PKG_NAME:=mac80211
-PKG_VERSION:=5.10.110-1
+PKG_VERSION:=5.10.149-1
PKG_RELEASE:=1
-PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.110/
-PKG_HASH:=3d958154080c059adaf26512430fd1a8888d65a2228e5e70e48d028201e148b1
+PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.149/
+PKG_HASH:=80a68a78c9b18513bad0bbd0cb70907eadbfd9bba44c075a94f0795fd7f7be2a
PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
-@@ -3252,6 +3252,8 @@ void regulatory_hint_country_ie(struct w
+@@ -3257,6 +3257,8 @@ void regulatory_hint_country_ie(struct w
enum environment_cap env = ENVIRON_ANY;
struct regulatory_request *request = NULL, *lr;
/* IE len must be evenly divisible by 2 */
if (country_ie_len & 0x01)
return;
-@@ -3503,6 +3505,7 @@ static bool is_wiphy_all_set_reg_flag(en
+@@ -3508,6 +3510,7 @@ static bool is_wiphy_all_set_reg_flag(en
void regulatory_hint_disconnect(void)
{
+++ /dev/null
-From 4509e523dba46f789377cfec6f20579adf743416 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Thibaut=20VAR=C3=88NE?= <hacks+kernel@slashdirt.org>
-Date: Sun, 17 Apr 2022 11:31:35 +0200
-Subject: [PATCH v2] ath9k: fix QCA9561 PA bias level
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch fixes an invalid TX PA DC bias level on QCA9561, which
-results in a very low output power and very low throughput as devices
-are further away from the AP (compared to other 2.4GHz APs).
-
-This patch was suggested by Felix Fietkau, who noted[1]:
-"The value written to that register is wrong, because while the mask
-definition AR_CH0_TOP2_XPABIASLVL uses a different value for 9561, the
-shift definition AR_CH0_TOP2_XPABIASLVL_S is hardcoded to 12, which is
-wrong for 9561."
-
-In real life testing, without this patch the 2.4GHz throughput on
-Yuncore XD3200 is around 10Mbps sitting next to the AP, and closer to
-practical maximum with the patch applied.
-
-[1] https://lore.kernel.org/all/91c58969-c60e-2f41-00ac-737786d435ae@nbd.name
-
-Signed-off-by: Thibaut VARÈNE <hacks+kernel@slashdirt.org>
----
-v2: Adjust #define per Felix's suggestion
----
- drivers/net/wireless/ath/ath9k/ar9003_phy.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/net/wireless/ath/ath9k/ar9003_phy.h b/drivers/net/wireless/ath/ath9k/ar9003_phy.h
-index a171dbb29..ad949eb02 100644
---- a/drivers/net/wireless/ath/ath9k/ar9003_phy.h
-+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.h
-@@ -720,7 +720,7 @@
- #define AR_CH0_TOP2 (AR_SREV_9300(ah) ? 0x1628c : \
- (AR_SREV_9462(ah) ? 0x16290 : 0x16284))
- #define AR_CH0_TOP2_XPABIASLVL (AR_SREV_9561(ah) ? 0x1e00 : 0xf000)
--#define AR_CH0_TOP2_XPABIASLVL_S 12
-+#define AR_CH0_TOP2_XPABIASLVL_S (AR_SREV_9561(ah) ? 9 : 12)
-
- #define AR_CH0_XTAL (AR_SREV_9300(ah) ? 0x16294 : \
- ((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x16298 : \
---
-2.30.2
-
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -9732,6 +9732,21 @@ static int ath10k_mac_init_rd(struct ath
+@@ -9748,6 +9748,21 @@ static int ath10k_mac_init_rd(struct ath
return 0;
}
int ath10k_mac_register(struct ath10k *ar)
{
static const u32 cipher_suites[] = {
-@@ -10081,6 +10096,12 @@ int ath10k_mac_register(struct ath10k *a
+@@ -10097,6 +10112,12 @@ int ath10k_mac_register(struct ath10k *a
ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
if (ret)
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -10098,7 +10098,7 @@ int ath10k_mac_register(struct ath10k *a
+@@ -10114,7 +10114,7 @@ int ath10k_mac_register(struct ath10k *a
ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
#ifdef CPTCFG_MAC80211_LEDS
else
cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
-@@ -4734,7 +4734,8 @@ void ieee80211_mgd_quiesce(struct ieee80
+@@ -4745,7 +4745,8 @@ void ieee80211_mgd_quiesce(struct ieee80
if (ifmgd->auth_data)
ieee80211_destroy_auth_data(sdata, false);
cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
-@@ -736,6 +736,7 @@ static const struct nla_policy nl80211_p
+@@ -741,6 +741,7 @@ static const struct nla_policy nl80211_p
NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
[NL80211_ATTR_S1G_CAPABILITY_MASK] =
NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
};
/* policy for the key attributes */
-@@ -15914,7 +15915,7 @@ static void nl80211_send_mlme_event(stru
+@@ -15934,7 +15935,7 @@ static void nl80211_send_mlme_event(stru
const u8 *buf, size_t len,
enum nl80211_commands cmd, gfp_t gfp,
int uapsd_queues, const u8 *req_ies,
{
struct sk_buff *msg;
void *hdr;
-@@ -15936,6 +15937,9 @@ static void nl80211_send_mlme_event(stru
+@@ -15956,6 +15957,9 @@ static void nl80211_send_mlme_event(stru
nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
goto nla_put_failure;
if (uapsd_queues >= 0) {
struct nlattr *nla_wmm =
nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
-@@ -15964,7 +15968,8 @@ void nl80211_send_rx_auth(struct cfg8021
+@@ -15984,7 +15988,8 @@ void nl80211_send_rx_auth(struct cfg8021
size_t len, gfp_t gfp)
{
nl80211_send_mlme_event(rdev, netdev, buf, len,
}
void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
-@@ -15974,23 +15979,25 @@ void nl80211_send_rx_assoc(struct cfg802
+@@ -15994,23 +15999,25 @@ void nl80211_send_rx_assoc(struct cfg802
{
nl80211_send_mlme_event(rdev, netdev, buf, len,
NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
}
void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
-@@ -16021,7 +16028,7 @@ void cfg80211_rx_unprot_mlme_mgmt(struct
+@@ -16041,7 +16048,7 @@ void cfg80211_rx_unprot_mlme_mgmt(struct
trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
bool assoc)
-@@ -3141,7 +3170,7 @@ static void ieee80211_rx_mgmt_deauth(str
+@@ -3142,7 +3171,7 @@ static void ieee80211_rx_mgmt_deauth(str
ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
return;
}
-@@ -3190,7 +3219,8 @@ static void ieee80211_rx_mgmt_disassoc(s
+@@ -3191,7 +3220,8 @@ static void ieee80211_rx_mgmt_disassoc(s
ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
}
static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
-@@ -4214,7 +4244,8 @@ static void ieee80211_rx_mgmt_beacon(str
+@@ -4223,7 +4253,8 @@ static void ieee80211_rx_mgmt_beacon(str
true, deauth_buf);
ieee80211_report_disconnect(sdata, deauth_buf,
sizeof(deauth_buf), true,
- WLAN_REASON_DEAUTH_LEAVING);
+ WLAN_REASON_DEAUTH_LEAVING,
+ false);
- return;
+ goto free;
}
-@@ -4359,7 +4390,7 @@ static void ieee80211_sta_connection_los
+@@ -4370,7 +4401,7 @@ static void ieee80211_sta_connection_los
tx, frame_buf);
ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
}
static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
-@@ -5449,7 +5480,8 @@ int ieee80211_mgd_auth(struct ieee80211_
+@@ -5460,7 +5491,8 @@ int ieee80211_mgd_auth(struct ieee80211_
ieee80211_report_disconnect(sdata, frame_buf,
sizeof(frame_buf), true,
}
sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
-@@ -5521,7 +5553,8 @@ int ieee80211_mgd_assoc(struct ieee80211
+@@ -5532,7 +5564,8 @@ int ieee80211_mgd_assoc(struct ieee80211
ieee80211_report_disconnect(sdata, frame_buf,
sizeof(frame_buf), true,
}
if (ifmgd->auth_data && !ifmgd->auth_data->done) {
-@@ -5824,7 +5857,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5835,7 +5868,7 @@ int ieee80211_mgd_deauth(struct ieee8021
ieee80211_destroy_auth_data(sdata, false);
ieee80211_report_disconnect(sdata, frame_buf,
sizeof(frame_buf), true,
return 0;
}
-@@ -5844,7 +5877,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5855,7 +5888,7 @@ int ieee80211_mgd_deauth(struct ieee8021
ieee80211_destroy_assoc_data(sdata, false, true);
ieee80211_report_disconnect(sdata, frame_buf,
