summaryrefslogtreecommitdiff
path: root/net
Commit message (Collapse)AuthorAgeFilesLines
* cfg80211: clear SSID on disconnect/no connectionJohannes Berg2009-08-041-0/+4
| | | | | | | | | | | | | | The SME state machine in cfg80211 uses the SSID stored in struct wireless_dev internally, but fails to clear it in multiple places (when giving up on a connection attempt and when disconnecting). This doesn't matter to the SME state machine, but does matter for IBSS. Thus, in those cases, clear the SSID to avoid messing up the IBSS state machine. Reported-by: Joerg Albert <jal2@gmx.de> Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* rfkill: add the GPS radio typeTomas Winkler2009-08-041-1/+3
| | | | | | | | | | | | | | Althoug GPS is a technology w/o transmitting radio and thus not a primary candidate for rfkill switch, rfkill gives unified interface point for devices with wireless technology. The input key is not supplied as it is too be deprecated. Cc: johannes@sipsolutions.net Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: Increase timeouts for station pollingMaxim Levitsky2009-08-041-2/+2
| | | | | | | | | | | | Do a probe request every 30 seconds, and wait for probe response, half a second This should lower the traffic that card sends, thus save power Wainting longer for response makes probe more robust against 'slow' access points Signed-off-by: Maxim Levitsky <maximlevitsky@gmail.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Tested-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: Retry probe request few timesMaxim Levitsky2009-08-042-12/+31
| | | | | | | | | | | | Retry 5 times (chosen arbitary ), before assuming that station is out of range. Fixes frequent disassociations while connected to weak, and sometimes even strong access points. Signed-off-by: Maxim Levitky <maximlevitsky@gmail.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* cfg80211: lower dynamic PS timeout to 100msJohannes Berg2009-08-041-1/+1
| | | | | | | | | | | | | The default of 500ms is pretty high, and leads to the device being awake at least 50% of the time under such light traffic conditions as a simple 1 second interval ping. Reduce to just 100ms -- it should have a similar effect while providing a better sleep time. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Reviewed-by: Kalle Valo <kalle.valo@iki.fi> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* cfg80211: enable country IE support to all cfg80211 driversLuis R. Rodriguez2009-08-044-10/+33
| | | | | | | | | | | | | | | Since the bss is always set now once we are connected, if the bss has its own information element we refer to it and pass that instead of relying on mac80211's parsing. Now all cfg80211 drivers get country IE support, automatically and we reduce the call overhead that we had on mac80211 which called this upon every beacon and instead now call this only upon a successfull connection by a STA on cfg80211. Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* cfg80211: decouple regulatory variables from cfg80211_mutexLuis R. Rodriguez2009-08-042-12/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We change regulatory code to be protected by its own regulatory mutex and alleviate cfg80211_mutex to only be used to protect cfg80211_rdev_list, the registered device list. By doing this we will be able to work on regulatory core components without having to have hog up the cfg80211_mutex. An example here is we no longer need to use the cfg80211_mutex during driver specific wiphy_apply_custom_regulatory(). We also no longer need it for the the country IE regulatory hint; by doing so we end up curing this new lockdep warning: ======================================================= [ INFO: possible circular locking dependency detected ] 2.6.31-rc4-wl #12 ------------------------------------------------------- phy1/1709 is trying to acquire lock: (cfg80211_mutex){+.+.+.}, at: [<ffffffffa00af852>] regulatory_hint_11d+0x32/0x3f0 [cfg80211] but task is already holding lock: (&ifmgd->mtx){+.+.+.}, at: [<ffffffffa0144228>] ieee80211_sta_work+0x108/0x10f0 [mac80211] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&ifmgd->mtx){+.+.+.