MIME-Version: 1.0
In-Reply-To: <1365372253-32782-5-git-send-email-nbd@openwrt.org>
References: <1365372253-32782-1-git-send-email-nbd@openwrt.org>
	<1365372253-32782-2-git-send-email-nbd@openwrt.org>
	<1365372253-32782-3-git-send-email-nbd@openwrt.org>
	<1365372253-32782-4-git-send-email-nbd@openwrt.org>
	<1365372253-32782-5-git-send-email-nbd@openwrt.org>
Date: Sun, 7 Apr 2013 15:24:09 -0700
Message-ID: <CAJ-Vmo=6W_C0d_wEeT8UM1+1LXOsi5xHGj=KdKF7E5BNdtLbgQ@mail.gmail.com> (sfid-20130408_002414_137458_B728CA82)
Subject: Re: [PATCH 5/7] ath9k: fix handling of broken descriptors
From: Adrian Chadd <adrian@freebsd.org>
To: Felix Fietkau <nbd@openwrt.org>
Cc: linux-wireless@vger.kernel.org, linville@tuxdriver.com,
	mcgrof@qca.qualcomm.com
Content-Type: text/plain; charset=ISO-8859-1
Sender: linux-wireless-owner@vger.kernel.org

Hm!

On 7 April 2013 15:04, Felix Fietkau <nbd@openwrt.org> wrote:
> As the comment in ath_get_next_rx_buf indicates, if a descriptor with
> the done bit set follows one with the done bit cleared, both descriptors
> should be discarded, however the driver is not doing that yet.
>
> To fix this, use the rs->rs_more flag as an indicator that the following
> frame should be discarded. This also helps with the split buffer case:
> if the first part of the frame is discarded, the following parts need to
> be discarded as well, since they contain no valid header or usable data.

Have you seen this happen?

I've added code to this in FreeBSD (based on the reference driver and
ath9k doing it) and I've never, ever seen it trigger.

I went digging through the EV database and I found a bug (long since
fixed) where the code was adjusting the skb size and then pushing it
back onto the RX queue with an incorrect size. If it allocated a 2kiB
SKU and then reset the size to 4KiB, hilarity would ensue.

This is why I'm asking. If it happens in the real world, fine. :-)

Thanks,


adrian