1. 13 Jan, 2017 1 commit
  2. 09 Jan, 2017 1 commit
  3. 09 Dec, 2016 1 commit
    • Johannes Berg's avatar
      cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts · e6f462df
      Johannes Berg authored
      
      
      When mac80211 abandons an association attempt, it may free
      all the data structures, but inform cfg80211 and userspace
      about it only by sending the deauth frame it received, in
      which case cfg80211 has no link to the BSS struct that was
      used and will not cfg80211_unhold_bss() it.
      
      Fix this by providing a way to inform cfg80211 of this with
      the BSS entry passed, so that it can clean up properly, and
      use this ability in the appropriate places in mac80211.
      
      This isn't ideal: some code is more or less duplicated and
      tracing is missing. However, it's a fairly small change and
      it's thus easier to backport - cleanups can come later.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      e6f462df
  4. 19 Oct, 2016 1 commit
  5. 30 Sep, 2016 1 commit
  6. 15 Sep, 2016 1 commit
    • Johannes Berg's avatar
      cfg80211: allow connect keys only with default (TX) key · f1c1f17a
      Johannes Berg authored
      
      
      There's no point in allowing connect keys when one of them
      isn't also configured as the TX key, it would just confuse
      drivers and probably cause them to pick something for TX.
      Disallow this confusing and erroneous configuration.
      
      As wpa_supplicant will always send NL80211_ATTR_KEYS, even
      when there are no keys inside, allow that and treat it as
      though the attribute isn't present at all.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      f1c1f17a
  7. 31 May, 2016 1 commit
    • Jouni Malinen's avatar
      cfg80211: Allow cfg80211_connect_result() errors to be distinguished · bf1ecd21
      Jouni Malinen authored
      
      
      Previously, the status parameter to cfg80211_connect_result() was
      documented as using WLAN_STATUS_UNSPECIFIED_FAILURE (1) when the real
      status code for the failure is not known. This value can be used by an
      AP (and often is) and as such, user space cannot distinguish between
      explicitly rejected authentication/association and not being able to
      even try to associate or not receiving a response from the AP.
      
      Add a new inline function, cfg80211_connect_timeout(), to be used when
      the driver knows that the connection attempt failed due to a reason
      where connection could not be attempt or no response was received from
      the AP. The internal functions now allow a negative status value (-1) to
      be used as an indication of this special case. This results in the
      NL80211_ATTR_TIMED_OUT to be added to the NL80211_CMD_CONNECT event to
      allow user space to determine this case was hit. For backwards
      compatibility, NL80211_STATUS_CODE with the value
      WLAN_STATUS_UNSPECIFIED_FAILURE is still indicated in the event in such
      a case.
      Signed-off-by: default avatarJouni Malinen <jouni@qca.qualcomm.com>
      [johannes: fix cfg80211_connect_bss() prototype to use int for status,
       add cfg80211_connect_timeout() to docbook, fix docbook]
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      bf1ecd21
  8. 12 May, 2016 1 commit
  9. 26 Apr, 2016 1 commit
  10. 12 Apr, 2016 1 commit
  11. 06 Apr, 2016 1 commit
  12. 05 Apr, 2016 1 commit
    • Jouni Malinen's avatar
      cfg80211: Allow a scan request for a specific BSSID · 818965d3
      Jouni Malinen authored
      
      
      This allows scans for a specific BSSID to be optimized by the user space
      application by requesting the driver to set the Probe Request frame
      BSSID field (Address 3) to the specified BSSID instead of the wildcard
      BSSID. This prevents other APs from replying which reduces airtime need
      and latency in getting the response from the target AP through.
      
      This is an optimization and as such, it is acceptable for some of the
      drivers not to support the mechanism. If not supported, the wildcard
      BSSID will be used and more responses may be received.
      Signed-off-by: default avatarJouni Malinen <jouni@qca.qualcomm.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      818965d3
  13. 24 Feb, 2016 1 commit
    • Lior David's avatar
      cfg80211: basic support for PBSS network type · 34d50519
      Lior David authored
      
      
      PBSS (Personal Basic Service Set) is a new BSS type for DMG
      networks. It is similar to infrastructure BSS, having an AP-like
      entity called PCP (PBSS Control Point), but it has few differences.
      PBSS support is mandatory for 11ad devices.
      
      Add support for PBSS by introducing a new PBSS flag attribute.
      The PBSS flag is used in the START_AP command to request starting
      a PCP instead of an AP, and in the CONNECT command to request
      connecting to a PCP instead of an AP.
      Signed-off-by: default avatarLior David <liord@codeaurora.org>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      34d50519
  14. 23 Feb, 2016 1 commit
  15. 26 May, 2015 1 commit
    • Johannes Berg's avatar
      cfg80211: properly send NL80211_ATTR_DISCONNECTED_BY_AP in disconnect · 80279fb7
      Johannes Berg authored
      
      
      When we disconnect from the AP, drivers call cfg80211_disconnect().
      This doesn't know whether the disconnection was initiated locally
      or by the AP though, which can cause problems with the supplicant,
      for example with WPS. This issue obviously doesn't show up with any
      mac80211 based driver since mac80211 doesn't call this function.
      
