summaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAgeFilesLines
* mac80211: Update last_tx_rate only for data framesHelmut Schaa2010-12-061-3/+4
| | | | | | | | | | | | | | | | The last_tx_rate field was also updated for non-data frames that are often sent with a lower rate (for example management frames at 1 Mbps). This is confusing when the data rate is actually much higher. Hence, only update the last_tx_rate field with tx rate information gathered from last data frames. If the rate control algorithm filled in txrc.reported_rate we don't need to verify this information. Cc: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Merge branch 'master' of ↵John W. Linville2010-12-022-1/+12
|\ | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 Conflicts: drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
| * Merge branch 'master' of ↵John W. Linville2010-12-021-3/+3
| |\ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-2.6
| * | mac80211: Fix STA disconnect due to MIC failureSenthil Balasubramanian2010-11-301-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Th commit titled "mac80211: clean up rx handling wrt. found_sta" removed found_sta variable which caused a MIC failure event to be reported twice for a single failure to supplicant resulted in STA disconnect. This should fix WPA specific countermeasures WiFi test case (5.2.17) issues with mac80211 based drivers which report MIC failure events in rx status. Cc: Stable <stable@kernel.org> (2.6.37) Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | mac80211: ignore non-bcast mcast deauth/disassoc franesChristian Lamparter2010-11-301-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes an curious issue due to insufficient rx frame filtering. Saqeb Akhter reported frequent disconnects while streaming videos over samba: <http://marc.info/?m=128600031109136> > [ 1166.512087] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7) > [ 1526.059997] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7) > [ 2125.324356] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7) > [...] The reason is that the device generates frames with slightly bogus SA/TA addresses. e.g.: [ 2314.402316] Ignore 9f:1f:31:f8:64:ff [ 2314.402321] Ignore 9f:1f:31:f8:64:ff [ 2352.453804] Ignore 0d:1f:31:f8:64:ff [ 2352.453808] Ignore 0d:1f:31:f8:64:ff ^^ the group-address flag is set! (the correct SA/TA would be: 00:1f:31:f8:64:ff) Since the AP does not know from where the frames come, it generates a DEAUTH response for the (invalid) mcast address. This mcast deauth frame then passes through all filters and tricks the stack into thinking that the AP brutally kicked us! This patch fixes the problem by simply ignoring non-broadcast, group-addressed deauth/disassoc frames. Cc: Jouni Malinen <j@w1.fi> Cc: Johannes Berg <johannes@sipsolutions.net> Reported-by: Saqeb Akhter <saqeb.akhter@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | mac80211: Fix frame injection using non-AP vifJouni Malinen2010-11-291-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order for frame injection to work properly for some use cases (e.g., finding the station entry and keys for encryption), mac80211 needs to find the correct sdata entry. This works when the main vif is in AP mode, but commit a2c1e3dad516618cb0fbfb1a62c36d0b0744573a broke this particular use case for station main vif. While this type of injection is quite unusual operation, it has some uses and we should fix it. Do this by changing the monitor vif sdata selection to allow station vif to be selected instead of limiting it to just AP vifs. We still need to skip some iftypes to avoid selecting unsuitable vif for injection. Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | Bluetooth: clean up hci codeAndrei Emeltchenko2010-12-014-41/+73
| | | | | | | | | | | | | | | | | | | | | | | | Do not use assignment in IF condition, remove extra spaces, fixing typos, simplify code. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: clean up l2cap codeAndrei Emeltchenko2010-12-011-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | Do not initialize static vars to zero, macros with complex values shall be enclosed with (), remove unneeded braces. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: clean up rfcomm codeAndrei Emeltchenko2010-12-013-18/+23
| | | | | | | | | | | | | | | | | | | | | | | | Remove extra spaces, assignments in if statement, zeroing static variables, extra braces. Fix includes. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: clean up sco codeAndrei Emeltchenko2010-12-011-9/+13
