From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Yu Wang <yyuwang@codeaurora.org>,
Johannes Berg <johannes.berg@intel.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.4 12/99] mac80211: handle deauthentication/disassociation from TDLS peer
Date: Thu, 3 Oct 2019 17:52:35 +0200 [thread overview]
Message-ID: <20191003154259.021187870@linuxfoundation.org> (raw)
In-Reply-To: <20191003154252.297991283@linuxfoundation.org>
From: Yu Wang <yyuwang@codeaurora.org>
[ Upstream commit 79c92ca42b5a3e0ea172ea2ce8df8e125af237da ]
When receiving a deauthentication/disassociation frame from a TDLS
peer, a station should not disconnect the current AP, but only
disable the current TDLS link if it's enabled.
Without this change, a TDLS issue can be reproduced by following the
steps as below:
1. STA-1 and STA-2 are connected to AP, bidirection traffic is running
between STA-1 and STA-2.
2. Set up TDLS link between STA-1 and STA-2, stay for a while, then
teardown TDLS link.
3. Repeat step #2 and monitor the connection between STA and AP.
During the test, one STA may send a deauthentication/disassociation
frame to another, after TDLS teardown, with reason code 6/7, which
means: Class 2/3 frame received from nonassociated STA.
On receive this frame, the receiver STA will disconnect the current
AP and then reconnect. It's not a expected behavior, purpose of this
frame should be disabling the TDLS link, not the link with AP.
Cc: stable@vger.kernel.org
Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/ieee80211_i.h | 3 +++
net/mac80211/mlme.c | 12 +++++++++++-
net/mac80211/tdls.c | 23 +++++++++++++++++++++++
3 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 7b271f3ded6ba..72f76da88912d 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -2059,6 +2059,9 @@ void ieee80211_tdls_cancel_channel_switch(struct wiphy *wiphy,
const u8 *addr);
void ieee80211_teardown_tdls_peers(struct ieee80211_sub_if_data *sdata);
void ieee80211_tdls_chsw_work(struct work_struct *wk);
+void ieee80211_tdls_handle_disconnect(struct ieee80211_sub_if_data *sdata,
+ const u8 *peer, u16 reason);
+const char *ieee80211_get_reason_code_string(u16 reason_code);
extern const struct ethtool_ops ieee80211_ethtool_ops;
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 3daf3ae4003be..24eec3cb922d1 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -2743,7 +2743,7 @@ static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
#define case_WLAN(type) \
case WLAN_REASON_##type: return #type
-static const char *ieee80211_get_reason_code_string(u16 reason_code)
+const char *ieee80211_get_reason_code_string(u16 reason_code)
{
switch (reason_code) {
case_WLAN(UNSPECIFIED);
@@ -2808,6 +2808,11 @@ static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
if (len < 24 + 2)
return;
+ if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
+ ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
+ return;
+ }
+
if (ifmgd->associated &&
ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) {
const u8 *bssid = ifmgd->associated->bssid;
@@ -2857,6 +2862,11 @@ static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
+ if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
+ ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
+ return;
+ }
+
sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
mgmt->sa, reason_code,
ieee80211_get_reason_code_string(reason_code));
diff --git a/net/mac80211/tdls.c b/net/mac80211/tdls.c
index c9eeb3f128085..ce2ece4243849 100644
--- a/net/mac80211/tdls.c
+++ b/net/mac80211/tdls.c
@@ -1963,3 +1963,26 @@ void ieee80211_tdls_chsw_work(struct work_struct *wk)
}
rtnl_unlock();
}
+
+void ieee80211_tdls_handle_disconnect(struct ieee80211_sub_if_data *sdata,
+ const u8 *peer, u16 reason)
+{
+ struct ieee80211_sta *sta;
+
+ rcu_read_lock();
+ sta = ieee80211_find_sta(&sdata->vif, peer);
+ if (!sta || !sta->tdls) {
+ rcu_read_unlock();
+ return;
+ }
+ rcu_read_unlock();
+
+ tdls_dbg(sdata, "disconnected from TDLS peer %pM (Reason: %u=%s)\n",
+ peer, reason,
+ ieee80211_get_reason_code_string(reason));
+
+ ieee80211_tdls_oper_request(&sdata->vif, peer,
+ NL80211_TDLS_TEARDOWN,
+ WLAN_REASON_TDLS_TEARDOWN_UNREACHABLE,
+ GFP_ATOMIC);
+}
--
2.20.1
next prev parent reply other threads:[~2019-10-03 15:56 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-03 15:52 [PATCH 4.4 00/99] 4.4.195-stable review Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 01/99] Revert "Bluetooth: validate BLE connection interval updates" Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 02/99] HID: prodikeys: Fix general protection fault during probe Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 03/99] HID: lg: make transfer buffers DMA capable Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 04/99] HID: logitech: Fix general protection fault caused by Logitech driver Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 05/99] HID: hidraw: Fix invalid read in hidraw_ioctl Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 06/99] mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword() Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 07/99] crypto: talitos - fix missing break in switch statement Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 08/99] [PATCH stable 4.4 net] net: rds: Fix NULL ptr use in rds_tcp_kill_sock Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 09/99] ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt() Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 10/99] ALSA: hda - Add laptop imic fixup for ASUS M9V laptop Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 11/99] mac80211: Print text for disassociation reason Greg Kroah-Hartman
2019-10-03 15:52 ` Greg Kroah-Hartman [this message]
2019-10-03 15:52 ` [PATCH 4.4 13/99] locking/lockdep: Add debug_locks check in __lock_downgrade() Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 14/99] irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 15/99] f2fs: check all the data segments against all node ones Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 16/99] Revert "f2fs: avoid out-of-range memory access" Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 17/99] f2fs: fix to do sanity check on segment bitmap of LFS curseg Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 18/99] drm: Flush output polling on shutdown Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 19/99] Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 20/99] arcnet: provide a buffer big enough to actually receive packets Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 21/99] cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 22/99] net/phy: fix DP83865 10 Mbps HDX loopback disable function Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 23/99] openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 24/99] sch_netem: fix a divide by zero in tabledist() Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 25/99] skge: fix checksum byte order Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 26/99] usbnet: ignore endpoints with invalid wMaxPacketSize Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 27/99] usbnet: sanity checking of packet sizes and device mtu Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 28/99] mISDN: enforce CAP_NET_RAW for raw sockets Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 29/99] appletalk: " Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 30/99] ax25: " Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 31/99] ieee802154: " Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 32/99] nfc: " Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 33/99] ALSA: hda: Flush interrupts on disabling Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 34/99] ASoC: sgtl5000: Fix charge pump source assignment Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 35/99] dmaengine: bcm2835: Print error in case setting DMA mask fails Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 4.4 36/99] leds: leds-lp5562 allow firmware files up to the maximum length Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 37/99] media: dib0700: fix link error for dibx000_i2c_set_speed Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 38/99] media: hdpvr: Add device num check and handling Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 39/99] sched/fair: Fix imbalance due to CPU affinity Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 40/99] sched/core: Fix CPU controller for !RT_GROUP_SCHED Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 41/99] x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 42/99] x86/apic: Soft disable APIC before initializing it Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 43/99] ALSA: hda - Show the fatal CORB/RIRB error more clearly Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 44/99] ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 45/99] media: iguanair: add sanity checks Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 46/99] base: soc: Export soc_device_register/unregister APIs Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 47/99] ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 48/99] ia64:unwind: fix double free for mod->arch.init_unw_table Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 49/99] md: dont call spare_active in md_reap_sync_thread if all member devices cant work Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 50/99] md: dont set In_sync if array is frozen Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 51/99] efi: cper: print AER info of PCIe fatal error Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 52/99] media: gspca: zero usb_buf on error Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 53/99] dmaengine: iop-adma: use correct printk format strings Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 54/99] media: omap3isp: Dont set streaming state on random subdevs Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 55/99] net: lpc-enet: fix printk format strings Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 56/99] media: radio/si470x: kill urb on error Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 57/99] media: hdpvr: add terminating 0 at end of string Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 58/99] media: saa7146: add cleanup in hexium_attach() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 59/99] media: cpia2_usb: fix memory leaks Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 60/99] media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 61/99] media: ov9650: add a sanity check Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 62/99] ACPI / CPPC: do not require the _PSD method Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 63/99] libtraceevent: Change users plugin directory Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 64/99] ACPI: custom_method: fix memory leaks Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 65/99] hwmon: (acpi_power_meter) Change log level for unsafe software power cap Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 66/99] md/raid1: fail run raid1 array when active disk less than one Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 67/99] dmaengine: ti: edma: Do not reset reserved paRAM slots Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 68/99] kprobes: Prohibit probing on BUG() and WARN() address Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 69/99] ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 70/99] mmc: sdhci: Fix incorrect switch to HS mode Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 71/99] libertas: Add missing sentinel at end of if_usb.c fw_table Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 72/99] media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 73/99] ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 74/99] btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 75/99] media: omap3isp: Set device on omap3isp subdevs Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 76/99] ALSA: firewire-tascam: handle error code when getting current source of clock Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 77/99] ALSA: firewire-tascam: check intermediate state of clock status and retry Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 78/99] printk: Do not lose last line in kmsg buffer dump Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 79/99] fuse: fix missing unlock_page in fuse_writepage() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 80/99] parisc: Disable HP HSC-PCI Cards to prevent kernel crash Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 81/99] KVM: x86: always stop emulation on page fault Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 82/99] KVM: x86: set ctxt->have_exception in x86_decode_insn() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 83/99] KVM: x86: Manually calculate reserved bits when loading PDPTRS Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 84/99] media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 85/99] ASoC: Intel: Fix use of potentially uninitialized variable Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 86/99] ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 87/99] alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 88/99] md/raid6: Set R5_ReadError when there is read failure on parity disk Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 89/99] cfg80211: Purge frame registrations on iftype change Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 90/99] /dev/mem: Bail out upon SIGKILL Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 91/99] ext4: fix punch hole for inline_data file systems Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 92/99] quota: fix wrong condition in is_quota_modification() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 93/99] hwrng: core - dont wait on add_early_randomness() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 94/99] i2c: riic: Clear NACK in tend isr Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 95/99] CIFS: Fix oplock handling for SMB 2.1+ protocols Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 4.4 96/99] ovl: filter of trusted xattr results in audit Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 4.4 97/99] Btrfs: fix use-after-free when using the tree modification log Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 4.4 98/99] btrfs: Relinquish CPUs in btrfs_compare_trees Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 4.4 99/99] Btrfs: fix race setting up and completing qgroup rescan workers Greg Kroah-Hartman
2019-10-03 23:53 ` [PATCH 4.4 00/99] 4.4.195-stable review shuah
2019-10-04 6:41 ` kernelci.org bot
2019-10-04 7:36 ` Jon Hunter
2019-10-04 15:02 ` Dan Rue
2019-10-04 22:55 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191003154259.021187870@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=johannes.berg@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=yyuwang@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).