A couple of straggler fixes:
* a minstrel HT sample check fix * peer measurement could double-free on races * certificate file generation at build time could sometimes hang * some parameters weren't reset between connections in mac80211 * some extensible elements were treated as non- extensible, possibly causuing bad connections (or failures) if the AP adds data -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEH1e1rEeCd0AIMq6MB8qZga/fl8QFAmDMgxsACgkQB8qZga/f l8QsDBAAhY5zN2LFdxkqyfPd8DJs2KpnE1osSi1qjmPOItn7K7H6hD6jN/UaaysQ uC1ngAyuiRMtO5JgAtj58NlnDNM3IYvYxt909PnG/NAuNGW9RDebEf2H8JGKzCTR sFW6QKOj4CkVyLwjRwu3VziI0WOaF0kNoNW2ZSr4DEHSS9siMe5svv5fLqoNxNCP 9fhS1T5xgDZfcGVdedXzilH1waqsEzPeRYY7TKGr/TZwDPksYmNsFU7mETqzKV14 OuGan7eolZ6Q869FydkKs+J9NDiHXEBVM4vt6K/2I+qHXAUUsui01l+l1oV4+XzW Jh3eS7t72uov1UV5jVvLjrFvKOWBu1RpsO+8XfUqnTa7AvDdC5jrBTWzFYaATmqm OtfVy3JSkd8d9eMX6Yg3/K/f9WoNPIyrR1BbbOCpWN3tHvE2xc8fWsRmS3o6VnpP DZ/+Za4csLKl5/D1x3cqYnIaLwQdD75WNGJU10UvvyPyNsKLsw4UxfSm49gWXXBm /fqXGS2SJX39GiHysZAnQlpRy9x03E/qkWaPZWx+xYP4zkr5MNecM5kmiINZINBA eJPjO8Ex2ODkNf/BAmzHhIyPilRw0ypDa8K5NS/KCp2WBA01lEgyglRD0Rnz5vjD MSP+cV38SjFoOxxiN1qtB1bSyN0EN5MdFwyrerJjmDRp/sqA5xE= =Nh7Q -----END PGP SIGNATURE----- Merge tag 'mac80211-for-net-2021-06-18' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== A couple of straggler fixes: * a minstrel HT sample check fix * peer measurement could double-free on races * certificate file generation at build time could sometimes hang * some parameters weren't reset between connections in mac80211 * some extensible elements were treated as non- extensible, possibly causuing bad connections (or failures) if the AP adds data ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
0d1dc9e1f4
@ -4062,10 +4062,14 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
|
||||
if (elems.mbssid_config_ie)
|
||||
bss_conf->profile_periodicity =
|
||||
elems.mbssid_config_ie->profile_periodicity;
|
||||
else
|
||||
bss_conf->profile_periodicity = 0;
|
||||
|
||||
if (elems.ext_capab_len >= 11 &&
|
||||
(elems.ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
|
||||
bss_conf->ema_ap = true;
|
||||
else
|
||||
bss_conf->ema_ap = false;
|
||||
|
||||
/* continue assoc process */
|
||||
ifmgd->assoc_data->timeout = jiffies;
|
||||
@ -5802,12 +5806,16 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
|
||||
beacon_ies->data, beacon_ies->len);
|
||||
if (elem && elem->datalen >= 3)
|
||||
sdata->vif.bss_conf.profile_periodicity = elem->data[2];
|
||||
else
|
||||
sdata->vif.bss_conf.profile_periodicity = 0;
|
||||
|
||||
elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
|
||||
beacon_ies->data, beacon_ies->len);
|
||||
if (elem && elem->datalen >= 11 &&
|
||||
(elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
|
||||
sdata->vif.bss_conf.ema_ap = true;
|
||||
else
|
||||
sdata->vif.bss_conf.ema_ap = false;
|
||||
} else {
|
||||
assoc_data->timeout = jiffies;
|
||||
assoc_data->timeout_started = true;
|
||||
|
@ -1514,7 +1514,7 @@ minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
|
||||
(info->control.flags & IEEE80211_TX_CTRL_PORT_CTRL_PROTO))
|
||||
return;
|
||||
|
||||
if (time_is_before_jiffies(mi->sample_time))
|
||||
if (time_is_after_jiffies(mi->sample_time))
|
||||
return;
|
||||
|
||||
mi->sample_time = jiffies + MINSTREL_SAMPLE_INTERVAL;
|
||||
|
@ -947,7 +947,7 @@ static void ieee80211_parse_extension_element(u32 *crc,
|
||||
|
||||
switch (elem->data[0]) {
|
||||
case WLAN_EID_EXT_HE_MU_EDCA:
|
||||
if (len == sizeof(*elems->mu_edca_param_set)) {
|
||||
if (len >= sizeof(*elems->mu_edca_param_set)) {
|
||||
elems->mu_edca_param_set = data;
|
||||
if (crc)
|
||||
*crc = crc32_be(*crc, (void *)elem,
|
||||
@ -968,7 +968,7 @@ static void ieee80211_parse_extension_element(u32 *crc,
|
||||
}
|
||||
break;
|
||||
case WLAN_EID_EXT_UORA:
|
||||
if (len == 1)
|
||||
if (len >= 1)
|
||||
elems->uora_element = data;
|
||||
break;
|
||||
case WLAN_EID_EXT_MAX_CHANNEL_SWITCH_TIME:
|
||||
@ -976,7 +976,7 @@ static void ieee80211_parse_extension_element(u32 *crc,
|
||||
elems->max_channel_switch_time = data;
|
||||
break;
|
||||
case WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION:
