31 Jul, 2019
1 commit
-
The return from ieee80211_get_sband can potentially be a null pointer, so
it seems prudent to add a null check to avoid a null pointer dereference
on sband.Addresses-Coverity: ("Dereference null return")
Fixes: 2ab45876756f ("mac80211: add support for the ADDBA extension element")
Signed-off-by: Colin Ian King
Link: https://lore.kernel.org/r/20190730143205.14261-1-colin.king@canonical.com
Signed-off-by: Johannes Berg
29 Jul, 2019
1 commit
-
HE allows peers to negotiate the aggregation fragmentation level to be used
during transmission. The level can be 1-3. The Ext element is added behind
the ADDBA request inside the action frame. The responder will then reply
with the same level or a lower one if the requested one is not supported.
This patch only handles the negotiation part as the ADDBA frames get passed
to the ATH11k firmware, which does the rest of the magic for us aswell as
generating the requests.Signed-off-by: Shashidhar Lakkavalli
Signed-off-by: John Crispin
Link: https://lore.kernel.org/r/20190729104512.27615-1-john@phrozen.org
Signed-off-by: Johannes Berg
19 Jun, 2019
1 commit
-
Based on 2 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundationthis program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundation #extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 4122 file(s).
Signed-off-by: Thomas Gleixner
Reviewed-by: Enrico Weigelt
Reviewed-by: Kate Stewart
Reviewed-by: Allison Randal
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.de
Signed-off-by: Greg Kroah-Hartman
19 Jun, 2018
2 commits
-
Add support for HE in mac80211 conforming with P802.11ax_D1.4.
Johannes: Fix another bug with the buf_size comparison in agg-rx.c.
Signed-off-by: Liad Kaufman
Signed-off-by: Johannes Berg
Signed-off-by: Ilan Peer
Signed-off-by: Ido Yariv
Signed-off-by: Luca Coelho
Signed-off-by: Johannes Berg -
Bump the IEEE80211_MAX_AMPDU_BUF size to 0x100 for HE support
and - for now - use IEEE80211_MAX_AMPDU_BUF_HT everywhere.This is derived from my internal patch, parts of which Luca
had sent upstream.Signed-off-by: Luca Coelho
Signed-off-by: Johannes Berg
27 Feb, 2018
1 commit
-
As there is no support for updating an existing ADDBA session with
a peer, we decline the request (while keeping the session active).
However, in case that the timeout did not change, there is no need
to decline the request, so modify the code to reply with status success
in such a case (this is useful for interoperability with APs that send an
ADDBA request update without changing the timeout value).Signed-off-by: Ilan Peer
Signed-off-by: Luca Coelho
Signed-off-by: Johannes Berg
23 Feb, 2018
1 commit
-
…kernel/git/jberg/mac80211
Johannes Berg says:
====================
Various fixes across the tree, the shortlog basically says it all:cfg80211: fix cfg80211_beacon_dup
-> old bug in this codecfg80211: clear wep keys after disconnection
-> certain ways of disconnecting left the keysmac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
-> alignment issues with using 14 bytesmac80211: Do not disconnect on invalid operating class
-> if the AP has a bogus operating class, let it bemac80211: Fix sending ADDBA response for an ongoing session
-> don't send the same frame twicecfg80211: use only 1Mbps for basic rates in mesh
-> interop issue with old versions of our codemac80211_hwsim: don't use WQ_MEM_RECLAIM
-> it causes splats because it flushes work on a non-reclaim WQregulatory: add NUL to request alpha2
-> nla_put_string() issue from Keesmac80211: mesh: fix wrong mesh TTL offset calculation
-> protocol issuemac80211: fix a possible leak of station stats
-> error path might leak memorymac80211: fix calling sleeping function in atomic context
-> percpu allocations need to be made with gfp flags
====================Signed-off-by: David S. Miller <davem@davemloft.net>
19 Feb, 2018
1 commit
-
In case an ADDBA request is received while there is already
an ongoing BA sessions with the same parameters, i.e., update
flow, an ADBBA response with decline status was sent twice. Fix it.Signed-off-by: Ilan Peer
Signed-off-by: Luca Coelho
Signed-off-by: Johannes Berg
11 Dec, 2017
2 commits
-
The function is only used with the file, so make it static.