}: [<ffffffff810857b6>] __lock_acquire+0xd76/0x12b0 [<ffffffff81085dd3>] lock_acquire+0xe3/0x120 [<ffffffff814eeae4>] mutex_lock_nested+0x44/0x350 [<ffffffffa0141bb8>] ieee80211_mgd_auth+0x108/0x1f0 [mac80211] [<ffffffffa0148563>] ieee80211_auth+0x13/0x20 [mac80211] [<ffffffffa00bc3a1>] __cfg80211_mlme_auth+0x1b1/0x2a0 [cfg80211] [<ffffffffa00bc516>] cfg80211_mlme_auth+0x86/0xc0 [cfg80211] [<ffffffffa00b368d>] nl80211_authenticate+0x21d/0x230 [cfg80211] [<ffffffff81416ba6>] genl_rcv_msg+0x1b6/0x1f0 [<ffffffff81415c39>] netlink_rcv_skb+0x89/0xb0 [<ffffffff814169d9>] genl_rcv+0x29/0x40 [<ffffffff8141591d>] netlink_unicast+0x29d/0x2b0 [<ffffffff81416514>] netlink_sendmsg+0x214/0x300 [<ffffffff813e4407>] sock_sendmsg+0x107/0x130 [<ffffffff813e45b9>] sys_sendmsg+0x189/0x320 [<ffffffff81011f82>] system_call_fastpath+0x16/0x1b [<ffffffffffffffff>] 0xffffffffffffffff -> #2 (&wdev->mtx){+.+.+.}: [<ffffffff810857b6>] __lock_acquire+0xd76/0x12b0 [<ffffffff81085dd3>] lock_acquire+0xe3/0x120 [<ffffffff814eeae4>] mutex_lock_nested+0x44/0x350 [<ffffffffa00ab304>] cfg80211_netdev_notifier_call+0x1a4/0x390 [cfg80211] [<ffffffff814f3dff>] notifier_call_chain+0x3f/0x80 [<ffffffff81075a91>] raw_notifier_call_chain+0x11/0x20 [<ffffffff813f665a>] dev_open+0x10a/0x120 [<ffffffff813f59bd>] dev_change_flags+0x9d/0x1e0 [<ffffffff8144eb6e>] devinet_ioctl+0x6fe/0x760 [<ffffffff81450204>] inet_ioctl+0x94/0xc0 [<ffffffff813e25fa>] sock_ioctl+0x6a/0x290 [<ffffffff8111e911>] vfs_ioctl+0x31/0xa0 [<ffffffff8111ea9a>] do_vfs_ioctl+0x8a/0x5c0 [<ffffffff8111f069>] sys_ioctl+0x99/0xa0 [<ffffffff81011f82>] system_call_fastpath+0x16/0x1b [<ffffffffffffffff>] 0xffffffffffffffff -> #1 (&rdev->mtx){+.+.+.}: [<ffffffff810857b6>] __lock_acquire+0xd76/0x12b0 [<ffffffff81085dd3>] lock_acquire+0xe3/0x120 [<ffffffff814eeae4>] mutex_lock_nested+0x44/0x350 [<ffffffffa00ac4d0>] cfg80211_get_dev_from_ifindex+0x60/0x90 [cfg80211] [<ffffffffa00b21ff>] get_rdev_dev_by_info_ifindex+0x6f/0xa0 [cfg80211] [<ffffffffa00b51eb>] nl80211_set_interface+0x3b/0x260 [cfg80211] [<ffffffff81416ba6>] genl_rcv_msg+0x1b6/0x1f0 [<ffffffff81415c39>] netlink_rcv_skb+0x89/0xb0 [<ffffffff814169d9>] genl_rcv+0x29/0x40 [<ffffffff8141591d>] netlink_unicast+0x29d/0x2b0 [<ffffffff81416514>] netlink_sendmsg+0x214/0x300 [<ffffffff813e4407>] sock_sendmsg+0x107/0x130 [<ffffffff813e45b9>] sys_sendmsg+0x189/0x320 [<ffffffff81011f82>] system_call_fastpath+0x16/0x1b [<ffffffffffffffff>] 0xffffffffffffffff other info that might help us debug this: 3 locks held by phy1/1709: #0: ((wiphy_name(local->hw.wiphy))){+.+.+.}, at: [<ffffffff8106b45d>] worker_thread+0x19d/0x340 #1: (&ifmgd->work){+.+.+.}, at: [<ffffffff8106b45d>] worker_thread+0x19d/0x340 #2: (&ifmgd->mtx){+.+.+.}, at: [<ffffffffa0144228>] ieee80211_sta_work+0x108/0x10f0 [mac80211] Reported-by: Reinette Chatre <reinette.chatre@intel.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* cfg80211: do not iterate over rdev list on country IE hintLuis R. Rodriguez2009-08-041-42/+9
| | | | | | | | | | | | | | | | | | Simplify the country IE hint code by just bailing out if a previous country IE has been issued. We currently just trust the first AP we connect to on any card. The idea was to perform conflict resolution within this routine but since we can no longer iterate over the registered device list here we leave conflict resolution to be dealt with at a later time on the workqueue. This code has no functional changes other than saving us an interation over the registered device list when a second card is connected, or you unplug and connect the same one, and a country IE is received. This would have been done upon every beacon received. Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* cfg80211: use goto out on country IE reg hint failureLuis R. Rodriguez2009-08-041-4/+2
| | | | | | | | This has no functional changes. Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: fix powersaveJohannes Berg2009-08-041-7/+6
| | | | | | | | | | | | Some of the recent MLME rework I did broke powersave because the ps_sdata isn't assigned at the right time, and the work item wasn't removed from the list before calling ieee80211_recalc_ps(). To be more specific, this broke the case where you'd enabled PS before associating, either automatically or with iwconfig. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* cfg80211: fix NETDEV_UNREGISTER notifierJohannes Berg2009-08-041-4/+11
