aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--drivers/net/wireless/p54/p54common.c46
1 files changed, 27 insertions, 19 deletions
diff --git a/drivers/net/wireless/p54/p54common.c b/drivers/net/wireless/p54/p54common.c
index b618bd14583f..48d81d98e12d 100644
--- a/drivers/net/wireless/p54/p54common.c
+++ b/drivers/net/wireless/p54/p54common.c
@@ -823,30 +823,30 @@ void p54_free_skb(struct ieee80211_hw *dev, struct sk_buff *skb)
823 struct p54_tx_info *range; 823 struct p54_tx_info *range;
824 unsigned long flags; 824 unsigned long flags;
825 825
826 if (unlikely(!skb || !dev || skb_queue_empty(&priv->tx_queue))) 826 if (unlikely(!skb || !dev || !skb_queue_len(&priv->tx_queue)))
827 return; 827 return;
828 828
829 /* There used to be a check here to see if the SKB was on the 829 /*
830 * TX queue or not. This can never happen because all SKBs we 830 * don't try to free an already unlinked skb
831 * see here successfully went through p54_assign_address()
832 * which means the SKB is on the ->tx_queue.
833 */ 831 */
832 if (unlikely((!skb->next) || (!skb->prev)))
833 return;
834 834
835 spin_lock_irqsave(&priv->tx_queue.lock, flags); 835 spin_lock_irqsave(&priv->tx_queue.lock, flags);
836 info = IEEE80211_SKB_CB(skb); 836 info = IEEE80211_SKB_CB(skb);
837 range = (void *)info->rate_driver_data; 837 range = (void *)info->rate_driver_data;
838 if (!skb_queue_is_first(&priv->tx_queue, skb)) { 838 if (skb->prev != (struct sk_buff *)&priv->tx_queue) {
839 struct ieee80211_tx_info *ni; 839 struct ieee80211_tx_info *ni;
840 struct p54_tx_info *mr; 840 struct p54_tx_info *mr;
841 841
842 ni = IEEE80211_SKB_CB(skb_queue_prev(&priv->tx_queue, skb)); 842 ni = IEEE80211_SKB_CB(skb->prev);
843 mr = (struct p54_tx_info *)ni->rate_driver_data; 843 mr = (struct p54_tx_info *)ni->rate_driver_data;
844 } 844 }
845 if (!skb_queue_is_last(&priv->tx_queue, skb)) { 845 if (skb->next != (struct sk_buff *)&priv->tx_queue) {
846 struct ieee80211_tx_info *ni; 846 struct ieee80211_tx_info *ni;
847 struct p54_tx_info *mr; 847 struct p54_tx_info *mr;
848 848
849 ni = IEEE80211_SKB_CB(skb_queue_next(&priv->tx_queue, skb)); 849 ni = IEEE80211_SKB_CB(skb->next);
850 mr = (struct p54_tx_info *)ni->rate_driver_data; 850 mr = (struct p54_tx_info *)ni->rate_driver_data;
851 } 851 }
852 __skb_unlink(skb, &priv->tx_queue); 852 __skb_unlink(skb, &priv->tx_queue);
@@ -864,13 +864,15 @@ static struct sk_buff *p54_find_tx_entry(struct ieee80211_hw *dev,
864 unsigned long flags; 864 unsigned long flags;
865 865
866 spin_lock_irqsave(&priv->tx_queue.lock, flags); 866 spin_lock_irqsave(&priv->tx_queue.lock, flags);
867 skb_queue_walk(&priv->tx_queue, entry) { 867 entry = priv->tx_queue.next;
868 while (entry != (struct sk_buff *)&priv->tx_queue) {
868 struct p54_hdr *hdr = (struct p54_hdr *) entry->data; 869 struct p54_hdr *hdr = (struct p54_hdr *) entry->data;
869 870
870 if (hdr->req_id == req_id) { 871 if (hdr->req_id == req_id) {
871 spin_unlock_irqrestore(&priv->tx_queue.lock, flags); 872 spin_unlock_irqrestore(&priv->tx_queue.lock, flags);
872 return entry; 873 return entry;
873 } 874 }
875 entry = entry->next;
874 } 876 }
875 spin_unlock_irqrestore(&priv->tx_queue.lock, flags); 877 spin_unlock_irqrestore(&priv->tx_queue.lock, flags);
876 return NULL; 878 return NULL;
@@ -888,22 +890,24 @@ static void p54_rx_frame_sent(struct ieee80211_hw *dev, struct sk_buff *skb)
888 int count, idx; 890 int count, idx;
889 891
890 spin_lock_irqsave(&priv->tx_queue.lock, flags); 892 spin_lock_irqsave(&priv->tx_queue.lock, flags);
891 skb_queue_walk(&priv->tx_queue, entry) { 893 entry = (struct sk_buff *) priv->tx_queue.next;
