diff mbox series

[v2] wifi: ar5523: enable proper endpoint verification

Message ID 20240408121425.29392-1-n.zhandarovich@fintech.ru
State Superseded
Headers show
Series [v2] wifi: ar5523: enable proper endpoint verification | expand

Commit Message

Nikita Zhandarovich April 8, 2024, 12:14 p.m. UTC
Syzkaller reports [1] hitting a warning about an endpoint in use
not having an expected type to it.

Fix the issue by checking for the existence of all proper
endpoints with their according types intact.

Sadly, this patch has not been tested on real hardware.

[1] Syzkaller report:
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 0 PID: 3643 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
...
Call Trace:
 <TASK>
 ar5523_cmd+0x41b/0x780 drivers/net/wireless/ath/ar5523/ar5523.c:275
 ar5523_cmd_read drivers/net/wireless/ath/ar5523/ar5523.c:302 [inline]
 ar5523_host_available drivers/net/wireless/ath/ar5523/ar5523.c:1376 [inline]
 ar5523_probe+0x14b0/0x1d10 drivers/net/wireless/ath/ar5523/ar5523.c:1655
 usb_probe_interface+0x30f/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:560 [inline]
 really_probe+0x249/0xb90 drivers/base/dd.c:639
 __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
 __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
 bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
 __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
 bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
 device_add+0xbd9/0x1e90 drivers/base/core.c:3517
 usb_set_configuration+0x101d/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xbe/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd8/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:560 [inline]
 really_probe+0x249/0xb90 drivers/base/dd.c:639
 __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
 __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
 bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
 __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
 bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
 device_add+0xbd9/0x1e90 drivers/base/core.c:3517
 usb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573
 hub_port_connect drivers/usb/core/hub.c:5353 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 port_event drivers/usb/core/hub.c:5653 [inline]
 hub_event+0x26cb/0x45d0 drivers/usb/core/hub.c:5735
 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
 worker_thread+0x669/0x1090 kernel/workqueue.c:2436
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>

Reported-and-tested-by: syzbot+1bc2c2afd44f820a669f@syzkaller.appspotmail.com
Fixes: b7d572e1871d ("ar5523: Add new driver")
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
---
v2: added 'const' qualifier to bulk_ep_addr[] per Jeff Johnson's
helpful suggestion.

 drivers/net/wireless/ath/ar5523/ar5523.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

Comments

Kalle Valo April 25, 2024, 3:52 p.m. UTC | #1
Nikita Zhandarovich <n.zhandarovich@fintech.ru> wrote:

> Syzkaller reports [1] hitting a warning about an endpoint in use
> not having an expected type to it.
> 
> Fix the issue by checking for the existence of all proper
> endpoints with their according types intact.
> 
> Sadly, this patch has not been tested on real hardware.
> 
> [1] Syzkaller report:
> ------------[ cut here ]------------
> usb 1-1: BOGUS urb xfer, pipe 3 != type 1
> WARNING: CPU: 0 PID: 3643 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
> ...
> Call Trace:
>  <TASK>
>  ar5523_cmd+0x41b/0x780 drivers/net/wireless/ath/ar5523/ar5523.c:275
>  ar5523_cmd_read drivers/net/wireless/ath/ar5523/ar5523.c:302 [inline]
>  ar5523_host_available drivers/net/wireless/ath/ar5523/ar5523.c:1376 [inline]
>  ar5523_probe+0x14b0/0x1d10 drivers/net/wireless/ath/ar5523/ar5523.c:1655
>  usb_probe_interface+0x30f/0x7f0 drivers/usb/core/driver.c:396
>  call_driver_probe drivers/base/dd.c:560 [inline]
>  really_probe+0x249/0xb90 drivers/base/dd.c:639
>  __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
>  driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
>  __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
>  bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
>  __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
>  bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
>  device_add+0xbd9/0x1e90 drivers/base/core.c:3517
>  usb_set_configuration+0x101d/0x1900 drivers/usb/core/message.c:2170
>  usb_generic_driver_probe+0xbe/0x100 drivers/usb/core/generic.c:238
>  usb_probe_device+0xd8/0x2c0 drivers/usb/core/driver.c:293
>  call_driver_probe drivers/base/dd.c:560 [inline]
>  really_probe+0x249/0xb90 drivers/base/dd.c:639
>  __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
>  driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
>  __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
>  bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
>  __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
>  bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
>  device_add+0xbd9/0x1e90 drivers/base/core.c:3517
>  usb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573
>  hub_port_connect drivers/usb/core/hub.c:5353 [inline]
>  hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
>  port_event drivers/usb/core/hub.c:5653 [inline]
>  hub_event+0x26cb/0x45d0 drivers/usb/core/hub.c:5735
>  process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
>  worker_thread+0x669/0x1090 kernel/workqueue.c:2436
>  kthread+0x2e8/0x3a0 kernel/kthread.c:376
>  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
>  </TASK>
> 
> Reported-and-tested-by: syzbot+1bc2c2afd44f820a669f@syzkaller.appspotmail.com
> Fixes: b7d572e1871d ("ar5523: Add new driver")
> Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>

Does anyone have a real device to test this? I have had so much problems with
syzbot fixes in the past that I'm hesitant to take such patches without
testing.
Kalle Valo April 25, 2024, 3:58 p.m. UTC | #2
Kalle Valo <kvalo@kernel.org> writes:

> Nikita Zhandarovich <n.zhandarovich@fintech.ru> wrote:
>
>> Syzkaller reports [1] hitting a warning about an endpoint in use
>> not having an expected type to it.
>> 
>> Fix the issue by checking for the existence of all proper
>> endpoints with their according types intact.
>> 
>> Sadly, this patch has not been tested on real hardware.
>> 
>> [1] Syzkaller report:
>> ------------[ cut here ]------------
>> usb 1-1: BOGUS urb xfer, pipe 3 != type 1
>> WARNING: CPU: 0 PID: 3643 at drivers/usb/core/urb.c:504
>> usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
>> ...
>> Call Trace:
>>  <TASK>
>>  ar5523_cmd+0x41b/0x780 drivers/net/wireless/ath/ar5523/ar5523.c:275
>>  ar5523_cmd_read drivers/net/wireless/ath/ar5523/ar5523.c:302 [inline]
>>  ar5523_host_available drivers/net/wireless/ath/ar5523/ar5523.c:1376 [inline]
>>  ar5523_probe+0x14b0/0x1d10 drivers/net/wireless/ath/ar5523/ar5523.c:1655
>>  usb_probe_interface+0x30f/0x7f0 drivers/usb/core/driver.c:396
>>  call_driver_probe drivers/base/dd.c:560 [inline]
>>  really_probe+0x249/0xb90 drivers/base/dd.c:639
>>  __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
>>  driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
>>  __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
>>  bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
>>  __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
>>  bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
>>  device_add+0xbd9/0x1e90 drivers/base/core.c:3517
>>  usb_set_configuration+0x101d/0x1900 drivers/usb/core/message.c:2170
>>  usb_generic_driver_probe+0xbe/0x100 drivers/usb/core/generic.c:238
>>  usb_probe_device+0xd8/0x2c0 drivers/usb/core/driver.c:293
>>  call_driver_probe drivers/base/dd.c:560 [inline]
>>  really_probe+0x249/0xb90 drivers/base/dd.c:639
>>  __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
>>  driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
>>  __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
>>  bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
>>  __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
>>  bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
>>  device_add+0xbd9/0x1e90 drivers/base/core.c:3517
>>  usb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573
>>  hub_port_connect drivers/usb/core/hub.c:5353 [inline]
>>  hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
>>  port_event drivers/usb/core/hub.c:5653 [inline]
>>  hub_event+0x26cb/0x45d0 drivers/usb/core/hub.c:5735
>>  process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
>>  worker_thread+0x669/0x1090 kernel/workqueue.c:2436
>>  kthread+0x2e8/0x3a0 kernel/kthread.c:376
>>  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
>>  </TASK>
>> 
>> Reported-and-tested-by: syzbot+1bc2c2afd44f820a669f@syzkaller.appspotmail.com
>> Fixes: b7d572e1871d ("ar5523: Add new driver")
>> Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
>
> Does anyone have a real device to test this? I have had so much problems with
> syzbot fixes in the past that I'm hesitant to take such patches without
> testing.

Actually should we just remove ar5523 driver? Has anyone heard anyone
using this driver still?
Stefan Lippers-Hollmann April 28, 2024, 7:04 a.m. UTC | #3
Hi

On 2024-04-25, Kalle Valo wrote:
> Kalle Valo <kvalo@kernel.org> writes:
> > Nikita Zhandarovich <n.zhandarovich@fintech.ru> wrote:
[...]
> > Does anyone have a real device to test this? I have had so much problems with
> > syzbot fixes in the past that I'm hesitant to take such patches without
> > testing.
>
> Actually should we just remove ar5523 driver? Has anyone heard anyone
> using this driver still?

While I'm not using it regularly, the driver does still work in plain
v6.8.8 (and these Netgear WG111 and WG111T USB WLAN cards were quite
common), tested against a qcn5024 AP.

I'm just preparing a new kernel build with the proposed patch applied.

