tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'mac80211-for-net-2020-03-26' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211

Johannes Berg says:

====================
We have the following fixes:
* drop data packets if there's no key for them anymore, after
there had been one, to avoid sending them in clear when
hostapd removes the key before it removes the station and
the packets are still queued
* check port authorization again after dequeue, to avoid
sending packets if the station is no longer authorized
* actually remove the authorization flag before the key so
packets are also dropped properly because of this
* fix nl80211 control port packet tagging to handle them as
packets allowed to go out without encryption
* fix NL80211_ATTR_CHANNEL_WIDTH outgoing netlink attribute
width (should be 32 bits, not 8)
* don't WARN in a CSA scenario that happens on some APs
* fix HE spatial reuse element size calculation
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

David S. Miller 328f5bb9 f6bf1baf

options
unified split
Changed files
+62 -20
include
linux
ieee80211.h
net
mac80211
debugfs_sta.c
key.c
sta_info.c
sta_info.h
tx.c
wireless
nl80211.c
scan.c
+2 -2
include/linux/ieee80211.h
··· 2102 2102 { 2103 2103 struct ieee80211_he_spr *he_spr = (void *)he_spr_ie; 2104 2104 u8 spr_len = sizeof(struct ieee80211_he_spr); 2105 - u32 he_spr_params; 2105 + u8 he_spr_params; 2106 2106 2107 2107 /* Make sure the input is not NULL */ 2108 2108 if (!he_spr_ie) 2109 2109 return 0; 2110 2110 2111 2111 /* Calc required length */ 2112 - he_spr_params = le32_to_cpu(he_spr->he_sr_control); 2112 + he_spr_params = he_spr->he_sr_control; 2113 2113 if (he_spr_params & IEEE80211_HE_SPR_NON_SRG_OFFSET_PRESENT) 2114 2114 spr_len++; 2115 2115 if (he_spr_params & IEEE80211_HE_SPR_SRG_INFORMATION_PRESENT)
+2 -1
net/mac80211/debugfs_sta.c
··· 5 5 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net> 6 6 * Copyright 2013-2014 Intel Mobile Communications GmbH 7 7 * Copyright(c) 2016 Intel Deutschland GmbH 8 - * Copyright (C) 2018 - 2019 Intel Corporation 8 + * Copyright (C) 2018 - 2020 Intel Corporation 9 9 */ 10 10 11 11 #include <linux/debugfs.h> ··· 78 78 FLAG(MPSP_OWNER), 79 79 FLAG(MPSP_RECIPIENT), 80 80 FLAG(PS_DELIVER), 81 + FLAG(USES_ENCRYPTION), 81 82 #undef FLAG 82 83 }; 83 84
+12 -8
net/mac80211/key.c
··· 6 6 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net> 7 7 * Copyright 2013-2014 Intel Mobile Communications GmbH 8 8 * Copyright 2015-2017 Intel Deutschland GmbH 9 - * Copyright 2018-2019 Intel Corporation 9 + * Copyright 2018-2020 Intel Corporation 10 10 */ 11 11 12 12 #include <linux/if_ether.h> ··· 262 262 sta ? sta->sta.addr : bcast_addr, ret); 263 263 } 264 264 265 - int ieee80211_set_tx_key(struct ieee80211_key *key) 265 + static int _ieee80211_set_tx_key(struct ieee80211_key *key, bool force) 266 266 { 267 267 struct sta_info *sta = key->sta; 268 268 struct ieee80211_local *local = key->local; 269 269 270 270 assert_key_lock(local); 271 271 272 + set_sta_flag(sta, WLAN_STA_USES_ENCRYPTION); 273 + 272 274 sta->ptk_idx = key->conf.keyidx; 273 275 274 - if (!ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT)) 276 + if (force || !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT)) 275 277 clear_sta_flag(sta, WLAN_STA_BLOCK_BA); 276 278 ieee80211_check_fast_xmit(sta); 277 279 278 280 return 0; 281 + } 282 + 283 + int ieee80211_set_tx_key(struct ieee80211_key *key) 284 + { 285 + return _ieee80211_set_tx_key(key, false); 279 286 } 280 287 281 288 static void ieee80211_pairwise_rekey(struct ieee80211_key *old, ··· 448 441 if (pairwise) { 449 442 rcu_assign_pointer(sta->ptk[idx], new); 450 443 if (new && 451 - !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX)) { 452 - sta->ptk_idx = idx; 453 - clear_sta_flag(sta, WLAN_STA_BLOCK_BA); 454 - ieee80211_check_fast_xmit(sta); 455 - } 444 + !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX)) 445 + _ieee80211_set_tx_key(new, true); 456 446 } else { 457 447 rcu_assign_pointer(sta->gtk[idx], new); 458 448 }
+6 -1
net/mac80211/sta_info.c
··· 4 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 5 5 * Copyright 2013-2014 Intel Mobile Communications GmbH 6 6 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH 7 - * Copyright (C) 2018-2019 Intel Corporation 7 + * Copyright (C) 2018-2020 Intel Corporation 8 8 */ 9 9 10 10 #include <linux/module.h> ··· 1048 1048 1049 1049 might_sleep(); 1050 1050 lockdep_assert_held(&local->sta_mtx); 1051 + 1052 + while (sta->sta_state == IEEE80211_STA_AUTHORIZED) { 1053 + ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 1054 + WARN_ON_ONCE(ret); 1055 + } 1051 1056 1052 1057 /* now keys can no longer be reached */ 1053 1058 ieee80211_free_sta_keys(local, sta);
