From 2d6a062b22c1dd8f1b6aae5235812bf9cfbdad11 Mon Sep 17 00:00:00 2001 From: Koen Vandeputte Date: Wed, 6 Nov 2019 13:38:51 +0100 Subject: [PATCH] mac80211: backport upstream fixes This potentially fixes some issues seen on IBSS when interfaces go out of range and then re-appear. Signed-off-by: Koen Vandeputte --- ...11-accept-deauth-frames-in-IBSS-mode.patch | 39 +++++++++++++++++++ ...domize-BA-session-dialog-token-alloc.patch | 38 ++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 package/kernel/mac80211/patches/subsys/363-mac80211-accept-deauth-frames-in-IBSS-mode.patch create mode 100644 package/kernel/mac80211/patches/subsys/364-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch diff --git a/package/kernel/mac80211/patches/subsys/363-mac80211-accept-deauth-frames-in-IBSS-mode.patch b/package/kernel/mac80211/patches/subsys/363-mac80211-accept-deauth-frames-in-IBSS-mode.patch new file mode 100644 index 000000000000..ad0792b4f663 --- /dev/null +++ b/package/kernel/mac80211/patches/subsys/363-mac80211-accept-deauth-frames-in-IBSS-mode.patch @@ -0,0 +1,39 @@ +From 95697f9907bfe3eab0ef20265a766b22e27dde64 Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Fri, 4 Oct 2019 15:37:05 +0300 +Subject: [PATCH] mac80211: accept deauth frames in IBSS mode + +We can process deauth frames and all, but we drop them very +early in the RX path today - this could never have worked. + +Fixes: 2cc59e784b54 ("mac80211: reply to AUTH with DEAUTH if sta allocation fails in IBSS") +Signed-off-by: Johannes Berg +Signed-off-by: Luca Coelho +Link: https://lore.kernel.org/r/20191004123706.15768-2-luca@coelho.fi +Signed-off-by: Johannes Berg +--- + net/mac80211/rx.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -3467,9 +3467,18 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_ + case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP): + /* process for all: mesh, mlme, ibss */ + break; ++ case cpu_to_le16(IEEE80211_STYPE_DEAUTH): ++ if (is_multicast_ether_addr(mgmt->da) && ++ !is_broadcast_ether_addr(mgmt->da)) ++ return RX_DROP_MONITOR; ++ ++ /* process only for station/IBSS */ ++ if (sdata->vif.type != NL80211_IFTYPE_STATION && ++ sdata->vif.type != NL80211_IFTYPE_ADHOC) ++ return RX_DROP_MONITOR; ++ break; + case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP): + case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP): +- case cpu_to_le16(IEEE80211_STYPE_DEAUTH): + case cpu_to_le16(IEEE80211_STYPE_DISASSOC): + if (is_multicast_ether_addr(mgmt->da) && + !is_broadcast_ether_addr(mgmt->da)) diff --git a/package/kernel/mac80211/patches/subsys/364-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch b/package/kernel/mac80211/patches/subsys/364-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch new file mode 100644 index 000000000000..dc7cac5ad15a --- /dev/null +++ b/package/kernel/mac80211/patches/subsys/364-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch @@ -0,0 +1,38 @@ +From b478e06a16a8baa00c5ecc87c1d636981f2206d5 Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Tue, 29 Oct 2019 10:25:25 +0100 +Subject: [PATCH] mac80211: sta: randomize BA session dialog token allocator + +We currently always start the dialog token generator at zero, +so the first dialog token we use is always 1. This would be +OK if we had a perfect guarantee that we always do a proper +deauth/re-auth handshake, but in IBSS mode this doesn't always +happen properly. + +To make problems with block ack (aggregation) sessions getting +stuck less likely, randomize the dialog token so if we start a +new session but the peer still has old state for us, it can +better detect this. + +This is really just a workaround to make things a bit more +robust than they are now - a better fix would be to do a full +authentication handshake in IBSS mode upon having discovered a +new station, and on the receiver resetting the state (removing +and re-adding the station) on receiving the authentication +packet. + +Signed-off-by: Johannes Berg +--- + net/mac80211/sta_info.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/mac80211/sta_info.c ++++ b/net/mac80211/sta_info.c +@@ -324,6 +324,7 @@ struct sta_info *sta_info_alloc(struct i + INIT_WORK(&sta->drv_deliver_wk, sta_deliver_ps_frames); + INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work); + mutex_init(&sta->ampdu_mlme.mtx); ++ sta->ampdu_mlme.dialog_token_allocator = prandom_u32_max(U8_MAX); + #ifdef CPTCFG_MAC80211_MESH + if (ieee80211_vif_is_mesh(&sdata->vif)) { + sta->mesh = kzalloc(sizeof(*sta->mesh), gfp); -- 2.30.2