diff options
| author | Thomas Pedersen <thomas@adapt-ip.com> | 2020-01-13 21:59:40 -0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-05-10 10:28:03 +0200 |
| commit | 9bb734d994dbed7dcc5beacc70e2886c520d1e26 (patch) | |
| tree | 8b65878657cfb6a7cc4963b1d9889066211c4f1f | |
| parent | fccabc88ae14c6ba57e9c68ed402db7f3f9e67c1 (diff) | |
| download | linux-stable-9bb734d994dbed7dcc5beacc70e2886c520d1e26.tar.gz linux-stable-9bb734d994dbed7dcc5beacc70e2886c520d1e26.tar.bz2 linux-stable-9bb734d994dbed7dcc5beacc70e2886c520d1e26.zip | |
mac80211: add ieee80211_is_any_nullfunc()
commit 30b2f0be23fb40e58d0ad2caf8702c2a44cda2e1 upstream.
commit 08a5bdde3812 ("mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED")
Fixed a bug where we failed to take into account a
nullfunc frame can be either non-QoS or QoS. It turns out
there is at least one more bug in
ieee80211_sta_tx_notify(), introduced in
commit 7b6ddeaf27ec ("mac80211: use QoS NDP for AP probing"),
where we forgot to check for the QoS variant and so
assumed the QoS nullfunc frame never went out
Fix this by adding a helper ieee80211_is_any_nullfunc()
which consolidates the check for non-QoS and QoS nullfunc
frames. Replace existing compound conditionals and add a
couple more missing checks for QoS variant.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Link: https://lore.kernel.org/r/20200114055940.18502-3-thomas@adapt-ip.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | include/linux/ieee80211.h | 9 | ||||
| -rw-r--r-- | net/mac80211/mlme.c | 2 | ||||
| -rw-r--r-- | net/mac80211/rx.c | 8 | ||||
| -rw-r--r-- | net/mac80211/status.c | 5 | ||||
| -rw-r--r-- | net/mac80211/tx.c | 2 |
5 files changed, 16 insertions, 10 deletions
diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index d3417c18ee2f..dbab3036e4f5 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -620,6 +620,15 @@ static inline bool ieee80211_is_qos_nullfunc(__le16 fc) } /** + * ieee80211_is_any_nullfunc - check if frame is regular or QoS nullfunc frame + * @fc: frame control bytes in little-endian byteorder + */ +static inline bool ieee80211_is_any_nullfunc(__le16 fc) +{ + return (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)); +} + +/** * ieee80211_is_bufferable_mmpdu - check if frame is bufferable MMPDU * @fc: frame control field in little-endian byteorder */ diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 048389b5aa0f..58b80270e58c 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -2277,7 +2277,7 @@ void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, if (!ieee80211_is_data(hdr->frame_control)) return; - if (ieee80211_is_nullfunc(hdr->frame_control) && + if (ieee80211_is_any_nullfunc(hdr->frame_control) && sdata->u.mgd.probe_send_count > 0) { if (ack) ieee80211_sta_reset_conn_monitor(sdata); diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index a6f265262f15..d3334fd84ca2 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -1231,8 +1231,7 @@ ieee80211_rx_h_check_dup(struct ieee80211_rx_data *rx) return RX_CONTINUE; if (ieee80211_is_ctl(hdr->frame_control) || - ieee80211_is_nullfunc(hdr->frame_control) || - ieee80211_is_qos_nullfunc(hdr->frame_control) || + ieee80211_is_any_nullfunc(hdr->frame_control) || is_multicast_ether_addr(hdr->addr1)) return RX_CONTINUE; @@ -1617,8 +1616,7 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) * Drop (qos-)data::nullfunc frames silently, since they * are used only to control station power saving mode. */ - if (ieee80211_is_nullfunc(hdr->frame_control) || - ieee80211_is_qos_nullfunc(hdr->frame_control)) { + if (ieee80211_is_any_nullfunc(hdr->frame_control)) { I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc); /* @@ -2112,7 +2110,7 @@ static int ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc) /* Drop unencrypted frames if key is set. */ if (unlikely(!ieee80211_has_protected(fc) && - !ieee80211_is_nullfunc(fc) && + !ieee80211_is_any_nullfunc(fc) && ieee80211_is_data(fc) && rx->key)) return -EACCES; diff --git a/net/mac80211/status.c b/net/mac80211/status.c index 246d113bd755..1d81064b241d 100644 --- a/net/mac80211/status.c +++ b/net/mac80211/status.c @@ -480,8 +480,7 @@ static void ieee80211_report_ack_skb(struct ieee80211_local *local, rcu_read_lock(); sdata = ieee80211_sdata_from_skb(local, skb); if (sdata) { - if (ieee80211_is_nullfunc(hdr->frame_control) || - ieee80211_is_qos_nullfunc(hdr->frame_control)) + if (ieee80211_is_any_nullfunc(hdr->frame_control)) cfg80211_probe_status(sdata->dev, hdr->addr1, cookie, acked, GFP_ATOMIC); @@ -914,7 +913,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb) I802_DEBUG_INC(local->dot11FailedCount); } - if (ieee80211_is_nullfunc(fc) && ieee80211_has_pm(fc) && + if (ieee80211_is_any_nullfunc(fc) && ieee80211_has_pm(fc) && ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) && !(info->flags & IEEE80211_TX_CTL_INJECTED) && local->ps_sdata && !(local->scanning)) { diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 850264fac378..6216279efc46 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -294,7 +294,7 @@ ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx) if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) && test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) && !ieee80211_is_probe_req(hdr->frame_control) && - !ieee80211_is_nullfunc(hdr->frame_control)) + !ieee80211_is_any_nullfunc(hdr->frame_control)) /* * When software scanning only nullfunc frames (to notify * the sleep state to the AP) and probe requests (for the |