1. 10 6月, 2015 1 次提交
  2. 29 5月, 2015 1 次提交
    • M
      cfg80211: ignore netif running state when changing iftype · 6cbfb1bb
      Michal Kazior 提交于
      It was possible for mac80211 to be coerced into an
      unexpected flow causing sdata union to become
      corrupted. Station pointer was put into
      sdata->u.vlan.sta memory location while it was
      really master AP's sdata->u.ap.next_beacon. This
      led to station entry being later freed as
      next_beacon before __sta_info_flush() in
      ieee80211_stop_ap() and a subsequent invalid
      pointer dereference crash.
      
      The problem was that ieee80211_ptr->use_4addr
      wasn't cleared on interface type changes.
      
      This could be reproduced with the following steps:
      
       # host A and host B have just booted; no
       # wpa_s/hostapd running; all vifs are down
       host A> iw wlan0 set type station
       host A> iw wlan0 set 4addr on
       host A> printf 'interface=wlan0\nssid=4addrcrash\nchannel=1\nwds_sta=1' > /tmp/hconf
       host A> hostapd -B /tmp/conf
       host B> iw wlan0 set 4addr on
       host B> ifconfig wlan0 up
       host B> iw wlan0 connect -w hostAssid
       host A> pkill hostapd
       # host A crashed:
      
       [  127.928192] BUG: unable to handle kernel NULL pointer dereference at 00000000000006c8
       [  127.929014] IP: [<ffffffff816f4f32>] __sta_info_flush+0xac/0x158
       ...
       [  127.934578]  [<ffffffff8170789e>] ieee80211_stop_ap+0x139/0x26c
       [  127.934578]  [<ffffffff8100498f>] ? dump_trace+0x279/0x28a
       [  127.934578]  [<ffffffff816dc661>] __cfg80211_stop_ap+0x84/0x191
       [  127.934578]  [<ffffffff816dc7ad>] cfg80211_stop_ap+0x3f/0x58
       [  127.934578]  [<ffffffff816c5ad6>] nl80211_stop_ap+0x1b/0x1d
       [  127.934578]  [<ffffffff815e53f8>] genl_family_rcv_msg+0x259/0x2b5
      
      Note: This isn't a revert of f8cdddb8
      ("cfg80211: check iface combinations only when
      iface is running") as far as functionality is
      considered because b6a55015 ("cfg80211/mac80211:
      move more combination checks to mac80211") moved
      the logic somewhere else already.
      
      Fixes: f8cdddb8 ("cfg80211: check iface combinations only when iface is running")
      Signed-off-by: NMichal Kazior <michal.kazior@tieto.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      6cbfb1bb
  3. 26 5月, 2015 1 次提交
  4. 20 5月, 2015 1 次提交
  5. 06 5月, 2015 2 次提交
  6. 24 4月, 2015 1 次提交
  7. 08 4月, 2015 1 次提交
  8. 07 4月, 2015 2 次提交
  9. 01 4月, 2015 3 次提交
  10. 30 3月, 2015 3 次提交
  11. 21 3月, 2015 1 次提交
  12. 17 3月, 2015 1 次提交
  13. 16 3月, 2015 1 次提交
    • J
      nl80211: ignore HT/VHT capabilities without QoS/WMM · 496fcc29
      Johannes Berg 提交于
      As HT/VHT depend heavily on QoS/WMM, it's not a good idea to
      let userspace add clients that have HT/VHT but not QoS/WMM.
      Since it does so in certain cases we've observed (client is
      using HT IEs but not QoS/WMM) just ignore the HT/VHT info at
      this point and don't pass it down to the drivers which might
      unconditionally use it.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      496fcc29
  14. 06 3月, 2015 3 次提交
    • I
      cfg80211: Schedule timeout for all CRDA calls · eeca9fce
      Ilan peer 提交于
      Timeout was scheduled only in case CRDA was called due to user hints,
      but was not scheduled for other cases. This can result in regulatory
      hint processing getting stuck in case that there is no CRDA configured.
      
