Hi, > static void > @@ -846,6 +857,8 @@ minstrel_ht_update_caps(void *priv, struct > ieee80211_supported_band *sband, > > msp->is_ht = true; > memset(mi, 0, sizeof(*mi)); > + > + mi->sta = sta; > mi->stats_update = jiffies;
minstrel_ht_update_caps can be called on init and on different other changes (rate_control_rate_update). Which lock protects mi from following scenario? context 1: memset(mi, 0, sizeof(*mi)); // mi->sta is now NULL context 2: minstrel_ht_update_rates -> rate_control_set_rates(mp->hw, mi->sta, rates) context 2: rate_control_set_rates dereferences pubsta->rates (mi->sta + 0x48) -> Kernel Oops context 1: mi->sta = sta The first context is from one of the many rate_control_rate_update in mac80211 and the second context is from ieee80211_tx_status. The question came up when discovering the OpenWrt bug report https://dev.openwrt.org/ticket/18388 (minstrel_ht_update_caps the thing most likely behind minstrel_remove_sta_debugfs+0xe8c/0x1674 - at least EPC is pointing inside this function for a build from this revision) Kind regards, Sven Eckelmann -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
