Refresh all patches.
The removed patches were integrated upstream.
This contains fixes for CVE-2020-3702
1. These patches (ath, ath9k, mac80211) were included in kernel
versions since 4.14.245 and 4.19.205. They fix security vulnerability
CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2].
Thank you Josef Schlehofer for reporting this problem.
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702
[2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
PKG_NAME:=mac80211
-PKG_VERSION:=5.10.42-1
+PKG_VERSION:=5.10.68-1
PKG_RELEASE:=1
-PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.42/
-PKG_HASH:=6876520105240844fdb32d1dcdf2bfdea291a37a96f16c892fda3776ba714fcb
+PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.68/
+PKG_HASH:=bba161b0084590c677a84b80993709e388a3c478f29ed0c475d4fce1b9162968
PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
-@@ -2977,7 +2977,8 @@ void ath9k_hw_apply_txpower(struct ath_h
+@@ -2979,7 +2979,8 @@ void ath9k_hw_apply_txpower(struct ath_h
{
struct ath_regulatory *reg = ath9k_hw_regulatory(ah);
struct ieee80211_channel *channel;
u16 ctl = NO_CTL;
if (!chan)
-@@ -2989,9 +2990,14 @@ void ath9k_hw_apply_txpower(struct ath_h
+@@ -2991,9 +2992,14 @@ void ath9k_hw_apply_txpower(struct ath_h
channel = chan->chan;
chan_pwr = min_t(int, channel->max_power * 2, MAX_COMBINED_POWER);
new_pwr = min_t(int, chan_pwr, reg->power_limit);
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
-@@ -2996,6 +2996,10 @@ void ath9k_hw_apply_txpower(struct ath_h
+@@ -2998,6 +2998,10 @@ void ath9k_hw_apply_txpower(struct ath_h
if (ant_gain > max_gain)
ant_reduction = ant_gain - max_gain;
CFLAGS_trace.o := -I$(src)
--- a/drivers/net/wireless/ath/ath.h
+++ b/drivers/net/wireless/ath/ath.h
-@@ -316,14 +316,7 @@ void _ath_dbg(struct ath_common *common,
+@@ -317,14 +317,7 @@ void _ath_dbg(struct ath_common *common,
#endif /* CPTCFG_ATH_DEBUG */
/** Returns string describing opmode, or NULL if unknown mode. */
bool reset_power_on;
bool htc_reset_init;
-@@ -1076,6 +1084,7 @@ void ath9k_hw_check_nav(struct ath_hw *a
+@@ -1077,6 +1085,7 @@ void ath9k_hw_check_nav(struct ath_hw *a
bool ath9k_hw_check_alive(struct ath_hw *ah);
bool ath9k_hw_setpower(struct ath_hw *ah, enum ath9k_power_mode mode);
struct ath_gen_timer *ath_gen_timer_alloc(struct ath_hw *ah,
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
-@@ -1883,6 +1883,20 @@ u32 ath9k_hw_get_tsf_offset(struct times
+@@ -1882,6 +1882,20 @@ u32 ath9k_hw_get_tsf_offset(struct times
}
EXPORT_SYMBOL(ath9k_hw_get_tsf_offset);
int ath9k_hw_reset(struct ath_hw *ah, struct ath9k_channel *chan,
struct ath9k_hw_cal_data *caldata, bool fastcc)
{
-@@ -2091,6 +2105,7 @@ int ath9k_hw_reset(struct ath_hw *ah, st
+@@ -2090,6 +2104,7 @@ int ath9k_hw_reset(struct ath_hw *ah, st
ar9003_hw_disable_phy_restart(ah);
ath9k_hw_apply_gpio_override(ah);
REG_SET_BIT(ah, AR_BTCOEX_WL_LNADIV, AR_BTCOEX_WL_LNADIV_FORCE_ON);
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
-@@ -531,6 +531,11 @@ irqreturn_t ath_isr(int irq, void *dev)
+@@ -536,6 +536,11 @@ irqreturn_t ath_isr(int irq, void *dev)
if (test_bit(ATH_OP_HW_RESET, &common->op_flags))
return IRQ_HANDLED;
return true;
}
-@@ -1861,8 +1880,14 @@ static int ath9k_hw_do_fastcc(struct ath
+@@ -1860,8 +1879,14 @@ static int ath9k_hw_do_fastcc(struct ath
if (AR_SREV_9271(ah))
ar9002_hw_load_ani_reg(ah, chan);
return -EINVAL;
}
-@@ -2116,6 +2141,9 @@ int ath9k_hw_reset(struct ath_hw *ah, st
