As __cfg80211_rdev_from_attrs(), nl80211_dump_wiphy_parse() and
nl80211_set_wiphy() are all under rtnl_lock protection,
__dev_get_by_index() instead of dev_get_by_index() should be used
to find interface handler in them allowing us to avoid to change
interface reference counter.
Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This allows QoS mapping from external networks to be implemented as
defined in IEEE Std 802.11-2012, 10.24.9. APs can use this to advertise
DSCP ranges and exceptions for mapping frames to a specific UP over
Wi-Fi.
The payload of the QoS Map Set element (IEEE Std 802.11-2012, 8.4.2.97)
is sent to the driver through the new NL80211_ATTR_QOS_MAP attribute to
configure the local behavior either on the AP (based on local
configuration) or on a station (based on information received from the
AP).
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
In addition to vendor-specific commands, also support vendor-specific
events. These must be registered with cfg80211 before they can be used.
They're also advertised in nl80211 in the wiphy information so that
userspace knows can be expected. The events themselves are sent on a
new multicast group called "vendor".
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add VHT MCS/NSS set support for nl80211_set_tx_bitrate_mask().
This should be used mainly for test purpose, to check
different MCS/NSS VHT combinations.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Evan Huus found (by fuzzing in wireshark) that the radiotap
iterator code can access beyond the length of the buffer if
the first bitmap claims an extension but then there's no
data at all. Fix this.
Cc: stable@vger.kernel.org
Reported-by: Evan Huus <eapache@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
___cfg80211_scan_done() can be called in some cases
(e.g. on NETDEV_DOWN) before the low level driver
notified scan completion (which is indicated by
passing leak=true).
Clearing rdev->scan_req in this case is buggy, as
scan_done_wk might have already being queued/running
(and can't be flushed as it takes rtnl()).
If a new scan will be requested at this stage, the
scan_done_wk will try freeing it (instead of the
previous scan), and this will later result in
a use after free.
Simply remove the "leak" option, and replace it with
a standard WARN_ON.
An example backtrace after such crash:
Unable to handle kernel paging request at virtual address fffffee5
pgd = c0004000
[fffffee5] *pgd=9fdf6821, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] SMP ARM
PC is at cfg80211_scan_done+0x28/0xc4 [cfg80211]
LR is at __ieee80211_scan_completed+0xe4/0x2dc [mac80211]
[<bf0077b0>] (cfg80211_scan_done+0x28/0xc4 [cfg80211])
[<bf0973d4>] (__ieee80211_scan_completed+0xe4/0x2dc [mac80211])
[<bf0982cc>] (ieee80211_scan_work+0x94/0x4f0 [mac80211])
[<c005fd10>] (process_one_work+0x1b0/0x4a8)
[<c0060404>] (worker_thread+0x138/0x37c)
[<c0066d70>] (kthread+0xa4/0xb0)
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
cfg80211_leave stops sched scan when any station vif
is leaving. Add an explicit check and call it only
when the relevant vif (the one we scan on) is leaving.
