Merge tag 'mac80211-for-davem-2018-05-09' of git://git.kernel.org/pub/scm/linux/kerne...
authorDavid S. Miller <davem@davemloft.net>
Thu, 10 May 2018 21:34:50 +0000 (17:34 -0400)
committerDavid S. Miller <davem@davemloft.net>
Thu, 10 May 2018 21:34:50 +0000 (17:34 -0400)
Johannes Berg says:

====================
We only have a few fixes this time:
 * WMM element validation
 * SAE timeout
 * add-BA timeout
 * docbook parsing
 * a few memory leaks in error paths
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/wireless/mac80211_hwsim.c
include/net/mac80211.h
include/uapi/linux/nl80211.h
net/mac80211/agg-tx.c
net/mac80211/mlme.c
net/mac80211/tx.c
net/rfkill/rfkill-gpio.c
net/wireless/core.c
net/wireless/nl80211.c
net/wireless/reg.c

index 96d26cfae90bd2acf55854f4818f11d4b14f2f5a..4a017a0d71ea47ae270119593f4c9e1db3632513 100644 (file)
@@ -3236,6 +3236,7 @@ static int hwsim_new_radio_nl(struct sk_buff *msg, struct genl_info *info)
                        GENL_SET_ERR_MSG(info,"MAC is no valid source addr");
                        NL_SET_BAD_ATTR(info->extack,
                                        info->attrs[HWSIM_ATTR_PERM_ADDR]);
+                       kfree(hwname);
                        return -EINVAL;
                }
 
index d2279b2d61aa98ca4bee0f338f00dbca13f6b2cf..b2f3a0c018e78c43cebb3a70cf2e357fdd6ea355 100644 (file)
@@ -2080,7 +2080,7 @@ struct ieee80211_txq {
  *     virtual interface might not be given air time for the transmission of
  *     the frame, as it is not synced with the AP/P2P GO yet, and thus the
  *     deauthentication frame might not be transmitted.
- >
+ *
  * @IEEE80211_HW_DOESNT_SUPPORT_QOS_NDP: The driver (or firmware) doesn't
  *     support QoS NDP for AP probing - that's most likely a driver bug.
  *
index 15daf5e2638d9bbcb6ad8b5d104b520dc81678fe..9c3630146cec0f739a0c3cea6ec98e95e69e44bb 100644 (file)
@@ -2698,6 +2698,8 @@ enum nl80211_attrs {
 #define NL80211_ATTR_KEYS NL80211_ATTR_KEYS
 #define NL80211_ATTR_FEATURE_FLAGS NL80211_ATTR_FEATURE_FLAGS
 
+#define NL80211_WIPHY_NAME_MAXLEN              128
+
 #define NL80211_MAX_SUPP_RATES                 32
 #define NL80211_MAX_SUPP_HT_RATES              77
 #define NL80211_MAX_SUPP_REG_RULES             64
index 595c662a61e87bd7621c9336df8a81b5080c1d1f..ac4295296514365ad1972ddc22754be1cdb8384a 100644 (file)
@@ -8,6 +8,7 @@
  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
  * Copyright 2007-2010, Intel Corporation
  * Copyright(c) 2015-2017 Intel Deutschland GmbH
+ * Copyright (C) 2018 Intel Corporation
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -970,6 +971,9 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local,
 
                sta->ampdu_mlme.addba_req_num[tid] = 0;
 
+               tid_tx->timeout =
+                       le16_to_cpu(mgmt->u.action.u.addba_resp.timeout);
+
                if (tid_tx->timeout) {
                        mod_timer(&tid_tx->session_timer,
                                  TU_TO_EXP_TIME(tid_tx->timeout));
index 69449db7e283316197a4d900f6cd9159e3185ea5..233068756502b733520190835bff56b5f869be10 100644 (file)
@@ -36,6 +36,7 @@
 #define IEEE80211_AUTH_TIMEOUT         (HZ / 5)
 #define IEEE80211_AUTH_TIMEOUT_LONG    (HZ / 2)
 #define IEEE80211_AUTH_TIMEOUT_SHORT   (HZ / 10)
+#define IEEE80211_AUTH_TIMEOUT_SAE     (HZ * 2)
 #define IEEE80211_AUTH_MAX_TRIES       3
 #define IEEE80211_AUTH_WAIT_ASSOC      (HZ * 5)
 #define IEEE80211_ASSOC_TIMEOUT                (HZ / 5)
@@ -1787,7 +1788,7 @@ static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
                params[ac].acm = acm;
                params[ac].uapsd = uapsd;
 
