[PATCH] P2P: Race condition in GO-NEG process if both peers enter p2p_connect at the same time
Neeraj Kumar Garg
Sun May 20 23:28:55 PDT 2012
We hit a case where both the peers assumed that other peer will be GO. Let us assume that p2p_connect command was given on both the peers using a script at the same time. Also assume that P1 has higher mac address than P2.
1. P1 will send a GO-NEG-REQ and P2 will also send a GO-NEG-REQ.
2. Before P2 could get a callback p2p_go_neg_req_cb to update the variable go_neg_req_sent, P2 receives a GO-NEG request of P1 in the dwell time of its own request.
3. So P2 prepares the GO-NEG-RSP and send it even though its mac address is lower than P1 because go_neg_req_sent variable is NOT yet incremented.
4. Now P1 will get P2's GO-NEG-REQ and will reply it since it has higher mac address.
5. Both peers end up in sending GO-CONF frame.
To resolve this race, we propose that we increment go_neg_req_sent as soon as p2p_send_action is called for GO-NEG-REQ. And then decrement go_neg_req_sent if because of some reason the success is not reported in the callback p2p_go_neg_req_cb.
More information about the Hostap