sizeof(frame_buf), true,
return 0;
}
-@@ -5859,7 +5892,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5870,7 +5903,7 @@ int ieee80211_mgd_deauth(struct ieee8021
req->reason_code, tx, frame_buf);
ieee80211_report_disconnect(sdata, frame_buf,
sizeof(frame_buf), true,
return 0;
}
-@@ -5892,7 +5925,7 @@ int ieee80211_mgd_disassoc(struct ieee80
+@@ -5903,7 +5936,7 @@ int ieee80211_mgd_disassoc(struct ieee80
frame_buf);
ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
/**
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
-@@ -736,6 +736,9 @@ static const struct nla_policy nl80211_p
+@@ -741,6 +741,9 @@ static const struct nla_policy nl80211_p
NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
[NL80211_ATTR_S1G_CAPABILITY_MASK] =
NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
};
-@@ -9763,6 +9766,12 @@ static int nl80211_crypto_settings(struc
+@@ -9778,6 +9781,12 @@ static int nl80211_crypto_settings(struc
nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
}
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
-@@ -2941,6 +2941,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
+@@ -2942,6 +2942,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
if (!fwd_skb)
goto out;
enabled = bss->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED;
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
-@@ -4198,7 +4198,9 @@ void ieee80211_check_fast_rx(struct sta_
+@@ -4199,7 +4199,9 @@ void ieee80211_check_fast_rx(struct sta_
.vif_type = sdata->vif.type,
.control_port_protocol = sdata->control_port_protocol,
}, *old, *new = NULL;
/* use sparse to check that we don't return without updating */
__acquire(check_fast_rx);
-@@ -4311,6 +4313,17 @@ void ieee80211_check_fast_rx(struct sta_
+@@ -4312,6 +4314,17 @@ void ieee80211_check_fast_rx(struct sta_
if (assign)
new = kmemdup(&fastrx, sizeof(fastrx), GFP_KERNEL);
spin_lock_bh(&sta->lock);
old = rcu_dereference_protected(sta->fast_rx, true);
rcu_assign_pointer(sta->fast_rx, new);
-@@ -4357,6 +4370,108 @@ void ieee80211_check_fast_rx_iface(struc
+@@ -4358,6 +4371,108 @@ void ieee80211_check_fast_rx_iface(struc
mutex_unlock(&local->sta_mtx);
}
static bool ieee80211_invoke_fast_rx(struct ieee80211_rx_data *rx,
struct ieee80211_fast_rx *fast_rx)
{
-@@ -4377,9 +4492,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4378,9 +4493,6 @@ static bool ieee80211_invoke_fast_rx(str
} addrs __aligned(2);
struct ieee80211_sta_rx_stats *stats = &sta->rx_stats;
/* for parallel-rx, we need to have DUP_VALIDATED, otherwise we write
* to a common data structure; drivers can implement that per queue
* but we don't have that information in mac80211
-@@ -4453,32 +4565,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4454,32 +4566,6 @@ static bool ieee80211_invoke_fast_rx(str
pskb_trim(skb, skb->len - fast_rx->icv_len))
goto drop;
if (rx->key && !ieee80211_has_protected(hdr->frame_control))
goto drop;
-@@ -4490,12 +4576,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4491,12 +4577,6 @@ static bool ieee80211_invoke_fast_rx(str
return true;
}
/* do the header conversion - first grab the addresses */
ether_addr_copy(addrs.da, skb->data + fast_rx->da_offs);
ether_addr_copy(addrs.sa, skb->data + fast_rx->sa_offs);
-@@ -4504,62 +4584,14 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4505,62 +4585,14 @@ static bool ieee80211_invoke_fast_rx(str
/* push the addresses in front */
memcpy(skb_push(skb, sizeof(addrs)), &addrs, sizeof(addrs));
stats->dropped++;
return true;
}
-@@ -4613,6 +4645,47 @@ static bool ieee80211_prepare_and_rx_han
+@@ -4614,6 +4646,47 @@ static bool ieee80211_prepare_and_rx_han
return true;
}
/*
* This is the actual Rx frames handler. as it belongs to Rx path it must
* be called with rcu_read_lock protection.
