* fix the scan timeout for long scans

* fix an RCU splat caused when updating the TKIP key * fix a potential NULL-derefence introduced recently * fix a IGTK key bug that has existed since the MVM driver was introduced * fix some fw capabilities checks that got accidentally inverted -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJXWrB4AAoJEKFHnKIaPMX6lz4QAJeTa2oxSu+t11jBrDOatAAD pHAZMKXeHsN016dN7alijoIL3ssI4sYyTaXZW7quNTS2SgFemsYQvRDUKTeM0TZO xJpv4j5l6hdI/KG1mTczZJ1MvM6Q3a4E28+7M+mXw7/YzNn9tjdcWb+FPKshmeet yHH294r1iavCeY2E9Ir5G52p3MzeupbKXUY50hxbpcYRtl7Zf8Gbf9I1c1TmvFOI 02Cx+uuexWmg2plWalhDu51nChC2npQq1H4zvtGpQ2mjWPrIjN+BKHy73jTQDn0K p+1lmWrMvduSuLjKeaGDR+kGtqyNLzynspgVkq72ogZyGFB6ljhTJYnlayHhlI94 b5Xnp05l08roNew9PfQkpsFDaVfX256HdH9qtkQBK12XLd9Zh5MFd9WpfnhWNhDL VwReKVV04E8B67pNkPfyjTb4o48+UyUMY3eQ2vHyqyprKG7WEVU0nxSDuFxAIgoR lJRe3uHU8V3v8lWNflXiW1oDZ0RmT7NHI2OAyVPFstNJJV5VnBOLmfiyfaEJRpTf hAT5Swtu8b58zpStfgIu0L1rBDXVkNnjnqix+I9AiT31crecXB0ef2mPGtTe0cSz 7mJRagBuniMJ/NOuA5TqkcY8jB5yntlhS9wHnlNHEfglc2mTtqAnmgrXkqSspTwa hu1bITMSZStZVntH8kV2 =nj+n -----END PGP SIGNATURE----- Merge tag 'iwlwifi-for-kalle-2016-06-10' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes * fix the scan timeout for long scans * fix an RCU splat caused when updating the TKIP key * fix a potential NULL-derefence introduced recently * fix a IGTK key bug that has existed since the MVM driver was introduced * fix some fw capabilities checks that got accidentally inverted
2016-06-14 17:07:38 +03:00 · 2016-06-14 17:07:38 +03:00 · bba42c7877
commit bba42c7877
parent 182fd9eecb 280a3efa82
4 changed files with 23 additions and 7 deletions
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@ -3851,7 +3851,7 @@ static int iwl_mvm_mac_get_survey(struct ieee80211_hw *hw, int idx,
 	if (idx != 0)
 		return -ENOENT;

-	if (fw_has_capa(&mvm->fw->ucode_capa,
+	if (!fw_has_capa(&mvm->fw->ucode_capa,
 			 IWL_UCODE_TLV_CAPA_RADIO_BEACON_STATS))
 		return -ENOENT;

@ -3898,7 +3898,7 @@ static void iwl_mvm_mac_sta_statistics(struct ieee80211_hw *hw,
 	struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
 	struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);

-	if (fw_has_capa(&mvm->fw->ucode_capa,
+	if (!fw_has_capa(&mvm->fw->ucode_capa,
 			 IWL_UCODE_TLV_CAPA_RADIO_BEACON_STATS))
 		return;

--- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
@ -581,7 +581,7 @@ static bool iwl_mvm_reorder(struct iwl_mvm *mvm,
 			    struct iwl_rx_mpdu_desc *desc)
 {
 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
-	struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta);
+	struct iwl_mvm_sta *mvm_sta;
 	struct iwl_mvm_baid_data *baid_data;
 	struct iwl_mvm_reorder_buffer *buffer;
 	struct sk_buff *tail;
@ -604,6 +604,8 @@ static bool iwl_mvm_reorder(struct iwl_mvm *mvm,
 	if (WARN_ON(IS_ERR_OR_NULL(sta)))
 		return false;

+	mvm_sta = iwl_mvm_sta_from_mac80211(sta);
+
 	/* not a data packet */
 	if (!ieee80211_is_data_qos(hdr->frame_control) ||
 	    is_multicast_ether_addr(hdr->addr1))
--- a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c
@ -1222,7 +1222,7 @@ static int iwl_mvm_check_running_scans(struct iwl_mvm *mvm, int type)
 	return -EIO;
 }

-#define SCAN_TIMEOUT (16 * HZ)
+#define SCAN_TIMEOUT (20 * HZ)

 void iwl_mvm_scan_timeout(unsigned long data)
 {
--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
@ -1852,12 +1852,18 @@ static struct iwl_mvm_sta *iwl_mvm_get_key_sta(struct iwl_mvm *mvm,
 	    mvmvif->ap_sta_id != IWL_MVM_STATION_COUNT) {
 		u8 sta_id = mvmvif->ap_sta_id;

+		sta = rcu_dereference_check(mvm->fw_id_to_mac_id[sta_id],
+					    lockdep_is_held(&mvm->mutex));
+
 		/*
 		 * It is possible that the 'sta' parameter is NULL,
 		 * for example when a GTK is removed - the sta_id will then
 		 * be the AP ID, and no station was passed by mac80211.
 		 */
-		return iwl_mvm_sta_from_staid_protected(mvm, sta_id);
+		if (IS_ERR_OR_NULL(sta))
+			return NULL;
+
+		return iwl_mvm_sta_from_mac80211(sta);
 	}

 	return NULL;
@ -1955,6 +1961,14 @@ static int iwl_mvm_send_sta_igtk(struct iwl_mvm *mvm,
 		struct ieee80211_key_seq seq;
 		const u8 *pn;

+		switch (keyconf->cipher) {
+		case WLAN_CIPHER_SUITE_AES_CMAC:
+			igtk_cmd.ctrl_flags |= cpu_to_le32(STA_KEY_FLG_CCM);
+			break;
+		default:
+			return -EINVAL;
+		}
+
 		memcpy(igtk_cmd.IGTK, keyconf->key, keyconf->keylen);
 		ieee80211_get_key_rx_seq(keyconf, 0, &seq);
 		pn = seq.aes_cmac.pn;