Currently if addBA respones comes in just after addba_resp_timer has
expired we still accept addBA response and (try to) open agg
session. This patch fixes this race condition and makes sure that if
addba_resp_timer has expired addBA response is not longer accepted and
we do not try to open half-closed session.
Signed-off-by: Nikolay Martynov <mar.kolya@xxxxxxxxx>
---
net/mac80211/agg-tx.c | 19 +++++++++++++++++--
1 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 39d72cc..683effe 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -746,6 +746,23 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local,
if (!tid_tx)
goto out;
+ del_timer_sync(&tid_tx->addba_resp_timer);
+
+ /*
+ * Test that we are not stopping agg session now.
+ * Since addba_resp_timer may have just finished we need to
+ * check HT_AGG_STATE_STOPPING too.
+ */
+ if (test_bit(HT_AGG_STATE_WANT_STOP, &tid_tx->state)
+ || test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) {
+#ifdef CONFIG_MAC80211_HT_DEBUG
+ printk(KERN_DEBUG "got addBA resp for tid %d but we are not "
+ "(or no longer) expecting expecting it\n",
+ tid);
+#endif
+ goto out;
+ }
+
if (mgmt->u.action.u.addba_resp.dialog_token != tid_tx->dialog_token) {
#ifdef CONFIG_MAC80211_HT_DEBUG
printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid);
@@ -753,8 +770,6 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local,
goto out;
}
- del_timer(&tid_tx->addba_resp_timer);
-
#ifdef CONFIG_MAC80211_HT_DEBUG
printk(KERN_DEBUG "switched off addBA timer for tid %d\n", tid);
#endif
--
1.7.4.1
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
