summaryrefslogtreecommitdiffstats
path: root/net/wireless/util.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* networking: make skb_push & __skb_push return void pointersJohannes Berg2017-06-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It seems like a historic accident that these return unsigned char *, and in many places that means casts are required, more often than not. Make these functions return void * and remove all the casts across the tree, adding a (u8 *) cast only where the unsigned char pointer was used directly, all done with the following spatch: @@ expression SKB, LEN; typedef u8; identifier fn = { skb_push, __skb_push, skb_push_rcsum }; @@ - *(fn(SKB, LEN)) + *(u8 *)fn(SKB, LEN) @@ expression E, SKB, LEN; identifier fn = { skb_push, __skb_push, skb_push_rcsum }; type T; @@ - E = ((T *)(fn(SKB, LEN))) + E = fn(SKB, LEN) @@ expression SKB, LEN; identifier fn = { skb_push, __skb_push, skb_push_rcsum }; @@ - fn(SKB, LEN)[0] + *(u8 *)fn(SKB, LEN) Note that the last part there converts from push(...)[0] to the more idiomatic *(u8 *)push(...). Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge remote-tracking branch 'net-next/master' into mac80211-nextJohannes Berg2017-06-081-4/+6
|\ | | | | | | | | | | | | This brings in commit 7a7c0a6438b8 ("mac80211: fix TX aggregation start/stop callback race") to allow the follow-up cleanup. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: strictly check mesh address extension modeRajkumar Manoharan2017-05-171-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mesh forwarding path checks for address extension mode to fetch appropriate proxied address and MPP address. Existing condition that looks for 6 address format is not strict enough so that frames with improper values are processed and invalid entries are added into MPP table. Fix that by adding a stricter check before processing the packet. Per IEEE Std 802.11s-2011 spec. Table 7-6g1 lists address extension mode 0x3 as reserved one. And also Table Table 9-13 does not specify 0x3 as valid address field. Fixes: 9b395bc3be1c ("mac80211: verify that skb data is present") Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | cfg80211: improve warnings in VHT rate calculationJohannes Berg2017-05-171-4/+7
|/ | | | | | | | | Linus reported hitting the bandwidth warning, but it is indeed pretty useless - improve it by printing the rate configuration and make it only warn once, for both warnings here. Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: unify cfg80211_roamed() and cfg80211_roamed_bss()Avraham Stern2017-04-281-3/+1
| | | | | | | | | | | | | | | | cfg80211_roamed() and cfg80211_roamed_bss() take the same arguments except that cfg80211_roamed() requires the BSSID and cfg80211_roamed_bss() requires the bss entry. Unify the two functions by using a struct for driver initiated roaming information so that either the BSSID or the bss entry can be passed as an argument to the unified function. Signed-off-by: Avraham Stern <avraham.stern@intel.com> [modified the ath6k, brcm80211, rndis and wlan-ng drivers accordingly] Signed-off-by: Luca Coelho <luciano.coelho@intel.com> [modify brcmfmac to remove the useless cast, spotted by Arend] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: Fix array-bounds warning in fragment copyMatthias Kaehlcke2017-04-181-3/+3
| | | | | | | | | | | | __ieee80211_amsdu_copy_frag intentionally initializes a pointer to array[-1] to increment it later to valid values. clang rightfully generates an array-bounds warning on the initialization statement. Initialize the pointer to array[0] and change the algorithm from increment before to increment after consume. Signed-off-by: Matthias Kaehlcke <mka@chromium.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: move add/change interface monitor flags into paramsJohannes Berg2017-04-131-2/+2
| | | | | | | | | | | | Instead passing both flags, which can be NULL, and vif_params, which are never NULL, move the flags into the vif_params and use BIT(0), which is invalid from userspace, to indicate that the flags were changed. While updating all drivers, fix a small bug in wil6210 where it was setting the flags to 0 instead of leaving them unchanged. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: Use a structure to pass connect response paramsVidyullatha Kanchanapally2017-03-311-9/+3
| | | | | | | | | | | | Currently the connect event from driver takes all the connection response parameters as arguments. With support for new features these response parameters can grow. Use a structure to pass these parameters rather than passing them as function arguments. Signed-off-by: Vidyullatha Kanchanapally <vkanchan@qti.qualcomm.com> Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> [add to documentation] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: refactor cfg80211_calculate_bitrate()Johannes Berg2017-03-061-28/+32
| | | | | | | | | | This function contains the HT calculations, which makes no sense - split that out into a separate function. As a side effect, this makes the 60G flag independent from HT_MCS so remove the MCS one from wil6210 (also deleting a duplicate assignment.) Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: combine two nested ifs into a single conditionJohannes Berg2017-03-061-5/+5
