1. 12 Feb, 2010 1 commit
    • Patrick McHardy's avatar
      ipv6: fib: fix crash when changing large fib while dumping it · 2bec5a36
      Patrick McHardy authored
      
      
      When the fib size exceeds what can be dumped in a single skb, the
      dump is suspended and resumed once the last skb has been received
      by userspace. When the fib is changed while the dump is suspended,
      the walker might contain stale pointers, causing a crash when the
      dump is resumed.
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
      IP: [<ffffffffa01bce04>] fib6_walk_continue+0xbb/0x124 [ipv6]
      PGD 5347a067 PUD 65c7067 PMD 0
      Oops: 0000 [#1] PREEMPT SMP
      ...
      RIP: 0010:[<ffffffffa01bce04>]
      [<ffffffffa01bce04>] fib6_walk_continue+0xbb/0x124 [ipv6]
      ...
      Call Trace:
       [<ffffffff8104aca3>] ? mutex_spin_on_owner+0x59/0x71
       [<ffffffffa01bd105>] inet6_dump_fib+0x11b/0x1b9 [ipv6]
       [<ffffffff81371af4>] netlink_dump+0x5b/0x19e
       [<ffffffff8134f288>] ? consume_skb+0x28/0x2a
       [<ffffffff81373b69>] netlink_recvmsg+0x1ab/0x2c6
       [<ffffffff81372781>] ? netlink_unicast+0xfa/0x151
       [<ffffffff813483e0>] __sock_recvmsg+0x6d/0x79
       [<ffffffff81348a53>] sock_recvmsg+0xca/0xe3
       [<ffffffff81066d4b>] ? autoremove_wake_function+0x0/0x38
       [<ffffffff811ed1f8>] ? radix_tree_lookup_slot+0xe/0x10
       [<ffffffff810b3ed7>] ? find_get_page+0x90/0xa5
       [<ffffffff810b5dc5>] ? filemap_fault+0x201/0x34f
       [<ffffffff810ef152>] ? fget_light+0x2f/0xac
       [<ffffffff813519e7>] ? verify_iovec+0x4f/0x94
       [<ffffffff81349a65>] sys_recvmsg+0x14d/0x223
      
      Store the serial number when beginning to walk the fib and reload
      pointers when continuing to walk after a change occured. Similar
      to other dumping functions, this might cause unrelated entries to
      be missed when entries are deleted.
      Tested-by: default avatarBen Greear <greearb@candelatech.com>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2bec5a36
  2. 10 Feb, 2010 1 commit
  3. 08 Feb, 2010 2 commits
    • Patrick McHardy's avatar
      netfilter: nf_conntrack: fix hash resizing with namespaces · d696c7bd
      Patrick McHardy authored
      
      
      As noticed by Jon Masters <jonathan@jonmasters.org>, the conntrack hash
      size is global and not per namespace, but modifiable at runtime through
      /sys/module/nf_conntrack/hashsize. Changing the hash size will only
      resize the hash in the current namespace however, so other namespaces
      will use an invalid hash size. This can cause crashes when enlarging
      the hashsize, or false negative lookups when shrinking it.
      
      Move the hash size into the per-namespace data and only use the global
      hash size to initialize the per-namespace value when instanciating a
      new namespace. Additionally restrict hash resizing to init_net for
      now as other namespaces are not handled currently.
      
      Cc: stable@kernel.org
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d696c7bd
    • Eric Dumazet's avatar
      netfilter: nf_conntrack: per netns nf_conntrack_cachep · 5b3501fa
      Eric Dumazet authored
      
      
      nf_conntrack_cachep is currently shared by all netns instances, but
      because of SLAB_DESTROY_BY_RCU special semantics, this is wrong.
      
      If we use a shared slab cache, one object can instantly flight between
      one hash table (netns ONE) to another one (netns TWO), and concurrent
      reader (doing a lookup in netns ONE, 'finding' an object of netns TWO)
      can be fooled without notice, because no RCU grace period has to be
      observed between object freeing and its reuse.
      