| | | | | | | | | | | | | | | | | | | | | Do not use assignments in IF condition, remove extra spaces Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: Fix error handling for l2cap_init()Anderson Lizardo2010-12-011-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | create_singlethread_workqueue() may fail with errors such as -ENOMEM. If this happens, the return value is not set to a negative value and the module load will succeed. It will then crash on module unload because of a destroy_workqueue() call on a NULL pointer. Additionally, the _busy_wq workqueue is not being destroyed if any errors happen on l2cap_init(). Signed-off-by: Anderson Lizardo <anderson.lizardo@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: Get rid of __rfcomm_get_sock_by_channel()Gustavo F. Padovan2010-12-011-12/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | rfcomm_get_sock_by_channel() was the only user of this function, so I merged both into rfcomm_get_sock_by_channel(). The socket lock now should be hold outside of rfcomm_get_sock_by_channel() once we hold and release it inside the same function now. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: Get rid of __l2cap_get_sock_by_psm()Gustavo F. Padovan2010-12-011-13/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | l2cap_get_sock_by_psm() was the only user of this function, so I merged both into l2cap_get_sock_by_psm(). The socket lock now should be hold outside of l2cap_get_sock_by_psm() once we hold and release it inside the same function now. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: do not use assignment in if conditionAndrei Emeltchenko2010-12-011-6/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix checkpatch errors like: "ERROR: do not use assignment in if condition" Simplify code and fix one long line. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Acked-by: Ville Tervo <ville.tervo@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: timer check sk is not owned before freeingAndrei Emeltchenko2010-12-011-12/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In timer context we might delete l2cap channel used by krfcommd. The check makes sure that sk is not owned. If sk is owned we restart timer for HZ/5. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: Check sk is not owned before freeing l2cap_connAndrei Emeltchenko2010-12-011-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Check that socket sk is not locked in user process before removing l2cap connection handler. lock_sock and release_sock do not hold a normal spinlock directly but instead hold the owner field. This means bh_lock_sock can still execute even if the socket is "locked". More info can be found here: http://www.linuxfoundation.org/collaborate/workgroups/networking/socketlocks krfcommd kernel thread may be preempted with l2cap tasklet which remove l2cap_conn structure. If krfcommd is in process of sending of RFCOMM reply (like "RFCOMM UA" reply to "RFCOMM DISC") then kernel crash happens. ... [ 694.175933] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 694.184936] pgd = c0004000 [ 694.187683] [00000000] *pgd=00000000 [ 694.191711] Internal error: Oops: 5 [#1] PREEMPT [ 694.196350] last sysfs file: /sys/devices/platform/hci_h4p/firmware/hci_h4p/loading [ 694.260375] CPU: 0 Not tainted (2.6.32.10 #1) [ 694.265106] PC is at l2cap_sock_sendmsg+0x43c/0x73c [l2cap] [ 694.270721] LR is at 0xd7017303 ... [ 694.525085] Backtrace: [ 694.527587] [<bf266be0>] (l2cap_sock_sendmsg+0x0/0x73c [l2cap]) from [<c02f2cc8>] (sock_sendmsg+0xb8/0xd8) [ 694.537292] [<c02f2c10>] (sock_sendmsg+0x0/0xd8) from [<c02f3044>] (kernel_sendmsg+0x48/0x80) Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: hidp: fix information leak to userlandVasiliy Kulikov2010-12-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Structure hidp_conninfo is copied to userland with version, product, vendor and name fields unitialized if both session->input and session->hid are NULL. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: cmtp: fix information leak to userlandVasiliy Kulikov2010-12-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Structure cmtp_conninfo is copied to userland with some padding fields unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: bnep: fix information leak to userlandVasiliy Kulikov2010-12-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Structure bnep_conninfo is copied to userland with the field "device" that has the last elements unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: Automate remote name requestsJohan Hedberg2010-12-011-18/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In Bluetooth there are no automatic updates of remote device names when they get changed on the remote side. Instead, it is a good idea to do a manual name request when a new connection gets created (for whatever reason) since at this point it is very cheap (no costly baseband connection creation needed just for the sake of the name request). So far userspace has been responsible for this extra name request but tighter control is needed in order not to flood Bluetooth controllers with two many commands during connection creation. It has been shown that some controllers simply fail to function correctly if they get too many (almost) simultaneous commands during connection creation. The simplest way to acheive better control of these commands is to move their sending completely to the kernel side. This patch inserts name requests into the sequence of events that the kernel performs during connection creation. It does this after the remote features have been successfully requested and before any pending authentication requests are performed. The code will work sub-optimally with userspace versions that still do the name requesting themselves (it shouldn't break anything though) so it is recommended to combine this with a userspace software version that doesn't have automated name requests. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: Create a unified authentication request functionJohan Hedberg2010-12-011-14/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a single function that's responsible for requesting authentication for outgoing connections. This is preparation for the next patch which will add automated name requests and thereby move the authentication requests to a different location. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Bluetooth: Simplify remote features callback function logicJohan Hedberg2010-12-011-44/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | The current remote and remote extended features event callbacks logic can be made simpler by using a label and goto statements instead of the current multiple levels of nested if statements. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | Merge git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-2.6 ↵Gustavo F. Padovan2010-12-011-3/+3
|\ \ \ | | |/ | |/| | | | into test
| * | Bluetooth: Fix not returning proper error in SCOGustavo F. Padovan2010-11-221-3/+3
| | | | | | | | | | | | | | | | | | Return 0 in that situation could lead to errors in the caller. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
* | | mac80211: Minor optimization in ieee80211_rx_h_dataHelmut Schaa2010-11-301-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove a superfluous ieee80211_is_data check as that was checked a few lines before already and we wont't get here for non-data frames at all. Second, the frame was already converted to 802.3 header format and reading the fc and addr1 fields was only possible because the 802.3 header is short enough and didn't overwrite the relevant parts of the 802.11 header. Make the code more obvious by checking the ethernet header's h_dest field. Furthermore reorder the conditions to reduce the number of checks when dynamic powersave is not needed (AP mode for example). Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Reviewed-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: fix RX aggregation lockingJohannes Berg2010-11-294-38/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The RX aggregation locking documentation was wrong, which led Christian to also code the timer timeout handling for it somewhat wrongly. Fix the documentation, the two places that need to hold the reorder lock across accesses to the structure, and the debugfs code that should just use RCU. Also, remove acquiring the sta->lock across reorder timeouts since it isn't necessary, and change a few places to GFP_KERNEL because the code path here doesn't need atomic allocations as I noticed when reviewing all this. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Acked-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: implement off-channel mgmt TXJohannes Berg2010-11-294-6/+129
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This implements the new off-channel TX API in mac80211 with a new work item type. The operation doesn't add a new work item when we're on the right channel and there's no wait time so that for example p2p probe responses will be transmitted without delay. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | nl80211/cfg80211: extend mgmt-tx API for off-channelJohannes Berg2010-11-294-14/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With p2p, it is sometimes necessary to transmit a frame (typically an action frame) on another channel than the current channel. Enable this through the CMD_FRAME API, and allow it to wait for a response. A new command allows that wait to be aborted. However, allow userspace to specify whether or not it wants to allow off-channel TX, it may actually want to use the same channel only. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: implement packet loss notificationJohannes Berg2010-11-242-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For drivers that have accurate TX status reporting we can report the number of consecutive lost packets to userspace using the new cfg80211 CQM event. The threshold is fixed right now, this may need to be improved in the future. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | cfg80211: allow using CQM event to notify packet lossJohannes Berg2010-11-243-0/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the ability for drivers to use CQM events to notify about packet loss for specific stations (which could be the AP for the managed mode case). Since the threshold might be determined by the driver (it isn't passed in right now) it will be passed out of the driver to userspace in the event. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: avoid aggregation for VO trafficLuis R. Rodriguez2010-11-241-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This should help with latency issues which can happen when using aggregation. Cc: Felix Fietkau <nbd@openwrt.org> Cc: Matt Smith <matt.smith@atheros.com> Cc: Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: reduce the number of retries for nullfunc probingFelix Fietkau2010-11-241-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | Since nullfunc frames are transmitted as unicast frames, they're more reliable than the broadcast probe requests, so we need fewer retries to figure out whether the AP is really gone. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: use nullfunc instead of probe request for connection monitoringFelix Fietkau2010-11-243-26/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | nullfunc frames are better for connection monitoring, because probe requests are answered even if the AP has already dropped the connection, whereas nullfunc frames from an unassociated station will trigger a disassoc/deauth frame from the AP (WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA), which allows the station to reconnect immediately instead of waiting until it attempts to transmit the next unicast frame. This only works on hardware with reliable tx ACK reporting, any other hardware needs to fall back to the probe request method. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | cfg80211/mac80211: improve ad-hoc multicast rate handlingFelix Fietkau2010-11-243-17/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | - store the multicast rate as an index instead of the rate value (reduces cpu overhead in a hotpath) - validate the rate values (must match a bitrate in at least one sband) Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: probe the AP when resumingFelix Fietkau2010-11-241-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Check the connection by probing the AP (either using nullfunc or a probe request). If nullfunc probing is supported and the assoc is no longer valid, the AP will send a disassoc/deauth immediately. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: calculate beacon loss time accuratelyFelix Fietkau2010-11-242-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of using a fixed 2 second timeout, calculate beacon loss interval from the advertised beacon interval and a frame count. With this beacon loss happens after N (default 7) consecutive frames are missed which for a typical setup (100TU beacon interval) is ~700ms (or ~1/3 previous). Signed-off-by: Sam Leffler <sleffler@chromium.org> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | mac80211: restart beacon miss timer on system resume from suspendFelix Fietkau2010-11-241-0/+1
| | | | | | | | | | | | | | | | | | Signed-off-by: Paul Stewart <pstew@google.com> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | net/wireless: Use pr_<level> and netdev_<level>Joe Perches2010-11-246-56/+44
| | | | | | | | | | | | | | | | | | | | | | | | No change in output for pr_<level> prefixes. netdev_<level> output is different, arguably improved. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | Merge branch 'master' of ↵John W. Linville2010-11-247-13/+80
|\ \ \ | | |/ | |/| | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
| * | cfg80211: fix can_beacon_sec_chan, reenable HT40Mark Mentovai2010-11-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This follows wireless-testing 9236d838c920e90708570d9bbd7bb82d30a38130 ("cfg80211: fix extension channel checks to initiate communication") and fixes accidental case fall-through. Without this fix, HT40 is entirely blocked. Signed-off-by: Mark Mentovai <mark@moxienet.com> Cc: stable@kernel.org Acked-by: Luis R. Rodriguez <lrodriguez@atheros.com Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | cfg80211: fix extension channel checks to initiate communicationLuis R. Rodriguez2010-11-161-0/+52
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When operating in a mode that initiates communication and using HT40 we should fail if we cannot use both primary and secondary channels to initiate communication. Our current ht40 allowmap only covers STA mode of operation, for beaconing modes we need a check on the fly as the mode of operation is dynamic and there other flags other than disable which we should read to check if we can initiate communication. Do not allow for initiating communication if our secondary HT40 channel has is either disabled, has a passive scan flag, a no-ibss flag or is a radar channel. Userspace now has similar checks but this is also needed in-kernel. Reported-by: Jouni Malinen <jouni.malinen@atheros.com> Cc: stable@kernel.org Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * Bluetooth: fix not setting security level when creating a rfcomm sessionLuiz Augusto von Dentz2010-11-091-3/+10
| | | | | | | | | | | | | | | | | | | | | | This cause 'No Bonding' to be used if userspace has not yet been paired with remote device since the l2cap socket used to create the rfcomm session does not have any security level set. Signed-off-by: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com> Acked-by: Ville Tervo <ville.tervo@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * Bluetooth: fix endianness conversion in L2CAPGustavo F. Padovan2010-11-091-2/+2
