wifi: mac80211: Fix iTXQ AMPDU fragmentation handling

commit 592234e941f1addaa598601c9227e3b72d608625 upstream.

mac80211 must not enable aggregation wile transmitting a fragmented
MPDU. Enforce that for mac80211 internal TX queues (iTXQs).

Reported-by: kernel test robot <oliver.sang@intel.com>
Link: https://lore.kernel.org/oe-lkp/202301021738.7cd3e6ae-oliver.sang@intel.com
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Link: https://lore.kernel.org/r/20230106223141.98696-1-alexander@wetzel-home.de
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index b2e4046..85d2b9e 100644 (file)
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -511,8 +511,6 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid)
         */
        clear_bit(HT_AGG_STATE_WANT_START, &tid_tx->state);
 
-       ieee80211_agg_stop_txq(sta, tid);
-
        /*
         * Make sure no packets are being processed. This ensures that
         * we have a valid starting sequence number and that in-flight

diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c
index 83bc413..ae42e95 100644 (file)
--- a/net/mac80211/ht.c
+++ b/net/mac80211/ht.c
@@ -391,6 +391,43 @@ void ieee80211_ba_session_work(struct work_struct *work)
 
                tid_tx = sta->ampdu_mlme.tid_start_tx[tid];
                if (!blocked && tid_tx) {
+                       struct ieee80211_sub_if_data *sdata = sta->sdata;
+                       struct ieee80211_local *local = sdata->local;
+
+                       if (local->ops->wake_tx_queue) {
+                               struct txq_info *txqi =
+                                       to_txq_info(sta->sta.txq[tid]);
+                               struct fq *fq = &local->fq;
+
+                               spin_lock_bh(&fq->lock);
+
+                               /* Allow only frags to be dequeued */
+                               set_bit(IEEE80211_TXQ_STOP, &txqi->flags);
+
+                               if (!skb_queue_empty(&txqi->frags)) {
+                                       /* Fragmented Tx is ongoing, wait for it
+                                        * to finish. Reschedule worker to retry
+                                        * later.
+                                        */
+
+                                       spin_unlock_bh(&fq->lock);
+                                       spin_unlock_bh(&sta->lock);
+
+                                       /* Give the task working on the txq a
+                                        * chance to send out the queued frags
+                                        */
+                                       synchronize_net();
+
+                                       mutex_unlock(&sta->ampdu_mlme.mtx);
+
+                                       ieee80211_queue_work(&sdata->local->hw,
+                                                            work);
+                                       return;
+                               }
+
+                               spin_unlock_bh(&fq->lock);
+                       }
+
                        /*
                         * Assign it over to the normal tid_tx array
                         * where it "goes live".

diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 5912551..6409097 100644 (file)
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1295,7 +1295,8 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
        if (!(info->flags & IEEE80211_TX_CTL_DONTFRAG)) {
                if (!(tx->flags & IEEE80211_TX_UNICAST) ||
                    skb->len + FCS_LEN <= local->hw.wiphy->frag_threshold ||
-                   info->flags & IEEE80211_TX_CTL_AMPDU)
+                   (info->flags & IEEE80211_TX_CTL_AMPDU &&
+                    !local->ops->wake_tx_queue))
                        info->flags |= IEEE80211_TX_CTL_DONTFRAG;
        }
 
@@ -3725,7 +3726,6 @@ struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw,
                return NULL;
 
 begin:
-       skb = NULL;
        spin_lock(&local->queue_stop_reason_lock);
        q_stopped = local->queue_stop_reasons[q];
        spin_unlock(&local->queue_stop_reason_lock);
@@ -3738,9 +3738,6 @@ begin:
 
        spin_lock_bh(&fq->lock);
 
-       if (unlikely(test_bit(IEEE80211_TXQ_STOP, &txqi->flags)))
-               goto out;
-
        /* Make sure fragments stay together. */
        skb = __skb_dequeue(&txqi->frags);
        if (unlikely(skb)) {
@@ -3750,6 +3747,9 @@ begin:
                IEEE80211_SKB_CB(skb)->control.flags &=
                        ~IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
        } else {
+               if (unlikely(test_bit(IEEE80211_TXQ_STOP, &txqi->flags)))
+                       goto out;
+
                skb = fq_tin_dequeue(fq, tin, fq_tin_dequeue_func);
        }
 
@@ -3800,7 +3800,8 @@ begin:
        }
 
        if (test_bit(IEEE80211_TXQ_AMPDU, &txqi->flags))
-               info->flags |= IEEE80211_TX_CTL_AMPDU;
+               info->flags |= (IEEE80211_TX_CTL_AMPDU |
+                               IEEE80211_TX_CTL_DONTFRAG);
        else
                info->flags &= ~IEEE80211_TX_CTL_AMPDU;