From d8c7aae64cd2db5eccc631c29fa978a24fb1feef Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Wed, 30 May 2012 15:32:24 +0200 Subject: mac80211: add missing rcu_read_lock/unlock in agg-rx session timer Fixes a lockdep warning: =================================================== [ INFO: suspicious rcu_dereference_check() usage. ] --------------------------------------------------- net/mac80211/agg-rx.c:148 invoked rcu_dereference_check() without protection! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 1 1 lock held by arecord/11226: #0: (&tid_agg_rx->session_timer){+.-...}, at: [] call_timer_fn+0x0/0x360 stack backtrace: Pid: 11226, comm: arecord Not tainted 3.1.0-kml #16 Call Trace: [] lockdep_rcu_dereference+0xa4/0xc0 [] sta_rx_agg_session_timer_expired+0xc9/0x110 [mac80211] [] ? ieee80211_process_addba_resp+0x220/0x220 [mac80211] [] call_timer_fn+0x8a/0x360 [] ? init_timer_deferrable_key+0x30/0x30 [] ? _raw_spin_unlock_irq+0x30/0x70 [] run_timer_softirq+0x139/0x310 [] ? put_lock_stats.isra.25+0xe/0x40 [] ? lock_release_holdtime.part.26+0xdc/0x160 [] ? ieee80211_process_addba_resp+0x220/0x220 [mac80211] [] __do_softirq+0xc8/0x3c0 [] ? tick_dev_program_event+0x48/0x110 [] ? tick_program_event+0x1f/0x30 [] ? putname+0x35/0x50 [] call_softirq+0x1c/0x30 [] do_softirq+0xa5/0xe0 [] irq_exit+0xae/0xe0 [] smp_apic_timer_interrupt+0x6b/0x98 [] apic_timer_interrupt+0x73/0x80 [] ? free_debug_processing+0x1a1/0x1d5 [] ? putname+0x35/0x50 [] __slab_free+0x31/0x2ca [] ? _raw_spin_unlock_irqrestore+0x4a/0x90 [] ? __debug_check_no_obj_freed+0x15f/0x210 [] ? lock_release_nested+0x84/0xc0 [] ? kmem_cache_free+0x105/0x250 [] ? putname+0x35/0x50 [] ? putname+0x35/0x50 [] kmem_cache_free+0x23f/0x250 [] putname+0x35/0x50 [] do_sys_open+0x16d/0x1d0 [] sys_open+0x20/0x30 [] system_call_fastpath+0x16/0x1b Reported-by: Johannes Berg Signed-off-by: Felix Fietkau Signed-off-by: John W. Linville --- net/mac80211/agg-rx.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c index 26ddb699d693..c649188314cc 100644 --- a/net/mac80211/agg-rx.c +++ b/net/mac80211/agg-rx.c @@ -145,15 +145,20 @@ static void sta_rx_agg_session_timer_expired(unsigned long data) struct tid_ampdu_rx *tid_rx; unsigned long timeout; + rcu_read_lock(); tid_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[*ptid]); - if (!tid_rx) + if (!tid_rx) { + rcu_read_unlock(); return; + } timeout = tid_rx->last_rx + TU_TO_JIFFIES(tid_rx->timeout); if (time_is_after_jiffies(timeout)) { mod_timer(&tid_rx->session_timer, timeout); + rcu_read_unlock(); return; } + rcu_read_unlock(); #ifdef CONFIG_MAC80211_HT_DEBUG printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid); -- cgit v1.2.3