06 Dec, 2011
1 commit
-
…wireless into for-davem
01 Dec, 2011
3 commits
-
Johannes' patch for "cfg80211: fix regulatory NULL dereference"
broke user regulaotry hints and it did not address the fact that
last_request was left populated even if the previous regulatory
hint was stale due to the wiphy disappearing.Fix user reguluatory hints by only bailing out if for those
regulatory hints where a request_wiphy is expected. The stale last_request
considerations are addressed through the previous fixes on last_request
where we reset the last_request to a static world regdom request upon
reset_regdomains(). In this case though we further enhance the effect
by simply restoring reguluatory settings completely.Cc: stable@vger.kernel.org
Cc: Johannes Berg
Signed-off-by: Luis R. Rodriguez
Reviewed-by: Johannes Berg
Signed-off-by: John W. Linville -
There is a theoretical race that if hit will trigger
a crash. The race is between when we issue the first
regulatory hint, regulatory_hint_core(), gets processed
by the workqueue and between when the first device
gets registered to the wireless core. This is not easy
to reproduce but it was easy to do so through the
regulatory simulator I have been working on. This
is a port of the fix I implemented there [1].[1] https://github.com/mcgrof/regsim/commit/a246ccf81f059cb662eee288aa13100f631e4cc8
Cc: stable@vger.kernel.org
Cc: Johannes Berg
Signed-off-by: Luis R. Rodriguez
Signed-off-by: John W. Linville -
…wireless into for-davem
29 Nov, 2011
1 commit
-
MAC addresses have a fixed length. The current
policy allows passing < ETH_ALEN bytes, which
might result in reading beyond the buffer.Cc: stable@vger.kernel.org
Signed-off-by: Eliad Peller
Signed-off-by: John W. Linville
23 Nov, 2011
1 commit
-
…wireless into for-davem
22 Nov, 2011
1 commit
-
By the time userspace returns with a response to
the regulatory domain request, the wiphy causing
the request might have gone away. If this is so,
reject the update but mark the request as having
been processed anyway.Cc: Luis R. Rodriguez
Signed-off-by: Johannes Berg
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville
12 Nov, 2011
1 commit
-
…wireless into for-davem
10 Nov, 2011
2 commits
-
Commit 4d9d88d1 by Scott James Remnant added
the .uevent() callback for the regulatory device used during
the platform device registration. The change was done to account
for queuing up udev change requests through udevadm triggers.
The change also meant that upon regulatory core exit we will now
send a uevent() but the uevent() callback, reg_device_uevent(),
also accessed last_request. Right before commiting device suicide
we free'd last_request but never set it to NULL so
platform_device_unregister() would lead to bogus kernel paging
request. Fix this and also simply supress uevents right before
we commit suicide as they are pointless.This fix is required for kernels >= v2.6.39
$ git describe --contains 4d9d88d1
v2.6.39-rc1~468^2~25^2^2~21The impact of not having this present is that a bogus paging
access may occur (only read) upon cfg80211 unload time. You
may also get this BUG complaint below. Although Johannes
could not reproduce the issue this fix is theoretically correct.mac80211_hwsim: unregister radios
mac80211_hwsim: closing netlink
BUG: unable to handle kernel paging request at ffff88001a06b5ab
IP: [] reg_device_uevent+0x1a/0x50 [cfg80211]
PGD 1836063 PUD 183a063 PMD 1ffcb067 PTE 1a06b160
Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
CPU 0
Modules linked in: cfg80211(-) [last unloaded: mac80211]Pid: 2279, comm: rmmod Tainted: G W 3.1.0-wl+ #663 Bochs Bochs
RIP: 0010:[] [] reg_device_uevent+0x1a/0x50 [cfg80211]
RSP: 0000:ffff88001c5f9d58 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff88001d2eda88 RCX: ffff88001c7468fc
RDX: ffff88001a06b5a0 RSI: ffff88001c7467b0 RDI: ffff88001c7467b0
