release/4.8.18/nl80211-Use-different-attrs-for-BSSID-and-random-MAC.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-4.8 - Git at Google

 From 05ca0c3e58c3b0fb194d327ce72c5cfb499361f6 Mon Sep 17 00:00:00 2001
 From: Vamsi Krishna <vamsin@qti.qualcomm.com>
 Date: Fri, 2 Dec 2016 23:59:08 +0200
 Subject: [PATCH] nl80211: Use different attrs for BSSID and random MAC addr in
  scan req

 commit 2fa436b3a2a7009c11a3bc03fe0ff4c26e80fd87 upstream.

 NL80211_ATTR_MAC was used to set both the specific BSSID to be scanned
 and the random MAC address to be used when privacy is enabled. When both
 the features are enabled, both the BSSID and the local MAC address were
 getting same value causing Probe Request frames to go with unintended
 DA. Hence, this has been fixed by using a different NL80211_ATTR_BSSID
 attribute to set the specific BSSID (which was the more recent addition
 in cfg80211) for a scan.

 Backwards compatibility with old userspace software is maintained to
 some extent by allowing NL80211_ATTR_MAC to be used to set the specific
 BSSID when scanning without enabling random MAC address use.

 Scanning with random source MAC address was introduced by commit
 ad2b26abc157 ("cfg80211: allow drivers to support random MAC addresses
 for scan") and the issue was introduced with the addition of the second
 user for the same attribute in commit 818965d39177 ("cfg80211: Allow a
 scan request for a specific BSSID").

 Fixes: 818965d39177 ("cfg80211: Allow a scan request for a specific BSSID")
 Signed-off-by: Vamsi Krishna <vamsin@qti.qualcomm.com>
 Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

 diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
 index 220694151434..96be3a9b7e4c 100644
 --- a/include/uapi/linux/nl80211.h
 +++ b/include/uapi/linux/nl80211.h
 @@ -322,7 +322,7 @@
   * @NL80211_CMD_GET_SCAN: get scan results
   * @NL80211_CMD_TRIGGER_SCAN: trigger a new scan with the given parameters
   *	%NL80211_ATTR_TX_NO_CCK_RATE is used to decide whether to send the
 - *	probe requests at CCK rate or not. %NL80211_ATTR_MAC can be used to
 + *	probe requests at CCK rate or not. %NL80211_ATTR_BSSID can be used to
   *	specify a BSSID to scan for; if not included, the wildcard BSSID will
   *	be used.
   * @NL80211_CMD_NEW_SCAN_RESULTS: scan notification (as a reply to
 @@ -1867,6 +1867,9 @@ enum nl80211_commands {
   * @NL80211_ATTR_MESH_PEER_AID: Association ID for the mesh peer (u16). This is
   *	used to pull the stored data for mesh peer in power save state.
   *
 + * @NL80211_ATTR_BSSID: The BSSID of the AP. Note that %NL80211_ATTR_MAC is also
 + *	used in various commands/events for specifying the BSSID.
 + *
   * @NUM_NL80211_ATTR: total number of nl80211_attrs available
   * @NL80211_ATTR_MAX: highest attribute number currently defined
   * @__NL80211_ATTR_AFTER_LAST: internal use
 @@ -2261,6 +2264,8 @@ enum nl80211_attrs {

  	NL80211_ATTR_MESH_PEER_AID,

 +	NL80211_ATTR_BSSID,
 +
  	/* add attributes here, update the policy in nl80211.c */

  	__NL80211_ATTR_AFTER_LAST,
 diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
 index 4809f4d2cdcc..7e6703ea0a8e 100644
 --- a/net/wireless/nl80211.c
 +++ b/net/wireless/nl80211.c
 @@ -409,6 +409,7 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
  		.len = VHT_MUMIMO_GROUPS_DATA_LEN
  	},
  	[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
 +	[NL80211_ATTR_BSSID] = { .len = ETH_ALEN },
  };

  /* policy for the key attributes */
 @@ -6302,7 +6303,20 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
  	request->no_cck =
  		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);

 -	if (info->attrs[NL80211_ATTR_MAC])
 +	/* Initial implementation used NL80211_ATTR_MAC to set the specific
 +	 * BSSID to scan for. This was problematic because that same attribute
 +	 * was already used for another purpose (local random MAC address). The
 +	 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
 +	 * compatibility with older userspace components, also use the
 +	 * NL80211_ATTR_MAC value here if it can be determined to be used for
 +	 * the specific BSSID use case instead of the random MAC address
 +	 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
 +	 */
 +	if (info->attrs[NL80211_ATTR_BSSID])
 +		memcpy(request->bssid,
 +		       nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
 +	else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
 +		 info->attrs[NL80211_ATTR_MAC])
  		memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
  		       ETH_ALEN);
  	else
 --
 2.10.1
	From 05ca0c3e58c3b0fb194d327ce72c5cfb499361f6 Mon Sep 17 00:00:00 2001
	From: Vamsi Krishna <vamsin@qti.qualcomm.com>
	Date: Fri, 2 Dec 2016 23:59:08 +0200
	Subject: [PATCH] nl80211: Use different attrs for BSSID and random MAC addr in
	scan req

	commit 2fa436b3a2a7009c11a3bc03fe0ff4c26e80fd87 upstream.

