summaryrefslogtreecommitdiffstats
path: root/net/wireless
Commit message (Collapse)AuthorAgeFilesLines
* cfg80211: move txpower wext from mac80211Johannes Berg2009-06-031-0/+80
| | | | | | | | | | This patch introduces new cfg80211 API to set the TX power via cfg80211, puts the wext code into cfg80211 and updates mac80211 to use all that. The -ENETDOWN bits are a hack but will go away soon. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* nl80211: use GFP_ATOMIC for michael mic failure messageBob Copeland2009-06-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | nl80211_michael_mic_failure can be called in atomic context but does a GFP_KERNEL allocation. Fixes the error below: [ 126.793225] BUG: sleeping function called from invalid context at mm/slab.c:3055 [ 126.793234] in_atomic(): 1, irqs_disabled(): 0, pid: 0, name: swapper [ 126.793241] 2 locks held by swapper/0: [ 126.793246] #0: (&sc->rxbuflock){+.-.+.}, at: [<f94e1b46>] ath5k_tasklet_rx+0x34/0x55e [ath5k] [ 126.793294] #1: (rcu_read_lock){.+.+.+}, at: [<f92872f3>] __ieee80211_rx+0x7e/0x563 [mac80211] [ 126.793342] Pid: 0, comm: swapper Not tainted 2.6.30-rc7-wl #124 [ 126.793347] Call Trace: [ 126.793361] [<c014499d>] ? __debug_show_held_locks+0x1e/0x20 [ 126.793380] [<c011e9a3>] __might_sleep+0x100/0x107 [ 126.793386] [<c018ea99>] kmem_cache_alloc+0x35/0x170 [ 126.793393] [<c02e8bb1>] ? __alloc_skb+0x2e/0x117 [ 126.793397] [<c014517d>] ? mark_held_locks+0x43/0x5b [ 126.793402] [<c02e8bb1>] __alloc_skb+0x2e/0x117 [ 126.793419] [<f851a836>] nl80211_michael_mic_failure+0x2a/0x1fa [cfg80211] [ 126.793425] [<c01453b8>] ? trace_hardirqs_on_caller+0xf6/0x130 [ 126.793430] [<c01453fd>] ? trace_hardirqs_on+0xb/0xd [ 126.793444] [<f851b2b8>] cfg80211_michael_mic_failure+0x30/0x38 [cfg80211] [ 126.793463] [<f928bf69>] mac80211_ev_michael_mic_failure+0xfd/0x108 [mac80211] [ 126.793480] [<f9279fbd>] ieee80211_rx_h_michael_mic_verify+0xd4/0x117 [mac80211] [ 126.793499] [<f9285ef3>] ieee80211_invoke_rx_handlers+0xdde/0x1963 [mac80211] [ 126.793505] [<c0107152>] ? sched_clock+0x3f/0x64 [ 126.793511] [<c0107152>] ? sched_clock+0x3f/0x64 [ 126.793516] [<c01445d7>] ? trace_hardirqs_off+0xb/0xd [ 126.793521] [<c0107152>] ? sched_clock+0x3f/0x64 [ 126.793526] [<c0146454>] ? __lock_acquire+0x62c/0x1271 [ 126.793545] [<f9286fbb>] __ieee80211_rx_handle_packet+0x543/0x564 [mac80211] [ 126.793564] [<f9287757>] __ieee80211_rx+0x4e2/0x563 [mac80211] [ 126.793577] [<f94e1ff6>] ath5k_tasklet_rx+0x4e4/0x55e [ath5k] [ 126.793583] [<c0102b54>] ? restore_nocheck_notrace+0x0/0xe [ 126.793589] [<c0129aa2>] tasklet_action+0x92/0xe5 [ 126.793594] [<c0129f22>] __do_softirq+0xb1/0x182 [ 126.793599] [<c012a023>] do_softirq+0x30/0x48 [ 126.793603] [<c012a19b>] irq_exit+0x3d/0x74 [ 126.793609] [<c0358016>] do_IRQ+0x76/0x8c [ 126.793613] [<c010312e>] common_interrupt+0x2e/0x34 [ 126.793618] [<c014007b>] ? timer_list_show+0x277/0x939 [ 126.793630] [<f88eb321>] ? acpi_idle_enter_bm+0x266/0x291 [processor] [ 126.793636] [<c02d00f6>] cpuidle_idle_call+0x6a/0x9c [ 126.793640] [<c0101cc8>] cpu_idle+0x53/0x87 [ 126.793645] [<c0344510>] rest_init+0x6c/0x6e [ 126.793651] [<c04dd74d>] start_kernel+0x286/0x28b [ 126.793656] [<c04dd037>] __init_begin+0x37/0x3c Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* cfg80211: fix for duplicate userspace repliesLuis R. Rodriguez2009-06-031-1/+7
| | | | | | | | | | | | | | | | | | | | | | This fixes an incorrect assumption (BUG_ON) made in cfg80211 when handling country IE regulatory requests. The assumption was that we won't try to call_crda() twice for the same event and therefore we will not recieve two replies through nl80211 for the regulatory request. As it turns out it is true we don't call_crda() twice for the same event, however, kobject_uevent_env() *might* send the udev event twice and/or userspace can simply process the udev event twice. We remove the BUG_ON() and simply ignore the duplicate request. For details refer to this thread: http://marc.info/?l=linux-wireless&m=124149987921337&w=2 Cc: stable@kernel.org Reported-by: Maxim Levitsky <maximlevitsky@gmail.com> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* cfg80211: disallow interfering with stations on non-AP (part 2)Johannes Berg2009-06-031-0/+6