RBP: ffff88001c5f9d58 R08: 000000000000ffff R09: 000000000000ffff
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88001c7467b0
R13: ffff88001d2eda78 R14: ffffffff8164a840 R15: 0000000000000001
FS: 00007f8a91d8a6e0(0000) GS:ffff88001fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff88001a06b5ab CR3: 000000001c62e000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process rmmod (pid: 2279, threadinfo ffff88001c5f8000, task ffff88000023c780)
Stack:
ffff88001c5f9d98 ffffffff812ff7e5 ffffffff8176ab3d ffff88001c7468c2
000000000000ffff ffff88001d2eda88 ffff88001c7467b0 ffff880000114820
ffff88001c5f9e38 ffffffff81241dc7 ffff88001c5f9db8 ffffffff81040189
Call Trace:
[] dev_uevent+0xc5/0x170
[] kobject_uevent_env+0x1f7/0x490
[] ? sub_preempt_count+0x29/0x60
[] ? _raw_spin_unlock_irqrestore+0x4a/0x90
[] ? devres_release_all+0x27/0x60
[] kobject_uevent+0xb/0x10
[] device_del+0x157/0x1b0
[] platform_device_del+0x1d/0x90
[] platform_device_unregister+0x16/0x30
[] regulatory_exit+0x5d/0x180 [cfg80211]
[] cfg80211_exit+0x2b/0x45 [cfg80211]
[] sys_delete_module+0x16c/0x220
[] ? trace_hardirqs_on_caller+0x7e/0x120
[] system_call_fastpath+0x16/0x1b
Code:
RIP [] reg_device_uevent+0x1a/0x50 [cfg80211]
RSP
CR2: ffff88001a06b5ab
---[ end trace 147c5099a411e8c0 ]---Reported-by: Johannes Berg
Cc: Scott James Remnant
Cc: stable@vger.kernel.org
Signed-off-by: Luis R. Rodriguez
Signed-off-by: John W. Linville
08 Nov, 2011
3 commits
-
When comparing two items by IE, the sort order
wasn't stable, which could lead to issues in the
rbtree. Make it stable by making a missing IE
sort before a present IE.Also sort by length first if it differs and then
by contents.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
In other modes the parameters should not be set.
Right now, mac80211 will set them, even if the
user asked for setting them on VLANs which the
driver doesn't know about, causing all kinds of
trouble.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Since the NL80211_ATTR_HT_CAPABILITY attribute is
used as a struct, it needs a minimum, not maximum
length. Enforce that properly. Not doing so could
potentially lead to reading after the buffer.Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
01 Nov, 2011
2 commits
-
These files are non modular, but need to export symbols using
the macros now living in export.h -- call out the include so
that things won't break when we remove the implicit presence
of module.h from everywhere.Signed-off-by: Paul Gortmaker
-
These files were getting access to these two via the implicit
presence of module.h everywhere. They aren't modules, so they
don't need the full module.h inclusion though.Signed-off-by: Paul Gortmaker
15 Oct, 2011
1 commit
-
Reuse the already existing struct nl80211_sta_flag_update to specify
both, a flag mask and the flag set itself. This means
nl80211_sta_flag_update is now used for setting station flags and also
for getting station flags.Signed-off-by: Helmut Schaa
Signed-off-by: John W. Linville
01 Oct, 2011
4 commits
-
Mark the STA entries of enabled TDLS peers with a new "peer authorized"
flag.During link setup, allow special TDLS setup frames through the AP, but
otherwise drop all packets destined to the peer. This is required by the
TDLS (802.11z) specification in order to prevent reordering of MSDUs
between the AP and direct paths.When setup completes and the peer is authorized, send data directly,
bypassing the AP.In the Rx path, allow data to be received directly from TDLS peers.
Signed-off-by: Arik Nemtsov
Cc: Kalyan C Gaddam
Signed-off-by: John W. Linville -
When adding a TDLS peer STA, mark it with a new flag in both nl80211 and
mac80211. Before adding a peer, make sure the wiphy supports TDLS and
our operating mode is appropriate (managed).In addition, make sure all peers are removed on disassociation.
