Eric Lee / smarc-fsl-linux-kernel

30 May, 2018

1 commit

  • 0f097096b   mac80211: mesh: fix wrong mesh TTL offset calculation ... Browse Code »

    [ Upstream commit c4de37ee2b55deac7d6aeac33e02e3d6be243898 ]

    mesh TTL offset in Mesh Channel Switch Parameters element depends on
    not only Secondary Channel Offset element, but also affected by
    HT Control field and Wide Bandwidth Channel Switch element.
    So use element structure to manipulate mesh channel swich param IE
    after removing its constant attribution to correct the miscalculation.

    Signed-off-by: Peter Oh
    Signed-off-by: Johannes Berg
    Signed-off-by: Sasha Levin
    Signed-off-by: Greg Kroah-Hartman

    Peter Oh
     

16 Jun, 2017

3 commits

  • 4df864c1d   networking: make skb_put & friends return void pointers ... Browse Code »

    It seems like a historic accident that these return unsigned char *,
    and in many places that means casts are required, more often than not.

    Make these functions (skb_put, __skb_put and pskb_put) return void *
    and remove all the casts across the tree, adding a (u8 *) cast only
    where the unsigned char pointer was used directly, all done with the
    following spatch:

    @@
    expression SKB, LEN;
    typedef u8;
    identifier fn = { skb_put, __skb_put };
    @@
    - *(fn(SKB, LEN))
    + *(u8 *)fn(SKB, LEN)

    @@
    expression E, SKB, LEN;
    identifier fn = { skb_put, __skb_put };
    type T;
    @@
    - E = ((T *)(fn(SKB, LEN)))
    + E = fn(SKB, LEN)

    which actually doesn't cover pskb_put since there are only three
    users overall.

    A handful of stragglers were converted manually, notably a macro in
    drivers/isdn/i4l/isdn_bsdcomp.c and, oddly enough, one of the many
    instances in net/bluetooth/hci_sock.c. In the former file, I also
    had to fix one whitespace problem spatch introduced.

    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     
  • 59ae1d127   networking: introduce and use skb_put_data() ... Browse Code »

    A common pattern with skb_put() is to just want to memcpy()
    some data into the new space, introduce skb_put_data() for
    this.

    An spatch similar to the one for skb_put_zero() converts many
    of the places using it:

    @@
    identifier p, p2;
    expression len, skb, data;
    type t, t2;
    @@
    (
    -p = skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    |
    -p = (t)skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, len);
    |
    -memcpy(p, data, len);
    )

    @@
    type t, t2;
    identifier p, p2;
    expression skb, data;
    @@
    t *p;
    ...
    (
    -p = skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    |
    -p = (t *)skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, sizeof(*p));
    |
    -memcpy(p, data, sizeof(*p));
    )

    @@
    expression skb, len, data;
    @@
    -memcpy(skb_put(skb, len), data, len);
    +skb_put_data(skb, data, len);

    (again, manually post-processed to retain some comments)

    Reviewed-by: Stephen Hemminger
    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     
  • b080db585   networking: convert many more places to skb_put_zero() ... Browse Code »

    There were many places that my previous spatch didn't find,
    as pointed out by yuan linyu in various patches.

    The following spatch found many more and also removes the
    now unnecessary casts:

    @@
    identifier p, p2;
    expression len;
    expression skb;
    type t, t2;
    @@
    (
    -p = skb_put(skb, len);
    +p = skb_put_zero(skb, len);
    |
    -p = (t)skb_put(skb, len);
    +p = skb_put_zero(skb, len);
    )
    ... when != p
    (
    p2 = (t2)p;
    -memset(p2, 0, len);
    |
    -memset(p, 0, len);
    )

    @@
    type t, t2;
    identifier p, p2;
    expression skb;
    @@
    t *p;
    ...
    (
    -p = skb_put(skb, sizeof(t));
    +p = skb_put_zero(skb, sizeof(t));
    |
    -p = (t *)skb_put(skb, sizeof(t));
    +p = skb_put_zero(skb, sizeof(t));
    )
    ... when != p
    (
    p2 = (t2)p;
    -memset(p2, 0, sizeof(*p));
    |
    -memset(p, 0, sizeof(*p));
    )

    @@
    expression skb, len;
    @@
    -memset(skb_put(skb, len), 0, len);
    +skb_put_zero(skb, len);

    Apply it to the tree (with one manual fixup to keep the
    comment in vxlan.c, which spatch removed.)

    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     

30 May, 2017

1 commit

  • e45a79da8   skbuff/mac80211: introduce and use skb_put_zero() ... Browse Code »

    This pattern was introduced a number of times in mac80211 just now,
    and since it's present in a number of other places it makes sense
    to add a little helper for it.