-@@ -4850,15 +4923,20 @@ void ieee80211_rx_list(struct ieee80211_
+@@ -4851,15 +4924,20 @@ void ieee80211_rx_list(struct ieee80211_
* if it was previously present.
* Also, frames with less than 16 bytes are dropped.
*/
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -1587,13 +1587,8 @@ ieee80211_have_rx_timestamp(struct ieee8
+@@ -1592,13 +1592,8 @@ ieee80211_have_rx_timestamp(struct ieee8
{
WARN_ON_ONCE(status->flag & RX_FLAG_MACTIME_START &&
status->flag & RX_FLAG_MACTIME_END);
void ieee80211_vif_inc_num_mcast(struct ieee80211_sub_if_data *sdata);
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
-@@ -3670,6 +3670,7 @@ u64 ieee80211_calculate_rx_timestamp(str
+@@ -3673,6 +3673,7 @@ u64 ieee80211_calculate_rx_timestamp(str
u64 ts = status->mactime;
struct rate_info ri;
u16 rate;
if (WARN_ON(!ieee80211_have_rx_timestamp(status)))
return 0;
-@@ -3680,11 +3681,58 @@ u64 ieee80211_calculate_rx_timestamp(str
+@@ -3683,11 +3684,58 @@ u64 ieee80211_calculate_rx_timestamp(str
/* Fill cfg80211 rate info */
switch (status->encoding) {
break;
case RX_ENC_VHT:
ri.flags |= RATE_INFO_FLAGS_VHT_MCS;
-@@ -3692,6 +3740,23 @@ u64 ieee80211_calculate_rx_timestamp(str
+@@ -3695,6 +3743,23 @@ u64 ieee80211_calculate_rx_timestamp(str
ri.nss = status->nss;
if (status->enc_flags & RX_ENC_FLAG_SHORT_GI)
ri.flags |= RATE_INFO_FLAGS_SHORT_GI;
break;
default:
WARN_ON(1);
-@@ -3715,7 +3780,6 @@ u64 ieee80211_calculate_rx_timestamp(str
+@@ -3718,7 +3783,6 @@ u64 ieee80211_calculate_rx_timestamp(str
ri.legacy = DIV_ROUND_UP(bitrate, (1 << shift));
if (status->flag & RX_FLAG_MACTIME_PLCP_START) {
DEBUGFS_ADD_MODE(aqm, 0600);
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -1140,6 +1140,8 @@ enum mac80211_scan_state {
+@@ -1145,6 +1145,8 @@ enum mac80211_scan_state {
SCAN_ABORT,
};
struct work_struct csa_finalize_work;
bool csa_block_tx; /* write-protected by sdata_lock and local->mtx */
struct cfg80211_chan_def csa_chandef;
-@@ -1143,6 +1141,44 @@ enum mac80211_scan_state {
+@@ -1148,6 +1146,44 @@ enum mac80211_scan_state {
SCAN_ABORT,
};
DECLARE_STATIC_KEY_FALSE(aql_disable);
struct ieee80211_local {
-@@ -1156,13 +1192,8 @@ struct ieee80211_local {
+@@ -1161,13 +1197,8 @@ struct ieee80211_local {
struct codel_params cparams;
/* protects active_txqs and txqi->schedule_order */
u32 aql_threshold;
atomic_t aql_total_pending_airtime;
-@@ -1581,6 +1612,125 @@ static inline bool txq_has_queue(struct
+@@ -1586,6 +1617,125 @@ static inline bool txq_has_queue(struct
return !(skb_queue_empty(&txqi->frags) && !txqi->tin.backlog_packets);
}
static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr)
{
return ether_addr_equal(raddr, addr) ||
-@@ -1821,6 +1971,14 @@ int ieee80211_tx_control_port(struct wip
+@@ -1826,6 +1976,14 @@ int ieee80211_tx_control_port(struct wip
u64 *cookie);
int ieee80211_probe_mesh_link(struct wiphy *wiphy, struct net_device *dev,
const u8 *buf, size_t len);
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
-@@ -1573,12 +1573,8 @@ static void sta_ps_start(struct sta_info
+@@ -1572,12 +1572,8 @@ static void sta_ps_start(struct sta_info
for (tid = 0; tid < IEEE80211_NUM_TIDS; tid++) {
