1. 06 9月, 2019 2 次提交
  2. 16 8月, 2019 2 次提交
  3. 14 7月, 2019 4 次提交
    • N
      mac80211: do not start any work during reconfigure flow · ba0afe52
      Naftali Goldstein 提交于
      [ Upstream commit f8891461a277ec0afc493fd30cd975a38048a038 ]
      
      It is not a good idea to try to perform any work (e.g. send an auth
      frame) during reconfigure flow.
      
      Prevent this from happening, and at the end of the reconfigure flow
      requeue all the works.
      Signed-off-by: NNaftali Goldstein <naftali.goldstein@intel.com>
      Signed-off-by: NLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      ba0afe52
    • Y
      mac80211: only warn once on chanctx_conf being NULL · de8cf2c0
      Yibo Zhao 提交于
      [ Upstream commit 563572340173865a9a356e6bb02579e6998a876d ]
      
      In multiple SSID cases, it takes time to prepare every AP interface
      to be ready in initializing phase. If a sta already knows everything it
      needs to join one of the APs and sends authentication to the AP which
      is not fully prepared at this point of time, AP's channel context
      could be NULL. As a result, warning message occurs.
      
      Even worse, if the AP is under attack via tools such as MDK3 and massive
      authentication requests are received in a very short time, console will
      be hung due to kernel warning messages.
      
      WARN_ON_ONCE() could be a better way for indicating warning messages
      without duplicate messages to flood the console.
      
      Johannes: We still need to address the underlying problem, but we
                don't really have a good handle on it yet. Suppress the
                worst side-effects for now.
      Signed-off-by: NZhi Chen <zhichen@codeaurora.org>
      Signed-off-by: NYibo Zhao <yiboz@codeaurora.org>
      [johannes: add note, change subject]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      de8cf2c0
    • P
      mac80211: free peer keys before vif down in mesh · b8588a09
      Pradeep Kumar Chitrapu 提交于
      [ Upstream commit 0112fa557c3bb3a002bc85760dc3761d737264d3 ]
      
      freeing peer keys after vif down is resulting in peer key uninstall
      to fail due to interface lookup failure. so fix that.
      Signed-off-by: NPradeep Kumar Chitrapu <pradeepc@codeaurora.org>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      b8588a09
    • T
      mac80211: mesh: fix RCU warning · acc42e5c
      Thomas Pedersen 提交于
      [ Upstream commit 551842446ed695641a00782cd118cbb064a416a1 ]
      
      ifmsh->csa is an RCU-protected pointer. The writer context
      in ieee80211_mesh_finish_csa() is already mutually
      exclusive with wdev->sdata.mtx, but the RCU checker did
      not know this. Use rcu_dereference_protected() to avoid a
      warning.
      
      fixes the following warning:
      
      [   12.519089] =============================
      [   12.520042] WARNING: suspicious RCU usage
      [   12.520652] 5.1.0-rc7-wt+ #16 Tainted: G        W
      [   12.521409] -----------------------------
      [   12.521972] net/mac80211/mesh.c:1223 suspicious rcu_dereference_check() usage!
      [   12.522928] other info that might help us debug this:
      [   12.523984] rcu_scheduler_active = 2, debug_locks = 1
      [   12.524855] 5 locks held by kworker/u8:2/152:
      [   12.525438]  #0: 00000000057be08c ((wq_completion)phy0){+.+.}, at: process_one_work+0x1a2/0x620
      [   12.526607]  #1: 0000000059c6b07a ((work_completion)(&sdata->csa_finalize_work)){+.+.}, at: process_one_work+0x1a2/0x620
      [   12.528001]  #2: 00000000f184ba7d (&wdev->mtx){+.+.}, at: ieee80211_csa_finalize_work+0x2f/0x90
      [   12.529116]  #3: 00000000831a1f54 (&local->mtx){+.+.}, at: ieee80211_csa_finalize_work+0x47/0x90
      [   12.530233]  #4: 00000000fd06f988 (&local->chanctx_mtx){+.+.}, at: ieee80211_csa_finalize_work+0x51/0x90
      Signed-off-by: NThomas Pedersen <thomas@eero.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      acc42e5c
  4. 10 7月, 2019 1 次提交
  5. 25 6月, 2019 4 次提交
    • J
      mac80211: Do not use stack memory with scatterlist for GMAC · d451b505
      Jouni Malinen 提交于
      commit a71fd9dac23613d96ba3c05619a8ef4fd6cdf9b9 upstream.
      
      ieee80211_aes_gmac() uses the mic argument directly in sg_set_buf() and
      that does not allow use of stack memory (e.g., BUG_ON() is hit in
      sg_set_buf() with CONFIG_DEBUG_SG). BIP GMAC TX side is fine for this
      since it can use the skb data buffer, but the RX side was using a stack
      variable for deriving the local MIC value to compare against the
      received one.
      
