summaryrefslogtreecommitdiffstats
path: root/net/mac80211
Commit message (Collapse)AuthorAgeFilesLines
* mac80211: ensure that mgmt tx skbs have tailroom for encryptionFelix Fietkau2019-02-011-3/+9
| | | | | | | | | | | | | | | Some drivers use IEEE80211_KEY_FLAG_SW_MGMT_TX to indicate that management frames need to be software encrypted. Since normal data packets are still encrypted by the hardware, crypto_tx_tailroom_needed_cnt gets decremented after key upload to hw. This can lead to passing skbs to ccmp_encrypt_skb, which don't have the necessary tailroom for software encryption. Change the code to add tailroom for encrypted management packets, even if crypto_tx_tailroom_needed_cnt is 0. Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: Add attribute aligned(2) to struct 'action'Mathieu Malaterre2019-01-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During refactor in commit 9e478066eae4 ("mac80211: fix MU-MIMO follow-MAC mode") a new struct 'action' was declared with packed attribute as: struct { struct ieee80211_hdr_3addr hdr; u8 category; u8 action_code; } __packed action; But since struct 'ieee80211_hdr_3addr' is declared with an aligned keyword as: struct ieee80211_hdr { __le16 frame_control; __le16 duration_id; u8 addr1[ETH_ALEN]; u8 addr2[ETH_ALEN]; u8 addr3[ETH_ALEN]; __le16 seq_ctrl; u8 addr4[ETH_ALEN]; } __packed __aligned(2); Solve the ambiguity of placing aligned structure in a packed one by adding the aligned(2) attribute to struct 'action'. This removes the following warning (W=1): net/mac80211/rx.c:234:2: warning: alignment 1 of 'struct <anonymous>' is less than 2 [-Wpacked-not-aligned] Cc: Johannes Berg <johannes.berg@intel.com> Suggested-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Mathieu Malaterre <malat@debian.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: don't initiate TDLS connection if station is not associated to APBalaji Pothunoori2019-01-251-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following call trace is observed while adding TDLS peer entry in driver during TDLS setup. Call Trace: [<c1301476>] dump_stack+0x47/0x61 [<c10537d2>] __warn+0xe2/0x100 [<fa22415f>] ? sta_apply_parameters+0x49f/0x550 [mac80211] [<c1053895>] warn_slowpath_null+0x25/0x30 [<fa22415f>] sta_apply_parameters+0x49f/0x550 [mac80211] [<fa20ad42>] ? sta_info_alloc+0x1c2/0x450 [mac80211] [<fa224623>] ieee80211_add_station+0xe3/0x160 [mac80211] [<c1876fe3>] nl80211_new_station+0x273/0x420 [<c170f6d9>] genl_rcv_msg+0x219/0x3c0 [<c170f4c0>] ? genl_rcv+0x30/0x30 [<c170ee7e>] netlink_rcv_skb+0x8e/0xb0 [<c170f4ac>] genl_rcv+0x1c/0x30 [<c170e8aa>] netlink_unicast+0x13a/0x1d0 [<c170ec18>] netlink_sendmsg+0x2d8/0x390 [<c16c5acd>] sock_sendmsg+0x2d/0x40 [<c16c6369>] ___sys_sendmsg+0x1d9/0x1e0 Fixing this by allowing TDLS setup request only when we have completed association. Signed-off-by: Balaji Pothunoori <bpothuno@codeaurora.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: fix miscounting of ttl-dropped framesBob Copeland2019-01-191-1/+3
| | | | | | | | | | | | | | | | | In ieee80211_rx_h_mesh_fwding, we increment the 'dropped_frames_ttl' counter when we decrement the ttl to zero. For unicast frames destined for other hosts, we stop processing the frame at that point. For multicast frames, we do not rebroadcast it in this case, but we do pass the frame up the stack to process it on this STA. That doesn't match the usual definition of "dropped," so don't count those as such. With this change, something like `ping6 -i0.2 ff02::1%mesh0` from a peer in a ttl=1 network no longer increments the counter rapidly. Signed-off-by: Bob Copeland <bobcopeland@fb.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* Merge branch 'linus' of ↵Linus Torvalds2018-12-271-2/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto updates from Herbert Xu: "API: - Add 1472-byte test to tcrypt for IPsec - Reintroduced crypto stats interface with numerous changes - Support incremental algorithm dumps Algorithms: - Add xchacha12/20 - Add nhpoly1305 - Add adiantum - Add streebog hash - Mark cts(cbc(aes)) as FIPS allowed Drivers: - Improve performance of arm64/chacha20 - Improve performance of x86/chacha20 - Add NEON-accelerated nhpoly1305 - Add SSE2 accelerated nhpoly1305 - Add AVX2 accelerated nhpoly1305 - Add support for 192/256-bit keys in gcmaes AVX - Add SG support in gcmaes AVX - ESN for inline IPsec tx in chcr - Add support for CryptoCell 703 in ccree - Add support for CryptoCell 713 in ccree - Add SM4 support in ccree - Add SM3 support in ccree - Add support for chacha20 in caam/qi2 - Add support for chacha20 + poly1305 in caam/jr - Add support for chacha20 + poly1305 in caam/qi2 - Add AEAD cipher support in cavium/nitrox" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (130 commits) crypto: skcipher - remove remnants of internal IV generators crypto: cavium/nitrox - Fix build with !CONFIG_DEBUG_FS crypto: salsa20-generic - don't unnecessarily use atomic walk crypto: skcipher - add might_sleep() to skcipher_walk_virt() crypto: x86/chacha - avoid sleeping under