From: Mohammed Shafi Shajakhan <[email protected]>
rate control algorithms concludes the rate as invalid
with rate[i].idx < -1 , while they do also check for rate[i].count is
non-zero. it would be safer to zero initialize the 'count' field.
recently we had a ath9k rate control crash where the ath9k rate control
in ath_tx_status assumed to check only for rate[i].count being non-zero
in one instance and ended up in using invalid rate index for
'connection monitoring NULL func frames' which eventually lead to the crash.
thanks to Pavel Roskin for fixing it and finding the root cause.
https://bugzilla.redhat.com/show_bug.cgi?id=768639
Cc: [email protected]
Cc: Pavel Roskin <[email protected]>
Signed-off-by: Mohammed Shafi Shajakhan <[email protected]>
---
net/mac80211/rate.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index 111fba3..b4f7600 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -447,7 +447,7 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
info->control.rates[i].idx = -1;
info->control.rates[i].flags = 0;
- info->control.rates[i].count = 1;
+ info->control.rates[i].count = 0;
}
if (sdata->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
--
1.7.0.4
From: Mohammed Shafi Shajakhan <[email protected]>
nothing needs to be done for monitor mode on calling
ieee80211_bss_info_change_notify -> drv_bss_info_changed with the change
flag 'BSS_CHANGED_IDLE'. 'wl1271' seems to use BSS_CHANGED_IDLE only for
STA and IBSS mode. further the non-idle state of the monitor mode is
taken care by the 'count' variable which counts non-idle interfaces.
ieee80211_idle_off(local, "in use") will be called.
this fixes the following WARNING when we have initially STA mode
(network manager running) and not associated, and change it to monitor
mode with network manager disabled and bringing up the monitor mode.
this changes the idle state from 'true' (STA unassociated) to 'false'
(MONITOR mode)
exposed by the commit 405385f8ce7a2ed8f82e216d88b5282142e1288b
"mac80211: set bss_conf.idle when vif is connected"
WARNING: net/mac80211/main.c:212
ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]()
Hardware name: 64756D6
Pid: 3835, comm: ifconfig Tainted: G O
3.3.0-rc3-wl #9
Call Trace:
[<c0133b02>] warn_slowpath_common+0x72/0xa0
[<fc8e8c3f>] ?
ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]
[<fc8e8c3f>] ?
ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]
[<c0133b52>] warn_slowpath_null+0x22/0x30
[<fc8e8c3f>]
ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]
[<fc8f9de3>] __ieee80211_recalc_idle+0x113/0x430
[mac80211]
[<fc8fabc6>] ieee80211_do_open+0x156/0x7e0 [mac80211]
[<fc8f8a25>] ?
ieee80211_check_concurrent_iface+0x25/0x180 [mac80211]
[<c015dd9f>] ? raw_notifier_call_chain+0x1f/0x30
[<fc8fb290>] ieee80211_open+0x40/0x80 [mac80211]
[<c05894f6>] __dev_open+0x96/0xe0
[<c068fba5>] ? _raw_spin_unlock_bh+0x35/0x40
[<c05881d9>] __dev_change_flags+0x109/0x170
[<c0589423>] dev_change_flags+0x23/0x60
[<c05f3770>] devinet_ioctl+0x6a0/0x770
ieee80211 phy0: device no longer idle - in use
Cc: Eliad Peller <[email protected]>
Signed-off-by: Mohammed Shafi Shajakhan <[email protected]>
---
net/mac80211/iface.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 6b3cd65..6b2221b 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -1342,6 +1342,8 @@ u32 __ieee80211_recalc_idle(struct ieee80211_local *local)
hw_roc = true;
list_for_each_entry(sdata, &local->interfaces, list) {
+ if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
+ continue;
if (sdata->old_idle == sdata->vif.bss_conf.idle)
continue;
if (!ieee80211_sdata_running(sdata))
--
1.7.0.4
Hi Eliad,
On Monday 20 February 2012 02:23 PM, Eliad Peller wrote:
> On Mon, Feb 20, 2012 at 6:35 AM, Mohammed Shafi Shajakhan
> <[email protected]> wrote:
>>
>> From: Mohammed Shafi Shajakhan<[email protected]>
>>
>> nothing needs to be done for monitor mode on calling
>> ieee80211_bss_info_change_notify -> drv_bss_info_changed with the change
>> flag 'BSS_CHANGED_IDLE'. 'wl1271' seems to use BSS_CHANGED_IDLE only for
>> STA and IBSS mode. further the non-idle state of the monitor mode is
>> taken care by the 'count' variable which counts non-idle interfaces.
