- 13 5月, 2014 1 次提交
-
-
由 Emmanuel Grumbach 提交于
If the association is in progress while we suspend, the stack will be in a messed up state. Clean it before we suspend. This patch completes Johannes's patch: 1a1cb744 Author: Johannes Berg <johannes.berg@intel.com> mac80211: fix suspend vs. authentication race Cc: <stable@vger.kernel.org> Fixes: 12e7f517 ("mac80211: cleanup generic suspend/resume procedures") Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 09 5月, 2014 2 次提交
-
-
由 Eliad Peller 提交于
If sdata doesn't have a valid dev (e.g. in case of monitor vif), the vif_name field was initialized with (a length of) some short string, but later was set to a different, potentially larger one. This resulted in out-of-bounds write, which usually appeared as garbage in the trace log. Simply trace sdata->name, as it should always have the correct name for both cases. Signed-off-by: NEliad Peller <eliadx.peller@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
There are two (related) issues with this. One case, reported by Michal, is related to hostap: it unsets the 20/40 capability bit for stations that associate when it's in 20 MHz mode. The other case, reported by Eyal, is that some APs like Netgear R6300v2 and probably others based on the BCM4360 chipset can be configured for doing VHT at 20Mhz. In this case the beacon has a VHT IE but the HT cap indicates transmitter only support 20Mhz. In both of these cases, we currently avoid VHT and use only HT this means we can't use the highest rates (MCS8), so fixing this leads to throughput improvements. Reported-by: NMichal Kazior <michal.kazior@tieto.com> Reported-by: NEyal Shapira <eyal@wizery.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 05 5月, 2014 2 次提交
-
-
由 Eliad Peller 提交于
ieee80211_reconfig already holds rtnl, so calling cfg80211_sched_scan_stopped results in deadlock. Use the rtnl-version of this function instead. Fixes: d43c6b6e ("mac80211: reschedule sched scan after HW restart") Cc: stable@vger.kernel.org (3.14+) Signed-off-by: NEliad Peller <eliadx.peller@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Henning Rogge 提交于
Filter out incoming multicast packages before applying their bitrate to the rx bitrate station info field to prevent them from setting the rx bitrate to the basic multicast rate. Signed-off-by: NHenning Rogge <hrogge@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 22 4月, 2014 2 次提交
-
-
由 Bob Copeland 提交于
When using RTS/CTS, the CTS-to-Self bit in radiotap TX flags is getting set instead of the RTS bit. Set the correct one. Reported-by: NLarry Maxwell <larrymaxwell@agilemesh.com> Signed-off-by: NBob Copeland <bob@cozybit.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Chun-Yeow Yeoh 提交于
The patch "mac80211: implement SMPS for AP" has caused kernel oops at mesh STA if the peer mesh STA operates in sleep mode and then becomes active mode. It can be easily reproduced by setting the following commands at peer mesh STA: iw mesh0 station set aa:bb:cc:dd:ee:ff mesh_power_mode deep iw mesh0 station set aa:bb:cc:dd:ee:ff mesh_power_mode active Kernel oops will happen at mesh STA aa:bb:cc:dd:ee:ff. Fix this by avoiding SMPS for mesh mode. Signed-off-by: NChun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 11 4月, 2014 2 次提交
-
-
由 Felix Fietkau 提交于
Their power value is initialized to zero. This patch fixes an issue where the configured power drops to the minimum value when AP_VLAN interfaces are created/removed. Cc: stable@vger.kernel.org Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Felix Fietkau 提交于
Fixes warnings on tx power changes Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 09 4月, 2014 4 次提交
-
-
由 Chun-Yeow Yeoh 提交于
Rate controller in firmware may also return the Tx Rate used for management frame that is usually sent as lowest Tx Rate (1Mbps in 2.4GHz). So update the last_tx_rate only if it is data frame. This patch is tested with ath9k_htc. Signed-off-by: NChun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Michal Kazior 提交于
If chandef had non-HT width it was possible for radar_enabled update to not be propagated properly through drv_config(). This happened because ieee80211_hw_conf_chan() would never see different local->hw.conf.chandef and local->_oper_chandef. This wasn't a problem with HT chandefs because _oper_chandef width is reset to non-HT in ieee80211_free_chanctx() making ieee80211_hw_conf_chan() to kick in. This problem led (at least) ath10k to not start CAC if prior CAC was cancelled and both CACs were requested for identical non-HT chandefs. Signed-off-by: NMichal Kazior <michal.kazior@tieto.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Ido Yariv 提交于