+@@ -2115,6 +2140,9 @@ int ath9k_hw_reset(struct ath_hw *ah, st
ath9k_hw_set_radar_params(ah);
}
static void ath9k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
u32 queues, bool drop);
-@@ -652,6 +653,7 @@ void ath_reset_work(struct work_struct *
+@@ -657,6 +658,7 @@ void ath_reset_work(struct work_struct *
static int ath9k_start(struct ieee80211_hw *hw)
{
struct ath_softc *sc = hw->priv;
struct ath_hw *ah = sc->sc_ah;
struct ath_common *common = ath9k_hw_common(ah);
struct ieee80211_channel *curchan = sc->cur_chan->chandef.chan;
-@@ -730,6 +732,11 @@ static int ath9k_start(struct ieee80211_
+@@ -735,6 +737,11 @@ static int ath9k_start(struct ieee80211_
AR_GPIO_OUTPUT_MUX_AS_OUTPUT);
}
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -9708,6 +9708,21 @@ static int ath10k_mac_init_rd(struct ath
+@@ -9709,6 +9709,21 @@ static int ath10k_mac_init_rd(struct ath
return 0;
}
int ath10k_mac_register(struct ath10k *ar)
{
static const u32 cipher_suites[] = {
-@@ -10057,6 +10072,12 @@ int ath10k_mac_register(struct ath10k *a
+@@ -10058,6 +10073,12 @@ int ath10k_mac_register(struct ath10k *a
ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
if (ret)
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -10074,7 +10074,7 @@ int ath10k_mac_register(struct ath10k *a
+@@ -10075,7 +10075,7 @@ int ath10k_mac_register(struct ath10k *a
ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
#ifdef CPTCFG_MAC80211_LEDS
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-@@ -2958,6 +2958,10 @@ brcmf_cfg80211_set_power_mgmt(struct wip
+@@ -2961,6 +2961,10 @@ brcmf_cfg80211_set_power_mgmt(struct wip
* preference in cfg struct to apply this to
* FW later while initializing the dongle
*/
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-@@ -2910,6 +2910,63 @@ done:
+@@ -2913,6 +2913,63 @@ done:
}
static int
brcmf_cfg80211_dump_station(struct wiphy *wiphy, struct net_device *ndev,
int idx, u8 *mac, struct station_info *sinfo)
{
-@@ -3005,6 +3062,7 @@ static s32 brcmf_inform_single_bss(struc
+@@ -3008,6 +3065,7 @@ static s32 brcmf_inform_single_bss(struc
struct brcmu_chan ch;
u16 channel;
u32 freq;
u16 notify_capability;
u16 notify_interval;
u8 *notify_ie;
-@@ -3029,6 +3087,17 @@ static s32 brcmf_inform_single_bss(struc
+@@ -3032,6 +3090,17 @@ static s32 brcmf_inform_single_bss(struc
band = NL80211_BAND_5GHZ;
freq = ieee80211_channel_to_frequency(channel, band);
bss_data.chan = ieee80211_get_channel(wiphy, freq);
bss_data.scan_width = NL80211_BSS_CHAN_WIDTH_20;
bss_data.boottime_ns = ktime_to_ns(ktime_get_boottime());
-@@ -5515,6 +5584,7 @@ static struct cfg80211_ops brcmf_cfg8021
+@@ -5518,6 +5587,7 @@ static struct cfg80211_ops brcmf_cfg8021
.leave_ibss = brcmf_cfg80211_leave_ibss,
.get_station = brcmf_cfg80211_get_station,
.dump_station = brcmf_cfg80211_dump_station,
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -1288,7 +1288,6 @@ static int ieee80211_stop_ap(struct wiph
+@@ -1307,7 +1307,6 @@ static int ieee80211_stop_ap(struct wiph
sdata->vif.bss_conf.ftmr_params = NULL;
__sta_info_flush(sdata, true);
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -2444,7 +2444,7 @@ static int ieee80211_scan(struct wiphy *
+@@ -2463,7 +2463,7 @@ static int ieee80211_scan(struct wiphy *
* the frames sent while scanning on other channel will be
* lost)
*/
* cfg80211_rx_unprot_mlme_mgmt - notification of unprotected mlme mgmt frame
