- Jul 29, 2009
-
-
Johannes Berg authored
When enqueuing packets on the internal packet queue, we need to ensure that we have a valid vif pointer since that is required since the net namespace work. Add some assertions to verify this, but also don't crash is for some reason we don't end up with a vif pointer -- warn and drop the packet in all these cases. Since this code touches a number of hotpaths, it is intended to be temporary, or maybe configurable in the future, at least the bit that is in the path that gets hit for every packet, ieee80211_tx_pending(). Signed-off-by:
Johannes Berg <johannes@sipsolutions.net> Signed-off-by:
John W. Linville <linville@tuxdriver.com>
-
Johannes Berg authored
When trying to disassociate while not associated, the kernel would crash rather than refusing the operation, fix this; Reported-by:
Maxim Levitsky <maximlevitsky@gmail.com> Signed-off-by:
-
Helmut Schaa authored
Fix an oops in ieee80211_scan_state_set_channel which was triggered if the last scanned channel was skipped (for example due to regulatory restrictions) by returning to the decision state after each skipped channel. Signed-off-by:
Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by:
-
Johannes Berg authored
Jouni and Maxim reported an oops when using wpa_supplicant -Dnl80211, which seems to be due to random data being contained in the crypto settings for the assoc() command. This seems to be due to the missing memset here, so add it -- it's certainly missing but I'm not 100% certain that it will fix the problem. Signed-off-by:
-
Johannes Berg authored
Marcel reported a warning, which quite obviously comes from an oversight in the code handling deauth frames, and which resulted in multiple follow-up warnings due to this missing handling. This patch adds the missing deauth handling (telling cfg80211 about it) and also removes the follow-up warnings since they could happen due to races even if nothing is wrong. I've explained the races in the comments. Signed-off-by:
Marcel Holtmann <marcel@holtmann.org> Tested-by:
-
Johannes Berg authored
Luis reported this lockdep complaint, that he had also reported earlier but when trying to analyse I had been locking at the wrong code, and never saw the problem: (slightly abridged) ======================================================= [ INFO: possible circular locking dependency detected ] 2.6.31-rc4-wl #6 ------------------------------------------------------- wpa_supplicant/3799 is trying to acquire lock: (cfg80211_mutex){+.+.+.}, at: [<ffffffffa009246a>] cfg80211_get_dev_from_ifindex+0x1a/0x90 [cfg80211] but task is already holding lock: (rtnl_mutex){+.+.+.}, at: [<ffffffff81400ff2>] rtnl_lock+0x12/0x20 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (rtnl_mutex){+.+.+.}: [<ffffffff810857b6>] __lock_acquire+0xd76/0x12b0 [<ffffffff81085dd3>] lock_acquire+0xe3/0x120 [<ffffffff814ee7a4>] mutex_lock_nested+0x44/0x350 [<ffffffff81400ff2>] rtnl_lock+0x12/0x20 [<ffffffffa009f6a5>] nl80211_send_reg_change_event+0x1f5/0x2a0 [cfg80211] [<ffffffffa009529e>] set_regdom+0x28e/0x4c0 [cfg80211] -> #0 (cfg80211_mutex){+.+.+.}: [<ffffffff8108587b>] __lock_acquire+0xe3b/0x12b0 [<ffffffff81085dd3>] lock_acquire+0xe3/0x120 [<ffffffff814ee7a4>] mutex_lock_nested+0x44/0x350 [<ffffffffa009246a>] cfg80211_get_dev_from_ifindex+0x1a/0x90 [cfg80211] [<ffffffffa009813f>] get_rdev_dev_by_info_ifindex+0x6f/0xa0 [cfg80211] [<ffffffffa009b12b>] nl80211_set_interface+0x3b/0x260 [cfg80211] When looking at the correct code, the problem is quite obvious. I'm not entirely sure which code paths lead here, so until I can analyse it better let's just use RCU to avoid the problem. Signed-off-by:
-
- Jul 27, 2009
-
-
Luis R. Rodriguez authored
This was caused by patch: "mac80211: cooperate more with network namespaces" The version of the patch applied doesn't match Johannes' latest: http://johannes.sipsolutions.net/patches/kernel/all/LATEST/NNN-mac80211-netns.patch The skb->cb virtual interface data wasn't being reset for reuse so ath9k pooped out when trying to dereference the private rate control info from the skb. BUG: unable to handle kernel NULL pointer dereference RIP: 0010:[<ffffffffa0258173>] ath_tx_rc_status+0x33/0x150 [ath9k] <-- snip etc --> Reported-by:
Davide Pesavento <davidepesa@gmail.com> Signed-off-by:
Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by:
-
Johannes Berg authored
When a station queries us for a PS-poll response, we wrongly queue the frame on the virtual interface's queue rather than the pending queue. Additionally, fix a race condition where we could potentially send multiple frames to the sleeping station due to using a station flag rather than a packet flag. When converting to a packet flag, we can also convert p54 and remove the filter clearing we added for it. (Also remove a now dead function) Signed-off-by:
