Johannes Berg [Wed, 19 Jun 2013 11:05:42 +0000 (13:05 +0200)]
cfg80211: require passing BSS struct back to cfg80211_assoc_timeout
Doing so will allow us to hold the BSS (not just ref it) over the
association process, thus ensuring that it doesn't time out and
gets invisible to the user (e.g. in 'iw wlan0 link'.)
This also fixes a leak in mac80211 where it doesn't always release
the BSS struct properly in all cases where calling this function.
This leak was reported by Ben Greear.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 19 Jun 2013 08:57:22 +0000 (10:57 +0200)]
nl80211: use small state buffer for wiphy_dump
Avoid parsing the original dump message again and again by
allocating a small state struct that is used by the functions
involved in the dump, storing this struct in cb->args[0].
This reduces the memory allocation size as well.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 19 Jun 2013 08:09:57 +0000 (10:09 +0200)]
nl80211: fix attrbuf access race by allocating a separate one
Since my commit 3713b4e364 ("nl80211: allow splitting wiphy
information in dumps"), nl80211_dump_wiphy() uses the global
nl80211_fam.attrbuf for parsing the incoming data. This wouldn't
be a problem if it only did so on the first dump iteration which
is locked against other commands in generic netlink, but due to
space constraints in cb->args (the needed state doesn't fit) I
decided to always parse the original message. That's racy though
since nl80211_fam.attrbuf could be used by some other parsing in
generic netlink concurrently.
For now, fix this by allocating a separate parse buffer (it's a
bit too big for the stack, currently 1448 bytes on 64-bit). For
-next, I'll change the code to parse into the global buffer in
the first round only and then allocate a smaller buffer to keep
the data in cb->args.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Acked-by: David S. Miller <davem@davemloft.net> Acked-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
In this way an IBSS station will not use the AUTH messages
to trigger a state reinitialisation anymore.
The behaviour was racy and was not working properly.
It has been introduced to help wpa_supplicant to support
IBSS/RSN, however all the logic is now getting moved into
wpa_s itself which will also be in charge of handling the
AUTH messages thanks to the mgmt frame registration.
If userspace does not register for receiving AUTH frames
then mac80211 will still reply by itself.
At the same time, the auth frame registration counter can be
removed since it is not needed anymore.
Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>
[remove unused variable] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Simon Wunderlich [Thu, 16 May 2013 11:00:31 +0000 (13:00 +0200)]
mac80211: fix various components for the new 5 and 10 MHz widths
This is a collection of minor fixes:
* don't allow HT IEs in IBSS for 5/10 MHz
* don't allow HT IEs in Mesh for 5/10 MHz
* don't downgrade from/to 5 and 10 MHz channels
* don't try HT rates for 5 and 10 MHz channels when selecting rates
Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: Mathias Kretschmer <mathias.kretschmer@fokus.fraunhofer.de> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Thomas Pedersen [Thu, 13 Jun 2013 22:54:41 +0000 (15:54 -0700)]
mac80211: update mesh beacon on workqueue
Instead of updating the mesh beacon immediately when
requested (which would require the sdata_lock()), defer it
to the mac80211 workqueue.
Fixes yet another deadlock on calling sta_info_flush()
with the sdata_lock() held from ieee80211_stop_mesh(). We
could just drop the sdata_lock() around the
mesh_sta_cleanup() call, but this path is also taken from
several non-locked error paths.
Signed-off-by: Thomas Pedersen <thomas@cozybit.com>
[fix comment position] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Simon Wunderlich [Fri, 14 Jun 2013 12:15:19 +0000 (14:15 +0200)]
nl80211: use attributes to parse beacons
only the attributes are required and not the whole netlink info, as the
function accesses the attributes only anyway. This makes it easier to
parse nested beacon IEs later.
Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: Mathias Kretschmer <mathias.kretschmer@fokus.fraunhofer.de> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Alexander Bondar [Sun, 19 May 2013 11:23:57 +0000 (14:23 +0300)]
mac80211: track AP's beacon rate and give it to the driver
Track the AP's beacon rate in the scan BSS data and in the
interface configuration to let the drivers know which rate
the AP is using. This information may be used by drivers,
in our case to let the firmware optimise beacon RX.
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Ben Greear [Wed, 12 Jun 2013 21:08:44 +0000 (14:08 -0700)]
mac80211: Ensure tid_start_tx is protected by sta->lock
All accesses of the tid_start_tx lock should be protected
by sta->lock if there is any chance that another thread
could still be accessing the sta object.
Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 12 Jun 2013 20:47:56 +0000 (22:47 +0200)]
mac80211: fix TX aggregation TID struct leak
Ben reports that kmemleak is saying TX aggregation TID
structs are leaked. Given his workload, I suspect that
they're leaked because stations are destroyed before
their aggregation sessions get a chance to start. Fix
this by simply freeing structs that are not used yet.
Reported-by: Ben Greear <greearb@candelatech.com> Tested-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Simon Wunderlich [Tue, 11 Jun 2013 08:44:39 +0000 (10:44 +0200)]
mac80211: abort CAC in stop_ap()
When a CAC is running and stop_ap is called (e.g. when hostapd is killed
while performing CAC), the CAC must be aborted immediately.
Otherwise ieee80211_stop_ap() will try to stop it when it's too late -
wdev->channel is already NULL and the abort event can not be generated.
Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 28 May 2013 08:54:03 +0000 (10:54 +0200)]
mac80211: work around broken APs not including HT info
There are some APs, notably 2G/3G/4G Wifi routers, specifically the
"Onda PN51T", "Vodafone PocketWiFi 2", "ZTE MF60" and a similar
T-Mobile branded device [1] that erroneously don't include all the
needed information in (re)association response frames. Work around
this by assuming the information is the same as it was in the
beacon or probe response and using the data from there instead.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=58881.
Johannes Berg [Tue, 11 Jun 2013 14:51:03 +0000 (16:51 +0200)]
cfg80211: fix rtnl leak in wiphy dump error cases
In two wiphy dump error cases, most often when the dump allocation
must be increased, the RTNL is leaked. This quickly results in a
complete system lockup. Release the RTNL correctly.
Reported-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
cfg80211 passes a NULL channel to mgmt_tx if the frame has
to be sent on the one currently in use by the device.
Make the implementation of mgmt_tx correctly handle this
case
Cc: Nicolas Cavallari <Nicolas.Cavallari@lri.fr> Acked-by: Kalle Valo <kvalo@qca.qualcomm.com> Signed-off-by: Antonio Quartulli <antonio@open-mesh.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
brcm80211: make mgmt_tx in brcmfmac accept a NULL channel
cfg80211 passes a NULL channel to mgmt_tx if the frame has
to be sent on the one currently in use by the device.
Make the implementation of mgmt_tx correctly handle this
case
Cc: brcm80211-dev-list@broadcom.com Acked-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Antonio Quartulli <antonio@open-mesh.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
cfg80211 passes a NULL channel to mgmt_tx if the frame has
to be sent on the one currently in use by the device.
Make the implementation of mgmt_tx correctly handle this
case. Fail if offchan is required.
Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>
[fix RCU locking] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Mon, 27 May 2013 15:24:02 +0000 (18:24 +0300)]
cfg80211: fix VHT TDLS peer AID verification
I (Johannes) accidentally applied the first version of the patch
("Allow TDLS peer AID to be configured for VHT"). Now apply just
the changes between v1 and v2 to get the AID verification and
prefer the new attribute over the old one.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Ashok Nagarajan [Mon, 3 Jun 2013 17:33:36 +0000 (10:33 -0700)]
{nl,mac,cfg}80211: Allow user to configure basic rates for mesh
Currently mesh uses mandatory rates as the default basic rates. Allow basic
rates to be configured during mesh join. Basic rates are applied only if
channel is also provided with mesh join command.
