Add mac80211 deauth fix pointed out by Stanislaw Gruszka
This commit is contained in:
parent
e520b1ec1d
commit
030861b341
10
kernel.spec
10
kernel.spec
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
||||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 1
|
||||
%global baserelease 2
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
@ -805,6 +805,8 @@ Patch21225: pci-Rework-ASPM-disable-code.patch
|
||||
|
||||
Patch21226: pci-crs-blacklist.patch
|
||||
|
||||
Patch21227: mac80211-fix-work-removal-on-deauth-request.patch
|
||||
|
||||
# compat-wireless patches
|
||||
Patch50000: compat-wireless-config-fixups.patch
|
||||
Patch50001: compat-wireless-change-CONFIG_IWLAGN-CONFIG_IWLWIFI.patch
|
||||
@ -1489,6 +1491,8 @@ ApplyPatch proc-fix-null-pointer-deref-in-proc_pid_permission.patch
|
||||
#rhbz 782681
|
||||
ApplyPatch proc-clean-up-and-fix-proc-pid-mem-handling.patch
|
||||
|
||||
ApplyPatch mac80211-fix-work-removal-on-deauth-request.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
@ -1556,6 +1560,7 @@ ApplyPatch compat-wireless-change-CONFIG_IWLAGN-CONFIG_IWLWIFI.patch
|
||||
ApplyPatch compat-wireless-pr_fmt-warning-avoidance.patch
|
||||
ApplyPatch compat-wireless-rtl8192cu-Fix-WARNING-on-suspend-resume.patch
|
||||
ApplyPatch mac80211-fix-rx-key-NULL-ptr-deref-in-promiscuous-mode.patch
|
||||
ApplyPatch mac80211-fix-work-removal-on-deauth-request.patch
|
||||
|
||||
#rhbz 731365, 773271
|
||||
ApplyPatch mac80211_offchannel_rework_revert.patch
|
||||
@ -2264,6 +2269,9 @@ fi
|
||||
# and build.
|
||||
|
||||
%changelog
|
||||
* Fri Jan 20 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- Add mac80211 deauth fix pointed out by Stanislaw Gruszka
|
||||
|
||||
* Thu Jan 19 2012 Dave Jones <davej@redhat.com> 3.2.1-1
|
||||
- Rebase to Linux 3.2.1
|
||||
|
||||
|
154
mac80211-fix-work-removal-on-deauth-request.patch
Normal file
154
mac80211-fix-work-removal-on-deauth-request.patch
Normal file
@ -0,0 +1,154 @@
|
||||
Path: news.gmane.org!not-for-mail
|
||||
From: Johannes Berg <johannes-cdvu00un1VgdHxzADdlk8Q@public.gmane.org>
|
||||
Newsgroups: gmane.linux.kernel.wireless.general
|
||||
Subject: [PATCH 3.3] mac80211: fix work removal on deauth request
|
||||
Date: Wed, 18 Jan 2012 14:10:25 +0100
|
||||
Lines: 107
|
||||
Approved: news@gmane.org
|
||||
Message-ID: <1326892225.4778.5.camel@jlt3.sipsolutions.net>
|
||||
NNTP-Posting-Host: lo.gmane.org
|
||||
Mime-Version: 1.0
|
||||
Content-Type: text/plain; charset="UTF-8"
|
||||
Content-Transfer-Encoding: 7bit
|
||||
X-Trace: dough.gmane.org 1326892249 18013 80.91.229.12 (18 Jan 2012 13:10:49 GMT)
|
||||
X-Complaints-To: usenet@dough.gmane.org
|
||||
NNTP-Posting-Date: Wed, 18 Jan 2012 13:10:49 +0000 (UTC)
|
||||
Cc: linux-wireless <linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
|
||||
Pontus Fuchs <pontus.fuchs-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
|
||||
To: John Linville <linville-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org>
|
||||
Original-X-From: linux-wireless-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Wed Jan 18 14:10:44 2012
|
||||
Return-path: <linux-wireless-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
|
||||
Envelope-to: glkwg-linux-wireless-1dZseelyfdZg9hUCZPvPmw@public.gmane.org
|
||||
Original-Received: from vger.kernel.org ([209.132.180.67])
|
||||
by lo.gmane.org with esmtp (Exim 4.69)
|
||||
(envelope-from <linux-wireless-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>)
|
||||
id 1RnVHo-00044l-Aq
|
||||
for glkwg-linux-wireless-1dZseelyfdZg9hUCZPvPmw@public.gmane.org; Wed, 18 Jan 2012 14:10:44 +0100
|
||||
Original-Received: (majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org) by vger.kernel.org via listexpand
|
||||
id S1757410Ab2ARNK3 (ORCPT
|
||||
<rfc822;glkwg-linux-wireless@m.gmane.org>);
|
||||
Wed, 18 Jan 2012 08:10:29 -0500
|
||||
Original-Received: from he.sipsolutions.net ([78.46.109.217]:45023 "EHLO
|
||||
sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
|
||||
with ESMTP id S1754365Ab2ARNK2 (ORCPT
|
||||
<rfc822;linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>);
|
||||
Wed, 18 Jan 2012 08:10:28 -0500
|
||||
Original-Received: by sipsolutions.net with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
||||
(Exim 4.77)
|
||||
(envelope-from <johannes-cdvu00un1VgdHxzADdlk8Q@public.gmane.org>)
|
||||
id 1RnVHW-0004hf-Lx; Wed, 18 Jan 2012 14:10:26 +0100
|
||||
X-Mailer: Evolution 2.30.3
|
||||
Original-Sender: linux-wireless-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
|
||||
Precedence: bulk
|
||||
List-ID: <linux-wireless.vger.kernel.org>
|
||||
X-Mailing-List: linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
|
||||
Xref: news.gmane.org gmane.linux.kernel.wireless.general:84095
|
||||
Archived-At: <http://permalink.gmane.org/gmane.linux.kernel.wireless.general/84095>
|
||||
|
||||
From: Johannes Berg <johannes.berg-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
|
||||
|
||||
When deauth is requested while an auth or assoc
|
||||
work item is in progress, we currently delete it
|
||||
without regard for any state it might need to
|
||||
clean up. Fix it by cleaning up for those items.
