From patchwork Fri Jul 19 09:37:39 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
X-Patchwork-Id: 2830429
Return-Path: <linux-wireless-owner@kernel.org>
X-Original-To: patchwork-linux-wireless@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 140CCC0319
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Fri, 19 Jul 2013 09:46:23 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 3AB26202F9
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Fri, 19 Jul 2013 09:46:22 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 34246202F7
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Fri, 19 Jul 2013 09:46:21 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751981Ab3GSJqT (ORCPT
	<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
	Fri, 19 Jul 2013 05:46:19 -0400
Received: from mail-pb0-f41.google.com ([209.85.160.41]:58172 "EHLO
	mail-pb0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751873Ab3GSJqS (ORCPT
	<rfc822;linux-wireless@vger.kernel.org>);
	Fri, 19 Jul 2013 05:46:18 -0400
Received: by mail-pb0-f41.google.com with SMTP id rp16so4253843pbb.14
	for <linux-wireless@vger.kernel.org>;
	Fri, 19 Jul 2013 02:46:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:x-mailer;
	bh=c1bwEeIgpSaJny1QB+Wc4whxSRxXttTS10hONOEjZsM=;
	b=ufCaHRd+eEcDa13caIoeo42JSqYlSa5vJlrIjm0Ytkv8yJxr3TV6mOYLMxc2VJ6g3l
	hJx+vnOw/shW0kwtEJ98PYNyRlrCR53F+2YpGPp2KYI23LkHC+kD43jCJU3Bk3gVZaEn
	edZoO+iVMoNYsM7XQIlB2X5+zLrUm0y6W81albAchxqiVqq2/mSHWeRkTvAlFKaoOwZT
	Wtaxf8t3LoMzh5Lr4HdmFsCBZMxvIjjKvBCAhOy8weqH5GR99i2dIlgi1e4wzdwAbSAe
	uqeThKsiDATq3lLMVtb870IPtmgH9FbpvVeuLJ77xZcNP4VWlqZToETneKOBM0A+r0cX
	/F6w==
X-Received: by 10.66.102.6 with SMTP id fk6mr17511348pab.184.1374227177780;
	Fri, 19 Jul 2013 02:46:17 -0700 (PDT)
Received: from localhost.localdomain ([58.26.233.146])
	by mx.google.com with ESMTPSA id
	is3sm12435225pbc.25.2013.07.19.02.46.15 for <multiple recipients>
	(version=TLSv1 cipher=RC4-SHA bits=128/128);
	Fri, 19 Jul 2013 02:46:16 -0700 (PDT)
From: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
To: linux-wireless@vger.kernel.org
Cc: johannes@sipsolutions.net, linville@tuxdriver.com,
	Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Subject: [PATCH v2] mac80211: prevent the buffering or frame transmission to
	non-assoc mesh STA
Date: Fri, 19 Jul 2013 17:37:39 +0800
Message-Id: <1374226659-2929-1-git-send-email-yeohchunyeow@gmail.com>
X-Mailer: git-send-email 1.7.0.4
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,
	T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

This patch is intended to avoid the buffering to non-assoc mesh STA
and also to avoid the triggering of frame to non-assoc mesh STA which
could cause kernel panic in specific hw.

One of the examples, is kernel panic happens to ath9k if user space
inserts the mesh STA and not proceed with the SAE and AMPE, and later
the same mesh STA is detected again. The sta_state of the mesh STA remains
at IEEE80211_STA_NONE and if the ieee80211_sta_ps_deliver_wakeup is called
and subsequently the ath_tx_aggr_wakeup, the kernel panic due to
ath_tx_node_init is not called before to initialize the require data
structures.

This issue is reported by Cedric Voncken before.
http://www.spinics.net/lists/linux-wireless/msg106342.html

[<831ea6b4>] ath_tx_aggr_wakeup+0x44/0xcc [ath9k]
[<83084214>] ieee80211_sta_ps_deliver_wakeup+0xb8/0x208 [mac80211]
[<830b9824>] ieee80211_mps_sta_status_update+0x94/0x108 [mac80211]
[<83099398>] ieee80211_sta_ps_transition+0xc94/0x34d8 [mac80211]
[<8022399c>] nf_iterate+0x98/0x104
[<8309bb60>] ieee80211_sta_ps_transition+0x345c/0x34d8 [mac80211]

Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
---
v2: 
	change the subject to be less ath9k-centric (Johannes)
	push the checking higher to prevent buffering for non-assoc STA (Bob Copeland)

 net/mac80211/mesh_ps.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/net/mac80211/mesh_ps.c b/net/mac80211/mesh_ps.c
index 3b7bfc0..22290a9 100644
--- a/net/mac80211/mesh_ps.c
+++ b/net/mac80211/mesh_ps.c
@@ -229,6 +229,10 @@ void ieee80211_mps_sta_status_update(struct sta_info *sta)
 	enum nl80211_mesh_power_mode pm;
 	bool do_buffer;
 
+	/* For non-assoc STA, prevent buffering or frame transmission */
+	if (sta->sta_state < IEEE80211_STA_ASSOC)
+		return;
+
 	/*
 	 * use peer-specific power mode if peering is established and the
 	 * peer's power mode is known