      Fix this by allocating heap memory for the mic buffer.
      
      This was found with hwsim test case ap_cipher_bip_gmac_128 hitting that
      BUG_ON() and kernel panic.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NJouni Malinen <j@w1.fi>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d451b505
    • Y
      mac80211: handle deauthentication/disassociation from TDLS peer · 1e1007ac
      Yu Wang 提交于
      commit 79c92ca42b5a3e0ea172ea2ce8df8e125af237da upstream.
      
      When receiving a deauthentication/disassociation frame from a TDLS
      peer, a station should not disconnect the current AP, but only
      disable the current TDLS link if it's enabled.
      
      Without this change, a TDLS issue can be reproduced by following the
      steps as below:
      
      1. STA-1 and STA-2 are connected to AP, bidirection traffic is running
         between STA-1 and STA-2.
      2. Set up TDLS link between STA-1 and STA-2, stay for a while, then
         teardown TDLS link.
      3. Repeat step #2 and monitor the connection between STA and AP.
      
      During the test, one STA may send a deauthentication/disassociation
      frame to another, after TDLS teardown, with reason code 6/7, which
      means: Class 2/3 frame received from nonassociated STA.
      
      On receive this frame, the receiver STA will disconnect the current
      AP and then reconnect. It's not a expected behavior, purpose of this
      frame should be disabling the TDLS link, not the link with AP.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NYu Wang <yyuwang@codeaurora.org>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      1e1007ac
    • M
      {nl,mac}80211: allow 4addr AP operation on crypto controlled devices · ccf6a155
      Manikanta Pubbisetty 提交于
      commit 33d915d9e8ce811d8958915ccd18d71a66c7c495 upstream.
      
      As per the current design, in the case of sw crypto controlled devices,
      it is the device which advertises the support for AP/VLAN iftype based
      on it's ability to tranmsit packets encrypted in software
      (In VLAN functionality, group traffic generated for a specific
      VLAN group is always encrypted in software). Commit db3bdcb9
      ("mac80211: allow AP_VLAN operation on crypto controlled devices")
      has introduced this change.
      
      Since 4addr AP operation also uses AP/VLAN iftype, this conditional
      way of advertising AP/VLAN support has broken 4addr AP mode operation on
      crypto controlled devices which do not support VLAN functionality.
      
      In the case of ath10k driver, not all firmwares have support for VLAN
      functionality but all can support 4addr AP operation. Because AP/VLAN
      support is not advertised for these devices, 4addr AP operations are
      also blocked.
      
      Fix this by allowing 4addr operation on devices which do not support
      AP/VLAN iftype but can support 4addr AP operation (decision is based on
      the wiphy flag WIPHY_FLAG_4ADDR_AP).
      
      Cc: stable@vger.kernel.org
      Fixes: db3bdcb9 ("mac80211: allow AP_VLAN operation on crypto controlled devices")
      Signed-off-by: NManikanta Pubbisetty <mpubbise@codeaurora.org>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ccf6a155
    • J
      mac80211: drop robust management frames from unknown TA · 0e879ef1
      Johannes Berg 提交于
      commit 588f7d39b3592a36fb7702ae3b8bdd9be4621e2f upstream.
      
      When receiving a robust management frame, drop it if we don't have
      rx->sta since then we don't have a security association and thus
      couldn't possibly validate the frame.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0e879ef1
  6. 31 5月, 2019 1 次提交
    • S
      mac80211/cfg80211: update bss channel on channel switch · ca5b9d63
      Sergey Matyukevich 提交于
      [ Upstream commit 5dc8cdce1d722c733f8c7af14c5fb595cfedbfa8 ]
      
      FullMAC STAs have no way to update bss channel after CSA channel switch
      completion. As a result, user-space tools may provide inconsistent
      channel info. For instance, consider the following two commands:
      $ sudo iw dev wlan0 link
      $ sudo iw dev wlan0 info
      The latter command gets channel info from the hardware, so most probably
      its output will be correct. However the former command gets channel info
      from scan cache, so its output will contain outdated channel info.
      In fact, current bss channel info will not be updated until the
      next [re-]connect.
      
      Note that mac80211 STAs have a workaround for this, but it requires
      access to internal cfg80211 data, see ieee80211_chswitch_work:
      
      	/* XXX: shouldn't really modify cfg80211-owned data! */
      	ifmgd->associated->channel = sdata->csa_chandef.chan;
      
      This patch suggests to convert mac80211 workaround into cfg80211 behavior
      and to update current bss channel in cfg80211_ch_switch_notify.
      Signed-off-by: NSergey Matyukevich <sergey.matyukevich.os@quantenna.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      ca5b9d63
  7. 26 5月, 2019 1 次提交
  8. 17 5月, 2019 3 次提交
  9. 08 5月, 2019 2 次提交
  10. 27 4月, 2019 1 次提交
    • F
      mac80211: do not call driver wake_tx_queue op during reconfig · 39cad03c
      Felix Fietkau 提交于
      commit 4856bfd230985e43e84c26473c91028ff0a533bd upstream.
      
