From e9db45578706e216d9bb0fb5f459b137da54be63 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 8 Dec 2015 13:16:41 +0100 Subject: mac80211: recalculate SW ROC only when needed The current (new) code recalculates the new work timeout for software remain-on-channel whenever any item started. In two of the callers of ieee80211_handle_roc_started(), this is completely pointless since they're for hardware and will skip the recalculation entirely; it's necessary only in the case of having just added a new item to the list, as in the last remaining case the recalculation had just been done. This last case, however, is also problematic - if one of the items on the list actually expires during the recalc the list iteration outside becomes corrupted and crashes. Fix this by moving the recalculation to the only place where it's required. Signed-off-by: Johannes Berg --- net/mac80211/offchannel.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'net') diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c index 8b2f4ea..34541bc 100644 --- a/net/mac80211/offchannel.c +++ b/net/mac80211/offchannel.c @@ -252,8 +252,6 @@ static bool ieee80211_recalc_sw_work(struct ieee80211_local *local, static void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc, unsigned long start_time) { - struct ieee80211_local *local = roc->sdata->local; - if (WARN_ON(roc->notified)) return; @@ -274,9 +272,6 @@ static void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc, } roc->notified = true; - - if (!local->ops->remain_on_channel) - ieee80211_recalc_sw_work(local, start_time); } static void ieee80211_hw_roc_start(struct work_struct *work) @@ -658,6 +653,7 @@ static int ieee80211_start_roc_work(struct ieee80211_local *local, queued = true; roc->on_channel = tmp->on_channel; ieee80211_handle_roc_started(roc, now); + ieee80211_recalc_sw_work(local, now); break; } -- cgit v1.1 From e6a8a3aaaac832f47092df93f46298251b136fc9 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 8 Dec 2015 23:46:33 +0100 Subject: mac80211: fix remain-on-channel cancellation Ilan's previous commit 1b894521e60c ("mac80211: handle HW ROC expired properly") neglected to take into account that hw_begun was now always set in the software implementation as well as the offloaded case. Fix hw_begun to only apply to the offloaded case to make the check in Ilan's commit safe and correct. Reported-by: Jouni Malinen Signed-off-by: Johannes Berg --- net/mac80211/offchannel.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'net') diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c index 34541bc..fbc34e9 100644 --- a/net/mac80211/offchannel.c +++ b/net/mac80211/offchannel.c @@ -257,7 +257,6 @@ static void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc, roc->start_time = start_time; roc->started = true; - roc->hw_begun = true; if (roc->mgmt_tx_cookie) { if (!WARN_ON(!roc->frame)) { @@ -286,6 +285,7 @@ static void ieee80211_hw_roc_start(struct work_struct *work) if (!roc->started) break; + roc->hw_begun = true; ieee80211_handle_roc_started(roc, local->hw_roc_start_time); } @@ -529,8 +529,10 @@ ieee80211_coalesce_hw_started_roc(struct ieee80211_local *local, * begin, otherwise they'll both be marked properly by the work * struct that runs once the driver notifies us of the beginning */ - if (cur_roc->hw_begun) + if (cur_roc->hw_begun) { + new_roc->hw_begun = true; ieee80211_handle_roc_started(new_roc, now); + } return true; } -- cgit v1.1 From 94c4fd641e1bc438092f0214bb5ec77ea73b13cf Mon Sep 17 00:00:00 2001 From: Dave Young Date: Sun, 15 Nov 2015 15:31:05 +0800 Subject: wireless: change