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
-@@ -2734,7 +2734,7 @@ static void ieee80211_report_disconnect(
+@@ -2725,7 +2725,7 @@ static void ieee80211_report_disconnect(
};
if (tx)
else
cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
-@@ -4724,7 +4724,8 @@ void ieee80211_mgd_quiesce(struct ieee80
+@@ -4719,7 +4719,8 @@ void ieee80211_mgd_quiesce(struct ieee80
if (ifmgd->auth_data)
ieee80211_destroy_auth_data(sdata, false);
cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
};
/* policy for the key attributes */
-@@ -15903,7 +15904,7 @@ static void nl80211_send_mlme_event(stru
+@@ -15902,7 +15903,7 @@ static void nl80211_send_mlme_event(stru
const u8 *buf, size_t len,
enum nl80211_commands cmd, gfp_t gfp,
int uapsd_queues, const u8 *req_ies,
{
struct sk_buff *msg;
void *hdr;
-@@ -15925,6 +15926,9 @@ static void nl80211_send_mlme_event(stru
+@@ -15924,6 +15925,9 @@ static void nl80211_send_mlme_event(stru
nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
goto nla_put_failure;
if (uapsd_queues >= 0) {
struct nlattr *nla_wmm =
nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
-@@ -15953,7 +15957,8 @@ void nl80211_send_rx_auth(struct cfg8021
+@@ -15952,7 +15956,8 @@ void nl80211_send_rx_auth(struct cfg8021
size_t len, gfp_t gfp)
{
nl80211_send_mlme_event(rdev, netdev, buf, len,
}
void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
-@@ -15963,23 +15968,25 @@ void nl80211_send_rx_assoc(struct cfg802
+@@ -15962,23 +15967,25 @@ void nl80211_send_rx_assoc(struct cfg802
{
nl80211_send_mlme_event(rdev, netdev, buf, len,
NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
}
void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
-@@ -16010,7 +16017,7 @@ void cfg80211_rx_unprot_mlme_mgmt(struct
+@@ -16009,7 +16016,7 @@ void cfg80211_rx_unprot_mlme_mgmt(struct
trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
struct ieee80211_mgd_auth_data *auth_data;
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
-@@ -2725,7 +2725,7 @@ EXPORT_SYMBOL(ieee80211_ap_probereq_get)
+@@ -2716,7 +2716,7 @@ EXPORT_SYMBOL(ieee80211_ap_probereq_get)
static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
const u8 *buf, size_t len, bool tx,
{
struct ieee80211_event event = {
.type = MLME_EVENT,
-@@ -2734,7 +2734,7 @@ static void ieee80211_report_disconnect(
+@@ -2725,7 +2725,7 @@ static void ieee80211_report_disconnect(
};
if (tx)
else
cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
-@@ -2756,13 +2756,18 @@ static void __ieee80211_disconnect(struc
+@@ -2747,13 +2747,18 @@ static void __ieee80211_disconnect(struc
tx = !sdata->csa_block_tx;
tx, frame_buf);
mutex_lock(&local->mtx);
sdata->vif.csa_active = false;
-@@ -2775,7 +2780,9 @@ static void __ieee80211_disconnect(struc
+@@ -2766,7 +2771,9 @@ static void __ieee80211_disconnect(struc
mutex_unlock(&local->mtx);
ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
sdata_unlock(sdata);
}
-@@ -2794,6 +2801,13 @@ static void ieee80211_beacon_connection_
+@@ -2785,6 +2792,13 @@ static void ieee80211_beacon_connection_
sdata_info(sdata, "Connection to AP %pM lost\n",
ifmgd->bssid);
__ieee80211_disconnect(sdata);
} else {
ieee80211_mgd_probe_ap(sdata, true);
}
-@@ -2832,6 +2846,21 @@ void ieee80211_connection_loss(struct ie
+@@ -2823,6 +2837,21 @@ void ieee80211_connection_loss(struct ie
}
EXPORT_SYMBOL(ieee80211_connection_loss);
static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
bool assoc)
