aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorEmmanuel Grumbach <emmanuel.grumbach@intel.com>2011-11-27 08:29:44 -0500
committerJohn W. Linville <linville@tuxdriver.com>2011-11-28 13:46:41 -0500
commit2a1e0fd175dcfd72096ba9291d31e3b1b5342e60 (patch)
tree75d1125cffd90d1af3213aa089049139a04b5536 /net
parentd305a6557b2c4dca0110f05ffe745b1ef94adb80 (diff)
mac80211: fix race between the AGG SM and the Tx data path
When a packet is supposed to sent be as an a-MPDU, mac80211 sets IEEE80211_TX_CTL_AMPDU to let the driver know. On the other hand, mac80211 configures the driver for aggregration with the ampdu_action callback. There is race between these two mechanisms since the following scenario can occur when the BA agreement is torn down: Tx softIRQ drv configuration ========== ================= check OPERATIONAL bit Set the TX_CTL_AMPDU bit in the packet clear OPERATIONAL bit stop Tx AGG Pass Tx packet to the driver. In that case the driver would get a packet with TX_CTL_AMPDU set although it has already been notified that the BA session has been torn down. To fix this, we need to synchronize all the Qdisc activity after we cleared the OPERATIONAL bit. After that step, all the following packets will be buffered until the driver reports it is ready to get new packets for this RA / TID. This buffering allows not to run into another race that would send packets with TX_CTL_AMPDU unset while the driver hasn't been requested to tear down the BA session yet. This race occurs in practice and iwlwifi complains with a WARN_ON when it happens. Cc: stable@kernel.org Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
-rw-r--r--net/mac80211/agg-tx.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index eea6e5c8d16..331472ce038 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -192,6 +192,20 @@ int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
192 */ 192 */
193 clear_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state); 193 clear_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state);
194 194
195 /*
196 * There might be a few packets being processed right now (on
197 * another CPU) that have already gotten past the aggregation
198 * check when it was still OPERATIONAL and consequently have
199 * IEEE80211_TX_CTL_AMPDU set. In that case, this code might
200 * call into the driver at the same time or even before the
201 * TX paths calls into it, which could confuse the driver.
202 *
203 * Wait for all currently running TX paths to finish before
204 * telling the driver. New packets will not go through since
205 * the aggregation session is no longer OPERATIONAL.
206 */
207 synchronize_net();
208
195 tid_tx->stop_initiator = initiator; 209 tid_tx->stop_initiator = initiator;
196 tid_tx->tx_stop = tx; 210 tid_tx->tx_stop = tx;
197 211