23 May, 2014
1 commit
22 May, 2014
1 commit
-
Channels in 2.4GHz band overlap, this means that if we
send a probe request on channel 1 and then move to channel
2, we will hear the probe response on channel 2. In this
case, the RSSI will be lower than if we had heard it on
the channel on which it was sent (1 in this case).The firmware / low level driver can parse the channel in
the DS IE or HT IE and compensate the RSSI so that it will
still have a valid value even if we heard the frame on an
adjacent channel. This can be done up to a certain offset.Add this offset as a configuration for the low level driver.
A low level driver that can compensate the low RSSI in this
case should assign the maximal offset for which the RSSI
value is still valid.Signed-off-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
14 May, 2014
1 commit
05 May, 2014
1 commit
-
Add locked-version for cfg80211_sched_scan_stopped.
This is used for some users that might want to
call it when rtnl is already locked.Fixes: d43c6b6 ("mac80211: reschedule sched scan after HW restart")
Cc: stable@vger.kernel.org (3.14+)
Signed-off-by: Eliad Peller
Signed-off-by: Johannes Berg
25 Apr, 2014
2 commits
-
Name wiphy_to_rdev is more accurate to describe what the function
does, i.e., return a pointer pointing to struct
cfg80211_registered_device.Signed-off-by: Zhao, Gang
Signed-off-by: Johannes Berg -
Name "dev" is too common and ambiguous, let all the pointer name
pointing to struct cfg80211_registered_device be "rdev". This can
improve code readability and consistency(since other places have
already called it rdev).Signed-off-by: Zhao, Gang
Signed-off-by: Johannes Berg
10 Apr, 2014
2 commits
-
When looking for a BSS matching given parameters, ignore invalid
BSSIDs. This avoids, for example, trying to join an IBSS that has
a multicast BSSID, which isn't supported by all drivers nor is it
a valid configuration of the IBSS so better create a new one with
a correctly chosen random BSSID.Signed-off-by: Johannes Berg
-
cfg80211_wext_freq() is declared in wext-compat.h, but its
parameter struct wiphy's declaration is not included there.
As the parameter isn't used, just remove it.Signed-off-by: Zhao, Gang
[remove parameter instead of changing to netdev]
Signed-off-by: Johannes Berg
20 Mar, 2014
2 commits
-
RCU pointer bss->pub.beacon_ies is checked before in previous
statement:if (rcu_access_pointer(bss->pub.beacon_ies))
continue;There is no need to check it twice(and in the wrong way :) ).
Signed-off-by: Zhao, Gang
Signed-off-by: Johannes Berg -
On 2.4Ghz band, the channels overlap since the delta
between different channels is 5Mhz while the width of the
receiver is 20Mhz (at least).This means that we can hear beacons or probe responses from
adjacent channels. These frames will have a significant
lower RSSI which will feed all kinds of logic with inaccurate
data. An obvious example is the roaming algorithm that will
think our AP is getting weak and will try to move to another
AP.In order to avoid this, update the signal only if the frame
has been heard on the same channel as the one advertised by
the AP in its DS / HT IEs.
We refrain from updating the values only if the AP is
already in the BSS list so that we will still have a valid
(but inaccurate) value if the AP was heard on an adjacent
channel only.To achieve this, stop taking the channel from DS / HT IEs
in mac80211. The DS / HT IEs is taken into account to
discard the frame if it was received on a disabled channel.
