- 09 11月, 2018 2 次提交
-
-
由 Johannes Berg 提交于
Add a new "peer measurement" API, that can be used to measure certain things related to a peer. Right now, only implement FTM (flight time measurement) over it, but the idea is that it'll be extensible to also support measuring the necessary things to calculate e.g. angle-of-arrival for WiGig. The API is structured to have a generic list of peers and channels to measure with/on, and then for each of those a set of measurements (again, only FTM right now) to perform. Results are sent to the requesting socket, including a final complete message. Closing the controlling netlink socket will abort a running measurement. v3: - add a bit to report "final" for partial results - remove list keeping etc. and just unicast out the results to the requester (big code reduction ...) - also send complete message unicast, and as a result remove the multicast group - separate out struct cfg80211_pmsr_ftm_request_peer from struct cfg80211_pmsr_request_peer - document timeout == 0 if no timeout - disallow setting timeout nl80211 attribute to 0, must not include attribute for no timeout - make MAC address randomization optional - change num bursts exponent default to 0 (1 burst, rather rather than the old default of 15==don't care) v4: - clarify NL80211_ATTR_TIMEOUT documentation v5: - remove unnecessary nl80211 multicast/family changes - remove partial results bit/flag, final is sufficient - add max_bursts_exponent, max_ftms_per_burst to capability - rename "frames per burst" -> "FTMs per burst" v6: - rename cfg80211_pmsr_free_wdev() to cfg80211_pmsr_wdev_down() and call it in leave, so the device can't go down with any pending measurements v7: - wording fixes (Lior) - fix ftm.max_bursts_exponent to allow having the limit of 0 (Lior) v8: - copyright statements - minor coding style fixes - fix error path leak Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
This variable shadows something that gets generated inside the tracing macros, which causes sparse to warn. Avoid it so sparse output is more readable, even if it doesn't seem to cause any trouble. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 12 10月, 2018 1 次提交
-
-
由 Ankita Bajaj 提交于
Add support for drivers to report the total number of MPDUs received and the number of MPDUs received with an FCS error from a specific peer. These counters will be incremented only when the TA of the frame matches the MAC address of the peer irrespective of FCS error. It should be noted that the TA field in the frame might be corrupted when there is an FCS error and TA matching logic would fail in such cases. Hence, FCS error counter might not be fully accurate, but it can provide help in detecting bad RX links in significant number of cases. This FCS error counter without full accuracy can be used, e.g., to trigger a kick-out of a connected client with a bad link in AP mode to force such a client to roam to another AP. Signed-off-by: NAnkita Bajaj <bankita@codeaurora.org> Signed-off-by: NJouni Malinen <jouni@codeaurora.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 11 10月, 2018 2 次提交
-
-
由 Johannes Berg 提交于
Instead of open-coding a lot of calls to is_valid_ie_attr(), add this validation directly to the policy, now that we can. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
Many range checks can be done in the policy, move them there. A few in mesh are added in the code (taken out of the macros) because they don't fit into the s16 range in the policy validation. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 10 10月, 2018 1 次提交
-
-
由 Johannes Berg 提交于
Using skcipher just makes the code longer, and mac80211 also "open-codes" the WEP encrypt/decrypt. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 02 10月, 2018 13 次提交
-
-
由 Johannes Berg 提交于
There were supposed to be two blocks - one for each direction cfg80211 <-> driver, clean up the code to restore that. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
There isn't really any need for us to be sending this from two different places - move cfg80211_init_wdev() later and send the notification from there, removing it from the non- netdev case. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
We currently have two places that do similar things, depending on whether it's a wdev with or without netdev. Combine the code to avoid having to duplicate all new additions. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
Add some error messages to nl80211_parse_chandef() to make failures here - especially with disabled channels - easier to diagnose. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