$ uname -r
6.8.8

[   54.027188] usb 3-5: new high-speed USB device number 5 using xhci_hcd
[   54.154514] usb 3-5: New USB device found, idVendor=1385, idProduct=4251, bcdDevice= 0.01
[   54.154531] usb 3-5: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   54.154537] usb 3-5: Product: WG111T
[   54.154541] usb 3-5: Manufacturer: Atheros Communications Inc
[   54.154545] usb 3-5: SerialNumber: 1.0
[   54.262777] usbcore: registered new interface driver ar5523
[   54.411417] usb 3-5: USB disconnect, device number 5
[   54.660141] usb 3-5: new high-speed USB device number 6 using xhci_hcd
[   54.787463] usb 3-5: New USB device found, idVendor=1385, idProduct=4250, bcdDevice= 0.01
[   54.787478] usb 3-5: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   54.787483] usb 3-5: Product: WG111T
[   54.787487] usb 3-5: Manufacturer: Atheros Communications Inc
[   54.787491] usb 3-5: SerialNumber: 1.0
[   54.835897] usb 3-5: Cap: CAP_TARGET_VERSION=0x00000006
[   54.836738] usb 3-5: Cap: CAP_TARGET_REVISION=0x00000001
[   54.836985] usb 3-5: Cap: CAP_MAC_VERSION=0x00000008
[   54.837269] usb 3-5: Cap: CAP_MAC_REVISION=0x00000001
[   54.837578] usb 3-5: Cap: CAP_PHY_REVISION=0x00000046
[   54.837828] usb 3-5: Cap: CAP_ANALOG_5GHz_REVISION=0x00000046
[   54.838114] usb 3-5: Cap: CAP_ANALOG_2GHz_REVISION=0x00000000
[   54.838364] usb 3-5: Cap: CAP_REG_DOMAIN=0x00000000
[   54.838635] usb 3-5: Cap: CAP_REG_CAP_BITS=0x00000000
[   54.838876] usb 3-5: Cap: CAP_WIRELESS_MODES=0x00000000
[   54.839138] usb 3-5: Cap: CAP_CHAN_SPREAD_SUPPORT=0x0000001c
[   54.839446] usb 3-5: Cap: CAP_COMPRESS_SUPPORT=0x00000001
[   54.839685] usb 3-5: Cap: CAP_BURST_SUPPORT=0x00000001
[   54.839954] usb 3-5: Cap: CAP_FAST_FRAMES_SUPPORT=0x00000001
[   54.840216] usb 3-5: Cap: CAP_CHAP_TUNING_SUPPORT=0x00000001
[   54.840467] usb 3-5: Cap: CAP_TURBOG_SUPPORT=0x00000001
[   54.840724] usb 3-5: Cap: CAP_TURBO_PRIME_SUPPORT=0x00000001
[   54.840975] usb 3-5: Cap: CAP_DEVICE_TYPE=0x00000001
[   54.841236] usb 3-5: Cap: CAP_WME_SUPPORT=0x00000001
[   54.841506] usb 3-5: Cap: CAP_TOTAL_QUEUES=0x00000001
[   54.841744] usb 3-5: Cap: CAP_CONNECTION_ID_MAX=0x0000000a
[   54.842039] usb 3-5: Cap: CAP_LOW_5GHZ_CHAN=0x00000004
[   54.842281] usb 3-5: Cap: CAP_HIGH_5GHZ_CHAN=0x00001338
[   54.842554] usb 3-5: Cap: CAP_LOW_2GHZ_CHAN=0x000017d4
[   54.842788] usb 3-5: Cap: CAP_HIGH_2GHZ_CHAN=0x00000908
[   54.843056] usb 3-5: Cap: CAP_TWICE_ANTENNAGAIN_5G=0x00000001
[   54.843343] usb 3-5: Cap: CAP_TWICE_ANTENNAGAIN_2G=0x00000004
[   54.843593] usb 3-5: Cap: CAP_CIPHER_AES_CCM=0x00000001
[   54.843851] usb 3-5: Cap: CAP_CIPHER_TKIP=0x00000000
[   54.844113] usb 3-5: Cap: CAP_MIC_TKIP=0x00000000
[   54.844677] usb 3-5: MAC/BBP AR5523, RF AR2112
[   54.845129] usb 3-5: Found and initialized AR5523 device
[   54.853451] ar5523 3-5:1.0 wlx<MAC>: renamed from wlan0
[   79.311092] wlx<MAC>: 80 MHz not supported, disabling VHT
[   79.314464] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:01 (local address=0X:XX:XX:XX:XX:65)
[   79.314472] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:01 (try 1/3)
[   79.365058] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:01 (local address=0X:XX:XX:XX:XX:65)
[   79.365073] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:01 (try 1/3)
[   79.368361] wlx<MAC>: authenticated
[   79.369488] wlx<MAC>: associate with 9X:XX:XX:XX:XX:01 (try 1/3)
[   79.376783] wlx<MAC>: RX AssocResp from 9X:XX:XX:XX:XX:01 (capab=0x1431 status=0 aid=1)
[   79.377789] wlx<MAC>: associated
[   79.412980] wlx<MAC>: deauthenticating from 9X:XX:XX:XX:XX:01 by local choice (Reason: 1=UNSPECIFIED)
[   79.613018] wlx<MAC>: 80 MHz not supported, disabling VHT
[   79.618057] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:53 (local address=0X:XX:XX:XX:XX:65)
[   79.618068] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:53 (try 1/3)
[   79.672878] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:53 (local address=0X:XX:XX:XX:XX:65)
[   79.672885] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:53 (try 1/3)
[   79.675745] wlx<MAC>: authenticated
[   79.676415] wlx<MAC>: associate with 9X:XX:XX:XX:XX:53 (try 1/3)
[   79.682446] wlx<MAC>: RX AssocResp from 9X:XX:XX:XX:XX:53 (capab=0x1031 status=0 aid=1)
[   79.683079] wlx<MAC>: associated
[   79.708364] wlx<MAC>: deauthenticating from 9X:XX:XX:XX:XX:53 by local choice (Reason: 1=UNSPECIFIED)
[   79.913528] wlx<MAC>: 80 MHz not supported, disabling VHT
[   79.916480] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:b1 (local address=0X:XX:XX:XX:XX:65)
[   79.916489] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:b1 (try 1/3)
[   79.979005] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:b1 (local address=0X:XX:XX:XX:XX:65)
[   79.979019] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:b1 (try 1/3)
[   79.982175] wlx<MAC>: authenticated
[   79.983460] wlx<MAC>: associate with 9X:XX:XX:XX:XX:b1 (try 1/3)
[   79.990499] wlx<MAC>: RX AssocResp from 9X:XX:XX:XX:XX:b1 (capab=0x1431 status=0 aid=1)
[   79.991150] wlx<MAC>: associated
[   80.004037] wlx<MAC>: Limiting TX power to 20 (20 - 0) dBm as advertised by 9X:XX:XX:XX:XX:b1
[   80.017058] wlx<MAC>: deauthenticating from 9X:XX:XX:XX:XX:b1 by local choice (Reason: 1=UNSPECIFIED)
[   81.031824] wlx<MAC>: 80 MHz not supported, disabling VHT
[   81.036498] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:b1 (local address=0X:XX:XX:XX:XX:65)
[   81.036506] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:b1 (try 1/3)
[   81.039194] wlx<MAC>: authenticated
[   81.040489] wlx<MAC>: associate with 9X:XX:XX:XX:XX:b1 (try 1/3)
[   81.047244] wlx<MAC>: RX AssocResp from 9X:XX:XX:XX:XX:b1 (capab=0x1431 status=0 aid=1)
[   81.047905] wlx<MAC>: associated
[   81.088917] wlx<MAC>: deauthenticating from 9X:XX:XX:XX:XX:b1 by local choice (Reason: 1=UNSPECIFIED)
[   82.086878] wlx<MAC>: 80 MHz not supported, disabling VHT
[   82.091343] wlx<MAC>: authenticate with aX:XX:XX:XX:XX:01 (local address=0X:XX:XX:XX:XX:65)
[   82.091351] wlx<MAC>: send auth to aX:XX:XX:XX:XX:01 (try 1/3)
[   82.101245] wlx<MAC>: authenticated
[   82.102400] wlx<MAC>: associate with aX:XX:XX:XX:XX:01 (try 1/3)
[   82.107565] wlx<MAC>: RX AssocResp from aX:XX:XX:XX:XX:01 (capab=0x1431 status=0 aid=2)
[   82.108175] wlx<MAC>: associated
[   82.196524] wlx<MAC>: Limiting TX power to 20 (20 - 0) dBm as advertised by aX:XX:XX:XX:XX:01

# wpa_cli -i wlx<MAC> status
bssid=aX:XX:XX:XX:XX:01
freq=2437
ssid=XXX
id=2
id_str=XXX
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2-PSK
wpa_state=COMPLETED
address=0X:XX:XX:XX:XX:65
uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

$ iperf3 -c <remote_server_ipv6>
Connecting to host <remote_server_ipv6>, port 5201
[  5] local 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX65 port 47110 connected to 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX01 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   384 KBytes  3.14 Mbits/sec   14   13.9 KBytes
[  5]   1.00-2.00   sec   256 KBytes  2.10 Mbits/sec    8   13.9 KBytes
[  5]   2.00-3.00   sec  0.00 Bytes  0.00 bits/sec    0   1.39 KBytes
[  5]   3.00-4.00   sec  0.00 Bytes  0.00 bits/sec    1   18.1 KBytes
[  5]   4.00-5.00   sec  0.00 Bytes  0.00 bits/sec    0   18.1 KBytes
[  5]   5.00-6.00   sec  0.00 Bytes  0.00 bits/sec    0   23.7 KBytes
[  5]   6.00-7.00   sec   128 KBytes  1.05 Mbits/sec    0   23.7 KBytes
[  5]   7.00-8.00   sec  0.00 Bytes  0.00 bits/sec    0   23.7 KBytes
[  5]   8.00-9.00   sec  0.00 Bytes  0.00 bits/sec    0   23.7 KBytes
[  5]   9.00-10.00  sec  0.00 Bytes  0.00 bits/sec    0   23.7 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   768 KBytes   629 Kbits/sec   23             sender
[  5]   0.00-10.19  sec   512 KBytes   411 Kbits/sec                  receiver

iperf Done.

$ iperf3 -c <remote_server_ipv6> --reverse
Connecting to host <remote_server_ipv6>, port 5201
Reverse mode, remote host <remote_server_ipv6> is sending
[  5] local 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX65 port 39628 connected to 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX01 port 5201
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   768 KBytes  6.28 Mbits/sec
[  5]   1.00-2.00   sec  1.12 MBytes  9.44 Mbits/sec
[  5]   2.00-3.00   sec  1.12 MBytes  9.43 Mbits/sec
[  5]   3.00-4.00   sec  1.12 MBytes  9.45 Mbits/sec
[  5]   4.00-5.00   sec   896 KBytes  7.34 Mbits/sec
[  5]   5.00-6.00   sec  1.12 MBytes  9.43 Mbits/sec
[  5]   6.00-7.00   sec  1.38 MBytes  11.5 Mbits/sec
[  5]   7.00-8.00   sec  1.12 MBytes  9.44 Mbits/sec
[  5]   8.00-9.00   sec  1.25 MBytes  10.5 Mbits/sec
[  5]   9.00-10.00  sec  1.50 MBytes  12.6 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.10  sec  13.6 MBytes  11.3 Mbits/sec    0             sender
[  5]   0.00-10.00  sec  11.4 MBytes  9.54 Mbits/sec                  receiver

iperf Done.

$ iperf3 -c <remote_server_ipv6> --bidir
Connecting to host <remote_server_ipv6>, port 5201
[  5] local 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX65 port 38430 connected to 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX01 port 5201
[  7] local 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX65 port 38446 connected to 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX01 port 5201
[ ID][Role] Interval           Transfer     Bitrate         Retr  Cwnd
[  5][TX-C]   0.00-1.00   sec   128 KBytes  1.05 Mbits/sec    6   4.18 KBytes
[  7][RX-C]   0.00-1.00   sec   768 KBytes  6.28 Mbits/sec
[  5][TX-C]   1.00-2.00   sec  0.00 Bytes  0.00 bits/sec    7   1.39 KBytes
[  7][RX-C]   1.00-2.00   sec  1.00 MBytes  8.39 Mbits/sec
[  5][TX-C]   2.00-3.00   sec  0.00 Bytes  0.00 bits/sec    3   1.39 KBytes
[  7][RX-C]   2.00-3.00   sec   896 KBytes  7.35 Mbits/sec
[  5][TX-C]   3.00-4.00   sec   128 KBytes  1.05 Mbits/sec    2   2.79 KBytes
[  7][RX-C]   3.00-4.00   sec   896 KBytes  7.34 Mbits/sec
[  5][TX-C]   4.00-5.00   sec  0.00 Bytes  0.00 bits/sec    3   2.79 KBytes
[  7][RX-C]   4.00-5.00   sec  1.12 MBytes  9.43 Mbits/sec
[  5][TX-C]   5.00-6.00   sec  0.00 Bytes  0.00 bits/sec    3   1.39 KBytes
[  7][RX-C]   5.00-6.00   sec  1.38 MBytes  11.5 Mbits/sec
[  5][TX-C]   6.00-7.00   sec  0.00 Bytes  0.00 bits/sec    3   2.79 KBytes
[  7][RX-C]   6.00-7.00   sec  1.25 MBytes  10.5 Mbits/sec
[  5][TX-C]   7.00-8.00   sec  0.00 Bytes  0.00 bits/sec    3   2.79 KBytes
[  7][RX-C]   7.00-8.00   sec  1.38 MBytes  11.5 Mbits/sec
[  5][TX-C]   8.00-9.00   sec  0.00 Bytes  0.00 bits/sec    2   2.79 KBytes
[  7][RX-C]   8.00-9.00   sec  1.50 MBytes  12.6 Mbits/sec
[  5][TX-C]   9.00-10.00  sec  0.00 Bytes  0.00 bits/sec    1   4.18 KBytes
[  7][RX-C]   9.00-10.00  sec  1.50 MBytes  12.6 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID][Role] Interval           Transfer     Bitrate         Retr
[  5][TX-C]   0.00-10.00  sec   256 KBytes   210 Kbits/sec   33             sender
[  5][TX-C]   0.00-10.06  sec   128 KBytes   104 Kbits/sec                  receiver
[  7][RX-C]   0.00-10.00  sec  13.8 MBytes  11.5 Mbits/sec    0             sender
[  7][RX-C]   0.00-10.06  sec  11.6 MBytes  9.70 Mbits/sec                  receiver

iperf Done.

Regards
	Stefan Lippers-Hollmann
Stefan Lippers-Hollmann April 28, 2024, 7:49 a.m. UTC | #4
Hi

On 2024-04-28, Stefan Lippers-Hollmann wrote:
> On 2024-04-25, Kalle Valo wrote:
> > Kalle Valo <kvalo@kernel.org> writes:
> > > Nikita Zhandarovich <n.zhandarovich@fintech.ru> wrote:
> [...]
> > > Does anyone have a real device to test this? I have had so much problems with
> > > syzbot fixes in the past that I'm hesitant to take such patches without
> > > testing.
> >
> > Actually should we just remove ar5523 driver? Has anyone heard anyone
> > using this driver still?
>
> While I'm not using it regularly, the driver does still work in plain
> v6.8.8 (and these Netgear WG111 and WG111T USB WLAN cards were quite
> common), tested against a qcn5024 AP.
>
> I'm just preparing a new kernel build with the proposed patch applied.

…and now the same with this patch applied:

$ uname -r
6.9.0-rc5-gcc1380dd1882-dirty

wireless-next-2024-04-24-2112-gcc1380dd1882 with
https://patchwork.kernel.org/project/linux-wireless/patch/20240408121425.29392-1-n.zhandarovich@fintech.ru/raw/
applied