kernel_fpu_begin() crypto: cavium/nitrox - Added AEAD cipher support crypto: mxc-scc - fix build warnings on ARM64 crypto: api - document missing stats member crypto: user - remove unused dump functions crypto: chelsio - Fix wrong error counter increments crypto: chelsio - Reset counters on cxgb4 Detach crypto: chelsio - Handle PCI shutdown event crypto: chelsio - cleanup:send addr as value in function argument crypto: chelsio - Use same value for both channel in single WR crypto: chelsio - Swap location of AAD and IV sent in WR crypto: chelsio - remove set but not used variable 'kctx_len' crypto: ux500 - Use proper enum in hash_set_dma_transfer crypto: ux500 - Use proper enum in cryp_set_dma_transfer crypto: aesni - Add scatter/gather avx stubs, and use them in C crypto: aesni - Introduce partial block macro ..
| * crypto: drop mask=CRYPTO_ALG_ASYNC from 'cipher' tfm allocationsEric Biggers2018-11-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'cipher' algorithms (single block ciphers) are always synchronous, so passing CRYPTO_ALG_ASYNC in the mask to crypto_alloc_cipher() has no effect. Many users therefore already don't pass it, but some still do. This inconsistency can cause confusion, especially since the way the 'mask' argument works is somewhat counterintuitive. Thus, just remove the unneeded CRYPTO_ALG_ASYNC flags. This patch shouldn't change any actual behavior. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2018-12-203-2/+8
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | Lots of conflicts, by happily all cases of overlapping changes, parallel adds, things of that nature. Thanks to Stephen Rothwell, Saeed Mahameed, and others for their guidance in these resolutions. Signed-off-by: David S. Miller <davem@davemloft.net>
| * | mac80211: free skb fraglist before freeing the skbSara Sharon2018-12-191-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mac80211 uses the frag list to build AMSDU. When freeing the skb, it may not be really freed, since someone is still holding a reference to it. In that case, when TCP skb is being retransmitted, the pointer to the frag list is being reused, while the data in there is no longer valid. Since we will never get frag list from the network stack, as mac80211 doesn't advertise the capability, we can safely free and nullify it before releasing the SKB. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: fix a kernel panic when TXing after TXQ teardownSara Sharon2018-12-182-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Recently TXQ teardown was moved earlier in ieee80211_unregister_hw(), to avoid a use-after-free of the netdev data. However, interfaces aren't fully removed at the point, and cfg80211_shutdown_all_interfaces can for example, TX a deauth frame. Move the TXQ teardown to the point between cfg80211_shutdown_all_interfaces and the free of netdev queues, so we can be sure they are torn down before netdev is freed, but after there is no ongoing TX. Fixes: 77cfaf52eca5 ("mac80211: Run TXQ teardown code before de-registering interfaces") Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | | Merge tag 'mac80211-next-for-davem-2018-12-19' of ↵David S. Miller2018-12-1919-92/+265
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next Johannes Berg says: ==================== This time we have too many changes to list, highlights: * virt_wifi - wireless control simulation on top of another network interface * hwsim configurability to test capabilities similar to real hardware * various mesh improvements * various radiotap vendor data fixes in mac80211 * finally the nl_set_extack_cookie_u64() we talked about previously, used for * peer measurement APIs, right now only with FTM (flight time measurement) for location * made nl80211 radio/interface announcements more complete * various new HE (802.11ax) things: updates, TWT support, ... ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
| * | mac80211: Properly access radiotap vendor dataIlan Peer2018-12-191-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The radiotap vendor data might be placed after some other radiotap elements, and thus when accessing it, need to access the correct offset in the skb data. Fix the code accordingly. Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: fix radiotap vendor presence bitmap handlingJohannes Berg2018-12-191-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to the alignment handling, it actually matters where in the code we add the 4 bytes for the presence bitmap to the length; the first field is the timestamp with 8 byte alignment so we need to add the space for the extra vendor namespace presence bitmap *before* we do any alignment for the fields. Move the presence bitmap length accounting to the right place to fix the alignment for the data properly. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: do not advertise HE cap IE if HE disabledShaul Triebitz2018-12-181-10/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When disabling HE due to the lack of HT/VHT, do it at an earlier stage to avoid advertising HE capabilities IE. Also, at this point, no need to check if AP supports HE, since it is already checked earlier (in ieee80211_prep_channel). Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: set STA flag DISABLE_HE if HE is not supportedShaul Triebitz2018-12-181-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Up until now, the IEEE80211_STA_DISABLE_HE flag was set only based on whether the AP has advertised HE capabilities. This flag should be set also if STA does not support HE (regardless of the AP support). Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: update driver when MU EDCA params changeShaul Triebitz2018-12-183-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | Similar to WMM IE, if MU_EDCA IE parameters changed (or ceased to exist) tell the Driver about it. Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: propagate the support for TWT to the driverEmmanuel Grumbach2018-12-181-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TWT is a feature that was added in 11ah and enhanced in 11ax. There are two bits that need to be set if we want to use the feature in 11ax: one in the HE Capability IE and one in the Extended Capability IE. This is because of backward compatibility between 11ah and 11ax. In order to simplify the flow for the low level driver in managed mode, aggregate the two bits and add a boolean that tells whether TWT is supported or not, but only if 11ax is supported. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: don't build AMSDU from GSO packetsSara Sharon2018-12-181-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we build AMSDU from GSO packets, it can lead to bad results if anyone tries to call skb_gso_segment on the packets. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: remove superfluous NULL checkJohannes Berg2018-12-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At the place where this code lives now, the skb can never be NULL, so we can remove the pointless NULL check. It seems to exist because this code was moved around a few times and originally came from a place where it could in fact be NULL. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: never pass NULL params to ieee80211_if_add()Johannes Berg2018-12-182-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This isn't really a problem now, but it means that the function has a few NULL checks that are only relevant when coming from the initial interface added in mac80211, and that's confusing. Just pass non-NULL (but equivalently empty) in that case and remove all the NULL checks. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: Properly handle SKB with radiotap onlyIlan Peer2018-12-181-9/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The monitor interface Rx handling of SKBs that contain only radiotap information was buggy as it tried to access the SKB assuming it contains a frame. To fix this, check the RX_FLAG_NO_PSDU flag in the Rx status (indicting that the SKB contains only radiotap information), and do not perform data path specific processing when the flag is set. Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: ftm responder: remove pointless defensive codingJohannes Berg2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | The pointer and corresponding length is always set in pairs in cfg80211, so no need to have this strange defensive check that also confuses static checkers. Clean it up. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: fix deauth TX when we disconnectEmmanuel Grumbach2018-12-051-14/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The iTXQs stop/wake queue mechanism involves a whole bunch of locks and this is probably why the call to ieee80211_wake_txqs is deferred to a tasklet when called from __ieee80211_wake_queue. Another advantage of that is that ieee80211_wake_txqs might call the wake_tx_queue() callback and then the driver may call mac80211 which will call it back in the same context. The bug I saw is that when we send a deauth frame as a station we do: flush(drop=1) tx deauth flush(drop=0) While we flush we stop the queues and wake them up immediately after we finished flushing. The problem here is that the tasklet that de-facto enables the queue may not have run until we send the deauth. Then the deauth frame is sent to the driver (which is surprising by itself), but the driver won't get anything useful from ieee80211_tx_dequeue because the queue is stopped (or more precisely because vif->txqs_stopped[0] is true). Then the deauth is not sent. Later on, the tasklet will run, but that'll be too late. We'll already have removed all the vif etc... Fix this by calling ieee80211_wake_txqs synchronously if we are not waking up the queues from the driver (we check the reason to determine that). This makes the code really convoluted because we may call ieee80211_wake_txqs from __ieee80211_wake_queue. The latter assumes that queue_stop_reason_lock has been taken by the caller and ieee80211_wake_txqs may release the lock to send the frames. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: rewrite Kconfig text for meshBob Copeland2018-12-051-6/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Lubomir Rintel recently pointed out a dead link for o11s.org, and repointed it to a still live, but also stale website. As far as I know, no one is updating the content at open80211s.org. Since this Kconfig text was originally written, though, the 802.11s mesh drafts were approved and ultimately rolled into 802.11 proper. Meanwhile, the implementation has converged on the final standard, so we can lose all of the text here and provide something that's a little more helpful and accurate. Signed-off-by: Bob Copeland <bobcopeland@fb.com> Reviewed-by: Lubomir Rintel <lkundrak@v3.sk> Reviewed-by: Steve deRosier <derosier@cal-sierra.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | {nl,mac}80211: add rssi to mesh candidatesBob Copeland2018-11-093-12/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When peering is in userspace, some implementations may want to control which peers are accepted based on RSSI in addition to the information elements being sent today. Add signal level so that info is available to clients. Signed-off-by: Bob Copeland <bobcopeland@fb.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | {nl,mac}80211: add dot11MeshConnectedToMeshGate to meshconfBob Copeland2018-11-093-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When userspace is controlling mesh routing, it may have better knowledge about whether a mesh STA is connected to a mesh gate than the kernel mpath table. Add dot11MeshConnectedToMeshGate to the mesh config so that such applications can explicitly signal that a mesh STA is connected to a gate, which will then be advertised in the beacon. Signed-off-by: Bob Copeland <bobcopeland@fb.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | {nl,mac}80211: report gate connectivity in station infoBob Copeland2018-11-093-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Capture the current state of gate connectivity from the mesh formation field in mesh config whenever we receive a beacon, and report that via GET_STATION. This allows applications doing mesh peering in userspace to make peering decisions based on peers' current upstream connectivity. Signed-off-by: Bob Copeland <bobcopeland@fb.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: mesh: advertise gates in mesh formationBob Copeland2018-11-091-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Connected to Mesh Gate subfield (802.11-2016 9.4.2.98.7) in the Mesh Formation Info field is currently unset. This field may be useful in determining which MBSSes to join or which mesh STAs to peer with. If this mesh STA is a gate, by having turned on mesh gate announcements, or if we have a path to one (e.g. by having received RANNs) then set this bit to 1. Signed-off-by: Bob Copeland <bobcopeland@fb.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: allow hardware scan to fall back to softwareJohannes Berg2018-11-091-4/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In some cases, like in the rsi driver hardware scan offload, there may be scenarios in which hardware scan might not be available or desirable. Allow drivers to cope with this by letting them fall back to software scan by returning the special value 1 from the hardware scan method. Requested-by: Sushant Kumar Mishra <sushant2k1513@gmail.com> Requested-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: allow drivers to use peer measurement APIJohannes Berg2018-11-093-0/+68
| | | | | | | | | | | | | | | | | | | | | | | | There's nothing much for mac80211 to do, so only pass through the requests with minimal checks and tracing. The driver must call cfg80211's results APIs. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: tx: avoid variable shadowingJohannes Berg2018-11-091-2/+2
| | | | | | | | | | | | | | | | | | | | | We have a bool and an __le16 called qos, rename the inner __le16 to 'qoshdr' to make it more obvious and to avoid sparse warnings. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: debugfs: avoid variable shadowingJohannes Berg2018-11-091-7/+7
| | | | | | | | | | | | | | | | | | | | | We have a macro here that uses an inner variable 'i' that also exists in the outer scope - use '_i' in the macro. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: sta_info: avoid tidstats variable shadowingJohannes Berg2018-11-091-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | We have a pointer called 'tidstats' that shadows a bool function argument with the same name, but we actually only use it once so just remove the pointer. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * | mac80211: tracing: avoid 'idx' variableJohannes Berg2018-11-091-3/+3
