1. 17 7月, 2015 5 次提交
  2. 23 6月, 2015 1 次提交
    • D
      module: add per-module param_lock · b51d23e4
      Dan Streetman 提交于
      Add a "param_lock" mutex to each module, and update params.c to use
      the correct built-in or module mutex while locking kernel params.
      Remove the kparam_block_sysfs_r/w() macros, replace them with direct
      calls to kernel_param_[un]lock(module).
      
      The kernel param code currently uses a single mutex to protect
      modification of any and all kernel params.  While this generally works,
      there is one specific problem with it; a module callback function
      cannot safely load another module, i.e. with request_module() or even
      with indirect calls such as crypto_has_alg().  If the module to be
      loaded has any of its params configured (e.g. with a /etc/modprobe.d/*
      config file), then the attempt will result in a deadlock between the
      first module param callback waiting for modprobe, and modprobe trying to
      lock the single kernel param mutex to set the new module's param.
      
      This fixes that by using per-module mutexes, so that each individual module
      is protected against concurrent changes in its own kernel params, but is
      not blocked by changes to other module params.  All built-in modules
      continue to use the built-in mutex, since they will always be loaded at
      runtime and references (e.g. request_module(), crypto_has_alg()) to them
      will never cause load-time param changing.
      
      This also simplifies the interface used by modules to block sysfs access
      to their params; while there are currently functions to block and unblock
      sysfs param access which are split up by read and write and expect a single
      kernel param to be passed, their actual operation is identical and applies
      to all params, not just the one passed to them; they simply lock and unlock
      the global param mutex.  They are replaced with direct calls to
      kernel_param_[un]lock(THIS_MODULE), which locks THIS_MODULE's param_lock, or
      if the module is built-in, it locks the built-in mutex.
      Suggested-by: NRusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: NDan Streetman <ddstreet@ieee.org>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      b51d23e4
  3. 22 6月, 2015 1 次提交
    • J
      mac80211: fix locking in update_vlan_tailroom_need_count() · 51f458d9
      Johannes Berg 提交于
      Unfortunately, Michal's change to fix AP_VLAN crypto tailroom
      caused a locking issue that was reported by lockdep, but only
      in a few cases - the issue was a classic ABBA deadlock caused
      by taking the mtx after the key_mtx, where normally they're
      taken the other way around.
      
      As the key mutex protects the field in question (I'm adding a
      few annotations to make that clear) only the iteration needs
      to be protected, but we can also iterate the interface list
      with just RCU protection while holding the key mutex.
      
      Fixes: f9dca80b ("mac80211: fix AP_VLAN crypto tailroom calculation")
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      51f458d9
  4. 10 6月, 2015 8 次提交
    • J
      mac80211: convert HW flags to unsigned long bitmap · 30686bf7
      Johannes Berg 提交于
      As we're running out of hardware capability flags pretty quickly,
      convert them to use the regular test_bit() style unsigned long
      bitmaps.
      
      This introduces a number of helper functions/macros to set and to
      test the bits, along with new debugfs code.
      
      The occurrences of an explicit __clear_bit() are intentional, the
      drivers were never supposed to change their supported bits on the
      fly. We should investigate changing this to be a per-frame flag.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      30686bf7
    • A
      mac80211: Fix a case of incorrect metric used when forwarding a PREQ · 5ec596c4
      Alexis Green 提交于
      This patch fixes a bug in hwmp_preq_frame_process where the wrong metric
      can be used when forwarding a PREQ. This happens because the code uses
      the same metric variable to record the value of the metric to the source
      of the PREQ and the value of the metric to the target of the PREQ.
      
      This comes into play when both reply and forward are set which happens
      when IEEE80211_PREQ_PROACTIVE_PREP_FLAG is set and when MP_F_DO | MP_F_RF
      is set. The original code had a special case to handle the first case
      but not the second.
      
      The patch uses distinct variables for the two metrics which makes the
      code flow much clearer and removes the need to restore the original
      value of metric when forwarding.
      Signed-off-by: NAlexis Green <agreen@cococorp.com>
      CC: Jesse Jones <jjones@cococorp.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      5ec596c4
    • A
      mac80211: Always check rates and capabilities in mesh mode · e060e7ad
      Alexis Green 提交于
      In mesh mode there is a race between establishing links and processing
      rates and capabilities in beacons. This is very noticeable with slow
      beacons (e.g. beacon intervals of 1s) and manifested for us as stations
      using minstrel when minstrel_ht should be used. Fixed by changing
      mesh_sta_info_init so that it always checks rates and such if it has not
      already done so.
      Signed-off-by: NAlexis Green <agreen@cococorp.com>
      CC: Jesse Jones <jjones@cococorp.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      e060e7ad
    • C
      mac80211: fix the beacon csa counter for mesh and ibss · 8df734e8
      Chun-Yeow Yeoh 提交于
      The csa counter has moved from sdata to beacon/presp but
      it is not updated accordingly for mesh and ibss. Fix this.
      
