releases/4.9.132/mac80211-don-t-tx-a-deauth-frame-if-the-ap-forbade-tx.patch

   1 From foo@baz Thu Oct  4 12:38:43 PDT 2018
   2 From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
   3 Date: Fri, 31 Aug 2018 11:31:12 +0300
   4 Subject: mac80211: don't Tx a deauth frame if the AP forbade Tx
   5
   6 From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
   7
   8 [ Upstream commit 6c18b27d6e5c6a7206364eae2b47bc8d8b2fa68f ]
   9
  10 If the driver fails to properly prepare for the channel
  11 switch, mac80211 will disconnect. If the CSA IE had mode
  12 set to 1, it means that the clients are not allowed to send
  13 any Tx on the current channel, and that includes the
  14 deauthentication frame.
  15
  16 Make sure that we don't send the deauthentication frame in
  17 this case.
  18
  19 In iwlwifi, this caused a failure to flush queues since the
  20 firmware already closed the queues after having parsed the
  21 CSA IE. Then mac80211 would wait until the deauthentication
  22 frame would go out (drv_flush(drop=false)) and that would
  23 never happen.
  24
  25 Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
  26 Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
  27 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  28 Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
  29 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  30 ---
  31  net/mac80211/mlme.c |   17 +++++++++++++++--
  32  1 file changed, 15 insertions(+), 2 deletions(-)
  33
  34 --- a/net/mac80211/mlme.c
  35 +++ b/net/mac80211/mlme.c
  36 @@ -1282,6 +1282,16 @@ ieee80211_sta_process_chanswitch(struct
  37                                          cbss->beacon_interval));
  38         return;
  39   drop_connection:
  40 +       /*
  41 +        * This is just so that the disconnect flow will know that
  42 +        * we were trying to switch channel and failed. In case the
  43 +        * mode is 1 (we are not allowed to Tx), we will know not to
  44 +        * send a deauthentication frame. Those two fields will be
  45 +        * reset when the disconnection worker runs.
  46 +        */
  47 +       sdata->vif.csa_active = true;
  48 +       sdata->csa_block_tx = csa_ie.mode;
  49 +
  50         ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work);
  51         mutex_unlock(&local->chanctx_mtx);
  52         mutex_unlock(&local->mtx);
  53 @@ -2454,6 +2464,7 @@ static void __ieee80211_disconnect(struc
  54         struct ieee80211_local *local = sdata->local;
  55         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
  56         u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
  57 +       bool tx;
  58
  59         sdata_lock(sdata);
  60         if (!ifmgd->associated) {
  61 @@ -2461,6 +2472,8 @@ static void __ieee80211_disconnect(struc
  62                 return;
  63         }
  64
  65 +       tx = !sdata->csa_block_tx;
  66 +
  67         /* AP is probably out of range (or not reachable for another reason) so
  68          * remove the bss struct for that AP.
  69          */
  70 @@ -2468,7 +2481,7 @@ static void __ieee80211_disconnect(struc
  71
  72         ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
  73                                WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
  74 -                              true, frame_buf);
  75 +                              tx, frame_buf);
  76         mutex_lock(&local->mtx);
  77         sdata->vif.csa_active = false;
  78         ifmgd->csa_waiting_bcn = false;
  79 @@ -2479,7 +2492,7 @@ static void __ieee80211_disconnect(struc
  80         }
  81         mutex_unlock(&local->mtx);
  82
  83 -       ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
  84 +       ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
  85                                     WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
  86
  87         sdata_unlock(sdata);