      There are several scenarios in which mac80211 can call drv_wake_tx_queue
      after ieee80211_restart_hw has been called and has not yet completed.
      Driver private structs are considered uninitialized until mac80211 has
      uploaded the vifs, stations and keys again, so using private tx queue
      data during that time is not safe.
      
      The driver can also not rely on drv_reconfig_complete to figure out when
      it is safe to accept drv_wake_tx_queue calls again, because it is only
      called after all tx queues are woken again.
      
      To fix this, bail out early in drv_wake_tx_queue if local->in_reconfig
      is set.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NFelix Fietkau <nbd@nbd.name>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      39cad03c
  11. 24 3月, 2019 2 次提交
  12. 06 3月, 2019 4 次提交
    • M
      mac80211: Add attribute aligned(2) to struct 'action' · 7a27cb60
      Mathieu Malaterre 提交于
      [ Upstream commit 7c53eb5d87bc21464da4268c3c0c47457b6d9c9b ]
      
      During refactor in commit 9e478066 ("mac80211: fix MU-MIMO
      follow-MAC mode") a new struct 'action' was declared with packed
      attribute as:
      
        struct {
                struct ieee80211_hdr_3addr hdr;
                u8 category;
                u8 action_code;
        } __packed action;
      
      But since struct 'ieee80211_hdr_3addr' is declared with an aligned
      keyword as:
      
        struct ieee80211_hdr {
        	__le16 frame_control;
        	__le16 duration_id;
        	u8 addr1[ETH_ALEN];
        	u8 addr2[ETH_ALEN];
        	u8 addr3[ETH_ALEN];
        	__le16 seq_ctrl;
        	u8 addr4[ETH_ALEN];
        } __packed __aligned(2);
      
      Solve the ambiguity of placing aligned structure in a packed one by
      adding the aligned(2) attribute to struct 'action'.
      
      This removes the following warning (W=1):
      
        net/mac80211/rx.c:234:2: warning: alignment 1 of 'struct <anonymous>' is less than 2 [-Wpacked-not-aligned]
      
      Cc: Johannes Berg <johannes.berg@intel.com>
      Suggested-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NMathieu Malaterre <malat@debian.org>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      7a27cb60
    • B
      mac80211: don't initiate TDLS connection if station is not associated to AP · 0a7c9282
      Balaji Pothunoori 提交于
      [ Upstream commit 7ed5285396c257fd4070b1e29e7b2341aae2a1ce ]
      
      Following call trace is observed while adding TDLS peer entry in driver
      during TDLS setup.
      
      Call Trace:
      [<c1301476>] dump_stack+0x47/0x61
      [<c10537d2>] __warn+0xe2/0x100
      [<fa22415f>] ? sta_apply_parameters+0x49f/0x550 [mac80211]
      [<c1053895>] warn_slowpath_null+0x25/0x30
      [<fa22415f>] sta_apply_parameters+0x49f/0x550 [mac80211]
      [<fa20ad42>] ? sta_info_alloc+0x1c2/0x450 [mac80211]
      [<fa224623>] ieee80211_add_station+0xe3/0x160 [mac80211]
      [<c1876fe3>] nl80211_new_station+0x273/0x420
      [<c170f6d9>] genl_rcv_msg+0x219/0x3c0
      [<c170f4c0>] ? genl_rcv+0x30/0x30
      [<c170ee7e>] netlink_rcv_skb+0x8e/0xb0
      [<c170f4ac>] genl_rcv+0x1c/0x30
      [<c170e8aa>] netlink_unicast+0x13a/0x1d0
      [<c170ec18>] netlink_sendmsg+0x2d8/0x390
      [<c16c5acd>] sock_sendmsg+0x2d/0x40
      [<c16c6369>] ___sys_sendmsg+0x1d9/0x1e0
      
      Fixing this by allowing TDLS setup request only when we have completed
      association.
      Signed-off-by: NBalaji Pothunoori <bpothuno@codeaurora.org>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      0a7c9282
    • B
      mac80211: fix miscounting of ttl-dropped frames · a2887f6f
      Bob Copeland 提交于
      [ Upstream commit a0dc02039a2ee54fb4ae400e0b755ed30e73e58c ]
      
      In ieee80211_rx_h_mesh_fwding, we increment the 'dropped_frames_ttl'
      counter when we decrement the ttl to zero.  For unicast frames
      destined for other hosts, we stop processing the frame at that point.
      
