Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp5097759rwe; Tue, 18 Apr 2023 01:54:34 -0700 (PDT) X-Google-Smtp-Source: AKy350bPUF7MRo2nv2m23NS7T/HBOn+WkuxotowqVcozeY1dfiK7dy7IY3i5x6HTBiZXQb7udraf X-Received: by 2002:a17:902:cacb:b0:1a2:3108:5cc9 with SMTP id y11-20020a170902cacb00b001a231085cc9mr1188203pld.40.1681808074505; Tue, 18 Apr 2023 01:54:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681808074; cv=none; d=google.com; s=arc-20160816; b=lvz+hctQtU7KGGwtNEVuZ6T1RmmTCUe8iCmZlosl9tM1wcOrvnlIxcDaHFdcOMskGX wz/0uEtltUZadb+YxPqprOOlj47cq+IpjEU7H4vX2yYN4Aq4tHO5rZ9c5iXdl2yIeQGl NmPvSeXqEFBcVwUORS0hstAHt4DCWUAeiysscC1rPMNqthiedzC+nryLSnLsUQXRIBlO 6Nvb8kPdtgVCa3suQ85JwcbzSP7JX+iHU/eLBerYARzYmfHQThPEdNWWEM6r0yE/H4eJ cU+4r9Pyd22WrZH7QN4GRFyFl9TxAtAuXjFPTK7Jot4zq9lo5GUVTZEtu9qP55sMD4B+ INtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent :content-transfer-encoding:references:in-reply-to:date:cc:to:from :subject:message-id:dkim-signature; bh=2pNhfyigwf3jg3qPzX2v8I+sVoNNXo+B8ure2SdJcVw=; b=gueqiMQA+mt82hXBu0fdC3JvU3+/LYHVFXZHyWAdF8u+bO5SOYJKTa0dPNYqyQqp99 /coj74r6+Na4E06dbvwOfUE5LGx+hBVZgyIATqNnmO+V3a3EQ/D45QpFpnglb7zRVmIR dVkdbfKzdogFIzkWraphEw2Ssa3XwvK3FL36KL/kr3REe9iMkouSlqyANE6O+gHjIktl BNydl20fTnZjbk3NborbncZ4IEFGWSPRGyX7nOtJ4YDqf1hcEiRbU2g1YODN4a8c8+yQ LNrAcfZEU9Pp1DfiMVSKL2AzZIiEoXfcOy07zCduFI2XUIhyh5RNVxUoRt855slRg9ne 71WA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=ESmJIsRw; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nu4-20020a17090b1b0400b0024489068406si17900744pjb.113.2023.04.18.01.54.23; Tue, 18 Apr 2023 01:54:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=ESmJIsRw; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231574AbjDRItP (ORCPT + 63 others); Tue, 18 Apr 2023 04:49:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56304 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231204AbjDRItA (ORCPT ); Tue, 18 Apr 2023 04:49:00 -0400 Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A178B7690 for ; Tue, 18 Apr 2023 01:48:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sipsolutions.net; s=mail; h=MIME-Version:Content-Transfer-Encoding: Content-Type:References:In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-To: Resent-Cc:Resent-Message-ID; bh=2pNhfyigwf3jg3qPzX2v8I+sVoNNXo+B8ure2SdJcVw=; t=1681807713; x=1683017313; b=ESmJIsRwKxEhCX/Lld0OZXB0Zu4mphFpb0R7gT9zLfJvObm WO3vQUTY/5B1DLOOyFu+g+yDBRyE+TXV+Y7bHHK8cRuUwmeUE6fRFec+4taW0r48HlJ3P48IZl/Dd cZUtRnZT92FyV4LesboBgofyAZdvUfdX7qbvdGKDJFBO0PwnRkFBixv+3pGEBeCkZWR/5Pdo496lb pj856wWOUDJBCanPvfovCOn4oTYKmBLPxJ2NXEnZt+taFiZX1xayTBLmzoIO/2ZGq/q5eHbcJQXwf cR9GfHpavu1nnZ4jJ7TS36LGrql0et7UQqjGWogg9XWuKu3LPg5LVSQJhLLsNYYg==; Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from ) id 1poh0n-001Y87-2I; Tue, 18 Apr 2023 10:48:29 +0200 Message-ID: Subject: Re: parsing the multi-link element with STA profile wifi: mac80211: support MLO authentication/association with one link From: Johannes Berg To: Wen Gong , linux-wireless Cc: ath11k@lists.infradead.org Date: Tue, 18 Apr 2023 10:48:28 +0200 In-Reply-To: <571d8ecf-2ca6-8b7b-6e15-be12c56e9f88@quicinc.com> References: <48715509-62fd-2307-e38f-176234b482c1@quicinc.com> <571d8ecf-2ca6-8b7b-6e15-be12c56e9f88@quicinc.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.46.4 (3.46.4-1.fc37) MIME-Version: 1.0 X-malware-bazaar: not-scanned X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Hi, > My case is: > When connect with 2 links AP, the cfg80211_hold_bss() is called by=20 > cfg80211_mlme_assoc() > for each BSS of the 2 links, >=20 > When asssocResp from AP is not success(such as status_code=3D=3D1), the= =20 > ieee80211_link_data of 2nd link(sdata->link[link_id]) > is NULL because ieee80211_assoc_success()->ieee80211_vif_update_links()= =20 > is not called. >=20 > Then struct cfg80211_rx_assoc_resp resp in cfg80211_rx_assoc_resp() and > struct cfg80211_connect_resp_params cr in __cfg80211_connect_result()=20 > will only have the data of > the 1st link, and finally cfg80211_connect_result_release_bsses() only= =20 > call cfg80211_unhold_bss() > for the 1st link, then BSS of the 2nd link will never free because its= =20 > hold is awlays > 0 now. Hah, yes, ouch. > I found it is not easy to refine it, so do you have any advise/idea? >=20 > for (link_id =3D 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 struct ieee80211_link_data *l= ink; >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 link =3D sdata_dereference(sd= ata->link[link_id], sdata); > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if (!link) > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 conti= nue; >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if (!assoc_data->link[link_id= ].bss) > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 conti= nue; >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 resp.links[link_id].bss =3D a= ssoc_data->link[link_id].bss; > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 resp.links[link_id].addr =3D = link->conf->addr; > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 resp.links[link_id].status = =3D assoc_data->link[link_id].status; >=20 But is it really so hard? We only need link for link->conf->addr, and we can use assoc_data->link[link_id].addr for that instead, no? We need to store those locally to avoid a use-after-free, but that's at most 15 addresses on the stack, which seems acceptable? Oh and there's the uapsd stuff but that only matters in the success case anyway. In fact I'm not even sure the address matters in the unsuccessful case but we have it pretty easily. johannes