Skip to content

K
Kernel

openeuler / Kernel
1 年多 前同步成功

通知 8
Star 0
Fork 0
K
Kernel
切换分支/标签
  1. 05 3月, 2016 1 次提交
  3. 24 2月, 2016 5 次提交
  5. 04 12月, 2015 2 次提交
  7. 29 5月, 2015 1 次提交
    • M
      cfg80211: ignore netif running state when changing iftype · 6cbfb1bb
      Michal Kazior 提交于 
      It was possible for mac80211 to be coerced into an
unexpected flow causing sdata union to become
corrupted. Station pointer was put into
sdata->u.vlan.sta memory location while it was
really master AP's sdata->u.ap.next_beacon. This
led to station entry being later freed as
next_beacon before __sta_info_flush() in
ieee80211_stop_ap() and a subsequent invalid
pointer dereference crash.

The problem was that ieee80211_ptr->use_4addr
wasn't cleared on interface type changes.

This could be reproduced with the following steps:

 # host A and host B have just booted; no
 # wpa_s/hostapd running; all vifs are down
 host A> iw wlan0 set type station
 host A> iw wlan0 set 4addr on
 host A> printf 'interface=wlan0\nssid=4addrcrash\nchannel=1\nwds_sta=1' > /tmp/hconf
 host A> hostapd -B /tmp/conf
 host B> iw wlan0 set 4addr on
 host B> ifconfig wlan0 up
 host B> iw wlan0 connect -w hostAssid
 host A> pkill hostapd
 # host A crashed:

 [  127.928192] BUG: unable to handle kernel NULL pointer dereference at 00000000000006c8
 [  127.929014] IP: [<ffffffff816f4f32>] __sta_info_flush+0xac/0x158
 ...
 [  127.934578]  [<ffffffff8170789e>] ieee80211_stop_ap+0x139/0x26c
 [  127.934578]  [<ffffffff8100498f>] ? dump_trace+0x279/0x28a
 [  127.934578]  [<ffffffff816dc661>] __cfg80211_stop_ap+0x84/0x191
 [  127.934578]  [<ffffffff816dc7ad>] cfg80211_stop_ap+0x3f/0x58
 [  127.934578]  [<ffffffff816c5ad6>] nl80211_stop_ap+0x1b/0x1d
 [  127.934578]  [<ffffffff815e53f8>] genl_family_rcv_msg+0x259/0x2b5

Note: This isn't a revert of f8cdddb8
("cfg80211: check iface combinations only when
iface is running") as far as functionality is
considered because b6a55015 ("cfg80211/mac80211:
move more combination checks to mac80211") moved
the logic somewhere else already.

Fixes: f8cdddb8 ("cfg80211: check iface combinations only when iface is running")
Signed-off-by: NMichal Kazior <michal.kazior@tieto.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      6cbfb1bb
  9. 26 5月, 2015 1 次提交
  11. 07 4月, 2015 1 次提交
  13. 30 3月, 2015 1 次提交
  15. 03 3月, 2015 1 次提交
  17. 27 1月, 2015 2 次提交
  19. 23 1月, 2015 1 次提交
  21. 16 1月, 2015 1 次提交
    • J
      cfg80211: change bandwidth reporting to explicit field · b51f3bee
      Johannes Berg 提交于 
      For some reason, we made the bandwidth separate flags, which
is rather confusing - a single rate cannot have different
bandwidths at the same time.

Change this to no longer be flags but use a separate field
for the bandwidth ('bw') instead.

While at it, add support for 5 and 10 MHz rates - these are
reported as regular legacy rates with their real bitrate,
but tagged as 5/10 now to make it easier to distinguish them.

In the nl80211 API, the flags are preserved, but the code
now can also clearly only set a single one of the flags.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      b51f3bee
  23. 15 1月, 2015 1 次提交
  25. 14 1月, 2015 1 次提交
  27. 04 11月, 2014 1 次提交
    • R
      cfg80211: 802.11p OCB mode handling · 6e0bd6c3
      Rostislav Lisovy 提交于 
      This patch adds new iface type (NL80211_IFTYPE_OCB) representing
the OCB (Outside the Context of a BSS) mode.
When establishing a connection to the network a cfg80211_join_ocb
function is called (particular nl80211_command is added as well).
A mandatory parameters during the ocb_join operation are 'center
frequency' and 'channel width (5/10 MHz)'.