All antennas should be operational when monitoring to maximize reception. Signed-off-by: NIdo Yariv <idox.yariv@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
Jouni reported that when doing off-channel transmissions mixed with on-channel transmissions, the on-channel ones ended up on the off-channel in some cases. The reason for that is that during the refactoring of the off- channel code, I lost the part that stopped all activity and as a consequence the on-channel frames (including data frames) were no longer queued but would be transmitted on the temporary channel. Fix this by simply restoring the lost activity stop call. Cc: stable@vger.kernel.org Fixes: 2eb278e0 ("mac80211: unify SW/offload remain-on-channel") Reported-by: NJouni Malinen <j@w1.fi> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 20 3月, 2014 7 次提交
-
-
由 Emmanuel Grumbach 提交于
Add a bit in rx_status.vht_flags to let the low level driver notify mac80211 about a beamformed packet. Propagate this to the radiotap header. Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Emmanuel Grumbach 提交于
On 2.4Ghz band, the channels overlap since the delta between different channels is 5Mhz while the width of the receiver is 20Mhz (at least). This means that we can hear beacons or probe responses from adjacent channels. These frames will have a significant lower RSSI which will feed all kinds of logic with inaccurate data. An obvious example is the roaming algorithm that will think our AP is getting weak and will try to move to another AP. In order to avoid this, update the signal only if the frame has been heard on the same channel as the one advertised by the AP in its DS / HT IEs. We refrain from updating the values only if the AP is already in the BSS list so that we will still have a valid (but inaccurate) value if the AP was heard on an adjacent channel only. To achieve this, stop taking the channel from DS / HT IEs in mac80211. The DS / HT IEs is taken into account to discard the frame if it was received on a disabled channel. This can happen due to the same phenomenon: the frame is sent on channel 12, but heard on channel 11 while channel 12 can be disabled on certain devices. Since this check is done in cfg80211, stop even checking this in mac80211. Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> [remove unused rx_freq variable] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Alexander Bondar 提交于
Assuming sched_scan_stop operation is synchronous the driver may not necessary call ieee80211_sched_scan_stopped_work. Since this work is the only place where sched_scan_sdata is released we can possibly run into situation when it is never released. Fix this by releasing it just after calling drv_sched_scan_stop. Signed-off-by: NAlexander Bondar <alexander.bondar@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Michael Braun 提交于
commit de74a1d9 "mac80211: fix WPA with VLAN on AP side with ps-sta" fixed an issue where queued multicast packets would be sent out encrypted with the key of an other bss. commit "7cbf9d01" "mac80211: fix oops on mesh PS broadcast forwarding" essentially reverted it, because vif.type cannot be AP_VLAN due to the check to vif.type in ieee80211_get_buffered_bc before. As the later commit intended to fix the MESH case, fix it by checking for IFTYPE_AP instead of IFTYPE_AP_VLAN. Cc: stable@vger.kernel.org Fixes: 7cbf9d01 ("mac80211: fix oops on mesh PS broadcast forwarding") Signed-off-by: NMichael Braun <michael-dev@fami-braun.de> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
Since Stanislaw's patch removing the quiescing code, mac80211 had a race regarding suspend vs. authentication: as cfg80211 doesn't track authentication attempts, it can't abort them. Therefore the attempts may be kept running while suspending, which can lead to all kinds of issues, in at least some cases causing an error in iwlmvm firmware. Fix this by aborting the authentication attempt when suspending. Cc: stable@vger.kernel.org Fixes: 12e7f517 ("mac80211: cleanup generic suspend/resume procedures") Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
