[PATCH] softmac: Fixed handling of deassociation from AP

[PATCH] softmac: Fixed handling of deassociation from AP

[Ulrich Kunitz]

In 2.6.19 a deauthentication from the AP doesn't start a
reassociation by the softmac code. It appears that
mac->associnfo.associating must be set and the
ieee80211softmac_assoc_work function must be scheduled. This patch
fixes that.

Signed-off-by: Ulrich Kunitz <kune@deine-taler.de>
---
 net/ieee80211/softmac/ieee80211softmac_assoc.c |   14 ++++++++++++--
 net/ieee80211/softmac/ieee80211softmac_auth.c  |    2 ++
 net/ieee80211/softmac/ieee80211softmac_priv.h  |    2 ++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/net/ieee80211/softmac/ieee80211softmac_assoc.c b/net/ieee80211/softmac/ieee80211softmac_assoc.c
index cf51c87..614aa8d 100644
--- a/net/ieee80211/softmac/ieee80211softmac_assoc.c
+++ b/net/ieee80211/softmac/ieee80211softmac_assoc.c
@@ -427,6 +427,17 @@ ieee80211softmac_handle_assoc_response(s
 	return 0;
 }
 
+void
+ieee80211softmac_try_reassoc(struct ieee80211softmac_device *mac)
+{
+	unsigned long flags;
+
+	spin_lock_irqsave(&mac->lock, flags);
+	mac->associnfo.associating = 1;
+	schedule_work(&mac->associnfo.work);
+	spin_unlock_irqrestore(&mac->lock, flags);
+}
+
 int
 ieee80211softmac_handle_disassoc(struct net_device * dev,
 				 struct ieee80211_disassoc *disassoc)
@@ -445,8 +456,7 @@ ieee80211softmac_handle_disassoc(struct 
 	dprintk(KERN_INFO PFX "got disassoc frame\n");
 	ieee80211softmac_disassoc(mac);
 
-	/* try to reassociate */
-	schedule_work(&mac->associnfo.work);
+	ieee80211softmac_try_reassoc(mac);
 
 	return 0;
 }
diff --git a/net/ieee80211/softmac/ieee80211softmac_auth.c b/net/ieee80211/softmac/ieee80211softmac_auth.c
index 4cef39e..88897e4 100644
--- a/net/ieee80211/softmac/ieee80211softmac_auth.c
+++ b/net/ieee80211/softmac/ieee80211softmac_auth.c
@@ -328,6 +328,8 @@ ieee80211softmac_deauth_from_net(struct 
 	/* can't transmit data right now... */
 	netif_carrier_off(mac->dev);
 	spin_unlock_irqrestore(&mac->lock, flags);
+
+	ieee80211softmac_try_reassoc(mac);
 }
 
 /* 
diff --git a/net/ieee80211/softmac/ieee80211softmac_priv.h b/net/ieee80211/softmac/ieee80211softmac_priv.h
index 0642e09..3ae894f 100644
--- a/net/ieee80211/softmac/ieee80211softmac_priv.h
+++ b/net/ieee80211/softmac/ieee80211softmac_priv.h
@@ -238,4 +238,6 @@ void ieee80211softmac_call_events_locked
 int ieee80211softmac_notify_internal(struct ieee80211softmac_device *mac,
 	int event, void *event_context, notify_function_ptr fun, void *context, gfp_t gfp_mask);
 
+void ieee80211softmac_try_reassoc(struct ieee80211softmac_device *mac);
+
 #endif /* IEEE80211SOFTMAC_PRIV_H_ */
-- 
1.4.1

[PATCH] softmac: Fixed handling of deassociation from AP

[Larry Finger]

From:  Ulrich Kunitz <kune@deine-taler.de>
 
A deauthentication from the AP doesn't start a reassociation by
SoftMAC. To fix this mac->associnfo.associating must be set and the
ieee80211softmac_assoc_work function must be scheduled.

