From: Lorenzo Bianconi <lorenzo@kernel.org>
To: Kalle Valo <kvalo@codeaurora.org>
Cc: nbd@nbd.name, linux-wireless@vger.kernel.org,
lorenzo.bianconi@redhat.com, sean.wang@mediatek.com,
ryder.lee@mediatek.com
Subject: Re: [PATCH wireless-drivers] mt76: fix possible pktid leak
Date: Fri, 26 Nov 2021 15:02:03 +0100 [thread overview]
Message-ID: <YaDo21+/MBeeuTDN@lore-desk> (raw)
In-Reply-To: <163777451567.4686.3609119971518562275.kvalo@codeaurora.org>
[-- Attachment #1: Type: text/plain, Size: 3983 bytes --]
> Lorenzo Bianconi <lorenzo@kernel.org> wrote:
>
> > Fix a possible idr pkt-id leak if the packet is dropped on tx side
> >
> > Fixes: bd1e3e7b693c ("mt76: introduce packet_id idr")
> > Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
> > Acked-by: Felix Fietkau <nbd@nbd.name>
>
> Patch applied to wireless-drivers.git, thanks.
>
> 2a9e9857473b mt76: fix possible pktid leak
Hi Kalle,
Unfortunately I found a regression introduced by this patch for mt7663u (and I
guess for mt7921s as well). Do you want me to post a fix or just a v2?
Sorry for the noise.
@Sean: can you please test the following patch on mt7921s? (I do not have the hw).
Regards,
Lorenzo
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/usb_sdio.c b/drivers/net/wireless/mediatek/mt76/mt7615/usb_sdio.c
index bfe6c1579dc1..c51c1d82083e 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/usb_sdio.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/usb_sdio.c
@@ -43,10 +43,9 @@ EXPORT_SYMBOL_GPL(mt7663_usb_sdio_reg_map);
static void
mt7663_usb_sdio_write_txwi(struct mt7615_dev *dev, struct mt76_wcid *wcid,
enum mt76_txq_id qid, struct ieee80211_sta *sta,
- int pid, struct sk_buff *skb)
+ struct ieee80211_key_conf *key, int pid,
+ struct sk_buff *skb)
{
- struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
- struct ieee80211_key_conf *key = info->control.hw_key;
__le32 *txwi;
txwi = (__le32 *)(skb->data - MT_USB_TXD_SIZE);
@@ -188,6 +187,7 @@ int mt7663_usb_sdio_tx_prepare_skb(struct mt76_dev *mdev, void *txwi_ptr,
struct mt7615_dev *dev = container_of(mdev, struct mt7615_dev, mt76);
struct sk_buff *skb = tx_info->skb;
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ struct ieee80211_key_conf *key = info->control.hw_key;
struct mt7615_sta *msta;
int pad, err, pktid;
@@ -205,7 +205,7 @@ int mt7663_usb_sdio_tx_prepare_skb(struct mt76_dev *mdev, void *txwi_ptr,
}
pktid = mt76_tx_status_skb_add(&dev->mt76, wcid, skb);
- mt7663_usb_sdio_write_txwi(dev, wcid, qid, sta, pktid, skb);
+ mt7663_usb_sdio_write_txwi(dev, wcid, qid, sta, key, pktid, skb);
if (mt76_is_usb(mdev)) {
u32 len = skb->len;
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c b/drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c
index 85b3d88f8ecc..c7d54e5c8392 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c
@@ -142,10 +142,9 @@ int mt7921s_mac_reset(struct mt7921_dev *dev)
static void
mt7921s_write_txwi(struct mt7921_dev *dev, struct mt76_wcid *wcid,
enum mt76_txq_id qid, struct ieee80211_sta *sta,
- int pid, struct sk_buff *skb)
+ struct ieee80211_key_conf *key, int pid,
+ struct sk_buff *skb)
{
- struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
- struct ieee80211_key_conf *key = info->control.hw_key;
__le32 *txwi;
txwi = (__le32 *)(skb->data - MT_SDIO_TXD_SIZE);
@@ -161,6 +160,7 @@ int mt7921s_tx_prepare_skb(struct mt76_dev *mdev, void *txwi_ptr,
{
struct mt7921_dev *dev = container_of(mdev, struct mt7921_dev, mt76);
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx_info->skb);
+ struct ieee80211_key_conf *key = info->control.hw_key;
struct sk_buff *skb = tx_info->skb;
int err, pad, pktid;
@@ -180,7 +180,7 @@ int mt7921s_tx_prepare_skb(struct mt76_dev *mdev, void *txwi_ptr,
}
pktid = mt76_tx_status_skb_add(&dev->mt76, wcid, skb);
- mt7921s_write_txwi(dev, wcid, qid, sta, pktid, skb);
+ mt7921s_write_txwi(dev, wcid, qid, sta, key, pktid, skb);
mt7921_skb_add_sdio_hdr(skb, MT7921_SDIO_DATA);
pad = round_up(skb->len, 4) - skb->len;
>
> --
> https://patchwork.kernel.org/project/linux-wireless/patch/a560caffcc24452fb48af53904bbe5c45ea5db93.1637602268.git.lorenzo@kernel.org/
>
> https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
next prev parent reply other threads:[~2021-11-26 14:40 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-22 17:34 [PATCH wireless-drivers] mt76: fix possible pktid leak Lorenzo Bianconi
2021-11-24 8:07 ` Kalle Valo
2021-11-24 8:58 ` Felix Fietkau
2021-11-24 17:21 ` Kalle Valo
2021-11-26 14:02 ` Lorenzo Bianconi [this message]
2021-11-26 14:57 ` Kalle Valo
2021-11-26 15:26 ` Lorenzo Bianconi
2021-11-26 15:57 ` Kalle Valo
2021-11-26 16:23 ` Lorenzo Bianconi
2021-11-27 14:27 ` Lorenzo Bianconi
2021-11-29 8:52 ` Kalle Valo
2021-11-29 13:32 ` lorenzo bianconi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YaDo21+/MBeeuTDN@lore-desk \
--to=lorenzo@kernel.org \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
--cc=lorenzo.bianconi@redhat.com \
--cc=nbd@nbd.name \
--cc=ryder.lee@mediatek.com \
--cc=sean.wang@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.