--- /dev/null
+From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
+Date: Mon, 13 Aug 2018 14:16:25 +0200
+Subject: [PATCH] mac80211: Run TXQ teardown code before de-registering
+ interfaces
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The TXQ teardown code can reference the vif data structures that are
+stored in the netdev private memory area if there are still packets on
+the queue when it is being freed. Since the TXQ teardown code is run
+after the netdevs are freed, this can lead to a use-after-free. Fix this
+by moving the TXQ teardown code to earlier in ieee80211_unregister_hw().
+
+Reported-by: Ben Greear <greearb@candelatech.com>
+Tested-by: Ben Greear <greearb@candelatech.com>
+Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/main.c
++++ b/net/mac80211/main.c
+@@ -1172,6 +1172,7 @@ void ieee80211_unregister_hw(struct ieee
+ #if IS_ENABLED(__disabled__CONFIG_IPV6)
+ unregister_inet6addr_notifier(&local->ifa6_notifier);
+ #endif
++ ieee80211_txq_teardown_flows(local);
+
+ rtnl_lock();
+
+@@ -1200,7 +1201,6 @@ void ieee80211_unregister_hw(struct ieee
+ skb_queue_purge(&local->skb_queue);
+ skb_queue_purge(&local->skb_queue_unreliable);
+ skb_queue_purge(&local->skb_queue_tdls_chsw);
+- ieee80211_txq_teardown_flows(local);
+
+ destroy_workqueue(local->workqueue);
+ wiphy_unregister(local->hw.wiphy);
--- /dev/null
+From: Yuan-Chi Pang <fu3mo6goo@gmail.com>
+Date: Wed, 29 Aug 2018 09:30:08 +0800
+Subject: [PATCH] mac80211: mesh: fix HWMP sequence numbering to follow
+ standard
+
+IEEE 802.11-2016 14.10.8.3 HWMP sequence numbering says:
+If it is a target mesh STA, it shall update its own HWMP SN to
+maximum (current HWMP SN, target HWMP SN in the PREQ element) + 1
+immediately before it generates a PREP element in response to a
+PREQ element.
+
+Signed-off-by: Yuan-Chi Pang <fu3mo6goo@gmail.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/mesh_hwmp.c
++++ b/net/mac80211/mesh_hwmp.c
+@@ -572,6 +572,10 @@ static void hwmp_preq_frame_process(stru
+ forward = false;
+ reply = true;
+ target_metric = 0;
++
++ if (SN_GT(target_sn, ifmsh->sn))
++ ifmsh->sn = target_sn;
++
+ if (time_after(jiffies, ifmsh->last_sn_update +
+ net_traversal_jiffies(sdata)) ||
+ time_before(jiffies, ifmsh->last_sn_update)) {
--- /dev/null
+From: Sara Sharon <sara.sharon@intel.com>
+Date: Wed, 29 Aug 2018 08:57:02 +0200
+Subject: [PATCH] mac80211: avoid kernel panic when building AMSDU from
+ non-linear SKB
+
+When building building AMSDU from non-linear SKB, we hit a
+kernel panic when trying to push the padding to the tail.
+Instead, put the padding at the head of the next subframe.
+This also fixes the A-MSDU subframes to not have the padding
+accounted in the length field and not have pad at all for
+the last subframe, both required by the spec.
+
+Fixes: 6e0456b54545 ("mac80211: add A-MSDU tx support")
+Signed-off-by: Sara Sharon <sara.sharon@intel.com>
+Reviewed-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -3064,27 +3064,18 @@ void ieee80211_clear_fast_xmit(struct st
+ }
+
+ static bool ieee80211_amsdu_realloc_pad(struct ieee80211_local *local,
+- struct sk_buff *skb, int headroom,
+- int *subframe_len)
++ struct sk_buff *skb, int headroom)
+ {
+- int amsdu_len = *subframe_len + sizeof(struct ethhdr);
+- int padding = (4 - amsdu_len) & 3;
+-
+- if (skb_headroom(skb) < headroom || skb_tailroom(skb) < padding) {
++ if (skb_headroom(skb) < headroom) {
+ I802_DEBUG_INC(local->tx_expand_skb_head);
+
+- if (pskb_expand_head(skb, headroom, padding, GFP_ATOMIC)) {
++ if (pskb_expand_head(skb, headroom, 0, GFP_ATOMIC)) {
+ wiphy_debug(local->hw.wiphy,
+ "failed to reallocate TX buffer\n");
+ return false;
+ }
+ }
+
+- if (padding) {
+- *subframe_len += padding;
+- skb_put_zero(skb, padding);
+- }
+-
+ return true;
+ }
+
+@@ -3108,8 +3099,7 @@ static bool ieee80211_amsdu_prepare_head
+ if (info->control.flags & IEEE80211_TX_CTRL_AMSDU)
+ return true;
+
+- if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(*amsdu_hdr),
+- &subframe_len))
++ if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(*amsdu_hdr)))
+ return false;
+
+ data = skb_push(skb, sizeof(*amsdu_hdr));
+@@ -3176,7 +3166,8 @@ static bool ieee80211_amsdu_aggregate(st
+ void *data;
+ bool ret = false;
+ unsigned int orig_len;
+- int n = 1, nfrags;
++ int n = 1, nfrags, pad = 0;
++ u16 hdrlen;
+
+ if (!ieee80211_hw_check(&local->hw, TX_AMSDU))
+ return false;
+@@ -3228,8 +3219,19 @@ static bool ieee80211_amsdu_aggregate(st
+ if (max_frags && nfrags > max_frags)
+ goto out;
+
+- if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(rfc1042_header) + 2,
+- &subframe_len))
++ /*
++ * Pad out the previous subframe to a multiple of 4 by adding the
++ * padding to the next one, that's being added. Note that head->len
++ * is the length of the full A-MSDU, but that works since each time
++ * we add a new subframe we pad out the previous one to a multiple
++ * of 4 and thus it no longer matters in the next round.
++ */
++ hdrlen = fast_tx->hdr_len - sizeof(rfc1042_header);
++ if ((head->len - hdrlen) & 3)
++ pad = 4 - ((head->len - hdrlen) & 3);
++
++ if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(rfc1042_header) +
++ 2 + pad))
+ goto out;
+
+ ret = true;
+@@ -3241,6 +3243,8 @@ static bool ieee80211_amsdu_aggregate(st
+ memcpy(data, &len, 2);
+ memcpy(data + 2, rfc1042_header, sizeof(rfc1042_header));
+
++ memset(skb_push(skb, pad), 0, pad);
++
+ head->len += skb->len;
+ head->data_len += skb->len;
+ *frag_tail = skb;
--- /dev/null
+From: Arunk Khandavalli <akhandav@codeaurora.org>
+Date: Thu, 30 Aug 2018 00:40:16 +0300
+Subject: [PATCH] cfg80211: nl80211_update_ft_ies() to validate
+ NL80211_ATTR_IE
+
+nl80211_update_ft_ies() tried to validate NL80211_ATTR_IE with
+is_valid_ie_attr() before dereferencing it, but that helper function
+returns true in case of NULL pointer (i.e., attribute not included).
+This can result to dereferencing a NULL pointer. Fix that by explicitly
+checking that NL80211_ATTR_IE is included.
+
+Fixes: 355199e02b83 ("cfg80211: Extend support for IEEE 802.11r Fast BSS Transition")
+Signed-off-by: Arunk Khandavalli <akhandav@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -11763,6 +11763,7 @@ static int nl80211_update_ft_ies(struct
+ return -EOPNOTSUPP;
+
+ if (!info->attrs[NL80211_ATTR_MDID] ||
++ !info->attrs[NL80211_ATTR_IE] ||
+ !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
+ return -EINVAL;
+
--- /dev/null
+From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
+Date: Wed, 29 Aug 2018 21:03:25 +0200
+Subject: [PATCH] mac80211: do not convert to A-MSDU if frag/subframe
+ limited
+
+Do not start to aggregate packets in a A-MSDU frame (converting the
+first subframe to A-MSDU, adding the header) if max_tx_fragments or
+max_amsdu_subframes limits are already exceeded by it. In particular,
+this happens when drivers set the limit to 1 to avoid A-MSDUs at all.
