diff mbox series

[RFC,v4,3/4] mac80211: Add airtime accounting and scheduling to TXQs

Message ID 153711973134.9231.18038849900399644494.stgit@alrua-x1.karlstad.toke.dk (mailing list archive)
State RFC
Delegated to: Johannes Berg
Headers show
Series Move TXQ scheduling into mac80211 | expand

Commit Message

Toke Høiland-Jørgensen Sept. 16, 2018, 5:42 p.m. UTC 
This adds airtime accounting and scheduling to the mac80211 TXQ
scheduler. A new callback, ieee80211_sta_register_airtime(), is added
that drivers can call to report airtime usage for stations.

When airtime information is present, mac80211 will schedule TXQs
(through ieee80211_next_txq()) in a way that enforces airtime fairness
between active stations. This scheduling works the same way as the ath9k
in-driver airtime fairness scheduling. If no airtime usage is reported
by the driver, the scheduler will default to round-robin scheduling.

For drivers that don't control TXQ scheduling in software, a new API
function, ieee80211_txq_may_transmit(), is added which the driver can use
to check if the TXQ is eligible for transmission, or should be throttled to
enforce fairness. Calls to this function must also be enclosed in
ieee80211_txq_schedule_{start,end}() calls to ensure proper locking. TXQs
that are throttled by ieee802111_txq_may_transmit() will be woken up again
by a check added to the ieee80211_wake_txqs() tasklet.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
---
 include/net/mac80211.h     |   52 ++++++++++++++++++++++++++++
 net/mac80211/cfg.c         |    3 ++
 net/mac80211/debugfs.c     |    3 ++
 net/mac80211/debugfs_sta.c |   51 +++++++++++++++++++++++++--
 net/mac80211/ieee80211_i.h |    3 ++
 net/mac80211/main.c        |    1 +
 net/mac80211/sta_info.c    |   49 ++++++++++++++++++++++++++
 net/mac80211/sta_info.h    |   13 +++++++
 net/mac80211/status.c      |    6 +++
 net/mac80211/tx.c          |   83 ++++++++++++++++++++++++++++++++++++++++++--
 net/mac80211/util.c        |   55 +++++++++++++++++++++++++++++
 11 files changed, 312 insertions(+), 7 deletions(-)

Comments

Rajkumar Manoharan Sept. 26, 2018, 7:09 a.m. UTC | #1 
On 2018-09-16 10:42, Toke Høiland-Jørgensen wrote:
> This adds airtime accounting and scheduling to the mac80211 TXQ
> scheduler. A new callback, ieee80211_sta_register_airtime(), is added
> that drivers can call to report airtime usage for stations.
> 
> +bool ieee80211_txq_may_transmit(struct ieee80211_hw *hw,
> +				struct ieee80211_txq *txq)
> +{

[...]

> +	if (ret) {
> +		clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags);
> +		list_del_init(&txqi->schedule_order);
> +	} else
> +		set_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags);
> +
> 
This looks wrong to me. txqi->flags are protected by fq->lock but here
it is by active_txq_lock. no?

> @@ -3677,6 +3751,7 @@ void ieee80211_txq_schedule_end(struct
> ieee80211_hw *hw, u8 ac)
>  	struct ieee80211_local *local = hw_to_local(hw);
> 
>  	spin_unlock_bh(&local->active_txq_lock[ac]);
> +	tasklet_schedule(&local->wake_txqs_tasklet);
>  }
> 
It is an overload to schedule wake_txqs_tasklet for each txq unlock.
Instead I would prefer to call __ieee80211_kick_airtime from 
schedule_end.
Thoughts?

-Rajkumar
Toke Høiland-Jørgensen Sept. 26, 2018, 9:22 a.m. UTC | #2 
Rajkumar Manoharan <rmanohar@codeaurora.org> writes:

> On 2018-09-16 10:42, Toke Høiland-Jørgensen wrote:
>> This adds airtime accounting and scheduling to the mac80211 TXQ
>> scheduler. A new callback, ieee80211_sta_register_airtime(), is added
>> that drivers can call to report airtime usage for stations.
>> 
>> +bool ieee80211_txq_may_transmit(struct ieee80211_hw *hw,
>> +				struct ieee80211_txq *txq)
>> +{
>
> [...]
>
>> +	if (ret) {
>> +		clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags);
>> +		list_del_init(&txqi->schedule_order);
>> +	} else
>> +		set_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags);
>> +
>> 
> This looks wrong to me. txqi->flags are protected by fq->lock but here
> it is by active_txq_lock. no?

Both set_bit() and clear_bit() are atomic operations, so they don't need
separate locking. See Documentation/atomic_bitops.txt

>> @@ -3677,6 +3751,7 @@ void ieee80211_txq_schedule_end(struct
>> ieee80211_hw *hw, u8 ac)
>>  	struct ieee80211_local *local = hw_to_local(hw);
>> 
>>  	spin_unlock_bh(&local->active_txq_lock[ac]);
>> +	tasklet_schedule(&local->wake_txqs_tasklet);
>>  }
>> 
> It is an overload to schedule wake_txqs_tasklet for each txq unlock.
> Instead I would prefer to call __ieee80211_kick_airtime from 
> schedule_end.
> Thoughts?

Yeah, I realise scheduling the whole wake_txqs_tasklet is maybe a bit
heavy-handed here. However just calling into __ieee80211_kick_airtime()
means we'll end up recursing back to the same place, which is not good
either (we could in theory flip-flop between two queues until we run out
of stack space).

My "backup plan" if the wake_txqs_tasklet turns out to be too heavy was
to define a new tasklet just for this use; but wanted to see if this
actually turned out to be a problem first...

-Toke
Rajkumar Manoharan Sept. 27, 2018, 12:09 a.m. UTC | #3 
On 2018-09-26 02:22, Toke Høiland-Jørgensen wrote:
> Rajkumar Manoharan <rmanohar@codeaurora.org> writes:
> 
>> On 2018-09-16 10:42, Toke Høiland-Jørgensen wrote:
>>> +	if (ret) {
>>> +		clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags);
>>> +		list_del_init(&txqi->schedule_order);
>>> +	} else
>>> +		set_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags);
>>> +
>>> 
>> This looks wrong to me. txqi->flags are protected by fq->lock but here
>> it is by active_txq_lock. no?
> 
> Both set_bit() and clear_bit() are atomic operations, so they don't 
> need
> separate locking. See Documentation/atomic_bitops.txt
> 
:( Yeah... I got confused with attached soft lockup in ARM platform.

>>> @@ -3677,6 +3751,7 @@ void ieee80211_txq_schedule_end(struct
>>> ieee80211_hw *hw, u8 ac)
>>>  	struct ieee80211_local *local = hw_to_local(hw);
>>> 
>>>  	spin_unlock_bh(&local->active_txq_lock[ac]);
>>> +	tasklet_schedule(&local->wake_txqs_tasklet);
>>>  }
>>> 
>> It is an overload to schedule wake_txqs_tasklet for each txq unlock.
>> Instead I would prefer to call __ieee80211_kick_airtime from
>> schedule_end.
>> Thoughts?
> 
> Yeah, I realise scheduling the whole wake_txqs_tasklet is maybe a bit
> heavy-handed here. However just calling into __ieee80211_kick_airtime()
> means we'll end up recursing back to the same place, which is not good
> either (we could in theory flip-flop between two queues until we run 
> out
> of stack space).
> 
IMHO schedule_start/end is needed for tracking first node to break the 
loop.
It is not applicable when the driver calls may_transmit(). It would be 
better
if active_txq_lock is moved within may_transmit.

> My "backup plan" if the wake_txqs_tasklet turns out to be too heavy was
> to define a new tasklet just for this use; but wanted to see if this
> actually turned out to be a problem first...
> 
Instead of adding new tasklet, we can introduce new API to iterate 
through
throttled txqs. Driver that make use of may_transmit, have to call this 
new API
at the end of irq handler i.e after processing tx/rx.

