Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2f83c2cc authored by Thomas Pedersen's avatar Thomas Pedersen Committed by Greg Kroah-Hartman
Browse files

mac80211: add ieee80211_is_any_nullfunc() 



commit 30b2f0be23fb40e58d0ad2caf8702c2a44cda2e1 upstream.

commit 08a5bdde3812 ("mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED")
Fixed a bug where we failed to take into account a
nullfunc frame can be either non-QoS or QoS. It turns out
there is at least one more bug in
ieee80211_sta_tx_notify(), introduced in
commit 7b6ddeaf ("mac80211: use QoS NDP for AP probing"),
where we forgot to check for the QoS variant and so
assumed the QoS nullfunc frame never went out

Fix this by adding a helper ieee80211_is_any_nullfunc()
which consolidates the check for non-QoS and QoS nullfunc
frames. Replace existing compound conditionals and add a
couple more missing checks for QoS variant.

Signed-off-by: default avatarThomas Pedersen <thomas@adapt-ip.com>
Link: https://lore.kernel.org/r/20200114055940.18502-3-thomas@adapt-ip.com


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 3b075bc2

include/linux/ieee80211.h

+9 −0
Original line number Diff line number Diff line
@@ -622,6 +622,15 @@ static inline bool ieee80211_is_qos_nullfunc(__le16 fc) 
	       cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_QOS_NULLFUNC);

}



/**

 * ieee80211_is_any_nullfunc - check if frame is regular or QoS nullfunc frame

 * @fc: frame control bytes in little-endian byteorder

 */

static inline bool ieee80211_is_any_nullfunc(__le16 fc)

{

	return (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc));

}



/**

 * ieee80211_is_bufferable_mmpdu - check if frame is bufferable MMPDU

 * @fc: frame control field in little-endian byteorder

net/mac80211/mlme.c

+1 −1
Original line number Diff line number Diff line
@@ -2384,7 +2384,7 @@ void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 
	if (!ieee80211_is_data(hdr->frame_control))

	    return;



	if (ieee80211_is_nullfunc(hdr->frame_control) &&

	if (ieee80211_is_any_nullfunc(hdr->frame_control) &&

	    sdata->u.mgd.probe_send_count > 0) {

		if (ack)

			ieee80211_sta_reset_conn_monitor(sdata);

net/mac80211/rx.c

+3 −5
Original line number Diff line number Diff line
@@ -1373,8 +1373,7 @@ ieee80211_rx_h_check_dup(struct ieee80211_rx_data *rx) 
		return RX_CONTINUE;



	if (ieee80211_is_ctl(hdr->frame_control) ||

	    ieee80211_is_nullfunc(hdr->frame_control) ||

	    ieee80211_is_qos_nullfunc(hdr->frame_control) ||

	    ieee80211_is_any_nullfunc(hdr->frame_control) ||

	    is_multicast_ether_addr(hdr->addr1))

		return RX_CONTINUE;
@@ -1753,8 +1752,7 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) 
	 * Drop (qos-)data::nullfunc frames silently, since they

	 * are used only to control station power saving mode.

	 */

	if (ieee80211_is_nullfunc(hdr->frame_control) ||

	    ieee80211_is_qos_nullfunc(hdr->frame_control)) {

	if (ieee80211_is_any_nullfunc(hdr->frame_control)) {

		I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);



		/*
@@ -2244,7 +2242,7 @@ static int ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc) 


	/* Drop unencrypted frames if key is set. */

	if (unlikely(!ieee80211_has_protected(fc) &&

		     !ieee80211_is_nullfunc(fc) &&

		     !ieee80211_is_any_nullfunc(fc) &&

		     ieee80211_is_data(fc) && rx->key))

		return -EACCES;

net/mac80211/status.c

+2 −3
Original line number Diff line number Diff line
@@ -487,8 +487,7 @@ static void ieee80211_report_ack_skb(struct ieee80211_local *local, 
		rcu_read_lock();

		sdata = ieee80211_sdata_from_skb(local, skb);

		if (sdata) {

			if (ieee80211_is_nullfunc(hdr->frame_control) ||

			    ieee80211_is_qos_nullfunc(hdr->frame_control))

			if (ieee80211_is_any_nullfunc(hdr->frame_control))

				cfg80211_probe_status(sdata->dev, hdr->addr1,

						      cookie, acked,

						      info->status.ack_signal,
@@ -867,7 +866,7 @@ static void __ieee80211_tx_status(struct ieee80211_hw *hw, 
			I802_DEBUG_INC(local->dot11FailedCount);

	}



	if ((ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&

	if (ieee80211_is_any_nullfunc(fc) &&

	    ieee80211_has_pm(fc) &&

	    ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&

	    !(info->flags & IEEE80211_TX_CTL_INJECTED) &&

net/mac80211/tx.c

+1 −1
Original line number Diff line number Diff line
@@ -300,7 +300,7 @@ ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx) 
	if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) &&

	    test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) &&

	    !ieee80211_is_probe_req(hdr->frame_control) &&

	    !ieee80211_is_nullfunc(hdr->frame_control))

	    !ieee80211_is_any_nullfunc(hdr->frame_control))

		/*

		 * When software scanning only nullfunc frames (to notify

		 * the sleep state to the AP) and probe requests (for the