aboutsummaryrefslogtreecommitdiffstats
path: root/net/wireless/wext.c
Commit message (Collapse)AuthorAge
* wext: allow returning NULL statsJohannes Berg2009-07-10
| | | | | | | | | | | | | Currently, wext drivers cannot return NULL for stats even though that would make the ioctl return -EOPNOTSUPP because that would mean they are no longer listed in /proc/net/wireless. This patch changes the wext core's behaviour to list them if they have any wireless_handlers, but only show their stats when available, so that drivers can start returning NULL if stats are currently not available, reducing confusion for e.g. IBSS. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Merge branch 'master' of ↵David S. Miller2009-05-25
|\ | | | | | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Conflicts: drivers/net/wireless/ath/ath5k/phy.c drivers/net/wireless/iwlwifi/iwl-agn.c drivers/net/wireless/iwlwifi/iwl3945-base.c
| * wext: verify buffer size for SIOCSIWENCODEEXTJohannes Berg2009-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Another design flaw in wireless extensions (is anybody surprised?) in the way it handles the iw_encode_ext structure: The structure is part of the 'extra' memory but contains the key length explicitly, instead of it just being the length of the extra buffer - size of the struct and using the explicit key length only for the get operation (which only writes it). Therefore, we have this layout: extra: +-------------------------+ | struct iw_encode_ext { | | ... | | u16 key_len; | | u8 key[0]; | | }; | +-------------------------+ | key material | +-------------------------+ Now, all drivers I checked use ext->key_len without checking that both key_len and the struct fit into the extra buffer that has been copied from userspace. This leads to a buffer overrun while reading that buffer, depending on the driver it may be possible to specify arbitrary key_len or it may need to be a proper length for the key algorithm specified. Thankfully, this is only exploitable by root, but root can actually cause a segfault or use kernel memory as a key (which you can even get back with siocgiwencode or siocgiwencodeext from the key buffer). Fix this by verifying that key_len fits into the buffer along with struct iw_encode_ext. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | wext: remove atomic requirement for wireless statsJohannes Berg2009-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The requirement for wireless stats to be atomic is now mostly artificial since we hold the rtnl _and_ the dev_base_lock for iterating the device list. Doing that is not required, just the rtnl is sufficient (and the rtnl is required for other reasons outlined in commit "wext: fix get_wireless_stats locking"). This will fix http://bugzilla.kernel.org/show_bug.cgi?id=13344 and make things easier for drivers. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | wext: remove seq_start/stop sparse annotationsJohannes Berg2009-05-13
| | | | | | | | | | | | | | | | | | | | | | | | | | Even though they are true, they cause sparse to complain because it doesn't see the __acquires(dev_base_lock) on dev_seq_start() because it is only added to the function in net/core/dev.c, not the header file. To keep track of the nesting correctly we should probably annotate those functions publically, but for now let's just remove the annotation I added to wext. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | wext: fix get_wireless_stats lockingJohannes Berg2009-05-11
|/ | | | | | | | | | | | | | | | | | | | | Currently, get_wireless_stats is racy by _design_. This is because it returns a buffer, which needs to be statically allocated since it cannot be freed if it was allocated dynamically. Also, SIOCGIWSTATS and /proc/net/wireless use no common lock, and /proc/net/wireless accesses are not synchronised against each other. This is a design flaw in get_wireless_stats since the beginning. This patch fixes it by wrapping /proc/net/wireless accesses with the RTNL so they are protected against each other and SIOCGIWSTATS. The more correct method of fixing this would be to pass in the buffer instead of returning it and have the caller take care of synchronisation of the buffer, but even then most drivers probably assume that their callback is protected by the RTNL like all other wext callbacks. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* wireless: convert wireless ioctl to net_device_opsStephen Hemminger2009-01-06
| | | | | Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* wireless: Fix incorrect use of loose in wext.cNick Andrew2008-12-07
| | | | | | | | | Fix incorrect use of loose in wext.c It should be 'lose', not 'loose'. Signed-off-by: Nick Andrew <nick@nick-andrew.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* wext: Send name on eventsJamal Hadi Salim2008-08-13
| | | | | | | | In the minimal the wireless extensions oughta send at least the name in addition to the ifindex. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
