2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-23 12:43:55 +08:00
linux-next/net/mac80211
Emmanuel Grumbach 1d147bfa64 mac80211: fix AP powersave TX vs. wakeup race
There is a race between the TX path and the STA wakeup: while
a station is sleeping, mac80211 buffers frames until it wakes
up, then the frames are transmitted. However, the RX and TX
path are concurrent, so the packet indicating wakeup can be
processed while a packet is being transmitted.

This can lead to a situation where the buffered frames list
is emptied on the one side, while a frame is being added on
the other side, as the station is still seen as sleeping in
the TX path.

As a result, the newly added frame will not be send anytime
soon. It might be sent much later (and out of order) when the
station goes to sleep and wakes up the next time.

Additionally, it can lead to the crash below.

Fix all this by synchronising both paths with a new lock.
Both path are not fastpath since they handle PS situations.

In a later patch we'll remove the extra skb queue locks to
reduce locking overhead.

BUG: unable to handle kernel
NULL pointer dereference at 000000b0
IP: [<ff6f1791>] ieee80211_report_used_skb+0x11/0x3e0 [mac80211]
*pde = 00000000
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
EIP: 0060:[<ff6f1791>] EFLAGS: 00210282 CPU: 1
EIP is at ieee80211_report_used_skb+0x11/0x3e0 [mac80211]
EAX: e5900da0 EBX: 00000000 ECX: 00000001 EDX: 00000000
ESI: e41d00c0 EDI: e5900da0 EBP: ebe458e4 ESP: ebe458b0
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0: 8005003b CR2: 000000b0 CR3: 25a78000 CR4: 000407d0
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: ffff0ff0 DR7: 00000400
Process iperf (pid: 3934, ti=ebe44000 task=e757c0b0 task.ti=ebe44000)
iwlwifi 0000:02:00.0: I iwl_pcie_enqueue_hcmd Sending command LQ_CMD (#4e), seq: 0x0903, 92 bytes at 3[3]:9
Stack:
 e403b32c ebe458c4 00200002 00200286 e403b338 ebe458cc c10960bb e5900da0
 ff76a6ec ebe458d8 00000000 e41d00c0 e5900da0 ebe458f0 ff6f1b75 e403b210
 ebe4598c ff723dc1 00000000 ff76a6ec e597c978 e403b758 00000002 00000002
Call Trace:
 [<ff6f1b75>] ieee80211_free_txskb+0x15/0x20 [mac80211]
 [<ff723dc1>] invoke_tx_handlers+0x1661/0x1780 [mac80211]
 [<ff7248a5>] ieee80211_tx+0x75/0x100 [mac80211]
 [<ff7249bf>] ieee80211_xmit+0x8f/0xc0 [mac80211]
 [<ff72550e>] ieee80211_subif_start_xmit+0x4fe/0xe20 [mac80211]
 [<c149ef70>] dev_hard_start_xmit+0x450/0x950
 [<c14b9aa9>] sch_direct_xmit+0xa9/0x250
 [<c14b9c9b>] __qdisc_run+0x4b/0x150
 [<c149f732>] dev_queue_xmit+0x2c2/0xca0