-Rajkumar
BUG: soft lockup - CPU#1 stuck for 22s! [swapper/1:0]
[ 1944.211170] Modules linked in: ath10k_pci ath10k_core ath mac80211 cfg80211 compat iptable_nat nf_nat_pptp nf_nat_ipv4 nf_nat_amanda nf_conntrack_pptp nf_conntrack_ipv6 nf_conntrack_ipv4 nf_conntrack_amanda xt_time xt_tcpudp xt_tcpmss xt_string xt_statistic xt_state xt_recent xt_quota xt_policy xt_pkttype xt_physdev xt_owner xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_addrtype xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_DSCP xt_CT xt_CLASSIFY usbnet ts_kmp ts_fsm ts_bm r8152 pppoe ppp_mppe ppp_async nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_rtsp nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_ftp nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_tftp nf_conntrack_snmp nf_conntrack_sip nf_conntrack_rtsp nf_conntrack_proto_gre nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp nf_conntrack_broadcast l2tp_ppp iptable_raw iptable_mangle iptable_filter ipt_ah ipt_REJECT ipt_MASQUERADE ipt_ECN ip_tables crc_ccitt arptable_filter arpt_mangle arp_tables sch_teql sch_tbf sch_sfq sch_red sch_prio sch_pie sch_htb sch_gred sch_fq sch_dsmark sch_codel em_text em_nbyte em_meta em_cmp cls_basic act_police act_ipt act_connmark act_skbedit act_mirred em_u32 cls_u32 cls_tcindex cls_flow cls_route cls_fw sch_hfsc sch_ingress qca_nss_ipsec qca_nss_cfi_ocf qca_nss_tunipip6 qca_nss_tun6rd qca_nss_ipsecmgr qca_nss_cfi_cryptoapi qca_nss_qdisc qca_nss_macsec qca_nss_crypto_tool qca_nss_crypto qca_nss_pptp pptp pppox qca_nss_map_t qca_nss_lag_mgr qca_nss_l2tpv2 ppp_generic slhc qca_nss_gre hyfi_bridging nf_nat_proto_sctp nf_nat libcrc32c ledtrig_usbdev nf_conntrack_proto_sctp essedma ip6t_REJECT ip6table_raw ip6table_mangle ip6table_filter ip6_tables x_tables qca_mcs qca_85xx_sw msdos bonding ip6_gre ip_gre gre ifb nat46 sit qca_nss_drv l2tp_netlink l2tp_core ipcomp6 xfrm6_tunnel xfrm6_mode_tunnel xfrm6_mode_transport xfrm6_mode_beet esp6 ah6 ipcomp xfrm4_tunnel xfrm4_mode_tunnel xfrm4_mode_transport xfrm4_mode_beet esp4 ah4 ip6_tunnel qca_nss_gmac tunnel6 tunnel4 ip_tunnel snd_pcm_oss snd_mixer_oss snd_rawmidi snd_seq_device qca_ssdk af_key xfrm_user xfrm_ipcomp xfrm_algo vfat fat ntfs qrfs nf_conntrack nls_iso8859_1 nls_cp437 shortcut_fe_drv aq_phy shortcut_fe_ipv6 shortcut_fe sha1_generic qcrypto cryptosoft cryptodev ocf md5 hmac ecb des_generic cbc authenc usb_storage leds_gpio bootconfig xhci_hcd dwc3 udc_core dwc3_qcom dwc3_ipq40xx phy_qcom_ssusb phy_qcom_hsusb phy_qca_uniphy phy_qca_baldur sd_mod ahci_platform gpio_button_hotplug button_hotplug input_core usbcore nls_base usb_common mii [last unloaded: ecm]
[ 1944.440683]
[ 1944.442163] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 3.14.77 #5
[ 1944.448151] task: dd47bf40 ti: dd49c000 task.ti: dd49c000
[ 1944.453541] PC is at _test_and_clear_bit+0xc/0x48
[ 1944.458283] LR is at ieee80211_wake_txqs+0x150/0x434 [mac80211]
[ 1944.464124] pc : [<c020caf4>]    lr : [<bfb63ef8>]    psr: 60000113
[ 1944.464124] sp : dd49dec0  ip : 00000000  fp : 00000030
[ 1944.475581] r10: d8b58c30  r9 : d63ab000  r8 : d8b58d18
[ 1944.480788] r7 : d8b58d00  r6 : 00000002  r5 : d6650500  r4 : d8b58c20
[ 1944.487299] r3 : 00000000  r2 : 00000001  r1 : d63ab0a0  r0 : 00000004
[ 1944.493811] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
[ 1944.501100] Control: 10c5787d  Table: 5801406a  DAC: 00000015
[ 1944.506830] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 3.14.77 #5
[ 1944.512832] [<c021db64>] (unwind_backtrace) from [<c021abf8>] (show_stack+0x10/0x14)
[ 1944.520555] [<c021abf8>] (show_stack) from [<c03c93d4>] (dump_stack+0x80/0xa0)
[ 1944.527761] [<c03c93d4>] (dump_stack) from [<c0285e68>] (watchdog_timer_fn+0x10c/0x160)
[ 1944.535744] [<c0285e68>] (watchdog_timer_fn) from [<c024a64c>] (__run_hrtimer+0x50/0xc8)
[ 1944.543815] [<c024a64c>] (__run_hrtimer) from [<c024ae30>] (hrtimer_interrupt+0x130/0x27c)
[ 1944.552064] [<c024ae30>] (hrtimer_interrupt) from [<c051afa0>] (msm_timer_interrupt+0x38/0x44)
[ 1944.560658] [<c051afa0>] (msm_timer_interrupt) from [<c026c9b8>] (handle_percpu_devid_irq+0x68/0x84)
[ 1944.569774] [<c026c9b8>] (handle_percpu_devid_irq) from [<c026932c>] (generic_handle_irq+0x20/0x30)
[ 1944.578802] [<c026932c>] (generic_handle_irq) from [<c02181dc>] (handle_IRQ+0x68/0x90)
[ 1944.586697] [<c02181dc>] (handle_IRQ) from [<c02084e0>] (gic_handle_irq+0x3c/0x60)
[ 1944.594248] [<c02084e0>] (gic_handle_irq) from [<c02095c0>] (__irq_svc+0x40/0x70)
[ 1944.601710] Exception stack(0xdd49de78 to 0xdd49dec0)
[ 1944.606744] de60:                                                       00000004 d63ab0a0
[ 1944.614904] de80: 00000001 00000000 d8b58c20 d6650500 00000002 d8b58d00 d8b58d18 d63ab000
[ 1944.623064] dea0: d8b58c30 00000030 00000000 dd49dec0 bfb63ef8 c020caf4 60000113 ffffffff
[ 1944.631229] [<c02095c0>] (__irq_svc) from [<c020caf4>] (_test_and_clear_bit+0xc/0x48)
[ 1944.639066] [<c020caf4>] (_test_and_clear_bit) from [<bfb63ef8>] (ieee80211_wake_txqs+0x150/0x434 [mac80211])
[ 1944.649040] [<bfb63ef8>] (ieee80211_wake_txqs [mac80211]) from [<c0232f88>] (tasklet_action+0x8c/0xec)
[ 1944.658224] [<c0232f88>] (tasklet_action) from [<c0232580>] (__do_softirq+0x104/0x294)
[ 1944.666121] [<c0232580>] (__do_softirq) from [<c02329fc>] (irq_exit+0x9c/0x11c)
[ 1944.673415] [<c02329fc>] (irq_exit) from [<c02181e0>] (handle_IRQ+0x6c/0x90)
[ 1944.680445] [<c02181e0>] (handle_IRQ) from [<c02084e0>] (gic_handle_irq+0x3c/0x60)
[ 1944.687995] [<c02084e0>] (gic_handle_irq) from [<c02095c0>] (__irq_svc+0x40/0x70)
[ 1944.695458] Exception stack(0xdd49dfa0 to 0xdd49dfe8)
[ 1944.700494] dfa0: ffffffed 00000000 1d3c4000 c020a040 dd49c000 dd49c030 10c0387d c08ba2c8
[ 1944.708656] dfc0: 4220406a 512f04d0 00000000 00000000 00000000 dd49dfe8 c02184a0 c02184a4
[ 1944.716812] dfe0: 60000013 ffffffff
[ 1944.720290] [<c02095c0>] (__irq_svc) from [<c02184a4>] (arch_cpu_idle+0x38/0x5c)
[ 1944.727670] [<c02184a4>] (arch_cpu_idle) from [<c0269298>] (cpu_startup_entry+0xa4/0x108)
[ 1944.735859] [<c0269298>] (cpu_startup_entry) from [<422085a4>] (0x422085a4)
[ 1948.126113] BUG: soft lockup - CPU#0 stuck for 23s! [swapper/0:0]
[ 1948.131163] Modules linked in: ath10k_pci ath10k_core ath mac80211 cfg80211 compat iptable_nat nf_nat_pptp nf_nat_ipv4 nf_nat_amanda nf_conntrack_pptp nf_conntrack_ipv6 nf_conntrack_ipv4 nf_conntrack_amanda xt_time xt_tcpudp xt_tcpmss xt_string xt_statistic xt_state xt_recent xt_quota xt_policy xt_pkttype xt_physdev xt_owner xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_addrtype xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_DSCP xt_CT xt_CLASSIFY usbnet ts_kmp ts_fsm ts_bm r8152 pppoe ppp_mppe ppp_async nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_rtsp nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_ftp nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_tftp nf_conntrack_snmp nf_conntrack_sip nf_conntrack_rtsp nf_conntrack_proto_gre nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp nf_conntrack_broadcast l2tp_ppp iptable_raw iptable_mangle iptable_filter ipt_ah ipt_REJECT ipt_MASQUERADE ipt_ECN ip_tables crc_ccitt arptable_filter arpt_mangle arp_tables sch_teql sch_tbf sch_sfq sch_red sch_prio sch_pie sch_htb sch_gred sch_fq sch_dsmark sch_codel em_text em_nbyte em_meta em_cmp cls_basic act_police act_ipt act_connmark act_skbedit act_mirred em_u32 cls_u32 cls_tcindex cls_flow cls_route cls_fw sch_hfsc sch_ingress qca_nss_ipsec qca_nss_cfi_ocf qca_nss_tunipip6 qca_nss_tun6rd qca_nss_ipsecmgr qca_nss_cfi_cryptoapi qca_nss_qdisc qca_nss_macsec qca_nss_crypto_tool qca_nss_crypto qca_nss_pptp pptp pppox qca_nss_map_t qca_nss_lag_mgr qca_nss_l2tpv2 ppp_generic slhc qca_nss_gre hyfi_bridging nf_nat_proto_sctp nf_nat libcrc32c ledtrig_usbdev nf_conntrack_proto_sctp essedma ip6t_REJECT ip6table_raw ip6table_mangle ip6table_filter ip6_tables x_tables qca_mcs qca_85xx_sw msdos bonding ip6_gre ip_gre gre ifb nat46 sit qca_nss_drv l2tp_netlink l2tp_core ipcomp6 xfrm6_tunnel xfrm6_mode_tunnel xfrm6_mode_transport xfrm6_mode_beet esp6 ah6 ipcomp xfrm4_tunnel xfrm4_mode_tunnel xfrm4_mode_transport xfrm4_mode_beet esp4 ah4 ip6_tunnel qca_nss_gmac tunnel6 tunnel4 ip_tunnel snd_pcm_oss snd_mixer_oss snd_rawmidi snd_seq_device qca_ssdk af_key xfrm_user xfrm_ipcomp xfrm_algo vfat fat ntfs qrfs nf_conntrack nls_iso8859_1 nls_cp437 shortcut_fe_drv aq_phy shortcut_fe_ipv6 shortcut_fe sha1_generic qcrypto cryptosoft cryptodev ocf md5 hmac ecb des_generic cbc authenc usb_storage leds_gpio bootconfig xhci_hcd dwc3 udc_core dwc3_qcom dwc3_ipq40xx phy_qcom_ssusb phy_qcom_hsusb phy_qca_uniphy phy_qca_baldur sd_mod ahci_platform gpio_button_hotplug button_hotplug input_core usbcore nls_base usb_common mii [last unloaded: ecm]
[ 1948.360675]
[ 1948.362153] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.14.77 #5
[ 1948.368143] task: c086e790 ti: c0862000 task.ti: c0862000
[ 1948.373527] PC is at _raw_spin_lock_bh+0x48/0x5c
[ 1948.378152] LR is at ieee80211_tx_dequeue+0x6e8/0x8ec [mac80211]
[ 1948.384115] pc : [<c0212144>]    lr : [<bfb5e3c0>]    psr: 20000113
[ 1948.384115] sp : c0863c68  ip : d4f4dfa8  fp : d6956000
[ 1948.395573] r10: d8b58cb4  r9 : d8b58ca8  r8 : d8b58cac
[ 1948.400781] r7 : 00000000  r6 : d6d38c00  r5 : d63ab0a4  r4 : d8b58c20
[ 1948.407291] r3 : 00003abd  r2 : 00003abe  r1 : 00000000  r0 : d8b58d00
[ 1948.413802] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
[ 1948.421093] Control: 10c5787d  Table: 5806806a  DAC: 00000015
[ 1948.426823] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.14.77 #5
[ 1948.432819] [<c021db64>] (unwind_backtrace) from [<c021abf8>] (show_stack+0x10/0x14)
[ 1948.440543] [<c021abf8>] (show_stack) from [<c03c93d4>] (dump_stack+0x80/0xa0)
[ 1948.447748] [<c03c93d4>] (dump_stack) from [<c0285e68>] (watchdog_timer_fn+0x10c/0x160)
[ 1948.455733] [<c0285e68>] (watchdog_timer_fn) from [<c024a64c>] (__run_hrtimer+0x50/0xc8)
[ 1948.463805] [<c024a64c>] (__run_hrtimer) from [<c024ae30>] (hrtimer_interrupt+0x130/0x27c)
[ 1948.472053] [<c024ae30>] (hrtimer_interrupt) from [<c051afa0>] (msm_timer_interrupt+0x38/0x44)
[ 1948.480646] [<c051afa0>] (msm_timer_interrupt) from [<c026c9b8>] (handle_percpu_devid_irq+0x68/0x84)
[ 1948.489761] [<c026c9b8>] (handle_percpu_devid_irq) from [<c026932c>] (generic_handle_irq+0x20/0x30)
[ 1948.498790] [<c026932c>] (generic_handle_irq) from [<c02181dc>] (handle_IRQ+0x68/0x90)
[ 1948.506688] [<c02181dc>] (handle_IRQ) from [<c02084e0>] (gic_handle_irq+0x3c/0x60)
[ 1948.514239] [<c02084e0>] (gic_handle_irq) from [<c02095c0>] (__irq_svc+0x40/0x70)
[ 1948.521701] Exception stack(0xc0863c20 to 0xc0863c68)
[ 1948.526737] 3c20: d8b58d00 00000000 00003abe 00003abd d8b58c20 d63ab0a4 d6d38c00 00000000
[ 1948.534898] 3c40: d8b58cac d8b58ca8 d8b58cb4 d6956000 d4f4dfa8 c0863c68 bfb5e3c0 c0212144
[ 1948.543056] 3c60: 20000113 ffffffff
[ 1948.546531] [<c02095c0>] (__irq_svc) from [<c0212144>] (_raw_spin_lock_bh+0x48/0x5c)
[ 1948.554284] [<c0212144>] (_raw_spin_lock_bh) from [<bfb5e3c0>] (ieee80211_tx_dequeue+0x6e8/0x8ec [mac80211])
[ 1948.564122] [<bfb5e3c0>] (ieee80211_tx_dequeue [mac80211]) from [<bfb606a0>] (__ieee80211_subif_start_xmit+0x7e4/0x870 [mac80211])
[ 1948.575838] [<bfb606a0>] (__ieee80211_subif_start_xmit [mac80211]) from [<bfb60a7c>] (ieee80211_subif_start_xmit+0x104/0x110 [mac80211])
[ 1948.588055] [<bfb60a7c>] (ieee80211_subif_start_xmit [mac80211]) from [<c059f9b0>] (dev_hard_start_xmit+0x320/0x454)
[ 1948.598529] [<c059f9b0>] (dev_hard_start_xmit) from [<c059fe5c>] (__dev_queue_xmit+0x378/0x454)
[ 1948.607212] [<c059fe5c>] (__dev_queue_xmit) from [<c0659850>] (br_dev_queue_push_xmit+0xbc/0xc4)
[ 1948.615979] [<c0659850>] (br_dev_queue_push_xmit) from [<c065ae98>] (br_handle_frame_finish+0x508/0x54c)
[ 1948.625439] [<c065ae98>] (br_handle_frame_finish) from [<c065b1b4>] (br_handle_frame+0x2d8/0x340)
[ 1948.634293] [<c065b1b4>] (br_handle_frame) from [<c059c5e0>] (__netif_receive_skb_core+0x4e0/0x6e0)
[ 1948.643321] [<c059c5e0>] (__netif_receive_skb_core) from [<c059e1d8>] (process_backlog+0x90/0x158)
[ 1948.652262] [<c059e1d8>] (process_backlog) from [<c059db70>] (net_rx_action+0xac/0x160)
[ 1948.660247] [<c059db70>] (net_rx_action) from [<c0232580>] (__do_softirq+0x104/0x294)
[ 1948.668059] [<c0232580>] (__do_softirq) from [<c02329fc>] (irq_exit+0x9c/0x11c)
[ 1948.675352] [<c02329fc>] (irq_exit) from [<c02181e0>] (handle_IRQ+0x6c/0x90)
[ 1948.682381] [<c02181e0>] (handle_IRQ) from [<c02084e0>] (gic_handle_irq+0x3c/0x60)
[ 1948.689933] [<c02084e0>] (gic_handle_irq) from [<c02095c0>] (__irq_svc+0x40/0x70)
[ 1948.697396] Exception stack(0xc0863f60 to 0xc0863fa8)
[ 1948.702432] 3f60: ffffffed 00000000 1d3bc000 c020a040 c0862000 c0862030 ffffffff c08ba014
[ 1948.710592] 3f80: c086a3c0 c0858ba8 ddffcd40 c08ba010 c0873548 c0863fa8 c02184a0 c02184a4
[ 1948.718751] 3fa0: 60000013 ffffffff
[ 1948.722226] [<c02095c0>] (__irq_svc) from [<c02184a4>] (arch_cpu_idle+0x38/0x5c)
[ 1948.729608] [<c02184a4>] (arch_cpu_idle) from [<c0269298>] (cpu_startup_entry+0xa4/0x108)
[ 1948.737766] [<c0269298>] (cpu_startup_entry) from [<c0837af0>] (start_kernel+0x358/0x3cc)
Rajkumar Manoharan Sept. 28, 2018, 5:29 a.m. UTC | #4 
On 2018-09-26 17:09, Rajkumar Manoharan wrote:
> On 2018-09-26 02:22, Toke Høiland-Jørgensen wrote:
>> Rajkumar Manoharan <rmanohar@codeaurora.org> writes:

> :( Yeah... I got confused with attached soft lockup in ARM platform.
> 
Toke,

Cause for the soft lockup exposed in multi client scenario is due to
mixed order of fq_lock and active_txqs_lock. In wake_tx_queue or 
push_pending
case, driver acquires active_txq_lock first by schedule_start and 
followed by
fq_lock in tx_dequeue. The same order should be maintained in sta 
cleanup.
Below change fixed the issue.

diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 4814710a64f3..2029d600663b 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -114,9 +114,7 @@ static void __cleanup_single_sta(struct sta_info 
*sta)
                 for (i = 0; i < ARRAY_SIZE(sta->sta.txq); i++) {
                         struct txq_info *txqi = 
to_txq_info(sta->sta.txq[i]);

-                       spin_lock_bh(&fq->lock);
                         ieee80211_txq_purge(local, txqi);
-                       spin_unlock_bh(&fq->lock);
                 }
         }

diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 884d9ce5ce4b..5d70f64a205c 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1467,8 +1467,10 @@ void ieee80211_txq_purge(struct ieee80211_local 
*local,
         struct fq *fq = &local->fq;
         struct fq_tin *tin = &txqi->tin;

+       spin_lock_bh(&fq->lock);
         fq_tin_reset(fq, tin, fq_skb_free_func);
         ieee80211_purge_tx_queue(&local->hw, &txqi->frags);
+       spin_unlock_bh(&fq->lock);
         spin_lock_bh(&local->active_txq_lock[txqi->txq.ac]);
         list_del_init(&txqi->schedule_order);
         spin_unlock_bh(&local->active_txq_lock[txqi->txq.ac]);

-Rajkumar
Toke Høiland-Jørgensen Sept. 28, 2018, 7:51 a.m. UTC | #5 
On 28 September 2018 07:29:03 CEST, Rajkumar Manoharan <rmanohar@codeaurora.org> wrote:
>On 2018-09-26 17:09, Rajkumar Manoharan wrote:
>> On 2018-09-26 02:22, Toke Høiland-Jørgensen wrote:
>>> Rajkumar Manoharan <rmanohar@codeaurora.org> writes:
>
>> :( Yeah... I got confused with attached soft lockup in ARM platform.
>> 
>Toke,
>
>Cause for the soft lockup exposed in multi client scenario is due to
>mixed order of fq_lock and active_txqs_lock. In wake_tx_queue or 
>push_pending
>case, driver acquires active_txq_lock first by schedule_start and 
>followed by
>fq_lock in tx_dequeue. The same order should be maintained in sta 
>cleanup.
>Below change fixed the issue.

