Commit e01f0f7
committed
wifi: ath12k: Fix memory corruption during MLO multicast tx
JIRA: https://issues.redhat.com/browse/RHEL-89168
commit 6f8a27a
Author: P Praneesh <praneesh.p@oss.qualcomm.com>
Date: Wed Apr 2 23:27:14 2025 +0530
wifi: ath12k: Fix memory corruption during MLO multicast tx
The struct sk_buff's control buffer is shared by mac80211's struct
ieee80211_tx_info and ath12k's struct ath12k_skb_cb. When the driver wants
to transmit an skb, it caches all the mac80211-specific information from
struct ieee80211_tx_info, then performs a memset on the control buffer
before writing the ath12k-specific information using struct ath12k_skb_cb.
However, during multicast tx, the key is being filled into the driver data,
which overwrites some crucial members like link_id and flags in struct
ath12k_skb_cb. This causes invalid information retrieval when the driver
accesses these fields during ath12k_dp_tx(). Fix this issue by removing
the key filling logic during MLO multicast tx, as it is not used anywhere
in the tx path.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
Fixes: 2f50de7 ("wifi: ath12k: Add support for MLO Multicast handling in driver")
Signed-off-by: P Praneesh <praneesh.p@oss.qualcomm.com>
Link: https://patch.msgid.link/20250402175714.2667270-1-praneesh.p@oss.qualcomm.com
Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>1 parent 7686ea0 commit e01f0f7
1 file changed
+0
-2
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7429 | 7429 | | |
7430 | 7430 | | |
7431 | 7431 | | |
7432 | | - | |
7433 | 7432 | | |
7434 | 7433 | | |
7435 | 7434 | | |
| |||
7452 | 7451 | | |
7453 | 7452 | | |
7454 | 7453 | | |
7455 | | - | |
7456 | 7454 | | |
7457 | 7455 | | |
7458 | 7456 | | |
| |||
0 commit comments