      Fix this by requiring drivers to indicate whether the disconnect is
      locally generated or not. I've tried to update the drivers, but may
      not have gotten the values correct, and some drivers may currently
      not be able to report correct values. In case of doubt I left it at
      false, which is the current behaviour.
      
      For libertas, make adjustments as indicated by Dan Williams.
      Reported-by: default avatarMatthieu Mauger <matthieux.mauger@intel.com>
      Tested-by: default avatarMatthieu Mauger <matthieux.mauger@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      80279fb7
  16. 07 Apr, 2015 1 commit
  17. 03 Mar, 2015 1 commit
    • Dedy Lansky's avatar
      cfg80211: add bss_type and privacy arguments in cfg80211_get_bss() · 6eb18137
      Dedy Lansky authored
      
      
      802.11ad adds new a network type (PBSS) and changes the capability
      field interpretation for the DMG (60G) band.
      The same 2 bits that were interpreted as "ESS" and "IBSS" before are
      re-used as a 2-bit field with 3 valid values (and 1 reserved). Valid
      values are: "IBSS", "PBSS" (new) and "AP".
      
      In order to get the BSS struct for the new PBSS networks, change the
      cfg80211_get_bss() function to take a new enum ieee80211_bss_type
      argument with the valid network types, as "capa_mask" and "capa_val"
      no longer work correctly (the search must be band-aware now.)
      
      The remaining bits in "capa_mask" and "capa_val" are used only for
      privacy matching so replace those two with a privacy enum as well.
      Signed-off-by: default avatarDedy Lansky <dlansky@codeaurora.org>
      [rewrite commit log, tiny fixes]
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      6eb18137
  18. 10 Oct, 2014 1 commit
  19. 11 Sep, 2014 1 commit
  20. 19 May, 2014 1 commit
  21. 05 May, 2014 1 commit
    • Eliad Peller's avatar
      cfg80211: free sme on connection failures · c1fbb258
      Eliad Peller authored
      cfg80211 is notified about connection failures by
      __cfg80211_connect_result() call. However, this
      function currently does not free cfg80211 sme.
      
      This results in hanging connection attempts in some cases
      
      e.g. when mac80211 authentication attempt is denied,
      we have this function call:
      ieee80211_rx_mgmt_auth() -> cfg80211_rx_mlme_mgmt() ->
      cfg80211_process_auth() -> cfg80211_sme_rx_auth() ->
      __cfg80211_connect_result()
      
      but cfg80211_sme_free() is never get called.
      
      Fixes: ceca7b71
      
       ("cfg80211: separate internal SME implementation")
      Cc: stable@vger.kernel.org (3.10+)
      Signed-off-by: default avatarEliad Peller <eliadx.peller@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      c1fbb258
  22. 29 Apr, 2014 1 commit
  23. 25 Apr, 2014 1 commit
  24. 09 Apr, 2014 1 commit
    • Zhao, Gang's avatar
      cfg80211: slightly clean up of cfg80211_sme_connect() · babd3a27
      Zhao, Gang authored
      
      
      Wdev->ssid_len has already been set in cfg80211_connect() and is equal
      to connect->ssid_len. Use wdev->ssid_len instead of connect->ssid_len
      so it will be consistent with previous ssid assignment statement.
      
      If bss is found in cfg80211_get_conn_bss(), wdev->conn->state is set
      to CFG80211_CONN_AUTHENTICATE_NEXT in there. So it's not needed to set
      it manually to CFG80211_CONN_AUTHENTICATE_NEXT if bss is found in that
      function.
      Signed-off-by: default avatarZhao, Gang <gamerh2o@gmail.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      babd3a27
  25. 19 Mar, 2014 1 commit
  26. 06 Feb, 2014 1 commit
    • Johannes Berg's avatar
      cfg80211: send scan results from work queue · f9d15d16
      Johannes Berg authored
      
      
      Due to the previous commit, when a scan finishes, it is in theory
      possible to hit the following sequence:
       1. interface starts being removed
       2. scan is cancelled by driver and cfg80211 is notified
       3. scan done work is scheduled
       4. interface is removed completely, rdev->scan_req is freed,
          event sent to userspace but scan done work remains pending
       5. new scan is requested on another virtual interface
       6. scan done work runs, freeing the still-running scan
      
      To fix this situation, hang on to the scan done message and block
      new scans while that is the case, and only send the message from
      the work function, regardless of whether the scan_req is already
      freed from interface removal. This makes step 5 above impossible
      and changes step 6 to be
       5. scan done work runs, sending the scan done message
      
      As this can't work for wext, so we send the message immediately,
      but this shouldn't be an issue since we still return -EBUSY.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      f9d15d16
  27. 09 Jan, 2014 1 commit
  28. 19 Dec, 2013 1 commit
  29. 05 Dec, 2013 1 commit
    • Ujjal Roy's avatar
      cfg80211: fix WARN_ON for re-association to the expired BSS · 4c4d684a
      Ujjal Roy authored
      
      
      cfg80211 allows re-association in managed mode and if a user
      wants to re-associate to the same AP network after the time
      period of IEEE80211_SCAN_RESULT_EXPIRE, cfg80211 warns with
      the following message on receiving the connect result event.
      
