1. 06 Jan, 2017 1 commit
  2. 09 Dec, 2016 1 commit
    • Johannes Berg's avatar
      cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts · e6f462df
      Johannes Berg authored
      When mac80211 abandons an association attempt, it may free
      all the data structures, but inform cfg80211 and userspace
      about it only by sending the deauth frame it received, in
      which case cfg80211 has no link to the BSS struct that was
      used and will not cfg80211_unhold_bss() it.
      Fix this by providing a way to inform cfg80211 of this with
      the BSS entry passed, so that it can clean up properly, and
      use this ability in the appropriate places in mac80211.
      This isn't ideal: some code is more or less duplicated and
      tracing is missing. However, it's a fairly small change and
      it's thus easier to backport - cleanups can come later.
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  3. 18 Nov, 2016 1 commit
    • Johannes Berg's avatar
      cfg80211: limit scan results cache size · 9853a55e
      Johannes Berg authored
      It's possible to make scanning consume almost arbitrary amounts
      of memory, e.g. by sending beacon frames with random BSSIDs at
      high rates while somebody is scanning.
      Limit the number of BSS table entries we're willing to cache to
      1000, limiting maximum memory usage to maybe 4-5MB, but lower
      in practice - that would be the case for having both full-sized
      beacon and probe response frames for each entry; this seems not
      possible in practice, so a limit of 1000 entries will likely be
      closer to 0.5 MB.
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  4. 27 Oct, 2016 1 commit
    • Jouni Malinen's avatar
      cfg80211: Rename SAE_DATA to more generic AUTH_DATA · 11b6b5a4
      Jouni Malinen authored
      This adds defines and nl80211 extensions to allow FILS Authentication to
      be implemented similarly to SAE. FILS does not need the special rules
      for the Authentication transaction number and Status code fields, but it
      does need to add non-IE fields. The previously used
      NL80211_ATTR_SAE_DATA can be reused for this to avoid having to
      duplicate that implementation. Rename that attribute to more generic
      NL80211_ATTR_AUTH_DATA (with backwards compatibility define for
      Also document the special rules related to the Authentication
      transaction number and Status code fiels.
      Signed-off-by: default avatarJouni Malinen <jouni@qca.qualcomm.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  5. 13 Oct, 2016 1 commit
    • Purushottam Kushwaha's avatar
      cfg80211: support virtual interfaces with different beacon intervals · 0c317a02
      Purushottam Kushwaha authored
      This commit provides a mechanism for the host drivers to advertise the
      support for different beacon intervals among the respective interface
      combinations in a group, through NL80211_IFACE_COMB_BI_MIN_GCD (u32).
      This value will be compared against GCD of all beaconing interfaces of
      matching combinations.
      If the driver doesn't advertise this value, the old behaviour where
      all beacon intervals must be identical is retained.
      If it is specified, then any beacon interval for an interface in the
      interface combination as well as the GCD of all active beacon intervals
      in the combination must be greater or equal to this value.
      Signed-off-by: default avatarPurushottam Kushwaha <pkushwah@qti.qualcomm.com>
      [change commit message, some variable names, small other things]
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  6. 30 Sep, 2016 2 commits
  7. 13 Sep, 2016 1 commit
  8. 06 Jul, 2016 1 commit
    • Avraham Stern's avatar
      nl80211: support beacon report scanning · 1d76250b
      Avraham Stern authored
      Beacon report radio measurement requires reporting observed BSSs
      on the channels specified in the beacon request. If the measurement
      mode is set to passive or active, it requires actually performing a
      scan (passive or active, accordingly), and reporting the time that
      the scan was started and the time each beacon/probe was received
      (both in terms of TSF of the BSS of the requesting AP). If the
      request mode is table, this information is optional.
      In addition, the radio measurement request specifies the channel
      dwell time for the measurement.
      In order to use scan for beacon report when the mode is active or
      passive, add a parameter to scan request that specifies the
      channel dwell time, and add scan start time and beacon received time
      to scan results information.
      Supporting beacon report is required for Multi Band Operation (MBO).
