aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211
Commit message (Collapse)AuthorAge
* Merge branch 'for-john' of ↵John W. Linville2012-11-14
|\ | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
| * mac80211: call skb_dequeue/ieee80211_free_txskb instead of __skb_queue_purgeFelix Fietkau2012-11-10
| | | | | | | | | | | | | | | | Fixes more wifi status skb leaks, leading to hostapd/wpa_supplicant hangs. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: don't send null data packet when not associatedJohannes Berg2012-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | On resume or firmware recovery, mac80211 sends a null data packet to see if the AP is still around and hasn't disconnected us. However, it always does this even if it wasn't even connected before, leading to a warning in the new channel context code. Fix this by checking that it's associated. Cc: stable@vger.kernel.org Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: fix memory leak in device registration error pathJohannes Berg2012-11-09
| | | | | | | | | | | | | | | | If the cipher suites need to be allocated, but this allocation fails, this leaks the internal scan request. Fix that by going to the correct error handling label. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: sync acccess to tx_filtered/ps_tx_buf queuesArik Nemtsov2012-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | These are accessed without a lock when ending STA PSM. If the sta_cleanup timer accesses these lists at the same time, we might crash. This may fix some mysterious crashes we had during ieee80211_sta_ps_deliver_wakeup. Cc: stable@vger.kernel.org Signed-off-by: Arik Nemtsov <arik@wizery.com> Signed-off-by: Ido Yariv <ido@wizery.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: init sched_scan_iesDavid Spinadel2012-10-31
| | | | | | | | | | | | | | | | | | | | In case that there is an unsupported band, the ie will be unallocated and the free will crash. Cc: stable@vger.kernel.org Signed-off-by: David Spinadel <david.spinadel@intel.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: do not call ieee80211_configure_filter if no interfaces are upFelix Fietkau2012-10-31
| | | | | | | | | | | | | | | | Drivers are not expected to handle it before drv_start has been called. It will be called again after an interface has been brought up. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | Merge branch 'for-john' of ↵John W. Linville2012-10-29
|\| | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
| * mac80211: make sure data is accessible in EAPOL checkJohannes Berg2012-10-26
| | | | | | | | | | | | | | | | | | | | | | | | The code to allow EAPOL frames even when the station isn't yet marked associated needs to check that the incoming frame is long enough and due to paged RX it also can't assume skb->data contains the right data, it must use skb_copy_bits(). Fix this to avoid using data that doesn't really exist. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: verify that skb data is presentJohannes Berg2012-10-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | A number of places in the mesh code don't check that the frame data is present and in the skb header when trying to access. Add those checks and the necessary pskb_may_pull() calls. This prevents accessing data that doesn't actually exist. To do this, export ieee80211_get_mesh_hdrlen() to be able to use it in mac80211. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: check management frame header lengthJohannes Berg2012-10-26
| | | | | | | | | | | | | | | | | | | | | | | | Due to pskb_may_pull() checking the skb length, all non-management frames are checked on input whether their 802.11 header is fully present. Also add that check for management frames and remove a check that is now duplicate. This prevents accessing skb data beyond the frame end. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: fix SSID copy on IBSS JOINAntonio Quartulli2012-10-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The 'ssid' field of the cfg80211_ibss_params is a u8 pointer and its length is likely to be less than IEEE80211_MAX_SSID_LEN most of the time. This patch fixes the ssid copy in ieee80211_ibss_join() by using the SSID length to prevent it from reading beyond the string. Cc: stable@vger.kernel.org Signed-off-by: Antonio Quartulli <ordex@autistici.org> [rewrapped commit message, small rewording] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: don't inspect Sequence Control field on control framesJavier Cardona2012-10-25
| | | | | | | | | | | | | | | | | | | | | | Per IEEE Std. 802.11-2012, Sec 8.2.4.4.1, the sequence Control field is not present in control frames. We noticed this problem when processing Block Ack Requests. Cc: stable@vger.kernel.org Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Javier Lopez <jlopex@cozybit.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: Don't drop frames received with mesh ttl == 1Javier Cardona2012-10-25
