From 8293e7532f55f80fed0a7c729258dab116daa140 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Mon, 8 Apr 2019 10:20:32 +0200 Subject: [PATCH] mac80211: Fix rate_idx underflow in mwl8k (FS#2218) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a patch for mwl8k which fixes endless reboot loops on Linksys EA4500 with certain 5G configurations. Signed-off-by: Petr Štetiar --- package/kernel/mac80211/Makefile | 2 +- .../941-mwl8k-Fix-rate_idx-underflow.patch | 80 +++++++++++++++++++ 2 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 package/kernel/mac80211/patches/mwl/941-mwl8k-Fix-rate_idx-underflow.patch diff --git a/package/kernel/mac80211/Makefile b/package/kernel/mac80211/Makefile index 0db42aeb9a..5ab42f0a1f 100644 --- a/package/kernel/mac80211/Makefile +++ b/package/kernel/mac80211/Makefile @@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=mac80211 PKG_VERSION:=4.19.32-1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v4.19.32/ PKG_HASH:=838db1565b54fe4bd1e769c54f30c65c9ea2fb5e99a0cddb7910561794ae317a diff --git a/package/kernel/mac80211/patches/mwl/941-mwl8k-Fix-rate_idx-underflow.patch b/package/kernel/mac80211/patches/mwl/941-mwl8k-Fix-rate_idx-underflow.patch new file mode 100644 index 0000000000..4f4812be80 --- /dev/null +++ b/package/kernel/mac80211/patches/mwl/941-mwl8k-Fix-rate_idx-underflow.patch @@ -0,0 +1,80 @@ +From b897577af85bb5e5638efa780bc3716fae5212d3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20=C5=A0tetiar?= +Date: Mon, 8 Apr 2019 09:45:56 +0200 +Subject: [PATCH] mwl8k: Fix rate_idx underflow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +It was reported on OpenWrt bug tracking system[1], that several users +are affected by the endless reboot of their routers if they configure +5GHz interface with channel 44 or 48. + +The reboot loop is caused by the following excessive number of WARN_ON +messages: + + WARNING: CPU: 0 PID: 0 at backports-4.19.23-1/net/mac80211/rx.c:4516 + ieee80211_rx_napi+0x1fc/0xa54 [mac80211] + +as the messages are being correctly emitted by the following guard: + + case RX_ENC_LEGACY: + if (WARN_ON(status->rate_idx >= sband->n_bitrates)) + +as the rate_idx is in this case erroneously set to 251 (0xfb). This fix +simply converts previously used magic number to proper constant and +guards against substraction which is leading to the currently observed +underflow. + +1. https://bugs.openwrt.org/index.php?do=details&task_id=2218 + +Fixes: 854783444bab ("mwl8k: properly set receive status rate index on 5 GHz receive") +Cc: +Tested-by: Eubert Bao +Reported-by: Eubert Bao +Signed-off-by: Petr Štetiar +--- + drivers/net/wireless/marvell/mwl8k.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/wireless/marvell/mwl8k.c b/drivers/net/wireless/marvell/mwl8k.c +index 8e4e9b6..ffc565a 100644 +--- a/drivers/net/wireless/marvell/mwl8k.c ++++ b/drivers/net/wireless/marvell/mwl8k.c +@@ -441,6 +441,9 @@ struct mwl8k_sta { + #define MWL8K_CMD_UPDATE_STADB 0x1123 + #define MWL8K_CMD_BASTREAM 0x1125 + ++#define MWL8K_LEGACY_5G_RATE_OFFSET \ ++ (ARRAY_SIZE(mwl8k_rates_24) - ARRAY_SIZE(mwl8k_rates_50)) ++ + static const char *mwl8k_cmd_name(__le16 cmd, char *buf, int bufsize) + { + u16 command = le16_to_cpu(cmd); +@@ -1016,8 +1019,9 @@ static void mwl8k_rxd_ap_refill(void *_rxd, dma_addr_t addr, int len) + + if (rxd->channel > 14) { + status->band = NL80211_BAND_5GHZ; +- if (!(status->encoding == RX_ENC_HT)) +- status->rate_idx -= 5; ++ if (!(status->encoding == RX_ENC_HT) && ++ status->rate_idx >= MWL8K_LEGACY_5G_RATE_OFFSET) ++ status->rate_idx -= MWL8K_LEGACY_5G_RATE_OFFSET; + } else { + status->band = NL80211_BAND_2GHZ; + } +@@ -1124,8 +1128,9 @@ static void mwl8k_rxd_sta_refill(void *_rxd, dma_addr_t addr, int len) + + if (rxd->channel > 14) { + status->band = NL80211_BAND_5GHZ; +- if (!(status->encoding == RX_ENC_HT)) +- status->rate_idx -= 5; ++ if (!(status->encoding == RX_ENC_HT) && ++ status->rate_idx >= MWL8K_LEGACY_5G_RATE_OFFSET) ++ status->rate_idx -= MWL8K_LEGACY_5G_RATE_OFFSET; + } else { + status->band = NL80211_BAND_2GHZ; + } +-- +1.9.1 +