Return-path: Received: from he.sipsolutions.net ([78.46.109.217]:56408 "EHLO sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756596Ab1LBNzn (ORCPT ); Fri, 2 Dec 2011 08:55:43 -0500 Subject: Re: Memory Leak in AMPDU From: Johannes Berg To: Yogesh Ashok Powar Cc: nishants@marvell.com, linux-wireless@vger.kernel.org, Emmanuel Grumbach In-Reply-To: <20111202094123.GB5808@hertz.marvell.com> (sfid-20111202_104129_744336_CBA7657D) References: <20111202094123.GB5808@hertz.marvell.com> (sfid-20111202_104129_744336_CBA7657D) Content-Type: text/plain; charset="UTF-8" Date: Fri, 02 Dec 2011 14:55:38 +0100 Message-ID: <1322834138.4124.4.camel@jlt3.sipsolutions.net> (sfid-20111202_145546_153603_AD7BF706) Mime-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org List-ID: Hi, > We have observed memory leaks because of ampdu tx pending queue not > being freed before destroying the station info. In > '__sta_info_destroy' when we attempt the destroy the ampdu sessions > in 'ieee80211_sta_tear_down_BA_sessions', the driver calls > 'ieee80211_stop_tx_ba_cb_irqsafe' to delete the ampdu structures > (tid_tx) and splice the pending queues and this job gets queued in > sdata workqueue. > > However, the sta entry can get destroyed before the above work gets > scheduled and hence the race. Purging the queues and freeing the > tid_tx would avoid the leak, but I wanted to get your thoughts before > attempting to fix this cleanly. Yeah ... the interesting part is whether we want drivers to be able to deal with a station being removed while an aggregation stop is still pending? Otherwise we have to somehow postpone the full destruction until the aggregation stop completes? Other than that I have no concerns I guess. johannes