This can happen due to the same phenomenon: the frame is
sent on channel 12, but heard on channel 11 while channel
12 can be disabled on certain devices. Since this check
is done in cfg80211, stop even checking this in mac80211.Signed-off-by: Emmanuel Grumbach
[remove unused rx_freq variable]
Signed-off-by: Johannes Berg
06 Feb, 2014
1 commit
-
Due to the previous commit, when a scan finishes, it is in theory
possible to hit the following sequence:
1. interface starts being removed
2. scan is cancelled by driver and cfg80211 is notified
3. scan done work is scheduled
4. interface is removed completely, rdev->scan_req is freed,
event sent to userspace but scan done work remains pending
5. new scan is requested on another virtual interface
6. scan done work runs, freeing the still-running scanTo fix this situation, hang on to the scan done message and block
new scans while that is the case, and only send the message from
the work function, regardless of whether the scan_req is already
freed from interface removal. This makes step 5 above impossible
and changes step 6 to be
5. scan done work runs, sending the scan done messageAs this can't work for wext, so we send the message immediately,
but this shouldn't be an issue since we still return -EBUSY.Signed-off-by: Johannes Berg
09 Jan, 2014
1 commit
-
Add a utility function to get the number of channels supported by
the device, and update the places in the code that need this data.Signed-off-by: Ilan Peer
[replace another occurrence in libertas, fix kernel-doc, fix bugs]
Signed-off-by: Johannes Berg
06 Dec, 2013
1 commit
-
___cfg80211_scan_done() can be called in some cases
(e.g. on NETDEV_DOWN) before the low level driver
notified scan completion (which is indicated by
passing leak=true).Clearing rdev->scan_req in this case is buggy, as
scan_done_wk might have already being queued/running
(and can't be flushed as it takes rtnl()).If a new scan will be requested at this stage, the
scan_done_wk will try freeing it (instead of the
previous scan), and this will later result in
a use after free.Simply remove the "leak" option, and replace it with
a standard WARN_ON.An example backtrace after such crash:
Unable to handle kernel paging request at virtual address fffffee5
pgd = c0004000
[fffffee5] *pgd=9fdf6821, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] SMP ARM
PC is at cfg80211_scan_done+0x28/0xc4 [cfg80211]
LR is at __ieee80211_scan_completed+0xe4/0x2dc [mac80211]
[] (cfg80211_scan_done+0x28/0xc4 [cfg80211])
[] (__ieee80211_scan_completed+0xe4/0x2dc [mac80211])
[] (ieee80211_scan_work+0x94/0x4f0 [mac80211])
[] (process_one_work+0x1b0/0x4a8)
[] (worker_thread+0x138/0x37c)
[] (kthread+0xa4/0xb0)Signed-off-by: Eliad Peller
Signed-off-by: Johannes Berg
21 Oct, 2013
1 commit
-
Since rdev->sched_scan_req is dereferenced outside the
lock protecting it, this might be done at the wrong
time, causing crashes. Move the dereference to where
it should be - inside the RTNL locked section.Cc: stable@vger.kernel.org [3.8+]
Reviewed-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
04 Sep, 2013
1 commit
-
This function is being removed, so remove the reference to it.
Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
16 Jul, 2013
1 commit
-
To allow scanning and working with 5 MHz and 10 MHz BSS, extend the
inform bss commands and add wrappers to take 5 and 10 MHz bss into
account.Signed-off-by: Simon Wunderlich
Signed-off-by: Mathias Kretschmer
Signed-off-by: Johannes Berg
24 Jun, 2013
1 commit
-
Should help the next person that tries to understand
the bss refcounting logic.Signed-off-by: Ben Greear
Signed-off-by: Johannes Berg
25 May, 2013
2 commits
-
Virtually all code paths in cfg80211 already (need to) hold
the RTNL. As such, there's little point in having another
four mutexes for various parts of the code, they just cause
lock ordering issues (and much of the time, the RTNL and a
few of the others need thus be held.)Simplify all this by getting rid of the extra four mutexes
and just use the RTNL throughout. Only a few code changes
were needed to do this and we can get rid of a work struct
for bonus points.Signed-off-by: Johannes Berg
-
The function is only used and needed by the wext code
for scanning, so move it there.Signed-off-by: Johannes Berg
24 Mar, 2013
1 commit
-
If a P2P device wdev is removed while it has a scan, then the
scan completion might crash later as it is already freed by
that time. To avoid the crash always check the scan completion
when the P2P device is being removed for some reason. If the
driver already canceled it, don't want and free it, otherwise
warn and leak it to avoid later crashes.In order to do this, locking needs to be changed away from the
rdev mutex (which can't always be guaranteed). For now, use
the sched_scan_mtx instead, I'll rename it to just scan_mtx in
a later patch.Signed-off-by: Johannes Berg
07 Mar, 2013
1 commit
-
In the odd case that while updating information from a beacon,
a BSS was found that is part of a hidden group, we drop the
new information. In this case, however, we leak the IE buffer
from the update, and erroneously update the entry's timestamp
so it will never time out. Fix both these issues.Cc: Larry Finger
Signed-off-by: Johannes Berg
15 Feb, 2013
2 commits
-
Add new NL80211_CMD_RADAR_DETECT, which starts the Channel
Availability Check (CAC). This command will also notify the
usermode about events (CAC finished, CAC aborted, radar
detected, NOP finished).
Once radar detection has started it should continuously
monitor for radars as long as the channel is active.This patch enables DFS for AP mode in nl80211/cfg80211.