[   22.303440] usb 1-5: new high-speed USB device number 5 using xhci_hcd
[   22.431672] usb 1-5: New USB device found, idVendor=1385, idProduct=4251, bcdDevice= 0.01
[   22.431678] usb 1-5: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   22.431680] usb 1-5: Product: WG111T
[   22.431681] usb 1-5: Manufacturer: Atheros Communications Inc
[   22.431682] usb 1-5: SerialNumber: 1.0
[   22.537560] usbcore: registered new interface driver ar5523
[   22.686170] usb 1-5: USB disconnect, device number 5
[   22.935409] usb 1-5: new high-speed USB device number 6 using xhci_hcd
[   23.062746] usb 1-5: New USB device found, idVendor=1385, idProduct=4250, bcdDevice= 0.01
[   23.062762] usb 1-5: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   23.062767] usb 1-5: Product: WG111T
[   23.062771] usb 1-5: Manufacturer: Atheros Communications Inc
[   23.062775] usb 1-5: SerialNumber: 1.0
[   23.110548] usb 1-5: Cap: CAP_TARGET_VERSION=0x00000006
[   23.110837] usb 1-5: Cap: CAP_TARGET_REVISION=0x00000001
[   23.111146] usb 1-5: Cap: CAP_MAC_VERSION=0x00000008
[   23.111448] usb 1-5: Cap: CAP_MAC_REVISION=0x00000001
[   23.111739] usb 1-5: Cap: CAP_PHY_REVISION=0x00000046
[   23.112001] usb 1-5: Cap: CAP_ANALOG_5GHz_REVISION=0x00000046
[   23.112235] usb 1-5: Cap: CAP_ANALOG_2GHz_REVISION=0x00000000
[   23.112566] usb 1-5: Cap: CAP_REG_DOMAIN=0x00000000
[   23.112809] usb 1-5: Cap: CAP_REG_CAP_BITS=0x00000000
[   23.113120] usb 1-5: Cap: CAP_WIRELESS_MODES=0x00000000
[   23.113391] usb 1-5: Cap: CAP_CHAN_SPREAD_SUPPORT=0x0000001c
[   23.113663] usb 1-5: Cap: CAP_COMPRESS_SUPPORT=0x00000001
[   23.113912] usb 1-5: Cap: CAP_BURST_SUPPORT=0x00000001
[   23.114209] usb 1-5: Cap: CAP_FAST_FRAMES_SUPPORT=0x00000001
[   23.114480] usb 1-5: Cap: CAP_CHAP_TUNING_SUPPORT=0x00000001
[   23.114739] usb 1-5: Cap: CAP_TURBOG_SUPPORT=0x00000001
[   23.114987] usb 1-5: Cap: CAP_TURBO_PRIME_SUPPORT=0x00000001
[   23.115231] usb 1-5: Cap: CAP_DEVICE_TYPE=0x00000001
[   23.115538] usb 1-5: Cap: CAP_WME_SUPPORT=0x00000001
[   23.115804] usb 1-5: Cap: CAP_TOTAL_QUEUES=0x00000001
[   23.116081] usb 1-5: Cap: CAP_CONNECTION_ID_MAX=0x0000000a
[   23.116362] usb 1-5: Cap: CAP_LOW_5GHZ_CHAN=0x00000004
[   23.116614] usb 1-5: Cap: CAP_HIGH_5GHZ_CHAN=0x00001338
[   23.116889] usb 1-5: Cap: CAP_LOW_2GHZ_CHAN=0x000017d4
[   23.117123] usb 1-5: Cap: CAP_HIGH_2GHZ_CHAN=0x00000908
[   23.117387] usb 1-5: Cap: CAP_TWICE_ANTENNAGAIN_5G=0x00000001
[   23.117656] usb 1-5: Cap: CAP_TWICE_ANTENNAGAIN_2G=0x00000004
[   23.117906] usb 1-5: Cap: CAP_CIPHER_AES_CCM=0x00000001
[   23.118165] usb 1-5: Cap: CAP_CIPHER_TKIP=0x00000000
[   23.118429] usb 1-5: Cap: CAP_MIC_TKIP=0x00000000
[   23.118972] usb 1-5: MAC/BBP AR5523, RF AR2112
[   23.119638] usb 1-5: Found and initialized AR5523 device
[   23.127613] ar5523 1-5:1.0 wlx<MAC>: renamed from wlan0
[   79.014957] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:01 (local address=0X:XX:XX:XX:XX:65)
[   79.014962] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:01 (try 1/3)
[   79.047622] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:01 (local address=0X:XX:XX:XX:XX:65)
[   79.047635] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:01 (try 1/3)
[   79.050750] wlx<MAC>: authenticated
[   79.051329] wlx<MAC>: associate with 9X:XX:XX:XX:XX:01 (try 1/3)
[   79.066715] wlx<MAC>: RX AssocResp from 9X:XX:XX:XX:XX:01 (capab=0x1431 status=0 aid=1)
[   79.067462] wlx<MAC>: associated
[   79.108615] wlx<MAC>: deauthenticating from 9X:XX:XX:XX:XX:01 by local choice (Reason: 1=UNSPECIFIED)
[   79.459937] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:53 (local address=0X:XX:XX:XX:XX:65)
[   79.459941] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:53 (try 1/3)
[   81.468858] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:53 (try 2/3)
[   81.494179] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:53 (local address=0X:XX:XX:XX:XX:65)
[   81.494191] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:53 (try 1/3)
[   81.497337] wlx<MAC>: authenticated
[   81.499344] wlx<MAC>: associate with 9X:XX:XX:XX:XX:53 (try 1/3)
[   81.505833] wlx<MAC>: RX AssocResp from 9X:XX:XX:XX:XX:53 (capab=0x1031 status=0 aid=1)
[   81.506372] wlx<MAC>: associated
[   81.543659] wlx<MAC>: deauthenticating from 9X:XX:XX:XX:XX:53 by local choice (Reason: 1=UNSPECIFIED)
[   81.773371] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:b1 (local address=0X:XX:XX:XX:XX:65)
[   81.773376] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:b1 (try 1/3)
[   81.852279] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:b1 (local address=0X:XX:XX:XX:XX:65)
[   81.852302] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:b1 (try 1/3)
[   81.855407] wlx<MAC>: authenticated
[   81.857339] wlx<MAC>: associate with 9X:XX:XX:XX:XX:b1 (try 1/3)
[   81.869094] wlx<MAC>: RX AssocResp from 9X:XX:XX:XX:XX:b1 (capab=0x1431 status=0 aid=1)
[   81.869614] wlx<MAC>: associated
[   81.910697] wlx<MAC>: deauthenticating from 9X:XX:XX:XX:XX:b1 by local choice (Reason: 1=UNSPECIFIED)
[   83.209701] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX:b1 (local address=0X:XX:XX:XX:XX:65)
[   83.209711] wlx<MAC>: send auth to 9X:XX:XX:XX:XX:b1 (try 1/3)
[   83.232421] wlx<MAC>: authenticated
[   83.233337] wlx<MAC>: associate with 9X:XX:XX:XX:XX:b1 (try 1/3)
[   83.240188] wlx<MAC>: RX AssocResp from 9X:XX:XX:XX:XX:b1 (capab=0x1431 status=0 aid=1)
[   83.240731] wlx<MAC>: associated
[   83.254365] wlx<MAC>: Limiting TX power to 20 (20 - 0) dBm as advertised by 9X:XX:XX:XX:XX:b1
[   83.275542] wlx<MAC>: deauthenticating from 9X:XX:XX:XX:XX:b1 by local choice (Reason: 1=UNSPECIFIED)
[   84.540669] wlx<MAC>: authenticate with 9X:XX:XX:XX:XX53 (local address=0X:XX:XX:XX:XX:65)
[   84.540680] wlx<MAC>: send auth to 9X:XX:XX:XX:XX53 (try 1/3)
[   84.616128] wlx<MAC>: authenticated
[   84.617421] wlx<MAC>: associate with 9X:XX:XX:XX:XX53 (try 1/3)
[   84.622756] wlx<MAC>: RX AssocResp from 9X:XX:XX:XX:XX53 (capab=0x1031 status=0 aid=6)
[   84.623413] wlx<MAC>: associated
[   84.671424] wlx<MAC>: Limiting TX power to 20 (20 - 0) dBm as advertised by 9X:XX:XX:XX:XX53

# wpa_cli -i wlx<MAC> status
bssid=9X:XX:XX:XX:XX53
freq=2437
ssid=XXX
id=2
id_str=XXX
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2-PSK
wpa_state=COMPLETED
address=0X:XX:XX:XX:XX:65
uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

