09 Sep, 2009
2 commits
-
Handles the case when SIOCSIWSCAN specified iw_scan_req.num_channels and
iw_scan_req.channels[].Signed-off-by: Holger Schurig
Signed-off-by: John W. Linville -
cfg80211 is now *the* wireless configuration API. Lets also
give a little explanation as to what it is and refer people to
the wireless wiki for more information.Cc: Johannes Berg
Signed-off-by: Luis R. Rodriguez
Signed-off-by: John W. Linville
03 Sep, 2009
2 commits
-
The find_ie() function uses a size_t for the len parameter, and
directly uses len as a loop variable. If any received packets
are malformed, it is possible for the decrease of len to overflow,
and since the result is unsigned, the loop will not terminate.
Change it to a signed int so the loop conditional works for
negative values.This fixes the following soft lockup:
[38573.102007] BUG: soft lockup - CPU#0 stuck for 61s! [phy0:2230]
[38573.102007] Modules linked in: aes_i586 aes_generic fuse af_packet ipt_REJECT xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_state iptable_filter ip_tables x_tables acpi_cpufreq binfmt_misc dm_mirror dm_region_hash dm_log dm_multipath dm_mod kvm_intel kvm uinput i915 arc4 ecb drm snd_hda_codec_idt ath5k snd_hda_intel hid_apple mac80211 usbhid appletouch snd_hda_codec snd_pcm ath cfg80211 snd_timer i2c_algo_bit ohci1394 video snd processor ieee1394 rfkill ehci_hcd sg sky2 backlight snd_page_alloc uhci_hcd joydev output ac thermal button battery sr_mod applesmc cdrom input_polldev evdev unix [last unloaded: scsi_wait_scan]
[38573.102007] irq event stamp: 2547724535
[38573.102007] hardirqs last enabled at (2547724534): [] restore_all_notrace+0x0/0x18
[38573.102007] hardirqs last disabled at (2547724535): [] apic_timer_interrupt+0x28/0x34
[38573.102007] softirqs last enabled at (92950144): [] __do_softirq+0x108/0x210
[38573.102007] softirqs last disabled at (92950274): [] _spin_lock_bh+0x14/0x80
[38573.102007]
[38573.102007] Pid: 2230, comm: phy0 Tainted: G W (2.6.31-rc7-wl #8) MacBook1,1
[38573.102007] EIP: 0060:[] EFLAGS: 00010292 CPU: 0
[38573.102007] EIP is at cmp_ies+0x30/0x180 [cfg80211]
[38573.102007] EAX: 00000082 EBX: 00000000 ECX: ffffffc1 EDX: d8efd014
[38573.102007] ESI: ffffff7c EDI: 0000004d EBP: eee2dc50 ESP: eee2dc3c
[38573.102007] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[38573.102007] CR0: 8005003b CR2: d8efd014 CR3: 01694000 CR4: 000026d0
[38573.102007] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[38573.102007] DR6: ffff0ff0 DR7: 00000400
[38573.102007] Call Trace:
[38573.102007] [] cmp_bss+0xed/0x100 [cfg80211]
[38573.102007] [] cfg80211_bss_update+0x84/0x410 [cfg80211]
[38573.102007] [] cfg80211_inform_bss_frame+0x114/0x180 [cfg80211]
[38573.102007] [] ieee80211_bss_info_update+0x4f/0x180 [mac80211]
[38573.102007] [] ieee80211_rx_bss_info+0x88/0xf0 [mac80211]
[38573.102007] [] ? ieee802_11_parse_elems+0x27/0x30 [mac80211]
[38573.102007] [] ieee80211_rx_mgmt_probe_resp+0xa4/0x1c0 [mac80211]
[38573.102007] [] ieee80211_sta_rx_queued_mgmt+0x919/0xc50 [mac80211]
[38573.102007] [] ? sched_clock+0x27/0xa0
[38573.102007] [] ? sched_clock+0x27/0xa0
[38573.102007] [] ? mark_held_locks+0x60/0x80
[38573.102007] [] ? _spin_unlock_irqrestore+0x55/0x70
[38573.102007] [] ? sub_preempt_count+0x85/0xc0
[38573.102007] [] ? _spin_unlock_irqrestore+0x3e/0x70
[38573.102007] [] ? skb_dequeue+0x4f/0x70
[38573.102007] [] ieee80211_sta_work+0x91/0xb80 [mac80211]
[38573.102007] [] ? sched_clock+0x27/0xa0
[38573.102007] [] ? sub_preempt_count+0x85/0xc0
[38573.102007] [] worker_thread+0x18f/0x320
[38573.102007] [] ? worker_thread+0x12e/0x320
[38573.102007] [] ? _spin_unlock_irqrestore+0x55/0x70
[38573.102007] [] ? ieee80211_sta_work+0x0/0xb80 [mac80211]
[38573.102007] [] ? autoremove_wake_function+0x0/0x50
[38573.102007] [] ? worker_thread+0x0/0x320
[38573.102007] [] kthread+0x84/0x90
[38573.102007] [] ? kthread+0x0/0x90
[38573.102007] [] kernel_thread_helper+0x7/0x10Cc: stable@kernel.org
Signed-off-by: Bob Copeland
Signed-off-by: John W. Linville -
Refer to the wireless wiki for more information.