When still authenticating the mac80211 code handling a deauthentication requests from userspace doesn't verify that the request is valid in any way, fix that. Additionally, it never returns an error, even if there's no connection or authentication attempt, fix that as well. While at it, move the message to not print a message in the error case and to distinguish between the two cases. Also simplify the code by duplicating the cfg80211 call. Reviewed-by: NLuciano Coelho <luciano.coelho@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
The bss struct might be freed in ieee80211_rx_bss_put(), so we shouldn't use it afterwards. Cc: stable@vger.kernel.org (3.10+) Fixes: 817cee76 ("mac80211: track AP's beacon rate and give it to the driver") Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 05 3月, 2014 1 次提交
-
-
由 Johannes Berg 提交于
Avoid leaking data by sending uninitialized memory and setting an invalid (non-zero) fragment number (the sequence number is ignored anyway) by setting the seq_ctrl field to zero. Cc: stable@vger.kernel.org Fixes: 3f52b7e3 ("mac80211: mesh power save basics") Fixes: ce662b44 ("mac80211: send (QoS) Null if no buffered frames") Reviewed-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 03 3月, 2014 3 次提交
-
-
由 Chun-Yeow Yeoh 提交于
Add missing update on the rx status vht flag of the last data packet. Otherwise, cfg80211_calculate_bitrate_vht may not consider the channel width resulting in wrong calculation of the received bitrate. Signed-off-by: NChun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Michal Kazior 提交于
The function was quite big. This splits out beacon updating into a separate function for improved maintenance and extension. Signed-off-by: NMichal Kazior <michal.kazior@tieto.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Eliad Peller 提交于
When calculating the current max bw required for a channel context, we didn't consider the virtual monitor interface, resulting in its channel context being narrower than configured. This broke monitor mode with iwlmvm, which uses the minimal width. Reported-by: NIdo Yariv <idox.yariv@intel.com> Signed-off-by: NEliad Peller <eliadx.peller@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 28 2月, 2014 1 次提交
-
-
由 Johannes Berg 提交于
When a VHT network uses 20 or 40 MHz as per the HT operation information, the channel center frequency segment 0 field in the VHT operation information is reserved, so ignore it. This fixes association with such networks when the AP puts 0 into the field, previously we'd disconnect due to an invalid channel with the message wlan0: AP VHT information is invalid, disable VHT Cc: stable@vger.kernel.org Fixes: f2d9d270 ("mac80211: support VHT association") Reported-by: NTim Nelson <tim.l.nelson@gmail.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 26 2月, 2014 1 次提交
-
-
由 Janusz Dziedzic 提交于
Send Channel Availability Check time as a parameter of start_radar_detection() callback. Get CAC time from regulatory database. Signed-off-by: NJanusz Dziedzic <janusz.dziedzic@tieto.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 24 2月, 2014 1 次提交
-
-
由 Johannes Berg 提交于
The MLME code in mac80211 must track whether or not the AP changed bandwidth, but if there's no change while tracking it shouldn't do anything, otherwise regulatory updates can make it impossible to connect to certain APs if the regulatory database doesn't match the information from the AP. See the precise scenario described in the code. This still leaves some possible problems with CSA or if the AP actually changed bandwidth, but those cases are less common and won't completely prevent using it. This fixes https://bugzilla.kernel.org/show_bug.cgi?id=70881 Cc: stable@vger.kernel.org Reported-and-tested-by: NNate Carlson <kernel@natecarlson.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 21 2月, 2014 2 次提交
-
-
由 Luciano Coelho 提交于
Error codes returned by cfg80211_chandef_dfs_required() are ignored when trying to join an IBSS. Fix this by printing an error and returning. Signed-off-by: NLuciano Coelho <luciano.coelho@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Luciano Coelho 提交于
Previously we were warning and using automatic when a driver sent an update request with SMPS off. This patch makes it possible for drivers to disable SMPS at runtime, for whatever reason. Signed-off-by: NLuciano Coelho <luciano.coelho@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 20 2月, 2014 5 次提交
-
-
由 Johannes Berg 提交于
