On 4/30/2024 12:43 AM, Karthikeyan Kathirvel wrote: > From: Sven Eckelmann <sven@xxxxxxxxxxxxx> > > When a station idles for a long time, hostapd will try to send > a QoS Null frame to the station as "poll". NL80211_CMD_PROBE_CLIENT > is used for this purpose. > And the skb will be added to ack_status_frame - waiting for a > completion via ieee80211_report_ack_skb(). > > But when the peer was already removed before the tx_complete arrives, > the peer will be missing. And when using dev_kfree_skb_any (instead > of going through mac80211), the entry will stay inside > ack_status_frames thus not clean up related information in its > internal data structures. This IDR will therefore run full after > 8K request were generated for such clients. > At this point, the access point will then just stall and not allow > any new clients because idr_alloc() for ack_status_frame will fail. > > ieee80211_free_txskb() on the other hand will (when required) call > ieee80211_report_ack_skb() and make sure that (when required) remove > the entry from the ack_status_frame and clean up related > information in its internal data structures. > > Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1 > > Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") > Signed-off-by: Sven Eckelmann <sven@xxxxxxxxxxxxx> > Signed-off-by: Sarika Sharma <quic_sarishar@xxxxxxxxxxx> > Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@xxxxxxxxxxx> > Link: https://lore.kernel.org/r/20230802-ath11k-ack_status_leak-v2-1-c0af729d6229@xxxxxxxxxxxxx Acked-by: Jeff Johnson <quic_jjohnson@xxxxxxxxxxx>