Larry Finger [Thu, 25 Oct 2012 18:46:30 +0000 (13:46 -0500)]
rtlwifi: rtl8192c: rtl8192ce: Add support for B-CUT version of RTL8188CE
Realtek devices with designation RTL8188CE-VL have the so-called B-cut
of the wireless chip. This patch adds the special programming needed by
these devices. In addition, a variable that was static has been moved into
the private data area as it is now needed in two different routines. This
change also fixes a minor bug that would be present if a system had more
than one RTL81{88,92}CE devices. Other drivers in the rtlwifi family had
already made this change, thus the variable already exists in the private
data structure.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Anisse Astier <anisse@astier.eu> Cc: Li Chaoming <chaoming_li@realsil.com.cn> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Whenever WLAN receives scheduling msg from BT, it reduces tx power
based on RSSI level. And then BT starts simultaneous transmission
along with WLAN. Sometimes HW MAC compares tx power that is used
prior to power reduction which is causing BT transmission to defer.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This reduced the power consumption to half in full and network sleep.
Cc: stable@vger.kernel.org Cc: Paul Stewart <pstew@chromium.org> Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Pontus Fuchs [Tue, 23 Oct 2012 18:33:57 +0000 (20:33 +0200)]
ar5523: Add new driver
This driver is for the AR5523 chipset from Atheros. It was created
in 2007 by Christoph Hellwig but it was never finished. I found it a
couple of months ago and after some polishing it's working pretty
fine.
The driver was written with the FreeBSD driver (uath) as reference,
which was written with the reverse-engineered windows driver as
reference, hence the feature set is very limited. Station mode
only, no HW crypto offload.
Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 22 Oct 2012 20:55:41 +0000 (13:55 -0700)]
brcmfmac: store IEs per virtual interface
For AP feature the IEs are stored in global structure. For future
functionality like P2P-GO it needs to be stored per virtual interface
so better store it in the virtual interface structure.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 22 Oct 2012 20:55:38 +0000 (13:55 -0700)]
brcmfmac: use memset when setting a broadcast mac address
The driver had a global constant ether_bcast, which was copied
whenever a broadcast mac address was needed. This patch does a
memset(dest, 0xFF, ETH_ALEN) instead and consequently removes
the global ether_bcast.
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 22 Oct 2012 20:55:36 +0000 (13:55 -0700)]
brcmfmac: remove unused enumeration wl_prof_list
The enumeration wl_prof_list is no longer used so it can be safely
removed.
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 22 Oct 2012 20:55:34 +0000 (13:55 -0700)]
brcmfmac: remove debugfs functionality from wl_cfg80211.c
In wl_cfg80211.c debugfs directory was created to expose
dtim_period and beacon_interval. However, this can be easily
obtained using iw so it is removed from the driver.
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 22 Oct 2012 20:55:33 +0000 (13:55 -0700)]
brcmfmac: separate connection status from scanning status
The connection status is to be kept per virtual interface and
the scanning status is for device. So they need to be separated
for multiple interface support.
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 22 Oct 2012 20:55:32 +0000 (13:55 -0700)]
brcmfmac: use vif struct to check_sys_up() function
This checks the status that will soon be moved to virtual
interface data so preparing for that use the structure
brcmf_cfg80211_vif as parameter instead.
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by: Hante Meulemen <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 22 Oct 2012 20:55:31 +0000 (13:55 -0700)]
brcmfmac: store profile information per virtual interface
The profile information applies to an interface so each virtual
interface needs it. So it is removed from brcmf_cfg80211_info
and added to brcmf_cfg80211_vif structure.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 22 Oct 2012 17:36:23 +0000 (10:36 -0700)]
brcmfmac: use struct brcmf_if as interface object for fwil functions
The functions for communicating were given the net_device only because
its private data contained struct brcmf_if object. However, not all
firmware related interfaces will be associated with a net_device. To
accomodate provisioning firmware for such interfaces the struct
brcmf_if object will be passed to the fwil functions.
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 22 Oct 2012 17:36:22 +0000 (10:36 -0700)]
brcmfmac: add function converting ieee80211_channel to chanspec
The firmware carries channel information in a different format
as the provided ieee80211_channel structure. Conversion is needed
when receiving requests from cfg80211 carrying ieee80211_channel
structures. This patch adds a utility function to do that.
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 22 Oct 2012 17:36:21 +0000 (10:36 -0700)]
brcmfmac: use bssidx from struct brcmf_if for bsscfg specific commands
The firmware interface has functions to send bsscfg specific commands
to the device. These functions currently have a bssidx parameter, but
that same information is stored in struct brcmf_if, which is in the
private data of the net_device parameter.