Signed-off-by: Johannes Berg
-
There's no need to re-lookup the data structures now that
we actually get them immediately with from_timer(), just
avoid that. The struct has to be valid anyway, otherwise
the timer object itself would no longer be valid, and we
can't have a different version of the struct since only a
single session per TID is permitted.Signed-off-by: Johannes Berg
20 Nov, 2017
1 commit
-
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly.This removes the tid mapping array and expands the tid structures to
add a pointer back to the station, along with the tid index itself.Cc: Johannes Berg
Cc: "David S. Miller"
Cc: linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook
[switch tid variables to u8, the valid range is 0-15 at most,
initialize tid_tx->sta/tid properly]
Signed-off-by: Johannes Berg
21 Sep, 2017
1 commit
-
Add documentation to ieee80211_rx_ba_offl() function and, while at it,
rename the bit argument to tid, for consistency.Signed-off-by: Luca Coelho
Signed-off-by: Johannes Berg
06 Sep, 2017
1 commit
-
When an RX BA session is started by the driver, and it has to tell
mac80211 about it, the corresponding bit in tid_rx_manage_offl gets
set and the BA session work is scheduled. Upon testing this bit, it
will call __ieee80211_start_rx_ba_session(), thus deadlocking as it
already holds the ampdu_mlme.mtx, which that acquires again.Fix this by adding ___ieee80211_start_rx_ba_session(), a version of
the function that requires the mutex already held.Cc: stable@vger.kernel.org
Fixes: 699cb58c8a52 ("mac80211: manage RX BA session offload without SKB queue")
Reported-by: Matteo Croce
Signed-off-by: Johannes Berg
09 Aug, 2017
1 commit
-
Some drivers handle rx buffer reordering internally (and by extension
handle also the rx ba session timer internally), but do not ofload the
addba/delba negotiation.
Add an api for these drivers to properly tear-down the ba session,
including sending a delba.Signed-off-by: Naftali Goldstein
Signed-off-by: Luca Coelho
16 Jun, 2017
1 commit
-
There were many places that my previous spatch didn't find,
as pointed out by yuan linyu in various patches.The following spatch found many more and also removes the
now unnecessary casts:@@
identifier p, p2;
expression len;
expression skb;
type t, t2;
@@
(
-p = skb_put(skb, len);
+p = skb_put_zero(skb, len);
|
-p = (t)skb_put(skb, len);
+p = skb_put_zero(skb, len);
)
... when != p
(
p2 = (t2)p;
-memset(p2, 0, len);
|
-memset(p, 0, len);
)@@
type t, t2;
identifier p, p2;
expression skb;
@@
t *p;
...
(
-p = skb_put(skb, sizeof(t));
+p = skb_put_zero(skb, sizeof(t));
|
-p = (t *)skb_put(skb, sizeof(t));
+p = skb_put_zero(skb, sizeof(t));
)
... when != p
(
p2 = (t2)p;
-memset(p2, 0, sizeof(*p));
|
-memset(p, 0, sizeof(*p));
)@@
expression skb, len;
@@
-memset(skb_put(skb, len), 0, len);
+skb_put_zero(skb, len);Apply it to the tree (with one manual fixup to keep the
comment in vxlan.c, which spatch removed.)Signed-off-by: Johannes Berg
Signed-off-by: David S. Miller
08 Jun, 2017
1 commit
-
Instead of using the SKB queue with the fake pkt_type for the
offloaded RX BA session management, also handle this with the
normal aggregation state machine worker. This also makes the
use of this more reliable since it gets rid of the allocation
of the fake skb.Combined with the previous patch, this finally allows us to
get rid of the pkt_type hack entirely, so do that as well.Signed-off-by: Johannes Berg
06 Mar, 2017
1 commit
-
Use setup_timer() and setup_deferrable_timer() to set the data and
function timer fields. It makes the code cleaner and will allow for
easier change of the timer struct internals.Signed-off-by: Ondřej Lysoněk
Signed-off-by: Jiri Slaby
Cc: Johannes Berg
Cc: "David S. Miller"
Cc:
Cc:
Signed-off-by: Johannes Berg
27 Feb, 2017
2 commits
-
Signed-off-by: Sara Sharon
Signed-off-by: Johannes Berg -
When RX aggregation starts, transmitter may continue send frames
with SN smaller than SSN until the AddBA response is received.
