1. 22 2月, 2011 1 次提交
    • D
      fix cfg80211_wext_siwfreq lock ordering... · 4f919a3b
      Daniel J Blueman 提交于
      I previously managed to reproduce a hang while scanning wireless
      channels (reproducible with airodump-ng hopping channels); subsequent
      lockdep instrumentation revealed a lock ordering issue.
      
      Without knowing the design intent, it looks like the locks should be
      taken in reverse order; please comment.
      
      =======================================================
      [ INFO: possible circular locking dependency detected ]
      2.6.38-rc5-341cd #4
      -------------------------------------------------------
      airodump-ng/15445 is trying to acquire lock:
       (&rdev->devlist_mtx){+.+.+.}, at: [<ffffffff816b1266>]
      cfg80211_wext_siwfreq+0xc6/0x100
      
      but task is already holding lock:
       (&wdev->mtx){+.+.+.}, at: [<ffffffff816b125c>] cfg80211_wext_siwfreq+0xbc/0x100
      
      which lock already depends on the new lock.
      
      the existing dependency chain (in reverse order) is:
      
      -> #1 (&wdev->mtx){+.+.+.}:
             [<ffffffff810a79d6>] lock_acquire+0xc6/0x280
             [<ffffffff816d6bce>] mutex_lock_nested+0x6e/0x4b0
             [<ffffffff81696080>] cfg80211_netdev_notifier_call+0x430/0x5f0
             [<ffffffff8109351b>] notifier_call_chain+0x8b/0x100
             [<ffffffff810935b1>] raw_notifier_call_chain+0x11/0x20
             [<ffffffff81576d92>] call_netdevice_notifiers+0x32/0x60
             [<ffffffff815771a4>] __dev_notify_flags+0x34/0x80
             [<ffffffff81577230>] dev_change_flags+0x40/0x70
             [<ffffffff8158587c>] do_setlink+0x1fc/0x8d0
             [<ffffffff81586042>] rtnl_setlink+0xf2/0x140
             [<ffffffff81586923>] rtnetlink_rcv_msg+0x163/0x270
             [<ffffffff8159d741>] netlink_rcv_skb+0xa1/0xd0
             [<ffffffff815867b0>] rtnetlink_rcv+0x20/0x30
             [<ffffffff8159d39a>] netlink_unicast+0x2ba/0x300
             [<ffffffff8159dd57>] netlink_sendmsg+0x267/0x3e0
             [<ffffffff8155e364>] sock_sendmsg+0xe4/0x110
             [<ffffffff8155f3a3>] sys_sendmsg+0x253/0x3b0
             [<ffffffff81003192>] system_call_fastpath+0x16/0x1b
      
      -> #0 (&rdev->devlist_mtx){+.+.+.}:
             [<ffffffff810a7222>] __lock_acquire+0x1622/0x1d10
             [<ffffffff810a79d6>] lock_acquire+0xc6/0x280
             [<ffffffff816d6bce>] mutex_lock_nested+0x6e/0x4b0
             [<ffffffff816b1266>] cfg80211_wext_siwfreq+0xc6/0x100
             [<ffffffff816b2fad>] ioctl_standard_call+0x5d/0xd0
             [<ffffffff816b3223>] T.808+0x163/0x170
             [<ffffffff816b326a>] wext_handle_ioctl+0x3a/0x90
             [<ffffffff815798d2>] dev_ioctl+0x6f2/0x830
             [<ffffffff8155cf3d>] sock_ioctl+0xfd/0x290
             [<ffffffff8117dffd>] do_vfs_ioctl+0x9d/0x590
             [<ffffffff8117e53a>] sys_ioctl+0x4a/0x80
             [<ffffffff81003192>] system_call_fastpath+0x16/0x1b
      
      other info that might help us debug this:
      
