Commit 9c6dda4e authored by Sujith's avatar Sujith Committed by John W. Linville

ath9k_htc: Fix beaconing in IBSS mode

The current way of managing beaconing in ad-hoc
mode has a subtle race - the beacon obtained from mac80211
is freed in the SWBA handler rather than the TX
completion routine. But transmission of beacons goes
through the normal SKB queue maintained in hif_usb,
leading to a situation where __skb_dequeue() in the TX
completion handler goes kaput.

Fix this by simply getting a beacon from mac80211 for
every SWBA and free it in its completion routine.
Signed-off-by: default avatarSujith <Sujith.Manoharan@atheros.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 0aaffa9b
...@@ -356,7 +356,6 @@ struct ath9k_htc_priv { ...@@ -356,7 +356,6 @@ struct ath9k_htc_priv {
u16 seq_no; u16 seq_no;
u32 bmiss_cnt; u32 bmiss_cnt;
struct sk_buff *beacon;
spinlock_t beacon_lock; spinlock_t beacon_lock;
bool tx_queues_stop; bool tx_queues_stop;
...@@ -408,13 +407,13 @@ static inline void ath_read_cachesize(struct ath_common *common, int *csz) ...@@ -408,13 +407,13 @@ static inline void ath_read_cachesize(struct ath_common *common, int *csz)
void ath9k_htc_beacon_config(struct ath9k_htc_priv *priv, void ath9k_htc_beacon_config(struct ath9k_htc_priv *priv,
struct ieee80211_vif *vif); struct ieee80211_vif *vif);
void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending); void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending);
void ath9k_htc_beacon_update(struct ath9k_htc_priv *priv,
struct ieee80211_vif *vif);
void ath9k_htc_rxep(void *priv, struct sk_buff *skb, void ath9k_htc_rxep(void *priv, struct sk_buff *skb,
enum htc_endpoint_id ep_id); enum htc_endpoint_id ep_id);
void ath9k_htc_txep(void *priv, struct sk_buff *skb, enum htc_endpoint_id ep_id, void ath9k_htc_txep(void *priv, struct sk_buff *skb, enum htc_endpoint_id ep_id,
bool txok); bool txok);
void ath9k_htc_beaconep(void *drv_priv, struct sk_buff *skb,
enum htc_endpoint_id ep_id, bool txok);
void ath9k_htc_station_work(struct work_struct *work); void ath9k_htc_station_work(struct work_struct *work);
void ath9k_htc_aggr_work(struct work_struct *work); void ath9k_htc_aggr_work(struct work_struct *work);
......
...@@ -165,22 +165,10 @@ static void ath9k_htc_beacon_config_adhoc(struct ath9k_htc_priv *priv, ...@@ -165,22 +165,10 @@ static void ath9k_htc_beacon_config_adhoc(struct ath9k_htc_priv *priv,
WMI_CMD_BUF(WMI_ENABLE_INTR_CMDID, &htc_imask); WMI_CMD_BUF(WMI_ENABLE_INTR_CMDID, &htc_imask);
} }
void ath9k_htc_beacon_update(struct ath9k_htc_priv *priv, void ath9k_htc_beaconep(void *drv_priv, struct sk_buff *skb,
struct ieee80211_vif *vif) enum htc_endpoint_id ep_id, bool txok)
{ {
struct ath_common *common = ath9k_hw_common(priv->ah); dev_kfree_skb_any(skb);
spin_lock_bh(&priv->beacon_lock);
if (priv->beacon)
dev_kfree_skb_any(priv->beacon);
priv->beacon = ieee80211_beacon_get(priv->hw, vif);
if (!priv->beacon)
ath_print(common, ATH_DBG_BEACON,
"Unable to allocate beacon\n");
spin_unlock_bh(&priv->beacon_lock);
} }
void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending) void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending)
...@@ -189,6 +177,7 @@ void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending) ...@@ -189,6 +177,7 @@ void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending)
struct tx_beacon_header beacon_hdr; struct tx_beacon_header beacon_hdr;
struct ath9k_htc_tx_ctl tx_ctl; struct ath9k_htc_tx_ctl tx_ctl;
struct ieee80211_tx_info *info; struct ieee80211_tx_info *info;
struct sk_buff *beacon;
u8 *tx_fhdr; u8 *tx_fhdr;