>> ieee80211_idle_off(local, "in use") will be called.
>> this fixes the following WARNING when we have initially STA mode
>> (network manager running) and not associated, and change it to monitor
>> mode with network manager disabled and bringing up the monitor mode.
>> this changes the idle state from 'true' (STA unassociated) to 'false'
>> (MONITOR mode)
>> exposed by the commit 405385f8ce7a2ed8f82e216d88b5282142e1288b
>> "mac80211: set bss_conf.idle when vif is connected"
>>
>> WARNING: net/mac80211/main.c:212
>> ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]()
>> Hardware name: 64756D6
>> Pid: 3835, comm: ifconfig Tainted: G O
>> 3.3.0-rc3-wl #9
>> Call Trace:
>> [<c0133b02>] warn_slowpath_common+0x72/0xa0
>> [<fc8e8c3f>] ?
>> ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]
>> [<fc8e8c3f>] ?
>> ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]
>> [<c0133b52>] warn_slowpath_null+0x22/0x30
>> [<fc8e8c3f>]
>> ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]
>> [<fc8f9de3>] __ieee80211_recalc_idle+0x113/0x430
>> [mac80211]
>> [<fc8fabc6>] ieee80211_do_open+0x156/0x7e0 [mac80211]
>> [<fc8f8a25>] ?
>> ieee80211_check_concurrent_iface+0x25/0x180 [mac80211]
>> [<c015dd9f>] ? raw_notifier_call_chain+0x1f/0x30
>> [<fc8fb290>] ieee80211_open+0x40/0x80 [mac80211]
>> [<c05894f6>] __dev_open+0x96/0xe0
>> [<c068fba5>] ? _raw_spin_unlock_bh+0x35/0x40
>> [<c05881d9>] __dev_change_flags+0x109/0x170
>> [<c0589423>] dev_change_flags+0x23/0x60
>> [<c05f3770>] devinet_ioctl+0x6a0/0x770
>>
>> ieee80211 phy0: device no longer idle - in use
>>
>> Cc: Eliad Peller<[email protected]>
>> Signed-off-by: Mohammed Shafi Shajakhan<[email protected]>
>> ---
>> net/mac80211/iface.c | 2 ++
>> 1 files changed, 2 insertions(+), 0 deletions(-)
>>
>> diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
>> index 6b3cd65..6b2221b 100644
>> --- a/net/mac80211/iface.c
>> +++ b/net/mac80211/iface.c
>> @@ -1342,6 +1342,8 @@ u32 __ieee80211_recalc_idle(struct ieee80211_local *local)
>> hw_roc = true;
>>
>> list_for_each_entry(sdata,&local->interfaces, list) {
>> + if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
>> + continue;
>> if (sdata->old_idle == sdata->vif.bss_conf.idle)
>> continue;
>> if (!ieee80211_sdata_running(sdata))
>> --
>
> thanks, i missed it.
> i think we should skip NL80211_IFTYPE_AP_VLAN as well?
>
thanks for the review, i will send a v2 adding AP_VLAN check too.
--
thanks,
shafi
On Mon, Feb 20, 2012 at 6:35 AM, Mohammed Shafi Shajakhan
<[email protected]> wrote:
>
> From: Mohammed Shafi Shajakhan <[email protected]>
>
> nothing needs to be done for monitor mode on calling
> ieee80211_bss_info_change_notify -> drv_bss_info_changed with the change
> flag 'BSS_CHANGED_IDLE'. 'wl1271' seems to use BSS_CHANGED_IDLE only for
> STA and IBSS mode. further the non-idle state of the monitor mode is
> taken care by the 'count' variable which counts non-idle interfaces.
