Re: [PATCH 07/11] mac80211: fix race in TX aggregation

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Luis R. Rodriguez" <lrodriguez@atheros.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: John Linville <linville@tuxdriver.com>,
	"linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>
Subject: Re: [PATCH 07/11] mac80211: fix race in TX aggregation
Date: Fri, 6 Feb 2009 11:13:22 -0800	[thread overview]
Message-ID: <20090206191322.GB5031@tesla> (raw)
In-Reply-To: <20090205161133.193146777@sipsolutions.net>

On Thu, Feb 05, 2009 at 08:07:45AM -0800, Johannes Berg wrote:
> When disabling TX aggregation because it was rejected or from
> the timer (it was not accepted), there is a window where we
> first set the state to operation, unlock, and then undo the
> whole thing. Avoid that by splitting up the stop function.
> Also get rid of the pointless sta_info indirection in the timer.
> 
> Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
> ---
>  net/mac80211/agg-tx.c |   95 +++++++++++++++++++++++++-------------------------
>  1 file changed, 48 insertions(+), 47 deletions(-)
> 
> --- wireless-testing.orig/net/mac80211/agg-tx.c 2009-01-29 02:03:28.000000000 +0100
> +++ wireless-testing/net/mac80211/agg-tx.c      2009-01-29 02:03:30.000000000 +0100
> @@ -123,6 +123,34 @@ void ieee80211_send_bar(struct ieee80211
>         ieee80211_tx_skb(sdata, skb, 0);
>  }
> 
> +static int __ieee80211_stop_tx_ba_session(struct ieee80211_local *local,
> +                                         struct sta_info *sta, u16 tid,
> +                                         enum ieee80211_back_parties initiator)
> +{
> +       int ret;
> +       u8 *state;
> +
> +       state = &sta->ampdu_mlme.tid_state_tx[tid];
> +
> +       if (local->hw.ampdu_queues)
> +               ieee80211_stop_queue(&local->hw, sta->tid_to_tx_q[tid]);
> +
> +       *state = HT_AGG_STATE_REQ_STOP_BA_MSK |
> +               (initiator << HT_AGG_STATE_INITIATOR_SHIFT);
> +
> +       ret = local->ops->ampdu_action(&local->hw, IEEE80211_AMPDU_TX_STOP,
> +                                      &sta->sta, tid, NULL);
> +
> +       /* HW shall not deny going back to legacy */
> +       if (WARN_ON(ret)) {
> +               *state = HT_AGG_STATE_OPERATIONAL;
> +               if (local->hw.ampdu_queues)
> +                       ieee80211_wake_queue(&local->hw, sta->tid_to_tx_q[tid]);
> +       }
> +
> +       return ret;
> +}
> +
>  /*
>   * After sending add Block Ack request we activated a timer until
>   * add Block Ack response will arrive from the recipient.
> @@ -135,23 +163,13 @@ static void sta_addba_resp_timer_expired
>          * flow in sta_info_create gives the TID as data, while the timer_to_id
>          * array gives the sta through container_of */
>         u16 tid = *(u8 *)data;
> -       struct sta_info *temp_sta = container_of((void *)data,
> +       struct sta_info *sta = container_of((void *)data,
>                 struct sta_info, timer_to_tid[tid]);
> -
> -       struct ieee80211_local *local = temp_sta->local;
> -       struct ieee80211_hw *hw = &local->hw;
> -       struct sta_info *sta;
> +       struct ieee80211_local *local = sta->local;
>         u8 *state;
> 
> -       rcu_read_lock();
> -
> -       sta = sta_info_get(local, temp_sta->sta.addr);
> -       if (!sta) {
> -               rcu_read_unlock();
> -               return;
> -       }
> -
>         state = &sta->ampdu_mlme.tid_state_tx[tid];
> +
>         /* check if the TID waits for addBA response */
>         spin_lock_bh(&sta->lock);
>         if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
> @@ -161,21 +179,15 @@ static void sta_addba_resp_timer_expired
>                 printk(KERN_DEBUG "timer expired on tid %d but we are not "
>                                 "expecting addBA response there", tid);
>  #endif
> -               goto timer_expired_exit;
> +               return;
>         }
> 
>  #ifdef CONFIG_MAC80211_HT_DEBUG
>         printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid);
>  #endif
> 
> -       /* go through the state check in stop_BA_session */
> -       *state = HT_AGG_STATE_OPERATIONAL;
> +       __ieee80211_stop_tx_ba_session(local, sta, tid, WLAN_BACK_INITIATOR);
>         spin_unlock_bh(&sta->lock);
> -       ieee80211_stop_tx_ba_session(hw, temp_sta->sta.addr, tid,
> -                                    WLAN_BACK_INITIATOR);
> -
> -timer_expired_exit:
> -       rcu_read_unlock();
>  }

Do we not need the sta under rcu lock on the sta_addba_resp_timer_expired()?
With this patch wouldn't we have a race between passing this to
__ieee80211_stop_tx_ba_session() and it being removed using sta_info_destroy()?

  Luis

next prev parent reply	other threads:[~2009-02-06 19:14 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-02-05 16:07 [PATCH 00/11] mac80211 aggregation cleanups/fixes Johannes Berg
2009-02-05 16:07 ` [PATCH 01/11] mac80211: remove stray aggregation debugfs definition Johannes Berg
2009-02-05 16:07 ` [PATCH 02/11] mac80211: fix RX aggregation timeouts Johannes Berg
2009-02-05 16:07 ` [PATCH 03/11] mac80211: restructure HT code Johannes Berg
2009-02-05 16:07 ` [PATCH 04/11] mac80211: restrict aggregation to supported interface modes Johannes Berg
2009-02-05 16:07 ` [PATCH 05/11] mac80211: hardware should not deny going back to legacy Johannes Berg
2009-02-05 16:07 ` [PATCH 06/11] mac80211: document TX aggregation (and small cleanup) Johannes Berg
2009-02-05 16:07 ` [PATCH 07/11] mac80211: fix race in TX aggregation Johannes Berg
2009-02-06 19:13   ` Luis R. Rodriguez [this message]
2009-02-06 20:37     ` Johannes Berg
2009-02-05 16:07 ` [PATCH 08/11] mac80211: fix aggregation timer lockups Johannes Berg
2009-02-05 16:07 ` [PATCH 09/11] mac80211: clean up BA session teardown Johannes Berg
2009-02-05 16:07 ` [PATCH 10/11] mac80211: RX aggregation: clean up stop session Johannes Berg
2009-02-05 16:07 ` [PATCH 11/11] mac80211: further cleanups to stopping BA sessions Johannes Berg
2009-02-06 22:32 ` [PATCH 00/11] mac80211 aggregation cleanups/fixes Luis R. Rodriguez

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090206191322.GB5031@tesla \
    --to=lrodriguez@atheros.com \
    --cc=johannes@sipsolutions.net \
    --cc=linux-wireless@vger.kernel.org \
    --cc=linville@tuxdriver.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).