Signed-off-by: Ulrich Kunitz <kune@deine-taler.de>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
---

 net/ieee80211/softmac/ieee80211softmac_assoc.c |   14 ++++++++++++--
 net/ieee80211/softmac/ieee80211softmac_auth.c  |    2 ++
 net/ieee80211/softmac/ieee80211softmac_priv.h  |    2 ++
 3 files changed, 16 insertions(+), 2 deletions(-)

Index: wireless-2.6/net/ieee80211/softmac/ieee80211softmac_assoc.c
===================================================================
--- wireless-2.6.orig/net/ieee80211/softmac/ieee80211softmac_assoc.c
+++ wireless-2.6/net/ieee80211/softmac/ieee80211softmac_assoc.c
@@ -427,6 +427,17 @@ ieee80211softmac_handle_assoc_response(s
 	return 0;
 }
 
+void
+ieee80211softmac_try_reassoc(struct ieee80211softmac_device *mac)
+{
+	unsigned long flags;
+
+	spin_lock_irqsave(&mac->lock, flags);
+	mac->associnfo.associating = 1;
+	schedule_work(&mac->associnfo.work);
+	spin_unlock_irqrestore(&mac->lock, flags);
+}
+
 int
 ieee80211softmac_handle_disassoc(struct net_device * dev,
 				 struct ieee80211_disassoc *disassoc)
@@ -445,8 +456,7 @@ ieee80211softmac_handle_disassoc(struct 
 	dprintk(KERN_INFO PFX "got disassoc frame\n");
 	ieee80211softmac_disassoc(mac);
 
-	/* try to reassociate */
-	schedule_work(&mac->associnfo.work);
+	ieee80211softmac_try_reassoc(mac);
 
 	return 0;
 }
Index: wireless-2.6/net/ieee80211/softmac/ieee80211softmac_auth.c
===================================================================
--- wireless-2.6.orig/net/ieee80211/softmac/ieee80211softmac_auth.c
+++ wireless-2.6/net/ieee80211/softmac/ieee80211softmac_auth.c
@@ -334,6 +334,8 @@ ieee80211softmac_deauth_from_net(struct 
 	/* can't transmit data right now... */
 	netif_carrier_off(mac->dev);
 	spin_unlock_irqrestore(&mac->lock, flags);
+
+	ieee80211softmac_try_reassoc(mac);
 }
 
 /* 
Index: wireless-2.6/net/ieee80211/softmac/ieee80211softmac_priv.h
===================================================================
--- wireless-2.6.orig/net/ieee80211/softmac/ieee80211softmac_priv.h
+++ wireless-2.6/net/ieee80211/softmac/ieee80211softmac_priv.h
@@ -238,4 +238,6 @@ void ieee80211softmac_call_events_locked
 int ieee80211softmac_notify_internal(struct ieee80211softmac_device *mac,
 	int event, void *event_context, notify_function_ptr fun, void *context, gfp_t gfp_mask);
 
+void ieee80211softmac_try_reassoc(struct ieee80211softmac_device *mac);
+
 #endif /* IEEE80211SOFTMAC_PRIV_H_ */

---

Re: [PATCH] softmac: Fixed handling of deassociation from AP

[Michael Buesch]

On Wednesday 06 December 2006 15:45, Larry Finger wrote:
> From:  Ulrich Kunitz <kune@deine-taler.de>
>  
> A deauthentication from the AP doesn't start a reassociation by
> SoftMAC. To fix this mac->associnfo.associating must be set and the
> ieee80211softmac_assoc_work function must be scheduled.
> 
> Signed-off-by: Ulrich Kunitz <kune@deine-taler.de>
> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
> ---
> 
>  net/ieee80211/softmac/ieee80211softmac_assoc.c |   14 ++++++++++++--
>  net/ieee80211/softmac/ieee80211softmac_auth.c  |    2 ++
>  net/ieee80211/softmac/ieee80211softmac_priv.h  |    2 ++
>  3 files changed, 16 insertions(+), 2 deletions(-)
> 
> Index: wireless-2.6/net/ieee80211/softmac/ieee80211softmac_assoc.c
> ===================================================================
> --- wireless-2.6.orig/net/ieee80211/softmac/ieee80211softmac_assoc.c
> +++ wireless-2.6/net/ieee80211/softmac/ieee80211softmac_assoc.c
> @@ -427,6 +427,17 @@ ieee80211softmac_handle_assoc_response(s
>  	return 0;
>  }
>  
> +void
> +ieee80211softmac_try_reassoc(struct ieee80211softmac_device *mac)
> +{
> +	unsigned long flags;
> +
> +	spin_lock_irqsave(&mac->lock, flags);
> +	mac->associnfo.associating = 1;
> +	schedule_work(&mac->associnfo.work);
> +	spin_unlock_irqrestore(&mac->lock, flags);
> +}

