[PATCH 3/3] mac80211: Move num_sta_ps counter decrement after synchronize_rcu
From: Helmut Schaa <hidden>
Date: 2012-01-27 10:03:18
Subsystem:
mac80211, the rest · Maintainers:
Johannes Berg, Linus Torvalds
Unted the assumption that the sta struct is still accessible before the synchronize_rcu call we should move the num_sta_ps counter decrement after synchronize_rcu to avoid incorrect decrements if num_sta_ps. Signed-off-by: Helmut Schaa <redacted> --- Not sure if this really triggers in reality but it looks a bit more correct to me. net/mac80211/sta_info.c | 18 +++++++++--------- 1 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 92b894c..3af737c 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c@@ -750,15 +750,6 @@ static int __must_check __sta_info_destroy(struct sta_info *sta) sta->dead = true; - if (test_sta_flag(sta, WLAN_STA_PS_STA)) { - BUG_ON(!sdata->bss); - - clear_sta_flag(sta, WLAN_STA_PS_STA); - - atomic_dec(&sdata->bss->num_sta_ps); - sta_info_recalc_tim(sta); - } - local->num_sta--; local->sta_generation++;
@@ -785,6 +776,15 @@ static int __must_check __sta_info_destroy(struct sta_info *sta) */ synchronize_rcu(); + if (test_sta_flag(sta, WLAN_STA_PS_STA)) { + BUG_ON(!sdata->bss); + + clear_sta_flag(sta, WLAN_STA_PS_STA); + + atomic_dec(&sdata->bss->num_sta_ps); + sta_info_recalc_tim(sta); + } + for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]); __skb_queue_purge(&sta->ps_tx_buf[ac]);
--
1.7.7