#
8ade3356 |
|
28-Feb-2024 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: allow cfg80211_defragment_element() without output If we just want to determine the length of the fragmented data, we basically need the same logic, and really we want it to be _literally_ the same logic, so it cannot be out of sync in any way. Allow calling cfg80211_defragment_element() without an output buffer, where it then just returns the required output size. Also add this to the tests, just to exercise it, using the pre-calculated length to really do the defragmentation, which checks that this is sufficient. Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com> Reviewed-by: Benjamin Berg <benjamin.berg@intel.com> Link: https://msgid.link/20240228095718.6d6565b9e3f2.Ib441903f4b8644ba04b1c766f90580ee6f54fc66@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
22667035 |
|
28-Feb-2024 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: expose cfg80211_iter_rnr() to drivers In mac80211 we'll need to look at reduced neighbor report entries for channel switch purposes, so export the iteration function to make that simpler. Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20240228095718.0954809964ef.I53e95c017aa71f14e8d1057afbbc75982ddb43df@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
894dd84e |
|
16-Feb-2024 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: use ML element parsing helpers Use the existing ML element parsing helpers and add a new one for this (ieee80211_mle_get_mld_id). Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20240216135047.4da47b1f035b.I437a5570ac456449facb0b147851ef24a1e473c2@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
6b756efc |
|
16-Feb-2024 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: refactor RNR parsing We'll need more parsing of the reduced neighbor report element, and we already have two places doing pretty much the same. Combine by refactoring the parsing into a separate function with a callback for each item found. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Reviewed-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20240216135047.cfff14b692fc.Ibe25be88a769eab29ebb17b9d19af666df6a2227@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
7e899c1d |
|
16-Feb-2024 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: clean up cfg80211_inform_bss_frame_data() Make cfg80211_inform_bss_frame_data() call the existing cfg80211_inform_bss_data() after parsing the frame in the appropriate way, so we have less code duplication. This required introducing a new CFG80211_BSS_FTYPE_S1G_BEACON, but that can be used by other drivers as well. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20240216135047.874aed1eff5f.Ib7d88d126eec50c64763251a78cb432bb5df14df@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
317bad4c |
|
16-Feb-2024 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() This function pretty much does what cfg80211_inform_single_bss_data() already does, except on a frame data. But we can call the other one, after populating the inform_data more completely, so we don't need to do everything twice. This also uncovered a few bugs: * the 6 GHz power type checks were only done in this function, move (and rename from 'uhb') those; * the chains/chain_signal information wasn't used in the latter, add that Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20240216135047.f3f864f94c78.I2192adb32ab10713e71f395a9d203386264f6ed5@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
f8599d63 |
|
16-Feb-2024 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: set correct param change count in ML element The ML element generation code to create a BSS entry from a per-STA profile was not overwriting the BSS parameter change count. This meant that the incorrect parameter change count would be reported within the multi-link element. Fix this by returning the BSS parameter change count from the function and placing it into the ML element. The returned tbtt info was never used, so just drop that to simplify the code. Fixes: 5f478adf1f99 ("wifi: cfg80211: generate an ML element for per-STA profiles") Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20240216135047.f2a507634692.I06b122c7a319a38b4e970f5e0bd3d3ef9cac4cbe@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
7b5e25b8b |
|
06-Feb-2024 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: rename UHB to 6 GHz UHB stands for "Ultra High Band", but this term doesn't really exist in the spec. Rename all occurrences to "6 GHz", but keep a few defines for userspace API compatibility. Link: https://msgid.link/20240206164849.c9cfb9400839.I153db3b951934a1d84409c17fbe1f1d1782543fa@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
679dd27b |
|
04-Feb-2024 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: fix kunit exports These can only be exported if cfg80211's kunit is enabled, since they're otherwise static. kunit itself can be enabled even if cfg80211's kunit isn't. Fix that by using the right macro. Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202402040534.6AEKtZ7Y-lkp@intel.com/ Fixes: 45d43937a44c ("wifi: cfg80211: add a kunit test for 6 GHz colocated AP parsing") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
45d43937 |
|
29-Jan-2024 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: add a kunit test for 6 GHz colocated AP parsing Test a few things around parsing of 6 GHz colocated APs to e.g. ensure that we are not going to scan for a disabled (affiliated) AP. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Link: https://msgid.link/20240129220918.079dc50ab43b.Ide898d9f1d4c26d7e774d6fd0ec57766967d6572@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
4d1d6b3f |
|
02-Jan-2024 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: add RNR with reporting AP information If the reporting AP is part of the same MLD, then an entry in the RNR is required in order to discover it again from the BSS generated from the per-STA profile in the Multi-Link Probe Response. We need this because we do not have a direct concept of an MLD AP and just do the lookup from one to the other on the fly if needed. As such, we need to ensure that this lookup will work both ways. Fixes: 2481b5da9c6b ("wifi: cfg80211: handle BSS data contained in ML probe responses") Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20240102213313.4cb3dbb1d84f.I7c74edec83c5d7598cdd578929fd0876d67aef7f@changeid [roll in off-by-one fix and test updates from Benjamin] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
177fbbcb |
|
29-Jan-2024 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: detect stuck ECSA element in probe resp We recently added some validation that we don't try to connect to an AP that is currently in a channel switch process, since that might want the channel to be quiet or we might not be able to connect in time to hear the switching in a beacon. This was in commit c09c4f31998b ("wifi: mac80211: don't connect to an AP while it's in a CSA process"). However, we promptly got a report that this caused new connection failures, and it turns out that the AP that we now cannot connect to is permanently advertising an extended channel switch announcement, even with quiet. The AP in question was an Asus RT-AC53, with firmware 3.0.0.4.380_10760-g21a5898. As a first step, attempt to detect that we're dealing with such a situation, so mac80211 can use this later. Reported-by: coldolt <andypalmadi@gmail.com> Closes: https://lore.kernel.org/linux-wireless/CAJvGw+DQhBk_mHXeu6RTOds5iramMW2FbMB01VbKRA4YbHHDTA@mail.gmail.com/ Fixes: c09c4f31998b ("wifi: mac80211: don't connect to an AP while it's in a CSA process") Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20240129131413.246972c8775e.Ibf834d7f52f9951a353b6872383da710a7358338@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
d18125b6 |
|
02-Jan-2024 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: parse all ML elements in an ML probe response A probe response from a transmitting AP in an Multi-BSSID setup will contain more than one Multi-Link element. Most likely, only one of these elements contains per-STA profiles. Fixes: 2481b5da9c6b ("wifi: cfg80211: handle BSS data contained in ML probe responses") Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20240102213313.6635eb152735.I94289002d4a2f7b6b44dfa428344854e37b0b29c@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
2a0698f8 |
|
02-Jan-2024 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: correct comment about MLD ID The comment was referencing the wrong section of the documentation and was also subtly wrong as it assumed the rules that apply when sending probe requests directly to a nontransmitted AP. However, in that case the response comes from the transmitting AP and the AP MLD ID will be included. Fixes: 2481b5da9c6b ("wifi: cfg80211: handle BSS data contained in ML probe responses") Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20240102213313.0917ab4b5d7f.I76aff0e261a5de44ffb467e591a46597a30d7c0a@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
9d027a35 |
|
20-Dec-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: tests: add some scanning related tests This adds some scanning related tests, mainly exercising the ML element parsing and inheritance. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Link: https://msgid.link/20231220151952.415232-7-benjamin@sipsolutions.net Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
1184950e |
|
03-Jan-2024 |
Edward Adam Davis <eadavis@qq.com> |
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update Replace rcu_dereference() with rcu_access_pointer() since we hold the lock here (and aren't in an RCU critical section). Fixes: 32af9a9e1069 ("wifi: cfg80211: free beacon_ies when overridden from hidden BSS") Reported-and-tested-by: syzbot+864a269c27ee06b58374@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis@qq.com> Link: https://msgid.link/tencent_BF8F0DF0258C8DBF124CDDE4DD8D992DCF07@qq.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
acc44cbd |
|
20-Dec-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: avoid double free if updating BSS fails cfg80211_update_known_bss will always consume the passed IEs. As such, cfg80211_update_assoc_bss_entry also needs to always set the pointers to NULL so that no double free can occur. Note that hitting this would probably require being connected to a hidden BSS which is then doing a channel switch while also switching to be not hidden anymore at the same time. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20231220133549.8891edb28d51.Id09c5145363e990ff5237decd58296302e2d53c8@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
31c5e92b |
|
20-Dec-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: ensure cfg80211_bss_update frees IEs on error cfg80211_bss_update is expected to consume the IEs that are passed into it in the temporary internal BSS. This did not happen in some error cases (which are also WARN_ON paths), so change the code to use a common label and use that everywhere. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20231220133549.8e72ea105e17.Ic81e9431e980419360e97502ce8c75c58793f05a@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
32af9a9e |
|
20-Dec-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: free beacon_ies when overridden from hidden BSS This is a more of a cosmetic fix. The branch will only be taken if proberesp_ies is set, which implies that beacon_ies is not set unless we are connected to an AP that just did a channel switch. And, in that case we should have found the BSS in the internal storage to begin with. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20231220133549.b898e22dadff.Id8c4c10aedd176ef2e18a4cad747b299f150f9df@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
645f3d85 |
|
20-Dec-2023 |
Mukesh Sisodiya <mukesh.sisodiya@intel.com> |
wifi: cfg80211: handle UHB AP and STA power type UHB AP send supported power type(LPI, SP, VLP) in beacon and probe response IE and STA should connect to these AP only if their regulatory support the AP power type. Beacon/Probe response are reported to userspace with reason "STA regulatory not supporting to connect to AP based on transmitted power type" and it should not connect to AP. Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com> Reviewed-by: Gregory Greenman <gregory.greenman@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20231220133549.cbfbef9170a9.I432f78438de18aa9f5c9006be12e41dc34cc47c5@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
f510bcc2 |
|
11-Dec-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: consume both probe response and beacon IEs When doing a channel switch, cfg80211_update_known_bss may be called with a BSS where both proberesp_ies and beacon_ies is set. If that happens, both need to be consumed. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20231211085121.07a88656d7df.I0fe9fc599382de0eccf96455617e377d9c231966@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5f478adf |
|
11-Dec-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: generate an ML element for per-STA profiles The specification says that this information should not be explicitly included in the per-STA profile. However, we need this information readily available in the BSS for userspace and also internally when associating. As such, append the appropriate element before adding/updating the BSS. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20231211085121.abde63d9cc6d.I3d346be0f84f51dccf4f4f92a3e997e6102b9456@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
d02a12b8 |
|
11-Dec-2023 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: add BSS usage reporting Sometimes there may be reasons for which a BSS that's actually found in scan cannot be used to connect to, for example a nonprimary link of an NSTR mobile AP MLD cannot be used for normal direct connections to it. Not indicating these to userspace as we do now of course avoids being able to connect to them, but it's better if they're shown to userspace and it can make an appropriate decision, without e.g. doing an additional ML probe. Thus add an indication of what a BSS can be used for, currently "normal" and "MLD link", including a reason bitmap for it being not usable. The latter can be extended later for certain BSSes if there are other reasons they cannot be used. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Reviewed-by: Ilan Peer <ilan.peer@intel.com> Reviewed-by: Gregory Greenman <gregory.greenman@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20231211085121.0464f25e0b1d.I9f70ca9f1440565ad9a5207d0f4d00a20cca67e7@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
0fca7784 |
|
28-Sep-2023 |
Ilan Peer <ilan.peer@intel.com> |
wifi: cfg80211: Handle specific BSSID in 6GHz scanning When the scan parameters for a 6GHz scan specify a unicast BSSID address, and the corresponding AP is found in the scan list, add a corresponding entry in the collocated AP list, so this AP would be directly probed even if it was not advertised as a collocated AP. This is needed for handling a scan request that is intended for a ML probe flow, where user space can requests a scan to retrieve information for other links in the AP MLD. Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230928172905.54b954bc02ad.I1c072793d3d77a4c8fbbc64b4db5cce1bbb00382@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5add321c |
|
28-Aug-2023 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: remove scan_width support There really isn't any support for scanning at different channel widths than 20 MHz since there's no way to set it. Remove this support for now, if somebody wants to maintain this whole thing later we can revisit how it should work. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
22446b7e |
|
11-Sep-2023 |
Dmitry Antipov <dmantipov@yandex.ru> |
wifi: wext: avoid extra calls to strlen() in ieee80211_bss() Since 'sprintf()' returns the number of characters emitted, an extra calls to 'strlen()' in 'ieee80211_bss()' may be dropped. Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> Link: https://lore.kernel.org/r/20230912035522.15947-1-dmantipov@yandex.ru Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
43125539 |
|
27-Aug-2023 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: fix off-by-one in element defrag If a fragment is the last element, it's erroneously not accepted. Fix that. Fixes: f837a653a097 ("wifi: cfg80211: add element defragmentation helper") Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230827135854.adca9fbd3317.I6b2df45eb71513f3e48efd196ae3cddec362dc1c@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
3e3929ef |
|
21-Oct-2023 |
Ben Greear <greearb@candelatech.com> |
wifi: cfg80211: pass correct pointer to rdev_inform_bss() Confusing struct member names here resulted in passing the wrong pointer, causing crashes. Pass the correct one. Fixes: eb142608e2c4 ("wifi: cfg80211: use a struct for inform_single_bss data") Signed-off-by: Ben Greear <greearb@candelatech.com> Link: https://lore.kernel.org/r/20231021154827.1142734-1-greearb@candelatech.com [rewrite commit message, add fixes] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
0914468a |
|
18-Sep-2023 |
Ilan Peer <ilan.peer@intel.com> |
wifi: cfg80211: Fix 6GHz scan configuration When the scan request includes a non broadcast BSSID, when adding the scan parameters for 6GHz collocated scanning, do not include entries that do not match the given BSSID. Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230918140607.6d31d2a96baf.I6c4e3e3075d1d1878ee41f45190fdc6b86f18708@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
fd7f08d9 |
|
23-Jul-2023 |
Ilan Peer <ilan.peer@intel.com> |
wifi: cfg80211: Fix return value in scan logic The reporter noticed a warning when running iwlwifi: WARNING: CPU: 8 PID: 659 at mm/page_alloc.c:4453 __alloc_pages+0x329/0x340 As cfg80211_parse_colocated_ap() is not expected to return a negative value return 0 and not a negative value if cfg80211_calc_short_ssid() fails. Fixes: c8cb5b854b40f ("nl80211/cfg80211: support 6 GHz scanning") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217675 Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230723201043.3007430-1-ilan.peer@intel.com
|
#
4ef2f53e |
|
19-Jun-2023 |
Ilan Peer <ilan.peer@intel.com> |
wifi: cfg80211: Retrieve PSD information from RNR AP information Retrieve the Power Spectral Density (PSD) value from RNR AP information entry and store it so it could be used by the drivers. PSD value is explained in Section 9.4.2.170 of Draft P802.11Revme_D2.0. Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230619161906.067ded2b8fc3.I9f407ab5800cbb07045a0537a513012960ced740@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5461707a |
|
18-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: search all RNR elements for colocated APs An AP reporting colocated APs may send more than one reduced neighbor report element. As such, iterate all elements instead of only parsing the first one when looking for colocated APs. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230618214436.ffe2c014f478.I372a4f96c88f7ea28ac39e94e0abfc465b5330d4@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
8dcc91c4 |
|
18-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: stop parsing after allocation failure The error handling code would break out of the loop incorrectly, causing the rest of the message to be misinterpreted. Fix this by also jumping out of the surrounding while loop, which will trigger the error detection code. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230618214436.0ffac98475cf.I6f5c08a09f5c9fced01497b95a9841ffd1b039f8@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
a0ed5011 |
|
18-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: do not scan disabled links on 6GHz If a link is disabled on 6GHz, we should not send a probe request on the channel to resolve it. Simply skip such RNR entries so that the link is ignored. Userspace can still see the link in the RNR and may generate an ML probe request in order to associate to the (currently) disabled link. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230618214436.4f7384006471.Iff8f1081e76a298bd25f9468abb3a586372cddaa@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
2481b5da |
|
18-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: handle BSS data contained in ML probe responses The basic multi-link element within an multi-link probe response will contain full information about BSSes that are part of an MLD AP. This BSS information may be used to associate with a link of an MLD AP without having received a beacon from the BSS itself. This patch adds parsing of the data and adding/updating the BSS using the received elements. Doing this means that userspace can discover the BSSes using an ML probe request and request association on these links. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230618214436.29593bd0ae1f.Ic9a67b8f022360aa202b870a932897a389171b14@changeid [swap loop conditions smatch complained about] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
dc92e54c |
|
18-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: use structs for TBTT information access Make the data access a bit nicer overall by using structs. There is a small change here to also accept a TBTT information length of eight bytes as we do not require the 20 MHz PSD information. This also fixes a bug reading the short SSID on big endian machines. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230618214436.4c3f8901c1bc.Ic3e94fd6e1bccff7948a252ad3bb87e322690a17@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
eb142608 |
|
18-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: use a struct for inform_single_bss data The argument is getting quite large, so use a struct internally to pass around the information. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230618214436.831ab8a87b6f.I3bcc83d90f41d6f8a47b39528575dad0a9ec3564@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
891d4d58 |
|
18-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: Always ignore ML element The element should never be inherited, so always exclude it. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230618214435.c0e17989b4ed.I7cecb5ab7cd6919e61839b50ce5156904b41d7d8@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
f837a653 |
|
16-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: add element defragmentation helper This is already needed within mac80211 and support is also needed by cfg80211 to parse ML elements. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230616094949.29c3ebeed10d.I009c049289dd0162c2e858ed8b68d2875a672ed6@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
39432f8a |
|
16-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: drop incorrect nontransmitted BSS update code The removed code ran for any BSS that was not included in the MBSSID element in order to update it. However, instead of using the correct inheritance rules, it would simply copy the elements from the transmitting AP. The result is that we would report incorrect elements in this case. After some discussions, it seems that there are likely not even APs actually using this feature. Either way, removing the code decreases complexity and makes the cfg80211 behaviour more correct. Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning") Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230616094949.cfd6d8db1f26.Ia1044902b86cd7d366400a4bfb93691b8f05d68c@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
dfd9aa3e |
|
16-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: rewrite merging of inherited elements The cfg80211_gen_new_ie function merges the IEs using inheritance rules. Rewrite this function to fix issues around inheritance rules. In particular, vendor elements do not require any special handling, as they are either all inherited or overridden by the subprofile. Also, add fragmentation handling as this may be needed in some cases. This also changes the function to not require making a copy. The new version could be optimized a bit by explicitly tracking which IEs have been handled already rather than looking that up again every time. Note that a small behavioural change is the removal of the SSID special handling. This should be fine for the MBSSID element, as the SSID must be included in the subelement. Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning") Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230616094949.bc6152e146db.I2b5f3bc45085e1901e5b5192a674436adaf94748@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
03e7e493 |
|
16-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: ignore invalid TBTT info field types The TBTT information field type must be zero. This is only changed in the 802.11be draft specification where the value 1 is used to indicate that only the MLD parameters are included. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230616094949.7865606ffe94.I7ff28afb875d1b4c39acd497df8490a7d3628e3f@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5db25290 |
|
16-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: add inform_bss op to update BSS This new function is called from within the inform_bss(_frame)_data functions in order for the driver to update data that it is tracking. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230616094949.8d7781b0f965.I80041183072b75c081996a1a5a230b34aff5c668@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
6b7c93c1 |
|
16-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: keep bss_lock held when informing It is reasonable to hold bss_lock for a little bit longer after cfg80211_bss_update is done. Right now, this does not make any big difference, but doing so in preparation for the next patch which adds a call to the driver. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230616094948.61701884ff0d.I3358228209eb6766202aff04d1bae0b8fdff611f@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
c2edd301 |
|
16-Jun-2023 |
Benjamin Berg <benjamin.berg@intel.com> |
wifi: cfg80211: move regulatory_hint_found_beacon to be earlier These calls do not require any locking, so move them in preparation for the next patches. A minor change/bugfix is to not hint a beacon for nontransmitted BSSes Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230616094948.a5bf3558eae9.I33c7465d983c8bef19deb7a533ee475a16f91774@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
fe0af9fe |
|
06-Jun-2023 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: move scan done work to wiphy work Move the scan done work to the new wiphy work to simplify the code a bit. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
1b6b4ed0 |
|
24-Apr-2023 |
Ilan Peer <ilan.peer@intel.com> |
wifi: cfg80211: Drop entries with invalid BSSIDs in RNR Ignore AP information for entries that include an invalid BSSID in the TBTT information field, e.g., all zeros BSSIDs. Fixes: c8cb5b854b40 ("nl80211/cfg80211: support 6 GHz scanning") Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230424103224.5e65d04d1448.Ic10c8577ae4a85272c407106c9d0a2ecb5372743@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
6ff9efcf |
|
28-Feb-2023 |
Mordechay Goodstein <mordechay.goodstein@intel.com> |
wifi: wireless: cleanup unused function parameters In the past ftype was used for deciding about 6G DUP beacon, but the logic was removed and ftype is not needed anymore. Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230301115906.98d4761b809b.I255f5ecd77cb24fcf2f1641bb5833ea2d121296e@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
fb4b441c |
|
28-Feb-2023 |
Mordechay Goodstein <mordechay.goodstein@intel.com> |
wifi: wireless: correct primary channel validation on 6 GHz The check that beacon primary channel is in the range of 80 MHz (abs < 80) is invalid for 320 MHz since duplicate beacon transmit means that the AP transmits it on all the 20 MHz sub-channels: 9.4.2.249 HE Operation element - ... AP transmits Beacon frames in non-HT duplicate PPDU with a TXVECTOR parameter CH_BANDWIDTH value that is up to the BSS bandwidth. So in case of 320 MHz the DUP beacon can be in upper 160 for primary channel in the lower 160 giving possibly an absolute range of over 80 MHz. Also this check is redundant alltogether, if AP has a wrong primary channel in the beacon it's a faulty AP, and we would fail in next steps to connect. While at it, fix the frequency comparison to no longer compare between KHz and MHz, which was introduced by commit 7f599aeccbd2 ("cfg80211: Use the HE operation IE to determine a 6GHz BSS channel"). Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230301115906.314faf725255.I5e27251ac558297553b590d3917a7b6d1aae0e74@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
724a486c |
|
28-Feb-2023 |
Mordechay Goodstein <mordechay.goodstein@intel.com> |
wifi: wireless: return primary channel regardless of DUP Currently in case DUP bit is not set we don't return the primary channel for 6 GHz Band, but the spec says that the DUP bit has no effect on this field: 9.4.2.249 HE Operation element: The Duplicate Beacon subfield is set to 1 if the AP transmits Beacon frames in non-HT duplicate PPDU with a TXVECTOR parameter CH_BANDWIDTH value that is up to the BSS bandwidth and is set to 0 otherwise. So remove the condition for returning primary channel based on DUP. Since the caller code already marks the signal as invalid in case the indicated frequency is not the tuned frequency, there's no need to additionally handle this case here since that's already true for duplicated beacons on the non-primary channel(s). Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com> Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230301115906.66d7f05f7d11.I5e0add054f72ede95611391b99804c61c40cc959@changeid [clarify commit message] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
61e41e5d |
|
17-Oct-2022 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: use bss_from_pub() instead of container_of() There's no need to open-code container_of() when we have bss_from_pub(). Use it. Change-Id: I074723717909ba211a40e6499f0c36df0e2ba4be Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
c1d3214d |
|
10-Nov-2022 |
JUN-KYU SHIN <jk.shin@newratek.com> |
wifi: cfg80211: fix comparison of BSS frequencies If the "channel->freq_offset" comparison is omitted in cmp_bss(), BSS with different kHz units cannot be distinguished in the S1G Band. So "freq_offset" should also be included in the comparison. Signed-off-by: JUN-KYU SHIN <jk.shin@newratek.com> Link: https://lore.kernel.org/r/20221111023301.6395-1-jk.shin@newratek.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
02ae6a70 |
|
08-Nov-2022 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
wifi: cfg80211: Avoid clashing function prototypes When built with Control Flow Integrity, function prototypes between caller and function declaration must match. These mismatches are visible at compile time with the new -Wcast-function-type-strict in Clang[1]. Fix a total of 73 warnings like these: drivers/net/wireless/intersil/orinoco/wext.c:1379:27: warning: cast from 'int (*)(struct net_device *, struct iw_request_info *, struct iw_param *, char *)' to 'iw_handler' (aka 'int (*)(struct net_device *, struct iw_request_info *, union iwreq_data *, char *)') converts to incompatible function type [-Wcast-function-type-strict] IW_HANDLER(SIOCGIWPOWER, (iw_handler)orinoco_ioctl_getpower), ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../net/wireless/wext-compat.c:1607:33: warning: cast from 'int (*)(struct net_device *, struct iw_request_info *, struct iw_point *, char *)' to 'iw_handler' (aka 'int (*)(struct net_device *, struct iw_request_info *, union iwreq_data *, char *)') converts to incompatible function type [-Wcast-function-type-strict] [IW_IOCTL_IDX(SIOCSIWGENIE)] = (iw_handler) cfg80211_wext_siwgenie, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../drivers/net/wireless/intersil/orinoco/wext.c:1390:27: error: incompatible function pointer types initializing 'const iw_handler' (aka 'int (*const)(struct net_device *, struct iw_request_info *, union iwreq_data *, char *)') with an expression of type 'int (struct net_device *, struct iw_request_info *, struct iw_param *, char *)' [-Wincompatible-function-pointer-types] IW_HANDLER(SIOCGIWRETRY, cfg80211_wext_giwretry), ^~~~~~~~~~~~~~~~~~~~~~ The cfg80211 Wireless Extension handler callbacks (iw_handler) use a union for the data argument. Actually use the union and perform explicit member selection in the function body instead of having a function prototype mismatch. There are no resulting binary differences before/after changes. These changes were made partly manually and partly with the help of Coccinelle. Link: https://github.com/KSPP/linux/issues/234 Link: https://reviews.llvm.org/D134831 [1] Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/a68822bf8dd587988131bb6a295280cb4293f05d.1667934775.git.gustavoars@kernel.org
|
#
acd3c92a |
|
24-Nov-2022 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: don't allow multi-BSSID in S1G In S1G beacon frames there shouldn't be multi-BSSID elements since that's not supported, remove that to avoid a potential integer underflow and/or misparsing the frames due to the different length of the fixed part of the frame. While at it, initialize non_tx_data so we don't send garbage values to the user (even if it doesn't seem to matter now.) Reported-and-tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de> Fixes: 9eaffe5078ca ("cfg80211: convert S1G beacon to scan results") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
9f16b5c8 |
|
24-Nov-2022 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: fix buffer overflow in elem comparison For vendor elements, the code here assumes that 5 octets are present without checking. Since the element itself is already checked to fit, we only need to check the length. Reported-and-tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de> Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
03c0ad4b |
|
13-Oct-2022 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: silence a sparse RCU warning All we're going to do with this pointer is assign it to another __rcu pointer, but sparse can't see that, so use rcu_access_pointer() to silence the warning here. Fixes: c90b93b5b782 ("wifi: cfg80211: update hidden BSSes to avoid WARN_ON") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
c90b93b5 |
|
05-Oct-2022 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: update hidden BSSes to avoid WARN_ON When updating beacon elements in a non-transmitted BSS, also update the hidden sub-entries to the same beacon elements, so that a future update through other paths won't trigger a WARN_ON(). The warning is triggered because the beacon elements in the hidden BSSes that are children of the BSS should always be the same as in the parent. Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de> Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de> Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
bcca8520 |
|
30-Sep-2022 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: avoid nontransmitted BSS list corruption If a non-transmitted BSS shares enough information (both SSID and BSSID!) with another non-transmitted BSS of a different AP, then we can find and update it, and then try to add it to the non-transmitted BSS list. We do a search for it on the transmitted BSS, but if it's not there (but belongs to another transmitted BSS), the list gets corrupted. Since this is an erroneous situation, simply fail the list insertion in this case and free the non-transmitted BSS. This fixes CVE-2022-42721. Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de> Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de> Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
0b780881 |
|
30-Sep-2022 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: fix BSS refcounting bugs There are multiple refcounting bugs related to multi-BSSID: - In bss_ref_get(), if the BSS has a hidden_beacon_bss, then the bss pointer is overwritten before checking for the transmitted BSS, which is clearly wrong. Fix this by using the bss_from_pub() macro. - In cfg80211_bss_update() we copy the transmitted_bss pointer from tmp into new, but then if we release new, we'll unref it erroneously. We already set the pointer and ref it, but need to NULL it since it was copied from the tmp data. - In cfg80211_inform_single_bss_data(), if adding to the non- transmitted list fails, we unlink the BSS and yet still we return it, but this results in returning an entry without a reference. We shouldn't return it anyway if it was broken enough to not get added there. This fixes CVE-2022-42720. Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de> Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de> Fixes: a3584f56de1c ("cfg80211: Properly track transmitting and non-transmitting BSS") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
567e14e3 |
|
29-Sep-2022 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: ensure length byte is present before access When iterating the elements here, ensure the length byte is present before checking it to see if the entire element will fit into the buffer. Longer term, we should rewrite this code using the type-safe element iteration macros that check all of this. Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning") Reported-by: Soenke Huster <shuster@seemoo.tu-darmstadt.de> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
8f033d2b |
|
28-Sep-2022 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211/mac80211: reject bad MBSSID elements Per spec, the maximum value for the MaxBSSID ('n') indicator is 8, and the minimum is 1 since a multiple BSSID set with just one BSSID doesn't make sense (the # of BSSIDs is limited by 2^n). Limit this in the parsing in both cfg80211 and mac80211, rejecting any elements with an invalid value. This fixes potentially bad shifts in the processing of these inside the cfg80211_gen_new_bssid() function later. I found this during the investigation of CVE-2022-41674 fixed by the previous patch. Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning") Fixes: 78ac51f81532 ("mac80211: support multi-bssid") Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
aebe9f46 |
|
28-Sep-2022 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() In the copy code of the elements, we do the following calculation to reach the end of the MBSSID element: /* copy the IEs after MBSSID */ cpy_len = mbssid[1] + 2; This looks fine, however, cpy_len is a u8, the same as mbssid[1], so the addition of two can overflow. In this case the subsequent memcpy() will overflow the allocated buffer, since it copies 256 bytes too much due to the way the allocation and memcpy() sizes are calculated. Fix this by using size_t for the cpy_len variable. This fixes CVE-2022-41674. Reported-by: Soenke Huster <shuster@seemoo.tu-darmstadt.de> Tested-by: Soenke Huster <shuster@seemoo.tu-darmstadt.de> Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning") Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
dd1671ed |
|
03-Aug-2022 |
Ilan Peer <ilan.peer@intel.com> |
wifi: cfg80211: Update RNR parsing to align with Draft P802.11be_D2.0 Based on changes in the specification the TBTT information in the RNR can include MLD information, so update the parsing to allow extracting the short SSID information in such a case. Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
7b0a0e3c |
|
14-Apr-2022 |
Johannes Berg <johannes.berg@intel.com> |
wifi: cfg80211: do some rework towards MLO link APIs In order to support multi-link operation with multiple links, start adding some APIs. The notable addition here is to have the link ID in a new nl80211 attribute, that will be used to differentiate the links in many nl80211 operations. So far, this patch adds the netlink NL80211_ATTR_MLO_LINK_ID attribute (as well as the NL80211_ATTR_MLO_LINKS attribute) and plugs it through the system in some places, checking the validity etc. along with other infrastructure needed for it. For now, I've decided to include only the over-the-air link ID in the API. I know we discussed that we eventually need to have to have other ways of identifying a link, but for local AP mode and auth/assoc commands as well as set_key etc. we'll use the OTA ID. Also included in this patch is some refactoring of the data structures in struct wireless_dev, splitting for the first time the data into type dependent pieces, to make reasoning about these things easier. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
e847ffe2 |
|
19-Apr-2022 |
Kieran Frewen <kieran.frewen@morsemicro.com> |
cfg80211: retrieve S1G operating channel number When retrieving the S1G channel number from IEs, we should retrieve the operating channel instead of the primary channel. The S1G operation element specifies the main channel of operation as the oper channel, unlike for HT and HE which specify their main channel of operation as the primary channel. Signed-off-by: Kieran Frewen <kieran.frewen@morsemicro.com> Signed-off-by: Bassem Dawood <bassem@morsemicro.com> Link: https://lore.kernel.org/r/20220420041321.3788789-1-kieran.frewen@morsemicro.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
a5199b56 |
|
11-Apr-2022 |
Rameshkumar Sundaram <quic_ramess@quicinc.com> |
cfg80211: hold bss_lock while updating nontrans_list Synchronize additions to nontrans_list of transmitting BSS with bss_lock to avoid races. Also when cfg80211_add_nontrans_list() fails __cfg80211_unlink_bss() needs bss_lock to be held (has lockdep assert on bss_lock). So protect the whole block with bss_lock to avoid races and warnings. Found during code review. Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning") Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com> Link: https://lore.kernel.org/r/1649668071-9370-1-git-send-email-quic_ramess@quicinc.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5666ee15 |
|
02-Feb-2022 |
Avraham Stern <avraham.stern@intel.com> |
cfg80211: don't add non transmitted BSS to 6GHz scanned channels When adding 6GHz channels to scan request based on reported co-located APs, don't add channels that have only APs with "non-transmitted" BSSes if they only match the wildcard SSID since they will be found by probing the "transmitted" BSS. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20220202104617.f6ddf099f934.I231e55885d3644f292d00dfe0f42653269f2559e@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
75cca1fa |
|
02-Dec-2021 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: refactor cfg80211_get_ies_channel_number() Now that this is no longer part of the bigger function, we can get rid of the channel_num variable. Also change the function to use the struct element helpers, instead of open-coding the element handling. Link: https://lore.kernel.org/r/20211202130913.a0adf67a9319.I6db0340a34fff18d78e9cd512f4abf855da4e43a@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
7f599aec |
|
02-Dec-2021 |
Ayala Beker <ayala.beker@intel.com> |
cfg80211: Use the HE operation IE to determine a 6GHz BSS channel A non-collocated AP whose primary channel is not a PSC channel may transmit a duplicated beacon on the corresponding PSC channel in which it would indicate its true primary channel. Use this inforamtion contained in the HE operation IE to determine the primary channel of the AP. In case of invalid infomration ignore it and use the channel the frame was received on. Signed-off-by: Ayala Beker <ayala.beker@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20211202143322.71eb2176e54e.I130f678e4aa390973ab39d838bbfe7b2d54bff8e@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
fb8b53ac |
|
30-Sep-2021 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: use ieee80211_bss_get_elem() instead of _get_ie() Use the structured helper for finding an element instead of the unstructured ieee80211_bss_get_ie(). Link: https://lore.kernel.org/r/20210930131130.e94709f341c3.I4ddb7fcb40efca27987deda7f9a144a5702ebfae@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
3536672b |
|
15-Nov-2021 |
liuguoqiang <liuguoqiang@uniontech.com> |
cfg80211: delete redundant free code When kzalloc failed and rdev->sacn_req or rdev->scan_msg is null, pass a null pointer to kfree is redundant, delete it and return directly. Signed-off-by: liuguoqiang <liuguoqiang@uniontech.com> Link: https://lore.kernel.org/r/20211115092139.24407-1-liuguoqiang@uniontech.com [remove now unused creq = NULL assigment] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
97981d89 |
|
30-Sep-2021 |
Wen Gong <wgong@codeaurora.org> |
cfg80211: separate get channel number from ies Get channel number from ies is a common logic, so separate it to a new function, which could also be used by lower driver. Signed-off-by: Wen Gong <wgong@codeaurora.org> Link: https://lore.kernel.org/r/20210930081533.4898-1-wgong@codeaurora.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
a3eca817 |
|
30-Sep-2021 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: scan: use element finding functions in easy cases There are a few easy cases where we only check for NULL or have just simple use of the result, this can be done with the element finding functions instead. Link: https://lore.kernel.org/r/20210930131130.f27c8a7ec264.Iadb03c4307e9216e080ce513e8ad4048cd020b25@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
a2083eeb |
|
30-Sep-2021 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() The SSID pointer is pointing to RCU protected data, so we need to have it under rcu_read_lock() for the entire use. Fix this. Cc: stable@vger.kernel.org Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning") Link: https://lore.kernel.org/r/20210930131120.6ddfc603aa1d.I2137344c4e2426525b1a8e4ce5fca82f8ecbfe7e@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
1160dfa1 |
|
05-Aug-2021 |
Yajun Deng <yajun.deng@linux.dev> |
net: Remove redundant if statements The 'if (dev)' statement already move into dev_{put , hold}, so remove redundant if statements. Signed-off-by: Yajun Deng <yajun.deng@linux.dev> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
f9a5c358 |
|
28-Jun-2021 |
Nguyen Dinh Phi <phind.uet@gmail.com> |
cfg80211: Fix possible memory leak in function cfg80211_bss_update When we exceed the limit of BSS entries, this function will free the new entry, however, at this time, it is the last door to access the inputed ies, so these ies will be unreferenced objects and cause memory leak. Therefore we should free its ies before deallocating the new entry, beside of dropping it from hidden_list. Signed-off-by: Nguyen Dinh Phi <phind.uet@gmail.com> Link: https://lore.kernel.org/r/20210628132334.851095-1-phind.uet@gmail.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
52bb2052 |
|
18-Jun-2021 |
Ilan Peer <ilan.peer@intel.com> |
cfg80211: Support hidden AP discovery over 6GHz band To discover a hidden AP on the 6GHz band, the probe request sent to the AP needs to include the AP's SSID, as some APs would not respond with a probe response based only on short SSID match. To support hidden AP discovery over the 6GHz band, when constructing the specific 6GHz band scan also include SSIDs that were part of the original scan request, so these can be used in the probe requests transmitted during scan. Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20210618133832.218df9d3203c.Ice0f7a2f6a65f1f9710b7898591481baeefaf490@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5b5c9f3b |
|
08-May-2021 |
Dan Carpenter <dan.carpenter@oracle.com> |
cfg80211: clean up variable use in cfg80211_parse_colocated_ap() The "ap_info->tbtt_info_len" and "length" variables are the same value but it is confusing how the names are mixed up. Let's use "length" everywhere for consistency. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Link: https://lore.kernel.org/r/YJaMNzZENkYFAYQX@mwanda Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
010bfbe7 |
|
16-Apr-2021 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: scan: drop entry from hidden_list on overflow If we overflow the maximum number of BSS entries and free the new entry, drop it from any hidden_list that it may have been added to in the code above or in cfg80211_combine_bsses(). Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Link: https://lore.kernel.org/r/20210416094212.5de7d1676ad7.Ied283b0bc5f504845e7d6ab90626bdfa68bb3dc0@changeid Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
8a16ffdc |
|
08-Apr-2021 |
Ilan Peer <ilan.peer@intel.com> |
cfg80211: Remove wrong RNR IE validation check Remove a wrong length check for RNR information element as it can have arbitrary length. Signed-off-by: Ilan Peer <ilan.peer@intel.com> Link: https://lore.kernel.org/r/20210408143224.c7eeaf1a5270.Iead7762982e941a1cbff93f68bf8b5139447ff0c@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
b5ac0146 |
|
08-Apr-2021 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: check S1G beacon compat element length We need to check the length of this element so that we don't access data beyond its end. Fix that. Fixes: 9eaffe5078ca ("cfg80211: convert S1G beacon to scan results") Link: https://lore.kernel.org/r/20210408142826.f6f4525012de.I9fdeff0afdc683a6024e5ea49d2daa3cd2459d11@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
a05829a7 |
|
22-Jan-2021 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: avoid holding the RTNL when calling the driver Currently, _everything_ in cfg80211 holds the RTNL, and if you have a slow USB device (or a few) you can get some bad lock contention on that. Fix that by re-adding a mutex to each wiphy/rdev as we had at some point, so we have locking for the wireless_dev lists and all the other things in there, and also so that drivers still don't have to worry too much about it (they still won't get parallel calls for a single device). Then, we can restrict the RTNL to a few cases where we add or remove interfaces and really need the added protection. Some of the global list management still also uses the RTNL, since we need to have it anyway for netdev management, but we only hold the RTNL for very short periods of time here. Link: https://lore.kernel.org/r/20210122161942.81df9f5e047a.I4a8e1a60b18863ea8c5e6d3a0faeafb2d45b2f40@changeid Tested-by: Marek Szyprowski <m.szyprowski@samsung.com> [marvell driver issues] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
b45a19dd |
|
29-Nov-2020 |
Ilan Peer <ilan.peer@intel.com> |
cfg80211: Update TSF and TSF BSSID for multi BSS When a new BSS entry is created based on multi BSS IE, the TSF and the TSF BSSID were not updated. Fix it. Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20201129172929.8377d5063827.I6f2011b6017c2ad507c61a3f1ca03b7177a46e32@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
d590a125 |
|
29-Nov-2020 |
Ayala Beker <ayala.beker@intel.com> |
cfg80211: scan PSC channels in case of scan with wildcard SSID In case of scan request with wildcard SSID, or in case of more than one SSID in scan request, need to scan PSC channels even though all the co-located APs found during the legacy bands scan indicated that all the APs in their ESS are co-located, as we might find different networks on the PSC channels. Signed-off-by: Ayala Beker <ayala.beker@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20201129172929.736415a9ca5d.If5b3578ae85e11a707a5da07e66ba85928ba702c@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
ba5c2523 |
|
29-Oct-2020 |
Colin Ian King <colin.king@canonical.com> |
nl80211/cfg80211: fix potential infinite loop The for-loop iterates with a u8 loop counter and compares this with the loop upper limit of request->n_ssids which is an int type. There is a potential infinite loop if n_ssids is larger than the u8 loop counter, so fix this by making the loop counter an int. Addresses-Coverity: ("Infinite loop") Fixes: c8cb5b854b40 ("nl80211/cfg80211: support 6 GHz scanning") Signed-off-by: Colin Ian King <colin.king@canonical.com> Link: https://lore.kernel.org/r/20201029222407.390218-1-colin.king@canonical.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
66b0564d |
|
21-Sep-2020 |
Thomas Pedersen <thomas@adapt-ip.com> |
cfg80211: parse S1G Operation element for BSS channel Extract the BSS primary channel from the S1G Operation element. Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com> Link: https://lore.kernel.org/r/20200922022818.15855-7-thomas@adapt-ip.com [remove the goto bits] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
9eaffe50 |
|
21-Sep-2020 |
Thomas Pedersen <thomas@adapt-ip.com> |
cfg80211: convert S1G beacon to scan results The S1G beacon is an extension frame as opposed to management frame for the regular beacon. This means we may have to occasionally cast the frame buffer to a different header type. Luckily this isn't too bad as scan results mostly only care about the IEs. Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com> Link: https://lore.kernel.org/r/20200922022818.15855-6-thomas@adapt-ip.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
c8cb5b85 |
|
18-Sep-2020 |
Tova Mussai <tova.mussai@intel.com> |
nl80211/cfg80211: support 6 GHz scanning Support 6 GHz scanning, by * a new scan flag to scan for colocated BSSes advertised by (and found) APs on 2.4 & 5 GHz * doing the necessary reduced neighbor report parsing for this, to find them * adding the ability to split the scan request in case the device by itself cannot support this. Also add some necessary bits in mac80211 to not break with these changes. Signed-off-by: Tova Mussai <tova.mussai@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Link: https://lore.kernel.org/r/20200918113313.232917c93af9.Ida22f0212f9122f47094d81659e879a50434a6a2@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
7b506ff6 |
|
22-Aug-2020 |
Miaohe Lin <linmiaohe@huawei.com> |
net: wireless: Convert to use the preferred fallthrough macro Convert the uses of fallthrough comments to fallthrough macro. Signed-off-by: Miaohe Lin <linmiaohe@huawei.com> Link: https://lore.kernel.org/r/20200822082323.45495-1-linmiaohe@huawei.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
8cf5c86d |
|
22-Aug-2020 |
Randy Dunlap <rdunlap@infradead.org> |
net: wireless: scan.c: delete or fix duplicated words Drop repeated word "stored". Change "is is" to "it is". Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: Johannes Berg <johannes.berg@intel.com> Cc: Kalle Valo <kvalo@codeaurora.org> Cc: linux-wireless@vger.kernel.org Link: https://lore.kernel.org/r/20200822231953.465-6-rdunlap@infradead.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
df561f66 |
|
23-Aug-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
treewide: Use fallthrough pseudo-keyword Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through markings when it is the case. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
|
#
2f1805ea |
|
25-Jun-2020 |
Emmanuel Grumbach <emmanuel.grumbach@intel.com> |
cfg80211: allow the low level driver to flush the BSS table The low level driver adds its own opaque information in the BSS table in the cfg80211_bss structure. The low level driver may need to signal that this information is no longer relevant and needs to be recreated. Add an API to allow the low level driver to do that. iwlwifi needs this because it keeps there an information about the firmware's internal clock. This is kept in mac80211's struct ieee80211_bss::sync_device_ts. This information is populated while we scan, we add the internal firmware's clock to each beacon which allows us to program the firmware correctly after association so that it'll know when (in terms of its internal clock) the DTIM and TBTT will happen. When the firmware is reset this internal clock is reset as well and ieee80211_bss::sync_device_ts is no longer accurate. iwlwifi will call this new API any time the firmware is started. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Link: https://lore.kernel.org/r/20200625111524.3992-1-emmanuel.grumbach@intel.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
934f4c7d |
|
01-Apr-2020 |
Thomas Pedersen <thomas@adapt-ip.com> |
cfg80211: express channels with a KHz component Some bands (S1G) define channels centered on a non-integer MHz. Give ieee80211_channel and cfg80211_chan_def a freq_offset component where the final frequency can be expressed as: MHZ_TO_KHZ(chan->center_freq) + chan->freq_offset; Also provide some helper functions to do the frequency conversion and test for equality. Retain the existing interface to frequency and channel conversion helpers, and expose new ones which handle frequencies in units of KHz. Some internal functions (net/wireless/chan.c) pass around a frequency value. Convert these to units of KHz. mesh, ibss, wext, etc. are currently ignored. Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com> Link: https://lore.kernel.org/r/20200402011810.22947-3-thomas@adapt-ip.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
05dcb8bb |
|
26-Mar-2020 |
Ilan Peer <ilan.peer@intel.com> |
cfg80211: Do not warn on same channel at the end of CSA When cfg80211_update_assoc_bss_entry() is called, there is a verification that the BSS channel actually changed. As some APs use CSA also for bandwidth changes, this would result with a kernel warning. Fix this by removing the WARN_ON(). Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20200326150855.96316ada0e8d.I6710376b1b4257e5f4712fc7ab16e2b638d512aa@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
7bb106eb |
|
14-Feb-2020 |
Emmanuel Grumbach <emmanuel.grumbach@intel.com> |
cfg80211: remove support for adjacent channel compensation The only driver that used that was iwlwifi and it removed support for this. Remove the feature here as well. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Link: https://lore.kernel.org/r/20200214232336.a530de38e511.I393bc395f6037c8cca6421ed550e3072dc248aed@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
3ee9306b |
|
19-Feb-2020 |
Amol Grover <frextrite@gmail.com> |
cfg80211: Pass lockdep expression to RCU lists rdev->sched_scan_req_list maybe traversed using list_for_each_entry_rcu outside an RCU read-side critical section but under the protection of rtnl_mutex. Hence, add corresponding lockdep expression to silence false-positive warnings, and harden RCU lists. Signed-off-by: Amol Grover <frextrite@gmail.com> Link: https://lore.kernel.org/r/20200219091102.10709-1-frextrite@gmail.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
461c4c2b |
|
04-Oct-2019 |
Sara Sharon <sara.sharon@intel.com> |
cfg80211: fix a bunch of RCU issues in multi-bssid code cfg80211_update_notlisted_nontrans() leaves the RCU critical session too early, while still using nontrans_ssid which is RCU protected. In addition, it performs a bunch of RCU pointer update operations such as rcu_access_pointer and rcu_assign_pointer. The caller, cfg80211_inform_bss_frame_data(), also accesses the RCU pointer without holding the lock. Just wrap all of this with bss_lock. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/20191004123706.15768-3-luca@coelho.fi Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
242b0931 |
|
20-Sep-2019 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: validate SSID/MBSSID element ordering assumption The code copying the data assumes that the SSID element is before the MBSSID element, but since the data is untrusted from the AP, this cannot be guaranteed. Validate that this is indeed the case and ignore the MBSSID otherwise, to avoid having to deal with both cases for the copy of data that should be between them. Cc: stable@vger.kernel.org Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning") Link: https://lore.kernel.org/r/1569009255-I1673911f5eae02964e21bdc11b2bf58e5e207e59@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
0afd425b |
|
26-Jul-2019 |
Sergey Matyukevich <sergey.matyukevich.os@quantenna.com> |
cfg80211: fix duplicated scan entries after channel switch When associated BSS completes channel switch procedure, its channel record needs to be updated. The existing mac80211 solution was extended to cfg80211 in commit 5dc8cdce1d72 ("mac80211/cfg80211: update bss channel on channel switch"). However that solution still appears to be incomplete as it may lead to duplicated scan entries for associated BSS after channel switch. The root cause of the problem is as follows. Each BSS entry is included into the following data structures: - bss list rdev->bss_list - bss search tree rdev->bss_tree Updating BSS channel record without rebuilding bss_tree may break tree search since cmp_bss considers all of the following: channel, bssid, ssid. When BSS channel is updated, but its location in bss_tree is not updated, then subsequent search operations may fail to locate this BSS since they will be traversing bss_tree in wrong direction. As a result, for scan performed after associated BSS channel switch, cfg80211_bss_update may add the second entry for the same BSS to both bss_list and bss_tree, rather then update the existing one. To summarize, if BSS channel needs to be updated, then bss_tree should be rebuilt in order to put updated BSS entry into a proper location. This commit suggests the following straightforward solution: - if new entry has been already created for BSS after channel switch, then use its IEs to update known BSS entry and then remove new entry completely - use rb_erase/rb_insert_bss reinstall updated BSS in bss_tree - for nontransmit BSS entry, the whole transmit BSS hierarchy is updated Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com> Link: https://lore.kernel.org/r/20190726163922.27509-3-sergey.matyukevich.os@quantenna.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
3ab8227d |
|
26-Jul-2019 |
Sergey Matyukevich <sergey.matyukevich.os@quantenna.com> |
cfg80211: refactor cfg80211_bss_update This patch implements minor refactoring for cfg80211_bss_update function. Code path for updating known BSS is extracted into dedicated cfg80211_update_known_bss function. Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com> Link: https://lore.kernel.org/r/20190726163922.27509-2-sergey.matyukevich.os@quantenna.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
60d7dfea |
|
03-Jul-2019 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: give all multi-BSSID BSS entries the same timestamp If we just read jiffies over and over again, a non-transmitting entry may have a newer timestamp than the transmitting one, leading to possible confusion on expiry. Give them all the same timestamp when creating them. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com> Link: https://lore.kernel.org/r/20190703133823.10530-3-johannes@sipsolutions.net Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
b0d1d7ff |
|
03-Jul-2019 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: don't parse MBSSID if transmitting BSS isn't created Don't parse the multi-BSSID structures if we couldn't even create their transmitting BSS, this would confuse all of our tracking. This also means that non_tx_data->tx_bss will never be NULL, so we can clean up a little bit. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com> Link: https://lore.kernel.org/r/20190703133823.10530-2-johannes@sipsolutions.net Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
84f1772b |
|
03-Jul-2019 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: clean up cfg80211_inform_single_bss_frame_data() cfg80211_inform_single_bss_frame_data() doesn't need the non_tx_data data argument since it's always NULL. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com> Link: https://lore.kernel.org/r/20190703133823.10530-1-johannes@sipsolutions.net Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
ebb3ca3b |
|
29-May-2019 |
Luca Coelho <luciano.coelho@intel.com> |
cfg80211: use BIT_ULL in cfg80211_parse_mbssid_data() The seen_indices variable is u64 and in other parts of the code we assume mbssid_index_ie[2] can be up to 45, so we should use the 64-bit versions of BIT, namely, BIT_ULL(). Reported-by: Dan Carpented <dan.carpenter@oracle.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
4770c8f9 |
|
29-May-2019 |
Ilan Peer <ilan.peer@intel.com> |
cfg80211: Add a function to iterate all BSS entries Add a function that iterates over the BSS entries associated with a given wiphy and calls a callback for each iterated BSS. This can be used by drivers in various ways, e.g., to evaluate some property for all the BSSs in the medium. Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
a3ce17d1 |
|
01-May-2019 |
Chaitanya Tata <chaitanya.tata@bluwireless.co.uk> |
cfg80211: Handle bss expiry during connection If the BSS is expired during connection, the connect result will trigger a kernel warning. Ideally cfg80211 should hold the BSS before the connection is attempted, but as the BSSID is not known in case of auth/assoc MLME offload (connect op) it doesn't. For those drivers without the connect op cfg80211 holds down the reference so it wil not be removed from list. Fix this by removing the warning and silently adding the BSS back to the bss list which is return by the driver (with proper BSSID set) or in case the BSS is already added use that. The requirements for drivers are documented in the API's. Signed-off-by: Chaitanya Tata <chaitanya.tata@bluwireless.co.uk> [formatting fixes, keep old timestamp] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5809a5d5 |
|
11-Apr-2019 |
Dan Carpenter <dan.carpenter@oracle.com> |
cfg80211: don't pass pointer to pointer unnecessarily The cfg80211_merge_profile() and ieee802_11_find_bssid_profile() are a bit cleaner if we just pass the merged_ie pointer instead of a pointer to the pointer. This isn't a functional change, it's just a clean up. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
fe806e49 |
|
15-Mar-2019 |
Sara Sharon <sara.sharon@intel.com> |
cfg80211: support profile split between elements Since an element is limited to 255 octets, a profile may be split split to several elements. Support the split as defined in the 11ax draft 3. Detect legacy split and print a net-rate limited warning, since there is no ROI in supporting this probably non-existent split. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
f7dacfb1 |
|
15-Mar-2019 |
Sara Sharon <sara.sharon@intel.com> |
cfg80211: support non-inheritance element Subelement profile may specify element IDs it doesn't inherit from the management frame. Support it. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5bd9d108 |
|
15-Mar-2019 |
Sara Sharon <sara.sharon@intel.com> |
cfg80211: don't skip multi-bssid index element When creating the IEs for the nontransmitted BSS, the index element is skipped. However, we need to get DTIM values from it, so don't skip it. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
90abf96a |
|
24-Feb-2019 |
YueHaibing <yuehaibing@huawei.com> |
cfg80211: Use kmemdup in cfg80211_gen_new_ie() Use kmemdup rather than duplicating its implementation Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
bede8d29 |
|
29-Jan-2019 |
Sara Sharon <sara.sharon@intel.com> |
cfg80211: fix memory leak of new_ie new_ie is used as a temporary storage for the generation of the new elements. However, after copying from it the memory wasn't freed and leaked. Free it. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
c17fe043 |
|
29-Jan-2019 |
Sara Sharon <sara.sharon@intel.com> |
cfg80211: fix the IE inheritance of extension IEs Extension IEs have ID 255 followed by extension ID. Current code is buggy in handling it in two ways: 1. When checking if IE is in the frame, it uses just the ID, which for extension elements is too broad. 2. It uses 0xFF to mark copied IEs, which will result in not copying extension IEs from the subelement. Fix both issue. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
0cd01efb |
|
22-Jan-2019 |
Sara Sharon <sara.sharon@intel.com> |
cfg80211: save multi-bssid properties When the new IEs are generated, the multiple BSSID elements are not saved. Save aside properties that are needed later for PS. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
49a68e0d |
|
07-Feb-2019 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: add various struct element finding helpers We currently have a number of helpers to find elements that just return a u8 *, change those to return a struct element and add inlines to deal with the u8 * compatibility. Note that the match behaviour is changed to start the natch at the data, so conversion from _ie_match to _elem_match need to be done carefully. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
7ece9c37 |
|
16-Jan-2019 |
Sara Sharon <sara.sharon@intel.com> |
cfg80211: make BSSID generation function inline This will enable reuse by mac80211. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
213ed579 |
|
16-Jan-2019 |
Sara Sharon <sara.sharon@intel.com> |
cfg80211: parse multi-bssid only if HW supports it Parsing and exposing nontransmitted APs is problematic when underlying HW doesn't support it. Do it only if driver indicated support. Allow HE restriction as well, since the HE spec defined the exact manner that Multiple BSSID set should behave. APs that not support the HE spec will have less predictable Multiple BSSID set support/behavior Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
7011ba58 |
|
20-Jan-2019 |
Sara Sharon <sara.sharon@intel.com> |
cfg80211: Move Multiple BSS info to struct cfg80211_bss to be visible Previously the transmitted BSS and the non-trasmitted BSS list were defined in struct cfg80211_internal_bss. Move them to struct cfg80211_bss since mac80211 needs this info. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
a3584f56 |
|
20-Jan-2019 |
Sara Sharon <sara.sharon@intel.com> |
cfg80211: Properly track transmitting and non-transmitting BSS When holding data of the non-transmitting BSS, we need to keep the transmitting BSS data on. Otherwise it will be released, and release the non-transmitting BSS with it. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
1c8745f3 |
|
07-Feb-2019 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: use for_each_element() for multi-bssid parsing Use the new for_each_element() helper here, we cannot use for_each_subelement() since we have a fixed 1 byte before the subelements start. While at it, also fix le16_to_cpup() to be get_unaligned_le16() since we don't know anything about alignment. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
0b8fb823 |
|
20-Jan-2019 |
Peng Xu <pxu@codeaurora.org> |
cfg80211: Parsing of Multiple BSSID information in scanning This extends cfg80211 BSS table processing to be able to parse Multiple BSSID element from Beacon and Probe Response frames and to update the BSS profiles in internal database for non-transmitted BSSs. Signed-off-by: Peng Xu <pxu@codeaurora.org> Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
0f3b07f0 |
|
07-Feb-2019 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: add and use strongly typed element iteration macros Rather than always iterating elements from frames with pure u8 pointers, add a type "struct element" that encapsulates the id/datalen/data format of them. Then, add the element iteration macros * for_each_element * for_each_element_id * for_each_element_extid which take, as their first 'argument', such a structure and iterate through a given u8 array interpreting it as elements. While at it and since we'll need it, also add * for_each_subelement * for_each_subelement_id * for_each_subelement_extid which instead of taking data/length just take an outer element and use its data/datalen. Also add for_each_element_completed() to determine if any of the loops above completed, i.e. it was able to parse all of the elements successfully and no data remained. Use for_each_element_id() in cfg80211_find_ie_match() as the first user of this. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
925b5978 |
|
15-Dec-2018 |
Luca Coelho <luciano.coelho@intel.com> |
cfg80211: add some missing fall through annotations There are talks about enabling -Wimplicit-fallthrough warnings in the mainline and it is already enabled in linux-next. Add all the missing annotations to prevent warnings when this happens. And in one case, remove the extra text from the annotation so that the compiler recognizes it. Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
119f94a6 |
|
05-Sep-2018 |
Jouni Malinen <jouni@codeaurora.org> |
cfg80211: Address some corner cases in scan result channel updating cfg80211_get_bss_channel() is used to update the RX channel based on the available frame payload information (channel number from DSSS Parameter Set element or HT Operation element). This is needed on 2.4 GHz channels where frames may be received on neighboring channels due to overlapping frequency range. This might of some use on the 5 GHz band in some corner cases, but things are more complex there since there is no n:1 or 1:n mapping between channel numbers and frequencies due to multiple different starting frequencies in different operating classes. This could result in ieee80211_channel_to_frequency() returning incorrect frequency and ieee80211_get_channel() returning incorrect channel information (or indication of no match). In the previous implementation, this could result in some scan results being dropped completely, e.g., for the 4.9 GHz channels. That prevented connection to such BSSs. Fix this by using the driver-provided channel pointer if ieee80211_get_channel() does not find matching channel data for the channel number in the frame payload and if the scan is done with 5 MHz or 10 MHz channel bandwidth. While doing this, also add comments describing what the function is trying to achieve to make it easier to understand what happens here and why. Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
983dafaa |
|
13-Dec-2017 |
Sunil Dutt <usdutt@qti.qualcomm.com> |
cfg80211: Scan results to also report the per chain signal strength This commit enhances the scan results to report the per chain signal strength based on the latest BSS update. This provides similar information to what is already available through STA information. Signed-off-by: Sunil Dutt <usdutt@qti.qualcomm.com> Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
b2441318 |
|
01-Nov-2017 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
License cleanup: add SPDX GPL-2.0 license identifier to files with no license Many source files in the tree are missing licensing information, which makes it harder for compliance tools to determine the correct license. By default all files without license information are under the default license of the kernel, which is GPL version 2. Update the files which contain no license information with the 'GPL-2.0' SPDX license identifier. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. This patch is based on work done by Thomas Gleixner and Kate Stewart and Philippe Ombredanne. How this work was done: Patches were generated and checked against linux-4.14-rc6 for a subset of the use cases: - file had no licensing information it it. - file was a */uapi/* one with no licensing information in it, - file was a */uapi/* one with existing licensing information, Further patches will be generated in subsequent months to fix up cases where non-standard license headers were used, and references to license had to be inferred by heuristics based on keywords. The analysis to determine which SPDX License Identifier to be applied to a file was done in a spreadsheet of side by side results from of the output of two independent scanners (ScanCode & Windriver) producing SPDX tag:value files created by Philippe Ombredanne. Philippe prepared the base worksheet, and did an initial spot review of a few 1000 files. The 4.13 kernel was the starting point of the analysis with 60,537 files assessed. Kate Stewart did a file by file comparison of the scanner results in the spreadsheet to determine which SPDX license identifier(s) to be applied to the file. She confirmed any determination that was not immediately clear with lawyers working with the Linux Foundation. Criteria used to select files for SPDX license identifier tagging was: - Files considered eligible had to be source code files. - Make and config files were included as candidates if they contained >5 lines of source - File already had some variant of a license header in it (even if <5 lines). All documentation files were explicitly excluded. The following heuristics were used to determine which SPDX license identifiers to apply. - when both scanners couldn't find any license traces, file was considered to have no license information in it, and the top level COPYING file license applied. For non */uapi/* files that summary was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 11139 and resulted in the first patch in this series. If that file was a */uapi/* path one, it was "GPL-2.0 WITH Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 WITH Linux-syscall-note 930 and resulted in the second patch in this series. - if a file had some form of licensing information in it, and was one of the */uapi/* ones, it was denoted with the Linux-syscall-note if any GPL family license was found in the file or had no licensing in it (per prior point). Results summary: SPDX license identifier # files ---------------------------------------------------|------ GPL-2.0 WITH Linux-syscall-note 270 GPL-2.0+ WITH Linux-syscall-note 169 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17 LGPL-2.1+ WITH Linux-syscall-note 15 GPL-1.0+ WITH Linux-syscall-note 14 ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5 LGPL-2.0+ WITH Linux-syscall-note 4 LGPL-2.1 WITH Linux-syscall-note 3 ((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3 ((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1 and that resulted in the third patch in this series. - when the two scanners agreed on the detected license(s), that became the concluded license(s). - when there was disagreement between the two scanners (one detected a license but the other didn't, or they both detected different licenses) a manual inspection of the file occurred. - In most cases a manual inspection of the information in the file resulted in a clear resolution of the license that should apply (and which scanner probably needed to revisit its heuristics). - When it was not immediately clear, the license identifier was confirmed with lawyers working with the Linux Foundation. - If there was any question as to the appropriate license identifier, the file was flagged for further research and to be revisited later in time. In total, over 70 hours of logged manual review was done on the spreadsheet to determine the SPDX license identifiers to apply to the source files by Kate, Philippe, Thomas and, in some cases, confirmation by lawyers working with the Linux Foundation. Kate also obtained a third independent scan of the 4.13 code base from FOSSology, and compared selected files where the other two scanners disagreed against that SPDX file, to see if there was new insights. The Windriver scanner is based on an older version of FOSSology in part, so they are related. Thomas did random spot checks in about 500 files from the spreadsheets for the uapi headers and agreed with SPDX license identifier in the files he inspected. For the non-uapi files Thomas did random spot checks in about 15000 files. In initial set of patches against 4.14-rc6, 3 files were found to have copy/paste license identifier errors, and have been fixed to reflect the correct identifier. Additionally Philippe spent 10 hours this week doing a detailed manual inspection and review of the 12,461 patched files from the initial patch version early this week with: - a full scancode scan run, collecting the matched texts, detected license ids and scores - reviewing anything where there was a license detected (about 500+ files) to ensure that the applied SPDX license was correct - reviewing anything where there was no detection but the patch license was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied SPDX license was correct This produced a worksheet with 20 files needing minor correction. This worksheet was then exported into 3 different .csv files for the different types of files to be modified. These .csv files were then reviewed by Greg. Thomas wrote a script to parse the csv files and add the proper SPDX tag to the file, in the format that the file expected. This script was further refined by Greg based on the output to detect more types of files automatically and to distinguish between header and source .c files (which need different comment types.) Finally Greg ran the script using the .csv files to generate the patches. Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
1b57b621 |
|
23-May-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
cfg80211: make cfg80211_sched_scan_results() work from atomic context Drivers should be able to call cfg80211_sched_scan_results() from atomic context. However, with the introduction of multiple scheduled scan feature this requirement was not taken into account resulting in regression shown below. [ 119.021594] BUG: scheduling while atomic: irq/47-iwlwifi/517/0x00000200 [ 119.021604] Modules linked in: [...] [ 119.021759] CPU: 1 PID: 517 Comm: irq/47-iwlwifi Not tainted 4.12.0-rc2-t440s-20170522+ #1 [ 119.021763] Hardware name: LENOVO 20AQS03H00/20AQS03H00, BIOS GJET91WW (2.41 ) 09/21/2016 [ 119.021766] Call Trace: [ 119.021778] ? dump_stack+0x5c/0x84 [ 119.021784] ? __schedule_bug+0x4c/0x70 [ 119.021792] ? __schedule+0x496/0x5c0 [ 119.021798] ? schedule+0x2d/0x80 [ 119.021804] ? schedule_preempt_disabled+0x5/0x10 [ 119.021810] ? __mutex_lock.isra.0+0x18e/0x4c0 [ 119.021817] ? __wake_up+0x2f/0x50 [ 119.021833] ? cfg80211_sched_scan_results+0x19/0x60 [cfg80211] [ 119.021844] ? cfg80211_sched_scan_results+0x19/0x60 [cfg80211] [ 119.021859] ? iwl_mvm_rx_lmac_scan_iter_complete_notif+0x17/0x30 [iwlmvm] [ 119.021869] ? iwl_pcie_rx_handle+0x2a9/0x7e0 [iwlwifi] [ 119.021878] ? iwl_pcie_irq_handler+0x17c/0x730 [iwlwifi] [ 119.021884] ? irq_forced_thread_fn+0x60/0x60 [ 119.021887] ? irq_thread_fn+0x16/0x40 [ 119.021892] ? irq_thread+0x109/0x180 [ 119.021896] ? wake_threads_waitq+0x30/0x30 [ 119.021901] ? kthread+0xf2/0x130 [ 119.021905] ? irq_thread_dtor+0x90/0x90 [ 119.021910] ? kthread_create_on_node+0x40/0x40 [ 119.021915] ? ret_from_fork+0x26/0x40 Fixes: b34939b98369 ("cfg80211: add request id to cfg80211_sched_scan_*() api") Reported-by: Sander Eikelenboom <linux@eikelenboom.it> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
