13 Jan, 2012
1 commit
-
commit a9b3cd7f32 (rcu: convert uses of rcu_assign_pointer(x, NULL) to
RCU_INIT_POINTER) did a lot of incorrect changes, since it did a
complete conversion of rcu_assign_pointer(x, y) to RCU_INIT_POINTER(x,
y).We miss needed barriers, even on x86, when y is not NULL.
Signed-off-by: Eric Dumazet
CC: Stephen Hemminger
CC: Paul E. McKenney
Signed-off-by: David S. Miller
12 Jan, 2012
1 commit
-
Since:
commit 816c04fe7ef01dd9649f5ccfe796474db8708be5
Author: Christian Lamparter
Date: Sat Apr 30 15:24:30 2011 +0200mac80211: consolidate MIC failure report handling
is possible to that we dereference rx->key == NULL when driver set
RX_FLAG_MMIC_STRIPPED and not RX_FLAG_IV_STRIPPED and we are in
promiscuous mode. This happen with rt73usb and rt61pci at least.Before the commit we always check rx->key against NULL, so I assume
fix should be done in mac80211 (also mic_fail path has similar check).References:
https://bugzilla.redhat.com/show_bug.cgi?id=769766
http://rt2x00.serialmonkey.com/pipermail/users_rt2x00.serialmonkey.com/2012-January/004395.htmlCc: stable@vger.kernel.org # 3.0+
Reported-by: Stuart D Gathman
Reported-by: Kai Wohlfahrt
Signed-off-by: Stanislaw Gruszka
Signed-off-by: John W. Linville
05 Jan, 2012
8 commits
-
…wireless-next into for-davem
Conflicts:
drivers/net/wireless/b43legacy/dma.c -
ieee80211_offchannel_enable_all_ps function is no longer used
and looks like its logic is extensively handled in
ieee80211_offchannel_stop_vifsSigned-off-by: Mohammed Shafi Shajakhan
Signed-off-by: John W. Linville -
Ideally, hardware/firmware initialization is complete after the
drv_start routine. In mac80211 restart code (ieee80211_reconfig),
defer calling the driver commands i.e. setup fragmentation
threshold, rts threshold and coverage class till drv_start
routine is called.Signed-off-by: Nishant Sarmukadam
Signed-off-by: Yogesh Ashok Powarv2: Removed extra blank line added.
Signed-off-by: John W. Linville -
this is being recently introduced by the commit
a85e1d55974646a442d95911e3f7d7a891ea9ac5Cc: Paul Stewart
Signed-off-by: Mohammed Shafi Shajakhan
Signed-off-by: John W. Linville -
kernel panic occurs when we create an IBSS mode and leave it for
sometime without any joiner and this is introduced by the
commit ec2b774e7c91094d8c00de579646f1162b87b01e where we don't
put proper braces for 'list_for_each_entry_safe' and we pass an
invalid 'sta' pointer to __sta_info_destroyEIP is at __list_add+0xe/0xa0
EAX: f3b63db4 EBX: 00000000 ECX: eab88c1c EDX: 00000000
ESI: 00000000 EDI: 00000246 EBP: f3b63d80 ESP: f3b63d58
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process kworker/u:2 (pid: 198, ti=f3b62000 task=f3afbea0
task.ti=f3b62000)
Stack:
00000000 00000000 f9ef9821 00000000 00000000 eab88c30
f3b63d80 c017f623
eab88bf0 eab88bf0 f3b63dd0 c066f925 00000000 00000002
00000000 f9ef9821
f3b63da0 c0180a2b eab88c1c eab88c30 00000002 f3afbea0
eab88bf4 f3b63db4
Call Trace:
[] ? __ieee80211_stop_tx_ba_session+0x31/0x60
[mac80211]
[] ? debug_mutex_add_waiter+0x23/0x60
[] __mutex_lock_common+0xd5/0x390
[] ? __ieee80211_stop_tx_ba_session+0x31/0x60
[mac80211]
[] ? trace_hardirqs_off+0xb/0x10
[] mutex_lock_nested+0x47/0x60
[] ? __ieee80211_stop_tx_ba_session+0x31/0x60
