From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Gregory Greenman <gregory.greenman@intel.com>,
Luca Coelho <luciano.coelho@intel.com>,
Kalle Valo <kvalo@codeaurora.org>,
Sasha Levin <sashal@kernel.org>,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.4 12/17] iwlwifi: mvm: invalidate IDs of internal stations at mvm start
Date: Tue, 2 Feb 2021 10:06:46 -0500 [thread overview]
Message-ID: <20210202150651.1864426-12-sashal@kernel.org> (raw)
In-Reply-To: <20210202150651.1864426-1-sashal@kernel.org>
From: Gregory Greenman <gregory.greenman@intel.com>
[ Upstream commit e223e42aac30bf81f9302c676cdf58cf2bf36950 ]
Having sta_id not set for aux_sta and snif_sta can potentially lead to a
hard to debug issue in case remove station is called without an add. In
this case sta_id 0, an unrelated regular station, will be removed.
In fact, we do have a FW assert that occures rarely and from the debug
data analysis it looks like sta_id 0 is removed by mistake, though it's
hard to pinpoint the exact flow. The WARN_ON in this patch should help
to find it.
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/iwlwifi.20210122144849.5dc6dd9b22d5.I2add1b5ad24d0d0a221de79d439c09f88fcaf15d@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 4 ++++
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 6 ++++++
2 files changed, 10 insertions(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/ops.c b/drivers/net/wireless/intel/iwlwifi/mvm/ops.c
index b04cc6214bac8..bc25a59807c34 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/ops.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/ops.c
@@ -838,6 +838,10 @@ iwl_op_mode_mvm_start(struct iwl_trans *trans, const struct iwl_cfg *cfg,
if (!mvm->scan_cmd)
goto out_free;
+ /* invalidate ids to prevent accidental removal of sta_id 0 */
+ mvm->aux_sta.sta_id = IWL_MVM_INVALID_STA;
+ mvm->snif_sta.sta_id = IWL_MVM_INVALID_STA;
+
/* Set EBS as successful as long as not stated otherwise by the FW. */
mvm->last_ebs_successful = true;
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
index a36aa9e85e0b3..40cafcf40ccf0 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
@@ -2070,6 +2070,9 @@ int iwl_mvm_rm_snif_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
lockdep_assert_held(&mvm->mutex);
+ if (WARN_ON_ONCE(mvm->snif_sta.sta_id == IWL_MVM_INVALID_STA))
+ return -EINVAL;
+
iwl_mvm_disable_txq(mvm, NULL, mvm->snif_queue, IWL_MAX_TID_COUNT, 0);
ret = iwl_mvm_rm_sta_common(mvm, mvm->snif_sta.sta_id);
if (ret)
@@ -2084,6 +2087,9 @@ int iwl_mvm_rm_aux_sta(struct iwl_mvm *mvm)
lockdep_assert_held(&mvm->mutex);
+ if (WARN_ON_ONCE(mvm->aux_sta.sta_id == IWL_MVM_INVALID_STA))
+ return -EINVAL;
+
iwl_mvm_disable_txq(mvm, NULL, mvm->aux_queue, IWL_MAX_TID_COUNT, 0);
ret = iwl_mvm_rm_sta_common(mvm, mvm->aux_sta.sta_id);
if (ret)
--
2.27.0
next prev parent reply other threads:[~2021-02-02 15:52 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-02 15:06 [PATCH AUTOSEL 5.4 01/17] af_key: relax availability checks for skb size calculation Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 02/17] regulator: core: avoid regulator_resolve_supply() race condition Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 03/17] mac80211: 160MHz with extended NSS BW in CSA Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 04/17] ASoC: Intel: Skylake: Zero snd_ctl_elem_value Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 05/17] chtls: Fix potential resource leak Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 06/17] pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process() Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 07/17] ASoC: ak4458: correct reset polarity Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 08/17] iwlwifi: mvm: skip power command when unbinding vif during CSA Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 09/17] iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 10/17] iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 11/17] iwlwifi: pcie: fix context info memory leak Sasha Levin
2021-02-02 15:06 ` Sasha Levin [this message]
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 13/17] iwlwifi: mvm: guard against device removal in reprobe Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 14/17] SUNRPC: Move simple_get_bytes and simple_get_netobj into private header Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 15/17] SUNRPC: Handle 0 length opaque XDR object data properly Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 16/17] i2c: mediatek: Move suspend and resume handling to NOIRQ phase Sasha Levin
2021-02-02 15:06 ` [PATCH AUTOSEL 5.4 17/17] blk-cgroup: Use cond_resched() when destroy blkgs Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210202150651.1864426-12-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=gregory.greenman@intel.com \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=luciano.coelho@intel.com \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).