Colleen Twitty [Mon, 3 Jun 2013 16:53:39 +0000 (09:53 -0700)]
{nl,cfg}80211: make peer link expiration time configurable
If a STA has a peer that it hasn't seen any tx activity
from for a certain length of time, the peer link is
expired. This means the inactive STA is removed from the
list of peers and that STA is not considered a peer again
unless it re-peers. Previously, this inactivity time was
always 30 minutes. Now, add it to the mesh configuration
and allow it to be configured. Retain 30 minutes as a
default value.
Signed-off-by: Colleen Twitty <colleen@cozybit.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Thomas Pedersen [Mon, 10 Jun 2013 20:17:21 +0000 (13:17 -0700)]
mac80211: fix mesh deadlock
The patch "cfg80211/mac80211: use cfg80211 wdev mutex in
mac80211" introduced several deadlocks by converting the
ifmsh->mtx to wdev->mtx. Solve these by:
1. drop the cancel_work_sync() in ieee80211_stop_mesh().
Instead make the mesh work conditional on whether the mesh
is running or not.
2. lock the mesh work with sdata_lock() to protect beacon
updates and prevent races with wdev->mesh_id_len or
cfg80211.
Signed-off-by: Thomas Pedersen <thomas@cozybit.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Alexander Bondar [Thu, 16 May 2013 14:34:17 +0000 (17:34 +0300)]
mac80211: Use suitable semantics for beacon availability indication
Currently beacon availability upon association is marked by have_beacon
flag of assoc_data structure that becomes unavailable when association
completes. However beacon availability indication is required also after
association to inform a driver. Currently dtim_period parameter is used
for this purpose. Move have_beacon flag to another structure, persistant
throughout a interface's life cycle. Use suitable sematics for beacon
availability indication.
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
[fix another instance of BSS_CHANGED_DTIM_PERIOD in docs] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
mac80211: fix powersave bug and clean up ieee80211_rx_bss_info
ieee80211_rx_bss_info() deals with dtim_period setting and PS update
when associated. Move all these to another locations cleaning this
function. Also, the current implementation is buggy because when it
calls ieee80211_recalc_ps() bss_conf->dtim_period is notset properly
yet and thus nothing will happen.
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 4 Jun 2013 20:23:36 +0000 (22:23 +0200)]
cfg80211: make wiphy index start at 0 again
The change to use atomic_inc_return() for assigning the wiphy
index made the first wiphy index 1 instead of 0. This is fine,
but we all habitually type "phy0" when we're testing, so make
it go back to 0 instead of 1 by subtracting 1 from the index.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 4 Jun 2013 17:21:08 +0000 (19:21 +0200)]
cfg80211: fix potential deadlock regression
My big locking cleanups caused a problem by registering the
rfkill instance with the RTNL held, while the callback also
acquires the RTNL. This potentially causes a deadlock since
the two locks used (rfkill mutex and RTNL) can be acquired
in two different orders. Fix this by (un)registering rfkill
without holding the RTNL. This needs to be done after the
device struct is registered, but that can also be done w/o
holding the RTNL.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 15 May 2013 22:55:45 +0000 (00:55 +0200)]
cfg80211: separate internal SME implementation
The current internal SME implementation in cfg80211 is
very mixed up with the MLME handling, which has been
causing issues for a long time. There are three things
that the implementation has to provide:
* a basic SME implementation for nl80211's connect()
call (for drivers implementing auth/assoc, which is
really just mac80211) and wireless extensions
* MLME events for the userspace SME
* SME events (connected, disconnected etc.) for all
different SME implementation possibilities (driver,
cfg80211 and userspace)
To achieve these goals it isn't necessary to track the
software SME's connection status outside of it's state
(which is the part that caused many issues.) Instead,
track it only in the SME data (wdev->conn) and in the
general case only track whether the wdev is connected
or not (via wdev->current_bss.)
