From: Greg Kroah-Hartman Date: Fri, 8 May 2020 11:22:46 +0000 (+0200) Subject: 4.9-stable patches X-Git-Tag: v4.4.223~11 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a67b2311a958adb4e0df6ede43416f7f23dd943d;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: mac80211-add-ieee80211_is_any_nullfunc.patch --- diff --git a/queue-4.9/mac80211-add-ieee80211_is_any_nullfunc.patch b/queue-4.9/mac80211-add-ieee80211_is_any_nullfunc.patch new file mode 100644 index 00000000000..25140172c83 --- /dev/null +++ b/queue-4.9/mac80211-add-ieee80211_is_any_nullfunc.patch @@ -0,0 +1,128 @@ +From 30b2f0be23fb40e58d0ad2caf8702c2a44cda2e1 Mon Sep 17 00:00:00 2001 +From: Thomas Pedersen +Date: Mon, 13 Jan 2020 21:59:40 -0800 +Subject: mac80211: add ieee80211_is_any_nullfunc() + +From: Thomas Pedersen + +commit 30b2f0be23fb40e58d0ad2caf8702c2a44cda2e1 upstream. + +commit 08a5bdde3812 ("mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED") +Fixed a bug where we failed to take into account a +nullfunc frame can be either non-QoS or QoS. It turns out +there is at least one more bug in +ieee80211_sta_tx_notify(), introduced in +commit 7b6ddeaf27ec ("mac80211: use QoS NDP for AP probing"), +where we forgot to check for the QoS variant and so +assumed the QoS nullfunc frame never went out + +Fix this by adding a helper ieee80211_is_any_nullfunc() +which consolidates the check for non-QoS and QoS nullfunc +frames. Replace existing compound conditionals and add a +couple more missing checks for QoS variant. + +Signed-off-by: Thomas Pedersen +Link: https://lore.kernel.org/r/20200114055940.18502-3-thomas@adapt-ip.com +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/ieee80211.h | 9 +++++++++ + net/mac80211/mlme.c | 2 +- + net/mac80211/rx.c | 8 +++----- + net/mac80211/status.c | 5 ++--- + net/mac80211/tx.c | 2 +- + 5 files changed, 16 insertions(+), 10 deletions(-) + +--- a/include/linux/ieee80211.h ++++ b/include/linux/ieee80211.h +@@ -620,6 +620,15 @@ static inline bool ieee80211_is_qos_null + } + + /** ++ * ieee80211_is_any_nullfunc - check if frame is regular or QoS nullfunc frame ++ * @fc: frame control bytes in little-endian byteorder ++ */ ++static inline bool ieee80211_is_any_nullfunc(__le16 fc) ++{ ++ return (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)); ++} ++ ++/** + * ieee80211_is_bufferable_mmpdu - check if frame is bufferable MMPDU + * @fc: frame control field in little-endian byteorder + */ +--- a/net/mac80211/mlme.c ++++ b/net/mac80211/mlme.c +@@ -2277,7 +2277,7 @@ void ieee80211_sta_tx_notify(struct ieee + if (!ieee80211_is_data(hdr->frame_control)) + return; + +- if (ieee80211_is_nullfunc(hdr->frame_control) && ++ if (ieee80211_is_any_nullfunc(hdr->frame_control) && + sdata->u.mgd.probe_send_count > 0) { + if (ack) + ieee80211_sta_reset_conn_monitor(sdata); +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -1231,8 +1231,7 @@ ieee80211_rx_h_check_dup(struct ieee8021 + return RX_CONTINUE; + + if (ieee80211_is_ctl(hdr->frame_control) || +- ieee80211_is_nullfunc(hdr->frame_control) || +- ieee80211_is_qos_nullfunc(hdr->frame_control) || ++ ieee80211_is_any_nullfunc(hdr->frame_control) || + is_multicast_ether_addr(hdr->addr1)) + return RX_CONTINUE; + +@@ -1617,8 +1616,7 @@ ieee80211_rx_h_sta_process(struct ieee80 + * Drop (qos-)data::nullfunc frames silently, since they + * are used only to control station power saving mode. + */ +- if (ieee80211_is_nullfunc(hdr->frame_control) || +- ieee80211_is_qos_nullfunc(hdr->frame_control)) { ++ if (ieee80211_is_any_nullfunc(hdr->frame_control)) { + I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc); + + /* +@@ -2112,7 +2110,7 @@ static int ieee80211_drop_unencrypted(st + + /* Drop unencrypted frames if key is set. */ + if (unlikely(!ieee80211_has_protected(fc) && +- !ieee80211_is_nullfunc(fc) && ++ !ieee80211_is_any_nullfunc(fc) && + ieee80211_is_data(fc) && rx->key)) + return -EACCES; + +--- a/net/mac80211/status.c ++++ b/net/mac80211/status.c +@@ -480,8 +480,7 @@ static void ieee80211_report_ack_skb(str + rcu_read_lock(); + sdata = ieee80211_sdata_from_skb(local, skb); + if (sdata) { +- if (ieee80211_is_nullfunc(hdr->frame_control) || +- ieee80211_is_qos_nullfunc(hdr->frame_control)) ++ if (ieee80211_is_any_nullfunc(hdr->frame_control)) + cfg80211_probe_status(sdata->dev, hdr->addr1, + cookie, acked, + GFP_ATOMIC); +@@ -914,7 +913,7 @@ void ieee80211_tx_status(struct ieee8021 + I802_DEBUG_INC(local->dot11FailedCount); + } + +- if (ieee80211_is_nullfunc(fc) && ieee80211_has_pm(fc) && ++ if (ieee80211_is_any_nullfunc(fc) && ieee80211_has_pm(fc) && + ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) && + !(info->flags & IEEE80211_TX_CTL_INJECTED) && + local->ps_sdata && !(local->scanning)) { +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -294,7 +294,7 @@ ieee80211_tx_h_check_assoc(struct ieee80 + if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) && + test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) && + !ieee80211_is_probe_req(hdr->frame_control) && +- !ieee80211_is_nullfunc(hdr->frame_control)) ++ !ieee80211_is_any_nullfunc(hdr->frame_control)) + /* + * When software scanning only nullfunc frames (to notify + * the sleep state to the AP) and probe requests (for the diff --git a/queue-4.9/series b/queue-4.9/series index e8a57243ca2..137da968d39 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -15,3 +15,4 @@ xprtrdma-fix-backchannel-allocation-of-extra-rpcrdma_reps.patch mips-perf-remove-incorrect-odd-even-counter-handling-for-i6400.patch sctp-fix-shutdown-ctsn-ack-in-the-peer-restart-case.patch alsa-hda-match-both-pci-id-and-ssid-for-driver-blacklist.patch +mac80211-add-ieee80211_is_any_nullfunc.patch