[PATCH 4.14 59/69] mac80211: dont WARN on short WMM parameters from AP

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Brian Norris <briannorris@chromium.org>,
	Johannes Berg <johannes.berg@intel.com>
Subject: [PATCH 4.14 59/69] mac80211: dont WARN on short WMM parameters from AP
Date: Wed, 14 Aug 2019 19:01:57 +0200	[thread overview]
Message-ID: <20190814165749.524255625@linuxfoundation.org> (raw)
In-Reply-To: <20190814165744.822314328@linuxfoundation.org>

From: Brian Norris <briannorris@chromium.org>

commit 05aaa5c97dce4c10a9e7eae2f1569a684e0c5ced upstream.

In a very similar spirit to commit c470bdc1aaf3 ("mac80211: don't WARN
on bad WMM parameters from buggy APs"), an AP may not transmit a
fully-formed WMM IE. For example, it may miss or repeat an Access
Category. The above loop won't catch that and will instead leave one of
the four ACs zeroed out. This triggers the following warning in
drv_conf_tx()

  wlan0: invalid CW_min/CW_max: 0/0

and it may leave one of the hardware queues unconfigured. If we detect
such a case, let's just print a warning and fall back to the defaults.

Tested with a hacked version of hostapd, intentionally corrupting the
IEs in hostapd_eid_wmm().

Cc: stable@vger.kernel.org
Signed-off-by: Brian Norris <briannorris@chromium.org>
Link: https://lore.kernel.org/r/20190726224758.210953-1-briannorris@chromium.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/mac80211/mlme.c |   10 ++++++++++
 1 file changed, 10 insertions(+)

--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1867,6 +1867,16 @@ static bool ieee80211_sta_wmm_params(str
 		}
 	}
 
+	/* WMM specification requires all 4 ACIs. */
+	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
+		if (params[ac].cw_min == 0) {
+			sdata_info(sdata,
+				   "AP has invalid WMM params (missing AC %d), using defaults\n",
+				   ac);
+			return false;
+		}
+	}
+
 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
 		mlme_dbg(sdata,
 			 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n",

next prev parent reply	other threads:[~2019-08-14 17:16 UTC|newest]

