I was going to apply this, but running with lockdep enabled tells me that this patch is broken. In the callers of ieee80211_sta_tear_down_BA_sessions(), we only hold the &local->sta_mtx. However, > + rcu_dereference_protected_tid_tx(sta, i); requires (and checks, if you have lockdep) that you hold either &sta->ampdu_mlme.mtx or &sta->lock. Additionally, ieee80211_remove_tid_tx(), called via ieee80211_stop_tx_ba_cb(), requires holding both - and ieee80211_stop_tx_ba_cb() only requires the spinlock. johannes