| | | | | | | | Combine two instances of having two nested if statements into a single one with a combined condition to reduce the indentation. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* net: adjust skb->truesize in pskb_expand_head()Eric Dumazet2017-01-271-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Slava Shwartsman reported a warning in skb_try_coalesce(), when we detect skb->truesize is completely wrong. In his case, issue came from IPv6 reassembly coping with malicious datagrams, that forced various pskb_may_pull() to reallocate a bigger skb->head than the one allocated by NIC driver before entering GRO layer. Current code does not change skb->truesize, leaving this burden to callers if they care enough. Blindly changing skb->truesize in pskb_expand_head() is not easy, as some producers might track skb->truesize, for example in xmit path for back pressure feedback (sk->sk_wmem_alloc) We can detect the cases where it should be safe to change skb->truesize : 1) skb is not attached to a socket. 2) If it is attached to a socket, destructor is sock_edemux() My audit gave only two callers doing their own skb->truesize manipulation. I had to remove skb parameter in sock_edemux macro when CONFIG_INET is not set to avoid a compile error. Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Slava Shwartsman <slavash@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* cfg80211: Specify the reason for connect timeoutPurushottam Kushwaha2017-01-131-1/+1
| | | | | | | | | | | | This enhances the connect timeout API to also carry the reason for the timeout. These reason codes for the connect time out are represented by enum nl80211_timeout_reason and are passed to user space through a new attribute NL80211_ATTR_TIMEOUT_REASON (u32). Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com> Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> [keep gfp_t argument last] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: move function checking range fit to util.cRafał Miłecki2017-01-061-0/+15
| | | | | | | | It is needed for another cfg80211 helper that will be out of reg.c so move it to common util.c file and make it non-static. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: only pass sband to set_mandatory_flags_band()Arend Van Spriel2017-01-051-4/+4
| | | | | | | | | | | The supported band structure contains the band is applies to so no need to pass it separately. Also added a default case to the switch for completeness. The current code base does not call this function with NUM_NL80211_BANDS but kept that case statement although default case would cover that. Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: get rid of name indirection trick for ieee80211_get_channel()Arend Van Spriel2016-12-131-3/+2
| | | | | | | | | The comment on the name indirection suggested an issue but turned out to be untrue. Digging in older kernel version showed issue with ipw2x00 but that is no longer true so get rid on the name indirection. Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2016-11-221-1/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All conflicts were simple overlapping changes except perhaps for the Thunder driver. That driver has a change_mtu method explicitly for sending a message to the hardware. If that fails it returns an error. Normally a driver doesn't need an ndo_change_mtu method becuase those are usually just range changes, which are now handled generically. But since this extra operation is needed in the Thunder driver, it has to stay. However, if the message send fails we have to restore the original MTU before the change because the entire call chain expects that if an error is thrown by ndo_change_mtu then the MTU did not change. Therefore code is added to nicvf_change_mtu to remember the original MTU, and to restore it upon nicvf_update_hw_max_frs() failue. Signed-off-by: David S. Miller <davem@davemloft.net>
| * cfg80211: add bitrate for 20MHz MCS 9Pedersen, Thomas2016-11-151-1/+2
| | | | | | | | | | | | | | | | | | | | | | Some drivers (ath10k) report MCS 9 @ 20MHz, which technically isn't defined. To get more meaningful value than 0 out of this however, just extrapolate a bitrate from ratio of MCS 7 and 9 in channels where it is allowed. Signed-off-by: Thomas Pedersen <twp@qca.qualcomm.com> [add a comment about it in the code] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2016-10-301-19/+15
|\| | | | | | | | | | | | | | | | | Mostly simple overlapping changes. For example, David Ahern's adjacency list revamp in 'net-next' conflicted with an adjacency list traversal bug fix in 'net'. Signed-off-by: David S. Miller <davem@davemloft.net>
| * cfg80211: add ability to check DA/SA in A-MSDU decapsulationJohannes Berg2016-10-121-2/+12
| | | | | | | | | | | | | | | | | | | | | | We should not accept arbitrary DA/SA inside A-MSDUs, it could be used to circumvent protections, like allowing a station to send frames and make them seem to come from somewhere else. Add the necessary infrastructure in cfg80211 to allow such checks, in further patches we'll start using them. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * cfg80211: let ieee80211_amsdu_to_8023s() take only header-less SKBJohannes Berg2016-10-121-19/+5