      ------------[ cut here ]------------
      WARNING: CPU: 0 PID: 13984 at net/wireless/sme.c:658
               __cfg80211_connect_result+0x3a6/0x3e0 [cfg80211]()
      Call Trace:
       [<ffffffff81747a41>] dump_stack+0x46/0x58
       [<ffffffff81045847>] warn_slowpath_common+0x87/0xb0
       [<ffffffff81045885>] warn_slowpath_null+0x15/0x20
       [<ffffffffa05345f6>] __cfg80211_connect_result+0x3a6/0x3e0 [cfg80211]
       [<ffffffff8107168b>] ? update_rq_clock+0x2b/0x50
       [<ffffffff81078c01>] ? update_curr+0x1/0x160
       [<ffffffffa05133d2>] cfg80211_process_wdev_events+0xb2/0x1c0 [cfg80211]
       [<ffffffff81079303>] ? pick_next_task_fair+0x63/0x170
       [<ffffffffa0513518>] cfg80211_process_rdev_events+0x38/0x90 [cfg80211]
       [<ffffffffa050f03d>] cfg80211_event_work+0x1d/0x30 [cfg80211]
       [<ffffffff8105f21f>] process_one_work+0x17f/0x420
       [<ffffffff8105f90a>] worker_thread+0x11a/0x370
       [<ffffffff8105f7f0>] ? rescuer_thread+0x2f0/0x2f0
       [<ffffffff8106638b>] kthread+0xbb/0xc0
       [<ffffffff810662d0>] ? kthread_create_on_node+0x120/0x120
       [<ffffffff817574bc>] ret_from_fork+0x7c/0xb0
       [<ffffffff810662d0>] ? kthread_create_on_node+0x120/0x120
      ---[ end trace 61f3bddc9c4981f7 ]---
      
      The reason is that, in connect result event cfg80211 unholds
      the BSS to which the device is associated (and was held so
      far). So, for the event with status successful, when cfg80211
      wants to get that BSS from the device's BSS list it gets a
      NULL BSS because the BSS has been expired and unheld already.
      
      Fix it by reshuffling the code.
      Signed-off-by: default avatarUjjal Roy <royujjal@gmail.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      4c4d684a
  30. 09 Oct, 2013 1 commit
  31. 14 Aug, 2013 1 commit
    • Johannes Berg's avatar
      cfg80211: don't request disconnect if not connected · dee8a973
      Johannes Berg authored
      Neil Brown reports that with libertas, my recent cfg80211
      SME changes in commit ceca7b71
      
      
      ("cfg80211: separate internal SME implementation") broke
      libertas suspend because it we now asked it to disconnect
      while already disconnected.
      
      The problematic change is in cfg80211_disconnect() as it
      previously checked the SME state and now calls the driver
      disconnect operation unconditionally.
      
      Fix this by checking if there's a current_bss indicating
      a connection, and do nothing if not.
      Reported-and-tested-by: default avatarNeil Brown <neilb@suse.de>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      dee8a973
  32. 16 Jul, 2013 1 commit
    • Johannes Berg's avatar
      cfg80211: fix bugs in new SME implementation · 923a0e7d
      Johannes Berg authored
      
      
      When splitting the SME implementation from the MLME code,
      I introduced a few bugs:
       * association failures no longer sent a connect-failure event
       * getting disassociated from the AP caused deauth to be sent
         but state wasn't cleaned up, leading to warnings
       * authentication failures weren't cleaned up properly, causing
         new connection attempts to warn and fail
      
      Fix these bugs.
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      923a0e7d
  33. 24 Jun, 2013 2 commits
  34. 19 Jun, 2013 1 commit
  35. 04 Jun, 2013 1 commit
    • Johannes Berg's avatar
      cfg80211: separate internal SME implementation · ceca7b71
      Johannes Berg authored
      
      
      The current internal SME implementation in cfg80211 is
      very mixed up with the MLME handling, which has been
      causing issues for a long time. There are three things
      that the implementation has to provide:
       * a basic SME implementation for nl80211's connect()
         call (for drivers implementing auth/assoc, which is
         really just mac80211) and wireless extensions
       * MLME events for the userspace SME
       * SME events (connected, disconnected etc.) for all
         different SME implementation possibilities (driver,
         cfg80211 and userspace)
      
      To achieve these goals it isn't necessary to track the
      software SME's connection status outside of it's state
      (which is the part that caused many issues.) Instead,
      track it only in the SME data (wdev->conn) and in the
      general case only track whether the wdev is connected
      or not (via wdev->current_bss.)
      
      Also separate the internal implementation to not have
      callbacks from the SME events, but rather call it from
      the API functions that the driver (or rather mac80211)
      calls. This separates the code better.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      ceca7b71
  36. 24 May, 2013 3 commits
  37. 23 May, 2013 1 commit