Some last-minute fixes:

* rfkill
    - add missing rfill_soft_blocked() when disabled
 
  * cfg80211
    - handle a nla_memdup() failure correctly
    - fix CONFIG_CFG80211_EXTRA_REGDB_KEYDIR typo in
      Makefile
 
  * mac80211
    - fix EAPOL handling in 802.3 RX path
    - reject setting up aggregation sessions before
      connection is authorized to avoid timeouts or
      similar
    - handle some SAE authentication steps correctly
    - fix AC selection in mesh forwarding
 
  * iwlwifi
    - remove TWT support as it causes firmware crashes
      when the AP isn't behaving correctly
    - check debugfs pointer before dereferncing it
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEH1e1rEeCd0AIMq6MB8qZga/fl8QFAmIeHPcACgkQB8qZga/f
 l8QwBQ//QAXCzemdYF6PpeIvrjOdNU+lJ+ajX/bYyk+pzpW6BRJRUM/MocN+vhUH
 scDCE4Ve8I7Xqx+H6zFOm0Wr2M3qqnzJwMni/4qeQw7mV8msFw4SY2XqaE9nMXkV
 dhVYgrbrmluevBCXCm/rCu9JpWe08A5nH1IycVGJXHbxdMgvifPPHm0/gHBiEvJh
 16itDwJZcqUWZj3DswMe011HMrJubfL6wSfbGdmMgeOdRAkWJHu/bKBLrOM/sveL
 QfPx5RL6MIHcWRLwtLDdDYRTuI1DmhcGWKXOK+BlYtL1vj/zsp8EXCPzTN3uxQw0
 ld58G5pMU16o3iLpwuRlJAUWfQKE6qV1c4obiYZPLzkWpQCWJRrtjd+U4eR0Oewz
 IoQr1NYd6kFB8MFqa8xKY5JMiuEYsABWWho9udkODoaLS4Ege1J4bI7sub33ifER
 qnBE7TB+XO01a+Ys5GOWwEgO6d3t1lEW/mVVLsxdjq3qV1PpWE3ExYnXJEKd6guj
 oU4nDdtaV0AII6ByoB/uxPobqpyAEky8TDd4c2i9Z7qCs8z0O+J9kvTD5jtrGv//
 g4F/6KZ2aQAKYba9CuAoP91VLiiAC4bhagitDFx5mtVaCSj1wdcaz+PVfzYtPxAb
 Ll7HDBqCjC8jfoJx6FoVbaa8xk1rCM9sjr/EGun7iNW9Y4N9Ocg=
 =Q7qF
 -----END PGP SIGNATURE-----

Merge tag 'wireless-for-net-2022-03-01' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless

johannes Berg says:

====================

Some last-minute fixes:
 * rfkill
   - add missing rfill_soft_blocked() when disabled

 * cfg80211
   - handle a nla_memdup() failure correctly
   - fix CONFIG_CFG80211_EXTRA_REGDB_KEYDIR typo in
     Makefile

 * mac80211
   - fix EAPOL handling in 802.3 RX path
   - reject setting up aggregation sessions before
     connection is authorized to avoid timeouts or
     similar
   - handle some SAE authentication steps correctly
   - fix AC selection in mesh forwarding

 * iwlwifi
   - remove TWT support as it causes firmware crashes
     when the AP isn't behaving correctly
   - check debugfs pointer before dereferncing it
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2022-03-01 14:45:55 +00:00
commit b8d06ce712
10 changed files with 54 additions and 22 deletions

View File

@ -553,8 +553,7 @@ static const struct ieee80211_sband_iftype_data iwl_he_capa[] = {
.has_he = true, .has_he = true,
.he_cap_elem = { .he_cap_elem = {
.mac_cap_info[0] = .mac_cap_info[0] =
IEEE80211_HE_MAC_CAP0_HTC_HE | IEEE80211_HE_MAC_CAP0_HTC_HE,
IEEE80211_HE_MAC_CAP0_TWT_REQ,
.mac_cap_info[1] = .mac_cap_info[1] =
IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_16US | IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_16US |
IEEE80211_HE_MAC_CAP1_MULTI_TID_AGG_RX_QOS_8, IEEE80211_HE_MAC_CAP1_MULTI_TID_AGG_RX_QOS_8,