      We dont have this problem with UDP/TCP slab caches because TCP/UDP
      hashtables are global to the machine (and each object has a pointer to
      its netns).
      
      If we use per netns conntrack hash tables, we also *must* use per netns
      conntrack slab caches, to guarantee an object can not escape from one
      namespace to another one.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      [Patrick: added unique slab name allocation]
      Cc: stable@kernel.org
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      5b3501fa
  4. 01 Feb, 2010 2 commits
    • Felix Fietkau's avatar
      mac80211: fix monitor mode tx radiotap header handling · 17ad353b
      Felix Fietkau authored
      
      
      When an injected frame gets buffered for a powersave STA or filtered
      and retransmitted, mac80211 attempts to parse the radiotap header
      again, which doesn't work because it's gone at that point.
      This patch adds a new flag for checking the availability of a radiotap
      header, so that it only attempts to parse it once, reusing the tx info
      on the next call to ieee80211_tx().
      This fixes severe issues with rekeying in AP mode.
      Signed-off-by: default avatarFelix Fietkau <nbd@openwrt.org>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      17ad353b
    • Luis R. Rodriguez's avatar
      cfg80211: add regulatory hint disconnect support · 09d989d1
      Luis R. Rodriguez authored
      
      
      This adds a new regulatory hint to be used when we know all
      devices have been disconnected and idle. This can happen
      when we suspend, for instance. When we disconnect we can
      no longer assume the same regulatory rules learned from
      a country IE or beacon hints are applicable so restore
      regulatory settings to an initial state.
      
      Since driver hints are cached on the wiphy that called
      the hint, those hints are not reproduced onto cfg80211
      as the wiphy will respect its own wiphy->regd regardless.
      Signed-off-by: default avatarLuis R. Rodriguez <lrodriguez@atheros.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      09d989d1
  5. 28 Jan, 2010 2 commits
  6. 26 Jan, 2010 2 commits
  7. 25 Jan, 2010 1 commit
  8. 24 Jan, 2010 2 commits
  9. 23 Jan, 2010 2 commits
  10. 22 Jan, 2010 2 commits
  11. 19 Jan, 2010 1 commit
    • Johannes Berg's avatar
      mac80211: re-enable re-transmission of filtered frames · c6fcf6bc
      Johannes Berg authored
      
      
      In an earlier commit,
      
          mac80211: disable software retry for now
      
          Pavel Roskin reported a problem that seems to be due to
          software retry of already transmitted frames. It turns
          out that we've never done that correctly, but due to
          some recent changes it now crashes in the TX code. I've
          added a comment in the patch that explains the problem
          better and also points to possible solutions -- which
          I can't implement right now.
      
      I disabled software retry of failed/filtered frames
      because it was broken. With the work of the previous
      patches, it now becomes fairly easy to re-enable it
      by adding a flag indicating that the frame shouldn't
      be modified, but still running it through the transmit
      handlers to populate the control information.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      c6fcf6bc
  12. 17 Jan, 2010 1 commit
    • Octavian Purdila's avatar
      tcp: account SYN-ACK timeouts & retransmissions · 72659ecc
      Octavian Purdila authored
      
      
      Currently we don't increment SYN-ACK timeouts & retransmissions
      although we do increment the same stats for SYN. We seem to have lost
      the SYN-ACK accounting with the introduction of tcp_syn_recv_timer
      (commit 2248761e in the netdev-vger-cvs tree).
      
      This patch fixes this issue. In the process we also rename the v4/v6
      syn/ack retransmit functions for clarity. We also add a new
      request_socket operations (syn_ack_timeout) so we can keep code in
      inet_connection_sock.c protocol agnostic.
      Signed-off-by: default avatarOctavian Purdila <opurdila@ixiacom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      72659ecc
  13. 16 Jan, 2010 1 commit
  14. 14 Jan, 2010 2 commits
  15. 13 Jan, 2010 1 commit
  16. 12 Jan, 2010 9 commits
    • Kalle Valo's avatar
      mac80211: add U-APSD client support · ab13315a
      Kalle Valo authored
      
      
      Add Unscheduled Automatic Power-Save Delivery (U-APSD) client support. The
      idea is that the data frames from the client trigger AP to send the buffered
      frames with ACs which have U-APSD enabled. This decreases latency and makes it
      possible to save even more power.
      
