1. 15 6月, 2010 1 次提交
    • J
      mac80211: simplify station/aggregation code · 2a419056
      Johannes Berg 提交于
      A number of places use RCU locking for accessing
      the station list, even though they do not need
      to. Use mutex locking instead to prepare for the
      locking changes I want to make. The mlme code is
      also using a WLAN_STA_DISASSOC flag that has the
      same meaning as WLAN_STA_BLOCK_BA, so use that.
      
      While doing so, combine places where we loop
      over stations twice, and optimise away some of
      the loops by checking if the hardware supports
      aggregation at all first.
      
      Also fix a more theoretical race condition: right
      now we could resume, set up an aggregation session,
      and right after tear it down again due to the code
      that is needed for hardware reconfiguration here.
      Also mark add a comment to that code marking it as
      a workaround.
      
      Finally, remove a pointless aggregation disabling
      loop when an interface is stopped, directly after
      that we remove all stations from it which will also
      disable all aggregation sessions that may still be
      active, and does so in a race-free way unlike the
      current loop that doesn't block new sessions.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      2a419056
  2. 04 6月, 2010 1 次提交
  3. 02 6月, 2010 1 次提交
  4. 20 4月, 2010 2 次提交
  5. 09 4月, 2010 1 次提交
  6. 08 4月, 2010 1 次提交
  7. 01 4月, 2010 1 次提交
  8. 30 3月, 2010 1 次提交
    • T
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo 提交于
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      
        http://userweb.kernel.org/~tj/misc/slabh-sweep.py
      
      The script does the followings.
      
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
        file.
      
      The conversion was done in the following steps.
      
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
         files.
      
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
         necessary.
      
      6. percpu.h was updated not to include slab.h.
      
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
      
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Guess-its-ok-by: NChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
      5a0e3ad6
  9. 11 2月, 2010 1 次提交
  10. 13 1月, 2010 1 次提交
  11. 06 1月, 2010 1 次提交
  12. 22 12月, 2009 3 次提交
  13. 01 12月, 2009 2 次提交
    • J
      mac80211: fix spurious delBA handling · 827d42c9
      Johannes Berg 提交于
      Lennert Buytenhek noticed that delBA handling in mac80211
      was broken and has remotely triggerable problems, some of
      which are due to some code shuffling I did that ended up
      changing the order in which things were done -- this was
      
        commit d75636ef
        Author: Johannes Berg <johannes@sipsolutions.net>
        Date:   Tue Feb 10 21:25:53 2009 +0100
      
          mac80211: RX aggregation: clean up stop session
      
      and other parts were already present in the original
      
        commit d92684e6
        Author: Ron Rindjunsky <ron.rindjunsky@intel.com>
        Date:   Mon Jan 28 14:07:22 2008 +0200
      
            mac80211: A-MPDU Tx add delBA from recipient support
      
      The first problem is that I moved a BUG_ON before various
      checks -- thereby making it possible to hit. As the comment
      indicates, the BUG_ON can be removed since the ampdu_action
      callback must already exist when the state is != IDLE.
      
      The second problem isn't easily exploitable but there's a
      race condition due to unconditionally setting the state to
      OPERATIONAL when a delBA frame is received, even when no
      aggregation session was ever initiated. All the drivers
      accept stopping the session even then, but that opens a
      race window where crashes could happen before the driver
      accepts it. Right now, a WARN_ON may happen with non-HT
      drivers, while the race opens only for HT drivers.
      
      For this case, there are two things necessary to fix it:
       1) don't process spurious delBA frames, and be more careful
          about the session state; don't drop the lock
      
       2) HT drivers need to be prepared to handle a session stop
          even before the session was really started -- this is
          true for all drivers (that support aggregation) but
          iwlwifi which can be fixed easily. The other HT drivers
          (ath9k and ar9170) are behaving properly already.
      Reported-by: NLennert Buytenhek <buytenh@marvell.com>
      Cc: stable@kernel.org
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      827d42c9
    • J
      mac80211: fix two remote exploits · 4253119a
      Johannes Berg 提交于
      Lennert Buytenhek noticed a remotely triggerable problem
      in mac80211, which is due to some code shuffling I did
      that ended up changing the order in which things were
      done -- this was in
      
        commit d75636ef
        Author: Johannes Berg <johannes@sipsolutions.net>
        Date:   Tue Feb 10 21:25:53 2009 +0100
      
          mac80211: RX aggregation: clean up stop session
      
      The problem is that the BUG_ON moved before the various
      checks, and as such can be triggered.
      
      As the comment indicates, the BUG_ON can be removed since
      the ampdu_action callback must already exist when the
      state is OPERATIONAL.
      