      2 locks held by airodump-ng/15445:
       #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff81586782>] rtnl_lock+0x12/0x20
       #1:  (&wdev->mtx){+.+.+.}, at: [<ffffffff816b125c>]
      cfg80211_wext_siwfreq+0xbc/0x100
      
      stack backtrace:
      Pid: 15445, comm: airodump-ng Not tainted 2.6.38-rc5-341cd #4
      Call Trace:
       [<ffffffff810a3f0a>] ? print_circular_bug+0xfa/0x100
       [<ffffffff810a7222>] ? __lock_acquire+0x1622/0x1d10
       [<ffffffff810a1f99>] ? trace_hardirqs_off_caller+0x29/0xc0
       [<ffffffff810a79d6>] ? lock_acquire+0xc6/0x280
       [<ffffffff816b1266>] ? cfg80211_wext_siwfreq+0xc6/0x100
       [<ffffffff810a31d7>] ? mark_held_locks+0x67/0x90
       [<ffffffff816d6bce>] ? mutex_lock_nested+0x6e/0x4b0
       [<ffffffff816b1266>] ? cfg80211_wext_siwfreq+0xc6/0x100
       [<ffffffff810a31d7>] ? mark_held_locks+0x67/0x90
       [<ffffffff816b1266>] ? cfg80211_wext_siwfreq+0xc6/0x100
       [<ffffffff816b1266>] ? cfg80211_wext_siwfreq+0xc6/0x100
       [<ffffffff816b2fad>] ? ioctl_standard_call+0x5d/0xd0
       [<ffffffff8157818b>] ? __dev_get_by_name+0x9b/0xc0
       [<ffffffff816b2f50>] ? ioctl_standard_call+0x0/0xd0
       [<ffffffff816b3223>] ? T.808+0x163/0x170
       [<ffffffff8112ddf2>] ? might_fault+0x72/0xd0
       [<ffffffff816b326a>] ? wext_handle_ioctl+0x3a/0x90
       [<ffffffff8112de3b>] ? might_fault+0xbb/0xd0
       [<ffffffff815798d2>] ? dev_ioctl+0x6f2/0x830
       [<ffffffff810a1bae>] ? put_lock_stats+0xe/0x40
       [<ffffffff810a1c8c>] ? lock_release_holdtime+0xac/0x150
       [<ffffffff8155cf3d>] ? sock_ioctl+0xfd/0x290
       [<ffffffff8117dffd>] ? do_vfs_ioctl+0x9d/0x590
       [<ffffffff8116c8ff>] ? fget_light+0x1df/0x3c0
       [<ffffffff8117e53a>] ? sys_ioctl+0x4a/0x80
       [<ffffffff81003192>] ? system_call_fastpath+0x16/0x1b
      Signed-off-by: NDaniel J Blueman <daniel.blueman@gmail.com>
      Acked-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      4f919a3b
  2. 22 1月, 2011 1 次提交
    • B
      cfg80211: Extend channel to frequency mapping for 802.11j · 59eb21a6
      Bruno Randolf 提交于
      Extend channel to frequency mapping for 802.11j Japan 4.9GHz band, according to
      IEEE802.11 section 17.3.8.3.2 and Annex J. Because there are now overlapping
      channel numbers in the 2GHz and 5GHz band we can't map from channel to
      frequency without knowing the band. This is no problem as in most contexts we
      know the band. In places where we don't know the band (and WEXT compatibility)
      we assume the 2GHz band for channels below 14.
      
      This patch does not implement all channel to frequency mappings defined in
      802.11, it's just an extension for 802.11j 20MHz channels. 5MHz and 10MHz
      channels as well as 802.11y channels have been omitted.
      
