We may call rt2x00queue_pause_queue(queue) with queue == NULL. Bug
was introduced by commit 62fe778412b36791b7897cfa139342906fbbf07b
"rt2x00: Fix stuck queue in tx failure case" .
Cc: [email protected] # 3.0+
Signed-off-by: Stanislaw Gruszka <[email protected]>
---
drivers/net/wireless/rt2x00/rt2x00mac.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/rt2x00/rt2x00mac.c b/drivers/net/wireless/rt2x00/rt2x00mac.c
index 8efab39..4ccf238 100644
--- a/drivers/net/wireless/rt2x00/rt2x00mac.c
+++ b/drivers/net/wireless/rt2x00/rt2x00mac.c
@@ -113,7 +113,7 @@ void rt2x00mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
* due to possible race conditions in mac80211.
*/
if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags))
- goto exit_fail;
+ goto exit_free_skb;
/*
* Use the ATIM queue if appropriate and present.
@@ -127,7 +127,7 @@ void rt2x00mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
ERROR(rt2x00dev,
"Attempt to send packet over invalid queue %d.\n"
"Please file bug report to %s.\n", qid, DRV_PROJECT);
- goto exit_fail;
+ goto exit_free_skb;
}
/*
@@ -159,6 +159,7 @@ void rt2x00mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
exit_fail:
rt2x00queue_pause_queue(queue);
+ exit_free_skb:
dev_kfree_skb_any(skb);
}
EXPORT_SYMBOL_GPL(rt2x00mac_tx);
--
1.7.1
On Tue, Aug 2, 2011 at 1:29 PM, Stanislaw Gruszka <[email protected]> wrote:
> We may call rt2x00queue_pause_queue(queue) with queue == NULL. Bug
> was introduced by commit 62fe778412b36791b7897cfa139342906fbbf07b
> "rt2x00: Fix stuck queue in tx failure case" .
>
> Cc: [email protected] # 3.0+
> Signed-off-by: Stanislaw Gruszka <[email protected]>
Good catch.
Acked-by: Gertjan van Wingerde <[email protected]>
> ---
> ?drivers/net/wireless/rt2x00/rt2x00mac.c | ? ?5 +++--
> ?1 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/wireless/rt2x00/rt2x00mac.c b/drivers/net/wireless/rt2x00/rt2x00mac.c
> index 8efab39..4ccf238 100644
> --- a/drivers/net/wireless/rt2x00/rt2x00mac.c
> +++ b/drivers/net/wireless/rt2x00/rt2x00mac.c
> @@ -113,7 +113,7 @@ void rt2x00mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
> ? ? ? ? * due to possible race conditions in mac80211.
> ? ? ? ? */
> ? ? ? ?if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags))
> - ? ? ? ? ? ? ? goto exit_fail;
> + ? ? ? ? ? ? ? goto exit_free_skb;
>
> ? ? ? ?/*
> ? ? ? ? * Use the ATIM queue if appropriate and present.
> @@ -127,7 +127,7 @@ void rt2x00mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
> ? ? ? ? ? ? ? ?ERROR(rt2x00dev,
> ? ? ? ? ? ? ? ? ? ? ?"Attempt to send packet over invalid queue %d.\n"
> ? ? ? ? ? ? ? ? ? ? ?"Please file bug report to %s.\n", qid, DRV_PROJECT);
> - ? ? ? ? ? ? ? goto exit_fail;
> + ? ? ? ? ? ? ? goto exit_free_skb;
> ? ? ? ?}
>
> ? ? ? ?/*
> @@ -159,6 +159,7 @@ void rt2x00mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
>
> ?exit_fail:
> ? ? ? ?rt2x00queue_pause_queue(queue);
> + exit_free_skb:
> ? ? ? ?dev_kfree_skb_any(skb);
> ?}
> ?EXPORT_SYMBOL_GPL(rt2x00mac_tx);
> --
> 1.7.1
>
--
---
Gertjan
On Tue, Aug 2, 2011 at 1:29 PM, Stanislaw Gruszka <[email protected]> wrote:
> We may call rt2x00queue_pause_queue(queue) with queue == NULL. Bug
> was introduced by commit 62fe778412b36791b7897cfa139342906fbbf07b
> "rt2x00: Fix stuck queue in tx failure case" .
>
> Cc: [email protected] # 3.0+
> Signed-off-by: Stanislaw Gruszka <[email protected]>
Acked-by: Ivo van Doorn <[email protected]>
> ---
> ?drivers/net/wireless/rt2x00/rt2x00mac.c | ? ?5 +++--
> ?1 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/wireless/rt2x00/rt2x00mac.c b/drivers/net/wireless/rt2x00/rt2x00mac.c
> index 8efab39..4ccf238 100644
> --- a/drivers/net/wireless/rt2x00/rt2x00mac.c
> +++ b/drivers/net/wireless/rt2x00/rt2x00mac.c
> @@ -113,7 +113,7 @@ void rt2x00mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
> ? ? ? ? * due to possible race conditions in mac80211.
> ? ? ? ? */
> ? ? ? ?if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags))
> - ? ? ? ? ? ? ? goto exit_fail;
> + ? ? ? ? ? ? ? goto exit_free_skb;
>
> ? ? ? ?/*
> ? ? ? ? * Use the ATIM queue if appropriate and present.
> @@ -127,7 +127,7 @@ void rt2x00mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
> ? ? ? ? ? ? ? ?ERROR(rt2x00dev,
> ? ? ? ? ? ? ? ? ? ? ?"Attempt to send packet over invalid queue %d.\n"
> ? ? ? ? ? ? ? ? ? ? ?"Please file bug report to %s.\n", qid, DRV_PROJECT);
> - ? ? ? ? ? ? ? goto exit_fail;
> + ? ? ? ? ? ? ? goto exit_free_skb;
> ? ? ? ?}
>
> ? ? ? ?/*
> @@ -159,6 +159,7 @@ void rt2x00mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
>
> ?exit_fail:
> ? ? ? ?rt2x00queue_pause_queue(queue);
> + exit_free_skb:
> ? ? ? ?dev_kfree_skb_any(skb);
> ?}
> ?EXPORT_SYMBOL_GPL(rt2x00mac_tx);
> --
> 1.7.1
>