| | | | | | | | | | | | | | | | | | There's only a single case where has_80211_header is passed as true, which is in mac80211. Given that there's only simple code that needs to be done before calling it, export that function from cfg80211 instead and let mac80211 call it itself. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | cfg80211: handle fragmented IEs in splittingJohannes Berg2016-10-271-3/+22
| | | | | | | | | | | | | | | | | | | | The IEs "output" can sometimes combine IEs coming from userspace with IEs generated in the kernel - in particular mac80211 does this for association frames. Add support in this code for the 802.11 IE fragmentation. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | cfg80211: validate beacon int as part of iface combinationsJohannes Berg2016-10-271-31/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove the pointless checking against interface combinations in the initial basic beacon interval validation, that currently isn't taking into account radar detection or channels properly. Instead, just validate the basic range there, and then delay real checking to the interface combination validation that drivers must do. This means that drivers wanting to use the beacon_int_min_gcd will now have to pass the new_beacon_int when validating the AP/mesh start. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | cfg80211: fix beacon interval in interface combination iterationJohannes Berg2016-10-271-4/+2
| | | | | | | | | | | | | | | | | | We shouldn't abort the iteration with an error when one of the potential combinations can't accomodate the beacon interval request, we should just skip that particular combination. Fix the code to do so. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | cfg80211: fix possible memory leak in cfg80211_iter_combinations()Wei Yongjun2016-10-181-1/+3
| | | | | | | | | | | | | | | | | | | | 'limits' is malloced in cfg80211_iter_combinations() and should be freed before leaving from the error handling cases, otherwise it will cause memory leak. Fixes: 0c317a02ca98 ("cfg80211: support virtual interfaces with different beacon intervals") Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | cfg80211: support virtual interfaces with different beacon intervalsPurushottam Kushwaha2016-10-131-6/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit provides a mechanism for the host drivers to advertise the support for different beacon intervals among the respective interface combinations in a group, through NL80211_IFACE_COMB_BI_MIN_GCD (u32). This value will be compared against GCD of all beaconing interfaces of matching combinations. If the driver doesn't advertise this value, the old behaviour where all beacon intervals must be identical is retained. If it is specified, then any beacon interval for an interface in the interface combination as well as the GCD of all active beacon intervals in the combination must be greater or equal to this value. Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com> [change commit message, some variable names, small other things] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | cfg80211: pass struct to interface combination check/iterPurushottam Kushwaha2016-10-131-16/+12
|/ | | | | | | | | | Move the growing parameter list to a structure for the interface combination check and iteration functions in cfg80211 and mac80211 to make the code easier to understand. Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com> [edit commit message] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: add add_nan_func / del_nan_funcAyala Beker2016-09-301-0/+22
| | | | | | | | | | | | | | A NAN function can be either publish, subscribe or follow up. Make all the necessary verifications and just pass the request to the driver. Allow the user space application that starts NAN to forbid any other socket to add or remove functions. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Ayala Beker <ayala.beker@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: add start / stop NAN commandsAyala Beker2016-09-301-2/+4
| | | | | | | | | | | | | | | | | This allows user space to start/stop NAN interface. A NAN interface is like P2P device in a few aspects: it doesn't have a netdev associated to it. Add the new interface type and prevent operations that can't be executed on NAN interface like scan. Define several attributes that may be configured by user space when starting NAN functionality (master preference and dual band operation) Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: Add support for static WEP in the driverDavid Spinadel2016-09-301-1/+1
| | | | | | | | | Add support for drivers that implement static WEP internally, i.e. expose connection keys to the driver in connect flow and don't upload the keys after the connection. Signed-off-by: David Spinadel <david.spinadel@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: reduce connect key caching struct sizeJohannes Berg2016-09-131-4/+1
