From: Felix Fietkau <nbd@nbd.name>
Date: Mon, 7 Oct 2019 15:30:18 +0200
Subject: mt76: drop rcu read lock in mt76_rx_aggr_stop
Patch-mainline: v5.5-rc1
Git-commit: fb7d95c6ee4f71ba131c9b3c65d658369ffd1128
References: bsc#1171827
A rcu read locked section is not allowed to sleep, and the rcu lock here
isn't actually necessary, because we're holding dev->mutex.
Fixes an issue when the tid work item is still running while freeing
a station or stopping the aggregation session
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Acked-by: Daniel Wagner <dwagner@suse.de>
---
drivers/net/wireless/mediatek/mt76/agg-rx.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
--- a/drivers/net/wireless/mediatek/mt76/agg-rx.c
+++ b/drivers/net/wireless/mediatek/mt76/agg-rx.c
@@ -287,17 +287,13 @@ static void mt76_rx_aggr_shutdown(struct
void mt76_rx_aggr_stop(struct mt76_dev *dev, struct mt76_wcid *wcid, u8 tidno)
{
- struct mt76_rx_tid *tid;
+ struct mt76_rx_tid *tid = NULL;
- rcu_read_lock();
-
- tid = rcu_dereference(wcid->aggr[tidno]);
+ rcu_swap_protected(wcid->aggr[tidno], tid,
+ lockdep_is_held(&dev->mutex));
if (tid) {
- rcu_assign_pointer(wcid->aggr[tidno], NULL);
mt76_rx_aggr_shutdown(dev, tid);
kfree_rcu(tid, rcu_head);
}
-
- rcu_read_unlock();
}
EXPORT_SYMBOL_GPL(mt76_rx_aggr_stop);