Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 68df7247 authored by David S. Miller's avatar David S. Miller
Browse files

Merge tag 'mac80211-for-davem-2016-03-02' of... 

Merge tag 'mac80211-for-davem-2016-03-02' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211



Johannes Berg says:

====================
Here are a few more fixes for the current cycle:
 * check GCMP encryption vs. fragmentation properly; we'd found
   this problem quite a while ago but waited for the 802.11 spec
   to be updated
 * fix RTS/CTS logic in minstrel_ht
 * fix RX of certain public action frames in AP mode
 * add mac80211_hwsim to MAC80211 in MAINTAINERS, this helps
   the kbuild robot pick up the right tree for it
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 768c83a4 2af8c4dc

MAINTAINERS

+1 −0
Original line number Diff line number Diff line
@@ -6758,6 +6758,7 @@ S: Maintained 
F:	Documentation/networking/mac80211-injection.txt

F:	include/net/mac80211.h

F:	net/mac80211/

F:	drivers/net/wireless/mac80211_hwsim.[ch]



MACVLAN DRIVER

M:	Patrick McHardy <kaber@trash.net>

net/mac80211/ieee80211_i.h

+1 −1
Original line number Diff line number Diff line
@@ -92,7 +92,7 @@ struct ieee80211_fragment_entry { 
	u16 extra_len;

	u16 last_frag;

	u8 rx_queue;

	bool ccmp; /* Whether fragments were encrypted with CCMP */

	bool check_sequential_pn; /* needed for CCMP/GCMP */

	u8 last_pn[6]; /* PN of the last fragment if CCMP was used */

};

net/mac80211/rc80211_minstrel_ht.c

+1 −1
Original line number Diff line number Diff line
@@ -872,7 +872,7 @@ minstrel_ht_set_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi, 
	 *  - if station is in dynamic SMPS (and streams > 1)

	 *  - for fallback rates, to increase chances of getting through

	 */

	if (offset > 0 &&

	if (offset > 0 ||

	    (mi->sta->smps_mode == IEEE80211_SMPS_DYNAMIC &&

	     group->streams > 1)) {

		ratetbl->rate[offset].count = ratetbl->rate[offset].count_rts;

net/mac80211/rx.c

+28 −9
Original line number Diff line number Diff line
@@ -1753,7 +1753,7 @@ ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata, 
	entry->seq = seq;

	entry->rx_queue = rx_queue;

	entry->last_frag = frag;

	entry->ccmp = 0;

	entry->check_sequential_pn = false;

	entry->extra_len = 0;



	return entry;
@@ -1849,15 +1849,27 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) 
						 rx->seqno_idx, &(rx->skb));

		if (rx->key &&

		    (rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP ||

		     rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256) &&

		     rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 ||

		     rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP ||

		     rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) &&

		    ieee80211_has_protected(fc)) {

			int queue = rx->security_idx;

			/* Store CCMP PN so that we can verify that the next

			 * fragment has a sequential PN value. */

			entry->ccmp = 1;



			/* Store CCMP/GCMP PN so that we can verify that the

			 * next fragment has a sequential PN value.

			 */

			entry->check_sequential_pn = true;

			memcpy(entry->last_pn,

			       rx->key->u.ccmp.rx_pn[queue],

			       IEEE80211_CCMP_PN_LEN);

			BUILD_BUG_ON(offsetof(struct ieee80211_key,

					      u.ccmp.rx_pn) !=

				     offsetof(struct ieee80211_key,

					      u.gcmp.rx_pn));

			BUILD_BUG_ON(sizeof(rx->key->u.ccmp.rx_pn[queue]) !=

				     sizeof(rx->key->u.gcmp.rx_pn[queue]));

			BUILD_BUG_ON(IEEE80211_CCMP_PN_LEN !=

				     IEEE80211_GCMP_PN_LEN);

		}

		return RX_QUEUED;

	}
@@ -1872,15 +1884,21 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) 
		return RX_DROP_MONITOR;

	}



	/* Verify that MPDUs within one MSDU have sequential PN values.

	 * (IEEE 802.11i, 8.3.3.4.5) */

	if (entry->ccmp) {

	/* "The receiver shall discard MSDUs and MMPDUs whose constituent

	 *  MPDU PN values are not incrementing in steps of 1."

	 * see IEEE P802.11-REVmc/D5.0, 12.5.3.4.4, item d (for CCMP)

	 * and IEEE P802.11-REVmc/D5.0, 12.5.5.4.4, item d (for GCMP)

	 */

	if (entry->check_sequential_pn) {

		int i;

		u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;

		int queue;



		if (!rx->key ||

		    (rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP &&

		     rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP_256))

		     rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP_256 &&

		     rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP &&

		     rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP_256))

			return RX_DROP_UNUSABLE;

		memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);

		for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {
@@ -3366,6 +3384,7 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx) 
				return false;

			/* ignore action frames to TDLS-peers */

			if (ieee80211_is_action(hdr->frame_control) &&

			    !is_broadcast_ether_addr(bssid) &&

			    !ether_addr_equal(bssid, hdr->addr1))

				return false;

		}