Ah, great find! I'll fold this into the next version, thanks!

-Toke
Rajkumar Manoharan Sept. 28, 2018, 9:27 a.m. UTC | #6 
On 2018-09-28 00:51, Toke Høiland-Jørgensen wrote:
> On 28 September 2018 07:29:03 CEST, Rajkumar Manoharan
> <rmanohar@codeaurora.org> wrote:
>> On 2018-09-26 17:09, Rajkumar Manoharan wrote:
>>> On 2018-09-26 02:22, Toke Høiland-Jørgensen wrote:
>>>> Rajkumar Manoharan <rmanohar@codeaurora.org> writes:
>> 
>>> :( Yeah... I got confused with attached soft lockup in ARM platform.
>>> 
>> Toke,
>> 
>> Cause for the soft lockup exposed in multi client scenario is due to
>> mixed order of fq_lock and active_txqs_lock. In wake_tx_queue or
>> push_pending
>> case, driver acquires active_txq_lock first by schedule_start and
>> followed by
>> fq_lock in tx_dequeue. The same order should be maintained in sta
>> cleanup.
>> Below change fixed the issue.
> 
> Ah, great find! I'll fold this into the next version, thanks!
> 

One more thing. As I mentioned earlier, scheduling wake_txqs_tasklet
is heavy load and causing random rcu stall issue. Hence I added
another API to schedule throttled txqs once for all. Also I did
a cleanup in kick_airtime by traversing list only once. With these
changes I don't see rcu stall issue. Please review and fold them as 
well.

-Rajkumar


single_iter - clean up kick_airtime
sched_throttle - new API and separate tasklet for throttled txqs
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 404c5e82e4ca..023bc81bd4a0 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -242,13 +242,11 @@ EXPORT_SYMBOL(ieee80211_ctstoself_duration);
 
 static void __ieee80211_kick_airtime(struct ieee80211_local *local, int ac)
 {
-	bool seen_eligible = false;
 	struct txq_info *txqi;
 	struct sta_info *sta;
 
 	spin_lock_bh(&local->active_txq_lock[ac]);
 
- begin:
 	if (list_empty(&local->active_txqs[ac]))
 		goto out;
 
@@ -258,12 +256,12 @@ static void __ieee80211_kick_airtime(struct ieee80211_local *local, int ac)
 
 		sta = container_of(txqi->txq.sta, struct sta_info, sta);
 
-		if (sta->airtime[ac].deficit >= 0) {
-			seen_eligible = true;
-
-			if (!test_and_clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE,
-						&txqi->flags))
+		if (test_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags)) {
+			clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags);
+			if (sta->airtime[ac].deficit < 0) {
+				sta->airtime[ac].deficit += sta->airtime_weight;
 				continue;
+			}
 
 			spin_unlock_bh(&local->active_txq_lock[ac]);
 			drv_wake_tx_queue(local, txqi);
@@ -271,21 +269,6 @@ static void __ieee80211_kick_airtime(struct ieee80211_local *local, int ac)
 		}
 	}
 
-	/* No active queues have positive deficit, which means TX is stuck;
-	 * increase all deficits to get things unstuck.
-	 */
-	if (!seen_eligible) {
-		list_for_each_entry(txqi, &local->active_txqs[ac], schedule_order) {
-			if (!txqi->txq.sta)
-				continue;
-
-			sta = container_of(txqi->txq.sta, struct sta_info, sta);
-
-			sta->airtime[ac].deficit += sta->airtime_weight;
-		}
-
-		goto begin;
-	}
  out:
 	spin_unlock_bh(&local->active_txq_lock[ac]);
diff --git a/drivers/net/wireless/ath/ath10k/htt_rx.c b/drivers/net/wireless/ath/ath10k/htt_rx.c
index 625a4ab37ea0..b1bb369b0971 100644
--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
@@ -2362,6 +2362,7 @@ static void ath10k_htt_rx_tx_fetch_ind(struct ath10k *ar, struct sk_buff *skb)
 	}
 
 	rcu_read_unlock();
+	ieee80211_txq_schedule_throttled(hw);
 
 	resp_ids = ath10k_htt_get_tx_fetch_ind_resp_ids(&resp->tx_fetch_ind);
 	ath10k_htt_rx_tx_fetch_resp_id_confirm(ar, resp_ids, num_resp_ids);
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 50c1082c86d3..8101936a9c9c 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -6124,6 +6124,7 @@ void ieee80211_txq_schedule_start(struct ieee80211_hw *hw, u8 ac);
  */
 void ieee80211_txq_schedule_end(struct ieee80211_hw *hw, u8 ac);
 
+void ieee80211_txq_schedule_throttled(struct ieee80211_hw *hw);
 /**
  * ieee80211_txq_may_transmit - check whether TXQ is allowed to transmit
  *
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index c138b9d47453..329ebd2e1594 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1254,6 +1254,7 @@ struct ieee80211_local {
 	struct sk_buff_head pending[IEEE80211_MAX_QUEUES];
 	struct tasklet_struct tx_pending_tasklet;
 	struct tasklet_struct wake_txqs_tasklet;
+	struct tasklet_struct kick_airtime;
 
 	atomic_t agg_queue_stop[IEEE80211_MAX_QUEUES];
 
@@ -2068,6 +2069,7 @@ void ieee80211_txq_purge(struct ieee80211_local *local,
 void ieee80211_txq_remove_vlan(struct ieee80211_local *local,
 			       struct ieee80211_sub_if_data *sdata);
 void ieee80211_wake_txqs(unsigned long data);
+void ieee80211_kick_airtime(unsigned long data);
 void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
 			 u16 transaction, u16 auth_alg, u16 status,
 			 const u8 *extra, size_t extra_len, const u8 *bssid,
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index c4c3feaea336..f2772d15a541 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -675,9 +675,12 @@ struct ieee80211_hw *ieee80211_alloc_hw_nm(size_t priv_data_len,
 	tasklet_init(&local->tx_pending_tasklet, ieee80211_tx_pending,
 		     (unsigned long)local);
 
-	if (ops->wake_tx_queue)
+	if (ops->wake_tx_queue) {
 		tasklet_init(&local->wake_txqs_tasklet, ieee80211_wake_txqs,
 			     (unsigned long)local);
+		tasklet_init(&local->kick_airtime, ieee80211_kick_airtime,
+			     (unsigned long)local);
+	}
 
 	tasklet_init(&local->tasklet,
 		     ieee80211_tasklet_handler,
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 5d70f64a205c..73287f5eedd8 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3696,6 +3696,14 @@ bool ieee80211_txq_may_transmit(struct ieee80211_hw *hw,
 }
 EXPORT_SYMBOL(ieee80211_txq_may_transmit);
 
+void ieee80211_txq_schedule_throttled(struct ieee80211_hw *hw)
+{
+	struct ieee80211_local *local = hw_to_local(hw);
+
+	tasklet_schedule(&local->wake_txqs_tasklet);
+}
+EXPORT_SYMBOL(ieee80211_txq_schedule_throttled);
+
 void ieee80211_txq_schedule_start(struct ieee80211_hw *hw, u8 ac)
 {
 	struct ieee80211_local *local = hw_to_local(hw);
@@ -3710,7 +3718,6 @@ void ieee80211_txq_schedule_end(struct ieee80211_hw *hw, u8 ac)
 	struct ieee80211_local *local = hw_to_local(hw);
 
 	spin_unlock_bh(&local->active_txq_lock[ac]);
-	tasklet_schedule(&local->wake_txqs_tasklet);
 }
 EXPORT_SYMBOL(ieee80211_txq_schedule_end);
 
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 023bc81bd4a0..69fc3c723add 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -246,6 +246,7 @@ static void __ieee80211_kick_airtime(struct ieee80211_local *local, int ac)
 	struct sta_info *sta;
 
 	spin_lock_bh(&local->active_txq_lock[ac]);
+	rcu_read_lock();
 
 	if (list_empty(&local->active_txqs[ac]))
 		goto out;
@@ -270,6 +271,7 @@ static void __ieee80211_kick_airtime(struct ieee80211_local *local, int ac)
 	}
 
  out:
+	rcu_read_unlock();
 	spin_unlock_bh(&local->active_txq_lock[ac]);
 
 }
@@ -284,10 +286,6 @@ static void __ieee80211_wake_txqs(struct ieee80211_sub_if_data *sdata, int ac)
 	struct sta_info *sta;
 	int i;
 
-	if (wiphy_ext_feature_isset(local->hw.wiphy,
-				    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
-	    __ieee80211_kick_airtime(local, ac);
-
 	spin_lock_bh(&fq->lock);
 
 	if (sdata->vif.type == NL80211_IFTYPE_AP)
@@ -334,6 +332,15 @@ out:
 	spin_unlock_bh(&fq->lock);
 }
 
+void ieee80211_kick_airtime(unsigned long data)
+{
+	struct ieee80211_local *local = (struct ieee80211_local *)data;
+	int i;
+
+	for (i = 0; i < IEEE80211_NUM_ACS; i++)
+		__ieee80211_kick_airtime(local, i);
+}
+
 void ieee80211_wake_txqs(unsigned long data)
 {
 	struct ieee80211_local *local = (struct ieee80211_local *)data;
Rajkumar Manoharan Sept. 28, 2018, 9:44 a.m. UTC | #7 
On 2018-09-28 02:27, Rajkumar Manoharan wrote:
> On 2018-09-28 00:51, Toke Høiland-Jørgensen wrote:
>> On 28 September 2018 07:29:03 CEST, Rajkumar Manoharan
>> <rmanohar@codeaurora.org> wrote:
>>> On 2018-09-26 17:09, Rajkumar Manoharan wrote:
>>>> On 2018-09-26 02:22, Toke Høiland-Jørgensen wrote:
>>>>> Rajkumar Manoharan <rmanohar@codeaurora.org> writes:
>>> 
>>>> :( Yeah... I got confused with attached soft lockup in ARM platform.
>>>> 
>>> Toke,
>>> 
>>> Cause for the soft lockup exposed in multi client scenario is due to
>>> mixed order of fq_lock and active_txqs_lock. In wake_tx_queue or
>>> push_pending
>>> case, driver acquires active_txq_lock first by schedule_start and
>>> followed by
>>> fq_lock in tx_dequeue. The same order should be maintained in sta
>>> cleanup.
>>> Below change fixed the issue.
>> 
>> Ah, great find! I'll fold this into the next version, thanks!
>> 
> 
> One more thing. As I mentioned earlier, scheduling wake_txqs_tasklet
> is heavy load and causing random rcu stall issue. Hence I added
> another API to schedule throttled txqs once for all. Also I did
> a cleanup in kick_airtime by traversing list only once. With these
> changes I don't see rcu stall issue. Please review and fold them as 
> well.
> 
Correction in patch. new API schedule kick_aitime tasklet not 
wake_txq_tasklet.

