From ee5b5934353370e4e11c712c1cf4248b8e7cbfe6 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Tue, 23 Nov 2021 13:18:03 +0100 Subject: [PATCH] mac80211: fix crash in drivers relying on mac80211 retransmitting packets for powersave clients This showed up primarily on rt2x00 Signed-off-by: Felix Fietkau (cherry-picked from commit d1ea575baa1b53bb477a020974afcec1b1193edc) --- ...ate-control-for-retransmitted-frames.patch | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 package/kernel/mac80211/patches/subsys/394-mac80211-fix-rate-control-for-retransmitted-frames.patch diff --git a/package/kernel/mac80211/patches/subsys/394-mac80211-fix-rate-control-for-retransmitted-frames.patch b/package/kernel/mac80211/patches/subsys/394-mac80211-fix-rate-control-for-retransmitted-frames.patch new file mode 100644 index 0000000000..cd91a925f3 --- /dev/null +++ b/package/kernel/mac80211/patches/subsys/394-mac80211-fix-rate-control-for-retransmitted-frames.patch @@ -0,0 +1,35 @@ +From: Felix Fietkau +Date: Mon, 22 Nov 2021 21:39:38 +0100 +Subject: [PATCH] mac80211: fix rate control for retransmitted frames + +Since retransmission clears info->control, rate control needs to be called +again, otherwise the driver might crash due to invalid rates. + +Cc: stable@vger.kernel.org # 5.14+ +Reported-by: Aaro Koskinen +Reported-by: Robert W +Fixes: 03c3911d2d67 ("mac80211: call ieee80211_tx_h_rate_ctrl() when dequeue") +Signed-off-by: Felix Fietkau +--- + +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -1835,15 +1835,15 @@ static int invoke_tx_handlers_late(struc + struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); + ieee80211_tx_result res = TX_CONTINUE; + ++ if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL)) ++ CALL_TXH(ieee80211_tx_h_rate_ctrl); ++ + if (unlikely(info->flags & IEEE80211_TX_INTFL_RETRANSMISSION)) { + __skb_queue_tail(&tx->skbs, tx->skb); + tx->skb = NULL; + goto txh_done; + } + +- if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL)) +- CALL_TXH(ieee80211_tx_h_rate_ctrl); +- + CALL_TXH(ieee80211_tx_h_michael_mic_add); + CALL_TXH(ieee80211_tx_h_sequence); + CALL_TXH(ieee80211_tx_h_fragment); -- 2.30.2