- 03 11月, 2014 1 次提交
-
-
由 Johannes Berg 提交于
Upon receiving the last fragment, all but the first fragment are freed, but the multicast check for statistics at the end of the function refers to the current skb (the last fragment) causing a use-after-free bug. Since multicast frames cannot be fragmented and we check for this early in the function, just modify that check to also do the accounting to fix the issue. Cc: stable@vger.kernel.org Reported-by: NYosef Khyal <yosefx.khyal@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 05 9月, 2014 1 次提交
-
-
由 Johannes Berg 提交于
Our legal structure changed at some point (see wikipedia), but we forgot to immediately switch over to the new copyright notice. For files that we have modified in the time since the change, add the proper copyright notice now. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 03 9月, 2014 1 次提交
-
-
由 Michal Kazior 提交于
When starting an offloaded BA session it is unknown what starting sequence number should be used. Using last_seq worked in most cases except after hw restart. When hw restart is requested last_seq is (rightfully so) kept unmodified. This ended up with BA sessions being restarted with an aribtrary BA window values resulting in dropped frames until sequence numbers caught up. Instead of last_seq pick seqno of a first Rxed frame of a given BA session. This fixes stalled traffic after hw restart with offloaded BA sessions (currently only ath10k). Signed-off-by: NMichal Kazior <michal.kazior@tieto.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 26 8月, 2014 1 次提交
-
-
由 Vladimir Kondratiev 提交于
In the cfg80211_rx_mgmt(), parameter @gfp was used for the memory allocation. But, memory get allocated under spin_lock_bh(), this implies atomic context. So, one can't use GFP_KERNEL, only variants with no __GFP_WAIT. Actually, in all occurrences GFP_ATOMIC is used (wil6210 use GFP_KERNEL by mistake), and it should be this way or warning triggered in the memory allocation code. Remove @gfp parameter as no actual choice exist, and use hard coded GFP_ATOMIC for memory allocation. Signed-off-by: NVladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 21 7月, 2014 2 次提交
-
-
由 Michal Kazior 提交于
Some drivers (e.g. ath10k) report A-MSDU subframes individually with identical seqno. The A-MPDU Rx reorder code did not account for that which made it practically unusable with drivers using RX_FLAG_AMSDU_MORE because it would end up dropping a lot of frames resulting in confusion in upper network transport layers. Signed-off-by: NMichal Kazior <michal.kazior@tieto.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Arik Nemtsov 提交于
If the AP receives actions frames destined for other peers, it may mistakenly toggle BA-sessions from itself to a peer. Ignore TDLS data packets as well - the AP should not handle them. Signed-off-by: NArik Nemtsov <arikx.nemtsov@intel.com> Reviewed-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 23 6月, 2014 1 次提交
-
-
由 Johannes Berg 提交于
It is currently possible to have a race due to the station PS unblock work like this: * station goes to sleep with frames buffered in the driver * driver blocks wakeup * station wakes up again * driver flushes/returns frames, and unblocks, which schedules the unblock work * unblock work starts to run, and checks that the station is awake (i.e. that the WLAN_STA_PS_STA flag isn't set) * we process a received frame with PM=1, setting the flag again * ieee80211_sta_ps_deliver_wakeup() runs, delivering all frames to the driver, and then clearing the WLAN_STA_PS_DRIVER and WLAN_STA_PS_STA flags In this scenario, mac80211 will think that the station is awake, while it really is asleep, and any TX'ed frames should be filtered by the device (it will know that the station is sleeping) but then passed to mac80211 again, which will not buffer it either as it thinks the station is awake, and eventually the packets will be dropped. Fix this by moving the clearing of the flags to exactly where we learn about the situation. This creates a problem of reordering, so introduce another flag indicating that delivery is being done, this new flag also queues frames and is cleared only while the spinlock is held (which the queuing code also holds) so that any concurrent delivery/TX is handled correctly. Reported-by: NAndrei Otcheretianski <andrei.otcheretianski@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 05 5月, 2014 1 次提交
-
-
由 Henning Rogge 提交于
Filter out incoming multicast packages before applying their bitrate to the rx bitrate station info field to prevent them from setting the rx bitrate to the basic multicast rate. Signed-off-by: NHenning Rogge <hrogge@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 25 4月, 2014 1 次提交
-
-
由 Zhao, Gang 提交于
And some code style changes in the function, and correct a typo in comment. Signed-off-by: NZhao, Gang <gamerh2o@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 20 3月, 2014 1 次提交
-
-
由 Emmanuel Grumbach 提交于