      Fixes: af296bdb ("mac80211: move csa counters from sdata to beacon/presp")
      Signed-off-by: NChun-Yeow Yeoh <yeohchunyeow@gmail.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      8df734e8
    • A
      mac80211: Fix incorrectly named last_hop_metric variable in mesh_rx_path_sel_frame · afd2efb9
      Alexis Green 提交于
      The last hop metric should refer to link cost (this is how
      hwmp_route_info_get uses it for example). But in mesh_rx_path_sel_frame
      we are not dealing with link cost but with the total cost to the origin
      of a PREQ or PREP.
      Signed-off-by: NAlexis Green <agreen@cococorp.com>
      CC: Jesse Jones <jjones@cococorp.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      afd2efb9
    • S
      mac80211: ignore invalid scan RSSI values · 74d803b6
      Sara Sharon 提交于
      Channels in 2.4GHz band overlap, this means that if we
      send a probe request on channel 1 and then move to channel
      2, we will hear the probe response on channel 2. In this
      case, the RSSI will be lower than if we had heard it on
      the channel on which it was sent (1 in this case).
      
      The scan result ignores those invalid values and the
      station last signal should not be updated as well.
      
      In case the scan determines the signal to be invalid turn on
      the flag so the station last signal will not be updated with
      the value and thus user space probing for NL80211_STA_INFO_SIGNAL
      and NL80211_STA_INFO_SIGNAL_AVG will not get this invalid RSSI
      value.
      Signed-off-by: NSara Sharon <sara.sharon@intel.com>
      Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      74d803b6
    • M
      mac80211: release channel on auth failure · d01f858c
      Michal Kazior 提交于
      There were a few rare cases when upon
      authentication failure channel wasn't released.
      This could cause stale pointers to remain in
      chanctx assigned_vifs after interface removal and
      trigger general protection fault later.
      
      This could be triggered, e.g. on ath10k with the
      following steps:
      
       1. start an AP
       2. create 2 extra vifs on ath10k host
       3. connect vif1 to the AP
       4. connect vif2 to the AP
          (auth fails because ath10k firmware isn't able
           to maintain 2 peers with colliding AP mac
           addresses across vifs and consequently
           refuses sta_info_insert() in
           ieee80211_prep_connection())
       5. remove the 2 extra vifs
       6. goto step 2; at step 3 kernel was crashing:
      
       general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC
       Modules linked in: ath10k_pci ath10k_core ath
       ...
       Call Trace:
        [<ffffffff81a2dabb>] ieee80211_check_combinations+0x22b/0x290
        [<ffffffff819fb825>] ? ieee80211_check_concurrent_iface+0x125/0x220
        [<ffffffff8180f664>] ? netpoll_poll_disable+0x84/0x100
        [<ffffffff819fb833>] ieee80211_check_concurrent_iface+0x133/0x220
        [<ffffffff81a0029e>] ieee80211_open+0x3e/0x80
        [<ffffffff817f2d26>] __dev_open+0xb6/0x130
        [<ffffffff817f3051>] __dev_change_flags+0xa1/0x170
       ...
       RIP  [<ffffffff81a23140>] ieee80211_chanctx_radar_detect+0xa0/0x170
      
       (gdb) l * ieee80211_chanctx_radar_detect+0xa0
       0xffffffff81a23140 is in ieee80211_chanctx_radar_detect (/devel/src/linux/net/mac80211/util.c:3182).
       3177             */
       3178            WARN_ON(ctx->replace_state == IEEE80211_CHANCTX_REPLACES_OTHER &&
       3179                    !list_empty(&ctx->assigned_vifs));
       3180
       3181            list_for_each_entry(sdata, &ctx->assigned_vifs, assigned_chanctx_list)
       3182                    if (sdata->radar_required)
       3183                            radar_detect |= BIT(sdata->vif.bss_conf.chandef.width);
       3184
       3185            return radar_detect;
      Signed-off-by: NMichal Kazior <michal.kazior@tieto.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      d01f858c
    • J
      mac80211: handle aggregation session timeout on fast-xmit path · 472be00d
      Johannes Berg 提交于
      The conversion to the fast-xmit path lost proper aggregation session
      timeout handling - the last_tx wasn't set on that path and the timer
      would therefore incorrectly tear down the session periodically (with
      those drivers/rate control algorithms that have a timeout.)
      
      In case of iwlwifi, this was every 5 seconds and caused significant
      throughput degradation.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      472be00d
  5. 03 6月, 2015 2 次提交
  6. 02 6月, 2015 3 次提交
    • J
      mac80211: stop using pointers as userspace cookies · 3b79af97
      Johannes Berg 提交于
      Even if the pointers are really only accessible to root and used
      pretty much only by wpa_supplicant, this is still not great; even
      for debugging it'd be easier to have something that's easier to
      read and guaranteed to never get reused.
      
