[PATCH] mac80211: Remove race condition in sending null frame to check AP status

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] mac80211: Remove race condition in sending null frame to check AP status
@ 2012-05-14  8:25 Soumik DAS
  2012-05-14 14:32 ` Johannes Berg
  0 siblings, 1 reply; 5+ messages in thread
From: Soumik DAS @ 2012-05-14  8:25 UTC (permalink / raw)
  To: John Linville (linville@tuxdriver.com)
  Cc: linux-wireless (linux-wireless@vger.kernel.org),
	Johannes Berg (johannes@sipsolutions.net),
	Kalle Valo (kvalo@adurom.com)

mac80211 tries to verify the existence of the current AP by probing or sending a NULL frame in function ieee80211_mgd_probe_ap_send. It 1st sends a null frame to the AP, increments probe_send_count and
waits for the ACK to the NULL frame for a finite duration of time. At times, it happens that by the time
mac80211 gets to increment probe_send_count, the ACK for the NULL frame transmitted has already
been processed. This leads to a race condition where mac80211 times out waiting for the ACK for the NULL
frame causing unnecessary disconnection with the AP.

Signed-off-by: Soumik Das <soumik.das@stericsson.com>
---
 net/mac80211/mlme.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index dbd4bd9..a1213e4 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1522,6 +1522,7 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
 	 * anymore. The timeout will be reset if the frame is ACKed by
 	 * the AP.
 	 */
+	ifmgd->probe_send_count++;
 	if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
 		ifmgd->nullfunc_failed = false;
 		ieee80211_send_nullfunc(sdata->local, sdata, 0); @@ -1538,7 +1539,6 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
 					 0, (u32) -1, true, false);
 	}
 
-	ifmgd->probe_send_count++;
 	ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
 	run_again(ifmgd, ifmgd->probe_timeout);
 	if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
--
1.7.5.4

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] mac80211: Remove race condition in sending null frame to check AP status
  2012-05-14  8:25 Soumik DAS
@ 2012-05-14 14:32 ` Johannes Berg
  0 siblings, 0 replies; 5+ messages in thread
From: Johannes Berg @ 2012-05-14 14:32 UTC (permalink / raw)
  To: Soumik DAS
  Cc: John Linville (linville@tuxdriver.com),
	linux-wireless (linux-wireless@vger.kernel.org),
	Kalle Valo (kvalo@adurom.com)

On Mon, 2012-05-14 at 10:25 +0200, Soumik DAS wrote:
> mac80211 tries to verify the existence of the current AP by probing or sending a NULL frame in function ieee80211_mgd_probe_ap_send. It 1st sends a null frame to the AP, increments probe_send_count and
> waits for the ACK to the NULL frame for a finite duration of time. At times, it happens that by the time
> mac80211 gets to increment probe_send_count, the ACK for the NULL frame transmitted has already
> been processed. This leads to a race condition where mac80211 times out waiting for the ACK for the NULL
> frame causing unnecessary disconnection with the AP.

Please break your commit log lines to ~65 characters

johannes



^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH] mac80211: Remove race condition in sending null frame to check AP status
@ 2012-05-15  6:04 Soumik DAS
  2012-05-15 14:00 ` John W. Linville
  0 siblings, 1 reply; 5+ messages in thread
From: Soumik DAS @ 2012-05-15  6:04 UTC (permalink / raw)
  To: John Linville (linville@tuxdriver.com)
  Cc: linux-wireless (linux-wireless@vger.kernel.org),
	Johannes Berg (johannes@sipsolutions.net),
	Kalle Valo (kvalo@adurom.com)

mac80211 tries to verify the existence of the current AP by
probing or sending a NULL frame in function
ieee80211_mgd_probe_ap_send. It 1st sends a null frame to the AP,
increments probe_send_count and waits for the ACK to the NULL
frame for a finite duration of time. At times, it happens that
by the time mac80211 gets to increment probe_send_count, the ACK
for the NULL frame transmitted has already been processed. This
leads to a race condition where mac80211 times out waiting for
the ACK for the NULL frame causing unnecessary disconnection with
the AP.

Signed-off-by: Soumik Das <soumik.das@stericsson.com>
---
net/mac80211/mlme.c |    2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index dbd4bd9..a1213e4 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1522,6 +1522,7 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
    * anymore. The timeout will be reset if the frame is ACKed by
    * the AP.
    */
+    ifmgd->probe_send_count++;
    if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
        ifmgd->nullfunc_failed = false;
        ieee80211_send_nullfunc(sdata->local, sdata, 0); @@ -1538,7 +1539,6 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
                    0, (u32) -1, true, false);
    }

-    ifmgd->probe_send_count++;
    ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
    run_again(ifmgd, ifmgd->probe_timeout);
    if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
--
1.7.5.4

