Hi John, This should fix the majority of the "invalid hw_rix" warnings, the other race I wrote about can be closed by making ath5k_stop_rx drain the rx queue but that's enough churn to be a separate patch. Stable/2.6.30 candidate? From: Bob Copeland <me@xxxxxxxxxxxxxxx> Date: Thu, 7 May 2009 08:09:08 -0400 Subject: [PATCH] ath5k: update channel in sw state after stopping RX and TX This fixes a non-theoretical race condition when transmitting and receiving frames during a scan. If the channel or operating band changes while processing status descriptors in the tasklets, ath5k will incorrectly use the new channel and band when reporting the rates, even if the frame was actually sent on a previous channel. Typically this will manifest as a beacon found on an incorrect frequency and/or a warning in the driver while scanning: [ 4773.891944] cfg80211: Found new beacon on frequency: 5805 MHz (Ch 161) on phy0 [ 4785.461125] ------------[ cut here ]------------ [ 4785.461135] WARNING: at drivers/net/wireless/ath/ath5k/base.c:1141 ath5k_tasklet_rx+0x2ff/0x577 [ath5k]() [ 4785.461143] Hardware name: MacBook1,1 [ 4785.461148] invalid hw_rix: 1b [ 4785.461152] Modules linked in: fuse i915 drm af_packet acpi_cpufreq binfmt_misc dm_mirror dm_region_hash dm_log dm_multipath dm_mod arc4 ecb snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_seq_dummy snd_seq_oss snd_seq_midi_event ath5k snd_seq hid_apple usbhid snd_seq_device mac80211 appletouch snd_pcm_oss sky2 ohci1394 snd_mixer_oss ath ieee1394 snd_pcm bitrev snd_timer cfg80211 crc32 snd snd_page_alloc button processor ac ehci_hcd joydev uhci_hcd sg battery thermal sr_mod cdrom applesmc evdev input_polldev unix [last unloaded: microcode] [ 4785.461296] Pid: 0, comm: swapper Tainted: G W 2.6.30-rc3-wl #112 [ 4785.461302] Call Trace: [ 4785.461316] [<c012590f>] warn_slowpath+0x76/0xa5 [ 4785.461331] [<c0219839>] ? debug_dma_unmap_page+0x5a/0x62 [ 4785.461357] [<f9982f88>] ath5k_tasklet_rx+0x2ff/0x577 [ath5k] [ 4785.461371] [<c01446f7>] ? trace_hardirqs_off+0xb/0xd [ 4785.461381] [<c0129928>] ? __tasklet_schedule+0x6e/0x7c [ 4785.461392] [<c0129b02>] tasklet_action+0x92/0xe5 [ 4785.461402] [<c0129f91>] __do_softirq+0xb1/0x182 [ 4785.461411] [<c012a092>] do_softirq+0x30/0x48 [ 4785.461428] [<c012a20a>] irq_exit+0x3d/0x74 [ 4785.461435] [<c035a0de>] do_IRQ+0x76/0x8c [ 4785.461440] [<c010312e>] common_interrupt+0x2e/0x34 [ 4785.461445] [<c014007b>] ? timer_list_show+0x1ab/0x939 [ 4785.461457] [<f85fd25c>] ? acpi_idle_enter_bm+0x27c/0x2b9 [processor] [ 4785.461463] [<c02d1ed6>] cpuidle_idle_call+0x6a/0x9c [ 4785.461468] [<c0101cc8>] cpu_idle+0x53/0x87 [ 4785.461473] [<c0346584>] rest_init+0x6c/0x6e [ 4785.461479] [<c04df74d>] start_kernel+0x286/0x28b [ 4785.461484] [<c04df037>] __init_begin+0x37/0x3c [ 4785.461487] ---[ end trace aaf8496ba3679dfb ]--- Signed-off-by: Bob Copeland <me@xxxxxxxxxxxxxxx> --- drivers/net/wireless/ath/ath5k/base.c | 22 +++++++++++++--------- 1 files changed, 13 insertions(+), 9 deletions(-) diff --git a/drivers/net/wireless/ath/ath5k/base.c b/drivers/net/wireless/ath/ath5k/base.c index 6789c5d..dbfe9f4 100644 --- a/drivers/net/wireless/ath/ath5k/base.c +++ b/drivers/net/wireless/ath/ath5k/base.c @@ -218,7 +218,7 @@ static struct pci_driver ath5k_pci_driver = { * Prototypes - MAC 802.11 stack related functions */ static int ath5k_tx(struct ieee80211_hw *hw, struct sk_buff *skb); -static int ath5k_reset(struct ath5k_softc *sc, bool stop, bool change_channel); +static int ath5k_reset(struct ath5k_softc *sc, struct ieee80211_channel *chan); static int ath5k_reset_wake(struct ath5k_softc *sc); static int ath5k_start(struct ieee80211_hw *hw); static void ath5k_stop(struct ieee80211_hw *hw); @@ -1076,16 +1076,13 @@ ath5k_chan_set(struct ath5k_softc *sc, struct ieee80211_channel *chan) if (chan->center_freq != sc->curchan->center_freq || chan->hw_value != sc->curchan->hw_value) { - sc->curchan = chan; - sc->curband = &sc->sbands[chan->band]; - /* * To switch channels clear any pending DMA operations; * wait long enough for the RX fifo to drain, reset the * hardware at the new frequency, and then re-enable * the relevant bits of the h/w. */ - return ath5k_reset(sc, true, true); + return ath5k_reset(sc, chan); } return 0; @@ -2350,7 +2347,7 @@ ath5k_init(struct ath5k_softc *sc) sc->imask = AR5K_INT_RXOK | AR5K_INT_RXERR | AR5K_INT_RXEOL | AR5K_INT_RXORN | AR5K_INT_TXDESC | AR5K_INT_TXEOL | AR5K_INT_FATAL | AR5K_INT_GLOBAL; - ret = ath5k_reset(sc, false, false); + ret = ath5k_reset(sc, NULL); if (ret) goto done; @@ -2635,18 +2632,25 @@ drop_packet: return NETDEV_TX_OK; } +/* + * Reset the hardware. If chan is not NULL, then also pause rx/tx + * and change to the given channel. + */ static int -ath5k_reset(struct ath5k_softc *sc, bool stop, bool change_channel) +ath5k_reset(struct ath5k_softc *sc, struct ieee80211_channel *chan) { struct ath5k_hw *ah = sc->ah; int ret; ATH5K_DBG(sc, ATH5K_DEBUG_RESET, "resetting\n"); - if (stop) { + if (chan) { ath5k_hw_set_imr(ah, 0); ath5k_txq_cleanup(sc); ath5k_rx_stop(sc); + + sc->curchan = chan; + sc->curband = &sc->sbands[chan->band]; } ret = ath5k_hw_reset(ah, sc->opmode, sc->curchan, true); if (ret) { @@ -2684,7 +2688,7 @@ ath5k_reset_wake(struct ath5k_softc *sc) { int ret; - ret = ath5k_reset(sc, true, true); + ret = ath5k_reset(sc, sc->curchan); if (!ret) ieee80211_wake_queues(sc->hw); -- 1.6.0.6 -- Bob Copeland %% www.bobcopeland.com -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html