[PATCH 5.4 32/43] mac80211: refuse aggregations sessions before authorized

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Johannes Berg <johannes.berg@intel.com>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 32/43] mac80211: refuse aggregations sessions before authorized
Date: Thu, 17 Mar 2022 13:45:43 +0100	[thread overview]
Message-ID: <20220317124528.562977471@linuxfoundation.org> (raw)
In-Reply-To: <20220317124527.672236844@linuxfoundation.org>

From: Johannes Berg <johannes.berg@intel.com>

[ Upstream commit a6bce78262f5dd4b50510f0aa47f3995f7b185f3 ]

If an MFP station isn't authorized, the receiver will (or
at least should) drop the action frame since it's a robust
management frame, but if we're not authorized we haven't
installed keys yet. Refuse attempts to start a session as
they'd just time out.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20220203201528.ff4d5679dce9.I34bb1f2bc341e161af2d6faf74f91b332ba11285@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/mac80211/agg-tx.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index f140c2b94b2c..f30cdd7f3a73 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -9,7 +9,7 @@
  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
  * Copyright 2007-2010, Intel Corporation
  * Copyright(c) 2015-2017 Intel Deutschland GmbH
- * Copyright (C) 2018 - 2021 Intel Corporation
+ * Copyright (C) 2018 - 2022 Intel Corporation
  */
 
 #include <linux/ieee80211.h>
@@ -615,6 +615,14 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
 		return -EINVAL;
 	}
 
+	if (test_sta_flag(sta, WLAN_STA_MFP) &&
+	    !test_sta_flag(sta, WLAN_STA_AUTHORIZED)) {
+		ht_dbg(sdata,
+		       "MFP STA not authorized - deny BA session request %pM tid %d\n",
+		       sta->sta.addr, tid);
+		return -EINVAL;
+	}
+
 	/*
 	 * 802.11n-2009 11.5.1.1: If the initiating STA is an HT STA, is a
 	 * member of an IBSS, and has no other existing Block Ack agreement
-- 
2.34.1

next prev parent reply	other threads:[~2022-03-17 12:48 UTC|newest]

Thread overview: 59+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-17 12:45 [PATCH 5.4 00/43] 5.4.186-rc1 review Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 01/43] Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0" Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 02/43] sctp: fix the processing for INIT chunk Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 03/43] arm64: Add part number for Arm Cortex-A77 Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 04/43] arm64: Add Neoverse-N2, Cortex-A710 CPU part definition Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 05/43] arm64: add ID_AA64ISAR2_EL1 sys register Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 06/43] arm64: Add Cortex-X2 CPU part definition Greg Kroah-Hartman
2022-03-17 12:45   ` Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 07/43] arm64: entry.S: Add ventry overflow sanity checks Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 08/43] arm64: entry: Make the trampoline cleanup optional Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 09/43] arm64: entry: Free up another register on kptis tramp_exit path Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 10/43] arm64: entry: Move the trampoline data page before the text page Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 11/43] arm64: entry: Allow tramp_alias to access symbols after the 4K boundary Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 12/43] arm64: entry: Dont assume tramp_vectors is the start of the vectors Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 13/43] arm64: entry: Move trampoline macros out of ifdefd section Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 14/43] arm64: entry: Make the kpti trampolines kpti sequence optional Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 15/43] arm64: entry: Allow the trampoline text to occupy multiple pages Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 16/43] arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 17/43] arm64: entry: Add vectors that have the bhb mitigation sequences Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 18/43] arm64: entry: Add macro for reading symbol addresses from the trampoline Greg Kroah-Hartman
2022-03-17 20:48   ` Florian Fainelli
2022-03-18 12:11     ` James Morse
2022-03-18 16:18       ` Greg Kroah-Hartman
2022-03-18 16:21         ` Greg Kroah-Hartman
2022-03-18 17:37           ` fixup for [PATCH 5.4 18/43] arm64 entry: Add macro for reading symbol address " James Morse
2022-03-19  8:17             ` Greg Kroah-Hartman
2022-03-18 16:33       ` [PATCH 5.4 18/43] arm64: entry: Add macro for reading symbol addresses " Florian Fainelli
2022-03-17 12:45 ` [PATCH 5.4 19/43] arm64: Add percpu vectors for EL1 Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 20/43] arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 21/43] KVM: arm64: Add templates for BHB mitigation sequences Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 22/43] arm64: Mitigate spectre style branch history side channels Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 23/43] KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 24/43] arm64: Use the clearbhb instruction in mitigations Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 25/43] xfrm: Check if_id in xfrm_migrate Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 26/43] xfrm: Fix xfrm migrate issues when address family changes Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 27/43] arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 28/43] arm64: dts: rockchip: reorder rk3399 hdmi clocks Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 29/43] arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg" Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 30/43] ARM: dts: rockchip: reorder rk322x hmdi clocks Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 31/43] ARM: dts: rockchip: fix a typo on rk3288 crypto-controller Greg Kroah-Hartman
2022-03-17 12:45 ` Greg Kroah-Hartman [this message]
2022-03-17 12:45 ` [PATCH 5.4 33/43] MIPS: smp: fill in sibling and core maps earlier Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 34/43] ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 35/43] can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 36/43] atm: firestream: check the return value of ioremap() in fs_init() Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 37/43] iwlwifi: dont advertise TWT support Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 38/43] drm/vrr: Set VRR capable prop only if it is attached to connector Greg Kroah-Hartman
2022-03-17 12:45   ` Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 39/43] nl80211: Update bss channel on channel switch for P2P_CLIENT Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 40/43] tcp: make tcp_read_sock() more robust Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 41/43] sfc: extend the locking on mcdi->seqno Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.4 42/43] bnx2: Fix an error message Greg Kroah-Hartman
2022-03-18 17:32   ` Marion & Christophe JAILLET
2022-03-17 12:45 ` [PATCH 5.4 43/43] kselftest/vm: fix tests build with old libc Greg Kroah-Hartman
2022-03-17 20:48 ` [PATCH 5.4 00/43] 5.4.186-rc1 review Florian Fainelli
2022-03-18  2:18 ` Guenter Roeck
2022-03-18 12:03 ` Naresh Kamboju
2022-03-18 13:13 ` Jon Hunter
2022-03-18 16:30 ` Sudip Mukherjee

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f140c2b94b2 dfblob:f30cdd7f3a7 )
 OR (
bs:"[PATCH 5.4 32/43] mac80211: refuse aggregations sessions before authorized" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220317124528.562977471@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=johannes.berg@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sashal@kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.