Signed-off-by: Luis R. Rodriguez
Signed-off-by: John W. Linville
29 Aug, 2009
4 commits
-
Jump to out_err when the iftype is not supported.
Signed-off-by: Roel Kluin
Signed-off-by: John W. Linville -
When the interface type changes while connected, and the
driver does not require the interface to be down for a
type change, it is currently possible to get very strange
results unless the driver takes special care, which it
shouldn't have to.To fix this, take care to disconnect/leave IBSS when
changing the interface type -- even if the driver may fail
the call. Also process all events that may be pending to
avoid running into a situation where an event is reported
but only processed after the type has already changed,
which would lead to missing events and warnings.A side effect of this is that you will have disconnected
or left the IBSS even if the mode change ultimately fails,
but since the intention was to change it and thus leave or
disconnect, this is not a problem.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Bob reported that he got warnings in IBSS mode about
the ssid_len being zero on a joined event, but only
when kmemcheck was enabled. This appears to be due
to a race condition between drivers and userspace,
when the driver reports joined but the user in the
meantime decided to leave the IBSS again, the warning
would trigger. This was made more likely by kmemcheck
delaying the code that does the check and sends the
event.So first, make the warning trigger closer to the
driver, which means it's not locked, but since only
the warning depends on it that's ok.And secondly, users will not want to have spurious
warnings at all, so make those that are known to be
racy in such a way configurable.Reported-by: Bob Copeland
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
When we lose a scan, cfg80211 tries to clean up after
the driver. However, it currently does this too early,
it does this in GOING_DOWN already instead of DOWN, so
it may happen with mac80211. Besides fixing this, also
make it more robust by leaking the scan request so if
the driver later actually finishes the scan, it won't
crash. Also check in ___cfg80211_scan_done whether a
scan request is still pending and exit if not.Reported-by: Felix Fietkau
Signed-off-by: Johannes Berg
Tested-by: Felix Fietkau
Signed-off-by: John W. Linville
20 Aug, 2009
6 commits
-
In case of connection failure, the bssid info is not a must have.
Signed-off-by: Zhu Yi
Acked-by: Johannes Berg
Signed-off-by: John W. Linville -
This only occurs in the following error situations:
- driver calls connect_result with failure
- error scheduling authentication on connect
- error initiating scan (to get BSSID and channel) on
connect
- userspace calls disconnect while in the SCANNING or
SCAN_AGAIN statesSigned-off-by: David Kilroy
Reviewed-by: Johannes Berg
Signed-off-by: John W. Linville -
My patch "cfg80211: fix deadlock" broke the code it
was supposed to fix, the scan request checking. But
it's not trivial to put it back the way it was, since
the original patch had a deadlock.Now do it in a completely new way: queue the check
off to a work struct, where we can freely lock. But
that has some more complications, like needing to
wait for it to be done before the wiphy/rdev can be
destroyed, so some code is required to handle that.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Instead of hacking the event reporting into the
__cfg80211_connect_result() function which is also
invoked by others, set up things correctly and then
invoke that function, so that it can do more sanity
checking.Also, it is currently not possible to get a ROAMED
event from the userspace SME anyway since we send
out a DISCONNECTED event when it disassociates and
then a new CONNECTED event on the next association.Thanks to Zhu Yi for pointing out that the code is
somewhat convoluted and doesn't warn when it should.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
When removing an interface with nl80211, cfg80211 will
deadlock in the netdev notifier because we're already
holding rdev->mtx and try to acquire it again to verify
the scan has been done.This bug was introduced by my patch
"cfg80211: check for and abort dangling scan requests".To fix this, move the dangling scan request check into
wiphy_unregister(). This will not be able to catch all
cases right away, but if the scan problem happens with
a manual ifdown or so it will be possible to remedy it
by removing the module/device.Additionally, add comments about the deadlock scenario.
