mac80211: Limit TID buffering during BA session setup/teardown
authorHelmut Schaa <helmut.schaa@googlemail.com>
Wed, 7 Mar 2012 16:20:30 +0000 (17:20 +0100)
committerJohn W. Linville <linville@tuxdriver.com>
Mon, 12 Mar 2012 18:19:35 +0000 (14:19 -0400)
While setting up or tearing down a BA session mac80211 is buffering
pending frames for the according TID. However, there's currently no
limit on how many frames are buffered possibly leading to an out-of-
memory situation. This can happen on systems with little memory when
the CPU is fully loaded since the BA session work is executed in
process context while frames can still come via softirq.

Apply a limitation to the TIDs pending queue to avoid consuming
too much memory in this situation.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
net/mac80211/tx.c

index 570737df2d2244e729c9c9928a902592ccc3d120..d9e791d2b54310a04b8effc8ecc2c0083b30c54a 100644 (file)
@@ -1065,6 +1065,7 @@ static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
 {
        bool queued = false;
        bool reset_agg_timer = false;
+       struct sk_buff *purge_skb = NULL;
 
        if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
                info->flags |= IEEE80211_TX_CTL_AMPDU;
@@ -1106,8 +1107,13 @@ static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
                        info->control.vif = &tx->sdata->vif;
                        info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
                        __skb_queue_tail(&tid_tx->pending, skb);
+                       if (skb_queue_len(&tid_tx->pending) > STA_MAX_TX_BUFFER)
+                               purge_skb = __skb_dequeue(&tid_tx->pending);
                }
                spin_unlock(&tx->sta->lock);
+
+               if (purge_skb)
+                       dev_kfree_skb(purge_skb);
        }
 
        /* reset session timer */