1. 06 2月, 2014 2 次提交
    • J
      cfg80211: fix scan done race · a617302c
      Johannes Berg 提交于
      When an interface/wdev is removed, any ongoing scan should be
      cancelled by the driver. This will make it call cfg80211, which
      only queues a work struct. If interface/wdev removal is quick
      enough, this can leave the scan request pending and processed
      only after the interface is gone, causing a use-after-free.
      
      Fix this by making sure the scan request is not pending after
      the interface is destroyed. We can't flush or cancel the work
      item due to locking concerns, but when it'll run it shouldn't
      find anything to do. This leaves a potential issue, if a new
      scan gets requested before the work runs, it prematurely stops
      the running scan, potentially causing another crash. I'll fix
      that in the next patch.
      
      This was particularly observed with P2P_DEVICE wdevs, likely
      because freeing them is quicker than freeing netdevs.
      Reported-by: NAndrei Otcheretianski <andrei.otcheretianski@intel.com>
      Fixes: 4a58e7c3 ("cfg80211: don't "leak" uncompleted scans")
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      a617302c
    • J
      cfg80211: re-enable 5/10 MHz support · 5a6aa705
      Johannes Berg 提交于
      Unfortunately I forgot this during the merge window, but the
      patch seems small enough to go in as a fix. The userspace API
      bug that was the reason for disabling it has long been fixed.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      5a6aa705
  2. 06 12月, 2013 2 次提交
    • E
      cfg80211: don't "leak" uncompleted scans · 4a58e7c3
      Eliad Peller 提交于
      ___cfg80211_scan_done() can be called in some cases
      (e.g. on NETDEV_DOWN) before the low level driver
      notified scan completion (which is indicated by
      passing leak=true).
      
      Clearing rdev->scan_req in this case is buggy, as
      scan_done_wk might have already being queued/running
      (and can't be flushed as it takes rtnl()).
      
      If a new scan will be requested at this stage, the
      scan_done_wk will try freeing it (instead of the
      previous scan), and this will later result in
      a use after free.
      
      Simply remove the "leak" option, and replace it with
      a standard WARN_ON.
      
      An example backtrace after such crash:
      Unable to handle kernel paging request at virtual address fffffee5
      pgd = c0004000
      [fffffee5] *pgd=9fdf6821, *pte=00000000, *ppte=00000000
      Internal error: Oops: 17 [#1] SMP ARM
      PC is at cfg80211_scan_done+0x28/0xc4 [cfg80211]
      LR is at __ieee80211_scan_completed+0xe4/0x2dc [mac80211]
      [<bf0077b0>] (cfg80211_scan_done+0x28/0xc4 [cfg80211])
      [<bf0973d4>] (__ieee80211_scan_completed+0xe4/0x2dc [mac80211])
      [<bf0982cc>] (ieee80211_scan_work+0x94/0x4f0 [mac80211])
      [<c005fd10>] (process_one_work+0x1b0/0x4a8)
      [<c0060404>] (worker_thread+0x138/0x37c)
      [<c0066d70>] (kthread+0xa4/0xb0)
      Signed-off-by: NEliad Peller <eliad@wizery.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      4a58e7c3
    • B
      cfg80211: stop sched scan only when needed · 24d584d7
      Barak Bercovitz 提交于
      cfg80211_leave stops sched scan when any station vif
      is leaving. Add an explicit check and call it only
      when the relevant vif (the one we scan on) is leaving.
      Signed-off-by: NBarak Bercovitz <barak@wizery.com>
      [Eliad - changed the commit message a bit]
      Signed-off-by: NEliad Peller <eliad@wizery.com>
      [Johannes - add ASSERT_RTNL since that protects the pointer]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      24d584d7
  3. 02 12月, 2013 1 次提交
  4. 26 11月, 2013 2 次提交
    • L
      cfg80211: move regulatory flags to their own variable · a2f73b6c
      Luis R. Rodriguez 提交于
      We'll expand this later, this will make it easier to
      classify and review what things are related to regulatory
      or not.
      
      Coccinelle only missed 4 hits, which I had to do manually,
      supplying the SmPL in case of merge conflicts.
      
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags |= WIPHY_FLAG_CUSTOM_REGULATORY
      +wiphy->regulatory_flags |= REGULATORY_CUSTOM_REG
      @@
      expression e;
      @@
      -e->flags |= WIPHY_FLAG_CUSTOM_REGULATORY
      +e->regulatory_flags |= REGULATORY_CUSTOM_REG
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags &= ~WIPHY_FLAG_CUSTOM_REGULATORY
      +wiphy->regulatory_flags &= ~REGULATORY_CUSTOM_REG
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags & WIPHY_FLAG_CUSTOM_REGULATORY
      +wiphy->regulatory_flags & REGULATORY_CUSTOM_REG
      
