From: Johannes Berg <johannes@sipsolutions.net>
To: John Linville <linville@tuxdriver.com>
Cc: linux-wireless@vger.kernel.org
Subject: [PATCH 14/27] mac80211: fix race in TX aggregation
Date: Tue, 10 Feb 2009 21:25:50 +0100 [thread overview]
Message-ID: <20090210202555.183721397@sipsolutions.net> (raw)
In-Reply-To: 20090210202536.425266119@sipsolutions.net
When disabling TX aggregation because it was rejected or from
the timer (it was not accepted), there is a window where we
first set the state to operation, unlock, and then undo the
whole thing. Avoid that by splitting up the stop function.
Also get rid of the pointless sta_info indirection in the timer.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
---
net/mac80211/agg-tx.c | 95 +++++++++++++++++++++++++-------------------------
1 file changed, 48 insertions(+), 47 deletions(-)
--- wireless-testing.orig/net/mac80211/agg-tx.c 2009-02-10 20:59:33.000000000 +0100
+++ wireless-testing/net/mac80211/agg-tx.c 2009-02-10 20:59:34.000000000 +0100
@@ -123,6 +123,34 @@ void ieee80211_send_bar(struct ieee80211
ieee80211_tx_skb(sdata, skb, 0);
}
+static int __ieee80211_stop_tx_ba_session(struct ieee80211_local *local,
+ struct sta_info *sta, u16 tid,
+ enum ieee80211_back_parties initiator)
+{
+ int ret;
+ u8 *state;
+
+ state = &sta->ampdu_mlme.tid_state_tx[tid];
+
+ if (local->hw.ampdu_queues)
+ ieee80211_stop_queue(&local->hw, sta->tid_to_tx_q[tid]);
+
+ *state = HT_AGG_STATE_REQ_STOP_BA_MSK |
+ (initiator << HT_AGG_STATE_INITIATOR_SHIFT);
+
+ ret = local->ops->ampdu_action(&local->hw, IEEE80211_AMPDU_TX_STOP,
+ &sta->sta, tid, NULL);
+
+ /* HW shall not deny going back to legacy */
+ if (WARN_ON(ret)) {
+ *state = HT_AGG_STATE_OPERATIONAL;
+ if (local->hw.ampdu_queues)
+ ieee80211_wake_queue(&local->hw, sta->tid_to_tx_q[tid]);
+ }
+
+ return ret;
+}
+
/*
* After sending add Block Ack request we activated a timer until
* add Block Ack response will arrive from the recipient.
@@ -135,23 +163,13 @@ static void sta_addba_resp_timer_expired
* flow in sta_info_create gives the TID as data, while the timer_to_id
* array gives the sta through container_of */
u16 tid = *(u8 *)data;
- struct sta_info *temp_sta = container_of((void *)data,
+ struct sta_info *sta = container_of((void *)data,
struct sta_info, timer_to_tid[tid]);
-
- struct ieee80211_local *local = temp_sta->local;
- struct ieee80211_hw *hw = &local->hw;
- struct sta_info *sta;
+ struct ieee80211_local *local = sta->local;
u8 *state;
- rcu_read_lock();
-
- sta = sta_info_get(local, temp_sta->sta.addr);
- if (!sta) {
- rcu_read_unlock();
- return;
- }
-
state = &sta->ampdu_mlme.tid_state_tx[tid];
+
/* check if the TID waits for addBA response */
spin_lock_bh(&sta->lock);
if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
@@ -161,21 +179,15 @@ static void sta_addba_resp_timer_expired
printk(KERN_DEBUG "timer expired on tid %d but we are not "
"expecting addBA response there", tid);
#endif
- goto timer_expired_exit;
+ return;
}
#ifdef CONFIG_MAC80211_HT_DEBUG
printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid);
#endif
- /* go through the state check in stop_BA_session */
- *state = HT_AGG_STATE_OPERATIONAL;
+ __ieee80211_stop_tx_ba_session(local, sta, tid, WLAN_BACK_INITIATOR);
spin_unlock_bh(&sta->lock);
- ieee80211_stop_tx_ba_session(hw, temp_sta->sta.addr, tid,
- WLAN_BACK_INITIATOR);
-
-timer_expired_exit:
- rcu_read_unlock();
}
int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
@@ -187,6 +199,9 @@ int ieee80211_start_tx_ba_session(struct
u8 *state;
int ret = 0;
+ if (WARN_ON(!local->ops->ampdu_action))
+ return -EINVAL;
+
if ((tid >= STA_TID_NUM) || !(hw->flags & IEEE80211_HW_AMPDU_AGGREGATION))
return -EINVAL;
@@ -280,9 +295,8 @@ int ieee80211_start_tx_ba_session(struct
/* This is slightly racy because the queue isn't stopped */
start_seq_num = sta->tid_seq[tid];
- if (local->ops->ampdu_action)
- ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_TX_START,
- &sta->sta, tid, &start_seq_num);
+ ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_TX_START,
+ &sta->sta, tid, &start_seq_num);
if (ret) {
/* No need to requeue the packets in the agg queue, since we
@@ -423,6 +437,9 @@ int ieee80211_stop_tx_ba_session(struct
u8 *state;
int ret = 0;