      The following drivers have been updated to reflect the API changes:
      iwl-3945, iwl-agn, iwmc3200wifi, libertas, mwl8k, rt2x00, wl1251, wl12xx.
      The drivers have been compile-tested only.
      Signed-off-by: NBruno Randolf <br1@einfach.org>
      Signed-off-by: NBrian Prodoehl <bprodoehl@gmail.com>
      Acked-by: NLuciano Coelho <coelho@ti.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      59eb21a6
  3. 14 12月, 2010 1 次提交
  4. 12 10月, 2010 1 次提交
  5. 07 10月, 2010 1 次提交
  6. 31 8月, 2010 1 次提交
    • J
      wireless extensions: fix kernel heap content leak · 42da2f94
      Johannes Berg 提交于
      Wireless extensions have an unfortunate, undocumented
      requirement which requires drivers to always fill
      iwp->length when returning a successful status. When
      a driver doesn't do this, it leads to a kernel heap
      content leak when userspace offers a larger buffer
      than would have been necessary.
      
      Arguably, this is a driver bug, as it should, if it
      returns 0, fill iwp->length, even if it separately
      indicated that the buffer contents was not valid.
      
      However, we can also at least avoid the memory content
      leak if the driver doesn't do this by setting the iwp
      length to max_tokens, which then reflects how big the
      buffer is that the driver may fill, regardless of how
      big the userspace buffer is.
      
      To illustrate the point, this patch also fixes a
      corresponding cfg80211 bug (since this requirement
      isn't documented nor was ever pointed out by anyone
      during code review, I don't trust all drivers nor
      all cfg80211 handlers to implement it correctly).
      
      Cc: stable@kernel.org [all the way back]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      42da2f94
  7. 21 7月, 2010 1 次提交
  8. 25 6月, 2010 1 次提交
  9. 08 5月, 2010 1 次提交
    • J
      cfg80211/mac80211: better channel handling · f444de05
      Johannes Berg 提交于
      Currently (all tested with hwsim) you can do stupid
      things like setting up an AP on a certain channel,
      then adding another virtual interface and making
      that associate on another channel -- this will make
      the beaconing to move channel but obviously without
      the necessary IEs data update.
      
      In order to improve this situation, first make the
      configuration APIs (cfg80211 and nl80211) aware of
      multi-channel operation -- we'll eventually need
      that in the future anyway. There's one userland API
      change and one API addition. The API change is that
      now SET_WIPHY must be called with virtual interface
      index rather than only wiphy index in order to take
      effect for that interface -- luckily all current
      users (hostapd) do that. For monitor interfaces, the
      old setting is preserved, but monitors are always
      slaved to other devices anyway so no guarantees.
      
      The second userland API change is the introduction
      of a per virtual interface SET_CHANNEL command, that
      hostapd should use going forward to make it easier
      to understand what's going on (it can automatically
      detect a kernel with this command).
      
      Other than mac80211, no existing cfg80211 drivers
      are affected by this change because they only allow
      a single virtual interface.
      
      mac80211, however, now needs to be aware that the
      channel settings are per interface now, and needs
      to disallow (for now) real multi-channel operation,
      which is another important part of this patch.
      
      One of the immediate benefits is that you can now
      start hostapd to operate on a hardware that already
      has a connection on another virtual interface, as
      long as you specify the same channel.
      
      Note that two things are left unhandled (this is an
      improvement -- not a complete fix):
      
       * different HT/no-HT modes
      
         currently you could start an HT AP and then
         connect to a non-HT network on the same channel
         which would configure the hardware for no HT;
         that can be fixed fairly easily
      
       * CSA
      
         An AP we're connected to on a virtual interface
         might indicate switching channels, and in that
         case we would follow it, regardless of how many
         other interfaces are operating; this requires
         more effort to fix but is pretty rare after all
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      f444de05
  10. 30 3月, 2010 1 次提交
    • T
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo 提交于
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      
        http://userweb.kernel.org/~tj/misc/slabh-sweep.py
      
      The script does the followings.
      
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
        file.
      
      The conversion was done in the following steps.
      
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
         files.
      
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
         necessary.
      
      6. percpu.h was updated not to include slab.h.
      
