On Sun, Mar 14, 2010 at 08:43:02PM +0200, Maxim Levitsky wrote: > One thing I noticed is racy behaviour of ath5k_txbuf_setup. > > .. > > spin_lock_bh(&txq->lock); > list_add_tail(&bf->list, &txq->q); > if (txq->link == NULL) /* is this first packet? */ > ath5k_hw_set_txdp(ah, txq->qnum, bf->daddr); > else /* no, so only link it */ > *txq->link = bf->daddr; > > .. > > > As I see it, every new transmitted packet it > 'appended' to end of the linked list of the descriptors, by replacing > NULL with physical address of it > > But what happens if hardware reads this last descriptor at same time ?
I've looked at that before too. According to ar2316 docs, if the link pointer is null, the MAC is supposed to pause and wait for the transmit enable (TxE) bit in the CR register to be set, at which time the pointer is reloaded. We do this in ath5k_hw_start_tx_dma. One way to see if you're hitting this case is to see if TXEOL interrupt happens right before everything goes south. -- Bob Copeland %% www.bobcopeland.com _______________________________________________ ath5k-devel mailing list ath5k-devel@lists.ath5k.org https://lists.ath5k.org/mailman/listinfo/ath5k-devel