      Signed-off-by: default avatarAssaf Krauss <assaf.krauss@intel.com>
      Signed-off-by: default avatarDavid Spinadel <david.spinadel@intel.com>
      Signed-off-by: default avatarAvraham Stern <avraham.stern@intel.com>
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  9. 31 May, 2016 1 commit
    • Jouni Malinen's avatar
      cfg80211: Allow cfg80211_connect_result() errors to be distinguished · bf1ecd21
      Jouni Malinen authored
      Previously, the status parameter to cfg80211_connect_result() was
      documented as using WLAN_STATUS_UNSPECIFIED_FAILURE (1) when the real
      status code for the failure is not known. This value can be used by an
      AP (and often is) and as such, user space cannot distinguish between
      explicitly rejected authentication/association and not being able to
      even try to associate or not receiving a response from the AP.
      Add a new inline function, cfg80211_connect_timeout(), to be used when
      the driver knows that the connection attempt failed due to a reason
      where connection could not be attempt or no response was received from
      the AP. The internal functions now allow a negative status value (-1) to
      be used as an indication of this special case. This results in the
      NL80211_ATTR_TIMED_OUT to be added to the NL80211_CMD_CONNECT event to
      allow user space to determine this case was hit. For backwards
      compatibility, NL80211_STATUS_CODE with the value
      WLAN_STATUS_UNSPECIFIED_FAILURE is still indicated in the event in such
      a case.
      Signed-off-by: default avatarJouni Malinen <jouni@qca.qualcomm.com>
      [johannes: fix cfg80211_connect_bss() prototype to use int for status,
       add cfg80211_connect_timeout() to docbook, fix docbook]
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  10. 12 May, 2016 2 commits
  11. 26 Apr, 2016 1 commit
  12. 04 Dec, 2015 1 commit
  13. 13 Oct, 2015 1 commit
    • Dmitry Shmidt's avatar
      nl80211: allow BSS data to include CLOCK_BOOTTIME timestamp · 6e19bc4b
      Dmitry Shmidt authored
      For location and connectivity services, userspace would often like
      to know the time when the BSS was last seen. The current "last seen"
      value is calculated in a way that makes it less useful, especially
      if the system suspended in the meantime.
      Add the ability for the driver to report a real CLOCK_BOOTTIME stamp
      that can then be reported to userspace (if present).
      Drivers wishing to use this must be converted to the new API to call
      cfg80211_inform_bss_data() or cfg80211_inform_bss_frame_data(). They
      need to ensure the reported value is accurate enough even when the
      frame might have been buffered in the device (e.g. firmware.)
      Signed-off-by: default avatarDmitry Shmidt <dimitrysh@google.com>
      [modified to use struct, inlines]
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  14. 17 Jul, 2015 1 commit
    • Johannes Berg's avatar
      cfg80211: allow mgmt_frame_register callback to sleep · 33d8783c
      Johannes Berg authored
      This callback is currently not allowed to sleep, which makes it more
      difficult to implement proper driver methods in mac80211 than it has
      to be. Instead of doing asynchronous work here in mac80211, make it
      possible for the callback to sleep by doing some asynchronous work
      in cfg80211. This also enables improvements to other drivers, like
      ath6kl, that would like to sleep in this callback.
      While at it, also fix the code to call the driver on the implicit
      unregistration when an interface is removed, and do that also when
      a P2P-Device wdev is destroyed (otherwise we leak the structs.)
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  15. 26 May, 2015 1 commit
    • Johannes Berg's avatar
      cfg80211: properly send NL80211_ATTR_DISCONNECTED_BY_AP in disconnect · 80279fb7
      Johannes Berg authored
      When we disconnect from the AP, drivers call cfg80211_disconnect().
      This doesn't know whether the disconnection was initiated locally
      or by the AP though, which can cause problems with the supplicant,
      for example with WPS. This issue obviously doesn't show up with any
      mac80211 based driver since mac80211 doesn't call this function.
      Fix this by requiring drivers to indicate whether the disconnect is
      locally generated or not. I've tried to update the drivers, but may
      not have gotten the values correct, and some drivers may currently
      not be able to report correct values. In case of doubt I left it at
      false, which is the current behaviour.
      For libertas, make adjustments as indicated by Dan Williams.