+
+Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
+[reword commit message to be more precise]
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -3201,9 +3201,6 @@ static bool ieee80211_amsdu_aggregate(st
+ if (skb->len + head->len > max_amsdu_len)
+ goto unlock;
+
+- if (!ieee80211_amsdu_prepare_head(sdata, fast_tx, head))
+- goto out;
+-
+ nfrags = 1 + skb_shinfo(skb)->nr_frags;
+ nfrags += 1 + skb_shinfo(head)->nr_frags;
+ frag_tail = &skb_shinfo(head)->frag_list;
+@@ -3219,6 +3216,9 @@ static bool ieee80211_amsdu_aggregate(st
+ if (max_frags && nfrags > max_frags)
+ goto out;
+
++ if (!ieee80211_amsdu_prepare_head(sdata, fast_tx, head))
++ goto out;
++
+ /*
+ * Pad out the previous subframe to a multiple of 4 by adding the
+ * padding to the next one, that's being added. Note that head->len
--- /dev/null
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Thu, 30 Aug 2018 10:55:49 +0200
+Subject: [PATCH] mac80211: always account for A-MSDU header changes
+
+In the error path of changing the SKB headroom of the second
+A-MSDU subframe, we would not account for the already-changed
+length of the first frame that just got converted to be in
+A-MSDU format and thus is a bit longer now.
+
+Fix this by doing the necessary accounting.
+
+It would be possible to reorder the operations, but that would
+make the code more complex (to calculate the necessary pad),
+and the headroom expansion should not fail frequently enough
+to make that worthwhile.
+
+Fixes: 6e0456b54545 ("mac80211: add A-MSDU tx support")
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Acked-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -3232,7 +3232,7 @@ static bool ieee80211_amsdu_aggregate(st
+
+ if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(rfc1042_header) +
+ 2 + pad))
+- goto out;
++ goto out_recalc;
+
+ ret = true;
+ data = skb_push(skb, ETH_ALEN + 2);
+@@ -3249,11 +3249,13 @@ static bool ieee80211_amsdu_aggregate(st
+ head->data_len += skb->len;
+ *frag_tail = skb;
+
+- flow->backlog += head->len - orig_len;
+- tin->backlog_bytes += head->len - orig_len;
+-
+- fq_recalc_backlog(fq, tin, flow);
++out_recalc:
++ if (head->len != orig_len) {
++ flow->backlog += head->len - orig_len;
++ tin->backlog_bytes += head->len - orig_len;
+
++ fq_recalc_backlog(fq, tin, flow);
++ }
+ out:
+ fq->memory_usage += head->truesize - orig_truesize;
+
--- /dev/null
+From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
+Date: Fri, 31 Aug 2018 01:04:13 +0200
+Subject: [PATCH] mac80211: fix an off-by-one issue in A-MSDU
+ max_subframe computation
+
+Initialize 'n' to 2 in order to take into account also the first
+packet in the estimation of max_subframe limit for a given A-MSDU
+since frag_tail pointer is NULL when ieee80211_amsdu_aggregate
+routine analyzes the second frame.