-@@ -3135,7 +3164,7 @@ static void ieee80211_rx_mgmt_deauth(str
+@@ -3126,7 +3155,7 @@ static void ieee80211_rx_mgmt_deauth(str
ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
return;
}
-@@ -3184,7 +3213,8 @@ static void ieee80211_rx_mgmt_disassoc(s
+@@ -3175,7 +3204,8 @@ static void ieee80211_rx_mgmt_disassoc(s
ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
}
static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
-@@ -4204,7 +4234,8 @@ static void ieee80211_rx_mgmt_beacon(str
+@@ -4199,7 +4229,8 @@ static void ieee80211_rx_mgmt_beacon(str
true, deauth_buf);
ieee80211_report_disconnect(sdata, deauth_buf,
sizeof(deauth_buf), true,
return;
}
-@@ -4349,7 +4380,7 @@ static void ieee80211_sta_connection_los
+@@ -4344,7 +4375,7 @@ static void ieee80211_sta_connection_los
tx, frame_buf);
ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
}
static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
-@@ -5439,7 +5470,8 @@ int ieee80211_mgd_auth(struct ieee80211_
+@@ -5434,7 +5465,8 @@ int ieee80211_mgd_auth(struct ieee80211_
ieee80211_report_disconnect(sdata, frame_buf,
sizeof(frame_buf), true,
}
sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
-@@ -5511,7 +5543,8 @@ int ieee80211_mgd_assoc(struct ieee80211
+@@ -5506,7 +5538,8 @@ int ieee80211_mgd_assoc(struct ieee80211
ieee80211_report_disconnect(sdata, frame_buf,
sizeof(frame_buf), true,
}
if (ifmgd->auth_data && !ifmgd->auth_data->done) {
-@@ -5810,7 +5843,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5809,7 +5842,7 @@ int ieee80211_mgd_deauth(struct ieee8021
ieee80211_destroy_auth_data(sdata, false);
ieee80211_report_disconnect(sdata, frame_buf,
sizeof(frame_buf), true,
return 0;
}
-@@ -5830,7 +5863,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5829,7 +5862,7 @@ int ieee80211_mgd_deauth(struct ieee8021
ieee80211_destroy_assoc_data(sdata, false, true);
ieee80211_report_disconnect(sdata, frame_buf,
sizeof(frame_buf), true,
return 0;
}
-@@ -5845,7 +5878,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5844,7 +5877,7 @@ int ieee80211_mgd_deauth(struct ieee8021
req->reason_code, tx, frame_buf);
ieee80211_report_disconnect(sdata, frame_buf,
sizeof(frame_buf), true,
return 0;
}
-@@ -5878,7 +5911,7 @@ int ieee80211_mgd_disassoc(struct ieee80
+@@ -5877,7 +5910,7 @@ int ieee80211_mgd_disassoc(struct ieee80
frame_buf);
ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
};
-@@ -9764,6 +9767,12 @@ static int nl80211_crypto_settings(struc
+@@ -9763,6 +9766,12 @@ static int nl80211_crypto_settings(struc
nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
}
codel_vars_init(&txqi->def_cvars);
codel_stats_init(&txqi->cstats);
__skb_queue_head_init(&txqi->frags);
-@@ -3310,8 +3297,7 @@ static bool ieee80211_amsdu_aggregate(st
+@@ -3332,8 +3319,7 @@ static bool ieee80211_amsdu_aggregate(st
*/
tin = &txqi->tin;
#endif
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
-@@ -3364,8 +3364,6 @@ out_recalc:
+@@ -3386,8 +3386,6 @@ out_recalc:
if (head->len != orig_len) {
flow->backlog += head->len - orig_len;
tin->backlog_bytes += head->len - orig_len;
#endif /* __MAC80211_DRIVER_OPS */
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
-@@ -835,7 +835,7 @@ static const struct net_device_ops ieee8
+@@ -856,7 +856,7 @@ static const struct net_device_ops ieee8
};
{
switch (iftype) {
/* P2P GO and client are mapped to AP/STATION types */
-@@ -855,7 +855,7 @@ static bool ieee80211_set_sdata_offload_
+@@ -876,7 +876,7 @@ static bool ieee80211_set_sdata_offload_
flags = sdata->vif.offload_flags;
if (ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) &&
flags |= IEEE80211_OFFLOAD_ENCAP_ENABLED;
if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_FRAG) &&
-@@ -868,10 +868,21 @@ static bool ieee80211_set_sdata_offload_
+@@ -889,10 +889,21 @@ static bool ieee80211_set_sdata_offload_
flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
}
return true;
}
-@@ -889,7 +900,7 @@ static void ieee80211_set_vif_encap_ops(
+@@ -910,7 +921,7 @@ static void ieee80211_set_vif_encap_ops(
}
if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) ||
enabled = bss->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED;
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
-@@ -4198,7 +4198,9 @@ void ieee80211_check_fast_rx(struct sta_
+@@ -4195,7 +4195,9 @@ void ieee80211_check_fast_rx(struct sta_
.vif_type = sdata->vif.type,
.control_port_protocol = sdata->control_port_protocol,
}, *old, *new = NULL;
/* use sparse to check that we don't return without updating */
__acquire(check_fast_rx);
-@@ -4311,6 +4313,17 @@ void ieee80211_check_fast_rx(struct sta_
+@@ -4308,6 +4310,17 @@ void ieee80211_check_fast_rx(struct sta_
if (assign)
new = kmemdup(&fastrx, sizeof(fastrx), GFP_KERNEL);
spin_lock_bh(&sta->lock);
old = rcu_dereference_protected(sta->fast_rx, true);
rcu_assign_pointer(sta->fast_rx, new);
-@@ -4357,6 +4370,108 @@ void ieee80211_check_fast_rx_iface(struc
+@@ -4354,6 +4367,108 @@ void ieee80211_check_fast_rx_iface(struc
mutex_unlock(&local->sta_mtx);
}
static bool ieee80211_invoke_fast_rx(struct ieee80211_rx_data *rx,
struct ieee80211_fast_rx *fast_rx)
{
-@@ -4377,9 +4492,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4374,9 +4489,6 @@ static bool ieee80211_invoke_fast_rx(str
} addrs __aligned(2);
struct ieee80211_sta_rx_stats *stats = &sta->rx_stats;
/* for parallel-rx, we need to have DUP_VALIDATED, otherwise we write
* to a common data structure; drivers can implement that per queue
* but we don't have that information in mac80211
-@@ -4453,32 +4565,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4450,32 +4562,6 @@ static bool ieee80211_invoke_fast_rx(str
pskb_trim(skb, skb->len - fast_rx->icv_len))
goto drop;
if (rx->key && !ieee80211_has_protected(hdr->frame_control))
goto drop;
-@@ -4490,12 +4576,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4487,12 +4573,6 @@ static bool ieee80211_invoke_fast_rx(str
return true;
}
/* do the header conversion - first grab the addresses */
ether_addr_copy(addrs.da, skb->data + fast_rx->da_offs);
ether_addr_copy(addrs.sa, skb->data + fast_rx->sa_offs);
-@@ -4504,62 +4584,14 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4501,62 +4581,14 @@ static bool ieee80211_invoke_fast_rx(str
/* push the addresses in front */
memcpy(skb_push(skb, sizeof(addrs)), &addrs, sizeof(addrs));
stats->dropped++;
return true;
}
-@@ -4613,6 +4645,47 @@ static bool ieee80211_prepare_and_rx_han
+@@ -4610,6 +4642,47 @@ static bool ieee80211_prepare_and_rx_han
return true;
}
/*
* This is the actual Rx frames handler. as it belongs to Rx path it must
* be called with rcu_read_lock protection.
-@@ -4850,15 +4923,20 @@ void ieee80211_rx_list(struct ieee80211_
+@@ -4847,15 +4920,20 @@ void ieee80211_rx_list(struct ieee80211_
* if it was previously present.
* Also, frames with less than 16 bytes are dropped.