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 22 Oct 2012 17:36:20 +0000 (10:36 -0700)]
brcmfmac: rework driver initialization in brcmf_bus_start()
In brcmf_bus_start() a number of settings are sent to the device. For
this functions are used that bypass the common firmware interface.
By reordering the code in brcmf_bus_start() this bypass can be removed.
Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Arend van Spriel [Mon, 22 Oct 2012 17:36:19 +0000 (10:36 -0700)]
brcmfmac: extend struct brcmf_if with bssidx field
When the firmware notifies the driver about adding a new interface
it also provides an index for the bss associated with this interface.
This index will be needed for upcoming features like peer-to-peer.
By adding this index in struct brcmf_if it is easy to obtain as this
will be associated with the net_device private data.
Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hante Meuleman [Mon, 22 Oct 2012 17:36:18 +0000 (10:36 -0700)]
brcmfmac: clean usb download code.
reuse ioctl waiting method.
Reviewed-by: Arend Van Spriel <arend@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hante Meuleman [Mon, 22 Oct 2012 17:36:17 +0000 (10:36 -0700)]
brcmfmac: remove redundant function brcmf_c_mkiovar_bsscfg
function brcmf_c_mkiovar_bsscfg became redundant with refactoring
of firmware interface layer.
Reviewed-by: Arend Van Spriel <arend@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hante Meuleman [Mon, 22 Oct 2012 17:36:16 +0000 (10:36 -0700)]
brcmfmac: change testmode command to use new firmware interface layer
switch to new firmware interface layer and remove redundant code.
Reviewed-by: Arend Van Spriel <arend@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hante Meuleman [Mon, 22 Oct 2012 17:36:15 +0000 (10:36 -0700)]
brcmfmac: remove unused iswl variable.
Variable iswl always gets initialised to the same and support for
this var is not needed.
Reviewed-by: Arend Van Spriel <arend@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Franky Lin <frankyl@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
carl9170_handle_mpdu is the final part of the
rx path of the driver. It splits the raw data
streams from the device into skb packets and
passes them on to mac80211. As a result of
continuous updates, it grew over the years when
new code was added by the following commits:
- report A-MPDU status
- fix HT peer BA session corruption
- A-MPDU frame type filter
- ...
This patch splits the routine into two stages.
The first stage only deals with the details
about extracting and verifying the data from
the incoming stream. Whereas the second stage
packs it into skbs and passes it on to mac80211.
Reported-by: Javier Lopez <jlopex@cozybit.com> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Avinash Patil [Sat, 20 Oct 2012 02:19:21 +0000 (19:19 -0700)]
mwifiex: rx path enhancement to derive priv only once
We derive mwifiex_private structure which is per interface from
received skb's rx_info. Once priv is derived, same priv can be
propagated to other functions instead of callee deriving priv
from rx_info again.
Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Avinash Patil [Sat, 20 Oct 2012 02:19:20 +0000 (19:19 -0700)]
mwifiex: handle extended supported rates IE for AP
During start_ap handler, some rates come as extended supported
rates IE - part of beacon tail IE. This patch adds support for
parsing them and adding to bss_rates TLV for bss_start command
to firmware.
Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
We made "34202ee.." because we didn't support custom regulatory rules
at that time. But now we use our own custom regulatory rules, so it
needs to be changed back.
Also, chan->max_power calculations in cfg80211 were broken. Hence we
started using chan->max_reg_power. Now it has got fixed in
following commit.
Amitkumar Karwar [Sat, 20 Oct 2012 02:19:18 +0000 (19:19 -0700)]
mwifiex: disable channel filtering for SSID specific scan from user
If MWIFIEX_DISABLE_CHAN_FILT bit in scan mode bitmap is set,
firmware will turn off the filtering of scan responses from
adjacent channels.
Currently the bit is set only for internal SSID specific scan
performed during association. We will set it for user requested
SSID specific scan as well.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Amitkumar Karwar [Sat, 20 Oct 2012 02:19:17 +0000 (19:19 -0700)]
mwifiex: minor cleanup and a fix in scan semaphore usage
mwifiex_request_scan() takes care of synchronous internal scan
performed by driver during association.
Currently the semaphore acquired for the scan is unnecessarily
released at the end of different paths. Also, failure paths
returning error code other than "-1" are not considered.
We will release it at the end of routine to fix above issues.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Amitkumar Karwar [Sat, 20 Oct 2012 02:19:16 +0000 (19:19 -0700)]
mwifiex: abort scan upon interface down
When the interface is down, we will abort scan by calling
cfg80211_scan_done() with abort option. This fixes WARN_ON
triggered by cfg80211 in wdev_cleanup_work().
Driver's internal variables/flags are cleared once we get
response for current scan command. Meanwhile we will block
new scan request from cfg80211.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Yuanhan Liu [Tue, 16 Oct 2012 14:59:02 +0000 (22:59 +0800)]
bcma: suspend/resume callbacks should be conditionally compiled on CONFIG_PM_SLEEP
This will fix warnings like following when CONFIG_PM_SLEEP is not set:
warning: 'xxx_suspend' defined but not used [-Wunused-function]
warning: 'xxx_resume' defined but not used [-Wunused-function]
Because
SET_SYSTEM_SLEEP_PM_OPS(suspend_fn, resume_fn)
Only references the callbacks on CONFIG_PM_SLEEP (instead of CONFIG_PM).
Cc: John W. Linville <linville@tuxdriver.com> Cc: "Rafał Miłecki" <zajec5@gmail.com> Cc: linux-wireless@vger.kernel.org Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com> Signed-off-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
When the BT connection is initiated by headset, it's possible that headset
requests to make one A2DP and one Voice connection over the same link.
BT firmware will send a new profile A2DP_Voice in this case. So WLAN
has to take care of this new profile for tuning BTCOEX parameters.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
While resuming from S3, BT host issues HCI reset command and it
causes BT firmware to busy with security key calculation. At this
movement, WLAN detects MCI hardware error of MCI_CONT_INFO_TIMEOUT
and then it starts the recovery sequence repeatedly. Too many
recovery sequences would exhaust the BT kernel message pool. This
patch imposes a duration between consecutive BT recovery procedure.
Thus it solves BT firmware panic issue reported in AR9565.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Self generated MCI messages is configured to use chain 1. As
ar9565 is 1x1 solution, It can not use Chain 1. Hence fix
Chain 1 for ar9462 alone. Not doing so, could affect WLAN
connectivity in ar9565 as LNA sharing is not informed by BT.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
The simulataneous transmission of both WLAN and BT might cause
increase in power levels. To avoid regulatory violation, WLAN tx
power will be adjusted according to BT power index based on avaliability
of BT scheduling messages. WLAN tx power reduction might affect its
performance. So WLAN tx power is only be lowered when the signal strength
is good enough. Otherwise concurrent tx will be disabled and WLAN uses
it default power levels. Also concurrent tx is disabled whenever WLAN is
moving to off-channel which might be used by BT.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
It is useful to have channel mode in caldata to find out
whether operaing channel is in HT40/20 when we are currently
on offchannel. It will be used by BTCOEX to enable/disable
concurrent tx mechanism later.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
ath9k: Add concurrent WLAN and BT tx support for MCI based chips
This feature enables both WLAN and BT can transmit simultaneously
by setting WLAN and BT to equal priorities. Whenever both are
transmitting, it might violate regulatory power limits. To avoid
regulatory violation, WLAN tx power will be adjusted according to BT
power index based on avaliability of BT scheduling message. If the
combined power exceeds threshold, BT transmission will be held off.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
WLAN updates channel bitmap when associated and disassociated. Channel
bitmap will reflect whare are the channels used or affected by WLAN and
BT should avoid using those. Not doing so, could affect BT traffic
as both WLAN and BT is operating on same channel.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
ath9k_htc: Remove interface combination specific checks
Once the driver advertizes interface combination logic
based on its firmware/hardware limitation, cfg80211
takes care of all the necessary logic such as maximum
beaconing vifs, standlone interface etc.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This will allow us to create virtual interface the driver supports.
Also this ensures multivif support and limitation advertised
by the driver is taken care in cfg80211 itself.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
ath9k: Ensure we set FTP_STOMP_LOW weight when WLAN is idle
When WLAN is idle ensure we downgrade to FTP_STOMP_LOW weight
(from STOMP_LOW) to provide more bandwidth for BT FTP profile.
WLAN's idleness can be estimated by taking into account of the
rx data packets and just ignore beacons, qos nullfunc etc.
Also update bt_wait_time even if the chip is in NETWORK SLEEP
mode. This should help BT throughput when WLAN is idle.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
carl9170: fix spurious transmissions in sniffer mode
Several people have complained about an unusual
and undocumented feature of the AR9170 hardware:
In siffer mode, the hardware generates spurious
ACK frames for every received frame... even
broadcasts.
The reason for this malfunction is unknown:
<http://marc.info/?l=linux-wireless&m=134517238506033>
But there's a workaround: Instead of the special
sniffer mode, the hardware will be put into
station mode and all rx filters are disabled.
Reported-by: Johannes Berg <johannes@sipsolutions.net> Reported-by: Marco Fonseca <marco@tampabay.rr.com> Reported-by: Janusz Dziedzic <janusz.dziedzic@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Mon, 29 Oct 2012 18:52:37 +0000 (14:52 -0400)]
Merge tag 'nfc-next-3.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-3.0
This is the first NFC pull request for 3.8
With this one we have:
- pn544 p2p support.
- pn544 physical and HCI layers separation. We are getting the pn544 driver
ready to support non i2c physical layers.
