1. 13 5月, 2014 1 次提交
  2. 09 5月, 2014 2 次提交
    • E
      mac80211: fix vif name tracing · f9ac71bf
      Eliad Peller 提交于
      If sdata doesn't have a valid dev (e.g. in case of monitor
      vif), the vif_name field was initialized with (a length of)
      some short string, but later was set to a different,
      potentially larger one.
      
      This resulted in out-of-bounds write, which usually
      appeared as garbage in the trace log.
      
      Simply trace sdata->name, as it should always have the
      correct name for both cases.
      Signed-off-by: NEliad Peller <eliadx.peller@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      f9ac71bf
    • J
      mac80211: allow VHT with peers not capable of 40MHz · 4a817aa7
      Johannes Berg 提交于
      There are two (related) issues with this.
      
      One case, reported by Michal, is related to hostap: it unsets the
      20/40 capability bit for stations that associate when it's in 20
      MHz mode.
      
      The other case, reported by Eyal, is that some APs like Netgear
      R6300v2 and probably others based on the BCM4360 chipset can be
      configured for doing VHT at 20Mhz. In this case the beacon has
      a VHT IE but the HT cap indicates transmitter only support 20Mhz.
      
      In both of these cases, we currently avoid VHT and use only HT
      this means we can't use the highest rates (MCS8), so fixing this
      leads to throughput improvements.
      Reported-by: NMichal Kazior <michal.kazior@tieto.com>
      Reported-by: NEyal Shapira <eyal@wizery.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      4a817aa7
  3. 05 5月, 2014 2 次提交
  4. 22 4月, 2014 2 次提交
  5. 11 4月, 2014 2 次提交
  6. 09 4月, 2014 4 次提交
  7. 20 3月, 2014 7 次提交
  8. 05 3月, 2014 1 次提交
  9. 03 3月, 2014 3 次提交
  10. 28 2月, 2014 1 次提交
  11. 26 2月, 2014 1 次提交
  12. 24 2月, 2014 1 次提交
  13. 21 2月, 2014 2 次提交
  14. 20 2月, 2014 5 次提交
    • J
      mac80211: allow driver to return error from sched_scan_stop · 37e3308c
      Johannes Berg 提交于
      In order to solve races with sched_scan_stop, it is necessary
      for the driver to be able to return an error to propagate that
      to cfg80211 so it doesn't send an event.
      Reviewed-by: NAlexander Bondar <alexander.bondar@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      37e3308c
    • S
      cfg80211: Pass TDLS peer capability information in tdls_mgmt · df942e7b
      Sunil Dutt Undekari 提交于
      While framing the TDLS Setup Confirmation frame, the driver needs to
      know if the TDLS peer is VHT/HT/WMM capable and thus shall construct
      the VHT/HT operation / WMM parameter elements accordingly. Supplicant
      determines if the TDLS peer is VHT/HT/WMM capable based on the
      presence of the respective IEs in the received TDLS Setup Response frame.
      
      The host driver should not need to parse the received TDLS Response
      frame and thus, should be able to rely on the supplicant to indicate
      the capability of the peer through additional flags while transmitting
      the TDLS Setup Confirmation frame through tdls_mgmt operations.
      Signed-off-by: NSunil Dutt Undekari <usdutt@qti.qualcomm.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      df942e7b
    • J
      mac80211: fix station wakeup powersave race · e3685e03
      Johannes Berg 提交于
      Consider the following (relatively unlikely) scenario:
       1) station goes to sleep while frames are buffered in driver
       2) driver blocks wakeup (until no more frames are buffered)
       3) station wakes up again
       4) driver unblocks wakeup
      
      In this case, the current mac80211 code will do the following:
       1) WLAN_STA_PS_STA set
       2) WLAN_STA_PS_DRIVER set
       3) - nothing -
       4) WLAN_STA_PS_DRIVER cleared
      
      As a result, no frames will be delivered to the client, even
      though it is awake, until it sends another frame to us that
      triggers ieee80211_sta_ps_deliver_wakeup() in sta_ps_end().
      
      Since we now take the PS spinlock, we can fix this while at
      the same time removing the complexity with the pending skb
      queue function. This was broken since my commit 50a9432d
      ("mac80211: fix powersaving clients races") due to removing
      the clearing of WLAN_STA_PS_STA in the RX path.
      
      While at it, fix a cleanup path issue when a station is
      removed while the driver is still blocking its wakeup.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      e3685e03
    • J
      mac80211: insert stations before adding to driver · 5108ca82
      Johannes Berg 提交于
      There's a race condition in mac80211 because we add stations
      to the internal lists after adding them to the driver, which
      means that (for example) the following can happen:
       1. a station connects and is added
       2. first, it is added to the driver
       3. then, it is added to the mac80211 lists
      
      If the station goes to sleep between steps 2 and 3, and the
      firmware/hardware records it as being asleep, mac80211 will
      never instruct the driver to wake it up again as it never
      realized it went to sleep since the RX path discarded the
      frame as a "spurious class 3 frame", no station entry was
      present yet.
      