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags |= WIPHY_FLAG_STRICT_REGULATORY
      +wiphy->regulatory_flags |= REGULATORY_STRICT_REG
      @@
      expression e;
      @@
      -e->flags |= WIPHY_FLAG_STRICT_REGULATORY
      +e->regulatory_flags |= REGULATORY_STRICT_REG
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags &= ~WIPHY_FLAG_STRICT_REGULATORY
      +wiphy->regulatory_flags &= ~REGULATORY_STRICT_REG
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags & WIPHY_FLAG_STRICT_REGULATORY
      +wiphy->regulatory_flags & REGULATORY_STRICT_REG
      
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags |= WIPHY_FLAG_DISABLE_BEACON_HINTS
      +wiphy->regulatory_flags |= REGULATORY_DISABLE_BEACON_HINTS
      @@
      expression e;
      @@
      -e->flags |= WIPHY_FLAG_DISABLE_BEACON_HINTS
      +e->regulatory_flags |= REGULATORY_DISABLE_BEACON_HINTS
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags &= ~WIPHY_FLAG_DISABLE_BEACON_HINTS
      +wiphy->regulatory_flags &= ~REGULATORY_DISABLE_BEACON_HINTS
      @@
      struct wiphy *wiphy;
      @@
      -wiphy->flags & WIPHY_FLAG_DISABLE_BEACON_HINTS
      +wiphy->regulatory_flags & REGULATORY_DISABLE_BEACON_HINTS
      
      Generated-by: Coccinelle SmPL
      Cc: Julia Lawall <julia.lawall@lip6.fr>
      Cc: Peter Senna Tschudin <peter.senna@gmail.com>
      Cc: Mihir Shete <smihir@qti.qualcomm.com>
      Cc: Henri Bahini <hbahini@qca.qualcomm.com>
      Cc: Tushnim Bhattacharyya <tushnimb@qca.qualcomm.com>
      Signed-off-by: NLuis R. Rodriguez <mcgrof@do-not-panic.com>
      [fix up whitespace damage, overly long lines]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      a2f73b6c
    • J
      cfg80211: don't allow drivers to unset NL80211_FEATURE_SCAN_FLUSH · 00c3a6ed
      Johannes Berg 提交于
      As the flag is entirely implemented in cfg80211, it should
      have been a global feature flag (which I believe didn't
      exist at the time). However, there's no reason to allow
      drivers to unset the flag, so don't allow it and remove
      the validation of NL80211_SCAN_FLAG_FLUSH.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      00c3a6ed
  5. 25 11月, 2013 1 次提交
    • J
      cfg80211: disable 5/10 MHz support for all drivers · 9f16d84a
      Johannes Berg 提交于
      Due to nl80211 API breakage, 5/10 MHz support is broken for
      all drivers. Fixing it requires adding new API, but that
      can't be done as a bugfix commit since that would require
      either updating all APIs in the trees needing the bugfix or
      cause different kernels to have incompatible API.
      
      Therefore, just disable 5/10 MHz support for all drivers.
      
      Cc: stable@vger.kernel.org [3.12]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      9f16d84a
  6. 10 10月, 2013 1 次提交
  7. 27 9月, 2013 1 次提交
  8. 01 8月, 2013 1 次提交
  9. 16 7月, 2013 1 次提交
    • A
      cfg80211/nl80211: Add packet coalesce support · be29b99a
      Amitkumar Karwar 提交于
      In most cases, host that receives IPv4 and IPv6 multicast/broadcast
      packets does not do anything with these packets. Therefore the
      reception of these unwanted packets causes unnecessary processing
      and power consumption.
      
      Packet coalesce feature helps to reduce number of received
      interrupts to host by buffering these packets in firmware/hardware
      for some predefined time. Received interrupt will be generated when
      one of the following events occur.
      a) Expiration of hardware timer whose expiration time is set to
      maximum coalescing delay of matching coalesce rule.
      b) Coalescing buffer in hardware reaches it's limit.
      c) Packet doesn't match any of the configured coalesce rules.
      
      This patch adds set/get configuration support for packet coalesce.
      User needs to configure following parameters for creating a coalesce
      rule.
      a) Maximum coalescing delay
      b) List of packet patterns which needs to be matched
      c) Condition for coalescence. pattern 'match' or 'no match'
      Multiple such rules can be created.
      
