1. 27 Jul, 2009 2 commits
    • Helmut Schaa's avatar
      cfg80211: increase scan result expire time · 09f97e0f
      Helmut Schaa authored
      
      
      Using background scanning in mac80211 the time a scan needs to
      finish can exceed 10 seconds. Hence, increase the scan results
      expire time to 15 seconds which should be sufficient.
      Signed-off-by: default avatarHelmut Schaa <helmut.schaa@googlemail.com>
      Acked-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      09f97e0f
    • Johannes Berg's avatar
      cfg80211: make aware of net namespaces · 463d0183
      Johannes Berg authored
      
      
      In order to make cfg80211/nl80211 aware of network namespaces,
      we have to do the following things:
      
       * del_virtual_intf method takes an interface index rather
         than a netdev pointer - simply change this
      
       * nl80211 uses init_net a lot, it changes to use the sender's
         network namespace
      
       * scan requests use the interface index, hold a netdev pointer
         and reference instead
      
       * we want a wiphy and its associated virtual interfaces to be
         in one netns together, so
          - we need to be able to change ns for a given interface, so
            export dev_change_net_namespace()
          - for each virtual interface set the NETIF_F_NETNS_LOCAL
            flag, and clear that flag only when the wiphy changes ns,
            to disallow breaking this invariant
      
       * when a network namespace goes away, we need to reparent the
         wiphy to init_net
      
       * cfg80211 users that support creating virtual interfaces must
         create them in the wiphy's namespace, currently this affects
         only mac80211
      
      The end result is that you can now switch an entire wiphy into
      a different network namespace with the new command
      	iw phy#<idx> set netns <pid>
      and all virtual interfaces will follow (or the operation fails).
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      463d0183
  2. 24 Jul, 2009 19 commits
  3. 21 Jul, 2009 2 commits
    • Christian Lamparter's avatar
      cfg80211: double free in __cfg80211_scan_done · 9e81eccf
      Christian Lamparter authored
      
      
      This patch fixes a double free corruption in __cfg80211_scan_done:
      
       ================================================
       BUG kmalloc-512: Object already free
       ------------------------------------------------
      
       INFO: Allocated in load_elf_binary+0x18b/0x19af age=6
       INFO: Freed in load_elf_binary+0x104e/0x19af age=5
       INFO: Slab 0xffffea0001bae4c0 objects=14 used=7
       INFO: Object 0xffff88007e8a9918 @offset=6424 fp=0xffff88007e8a9488
      
       Bytes b4 0xffff88007e8a9908:  00 00 00 00 00 00 00 00 5a 5a
       [...]
       Pid: 28705, comm: rmmod Tainted: P         C 2.6.31-rc2-wl #1
       Call Trace:
        [<ffffffff810da9f4>] print_trailer+0x14e/0x16e
        [<ffffffff810daa56>] object_err+0x42/0x61
        [<ffffffff810dbcd9>] __slab_free+0x2af/0x396
        [<ffffffffa0ec9694>] ? wiphy_unregister+0x92/0x142 [cfg80211]
        [<ffffffff810dd5e3>] kfree+0x13c/0x17a
        [<ffffffffa0ec9694>] ? wiphy_unregister+0x92/0x142 [cfg80211]
        [<ffffffffa0ec9694>] wiphy_unregister+0x92/0x142 [cfg80211]
        [<ffffffffa0eed163>] ieee80211_unregister_hw+0xc8/0xff [mac80211]
        [<ffffffffa0f3fbc8>] p54_unregister_common+0x31/0x66 [p54common]
        [...]
       FIX kmalloc-512: Object at 0xffff88007e8a9918 not freed
      
      The code path which leads to the *funny* double free:
      
             request = rdev->scan_req;
             dev = dev_get_by_index(&init_net, request->ifidx);
      	/*
      	 * the driver was unloaded recently and
      	 * therefore dev_get_by_index will return NULL!
      	 */
              if (!dev)
                      goto out;
      	[...]
      	rdev->scan_req = NULL; /* not executed... */
      	[...]
       out:
              kfree(request);
      Signed-off-by: default avatarChristian Lamparter <chunkeey@web.de>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      9e81eccf
    • Niko Jokinen's avatar
      nl80211: Memory leak fixed · 6c95e2a2
      Niko Jokinen authored
      
