mac80211: fix crash with single-queue drivers
authorJohannes Berg <johannes.berg@intel.com>
Wed, 4 Jul 2012 10:49:59 +0000 (12:49 +0200)
committerJohannes Berg <johannes.berg@intel.com>
Fri, 6 Jul 2012 13:26:58 +0000 (15:26 +0200)
Larry (and some others I think) reported that with
single-queue drivers mac80211 crashes when waking
the queues. This happens because we allocate just
a single queue for each virtual interface in case
the driver doesn't have at least 4 queues, but the
code stopping/waking the virtual interface queues
wasn't taking this into account.

Reported-by: Larry Finger <Larry.Finger@lwfinger.net>
Tested-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/mac80211/util.c

index 5715e7b3affcf1442c80188d106864bfd4fc5cc5..64493a7bef1a388a1f7f2a9aca8d13b7834d52fb 100644 (file)
@@ -268,6 +268,10 @@ EXPORT_SYMBOL(ieee80211_ctstoself_duration);
 void ieee80211_propagate_queue_wake(struct ieee80211_local *local, int queue)
 {
        struct ieee80211_sub_if_data *sdata;
+       int n_acs = IEEE80211_NUM_ACS;
+
+       if (local->hw.queues < IEEE80211_NUM_ACS)
+               n_acs = 1;
 
        list_for_each_entry_rcu(sdata, &local->interfaces, list) {
                int ac;
@@ -279,7 +283,7 @@ void ieee80211_propagate_queue_wake(struct ieee80211_local *local, int queue)
                    local->queue_stop_reasons[sdata->vif.cab_queue] != 0)
                        continue;
 
-               for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
+               for (ac = 0; ac < n_acs; ac++) {
                        int ac_queue = sdata->vif.hw_queue[ac];
 
                        if (ac_queue == queue ||
@@ -341,6 +345,7 @@ static void __ieee80211_stop_queue(struct ieee80211_hw *hw, int queue,
 {
        struct ieee80211_local *local = hw_to_local(hw);
        struct ieee80211_sub_if_data *sdata;
+       int n_acs = IEEE80211_NUM_ACS;
 
        trace_stop_queue(local, queue, reason);
 
@@ -352,11 +357,14 @@ static void __ieee80211_stop_queue(struct ieee80211_hw *hw, int queue,
 
        __set_bit(reason, &local->queue_stop_reasons[queue]);
 
+       if (local->hw.queues < IEEE80211_NUM_ACS)
+               n_acs = 1;
+
        rcu_read_lock();
        list_for_each_entry_rcu(sdata, &local->interfaces, list) {
                int ac;
 
-               for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
+               for (ac = 0; ac < n_acs; ac++) {
                        if (sdata->vif.hw_queue[ac] == queue ||
                            sdata->vif.cab_queue == queue)
                                netif_stop_subqueue(sdata->dev, ac);