Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.20.5 2018-12-19T08:40:17Z 2018-12-19T08:40:17Z Johannes Berg johannes.berg@intel.com 2018-12-15T09:03:22Z urn:sha1:d350a0f431189517b1af0dbbb605c273231a8966 If validate_pae_over_nl80211() were to fail in nl80211_crypto_settings(), we might leak the 'connkeys' allocation. Fix this. Fixes: 64bf3d4bc2b0 ("nl80211: Add CONTROL_PORT_OVER_NL80211 attribute") Signed-off-by: Johannes Berg <johannes.berg@intel.com> 2018-12-05T11:51:29Z Jouni Malinen jouni@codeaurora.org 2018-12-05T10:55:54Z urn:sha1:312ca38ddda64bac6513ec68e0ac3789b4eb44dc This function was modified to support the information element extension case (WLAN_EID_EXTENSION) in a manner that would result in an infinite loop when going through set of IEs that include WLAN_EID_RIC_DATA and contain an IE that is in the after_ric array. The only place where this can currently happen is in mac80211 ieee80211_send_assoc() where ieee80211_ie_split_ric() is called with after_ric[]. This can be triggered by valid data from user space nl80211 association/connect request (i.e., requiring GENL_UNS_ADMIN_PERM). The only known application having an option to include WLAN_EID_RIC_DATA in these requests is wpa_supplicant and it had a bug that prevented this specific contents from being used (and because of that, not triggering this kernel bug in an automated test case ap_ft_ric) and now that this bug is fixed, it has a workaround to avoid this kernel issue. WLAN_EID_RIC_DATA is currently used only for testing purposes, so this does not cause significant harm for production use cases. Fixes: 2512b1b18d07 ("mac80211: extend ieee80211_ie_split to support EXTENSION") Cc: stable@vger.kernel.org Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com> 2018-11-09T08:11:47Z Sriram R srirrama@codeaurora.org 2018-10-19T09:12:59Z urn:sha1:113f3aaa81bd56aba02659786ed65cbd9cb9a6fc Currently when an AP and STA interfaces are active in the same or different radios, regulatory settings are restored whenever the STA disconnects. This restores all channel information including dfs states in all radios. For example, if an AP interface is active in one radio and STA in another, when radar is detected on the AP interface, the dfs state of the channel will be changed to UNAVAILABLE. But when the STA interface disconnects, this issues a regulatory disconnect hint which restores all regulatory settings in all the radios attached and thereby losing the stored dfs state on the other radio where the channel was marked as unavailable earlier. Hence prevent such regulatory restore whenever another active beaconing interface is present in the same or other radios. Signed-off-by: Sriram R <srirrama@codeaurora.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com> 2018-11-09T07:56:58Z Johannes Berg johannes.berg@intel.com 2018-10-30T08:17:44Z urn:sha1:c177db2d0d5e751d52d3827b8cfdb6ef92a95a2d When FTM is enabled, doing a CSA will unexpectedly lose it since the value of ftm_responder may be initialized to 0 instead of -1, so fix that. Fixes: 81e54d08d9d8 ("cfg80211: support FTM responder configuration/statistics") Signed-off-by: Johannes Berg <johannes.berg@intel.com> 2018-11-09T07:55:32Z Sergey Matyukevich sergey.matyukevich.os@quantenna.com 2018-10-19T15:40:13Z urn:sha1:81c5dce2cd0bb0ecb61b6212410da5eb78cd8f79 Do a logical vht_capa &= vht_capa_mask of user-supplied VHT mask with the driver-supplied mask of modifiable VHT capabilities. Fix whitespaces and comment typos. Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> 2018-10-12T10:56:34Z Ankita Bajaj bankita@codeaurora.org 2018-09-27T15:01:57Z urn:sha1:0d4e14a32dcab9c4bd559d02874120fbb86b1322 Add support for drivers to report the total number of MPDUs received and the number of MPDUs received with an FCS error from a specific peer. These counters will be incremented only when the TA of the frame matches the MAC address of the peer irrespective of FCS error. It should be noted that the TA field in the frame might be corrupted when there is an FCS error and TA matching logic would fail in such cases. Hence, FCS error counter might not be fully accurate, but it can provide help in detecting bad RX links in significant number of cases. This FCS error counter without full accuracy can be used, e.g., to trigger a kick-out of a connected client with a bad link in AP mode to force such a client to roam to another AP. Signed-off-by: Ankita Bajaj <bankita@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com> 2018-10-11T14:00:59Z Johannes Berg johannes.berg@intel.com 2018-10-02T08:00:08Z urn:sha1:3d7af878357acd9e37fc156928106f1a969c8942 Instead of open-coding a lot of calls to is_valid_ie_attr(), add this validation directly to the policy, now that we can. Signed-off-by: Johannes Berg <johannes.berg@intel.com> 2018-10-11T14:00:58Z Johannes Berg johannes.berg@intel.com 2018-10-02T08:00:07Z urn:sha1:ab0d76f6823cc3a4e277c888abd344e3b977e279 Many range checks can be done in the policy, move them there. A few in mesh are added in the code (taken out of the macros) because they don't fit into the s16 range in the policy validation. Signed-off-by: Johannes Berg <johannes.berg@intel.com> 2018-10-10T12:44:16Z Johannes Berg johannes.berg@intel.com 2018-10-01T07:16:08Z urn:sha1:b802a5d6f345d207a5dd120149f6d2fdff2e4fcc Using skcipher just makes the code longer, and mac80211 also "open-codes" the WEP encrypt/decrypt. Signed-off-by: Johannes Berg <johannes.berg@intel.com> 2018-10-08T07:48:36Z Johannes Berg johannes.berg@intel.com 2018-10-08T07:48:31Z urn:sha1:188de5dd80b2b7986e75821374efb67081049b6e Merge net-next, which pulled in net, so I can merge a few more patches that would otherwise conflict. Signed-off-by: Johannes Berg <johannes.berg@intel.com>