1. 08 Jul, 2011 1 commit
  2. 05 Jul, 2011 1 commit
  3. 01 Jun, 2011 1 commit
  4. 12 May, 2011 1 commit
  5. 11 May, 2011 2 commits
    • Luciano Coelho's avatar
      cfg80211/nl80211: add support for scheduled scans · 807f8a8c
      Luciano Coelho authored
      Implement new functionality for scheduled scan offload.  With this feature we
      can scan automatically at certain intervals.
      The idea is that the hardware can perform scan automatically and filter on
      desired results without waking up the host unnecessarily.
      commands to the nl80211 interface.  When results are available they are
      reported by NL80211_CMD_SCHED_SCAN_RESULTS events.  The userspace is
      informed when the scheduled scan has stopped with a
      NL80211_CMD_SCHED_SCAN_STOPPED event, which can be triggered either by
      the driver or by a call to NL80211_CMD_STOP_SCHED_SCAN.
      Signed-off-by: default avatarLuciano Coelho <coelho@ti.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    • Javier Cardona's avatar
      cfg80211: Use capability info to detect mesh beacons. · 0a35d36d
      Javier Cardona authored
      Mesh beacons no longer use all-zeroes BSSID.  Beacon frames for MBSS,
      infrastructure BSS, or IBSS are differentiated by the Capability
      Information field in the Beacon frame.  A mesh STA sets the ESS and IBSS
      subfields to 0 in transmitted Beacon or Probe Response management
      Signed-off-by: default avatarJavier Cardona <javier@cozybit.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  6. 28 Mar, 2011 2 commits
  7. 13 Dec, 2010 1 commit
  8. 06 Oct, 2010 1 commit
  9. 14 Jul, 2010 1 commit
  10. 21 May, 2010 1 commit
  11. 30 Mar, 2010 1 commit
    • Tejun Heo's avatar
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo authored
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      The script does the followings.
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
      The conversion was done in the following steps.
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
      6. percpu.h was updated not to include slab.h.
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Guess-its-ok-by: default avatarChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
  12. 26 Jan, 2010 1 commit
  13. 12 Jan, 2010 1 commit
    • Jouni Malinen's avatar
      cfg80211: Store IEs from both Beacon and Probe Response frames · 34a6eddb
      Jouni Malinen authored
      Store information elements from Beacon and Probe Response frames in
      separate buffers to allow both sets to be made available through
      nl80211. This allows user space applications to get access to IEs from
      Beacon frames even if we have received Probe Response frames from the
      BSS. Previously, the IEs from Probe Response frames would have
      overridden the IEs from Beacon frames.
      This feature is of somewhat limited use since most protocols include
      the same (or extended) information in Probe Response frames. However,
      there are couple of exceptions where the IEs from Beacon frames could
      be of some use: TIM IE is only included in Beacon frames (and it would
      be needed to figure out the DTIM period used in the BSS) and at least
      some implementations of Wireless Provisioning Services seem to include
      the full IE only in Beacon frames).
      The new BSS attribute for scan results is added to allow both the IE
      sets to be delivered. This is done in a way that maintains the
      previously used behavior for applications that are not aware of the
      new NL80211_BSS_BEACON_IES attribute.
      Signed-off-by: default avatarJouni Malinen <j@w1.fi>
      Acked-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  14. 28 Dec, 2009 1 commit
  15. 29 Nov, 2009 1 commit
  16. 28 Nov, 2009 1 commit
    • Alban Browaeys's avatar
      wireless : use a dedicated workqueue for cfg80211. · e60d7443
      Alban Browaeys authored
      This patch moves the works cleanup, scan and events to a cfg80211
      dedicated workqueue.
      Platform driver like eeepc-laptop ought to use works to rfkill (as
      new rfkill does lock in rfkill_unregister and the platform driver is
      called from rfkill_switch_all which also lock the same mutex).
      This raise a new issue in itself that the work scheduled by the platform
      driver to the global worqueue calls wiphy_unregister which flush_work
      scan and event works (which thus flush works on the global workqueue inside
      a work on the global workqueue) and also put on hold the  wdev_cleanup_work
       (which prevents the dev_put on netdev thus indefinite Usage count error on
      wifi device).
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarAlban Browaeys <prahal@yahoo.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  17. 18 Nov, 2009 2 commits
  18. 02 Nov, 2009 1 commit
    • Johannes Berg's avatar
      cfg80211: validate scan channels · 584991dc
      Johannes Berg authored
      Currently it is possible to request a scan on only
      disabled channels, which could be problematic for
      some drivers. Reject such scans, and also ignore
      disabled channels that are given. This resuls in
      the scan begin/end event only including channels
      that are actually used.
