From 6dc344db4d00bdc7e0e9ecaed02adc266eb375bd Mon Sep 17 00:00:00 2001 From: zxystd <1051244836@qq.com> Date: Thu, 14 Mar 2024 22:20:31 +0800 Subject: [PATCH] iwm/iwx: Ensure aggregate operation on RUN state, this avoids new state thread racing with systq thread and causing unexpected issue like firmware crash or double free objects etc. --- itlwm/hal_iwm/mac80211.cpp | 6 ++++++ itlwm/hal_iwx/ItlIwx.cpp | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/itlwm/hal_iwm/mac80211.cpp b/itlwm/hal_iwm/mac80211.cpp index 68d190d3..7502f9c8 100644 --- a/itlwm/hal_iwm/mac80211.cpp +++ b/itlwm/hal_iwm/mac80211.cpp @@ -2805,6 +2805,9 @@ iwm_ampdu_rx_start(struct ieee80211com *ic, struct ieee80211_node *ni, tid > IWM_MAX_TID_COUNT) return ENOSPC; + if (ic->ic_state != IEEE80211_S_RUN) + return ENOSPC; + if (sc->ba_rx.start_tidmask & (1 << tid)) return EBUSY; @@ -2828,6 +2831,9 @@ iwm_ampdu_rx_stop(struct ieee80211com *ic, struct ieee80211_node *ni, if (tid > IWM_MAX_TID_COUNT || sc->ba_rx.stop_tidmask & (1 << tid)) return; + if (ic->ic_state != IEEE80211_S_RUN) + return; + sc->ba_rx.stop_tidmask |= (1 << tid); that->iwm_add_task(sc, systq, &sc->ba_task); } diff --git a/itlwm/hal_iwx/ItlIwx.cpp b/itlwm/hal_iwx/ItlIwx.cpp index 094352b0..32b59180 100644 --- a/itlwm/hal_iwx/ItlIwx.cpp +++ b/itlwm/hal_iwx/ItlIwx.cpp @@ -4452,6 +4452,9 @@ iwx_ampdu_rx_start(struct ieee80211com *ic, struct ieee80211_node *ni, tid >= IWX_MAX_TID_COUNT) return ENOSPC; + if (ic->ic_state != IEEE80211_S_RUN) + return ENOSPC; + if (sc->ba_rx.start_tidmask & (1 << tid)) return EBUSY; @@ -4475,6 +4478,9 @@ iwx_ampdu_rx_stop(struct ieee80211com *ic, struct ieee80211_node *ni, if (tid >= IWX_MAX_TID_COUNT || sc->ba_rx.stop_tidmask & (1 << tid)) return; + if (ic->ic_state != IEEE80211_S_RUN) + return; + sc->ba_rx.stop_tidmask |= (1 << tid); that->iwx_add_task(sc, systq, &sc->ba_task); }