git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1f7d6cb)
ath9k: Fix station access in aggregation completion
authorSujith <Sujith.Manoharan@atheros.com>
Tue, 27 Jan 2009 08:00:37 +0000 (13:30 +0530)
committerJohn W. Linville <linville@tuxdriver.com>
Fri, 30 Jan 2009 18:38:24 +0000 (13:38 -0500)
The ieee80211_sta pointer in the SKB's TX control info
area is not guaranteed to be valid after returning from the tx() callback.
Use ieee80211_find_sta() instead and return early if the station
is no longer present.

Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/ath9k/xmit.c patch | blob | history

diff --git a/drivers/net/wireless/ath9k/xmit.c b/drivers/net/wireless/ath9k/xmit.c
index 1b83673..007ca91 100644 (file)
--- a/drivers/net/wireless/ath9k/xmit.c
+++ b/drivers/net/wireless/ath9k/xmit.c
@@ -268,7 +268,8 @@ static void ath_tx_complete_aggr(struct ath_softc *sc, struct ath_txq *txq,
 {
        struct ath_node *an = NULL;
        struct sk_buff *skb;
-       struct ieee80211_tx_info *tx_info;
+       struct ieee80211_sta *sta;
+       struct ieee80211_hdr *hdr;
        struct ath_atx_tid *tid = NULL;
        struct ath_buf *bf_next, *bf_last = bf->bf_lastbf;
        struct ath_desc *ds = bf_last->bf_desc;
@@ -278,13 +279,19 @@ static void ath_tx_complete_aggr(struct ath_softc *sc, struct ath_txq *txq,
        int isaggr, txfail, txpending, sendbar = 0, needreset = 0;
 
        skb = (struct sk_buff *)bf->bf_mpdu;
-       tx_info = IEEE80211_SKB_CB(skb);
+       hdr = (struct ieee80211_hdr *)skb->data;
 
-       if (tx_info->control.sta) {
-               an = (struct ath_node *)tx_info->control.sta->drv_priv;
-               tid = ATH_AN_2_TID(an, bf->bf_tidno);
+       rcu_read_lock();
+
+       sta = ieee80211_find_sta(sc->hw, hdr->addr1);
+       if (!sta) {
+               rcu_read_unlock();
+               return;
        }
 
+       an = (struct ath_node *)sta->drv_priv;
+       tid = ATH_AN_2_TID(an, bf->bf_tidno);
+
        isaggr = bf_isaggr(bf);
        memset(ba, 0, WME_BA_BMP_SIZE >> 3);
 
@@ -391,6 +398,7 @@ static void ath_tx_complete_aggr(struct ath_softc *sc, struct ath_txq *txq,
                        /* send buffered frames as singles */
                        ath_tx_flush_tid(sc, tid);
                }
+               rcu_read_unlock();
                return;
        }
 
@@ -402,6 +410,8 @@ static void ath_tx_complete_aggr(struct ath_softc *sc, struct ath_txq *txq,
                spin_unlock_bh(&txq->axq_lock);
        }
 
+       rcu_read_unlock();
+
        if (needreset)
                ath_reset(sc, false);
 }
Pandora Kernel Repository