      With the recent change to make mac80211 create an ack_skb for the
      mgmt-tx path this becomes possible, only the client probe method
      needs to also allocate an ack_skb, and we can store the cookie in
      that skb.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      3b79af97
    • J
      mac80211: copy nl80211 mgmt TX SKB for status · b2eb0ee6
      Johannes Berg 提交于
      When we return the TX status for an nl80211 mgmt TX SKB, we
      should also return the original frame with the status to
      allow userspace to match up the submission (it could also
      use the cookie but both ways are permissible.)
      
      As TX SKBs could be encrypted, at least in the case of ANQP
      while associated with the AP, copy the original SKB, store
      it with an ACK frame ID and restructure the status path to
      use that to return status with the original SKB. Otherwise,
      userspace (in particular wpa_supplicant) will get confused.
      Reported-by: NMatti Gottlieb <matti.gottlieb@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      b2eb0ee6
    • J
      mac80211: move TX PN to public part of key struct · db388a56
      Johannes Berg 提交于
      For drivers supporting TSO or similar features, but that still have
      PN assignment in software, there's a need to have some memory to
      store the current PN value. As mac80211 already stores this and it's
      somewhat complicated to add a per-driver area to the key struct (due
      to the dynamic sizing thereof) it makes sense to just move the TX PN
      to the keyconf, i.e. the public part of the key struct.
      
      As TKIP is more complicated and we won't able to offload it in this
      way right now (fast-xmit is skipped for TKIP unless the HW does it
      all, and our hardware needs MMIC calculation in software) I've not
      moved that for now - it's possible but requires exposing a lot of
      the internal TKIP state.
      
      As an bonus side effect, we can remove a lot of code by assuming the
      keyseq struct has a certain layout - with BUILD_BUG_ON to verify it.
      
      This might also improve performance, since now TX and RX no longer
      share a cacheline.
      Reviewed-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      db388a56
  7. 01 6月, 2015 1 次提交
    • J
      mac80211: act upon and report deauth while associating · c9c99f89
      Johannes Berg 提交于
      When trying to associate, the AP could send a deauth frame instead.
      Currently mac80211 drops that frame and doesn't report it to the
      supplicant, which, in some versions and/or in certain circumstances
      will simply keep trying to associate over and over again instead of
      trying authentication again.
      
      Fix this by reacting to deauth frames while associating, reporting
      them to the supplicant and dropping the association attempt (which
      is bound to fail.)
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      c9c99f89
  8. 29 5月, 2015 1 次提交
    • M
      mac80211: prevent possible crypto tx tailroom corruption · ab499db8
      Michal Kazior 提交于
      There was a possible race between
      ieee80211_reconfig() and
      ieee80211_delayed_tailroom_dec(). This could
      result in inability to transmit data if driver
      crashed during roaming or rekeying and subsequent
      skbs with insufficient tailroom appeared.
      
      This race was probably never seen in the wild
      because a device driver would have to crash AND
      recover within 0.5s which is very unlikely.
      
      I was able to prove this race exists after
      changing the delay to 10s locally and crashing
      ath10k via debugfs immediately after GTK
      rekeying. In case of ath10k the counter went below
      0. This was harmless but other drivers which
      actually require tailroom (e.g. for WEP ICV or
      MMIC) could end up with the counter at 0 instead
      of >0 and introduce insufficient skb tailroom
      failures because mac80211 would not resize skbs
      appropriately anymore.
      
      Fixes: 8d1f7ecd ("mac80211: defer tailroom counter manipulation when roaming")
      Signed-off-by: NMichal Kazior <michal.kazior@tieto.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      ab499db8
  9. 28 5月, 2015 1 次提交
  10. 20 5月, 2015 5 次提交
    • A
      mac80211: disconnect TDLS stations on STA CSA · c5a71688
      Arik Nemtsov 提交于
      When a station does a channel switch, it's not well defined what its TDLS
      peers would do. Avoid a situation when the local side marks a potentially
      disconnected peer as a TDLS peer.
      Keeping peers connected through CSA is doubly problematic with the upcoming
      TDLS WIDER-BW feature which allows peers to widen the BSS channel. The
      new channel transitioned-to might not be compatible and would require
      a re-negotiation anyway.
      
