package/mac80211/patches/550-ath9k_mmic_verify.patch

   1 --- a/drivers/net/wireless/ath/ath9k/recv.c
   2 +++ b/drivers/net/wireless/ath/ath9k/recv.c
   3 @@ -814,16 +814,19 @@ static bool ath9k_rx_accept(struct ath_c
   4                             struct ath_rx_status *rx_stats,
   5                             bool *decrypt_error)
   6  {
   7 -#define is_mc_or_valid_tkip_keyix ((is_mc ||                   \
   8 -               (rx_stats->rs_keyix != ATH9K_RXKEYIX_INVALID && \
   9 -               test_bit(rx_stats->rs_keyix, common->tkip_keymap))))
  10 -
  11 +       bool is_mc, is_valid_tkip, strip_mic, mic_error = false;
  12         struct ath_hw *ah = common->ah;
  13         __le16 fc;
  14         u8 rx_status_len = ah->caps.rx_status_len;
  15
  16         fc = hdr->frame_control;
  17
  18 +       is_mc = !!is_multicast_ether_addr(hdr->addr1);
  19 +       is_valid_tkip = rx_stats->rs_keyix != ATH9K_RXKEYIX_INVALID &&
  20 +               test_bit(rx_stats->rs_keyix, common->tkip_keymap);
  21 +       strip_mic = is_valid_tkip && !(rx_stats->rs_status &
  22 +               (ATH9K_RXERR_DECRYPT | ATH9K_RXERR_CRC | ATH9K_RXERR_MIC));
  23 +
  24         if (!rx_stats->rs_datalen)
  25                 return false;
  26          /*
  27 @@ -838,6 +841,11 @@ static bool ath9k_rx_accept(struct ath_c
  28         if (rx_stats->rs_more)
  29                 return true;
  30
  31 +       mic_error = is_valid_tkip && !ieee80211_is_ctl(fc) &&
  32 +               !ieee80211_has_morefrags(fc) &&
  33 +               !(le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG) &&
  34 +               (rx_stats->rs_status & ATH9K_RXERR_MIC);
  35 +
  36         /*
  37          * The rx_stats->rs_status will not be set until the end of the
  38          * chained descriptors so it can be ignored if rs_more is set. The
  39 @@ -845,30 +853,18 @@ static bool ath9k_rx_accept(struct ath_c
  40          * descriptors.
  41          */
  42         if (rx_stats->rs_status != 0) {
  43 -               if (rx_stats->rs_status & ATH9K_RXERR_CRC)
  44 +               if (rx_stats->rs_status & ATH9K_RXERR_CRC) {
  45                         rxs->flag |= RX_FLAG_FAILED_FCS_CRC;
  46 +                       mic_error = false;
  47 +               }
  48                 if (rx_stats->rs_status & ATH9K_RXERR_PHY)
  49                         return false;
  50
  51                 if (rx_stats->rs_status & ATH9K_RXERR_DECRYPT) {
  52                         *decrypt_error = true;
  53 -               } else if (rx_stats->rs_status & ATH9K_RXERR_MIC) {
  54 -                       bool is_mc;
  55 -                       /*
  56 -                        * The MIC error bit is only valid if the frame
  57 -                        * is not a control frame or fragment, and it was
  58 -                        * decrypted using a valid TKIP key.
  59 -                        */
  60 -                       is_mc = !!is_multicast_ether_addr(hdr->addr1);
  61 -
  62 -                       if (!ieee80211_is_ctl(fc) &&
  63 -                           !ieee80211_has_morefrags(fc) &&
  64 -                           !(le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG) &&
  65 -                           is_mc_or_valid_tkip_keyix)
  66 -                               rxs->flag |= RX_FLAG_MMIC_ERROR;
  67 -                       else
  68 -                               rx_stats->rs_status &= ~ATH9K_RXERR_MIC;
  69 +                       mic_error = false;
  70                 }
  71 +
  72                 /*
  73                  * Reject error frames with the exception of
  74                  * decryption and MIC failures. For monitor mode,
  75 @@ -886,6 +882,18 @@ static bool ath9k_rx_accept(struct ath_c
  76                         }
  77                 }
  78         }
  79 +
  80 +       /*
  81 +        * For unicast frames the MIC error bit can have false positives,
  82 +        * so all MIC error reports need to be validated in software.
  83 +        * False negatives are not common, so skip software verification
  84 +        * if the hardware considers the MIC valid.
  85 +        */
  86 +       if (strip_mic)
  87 +               rxs->flag |= RX_FLAG_MMIC_STRIPPED;
  88 +       else if (is_mc && mic_error)
  89 +               rxs->flag |= RX_FLAG_MMIC_ERROR;
  90 +
  91         return true;
  92  }
  93
  94 @@ -1940,6 +1948,9 @@ int ath_rx_tasklet(struct ath_softc *sc,
  95                         sc->rx.rxotherant = 0;
  96                 }
  97
  98 +               if (rxs->flag & RX_FLAG_MMIC_STRIPPED)
  99 +                       skb_trim(skb, skb->len - 8);
 100 +
 101                 spin_lock_irqsave(&sc->sc_pm_lock, flags);
 102
 103                 if ((sc->ps_flags & (PS_WAIT_FOR_BEACON |