Commit b7b146c9 authored by Felix Fietkau's avatar Felix Fietkau Committed by John W. Linville

ath9k: fix invalid descriptor discarding

Only set sc->rx.discard_next to rx_stats->rs_more when actually
discarding the current descriptor.

Also, fix a detection of broken descriptors:
First the code checks if the current descriptor is not done.
Then it checks if the next descriptor is done.
Add a check that afterwards checks the first descriptor again, because
it might have been completed in the mean time.

This fixes a regression introduced in
commit 723e7113
"ath9k: fix handling of broken descriptors"

Cc: stable@vger.kernel.org
Reported-by: default avatarMarco André Dinis <marcoandredinis@gmail.com>
Signed-off-by: default avatarFelix Fietkau <nbd@openwrt.org>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent d31a36a6
......@@ -731,6 +731,12 @@ static struct ath_rxbuf *ath_get_next_rx_buf(struct ath_softc *sc,
if (ret == -EINPROGRESS)
return NULL;
/*
* Re-check previous descriptor, in case it has been filled
* in the mean time.
*/
ret = ath9k_hw_rxprocdesc(ah, ds, rs);
if (ret == -EINPROGRESS) {
/*
* mark descriptor as zero-length and set the 'more'
* flag to ensure that both buffers get discarded
......@@ -738,6 +744,7 @@ static struct ath_rxbuf *ath_get_next_rx_buf(struct ath_softc *sc,
rs->rs_datalen = 0;
rs->rs_more = true;
}
}
list_del(&bf->list);
if (!bf->bf_mpdu)
......@@ -985,22 +992,22 @@ static int ath9k_rx_skb_preprocess(struct ath_softc *sc,
struct ath_common *common = ath9k_hw_common(ah);
struct ieee80211_hdr *hdr;
bool discard_current = sc->rx.discard_next;
int ret = 0;
/*
* Discard corrupt descriptors which are marked in
* ath_get_next_rx_buf().
*/
sc->rx.discard_next = rx_stats->rs_more;
if (discard_current)
return -EINVAL;
goto corrupt;
sc->rx.discard_next = false;
/*
* Discard zero-length packets.
*/
if (!rx_stats->rs_datalen) {
RX_STAT_INC(rx_len_err);
return -EINVAL;
goto corrupt;
}
/*
......@@ -1010,7 +1017,7 @@ static int ath9k_rx_skb_preprocess(struct ath_softc *sc,
*/
if (rx_stats->rs_datalen > (common->rx_bufsize - ah->caps.rx_status_len)) {
RX_STAT_INC(rx_len_err);
return -EINVAL;
goto corrupt;
}
/* Only use status info from the last fragment */
......@@ -1024,10 +1031,8 @@ static int ath9k_rx_skb_preprocess(struct ath_softc *sc,
* This is different from the other corrupt descriptor
* condition handled above.
*/
if (rx_stats->rs_status & ATH9K_RXERR_CORRUPT_DESC) {
ret = -EINVAL;
goto exit;
}
if (rx_stats->rs_status & ATH9K_RXERR_CORRUPT_DESC)
goto corrupt;
hdr = (struct ieee80211_hdr *) (skb->data + ah->caps.rx_status_len);
......@@ -1043,18 +1048,15 @@ static int ath9k_rx_skb_preprocess(struct ath_softc *sc,
if (ath_process_fft(sc, hdr, rx_stats, rx_status->mactime))
RX_STAT_INC(rx_spectral);
ret = -EINVAL;
goto exit;
return -EINVAL;
}
/*
* everything but the rate is checked here, the rate check is done
* separately to avoid doing two lookups for a rate for each frame.
*/
if (!ath9k_rx_accept(common, hdr, rx_status, rx_stats, decrypt_error)) {
ret = -EINVAL;
goto exit;
}
if (!ath9k_rx_accept(common, hdr, rx_status, rx_stats, decrypt_error))
return -EINVAL;
if (ath_is_mybeacon(common, hdr)) {
RX_STAT_INC(rx_beacons);
......@@ -1064,15 +1066,11 @@ static int ath9k_rx_skb_preprocess(struct ath_softc *sc,
/*
* This shouldn't happen, but have a safety check anyway.
*/
if (WARN_ON(!ah->curchan)) {
ret = -EINVAL;
goto exit;
}
if (WARN_ON(!ah->curchan))
return -EINVAL;
if (ath9k_process_rate(common, hw, rx_stats, rx_status)) {
ret =-EINVAL;
goto exit;
}
if (ath9k_process_rate(common, hw, rx_stats, rx_status))
return -EINVAL;
ath9k_process_rssi(common, hw, rx_stats, rx_status);
......@@ -1087,9 +1085,11 @@ static int ath9k_rx_skb_preprocess(struct ath_softc *sc,
sc->rx.num_pkts++;
#endif
exit:
sc->rx.discard_next = false;
return ret;
return 0;
corrupt:
sc->rx.discard_next = rx_stats->rs_more;
return -EINVAL;
}
static void ath9k_rx_skb_postprocess(struct ath_common *common,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment