> > > > I dont see any point in NULLing out bf->bf_mpdu. bf is > > reclaimed onto a free tx buf pool as soon as it is done > > with the skb. bf_mpdu of any of the bf's is never accessed > > without any initialization (bf_ampdu = skb). > > The code can use skb after its deleted currently, because > ath_debug_stat_tx(sc, txq, bf, ts); references the bf_ampdu > object (I think I added that reference lately..so it's really > a bug that I caused). At the least, we should move the ath_debug_stat_tx > logic before the ath_tx_complete() call. Yes, this is a serious issue irrespective of initializing bf_mpdu to NULL. > > As for the paprd path, it looks racy to me: What if the paprd timer > expires while the ath_tx_complete_buf logic is running? That is the goal here, if we timed out on paprd training , ath_tx_complete_buf() has to free the skb. At least I dont see any race here, can you elaborate on your finding?, remember ath_tx_complete_buf() is in tasklet context. Vasanth -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
