From: Helmut Schaa Date: Thu, 11 Aug 2011 14:17:42 +0000 (+0200) Subject: mac80211: Tear down BA session on BAR tx failure X-Git-Tag: MMI-PSA29.97-13-9~18194^2~254^2~302 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=e69deded2bc29e6dd176089252a11b1854012c76;p=GitHub%2FMotorolaMobilityLLC%2Fkernel-slsi.git mac80211: Tear down BA session on BAR tx failure As described at [1] some STAs (i.e. Intel 5100 Windows) can end up correctly BlockAcking incoming frames without delivering them to user space if a AMPDU subframe got lost and we don't flush the receipients reorder buffer with a BlockAckReq. This in turn results in stuck connections. According to 802.11n-2009 it is not necessary to send a BAR to flush the recepients RX reorder buffer but we still do that to be polite. However, assume the following frame exchange: AP -> STA, AMPDU (failed) AP -> STA, BAR (failed) The client in question then ends up in the same situation and won't deliver frames to userspace anymore since we weren't able to flush its reorder buffer. This is not a hypothetical situation but I was able to observe this exact behavior during a stress test between a rt2800pci AP and a Intel 5100 Windows client. In order to work around this issue just tear down the BA session as soon as a BAR failed to be TX'ed. [1] http://comments.gmane.org/gmane.linux.kernel.wireless.general/66867 Signed-off-by: Helmut Schaa Signed-off-by: John W. Linville --- diff --git a/net/mac80211/status.c b/net/mac80211/status.c index a89cca3491b4..e51bd2a1a073 100644 --- a/net/mac80211/status.c +++ b/net/mac80211/status.c @@ -187,6 +187,8 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb) int rates_idx = -1; bool send_to_cooked; bool acked; + struct ieee80211_bar *bar; + u16 tid; for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) { if (info->status.rates[i].idx < 0) { @@ -243,6 +245,22 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb) tid, ssn); } + if (!acked && ieee80211_is_back_req(fc)) { + /* + * BAR failed, let's tear down the BA session as a + * last resort as some STAs (Intel 5100 on Windows) + * can get stuck when the BA window isn't flushed + * correctly. + */ + bar = (struct ieee80211_bar *) skb->data; + if (!(bar->control & IEEE80211_BAR_CTRL_MULTI_TID)) { + tid = (bar->control & + IEEE80211_BAR_CTRL_TID_INFO_MASK) >> + IEEE80211_BAR_CTRL_TID_INFO_SHIFT; + ieee80211_stop_tx_ba_session(&sta->sta, tid); + } + } + if (info->flags & IEEE80211_TX_STAT_TX_FILTERED) { ieee80211_handle_filtered_frame(local, sta, skb); rcu_read_unlock();