View File

@ -5,6 +5,7 @@
* Copyright (C) 2016-2017 Intel Deutschland GmbH * Copyright (C) 2016-2017 Intel Deutschland GmbH
*/ */
#include <linux/vmalloc.h> #include <linux/vmalloc.h>
#include <linux/err.h>
#include <linux/ieee80211.h> #include <linux/ieee80211.h>
#include <linux/netdevice.h> #include <linux/netdevice.h>
@ -1857,7 +1858,6 @@ void iwl_mvm_sta_add_debugfs(struct ieee80211_hw *hw,
void iwl_mvm_dbgfs_register(struct iwl_mvm *mvm) void iwl_mvm_dbgfs_register(struct iwl_mvm *mvm)
{ {
struct dentry *bcast_dir __maybe_unused; struct dentry *bcast_dir __maybe_unused;
char buf[100];
spin_lock_init(&mvm->drv_stats_lock); spin_lock_init(&mvm->drv_stats_lock);
@ -1939,6 +1939,11 @@ void iwl_mvm_dbgfs_register(struct iwl_mvm *mvm)
* Create a symlink with mac80211. It will be removed when mac80211 * Create a symlink with mac80211. It will be removed when mac80211
* exists (before the opmode exists which removes the target.) * exists (before the opmode exists which removes the target.)
*/ */
snprintf(buf, 100, "../../%pd2", mvm->debugfs_dir->d_parent); if (!IS_ERR(mvm->debugfs_dir)) {
debugfs_create_symlink("iwlwifi", mvm->hw->wiphy->debugfsdir, buf); char buf[100];
snprintf(buf, 100, "../../%pd2", mvm->debugfs_dir->d_parent);
debugfs_create_symlink("iwlwifi", mvm->hw->wiphy->debugfsdir,
buf);
}
} }

View File

@ -226,7 +226,6 @@ static const u8 he_if_types_ext_capa_sta[] = {
[0] = WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING, [0] = WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING,
[2] = WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT, [2] = WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT,
[7] = WLAN_EXT_CAPA8_OPMODE_NOTIF, [7] = WLAN_EXT_CAPA8_OPMODE_NOTIF,
[9] = WLAN_EXT_CAPA10_TWT_REQUESTER_SUPPORT,
}; };
static const struct wiphy_iftype_ext_capab he_iftypes_ext_capa[] = { static const struct wiphy_iftype_ext_capab he_iftypes_ext_capa[] = {

View File

@ -308,6 +308,11 @@ static inline bool rfkill_blocked(struct rfkill *rfkill)
return false; return false;
} }
static inline bool rfkill_soft_blocked(struct rfkill *rfkill)
{
return false;
}
static inline enum rfkill_type rfkill_find_type(const char *name) static inline enum rfkill_type rfkill_find_type(const char *name)
{ {
return RFKILL_TYPE_ALL; return RFKILL_TYPE_ALL;

View File

@ -9,7 +9,7 @@
* Copyright 2007, Michael Wu <flamingice@sourmilk.net> * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
* Copyright 2007-2010, Intel Corporation * Copyright 2007-2010, Intel Corporation
* Copyright(c) 2015-2017 Intel Deutschland GmbH * Copyright(c) 2015-2017 Intel Deutschland GmbH
* Copyright (C) 2018 - 2021 Intel Corporation * Copyright (C) 2018 - 2022 Intel Corporation
*/ */
#include <linux/ieee80211.h> #include <linux/ieee80211.h>
@ -626,6 +626,14 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
return -EINVAL; return -EINVAL;
} }
if (test_sta_flag(sta, WLAN_STA_MFP) &&
!test_sta_flag(sta, WLAN_STA_AUTHORIZED)) {
ht_dbg(sdata,
"MFP STA not authorized - deny BA session request %pM tid %d\n",
sta->sta.addr, tid);
return -EINVAL;
}
/* /*
* 802.11n-2009 11.5.1.1: If the initiating STA is an HT STA, is a * 802.11n-2009 11.5.1.1: If the initiating STA is an HT STA, is a
* member of an IBSS, and has no other existing Block Ack agreement * member of an IBSS, and has no other existing Block Ack agreement

View File

@ -376,7 +376,7 @@ struct ieee80211_mgd_auth_data {
u8 key[WLAN_KEY_LEN_WEP104]; u8 key[WLAN_KEY_LEN_WEP104];
u8 key_len, key_idx; u8 key_len, key_idx;
bool done; bool done, waiting;
bool peer_confirmed; bool peer_confirmed;
bool timeout_started; bool timeout_started;

View File

@ -37,6 +37,7 @@
#define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2) #define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2)
#define IEEE80211_AUTH_MAX_TRIES 3 #define IEEE80211_AUTH_MAX_TRIES 3
#define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
#define IEEE80211_AUTH_WAIT_SAE_RETRY (HZ * 2)
#define IEEE80211_ASSOC_TIMEOUT (HZ / 5) #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
#define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
#define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
@ -3011,8 +3012,15 @@ static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
(status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED || (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED ||
(auth_transaction == 1 && (auth_transaction == 1 &&
(status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT || (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
status_code == WLAN_STATUS_SAE_PK)))) status_code == WLAN_STATUS_SAE_PK)))) {
/* waiting for userspace now */
ifmgd->auth_data->waiting = true;
ifmgd->auth_data->timeout =
jiffies + IEEE80211_AUTH_WAIT_SAE_RETRY;
ifmgd->auth_data->timeout_started = true;
run_again(sdata, ifmgd->auth_data->timeout);
goto notify_driver; goto notify_driver;
}
sdata_info(sdata, "%pM denied authentication (status %d)\n", sdata_info(sdata, "%pM denied authentication (status %d)\n",
mgmt->sa, status_code); mgmt->sa, status_code);
@ -4603,10 +4611,10 @@ void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
time_after(jiffies, ifmgd->auth_data->timeout)) { time_after(jiffies, ifmgd->auth_data->timeout)) {
if (ifmgd->auth_data->done) { if (ifmgd->auth_data->done || ifmgd->auth_data->waiting) {
/* /*
* ok ... we waited for assoc but userspace didn't, * ok ... we waited for assoc or continuation but
* so let's just kill the auth data * userspace didn't do it, so kill the auth data
*/ */
ieee80211_destroy_auth_data(sdata, false); ieee80211_destroy_auth_data(sdata, false);
} else if (ieee80211_auth(sdata)) { } else if (ieee80211_auth(sdata)) {

