[RFC,07/12] mt76x02: fix hdr pointer in write txwi for USB

Commit Message

Stanislaw Gruszka Feb. 28, 2019, 8:03 a.m. UTC

Since we add txwi at the begining of skb->data, it no longer point
to ieee80211_hdr. This breaks settings TS bit for probe response and
beacons.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
---
 drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Lorenzo Bianconi Feb. 28, 2019, 9:38 a.m. UTC | #1

> Since we add txwi at the begining of skb->data, it no longer point
> to ieee80211_hdr. This breaks settings TS bit for probe response and
> beacons.
> 
> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
> ---
>  drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c b/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
> index fdd6a021914d..bcf3126efda9 100644
> --- a/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
> +++ b/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
> @@ -85,8 +85,9 @@ int mt76x02u_tx_prepare_skb(struct mt76_dev *mdev, void *data,
>  
>  	mt76x02_insert_hdr_pad(skb);
>  
> -	txwi = skb_push(skb, sizeof(struct mt76x02_txwi));
> +	txwi = (struct mt76x02_txwi *)(skb->data - sizeof(struct mt76x02_txwi));
>  	mt76x02_mac_write_txwi(dev, txwi, skb, wcid, sta, len);
> +	skb_push(skb, sizeof(struct mt76x02_txwi));
>  
>  	pid = mt76_tx_status_skb_add(mdev, wcid, skb);
>  	txwi->pktid = pid;
> -- 
> 2.20.1
> 

Good catch :)
I think we should post it ontop of wireless-drivers since sw encryption is not
working now.

Acked-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>

Stanislaw Gruszka Feb. 28, 2019, 1:52 p.m. UTC | #2

On Thu, Feb 28, 2019 at 10:38:20AM +0100, Lorenzo Bianconi wrote:
> > Since we add txwi at the begining of skb->data, it no longer point
> > to ieee80211_hdr. This breaks settings TS bit for probe response and
> > beacons.
> > 
> > Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
> > ---
> >  drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c b/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
> > index fdd6a021914d..bcf3126efda9 100644
> > --- a/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
> > +++ b/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
> > @@ -85,8 +85,9 @@ int mt76x02u_tx_prepare_skb(struct mt76_dev *mdev, void *data,
> >  
> >  	mt76x02_insert_hdr_pad(skb);
> >  
> > -	txwi = skb_push(skb, sizeof(struct mt76x02_txwi));
> > +	txwi = (struct mt76x02_txwi *)(skb->data - sizeof(struct mt76x02_txwi));
> >  	mt76x02_mac_write_txwi(dev, txwi, skb, wcid, sta, len);
> > +	skb_push(skb, sizeof(struct mt76x02_txwi));
> >  
> >  	pid = mt76_tx_status_skb_add(mdev, wcid, skb);
> >  	txwi->pktid = pid;
> > -- 
> > 2.20.1
> > 
> 
> Good catch :)
> I think we should post it ontop of wireless-drivers since sw encryption is not
> working now.
> 
> Acked-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>

I can send it against 5.0, if Kalle will accept it, however
I do not have practical bug associated with this. Maybe we
sometimes can send ordinal frame with TS bit in txwi and it
is then malformed by HW, but I'm not sure. IBSS work with
this bug, not sure about MESH.

Stanislaw

Kalle Valo Feb. 28, 2019, 2:23 p.m. UTC | #3

Stanislaw Gruszka <sgruszka@redhat.com> writes:

> On Thu, Feb 28, 2019 at 10:38:20AM +0100, Lorenzo Bianconi wrote:
>> > Since we add txwi at the begining of skb->data, it no longer point
>> > to ieee80211_hdr. This breaks settings TS bit for probe response and
>> > beacons.
>> > 
>> > Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
>> > ---
>> >  drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c | 3 ++-
>> >  1 file changed, 2 insertions(+), 1 deletion(-)
>> > 
>> > diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c b/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
>> > index fdd6a021914d..bcf3126efda9 100644
>> > --- a/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
>> > +++ b/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
>> > @@ -85,8 +85,9 @@ int mt76x02u_tx_prepare_skb(struct mt76_dev *mdev, void *data,
>> >  
>> >  	mt76x02_insert_hdr_pad(skb);
>> >  
>> > -	txwi = skb_push(skb, sizeof(struct mt76x02_txwi));
>> > +	txwi = (struct mt76x02_txwi *)(skb->data - sizeof(struct mt76x02_txwi));
>> >  	mt76x02_mac_write_txwi(dev, txwi, skb, wcid, sta, len);
>> > +	skb_push(skb, sizeof(struct mt76x02_txwi));
>> >  
>> >  	pid = mt76_tx_status_skb_add(mdev, wcid, skb);
>> >  	txwi->pktid = pid;
>> > -- 
>> > 2.20.1
>> > 
>> 
>> Good catch :)
>> I think we should post it ontop of wireless-drivers since sw encryption is not
>> working now.
>> 
>> Acked-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
>
> I can send it against 5.0, if Kalle will accept it, however
> I do not have practical bug associated with this. Maybe we
> sometimes can send ordinal frame with TS bit in txwi and it
> is then malformed by HW, but I'm not sure. IBSS work with
> this bug, not sure about MESH.

Too late for 5.0 as Linus will most likely release it on Sunday. I
recommend sending it to wireless-drivers-next so that I can queue it for
5.1.

Patch

diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c b/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
index fdd6a021914d..bcf3126efda9 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x02_usb_core.c
@@ -85,8 +85,9 @@  int mt76x02u_tx_prepare_skb(struct mt76_dev *mdev, void *data,
 
 	mt76x02_insert_hdr_pad(skb);
 
-	txwi = skb_push(skb, sizeof(struct mt76x02_txwi));
+	txwi = (struct mt76x02_txwi *)(skb->data - sizeof(struct mt76x02_txwi));
 	mt76x02_mac_write_txwi(dev, txwi, skb, wcid, sta, len);
+	skb_push(skb, sizeof(struct mt76x02_txwi));
 
 	pid = mt76_tx_status_skb_add(mdev, wcid, skb);
 	txwi->pktid = pid;