git.cascardo.eti.br Git - cascardo/linux.git/commit

author	Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
	Fri, 19 Jul 2013 09:37:39 +0000 (17:37 +0800)
committer	Johannes Berg <johannes.berg@intel.com>
	Mon, 22 Jul 2013 13:32:47 +0000 (15:32 +0200)
commit	40d18ff959fe8b847be4f7b03f84644a7c18211e
tree	04ec94d00b4f1b654afb1946cc98bd5d65172763	tree \| snapshot
parent	5c9fc93bc9bc417418fc1b6366833ae6a07b804d	commit \| diff

mac80211: prevent the buffering or frame transmission to non-assoc mesh STA

This patch is intended to avoid the buffering to non-assoc mesh STA
and also to avoid the triggering of frame to non-assoc mesh STA which
could cause kernel panic in specific hw.

One of the examples, is kernel panic happens to ath9k if user space
inserts the mesh STA and not proceed with the SAE and AMPE, and later
the same mesh STA is detected again. The sta_state of the mesh STA remains
at IEEE80211_STA_NONE and if the ieee80211_sta_ps_deliver_wakeup is called
and subsequently the ath_tx_aggr_wakeup, the kernel panic due to
ath_tx_node_init is not called before to initialize the require data
structures.

This issue is reported by Cedric Voncken before.
http://www.spinics.net/lists/linux-wireless/msg106342.html

[<831ea6b4>] ath_tx_aggr_wakeup+0x44/0xcc [ath9k]
[<83084214>] ieee80211_sta_ps_deliver_wakeup+0xb8/0x208 [mac80211]
[<830b9824>] ieee80211_mps_sta_status_update+0x94/0x108 [mac80211]
[<83099398>] ieee80211_sta_ps_transition+0xc94/0x34d8 [mac80211]
[<8022399c>] nf_iterate+0x98/0x104
[<8309bb60>] ieee80211_sta_ps_transition+0x345c/0x34d8 [mac80211]

Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>