A TDLS peer is first added just before link setup is initiated. In later
setup stages we have more info about peer supported rates, capabilities,
etc. This info is reported via nl80211_set_station().Signed-off-by: Arik Nemtsov
Cc: Kalyan C Gaddam
Signed-off-by: John W. Linville -
Add support for sending high-level TDLS commands and TDLS frames via
NL80211_CMD_TDLS_OPER and NL80211_CMD_TDLS_MGMT, respectively. Add
appropriate cfg80211 callbacks for lower level drivers.Add wiphy capability flags for TDLS support and advertise them via
nl80211.Signed-off-by: Arik Nemtsov
Cc: Kalyan C Gaddam
Signed-off-by: John W. Linville -
Currently, when hostapd sets the station as authorized
we also overwrite its uAPSD parameter. This obviously
leads to buggy behaviour (later, with my patches that
actually add uAPSD support). To fix this, only apply
those parameters if they were actually set in nl80211,
and to achieve that add a bitmap of things to apply.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
28 Sep, 2011
6 commits
-
Conflicts:
drivers/net/wireless/iwlwifi/iwl-scan.c
net/wireless/nl80211.c -
Correct flag usage - use it as a bit index instead of a bit value.
Signed-off-by: Arik Nemtsov
Signed-off-by: John W. Linville -
tx params are currently configured per hw, although they
should be configured per interface.Signed-off-by: Eliad Peller
Signed-off-by: John W. Linville -
Add a new nl80211 attribute to specify whether to send the management
frames in CCK rate or not. As of now the wpa_supplicant is disabling
CCK rate at P2P init itself. So this patch helps to send P2P probe
request/probe response/action frames being sent at non CCK rate in 2GHz
without disabling 11b rates.This attribute is used with NL80211_CMD_TRIGGER_SCAN and
NL80211_CMD_FRAME commands to disable CCK rate for management frame
transmission.Cc: Jouni Malinen
Signed-off-by: Rajkumar Manoharan
Signed-off-by: John W. Linville -
Instead of using a hardcoded list of cipher suites in nl80211.c, use a
shared function in util.c to verify that the driver advertises support
for the specified cipher. This provides more accurate validation of the
values and allows vendor-specific cipher suites to be added in drivers.Signed-off-by: Jouni Malinen
Signed-off-by: John W. Linville -
NL80211_ATTR_AKM_SUITES can be used to configure new AKMs, like FT or
the SHA-256 -based AKMs or FT from 802.11r/802.11w. In addition, vendor
specific AKMs could be used. The current validation code for the connect
command prevents cfg80211-based drivers from using these mechanisms even
if the driver would not actually use this AKM value (i.e., it uses
WPA/RSN IE from user space). mac80211-based drivers allow any AKM to be
used since this value is not used there.Remove the unnecessary validation step in cfg80211 to allow drivers to
decide what AKMs are supported. In theory, we could handle this by
advertising supported AKMs, but that would not be very effective unless
we enforce all drivers (including mac80211) to advertise the set of
supported AKMs. This would require additional changes in many places
whenever a new AKM is introduced even though no actually functionality
changes may be required in most drivers.Signed-off-by: Jouni Malinen
Signed-off-by: John W. Linville
22 Sep, 2011
1 commit
-
Incorrect variable was used in validating the akm_suites array from
NL80211_ATTR_AKM_SUITES. In addition, there was no explicit
validation of the array length (we only have room for
NL80211_MAX_NR_AKM_SUITES).This can result in a buffer write overflow for stack variables with
arbitrary data from user space. The nl80211 commands using the affected
functionality require GENL_ADMIN_PERM, so this is only exposed to admin
users.Cc: stable@kernel.org
Signed-off-by: Jouni Malinen
Signed-off-by: John W. Linville
21 Sep, 2011
2 commits
-
cfg80211_conn_scan allows disabled channels at scan request.
