From: Johannes Berg <johannes.berg@intel.com>
Date: Tue, 6 Sep 2011 10:47:39 +0000 (+0200)
Subject: mac80211: fix missing sta_lock in __sta_info_destroy
X-Git-Tag: firefly_0821_release~7541^2~2752
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=e74aa3593a0026ea78b3997c3b7748f536e17f66;p=firefly-linux-kernel-4.4.55.git

mac80211: fix missing sta_lock in __sta_info_destroy

commit 4bae7d976976fa52d345805ba686934cd548343e upstream.

Since my commit 34e895075e21be3e21e71d6317440d1ee7969ad0
("mac80211: allow station add/remove to sleep") there is
a race in mac80211 when it clears the TIM bit because a
sleeping station disconnected, the spinlock isn't held
around the relevant code any more. Use the right API to
acquire the spinlock correctly.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index b83870bf60fa..ca7bf1052eba 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -669,7 +669,7 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
 		BUG_ON(!sdata->bss);
 
 		atomic_dec(&sdata->bss->num_sta_ps);
-		__sta_info_clear_tim_bit(sdata->bss, sta);
+		sta_info_clear_tim_bit(sta);
 	}
 
 	local->num_sta--;