mac80211: Ensure tid_start_tx is protected by sta->lock
All accesses of the tid_start_tx lock should be protected
by sta->lock if there is any chance that another thread
could still be accessing the sta object.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c
index 75dff33..f83534f 100644
--- a/net/mac80211/ht.c
+++ b/net/mac80211/ht.c
@@ -281,13 +281,14 @@
sta, tid, WLAN_BACK_RECIPIENT,
WLAN_REASON_UNSPECIFIED, true);
+ spin_lock_bh(&sta->lock);
+
tid_tx = sta->ampdu_mlme.tid_start_tx[tid];
if (tid_tx) {
/*
* Assign it over to the normal tid_tx array
* where it "goes live".
*/
- spin_lock_bh(&sta->lock);
sta->ampdu_mlme.tid_start_tx[tid] = NULL;
/* could there be a race? */
@@ -300,6 +301,7 @@
ieee80211_tx_ba_session_handle_start(sta, tid);
continue;
}
+ spin_unlock_bh(&sta->lock);
tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
if (tid_tx && test_and_clear_bit(HT_AGG_STATE_WANT_STOP,