      Change this by scheduling a timeout every time CRDA is called. In
      addition, in restore_regulatory_settings() all pending requests are
      restored (and not only the user ones).
      Signed-off-by: NIlan Peer <ilan.peer@intel.com>
      Acked-by: NLuis R. Rodriguez <mcgrof@suse.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      eeca9fce
    • I
      cfg80211: Add API to change the indoor regulatory setting · 05050753
      Ilan peer 提交于
      Previously, the indoor setting configuration assumed that as
      long as a station interface is connected, the indoor environment
      setting does not change. However, this assumption is problematic
      as:
      
      - It is possible that a station interface is connected to a mobile
        AP, e.g., softAP or a P2P GO, where it is possible that both the
        station and the mobile AP move out of the indoor environment making
        the indoor setting invalid. In such a case, user space has no way to
        invalidate the setting.
      - A station interface disconnection does not necessarily imply that
        the device is no longer operating in an indoor environment, e.g.,
        it is possible that the station interface is roaming but is still
        stays indoor.
      
      To handle the above, extend the indoor configuration API to allow
      user space to indicate a change of indoor settings, and allow it to
      indicate weather it controls the indoor setting, such that:
      
      1. If the user space process explicitly indicates that it is going
         to control the indoor setting, do not clear the indoor setting
         internally, unless the socket is released. The user space process
         should use the NL80211_ATTR_SOCKET_OWNER attribute in the command
         to state that it is going to control the indoor setting.
      2. Reset the indoor setting when restoring the regulatory settings in
         case it is not owned by a user space process.
      
      Based on the above, a user space tool that continuously monitors the
      indoor settings, i.e., tracking power setting, location etc., can
      indicate environment changes to the regulatory core.
      
      It should be noted that currently user space is the only provided mechanism
      used to hint to the regulatory core over the indoor/outdoor environment --
      while the country IEs do have an environment setting this has been completely
      ignored by the regulatory core by design for a while now since country IEs
      typically can contain bogus data.
      Acked-by: NLuis R. Rodriguez <mcgrof@suse.com>
      Signed-off-by: NArikX Nemtsov <arik@wizery.com>
      Signed-off-by: NIlan Peer <ilan.peer@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      05050753
    • I
      cfg80211: Simplify the handling of regulatory indoor setting · 0c4ddcd2
      Ilan peer 提交于
      Directly update the indoor setting without wrapping it as
      a regulatory request, to simplify the processing.
      Acked-by: NLuis R. Rodriguez <mcgrof@suse.com>
      Signed-off-by: NIlan Peer <ilan.peer@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      0c4ddcd2
  15. 04 3月, 2015 2 次提交
    • J
      nl80211: prohibit mixing 'any' and regular wowlan triggers · 98fc4386
      Johannes Berg 提交于
      If the device supports waking up on 'any' signal - i.e. it continues
      operating as usual and wakes up the host on pretty much anything that
      happens, then it makes no sense to also configure the more restricted
      WoWLAN mode where the device operates more autonomously but also in a
      more restricted fashion.
      
      Currently only cw2100 supports both 'any' and other triggers, but it
      seems to be broken as it doesn't configure anything to the device, so
      we can't currently get into a situation where both even can correctly
      be configured. This is about to change (Intel devices are going to
      support both and have different behaviour depending on configuration)
      so make sure the conflicting modes cannot be configured.
      
      (It seems that cw2100 advertises 'any' and 'disconnect' as a means of
      saying that's what it will always do, but that isn't really the way
      this API was meant to be used nor does it actually mean anything as
      'any' always implies 'disconnect' already, and the driver doesn't
      change device configuration in any way depending on the settings.)
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      98fc4386
    • J
      wireless: Use eth_<foo>_addr instead of memset · d2beae10
      Joe Perches 提交于
      Use the built-in function instead of memset.
      Signed-off-by: NJoe Perches <joe@perches.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d2beae10
  16. 03 3月, 2015 4 次提交
  17. 01 3月, 2015 3 次提交
    • J
      cfg80211-wext: return -E2BIG when buffer can't hold full BSS entry · 76a70e9c
      James Minor 提交于
      When using the wext compatibility code in cfg80211, part of the IEs
      can be truncated if the passed user buffer is large enough for part
      of the BSS but not large enough for all of the IEs.  This can cause
      an EAP network to show up as a PSK network.
      