    This just adds the helper and transforms the mac80211 code, a later
    patch will transform other places.

    Acked-by: David S. Miller
    Signed-off-by: Johannes Berg

    Johannes Berg
     

24 May, 2017

2 commits

19 May, 2017

4 commits

28 Apr, 2017

1 commit

  • 21a8e9dd5   mac80211: Fix possible sband related NULL pointer de-reference ... Browse Code »

    Existing API 'ieee80211_get_sdata_band' returns default 2 GHz band even
    if the channel context configuration is NULL. This crashes for chipsets
    which support 5 Ghz alone when it tries to access members of 'sband'.
    Channel context configuration can be NULL in multivif case and when
    channel switch is in progress (or) when it fails. Fix this by replacing
    the API 'ieee80211_get_sdata_band' with 'ieee80211_get_sband' which
    returns a NULL pointer for sband when the channel configuration is NULL.

    An example scenario is as below:

    In multivif mode (AP + STA) with drivers like ath10k, when we do a
    channel switch in the AP vif (which has a number of clients connected)
    and a STA vif which is connected to some other AP, when the channel
    switch in AP vif fails, while the STA vifs tries to connect to the
    other AP, there is a window where the channel context is NULL/invalid
    and this results in a crash while the clients connected to the AP vif
    tries to reconnect and this race is very similar to the one investigated
    by Michal in https://patchwork.kernel.org/patch/3788161/ and this does
    happens with hardware that supports 5Ghz alone after long hours of
    testing with continuous channel switch on the AP vif

    ieee80211 phy0: channel context reservation cannot be finalized because
    some interfaces aren't switching
    wlan0: failed to finalize CSA, disconnecting
    wlan0-1: deauthenticating from 8c:fd:f0:01:54:9c by local choice
    (Reason: 3=DEAUTH_LEAVING)

    WARNING: CPU: 1 PID: 19032 at net/mac80211/ieee80211_i.h:1013 sta_info_alloc+0x374/0x3fc [mac80211]
    [] (sta_info_alloc [mac80211])
    [] (ieee80211_add_station [mac80211]))
    [] (nl80211_new_station [cfg80211])

    Unable to handle kernel NULL pointer dereference at virtual
    address 00000014
    pgd = d5f4c000
    Internal error: Oops: 17 [#1] PREEMPT SMP ARM
    PC is at sta_info_alloc+0x380/0x3fc [mac80211]
    LR is at sta_info_alloc+0x37c/0x3fc [mac80211]
    [] (sta_info_alloc [mac80211])
    [] (ieee80211_add_station [mac80211])
    [] (nl80211_new_station [cfg80211]))

    Cc: Michal Kazior
    Signed-off-by: Mohammed Shafi Shajakhan
    Signed-off-by: Johannes Berg

    Mohammed Shafi Shajakhan
     

29 Mar, 2017

1 commit

  • ed92a9b5d   mac80211: mesh: drop new node with weak power ... Browse Code »

    On some practical cases, it is useful to drop new node in the distance.
    Because mesh metric is calculated with hop count and without RSSI
    information, a node far from local peer and near to destination node
    could be used as best path.

    For example, the nodes are located in linear. Distance of 0 - 1 and
    1 - 2 and 2 - 3 is 20meters. 0 to 3 signal is very weak.

    0 --- 1 --- 2 --- 3

    Though most robust path from 0 to 3 is 0 -> 1 -> 2 -> 3,
    unfortunately, node 0 could recognize node 3 as neighbor. Then node 3
    could be next of node 0. This patch aims to avoid such a case.

    [Johannes:]
    Dropping the node entirely isn't ideal, but at least with encryption
    there will be a limit on # of keys the hardware can deal with, and
    there might also be a limit on the number of stations it supports.

    Signed-off-by: Masashi Honma
    Signed-off-by: Johannes Berg

    Masashi Honma
     

28 Feb, 2017

1 commit

  • 08a7e621f   scripts/spelling.txt: add "swith" pattern and fix typo instances ... Browse Code »

    Fix typos and add the following to the scripts/spelling.txt:

    swith||switch
    swithable||switchable
    swithed||switched
    swithing||switching

    While we are here, fix the "update" to "updates" in the touched hunk in
    drivers/net/wireless/marvell/mwifiex/wmm.c.

    Link: http://lkml.kernel.org/r/1481573103-11329-2-git-send-email-yamada.masahiro@socionext.com
    Signed-off-by: Masahiro Yamada
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Masahiro Yamada
     

08 Feb, 2017

1 commit

06 Feb, 2017

1 commit

  • da7061c82   mac80211: Fix adding of mesh vendor IEs ... Browse Code »

    The function ieee80211_ie_split_vendor doesn't return 0 on errors. Instead
    it returns any offset < ielen when WLAN_EID_VENDOR_SPECIFIC is found. The
    return value in mesh_add_vendor_ies must therefore be checked against
    ifmsh->ie_len and not 0. Otherwise all ifmsh->ie starting with
    WLAN_EID_VENDOR_SPECIFIC will be rejected.

