aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211/rx.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211/rx.c')
-rw-r--r--net/mac80211/rx.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 0b9898ac4d87..6e7d6d48fe1e 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1819,17 +1819,26 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames)
1819 return RX_CONTINUE; 1819 return RX_CONTINUE;
1820 1820
1821 if (ieee80211_is_back_req(bar->frame_control)) { 1821 if (ieee80211_is_back_req(bar->frame_control)) {
1822 struct {
1823 __le16 control, start_seq_num;
1824 } __packed bar_data;
1825
1822 if (!rx->sta) 1826 if (!rx->sta)
1823 return RX_DROP_MONITOR; 1827 return RX_DROP_MONITOR;
1828
1829 if (skb_copy_bits(skb, offsetof(struct ieee80211_bar, control),
1830 &bar_data, sizeof(bar_data)))
1831 return RX_DROP_MONITOR;
1832
1824 spin_lock(&rx->sta->lock); 1833 spin_lock(&rx->sta->lock);
1825 tid = le16_to_cpu(bar->control) >> 12; 1834 tid = le16_to_cpu(bar_data.control) >> 12;
1826 if (!rx->sta->ampdu_mlme.tid_active_rx[tid]) { 1835 if (!rx->sta->ampdu_mlme.tid_active_rx[tid]) {
1827 spin_unlock(&rx->sta->lock); 1836 spin_unlock(&rx->sta->lock);
1828 return RX_DROP_MONITOR; 1837 return RX_DROP_MONITOR;
1829 } 1838 }
1830 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid]; 1839 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid];
1831 1840
1832 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4; 1841 start_seq_num = le16_to_cpu(bar_data.start_seq_num) >> 4;
1833 1842
1834 /* reset session timer */ 1843 /* reset session timer */
1835 if (tid_agg_rx->timeout) 1844 if (tid_agg_rx->timeout)
@@ -1941,6 +1950,9 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1941 if (len < IEEE80211_MIN_ACTION_SIZE + 1) 1950 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
1942 break; 1951 break;
1943 1952
1953 if (sdata->vif.type == NL80211_IFTYPE_STATION)
1954 return ieee80211_sta_rx_mgmt(sdata, rx->skb);
1955
1944 switch (mgmt->u.action.u.addba_req.action_code) { 1956 switch (mgmt->u.action.u.addba_req.action_code) {
1945 case WLAN_ACTION_ADDBA_REQ: 1957 case WLAN_ACTION_ADDBA_REQ:
1946 if (len < (IEEE80211_MIN_ACTION_SIZE + 1958 if (len < (IEEE80211_MIN_ACTION_SIZE +