Signed-off-by: Barak Bercovitz <barak@wizery.com>
[Eliad - changed the commit message a bit]
Signed-off-by: Eliad Peller <eliad@wizery.com>
[Johannes - add ASSERT_RTNL since that protects the pointer]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Rename NL80211_TXRATE_MCS to NL80211_TXRATE_HT and also
rename mcs to ht_mcs in struct cfg80211_bitrate_mask.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
[reword commit message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Allow setting the bitrate masks back to default by
omitting the NL80211_ATTR_TX_RATES attribute.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
[rephrase commit message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
cfg80211 allows re-association in managed mode and if a user
wants to re-associate to the same AP network after the time
period of IEEE80211_SCAN_RESULT_EXPIRE, cfg80211 warns with
the following message on receiving the connect result event.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 13984 at net/wireless/sme.c:658
__cfg80211_connect_result+0x3a6/0x3e0 [cfg80211]()
Call Trace:
[<ffffffff81747a41>] dump_stack+0x46/0x58
[<ffffffff81045847>] warn_slowpath_common+0x87/0xb0
[<ffffffff81045885>] warn_slowpath_null+0x15/0x20
[<ffffffffa05345f6>] __cfg80211_connect_result+0x3a6/0x3e0 [cfg80211]
[<ffffffff8107168b>] ? update_rq_clock+0x2b/0x50
[<ffffffff81078c01>] ? update_curr+0x1/0x160
[<ffffffffa05133d2>] cfg80211_process_wdev_events+0xb2/0x1c0 [cfg80211]
[<ffffffff81079303>] ? pick_next_task_fair+0x63/0x170
[<ffffffffa0513518>] cfg80211_process_rdev_events+0x38/0x90 [cfg80211]
[<ffffffffa050f03d>] cfg80211_event_work+0x1d/0x30 [cfg80211]
[<ffffffff8105f21f>] process_one_work+0x17f/0x420
[<ffffffff8105f90a>] worker_thread+0x11a/0x370
[<ffffffff8105f7f0>] ? rescuer_thread+0x2f0/0x2f0
[<ffffffff8106638b>] kthread+0xbb/0xc0
[<ffffffff810662d0>] ? kthread_create_on_node+0x120/0x120
[<ffffffff817574bc>] ret_from_fork+0x7c/0xb0
[<ffffffff810662d0>] ? kthread_create_on_node+0x120/0x120
---[ end trace 61f3bddc9c4981f7 ]---
The reason is that, in connect result event cfg80211 unholds
the BSS to which the device is associated (and was held so
far). So, for the event with status successful, when cfg80211
wants to get that BSS from the device's BSS list it gets a
NULL BSS because the BSS has been expired and unheld already.
Fix it by reshuffling the code.
Signed-off-by: Ujjal Roy <royujjal@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This permits the use of DFS channel once the CAC is conducted and
no radar is detected.
Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add support for vendor-specific commands to nl80211. This is
intended to be used for really vendor-specific functionality
that can't be implemented in a generic fashion for any reason.
It's *NOT* intended to be used for any normal/generic feature
or any optimisations that could be implemented across drivers.
Currently, only vendor commands (with replies) are supported,
no dump operations or vendor-specific notifications.
Also add a function wdev_to_ieee80211_vif() to mac80211 which
is needed for mac80211-based drivers wanting to implement any
vendor commands.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Don't clear cfg80211_bitrate_mask twice in
nl80211_set_tx_bitrate_mask() function.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Check the DFS region before channel availability check.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This can be used outside of the regulatory context for any checks
on the DFS region. The central cfg80211 dfs_region is always used
and if it does not match with the wiphy a debug print is issued.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This attribute is needed for setting Operating Mode Notification
in AP mode from User Space. This functionality is required when
User Space received Assoc Request contains Operation Mode
Notification element.
Signed-off-by: Marek Kwaczynski <marek.kwaczynski@tieto.com>
[fix typos, nl80211 documentation]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The channel switch announcement code has some major locking problems
which can cause a deadlock in worst case. A series of fixes has been
proposed, but these are non-trivial and need to be tested first.
Therefore disable CSA completely for 3.13.
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The channel switch notification should be sent under the
wdev/sdata-lock, preferably in the same moment as the channel change
happens, to avoid races by other callers (e.g. start/stop_ap).
This also adds the previously missing sdata_lock protection in
csa_finalize_work.
Reported-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
To avoid race conditions in functions which modify the beacon
information, lock these using the wdev lock. This is especially required
to avoid problems for csa handling functions which modify beacons but
can not be called under rtnl lock.
Reported-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Change cfg80211 and mac80211 to use cfg80211_mgmt_tx_params
struct to aggregate parameters for mgmt_tx functions.
This makes the functions' signatures less clumsy and allows
less painful parameters extension.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
[fix all other drivers]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
nla_put_flag needs a real nl80211 attribute id, not a wiphy flag bit.
While at it, split 5 and 10 MHz capability flags in case we ever need
to support hardware that can only do one of the two.
Also move the flag settings to the split-only information so we don't
increase the space needed for old userspace.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
[change location of flag setting]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This lets us later reuse the more generic reg_dfs_region_str().
