aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2010-09-24 06:38:25 -0400
committerJohn W. Linville <linville@tuxdriver.com>2010-09-27 15:57:54 -0400
commit554891e63a29af35cc6bb403ef34e319518114d0 (patch)
tree2fdabf08455ea34697a853b3616cb92d9ef5b173 /net
parent4080c7cdc23f26c6e6166a70f50fa43814552d81 (diff)
mac80211: move packet flags into packet
commit 8c0c709eea5cbab97fb464cd68b06f24acc58ee1 Author: Johannes Berg <johannes@sipsolutions.net> Date: Wed Nov 25 17:46:15 2009 +0100 mac80211: move cmntr flag out of rx flags moved the CMNTR flag into the skb RX flags for some aggregation cleanups, but this was wrong since the optimisation this flag tried to make requires that it is kept across the processing of multiple interfaces -- which isn't true for flags in the skb. The patch not only broke the optimisation, it also introduced a bug: under some (common!) circumstances the flag will be set on an already freed skb! However, investigating this in more detail, I found that most of the flags that we set should be per packet, _except_ for this one, due to a-MPDU processing. Additionally, the flags used for processing (currently just this one) need to be reset before processing a new packet. Since we haven't actually seen bugs reported as a result of the wrong flags handling (which is not too surprising -- the only real bug case I can come up with is an a-MSDU contained in an a-MPDU), I'll make a different fix for rc. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
-rw-r--r--net/mac80211/ieee80211_i.h38
-rw-r--r--net/mac80211/rx.c102
-rw-r--r--net/mac80211/wpa.c2
3 files changed, 89 insertions, 53 deletions
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 40f747273389..945fbf29719d 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -159,13 +159,37 @@ typedef unsigned __bitwise__ ieee80211_rx_result;
159#define RX_DROP_MONITOR ((__force ieee80211_rx_result) 2u) 159#define RX_DROP_MONITOR ((__force ieee80211_rx_result) 2u)
160#define RX_QUEUED ((__force ieee80211_rx_result) 3u) 160#define RX_QUEUED ((__force ieee80211_rx_result) 3u)
161 161
162#define IEEE80211_RX_IN_SCAN BIT(0) 162/**
163/* frame is destined to interface currently processed (incl. multicast frames) */ 163 * enum ieee80211_packet_rx_flags - packet RX flags
164#define IEEE80211_RX_RA_MATCH BIT(1) 164 * @IEEE80211_RX_RA_MATCH: frame is destined to interface currently processed
165#define IEEE80211_RX_AMSDU BIT(2) 165 * (incl. multicast frames)
166#define IEEE80211_RX_FRAGMENTED BIT(3) 166 * @IEEE80211_RX_IN_SCAN: received while scanning
167#define IEEE80211_MALFORMED_ACTION_FRM BIT(4) 167 * @IEEE80211_RX_FRAGMENTED: fragmented frame
168/* only add flags here that do not change with subframes of an aMPDU */ 168 * @IEEE80211_RX_AMSDU: a-MSDU packet
169 * @IEEE80211_RX_MALFORMED_ACTION_FRM: action frame is malformed
170 *
171 * These are per-frame flags that are attached to a frame in the
172 * @rx_flags field of &struct ieee80211_rx_status.
173 */
174enum ieee80211_packet_rx_flags {
175 IEEE80211_RX_IN_SCAN = BIT(0),
176 IEEE80211_RX_RA_MATCH = BIT(1),
177 IEEE80211_RX_FRAGMENTED = BIT(2),
178 IEEE80211_RX_AMSDU = BIT(3),
179 IEEE80211_RX_MALFORMED_ACTION_FRM = BIT(4),
180};
181
182/**
183 * enum ieee80211_rx_flags - RX data flags
184 *
185 * @IEEE80211_RX_CMNTR: received on cooked monitor already
186 *
187 * These flags are used across handling multiple interfaces
188 * for a single frame.
189 */
190enum ieee80211_rx_flags {
191 IEEE80211_RX_CMNTR = BIT(0),
192};
169 193
170struct ieee80211_rx_data { 194struct ieee80211_rx_data {
171 struct sk_buff *skb; 195 struct sk_buff *skb;
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 8c666e9e8fb0..0b0e83ebe3d5 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -315,6 +315,7 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
315static void ieee80211_parse_qos(struct ieee80211_rx_data *rx) 315static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
316{ 316{
317 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 317 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
318 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
318 int tid; 319 int tid;
319 320
320 /* does the frame have a qos control field? */ 321 /* does the frame have a qos control field? */
@@ -323,9 +324,7 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
323 /* frame has qos control */ 324 /* frame has qos control */
324 tid = *qc & IEEE80211_QOS_CTL_TID_MASK; 325 tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
325 if (*qc & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT) 326 if (*qc & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT)
326 rx->flags |= IEEE80211_RX_AMSDU; 327 status->rx_flags |= IEEE80211_RX_AMSDU;
327 else
328 rx->flags &= ~IEEE80211_RX_AMSDU;
329 } else { 328 } else {
330 /* 329 /*
331 * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"): 330 * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"):
@@ -387,9 +386,10 @@ static ieee80211_rx_result debug_noinline
387ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx) 386ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx)
388{ 387{
389 struct ieee80211_local *local = rx->local; 388 struct ieee80211_local *local = rx->local;
389 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
390 struct sk_buff *skb = rx->skb; 390 struct sk_buff *skb = rx->skb;
391 391
392 if (likely(!(rx->flags & IEEE80211_RX_IN_SCAN))) 392 if (likely(!(status->rx_flags & IEEE80211_RX_IN_SCAN)))
393 return RX_CONTINUE; 393 return RX_CONTINUE;
394 394
395 if (test_bit(SCAN_HW_SCANNING, &local->scanning)) 395 if (test_bit(SCAN_HW_SCANNING, &local->scanning))
@@ -783,13 +783,14 @@ static ieee80211_rx_result debug_noinline
783ieee80211_rx_h_check(struct ieee80211_rx_data *rx) 783ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
784{ 784{
785 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 785 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
786 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
786 787
787 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ 788 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
788 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { 789 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
789 if (unlikely(ieee80211_has_retry(hdr->frame_control) && 790 if (unlikely(ieee80211_has_retry(hdr->frame_control) &&
790 rx->sta->last_seq_ctrl[rx->queue] == 791 rx->sta->last_seq_ctrl[rx->queue] ==
791 hdr->seq_ctrl)) { 792 hdr->seq_ctrl)) {
792 if (rx->flags & IEEE80211_RX_RA_MATCH) { 793 if (status->rx_flags & IEEE80211_RX_RA_MATCH) {
793 rx->local->dot11FrameDuplicateCount++; 794 rx->local->dot11FrameDuplicateCount++;
794 rx->sta->num_duplicates++; 795 rx->sta->num_duplicates++;
795 } 796 }
@@ -822,7 +823,7 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
822 if ((!ieee80211_has_fromds(hdr->frame_control) && 823 if ((!ieee80211_has_fromds(hdr->frame_control) &&
823 !ieee80211_has_tods(hdr->frame_control) && 824 !ieee80211_has_tods(hdr->frame_control) &&
824 ieee80211_is_data(hdr->frame_control)) || 825 ieee80211_is_data(hdr->frame_control)) ||
825 !(rx->flags & IEEE80211_RX_RA_MATCH)) { 826 !(status->rx_flags & IEEE80211_RX_RA_MATCH)) {
826 /* Drop IBSS frames and frames for other hosts 827 /* Drop IBSS frames and frames for other hosts
827 * silently. */ 828 * silently. */
828 return RX_DROP_MONITOR; 829 return RX_DROP_MONITOR;
@@ -879,7 +880,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
879 * No point in finding a key and decrypting if the frame is neither 880 * No point in finding a key and decrypting if the frame is neither
880 * addressed to us nor a multicast frame. 881 * addressed to us nor a multicast frame.
881 */ 882 */
882 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 883 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
883 return RX_CONTINUE; 884 return RX_CONTINUE;
884 885
885 /* start without a key */ 886 /* start without a key */
@@ -1112,7 +1113,7 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
1112 sta->last_rx = jiffies; 1113 sta->last_rx = jiffies;
1113 } 1114 }
1114 1115
1115 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 1116 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1116 return RX_CONTINUE; 1117 return RX_CONTINUE;
1117 1118
1118 if (rx->sdata->vif.type == NL80211_IFTYPE_STATION) 1119 if (rx->sdata->vif.type == NL80211_IFTYPE_STATION)
@@ -1269,6 +1270,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1269 unsigned int frag, seq; 1270 unsigned int frag, seq;
1270 struct ieee80211_fragment_entry *entry; 1271 struct ieee80211_fragment_entry *entry;
1271 struct sk_buff *skb; 1272 struct sk_buff *skb;
1273 struct ieee80211_rx_status *status;
1272 1274
1273 hdr = (struct ieee80211_hdr *)rx->skb->data; 1275 hdr = (struct ieee80211_hdr *)rx->skb->data;
1274 fc = hdr->frame_control; 1276 fc = hdr->frame_control;
@@ -1368,7 +1370,8 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1368 } 1370 }
1369 1371
1370 /* Complete frame has been reassembled - process it now */ 1372 /* Complete frame has been reassembled - process it now */
1371 rx->flags |= IEEE80211_RX_FRAGMENTED; 1373 status = IEEE80211_SKB_RXCB(rx->skb);
1374 status->rx_flags |= IEEE80211_RX_FRAGMENTED;
1372 1375
1373 out: 1376 out:
1374 if (rx->sta) 1377 if (rx->sta)
@@ -1385,9 +1388,10 @@ ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
1385{ 1388{
1386 struct ieee80211_sub_if_data *sdata = rx->sdata; 1389 struct ieee80211_sub_if_data *sdata = rx->sdata;
1387 __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control; 1390 __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control;
1391 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1388 1392
1389 if (likely(!rx->sta || !ieee80211_is_pspoll(fc) || 1393 if (likely(!rx->sta || !ieee80211_is_pspoll(fc) ||
1390 !(rx->flags & IEEE80211_RX_RA_MATCH))) 1394 !(status->rx_flags & IEEE80211_RX_RA_MATCH)))
1391 return RX_CONTINUE; 1395 return RX_CONTINUE;
1392 1396
1393 if ((sdata->vif.type != NL80211_IFTYPE_AP) && 1397 if ((sdata->vif.type != NL80211_IFTYPE_AP) &&
@@ -1548,6 +1552,7 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1548 struct sk_buff *skb, *xmit_skb; 1552 struct sk_buff *skb, *xmit_skb;
1549 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data; 1553 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1550 struct sta_info *dsta; 1554 struct sta_info *dsta;
1555 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1551 1556
1552 skb = rx->skb; 1557 skb = rx->skb;
1553 xmit_skb = NULL; 1558 xmit_skb = NULL;
@@ -1555,7 +1560,7 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1555 if ((sdata->vif.type == NL80211_IFTYPE_AP || 1560 if ((sdata->vif.type == NL80211_IFTYPE_AP ||
1556 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) && 1561 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
1557 !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) && 1562 !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) &&
1558 (rx->flags & IEEE80211_RX_RA_MATCH) && 1563 (status->rx_flags & IEEE80211_RX_RA_MATCH) &&
1559 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) { 1564 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) {
1560 if (is_multicast_ether_addr(ehdr->h_dest)) { 1565 if (is_multicast_ether_addr(ehdr->h_dest)) {
1561 /* 1566 /*
@@ -1632,6 +1637,7 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1632 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 1637 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1633 __le16 fc = hdr->frame_control; 1638 __le16 fc = hdr->frame_control;
1634 struct sk_buff_head frame_list; 1639 struct sk_buff_head frame_list;
1640 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1635 1641
1636 if (unlikely(!ieee80211_is_data(fc))) 1642 if (unlikely(!ieee80211_is_data(fc)))
1637 return RX_CONTINUE; 1643 return RX_CONTINUE;
@@ -1639,7 +1645,7 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1639 if (unlikely(!ieee80211_is_data_present(fc))) 1645 if (unlikely(!ieee80211_is_data_present(fc)))
1640 return RX_DROP_MONITOR; 1646 return RX_DROP_MONITOR;
1641 1647
1642 if (!(rx->flags & IEEE80211_RX_AMSDU)) 1648 if (!(status->rx_flags & IEEE80211_RX_AMSDU))
1643 return RX_CONTINUE; 1649 return RX_CONTINUE;
1644 1650
1645 if (ieee80211_has_a4(hdr->frame_control) && 1651 if (ieee80211_has_a4(hdr->frame_control) &&
@@ -1690,6 +1696,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1690 struct sk_buff *skb = rx->skb, *fwd_skb; 1696 struct sk_buff *skb = rx->skb, *fwd_skb;
1691 struct ieee80211_local *local = rx->local; 1697 struct ieee80211_local *local = rx->local;
1692 struct ieee80211_sub_if_data *sdata = rx->sdata; 1698 struct ieee80211_sub_if_data *sdata = rx->sdata;
1699 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1693 1700
1694 hdr = (struct ieee80211_hdr *) skb->data; 1701 hdr = (struct ieee80211_hdr *) skb->data;
1695 hdrlen = ieee80211_hdrlen(hdr->frame_control); 1702 hdrlen = ieee80211_hdrlen(hdr->frame_control);
@@ -1735,7 +1742,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1735 1742
1736 mesh_hdr->ttl--; 1743 mesh_hdr->ttl--;
1737 1744
1738 if (rx->flags & IEEE80211_RX_RA_MATCH) { 1745 if (status->rx_flags & IEEE80211_RX_RA_MATCH) {
1739 if (!mesh_hdr->ttl) 1746 if (!mesh_hdr->ttl)
1740 IEEE80211_IFSTA_MESH_CTR_INC(&rx->sdata->u.mesh, 1747 IEEE80211_IFSTA_MESH_CTR_INC(&rx->sdata->u.mesh,
1741 dropped_frames_ttl); 1748 dropped_frames_ttl);
@@ -1945,6 +1952,7 @@ static ieee80211_rx_result debug_noinline
1945ieee80211_rx_h_mgmt_check(struct ieee80211_rx_data *rx) 1952ieee80211_rx_h_mgmt_check(struct ieee80211_rx_data *rx)
1946{ 1953{
1947 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; 1954 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1955 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1948 1956
1949 /* 1957 /*
1950 * From here on, look only at management frames. 1958 * From here on, look only at management frames.
@@ -1957,7 +1965,7 @@ ieee80211_rx_h_mgmt_check(struct ieee80211_rx_data *rx)
1957 if (!ieee80211_is_mgmt(mgmt->frame_control)) 1965 if (!ieee80211_is_mgmt(mgmt->frame_control))
1958 return RX_DROP_MONITOR; 1966 return RX_DROP_MONITOR;
1959 1967
1960 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 1968 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1961 return RX_DROP_MONITOR; 1969 return RX_DROP_MONITOR;
1962 1970
1963 if (ieee80211_drop_unencrypted_mgmt(rx)) 1971 if (ieee80211_drop_unencrypted_mgmt(rx))
@@ -1972,6 +1980,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1972 struct ieee80211_local *local = rx->local; 1980 struct ieee80211_local *local = rx->local;
1973 struct ieee80211_sub_if_data *sdata = rx->sdata; 1981 struct ieee80211_sub_if_data *sdata = rx->sdata;
1974 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; 1982 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1983 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1975 int len = rx->skb->len; 1984 int len = rx->skb->len;
1976 1985
1977 if (!ieee80211_is_action(mgmt->frame_control)) 1986 if (!ieee80211_is_action(mgmt->frame_control))
@@ -1984,7 +1993,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1984 if (!rx->sta && mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) 1993 if (!rx->sta && mgmt->u.action.category != WLAN_CATEGORY_PUBLIC)
1985 return RX_DROP_UNUSABLE; 1994 return RX_DROP_UNUSABLE;
1986 1995
1987 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 1996 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1988 return RX_DROP_UNUSABLE; 1997 return RX_DROP_UNUSABLE;
1989 1998
1990 switch (mgmt->u.action.category) { 1999 switch (mgmt->u.action.category) {
@@ -2080,7 +2089,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2080 return RX_CONTINUE; 2089 return RX_CONTINUE;
2081 2090
2082 invalid: 2091 invalid:
2083 rx->flags |= IEEE80211_MALFORMED_ACTION_FRM; 2092 status->rx_flags |= IEEE80211_RX_MALFORMED_ACTION_FRM;
2084 /* will return in the next handlers */ 2093 /* will return in the next handlers */
2085 return RX_CONTINUE; 2094 return RX_CONTINUE;
2086 2095
@@ -2102,10 +2111,10 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2102static ieee80211_rx_result debug_noinline 2111static ieee80211_rx_result debug_noinline
2103ieee80211_rx_h_userspace_mgmt(struct ieee80211_rx_data *rx) 2112ieee80211_rx_h_userspace_mgmt(struct ieee80211_rx_data *rx)
2104{ 2113{
2105 struct ieee80211_rx_status *status; 2114 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
2106 2115
2107 /* skip known-bad action frames and return them in the next handler */ 2116 /* skip known-bad action frames and return them in the next handler */
2108 if (rx->flags & IEEE80211_MALFORMED_ACTION_FRM) 2117 if (status->rx_flags & IEEE80211_RX_MALFORMED_ACTION_FRM)
2109 return RX_CONTINUE; 2118 return RX_CONTINUE;
2110 2119
2111 /* 2120 /*
@@ -2114,7 +2123,6 @@ ieee80211_rx_h_userspace_mgmt(struct ieee80211_rx_data *rx)
2114 * so userspace can register for those to know whether ones 2123 * so userspace can register for those to know whether ones
2115 * it transmitted were processed or returned. 2124 * it transmitted were processed or returned.
2116 */ 2125 */
2117 status = IEEE80211_SKB_RXCB(rx->skb);
2118 2126
2119 if (cfg80211_rx_mgmt(rx->sdata->dev, status->freq, 2127 if (cfg80211_rx_mgmt(rx->sdata->dev, status->freq,
2120 rx->skb->data, rx->skb->len, 2128 rx->skb->data, rx->skb->len,
@@ -2136,6 +2144,7 @@ ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
2136 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; 2144 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
2137 struct sk_buff *nskb; 2145 struct sk_buff *nskb;
2138 struct ieee80211_sub_if_data *sdata = rx->sdata; 2146 struct ieee80211_sub_if_data *sdata = rx->sdata;
2147 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
2139 2148
2140 if (!ieee80211_is_action(mgmt->frame_control)) 2149 if (!ieee80211_is_action(mgmt->frame_control))
2141 return RX_CONTINUE; 2150 return RX_CONTINUE;
@@ -2150,7 +2159,7 @@ ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
2150 * registration mechanisms, but older ones still use cooked 2159 * registration mechanisms, but older ones still use cooked
2151 * monitor interfaces so push all frames there. 2160 * monitor interfaces so push all frames there.
2152 */ 2161 */
2153 if (!(rx->flags & IEEE80211_MALFORMED_ACTION_FRM) && 2162 if (!(status->rx_flags & IEEE80211_RX_MALFORMED_ACTION_FRM) &&
2154 (sdata->vif.type == NL80211_IFTYPE_AP || 2163 (sdata->vif.type == NL80211_IFTYPE_AP ||
2155 sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) 2164 sdata->vif.type == NL80211_IFTYPE_AP_VLAN))
2156 return RX_DROP_MONITOR; 2165 return RX_DROP_MONITOR;
@@ -2284,8 +2293,13 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2284 struct net_device *prev_dev = NULL; 2293 struct net_device *prev_dev = NULL;
2285 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 2294 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
2286 2295
2287 if (status->flag & RX_FLAG_INTERNAL_CMTR) 2296 /*
2297 * If cooked monitor has been processed already, then
2298 * don't do it again. If not, set the flag.
2299 */
2300 if (rx->flags & IEEE80211_RX_CMNTR)
2288 goto out_free_skb; 2301 goto out_free_skb;
2302 rx->flags |= IEEE80211_RX_CMNTR;
2289 2303
2290 if (skb_headroom(skb) < sizeof(*rthdr) && 2304 if (skb_headroom(skb) < sizeof(*rthdr) &&
2291 pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) 2305 pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC))
@@ -2341,12 +2355,8 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2341 if (prev_dev) { 2355 if (prev_dev) {
2342 skb->dev = prev_dev; 2356 skb->dev = prev_dev;
2343 netif_receive_skb(skb); 2357 netif_receive_skb(skb);
2344 skb = NULL; 2358 return;
2345 } else 2359 }
2346 goto out_free_skb;
2347
2348 status->flag |= RX_FLAG_INTERNAL_CMTR;
2349 return;
2350 2360
2351 out_free_skb: 2361 out_free_skb:
2352 dev_kfree_skb(skb); 2362 dev_kfree_skb(skb);
@@ -2407,6 +2417,7 @@ static void ieee80211_rx_handlers(struct ieee80211_rx_data *rx,
2407 * same TID from the same station 2417 * same TID from the same station
2408 */ 2418 */
2409 rx->skb = skb; 2419 rx->skb = skb;
2420 rx->flags = 0;
2410 2421
2411 CALL_RXH(ieee80211_rx_h_decrypt) 2422 CALL_RXH(ieee80211_rx_h_decrypt)
2412 CALL_RXH(ieee80211_rx_h_check_more_data) 2423 CALL_RXH(ieee80211_rx_h_check_more_data)
@@ -2477,7 +2488,12 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_rx_data *rx)
2477void ieee80211_release_reorder_timeout(struct sta_info *sta, int tid) 2488void ieee80211_release_reorder_timeout(struct sta_info *sta, int tid)
2478{ 2489{
2479 struct sk_buff_head frames; 2490 struct sk_buff_head frames;
2480 struct ieee80211_rx_data rx = { }; 2491 struct ieee80211_rx_data rx = {
2492 .sta = sta,
2493 .sdata = sta->sdata,
2494 .local = sta->local,
2495 .queue = tid,
2496 };
2481 struct tid_ampdu_rx *tid_agg_rx; 2497 struct tid_ampdu_rx *tid_agg_rx;
2482 2498
2483 tid_agg_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[tid]); 2499 tid_agg_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[tid]);
@@ -2486,13 +2502,6 @@ void ieee80211_release_reorder_timeout(struct sta_info *sta, int tid)
2486 2502
2487 __skb_queue_head_init(&frames); 2503 __skb_queue_head_init(&frames);
2488 2504
2489 /* construct rx struct */
2490 rx.sta = sta;
2491 rx.sdata = sta->sdata;
2492 rx.local = sta->local;
2493 rx.queue = tid;
2494 rx.flags |= IEEE80211_RX_RA_MATCH;
2495
2496 spin_lock(&tid_agg_rx->reorder_lock); 2505 spin_lock(&tid_agg_rx->reorder_lock);
2497 ieee80211_sta_reorder_release(&sta->local->hw, tid_agg_rx, &frames); 2506 ieee80211_sta_reorder_release(&sta->local->hw, tid_agg_rx, &frames);
2498 spin_unlock(&tid_agg_rx->reorder_lock); 2507 spin_unlock(&tid_agg_rx->reorder_lock);
@@ -2519,7 +2528,7 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
2519 compare_ether_addr(sdata->vif.addr, hdr->addr1) != 0) { 2528 compare_ether_addr(sdata->vif.addr, hdr->addr1) != 0) {
2520 if (!(sdata->dev->flags & IFF_PROMISC)) 2529 if (!(sdata->dev->flags & IFF_PROMISC))
2521 return 0; 2530 return 0;
2522 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2531 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
2523 } 2532 }
2524 break; 2533 break;
2525 case NL80211_IFTYPE_ADHOC: 2534 case NL80211_IFTYPE_ADHOC:
@@ -2529,15 +2538,15 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
2529 return 1; 2538 return 1;
2530 } 2539 }
2531 else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) { 2540 else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) {
2532 if (!(rx->flags & IEEE80211_RX_IN_SCAN)) 2541 if (!(status->rx_flags & IEEE80211_RX_IN_SCAN))
2533 return 0; 2542 return 0;
2534 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2543 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
2535 } else if (!multicast && 2544 } else if (!multicast &&
2536 compare_ether_addr(sdata->vif.addr, 2545 compare_ether_addr(sdata->vif.addr,
2537 hdr->addr1) != 0) { 2546 hdr->addr1) != 0) {
2538 if (!(sdata->dev->flags & IFF_PROMISC)) 2547 if (!(sdata->dev->flags & IFF_PROMISC))
2539 return 0; 2548 return 0;
2540 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2549 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
2541 } else if (!rx->sta) { 2550 } else if (!rx->sta) {
2542 int rate_idx; 2551 int rate_idx;
2543 if (status->flag & RX_FLAG_HT) 2552 if (status->flag & RX_FLAG_HT)