cfg80211 regulatory domain info as debug messages cfg80211 module prints a lot of messages like below. Actually printing once is acceptable but sometimes it will print again and again, it looks very annoying. It is better to change these detail messages to debugging only. cfg80211: World regulatory domain updated: cfg80211: DFS Master region: unset cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time) cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A) cfg80211: (2457000 KHz - 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A) cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (N/A, 2000 mBm), (N/A) cfg80211: (5170000 KHz - 5250000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (N/A) cfg80211: (5250000 KHz - 5330000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (0 s) cfg80211: (5490000 KHz - 5730000 KHz @ 160000 KHz), (N/A, 2000 mBm), (0 s) cfg80211: (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A) cfg80211: (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 0 mBm), (N/A) The changes in this patch is to replace pr_info with pr_debug in function print_rd_rules and print_regdomain_info Signed-off-by: Dave Young [change some pr_err() statements to at least keep the alpha2] Signed-off-by: Johannes Berg --- net/wireless/reg.c | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) (limited to 'net') diff --git a/net/wireless/reg.c b/net/wireless/reg.c index 3b0ce1c..99618c1 100644 --- a/net/wireless/reg.c +++ b/net/wireless/reg.c @@ -2745,7 +2745,7 @@ static void print_rd_rules(const struct ieee80211_regdomain *rd) const struct ieee80211_power_rule *power_rule = NULL; char bw[32], cac_time[32]; - pr_info(" (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)\n"); + pr_debug(" (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)\n"); for (i = 0; i < rd->n_reg_rules; i++) { reg_rule = &rd->reg_rules[i]; @@ -2772,7 +2772,7 @@ static void print_rd_rules(const struct ieee80211_regdomain *rd) * in certain regions */ if (power_rule->max_antenna_gain) - pr_info(" (%d KHz - %d KHz @ %s), (%d mBi, %d mBm), (%s)\n", + pr_debug(" (%d KHz - %d KHz @ %s), (%d mBi, %d mBm), (%s)\n", freq_range->start_freq_khz, freq_range->end_freq_khz, bw, @@ -2780,7 +2780,7 @@ static void print_rd_rules(const struct ieee80211_regdomain *rd) power_rule->max_eirp, cac_time); else - pr_info(" (%d KHz - %d KHz @ %s), (N/A, %d mBm), (%s)\n", + pr_debug(" (%d KHz - %d KHz @ %s), (N/A, %d mBm), (%s)\n", freq_range->start_freq_khz, freq_range->end_freq_khz, bw, @@ -2813,35 +2813,35 @@ static void print_regdomain(const struct ieee80211_regdomain *rd) struct cfg80211_registered_device *rdev; rdev = cfg80211_rdev_by_wiphy_idx(lr->wiphy_idx); if (rdev) { - pr_info("Current regulatory domain updated by AP to: %c%c\n", + pr_debug("Current regulatory domain updated by AP to: %c%c\n", rdev->country_ie_alpha2[0], rdev->country_ie_alpha2[1]); } else - pr_info("Current regulatory domain intersected:\n"); + pr_debug("Current regulatory domain intersected:\n"); } else - pr_info("Current regulatory domain intersected:\n"); + pr_debug("Current regulatory domain intersected:\n"); } else if (is_world_regdom(rd->alpha2)) { - pr_info("World regulatory domain updated:\n"); + pr_debug("World regulatory domain updated:\n"); } else { if (is_unknown_alpha2(rd->alpha2)) - pr_info("Regulatory domain changed to driver built-in settings (unknown country)\n"); + pr_debug("Regulatory domain changed to driver built-in settings (unknown country)\n"); else { if (reg_request_cell_base(lr)) - pr_info("Regulatory domain changed to country: %c%c by Cell Station\n", + pr_debug("Regulatory