From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Johannes Berg <johannes.berg@intel.com>,
Miri Korenblit <miriam.rachel.korenblit@intel.com>,
Sasha Levin <sashal@kernel.org>,
kvalo@kernel.org, gregory.greenman@intel.com,
emmanuel.grumbach@intel.com, ilan.peer@intel.com,
shaul.triebitz@intel.com, benjamin.berg@intel.com,
linux-wireless@vger.kernel.org
Subject: [PATCH AUTOSEL 6.6 009/139] wifi: iwlwifi: mvm: drop wrong STA selection in TX
Date: Wed, 25 Sep 2024 08:07:09 -0400 [thread overview]
Message-ID: <20240925121137.1307574-9-sashal@kernel.org> (raw)
In-Reply-To: <20240925121137.1307574-1-sashal@kernel.org>
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 1c7e1068a7c9c39ed27636db93e71911e0045419 ]
This shouldn't happen at all, since in station mode all MMPDUs
go through the TXQ for the STA, and not this function. There
may or may not be a race in mac80211 through which this might
happen for some frames while a station is being added, but in
that case we can also just drop the frame and pretend the STA
didn't exist yet.
Also, the code is simply wrong since it uses deflink, and it's
not easy to fix it since the mvmvif->ap_sta pointer cannot be
used without the mutex, and perhaps the right link might not
even be known.
Just drop the frame at that point instead of trying to fix it
up.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20240808232017.45ad105dc7fe.I6d45c82e5758395d9afb8854057ded03c7dc81d7@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/intel/iwlwifi/mvm/mac80211.c | 16 +++-------------
1 file changed, 3 insertions(+), 13 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
index f973efbbc3795..c6264ff10d883 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -766,20 +766,10 @@ void iwl_mvm_mac_tx(struct ieee80211_hw *hw,
if (ieee80211_is_mgmt(hdr->frame_control))
sta = NULL;
- /* If there is no sta, and it's not offchannel - send through AP */
+ /* this shouldn't even happen: just drop */
if (!sta && info->control.vif->type == NL80211_IFTYPE_STATION &&
- !offchannel) {
- struct iwl_mvm_vif *mvmvif =
- iwl_mvm_vif_from_mac80211(info->control.vif);
- u8 ap_sta_id = READ_ONCE(mvmvif->deflink.ap_sta_id);
-
- if (ap_sta_id < mvm->fw->ucode_capa.num_stations) {
- /* mac80211 holds rcu read lock */
- sta = rcu_dereference(mvm->fw_id_to_mac_id[ap_sta_id]);
- if (IS_ERR_OR_NULL(sta))
- goto drop;
- }
- }
+ !offchannel)
+ goto drop;
if (tmp_sta && !sta && link_id != IEEE80211_LINK_UNSPECIFIED &&
!ieee80211_is_probe_resp(hdr->frame_control)) {
--
2.43.0
next prev parent reply other threads:[~2024-09-25 12:12 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-25 12:07 [PATCH AUTOSEL 6.6 001/139] wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 002/139] wifi: rtw89: avoid to add interface to list twice when SER Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 003/139] wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 008/139] wifi: iwlwifi: mvm: Fix a race in scan abort flow Sasha Levin
2024-09-25 12:07 ` Sasha Levin [this message]
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 010/139] wifi: cfg80211: Set correct chandef when starting CAC Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 019/139] wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 027/139] wifi: ath12k: fix array out-of-bound access in SoC stats Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 028/139] wifi: ath11k: " Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 029/139] wifi: rtw88: select WANT_DEV_COREDUMP Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 037/139] wifi: rtw89: correct base HT rate mask for firmware Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 044/139] wifi: iwlwifi: mvm: use correct key iteration Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 045/139] wifi: iwlwifi: mvm: avoid NULL pointer dereference Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 046/139] wifi: mac80211: fix RCU list iterations Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 052/139] wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 053/139] wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker Sasha Levin
2024-09-25 12:07 ` [PATCH AUTOSEL 6.6 055/139] wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Sasha Levin
2024-10-05 8:57 ` [PATCH AUTOSEL 6.6 001/139] wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() Pavel Machek
2024-10-05 9:06 ` Greg KH
2024-10-05 12:03 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240925121137.1307574-9-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=benjamin.berg@intel.com \
--cc=emmanuel.grumbach@intel.com \
--cc=gregory.greenman@intel.com \
--cc=ilan.peer@intel.com \
--cc=johannes.berg@intel.com \
--cc=kvalo@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=miriam.rachel.korenblit@intel.com \
--cc=shaul.triebitz@intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).