| | | | | | | | | | | It's possible to get the NETDEV_UNREGISTER callback multiple times (see net/core/dev.c:netdev_wait_allrefs) and this will completely mess up our cleanup code. To avoid that, clean up only when the interface is still on the wiphy interface list from which it's removed on the first NETDEV_UNREGISTER call. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: redefine usage of the mac80211 workqueueLuis R. Rodriguez2009-08-0411-49/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The mac80211 workqueue exists to enable mac80211 and drivers to queue their own work on a single threaded workqueue. mac80211 takes care to flush the workqueue during suspend but we never really had requirements on drivers for how they should use the workqueue in consideration for suspend. We extend mac80211 to document how the mac80211 workqueue should be used, how it should not be used and finally move raw access to the workqueue to mac80211 only. Drivers and mac80211 use helpers to queue work onto the mac80211 workqueue: * ieee80211_queue_work() * ieee80211_queue_delayed_work() These helpers will now warn if mac80211 already completed its suspend cycle and someone is trying to queue work. mac80211 flushes the mac80211 workqueue prior to suspend a few times, but we haven't taken the care to ensure drivers won't add more work after suspend. To help with this we add a warning when someone tries to add work and mac80211 already completed the suspend cycle. Drivers should ensure they cancel any work or delayed work in the mac80211 stop() callback. Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: fix sparse warnings/errorsJohannes Berg2009-08-042-2/+5
| | | | | | | | | | sparse complains about a shadowed variable, which we can just rename, and lots of stuff if the API tracer is enabled, so kick out the tracer code in a sparse run -- the macros just confuse it. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* cfg80211: keep track of current_bss for userspace SMEJohannes Berg2009-08-044-33/+51
| | | | | | | | | | | | | When a userspace SME is active, we're currently not keeping track of the BSS properly for reporting the current link and for internal use. Additionally, it looks like there is a possible BSS leak in that the BSS never gets removed from auth_bsses[]. To fix it, pass the BSS struct to __cfg80211_connect_result in this case. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: disable beacons before removing the associated interfaceBob Copeland2009-08-043-1/+16
| | | | | | | | | | | | | | When downing interfaces, it's a good idea to tell the driver to stop sending beacons; that way the driver doesn't need special code in ops->remove_interface() when it should already handle the case in bss_info_changed(). This fixes a potential crash with at least ath5k since the vif pointer will be nullified while beacon interrupts are still active. Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* wext: remove extra return on wireless_nlevent_init()Luis R. Rodriguez2009-08-041-1/+0
| | | | | Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: disable software retry for nowJohannes Berg2009-08-041-0/+26
| | | | | | | | | | | | | Pavel Roskin reported a problem that seems to be due to software retry of already transmitted frames. It turns out that we've never done that correctly, but due to some recent changes it now crashes in the TX code. I've added a comment in the patch that explains the problem better and also points to possible solutions -- which I can't implement right now. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* neigh: Convert garbage collection from softirq to workqueueEric Dumazet2009-08-021-46/+43
| | | | | | | | | | | | | | | | | | Current neigh_periodic_timer() function is fired by timer IRQ, and scans one hash bucket each round (very litle work in fact) As we are supposed to scan whole hash table in 15 seconds, this means neigh_periodic_timer() can be fired very often. (depending on the number of concurrent hash entries we stored in this table) Converting this to a workqueue permits scanning whole table, minimizing icache pollution, and firing this work every 15 seconds, independantly of hash table size. This 15 seconds delay is not a hard number, as work is a deferrable one. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* IPVS: use pr_err and friends instead of IP_VS_ERR and friendsHannes Eder2009-08-0220-147/+145
| | | | | | | | | | Since pr_err and friends are used instead of printk there is no point in keeping IP_VS_ERR and friends. Furthermore make use of '__func__' instead of hard coded function names. Signed-off-by: Hannes Eder <heder@google.com> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* inet6: functions shadow global variableGerrit Renker2009-08-021-2/+2
| | | | | | | | | | | This renames away a variable clash: * ipv6_table[] is declared as a static global table; * ipv6_sysctl_net_init() uses ipv6_table to refer/destroy dynamic memory; * ipv6_sysctl_net_exit() also uses ipv6_table for the same purpose; * both the two last functions call kfree() on ipv6_table. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'master' of ↵David S. Miller2009-07-3026-561/+846
|\ | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6
| * cfg80211: self-contained wext handling where possibleJohannes Berg2009-07-2912-106/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Finally! This is what you've all been waiting for! This patch makes cfg80211 take care of wext emulation _completely_ by itself, drivers that don't need things cfg80211 doesn't do yet don't even need to be aware of wireless extensions. This means we can also clean up mac80211's and iwm's Kconfig and make it possible to build them w/o wext now! RIP wext. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * cfg80211: combine IWESSID handlersJohannes Berg2009-07-295-41/+48
| | | | | | | | | | | | | | | | Since we now have handlers IWESSID for all modes, we can combine them into one. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * cfg80211: combine IWAP handlersJohannes Berg2009-07-295-55/+58
| | | | | | | | | | | | | | | | Since we now have IWAP handlers for all modes, we can combine them into one. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * cfg80211: combine iwfreq implementationsJohannes Berg2009-07-297-80/+83
| | | | | | | | | | | | | | | | | | | | Until now we implemented iwfreq for managed mode, we needed to keep the implementations separate, but now that we have all versions implemented we can combine them and export just one handler. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: verify info->control.vif is not NULLJohannes Berg2009-07-292-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When enqueuing packets on the internal packet queue, we need to ensure that we have a valid vif pointer since that is required since the net namespace work. Add some assertions to verify this, but also don't crash is for some reason we don't end up with a vif pointer -- warn and drop the packet in all these cases. Since this code touches a number of hotpaths, it is intended to be temporary, or maybe configurable in the future, at least the bit that is in the path that gets hit for every packet, ieee80211_tx_pending(). Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * cfg80211: fix disassoc while not associatedJohannes Berg2009-07-291-0/+6
| | | | | | | | | | | | | | | | | | | | When trying to disassociate while not associated, the kernel would crash rather than refusing the operation, fix this; Reported-by: Maxim Levitsky <maximlevitsky@gmail.com> Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: fix an oops in ieee80211_scan_state_set_channelHelmut Schaa2009-07-291-1/+4
| | | | | | | | | | | | | | | | | | | | Fix an oops in ieee80211_scan_state_set_channel which was triggered if the last scanned channel was skipped (for example due to regulatory restrictions) by returning to the decision state after each skipped channel. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * nl80211: add missing parameter clearingJohannes Berg2009-07-291-0/+2
| | | | | | | | | | | | | | | | | | | | | | Jouni and Maxim reported an oops when using wpa_supplicant -Dnl80211, which seems to be due to random data being contained in the crypto settings for the assoc() command. This seems to be due to the missing memset here, so add it -- it's certainly missing but I'm not 100% certain that it will fix the problem. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: fix receiving deauthJohannes Berg2009-07-291-4/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Marcel reported a warning, which quite obviously comes from an oversight in the code handling deauth frames, and which resulted in multiple follow-up warnings due to this missing handling. This patch adds the missing deauth handling (telling cfg80211 about it) and also removes the follow-up warnings since they could happen due to races even if nothing is wrong. I've explained the races in the comments. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Reported-by: Marcel Holtmann <marcel@holtmann.org> Tested-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * cfg80211: fix circular lock dependency (1)Johannes Berg2009-07-291-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Luis reported this lockdep complaint, that he had also reported earlier but when trying to analyse I had been locking at the wrong code, and never saw the problem: (slightly abridged) ======================================================= [ INFO: possible circular locking dependency detected ] 2.6.31-rc4-wl #6 ------------------------------------------------------- wpa_supplicant/3799 is trying to acquire lock: (cfg80211_mutex){+.+.+.}, at: [<ffffffffa009246a>] cfg80211_get_dev_from_ifindex+0x1a/0x90 [cfg80211] but task is already holding lock: (rtnl_mutex){+.+.+.}, at: [<ffffffff81400ff2>] rtnl_lock+0x12/0x20 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (rtnl_mutex){+.+.+.}: [<ffffffff810857b6>] __lock_acquire+0xd76/0x12b0 [<ffffffff81085dd3>] lock_acquire+0xe3/0x120 [<ffffffff814ee7a4>] mutex_lock_nested+0x44/0x350 [<ffffffff81400ff2>] rtnl_lock+0x12/0x20 [<ffffffffa009f6a5>] nl80211_send_reg_change_event+0x1f5/0x2a0 [cfg80211] [<ffffffffa009529e>] set_regdom+0x28e/0x4c0 [cfg80211] -> #0 (cfg80211_mutex){+.+.+.}: [<ffffffff8108587b>] __lock_acquire+0xe3b/0x12b0 [<ffffffff81085dd3>] lock_acquire+0xe3/0x120 [<ffffffff814ee7a4>] mutex_lock_nested+0x44/0x350 [<ffffffffa009246a>] cfg80211_get_dev_from_ifindex+0x1a/0x90 [cfg80211] [<ffffffffa009813f>] get_rdev_dev_by_info_ifindex+0x6f/0xa0 [cfg80211] [<ffffffffa009b12b>] nl80211_set_interface+0x3b/0x260 [cfg80211] When looking at the correct code, the problem is quite obvious. I'm not entirely sure which code paths lead here, so until I can analyse it better let's just use RCU to avoid the problem. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: fix oops due to missing private dataLuis R. Rodriguez2009-07-271-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This was caused by patch: "mac80211: cooperate more with network namespaces" The version of the patch applied doesn't match Johannes' latest: http://johannes.sipsolutions.net/patches/kernel/all/LATEST/NNN-mac80211-netns.patch The skb->cb virtual interface data wasn't being reset for reuse so ath9k pooped out when trying to dereference the private rate control info from the skb. BUG: unable to handle kernel NULL pointer dereference RIP: 0010:[<ffffffffa0258173>] ath_tx_rc_status+0x33/0x150 [ath9k] <-- snip etc --> Reported-by: Davide Pesavento <davidepesa@gmail.com> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: fix PS-poll response, raceJohannes Berg2009-07-273-36/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a station queries us for a PS-poll response, we wrongly queue the frame on the virtual interface's queue rather than the pending queue. Additionally, fix a race condition where we could potentially send multiple frames to the sleeping station due to using a station flag rather than a packet flag. When converting to a packet flag, we can also convert p54 and remove the filter clearing we added for it. (Also remove a now dead function) Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Reported-by: Bob Copeland <me@bobcopeland.com> Tested-by: Bob Copeland <me@bobcopeland.com> Cc: Christian Lamparter <chunkeey@web.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: fix MLME issuing of probe requests while scanningLuis R. Rodriguez2009-07-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were issuing probe requests to the associated AP on the wrong band by having our beacon timer loss trigger while we are scanning. When we would scan the timer could hit and force us to send a probe request to the AP but with a chance we'd be on the wrong band. This leads to finding no usable bitrate but we should not get so far on the xmit path. We should not be trying to send these probe request frames so prevent ieee80211_mgd_probe_ap() from sending these. As it turns out all callers of ieee80211_mgd_probe_ap() need this check so we just move the scan check there. This means we can remove the recenlty added check during ieee80211_sta_monitor_work(). Additionally we now fix a race condition added by the patch "mac80211: do not monitor the connection while