b34939b9 |
|
28-Apr-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
cfg80211: add request id to cfg80211_sched_scan_*() api Have proper request id filled in the SCHED_SCAN_RESULTS and SCHED_SCAN_STOPPED notifications toward user-space by having the driver provide it through the api. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
3a3ecf1d |
|
21-Apr-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
cfg80211: add request id parameter to .sched_scan_stop() signature For multiple scheduled scan support the driver needs to know which scheduled scan request is being stopped. Pass the request id in the .sched_scan_stop() callback. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
ca986ad9 |
|
21-Apr-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
nl80211: allow multiple active scheduled scan requests This patch implements the idea to have multiple scheduled scan requests running concurrently. It mainly illustrates how to deal with the incoming request from user-space in terms of backward compatibility. In order to use multiple scheduled scans user-space needs to provide a flag attribute NL80211_ATTR_SCHED_SCAN_MULTI to indicate support. If not the request is treated as a legacy scan. Drivers currently supporting scheduled scan are now indicating they support a single scheduled scan request. This obsoletes WIPHY_FLAG_SUPPORTS_SCHED_SCAN. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> [clean up netlink destroy path to avoid allocations, code cleanups] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
96b08fd6 |
|
13-Apr-2017 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
nl80211: add request id in scheduled scan event messages For multi-scheduled scan support in subsequent patch a request id will be added. This patch add this request id to the scheduled scan event messages. For now the request id will always be zero. With multi-scheduled scan its value will inform user-space to which scan the event relates. Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> Reviewed-by: Franky Lin <franky.lin@broadcom.com> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
505a2e88 |
|
16-Dec-2016 |
Arend Van Spriel <arend.vanspriel@broadcom.com> |
nl80211: rework {sched_,}scan event related functions A couple of functions used with scan events were named with term "send" although they were only preparing the the event message so renamed those. Also remove nl80211_send_sched_scan_results() in favor of just calling nl80211_send_sched_scan() with the right value. Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> [mention nl80211_send_sched_scan_results() in the commit log] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
9853a55e |
|
14-Nov-2016 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: limit scan results cache size It's possible to make scanning consume almost arbitrary amounts of memory, e.g. by sending beacon frames with random BSSIDs at high rates while somebody is scanning. Limit the number of BSS table entries we're willing to cache to 1000, limiting maximum memory usage to maybe 4-5MB, but lower in practice - that would be the case for having both full-sized beacon and probe response frames for each entry; this seems not possible in practice, so a limit of 1000 entries will likely be closer to 0.5 MB. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
fbd05e4a |
|
15-Sep-2016 |
Luca Coelho <luciano.coelho@intel.com> |
cfg80211: add helper to find an IE that matches a byte-array There are a few places where an IE that matches not only the EID, but also other bytes inside the element, needs to be found. To simplify that and reduce the amount of similar code, implement a new helper function to match the EID and an extra array of bytes. Additionally, simplify cfg80211_find_vendor_ie() by using the new match function. Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
1d76250b |
|
05-Jul-2016 |
Avraham Stern <avraham.stern@intel.com> |
nl80211: support beacon report scanning Beacon report radio measurement requires reporting observed BSSs on the channels specified in the beacon request. If the measurement mode is set to passive or active, it requires actually performing a scan (passive or active, accordingly), and reporting the time that the scan was started and the time each beacon/probe was received (both in terms of TSF of the BSS of the requesting AP). If the request mode is table, this information is optional. In addition, the radio measurement request specifies the channel dwell time for the measurement. In order to use scan for beacon report when the mode is active or passive, add a parameter to scan request that specifies the channel dwell time, and add scan start time and beacon received time to scan results information. Supporting beacon report is required for Multi Band Operation (MBO). Signed-off-by: Assaf Krauss <assaf.krauss@intel.com> Signed-off-by: David Spinadel <david.spinadel@intel.com> Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
9e9ea439 |
|
03-May-2016 |
Emmanuel Grumbach <emmanuel.grumbach@intel.com> |
cfg80211: allow finding vendor with OUI without specifying the OUI type This allows finding vendor IE from a specific vendor. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
57fbcce3 |
|
12-Apr-2016 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: remove enum ieee80211_band This enum is already perfectly aliased to enum nl80211_band, and the only reason for it is that we get IEEE80211_NUM_BANDS out of it. There's no really good reason to not declare the number of bands in nl80211 though, so do that and remove the cfg80211 one. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
818965d3 |
|
26-Feb-2016 |
Jouni Malinen <jouni@qca.qualcomm.com> |
cfg80211: Allow a scan request for a specific BSSID This allows scans for a specific BSSID to be optimized by the user space application by requesting the driver to set the Probe Request frame BSSID field (Address 3) to the specified BSSID instead of the wildcard BSSID. This prevents other APs from replying which reduces airtime need and latency in getting the response from the target AP through. This is an optimization and as such, it is acceptable for some of the drivers not to support the mechanism. If not supported, the wildcard BSSID will be used and more responses may be received. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
3b06d277 |
|
12-Oct-2015 |
Avraham Stern <avraham.stern@intel.com> |
cfg80211: Add multiple scan plans for scheduled scan Add the option to configure multiple 'scan plans' for scheduled scan. Each 'scan plan' defines the number of scan cycles and the interval between scans. The scan plans are executed in the order they were configured. The last scan plan will always run infinitely and thus defines only the interval between scans. The maximum number of scan plans supported by the device and the maximum number of iterations in a single scan plan are advertised to userspace so it can configure the scan plans appropriately. When scheduled scan results are received there is no way to know which scan plan is being currently executed, so there is no way to know when the next scan iteration will start. This is not a problem, however. The scan start timestamp is only used for flushing old scan results, and there is no difference between flushing all results received until the end of the previous iteration or the start of the current one, since no results will be received in between. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
6e19bc4b |
|
07-Oct-2015 |
Dmitry Shmidt <dimitrysh@google.com> |
nl80211: allow BSS data to include CLOCK_BOOTTIME timestamp For location and connectivity services, userspace would often like to know the time when the BSS was last seen. The current "last seen" value is calculated in a way that makes it less useful, especially if the system suspended in the meantime. Add the ability for the driver to report a real CLOCK_BOOTTIME stamp that can then be reported to userspace (if present). Drivers wishing to use this must be converted to the new API to call cfg80211_inform_bss_data() or cfg80211_inform_bss_frame_data(). They need to ensure the reported value is accurate enough even when the frame might have been buffered in the device (e.g. firmware.) Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> [modified to use struct, inlines] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
6eb18137 |
|
08-Feb-2015 |
Dedy Lansky <dlansky@codeaurora.org> |
cfg80211: add bss_type and privacy arguments in cfg80211_get_bss() 802.11ad adds new a network type (PBSS) and changes the capability field interpretation for the DMG (60G) band. The same 2 bits that were interpreted as "ESS" and "IBSS" before are re-used as a 2-bit field with 3 valid values (and 1 reserved). Valid values are: "IBSS", "PBSS" (new) and "AP". In order to get the BSS struct for the new PBSS networks, change the cfg80211_get_bss() function to take a new enum ieee80211_bss_type argument with the valid network types, as "capa_mask" and "capa_val" no longer work correctly (the search must be band-aware now.) The remaining bits in "capa_mask" and "capa_val" are used only for privacy matching so replace those two with a privacy enum as well. Signed-off-by: Dedy Lansky <dlansky@codeaurora.org> [rewrite commit log, tiny fixes] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
76a70e9c |
|
23-Feb-2015 |
James Minor <james.minor@ni.com> |
cfg80211-wext: return -E2BIG when buffer can't hold full BSS entry When using the wext compatibility code in cfg80211, part of the IEs can be truncated if the passed user buffer is large enough for part of the BSS but not large enough for all of the IEs. This can cause an EAP network to show up as a PSK network. Always return -E2BIG in this case to avoid truncating data. Since this changes the control flow, use an on-stack variable for a small buffer instead of allocating it. Signed-off-by: James Minor <james.minor@ni.com> [rework patch to error out immediately, use _check wrappers] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
2afe38d1 |
|
06-Jan-2015 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211-wext: export symbols only when needed When a fully converted cfg80211 driver needs cfg80211-wext for userspace API purposes, the symbols need not be exported. When other drivers (orinoco/hermes or ipw2200) are enabled, they do need the symbols exported as they use them directly. Make those drivers select a new CFG80211_WEXT_EXPORT Kconfig symbol (instead of just CFG80211_WEXT) and export the functions only if requested - this saves about 1/2k due to the size of EXPORT_SYMBOL() itself. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
31a60ed1 |
|
15-Dec-2014 |
Jukka Rissanen <jukka.rissanen@linux.intel.com> |
nl80211: Convert sched_scan_req pointer to RCU pointer Because of possible races when accessing sched_scan_req pointer in rdev, the sched_scan_req is converted to RCU pointer. Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
2740f0cf |
|
03-Sep-2014 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: add Intel Mobile Communications copyright Our legal structure changed at some point (see wikipedia), but we forgot to immediately switch over to the new copyright notice. For files that we have modified in the time since the change, add the proper copyright notice now. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5bc8c1f2 |
|
12-Aug-2014 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: allow passing frame type to cfg80211_inform_bss() When using the cfg80211_inform_bss[_width]() functions drivers cannot currently indicate whether the data was received in a beacon or probe response. Fix that by passing a new enum that indicates such (or unknown). For good measure, use it in ath6kl. Acked-by: Kalle Valo <kvalo@qca.qualcomm.com> [ath6kl] Acked-by: Arend van Spriel <arend@broadcom.com> [brcmfmac] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
0e227084 |
|
12-Aug-2014 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: clarify BSS probe response vs. beacon data There are a few possible cases of where BSS data came from: 1) only a beacon has been received 2) only a probe response has been received 3) the driver didn't report what it received (this happens when using cfg80211_inform_bss[_width]()) 4) both probe response and beacon data has been received Unfortunately, in the userspace API, a few things weren't there: a) there was no way to differentiate cases 1) and 4) above without comparing the data of the IEs b) the TSF was always from the last frame, instead of being exposed for beacon/probe response separately like IEs Fix this by i) exporting a new flag attribute that indicates whether or not probe response data has been received - this addresses (a) ii) exporting a BEACON_TSF attribute that holds the beacon's TSF if a beacon has been received iii) not exporting the beacon attributes in case (3) above as that would just lead userspace into thinking the data actually came from a beacon when that isn't clear To implement this, track inside the IEs struct whether or not it (definitely) came from a beacon. Reported-by: William Seto Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
67af9811 |
|
18-May-2014 |
Emmanuel Grumbach <emmanuel.grumbach@intel.com> |
cfg80211: allow RSSI compensation Channels in 2.4GHz band overlap, this means that if we send a probe request on channel 1 and then move to channel 2, we will hear the probe response on channel 2. In this case, the RSSI will be lower than if we had heard it on the channel on which it was sent (1 in this case). The firmware / low level driver can parse the channel in the DS IE or HT IE and compensate the RSSI so that it will still have a valid value even if we heard the frame on an adjacent channel. This can be done up to a certain offset. Add this offset as a configuration for the low level driver. A low level driver that can compensate the low RSSI in this case should assign the maximal offset for which the RSSI value is still valid. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
792e6aa7 |
|
30-Apr-2014 |
Eliad Peller <eliad@wizery.com> |
cfg80211: add cfg80211_sched_scan_stopped_rtnl Add locked-version for cfg80211_sched_scan_stopped. This is used for some users that might want to call it when rtnl is already locked. Fixes: d43c6b6 ("mac80211: reschedule sched scan after HW restart") Cc: stable@vger.kernel.org (3.14+) Signed-off-by: Eliad Peller <eliadx.peller@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
f26cbf40 |
|
20-Apr-2014 |
Zhao, Gang <gamerh2o@gmail.com> |
cfg80211: change wiphy_to_dev function name Name wiphy_to_rdev is more accurate to describe what the function does, i.e., return a pointer pointing to struct cfg80211_registered_device. Signed-off-by: Zhao, Gang <gamerh2o@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
1b8ec87a |
|
20-Apr-2014 |
Zhao, Gang <gamerh2o@gmail.com> |
cfg80211: change registered device pointer name Name "dev" is too common and ambiguous, let all the pointer name pointing to struct cfg80211_registered_device be "rdev". This can improve code readability and consistency(since other places have already called it rdev). Signed-off-by: Zhao, Gang <gamerh2o@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
c14a7400 |
|
09-Apr-2014 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: ignore invalid BSSIDs when looking for BSSes When looking for a BSS matching given parameters, ignore invalid BSSIDs. This avoids, for example, trying to join an IBSS that has a multicast BSSID, which isn't supported by all drivers nor is it a valid configuration of the IBSS so better create a new one with a correctly chosen random BSSID. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
96998e3a |
|
08-Apr-2014 |
Zhao, Gang <gamerh2o@gmail.com> |
cfg80211: remove unused wiphy argument from cfg80211_wext_freq() cfg80211_wext_freq() is declared in wext-compat.h, but its parameter struct wiphy's declaration is not included there. As the parameter isn't used, just remove it. Signed-off-by: Zhao, Gang <gamerh2o@gmail.com> [remove parameter instead of changing to netdev] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
4da64622 |
|
19-Mar-2014 |
Zhao, Gang <gamerh2o@gmail.com> |
cfg80211: remove unnecessary check RCU pointer bss->pub.beacon_ies is checked before in previous statement: if (rcu_access_pointer(bss->pub.beacon_ies)) continue; There is no need to check it twice(and in the wrong way :) ). Signed-off-by: Zhao, Gang <gamerh2o@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
3afc2167 |
|
04-Mar-2014 |
Emmanuel Grumbach <emmanuel.grumbach@intel.com> |
cfg80211/mac80211: ignore signal if the frame was heard on wrong channel On 2.4Ghz band, the channels overlap since the delta between different channels is 5Mhz while the width of the receiver is 20Mhz (at least). This means that we can hear beacons or probe responses from adjacent channels. These frames will have a significant lower RSSI which will feed all kinds of logic with inaccurate data. An obvious example is the roaming algorithm that will think our AP is getting weak and will try to move to another AP. In order to avoid this, update the signal only if the frame has been heard on the same channel as the one advertised by the AP in its DS / HT IEs. We refrain from updating the values only if the AP is already in the BSS list so that we will still have a valid (but inaccurate) value if the AP was heard on an adjacent channel only. To achieve this, stop taking the channel from DS / HT IEs in mac80211. The DS / HT IEs is taken into account to discard the frame if it was received on a disabled channel. This can happen due to the same phenomenon: the frame is sent on channel 12, but heard on channel 11 while channel 12 can be disabled on certain devices. Since this check is done in cfg80211, stop even checking this in mac80211. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> [remove unused rx_freq variable] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
f9d15d16 |
|
22-Jan-2014 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: send scan results from work queue Due to the previous commit, when a scan finishes, it is in theory possible to hit the following sequence: 1. interface starts being removed 2. scan is cancelled by driver and cfg80211 is notified 3. scan done work is scheduled 4. interface is removed completely, rdev->scan_req is freed, event sent to userspace but scan done work remains pending 5. new scan is requested on another virtual interface 6. scan done work runs, freeing the still-running scan To fix this situation, hang on to the scan done message and block new scans while that is the case, and only send the message from the work function, regardless of whether the scan_req is already freed from interface removal. This makes step 5 above impossible and changes step 6 to be 5. scan done work runs, sending the scan done message As this can't work for wext, so we send the message immediately, but this shouldn't be an issue since we still return -EBUSY. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
bdfbec2d |
|
09-Jan-2014 |
Ilan Peer <ilan.peer@intel.com> |
cfg80211: Add a function to get the number of supported channels Add a utility function to get the number of channels supported by the device, and update the places in the code that need this data. Signed-off-by: Ilan Peer <ilan.peer@intel.com> [replace another occurrence in libertas, fix kernel-doc, fix bugs] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
4a58e7c3 |
|
05-Dec-2013 |
Eliad Peller <eliad@wizery.com> |
cfg80211: don't "leak" uncompleted scans ___cfg80211_scan_done() can be called in some cases (e.g. on NETDEV_DOWN) before the low level driver notified scan completion (which is indicated by passing leak=true). Clearing rdev->scan_req in this case is buggy, as scan_done_wk might have already being queued/running (and can't be flushed as it takes rtnl()). If a new scan will be requested at this stage, the scan_done_wk will try freeing it (instead of the previous scan), and this will later result in a use after free. Simply remove the "leak" option, and replace it with a standard WARN_ON. An example backtrace after such crash: Unable to handle kernel paging request at virtual address fffffee5 pgd = c0004000 [fffffee5] *pgd=9fdf6821, *pte=00000000, *ppte=00000000 Internal error: Oops: 17 [#1] SMP ARM PC is at cfg80211_scan_done+0x28/0xc4 [cfg80211] LR is at __ieee80211_scan_completed+0xe4/0x2dc [mac80211] [<bf0077b0>] (cfg80211_scan_done+0x28/0xc4 [cfg80211]) [<bf0973d4>] (__ieee80211_scan_completed+0xe4/0x2dc [mac80211]) [<bf0982cc>] (ieee80211_scan_work+0x94/0x4f0 [mac80211]) [<c005fd10>] (process_one_work+0x1b0/0x4a8) [<c0060404>] (worker_thread+0x138/0x37c) [<c0066d70>] (kthread+0xa4/0xb0) Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
