summaryrefslogtreecommitdiffstats
path: root/net/mac80211
Commit message (Collapse)AuthorAgeFilesLines
* mac80211: reset CQM history upon reconfigurationSara Sharon2015-09-221-0/+1
| | | | | | | | | | | | | | | | | | | The current behavior of notifying CQM events is inconsistent: Upon first configuration there is a cqm event with the current status according to threshold configured, regardless of signal stability. When there is reconfiguration no event is sent unless there is a significant change to the signal level according to the new configuration. Since the current reconfiguration behavior might cause missing CQM events in case the current signal did not change but is on the other side of the new threshold, fix that by resetting the stored signal level upon reconfiguration. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: fix VHT MCS mask array overrunJohannes Berg2015-09-221-5/+7
| | | | | | | | The HT MCS mask has 9 bytes, the VHT one only has 8 streams. Split the loops to handle this correctly. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: reject software RSSI CQM with beacon filteringJohannes Berg2015-09-041-0/+4
| | | | | | | | When beacon filtering is enabled the mac80211 software implementation for RSSI CQM cannot work as beacons will not be available. Rather than accepting such a configuration without proper effect, reject it. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: avoid VHT usage with no 80MHz chans allowedArik Nemtsov2015-09-042-0/+31
| | | | | | | | | | | | | Currently if 80MHz channels are not allowed for use, the VHT IE is not included in the probe request for an AP. This is not good enough if the AP is configured with the wrong regulatory and supports VHT even where prohibited or in TDLS scenarios. Mark the ifmgd with the DISABLE_VHT flag for the misbehaving-AP case, and unset VHT support from the peer-station entry for the TDLS case. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: protect non-HT BSS when HT TDLS traffic existsAvri Altman2015-09-041-3/+67
| | | | | | | | | | | | | | | | | HT TDLS traffic should be protected in a non-HT BSS to avoid collisions. Therefore, when TDLS peers join/leave, check if protection is (now) needed and set the ht_operation_mode of the virtual interface according to the HT capabilities of the TDLS peer(s). This works because a non-HT BSS connection never sets (or otherwise uses) the ht_operation_mode; it just means that drivers must be aware that this field applies to all HT traffic for this virtual interface, not just the traffic within the BSS. Document that. Signed-off-by: Avri Altman <avri.altman@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* mac80211: Do not use sizeof() on pointer typeThierry Reding2015-09-041-1/+1
| | | | | | | | | | | | | | | | | | | | The rate_control_cap_mask() function takes a parameter mcs_mask, which GCC will take to be u8 * even though it was declared with a fixed size. This causes the following warning: net/mac80211/rate.c: In function 'rate_control_cap_mask': net/mac80211/rate.c:719:25: warning: 'sizeof' on array function parameter 'mcs_mask' will return size of 'u8 * {aka unsigned char *}' [-Wsizeof-array-argument] for (i = 0; i < sizeof(mcs_mask); i++) ^ net/mac80211/rate.c:684:10: note: declared here u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN], ^ This can be easily fixed by using the IEEE80211_HT_MCS_MASK_LEN directly within the loop condition. Signed-off-by: Thierry Reding <treding@nvidia.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller2015-08-211-5/+6
|\ | | | | | | | | | | | | | | | | Conflicts: drivers/net/usb/qmi_wwan.c Overlapping additions of new device IDs to qmi_wwan.c Signed-off-by: David S. Miller <davem@davemloft.net>
| * mac80211: fix invalid read in minstrel_sort_best_tp_rates()Adrien Schildknecht2015-08-131-5/+6
| | | | | | | | | | | | | | | | | | | | At the last iteration of the loop, j may equal zero and thus tp_list[j - 1] causes an invalid read. Change the logic of the loop so that j - 1 is always >= 0. Cc: stable@vger.kernel.org Signed-off-by: Adrien Schildknecht <adrien+dev@schischi.me> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: use DECLARE_EWMAJohannes Berg2015-08-145-10/+12
| | | | | | | | | | | | | | | | | | | | Instead of using the out-of-line average calculation, use the new DECLARE_EWMA() macro to declare a signal EWMA, and use that. This actually *reduces* the code size slightly (on x86-64) while also reducing the station info size by 80 bytes. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: add rate mask logic for vht ratesLorenzo Bianconi2015-08-146-16/+181
| | | | | | | | | | | | | | | | Define rc_rateidx_vht_mcs_mask array and rate_idx_match_vht_mcs_mask() method in order to apply mcs mask for vht rates Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: define rate_control_apply_mask_ratetbl()Lorenzo Bianconi2015-08-141-0/+27
| | | | | | | | | | | | | | | | Define rate_control_apply_mask_ratetbl() in order to apply ratemask in rate_control_set_rates() for station rate table Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: remove ieee80211_tx_rate dependency in rate mask codeLorenzo Bianconi2015-08-141-68/+71
