[057/119] b43: Work around mac80211 race condition

From: Greg KH
Date: Sun Dec 06 2009 - 19:24:31 EST

Next message: Greg KH: "[065/119] V4L/DVB (12356): gspca - sonixj: Webcam 0c45:6148 added"
Previous message: Greg KH: "[067/119] V4L/DVB (12691): gspca - sonixj: Dont use mdelay()."
In reply to: Greg KH: "[067/119] V4L/DVB (12691): gspca - sonixj: Dont use mdelay()."
Next in thread: Greg KH: "[065/119] V4L/DVB (12356): gspca - sonixj: Webcam 0c45:6148 added"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2.6.31-stable review patch. If anyone has any objections, please let us know.

------------------
From: Larry Finger <Larry.Finger@xxxxxxxxxxxx>

commit 18c6951091eca7645005a71b556106cc99a6f4b1 upstream.

As shown in http://thread.gmane.org/gmane.linux.kernel.wireless.general/36497,
mac80211 has a bug that allows a call to the TX routine after the queues have
been stopped. This situation will only occur under extreme stress. Although
b43 does not crash when this condition occurs, it does generate a WARN_ON and
also logs a queue overrun message. This patch recognizes b43 is not at fault
and logs a message only when the most verbose debugging mode is enabled. In
the unlikely event that the queue is not stopped when the DMA queue becomes
full, then a warning is issued.

During testing of this patch with one output stream running repeated tcpperf
writes and a second running a flood ping, this routine was entered with
the DMA ring stopped about once per hour. The condition where the DMA queue is
full but the ring has not been stopped has never been seen by me.

Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
Cc: Michael Buesch <mb@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
drivers/net/wireless/b43/dma.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)

--- a/drivers/net/wireless/b43/dma.c
+++ b/drivers/net/wireless/b43/dma.c
@@ -1334,13 +1334,22 @@ int b43_dma_tx(struct b43_wldev *dev, st
spin_lock_irqsave(&ring->lock, flags);

B43_WARN_ON(!ring->tx);
- /* Check if the queue was stopped in mac80211,
- * but we got called nevertheless.
- * That would be a mac80211 bug. */
- B43_WARN_ON(ring->stopped);

- if (unlikely(free_slots(ring) < TX_SLOTS_PER_FRAME)) {
- b43warn(dev->wl, "DMA queue overflow\n");
+ if (unlikely(ring->stopped)) {
+ /* We get here only because of a bug in mac80211.
+ * Because of a race, one packet may be queued after
+ * the queue is stopped, thus we got called when we shouldn't.
+ * For now, just refuse the transmit. */
+ if (b43_debug(dev, B43_DBG_DMAVERBOSE))
+ b43err(dev->wl, "Packet after queue stopped\n");
+ err = -ENOSPC;
+ goto out_unlock;
+ }
+
+ if (unlikely(WARN_ON(free_slots(ring) < TX_SLOTS_PER_FRAME))) {
+ /* If we get here, we have a real error with the queue
+ * full, but queues not stopped. */
+ b43err(dev->wl, "DMA queue overflow\n");
err = -ENOSPC;
goto out_unlock;
}

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[065/119] V4L/DVB (12356): gspca - sonixj: Webcam 0c45:6148 added"
Previous message: Greg KH: "[067/119] V4L/DVB (12691): gspca - sonixj: Dont use mdelay()."
In reply to: Greg KH: "[067/119] V4L/DVB (12691): gspca - sonixj: Dont use mdelay()."
Next in thread: Greg KH: "[065/119] V4L/DVB (12356): gspca - sonixj: Webcam 0c45:6148 added"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]