|
||||
if (len == sizeof(*elems->mbssid_config_ie))
|
||||
if (len >= sizeof(*elems->mbssid_config_ie))
|
||||
elems->mbssid_config_ie = data;
|
||||
break;
|
||||
case WLAN_EID_EXT_HE_SPR:
|
||||
@ -985,7 +985,7 @@ static void ieee80211_parse_extension_element(u32 *crc,
|
||||
elems->he_spr = data;
|
||||
break;
|
||||
case WLAN_EID_EXT_HE_6GHZ_CAPA:
|
||||
if (len == sizeof(*elems->he_6ghz_capa))
|
||||
if (len >= sizeof(*elems->he_6ghz_capa))
|
||||
elems->he_6ghz_capa = data;
|
||||
break;
|
||||
}
|
||||
@ -1074,14 +1074,14 @@ _ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
|
||||
|
||||
switch (id) {
|
||||
case WLAN_EID_LINK_ID:
|
||||
if (elen + 2 != sizeof(struct ieee80211_tdls_lnkie)) {
|
||||
if (elen + 2 < sizeof(struct ieee80211_tdls_lnkie)) {
|
||||
elem_parse_failed = true;
|
||||
break;
|
||||
}
|
||||
elems->lnk_id = (void *)(pos - 2);
|
||||
break;
|
||||
case WLAN_EID_CHAN_SWITCH_TIMING:
|
||||
if (elen != sizeof(struct ieee80211_ch_switch_timing)) {
|
||||
if (elen < sizeof(struct ieee80211_ch_switch_timing)) {
|
||||
elem_parse_failed = true;
|
||||
break;
|
||||
}
|
||||
@ -1244,7 +1244,7 @@ _ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
|
||||
elems->sec_chan_offs = (void *)pos;
|
||||
break;
|
||||
case WLAN_EID_CHAN_SWITCH_PARAM:
|
||||
if (elen !=
|
||||
if (elen <
|
||||
sizeof(*elems->mesh_chansw_params_ie)) {
|
||||
elem_parse_failed = true;
|
||||
break;
|
||||
@ -1253,7 +1253,7 @@ _ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
|
||||
break;
|
||||
case WLAN_EID_WIDE_BW_CHANNEL_SWITCH:
|
||||
if (!action ||
|
||||
elen != sizeof(*elems->wide_bw_chansw_ie)) {
|
||||
elen < sizeof(*elems->wide_bw_chansw_ie)) {
|
||||
elem_parse_failed = true;
|
||||
break;
|
||||
}
|
||||
@ -1272,7 +1272,7 @@ _ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
|
||||
ie = cfg80211_find_ie(WLAN_EID_WIDE_BW_CHANNEL_SWITCH,
|
||||
pos, elen);
|
||||
if (ie) {
|
||||
if (ie[1] == sizeof(*elems->wide_bw_chansw_ie))
|
||||
if (ie[1] >= sizeof(*elems->wide_bw_chansw_ie))
|
||||
elems->wide_bw_chansw_ie =
|
||||
(void *)(ie + 2);
|
||||
else
|
||||
@ -1316,7 +1316,7 @@ _ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
|
||||
elems->cisco_dtpc_elem = pos;
|
||||
break;
|
||||
case WLAN_EID_ADDBA_EXT:
|
||||
if (elen != sizeof(struct ieee80211_addba_ext_ie)) {
|
||||
if (elen < sizeof(struct ieee80211_addba_ext_ie)) {
|
||||
elem_parse_failed = true;
|
||||
break;
|
||||
}
|
||||
@ -1342,7 +1342,7 @@ _ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
|
||||
elem, elems);
|
||||
break;
|
||||
case WLAN_EID_S1G_CAPABILITIES:
|
||||
if (elen == sizeof(*elems->s1g_capab))
|
||||
if (elen >= sizeof(*elems->s1g_capab))
|
||||
elems->s1g_capab = (void *)pos;
|
||||
else
|
||||
elem_parse_failed = true;
|
||||
|
@ -28,7 +28,7 @@ $(obj)/shipped-certs.c: $(wildcard $(srctree)/$(src)/certs/*.hex)
|
||||
@$(kecho) " GEN $@"
|
||||
@(echo '#include "reg.h"'; \
|
||||
echo 'const u8 shipped_regdb_certs[] = {'; \
|
||||
cat $^ ; \
|
||||
echo | cat - $^ ; \
|
||||
echo '};'; \
|
||||
echo 'unsigned int shipped_regdb_certs_len = sizeof(shipped_regdb_certs);'; \
|
||||
) > $@
|
||||
|
@ -334,6 +334,7 @@ void cfg80211_pmsr_complete(struct wireless_dev *wdev,
|
||||
gfp_t gfp)
|
||||
{
|
||||
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
|
||||
struct cfg80211_pmsr_request *tmp, *prev, *to_free = NULL;
|
||||
struct sk_buff *msg;
|
||||
void *hdr;
|
||||
|
||||
@ -364,9 +365,20 @@ free_msg:
|
||||
nlmsg_free(msg);
|
||||
free_request:
|
||||
spin_lock_bh(&wdev->pmsr_lock);
|
||||
list_del(&req->list);
|
||||
/*
|
||||
* cfg80211_pmsr_process_abort() may have already moved this request
|
||||
* to the free list, and will free it later. In this case, don't free
|
||||
* it here.
|
||||
*/
|
||||
list_for_each_entry_safe(tmp, prev, &wdev->pmsr_list, list) {
|
||||
if (tmp == req) {
|
||||
list_del(&req->list);
|
||||
to_free = req;
|
||||
break;
|
||||
}
|
||||
}
|
||||
spin_unlock_bh(&wdev->pmsr_lock);
|
||||
kfree(req);
|
||||
kfree(to_free);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(cfg80211_pmsr_complete);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user