domain changed to country: %c%c by Cell Station\n", rd->alpha2[0], rd->alpha2[1]); else - pr_info("Regulatory domain changed to country: %c%c\n", + pr_debug("Regulatory domain changed to country: %c%c\n", rd->alpha2[0], rd->alpha2[1]); } } - pr_info(" DFS Master region: %s", reg_dfs_region_str(rd->dfs_region)); + pr_debug(" DFS Master region: %s", reg_dfs_region_str(rd->dfs_region)); print_rd_rules(rd); } static void print_regdomain_info(const struct ieee80211_regdomain *rd) { - pr_info("Regulatory domain: %c%c\n", rd->alpha2[0], rd->alpha2[1]); + pr_debug("Regulatory domain: %c%c\n", rd->alpha2[0], rd->alpha2[1]); print_rd_rules(rd); } @@ -2862,7 +2862,8 @@ static int reg_set_rd_user(const struct ieee80211_regdomain *rd, return -EALREADY; if (!is_valid_rd(rd)) { - pr_err("Invalid regulatory domain detected:\n"); + pr_err("Invalid regulatory domain detected: %c%c\n", + rd->alpha2[0], rd->alpha2[1]); print_regdomain_info(rd); return -EINVAL; } @@ -2898,7 +2899,8 @@ static int reg_set_rd_driver(const struct ieee80211_regdomain *rd, return -EALREADY; if (!is_valid_rd(rd)) { - pr_err("Invalid regulatory domain detected:\n"); + pr_err("Invalid regulatory domain detected: %c%c\n", + rd->alpha2[0], rd->alpha2[1]); print_regdomain_info(rd); return -EINVAL; } @@ -2956,7 +2958,8 @@ static int reg_set_rd_country_ie(const struct ieee80211_regdomain *rd, */ if (!is_valid_rd(rd)) { - pr_err("Invalid regulatory domain detected:\n"); + pr_err("Invalid regulatory domain detected: %c%c\n", + rd->alpha2[0], rd->alpha2[1]); print_regdomain_info(rd); return -EINVAL; } -- cgit v1.1 From c3826807bbb3de693208da4ecb9c9602de16c616 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Fri, 11 Dec 2015 17:35:50 +0100 Subject: regulatory: fix world regulatory domain data The rule definitions here aren't really valid, they would be rejected if it came from userspace due to the bandwidth specified being bigger than the rule's width. This is fairly much inconsequential since the other rules around them do enable the bandwidth, but express that better using the NL80211_RRF_AUTO_BW flag. Signed-off-by: Johannes Berg --- net/wireless/reg.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'net') diff --git a/net/wireless/reg.c b/net/wireless/reg.c index 99618c1..547ceec 100644 --- a/net/wireless/reg.c +++ b/net/wireless/reg.c @@ -231,20 +231,22 @@ static const struct ieee80211_regdomain world_regdom = { /* IEEE 802.11b/g, channels 1..11 */ REG_RULE(2412-10, 2462+10, 40, 6, 20, 0), /* IEEE 802.11b/g, channels 12..13. */ - REG_RULE(2467-10, 2472+10, 40, 6, 20, - NL80211_RRF_NO_IR), + REG_RULE(2467-10, 2472+10, 20, 6, 20, + NL80211_RRF_NO_IR | NL80211_RRF_AUTO_BW), /* IEEE 802.11 channel 14 - Only JP enables * this and for 802.11b only */ REG_RULE(2484-10, 2484+10, 20, 6, 20, NL80211_RRF_NO_IR | NL80211_RRF_NO_OFDM), /* IEEE 802.11a, channel 36..48 */ - REG_RULE(5180-10, 5240+10, 160, 6, 20, - NL80211_RRF_NO_IR), + REG_RULE(5180-10, 5240+10, 80, 6, 20, + NL80211_RRF_NO_IR | + NL80211_RRF_AUTO_BW), /* IEEE 802.11a, channel 52..64 - DFS required */ - REG_RULE(5260-10, 5320+10, 160, 6, 20, + REG_RULE(5260-10, 5320+10, 80, 6, 20, NL80211_RRF_NO_IR | + NL80211_RRF_AUTO_BW | NL80211_RRF_DFS), /* IEEE 802.11a, channel 100..144 - DFS required */ -- cgit v1.1 From 470f4d613b51806e15e055428234a04a99f076fc Mon Sep 17 00:00:00 2001 From: Eliad Peller Date: Mon, 14 Dec 2015 16:26:57 +0200 Subject: mac80211: avoid ROC during hw restart Defer ROC requests during hw restart, as the driver might not be fully configured in this stage (e.g. channel contexts were not added