From 40822e079011ef8704d429c9d8271000159abffe Mon Sep 17 00:00:00 2001 From: Ping-Ke Shih Date: Wed, 1 Dec 2021 16:06:06 +0800 Subject: [PATCH] rtw89: fix sending wrong rtwsta->mac_id to firmware to fill address CAM With wrong rtwsta->mac_id, it can't send out ack properly when we receive assoc response occasionally. Then, it failed to connect an AP. The cause is that we store 'sta' and use it somewhere. To correct this, remove the variable and use mac_id in drv_priv of 'sta' or 'vif' passed by mac80211. Signed-off-by: Ping-Ke Shih Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20211201080607.11211-1-pkshih@realtek.com --- drivers/net/wireless/realtek/rtw89/cam.c | 43 ++++++++++++--------------- drivers/net/wireless/realtek/rtw89/cam.h | 1 + drivers/net/wireless/realtek/rtw89/core.c | 12 ++++---- drivers/net/wireless/realtek/rtw89/core.h | 19 ++++++------ drivers/net/wireless/realtek/rtw89/fw.c | 4 +-- drivers/net/wireless/realtek/rtw89/fw.h | 2 +- drivers/net/wireless/realtek/rtw89/mac.c | 4 +-- drivers/net/wireless/realtek/rtw89/mac80211.c | 6 ++-- 8 files changed, 43 insertions(+), 48 deletions(-) diff --git a/drivers/net/wireless/realtek/rtw89/cam.c b/drivers/net/wireless/realtek/rtw89/cam.c index ce5056a..bd34e4b 100644 --- a/drivers/net/wireless/realtek/rtw89/cam.c +++ b/drivers/net/wireless/realtek/rtw89/cam.c @@ -219,6 +219,7 @@ static int rtw89_cam_attach_sec_cam(struct rtw89_dev *rtwdev, struct ieee80211_key_conf *key, struct rtw89_sec_cam_entry *sec_cam) { + struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta); struct rtw89_vif *rtwvif; struct rtw89_addr_cam_entry *addr_cam; u8 key_idx = 0; @@ -243,7 +244,7 @@ static int rtw89_cam_attach_sec_cam(struct rtw89_dev *rtwdev, addr_cam->sec_ent[key_idx] = sec_cam->sec_cam_idx; addr_cam->sec_entries[key_idx] = sec_cam; set_bit(key_idx, addr_cam->sec_cam_map); - ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL); + ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, rtwsta, NULL); if (ret) { rtw89_err(rtwdev, "failed to update addr cam sec entry: %d\n", ret); @@ -371,6 +372,7 @@ int rtw89_cam_sec_key_del(struct rtw89_dev *rtwdev, struct ieee80211_key_conf *key, bool inform_fw) { + struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta); struct rtw89_cam_info *cam_info = &rtwdev->cam_info; struct rtw89_vif *rtwvif; struct rtw89_addr_cam_entry *addr_cam; @@ -394,7 +396,7 @@ int rtw89_cam_sec_key_del(struct rtw89_dev *rtwdev, clear_bit(key_idx, addr_cam->sec_cam_map); addr_cam->sec_entries[key_idx] = NULL; if (inform_fw) { - ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL); + ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, rtwsta, NULL); if (ret) rtw89_err(rtwdev, "failed to update cam del key: %d\n", ret); } @@ -536,12 +538,8 @@ static int rtw89_cam_init_bssid_cam(struct rtw89_dev *rtwdev, void rtw89_cam_bssid_changed(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif) { - struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif); - struct rtw89_addr_cam_entry *addr_cam = &rtwvif->addr_cam; struct rtw89_bssid_cam_entry *bssid_cam = &rtwvif->bssid_cam; - if (vif->type == NL80211_IFTYPE_STATION) - ether_addr_copy(addr_cam->tma, rtwvif->bssid); ether_addr_copy(bssid_cam->bssid, rtwvif->bssid); } @@ -606,17 +604,18 @@ static u8 rtw89_cam_addr_hash(u8 start, const u8 *addr) void