Also separate the internal implementation to not have
callbacks from the SME events, but rather call it from
the API functions that the driver (or rather mac80211)
calls. This separates the code better.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 15 May 2013 22:55:00 +0000 (00:55 +0200)]
cfg80211/mac80211: clean up cfg80211 SME APIs
Do some cleanups in the cfg80211 SME APIs, which are
only used by mac80211.
Most of these functions get a frame passed, and there
isn't really any reason to export multiple functions
as cfg80211 can check the frame type instead, do that.
Additionally, the API functions have confusing names
like cfg80211_send_...() which was meant to indicate
that it sends an event to userspace, but gets a bit
confusing when there's both TX and RX and they're not
all clearly labeled.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
John Greene [Mon, 3 Jun 2013 13:47:39 +0000 (09:47 -0400)]
brcmsmac: Reduce log spam in heavy tx, make err print in debug
Move message to debug mode to reduce log spam under heavy tx (iperf) load.
This message prints in ht debug mode only:
brcms_c_ampdu_dotxstatus_complete: Pkt tx suppressed, illegal channel
possibly 153
Signed-off-by: John Greene <jogreene@redhat.com> Acked-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
ANI state can be maintained globally instead of per-channel.
This reduces memory usage and since default values are used
during a scan run, per-channel state is not required.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
The only card with which WoW has been tested and verified is
AR9462. Do not enable it for all cards since WoW is really quirky
and needs to be tested properly with each chip.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Solomon Peachy [Sun, 2 Jun 2013 15:35:31 +0000 (11:35 -0400)]
cw1200: Rework SDIO platform support to prevent build problems.
Based on discussions with And Bergmann, this patch changes the SDIO
platform code to default to supporting the Sagrad devices, allowing for
it to be overridden in board setup code. This renders the cw1200_sagrad
module suplerflous, so it is now removed.
It also moves the documentation that was in the cw1200_sagrad source to
the platform header.
Signed-off-by: Solomon Peachy <pizza@shaftnet.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Solomon Peachy [Sun, 2 Jun 2013 13:53:03 +0000 (09:53 -0400)]
cw1200: Replace use of 'struct resource' with 'int' for GPIO fields.
The only advantage of 'struct resource' is that it lets us assign names
as part of the platform data. Unfortunately since we are using platform
data, we are already limited to a single instance of each driver,
rendering this moot.
So, replace the struct resources with ints, resulting in cleaner code.
This was based on a suggestion from Arnd Bergmann.
Signed-off-by: Solomon Peachy <pizza@shaftnet.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Solomon Peachy [Sat, 1 Jun 2013 12:08:42 +0000 (08:08 -0400)]
cw1200: Rename 'sbus' to 'hwbus'
This avoids problems when building on SPARC targets due to the driver
calling the bus abstraction layer 'sbus'. Not that any SBUS-sporting
SPARC targets are likely to have an SDIO controller, but this is the
correct thing to do.
See http://kisskb.ellerman.id.au/kisskb/buildresult/8846508/
Signed-off-by: Solomon Peachy <pizza@shaftnet.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Mon, 3 Jun 2013 15:25:34 +0000 (17:25 +0200)]
cfg80211: take WoWLAN support information out of wiphy struct
There's no need to take up the space for devices that don't
support WoWLAN, and most drivers can even make the support
data static const (except where it's modified at runtime.)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jacob Minshall [Wed, 29 May 2013 21:32:36 +0000 (14:32 -0700)]
mac80211: set mesh formation field properly
Cap max peerings at 63 in accordance with IEEE-2012 8.4.2.100.7.
Triggers a beacon regeneration every time the number of peerings changes.
Previously this would only happen if the "accepting peerings" bit changed.
Signed-off-by: Jacob Minshall <jacob@cozybit.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 3 Jun 2013 11:51:59 +0000 (13:51 +0200)]
mac80211: fix sdata locking around __ieee80211_request_smps
My cfg80211/mac80211 locking unification broke the sdata
locking in ieee80211_set_power_mgmt, it needs to acquire
the lock for __ieee80211_request_smps(). Add the locking.
Reported-by: Jakub Kicinski <kubakici@wp.pl> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This wasn't intended to be included here, my mistake. I
accidentally merged a mac80211 fixes tree here that had
this change, when it wasn't even intended to be there.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This wasn't intended to be included here, my mistake. I
accidentally merged a mac80211 fixes tree here that had
this change, when it wasn't even intended to be there.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Felix Fietkau [Tue, 28 May 2013 16:04:44 +0000 (18:04 +0200)]
ath9k_hw: fix PA predistortion miscalibration
If any bins from the training data are skipped (i != max_index), the
calculated compensation curve gets distorted, and the signal will be
wildly overamplified. This may be the cause of the reported hardware
damage that was caused by PA predistortion (because of which PAPRD was
disabled by default).
When calculating the x_est, Y, theta values, the use of max_index and i
was reversed. i points to the bin index whereas max_index refers to the
index of the calculated arrays.
Note that PA predistortion is still disabled, it will be re-enabled
after it has been properly validated.
Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Tue, 28 May 2013 15:24:15 +0000 (17:24 +0200)]
mac80211: always send multicast on CAB queue
If the driver advertised support for a CAB queue, then we
should put all multicast frames there, otherwise sending
them can be racy with clients going to sleep while we TX
a frame. To avoid this, always TX multicast frames on the
multicast queue.
It seems like even drivers not using the queue framework
might want to do this which would mean also moving the
IEEE80211_TX_CTL_SEND_AFTER_DTIM flag assignment, but it
also seems that drivers behave differently here so that
just moving it wouldn't be a good idea. It'd be better to
modify those drivers to use the queue framework.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Felix Fietkau [Tue, 28 May 2013 11:01:53 +0000 (13:01 +0200)]
mac80211: support active monitor interfaces
Support them only if the driver advertises support for them via
IEEE80211_HW_SUPPORTS_ACTIVE_MONITOR. Unlike normal monitor interfaces,
they are added to the driver, along with their MAC address.
Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Felix Fietkau [Tue, 28 May 2013 11:01:52 +0000 (13:01 +0200)]
cfg80211: support an active monitor interface flag
An active monitor interface is one that is used for communication (via
injection). It is expected to ACK incoming unicast packets. This is
useful for running various 802.11 testing utilities that associate to an
AP via injection and manage the state in user space.
Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Hila Gonen [Wed, 13 Mar 2013 16:00:03 +0000 (18:00 +0200)]
iwlwifi: mvm: Add support for connection monitor offload
The firmware supports periodic keep alive and beacon monitoring,
so advertise connection monitor offload capability by setting
IEEE80211_HW_CONNECTION_MONITOR flag. Implement missed beacons
notification handler. Call ieee80211_beacon_loss in case of
missed beacons, so AP probing by mac80211 can be triggered.
Alexander Bondar [Tue, 21 May 2013 11:49:09 +0000 (14:49 +0300)]
iwlwifi: mvm: Change number of DTIMs to skip semantics
If skip over DTIMs is enabled the driver can specify number of DTIMs
to skip. This parameter in host-device API implies number of DTIM
periods to skip. For example, to skip one DTIM means sleep over two
DTIM periods. Change semantics accordingly. Change this parameter's
default value.
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 15 May 2013 07:30:07 +0000 (09:30 +0200)]
cfg80211: make WoWLAN configuration available to drivers
Make the current WoWLAN configuration available to drivers
at runtime. This isn't really useful for the normal WoWLAN
behaviour and accessing it can also be racy, but drivers
may use it for testing the WoWLAN device behaviour while
the host stays up & running to observe the device.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Beacon abort is used by device to increase idle dwell time when system
is idle. This algorithm is on top of beacon filtering feature. Enable
beacon abort only if power management is enabled.
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Fri, 17 May 2013 08:36:29 +0000 (10:36 +0200)]
iwlwifi: move some configuration parameters into DVM
There are a number of parameters that aren't really hardware
specific but rather define how the DVM firmware is used.
Move these into the DVM configuration.
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>