yet) Signed-off-by: Eliad Peller Signed-off-by: Emmanuel Grumbach Signed-off-by: Johannes Berg --- net/mac80211/main.c | 5 +++++ net/mac80211/offchannel.c | 4 ++++ net/mac80211/util.c | 11 +++++++++-- 3 files changed, 18 insertions(+), 2 deletions(-) (limited to 'net') diff --git a/net/mac80211/main.c b/net/mac80211/main.c index 6bcf0fa..ed4c8e6 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -256,6 +256,11 @@ static void ieee80211_restart_work(struct work_struct *work) list_for_each_entry(sdata, &local->interfaces, list) flush_delayed_work(&sdata->dec_tailroom_needed_wk); ieee80211_scan_cancel(local); + + /* make sure any new ROC will consider local->in_reconfig */ + flush_delayed_work(&local->roc_work); + flush_work(&local->hw_roc_done); + ieee80211_reconfig(local); rtnl_unlock(); } diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c index fbc34e9..55a9c5b 100644 --- a/net/mac80211/offchannel.c +++ b/net/mac80211/offchannel.c @@ -408,6 +408,10 @@ void ieee80211_start_next_roc(struct ieee80211_local *local) return; } + /* defer roc if driver is not started (i.e. during reconfig) */ + if (local->in_reconfig) + return; + roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work, list); diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 3943d4b..4f6e0b7 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -2051,8 +2051,15 @@ int ieee80211_reconfig(struct ieee80211_local *local) cfg80211_sched_scan_stopped_rtnl(local->hw.wiphy); wake_up: - local->in_reconfig = false; - barrier(); + if (local->in_reconfig) { + local->in_reconfig = false; + barrier(); + + /* Restart deferred ROCs */ + mutex_lock(&local->mtx); + ieee80211_start_next_roc(local); + mutex_unlock(&local->mtx); + } if (local->monitors == local->open_count && local->monitors > 0) ieee80211_add_virtual_monitor(local); -- cgit v1.1 From b9f628fcc673ba582cc7a17c4fd9be01133e61bd Mon Sep 17 00:00:00 2001 From: Eliad Peller Date: Wed, 16 Dec 2015 15:45:45 +0200 Subject: mac80211: clear local->sched_scan_req properly on reconfig On reconfig, in case of sched_scan_req->n_scan_plans > 1, local->sched_scan_req was never cleared, although cfg80211_sched_scan_stopped_rtnl() was called, resulting in local->sched_scan_req holding a stale and preventing further scheduled scan requests. Clear it explicitly in this case. Fixes: 42a7e82c6792 ("mac80211: Do not restart scheduled scan if multiple scan plans are set") Signed-off-by: Eliad Peller Signed-off-by: Emmanuel Grumbach Signed-off-by: Johannes Berg --- net/mac80211/util.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'net') diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 4f6e0b7..58f58bd 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -2043,8 +2043,11 @@ int ieee80211_reconfig(struct ieee80211_local *local) */ if (sched_scan_req->n_scan_plans > 1 || __ieee80211_request_sched_scan_start(sched_scan_sdata, - sched_scan_req)) + sched_scan_req)) { + RCU_INIT_POINTER(local->sched_scan_sdata, NULL); + RCU_INIT_POINTER(local->sched_scan_req, NULL); sched_scan_stopped = true; + } mutex_unlock(&local->mtx); if (sched_scan_stopped) -- cgit v1.1 From 1a57081add2529fb4d8d11e7385990e7e550d30b Mon Sep 17 00:00:00 2001 From: Emmanuel Grumbach Date: Sun, 20 Dec 2015 13:50:00 +0200 Subject: mac80211: fix PS-Poll handling My commit below broken PS-Poll handling. In case the driver has no frames buffered, driver_release_tids will be 0, but calling find_highest_prio_tid() with 0 as a parameter is not a good idea: fls(0) - 1 = -1. This bug caused mac80211 to think that frames were buffered in the driver which in turn was confused because mac80211 