* netns: Use net_eq() to compare net-namespaces for optimization.YOSHIFUJI Hideaki2008-07-20
| | | | | | | | Without CONFIG_NET_NS, namespace is always &init_net. Compiler will be able to omit namespace comparisons with this patch. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* wext: Create IW_REQUEST_FLAG_COMPAT and set it as needed.David S. Miller2008-06-16
| | | | | | | Now low-level WEXT ioctl handlers can do compat handling when necessary. Signed-off-by: David S. Miller <davem@davemloft.net>
* wext: Dispatch and handle compat ioctls entirely in net/wireless/wext.cDavid S. Miller2008-06-16
| | | | | | | | | Next we can kill the hacks in fs/compat_ioctl.c and also dispatch compat ioctls down into the driver and 80211 protocol helper layers in order to handle iw_point objects embedded in stream replies which need to be translated. Signed-off-by: David S. Miller <davem@davemloft.net>
* wext: Pull top-level ioctl dispatch logic into helper function.David S. Miller2008-06-16
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* wext: Pass iwreq pointer down into standard/private handlers.David S. Miller2008-06-16
| | | | | | They have no need to see the object as an ifreq. Signed-off-by: David S. Miller <davem@davemloft.net>
* wext: Parameterize the standard/private handlers.David S. Miller2008-06-16
| | | | | | | The WEXT standard and private handlers to use are now arguments to wireless_process_ioctl(). Signed-off-by: David S. Miller <davem@davemloft.net>
* wext: Pull ioctl permission checking out into helper function.David S. Miller2008-06-16
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* wext: Extract private call iw_point handling into seperate functions.David S. Miller2008-06-16
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* wext: Extract standard call iw_point handling into seperate function.David S. Miller2008-06-16
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* wext: Make adjust_priv_size() take a "struct iw_point *".David S. Miller2008-06-16
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* wext: Remove inline from get_priv_size() and adjust_priv_size().David S. Miller2008-06-16
| | | | | | The compiler inlines when appropriate. Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET] NETNS: Omit net_device->nd_net without CONFIG_NET_NS.YOSHIFUJI Hideaki2008-03-25
| | | | | | | | Introduce per-net_device inlines: dev_net(), dev_net_set(). Without CONFIG_NET_NS, no namespace other than &init_net exists. Let's explicitly define them to help compiler optimizations. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* WEXT: remove unused variableMasakazu Mokuno2008-01-28
| | | | | | | As event_type_pk_size[] is not used, Remove it. Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [NET]: Consolidate net namespace related proc files creation.Denis V. Lunev2008-01-28
| | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Make rtnetlink infrastructure network namespace aware (v3)Denis V. Lunev2008-01-28
| | | | | | | | | | | | | | | | | After this patch none of the netlink callback support anything except the initial network namespace but the rtnetlink infrastructure now handles multiple network namespaces. Changes from v2: - IPv6 addrlabel processing Changes from v1: - no need for special rtnl_unlock handling - fixed IPv6 ndisc Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [WIRELESS] WEXT: Fix userspace corruption on 64-bit.David S. Miller2007-11-20
| | | | | | | | | | | | | | | | | | | On 64-bit systems sizeof(struct ifreq) is 8 bytes larger than sizeof(struct iwreq). For GET calls, the wireless extension code copies back into userspace using sizeof(struct ifreq) but userspace and elsewhere only allocates a "struct iwreq". Thus, this copy writes past the end of the iwreq object and corrupts whatever sits after it in memory. Fix the copy_to_user() length. This particularly hurts the compat case because the wireless compat code uses compat_alloc_userspace() and right after this allocated buffer is the current bottom of the user stack, and that's what gets overwritten by the copy_to_user() call. Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Fix race when opening a proc file while a network namespace is exiting.Eric W. Biederman2007-10-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The problem: proc_net files remember which network namespace the are against but do not remember hold a reference count (as that would pin the network namespace). So we currently have a small window where the reference count on a network namespace may be incremented when opening a /proc file when it has already gone to zero. To fix this introduce maybe_get_net and get_proc_net. maybe_get_net increments the network namespace reference count only if it is greater then zero, ensuring we don't increment a reference count after it has gone to zero. get_proc_net handles all of the magic to go from a proc inode to the network namespace instance and call maybe_get_net on it. PROC_NET the old accessor is removed so that we don't get confused and use the wrong helper function. Then I fix up the callers to use get_proc_net and handle the case case where get_proc_net returns NULL. In that case I return -ENXIO because effectively the network namespace has already gone away so the files we are trying to access don't exist anymore. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Acked-by: Paul E. McKenney <paulmck@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Make the device list and device lookups per namespace.Eric W. Biederman2007-10-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch makes most of the generic device layer network namespace safe. This patch makes dev_base_head a network namespace variable, and then it picks up a few associated variables. The functions: dev_getbyhwaddr dev_getfirsthwbytype dev_get_by_flags dev_get_by_name __dev_get_by_name dev_get_by_index __dev_get_by_index dev_ioctl dev_ethtool dev_load wireless_process_ioctl were modified to take a network namespace argument, and deal with it. vlan_ioctl_set and brioctl_set were modified so their hooks will receive a network namespace argument. So basically anthing in the core of the network stack that was affected to by the change of dev_base was modified to handle multiple network namespaces. The rest of the network stack was simply modified to explicitly use &init_net the initial network namespace. This can be fixed when those components of the network stack are modified to handle multiple network namespaces. For now the ifindex generator is left global. Fundametally ifindex numbers are per namespace, or else we will have corner case problems with migration when we get that far. At the same time there are assumptions in the network stack that the ifindex of a network device won't change. Making the ifindex number global seems a good compromise until the network stack can cope with ifindex changes when you change namespaces, and the like. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Make /proc/net per network namespaceEric W. Biederman2007-10-10
| | | | | | | | | | | | | | | | | | This patch makes /proc/net per network namespace. It modifies the global variables proc_net and proc_net_stat to be per network namespace. The proc_net file helpers are modified to take a network namespace argument, and all of their callers are fixed to pass &init_net for that argument. This ensures that all of the /proc/net files are only visible and usable in the initial network namespace until the code behind them has been updated to be handle multiple network namespaces. Making /proc/net per namespace is necessary as at least some files in /proc/net depend upon the set of network devices which is per network namespace, and even more files in /proc/net have contents that are relevant to a single network namespace. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [WIRELESS]: Use type safe netlink interfaceThomas Graf2007-10-10
| | | | | | | | Makes use of the type safe netlink interface and adds a warning if the message is too big for NLMSG_DEFAULT_SIZE to help debug. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [WEXT]: Misc code cleanups.Johannes Berg2007-04-26
| | | | | | | | Just a few things that didn't fit in with the other patches. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [WEXT]: Reduce inline abuse.Johannes Berg2007-04-26
| | | | | | | | | | | This patch removes a bunch of inline abuse from wext. Most functions that were marked inline are only used once so the compiler will inline them anyway, others are used multiple times but there's no requirement for them to be inline since they aren't in any fast paths. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [WEXT]: Move EXPORT_SYMBOL statements where they belong.Johannes Berg2007-04-26
| | | | | | | | | EXPORT_SYMBOL statements are supposed to go together with the symbol they're exporting. This patch moves them accordingly. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [WEXT]: Cleanup early ioctl call path.Johannes Berg2007-04-26
| | | | | | | | | This patch makes the code in wireless_process_ioctl somewhat more readable. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [WEXT]: Remove options.Johannes Berg2007-04-26
| | | | | | | | | This patch kills the two options in wext that are required to be enabled anyway because they influence the userspace API. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [WEXT]: Remove dead debug code.Johannes Berg2007-04-26
| | | | | | | | | | This patch kills a whole bunch of code that can only ever be used by defining some things in wext.c. Also, the things that are printed are mostly useless since the API is fairly well-tested. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [WEXT]: Clean up how wext is called.Johannes Berg2007-04-26
| | | | | | | | This patch cleans up the call paths from the core code into wext. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [WEXT]: Move to net/wirelessJohannes Berg2007-04-26
This patch moves dev/core/wireless.c to net/wireless/wext.c. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>