aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorSoumik Das <soumik.das@stericsson.com>2012-05-20 06:01:13 -0400
committerJohn W. Linville <linville@tuxdriver.com>2012-05-25 11:16:16 -0400
commit992e68bf2eb9f3319f098560b8d4a03aa52fd7b8 (patch)
tree4def5ed9c6845d2a9f48f7f99a429fc89be79b9b /net
parentedb9bc9a1e08f54adfdb4f4d31bca5a15aeb8ef0 (diff)
mac80211: Fix race in checking AP status by sending null frame
mac80211 tries to verify the existence of the current AP by probing or sending a NULL frame in function ieee80211_mgd_probe_ap_send. It 1st sends a null frame to the AP, increments probe_send_count and waits for the ACK to the NULL frame for a finite duration of time. At times, it happens that by the time mac80211 gets to increment probe_send_count, the ACK for the NULL frame transmitted has already been processed. This leads to a race condition where mac80211 times out waiting for the ACK for the NULL frame causing unnecessary disconnection with the AP. Signed-off-by: Soumik Das <soumik.das@stericsson.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
-rw-r--r--net/mac80211/mlme.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index b3b3c264ff66..04c306308987 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1522,6 +1522,8 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1522 * anymore. The timeout will be reset if the frame is ACKed by 1522 * anymore. The timeout will be reset if the frame is ACKed by
1523 * the AP. 1523 * the AP.
1524 */ 1524 */
1525 ifmgd->probe_send_count++;
1526
1525 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 1527 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
1526 ifmgd->nullfunc_failed = false; 1528 ifmgd->nullfunc_failed = false;
1527 ieee80211_send_nullfunc(sdata->local, sdata, 0); 1529 ieee80211_send_nullfunc(sdata->local, sdata, 0);
@@ -1538,7 +1540,6 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1538 0, (u32) -1, true, false); 1540 0, (u32) -1, true, false);
1539 } 1541 }
1540 1542
1541 ifmgd->probe_send_count++;
1542 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 1543 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
1543 run_again(ifmgd, ifmgd->probe_timeout); 1544 run_again(ifmgd, ifmgd->probe_timeout);
1544 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 1545 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)