From: Aditya Kumar Singh <quic_adisi@quicinc.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: Aditya Kumar Singh <quic_adisi@quicinc.com>,
<linux-wireless@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: [PATCH] wifi: cfg80211: fix WARN_ON during CAC cancelling
Date: Wed, 13 Nov 2024 11:57:13 +0530 [thread overview]
Message-ID: <20241113-mlo_dfs_fix-v1-1-e4326736347b@quicinc.com> (raw)
In cfg80211_cac_event(), there’s a check to ensure that for MLO, the
link_id argument passed must be a valid link_id in the wdev. The various
callers of this function (during MLO) are -
* ieee80211_stop_ap()
* ieee80211_link_stop()
* ieee80211_dfs_cac_timer_work()
* ieee80211_dfs_cac_cancel()
Now, in ieee80211_stop_ap() the wdev->valid_links is still having the link
ID which is being stopped. ieee80211_dfs_cac_timer_work() is triggered
after CAC time and the link ID is still valid in wdev->valid_links.
Similarly in ieee80211_dfs_cac_cancel() as well, the link ID is valid in
wdev->valid_links.
However, during the link stop via ieee80211_link_stop() flow, when this
function is called, the link_id is removed from the bitmap, triggering the
WARN_ON. The flow during the stop link is -
nl80211_remove_link
> cfg80211_remove_link
> ieee80211_del_intf_link
> ieee80211_vif_set_links
> ieee80211_vif_update_links
> ieee80211_link_stop
> cfg80211_cac_event
In cfg80211_remove_link(), the link_id is removed from the valid_links
bitmap before ieee80211_del_intf_link() is called. Consequently, in
cfg80211_cac_event(), the WARN_ON is triggered.
Since having link_id set in valid_links is not a necessary condition now,
remove the check.
Fixes: 81f67d60ebf2 ("wifi: cfg80211: handle DFS per link")
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
---
net/wireless/mlme.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index a5eb92d93074e6ce1e08fcc2790b80cf04ff08f8..2a932a036225a3e0587cf5c18a4e80e91552313b 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -1112,10 +1112,6 @@ void cfg80211_cac_event(struct net_device *netdev,
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
unsigned long timeout;
- if (WARN_ON(wdev->valid_links &&
- !(wdev->valid_links & BIT(link_id))))
- return;
-
trace_cfg80211_cac_event(netdev, event, link_id);
if (WARN_ON(!wdev->links[link_id].cac_started &&
---
base-commit: 11597043d74809daf5d14256b96d6781749b3f82
change-id: 20241113-mlo_dfs_fix-1123060109bc
next reply other threads:[~2024-11-13 6:27 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-13 6:27 Aditya Kumar Singh [this message]
2024-11-13 9:29 ` [PATCH] wifi: cfg80211: fix WARN_ON during CAC cancelling Johannes Berg
2024-11-13 14:43 ` Aditya Kumar Singh
2024-11-13 15:48 ` Johannes Berg
2024-11-13 16:20 ` Aditya Kumar Singh
2024-11-15 8:14 ` Johannes Berg
2024-11-19 5:53 ` Aditya Kumar Singh
2024-11-20 8:59 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241113-mlo_dfs_fix-v1-1-e4326736347b@quicinc.com \
--to=quic_adisi@quicinc.com \
--cc=johannes@sipsolutions.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox