1 From 70f119fb82af7f7417dc659faf02c91e1f853739 Mon Sep 17 00:00:00 2001
2 From: Sergey Ryazanov <ryazanov.s.a@gmail.com>
3 Date: Mon, 16 May 2022 13:26:00 +0300
4 Subject: ath10k: htt_tx: do not interpret Eth frames as WiFi
6 The xmit path for the Ethernet encapsulated frames become more or less
7 usable since d740d8fd2439 ("ath10k: unify tx mode and dispatch"). This
8 change reorganize the xmit path in a manageable way to properly support
9 various tx modes, but misses that the Ethernet encapsulated frame is a
10 special case. We do not have an IEEE 802.11 header at the begining of
11 them. But the HTT Tx handler still interprets first bytes of each frame
12 as an IEEE 802.11 Frame Control field.
14 Than this code was copied by e62ee5c381c5 ("ath10k: Add support for
15 htt_data_tx_desc_64 descriptor") and a2097d6444c3 ("ath10k: htt: High
16 latency TX support") to another handlers. In fact the issue in the high
17 latency (HL) handler was introduced by 83ac260151e7 ("ath10k: add mic
18 bytes for pmf management packet").
20 Ethernet encapsulated frame tx mode stay unused until 75d85fd9993c
21 ("ath10k: introduce basic tdls functionality") started using it for TDLS
22 frames to avoid key selection issue in some firmwares.
24 Trying to interpret the begining of an Ethernet encapsulated frame as an
25 IEEE 802.11 header was not hurt us noticeably since we need to meet two
26 conditions: (1) xmit should be performed towards a TDLS peer, and (2)
27 the TDLS peer should have a specific OUI part of its MAC address. Looks
28 like that the rareness in TDLS communications of OUIs that can be
29 interpreted as an 802.11 management frame saves users from facing this
32 Improve Ethernet tx mode support in the HTT Tx handler by avoiding
33 interpreting its first bytes as an IEEE 802.11 header. While at it, make
34 the ieee80211_hdr variable local to the code block that is guarded by
35 !is_eth check. In this way, we clarify in which cases a frame can be
36 interpreted as IEEE 802.11, and saves us from similar issues in the
39 Credits: this change as part of xmit encapsulation offloading support
40 was originally made by QCA and then submitted for inclusion by John
41 Crispin [1]. But the whole work was not accepted due to the lack of a
42 part for 64-bits descriptors [2]. Zhijun You then pointed this out to me
43 in a reply to my initial RFC patch series. And I made this slightly
44 reworked version that covered all the HTT Tx handler variants.
46 1. https://lore.kernel.org/all/20191216092207.31032-1-john@phrozen.org/
47 2. https://patchwork.kernel.org/project/linux-wireless/patch/20191216092207.31032-1-john@phrozen.org/
49 Reported-by: Zhijun You <hujy652@gmail.com>
50 Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
51 Signed-off-by: John Crispin <john@phrozen.org>
52 Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
53 Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
54 Link: https://lore.kernel.org/r/20220516032519.29831-3-ryazanov.s.a@gmail.com
56 drivers/net/wireless/ath/ath10k/htt_tx.c | 61 ++++++++++++++++++--------------
57 1 file changed, 35 insertions(+), 26 deletions(-)
59 --- a/drivers/net/wireless/ath/ath10k/htt_tx.c
60 +++ b/drivers/net/wireless/ath/ath10k/htt_tx.c
61 @@ -1295,7 +1295,6 @@ static int ath10k_htt_tx_hl(struct ath10
62 struct ath10k *ar = htt->ar;
64 struct htt_cmd_hdr *cmd_hdr;
65 - struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)msdu->data;
66 struct htt_data_tx_desc *tx_desc;
67 struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(msdu);
68 struct sk_buff *tmp_skb;
69 @@ -1306,11 +1305,15 @@ static int ath10k_htt_tx_hl(struct ath10
73 - if ((ieee80211_is_action(hdr->frame_control) ||