In order to solve races with sched_scan_stop, it is necessary for the driver to be able to return an error to propagate that to cfg80211 so it doesn't send an event. Reviewed-by: NAlexander Bondar <alexander.bondar@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Sunil Dutt Undekari 提交于
While framing the TDLS Setup Confirmation frame, the driver needs to know if the TDLS peer is VHT/HT/WMM capable and thus shall construct the VHT/HT operation / WMM parameter elements accordingly. Supplicant determines if the TDLS peer is VHT/HT/WMM capable based on the presence of the respective IEs in the received TDLS Setup Response frame. The host driver should not need to parse the received TDLS Response frame and thus, should be able to rely on the supplicant to indicate the capability of the peer through additional flags while transmitting the TDLS Setup Confirmation frame through tdls_mgmt operations. Signed-off-by: NSunil Dutt Undekari <usdutt@qti.qualcomm.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
Consider the following (relatively unlikely) scenario: 1) station goes to sleep while frames are buffered in driver 2) driver blocks wakeup (until no more frames are buffered) 3) station wakes up again 4) driver unblocks wakeup In this case, the current mac80211 code will do the following: 1) WLAN_STA_PS_STA set 2) WLAN_STA_PS_DRIVER set 3) - nothing - 4) WLAN_STA_PS_DRIVER cleared As a result, no frames will be delivered to the client, even though it is awake, until it sends another frame to us that triggers ieee80211_sta_ps_deliver_wakeup() in sta_ps_end(). Since we now take the PS spinlock, we can fix this while at the same time removing the complexity with the pending skb queue function. This was broken since my commit 50a9432d ("mac80211: fix powersaving clients races") due to removing the clearing of WLAN_STA_PS_STA in the RX path. While at it, fix a cleanup path issue when a station is removed while the driver is still blocking its wakeup. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
There's a race condition in mac80211 because we add stations to the internal lists after adding them to the driver, which means that (for example) the following can happen: 1. a station connects and is added 2. first, it is added to the driver 3. then, it is added to the mac80211 lists If the station goes to sleep between steps 2 and 3, and the firmware/hardware records it as being asleep, mac80211 will never instruct the driver to wake it up again as it never realized it went to sleep since the RX path discarded the frame as a "spurious class 3 frame", no station entry was present yet. Fix this by adding the station in software first, and only then adding it to the driver. That way, any state that the driver changes will be reflected properly in mac80211's station state. The problematic part is the roll-back if the driver fails to add the station, in that case a bit more is needed. To not make that overly complex prevent starting BA sessions in the meantime. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Emmanuel Grumbach 提交于
There is a race between the TX path and the STA wakeup: while a station is sleeping, mac80211 buffers frames until it wakes up, then the frames are transmitted. However, the RX and TX path are concurrent, so the packet indicating wakeup can be processed while a packet is being transmitted. This can lead to a situation where the buffered frames list is emptied on the one side, while a frame is being added on the other side, as the station is still seen as sleeping in the TX path. As a result, the newly added frame will not be send anytime soon. It might be sent much later (and out of order) when the station goes to sleep and wakes up the next time. Additionally, it can lead to the crash below. Fix all this by synchronising both paths with a new lock. Both path are not fastpath since they handle PS situations. In a later patch we'll remove the extra skb queue locks to reduce locking overhead. BUG: unable to handle kernel NULL pointer dereference at 000000b0 IP: [<ff6f1791>] ieee80211_report_used_skb+0x11/0x3e0 [mac80211] *pde = 00000000 Oops: 0000 [#1] SMP DEBUG_PAGEALLOC EIP: 0060:[<ff6f1791>] EFLAGS: 00210282 CPU: 1 EIP is at ieee80211_report_used_skb+0x11/0x3e0 [mac80211] EAX: e5900da0 EBX: 00000000 ECX: 00000001 EDX: 00000000 ESI: e41d00c0 EDI: e5900da0 EBP: ebe458e4 ESP: ebe458b0 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 CR0: 8005003b CR2: 000000b0 CR3: 25a78000 