On Sun, 2011-11-27 at 15:29 +0200, Emmanuel Grumbach wrote: > When a packet is supposed to sent be as an a-MPDU, mac80211 sets > IEEE80211_TX_CTL_AMPDU to let the driver know. On the other > hand, mac80211 configures the driver for aggregration with the > ampdu_action callback. > There is race between these two mechanisms since the following > scenario can occur when the BA agreement is torn down: > > Tx softIRQ drv configuration > ========== ================= > > check OPERATIONAL bit > Set the TX_CTL_AMPDU bit in the packet > > clear OPERATIONAL bit > stop Tx AGG > Pass Tx packet to the driver. > > In that case the driver would get a packet with TX_CTL_AMPDU set > although it has already been notified that the BA session has been > torn down. > > To fix this, we need to synchronize all the Qdisc activity after we > cleared the OPERATIONAL bit. After that step, all the following > packets will be buffered until the driver reports it is ready to get > new packets for this RA / TID. This buffering allows not to run into > another race that would send packets with TX_CTL_AMPDU unset while > the driver hasn't been requested to tear down the BA session yet. > > This race occurs in practice and iwlwifi complains with a WARN_ON > when it happens. > > Cc: stable@xxxxxxxxxx > Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Reviewed-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx> johannes -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