[mac80211]
[] __ieee80211_stop_tx_ba_session+0x31/0x60
[mac80211]
[] ieee80211_sta_tear_down_BA_sessions+0x39/0x60 [mac80211]
[] __sta_info_destroy+0x57/0x780 [mac80211]
[] ieee80211_sta_expire+0x93/0xb0 [mac80211]
[] ieee80211_ibss_work+0x2d6/0x530 [mac80211]Cc: Marek Lindner
Signed-off-by: Mohammed Shafi Shajakhan
Signed-off-by: John W. Linville -
when we run high bandwidth UDP traffic and we trigger a scan, the scan
state machine seems to be looping in SUSPEND->RESUME->DECISION->SUSPEND
and SET_CHANNEL seems to be never called as 'tx_empty' is never true
while running UDP traffic. fix this by settting SET_CHANNEL state when
we get into RESUME state.Cc: Leela Kella
Signed-off-by: Mohammed Shafi Shajakhan
Signed-off-by: John W. Linville -
If the vif is stopped while it is offchannel (e.g. right
after p2p negotiation) the SDATA_STATE_OFFCHANNEL flag
is never get cleared, resulting in various bad effects
(e.g. GO can't start beaconing).Fix it by clearing the SDATA_STATE_OFFCHANNEL flag
even if the vif is stopped.Signed-off-by: Eliad Peller
Signed-off-by: John W. Linville -
This seems to not serve any purpose anymore, at least all frame
processing afterwards seems to be able to deal with QoS frames. So,
let's save the expensive memmove and just leave the QoS header in the
802.11 frame for further processing.Signed-off-by: Helmut Schaa
Signed-off-by: John W. Linville
04 Jan, 2012
1 commit
-
…wireless-next into for-davem
Conflicts:
drivers/net/wireless/b43/dma.c
drivers/net/wireless/brcm80211/brcmfmac/dhd_linux.c
22 Dec, 2011
2 commits
-
When mac80211 relays a frame from STA1 to STA2 in AP mode it will get
re-classified in the tx path. Unfortunately the frame protocol field
is always set to ETH_P_8023 while the classification only kicks in
for ETH_P_IP. Hence, a high priority frame from STA1 will be send to
STA2 as best effort.Instead of running classification on the frame just use the same
priority as STA1 did. Do this by adding 256 to the skb->priority
to allow cfg80211_classify8021d to shortcut frame classification.Signed-off-by: Helmut Schaa
Signed-off-by: John W. Linville -
The IBSS merge code calls ieee80211_sta_expire() with a relatively
short expire timeout that purges other clients prematurely. The
expire function has to check that only the clients belonging to
the vif in question are purged.Signed-off-by: Marek Lindner
Signed-off-by: John W. Linville
20 Dec, 2011
5 commits
-
DaveM said:
Please, this kind of stuff rots forever and not using bool properly
drives me crazy.Joe Perches gave me the spatch script:
@@
bool b;
@@
-b = 0
+b = false
@@
bool b;
@@
-b = 1
+b = trueI merely installed coccinelle, read the documentation and took credit.
Signed-off-by: Rusty Russell
Signed-off-by: David S. Miller -
The commit 42624d4913a00219a8fdbb4bafd634d1d843be85
created following sparse warning
>net/mac80211/sta_info.c:965:24: warning: incorrect type in assignment (different address spaces)
>net/mac80211/sta_info.c:965:24: expected struct tid_ampdu_tx *tid_tx
>net/mac80211/sta_info.c:965:24: got struct tid_ampdu_tx [noderef] *Making use of rcu_dereference_protected to fix the problem.
V2:
- Replacing rcu_dereference with rcu_dereference_protected
as suggested by Johannes.
