From 481fd57c0077dc63d30b53dbad87e94c0683743f Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Jun 13 2018 13:22:23 +0000 Subject: Fix a crash in ath10k when bandwidth changes (rhbz 1577106) --- diff --git a/ath10k-Update-the-phymode-along-with-bandwidth-change.patch b/ath10k-Update-the-phymode-along-with-bandwidth-change.patch new file mode 100644 index 0000000..184c712 --- /dev/null +++ b/ath10k-Update-the-phymode-along-with-bandwidth-change.patch @@ -0,0 +1,76 @@ +From 24b6fe7240e15b6df53b0ace61a70f58e09f6fc6 Mon Sep 17 00:00:00 2001 +From: Ryan Hsu +Date: Fri, 8 Jun 2018 11:32:39 -0700 +Subject: [PATCH] ath10k: Update the phymode along with bandwidth change + request + +In the case of Station connects to AP with narrower bandwidth at beginning. +And later the AP changes the bandwidth to winder bandwidth, the AP will +beacon with wider bandwidth IE, eg VHT20->VHT40->VHT80 or VHT40->VHT80. + +Since the supported BANDWIDTH will be limited by the PHYMODE, so while +Station receives the bandwidth change request, it will also need to +reconfigure the PHYMODE setting to firmware instead of just configuring +the BANDWIDTH info, otherwise it'll trigger a firmware crash with +non-support bandwidth. + +The issue was observed in WLAN.RM.4.4.1-00051-QCARMSWP-1, QCA6174 with +below scenario. + +Reported-by: Rouven Czerwinski +Signed-off-by: Ryan Hsu +Signed-off-by: Jeremy Cline +--- + drivers/net/wireless/ath/ath10k/mac.c | 16 ++++++++++++++-- + drivers/net/wireless/ath/ath10k/wmi.h | 1 + + 2 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c +index 2d7ef7460780..72d61ca3cb42 100644 +--- a/drivers/net/wireless/ath/ath10k/mac.c ++++ b/drivers/net/wireless/ath/ath10k/mac.c +@@ -5996,8 +5996,19 @@ static void ath10k_sta_rc_update_wk(struct work_struct *wk) + ath10k_mac_max_vht_nss(vht_mcs_mask))); + + if (changed & IEEE80211_RC_BW_CHANGED) { +- ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM peer bw %d\n", +- sta->addr, bw); ++ enum wmi_phy_mode mode; ++ ++ mode = chan_to_phymode(&def); ++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM peer bw %d phymode %d\n", ++ sta->addr, bw, mode); ++ ++ err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr, ++ WMI_PEER_PHYMODE, mode); ++ if (err) { ++ ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n", ++ sta->addr, mode, err); ++ goto exit; ++ } + + err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr, + WMI_PEER_CHAN_WIDTH, bw); +@@ -6038,6 +6049,7 @@ static void ath10k_sta_rc_update_wk(struct work_struct *wk) + sta->addr); + } + ++exit: + mutex_unlock(&ar->conf_mutex); + } + +diff --git a/drivers/net/wireless/ath/ath10k/wmi.h b/drivers/net/wireless/ath/ath10k/wmi.h +index c7b30ed9015d..930a0e1b1163 100644 +--- a/drivers/net/wireless/ath/ath10k/wmi.h ++++ b/drivers/net/wireless/ath/ath10k/wmi.h +@@ -6010,6 +6010,7 @@ enum wmi_peer_param { + WMI_PEER_NSS = 0x5, + WMI_PEER_USE_4ADDR = 0x6, + WMI_PEER_DEBUG = 0xa, ++ WMI_PEER_PHYMODE = 0xd, + WMI_PEER_DUMMY_VAR = 0xff, /* dummy parameter for STA PS workaround */ + }; + +-- +2.17.1 + diff --git a/kernel.spec b/kernel.spec index 5a86238..0847fd4 100644 --- a/kernel.spec +++ b/kernel.spec @@ -677,6 +677,10 @@ Patch516: platform-x86-dell-laptop-Fix-keyboard-backlight-time.patch # CVE-2018-12232 rhbz 1590215 1590216 Patch517: 0001-socket-close-race-condition-between-sock_close-and-s.patch +# rhbz 1577106 +# http://lists.infradead.org/pipermail/ath10k/2018-June/011582.html +Patch518: ath10k-Update-the-phymode-along-with-bandwidth-change.patch + # END OF PATCH DEFINITIONS %endif @@ -1927,6 +1931,9 @@ fi # # %changelog +* Tue Jun 12 2018 Jeremy Cline +- Fix a crash in ath10k when bandwidth changes (rhbz 1577106) + * Tue Jun 12 2018 Justin M. Forbes - Fix CVE-2018-12232 (rhbz 1590215 1590216)