      Driver needs to use IEEE80211_HW_UAPSD to enable the feature. The current
      implementation assumes that firmware takes care of the wakeup and
      hardware needing IEEE80211_HW_PS_NULLFUNC_STACK is not yet supported.
      
      Tested with wl1251 on a Nokia N900 and Cisco Aironet 1231G AP and running
      various test traffic with ping.
      Signed-off-by: default avatarKalle Valo <kalle.valo@nokia.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      ab13315a
    • Jouni Malinen's avatar
      cfg80211: Store IEs from both Beacon and Probe Response frames · 34a6eddb
      Jouni Malinen authored
      
      
      Store information elements from Beacon and Probe Response frames in
      separate buffers to allow both sets to be made available through
      nl80211. This allows user space applications to get access to IEs from
      Beacon frames even if we have received Probe Response frames from the
      BSS. Previously, the IEs from Probe Response frames would have
      overridden the IEs from Beacon frames.
      
      This feature is of somewhat limited use since most protocols include
      the same (or extended) information in Probe Response frames. However,
      there are couple of exceptions where the IEs from Beacon frames could
      be of some use: TIM IE is only included in Beacon frames (and it would
      be needed to figure out the DTIM period used in the BSS) and at least
      some implementations of Wireless Provisioning Services seem to include
      the full IE only in Beacon frames).
      
      The new BSS attribute for scan results is added to allow both the IE
      sets to be delivered. This is done in a way that maintains the
      previously used behavior for applications that are not aware of the
      new NL80211_BSS_BEACON_IES attribute.
      Signed-off-by: default avatarJouni Malinen <j@w1.fi>
      Acked-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      34a6eddb
    • Kalle Valo's avatar
      mac80211: create Probe Request template · 05e54ea6
      Kalle Valo authored
      
      
      Certain type of hardware, for example wl1251 and wl1271, need a template
      for the Probe Request. Create a function ieee80211_probereq_get() which
      creates the template and drivers send it to hardware.
      Signed-off-by: default avatarKalle Valo <kalle.valo@nokia.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      05e54ea6
    • Kalle Valo's avatar
      mac80211: add functions to create PS Poll and Nullfunc templates · 7044cc56
      Kalle Valo authored
      
      
      Some hardware, for example wl1251 and wl1271, handle the transmission
      of power save related frames in hardware, but the driver is responsible
      for creating the templates. It's better to create the templates in mac80211,
      that way all drivers can benefit from this.
      
      Add two new functions, ieee80211_pspoll_get() and ieee80211_nullfunc_get()
      which drivers need to call to get the frame. Drivers are also responsible
      for updating the templates after each association.
      
      Also new struct ieee80211_hdr_3addr is added to ieee80211.h to make it
      easy to calculate length of the Nullfunc frame.
      Signed-off-by: default avatarKalle Valo <kalle.valo@nokia.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      7044cc56
    • Jouni Malinen's avatar
      nl80211: New command for setting TX rate mask for rate control · 13ae75b1
      Jouni Malinen authored
      
      
      Add a new NL80211_CMD_SET_TX_BITRATE_MASK command and related
      attributes to provide support for setting TX rate mask for rate
      control. This uses the existing cfg80211 set_bitrate_mask operation
      that was previously used only with WEXT compat code (SIOCSIWRATE). The
      nl80211 command allows more generic configuration of allowed rates as
      a mask instead of fixed/max rate.
      Signed-off-by: default avatarJouni Malinen <jouni.malinen@atheros.com>
      Acked-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      13ae75b1
    • Jouni Malinen's avatar
      cfg80211/mac80211: Use more generic bitrate mask for rate control · 37eb0b16
      Jouni Malinen authored
      
      
      Extend struct cfg80211_bitrate_mask to actually use a bitfield mask
      instead of just a single fixed or maximum rate index. This change
      itself does not modify the behavior (except for debugfs files), but it
      prepares cfg80211 and mac80211 for a new nl80211 command for setting
      which rates can be used in TX rate control.
      
