Return-path: Received: from mail.atheros.com ([12.36.123.2]:43242 "EHLO mail.atheros.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753488Ab0EFJPk (ORCPT ); Thu, 6 May 2010 05:15:40 -0400 Received: from mail.atheros.com ([10.10.20.108]) by sidewinder.atheros.com for ; Thu, 06 May 2010 02:15:40 -0700 From: Sujith MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Message-ID: <19426.35011.859725.434599@gargle.gargle.HOWL> Date: Thu, 6 May 2010 14:45:47 +0530 To: CC: Subject: [PATCH] ath9k_htc: Fix beaconing in IBSS mode Sender: linux-wireless-owner@vger.kernel.org List-ID: The current way of managing beaconing in ad-hoc mode has a subtle race - the beacon obtained from mac80211 is freed in the SWBA handler rather than the TX completion routine. But transmission of beacons goes through the normal SKB queue maintained in hif_usb, leading to a situation where __skb_dequeue() in the TX completion handler goes kaput. Fix this by simply getting a beacon from mac80211 for every SWBA and free it in its completion routine. Signed-off-by: Sujith --- drivers/net/wireless/ath/ath9k/htc.h | 5 +-- drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 39 ++++++----------------- drivers/net/wireless/ath/ath9k/htc_drv_init.c | 2 +- drivers/net/wireless/ath/ath9k/htc_drv_main.c | 12 ------- 4 files changed, 13 insertions(+), 45 deletions(-) diff --git a/drivers/net/wireless/ath/ath9k/htc.h b/drivers/net/wireless/ath/ath9k/htc.h index 1ae18bb..ad556aa 100644 --- a/drivers/net/wireless/ath/ath9k/htc.h +++ b/drivers/net/wireless/ath/ath9k/htc.h @@ -356,7 +356,6 @@ struct ath9k_htc_priv { u16 seq_no; u32 bmiss_cnt; - struct sk_buff *beacon; spinlock_t beacon_lock; bool tx_queues_stop; @@ -408,13 +407,13 @@ static inline void ath_read_cachesize(struct ath_common *common, int *csz) void ath9k_htc_beacon_config(struct ath9k_htc_priv *priv, struct ieee80211_vif *vif); void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending); -void ath9k_htc_beacon_update(struct ath9k_htc_priv *priv, - struct ieee80211_vif *vif); void ath9k_htc_rxep(void *priv, struct sk_buff *skb, enum htc_endpoint_id ep_id); void ath9k_htc_txep(void *priv, struct sk_buff *skb, enum htc_endpoint_id ep_id, bool txok); +void ath9k_htc_beaconep(void *drv_priv, struct sk_buff *skb, + enum htc_endpoint_id ep_id, bool txok); void ath9k_htc_station_work(struct work_struct *work); void ath9k_htc_aggr_work(struct work_struct *work); diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_beacon.c b/drivers/net/wireless/ath/ath9k/htc_drv_beacon.c index 7cb55f5..c10c7d0 100644 --- a/drivers/net/wireless/ath/ath9k/htc_drv_beacon.c +++ b/drivers/net/wireless/ath/ath9k/htc_drv_beacon.c @@ -165,22 +165,10 @@ static void ath9k_htc_beacon_config_adhoc(struct ath9k_htc_priv *priv, WMI_CMD_BUF(WMI_ENABLE_INTR_CMDID, &htc_imask); } -void ath9k_htc_beacon_update(struct ath9k_htc_priv *priv, - struct ieee80211_vif *vif) +void ath9k_htc_beaconep(void *drv_priv, struct sk_buff *skb, + enum htc_endpoint_id ep_id, bool txok) { - struct ath_common *common = ath9k_hw_common(priv->ah); - - spin_lock_bh(&priv->beacon_lock); - - if (priv->beacon) - dev_kfree_skb_any(priv->beacon); - - priv->beacon = ieee80211_beacon_get(priv->hw, vif); - if (!priv->beacon) - ath_print(common, ATH_DBG_BEACON, - "Unable