    Fixes: 082ebb0c258d ("mac80211: fix mesh beacon format")
    Signed-off-by: Thorsten Horstmann
    Signed-off-by: Mathias Kretschmer
    Signed-off-by: Simon Wunderlich
    [sven@narfation.org: Add commit message]
    Signed-off-by: Sven Eckelmann
    Signed-off-by: Johannes Berg

    Thorsten Horstmann
     

02 Jan, 2017

1 commit

  • 57629915d   mac80211: Fix addition of mesh configuration element ... Browse Code »

    The code was setting the capabilities byte to zero,
    after it was already properly set previously. Fix it.

    The bug was found while debugging hwsim mesh tests failures
    that happened since the commit mentioned below.

    Fixes: 76f43b4c0a93 ("mac80211: Remove invalid flag operations in mesh TSF synchronization")
    Signed-off-by: Ilan Peer
    Reviewed-by: Masashi Honma
    Signed-off-by: Johannes Berg

    Ilan peer
     

13 Dec, 2016

2 commits

03 Aug, 2016

1 commit

  • c37a54ac3   mac80211: mesh: flush stations before beacons are stopped ... Browse Code »

    Some drivers (e.g. wl18xx) expect that the last stage in the
    de-initialization process will be stopping the beacons, similar to AP flow.
    Update ieee80211_stop_mesh() flow accordingly.
    As peers can be removed dynamically, this would not impact other drivers.

    Tested also on Ralink RT3572 chipset.

    Signed-off-by: Maital Hahn
    Signed-off-by: Yaniv Machani
    Signed-off-by: Johannes Berg

    Maital Hahn
     

30 Jun, 2016

1 commit

  • efc401f49   mac80211: use common cleanup for user/!user_mpm ... Browse Code »

    We've accumulated a couple of different fixes now to mesh_sta_cleanup()
    due to the different paths that user_mpm and !user_mpm cases take -- one
    fix to flush nexthop paths and one to fix the counting.

    The only caller of mesh_plink_deactivate() is mesh_sta_cleanup(), so we
    can push the user_mpm checks down into there in order to share more
    code.

    In doing so, we can remove an extra call to mesh_path_flush_by_nexthop()
    and the (unnecessary) call to mesh_accept_plinks_update(). This will
    also ensure the powersaving state code gets called in the user_mpm case.

    The only cleanup tasks we need to avoid when MPM is in user-space
    are sending the peering frames and stopping the plink timer, so wrap
    those in the appropriate check.

    Signed-off-by: Bob Copeland
    Signed-off-by: Johannes Berg

    Bob Copeland
     

28 Jun, 2016

1 commit

  • 126e75573   mac80211: Fix mesh estab_plinks counting in STA removal case ... Browse Code »

    If a user space program (e.g., wpa_supplicant) deletes a STA entry that
    is currently in NL80211_PLINK_ESTAB state, the number of established
    plinks counter was not decremented and this could result in rejecting
    new plink establishment before really hitting the real maximum plink
    limit. For !user_mpm case, this decrementation is handled by
    mesh_plink_deactive().

    Fix this by decrementing estab_plinks on STA deletion
    (mesh_sta_cleanup() gets called from there) so that the counter has a
    correct value and the Beacon frame advertisement in Mesh Configuration
    element shows the proper value for capability to accept additional
    peers.

    Cc: stable@vger.kernel.org
    Signed-off-by: Jouni Malinen
    Signed-off-by: Johannes Berg

    Jouni Malinen
     

31 May, 2016

1 commit

  • fe7a7c576   mac80211: mesh: flush mesh paths unconditionally ... Browse Code »

    Currently, the mesh paths associated with a nexthop station are cleaned
    up in the following code path:

    __sta_info_destroy_part1
    synchronize_net()
    __sta_info_destroy_part2
    -> cleanup_single_sta
    -> mesh_sta_cleanup
    -> mesh_plink_deactivate
    -> mesh_path_flush_by_nexthop

    However, there are a couple of problems here:

    1) the paths aren't flushed at all if the MPM is running in userspace
    (e.g. when using wpa_supplicant or authsae)

    2) there is no synchronize_rcu between removing the path and readers
    accessing the nexthop, which means the following race is possible:

    CPU0 CPU1
    ~~~~ ~~~~
    sta_info_destroy_part1()
    synchronize_net()
    rcu_read_lock()
    mesh_nexthop_resolve()
    mpath = mesh_path_lookup()
    [...] -> mesh_path_flush_by_nexthop()
    sta = rcu_dereference(
    mpath->next_hop)
    kfree(sta)
    access sta ] ieee80211_mps_set_frame_flags+0x40/0xaa [mac80211]
    [ 348.530014] *pde = 00000000
    [ 348.530014] Oops: 0000 [#1] PREEMPT
    [ 348.530014] Modules linked in: drbg ansi_cprng ctr ccm ppp_generic slhc ipt_MASQUERADE nf_nat_masquerade_ipv4 8021q ]
    [ 348.530014] CPU: 0 PID: 20597 Comm: wget Tainted: G O 4.6.0-rc5-wt=V1 #1
    [ 348.530014] Hardware name: To Be Filled By O.E.M./To be filled by O.E.M., BIOS 080016 11/07/2014
    [ 348.530014] task: f64fa280 ti: f4f9c000 task.ti: f4f9c000
    [ 348.530014] EIP: 0060:[] EFLAGS: 00010246 CPU: 0
    [ 348.530014] EIP is at ieee80211_mps_set_frame_flags+0x40/0xaa [mac80211]
    [ 348.530014] EAX: f4ce63e0 EBX: 00000088 ECX: f3788416 EDX: 00020008
    [ 348.530014] ESI: 00000000 EDI: 00000088 EBP: f6409a4c ESP: f6409a40
    [ 348.530014] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
    [ 348.530014] CR0: 80050033 CR2: 00020040 CR3: 33190000 CR4: 00000690
    [ 348.530014] Stack:
    [ 348.530014] 00000000 f4ce63e0 f5f9bd80 f6409a64 f9291d80 0000ce67 f5d51e00 f4ce63e0
    [ 348.530014] f3788416 f6409a80 f9291dc1 f4ce8320 f4ce63e0 f5d51e00 f4ce63e0 f4ce8320
    [ 348.530014] f6409a98 f9277f6f 00000000 00000000 0000007c 00000000 f6409b2c f9278dd1
    [ 348.530014] Call Trace:
    [ 348.530014] [] mesh_nexthop_lookup+0xbb/0xc8 [mac80211]
    [ 348.530014] [] mesh_nexthop_resolve+0x34/0xd8 [mac80211]
    [ 348.530014] [] ieee80211_xmit+0x92/0xc1 [mac80211]
    [ 348.530014] [] __ieee80211_subif_start_xmit+0x807/0x83c [mac80211]
    [ 348.530014] [] ? sch_direct_xmit+0xd7/0x1b3
    [ 348.530014] [] ? __local_bh_enable_ip+0x5d/0x7b
    [ 348.530014] [] ? nf_nat_ipv4_out+0x4c/0xd0 [nf_nat_ipv4]
    [ 348.530014] [] ? iptable_nat_ipv4_fn+0xf/0xf [iptable_nat]
    [ 348.530014] [] ? netif_skb_features+0x14d/0x30a
    [ 348.530014] [] ieee80211_subif_start_xmit+0xa/0xe [mac80211]
    [ 348.530014] [] dev_hard_start_xmit+0x1f8/0x267
    [ 348.530014] [] ? validate_xmit_skb.isra.120.part.121+0x10/0x253
    [ 348.530014] [] sch_direct_xmit+0x8b/0x1b3
    [ 348.530014] [] __dev_queue_xmit+0x2c8/0x513
    [ 348.530014] [] dev_queue_xmit+0xa/0xc
    [ 348.530014] [] batadv_send_skb_packet+0xd6/0xec [batman_adv]
    [ 348.530014] [] batadv_send_unicast_skb+0x15/0x4a [batman_adv]
    [ 348.530014] [] batadv_dat_send_data+0x27e/0x310 [batman_adv]
    [ 348.530014] [] ? batadv_tt_global_hash_find.isra.11+0x8/0xa [batman_adv]
    [ 348.530014] [] batadv_dat_snoop_outgoing_arp_request+0x208/0x23d [batman_adv]
    [ 348.530014] [] batadv_interface_tx+0x206/0x385 [batman_adv]
    [ 348.530014] [] dev_hard_start_xmit+0x1f8/0x267
    [ 348.530014] [] ? validate_xmit_skb.isra.120.part.121+0x10/0x253
    [ 348.530014] [] sch_direct_xmit+0x8b/0x1b3
    [ 348.530014] [] __dev_queue_xmit+0x2c8/0x513
    [ 348.530014] [] ? igb_xmit_frame+0x57/0x72 [igb]
    [ 348.530014] [] dev_queue_xmit+0xa/0xc
    [ 348.530014] [] br_dev_queue_push_xmit+0xeb/0xfb [bridge]
    [ 348.530014] [] br_forward_finish+0x29/0x74 [bridge]
    [ 348.530014] [] ? deliver_clone+0x3b/0x3b [bridge]
    [ 348.530014] [] __br_forward+0x89/0xe7 [bridge]
    [ 348.530014] [] ? br_dev_queue_push_xmit+0xfb/0xfb [bridge]
    [ 348.530014] [] deliver_clone+0x34/0x3b [bridge]
    [ 348.530014] [] ? br_flood+0x95/0x95 [bridge]
    [ 348.530014] [] br_flood+0x77/0x95 [bridge]
    [ 348.530014] [] br_flood_forward+0x13/0x1a [bridge]
    [ 348.530014] [] ? br_flood+0x95/0x95 [bridge]
    [ 348.530014] [] br_handle_frame_finish+0x392/0x3db [bridge]
    [ 348.530014] [] ? nf_iterate+0x2b/0x6b
    [ 348.530014] [] br_handle_frame+0x1e6/0x240 [bridge]
    [ 348.530014] [] ? br_handle_local_finish+0x6a/0x6a [bridge]
    [ 348.530014] [] __netif_receive_skb_core+0x43a/0x66b
    [ 348.530014] [] ? br_handle_frame_finish+0x3db/0x3db [bridge]
    [ 348.530014] [] ? resched_curr+0x19/0x37
    [ 348.530014] [] ? check_preempt_wakeup+0xbf/0xfe
    [ 348.530014] [] ? ktime_get_with_offset+0x5c/0xfc
    [ 348.530014] [] __netif_receive_skb+0x47/0x55
    [ 348.530014] [] netif_receive_skb_internal+0x40/0x5a
    [ 348.530014] [] napi_gro_receive+0x3a/0x94
    [ 348.530014] [] igb_poll+0x6fd/0x9ad [igb]
    [ 348.530014] [] ? swake_up_locked+0x14/0x26
    [ 348.530014] [] net_rx_action+0xde/0x250
    [ 348.530014] [] __do_softirq+0x8a/0x163
    [ 348.530014] [] ? __hrtimer_tasklet_trampoline+0x19/0x19
    [ 348.530014] [] do_softirq_own_stack+0x26/0x2c
    [ 348.530014]
    [ 348.530014] [] irq_exit+0x31/0x6f
    [ 348.530014] [] do_IRQ+0x8d/0xa0
    [ 348.530014] [] common_interrupt+0x2c/0x40
    [ 348.530014] Code: e7 8c 00 66 81 ff 88 00 75 12 85 d2 75 0e b2 c3 b8 83 e9 29 f9 e8 a7 5f f9 c6 eb 74 66 81 e3 8c 005
    [ 348.530014] EIP: [] ieee80211_mps_set_frame_flags+0x40/0xaa [mac80211] SS:ESP 0068:f6409a40
    [ 348.530014] CR2: 0000000000020040
    [ 348.530014] ---[ end trace 48556ac26779732e ]---
    [ 348.530014] Kernel panic - not syncing: Fatal exception in interrupt
    [ 348.530014] Kernel Offset: disabled

