From: Helmut Schaa Date: Fri, 21 Dec 2007 14:16:35 +0000 (+0100) Subject: mac80211: Restore rx.fc before every invocation of ieee80211_invoke_rx_handlers X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=69f817b654d683265118188bbfb8bc0d8978cce6;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git mac80211: Restore rx.fc before every invocation of ieee80211_invoke_rx_handlers This patch fixes a problem with rx handling on multiple interfaces. Especially when using hardware-scanning and a wireless driver (i.e. iwlwifi) which is able to receive data while scanning. The rx handlers can modify the skb and the frame control field (see ieee80211_rx_h_remove_qos_control) but since every interface gets its own copy of the skb each should get its own copy of rx.fc too. In my case the wlan0-interface did not remove the qos-control from the frame because the corresponding flag in rx.fc was already removed while processing the frame on the master interface. Therefore somehow corrupted frames were passed to the userspace. Signed-off-by: Helmut Schaa Acked-by: Johannes Berg Signed-off-by: John W. Linville Signed-off-by: David S. Miller --- diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 505159f8dffc..306e6fc25d8f 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -1746,6 +1746,7 @@ void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb, prev->dev->name); continue; } + rx.fc = le16_to_cpu(hdr->frame_control); rx.skb = skb_new; rx.dev = prev->dev; rx.sdata = prev; @@ -1754,6 +1755,7 @@ void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb, prev = sdata; } if (prev) { + rx.fc = le16_to_cpu(hdr->frame_control); rx.skb = skb; rx.dev = prev->dev; rx.sdata = prev;