From: Greg Kroah-Hartman Date: Mon, 5 Nov 2012 13:50:16 +0000 (+0100) Subject: 3.0-stable patches X-Git-Tag: v3.0.52~43 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=70d8f50c632ee47c369049d71d5c96ca6dfb7cf6;p=thirdparty%2Fkernel%2Fstable-queue.git 3.0-stable patches added patches: cfg80211-fix-antenna-gain-handling.patch mac80211-don-t-inspect-sequence-control-field-on-control-frames.patch wireless-drop-invalid-mesh-address-extension-frames.patch --- diff --git a/queue-3.0/cfg80211-fix-antenna-gain-handling.patch b/queue-3.0/cfg80211-fix-antenna-gain-handling.patch new file mode 100644 index 00000000000..ead178d8980 --- /dev/null +++ b/queue-3.0/cfg80211-fix-antenna-gain-handling.patch @@ -0,0 +1,39 @@ +From c4a9fafc77a5318f5ed26c509bbcddf03e18c201 Mon Sep 17 00:00:00 2001 +From: Felix Fietkau +Date: Wed, 17 Oct 2012 13:56:19 +0200 +Subject: cfg80211: fix antenna gain handling + +From: Felix Fietkau + +commit c4a9fafc77a5318f5ed26c509bbcddf03e18c201 upstream. + +No driver initializes chan->max_antenna_gain to something sensible, and +the only place where it is being used right now is inside ath9k. This +leads to ath9k potentially using less tx power than it can use, which can +decrease performance/range in some rare cases. + +Rather than going through every single driver, this patch initializes +chan->orig_mag in wiphy_register(), ignoring whatever value the driver +left in there. If a driver for some reason wishes to limit it independent +from regulatory rulesets, it can do so internally. + +Signed-off-by: Felix Fietkau +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/core.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/net/wireless/core.c ++++ b/net/wireless/core.c +@@ -544,8 +544,7 @@ int wiphy_register(struct wiphy *wiphy) + for (i = 0; i < sband->n_channels; i++) { + sband->channels[i].orig_flags = + sband->channels[i].flags; +- sband->channels[i].orig_mag = +- sband->channels[i].max_antenna_gain; ++ sband->channels[i].orig_mag = INT_MAX; + sband->channels[i].orig_mpwr = + sband->channels[i].max_power; + sband->channels[i].band = band; diff --git a/queue-3.0/mac80211-don-t-inspect-sequence-control-field-on-control-frames.patch b/queue-3.0/mac80211-don-t-inspect-sequence-control-field-on-control-frames.patch new file mode 100644 index 00000000000..2a3ca320f96 --- /dev/null +++ b/queue-3.0/mac80211-don-t-inspect-sequence-control-field-on-control-frames.patch @@ -0,0 +1,35 @@ +From f7fbf70ee9db6da6033ae50d100e017ac1f26555 Mon Sep 17 00:00:00 2001 +From: Javier Cardona +Date: Thu, 25 Oct 2012 11:10:18 -0700 +Subject: mac80211: don't inspect Sequence Control field on control frames + +From: Javier Cardona + +commit f7fbf70ee9db6da6033ae50d100e017ac1f26555 upstream. + +Per IEEE Std. 802.11-2012, Sec 8.2.4.4.1, the sequence Control field is +not present in control frames. We noticed this problem when processing +Block Ack Requests. + +Signed-off-by: Javier Cardona +Signed-off-by: Javier Lopez +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/mac80211/rx.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -1352,6 +1352,10 @@ ieee80211_rx_h_defragment(struct ieee802 + + hdr = (struct ieee80211_hdr *)rx->skb->data; + fc = hdr->frame_control; ++ ++ if (ieee80211_is_ctl(fc)) ++ return RX_CONTINUE; ++ + sc = le16_to_cpu(hdr->seq_ctrl); + frag = sc & IEEE80211_SCTL_FRAG; + diff --git a/queue-3.0/series b/queue-3.0/series index a6508f0d511..28a3ece3b00 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -1,3 +1,6 @@ ath9k-fix-stale-pointers-potentially-causing-access-to-free-d-skbs.patch rt2800-validate-step-value-for-temperature-compensation.patch target-don-t-return-success-from-module_init-if-setup-fails.patch +cfg80211-fix-antenna-gain-handling.patch +wireless-drop-invalid-mesh-address-extension-frames.patch +mac80211-don-t-inspect-sequence-control-field-on-control-frames.patch diff --git a/queue-3.0/wireless-drop-invalid-mesh-address-extension-frames.patch b/queue-3.0/wireless-drop-invalid-mesh-address-extension-frames.patch new file mode 100644 index 00000000000..3b16a4b2295 --- /dev/null +++ b/queue-3.0/wireless-drop-invalid-mesh-address-extension-frames.patch @@ -0,0 +1,63 @@ +From 7dd111e8ee10cc6816669eabcad3334447673236 Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Thu, 25 Oct 2012 21:51:59 +0200 +Subject: wireless: drop invalid mesh address extension frames + +From: Johannes Berg + +commit 7dd111e8ee10cc6816669eabcad3334447673236 upstream. + +The mesh header can have address extension by a 4th +or a 5th and 6th address, but never both. Drop such +frames in 802.11 -> 802.3 conversion along with any +frames that have the wrong extension. + +Reviewed-by: Javier Cardona +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/util.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +--- a/net/wireless/util.c ++++ b/net/wireless/util.c +@@ -298,18 +298,15 @@ EXPORT_SYMBOL(ieee80211_get_hdrlen_from_ + static int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr) + { + int ae = meshhdr->flags & MESH_FLAGS_AE; +- /* 7.1.3.5a.2 */ ++ /* 802.11-2012, 8.2.4.7.3 */ + switch (ae) { ++ default: + case 0: + return 6; + case MESH_FLAGS_AE_A4: + return 12; + case MESH_FLAGS_AE_A5_A6: + return 18; +- case (MESH_FLAGS_AE_A4 | MESH_FLAGS_AE_A5_A6): +- return 24; +- default: +- return 6; + } + } + +@@ -359,6 +356,8 @@ int ieee80211_data_to_8023(struct sk_buf + /* make sure meshdr->flags is on the linear part */ + if (!pskb_may_pull(skb, hdrlen + 1)) + return -1; ++ if (meshdr->flags & MESH_FLAGS_AE_A4) ++ return -1; + if (meshdr->flags & MESH_FLAGS_AE_A5_A6) { + skb_copy_bits(skb, hdrlen + + offsetof(struct ieee80211s_hdr, eaddr1), +@@ -383,6 +382,8 @@ int ieee80211_data_to_8023(struct sk_buf + /* make sure meshdr->flags is on the linear part */ + if (!pskb_may_pull(skb, hdrlen + 1)) + return -1; ++ if (meshdr->flags & MESH_FLAGS_AE_A5_A6) ++ return -1; + if (meshdr->flags & MESH_FLAGS_AE_A4) + skb_copy_bits(skb, hdrlen + + offsetof(struct ieee80211s_hdr, eaddr1),