$ iperf3 -c sawfly
Connecting to host sawfly, port 5201
[  5] local 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX65 port 39288 connected to 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX01 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   128 KBytes  1.05 Mbits/sec    2   1.39 KBytes
[  5]   1.00-2.00   sec  0.00 Bytes  0.00 bits/sec    8   1.39 KBytes
[  5]   2.00-3.00   sec   128 KBytes  1.05 Mbits/sec    1   11.2 KBytes
[  5]   3.00-4.00   sec  0.00 Bytes  0.00 bits/sec    0   13.9 KBytes
[  5]   4.00-5.00   sec  0.00 Bytes  0.00 bits/sec    0   15.3 KBytes
[  5]   5.00-6.00   sec  0.00 Bytes  0.00 bits/sec    0   22.3 KBytes
[  5]   6.00-7.00   sec  0.00 Bytes  0.00 bits/sec    0   29.3 KBytes
[  5]   7.00-8.00   sec   128 KBytes  1.05 Mbits/sec    0   34.9 KBytes
[  5]   8.00-9.00   sec  0.00 Bytes  0.00 bits/sec    0   34.9 KBytes
[  5]   9.00-10.00  sec  0.00 Bytes  0.00 bits/sec    0   16.7 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   384 KBytes   315 Kbits/sec   11             sender
[  5]   0.00-10.00  sec   128 KBytes   105 Kbits/sec                  receiver

iperf Done.

$ iperf3 -c sawfly --reverse
Connecting to host sawfly, port 5201
Reverse mode, remote host sawfly is sending
[  5] local 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX65 port 54102 connected to 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX01 port 5201
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   640 KBytes  5.24 Mbits/sec
[  5]   1.00-2.00   sec   768 KBytes  6.29 Mbits/sec
[  5]   2.00-3.00   sec  1.00 MBytes  8.39 Mbits/sec
[  5]   3.00-4.00   sec   896 KBytes  7.34 Mbits/sec
[  5]   4.00-5.00   sec  1.00 MBytes  8.39 Mbits/sec
[  5]   5.00-6.00   sec  1.12 MBytes  9.44 Mbits/sec
[  5]   6.00-7.00   sec  1.25 MBytes  10.5 Mbits/sec
[  5]   7.00-8.00   sec   896 KBytes  7.34 Mbits/sec
[  5]   8.00-9.00   sec  1.00 MBytes  8.38 Mbits/sec
[  5]   9.00-10.00  sec  1.12 MBytes  9.44 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.21  sec  11.8 MBytes  9.66 Mbits/sec    0             sender
[  5]   0.00-10.00  sec  9.62 MBytes  8.07 Mbits/sec                  receiver

iperf Done.

$ iperf3 -c sawfly --bidir
Connecting to host sawfly, port 5201
[  5] local 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX65 port 38694 connected to 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX01 port 5201
[  7] local 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX65 port 38704 connected to 2aXX:XXX:XXXX:XXXX:XXXX:XXXX:XXX:XX01 port 5201
[ ID][Role] Interval           Transfer     Bitrate         Retr  Cwnd
[  5][TX-C]   0.00-1.00   sec  0.00 Bytes  0.00 bits/sec    5   2.79 KBytes
[  7][RX-C]   0.00-1.00   sec  0.00 Bytes  0.00 bits/sec
[  5][TX-C]   1.00-2.00   sec  0.00 Bytes  0.00 bits/sec    4   2.79 KBytes
[  7][RX-C]   1.00-2.00   sec   512 KBytes  4.20 Mbits/sec
[  5][TX-C]   2.00-3.00   sec  0.00 Bytes  0.00 bits/sec    5   1.39 KBytes
[  7][RX-C]   2.00-3.00   sec   640 KBytes  5.24 Mbits/sec
[  5][TX-C]   3.00-4.00   sec   128 KBytes  1.05 Mbits/sec    3   1.39 KBytes
[  7][RX-C]   3.00-4.00   sec  1.12 MBytes  9.44 Mbits/sec
[  5][TX-C]   4.00-5.00   sec  0.00 Bytes  0.00 bits/sec    2   4.18 KBytes
[  7][RX-C]   4.00-5.00   sec  1.00 MBytes  8.39 Mbits/sec
[  5][TX-C]   5.00-6.00   sec  0.00 Bytes  0.00 bits/sec    4   1.39 KBytes
[  7][RX-C]   5.00-6.00   sec  1.25 MBytes  10.5 Mbits/sec
[  5][TX-C]   6.00-7.00   sec  0.00 Bytes  0.00 bits/sec    2   2.79 KBytes
[  7][RX-C]   6.00-7.00   sec   768 KBytes  6.29 Mbits/sec
[  5][TX-C]   7.00-8.00   sec  0.00 Bytes  0.00 bits/sec    2   2.79 KBytes
[  7][RX-C]   7.00-8.00   sec  1.25 MBytes  10.5 Mbits/sec
[  5][TX-C]   8.00-9.00   sec  0.00 Bytes  0.00 bits/sec    2   1.39 KBytes
[  7][RX-C]   8.00-9.00   sec  1.25 MBytes  10.5 Mbits/sec
[  5][TX-C]   9.00-10.00  sec  0.00 Bytes  0.00 bits/sec    1   2.79 KBytes
[  7][RX-C]   9.00-10.00  sec  1.50 MBytes  12.6 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID][Role] Interval           Transfer     Bitrate         Retr
[  5][TX-C]   0.00-10.00  sec   128 KBytes   105 Kbits/sec   30             sender
[  5][TX-C]   0.00-10.13  sec   128 KBytes   104 Kbits/sec                  receiver
[  7][RX-C]   0.00-10.00  sec  11.8 MBytes  9.86 Mbits/sec    0             sender
[  7][RX-C]   0.00-10.13  sec  9.25 MBytes  7.66 Mbits/sec                  receiver

iperf Done.