Add a bit in rx_status.vht_flags to let the low level driver notify mac80211 about a beamformed packet. Propagate this to the radiotap header. Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 03 3月, 2014 1 次提交
-
-
由 Chun-Yeow Yeoh 提交于
Add missing update on the rx status vht flag of the last data packet. Otherwise, cfg80211_calculate_bitrate_vht may not consider the channel width resulting in wrong calculation of the received bitrate. Signed-off-by: NChun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 20 2月, 2014 1 次提交
-
-
由 Johannes Berg 提交于
Consider the following (relatively unlikely) scenario: 1) station goes to sleep while frames are buffered in driver 2) driver blocks wakeup (until no more frames are buffered) 3) station wakes up again 4) driver unblocks wakeup In this case, the current mac80211 code will do the following: 1) WLAN_STA_PS_STA set 2) WLAN_STA_PS_DRIVER set 3) - nothing - 4) WLAN_STA_PS_DRIVER cleared As a result, no frames will be delivered to the client, even though it is awake, until it sends another frame to us that triggers ieee80211_sta_ps_deliver_wakeup() in sta_ps_end(). Since we now take the PS spinlock, we can fix this while at the same time removing the complexity with the pending skb queue function. This was broken since my commit 50a9432d ("mac80211: fix powersaving clients races") due to removing the clearing of WLAN_STA_PS_STA in the RX path. While at it, fix a cleanup path issue when a station is removed while the driver is still blocking its wakeup. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 13 2月, 2014 1 次提交
-
-
由 Johannes Berg 提交于
NAPI was originally added to mac80211 a long time ago (by John in commit 4e6cbfd0 in July 2010), but then removed years later (by Stanislaw in commit 30c97120 in February 2013). No driver ever used it, so that was fine. Now I'm adding support for NAPI to our driver, so add some code to mac80211 again to support NAPI. John was originally wrapping some (but not nearly all NAPI-related functions), but that doesn't scale very well with the number of functions that are there, some of which are even only inlines. Thus, instead of doing that, let the drivers manage the NAPI struct, except for napi_add() which is needed so mac80211 knows how to call napi_gro_receive(). Also remove some no longer needed definitions that were left when NAPI support was removed. Reviewed-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Reviewed-by: NEyal Shapira <eyal@wizery.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 06 2月, 2014 3 次提交
-
-
由 Emmanuel Grumbach 提交于
This capabilities weren't propagated to the radiotap header. We don't set here the VHT_KNOWN / MCS_HAVE flag because not all the low level drivers will know how to properly flag the frames, hence the low level driver will be in charge of setting IEEE80211_RADIOTAP_MCS_HAVE_FEC, IEEE80211_RADIOTAP_MCS_HAVE_STBC and / or IEEE80211_RADIOTAP_VHT_KNOWN_STBC according to its capabilities. Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Emmanuel Grumbach 提交于
ieee80211_rx_status.flags is full. Define a new vht_flag variable to be able to set more VHT related flags and make room in flags. Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Acked-by: Kalle Valo <kvalo@qca.qualcomm.com> [ath10k] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Emmanuel Grumbach 提交于
The purpose of this housekeeping is to make some room for VHT flags. The radiotap vendor fields weren't in use. Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 05 2月, 2014 2 次提交
-
-
由 Johannes Berg 提交于
Action, disassoc and deauth frames are bufferable, and as such don't have the PM bit in the frame control field reserved which means we need to react to the bit when receiving in such a frame. Fix this by introducing a new helper ieee80211_is_bufferable_mmpdu() and using it for the RX path that currently ignores the PM bit in any non-data frames for doze->wake transitions, but listens to it in all frames for wake->doze transitions, both of which are wrong. Also use the new helper in the TX path to clean up the code. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
A few places weren't checking that the frame passed to the function actually has enough data even though the function clearly documents it must have a payload byte. Make this safer by changing the function to take an skb and checking the length inside. The old version is preserved for now as the rtl* drivers use it and don't have a correct skb. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 07 1月, 2014 2 次提交
-
-
由 Johannes Berg 提交于
Using an int with 0/1 is not very common, make the function return a bool instead with the same values (false/true). Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Emmanuel Grumbach 提交于
No need to assign the return value of prepare_for_handlers to a variable if the only usage is to test it. Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 04 12月, 2013 1 次提交
-
-
由 Johannes Berg 提交于