@@ -2555,7 +2564,7 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
2555 if (!(sdata->dev->flags & IFF_PROMISC)) 2564 if (!(sdata->dev->flags & IFF_PROMISC))
2556 return 0; 2565 return 0;
2557 2566
2558 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2567 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
2559 } 2568 }
2560 break; 2569 break;
2561 case NL80211_IFTYPE_AP_VLAN: 2570 case NL80211_IFTYPE_AP_VLAN:
@@ -2566,9 +2575,9 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
2566 return 0; 2575 return 0;
2567 } else if (!ieee80211_bssid_match(bssid, 2576 } else if (!ieee80211_bssid_match(bssid,
2568 sdata->vif.addr)) { 2577 sdata->vif.addr)) {
2569 if (!(rx->flags & IEEE80211_RX_IN_SCAN)) 2578 if (!(status->rx_flags & IEEE80211_RX_IN_SCAN))
2570 return 0; 2579 return 0;
2571 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2580 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
2572 } 2581 }
2573 break; 2582 break;
2574 case NL80211_IFTYPE_WDS: 2583 case NL80211_IFTYPE_WDS:
@@ -2602,14 +2611,14 @@ static bool ieee80211_prepare_and_rx_handle(struct ieee80211_rx_data *rx,
2602 int prepares; 2611 int prepares;
2603 2612
2604 rx->skb = skb; 2613 rx->skb = skb;
2605 rx->flags |= IEEE80211_RX_RA_MATCH; 2614 status->rx_flags |= IEEE80211_RX_RA_MATCH;
2606 prepares = prepare_for_handlers(rx, hdr); 2615 prepares = prepare_for_handlers(rx, hdr);
2607 2616
2608 if (!prepares) 2617 if (!prepares)
2609 return false; 2618 return false;
2610 2619
2611 if (status->flag & RX_FLAG_MMIC_ERROR) { 2620 if (status->flag & RX_FLAG_MMIC_ERROR) {
2612 if (rx->flags & IEEE80211_RX_RA_MATCH) 2621 if (status->rx_flags & IEEE80211_RX_RA_MATCH)
2613 ieee80211_rx_michael_mic_report(hdr, rx); 2622 ieee80211_rx_michael_mic_report(hdr, rx);
2614 return false; 2623 return false;
2615 } 2624 }
@@ -2638,6 +2647,7 @@ static bool ieee80211_prepare_and_rx_handle(struct ieee80211_rx_data *rx,
2638static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw, 2647static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2639 struct sk_buff *skb) 2648 struct sk_buff *skb)
2640{ 2649{
2650 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
2641 struct ieee80211_local *local = hw_to_local(hw); 2651 struct ieee80211_local *local = hw_to_local(hw);
2642 struct ieee80211_sub_if_data *sdata; 2652 struct ieee80211_sub_if_data *sdata;
2643 struct ieee80211_hdr *hdr; 2653 struct ieee80211_hdr *hdr;
@@ -2657,7 +2667,7 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2657 2667
2658 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) || 2668 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) ||
2659 test_bit(SCAN_OFF_CHANNEL, &local->scanning))) 2669 test_bit(SCAN_OFF_CHANNEL, &local->scanning)))
2660 rx.flags |= IEEE80211_RX_IN_SCAN; 2670 status->rx_flags |= IEEE80211_RX_IN_SCAN;
2661 2671
2662 if (ieee80211_is_mgmt(fc)) 2672 if (ieee80211_is_mgmt(fc))
2663 err = skb_linearize(skb); 2673 err = skb_linearize(skb);
@@ -2808,6 +2818,8 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb)
2808 } 2818 }
2809 } 2819 }
2810 2820
2821 status->rx_flags = 0;
2822
2811 /* 2823 /*
2812 * key references and virtual interfaces are protected using RCU 2824 * key references and virtual interfaces are protected using RCU
2813 * and this requires that we are in a read-side RCU section during 2825 * and this requires that we are in a read-side RCU section during
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index 43882b36da55..bee230d8fd11 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -117,7 +117,7 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
117 key = &rx->key->conf.key[key_offset]; 117 key = &rx->key->conf.key[key_offset];
118 michael_mic(key, hdr, data, data_len, mic); 118 michael_mic(key, hdr, data, data_len, mic);
119 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) { 119 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) {
120 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 120 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
121 return RX_DROP_UNUSABLE; 121 return RX_DROP_UNUSABLE;
122 122
123 mac80211_ev_michael_mic_failure(rx->sdata, rx->key->conf.keyidx, 123 mac80211_ev_michael_mic_failure(rx->sdata, rx->key->conf.keyidx,