+void ieee80211_txq_schedule_throttled(struct ieee80211_hw *hw)
+{
+       struct ieee80211_local *local = hw_to_local(hw);
+
+       tasklet_schedule(&local->kick_airtime);
+}

-Rajkumar
Toke Høiland-Jørgensen Sept. 28, 2018, 9:58 a.m. UTC | #8 
Rajkumar Manoharan <rmanohar@codeaurora.org> writes:

> On 2018-09-28 00:51, Toke Høiland-Jørgensen wrote:
>> On 28 September 2018 07:29:03 CEST, Rajkumar Manoharan
>> <rmanohar@codeaurora.org> wrote:
>>> On 2018-09-26 17:09, Rajkumar Manoharan wrote:
>>>> On 2018-09-26 02:22, Toke Høiland-Jørgensen wrote:
>>>>> Rajkumar Manoharan <rmanohar@codeaurora.org> writes:
>>> 
>>>> :( Yeah... I got confused with attached soft lockup in ARM platform.
>>>> 
>>> Toke,
>>> 
>>> Cause for the soft lockup exposed in multi client scenario is due to
>>> mixed order of fq_lock and active_txqs_lock. In wake_tx_queue or
>>> push_pending
>>> case, driver acquires active_txq_lock first by schedule_start and
>>> followed by
>>> fq_lock in tx_dequeue. The same order should be maintained in sta
>>> cleanup.
>>> Below change fixed the issue.
>> 
>> Ah, great find! I'll fold this into the next version, thanks!
>> 
>
> One more thing. As I mentioned earlier, scheduling wake_txqs_tasklet
> is heavy load and causing random rcu stall issue. Hence I added
> another API to schedule throttled txqs once for all. Also I did
> a cleanup in kick_airtime by traversing list only once. With these
> changes I don't see rcu stall issue. Please review and fold them as 
> well.
>
> -Rajkumar
>
>
> single_iter - clean up kick_airtime
> sched_throttle - new API and separate tasklet for throttled txqs
> diff --git a/net/mac80211/util.c b/net/mac80211/util.c
> index 404c5e82e4ca..023bc81bd4a0 100644
> --- a/net/mac80211/util.c
> +++ b/net/mac80211/util.c
> @@ -242,13 +242,11 @@ EXPORT_SYMBOL(ieee80211_ctstoself_duration);
>  
>  static void __ieee80211_kick_airtime(struct ieee80211_local *local, int ac)
>  {
> -	bool seen_eligible = false;
>  	struct txq_info *txqi;
>  	struct sta_info *sta;
>  
>  	spin_lock_bh(&local->active_txq_lock[ac]);
>  
> - begin:
>  	if (list_empty(&local->active_txqs[ac]))
>  		goto out;
>  
> @@ -258,12 +256,12 @@ static void __ieee80211_kick_airtime(struct ieee80211_local *local, int ac)
>  
>  		sta = container_of(txqi->txq.sta, struct sta_info, sta);
>  
> -		if (sta->airtime[ac].deficit >= 0) {
> -			seen_eligible = true;
> -
> -			if (!test_and_clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE,
> -						&txqi->flags))
> +		if (test_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags)) {
> +			clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags);
> +			if (sta->airtime[ac].deficit < 0) {
> +				sta->airtime[ac].deficit += sta->airtime_weight;
>  				continue;
> +			}

This is going to break fairness; we only want to increase deficits when
all stations' deficits are negative. Hence the two loops. Did you see
any problems with those specifically?

-Toke
Rajkumar Manoharan Sept. 28, 2018, 10:19 a.m. UTC | #9 
On 2018-09-28 02:58, Toke Høiland-Jørgensen wrote:
> Rajkumar Manoharan <rmanohar@codeaurora.org> writes:
> 
>> On 2018-09-28 00:51, Toke Høiland-Jørgensen wrote:
>>> On 28 September 2018 07:29:03 CEST, Rajkumar Manoharan
>>> <rmanohar@codeaurora.org> wrote:
>>>> On 2018-09-26 17:09, Rajkumar Manoharan wrote:
>>>>> On 2018-09-26 02:22, Toke Høiland-Jørgensen wrote:
>>>>>> Rajkumar Manoharan <rmanohar@codeaurora.org> writes:
>>>> 
>>>>> :( Yeah... I got confused with attached soft lockup in ARM 
>>>>> platform.
>>>>> 
>>>> Toke,
>>>> 
>>>> Cause for the soft lockup exposed in multi client scenario is due to
>>>> mixed order of fq_lock and active_txqs_lock. In wake_tx_queue or
>>>> push_pending
>>>> case, driver acquires active_txq_lock first by schedule_start and
>>>> followed by
>>>> fq_lock in tx_dequeue. The same order should be maintained in sta
>>>> cleanup.
>>>> Below change fixed the issue.
>>> 
>>> Ah, great find! I'll fold this into the next version, thanks!
>>> 
>> 
>> One more thing. As I mentioned earlier, scheduling wake_txqs_tasklet
>> is heavy load and causing random rcu stall issue. Hence I added
>> another API to schedule throttled txqs once for all. Also I did
>> a cleanup in kick_airtime by traversing list only once. With these
>> changes I don't see rcu stall issue. Please review and fold them as
>> well.
>> 
>> -Rajkumar
>> 
>> 
>> single_iter - clean up kick_airtime
>> sched_throttle - new API and separate tasklet for throttled txqs
>> diff --git a/net/mac80211/util.c b/net/mac80211/util.c
>> index 404c5e82e4ca..023bc81bd4a0 100644
>> --- a/net/mac80211/util.c
>> +++ b/net/mac80211/util.c
>> @@ -242,13 +242,11 @@ EXPORT_SYMBOL(ieee80211_ctstoself_duration);
>> 
>>  static void __ieee80211_kick_airtime(struct ieee80211_local *local, 
>> int ac)
>>  {
>> -	bool seen_eligible = false;
>>  	struct txq_info *txqi;
>>  	struct sta_info *sta;
>> 
>>  	spin_lock_bh(&local->active_txq_lock[ac]);
>> 
>> - begin:
>>  	if (list_empty(&local->active_txqs[ac]))
>>  		goto out;
>> 
>> @@ -258,12 +256,12 @@ static void __ieee80211_kick_airtime(struct 
>> ieee80211_local *local, int ac)
>> 
>>  		sta = container_of(txqi->txq.sta, struct sta_info, sta);
>> 
>> -		if (sta->airtime[ac].deficit >= 0) {
>> -			seen_eligible = true;
>> -
>> -			if (!test_and_clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE,
>> -						&txqi->flags))
>> +		if (test_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags)) {
>> +			clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags);
>> +			if (sta->airtime[ac].deficit < 0) {
>> +				sta->airtime[ac].deficit += sta->airtime_weight;
>>  				continue;
>> +			}
> 
> This is going to break fairness; we only want to increase deficits when
> all stations' deficits are negative. Hence the two loops. Did you see
> any problems with those specifically?
> 

No. I didn't see any issue but the loop won't exit until one txq becomes 
positive.
Till then the lock won't be released. Hence I converged into single 
iteration.

-Rajkumar
Jonathan Morton Sept. 28, 2018, 10:35 a.m. UTC | #10 
> On 28 Sep, 2018, at 1:19 pm, Rajkumar Manoharan <rmanohar@codeaurora.org> wrote:
> 
>> This is going to break fairness; we only want to increase deficits when
>> all stations' deficits are negative. Hence the two loops. Did you see
>> any problems with those specifically?
> 
> No. I didn't see any issue but the loop won't exit until one txq becomes positive.
> Till then the lock won't be released. Hence I converged into single iteration.

The problem is that the fairness behaviour is changed when there are already positive txqs, but the first one happens to not be positive.  That's why there were two loops.

 - Jonathan Morton
Rajkumar Manoharan Sept. 28, 2018, 10:47 a.m. UTC | #11 
On 2018-09-28 03:35, Jonathan Morton wrote:
>> On 28 Sep, 2018, at 1:19 pm, Rajkumar Manoharan 
>> <rmanohar@codeaurora.org> wrote:
>> 
>>> This is going to break fairness; we only want to increase deficits 
>>> when
>>> all stations' deficits are negative. Hence the two loops. Did you see
>>> any problems with those specifically?
>> 
>> No. I didn't see any issue but the loop won't exit until one txq 
>> becomes positive.
>> Till then the lock won't be released. Hence I converged into single 
>> iteration.
> 
> The problem is that the fairness behaviour is changed when there are
> already positive txqs, but the first one happens to not be positive.
> That's why there were two loops.
> 
Yeah.. Understood. we can ignore the cleanup change.

-Rajkumar
Toke Høiland-Jørgensen Sept. 28, 2018, 11:02 a.m. UTC | #12 
On 28 September 2018 12:47:51 CEST, Rajkumar Manoharan <rmanohar@codeaurora.org> wrote:
>On 2018-09-28 03:35, Jonathan Morton wrote:
>>> On 28 Sep, 2018, at 1:19 pm, Rajkumar Manoharan 
>>> <rmanohar@codeaurora.org> wrote:
>>> 
>>>> This is going to break fairness; we only want to increase deficits 
>>>> when
>>>> all stations' deficits are negative. Hence the two loops. Did you
>see
>>>> any problems with those specifically?
>>> 
>>> No. I didn't see any issue but the loop won't exit until one txq 
>>> becomes positive.
>>> Till then the lock won't be released. Hence I converged into single 
>>> iteration.
>> 
>> The problem is that the fairness behaviour is changed when there are
>> already positive txqs, but the first one happens to not be positive.
>> That's why there were two loops.
>> 
>Yeah.. Understood. we can ignore the cleanup change.

Great! I'll fold in the rest, test it with ath9k and submit as a proper patch :)

-Toke
Rajkumar Manoharan Sept. 28, 2018, 7:51 p.m. UTC | #13 
On 2018-09-28 04:02, Toke Høiland-Jørgensen wrote:
> On 28 September 2018 12:47:51 CEST, Rajkumar Manoharan
> <rmanohar@codeaurora.org> wrote:
>> On 2018-09-28 03:35, Jonathan Morton wrote:
>>>> On 28 Sep, 2018, at 1:19 pm, Rajkumar Manoharan
>>>> <rmanohar@codeaurora.org> wrote:
>>>> 
>>>>> This is going to break fairness; we only want to increase deficits
>>>>> when
>>>>> all stations' deficits are negative. Hence the two loops. Did you
>> see
>>>>> any problems with those specifically?
>>>> 
>>>> No. I didn't see any issue but the loop won't exit until one txq
>>>> becomes positive.
>>>> Till then the lock won't be released. Hence I converged into single
>>>> iteration.
>>> 
>>> The problem is that the fairness behaviour is changed when there are
>>> already positive txqs, but the first one happens to not be positive.
>>> That's why there were two loops.
>>> 
>> Yeah.. Understood. we can ignore the cleanup change.
> 
> Great! I'll fold in the rest, test it with ath9k and submit as a proper 
> patch :)
> 
Thanks. I am seeing higher CPU load. Did you observe similar behavior 
with ath9k.

-Rajkumar
Rajkumar Manoharan Oct. 2, 2018, 6:58 a.m. UTC | #14 
> Great! I'll fold in the rest, test it with ath9k and submit as a proper 
> patch :)
> 
Toke,

I noticed a race condition b/w sta cleanup and kick_airtime tasklet. How 
do you
plan to exit kick_airtime gracefully during sta_cleanup?

-Rajkumar
Rajkumar Manoharan Oct. 2, 2018, 7:41 a.m. UTC | #15 
On 2018-10-01 23:58, Rajkumar Manoharan wrote:
>> Great! I'll fold in the rest, test it with ath9k and submit as a 
>> proper patch :)
>> 
> Toke,
> 
> I noticed a race condition b/w sta cleanup and kick_airtime tasklet. 
> How do you
> plan to exit kick_airtime gracefully during sta_cleanup?
> 
If kick_airtime tasklet is only used for adjusting deficit for all 
throttled txq,
then below rcu lock issue is not observed. I am testing with 50 clients 
and the
crash happens only during sta cleanup. Releasing active_txq_lock from 
tasklet is
yielding handle to txq_purge(). I am thinking of get rid of tasklet and 
handle
adjustment directly in API.


diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 0bb590928dd0..277dbf8e0a4b 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -261,14 +261,7 @@ static void __ieee80211_kick_airtime(struct 
ieee80211_local *local, int ac)

                 if (sta->airtime[ac].deficit >= 0) {
                         seen_eligible = true;
-
-                       if 
(!test_and_clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE,
-                                               &txqi->flags))
-                               continue;
-
-                       spin_unlock_bh(&local->active_txq_lock[ac]);
-                       drv_wake_tx_queue(local, txqi);
-                       spin_lock_bh(&local->active_txq_lock[ac]);
+                       clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, 
&txqi->flags);

-Rajkumar
root@OpenWrt:/# [  363.094702] INFO: rcu_preempt self-detected stall on CPU { 0}
  (t=2101 jiffies g=2679 c=2678 q=134)
[  363.102709] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.14.77 #9
[  363.104717] INFO: rcu_preempt detected stalls on CPUs/tasks: { 0} (detected b
y 1, t=2102 jiffies, g=2679, c=2678, q=134)
[  363.104723] Task dump for CPU 0:
[  363.104734] swapper/0       R running      0     0      0 0x00001002
[  363.104763] [<c020ec20>] (__schedule) from [<c0218304>] (arch_cpu_idle+0x38/0
x5c)
[  363.104852] [<c0218304>] (arch_cpu_idle) from [<ffffffff>] (0xffffffff)
[  363.143167] [<c021d9ac>] (unwind_backtrace) from [<c021aa40>] (show_stack+0x1
0/0x14)
[  363.150892] [<c021aa40>] (show_stack) from [<c03c59d4>] (dump_stack+0x80/0xa0
)
[  363.158099] [<c03c59d4>] (dump_stack) from [<c026e1dc>] (rcu_check_callbacks+
0x230/0x6a8)
[  363.166258] [<c026e1dc>] (rcu_check_callbacks) from [<c0238814>] (update_proc
ess_times+0x38/0x58)
[  363.175110] [<c0238814>] (update_process_times) from [<c0276780>] (tick_sched
_timer+0x44/0x74)
[  363.183702] [<c0276780>] (tick_sched_timer) from [<c024a828>] (__run_hrtimer+
0x50/0xc8)
[  363.191686] [<c024a828>] (__run_hrtimer) from [<c024aff8>] (hrtimer_interrupt
+0x130/0x27c)
[  363.199936] [<c024aff8>] (hrtimer_interrupt) from [<c05175ac>] (msm_timer_int
errupt+0x38/0x44)
[  363.208528] [<c05175ac>] (msm_timer_interrupt) from [<c0268a6c>] (handle_perc
pu_devid_irq+0x68/0x84)
[  363.217645] [<c0268a6c>] (handle_percpu_devid_irq) from [<c02653e0>] (generic
_handle_irq+0x20/0x30)
[  363.226671] [<c02653e0>] (generic_handle_irq) from [<c021803c>] (handle_IRQ+0
x68/0x90)
[  363.234567] [<c021803c>] (handle_IRQ) from [<c02084e0>] (gic_handle_irq+0x3c/
0x60)
[  363.242120] [<c02084e0>] (gic_handle_irq) from [<c02095c0>] (__irq_svc+0x40/0
x70)
[  363.249581] Exception stack(0xc085de68 to 0xc085deb0)
[  363.254616] de60:                   00000004 db7e50a0 0000009d 00000000 d8bb8
d18 d8bb8d00
[  363.262777] de80: d8bb8c20 00000002 00000030 00000018 db7e5000 00000006 00000
000 c085deb0
[  363.270935] dea0: bfb68c98 c020cae8 60000113 ffffffff
[  363.275977] [<c02095c0>] (__irq_svc) from [<c020cae8>] (_test_and_clear_bit+0
x0/0x48)
[  363.283850] [<c020cae8>] (_test_and_clear_bit) from [<bfb68c98>] (ieee80211_k
ick_airtime+0x88/0x188 [mac80211])
[  363.293963] [<bfb68c98>] (ieee80211_kick_airtime [mac80211]) from [<c02331ec>
] (tasklet_action+0x8c/0xec)
[  363.303406] [<c02331ec>] (tasklet_action) from [<c02327e4>] (__do_softirq+0x1
04/0x294)
Toke Høiland-Jørgensen Oct. 2, 2018, 8:22 a.m. UTC | #16 
Rajkumar Manoharan <rmanohar@codeaurora.org> writes:

>> Great! I'll fold in the rest, test it with ath9k and submit as a proper 
>> patch :)
>> 
> Toke,
>
> I noticed a race condition b/w sta cleanup and kick_airtime tasklet.
> How do you plan to exit kick_airtime gracefully during sta_cleanup?

