Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 07346f81 authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville
Browse files

mac80211: proper STA info locking 



As discussed earlier, we can unify locking in struct sta_info
and use just a single spinlock protecting all members of the
structure that need protection. Many don't, but one of the
especially bad ones is the 'flags' member that can currently
be clobbered when RX and TX is being processed on different
CPUs at the same time.

Because having four spinlocks for different, mostly exclusive
parts of a single structure is overkill, this patch also kills
the ampdu and mesh plink spinlocks and uses just a single one
for everything. Because none of the spinlocks are nested, this
is safe.

It remains to be seen whether or not we should make the sta
flags use atomic bit operations instead, for now though this
is a safe thing and using atomic operations instead will be
very simple using the new static inline functions this patch
introduces for accessing sta->flags.

Since spin_lock_bh() is used with this lock, there shouldn't
be any contention even if aggregation is enabled at around the
same time as both requires frame transmission/reception which
is in a bh context.

Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
Cc: Tomas Winkler <tomasw@gmail.com>
Cc: Ron Rindjunsky <ron.rindjunsky@intel.com>
Cc: Luis Carlos Cobo <luisca@cozybit.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 3434fbd3

drivers/net/wireless/iwlwifi/iwl-4965-rs.c

+2 −2
Original line number Diff line number Diff line
@@ -360,9 +360,9 @@ static void rs_tl_turn_on_agg_for_tid(struct iwl_priv *priv, 
	unsigned long state;

	DECLARE_MAC_BUF(mac);



	spin_lock_bh(&sta->ampdu_mlme.ampdu_tx);

	spin_lock_bh(&sta->lock);

	state = sta->ampdu_mlme.tid_state_tx[tid];

	spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx);

	spin_unlock_bh(&sta->lock);



	if (state == HT_AGG_STATE_IDLE &&

	    rs_tl_get_load(lq_data, tid) > IWL_AGG_LOAD_THRESHOLD) {

net/mac80211/cfg.c

+2 −0
Original line number Diff line number Diff line
@@ -602,6 +602,7 @@ static void sta_apply_parameters(struct ieee80211_local *local, 
	 */



	if (params->station_flags & STATION_FLAG_CHANGED) {

		spin_lock_bh(&sta->lock);

		sta->flags &= ~WLAN_STA_AUTHORIZED;

		if (params->station_flags & STATION_FLAG_AUTHORIZED)

			sta->flags |= WLAN_STA_AUTHORIZED;
@@ -613,6 +614,7 @@ static void sta_apply_parameters(struct ieee80211_local *local, 
		sta->flags &= ~WLAN_STA_WME;

		if (params->station_flags & STATION_FLAG_WME)

			sta->flags |= WLAN_STA_WME;

		spin_unlock_bh(&sta->lock);

	}



	/*

net/mac80211/debugfs_sta.c

+8 −7
Original line number Diff line number Diff line
@@ -74,14 +74,15 @@ static ssize_t sta_flags_read(struct file *file, char __user *userbuf, 
{

	char buf[100];

	struct sta_info *sta = file->private_data;

	u32 staflags = get_sta_flags(sta);

	int res = scnprintf(buf, sizeof(buf), "%s%s%s%s%s%s%s",

		sta->flags & WLAN_STA_AUTH ? "AUTH\n" : "",

		sta->flags & WLAN_STA_ASSOC ? "ASSOC\n" : "",

		sta->flags & WLAN_STA_PS ? "PS\n" : "",

		sta->flags & WLAN_STA_AUTHORIZED ? "AUTHORIZED\n" : "",

		sta->flags & WLAN_STA_SHORT_PREAMBLE ? "SHORT PREAMBLE\n" : "",

		sta->flags & WLAN_STA_WME ? "WME\n" : "",

		sta->flags & WLAN_STA_WDS ? "WDS\n" : "");

		staflags & WLAN_STA_AUTH ? "AUTH\n" : "",

		staflags & WLAN_STA_ASSOC ? "ASSOC\n" : "",

		staflags & WLAN_STA_PS ? "PS\n" : "",

		staflags & WLAN_STA_AUTHORIZED ? "AUTHORIZED\n" : "",

		staflags & WLAN_STA_SHORT_PREAMBLE ? "SHORT PREAMBLE\n" : "",

		staflags & WLAN_STA_WME ? "WME\n" : "",

		staflags & WLAN_STA_WDS ? "WDS\n" : "");

	return simple_read_from_buffer(userbuf, count, ppos, buf, res);

}

STA_OPS(flags);

net/mac80211/key.c

+2 −2
Original line number Diff line number Diff line
@@ -321,7 +321,7 @@ void ieee80211_key_link(struct ieee80211_key *key, 
		 * some hardware cannot handle TKIP with QoS, so

		 * we indicate whether QoS could be in use.