Bob Copeland <me@bobcopeland.com> Tested-by:
-
Luis R. Rodriguez authored
We were issuing probe requests to the associated AP on the wrong band by having our beacon timer loss trigger while we are scanning. When we would scan the timer could hit and force us to send a probe request to the AP but with a chance we'd be on the wrong band. This leads to finding no usable bitrate but we should not get so far on the xmit path. We should not be trying to send these probe request frames so prevent ieee80211_mgd_probe_ap() from sending these. As it turns out all callers of ieee80211_mgd_probe_ap() need this check so we just move the scan check there. This means we can remove the recenlty added check during ieee80211_sta_monitor_work(). Additionally we now fix a race condition added by the patch "mac80211: do not monitor the connection while scanning" which had the same check in ieee80211_sta_conn_mon_timer(). The race happens because the timer routine *does* a valid check for scanning but after it queues work into the mac80211 workqueue the work callback can kick off with scanning enabled and cause the same issue we were trying to avoid. The more appropriate solution would be to disable the respective timers during scan and re-enable them after scan but requires more complex code and testing. Cc: Christian Lamparter <chunkeey@web.de> Cc: Larry Finger <Larry.Finger@lwfinger.net> Reported-by:
Fabio Rossi <rossi.f@inwind.it> Signed-off-by:
-
Johannes Berg authored
When a new MLME work is created, its timeout is initialised to 0. This is wrong, it could then be thought of as having an actual timeout in the future (time_is_after_jiffies() can return true). Instead, it should be initialised to jiffies so that it will run right away as soon as the mlme work is executed. Signed-off-by:
Luciano Roth Coelho <luciano.coelho@nokia.com> Reported-by:
Alban Browaeys <prahal@yahoo.com> Signed-off-by:
-
Helmut Schaa authored
Using background scanning in mac80211 the time a scan needs to finish can exceed 10 seconds. Hence, increase the scan results expire time to 15 seconds which should be sufficient. Signed-off-by:
-
Helmut Schaa authored
Rename scan_state to next_scan_state to better reflect what it is used for. Signed-off-by:
-
Helmut Schaa authored
Introduce a new scan flag "SCAN_OFF_CHANNEL" which basically tells us that we are currently on a different channel for scanning and cannot RX/TX. "SCAN_SW_SCANNING" tells us that we are currently running a software scan but we might as well be on the operating channel to RX/TX. While "SCAN_SW_SCANNING" is set during the whole scan "SCAN_OFF_CHANNEL" is set when leaving the operating channel and unset when coming back. Introduce two new scan states "SCAN_LEAVE_OPER_CHANNEL" and "SCAN_ENTER_OPER_CHANNEL" which basically implement the functionality we need to leave the operating channel (send a nullfunc to the AP and stop the queues) and enter it again (send a nullfunc to the AP and start the queues again). Enhance the scan state "SCAN_DECISION" to switch back to the operating channel after each scanned channel. In the future it sould be simple to enhance the decision state to scan as much channels in a row as the qos latency allows us. Signed-off-by:
-
Helmut Schaa authored
Use a bitfield to store the current scan mode instead of two boolean variables {sw,hw}_scanning. This patch does not introduce functional changes but allows us to enhance the scan flags later (for example for background scanning). Signed-off-by: -
Helmut Schaa authored
Introduce a new scan state "decision" which is entered after every completed scan operation and decides about the next steps. At first the decision is in any case to scan the next channel. This shouldn't introduce any functional changes. Signed-off-by:
-
Helmut Schaa authored
Instead of queueing the scan work again without delay just process the next state immediately. Signed-off-by:
-
Helmut Schaa authored
Move the processing of each scan state into its own functions for better readability. This patch does not introduce functional changes. Signed-off-by:
-
Johannes Berg authored
This finally opens up the ability to put mac80211 devices into different network namespaces. As long as you don't have sysfs, that is. Signed-off-by:
-
Johannes Berg authored