scanning" which had the same check in ieee80211_sta_conn_mon_timer(). The race happens because the timer routine *does* a valid check for scanning but after it queues work into the mac80211 workqueue the work callback can kick off with scanning enabled and cause the same issue we were trying to avoid. The more appropriate solution would be to disable the respective timers during scan and re-enable them after scan but requires more complex code and testing. Cc: Christian Lamparter <chunkeey@web.de> Cc: Larry Finger <Larry.Finger@lwfinger.net> Reported-by: Fabio Rossi <rossi.f@inwind.it> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: fix mlme timeoutsJohannes Berg2009-07-271-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When a new MLME work is created, its timeout is initialised to 0. This is wrong, it could then be thought of as having an actual timeout in the future (time_is_after_jiffies() can return true). Instead, it should be initialised to jiffies so that it will run right away as soon as the mlme work is executed. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Reported-by: Luciano Roth Coelho <luciano.coelho@nokia.com> Reported-by: Alban Browaeys <prahal@yahoo.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * cfg80211: increase scan result expire timeHelmut Schaa2009-07-271-1/+1
| | | | | | | | | | | | | | | | | | | | Using background scanning in mac80211 the time a scan needs to finish can exceed 10 seconds. Hence, increase the scan results expire time to 15 seconds which should be sufficient. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: rename scan_state to next_scan_stateHelmut Schaa2009-07-272-11/+11
| | | | | | | | | | | | | | | | | | Rename scan_state to next_scan_state to better reflect what it is used for. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: implement basic background scanningHelmut Schaa2009-07-274-13/+148
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce a new scan flag "SCAN_OFF_CHANNEL" which basically tells us that we are currently on a different channel for scanning and cannot RX/TX. "SCAN_SW_SCANNING" tells us that we are currently running a software scan but we might as well be on the operating channel to RX/TX. While "SCAN_SW_SCANNING" is set during the whole scan "SCAN_OFF_CHANNEL" is set when leaving the operating channel and unset when coming back. Introduce two new scan states "SCAN_LEAVE_OPER_CHANNEL" and "SCAN_ENTER_OPER_CHANNEL" which basically implement the functionality we need to leave the operating channel (send a nullfunc to the AP and stop the queues) and enter it again (send a nullfunc to the AP and start the queues again). Enhance the scan state "SCAN_DECISION" to switch back to the operating channel after each scanned channel. In the future it sould be simple to enhance the decision state to scan as much channels in a row as the qos latency allows us. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: Replace {sw, hw}_scanning variables with a bitfieldHelmut Schaa2009-07-279-29/+31
| | | | | | | | | | | | | | | | | | | | Use a bitfield to store the current scan mode instead of two boolean variables {sw,hw}_scanning. This patch does not introduce functional changes but allows us to enhance the scan flags later (for example for background scanning). Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: introduce a new scan state "decision"Helmut Schaa2009-07-272-15/+27
| | | | | | | | | | | | | | | | | | | | | | Introduce a new scan state "decision" which is entered after every completed scan operation and decides about the next steps. At first the decision is in any case to scan the next channel. This shouldn't introduce any functional changes. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: advance the state machine immediately if no delay is neededHelmut Schaa2009-07-271-9/+15
| | | | | | | | | | | | | | | | | | Instead of queueing the scan work again without delay just process the next state immediately. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: refactor the scan codeHelmut Schaa2009-07-271-58/+78
| | | | | | | | | | | | | | | | | | Move the processing of each scan state into its own functions for better readability. This patch does not introduce functional changes. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: allow using network namespacesJohannes Berg2009-07-272-0/+2