| | | | | | | | | | | | | On non-AP interfaces userspace has no business interfering with the station management, this can confuse mac80211 (and other drivers probably wouldn't support it anyway). Allow adding and removing stations only on AP interfaces. (Reconcile this w/ previous version of patch posted with same subject... -- JWL) Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* cfg80211: use key size constantsJohannes Berg2009-06-031-6/+5
| | | | | | | | Instead of hardcoding the key length for validation, use the constants Zhu Yi recently added and add one for AES_CMAC too. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* nl80211: bounce scan request back to userspaceJohannes Berg2009-06-032-6/+40
| | | | | | | | | | When a scan finishes only the program that asked for it knows what kind of scan it was; let's tell everybody else about the scan parameters as well so they can evaluate the result of the scan better. Also helps with debugging. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* cfg80211: validate AID of stations being addedJohannes Berg2009-06-031-0/+4
| | | | | | | | | | | | We have some validation code in mac80211 but said code will force an invalid AID to 0 which isn't a valid AID either; instead require a valid AID (1-2007) to be passed in from userspace in cfg80211 already. Also move the code before the race comment since it can only be executed during STA addition and thus is not racy. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* nl80211: Eliminate reference to BUS_ID_SIZE.David S. Miller2009-05-261-1/+1
| | | | | | | It's going away. Just leave the constant "20" here so that behavior doesn't change. Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'master' of ↵David S. Miller2009-05-252-0/+14
|\ | | | | | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Conflicts: drivers/net/wireless/ath/ath5k/phy.c drivers/net/wireless/iwlwifi/iwl-agn.c drivers/net/wireless/iwlwifi/iwl3945-base.c
| * cfg80211: fix race between core hint and driver's custom applyLuis R. Rodriguez2009-05-201-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Its possible for cfg80211 to have scheduled the work and for the global workqueue to not have kicked in prior to a cfg80211 driver's regulatory hint or wiphy_apply_custom_regulatory(). Although this is very unlikely its possible and should fix this race. When this race would happen you are expected to have hit a null pointer dereference panic. Cc: stable@kernel.org Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Tested-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * wext: verify buffer size for SIOCSIWENCODEEXTJohannes Berg2009-05-201-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Another design flaw in wireless extensions (is anybody surprised?) in the way it handles the iw_encode_ext structure: The structure is part of the 'extra' memory but contains the key length explicitly, instead of it just being the length of the extra buffer - size of the struct and using the explicit key length only for the get operation (which only writes it). Therefore, we have this layout: extra: +-------------------------+ | struct iw_encode_ext { | | ... | | u16 key_len; | | u8 key[0]; | | }; | +-------------------------+ | key material | +-------------------------+ Now, all drivers I checked use ext->key_len without checking that both key_len and the struct fit into the extra buffer that has been copied from userspace. This leads to a buffer overrun while reading that buffer, depending on the driver it may be possible to specify arbitrary key_len or it may need to be a proper length for the key algorithm specified. Thankfully, this is only exploitable by root, but root can actually cause a segfault or use kernel memory as a key (which you can even get back with siocgiwencode or siocgiwencodeext from the key buffer). Fix this by verifying that key_len fits into the buffer along with struct iw_encode_ext. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | Merge branch 'master' of ↵David S. Miller2009-05-2511-81/+735