Thread overview: 76+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-14 17:00 [PATCH 4.14 00/69] 4.14.139-stable review Greg Kroah-Hartman
2019-08-14 17:00 ` [PATCH 4.14 01/69] iio: adc: max9611: Fix misuse of GENMASK macro Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 02/69] crypto: ccp - Fix oops by properly managing allocated structures Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 03/69] crypto: ccp - Ignore tag length when decrypting GCM ciphertext Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 04/69] usb: usbfs: fix double-free of usb memory upon submiturb error Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 05/69] usb: iowarrior: fix deadlock on disconnect Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 06/69] sound: fix a memory leak bug Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 07/69] mmc: cavium: Set the correct dma max segment size for mmc_host Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 08/69] mmc: cavium: Add the missing dma unmap when the dma has finished Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 09/69] loop: set PF_MEMALLOC_NOIO for the worker thread Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 10/69] Input: synaptics - enable RMI mode for HP Spectre X360 Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 11/69] lkdtm: support llvm-objcopy Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 12/69] crypto: ccp - Validate buffer lengths for copy operations Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 13/69] crypto: ccp - Add support for valid authsize values less than 16 Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 14/69] tcp: Clear sk_send_head after purging the write queue Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 15/69] x86/mm: Check for pfn instead of page in vmalloc_sync_one() Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 16/69] x86/mm: Sync also unmappings in vmalloc_sync_all() Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 17/69] mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 18/69] perf annotate: Fix s390 gap between kernel end and module start Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 19/69] perf db-export: Fix thread__exec_comm() Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 20/69] perf record: Fix module size on s390 Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 21/69] usb: host: xhci-rcar: Fix timeout in xhci_suspend() Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 22/69] usb: yurex: Fix use-after-free in yurex_delete Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 23/69] can: rcar_canfd: fix possible IRQ storm on high load Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 24/69] can: peak_usb: fix potential double kfree_skb() Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 25/69] netfilter: nfnetlink: avoid deadlock due to synchronous request_module Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 26/69] vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 27/69] netfilter: Fix rpfilter dropping vrf packets by mistake Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 28/69] netfilter: nft_hash: fix symhash with modulus one Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 29/69] scripts/sphinx-pre-install: fix script for RHEL/CentOS Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 30/69] iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 31/69] mac80211: dont warn about CW params when not using them Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 32/69] hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 33/69] drm: silence variable conn set but not used Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 34/69] cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 35/69] s390/qdio: add sanity checks to the fast-requeue path Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 36/69] ALSA: compress: Fix regression on compressed capture streams Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 37/69] ALSA: compress: Prevent bypasses of set_params Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 38/69] ALSA: compress: Dont allow paritial drain operations on capture streams Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 39/69] ALSA: compress: Be more restrictive about when a drain is allowed Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 40/69] perf tools: Fix proper buffer size for feature processing Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 41/69] perf probe: Avoid calling freeing routine multiple times for same pointer Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 42/69] drbd: dynamically allocate shash descriptor Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 43/69] ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 44/69] ARM: davinci: fix sleep.S build error on ARMv4 Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 45/69] scsi: megaraid_sas: fix panic on loading firmware crashdump Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 46/69] scsi: ibmvfc: fix WARN_ON during event pool release Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 47/69] scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 48/69] test_firmware: fix a memory leak bug Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 49/69] tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 50/69] perf/core: Fix creating kernel counters for PMUs that override event->cpu Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 51/69] HID: sony: Fix race condition between rumble and device remove Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 52/69] can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 53/69] can: peak_usb: pcan_usb_fd: " Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 54/69] hwmon: (nct7802) Fix wrong detection of in4 presence Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 55/69] drm/i915: Fix wrong escape clock divisor init for GLK Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 56/69] ALSA: firewire: fix a memory leak bug Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 57/69] ALSA: hda - Dont override global PCM hw info flag Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 58/69] ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) Greg Kroah-Hartman
2019-08-14 17:01 ` Greg Kroah-Hartman [this message]
2019-08-14 17:01 ` [PATCH 4.14 60/69] SMB3: Fix deadlock in validate negotiate hits reconnect Greg Kroah-Hartman
2019-08-14 17:01 ` [PATCH 4.14 61/69] smb3: send CAP_DFS capability during session setup Greg Kroah-Hartman
2019-08-14 17:02 ` [PATCH 4.14 62/69] NFSv4: Only pass the delegation to setattr if were sending a truncate Greg Kroah-Hartman
2019-08-14 17:02 ` [PATCH 4.14 63/69] NFSv4: Fix an Oops in nfs4_do_setattr Greg Kroah-Hartman
2019-08-14 17:02 ` [PATCH 4.14 64/69] KVM: Fix leak vCPUs VMCS value into other pCPU Greg Kroah-Hartman
2019-08-14 17:02 ` [PATCH 4.14 65/69] mwifiex: fix 802.11n/WPA detection Greg Kroah-Hartman
2019-08-14 17:02 ` [PATCH 4.14 66/69] iwlwifi: dont unmap as page memory that was mapped as single Greg Kroah-Hartman
2019-08-14 17:02 ` [PATCH 4.14 67/69] iwlwifi: mvm: fix an out-of-bound access Greg Kroah-Hartman
2019-08-14 17:02 ` [PATCH 4.14 68/69] iwlwifi: mvm: dont send GEO_TX_POWER_LIMIT on version < 41 Greg Kroah-Hartman
2019-08-14 17:02 ` [PATCH 4.14 69/69] iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support Greg Kroah-Hartman
2019-08-14 22:56 ` [PATCH 4.14 00/69] 4.14.139-stable review kernelci.org bot
2019-08-15  1:20 ` Naresh Kamboju
2019-08-15 15:17 ` Guenter Roeck
2019-08-16  2:37 ` shuah
2019-08-16  7:15   ` Greg Kroah-Hartman
2019-08-16  6:37 ` Kelsey Skunberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190814165749.524255625@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=briannorris@chromium.org \
    --cc=johannes.berg@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).