vif->csa_active is protected by mutexes only. This means it is unreliable to depend on it on codeflow in non-sleepable beacon and CSA code. There was no guarantee to have vif->csa_active update be visible before beacons are updated on SMP systems. Using csa counter offsets which are embedded in beacon struct (and thus are protected with single RCU assignment) is much safer. Signed-off-by: Michal Kazior <michal.kazior@xxxxxxxxx> --- net/mac80211/tx.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 7d96a27..eeeafeb 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -2536,6 +2536,9 @@ bool ieee80211_csa_is_complete(struct ieee80211_vif *vif) goto out; } + if (!beacon->csa_counter_offset[0]) + goto out; + if (WARN_ON_ONCE(beacon->csa_counter_offset[0] > beacon_data_len)) goto out; @@ -2580,7 +2583,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw, beacon = rcu_dereference(ap->beacon); if (beacon) { - if (sdata->vif.csa_active) { + if (beacon->csa_counter_offset[0]) { if (!is_template) ieee80211_csa_update_counter(vif); @@ -2626,7 +2629,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw, if (!beacon) goto out; - if (sdata->vif.csa_active) { + if (beacon->csa_counter_offset[0]) { if (!is_template) ieee80211_csa_update_counter(vif); @@ -2651,7 +2654,7 @@ __ieee80211_beacon_get(struct ieee80211_hw *hw, if (!beacon) goto out; - if (sdata->vif.csa_active) { + if (beacon->csa_counter_offset[0]) { if (!is_template) /* TODO: For mesh csa_counter is in TU, so * decrementing it by one isn't correct, but -- 1.8.5.3 -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html