      Reported-by: default avatarMatthieu Mauger <matthieux.mauger@intel.com>
      Tested-by: default avatarMatthieu Mauger <matthieux.mauger@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  16. 18 Dec, 2014 2 commits
  17. 17 Dec, 2014 1 commit
    • Jonathan Doron's avatar
      cfg80211: allow wiphy specific regdomain management · b0d7aa59
      Jonathan Doron authored
      Add a new regulatory flag that allows a driver to manage regdomain
      changes/updates for its own wiphy.
      A self-managed wiphys only employs regulatory information obtained from
      the FW and driver and does not use other cfg80211 sources like
      beacon-hints, country-code IEs and hints from other devices on the same
      system. Conversely, a self-managed wiphy does not share its regulatory
      hints with other devices in the system. If a system contains several
      devices, one or more of which are self-managed, there might be
      contradictory regulatory settings between them. Usage of flag is
      generally discouraged. Only use it if the FW/driver is incompatible
      with non-locally originated hints.
      A new API lets the driver send a complete regdomain, to be applied on
      its wiphy only.
      After a wiphy-specific regdomain change takes place, usermode will get
      a new type of change notification. The regulatory core also takes care
      enforce regulatory restrictions, in case some interfaces are on
      forbidden channels.
      Signed-off-by: default avatarJonathan Doron <jonathanx.doron@intel.com>
      Signed-off-by: default avatarArik Nemtsov <arikx.nemtsov@intel.com>
      Reviewed-by: default avatarLuis R. Rodriguez <mcgrof@suse.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  18. 19 Nov, 2014 1 commit
  19. 04 Nov, 2014 1 commit
    • Rostislav Lisovy's avatar
      cfg80211: 802.11p OCB mode handling · 6e0bd6c3
      Rostislav Lisovy authored
      This patch adds new iface type (NL80211_IFTYPE_OCB) representing
      the OCB (Outside the Context of a BSS) mode.
      When establishing a connection to the network a cfg80211_join_ocb
      function is called (particular nl80211_command is added as well).
      A mandatory parameters during the ocb_join operation are 'center
      frequency' and 'channel width (5/10 MHz)'.
      Changes done in mac80211 are minimal possible required to avoid
      many warnings (warning: enumeration value 'NL80211_IFTYPE_OCB'
      not handled in switch) during compilation. Full functionality
      (where needed) is added in the following patch.
      Signed-off-by: default avatarRostislav Lisovy <rostislav.lisovy@fel.cvut.cz>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  20. 23 Jun, 2014 1 commit
  21. 06 May, 2014 1 commit
  22. 25 Apr, 2014 2 commits
  23. 09 Apr, 2014 3 commits
  24. 19 Mar, 2014 2 commits
  25. 25 Feb, 2014 2 commits
  26. 06 Feb, 2014 1 commit
    • Johannes Berg's avatar
      cfg80211: send scan results from work queue · f9d15d16
      Johannes Berg authored
      Due to the previous commit, when a scan finishes, it is in theory
      possible to hit the following sequence:
       1. interface starts being removed
       2. scan is cancelled by driver and cfg80211 is notified
       3. scan done work is scheduled
       4. interface is removed completely, rdev->scan_req is freed,
          event sent to userspace but scan done work remains pending
       5. new scan is requested on another virtual interface
       6. scan done work runs, freeing the still-running scan
      To fix this situation, hang on to the scan done message and block
      new scans while that is the case, and only send the message from
      the work function, regardless of whether the scan_req is already
      freed from interface removal. This makes step 5 above impossible
      and changes step 6 to be
       5. scan done work runs, sending the scan done message
      As this can't work for wext, so we send the message immediately,
      but this shouldn't be an issue since we still return -EBUSY.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  27. 04 Feb, 2014 2 commits
    • Michal Kazior's avatar
      cfg80211: consider existing DFS interfaces · 9e0e2961
      Michal Kazior authored
      It was possible to break interface combinations in
      the following way:
       combo 1: iftype = AP, num_ifaces = 2, num_chans = 2,
       combo 2: iftype = AP, num_ifaces = 1, num_chans = 1, radar = HT20
      With the above interface combinations it was
      possible to:
       step 1. start AP on DFS channel by matching combo 2
       step 2. start AP on non-DFS channel by matching combo 1
      This was possible beacuse (step 2) did not consider
      if other interfaces require radar detection.