|\ \ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6
| * | wireless: move some utility functions from mac80211 to cfg80211Zhu Yi2009-05-221-0/+305
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The patch moves some utility functions from mac80211 to cfg80211. Because these functions are doing generic 802.11 operations so they are not mac80211 specific. The moving allows some fullmac drivers to be also benefit from these utility functions. Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: Samuel Ortiz <samuel.ortiz@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | wext: remove atomic requirement for wireless statsJohannes Berg2009-05-221-5/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The requirement for wireless stats to be atomic is now mostly artificial since we hold the rtnl _and_ the dev_base_lock for iterating the device list. Doing that is not required, just the rtnl is sufficient (and the rtnl is required for other reasons outlined in commit "wext: fix get_wireless_stats locking"). This will fix http://bugzilla.kernel.org/show_bug.cgi?id=13344 and make things easier for drivers. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: warn when wiphy_apply_custom_regulatory() does nothingLuis R. Rodriguez2009-05-201-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | Device drivers using wiphy_apply_custom_regulatory() want some regulatory settings applied to their wiphy, if no bands were configured on the wiphy then something went wrong. Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: fix compile error with CONFIG_CFG80211_DEBUGFSPavel Roskin2009-05-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If CONFIG_CFG80211_DEBUGFS is enabled and CONFIG_MAC80211_DEBUGFS is not, compilation fails in net/wireless/debugfs.c: net/wireless/debugfs.c: In function 'cfg80211_debugfs_drv_add': net/wireless/debugfs.c:117: error: 'struct cfg80211_registered_device' has no member named 'debugfs' The debugfs filed is needed if and only if CONFIG_CFG80211_DEBUGFS is enabled, so use that instead of CONFIG_MAC80211_DEBUGFS. Signed-off-by: Pavel Roskin <proski@gnu.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: fix in nl80211_set_reg()Luis R. Rodriguez2009-05-202-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a race on access to last_request and its alpha2 through reg_is_valid_request() and us possibly processing first another regulatory request on another CPU. We avoid this improbably race by locking with the cfg80211_mutex as we should have done in the first place. While at it add the assert on locking on reg_is_valid_request(). Cc: stable@kernel.org Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: cleanup return calls on nl80211_set_reg()Luis R. Rodriguez2009-05-201-6/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | This has no functional change, but it will make the race fix easier to spot in my next patch. Cc: stable@kernel.org Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: return immediately if num reg rules > NL80211_MAX_SUPP_REG_RULESLuis R. Rodriguez2009-05-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This has no functional change except we save a kfree(rd) and allows us to clean this code up a bit after this. We do avoid an unnecessary kfree(NULL) but calling that was OK too. Cc: stable@kernel.org Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: allow wext to remove keys that don't existJohannes Berg2009-05-201-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some applications using wireless extensions expect to be able to remove a key that doesn't exist. One example is wpa_supplicant which doesn't actually change behaviour when running into an error while trying to do that, but it prints an error message which users interpret as wpa_supplicant having problems. The safe thing to do is not change the behaviour of wireless extensions any more, so when the driver reports -ENOENT let the wext bridge code return success to userspace. To guarantee this, also document that drivers should return -ENOENT when the key doesn't exist. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: mark ops as pointer to constDavid Kilroy2009-05-202-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | This allows drivers to mark their cfg80211_ops tables const. Signed-off-by: David Kilroy <kilroyd@googlemail.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | nl80211: Validate NL80211_ATTR_KEY_SEQ lengthJouni Malinen2009-05-202-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | Validate RSC (NL80211_ATTR_KEY_SEQ) length in nl80211/cfg80211 instead of having to do this in all the drivers. Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: add debugfs HT40 allow mapLuis R. Rodriguez2009-05-202-0/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Here's a screenshot of what this looks like with ath9k: mcgrof@pogo /debug/ieee80211/phy0 $ cat ht40allow_map 2412 HT40 + 2417 HT40 + 2422 HT40 + 2427 HT40 + 2432 HT40 -+ 2437 HT40 -+ 2442 HT40 -+ 2447 HT40 - 2452 HT40 - 2457 HT40 - 2462 HT40 - 2467 Disabled 2472 Disabled 2484 Disabled 5180 HT40 + 5200 HT40 -+ 5220 HT40 -+ 5240 HT40 -+ 5260 HT40 -+ 5280 HT40 -+ 5300 HT40 -+ 5320 HT40 - 5500 HT40 + 5520 HT40 -+ 5540 HT40 -+ 5560 HT40 -+ 5580 HT40 -+ 5600 HT40 -+ 5620 HT40 -+ 5640 HT40 -+ 5660 HT40 -+ 5680 HT40 -+ 5700 HT40 - 5745 HT40 + 5765 HT40 -+ 5785 HT40 -+ 5805 HT40 -+ 5825 HT40 - Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | mac80211/cfg80211: move wiphy specific debugfs entries to cfg80211Luis R. Rodriguez2009-05-206-0/+109
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This moves the cfg80211 specific stuff to new cfg80211 debugfs entries. Non-mac80211 will also get these entries now. There were only 4 which we take: rts_threshold fragmentation_threshold short_retry_limit long_retry_limit Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: check allowed channel type upon userspace requestsLuis R. Rodriguez2009-05-201-22/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Thanks to nl80211 userspace can be very specific upon device configuration. Before processing the request for the new HT40 channel types (HT40- or HT40+) we need to ensure we can use them regulatory-wise. This wasn't required with wireless extensions as specifying the channel type wasn't not available and configuration was done towards the end implicitly upon association or reception of beacons from the AP. For the new nl80211 we have to check this when configuring the interfaces explicitly. Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | wireless: rename IEEE80211_CHAN_NO_FAT_* to HT40-/+Luis R. Rodriguez2009-05-201-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | This is more consistent with our nl80211 naming convention for HT40-/+. Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: Process regulatory max bandwidth checks for HT40Luis R. Rodriguez2009-05-201-42/+159
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are not correctly listening to the regulatory max bandwidth settings. To actually make use of it we need to redesign things a bit. This patch does the work for that. We do this to so we can obey to regulatory rules accordingly for use of HT40. We end up dealing with HT40 by having two passes for each channel. The first check will see if a 20 MHz channel fits into the channel's center freq on a given frequency range. We check for a 20 MHz banwidth channel as that is the maximum an individual channel will use, at least for now. The first pass will go ahead and check if the regulatory rule for that given center of frequency allows 40 MHz bandwidths and we use this to determine whether or not the channel supports HT40 or not. So to support HT40 you'll need at a regulatory rule that allows you to use 40 MHz channels but you're channel must also be enabled and support 20 MHz by itself. The second pass is done after we do the regulatory checks over an device's supported channel list. On each channel we'll check if the control channel and the extension both: o exist o are enabled o regulatory allows 40 MHz bandwidth on its frequency range This work allows allows us to idependently check for HT40- and HT40+. Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | wireless: Use genl_register_family_with_ops()Michał Mirosław2009-05-211-8/+3