However, the reorder buffer is already initialized at this point,
which will cause the drop of such frames as duplicates since the
head SN of the reorder buffer is set to the SSN, which is bigger.Cc: stable@vger.kernel.org
Signed-off-by: Sara Sharon
Signed-off-by: Johannes Berg
19 Oct, 2016
1 commit
-
On drivers setting the SUPPORTS_REORDERING_BUFFER hardware flag,
we crash when the peer sends an AddBA request while we already
have a session open on the seame TID; this is because on those
drivers, the tid_agg_rx is left NULL even though the session is
valid, and the agg_session_valid bit is set.To fix this, store the dialog tokens outside the tid_agg_rx to
be able to compare them to the received AddBA request.Fixes: f89e07d4cf26 ("mac80211: agg-rx: refuse ADDBA Request with timeout update")
Reported-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
23 Sep, 2016
1 commit
15 Sep, 2016
1 commit
-
Since mac80211 doesn't currently support TSIDs 8-15 which can
only be used after QoS TSPEC negotiation (and not even after
WMM negotiation), reject attempts to set up aggregation
sessions for them, which might confuse drivers. In mac80211
we do correctly handle that, but the TSIDs should never get
used anyway, and drivers might not be able to handle it.Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg
12 Sep, 2016
2 commits
-
When we receive data frames with ACK policy BlockAck, send
delBA as requested by the 802.11 spec. Since this would be
happening for every frame inside an A-MPDU if it's really
received outside a session, limit it to a single attempt.Signed-off-by: Johannes Berg
-
The ability to change the max_rx_aggregation frames is useful
in cases of IOP.There exist some devices (latest mobile phones and some AP's)
that tend to not respect a BA sessions maximum size (in Kbps).
These devices won't respect the AMPDU size that was negotiated during
association (even though they do respect the maximal number of packets).This violation is characterized by a valid number of packets in
a single AMPDU. Even so, the total size will exceed the size negotiated
during association.Eventually, this will cause some undefined behavior, which in turn
causes the hw to drop packets, causing the throughput to plummet.This patch will make the subframe limitation to be held by each station,
instead of being held only by hw.Signed-off-by: Maxim Altshul
Signed-off-by: Johannes Berg
06 Jul, 2016
1 commit
-
The current implementation of handling ADDBA Request while a session
is already active with the peer is wrong - in case the peer is using
the existing session's dialog token this should be treated as update
to the session, which can update the timeout value.We don't really have a good way of supporting that, so reject, but
implement the required behaviour in the spec of "Even if the updated
ADDBA Request frame is not accepted, the original Block ACK setup
remains active." (802.11-2012 10.5.4)Signed-off-by: Johannes Berg
09 Mar, 2016
1 commit
-
Several cases of overlapping changes, as well as one instance
(vxlan) of a bug fix in 'net' overlapping with code movement
in 'net-next'.Signed-off-by: David S. Miller
24 Feb, 2016
2 commits
-
If any frames are dropped that are part of a BA session, the reorder
buffer will "indefinitely" (until the timeout) wait for them to come
in (or a BAR moving the window) and won't release frames after them.
This means it isn't possible to filter frames within a BA session in
firmware.Introduce an API function that allows such filtering. Calling this
function will move the BA window forward to the new SSN, and allows
marking frames after the SSN as having been filtered, so any future
reordering activity will release frames while skipping the holes.Signed-off-by: Sara Sharon
Signed-off-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg -
Enable driver to manage the reordering logic itself.
This is needed for example for the iwlwifi driver that
will support hardware assisted reordering.Signed-off-by: Sara Sharon
Signed-off-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
30 Jan, 2016
1 commit
-
Use kzalloc instead of kmalloc for struct tid_ampdu_rx to
initialize the "removed" field (all others are initialized
manually). That fixes:UBSAN: Undefined behaviour in net/mac80211/rx.c:932:29
load of value 2 is not a valid value for type '_Bool'
CPU: 3 PID: 1134 Comm: kworker/u16:7 Not tainted 4.5.0-rc1+ #265
Workqueue: phy0 rt2x00usb_work_rxdone
0000000000000004 ffff880254a7ba50 ffffffff8181d866 0000000000000007
ffff880254a7ba78 ffff880254a7ba68 ffffffff8188422d ffffffff8379b500
ffff880254a7bab8 ffffffff81884747 0000000000000202 0000000348620032
Call Trace:
[] dump_stack+0x45/0x5f
[] ubsan_epilogue+0xd/0x40
[] __ubsan_handle_load_invalid_value+0x67/0x70
[] ieee80211_sta_reorder_release.isra.16+0x5ed/0x730
[] ieee80211_prepare_and_rx_handle+0xd04/0x1c00
[] __ieee80211_rx_handle_packet+0x1f3/0x750
[] ieee80211_rx_napi+0x447/0x990While at it, convert to use sizeof(*tid_agg_rx) instead.
Fixes: 788211d81bfdf ("mac80211: fix RX A-MPDU session reorder timer deletion")
Cc: stable@vger.kernel.org
Signed-off-by: Chris Bainbridge
[reword commit message, use sizeof(*tid_agg_rx)]
Signed-off-by: Johannes Berg
14 Jan, 2016
2 commits
-
Currently mac80211 does not inform the driver of the session
block ack timeout when starting a rx aggregation session.
