Commit eefce91a authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville
mac80211: dont allow fragmentation and requeuing on A-MPDU queues

There really is no reason for a driver to reject a frame on
an A-MPDU queue when it can stop that queue for any period
of time and is given frames one by one. Hence, disallow it
with a big warning and reduce mac80211-internal state.

Also add a warning when we try to fragment a frame destined
for an A-MPDU queue and drop it, the actual bug needs to be
fixed elsewhere but I'm not exactly sure how to yet.

Signed-off-by: default avatarJohannes Berg <>
Cc: Ron Rindjunsky <>
Signed-off-by: default avatarJohn W. Linville <>
parent e9304882
......@@ -986,8 +986,10 @@ enum ieee80211_ampdu_mlme_action {
* @tx: Handler that 802.11 module calls for each transmitted frame.
* skb contains the buffer starting from the IEEE 802.11 header.
* The low-level driver should send the frame out based on
* configuration in the TX control data. Must be implemented and
* atomic.
* configuration in the TX control data. This handler should,
* preferably, never fail and stop queues appropriately, more
* importantly, however, it must never fail for A-MPDU-queues.
* Must be implemented and atomic.
* @start: Called before the first netdevice attached to the hardware
* is enabled. This should turn on the hardware and must turn on
......@@ -595,7 +595,7 @@ struct ieee80211_local {
struct timer_list sta_cleanup;
unsigned long state[IEEE80211_MAX_QUEUES + IEEE80211_MAX_AMPDU_QUEUES];
struct ieee80211_tx_stored_packet pending_packet[IEEE80211_MAX_QUEUES + IEEE80211_MAX_AMPDU_QUEUES];
struct ieee80211_tx_stored_packet pending_packet[IEEE80211_MAX_QUEUES];
struct tasklet_struct tx_pending_tasklet;
/* number of interfaces with corresponding IFF_ flags */
......@@ -673,6 +673,16 @@ ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
if (!(tx->flags & IEEE80211_TX_FRAGMENTED))
* Warn when submitting a fragmented A-MPDU frame and drop it.
* This is an error and needs to be fixed elsewhere, but when
* done needs to take care of monitor interfaces (injection)
* etc.
if (WARN_ON(tx->flags & IEEE80211_TX_CTL_AMPDU ||
IEEE80211_SKB_CB(tx->skb)->queue >= tx->local->hw.queues))
return TX_DROP;
first = tx->skb;
hdrlen = ieee80211_get_hdrlen(tx->fc);
......@@ -1216,8 +1226,17 @@ static int ieee80211_tx(struct net_device *dev, struct sk_buff *skb)
ret = __ieee80211_tx(local, skb, &tx);
if (ret) {
struct ieee80211_tx_stored_packet *store =
struct ieee80211_tx_stored_packet *store;
* Since there are no fragmented frames on A-MPDU
* queues, there's no reason for a driver to reject
* a frame there, warn and drop it.
if (WARN_ON(queue >= local->hw.queues))
goto drop;
store = &local->pending_packet[queue];
if (ret == IEEE80211_TX_FRAG_AGAIN)
skb = NULL;