struct ieee80211_txq *txq = sta->sta.txq[tid];
static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
[0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
-@@ -739,6 +751,7 @@ static const struct nla_policy nl80211_p
+@@ -744,6 +756,7 @@ static const struct nla_policy nl80211_p
[NL80211_ATTR_SAE_PWE] =
NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
NL80211_SAE_PWE_BOTH),
[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
};
-@@ -2117,6 +2130,56 @@ fail:
+@@ -2122,6 +2135,56 @@ fail:
return -ENOBUFS;
}
struct nl80211_dump_wiphy_state {
s64 filter_wiphy;
long start;
-@@ -2366,6 +2429,8 @@ static int nl80211_send_wiphy(struct cfg
+@@ -2371,6 +2434,8 @@ static int nl80211_send_wiphy(struct cfg
CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
CMD(update_ft_ies, UPDATE_FT_IES);
}
#undef CMD
-@@ -2691,6 +2756,11 @@ static int nl80211_send_wiphy(struct cfg
+@@ -2696,6 +2761,11 @@ static int nl80211_send_wiphy(struct cfg
if (nl80211_put_tid_config_support(rdev, msg))
goto nla_put_failure;
/* done */
state->split_start = 0;
-@@ -14724,6 +14794,111 @@ static void nl80211_post_doit(__genl_con
+@@ -14744,6 +14814,111 @@ static void nl80211_post_doit(__genl_con
}
}
static __genl_const struct genl_ops nl80211_ops[] = {
{
.cmd = NL80211_CMD_GET_WIPHY,
-@@ -15587,6 +15762,14 @@ static const struct genl_small_ops nl802
+@@ -15607,6 +15782,14 @@ static const struct genl_small_ops nl802
.internal_flags = NL80211_FLAG_NEED_NETDEV |
NL80211_FLAG_NEED_RTNL,
},
NUM_NL80211_EXT_FEATURES,
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
-@@ -753,6 +753,10 @@ static const struct nla_policy nl80211_p
+@@ -758,6 +758,10 @@ static const struct nla_policy nl80211_p
NL80211_SAE_PWE_BOTH),
[NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
};
/* policy for the key attributes */
-@@ -14689,6 +14693,106 @@ bad_tid_conf:
+@@ -14709,6 +14713,106 @@ bad_tid_conf:
return ret;
}
#define NL80211_FLAG_NEED_WIPHY 0x01
#define NL80211_FLAG_NEED_NETDEV 0x02
#define NL80211_FLAG_NEED_RTNL 0x04
-@@ -15770,6 +15874,14 @@ static const struct genl_small_ops nl802
+@@ -15790,6 +15894,14 @@ static const struct genl_small_ops nl802
.internal_flags = NL80211_FLAG_NEED_WIPHY |
NL80211_FLAG_NEED_RTNL,
},
};
static struct genl_family nl80211_fam __genl_ro_after_init = {
-@@ -17397,6 +17509,51 @@ void cfg80211_ch_switch_started_notify(s
+@@ -17417,6 +17529,51 @@ void cfg80211_ch_switch_started_notify(s
}
EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
struct list_head assigned_chanctx_list; /* protected by chanctx_mtx */
struct list_head reserved_chanctx_list; /* protected by chanctx_mtx */
-@@ -1900,6 +1908,9 @@ void ieee80211_csa_finalize_work(struct
+@@ -1905,6 +1913,9 @@ void ieee80211_csa_finalize_work(struct
int ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
struct cfg80211_csa_settings *params);
u8 needed_rx_chains;
enum ieee80211_smps_mode smps_mode;
-@@ -2093,6 +2094,11 @@ ieee80211_he_op_ie_to_bss_conf(struct ie
+@@ -2098,6 +2099,11 @@ ieee80211_he_op_ie_to_bss_conf(struct ie
/* S1G */
void ieee80211_s1g_sta_rate_init(struct sta_info *sta);
INIT_WORK(&sdata->csa_finalize_work, ieee80211_csa_finalize_work);
