mac80211: fix PS-poll response, race

When a station queries us for a PS-poll response, we wrongly queue the frame on the virtual interface's queue rather than the pending queue. Additionally, fix a race condition where we could potentially send multiple frames to the sleeping station due to using a station flag rather than a packet flag. When converting to a packet flag, we can also convert p54 and remove the filter clearing we added for it. (Also remove a now dead function) Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Reported-by: Bob Copeland <me@bobcopeland.com> Tested-by: Bob Copeland <me@bobcopeland.com> Cc: Christian Lamparter <chunkeey@web.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Johannes Berg <johannes@sipsolutions.net> 2009-07-24 07:23:09 -0400
committer: John W. Linville <linville@tuxdriver.com> 2009-07-27 15:24:19 -0400
commit: 3fa52056f3a8e755708241d5795e6d3e6f55ad85 (patch)
tree: 17986e56e775dc55627e4ba9aa0639182ee34339 /net/mac80211/rx.c
parent: 91a3bd76155085d41520cf41ede39e8b7f01aeff (diff)
1 files changed, 6 insertions, 5 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index cb95a3116034..f195705146bd 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -783,7 +783,7 @@ static void ap_sta_ps_start(struct sta_info *sta)
        struct ieee80211_local *local = sdata->local;
        atomic_inc(&sdata->bss->num_sta_ps);
-        set_and_clear_sta_flags(sta, WLAN_STA_PS, WLAN_STA_PSPOLL);
+        set_sta_flags(sta, WLAN_STA_PS);
        drv_sta_notify(local, &sdata->vif, STA_NOTIFY_SLEEP, &sta->sta);
 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
        printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n",
@@ -799,7 +799,7 @@ static int ap_sta_ps_end(struct sta_info *sta)
        atomic_dec(&sdata->bss->num_sta_ps);
-        clear_sta_flags(sta, WLAN_STA_PS | WLAN_STA_PSPOLL);
+        clear_sta_flags(sta, WLAN_STA_PS);
        drv_sta_notify(local, &sdata->vif, STA_NOTIFY_AWAKE, &sta->sta);
        if (!skb_queue_empty(&sta->ps_tx_buf))
@@ -1117,14 +1117,15 @@ ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
                skb_queue_empty(&rx->sta->ps_tx_buf);
        if (skb) {
+                struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
                struct ieee80211_hdr *hdr =
                        (struct ieee80211_hdr *) skb->data;
                /*
-                 * Tell TX path to send one frame even though the STA may
+                 * Tell TX path to send this frame even though the STA may
                 * still remain is PS mode after this frame exchange.
                 */
-                set_sta_flags(rx->sta, WLAN_STA_PSPOLL);
+                info->flags |= IEEE80211_TX_CTL_PSPOLL_RESPONSE;
 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
                printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n",
@@ -1139,7 +1140,7 @@ ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
                else
                        hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
-                dev_queue_xmit(skb);
+                ieee80211_add_pending_skb(rx->local, skb);
                if (no_pending_pkts)
                        sta_info_clear_tim_bit(rx->sta);
author	Johannes Berg <johannes@sipsolutions.net>	2009-07-24 07:23:09 -0400
committer	John W. Linville <linville@tuxdriver.com>	2009-07-27 15:24:19 -0400
commit	3fa52056f3a8e755708241d5795e6d3e6f55ad85 (patch)
tree	17986e56e775dc55627e4ba9aa0639182ee34339 /net/mac80211/rx.c
parent	91a3bd76155085d41520cf41ede39e8b7f01aeff (diff)