+
+Fixes: 6e0456b54545 ("mac80211: add A-MSDU tx support")
+Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -3166,7 +3166,7 @@ static bool ieee80211_amsdu_aggregate(st
+ void *data;
+ bool ret = false;
+ unsigned int orig_len;
+- int n = 1, nfrags, pad = 0;
++ int n = 2, nfrags, pad = 0;
+ u16 hdrlen;
+
+ if (!ieee80211_hw_check(&local->hw, TX_AMSDU))
--- /dev/null
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 31 Aug 2018 11:10:55 +0300
+Subject: [PATCH] cfg80211: fix a type issue in
+ ieee80211_chandef_to_operating_class()
+
+The "chandef->center_freq1" variable is a u32 but "freq" is a u16 so we
+are truncating away the high bits. I noticed this bug because in commit
+9cf0a0b4b64a ("cfg80211: Add support for 60GHz band channels 5 and 6")
+we made "freq <= 56160 + 2160 * 6" a valid requency when before it was
+only "freq <= 56160 + 2160 * 4" that was valid. It introduces a static
+checker warning:
+
+ net/wireless/util.c:1571 ieee80211_chandef_to_operating_class()
+ warn: always true condition '(freq <= 56160 + 2160 * 6) => (0-u16max <= 69120)'
+
+But really we probably shouldn't have been truncating the high bits
+away to begin with.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/wireless/util.c
++++ b/net/wireless/util.c
+@@ -1377,7 +1377,7 @@ bool ieee80211_chandef_to_operating_clas
+ u8 *op_class)
+ {
+ u8 vht_opclass;
+- u16 freq = chandef->center_freq1;
++ u32 freq = chandef->center_freq1;
+
+ if (freq >= 2412 && freq <= 2472) {
+ if (chandef->width > NL80211_CHAN_WIDTH_40)
--- /dev/null
+From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Date: Fri, 31 Aug 2018 11:31:06 +0300
+Subject: [PATCH] mac80211: fix a race between restart and CSA flows
+
+We hit a problem with iwlwifi that was caused by a bug in
+mac80211. A bug in iwlwifi caused the firwmare to crash in
+certain cases in channel switch. Because of that bug,
+drv_pre_channel_switch would fail and trigger the restart
+flow.
+Now we had the hw restart worker which runs on the system's
+workqueue and the csa_connection_drop_work worker that runs
+on mac80211's workqueue that can run together. This is
+obviously problematic since the restart work wants to
+reconfigure the connection, while the csa_connection_drop_work
+worker does the exact opposite: it tries to disconnect.
+
+Fix this by cancelling the csa_connection_drop_work worker
+in the restart worker.
+
+Note that this can sound racy: we could have:
+
+driver iface_work CSA_work restart_work
++++++++++++++++++++++++++++++++++++++++++++++
+ |
+ <--drv_cs ---|
+<FW CRASH!>
+-CS FAILED-->
+ | |
+ | cancel_work(CSA)
+ schedule |
+ CSA work |
+ | |
+ Race between those 2
+
+But this is not possible because we flush the workqueue
+in the restart worker before we cancel the CSA worker.
+That would be bullet proof if we could guarantee that
+we schedule the CSA worker only from the iface_work
+which runs on the workqueue (and not on the system's
+workqueue), but unfortunately we do have an instance
+in which we schedule the CSA work outside the context
+of the workqueue (ieee80211_chswitch_done).
+
+Note also that we should probably cancel other workers
+like beacon_connection_loss_work and possibly others
+for different types of interfaces, at the very least,
+IBSS should suffer from the exact same problem, but for
+now, do the minimum to fix the actual bug that was actually
+experienced and reproduced.
+
+Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/main.c
++++ b/net/mac80211/main.c
+@@ -255,8 +255,27 @@ static void ieee80211_restart_work(struc
+
+ flush_work(&local->radar_detected_work);
+ rtnl_lock();
+- list_for_each_entry(sdata, &local->interfaces, list)
++ list_for_each_entry(sdata, &local->interfaces, list) {
++ /*
++ * XXX: there may be more work for other vif types and even
++ * for station mode: a good thing would be to run most of
++ * the iface type's dependent _stop (ieee80211_mg_stop,
++ * ieee80211_ibss_stop) etc...
++ * For now, fix only the specific bug that was seen: race
++ * between csa_connection_drop_work and us.
++ */
++ if (sdata->vif.type == NL80211_IFTYPE_STATION) {
++ /*
++ * This worker is scheduled from the iface worker that
++ * runs on mac80211's workqueue, so we can't be
++ * scheduling this worker after the cancel right here.
++ * The exception is ieee80211_chswitch_done.
++ * Then we can have a race...
