[PATCH] wifi: ieee80211: Fix for Rx fragmented action frames

[PATCH] wifi: ieee80211: Fix for Rx fragmented action frames

[Gilad Itzkovitch]

The ieee80211_accept_frame() function performs a number of early checks
to decide whether or not further processing needs to be done on a frame.
One of those checks is the ieee80211_is_robust_mgmt_frame() function
which peeks into the frame payload. In some scenarios, e.g. DPP at S1G
data rates, action frames can get fragmented. Those fragmented action
frames can be marked as not a robust management frames when peeked, by
ieee80211_is_robust_mgmt_frame() function, into fragment other than the
first one as it does not include the required action frame category. In
this scenario there is no STA and so the fragmented frame will be dropped
later on in the process and will not reach the upper stack.

This change will only check if the frame is robust if it's the first
fragment. Invalid fragmented packets will be discarded later after
defragmentation is completed.

Signed-off-by: Gilad Itzkovitch <gilad.itzkovitch@morsemicro.com>
---
 net/mac80211/rx.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index c28c6fbf786e..94d2b8e90732 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -4215,7 +4215,8 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
 	case NL80211_IFTYPE_STATION:
 		if (!bssid && !sdata->u.mgd.use_4addr)
 			return false;
-		if (ieee80211_is_robust_mgmt_frame(skb) && !rx->sta)
+		if (ieee80211_is_first_frag(le16_to_cpu(hdr->seq_ctrl)) &&
+		    ieee80211_is_robust_mgmt_frame(skb) && !rx->sta)
 			return false;
 		if (multicast)
 			return true;

base-commit: 9ea570a33ee525751e3117e266626dd705adc39e
-- 
2.25.1