      This makes the mac80211 check for disabled channels
      superfluous. At the same time, remove the no-IBSS
      check from mac80211 -- nothing says that we should
      not find any networks on channels that cannot be
      used for an IBSS, even when operating in IBSS mode.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  19. 07 Oct, 2009 1 commit
    • Johannes Berg's avatar
      wext: refactor · 3d23e349
      Johannes Berg authored
      Refactor wext to
       * split out iwpriv handling
       * split out iwspy handling
       * split out procfs support
       * allow cfg80211 to have wireless extensions compat code
      After this, drivers need to
       - select WIRELESS_EXT	- for wext support
       - select WEXT_PRIV	- for iwpriv support
       - select WEXT_SPY	- for iwspy support
      except cfg80211 -- which gets new hooks in wext-core.c
      and can then get wext handlers without CONFIG_WIRELESS_EXT.
      Wireless extensions procfs support is auto-selected
      based on PROC_FS and anything that requires the wext core
      (i.e. WIRELESS_EXT or CFG80211_WEXT).
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  20. 23 Sep, 2009 2 commits
  21. 14 Sep, 2009 2 commits
  22. 09 Sep, 2009 1 commit
  23. 02 Sep, 2009 1 commit
    • Bob Copeland's avatar
      cfg80211: fix looping soft lockup in find_ie() · fcc6cb0c
      Bob Copeland authored
      The find_ie() function uses a size_t for the len parameter, and
      directly uses len as a loop variable.  If any received packets
      are malformed, it is possible for the decrease of len to overflow,
      and since the result is unsigned, the loop will not terminate.
      Change it to a signed int so the loop conditional works for
      negative values.
      This fixes the following soft lockup:
      [38573.102007] BUG: soft lockup - CPU#0 stuck for 61s! [phy0:2230]
      [38573.102007] Modules linked in: aes_i586 aes_generic fuse af_packet ipt_REJECT xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_state iptable_filter ip_tables x_tables acpi_cpufreq binfmt_misc dm_mirror dm_region_hash dm_log dm_multipath dm_mod kvm_intel kvm uinput i915 arc4 ecb drm snd_hda_codec_idt ath5k snd_hda_intel hid_apple mac80211 usbhid appletouch snd_hda_codec snd_pcm ath cfg80211 snd_timer i2c_algo_bit ohci1394 video snd processor ieee1394 rfkill ehci_hcd sg sky2 backlight snd_page_alloc uhci_hcd joydev output ac thermal button battery sr_mod applesmc cdrom input_polldev evdev unix [last unloaded: scsi_wait_scan]
      [38573.102007] irq event stamp: 2547724535
      [38573.102007] hardirqs last  enabled at (2547724534): [<c1002ffc>] restore_all_notrace+0x0/0x18
      [38573.102007] hardirqs last disabled at (2547724535): [<c10038f4>] apic_timer_interrupt+0x28/0x34
      [38573.102007] softirqs last  enabled at (92950144): [<c103ab48>] __do_softirq+0x108/0x210
      [38573.102007] softirqs last disabled at (92950274): [<c1348e74>] _spin_lock_bh+0x14/0x80
      [38573.102007] Pid: 2230, comm: phy0 Tainted: G        W  (2.6.31-rc7-wl #8) MacBook1,1
      [38573.102007] EIP: 0060:[<f8ea2d50>] EFLAGS: 00010292 CPU: 0
      [38573.102007] EIP is at cmp_ies+0x30/0x180 [cfg80211]
      [38573.102007] EAX: 00000082 EBX: 00000000 ECX: ffffffc1 EDX: d8efd014
      [38573.102007] ESI: ffffff7c EDI: 0000004d EBP: eee2dc50 ESP: eee2dc3c
      [38573.102007]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
      [38573.102007] CR0: 8005003b CR2: d8efd014 CR3: 01694000 CR4: 000026d0
      [38573.102007] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
      [38573.102007] DR6: ffff0ff0 DR7: 00000400
      [38573.102007] Call Trace:
      [38573.102007]  [<f8ea2f8d>] cmp_bss+0xed/0x100 [cfg80211]
      [38573.102007]  [<f8ea33e4>] cfg80211_bss_update+0x84/0x410 [cfg80211]
      [38573.102007]  [<f8ea3884>] cfg80211_inform_bss_frame+0x114/0x180 [cfg80211]
      [38573.102007]  [<f97255ff>] ieee80211_bss_info_update+0x4f/0x180 [mac80211]
      [38573.102007]  [<f972b118>] ieee80211_rx_bss_info+0x88/0xf0 [mac80211]
      [38573.102007]  [<f9739297>] ? ieee802_11_parse_elems+0x27/0x30 [mac80211]
      [38573.102007]  [<f972b224>] ieee80211_rx_mgmt_probe_resp+0xa4/0x1c0 [mac80211]