View File

@ -2607,7 +2607,8 @@ static void ieee80211_deliver_skb_to_local_stack(struct sk_buff *skb,
* address, so that the authenticator (e.g. hostapd) will see * address, so that the authenticator (e.g. hostapd) will see
* the frame, but bridge won't forward it anywhere else. Note * the frame, but bridge won't forward it anywhere else. Note
* that due to earlier filtering, the only other address can * that due to earlier filtering, the only other address can
* be the PAE group address. * be the PAE group address, unless the hardware allowed them
* through in 802.3 offloaded mode.
*/ */
if (unlikely(skb->protocol == sdata->control_port_protocol && if (unlikely(skb->protocol == sdata->control_port_protocol &&
!ether_addr_equal(ehdr->h_dest, sdata->vif.addr))) !ether_addr_equal(ehdr->h_dest, sdata->vif.addr)))
@ -2922,13 +2923,13 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
ether_addr_equal(sdata->vif.addr, hdr->addr3)) ether_addr_equal(sdata->vif.addr, hdr->addr3))
return RX_CONTINUE; return RX_CONTINUE;
ac = ieee80211_select_queue_80211(sdata, skb, hdr); ac = ieee802_1d_to_ac[skb->priority];
q = sdata->vif.hw_queue[ac]; q = sdata->vif.hw_queue[ac];
if (ieee80211_queue_stopped(&local->hw, q)) { if (ieee80211_queue_stopped(&local->hw, q)) {
IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_congestion); IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_congestion);
return RX_DROP_MONITOR; return RX_DROP_MONITOR;
} }
skb_set_queue_mapping(skb, q); skb_set_queue_mapping(skb, ac);
if (!--mesh_hdr->ttl) { if (!--mesh_hdr->ttl) {
if (!is_multicast_ether_addr(hdr->addr1)) if (!is_multicast_ether_addr(hdr->addr1))
@ -4514,12 +4515,7 @@ static void ieee80211_rx_8023(struct ieee80211_rx_data *rx,
/* deliver to local stack */ /* deliver to local stack */
skb->protocol = eth_type_trans(skb, fast_rx->dev); skb->protocol = eth_type_trans(skb, fast_rx->dev);
memset(skb->cb, 0, sizeof(skb->cb)); ieee80211_deliver_skb_to_local_stack(skb, rx);
if (rx->list)
list_add_tail(&skb->list, rx->list);
else
netif_receive_skb(skb);
} }
static bool ieee80211_invoke_fast_rx(struct ieee80211_rx_data *rx, static bool ieee80211_invoke_fast_rx(struct ieee80211_rx_data *rx,

View File

@ -33,7 +33,7 @@ $(obj)/shipped-certs.c: $(wildcard $(srctree)/$(src)/certs/*.hex)
echo 'unsigned int shipped_regdb_certs_len = sizeof(shipped_regdb_certs);'; \ echo 'unsigned int shipped_regdb_certs_len = sizeof(shipped_regdb_certs);'; \
) > $@ ) > $@
$(obj)/extra-certs.c: $(CONFIG_CFG80211_EXTRA_REGDB_KEYDI) \ $(obj)/extra-certs.c: $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR) \
$(wildcard $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR)/*.x509) $(wildcard $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR)/*.x509)
@$(kecho) " GEN $@" @$(kecho) " GEN $@"
$(Q)(set -e; \ $(Q)(set -e; \

View File

@ -13411,6 +13411,9 @@ static int handle_nan_filter(struct nlattr *attr_filter,
i = 0; i = 0;
nla_for_each_nested(attr, attr_filter, rem) { nla_for_each_nested(attr, attr_filter, rem) {
filter[i].filter = nla_memdup(attr, GFP_KERNEL); filter[i].filter = nla_memdup(attr, GFP_KERNEL);
if (!filter[i].filter)
goto err;
filter[i].len = nla_len(attr); filter[i].len = nla_len(attr);
i++; i++;
} }
@ -13423,6 +13426,15 @@ static int handle_nan_filter(struct nlattr *attr_filter,
} }
return 0; return 0;
err:
i = 0;
nla_for_each_nested(attr, attr_filter, rem) {
kfree(filter[i].filter);
i++;
}
kfree(filter);
return -ENOMEM;
} }
static int nl80211_nan_add_func(struct sk_buff *skb, static int nl80211_nan_add_func(struct sk_buff *skb,