CR4: 000407d0 DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 DR6: ffff0ff0 DR7: 00000400 Process iperf (pid: 3934, ti=ebe44000 task=e757c0b0 task.ti=ebe44000) iwlwifi 0000:02:00.0: I iwl_pcie_enqueue_hcmd Sending command LQ_CMD (#4e), seq: 0x0903, 92 bytes at 3[3]:9 Stack: e403b32c ebe458c4 00200002 00200286 e403b338 ebe458cc c10960bb e5900da0 ff76a6ec ebe458d8 00000000 e41d00c0 e5900da0 ebe458f0 ff6f1b75 e403b210 ebe4598c ff723dc1 00000000 ff76a6ec e597c978 e403b758 00000002 00000002 Call Trace: [<ff6f1b75>] ieee80211_free_txskb+0x15/0x20 [mac80211] [<ff723dc1>] invoke_tx_handlers+0x1661/0x1780 [mac80211] [<ff7248a5>] ieee80211_tx+0x75/0x100 [mac80211] [<ff7249bf>] ieee80211_xmit+0x8f/0xc0 [mac80211] [<ff72550e>] ieee80211_subif_start_xmit+0x4fe/0xe20 [mac80211] [<c149ef70>] dev_hard_start_xmit+0x450/0x950 [<c14b9aa9>] sch_direct_xmit+0xa9/0x250 [<c14b9c9b>] __qdisc_run+0x4b/0x150 [<c149f732>] dev_queue_xmit+0x2c2/0xca0 Cc: stable@vger.kernel.org Reported-by: NYaara Rozenblum <yaara.rozenblum@intel.com> Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Reviewed-by: NStanislaw Gruszka <sgruszka@redhat.com> [reword commit log, use a separate lock] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 17 2月, 2014 1 次提交
-
-
由 Daniel Borkmann 提交于
Add a new argument for ndo_select_queue() callback that passes a fallback handler. This gets invoked through netdev_pick_tx(); fallback handler is currently __netdev_pick_tx() as most drivers invoke this function within their customized implementation in case for skbs that don't need any special handling. This fallback handler can then be replaced on other call-sites with different queue selection methods (e.g. in packet sockets, pktgen etc). This also has the nice side-effect that __netdev_pick_tx() is then only invoked from netdev_pick_tx() and export of that function to modules can be undone. Suggested-by: NDavid S. Miller <davem@davemloft.net> Signed-off-by: NDaniel Borkmann <dborkman@redhat.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 13 2月, 2014 1 次提交
-
-
由 Johannes Berg 提交于
NAPI was originally added to mac80211 a long time ago (by John in commit 4e6cbfd0 in July 2010), but then removed years later (by Stanislaw in commit 30c97120 in February 2013). No driver ever used it, so that was fine. Now I'm adding support for NAPI to our driver, so add some code to mac80211 again to support NAPI. John was originally wrapping some (but not nearly all NAPI-related functions), but that doesn't scale very well with the number of functions that are there, some of which are even only inlines. Thus, instead of doing that, let the drivers manage the NAPI struct, except for napi_add() which is needed so mac80211 knows how to call napi_gro_receive(). Also remove some no longer needed definitions that were left when NAPI support was removed. Reviewed-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Reviewed-by: NEyal Shapira <eyal@wizery.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 12 2月, 2014 3 次提交
-
-
由 Calvin Owens 提交于
Create a function to return a descriptive string for each reason code, and print that in addition to the numeric value in the kernel log. These codes are easily found on popular search engines, but one is generally not able to access the internet when dealing with wireless connectivity issues. Signed-off-by: NCalvin Owens <jcalvinowens@gmail.com> [use 'unknown' rather than 'invalid' since more valid codes exist] Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Johannes Berg 提交于
There's no need to start iterating the list only to break on the first item, just use !list_empty() and also simplify the whole conditional into a single expression. Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
由 Felix Fietkau 提交于
Improves reliability of wifi connections with WPA, since authentication frames are prioritized over normal traffic and also typically exempt from aggregation. Cc: stable@vger.kernel.org Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-
- 11 2月, 2014 1 次提交
-
-
由 David Spinadel 提交于
Remove size of SSID IE from the IE buffer in scan and sched scan, since this IE isn't added to this buffer. Reviewed-by: NEliad Peller <eliad@wizery.com> Reviewed-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com> Reviewed-by: NAlexander Bondar <alexander.bondar@intel.com> Signed-off-by: NDavid Spinadel <david.spinadel@intel.com> Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
-