|/ / | | | | | | | | | | | | Use genl_register_family_with_ops() instead of a copy. Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl> Signed-off-by: David S. Miller <davem@davemloft.net>
* | net: use NLMSG_DEFAULT_SIZE in nlmsg_new() allocationsPablo Neira Ayuso2009-05-191-16/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | nlmsg_new() adds the size of the netlink header to the value that has been passed as parameter. If NLMSG_GOODSIZE is selected, we request an allocation of one memory page plus the size of the header. Instead, NLMSG_DEFAULT_SIZE should be used since it already substracts the size of the Netlink header. I have the impression that the similar naming in both constant is error prone when using it with nlmsg_new(). This is already documented in include/net/netlink.h Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | wext: remove seq_start/stop sparse annotationsJohannes Berg2009-05-131-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | Even though they are true, they cause sparse to complain because it doesn't see the __acquires(dev_base_lock) on dev_seq_start() because it is only added to the function in net/core/dev.c, not the header file. To keep track of the nesting correctly we should probably annotate those functions publically, but for now let's just remove the annotation I added to wext. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | nl80211: Add RSC configuration for new keysJouni Malinen2009-05-132-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | When setting a key with NL80211_CMD_NEW_KEY, we should allow the key sequence number (RSC) to be set in order to allow replay protection to work correctly for group keys. This patch documents this use for nl80211 and adds the couple of missing pieces in nl80211/cfg80211 and mac80211 to support this. In addition, WEXT SIOCSIWENCODEEXT compat processing in cfg80211 is extended to handle the RSC (this was already specified in WEXT, but just not implemented in cfg80211/mac80211). Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | nl80211: Add IEEE 802.1X PAE control for station modeJouni Malinen2009-05-131-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new NL80211_ATTR_CONTROL_PORT flag for NL80211_CMD_ASSOCIATE to allow user space to indicate that it will control the IEEE 802.1X port in station mode. Previously, mac80211 was always marking the port authorized in station mode. This was enough when drop_unencrypted flag was set. However, drop_unencrypted can currently be controlled only with WEXT and the current nl80211 design does not allow fully secure configuration. Fix this by providing a mechanism for user space to control the IEEE 802.1X port in station mode (i.e., do the same that we are already doing in AP mode). Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | nl80211: improve station flags handlingJohannes Berg2009-05-131-8/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is currently not possible to modify station flags, but that capability would be very useful. This patch introduces a new nl80211 attribute that contains a set/mask for station flags, and updates the internal API (and mac80211) to mirror that. The new attribute is parsed before falling back to the old so that userspace can specify both (if it can) to work on all kernels. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | nl80211: Validate MFP flag type when parsing STA flagsJouni Malinen2009-05-131-0/+1
