[openwrt/openwrt] mac80211: fix crash in drivers relying on mac80211 retransmitting packets for powersave clients
LEDE Commits
lede-commits at lists.infradead.org
Tue Nov 23 07:50:01 PST 2021
nbd pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/d1ea575baa1b53bb477a020974afcec1b1193edc
commit d1ea575baa1b53bb477a020974afcec1b1193edc
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Tue Nov 23 13:18:03 2021 +0100
mac80211: fix crash in drivers relying on mac80211 retransmitting packets for powersave clients
This showed up primarily on rt2x00
Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
...fix-rate-control-for-retransmitted-frames.patch | 35 ++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/package/kernel/mac80211/patches/subsys/301-mac80211-fix-rate-control-for-retransmitted-frames.patch b/package/kernel/mac80211/patches/subsys/301-mac80211-fix-rate-control-for-retransmitted-frames.patch
new file mode 100644
index 0000000000..42f7d6bfe7
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/301-mac80211-fix-rate-control-for-retransmitted-frames.patch
@@ -0,0 +1,35 @@
+From: Felix Fietkau <nbd at nbd.name>
+Date: Mon, 22 Nov 2021 21:39:38 +0100
+Subject: [PATCH] mac80211: fix rate control for retransmitted frames
+
+Since retransmission clears info->control, rate control needs to be called
+again, otherwise the driver might crash due to invalid rates.
+
+Cc: stable at vger.kernel.org # 5.14+
+Reported-by: Aaro Koskinen <aaro.koskinen at iki.fi>
+Reported-by: Robert W <rwbugreport at lost-in-the-void.net>
+Fixes: 03c3911d2d67 ("mac80211: call ieee80211_tx_h_rate_ctrl() when dequeue")
+Signed-off-by: Felix Fietkau <nbd at nbd.name>
+---
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -1825,15 +1825,15 @@ static int invoke_tx_handlers_late(struc
+ struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
+ ieee80211_tx_result res = TX_CONTINUE;
+
++ if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
++ CALL_TXH(ieee80211_tx_h_rate_ctrl);
++
+ if (unlikely(info->flags & IEEE80211_TX_INTFL_RETRANSMISSION)) {
+ __skb_queue_tail(&tx->skbs, tx->skb);
+ tx->skb = NULL;
+ goto txh_done;
+ }
+
+- if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
+- CALL_TXH(ieee80211_tx_h_rate_ctrl);
+-
+ CALL_TXH(ieee80211_tx_h_michael_mic_add);
+ CALL_TXH(ieee80211_tx_h_sequence);
+ CALL_TXH(ieee80211_tx_h_fragment);
More information about the lede-commits
mailing list