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
      
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Guess-its-ok-by: NChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
      5a0e3ad6
  11. 20 2月, 2010 1 次提交
    • K
      nl80211: add power save commands · ffb9eb3d
      Kalle Valo 提交于
      The most needed command from nl80211, which Wireless Extensions had,
      is support for power save mode. Add a simple command to make it possible
      to enable and disable power save via nl80211.
      
      I was also planning about extending the interface, for example adding the
      timeout value, but after thinking more about this I decided not to do it.
      Basically there were three reasons:
      
      Firstly, the parameters for power save are very much hardware dependent.
      Trying to find a unified interface which would work with all hardware, and
      still make sense to users, will be very difficult.
      
      Secondly, IEEE 802.11 power save implementation in Linux is still in state
      of flux. We have a long way to still to go and there is no way to predict
      what kind of implementation we will have after few years. And because we
      need to support nl80211 interface a long time, practically forever, adding
      now parameters to nl80211 might create maintenance problems later on.
      
      Third issue are the users. Power save parameters are mostly used for
      debugging, so debugfs is better, more flexible, interface for this.
      For example, wpa_supplicant currently doesn't configure anything related
      to power save mode. It's better to strive that kernel can automatically
      optimise the power save parameters, like with help of pm qos network
      and other traffic parameters.
      
      Later on, when we have better understanding of power save, we can extend
      this command with more features, if there's a need for that.
      Signed-off-by: NKalle Valo <kalle.valo@nokia.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      ffb9eb3d
  12. 28 1月, 2010 1 次提交
  13. 13 1月, 2010 1 次提交
    • J
      cfg80211/mac80211: Use more generic bitrate mask for rate control · 37eb0b16
      Jouni Malinen 提交于
      Extend struct cfg80211_bitrate_mask to actually use a bitfield mask
      instead of just a single fixed or maximum rate index. This change
      itself does not modify the behavior (except for debugfs files), but it
      prepares cfg80211 and mac80211 for a new nl80211 command for setting
      which rates can be used in TX rate control.
      
      Since frames are now going through the rate control algorithm
      unconditionally, the internal IEEE80211_TX_INTFL_RCALGO flag can now
      be removed. The RC implementations can use the rate_idx_mask value to
      optimize their behavior if only a single rate is enabled.
      
      The old max_rate_idx in struct ieee80211_tx_rate_control is maintained
      (but commented as deprecated) for backwards compatibility with existing
      RC implementations. Once these implementations have been updated to
      use the more generic rate_idx_mask, the max_rate_idx value can be
      removed.
      Signed-off-by: NJouni Malinen <jouni.malinen@atheros.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      37eb0b16
  14. 22 12月, 2009 1 次提交
  15. 10 12月, 2009 1 次提交
  16. 29 11月, 2009 1 次提交
  17. 19 11月, 2009 1 次提交
  18. 03 11月, 2009 1 次提交
  19. 21 9月, 2009 1 次提交
  20. 29 8月, 2009 1 次提交
    • J
      cfg80211: clean up properly on interface type change · 3d54d255
      Johannes Berg 提交于
      When the interface type changes while connected, and the
      driver does not require the interface to be down for a
      type change, it is currently possible to get very strange
      results unless the driver takes special care, which it
      shouldn't have to.
      
      To fix this, take care to disconnect/leave IBSS when
      changing the interface type -- even if the driver may fail
      the call. Also process all events that may be pending to
      avoid running into a situation where an event is reported
      but only processed after the type has already changed,
      which would lead to missing events and warnings.
      
      A side effect of this is that you will have disconnected
      or left the IBSS even if the mode change ultimately fails,
      but since the intention was to change it and thus leave or
      disconnect, this is not a problem.
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      3d54d255
  21. 20 8月, 2009 1 次提交
  22. 14 8月, 2009 2 次提交
  23. 30 7月, 2009 4 次提交
  24. 25 7月, 2009 5 次提交
  25. 11 7月, 2009 8 次提交