mac80211: add ieee80211_is_any_nullfunc()

commit 30b2f0be23fb40e58d0ad2caf8702c2a44cda2e1 upstream.

commit 08a5bdde3812 ("mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED")
Fixed a bug where we failed to take into account a
nullfunc frame can be either non-QoS or QoS. It turns out
there is at least one more bug in
ieee80211_sta_tx_notify(), introduced in
commit 7b6ddeaf27ec ("mac80211: use QoS NDP for AP probing"),
where we forgot to check for the QoS variant and so
assumed the QoS nullfunc frame never went out

Fix this by adding a helper ieee80211_is_any_nullfunc()
which consolidates the check for non-QoS and QoS nullfunc
frames. Replace existing compound conditionals and add a
couple more missing checks for QoS variant.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Link: https://lore.kernel.org/r/20200114055940.18502-3-thomas@adapt-ip.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 149a7a6687e9e1dddf6f0700da730faaa824c013..e7a278ca1fde29b8e644df7de02b82ab797201b6 100644 (file)
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -606,6 +606,15 @@ static inline bool ieee80211_is_qos_nullfunc(__le16 fc)
               cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_QOS_NULLFUNC);
 }
 
+/**
+ * ieee80211_is_any_nullfunc - check if frame is regular or QoS nullfunc frame
+ * @fc: frame control bytes in little-endian byteorder
+ */
+static inline bool ieee80211_is_any_nullfunc(__le16 fc)
+{
+       return (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc));
+}
+
 /**
  * ieee80211_is_bufferable_mmpdu - check if frame is bufferable MMPDU
  * @fc: frame control field in little-endian byteorder

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 031fbfd36d58d8eb27bd8f1b5fb4fed42bac2cfe..4ab78bc6c2ca55d643c3b0f40ed143f1918c20c8 100644 (file)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -2283,7 +2283,7 @@ void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
        if (!ieee80211_is_data(hdr->frame_control))
            return;
 
-       if (ieee80211_is_nullfunc(hdr->frame_control) &&
+       if (ieee80211_is_any_nullfunc(hdr->frame_control) &&
            sdata->u.mgd.probe_send_count > 0) {
                if (ack)
                        ieee80211_sta_reset_conn_monitor(sdata);

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 2b7975c4dac7bc5338627605418f9b8b7a7725e1..a74a6ff18f919423a7db682dcf5ca366cc5dfc41 100644 (file)
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1110,8 +1110,7 @@ ieee80211_rx_h_check_dup(struct ieee80211_rx_data *rx)
                return RX_CONTINUE;
 
        if (ieee80211_is_ctl(hdr->frame_control) ||
-           ieee80211_is_nullfunc(hdr->frame_control) ||
-           ieee80211_is_qos_nullfunc(hdr->frame_control) ||
+           ieee80211_is_any_nullfunc(hdr->frame_control) ||
            is_multicast_ether_addr(hdr->addr1))
                return RX_CONTINUE;
 
@@ -1487,8 +1486,7 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
         * Drop (qos-)data::nullfunc frames silently, since they
         * are used only to control station power saving mode.
         */
-       if (ieee80211_is_nullfunc(hdr->frame_control) ||
-           ieee80211_is_qos_nullfunc(hdr->frame_control)) {
+       if (ieee80211_is_any_nullfunc(hdr->frame_control)) {
                I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
 
                /*
@@ -1977,7 +1975,7 @@ static int ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
 
        /* Drop unencrypted frames if key is set. */
        if (unlikely(!ieee80211_has_protected(fc) &&
-                    !ieee80211_is_nullfunc(fc) &&
+                    !ieee80211_is_any_nullfunc(fc) &&
                     ieee80211_is_data(fc) && rx->key))
                return -EACCES;
 

diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index d221300e59e5bf3b3089489202ca18f809518f24..618479e0d64837b9c5acb0a26191afde21a6eba4 100644 (file)
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -474,8 +474,7 @@ static void ieee80211_report_ack_skb(struct ieee80211_local *local,
                rcu_read_lock();
                sdata = ieee80211_sdata_from_skb(local, skb);
                if (sdata) {
-                       if (ieee80211_is_nullfunc(hdr->frame_control) ||
-                           ieee80211_is_qos_nullfunc(hdr->frame_control))
+                       if (ieee80211_is_any_nullfunc(hdr->frame_control))
                                cfg80211_probe_status(sdata->dev, hdr->addr1,
                                                      cookie, acked,
                                                      GFP_ATOMIC);
@@ -905,7 +904,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
                        I802_DEBUG_INC(local->dot11FailedCount);
        }
 
-       if (ieee80211_is_nullfunc(fc) && ieee80211_has_pm(fc) &&
+       if (ieee80211_is_any_nullfunc(fc) && ieee80211_has_pm(fc) &&
            ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
            !(info->flags & IEEE80211_TX_CTL_INJECTED) &&
            local->ps_sdata && !(local->scanning)) {

diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 41f3eb565ef3991cb019979cbf8e67dd1f5ad524..98c34c3adf392b1870bfe66f2757757bdb3865e4 100644 (file)
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -291,7 +291,7 @@ ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
        if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) &&
            test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) &&
            !ieee80211_is_probe_req(hdr->frame_control) &&
-           !ieee80211_is_nullfunc(hdr->frame_control))
+           !ieee80211_is_any_nullfunc(hdr->frame_control))
                /*
                 * When software scanning only nullfunc frames (to notify
                 * the sleep state to the AP) and probe requests (for the