Ah, right, there's a lot of stuff going on before we get to purge_txq.
Hmm, I guess we should either make sure we remove the station from
active_txqs earlier in the sta cleanup process, or maybe it'd enough to
just check the removed flag in the tasklet?

Does the below patch fix the issue?

-Toke


diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 9c889da48ef0..8fa3c09d041c 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -258,6 +258,9 @@ static void __ieee80211_kick_airtime(struct ieee80211_local *local, int ac)
 
 		sta = container_of(txqi->txq.sta, struct sta_info, sta);
 
+		if (sta->removed)
+			continue;
+
 		if (sta->airtime[ac].deficit >= 0) {
 			seen_eligible = true;
Rajkumar Manoharan Oct. 2, 2018, 4:33 p.m. UTC | #17 
On 2018-10-02 01:22, Toke Høiland-Jørgensen wrote:
> Rajkumar Manoharan <rmanohar@codeaurora.org> writes:
> 
>>> Great! I'll fold in the rest, test it with ath9k and submit as a 
>>> proper
>>> patch :)
>>> 
>> Toke,
>> 
>> I noticed a race condition b/w sta cleanup and kick_airtime tasklet.
>> How do you plan to exit kick_airtime gracefully during sta_cleanup?
> 
> Ah, right, there's a lot of stuff going on before we get to purge_txq.
> Hmm, I guess we should either make sure we remove the station from
> active_txqs earlier in the sta cleanup process, or maybe it'd enough to
> just check the removed flag in the tasklet?
> 
> Does the below patch fix the issue?
> 

No. Attaching backtrace. Any clue?

