lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed,  1 Jul 2020 17:07:01 +0200
From:   Jerome Pouiller <Jerome.Pouiller@...abs.com>
To:     devel@...verdev.osuosl.org, linux-wireless@...r.kernel.org
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Kalle Valo <kvalo@...eaurora.org>,
        "David S . Miller" <davem@...emloft.net>,
        Jérôme Pouiller 
        <jerome.pouiller@...abs.com>
Subject: [PATCH 07/13] staging: wfx: fix unexpected calls to ieee80211_sta_set_buffered()

From: Jérôme Pouiller <jerome.pouiller@...abs.com>

When a station go to sleep, the driver receive the status REQUEUE and
forward this answer to mac80211. So, neither the driver, neither the
hardware buffer the frames. So the call to ieee80211_sta_set_buffered is
useless.

In add, it seems that mac80211 does not expect to receive
ieee80211_sta_set_buffered(false) after the station is asleep(). When
the device send data to a station, the following sequence can be
observed:

   - Mac80211 call wfx_sta_notify(awake).
   - The driver calls ieee80211_sta_set_buffered(true). Since the
     station is awake, its TIM is not set.
   - Mac80211 receive a power save notification from the station, so it
     calls wfx_sta_notify(asleep).
   - Then, since the driver has declared it has buffered some frames,
     the TIM of the station should be set. This action is delayed by
     mac80211.
   - The device also notice the station go to sleep. It replies the
     REQUEUE status for the buffered frames. The driver forward this
     status to mac80211.
   - There is no more frames in queues, so the driver call
     ieee80211_sta_set_buffered(false).
   - Mac80211 updates the TIM but since there is no frames buffered by
     the driver, it set the TIM for the station to 0.

Anyway, correctly use the ieee80211_sta_set_buffered() API solves the
problem.

Signed-off-by: Jérôme Pouiller <jerome.pouiller@...abs.com>
---
 drivers/staging/wfx/data_tx.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/drivers/staging/wfx/data_tx.c b/drivers/staging/wfx/data_tx.c
index dcec722afb174..3244a768345c5 100644
--- a/drivers/staging/wfx/data_tx.c
+++ b/drivers/staging/wfx/data_tx.c
@@ -225,7 +225,6 @@ static void wfx_tx_manage_pm(struct wfx_vif *wvif, struct ieee80211_hdr *hdr,
 		sta_priv = (struct wfx_sta_priv *)&sta->drv_priv;
 		spin_lock_bh(&sta_priv->lock);
 		sta_priv->buffered[tid]++;
-		ieee80211_sta_set_buffered(sta, tid, true);
 		spin_unlock_bh(&sta_priv->lock);
 	}
 }
@@ -471,8 +470,6 @@ static void wfx_tx_update_sta(struct wfx_vif *wvif, struct ieee80211_hdr *hdr)
 		spin_lock_bh(&sta_priv->lock);
 		WARN(!sta_priv->buffered[tid], "inconsistent notification");
 		sta_priv->buffered[tid]--;
-		if (!sta_priv->buffered[tid])
-			ieee80211_sta_set_buffered(sta, tid, false);
 		spin_unlock_bh(&sta_priv->lock);
 	} else {
 		dev_dbg(wvif->wdev->dev, "%s: sta does not exist anymore\n",
-- 
2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