mac80211: Fix rate_idx underflow in mwl8k (FS#2218)
authorPetr Štetiar <ynezz@true.cz>
Mon, 8 Apr 2019 08:20:32 +0000 (10:20 +0200)
committerPetr Štetiar <ynezz@true.cz>
Sun, 14 Apr 2019 21:42:03 +0000 (23:42 +0200)
Add a patch for mwl8k which fixes endless reboot loops on Linksys EA4500
with certain 5G configurations.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
package/kernel/mac80211/Makefile
package/kernel/mac80211/patches/mwl/941-mwl8k-Fix-rate_idx-underflow.patch [new file with mode: 0644]

index 0db42aeb9a85ff1e672d12551f1bd4041a351483..5ab42f0a1fc1206b825aecf967d42f7fd718d904 100644 (file)
@@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk
 PKG_NAME:=mac80211
 
 PKG_VERSION:=4.19.32-1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v4.19.32/
 PKG_HASH:=838db1565b54fe4bd1e769c54f30c65c9ea2fb5e99a0cddb7910561794ae317a
 
diff --git a/package/kernel/mac80211/patches/mwl/941-mwl8k-Fix-rate_idx-underflow.patch b/package/kernel/mac80211/patches/mwl/941-mwl8k-Fix-rate_idx-underflow.patch
new file mode 100644 (file)
index 0000000..4f4812b
--- /dev/null
@@ -0,0 +1,80 @@
+From b897577af85bb5e5638efa780bc3716fae5212d3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20=C5=A0tetiar?= <ynezz@true.cz>
+Date: Mon, 8 Apr 2019 09:45:56 +0200
+Subject: [PATCH] mwl8k: Fix rate_idx underflow
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+It was reported on OpenWrt bug tracking system[1], that several users
+are affected by the endless reboot of their routers if they configure
+5GHz interface with channel 44 or 48.
+
+The reboot loop is caused by the following excessive number of WARN_ON
+messages:
+
+ WARNING: CPU: 0 PID: 0 at backports-4.19.23-1/net/mac80211/rx.c:4516
+                             ieee80211_rx_napi+0x1fc/0xa54 [mac80211]
+
+as the messages are being correctly emitted by the following guard:
+
+ case RX_ENC_LEGACY:
+      if (WARN_ON(status->rate_idx >= sband->n_bitrates))
+
+as the rate_idx is in this case erroneously set to 251 (0xfb). This fix
+simply converts previously used magic number to proper constant and
+guards against substraction which is leading to the currently observed
+underflow.
+
+1. https://bugs.openwrt.org/index.php?do=details&task_id=2218
+
+Fixes: 854783444bab ("mwl8k: properly set receive status rate index on 5 GHz receive")
+Cc: <stable@vger.kernel.org>
+Tested-by: Eubert Bao <bunnier@gmail.com>
+Reported-by: Eubert Bao <bunnier@gmail.com>
+Signed-off-by: Petr Štetiar <ynezz@true.cz>
+---
+ drivers/net/wireless/marvell/mwl8k.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/net/wireless/marvell/mwl8k.c b/drivers/net/wireless/marvell/mwl8k.c
+index 8e4e9b6..ffc565a 100644
+--- a/drivers/net/wireless/marvell/mwl8k.c
++++ b/drivers/net/wireless/marvell/mwl8k.c
+@@ -441,6 +441,9 @@ struct mwl8k_sta {
+ #define MWL8K_CMD_UPDATE_STADB                0x1123
+ #define MWL8K_CMD_BASTREAM            0x1125
++#define MWL8K_LEGACY_5G_RATE_OFFSET \
++      (ARRAY_SIZE(mwl8k_rates_24) - ARRAY_SIZE(mwl8k_rates_50))
++
+ static const char *mwl8k_cmd_name(__le16 cmd, char *buf, int bufsize)
+ {
+       u16 command = le16_to_cpu(cmd);
+@@ -1016,8 +1019,9 @@ static void mwl8k_rxd_ap_refill(void *_rxd, dma_addr_t addr, int len)
+       if (rxd->channel > 14) {
+               status->band = NL80211_BAND_5GHZ;
+-              if (!(status->encoding == RX_ENC_HT))
+-                      status->rate_idx -= 5;
++              if (!(status->encoding == RX_ENC_HT) &&
++                  status->rate_idx >= MWL8K_LEGACY_5G_RATE_OFFSET)
++                      status->rate_idx -= MWL8K_LEGACY_5G_RATE_OFFSET;
+       } else {
+               status->band = NL80211_BAND_2GHZ;
+       }
+@@ -1124,8 +1128,9 @@ static void mwl8k_rxd_sta_refill(void *_rxd, dma_addr_t addr, int len)
+       if (rxd->channel > 14) {
+               status->band = NL80211_BAND_5GHZ;
+-              if (!(status->encoding == RX_ENC_HT))
+-                      status->rate_idx -= 5;
++              if (!(status->encoding == RX_ENC_HT) &&
++                  status->rate_idx >= MWL8K_LEGACY_5G_RATE_OFFSET)
++                      status->rate_idx -= MWL8K_LEGACY_5G_RATE_OFFSET;
+       } else {
+               status->band = NL80211_BAND_2GHZ;
+       }
+-- 
+1.9.1
+