    Cc: stable@vger.kernel.org
    Reported-by: Fred Veldini
    Tested-by: Fred Veldini
    Signed-off-by: Bob Copeland
    Signed-off-by: Johannes Berg

    Bob Copeland
     

12 Apr, 2016

1 commit

  • 57fbcce37   cfg80211: remove enum ieee80211_band ... Browse Code »

    This enum is already perfectly aliased to enum nl80211_band, and
    the only reason for it is that we get IEEE80211_NUM_BANDS out of
    it. There's no really good reason to not declare the number of
    bands in nl80211 though, so do that and remove the cfg80211 one.

    Signed-off-by: Johannes Berg

    Johannes Berg
     

06 Apr, 2016

3 commits

  • 0371a08fb   mac80211: mesh: fix cleanup for mesh pathtable ... Browse Code »

    The mesh path table needs to be around for the entire time the
    interface is in mesh mode, as users can perform an mpath dump
    at any time. The existing path table lifetime is instead tied
    to the mesh BSS which can cause crashes when different MBSSes
    are joined in the context of a single interface, or when the
    path table is dumped when no MBSS is joined.

    Introduce a new function to perform the final teardown of the
    interface and perform path table cleanup there. We already
    free the individual path elements when the leaving the mesh
    so no additional cleanup is needed there. This fixes the
    following crash:

    [ 47.753026] BUG: unable to handle kernel paging request at fffffff0
    [ 47.753026] IP: [] kthread_data+0xa/0xe
    [ 47.753026] *pde = 00741067 *pte = 00000000
    [ 47.753026] Oops: 0000 [#4] PREEMPT
    [ 47.753026] Modules linked in: ppp_generic slhc 8021q garp mrp sch_fq_codel iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat ip_tables ath9k_htc ath5k 8139too ath10k_pci ath10k_core arc4 ath9k ath9k_common ath9k_hw mac80211 ath cfg80211 cpufreq_powersave br_netfilter bridge stp llc ipw usb_wwan sierra_net usbnet af_alg natsemi via_rhine mii iTCO_wdt iTCO_vendor_support gpio_ich sierra coretemp pcspkr i2c_i801 lpc_ich ata_generic ata_piix libata ide_pci_generic piix e1000e igb i2c_algo_bit ptp pps_core [last unloaded: 8139too]
    [ 47.753026] CPU: 0 PID: 12 Comm: kworker/u2:1 Tainted: G D W 4.5.0-wt-V3 #6
    [ 47.753026] Hardware name: To Be Filled By O.E.M./To be filled by O.E.M., BIOS 080016 11/07/2014
    [ 47.753026] task: f645a0c0 ti: f6462000 task.ti: f6462000
    [ 47.753026] EIP: 0060:[] EFLAGS: 00010002 CPU: 0
    [ 47.753026] EIP is at kthread_data+0xa/0xe
    [ 47.753026] EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000
    [ 47.753026] ESI: f645a0c0 EDI: f645a2fc EBP: f6463a80 ESP: f6463a78
    [ 47.753026] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
    [ 47.753026] CR0: 8005003b CR2: 00000014 CR3: 353e5000 CR4: 00000690
    [ 47.753026] Stack:
    [ 47.753026] c0236866 00000000 f6463aac c05768b4 00000009 f6463ba8 f6463ab0 c0247010
    [ 47.753026] 00000000 f645a0c0 f6464000 00000009 f6463ba8 f6463ab8 c0576eb2 f645a0c0
    [ 47.753026] f6463aec c0228be4 c06335a4 f6463adc f6463ad0 c06c06d4 f6463ae4 c02471b0
    [ 47.753026] Call Trace:
    [ 47.753026] [] ? wq_worker_sleeping+0xb/0x78
    [ 47.753026] [] __schedule+0xda/0x587