-               if (params->cw_min == 0 ||
+               if (params[ac].cw_min == 0 ||
                    params[ac].cw_min > params[ac].cw_max) {
                        sdata_info(sdata,
                                   "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n",
@@ -3814,16 +3815,19 @@ static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
                            tx_flags);
 
        if (tx_flags == 0) {
-               auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
-               auth_data->timeout_started = true;
-               run_again(sdata, auth_data->timeout);
+               if (auth_data->algorithm == WLAN_AUTH_SAE)
+                       auth_data->timeout = jiffies +
+                               IEEE80211_AUTH_TIMEOUT_SAE;
+               else
+                       auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
        } else {
                auth_data->timeout =
                        round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
-               auth_data->timeout_started = true;
-               run_again(sdata, auth_data->timeout);
        }
 
+       auth_data->timeout_started = true;
+       run_again(sdata, auth_data->timeout);
+
        return 0;
 }
 
@@ -3894,8 +3898,15 @@ void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
                ifmgd->status_received = false;
                if (ifmgd->auth_data && ieee80211_is_auth(fc)) {
                        if (status_acked) {
-                               ifmgd->auth_data->timeout =
-                                       jiffies + IEEE80211_AUTH_TIMEOUT_SHORT;
+                               if (ifmgd->auth_data->algorithm ==
+                                   WLAN_AUTH_SAE)
+                                       ifmgd->auth_data->timeout =
+                                               jiffies +
+                                               IEEE80211_AUTH_TIMEOUT_SAE;
+                               else
+                                       ifmgd->auth_data->timeout =
+                                               jiffies +
+                                               IEEE80211_AUTH_TIMEOUT_SHORT;
                                run_again(sdata, ifmgd->auth_data->timeout);
                        } else {
                                ifmgd->auth_data->timeout = jiffies - 1;
index 535de3161a781f90ea9a91e97fdc4aa46db0eac6..05a265cd573d4b5d9c5263dd4f8659ad83d327fb 100644 (file)
@@ -4,6 +4,7 @@
  * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
  * Copyright 2007      Johannes Berg <johannes@sipsolutions.net>
  * Copyright 2013-2014  Intel Mobile Communications GmbH
+ * Copyright (C) 2018 Intel Corporation
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -1135,7 +1136,7 @@ static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
        }
 
        /* reset session timer */
-       if (reset_agg_timer && tid_tx->timeout)
+       if (reset_agg_timer)
                tid_tx->last_tx = jiffies;
 
        return queued;
index 41bd496531d45e8d43428584605bfb55ef249169..00192a996be0eab95be229f801ada687cca0f71a 100644 (file)
@@ -137,13 +137,18 @@ static int rfkill_gpio_probe(struct platform_device *pdev)
 
        ret = rfkill_register(rfkill->rfkill_dev);
        if (ret < 0)
-               return ret;
+               goto err_destroy;
 
        platform_set_drvdata(pdev, rfkill);
 
        dev_info(&pdev->dev, "%s device registered.\n", rfkill->name);
 
        return 0;
+
+err_destroy:
+       rfkill_destroy(rfkill->rfkill_dev);
+
+       return ret;
 }
 
 static int rfkill_gpio_remove(struct platform_device *pdev)
index a6f3cac8c640e4cdb0eb4fb9d3c77bf3fd352576..c0fd8a85e7f72e59fa8e93be41a4dee1ee0a5104 100644 (file)
@@ -95,6 +95,9 @@ static int cfg80211_dev_check_name(struct cfg80211_registered_device *rdev,
 
        ASSERT_RTNL();
 
+       if (strlen(newname) > NL80211_WIPHY_NAME_MAXLEN)
+               return -EINVAL;
+
        /* prohibit calling the thing phy%d when %d is not its number */
        sscanf(newname, PHY_NAME "%d%n", &wiphy_idx, &taken);
        if (taken == strlen(newname) && wiphy_idx != rdev->wiphy_idx) {
index ff28f8feeb09270296bab5b086e928cc3a76bea0..a052693c2e852b856f96d304cb97b6ddd0ff5319 100644 (file)
@@ -9214,6 +9214,7 @@ static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
 
        if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
                if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
+                       kzfree(connkeys);
                        GENL_SET_ERR_MSG(info,
                                         "external auth requires connection ownership");
                        return -EINVAL;
index 16c7e4ef58207cc781b80ef9bb3242ead81001a0..ac3e12c32aa30053a110d6a46f5bb813d660c8b6 100644 (file)
@@ -1026,6 +1026,7 @@ static int regdb_query_country(const struct fwdb_header *db,
 
                        if (!tmp_rd) {
                                kfree(regdom);
+                               kfree(wmm_ptrs);
                                return -ENOMEM;
                        }
                        regdom = tmp_rd;