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
-@@ -3210,6 +3210,68 @@ ieee80211_rx_h_mgmt_check(struct ieee802
+@@ -3211,6 +3211,68 @@ ieee80211_rx_h_mgmt_check(struct ieee802
return RX_CONTINUE;
}
static ieee80211_rx_result debug_noinline
ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
{
-@@ -3489,6 +3551,17 @@ ieee80211_rx_h_action(struct ieee80211_r
+@@ -3490,6 +3552,17 @@ ieee80211_rx_h_action(struct ieee80211_r
!mesh_path_sel_is_hwmp(sdata))
break;
goto queue;
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -2757,7 +2757,7 @@ static const struct ieee80211_sband_ifty
+@@ -2759,7 +2759,7 @@ static const struct ieee80211_sband_ifty
.mac_cap_info[3] =
IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
.phy_cap_info[1] =
IEEE80211_HE_PHY_CAP1_PREAMBLE_PUNC_RX_MASK |
IEEE80211_HE_PHY_CAP1_DEVICE_CLASS_A |
-@@ -2801,7 +2801,7 @@ static const struct ieee80211_sband_ifty
+@@ -2803,7 +2803,7 @@ static const struct ieee80211_sband_ifty
.mac_cap_info[3] =
IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
.phy_cap_info[1] =
IEEE80211_HE_PHY_CAP1_PREAMBLE_PUNC_RX_MASK |
IEEE80211_HE_PHY_CAP1_DEVICE_CLASS_A |
-@@ -2847,7 +2847,7 @@ static const struct ieee80211_sband_ifty
+@@ -2849,7 +2849,7 @@ static const struct ieee80211_sband_ifty
.mac_cap_info[3] =
IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
.phy_cap_info[0] =
IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G |
IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
-@@ -2895,7 +2895,7 @@ static const struct ieee80211_sband_ifty
+@@ -2897,7 +2897,7 @@ static const struct ieee80211_sband_ifty
.mac_cap_info[3] =
IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
.mac_cap_info[5] =
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -2756,7 +2756,7 @@ static const struct ieee80211_sband_ifty
+@@ -2758,7 +2758,7 @@ static const struct ieee80211_sband_ifty
IEEE80211_HE_MAC_CAP2_ACK_EN,
.mac_cap_info[3] =
IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU,
.phy_cap_info[1] =
IEEE80211_HE_PHY_CAP1_PREAMBLE_PUNC_RX_MASK |
-@@ -2800,7 +2800,7 @@ static const struct ieee80211_sband_ifty
+@@ -2802,7 +2802,7 @@ static const struct ieee80211_sband_ifty
IEEE80211_HE_MAC_CAP2_ACK_EN,
.mac_cap_info[3] =
IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU,
.phy_cap_info[1] =
IEEE80211_HE_PHY_CAP1_PREAMBLE_PUNC_RX_MASK |
-@@ -2846,7 +2846,7 @@ static const struct ieee80211_sband_ifty
+@@ -2848,7 +2848,7 @@ static const struct ieee80211_sband_ifty
IEEE80211_HE_MAC_CAP2_ACK_EN,
.mac_cap_info[3] =
IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU,
.phy_cap_info[0] =
IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G |
-@@ -2894,7 +2894,7 @@ static const struct ieee80211_sband_ifty
+@@ -2896,7 +2896,7 @@ static const struct ieee80211_sband_ifty
IEEE80211_HE_MAC_CAP2_ACK_EN,
.mac_cap_info[3] =
IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+++ /dev/null
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Wed, 5 Oct 2022 21:24:10 +0200
-Subject: [PATCH] wifi: mac80211: fix crash in beacon protection for
- P2P-device
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit b2d03cabe2b2e150ff5a381731ea0355459be09f upstream.
