[openwrt/openwrt] mac80211: fix issues with receiving small STP packets
LEDE Commits
lede-commits at lists.infradead.org
Thu Nov 10 05:51:01 PST 2022
nbd pushed a commit to openwrt/openwrt.git, branch openwrt-22.03:
https://git.openwrt.org/a26f7e61e8a94c192735c71e30500809de21e31f
commit a26f7e61e8a94c192735c71e30500809de21e31f
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Fri Oct 7 11:29:54 2022 +0200
mac80211: fix issues with receiving small STP packets
Signed-off-by: Felix Fietkau <nbd at nbd.name>
(cherry-picked from commit cec7dfa49775ce65270b977bea5fc0f928f97bdc)
(cherry-picked from commit f6c359a65528b994e97235b5f0b0d02d6cdad918)
---
...11-fix-ieee80211_data_to_8023_exthdr-hand.patch | 99 ++++++++++++++++++++++
...11-do-not-drop-packets-smaller-than-the-L.patch | 25 ++++++
2 files changed, 124 insertions(+)
diff --git a/package/kernel/mac80211/patches/subsys/344-wifi-cfg80211-fix-ieee80211_data_to_8023_exthdr-hand.patch b/package/kernel/mac80211/patches/subsys/344-wifi-cfg80211-fix-ieee80211_data_to_8023_exthdr-hand.patch
new file mode 100644
index 0000000000..161c7d6c8f
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/344-wifi-cfg80211-fix-ieee80211_data_to_8023_exthdr-hand.patch
@@ -0,0 +1,99 @@
+From: Felix Fietkau <nbd at nbd.name>
+Date: Fri, 7 Oct 2022 10:54:47 +0200
+Subject: [PATCH] wifi: cfg80211: fix ieee80211_data_to_8023_exthdr
+ handling of small packets
+
+STP topology change notification packets only have a payload of 7 bytes,
+so they get dropped due to the skb->len < hdrlen + 8 check.
+Fix this by removing skb->len based checks and instead check the return code
+on the skb_copy_bits calls.
+
+Fixes: 2d1c304cb2d5 ("cfg80211: add function for 802.3 conversion with separate output buffer")
+Reported-by: Chad Monroe <chad.monroe at smartrg.com>
+Signed-off-by: Felix Fietkau <nbd at nbd.name>
+---
+
+--- a/net/wireless/util.c
++++ b/net/wireless/util.c
+@@ -557,7 +557,7 @@ int ieee80211_data_to_8023_exthdr(struct
+ return -1;
+
+ hdrlen = ieee80211_hdrlen(hdr->frame_control) + data_offset;
+- if (skb->len < hdrlen + 8)
++ if (skb->len < hdrlen)
+ return -1;
+
+ /* convert IEEE 802.11 header + possible LLC headers into Ethernet
+@@ -572,8 +572,9 @@ int ieee80211_data_to_8023_exthdr(struct
+ memcpy(tmp.h_dest, ieee80211_get_DA(hdr), ETH_ALEN);
+ memcpy(tmp.h_source, ieee80211_get_SA(hdr), ETH_ALEN);
+
+- if (iftype == NL80211_IFTYPE_MESH_POINT)
+- skb_copy_bits(skb, hdrlen, &mesh_flags, 1);
++ if (iftype == NL80211_IFTYPE_MESH_POINT &&
++ skb_copy_bits(skb, hdrlen, &mesh_flags, 1) < 0)
++ return -1;
+
+ mesh_flags &= MESH_FLAGS_AE;
+
+@@ -593,11 +594,12 @@ int ieee80211_data_to_8023_exthdr(struct
+ if (iftype == NL80211_IFTYPE_MESH_POINT) {
+ if (mesh_flags == MESH_FLAGS_AE_A4)
+ return -1;
+- if (mesh_flags == MESH_FLAGS_AE_A5_A6) {
+- skb_copy_bits(skb, hdrlen +
+- offsetof(struct ieee80211s_hdr, eaddr1),
+- tmp.h_dest, 2 * ETH_ALEN);
+- }
++ if (mesh_flags == MESH_FLAGS_AE_A5_A6 &&
++ skb_copy_bits(skb, hdrlen +
++ offsetof(struct ieee80211s_hdr, eaddr1),
++ tmp.h_dest, 2 * ETH_ALEN) < 0)
++ return -1;
++
+ hdrlen += __ieee80211_get_mesh_hdrlen(mesh_flags);
+ }
+ break;
+@@ -611,10 +613,11 @@ int ieee80211_data_to_8023_exthdr(struct
+ if (iftype == NL80211_IFTYPE_MESH_POINT) {
+ if (mesh_flags == MESH_FLAGS_AE_A5_A6)
+ return -1;
+- if (mesh_flags == MESH_FLAGS_AE_A4)
+- skb_copy_bits(skb, hdrlen +
+- offsetof(struct ieee80211s_hdr, eaddr1),
+- tmp.h_source, ETH_ALEN);
++ if (mesh_flags == MESH_FLAGS_AE_A4 &&
++ skb_copy_bits(skb, hdrlen +
++ offsetof(struct ieee80211s_hdr, eaddr1),
++ tmp.h_source, ETH_ALEN) < 0)
++ return -1;
+ hdrlen += __ieee80211_get_mesh_hdrlen(mesh_flags);
+ }
+ break;
+@@ -626,18 +629,18 @@ int ieee80211_data_to_8023_exthdr(struct
+ break;
+ }
+
+- skb_copy_bits(skb, hdrlen, &payload, sizeof(payload));
+- tmp.h_proto = payload.proto;
+-
+- if (likely((!is_amsdu && ether_addr_equal(payload.hdr, rfc1042_header) &&
+- tmp.h_proto != htons(ETH_P_AARP) &&
+- tmp.h_proto != htons(ETH_P_IPX)) ||
+- ether_addr_equal(payload.hdr, bridge_tunnel_header)))
++ if (likely(skb_copy_bits(skb, hdrlen, &payload, sizeof(payload)) == 0 &&
++ ((!is_amsdu && ether_addr_equal(payload.hdr, rfc1042_header) &&
++ payload.proto != htons(ETH_P_AARP) &&
++ payload.proto != htons(ETH_P_IPX)) ||
++ ether_addr_equal(payload.hdr, bridge_tunnel_header)))) {
+ /* remove RFC1042 or Bridge-Tunnel encapsulation and
+ * replace EtherType */
+ hdrlen += ETH_ALEN + 2;
+- else
++ tmp.h_proto = payload.proto;
++ } else {
+ tmp.h_proto = htons(skb->len - hdrlen);
++ }
+
+ pskb_pull(skb, hdrlen);
+
diff --git a/package/kernel/mac80211/patches/subsys/345-wifi-mac80211-do-not-drop-packets-smaller-than-the-L.patch b/package/kernel/mac80211/patches/subsys/345-wifi-mac80211-do-not-drop-packets-smaller-than-the-L.patch
new file mode 100644
index 0000000000..16cafc447c
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/345-wifi-mac80211-do-not-drop-packets-smaller-than-the-L.patch
@@ -0,0 +1,25 @@
+From: Felix Fietkau <nbd at nbd.name>
+Date: Fri, 7 Oct 2022 10:58:26 +0200
+Subject: [PATCH] wifi: mac80211: do not drop packets smaller than the
+ LLC-SNAP header on fast-rx
+
+Since STP TCN frames are only 7 bytes, the pskb_may_pull call returns an error.
+Instead of dropping those packets, bump them back to the slow path for proper
+processing.
+
+Fixes: 49ddf8e6e234 ("mac80211: add fast-rx path")
+Reported-by: Chad Monroe <chad.monroe at smartrg.com>
+Signed-off-by: Felix Fietkau <nbd at nbd.name>
+---
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -4601,7 +4601,7 @@ static bool ieee80211_invoke_fast_rx(str
+
+ if (!(status->rx_flags & IEEE80211_RX_AMSDU)) {
+ if (!pskb_may_pull(skb, snap_offs + sizeof(*payload)))
+- goto drop;
++ return false;
+
+ payload = (void *)(skb->data + snap_offs);
+
More information about the lede-commits
mailing list