[madwifi-tickets] Re: [MadWifi] #74: module unstable on x86_64

Fri, 13 Jan 2006 10:35:20 -0800 

#74: module unstable on x86_64
------------------------------+---------------------------------------------
  Reporter:  kelmo            |       Owner:                                    
  
      Type:  defect           |      Status:  new                               
  
  Priority:  critical         |   Milestone:  version 1.0.0 - first stable 
release
 Component:  madwifi: driver  |     Version:  trunk                             
  
Resolution:                   |    Keywords:                                    
  
------------------------------+---------------------------------------------
Comment (by tim):

 Ok, I've done some more debugging today, and have learned a little bit.

 The line dying for me is indeed the one that calls the macro
 STAILQ_REMOVE_HEAD().  However, I've found that the line right before that
 always sets lastbuf to NULL.  In addition, even if one got past the
 STAILQ_REMOVE_HEAD() macro, we'd puke on the dereferences of lastbuf.

 Taking a step back, what function are we in?  We're in
 ath_tx_uapsdqueue().  What's this for?  It looks like were enqueue-ing a
 frame onto the UAPSD queue.  Don't ask me to explain what this is.  I am
 clueless when it comes to wireless hardware.

 Looking at the different cases in this file, I see that we're dying on the
 condition when both the current queue, and the overflow queue are full.
 So, this case is supposed to drop an old frame, and enqueue the new frame.

 However, when we try to pull off the old frame, we get back NULL.  How
 could this be?  I thought we had full queues!!  I can think of only two
 explanations right now:

 1. The test
   "an->an_uapsd_overflowqdepth == an->an_node.ni_uapsd_maxsp"

 is evaluating to true because someone didn't decrement the overflowqdepth
 when they were supposed to, or there's an x86_64 integer conversion issue
 with this counter.

 2. The comment at the top of the function reads:
   "* Needs external locking!"

 If this function is getting pre-empted right after the overflow counter
 check, then another function could be stealing all of the frames on the
 queue.  When execution comes back to us, we fail to grab a frame because
 they're all gone.

 I am leaning toward the latter right now...  Please someone who knows
 something about this code correct me if I am wrong.

 More info in a moment...

-- 
Ticket URL: <http://madwifi.org/ticket/74>
MadWifi <http://madwifi.org/>
Multiband Atheros Driver for Wireless Fidelity

Reply via email to