      A similar code path leads to a WARN_ON in
      ieee80211_stop_tx_ba_session, which can also be removed.
      
      Cc: stable@kernel.org [2.6.29+]
      Cc: Lennert Buytenhek <buytenh@marvell.com>
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      4253119a
  14. 19 11月, 2009 4 次提交
  15. 31 10月, 2009 1 次提交
  16. 14 8月, 2009 1 次提交
    • L
      mac80211: fix panic when splicing unprepared TIDs · 416fbdff
      Luis R. Rodriguez 提交于
      We splice skbs from the pending queue for a TID
      onto the local pending queue when tearing down a
      block ack request. This is not necessary unless we
      actually have received a request to start a block ack
      request (rate control, for example). If we never received
      that request we should not be splicing the tid pending
      queue as it would be null, causing a panic.
      
      Not sure yet how exactly we allowed through a call when the
      tid state does not have at least HT_ADDBA_REQUESTED_MSK set,
      that will require some further review as it is not quite
      obvious.
      
      For more information see the bug report:
      
      http://bugzilla.kernel.org/show_bug.cgi?id=13922
      
      This fixes this oops:
      
      BUG: unable to handle kernel NULL pointer dereference at 00000030
      IP: [<f8806c70>] ieee80211_agg_splice_packets+0x40/0xc0 [mac80211]
      *pdpt = 0000000002d1e001 *pde = 0000000000000000
      Thread overran stack, or stack corrupted
      Oops: 0000 [#1] SMP
      last sysfs file: /sys/module/aes_generic/initstate
      Modules linked in: <bleh>
      
      Pid: 0, comm: swapper Not tainted (2.6.31-rc5-wl #2) Dell DV051
      EIP: 0060:[<f8806c70>] EFLAGS: 00010292 CPU: 0
      EIP is at ieee80211_agg_splice_packets+0x40/0xc0 [mac80211]
      EAX: 00000030 EBX: 0000004c ECX: 00000003 EDX: 00000000
      ESI: c1c98000 EDI: f745a1c0 EBP: c076be58 ESP: c076be38
       DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
      Process swapper (pid: 0, ti=c076a000 task=c0709160 task.ti=c076a000)
      Stack: <bleh2>
      Call Trace:
       [<f8806edb>] ? ieee80211_stop_tx_ba_cb+0xab/0x150 [mac80211]
       [<f8802f1e>] ? ieee80211_tasklet_handler+0xce/0x110 [mac80211]
       [<c04862ff>] ? net_rx_action+0xef/0x1d0
       [<c0149378>] ? tasklet_action+0x58/0xc0
       [<c014a0f2>] ? __do_softirq+0xc2/0x190
       [<c018eb48>] ? handle_IRQ_event+0x58/0x140
       [<c01205fe>] ? ack_apic_level+0x7e/0x270
       [<c014a1fd>] ? do_softirq+0x3d/0x40
       [<c014a345>] ? irq_exit+0x65/0x90
       [<c010a6af>] ? do_IRQ+0x4f/0xc0
       [<c014a35d>] ? irq_exit+0x7d/0x90
       [<c011d547>] ? smp_apic_timer_interrupt+0x57/0x90
       [<c01094a9>] ? common_interrupt+0x29/0x30
       [<c010fd9e>] ? mwait_idle+0xbe/0x100
       [<c0107e42>] ? cpu_idle+0x52/0x90
       [<c054b1a5>] ? rest_init+0x55/0x60
       [<c077492d>] ? start_kernel+0x315/0x37d
       [<c07743ce>] ? unknown_bootoption+0x0/0x1f9
       [<c0774099>] ? i386_start_kernel+0x79/0x81
      Code: <bleh3>
      EIP: [<f8806c70>] ieee80211_agg_splice_packets+0x40/0xc0 [mac80211] SS:ESP 0068:c076be38
      CR2: 0000000000000030
      
      Cc: stable@kernel.org
      Testedy-by: NJack Lau <jackelectronics@hotmail.com>
      Signed-off-by: NLuis R. Rodriguez <lrodriguez@atheros.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      416fbdff
  17. 25 7月, 2009 1 次提交
  18. 11 6月, 2009 1 次提交
  19. 07 5月, 2009 1 次提交
  20. 28 3月, 2009 4 次提交
    • J
      mac80211/iwlwifi: move virtual A-MDPU queue bookkeeping to iwlwifi · e4e72fb4
      Johannes Berg 提交于
      This patch removes all the virtual A-MPDU-queue bookkeeping from
      mac80211. Curiously, iwlwifi already does its own bookkeeping, so
      it doesn't require much changes except where it needs to handle
      starting and stopping the queues in mac80211.
      