| | | | | | | | | | | | | | | | Prior this fix, those frames were not received, nor forwarded. Fix this to receive and not forward. Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: Only process mesh config header on frames that RA_MATCHJavier Cardona2012-10-25
| | | | | | | | | | | | | | | | | | | | Doing otherwise is wrong, and may wreak havoc on the mpp tables, specially if the frame is encrypted. Cc: stable@vger.kernel.org Reported-by: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: use blacklist for duplicate IE checkJohannes Berg2012-10-24
| | | | | | | | | | | | | | | | | | | | | | | | | | Instead of the current whitelist which accepts duplicates only for the quiet and vendor IEs, use a blacklist of all IEs (that we currently parse) that can't be duplicated. This avoids detecting a beacon as corrupt in the future when new IEs are added that can be duplicated. Cc: stable@vger.kernel.org Signed-off-by: Paul Stewart <pstew@chromium.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | Merge branch 'for-john' of ↵John W. Linville2012-10-17
|\| | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
| * mac80211: connect with HT20 if HT40 is not permittedJohannes Berg2012-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some changes to fix issues with HT40 APs in Korea and follow-up changes to allow using HT40 even if the local regulatory database disallows it caused issues with iwlwifi (and could cause issues with other devices); iwlwifi firmware would assert if you tried to connect to an AP that has an invalid configuration (e.g. using HT40- on channel 140.) Fix this, while avoiding the "Korean AP" issue by disabling HT40 and advertising HT20 to the AP when connecting. Cc: stable@vger.kernel.org [3.6] Reported-by: Florian Reitmeir <florian@reitmeir.org> Tested-by: Florian Reitmeir <florian@reitmeir.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * cfg80211/mac80211: avoid state mishmash on deauthStanislaw Gruszka2012-10-15
| | | | | | | | | | | | | | | | | | | | | | | | | | Avoid situation when we are on associate state in mac80211 and on disassociate state in cfg80211. This can results on crash during modules unload (like showed on this thread: http://marc.info/?t=134373976300001&r=1&w=2) and possibly other problems. Reported-by: Pedro Francisco <pedrogfrancisco@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * Merge remote-tracking branch 'wireless/master' into mac80211Johannes Berg2012-10-15
| |\
| * | mac80211: Fix FC masking in BIP AAD generationJouni Malinen2012-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The bits used in the mask were off-by-one and ended up masking PwrMgt, MoreData, Protected fields instead of Retry, PwrMgt, MoreData. Fix this and to mask the correct fields. While doing so, convert the code to mask the full FC using IEEE80211_FCTL_* defines similarly to how CCMP AAD is built. Since BIP is used only with broadcast/multicast management frames, the Retry field is always 0 in these frames. The Protected field is also zero to maintain backwards compatibility. As such, the incorrect mask here does not really cause any problems for valid frames. In theory, an invalid BIP frame with Retry or Protected field set to 1 could be rejected because of BIP validation. However, no such frame should show up with standard compliant implementations, so this does not cause problems in normal BIP use. Signed-off-by: Jouni Malinen <j@w1.fi> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | | mac80211: use ieee80211_free_txskb in a few more placesFelix Fietkau2012-10-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Free tx status skbs when draining power save buffers, pending frames, or when tearing down a vif. Fixes remaining conditions that can lead to hostapd/wpa_supplicant hangs when running out of socket write memory. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@vger.kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: check if key has TKIP type before updating IVStanislaw Gruszka2012-10-15
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fix corruption which can manifest itself by following crash when switching on rfkill switch with rt2x00 driver: https://bugzilla.redhat.com/attachment.cgi?id=615362 Pointer key->u.ccmp.tfm of group key get corrupted in: ieee80211_rx_h_michael_mic_verify(): /* update IV in key information to be able to detect replays */ rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32; rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16; because rt2x00 always set RX_FLAG_MMIC_STRIPPED, even if key is not TKIP. We already check type of the key in different path in ieee80211_rx_h_michael_mic_verify() function, so adding additional check here is reasonable. Cc: stable@vger.kernel.org # 3.0+ Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | mac80211: use ieee80211_free_txskb to fix possible skb leaksFelix Fietkau2012-10-08
| | | | | | | | | | | | | | | | | | | | A few places free skbs using dev_kfree_skb even though they're called after ieee80211_subif_start_xmit might have cloned it for tracking tx status. Use ieee80211_free_txskb here to prevent skb leaks. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@vger.kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | mac80211: call drv_get_tsf() in sleepable contextThomas Pedersen2012-10-08
| | | | | | | | | | | | | | | | | | | | The call to drv_get/set_tsf() was put on the workqueue to perform tsf adjustments since that function might sleep. However it ended up inside a spinlock, whose critical section must be atomic. Do tsf adjustment outside the spinlock instead, and get rid of a warning. Signed-off-by: Thomas Pedersen <thomas@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | mac80211: don't send delBA on addBA failureJohannes Berg2012-09-21
| | | | | | | | | | | | | | There's no reason to send a delBA when the peer refused our addBA, so change that. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: don't send delBA when removing stationsJohannes Berg2012-09-21
| | | | | | | | | | | | | | | | | | When a station is removed and we stop the aggregation sessions, it's not useful to send delBA since this is due to us or the station disassociating or dropping the connection in some other way, so change that. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: don't send delBA before disassocJohannes Berg2012-09-21
| | | | | | | | | | | | | | | | When we disassociate, it's not really useful to send delBA action frames since we're going to send disassoc/deauth anyway, so change that. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: fix IBSS auth TX debug messageSylvain Roger Rieunier2012-09-20
| | | | | | | | | | | | | | | | | | In the IBSS auth TX debug message the BSSID and DA address are reversed, fix that. Signed-off-by: Sylvain Roger Rieunier <sylvain.roger.rieunier@gmail.com> [reword commit message and make it fit 72 cols] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | cfg80211: constify name parameter to add_virtual_intfJohannes Berg2012-09-19
| | | | | | | | | | | | | | The name can't be modified by the driver, make it const. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: make reset debugfs depend on CONFIG_PMJohannes Berg2012-09-19
| | | | | | | | | | | | | | | | | | | | The suspend/resume code depends on CONFIG_PM, so the reset debugfs file can only be made available if that is enabled. Fengguang Wu's zero-day build testing found this. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: allow re-open the blocked peer link in meshChun-Yeow Yeoh2012-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | Peer link which is blocked using the "iw mesh0 station set <MAC addr> plink_action block" is previously not able to re-open using "iw mesh0 station set <MAC addr> plink_action open". This patch is intended to solve this. If the station plink state remains at OPN_SNT once open, try block and open again should solve this problem. Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: change locking around ieee80211_recalc_smpsJohannes Berg2012-09-14
| | | | | | | | | | | | | | Make the function acquire the necessary mutex itself to simplify the callers. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: handle power constraint/country IE betterJohannes Berg2012-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, mac80211 uses the power constraint IE, and reduces the regulatory max TX power by it. This can cause issues if the AP is advertising a large power constraint value matching a high TX power in its country IE, for example in this case: ... Country: US Environment: Indoor/Outdoor ... Channels [157 - 157] @ 30 dBm ... Power constraint: 13 dB ... What happened here is that our local regulatory TX power is 15 dBm, and gets reduced by 13 dB so we end up with only 2 dBm effective TX power, which is way too low. Instead, handle the country IE/power constraint IE combined and restrict our TX power to the max of the regulatory power and the maximum power advertised by the AP, in this case 17 dBm (= 30 dBm - 13 dB). Also print a message when this happens to let the user know and help us debug issues with it. Reported-by: Carl A. Cook <CACook@quantum-equities.com> Tested-by: Carl A. Cook <CACook@quantum-equities.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: remove unneeded CONFIG_PM ifdefJohannes Berg2012-09-11
| | | | | | | | | | | | | | | | The functions are only called if CONFIG_PM is set as the callers are under an ifdef, so there's no need to also define no-op functions. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: validate skb->dev in the tx status pathFelix Fietkau2012-09-10