Regards
	Stefan Lippers-Hollmann
Kalle Valo April 29, 2024, 12:21 p.m. UTC | #5
Stefan Lippers-Hollmann <s.l-h@gmx.de> writes:

> Hi
>
> On 2024-04-28, Stefan Lippers-Hollmann wrote:
>> On 2024-04-25, Kalle Valo wrote:
>> > Kalle Valo <kvalo@kernel.org> writes:
>> > > Nikita Zhandarovich <n.zhandarovich@fintech.ru> wrote:
>> [...]
>> > > Does anyone have a real device to test this? I have had so much problems with
>> > > syzbot fixes in the past that I'm hesitant to take such patches without
>> > > testing.
>> >
>> > Actually should we just remove ar5523 driver? Has anyone heard anyone
>> > using this driver still?
>>
>> While I'm not using it regularly, the driver does still work in plain
>> v6.8.8 (and these Netgear WG111 and WG111T USB WLAN cards were quite
>> common), tested against a qcn5024 AP.
>>
>> I'm just preparing a new kernel build with the proposed patch applied.
>
> …and now the same with this patch applied:
>
> $ uname -r
> 6.9.0-rc5-gcc1380dd1882-dirty
>
> wireless-next-2024-04-24-2112-gcc1380dd1882 with
> https://patchwork.kernel.org/project/linux-wireless/patch/20240408121425.29392-1-n.zhandarovich@fintech.ru/raw/
> applied
>

[...]

> [   84.623413] wlx<MAC>: associated

Very nice, thanks for testing! I'm surprised that ar5523 still works :)
Kalle Valo April 30, 2024, 1:37 p.m. UTC | #6
Nikita Zhandarovich <n.zhandarovich@fintech.ru> wrote:

> Syzkaller reports [1] hitting a warning about an endpoint in use
> not having an expected type to it.
> 
> Fix the issue by checking for the existence of all proper
> endpoints with their according types intact.
> 
> Sadly, this patch has not been tested on real hardware.
> 
> [1] Syzkaller report:
> ------------[ cut here ]------------
> usb 1-1: BOGUS urb xfer, pipe 3 != type 1
> WARNING: CPU: 0 PID: 3643 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
> ...
> Call Trace:
>  <TASK>
>  ar5523_cmd+0x41b/0x780 drivers/net/wireless/ath/ar5523/ar5523.c:275
>  ar5523_cmd_read drivers/net/wireless/ath/ar5523/ar5523.c:302 [inline]
>  ar5523_host_available drivers/net/wireless/ath/ar5523/ar5523.c:1376 [inline]
>  ar5523_probe+0x14b0/0x1d10 drivers/net/wireless/ath/ar5523/ar5523.c:1655
>  usb_probe_interface+0x30f/0x7f0 drivers/usb/core/driver.c:396
>  call_driver_probe drivers/base/dd.c:560 [inline]
>  really_probe+0x249/0xb90 drivers/base/dd.c:639
>  __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
>  driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
>  __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
>  bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
>  __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
>  bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
>  device_add+0xbd9/0x1e90 drivers/base/core.c:3517
>  usb_set_configuration+0x101d/0x1900 drivers/usb/core/message.c:2170
>  usb_generic_driver_probe+0xbe/0x100 drivers/usb/core/generic.c:238
>  usb_probe_device+0xd8/0x2c0 drivers/usb/core/driver.c:293
>  call_driver_probe drivers/base/dd.c:560 [inline]
>  really_probe+0x249/0xb90 drivers/base/dd.c:639
>  __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
>  driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
>  __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
>  bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
>  __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
>  bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
>  device_add+0xbd9/0x1e90 drivers/base/core.c:3517
>  usb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573
>  hub_port_connect drivers/usb/core/hub.c:5353 [inline]
>  hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
>  port_event drivers/usb/core/hub.c:5653 [inline]
>  hub_event+0x26cb/0x45d0 drivers/usb/core/hub.c:5735
>  process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
>  worker_thread+0x669/0x1090 kernel/workqueue.c:2436
>  kthread+0x2e8/0x3a0 kernel/kthread.c:376
>  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
>  </TASK>
> 
> Reported-and-tested-by: syzbot+1bc2c2afd44f820a669f@syzkaller.appspotmail.com
> Fixes: b7d572e1871d ("ar5523: Add new driver")
> Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>

Patch applied to ath-next branch of ath.git, thanks.

e120b6388d7d wifi: ar5523: enable proper endpoint verification
diff mbox series

Patch

diff --git a/drivers/net/wireless/ath/ar5523/ar5523.c b/drivers/net/wireless/ath/ar5523/ar5523.c
index 815f8f599f5d..5a55db349cb5 100644
--- a/drivers/net/wireless/ath/ar5523/ar5523.c
+++ b/drivers/net/wireless/ath/ar5523/ar5523.c
@@ -1594,6 +1594,20 @@  static int ar5523_probe(struct usb_interface *intf,
 	struct ar5523 *ar;
 	int error = -ENOMEM;
 
+	static const u8 bulk_ep_addr[] = {
+		AR5523_CMD_TX_PIPE | USB_DIR_OUT,
+		AR5523_DATA_TX_PIPE | USB_DIR_OUT,
+		AR5523_CMD_RX_PIPE | USB_DIR_IN,
+		AR5523_DATA_RX_PIPE | USB_DIR_IN,
+		0};
+
+	if (!usb_check_bulk_endpoints(intf, bulk_ep_addr)) {
+		dev_err(&dev->dev,
+			"Could not find all expected endpoints\n");
+		error = -ENODEV;
+		goto out;
+	}
+
 	/*
 	 * Load firmware if the device requires it.  This will return
 	 * -ENXIO on success and we'll get called back afer the usb