mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-17 02:10:10 +00:00
323e249ce8
This updates mac80211 to version 6.1.97-1. This code is based on Linux 6.1.97 and contains all fixes included in the upstream wireless subsystem from that kernel version. This includes many bugfixes and also some security fixes. The removed patches are already integrated in upstream Linux 6.1.97 or in backports. The following patches were integrated in upstream Linux: ath11k/0013-wifi-ath11k-synchronize-ath11k_mac_he_gi_to_nl80211_.patch ath11k/0035-wifi-ath11k-Use-platform_get_irq-to-get-the-interrup.patch ath11k/0036-wifi-ath11k-fix-SAC-bug-on-peer-addition-with-sta-ba.patch ath11k/0047-wifi-ath11k-fix-deinitialization-of-firmware-resourc.patch ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch ath11k/0060-wifi-ath11k-Ignore-frags-from-uninitialized-peer-in-.patch ath11k/0065-wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch ath11k/0067-wifi-ath11k-Fix-SKB-corruption-in-REO-destination-ri.patch ath11k/0069-wifi-ath11k-fix-registration-of-6Ghz-only-phy-withou.patch ath11k/0080-wifi-ath11k-add-support-default-regdb-while-searchin.patch ath11k/0085-wifi-ath11k-fix-memory-leak-in-WMI-firmware-stats.patch ath11k/0086-wifi-ath11k-Add-missing-check-for-ioremap.patch ath11k/0096-wifi-ath11k-fix-boot-failure-with-one-MSI-vector.patch subsys/337-wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch The following patches were integrated in upstream backports: ath11k/901-wifi-ath11k-pci-fix-compilation-in-5.16-and-older.patch build/080-resv_start_op.patch build/110-backport_napi_build_skb.patch The following files are missing in backports, we do not have to remove them any more. Some were already missing before some were removed in this update: include/linux/cordic.h include/linux/crc8.h include/linux/eeprom_93cx6.h include/linux/wl12xx.h include/net/ieee80211.h backport-include/linux/bcm47xx_nvram.h include/linux/ath9k_platform.h include/net/bluetooth/ backports ships a dummy Mediatek wed header for older kernel versions. We backported the feature in our kernel, remove the dummy header: backport-include/linux/soc/mediatek/mtk_wed.h Remove header files for subsystems used form the mainline kernel: include/trace/events/qrtr.h include/net/rsi_91x.h backport-include/linux/platform_data/brcmnand.h Link: https://github.com/openwrt/openwrt/pull/15827 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
88 lines
3.1 KiB
Diff
88 lines
3.1 KiB
Diff
From: Felix Fietkau <nbd@nbd.name>
|
|
Date: Thu, 1 Dec 2022 14:57:30 +0100
|
|
Subject: [PATCH] wifi: mac80211: fix and simplify unencrypted drop check for
|
|
mesh
|
|
|
|
ieee80211_drop_unencrypted is called from ieee80211_rx_h_mesh_fwding and
|
|
ieee80211_frame_allowed.
|
|
|
|
Since ieee80211_rx_h_mesh_fwding can forward packets for other mesh nodes
|
|
and is called earlier, it needs to check the decryptions status and if the
|
|
packet is using the control protocol on its own, instead of deferring to
|
|
the later call from ieee80211_frame_allowed.
|
|
|
|
Because of that, ieee80211_drop_unencrypted has a mesh specific check
|
|
that skips over the mesh header in order to check the payload protocol.
|
|
This code is invalid when called from ieee80211_frame_allowed, since that
|
|
happens after the 802.11->802.3 conversion.
|
|
|
|
Fix this by moving the mesh specific check directly into
|
|
ieee80211_rx_h_mesh_fwding.
|
|
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
Link: https://lore.kernel.org/r/20221201135730.19723-1-nbd@nbd.name
|
|
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
---
|
|
|
|
--- a/net/mac80211/rx.c
|
|
+++ b/net/mac80211/rx.c
|
|
@@ -2405,7 +2405,6 @@ static int ieee80211_802_1x_port_control
|
|
|
|
static int ieee80211_drop_unencrypted(struct ieee80211_rx_data *rx, __le16 fc)
|
|
{
|
|
- struct ieee80211_hdr *hdr = (void *)rx->skb->data;
|
|
struct sk_buff *skb = rx->skb;
|
|
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
|
|
|
|
@@ -2416,31 +2415,6 @@ static int ieee80211_drop_unencrypted(st
|
|
if (status->flag & RX_FLAG_DECRYPTED)
|
|
return 0;
|
|
|
|
- /* check mesh EAPOL frames first */
|
|
- if (unlikely(rx->sta && ieee80211_vif_is_mesh(&rx->sdata->vif) &&
|
|
- ieee80211_is_data(fc))) {
|
|
- struct ieee80211s_hdr *mesh_hdr;
|
|
- u16 hdr_len = ieee80211_hdrlen(fc);
|
|
- u16 ethertype_offset;
|
|
- __be16 ethertype;
|
|
-
|
|
- if (!ether_addr_equal(hdr->addr1, rx->sdata->vif.addr))
|
|
- goto drop_check;
|
|
-
|
|
- /* make sure fixed part of mesh header is there, also checks skb len */
|
|
- if (!pskb_may_pull(rx->skb, hdr_len + 6))
|
|
- goto drop_check;
|
|
-
|
|
- mesh_hdr = (struct ieee80211s_hdr *)(skb->data + hdr_len);
|
|
- ethertype_offset = hdr_len + ieee80211_get_mesh_hdrlen(mesh_hdr) +
|
|
- sizeof(rfc1042_header);
|
|
-
|
|
- if (skb_copy_bits(rx->skb, ethertype_offset, ðertype, 2) == 0 &&
|
|
- ethertype == rx->sdata->control_port_protocol)
|
|
- return 0;
|
|
- }
|
|
-
|
|
-drop_check:
|
|
/* Drop unencrypted frames if key is set. */
|
|
if (unlikely(!ieee80211_has_protected(fc) &&
|
|
!ieee80211_is_any_nullfunc(fc) &&
|
|
@@ -2898,8 +2872,16 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
|
|
hdr = (struct ieee80211_hdr *) skb->data;
|
|
mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
|
|
|
|
- if (ieee80211_drop_unencrypted(rx, hdr->frame_control))
|
|
- return RX_DROP_MONITOR;
|
|
+ if (ieee80211_drop_unencrypted(rx, hdr->frame_control)) {
|
|
+ int offset = hdrlen + ieee80211_get_mesh_hdrlen(mesh_hdr) +
|
|
+ sizeof(rfc1042_header);
|
|
+ __be16 ethertype;
|
|
+
|
|
+ if (!ether_addr_equal(hdr->addr1, rx->sdata->vif.addr) ||
|
|
+ skb_copy_bits(rx->skb, offset, ðertype, 2) != 0 ||
|
|
+ ethertype != rx->sdata->control_port_protocol)
|
|
+ return RX_DROP_MONITOR;
|
|
+ }
|
|
|
|
/* frame is in RMC, don't forward */
|
|
if (ieee80211_is_data(hdr->frame_control) &&
|