Commit ca48aa4a authored Sep 27, 2021 by David S. Miller

Merge tag 'mac80211-for-net-2021-09-27' of...

Merge tag 'mac80211-for-net-2021-09-27' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211



Johannes berg says:

====================
Some fixes:
 * potential use-after-free in CCMP/GCMP RX processing
 * potential use-after-free in TX A-MSDU processing
 * revert to low data rates for no-ack as the commit
   broke other things
 * limit VHT MCS/NSS in radiotap injection
 * drop frames with invalid addresses in IBSS mode
 * check rhashtable_init() return value in mesh
 * fix potentially unaligned access in mesh
 * fix late beacon hrtimer handling in hwsim (syzbot)
 * fix documentation for PTK0 rekeying
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

parents 3ebaaad4 33092aca

drivers/net/wireless/mac80211_hwsim.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1867,7 +1867,7 @@ mac80211_hwsim_beacon(struct hrtimer *timer)
		bcn_int -= data->bcn_delta;
		data->bcn_delta = 0;
		}
		hrtimer_forward(&data->beacon_timer, hrtimer_get_expires(timer),
		hrtimer_forward_now(&data->beacon_timer,
		ns_to_ktime(bcn_int * NSEC_PER_USEC));
		return HRTIMER_RESTART;
		}

include/net/mac80211.h

+4 −4

Original line number	Diff line number	Diff line
		@@ -2818,13 +2818,13 @@ void ieee80211_free_txskb(struct ieee80211_hw hw, struct sk_buff skb);
		* Mac80211 drivers should set the @NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 flag
		* when they are able to replace in-use PTK keys according to the following
		* requirements:
		* 1) They do not hand over frames decrypted with the old key to
		mac80211 once the call to set_key() with command %DISABLE_KEY has been
		completed when also setting @IEEE80211_KEY_FLAG_GENERATE_IV for any key,
		* 1) They do not hand over frames decrypted with the old key to mac80211
		once the call to set_key() with command %DISABLE_KEY has been completed,
		2) either drop or continue to use the old key for any outgoing frames queued
		at the time of the key deletion (including re-transmits),
		3) never send out a frame queued prior to the set_key() %SET_KEY command
		encrypted with the new key and
		encrypted with the new key when also needing
		@IEEE80211_KEY_FLAG_GENERATE_IV and
		4) never send out a frame unencrypted when it should be encrypted.
		Mac80211 will not queue any new frames for a deleted key to the driver.
		*/

net/mac80211/mesh_pathtbl.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -60,7 +60,10 @@ static struct mesh_table *mesh_table_alloc(void)
		atomic_set(&newtbl->entries, 0);
		spin_lock_init(&newtbl->gates_lock);
		spin_lock_init(&newtbl->walk_lock);
		rhashtable_init(&newtbl->rhead, &mesh_rht_params);
		if (rhashtable_init(&newtbl->rhead, &mesh_rht_params)) {
		kfree(newtbl);
		return NULL;
		}

		return newtbl;
		}

net/mac80211/mesh_ps.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -2,6 +2,7 @@
		/*
		* Copyright 2012-2013, Marco Porsch <marco.porsch@s2005.tu-chemnitz.de>
		* Copyright 2012-2013, cozybit Inc.
		* Copyright (C) 2021 Intel Corporation
		*/

		#include "mesh.h"
		@@ -588,7 +589,7 @@ void ieee80211_mps_frame_release(struct sta_info *sta,

		/* only transmit to PS STA with announced, non-zero awake window */
		if (test_sta_flag(sta, WLAN_STA_PS_STA) &&
		(!elems->awake_window \|\| !le16_to_cpu(*elems->awake_window)))
		(!elems->awake_window \|\| !get_unaligned_le16(elems->awake_window)))
		return;

		if (!test_sta_flag(sta, WLAN_STA_MPSP_OWNER))

net/mac80211/rate.c

+0 −4

Original line number	Diff line number	Diff line
		@@ -392,10 +392,6 @@ static bool rate_control_send_low(struct ieee80211_sta *pubsta,
		int mcast_rate;
		bool use_basicrate = false;

		if (ieee80211_is_tx_data(txrc->skb) &&
		info->flags & IEEE80211_TX_CTL_NO_ACK)
		return false;

		if (!pubsta \|\| rc_no_data_or_no_ack_use_min(txrc)) {
		__rate_control_send_low(txrc->hw, sband, pubsta, info,
		txrc->rate_idx_mask);