| | | | | | | | | | | | | | | | | | | | | | Remove ieee80211_tx_rate dependency in rate_idx_match_legacy_mask(), rate_idx_match_mcs_mask() and rate_idx_match_mask() in order to use the previous logic to define a ratemask in rate_control_set_rates() for station rate table. Moreover move rate mask definition logic in rate_control_cap_mask() Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: remove ieee80211_tx_info from rate_control_apply_mask signatureLorenzo Bianconi2015-08-141-6/+5
| | | | | | | | | | | | | | | | | | Remove unnecessary ieee80211_tx_info pointer from rate_control_apply_mask signature. rate_control_apply_mask() will be used to define a ratemask in rate_control_set_rates() for station rate table Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: Make OCB mode set BSSIDBertold Van den Bergh2015-08-141-1/+1
| | | | | | | | | | | | | | | | Perform the BSS_CHANGED_BSSID action when joining an OCB network. This is required to set the broadcast BSSID in some network drivers. Signed-off-by: Bertold Van den Bergh <bertold.vandenbergh@esat.kuleuven.be> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: Only accept data frames in OCB modeBertold Van den Bergh2015-08-141-1/+1
| | | | | | | | | | | | | | | | | | Currently OCB mode accepts frames with bssid==broadcast and type!=beacon. Some non-data frames are sent matching this, for example probe responses. This results in unnecessary creation of STA entries. Signed-off-by: Bertold Van den Bergh <bertold.vandenbergh@esat.kuleuven.be> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: Set txrc.bss to true for OCB interfacesBertold Van den Bergh2015-08-141-1/+2
| | | | | | | | | | | | | | | | | | | | To make mac80211 accept the multicast rate requested by the user the rate control should be told that it is operating in BSS mode. Without this, the default rate is selected in rate_control_send_low (!pubsta and !txrc->bss) Signed-off-by: Bertold Van den Bergh <bertold.vandenbergh@esat.kuleuven.be> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: remove always true conditionDan Carpenter2015-08-131-4/+1
| | | | | | | | | | | | | | | | | | The outside if statement checks that IEEE80211_TX_INTFL_MLME_CONN_TX is set so this condition is always true. Checking twice upsets the static checkers. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: remove ieee80211_aes_cmac_calculate_k1_k2()Johannes Berg2015-08-131-17/+0
| | | | | | | | | | | | | | The iwlwifi driver was the only driver that used this, but as it turns out it never needed it, so we can remove it. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: deinline rate_control_rate_init, rate_control_rate_updateDenys Vlasenko2015-07-172-57/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With this .config: http://busybox.net/~vda/kernel_config, after deinlining these functions have sizes and callsite counts as follows: rate_control_rate_init: 554 bytes, 8 calls rate_control_rate_update: 1596 bytes, 5 calls Total size reduction: about 11 kbytes. Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com> CC: John Linville <linville@tuxdriver.com> CC: Michal Kazior <michal.kazior@tieto.com> CC: Johannes Berg <johannes.berg@intel.com> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org CC: linux-kernel@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: deinline drv_sta_stateDenys Vlasenko2015-07-173-27/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With this .config: http://busybox.net/~vda/kernel_config, after deinlining the function size is 3132 bytes and there are 7 callsites. Total size reduction: about 20 kbytes. Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com> CC: John Linville <linville@tuxdriver.com> CC: Michal Kazior <michal.kazior@tieto.com> Cc: Johannes Berg <johannes.berg@intel.com> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org CC: linux-kernel@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: select an AID when creating new mesh STAsBob Copeland2015-07-171-6/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of using peer link id for AID, generate a new AID when creating mesh STAs in the kernel peering manager. This enables smaller TIM elements and more closely follows the standard, and it also enables mesh to work on drivers that require a valid AID when the STA is inserted (ath10k firmware has this requirement, for example). In the case of userspace-managed stations, we use the AID from NL80211_CMD_NEW_STATION. Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: mesh: separate plid and aid conceptsBob Copeland2015-07-174-15/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | According to 802.11-2012 13.3.1, a mesh STA should assign an AID upon receipt of a mesh peering open frame rather than using the link id of the peer. Using the peer link id has two potential issues: it may not be unique among the peers, and by its nature it is random, so the TIM may not compress well. In preparation for allocating it properly, use sta->sta.aid, but keep the existing behavior of using the plid in the aid we send. Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: reorder mesh_plink to remove forward declBob Copeland2015-07-171-57/+52
| | | | | | | | | | | | | | | | Move mesh_plink_frame_tx() above the first caller to remove the forward declaration. Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: clear local->suspended before calling drv_resume()Eliad Peller2015-07-171-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, mac80211 calls drv_resume() on wowlan resume, but drops any incoming frame until local->suspended is cleared later on. This requires the low-level driver to support a new state, in which it is expected to fully work (as it was resumed) but not passing rx frames yet (as they will be dropped). iwlwifi (and probably other drivers as well) has issues supporting such mode. Since in the wowlan case we already short-circuit ieee80211_reconfig, there's nothing that prevents us from clearing local->suspend before calling drv_resume(), and letting the low-level driver work normally. Signed-off-by: Eliad Peller <eliadx.peller@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: TDLS: deny ch-switch req on disallowed channelsArik Nemtsov2015-07-171-18/+31
| | | | | | | | | | | | | | | | | | | | | | If a TDLS station is not allowed to beacon on a channel, don't accept a channel switch request to this channel. Move channel building code up to avoid lockdep violations - reg_can_beacon needs to take the wdev lock. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: TDLS: handle chan-switch in RTNL locked workArik Nemtsov2015-07-175-10/+44
| | | | | | | | | | | | | | | | | | | | | | | | Move TDLS channel-switch Rx handling into an RTNL locked work. This is required to add proper regulatory checking to incoming channel-switch requests. Queue incoming requests in a dedicated skb queue and handle the request in a device-specific work to avoid deadlocking on interface removal. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | Merge branch 'mac80211' into mac80211-nextJohannes Berg2015-07-176-16/+41
|\ \ | |/ | | | | | | | | | | This is necessary to merge the new TDLS and mesh patches, as they depend on some fixes. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * cfg80211: use RTNL locked reg_can_beacon for IR-relaxationArik Nemtsov2015-07-171-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | The RTNL is required to check for IR-relaxation conditions that allow more channels to beacon. Export an RTNL locked version of reg_can_beacon and use it where possible in AP/STA interface type flows, where IR-relaxation may be applicable. Fixes: 06f207fc5418 ("cfg80211: change GO_CONCURRENT to IR_CONCURRENT for STA") Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: add missing length check for confirm framesBob Copeland2015-07-171-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | Although mesh_rx_plink_frame() already checks that frames have enough bytes for the action code plus another two bytes for capability/reason code, it doesn't take into account that confirm frames also have an additional two-byte aid. As a result, a corrupt frame could cause a subsequent subtraction to wrap around to ill effect. Add another check for this case. Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: correct aid location in peering framesBob Copeland2015-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | According to 802.11-2012 8.5.16.3.2 AID comes directly after the capability bytes in mesh peering confirm frames. The existing code, however, was adding a 2 byte offset to this location, resulting in garbage data going out over the air. Remove the offset to fix it. Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: shut down interfaces before destroying interface listJohannes Berg2015-07-171-11/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the hardware is unregistered while interfaces are up, mac80211 will unregister all interfaces, which in turns causes mac80211 to be called again to remove them all from the driver and eventually shut down the hardware. During this shutdown, however, it's currently already unsafe to iterate the list of interfaces atomically, as the list is manipulated in an unsafe manner. This puts an undue burden on the driver - it must stop all its activities before calling ieee80211_unregister_hw(), while in the normal stop path it can do all cleanup in the stop method. If, for example, it's using the iteration during RX for some reason, it would have to stop RX before unregistering to avoid crashes. Fix this problem by closing all interfaces before unregistering them. This will cause the driver stop to have completed before we manipulate the interface list, and after the driver is stopped *and* has called ieee80211_unregister_hw() it really musn't be iterating any more as the memory will be freed as well. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: wowlan: enable powersave if suspend while ps-pollingChaitanya T K2015-07-171-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If for any reason we're in the middle of PS-polling or awake after TX due to dynamic powersave while going to suspend, go back to save power. This might cause a response frame to get lost, but since we can't really wait for it while going to suspend that's still better than not enabling powersave which would cause higher power usage during (and possibly even after) suspend. Note that this really only affects the very few drivers that use the powersave implementation in mac80211. Signed-off-by: Chaitanya T K <chaitanya.mgit@gmail.com> [rewrite misleading commit log] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: don't clear all tx flags when requeingMichal Kazior2015-07-171-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When acting as AP and a PS-Poll frame is received associated station is marked as one in a Service Period. This state is kept until Tx status for