| | | | | | | | | After the previous patches, connect keys can only (correctly) be used for storing static WEP keys. Therefore, remove all the data for dealing with key index 4/5 and reduce the size of the key material to the maximum for WEP keys. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: validate key index betterJohannes Berg2016-09-131-1/+7
| | | | | | | | | Don't accept it if a key_idx < 0 snuck through, reject WEP keys with key index 4 and 5 (which are used for IGTKs) and don't allow IGTKs with key indices other than 4 and 5. This makes the key data match expectations better. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: identically validate beacon interval for AP/MESH/IBSSPurushottam Kushwaha2016-08-111-1/+1
| | | | | | | | | | | | Beacon interval interface combinations validation was missing for MESH/IBSS join, add those. Johannes: also move the beacon interval check disallowing really tiny and really big intervals into the common function, which adds it for AP mode. Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: handle failed skb allocationGregory Greenman2016-07-061-0/+2
| | | | | | | | | | Handle the case when dev_alloc_skb returns NULL. Cc: stable@vger.kernel.org Fixes: 2b67f944f88c2 ("cfg80211: reuse existing page fragments in A-MSDU rx") Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
* cfg80211: fix proto in ieee80211_data_to_8023 for frames without LLC headerFelix Fietkau2016-06-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | The PDU length of incoming LLC frames is set to the total skb payload size in __ieee80211_data_to_8023() of net/wireless/util.c which incorrectly includes the length of the IEEE 802.11 header. The resulting LLC frame header has a too large PDU length, causing the llc_fixup_skb() function of net/llc/llc_input.c to reject the incoming skb, effectively breaking STP. Solve the problem by properly substracting the IEEE 802.11 frame header size from the PDU length, allowing the LLC processor to pick up the incoming control messages. Special thanks to Gerry Rozema for tracking down the regression and proposing a suitable patch. Fixes: 2d1c304cb2d5 ("cfg80211: add function for 802.3 conversion with separate output buffer") Cc: stable@vger.kernel.org Reported-by: Gerry Rozema <gerryr@rozeware.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
* mm/page_ref: use page_ref helper instead of direct modification of _countJoonsoo Kim2016-05-201-1/+1
| | | | | | | | | | | | | | | | page_reference manipulation functions are introduced to track down reference count change of the page. Use it instead of direct modification of _count. Signed-off-by: Joonsoo Kim <iamjoonsoo.kim@lge.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> Cc: Hugh Dickins <hughd@google.com> Cc: Johannes Berg <johannes@sipsolutions.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Sunil Goutham <sgoutham@cavium.com> Cc: Chris Metcalf <cmetcalf@mellanox.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* cfg80211: make wdev_list accessible to driversJohannes Berg2016-05-121-2/+2
| | | | | | | | There's no harm in having drivers read the list, since they can use RCU protection or RTNL locking; allow this to not require each and every driver to also implement its own bookkeeping. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: Add option to report the bss entry in connect resultKanchanapally, Vidyullatha2016-04-261-1/+1
| | | | | | | | | | | | | | | | | | | Since cfg80211 maintains separate BSS table entries for APs if the same BSSID, SSID pair is seen on multiple channels, it is possible that it can map the current_bss to a BSS entry on the wrong channel. This current_bss will not get flushed unless disconnected and cfg80211 reports a wrong channel as the associated channel. Fix this by introducing a new cfg80211_connect_bss() function which is similar to cfg80211_connect_result(), but it includes an additional parameter: the bss the STA is connected to. This allows drivers to provide the exact bss entry that matches the BSS to which the connection was completed. Reviewed-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: Vidyullatha Kanchanapally <vkanchan@qti.qualcomm.com> Signed-off-by: Sunil Dutt <usdutt@qti.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: remove enum ieee80211_bandJohannes Berg2016-04-121-20/+20
| | | | | | | | | This enum is already perfectly aliased to enum nl80211_band, and the only reason for it is that we get IEEE80211_NUM_BANDS out of it. There's no really good reason to not declare the number of bands in nl80211 though, so do that and remove the cfg80211 one. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* wireless: use reset to set mac headerZhang Shengju2016-03-051-1/+1
| | | | | | | | | Since offset is zero, it's not necessary to use set function. Reset function is straightforward, and will remove the unnecessary add operation in set function. Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* cfg80211: reuse existing page fragments in A-MSDU rxFelix Fietkau2016-02-241-5/+77
| | | | | | | This massively reduces data copying and thus improves rx performance Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: fix faulty variable initialization in ieee80211_amsdu_to_8023sFelix Fietkau2016-02-241-1/+1
