12 2
      drivers/net/wireless/ath/ath9k/htc_drv_txrx.c

+ 12 - 13
drivers/net/wireless/ath/ath9k/htc_drv_main.c
查看文件 

@@ -412,32 +412,31 @@ static int ath9k_htc_aggr_oper(struct ath9k_htc_priv *priv,
 
 	if (tid > ATH9K_HTC_MAX_TID)
 
 	if (tid > ATH9K_HTC_MAX_TID)
 
 		return -EINVAL;
 
 		return -EINVAL;
 
 
 
+	memset(&aggr, 0, sizeof(struct ath9k_htc_target_aggr));
 
+
 
 	rcu_read_lock();
 
 	rcu_read_lock();
 
+
 
+	/* Check if we are able to retrieve the station */
 
 	sta = ieee80211_find_sta(vif, sta_addr);
 
 	sta = ieee80211_find_sta(vif, sta_addr);
 
-	if (sta) {
 
-		ista = (struct ath9k_htc_sta *) sta->drv_priv;
 
-	} else {
 
+	if (!sta) {
 
 		rcu_read_unlock();
 
 		rcu_read_unlock();
 
 		return -EINVAL;
 
 		return -EINVAL;
 
 	}
 
 	}
 
 
 
-	if (!ista) {
 
-		rcu_read_unlock();
 
-		return -EINVAL;
 
-	}
 
+	ista = (struct ath9k_htc_sta *) sta->drv_priv;
 
 
 
-	memset(&aggr, 0, sizeof(struct ath9k_htc_target_aggr));
 
+	if (oper)
 
+		ista->tid_state[tid] = AGGR_START;
 
+	else
 
+		ista->tid_state[tid] = AGGR_STOP;
 
 
 
 	aggr.sta_index = ista->index;
 
 	aggr.sta_index = ista->index;
 
+
 
 	rcu_read_unlock();
 
 	rcu_read_unlock();
 
+
 
 	aggr.tidno = tid;
 
 	aggr.tidno = tid;
 
 	aggr.aggr_enable = oper;
 
 	aggr.aggr_enable = oper;
 
 
 
-	if (oper)
 
-		ista->tid_state[tid] = AGGR_START;
 
-	else
 
-		ista->tid_state[tid] = AGGR_STOP;
 
-
 
 	WMI_CMD_BUF(WMI_TX_AGGR_ENABLE_CMDID, &aggr);
 
 	WMI_CMD_BUF(WMI_TX_AGGR_ENABLE_CMDID, &aggr);
 
 	if (ret)
 
 	if (ret)
 
 		ath_print(common, ATH_DBG_CONFIG,
 
 		ath_print(common, ATH_DBG_CONFIG,

+ 12 - 2
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
查看文件 

@@ -188,10 +188,20 @@ void ath9k_tx_tasklet(unsigned long data)
 
 		hdr = (struct ieee80211_hdr *) skb->data;
 
 		hdr = (struct ieee80211_hdr *) skb->data;
 
 		fc = hdr->frame_control;
 
 		fc = hdr->frame_control;
 
 		tx_info = IEEE80211_SKB_CB(skb);
 
 		tx_info = IEEE80211_SKB_CB(skb);
 
-		sta = tx_info->control.sta;
 
+
 
+		memset(&tx_info->status, 0, sizeof(tx_info->status));
 
 
 
 		rcu_read_lock();
 
 		rcu_read_lock();
 
 
 
+		sta = ieee80211_find_sta(priv->vif, hdr->addr1);
 
+		if (!sta) {
 
+			rcu_read_unlock();
 
+			ieee80211_tx_status(priv->hw, skb);
 
+			continue;
 
+		}
 
+
 
+		/* Check if we need to start aggregation */
 
+
 
 		if (sta && conf_is_ht(&priv->hw->conf) &&
 
 		if (sta && conf_is_ht(&priv->hw->conf) &&
 
 		    (priv->op_flags & OP_TXAGGR)
 
 		    (priv->op_flags & OP_TXAGGR)
 
 		    && !(skb->protocol == cpu_to_be16(ETH_P_PAE))) {
 
 		    && !(skb->protocol == cpu_to_be16(ETH_P_PAE))) {
 
@@ -213,7 +223,7 @@ void ath9k_tx_tasklet(unsigned long data)
 
 
 
 		rcu_read_unlock();
 
 		rcu_read_unlock();
 
 
 
-		memset(&tx_info->status, 0, sizeof(tx_info->status));
 
+		/* Send status to mac80211 */
 
 		ieee80211_tx_status(priv->hw, skb);
 
 		ieee80211_tx_status(priv->hw, skb);
 
 	}
 
 	}
 
 }
 
 }