      Fix this by adding the station in software first, and only
      then adding it to the driver. That way, any state that the
      driver changes will be reflected properly in mac80211's
      station state. The problematic part is the roll-back if the
      driver fails to add the station, in that case a bit more is
      needed. To not make that overly complex prevent starting BA
      sessions in the meantime.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      5108ca82
    • E
      mac80211: fix AP powersave TX vs. wakeup race · 1d147bfa
      Emmanuel Grumbach 提交于
      There is a race between the TX path and the STA wakeup: while
      a station is sleeping, mac80211 buffers frames until it wakes
      up, then the frames are transmitted. However, the RX and TX
      path are concurrent, so the packet indicating wakeup can be
      processed while a packet is being transmitted.
      
      This can lead to a situation where the buffered frames list
      is emptied on the one side, while a frame is being added on
      the other side, as the station is still seen as sleeping in
      the TX path.
      
      As a result, the newly added frame will not be send anytime
      soon. It might be sent much later (and out of order) when the
      station goes to sleep and wakes up the next time.
      
      Additionally, it can lead to the crash below.
      
      Fix all this by synchronising both paths with a new lock.
      Both path are not fastpath since they handle PS situations.
      
      In a later patch we'll remove the extra skb queue locks to
      reduce locking overhead.
      
      BUG: unable to handle kernel
      NULL pointer dereference at 000000b0
      IP: [<ff6f1791>] ieee80211_report_used_skb+0x11/0x3e0 [mac80211]
      *pde = 00000000
      Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
      EIP: 0060:[<ff6f1791>] EFLAGS: 00210282 CPU: 1
      EIP is at ieee80211_report_used_skb+0x11/0x3e0 [mac80211]
      EAX: e5900da0 EBX: 00000000 ECX: 00000001 EDX: 00000000
      ESI: e41d00c0 EDI: e5900da0 EBP: ebe458e4 ESP: ebe458b0
       DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
      CR0: 8005003b CR2: 000000b0 CR3: 25a78000 CR4: 000407d0
      DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
      DR6: ffff0ff0 DR7: 00000400
      Process iperf (pid: 3934, ti=ebe44000 task=e757c0b0 task.ti=ebe44000)
      iwlwifi 0000:02:00.0: I iwl_pcie_enqueue_hcmd Sending command LQ_CMD (#4e), seq: 0x0903, 92 bytes at 3[3]:9
      Stack:
       e403b32c ebe458c4 00200002 00200286 e403b338 ebe458cc c10960bb e5900da0
       ff76a6ec ebe458d8 00000000 e41d00c0 e5900da0 ebe458f0 ff6f1b75 e403b210
       ebe4598c ff723dc1 00000000 ff76a6ec e597c978 e403b758 00000002 00000002
      Call Trace:
       [<ff6f1b75>] ieee80211_free_txskb+0x15/0x20 [mac80211]
       [<ff723dc1>] invoke_tx_handlers+0x1661/0x1780 [mac80211]
       [<ff7248a5>] ieee80211_tx+0x75/0x100 [mac80211]
       [<ff7249bf>] ieee80211_xmit+0x8f/0xc0 [mac80211]
       [<ff72550e>] ieee80211_subif_start_xmit+0x4fe/0xe20 [mac80211]
       [<c149ef70>] dev_hard_start_xmit+0x450/0x950
       [<c14b9aa9>] sch_direct_xmit+0xa9/0x250
       [<c14b9c9b>] __qdisc_run+0x4b/0x150
       [<c149f732>] dev_queue_xmit+0x2c2/0xca0
      
      Cc: stable@vger.kernel.org
      Reported-by: NYaara Rozenblum <yaara.rozenblum@intel.com>
      Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Reviewed-by: NStanislaw Gruszka <sgruszka@redhat.com>
      [reword commit log, use a separate lock]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      1d147bfa
  15. 17 2月, 2014 1 次提交
  16. 13 2月, 2014 1 次提交
    • J
      mac80211: add NAPI support back · 06d181a8
      Johannes Berg 提交于
      NAPI was originally added to mac80211 a long time ago (by John in
      commit 4e6cbfd0 in July 2010), but then removed years later
      (by Stanislaw in commit 30c97120 in February 2013). No driver
      ever used it, so that was fine.
      
      Now I'm adding support for NAPI to our driver, so add some code
      to mac80211 again  to support NAPI. John was originally wrapping
      some (but not nearly all NAPI-related functions), but that doesn't
      scale very well with the number of functions that are there, some
      of which are even only inlines. Thus, instead of doing that, let
      the drivers manage the NAPI struct, except for napi_add() which is
      needed so mac80211 knows how to call napi_gro_receive().
      
      Also remove some no longer needed definitions that were left when
      NAPI support was removed.
      Reviewed-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Reviewed-by: NEyal Shapira <eyal@wizery.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      06d181a8
  17. 12 2月, 2014 3 次提交
  18. 11 2月, 2014 1 次提交