All data in mac->associnfo is protected by mac->associnfo->mutex
and _not_ mac->lock.

-- 
Greetings Michael.

Re: [PATCH] softmac: Fixed handling of deassociation from AP

[Ulrich Kunitz]

On 06-12-06 18:52 Michael Buesch wrote:

> All data in mac->associnfo is protected by mac->associnfo->mutex
> and _not_ mac->lock.

Are you sure? One can find for instance the following function in
ieee80211softmac_assoc.c:

void
ieee80211softmac_disassoc(struct ieee80211softmac_device *mac)
{
        unsigned long flags;

        spin_lock_irqsave(&mac->lock, flags);
        if (mac->associnfo.associating)
                cancel_delayed_work(&mac->associnfo.timeout);

        netif_carrier_off(mac->dev);

        mac->associnfo.associated = 0;
        mac->associnfo.bssvalid = 0;
        mac->associnfo.associating = 0;
        ieee80211softmac_init_bss(mac);
        ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_DISASSOCIATED, NULL);
        spin_unlock_irqrestore(&mac->lock, flags);
}

Cheers,

Uli

-- 
Uli Kunitz

Re: [PATCH] softmac: Fixed handling of deassociation from AP

[Michael Buesch]

On Wednesday 06 December 2006 21:17, Ulrich Kunitz wrote:
> On 06-12-06 18:52 Michael Buesch wrote:
> 
> > All data in mac->associnfo is protected by mac->associnfo->mutex
> > and _not_ mac->lock.
> 
> Are you sure?

Yes I am.

> One can find for instance the following function in 
> ieee80211softmac_assoc.c:

This is not the first time we notice that locking
is completely broken in softmac. ;)

> void
> ieee80211softmac_disassoc(struct ieee80211softmac_device *mac)
> {
>         unsigned long flags;
> 
>         spin_lock_irqsave(&mac->lock, flags);
>         if (mac->associnfo.associating)
>                 cancel_delayed_work(&mac->associnfo.timeout);
> 
>         netif_carrier_off(mac->dev);
> 
>         mac->associnfo.associated = 0;
>         mac->associnfo.bssvalid = 0;
>         mac->associnfo.associating = 0;
>         ieee80211softmac_init_bss(mac);
>         ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_DISASSOCIATED, NULL);
>         spin_unlock_irqrestore(&mac->lock, flags);
> }
> 
> Cheers,
> 
> Uli
> 

-- 
Greetings Michael.

Re: [PATCH] softmac: Fixed handling of deassociation from AP

[Ulrich Kunitz]

On 06-12-06 21:52 Michael Buesch wrote:

> On Wednesday 06 December 2006 21:17, Ulrich Kunitz wrote:
> > On 06-12-06 18:52 Michael Buesch wrote:
> > 
> > > All data in mac->associnfo is protected by mac->associnfo->mutex
> > > and _not_ mac->lock.
> > 
> > Are you sure?
> 
> Yes I am.
> 
> > One can find for instance the following function in 
> > ieee80211softmac_assoc.c:
> 
> This is not the first time we notice that locking
> is completely broken in softmac. ;)

So the right thing would be to add another work function
(*_start_reassoc_work) which sets the associating variable and
calls then *_assoc_work? 

