iwlwifi fixes for 4.11

Here are three patches intended for 4.11. The first one is an RCU fix by Sari. The second one is a fix for a potential out-of-bounds access crash by Dan. And finally, the third and bigger one, is a fix for IBSS, which has been broken since DQA was enabled in the driver. -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEF3LNfgb2BPWm68smoUecoho8xfoFAljbj8MACgkQoUecoho8 xfqOsBAAmz11/W8MBSulVR5CzoBQJsHg2zVZk8rWd0H43t7yZFD+BVrhookU33X9 nOtrD6rqysoLMiLvYk31INcb7C3p0Tz3I/0FQKJ8cfe1fJD4PPk8Eda53JrQqzlp PVZT9rCYDZSNrOrx9f48nhzrf0NnbovsLteLklwnEwJMPq69AQYrWmFcn8hPA2Cr 0Z3ehcb19Dl7jXICwDsQd9VLONyAq/hESBHHxpsGwGGz/ik6AdPecmtLI6hRfdW/ jtjoRRiSskGur/doobq0EFRauaGmjN9e9OrsQdXGaiFSp+ZPbDYH96HXdMrtsJNK 4VA0uW+aSB4ZJJ370b74kfTwnj4c/JRZGKjt/s6x1ko3fUSqi1ewlHCR/02AaAlM mYvMJNZE5PM8vp5rUpCQmfFJDoOPFljUQYXkKJAw4OuflcCmtcgT+ySo73QQq1AH BAYUgqyEJmyC7c8Km58TPF2shMkbamDynYed/jWck26tyY+aOHGQTFApnvjjtgsD XpErNgFZ1rBpSPfqq6FBJqKKVtcuZhUQQNv8tizJyrImuZ6q6sT1iCk6X4jDC1// hOwNj5FzB6SehPoYj/xNw1d7oKu5n5KsdjL20NCLCXCA1qaHVE3wMtTMPNlxbTBr vefGKp60zgTSCDa/uFrisMaj+Ym8TRLyfq8RsXsBC6Yi9U/tEhI= =qcuc -----END PGP SIGNATURE----- Merge tag 'iwlwifi-for-kalle-2017-03-29' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes iwlwifi fixes for 4.11 Here are three patches intended for 4.11. The first one is an RCU fix by Sari. The second one is a fix for a potential out-of-bounds access crash by Dan. And finally, the third and bigger one, is a fix for IBSS, which has been broken since DQA was enabled in the driver.
2017-03-30 19:38:15 +03:00 · 2017-03-30 19:38:15 +03:00 · d8a531cf79
commit d8a531cf79
parent 6be3b6cce1 4d339989ac
5 changed files with 16 additions and 7 deletions
--- a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
@ -1056,6 +1056,8 @@ static ssize_t iwl_dbgfs_fw_dbg_collect_write(struct iwl_mvm *mvm,

 	if (ret)
 		return ret;
+	if (count == 0)
+		return 0;

 	iwl_mvm_fw_dbg_collect(mvm, FW_DBG_TRIGGER_USER, buf,
 			       (count - 1), NULL);
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
@ -216,7 +216,8 @@ u32 iwl_mvm_mac_get_queues_mask(struct ieee80211_vif *vif)
 			qmask |= BIT(vif->hw_queue[ac]);
 	}

-	if (vif->type == NL80211_IFTYPE_AP)
+	if (vif->type == NL80211_IFTYPE_AP ||
+	    vif->type == NL80211_IFTYPE_ADHOC)
 		qmask |= BIT(vif->cab_queue);

 	return qmask;
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@ -2401,7 +2401,7 @@ void iwl_mvm_sta_pm_notif(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb)
 		return;

 	rcu_read_lock();
-	sta = mvm->fw_id_to_mac_id[notif->sta_id];
+	sta = rcu_dereference(mvm->fw_id_to_mac_id[notif->sta_id]);
 	if (WARN_ON(IS_ERR_OR_NULL(sta))) {
 		rcu_read_unlock();
 		return;
--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
@ -1806,7 +1806,8 @@ int iwl_mvm_send_add_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
 			iwl_mvm_get_wd_timeout(mvm, vif, false, false);
 		int queue;

-		if (vif->type == NL80211_IFTYPE_AP)
+		if (vif->type == NL80211_IFTYPE_AP ||
+		    vif->type == NL80211_IFTYPE_ADHOC)
 			queue = IWL_MVM_DQA_AP_PROBE_RESP_QUEUE;
 		else if (vif->type == NL80211_IFTYPE_P2P_DEVICE)
 			queue = IWL_MVM_DQA_P2P_DEVICE_QUEUE;
@ -1837,7 +1838,8 @@ int iwl_mvm_send_add_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif)
 	 * enabled-cab_queue to the mask)
 	 */
 	if (iwl_mvm_is_dqa_supported(mvm) &&
-	    vif->type == NL80211_IFTYPE_AP) {
+	    (vif->type == NL80211_IFTYPE_AP ||
+	     vif->type == NL80211_IFTYPE_ADHOC)) {
 		struct iwl_trans_txq_scd_cfg cfg = {
 			.fifo = IWL_MVM_TX_FIFO_MCAST,
 			.sta_id = mvmvif->bcast_sta.sta_id,
@ -1862,7 +1864,8 @@ static void iwl_mvm_free_bcast_sta_queues(struct iwl_mvm *mvm,

 	lockdep_assert_held(&mvm->mutex);

-	if (vif->type == NL80211_IFTYPE_AP)
+	if (vif->type == NL80211_IFTYPE_AP ||
+	    vif->type == NL80211_IFTYPE_ADHOC)
 		iwl_mvm_disable_txq(mvm, vif->cab_queue, vif->cab_queue,
 				    IWL_MAX_TID_COUNT, 0);

--- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
@ -506,6 +506,7 @@ static int iwl_mvm_get_ctrl_vif_queue(struct iwl_mvm *mvm,

 	switch (info->control.vif->type) {
 	case NL80211_IFTYPE_AP:
+	case NL80211_IFTYPE_ADHOC:
 		/*
 		 * Handle legacy hostapd as well, where station may be added
 		 * only after assoc. Take care of the case where we send a
@ -517,7 +518,8 @@ static int iwl_mvm_get_ctrl_vif_queue(struct iwl_mvm *mvm,
 		if (info->hw_queue == info->control.vif->cab_queue)
 			return info->hw_queue;

-		WARN_ONCE(1, "fc=0x%02x", le16_to_cpu(fc));
+		WARN_ONCE(info->control.vif->type != NL80211_IFTYPE_ADHOC,
+			  "fc=0x%02x", le16_to_cpu(fc));
 		return IWL_MVM_DQA_AP_PROBE_RESP_QUEUE;
 	case NL80211_IFTYPE_P2P_DEVICE:
 		if (ieee80211_is_mgmt(fc))
@ -584,7 +586,8 @@ int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb)
 			iwl_mvm_vif_from_mac80211(info.control.vif);

 		if (info.control.vif->type == NL80211_IFTYPE_P2P_DEVICE ||
-		    info.control.vif->type == NL80211_IFTYPE_AP) {
+		    info.control.vif->type == NL80211_IFTYPE_AP ||
+		    info.control.vif->type == NL80211_IFTYPE_ADHOC) {
 			sta_id = mvmvif->bcast_sta.sta_id;
 			queue = iwl_mvm_get_ctrl_vif_queue(mvm, &info,
 							   hdr->frame_control);