Reported-by: Christian Lamparter
Signed-off-by: Johannes Berg
Tested-by: Christian Lamparter
Tested-by: Kalle Valo
Signed-off-by: John W. Linville -
cfg80211_wext_siwfreq() should be exported with EXPORT_SYMBOL_GPL.
Signed-off-by: Jussi Kivilinna
Acked-by: Johannes Berg
Signed-off-by: John W. Linville
14 Aug, 2009
16 commits
-
Sometimes drivers might have a good reason to override
the PS default, like iwlwifi right now where it affects
RX performance significantly at this point. This will
allow them to override the default, if desired, in a
way that users can still change it according to their
trade-off choices, not the driver's, like would happen
if the driver just disabled PS completely then.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
If you trigger a scan request on an interface and then
take it down, or rmmod the module or unplug the device
the driver might "forget" to cancel the scan request.
That is a bug in the driver, but the current behaviour
is that we just hang endlessly waiting for the netdev
refcount to become 0 which it never will. To improve
robustness, check for this situation in cfg80211, warn
about it and clean up behind the driver. I don't just
clean up silently because it's likely that the driver
also has some internal state it has now leaked.Additionally, this fixes a locking bug, clearing the
scan_req pointer should be done under the rdev lock.Finally, we also need to _wait_ for the scan work and
not just abort it since it might be pending and wanting
to do a cleanup.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Signed-off-by: Thadeu Lima de Souza Cascardo
Signed-off-by: John W. Linville -
The 11s task group recently changed the frame mesh multicast/broadcast frame
format to use 3-address. This was done to avoid interactions with widely
deployed lazy-WDS access points.This patch changes the format of group addressed frames, both mesh-originated
and proxied, to use the data format defined in draft D2.08 and forward. The
address fields used for group addressed frames is:In 802.11 header
ToDS:0 FromDS:1
addr1: DA (broadcast/multicast address)
addr2: TA
addr3: Mesh SAIn address extension header:
addr4: SA (only present if frame was proxied)Note that this change breaks backward compatibility with earlier mesh stack
versions.Signed-off-by: Andrey Yurovsky
Signed-off-by: Javier Cardona
Signed-off-by: John W. Linville -
When calling into the wext code from the NETDEV_UP
notifier, we need to hold the devlist_mtx mutex as
the wext code ends up calling into channel checks.Reported-by: Kalle Valo
Signed-off-by: Johannes Berg
Tested-by: Kalle Valo
Signed-off-by: John W. Linville -
This removes the max_bandwidth attribute. It is only ever
written to, and is duplicated by max_bandwidth_khz in the
regulatory code.Signed-off-by: Pat Erley
Acked-by: Johannes Berg
Signed-off-by: John W. Linville -
"cfg80211: validate channel settings across interfaces"
contained a locking bug -- in the managed-mode SIWFREQ
call it would end up running into a lock recursion.This fixes it by not checking that particular interface
for a channel that it needs to stay on, which is as it
should be as that's the interface we're setting the
channel for.Reported-by: Reinette Chatre
Reported-by: Kalle Valo
Signed-off-by: Johannes Berg
Tested-by: Kalle Valo
Tested-by: Reinette Chatre
Signed-off-by: John W. Linville -
The memory layout for scan requests was rather wrong,
we put the scan SSIDs before the channels which could
lead to the channel pointers being unaligned in memory.
It turns out that using a pointer to the channel array
isn't necessary anyway since we can embed a zero-length
array into the struct.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
In order for userspace to be able to figure out whether
it obtained a consistent snapshot of data or not when
using netlink dumps, we need to have a generation number
in each dump message that indicates whether the list has
changed or not -- its value is arbitrary.This patch adds such a number to all dumps, this needs
some mac80211 involvement to keep track of a generation
number to start with when adding/removing mesh paths or
stations.The wiphy and netdev lists can be fully handled within
cfg80211, of course, but generation numbers need to be
stored there as well.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
With the move of everything related to the SME from
mac80211 to cfg80211, we lost the ability to send
reassociation frames. This adds them back, but only
for wireless extensions. With the userspace SME, it
shall control assoc vs. reassoc (it already can do
so with the nl80211 interface).I haven't touched the connect() implementation, so
it is not possible to reassociate with the nl80211
connect primitive. I think that should be done with
the NL80211_CMD_ROAM command, but we'll have to see
how that can be handled in the future, especially
with fullmac chips.This patch addresses only the immediate regression
we had in mac80211, which previously sent reassoc.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Currently, there's a problem that affects regulatory
enforcement and connection stability, in that it is
possible to switch the channel while connected to a
network or joined to an IBSS.The problem comes from the fact that we only validate
the channel against the current interface's type, not
against any other interface. Thus, you have any type
of interface up, additionally bring up a monitor mode
interface and switch the channel on the monitor. This
will obviously also switch the channel on the other
interface.The problem now is that if you do that while sending
beacons for IBSS mode, you can switch to a disabled
channel or a channel that doesn't allow beaconing.
Combined with a managed mode interface connected to
an AP instead of an IBSS interface, you can easily
break the connection that way.To fix this, this patch validates any channel change
with all available interfaces, and disallows such
changes on secondary interfaces if another interface
is connected to an AP or joined to an IBSS.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
With iwconfig there is no way to properly set the ciphers when trying to
connect to a WEP SSID. Although mac80211 based drivers dont need it, several
fullmac drivers do.
This patch basically sets the WEP ciphers whenever they're not set at all.Signed-off-by: Samuel Ortiz
Signed-off-by: John W. Linville -
When an AP disassociates us, we currently go into a weird
state because the SME doesn't handle authenticated but not
associated well unless it's within its own state machine,
it can't recover from that. However, it shouldn't need to,
since we don't do any decisions in it really -- so when we
get disconnected, simply deauthenticate too.Reported-by: Pavel Roskin
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
When reporting a disconnection to userspace, we try
to report whether it was from the AP or by our own
choice. However, we misreported a broadcast deauth
or disassoc as being by own choice, which is wrong.
Fix this by checking the sender address instead of
the destination address.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
WARN_ON was triggered at mlme.c:213 when dissociating from an AP.
wdev->current_bss->pub.bssid should be used in place of
wdev->current_bss for BSSID comparison.Signed-off-by: Pavel Roskin
Reviewed-by: Johannes Berg
Signed-off-by: John W. Linville -
cfg80211 displays correct link info when connected by wext. But if
the connection is setup by cfg80211, wext cannot display the SSID.
This patch fixed this issue.Cc: Johannes Berg
Signed-off-by: Zhu Yi
Signed-off-by: John W. Linville
13 Aug, 2009
1 commit
-
Conflicts:
arch/microblaze/include/asm/socket.h
05 Aug, 2009
9 commits
-
The SME state machine in cfg80211 uses the SSID stored
in struct wireless_dev internally, but fails to clear
it in multiple places (when giving up on a connection
attempt and when disconnecting). This doesn't matter to
the SME state machine, but does matter for IBSS. Thus,
in those cases, clear the SSID to avoid messing up the
IBSS state machine.Reported-by: Joerg Albert
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
The default of 500ms is pretty high, and leads
to the device being awake at least 50% of the
time under such light traffic conditions as a
simple 1 second interval ping. Reduce to just
100ms -- it should have a similar effect while
providing a better sleep time.Signed-off-by: Johannes Berg
Reviewed-by: Kalle Valo
Signed-off-by: John W. Linville -
Since the bss is always set now once we are connected, if the
bss has its own information element we refer to it and pass that
instead of relying on mac80211's parsing.Now all cfg80211 drivers get country IE support, automatically and
we reduce the call overhead that we had on mac80211 which called this
upon every beacon and instead now call this only upon a successfull
connection by a STA on cfg80211.Acked-by: Johannes Berg
Signed-off-by: Luis R. Rodriguez
Signed-off-by: John W. Linville -
We change regulatory code to be protected by its own regulatory
mutex and alleviate cfg80211_mutex to only be used to protect
cfg80211_rdev_list, the registered device list.By doing this we will be able to work on regulatory core components
without having to have hog up the cfg80211_mutex. An example here is
we no longer need to use the cfg80211_mutex during driver specific
wiphy_apply_custom_regulatory(). We also no longer need it for the
the country IE regulatory hint; by doing so we end up curing this
new lockdep warning:=======================================================
[ INFO: possible circular locking dependency detected ]
2.6.31-rc4-wl #12