	NL80211_ATTR_MAC was used to set both the specific BSSID to be scanned
	and the random MAC address to be used when privacy is enabled. When both
	the features are enabled, both the BSSID and the local MAC address were
	getting same value causing Probe Request frames to go with unintended
	DA. Hence, this has been fixed by using a different NL80211_ATTR_BSSID
	attribute to set the specific BSSID (which was the more recent addition
	in cfg80211) for a scan.

	Backwards compatibility with old userspace software is maintained to
	some extent by allowing NL80211_ATTR_MAC to be used to set the specific
	BSSID when scanning without enabling random MAC address use.

	Scanning with random source MAC address was introduced by commit
	ad2b26abc157 ("cfg80211: allow drivers to support random MAC addresses
	for scan") and the issue was introduced with the addition of the second
	user for the same attribute in commit 818965d39177 ("cfg80211: Allow a
	scan request for a specific BSSID").

	Fixes: 818965d39177 ("cfg80211: Allow a scan request for a specific BSSID")
	Signed-off-by: Vamsi Krishna <vamsin@qti.qualcomm.com>
	Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
	Signed-off-by: Johannes Berg <johannes.berg@intel.com>
	Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

	diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
	index 220694151434..96be3a9b7e4c 100644
	--- a/include/uapi/linux/nl80211.h
	+++ b/include/uapi/linux/nl80211.h
	@@ -322,7 +322,7 @@
	* @NL80211_CMD_GET_SCAN: get scan results
	* @NL80211_CMD_TRIGGER_SCAN: trigger a new scan with the given parameters
	* %NL80211_ATTR_TX_NO_CCK_RATE is used to decide whether to send the
	- * probe requests at CCK rate or not. %NL80211_ATTR_MAC can be used to
	+ * probe requests at CCK rate or not. %NL80211_ATTR_BSSID can be used to
	* specify a BSSID to scan for; if not included, the wildcard BSSID will
	* be used.
	* @NL80211_CMD_NEW_SCAN_RESULTS: scan notification (as a reply to
	@@ -1867,6 +1867,9 @@ enum nl80211_commands {
	* @NL80211_ATTR_MESH_PEER_AID: Association ID for the mesh peer (u16). This is
	* used to pull the stored data for mesh peer in power save state.
	*
	+ * @NL80211_ATTR_BSSID: The BSSID of the AP. Note that %NL80211_ATTR_MAC is also
	+ * used in various commands/events for specifying the BSSID.
	+ *
	* @NUM_NL80211_ATTR: total number of nl80211_attrs available
	* @NL80211_ATTR_MAX: highest attribute number currently defined
	* @__NL80211_ATTR_AFTER_LAST: internal use
	@@ -2261,6 +2264,8 @@ enum nl80211_attrs {

	NL80211_ATTR_MESH_PEER_AID,

	+ NL80211_ATTR_BSSID,
	+
	/* add attributes here, update the policy in nl80211.c */

	__NL80211_ATTR_AFTER_LAST,
	diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
	index 4809f4d2cdcc..7e6703ea0a8e 100644
	--- a/net/wireless/nl80211.c
	+++ b/net/wireless/nl80211.c
	@@ -409,6 +409,7 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
	.len = VHT_MUMIMO_GROUPS_DATA_LEN
	},
	[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
	+ [NL80211_ATTR_BSSID] = { .len = ETH_ALEN },
	};

	/* policy for the key attributes */
	@@ -6302,7 +6303,20 @@ static int nl80211_trigger_scan(struct sk_buff skb, struct genl_info info)
	request->no_cck =
	nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);

	- if (info->attrs[NL80211_ATTR_MAC])
	+ /* Initial implementation used NL80211_ATTR_MAC to set the specific
	+ * BSSID to scan for. This was problematic because that same attribute
	+ * was already used for another purpose (local random MAC address). The
	+ * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
	+ * compatibility with older userspace components, also use the
	+ * NL80211_ATTR_MAC value here if it can be determined to be used for
	+ * the specific BSSID use case instead of the random MAC address
	+ * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
	+ */
	+ if (info->attrs[NL80211_ATTR_BSSID])
	+ memcpy(request->bssid,
	+ nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
	+ else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
	+ info->attrs[NL80211_ATTR_MAC])
	memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
	ETH_ALEN);
	else
	--
	2.10.1