      
      Potential memory leak via msg pointer in nl80211_get_key() function.
      Signed-off-by: default avatarNiko Jokinen <ext-niko.k.jokinen@nokia.com>
      Signed-off-by: default avatarLuciano Coelho <luciano.coelho@nokia.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      6c95e2a2
  4. 15 Jul, 2009 3 commits
    • Johannes Berg's avatar
      net/compat/wext: send different messages to compat tasks · 1dacc76d
      Johannes Berg authored
      
      
      Wireless extensions have the unfortunate problem that events
      are multicast netlink messages, and are not independent of
      pointer size. Thus, currently 32-bit tasks on 64-bit platforms
      cannot properly receive events and fail with all kinds of
      strange problems, for instance wpa_supplicant never notices
      disassociations, due to the way the 64-bit event looks (to a
      32-bit process), the fact that the address is all zeroes is
      lost, it thinks instead it is 00:00:00:00:01:00.
      
      The same problem existed with the ioctls, until David Miller
      fixed those some time ago in an heroic effort.
      
      A different problem caused by this is that we cannot send the
      ASSOCREQIE/ASSOCRESPIE events because sending them causes a
      32-bit wpa_supplicant on a 64-bit system to overwrite its
      internal information, which is worse than it not getting the
      information at all -- so we currently resort to sending a
      custom string event that it then parses. This, however, has a
      severe size limitation we are frequently hitting with modern
      access points; this limitation would can be lifted after this
      patch by sending the correct binary, not custom, event.
      
      A similar problem apparently happens for some other netlink
      users on x86_64 with 32-bit tasks due to the alignment for
      64-bit quantities.
      
      In order to fix these problems, I have implemented a way to
      send compat messages to tasks. When sending an event, we send
      the non-compat event data together with a compat event data in
      skb_shinfo(main_skb)->frag_list. Then, when the event is read
      from the socket, the netlink code makes sure to pass out only
      the skb that is compatible with the task. This approach was
      suggested by David Miller, my original approach required
      always sending two skbs but that had various small problems.
      
      To determine whether compat is needed or not, I have used the
      MSG_CMSG_COMPAT flag, and adjusted the call path for recv and
      recvfrom to include it, even if those calls do not have a cmsg
      parameter.
      
      I have not solved one small part of the problem, and I don't
      think it is necessary to: if a 32-bit application uses read()
      rather than any form of recvmsg() it will still get the wrong
      (64-bit) event. However, neither do applications actually do
      this, nor would it be a regression.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1dacc76d
    • Johannes Berg's avatar
      wext: optimise, comment and fix event sending · 4f45b2cd
      Johannes Berg authored
      
      
      The current function for sending events first allocates the
      event stream buffer, and then an skb to copy the event stream
      into. This can be done in one go. Also, the current function
      leaks kernel data to userspace in a 4 uninitialised bytes,
      initialise those explicitly. Finally also add a few useful
      comments, as opposed to the current comments.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4f45b2cd
    • Johannes Berg's avatar
      wireless extensions: make netns aware · b333b3d2
      Johannes Berg authored
      
      
      This makes wireless extensions netns aware. The
      tasklet sending the events is converted to a work
      struct so that we can rtnl_lock() in it.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b333b3d2
  5. 12 Jul, 2009 1 commit
    • Johannes Berg's avatar
      genetlink: make netns aware · 134e6375
      Johannes Berg authored
      
      
      This makes generic netlink network namespace aware. No
      generic netlink families except for the controller family
      are made namespace aware, they need to be checked one by
      one and then set the family->netnsok member to true.
      
      A new function genlmsg_multicast_netns() is introduced to
      allow sending a multicast message in a given namespace,
      for example when it applies to an object that lives in
      that namespace, a new function genlmsg_multicast_allns()
      to send a message to all network namespaces (for objects
      that do not have an associated netns).
      
      The function genlmsg_multicast() is changed to multicast
      the message in just init_net, which is currently correct
      for all generic netlink families since they only work in
      init_net right now. Some will later want to work in all
      net namespaces because they do not care about the netns
      at all -- those will have to be converted to use one of
      the new functions genlmsg_multicast_allns() or
      genlmsg_multicast_netns() whenever they are made netns
      aware in some way.
      
      After this patch families can easily decide whether or
      not they should be available in all net namespaces. Many
      genl families us it for objects not related to networking
      and should therefore be available in all namespaces, but
      that will have to be done on a per family basis.
      
      Note that this doesn't touch on the checkpoint/restart
      problem where network namespaces could be used, genl
      families and multicast groups are numbered globally and
      I see no easy way of changing that, especially since it
      must be possible to multicast to all network namespaces
      for those families that do not care about netns.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      134e6375
  6. 10 Jul, 2009 13 commits