79845c66 |
|
21-Oct-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: fix scheduled scan pointer access Since rdev->sched_scan_req is dereferenced outside the lock protecting it, this might be done at the wrong time, causing crashes. Move the dereference to where it should be - inside the RTNL locked section. Cc: stable@vger.kernel.org [3.8+] Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
1372a298 |
|
01-Sep-2013 |
Joe Perches <joe@perches.com> |
wireless: scan: Remove comment to compare_ether_addr This function is being removed, so remove the reference to it. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
dcd6eac1 |
|
08-Jul-2013 |
Simon Wunderlich <simon.wunderlich@s2003.tu-chemnitz.de> |
nl80211: add scan width to bss and scan request structs To allow scanning and working with 5 MHz and 10 MHz BSS, extend the inform bss commands and add wrappers to take 5 and 10 MHz bss into account. Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: Mathias Kretschmer <mathias.kretschmer@fokus.fraunhofer.de> Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
|
#
0e3a39b5 |
|
19-Jun-2013 |
Ben Greear <greearb@candelatech.com> |
wireless: add comments about bss refcounting Should help the next person that tries to understand the bss refcounting logic. Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5fe231e8 |
|
08-May-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: vastly simplify locking Virtually all code paths in cfg80211 already (need to) hold the RTNL. As such, there's little point in having another four mutexes for various parts of the code, they just cause lock ordering issues (and much of the time, the RTNL and a few of the others need thus be held.) Simplify all this by getting rid of the extra four mutexes and just use the RTNL throughout. Only a few code changes were needed to do this and we can get rid of a work struct for bonus points. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
9f419f38 |
|
08-May-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: move cfg80211_get_dev_from_ifindex under wext The function is only used and needed by the wext code for scanning, so move it there. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
f9f47529 |
|
19-Mar-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: always check for scan end on P2P device If a P2P device wdev is removed while it has a scan, then the scan completion might crash later as it is already freed by that time. To avoid the crash always check the scan completion when the P2P device is being removed for some reason. If the driver already canceled it, don't want and free it, otherwise warn and leak it to avoid later crashes. In order to do this, locking needs to be changed away from the rdev mutex (which can't always be guaranteed). For now, use the sched_scan_mtx instead, I'll rename it to just scan_mtx in a later patch. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
1345ee6a |
|
06-Mar-2013 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: fix potential BSS memory leak and update In the odd case that while updating information from a beacon, a BSS was found that is part of a hidden group, we drop the new information. In this case, however, we leak the IE buffer from the update, and erroneously update the entry's timestamp so it will never time out. Fix both these issues. Cc: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
04f39047 |
|
08-Feb-2013 |
Simon Wunderlich <simon.wunderlich@s2003.tu-chemnitz.de> |
nl80211/cfg80211: add radar detection command/event Add new NL80211_CMD_RADAR_DETECT, which starts the Channel Availability Check (CAC). This command will also notify the usermode about events (CAC finished, CAC aborted, radar detected, NOP finished). Once radar detection has started it should continuously monitor for radars as long as the channel is active. This patch enables DFS for AP mode in nl80211/cfg80211. Based on original patch by Victor Goldenshtein <victorg@ti.com> Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de> [remove WIPHY_FLAG_HAS_RADAR_DETECT again -- my mistake] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
6719429d |
|
12-Feb-2013 |
Luciano Coelho <coelho@ti.com> |
cfg80211: check vendor IE length to avoid overrun cfg80211_find_vendor_ie() was checking only that the vendor IE would fit in the remaining IEs buffer. If a corrupt includes a vendor IE that is too small, we could potentially overrun the IEs buffer. Fix this by checking that the vendor IE fits in the reported IE length field and skip it otherwise. Reported-by: Jouni Malinen <j@w1.fi> Signed-off-by: Luciano Coelho <coelho@ti.com> [change BUILD_BUG_ON to != 1 (from >= 2)] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
8cef2c9d |
|
05-Feb-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: move TSF into IEs While technically the TSF isn't an IE, it can be necessary to distinguish between the TSF from a beacon and a probe response, in particular in order to know the next DTIM TBTT, as not all APs are spec compliant wrt. TSF==0 being a DTIM TBTT and thus the DTIM count needs to be taken into account as well. To allow this, move the TSF into the IE struct so it can be known whence it came. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
83c7aa1a |
|
05-Feb-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: remove scan ies NULL check There's no way scan BSS IEs can be NULL as even if the allocation fails the frame is discarded. Remove some code checking for this and document that it is always non-NULL. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
776b3580 |
|
31-Jan-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: track hidden SSID networks properly Currently, cfg80211 will copy beacon IEs from a previously received hidden SSID beacon to a probe response entry, if that entry is created after the beacon entry. However, if it is the other way around, or if the beacon is updated, such changes aren't propagated. Fix this by tracking the relation between the probe response and beacon BSS structs in this case. In case drivers have private data stored in a BSS struct and need access to such data from a beacon entry, cfg80211 now provides the hidden_beacon_bss pointer from the probe response entry to the beacon entry. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5b112d3d |
|
31-Jan-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: pass wiphy to cfg80211_ref_bss/put_bss This prepares for using the spinlock instead of krefs which is needed in the next patch to track the refs of combined BSSes correctly. Acked-by: Bing Zhao <bzhao@marvell.com> [mwifiex] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
0532d4f1 |
|
31-Jan-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: wrap BSS kref Add inline wrappers for the BSS struct krefs to be able to extend them easily later. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
9537f227 |
|
31-Jan-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: remove a local variable This local variable is only used once, so remove it. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
4b1af479 |
|
31-Jan-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: use lockdep to assert lock is held Instead of annotating with a comment, add a lockdep annotation which also serves as documentation. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
2ca813ad |
|
31-Jan-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: move locking into cfg80211_bss_age There's no reason for it to require external locking, move it into the function. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
50521aa8 |
|
30-Jan-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: fix BSS IE allocation comment The comment about allocating the IEs together with the BSS struct is no longer true, remove it. Also fix a typo in the same area. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
37e08381 |
|
30-Jan-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: remove unused cfg80211_get_mesh As Thomas pointed out, cfg80211_get_mesh() is unused and can be removed. Cc: Thomas Pedersen <thomas@cozybit.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
3af6341c |
|
29-Jan-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: simplify mesh BSS comparison Instead of first checking if a BSS is an MBSS and then doing the comparisons, inline it all into the BSS comparison function. This avoids doing the IE searches twice and is also a lot less code. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
4593c4cb |
|
01-Feb-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: fix BSS list hidden SSID lookup When trying to find a hidden SSID, the lookup function is done wrong; the code is trying to combine the two lookups into one, and as a consequence doesn't always find the entry at all. To understand this, consider a case where multiple BSS entries with the same channel and BSSID exist but have different SSID length. Then comparing against the probe response SSID length is bound to cause problems since the hidden one might be either zeroed out or zero-length. To fix this we need to do two lookups for the two ways to hide SSIDs. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
5622f5bb |
|
29-Jan-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: refactor hidden SSID finding Instead of duplicating the rbtree functions, pass an argument to the compare function. This removes the code duplication for the two searches. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
3ff9a827 |
|
29-Jan-2013 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: remove free_priv BSS API Now that mac80211 no longer uses this API, remove it completely. If anyone needs it again, we can revert this patch of course, but mac80211 was the only user right now. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
c49dc900 |
|
23-Jan-2013 |
Dan Carpenter <dan.carpenter@oracle.com> |
cfg80211: off by one in ieee80211_bss() We do a: sprintf(buf, " Last beacon: %ums ago", elapsed_jiffies_msecs(bss->ts)); elapsed_jiffies_msecs() can return a 10 digit number so "buf" needs to be 31 characters long. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
9caf0364 |
|
28-Nov-2012 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: fix BSS struct IE access races When a BSS struct is updated, the IEs are currently overwritten or freed. This can lead to races if some other CPU is accessing the BSS struct and using the IEs concurrently. Fix this by always allocating the IEs in a new struct that holds the data and length and protecting access to this new struct with RCU. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
f94f8b16 |
|
28-Nov-2012 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: fix cmp_hidden_bss The cmp_bss() comparator function uses memcmp() to compare the SSID. This means that cmp_hidden_bss() needs to similarly return a number bigger than zero (use 1) instead of -1 when ie1 is bigger than ie2, which is the case if an ie2 byte is non-zero. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
915de2ff |
|
28-Nov-2012 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: fix whitespace in scan handling Fix a number of indentation and similar issues. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
b629ea3d |
|
28-Nov-2012 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: don't BUG_ON BSS struct issues There's no need to stop the machine, just leak the BSS entry if there's an issue with its hold counter when freeing. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
0172bb75 |
|
23-Nov-2012 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: use DS or HT operation IEs to determine BSS channel Currently, mac80211 checks the DS params IE if present and uses it for the (primary) BSS channel, instead of the one that the frame was received on. This is particularly useful in the 2.4 GHz band since a frame is often received on one of the adjacent channels due to overlap. Move this code to cfg80211 so other drivers also do this. Additionally, on 5 GHz, in particular with some (possibly) upcoming changes in 802.11ai and duplicate transmissions when wider channels are used, something similar happens. So if present, also use the (primary) channel information contained in the HT operation IE. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
4ee3e063 |
|
26-Aug-2012 |
Beni Lev <beni.lev@intel.com> |
cfg80211: add cfg80211 exported function tracing Also add tracing to the API functions that drivers (and mac80211) can call in cfg80211. Signed-off-by: Beni Lev <beni.lev@intel.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
e35e4d28 |
|
27-Jun-2012 |
Hila Gonen <hila.gonen@intel.com> |
cfg80211: add wrappers for registered_device_ops This will allow adding central tracing like in mac80211. Signed-off-by: Hila Gonen <hila.gonen@intel.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
15d6030b |
|
11-Oct-2012 |
Sam Leffler <sleffler@chromium.org> |
cfg80211: add support for flushing old scan results Add an NL80211_SCAN_FLAG_FLUSH flag that causes old bss cache entries to be flushed on scan completion. This is useful for collecting guaranteed fresh scan/survey result (e.g. on resume). For normal scan, flushing only happens on successful completion of a scan; i.e. it does not happen if the scan is aborted. For scheduled scan, previous scan results are flushed everytime when we get new scan results. This feature is enabled by default. Drivers can disable it by unsetting the NL80211_FEATURE_SCAN_FLUSH flag. Signed-off-by: Sam Leffler <sleffler@chromium.org> Tested-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> [invert polarity of feature flag to account for old kernels] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
e8e27c66 |
|
11-Oct-2012 |
Amitkumar Karwar <akarwar@marvell.com> |
cfg80211: code rearrangement to avoid forward declarations bss_release() and __cfg80211_unlink_bss() function definitions are moved at the begining of the file. They are used in next patch in this series. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
768be59f |
|
26-Aug-2012 |
Hila Gonen <hila.gonen@intel.com> |
cfg80211: fix indentation checkpatch pointed out an issue, fix it. Signed-off-by: Hila Gonen <hila.gonen@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
fd014284 |
|
18-Jun-2012 |
Johannes Berg <johannes.berg@intel.com> |
nl80211: move scan API to wdev The new P2P Device will have to be able to scan for P2P search, so move scanning to use struct wireless_dev instead of struct net_device. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
#
ac422d3c |
|
08-May-2012 |
Joe Perches <joe@perches.com> |
wireless: Convert compare_ether_addr to ether_addr_equal Use the new bool function ether_addr_equal to add some clarity and reduce the likelihood for misuse of compare_ether_addr for sorting. I removed a conversion from scan.c/cmp_bss_core that appears to be a sorting function. Done via cocci script: $ cat compare_ether_addr.cocci @@ expression a,b; @@ - !compare_ether_addr(a, b) + ether_addr_equal(a, b) @@ expression a,b; @@ - compare_ether_addr(a, b) + !ether_addr_equal(a, b) @@ expression a,b; @@ - !ether_addr_equal(a, b) == 0 + ether_addr_equal(a, b) @@ expression a,b; @@ - !ether_addr_equal(a, b) != 0 + !ether_addr_equal(a, b) @@ expression a,b; @@ - ether_addr_equal(a, b) == 0 + !ether_addr_equal(a, b) @@ expression a,b; @@ - ether_addr_equal(a, b) != 0 + ether_addr_equal(a, b) @@ expression a,b; @@ - !!ether_addr_equal(a, b) + ether_addr_equal(a, b) Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
ef9456a8 |
|
30-Apr-2012 |
Emmanuel Grumbach <emmanuel.grumbach@intel.com> |
cfg80211: fix BSS comparison Since the BSS table is organized in a RB tree, the BSSs need to be comparable. This means that we must define a < and > operator to the BSS object. compare_ethr_addr isn't enough since it returns only a binary value. Since Felix's cfg80211: use compare_ether_addr on MAC addresses instead of memcmp Because of the constant size and guaranteed 16 bit alignment, the inline compare_ether_addr function is much cheaper than calling memcmp. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com> The BSS table is corrupted: rb_find_bss can't find the bss. As a result BSSes are duplicated in the BSS table, and we get stuck while probing an AP before associating (in STA mode). Change-Id: I85928756f4328028230832c1565ece7f412f3843 CC: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Acked-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
f9616e0f |
|
13-Apr-2012 |
Rajkumar Manoharan <rmanohar@qca.qualcomm.com> |
cfg80211: increse bss expire time The background scan completion takes more time when the station is having heavy uplink traffic. The scan state machine decides to fall back to home channel on every off-channel visit when there are pending frames in tx queue. bgscan completion took ~30sec on dual band US regulatory card. scan period = (20 active channels * probe timeout) + (12 passive channels * passive probe timeout) + (32 * timeout on home channel) + (32 * flush timeout) Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
c6fb08aa |
|
18-Mar-2012 |
Felix Fietkau <nbd@openwrt.org> |
cfg80211: use compare_ether_addr on MAC addresses instead of memcmp Because of the constant size and guaranteed 16 bit alignment, the inline compare_ether_addr function is much cheaper than calling memcmp. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
7b8bcff2 |
|
13-Mar-2012 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: clarify timestamp in cfg80211_inform_bss This is intended to be the timestamp sent by the peer in the beacon/probe response, not any form of host timestamp. Clarify the documentation and variable names. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
4c0c0b75 |
|
20-Jan-2012 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: export cfg80211_ref_bss This is needed by mac80211 to keep a reference to a BSS alive for the auth process. Remove the old version of cfg80211_ref_bss() since it's not actually used. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
dd9dfb9f |
|
04-Nov-2011 |
Dmitry Tarnyagin <abi.dmitryt@gmail.com> |
cfg80211: merge in beacon ies of hidden bss. The problem with PSM when a hidden SSID was used was originally reported by Juuso Oikarinen. - When generally scanning, the AP is getting a bss entry with a zero SSID. - When associating, a probe-req is sent to the AP with the SSID, and as a result a probe-response is received with the hidden SSID in place. As a consequence, a second bss entry is created for the AP, now with the real SSID. - After association, mac80211 executes ieee80211_recalc_ps(), but does not switch to powersave because the beacon-ies are missing. As result, the STA does not ever enter PSM. The patch merges in beacon ies of hidden bss from beacon to the probe response, creating a consistent set of ies in place. Patch is depended on "cfg80211: fix cmp_ies" made by Johannes. Signed-off-by: Dmitry Tarnyagin <dmitry.tarnyagin@stericsson.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
3b6ef633 |
|
04-Nov-2011 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: fix cmp_ies When comparing two items by IE, the sort order wasn't stable, which could lead to issues in the rbtree. Make it stable by making a missing IE sort before a present IE. Also sort by length first if it differs and then by contents. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
0c28ec58 |
|
15-Sep-2011 |
Eliad Peller <eliad@wizery.com> |
cfg80211: add cfg80211_find_vendor_ie() function Add function to find vendor-specific ie (along with vendor-specific ie struct definition and P2P OUI values) Signed-off-by: Eliad Peller <eliad@wizery.com> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
262eb9b2 |
|
13-Jul-2011 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: split wext compatibility to separate header A lot of drivers erroneously use wext constants and don't notice since cfg80211.h includes them. Make this more split up so drivers needing wext compatibility from cfg80211 need to explicitly include that from cfg80211-wext.h. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
