linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2] mac80211: prevent the buffering or frame transmission to non-assoc mesh STA
@ 2013-06-27 10:42 Chun-Yeow Yeoh
  0 siblings, 0 replies; 3+ messages in thread
From: Chun-Yeow Yeoh @ 2013-06-27 10:42 UTC (permalink / raw)
  To: linux-wireless; +Cc: johannes, linville, devel, Chun-Yeow Yeoh

This patch is intended to avoid the buffering to non-assoc mesh STA
and also to avoid the triggering of frame to non-assoc mesh STA which
could cause kernel panic in specific hw.

One of the examples, is kernel panic happens to ath9k if user space
inserts the mesh STA and not proceed with the SAE and AMPE, and later
the same mesh STA is detected again. The sta_state of the mesh STA remains
at IEEE80211_STA_NONE and if the ieee80211_sta_ps_deliver_wakeup is called
and subsequently the ath_tx_aggr_wakeup, the kernel panic due to
ath_tx_node_init is not called before to initialize the require data
structures.

This issue is reported by Cedric Voncken before.
http://www.spinics.net/lists/linux-wireless/msg106342.html

[<831ea6b4>] ath_tx_aggr_wakeup+0x44/0xcc [ath9k]
[<83084214>] ieee80211_sta_ps_deliver_wakeup+0xb8/0x208 [mac80211]
[<830b9824>] ieee80211_mps_sta_status_update+0x94/0x108 [mac80211]
[<83099398>] ieee80211_sta_ps_transition+0xc94/0x34d8 [mac80211]
[<8022399c>] nf_iterate+0x98/0x104
[<8309bb60>] ieee80211_sta_ps_transition+0x345c/0x34d8 [mac80211]

Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
---
v2: 
	change the subject to be less ath9k-centric (Johannes)
	push the checking higher to prevent buffering for non-assoc STA (Bob Copeland)

 net/mac80211/mesh_ps.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/net/mac80211/mesh_ps.c b/net/mac80211/mesh_ps.c
index 3b7bfc0..22290a9 100644
--- a/net/mac80211/mesh_ps.c
+++ b/net/mac80211/mesh_ps.c
@@ -229,6 +229,10 @@ void ieee80211_mps_sta_status_update(struct sta_info *sta)
 	enum nl80211_mesh_power_mode pm;
 	bool do_buffer;
 
+	/* For non-assoc STA, prevent buffering or frame transmission */
+	if (sta->sta_state < IEEE80211_STA_ASSOC)
+		return;
+
 	/*
 	 * use peer-specific power mode if peering is established and the
 	 * peer's power mode is known
-- 
1.7.0.4


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH v2] mac80211: prevent the buffering or frame transmission to non-assoc mesh STA
@ 2013-07-19  9:37 Chun-Yeow Yeoh
  2013-07-22 13:33 ` Johannes Berg
  0 siblings, 1 reply; 3+ messages in thread
From: Chun-Yeow Yeoh @ 2013-07-19  9:37 UTC (permalink / raw)
  To: linux-wireless; +Cc: johannes, linville, Chun-Yeow Yeoh

This patch is intended to avoid the buffering to non-assoc mesh STA
and also to avoid the triggering of frame to non-assoc mesh STA which
could cause kernel panic in specific hw.

One of the examples, is kernel panic happens to ath9k if user space
inserts the mesh STA and not proceed with the SAE and AMPE, and later
the same mesh STA is detected again. The sta_state of the mesh STA remains
at IEEE80211_STA_NONE and if the ieee80211_sta_ps_deliver_wakeup is called
and subsequently the ath_tx_aggr_wakeup, the kernel panic due to
ath_tx_node_init is not called before to initialize the require data
structures.

This issue is reported by Cedric Voncken before.
http://www.spinics.net/lists/linux-wireless/msg106342.html

[<831ea6b4>] ath_tx_aggr_wakeup+0x44/0xcc [ath9k]
[<83084214>] ieee80211_sta_ps_deliver_wakeup+0xb8/0x208 [mac80211]
[<830b9824>] ieee80211_mps_sta_status_update+0x94/0x108 [mac80211]
[<83099398>] ieee80211_sta_ps_transition+0xc94/0x34d8 [mac80211]
[<8022399c>] nf_iterate+0x98/0x104
[<8309bb60>] ieee80211_sta_ps_transition+0x345c/0x34d8 [mac80211]

Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
---
v2: 
	change the subject to be less ath9k-centric (Johannes)
	push the checking higher to prevent buffering for non-assoc STA (Bob Copeland)

 net/mac80211/mesh_ps.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/net/mac80211/mesh_ps.c b/net/mac80211/mesh_ps.c
index 3b7bfc0..22290a9 100644
--- a/net/mac80211/mesh_ps.c
+++ b/net/mac80211/mesh_ps.c
@@ -229,6 +229,10 @@ void ieee80211_mps_sta_status_update(struct sta_info *sta)
 	enum nl80211_mesh_power_mode pm;
 	bool do_buffer;
 
+	/* For non-assoc STA, prevent buffering or frame transmission */
+	if (sta->sta_state < IEEE80211_STA_ASSOC)
+		return;
+
 	/*
 	 * use peer-specific power mode if peering is established and the
 	 * peer's power mode is known
-- 
1.7.0.4


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] mac80211: prevent the buffering or frame transmission to non-assoc mesh STA
  2013-07-19  9:37 [PATCH v2] mac80211: prevent the buffering or frame transmission to non-assoc mesh STA Chun-Yeow Yeoh
@ 2013-07-22 13:33 ` Johannes Berg
  0 siblings, 0 replies; 3+ messages in thread
From: Johannes Berg @ 2013-07-22 13:33 UTC (permalink / raw)
  To: Chun-Yeow Yeoh; +Cc: linux-wireless, linville

On Fri, 2013-07-19 at 17:37 +0800, Chun-Yeow Yeoh wrote:
> This patch is intended to avoid the buffering to non-assoc mesh STA
> and also to avoid the triggering of frame to non-assoc mesh STA which
> could cause kernel panic in specific hw.

Applied. I still find checking the station state a bit odd, but I guess
making sure the station is fine in the callers isn't possible?

johannes


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-07-22 13:33 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-07-19  9:37 [PATCH v2] mac80211: prevent the buffering or frame transmission to non-assoc mesh STA Chun-Yeow Yeoh
2013-07-22 13:33 ` Johannes Berg
  -- strict thread matches above, loose matches on Subject: below --
2013-06-27 10:42 Chun-Yeow Yeoh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).