      This feature needs to be advertised during driver initialization.
      Drivers are supposed to do required firmware/hardware settings based
      on user configuration.
      Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
      Signed-off-by: NBing Zhao <bzhao@marvell.com>
      [fix kernel-doc, change free function, fix copy/paste error]
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      be29b99a
  10. 24 6月, 2013 1 次提交
  11. 05 6月, 2013 2 次提交
    • J
      cfg80211: make wiphy index start at 0 again · 9b881963
      Johannes Berg 提交于
      The change to use atomic_inc_return() for assigning the wiphy
      index made the first wiphy index 1 instead of 0. This is fine,
      but we all habitually type "phy0" when we're testing, so make
      it go back to 0 instead of 1 by subtracting 1 from the index.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      9b881963
    • J
      cfg80211: fix potential deadlock regression · 256c90de
      Johannes Berg 提交于
      My big locking cleanups caused a problem by registering the
      rfkill instance with the RTNL held, while the callback also
      acquires the RTNL. This potentially causes a deadlock since
      the two locks used (rfkill mutex and RTNL) can be acquired
      in two different orders. Fix this by (un)registering rfkill
      without holding the RTNL. This needs to be done after the
      device struct is registered, but that can also be done w/o
      holding the RTNL.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      256c90de
  12. 04 6月, 2013 2 次提交
    • J
      cfg80211: separate internal SME implementation · ceca7b71
      Johannes Berg 提交于
      The current internal SME implementation in cfg80211 is
      very mixed up with the MLME handling, which has been
      causing issues for a long time. There are three things
      that the implementation has to provide:
       * a basic SME implementation for nl80211's connect()
         call (for drivers implementing auth/assoc, which is
         really just mac80211) and wireless extensions
       * MLME events for the userspace SME
       * SME events (connected, disconnected etc.) for all
         different SME implementation possibilities (driver,
         cfg80211 and userspace)
      
      To achieve these goals it isn't necessary to track the
      software SME's connection status outside of it's state
      (which is the part that caused many issues.) Instead,
      track it only in the SME data (wdev->conn) and in the
      general case only track whether the wdev is connected
      or not (via wdev->current_bss.)
      
      Also separate the internal implementation to not have
      callbacks from the SME events, but rather call it from
      the API functions that the driver (or rather mac80211)
      calls. This separates the code better.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      ceca7b71
    • J
      cfg80211: take WoWLAN support information out of wiphy struct · 964dc9e2
      Johannes Berg 提交于
      There's no need to take up the space for devices that don't
      support WoWLAN, and most drivers can even make the support
      data static const (except where it's modified at runtime.)
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      964dc9e2
  13. 29 5月, 2013 1 次提交
  14. 27 5月, 2013 1 次提交
  15. 25 5月, 2013 5 次提交
  16. 17 5月, 2013 3 次提交
  17. 24 3月, 2013 1 次提交
    • J
      cfg80211: always check for scan end on P2P device · f9f47529
      Johannes Berg 提交于
      If a P2P device wdev is removed while it has a scan, then the
      scan completion might crash later as it is already freed by
      that time. To avoid the crash always check the scan completion
      when the P2P device is being removed for some reason. If the
      driver already canceled it, don't want and free it, otherwise
      warn and leak it to avoid later crashes.
      
      In order to do this, locking needs to be changed away from the
      rdev mutex (which can't always be guaranteed). For now, use
      the sched_scan_mtx instead, I'll rename it to just scan_mtx in
      a later patch.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      f9f47529
  18. 20 3月, 2013 1 次提交
  19. 06 3月, 2013 1 次提交
    • S
      cfg80211/mac80211: disconnect on suspend · 81256969
      Stanislaw Gruszka 提交于
      If possible that after suspend, cfg80211 will receive request to
      disconnect what require action on interface that was removed during
      suspend.
      
      Problem can manifest itself by various warnings similar to below one:
      
      WARNING: at net/mac80211/driver-ops.h:12 ieee80211_bss_info_change_notify+0x2f9/0x300 [mac80211]()
      wlan0:  Failed check-sdata-in-driver check, flags: 0x4
      Call Trace:
       [<c043e0b3>] warn_slowpath_fmt+0x33/0x40
       [<f83707c9>] ieee80211_bss_info_change_notify+0x2f9/0x300 [mac80211]
       [<f83a660a>] ieee80211_recalc_ps_vif+0x2a/0x30 [mac80211]
       [<f83a6706>] ieee80211_set_disassoc+0xf6/0x500 [mac80211]
       [<f83a9441>] ieee80211_mgd_deauth+0x1f1/0x280 [mac80211]
       [<f8381b36>] ieee80211_deauth+0x16/0x20 [mac80211]
       [<f8261e70>] cfg80211_mlme_down+0x70/0xc0 [cfg80211]
       [<f8264de1>] __cfg80211_disconnect+0x1b1/0x1d0 [cfg80211]
      
      To fix the problem disconnect from any associated network before
      suspend. User space is responsible to establish connection again
      after resume. This basically need to be done by user space anyway,
      because associated stations can go away during suspend (for example
      NetworkManager disconnects on suspend and connect on resume by default).
      
      Patch also handle situation when driver refuse to suspend with wowlan
      configured and try to suspend again without it.
      Signed-off-by: NStanislaw Gruszka <sgruszka@redhat.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      81256969
  20. 27 2月, 2013 1 次提交
  21. 15 2月, 2013 2 次提交
  22. 12 2月, 2013 1 次提交
  23. 26 1月, 2013 1 次提交
  24. 17 1月, 2013 1 次提交
  25. 12 1月, 2013 1 次提交
  26. 03 1月, 2013 1 次提交
  27. 05 11月, 2012 1 次提交
  28. 24 10月, 2012 1 次提交