Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 08c613a2 authored by Jouni Malinen's avatar Jouni Malinen Committed by Sasha Levin
Browse files

ath9k: Postpone key cache entry deletion for TXQ frames reference it 



commit ca2848022c12789685d3fab3227df02b863f9696 upstream.

Do not delete a key cache entry that is still being referenced by
pending frames in TXQs. This avoids reuse of the key cache entry while a
frame might still be transmitted using it.

To avoid having to do any additional operations during the main TX path
operations, track pending key cache entries in a new bitmap and check
whether any pending entries can be deleted before every new key
add/remove operation. Also clear any remaining entries when stopping the
interface.

Signed-off-by: default avatarJouni Malinen <jouni@codeaurora.org>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201214172118.18100-6-jouni@codeaurora.org


Cc: Pali Rohár <pali@kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 7c5a966e

drivers/net/wireless/ath/ath9k/hw.h

+1 −0
Original line number Diff line number Diff line
@@ -818,6 +818,7 @@ struct ath_hw { 
	struct ath9k_pacal_info pacal_info;

	struct ar5416Stats stats;

	struct ath9k_tx_queue_info txq[ATH9K_NUM_TX_QUEUES];

	DECLARE_BITMAP(pending_del_keymap, ATH_KEYMAX);



	enum ath9k_int imask;

	u32 imrs2_reg;

drivers/net/wireless/ath/ath9k/main.c

+86 −1
Original line number Diff line number Diff line
@@ -823,12 +823,80 @@ static void ath9k_tx(struct ieee80211_hw *hw, 
	ieee80211_free_txskb(hw, skb);

}



static bool ath9k_txq_list_has_key(struct list_head *txq_list, u32 keyix)

{

	struct ath_buf *bf;

	struct ieee80211_tx_info *txinfo;

	struct ath_frame_info *fi;



	list_for_each_entry(bf, txq_list, list) {

		if (bf->bf_state.stale || !bf->bf_mpdu)

			continue;



		txinfo = IEEE80211_SKB_CB(bf->bf_mpdu);

		fi = (struct ath_frame_info *)&txinfo->rate_driver_data[0];

		if (fi->keyix == keyix)

			return true;

	}



	return false;

}



static bool ath9k_txq_has_key(struct ath_softc *sc, u32 keyix)

{

	struct ath_hw *ah = sc->sc_ah;

	int i;

	struct ath_txq *txq;

	bool key_in_use = false;



	for (i = 0; !key_in_use && i < ATH9K_NUM_TX_QUEUES; i++) {

		if (!ATH_TXQ_SETUP(sc, i))

			continue;

		txq = &sc->tx.txq[i];

		if (!txq->axq_depth)

			continue;

		if (!ath9k_hw_numtxpending(ah, txq->axq_qnum))

			continue;



		ath_txq_lock(sc, txq);

		key_in_use = ath9k_txq_list_has_key(&txq->axq_q, keyix);

		if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_EDMA) {

			int idx = txq->txq_tailidx;



			while (!key_in_use &&

			       !list_empty(&txq->txq_fifo[idx])) {

				key_in_use = ath9k_txq_list_has_key(

					&txq->txq_fifo[idx], keyix);

				INCR(idx, ATH_TXFIFO_DEPTH);

			}

		}

		ath_txq_unlock(sc, txq);

	}



	return key_in_use;

}



static void ath9k_pending_key_del(struct ath_softc *sc, u8 keyix)

{

	struct ath_hw *ah = sc->sc_ah;

	struct ath_common *common = ath9k_hw_common(ah);



	if (!test_bit(keyix, ah->pending_del_keymap) ||

	    ath9k_txq_has_key(sc, keyix))

		return;



	/* No more TXQ frames point to this key cache entry, so delete it. */

	clear_bit(keyix, ah->pending_del_keymap);

	ath_key_delete(common, keyix);

}



static void ath9k_stop(struct ieee80211_hw *hw)

{

	struct ath_softc *sc = hw->priv;

	struct ath_hw *ah = sc->sc_ah;

	struct ath_common *common = ath9k_hw_common(ah);

	bool prev_idle;

	int i;



	ath9k_deinit_channel_context(sc);
@@ -896,6 +964,9 @@ static void ath9k_stop(struct ieee80211_hw *hw) 


	spin_unlock_bh(&sc->sc_pcu_lock);



	for (i = 0; i < ATH_KEYMAX; i++)

		ath9k_pending_key_del(sc, i);



	/* Clear key cache entries explicitly to get rid of any potentially

	 * remaining keys.

	 */
@@ -1712,6 +1783,12 @@ static int ath9k_set_key(struct ieee80211_hw *hw, 
	if (sta)

		an = (struct ath_node *)sta->drv_priv;



	/* Delete pending key cache entries if no more frames are pointing to

	 * them in TXQs.

	 */

	for (i = 0; i < ATH_KEYMAX; i++)

		ath9k_pending_key_del(sc, i);



	switch (cmd) {

	case SET_KEY:

		if (sta)
@@ -1741,7 +1818,15 @@ static int ath9k_set_key(struct ieee80211_hw *hw, 
		}

		break;

	case DISABLE_KEY:

		if (ath9k_txq_has_key(sc, key->hw_key_idx)) {

			/* Delay key cache entry deletion until there are no

			 * remaining TXQ frames pointing to this entry.

			 */

			set_bit(key->hw_key_idx, sc->sc_ah->pending_del_keymap);

			ath_hw_keysetmac(common, key->hw_key_idx, NULL);

		} else {

			ath_key_delete(common, key->hw_key_idx);

		}

		if (an) {

			for (i = 0; i < ARRAY_SIZE(an->key_idx); i++) {

				if (an->key_idx[i] != key->hw_key_idx)