git: e8de31caceaa - main - net80211: Fix traffic hang on STA/AP VAPs on a multi-VAP interface
Date: Fri, 22 Apr 2022 05:49:14 UTC
The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=e8de31caceaa36caf5d7b4355072f148e2433b82 commit e8de31caceaa36caf5d7b4355072f148e2433b82 Author: Adrian Chadd <adrian@FreeBSD.org> AuthorDate: 2022-04-12 20:20:28 +0000 Commit: Adrian Chadd <adrian@FreeBSD.org> CommitDate: 2022-04-22 05:49:01 +0000 net80211: Fix traffic hang on STA/AP VAPs on a multi-VAP interface This took an embarrasingly long time to find. The state changes for a radio with a STA /and/ AP VAP gets a bit messy. The AP maps are marked as waiting, waiting for the STA AP to find a channel to use before the AP VAPs become active. However, the code path that clears the OACTIVE flag on a VAP only runs during a successful run of ieee80211_newstate_cb(). So here is how it goes: * the STA VAP goes down and needs to scan; * the AP vap goes RUN->INIT; but it doesn't YET call ieee80211_newstate_cb(); * meanwhile - a send on the AP VAP causes the VAP to set the OACTIVE flag here; * then the STA VAP finishes scan and goes to RUN; * which will call wakeupwaiting() as part of the STA VAP transition to RUN; * .. then the AP VAP goes INIT->RUN directly via a call to hostap_newstate in wakeupwaiting rather than it being through the deferred path; * /then/ the ieee80211_newstate_cb() is called, but it sees the state go RUN->RUN; * .. which results in the OACTIVE flag never being cleared. This clears the OACTIVE flag when a VAP transitions RUN->RUN; the driver layer or net80211 layer can set it if required in a subsequent transmit. Differential Revision: https://reviews.freebsd.org/D34920 Reviewed by: bz --- sys/net80211/ieee80211_proto.c | 47 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/sys/net80211/ieee80211_proto.c b/sys/net80211/ieee80211_proto.c index 2228983050a2..d2bde99ce79c 100644 --- a/sys/net80211/ieee80211_proto.c +++ b/sys/net80211/ieee80211_proto.c @@ -2469,6 +2469,29 @@ wakeupwaiting(struct ieee80211vap *vap0) vap->iv_flags_ext &= ~IEEE80211_FEXT_SCANWAIT; /* NB: sta's cannot go INIT->RUN */ /* NB: iv_newstate may drop the lock */ + + /* + * This is problematic if the interface has OACTIVE + * set. Only the deferred ieee80211_newstate_cb() + * will end up actually /clearing/ the OACTIVE + * flag on a state transition to RUN from a non-RUN + * state. + * + * But, we're not actually deferring this callback; + * and when the deferred call occurs it shows up as + * a RUN->RUN transition! So the flag isn't/wasn't + * cleared! + * + * I'm also not sure if it's correct to actually + * do the transitions here fully through the deferred + * paths either as other things can be invoked as + * part of that state machine. + * + * So just keep this in mind when looking at what + * the markwaiting/wakeupwaiting routines are doing + * and how they invoke vap state changes. + */ + vap->iv_newstate(vap, vap->iv_opmode == IEEE80211_M_STA ? IEEE80211_S_SCAN : IEEE80211_S_RUN, 0); @@ -2543,6 +2566,30 @@ ieee80211_newstate_cb(void *xvap, int npending) goto done; } + /* + * Handle the case of a RUN->RUN transition occuring when STA + AP + * VAPs occur on the same radio. + * + * The mark and wakeup waiting routines call iv_newstate() directly, + * but they do not end up deferring state changes here. + * Thus, although the VAP newstate method sees a transition + * of RUN->INIT->RUN, the deferred path here only sees a RUN->RUN + * transition. If OACTIVE is set then it is never cleared. + * + * So, if we're here and the state is RUN, just clear OACTIVE. + * At some point if the markwaiting/wakeupwaiting paths end up + * also invoking the deferred state updates then this will + * be no-op code - and also if OACTIVE is finally retired, it'll + * also be no-op code. + */ + if (nstate == IEEE80211_S_RUN) { + /* + * Unblock the VAP queue; a RUN->RUN state can happen + * on a STA+AP setup on the AP vap. See wakeupwaiting(). + */ + vap->iv_ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; + } + /* No actual transition, skip post processing */ if (ostate == nstate) goto done;