Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d668dbae authored by Michal Kazior's avatar Michal Kazior Committed by Kalle Valo
Browse files

ath10k: fix tx header parsing 



Frames are not guaranteed to be 802.11 frames in
ath10k_htt_tx() and the tx completion handler.
In some cases, like TDLS, they can be Ethernet.
Hence checking, e.g. frame_control could yield
bogus results and behavior.

Fortunately this wasn't a real problem so far
because there's no FW/HW combination to encounter
this problem.

However it is good to fix this in advance.

Fixes: 75d85fd9 ("ath10k: introduce basic tdls functionality")
Fixes: eebc67fe ("ath10k: fix pmf for wmi-tlv on qca6174")
Fixes: 7b7da0a0 ("ath10k: drop probe responses when too many are queued")
Signed-off-by: default avatarMichal Kazior <michal.kazior@tieto.com>
Signed-off-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
parent 66b8a010

drivers/net/wireless/ath/ath10k/core.h

+1 −0
Original line number Diff line number Diff line
@@ -85,6 +85,7 @@ enum ath10k_skb_flags { 
	ATH10K_SKB_F_NO_HWCRYPT = BIT(0),

	ATH10K_SKB_F_DTIM_ZERO = BIT(1),

	ATH10K_SKB_F_DELIVER_CAB = BIT(2),

	ATH10K_SKB_F_MGMT = BIT(3),

};



struct ath10k_skb_cb {

drivers/net/wireless/ath/ath10k/mac.c

+3 −0
Original line number Diff line number Diff line
@@ -3689,6 +3689,9 @@ static void ath10k_tx(struct ieee80211_hw *hw, 
	if (!ath10k_tx_h_use_hwcrypto(vif, skb))

		skb_cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;



	if (ieee80211_is_mgmt(hdr->frame_control))

		skb_cb->flags |= ATH10K_SKB_F_MGMT;



	skb_cb->htt.tid = ath10k_tx_h_get_tid(hdr);

	skb_cb->vdev_id = ath10k_tx_h_get_vdev_id(ar, vif);

drivers/net/wireless/ath/ath10k/txrx.c

+2 −6
Original line number Diff line number Diff line
@@ -57,8 +57,6 @@ void ath10k_txrx_tx_unref(struct ath10k_htt *htt, 
	struct ieee80211_tx_info *info;

	struct ath10k_skb_cb *skb_cb;

	struct sk_buff *msdu;

	struct ieee80211_hdr *hdr;

	__le16 fc;

	bool limit_mgmt_desc = false;



	ath10k_dbg(ar, ATH10K_DBG_HTT,
@@ -81,10 +79,9 @@ void ath10k_txrx_tx_unref(struct ath10k_htt *htt, 
		return;

	}



	hdr = (struct ieee80211_hdr *)msdu->data;

	fc = hdr->frame_control;

	skb_cb = ATH10K_SKB_CB(msdu);



	if (unlikely(ieee80211_is_mgmt(fc)) &&

	if (unlikely(skb_cb->flags & ATH10K_SKB_F_MGMT) &&

	    ar->hw_params.max_probe_resp_desc_thres)

		limit_mgmt_desc = true;
@@ -94,7 +91,6 @@ void ath10k_txrx_tx_unref(struct ath10k_htt *htt, 
		wake_up(&htt->empty_tx_wq);

	spin_unlock_bh(&htt->tx_lock);



	skb_cb = ATH10K_SKB_CB(msdu);

	dma_unmap_single(dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE);



	ath10k_report_offchan_tx(htt->ar, msdu);