From c186dd147a56840427f7623bfe7073496ac115bb Mon Sep 17 00:00:00 2001 From: Ksawlii Date: Sun, 24 Nov 2024 00:23:53 +0100 Subject: [PATCH] Revert "wifi: mac80211: fix BA session teardown race" This reverts commit a2036d5d3c877e35b3418b28074b49236702d8c3. --- net/mac80211/agg-tx.c | 6 +++++- net/mac80211/driver-ops.c | 3 +++ net/mac80211/sta_info.c | 14 -------------- 3 files changed, 8 insertions(+), 15 deletions(-) diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c index 4b4ab1961..92e5812da 100755 --- a/net/mac80211/agg-tx.c +++ b/net/mac80211/agg-tx.c @@ -491,7 +491,7 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) { struct tid_ampdu_tx *tid_tx; struct ieee80211_local *local = sta->local; - struct ieee80211_sub_if_data *sdata = sta->sdata; + struct ieee80211_sub_if_data *sdata; struct ieee80211_ampdu_params params = { .sta = &sta->sta, .action = IEEE80211_AMPDU_TX_START, @@ -521,6 +521,7 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) */ synchronize_net(); + sdata = sta->sdata; params.ssn = sta->tid_seq[tid] >> 4; ret = drv_ampdu_action(local, sdata, ¶ms); tid_tx->ssn = params.ssn; @@ -534,6 +535,9 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) */ set_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state); } else if (ret) { + if (!sdata) + return; + ht_dbg(sdata, "BA request denied - HW unavailable for %pM tid %d\n", sta->sta.addr, tid); diff --git a/net/mac80211/driver-ops.c b/net/mac80211/driver-ops.c index 48322e45e..120bd9cdf 100755 --- a/net/mac80211/driver-ops.c +++ b/net/mac80211/driver-ops.c @@ -331,6 +331,9 @@ int drv_ampdu_action(struct ieee80211_local *local, might_sleep(); + if (!sdata) + return -EIO; + sdata = get_bss_sdata(sdata); if (!check_sdata_in_driver(sdata)) return -EIO; diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 3bb7a3314..f7637176d 100755 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -1064,20 +1064,6 @@ static void __sta_info_destroy_part2(struct sta_info *sta) * after _part1 and before _part2! */ - /* - * There's a potential race in _part1 where we set WLAN_STA_BLOCK_BA - * but someone might have just gotten past a check, and not yet into - * queuing the work/creating the data/etc. - * - * Do another round of destruction so that the worker is certainly - * canceled before we later free the station. - * - * Since this is after synchronize_rcu()/synchronize_net() we're now - * certain that nobody can actually hold a reference to the STA and - * be calling e.g. ieee80211_start_tx_ba_session(). - */ - ieee80211_sta_tear_down_BA_sessions(sta, AGG_STOP_DESTROY_STA); - might_sleep(); lockdep_assert_held(&local->sta_mtx);