www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Emmanuel Grumbach <emmanuel.grumbach@intel.com>
	Sun, 27 Nov 2011 13:29:44 +0000 (15:29 +0200)
committer	Maxim Uvarov <maxim.uvarov@oracle.com>
	Fri, 16 Dec 2011 01:14:26 +0000 (17:14 -0800)
commit	2dc033c35773e732491d98c570ab976c04f22b26
tree	5c73065522083167228bbf4e86405dcc4c93de1b	tree
parent	4fb51035bd255771c587c529f6bc25a716edd582	commit \| diff

mac80211: fix race between the AGG SM and the Tx data path

commit 2a1e0fd175dcfd72096ba9291d31e3b1b5342e60 upstream.

When a packet is supposed to sent be as an a-MPDU, mac80211 sets
IEEE80211_TX_CTL_AMPDU to let the driver know. On the other
hand, mac80211 configures the driver for aggregration with the
ampdu_action callback.
There is race between these two mechanisms since the following
scenario can occur when the BA agreement is torn down:

Tx softIRQ drv configuration
========== =================

check OPERATIONAL bit
Set the TX_CTL_AMPDU bit in the packet

clear OPERATIONAL bit
stop Tx AGG
Pass Tx packet to the driver.

In that case the driver would get a packet with TX_CTL_AMPDU set
although it has already been notified that the BA session has been
torn down.

To fix this, we need to synchronize all the Qdisc activity after we
cleared the OPERATIONAL bit. After that step, all the following
packets will be buffered until the driver reports it is ready to get
new packets for this RA / TID. This buffering allows not to run into
another race that would send packets with TX_CTL_AMPDU unset while
the driver hasn't been requested to tear down the BA session yet.

This race occurs in practice and iwlwifi complains with a WARN_ON
when it happens.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>