From: Nikolay Martynov <mar.kolya@gmail.com>
To: linville@tuxdriver.com
Cc: linux-wireless@vger.kernel.org, Nikolay Martynov <mar.kolya@gmail.com>
Subject: [PATCH] mac80211: fix race condition caused by late addBA resp
Date: Sun, 27 Nov 2011 02:23:41 -0500 [thread overview]
Message-ID: <1322378621-14647-2-git-send-email-mar.kolya@gmail.com> (raw)
In-Reply-To: <1322378621-14647-1-git-send-email-mar.kolya@gmail.com>
Currently if addBA respones comes in just after addba_resp_timer has
expired we still accept addBA response and (try to) open agg
session. This patch fixes this race condition and makes sure that if
addba_resp_timer has expired addBA response is not longer accepted and
we do not try to open half-closed session.
Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
---
net/mac80211/agg-tx.c | 19 +++++++++++++++++--
1 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 39d72cc..683effe 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -746,6 +746,23 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local,
if (!tid_tx)
goto out;
+ del_timer_sync(&tid_tx->addba_resp_timer);
+
+ /*
+ * Test that we are not stopping agg session now.
+ * Since addba_resp_timer may have just finished we need to
+ * check HT_AGG_STATE_STOPPING too.
+ */
+ if (test_bit(HT_AGG_STATE_WANT_STOP, &tid_tx->state)
+ || test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) {
+#ifdef CONFIG_MAC80211_HT_DEBUG
+ printk(KERN_DEBUG "got addBA resp for tid %d but we are not "
+ "(or no longer) expecting expecting it\n",
+ tid);
+#endif
+ goto out;
+ }
+
if (mgmt->u.action.u.addba_resp.dialog_token != tid_tx->dialog_token) {
#ifdef CONFIG_MAC80211_HT_DEBUG
printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid);
@@ -753,8 +770,6 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local,
goto out;
}
- del_timer(&tid_tx->addba_resp_timer);
-
#ifdef CONFIG_MAC80211_HT_DEBUG
printk(KERN_DEBUG "switched off addBA timer for tid %d\n", tid);
#endif
--
1.7.4.1
next prev parent reply other threads:[~2011-11-27 7:23 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-27 7:23 [PATCH] mac80211: fix race condition caused by late addBA resp Nikolay Martynov
2011-11-27 7:23 ` Nikolay Martynov [this message]
2011-11-27 9:38 ` Johannes Berg
2011-11-27 10:42 ` Emmanuel Grumbach
2011-11-27 15:43 ` Nikolay Martynov
2011-11-27 11:50 ` [PATCH v2] mac80211: fix race condition caused by late addBA response Johannes Berg
2011-11-27 11:53 ` [PATCH v3] " Johannes Berg
2011-11-27 16:12 ` Nikolay Martynov
2011-11-27 16:55 ` Johannes Berg
2011-11-28 6:35 ` Emmanuel Grumbach
2011-11-28 8:16 ` Johannes Berg
2011-11-28 12:34 ` Emmanuel Grumbach
2011-11-28 13:18 ` Johannes Berg
2011-11-28 14:21 ` Nikolay Martynov
2011-11-28 8:18 ` [PATCH v4] " Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1322378621-14647-2-git-send-email-mar.kolya@gmail.com \
--to=mar.kolya@gmail.com \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).