tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'wireless-2022-09-27' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless

Johannes Berg says:

====================
A few late-comer fixes:
* locking in mac80211 MLME
* non-QoS driver crash/regression
* minstrel memory corruption
* TX deadlock
* TX queues not always enabled
* HE/EHT bitrate calculation

* tag 'wireless-2022-09-27' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless:
wifi: mac80211: mlme: Fix double unlock on assoc success handling
wifi: mac80211: mlme: Fix missing unlock on beacon RX
wifi: mac80211: fix memory corruption in minstrel_ht_update_rates()
wifi: mac80211: fix regression with non-QoS drivers
wifi: mac80211: ensure vif queues are operational after start
wifi: mac80211: don't start TX with fq->lock to fix deadlock
wifi: cfg80211: fix MCS divisor value
====================

Link: https://lore.kernel.org/r/20220927135923.45312-1-johannes@sipsolutions.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski 44d70bb5 797666cd

+19 -10
+6 -3
net/mac80211/mlme.c
··· 4040 4040 4041 4041 if (!(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HE) && 4042 4042 (!elems->he_cap || !elems->he_operation)) { 4043 - mutex_unlock(&sdata->local->sta_mtx); 4044 4043 sdata_info(sdata, 4045 4044 "HE AP is missing HE capability/operation\n"); 4046 4045 ret = false; ··· 5588 5589 5589 5590 mutex_lock(&local->sta_mtx); 5590 5591 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr); 5591 - if (WARN_ON(!sta)) 5592 + if (WARN_ON(!sta)) { 5593 + mutex_unlock(&local->sta_mtx); 5592 5594 goto free; 5595 + } 5593 5596 link_sta = rcu_dereference_protected(sta->link[link->link_id], 5594 5597 lockdep_is_held(&local->sta_mtx)); 5595 - if (WARN_ON(!link_sta)) 5598 + if (WARN_ON(!link_sta)) { 5599 + mutex_unlock(&local->sta_mtx); 5596 5600 goto free; 5601 + } 5597 5602 5598 5603 changed |= ieee80211_recalc_twt_req(link, link_sta, elems); 5599 5604
+4 -2
net/mac80211/rc80211_minstrel_ht.c
··· 10 10 #include <linux/random.h> 11 11 #include <linux/moduleparam.h> 12 12 #include <linux/ieee80211.h> 13 + #include <linux/minmax.h> 13 14 #include <net/mac80211.h> 14 15 #include "rate.h" 15 16 #include "sta_info.h" ··· 1551 1550 { 1552 1551 struct ieee80211_sta_rates *rates; 1553 1552 int i = 0; 1553 + int max_rates = min_t(int, mp->hw->max_rates, IEEE80211_TX_RATE_TABLE_SIZE); 1554 1554 1555 1555 rates = kzalloc(sizeof(*rates), GFP_ATOMIC); 1556 1556 if (!rates) ··· 1561 1559 minstrel_ht_set_rate(mp, mi, rates, i++, mi->max_tp_rate[0]); 1562 1560 1563 1561 /* Fill up remaining, keep one entry for max_probe_rate */ 1564 - for (; i < (mp->hw->max_rates - 1); i++) 1562 + for (; i < (max_rates - 1); i++) 1565 1563 minstrel_ht_set_rate(mp, mi, rates, i, mi->max_tp_rate[i]); 1566 1564 1567 - if (i < mp->hw->max_rates) 1565 + if (i < max_rates) 1568 1566 minstrel_ht_set_rate(mp, mi, rates, i++, mi->max_prob_rate); 1569 1567 1570 1568 if (i < IEEE80211_TX_RATE_TABLE_SIZE)
+1 -1
net/mac80211/status.c
··· 729 729 730 730 if (!sdata) { 731 731 skb->dev = NULL; 732 - } else { 732 + } else if (!dropped) { 733 733 unsigned int hdr_size = 734 734 ieee80211_hdrlen(hdr->frame_control); 735 735
+4
net/mac80211/tx.c
··· 5878 5878 skb_reset_network_header(skb); 5879 5879 skb_reset_mac_header(skb); 5880 5880 5881 + if (local->hw.queues < IEEE80211_NUM_ACS) 5882 + goto start_xmit; 5883 + 5881 5884 /* update QoS header to prioritize control port frames if possible, 5882 5885 * priorization also happens for control port frames send over 5883 5886 * AF_PACKET ··· 5908 5905 } 5909 5906 rcu_read_unlock(); 5910 5907 5908 + start_xmit: 5911 5909 /* mutex lock is only needed for incrementing the cookie counter */ 5912 5910 mutex_lock(&local->mtx); 5913 5911
+2 -2
net/mac80211/util.c
··· 301 301 local_bh_disable(); 302 302 spin_lock(&fq->lock); 303 303 304 + sdata->vif.txqs_stopped[ac] = false; 305 + 304 306 if (!test_bit(SDATA_STATE_RUNNING, &sdata->state)) 305 307 goto out; 306 308 307 309 if (sdata->vif.type == NL80211_IFTYPE_AP) 308 310 ps = &sdata->bss->ps; 309 - 310 - sdata->vif.txqs_stopped[ac] = false; 311 311 312 312 list_for_each_entry_rcu(sta, &local->sta_list, list) { 313 313 if (sdata != sta->sdata)
+2 -2
net/wireless/util.c
··· 1361 1361 25599, /* 4.166666... */ 1362 1362 17067, /* 2.777777... */ 1363 1363 12801, /* 2.083333... */ 1364 - 11769, /* 1.851851... */ 1364 + 11377, /* 1.851725... */ 1365 1365 10239, /* 1.666666... */ 1366 1366 8532, /* 1.388888... */ 1367 1367 7680, /* 1.250000... */ ··· 1444 1444 25599, /* 4.166666... */ 1445 1445 17067, /* 2.777777... */ 1446 1446 12801, /* 2.083333... */ 1447 - 11769, /* 1.851851... */ 1447 + 11377, /* 1.851725... */ 1448 1448 10239, /* 1.666666... */ 1449 1449 8532, /* 1.388888... */ 1450 1450 7680, /* 1.250000... */