wifi: mac80211: fix control port frame addressing

For an AP interface, when userspace specifieds the link ID to
transmit the control port frame on (in particular for the
initial 4-way-HS), due to the logic in ieee80211_build_hdr()
for a frame transmitted from/to an MLD, we currently build a
header with

 A1 = DA = MLD address of the peer MLD
 A2 = local link address (!)
 A3 = SA = local MLD address

This clearly makes no sense, and leads to two problems:
 - if the frame were encrypted (not true for the initial
   4-way-HS) the AAD would be calculated incorrectly
 - if iTXQs are used, the frame is dropped by logic in
   ieee80211_tx_dequeue()

Fix the addressing, which fixes the first bullet, and the
second bullet for peer MLDs, I'll fix the second one for
non-MLD peers separately.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 9d5963a32da454555f8fe090c6d3fe2b33200473..1c2658e4976fe7e8a2ae942243f33da815833746 100644 (file)
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -2676,7 +2676,8 @@ static struct sk_buff *ieee80211_build_hdr(struct ieee80211_sub_if_data *sdata,
                                goto free;
                        }
                        memcpy(hdr.addr2, link->conf->addr, ETH_ALEN);
-               } else if (link_id == IEEE80211_LINK_UNSPECIFIED) {
+               } else if (link_id == IEEE80211_LINK_UNSPECIFIED ||
+                          (sta && sta->sta.mlo)) {
                        memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
                } else {
                        struct ieee80211_bss_conf *conf;