-
-If beacon protection is active but the beacon cannot be
-decrypted or is otherwise malformed, we call the cfg80211
-API to report this to userspace, but that uses a netdev
-pointer, which isn't present for P2P-Device. Fix this to
-call it only conditionally to ensure cfg80211 won't crash
-in the case of P2P-Device.
-
-This fixes CVE-2022-42722.
-
-Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
-Fixes: 9eaf183af741 ("mac80211: Report beacon protection failures to user space")
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -1972,10 +1972,11 @@ ieee80211_rx_h_decrypt(struct ieee80211_
-
- if (mmie_keyidx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS ||
- mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
-- NUM_DEFAULT_BEACON_KEYS) {
-- cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
-- skb->data,
-- skb->len);
-+ NUM_DEFAULT_BEACON_KEYS) {
-+ if (rx->sdata->dev)
-+ cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
-+ skb->data,
-+ skb->len);
- return RX_DROP_MONITOR; /* unexpected BIP keyidx */
- }
-
-@@ -2123,7 +2124,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_
- /* either the frame has been decrypted or will be dropped */
- status->flag |= RX_FLAG_DECRYPTED;
-
-- if (unlikely(ieee80211_is_beacon(fc) && result == RX_DROP_UNUSABLE))
-+ if (unlikely(ieee80211_is_beacon(fc) && result == RX_DROP_UNUSABLE &&
-+ rx->sdata->dev))
- cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
- skb->data, skb->len);
-
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
-@@ -1406,6 +1406,7 @@ static size_t ieee802_11_find_bssid_prof
+@@ -1402,6 +1402,7 @@ static size_t ieee802_11_find_bssid_prof
if (!bss_bssid || !transmitter_bssid)
return profile_len;
continue;
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
-@@ -1982,6 +1982,7 @@ static const struct element
+@@ -2010,6 +2010,7 @@ static const struct element
const struct element *next_mbssid;
const struct element *next_sub;
next_mbssid = cfg80211_find_elem(WLAN_EID_MULTIPLE_BSSID,
mbssid_end,
ielen - (mbssid_end - ie));
-@@ -2063,6 +2064,7 @@ static void cfg80211_parse_mbssid_data(s
+@@ -2091,6 +2092,7 @@ static void cfg80211_parse_mbssid_data(s
u16 capability;
struct cfg80211_bss *bss;
if (!non_tx_data)
return;
if (!cfg80211_find_ie(WLAN_EID_MULTIPLE_BSSID, ie, ielen))
-@@ -2221,6 +2223,7 @@ cfg80211_update_notlisted_nontrans(struc
+@@ -2251,6 +2253,7 @@ cfg80211_update_notlisted_nontrans(struc
const struct cfg80211_bss_ies *old;
- u8 cpy_len;
+ size_t cpy_len;
+ return;
lockdep_assert_held(&wiphy_to_rdev(wiphy)->bss_lock);
ie = mgmt->u.probe_resp.variable;
-@@ -2436,6 +2439,7 @@ cfg80211_inform_bss_frame_data(struct wi
+@@ -2468,6 +2471,7 @@ cfg80211_inform_bss_frame_data(struct wi
res = cfg80211_inform_single_bss_frame_data(wiphy, data, mgmt,
len, gfp);
CFG80211_TESTMODE_CMD(ieee80211_testmode_cmd)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -1435,6 +1435,7 @@ struct ieee80211_local {
+@@ -1440,6 +1440,7 @@ struct ieee80211_local {
int dynamic_ps_forced_timeout;
int user_power_level; /* in dBm, for all interfaces */
local->hw.max_mtu = IEEE80211_MAX_DATA_LEN;
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
-@@ -757,6 +757,7 @@ static const struct nla_policy nl80211_p
+@@ -762,6 +762,7 @@ static const struct nla_policy nl80211_p
[NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 },
[NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 },
[NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy),
};
/* policy for the key attributes */
-@@ -3322,6 +3323,20 @@ static int nl80211_set_wiphy(struct sk_b
+@@ -3336,6 +3337,20 @@ static int nl80211_set_wiphy(struct sk_b
if (result)
return result;
}
projects / openwrt / staging / hauke.git / commitdiff