aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBob Copeland <me@bobcopeland.com>2009-05-07 08:09:08 -0400
committerJohn W. Linville <linville@tuxdriver.com>2009-05-11 15:07:01 -0400
commit209d889bab3d0812ee9cda4f6bbeb1af8bede9d4 (patch)
tree3202f4681b5ebe595220ce8aeede61d95122f618
parent9be6f0d40d9191e6fe7e45551c7d1c1614472b53 (diff)
ath5k: update channel in sw state after stopping RX and TX
This fixes a non-theoretical race condition when transmitting and receiving frames during a scan. If the channel or operating band changes while processing status descriptors in the tasklets, ath5k will incorrectly use the new channel and band when reporting the rates, even if the frame was actually sent on a previous channel. Typically this will manifest as a beacon found on an incorrect frequency and/or a warning in the driver while scanning: [ 4773.891944] cfg80211: Found new beacon on frequency: 5805 MHz (Ch 161) on phy0 [ 4785.461125] ------------[ cut here ]------------ [ 4785.461135] WARNING: at drivers/net/wireless/ath/ath5k/base.c:1141 ath5k_tasklet_rx+0x2ff/0x577 [ath5k]() [ 4785.461143] Hardware name: MacBook1,1 [ 4785.461148] invalid hw_rix: 1b [ 4785.461152] Modules linked in: fuse i915 drm af_packet acpi_cpufreq binfmt_misc dm_mirror dm_region_hash dm_log dm_multipath dm_mod arc4 ecb snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_seq_dummy snd_seq_oss snd_seq_midi_event ath5k snd_seq hid_apple usbhid snd_seq_device mac80211 appletouch snd_pcm_oss sky2 ohci1394 snd_mixer_oss ath ieee1394 snd_pcm bitrev snd_timer cfg80211 crc32 snd snd_page_alloc button processor ac ehci_hcd joydev uhci_hcd sg battery thermal sr_mod cdrom applesmc evdev input_polldev unix [last unloaded: microcode] [ 4785.461296] Pid: 0, comm: swapper Tainted: G W 2.6.30-rc3-wl #112 [ 4785.461302] Call Trace: [ 4785.461316] [<c012590f>] warn_slowpath+0x76/0xa5 [ 4785.461331] [<c0219839>] ? debug_dma_unmap_page+0x5a/0x62 [ 4785.461357] [<f9982f88>] ath5k_tasklet_rx+0x2ff/0x577 [ath5k] [ 4785.461371] [<c01446f7>] ? trace_hardirqs_off+0xb/0xd [ 4785.461381] [<c0129928>] ? __tasklet_schedule+0x6e/0x7c [ 4785.461392] [<c0129b02>] tasklet_action+0x92/0xe5 [ 4785.461402] [<c0129f91>] __do_softirq+0xb1/0x182 [ 4785.461411] [<c012a092>] do_softirq+0x30/0x48 [ 4785.461428] [<c012a20a>] irq_exit+0x3d/0x74 [ 4785.461435] [<c035a0de>] do_IRQ+0x76/0x8c [ 4785.461440] [<c010312e>] common_interrupt+0x2e/0x34 [ 4785.461445] [<c014007b>] ? timer_list_show+0x1ab/0x939 [ 4785.461457] [<f85fd25c>] ? acpi_idle_enter_bm+0x27c/0x2b9 [processor] [ 4785.461463] [<c02d1ed6>] cpuidle_idle_call+0x6a/0x9c [ 4785.461468] [<c0101cc8>] cpu_idle+0x53/0x87 [ 4785.461473] [<c0346584>] rest_init+0x6c/0x6e [ 4785.461479] [<c04df74d>] start_kernel+0x286/0x28b [ 4785.461484] [<c04df037>] __init_begin+0x37/0x3c [ 4785.461487] ---[ end trace aaf8496ba3679dfb ]--- Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--drivers/net/wireless/ath5k/base.c22
1 files changed, 13 insertions, 9 deletions
diff --git a/drivers/net/wireless/ath5k/base.c b/drivers/net/wireless/ath5k/base.c
index a08bc8a4fb69..32df27a9c7a2 100644
--- a/drivers/net/wireless/ath5k/base.c
+++ b/drivers/net/wireless/ath5k/base.c
@@ -214,7 +214,7 @@ static struct pci_driver ath5k_pci_driver = {
214 * Prototypes - MAC 802.11 stack related functions 214 * Prototypes - MAC 802.11 stack related functions
215 */ 215 */
216static int ath5k_tx(struct ieee80211_hw *hw, struct sk_buff *skb); 216static int ath5k_tx(struct ieee80211_hw *hw, struct sk_buff *skb);
