13 Oct, 2015
2 commits
-
Add the option to configure multiple 'scan plans' for scheduled scan.
Each 'scan plan' defines the number of scan cycles and the interval
between scans. The scan plans are executed in the order they were
configured. The last scan plan will always run infinitely and thus
defines only the interval between scans.
The maximum number of scan plans supported by the device and the
maximum number of iterations in a single scan plan are advertised
to userspace so it can configure the scan plans appropriately.When scheduled scan results are received there is no way to know which
scan plan is being currently executed, so there is no way to know when
the next scan iteration will start. This is not a problem, however.
The scan start timestamp is only used for flushing old scan results,
and there is no difference between flushing all results received until
the end of the previous iteration or the start of the current one,
since no results will be received in between.Signed-off-by: Avraham Stern
Signed-off-by: Luca Coelho
Signed-off-by: Johannes Berg -
For location and connectivity services, userspace would often like
to know the time when the BSS was last seen. The current "last seen"
value is calculated in a way that makes it less useful, especially
if the system suspended in the meantime.Add the ability for the driver to report a real CLOCK_BOOTTIME stamp
that can then be reported to userspace (if present).Drivers wishing to use this must be converted to the new API to call
cfg80211_inform_bss_data() or cfg80211_inform_bss_frame_data(). They
need to ensure the reported value is accurate enough even when the
frame might have been buffered in the device (e.g. firmware.)Signed-off-by: Dmitry Shmidt
[modified to use struct, inlines]
Signed-off-by: Johannes Berg
03 Mar, 2015
1 commit
-
802.11ad adds new a network type (PBSS) and changes the capability
field interpretation for the DMG (60G) band.
The same 2 bits that were interpreted as "ESS" and "IBSS" before are
re-used as a 2-bit field with 3 valid values (and 1 reserved). Valid
values are: "IBSS", "PBSS" (new) and "AP".In order to get the BSS struct for the new PBSS networks, change the
cfg80211_get_bss() function to take a new enum ieee80211_bss_type
argument with the valid network types, as "capa_mask" and "capa_val"
no longer work correctly (the search must be band-aware now.)The remaining bits in "capa_mask" and "capa_val" are used only for
privacy matching so replace those two with a privacy enum as well.Signed-off-by: Dedy Lansky
[rewrite commit log, tiny fixes]
Signed-off-by: Johannes Berg
01 Mar, 2015
2 commits
-
When using the wext compatibility code in cfg80211, part of the IEs
can be truncated if the passed user buffer is large enough for part
of the BSS but not large enough for all of the IEs. This can cause
an EAP network to show up as a PSK network.Always return -E2BIG in this case to avoid truncating data.
Since this changes the control flow, use an on-stack variable for
a small buffer instead of allocating it.Signed-off-by: James Minor
[rework patch to error out immediately, use _check wrappers]
Signed-off-by: Johannes Berg -
When a fully converted cfg80211 driver needs cfg80211-wext for
userspace API purposes, the symbols need not be exported. When
other drivers (orinoco/hermes or ipw2200) are enabled, they do
need the symbols exported as they use them directly.Make those drivers select a new CFG80211_WEXT_EXPORT Kconfig
symbol (instead of just CFG80211_WEXT) and export the functions
only if requested - this saves about 1/2k due to the size of
EXPORT_SYMBOL() itself.Signed-off-by: Johannes Berg
18 Dec, 2014
1 commit
-
Because of possible races when accessing sched_scan_req pointer in
rdev, the sched_scan_req is converted to RCU pointer.Signed-off-by: Jukka Rissanen
Signed-off-by: Johannes Berg
05 Sep, 2014
1 commit
-
Our legal structure changed at some point (see wikipedia), but
we forgot to immediately switch over to the new copyright
notice.For files that we have modified in the time since the change,
add the proper copyright notice now.Signed-off-by: Johannes Berg
Signed-off-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
26 Aug, 2014
2 commits
-
When using the cfg80211_inform_bss[_width]() functions drivers
cannot currently indicate whether the data was received in a
beacon or probe response. Fix that by passing a new enum that
indicates such (or unknown).For good measure, use it in ath6kl.
Acked-by: Kalle Valo [ath6kl]
Acked-by: Arend van Spriel [brcmfmac]
Signed-off-by: Johannes Berg -
There are a few possible cases of where BSS data came from:
1) only a beacon has been received
2) only a probe response has been received
3) the driver didn't report what it received (this happens when
using cfg80211_inform_bss[_width]())
4) both probe response and beacon data has been receivedUnfortunately, in the userspace API, a few things weren't there:
a) there was no way to differentiate cases 1) and 4) above
without comparing the data of the IEs
b) the TSF was always from the last frame, instead of being
exposed for beacon/probe response separately like IEsFix this by
i) exporting a new flag attribute that indicates whether or
not probe response data has been received - this addresses (a)
ii) exporting a BEACON_TSF attribute that holds the beacon's TSF
if a beacon has been received
iii) not exporting the beacon attributes in case (3) above as that
would just lead userspace into thinking the data actually came
from a beacon when that isn't clearTo implement this, track inside the IEs struct whether or not it
(definitely) came from a beacon.Reported-by: William Seto
Signed-off-by: Johannes Berg
23 May, 2014
1 commit
22 May, 2014
1 commit
-
Channels in 2.4GHz band overlap, this means that if we
send a probe request on channel 1 and then move to channel
2, we will hear the probe response on channel 2. In this
case, the RSSI will be lower than if we had heard it on
the channel on which it was sent (1 in this case).The firmware / low level driver can parse the channel in
the DS IE or HT IE and compensate the RSSI so that it will
still have a valid value even if we heard the frame on an
adjacent channel. This can be done up to a certain offset.Add this offset as a configuration for the low level driver.
A low level driver that can compensate the low RSSI in this
case should assign the maximal offset for which the RSSI
value is still valid.Signed-off-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
14 May, 2014
1 commit
05 May, 2014
1 commit
-
Add locked-version for cfg80211_sched_scan_stopped.
This is used for some users that might want to
call it when rtnl is already locked.Fixes: d43c6b6 ("mac80211: reschedule sched scan after HW restart")
Cc: stable@vger.kernel.org (3.14+)
Signed-off-by: Eliad Peller
Signed-off-by: Johannes Berg
25 Apr, 2014
2 commits
-
Name wiphy_to_rdev is more accurate to describe what the function
does, i.e., return a pointer pointing to struct
cfg80211_registered_device.Signed-off-by: Zhao, Gang
Signed-off-by: Johannes Berg -
Name "dev" is too common and ambiguous, let all the pointer name
pointing to struct cfg80211_registered_device be "rdev". This can
improve code readability and consistency(since other places have
already called it rdev).Signed-off-by: Zhao, Gang
Signed-off-by: Johannes Berg
10 Apr, 2014
2 commits
-
When looking for a BSS matching given parameters, ignore invalid
BSSIDs. This avoids, for example, trying to join an IBSS that has
a multicast BSSID, which isn't supported by all drivers nor is it
a valid configuration of the IBSS so better create a new one with
a correctly chosen random BSSID.Signed-off-by: Johannes Berg
-
cfg80211_wext_freq() is declared in wext-compat.h, but its
parameter struct wiphy's declaration is not included there.
As the parameter isn't used, just remove it.Signed-off-by: Zhao, Gang
[remove parameter instead of changing to netdev]
Signed-off-by: Johannes Berg
20 Mar, 2014
2 commits
-
RCU pointer bss->pub.beacon_ies is checked before in previous
statement:if (rcu_access_pointer(bss->pub.beacon_ies))
continue;There is no need to check it twice(and in the wrong way :) ).
Signed-off-by: Zhao, Gang
Signed-off-by: Johannes Berg -
On 2.4Ghz band, the channels overlap since the delta
between different channels is 5Mhz while the width of the
receiver is 20Mhz (at least).This means that we can hear beacons or probe responses from
adjacent channels. These frames will have a significant
lower RSSI which will feed all kinds of logic with inaccurate
data. An obvious example is the roaming algorithm that will
think our AP is getting weak and will try to move to another
AP.In order to avoid this, update the signal only if the frame
has been heard on the same channel as the one advertised by
the AP in its DS / HT IEs.
