All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 0/1] Fix potential HE IE bug and some other questions
@ 2022-09-28 22:49 James Prestwood
  2022-09-28 22:49 ` [PATCH 1/1] wifi: mac80211: fix probe req HE capabilities access James Prestwood
  2022-09-29  9:56 ` [PATCH 0/1] Fix potential HE IE bug and some other questions Johannes Berg
  0 siblings, 2 replies; 3+ messages in thread
From: James Prestwood @ 2022-09-28 22:49 UTC (permalink / raw)
  To: linux-wireless; +Cc: James Prestwood

I believe there is a bug when building the probe request IEs for the
HE capabilities. More info in the patch. While looking at this I
noticed some other confusing code related to building the probe
request.

Looking at ieee80211_build_preq_ies. It is passed 'bands_used' which
is a bitmask of bands. A probe request is only sent out on a single
band so why would this contain multiple bands? We then loop over these
bands and call ieee80211_build_preq_ies_band for each one.
This, AFAICT, would append the same IEs multiple times if 'bands_used'
contained more than one band. Internal to mac80211/util.c its only
passed BIT(chan->band), but mac80211/scan.c seems to pass a list...

Below is the warning I am seeing (many, many times). It says the warning
is in build_preq_ies, but it really seems like this is not correct
and its actually in ieee80211_get_he_6ghz_capa since I see no warning
message as others _should_ have.

[  732.130000] ------------[ cut here ]------------
[  732.130000] WARNING: CPU: 0 PID: 1352 at include/net/cfg80211.h:608 ieee80211_build_preq_ies+0x766/0x84d
[  732.130000] Modules linked in:
[  732.130000] CPU: 0 PID: 1352 Comm: kworker/u2:0 Tainted: G        W         5.19.0 #1
[  732.130000] Workqueue: rad6 ieee80211_scan_work
[  732.130000] Stack:
[  732.130000]  605d0943 60256c96 60035421 00000001
[  732.130000]  6052cddd 60450efa 61f3d5d9 60454c00
[  732.130000]  00000000 00000000 00000009 6003e77d
[  732.130000] Call Trace:
[  732.130000]  [<60256c96>] ? dump_stack_print_info+0xe1/0xef
[  732.130000]  [<60035421>] ? um_set_signals+0x0/0x3c
[  732.130000]  [<60450efa>] ? _printk+0x0/0x9f
[  732.130000]  [<60454c00>] ? dump_stack_lvl+0x47/0x52
[  732.130000]  [<6003e77d>] ? __warn+0xf2/0x123
[  732.130000]  [<60035449>] ? um_set_signals+0x28/0x3c
[  732.130000]  [<604501bb>] ? warn_slowpath_fmt+0xd6/0xe2
[  732.130000]  [<6042830f>] ? ieee80211_prepare_and_rx_handle+0xbf4/0xc22
[  732.130000]  [<604500e5>] ? warn_slowpath_fmt+0x0/0xe2
[  732.130000]  [<603d3bc5>] ? ieee80211_ie_split_ric+0xe4/0xfe
[  732.130000]  [<60035421>] ? um_set_signals+0x0/0x3c
[  732.130000]  [<604341ac>] ? ieee80211_vif_type_p2p+0x0/0x26
[  732.130000]  [<6043aeb5>] ? ieee80211_build_preq_ies+0x766/0x84d
[  732.130000]  [<60035377>] ? unblock_signals+0x36/0xe0
[  732.130000]  [<60429f6c>] ? skb_put_zero+0x2c/0x34
[  732.130000]  [<60429f40>] ? skb_put_zero+0x0/0x34
[  732.130000]  [<6043b095>] ? ieee80211_build_probe_req+0xf9/0x161
[  732.130000]  [<6040c2ed>] ? ieee80211_scan_state_send_probe+0xaf/0x14c
[  732.130000]  [<60051181>] ? queue_delayed_work_on+0x67/0x72
[  732.130000]  [<6040d1b0>] ? ieee80211_scan_work+0x40b/0x503
[  732.130000]  [<6040cda5>] ? ieee80211_scan_work+0x0/0x503
[  732.130000]  [<600529de>] ? process_one_work+0x1b0/0x2b1
[  732.130000]  [<6004f829>] ? move_linked_works+0x0/0x57
[  732.130000]  [<60053086>] ? worker_thread+0x270/0x39b
[  732.130000]  [<6004f909>] ? set_pf_worker+0x0/0x5f
[  732.130000]  [<60057231>] ? arch_local_irq_save+0x0/0x26
[  732.130000]  [<60035449>] ? um_set_signals+0x28/0x3c
[  732.130000]  [<60052e16>] ? worker_thread+0x0/0x39b
[  732.130000]  [<600588ef>] ? kthread_exit+0x0/0x37
[  732.130000]  [<60052e16>] ? worker_thread+0x0/0x39b
[  732.130000]  [<60058a6d>] ? kthread+0x11f/0x124
[  732.130000]  [<60035377>] ? unblock_signals+0x36/0xe0
[  732.130000]  [<60021f95>] ? new_thread_handler+0x86/0xbb
[  732.130000] ---[ end trace 0000000000000000 ]---
[  732.210000] ------------[ cut here ]------------