Changes done in mac80211 are minimal possible required to avoid
many warnings (warning: enumeration value 'NL80211_IFTYPE_OCB'
not handled in switch) during compilation. Full functionality
(where needed) is added in the following patch.
Signed-off-by: NRostislav Lisovy <rostislav.lisovy@fel.cvut.cz>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      6e0bd6c3
  29. 11 9月, 2014 1 次提交
  31. 05 9月, 2014 1 次提交
  33. 21 5月, 2014 1 次提交
  35. 19 5月, 2014 1 次提交
  37. 13 5月, 2014 1 次提交
  39. 06 5月, 2014 1 次提交
  41. 25 4月, 2014 2 次提交
  43. 09 4月, 2014 4 次提交
  45. 20 3月, 2014 1 次提交
  47. 05 3月, 2014 1 次提交
  49. 26 2月, 2014 1 次提交
    • I
      cfg80211: send stop AP event only due to internal reason · 7c8d5e03
      Ilan Peer 提交于 
      Commit "nl80211: send event when AP operation is stopped" added an
event to notify user space that an AP interface has been stopped, to
handle cases such as suspend etc. The event is sent regardless
if the stop AP flow was triggered by user space or due to internal state
change.

This might cause issues with wpa_supplicant/hostapd flows that consider
stop AP flow as a synchronous one, e.g., AP/GO channel change in the
absence of CSA support. In such cases, the flow will restart the AP
immediately after the stop AP flow is done, and only handle the stop
AP event after the current flow is done, and as a result stop the AP
again.

Change the current implementation to only send the event in case the
stop AP was triggered due to an internal reason.
Signed-off-by: NIlan Peer <ilan.peer@intel.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      7c8d5e03
  51. 21 2月, 2014 1 次提交
  53. 05 2月, 2014 2 次提交
    • M
      cfg80211: consider existing DFS interfaces · 9e0e2961
      Michal Kazior 提交于 
      It was possible to break interface combinations in
the following way:

 combo 1: iftype = AP, num_ifaces = 2, num_chans = 2,
 combo 2: iftype = AP, num_ifaces = 1, num_chans = 1, radar = HT20

With the above interface combinations it was
possible to:

 step 1. start AP on DFS channel by matching combo 2
 step 2. start AP on non-DFS channel by matching combo 1

This was possible beacuse (step 2) did not consider
if other interfaces require radar detection.

The patch changes how cfg80211 tracks channels -
instead of channel itself now a complete chandef
is stored.
Signed-off-by: NMichal Kazior <michal.kazior@tieto.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      9e0e2961
    • A
      cfg80211: fix channel configuration in IBSS join · fe94f3a4
      Antonio Quartulli 提交于 
      When receiving an IBSS_JOINED event select the BSS object
based on the {bssid, channel} couple rather than the bssid
only.
With the current approach if another cell having the same
BSSID (but using a different channel) exists then cfg80211
picks up the wrong BSS object.
The result is a mismatching channel configuration between
cfg80211 and the driver, that can lead to any sort of
problem.

The issue can be triggered by having an IBSS sitting on
given channel and then asking the driver to create a new
cell using the same BSSID but with a different frequency.
By passing the channel to cfg80211_get_bss() we can solve
this ambiguity and retrieve/create the correct BSS object.
All the users of cfg80211_ibss_joined() have been changed
accordingly.

Moreover WARN when cfg80211_ibss_joined() gets a NULL
channel as argument and remove a bogus call of the same
function in ath6kl (it does not make sense to call
cfg80211_ibss_joined() with a zero BSSID on ibss-leave).

Cc: Kalle Valo <kvalo@qca.qualcomm.com>
Cc: Arend van Spriel <arend@broadcom.com>
Cc: Bing Zhao <bzhao@marvell.com>
Cc: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Cc: libertas-dev@lists.infradead.org
Acked-by: NKalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: NAntonio Quartulli <antonio@open-mesh.com>
[minor code cleanup in ath6kl]
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      fe94f3a4
  55. 09 1月, 2014 1 次提交
  57. 31 12月, 2013 1 次提交