[PATCH 5.11 054/152] brcmfmac: clear EAP/association status bits on linkdown events

From: Greg Kroah-Hartman
Date: Mon Apr 05 2021 - 05:17:21 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.11 055/152] ath11k: add ieee80211_unregister_hw to avoid kernel crash caused by NULL pointer"
Previous message: Greg Kroah-Hartman: "[PATCH 5.11 053/152] can: tcan4x5x: fix max register value"
In reply to: Greg Kroah-Hartman: "[PATCH 5.11 053/152] can: tcan4x5x: fix max register value"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.11 055/152] ath11k: add ieee80211_unregister_hw to avoid kernel crash caused by NULL pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Luca Pesce <luca.pesce@xxxxxxxxx>

[ Upstream commit e862a3e4088070de352fdafe9bd9e3ae0a95a33c ]

This ensure that previous association attempts do not leave stale statuses
on subsequent attempts.

This fixes the WARN_ON(!cr->bss)) from __cfg80211_connect_result() when
connecting to an AP after a previous connection failure (e.g. where EAP fails
due to incorrect psk but association succeeded). In some scenarios, indeed,
brcmf_is_linkup() was reporting a link up event too early due to stale
BRCMF_VIF_STATUS_ASSOC_SUCCESS bit, thus reporting to cfg80211 a connection
result with a zeroed bssid (vif->profile.bssid is still empty), causing the
WARN_ON due to the call to cfg80211_get_bss() with the empty bssid.

Signed-off-by: Luca Pesce <luca.pesce@xxxxxxxxx>
Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/1608807119-21785-1-git-send-email-luca.pesce@xxxxxxxxx
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
.../net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index 0ee421f30aa2..23e6422c2251 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -5611,7 +5611,8 @@ static bool brcmf_is_linkup(struct brcmf_cfg80211_vif *vif,
return false;
}

-static bool brcmf_is_linkdown(const struct brcmf_event_msg *e)
+static bool brcmf_is_linkdown(struct brcmf_cfg80211_vif *vif,
+ const struct brcmf_event_msg *e)
{
u32 event = e->event_code;
u16 flags = e->flags;
@@ -5620,6 +5621,8 @@ static bool brcmf_is_linkdown(const struct brcmf_event_msg *e)
(event == BRCMF_E_DISASSOC_IND) ||
((event == BRCMF_E_LINK) && (!(flags & BRCMF_EVENT_MSG_LINK)))) {
brcmf_dbg(CONN, "Processing link down\n");
+ clear_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
+ clear_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
return true;
}
return false;
@@ -6067,7 +6070,7 @@ brcmf_notify_connect_status(struct brcmf_if *ifp,
} else
brcmf_bss_connect_done(cfg, ndev, e, true);
brcmf_net_setcarrier(ifp, true);
- } else if (brcmf_is_linkdown(e)) {
+ } else if (brcmf_is_linkdown(ifp->vif, e)) {
brcmf_dbg(CONN, "Linkdown\n");
if (!brcmf_is_ibssmode(ifp->vif) &&
test_bit(BRCMF_VIF_STATUS_CONNECTED,
--
2.30.1

Next message: Greg Kroah-Hartman: "[PATCH 5.11 055/152] ath11k: add ieee80211_unregister_hw to avoid kernel crash caused by NULL pointer"
Previous message: Greg Kroah-Hartman: "[PATCH 5.11 053/152] can: tcan4x5x: fix max register value"
In reply to: Greg Kroah-Hartman: "[PATCH 5.11 053/152] can: tcan4x5x: fix max register value"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.11 055/152] ath11k: add ieee80211_unregister_hw to avoid kernel crash caused by NULL pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]