    [ 47.753026] [] ? vprintk_default+0x12/0x14
    [ 47.753026] [] schedule+0x72/0x89
    [ 47.753026] [] do_exit+0xb8/0x71d
    [ 47.753026] [] ? kmsg_dump+0xa9/0xae
    [ 47.753026] [] oops_end+0x69/0x70
    [ 47.753026] [] no_context+0x1bb/0x1c5
    [ 47.753026] [] __bad_area_nosemaphore+0x136/0x140
    [ 47.753026] [] ? vmalloc_sync_all+0x19a/0x19a
    [ 47.753026] [] bad_area_nosemaphore+0xd/0x10
    [ 47.753026] [] __do_page_fault+0x26c/0x320
    [ 47.753026] [] ? vmalloc_sync_all+0x19a/0x19a
    [ 47.753026] [] do_page_fault+0xb/0xd
    [ 47.753026] [] error_code+0x58/0x60
    [ 47.753026] [] ? vmalloc_sync_all+0x19a/0x19a
    [ 47.753026] [] ? kthread_data+0xa/0xe
    [ 47.753026] [] ? wq_worker_sleeping+0xb/0x78
    [ 47.753026] [] __schedule+0xda/0x587
    [ 47.753026] [] ? vprintk_default+0x12/0x14
    [ 47.753026] [] schedule+0x72/0x89
    [ 47.753026] [] do_exit+0xb8/0x71d
    [ 47.753026] [] ? kmsg_dump+0xa9/0xae
    [ 47.753026] [] oops_end+0x69/0x70
    [ 47.753026] [] no_context+0x1bb/0x1c5
    [ 47.753026] [] __bad_area_nosemaphore+0x136/0x140
    [ 47.753026] [] ? vmalloc_sync_all+0x19a/0x19a
    [ 47.753026] [] bad_area_nosemaphore+0xd/0x10
    [ 47.753026] [] __do_page_fault+0x26c/0x320
    [ 47.753026] [] ? vmalloc_sync_all+0x19a/0x19a
    [ 47.753026] [] do_page_fault+0xb/0xd
    [ 47.753026] [] error_code+0x58/0x60
    [ 47.753026] [] ? vmalloc_sync_all+0x19a/0x19a
    [ 47.753026] [] ? kthread_data+0xa/0xe
    [ 47.753026] [] ? wq_worker_sleeping+0xb/0x78
    [ 47.753026] [] __schedule+0xda/0x587
    [ 47.753026] [] ? put_io_context_active+0x6d/0x95
    [ 47.753026] [] schedule+0x72/0x89
    [ 47.753026] [] do_exit+0x6cc/0x71d
    [ 47.753026] [] oops_end+0x69/0x70
    [ 47.753026] [] no_context+0x1bb/0x1c5
    [ 47.753026] [] __bad_area_nosemaphore+0x136/0x140
    [ 47.753026] [] ? vmalloc_sync_all+0x19a/0x19a
    [ 47.753026] [] bad_area_nosemaphore+0xd/0x10
    [ 47.753026] [] __do_page_fault+0x26c/0x320
    [ 47.753026] [] ? debug_smp_processor_id+0x12/0x16
    [ 47.753026] [] ? __switch_to+0x24/0x40e
    [ 47.753026] [] ? vmalloc_sync_all+0x19a/0x19a
    [ 47.753026] [] do_page_fault+0xb/0xd
    [ 47.753026] [] error_code+0x58/0x60
    [ 47.753026] [] ? vmalloc_sync_all+0x19a/0x19a
    [ 47.753026] [] ? rhashtable_walk_init+0x5c/0x93
    [ 47.753026] [] mesh_path_tbl_expire.isra.24+0x19/0x82 [mac80211]
    [ 47.753026] [] mesh_path_expire+0x11/0x1f [mac80211]
    [ 47.753026] [] ieee80211_mesh_work+0x73/0x1a9 [mac80211]
    [ 47.753026] [] ieee80211_iface_work+0x2ff/0x311 [mac80211]
    [ 47.753026] [] process_one_work+0x14b/0x24e
    [ 47.753026] [] worker_thread+0x249/0x343
    [ 47.753026] [] ? process_scheduled_works+0x24/0x24
    [ 47.753026] [] kthread+0x9e/0xa3
    [ 47.753026] [] ret_from_kernel_thread+0x20/0x40
    [ 47.753026] [] ? kthread_parkme+0x18/0x18
    [ 47.753026] Code: 6b c0 85 c0 75 05 e8 fb 74 fc ff 89 f8 84 c0 75 08 8d 45 e8 e8 34 dd 33 00 83 c4 28 5b 5e 5f 5d c3 55 8b 80 10 02 00 00 89 e5 5d 40 f0 c3 55 b9 04 00 00 00 89 e5 52 8b 90 10 02 00 00 8d 45
    [ 47.753026] EIP: [] kthread_data+0xa/0xe SS:ESP 0068:f6463a78
    [ 47.753026] CR2: 00000000fffffff0
    [ 47.753026] ---[ end trace 867ca0bdd0767790 ]---

