1. 29 3月, 2011 1 次提交
    • P
      mac80211: fix NULL pointer dereference in ieee80211_key_alloc() · 1f951a7f
      Petr Štetiar 提交于
      The ieee80211_key struct can be kfree()d several times in the function, for
      example if some of the key setup functions fails beforehand, but there's no
      check if the struct is still valid before we call memcpy() and INIT_LIST_HEAD()
      on it.  In some cases (like it was in my case), if there's missing aes-generic
      module it could lead to the following kernel OOPS:
      
      	Unable to handle kernel NULL pointer dereference at virtual address 0000018c
      	....
      	PC is at memcpy+0x80/0x29c
      	...
      	Backtrace:
      	[<bf11c5e4>] (ieee80211_key_alloc+0x0/0x234 [mac80211]) from [<bf1148b4>] (ieee80211_add_key+0x70/0x12c [mac80211])
      	[<bf114844>] (ieee80211_add_key+0x0/0x12c [mac80211]) from [<bf070cc0>] (__cfg80211_set_encryption+0x2a8/0x464 [cfg80211])
      Signed-off-by: NPetr Štetiar <ynezz@true.cz>
      Reviewed-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      1f951a7f
  2. 05 1月, 2011 2 次提交
  3. 14 12月, 2010 1 次提交
  4. 23 11月, 2010 1 次提交
    • H
      mac80211: Disable hw crypto for GTKs on AP VLAN interfaces · 18890d4b
      Helmut Schaa 提交于
      When using AP VLAN interfaces, each VLAN interface should be in its own
      broadcast domain. Hostapd achieves this by assigning different GTKs to
      different AP VLAN interfaces.
      
      However, mac80211 drivers are not aware of AP VLAN interfaces and as
      such mac80211 sends the GTK to the driver in the context of the base AP
      mode interface. This causes problems when multiple AP VLAN interfaces
      are used since the driver will use the same key slot for the different
      GTKs (there's no way for the driver to distinguish the different GTKs
      from different AP VLAN interfaces). Thus, only the clients associated
      to one AP VLAN interface (the one that was created last) can actually
      use broadcast traffic.
      
      Fix this by not programming any GTKs for AP VLAN interfaces into the hw
      but fall back to using software crypto. The GTK for the underlying AP
      interface is still sent to the driver.
      
      That means, broadcast traffic to stations associated to an AP VLAN
      interface is encrypted in software whereas broadcast traffic to
      stations associated to the non-VLAN AP interface is encrypted in
      hardware.
      
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NHelmut Schaa <helmut.schaa@googlemail.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      18890d4b
  5. 07 10月, 2010 1 次提交
  6. 17 9月, 2010 1 次提交
  7. 28 8月, 2010 1 次提交
  8. 26 8月, 2010 1 次提交
  9. 17 8月, 2010 3 次提交
  10. 28 7月, 2010 1 次提交
    • J
      mac80211: Fix key freeing to handle unlinked keys · 32162a4d
      Jouni Malinen 提交于
      Key locking simplification removed key->sdata != NULL verification from
      ieee80211_key_free(). While that is fine for most use cases, there is one
      path where this function can be called with an unlinked key (i.e.,
      key->sdata == NULL && key->local == NULL). This results in a NULL pointer
      dereference with the current implementation. This is known to happen at
      least with FT protocol when wpa_supplicant tries to configure the key
      before association.
      
      Avoid the issue by passing in the local pointer to
      ieee80211_key_free(). In addition, do not clear the key from hw_accel
      or debugfs if it has not yet been added. At least the hw_accel one could
      trigger another NULL pointer dereference.
      Signed-off-by: NJouni Malinen <j@w1.fi>
      Reviewed-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      32162a4d
  11. 16 6月, 2010 1 次提交
  12. 04 6月, 2010 1 次提交
  13. 25 5月, 2010 1 次提交
  14. 24 5月, 2010 1 次提交
    • L
      Revert "ath9k: Group Key fix for VAPs" · a69eee49
      Linus Torvalds 提交于
      This reverts commit 03ceedea, since it
      breaks resume from suspend-to-ram on Rafael's Acer Ferrari One.
      NetworkManager thinks everything is ok, but it can't connect to the AP
      to get an IP address after the resume.
      
      In fact, it even breaks resume for non-ath9k chipsets: reverting it also
      fixes Rafael's Toshiba Protege R500 with the iwlagn driver.  As Johannes
      says:
      
        "Indeed, this patch needs to be reverted. That mac80211 change is wrong
         and completely unnecessary."
      Reported-and-requested-by: NRafael J. Wysocki <rjw@sisk.pl>
      Acked-by: NJohannes Berg <johannes@sipsolutions.net>
      Cc: Daniel Yingqiang Ma <yma.cool@gmail.com>
      Cc: John W. Linville <linville@tuxdriver.com>
      Cc: David Miller <davem@davemloft.net>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a69eee49
  15. 20 4月, 2010 1 次提交
    • D
      ath9k: Group Key fix for VAPs · 03ceedea
      Daniel Yingqiang Ma 提交于
      When I set up multiple VAPs with ath9k, I encountered an issue that
      the traffic may be lost after a while.
      
      The detailed phenomenon is
      1. After a while the clients connected to one of these VAPs will get
      into a state that no broadcast/multicast packets can be transfered
      successfully while the unicast packets can be transfered normally.
      2. Minutes latter the unitcast packets transfer will fail as well,
      because the ARP entry is expired and it can't be freshed due to the
      broadcast trouble.
      
      It's caused by the group key overwritten and someone discussed this
      issue in ath9k-devel maillist before, but haven't work out a fix yet.
      
      I referred the method in madwifi, and made a patch for ath9k.
      The method is to set the high bit of the sender(AP)'s address, and
      associated that mac and the group key. It requires the hardware
      supports multicast frame key search. It seems true for AR9160.
      
      Not sure whether it's the correct way to fix this issue. But it seems
      to work in my test. The patch is attached, feel free to revise it.
      Signed-off-by: NDaniel Yingqiang ma <yma.cool@gmail.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      03ceedea
  16. 30 3月, 2010 1 次提交
    • T
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo 提交于
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      
        http://userweb.kernel.org/~tj/misc/slabh-sweep.py
      
      The script does the followings.
      
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
        file.
      
      The conversion was done in the following steps.
      
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
         files.
      
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
         necessary.
      
      6. percpu.h was updated not to include slab.h.
      
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
      
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Guess-its-ok-by: NChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
      5a0e3ad6
  17. 29 12月, 2009 1 次提交
  18. 22 12月, 2009 2 次提交
  19. 18 8月, 2009 1 次提交
  20. 11 7月, 2009 1 次提交
  21. 21 5月, 2009 1 次提交
  22. 14 5月, 2009 1 次提交
    • J
      nl80211: Add RSC configuration for new keys · faa8fdc8
      Jouni Malinen 提交于
      When setting a key with NL80211_CMD_NEW_KEY, we should allow the key
      sequence number (RSC) to be set in order to allow replay protection to
      work correctly for group keys. This patch documents this use for
      nl80211 and adds the couple of missing pieces in nl80211/cfg80211 and
      mac80211 to support this. In addition, WEXT SIOCSIWENCODEEXT compat
      processing in cfg80211 is extended to handle the RSC (this was already
      specified in WEXT, but just not implemented in cfg80211/mac80211).
      Signed-off-by: NJouni Malinen <jouni.malinen@atheros.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      faa8fdc8
  23. 07 5月, 2009 1 次提交
  24. 28 2月, 2009 1 次提交
    • J
      mac80211: split IBSS/managed code · 46900298
      Johannes Berg 提交于
      This patch splits out the ibss code and data from managed (station) mode.
      The reason to do this is to better separate the state machines, and have
      the code be contained better so it gets easier to determine what exactly
      a given change will affect, that in turn makes it easier to understand.
      
      This is quite some churn, especially because I split sdata->u.sta into
      sdata->u.mgd and sdata->u.ibss, but I think it's easier to maintain that
      way. I've also shuffled around some code -- null function sending is only
      applicable to managed interfaces so put that into that file, some other
      functions are needed from various places so put them into util, and also
      rearranged the prototypes in ieee80211_i.h accordingly.
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      46900298
  25. 30 1月, 2009 2 次提交
  26. 28 10月, 2008 1 次提交
  27. 07 10月, 2008 1 次提交
  28. 16 9月, 2008 2 次提交
  29. 28 6月, 2008 1 次提交
  30. 15 5月, 2008 1 次提交
    • J
      mac80211: proper STA info locking · 07346f81
      Johannes Berg 提交于
      As discussed earlier, we can unify locking in struct sta_info
      and use just a single spinlock protecting all members of the
      structure that need protection. Many don't, but one of the
      especially bad ones is the 'flags' member that can currently
      be clobbered when RX and TX is being processed on different
      CPUs at the same time.
      
      Because having four spinlocks for different, mostly exclusive
      parts of a single structure is overkill, this patch also kills
      the ampdu and mesh plink spinlocks and uses just a single one
      for everything. Because none of the spinlocks are nested, this
      is safe.
      
      It remains to be seen whether or not we should make the sta
      flags use atomic bit operations instead, for now though this
      is a safe thing and using atomic operations instead will be
      very simple using the new static inline functions this patch
      introduces for accessing sta->flags.
      
      Since spin_lock_bh() is used with this lock, there shouldn't
      be any contention even if aggregation is enabled at around the
      same time as both requires frame transmission/reception which
      is in a bh context.
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      Cc: Tomas Winkler <tomasw@gmail.com>
      Cc: Ron Rindjunsky <ron.rindjunsky@intel.com>
      Cc: Luis Carlos Cobo <luisca@cozybit.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      07346f81
  31. 08 5月, 2008 1 次提交
  32. 17 4月, 2008 3 次提交