08 Oct, 2019
1 commit
-
cfg80211_update_notlisted_nontrans() leaves the RCU critical session
too early, while still using nontrans_ssid which is RCU protected. In
addition, it performs a bunch of RCU pointer update operations such
as rcu_access_pointer and rcu_assign_pointer.The caller, cfg80211_inform_bss_frame_data(), also accesses the RCU
pointer without holding the lock.Just wrap all of this with bss_lock.
Signed-off-by: Sara Sharon
Signed-off-by: Luca Coelho
Link: https://lore.kernel.org/r/20191004123706.15768-3-luca@coelho.fi
Signed-off-by: Johannes Berg
01 Oct, 2019
1 commit
-
The code copying the data assumes that the SSID element is
before the MBSSID element, but since the data is untrusted
from the AP, this cannot be guaranteed.Validate that this is indeed the case and ignore the MBSSID
otherwise, to avoid having to deal with both cases for the
copy of data that should be between them.Cc: stable@vger.kernel.org
Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning")
Link: https://lore.kernel.org/r/1569009255-I1673911f5eae02964e21bdc11b2bf58e5e207e59@changeid
Signed-off-by: Johannes Berg
29 Jul, 2019
2 commits
-
When associated BSS completes channel switch procedure, its channel
record needs to be updated. The existing mac80211 solution was
extended to cfg80211 in commit 5dc8cdce1d72 ("mac80211/cfg80211:
update bss channel on channel switch").However that solution still appears to be incomplete as it may lead
to duplicated scan entries for associated BSS after channel switch.
The root cause of the problem is as follows. Each BSS entry is
included into the following data structures:
- bss list rdev->bss_list
- bss search tree rdev->bss_tree
Updating BSS channel record without rebuilding bss_tree may break
tree search since cmp_bss considers all of the following: channel,
bssid, ssid. When BSS channel is updated, but its location in bss_tree
is not updated, then subsequent search operations may fail to locate
this BSS since they will be traversing bss_tree in wrong direction.
As a result, for scan performed after associated BSS channel switch,
cfg80211_bss_update may add the second entry for the same BSS to both
bss_list and bss_tree, rather then update the existing one.To summarize, if BSS channel needs to be updated, then bss_tree should
be rebuilt in order to put updated BSS entry into a proper location.This commit suggests the following straightforward solution:
- if new entry has been already created for BSS after channel switch,
then use its IEs to update known BSS entry and then remove new
entry completely
- use rb_erase/rb_insert_bss reinstall updated BSS in bss_tree
- for nontransmit BSS entry, the whole transmit BSS hierarchy
is updatedSigned-off-by: Sergey Matyukevich
Link: https://lore.kernel.org/r/20190726163922.27509-3-sergey.matyukevich.os@quantenna.com
Signed-off-by: Johannes Berg -
This patch implements minor refactoring for cfg80211_bss_update function.
Code path for updating known BSS is extracted into dedicated
cfg80211_update_known_bss function.Signed-off-by: Sergey Matyukevich
Link: https://lore.kernel.org/r/20190726163922.27509-2-sergey.matyukevich.os@quantenna.com
Signed-off-by: Johannes Berg
26 Jul, 2019
3 commits
-
If we just read jiffies over and over again, a non-transmitting
entry may have a newer timestamp than the transmitting one,
leading to possible confusion on expiry. Give them all the same
timestamp when creating them.Signed-off-by: Johannes Berg
Reviewed-by: Sergey Matyukevich
Link: https://lore.kernel.org/r/20190703133823.10530-3-johannes@sipsolutions.net
Signed-off-by: Johannes Berg -
Don't parse the multi-BSSID structures if we couldn't even create
their transmitting BSS, this would confuse all of our tracking.This also means that non_tx_data->tx_bss will never be NULL, so
we can clean up a little bit.Signed-off-by: Johannes Berg
Reviewed-by: Sergey Matyukevich
Link: https://lore.kernel.org/r/20190703133823.10530-2-johannes@sipsolutions.net
Signed-off-by: Johannes Berg -
cfg80211_inform_single_bss_frame_data() doesn't need the
non_tx_data data argument since it's always NULL.Signed-off-by: Johannes Berg
Reviewed-by: Sergey Matyukevich
Link: https://lore.kernel.org/r/20190703133823.10530-1-johannes@sipsolutions.net
Signed-off-by: Johannes Berg
18 Jun, 2019
1 commit
-
Honestly all the conflicts were simple overlapping changes,
nothing really interesting to report.Signed-off-by: David S. Miller
14 Jun, 2019
2 commits
-
The seen_indices variable is u64 and in other parts of the code we
assume mbssid_index_ie[2] can be up to 45, so we should use the 64-bit
versions of BIT, namely, BIT_ULL().Reported-by: Dan Carpented
Signed-off-by: Luca Coelho
Signed-off-by: Johannes Berg -
Add a function that iterates over the BSS entries associated with a
given wiphy and calls a callback for each iterated BSS. This can be
used by drivers in various ways, e.g., to evaluate some property for
all the BSSs in the medium.Signed-off-by: Ilan Peer
Signed-off-by: Luca Coelho
Signed-off-by: Johannes Berg
28 May, 2019
1 commit
-
If the BSS is expired during connection, the connect result will
trigger a kernel warning. Ideally cfg80211 should hold the BSS
before the connection is attempted, but as the BSSID is not known
in case of auth/assoc MLME offload (connect op) it doesn't.For those drivers without the connect op cfg80211 holds down the
reference so it wil not be removed from list.Fix this by removing the warning and silently adding the BSS back to
the bss list which is return by the driver (with proper BSSID set) or
in case the BSS is already added use that.The requirements for drivers are documented in the API's.