Remove the unnecessary duplicate test of "if (skb) {" when !CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS. Remove now unnecessary __maybe_unused, neaten comment Remove unnecessary parenthesis around align cast. Substitute reference to deprecated compare_ether_addr with ether_addr_equal (in the comment.) Signed-off-by: NJoe Perches <joe@perches.com> [edit commit log slightly] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 03 12月, 2013 1 次提交
-
-
由 Johannes Berg 提交于
There's no reason for the variable to not be inside the #ifdef, move it. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 26 11月, 2013 3 次提交
-
-
由 Chun-Yeow Yeoh 提交于
Use put_unaligned_le16 and put_unaligned_le32 for mesh_path_error_tx and mesh_path_sel_frame_tx. Signed-off-by: NChun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Max Stepanov 提交于
This adds generic cipher scheme support to mac80211, such schemes are fully under control by the driver. On hw registration drivers may specify additional HW ciphers with a scheme how these ciphers have to be handled by mac80211 TX/RR. A cipher scheme specifies a cipher suite value, a size of the security header to be added to or stripped from frames and how the PN is to be verified on RX. Signed-off-by: NMax Stepanov <Max.Stepanov@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Karl Beldan 提交于
Currently, frames that go into the reordering buffer are stored at index ieee80211_sn_sub(sn, tid_rx->ssn) % tid_rx->buf_size. The offset calculation to the starting sequence number (SSN) is useless and just adds overhead so simply use sn % tid_rx->buf_size. This means the reordering buffer will start to be filled somewhere in the middle (at SSN % buf_size) and continue to get used from there, but there's no reason to start from the beginning. Signed-off-by: NKarl Beldan <karl.beldan@rivierawaves.com> [rewrite commit message] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 25 11月, 2013 1 次提交
-
-
由 Johannes Berg 提交于
Multicast frames can't be transmitted as part of an aggregation session (such a session couldn't even be set up) so don't try to reorder them. Trying to do so would cause the reorder to stop working correctly since multicast QoS frames (as transmitted by the Aruba APs this was found with) would cause sequence number confusion in the buffer. Cc: stable@vger.kernel.org Reported-by: NBlaise Gassend <blaise@suitabletech.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 28 10月, 2013 1 次提交
-
-
由 Chun-Yeow Yeoh 提交于
Implement the required procedures for mesh channel switching as defined in the IEEE Std 802.11-2012 section 10.9.8.4.3 and also handle the CSA and MCSP elements as followed: * Add the function for updating the beacon and probe response frames with CSA and MCSP elements during the period of switching to the new channel. Both CSA and MCSP elements must be included in beacon and probe response frames until the intended channel switch time. * The ifmsh->csa_settings is set to NULL and the CSA and MCSP elements will then be removed from the beacon or probe response frames once the new channel is switched to. Signed-off-by: NChun-Yeow Yeoh <yeohchunyeow@cozybit.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 01 10月, 2013 1 次提交
-
-
由 Michal Kazior 提交于
Some devices may not be able to report A-MSDUs in single buffers. Drivers for such devices were forced to re-assemble A-MSDUs which would then be eventually disassembled by mac80211. This could lead to CPU cache thrashing and poor performance. Since A-MSDU has a single sequence number all subframes share it. This was in conflict with retransmission/duplication recovery (IEEE802.11-2012: 9.3.2.10). Patch introduces a new flag that is meant to be set for all individually reported A-MSDU subframes except the last one. This ensures the last_seq_ctrl is updated after the last subframe is processed. If an A-MSDU is actually a duplicate transmission all reported subframes will be properly discarded. Signed-off-by: NMichal Kazior <michal.kazior@tieto.com> [johannes: add braces that were missing even before] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 27 9月, 2013 1 次提交
-
-
由 Felix Fietkau 提交于
If an Ad-Hoc node receives packets with the Cell ID or its own MAC address as source address, it hits a WARN_ON in sta_info_insert_check() With many packets, this can massively spam the logs. One way that this can easily happen is through having Cisco APs in the area with rouge AP detection and countermeasures enabled. Such Cisco APs will regularly send fake beacons, disassoc and deauth packets that trigger these warnings. To fix this issue, drop such spoofed packets early in the rx path. Cc: stable@vger.kernel.org Reported-by: NThomas Huehn <thomas@net.t-labs.tu-berlin.de> Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 26 9月, 2013 1 次提交
-
-
由 Simon Wunderlich 提交于
