From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from xc.sipsolutions.net ([83.246.72.84]:53253 "EHLO sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754799AbZLCTsK (ORCPT ); Thu, 3 Dec 2009 14:48:10 -0500 Subject: [PATCH] mac80211: fix reorder buffer release From: Johannes Berg To: John Linville Cc: Reinette Chatre , Christian Lamparter , linux-wireless Content-Type: text/plain; charset="UTF-8" Date: Thu, 03 Dec 2009 20:48:09 +0100 Message-ID: <1259869689.12843.16.camel@johannes.local> Mime-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org List-ID: My patch "mac80211: correctly place aMPDU RX reorder code" uses an skb queue for MPDUs that were released from the buffer. I intentially didn't initialise and use the skb queue's spinlock, but in this place forgot that the code variant that doesn't touch the spinlock is needed. Thanks to Christian Lamparter for quickly spotting the bug in the backtrace Reinette reported. Reported-by: Reinette Chatre Bug-identified-by: Christian Lamparter Tested-by: Reinette Chatre Signed-off-by: Johannes Berg --- net/mac80211/rx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- wireless-testing.orig/net/mac80211/rx.c 2009-12-03 20:18:21.000000000 +0100 +++ wireless-testing/net/mac80211/rx.c 2009-12-03 20:42:50.000000000 +0100 @@ -570,7 +570,7 @@ static void ieee80211_release_reorder_fr rate = &sband->bitrates[status->rate_idx]; tid_agg_rx->stored_mpdu_num--; tid_agg_rx->reorder_buf[index] = NULL; - skb_queue_tail(frames, skb); + __skb_queue_tail(frames, skb); no_frame: tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);