Commit 2611687f authored by Yang Yingliang's avatar Yang Yingliang Committed by Kalle Valo

wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under spin_lock_irqsave()

It is not allowed to call kfree_skb() from hardware interrupt
context or with interrupts being disabled. All the SKBs have
been dequeued from the old queue, so it's safe to enqueue these
SKBs to a free queue, then free them after spin_unlock_irqrestore()
at once. Compile tested only.

Fixes: 7fe3b3ab ("rtlwifi: rtl8188ee: rtl8821ae: Fix a queue locking problem")
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Acked-by: default avatarPing-Ke Shih <pkshih@realtek.com>
Signed-off-by: default avatarKalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221207141411.46098-3-yangyingliang@huawei.com
parent 106031c1
...@@ -68,8 +68,10 @@ static void _rtl88ee_return_beacon_queue_skb(struct ieee80211_hw *hw) ...@@ -68,8 +68,10 @@ static void _rtl88ee_return_beacon_queue_skb(struct ieee80211_hw *hw)
struct rtl_priv *rtlpriv = rtl_priv(hw); struct rtl_priv *rtlpriv = rtl_priv(hw);
struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw)); struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw));
struct rtl8192_tx_ring *ring = &rtlpci->tx_ring[BEACON_QUEUE]; struct rtl8192_tx_ring *ring = &rtlpci->tx_ring[BEACON_QUEUE];
struct sk_buff_head free_list;
unsigned long flags; unsigned long flags;
skb_queue_head_init(&free_list);
spin_lock_irqsave(&rtlpriv->locks.irq_th_lock, flags); spin_lock_irqsave(&rtlpriv->locks.irq_th_lock, flags);
while (skb_queue_len(&ring->queue)) { while (skb_queue_len(&ring->queue)) {
struct rtl_tx_desc *entry = &ring->desc[ring->idx]; struct rtl_tx_desc *entry = &ring->desc[ring->idx];
...@@ -79,10 +81,12 @@ static void _rtl88ee_return_beacon_queue_skb(struct ieee80211_hw *hw) ...@@ -79,10 +81,12 @@ static void _rtl88ee_return_beacon_queue_skb(struct ieee80211_hw *hw)
rtlpriv->cfg->ops->get_desc(hw, (u8 *)entry, rtlpriv->cfg->ops->get_desc(hw, (u8 *)entry,
true, HW_DESC_TXBUFF_ADDR), true, HW_DESC_TXBUFF_ADDR),
skb->len, DMA_TO_DEVICE); skb->len, DMA_TO_DEVICE);
kfree_skb(skb); __skb_queue_tail(&free_list, skb);
ring->idx = (ring->idx + 1) % ring->entries; ring->idx = (ring->idx + 1) % ring->entries;
} }
spin_unlock_irqrestore(&rtlpriv->locks.irq_th_lock, flags); spin_unlock_irqrestore(&rtlpriv->locks.irq_th_lock, flags);
__skb_queue_purge(&free_list);
} }
static void _rtl88ee_disable_bcn_sub_func(struct ieee80211_hw *hw) static void _rtl88ee_disable_bcn_sub_func(struct ieee80211_hw *hw)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment