1 files changed, 83 insertions, 9 deletions
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 0839c4e8fd2e..f803f8b72a93 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1692,14 +1692,52 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
                        rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
                        break;
                case IEEE80211_STYPE_ACTION:
-                        if (mgmt->u.action.category != WLAN_CATEGORY_SPECTRUM_MGMT)
+                        switch (mgmt->u.action.category) {
+                        case WLAN_CATEGORY_BACK: {
+                                struct ieee80211_local *local = sdata->local;
+                                int len = skb->len;
+                                struct sta_info *sta;
+                                rcu_read_lock();
+                                sta = sta_info_get(sdata, mgmt->sa);
+                                if (!sta) {
+                                        rcu_read_unlock();
+                                        break;
+                                }
+                                local_bh_disable();
+                                switch (mgmt->u.action.u.addba_req.action_code) {
+                                case WLAN_ACTION_ADDBA_REQ:
+                                        if (len < (IEEE80211_MIN_ACTION_SIZE +
+                                                   sizeof(mgmt->u.action.u.addba_req)))
+                                                break;
+                                        ieee80211_process_addba_request(local, sta, mgmt, len);
+                                        break;
+                                case WLAN_ACTION_ADDBA_RESP:
+                                        if (len < (IEEE80211_MIN_ACTION_SIZE +
+                                                   sizeof(mgmt->u.action.u.addba_resp)))
+                                                break;
+                                        ieee80211_process_addba_resp(local, sta, mgmt, len);
+                                        break;
+                                case WLAN_ACTION_DELBA:
+                                        if (len < (IEEE80211_MIN_ACTION_SIZE +
+                                                   sizeof(mgmt->u.action.u.delba)))
+                                                break;
+                                        ieee80211_process_delba(sdata, sta, mgmt, len);
+                                        break;
+                                }
+                                local_bh_enable();
+                                rcu_read_unlock();
                                break;
+                                }
-                        ieee80211_sta_process_chanswitch(sdata,
+                        case WLAN_CATEGORY_SPECTRUM_MGMT:
-                                        &mgmt->u.action.u.chan_switch.sw_elem,
+                                ieee80211_sta_process_chanswitch(sdata,
-                                        (void *)ifmgd->associated->priv,
+                                                &mgmt->u.action.u.chan_switch.sw_elem,
-                                        rx_status->mactime);
+                                                (void *)ifmgd->associated->priv,
-                        break;
+                                                rx_status->mactime);
+                                break;
+                        }
                }
                mutex_unlock(&ifmgd->mtx);
@@ -1722,9 +1760,45 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
        mutex_unlock(&ifmgd->mtx);
        if (skb->len >= 24 + 2 /* mgmt + deauth reason */ &&
-            (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_DEAUTH)
+            (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_DEAUTH) {
-                cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
+                struct ieee80211_local *local = sdata->local;
+                struct ieee80211_work *wk;
+                mutex_lock(&local->work_mtx);
+                list_for_each_entry(wk, &local->work_list, list) {
+                        if (wk->sdata != sdata)
+                                continue;
+                        if (wk->type != IEEE80211_WORK_ASSOC)
+                                continue;
+                        if (memcmp(mgmt->bssid, wk->filter_ta, ETH_ALEN))
+                                continue;
+                        if (memcmp(mgmt->sa, wk->filter_ta, ETH_ALEN))
+                                continue;
+                        /*
+                         * Printing the message only here means we can't
+                         * spuriously print it, but it also means that it
+                         * won't be printed when the frame comes in before
+                         * we even tried to associate or in similar cases.
+                         *
+                         * Ultimately, I suspect cfg80211 should print the
+                         * messages instead.
+                         */
+                        printk(KERN_DEBUG
+                               "%s: deauthenticated from %pM (Reason: %u)\n",
+                               sdata->name, mgmt->bssid,
+                               le16_to_cpu(mgmt->u.deauth.reason_code));
+                        list_del_rcu(&wk->list);
+                        free_work(wk);
+                        break;
+                }
+                mutex_unlock(&local->work_mtx);
+                cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
+        }
 out:
        kfree_skb(skb);
 }

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 0839c4e8fd2e..f803f8b72a93 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c
@@ -1692,14 +1692,52 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1692	rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);	1692	rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
1693	break;	1693	break;
1694	case IEEE80211_STYPE_ACTION:	1694	case IEEE80211_STYPE_ACTION:
1695	if (mgmt->u.action.category != WLAN_CATEGORY_SPECTRUM_MGMT)	1695	switch (mgmt->u.action.category) {
		1696	case WLAN_CATEGORY_BACK: {
		1697	struct ieee80211_local *local = sdata->local;
		1698	int len = skb->len;
		1699	struct sta_info *sta;
		1700
		1701	rcu_read_lock();
		1702	sta = sta_info_get(sdata, mgmt->sa);
		1703	if (!sta) {
		1704	rcu_read_unlock();
		1705	break;
		1706	}
		1707
		1708	local_bh_disable();
		1709
		1710	switch (mgmt->u.action.u.addba_req.action_code) {
		1711	case WLAN_ACTION_ADDBA_REQ:
		1712	if (len < (IEEE80211_MIN_ACTION_SIZE +
		1713	sizeof(mgmt->u.action.u.addba_req)))
		1714	break;
		1715	ieee80211_process_addba_request(local, sta, mgmt, len);
		1716	break;
		1717	case WLAN_ACTION_ADDBA_RESP:
		1718	if (len < (IEEE80211_MIN_ACTION_SIZE +
		1719	sizeof(mgmt->u.action.u.addba_resp)))
		1720	break;
		1721	ieee80211_process_addba_resp(local, sta, mgmt, len);
		1722	break;
		1723	case WLAN_ACTION_DELBA:
		1724	if (len < (IEEE80211_MIN_ACTION_SIZE +
		1725	sizeof(mgmt->u.action.u.delba)))
		1726	break;
		1727	ieee80211_process_delba(sdata, sta, mgmt, len);
		1728	break;
		1729	}
		1730	local_bh_enable();
		1731	rcu_read_unlock();
1696	break;	1732	break;
1697		1733	}
1698	ieee80211_sta_process_chanswitch(sdata,	1734	case WLAN_CATEGORY_SPECTRUM_MGMT:
1699	&mgmt->u.action.u.chan_switch.sw_elem,	1735	ieee80211_sta_process_chanswitch(sdata,
1700	(void *)ifmgd->associated->priv,	1736	&mgmt->u.action.u.chan_switch.sw_elem,
1701	rx_status->mactime);	1737	(void *)ifmgd->associated->priv,
1702	break;	1738	rx_status->mactime);
		1739	break;
		1740	}
1703	}	1741	}
1704	mutex_unlock(&ifmgd->mtx);	1742	mutex_unlock(&ifmgd->mtx);
1705		1743
@@ -1722,9 +1760,45 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1722	mutex_unlock(&ifmgd->mtx);	1760	mutex_unlock(&ifmgd->mtx);
1723		1761
1724	if (skb->len >= 24 + 2 /* mgmt + deauth reason */ &&	1762	if (skb->len >= 24 + 2 /* mgmt + deauth reason */ &&
1725	(fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_DEAUTH)	1763	(fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_DEAUTH) {
1726	cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);	1764	struct ieee80211_local *local = sdata->local;
		1765	struct ieee80211_work *wk;
		1766
		1767	mutex_lock(&local->work_mtx);
		1768	list_for_each_entry(wk, &local->work_list, list) {
		1769	if (wk->sdata != sdata)
		1770	continue;
		1771
		1772	if (wk->type != IEEE80211_WORK_ASSOC)
		1773	continue;
		1774
		1775	if (memcmp(mgmt->bssid, wk->filter_ta, ETH_ALEN))
		1776	continue;
		1777	if (memcmp(mgmt->sa, wk->filter_ta, ETH_ALEN))
		1778	continue;
1727		1779
		1780	/*
		1781	* Printing the message only here means we can't
		1782	* spuriously print it, but it also means that it
		1783	* won't be printed when the frame comes in before
		1784	* we even tried to associate or in similar cases.
		1785	*
		1786	* Ultimately, I suspect cfg80211 should print the
		1787	* messages instead.
		1788	*/
		1789	printk(KERN_DEBUG
		1790	"%s: deauthenticated from %pM (Reason: %u)\n",
		1791	sdata->name, mgmt->bssid,
		1792	le16_to_cpu(mgmt->u.deauth.reason_code));
		1793
		1794	list_del_rcu(&wk->list);
		1795	free_work(wk);
		1796	break;
		1797	}
		1798	mutex_unlock(&local->work_mtx);
		1799
		1800	cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
		1801	}
1728	out:	1802	out:
1729	kfree_skb(skb);	1803	kfree_skb(skb);
1730	}	1804	}