+ if (WARN_ON(!local->ops->ampdu_action))
+ return -EINVAL;
+
if (tid >= STA_TID_NUM)
return -EINVAL;
@@ -439,7 +456,7 @@ int ieee80211_stop_tx_ba_session(struct
if (*state != HT_AGG_STATE_OPERATIONAL) {
ret = -ENOENT;
- goto stop_BA_exit;
+ goto unlock;
}
#ifdef CONFIG_MAC80211_HT_DEBUG
@@ -447,27 +464,13 @@ int ieee80211_stop_tx_ba_session(struct
ra, tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */
- if (hw->ampdu_queues)
- ieee80211_stop_queue(hw, sta->tid_to_tx_q[tid]);
-
- *state = HT_AGG_STATE_REQ_STOP_BA_MSK |
- (initiator << HT_AGG_STATE_INITIATOR_SHIFT);
+ ret = __ieee80211_stop_tx_ba_session(local, sta, tid, initiator);
- if (local->ops->ampdu_action)
- ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_TX_STOP,
- &sta->sta, tid, NULL);
-
- /* HW shall not deny going back to legacy */
- if (WARN_ON(ret)) {
- *state = HT_AGG_STATE_OPERATIONAL;
- if (hw->ampdu_queues)
- ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]);
- goto stop_BA_exit;
- }
-
-stop_BA_exit:
+ unlock:
spin_unlock_bh(&sta->lock);
+
rcu_read_unlock();
+
return ret;
}
EXPORT_SYMBOL(ieee80211_stop_tx_ba_session);
@@ -623,10 +626,8 @@ void ieee80211_process_addba_resp(struct
spin_unlock_bh(&sta->lock);
} else {
sta->ampdu_mlme.addba_req_num[tid]++;
- /* this will allow the state check in stop_BA_session */
- *state = HT_AGG_STATE_OPERATIONAL;
+ __ieee80211_stop_tx_ba_session(local, sta, tid,
+ WLAN_BACK_INITIATOR);
spin_unlock_bh(&sta->lock);
- ieee80211_stop_tx_ba_session(hw, sta->sta.addr, tid,
- WLAN_BACK_INITIATOR);
}
}
--
next prev parent reply other threads:[~2009-02-10 20:37 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-10 20:25 [PATCH 00/27] mac80211 updates Johannes Berg
2009-02-10 20:25 ` [PATCH 01/27] zd1211rw: do not ratelimit no-ops Johannes Berg
2009-02-10 20:25 ` [PATCH 02/27] mac80211: disable IBSS beacon before join Johannes Berg
2009-02-10 20:25 ` [PATCH 03/27] zd1211rw: honour enable_beacon conf Johannes Berg
2009-02-10 20:25 ` [PATCH 04/27] mac80211: properly validate/translate IW_AUTH_MFP values Johannes Berg
2009-02-10 20:25 ` [PATCH 05/27] mac80211: reject extra IEs for probe request when hw_scan Johannes Berg
2009-02-10 20:25 ` [PATCH 06/27] mac80211: fix beacon enable more Johannes Berg
2009-02-10 20:25 ` [PATCH 07/27] mac80211: remove bssid argument from prepare_for_handlers Johannes Berg
2009-02-10 20:25 ` [PATCH 08/27] mac80211: remove stray aggregation debugfs definition Johannes Berg
2009-02-10 20:25 ` [PATCH 09/27] mac80211: fix RX aggregation timeouts Johannes Berg
2009-02-10 20:25 ` [PATCH 10/27] mac80211: restructure HT code Johannes Berg
2009-02-10 20:25 ` [PATCH 11/27] mac80211: restrict aggregation to supported interface modes Johannes Berg
2009-02-10 20:25 ` [PATCH 12/27] mac80211: hardware should not deny going back to legacy Johannes Berg
2009-02-10 20:25 ` [PATCH 13/27] mac80211: document TX aggregation (and small cleanup) Johannes Berg
2009-02-10 20:25 ` Johannes Berg [this message]
2009-02-10 20:25 ` [PATCH 15/27] mac80211: fix aggregation timer lockups Johannes Berg
2009-02-10 20:25 ` [PATCH 16/27] mac80211: clean up BA session teardown Johannes Berg
2009-02-10 20:25 ` [PATCH 17/27] mac80211: RX aggregation: clean up stop session Johannes Berg
2009-02-10 20:25 ` [PATCH 18/27] mac80211: further cleanups to stopping BA sessions Johannes Berg
2009-02-10 20:25 ` [PATCH 19/27] cfg80211/nl80211: scanning (and mac80211 update to use it) Johannes Berg
2009-02-10 20:25 ` [PATCH 20/27] mac80211: dont add BSS when creating IBSS Johannes Berg
2009-02-10 20:25 ` [PATCH 21/27] cfg80211: free_priv for BSS info Johannes Berg
2009-02-10 20:25 ` [PATCH 22/27] cfg80211: allow users to request removing a BSS Johannes Berg
2009-02-10 20:25 ` [PATCH 23/27] cfg80211: add more flexible BSS lookup Johannes Berg
2009-02-10 20:26 ` [PATCH 24/27] mac80211: use cfg80211s BSS infrastructure Johannes Berg
2009-02-10 20:26 ` [PATCH 25/27] mac80211: calculate wstats_flags on the fly Johannes Berg
2009-02-10 20:26 ` [PATCH 26/27] mac80211: fix IBSS auth Johannes Berg
2009-02-10 20:26 ` [PATCH 27/27] mac80211: split managed/ibss code a little more Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090210202555.183721397@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).