mac80211: RCU-ify STA info structure access
This makes access to the STA hash table/list use RCU to protect against freeing of items. However, it's not a true RCU, the copy step is missing: whenever somebody changes a STA item it is simply updated. This is an existing race condition that is now somewhat understandable. This patch also fixes the race key freeing vs. STA destruction by making sure that sta_info_destroy() is always called under RTNL and frees the key. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
committed by
John W. Linville
parent
5cf121c3cd
commit
d0709a6518
@ -153,6 +153,7 @@ static int wme_qdiscop_enqueue(struct sk_buff *skb, struct Qdisc* qd)
|
||||
|
||||
if (pkt_data->flags & IEEE80211_TXPD_REQUEUE) {
|
||||
queue = pkt_data->queue;
|
||||
rcu_read_lock();
|
||||
sta = sta_info_get(local, hdr->addr1);
|
||||
tid = skb->priority & QOS_CONTROL_TAG1D_MASK;
|
||||
if (sta) {
|
||||
@ -164,8 +165,8 @@ static int wme_qdiscop_enqueue(struct sk_buff *skb, struct Qdisc* qd)
|
||||
} else {
|
||||
pkt_data->flags &= ~IEEE80211_TXPD_AMPDU;
|
||||
}
|
||||
sta_info_put(sta);
|
||||
}
|
||||
rcu_read_unlock();
|
||||
skb_queue_tail(&q->requeued[queue], skb);
|
||||
qd->q.qlen++;
|
||||
return 0;
|
||||
@ -187,6 +188,8 @@ static int wme_qdiscop_enqueue(struct sk_buff *skb, struct Qdisc* qd)
|
||||
p++;
|
||||
*p = 0;
|
||||
|
||||
rcu_read_lock();
|
||||
|
||||
sta = sta_info_get(local, hdr->addr1);
|
||||
if (sta) {
|
||||
int ampdu_queue = sta->tid_to_tx_q[tid];
|
||||
@ -197,8 +200,9 @@ static int wme_qdiscop_enqueue(struct sk_buff *skb, struct Qdisc* qd)
|
||||
} else {
|
||||
pkt_data->flags &= ~IEEE80211_TXPD_AMPDU;
|
||||
}
|
||||
sta_info_put(sta);
|
||||
}
|
||||
|
||||
rcu_read_unlock();
|
||||
}
|
||||
|
||||
if (unlikely(queue >= local->hw.queues)) {
|
||||
|
Reference in New Issue
Block a user