- LLCP SNL (Service Name Lookup). This is the NFC p2p service discovery
protocol.
- LLCP datagram sockets (connection less) support.
- IDR library usage for NFC devices indexes assignement.
- NFC netlink extension for setting and getting LLCP link characteristics.
- Various code style fixes and cleanups spread over the pn533, LLCP, HCI and
pn544 code.
Felix Fietkau [Thu, 25 Oct 2012 22:31:11 +0000 (00:31 +0200)]
ath9k: fix stale pointers potentially causing access to free'd skbs
bf->bf_next is only while buffers are chained as part of an A-MPDU
in the tx queue. When a tid queue is flushed (e.g. on tearing down
an aggregation session), frames can be enqueued again as normal
transmission, without bf_next being cleared. This can lead to the
old pointer being dereferenced again later.
This patch might fix crashes and "Failed to stop TX DMA!" messages.
Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@vger.kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
Thierry Escande [Wed, 17 Oct 2012 12:43:39 +0000 (14:43 +0200)]
NFC: Extend netlink interface for LTO, RW, and MIUX parameters support
NFC_CMD_LLC_GET_PARAMS: request LTO, RW, and MIUX parameters for a device
NFC_CMD_LLC_SET_PARAMS: set one or more of LTO, RW, and MIUX parameters for
a device. LTO must be set before the link is up otherwise -EINPROGRESS is
returned. RW and MIUX can be set at anytime and will be passed in subsequent
CONNECT and CC messages. If one of the passed parameters is wrong none is
set and -EINVAL is returned.
Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Johannes Berg [Thu, 25 Oct 2012 22:41:23 +0000 (00:41 +0200)]
mac80211: make sure data is accessible in EAPOL check
The code to allow EAPOL frames even when the station
isn't yet marked associated needs to check that the
incoming frame is long enough and due to paged RX it
also can't assume skb->data contains the right data,
it must use skb_copy_bits(). Fix this to avoid using
data that doesn't really exist.
Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Thu, 25 Oct 2012 22:36:40 +0000 (00:36 +0200)]
mac80211: verify that skb data is present
A number of places in the mesh code don't check that
the frame data is present and in the skb header when
trying to access. Add those checks and the necessary
pskb_may_pull() calls. This prevents accessing data
that doesn't actually exist.
To do this, export ieee80211_get_mesh_hdrlen() to be
able to use it in mac80211.
Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Thu, 25 Oct 2012 22:33:36 +0000 (00:33 +0200)]
mac80211: check management frame header length
Due to pskb_may_pull() checking the skb length, all
non-management frames are checked on input whether
their 802.11 header is fully present. Also add that
check for management frames and remove a check that
is now duplicate. This prevents accessing skb data
beyond the frame end.
Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Thu, 25 Oct 2012 19:51:59 +0000 (21:51 +0200)]
wireless: drop invalid mesh address extension frames
The mesh header can have address extension by a 4th
or a 5th and 6th address, but never both. Drop such
frames in 802.11 -> 802.3 conversion along with any
frames that have the wrong extension.
Cc: stable@vger.kernel.org Reviewed-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The 'ssid' field of the cfg80211_ibss_params is a u8 pointer and
its length is likely to be less than IEEE80211_MAX_SSID_LEN most
of the time.
This patch fixes the ssid copy in ieee80211_ibss_join() by using
the SSID length to prevent it from reading beyond the string.
Cc: stable@vger.kernel.org Signed-off-by: Antonio Quartulli <ordex@autistici.org>
[rewrapped commit message, small rewording] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Samuel Ortiz [Fri, 26 Oct 2012 16:20:10 +0000 (18:20 +0200)]
NFC: Purge LLCP socket Tx queues when being disconnected
The Tx queues are no longer valid when we receive a disconnection or when
the LLCP link goes down. In the later case we also purge the entire local
Tx queue.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Kees Cook [Tue, 23 Oct 2012 20:04:11 +0000 (13:04 -0700)]
NFC: Remove CONFIG_EXPERIMENTAL from the NCI Makefile
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Kees Cook [Tue, 23 Oct 2012 20:04:10 +0000 (13:04 -0700)]
NFC: Remove CONFIG_EXPERIMENTAL from the LLCP Makefile
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Kees Cook [Tue, 23 Oct 2012 20:04:09 +0000 (13:04 -0700)]
NFC: Remove CONFIG_EXPERIMENTAL
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Samuel Ortiz [Mon, 15 Oct 2012 12:28:13 +0000 (14:28 +0200)]
NFC: Reserve LLCP ssap when replying to an SNL frame
Replying to an SNL (Service Name Lookup) means that the other end of
the link can now rely on our answer (Which is an ssap) and thus we have
to reserve it.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
projects / karo-tx-linux.git / log