Commit 49fba872 authored by Felix Fietkau's avatar Felix Fietkau
Browse files

wifi: mt76: fix linked list corruption 

Never leave scheduled wcid entries on the temporary on-stack list

Fixes: 0b3be9d1 ("wifi: mt76: add separate tx scheduling queue for off-channel tx")
Link: https://patch.msgid.link/20250827085352.51636-6-nbd@nbd.name


Signed-off-by: default avatarFelix Fietkau <nbd@nbd.name>
parent bdeac781

drivers/net/wireless/mediatek/mt76/tx.c

+3 −5
Original line number Diff line number Diff line
@@ -646,6 +646,7 @@ mt76_txq_schedule_pending_wcid(struct mt76_phy *phy, struct mt76_wcid *wcid, 
static void mt76_txq_schedule_pending(struct mt76_phy *phy)

{

	LIST_HEAD(tx_list);

	int ret = 0;



	if (list_empty(&phy->tx_list))

		return;
@@ -657,12 +658,12 @@ static void mt76_txq_schedule_pending(struct mt76_phy *phy) 
	list_splice_init(&phy->tx_list, &tx_list);

	while (!list_empty(&tx_list)) {

		struct mt76_wcid *wcid;

		int ret;



		wcid = list_first_entry(&tx_list, struct mt76_wcid, tx_list);

		list_del_init(&wcid->tx_list);



		spin_unlock(&phy->tx_lock);

		if (ret >= 0)

			ret = mt76_txq_schedule_pending_wcid(phy, wcid, &wcid->tx_offchannel);

		if (ret >= 0 && !phy->offchannel)

			ret = mt76_txq_schedule_pending_wcid(phy, wcid, &wcid->tx_pending);
@@ -672,9 +673,6 @@ static void mt76_txq_schedule_pending(struct mt76_phy *phy) 
		    !skb_queue_empty(&wcid->tx_offchannel) &&

		    list_empty(&wcid->tx_list))

			list_add_tail(&wcid->tx_list, &phy->tx_list);



		if (ret < 0)

			break;

	}

	spin_unlock(&phy->tx_lock);