Toke Høiland-Jørgensen wrote:
When ath9k was switched over to use the mac80211 intermediate queues, node cleanup now drains the mac80211 queues. However, this call path is not protected by rcu_read_lock() as it was previously entirely internal to the driver which uses its own locking.
This leads to a possible rcu_dereference() without holding rcu_read_lock(); but only if a station is cleaned up while having packets queued on the TXQ. Fix this by adding the rcu_read_lock() to the caller in ath9k.
Fixes: 50f08edf9809 ("ath9k: Switch to using mac80211 intermediate software queues.") Cc: stable@vger.kernel.org Reported-by: Ben Greear greearb@candelatech.com Signed-off-by: Toke Høiland-Jørgensen toke@toke.dk Signed-off-by: Kalle Valo kvalo@codeaurora.org
Patch applied to ath-next branch of ath.git, thanks.
182b19171098 ath9k: Protect queue draining by rcu_read_lock()