Add mac80211 deauth fix pointed out by Stanislaw Gruszka

This commit is contained in:
Josh Boyer 2012-01-20 09:38:57 -05:00
parent e520b1ec1d
commit 030861b341
2 changed files with 163 additions and 1 deletions

View File

@ -54,7 +54,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
%global baserelease 1
%global baserelease 2
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@ -805,6 +805,8 @@ Patch21225: pci-Rework-ASPM-disable-code.patch
Patch21226: pci-crs-blacklist.patch
Patch21227: mac80211-fix-work-removal-on-deauth-request.patch
# compat-wireless patches
Patch50000: compat-wireless-config-fixups.patch
Patch50001: compat-wireless-change-CONFIG_IWLAGN-CONFIG_IWLWIFI.patch
@ -1489,6 +1491,8 @@ ApplyPatch proc-fix-null-pointer-deref-in-proc_pid_permission.patch
#rhbz 782681
ApplyPatch proc-clean-up-and-fix-proc-pid-mem-handling.patch
ApplyPatch mac80211-fix-work-removal-on-deauth-request.patch
# END OF PATCH APPLICATIONS
%endif
@ -1556,6 +1560,7 @@ ApplyPatch compat-wireless-change-CONFIG_IWLAGN-CONFIG_IWLWIFI.patch
ApplyPatch compat-wireless-pr_fmt-warning-avoidance.patch
ApplyPatch compat-wireless-rtl8192cu-Fix-WARNING-on-suspend-resume.patch
ApplyPatch mac80211-fix-rx-key-NULL-ptr-deref-in-promiscuous-mode.patch
ApplyPatch mac80211-fix-work-removal-on-deauth-request.patch
#rhbz 731365, 773271
ApplyPatch mac80211_offchannel_rework_revert.patch
@ -2264,6 +2269,9 @@ fi
# and build.
%changelog
* Fri Jan 20 2012 Josh Boyer <jwboyer@redhat.com>
- Add mac80211 deauth fix pointed out by Stanislaw Gruszka
* Thu Jan 19 2012 Dave Jones <davej@redhat.com> 3.2.1-1
- Rebase to Linux 3.2.1

