From 2d6a062b22c1dd8f1b6aae5235812bf9cfbdad11 Mon Sep 17 00:00:00 2001
From: Koen Vandeputte <koen.vandeputte@ncentric.com>
Date: Wed, 6 Nov 2019 13:38:51 +0100
Subject: [PATCH] mac80211: backport upstream fixes

This potentially fixes some issues seen on IBSS
when interfaces go out of range and then re-appear.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
---
 ...11-accept-deauth-frames-in-IBSS-mode.patch | 39 +++++++++++++++++++
 ...domize-BA-session-dialog-token-alloc.patch | 38 ++++++++++++++++++
 2 files changed, 77 insertions(+)
 create mode 100644 package/kernel/mac80211/patches/subsys/363-mac80211-accept-deauth-frames-in-IBSS-mode.patch
 create mode 100644 package/kernel/mac80211/patches/subsys/364-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch

diff --git a/package/kernel/mac80211/patches/subsys/363-mac80211-accept-deauth-frames-in-IBSS-mode.patch b/package/kernel/mac80211/patches/subsys/363-mac80211-accept-deauth-frames-in-IBSS-mode.patch
new file mode 100644
index 0000000000..ad0792b4f6
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/363-mac80211-accept-deauth-frames-in-IBSS-mode.patch
@@ -0,0 +1,39 @@
+From 95697f9907bfe3eab0ef20265a766b22e27dde64 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 4 Oct 2019 15:37:05 +0300
+Subject: [PATCH] mac80211: accept deauth frames in IBSS mode
+
+We can process deauth frames and all, but we drop them very
+early in the RX path today - this could never have worked.
+
+Fixes: 2cc59e784b54 ("mac80211: reply to AUTH with DEAUTH if sta allocation fails in IBSS")
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Link: https://lore.kernel.org/r/20191004123706.15768-2-luca@coelho.fi
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+ net/mac80211/rx.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -3467,9 +3467,18 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_
+ 	case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP):
+ 		/* process for all: mesh, mlme, ibss */
+ 		break;
++	case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
++		if (is_multicast_ether_addr(mgmt->da) &&
++		    !is_broadcast_ether_addr(mgmt->da))
++			return RX_DROP_MONITOR;
++
++		/* process only for station/IBSS */
++		if (sdata->vif.type != NL80211_IFTYPE_STATION &&
++		    sdata->vif.type != NL80211_IFTYPE_ADHOC)
++			return RX_DROP_MONITOR;
++		break;
+ 	case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP):
+ 	case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP):
+-	case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
+ 	case cpu_to_le16(IEEE80211_STYPE_DISASSOC):
+ 		if (is_multicast_ether_addr(mgmt->da) &&
+ 		    !is_broadcast_ether_addr(mgmt->da))
diff --git a/package/kernel/mac80211/patches/subsys/364-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch b/package/kernel/mac80211/patches/subsys/364-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch
new file mode 100644
index 0000000000..dc7cac5ad1
--- /dev/null
+++ b/package/kernel/mac80211/patches/subsys/364-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch
@@ -0,0 +1,38 @@
+From b478e06a16a8baa00c5ecc87c1d636981f2206d5 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 29 Oct 2019 10:25:25 +0100
+Subject: [PATCH] mac80211: sta: randomize BA session dialog token allocator
+
+We currently always start the dialog token generator at zero,
+so the first dialog token we use is always 1. This would be
+OK if we had a perfect guarantee that we always do a proper
+deauth/re-auth handshake, but in IBSS mode this doesn't always
+happen properly.
+
+To make problems with block ack (aggregation) sessions getting
+stuck less likely, randomize the dialog token so if we start a
+new session but the peer still has old state for us, it can
+better detect this.
+
+This is really just a workaround to make things a bit more
+robust than they are now - a better fix would be to do a full
+authentication handshake in IBSS mode upon having discovered a
+new station, and on the receiver resetting the state (removing
+and re-adding the station) on receiving the authentication
+packet.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+ net/mac80211/sta_info.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -324,6 +324,7 @@ struct sta_info *sta_info_alloc(struct i
+ 	INIT_WORK(&sta->drv_deliver_wk, sta_deliver_ps_frames);
+ 	INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
+ 	mutex_init(&sta->ampdu_mlme.mtx);
++	sta->ampdu_mlme.dialog_token_allocator = prandom_u32_max(U8_MAX);
+ #ifdef CPTCFG_MAC80211_MESH
+ 	if (ieee80211_vif_is_mesh(&sdata->vif)) {
+ 		sta->mesh = kzalloc(sizeof(*sta->mesh), gfp);
-- 
2.30.2