There's no reason for drivers to be able to access the cfg80211 internal cookie counter; move it out of the wiphy into the rdev structure. While at it, also make it never assign 0 as a cookie (we consider that invalid in some places), and warn if we manage to do that for some reason (wrapping is not likely to happen with a u64.) Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
Since my change to split out the regulatory init to occur later, any issues during earlier cfg80211_init() or errors during the platform device allocation would lead to crashes later. Make this more robust by checking that the earlier initialization succeeded. Fixes: d7be102f ("cfg80211: initialize regulatory keys/database later") Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
nl80211_prepare_wdev_dump() is using the output skb to look up the network namespace, but this isn't really necessary, it can just as well use the input skb which is available as cb->skb, the sk is the same anyway. Therefore, remove the redundant argument. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Pradeep Kumar Chitrapu 提交于
Allow userspace to enable fine timing measurement responder functionality with configurable lci/civic parameters in AP mode. This can be done at AP start or changing beacon parameters. A new EXT_FEATURE flag is introduced for drivers to advertise the capability. Also nl80211 API support for retrieving statistics is added. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NPradeep Kumar Chitrapu <pradeepc@codeaurora.org> [remove unused cfg80211_ftm_responder_params, clarify docs, move validation into policy] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
A simple cleanup, reuse the event definition that we already have. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Andrew Zaborowski 提交于
Use the NL80211_KEY_IDX attribute inside the NL80211_ATTR_KEY in NL80211_CMD_GET_KEY responses to comply with nl80211_key_policy. This is unlikely to affect existing userspace. Signed-off-by: NAndrew Zaborowski <andrew.zaborowski@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
There's a bit of duplicated code to initialize a wdev, pull it out into a separate function to call from both places. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Colin Ian King 提交于
The check for !scan_plan is redunant as this has been checked in the proceeding statement and the code returns -ENOBUFS if it is true. Remove the redundant check. Signed-off-by: NColin Ian King <colin.king@canonical.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 zhong jiang 提交于
The iterator in list_for_each_entry_safe is never null, therefore, remove the redundant null pointer check. Signed-off-by: Nzhong jiang <zhongjiang@huawei.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 01 10月, 2018 2 次提交
-
-
由 Yu Zhao 提交于
reg_process_hint_country_ie() can free regulatory_request and return REG_REQ_ALREADY_SET. We shouldn't use regulatory_request after it's called. KASAN error was observed when this happens. BUG: KASAN: use-after-free in reg_process_hint+0x839/0x8aa [cfg80211] Read of size 4 at addr ffff8800c430d434 by task kworker/1:3/89 <snipped> Workqueue: events reg_todo [cfg80211] Call Trace: dump_stack+0xc1/0x10c ? _atomic_dec_and_lock+0x1ad/0x1ad ? _raw_spin_lock_irqsave+0xa0/0xd2 print_address_description+0x86/0x26f ? reg_process_hint+0x839/0x8aa [cfg80211] kasan_report+0x241/0x29b reg_process_hint+0x839/0x8aa [cfg80211] reg_todo+0x204/0x5b9 [cfg80211] process_one_work+0x55f/0x8d0 ? worker_detach_from_pool+0x1b5/0x1b5 ? _raw_spin_unlock_irq+0x65/0xdd ? _raw_spin_unlock_irqrestore+0xf3/0xf3 worker_thread+0x5dd/0x841 ? kthread_parkme+0x1d/0x1d kthread+0x270/0x285 ? pr_cont_work+0xe3/0xe3 ? rcu_read_unlock_sched_notrace+0xca/0xca ret_from_fork+0x22/0x40 Allocated by task 2718: set_track+0x63/0xfa __kmalloc+0x119/0x1ac regulatory_hint_country_ie+0x38/0x329 [cfg80211] __cfg80211_connect_result+0x854/0xadd [cfg80211] cfg80211_rx_assoc_resp+0x3bc/0x4f0 [cfg80211] smsc95xx v1.0.6 ieee80211_sta_rx_queued_mgmt+0x1803/0x7ed5 [mac80211] ieee80211_iface_work+0x411/0x696 [mac80211] process_one_work+0x55f/0x8d0 worker_thread+0x5dd/0x841 kthread+0x270/0x285 ret_from_fork+0x22/0x40 Freed by task 89: set_track+0x63/0xfa kasan_slab_free+0x6a/0x87 kfree+0xdc/0x470 reg_process_hint+0x31e/0x8aa [cfg80211] reg_todo+0x204/0x5b9 [cfg80211] process_one_work+0x55f/0x8d0 worker_thread+0x5dd/0x841 kthread+0x270/0x285 ret_from_fork+0x22/0x40 <snipped> Signed-off-by: NYu Zhao <yuzhao@google.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Stefan Seyfried 提交于
cfg80211_wext_giwrate and sinfo.pertid might allocate sinfo.pertid via rdev_get_station(), but never release it. Fix that. Fixes: 8689c051 ("cfg80211: dynamically allocate per-tid stats for station info") Signed-off-by: NStefan Seyfried <seife+kernel@b1-systems.com> [johannes: fix error path, use cfg80211_sinfo_release_content(), add Fixes] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 28 9月, 2018 1 次提交
