Toke Høiland-Jørgensen wrote:
> When ath9k was switched over to use the mac80211 intermediate queues,
> node cleanup now drains the mac80211 queues. However, this call path is
> not protected by rcu_read_lock() as it was previously entirely internal
> to the driver which uses its own locking.
>
> This leads to a possible rcu_dereference() without holding
> rcu_read_lock(); but only if a station is cleaned up while having
> packets queued on the TXQ. Fix this by adding the rcu_read_lock() to the
> caller in ath9k.
>
> Fixes: 50f08edf9809 ("ath9k: Switch to using mac80211 intermediate software queues.")
> Cc: stable@xxxxxxxxxxxxxxx
> Reported-by: Ben Greear <greearb@xxxxxxxxxxxxxxx>
> Signed-off-by: Toke Høiland-Jørgensen <toke@xxxxxxx>
> Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx>
Patch applied to ath-next branch of ath.git, thanks.
182b19171098 ath9k: Protect queue draining by rcu_read_lock()
--
https://patchwork.kernel.org/patch/10196453/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches