From adbde344dc12514d68620afae8d34035e72544b1 Mon Sep 17 00:00:00 2001 From: Vasanthakumar Thiagarajan Date: Thu, 8 Dec 2011 14:28:47 +0530 Subject: cfg80211: Fix race in bss timeout It is quite possible to run into a race in bss timeout where the drivers see the bss entry just before notifying cfg80211 of a roaming event but it got timed out by the time rdev->event_work got scehduled from cfg80211_wq. This would result in the following WARN-ON() along with the failure to notify the user space of the roaming. The other situation which is happening with ath6kl that runs into issue is when the driver reports roam to same AP event where the AP bss entry already got expired. To fix this, move cfg80211_get_bss() from __cfg80211_roamed() to cfg80211_roamed(). [158645.538384] WARNING: at net/wireless/sme.c:586 __cfg80211_roamed+0xc2/0x1b1() [158645.538810] Call Trace: [158645.538838] [] warn_slowpath_common+0x65/0x7a [158645.538917] [] ? __cfg80211_roamed+0xc2/0x1b1 [158645.538946] [] warn_slowpath_null+0xf/0x13 [158645.539055] [] __cfg80211_roamed+0xc2/0x1b1 [158645.539086] [] cfg80211_process_rdev_events+0x153/0x1cc [158645.539166] [] cfg80211_event_work+0x26/0x36 [158645.539195] [] process_one_work+0x219/0x38b [158645.539273] [] ? wiphy_new+0x419/0x419 [158645.539301] [] worker_thread+0xf6/0x1bf [158645.539379] [] ? rescuer_thread+0x1b5/0x1b5 [158645.539407] [] kthread+0x62/0x67 [158645.539484] [] ? __init_kthread_worker+0x42/0x42 [158645.539514] [] kernel_thread_helper+0x6/0xd Reported-by: Kalle Valo Signed-off-by: Vasanthakumar Thiagarajan Signed-off-by: John W. Linville --- include/net/cfg80211.h | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'include/net') diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 3de1c39d03e5..150c0ee714c2 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -3063,6 +3063,32 @@ void cfg80211_roamed(struct net_device *dev, const u8 *req_ie, size_t req_ie_len, const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp); +/** + * cfg80211_roamed_bss - notify cfg80211 of roaming + * + * @dev: network device + * @bss: entry of bss to which STA got roamed + * @req_ie: association request IEs (maybe be %NULL) + * @req_ie_len: association request IEs length + * @resp_ie: association response IEs (may be %NULL) + * @resp_ie_len: assoc response IEs length + * @gfp: allocation flags + * + * This is just a wrapper to notify cfg80211 of roaming event with driver + * passing bss to avoid a race in timeout of the bss entry. It should be + * called by the underlying driver whenever it roamed from one AP to another + * while connected. Drivers which have roaming implemented in firmware + * may use this function to avoid a race in bss entry timeout where the bss + * entry of the new AP is seen in the driver, but gets timed out by the time + * it is accessed in __cfg80211_roamed() due to delay in scheduling + * rdev->event_work. In case of any failures, the reference is released + * either in cfg80211_roamed_bss() or in __cfg80211_romed(), Otherwise, + * it will be released while diconneting from the current bss. + */ +void cfg80211_roamed_bss(struct net_device *dev, struct cfg80211_bss *bss, + const u8 *req_ie, size_t req_ie_len, + const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp); + /** * cfg80211_disconnected - notify cfg80211 that connection was dropped * -- cgit v1.2.3 From 7c7cd3bfec68fee33b30d177df6a6a0c4bbdc59d Mon Sep 17 00:00:00 2001 From: Samuel Ortiz Date: Wed, 14 Dec 2011 16:43:06 +0100 Subject: NFC: Add tx skb allocation routine This is a factorization of the current rawsock tx skb allocation routine, as it will be used by the LLCP code. We also rename nfc_alloc_skb to nfc_alloc_recv_skb for consistency sake. Signed-off-by: Samuel Ortiz Signed-off-by: John W. Linville --- include/net/nfc/nfc.