was asking to release frames that were not reported to exist. On iwlwifi, this led to the WARNING below: WARNING: CPU: 0 PID: 11230 at drivers/net/wireless/intel/iwlwifi/mvm/sta.c:1733 iwl_mvm_sta_modify_sleep_tx_count+0x2af/0x320 [iwlmvm]() ffffffffc0627c60 ffff8800069b7648 ffffffff81888913 0000000000000000 0000000000000000 ffff8800069b7688 ffffffff81089d6a ffff8800069b7678 0000000000000001 ffff88003b35abf0 ffff88000698b128 ffff8800069b76d4 Call Trace: [] dump_stack+0x4c/0x65 [] warn_slowpath_common+0x8a/0xc0 [] warn_slowpath_null+0x1a/0x20 [] iwl_mvm_sta_modify_sleep_tx_count+0x2af/0x320 [iwlmvm] [] iwl_mvm_mac_release_buffered_frames+0x31/0x40 [iwlmvm] [] ieee80211_sta_ps_deliver_response+0x6e6/0xd80 [mac80211] [] ieee80211_sta_ps_deliver_poll_response+0x26/0x30 [mac80211] [] ieee80211_rx_handlers+0xa83/0x2900 [mac80211] [] ieee80211_prepare_and_rx_handle+0x1ed/0xa70 [mac80211] [] ? sta_info_get_bss+0x5/0x4a0 [mac80211] [] ieee80211_rx_napi+0x586/0xcd0 [mac80211] [] iwl_mvm_rx_rx_mpdu+0x59e/0xc60 [iwlmvm] Fixes: 0ead2510f8ce ("mac80211: allow the driver to send EOSP when needed") Signed-off-by: Emmanuel Grumbach Signed-off-by: Johannes Berg --- net/mac80211/sta_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 4402ad5..a4a4f89 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -1453,7 +1453,7 @@ ieee80211_sta_ps_deliver_response(struct sta_info *sta, more_data = ieee80211_sta_ps_more_data(sta, ignored_acs, reason, driver_release_tids); - if (reason == IEEE80211_FRAME_RELEASE_PSPOLL) + if (driver_release_tids && reason == IEEE80211_FRAME_RELEASE_PSPOLL) driver_release_tids = BIT(find_highest_prio_tid(driver_release_tids)); -- cgit v1.1 From 2bc533bd9dcf48eaf4af6fb89a338734a9e8f76e Mon Sep 17 00:00:00 2001 From: Eliad Peller Date: Tue, 5 Jan 2016 16:28:06 +0200 Subject: mac80211: handle sched_scan_stopped vs. hw restart race On hw restart, mac80211 might try to reconfigure already stopped sched scan, if ieee80211_sched_scan_stopped_work() wasn't scheduled yet. This in turn will keep the device driver with scheduled scan configured, while both mac80211 and cfg80211 will clear their sched scan state once the work is scheduled. Fix it by ignoring ieee80211_sched_scan_stopped() calls while in hw restart, and flush the work before starting the reconfiguration. Signed-off-by: Eliad Peller Signed-off-by: Emmanuel Grumbach Signed-off-by: Johannes Berg --- net/mac80211/main.c | 1 + net/mac80211/scan.c | 8 ++++++++ 2 files changed, 9 insertions(+) (limited to 'net') diff --git a/net/mac80211/main.c b/net/mac80211/main.c index ed4c8e6..8190bf2 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -248,6 +248,7 @@ static void ieee80211_restart_work(struct work_struct *work) /* wait for scan work complete */ flush_workqueue(local->workqueue); + flush_work(&local->sched_scan_stopped_work); WARN(test_bit(SCAN_HW_SCANNING, &local->scanning), "%s called with hardware scan in progress\n", __func__); diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index a413e52..8eb68ef 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -1213,6 +1213,14 @@ void ieee80211_sched_scan_stopped(struct ieee80211_hw *hw) trace_api_sched_scan_stopped(local); + /* + * this shouldn't really happen, so for simplicity + * simply ignore it, and let mac80211 reconfigure + * the sched scan later on. + */ + if (local->in_reconfig) + return; + schedule_work(&local->sched_scan_stopped_work); } EXPORT_SYMBOL(ieee80211_sched_scan_stopped); -- cgit v1.1 From da629cf111a2b9a182d1b43f03f2cb0d3f258af4 Mon Sep 17 00:00:00 2001 From: Helmut Schaa Date: Tue, 5 Jan 2016 17:42:13 +0100 