      [38573.102007]  [<f972bc59>] ieee80211_sta_rx_queued_mgmt+0x919/0xc50 [mac80211]
      [38573.102007]  [<c1009707>] ? sched_clock+0x27/0xa0
      [38573.102007]  [<c1009707>] ? sched_clock+0x27/0xa0
      [38573.102007]  [<c105ffd0>] ? mark_held_locks+0x60/0x80
      [38573.102007]  [<c1348be5>] ? _spin_unlock_irqrestore+0x55/0x70
      [38573.102007]  [<c134baa5>] ? sub_preempt_count+0x85/0xc0
      [38573.102007]  [<c1348bce>] ? _spin_unlock_irqrestore+0x3e/0x70
      [38573.102007]  [<c12c1c0f>] ? skb_dequeue+0x4f/0x70
      [38573.102007]  [<f972c021>] ieee80211_sta_work+0x91/0xb80 [mac80211]
      [38573.102007]  [<c1009707>] ? sched_clock+0x27/0xa0
      [38573.102007]  [<c134baa5>] ? sub_preempt_count+0x85/0xc0
      [38573.102007]  [<c10479af>] worker_thread+0x18f/0x320
      [38573.102007]  [<c104794e>] ? worker_thread+0x12e/0x320
      [38573.102007]  [<c1348be5>] ? _spin_unlock_irqrestore+0x55/0x70
      [38573.102007]  [<f972bf90>] ? ieee80211_sta_work+0x0/0xb80 [mac80211]
      [38573.102007]  [<c104cbb0>] ? autoremove_wake_function+0x0/0x50
      [38573.102007]  [<c1047820>] ? worker_thread+0x0/0x320
      [38573.102007]  [<c104c854>] kthread+0x84/0x90
      [38573.102007]  [<c104c7d0>] ? kthread+0x0/0x90
      [38573.102007]  [<c1003ab7>] kernel_thread_helper+0x7/0x10
      Cc: stable@kernel.org
      Signed-off-by: default avatarBob Copeland <me@bobcopeland.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  24. 28 Aug, 2009 1 commit
  25. 14 Aug, 2009 3 commits
    • Johannes Berg's avatar
      cfg80211: check for and abort dangling scan requests · 36e6fea8
      Johannes Berg authored
      If you trigger a scan request on an interface and then
      take it down, or rmmod the module or unplug the device
      the driver might "forget" to cancel the scan request.
      That is a bug in the driver, but the current behaviour
      is that we just hang endlessly waiting for the netdev
      refcount to become 0 which it never will. To improve
      robustness, check for this situation in cfg80211, warn
      about it and clean up behind the driver. I don't just
      clean up silently because it's likely that the driver
      also has some internal state it has now leaked.
      Additionally, this fixes a locking bug, clearing the
      scan_req pointer should be done under the rdev lock.
      Finally, we also need to _wait_ for the scan work and
      not just abort it since it might be pending and wanting
      to do a cleanup.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    • Johannes Berg's avatar
      cfg80211: fix alignment problem in scan request · 5ba63533
      Johannes Berg authored
      The memory layout for scan requests was rather wrong,
      we put the scan SSIDs before the channels which could
      lead to the channel pointers being unaligned in memory.
      It turns out that using a pointer to the channel array
      isn't necessary anyway since we can embed a zero-length
      array into the struct.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    • Johannes Berg's avatar
      nl80211: add generation number to all dumps · f5ea9120
      Johannes Berg authored
      In order for userspace to be able to figure out whether
      it obtained a consistent snapshot of data or not when
      using netlink dumps, we need to have a generation number
      in each dump message that indicates whether the list has
      changed or not -- its value is arbitrary.
      This patch adds such a number to all dumps, this needs
      some mac80211 involvement to keep track of a generation
      number to start with when adding/removing mesh paths or
      The wiphy and netdev lists can be fully handled within
      cfg80211, of course, but generation numbers need to be
      stored there as well.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  26. 03 Aug, 2009 1 commit
  27. 29 Jul, 2009 1 commit
  28. 27 Jul, 2009 2 commits
    • Helmut Schaa's avatar
      cfg80211: increase scan result expire time · 09f97e0f
      Helmut Schaa authored
      Using background scanning in mac80211 the time a scan needs to
      finish can exceed 10 seconds. Hence, increase the scan results
      expire time to 15 seconds which should be sufficient.