|
||||
|
||||
In the case Pontus found, the problem manifested
|
||||
itself as such:
|
||||
|
||||
authenticate with 00:23:69:aa:dd:7b (try 1)
|
||||
authenticated
|
||||
failed to insert Dummy STA entry for the AP (error -17)
|
||||
deauthenticating from 00:23:69:aa:dd:7b by local choice (reason=2)
|
||||
|
||||
It could also happen differently if the driver
|
||||
uses the tx_sync callback.
|
||||
|
||||
We can't just call the ->done() method of the work
|
||||
items because that will lock up due to the locking
|
||||
in cfg80211. This fix isn't very clean, but that
|
||||
seems acceptable since I have patches pending to
|
||||
remove this code completely.
|
||||
|
||||
Cc: stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
|
||||
Reported-by: Pontus Fuchs <pontus.fuchs-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
|
||||
Tested-by: Pontus Fuchs <pontus.fuchs-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
|
||||
Signed-off-by: Johannes Berg <johannes.berg-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
|
||||
---
|
||||
net/mac80211/mlme.c | 38 +++++++++++++++++++++++++++-----------
|
||||
1 file changed, 27 insertions(+), 11 deletions(-)
|
||||
|
||||
--- a/net/mac80211/mlme.c 2012-01-18 14:04:33.000000000 +0100
|
||||
+++ b/net/mac80211/mlme.c 2012-01-18 14:04:34.000000000 +0100
|
||||
@@ -2750,7 +2750,6 @@ int ieee80211_mgd_deauth(struct ieee8021
|
||||
{
|
||||
struct ieee80211_local *local = sdata->local;
|
||||
struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
|
||||
- struct ieee80211_work *wk;
|
||||
u8 bssid[ETH_ALEN];
|
||||
bool assoc_bss = false;
|
||||
|
||||
@@ -2763,30 +2762,47 @@ int ieee80211_mgd_deauth(struct ieee8021
|
||||
assoc_bss = true;
|
||||
} else {
|
||||
bool not_auth_yet = false;
|
||||
+ struct ieee80211_work *tmp, *wk = NULL;
|
||||
|
||||
mutex_unlock(&ifmgd->mtx);
|
||||
|
||||
mutex_lock(&local->mtx);
|
||||
- list_for_each_entry(wk, &local->work_list, list) {
|
||||
- if (wk->sdata != sdata)
|
||||
+ list_for_each_entry(tmp, &local->work_list, list) {
|
||||
+ if (tmp->sdata != sdata)
|
||||
continue;
|
||||
|
||||
- if (wk->type != IEEE80211_WORK_DIRECT_PROBE &&
|
||||
- wk->type != IEEE80211_WORK_AUTH &&
|
||||
- wk->type != IEEE80211_WORK_ASSOC &&
|
||||
- wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
|
||||
+ if (tmp->type != IEEE80211_WORK_DIRECT_PROBE &&
|
||||
+ tmp->type != IEEE80211_WORK_AUTH &&
|
||||
+ tmp->type != IEEE80211_WORK_ASSOC &&
|
||||
+ tmp->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
|
||||
continue;
|
||||
|
||||
- if (memcmp(req->bss->bssid, wk->filter_ta, ETH_ALEN))
|
||||
+ if (memcmp(req->bss->bssid, tmp->filter_ta, ETH_ALEN))
|
||||
continue;
|
||||
|
||||
- not_auth_yet = wk->type == IEEE80211_WORK_DIRECT_PROBE;
|
||||
- list_del_rcu(&wk->list);
|
||||
- free_work(wk);
|
||||
+ not_auth_yet = tmp->type == IEEE80211_WORK_DIRECT_PROBE;
|
||||
+ list_del_rcu(&tmp->list);
|
||||
+ synchronize_rcu();
|
||||
+ wk = tmp;
|
||||
break;
|
||||
}
|
||||
mutex_unlock(&local->mtx);
|
||||
|
||||
+ if (wk && wk->type == IEEE80211_WORK_ASSOC) {
|
||||
+ /* clean up dummy sta & TX sync */
|
||||
+ sta_info_destroy_addr(wk->sdata, wk->filter_ta);
|
||||
+ if (wk->assoc.synced)
|
||||
+ drv_finish_tx_sync(local, wk->sdata,
|
||||
+ wk->filter_ta,
|
||||
+ IEEE80211_TX_SYNC_ASSOC);
|
||||
+ } else if (wk && wk->type == IEEE80211_WORK_AUTH) {
|
||||
+ if (wk->probe_auth.synced)
|
||||
+ drv_finish_tx_sync(local, wk->sdata,
|
||||
+ wk->filter_ta,
|
||||
+ IEEE80211_TX_SYNC_AUTH);
|
||||
+ }
|
||||
+ kfree(wk);
|
||||
+
|
||||
/*
|
||||
* If somebody requests authentication and we haven't
|
||||
* sent out an auth frame yet there's no need to send
|
||||
|
||||
|
||||
--
|
||||
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
|
||||
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
|
||||
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
||||
|
Loading…
Reference in New Issue
Block a user