View File

@ -0,0 +1,154 @@
Path: news.gmane.org!not-for-mail
From: Johannes Berg <johannes-cdvu00un1VgdHxzADdlk8Q@public.gmane.org>
Newsgroups: gmane.linux.kernel.wireless.general
Subject: [PATCH 3.3] mac80211: fix work removal on deauth request
Date: Wed, 18 Jan 2012 14:10:25 +0100
Lines: 107
Approved: news@gmane.org
Message-ID: <1326892225.4778.5.camel@jlt3.sipsolutions.net>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Trace: dough.gmane.org 1326892249 18013 80.91.229.12 (18 Jan 2012 13:10:49 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Wed, 18 Jan 2012 13:10:49 +0000 (UTC)
Cc: linux-wireless <linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Pontus Fuchs <pontus.fuchs-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: John Linville <linville-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org>
Original-X-From: linux-wireless-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Wed Jan 18 14:10:44 2012
Return-path: <linux-wireless-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Envelope-to: glkwg-linux-wireless-1dZseelyfdZg9hUCZPvPmw@public.gmane.org
Original-Received: from vger.kernel.org ([209.132.180.67])
by lo.gmane.org with esmtp (Exim 4.69)
(envelope-from <linux-wireless-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>)
id 1RnVHo-00044l-Aq
for glkwg-linux-wireless-1dZseelyfdZg9hUCZPvPmw@public.gmane.org; Wed, 18 Jan 2012 14:10:44 +0100
Original-Received: (majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org) by vger.kernel.org via listexpand
id S1757410Ab2ARNK3 (ORCPT
<rfc822;glkwg-linux-wireless@m.gmane.org>);
Wed, 18 Jan 2012 08:10:29 -0500
Original-Received: from he.sipsolutions.net ([78.46.109.217]:45023 "EHLO
sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1754365Ab2ARNK2 (ORCPT
<rfc822;linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>);
Wed, 18 Jan 2012 08:10:28 -0500
Original-Received: by sipsolutions.net with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.77)
(envelope-from <johannes-cdvu00un1VgdHxzADdlk8Q@public.gmane.org>)
id 1RnVHW-0004hf-Lx; Wed, 18 Jan 2012 14:10:26 +0100
X-Mailer: Evolution 2.30.3
Original-Sender: linux-wireless-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Xref: news.gmane.org gmane.linux.kernel.wireless.general:84095
Archived-At: <http://permalink.gmane.org/gmane.linux.kernel.wireless.general/84095>
From: Johannes Berg <johannes.berg-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
When deauth is requested while an auth or assoc
work item is in progress, we currently delete it
without regard for any state it might need to
clean up. Fix it by cleaning up for those items.
In the case Pontus found, the problem manifested
itself as such:
authenticate with 00:23:69:aa:dd:7b (try 1)
authenticated
failed to insert Dummy STA entry for the AP (error -17)
deauthenticating from 00:23:69:aa:dd:7b by local choice (reason=2)
It could also happen differently if the driver
uses the tx_sync callback.
We can't just call the ->done() method of the work
items because that will lock up due to the locking
in cfg80211. This fix isn't very clean, but that
seems acceptable since I have patches pending to
remove this code completely.
Cc: stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Reported-by: Pontus Fuchs <pontus.fuchs-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Tested-by: Pontus Fuchs <pontus.fuchs-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Signed-off-by: Johannes Berg <johannes.berg-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
---
net/mac80211/mlme.c | 38 +++++++++++++++++++++++++++-----------
1 file changed, 27 insertions(+), 11 deletions(-)
--- a/net/mac80211/mlme.c 2012-01-18 14:04:33.000000000 +0100
+++ b/net/mac80211/mlme.c 2012-01-18 14:04:34.000000000 +0100
@@ -2750,7 +2750,6 @@ int ieee80211_mgd_deauth(struct ieee8021
{
struct ieee80211_local *local = sdata->local;
struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
- struct ieee80211_work *wk;
u8 bssid[ETH_ALEN];
bool assoc_bss = false;
@@ -2763,30 +2762,47 @@ int ieee80211_mgd_deauth(struct ieee8021
assoc_bss = true;
} else {
bool not_auth_yet = false;
+ struct ieee80211_work *tmp, *wk = NULL;
mutex_unlock(&ifmgd->mtx);
mutex_lock(&local->mtx);
- list_for_each_entry(wk, &local->work_list, list) {
- if (wk->sdata != sdata)
+ list_for_each_entry(tmp, &local->work_list, list) {
+ if (tmp->sdata != sdata)
continue;
- if (wk->type != IEEE80211_WORK_DIRECT_PROBE &&
- wk->type != IEEE80211_WORK_AUTH &&
- wk->type != IEEE80211_WORK_ASSOC &&
- wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
+ if (tmp->type != IEEE80211_WORK_DIRECT_PROBE &&
+ tmp->type != IEEE80211_WORK_AUTH &&
+ tmp->type != IEEE80211_WORK_ASSOC &&
+ tmp->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
continue;
- if (memcmp(req->bss->bssid, wk->filter_ta, ETH_ALEN))
+ if (memcmp(req->bss->bssid, tmp->filter_ta, ETH_ALEN))
continue;
- not_auth_yet = wk->type == IEEE80211_WORK_DIRECT_PROBE;
- list_del_rcu(&wk->list);
- free_work(wk);
+ not_auth_yet = tmp->type == IEEE80211_WORK_DIRECT_PROBE;
+ list_del_rcu(&tmp->list);
+ synchronize_rcu();
+ wk = tmp;
break;
}
mutex_unlock(&local->mtx);
+ if (wk && wk->type == IEEE80211_WORK_ASSOC) {
+ /* clean up dummy sta & TX sync */
+ sta_info_destroy_addr(wk->sdata, wk->filter_ta);
+ if (wk->assoc.synced)
+ drv_finish_tx_sync(local, wk->sdata,
+ wk->filter_ta,
+ IEEE80211_TX_SYNC_ASSOC);
+ } else if (wk && wk->type == IEEE80211_WORK_AUTH) {
+ if (wk->probe_auth.synced)
+ drv_finish_tx_sync(local, wk->sdata,
+ wk->filter_ta,
+ IEEE80211_TX_SYNC_AUTH);
+ }
+ kfree(wk);
+
/*
* If somebody requests authentication and we haven't
* sent out an auth frame yet there's no need to send
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html