    Fixes: 3b302ada7f0a ("mac80211: mesh: move path tables into if_mesh")
    Reported-by: Fred Veldini
    Signed-off-by: Bob Copeland
    Signed-off-by: Johannes Berg

    Bob Copeland
     
  • 47a0489ce   mac80211: mesh: use hlist for rmc cache ... Browse Code »

    The RMC cache has 256 list heads plus a u32, which puts it at the
    unfortunate size of 4104 bytes with padding. kmalloc() will then
    round this up to the next power-of-two, so we wind up actually
    using two pages here where most of the second is wasted.

    Switch to hlist heads here to reduce the structure size down to
    fit within a page.

    Signed-off-by: Bob Copeland
    Signed-off-by: Johannes Berg

    Bob Copeland
     
  • 0aa7fabbd   mac80211: mesh: handle failed alloc for rmc cache ... Browse Code »

    In the unlikely case that mesh_rmc_init() fails with -ENOMEM,
    the rmc pointer will be left as NULL but the interface is still
    operational because ieee80211_mesh_init_sdata() is not allowed
    to fail.

    If this happens, we would blindly dereference rmc when checking
    whether a multicast frame is in the cache. Instead just drop the
    frames in the forwarding path.

    Signed-off-by: Bob Copeland
    Signed-off-by: Johannes Berg

    Bob Copeland
     

05 Apr, 2016

2 commits

  • 60854fd94   mac80211: mesh: convert path table to rhashtable ... Browse Code »

    In the time since the mesh path table was implemented as an
    RCU-traversable, dynamically growing hash table, a generic RCU
    hashtable implementation was added to the kernel.

    Switch the mesh path table over to rhashtable to remove some code
    and also gain some features like automatic shrinking.

    Cc: Thomas Graf
    Cc: netdev@vger.kernel.org
    Signed-off-by: Bob Copeland
    Signed-off-by: Johannes Berg

    Bob Copeland
     
  • 2bdaf386f   mac80211: mesh: move path tables into if_mesh ... Browse Code »

    The mesh path and mesh gate hashtables are global, containing
    all of the mpaths for every mesh interface, but the paths are
    all tied logically to a single interface. The common case is
    just a single mesh interface, so optimize for that by moving
    the global hashtable into the per-interface struct.

    Doing so allows us to drop sdata pointer comparisons inside
    the lookups and also saves a few bytes of BSS and data.