- Adding mutex_lock/unlock to satisfy the condition at
rcu_dereference_protectedCc: Nishant Sarmukadam
Reported-by: Johannes Berg
Signed-off-by: Yogesh Ashok Powar
Signed-off-by: John W. Linville -
When a peer changes SMPS state we should update
rate control so it doesn't have to detect it by
itself. It can't detect "dynamic" mode anyway
since that just requires rts-cts handshaking.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
If station info contains a beacon loss count, return
it to userspace.Signed-off-by: Paul Stewart
Signed-off-by: John W. Linville -
Currently code allows three (HT_AGG_MAX_RETRIES) unanswered addba
requests. When this limit is reached aggregation is turned off for
given TID permanently. This doesn't seem right: three requests is
not that much, some 'blackout' can happen, but effect of it affects
whole connection indefinitely.
This patch increases number of retries to 15. Also, when there have
been 3 or more retries it splits further retries apart by 15 seconds
instead of sending them in very short period of time.Signed-off-by: Nikolay Martynov
Signed-off-by: John W. Linville
16 Dec, 2011
11 commits
-
we found that power save is not getting enabled when we do
change interface in this order STA->IBSS->STA. this is
because ieee80211_setup_sdata clears type-dependent unionReported-by: Leela Kella
Signed-off-by: Mohammed Shafi Shajakhan
Signed-off-by: John W. Linville -
Signed-off-by: Mohammed Shafi Shajakhan
Signed-off-by: John W. Linville -
Currently BAR, ADDBA and DELBA frames are always sent using AC_VO. If
the TID for which a BA session is established is assigned to a different
queue BAR, ADDBA and DELBA frames can "overtake" frames of the according
BA session.Hence, always put BA session related frames into the same queue as the
BA sessions data frames.Signed-off-by: Helmut Schaa
Signed-off-by: John W. Linville -
Now that IBSS no longer needs to insert stations
from atomic context, we can get rid of all the
special cases for that, and even get rid of the
sta_lock (though it needs to stay as tim_lock.)This makes the station management code much more
straight-forward.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
In order to notify drivers and simplify the station
management code, defer IBSS station insertion to a
work item and don't do it directly while receiving
a frame.This increases the complexity in IBSS a little bit,
but it's pretty straight forward and it allows us
to reduce the station management complexity (next
patch) considerably.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
No real changes, just note that they are const.
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Currently, each AP interface will send multicast
traffic if any interface has a station entry even
if that station entry is allocated only. With the
new station state management we can easily fix it
by adding a counter that counts each authorized
station only and send multicast traffic only when
the correct interface has at least one authorized
station.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Station entries can have various states, the most
important ones being auth, assoc and authorized.
This patch prepares us for telling the driver about
these states, we don't want to confuse drivers with
strange transitions, so with this we enforce that
they move in the right order between them (back and
forth); some transitions might happen before the
driver even knows about the station, but at least
runtime transitions will be ordered correctly.As a consequence, IBSS and MESH stations will now
have the ASSOC flag set (so they can transition to
AUTHORIZED), and we can get rid of a special case
in TX processing.When freeing a station, unwind the state so that
other parts of the code (or drivers later) can rely
on the transitions.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
There's no need to use RCU here, we can just lock
the station mutex instead. This allows the code
to sleep, which is necessary for later patches.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
This is already checked in cfg80211, so no need
to repeat the checks here.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
The nl80211 station handling code is a bit messy
and doesn't do a lot of validation. It seems like
this could be an issue for drivers that don't use
mac80211 to validate everything.As cfg80211 doesn't keep station state, move the
validation of allowing supported_rates to change
for TDLS only in station mode to mac80211.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
15 Dec, 2011
2 commits
-
Our new return also created a memleak. The skb should be freed before
returning an error.Signed-off-by: Simon Wunderlich
Signed-off-by: John W. Linville -
Conflicts:
drivers/net/wireless/iwlwifi/iwl-agn.c
14 Dec, 2011
6 commits
-
The ip address of the vif can be set even before the
vif is up. requiring the vif to be up in the vif
notifier makes the notifer ignore this event, which
causes wrong arp filter configuration later on.Reported-by: Eyal Shapira
Signed-off-by: Eliad Peller
Signed-off-by: John W. Linville -
Configure arp filtering on sta reconfiguration.