-Rajkumar
[  612.084685] INFO: rcu_preempt self-detected stall on CPU { 0}  (t=2101 jiffie
s g=3643 c=3642 q=107)
[  612.092689] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.14.77 #9
[  612.094702] INFO: rcu_preempt detected stalls on CPUs/tasks: { 0} (detected b
y 1, t=2102 jiffies, g=3643, c=3642, q=107)
[  612.094705] Task dump for CPU 0:
[  612.094716] swapper/0       R running      0     0      0 0x00001002
[  612.094745] [<c020ec20>] (__schedule) from [<c0218304>] (arch_cpu_idle+0x38/0
x5c)
[  612.094834] [<c0218304>] (arch_cpu_idle) from [<ffffffff>] (0xffffffff)
[  612.133149] [<c021d9ac>] (unwind_backtrace) from [<c021aa40>] (show_stack+0x1
0/0x14)
[  612.140874] [<c021aa40>] (show_stack) from [<c03c59d4>] (dump_stack+0x80/0xa0
)
[  612.148079] [<c03c59d4>] (dump_stack) from [<c026e1dc>] (rcu_check_callbacks+
0x230/0x6a8)
[  612.156239] [<c026e1dc>] (rcu_check_callbacks) from [<c0238814>] (update_proc
ess_times+0x38/0x58)
[  612.165092] [<c0238814>] (update_process_times) from [<c0276780>] (tick_sched
_timer+0x44/0x74)
[  612.173683] [<c0276780>] (tick_sched_timer) from [<c024a828>] (__run_hrtimer+
0x50/0xc8)
[  612.181668] [<c024a828>] (__run_hrtimer) from [<c024aff8>] (hrtimer_interrupt
+0x130/0x27c)
[  612.189917] [<c024aff8>] (hrtimer_interrupt) from [<c05175ac>] (msm_timer_int
errupt+0x38/0x44)
[  612.198510] [<c05175ac>] (msm_timer_interrupt) from [<c0268a6c>] (handle_perc
pu_devid_irq+0x68/0x84)
[  612.207625] [<c0268a6c>] (handle_percpu_devid_irq) from [<c02653e0>] (generic
_handle_irq+0x20/0x30)
[  612.216653] [<c02653e0>] (generic_handle_irq) from [<c021803c>] (handle_IRQ+0
x68/0x90)
[  612.224548] [<c021803c>] (handle_IRQ) from [<c02084e0>] (gic_handle_irq+0x3c/
0x60)
[  612.232101] [<c02084e0>] (gic_handle_irq) from [<c02095c0>] (__irq_svc+0x40/0
x70)
[  612.239562] Exception stack(0xc085de68 to 0xc085deb0)
[  612.244597] de60:                   00000000 d65490a0 00000000 00000010 d4d20
d18 d4d20d00
[  612.252758] de80: d4d20c20 00000002 00000030 00000018 d6549000 00000006 00000
000 c085deb0
[  612.260917] dea0: bf84bc94 c020cb24 60000113 ffffffff
[  612.265959] [<c02095c0>] (__irq_svc) from [<c020cb24>] (_test_and_clear_bit+0
x3c/0x48)
[  612.273915] [<c020cb24>] (_test_and_clear_bit) from [<bf84bc94>] (ieee80211_k
ick_airtime+0x90/0x1a8 [mac80211])
[  612.284028] [<bf84bc94>] (ieee80211_kick_airtime [mac80211]) from [<c02331ec>
] (tasklet_action+0x8c/0xec)
[  612.293474] [<c02331ec>] (tasklet_action) from [<c02327e4>] (__do_softirq+0x1
04/0x294)
[  612.301370] [<c02327e4>] (__do_softirq) from [<c0232c60>] (irq_exit+0x9c/0x11
c)
[  612.308663] [<c0232c60>] (irq_exit) from [<c0218040>] (handle_IRQ+0x6c/0x90)
[  612.315695] [<c0218040>] (handle_IRQ) from [<c02084e0>] (gic_handle_irq+0x3c/
0x60)
[  612.323244] [<c02084e0>] (gic_handle_irq) from [<c02095c0>] (__irq_svc+0x40/0
x70)
[  612.330706] Exception stack(0xc085df60 to 0xc085dfa8)
[  612.335744] df60: ffffffed 00000000 1d3c2000 c020a040 c085c000 c085c030 fffff
fff c08b3014
[  612.343903] df80: c08643c0 c08539c8 ddffcc80 c08b3010 c086d288 c085dfa8 c0218
300 c0218304
[  612.352061] dfa0: 60000013 ffffffff
[  612.355539] [<c02095c0>] (__irq_svc) from [<c0218304>] (arch_cpu_idle+0x38/0x
5c)
[  612.362918] [<c0218304>] (arch_cpu_idle) from [<c026534c>] (cpu_startup_entry
+0xa4/0x108)
[  612.371084] [<c026534c>] (cpu_startup_entry) from [<c0832af0>] (start_kernel+
0x358/0x3cc)
[  632.204687] BUG: soft lockup - CPU#1 stuck for 22s! [nmbd:1458]
[  632.209569] Modules linked in: ath10k_pci ath10k_core ath mac80211 cfg80211 c
ompat ecm iptable_nat nf_nat_pptp nf_nat_ipv4 nf_nat_amanda nf_conntrack_pptp nf
_conntrack_ipv6 nf_conntrack_ipv4 nf_conntrack_amanda xt_time xt_tcpudp xt_tcpms
s xt_string xt_statistic xt_state xt_recent xt_quota xt_policy xt_pkttype xt_phy
sdev xt_owner xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_hel
per xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_
comment xt_addrtype xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_DSCP xt_CT xt_CLASSIFY
 usbnet ts_kmp ts_fsm ts_bm r8152 pppoe ppp_mppe ppp_async nf_nat_tftp nf_nat_sn
mp_basic nf_nat_sip nf_nat_rtsp nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_f
tp nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_tftp nf_conntrack_snmp nf_conntrac
k_sip nf_conntrack_rtsp nf_conntrack_proto_gre nf_conntrack_irc nf_conntrack_h32
3 nf_conntrack_ftp nf_conntrack_broadcast l2tp_ppp iptable_raw iptable_mangle ip
table_filter ipt_ah ipt_REJECT ipt_MASQUERADE ipt_ECN ip_tables crc_ccitt arptab
le_filter arpt_mangle arp_tables sch_teql sch_tbf sch_sfq sch_red sch_prio sch_p
ie sch_htb sch_gred sch_fq sch_dsmark sch_codel em_text em_nbyte em_meta em_cmp
cls_basic act_police act_ipt act_connmark act_skbedit act_mirred em_u32 cls_u32
cls_tcindex cls_flow cls_route cls_fw sch_hfsc sch_ingress qca_nss_ipsec qca_nss
_cfi_ocf qca_nss_tunipip6 qca_nss_tun6rd qca_nss_ipsecmgr qca_nss_cfi_cryptoapi
qca_nss_qdisc qca_nss_macsec qca_nss_crypto_tool qca_nss_crypto qca_nss_pptp ppt
p pppox qca_nss_map_t qca_nss_lag_mgr qca_nss_l2tpv2 ppp_generic slhc qca_nss_gr
e hyfi_bridging nf_nat_proto_sctp nf_nat libcrc32c ledtrig_usbdev nf_conntrack_p
roto_sctp essedma ip6t_REJECT ip6table_raw ip6table_mangle ip6table_filter ip6_t
ables x_tables qca_mcs qca_85xx_sw msdos bonding ip6_gre ip_gre gre ifb nat46 si
t qca_nss_drv l2tp_netlink l2tp_core ipcomp6 xfrm6_tunnel xfrm6_mode_tunnel xfrm
6_mode_transport xfrm6_mode_beet esp6 ah6 ipcomp xfrm4_tunnel xfrm4_mode_tunnel
xfrm4_mode_transport xfrm4_mode_beet esp4 ah4 ip6_tunnel qca_nss_gmac tunnel6 tu
nnel4 ip_tunnel snd_pcm_oss snd_mixer_oss snd_rawmidi snd_seq_device qca_ssdk af
_key xfrm_user xfrm_ipcomp xfrm_algo vfat fat ntfs qrfs nf_conntrack nls_iso8859
_1 nls_cp437 shortcut_fe_drv aq_phy shortcut_fe_ipv6 shortcut_fe sha1_generic qc
rypto cryptosoft cryptodev ocf md5 hmac ecb des_generic cbc authenc usb_storage
leds_gpio bootconfig xhci_hcd dwc3 udc_core dwc3_qcom dwc3_ipq40xx phy_qcom_ssus
b phy_qcom_hsusb phy_qca_uniphy phy_qca_baldur sd_mod ahci_platform gpio_button_
hotplug button_hotplug input_core usbcore nls_base usb_common mii [last unloaded
: compat]
[  632.439690]
[  632.441168] CPU: 1 PID: 1458 Comm: nmbd Not tainted 3.14.77 #9
[  632.446985] task: dcf5dc80 ti: d5ce4000 task.ti: d5ce4000
[  632.452369] PC is at _raw_spin_lock_bh+0x48/0x5c
[  632.457012] LR is at ieee80211_tx_dequeue+0x6e8/0x8ec [mac80211]
[  632.462956] pc : [<c0211fb4>]    lr : [<bf846224>]    psr: 20000013
[  632.462956] sp : d5ce5b20  ip : d4314038  fp : 00000000
[  632.474412] r10: d4d20cb4  r9 : d4d20ca8  r8 : d4d20cac
[  632.479622] r7 : 00000000  r6 : d6d17a80  r5 : d6997478  r4 : d4d20c20
[  632.486132] r3 : 0000d769  r2 : 0000d76a  r1 : 00000000  r0 : d4d20d00
[  632.492644] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
[  632.499760] Control: 10c5787d  Table: 57c4c06a  DAC: 00000015
[  632.505490] CPU: 1 PID: 1458 Comm: nmbd Not tainted 3.14.77 #9
[  632.511317] [<c021d9ac>] (unwind_backtrace) from [<c021aa40>] (show_stack+0x1
0/0x14)
[  632.519040] [<c021aa40>] (show_stack) from [<c03c59d4>] (dump_stack+0x80/0xa0
)
[  632.526250] [<c03c59d4>] (dump_stack) from [<c028269c>] (watchdog_timer_fn+0x
10c/0x160)
[  632.534231] [<c028269c>] (watchdog_timer_fn) from [<c024a828>] (__run_hrtimer
+0x50/0xc8)
[  632.542301] [<c024a828>] (__run_hrtimer) from [<c024aff8>] (hrtimer_interrupt
+0x130/0x27c)
[  632.550550] [<c024aff8>] (hrtimer_interrupt) from [<c05175ac>] (msm_timer_int
errupt+0x38/0x44)
[  632.559143] [<c05175ac>] (msm_timer_interrupt) from [<c0268a6c>] (handle_perc
pu_devid_irq+0x68/0x84)
[  632.568259] [<c0268a6c>] (handle_percpu_devid_irq) from [<c02653e0>] (generic
_handle_irq+0x20/0x30)
[  632.577287] [<c02653e0>] (generic_handle_irq) from [<c021803c>] (handle_IRQ+0
x68/0x90)
[  632.585184] [<c021803c>] (handle_IRQ) from [<c02084e0>] (gic_handle_irq+0x3c/
0x60)
[  632.592734] [<c02084e0>] (gic_handle_irq) from [<c02095c0>] (__irq_svc+0x40/0
x70)
[  632.600193] Exception stack(0xd5ce5ad8 to 0xd5ce5b20)
[  632.605231] 5ac0:                                                       d4d20
d00 00000000
[  632.613392] 5ae0: 0000d76a 0000d769 d4d20c20 d6997478 d6d17a80 00000000 d4d20
cac d4d20ca8
[  632.621552] 5b00: d4d20cb4 00000000 d4314038 d5ce5b20 bf846224 c0211fb4 20000
013 ffffffff
[  632.629715] [<c02095c0>] (__irq_svc) from [<c0211fb4>] (_raw_spin_lock_bh+0x4
8/0x5c)
[  632.637487] [<c0211fb4>] (_raw_spin_lock_bh) from [<bf846224>] (ieee80211_tx_
dequeue+0x6e8/0x8ec [mac80211])
[  632.647339] [<bf846224>] (ieee80211_tx_dequeue [mac80211]) from [<bf846350>]
(ieee80211_tx_dequeue+0x814/0x8ec [mac80211])
[  632.658361] [<bf846350>] (ieee80211_tx_dequeue [mac80211]) from [<bf848c28>]
(ieee80211_subif_8023_start_xmit+0x314/0x35c [mac80211])
[  632.670302] [<bf848c28>] (ieee80211_subif_8023_start_xmit [mac80211]) from [<
c059bf40>] (dev_hard_start_xmit+0x320/0x454)
[  632.681192] [<c059bf40>] (dev_hard_start_xmit) from [<c059c3ec>] (__dev_queue
_xmit+0x378/0x454)
[  632.689877] [<c059c3ec>] (__dev_queue_xmit) from [<c0655eb8>] (br_dev_queue_p
ush_xmit+0xbc/0xc4)
[  632.698640] [<c0655eb8>] (br_dev_queue_push_xmit) from [<c0655df4>] (deliver_
clone+0x40/0x48)
[  632.707145] [<c0655df4>] (deliver_clone) from [<c06561e8>] (maybe_deliver+0x5
c/0x6c)
[  632.714870] [<c06561e8>] (maybe_deliver) from [<c0656284>] (br_flood+0x8c/0xf
c)
[  632.722162] [<c0656284>] (br_flood) from [<c06563e8>] (br_flood_deliver+0x18/
0x24)
[  632.729716] [<c06563e8>] (br_flood_deliver) from [<c06543c0>] (br_dev_xmit+0x
2a8/0x2c4)
[  632.737702] [<c06543c0>] (br_dev_xmit) from [<c059bf40>] (dev_hard_start_xmit
+0x320/0x454)
[  632.745947] [<c059bf40>] (dev_hard_start_xmit) from [<c059c3ec>] (__dev_queue
_xmit+0x378/0x454)
[  632.754635] [<c059c3ec>] (__dev_queue_xmit) from [<c05c9ef8>] (ip_finish_outp
ut+0x434/0x4a4)
[  632.763054] [<c05c9ef8>] (ip_finish_output) from [<c05cbdfc>] (ip_send_skb+0x
10/0x98)
[  632.770865] [<c05cbdfc>] (ip_send_skb) from [<c05ebe44>] (udp_send_skb+0x184/
0x234)
[  632.778503] [<c05ebe44>] (udp_send_skb) from [<c05ed464>] (udp_sendmsg+0x6bc/
0x6e4)
[  632.786143] [<c05ed464>] (udp_sendmsg) from [<c0584420>] (sock_sendmsg+0x70/0
x84)
[  632.793607] [<c0584420>] (sock_sendmsg) from [<c05867a4>] (SyS_sendto+0xe4/0x
128)
[  632.801070] [<c05867a4>] (SyS_sendto) from [<c0208c80>] (ret_fast_syscall+0x0
/0x44)
[  636.124678] BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0]
[  636.129726] Modules linked in: ath10k_pci ath10k_core ath mac80211 cfg80211 c
ompat ecm iptable_nat nf_nat_pptp nf_nat_ipv4 nf_nat_amanda nf_conntrack_pptp nf
_conntrack_ipv6 nf_conntrack_ipv4 nf_conntrack_amanda xt_time xt_tcpudp xt_tcpms
s xt_string xt_statistic xt_state xt_recent xt_quota xt_policy xt_pkttype xt_phy
sdev xt_owner xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_hel
per xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_
comment xt_addrtype xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_DSCP xt_CT xt_CLASSIFY
 usbnet ts_kmp ts_fsm ts_bm r8152 pppoe ppp_mppe ppp_async nf_nat_tftp nf_nat_sn
mp_basic nf_nat_sip nf_nat_rtsp nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_f
tp nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_tftp nf_conntrack_snmp nf_conntrac
k_sip nf_conntrack_rtsp nf_conntrack_proto_gre nf_conntrack_irc nf_conntrack_h32
3 nf_conntrack_ftp nf_conntrack_broadcast l2tp_ppp iptable_raw iptable_mangle ip
table_filter ipt_ah ipt_REJECT ipt_MASQUERADE ipt_ECN ip_tables crc_ccitt arptab
le_filter arpt_mangle arp_tables sch_teql sch_tbf sch_sfq sch_red sch_prio sch_p
ie sch_htb sch_gred sch_fq sch_dsmark sch_codel em_text em_nbyte em_meta em_cmp
cls_basic act_police act_ipt act_connmark act_skbedit act_mirred em_u32 cls_u32
cls_tcindex cls_flow cls_route cls_fw sch_hfsc sch_ingress qca_nss_ipsec qca_nss
_cfi_ocf qca_nss_tunipip6 qca_nss_tun6rd qca_nss_ipsecmgr qca_nss_cfi_cryptoapi
qca_nss_qdisc qca_nss_macsec qca_nss_crypto_tool qca_nss_crypto qca_nss_pptp ppt
p pppox qca_nss_map_t qca_nss_lag_mgr qca_nss_l2tpv2 ppp_generic slhc qca_nss_gr
e hyfi_bridging nf_nat_proto_sctp nf_nat libcrc32c ledtrig_usbdev nf_conntrack_p
roto_sctp essedma ip6t_REJECT ip6table_raw ip6table_mangle ip6table_filter ip6_t
ables x_tables qca_mcs qca_85xx_sw msdos bonding ip6_gre ip_gre gre ifb nat46 si
t qca_nss_drv l2tp_netlink l2tp_core ipcomp6 xfrm6_tunnel xfrm6_mode_tunnel xfrm
6_mode_transport xfrm6_mode_beet esp6 ah6 ipcomp xfrm4_tunnel xfrm4_mode_tunnel
xfrm4_mode_transport xfrm4_mode_beet esp4 ah4 ip6_tunnel qca_nss_gmac tunnel6 tu
nnel4 ip_tunnel snd_pcm_oss snd_mixer_oss snd_rawmidi snd_seq_device qca_ssdk af
_key xfrm_user xfrm_ipcomp xfrm_algo vfat fat ntfs qrfs nf_conntrack nls_iso8859
_1 nls_cp437 shortcut_fe_drv aq_phy shortcut_fe_ipv6 shortcut_fe sha1_generic qc
rypto cryptosoft cryptodev ocf md5 hmac ecb des_generic cbc authenc usb_storage
leds_gpio bootconfig xhci_hcd dwc3 udc_core dwc3_qcom dwc3_ipq40xx phy_qcom_ssus
b phy_qcom_hsusb phy_qca_uniphy phy_qca_baldur sd_mod ahci_platform gpio_button_
hotplug button_hotplug input_core usbcore nls_base usb_common mii [last unloaded
: compat]
[  636.359847]
[  636.361324] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.14.77 #9
[  636.367314] task: c0868750 ti: c085c000 task.ti: c085c000
[  636.372723] PC is at ieee80211_kick_airtime+0x7c/0x1a8 [mac80211]
[  636.378798] LR is at ieee80211_kick_airtime+0x90/0x1a8 [mac80211]
[  636.384848] pc : [<bf84bc80>]    lr : [<bf84bc94>]    psr: 20000113
[  636.384848] sp : c085deb0  ip : 00000000  fp : 00000006
[  636.396306] r10: d6549000  r9 : 00000018  r8 : 00000030
[  636.401514] r7 : 00000002  r6 : d4d20c20  r5 : d4d20d00  r4 : d4d20d18
[  636.408025] r3 : 00000000  r2 : 000000b9  r1 : 00000001  r0 : 00000000
[  636.414536] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kern
el
[  636.421827] Control: 10c5787d  Table: 586cc06a  DAC: 00000015
[  636.427557] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.14.77 #9
[  636.433552] [<c021d9ac>] (unwind_backtrace) from [<c021aa40>] (show_stack+0x1
0/0x14)
[  636.441276] [<c021aa40>] (show_stack) from [<c03c59d4>] (dump_stack+0x80/0xa0
)
[  636.448482] [<c03c59d4>] (dump_stack) from [<c028269c>] (watchdog_timer_fn+0x
10c/0x160)
[  636.456468] [<c028269c>] (watchdog_timer_fn) from [<c024a828>] (__run_hrtimer
+0x50/0xc8)
[  636.464539] [<c024a828>] (__run_hrtimer) from [<c024aff8>] (hrtimer_interrupt
+0x130/0x27c)
[  636.472787] [<c024aff8>] (hrtimer_interrupt) from [<c05175ac>] (msm_timer_int
errupt+0x38/0x44)
[  636.481380] [<c05175ac>] (msm_timer_interrupt) from [<c0268a6c>] (handle_perc
pu_devid_irq+0x68/0x84)
[  636.490495] [<c0268a6c>] (handle_percpu_devid_irq) from [<c02653e0>] (generic
_handle_irq+0x20/0x30)
[  636.499524] [<c02653e0>] (generic_handle_irq) from [<c021803c>] (handle_IRQ+0
x68/0x90)
[  636.507422] [<c021803c>] (handle_IRQ) from [<c02084e0>] (gic_handle_irq+0x3c/
0x60)
[  636.514972] [<c02084e0>] (gic_handle_irq) from [<c02095c0>] (__irq_svc+0x40/0
x70)
[  636.522436] Exception stack(0xc085de68 to 0xc085deb0)
[  636.527471] de60:                   00000000 00000001 000000b9 00000000 d4d20
d18 d4d20d00
[  636.535631] de80: d4d20c20 00000002 00000030 00000018 d6549000 00000006 00000
000 c085deb0
[  636.543791] dea0: bf84bc94 bf84bc80 20000113 ffffffff
[  636.548854] [<c02095c0>] (__irq_svc) from [<bf84bc80>] (ieee80211_kick_airtim
e+0x7c/0x1a8 [mac80211])
[  636.558056] [<bf84bc80>] (ieee80211_kick_airtime [mac80211]) from [<c02331ec>
] (tasklet_action+0x8c/0xec)
[  636.567578] [<c02331ec>] (tasklet_action) from [<c02327e4>] (__do_softirq+0x1
04/0x294)
[  636.575477] [<c02327e4>] (__do_softirq) from [<c0232c60>] (irq_exit+0x9c/0x11
c)
[  636.582770] [<c0232c60>] (irq_exit) from [<c0218040>] (handle_IRQ+0x6c/0x90)
[  636.589800] [<c0218040>] (handle_IRQ) from [<c02084e0>] (gic_handle_irq+0x3c/
0x60)
[  636.597351] [<c02084e0>] (gic_handle_irq) from [<c02095c0>] (__irq_svc+0x40/0
x70)
[  636.604813] Exception stack(0xc085df60 to 0xc085dfa8)
[  636.609851] df60: ffffffed 00000000 1d3c2000 c020a040 c085c000 c085c030 fffff
fff c08b3014
[  636.618009] df80: c08643c0 c08539c8 ddffcc80 c08b3010 c086d288 c085dfa8 c0218
300 c0218304
[  636.626167] dfa0: 60000013 ffffffff
[  636.629644] [<c02095c0>] (__irq_svc) from [<c0218304>] (arch_cpu_idle+0x38/0x
5c)
[  636.637024] [<c0218304>] (arch_cpu_idle) from [<c026534c>] (cpu_startup_entry
+0xa4/0x108)
[  636.645184] [<c026534c>] (cpu_startup_entry) from [<c0832af0>] (start_kernel+
0x358/0x3cc)
Toke Høiland-Jørgensen Oct. 2, 2018, 7 p.m. UTC | #18 
Rajkumar Manoharan <rmanohar@codeaurora.org> writes:

> On 2018-10-02 01:22, Toke Høiland-Jørgensen wrote:
>> Rajkumar Manoharan <rmanohar@codeaurora.org> writes:
>> 
>>>> Great! I'll fold in the rest, test it with ath9k and submit as a 
>>>> proper
>>>> patch :)
>>>> 
>>> Toke,
>>> 
>>> I noticed a race condition b/w sta cleanup and kick_airtime tasklet.
>>> How do you plan to exit kick_airtime gracefully during sta_cleanup?
>> 
>> Ah, right, there's a lot of stuff going on before we get to purge_txq.
>> Hmm, I guess we should either make sure we remove the station from
>> active_txqs earlier in the sta cleanup process, or maybe it'd enough to
>> just check the removed flag in the tasklet?
>> 
>> Does the below patch fix the issue?
>> 
>
> No. Attaching backtrace. Any clue?

Ah, that's my bad. Just having a 'continue' there can make the function
loop forever. Oops. Try something like this instead?

