iwlwifi: mvm: dump frames early on invalid rate

Currently when rate isn't found (invalid rate or CCK rate in high
band) driver is assigning rate -1, which causes mac80211 to dump
it later with the cryptic rate value of 0xFF.
Instead, warn early and dump the frame in mvm.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rx.c b/drivers/net/wireless/intel/iwlwifi/mvm/rx.c
index eab6e2ad62e1b17acf4baee79b518a4ddcce945f..d4c0ca7ccb342736a8d7cf23b5200d6adc25bcda 100644 (file)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rx.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rx.c
@@ -460,9 +460,16 @@ void iwl_mvm_rx_rx_mpdu(struct iwl_mvm *mvm, struct napi_struct *napi,
                if (rate_n_flags & RATE_MCS_BF_MSK)
                        rx_status->vht_flag |= RX_VHT_FLAG_BF;
        } else {
-               rx_status->rate_idx =
-                       iwl_mvm_legacy_rate_to_mac80211_idx(rate_n_flags,
-                                                           rx_status->band);
+               int rate = iwl_mvm_legacy_rate_to_mac80211_idx(rate_n_flags,
+                                                              rx_status->band);
+
+               if (WARN(rate < 0 || rate > 0xFF,
+                        "Invalid rate flags 0x%x, band %d,\n",
+                        rate_n_flags, rx_status->band)) {
+                       kfree_skb(skb);
+                       return;
+               }
+               rx_status->rate_idx = rate;
        }
 
 #ifdef CONFIG_IWLWIFI_DEBUGFS

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
index 8601d25407b3d0003392d6be3e9a8dc336f75688..0f74a200e81255008ce1cb729fc5604142d4e568 100644 (file)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
@@ -918,8 +918,7 @@ void iwl_mvm_rx_mpdu_mq(struct iwl_mvm *mvm, struct napi_struct *napi,
 
                if (iwl_mvm_is_nonagg_dup(sta, queue, rx_status, hdr, desc)) {
                        kfree_skb(skb);
-                       rcu_read_unlock();
-                       return;
+                       goto out;
                }
 
                /*
@@ -985,9 +984,17 @@ void iwl_mvm_rx_mpdu_mq(struct iwl_mvm *mvm, struct napi_struct *napi,
                if (rate_n_flags & RATE_MCS_BF_MSK)
                        rx_status->vht_flag |= RX_VHT_FLAG_BF;
        } else {
-               rx_status->rate_idx =
-                       iwl_mvm_legacy_rate_to_mac80211_idx(rate_n_flags,
-                                                           rx_status->band);
+               int rate = iwl_mvm_legacy_rate_to_mac80211_idx(rate_n_flags,
+                                                              rx_status->band);
+
+               if (WARN(rate < 0 || rate > 0xFF,
+                        "Invalid rate flags 0x%x, band %d,\n",
+                        rate_n_flags, rx_status->band)) {
+                       kfree_skb(skb);
+                       goto out;
+               }
+               rx_status->rate_idx = rate;
+
        }
 
        /* management stuff on default queue */
@@ -1006,6 +1013,7 @@ void iwl_mvm_rx_mpdu_mq(struct iwl_mvm *mvm, struct napi_struct *napi,
        iwl_mvm_create_skb(skb, hdr, len, crypt_len, rxb);
        if (!iwl_mvm_reorder(mvm, napi, queue, sta, skb, desc))
                iwl_mvm_pass_packet_to_mac80211(mvm, napi, skb, queue, sta);
+out:
        rcu_read_unlock();
 }