Uli

-- 
Uli Kunitz

Re: [PATCH] softmac: Fixed handling of deassociation from AP

[Michael Buesch]

On Wednesday 06 December 2006 22:51, Ulrich Kunitz wrote:
> On 06-12-06 21:52 Michael Buesch wrote:
> 
> > On Wednesday 06 December 2006 21:17, Ulrich Kunitz wrote:
> > > On 06-12-06 18:52 Michael Buesch wrote:
> > > 
> > > > All data in mac->associnfo is protected by mac->associnfo->mutex
> > > > and _not_ mac->lock.
> > > 
> > > Are you sure?
> > 
> > Yes I am.
> > 
> > > One can find for instance the following function in 
> > > ieee80211softmac_assoc.c:
> > 
> > This is not the first time we notice that locking
> > is completely broken in softmac. ;)
> 
> So the right thing would be to add another work function
> (*_start_reassoc_work) which sets the associating variable and
> calls then *_assoc_work? 

Ah, well. I think the right thing doesn't exist.
Even if you replace the lock by the mutex, it's still racy.
The whole lock design of softmac is broken and racy and we
can't simply fix that with a oneliner.

I'd say, John, apply the original patch as-is, as it does
more good than harm.

Basically, I just wanted to point out that this is not race-free.
But I think we can live with it.

-- 
Greetings Michael.

Re: [PATCH] softmac: Fixed handling of deassociation from AP

[Larry Finger]

Michael Buesch wrote:
> On Wednesday 06 December 2006 22:51, Ulrich Kunitz wrote:
>> On 06-12-06 21:52 Michael Buesch wrote:
>>
>>> On Wednesday 06 December 2006 21:17, Ulrich Kunitz wrote:
>>>> On 06-12-06 18:52 Michael Buesch wrote:
>>>>
>>>>> All data in mac->associnfo is protected by mac->associnfo->mutex
>>>>> and _not_ mac->lock.
>>>> Are you sure?
>>> Yes I am.
>>>
>>>> One can find for instance the following function in 
>>>> ieee80211softmac_assoc.c:
>>> This is not the first time we notice that locking
>>> is completely broken in softmac. ;)
>> So the right thing would be to add another work function
>> (*_start_reassoc_work) which sets the associating variable and
>> calls then *_assoc_work? 
> 
> Ah, well. I think the right thing doesn't exist.
> Even if you replace the lock by the mutex, it's still racy.
> The whole lock design of softmac is broken and racy and we
> can't simply fix that with a oneliner.
> 
> I'd say, John, apply the original patch as-is, as it does
> more good than harm.
> 
> Basically, I just wanted to point out that this is not race-free.
> But I think we can live with it.

In struct ieee80211softmac_device, there are the following entries:
...
	spinlock_t lock;

         u8 running; /* SoftMAC started? */
         u8 scanning;

         struct ieee80211softmac_scaninfo *scaninfo;
         struct ieee80211softmac_assoc_info associnfo;
         struct ieee80211softmac_bss_info bssinfo;
...

In struct ieee80211softmac_assoc_info, we have the following entries:

         struct mutex mutex;
         struct ieee80211softmac_essid associate_essid;
         char bssid[ETH_ALEN];
         u8 static_essid;
         u8 short_preamble_available;
         u8 associating;
         u8 associated;
         u8 assoc_wait;
         u8 bssvalid;
         u8 bssfixed;

Although it has been amply demonstrated in this forum that I know nothing about locking, it seems to 
me that the mutex protects only the association data; whereas the spinlock protects more data, but 
does include the association data. If this is correct, then the original posted code is not wrong, 
only protecting data unnecessarily.

Please point out the error in my logic. I'm trying to learn.

Larry

Re: [PATCH] softmac: Fixed handling of deassociation from AP

[Michael Buesch]

On Thursday 07 December 2006 01:36, Larry Finger wrote:
> it seems to 
> me that the mutex protects only the association data; whereas the spinlock protects more data, but 
> does include the association data.

Nope.

The same way you could argue that the BKL should be taken here,
as it's "the global kernel lock which protects everything".
But it's simply not true and won't protect anything. ;)

-- 
Greetings Michael.