    Signed-off-by: Bob Copeland
    Signed-off-by: Johannes Berg

    Bob Copeland
     

02 Mar, 2016

1 commit

  • d67703fce   Merge tag 'mac80211-next-for-davem-2016-02-26' of git://git.kernel.org/pub/scm/l… ... Browse Code »

    …inux/kernel/git/jberg/mac80211-next

    Johannes Berg says:

    ====================
    Here's another round of updates for -next:
    * big A-MSDU RX performance improvement (avoid linearize of paged RX)
    * rfkill changes: cleanups, documentation, platform properties
    * basic PBSS support in cfg80211
    * MU-MIMO action frame processing support
    * BlockAck reordering & duplicate detection offload support
    * various cleanups & little fixes
    ====================

    Signed-off-by: David S. Miller <davem@davemloft.net>

    David S. Miller
     

24 Feb, 2016

1 commit

  • 8ac3c7041   mac80211: refactor HT/VHT to chandef code ... Browse Code »

    The station MLME and IBSS/mesh ones use entirely different
    code for interpreting HT and VHT operation elements. Change
    the code that interprets them a bit - it now modifies an
    existing chandef - and use it also in the MLME code.

    Signed-off-by: Johannes Berg

    Johannes Berg
     

26 Jan, 2016

1 commit

  • 4fa11ec72   mac80211: Requeue work after scan complete for all VIF types. ... Browse Code »

    During a sw scan ieee80211_iface_work ignores work items for all vifs.
    However after the scan complete work is requeued only for STA, ADHOC
    and MESH iftypes.

    This occasionally results in event processing getting delayed/not
    processed for iftype AP when it coexists with a STA. This can result
    in data halt and eventually disconnection on the AP interface.

    Cc: stable@vger.kernel.org
    Signed-off-by: Sachin Kulkarni
    Signed-off-by: Johannes Berg

    Sachin Kulkarni
     

03 Nov, 2015

1 commit

  • 57f255f58   mac80211: TDLS: add proper HT-oper IE ... Browse Code »

    When 11n peers performs a TDLS connection on a legacy BSS, the HT
    operation IE must be specified according to IEEE802.11-2012 section
    9.23.3.2. Otherwise HT-protection is compromised and the medium becomes
    noisy for both the TDLS and the BSS links.

    Signed-off-by: Arik Nemtsov
    Signed-off-by: Emmanuel Grumbach
    Signed-off-by: Johannes Berg

    Arik Nemtsov
     

05 Oct, 2015

1 commit

22 Sep, 2015

1 commit

  • c85fb53c4   mac80211: implement VHT support for mesh ... Browse Code »

    Implement the basics required for supporting very high throughput
    with mesh: include VHT information elements in beacons, probe
    responses, and peering action frames, and check for compatible VHT
    configurations when peering.

    Signed-off-by: Bob Copeland
    Signed-off-by: Johannes Berg

    Bob Copeland
     

17 Jul, 2015

1 commit

10 Jun, 2015

1 commit

01 Apr, 2015

1 commit

  • 7b6249bba   Merge tag 'mac80211-next-for-davem-2015-03-30' of git://git.kernel.org/pub/scm/l… ... Browse Code »

    …inux/kernel/git/jberg/mac80211-next

    Johannes Berg says:

    ====================
    Lots of updates for net-next; along with the usual flurry
    of small fixes, cleanups and internal features we have:
    * VHT support for TDLS and IBSS (conditional on drivers though)
    * first TX performance improvements (the biggest will come later)
    * many suspend/resume (race) fixes
    * name_assign_type support from Tom Gundersen
    ====================

    Signed-off-by: David S. Miller <davem@davemloft.net>

    David S. Miller
     

04 Mar, 2015

1 commit

01 Mar, 2015

1 commit

  • 31f909a2c   nl/mac80211: allow zero plink timeout to disable STA expiration ... Browse Code »

    Both wpa_supplicant and mac80211 have and inactivity timer. By default
    wpa_supplicant will be timed out in 5 minutes and mac80211's it is 30
    minutes. If wpa_supplicant uses a longer timer than mac80211, it will
    get unexpected disconnection by mac80211.

    Using 0xffffffff instead as the configured value could solve this w/o
    changing the code, but due to integer overflow in the expression used
    this doesn't work. The expression is:

    (current jiffies) > (frame Rx jiffies + NL80211_MESHCONF_PLINK_TIMEOUT * 250)

    On 32bit system, the right side would overflow and be a very small
    value if NL80211_MESHCONF_PLINK_TIMEOUT is sufficiently large,
    causing unexpectedly early disconnections.

    Instead allow disabling the inactivity timer to avoid this situation,
    by passing the (previously invalid and useless) value 0.

    Signed-off-by: Masashi Honma
    [reword/rewrap commit log]
    Signed-off-by: Johannes Berg

    Masashi Honma