Signed-off-by: Eliad Peller
Signed-off-by: John W. Linville -
ieee80211_configure_filter code used local->scanning as a boolean
value when it was a bit mask. Bits SCAN_COMPLETED, SCAN_ABORTED
should not set FIF_BCN_PRBRESP_PROMISC filter.SCAN_HW_SCANNING should not set FIF_BCN_PRBRESP_PROMISC either,
as there is no explicit filter configuration request from
scan code. If a driver requires FIF_BCN_PRBRESP_PROMISC mode
during HW scanning, it's up to the driver to temporary enable it.Similar mistake was fixed also in ieee80211_hw_config (power
configuration code).Verified-by: Vitaly Wool
Signed-off-by: Dmitry Tarnyagin
Signed-off-by: John W. Linville -
Use ieee80211_is_data, ieee80211_is_mgmt and ieee80211_is_first_frag
in the tx status path. This makes the code easier to read and allows us
to remove two local variables: frag and type.Signed-off-by: Helmut Schaa
Signed-off-by: John W. Linville -
When a station leaves suddenly while ampdu traffic to that station is still
running, there is a possibility that the ampdu pending queues are not freed due
to a race condition leading to memory leaks. In '__sta_info_destroy' when we
attempt to destroy the ampdu sessions in 'ieee80211_sta_tear_down_BA_sessions',
the driver calls 'ieee80211_stop_tx_ba_cb_irqsafe' to delete the ampdu
structures (tid_tx) and splice the pending queues and this job gets queued in
sdata workqueue. However, the sta entry can get destroyed before the above work
gets scheduled and hence the race.Purging the queues and freeing the tid_tx to avoid the leak. The better solution
would be to fix the race, but that can be taken up in a separate patch.Signed-off-by: Nishant Sarmukadam
Signed-off-by: Yogesh Ashok Powar
Signed-off-by: John W. Linville -
We recently introduced a new return here but it needs an unlock first.
Signed-off-by: Dan Carpenter
Signed-off-by: John W. Linville
08 Dec, 2011
1 commit
-
Emmanuel noticed that when mac80211 stops the queues
for aggregation that can leave a packet pending. This
packet will be given to the driver after the AMPDU
callback, but as a non-aggregated packet which messes
up the sequence number etc.I also noticed by looking at the code that if packets
are being processed while we clear the WANT_START bit,
they might see it cleared already and queue up on
tid_tx->pending. If the driver then rejects the new
aggregation session we leak the packet.Fix both of these issues by changing this code to not
stop the queues at all. Instead, let packets queue up
on the tid_tx->pending queue instead of letting them
get to the driver, and add code to recover properly
in case the driver rejects the session.(The patch looks large because it has to move two
functions to before their new use.)Cc: stable@vger.kernel.org
Reported-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
07 Dec, 2011
2 commits
-
AP interfaces routinely call this logic, so just silently
return when this happens instead of splatting the kernel
logs.Reported-by: Christian Lamparter
Signed-off-by: Ben Greear
Signed-off-by: John W. Linville -
Arik's patch "mac80211: allow action frames with unknown
BSSID in GO mode" allowed any action frames in P2P mode
to go through, but only to cooked monitor interfaces as
the IEEE80211_RX_RA_MATCH was still cleared. As a result
my no-monitor patches broke invitation responses.Instead of allowing any action frames in P2P GO mode to
go through with a wrong BSSID like that patch did, allow
all public action frames. They will never be processed
by mac80211, but can be reported via nl80211 then.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville