Similar change as on current patch "mac80211: fix calling
ieee80211_free_txskb with NULL skb", but for multicast queue. Patch does
not prevent crash, as dev_kfree_skb() checks against NULL skb, but it
help to prevent not necessary frame drop, when bc_buf queue was
partially flushed and no longer exceeds AP_MAX_BC_BUFFER .
Signed-off-by: Stanislaw Gruszka <sgruszka@xxxxxxxxxx>
---
net/mac80211/tx.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 85b9b8e..78bca8a 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -387,6 +387,8 @@ ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
struct ps_data *ps;
+ struct sk_buff *old_skb = NULL;
+ unsigned long flags;
/*
* broadcast/multicast frame
@@ -432,6 +434,13 @@ ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
purge_old_ps_buffers(tx->local);
if (skb_queue_len(&ps->bc_buf) >= AP_MAX_BC_BUFFER) {
+ spin_lock_irqsave(&ps->bc_buf.lock, flags);
+ /* queue could be modified, recheck length with lock taken */
+ if (skb_queue_len(&ps->bc_buf) >= AP_MAX_BC_BUFFER)
+ old_skb = __skb_dequeue(&ps->bc_buf);
+ spin_unlock_irqrestore(&ps->bc_buf.lock, flags);
+ }
+ if (old_skb) {
ps_dbg(tx->sdata,
"BC TX buffer full - dropping the oldest frame\n");
dev_kfree_skb(skb_dequeue(&ps->bc_buf));
--
1.7.11.7
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
