• Johannes Berg's avatar
    mac80211: fix another race in aggregation start · 15062e6a
    Johannes Berg authored
    Emmanuel noticed that when mac80211 stops the queues
    for aggregation that can leave a packet pending. This
    packet will be given to the driver after the AMPDU
    callback, but as a non-aggregated packet which messes
    up the sequence number etc.
    
    I also noticed by looking at the code that if packets
    are being processed while we clear the WANT_START bit,
    they might see it cleared already and queue up on
    tid_tx->pending. If the driver then rejects the new
    aggregation session we leak the packet.
    
    Fix both of these issues by changing this code to not
    stop the queues at all. Instead, let packets queue up
    on the tid_tx->pending queue instead of letting them
    get to the driver, and add code to recover properly
    in case the driver rejects the session.
    
    (The patch looks large because it has to move two
    functions to before their new use.)
    
    Cc: stable@vger.kernel.org
    Reported-by: default avatarEmmanuel Grumbach <emmanuel.grumbach@intel.com>
    Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
    Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    15062e6a
agg-tx.c 23.5 KB