++ */
++ cancel_work_sync(&sdata->u.mgd.csa_connection_drop_work);
++ }
+ flush_delayed_work(&sdata->dec_tailroom_needed_wk);
++ }
+ ieee80211_scan_cancel(local);
+
+ /* make sure any new ROC will consider local->in_reconfig */
--- /dev/null
+From: Ilan Peer <ilan.peer@intel.com>
+Date: Fri, 31 Aug 2018 11:31:10 +0300
+Subject: [PATCH] mac80211: Fix station bandwidth setting after channel
+ switch
+
+When performing a channel switch flow for a managed interface, the
+flow did not update the bandwidth of the AP station and the rate
+scale algorithm. In case of a channel width downgrade, this would
+result with the rate scale algorithm using a bandwidth that does not
+match the interface channel configuration.
+
+Fix this by updating the AP station bandwidth and rate scaling algorithm
+before the actual channel change in case of a bandwidth downgrade, or
+after the actual channel change in case of a bandwidth upgrade.
+
+Signed-off-by: Ilan Peer <ilan.peer@intel.com>
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/mlme.c
++++ b/net/mac80211/mlme.c
+@@ -975,6 +975,10 @@ static void ieee80211_chswitch_work(stru
+ */
+
+ if (sdata->reserved_chanctx) {
++ struct ieee80211_supported_band *sband = NULL;
++ struct sta_info *mgd_sta = NULL;
++ enum ieee80211_sta_rx_bandwidth bw = IEEE80211_STA_RX_BW_20;
++
+ /*
+ * with multi-vif csa driver may call ieee80211_csa_finish()
+ * many times while waiting for other interfaces to use their
+@@ -983,6 +987,48 @@ static void ieee80211_chswitch_work(stru
+ if (sdata->reserved_ready)
+ goto out;
+
++ if (sdata->vif.bss_conf.chandef.width !=
++ sdata->csa_chandef.width) {
++ /*
++ * For managed interface, we need to also update the AP
++ * station bandwidth and align the rate scale algorithm
++ * on the bandwidth change. Here we only consider the
++ * bandwidth of the new channel definition (as channel
++ * switch flow does not have the full HT/VHT/HE
++ * information), assuming that if additional changes are
++ * required they would be done as part of the processing
++ * of the next beacon from the AP.
++ */
++ switch (sdata->csa_chandef.width) {
++ case NL80211_CHAN_WIDTH_20_NOHT:
++ case NL80211_CHAN_WIDTH_20:
++ default:
++ bw = IEEE80211_STA_RX_BW_20;
++ break;
++ case NL80211_CHAN_WIDTH_40:
++ bw = IEEE80211_STA_RX_BW_40;
++ break;
++ case NL80211_CHAN_WIDTH_80:
++ bw = IEEE80211_STA_RX_BW_80;
++ break;
++ case NL80211_CHAN_WIDTH_80P80:
++ case NL80211_CHAN_WIDTH_160:
++ bw = IEEE80211_STA_RX_BW_160;
++ break;
++ }
++
++ mgd_sta = sta_info_get(sdata, ifmgd->bssid);
++ sband =
++ local->hw.wiphy->bands[sdata->csa_chandef.chan->band];
++ }
++
++ if (sdata->vif.bss_conf.chandef.width >
++ sdata->csa_chandef.width) {
++ mgd_sta->sta.bandwidth = bw;
++ rate_control_rate_update(local, sband, mgd_sta,
++ IEEE80211_RC_BW_CHANGED);
++ }
++
+ ret = ieee80211_vif_use_reserved_context(sdata);
+ if (ret) {
+ sdata_info(sdata,
+@@ -993,6 +1039,13 @@ static void ieee80211_chswitch_work(stru
+ goto out;
+ }
+
++ if (sdata->vif.bss_conf.chandef.width <
++ sdata->csa_chandef.width) {
++ mgd_sta->sta.bandwidth = bw;
++ rate_control_rate_update(local, sband, mgd_sta,
++ IEEE80211_RC_BW_CHANGED);
++ }
++
+ goto out;
+ }
+
--- /dev/null
+From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Date: Fri, 31 Aug 2018 11:31:12 +0300
+Subject: [PATCH] mac80211: don't Tx a deauth frame if the AP forbade Tx
+
+If the driver fails to properly prepare for the channel
+switch, mac80211 will disconnect. If the CSA IE had mode
+set to 1, it means that the clients are not allowed to send
+any Tx on the current channel, and that includes the
+deauthentication frame.