In order to make cfg80211/nl80211 aware of network namespaces, we have to do the following things: * del_virtual_intf method takes an interface index rather than a netdev pointer - simply change this * nl80211 uses init_net a lot, it changes to use the sender's network namespace * scan requests use the interface index, hold a netdev pointer and reference instead * we want a wiphy and its associated virtual interfaces to be in one netns together, so - we need to be able to change ns for a given interface, so export dev_change_net_namespace() - for each virtual interface set the NETIF_F_NETNS_LOCAL flag, and clear that flag only when the wiphy changes ns, to disallow breaking this invariant * when a network namespace goes away, we need to reparent the wiphy to init_net * cfg80211 users that support creating virtual interfaces must create them in the wiphy's namespace, currently this affects only mac80211 The end result is that you can now switch an entire wiphy into a different network namespace with the new command iw phy#<idx> set netns <pid> and all virtual interfaces will follow (or the operation fails). Signed-off-by: -
Johannes Berg authored
There are still two places in mac80211 that hardcode the initial net namespace (init_net). One of them is mandated by cfg80211 and will be removed by a separate patch, the other one is used for finding the network device of a pending packet via its ifindex. Remove the latter use by keeping track of the device pointer itself, via the vif pointer, and avoid it going stale by dropping pending frames for a given interface when the interface is removed. To keep track of the vif pointer for the correct interface, change the info->control.vif pointer's internal use to always be the correct vif, and only move it to the vif the driver expects (or NULL for monitor interfaces and injected packets) right before giving the packet to the driver. Signed-off-by:
-
Eric Dumazet authored
net/phonet/pn_dev.c: In function `phonet_device_get': net/phonet/pn_dev.c:99: warning: 'dev' might be used uninitialized in this function Signed-off-by:
Eric Dumazet <eric.dumazet@gmail.com> Acked-by:
Rémi Denis-Courmont <remi.denis-courmont@nokia.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Sridhar Samudrala authored
This helps avoid error messages with ethtool -k on devices that don't provide device specific routines. Signed-off-by:
Sridhar Samudrala <sri@us.ibm.com> ------------------------------------------------------------------ Signed-off-by:
-
- Jul 26, 2009
-
-
David S. Miller authored
As reported by Oliver Hartkopp: net/phonet/pn_dev.c: In function ‘phonet_init_net’: net/phonet/pn_dev.c:221: error: implicit declaration of function ‘proc_net_fops_create’ net/phonet/pn_dev.c: In function ‘phonet_exit_net’: net/phonet/pn_dev.c:242: error: implicit declaration of function ‘proc_net_remove’ Signed-off-by:
-
- Jul 24, 2009
-
-
Javier Cardona authored
The removal of the master netdev broke the mesh forwarding path. This patch fixes it by using the new internal 'pending' queue. As a result of this change, mesh forwarding no longer does the inefficient 802.11 -> 802.3 -> 802.11 conversion that was done before. [Changes since v1] Suggested by Johannes: - Select queue before adding to mpath queue - ieee80211_add_pending_skb -> ieee80211_add_pending_skbs - Remove unnecessary header wme.h Signed-off-by:
Javier Cardona <javier@cozybit.com> Signed-off-by:
Andrey Yurovsky <andrey@cozybit.com> Reviewed-by:
-
Johannes Berg authored
ieee80211_xmit() cannot be called with tasklets enabled because it is normally called from within a tasklet. Signed-off-by:
-
Johannes Berg authored
mac80211 required this due to the master netdev, but now it can put all information into skb->cb and this can go. Signed-off-by:
-
Johannes Berg authored
With the internal 'pending' queue system in place, we can simply put packets there instead of pushing them off to the master dev, getting rid of the master interface completely. Signed-off-by:
-
Johannes Berg authored
For mac80211, with the master netdev removal, we need to be able to sync a multicast address list onto another list that is not tracked within a netdev, so we need access to the functions doing that. Signed-off-by:
-
Zhu Yi authored
In cfg80211_upload_connect_keys(), we call add_key, set_default_key and set_default_mgmt_key (if applicable) one by one. If one of these operations fails, we should stop calling the following functions. Because if the key is not added successfully, we should not set it as default key anyway. Signed-off-by:
Zhu Yi <yi.zhu@intel.com> Signed-off-by:
-
Zhu Yi authored
It should be IWEVASSOCREQIE instead. Signed-off-by:
-
Zhu Yi authored
We invoke the cfg80211 set_default_key callback only for WEP key configuring. Signed-off-by:
-
Christian Lamparter authored