      Since frames are now going through the rate control algorithm
      unconditionally, the internal IEEE80211_TX_INTFL_RCALGO flag can now
      be removed. The RC implementations can use the rate_idx_mask value to
      optimize their behavior if only a single rate is enabled.
      
      The old max_rate_idx in struct ieee80211_tx_rate_control is maintained
      (but commented as deprecated) for backwards compatibility with existing
      RC implementations. Once these implementations have been updated to
      use the more generic rate_idx_mask, the max_rate_idx value can be
      removed.
      Signed-off-by: default avatarJouni Malinen <jouni.malinen@atheros.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      37eb0b16
    • Jouni Malinen's avatar
      mac80211: Select lowest rate based on basic rate set in AP mode · e00cfce0
      Jouni Malinen authored
      
      
      If the basic rate set is configured to not include the lowest rate
      (e.g., basic rate set = 6, 12, 24 Mbps in IEEE 802.11g mode), the AP
      should not send out broadcast frames at 1 Mbps. This type of
      configuration can be used to optimize channel usage in cases where
      there is no need for backwards compatibility with IEEE 802.11b-only
      devices.
      
      In AP mode, mac80211 was unconditionally using the lowest rate for
      Beacon frames and similarly, with all rate control algorithms that use
      rate_control_send_low(), the lowest rate ended up being used for all
      broadcast frames (and all unicast frames that are sent before
      association). Change this to take into account the basic rate
      configuration in AP mode, i.e., use the lowest rate in the basic rate
      set instead of the lowest supported rate when selecting the rate.
      Signed-off-by: default avatarJouni Malinen <jouni.malinen@atheros.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      e00cfce0
    • Lukáš Turek's avatar
      mac80211: Add new callback set_coverage_class · 310bc676
      Lukáš Turek authored
      
      
      Mac80211 callback to driver set_coverage_class() sets slot time and ACK
      timeout for given IEEE 802.11 coverage class. The callback is optional,
      but it's essential for long distance links.
      Signed-off-by: default avatarLukas Turek <8an@praha12.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      310bc676
    • Lukáš Turek's avatar
      nl80211: Add new WIPHY attribute COVERAGE_CLASS · 81077e82
      Lukáš Turek authored
      
      
      The new attribute NL80211_ATTR_WIPHY_COVERAGE_CLASS sets IEEE 802.11
      Coverage Class, which depends on maximum distance of nodes in a
      wireless network. It's required for long distance links (more than a few
      hundred meters).
      
      The attribute is now ignored by two non-mac80211 drivers, rndis and
      iwmc3200wifi, together with WIPHY_PARAM_RETRY_SHORT and
      WIPHY_PARAM_RETRY_LONG. If it turns out to be a problem, we could split
      set_wiphy_params callback or add new capability bits.
      Signed-off-by: default avatarLukas Turek <8an@praha12.net>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      81077e82
  17. 11 Jan, 2010 1 commit
  18. 07 Jan, 2010 2 commits
  19. 06 Jan, 2010 1 commit
    • Octavian Purdila's avatar
      ip: fix mc_loop checks for tunnels with multicast outer addresses · 7ad6848c
      Octavian Purdila authored
      
      
      When we have L3 tunnels with different inner/outer families
      (i.e. IPV4/IPV6) which use a multicast address as the outer tunnel
      destination address, multicast packets will be loopbacked back to the
      sending socket even if IP*_MULTICAST_LOOP is set to disabled.
      
      The mc_loop flag is present in the family specific part of the socket
      (e.g. the IPv4 or IPv4 specific part).  setsockopt sets the inner
      family mc_loop flag. When the packet is pushed through the L3 tunnel
      it will eventually be processed by the outer family which if different
      will check the flag in a different part of the socket then it was set.
      Signed-off-by: default avatarOctavian Purdila <opurdila@ixiacom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7ad6848c
  20. 28 Dec, 2009 4 commits