894 while (entry != (struct sk_buff *)&priv->tx_queue) {
892 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(entry); 895 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(entry);
893 struct p54_hdr *entry_hdr; 896 struct p54_hdr *entry_hdr;
894 struct p54_tx_data *entry_data; 897 struct p54_tx_data *entry_data;
895 unsigned int pad = 0, frame_len; 898 unsigned int pad = 0, frame_len;
896 899
897 range = (void *)info->rate_driver_data; 900 range = (void *)info->rate_driver_data;
898 if (range->start_addr != addr) 901 if (range->start_addr != addr) {
902 entry = entry->next;
899 continue; 903 continue;
904 }
900 905
901 if (!skb_queue_is_last(&priv->tx_queue, entry)) { 906 if (entry->next != (struct sk_buff *)&priv->tx_queue) {
902 struct ieee80211_tx_info *ni; 907 struct ieee80211_tx_info *ni;
903 struct p54_tx_info *mr; 908 struct p54_tx_info *mr;
904 909
905 ni = IEEE80211_SKB_CB(skb_queue_next(&priv->tx_queue, 910 ni = IEEE80211_SKB_CB(entry->next);
906 entry));
907 mr = (struct p54_tx_info *)ni->rate_driver_data; 911 mr = (struct p54_tx_info *)ni->rate_driver_data;
908 } 912 }
909 913
@@ -1164,21 +1168,23 @@ static int p54_assign_address(struct ieee80211_hw *dev, struct sk_buff *skb,
1164 } 1168 }
1165 } 1169 }
1166 1170
1167 skb_queue_walk(&priv->tx_queue, entry) { 1171 entry = priv->tx_queue.next;
1172 while (left--) {
1168 u32 hole_size; 1173 u32 hole_size;
1169 info = IEEE80211_SKB_CB(entry); 1174 info = IEEE80211_SKB_CB(entry);
1170 range = (void *)info->rate_driver_data; 1175 range = (void *)info->rate_driver_data;
1171 hole_size = range->start_addr - last_addr; 1176 hole_size = range->start_addr - last_addr;
1172 if (!target_skb && hole_size >= len) { 1177 if (!target_skb && hole_size >= len) {
1173 target_skb = skb_queue_prev(&priv->tx_queue, entry); 1178 target_skb = entry->prev;
1174 hole_size -= len; 1179 hole_size -= len;
1175 target_addr = last_addr; 1180 target_addr = last_addr;
1176 } 1181 }
1177 largest_hole = max(largest_hole, hole_size); 1182 largest_hole = max(largest_hole, hole_size);
1178 last_addr = range->end_addr; 1183 last_addr = range->end_addr;
1184 entry = entry->next;
1179 } 1185 }
1180 if (!target_skb && priv->rx_end - last_addr >= len) { 1186 if (!target_skb && priv->rx_end - last_addr >= len) {
1181 target_skb = skb_peek_tail(&priv->tx_queue); 1187 target_skb = priv->tx_queue.prev;
1182 largest_hole = max(largest_hole, priv->rx_end - last_addr - len); 1188 largest_hole = max(largest_hole, priv->rx_end - last_addr - len);
1183 if (!skb_queue_empty(&priv->tx_queue)) { 1189 if (!skb_queue_empty(&priv->tx_queue)) {
1184 info = IEEE80211_SKB_CB(target_skb); 1190 info = IEEE80211_SKB_CB(target_skb);
@@ -2084,6 +2090,7 @@ out:
2084static void p54_stop(struct ieee80211_hw *dev) 2090static void p54_stop(struct ieee80211_hw *dev)
2085{ 2091{
2086 struct p54_common *priv = dev->priv; 2092 struct p54_common *priv = dev->priv;
2093 struct sk_buff *skb;
2087 2094
2088 mutex_lock(&priv->conf_mutex); 2095 mutex_lock(&priv->conf_mutex);
2089 priv->mode = NL80211_IFTYPE_UNSPECIFIED; 2096 priv->mode = NL80211_IFTYPE_UNSPECIFIED;
@@ -2098,7 +2105,8 @@ static void p54_stop(struct ieee80211_hw *dev)
2098 p54_tx_cancel(dev, priv->cached_beacon); 2105 p54_tx_cancel(dev, priv->cached_beacon);
2099 2106
2100 priv->stop(dev); 2107 priv->stop(dev);
2101 skb_queue_purge(&priv->tx_queue); 2108 while ((skb = skb_dequeue(&priv->tx_queue)))
2109 kfree_skb(skb);
2102 priv->cached_beacon = NULL; 2110 priv->cached_beacon = NULL;
2103 priv->tsf_high32 = priv->tsf_low32 = 0; 2111 priv->tsf_high32 = priv->tsf_low32 = 0;
2104 mutex_unlock(&priv->conf_mutex); 2112 mutex_unlock(&priv->conf_mutex);