| |/ | | | | | | | | | | | | | | | | This variable shadows something that gets generated inside the tracing macros, which causes sparse to warn. Avoid it so sparse output is more readable, even if it doesn't seem to cause any trouble. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: ignore NullFunc frames in the duplicate detectionEmmanuel Grumbach2018-12-051-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | NullFunc packets should never be duplicate just like QoS-NullFunc packets. We saw a client that enters / exits power save with NullFunc frames (and not with QoS-NullFunc) despite the fact that the association supports HT. This specific client also re-uses a non-zero sequence number for different NullFunc frames. At some point, the client had to send a retransmission of the NullFunc frame and we dropped it, leading to a misalignment in the power save state. Fix this by never consider a NullFunc frame as duplicate, just like we do for QoS NullFunc frames. This fixes https://bugzilla.kernel.org/show_bug.cgi?id=201449 CC: <stable@vger.kernel.org> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: fix reordering of buffered broadcast packetsFelix Fietkau2018-12-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | If the buffered broadcast queue contains packets, letting new packets bypass that queue can lead to heavy reordering, since the driver is probably throttling transmission of buffered multicast packets after beacons. Keep buffering packets until the buffer has been cleared (and no client is in powersave mode). Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: ignore tx status for PS stations in ieee80211_tx_status_extFelix Fietkau2018-12-051-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Make it behave like regular ieee80211_tx_status calls, except for the lack of filtered frame processing. This fixes spurious low-ack triggered disconnections with powersave clients connected to an AP. Fixes: f027c2aca0cf4 ("mac80211: add ieee80211_tx_status_noskb") Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: fix CSA beacon allocation sizeJohannes Berg2018-11-091-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | If the FTM responder settings are changed simultaneously with the CSA beacon, the buffer size allocated isn't sufficient and we'll have a heap overrun. Fix this. While at it, also clean up the ftm_responder assignment, doing it only if ftm_responder is non-zero is valid as it's 0 to start with, but not really useful to understand the code. Fixes: bc847970f432 ("mac80211: support FTM responder configuration/statistics") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: Clear beacon_int in ieee80211_do_stopBen Greear2018-11-091-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes stale beacon-int values that would keep a netdev from going up. To reproduce: Create two VAP on one radio. vap1 has beacon-int 100, start it. vap2 has beacon-int 240, start it (and it will fail because beacon-int mismatch). reconfigure vap2 to have beacon-int 100 and start it. It will fail because the stale beacon-int 240 will be used in the ifup path and hostapd never gets a chance to set the new beacon interval. Cc: stable@vger.kernel.org Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: fix GFP_KERNEL under tasklet contextYan-Hsuan Chuang2018-11-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | cfg80211_sta_opmode_change_notify needs a gfp_t flag to hint the nl80211 stack when allocating new skb, but it is called under tasklet context here with GFP_KERNEL and kernel will yield a warning about it. Cc: stable@vger.kernel.org Fixes: ff84e7bfe176 ("mac80211: Add support to notify ht/vht opmode modification.") Signed-off-by: Yan-Hsuan Chuang <yhchuang@realtek.com> ACKed-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: fix missing unlock on error in ieee80211_mark_sta_auth()Wei Yongjun2018-11-091-4/+8
|/ | | | | | | | | | | Add the missing unlock before return from function ieee80211_mark_sta_auth() in the error handling case. Cc: stable@vger.kernel.org Fixes: fc107a933071 ("mac80211: Helper function for marking STA authenticated") Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> [use result variable/label instead of duplicating] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: implement ieee80211_tx_rate_update to update rateAnilkumar Kolli2018-10-121-0/+19
| | | | | | | | | | | | | | | | | | Current mac80211 has provision to update tx status through ieee80211_tx_status() and ieee80211_tx_status_ext(). But drivers like ath10k updates the tx status from the skb except txrate, txrate will be updated from a different path, peer stats. Using ieee80211_tx_status_ext() in two different paths (one for the stats, one for the tx rate) would duplicate the stats instead. To avoid this stats duplication, ieee80211_tx_rate_update() is implemented. Signed-off-by: Anilkumar Kolli <akolli@codeaurora.org> [minor commit message editing, use initializers in code] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: support FTM responder configuration/statisticsPradeep Kumar Chitrapu2018-10-124-0/+129
