From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Masashi Honma <masashi.honma@gmail.com>,
Kalle Valo <kvalo@codeaurora.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.4 29/59] ath9k_htc: Discard undersized packets
Date: Sat, 11 Jan 2020 10:49:38 +0100 [thread overview]
Message-ID: <20200111094844.333620920@linuxfoundation.org> (raw)
In-Reply-To: <20200111094835.417654274@linuxfoundation.org>
From: Masashi Honma <masashi.honma@gmail.com>
[ Upstream commit cd486e627e67ee9ab66914d36d3127ef057cc010 ]
Sometimes the hardware will push small packets that trigger a WARN_ON
in mac80211. Discard them early to avoid this issue.
This patch ports 2 patches from ath9k to ath9k_htc.
commit 3c0efb745a172bfe96459e20cbd37b0c945d5f8d "ath9k: discard
undersized packets".
commit df5c4150501ee7e86383be88f6490d970adcf157 "ath9k: correctly
handle short radar pulses".
[ 112.835889] ------------[ cut here ]------------
[ 112.835971] WARNING: CPU: 5 PID: 0 at net/mac80211/rx.c:804 ieee80211_rx_napi+0xaac/0xb40 [mac80211]
[ 112.835973] Modules linked in: ath9k_htc ath9k_common ath9k_hw ath mac80211 cfg80211 libarc4 nouveau snd_hda_codec_hdmi intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_hda_codec video snd_hda_core ttm snd_hwdep drm_kms_helper snd_pcm crct10dif_pclmul snd_seq_midi drm snd_seq_midi_event crc32_pclmul snd_rawmidi ghash_clmulni_intel snd_seq aesni_intel aes_x86_64 crypto_simd cryptd snd_seq_device glue_helper snd_timer sch_fq_codel i2c_algo_bit fb_sys_fops snd input_leds syscopyarea sysfillrect sysimgblt intel_cstate mei_me intel_rapl_perf soundcore mxm_wmi lpc_ich mei kvm_intel kvm mac_hid irqbypass parport_pc ppdev lp parport ip_tables x_tables autofs4 hid_generic usbhid hid raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear e1000e ahci libahci wmi
[ 112.836022] CPU: 5 PID: 0 Comm: swapper/5 Not tainted 5.3.0-wt #1
[ 112.836023] Hardware name: MouseComputer Co.,Ltd. X99-S01/X99-S01, BIOS 1.0C-W7 04/01/2015
[ 112.836056] RIP: 0010:ieee80211_rx_napi+0xaac/0xb40 [mac80211]
[ 112.836059] Code: 00 00 66 41 89 86 b0 00 00 00 e9 c8 fa ff ff 4c 89 b5 40 ff ff ff 49 89 c6 e9 c9 fa ff ff 48 c7 c7 e0 a2 a5 c0 e8 47 41 b0 e9 <0f> 0b 48 89 df e8 5a 94 2d ea e9 02 f9 ff ff 41 39 c1 44 89 85 60
[ 112.836060] RSP: 0018:ffffaa6180220da8 EFLAGS: 00010286
[ 112.836062] RAX: 0000000000000024 RBX: ffff909a20eeda00 RCX: 0000000000000000
[ 112.836064] RDX: 0000000000000000 RSI: ffff909a2f957448 RDI: ffff909a2f957448
[ 112.836065] RBP: ffffaa6180220e78 R08: 00000000000006e9 R09: 0000000000000004
[ 112.836066] R10: 000000000000000a R11: 0000000000000001 R12: 0000000000000000
[ 112.836068] R13: ffff909a261a47a0 R14: 0000000000000000 R15: 0000000000000004
[ 112.836070] FS: 0000000000000000(0000) GS:ffff909a2f940000(0000) knlGS:0000000000000000
[ 112.836071] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 112.836073] CR2: 00007f4e3ffffa08 CR3: 00000001afc0a006 CR4: 00000000001606e0
[ 112.836074] Call Trace:
[ 112.836076] <IRQ>
[ 112.836083] ? finish_td+0xb3/0xf0
[ 112.836092] ? ath9k_rx_prepare.isra.11+0x22f/0x2a0 [ath9k_htc]
[ 112.836099] ath9k_rx_tasklet+0x10b/0x1d0 [ath9k_htc]
[ 112.836105] tasklet_action_common.isra.22+0x63/0x110
[ 112.836108] tasklet_action+0x22/0x30
[ 112.836115] __do_softirq+0xe4/0x2da
[ 112.836118] irq_exit+0xae/0xb0
[ 112.836121] do_IRQ+0x86/0xe0
[ 112.836125] common_interrupt+0xf/0xf
[ 112.836126] </IRQ>
[ 112.836130] RIP: 0010:cpuidle_enter_state+0xa9/0x440
[ 112.836133] Code: 3d bc 20 38 55 e8 f7 1d 84 ff 49 89 c7 0f 1f 44 00 00 31 ff e8 28 29 84 ff 80 7d d3 00 0f 85 e6 01 00 00 fb 66 0f 1f 44 00 00 <45> 85 ed 0f 89 ff 01 00 00 41 c7 44 24 10 00 00 00 00 48 83 c4 18
[ 112.836134] RSP: 0018:ffffaa61800e3e48 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde
[ 112.836136] RAX: ffff909a2f96b340 RBX: ffffffffabb58200 RCX: 000000000000001f
[ 112.836137] RDX: 0000001a458adc5d RSI: 0000000026c9b581 RDI: 0000000000000000
[ 112.836139] RBP: ffffaa61800e3e88 R08: 0000000000000002 R09: 000000000002abc0
[ 112.836140] R10: ffffaa61800e3e18 R11: 000000000000002d R12: ffffca617fb40b00
[ 112.836141] R13: 0000000000000002 R14: ffffffffabb582d8 R15: 0000001a458adc5d
[ 112.836145] ? cpuidle_enter_state+0x98/0x440
[ 112.836149] ? menu_select+0x370/0x600
[ 112.836151] cpuidle_enter+0x2e/0x40
[ 112.836154] call_cpuidle+0x23/0x40
[ 112.836156] do_idle+0x204/0x280
[ 112.836159] cpu_startup_entry+0x1d/0x20
[ 112.836164] start_secondary+0x167/0x1c0
[ 112.836169] secondary_startup_64+0xa4/0xb0
[ 112.836173] ---[ end trace 9f4cd18479cc5ae5 ]---
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 23 +++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
index 54e96c661a9c..0d757ced49ba 100644
--- a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
@@ -972,6 +972,8 @@ static bool ath9k_rx_prepare(struct ath9k_htc_priv *priv,
struct ath_htc_rx_status *rxstatus;
struct ath_rx_status rx_stats;
bool decrypt_error = false;
+ __be16 rs_datalen;
+ bool is_phyerr;
if (skb->len < HTC_RX_FRAME_HEADER_SIZE) {
ath_err(common, "Corrupted RX frame, dropping (len: %d)\n",
@@ -981,11 +983,24 @@ static bool ath9k_rx_prepare(struct ath9k_htc_priv *priv,
rxstatus = (struct ath_htc_rx_status *)skb->data;
- if (be16_to_cpu(rxstatus->rs_datalen) -
- (skb->len - HTC_RX_FRAME_HEADER_SIZE) != 0) {
+ rs_datalen = be16_to_cpu(rxstatus->rs_datalen);
+ if (unlikely(rs_datalen -
+ (skb->len - HTC_RX_FRAME_HEADER_SIZE) != 0)) {
ath_err(common,
"Corrupted RX data len, dropping (dlen: %d, skblen: %d)\n",
- be16_to_cpu(rxstatus->rs_datalen), skb->len);
+ rs_datalen, skb->len);
+ goto rx_next;
+ }
+
+ is_phyerr = rxstatus->rs_status & ATH9K_RXERR_PHY;
+ /*
+ * Discard zero-length packets and packets smaller than an ACK
+ * which are not PHY_ERROR (short radar pulses have a length of 3)
+ */
+ if (unlikely(!rs_datalen || (rs_datalen < 10 && !is_phyerr))) {
+ ath_warn(common,
+ "Short RX data len, dropping (dlen: %d)\n",
+ rs_datalen);
goto rx_next;
}
@@ -1010,7 +1025,7 @@ static bool ath9k_rx_prepare(struct ath9k_htc_priv *priv,
* Process PHY errors and return so that the packet
* can be dropped.
