From: Lorenzo Bianconi <lorenzo@kernel.org>
To: Kalle Valo <kvalo@codeaurora.org>
Cc: nbd@nbd.name, linux-wireless@vger.kernel.org,
lorenzo.bianconi@redhat.com, sean.wang@mediatek.com,
ryder.lee@mediatek.com
Subject: Re: [PATCH wireless-drivers] mt76: fix possible pktid leak
Date: Fri, 26 Nov 2021 15:02:03 +0100 [thread overview]
Message-ID: <YaDo21+/MBeeuTDN@lore-desk> (raw)
In-Reply-To: <163777451567.4686.3609119971518562275.kvalo@codeaurora.org>
[-- Attachment #1: Type: text/plain, Size: 3983 bytes --]
> Lorenzo Bianconi <lorenzo@kernel.org> wrote:
>
> > Fix a possible idr pkt-id leak if the packet is dropped on tx side
> >
> > Fixes: bd1e3e7b693c ("mt76: introduce packet_id idr")
> > Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
> > Acked-by: Felix Fietkau <nbd@nbd.name>
>
> Patch applied to wireless-drivers.git, thanks.
>
> 2a9e9857473b mt76: fix possible pktid leak
Hi Kalle,
Unfortunately I found a regression introduced by this patch for mt7663u (and I
guess for mt7921s as well). Do you want me to post a fix or just a v2?
Sorry for the noise.
@Sean: can you please test the following patch on mt7921s? (I do not have the hw).
Regards,
Lorenzo
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/usb_sdio.c b/drivers/net/wireless/mediatek/mt76/mt7615/usb_sdio.c
index bfe6c1579dc1..c51c1d82083e 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/usb_sdio.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/usb_sdio.c
@@ -43,10 +43,9 @@ EXPORT_SYMBOL_GPL(mt7663_usb_sdio_reg_map);
static void
mt7663_usb_sdio_write_txwi(struct mt7615_dev *dev, struct mt76_wcid *wcid,
enum mt76_txq_id qid, struct ieee80211_sta *sta,
- int pid, struct sk_buff *skb)
+ struct ieee80211_key_conf *key, int pid,
+ struct sk_buff *skb)
{
- struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
- struct ieee80211_key_conf *key = info->control.hw_key;
__le32 *txwi;
txwi = (__le32 *)(skb->data - MT_USB_TXD_SIZE);
@@ -188,6 +187,7 @@ int mt7663_usb_sdio_tx_prepare_skb(struct mt76_dev *mdev, void *txwi_ptr,
struct mt7615_dev *dev = container_of(mdev, struct mt7615_dev, mt76);
struct sk_buff *skb = tx_info->skb;
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ struct ieee80211_key_conf *key = info->control.hw_key;
struct mt7615_sta *msta;
int pad, err, pktid;
@@ -205,7 +205,7 @@ int mt7663_usb_sdio_tx_prepare_skb(struct mt76_dev *mdev, void *txwi_ptr,
}
pktid = mt76_tx_status_skb_add(&dev->mt76, wcid, skb);
- mt7663_usb_sdio_write_txwi(dev, wcid, qid, sta, pktid, skb);
+ mt7663_usb_sdio_write_txwi(dev, wcid, qid, sta, key, pktid, skb);
if (mt76_is_usb(mdev)) {
u32 len = skb->len;
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c b/drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c
index 85b3d88f8ecc..c7d54e5c8392 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c
@@ -142,10 +142,9 @@ int mt7921s_mac_reset(struct mt7921_dev *dev)
static void
mt7921s_write_txwi(struct mt7921_dev *dev, struct mt76_wcid *wcid,
enum mt76_txq_id qid, struct ieee80211_sta *sta,
- int pid, struct sk_buff *skb)
+ struct ieee80211_key_conf *key, int pid,
+ struct sk_buff *skb)
{
- struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
- struct ieee80211_key_conf *key = info->control.hw_key;
__le32 *txwi;
txwi = (__le32 *)(skb->data - MT_SDIO_TXD_SIZE);
@@ -161,6 +160,7 @@ int mt7921s_tx_prepare_skb(struct mt76_dev *mdev, void *txwi_ptr,
{
struct mt7921_dev *dev = container_of(mdev, struct mt7921_dev, mt76);
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx_info->skb);
+ struct ieee80211_key_conf *key = info->control.hw_key;
struct sk_buff *skb = tx_info->skb;
int err, pad, pktid;
@@ -180,7 +180,7 @@ int mt7921s_tx_prepare_skb(struct mt76_dev *mdev, void *txwi_ptr,
}
pktid = mt76_tx_status_skb_add(&dev->mt76, wcid, skb);
- mt7921s_write_txwi(dev, wcid, qid, sta, pktid, skb);
+ mt7921s_write_txwi(dev, wcid, qid, sta, key, pktid, skb);
mt7921_skb_add_sdio_hdr(skb, MT7921_SDIO_DATA);
pad = round_up(skb->len, 4) - skb->len;
>
> --
> https://patchwork.kernel.org/project/linux-wireless/patch/a560caffcc24452fb48af53904bbe5c45ea5db93.1637602268.git.lorenzo@kernel.org/
>
> https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
next prev parent reply other threads:[~2021-11-26 14:40 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-22 17:34 [PATCH wireless-drivers] mt76: fix possible pktid leak Lorenzo Bianconi
2021-11-24 8:07 ` Kalle Valo
2021-11-24 8:58 ` Felix Fietkau
2021-11-24 17:21 ` Kalle Valo
2021-11-26 14:02 ` Lorenzo Bianconi [this message]
2021-11-26 14:57 ` Kalle Valo
2021-11-26 15:26 ` Lorenzo Bianconi
2021-11-26 15:57 ` Kalle Valo
2021-11-26 16:23 ` Lorenzo Bianconi
2021-11-27 14:27 ` Lorenzo Bianconi
2021-11-29 8:52 ` Kalle Valo
2021-11-29 13:32 ` lorenzo bianconi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YaDo21+/MBeeuTDN@lore-desk \
--to=lorenzo@kernel.org \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
--cc=lorenzo.bianconi@redhat.com \
--cc=nbd@nbd.name \
--cc=ryder.lee@mediatek.com \
--cc=sean.wang@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox