lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID:
 <PA4PR04MB96380325F7E5640BD4ED903BD17F2@PA4PR04MB9638.eurprd04.prod.outlook.com>
Date: Wed, 9 Oct 2024 06:23:59 +0000
From: David Lin <yu-hao.lin@....com>
To: "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"briannorris@...omium.org" <briannorris@...omium.org>, "kvalo@...nel.org"
	<kvalo@...nel.org>, "francesco@...cini.it" <francesco@...cini.it>, Pete Hsieh
	<tsung-hsien.hsieh@....com>, "s.hauer@...gutronix.de"
	<s.hauer@...gutronix.de>
Subject: RE: [PATCH v2] wifi: nxpwifi: fix firmware crash for AP DFS mode

Sorry. It should be "wifi: mwifiex: ...". I will submit correct one later.
> From: David Lin <yu-hao.lin@....com>
> Sent: Wednesday, October 9, 2024 2:07 PM
> To: linux-wireless@...r.kernel.org
> Cc: linux-kernel@...r.kernel.org; briannorris@...omium.org;
> kvalo@...nel.org; francesco@...cini.it; Pete Hsieh
> <tsung-hsien.hsieh@....com>; s.hauer@...gutronix.de; David Lin
> <yu-hao.lin@....com>
> Subject: [PATCH v2] wifi: nxpwifi: fix firmware crash for AP DFS mode
> 
> When AP mode is running on DFS channel and radar detection happened
> during or after CAC, firmware will crash due to the code of mwifiex is too old
> to handle DFS process. This patch fixes above issue and had been tested with
> IW416.
> 
> Signed-off-by: David Lin <yu-hao.lin@....com>
> ---
> 
> v2:
>    - remove clean up for adapter (from priv->adapter to adapter).
>    - remove useless check of netif_carrier_ok().
>    - just return directly for mwifiex_cfg80211_change_beacon().
>    - remove debugfs file "fake_radar_detect".
> 
> ---
>  drivers/net/wireless/marvell/mwifiex/11h.c    | 49 ++++++++++++++++---
>  .../net/wireless/marvell/mwifiex/cfg80211.c   | 49 +++++++------------
>  .../net/wireless/marvell/mwifiex/cfg80211.h   |  4 +-
>  drivers/net/wireless/marvell/mwifiex/decl.h   |  1 +
>  drivers/net/wireless/marvell/mwifiex/main.h   |  1 +
>  5 files changed, 66 insertions(+), 38 deletions(-)
> 
> diff --git a/drivers/net/wireless/marvell/mwifiex/11h.c
> b/drivers/net/wireless/marvell/mwifiex/11h.c
> index 032b93a41d99..3d8f6c610bca 100644
> --- a/drivers/net/wireless/marvell/mwifiex/11h.c
> +++ b/drivers/net/wireless/marvell/mwifiex/11h.c
> @@ -7,7 +7,7 @@
> 
>  #include "main.h"
>  #include "fw.h"
> -
> +#include "cfg80211.h"
> 
>  void mwifiex_init_11h_params(struct mwifiex_private *priv)  { @@ -221,8
> +221,11 @@ int mwifiex_11h_handle_chanrpt_ready(struct mwifiex_private
> *priv,
>  				cancel_delayed_work_sync(&priv->dfs_cac_work);
>  				cfg80211_cac_event(priv->netdev,
>  						   &priv->dfs_chandef,
> -						   NL80211_RADAR_DETECTED,
> +						   NL80211_RADAR_CAC_ABORTED,
>  						   GFP_KERNEL, 0);
> +				cfg80211_radar_event(priv->adapter->wiphy,
> +						     &priv->dfs_chandef,
> +						     GFP_KERNEL);
>  			}
>  			break;
>  		default:
> @@ -245,9 +248,16 @@ int mwifiex_11h_handle_radar_detected(struct
> mwifiex_private *priv,
> 
>  	mwifiex_dbg(priv->adapter, MSG,
>  		    "radar detected; indicating kernel\n");
> -	if (mwifiex_stop_radar_detection(priv, &priv->dfs_chandef))
> -		mwifiex_dbg(priv->adapter, ERROR,
> -			    "Failed to stop CAC in FW\n");
> +
> +	if (priv->wdev.links[0].cac_started) {
> +		if (mwifiex_stop_radar_detection(priv, &priv->dfs_chandef))
> +			mwifiex_dbg(priv->adapter, ERROR,
> +				    "Failed to stop CAC in FW\n");
> +		cancel_delayed_work_sync(&priv->dfs_cac_work);
> +		cfg80211_cac_event(priv->netdev, &priv->dfs_chandef,
> +				   NL80211_RADAR_CAC_ABORTED, GFP_KERNEL, 0);
> +	}
> +
>  	cfg80211_radar_event(priv->adapter->wiphy, &priv->dfs_chandef,
>  			     GFP_KERNEL);
>  	mwifiex_dbg(priv->adapter, MSG, "regdomain: %d\n", @@ -268,8
> +278,12 @@ void mwifiex_dfs_chan_sw_work_queue(struct work_struct
> *work)
>  	struct mwifiex_uap_bss_param *bss_cfg;
>  	struct delayed_work *delayed_work = to_delayed_work(work);
>  	struct mwifiex_private *priv =
> -			container_of(delayed_work, struct mwifiex_private,
> -				     dfs_chan_sw_work);
> +		container_of(delayed_work, struct mwifiex_private,
> +			     dfs_chan_sw_work);
> +
> +	if (mwifiex_del_mgmt_ies(priv))
> +		mwifiex_dbg(priv->adapter, ERROR,
> +			    "Failed to delete mgmt IEs!\n");
> 
>  	bss_cfg = &priv->bss_cfg;
>  	if (!bss_cfg->beacon_period) {
> @@ -278,6 +292,21 @@ void mwifiex_dfs_chan_sw_work_queue(struct
> work_struct *work)
>  		return;
>  	}
> 
> +	if (mwifiex_send_cmd(priv, HostCmd_CMD_UAP_BSS_STOP,
> +			     HostCmd_ACT_GEN_SET, 0, NULL, true)) {
> +		mwifiex_dbg(priv->adapter, ERROR,
> +			    "channel switch: Failed to stop the BSS\n");
> +		return;
> +	}
> +
> +	if (mwifiex_cfg80211_change_beacon_data(priv->adapter->wiphy,
> +						priv->netdev,
> +						&priv->beacon_after)) {
> +		mwifiex_dbg(priv->adapter, ERROR,
> +			    "channel switch: Failed to set beacon\n");
> +		return;
> +	}
> +
>  	mwifiex_uap_set_channel(priv, bss_cfg, priv->dfs_chandef);
> 
>  	if (mwifiex_config_start_uap(priv, bss_cfg)) { @@ -291,4 +320,10 @@
> void mwifiex_dfs_chan_sw_work_queue(struct work_struct *work)
>  	wiphy_lock(priv->wdev.wiphy);
>  	cfg80211_ch_switch_notify(priv->netdev, &priv->dfs_chandef, 0);
>  	wiphy_unlock(priv->wdev.wiphy);
> +
> +	if (priv->uap_stop_tx) {
> +		netif_carrier_on(priv->netdev);
> +		mwifiex_wake_up_net_dev_queue(priv->netdev, priv->adapter);
> +		priv->uap_stop_tx = false;
> +	}
>  }
> diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
> b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
> index fca3eea7ee84..40f51e62b2e7 100644
> --- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
> +++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
> @@ -1858,16 +1858,12 @@ static int
> mwifiex_cfg80211_set_cqm_rssi_config(struct wiphy *wiphy,
>  	return 0;
>  }
> 
> -/* cfg80211 operation handler for change_beacon.
> - * Function retrieves and sets modified management IEs to FW.
> - */
> -static int mwifiex_cfg80211_change_beacon(struct wiphy *wiphy,
> -					  struct net_device *dev,
> -					  struct cfg80211_ap_update *params)
> +int mwifiex_cfg80211_change_beacon_data(struct wiphy *wiphy,
> +					struct net_device *dev,
> +					struct cfg80211_beacon_data *data)
>  {
>  	struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev);
>  	struct mwifiex_adapter *adapter = priv->adapter;
> -	struct cfg80211_beacon_data *data = &params->beacon;
> 
>  	mwifiex_cancel_scan(adapter);
> 
> @@ -1877,12 +1873,6 @@ static int mwifiex_cfg80211_change_beacon(struct
> wiphy *wiphy,
>  		return -EINVAL;
>  	}
> 
> -	if (!priv->bss_started) {
> -		mwifiex_dbg(priv->adapter, ERROR,
> -			    "%s: bss not started\n", __func__);
> -		return -EINVAL;
> -	}
> -
>  	if (mwifiex_set_mgmt_ies(priv, data)) {
>  		mwifiex_dbg(priv->adapter, ERROR,
>  			    "%s: setting mgmt ies failed\n", __func__); @@ -1892,6
> +1882,16 @@ static int mwifiex_cfg80211_change_beacon(struct wiphy
> *wiphy,
>  	return 0;
>  }
> 
> +/* cfg80211 operation handler for change_beacon.
> + * Function retrieves and sets modified management IEs to FW.
> + */
> +static int mwifiex_cfg80211_change_beacon(struct wiphy *wiphy,
> +					  struct net_device *dev,
> +					  struct cfg80211_ap_update *params) {
> +	return mwifiex_cfg80211_change_beacon_data(wiphy, dev,
> +&params->beacon); }
> +
>  /* cfg80211 operation handler for del_station.
>   * Function deauthenticates station which value is provided in mac
> parameter.
>   * If mac is NULL/broadcast, all stations in associated station list are @@
> -4027,10 +4027,8 @@ static int  mwifiex_cfg80211_channel_switch(struct
> wiphy *wiphy, struct net_device *dev,
>  				struct cfg80211_csa_settings *params)  {
> -	struct ieee_types_header *chsw_ie;
> -	struct ieee80211_channel_sw_ie *channel_sw;
> -	int chsw_msec;
>  	struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev);
> +	int chsw_msec;
> 
>  	if (priv->adapter->scan_processing) {
>  		mwifiex_dbg(priv->adapter, ERROR,
> @@ -4045,20 +4043,10 @@ mwifiex_cfg80211_channel_switch(struct wiphy
> *wiphy, struct net_device *dev,
>  				       &priv->dfs_chandef))
>  		return -EINVAL;
> 
> -	chsw_ie = (void *)cfg80211_find_ie(WLAN_EID_CHANNEL_SWITCH,
> -					   params->beacon_csa.tail,
> -					   params->beacon_csa.tail_len);
> -	if (!chsw_ie) {
> -		mwifiex_dbg(priv->adapter, ERROR,
> -			    "Could not parse channel switch announcement IE\n");
> -		return -EINVAL;
> -	}
> -
> -	channel_sw = (void *)(chsw_ie + 1);
> -	if (channel_sw->mode) {
> -		if (netif_carrier_ok(priv->netdev))
> -			netif_carrier_off(priv->netdev);
> +	if (params->block_tx) {
> +		netif_carrier_off(priv->netdev);
>  		mwifiex_stop_net_dev_queue(priv->netdev, priv->adapter);
> +		priv->uap_stop_tx = true;
>  	}
> 
>  	if (mwifiex_del_mgmt_ies(priv))
> @@ -4075,7 +4063,7 @@ mwifiex_cfg80211_channel_switch(struct wiphy
> *wiphy, struct net_device *dev,
>  	memcpy(&priv->beacon_after, &params->beacon_after,
>  	       sizeof(priv->beacon_after));
> 
> -	chsw_msec = max(channel_sw->count * priv->bss_cfg.beacon_period,
> 100);
> +	chsw_msec = max(params->count * priv->bss_cfg.beacon_period, 100);
>  	queue_delayed_work(priv->dfs_chan_sw_workqueue,
> &priv->dfs_chan_sw_work,
>  			   msecs_to_jiffies(chsw_msec));
>  	return 0;
> @@ -4814,6 +4802,7 @@ int mwifiex_register_cfg80211(struct
> mwifiex_adapter *adapter)
>  			WIPHY_FLAG_HAS_CHANNEL_SWITCH |
>  			WIPHY_FLAG_NETNS_OK |
>  			WIPHY_FLAG_PS_ON_BY_DEFAULT;
> +	wiphy->max_num_csa_counters = MWIFIEX_MAX_CSA_COUNTERS;
> 
>  	if (adapter->host_mlme_enabled)
>  		wiphy->flags |= WIPHY_FLAG_REPORTS_OBSS; diff --git
> a/drivers/net/wireless/marvell/mwifiex/cfg80211.h
> b/drivers/net/wireless/marvell/mwifiex/cfg80211.h
> index 50f7001f5ef0..0a12437f89f2 100644
> --- a/drivers/net/wireless/marvell/mwifiex/cfg80211.h
> +++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.h
> @@ -13,5 +13,7 @@
>  #include "main.h"
> 
>  int mwifiex_register_cfg80211(struct mwifiex_adapter *);
> -
> +int mwifiex_cfg80211_change_beacon_data(struct wiphy *wiphy,
> +					struct net_device *dev,
> +					struct cfg80211_beacon_data *data);
>  #endif
> diff --git a/drivers/net/wireless/marvell/mwifiex/decl.h
> b/drivers/net/wireless/marvell/mwifiex/decl.h
> index 84603f1e7f6e..9ece61743b9c 100644
> --- a/drivers/net/wireless/marvell/mwifiex/decl.h
> +++ b/drivers/net/wireless/marvell/mwifiex/decl.h
> @@ -19,6 +19,7 @@
> 
>  #define MWIFIEX_BSS_COEX_COUNT	     2
>  #define MWIFIEX_MAX_BSS_NUM         (3)
> +#define MWIFIEX_MAX_CSA_COUNTERS     5
> 
>  #define MWIFIEX_DMA_ALIGN_SZ	    64
>  #define MWIFIEX_RX_HEADROOM	    64
> diff --git a/drivers/net/wireless/marvell/mwifiex/main.h
> b/drivers/net/wireless/marvell/mwifiex/main.h
> index 566adce3413c..58e8a3daba4a 100644
> --- a/drivers/net/wireless/marvell/mwifiex/main.h
> +++ b/drivers/net/wireless/marvell/mwifiex/main.h
> @@ -678,6 +678,7 @@ struct mwifiex_private {
>  	struct delayed_work dfs_cac_work;
>  	struct workqueue_struct *dfs_chan_sw_workqueue;
>  	struct delayed_work dfs_chan_sw_work;
> +	bool uap_stop_tx;
>  	struct cfg80211_beacon_data beacon_after;
>  	struct mwifiex_11h_intf_state state_11h;
>  	struct mwifiex_ds_mem_rw mem_rw;
> 
> base-commit: 5a4d42c1688c88f3be6aef46b0ea6c32694cd2b8
> --
> 2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