This relatively large collection of fixes is all over - from things
that were broken a long time ago (the management key issue) but not noticed yet, to small issues that were only introduced into 3.19 (like the multicast issue). At least one issue is old but can crash the kernel based on invalid userspace requests (the nl80211 matches array one.) -----BEGIN PGP SIGNATURE----- iQIbBAABCAAGBQJUkt82AAoJEDBSmw7B7bqrk5YP+NN821jzWqTPZy7mS1NgwRrN 4VjPw1J6ba5LRCfS8cYOcG5zPq4i88DdiRzsFe7TW1g3ayy5tXNp0FzcgJ4lBV5T cWpXybtCYwnJxlaRBNmS9H7ZOCSjVJH8B1U75t5jmY8ondZ7mRUpN6Od2b6rKfq6 8HDZ+I7fr+tPeb/1tj9iq0XaJAPvZOpoJzA5Hgjvs6UOURAxIxRrU4l9LZ/bd6Uf jz0Kg0u59d9YNDn9MPX2KmMOyjbJ2t5MYHsAfxOB9usnaq8Toq1ZEszApiIXuyz/ GsgLBYL9gVpIUU95Us7lDv+sqT7cFflNvE9JtgcB5dkSxjZrRNLnJM09NggkOI9a A1BGReZODj2UPEKdXgWMC4Jr63xLZW5vr7mX9c8egQu2U/eqLACcz0ewMxMxaoEO bXEjegDv6FaGuGU1ul8D03cvgznLjoMUtnkcu5UIFLIt7uf0Ohrn8bFovrpo0DX2 wQt8VkOIrRBHXkvTDIZCyTbfZn9LI9M50q8YEZWX84wrA7gDkFQ6ByNrxdFET4zA Hjpjkwi9CbpaJ66Xp0WFbWJ6AMAfVJHYBTHnRU36nfbNb82qD6O+1nZVH7xGjbHB 7zk+nrXKjhdnCBhhIZBku+Fkug6+wBdZNkTFSch6Q1ZO+aLb4Z02j+yb1fylAzjf ar3E7Ssx+jtGfJ9RQAk= =iSDP -----END PGP SIGNATURE----- Merge tag 'mac80211-for-davem-2014-12-18' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== pull-request: mac80211 2014-12-18 Also from me a first pull request - we have a number of really old issues that happened to crop up now with new work (or just more testing) in the right areas as well as some small bugs newly introduced in 3.19. Let me know if there are any problems. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
commit
86c8fc4bbe
|
|
@ -1011,6 +1011,10 @@ ieee80211_vif_use_reserved_reassign(struct ieee80211_sub_if_data *sdata)
|
|||
|
||||
ieee80211_vif_update_chandef(sdata, &sdata->reserved_chandef);
|
||||
|
||||
ieee80211_recalc_smps_chanctx(local, new_ctx);
|
||||
ieee80211_recalc_radar_chanctx(local, new_ctx);
|
||||
ieee80211_recalc_chanctx_min_def(local, new_ctx);
|
||||
|
||||
if (changed)
|
||||
ieee80211_bss_info_change_notify(sdata, changed);
|
||||
|
||||
|
|
|
|||
|
|
@ -656,7 +656,7 @@ void ieee80211_free_sta_keys(struct ieee80211_local *local,
|
|||
int i;
|
||||
|
||||
mutex_lock(&local->key_mtx);
|
||||
for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
|
||||
for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) {
|
||||
key = key_mtx_dereference(local, sta->gtk[i]);
|
||||
if (!key)
|
||||
continue;
|
||||
|
|
|
|||
|
|
@ -174,6 +174,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
|
|||
if (!(ht_cap->cap_info &
|
||||
cpu_to_le16(IEEE80211_HT_CAP_SUP_WIDTH_20_40))) {
|
||||
ret = IEEE80211_STA_DISABLE_40MHZ;
|
||||
vht_chandef = *chandef;
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1761,14 +1761,14 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
|
|||
sc = le16_to_cpu(hdr->seq_ctrl);
|
||||
frag = sc & IEEE80211_SCTL_FRAG;
|
||||
|
||||
if (likely(!ieee80211_has_morefrags(fc) && frag == 0))
|
||||
goto out;
|
||||
|
||||
if (is_multicast_ether_addr(hdr->addr1)) {
|
||||
rx->local->dot11MulticastReceivedFrameCount++;
|
||||
goto out;
|
||||
goto out_no_led;
|
||||
}
|
||||
|
||||
if (likely(!ieee80211_has_morefrags(fc) && frag == 0))
|
||||
goto out;
|
||||
|
||||
I802_DEBUG_INC(rx->local->rx_handlers_fragments);
|
||||
|
||||
if (skb_linearize(rx->skb))
|
||||
|
|
@ -1859,9 +1859,10 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
|
|||
status->rx_flags |= IEEE80211_RX_FRAGMENTED;
|
||||
|
||||
out:
|
||||
ieee80211_led_rx(rx->local);
|
||||
out_no_led:
|
||||
if (rx->sta)
|
||||
rx->sta->rx_packets++;
|
||||
ieee80211_led_rx(rx->local);
|
||||
