wifi: cfg80211: fix WARN_ON during CAC cancelling

Message ID	20241113-mlo_dfs_fix-v1-1-e4326736347b@quicinc.com
State	New
Headers	show Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 80CD11714BC; Wed, 13 Nov 2024 06:27:44 +0000 (UTC) From: Aditya Kumar Singh <quic_adisi@quicinc.com> Date: Wed, 13 Nov 2024 11:57:13 +0530 Subject: [PATCH] wifi: cfg80211: fix WARN_ON during CAC cancelling Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Message-ID: <20241113-mlo_dfs_fix-v1-1-e4326736347b@quicinc.com> To: Johannes Berg <johannes@sipsolutions.net> CC: Aditya Kumar Singh <quic_adisi@quicinc.com>, <linux-wireless@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Series	wifi: cfg80211: fix WARN_ON during CAC cancelling \| expand wifi: cfg80211: fix WARN_ON during CAC cancelling

Message ID

20241113-mlo_dfs_fix-v1-1-e4326736347b@quicinc.com

State

New

Headers

From: Aditya Kumar Singh <quic_adisi@quicinc.com>
Date: Wed, 13 Nov 2024 11:57:13 +0530
Subject: [PATCH] wifi: cfg80211: fix WARN_ON during CAC cancelling
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Message-ID: <20241113-mlo_dfs_fix-v1-1-e4326736347b@quicinc.com>
To: Johannes Berg <johannes@sipsolutions.net>
CC: Aditya Kumar Singh <quic_adisi@quicinc.com>,
        <linux-wireless@vger.kernel.org>, <linux-kernel@vger.kernel.org>

Series

wifi: cfg80211: fix WARN_ON during CAC cancelling | expand

Commit Message

Aditya Kumar Singh Nov. 13, 2024, 6:27 a.m. UTC

In cfg80211_cac_event(), there’s a check to ensure that for MLO, the
link_id argument passed must be a valid link_id in the wdev. The various
callers of this function (during MLO) are -
 * ieee80211_stop_ap()
 * ieee80211_link_stop()
 * ieee80211_dfs_cac_timer_work()
 * ieee80211_dfs_cac_cancel()

Now, in ieee80211_stop_ap() the wdev->valid_links is still having the link
ID which is being stopped. ieee80211_dfs_cac_timer_work() is triggered
after CAC time and the link ID is still valid in wdev->valid_links.
Similarly in ieee80211_dfs_cac_cancel() as well, the link ID is valid in
wdev->valid_links.

However, during the link stop via ieee80211_link_stop() flow, when this
function is called, the link_id is removed from the bitmap, triggering the
WARN_ON. The flow during the stop link is -

nl80211_remove_link
  > cfg80211_remove_link
    > ieee80211_del_intf_link
      > ieee80211_vif_set_links
        > ieee80211_vif_update_links
          > ieee80211_link_stop
            > cfg80211_cac_event

In cfg80211_remove_link(), the link_id is removed from the valid_links
bitmap before ieee80211_del_intf_link() is called. Consequently, in
cfg80211_cac_event(), the WARN_ON is triggered.

Since having link_id set in valid_links is not a necessary condition now,
remove the check.

Fixes: 81f67d60ebf2 ("wifi: cfg80211: handle DFS per link")
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
---
 net/wireless/mlme.c | 4 ----
 1 file changed, 4 deletions(-)


---
base-commit: 11597043d74809daf5d14256b96d6781749b3f82
change-id: 20241113-mlo_dfs_fix-1123060109bc

diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index a5eb92d93074e6ce1e08fcc2790b80cf04ff08f8..2a932a036225a3e0587cf5c18a4e80e91552313b 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -1112,10 +1112,6 @@  void cfg80211_cac_event(struct net_device *netdev,
 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 	unsigned long timeout;
 
-	if (WARN_ON(wdev->valid_links &&
-		    !(wdev->valid_links & BIT(link_id))))
-		return;
-
 	trace_cfg80211_cac_event(netdev, event, link_id);
 
 	if (WARN_ON(!wdev->links[link_id].cac_started &&

wifi: cfg80211: fix WARN_ON during CAC cancelling

Commit Message

Patch