Re: [PATCH 1/2] mac80211: fix txq queue related crashes

[PATCH 1/2] mac80211: fix txq queue related crashes · Michal Kazior <hidden> · 2016-01-21
[PATCH 2/2] mac80211: expose txq queue depth and size to drivers · Michal Kazior <hidden> · 2016-01-21
Re: [PATCH 2/2] mac80211: expose txq queue depth and size to drivers · Felix Fietkau <hidden> · 2016-01-26
Re: [PATCH 2/2] mac80211: expose txq queue depth and size to drivers · Michal Kazior <hidden> · 2016-01-26
Re: [PATCH 2/2] mac80211: expose txq queue depth and size to drivers · Felix Fietkau <hidden> · 2016-01-26
Re: [PATCH 2/2] mac80211: expose txq queue depth and size to drivers · Michal Kazior <hidden> · 2016-01-26
Re: [PATCH 2/2] mac80211: expose txq queue depth and size to drivers · Johannes Berg <johannes@sipsolutions.net> · 2016-01-26
Re: [PATCH 1/2] mac80211: fix txq queue related crashes · Ben Greear <hidden> · 2016-01-25
Re: [PATCH 1/2] mac80211: fix txq queue related crashes · Michal Kazior <hidden> · 2016-01-26
Re: [PATCH 1/2] mac80211: fix txq queue related crashes · Ben Greear <hidden> · 2016-01-26
Re: [PATCH 1/2] mac80211: fix txq queue related crashes · Johannes Berg <johannes@sipsolutions.net> · 2016-01-26
[PATCH v2] mac80211: expose txq queue depth and size to drivers · Michal Kazior <hidden> · 2016-01-27
Re: [PATCH v2] mac80211: expose txq queue depth and size to drivers · Johannes Berg <johannes@sipsolutions.net> · 2016-01-27
Re: [PATCH v2] mac80211: expose txq queue depth and size to drivers · Michal Kazior <hidden> · 2016-01-27
Re: [PATCH v2] mac80211: expose txq queue depth and size to drivers · Johannes Berg <johannes@sipsolutions.net> · 2016-01-27
Re: [PATCH v2] mac80211: expose txq queue depth and size to drivers · Johannes Berg <johannes@sipsolutions.net> · 2016-02-02

From: Ben Greear <hidden>
Date: 2016-01-25 17:59:53

On 01/21/2016 05:23 AM, Michal Kazior wrote:

The driver can access the queue simultanously
while mac80211 tears down the interface. Without
spinlock protection this could lead to corrupting
sk_buff_head and subsequently to an invalid
pointer dereference.

Hard to know for certain, but this *appears* to fix the unexpectedly large
amount of CE/AXI ath10k firmware crashes that we saw in the 4.2 kernel (4.0 previously
ran much better han 4.2 for us).

We'll continue testing, in case we are just getting lucky so far.

Thanks,
Ben

quoted hunk ↗ jump to hunk

Fixes: ba8c3d6f16a1 ("mac80211: add an intermediate software queue implementation")
Signed-off-by: Michal Kazior <redacted>
---
  net/mac80211/iface.c | 3 +++
  1 file changed, 3 insertions(+)

diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 33ae3c81bfc5..0451f120746e 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c

@@ -977,7 +977,10 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
  	if (sdata->vif.txq) {
  		struct txq_info *txqi = to_txq_info(sdata->vif.txq);

+		spin_lock_bh(&txqi->queue.lock);
  		ieee80211_purge_tx_queue(&local->hw, &txqi->queue);
+		spin_unlock_bh(&txqi->queue.lock);
+
  		atomic_set(&sdata->txqs_len[txqi->txq.ac], 0);
  	}


-- 
Ben Greear [off-list ref]
Candela Technologies Inc  http://www.candelatech.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help