From patchwork Mon May 21 06:28:55 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Garg X-Patchwork-Id: 160320 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "maxx.shmoo.com", Issuer "CA Cert Signing Authority" (not verified)) by ozlabs.org (Postfix) with ESMTPS id 123E6B6F9A for ; Mon, 21 May 2012 16:29:38 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 3BF199C208; Mon, 21 May 2012 02:29:36 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mpVPuT-uYAAC; Mon, 21 May 2012 02:29:36 -0400 (EDT) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 337A19C1F6; Mon, 21 May 2012 02:29:32 -0400 (EDT) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 8FCDA9C1F6 for ; Mon, 21 May 2012 02:29:31 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oOFkFAb2QT7s for ; Mon, 21 May 2012 02:29:28 -0400 (EDT) Received: from mms2.broadcom.com (mms2.broadcom.com [216.31.210.18]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id BEDA69C1B6 for ; Mon, 21 May 2012 02:29:27 -0400 (EDT) Received: from [10.16.192.232] by mms2.broadcom.com with ESMTP (Broadcom SMTP Relay (Email Firewall v6.5)); Sun, 20 May 2012 23:29:57 -0700 X-Server-Uuid: 72204117-5C29-4314-8910-60DB108979CB Received: from SJEXCHCAS04.corp.ad.broadcom.com (10.16.203.10) by SJEXCHHUB02.corp.ad.broadcom.com (10.16.192.232) with Microsoft SMTP Server (TLS) id 8.2.247.2; Sun, 20 May 2012 23:29:17 -0700 Received: from SJEXCHMB12.corp.ad.broadcom.com ( [fe80::bc15:c1e1:c29a:36f7]) by SJEXCHCAS04.corp.ad.broadcom.com ( [::1]) with mapi id 14.01.0355.002; Sun, 20 May 2012 23:28:56 -0700 From: "Neeraj Kumar Garg" To: "hostap@lists.shmoo.com" Subject: [PATCH] P2P: Race condition in GO-NEG process if both peers enter p2p_connect at the same time Thread-Topic: [PATCH] P2P: Race condition in GO-NEG process if both peers enter p2p_connect at the same time Thread-Index: Ac03GwkBWrl3rZu7SUmUXkKBiNg+Og== Date: Mon, 21 May 2012 06:28:55 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.132.71.78] MIME-Version: 1.0 X-WSS-ID: 63A73F6F44G7579385-01-01 X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com Hello, We hit a case where both the peers assumed that other peer will be GO. Let us assume that p2p_connect command was given on both the peers using a script at the same time. Also assume that P1 has higher mac address than P2. 1. P1 will send a GO-NEG-REQ and P2 will also send a GO-NEG-REQ. 2. Before P2 could get a callback p2p_go_neg_req_cb to update the variable go_neg_req_sent, P2 receives a GO-NEG request of P1 in the dwell time of its own request. 3. So P2 prepares the GO-NEG-RSP and send it even though its mac address is lower than P1 because go_neg_req_sent variable is NOT yet incremented. 4. Now P1 will get P2's GO-NEG-REQ and will reply it since it has higher mac address. 5. Both peers end up in sending GO-CONF frame. To resolve this race, we propose that we increment go_neg_req_sent as soon as p2p_send_action is called for GO-NEG-REQ. And then decrement go_neg_req_sent if because of some reason the success is not reported in the callback p2p_go_neg_req_cb. From 65193927d34fbbb9e84109b450268150867adbe5 Mon Sep 17 00:00:00 2001 From: Neeraj Garg Date: Mon, 21 May 2012 11:53:46 +0530 Subject: [PATCH] P2P: Race condition in GO-NEG process if both peers enter p2p_connect at the same time Signed-off-by: Neeraj Garg --- src/p2p/p2p.c | 4 +++- src/p2p/p2p_go_neg.c | 1 + 2 files changed, 4 insertions(+), 1 deletions(-) mode change 100644 => 100755 src/p2p/p2p.c mode change 100644 => 100755 src/p2p/p2p_go_neg.c diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c old mode 100644 new mode 100755 index deccfc0..37a33dd --- a/src/p2p/p2p.c +++ b/src/p2p/p2p.c @@ -2704,12 +2704,14 @@ static void p2p_go_neg_req_cb(struct p2p_data *p2p, int success) } if (success) { - dev->go_neg_req_sent++; if (dev->flags & P2P_DEV_USER_REJECTED) { p2p_set_state(p2p, P2P_IDLE); return; } } + else { + dev->go_neg_req_sent--; + } if (!success && (dev->info.dev_capab & P2P_DEV_CAPAB_CLIENT_DISCOVERABILITY) && diff --git a/src/p2p/p2p_go_neg.c b/src/p2p/p2p_go_neg.c old mode 100644 new mode 100755 index 2bf48b3..727d445 --- a/src/p2p/p2p_go_neg.c +++ b/src/p2p/p2p_go_neg.c @@ -220,6 +220,7 @@ int p2p_connect_send(struct p2p_data *p2p, struct p2p_device *dev) p2p->go_neg_peer = dev; dev->flags |= P2P_DEV_WAIT_GO_NEG_RESPONSE; dev->connect_reqs++; + dev->go_neg_req_sent++; if (p2p_send_action(p2p, freq, dev->info.p2p_device_addr, p2p->cfg->dev_addr, dev->info.p2p_device_addr, wpabuf_head(req), wpabuf_len(req), 200) < 0) {