Hence probe request was seen at the disabled one. This patch
ensures that disabled channel never be added into the scan
request's channel list.Acked-by: Johannes Berg
Signed-off-by: Rajkumar Manoharan
Signed-off-by: John W. Linville -
Conflicts:
drivers/net/wireless/iwlwifi/iwl-pci.c
drivers/net/wireless/iwlwifi/iwl-trans-pcie-tx.c
drivers/net/wireless/rt2x00/rt2800usb.c
drivers/net/wireless/wl12xx/main.c
20 Sep, 2011
3 commits
-
When the driver (or most likely firmware) decides which AP to use
for roaming based on internal scan result processing, user space
needs to be notified of PMKSA caching candidates to allow RSN
pre-authentication to be used.Signed-off-by: Jouni Malinen
Signed-off-by: John W. Linville -
The IBSS BSSID is never validated, so an
invalid one might end up being used. Fix
this by rejecting invalid configuration.Reported-by: Marek Lindner
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Add function to find vendor-specific ie (along with
vendor-specific ie struct definition and P2P OUI values)Signed-off-by: Eliad Peller
Reviewed-by: Johannes Berg
Signed-off-by: John W. Linville
17 Sep, 2011
2 commits
-
The scan request received from cfg80211_connect do not
have proper rate mast. So the probe request sent on each
channel do not have proper the supported rates ie.Cc: stable@kernel.org
Reviewed-by: Johannes Berg
Signed-off-by: Rajkumar Manoharan
Signed-off-by: John W. Linville -
During the association, the regulatory is updated by country IE
that reaps the previously found beacons. The impact is that
after a STA disconnects *or* when for any reason a regulatory
domain change happens the beacon hint flag is not cleared
therefore preventing future beacon hints to be learned.
This is important as a regulatory domain change or a restore
of regulatory settings would set back the passive scan and no-ibss
flags on the channel. This is the right place to do this given that
it covers any regulatory domain change.Cc: stable@kernel.org
Reviewed-by: Luis R. Rodriguez
Signed-off-by: Rajkumar Manoharan
Acked-by: Luis R. Rodriguez
Signed-off-by: John W. Linville
15 Sep, 2011
3 commits
-
The format is intended to be like the subfields
in the QoS Info field, verify that is the case.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Reorder functions to remove the need for a forward declaration
introduced by the last commit.Signed-off-by: Sven Neumann
Cc: John W. Linville
Cc: Luis R. Rodriguez
Cc: Daniel Mack
Cc: linux-wireless@vger.kernel.org
Acked-by: Luis R. Rodriguez
Signed-off-by: John W. Linville -
The function wiphy_update_regulatory() uses the static variable
last_request and thus needs to be called with reg_mutex held.
This is the case for all users in reg.c, but the function was
exported for use by wiphy_register(), from where it is called
without the lock being held.Fix this by making wiphy_update_regulatory() private and introducing
regulatory_update() as a wrapper that acquires and holds the lock.Signed-off-by: Sven Neumann
Cc: John W. Linville
Cc: Luis R. Rodriguez
Cc: Daniel Mack
Cc: linux-wireless@vger.kernel.org
Acked-by: Luis R. Rodriguez
Signed-off-by: John W. Linville
14 Sep, 2011
3 commits
-
Two spaces and the second "KHz" suggest that the code author meant to
print the bandwidth but forgot it. The code appears in commit e702d3cf
already with two spaces and "KHz" in place of the bandwidth.Signed-off-by: Pavel Roskin
Acked-by: Luis R. Rodriguez
Signed-off-by: John W. Linville -
Introduce filtering for scheduled scans to reduce the number of
unnecessary results (which cause useless wake-ups).Add a new nested attribute where sets of parameters to be matched can
be passed when starting a scheduled scan. Only scan results that
match any of the sets will be returned.At this point, the set consists of a single parameter, an SSID. This
can be easily extended in the future to support more complex matches.Signed-off-by: Luciano Coelho
Signed-off-by: John W. Linville -
add WIPHY_FLAG_AP_UAPSD flag to indicate uapsd support on
AP mode.Advertise it to userspace by including a new
NL80211_ATTR_SUPPORT_AP_UAPSD attribute.Signed-off-by: Eliad Peller
Signed-off-by: John W. Linville
