linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] mwl8k: Fix rate_idx underflow
@ 2019-04-11 18:13 Petr Štetiar
  2019-04-25 16:53 ` Kalle Valo
  0 siblings, 1 reply; 2+ messages in thread
From: Petr Štetiar @ 2019-04-11 18:13 UTC (permalink / raw)
  To: linux-wireless; +Cc: Kalle Valo, Lennert Buytenhek, Petr Štetiar, stable

It was reported on OpenWrt bug tracking system[1], that several users
are affected by the endless reboot of their routers if they configure
5GHz interface with channel 44 or 48.

The reboot loop is caused by the following excessive number of WARN_ON
messages:

 WARNING: CPU: 0 PID: 0 at backports-4.19.23-1/net/mac80211/rx.c:4516
                             ieee80211_rx_napi+0x1fc/0xa54 [mac80211]

as the messages are being correctly emitted by the following guard:

 case RX_ENC_LEGACY:
      if (WARN_ON(status->rate_idx >= sband->n_bitrates))

as the rate_idx is in this case erroneously set to 251 (0xfb). This fix
simply converts previously used magic number to proper constant and
guards against substraction which is leading to the currently observed
underflow.

1. https://bugs.openwrt.org/index.php?do=details&task_id=2218

Fixes: 854783444bab ("mwl8k: properly set receive status rate index on 5 GHz receive")
Cc: <stable@vger.kernel.org>
Tested-by: Eubert Bao <bunnier@gmail.com>
Reported-by: Eubert Bao <bunnier@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
---
 drivers/net/wireless/marvell/mwl8k.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireless/marvell/mwl8k.c b/drivers/net/wireless/marvell/mwl8k.c
index 8e4e9b6..ffc565a 100644
--- a/drivers/net/wireless/marvell/mwl8k.c
+++ b/drivers/net/wireless/marvell/mwl8k.c
@@ -441,6 +441,9 @@ struct mwl8k_sta {
 #define MWL8K_CMD_UPDATE_STADB		0x1123
 #define MWL8K_CMD_BASTREAM		0x1125
 
+#define MWL8K_LEGACY_5G_RATE_OFFSET \
+	(ARRAY_SIZE(mwl8k_rates_24) - ARRAY_SIZE(mwl8k_rates_50))
+
 static const char *mwl8k_cmd_name(__le16 cmd, char *buf, int bufsize)
 {
 	u16 command = le16_to_cpu(cmd);
@@ -1016,8 +1019,9 @@ static void mwl8k_rxd_ap_refill(void *_rxd, dma_addr_t addr, int len)
 
 	if (rxd->channel > 14) {
 		status->band = NL80211_BAND_5GHZ;
-		if (!(status->encoding == RX_ENC_HT))
-			status->rate_idx -= 5;
+		if (!(status->encoding == RX_ENC_HT) &&
+		    status->rate_idx >= MWL8K_LEGACY_5G_RATE_OFFSET)
+			status->rate_idx -= MWL8K_LEGACY_5G_RATE_OFFSET;
 	} else {
 		status->band = NL80211_BAND_2GHZ;
 	}
@@ -1124,8 +1128,9 @@ static void mwl8k_rxd_sta_refill(void *_rxd, dma_addr_t addr, int len)
 
 	if (rxd->channel > 14) {
 		status->band = NL80211_BAND_5GHZ;
-		if (!(status->encoding == RX_ENC_HT))
-			status->rate_idx -= 5;
+		if (!(status->encoding == RX_ENC_HT) &&
+		    status->rate_idx >= MWL8K_LEGACY_5G_RATE_OFFSET)
+			status->rate_idx -= MWL8K_LEGACY_5G_RATE_OFFSET;
 	} else {
 		status->band = NL80211_BAND_2GHZ;
 	}
-- 
1.9.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] mwl8k: Fix rate_idx underflow
  2019-04-11 18:13 [PATCH] mwl8k: Fix rate_idx underflow Petr Štetiar
@ 2019-04-25 16:53 ` Kalle Valo
  0 siblings, 0 replies; 2+ messages in thread
From: Kalle Valo @ 2019-04-25 16:53 UTC (permalink / raw)
  To: Petr Štetiar
  Cc: linux-wireless, Lennert Buytenhek, Petr Štetiar, stable

Petr Štetiar wrote:

> It was reported on OpenWrt bug tracking system[1], that several users
> are affected by the endless reboot of their routers if they configure
> 5GHz interface with channel 44 or 48.
> 
> The reboot loop is caused by the following excessive number of WARN_ON
> messages:
> 
>  WARNING: CPU: 0 PID: 0 at backports-4.19.23-1/net/mac80211/rx.c:4516
>                              ieee80211_rx_napi+0x1fc/0xa54 [mac80211]
> 
> as the messages are being correctly emitted by the following guard:
> 
>  case RX_ENC_LEGACY:
>       if (WARN_ON(status->rate_idx >= sband->n_bitrates))
> 
> as the rate_idx is in this case erroneously set to 251 (0xfb). This fix
> simply converts previously used magic number to proper constant and
> guards against substraction which is leading to the currently observed
> underflow.
> 
> 1. https://bugs.openwrt.org/index.php?do=details&task_id=2218
> 
> Fixes: 854783444bab ("mwl8k: properly set receive status rate index on 5 GHz receive")
> Cc: <stable@vger.kernel.org>
> Tested-by: Eubert Bao <bunnier@gmail.com>
> Reported-by: Eubert Bao <bunnier@gmail.com>
> Signed-off-by: Petr Štetiar <ynezz@true.cz>

Patch applied to wireless-drivers-next.git, thanks.

6b583201fa21 mwl8k: Fix rate_idx underflow

-- 
https://patchwork.kernel.org/patch/10896599/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-04-25 16:53 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-11 18:13 [PATCH] mwl8k: Fix rate_idx underflow Petr Štetiar
2019-04-25 16:53 ` Kalle Valo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).