This patch fixes the following errors: driver-trace.h:148:1: error: cannot size expression driver-trace.h:148:1: error: cannot size expression [...] driver-trace.h:222:1: error: cannot size expression driver-trace.h:71:1: error: incompatible types for operation (<) driver-trace.h:71:1: left side has type void *<noident> driver-trace.h:71:1: right side has type int driver-trace.h:99:1: error: incompatible types for operation (<) driver-trace.h:99:1: left side has type void *<noident> driver-trace.h:99:1: right side has type int driver-trace.h:148:1: error: incompatible types for operation (<) driver-trace.h:148:1: left side has type void *<noident> driver-trace.h:148:1: right side has type int driver-trace.h:222:1: error: cannot size expression driver-trace.h:248:1: error: incompatible types for operation (<) driver-trace.h:248:1: left side has type void *<noident> driver-trace.h:248:1: right side has type int driver-trace.h:446:1: error: incompatible types for operation (<) driver-trace.h:446:1: left side has type void *<noident> driver-trace.h:446:1: right side has type int Signed-off-by:
Christian Lamparter <chunkeey@web.de> Signed-off-by:
-
Christian Lamparter authored
mac80211 constantly monitors the connection to the associated AP in order to check if it is out of reach/dead. This is absolutely fine most of the time. Except when there is a scheduled scan for the whole neighborhood. After all this path could trigger while scanning on different channel. Or even worse: this AP probing triggers a WARN_ON in rate_lowest_index when the scan code did a band transition! ( http://www.kerneloops.org/raw.php?rawid=449304 ) Reported-by:
Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by:
-
Johannes Berg authored
In the wext code I tried to not reconnect all the time when the user wasn't really sure what they were doing, like setting the BSSID back to the same value it was. However, this optimisation should only be done while associated so that setting the BSSID back to the same value that it was actually triggers a new association if not currently associated. To achieve, that, put the relevant code into the !IDLE case instead. Signed-off-by:
Kalle Valo <kalle.valo@iki.fi> Tested-by:
-
Zhu Yi authored
cfg80211_sme_scan_done() can be called (by fullmac cards) with wdev->conn == NULL when CFG80211_SME_CONNECTING. We quit silently instead of WARN_ON in this case. Signed-off-by:
-
Luis R. Rodriguez authored
We were treating ieee80211_regdom module parameter hints as core hints, this means we were not letting the user help compliance further when using the module parameter. It also meant that users with a device with a custom regulatory domain set (wiphy->custom_regulatory) using this module parameter were being stuck to the original default core static regualtory domain. We fix this by using the static cfg80211_regdomain alpha2 as the core hint and treating the module parameter separately. All iwlwifi and ath5k/ath9k/ar9170 devices which world roam set the wiphy->custom_regulatory. This change allows users using this module parameter to have it trated as a a proper user hint and not have it ignored. Signed-off-by:
-
Luis R. Rodriguez authored
All current rate control algorithms agree to send management and no-ack frames at the lowest rate. They also agree to do this when sta and the private rate control data is NULL. We add a hlper to mac80211 for this and simplify the rate control algorithm code. Developers wishing to make enhancements to rate control algorithms are for broadcast/multicast can opt to not use this in their gate_rate() mac80211 callback. Cc: Zhu Yi <yi.zhu@intel.com> Acked-by:
Reinette Chatre <reinette.chatre@intel.com> Cc: ipw3945-devel@lists.sourceforge.net Cc: Gabor Juhos <juhosg@openwrt.org> Acked-by:
Felix Fietkau <nbd@openwrt.org> Cc: Derek Smithies <derek@indranet.co.nz> Cc: Chittajit Mitra <Chittajit.Mitra@Atheros.com> Signed-off-by:
-
Luis R. Rodriguez authored
Cc: Felix Fietkau <nbd@openwrt.org> Cc: Derek Smithies <derek@indranet.co.nz> Cc: Chittajit Mitra <Chittajit.Mitra@Atheros.com> Signed-off-by:
-
Luis R. Rodriguez authored
When we're associated we should be able to send data to target sta. If we cannot we may be trying to use the incorrect band to talk to the sta. Lets catch any such cases, warn, and drop the frames to not invalidate assumptions being made on rate control algorithms when they have a valid sta to communicate with. Any such cases should be handled and fixed. Signed-off-by:
-
Johannes Berg authored
The work that we cancel there requires the cfg80211_mutex, so we can't cancel it under the mutex, which is fine, we can just move it to after the locked section. Signed-off-by:
-