released frame is reported. While a station is in Service Period PS-Poll frames are ignored. However if PS-Poll was received during A-MPDU teardown it was possible to have the to-be released frame re-queued back to pending queue. In such case the frame was stripped of 2 important flags: (a) IEEE80211_TX_CTL_NO_PS_BUFFER (b) IEEE80211_TX_STATUS_EOSP Stripping of (a) led to the frame that was to be released to be queued back to ps_tx_buf queue. If station remained to use only PS-Poll frames the re-queued frame (and new ones) was never actually transmitted because mac80211 would ignore subsequent PS-Poll frames due to station being in Service Period. There was nothing left to clear the Service Period bit (no xmit -> no tx status -> no SP end), i.e. the AP would have the station stuck in Service Period. Beacon TIM would repeatedly prompt station to poll for frames but it would get none. Once (a) is not stripped (b) becomes important because it's the main condition to clear the Service Period bit of the station when Tx status for the released frame is reported back. This problem was observed with ath9k acting as P2P GO in some testing scenarios but isn't limited to it. AP operation with mac80211 based Tx A-MPDU control combined with clients using PS-Poll frames is subject to this race. Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
| * mac80211: clear subdir_stations when removing debugfsTom Hughes2015-07-171-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we don't do this, and we then fail to recreate the debugfs directory during a mode change, then we will fail later trying to add stations to this now bogus directory: BUG: unable to handle kernel NULL pointer dereference at 0000006c IP: [<c0a92202>] mutex_lock+0x12/0x30 Call Trace: [<c0678ab4>] start_creating+0x44/0xc0 [<c0679203>] debugfs_create_dir+0x13/0xf0 [<f8a938ae>] ieee80211_sta_debugfs_add+0x6e/0x490 [mac80211] Cc: stable@kernel.org Signed-off-by: Tom Hughes <tom@compton.nu> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: Add support for declaring MU-MIMO capabilitySara Sharon2015-07-172-1/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for declaring MU-MIMO beamformee capability for relevant hardware. When sending association request, the capability is included if both hardware and the AP support it, and no other virtual interface is using it. This is in order to avoid multiple interfaces using MU-MIMO in parallel which might lead to contradictions in the group-id mechanism. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: account TX MSDUs properly with segmentation offloadJohannes Berg2015-07-171-1/+5
| | | | | | | | | | | | | | If an SKB will be segmented by the driver, count it for multiple MSDUs that are being transmitted rather than just a single. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: shrink struct ieee80211_fragment_entryJohannes Berg2015-07-171-6/+6
| | | | | | | | | | | | | | | | | | Most of the fields in this struct use too wide types, change that to shrink the struct from 64 to 48 bytes (on 64-bit.) This results in a total saving of 64 bytes for each interface. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: mesh: move fail_avg into mesh structJohannes Berg2015-07-172-7/+9
| | | | | | | | | | | | | | This value is only used in mesh, so move it into the new mesh sub-struct of the station info. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: minstrel_ht: handle peers in dynamic SMPSKrishna Chaitanya2015-07-171-1/+7
| | | | | | | | | | | | | | | | In case of Dynamic SMPS enable RTS/CTS for all rates. Signed-off-by: Chaitanya T K <chaitanya.mgit@gmail.com> [change comment] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: mesh process the target only subfield for mesh hwmpChun-Yeow Yeoh2015-07-171-24/+8
| | | | | | | | | | | | | | | | | | | | | | This patch does the following: - Remove unnecessary flags field used by PERR element - Use the per target flags defined in <linux/ieee80211.h> - Process the target only subfield based on case E2 of IEEE802.11-2012 13.10.9.3 Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: TDLS: correctly configure SMPS stateArik Nemtsov2015-07-174-25/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The IEEE802.11-2012 specification is vague regarding SMPS operation during TDLS. It does not define a clear way to transition between SMPS states. To avoid interop issues, set SMPS to off when TDLS peers are connected. Accomplish this by extending the definition of the AUTOMATIC state. If the driver forces a state other than OFF, disconnect all TDLS peers. While at it, avoid changing the SMPS state of the peer STA. We have no way to control it, so try and behave correctly towards it. Move the TDLS peer-teardown function to where the rest of the TDLS code resides. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: enable assoc check for mesh interfacesBob Copeland2015-07-171-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We already set a station to be associated when peering completes, both in user space and in the kernel. Thus we should always have an associated sta before sending data frames to that station. Failure to check assoc state can cause crashes in the lower-level driver due to transmitting unicast data frames before driver sta structures (e.g. ampdu state in ath9k) are initialized. This occurred when forwarding in the presence of fixed mesh paths: frames were transmitted to stations with whom we hadn't yet completed peering. Cc: stable@vger.kernel.org Reported-by: Alexis Green <agreen@cococorp.com> Tested-by: Jesse Jones <jjones@cococorp.com> Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: mac80211: Check SN for deactivated mpathsJesse Jones2015-07-171-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When processing a PREQ or PREP it's critical to use the incoming SN. If that is improperly done routing loops and other types of badness can happen. But the code was always processing path messages for deactivated paths. This path fixes that so that if we have a valid SN then we use it to verify that it is a message we can accept. For reference the relevant section of the standard is 13.10.8.4 which doesn't address the deactivated path case at all. I also included a special case for when our peer reboots or restarts networking. This is an important case because without it there can be a very long delay before we accept path messages from that peer. It's also a simple case and intimately associated with processing messages for deactivated paths so I used one patch instead of two. Signed-off-by: Alexis Green <agreen@cococorp.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: mesh: don't invalidate SN on discovery failureJesse Jones2015-07-171-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 2012 spec mentions that path SNs can be invalid when created (see section 13.10.8.4 table 13-9) but AFAICT never talks about invalidating SNs. Which makes sense: if we have figured out the path to a target at a certain SN then we want to remember that fact. Failing to do so can lead to routing loops because if we don't have a valid SN then we have no way of knowing whether an incoming path message leads to or away from the target. However currently when discovery fails we zero out mpath->flags which clears MESH_PATH_SN_VALID. This patch fixes that so that only the discovery relevant flags are cleared. Signed-off-by: Alexis Green <agreen@cococorp.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: mesh: add missing case to PERR processingAlexis Green2015-07-171-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | When the nexthop is unable to resolve its own nexthop it will send back a PERR with a zero target_sn. According to section 13.10.11.4.3 step b in the 2012 standard that perr should be forwarded and the associated mpath->sn should be incremented. Neither one of those was happening which is rather bad because the originator was not told that packets are black holing. Signed-off-by: Alexis Green <agreen@cococorp.com> CC: Jesse Jones <jjones@cococorp.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: upgrade BW of TDLS peers when possibleArik Nemtsov2015-07-174-11/+132
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Define a station chandef, to be used for wider-bw TDLS peers. When both peers support the feature, upgrade the channel bandwidth to the maximum allowed by both peers and regulatory. Currently widths up to 80MHz are supported in the 5GHz band. When a TDLS peer connects/disconnects recalculate the channel type of the current chanctx. Make the chanctx width calculation consider wider-bw TDLS peers and similarly fix the max_required_bw calculation for the chanctx min_def. Since the sta->bandwidth is calculated only later on, take bss_conf.chandef.width as the minimal width for station interface. Set the upgraded channel width in the VHT-operation set during TDLS setup. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: define TDLS wider BW support bitsArik Nemtsov2015-07-175-7/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow a device to specify support for the TDLS wider-bandwidth feature. Indicate this support during TDLS setup in the ext-capab IE and set an appropriate station flag when our TDLS peer supports it. This feature gives TDLS peers the ability to use a wider channel than the base width of the BSS. For instance VHT capable TDLS peers connected on a 20MHz channel can extend the channel to 80MHz, if regulatory considerations allow it. Do not cap the bandwidth of such stations by the current BSS channel width in mac80211. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: clear local->in_reconfig on reconfig errorEliad Peller2015-07-171-0/+1
| | | | | | | | | | | | | | | | | | | | If reconfiguration fails, local->in_reconfig is never cleaned, resulting in rx frames being dropped next time the device is started. Signed-off-by: Eliad Peller <eliadx.peller@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: allow passing NULL to ieee80211_vif_to_wdev()Johannes Berg2015-07-171-1/+6
| | | | | | | | | | | | | | | | Simply return NULL in this case, instead of crashing. This can simplify callers that would otherwise have to check for this explicitly. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* | mac80211: avoid unnecessary beacon deref on CSA counter updateWojciech Dubowik2015-07-171-8/+14
| | | | | | | | | | | | | | | | | | | | The beacon struct is already available in many contexts that are also already in an RCU read-locked section. Avoid that by using the existing beacon struct pointer directly. Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com> [rewrite subject/add commit message] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
OpenPOWER on IntegriCloud