-
-
由 Kees Cook 提交于
In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Cc: Johannes Berg <johannes@sipsolutions.net> Cc: linux-wireless@vger.kernel.org Signed-off-by: NKees Cook <keescook@chromium.org> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
- 27 9月, 2018 1 次提交
-
-
由 Masashi Honma 提交于
Use array_index_nospec() to sanitize i with respect to speculation. Note that the user doesn't control i directly, but can make it out of bounds by not finding a threshold in the array. Signed-off-by: NMasashi Honma <masashi.honma@gmail.com> [add note about user control, as explained by Masashi] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 26 9月, 2018 1 次提交
-
-
由 Masashi Honma 提交于
Use array_index_nospec() to sanitize ridx with respect to speculation. Signed-off-by: NMasashi Honma <masashi.honma@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 10 9月, 2018 1 次提交
-
-
由 Jouni Malinen 提交于
cfg80211_get_bss_channel() is used to update the RX channel based on the available frame payload information (channel number from DSSS Parameter Set element or HT Operation element). This is needed on 2.4 GHz channels where frames may be received on neighboring channels due to overlapping frequency range. This might of some use on the 5 GHz band in some corner cases, but things are more complex there since there is no n:1 or 1:n mapping between channel numbers and frequencies due to multiple different starting frequencies in different operating classes. This could result in ieee80211_channel_to_frequency() returning incorrect frequency and ieee80211_get_channel() returning incorrect channel information (or indication of no match). In the previous implementation, this could result in some scan results being dropped completely, e.g., for the 4.9 GHz channels. That prevented connection to such BSSs. Fix this by using the driver-provided channel pointer if ieee80211_get_channel() does not find matching channel data for the channel number in the frame payload and if the scan is done with 5 MHz or 10 MHz channel bandwidth. While doing this, also add comments describing what the function is trying to achieve to make it easier to understand what happens here and why. Signed-off-by: NJouni Malinen <jouni@codeaurora.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 05 9月, 2018 4 次提交
-
-
由 Stanislaw Gruszka 提交于
Add validation check for wmm rule when copy rules from fwdb and print error when rule is invalid. Signed-off-by: NStanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Andrei Otcheretianski 提交于
Core regulatory hints didn't set wiphy_idx to WIPHY_IDX_INVALID. Since the regulatory request is zeroed, wiphy_idx was always implicitly set to 0. This resulted in updating only phy #0. Fix that. Fixes: 806a9e39 ("cfg80211: make regulatory_request use wiphy_idx instead of wiphy") Signed-off-by: NAndrei Otcheretianski <andrei.otcheretianski@intel.com> Signed-off-by: NLuca Coelho <luciano.coelho@intel.com> [add fixes tag] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
IEEE 802.11-2016 extended the VHT capability fields to allow indicating the number of spatial streams depending on the actually used bandwidth, add support for decoding this. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Shaul Triebitz 提交于
Same as for HT and VHT. This helps the lower level to know whether the AP supports HE. Signed-off-by: NShaul Triebitz <shaul.triebitz@intel.com> Signed-off-by: NLuca Coelho <luciano.coelho@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 03 9月, 2018 1 次提交
-
-
由 Dan Carpenter 提交于
The "chandef->center_freq1" variable is a u32 but "freq" is a u16 so we are truncating away the high bits. I noticed this bug because in commit 9cf0a0b4 ("cfg80211: Add support for 60GHz band channels 5 and 6") we made "freq <= 56160 + 2160 * 6" a valid requency when before it was only "freq <= 56160 + 2160 * 4" that was valid. It introduces a static checker warning: net/wireless/util.c:1571 ieee80211_chandef_to_operating_class() warn: always true condition '(freq <= 56160 + 2160 * 6) => (0-u16max <= 69120)' But really we probably shouldn't have been truncating the high bits away to begin with. Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 30 8月, 2018 1 次提交
-
-
由 Arunk Khandavalli 提交于
nl80211_update_ft_ies() tried to validate NL80211_ATTR_IE with is_valid_ie_attr() before dereferencing it, but that helper function returns true in case of NULL pointer (i.e., attribute not included). This can result to dereferencing a NULL pointer. Fix that by explicitly checking that NL80211_ATTR_IE is included. Fixes: 355199e0 ("cfg80211: Extend support for IEEE 802.11r Fast BSS Transition") Signed-off-by: NArunk Khandavalli <akhandav@codeaurora.org> Signed-off-by: NJouni Malinen <jouni@codeaurora.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 29 8月, 2018 1 次提交