      The patch changes how cfg80211 tracks channels -
      instead of channel itself now a complete chandef
      is stored.
      Signed-off-by: default avatarMichal Kazior <michal.kazior@tieto.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
    • Antonio Quartulli's avatar
      cfg80211: fix channel configuration in IBSS join · fe94f3a4
      Antonio Quartulli authored
      When receiving an IBSS_JOINED event select the BSS object
      based on the {bssid, channel} couple rather than the bssid
      With the current approach if another cell having the same
      BSSID (but using a different channel) exists then cfg80211
      picks up the wrong BSS object.
      The result is a mismatching channel configuration between
      cfg80211 and the driver, that can lead to any sort of
      The issue can be triggered by having an IBSS sitting on
      given channel and then asking the driver to create a new
      cell using the same BSSID but with a different frequency.
      By passing the channel to cfg80211_get_bss() we can solve
      this ambiguity and retrieve/create the correct BSS object.
      All the users of cfg80211_ibss_joined() have been changed
      Moreover WARN when cfg80211_ibss_joined() gets a NULL
      channel as argument and remove a bogus call of the same
      function in ath6kl (it does not make sense to call
      cfg80211_ibss_joined() with a zero BSSID on ibss-leave).
      Cc: Kalle Valo <kvalo@qca.qualcomm.com>
      Cc: Arend van Spriel <arend@broadcom.com>
      Cc: Bing Zhao <bzhao@marvell.com>
      Cc: Jussi Kivilinna <jussi.kivilinna@iki.fi>
      Cc: libertas-dev@lists.infradead.org
      Acked-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      Signed-off-by: default avatarAntonio Quartulli <antonio@open-mesh.com>
      [minor code cleanup in ath6kl]
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  28. 05 Dec, 2013 1 commit
    • Eliad Peller's avatar
      cfg80211: don't "leak" uncompleted scans · 4a58e7c3
      Eliad Peller authored
      ___cfg80211_scan_done() can be called in some cases
      (e.g. on NETDEV_DOWN) before the low level driver
      notified scan completion (which is indicated by
      passing leak=true).
      Clearing rdev->scan_req in this case is buggy, as
      scan_done_wk might have already being queued/running
      (and can't be flushed as it takes rtnl()).
      If a new scan will be requested at this stage, the
      scan_done_wk will try freeing it (instead of the
      previous scan), and this will later result in
      a use after free.
      Simply remove the "leak" option, and replace it with
      a standard WARN_ON.
      An example backtrace after such crash:
      Unable to handle kernel paging request at virtual address fffffee5
      pgd = c0004000
      [fffffee5] *pgd=9fdf6821, *pte=00000000, *ppte=00000000
      Internal error: Oops: 17 [#1] SMP ARM
      PC is at cfg80211_scan_done+0x28/0xc4 [cfg80211]
      LR is at __ieee80211_scan_completed+0xe4/0x2dc [mac80211]
      [<bf0077b0>] (cfg80211_scan_done+0x28/0xc4 [cfg80211])
      [<bf0973d4>] (__ieee80211_scan_completed+0xe4/0x2dc [mac80211])
      [<bf0982cc>] (ieee80211_scan_work+0x94/0x4f0 [mac80211])
      [<c005fd10>] (process_one_work+0x1b0/0x4a8)
      [<c0060404>] (worker_thread+0x138/0x37c)
      [<c0066d70>] (kthread+0xa4/0xb0)
      Signed-off-by: default avatarEliad Peller <eliad@wizery.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  29. 03 Dec, 2013 1 commit
    • Johannes Berg's avatar
      nl80211: vendor command support · ad7e718c
      Johannes Berg authored
      Add support for vendor-specific commands to nl80211. This is
      intended to be used for really vendor-specific functionality
      that can't be implemented in a generic fashion for any reason.
      It's *NOT* intended to be used for any normal/generic feature
      or any optimisations that could be implemented across drivers.
      Currently, only vendor commands (with replies) are supported,
      no dump operations or vendor-specific notifications.
      Also add a function wdev_to_ieee80211_vif() to mac80211 which
      is needed for mac80211-based drivers wanting to implement any
      vendor commands.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
  30. 02 Dec, 2013 1 commit
  31. 25 Nov, 2013 1 commit