| | | | | | | | | | | | | | | | | | This finally opens up the ability to put mac80211 devices into different network namespaces. As long as you don't have sysfs, that is. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * cfg80211: make aware of net namespacesJohannes Berg2009-07-277-95/+227
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to make cfg80211/nl80211 aware of network namespaces, we have to do the following things: * del_virtual_intf method takes an interface index rather than a netdev pointer - simply change this * nl80211 uses init_net a lot, it changes to use the sender's network namespace * scan requests use the interface index, hold a netdev pointer and reference instead * we want a wiphy and its associated virtual interfaces to be in one netns together, so - we need to be able to change ns for a given interface, so export dev_change_net_namespace() - for each virtual interface set the NETIF_F_NETNS_LOCAL flag, and clear that flag only when the wiphy changes ns, to disallow breaking this invariant * when a network namespace goes away, we need to reparent the wiphy to init_net * cfg80211 users that support creating virtual interfaces must create them in the wiphy's namespace, currently this affects only mac80211 The end result is that you can now switch an entire wiphy into a different network namespace with the new command iw phy#<idx> set netns <pid> and all virtual interfaces will follow (or the operation fails). Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mac80211: cooperate more with network namespacesJohannes Berg2009-07-273-47/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are still two places in mac80211 that hardcode the initial net namespace (init_net). One of them is mandated by cfg80211 and will be removed by a separate patch, the other one is used for finding the network device of a pending packet via its ifindex. Remove the latter use by keeping track of the device pointer itself, via the vif pointer, and avoid it going stale by dropping pending frames for a given interface when the interface is removed. To keep track of the vif pointer for the correct interface, change the info->control.vif pointer's internal use to always be the correct vif, and only move it to the vif the driver expects (or NULL for monitor interfaces and injected packets) right before giving the packet to the driver. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | Merge branch 'master' of ↵David S. Miller2009-07-309-34/+54
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Conflicts: drivers/net/wireless/iwlwifi/iwl-3945.h drivers/net/wireless/iwlwifi/iwl-tx.c drivers/net/wireless/iwlwifi/iwl3945-base.c
| * | ipv4: ARP neigh procfs buffer overflowroel kluin2009-07-301-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | If arp_format_neigh_entry() can be called with n->dev->addr_len == 0, then a write to hbuffer[-1] occurs. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | net/netlabel: Add kmalloc NULL testsJulia Lawall2009-07-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The test on map4 should be a test on map6. The semantic match that finds this problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @@ expression *x; identifier f; constant char *C; @@ x = \(kmalloc\|kcalloc\|kzalloc\)(...); ... when != x == NULL when != x != NULL when != (x || ...) ( kfree(x) | f(...,C,...,x,...) | *f(...,x,...) | *x->f ) // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | Merge branch 'master' of ↵David S. Miller2009-07-303-10/+28
| |\ \ | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
| | * | mac80211: fix suspendJohannes Berg2009-07-292-9/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Jan reported that his b43-based laptop hangs during suspend. The problem turned out to be mac80211 asking the driver to stop the hardware before removing interfaces, and interface removal caused b43 to touch the hardware (while down, which causes the hang). This patch fixes mac80211 to do reorder these operations to have them in the correct order -- first remove interfaces and then stop the hardware. Some more code is necessary to be able to do so in a race-free manner, in particular it is necessary to not process frames received during quiescing. Fixes http://bugzilla.kernel.org/show_bug.cgi?id=13337. Reported-by: Jan Scholz <scholz@fias.uni-frankfurt.de> Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>