-
-
由 Balaji Pothunoori 提交于
Modify the API to include all ACK frames in average ACK signal strength reporting, not just ACKs for data frames. Make exposing the data conditional on implementing the extended feature flag. This is how it was really implemented in mac80211, update the code there to use the new defines and clean up some of the setting code. Keep nl80211.h source compatibility by keeping the old names. Signed-off-by: NBalaji Pothunoori <bpothuno@codeaurora.org> [rewrite commit log, change compatibility to be old=new instead of the other way around, update kernel-doc, roll in mac80211 changes, make mac80211 depend on valid bit instead of HW flag] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 28 8月, 2018 6 次提交
-
-
由 Haim Dreyfuss 提交于
freq_reg_info expects to get the frequency in kHz. Instead we accidently pass it in MHz. Thus, currently the function always return ERR rule. Fix that. Fixes: 50f32718 ("nl80211: Add wmm rule attribute to NL80211_CMD_GET_WIPHY dump command") Signed-off-by: NHaim Dreyfuss <haim.dreyfuss@intel.com> Signed-off-by: NLuca Coelho <luciano.coelho@intel.com> [fix kHz/MHz in commit message] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Haim Dreyfuss 提交于
TXOP (also known as Channel Occupancy Time) is u16 and should be added using nla_put_u16 instead of u8, fix that. Fixes: 50f32718 ("nl80211: Add wmm rule attribute to NL80211_CMD_GET_WIPHY dump command") Signed-off-by: NHaim Dreyfuss <haim.dreyfuss@intel.com> Signed-off-by: NLuca Coelho <luciano.coelho@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Alexei Avshalom Lazar 提交于
The current support in the 60GHz band is for channels 1-4. Add support for channels 5 and 6. This requires enlarging ieee80211_channel.center_freq from u16 to u32. Signed-off-by: NAlexei Avshalom Lazar <ailizaro@codeaurora.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
When REGULATORY_COUNTRY_IE_IGNORE is set, __reg_process_hint_country_ie() ignores the country code change request from __cfg80211_connect_result() via regulatory_hint_country_ie(). After Disconnect, similar to above, country code should not be reset to world when country IE ignore is set. But this is violated and restore of regulatory settings is invoked by cfg80211_disconnect_work via regulatory_hint_disconnect(). To address this, avoid regulatory restore from regulatory_hint_disconnect() when COUNTRY_IE_IGNORE is set. Note: Currently, restore_regulatory_settings() takes care of clearing beacon hints. But in the proposed change, regulatory restore is avoided. Therefore, explicitly clear beacon hints when DISABLE_BEACON_HINTS is not set. Signed-off-by: NRajeev Kumar Sirasanagandla <rsirasan@codeaurora.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Dedy Lansky 提交于
Make ieee80211_send_layer2_update() a common function so other drivers can re-use it. Signed-off-by: NDedy Lansky <dlansky@codeaurora.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Stanislaw Gruszka 提交于
Make wmm_rule be part of the reg_rule structure. This simplifies the code a lot at the cost of having bigger memory usage. However in most cases we have only few reg_rule's and when we do have many like in iwlwifi we do not save memory as it allocates a separate wmm_rule for each channel anyway. This also fixes a bug reported in various places where somewhere the pointers were corrupted and we ended up doing a null-dereference. Fixes: 230ebaa1 ("cfg80211: read wmm rules from regulatory database") Signed-off-by: NStanislaw Gruszka <sgruszka@redhat.com> [rephrase commit message slightly] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 20 8月, 2018 1 次提交
-
-
由 Johannes Berg 提交于
Pointer arithmetic already adjusts by the size of the struct, so the sizeof() calculation is wrong. This is basically the same as Colin King's patch for similar code in the iwlwifi driver. Fixes: 230ebaa1 ("cfg80211: read wmm rules from regulatory database") Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 24 7月, 2018 1 次提交
-
-
由 Kees Cook 提交于
In preparing to remove all stack VLA usage from the kernel[1], this removes the discouraged use of AHASH_REQUEST_ON_STACK in favor of the smaller SHASH_DESC_ON_STACK by converting from ahash-wrapped-shash to direct shash. The stack allocation will be made a fixed size in a later patch to the crypto subsystem. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.comSigned-off-by: NKees Cook <keescook@chromium.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-