-Toke


diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index eb77cf588d69..b30a4fac1d60 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -258,6 +258,9 @@ static void __ieee80211_kick_airtime(struct ieee80211_local *local, int ac)
 
 		sta = container_of(txqi->txq.sta, struct sta_info, sta);
 
+		if (sta->removed)
+			goto out_reschedule;
+
 		if (sta->airtime[ac].deficit >= 0) {
 			seen_eligible = true;
 
@@ -288,7 +291,13 @@ static void __ieee80211_kick_airtime(struct ieee80211_local *local, int ac)
 	}
  out:
 	rcu_read_unlock();
 	spin_unlock_bh(&local->active_txq_lock[ac]);
+	return;
+
+ out_reschedule:
+	rcu_read_unlock();
+	spin_unlock_bh(&local->active_txq_lock[ac]);
+	tasklet_schedule(&local->airtime_tasklet);
 }
 
 void ieee80211_kick_airtime(unsigned long data)
Rajkumar Manoharan Oct. 2, 2018, 11:07 p.m. UTC | #19 
On 2018-10-02 12:00, Toke Høiland-Jørgensen wrote:
> Rajkumar Manoharan <rmanohar@codeaurora.org> writes:
>> I noticed a race condition b/w sta cleanup and kick_airtime tasklet.
>>>> How do you plan to exit kick_airtime gracefully during sta_cleanup?
>>> 
>>> Ah, right, there's a lot of stuff going on before we get to 
>>> purge_txq.
>>> Hmm, I guess we should either make sure we remove the station from
>>> active_txqs earlier in the sta cleanup process, or maybe it'd enough 
>>> to
>>> just check the removed flag in the tasklet?
>>> 
>>> Does the below patch fix the issue?
>>> 
>> 
>> No. Attaching backtrace. Any clue?
> 
> Ah, that's my bad. Just having a 'continue' there can make the function
> loop forever. Oops. Try something like this instead?
> 

But 'continue' also used in other places. Will give a try but I think 
that
calling drv_wake_tx_queue within iteration is dangerous as it alters the 
list. no?

-Rajkumar
Rajkumar Manoharan Oct. 3, 2018, 5:53 a.m. UTC | #20 
On 2018-10-02 16:07, Rajkumar Manoharan wrote:
> On 2018-10-02 12:00, Toke Høiland-Jørgensen wrote:
>> Rajkumar Manoharan <rmanohar@codeaurora.org> writes:
>>> I noticed a race condition b/w sta cleanup and kick_airtime tasklet.
>>>>> How do you plan to exit kick_airtime gracefully during sta_cleanup?
>>>> 
>>>> Ah, right, there's a lot of stuff going on before we get to 
>>>> purge_txq.
>>>> Hmm, I guess we should either make sure we remove the station from
>>>> active_txqs earlier in the sta cleanup process, or maybe it'd enough 
>>>> to
>>>> just check the removed flag in the tasklet?
>>>> 
>>>> Does the below patch fix the issue?
>>>> 
>>> 
>>> No. Attaching backtrace. Any clue?
>> 
>> Ah, that's my bad. Just having a 'continue' there can make the 
>> function
>> loop forever. Oops. Try something like this instead?
>> 
> 
> But 'continue' also used in other places. Will give a try but I think 
> that
> calling drv_wake_tx_queue within iteration is dangerous as it alters
> the list. no?
> 
How about below change? Just schedule first txq and remaining will be
scheduled later by driver upon tx-compl.

diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 0bb590928dd0..2dbfd1d8eb5f 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -242,6 +242,7 @@ EXPORT_SYMBOL(ieee80211_ctstoself_duration);

  static void __ieee80211_kick_airtime(struct ieee80211_local *local, int 
ac)
  {
+       struct ieee80211_txq *txq;
         bool seen_eligible = false;
         struct txq_info *txqi;
         struct sta_info *sta;
@@ -261,14 +262,7 @@ static void __ieee80211_kick_airtime(struct 
ieee80211_local *local, int ac)

                 if (sta->airtime[ac].deficit >= 0) {
                         seen_eligible = true;
-
-                       if 
(!test_and_clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE,
-                                               &txqi->flags))
-                               continue;
-
-                       spin_unlock_bh(&local->active_txq_lock[ac]);
-                       drv_wake_tx_queue(local, txqi);
-                       spin_lock_bh(&local->active_txq_lock[ac]);
+                       clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, 
&txqi->flags);
                 }
         }

@@ -289,8 +283,10 @@ static void __ieee80211_kick_airtime(struct 
ieee80211_local *local, int ac)
         }
   out:
         rcu_read_unlock();
+       txq = ieee80211_next_txq(&local->hw, ac);
         spin_unlock_bh(&local->active_txq_lock[ac]);
-
+       if (txq)
+               drv_wake_tx_queue(local, to_txq_info(txq));
  }

-Rajkumar
Rajkumar Manoharan Oct. 3, 2018, 6:27 a.m. UTC | #21 
On 2018-10-02 22:53, Rajkumar Manoharan wrote:

Shouldn't have to call next_txq(). It should be as below.
Anyway drv_wake_tx_queue is just an indication to driver and
driver will always dequeue first node from list.

diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 2dbfd1d8eb5f..74ac0b19cd54 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -242,7 +242,7 @@ EXPORT_SYMBOL(ieee80211_ctstoself_duration);

  static void __ieee80211_kick_airtime(struct ieee80211_local *local, int 
ac)
  {
-       struct ieee80211_txq *txq;
+       struct ieee80211_txq *txq = NULL;
         bool seen_eligible = false;
         struct txq_info *txqi;
         struct sta_info *sta;
@@ -263,6 +263,7 @@ static void __ieee80211_kick_airtime(struct 
ieee80211_local *local, int ac)
                 if (sta->airtime[ac].deficit >= 0) {
                         seen_eligible = true;
                         clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, 
&txqi->flags);
+                       txq = &txqi->txq;
                 }
         }

@@ -283,7 +284,6 @@ static void __ieee80211_kick_airtime(struct 
ieee80211_local *local, int ac)
         }
   out:
         rcu_read_unlock();
-       txq = ieee80211_next_txq(&local->hw, ac);
         spin_unlock_bh(&local->active_txq_lock[ac]);

-Rajkumar
Toke Høiland-Jørgensen Oct. 3, 2018, 8:41 a.m. UTC | #22 
Rajkumar Manoharan <rmanohar@codeaurora.org> writes:

> On 2018-10-02 16:07, Rajkumar Manoharan wrote:
>> On 2018-10-02 12:00, Toke Høiland-Jørgensen wrote:
>>> Rajkumar Manoharan <rmanohar@codeaurora.org> writes:
>>>> I noticed a race condition b/w sta cleanup and kick_airtime tasklet.
>>>>>> How do you plan to exit kick_airtime gracefully during sta_cleanup?
>>>>> 
>>>>> Ah, right, there's a lot of stuff going on before we get to 
>>>>> purge_txq.
>>>>> Hmm, I guess we should either make sure we remove the station from
>>>>> active_txqs earlier in the sta cleanup process, or maybe it'd enough 
>>>>> to
>>>>> just check the removed flag in the tasklet?
>>>>> 
>>>>> Does the below patch fix the issue?
>>>>> 
>>>> 
>>>> No. Attaching backtrace. Any clue?
>>> 
>>> Ah, that's my bad. Just having a 'continue' there can make the 
>>> function
>>> loop forever. Oops. Try something like this instead?
>>> 
>> 
>> But 'continue' also used in other places. Will give a try but I think 
>> that
>> calling drv_wake_tx_queue within iteration is dangerous as it alters
>> the list. no?
>> 
> How about below change? Just schedule first txq and remaining will be
> scheduled later by driver upon tx-compl.

Your mail client seems to be mangling the patch somewhat, but I think I
see what your intention is. And yeah, just waking a single TXQ and
letting TX-completion do the rest is a good idea; will fold that into
the next version :)

-Toke
diff mbox series

Patch

diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 5ca1484cba58..1e3ee0a2667b 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -5350,6 +5350,34 @@  void ieee80211_sta_eosp(struct ieee80211_sta *pubsta);
  */
 void ieee80211_send_eosp_nullfunc(struct ieee80211_sta *pubsta, int tid);
 
+/**
+ * ieee80211_sta_register_airtime - register airtime usage for a sta/tid
+ *
+ * Register airtime usage for a given sta on a given tid. The driver can call
+ * this function to notify mac80211 that a station used a certain amount of
+ * airtime. This information will be used by the TXQ scheduler to schedule
+ * stations in a way that ensures airtime fairness.
+ *
+ * The reported airtime should as a minimum include all time that is spent
+ * transmitting to the remote station, including overhead and padding, but not
+ * including time spent waiting for a TXOP. If the time is not reported by the
+ * hardware it can in some cases be calculated from the rate and known frame
+ * composition. When possible, the time should include any failed transmission
+ * attempts.
+ *
+ * The driver can either call this function synchronously for every packet or
+ * aggregate, or asynchronously as airtime usage information becomes available.
+ * TX and RX airtime can be reported together, or separately by setting one of
+ * them to 0.
+ *
+ * @pubsta: the station
+ * @tid: the TID to register airtime for
+ * @tx_airtime: airtime used during TX (in usec)
+ * @rx_airtime: airtime used during RX (in usec)
+ */
+void ieee80211_sta_register_airtime(struct ieee80211_sta *pubsta, u8 tid,
+				    u32 tx_airtime, u32 rx_airtime);
+
 /**
  * ieee80211_iter_keys - iterate keys programmed into the device
  * @hw: pointer obtained from ieee80211_alloc_hw()
@@ -6106,6 +6134,30 @@  void ieee80211_txq_schedule_start(struct ieee80211_hw *hw, u8 ac);
  */
 void ieee80211_txq_schedule_end(struct ieee80211_hw *hw, u8 ac);
 
+/**
+ * ieee80211_txq_may_transmit - check whether TXQ is allowed to transmit
+ *
+ * This function is used to check whether given txq is allowed to transmit by
+ * the airtime scheduler, and can be used by drivers to access the airtime
+ * fairness accounting without going using the scheduling order enfored by
+ * next_txq().
+ *
+ * Returns %true if the airtime scheduler thinks the TXQ should be allowed to
+ * transmit, and %false if it should be throttled. This function can also have
+ * the side effect of rotating the TXQ in the scheduler rotation, which will
+ * eventually bring the deficit to positive and allow the station to transmit
+ * again. If a TXQ is throttled, it will be marked and eventually woken up again
+ * through drv_wake_tx_queue().
+ *
+ * If this function returns %true, the driver is expected to schedule packets
+ * for transmission, and then return the TXQ through ieee80211_return_txq().
+ *
+ * @hw: pointer as obtained from ieee80211_alloc_hw()
+ * @txq: pointer obtained from station or virtual interface
+ */
+bool ieee80211_txq_may_transmit(struct ieee80211_hw *hw,
+				struct ieee80211_txq *txq);
+
 /**
  * ieee80211_txq_get_depth - get pending frame/byte count of given txq
  *
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 504627e2117f..c640d3ee5f04 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1388,6 +1388,9 @@  static int sta_apply_parameters(struct ieee80211_local *local,
 	if (ieee80211_vif_is_mesh(&sdata->vif))
 		sta_apply_mesh_params(local, sta, params);
 
+	if (params->airtime_weight)
+		sta->airtime_weight = params->airtime_weight;
+
 	/* set the STA state after all sta info from usermode has been set */
 	if (test_sta_flag(sta, WLAN_STA_TDLS_PEER) ||
 	    set & BIT(NL80211_STA_FLAG_ASSOCIATED)) {
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index 3fe541e358f3..81c5fec2eae7 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -383,6 +383,9 @@  void debugfs_hw_add(struct ieee80211_local *local)
 	if (local->ops->wake_tx_queue)
 		DEBUGFS_ADD_MODE(aqm, 0600);
 
+	debugfs_create_u16("airtime_flags", 0600,
+			   phyd, &local->airtime_flags);
+
 	statsd = debugfs_create_dir("statistics", phyd);
 
 	/* if the dir failed, don't put all the other things into the root! */
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index af5185a836e5..29e4641cfff9 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -181,9 +181,10 @@  static ssize_t sta_aqm_read(struct file *file, char __user *userbuf,
 			       txqi->tin.tx_bytes,
 			       txqi->tin.tx_packets,
 			       txqi->flags,
-			       txqi->flags & (1<<IEEE80211_TXQ_STOP) ? "STOP" : "RUN",
-			       txqi->flags & (1<<IEEE80211_TXQ_AMPDU) ? " AMPDU" : "",
-			       txqi->flags & (1<<IEEE80211_TXQ_NO_AMSDU) ? " NO-AMSDU" : "");
+			       test_bit(IEEE80211_TXQ_STOP, &txqi->flags) ? "STOP" :
+ 			         test_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags) ? "THROTTLE" : "RUN",
+			       test_bit(IEEE80211_TXQ_AMPDU, &txqi->flags) ? " AMPDU" : "",
+			       test_bit(IEEE80211_TXQ_NO_AMSDU, &txqi->flags) ? " NO-AMSDU" : "");
 	}
 
 	rcu_read_unlock();
@@ -195,6 +196,46 @@  static ssize_t sta_aqm_read(struct file *file, char __user *userbuf,
 }
 STA_OPS(aqm);
 
+static ssize_t sta_airtime_read(struct file *file, char __user *userbuf,
+				size_t count, loff_t *ppos)
+{
+	struct sta_info *sta = file->private_data;
+	struct ieee80211_local *local = sta->sdata->local;
+	size_t bufsz = 200;
+	char *buf = kzalloc(bufsz, GFP_KERNEL), *p = buf;
+	u64 rx_airtime = 0, tx_airtime = 0;
+	s64 deficit[IEEE80211_NUM_ACS];
+	ssize_t rv;
+	int ac;
+
+	if (!buf)
+		return -ENOMEM;
+
+	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
+		spin_lock_bh(&local->active_txq_lock[ac]);
+		rx_airtime += sta->airtime[ac].rx_airtime;
+		tx_airtime += sta->airtime[ac].tx_airtime;
+		deficit[ac] = sta->airtime[ac].deficit;
+		spin_unlock_bh(&local->active_txq_lock[ac]);
+	}
+
+	p += scnprintf(p, bufsz + buf - p,
+		"RX: %llu us\nTX: %llu us\nWeight: %u\n"
+		"Deficit: VO: %lld us VI: %lld us BE: %lld us BK: %lld us\n",
+		rx_airtime,
+		tx_airtime,
+		sta->airtime_weight,
+		deficit[0],
+		deficit[1],
+		deficit[2],
+		deficit[3]);
+
+	rv = simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
+	kfree(buf);
+	return rv;
+}
+STA_OPS(airtime);
+
 static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf,
 					size_t count, loff_t *ppos)
 {
@@ -906,6 +947,10 @@  void ieee80211_sta_debugfs_add(struct sta_info *sta)
 	if (local->ops->wake_tx_queue)
 		DEBUGFS_ADD(aqm);
 