rtw89_cam_fill_addr_cam_info(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif, + struct rtw89_sta *rtwsta, const u8 *scan_mac_addr, u8 *cmd) { struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif); - struct ieee80211_sta *sta; - struct rtw89_sta *rtwsta; struct rtw89_addr_cam_entry *addr_cam = &rtwvif->addr_cam; + struct ieee80211_sta *sta = rtwsta_to_sta_safe(rtwsta); const u8 *sma = scan_mac_addr ? scan_mac_addr : rtwvif->mac_addr; u8 sma_hash, tma_hash, addr_msk_start; u8 sma_start = 0; u8 tma_start = 0; + u8 *tma = sta ? sta->addr : rtwvif->bssid; if (addr_cam->addr_mask != 0) { addr_msk_start = __ffs(addr_cam->addr_mask); @@ -626,7 +625,7 @@ void rtw89_cam_fill_addr_cam_info(struct rtw89_dev *rtwdev, tma_start = addr_msk_start; } sma_hash = rtw89_cam_addr_hash(sma_start, sma); - tma_hash = rtw89_cam_addr_hash(tma_start, addr_cam->tma); + tma_hash = rtw89_cam_addr_hash(tma_start, tma); FWCMD_SET_ADDR_IDX(cmd, addr_cam->addr_cam_idx); FWCMD_SET_ADDR_OFFSET(cmd, addr_cam->offset); @@ -651,12 +650,12 @@ void rtw89_cam_fill_addr_cam_info(struct rtw89_dev *rtwdev, FWCMD_SET_ADDR_SMA4(cmd, sma[4]); FWCMD_SET_ADDR_SMA5(cmd, sma[5]); - FWCMD_SET_ADDR_TMA0(cmd, addr_cam->tma[0]); - FWCMD_SET_ADDR_TMA1(cmd, addr_cam->tma[1]); - FWCMD_SET_ADDR_TMA2(cmd, addr_cam->tma[2]); - FWCMD_SET_ADDR_TMA3(cmd, addr_cam->tma[3]); - FWCMD_SET_ADDR_TMA4(cmd, addr_cam->tma[4]); - FWCMD_SET_ADDR_TMA5(cmd, addr_cam->tma[5]); + FWCMD_SET_ADDR_TMA0(cmd, tma[0]); + FWCMD_SET_ADDR_TMA1(cmd, tma[1]); + FWCMD_SET_ADDR_TMA2(cmd, tma[2]); + FWCMD_SET_ADDR_TMA3(cmd, tma[3]); + FWCMD_SET_ADDR_TMA4(cmd, tma[4]); + FWCMD_SET_ADDR_TMA5(cmd, tma[5]); FWCMD_SET_ADDR_PORT_INT(cmd, rtwvif->port); FWCMD_SET_ADDR_TSF_SYNC(cmd, rtwvif->port); @@ -664,15 +663,11 @@ void rtw89_cam_fill_addr_cam_info(struct rtw89_dev *rtwdev, FWCMD_SET_ADDR_LSIG_TXOP(cmd, rtwvif->lsig_txop); FWCMD_SET_ADDR_TGT_IND(cmd, rtwvif->tgt_ind); FWCMD_SET_ADDR_FRM_TGT_IND(cmd, rtwvif->frm_tgt_ind); - - if (vif->type == NL80211_IFTYPE_STATION) { - sta = rtwvif->mgd.ap; - if (sta) { - rtwsta = (struct rtw89_sta *)sta->drv_priv; - FWCMD_SET_ADDR_MACID(cmd, rtwsta->mac_id); - FWCMD_SET_ADDR_AID12(cmd, vif->bss_conf.aid & 0xfff); - } - } + FWCMD_SET_ADDR_MACID(cmd, rtwsta ? rtwsta->mac_id : rtwvif->mac_id); + if (rtwvif->net_type == RTW89_NET_TYPE_INFRA) + FWCMD_SET_ADDR_AID12(cmd, vif->bss_conf.aid & 0xfff); + else if (rtwvif->net_type == RTW89_NET_TYPE_AP_MODE) + FWCMD_SET_ADDR_AID12(cmd, sta ? sta->aid & 0xfff : 0); FWCMD_SET_ADDR_WOL_PATTERN(cmd, rtwvif->wowlan_pattern); FWCMD_SET_ADDR_WOL_UC(cmd, rtwvif->wowlan_uc); FWCMD_SET_ADDR_WOL_MAGIC(cmd, rtwvif->wowlan_magic); diff --git a/drivers/net/wireless/realtek/rtw89/cam.h b/drivers/net/wireless/realtek/rtw89/cam.h index c0f9ef1..33a3ad5 100644 --- a/drivers/net/wireless/realtek/rtw89/cam.h +++ b/drivers/net/wireless/realtek/rtw89/cam.h @@ -348,6 +348,7 @@ int rtw89_cam_init(struct rtw89_dev *rtwdev, struct rtw89_vif *vif); void rtw89_cam_deinit(struct rtw89_dev *rtwdev, struct rtw89_vif *vif); void rtw89_cam_fill_addr_cam_info(struct rtw89_dev *rtwdev, struct rtw89_vif *vif, + struct rtw89_sta *rtwsta, const u8 *scan_mac_addr, u8 *cmd); int rtw89_cam_fill_bssid_cam_info(struct rtw89_dev *rtwdev, struct rtw89_vif *vif, u8 *cmd); diff --git a/drivers/net/wireless/realtek/rtw89/core.c b/drivers/net/wireless/realtek/rtw89/core.c index 2c07938..8212496 100644 --- a/drivers/net/wireless/realtek/rtw89/core.c +++ b/drivers/net/wireless/realtek/rtw89/core.c @@ -1854,7 +1854,8 @@ int rtw89_core_sta_add(struct rtw89_dev *rtwdev, ewma_rssi_init(&rtwsta->avg_rssi); if (vif->type == NL80211_IFTYPE_STATION) { - rtwvif->mgd.ap = sta; + /* for station mode, assign the mac_id from itself */ + rtwsta->mac_id = rtwvif->mac_id; rtw89_btc_ntfy_role_info(rtwdev, rtwvif, rtwsta, BTC_ROLE_MSTS_STA_CONN_START); rtw89_chip_rfk_channel(rtwdev); @@ -1880,6 +1881,7 @@ int rtw89_core_sta_disconnect(struct rtw89_dev *rtwdev, struct ieee80211_sta *sta) { struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv; + struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv; int ret; rtw89_mac_bf_monitor_calc(rtwdev, sta, true); @@ -1901,7 +1903,7 @@ int rtw89_core_sta_disconnect(struct rtw89_dev *rtwdev, } /* update cam aid mac_id net_type */ - rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL); + rtw89_fw_h2c_cam(rtwdev, rtwvif, rtwsta, NULL); if (ret) { rtw89_warn(rtwdev, "failed to send h2c cam\n"); return ret; @@ -1926,10 +1928,6 @@ int rtw89_core_sta_assoc(struct rtw89_dev *rtwdev, return ret; } - /* for station mode, assign the mac_id from itself */ - if (vif->type == NL80211_IFTYPE_STATION) - rtwsta->mac_id = rtwvif->mac_id; - ret = rtw89_fw_h2c_join_info(rtwdev, rtwvif, 0); if (ret) { rtw89_warn(rtwdev, "failed to send h2c join info\n"); @@ -1937,7 +1935,7 @@ int rtw89_core_sta_assoc(struct rtw89_dev *rtwdev, } /* update cam aid mac_id net_type */ - rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL); + rtw89_fw_h2c_cam(rtwdev, rtwvif, rtwsta, NULL); if (ret) { rtw89_warn(rtwdev, "failed to send h2c cam\n"); return ret; diff --git a/drivers/net/wireless/realtek/rtw89/core.h b/drivers/net/wireless/realtek/rtw89/core.h index ef3f5de..7066335 100644 --- a/drivers/net/wireless/realtek/rtw89/core.h +++ b/drivers/net/wireless/realtek/rtw89/core.h @@ -1869,7 +1869,6 @@ struct rtw89_addr_cam_entry { u8 wapi : 1; u8 mask_sel : 2; u8 bssid_cam_idx: 6; - u8 tma[ETH_ALEN]; u8 sma[ETH_ALEN]; u8 sec_ent_mode; @@ -1938,14 +1937,6 @@ struct rtw89_vif { bool wowlan_magic; bool is_hesta; bool last_a_ctrl; - union { - struct { - struct ieee80211_sta *ap; - } mgd; - struct { - struct list_head sta_list; - } ap; - }; struct rtw89_addr_cam_entry addr_cam; struct rtw89_bssid_cam_entry bssid_cam; struct ieee80211_tx_queue_params tx_params[IEEE80211_NUM_ACS]; @@ -3132,6 +3123,16 @@ static inline struct ieee80211_sta *rtwsta_to_sta(struct rtw89_sta *rtwsta) return container_of(p, struct ieee80211_sta, drv_priv); } +static inline struct ieee80211_sta *rtwsta_to_sta_safe(struct rtw89_sta *rtwsta) +{ + return rtwsta ? rtwsta_to_sta(rtwsta) : NULL; +} + +static inline struct rtw89_sta *sta_to_rtwsta_safe(struct ieee80211_sta *sta) +{ + return sta ? (struct rtw89_sta *)sta->drv_priv : NULL; +} + static inline void rtw89_chip_set_channel_prepare(struct rtw89_dev *rtwdev, struct rtw89_channel_help_params *p) diff --git a/drivers/net/wireless/realtek/rtw89/fw.c b/drivers/net/wireless/realtek/rtw89/fw.c index c9aa86e..d4b59fb 100644 --- a/drivers/net/wireless/realtek/rtw89/fw.c +++ b/drivers/net/wireless/realtek/rtw89/fw.c @@ -524,7 +524,7 @@ void rtw89_unload_firmware(struct rtw89_dev *rtwdev) #define H2C_CAM_LEN 60 int rtw89_fw_h2c_cam(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif, - const u8 *scan_mac_addr) + struct rtw89_sta *rtwsta, const u8 *scan_mac_addr) { struct sk_buff *skb; @@ -534,7 +534,7 @@ int rtw89_fw_h2c_cam(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif, return -ENOMEM; } skb_put(skb, H2C_CAM_LEN); - rtw89_cam_fill_addr_cam_info(rtwdev, rtwvif, scan_mac_addr, skb->data); + rtw89_cam_fill_addr_cam_info(rtwdev, rtwvif, rtwsta, scan_mac_addr, skb->data); rtw89_cam_fill_bssid_cam_info(rtwdev, rtwvif, skb->data); rtw89_h2c_pkt_set_hdr(rtwdev, skb, FWCMD_TYPE_H2C, diff --git a/drivers/net/wireless/realtek/rtw89/fw.h b/drivers/net/wireless/realtek/rtw89/fw.h index 865170a..2d36dc2 100644 --- a/drivers/net/wireless/realtek/rtw89/fw.h +++ b/drivers/net/wireless/realtek/rtw89/fw.h @@ -1757,7 +1757,7 @@ int rtw89_fw_h2c_assoc_cmac_tbl(struct rtw89_dev *rtwdev, int rtw89_fw_h2c_txtime_cmac_tbl(struct rtw89_dev *rtwdev, struct rtw89_sta *rtwsta); int rtw89_fw_h2c_cam(struct rtw89_dev *rtwdev, struct rtw89_vif *vif, - const u8 *scan_mac_addr); + struct rtw89_sta *rtwsta, const u8 *scan_mac_addr); void rtw89_fw_c2h_irqsafe(struct rtw89_dev *rtwdev, struct sk_buff *c2h); void rtw89_fw_c2h_work(struct work_struct *work); int rtw89_fw_h2c_vif_maintain(struct rtw89_dev *rtwdev, diff --git a/drivers/net/wireless/realtek/rtw89/mac.c b/drivers/net/wireless/realtek/rtw89/mac.c index 04c5f99..9994594 100644 --- a/drivers/net/wireless/realtek/rtw89/mac.c +++ b/drivers/net/wireless/realtek/rtw89/mac.c @@ -2990,7 +2990,7 @@ int rtw89_mac_vif_init(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif) if (ret) return ret; - ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL); + ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL, NULL); if (ret) return ret; @@ -3011,7 +3011,7 @@ int rtw89_mac_vif_deinit(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif) rtw89_cam_deinit(rtwdev, rtwvif); - ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL); + ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL, NULL); if (ret) return ret; diff --git a/drivers/net/wireless/realtek/rtw89/mac80211.c b/drivers/net/wireless/realtek/rtw89/mac80211.c index 16381ad..757685d 100644 --- a/drivers/net/wireless/realtek/rtw89/mac80211.c +++ b/drivers/net/wireless/realtek/rtw89/mac80211.c @@ -336,7 +336,7 @@ static void rtw89_ops_bss_info_changed(struct ieee80211_hw *hw, if (changed & BSS_CHANGED_BSSID) { ether_addr_copy(rtwvif->bssid, conf->bssid); rtw89_cam_bssid_changed(rtwdev, rtwvif); - rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL); + rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL, NULL); } if (changed & BSS_CHANGED_ERP_SLOT) @@ -624,7 +624,7 @@ static void rtw89_ops_sw_scan_start(struct ieee80211_hw *hw, rtw89_btc_ntfy_scan_start(rtwdev, RTW89_PHY_0, hal->current_band_type); rtw89_chip_rfk_scan(rtwdev, true); rtw89_hci_recalc_int_mit(rtwdev); - rtw89_fw_h2c_cam(rtwdev, rtwvif, mac_addr); + rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL, mac_addr); mutex_unlock(&rtwdev->mutex); } @@ -635,7 +635,7 @@ static void rtw89_ops_sw_scan_complete(struct ieee80211_hw *hw, struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv; mutex_lock(&rtwdev->mutex); - rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL); + rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL, NULL); rtw89_chip_rfk_scan(rtwdev, false); rtw89_btc_ntfy_scan_finish(rtwdev, RTW89_PHY_0); rtwdev->scanning = false; -- 2.7.4