Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next

[sfrench/cifs-2.6.git] / drivers / net / wireless / mediatek / mt76 / agg-rx.c

diff --git a/drivers/net/wireless/mediatek/mt76/agg-rx.c b/drivers/net/wireless/mediatek/mt76/agg-rx.c
index fcb208d1f2762d9076a1e3ca3cf297dfb2e54fdb..1e8cdce919d9a41122adc6774a6cbe2340a3ed03 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/agg-rx.c
+++ b/drivers/net/wireless/mediatek/mt76/agg-rx.c
@@ -103,6 +103,7 @@ mt76_rx_aggr_reorder_work(struct work_struct *work)
        __skb_queue_head_init(&frames);
 
        local_bh_disable();
+       rcu_read_lock();
 
        spin_lock(&tid->lock);
        mt76_rx_aggr_check_release(tid, &frames);
@@ -114,6 +115,7 @@ mt76_rx_aggr_reorder_work(struct work_struct *work)
                                             REORDER_TIMEOUT);
        mt76_rx_complete(dev, &frames, -1);
 
+       rcu_read_unlock();
        local_bh_enable();
 }
 
@@ -147,12 +149,13 @@ mt76_rx_aggr_check_ctl(struct sk_buff *skb, struct sk_buff_head *frames)
 void mt76_rx_aggr_reorder(struct sk_buff *skb, struct sk_buff_head *frames)
 {
        struct mt76_rx_status *status = (struct mt76_rx_status *) skb->cb;
+       struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
        struct mt76_wcid *wcid = status->wcid;
        struct ieee80211_sta *sta;
        struct mt76_rx_tid *tid;
        bool sn_less;
        u16 seqno, head, size;
-       u8 idx;
+       u8 ackp, idx;
 
        __skb_queue_tail(frames, skb);
 
@@ -165,10 +168,17 @@ void mt76_rx_aggr_reorder(struct sk_buff *skb, struct sk_buff_head *frames)
                return;
        }
 
+       /* not part of a BA session */
+       ackp = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_ACK_POLICY_MASK;
+       if (ackp != IEEE80211_QOS_CTL_ACK_POLICY_BLOCKACK &&
+           ackp != IEEE80211_QOS_CTL_ACK_POLICY_NORMAL)
+               return;
+
        tid = rcu_dereference(wcid->aggr[status->tid]);
        if (!tid)
                return;
 
+       status->flag |= RX_FLAG_DUP_VALIDATED;
        spin_lock_bh(&tid->lock);
 
        if (tid->stopped)
@@ -236,8 +246,7 @@ int mt76_rx_aggr_start(struct mt76_dev *dev, struct mt76_wcid *wcid, u8 tidno,
 
        mt76_rx_aggr_stop(dev, wcid, tidno);
 
-       tid = kzalloc(sizeof(*tid) + size * sizeof(tid->reorder_buf[0]),
-                     GFP_KERNEL);
+       tid = kzalloc(struct_size(tid, reorder_buf, size), GFP_KERNEL);
        if (!tid)
                return -ENOMEM;
 
@@ -258,6 +267,8 @@ static void mt76_rx_aggr_shutdown(struct mt76_dev *dev, struct mt76_rx_tid *tid)
        u8 size = tid->size;
        int i;
 
+       cancel_delayed_work(&tid->reorder_work);
+
        spin_lock_bh(&tid->lock);
 
        tid->stopped = true;
@@ -272,8 +283,6 @@ static void mt76_rx_aggr_shutdown(struct mt76_dev *dev, struct mt76_rx_tid *tid)
        }
 
        spin_unlock_bh(&tid->lock);
-
-       cancel_delayed_work_sync(&tid->reorder_work);
 }
 
 void mt76_rx_aggr_stop(struct mt76_dev *dev, struct mt76_wcid *wcid, u8 tidno)