| | | | | | | | reuse_skb is set to true if the code decides to use the last segment. Fixes a memory leak Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: add support for non-linear skbs in ieee80211_amsdu_to_8023sFelix Fietkau2016-02-241-51/+49
| | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: add function for 802.3 conversion with separate output bufferFelix Fietkau2016-02-241-53/+53
| | | | | | | Use skb_copy_bits in preparation for allowing fragmented skbs Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: move A-MSDU skb_linearize call to ieee80211_amsdu_to_8023sFelix Fietkau2016-02-241-0/+3
| | | | | | | Prepararation for zero-copy A-MSDU support with page fragment SKBs Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: Remove unused cfg80211_can_use_iftype_chan()Michal Sojka2015-12-041-114/+0
| | | | | | | | Last caller of this function was removed in 3.17 in commit 97dc94f1d933c9df2c0b327066ea130c0e92083f. Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: replace ieee80211_ie_split() with an inlineJohannes Berg2015-12-041-7/+0
| | | | | | | | | The function is a very simple wrapper around another one, just adds a few default parameters, so replace it with a static inline instead of using EXPORT_SYMBOL, reducing the module size slightly. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: ignore netif running state when changing iftypeMichal Kazior2015-05-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was possible for mac80211 to be coerced into an unexpected flow causing sdata union to become corrupted. Station pointer was put into sdata->u.vlan.sta memory location while it was really master AP's sdata->u.ap.next_beacon. This led to station entry being later freed as next_beacon before __sta_info_flush() in ieee80211_stop_ap() and a subsequent invalid pointer dereference crash. The problem was that ieee80211_ptr->use_4addr wasn't cleared on interface type changes. This could be reproduced with the following steps: # host A and host B have just booted; no # wpa_s/hostapd running; all vifs are down host A> iw wlan0 set type station host A> iw wlan0 set 4addr on host A> printf 'interface=wlan0\nssid=4addrcrash\nchannel=1\nwds_sta=1' > /tmp/hconf host A> hostapd -B /tmp/conf host B> iw wlan0 set 4addr on host B> ifconfig wlan0 up host B> iw wlan0 connect -w hostAssid host A> pkill hostapd # host A crashed: [ 127.928192] BUG: unable to handle kernel NULL pointer dereference at 00000000000006c8 [ 127.929014] IP: [<ffffffff816f4f32>] __sta_info_flush+0xac/0x158 ... [ 127.934578] [<ffffffff8170789e>] ieee80211_stop_ap+0x139/0x26c [ 127.934578] [<ffffffff8100498f>] ? dump_trace+0x279/0x28a [ 127.934578] [<ffffffff816dc661>] __cfg80211_stop_ap+0x84/0x191 [ 127.934578] [<ffffffff816dc7ad>] cfg80211_stop_ap+0x3f/0x58 [ 127.934578] [<ffffffff816c5ad6>] nl80211_stop_ap+0x1b/0x1d [ 127.934578] [<ffffffff815e53f8>] genl_family_rcv_msg+0x259/0x2b5 Note: This isn't a revert of f8cdddb8d61d ("cfg80211: check iface combinations only when iface is running") as far as functionality is considered because b6a550156bc ("cfg80211/mac80211: move more combination checks to mac80211") moved the logic somewhere else already. Fixes: f8cdddb8d61d ("cfg80211: check iface combinations only when iface is running") Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: properly send NL80211_ATTR_DISCONNECTED_BY_AP in disconnectJohannes Berg2015-05-261-1/+2
| | | | | | | | | | | | | | | | | | | | When we disconnect from the AP, drivers call cfg80211_disconnect(). This doesn't know whether the disconnection was initiated locally or by the AP though, which can cause problems with the supplicant, for example with WPS. This issue obviously doesn't show up with any mac80211 based driver since mac80211 doesn't call this function. Fix this by requiring drivers to indicate whether the disconnect is locally generated or not. I've tried to update the drivers, but may not have gotten the values correct, and some drivers may currently not be able to report correct values. In case of doubt I left it at false, which is the current behaviour. For libertas, make adjustments as indicated by Dan Williams. Reported-by: Matthieu Mauger <matthieux.mauger@intel.com> Tested-by: Matthieu Mauger <matthieux.mauger@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg80211: move IE split utilities here from mac80211Johannes Berg2015-04-071-0/+41
| | | | | | | As the next patch will require the IE splitting utility functions in cfg80211, move them there from mac80211. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* cfg/mac80211: add regulatory classes IE during TDLS setupArik Nemtsov2015-03-301-0/+129
| | | | | | | | | | | | | | Seems Broadcom TDLS peers (Nexus 5, Xperia Z3) refuse to allow TDLS connection when channel-switching is supported but the regulatory classes IE is missing from the setup request. Add a chandef to reg-class translation function to cfg80211 and use it to add the required IE during setup. For now add only the current regulatory class as supported - it is enough to resolve the compatibility issue. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>