      To handle the queue stop/wake properly, we rewrite the software
      queue number for aggregation frames and internally to iwlwifi keep
      track of the queues that map into the same AC queue, and only talk
      to mac80211 about the AC queue. The implementation requires calling
      two new functions, iwl_stop_queue and iwl_wake_queue instead of the
      mac80211 counterparts.
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      Cc: Reinette Chattre <reinette.chatre@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      e4e72fb4
    • J
      mac80211: fix aggregation to not require queue stop · cd8ffc80
      Johannes Berg 提交于
      Instead of stopping the entire AC queue when enabling aggregation
      (which was only done for hardware with aggregation queues) buffer
      the packets for each station, and release them to the pending skb
      queue once aggregation is turned on successfully.
      
      We get a little more code, but it becomes conceptually simpler and
      we can remove the entire virtual queue mechanism from mac80211 in
      a follow-up patch.
      
      This changes how mac80211 behaves towards drivers that support
      aggregation but have no hardware queues -- those drivers will now
      not be handed packets while the aggregation session is being
      established, but only after it has been fully established.
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      cd8ffc80
    • J
      mac80211: unify and fix TX aggregation start · b1720231
      Johannes Berg 提交于
      When TX aggregation becomes operational, we do a number of steps:
       1) print a debug message
       2) wake the virtual queue
       3) notify the driver
      
      Unfortunately, 1) and 3) are only done if the driver is first to
      reply to the aggregation request, it is, however, possible that the
      remote station replies before the driver! Thus, unify the code for
      this and call the new function ieee80211_agg_tx_operational in both
      places where TX aggregation can become operational.
      
      Additionally, rename the driver notification from
      IEEE80211_AMPDU_TX_RESUME to IEEE80211_AMPDU_TX_OPERATIONAL.
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      b1720231
    • S
      mac80211: Tear down aggregation sessions for suspend/resume · 722f069a
      Sujith 提交于
      When the driver has been notified with a STA_REMOVE, it tears down
      the internal ADDBA state. On resume, trying to initiate aggregation would
      fail because mac80211 has not cleared the operational state for that <TID,STA>.
      This can be fixed by tearing down the existing sessions on a suspend.
      
      Also, the driver can initiate a new BA session when suspend is in progress.
      This is fixed by marking the station as being in suspend state and
      denying ADDBA requests for such STAs.
      Signed-off-by: NSujith <Sujith.Manoharan@atheros.com>
      Acked-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      722f069a
  21. 28 2月, 2009 2 次提交
    • J
      mac80211: split IBSS/managed code · 46900298
      Johannes Berg 提交于
      This patch splits out the ibss code and data from managed (station) mode.
      The reason to do this is to better separate the state machines, and have
      the code be contained better so it gets easier to determine what exactly
      a given change will affect, that in turn makes it easier to understand.
      
      This is quite some churn, especially because I split sdata->u.sta into
      sdata->u.mgd and sdata->u.ibss, but I think it's easier to maintain that
      way. I've also shuffled around some code -- null function sending is only
      applicable to managed interfaces so put that into that file, some other
      functions are needed from various places so put them into util, and also
      rearranged the prototypes in ieee80211_i.h accordingly.
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      46900298
    • J
      mac80211: fix aggregation for hardware with ampdu queues · 96f5e66e
      Johannes Berg 提交于
      Hardware with AMPDU queues currently has broken aggregation.
      
      This patch fixes it by making all A-MPDUs go over the regular AC queues,
      but keeping track of the hardware queues in mac80211. As a first rough
      version, it actually stops the AC queue for extended periods of time,
      which can be removed by adding buffering internal to mac80211, but is
      currently not a huge problem because people rarely use multiple TIDs
      that are in the same AC (and iwlwifi currently doesn't operate as AP).
      
      This is a short-term fix, my current medium-term plan, which I hope to
      execute soon as well, but am not sure can finish before .30, looks like
      this:
       1) rework the internal queuing layer in mac80211 that we use for
          fragments if the driver stopped queue in the middle of a fragmented
          frame to be able to queue more frames at once (rather than just a
          single frame with its fragments)
       2) instead of stopping the entire AC queue, queue up the frames in a
          per-station/per-TID queue during aggregation session initiation,
          when the session has come up take all those frames and put them
          onto the queue from 1)
       3) push the ampdu queue layer abstraction this patch introduces in
          mac80211 into the driver, and remove the virtual queue stuff from
          mac80211 again
      
      This plan will probably also affect ath9k in that mac80211 queues the
      frames instead of passing them down, even when there are no ampdu queues.
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      96f5e66e
  22. 14 2月, 2009 6 次提交
  23. 30 1月, 2009 2 次提交