return RX_CONTINUE;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -603,7 +603,7 @@ bool cfg80211_chandef_usable(struct wiphy *wiphy,
|
|||
{
|
||||
struct ieee80211_sta_ht_cap *ht_cap;
|
||||
struct ieee80211_sta_vht_cap *vht_cap;
|
||||
u32 width, control_freq;
|
||||
u32 width, control_freq, cap;
|
||||
|
||||
if (WARN_ON(!cfg80211_chandef_valid(chandef)))
|
||||
return false;
|
||||
|
|
@ -643,7 +643,8 @@ bool cfg80211_chandef_usable(struct wiphy *wiphy,
|
|||
return false;
|
||||
break;
|
||||
case NL80211_CHAN_WIDTH_80P80:
|
||||
if (!(vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))
|
||||
cap = vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
|
||||
if (cap != IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)
|
||||
return false;
|
||||
case NL80211_CHAN_WIDTH_80:
|
||||
if (!vht_cap->vht_supported)
|
||||
|
|
@ -654,7 +655,9 @@ bool cfg80211_chandef_usable(struct wiphy *wiphy,
|
|||
case NL80211_CHAN_WIDTH_160:
|
||||
if (!vht_cap->vht_supported)
|
||||
return false;
|
||||
if (!(vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ))
|
||||
cap = vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
|
||||
if (cap != IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ &&
|
||||
cap != IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)
|
||||
return false;
|
||||
prohibited_flags |= IEEE80211_CHAN_NO_160MHZ;
|
||||
width = 160;
|
||||
|
|
|
|||
|
|
@ -6002,7 +6002,7 @@ nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
|
|||
}
|
||||
|
||||
/* there was no other matchset, so the RSSI one is alone */
|
||||
if (i == 0)
|
||||
if (i == 0 && n_match_sets)
|
||||
request->match_sets[0].rssi_thold = default_match_rssi;
|
||||
|
||||
request->min_rssi_thold = INT_MAX;
|
||||
|
|
|
|||
|
|
@ -1546,12 +1546,18 @@ static bool reg_wdev_chan_valid(struct wiphy *wiphy, struct wireless_dev *wdev)
|
|||
if (!wdev->beacon_interval)
|
||||
goto out;
|
||||
|
||||
ret = cfg80211_reg_can_beacon(wiphy,
|
||||
&wdev->chandef, wdev->iftype);
|
||||
break;
|
||||
case NL80211_IFTYPE_ADHOC:
|
||||
if (!wdev->ssid_len)
|
||||
goto out;
|
||||
|
||||
ret = cfg80211_reg_can_beacon(wiphy,
|
||||
&wdev->chandef, wdev->iftype);
|
||||
break;
|
||||
case NL80211_IFTYPE_STATION:
|
||||
case NL80211_IFTYPE_P2P_CLIENT:
|
||||
case NL80211_IFTYPE_ADHOC:
|
||||
if (!wdev->current_bss ||
|
||||
!wdev->current_bss->pub.channel)
|
||||
goto out;
|
||||
|
|
@ -1907,7 +1913,7 @@ static enum reg_request_treatment
|
|||
reg_process_hint_driver(struct wiphy *wiphy,
|
||||
struct regulatory_request *driver_request)
|
||||
{
|
||||
const struct ieee80211_regdomain *regd;
|
||||
const struct ieee80211_regdomain *regd, *tmp;
|
||||
enum reg_request_treatment treatment;
|
||||
|
||||
treatment = __reg_process_hint_driver(driver_request);
|
||||
|
|
@ -1927,7 +1933,10 @@ reg_process_hint_driver(struct wiphy *wiphy,
|
|||
reg_free_request(driver_request);
|
||||
return REG_REQ_IGNORE;
|
||||
}
|
||||
|
||||
tmp = get_wiphy_regdom(wiphy);
|
||||
rcu_assign_pointer(wiphy->regd, regd);
|
||||
rcu_free_regdom(tmp);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -1986,11 +1995,8 @@ __reg_process_hint_country_ie(struct wiphy *wiphy,
|
|||
return REG_REQ_IGNORE;
|
||||
return REG_REQ_ALREADY_SET;
|
||||
}
|
||||
/*
|
||||
* Two consecutive Country IE hints on the same wiphy.
|
||||
* This should be picked up early by the driver/stack
|
||||
*/
|
||||
if (WARN_ON(regdom_changes(country_ie_request->alpha2)))
|
||||
|
||||
if (regdom_changes(country_ie_request->alpha2))
|
||||
return REG_REQ_OK;
|
||||
return REG_REQ_ALREADY_SET;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue