Crash on dissociate + ampdu traffic. After Mac80211 called
wl_ops_sta_remove(), Mac80211 frees the ieee80211_sta structure, which
embeds struct scb. However, the driver would keep using this structure.
This resulted in an ASSERT(scb->magic == SCB_MAGIC) triggering.
Problem would occur under bad RF conditions and/or roaming conditions.
The fix increases robustness of the driver against NULL
dereferences, and in subsequential commits changes references to
soon-to-be-released ieee80211_sta and scb structures to NULL.
Driver was tested, problem does not occur anymore, iperf traffic picks
up again after roaming.
Signed-off-by: Roland Vossen <rvossen@xxxxxxxxxxxx>
Reviewed-by: Arend van Spriel <arend@xxxxxxxxxxxx>
staging: brcm80211: bugfix for NULL scb ptr dereference
staging: brcm80211: bugfix for control.sta NULL ptr dereference
staging: brcm80211: added IEEE80211_AMPDU_TX_STOP handling
staging: brcm80211: invalidate all AMPDU packets on
IEEE80211_AMPDU_TX_STOP
drivers/staging/brcm80211/brcmsmac/wl_mac80211.c | 3 +
drivers/staging/brcm80211/brcmsmac/wlc_ampdu.c | 91 ++++++++++++++++++++--
drivers/staging/brcm80211/brcmsmac/wlc_main.c | 21 +++++-
drivers/staging/brcm80211/brcmsmac/wlc_main.h | 3 +
drivers/staging/brcm80211/brcmsmac/wlc_pub.h | 4 +
drivers/staging/brcm80211/include/hnddma.h | 3 +-
drivers/staging/brcm80211/util/hnddma.c | 24 ++++++
7 files changed, 140 insertions(+), 9 deletions(-)
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