-------------------------------------------------------
phy1/1709 is trying to acquire lock:
(cfg80211_mutex){+.+.+.}, at: [] regulatory_hint_11d+0x32/0x3f0 [cfg80211]but task is already holding lock:
(&ifmgd->mtx){+.+.+.}, at: [] ieee80211_sta_work+0x108/0x10f0 [mac80211]which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&ifmgd->mtx){+.+.+.}:
[] __lock_acquire+0xd76/0x12b0
[] lock_acquire+0xe3/0x120
[] mutex_lock_nested+0x44/0x350
[] ieee80211_mgd_auth+0x108/0x1f0 [mac80211]
[] ieee80211_auth+0x13/0x20 [mac80211]
[] __cfg80211_mlme_auth+0x1b1/0x2a0 [cfg80211]
[] cfg80211_mlme_auth+0x86/0xc0 [cfg80211]
[] nl80211_authenticate+0x21d/0x230 [cfg80211]
[] genl_rcv_msg+0x1b6/0x1f0
[] netlink_rcv_skb+0x89/0xb0
[] genl_rcv+0x29/0x40
[] netlink_unicast+0x29d/0x2b0
[] netlink_sendmsg+0x214/0x300
[] sock_sendmsg+0x107/0x130
[] sys_sendmsg+0x189/0x320
[] system_call_fastpath+0x16/0x1b
[] 0xffffffffffffffff-> #2 (&wdev->mtx){+.+.+.}:
[] __lock_acquire+0xd76/0x12b0
[] lock_acquire+0xe3/0x120
[] mutex_lock_nested+0x44/0x350
[] cfg80211_netdev_notifier_call+0x1a4/0x390 [cfg80211]
[] notifier_call_chain+0x3f/0x80
[] raw_notifier_call_chain+0x11/0x20
[] dev_open+0x10a/0x120
[] dev_change_flags+0x9d/0x1e0
[] devinet_ioctl+0x6fe/0x760
[] inet_ioctl+0x94/0xc0
[] sock_ioctl+0x6a/0x290
[] vfs_ioctl+0x31/0xa0
[] do_vfs_ioctl+0x8a/0x5c0
[] sys_ioctl+0x99/0xa0
[] system_call_fastpath+0x16/0x1b
[] 0xffffffffffffffff-> #1 (&rdev->mtx){+.+.+.}:
[] __lock_acquire+0xd76/0x12b0
[] lock_acquire+0xe3/0x120
[] mutex_lock_nested+0x44/0x350
[] cfg80211_get_dev_from_ifindex+0x60/0x90 [cfg80211]
[] get_rdev_dev_by_info_ifindex+0x6f/0xa0 [cfg80211]
[] nl80211_set_interface+0x3b/0x260 [cfg80211]
[] genl_rcv_msg+0x1b6/0x1f0
[] netlink_rcv_skb+0x89/0xb0
[] genl_rcv+0x29/0x40
[] netlink_unicast+0x29d/0x2b0
[] netlink_sendmsg+0x214/0x300
[] sock_sendmsg+0x107/0x130
[] sys_sendmsg+0x189/0x320
[] system_call_fastpath+0x16/0x1b
[] 0xffffffffffffffffother info that might help us debug this:
3 locks held by phy1/1709:
#0: ((wiphy_name(local->hw.wiphy))){+.+.+.}, at: [] worker_thread+0x19d/0x340
#1: (&ifmgd->work){+.+.+.}, at: [] worker_thread+0x19d/0x340
#2: (&ifmgd->mtx){+.+.+.}, at: [] ieee80211_sta_work+0x108/0x10f0 [mac80211]Reported-by: Reinette Chatre
Acked-by: Johannes Berg
Signed-off-by: Luis R. Rodriguez
Signed-off-by: John W. Linville -
Simplify the country IE hint code by just bailing out if
a previous country IE has been issued. We currently just trust
the first AP we connect to on any card. The idea was to perform
conflict resolution within this routine but since we can no longer
iterate over the registered device list here we leave conflict
resolution to be dealt with at a later time on the workqueue.This code has no functional changes other than saving us an
interation over the registered device list when a second card
is connected, or you unplug and connect the same one, and a
country IE is received. This would have been done upon every
beacon received.Signed-off-by: Luis R. Rodriguez
Signed-off-by: John W. Linville -
This has no functional changes.
Acked-by: Johannes Berg
Signed-off-by: Luis R. Rodriguez
Signed-off-by: John W. Linville -
It's possible to get the NETDEV_UNREGISTER callback multiple
times (see net/core/dev.c:netdev_wait_allrefs) and this will
completely mess up our cleanup code. To avoid that, clean up
only when the interface is still on the wiphy interface list
from which it's removed on the first NETDEV_UNREGISTER call.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
When a userspace SME is active, we're currently not
keeping track of the BSS properly for reporting the
current link and for internal use. Additionally, it
looks like there is a possible BSS leak in that the
BSS never gets removed from auth_bsses[]. To fix it,
pass the BSS struct to __cfg80211_connect_result in
this case.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Signed-off-by: Luis R. Rodriguez
Signed-off-by: John W. Linville