Drivers that manage the reorder buffer need to know this
parameter.
Seeing that there are now too many arguments for the
drv_ampdu_action() function, wrap them inside a structure.Signed-off-by: Sara Sharon
Signed-off-by: Johannes Berg -
Currently mac80211 does not inform the driver of the window
size when starting an RX aggregation session.
To enable managing the reorder buffer in the driver or hardware
the window size is needed.Signed-off-by: Sara Sharon
Signed-off-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
22 Sep, 2015
2 commits
-
Drivers may be interested in receiving A-MSDU within A-MDPU.
Not all the devices may be able to do so, make it configurable.Signed-off-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg -
Advertise the capability to send A-MSDU within A-MPDU
in the AddBA request sent by mac80211. Let the driver
know about the peer's capabilities.Signed-off-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
03 Apr, 2015
1 commit
-
Conflicts:
drivers/net/usb/asix_common.c
drivers/net/usb/sr9800.c
drivers/net/usb/usbnet.c
include/linux/usb/usbnet.h
net/ipv4/tcp_ipv4.c
net/ipv6/tcp_ipv6.cThe TCP conflicts were overlapping changes. In 'net' we added a
READ_ONCE() to the socket cached RX route read, whilst in 'net-next'
Eric Dumazet touched the surrounding code dealing with how mini
sockets are handled.With USB, it's a case of the same bug fix first going into net-next
and then I cherry picked it back into net.Signed-off-by: David S. Miller
01 Apr, 2015
1 commit
-
There's an issue with the way the RX A-MPDU reorder timer is
deleted that can cause a kernel crash like this:* tid_rx is removed - call_rcu(ieee80211_free_tid_rx)
* station is destroyed
* reorder timer fires before ieee80211_free_tid_rx() runs,
accessing the station, thus potentially crashing due to
the use-after-freeThe station deletion is protected by synchronize_net(), but
that isn't enough -- ieee80211_free_tid_rx() need not have
run when that returns (it deletes the timer.) We could use
rcu_barrier() instead of synchronize_net(), but that's much
more expensive.Instead, to fix this, add a field tracking that the session
is being deleted. In this case, the only re-arming of the
timer happens with the reorder spinlock held, so make that
code not rearm it if the session is being deleted and also
delete the timer after setting that field. This ensures the
timer cannot fire after ___ieee80211_stop_rx_ba_session()
returns, which fixes the problem.Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg
30 Mar, 2015
1 commit
-
If a peer or some local agent (rate control, ...) decides to start
an aggregation session but doesn't support HT (which also implies
QoS), reject it.This is mostly a corner case as such peers normally won't try to
use block-ack sessions and rate control wouldn't start them, but
technically QoS stations could request it according to the spec.However, since drivers don't really support such non-HT sessions
it's better to reject them.Also, while at it, move the tracing for TX sessions earlier so it
captures the error cases as well.Reviewed-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
03 Sep, 2014
1 commit
-
When starting an offloaded BA session it is
unknown what starting sequence number should be
used. Using last_seq worked in most cases except
after hw restart.When hw restart is requested last_seq is
(rightfully so) kept unmodified. This ended up
with BA sessions being restarted with an aribtrary
BA window values resulting in dropped frames until
sequence numbers caught up.Instead of last_seq pick seqno of a first Rxed
frame of a given BA session.This fixes stalled traffic after hw restart with
offloaded BA sessions (currently only ath10k).Signed-off-by: Michal Kazior
Signed-off-by: Johannes Berg
21 Jul, 2014
2 commits
-
Some drivers may be performing most of Tx/Rx
aggregation on their own (e.g. in firmware)
including AddBa/DelBa negotiations but may
otherwise require Rx reordering assistance.The patch exports 2 new functions for establishing
Rx aggregation sessions in assumption device
driver has taken care of the necessary
negotiations.Signed-off-by: Michal Kazior
[fix endian bug]
Signed-off-by: Johannes Berg -
Some drivers (e.g. ath10k) report A-MSDU subframes
individually with identical seqno. The A-MPDU Rx
reorder code did not account for that which made
it practically unusable with drivers using
RX_FLAG_AMSDU_MORE because it would end up
dropping a lot of frames resulting in confusion in
upper network transport layers.Signed-off-by: Michal Kazior
Signed-off-by: Johannes Berg
19 Jan, 2013
1 commit
-
A lot of the aggregation messages don't indicate the
station so they're hard to understand if there are
multiple sessions in progress. Make that easier by
adding the MAC address to most messages. Also add
the TID if it wasn't already there.Signed-off-by: Johannes Berg