On Wed, 2017-09-20 at 15:11 +0300, Ville Syrjälä wrote: > > > I guess since the outer pointer isn't protected, only the inner ... > > I think just the fact that even the pointers in ieee80211_tx_data > don't have the __rcu annotation makes it rather hard to see what is > really rcu protected and what isn't. If every user of those pointers > would have to do the rcu_dereference() things would be rather more > explicit. It wouldn't make sense though, because those users don't need to provide the protection, and they don't need to make sure to use the pointer in an RCU safe manner (access once etc.) since they're in code that can't really go wrong... mostly. > > Therefore, this patch is wrong. > > OK, so the problem is in ath9k then. I agree. > > I actually think the same is true for ieee80211_tx_dequeue(), but [...] > Well, I think this is as far as I want to dig into the matter. I can > respin the patch once more with just tx_dequeue() fix in there, if > you want (not sure you do if you think it's wrong as well). After > that I'll leave it to someone who actually knows what they're doing > with mac80211 ;) :-) I think we should rather document that RCU is required for that function, I think for some usages it may be OK without but with keys I'm pretty sure you'll need it. johannes