Based on original patch by Victor Goldenshtein
Signed-off-by: Simon Wunderlich
[remove WIPHY_FLAG_HAS_RADAR_DETECT again -- my mistake]
Signed-off-by: Johannes Berg
13 Feb, 2013
1 commit
-
cfg80211_find_vendor_ie() was checking only that the vendor IE would
fit in the remaining IEs buffer. If a corrupt includes a vendor IE
that is too small, we could potentially overrun the IEs buffer.Fix this by checking that the vendor IE fits in the reported IE length
field and skip it otherwise.Reported-by: Jouni Malinen
Signed-off-by: Luciano Coelho
[change BUILD_BUG_ON to != 1 (from >= 2)]
Signed-off-by: Johannes Berg
12 Feb, 2013
4 commits
-
While technically the TSF isn't an IE, it can be
necessary to distinguish between the TSF from a
beacon and a probe response, in particular in
order to know the next DTIM TBTT, as not all APs
are spec compliant wrt. TSF==0 being a DTIM TBTT
and thus the DTIM count needs to be taken into
account as well.To allow this, move the TSF into the IE struct
so it can be known whence it came.Signed-off-by: Johannes Berg
-
There's no way scan BSS IEs can be NULL as even
if the allocation fails the frame is discarded.
Remove some code checking for this and document
that it is always non-NULL.Signed-off-by: Johannes Berg
-
Currently, cfg80211 will copy beacon IEs from a previously
received hidden SSID beacon to a probe response entry, if
that entry is created after the beacon entry. However, if
it is the other way around, or if the beacon is updated,
such changes aren't propagated.Fix this by tracking the relation between the probe
response and beacon BSS structs in this case.In case drivers have private data stored in a BSS struct
and need access to such data from a beacon entry, cfg80211
now provides the hidden_beacon_bss pointer from the probe
response entry to the beacon entry.Signed-off-by: Johannes Berg
-
This prepares for using the spinlock instead of krefs
which is needed in the next patch to track the refs
of combined BSSes correctly.Acked-by: Bing Zhao [mwifiex]
Signed-off-by: Johannes Berg
05 Feb, 2013
9 commits
-
Add inline wrappers for the BSS struct krefs
to be able to extend them easily later.Signed-off-by: Johannes Berg
-
This local variable is only used once, so remove it.
Signed-off-by: Johannes Berg
-
Instead of annotating with a comment, add a lockdep
annotation which also serves as documentation.Signed-off-by: Johannes Berg
-
There's no reason for it to require external
locking, move it into the function.Signed-off-by: Johannes Berg
-
The comment about allocating the IEs together with
the BSS struct is no longer true, remove it. Also
fix a typo in the same area.Signed-off-by: Johannes Berg
-
As Thomas pointed out, cfg80211_get_mesh() is
unused and can be removed.Cc: Thomas Pedersen
Signed-off-by: Johannes Berg -
Instead of first checking if a BSS is an MBSS
and then doing the comparisons, inline it all
into the BSS comparison function. This avoids
doing the IE searches twice and is also a lot
less code.Signed-off-by: Johannes Berg
-
When trying to find a hidden SSID, the lookup function
is done wrong; the code is trying to combine the two
lookups into one, and as a consequence doesn't always
find the entry at all. To understand this, consider a
case where multiple BSS entries with the same channel
and BSSID exist but have different SSID length. Then
comparing against the probe response SSID length is
bound to cause problems since the hidden one might be
either zeroed out or zero-length.To fix this we need to do two lookups for the two ways
to hide SSIDs.Signed-off-by: Johannes Berg
-
Instead of duplicating the rbtree functions, pass
an argument to the compare function. This removes
the code duplication for the two searches.Signed-off-by: Johannes Berg
31 Jan, 2013
1 commit
-
Now that mac80211 no longer uses this API, remove
it completely. If anyone needs it again, we can
revert this patch of course, but mac80211 was the
only user right now.Signed-off-by: Johannes Berg
24 Jan, 2013
1 commit
-
We do a:
sprintf(buf, " Last beacon: %ums ago",
elapsed_jiffies_msecs(bss->ts));elapsed_jiffies_msecs() can return a 10 digit number so "buf" needs to
be 31 characters long.Signed-off-by: Dan Carpenter
Signed-off-by: Johannes Berg
30 Nov, 2012
1 commit
-
When a BSS struct is updated, the IEs are currently
overwritten or freed. This can lead to races if some
other CPU is accessing the BSS struct and using the
IEs concurrently.Fix this by always allocating the IEs in a new struct
that holds the data and length and protecting access
to this new struct with RCU.Signed-off-by: Johannes Berg