      Signed-off-by: default avatarHelmut Schaa <helmut.schaa@googlemail.com>
      Acked-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    • Johannes Berg's avatar
      cfg80211: make aware of net namespaces · 463d0183
      Johannes Berg authored
      In order to make cfg80211/nl80211 aware of network namespaces,
      we have to do the following things:
       * del_virtual_intf method takes an interface index rather
         than a netdev pointer - simply change this
       * nl80211 uses init_net a lot, it changes to use the sender's
         network namespace
       * scan requests use the interface index, hold a netdev pointer
         and reference instead
       * we want a wiphy and its associated virtual interfaces to be
         in one netns together, so
          - we need to be able to change ns for a given interface, so
            export dev_change_net_namespace()
          - for each virtual interface set the NETIF_F_NETNS_LOCAL
            flag, and clear that flag only when the wiphy changes ns,
            to disallow breaking this invariant
       * when a network namespace goes away, we need to reparent the
         wiphy to init_net
       * cfg80211 users that support creating virtual interfaces must
         create them in the wiphy's namespace, currently this affects
         only mac80211
      The end result is that you can now switch an entire wiphy into
      a different network namespace with the new command
      	iw phy#<idx> set netns <pid>
      and all virtual interfaces will follow (or the operation fails).
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  29. 21 Jul, 2009 1 commit
    • Christian Lamparter's avatar
      cfg80211: double free in __cfg80211_scan_done · 9e81eccf
      Christian Lamparter authored
      This patch fixes a double free corruption in __cfg80211_scan_done:
       BUG kmalloc-512: Object already free
       INFO: Allocated in load_elf_binary+0x18b/0x19af age=6
       INFO: Freed in load_elf_binary+0x104e/0x19af age=5
       INFO: Slab 0xffffea0001bae4c0 objects=14 used=7
       INFO: Object 0xffff88007e8a9918 @offset=6424 fp=0xffff88007e8a9488
       Bytes b4 0xffff88007e8a9908:  00 00 00 00 00 00 00 00 5a 5a
       Pid: 28705, comm: rmmod Tainted: P         C 2.6.31-rc2-wl #1
       Call Trace:
        [<ffffffff810da9f4>] print_trailer+0x14e/0x16e
        [<ffffffff810daa56>] object_err+0x42/0x61
        [<ffffffff810dbcd9>] __slab_free+0x2af/0x396
        [<ffffffffa0ec9694>] ? wiphy_unregister+0x92/0x142 [cfg80211]
        [<ffffffff810dd5e3>] kfree+0x13c/0x17a
        [<ffffffffa0ec9694>] ? wiphy_unregister+0x92/0x142 [cfg80211]
        [<ffffffffa0ec9694>] wiphy_unregister+0x92/0x142 [cfg80211]
        [<ffffffffa0eed163>] ieee80211_unregister_hw+0xc8/0xff [mac80211]
        [<ffffffffa0f3fbc8>] p54_unregister_common+0x31/0x66 [p54common]
       FIX kmalloc-512: Object at 0xffff88007e8a9918 not freed
      The code path which leads to the *funny* double free:
             request = rdev->scan_req;
             dev = dev_get_by_index(&init_net, request->ifidx);
      	 * the driver was unloaded recently and
      	 * therefore dev_get_by_index will return NULL!
              if (!dev)
                      goto out;
      	rdev->scan_req = NULL; /* not executed... */
      Signed-off-by: default avatarChristian Lamparter <chunkeey@web.de>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
  30. 10 Jul, 2009 3 commits
    • Johannes Berg's avatar
      cfg80211: fix locking · 667503dd
      Johannes Berg authored
      Over time, a lot of locking issues have crept into
      the smarts of cfg80211, so e.g. scan completion can
      race against a new scan, IBSS join can race against
      leaving an IBSS, etc.
      Introduce a new per-interface lock that protects
      most of the per-interface data that we need to keep
      track of, and sprinkle assertions about that lock
      everywhere. Some things now need to be offloaded to
      work structs so that we don't require being able to
      sleep in functions the drivers call. The exception
      to that are the MLME callbacks (rx_auth etc.) that
      currently only mac80211 calls because it was easier
      to do that there instead of in cfg80211, and future
      drivers implementing those calls will, if they ever
      exist, probably need to use a similar scheme like
      mac80211 anyway...
      In order to be able to handle _deauth and _disassoc
      properly, introduce a cookie passed to it that will
      determine locking requirements.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    • Johannes Berg's avatar
      cfg80211: properly name driver locking · 4d0c8aea
      Johannes Berg authored
      Currently we call that cfg80211_put_dev(), but that is
      misleading. With the new convention of using 'rdev' for
      registered_device variables, also call that function
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    • Johannes Berg's avatar
      cfg80211: keep track of BSSes · 19957bb3
      Johannes Berg authored
      In order to avoid problems with BSS structs going away
      while they're in use, I've long wanted to make cfg80211
      keep track of them. Without the SME, that wasn't doable
      but now that we have the SME we can do this too. It can
      keep track of up to four separate authentications and
      one association, regardless of whether it's controlled
      by the cfg80211 SME or the userspace SME.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>