74 - ieee80211_is_deauth(hdr->frame_control) ||
75 - ieee80211_is_disassoc(hdr->frame_control)) &&
76 - ieee80211_has_protected(hdr->frame_control)) {
77 - skb_put(msdu, IEEE80211_CCMP_MIC_LEN);
79 + struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)msdu->data;
81 + if ((ieee80211_is_action(hdr->frame_control) ||
82 + ieee80211_is_deauth(hdr->frame_control) ||
83 + ieee80211_is_disassoc(hdr->frame_control)) &&
84 + ieee80211_has_protected(hdr->frame_control)) {
85 + skb_put(msdu, IEEE80211_CCMP_MIC_LEN);
90 @@ -1407,7 +1410,6 @@ static int ath10k_htt_tx_32(struct ath10
92 struct ath10k *ar = htt->ar;
93 struct device *dev = ar->dev;
94 - struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)msdu->data;
95 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(msdu);
96 struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(msdu);
97 struct ath10k_hif_sg_item sg_items[2];
98 @@ -1439,15 +1441,19 @@ static int ath10k_htt_tx_32(struct ath10
99 txbuf_paddr = htt->txbuf.paddr +
100 (sizeof(struct ath10k_htt_txbuf_32) * msdu_id);
102 - if ((ieee80211_is_action(hdr->frame_control) ||
103 - ieee80211_is_deauth(hdr->frame_control) ||
104 - ieee80211_is_disassoc(hdr->frame_control)) &&
105 - ieee80211_has_protected(hdr->frame_control)) {
106 - skb_put(msdu, IEEE80211_CCMP_MIC_LEN);
107 - } else if (!(skb_cb->flags & ATH10K_SKB_F_NO_HWCRYPT) &&
108 - txmode == ATH10K_HW_TXRX_RAW &&
109 - ieee80211_has_protected(hdr->frame_control)) {
110 - skb_put(msdu, IEEE80211_CCMP_MIC_LEN);
112 + struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)msdu->data;
114 + if ((ieee80211_is_action(hdr->frame_control) ||
115 + ieee80211_is_deauth(hdr->frame_control) ||
116 + ieee80211_is_disassoc(hdr->frame_control)) &&
117 + ieee80211_has_protected(hdr->frame_control)) {
118 + skb_put(msdu, IEEE80211_CCMP_MIC_LEN);
119 + } else if (!(skb_cb->flags & ATH10K_SKB_F_NO_HWCRYPT) &&
120 + txmode == ATH10K_HW_TXRX_RAW &&
121 + ieee80211_has_protected(hdr->frame_control)) {
122 + skb_put(msdu, IEEE80211_CCMP_MIC_LEN);
126 skb_cb->paddr = dma_map_single(dev, msdu->data, msdu->len,
127 @@ -1609,7 +1615,6 @@ static int ath10k_htt_tx_64(struct ath10
129 struct ath10k *ar = htt->ar;
130 struct device *dev = ar->dev;
131 - struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)msdu->data;
132 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(msdu);
133 struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(msdu);
134 struct ath10k_hif_sg_item sg_items[2];
135 @@ -1641,15 +1646,19 @@ static int ath10k_htt_tx_64(struct ath10
136 txbuf_paddr = htt->txbuf.paddr +
137 (sizeof(struct ath10k_htt_txbuf_64) * msdu_id);
139 - if ((ieee80211_is_action(hdr->frame_control) ||
140 - ieee80211_is_deauth(hdr->frame_control) ||
141 - ieee80211_is_disassoc(hdr->frame_control)) &&
142 - ieee80211_has_protected(hdr->frame_control)) {
143 - skb_put(msdu, IEEE80211_CCMP_MIC_LEN);
144 - } else if (!(skb_cb->flags & ATH10K_SKB_F_NO_HWCRYPT) &&
145 - txmode == ATH10K_HW_TXRX_RAW &&
146 - ieee80211_has_protected(hdr->frame_control)) {
147 - skb_put(msdu, IEEE80211_CCMP_MIC_LEN);
149 + struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)msdu->data;
151 + if ((ieee80211_is_action(hdr->frame_control) ||
152 + ieee80211_is_deauth(hdr->frame_control) ||
153 + ieee80211_is_disassoc(hdr->frame_control)) &&
154 + ieee80211_has_protected(hdr->frame_control)) {
155 + skb_put(msdu, IEEE80211_CCMP_MIC_LEN);
156 + } else if (!(skb_cb->flags & ATH10K_SKB_F_NO_HWCRYPT) &&
157 + txmode == ATH10K_HW_TXRX_RAW &&
158 + ieee80211_has_protected(hdr->frame_control)) {
159 + skb_put(msdu, IEEE80211_CCMP_MIC_LEN);
163 skb_cb->paddr = dma_map_single(dev, msdu->data, msdu->len,