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'include/net') diff --git a/include/net/nfc/nfc.h b/include/net/nfc/nfc.h index 6a7f602aa841..3a3304c094d7 100644 --- a/include/net/nfc/nfc.h +++ b/include/net/nfc/nfc.h @@ -157,7 +157,10 @@ static inline const char *nfc_device_name(struct nfc_dev *dev) return dev_name(&dev->dev); } -struct sk_buff *nfc_alloc_skb(unsigned int size, gfp_t gfp); +struct sk_buff *nfc_alloc_send_skb(struct nfc_dev *dev, struct sock *sk, + unsigned int flags, unsigned int size, + unsigned int *err); +struct sk_buff *nfc_alloc_recv_skb(unsigned int size, gfp_t gfp); int nfc_targets_found(struct nfc_dev *dev, struct nfc_target *targets, int ntargets); -- cgit v1.2.3 From 1ed28f610653e9b18433c6d87e9d333b7e3e886e Mon Sep 17 00:00:00 2001 From: Samuel Ortiz Date: Wed, 14 Dec 2011 16:43:09 +0100 Subject: NFC: Add a DEP link control netlink command NFC-DEP (Data Exchange Protocol) is an NFC MAC layer. This command allows to enable and disable the DEP link on to which e.g. LLCP can run. Signed-off-by: Samuel Ortiz Signed-off-by: John W. Linville --- include/net/nfc/nfc.h | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'include/net') diff --git a/include/net/nfc/nfc.h b/include/net/nfc/nfc.h index 3a3304c094d7..bf82d292d68c 100644 --- a/include/net/nfc/nfc.h +++ b/include/net/nfc/nfc.h @@ -52,6 +52,9 @@ struct nfc_ops { int (*dev_down)(struct nfc_dev *dev); int (*start_poll)(struct nfc_dev *dev, u32 protocols); void (*stop_poll)(struct nfc_dev *dev); + int (*dep_link_up)(struct nfc_dev *dev, int target_idx, + u8 comm_mode, u8 rf_mode); + int (*dep_link_down)(struct nfc_dev *dev); int (*activate_target)(struct nfc_dev *dev, u32 target_idx, u32 protocol); void (*deactivate_target)(struct nfc_dev *dev, u32 target_idx); @@ -60,6 +63,9 @@ struct nfc_ops { void *cb_context); }; +#define NFC_TARGET_IDX_ANY -1 +#define NFC_MAX_GT_LEN 48 + struct nfc_target { u32 idx; u32 supported_protocols; @@ -83,6 +89,8 @@ struct nfc_dev { bool dev_up; bool polling; bool remote_activated; + bool dep_link_up; + u32 dep_rf_mode; struct nfc_genl_data genl_data; u32 supported_protocols; @@ -165,4 +173,7 @@ struct sk_buff *nfc_alloc_recv_skb(unsigned int size, gfp_t gfp); int nfc_targets_found(struct nfc_dev *dev, struct nfc_target *targets, int ntargets); +int nfc_dep_link_is_up(struct nfc_dev *dev, u32 target_idx, + u8 comm_mode, u8 rf_mode); + #endif /* __NET_NFC_H */ -- cgit v1.2.3 From 541d920b05b538ec0d9ae8ce619ee4fc6fb19e32 Mon Sep 17 00:00:00 2001 From: Samuel Ortiz Date: Wed, 14 Dec 2011 16:43:10 +0100 Subject: NFC: Set and get DEP general bytes Without an API for setting and getting the local and remote general bytes, drivers won't be able to properly establish a DEP link. This API also allows them to propagate the remote general bytes they get from the DEP link establishment up to the LLCP layer. Signed-off-by: Samuel Ortiz Signed-off-by: John W. Linville --- include/net/nfc/nfc.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include/net') diff --git a/include/net/nfc/nfc.h b/include/net/nfc/nfc.h index bf82d292d68c..ccfe757a94ec 100644 --- a/include/net/nfc/nfc.h +++ b/include/net/nfc/nfc.h @@ -170,6 +170,11 @@ struct sk_buff *nfc_alloc_send_skb(struct nfc_dev *dev, struct sock *sk, unsigned int *err); struct sk_buff *nfc_alloc_recv_skb(unsigned int size, gfp_t gfp); +int nfc_set_remote_general_bytes(struct nfc_dev *dev, + u8 *gt, u8 gt_len); + +u8 *nfc_get_local_general_bytes(struct nfc_dev *dev, u8 *gt_len); + int nfc_targets_found(struct nfc_dev *dev, struct nfc_target *targets, int ntargets); -- cgit v1.2.3 From bdd90d5e36a55271beb957b3d7ca3e29b2a90207 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 14 Dec 2011 12:20:27 +0100 Subject: cfg80211: validate nl80211 station handling better The nl80211 station handling code is a bit messy and doesn't do a lot of validation. It seems like this could be an issue for drivers that don't use mac80211 to validate everything. As cfg80211 doesn't keep station state, move the validation of allowing supported_rates to change for TDLS only in station mode to mac80211. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- include/net/cfg80211.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'include/net') diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 150c0ee714c2..5eda5933ae01 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -1346,7 +1346,12 @@ struct cfg80211_gtk_rekey_data { * * @add_station: Add a new station. * @del_station: Remove a station; @mac may be NULL to remove all stations. - * @change_station: Modify a given station. + * @change_station: Modify a given station. Note that flags changes are not much + * validated in cfg80211, in particular the auth/assoc/authorized flags + * might come to the driver in invalid combinations -- make sure to check + * them, also against the existing state! Also, supported_rates changes are + * not checked in station mode -- drivers need to reject (or ignore) them + * for anything but TDLS peers. * @get_station: get station information for the station identified by @mac * @dump_station: dump station callback -- resume dump at index @idx * -- cgit v1.2.3 From 061acaae76dfb760f4f3fddf0cde43915b7d673c Mon Sep 17 00:00:00 2001 From: "Luis R. Rodriguez" Date: Wed, 7 Dec 2011 21:50:07 +0530 Subject: cfg80211: allow following country IE power for custom regdom cards By definition WIPHY_FLAG_STRICT_REGULATORY was intended to allow the wiphy to adjust itself to the country IE power information if the card had no regulatory data but we had no way to tell cfg80211 that if the card also had its own custom regulatory domain (these are typically custom world regulatory domains) that we want to follow the country IE's noted values for power for each channel. We add support for this and document it. This is not a critical fix but a performance optimization for cards with custom regulatory domains that associate to an AP with sends out country IEs with a higher EIRP than the one on the custom regulatory domain. In practice the only driver affected right now are the Atheros drivers as they are the only drivers using both WIPHY_FLAG_STRICT_REGULATORY and WIPHY_FLAG_CUSTOM_REGULATORY -- used on cards that have an Atheros world regulatory domain. Cards that have been programmed to follow a country specifically will not follow the country IE power. So although not a stable fix distributions should consider cherry picking this. Cc: compat@orbit-lab.org Cc: Paul Stewart Cc: Rajkumar Manoharan Cc: Senthilkumar Balasubramanian Reported-by: Rajkumar Manoharan Signed-off-by: Luis R. Rodriguez Signed-off-by: John W. Linville --- include/net/cfg80211.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include/net') diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 5eda5933ae01..9f85fca0b676 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -1699,7 +1699,9 @@ struct cfg80211_ops { * regulatory domain no user regulatory domain can enable these channels * at a later time. This can be used for devices which do not have * calibration information guaranteed for frequencies or settings - * outside of its regulatory domain. + * outside of its regulatory domain. If used in combination with + * WIPHY_FLAG_CUSTOM_REGULATORY the inspected country IE power settings + * will be followed. * @WIPHY_FLAG_DISABLE_BEACON_HINTS: enable this if your driver needs to ensure * that passive scan flags and beaconing flags may not be lifted by * cfg80211 due to regulatory beacon hints. For more information on beacon -- cgit v1.2.3