      Make sure to disallow new TDLS link during CSA.
      Signed-off-by: NArik Nemtsov <arikx.nemtsov@intel.com>
      Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      c5a71688
    • M
      mac80211: fix AP_VLAN crypto tailroom calculation · f9dca80b
      Michal Kazior 提交于
      Some splats I was seeing:
      
       (a) WARNING: CPU: 1 PID: 0 at /devel/src/linux/net/mac80211/wep.c:102 ieee80211_wep_add_iv
       (b) WARNING: CPU: 1 PID: 0 at /devel/src/linux/net/mac80211/wpa.c:73 ieee80211_tx_h_michael_mic_add
       (c) WARNING: CPU: 3 PID: 0 at /devel/src/linux/net/mac80211/wpa.c:433 ieee80211_crypto_ccmp_encrypt
      
      I've seen (a) and (b) with ath9k hw crypto and (c)
      with ath9k sw crypto. All of them were related to
      insufficient skb tailroom and I was able to
      trigger these with ping6 program.
      
      AP_VLANs may inherit crypto keys from parent AP.
      This wasn't considered and yielded problems in
      some setups resulting in inability to transmit
      data because mac80211 wouldn't resize skbs when
      necessary and subsequently drop some packets due
      to insufficient tailroom.
      
      For efficiency purposes don't inspect both AP_VLAN
      and AP sdata looking for tailroom counter. Instead
      update AP_VLAN tailroom counters whenever their
      master AP tailroom counter changes.
      Signed-off-by: NMichal Kazior <michal.kazior@tieto.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      f9dca80b
    • J
      mac80211: don't split remain-on-channel for coalescing · 252ec2b3
      Johannes Berg 提交于
      Due to remain-on-channel scheduling delays, when we split an ROC
      while coalescing, we'll usually get a picture like this:
      
      existing ROC:  |------------------|
      current time:              ^
      new ROC:                   |------|              |-------|
      
      If the expected response frames are then transmitted by the peer
      in the hole between the two fragments of the new ROC, we miss
      them and the process (e.g. ANQP query) fails.
      
      mac80211 expects that the window to miss something is small:
      
      existing ROC:  |------------------|
      new ROC:                   |------||-------|
      
      but that's normally not the case.
      
      To avoid this problem, coalesce only if the new ROC's duration
      is <= the remaining time on the existing one:
      
      existing ROC:  |------------------|
      new ROC:                   |-----|
      
      and never split a new one but schedule it afterwards instead:
      
      existing ROC:  |------------------|
      new ROC:                                       |-------------|
      
      type=bugfix
      bug=not-tracked
      fixes=unknown
      Reported-by: NMatti Gottlieb <matti.gottlieb@intel.com>
      Reviewed-by: NEliadX Peller <eliad@wizery.com>
      Reviewed-by: NMatti Gottlieb <matti.gottlieb@intel.com>
      Tested-by: NMatti Gottlieb <matti.gottlieb@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      252ec2b3
    • M
      mac80211: check fast-xmit on station change · 464daaf0
      Michal Kazior 提交于
      Drivers with fast-xmit (e.g. ath10k) running in
      AP_VLAN setups would fail to communicate with
      connected 4addr stations.
      
      The reason was when new station associates it
      first goes into master AP interface. It is not
      until later that a dedicated AP_VLAN is created
      for it and the station itself is moved there.
      After that Tx directed at the station should use
      4addr header. However fast-xmit wasn't
      recalculated and 3addr header remained to be used.
      This in turn caused the connected 4addr stations
      to drop packets coming from the AP until some
      other event would cause fast-xmit to recalculate
      for that station (which could never come).
      Signed-off-by: NMichal Kazior <michal.kazior@tieto.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      464daaf0
    • J
      mac80211: fix memory leak · 94c78cb4
      Johannes Berg 提交于
      My recent change here introduced a possible memory leak if the
      driver registers an invalid cipher schemes. This won't really
      happen in practice, but fix the leak nonetheless.
      
      Fixes: e3a55b53 ("mac80211: validate cipher scheme PN length better")
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      94c78cb4
  11. 19 5月, 2015 1 次提交
  12. 12 5月, 2015 1 次提交
  13. 11 5月, 2015 3 次提交
  14. 07 5月, 2015 1 次提交
  15. 06 5月, 2015 4 次提交
  16. 05 5月, 2015 2 次提交
    • J
      mac80211: remove useless skb->encapsulation check · f603f1f3
      Johannes Berg 提交于
      No current (and planned, as far as I know) wifi devices support
      encapsulation checksum offload, so remove the useless test here.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      f603f1f3
    • J
      mac80211: make LED triggering depend on activation · 8d5c2585
      Johannes Berg 提交于
      When LED triggers are compiled in, but not used, mac80211 will still
      call them to update the status. This isn't really a problem for the
      assoc and radio ones, but the TX/RX (and to a certain extend TPT)
      ones can be called very frequently (for every packet.)
      
      In order to avoid that when they're not used, track their activation
      and call the corresponding trigger (and in the TPT case, account for
      throughput) only when the trigger is actually used by an LED.
      
      Additionally, make those trigger functions inlines since theyre only
      used once in the remaining code.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      8d5c2585