Subject: mac80211: Don't buffer non-bufferable MMPDUs Non-bufferable MMPDUs are sent out to STAs even while in PS mode (for example probe responses). Applying filtered frame handling for these doesn't seem to make much sense and will only create more air utilization when the STA wakes up. Hence, apply filtered frame handling only for bufferable MMPDUs. Discovered while testing an old VOIP phone that started probing for APs while in PS mode. The mac80211/ath9k AP where the STA is associated would reply with a probe response but the phone sometimes moved to a new channel already and couldn't ack the probe response anymore. In that case mac80211 applied filtered frame handling for the un-acked probe response. Signed-off-by: Helmut Schaa Signed-off-by: Johannes Berg --- net/mac80211/status.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'net') diff --git a/net/mac80211/status.c b/net/mac80211/status.c index 5bad05e..6101deb 100644 --- a/net/mac80211/status.c +++ b/net/mac80211/status.c @@ -51,6 +51,11 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local, struct ieee80211_hdr *hdr = (void *)skb->data; int ac; + if (info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER) { + ieee80211_free_txskb(&local->hw, skb); + return; + } + /* * This skb 'survived' a round-trip through the driver, and * hopefully the driver didn't mangle it too badly. However, -- cgit v1.1 From 4fa11ec726a32ea6dd768dbb2e2af3453a98ec0a Mon Sep 17 00:00:00 2001 From: Sachin Kulkarni Date: Tue, 12 Jan 2016 14:30:19 +0530 Subject: mac80211: Requeue work after scan complete for all VIF types. During a sw scan ieee80211_iface_work ignores work items for all vifs. However after the scan complete work is requeued only for STA, ADHOC and MESH iftypes. This occasionally results in event processing getting delayed/not processed for iftype AP when it coexists with a STA. This can result in data halt and eventually disconnection on the AP interface. Cc: stable@vger.kernel.org Signed-off-by: Sachin Kulkarni Signed-off-by: Johannes Berg --- net/mac80211/ibss.c | 1 - net/mac80211/mesh.c | 11 ----------- net/mac80211/mesh.h | 4 ---- net/mac80211/mlme.c | 2 -- net/mac80211/scan.c | 12 +++++++++++- 5 files changed, 11 insertions(+), 19 deletions(-) (limited to 'net') diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c index f7fc0e0..978d3bc 100644 --- a/net/mac80211/ibss.c +++ b/net/mac80211/ibss.c @@ -1733,7 +1733,6 @@ void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local) if (sdata->vif.type != NL80211_IFTYPE_ADHOC) continue; sdata->u.ibss.last_scan_completed = jiffies; - ieee80211_queue_work(&local->hw, &sdata->work); } mutex_unlock(&local->iflist_mtx); } diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index fa28500..6f85b6a 100644 --- a/net/mac80211/mesh.c +++ b/net/mac80211/mesh.c @@ -1370,17 +1370,6 @@ out: sdata_unlock(sdata); } -void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local) -{ - struct ieee80211_sub_if_data *sdata; - - rcu_read_lock(); - list_for_each_entry_rcu(sdata, &local->interfaces, list) - if (ieee80211_vif_is_mesh(&sdata->vif) && - ieee80211_sdata_running(sdata)) - ieee80211_queue_work(&local->hw, &sdata->work); - rcu_read_unlock(); -} void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata) { diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h index a159634..4a8019f 100644 --- a/net/mac80211/mesh.h +++ b/net/mac80211/mesh.h @@ -362,14 +362,10 @@ static inline bool mesh_path_sel_is_hwmp(struct ieee80211_sub_if_data *sdata) return sdata->u.mesh.mesh_pp_id == IEEE80211_PATH_PROTOCOL_HWMP; } -void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local); - void