Patch "wifi: ath11k: Cleanup mac80211 references on failure during tx_complete" has been added to the 6.1-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Thu, 28 Sep 2023 16:57:14 -0400

This is a note to let you know that I've just added the patch titled

    wifi: ath11k: Cleanup mac80211 references on failure during tx_complete

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     wifi-ath11k-cleanup-mac80211-references-on-failure-d.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 92dd5dbdd10402280500de0b2fecb27b8cc549c3
Author: Sven Eckelmann <sven@xxxxxxxxxxxxx>
Date:   Tue Aug 22 16:42:24 2023 +0300

    wifi: ath11k: Cleanup mac80211 references on failure during tx_complete
    
    [ Upstream commit 29d15589f084d71a4ea8c544039c5839db0236e2 ]
    
    When a function is using functions from mac80211 to free an skb then it
    should do it consistently and not switch to the generic dev_kfree_skb_any
    (or similar functions). Otherwise (like in the error handlers), mac80211
    will will not be aware of the freed skb and thus not clean up related
    information in its internal data structures.
    
    Not doing so lead in the past to filled up structure which then prevented
    new clients to connect.
    
    Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
    Fixes: 6257c702264c ("wifi: ath11k: fix tx status reporting in encap offload mode")
    Cc: stable@xxxxxxxxxxxxxxx
    Signed-off-by: Sven Eckelmann <sven@xxxxxxxxxxxxx>
    Signed-off-by: Kalle Valo <quic_kvalo@xxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230802-ath11k-ack_status_leak-v2-2-c0af729d6229@xxxxxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/wireless/ath/ath11k/dp_tx.c b/drivers/net/wireless/ath/ath11k/dp_tx.c
index 08a28464eb7a9..64c8ccac22d27 100644
--- a/drivers/net/wireless/ath/ath11k/dp_tx.c
+++ b/drivers/net/wireless/ath/ath11k/dp_tx.c
@@ -344,7 +344,7 @@ ath11k_dp_tx_htt_tx_complete_buf(struct ath11k_base *ab,
 	dma_unmap_single(ab->dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE);
 
 	if (!skb_cb->vif) {
-		dev_kfree_skb_any(msdu);
+		ieee80211_free_txskb(ar->hw, msdu);
 		return;
 	}
 
@@ -566,12 +566,12 @@ static void ath11k_dp_tx_complete_msdu(struct ath11k *ar,
 	dma_unmap_single(ab->dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE);
 
 	if (unlikely(!rcu_access_pointer(ab->pdevs_active[ar->pdev_idx]))) {
-		dev_kfree_skb_any(msdu);
+		ieee80211_free_txskb(ar->hw, msdu);
 		return;
 	}
 
 	if (unlikely(!skb_cb->vif)) {
-		dev_kfree_skb_any(msdu);
+		ieee80211_free_txskb(ar->hw, msdu);
 		return;
 	}
 