We refrain from updating the values only if the AP is
already in the BSS list so that we will still have a valid
(but inaccurate) value if the AP was heard on an adjacent
channel only.To achieve this, stop taking the channel from DS / HT IEs
in mac80211. The DS / HT IEs is taken into account to
discard the frame if it was received on a disabled channel.
This can happen due to the same phenomenon: the frame is
sent on channel 12, but heard on channel 11 while channel
12 can be disabled on certain devices. Since this check
is done in cfg80211, stop even checking this in mac80211.Signed-off-by: Emmanuel Grumbach
[remove unused rx_freq variable]
Signed-off-by: Johannes Berg
06 Feb, 2014
1 commit
-
Due to the previous commit, when a scan finishes, it is in theory
possible to hit the following sequence:
1. interface starts being removed
2. scan is cancelled by driver and cfg80211 is notified
3. scan done work is scheduled
4. interface is removed completely, rdev->scan_req is freed,
event sent to userspace but scan done work remains pending
5. new scan is requested on another virtual interface
6. scan done work runs, freeing the still-running scanTo fix this situation, hang on to the scan done message and block
new scans while that is the case, and only send the message from
the work function, regardless of whether the scan_req is already
freed from interface removal. This makes step 5 above impossible
and changes step 6 to be
5. scan done work runs, sending the scan done messageAs this can't work for wext, so we send the message immediately,
but this shouldn't be an issue since we still return -EBUSY.Signed-off-by: Johannes Berg
09 Jan, 2014
1 commit
-
Add a utility function to get the number of channels supported by
the device, and update the places in the code that need this data.Signed-off-by: Ilan Peer
[replace another occurrence in libertas, fix kernel-doc, fix bugs]
Signed-off-by: Johannes Berg
06 Dec, 2013
1 commit
-
___cfg80211_scan_done() can be called in some cases
(e.g. on NETDEV_DOWN) before the low level driver
notified scan completion (which is indicated by
passing leak=true).Clearing rdev->scan_req in this case is buggy, as
scan_done_wk might have already being queued/running
(and can't be flushed as it takes rtnl()).If a new scan will be requested at this stage, the
scan_done_wk will try freeing it (instead of the
previous scan), and this will later result in
a use after free.Simply remove the "leak" option, and replace it with
a standard WARN_ON.An example backtrace after such crash:
Unable to handle kernel paging request at virtual address fffffee5
pgd = c0004000
[fffffee5] *pgd=9fdf6821, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] SMP ARM
PC is at cfg80211_scan_done+0x28/0xc4 [cfg80211]
LR is at __ieee80211_scan_completed+0xe4/0x2dc [mac80211]
[] (cfg80211_scan_done+0x28/0xc4 [cfg80211])
[] (__ieee80211_scan_completed+0xe4/0x2dc [mac80211])
[] (ieee80211_scan_work+0x94/0x4f0 [mac80211])
[] (process_one_work+0x1b0/0x4a8)
[] (worker_thread+0x138/0x37c)
[] (kthread+0xa4/0xb0)Signed-off-by: Eliad Peller
Signed-off-by: Johannes Berg
21 Oct, 2013
1 commit
-
Since rdev->sched_scan_req is dereferenced outside the
lock protecting it, this might be done at the wrong
time, causing crashes. Move the dereference to where
it should be - inside the RTNL locked section.Cc: stable@vger.kernel.org [3.8+]
Reviewed-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
04 Sep, 2013
1 commit
-
This function is being removed, so remove the reference to it.
Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
16 Jul, 2013
1 commit
-
To allow scanning and working with 5 MHz and 10 MHz BSS, extend the
inform bss commands and add wrappers to take 5 and 10 MHz bss into
account.Signed-off-by: Simon Wunderlich
Signed-off-by: Mathias Kretschmer
Signed-off-by: Johannes Berg
24 Jun, 2013
1 commit
-
Should help the next person that tries to understand
the bss refcounting logic.Signed-off-by: Ben Greear
Signed-off-by: Johannes Berg
25 May, 2013
2 commits
-
Virtually all code paths in cfg80211 already (need to) hold
the RTNL. As such, there's little point in having another
four mutexes for various parts of the code, they just cause
lock ordering issues (and much of the time, the RTNL and a
few of the others need thus be held.)Simplify all this by getting rid of the extra four mutexes
and just use the RTNL throughout. Only a few code changes
were needed to do this and we can get rid of a work struct
for bonus points.Signed-off-by: Johannes Berg
-
The function is only used and needed by the wext code
for scanning, so move it there.Signed-off-by: Johannes Berg
24 Mar, 2013
1 commit
-
If a P2P device wdev is removed while it has a scan, then the
scan completion might crash later as it is already freed by
that time. To avoid the crash always check the scan completion
when the P2P device is being removed for some reason. If the
driver already canceled it, don't want and free it, otherwise
warn and leak it to avoid later crashes.In order to do this, locking needs to be changed away from the
rdev mutex (which can't always be guaranteed). For now, use
the sched_scan_mtx instead, I'll rename it to just scan_mtx in
a later patch.Signed-off-by: Johannes Berg
07 Mar, 2013
1 commit
-
In the odd case that while updating information from a beacon,
a BSS was found that is part of a hidden group, we drop the
new information. In this case, however, we leak the IE buffer
from the update, and erroneously update the entry's timestamp
so it will never time out. Fix both these issues.Cc: Larry Finger
Signed-off-by: Johannes Berg
15 Feb, 2013
2 commits
-
Add new NL80211_CMD_RADAR_DETECT, which starts the Channel
Availability Check (CAC). This command will also notify the
usermode about events (CAC finished, CAC aborted, radar
detected, NOP finished).
Once radar detection has started it should continuously
monitor for radars as long as the channel is active.This patch enables DFS for AP mode in nl80211/cfg80211.
Based on original patch by Victor Goldenshtein
Signed-off-by: Simon Wunderlich
[remove WIPHY_FLAG_HAS_RADAR_DETECT again -- my mistake]
Signed-off-by: Johannes Berg
13 Feb, 2013
1 commit
-
cfg80211_find_vendor_ie() was checking only that the vendor IE would
fit in the remaining IEs buffer. If a corrupt includes a vendor IE
that is too small, we could potentially overrun the IEs buffer.Fix this by checking that the vendor IE fits in the reported IE length
field and skip it otherwise.Reported-by: Jouni Malinen
Signed-off-by: Luciano Coelho
[change BUILD_BUG_ON to != 1 (from >= 2)]
Signed-off-by: Johannes Berg
12 Feb, 2013
4 commits
-
While technically the TSF isn't an IE, it can be
necessary to distinguish between the TSF from a
beacon and a probe response, in particular in
order to know the next DTIM TBTT, as not all APs
are spec compliant wrt. TSF==0 being a DTIM TBTT
and thus the DTIM count needs to be taken into
account as well.To allow this, move the TSF into the IE struct
so it can be known whence it came.Signed-off-by: Johannes Berg
-
There's no way scan BSS IEs can be NULL as even
if the allocation fails the frame is discarded.
Remove some code checking for this and document
that it is always non-NULL.Signed-off-by: Johannes Berg
-
Currently, cfg80211 will copy beacon IEs from a previously
received hidden SSID beacon to a probe response entry, if
that entry is created after the beacon entry. However, if
it is the other way around, or if the beacon is updated,
such changes aren't propagated.Fix this by tracking the relation between the probe
response and beacon BSS structs in this case.In case drivers have private data stored in a BSS struct
and need access to such data from a beacon entry, cfg80211
now provides the hidden_beacon_bss pointer from the probe
response entry to the beacon entry.Signed-off-by: Johannes Berg
-
This prepares for using the spinlock instead of krefs
which is needed in the next patch to track the refs
of combined BSSes correctly.Acked-by: Bing Zhao [mwifiex]
Signed-off-by: Johannes Berg
05 Feb, 2013
3 commits
-
Add inline wrappers for the BSS struct krefs
to be able to extend them easily later.Signed-off-by: Johannes Berg
-
This local variable is only used once, so remove it.
Signed-off-by: Johannes Berg
-
Instead of annotating with a comment, add a lockdep
annotation which also serves as documentation.Signed-off-by: Johannes Berg