      Always return -E2BIG in this case to avoid truncating data.
      
      Since this changes the control flow, use an on-stack variable for
      a small buffer instead of allocating it.
      Signed-off-by: NJames Minor <james.minor@ni.com>
      [rework patch to error out immediately, use _check wrappers]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      76a70e9c
    • M
      nl/mac80211: allow zero plink timeout to disable STA expiration · 31f909a2
      Masashi Honma 提交于
      Both wpa_supplicant and mac80211 have and inactivity timer. By default
      wpa_supplicant will be timed out in 5 minutes and mac80211's it is 30
      minutes. If wpa_supplicant uses a longer timer than mac80211, it will
      get unexpected disconnection by mac80211.
      
      Using 0xffffffff instead as the configured value could solve this w/o
      changing the code, but due to integer overflow in the expression used
      this doesn't work. The expression is:
      
      (current jiffies) > (frame Rx jiffies + NL80211_MESHCONF_PLINK_TIMEOUT * 250)
      
      On 32bit system, the right side would overflow and be a very small
      value if NL80211_MESHCONF_PLINK_TIMEOUT is sufficiently large,
      causing unexpectedly early disconnections.
      
      Instead allow disabling the inactivity timer to avoid this situation,
      by passing the (previously invalid and useless) value 0.
      Signed-off-by: NMasashi Honma <masashi.honma@gmail.com>
      [reword/rewrap commit log]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      31f909a2
    • J
      cfg80211-wext: export symbols only when needed · 2afe38d1
      Johannes Berg 提交于
      When a fully converted cfg80211 driver needs cfg80211-wext for
      userspace API purposes, the symbols need not be exported. When
      other drivers (orinoco/hermes or ipw2200) are enabled, they do
      need the symbols exported as they use them directly.
      
      Make those drivers select a new CFG80211_WEXT_EXPORT Kconfig
      symbol (instead of just CFG80211_WEXT) and export the functions
      only if requested - this saves about 1/2k due to the size of
      EXPORT_SYMBOL() itself.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      2afe38d1
  18. 24 2月, 2015 4 次提交
  19. 27 1月, 2015 2 次提交
  20. 23 1月, 2015 3 次提交
    • J
      nl80211: suppress smatch warnings · 13874e4b
      Johannes Berg 提交于
      smatch warns that we once checked request->ssids in two functions
      and then unconditionally used it later again.
      
      This is actually fine, because the code has a relationship between
      attrs[NL80211_ATTR_SCAN_SSIDS], n_ssids and request->ssids, but
      smatch isn't smart enough to realize that.
      
      Suppress the warnings by always checking just n_ssids - that way
      smatch won't know that request->ssids could be NULL, and since it
      is only NULL when n_ssids is 0 we still check everything correctly.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      13874e4b
    • J
      nl80211: fix per-station group key get/del and memory leak · 0fa7b391
      Johannes Berg 提交于
      In case userspace attempts to obtain key information for or delete a
      unicast key, this is currently erroneously rejected unless the driver
      sets the WIPHY_FLAG_IBSS_RSN flag. Apparently enough drivers do so it
      was never noticed.
      
      Fix that, and while at it fix a potential memory leak: the error path
      in the get_key() function was placed after allocating a message but
      didn't free it - move it to a better place. Luckily admin permissions
      are needed to call this operation.
      
      Cc: stable@vger.kernel.org
      Fixes: e31b8213 ("cfg80211/mac80211: allow per-station GTKs")
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      0fa7b391
    • F
      mac80211: correct header length calculation · fb142f4b
      Fred Chou 提交于
      HT Control field may also be present in management frames, as defined
      in 8.2.4.1.10 of 802.11-2012. Account for this in calculation of header
      length.
      Signed-off-by: NFred Chou <fred.chou.nd@gmail.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      fb142f4b
反馈
建议
客服 返回
顶部