mac80211: Move num_sta_ps counter decrement after synchronize_rcu

Unted the assumption that the sta struct is still accessible before the synchronize_rcu call we should move the num_sta_ps counter decrement after synchronize_rcu to avoid incorrect decrements if num_sta_ps. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>

mac80211: Move num_sta_ps counter decrement after synchronize_rcu
Unted the assumption that the sta struct is still accessible before the synchronize_rcu call we should move the num_sta_ps counter decrement after synchronize_rcu to avoid incorrect decrements if num_sta_ps. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
4f3eb0ba · Helmut Schaa · John W. Linville · 19468413 · 4f3eb0ba
Commit 4f3eb0ba authored Jan 27, 2012 by Helmut Schaa Committed by John W. Linville Jan 30, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 9 deletions

net/mac80211/sta_info.c net/mac80211/sta_info.c +9 -9

No files found.
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -750,15 +750,6 @@ int __must_check __sta_info_destroy(struct sta_info *sta)
 	sta->dead = true;
-	if (test_sta_flag(sta, WLAN_STA_PS_STA)) {
-		BUG_ON(!sdata->bss);
-		clear_sta_flag(sta, WLAN_STA_PS_STA);
-		atomic_dec(&sdata->bss->num_sta_ps);
-		sta_info_recalc_tim(sta);
-	}
 	local->num_sta--;
 	local->sta_generation++;
@@ -790,6 +781,15 @@ int __must_check __sta_info_destroy(struct sta_info *sta)
 	 */
 	synchronize_rcu();
+	if (test_sta_flag(sta, WLAN_STA_PS_STA)) {
+		BUG_ON(!sdata->bss);
+		clear_sta_flag(sta, WLAN_STA_PS_STA);
+		atomic_dec(&sdata->bss->num_sta_ps);
+		sta_info_recalc_tim(sta);
+	}
 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
 		local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]);
 		__skb_queue_purge(&sta->ps_tx_buf[ac]);