| | | | | | | | | | | | | | Last commit added a wrong endianness conversion. Fixing that. Reported-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * Bluetooth: fix unaligned access to l2cap conf datasteven miao2010-11-091-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | In function l2cap_get_conf_opt() and l2cap_add_conf_opt() the address of opt->val sometimes is not at the edge of 2-bytes/4-bytes, so 2-bytes/4 bytes access will cause data misalignment exeception. Use get_unaligned_le16/32 and put_unaligned_le16/32 function to avoid data misalignment execption. Signed-off-by: steven miao <realmz6@gmail.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * Bluetooth: Fix non-SSP auth request for HIGH security level socketsJohan Hedberg2010-11-091-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When initiating dedicated bonding a L2CAP raw socket with HIGH security level is used. The kernel is supposed to trigger the authentication request in this case but this doesn't happen currently for non-SSP (pre-2.1) devices. The reason is that the authentication request happens in the remote extended features callback which never gets called for non-SSP devices. This patch fixes the issue by requesting also authentiation in the (normal) remote features callback in the case of non-SSP devices. This rule is applied only for HIGH security level which might at first seem unintuitive since on the server socket side MEDIUM is already enough for authentication. However, for the clients we really want to prefer the server side to decide the authentication requrement in most cases, and since most client sockets use MEDIUM it's better to be avoided on the kernel side for these sockets. The important socket to request it for is the dedicated bonding one and that socket uses HIGH security level. The patch is based on the initial investigation and patch proposal from Andrei Emeltchenko <endrei.emeltchenko@nokia.com>. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * Bluetooth: fix hidp kconfig dependency warningRandy Dunlap2010-11-091-1/+1
| | | | | | | | | | | | | | | | | | | | Fix kconfig dependency warning to satisfy dependencies: warning: (BT_HIDP && NET && BT && BT_L2CAP && INPUT || USB_HID && HID_SUPPORT && USB && INPUT) selects HID which has unmet direct dependencies (HID_SUPPORT && INPUT) Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * mac80211: unset SDATA_STATE_OFFCHANNEL when cancelling a scanBrian Cavagnolo2010-11-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For client STA interfaces, ieee80211_do_stop unsets the relevant interface's SDATA_STATE_RUNNING state bit prior to cancelling an interrupted scan. When ieee80211_offchannel_return is invoked as part of cancelling the scan, it doesn't bother unsetting the SDATA_STATE_OFFCHANNEL bit because it sees that the interface is down. Normally this doesn't matter because when the client STA interface is brought back up, it will probably issue a scan. But in some cases (e.g., the user changes the interface type while it is down), the SDATA_STATE_OFFCHANNEL bit will remain set. This prevents the interface queues from being started. So we cancel the scan before unsetting the SDATA_STATE_RUNNING bit. Signed-off-by: Brian Cavagnolo <brian@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * cfg80211: fix a crash in dev lookup on dump commandsFelix Fietkau2010-11-081-2/+2
| | | | | | | | | | | | | | | | | | IS_ERR and PTR_ERR were called with the wrong pointer, leading to a crash when cfg80211_get_dev_from_ifindex fails. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | Revert "nl80211/mac80211: Report signal average"John W. Linville2010-11-246-12/+1
| | | | | | | | | | | | | | | | This reverts commit 86107fd170bc379869250eb7e1bd393a3a70e8ae. This patch inadvertantly changed the userland ABI. Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | mac80211: Disable hw crypto for GTKs on AP VLAN interfacesHelmut Schaa2010-11-221-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using AP VLAN interfaces, each VLAN interface should be in its own broadcast domain. Hostapd achieves this by assigning different GTKs to different AP VLAN interfaces. However, mac80211 drivers are not aware of AP VLAN interfaces and as such mac80211 sends the GTK to the driver in the context of the base AP mode interface. This causes problems when multiple AP VLAN interfaces are used since the driver will use the same key slot for the different GTKs (there's no way for the driver to distinguish the different GTKs from different AP VLAN interfaces). Thus, only the clients associated to one AP VLAN interface (the one that was created last) can actually use broadcast traffic. Fix this by not programming any GTKs for AP VLAN interfaces into the hw but fall back to using software crypto. The GTK for the underlying AP interface is still sent to the driver. That means, broadcast traffic to stations associated to an AP VLAN interface is encrypted in software whereas broadcast traffic to stations associated to the non-VLAN AP interface is encrypted in hardware. Cc: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
OpenPOWER on IntegriCloud