+1
net/mac80211/sta_info.h
··· 98 98 WLAN_STA_MPSP_OWNER, 99 99 WLAN_STA_MPSP_RECIPIENT, 100 100 WLAN_STA_PS_DELIVER, 101 + WLAN_STA_USES_ENCRYPTION, 101 102 102 103 NUM_WLAN_STA_FLAGS, 103 104 };
+33 -6
net/mac80211/tx.c
··· 5 5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 6 6 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net> 7 7 * Copyright 2013-2014 Intel Mobile Communications GmbH 8 - * Copyright (C) 2018 Intel Corporation 8 + * Copyright (C) 2018, 2020 Intel Corporation 9 9 * 10 10 * Transmit and frame generation functions. 11 11 */ ··· 590 590 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); 591 591 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data; 592 592 593 - if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) 593 + if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) { 594 594 tx->key = NULL; 595 - else if (tx->sta && 596 - (key = rcu_dereference(tx->sta->ptk[tx->sta->ptk_idx]))) 595 + return TX_CONTINUE; 596 + } 597 + 598 + if (tx->sta && 599 + (key = rcu_dereference(tx->sta->ptk[tx->sta->ptk_idx]))) 597 600 tx->key = key; 598 601 else if (ieee80211_is_group_privacy_action(tx->skb) && 599 602 (key = rcu_dereference(tx->sdata->default_multicast_key))) ··· 657 654 if (!skip_hw && tx->key && 658 655 tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) 659 656 info->control.hw_key = &tx->key->conf; 657 + } else if (!ieee80211_is_mgmt(hdr->frame_control) && tx->sta && 658 + test_sta_flag(tx->sta, WLAN_STA_USES_ENCRYPTION)) { 659 + return TX_DROP; 660 660 } 661 661 662 662 return TX_CONTINUE; ··· 3604 3598 tx.skb = skb; 3605 3599 tx.sdata = vif_to_sdata(info->control.vif); 3606 3600 3607 - if (txq->sta) 3601 + if (txq->sta) { 3608 3602 tx.sta = container_of(txq->sta, struct sta_info, sta); 3603 + /* 3604 + * Drop unicast frames to unauthorised stations unless they are 3605 + * EAPOL frames from the local station. 3606 + */ 3607 + if (unlikely(!ieee80211_vif_is_mesh(&tx.sdata->vif) && 3608 + tx.sdata->vif.type != NL80211_IFTYPE_OCB && 3609 + !is_multicast_ether_addr(hdr->addr1) && 3610 + !test_sta_flag(tx.sta, WLAN_STA_AUTHORIZED) && 3611 + (!(info->control.flags & 3612 + IEEE80211_TX_CTRL_PORT_CTRL_PROTO) || 3613 + !ether_addr_equal(tx.sdata->vif.addr, 3614 + hdr->addr2)))) { 3615 + I802_DEBUG_INC(local->tx_handlers_drop_unauth_port); 3616 + ieee80211_free_txskb(&local->hw, skb); 3617 + goto begin; 3618 + } 3619 + } 3609 3620 3610 3621 /* 3611 3622 * The key can be removed while the packet was queued, so need to call ··· 5149 5126 struct ieee80211_local *local = sdata->local; 5150 5127 struct sk_buff *skb; 5151 5128 struct ethhdr *ehdr; 5129 + u32 ctrl_flags = 0; 5152 5130 u32 flags; 5153 5131 5154 5132 /* Only accept CONTROL_PORT_PROTOCOL configured in CONNECT/ASSOCIATE ··· 5158 5134 if (proto != sdata->control_port_protocol && 5159 5135 proto != cpu_to_be16(ETH_P_PREAUTH)) 5160 5136 return -EINVAL; 5137 + 5138 + if (proto == sdata->control_port_protocol) 5139 + ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO; 5161 5140 5162 5141 if (unencrypted) 5163 5142 flags = IEEE80211_TX_INTFL_DONT_ENCRYPT; ··· 5187 5160 skb_reset_mac_header(skb); 5188 5161 5189 5162 local_bh_disable(); 5190 - __ieee80211_subif_start_xmit(skb, skb->dev, flags, 0); 5163 + __ieee80211_subif_start_xmit(skb, skb->dev, flags, ctrl_flags); 5191 5164 local_bh_enable(); 5192 5165 5193 5166 return 0;
+1 -1
net/wireless/nl80211.c
··· 16416 16416 goto nla_put_failure; 16417 16417 16418 16418 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) && 16419 - nla_put_u8(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw)) 16419 + nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw)) 16420 16420 goto nla_put_failure; 16421 16421 16422 16422 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
+5 -1
net/wireless/scan.c
··· 2022 2022 2023 2023 spin_lock_bh(&rdev->bss_lock); 2024 2024 2025 - if (WARN_ON(cbss->pub.channel == chan)) 2025 + /* 2026 + * Some APs use CSA also for bandwidth changes, i.e., without actually 2027 + * changing the control channel, so no need to update in such a case. 2028 + */ 2029 + if (cbss->pub.channel == chan) 2026 2030 goto done; 2027 2031 2028 2032 /* use transmitting bss */