| | | | | | | | | | | | | | | | | | | | | | skb->dev might contain a stale reference to a device that was already deleted, and using it unchecked can lead to invalid pointer accesses. Since this is only used for nl80211 tx, iterate over active interfaces to find a match for skb->dev, and discard the tx status if the device is gone. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: use call_rcu() on sta deletionEliad Peller2012-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mac80211 calls synchronize_rcu() on sta deletion, which increase the roaming time significantly. Convert it into a call_rcu() mechanism, in order to avoid blocking. Since some of the cleanup functions might sleep, schedule from the call_rcu callback a new work that will do the actual cleanup. In order to make sure the cleanup occurs before the interface went down, flush local->workqueue on ieee80211_do_stop(). Signed-off-by: Yoni Divinsky <yoni.divinsky@ti.com> Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: add key flag for management keysJohannes Berg2012-09-10
| | | | | | | | | | | | | | | | | | | | | | | | Mark keys that might be used to receive management frames so drivers can fall back on software crypto for them if they don't support hardware offload. As the new flag is only set correctly for RX keys and the existing IEEE80211_KEY_FLAG_SW_MGMT flag can only affect TX, also rename the latter to IEEE80211_KEY_FLAG_SW_MGMT_TX. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: reply to AUTH with DEAUTH if sta allocation fails in IBSSAntonio Quartulli2012-09-07
| | | | | | | | | | | | | | | | | | | | | | Whenever a host gets an AUTH frame it first allocates a new station and then replies with another AUTH frame. However, if sta allocations fails the host should send a DEAUTH frame instead to tell the other end that something went wrong. Signed-off-by: Antonio Quartulli <ordex@autistici.org> [reword commit message a bit] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: move ieee80211_send_deauth_disassoc outside mlme codeAntonio Quartulli2012-09-07
| | | | | | | | | | | | | | | | | | Move ieee80211_send_deauth_disassoc() to util.c to make it available for the rest of the mac80211 code. Signed-off-by: Antonio Quartulli <ordex@autistici.org> [reword commit message] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | net/mac80211/scan.c: removes unnecessary semicolonPeter Senna Tschudin2012-09-07
| | | | | | | | | | | | | | | | | | removes unnecessary semicolon Found by Coccinelle: http://coccinelle.lip6.fr/ Signed-off-by: Peter Senna Tschudin <peter.senna@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: refactor set_channel_typeMichal Kazior2012-09-06
| | | | | | | | | | | | | | | | | | | | Split functionality for further reuse. Will prevent code duplication when channel context channel_type merging is introduced. Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: use synchronize_net() on key destroyingEliad Peller2012-09-06
| | | | | | | | | | | | | | | | | | | | | | | | __ieee80211_key_destroy() calls synchronize_rcu() in order to sync the tx path before destroying the key. However, synching the tx path can be done with synchronize_net() as well, which is usually faster (the timing might be important for roaming scenarios). Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: check power constraint IE size when parsingJohannes Berg2012-09-06
| | | | | | | | | | | | | | The power constraint IE is always a single byte so check the size when parsing instead of later. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | Merge remote-tracking branch 'wireless-next/master' into mac80211-nextJohannes Berg2012-09-06
|\ \
| * \ Merge branch 'for-john' of ↵John W. Linville2012-08-23
| |\ \ | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next
| * \ \ Merge branch 'for-john' of ↵John W. Linville2012-08-21
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next Conflicts: drivers/net/wireless/mac80211_hwsim.c
| * | | | mac80211: fix unnecessary beacon update after peering status changeMarco Porsch2012-08-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ieee80211_bss_info_change_notify is called everytime a peer link is established or closed, because the accepting_plinks flag in the meshconf IE *might* have changed. With this patch the corresponding functions return the BSS_CHANGED_BEACON flag when a beacon update is necessary. Also it makes mesh_accept_plinks_update the common place to update the accepting_plinks flag. mesh_accept_plinks_update is called upon plink change and also periodically from ieee80211_mesh_housekeeping. Thus, it also picks up changes of local->num_sta. Signed-off-by: Marco Porsch <marco.porsch@etit.tu-chemnitz.de> Acked-by: Thomas Pedersen <thomas@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | | | mac80211: disconnect if channel switch failsJohannes Berg2012-09-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Disconnect from the AP if channel switching in the driver failed or if the new channel is unavailable. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | | | | mac80211: don't hang on to sched_scan_iesJohannes Berg2012-09-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's no need to keep a copy of the scheduled scan IEs after the driver has been told, if it requires a copy it must make one. Therefore, we can move sched_scan_ies into the function. Signed-off-by: Johannes Berg <johannes.berg@intel.com>