diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 54960b83db79b1608abc8d23b2f60892e649f7fc..4df39eb9115f3b4fa0eb54da5a030b4b95acf842 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -986,8 +986,10 @@ enum ieee80211_ampdu_mlme_action { * @tx: Handler that 802.11 module calls for each transmitted frame. * skb contains the buffer starting from the IEEE 802.11 header. * The low-level driver should send the frame out based on - * configuration in the TX control data. Must be implemented and - * atomic. + * configuration in the TX control data. This handler should, + * preferably, never fail and stop queues appropriately, more + * importantly, however, it must never fail for A-MPDU-queues. + * Must be implemented and atomic. * * @start: Called before the first netdevice attached to the hardware * is enabled. This should turn on the hardware and must turn on diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 79a65b3ee02b061db7d99000d22f83648092c3fa..86a861251e8cabaab9181a0011f4e1cbc1320949 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -595,7 +595,7 @@ struct ieee80211_local { struct timer_list sta_cleanup; unsigned long state[IEEE80211_MAX_QUEUES + IEEE80211_MAX_AMPDU_QUEUES]; - struct ieee80211_tx_stored_packet pending_packet[IEEE80211_MAX_QUEUES + IEEE80211_MAX_AMPDU_QUEUES]; + struct ieee80211_tx_stored_packet pending_packet[IEEE80211_MAX_QUEUES]; struct tasklet_struct tx_pending_tasklet; /* number of interfaces with corresponding IFF_ flags */ diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index ac9a4af7ad42dc1ee0d01b92e514c965ae726d5e..6268bbca148e9946c9ab8401108025dbefd3572d 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -673,6 +673,16 @@ ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx) if (!(tx->flags & IEEE80211_TX_FRAGMENTED)) return TX_CONTINUE; + /* + * Warn when submitting a fragmented A-MPDU frame and drop it. + * This is an error and needs to be fixed elsewhere, but when + * done needs to take care of monitor interfaces (injection) + * etc. + */ + if (WARN_ON(tx->flags & IEEE80211_TX_CTL_AMPDU || + IEEE80211_SKB_CB(tx->skb)->queue >= tx->local->hw.queues)) + return TX_DROP; + first = tx->skb; hdrlen = ieee80211_get_hdrlen(tx->fc); @@ -1216,8 +1226,17 @@ static int ieee80211_tx(struct net_device *dev, struct sk_buff *skb) retry: ret = __ieee80211_tx(local, skb, &tx); if (ret) { - struct ieee80211_tx_stored_packet *store = - &local->pending_packet[info->queue]; + struct ieee80211_tx_stored_packet *store; + + /* + * Since there are no fragmented frames on A-MPDU + * queues, there's no reason for a driver to reject + * a frame there, warn and drop it. + */ + if (WARN_ON(queue >= local->hw.queues)) + goto drop; + + store = &local->pending_packet[queue]; if (ret == IEEE80211_TX_FRAG_AGAIN) skb = NULL;