217static int ath5k_reset(struct ath5k_softc *sc, bool stop, bool change_channel); 217static int ath5k_reset(struct ath5k_softc *sc, struct ieee80211_channel *chan);
218static int ath5k_reset_wake(struct ath5k_softc *sc); 218static int ath5k_reset_wake(struct ath5k_softc *sc);
219static int ath5k_start(struct ieee80211_hw *hw); 219static int ath5k_start(struct ieee80211_hw *hw);
220static void ath5k_stop(struct ieee80211_hw *hw); 220static void ath5k_stop(struct ieee80211_hw *hw);
@@ -1038,16 +1038,13 @@ ath5k_chan_set(struct ath5k_softc *sc, struct ieee80211_channel *chan)
1038 if (chan->center_freq != sc->curchan->center_freq || 1038 if (chan->center_freq != sc->curchan->center_freq ||
1039 chan->hw_value != sc->curchan->hw_value) { 1039 chan->hw_value != sc->curchan->hw_value) {
1040 1040
1041 sc->curchan = chan;
1042 sc->curband = &sc->sbands[chan->band];
1043
1044 /* 1041 /*
1045 * To switch channels clear any pending DMA operations; 1042 * To switch channels clear any pending DMA operations;
1046 * wait long enough for the RX fifo to drain, reset the 1043 * wait long enough for the RX fifo to drain, reset the
1047 * hardware at the new frequency, and then re-enable 1044 * hardware at the new frequency, and then re-enable
1048 * the relevant bits of the h/w. 1045 * the relevant bits of the h/w.
1049 */ 1046 */
1050 return ath5k_reset(sc, true, true); 1047 return ath5k_reset(sc, chan);
1051 } 1048 }
1052 1049
1053 return 0; 1050 return 0;
@@ -2314,7 +2311,7 @@ ath5k_init(struct ath5k_softc *sc)
2314 sc->imask = AR5K_INT_RXOK | AR5K_INT_RXERR | AR5K_INT_RXEOL | 2311 sc->imask = AR5K_INT_RXOK | AR5K_INT_RXERR | AR5K_INT_RXEOL |
2315 AR5K_INT_RXORN | AR5K_INT_TXDESC | AR5K_INT_TXEOL | 2312 AR5K_INT_RXORN | AR5K_INT_TXDESC | AR5K_INT_TXEOL |
2316 AR5K_INT_FATAL | AR5K_INT_GLOBAL; 2313 AR5K_INT_FATAL | AR5K_INT_GLOBAL;
2317 ret = ath5k_reset(sc, false, false); 2314 ret = ath5k_reset(sc, NULL);
2318 if (ret) 2315 if (ret)
2319 goto done; 2316 goto done;
2320 2317
@@ -2599,18 +2596,25 @@ drop_packet:
2599 return NETDEV_TX_OK; 2596 return NETDEV_TX_OK;
2600} 2597}
2601 2598
2599/*
2600 * Reset the hardware. If chan is not NULL, then also pause rx/tx
2601 * and change to the given channel.
2602 */
2602static int 2603static int
2603ath5k_reset(struct ath5k_softc *sc, bool stop, bool change_channel) 2604ath5k_reset(struct ath5k_softc *sc, struct ieee80211_channel *chan)
2604{ 2605{
2605 struct ath5k_hw *ah = sc->ah; 2606 struct ath5k_hw *ah = sc->ah;
2606 int ret; 2607 int ret;
2607 2608
2608 ATH5K_DBG(sc, ATH5K_DEBUG_RESET, "resetting\n"); 2609 ATH5K_DBG(sc, ATH5K_DEBUG_RESET, "resetting\n");
2609 2610
2610 if (stop) { 2611 if (chan) {
2611 ath5k_hw_set_imr(ah, 0); 2612 ath5k_hw_set_imr(ah, 0);
2612 ath5k_txq_cleanup(sc); 2613 ath5k_txq_cleanup(sc);
2613 ath5k_rx_stop(sc); 2614 ath5k_rx_stop(sc);
2615
2616 sc->curchan = chan;
2617 sc->curband = &sc->sbands[chan->band];
2614 } 2618 }
2615 ret = ath5k_hw_reset(ah, sc->opmode, sc->curchan, true); 2619 ret = ath5k_hw_reset(ah, sc->opmode, sc->curchan, true);
2616 if (ret) { 2620 if (ret) {
@@ -2648,7 +2652,7 @@ ath5k_reset_wake(struct ath5k_softc *sc)
2648{ 2652{
2649 int ret; 2653 int ret;
2650 2654
2651 ret = ath5k_reset(sc, true, true); 2655 ret = ath5k_reset(sc, sc->curchan);
2652 if (!ret) 2656 if (!ret)
2653 ieee80211_wake_queues(sc->hw); 2657 ieee80211_wake_queues(sc->hw);
2654 2658