Commit 499fe9a4 authored by Daniel Halperin's avatar Daniel Halperin Committed by John W. Linville

mac80211: fix aggregation frame release during timeout

Suppose the aggregation reorder buffer looks like this:


where x and y are frames that have not been received, T is a received
frame that has timed out, and R1,R2 are received frames that have not
yet timed out. The proper behavior in this scenario is to move the
window past x (skipping it), release T and R1, and leave the window at y
until y is received or R2 times out.

As written, this code will instead leave the window at R1, because it
has not yet timed out. Fix this by exiting the reorder loop only when
the frame that has not timed out AND there are skipped frames earlier in
the current valid window.
Signed-off-by: default avatarDaniel Halperin <>
Signed-off-by: default avatarJohn W. Linville <>
parent 2b78ac9b
......@@ -612,7 +612,8 @@ static void ieee80211_sta_reorder_release(struct ieee80211_hw *hw,
if (!time_after(jiffies, tid_agg_rx->reorder_time[j] +
if (skipped &&
!time_after(jiffies, tid_agg_rx->reorder_time[j] +
goto set_release_timer;