a401d2bb |
|
19-Jul-2011 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: fix scan crash on single-band cards commit 58389c69150e6032504dfcd3edca6b1975c8b5bc Author: Johannes Berg <johannes.berg@intel.com> Date: Mon Jul 18 18:08:35 2011 +0200 cfg80211: allow userspace to control supported rates in scan made single-band cards crash since it would always access all wiphy->bands[]. Fix this and reject any attempts in the new helper ieee80211_get_ratemask() to do the same, rejecting rates configuration for unsupported bands. Reported-by: Pavel Roskin <proski@gnu.org> Tested-by: Pavel Roskin <proski@gnu.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
34850ab2 |
|
18-Jul-2011 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: allow userspace to control supported rates in scan Some P2P scans are not allowed to advertise 11b rates, but that is a rather special case so instead of having that, allow userspace to request the rate sets (per band) that are advertised in scan probe request frames. Since it's needed in two places now, factor out some common code parsing a rate array. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
1a84ff75 |
|
08-Jul-2011 |
Luciano Coelho <coelho@ti.com> |
cfg80211: return -ENOENT when stopping sched_scan while not running If we try to stop a scheduled scan while it is not running, we should return -ENOENT instead of simply ignoring the command and returning success. This is more consistent with other parts of the code. Reported-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
3b4670ff |
|
29-Jun-2011 |
Jesper Juhl <jj@chaosbits.net> |
net, wireless: Don't return uninitialized in __cfg80211_stop_sched_scan() If the 'driver_initiated' function argument to __cfg80211_stop_sched_scan() is not 0 then we'll return an uninitialized 'err' from the function. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
c10841ca |
|
29-Jun-2011 |
Luciano Coelho <coelho@ti.com> |
cfg80211: fix deadlock with rfkill/sched_scan by adding new mutex There was a deadlock when rfkill-blocking a wireless interface, because we were locking the rdev mutex on NETDEV_GOING_DOWN to stop sched_scans that were eventually running. The rfkill block code was already holding a mutex under rdev: kernel: ======================================================= kernel: [ INFO: possible circular locking dependency detected ] kernel: 3.0.0-rc1-00049-g1fa7b6a #57 kernel: ------------------------------------------------------- kernel: kworker/0:1/4525 is trying to acquire lock: kernel: (&rdev->mtx){+.+.+.}, at: [<ffffffff8164c831>] cfg80211_netdev_notifier_call+0x131/0x5b0 kernel: kernel: but task is already holding lock: kernel: (&rdev->devlist_mtx){+.+.+.}, at: [<ffffffff8164dcef>] cfg80211_rfkill_set_block+0x4f/0xa0 kernel: kernel: which lock already depends on the new lock. To fix this, add a new mutex specifically for sched_scan, to protect the sched_scan_req element in the rdev struct, instead of using the global rdev mutex. Reported-by: Duane Griffin <duaneg@dghda.com> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
333ba732 |
|
29-May-2011 |
Eliad Peller <eliad@wizery.com> |
cfg80211: don't drop p2p probe responses Commit 0a35d36 ("cfg80211: Use capability info to detect mesh beacons") assumed that probe response with both ESS and IBSS bits cleared means that the frame was sent by a mesh sta. However, these capabilities are also being used in the p2p_find phase, and the mesh-validation broke it. Rename the WLAN_CAPABILITY_IS_MBSS macro, and verify that mesh ies exist before assuming this frame was sent by a mesh sta. Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
85a9994a |
|
12-May-2011 |
Luciano Coelho <coelho@ti.com> |
cfg80211/mac80211: avoid bounce back mac->cfg->mac on sched_scan_stopped When sched_scan_stopped was called by the driver, mac80211 calls cfg80211, which in turn was calling mac80211 back with a flag "driver_initiated". This flag was used so that mac80211 would do the necessary cleanup but would not call the driver. This was enough to prevent the bounce back between the driver and mac80211, but not between mac80211 and cfg80211. To fix this, we now do the cleanup in mac80211 before calling cfg80211. To help with locking issues, the workqueue was moved from cfg80211 to mac80211. Reported-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
807f8a8c |
|
11-May-2011 |
Luciano Coelho <coelho@ti.com> |
cfg80211/nl80211: add support for scheduled scans Implement new functionality for scheduled scan offload. With this feature we can scan automatically at certain intervals. The idea is that the hardware can perform scan automatically and filter on desired results without waking up the host unnecessarily. Add NL80211_CMD_START_SCHED_SCAN and NL80211_CMD_STOP_SCHED_SCAN commands to the nl80211 interface. When results are available they are reported by NL80211_CMD_SCHED_SCAN_RESULTS events. The userspace is informed when the scheduled scan has stopped with a NL80211_CMD_SCHED_SCAN_STOPPED event, which can be triggered either by the driver or by a call to NL80211_CMD_STOP_SCHED_SCAN. Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
0a35d36d |
|
04-May-2011 |
Javier Cardona <javier@cozybit.com> |
cfg80211: Use capability info to detect mesh beacons. Mesh beacons no longer use all-zeroes BSSID. Beacon frames for MBSS, infrastructure BSS, or IBSS are differentiated by the Capability Information field in the Beacon frame. A mesh STA sets the ESS and IBSS subfields to 0 in transmitted Beacon or Probe Response management frames. Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
2b78ac9b |
|
28-Mar-2011 |
Juuso Oikarinen <juuso.oikarinen@nokia.com> |
cfg80211: fix BSS double-unlinking (continued) This patch adds to the fix "fix BSS double-unlinking" (commit 3207390a8b58bfc1335750f91cf6783c48ca19ca) by Johannes Berg. It turns out, that the double-unlinking scenario can also occur if expired BSS elements are removed whilst an interface is performing association. To work around that, replace list_del with list_del_init also in the "cfg80211_bss_expire" function, so that the check for whether the BSS still is in the list works correctly in cfg80211_unlink_bss. Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
bef9bacc |
|
26-Mar-2011 |
Mariusz Kozlowski <mk@lab.zgora.pl> |
cfg80211:: fix possible NULL pointer dereference In cfg80211_inform_bss_frame() wiphy is first dereferenced on privsz initialisation and then it is checked for NULL. This patch fixes that. Signed-off-by: Mariusz Kozlowski <mk@lab.zgora.pl> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
01123e23 |
|
09-Dec-2010 |
Sven Neumann <s.neumann@raumfeld.com> |
cfg80211: update information elements in cached BSS struct When a cached BSS struct is updated because a new beacon was received, the code replaces the cached information elements by the IEs from the new beacon. However it did not update the pub.information_elements and pub.len_information_elements fields leaving them either pointing to the old beacon IEs or in an inconsistent state where the data is replaced by the new beacon IEs but len_information_elements still has its value from the first beacon. Fix this by updating the information elements fields if they are pointing to beacon IEs. Signed-off-by: Sven Neumann <s.neumann@raumfeld.com> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
3207390a |
|
06-Oct-2010 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: fix BSS double-unlinking When multiple interfaces are actively trying to associate with the same BSS, they may both find that the BSS isn't there and then try to unlink it. This can cause errors since the unlinking code can't currently deal with items that have already been unlinked. Normally this doesn't happen as most people don't try to use multiple station interfaces that associate at the same time too. Fix this by using the list entry as a flag to see if the item is still on a list. Cc: stable@kernel.org Reported-by: Ben Greear <greearb@candelatech.com> Tested-by: Hun-Kyi Wynn <hkwynn@candelatech.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
ccb6c136 |
|
13-Jul-2010 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: don't get expired BSSes When kernel-internal users use cfg80211_get_bss() to get a reference to a BSS struct, they may end up getting one that would have been removed from the list if there had been any userspace access to the list. This leads to inconsistencies and problems. Fix it by making cfg80211_get_bss() ignore BSSes that cfg80211_bss_expire() would remove. Fixes http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2180 Cc: stable@kernel.org Reported-by: Jiajia Zheng <jiajia.zheng@intel.com> Tested-by: Jiajia Zheng <jiajia.zheng@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
22fe88d3 |
|
12-May-2010 |
Sujith <Sujith.Manoharan@atheros.com> |
cfg80211: Fix signal_type comparison signal_type is enum cfg80211_signal_type. This fixes the gcc warning: scan.c: In function `cfg80211_inform_bss': scan.c:518:6: warning: comparison between `enum cfg80211_signal_type' and `enum nl80211_bss' scan.c: In function `cfg80211_inform_bss_frame': scan.c:574:6: warning: comparison between `enum cfg80211_signal_type' and `enum nl80211_bss' Signed-off-by: Sujith <Sujith.Manoharan@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
5a0e3ad6 |
|
24-Mar-2010 |
Tejun Heo <tj@kernel.org> |
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h percpu.h is included by sched.h and module.h and thus ends up being included when building most .c files. percpu.h includes slab.h which in turn includes gfp.h making everything defined by the two files universally available and complicating inclusion dependencies. percpu.h -> slab.h dependency is about to be removed. Prepare for this change by updating users of gfp and slab facilities include those headers directly instead of assuming availability. As this conversion needs to touch large number of source files, the following script is used as the basis of conversion. http://userweb.kernel.org/~tj/misc/slabh-sweep.py The script does the followings. * Scan files for gfp and slab usages and update includes such that only the necessary includes are there. ie. if only gfp is used, gfp.h, if slab is used, slab.h. * When the script inserts a new include, it looks at the include blocks and try to put the new include such that its order conforms to its surrounding. It's put in the include block which contains core kernel includes, in the same order that the rest are ordered - alphabetical, Christmas tree, rev-Xmas-tree or at the end if there doesn't seem to be any matching order. * If the script can't find a place to put a new include (mostly because the file doesn't have fitting include block), it prints out an error message indicating which .h file needs to be added to the file. The conversion was done in the following steps. 1. The initial automatic conversion of all .c files updated slightly over 4000 files, deleting around 700 includes and adding ~480 gfp.h and ~3000 slab.h inclusions. The script emitted errors for ~400 files. 2. Each error was manually checked. Some didn't need the inclusion, some needed manual addition while adding it to implementation .h or embedding .c file was more appropriate for others. This step added inclusions to around 150 files. 3. The script was run again and the output was compared to the edits from #2 to make sure no file was left behind. 4. Several build tests were done and a couple of problems were fixed. e.g. lib/decompress_*.c used malloc/free() wrappers around slab APIs requiring slab.h to be added manually. 5. The script was run on all .h files but without automatically editing them as sprinkling gfp.h and slab.h inclusions around .h files could easily lead to inclusion dependency hell. Most gfp.h inclusion directives were ignored as stuff from gfp.h was usually wildly available and often used in preprocessor macros. Each slab.h inclusion directive was examined and added manually as necessary. 6. percpu.h was updated not to include slab.h. 7. Build test were done on the following configurations and failures were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my distributed build env didn't work with gcov compiles) and a few more options had to be turned off depending on archs to make things build (like ipr on powerpc/64 which failed due to missing writeq). * x86 and x86_64 UP and SMP allmodconfig and a custom test config. * powerpc and powerpc64 SMP allmodconfig * sparc and sparc64 SMP allmodconfig * ia64 SMP allmodconfig * s390 SMP allmodconfig * alpha SMP allmodconfig * um on x86_64 SMP allmodconfig 8. percpu.h modifications were reverted so that it could be applied as a separate patch and serve as bisection point. Given the fact that I had only a couple of failures from tests on step 6, I'm fairly confident about the coverage of this conversion patch. If there is a breakage, it's likely to be something in one of the arch headers which should be easily discoverable easily on most builds of the specific arch. Signed-off-by: Tejun Heo <tj@kernel.org> Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
|
#
c21dbf92 |
|
26-Jan-2010 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: export cfg80211_find_ie This new function (previously a static function called just "find_ie" can be used to find a specific IE in a buffer of IEs. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
34a6eddb |
|
06-Jan-2010 |
Jouni Malinen <j@w1.fi> |
cfg80211: Store IEs from both Beacon and Probe Response frames Store information elements from Beacon and Probe Response frames in separate buffers to allow both sets to be made available through nl80211. This allows user space applications to get access to IEs from Beacon frames even if we have received Probe Response frames from the BSS. Previously, the IEs from Probe Response frames would have overridden the IEs from Beacon frames. This feature is of somewhat limited use since most protocols include the same (or extended) information in Probe Response frames. However, there are couple of exceptions where the IEs from Beacon frames could be of some use: TIM IE is only included in Beacon frames (and it would be needed to figure out the DTIM period used in the BSS) and at least some implementations of Wireless Provisioning Services seem to include the full IE only in Beacon frames). The new BSS attribute for scan results is added to allow both the IE sets to be delivered. This is done in a way that maintains the previously used behavior for applications that are not aware of the new NL80211_BSS_BEACON_IES attribute. Signed-off-by: Jouni Malinen <j@w1.fi> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
65486c8b |
|
23-Dec-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: fix error path in cfg80211_wext_siwscan If there's an invalid channel or SSID, the code leaks the scan request. Always free the scan request, unless it was successfully given to the driver. Reported-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Dan Carpenter <error27@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
f64f9e71 |
|
29-Nov-2009 |
Joe Perches <joe@perches.com> |
net: Move && and || to end of previous line Not including net/atm/ Compiled tested x86 allyesconfig only Added a > 80 column line or two, which I ignored. Existing checkpatch plaints willfully, cheerfully ignored. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
e60d7443 |
|
25-Nov-2009 |
Alban Browaeys <prahal@yahoo.com> |
wireless : use a dedicated workqueue for cfg80211. This patch moves the works cleanup, scan and events to a cfg80211 dedicated workqueue. Platform driver like eeepc-laptop ought to use works to rfkill (as new rfkill does lock in rfkill_unregister and the platform driver is called from rfkill_switch_all which also lock the same mutex). This raise a new issue in itself that the work scheduled by the platform driver to the global worqueue calls wiphy_unregister which flush_work scan and event works (which thus flush works on the global workqueue inside a work on the global workqueue) and also put on hold the wdev_cleanup_work (which prevents the dev_put on netdev thus indefinite Usage count error on wifi device). Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Alban Browaeys <prahal@yahoo.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
76aa5e70 |
|
18-Nov-2009 |
Rui Paulo <rpaulo@gmail.com> |
mac80211: update cfg80211 scan result code for the updated mesh conf IE Signed-off-by: Rui Paulo <rpaulo@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
136cfa28 |
|
18-Nov-2009 |
Rui Paulo <rpaulo@gmail.com> |
mac80211: use a structure to hold the mesh config information element Signed-off-by: Rui Paulo <rpaulo@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
584991dc |
|
02-Nov-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: validate scan channels Currently it is possible to request a scan on only disabled channels, which could be problematic for some drivers. Reject such scans, and also ignore disabled channels that are given. This resuls in the scan begin/end event only including channels that are actually used. This makes the mac80211 check for disabled channels superfluous. At the same time, remove the no-IBSS check from mac80211 -- nothing says that we should not find any networks on channels that cannot be used for an IBSS, even when operating in IBSS mode. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
3d23e349 |
|
29-Sep-2009 |
Johannes Berg <johannes@sipsolutions.net> |
wext: refactor Refactor wext to * split out iwpriv handling * split out iwspy handling * split out procfs support * allow cfg80211 to have wireless extensions compat code w/o CONFIG_WIRELESS_EXT After this, drivers need to - select WIRELESS_EXT - for wext support - select WEXT_PRIV - for iwpriv support - select WEXT_SPY - for iwspy support except cfg80211 -- which gets new hooks in wext-core.c and can then get wext handlers without CONFIG_WIRELESS_EXT. Wireless extensions procfs support is auto-selected based on PROC_FS and anything that requires the wext core (i.e. WIRELESS_EXT or CFG80211_WEXT). Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
012a1b3e |
|
11-Sep-2009 |
Holger Schurig <hs4233@mail.mn-solutions.de> |
cfg80211: minimal error handling for wext-compat freq scanning Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
50425b09 |
|
11-Sep-2009 |
Holger Schurig <h.schurig@mn-solutions.de> |
cfg80211: use cfg80211_wext_freq() for freq conversion WEXT's "struct iw_freq" can also be used to handle a channel. This patch now uses cfg80211_wext_freq() instead of hand-converting the frequency. That allows user-space to specify channels as well, like with SIOCSIWFREQ. Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
8862dc5f |
|
11-Sep-2009 |
Holger Schurig <hs4233@mail.mn-solutions.de> |
cfg80211: minimal error handling for wext-compat freq scanning Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
a4e7b730 |
|
11-Sep-2009 |
Holger Schurig <h.schurig@mn-solutions.de> |
cfg80211: use cfg80211_wext_freq() for freq conversion WEXT's "struct iw_freq" can also be used to handle a channel. This patch now uses cfg80211_wext_freq() instead of hand-converting the frequency. That allows user-space to specify channels as well, like with SIOCSIWFREQ. Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
b2e3abdc |
|
09-Sep-2009 |
Holger Schurig <hs4233@mail.mn-solutions.de> |
cfg80211: allow scanning on specified frequencies when using wext-compatibility Handles the case when SIOCSIWSCAN specified iw_scan_req.num_channels and iw_scan_req.channels[]. Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
fcc6cb0c |
|
01-Sep-2009 |
Bob Copeland <me@bobcopeland.com> |
