Re: [PATCH 07/11] mac80211: fix race in TX aggregation

Johannes Berg <johannes@xxxxxxxxxxxxxxxx> · Fri, 06 Feb 2009 21:37:35 +0100

On Fri, 2009-02-06 at 11:13 -0800, Luis R. Rodriguez wrote:

> > @@ -135,23 +163,13 @@ static void sta_addba_resp_timer_expired
> >          * flow in sta_info_create gives the TID as data, while the timer_to_id
> >          * array gives the sta through container_of */
> >         u16 tid = *(u8 *)data;
> > -       struct sta_info *temp_sta = container_of((void *)data,
> > +       struct sta_info *sta = container_of((void *)data,
> >                 struct sta_info, timer_to_tid[tid]);
> > -
> > -       struct ieee80211_local *local = temp_sta->local;
> > -       struct ieee80211_hw *hw = &local->hw;
> > -       struct sta_info *sta;
> > +       struct ieee80211_local *local = sta->local;
> >         u8 *state;
> > 
> > -       rcu_read_lock();
> > -
> > -       sta = sta_info_get(local, temp_sta->sta.addr);
> > -       if (!sta) {
> > -               rcu_read_unlock();
> > -               return;
> > -       }
> > -
> >         state = &sta->ampdu_mlme.tid_state_tx[tid];
> > +
> >         /* check if the TID waits for addBA response */
> >         spin_lock_bh(&sta->lock);
> >         if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
> > @@ -161,21 +179,15 @@ static void sta_addba_resp_timer_expired
> >                 printk(KERN_DEBUG "timer expired on tid %d but we are not "
> >                                 "expecting addBA response there", tid);
> >  #endif
> > -               goto timer_expired_exit;
> > +               return;
> >         }
> > 
> >  #ifdef CONFIG_MAC80211_HT_DEBUG
> >         printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid);
> >  #endif
> > 
> > -       /* go through the state check in stop_BA_session */
> > -       *state = HT_AGG_STATE_OPERATIONAL;
> > +       __ieee80211_stop_tx_ba_session(local, sta, tid, WLAN_BACK_INITIATOR);
> >         spin_unlock_bh(&sta->lock);
> > -       ieee80211_stop_tx_ba_session(hw, temp_sta->sta.addr, tid,
> > -                                    WLAN_BACK_INITIATOR);
> > -
> > -timer_expired_exit:
> > -       rcu_read_unlock();
> >  }
> 
> Do we not need the sta under rcu lock on the sta_addba_resp_timer_expired()?
> With this patch wouldn't we have a race between passing this to
> __ieee80211_stop_tx_ba_session() and it being removed using sta_info_destroy()?

No, because this is the timer that we take care to kill in _destroy.

johannes
Attachment:
signature.asc

Description: This is a digitally signed message part