| | | | | | | | | | | | | New bss param ftm_responder is used to notify the driver to enable fine timing request (FTM) responder role in AP mode. Plumb the new cfg80211 API for FTM responder statistics through to the driver API in mac80211. Signed-off-by: David Spinadel <david.spinadel@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: Extend SAE authentication in infra BSS STA modeJouni Malinen2018-10-112-23/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previous implementation of SAE authentication in infrastructure BSS was somewhat restricting and not exactly clean way of handling the two auth() operations. This ended up removing and re-adding the STA entry for the AP in the middle of authentication and also messing up authentication state tracking through the sequence of four Authentication frames. Furthermore, this did not work if the AP ended up sending out SAE Confirm (auth trans #2) immediately after SAE Commit (auth trans #1) before the station had time to transmit its SAE Confirm. Clean up authentication state handling for the SAE case to allow two rounds of auth() calls without dropping all state between those operations. Track peer Confirmed status and mark authentication completed only once both ends have confirmed. ieee80211_mgd_auth() check for EBUSY cases is now handling only the pending association (ifmgd->assoc_data) while all pending authentication (ifmgd->auth_data) cases are allowed to proceed to allow user space to start a new connection attempt from scratch even if the previously requested authentication is still waiting completion. This is needed to avoid making SAE error cases with retries take excessive amount of time with no means for the user space to stop that (apart from setting the netdev down). As an extra bonus, the end of ieee80211_rx_mgmt_auth() can be cleaned up to avoid the extra copy of the cfg80211_rx_mlme_mgmt() call for ongoing SAE authentication since the new ieee80211_mark_sta_auth() helper function can handle both completion of authentication and updates to the STA entry under the same condition and there is no need to return from the function between those operations. Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: Move ieee80211_mgd_auth() EBUSY check to be before allocationJouni Malinen2018-10-111-7/+4
| | | | | | | | | | | This makes it easier to conditionally replace full allocation of auth_data to use reallocation for the case of continuing SAE authentication. Furthermore, there was not really any point in having this check done so late in the function after having already completed number of steps that cannot be used anyway in the error case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: Helper function for marking STA authenticatedJouni Malinen2018-10-111-12/+22
| | | | | | | | | | Authentication exchange can be completed in both TX and RX paths for SAE, so move this common functionality into a helper function to avoid having to implement practically the same operations in two places when extending SAE implementation in the following commits. Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: rc80211_minstrel: remove variance / stddev calculationFelix Fietkau2018-10-114-51/+9
| | | | | | | | | | When there are few packets (e.g. for sampling attempts), the exponentially weighted variance is usually vastly overestimated, making the resulting data essentially useless. As far as I know, there has not been any practical use for this, so let's not waste any cycles on it. Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: minstrel: do not sample rates 3 times slower than max_prob_rateFelix Fietkau2018-10-111-4/+6
| | | | | | | | | | These rates are highly unlikely to be used quickly, even if the link deteriorates rapidly. This improves throughput in cases where CCK rates are not reliable enough to be skipped entirely during sampling. Sampling these rates regularly can cost a lot of airtime. Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: minstrel: fix sampling/reporting of CCK rates in HT modeFelix Fietkau2018-10-111-4/+10
| | | | | | | | | | | | | | | | Long/short preamble selection cannot be sampled separately, since it depends on the BSS state. Because of that, sampling attempts to currently not used preamble modes are not counted in the statistics, which leads to CCK rates being sampled too often. Fix statistics accounting for long/short preamble by increasing the index where necessary. Fix excessive CCK rate sampling by dropping unsupported sample attempts. This improves throughput on 2.4 GHz channels Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: minstrel: fix CCK rate group streams valueFelix Fietkau2018-10-111-1/+1
| | | | | | | Fixes a harmless underflow issue when CCK rates are actively being used Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: minstrel: fix using short preamble CCK rates on HT clientsFelix Fietkau2018-10-111-3/+1
| | | | | | | | | | | mi->supported[MINSTREL_CCK_GROUP] needs to be updated short preamble rates need to be marked as supported regardless of whether it's currently enabled. Its state can change at any time without a rate_update call. Fixes: 782dda00ab8e ("mac80211: minstrel_ht: move short preamble check out of get_rate") Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
OpenPOWER on IntegriCloud