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] mac80211: Remove race condition in sending null frame to check AP status
  2012-05-15  6:04 [PATCH] mac80211: Remove race condition in sending null frame to check AP status Soumik DAS
@ 2012-05-15 14:00 ` John W. Linville
  2012-05-15 14:23   ` Arend van Spriel
  0 siblings, 1 reply; 5+ messages in thread
From: John W. Linville @ 2012-05-15 14:00 UTC (permalink / raw)
  To: Soumik DAS
  Cc: linux-wireless (linux-wireless@vger.kernel.org),
	Johannes Berg (johannes@sipsolutions.net),
	Kalle Valo (kvalo@adurom.com)

On Tue, May 15, 2012 at 08:04:32AM +0200, Soumik DAS wrote:
> mac80211 tries to verify the existence of the current AP by
> probing or sending a NULL frame in function
> ieee80211_mgd_probe_ap_send. It 1st sends a null frame to the AP,
> increments probe_send_count and waits for the ACK to the NULL
> frame for a finite duration of time. At times, it happens that
> by the time mac80211 gets to increment probe_send_count, the ACK
> for the NULL frame transmitted has already been processed. This
> leads to a race condition where mac80211 times out waiting for
> the ACK for the NULL frame causing unnecessary disconnection with
> the AP.
> 
> Signed-off-by: Soumik Das <soumik.das@stericsson.com>
> ---
> net/mac80211/mlme.c |    2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index dbd4bd9..a1213e4 100644
> --- a/net/mac80211/mlme.c
> +++ b/net/mac80211/mlme.c
> @@ -1522,6 +1522,7 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
>     * anymore. The timeout will be reset if the frame is ACKed by
>     * the AP.
>     */
> +    ifmgd->probe_send_count++;
>     if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
>         ifmgd->nullfunc_failed = false;
>         ieee80211_send_nullfunc(sdata->local, sdata, 0); @@ -1538,7 +1539,6 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
>                     0, (u32) -1, true, false);
>     }
> 
> -    ifmgd->probe_send_count++;
>     ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
>     run_again(ifmgd, ifmgd->probe_timeout);
>     if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
> --
> 1.7.5.4
> 

Looks like whitespace damage...?

-- 
John W. Linville		Someday the world will need a hero, and you
linville@tuxdriver.com			might be all we have.  Be ready.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] mac80211: Remove race condition in sending null frame to check AP status
  2012-05-15 14:00 ` John W. Linville
@ 2012-05-15 14:23   ` Arend van Spriel
  0 siblings, 0 replies; 5+ messages in thread
From: Arend van Spriel @ 2012-05-15 14:23 UTC (permalink / raw)
  To: John W. Linville
  Cc: Soumik DAS, linux-wireless (linux-wireless@vger.kernel.org),
	Johannes Berg (johannes@sipsolutions.net),
	Kalle Valo (kvalo@adurom.com)

On 05/15/2012 04:00 PM, John W. Linville wrote:
> On Tue, May 15, 2012 at 08:04:32AM +0200, Soumik DAS wrote:
>> mac80211 tries to verify the existence of the current AP by
>> probing or sending a NULL frame in function
>> ieee80211_mgd_probe_ap_send. It 1st sends a null frame to the AP,
>> increments probe_send_count and waits for the ACK to the NULL
>> frame for a finite duration of time. At times, it happens that
>> by the time mac80211 gets to increment probe_send_count, the ACK
>> for the NULL frame transmitted has already been processed. This
>> leads to a race condition where mac80211 times out waiting for
>> the ACK for the NULL frame causing unnecessary disconnection with
>> the AP.
>>
>> Signed-off-by: Soumik Das <soumik.das@stericsson.com>
>> ---
>> net/mac80211/mlme.c |    2 +-
>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index dbd4bd9..a1213e4 100644
>> --- a/net/mac80211/mlme.c
>> +++ b/net/mac80211/mlme.c
>> @@ -1522,6 +1522,7 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
>>     * anymore. The timeout will be reset if the frame is ACKed by
>>     * the AP.
>>     */
>> +    ifmgd->probe_send_count++;
>>     if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
>>         ifmgd->nullfunc_failed = false;
>>         ieee80211_send_nullfunc(sdata->local, sdata, 0); @@ -1538,7 +1539,6 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
>>                     0, (u32) -1, true, false);
>>     }
>>
>> -    ifmgd->probe_send_count++;
>>     ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
>>     run_again(ifmgd, ifmgd->probe_timeout);
>>     if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
>> --
>> 1.7.5.4
>>
> 
> Looks like whitespace damage...?
> 

Apparently, 4 spaces are used instead of real tabs.

Gr. AvS


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2012-05-15 14:23 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-05-15  6:04 [PATCH] mac80211: Remove race condition in sending null frame to check AP status Soumik DAS
2012-05-15 14:00 ` John W. Linville
2012-05-15 14:23   ` Arend van Spriel
  -- strict thread matches above, loose matches on Subject: below --
2012-05-14  8:25 Soumik DAS
2012-05-14 14:32 ` Johannes Berg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).