| | | | | | | | | | | | | | | | | | | | NL80211_STA_FLAG_MFP was forgotten from sta_flags_policy. The previous version added the flag due to the loop used in parse_station_flags, but the proper behavior would be to allow nla_parse_nested() to go through the policy for all flags. Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | cfg80211: implement wext key handlingJohannes Berg2009-05-135-41/+330
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move key handling wireless extension ioctls from mac80211 to cfg80211 so that all drivers that implement the cfg80211 operations get wext compatibility. Note that this drops the SIOCGIWENCODE ioctl support for getting IW_ENCODE_RESTRICTED/IW_ENCODE_OPEN. This means that iwconfig will no longer report "Security mode:open" or "Security mode:restricted" for mac80211. However, what we displayed there (the authentication algo used) was actually wrong -- linux/wireless.h states that this setting is meant to differentiate between "Refuse non-encoded packets" and "Accept non-encoded packets". (Combined with "cfg80211: fix a couple of bugs with key ioctls". -- JWL) Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | wext: fix get_wireless_stats lockingJohannes Berg2009-05-111-4/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, get_wireless_stats is racy by _design_. This is because it returns a buffer, which needs to be statically allocated since it cannot be freed if it was allocated dynamically. Also, SIOCGIWSTATS and /proc/net/wireless use no common lock, and /proc/net/wireless accesses are not synchronised against each other. This is a design flaw in get_wireless_stats since the beginning. This patch fixes it by wrapping /proc/net/wireless accesses with the RTNL so they are protected against each other and SIOCGIWSTATS. The more correct method of fixing this would be to pass in the buffer instead of returning it and have the caller take care of synchronisation of the buffer, but even then most drivers probably assume that their callback is protected by the RTNL like all other wext callbacks. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | cfg80211: disallow interfering with stations on non-APJohannes Berg2009-05-111-0/+12
| | | | | | | | | | | | | | | | | | | | On non-AP interfaces userspace has no business interfering with the station management, this can confuse mac80211 (and other drivers probably wouldn't support it anyway). Allow adding and removing stations only on AP interfaces. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | cfg80211: put wext data into substructureJohannes Berg2009-05-112-32/+32
| | | | | | | | | | | | | | | | | | To make it more apparent in the code what is for wext only (and needs to be #ifdef'ed) put all the info for wext into a substruct in each wireless_dev. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | cfg80211: fix wext iw_freq parsingJohannes Berg2009-05-111-6/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The function to parse a struct iw_freq has a stupid bug, it returns NULL when the channel cannot be found at all, but NULL is supposed to mean "auto". Fix this by checking the return value of ieee80211_get_channel() and returning ERR_PTR(-EINVAL) if it returned NULL (channel not found). This fixes an issue where you could say (in IBSS mode) iwconfig wlan0 channel 21 and it would use channel 1 instead because that's the first available channel with IBSS allowed (which is what the "auto" setting uses). Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | nl80211 : Add support for configuring MFPJouni Malinen2009-05-111-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | NL80211_CMD_ASSOCIATE request must be able to indicate whether management frame protection (IEEE 802.11w) is being used. mac80211 was able to use MFP in client mode only with WEXT, but the new NL80211_ATTR_USE_MFP attribute will allow this to be done with nl80211, too. Since we are currently using nl80211 for MFP only with drivers that use user space SME, only MFP disabled and required values are used. However, the NL80211_ATTR_USE_MFP attribute is an enum that can be extended with MFP optional in the future, if that is needed with some drivers (e.g., if the RSN IE is generated by the driver). Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | Merge branch 'master' of ↵David S. Miller2009-05-083-13/+11