*/
tx->sta = sta_info_get_bss(sdata, hdr->addr1);
}
if (!tx->sta && !is_multicast_ether_addr(hdr->addr1))
-@@ -5421,6 +5419,7 @@ int ieee80211_tx_control_port(struct wip
+@@ -5443,6 +5441,7 @@ int ieee80211_tx_control_port(struct wip
{
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
struct ieee80211_local *local = sdata->local;
struct sk_buff *skb;
struct ethhdr *ehdr;
u32 ctrl_flags = 0;
-@@ -5443,8 +5442,7 @@ int ieee80211_tx_control_port(struct wip
+@@ -5465,8 +5464,7 @@ int ieee80211_tx_control_port(struct wip
if (cookie)
ctrl_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
skb = dev_alloc_skb(local->hw.extra_tx_headroom +
sizeof(struct ethhdr) + len);
-@@ -5461,10 +5459,25 @@ int ieee80211_tx_control_port(struct wip
+@@ -5483,10 +5481,25 @@ int ieee80211_tx_control_port(struct wip
ehdr->h_proto = proto;
skb->dev = dev;
spin_unlock_bh(&fq->lock);
}
-@@ -3844,6 +3853,9 @@ bool ieee80211_txq_airtime_check(struct
+@@ -3866,6 +3875,9 @@ bool ieee80211_txq_airtime_check(struct
if (!txq->sta)
return true;
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
-@@ -4171,6 +4171,9 @@ static bool ieee80211_tx_8023(struct iee
+@@ -4193,6 +4193,9 @@ static bool ieee80211_tx_8023(struct iee
unsigned long flags;
int q = info->hw_queue;
struct rate_control_ops {
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
-@@ -1153,29 +1153,6 @@ minstrel_downgrade_prob_rate(struct mins
+@@ -1144,29 +1144,6 @@ minstrel_downgrade_prob_rate(struct mins
}
static void
minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
void *priv_sta, struct ieee80211_tx_status *st)
{
-@@ -1477,10 +1454,6 @@ minstrel_ht_get_rate(void *priv, struct
+@@ -1461,10 +1438,6 @@ minstrel_ht_get_rate(void *priv, struct
struct minstrel_priv *mp = priv;
u16 sample_idx;
info->flags |= mi->tx_flags;
#ifdef CPTCFG_MAC80211_DEBUGFS
-@@ -1894,6 +1867,7 @@ static u32 minstrel_ht_get_expected_thro
+@@ -1870,6 +1843,7 @@ static u32 minstrel_ht_get_expected_thro
static const struct rate_control_ops mac80211_minstrel_ht = {
.name = "minstrel_ht",
.rate_init = minstrel_ht_rate_init,
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
-@@ -3931,6 +3931,29 @@ void ieee80211_txq_schedule_start(struct
+@@ -3953,6 +3953,29 @@ void ieee80211_txq_schedule_start(struct
}
EXPORT_SYMBOL(ieee80211_txq_schedule_start);
void __ieee80211_subif_start_xmit(struct sk_buff *skb,
struct net_device *dev,
u32 info_flags,
-@@ -3961,6 +3984,8 @@ void __ieee80211_subif_start_xmit(struct
+@@ -3983,6 +4006,8 @@ void __ieee80211_subif_start_xmit(struct
skb_get_hash(skb);
}
if (sta) {
struct ieee80211_fast_tx *fast_tx;
-@@ -4224,6 +4249,8 @@ static void ieee80211_8023_xmit(struct i
+@@ -4246,6 +4271,8 @@ static void ieee80211_8023_xmit(struct i
memset(info, 0, sizeof(*info));
CALL_TXH(ieee80211_tx_h_michael_mic_add);
CALL_TXH(ieee80211_tx_h_sequence);
CALL_TXH(ieee80211_tx_h_fragment);
-@@ -3382,15 +3383,21 @@ out:
+@@ -3404,15 +3405,21 @@ out:
* Can be called while the sta lock is held. Anything that can cause packets to
* be generated will cause deadlock!
