projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7d2d2bf)
staging: wfx: fix bss_loss
authorJérôme Pouiller <jerome.pouiller@silabs.com>
Wed, 15 Jan 2020 13:55:10 +0000 (13:55 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 16 Jan 2020 19:59:51 +0000 (20:59 +0100)
wfx_tx_confirm_cb()  retrieves the station associated with a frame using
the MAC address from the 802.11 header. In the other side wfx_tx()
retrieves the station using sta field from the ieee80211_tx_control
argument.

In wfx_cqm_bssloss_sm(), wfx_tx() was called directly without valid sta
field, but with a valid MAC address in 802.11 header. So there the
processing of this packet was unbalanced and may produce weird bugs.

Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Link: https://lore.kernel.org/r/20200115135338.14374-48-Jerome.Pouiller@silabs.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/wfx/sta.c patch | blob | history

diff --git a/drivers/staging/wfx/sta.c b/drivers/staging/wfx/sta.c
index aebce96dcd4ad40d09304267bbbb94861a712993..1c10ebd119440fcde8d34342d43c2da2e87f3dff 100644 (file)
--- a/drivers/staging/wfx/sta.c
+++ b/drivers/staging/wfx/sta.c
@@ -88,19 +88,25 @@ void wfx_cqm_bssloss_sm(struct wfx_vif *wvif, int init, int good, int bad)
        // FIXME: call ieee80211_beacon_loss/ieee80211_connection_loss instead
        if (tx) {
                struct sk_buff *skb;
+               struct ieee80211_hdr *hdr;
+               struct ieee80211_tx_control control = { };
 
                wvif->bss_loss_state++;
 
                skb = ieee80211_nullfunc_get(wvif->wdev->hw, wvif->vif, false);
                if (!skb)
                        goto end;
+               hdr = (struct ieee80211_hdr *)skb->data;
                memset(IEEE80211_SKB_CB(skb), 0,
                       sizeof(*IEEE80211_SKB_CB(skb)));
                IEEE80211_SKB_CB(skb)->control.vif = wvif->vif;
                IEEE80211_SKB_CB(skb)->driver_rates[0].idx = 0;
                IEEE80211_SKB_CB(skb)->driver_rates[0].count = 1;
                IEEE80211_SKB_CB(skb)->driver_rates[1].idx = -1;
-               wfx_tx(wvif->wdev->hw, NULL, skb);
+               rcu_read_lock(); // protect control.sta
+               control.sta = ieee80211_find_sta(wvif->vif, hdr->addr1);
+               wfx_tx(wvif->wdev->hw, &control, skb);
+               rcu_read_unlock();
        }
 end:
        mutex_unlock(&wvif->bss_loss_lock);
ep93xx device tree rework repo: git://git.maquefel.me/linux.git