|\ \ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6
| * | cfg80211: make nl80211_send_mlme_timeout() staticLuis R. Rodriguez2009-05-061-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes sparse complaint: CHECK net/wireless/nl80211.c net/wireless/nl80211.c:3694:6: warning: symbol 'nl80211_send_mlme_timeout' was not declared. Should it be static? Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: Use the correct IE buffer pointerMichael Buesch2009-05-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the IE buffer was allocated, the pub.information_elements pointer was also changed to the allocated space. So we must not assume anymore that the pointer points at the "found" tail. So if it was allocated previously, take the codebranch that grows the buffer size (if necessary) and put the data into the allocated buffer. Signed-off-by: Michael Buesch <mb@bu3sch.de> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: Remove unnecessary ksize() callMichael Buesch2009-05-061-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes an unnecessary ksize() call. krealloc() will do this test internally and won't perform any allocation if the space is already sufficient to hold the data. So remove the redundant check. Signed-off-by: Michael Buesch <mb@bu3sch.de> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: remove superfluous !last_request check in reg_device_remove()Chris Wright2009-05-061-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 0ad8acaf "cfg80211: fix NULL pointer deference in reg_device_remove()" added a check that last_request is non-NULL, rendering the 2nd check superfluous. While there, rearrange the code a bit so it's a little more straight forward. Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | Merge branch 'master' of ↵David S. Miller2009-05-082-2/+16
|\ \ \ | |/ / |/| / | |/ | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Conflicts: include/net/tcp.h
| * cfg80211: fix comment on regulatory hint processingLuis R. Rodriguez2009-05-041-1/+1
| | | | | | | | | | Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * cfg80211: fix bug while trying to process beacon hints on initLuis R. Rodriguez2009-05-041-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During initialization we would not have received any beacons so skip processing reg beacon hints, also adds a check to reg_is_world_roaming() for last_request before accessing its fields. This should fix this: BUG: unable to handle kernel NULL pointer dereference at IP: [<e0171332>] wiphy_update_regulatory+0x20f/0x295 *pdpt = 0000000008bf1001 *pde = 0000000000000000 Oops: 0000 [#1] last sysfs file: /sys/class/backlight/eeepc/brightness Modules linked in: ath5k(+) mac80211 led_class cfg80211 go_bit cfbcopyarea cfbimgblt cfbfillrect ipv6 ydev usual_tables(P) snd_hda_codec_realtek snd_hda_intel nd_hwdep uhci_hcd snd_pcm_oss snd_mixer_oss i2c_i801 e serio_raw i2c_core pcspkr atl2 snd_pcm intel_agp re agpgart eeepc_laptop snd_page_alloc ac video backlight rfkill button processor evdev thermal fan ata_generic Pid: 2909, comm: modprobe Tainted: Pc #112) 701 EIP: 0060:[<e0171332>] EFLAGS: 00010246 CPU: 0 EIP is at wiphy_update_regulatory+0x20f/0x295 [cfg80211] EAX: 00000000 EBX: c5da0000 ECX: 00000000 EDX: c5da0060 ESI: 0000001a EDI: c5da0060 EBP: df3bdd70 ESP: df3bdd40 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 Process modprobe (pid: 2909, ti=df3bc000 task=c5d030000) Stack: df3bdd90 c5da0060 c04277e0 00000001 00000044 c04277e402 00000002 c5da0000 0000001a c5da0060 df3bdda8 e01706a2 02 00000282 000080d0 00000068 c5d53500 00000080 0000028240 Call Trace: [<e01706a2>] ? wiphy_register+0x122/0x1b7 [cfg80211] [<e0328e02>] ? ieee80211_register_hw+0xd8/0x346 [<e06a7c9f>] ? ath5k_hw_set_bssid_mask+0x71/0x78 [ath5k] [<e06b0c52>] ? ath5k_pci_probe+0xa5c/0xd0a [ath5k] [<c01a6037>] ? sysfs_find_dirent+0x16/0x27 [<c01fec95>] ? local_pci_probe+0xe/0x10 [<c01ff526>] ? pci_device_probe+0x48/0x66 [<c024c9fd>] ? driver_probe_device+0x7f/0xf2 [<c024cab3>] ? __driver_attach+0x43/0x5f [<c024c0af>] ? bus_for_each_dev+0x39/0x5a [<c024c8d0>] ? driver_attach+0x14/0x16 [<c024ca70>] ? __driver_attach+0x0/0x5f [<c024c5b3>] ? bus_add_driver+0xd7/0x1e7 [<c024ccb9>] ? driver_register+0x7b/0xd7 [<c01ff827>] ? __pci_register_driver+0x32/0x85 [<e00a8018>] ? init_ath5k_pci+0x18/0x30 [ath5k] [<c0101131>] ? _stext+0x49/0x10b [<e00a8000>] ? init_ath5k_pci+0x0/0x30 [ath5k] [<c012f452>] ? __blocking_notifier_call_chain+0x40/0x4c [<c013a714>] ? sys_init_module+0x87/0x18b [<c0102804>] ? sysenter_do_call+0x12/0x22 Code: b8 da 17 e0 83 c0 04 e8 92 f9 ff ff 84 c0 75 2a 8b 85 c0 74 0c 83 c0 04 e8 7c f9 ff ff 84 c0 75 14 a1 bc da 4 03 74 66 8b 4d d4 80 79 08 00 74 5d a1 e0 d2 17 e0 48 EIP: [<e0171332>] wiphy_update_regulatory+0x20f/0x295 SP 0068:df3bdd40 CR2: 0000000000000004 ---[ end trace 830f2dd2a95fd1a8 ]--- This issue is hard to reproduce, but it was noticed and discussed on this thread: http://marc.info/?t=123938022700005&r=1&w=2 Cc: stable@kernel.org Reported-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * cfg80211: fix race condition with wiphy_apply_custom_regulatory()Luis R. Rodriguez2009-05-041-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We forgot to lock using the cfg80211_mutex in wiphy_apply_custom_regulatory(). Without the lock there is possible race between processing a reply from CRDA and a driver calling wiphy_apply_custom_regulatory(). During the processing of the reply from CRDA we free last_request and wiphy_apply_custom_regulatory() eventually accesses an element from last_request in the through freq_reg_info_regd(). This is very difficult to reproduce (I haven't), it takes us 3 hours and you need to be banging hard, but the race is obvious by looking at the code. This should only affect those who use this caller, which currently is ath5k, ath9k, and ar9170. EIP: 0060:[<f8ebec50>] EFLAGS: 00210282 CPU: 1 EIP is at freq_reg_info_regd+0x24/0x121 [cfg80211] EAX: 00000000 EBX: f7ca0060 ECX: f5183d94 EDX: 0024cde0 ESI: f8f56edc EDI: 00000000 EBP: 00000000 ESP: f5183d44 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process modprobe (pid: 14617, ti=f5182000 task=f3934d10 task.ti=f5182000) Stack: c0505300 f7ca0ab4 f5183d94 0024cde0 f8f403a6 f8f63160 f7ca0060 00000000 00000000 f8ebedf8 f5183d90 f8f56edc 00000000 00000004 00000f40 f8f56edc f7ca0060 f7ca1234 00000000 00000000 00000000 f7ca14f0 f7ca0ab4 f7ca1289 Call Trace: [<f8ebedf8>] wiphy_apply_custom_regulatory+0x8f/0x122 [cfg80211] [<f8f3f798>] ath_attach+0x707/0x9e6 [ath9k] [<f8f45e46>] ath_pci_probe+0x18d/0x29a [ath9k] [<c023c7ba>] pci_device_probe+0xa3/0xe4 [<c02a860b>] really_probe+0xd7/0x1de [<c02a87e7>] __driver_attach+0x37/0x55 [<c02a7eed>] bus_for_each_dev+0x31/0x57 [<c02a83bd>] driver_attach+0x16/0x18 [<c02a78e6>] bus_add_driver+0xec/0x21b [<c02a8959>] driver_register+0x85/0xe2 [<c023c9bb>] __pci_register_driver+0x3c/0x69 [<f8e93043>] ath9k_init+0x43/0x68 [ath9k] [<c010112b>] _stext+0x3b/0x116 [<c014a872>] sys_init_module+0x8a/0x19e [<c01049ad>] sysenter_do_call+0x12/0x21 [<ffffe430>] 0xffffe430 ======================= Code: 0f 94 c0 c3 31 c0 c3 55 57 56 53 89 c3 83 ec 14 8b 74 24 2c 89 54 24 0c 89 4c 24 08 85 f6 75 06 8b 35 c8 bb ec f8 a1 cc bb ec f8 <8b> 40 04 83 f8 03 74 3a 48 74 37 8b 43 28 85 c0 74 30 89 c6 8b EIP: [<f8ebec50>] freq_reg_info_regd+0x24/0x121 [cfg80211] SS:ESP 0068:f5183d44 Cc: stable@kernel.org Reported-by: Nataraj Sadasivam <Nataraj.Sadasivam@Atheros.com> Reported-by: Vivek Natarajan <Vivek.Natarajan@Atheros.com> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * cfg80211: fix truncated IEsJohannes Berg2009-05-041-0/+1
| | | | | | | | | | | | | | | | | | Another bug in the "cfg80211: do not replace BSS structs" patch, a forgotten length update leads to bogus data being stored and passed to userspace, often truncated. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
OpenPOWER on IntegriCloud