+	if (wiphy_ext_feature_isset(local->hw.wiphy,
+				    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
+		DEBUGFS_ADD(airtime);
+
 	if (sizeof(sta->driver_buffered_tids) == sizeof(u32))
 		debugfs_create_x32("driver_buffered_tids", 0400,
 				   sta->debugfs_dir,
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 976531717902..206f248e82fe 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -819,6 +819,7 @@  enum txq_info_flags {
 	IEEE80211_TXQ_AMPDU,
 	IEEE80211_TXQ_NO_AMSDU,
 	IEEE80211_TXQ_STOP_NETIF_TX,
+	IEEE80211_TXQ_AIRTIME_THROTTLE,
 };
 
 /**
@@ -1136,6 +1137,8 @@  struct ieee80211_local {
 	struct list_head active_txqs[IEEE80211_NUM_ACS];
 	u16 schedule_round[IEEE80211_NUM_ACS];
 
+	u16 airtime_flags;
+
 	const struct ieee80211_ops *ops;
 
 	/*
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index d9315de90b48..f8d0a196fbe8 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -667,6 +667,7 @@  struct ieee80211_hw *ieee80211_alloc_hw_nm(size_t priv_data_len,
 		INIT_LIST_HEAD(&local->active_txqs[i]);
 		spin_lock_init(&local->active_txq_lock[i]);
 	}
+	local->airtime_flags = AIRTIME_USE_TX | AIRTIME_USE_RX;
 
 	INIT_LIST_HEAD(&local->chanctx_list);
 	mutex_init(&local->chanctx_mtx);
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index c2f5cb7df54f..6da407364279 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -387,9 +387,12 @@  struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
 	if (sta_prepare_rate_control(local, sta, gfp))
 		goto free_txq;
 
+	sta->airtime_weight = IEEE80211_DEFAULT_AIRTIME_WEIGHT;
+
 	for (i = 0; i < IEEE80211_NUM_ACS; i++) {
 		skb_queue_head_init(&sta->ps_tx_buf[i]);
 		skb_queue_head_init(&sta->tx_filtered[i]);
+		sta->airtime[i].deficit = sta->airtime_weight;
 	}
 
 	for (i = 0; i < IEEE80211_NUM_TIDS; i++)
@@ -1826,6 +1829,35 @@  void ieee80211_sta_set_buffered(struct ieee80211_sta *pubsta,
 }
 EXPORT_SYMBOL(ieee80211_sta_set_buffered);
 
+void ieee80211_sta_register_airtime(struct ieee80211_sta *pubsta, u8 tid,
+				    u32 tx_airtime, u32 rx_airtime)
+{
+	struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
+	struct ieee80211_local *local = sta->sdata->local;
+	struct txq_info *txqi;
+	u8 ac = ieee80211_ac_from_tid(tid);
+	u32 airtime = 0;
+
+	if (sta->local->airtime_flags & AIRTIME_USE_TX)
+		airtime += tx_airtime;
+	if (sta->local->airtime_flags & AIRTIME_USE_RX)
+		airtime += rx_airtime;
+
+	spin_lock_bh(&local->active_txq_lock[ac]);
+	sta->airtime[ac].tx_airtime += tx_airtime;
+	sta->airtime[ac].rx_airtime += rx_airtime;
+	sta->airtime[ac].deficit -= airtime;
+
+	if (sta->airtime[ac].deficit < 0) {
+		txqi = to_txq_info(pubsta->txq[tid]);
+		if (list_empty(&txqi->schedule_order))
+			list_add_tail(&txqi->schedule_order,
+				      &local->active_txqs[ac]);
+	}
+	spin_unlock_bh(&local->active_txq_lock[ac]);
+}
+EXPORT_SYMBOL(ieee80211_sta_register_airtime);
+
 int sta_info_move_state(struct sta_info *sta,
 			enum ieee80211_sta_state new_state)
 {
@@ -2188,6 +2220,23 @@  void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo,
 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
 	}
 
+	if (!(sinfo->filled & BIT(NL80211_STA_INFO_RX_DURATION))) {
+		for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
+			sinfo->rx_duration += sta->airtime[ac].rx_airtime;
+		sinfo->filled |= BIT(NL80211_STA_INFO_RX_DURATION);
+	}
+
+	if (!(sinfo->filled & BIT(NL80211_STA_INFO_TX_DURATION))) {
+		for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
+			sinfo->tx_duration += sta->airtime[ac].tx_airtime;
+		sinfo->filled |= BIT(NL80211_STA_INFO_TX_DURATION);
+	}
+
+	if (!(sinfo->filled & BIT(NL80211_STA_INFO_AIRTIME_WEIGHT))) {
+		sinfo->airtime_weight = sta->airtime_weight;
+		sinfo->filled |= BIT(NL80211_STA_INFO_AIRTIME_WEIGHT);
+	}
+
 	sinfo->rx_dropped_misc = sta->rx_stats.dropped;
 	if (sta->pcpu_rx_stats) {
 		for_each_possible_cpu(cpu) {
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index 9a04327d71d1..b1b0fd6a2e21 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -127,6 +127,16 @@  enum ieee80211_agg_stop_reason {
 	AGG_STOP_DESTROY_STA,
 };
 
+/* Debugfs flags to enable/disable use of RX/TX airtime in scheduler */
+#define AIRTIME_USE_TX		BIT(0)
+#define AIRTIME_USE_RX		BIT(1)
+
+struct airtime_info {
+	u64 rx_airtime;
+	u64 tx_airtime;
+	s64 deficit;
+};
+
 struct sta_info;
 
 /**
@@ -563,6 +573,9 @@  struct sta_info {
 	} tx_stats;
 	u16 tid_seq[IEEE80211_QOS_CTL_TID_MASK + 1];
 
+	struct airtime_info airtime[IEEE80211_NUM_ACS];
+	u16 airtime_weight;
+
 	/*
 	 * Aggregation information, locked with lock.
 	 */
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 9a6d7208bf4f..664379797c46 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -821,6 +821,12 @@  static void __ieee80211_tx_status(struct ieee80211_hw *hw,
 			ieee80211_sta_tx_notify(sta->sdata, (void *) skb->data,
 						acked, info->status.tx_time);
 
+		if (info->status.tx_time &&
+		    wiphy_ext_feature_isset(local->hw.wiphy,
+					    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
+			ieee80211_sta_register_airtime(&sta->sta, tid,
+						       info->status.tx_time, 0);
+
 		if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
 			if (info->flags & IEEE80211_TX_STAT_ACK) {
 				if (sta->status_stats.lost_packets)
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 1e071121cb44..7e383b992bdb 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3634,11 +3634,27 @@  struct ieee80211_txq *ieee80211_next_txq(struct ieee80211_hw *hw, u8 ac)
 
 	lockdep_assert_held(&local->active_txq_lock[ac]);
 
+ begin:
 	txqi = list_first_entry_or_null(&local->active_txqs[ac],
 					struct txq_info,
 					schedule_order);
+	if (!txqi)
+		return NULL;
+
+	if (txqi->txq.sta) {
+		struct sta_info *sta = container_of(txqi->txq.sta,
+						struct sta_info, sta);
+
+		if (sta->airtime[txqi->txq.ac].deficit < 0) {
+			sta->airtime[txqi->txq.ac].deficit += sta->airtime_weight;
+			list_move_tail(&txqi->schedule_order,
+				       &local->active_txqs[txqi->txq.ac]);
+			goto begin;
+		}
+	}
+
 
-	if (!txqi || txqi->schedule_round == local->schedule_round[ac])
+	if (txqi->schedule_round == local->schedule_round[ac])
 		return NULL;
 
 	list_del_init(&txqi->schedule_order);
@@ -3656,13 +3672,71 @@  void ieee80211_return_txq(struct ieee80211_hw *hw,
 	lockdep_assert_held(&local->active_txq_lock[txq->ac]);
 
 	if (list_empty(&txqi->schedule_order) &&
-	    (!skb_queue_empty(&txqi->frags) || txqi->tin.backlog_packets))
-		list_add_tail(&txqi->schedule_order,
-			      &local->active_txqs[txq->ac]);
+	    (!skb_queue_empty(&txqi->frags) || txqi->tin.backlog_packets)) {
+		/* If airtime accounting is active, always enqueue STAs at the
+		 * head of the list to ensure that they only get moved to the
+		 * back by the airtime DRR scheduler once they have a negative
+		 * deficit. A station that already has a negative deficit will
+		 * get immediately moved to the back of the list on the next
+		 * call to ieee80211_next_txq().
+		 */
+		if (wiphy_ext_feature_isset(local->hw.wiphy,
+					    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS)
+		    && txqi->txq.sta)
+			list_add(&txqi->schedule_order,
+				 &local->active_txqs[txq->ac]);
+		else
+			list_add_tail(&txqi->schedule_order,
+				      &local->active_txqs[txq->ac]);
+	}
 
 }
 EXPORT_SYMBOL(ieee80211_return_txq);
 
+bool ieee80211_txq_may_transmit(struct ieee80211_hw *hw,
+				struct ieee80211_txq *txq)
+{
+	struct ieee80211_local *local = hw_to_local(hw);
+	struct txq_info *txqi = to_txq_info(txq);
+	struct sta_info *sta;
+	bool ret = false;
+
+	lockdep_assert_held(&local->active_txq_lock[txqi->txq.ac]);
+
+	if (!txqi->txq.sta) {
+		ret = true;
+		goto out;
+	}
+
+	sta = container_of(txqi->txq.sta, struct sta_info, sta);
+	if (sta->airtime[txqi->txq.ac].deficit >= 0) {
+		ret = true;
+		goto out;
+	}
+
+	/* Not currently eligible, but if the txq is first in the scheduler
+	 * queue, increase deficit and rotate queues so it may be eligible
+	 * next time.
+	 */
+	if (txqi == list_first_entry(&local->active_txqs[txqi->txq.ac],
+				     struct txq_info,
+				     schedule_order)) {
+		sta->airtime[txqi->txq.ac].deficit += sta->airtime_weight;
+		list_move_tail(&txqi->schedule_order,
+			       &local->active_txqs[txqi->txq.ac]);
+	}
+
+ out:
+	if (ret) {
+		clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags);
+		list_del_init(&txqi->schedule_order);
+	} else
+		set_bit(IEEE80211_TXQ_AIRTIME_THROTTLE, &txqi->flags);
+
+	return ret;
+}
+EXPORT_SYMBOL(ieee80211_txq_may_transmit);
+
 void ieee80211_txq_schedule_start(struct ieee80211_hw *hw, u8 ac)
 {
 	struct ieee80211_local *local = hw_to_local(hw);
@@ -3677,6 +3751,7 @@  void ieee80211_txq_schedule_end(struct ieee80211_hw *hw, u8 ac)
 	struct ieee80211_local *local = hw_to_local(hw);
 
 	spin_unlock_bh(&local->active_txq_lock[ac]);
+	tasklet_schedule(&local->wake_txqs_tasklet);
 }
 EXPORT_SYMBOL(ieee80211_txq_schedule_end);
 
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 36a3c2ada515..9c889da48ef0 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -240,6 +240,57 @@  __le16 ieee80211_ctstoself_duration(struct ieee80211_hw *hw,
 }
 EXPORT_SYMBOL(ieee80211_ctstoself_duration);
 
+static void __ieee80211_kick_airtime(struct ieee80211_local *local, int ac)
+{
+	bool seen_eligible = false;
+	struct txq_info *txqi;
+	struct sta_info *sta;
+
+	spin_lock_bh(&local->active_txq_lock[ac]);
+
+ begin:
+	if (list_empty(&local->active_txqs[ac]))
+		goto out;
+
+	list_for_each_entry(txqi, &local->active_txqs[ac], schedule_order) {
+		if (!txqi->txq.sta)
+			continue;
+
+		sta = container_of(txqi->txq.sta, struct sta_info, sta);
+
+		if (sta->airtime[ac].deficit >= 0) {
+			seen_eligible = true;
+
+			if (!test_and_clear_bit(IEEE80211_TXQ_AIRTIME_THROTTLE,
+						&txqi->flags))
+				continue;
+
+			spin_unlock_bh(&local->active_txq_lock[ac]);
+			drv_wake_tx_queue(local, txqi);
+			spin_lock_bh(&local->active_txq_lock[ac]);
+		}
+	}
+
+	/* No active queues have positive deficit, which means TX is stuck;
+	 * increase all deficits to get things unstuck.
+	 */
+	if (!seen_eligible) {
+		list_for_each_entry(txqi, &local->active_txqs[ac], schedule_order) {
+			if (!txqi->txq.sta)
+				continue;
+
+			sta = container_of(txqi->txq.sta, struct sta_info, sta);
+
+			sta->airtime[ac].deficit += sta->airtime_weight;
+		}
+
+		goto begin;
+	}
+ out:
+	spin_unlock_bh(&local->active_txq_lock[ac]);
+
+}
+
 static void __ieee80211_wake_txqs(struct ieee80211_sub_if_data *sdata, int ac)
 {
 	struct ieee80211_local *local = sdata->local;
@@ -250,6 +301,10 @@  static void __ieee80211_wake_txqs(struct ieee80211_sub_if_data *sdata, int ac)
 	struct sta_info *sta;
 	int i;
 
+	if (wiphy_ext_feature_isset(local->hw.wiphy,
+				    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
+	    __ieee80211_kick_airtime(local, ac);
+
 	spin_lock_bh(&fq->lock);
 
 	if (sdata->vif.type == NL80211_IFTYPE_AP)