> ieee80211_idle_off(local, "in use") will be called.
> this fixes the following WARNING when we have initially STA mode
> (network manager running) and not associated, and change it to monitor
> mode with network manager disabled and bringing up the monitor mode.
> this changes the idle state from 'true' (STA unassociated) to 'false'
> (MONITOR mode)
> exposed by the commit 405385f8ce7a2ed8f82e216d88b5282142e1288b
> "mac80211: set bss_conf.idle when vif is connected"
>
> ? ? ? ?WARNING: net/mac80211/main.c:212
> ? ? ? ?ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]()
> ? ? ? ?Hardware name: 64756D6
> ? ? ? ?Pid: 3835, comm: ifconfig Tainted: G ? ? ? ? ? O
> ? ? ? ?3.3.0-rc3-wl #9
> ? ? ? ?Call Trace:
> ? ? ? ? ?[<c0133b02>] warn_slowpath_common+0x72/0xa0
> ? ? ? ? ?[<fc8e8c3f>] ?
> ? ? ? ? ?ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]
> ? ? ? ? ?[<fc8e8c3f>] ?
> ? ? ? ? ?ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]
> ? ? ? ? ?[<c0133b52>] warn_slowpath_null+0x22/0x30
> ? ? ? ? ?[<fc8e8c3f>]
> ? ? ? ? ?ieee80211_bss_info_change_notify+0x1cf/0x330 [mac80211]
> ? ? ? ? ?[<fc8f9de3>] __ieee80211_recalc_idle+0x113/0x430
> ? ? ? ? ?[mac80211]
> ? ? ? ? ?[<fc8fabc6>] ieee80211_do_open+0x156/0x7e0 [mac80211]
> ? ? ? ? ?[<fc8f8a25>] ?
> ? ? ? ? ?ieee80211_check_concurrent_iface+0x25/0x180 [mac80211]
> ? ? ? ? ?[<c015dd9f>] ? raw_notifier_call_chain+0x1f/0x30
> ? ? ? ? ?[<fc8fb290>] ieee80211_open+0x40/0x80 [mac80211]
> ? ? ? ? ?[<c05894f6>] __dev_open+0x96/0xe0
> ? ? ? ? ?[<c068fba5>] ? _raw_spin_unlock_bh+0x35/0x40
> ? ? ? ? ?[<c05881d9>] __dev_change_flags+0x109/0x170
> ? ? ? ? ?[<c0589423>] dev_change_flags+0x23/0x60
> ? ? ? ? ?[<c05f3770>] devinet_ioctl+0x6a0/0x770
>
> ?ieee80211 phy0: device no longer idle - in use
>
> Cc: Eliad Peller <[email protected]>
> Signed-off-by: Mohammed Shafi Shajakhan <[email protected]>
> ---
> ?net/mac80211/iface.c | ? ?2 ++
> ?1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
> index 6b3cd65..6b2221b 100644
> --- a/net/mac80211/iface.c
> +++ b/net/mac80211/iface.c
> @@ -1342,6 +1342,8 @@ u32 __ieee80211_recalc_idle(struct ieee80211_local *local)
> ? ? ? ? ? ? ? ?hw_roc = true;
>
> ? ? ? ?list_for_each_entry(sdata, &local->interfaces, list) {
> + ? ? ? ? ? ? ? if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
> + ? ? ? ? ? ? ? ? ? ? ? continue;
> ? ? ? ? ? ? ? ?if (sdata->old_idle == sdata->vif.bss_conf.idle)
> ? ? ? ? ? ? ? ? ? ? ? ?continue;
> ? ? ? ? ? ? ? ?if (!ieee80211_sdata_running(sdata))
> --
thanks, i missed it.
i think we should skip NL80211_IFTYPE_AP_VLAN as well?
Eliad.