Signed-off-by: Chaitanya Tata
[formatting fixes, keep old timestamp]
Signed-off-by: Johannes Berg
27 Apr, 2019
1 commit
-
…inux/kernel/git/jberg/mac80211-next
Johannes Berg says:
====================
Various updates, notably:
* extended key ID support (from 802.11-2016)
* per-STA TX power control support
* mac80211 TX performance improvements
* HE (802.11ax) updates
* mesh link probing support
* enhancements of multi-BSSID support (also related to HE)
* OWE userspace processing support
====================Signed-off-by: David S. Miller <davem@davemloft.net>
26 Apr, 2019
4 commits
-
The cfg80211_merge_profile() and ieee802_11_find_bssid_profile() are
a bit cleaner if we just pass the merged_ie pointer instead of a pointer
to the pointer.This isn't a functional change, it's just a clean up.
Signed-off-by: Dan Carpenter
Signed-off-by: Johannes Berg -
Since an element is limited to 255 octets, a profile may be split
split to several elements. Support the split as defined in the 11ax
draft 3. Detect legacy split and print a net-rate limited warning,
since there is no ROI in supporting this probably non-existent
split.Signed-off-by: Sara Sharon
Signed-off-by: Luca Coelho
Signed-off-by: Johannes Berg -
Subelement profile may specify element IDs it doesn't inherit
from the management frame. Support it.Signed-off-by: Sara Sharon
Signed-off-by: Luca Coelho
Signed-off-by: Johannes Berg -
When creating the IEs for the nontransmitted BSS, the index
element is skipped. However, we need to get DTIM values from
it, so don't skip it.Signed-off-by: Sara Sharon
Signed-off-by: Luca Coelho
Signed-off-by: Johannes Berg
29 Mar, 2019
1 commit
-
Use kmemdup rather than duplicating its implementation
Signed-off-by: YueHaibing
Signed-off-by: Johannes Berg
08 Feb, 2019
11 commits
-
new_ie is used as a temporary storage for the generation of
the new elements. However, after copying from it the memory
wasn't freed and leaked. Free it.Signed-off-by: Sara Sharon
Signed-off-by: Johannes Berg -
Extension IEs have ID 255 followed by extension ID. Current
code is buggy in handling it in two ways:
1. When checking if IE is in the frame, it uses just the ID, which
for extension elements is too broad.
2. It uses 0xFF to mark copied IEs, which will result in not copying
extension IEs from the subelement.Fix both issue.
Signed-off-by: Sara Sharon
Signed-off-by: Johannes Berg -
When the new IEs are generated, the multiple BSSID elements
are not saved. Save aside properties that are needed later
for PS.Signed-off-by: Sara Sharon
Signed-off-by: Johannes Berg -
This will enable reuse by mac80211.
Signed-off-by: Sara Sharon
Signed-off-by: Johannes Berg -
Parsing and exposing nontransmitted APs is problematic
when underlying HW doesn't support it. Do it only if
driver indicated support. Allow HE restriction as well,
since the HE spec defined the exact manner that Multiple
BSSID set should behave. APs that not support the HE
spec will have less predictable Multiple BSSID set
support/behaviorSigned-off-by: Sara Sharon
Signed-off-by: Johannes Berg -
Previously the transmitted BSS and the non-trasmitted BSS list were
defined in struct cfg80211_internal_bss. Move them to struct cfg80211_bss
since mac80211 needs this info.Signed-off-by: Sara Sharon
Signed-off-by: Johannes Berg -
When holding data of the non-transmitting BSS, we need to keep the
transmitting BSS data on. Otherwise it will be released, and release
the non-transmitting BSS with it.Signed-off-by: Sara Sharon
Signed-off-by: Johannes Berg -
Use the new for_each_element() helper here, we cannot use
for_each_subelement() since we have a fixed 1 byte before
the subelements start.While at it, also fix le16_to_cpup() to be get_unaligned_le16()
since we don't know anything about alignment.Signed-off-by: Johannes Berg
-
This extends cfg80211 BSS table processing to be able to parse Multiple
BSSID element from Beacon and Probe Response frames and to update the
BSS profiles in internal database for non-transmitted BSSs.Signed-off-by: Peng Xu
Signed-off-by: Sara Sharon
Signed-off-by: Jouni Malinen
Signed-off-by: Johannes Berg -
We currently have a number of helpers to find elements that just
return a u8 *, change those to return a struct element and add
inlines to deal with the u8 * compatibility.Note that the match behaviour is changed to start the natch at
the data, so conversion from _ie_match to _elem_match need to
be done carefully.Signed-off-by: Johannes Berg
-
Rather than always iterating elements from frames with pure
u8 pointers, add a type "struct element" that encapsulates
the id/datalen/data format of them.Then, add the element iteration macros
* for_each_element
* for_each_element_id
* for_each_element_extidwhich take, as their first 'argument', such a structure and
iterate through a given u8 array interpreting it as elements.While at it and since we'll need it, also add
* for_each_subelement
* for_each_subelement_id
* for_each_subelement_extidwhich instead of taking data/length just take an outer element
and use its data/datalen.Also add for_each_element_completed() to determine if any of
the loops above completed, i.e. it was able to parse all of
the elements successfully and no data remained.Use for_each_element_id() in cfg80211_find_ie_match() as the
first user of this.Signed-off-by: Johannes Berg
18 Dec, 2018
1 commit
-
There are talks about enabling -Wimplicit-fallthrough warnings in the
mainline and it is already enabled in linux-next. Add all the
missing annotations to prevent warnings when this happens.And in one case, remove the extra text from the annotation so that the
compiler recognizes it.Signed-off-by: Luca Coelho
Signed-off-by: Johannes Berg
10 Sep, 2018
1 commit
-
cfg80211_get_bss_channel() is used to update the RX channel based on the
available frame payload information (channel number from DSSS Parameter
Set element or HT Operation element). This is needed on 2.4 GHz channels
where frames may be received on neighboring channels due to overlapping
frequency range.This might of some use on the 5 GHz band in some corner cases, but
things are more complex there since there is no n:1 or 1:n mapping
between channel numbers and frequencies due to multiple different
starting frequencies in different operating classes. This could result
in ieee80211_channel_to_frequency() returning incorrect frequency and
ieee80211_get_channel() returning incorrect channel information (or
indication of no match). In the previous implementation, this could
result in some scan results being dropped completely, e.g., for the 4.9
GHz channels. That prevented connection to such BSSs.Fix this by using the driver-provided channel pointer if
ieee80211_get_channel() does not find matching channel data for the
channel number in the frame payload and if the scan is done with 5 MHz
or 10 MHz channel bandwidth. While doing this, also add comments
describing what the function is trying to achieve to make it easier to
understand what happens here and why.Signed-off-by: Jouni Malinen
Signed-off-by: Johannes Berg
19 Dec, 2017
1 commit
-
This commit enhances the scan results to report the per chain signal
strength based on the latest BSS update. This provides similar
information to what is already available through STA information.Signed-off-by: Sunil Dutt
Signed-off-by: Jouni Malinen
Signed-off-by: Johannes Berg
02 Nov, 2017
1 commit
-
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.By default all files without license information are under the default
license of the kernel, which is GPL version 2.Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if
Reviewed-by: Philippe Ombredanne
Reviewed-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman
23 May, 2017
1 commit
-
Drivers should be able to call cfg80211_sched_scan_results() from atomic
context. However, with the introduction of multiple scheduled scan feature
this requirement was not taken into account resulting in regression shown
below.[ 119.021594] BUG: scheduling while atomic: irq/47-iwlwifi/517/0x00000200
[ 119.021604] Modules linked in: [...]
[ 119.021759] CPU: 1 PID: 517 Comm: irq/47-iwlwifi Not tainted 4.12.0-rc2-t440s-20170522+ #1
[ 119.021763] Hardware name: LENOVO 20AQS03H00/20AQS03H00, BIOS GJET91WW (2.41 ) 09/21/2016
[ 119.021766] Call Trace:
[ 119.021778] ? dump_stack+0x5c/0x84
[ 119.021784] ? __schedule_bug+0x4c/0x70
[ 119.021792] ? __schedule+0x496/0x5c0
[ 119.021798] ? schedule+0x2d/0x80
[ 119.021804] ? schedule_preempt_disabled+0x5/0x10
[ 119.021810] ? __mutex_lock.isra.0+0x18e/0x4c0
[ 119.021817] ? __wake_up+0x2f/0x50
[ 119.021833] ? cfg80211_sched_scan_results+0x19/0x60 [cfg80211]
[ 119.021844] ? cfg80211_sched_scan_results+0x19/0x60 [cfg80211]
[ 119.021859] ? iwl_mvm_rx_lmac_scan_iter_complete_notif+0x17/0x30 [iwlmvm]
[ 119.021869] ? iwl_pcie_rx_handle+0x2a9/0x7e0 [iwlwifi]
[ 119.021878] ? iwl_pcie_irq_handler+0x17c/0x730 [iwlwifi]
[ 119.021884] ? irq_forced_thread_fn+0x60/0x60
[ 119.021887] ? irq_thread_fn+0x16/0x40
[ 119.021892] ? irq_thread+0x109/0x180
[ 119.021896] ? wake_threads_waitq+0x30/0x30
[ 119.021901] ? kthread+0xf2/0x130
[ 119.021905] ? irq_thread_dtor+0x90/0x90
[ 119.021910] ? kthread_create_on_node+0x40/0x40
[ 119.021915] ? ret_from_fork+0x26/0x40Fixes: b34939b98369 ("cfg80211: add request id to cfg80211_sched_scan_*() api")
Reported-by: Sander Eikelenboom
Signed-off-by: Arend van Spriel
Signed-off-by: Johannes Berg
28 Apr, 2017
1 commit
-
Have proper request id filled in the SCHED_SCAN_RESULTS and
SCHED_SCAN_STOPPED notifications toward user-space by having the
driver provide it through the api.Reviewed-by: Hante Meuleman
Reviewed-by: Pieter-Paul Giesberts
Reviewed-by: Franky Lin
Signed-off-by: Arend van Spriel
Signed-off-by: Johannes Berg
27 Apr, 2017
2 commits
-
For multiple scheduled scan support the driver needs to know which
scheduled scan request is being stopped. Pass the request id in the
.sched_scan_stop() callback.Reviewed-by: Hante Meuleman
Reviewed-by: Pieter-Paul Giesberts
Reviewed-by: Franky Lin
Signed-off-by: Arend van Spriel
Signed-off-by: Johannes Berg -
This patch implements the idea to have multiple scheduled scan requests
running concurrently. It mainly illustrates how to deal with the incoming
request from user-space in terms of backward compatibility. In order to
use multiple scheduled scans user-space needs to provide a flag attribute
NL80211_ATTR_SCHED_SCAN_MULTI to indicate support. If not the request is
treated as a legacy scan.Drivers currently supporting scheduled scan are now indicating they support
a single scheduled scan request. This obsoletes WIPHY_FLAG_SUPPORTS_SCHED_SCAN.Reviewed-by: Hante Meuleman
Reviewed-by: Pieter-Paul Giesberts
Reviewed-by: Franky Lin
Signed-off-by: Arend van Spriel
[clean up netlink destroy path to avoid allocations, code cleanups]
Signed-off-by: Johannes Berg
18 Apr, 2017
1 commit
-
For multi-scheduled scan support in subsequent patch a request id
will be added. This patch add this request id to the scheduled
scan event messages. For now the request id will always be zero.
With multi-scheduled scan its value will inform user-space to which
scan the event relates.Reviewed-by: Hante Meuleman
Reviewed-by: Pieter-Paul Giesberts
Reviewed-by: Franky Lin
Signed-off-by: Arend van Spriel
Signed-off-by: Johannes Berg
16 Dec, 2016
1 commit
-
A couple of functions used with scan events were named with
term "send" although they were only preparing the the event
message so renamed those.Also remove nl80211_send_sched_scan_results() in favor of
just calling nl80211_send_sched_scan() with the right value.Signed-off-by: Arend van Spriel
[mention nl80211_send_sched_scan_results() in the commit log]
Signed-off-by: Johannes Berg
18 Nov, 2016
1 commit
-
It's possible to make scanning consume almost arbitrary amounts
of memory, e.g. by sending beacon frames with random BSSIDs at
high rates while somebody is scanning.Limit the number of BSS table entries we're willing to cache to
1000, limiting maximum memory usage to maybe 4-5MB, but lower
in practice - that would be the case for having both full-sized
beacon and probe response frames for each entry; this seems not
possible in practice, so a limit of 1000 entries will likely be
closer to 0.5 MB.Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg
16 Sep, 2016
1 commit
-
There are a few places where an IE that matches not only the EID, but
also other bytes inside the element, needs to be found. To simplify
that and reduce the amount of similar code, implement a new helper
function to match the EID and an extra array of bytes.Additionally, simplify cfg80211_find_vendor_ie() by using the new
match function.Signed-off-by: Luca Coelho
Signed-off-by: Johannes Berg