Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 231c3a1f authored by Felix Fietkau's avatar Felix Fietkau Committed by John W. Linville
Browse files

ath9k: fix an aggregation start related race condition 



A new aggregation session start can be issued by mac80211, even when the
cleanup of the previous session has not completed yet. Since the data structure
for the session is not recreated, this could corrupt the block ack window
and lock up the aggregation session. Fix this by delaying the new session
until the old one has been cleaned up.

Signed-off-by: default avatarFelix Fietkau <nbd@openwrt.org>
Cc: stable@kernel.org
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 81ee13ba

drivers/net/wireless/ath/ath9k/ath9k.h

+2 −2
Original line number Diff line number Diff line
@@ -346,7 +346,7 @@ void ath_tx_tasklet(struct ath_softc *sc); 
void ath_tx_edma_tasklet(struct ath_softc *sc);

void ath_tx_cabq(struct ieee80211_hw *hw, struct sk_buff *skb);

bool ath_tx_aggr_check(struct ath_softc *sc, struct ath_node *an, u8 tidno);

void ath_tx_aggr_start(struct ath_softc *sc, struct ieee80211_sta *sta,

int ath_tx_aggr_start(struct ath_softc *sc, struct ieee80211_sta *sta,

		      u16 tid, u16 *ssn);

void ath_tx_aggr_stop(struct ath_softc *sc, struct ieee80211_sta *sta, u16 tid);

void ath_tx_aggr_resume(struct ath_softc *sc, struct ieee80211_sta *sta, u16 tid);

drivers/net/wireless/ath/ath9k/main.c

+3 −2
Original line number Diff line number Diff line
@@ -1970,7 +1970,8 @@ static int ath9k_ampdu_action(struct ieee80211_hw *hw, 
		break;

	case IEEE80211_AMPDU_TX_START:

		ath9k_ps_wakeup(sc);

		ath_tx_aggr_start(sc, sta, tid, ssn);

		ret = ath_tx_aggr_start(sc, sta, tid, ssn);

		if (!ret)

			ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid);

		ath9k_ps_restore(sc);

		break;

drivers/net/wireless/ath/ath9k/xmit.c

+8 −2
Original line number Diff line number Diff line
@@ -783,7 +783,7 @@ static void ath_tx_sched_aggr(struct ath_softc *sc, struct ath_txq *txq, 
		 status != ATH_AGGR_BAW_CLOSED);

}



void ath_tx_aggr_start(struct ath_softc *sc, struct ieee80211_sta *sta,

int ath_tx_aggr_start(struct ath_softc *sc, struct ieee80211_sta *sta,

		      u16 tid, u16 *ssn)

{

	struct ath_atx_tid *txtid;
@@ -791,9 +791,15 @@ void ath_tx_aggr_start(struct ath_softc *sc, struct ieee80211_sta *sta, 


	an = (struct ath_node *)sta->drv_priv;

	txtid = ATH_AN_2_TID(an, tid);



	if (txtid->state & (AGGR_CLEANUP | AGGR_ADDBA_COMPLETE))

		return -EAGAIN;



	txtid->state |= AGGR_ADDBA_PROGRESS;

	txtid->paused = true;

	*ssn = txtid->seq_start;



	return 0;

}



void ath_tx_aggr_stop(struct ath_softc *sc, struct ieee80211_sta *sta, u16 tid)