+
+Make sure that we don't send the deauthentication frame in
+this case.
+
+In iwlwifi, this caused a failure to flush queues since the
+firmware already closed the queues after having parsed the
+CSA IE. Then mac80211 would wait until the deauthentication
+frame would go out (drv_flush(drop=false)) and that would
+never happen.
+
+Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/mlme.c
++++ b/net/mac80211/mlme.c
+@@ -1267,6 +1267,16 @@ ieee80211_sta_process_chanswitch(struct
+ cbss->beacon_interval));
+ return;
+ drop_connection:
++ /*
++ * This is just so that the disconnect flow will know that
++ * we were trying to switch channel and failed. In case the
++ * mode is 1 (we are not allowed to Tx), we will know not to
++ * send a deauthentication frame. Those two fields will be
++ * reset when the disconnection worker runs.
++ */
++ sdata->vif.csa_active = true;
++ sdata->csa_block_tx = csa_ie.mode;
++
+ ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work);
+ mutex_unlock(&local->chanctx_mtx);
+ mutex_unlock(&local->mtx);
+@@ -2437,6 +2447,7 @@ static void __ieee80211_disconnect(struc
+ struct ieee80211_local *local = sdata->local;
+ struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
+ u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
++ bool tx;
+
+ sdata_lock(sdata);
+ if (!ifmgd->associated) {
+@@ -2444,6 +2455,8 @@ static void __ieee80211_disconnect(struc
+ return;
+ }
+
++ tx = !sdata->csa_block_tx;
++
+ /* AP is probably out of range (or not reachable for another reason) so
+ * remove the bss struct for that AP.
+ */
+@@ -2451,7 +2464,7 @@ static void __ieee80211_disconnect(struc
+
+ ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
+ WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
+- true, frame_buf);
++ tx, frame_buf);
+ mutex_lock(&local->mtx);
+ sdata->vif.csa_active = false;
+ ifmgd->csa_waiting_bcn = false;
+@@ -2462,7 +2475,7 @@ static void __ieee80211_disconnect(struc
+ }
+ mutex_unlock(&local->mtx);
+
+- ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
++ ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
+ WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
+
+ sdata_unlock(sdata);
--- /dev/null
+From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Date: Fri, 31 Aug 2018 11:31:13 +0300
+Subject: [PATCH] mac80211: shorten the IBSS debug messages
+
+When tracing is enabled, all the debug messages are recorded and must
+not exceed MAX_MSG_LEN (100) columns. Longer debug messages grant the
+user with:
+
+WARNING: CPU: 3 PID: 32642 at /tmp/wifi-core-20180806094828/src/iwlwifi-stack-dev/net/mac80211/./trace_msg.h:32 trace_event_raw_event_mac80211_msg_event+0xab/0xc0 [mac80211]
+Workqueue: phy1 ieee80211_iface_work [mac80211]
+ RIP: 0010:trace_event_raw_event_mac80211_msg_event+0xab/0xc0 [mac80211]
+ Call Trace:
+ __sdata_dbg+0xbd/0x120 [mac80211]
+ ieee80211_ibss_rx_queued_mgmt+0x15f/0x510 [mac80211]
+ ieee80211_iface_work+0x21d/0x320 [mac80211]
+
+Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/ibss.c
++++ b/net/mac80211/ibss.c
