ath10k: fix tx header parsing

Frames are not guaranteed to be 802.11 frames in ath10k_htt_tx() and the tx completion handler. In some cases, like TDLS, they can be Ethernet. Hence checking, e.g. frame_control could yield bogus results and behavior. Fortunately this wasn't a real problem so far because there's no FW/HW combination to encounter this problem. However it is good to fix this in advance. Fixes: 75d85fd9 ("ath10k: introduce basic tdls functionality") Fixes: eebc67fe ("ath10k: fix pmf for wmi-tlv on qca6174") Fixes: 7b7da0a0 ("ath10k: drop probe responses when too many are queued") Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>

ath10k: fix tx header parsing
Frames are not guaranteed to be 802.11 frames in ath10k_htt_tx() and the tx completion handler. In some cases, like TDLS, they can be Ethernet. Hence checking, e.g. frame_control could yield bogus results and behavior. Fortunately this wasn't a real problem so far because there's no FW/HW combination to encounter this problem. However it is good to fix this in advance. Fixes: 75d85fd9 ("ath10k: introduce basic tdls functionality") Fixes: eebc67fe ("ath10k: fix pmf for wmi-tlv on qca6174") Fixes: 7b7da0a0 ("ath10k: drop probe responses when too many are queued") Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
d668dbae · Michal Kazior · Kalle Valo · 66b8a010 · d668dbae · d668dbae
Commit d668dbae authored Nov 18, 2015 by Michal Kazior Committed by Kalle Valo Nov 23, 2015
3 changed files
--- a/drivers/net/wireless/ath/ath10k/core.h
+++ b/drivers/net/wireless/ath/ath10k/core.h
@@ -85,6 +85,7 @@ enum ath10k_skb_flags {
 	ATH10K_SKB_F_NO_HWCRYPT = BIT(0),
 	ATH10K_SKB_F_DTIM_ZERO = BIT(1),
 	ATH10K_SKB_F_DELIVER_CAB = BIT(2),
+	ATH10K_SKB_F_MGMT = BIT(3),
 };
 struct ath10k_skb_cb {

--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -3689,6 +3689,9 @@ static void ath10k_tx(struct ieee80211_hw *hw,
 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
 		skb_cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
+	if (ieee80211_is_mgmt(hdr->frame_control))
+		skb_cb->flags |= ATH10K_SKB_F_MGMT;
 	skb_cb->htt.tid = ath10k_tx_h_get_tid(hdr);
 	skb_cb->vdev_id = ath10k_tx_h_get_vdev_id(ar, vif);

--- a/drivers/net/wireless/ath/ath10k/txrx.c
+++ b/drivers/net/wireless/ath/ath10k/txrx.c
@@ -57,8 +57,6 @@ void ath10k_txrx_tx_unref(struct ath10k_htt *htt,
 	struct ieee80211_tx_info *info;
 	struct ath10k_skb_cb *skb_cb;
 	struct sk_buff *msdu;
-	struct ieee80211_hdr *hdr;
-	__le16 fc;
 	bool limit_mgmt_desc = false;
 	ath10k_dbg(ar, ATH10K_DBG_HTT,
@@ -81,10 +79,9 @@ void ath10k_txrx_tx_unref(struct ath10k_htt *htt,
 		return;
 	}
-	hdr = (struct ieee80211_hdr *)msdu->data;
+	skb_cb = ATH10K_SKB_CB(msdu);
-	fc = hdr->frame_control;
-	if (unlikely(ieee80211_is_mgmt(fc)) &&
+	if (unlikely(skb_cb->flags & ATH10K_SKB_F_MGMT) &&
 	    ar->hw_params.max_probe_resp_desc_thres)
 		limit_mgmt_desc = true;
@@ -94,7 +91,6 @@ void ath10k_txrx_tx_unref(struct ath10k_htt *htt,
 		wake_up(&htt->empty_tx_wq);
 	spin_unlock_bh(&htt->tx_lock);
-	skb_cb = ATH10K_SKB_CB(msdu);
 	dma_unmap_single(dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE);
 	ath10k_report_offchan_tx(htt->ar, msdu);