cfg80211: fix looping soft lockup in find_ie() The find_ie() function uses a size_t for the len parameter, and directly uses len as a loop variable. If any received packets are malformed, it is possible for the decrease of len to overflow, and since the result is unsigned, the loop will not terminate. Change it to a signed int so the loop conditional works for negative values. This fixes the following soft lockup: [38573.102007] BUG: soft lockup - CPU#0 stuck for 61s! [phy0:2230] [38573.102007] Modules linked in: aes_i586 aes_generic fuse af_packet ipt_REJECT xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_state iptable_filter ip_tables x_tables acpi_cpufreq binfmt_misc dm_mirror dm_region_hash dm_log dm_multipath dm_mod kvm_intel kvm uinput i915 arc4 ecb drm snd_hda_codec_idt ath5k snd_hda_intel hid_apple mac80211 usbhid appletouch snd_hda_codec snd_pcm ath cfg80211 snd_timer i2c_algo_bit ohci1394 video snd processor ieee1394 rfkill ehci_hcd sg sky2 backlight snd_page_alloc uhci_hcd joydev output ac thermal button battery sr_mod applesmc cdrom input_polldev evdev unix [last unloaded: scsi_wait_scan] [38573.102007] irq event stamp: 2547724535 [38573.102007] hardirqs last enabled at (2547724534): [<c1002ffc>] restore_all_notrace+0x0/0x18 [38573.102007] hardirqs last disabled at (2547724535): [<c10038f4>] apic_timer_interrupt+0x28/0x34 [38573.102007] softirqs last enabled at (92950144): [<c103ab48>] __do_softirq+0x108/0x210 [38573.102007] softirqs last disabled at (92950274): [<c1348e74>] _spin_lock_bh+0x14/0x80 [38573.102007] [38573.102007] Pid: 2230, comm: phy0 Tainted: G W (2.6.31-rc7-wl #8) MacBook1,1 [38573.102007] EIP: 0060:[<f8ea2d50>] EFLAGS: 00010292 CPU: 0 [38573.102007] EIP is at cmp_ies+0x30/0x180 [cfg80211] [38573.102007] EAX: 00000082 EBX: 00000000 ECX: ffffffc1 EDX: d8efd014 [38573.102007] ESI: ffffff7c EDI: 0000004d EBP: eee2dc50 ESP: eee2dc3c [38573.102007] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 [38573.102007] CR0: 8005003b CR2: d8efd014 CR3: 01694000 CR4: 000026d0 [38573.102007] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [38573.102007] DR6: ffff0ff0 DR7: 00000400 [38573.102007] Call Trace: [38573.102007] [<f8ea2f8d>] cmp_bss+0xed/0x100 [cfg80211] [38573.102007] [<f8ea33e4>] cfg80211_bss_update+0x84/0x410 [cfg80211] [38573.102007] [<f8ea3884>] cfg80211_inform_bss_frame+0x114/0x180 [cfg80211] [38573.102007] [<f97255ff>] ieee80211_bss_info_update+0x4f/0x180 [mac80211] [38573.102007] [<f972b118>] ieee80211_rx_bss_info+0x88/0xf0 [mac80211] [38573.102007] [<f9739297>] ? ieee802_11_parse_elems+0x27/0x30 [mac80211] [38573.102007] [<f972b224>] ieee80211_rx_mgmt_probe_resp+0xa4/0x1c0 [mac80211] [38573.102007] [<f972bc59>] ieee80211_sta_rx_queued_mgmt+0x919/0xc50 [mac80211] [38573.102007] [<c1009707>] ? sched_clock+0x27/0xa0 [38573.102007] [<c1009707>] ? sched_clock+0x27/0xa0 [38573.102007] [<c105ffd0>] ? mark_held_locks+0x60/0x80 [38573.102007] [<c1348be5>] ? _spin_unlock_irqrestore+0x55/0x70 [38573.102007] [<c134baa5>] ? sub_preempt_count+0x85/0xc0 [38573.102007] [<c1348bce>] ? _spin_unlock_irqrestore+0x3e/0x70 [38573.102007] [<c12c1c0f>] ? skb_dequeue+0x4f/0x70 [38573.102007] [<f972c021>] ieee80211_sta_work+0x91/0xb80 [mac80211] [38573.102007] [<c1009707>] ? sched_clock+0x27/0xa0 [38573.102007] [<c134baa5>] ? sub_preempt_count+0x85/0xc0 [38573.102007] [<c10479af>] worker_thread+0x18f/0x320 [38573.102007] [<c104794e>] ? worker_thread+0x12e/0x320 [38573.102007] [<c1348be5>] ? _spin_unlock_irqrestore+0x55/0x70 [38573.102007] [<f972bf90>] ? ieee80211_sta_work+0x0/0xb80 [mac80211] [38573.102007] [<c104cbb0>] ? autoremove_wake_function+0x0/0x50 [38573.102007] [<c1047820>] ? worker_thread+0x0/0x320 [38573.102007] [<c104c854>] kthread+0x84/0x90 [38573.102007] [<c104c7d0>] ? kthread+0x0/0x90 [38573.102007] [<c1003ab7>] kernel_thread_helper+0x7/0x10 Cc: stable@kernel.org Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
01a0ac41 |
|
20-Aug-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: check lost scans later, fix bug When we lose a scan, cfg80211 tries to clean up after the driver. However, it currently does this too early, it does this in GOING_DOWN already instead of DOWN, so it may happen with mac80211. Besides fixing this, also make it more robust by leaking the scan request so if the driver later actually finishes the scan, it won't crash. Also check in ___cfg80211_scan_done whether a scan request is still pending and exit if not. Reported-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Tested-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
36e6fea8 |
|
12-Aug-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: check for and abort dangling scan requests If you trigger a scan request on an interface and then take it down, or rmmod the module or unplug the device the driver might "forget" to cancel the scan request. That is a bug in the driver, but the current behaviour is that we just hang endlessly waiting for the netdev refcount to become 0 which it never will. To improve robustness, check for this situation in cfg80211, warn about it and clean up behind the driver. I don't just clean up silently because it's likely that the driver also has some internal state it has now leaked. Additionally, this fixes a locking bug, clearing the scan_req pointer should be done under the rdev lock. Finally, we also need to _wait_ for the scan work and not just abort it since it might be pending and wanting to do a cleanup. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
5ba63533 |
|
07-Aug-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: fix alignment problem in scan request The memory layout for scan requests was rather wrong, we put the scan SSIDs before the channels which could lead to the channel pointers being unaligned in memory. It turns out that using a pointer to the channel array isn't necessary anyway since we can embed a zero-length array into the struct. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
f5ea9120 |
|
07-Aug-2009 |
Johannes Berg <johannes@sipsolutions.net> |
nl80211: add generation number to all dumps In order for userspace to be able to figure out whether it obtained a consistent snapshot of data or not when using netlink dumps, we need to have a generation number in each dump message that indicates whether the list has changed or not -- its value is arbitrary. This patch adds such a number to all dumps, this needs some mac80211 involvement to keep track of a generation number to start with when adding/removing mesh paths or stations. The wiphy and netdev lists can be fully handled within cfg80211, of course, but generation numbers need to be stored there as well. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
cd3468ba |
|
29-Jul-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: add two missing NULL pointer checks These pointers can be NULL, the is_mesh() case isn't ever hit in the current kernel, but cmp_ies() can be hit under certain conditions. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Cc: stable@kernel.org [2.6.29, 2.6.30] Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
a9a11622 |
|
26-Jul-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: self-contained wext handling where possible Finally! This is what you've all been waiting for! This patch makes cfg80211 take care of wext emulation _completely_ by itself, drivers that don't need things cfg80211 doesn't do yet don't even need to be aware of wireless extensions. This means we can also clean up mac80211's and iwm's Kconfig and make it possible to build them w/o wext now! RIP wext. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
09f97e0f |
|
22-Jul-2009 |
Helmut Schaa <helmut.schaa@googlemail.com> |
cfg80211: increase scan result expire time Using background scanning in mac80211 the time a scan needs to finish can exceed 10 seconds. Hence, increase the scan results expire time to 15 seconds which should be sufficient. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
463d0183 |
|
13-Jul-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: make aware of net namespaces In order to make cfg80211/nl80211 aware of network namespaces, we have to do the following things: * del_virtual_intf method takes an interface index rather than a netdev pointer - simply change this * nl80211 uses init_net a lot, it changes to use the sender's network namespace * scan requests use the interface index, hold a netdev pointer and reference instead * we want a wiphy and its associated virtual interfaces to be in one netns together, so - we need to be able to change ns for a given interface, so export dev_change_net_namespace() - for each virtual interface set the NETIF_F_NETNS_LOCAL flag, and clear that flag only when the wiphy changes ns, to disallow breaking this invariant * when a network namespace goes away, we need to reparent the wiphy to init_net * cfg80211 users that support creating virtual interfaces must create them in the wiphy's namespace, currently this affects only mac80211 The end result is that you can now switch an entire wiphy into a different network namespace with the new command iw phy#<idx> set netns <pid> and all virtual interfaces will follow (or the operation fails). Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
9e81eccf |
|
18-Jul-2009 |
Christian Lamparter <chunkeey@web.de> |
cfg80211: double free in __cfg80211_scan_done This patch fixes a double free corruption in __cfg80211_scan_done: ================================================ BUG kmalloc-512: Object already free ------------------------------------------------ INFO: Allocated in load_elf_binary+0x18b/0x19af age=6 INFO: Freed in load_elf_binary+0x104e/0x19af age=5 INFO: Slab 0xffffea0001bae4c0 objects=14 used=7 INFO: Object 0xffff88007e8a9918 @offset=6424 fp=0xffff88007e8a9488 Bytes b4 0xffff88007e8a9908: 00 00 00 00 00 00 00 00 5a 5a [...] Pid: 28705, comm: rmmod Tainted: P C 2.6.31-rc2-wl #1 Call Trace: [<ffffffff810da9f4>] print_trailer+0x14e/0x16e [<ffffffff810daa56>] object_err+0x42/0x61 [<ffffffff810dbcd9>] __slab_free+0x2af/0x396 [<ffffffffa0ec9694>] ? wiphy_unregister+0x92/0x142 [cfg80211] [<ffffffff810dd5e3>] kfree+0x13c/0x17a [<ffffffffa0ec9694>] ? wiphy_unregister+0x92/0x142 [cfg80211] [<ffffffffa0ec9694>] wiphy_unregister+0x92/0x142 [cfg80211] [<ffffffffa0eed163>] ieee80211_unregister_hw+0xc8/0xff [mac80211] [<ffffffffa0f3fbc8>] p54_unregister_common+0x31/0x66 [p54common] [...] FIX kmalloc-512: Object at 0xffff88007e8a9918 not freed The code path which leads to the *funny* double free: request = rdev->scan_req; dev = dev_get_by_index(&init_net, request->ifidx); /* * the driver was unloaded recently and * therefore dev_get_by_index will return NULL! */ if (!dev) goto out; [...] rdev->scan_req = NULL; /* not executed... */ [...] out: kfree(request); Signed-off-by: Christian Lamparter <chunkeey@web.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
667503dd |
|
06-Jul-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: fix locking Over time, a lot of locking issues have crept into the smarts of cfg80211, so e.g. scan completion can race against a new scan, IBSS join can race against leaving an IBSS, etc. Introduce a new per-interface lock that protects most of the per-interface data that we need to keep track of, and sprinkle assertions about that lock everywhere. Some things now need to be offloaded to work structs so that we don't require being able to sleep in functions the drivers call. The exception to that are the MLME callbacks (rx_auth etc.) that currently only mac80211 calls because it was easier to do that there instead of in cfg80211, and future drivers implementing those calls will, if they ever exist, probably need to use a similar scheme like mac80211 anyway... In order to be able to handle _deauth and _disassoc properly, introduce a cookie passed to it that will determine locking requirements. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
4d0c8aea |
|
06-Jul-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: properly name driver locking Currently we call that cfg80211_put_dev(), but that is misleading. With the new convention of using 'rdev' for registered_device variables, also call that function cfg80211_unlock_rdev(). Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
19957bb3 |
|
02-Jul-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: keep track of BSSes In order to avoid problems with BSS structs going away while they're in use, I've long wanted to make cfg80211 keep track of them. Without the SME, that wasn't doable but now that we have the SME we can do this too. It can keep track of up to four separate authentications and one association, regardless of whether it's controlled by the cfg80211 SME or the userspace SME. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
6829c878 |
|
02-Jul-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: emulate connect with auth/assoc This adds code to cfg80211 so that drivers (mac80211 right now) that don't implement connect but rather auth/assoc can still be used with the nl80211 connect command. This will also be necessary for the wext compat code. Signed-off-by: Samuel Ortiz <samuel.ortiz@intel.com> Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
a538e2d5 |
|
16-Jun-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: issue netlink notification when scan starts To ease multiple apps working together smoothly, send a notification when a scan is started. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
2dce4c2b |
|
02-Jul-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: fix refcount leak The code in cfg80211's cfg80211_bss_update erroneously grabs a reference to the BSS, which means that it will never be freed. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Cc: stable@kernel.org [2.6.29, 2.6.30] Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
362a415d |
|
24-May-2009 |
Johannes Berg <johannes@sipsolutions.net> |
nl80211: bounce scan request back to userspace When a scan finishes only the program that asked for it knows what kind of scan it was; let's tell everybody else about the scan parameters as well so they can evaluate the result of the scan better. Also helps with debugging. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
44e1b98f |
|
26-Apr-2009 |
Michael Buesch <mb@bu3sch.de> |
cfg80211: Use the correct IE buffer pointer If the IE buffer was allocated, the pub.information_elements pointer was also changed to the allocated space. So we must not assume anymore that the pointer points at the "found" tail. So if it was allocated previously, take the codebranch that grows the buffer size (if necessary) and put the data into the allocated buffer. Signed-off-by: Michael Buesch <mb@bu3sch.de> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
273de92c |
|
25-Apr-2009 |
Michael Buesch <mb@bu3sch.de> |
cfg80211: Remove unnecessary ksize() call This removes an unnecessary ksize() call. krealloc() will do this test internally and won't perform any allocation if the space is already sufficient to hold the data. So remove the redundant check. Signed-off-by: Michael Buesch <mb@bu3sch.de> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
c0f0aac0 |
|
30-Apr-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: fix truncated IEs Another bug in the "cfg80211: do not replace BSS structs" patch, a forgotten length update leads to bogus data being stored and passed to userspace, often truncated. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
ba44cb72 |
|
20-Apr-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: mark all WEXT handlers _GPL The fact that these are exported is a technical detail of the conversion period -- we don't want anybody to start relying on these. Ultimately we want things to use cfg80211 only, and once everything that is in wext is converted to cfg80211 drivers will not need to touch wext _at all_. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
06aa7afa |
|
26-Mar-2009 |
Jussi Kivilinna <jussi.kivilinna@mbnet.fi> |
cfg80211: add cfg80211_inform_bss Added cfg80211_inform_bss() for full-mac devices to use. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
cd1658f5 |
|
16-Apr-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: do not replace BSS structs Instead, allocate extra IE memory if necessary. Normally, this isn't even necessary since there's enough space. This is a better way of correcting the "held BSS can disappear" issue, but also a lot more code. It is also necessary for proper auth/assoc BSS handling in the future. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
160002fe |
|
15-Apr-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: copy hold when replacing BSS When we receive a probe response frame we can replace the BSS struct in our list -- but if that struct is held then we need to hold the new one as well. We really should fix this completely and not replace the struct, but this is a bandaid for now. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
a08c1c1a |
|
22-Mar-2009 |
Kalle Valo <kalle.valo@nokia.com> |
cfg80211: add feature to hold bss In beacon filtering there needs to be a way to not expire the BSS even when no beacons are received. Add an interface to cfg80211 to hold BSS and make sure that it's not expired. Signed-off-by: Kalle Valo <kalle.valo@nokia.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
e38f8a7a |
|
20-Feb-2009 |
Luis R. Rodriguez <lrodriguez@atheros.com> |
cfg80211: Add AP beacon regulatory hints When devices are world roaming they cannot beacon or do active scan on 5 GHz or on channels 12, 13 and 14 on the 2 GHz band. Although we have a good regulatory API some cards may _always_ world roam, this is also true when a system does not have CRDA present. Devices doing world roaming can still passive scan, if they find a beacon from an AP on one of the world roaming frequencies we make the assumption we can do the same and we also remove the passive scan requirement. This adds support for providing beacon regulatory hints based on scans. This works for devices that do either hardware or software scanning. If a channel has not yet been marked as having had a beacon present on it we queue the beacon hint processing into the workqueue. All wireless devices will benefit from beacon regulatory hints from any wireless device on a system including new devices connected to the system at a later time. Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
77965c97 |
|
18-Feb-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: clean up signal type It wasn't a good idea to make the signal type a per-BSS option, although then it is closer to the actual value. Move it to be a per-wiphy setting, update mac80211 to match. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
a77b8552 |
|
18-Feb-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211/mac80211: fill qual.qual value/adjust max_qual.qual Due to various bugs in the software stack we end up having to fill qual.qual; level should be used, but wpa_supplicant doesn't properly ignore qual.qual, NM should use qual.level regardless of that because qual.qual is 0 but doesn't handle IW_QUAL_DBM right now. So fill qual.qual with the qual.level value clamped to -110..-40 dBm or just the regular 'unspecified' signal level. This requires a mac80211 change to properly announce the max_qual.qual and avg_qual.qual values. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
cb3a8eec |
|
11-Feb-2009 |
Dan Williams <dcbw@redhat.com> |
cfg80211: age scan results on resume Scanned BSS entries are timestamped with jiffies, which doesn't increment across suspend and hibernate. On resume, every BSS in the scan list looks like it was scanned within the last 10 seconds, irregardless of how long the machine was actually asleep. Age scan results on resume with the time spent during sleep so userspace has a clue how old they really are. Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
79420f09 |
|
10-Feb-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: add more flexible BSS lookup Add a more flexible BSS lookup function so that mac80211 or other drivers can actually use this for getting the BSS to connect to. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
d491af19 |
|
10-Feb-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: allow users to request removing a BSS This patch introduces cfg80211_unlink_bss, a function to allow a driver to remove a BSS from the internal list and make it not show up in scan results any more -- this is to be used when the driver detects that the BSS is no longer available. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
78c1c7e1 |
|
10-Feb-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211: free_priv for BSS info When cfg80211 users have their own allocated data in the per-BSS private data, they will need to free this when the BSS struct is destroyed. Add a free_priv method and fix one place where the BSS was kfree'd rather than released properly. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
2a519311 |
|
10-Feb-2009 |
Johannes Berg <johannes@sipsolutions.net> |
cfg80211/nl80211: scanning (and mac80211 update to use it) This patch adds basic scan capability to cfg80211/nl80211 and changes mac80211 to use it. The BSS list that cfg80211 maintains is made driver-accessible with a private area in each BSS struct, but mac80211 doesn't yet use it. That's another large project. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|