PERFORCE change 135389 for review

Sam Leffler sam at FreeBSD.org
Thu Feb 14 09:29:14 PST 2008 

http://perforce.freebsd.org/chv.cgi?CH=135389

Change 135389 by sam at sam_ebb on 2008/02/14 17:28:58

	o fix mbuf leak: some clients send ADDBA to reset a BA stream
	  so we cannot blindly zero the state block, use
	  IEEE80211_AGGR_RUNNING to mark if we've been running and purge
	  the reorder buffer
	o while here add an assert to codify an obscure assumption

Affected files ...

.. //depot/projects/vap/sys/net80211/ieee80211_ht.c#15 edit

Differences ...

==== //depot/projects/vap/sys/net80211/ieee80211_ht.c#15 (text+ko) ====

@@ -283,19 +283,6 @@
 }
 
 /*
- * Start A-MPDU rx/re-order processing for the specified TID.
- */
-static void
-ampdu_rx_start(struct ieee80211_rx_ampdu *rap, int bufsiz, int start)
-{
-	memset(rap, 0, sizeof(*rap));
-	rap->rxa_wnd = (bufsiz == 0) ?
-	    IEEE80211_AGGR_BAWMAX : min(bufsiz, IEEE80211_AGGR_BAWMAX);
-	rap->rxa_start = start;
-	rap->rxa_flags |= IEEE80211_AGGR_XCHGPEND;
-}
-
-/*
  * Purge all frames in the A-MPDU re-order queue.
  */
 static void
@@ -320,13 +307,33 @@
 }
 
 /*
+ * Start A-MPDU rx/re-order processing for the specified TID.
+ */
+static void
+ampdu_rx_start(struct ieee80211_rx_ampdu *rap, int bufsiz, int start)
+{
+	if (rap->rxa_flags & IEEE80211_AGGR_RUNNING) {
+		/*
+		 * AMPDU previously setup and not terminated with a DELBA,
+		 * flush the reorder q's in case anything remains.
+		 */
+		ampdu_rx_purge(rap);
+	}
+	memset(rap, 0, sizeof(*rap));
+	rap->rxa_wnd = (bufsiz == 0) ?
+	    IEEE80211_AGGR_BAWMAX : min(bufsiz, IEEE80211_AGGR_BAWMAX);
+	rap->rxa_start = start;
+	rap->rxa_flags |=  IEEE80211_AGGR_RUNNING | IEEE80211_AGGR_XCHGPEND;
+}
+
+/*
  * Stop A-MPDU rx processing for the specified TID.
  */
 static void
 ampdu_rx_stop(struct ieee80211_rx_ampdu *rap)
 {
-	rap->rxa_flags &= ~IEEE80211_AGGR_XCHGPEND;
 	ampdu_rx_purge(rap);
+	rap->rxa_flags &= ~(IEEE80211_AGGR_RUNNING | IEEE80211_AGGR_XCHGPEND);
 }
 
 /*
@@ -464,6 +471,10 @@
 	 */
 	if (rap->rxa_qframes != 0) {
 		int n = rap->rxa_qframes, j;
+
+		/* NB: this loop assumes i > 0 and/or rxa_m[0] is NULL */
+		KASSERT(rap->rxa_m[0] == NULL,
+		    ("%s: BA window slot 0 occupied", __func__));
 		for (j = i+1; j < rap->rxa_wnd; j++) {
 			if (rap->rxa_m[j] != NULL) {
 				rap->rxa_m[j-i] = rap->rxa_m[j];

More information about the p4-projects mailing list