+@@ -947,8 +947,8 @@ static void ieee80211_rx_mgmt_deauth_ibs
+ if (len < IEEE80211_DEAUTH_FRAME_LEN)
+ return;
+
+- ibss_dbg(sdata, "RX DeAuth SA=%pM DA=%pM BSSID=%pM (reason: %d)\n",
+- mgmt->sa, mgmt->da, mgmt->bssid, reason);
++ ibss_dbg(sdata, "RX DeAuth SA=%pM DA=%pM\n", mgmt->sa, mgmt->da);
++ ibss_dbg(sdata, "\tBSSID=%pM (reason: %d)\n", mgmt->bssid, reason);
+ sta_info_destroy_addr(sdata, mgmt->sa);
+ }
+
+@@ -966,9 +966,9 @@ static void ieee80211_rx_mgmt_auth_ibss(
+ auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
+ auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
+
+- ibss_dbg(sdata,
+- "RX Auth SA=%pM DA=%pM BSSID=%pM (auth_transaction=%d)\n",
+- mgmt->sa, mgmt->da, mgmt->bssid, auth_transaction);
++ ibss_dbg(sdata, "RX Auth SA=%pM DA=%pM\n", mgmt->sa, mgmt->da);
++ ibss_dbg(sdata, "\tBSSID=%pM (auth_transaction=%d)\n",
++ mgmt->bssid, auth_transaction);
+
+ if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1)
+ return;
+@@ -1175,10 +1175,10 @@ static void ieee80211_rx_bss_info(struct
+ rx_timestamp = drv_get_tsf(local, sdata);
+ }
+
+- ibss_dbg(sdata,
+- "RX beacon SA=%pM BSSID=%pM TSF=0x%llx BCN=0x%llx diff=%lld @%lu\n",
++ ibss_dbg(sdata, "RX beacon SA=%pM BSSID=%pM TSF=0x%llx\n",
+ mgmt->sa, mgmt->bssid,
+- (unsigned long long)rx_timestamp,
++ (unsigned long long)rx_timestamp);
++ ibss_dbg(sdata, "\tBCN=0x%llx diff=%lld @%lu\n",
+ (unsigned long long)beacon_timestamp,
+ (unsigned long long)(rx_timestamp - beacon_timestamp),
+ jiffies);
+@@ -1537,9 +1537,9 @@ static void ieee80211_rx_mgmt_probe_req(
+
+ tx_last_beacon = drv_tx_last_beacon(local);
+
+- ibss_dbg(sdata,
+- "RX ProbeReq SA=%pM DA=%pM BSSID=%pM (tx_last_beacon=%d)\n",
+- mgmt->sa, mgmt->da, mgmt->bssid, tx_last_beacon);
++ ibss_dbg(sdata, "RX ProbeReq SA=%pM DA=%pM\n", mgmt->sa, mgmt->da);
++ ibss_dbg(sdata, "\tBSSID=%pM (tx_last_beacon=%d)\n",
++ mgmt->bssid, tx_last_beacon);
+
+ if (!tx_last_beacon && is_multicast_ether_addr(mgmt->da))
+ return;
if (local->hw.conf.power_level != power) {
changed |= IEEE80211_CONF_CHANGE_POWER;
local->hw.conf.power_level = power;
-@@ -592,6 +598,7 @@ struct ieee80211_hw *ieee80211_alloc_hw_
+@@ -611,6 +617,7 @@ struct ieee80211_hw *ieee80211_alloc_hw_
IEEE80211_RADIOTAP_MCS_HAVE_BW;
local->hw.radiotap_vht_details = IEEE80211_RADIOTAP_VHT_KNOWN_GI |
IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH;
drivers/net/wireless/ath/ath10k/mac.c | 2 ++
1 file changed, 2 insertions(+)
-diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
-index 95243b48a179..8ed37ffd320f 100644
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -18,6 +18,7 @@
+@@ -17,6 +17,7 @@
#include "mac.h"
#include <net/mac80211.h>
#include <linux/etherdevice.h>
#include <linux/acpi.h>
-@@ -8306,6 +8307,7 @@ int ath10k_mac_register(struct ath10k *ar)
+@@ -8230,6 +8231,7 @@ int ath10k_mac_register(struct ath10k *a
ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
}
ath10k_mac_setup_ht_vht_cap(ar);
ar->hw->wiphy->interface_modes =
---
-2.11.0
-
projects / openwrt / staging / dedeckeh.git / commitdiff