diff options
author | Johannes Berg <johannes.berg@intel.com> | 2015-03-05 16:10:08 +0100 |
---|---|---|
committer | Johannes Berg <johannes.berg@intel.com> | 2015-04-20 13:05:29 +0200 |
commit | 35c347ac53040daba955fa06fcd5f909bee85017 (patch) | |
tree | d41370616c36e6c522bba88a0f254fa4a52454fa /net/mac80211/rate.c | |
parent | 48bf6beddf455b0cb605915081f3428960a6224e (diff) | |
download | linux-stable-35c347ac53040daba955fa06fcd5f909bee85017.tar.gz linux-stable-35c347ac53040daba955fa06fcd5f909bee85017.tar.bz2 linux-stable-35c347ac53040daba955fa06fcd5f909bee85017.zip |
mac80211: lock rate control
Both minstrel (reported by Sven Eckelmann) and the iwlwifi rate
control aren't properly taking concurrency into account. It's
likely that the same is true for other rate control algorithms.
In the case of minstrel this manifests itself in crashes when an
update and other data access are run concurrently, for example
when the stations change bandwidth or similar. In iwlwifi, this
can cause firmware crashes.
Since fixing all rate control algorithms will be very difficult,
just provide locking for invocations. This protects the internal
data structures the algorithms maintain.
I've manipulated hostapd to test this, by having it change its
advertised bandwidth roughly ever 150ms. At the same time, I'm
running a flood ping between the client and the AP, which causes
this race of update vs. get_rate/status to easily happen on the
client. With this change, the system survives this test.
Reported-by: Sven Eckelmann <sven@open-mesh.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/mac80211/rate.c')
-rw-r--r-- | net/mac80211/rate.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c index d53355b011f5..de69adf24f53 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -683,7 +683,13 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata, if (sdata->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) return; - ref->ops->get_rate(ref->priv, ista, priv_sta, txrc); + if (ista) { + spin_lock_bh(&sta->rate_ctrl_lock); + ref->ops->get_rate(ref->priv, ista, priv_sta, txrc); + spin_unlock_bh(&sta->rate_ctrl_lock); + } else { + ref->ops->get_rate(ref->priv, NULL, NULL, txrc); + } if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_RC_TABLE) return; |