mac80211: add a fix to prevent unsafe queue wake calls during restart
authorFelix Fietkau <nbd@nbd.name>
Fri, 1 Mar 2019 13:54:31 +0000 (14:54 +0100)
committerFelix Fietkau <nbd@nbd.name>
Thu, 7 Mar 2019 17:08:09 +0000 (18:08 +0100)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
package/kernel/mac80211/patches/399-mac80211-do-not-call-driver-wake_tx_queue-op-during-.patch [new file with mode: 0644]

diff --git a/package/kernel/mac80211/patches/399-mac80211-do-not-call-driver-wake_tx_queue-op-during-.patch b/package/kernel/mac80211/patches/399-mac80211-do-not-call-driver-wake_tx_queue-op-during-.patch
new file mode 100644 (file)
index 0000000..3026460
--- /dev/null
@@ -0,0 +1,33 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Fri, 1 Mar 2019 14:42:56 +0100
+Subject: [PATCH] mac80211: do not call driver wake_tx_queue op during reconfig
+
+There are several scenarios in which mac80211 can call drv_wake_tx_queue
+after ieee80211_restart_hw has been called and has not yet completed.
+Driver private structs are considered uninitialized until mac80211 has
+uploaded the vifs, stations and keys again, so using private tx queue
+data during that time is not safe.
+
+The driver can also not rely on drv_reconfig_complete to figure out when
+it is safe to accept drv_wake_tx_queue calls again, because it is only
+called after all tx queues are woken again.
+
+To fix this, bail out early in drv_wake_tx_queue if local->in_reconfig
+is set.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/driver-ops.h
++++ b/net/mac80211/driver-ops.h
+@@ -1162,6 +1162,9 @@ static inline void drv_wake_tx_queue(str
+ {
+       struct ieee80211_sub_if_data *sdata = vif_to_sdata(txq->txq.vif);
++      if (local->in_reconfig)
++              return;
++
+       if (!check_sdata_in_driver(sdata))
+               return;