James Prestwood (1):
  wifi: mac80211: fix probe req HE capabilities access

 net/mac80211/util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.34.3


^ permalink raw reply	[flat|nested] 3+ messages in thread
* [PATCH 1/1] wifi: mac80211: fix probe req HE capabilities access
  2022-09-28 22:49 [PATCH 0/1] Fix potential HE IE bug and some other questions James Prestwood
@ 2022-09-28 22:49 ` James Prestwood
  2022-09-29  9:56 ` [PATCH 0/1] Fix potential HE IE bug and some other questions Johannes Berg
  1 sibling, 0 replies; 3+ messages in thread
From: James Prestwood @ 2022-09-28 22:49 UTC (permalink / raw)
  To: linux-wireless; +Cc: James Prestwood

When building the probe request IEs HE support is checked for
the 6GHz band (wiphy->bands[NL80211_BAND_6GHZ]). If supported
the HE capability IE should be included according to the spec.
The problem is the 16-bit capability is obtained from the
band object (sband) that was passed in, not the 6GHz band
object (sband6). If the sband object doesn't support HE it will
result in a warning.

Fixes: 7d29bc50b30e ("mac80211: always include HE 6GHz capability in probe request")
Signed-off-by: James Prestwood <prestwoj@gmail.com>
---
 net/mac80211/util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 0ea5d50091dc..be69cddaf139 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -2046,7 +2046,7 @@ static int ieee80211_build_preq_ies_band(struct ieee80211_sub_if_data *sdata,
 		if (he_cap) {
 			enum nl80211_iftype iftype =
 				ieee80211_vif_type_p2p(&sdata->vif);
-			__le16 cap = ieee80211_get_he_6ghz_capa(sband, iftype);
+			__le16 cap = ieee80211_get_he_6ghz_capa(sband6, iftype);
 
 			pos = ieee80211_write_he_6ghz_cap(pos, cap, end);
 		}
-- 
2.34.3


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH 0/1] Fix potential HE IE bug and some other questions
  2022-09-28 22:49 [PATCH 0/1] Fix potential HE IE bug and some other questions James Prestwood
  2022-09-28 22:49 ` [PATCH 1/1] wifi: mac80211: fix probe req HE capabilities access James Prestwood
@ 2022-09-29  9:56 ` Johannes Berg
  1 sibling, 0 replies; 3+ messages in thread
From: Johannes Berg @ 2022-09-29  9:56 UTC (permalink / raw)
  To: James Prestwood, linux-wireless

On Wed, 2022-09-28 at 15:49 -0700, James Prestwood wrote:
> I believe there is a bug when building the probe request IEs for the
> HE capabilities. More info in the patch.
> 

That fix seems right.

> While looking at this I
> noticed some other confusing code related to building the probe
> request.
> 
> Looking at ieee80211_build_preq_ies. It is passed 'bands_used' which
> is a bitmask of bands. A probe request is only sent out on a single
> band so why would this contain multiple bands? 
> 

The function can be used to prepare a HW scan request, which can contain
the elements for all bands that the HW is being asked to scan on.

> We then loop over these
> bands and call ieee80211_build_preq_ies_band for each one.

Correct, and ie_desc->ies[band]/len[band] gets the pointer/size for each
band.

> This, AFAICT, would append the same IEs multiple times if 'bands_used'
> contained more than one band.
> 

Correct.

> Internal to mac80211/util.c its only
> passed BIT(chan->band), but mac80211/scan.c seems to pass a list...

Right, that's because "internal" is ieee80211_build_probe_req(), which
builds only a single probe request, while the other code is for HW scan.

> Below is the warning I am seeing (many, many times). It says the warning
> is in build_preq_ies, but it really seems like this is not correct
> and its actually in ieee80211_get_he_6ghz_capa since I see no warning
> message as others _should_ have.
> 
> [  732.130000] ------------[ cut here ]------------
> [  732.130000] WARNING: CPU: 0 PID: 1352 at include/net/cfg80211.h:608 ieee80211_build_preq_ies+0x766/0x84d

The line number is in ieee80211_get_he_6ghz_capa() but that's inlined,
and that doesn't always work so well for the symbol resolution.

johannes

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-09-29  9:56 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-28 22:49 [PATCH 0/1] Fix potential HE IE bug and some other questions James Prestwood
2022-09-28 22:49 ` [PATCH 1/1] wifi: mac80211: fix probe req HE capabilities access James Prestwood
2022-09-29  9:56 ` [PATCH 0/1] Fix potential HE IE bug and some other questions Johannes Berg

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.