Hi folks
examining prints form the tear down of 11n session (see thread "Try to
stop Tx aggregation on non active TID messages"), i found an
interesting issue.
If i associate to a random AP "x" (what happened automatically as i
was configured by ifup scripts to do that), and then scan and
associate to my desired AP "y", i notice that AP "x" was not removed
from the mac80211 station table. Then, what happened was that during
ieee80211_stop, when we reach
list_for_each_entry_rcu(sta, &local->sta_list, list) {
if (sta->sdata == sdata)
ieee80211_sta_tear_down_BA_sessions(dev, sta->addr);
}
we try to tear down sessions to irrelevant stations (AP "x" in my
example), which leads to bugs.
did i miss something, or is there really a problem in the state
machine in the described scenario?
Thanks
Ron
On Tue, Apr 1, 2008 at 3:28 PM, Johannes Berg <[email protected]> wrote:
> Hi,
>
>
> > If i associate to a random AP "x" (what happened automatically as i
> > was configured by ifup scripts to do that), and then scan and
> > associate to my desired AP "y", i notice that AP "x" was not removed
> > from the mac80211 station table. Then, what happened was that during
> > ieee80211_stop, when we reach
> >
> > list_for_each_entry_rcu(sta, &local->sta_list, list) {
> > if (sta->sdata == sdata)
> > ieee80211_sta_tear_down_BA_sessions(dev, sta->addr);
> > }
> >
> > we try to tear down sessions to irrelevant stations (AP "x" in my
> > example), which leads to bugs.
>
> Why would that lead to bugs? That station was known, and there are no
> sessions for that AP.
It's like freeing twice the same a pointer. On what level will you
check that there are no BA session with this ghost AP?
>
> > did i miss something, or is there really a problem in the state
> > machine in the described scenario?
>
> There might be a problem in that we forget to remove that AP under some
> circumstances but it shouldn't matter, we always can have multiple
> stations in our table.
Not in STA mode, should be associated only to one AP at a time. (Hope
this also cover roaming).
Tomas
> > > If i associate to a random AP "x" (what happened automatically as i
> > > was configured by ifup scripts to do that), and then scan and
> > > associate to my desired AP "y", i notice that AP "x" was not removed
> > > from the mac80211 station table. Then, what happened was that during
> > > ieee80211_stop, when we reach
> > >
> > > list_for_each_entry_rcu(sta, &local->sta_list, list) {
> > > if (sta->sdata == sdata)
> > > ieee80211_sta_tear_down_BA_sessions(dev, sta->addr);
> > > }
> > >
> > > we try to tear down sessions to irrelevant stations (AP "x" in my
> > > example), which leads to bugs.
> >
> > Why would that lead to bugs? That station was known, and there are no
> > sessions for that AP.
>
> It's like freeing twice the same a pointer. On what level will you
> check that there are no BA session with this ghost AP?
I don't see the problem. BA sessions are per-STA-info, so what's the
problem with having a STA-info linger around a bit longer maybe?
> > There might be a problem in that we forget to remove that AP under some
> > circumstances but it shouldn't matter, we always can have multiple
> > stations in our table.
>
> Not in STA mode, should be associated only to one AP at a time. (Hope
> this also cover roaming).
True, but BA sessions ought to also work in AP mode and I don't see
where the code differs.
Maybe I misunderstood the problem?
johannes
Hi,
> If i associate to a random AP "x" (what happened automatically as i
> was configured by ifup scripts to do that), and then scan and
> associate to my desired AP "y", i notice that AP "x" was not removed
> from the mac80211 station table. Then, what happened was that during
> ieee80211_stop, when we reach
>
> list_for_each_entry_rcu(sta, &local->sta_list, list) {
> if (sta->sdata == sdata)
> ieee80211_sta_tear_down_BA_sessions(dev, sta->addr);
> }
>
> we try to tear down sessions to irrelevant stations (AP "x" in my
> example), which leads to bugs.
Why would that lead to bugs? That station was known, and there are no
sessions for that AP.
> did i miss something, or is there really a problem in the state
> machine in the described scenario?
There might be a problem in that we forget to remove that AP under some
circumstances but it shouldn't matter, we always can have multiple
stations in our table.
johannes