*/
if (key)
info->control.hw_key = &key->conf;
-@@ -3439,6 +3446,8 @@ static void ieee80211_xmit_fast_finish(s
+@@ -3461,6 +3468,8 @@ static void ieee80211_xmit_fast_finish(s
break;
}
}
}
static bool ieee80211_xmit_fast(struct ieee80211_sub_if_data *sdata,
-@@ -3542,24 +3551,17 @@ static bool ieee80211_xmit_fast(struct i
+@@ -3564,24 +3573,17 @@ static bool ieee80211_xmit_fast(struct i
tx.sta = sta;
tx.key = fast_tx->key;
if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
sdata = container_of(sdata->bss,
-@@ -3670,8 +3672,12 @@ begin:
+@@ -3692,8 +3694,12 @@ begin:
(tx.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
pn_offs = ieee80211_hdrlen(hdr->frame_control);
tx->sta->tx_stats.last_rate = txrc.reported_rate;
} else if (tx->sta)
tx->sta->tx_stats.last_rate = txrc.reported_rate;
-@@ -3660,8 +3662,16 @@ begin:
+@@ -3682,8 +3684,16 @@ begin:
else
info->flags &= ~IEEE80211_TX_CTL_AMPDU;
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
-@@ -1466,7 +1466,7 @@ minstrel_ht_get_rate(void *priv, struct
+@@ -1450,7 +1450,7 @@ minstrel_ht_get_rate(void *priv, struct
(info->control.flags & IEEE80211_TX_CTRL_PORT_CTRL_PROTO))
return;
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Sat, 19 Jun 2021 12:10:14 +0200
-Subject: [PATCH] mac80211: remove iwlwifi specific workaround that broke sta
- NDP tx
-
-Sending nulldata packets is important for sw AP link probing and detecting
-4-address mode links. The checks that dropped these packets were apparently
-added to work around an iwlwifi firmware bug with multi-TID aggregation.
-
-Fixes: 41cbb0f5a295 ("mac80211: add support for HE")
-Cc: stable@vger.kernel.org
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
-+++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
-@@ -1085,6 +1085,9 @@ static int iwl_mvm_tx_mpdu(struct iwl_mv
- if (WARN_ON_ONCE(mvmsta->sta_id == IWL_MVM_INVALID_STA))
- return -1;
-
-+ if (unlikely(ieee80211_is_any_nullfunc(fc)) && sta->he_cap.has_he)
-+ return -1;
-+
- if (unlikely(ieee80211_is_probe_resp(fc)))
- iwl_mvm_probe_resp_set_noa(mvm, skb);
-
---- a/net/mac80211/mlme.c
-+++ b/net/mac80211/mlme.c
-@@ -1094,11 +1094,6 @@ void ieee80211_send_nullfunc(struct ieee
- struct ieee80211_hdr_3addr *nullfunc;
- struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
-
-- /* Don't send NDPs when STA is connected HE */
-- if (sdata->vif.type == NL80211_IFTYPE_STATION &&
-- !(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
-- return;
--
- skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif,
- !ieee80211_hw_check(&local->hw, DOESNT_SUPPORT_QOS_NDP));
- if (!skb)
-@@ -1130,10 +1125,6 @@ static void ieee80211_send_4addr_nullfun
- if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
- return;
-
-- /* Don't send NDPs when connected HE */
-- if (!(sdata->u.mgd.flags & IEEE80211_STA_DISABLE_HE))
-- return;
--
- skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
- if (!skb)
- return;
if (tid_tx) {
bool queued;
-@@ -3947,29 +3977,6 @@ void ieee80211_txq_schedule_start(struct
+@@ -3969,29 +3999,6 @@ void ieee80211_txq_schedule_start(struct
}
EXPORT_SYMBOL(ieee80211_txq_schedule_start);
__NL80211_ATTR_AFTER_LAST,
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -2709,6 +2709,19 @@ static int ieee80211_get_tx_power(struct
+@@ -2728,6 +2728,19 @@ static int ieee80211_get_tx_power(struct
return 0;
}
static int ieee80211_set_wds_peer(struct wiphy *wiphy, struct net_device *dev,
const u8 *addr)
{
-@@ -4139,6 +4152,7 @@ const struct cfg80211_ops mac80211_confi
+@@ -4158,6 +4171,7 @@ const struct cfg80211_ops mac80211_confi
.set_wiphy_params = ieee80211_set_wiphy_params,
.set_tx_power = ieee80211_set_tx_power,
.get_tx_power = ieee80211_get_tx_power,