diff options
author | Christian Lamparter <chunkeey@googlemail.com> | 2011-01-31 21:48:44 +0300 |
---|---|---|
committer | John W. Linville <linville@tuxdriver.com> | 2011-02-05 00:29:49 +0300 |
commit | 512119b36f7945a650877cbc7e9b5f4cc4d92e4c (patch) | |
tree | 324117fb41bff372ac9a5e669cf279106731cac1 /net/mac80211/tx.c | |
parent | 4099e2f4404762add8ef2b0dadef3c5122117210 (diff) | |
download | linux-512119b36f7945a650877cbc7e9b5f4cc4d92e4c.tar.xz |
mac80211: fix race between next beacon dtim and ieee80211_get_buffered_bc
On review of 'zd1211rw: implement beacon fetching and handling
ieee80211_get_buffered_bc()', Christian Lamparter noted that [1]:
Since zd_beacon_done also uploads the next beacon so long in advance,
there could be an equally long race between the outdated state of the
next beacon's DTIM broadcast traffic indicator (802.11-2007 7.3.2.6)
which -in your case- was uploaded almost a beacon interval ago and
the xmit of ieee80211_get_buffered_bc *now*.
The dtim bc/mc bit might be not set, when a mc/bc arrived after the
beacon was uploaded, but before the "beacon done event" from the
hardware. So, dozing stations don't expect the broadcast traffic
and of course, they might miss it completely.
It's probably better to fix this in mac80211 (see the attached hack).
[1] http://marc.info/?l=linux-wireless&m=129435041117256&w=2
CC: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/tx.c')
-rw-r--r-- | net/mac80211/tx.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 8fbbc7a816d6..bf67a223cd60 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -2179,6 +2179,8 @@ static void ieee80211_beacon_add_tim(struct ieee80211_if_ap *bss, if (bss->dtim_count == 0 && !skb_queue_empty(&bss->ps_bc_buf)) aid0 = 1; + bss->dtim_bc_mc = aid0 == 1; + if (have_bits) { /* Find largest even number N1 so that bits numbered 1 through * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits @@ -2549,7 +2551,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw, if (sdata->vif.type != NL80211_IFTYPE_AP || !beacon || !beacon->head) goto out; - if (bss->dtim_count != 0) + if (bss->dtim_count != 0 || !bss->dtim_bc_mc) goto out; /* send buffered bc/mc only after DTIM beacon */ while (1) { |