Patch "mac80211: refuse aggregations sessions before authorized" has been added to the 5.16-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Wed, 16 Mar 2022 11:40:38 -0400

This is a note to let you know that I've just added the patch titled

    mac80211: refuse aggregations sessions before authorized

to the 5.16-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     mac80211-refuse-aggregations-sessions-before-authori.patch
and it can be found in the queue-5.16 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 8c92152b48e04b6858009ffb1f3dc19e853ff267
Author: Johannes Berg <johannes.berg@xxxxxxxxx>
Date:   Thu Feb 3 20:15:29 2022 +0100

    mac80211: refuse aggregations sessions before authorized
    
    [ Upstream commit a6bce78262f5dd4b50510f0aa47f3995f7b185f3 ]
    
    If an MFP station isn't authorized, the receiver will (or
    at least should) drop the action frame since it's a robust
    management frame, but if we're not authorized we haven't
    installed keys yet. Refuse attempts to start a session as
    they'd just time out.
    
    Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
    Link: https://lore.kernel.org/r/20220203201528.ff4d5679dce9.I34bb1f2bc341e161af2d6faf74f91b332ba11285@changeid
    Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 74a878f213d3..1deb3d874a4b 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -9,7 +9,7 @@
  * Copyright 2007, Michael Wu <flamingice@xxxxxxxxxxxx>
  * Copyright 2007-2010, Intel Corporation
  * Copyright(c) 2015-2017 Intel Deutschland GmbH
- * Copyright (C) 2018 - 2021 Intel Corporation
+ * Copyright (C) 2018 - 2022 Intel Corporation
  */
 
 #include <linux/ieee80211.h>
@@ -626,6 +626,14 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
 		return -EINVAL;
 	}
 
+	if (test_sta_flag(sta, WLAN_STA_MFP) &&
+	    !test_sta_flag(sta, WLAN_STA_AUTHORIZED)) {
+		ht_dbg(sdata,
+		       "MFP STA not authorized - deny BA session request %pM tid %d\n",
+		       sta->sta.addr, tid);
+		return -EINVAL;
+	}
+
 	/*
 	 * 802.11n-2009 11.5.1.1: If the initiating STA is an HT STA, is a
 	 * member of an IBSS, and has no other existing Block Ack agreement