		 */

		if (sta->flags & WLAN_STA_WME)

		if (test_sta_flags(sta, WLAN_STA_WME))

			key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA;



		/*
@@ -342,7 +342,7 @@ void ieee80211_key_link(struct ieee80211_key *key, 
			/* same here, the AP could be using QoS */

			ap = sta_info_get(key->local, key->sdata->u.sta.bssid);

			if (ap) {

				if (ap->flags & WLAN_STA_WME)

				if (test_sta_flags(ap, WLAN_STA_WME))

					key->conf.flags |=

						IEEE80211_KEY_FLAG_WMM_STA;

			}

net/mac80211/main.c

+16 −15
Original line number Diff line number Diff line
@@ -346,6 +346,7 @@ static int ieee80211_open(struct net_device *dev) 
			goto err_del_interface;

		}



		/* no locking required since STA is not live yet */

		sta->flags |= WLAN_STA_AUTHORIZED;



		res = sta_info_insert(sta);
@@ -588,7 +589,7 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid) 
		return -ENOENT;

	}



	spin_lock_bh(&sta->ampdu_mlme.ampdu_tx);

	spin_lock_bh(&sta->lock);



	/* we have tried too many times, receiver does not want A-MPDU */

	if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) {
@@ -691,7 +692,7 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid) 
	spin_unlock_bh(&local->mdev->queue_lock);

	ret = -EBUSY;

start_ba_exit:

	spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx);

	spin_unlock_bh(&sta->lock);

	rcu_read_unlock();

	return ret;

}
@@ -719,7 +720,7 @@ int ieee80211_stop_tx_ba_session(struct ieee80211_hw *hw, 


	/* check if the TID is in aggregation */

	state = &sta->ampdu_mlme.tid_state_tx[tid];

	spin_lock_bh(&sta->ampdu_mlme.ampdu_tx);

	spin_lock_bh(&sta->lock);



	if (*state != HT_AGG_STATE_OPERATIONAL) {

		ret = -ENOENT;
@@ -749,7 +750,7 @@ int ieee80211_stop_tx_ba_session(struct ieee80211_hw *hw, 
	}



stop_BA_exit:

	spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx);

	spin_unlock_bh(&sta->lock);

	rcu_read_unlock();

	return ret;

}
@@ -778,12 +779,12 @@ void ieee80211_start_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u16 tid) 
	}



	state = &sta->ampdu_mlme.tid_state_tx[tid];

	spin_lock_bh(&sta->ampdu_mlme.ampdu_tx);

	spin_lock_bh(&sta->lock);



	if (!(*state & HT_ADDBA_REQUESTED_MSK)) {

		printk(KERN_DEBUG "addBA was not requested yet, state is %d\n",

				*state);

		spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx);

		spin_unlock_bh(&sta->lock);

		rcu_read_unlock();

		return;

	}
@@ -796,7 +797,7 @@ void ieee80211_start_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u16 tid) 
		printk(KERN_DEBUG "Aggregation is on for tid %d \n", tid);

		ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]);

	}

	spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx);

	spin_unlock_bh(&sta->lock);

	rcu_read_unlock();

}

EXPORT_SYMBOL(ieee80211_start_tx_ba_cb);
@@ -830,10 +831,10 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid) 
	}

	state = &sta->ampdu_mlme.tid_state_tx[tid];



	spin_lock_bh(&sta->ampdu_mlme.ampdu_tx);

	spin_lock_bh(&sta->lock);

	if ((*state & HT_AGG_STATE_REQ_STOP_BA_MSK) == 0) {

		printk(KERN_DEBUG "unexpected callback to A-MPDU stop\n");

		spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx);

		spin_unlock_bh(&sta->lock);

		rcu_read_unlock();

		return;

	}
@@ -860,7 +861,7 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid) 
	sta->ampdu_mlme.addba_req_num[tid] = 0;

	kfree(sta->ampdu_mlme.tid_tx[tid]);

	sta->ampdu_mlme.tid_tx[tid] = NULL;

	spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx);

	spin_unlock_bh(&sta->lock);



	rcu_read_unlock();

}
@@ -1315,7 +1316,7 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local, 
	 * packet. If the STA went to power save mode, this will happen

	 * happen when it wakes up for the next time.

	 */

	sta->flags |= WLAN_STA_CLEAR_PS_FILT;

	set_sta_flags(sta, WLAN_STA_CLEAR_PS_FILT);



	/*

	 * This code races in the following way:
@@ -1347,7 +1348,7 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local, 
	 *      can be unknown, for example with different interrupt status

	 *	bits.

	 */

	if (sta->flags & WLAN_STA_PS &&

	if (test_sta_flags(sta, WLAN_STA_PS) &&

	    skb_queue_len(&sta->tx_filtered) < STA_MAX_TX_BUFFER) {

		ieee80211_remove_tx_extra(local, sta->key, skb,

					  &status->control);
@@ -1355,7 +1356,7 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local, 
		return;

	}



	if (!(sta->flags & WLAN_STA_PS) &&

	if (!test_sta_flags(sta, WLAN_STA_PS) &&

	    !(status->control.flags & IEEE80211_TXCTL_REQUEUE)) {

		/* Software retry the packet once */

		status->control.flags |= IEEE80211_TXCTL_REQUEUE;
@@ -1370,7 +1371,7 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local, 
		       "queue_len=%d PS=%d @%lu\n",

		       wiphy_name(local->hw.wiphy),

		       skb_queue_len(&sta->tx_filtered),

		       !!(sta->flags & WLAN_STA_PS), jiffies);

		       !!test_sta_flags(sta, WLAN_STA_PS), jiffies);

	dev_kfree_skb(skb);

}
@@ -1399,7 +1400,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb, 
		struct sta_info *sta;

		sta = sta_info_get(local, hdr->addr1);

		if (sta) {

			if (sta->flags & WLAN_STA_PS) {

			if (test_sta_flags(sta, WLAN_STA_PS)) {

				/*

				 * The STA is in power save mode, so assume

				 * that this TX packet failed because of that.