mac80211: fix race condition between assoc_done and first EAP packet

When associating to an AP, the station might miss the first EAP
packet that the AP sends due to a race condition between the association
success procedure and the rx flow in mac80211.
In such cases, the packet might fall in ieee80211_rx_h_check due to
the fact that the relevant rx->sta wasn't allocated yet.
Allocation of the relevant station info struct before actually
sending the association request and setting it with a new
dummy_sta flag solve this problem.
The station will accept only EAP packets from the AP while it
is in the pre-association/dummy state.
This dummy station entry is not seen by normal sta_info_get()
calls, only by sta_info_get_bss_rx().
The driver is not notified for the first insertion of the
dummy station. The driver is notified only after the association
is complete and the dummy flag is removed from the station entry.
That way, all the rest of the code flow should be untouched by
this change.

Signed-off-by: Guy Eilam <guy@wizery.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

1 files changed, 17 insertions, 4 deletions

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index c4453fdd6e11..edd46193af6f 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -850,8 +850,21 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
                       ieee80211_is_pspoll(hdr->frame_control)) &&
                      rx->sdata->vif.type != NL80211_IFTYPE_ADHOC &&
                      rx->sdata->vif.type != NL80211_IFTYPE_WDS &&
-                     (!rx->sta || !test_sta_flags(rx->sta, WLAN_STA_ASSOC))))
+                     (!rx->sta || !test_sta_flags(rx->sta, WLAN_STA_ASSOC)))) {
+                if (rx->sta && rx->sta->dummy &&
+                    ieee80211_is_data_present(hdr->frame_control)) {
+                        u16 ethertype;
+                        u8 *payload;
+
+                        payload = rx->skb->data +
+                                ieee80211_hdrlen(hdr->frame_control);
+                        ethertype = (payload[6] << 8) | payload[7];
+                        if (cpu_to_be16(ethertype) ==
+                            rx->sdata->control_port_protocol)
+                                return RX_CONTINUE;
+                }
                 return RX_DROP_MONITOR;
+        }
 
         return RX_CONTINUE;
 }
@@ -2808,7 +2821,7 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
         if (ieee80211_is_data(fc)) {
                 prev_sta = NULL;
 
-                for_each_sta_info(local, hdr->addr2, sta, tmp) {
+                for_each_sta_info_rx(local, hdr->addr2, sta, tmp) {
                         if (!prev_sta) {
                                 prev_sta = sta;
                                 continue;
@@ -2852,7 +2865,7 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
                         continue;
                 }
 
-                rx.sta = sta_info_get_bss(prev, hdr->addr2);
+                rx.sta = sta_info_get_bss_rx(prev, hdr->addr2);
                 rx.sdata = prev;
                 ieee80211_prepare_and_rx_handle(&rx, skb, false);
 
@@ -2860,7 +2873,7 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
         }
 
         if (prev) {
-                rx.sta = sta_info_get_bss(prev, hdr->addr2);
+                rx.sta = sta_info_get_bss_rx(prev, hdr->addr2);
                 rx.sdata = prev;
 
                 if (ieee80211_prepare_and_rx_handle(&rx, skb, true))