This function adds the channel switch announcement implementation for the IBSS code. It is triggered by userspace (mac80211/cfg) or by external channel switch announcement, which have to be adopted. Both CSAs in beacons and action frames are supported. As for AP mode, the channel switch is applied after some time. However in IBSS mode, the channel switch IEs are generated in the kernel. Signed-off-by: NSimon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: NMathias Kretschmer <mathias.kretschmer@fokus.fraunhofer.de> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 23 8月, 2013 1 次提交
-
-
由 Vladimir Kondratiev 提交于
Add flags intended to report various auxiliary information and introduce the NL80211_RXMGMT_FLAG_ANSWERED flag to report that the frame was already answered by the device. Signed-off-by: NVladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> [REPLIED->ANSWERED, reword commit message] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 16 8月, 2013 1 次提交
-
-
由 Johan Almbladh 提交于
This patch decouples the power save processing from the frame decryption by running the decrypt rx handler after sta_process. In the case where the decryption failed for some reason, the stack used to not process the PM and MOREDATA bits for that frame. The stack now always performs power save processing regardless of the decryption result. That means that encrypted data frames and NULLFUNC frames are now handled in the same way regarding power save processing, making the stack more robust. Signed-off-by: NJohan Almbladh <ja@anyfi.net> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 16 7月, 2013 4 次提交
-
-
由 Simon Wunderlich 提交于
The various components accessing the bitrates table must use consider the used channel bandwidth to select only available rates or calculate the bitrate correctly. There are some rates in reduced bandwidth modes which can't be represented as multiples of 500kbps, like 2.25 MBit/s in 5 MHz mode. The standard suggests to round up to the next multiple of 500kbps, just do that in mac80211 as well. Signed-off-by: NSimon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: NMathias Kretschmer <mathias.kretschmer@fokus.fraunhofer.de> [make rate unsigned in ieee80211_add_tx_radiotap_header(), squash fix] Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
-
由 Simon Wunderlich 提交于
Wireshark already defines radiotap channel flags for 5 and 10 MHz, so just use them in Linux radiotap too. Furthermore, add rx status flags to allow drivers to report when they received data on 5 or 10 MHz channels. Signed-off-by: NSimon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: NMathias Kretschmer <mathias.kretschmer@fokus.fraunhofer.de> Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
-
由 Johannes Berg 提交于
When per-chain signal information is available, don't add the antenna field once but instead add a radiotap namespace for each chain containing the chain/antenna number and the signal strength on that chain. Signed-off-by: NJohannes Berg <johannes.berg@intel.com> Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
-
由 Johannes Berg 提交于
The duplicate retransmission detection code in mac80211 erroneously attempts to do the check for every frame, even frames that don't have a sequence control field or that don't use it (QoS-Null frames.) This is problematic because it causes the code to access data beyond the end of the SKB and depending on the data there will drop packets erroneously. Correct the code to not do duplicate detection for such frames. I found this error while testing AP powersave, it lead to retransmitted PS-Poll frames being dropped entirely as the data beyond the end of the SKB was always zero. Cc: stable@vger.kernel.org [all versions] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 04 6月, 2013 1 次提交
-
-
由 Johannes Berg 提交于
Do some cleanups in the cfg80211 SME APIs, which are only used by mac80211. Most of these functions get a frame passed, and there isn't really any reason to export multiple functions as cfg80211 can check the frame type instead, do that. Additionally, the API functions have confusing names like cfg80211_send_...() which was meant to indicate that it sends an event to userspace, but gets a bit confusing when there's both TX and RX and they're not all clearly labeled. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 24 5月, 2013 1 次提交
-
-
由 Oleksij Rempel 提交于
Some chips can tell us if received frame was encoded with STBC or not. To make this information available in user space we can use updated radiotap specification: http://www.radiotap.org/defined-fields/MCS This patch will set number of STBC encoded spatial streams (Nss). The HAVE_STBC flag should be provided by driver. Signed-off-by: NOleksij Rempel <linux@rempel-privat.de> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 17 5月, 2013 2 次提交
-
-
由 Johannes Berg 提交于
mac80211 and the Intel drivers all define crypto constants, move them to ieee80211.h instead. Reviewed-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Felix Fietkau 提交于
Signed-off-by: NFelix Fietkau <nbd@openwrt.org> [fix unit documentation] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-