to allocate beacon\n"); - - spin_unlock_bh(&priv->beacon_lock); + dev_kfree_skb_any(skb); } void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending) @@ -189,6 +177,7 @@ void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending) struct tx_beacon_header beacon_hdr; struct ath9k_htc_tx_ctl tx_ctl; struct ieee80211_tx_info *info; + struct sk_buff *beacon; u8 *tx_fhdr; memset(&beacon_hdr, 0, sizeof(struct tx_beacon_header)); @@ -207,25 +196,17 @@ void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending) return; } - if (unlikely(priv->beacon == NULL)) { - spin_unlock_bh(&priv->beacon_lock); - return; - } - - /* Free the old SKB first */ - dev_kfree_skb_any(priv->beacon); - /* Get a new beacon */ - priv->beacon = ieee80211_beacon_get(priv->hw, priv->vif); - if (!priv->beacon) { + beacon = ieee80211_beacon_get(priv->hw, priv->vif); + if (!beacon) { spin_unlock_bh(&priv->beacon_lock); return; } - info = IEEE80211_SKB_CB(priv->beacon); + info = IEEE80211_SKB_CB(beacon); if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ) { struct ieee80211_hdr *hdr = - (struct ieee80211_hdr *) priv->beacon->data; + (struct ieee80211_hdr *) beacon->data; priv->seq_no += 0x10; hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG); hdr->seq_ctrl |= cpu_to_le16(priv->seq_no); @@ -233,10 +214,10 @@ void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending) tx_ctl.type = ATH9K_HTC_NORMAL; beacon_hdr.vif_index = avp->index; - tx_fhdr = skb_push(priv->beacon, sizeof(beacon_hdr)); + tx_fhdr = skb_push(beacon, sizeof(beacon_hdr)); memcpy(tx_fhdr, (u8 *) &beacon_hdr, sizeof(beacon_hdr)); - htc_send(priv->htc, priv->beacon, priv->beacon_ep, &tx_ctl); + htc_send(priv->htc, beacon, priv->beacon_ep, &tx_ctl); spin_unlock_bh(&priv->beacon_lock); } diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_init.c b/drivers/net/wireless/ath/ath9k/htc_drv_init.c index 701f2ef..17111fc 100644 --- a/drivers/net/wireless/ath/ath9k/htc_drv_init.c +++ b/drivers/net/wireless/ath/ath9k/htc_drv_init.c @@ -144,7 +144,7 @@ static int ath9k_init_htc_services(struct ath9k_htc_priv *priv) goto err; /* Beacon */ - ret = ath9k_htc_connect_svc(priv, WMI_BEACON_SVC, NULL, + ret = ath9k_htc_connect_svc(priv, WMI_BEACON_SVC, ath9k_htc_beaconep, &priv->beacon_ep); if (ret) goto err; diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_main.c b/drivers/net/wireless/ath/ath9k/htc_drv_main.c index ca7f3a7..7c9e33b 100644 --- a/drivers/net/wireless/ath/ath9k/htc_drv_main.c +++ b/drivers/net/wireless/ath/ath9k/htc_drv_main.c @@ -1313,15 +1313,6 @@ static void ath9k_htc_remove_interface(struct ieee80211_hw *hw, priv->nvifs--; ath9k_htc_remove_station(priv, vif, NULL); - - if (vif->type == NL80211_IFTYPE_ADHOC) { - spin_lock_bh(&priv->beacon_lock); - if (priv->beacon) - dev_kfree_skb_any(priv->beacon); - priv->beacon = NULL; - spin_unlock_bh(&priv->beacon_lock); - } - priv->vif = NULL; mutex_unlock(&priv->mutex); @@ -1590,9 +1581,6 @@ static void ath9k_htc_bss_info_changed(struct ieee80211_hw *hw, ath9k_htc_beacon_config(priv, vif); } - if (changed & BSS_CHANGED_BEACON) - ath9k_htc_beacon_update(priv, vif); - if ((changed & BSS_CHANGED_BEACON_ENABLED) && !bss_conf->enable_beacon) { priv->op_flags &= ~OP_ENABLE_BEACON; -- 1.7.0.5