*/
- if (rx_stats.rs_status & ATH9K_RXERR_PHY) {
+ if (unlikely(is_phyerr)) {
/* TODO: Not using DFS processing now. */
if (ath_cmn_process_fft(&priv->spec_priv, hdr,
&rx_stats, rx_status->mactime)) {
--
2.20.1
next prev parent reply other threads:[~2020-01-11 9:53 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-11 9:49 [PATCH 4.4 00/59] 4.4.209-stable review Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 01/59] PM / devfreq: Dont fail devfreq_dev_release if not in list Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 02/59] RDMA/cma: add missed unregister_pernet_subsys in init failure Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 03/59] scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 04/59] scsi: qla2xxx: Dont call qlt_async_event twice Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 05/59] scsi: iscsi: qla4xxx: fix double free in probe Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 06/59] scsi: libsas: stop discovering if oob mode is disconnected Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 07/59] usb: gadget: fix wrong endpoint desc Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 08/59] md: raid1: check rdev before reference in raid1_sync_request func Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 09/59] s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 10/59] s390/cpum_sf: Avoid SBD overflow condition in irq handler Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 11/59] xen/balloon: fix ballooned page accounting without hotplug enabled Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 12/59] xfs: fix mount failure crash on invalid iclog memory access Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 13/59] taskstats: fix data-race Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 14/59] Revert "perf report: Add warning when libunwind not compiled in" Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 15/59] ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 16/59] MIPS: Avoid VDSO ABI breakage due to global register variable Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 17/59] locks: print unsigned ino in /proc/locks Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 18/59] dmaengine: Fix access to uninitialized dma_slave_caps Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 19/59] compat_ioctl: block: handle Persistent Reservations Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 20/59] gpiolib: fix up emulated open drain outputs Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 21/59] ALSA: cs4236: fix error return comparison of an unsigned integer Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 22/59] ftrace: Avoid potential division by zero in function profiler Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 23/59] Bluetooth: btusb: fix PM leak in error case of setup Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 24/59] Bluetooth: delete a stray unlock Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 25/59] tty: serial: msm_serial: Fix lockup for sysrq and oops Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 26/59] drm/mst: Fix MST sideband up-reply failure handling Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 27/59] powerpc/pseries/hvconsole: Fix stack overread via udbg Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 28/59] ath9k_htc: Modify byte order for an error message Greg Kroah-Hartman
2020-01-11 9:49 ` Greg Kroah-Hartman [this message]
2020-01-11 9:49 ` [PATCH 4.4 30/59] net: add annotations on hh->hh_len lockless accesses Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 31/59] s390/smp: fix physical to logical CPU map for SMT Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 32/59] locking/x86: Remove the unused atomic_inc_short() methd Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 33/59] pstore/ram: Write new dumps to start of recycled zones Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 34/59] locking/spinlock/debug: Fix various data races Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 35/59] netfilter: ctnetlink: netns exit must wait for callbacks Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 36/59] ARM: vexpress: Set-up shared OPP table instead of individual for each CPU Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 37/59] netfilter: uapi: Avoid undefined left-shift in xt_sctp.h Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 38/59] ARM: dts: am437x-gp/epos-evm: fix panel compatible Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 39/59] powerpc: Ensure that swiotlb buffer is allocated from low memory Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 40/59] bnx2x: Do not handle requests from VFs after parity Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 41/59] bnx2x: Fix logic to get total no. of PFs per engine Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 42/59] net: usb: lan78xx: Fix error message format specifier Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 43/59] rfkill: Fix incorrect check to avoid NULL pointer dereference Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 44/59] ASoC: wm8962: fix lambda value Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 45/59] regulator: rn5t618: fix module aliases Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 46/59] kconfig: dont crash on NULL expressions in expr_eq() Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 47/59] parisc: Fix compiler warnings in debug_core.c Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 48/59] llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c) Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 49/59] net: stmmac: dwmac-sunxi: Allow all RGMII modes Greg Kroah-Hartman
2020-01-11 9:49 ` [PATCH 4.4 50/59] net: usb: lan78xx: fix possible skb leak Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.4 51/59] pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.4 52/59] sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.4 53/59] tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.4 54/59] vlan: vlan_changelink() should propagate errors Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.4 55/59] vlan: fix memory leak in vlan_dev_set_egress_priority Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.4 56/59] vxlan: fix tos value before xmit Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.4 57/59] macvlan: do not assume mac_header is set in macvlan_broadcast() Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.4 58/59] USB: core: fix check for duplicate endpoints Greg Kroah-Hartman
2020-01-11 9:50 ` [PATCH 4.4 59/59] USB: serial: option: add Telit ME910G1 0x110a composition Greg Kroah-Hartman
2020-01-11 14:51 ` [PATCH 4.4 00/59] 4.4.209-stable review Guenter Roeck
2020-01-11 18:39 ` Naresh Kamboju
2020-01-13 15:41 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200111094844.333620920@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masashi.honma@gmail.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).