memset(&beacon_hdr, 0, sizeof(struct tx_beacon_header)); memset(&beacon_hdr, 0, sizeof(struct tx_beacon_header));
...@@ -207,25 +196,17 @@ void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending) ...@@ -207,25 +196,17 @@ void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending)
return; return;
} }
if (unlikely(priv->beacon == NULL)) {
spin_unlock_bh(&priv->beacon_lock);
return;
}
/* Free the old SKB first */
dev_kfree_skb_any(priv->beacon);
/* Get a new beacon */ /* Get a new beacon */
priv->beacon = ieee80211_beacon_get(priv->hw, priv->vif); beacon = ieee80211_beacon_get(priv->hw, priv->vif);
if (!priv->beacon) { if (!beacon) {
spin_unlock_bh(&priv->beacon_lock); spin_unlock_bh(&priv->beacon_lock);
return; return;
} }
info = IEEE80211_SKB_CB(priv->beacon); info = IEEE80211_SKB_CB(beacon);
if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ) { if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ) {
struct ieee80211_hdr *hdr = struct ieee80211_hdr *hdr =
(struct ieee80211_hdr *) priv->beacon->data; (struct ieee80211_hdr *) beacon->data;
priv->seq_no += 0x10; priv->seq_no += 0x10;
hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG); hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
hdr->seq_ctrl |= cpu_to_le16(priv->seq_no); hdr->seq_ctrl |= cpu_to_le16(priv->seq_no);
...@@ -233,10 +214,10 @@ void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending) ...@@ -233,10 +214,10 @@ void ath9k_htc_swba(struct ath9k_htc_priv *priv, u8 beacon_pending)
tx_ctl.type = ATH9K_HTC_NORMAL; tx_ctl.type = ATH9K_HTC_NORMAL;
beacon_hdr.vif_index = avp->index; beacon_hdr.vif_index = avp->index;
tx_fhdr = skb_push(priv->beacon, sizeof(beacon_hdr)); tx_fhdr = skb_push(beacon, sizeof(beacon_hdr));
memcpy(tx_fhdr, (u8 *) &beacon_hdr, sizeof(beacon_hdr)); memcpy(tx_fhdr, (u8 *) &beacon_hdr, sizeof(beacon_hdr));
htc_send(priv->htc, priv->beacon, priv->beacon_ep, &tx_ctl); htc_send(priv->htc, beacon, priv->beacon_ep, &tx_ctl);
spin_unlock_bh(&priv->beacon_lock); spin_unlock_bh(&priv->beacon_lock);
} }
......
...@@ -144,7 +144,7 @@ static int ath9k_init_htc_services(struct ath9k_htc_priv *priv) ...@@ -144,7 +144,7 @@ static int ath9k_init_htc_services(struct ath9k_htc_priv *priv)
goto err; goto err;
/* Beacon */ /* Beacon */
ret = ath9k_htc_connect_svc(priv, WMI_BEACON_SVC, NULL, ret = ath9k_htc_connect_svc(priv, WMI_BEACON_SVC, ath9k_htc_beaconep,
&priv->beacon_ep); &priv->beacon_ep);
if (ret) if (ret)
goto err; goto err;
......
...@@ -1313,15 +1313,6 @@ static void ath9k_htc_remove_interface(struct ieee80211_hw *hw, ...@@ -1313,15 +1313,6 @@ static void ath9k_htc_remove_interface(struct ieee80211_hw *hw,
priv->nvifs--; priv->nvifs--;
ath9k_htc_remove_station(priv, vif, NULL); ath9k_htc_remove_station(priv, vif, NULL);
if (vif->type == NL80211_IFTYPE_ADHOC) {
spin_lock_bh(&priv->beacon_lock);
if (priv->beacon)
dev_kfree_skb_any(priv->beacon);
priv->beacon = NULL;
spin_unlock_bh(&priv->beacon_lock);
}
priv->vif = NULL; priv->vif = NULL;
mutex_unlock(&priv->mutex); mutex_unlock(&priv->mutex);
...@@ -1590,9 +1581,6 @@ static void ath9k_htc_bss_info_changed(struct ieee80211_hw *hw, ...@@ -1590,9 +1581,6 @@ static void ath9k_htc_bss_info_changed(struct ieee80211_hw *hw,
ath9k_htc_beacon_config(priv, vif); ath9k_htc_beacon_config(priv, vif);
} }
if (changed & BSS_CHANGED_BEACON)
ath9k_htc_beacon_update(priv, vif);
if ((changed & BSS_CHANGED_BEACON_ENABLED) && if ((changed & BSS_CHANGED_BEACON_ENABLED) &&
!bss_conf->enable_beacon) { !bss_conf->enable_beacon) {
priv->op_flags &= ~OP_ENABLE_BEACON; priv->op_flags &= ~OP_ENABLE_BEACON;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment