From: "Jérôme Pouiller" <Jerome.Pouiller@silabs.com>
To: "devel@driverdev.osuosl.org" <devel@driverdev.osuosl.org>,
"linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>
Cc: "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"David S . Miller" <davem@davemloft.net>,
Kalle Valo <kvalo@codeaurora.org>
Subject: [PATCH v2 47/65] staging: wfx: fix bss_loss
Date: Wed, 15 Jan 2020 13:55:10 +0000 [thread overview]
Message-ID: <20200115135338.14374-48-Jerome.Pouiller@silabs.com> (raw)
In-Reply-To: <20200115135338.14374-1-Jerome.Pouiller@silabs.com>
From: Jérôme Pouiller <jerome.pouiller@silabs.com>
wfx_tx_confirm_cb() retrieves the station associated with a frame using
the MAC address from the 802.11 header. In the other side wfx_tx()
retrieves the station using sta field from the ieee80211_tx_control
argument.
In wfx_cqm_bssloss_sm(), wfx_tx() was called directly without valid sta
field, but with a valid MAC address in 802.11 header. So there the
processing of this packet was unbalanced and may produce weird bugs.
Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
---
drivers/staging/wfx/sta.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/wfx/sta.c b/drivers/staging/wfx/sta.c
index aebce96dcd4a..1c10ebd11944 100644
--- a/drivers/staging/wfx/sta.c
+++ b/drivers/staging/wfx/sta.c
@@ -88,19 +88,25 @@ void wfx_cqm_bssloss_sm(struct wfx_vif *wvif, int init, int good, int bad)
// FIXME: call ieee80211_beacon_loss/ieee80211_connection_loss instead
if (tx) {
struct sk_buff *skb;
+ struct ieee80211_hdr *hdr;
+ struct ieee80211_tx_control control = { };
wvif->bss_loss_state++;
skb = ieee80211_nullfunc_get(wvif->wdev->hw, wvif->vif, false);
if (!skb)
goto end;
+ hdr = (struct ieee80211_hdr *)skb->data;
memset(IEEE80211_SKB_CB(skb), 0,
sizeof(*IEEE80211_SKB_CB(skb)));
IEEE80211_SKB_CB(skb)->control.vif = wvif->vif;
IEEE80211_SKB_CB(skb)->driver_rates[0].idx = 0;
IEEE80211_SKB_CB(skb)->driver_rates[0].count = 1;
IEEE80211_SKB_CB(skb)->driver_rates[1].idx = -1;
- wfx_tx(wvif->wdev->hw, NULL, skb);
+ rcu_read_lock(); // protect control.sta
+ control.sta = ieee80211_find_sta(wvif->vif, hdr->addr1);
+ wfx_tx(wvif->wdev->hw, &control, skb);
+ rcu_read_unlock();
}
end:
mutex_unlock(&wvif->bss_loss_lock);
--
2.25.0
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
next prev parent reply other threads:[~2020-01-15 13:55 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-15 13:54 [PATCH v2 00/65] Simplify and improve the wfx driver Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 01/65] staging: wfx: revert unexpected change in debugfs output Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 02/65] staging: wfx: make hif_scan() usage clearer Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 03/65] staging: wfx: add missing PROBE_RESP_OFFLOAD feature Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 04/65] staging: wfx: send rate policies one by one Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 05/65] staging: wfx: simplify hif_set_tx_rate_retry_policy() usage Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 06/65] staging: wfx: simplify hif_set_output_power() usage Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 07/65] staging: wfx: simplify hif_set_rcpi_rssi_threshold() usage Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 08/65] staging: wfx: simplify hif_set_arp_ipv4_filter() usage Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 09/65] staging: wfx: simplify hif_start() usage Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 10/65] staging: wfx: use specialized structs for HIF arguments Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 11/65] staging: wfx: retrieve ampdu_density from sta->ht_cap Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 12/65] staging: wfx: retrieve greenfield mode from sta->ht_cap and bss_conf Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 13/65] staging: wfx: drop struct wfx_ht_info Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 14/65] staging: wfx: drop wdev->output_power Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 15/65] staging: wfx: simplify wfx_config() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 16/65] staging: wfx: rename wfx_upload_beacon() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 17/65] staging: wfx: simplify wfx_upload_ap_templates() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 18/65] staging: wfx: simplify wfx_update_beaconing() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 19/65] staging: wfx: fix __wfx_flush() when drop == false Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 20/65] staging: wfx: simplify wfx_flush() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 21/65] staging: wfx: simplify update of DTIM period Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 22/65] staging: wfx: drop wvif->dtim_period Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 23/65] staging: wfx: drop wvif->enable_beacon Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 24/65] staging: wfx: drop wvif->cqm_rssi_thold Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 25/65] staging: wfx: drop wvif->setbssparams_done Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 26/65] staging: wfx: drop wfx_set_cts_work() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 27/65] staging: wfx: SSID should be provided to hif_start() even if hidden Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 28/65] staging: wfx: simplify hif_update_ie() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 29/65] staging: wfx: simplify hif_join() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 30/65] staging: wfx: simplify hif_set_association_mode() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 31/65] staging: wfx: simplify hif_set_uc_mc_bc_condition() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 32/65] staging: wfx: simplify hif_mib_uc_mc_bc_data_frame_condition Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 33/65] staging: wfx: simplify hif_mib_set_data_filtering Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 34/65] staging: wfx: simplify hif_set_data_filtering() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 35/65] staging: wfx: simplify hif_set_mac_addr_condition() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 36/65] staging: wfx: simplify hif_set_config_data_filter() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 37/65] staging: wfx: simplify wfx_set_mcast_filter() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 38/65] staging: wfx: simplify wfx_update_filtering() Jérôme Pouiller
2020-01-15 13:54 ` [PATCH v2 39/65] staging: wfx: simplify wfx_scan_complete() Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 40/65] staging: wfx: update power-save per interface Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 41/65] staging: wfx: with multiple vifs, force PS only if channels differs Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 42/65] staging: wfx: do not update uapsd if not necessary Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 43/65] staging: wfx: fix case where RTS threshold is 0 Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 44/65] staging: wfx: fix possible overflow on jiffies comparaison Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 45/65] staging: wfx: remove handling of "early_data" Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 46/65] staging: wfx: relocate "buffered" information to sta_priv Jérôme Pouiller
2020-01-15 13:55 ` Jérôme Pouiller [this message]
2020-01-15 13:55 ` [PATCH v2 48/65] staging: wfx: fix RCU usage Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 49/65] staging: wfx: simplify wfx_set_tim_impl() Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 50/65] staging: wfx: simplify the link-id allocation Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 51/65] staging: wfx: check that no tx is pending before release sta Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 52/65] staging: wfx: replace wfx_tx_get_tid() with ieee80211_get_tid() Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 53/65] staging: wfx: pspoll_mask make no sense Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 54/65] staging: wfx: sta and dtim Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 55/65] staging: wfx: firmware never return PS status for stations Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 56/65] staging: wfx: simplify wfx_suspend_resume_mc() Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 57/65] staging: wfx: simplify handling of IEEE80211_TX_CTL_SEND_AFTER_DTIM Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 58/65] staging: wfx: simplify wfx_ps_notify_sta() Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 59/65] staging: wfx: ensure that packet_id is unique Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 60/65] staging: wfx: remove unused do_probe Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 61/65] staging: wfx: remove check for interface state Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 62/65] staging: wfx: simplify hif_handle_tx_data() Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 63/65] staging: wfx: simplify wfx_tx_queue_get_num_queued() Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 64/65] staging: wfx: simplify hif_multi_tx_confirm() Jérôme Pouiller
2020-01-15 13:55 ` [PATCH v2 65/65] staging: wfx: update TODO Jérôme Pouiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200115135338.14374-48-Jerome.Pouiller@silabs.com \
--to=jerome.pouiller@silabs.com \
--cc=davem@davemloft.net \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).