      For multicast frames, we do not rebroadcast it in this case, but we
      do pass the frame up the stack to process it on this STA.  That
      doesn't match the usual definition of "dropped," so don't count
      those as such.
      
      With this change, something like `ping6 -i0.2 ff02::1%mesh0` from a
      peer in a ttl=1 network no longer increments the counter rapidly.
      Signed-off-by: NBob Copeland <bobcopeland@fb.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a2887f6f
    • T
      mac80211: Change default tx_sk_pacing_shift to 7 · a7c6cf3b
      Toke Høiland-Jørgensen 提交于
      commit 5c14a4d05f68415af9e41a4e667d1748d41d1baf upstream.
      
      When we did the original tests for the optimal value of sk_pacing_shift, we
      came up with 6 ms of buffering as the default. Sadly, 6 is not a power of
      two, so when picking the shift value I erred on the size of less buffering
      and picked 4 ms instead of 8. This was probably wrong; those 2 ms of extra
      buffering makes a larger difference than I thought.
      
      So, change the default pacing shift to 7, which corresponds to 8 ms of
      buffering. The point of diminishing returns really kicks in after 8 ms, and
      so having this as a default should cut down on the need for extensive
      per-device testing and overrides needed in the drivers.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NToke Høiland-Jørgensen <toke@redhat.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      
      a7c6cf3b
  13. 27 2月, 2019 4 次提交
    • F
      mac80211: allocate tailroom for forwarded mesh packets · 6bab27b6
      Felix Fietkau 提交于
      commit 51d0af222f6fa43134c6187ab4f374630f6e0d96 upstream.
      
      Forwarded packets enter the tx path through ieee80211_add_pending_skb,
      which skips the ieee80211_skb_resize call.
      Fixes WARN_ON in ccmp_encrypt_skb and resulting packet loss.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NFelix Fietkau <nbd@nbd.name>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6bab27b6
    • H
      mac80211: Free mpath object when rhashtable insertion fails · a35b1861
      Herbert Xu 提交于
      commit 4ff3a9d14c6c06eaa4e5976c61599ea2bd9e81b2 upstream.
      
      When rhashtable insertion fails the mesh table code doesn't free
      the now-orphan mesh path object.  This patch fixes that.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a35b1861
    • H
      mac80211: Use linked list instead of rhashtable walk for mesh tables · 007719ca
      Herbert Xu 提交于
      commit b4c3fbe6360178dc2181b7b43b7ae793a192b282 upstream.
      
      The mesh table code walks over hash tables for two purposes.  First of
      all it's used as part of a netlink dump process, but it is also used
      for looking up entries to delete using criteria other than the hash
      key.
      
      The second purpose is directly contrary to the design specification
      of rhashtable walks.  It is only meant for use by netlink dumps.
      
      This is because rhashtable is resizable and you cannot obtain a
      stable walk over it during a resize process.
      
      In fact mesh's use of rhashtable for dumping is bogus too.  Rather
      than using rhashtable walk's iterator to keep track of the current
      position, it always converts the current position to an integer
      which defeats the purpose of the iterator.
      
      Therefore this patch converts all uses of rhashtable walk into a
      simple linked list.
      
      This patch also adds a new spin lock to protect the hash table
      insertion/removal as well as the walk list modifications.  In fact
      the previous code was buggy as the removals can race with each
      other, potentially resulting in a double-free.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      007719ca
    • R
      mac80211: Restore vif beacon interval if start ap fails · af900ac6
      Rakesh Pillai 提交于
      commit 83e37e0bdd1470bbe6612250b745ad39b1a7b130 upstream.
      
      The starting of AP interface can fail due to invalid
      beacon interval, which does not match the minimum gcd
      requirement set by the wifi driver. In such case, the
      beacon interval of that interface gets updated with
      that invalid beacon interval.
      
      The next time that interface is brought up in AP mode,
      an interface combination check is performed and the
      beacon interval is taken from the previously set value.
      
      In a case where an invalid beacon interval, i.e. a beacon
      interval value which does not satisfy the minimum gcd criteria
      set by the driver, is set, all the subsequent trials to
      bring that interface in AP mode will fail, even if the
      subsequent trials have a valid beacon interval.
      
      To avoid this, in case of a failure in bringing up an
      interface in AP mode due to interface combination error,
      the interface beacon interval which is stored in bss
      conf, needs to be restored with the last working value
      of beacon interval.
      
      Tested on ath10k using WCN3990.
      
      Cc: stable@vger.kernel.org
      Fixes: 0c317a02 ("cfg80211: support virtual interfaces with different beacon intervals")
      Signed-off-by: NRakesh Pillai <pillair@codeaurora.org>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      af900ac6
  14. 15 2月, 2019 1 次提交
  15. 13 2月, 2019 1 次提交
  16. 13 1月, 2019 2 次提交
  17. 13 12月, 2018 5 次提交