| Message ID | 1555006410-6090-1-git-send-email-ynezz@true.cz (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 6b583201fa219b7b1b6aebd8966c8fd9357ef9f4 |
| Delegated to: | Kalle Valo |
| Headers | show |
| Series | mwl8k: Fix rate_idx underflow | expand |
Petr Štetiar wrote: > It was reported on OpenWrt bug tracking system[1], that several users > are affected by the endless reboot of their routers if they configure > 5GHz interface with channel 44 or 48. > > The reboot loop is caused by the following excessive number of WARN_ON > messages: > > WARNING: CPU: 0 PID: 0 at backports-4.19.23-1/net/mac80211/rx.c:4516 > ieee80211_rx_napi+0x1fc/0xa54 [mac80211] > > as the messages are being correctly emitted by the following guard: > > case RX_ENC_LEGACY: > if (WARN_ON(status->rate_idx >= sband->n_bitrates)) > > as the rate_idx is in this case erroneously set to 251 (0xfb). This fix > simply converts previously used magic number to proper constant and > guards against substraction which is leading to the currently observed > underflow. > > 1. https://bugs.openwrt.org/index.php?do=details&task_id=2218 > > Fixes: 854783444bab ("mwl8k: properly set receive status rate index on 5 GHz receive") > Cc: <stable@vger.kernel.org> > Tested-by: Eubert Bao <bunnier@gmail.com> > Reported-by: Eubert Bao <bunnier@gmail.com> > Signed-off-by: Petr Štetiar <ynezz@true.cz> Patch applied to wireless-drivers-next.git, thanks. 6b583201fa21 mwl8k: Fix rate_idx underflow
diff --git a/drivers/net/wireless/marvell/mwl8k.c b/drivers/net/wireless/marvell/mwl8k.c index 8e4e9b6..ffc565a 100644 --- a/drivers/net/wireless/marvell/mwl8k.c +++ b/drivers/net/wireless/marvell/mwl8k.c @@ -441,6 +441,9 @@ struct mwl8k_sta { #define MWL8K_CMD_UPDATE_STADB 0x1123 #define MWL8K_CMD_BASTREAM 0x1125 +#define MWL8K_LEGACY_5G_RATE_OFFSET \ + (ARRAY_SIZE(mwl8k_rates_24) - ARRAY_SIZE(mwl8k_rates_50)) + static const char *mwl8k_cmd_name(__le16 cmd, char *buf, int bufsize) { u16 command = le16_to_cpu(cmd); @@ -1016,8 +1019,9 @@ static void mwl8k_rxd_ap_refill(void *_rxd, dma_addr_t addr, int len) if (rxd->channel > 14) { status->band = NL80211_BAND_5GHZ; - if (!(status->encoding == RX_ENC_HT)) - status->rate_idx -= 5; + if (!(status->encoding == RX_ENC_HT) && + status->rate_idx >= MWL8K_LEGACY_5G_RATE_OFFSET) + status->rate_idx -= MWL8K_LEGACY_5G_RATE_OFFSET; } else { status->band = NL80211_BAND_2GHZ; } @@ -1124,8 +1128,9 @@ static void mwl8k_rxd_sta_refill(void *_rxd, dma_addr_t addr, int len) if (rxd->channel > 14) { status->band = NL80211_BAND_5GHZ; - if (!(status->encoding == RX_ENC_HT)) - status->rate_idx -= 5; + if (!(status->encoding == RX_ENC_HT) && + status->rate_idx >= MWL8K_LEGACY_5G_RATE_OFFSET) + status->rate_idx -= MWL8K_LEGACY_5G_RATE_OFFSET; } else { status->band = NL80211_BAND_2GHZ; }
It was reported on OpenWrt bug tracking system[1], that several users are affected by the endless reboot of their routers if they configure 5GHz interface with channel 44 or 48. The reboot loop is caused by the following excessive number of WARN_ON messages: WARNING: CPU: 0 PID: 0 at backports-4.19.23-1/net/mac80211/rx.c:4516 ieee80211_rx_napi+0x1fc/0xa54 [mac80211] as the messages are being correctly emitted by the following guard: case RX_ENC_LEGACY: if (WARN_ON(status->rate_idx >= sband->n_bitrates)) as the rate_idx is in this case erroneously set to 251 (0xfb). This fix simply converts previously used magic number to proper constant and guards against substraction which is leading to the currently observed underflow. 1. https://bugs.openwrt.org/index.php?do=details&task_id=2218 Fixes: 854783444bab ("mwl8k: properly set receive status rate index on 5 GHz receive") Cc: <stable@vger.kernel.org> Tested-by: Eubert Bao <bunnier@gmail.com> Reported-by: Eubert Bao <bunnier@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> --- drivers/net/wireless/marvell/mwl8k.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)