Cc: stable@vger.kernel.org
Reported-by: Yaara Rozenblum <yaara.rozenblum@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Reviewed-by: Stanislaw Gruszka <sgruszka@redhat.com>
[reword commit log, use a separate lock]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-02-20 10:32:29 +01:00
..
aes_ccm.c mac80211: port CCMP to cryptoapi's CCM driver 2013-10-11 15:38:20 +02:00
aes_ccm.h mac80211: port CCMP to cryptoapi's CCM driver 2013-10-11 15:38:20 +02:00
aes_cmac.c mac80211: fix checkpatch errors 2013-12-18 10:33:06 +01:00
aes_cmac.h mac80211: fix checkpatch errors 2013-12-18 10:33:06 +01:00
agg-rx.c mac80211: improve aggregation debug messages 2013-01-18 21:55:15 +01:00
agg-tx.c mac80211: fix aggregation state with current drivers 2013-01-24 15:43:51 +01:00
cfg.c mac80211: release the channel in error path in start_ap 2014-02-06 09:55:20 +01:00
cfg.h
chan.c mac80211: fix iflist_mtx/mtx locking in radar detection 2013-12-19 13:33:33 +01:00
debug.h mac80211: process the CSA frame for mesh accordingly 2013-10-28 15:05:28 +01:00
debugfs_key.c mac80211: move sdata debugfs dir to vif 2013-03-18 20:10:04 +01:00
debugfs_key.h mac80211: support separate default keys 2010-12-13 15:23:29 -05:00
debugfs_netdev.c mac80211: sync dtim_count to TSF 2014-01-06 20:10:47 +01:00
debugfs_netdev.h
debugfs_sta.c mac80211: Tx frame latency statistics 2013-12-02 11:51:50 +01:00
debugfs_sta.h
debugfs.c mac80211: Tx frame latency statistics 2013-12-02 11:51:50 +01:00
debugfs.h mac80211: use __printf attribute in debugfs 2012-10-18 09:01:57 +02:00
driver-ops.h mac80211: add pre-RCU-sync sta removal driver operation 2013-12-16 11:29:44 +01:00
event.c
ht.c mac80211: avoid deadlock revealed by lockdep 2014-02-06 09:55:18 +01:00
ibss.c mac80211: Fix IBSS disconnect 2014-02-06 09:55:20 +01:00
ieee80211_i.h mac80211: sync dtim_count to TSF 2014-01-06 20:10:47 +01:00
iface.c mac80211: fix virtual monitor interface iteration 2014-02-06 09:55:22 +01:00
Kconfig mac80211: process the CSA frame for mesh accordingly 2013-10-28 15:05:28 +01:00
key.c mac80211: free all AP/VLAN keys at once 2013-12-16 11:29:48 +01:00
key.h mac80211: free all AP/VLAN keys at once 2013-12-16 11:29:48 +01:00
led.c mac80211: use oneshot blink API for LED triggers 2013-08-01 10:48:49 +02:00
led.h mac80211: use oneshot blink API for LED triggers 2013-08-01 10:48:49 +02:00
main.c mac80211: fix memory leak in register_hw() error path 2014-01-06 16:02:34 +01:00
Makefile mac80211: mesh power save basics 2013-02-04 18:57:47 +01:00
mesh_hwmp.c mac80211: use put_unaligned_le in mesh when necessary 2013-11-25 20:51:55 +01:00
mesh_pathtbl.c mac80211: use put_unaligned_le in mesh when necessary 2013-11-25 20:51:55 +01:00
mesh_plink.c mac80211: enable WME for peer mesh STA 2014-01-06 17:43:06 +01:00
mesh_ps.c mac80211: use put_unaligned_le16 in mesh_plink_frame_tx 2013-11-25 20:51:53 +01:00
mesh_sync.c mac80211: update adjusting TBTT bit in beacon 2013-12-16 14:21:22 +01:00
mesh.c mac80211: sync dtim_count to TSF 2014-01-06 20:10:47 +01:00
mesh.h mac80211: use put_unaligned_le in mesh when necessary 2013-11-25 20:51:55 +01:00
michael.c
michael.h
mlme.c mac80211: fix memory leak 2014-02-11 12:59:36 +01:00
offchannel.c mac80211: Run deferred scan if last roc_list item is not started 2013-09-30 12:36:56 +02:00
pm.c mac80211: don't delay station destruction 2013-12-16 11:29:45 +01:00
rate.c mac80211: respect rate mask in TX 2013-10-15 15:16:29 +02:00
rate.h Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next 2013-12-02 14:25:38 -05:00
rc80211_minstrel_debugfs.c mac80211: cosmetics for minstrel_debugfs 2013-04-17 17:08:23 +02:00
rc80211_minstrel_ht_debugfs.c mac80211: minstrel_ht: replace some occurences of MCS_GROUP_RATES 2013-11-25 20:52:07 +01:00
rc80211_minstrel_ht.c mac80211: fix checkpatch errors 2013-12-18 10:33:06 +01:00
rc80211_minstrel_ht.h mac80211/minstrel_ht: use the new rate control API 2013-04-22 16:16:41 +02:00
rc80211_minstrel.c mac80211: fix checkpatch errors 2013-12-18 10:33:06 +01:00
rc80211_minstrel.h mac80211/minstrel: use the new rate control API 2013-04-22 16:16:41 +02:00
rc80211_pid_algo.c mac80211/rc80211: add chandef to rate initialization 2013-07-16 09:58:02 +03:00
rc80211_pid_debugfs.c mac80211: fix some snprintf misuses 2013-10-01 12:16:51 +02:00
rc80211_pid.h Fix common misspellings 2011-03-31 11:26:23 -03:00
rx.c mac80211: clean up prepare_for_handlers() return value 2014-01-07 16:23:24 +01:00
scan.c mac80211: reschedule sched scan after HW restart 2013-12-16 13:47:26 +01:00
spectmgmt.c mac80211: fix the mesh channel switch support 2013-11-25 16:50:13 +01:00
sta_info.c mac80211: fix AP powersave TX vs. wakeup race 2014-02-20 10:32:29 +01:00
sta_info.h mac80211: fix AP powersave TX vs. wakeup race 2014-02-20 10:32:29 +01:00
status.c mac80211: Tx frame latency statistics 2013-12-02 11:51:50 +01:00
tkip.c mac80211: fix checkpatch errors 2013-12-18 10:33:06 +01:00
tkip.h mac80211: fix TKIP races, make API easier to use 2011-07-08 11:11:19 -04:00
trace.c mac80211: trace debug messages 2012-06-24 11:33:18 +02:00
trace.h mac80211: add tracing for ieee80211_sta_set_buffered 2014-01-06 12:09:01 +01:00
tx.c mac80211: fix AP powersave TX vs. wakeup race 2014-02-20 10:32:29 +01:00
util.c mac80211: fix sched_scan restart on recovery 2014-02-11 12:59:12 +01:00
vht.c mac80211: enable easier manipulation of VHT beamforming caps 2013-11-25 20:52:01 +01:00
wep.c wireless: move crypto constants to ieee80211.h 2013-05-16 22:39:41 +02:00
wep.h mac80211: move RX WEP weak IV counting 2012-03-13 14:54:16 -04:00
wme.c mac80211: send control port protocol frames to the VO queue 2014-02-12 11:26:43 +01:00
wme.h mac80211: save wmm_acm per sdata 2012-06-20 17:35:22 +02:00
wpa.c mac80211: clean up garbage in comment 2014-01-07 16:21:56 +01:00
wpa.h mac80211: add generic cipher scheme support 2013-11-25 20:50:52 +01:00