mesh_path_flush_by_iface(struct ieee80211_sub_if_data *sdata); void mesh_sync_adjust_tbtt(struct ieee80211_sub_if_data *sdata); void ieee80211s_stop(void); #else -static inline void -ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local) {} static inline bool mesh_path_sel_is_hwmp(struct ieee80211_sub_if_data *sdata) { return false; } static inline void mesh_path_flush_by_iface(struct ieee80211_sub_if_data *sdata) diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 1c342e2..bfbb1ac 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -4005,8 +4005,6 @@ static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.monitor_work); - /* and do all the other regular work too */ - ieee80211_queue_work(&sdata->local->hw, &sdata->work); } } diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 8eb68ef..ae980ce 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -314,6 +314,7 @@ static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) bool was_scanning = local->scanning; struct cfg80211_scan_request *scan_req; struct ieee80211_sub_if_data *scan_sdata; + struct ieee80211_sub_if_data *sdata; lockdep_assert_held(&local->mtx); @@ -373,7 +374,16 @@ static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) ieee80211_mlme_notify_scan_completed(local); ieee80211_ibss_notify_scan_completed(local); - ieee80211_mesh_notify_scan_completed(local); + + /* Requeue all the work that might have been ignored while + * the scan was in progress; if there was none this will + * just be a no-op for the particular interface. + */ + list_for_each_entry_rcu(sdata, &local->interfaces, list) { + if (ieee80211_sdata_running(sdata)) + ieee80211_queue_work(&sdata->local->hw, &sdata->work); + } + if (was_scanning) ieee80211_start_next_roc(local); } -- cgit v1.1 From 6736fde9672ff6717ac576e9bba2fd5f3dfec822 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 26 Jan 2016 11:29:03 +0100 Subject: rfkill: fix rfkill_fop_read wait_event usage The code within wait_event_interruptible() is called with !TASK_RUNNING, so mustn't call any functions that can sleep, like mutex_lock(). Since we re-check the list_empty() in a loop after the wait, it's safe to simply use list_empty() without locking. This bug has existed forever, but was only discovered now because all userspace implementations, including the default 'rfkill' tool, use poll() or select() to get a readable fd before attempting to read. Cc: stable@vger.kernel.org Fixes: c64fb01627e24 ("rfkill: create useful userspace interface") Reported-by: Dmitry Vyukov Signed-off-by: Johannes Berg --- net/rfkill/core.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) (limited to 'net') diff --git a/net/rfkill/core.c b/net/rfkill/core.c index f53bf3b6..cf5b69a 100644 --- a/net/rfkill/core.c +++ b/net/rfkill/core.c @@ -1095,17 +1095,6 @@ static unsigned int rfkill_fop_poll(struct file *file, poll_table *wait) return res; } -static bool rfkill_readable(struct rfkill_data *data) -{ - bool r; - - mutex_lock(&data->mtx); - r = !list_empty(&data->events); - mutex_unlock(&data->mtx); - - return r; -} - static ssize_t rfkill_fop_read(struct file *file, char __user *buf, size_t count, loff_t *pos) { @@ -1122,8 +1111,11 @@ static ssize_t rfkill_fop_read(struct file *file, char __user *buf, goto out; } mutex_unlock(&data->mtx); + /* since we re-check and it just compares pointers, + * using !list_empty() without locking isn't a problem + */ ret = wait_event_interruptible(data->read_wait, - rfkill_readable(data)); + !list_empty(&data->events)); mutex_lock(&data->mtx); if (ret) -- cgit v1.1