This is a note to let you know that I've just added the patch titled mac80211: mesh: clean up rx_bcn_presp API to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: mac80211-mesh-clean-up-rx_bcn_presp-api.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Fri Oct 14 10:18:27 AM CEST 2022 From: Felix Fietkau <nbd@xxxxxxxx> Date: Thu, 13 Oct 2022 20:15:56 +0200 Subject: mac80211: mesh: clean up rx_bcn_presp API To: stable@xxxxxxxxxxxxxxx Cc: johannes@xxxxxxxxxxxxxxxx Message-ID: <20221013181601.5712-1-nbd@xxxxxxxx> From: Johannes Berg <johannes.berg@xxxxxxxxx> commit a5b983c6073140b624f64e79fea6d33c3e4315a0 upstream. We currently pass the entire elements to the rx_bcn_presp() method, but only need mesh_config. Additionally, we use the length of the elements to calculate back the entire frame's length, but that's confusing - just pass the length of the frame instead. Link: https://lore.kernel.org/r/20210920154009.a18ed3d2da6c.I1824b773a0fbae4453e1433c184678ca14e8df45@changeid Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> Cc: Felix Fietkau <nbd@xxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- net/mac80211/ieee80211_i.h | 7 +++---- net/mac80211/mesh.c | 4 ++-- net/mac80211/mesh_sync.c | 26 ++++++++++++-------------- 3 files changed, 17 insertions(+), 20 deletions(-) --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -631,10 +631,9 @@ struct ieee80211_if_ocb { */ struct ieee802_11_elems; struct ieee80211_mesh_sync_ops { - void (*rx_bcn_presp)(struct ieee80211_sub_if_data *sdata, - u16 stype, - struct ieee80211_mgmt *mgmt, - struct ieee802_11_elems *elems, + void (*rx_bcn_presp)(struct ieee80211_sub_if_data *sdata, u16 stype, + struct ieee80211_mgmt *mgmt, unsigned int len, + const struct ieee80211_meshconf_ie *mesh_cfg, struct ieee80211_rx_status *rx_status); /* should be called with beacon_data under RCU read lock */ --- a/net/mac80211/mesh.c +++ b/net/mac80211/mesh.c @@ -1354,8 +1354,8 @@ static void ieee80211_mesh_rx_bcn_presp( } if (ifmsh->sync_ops) - ifmsh->sync_ops->rx_bcn_presp(sdata, - stype, mgmt, &elems, rx_status); + ifmsh->sync_ops->rx_bcn_presp(sdata, stype, mgmt, len, + elems.mesh_config, rx_status); } int ieee80211_mesh_finish_csa(struct ieee80211_sub_if_data *sdata) --- a/net/mac80211/mesh_sync.c +++ b/net/mac80211/mesh_sync.c @@ -3,6 +3,7 @@ * Copyright 2011-2012, Pavel Zubarev <pavel.zubarev@xxxxxxxxx> * Copyright 2011-2012, Marco Porsch <marco.porsch@xxxxxxxxxxxxxxxxxxxx> * Copyright 2011-2012, cozybit Inc. + * Copyright (C) 2021 Intel Corporation */ #include "ieee80211_i.h" @@ -35,12 +36,12 @@ struct sync_method { /** * mesh_peer_tbtt_adjusting - check if an mp is currently adjusting its TBTT * - * @ie: information elements of a management frame from the mesh peer + * @cfg: mesh config element from the mesh peer (or %NULL) */ -static bool mesh_peer_tbtt_adjusting(struct ieee802_11_elems *ie) +static bool mesh_peer_tbtt_adjusting(const struct ieee80211_meshconf_ie *cfg) { - return (ie->mesh_config->meshconf_cap & - IEEE80211_MESHCONF_CAPAB_TBTT_ADJUSTING) != 0; + return cfg && + (cfg->meshconf_cap & IEEE80211_MESHCONF_CAPAB_TBTT_ADJUSTING); } void mesh_sync_adjust_tsf(struct ieee80211_sub_if_data *sdata) @@ -76,11 +77,11 @@ void mesh_sync_adjust_tsf(struct ieee802 } } -static void mesh_sync_offset_rx_bcn_presp(struct ieee80211_sub_if_data *sdata, - u16 stype, - struct ieee80211_mgmt *mgmt, - struct ieee802_11_elems *elems, - struct ieee80211_rx_status *rx_status) +static void +mesh_sync_offset_rx_bcn_presp(struct ieee80211_sub_if_data *sdata, u16 stype, + struct ieee80211_mgmt *mgmt, unsigned int len, + const struct ieee80211_meshconf_ie *mesh_cfg, + struct ieee80211_rx_status *rx_status) { struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; struct ieee80211_local *local = sdata->local; @@ -101,10 +102,7 @@ static void mesh_sync_offset_rx_bcn_pres */ if (ieee80211_have_rx_timestamp(rx_status)) t_r = ieee80211_calculate_rx_timestamp(local, rx_status, - 24 + 12 + - elems->total_len + - FCS_LEN, - 24); + len + FCS_LEN, 24); else t_r = drv_get_tsf(local, sdata); @@ -119,7 +117,7 @@ static void mesh_sync_offset_rx_bcn_pres * dot11MeshNbrOffsetMaxNeighbor non-peer non-MBSS neighbors */ - if (elems->mesh_config && mesh_peer_tbtt_adjusting(elems)) { + if (mesh_peer_tbtt_adjusting(mesh_cfg)) { msync_dbg(sdata, "STA %pM : is adjusting TBTT\n", sta->sta.addr); goto no_sync; Patches currently in stable-queue which might be from nbd@xxxxxxxx are queue-5.15/mac80211-fix-memory-leaks-with-element-parsing.patch queue-5.15/mac80211-mlme-find-auth-challenge-directly.patch queue-5.15/mac80211-mesh-clean-up-rx_bcn_presp-api.patch queue-5.15/wifi-mac80211-fix-mbssid-parsing-use-after-free.patch queue-5.15/mac80211-always-allocate-struct-ieee802_11_elems.patch queue-5.15/mac80211-move-crc-into-struct-ieee802_11_elems.patch