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Only allow DFS to be set if the DFS regions agree.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
u8 was used in some other places, just stick to the enum,
this forces us to express the values that are expected.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Certain vendors may want to disable the processing of
country IEs so that they can continue using the regulatory
domain the driver or user has set. Currently there is no
way to stop the core from processing country IEs, so add
support to the core to ignore country IE hints.
Cc: Mihir Shete <smihir@qti.qualcomm.com>
Cc: Henri Bahini <hbahini@qca.qualcomm.com>
Cc: Tushnim Bhattacharyya <tushnimb@qca.qualcomm.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
802.11 cards may have different country IE parsing behavioural
preferences and vendors may want to support these. These preferences
were managed by the REGULATORY_CUSTOM_REG and the REGULATORY_STRICT_REG
flags and their combination. Instead of using this existing notation,
split out the country IE behavioural preferences as a new flag. This
will allow us to add more customizations easily and make the code more
maintainable.
Cc: Mihir Shete <smihir@qti.qualcomm.com>
Cc: Henri Bahini <hbahini@qca.qualcomm.com>
Cc: Tushnim Bhattacharyya <tushnimb@qca.qualcomm.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
[fix up conflicts]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This reflects that case is now completely separated.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This splits up the driver regulatory update on its
own, this helps simplify the reading the case.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This splits out the user regulatory update on its
own, this helps simplify reading the case.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This splits up the core regulatory update to be
set on its own helper. This should make it easier
to read exactly what type of requests should be
expected there. In this case its clear that
NL80211_REGDOM_SET_BY_CORE is only used by the
core for updating the world regulatory domain.
This is consistant with the nl80211.h documentation.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
[add warning to default switch case to avoid compiler warning]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
last_request is RCU protected, since we're getting it
on set_regdom() we might as well pass it to ensure the
same request is being processed, otherwise there is a
small race it could have changed. This makes processing
of the request atomic.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Drivers that set the WIPHY_FLAG_CUSTOM_REGULATORY skip
the core world regulatory domain updates, but do want
their reg_notifier() called. Move the check for this
closer to the source of the check that detected skipped
was required and while at it add a helper for the notifier
calling. This has no functional changes. This brings together
the place where we call the reg_notifier() will be called.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
It seems some out of tree drivers were using a regulatory_hint("00")
to trigger off the wiphy regulatory notifier, for those cases just
setting the WIPHY_FLAG_CUSTOM_REGULATORY would suffice to call
the reg_notifier() for a world regulatory domain update. If drivers
find other needs for calling the reg_notifier() a proper implemenation
is preferred.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
All the regulatory request process routines use the
same pattern.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This enforces proper RCU APIs accross the code.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is common code, this reduces the chance of making
a mistake of how we free it.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
By dealing with non country IE conficts first we can shift
the code that deals with the conflict to the left. This has
no functional changes.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is the last split up of the old unified __regultory_hint()
processing set of functionality, it moves the country IE processing
all on its own. This makes it easier to follow and read what exactly
is going on for the case of processing country IEs.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This makes the code easier to read and follow.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This makes the code path easier to read and lets us
split out some functionality that is only user specific,
that makes it easier to read the other types of requests.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This makes the code path easier to read for the core case.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
[add warning to default case in switch to avoid compile warning]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Currently nl80211 allows userspace to send the kernel
a bogus regulatory domain with at most 32 rules set
and it won't reject it until after its allocated
memory. Let's be smart about it and take advantage
that the last_request is now available under RTNL
and check if the alpha2 matches an expected request
and reject any bogus userspace requests prior to
hitting the memory allocator.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If a custom regulatory domain is passed and if a rule for a
channel indicates it should be disabled that channel should
always remain disabled as per its documentation and design.
Likewise if WIPHY_FLAG_STRICT_REGULATORY flag is set and a
regulatory_hint() is issued if a channel is disabled that
channel should remain disabled.
Without this change only drivers that set the _orig flags
appropriately on their own would ensure disallowed channels
remaind disabled. This helps drivers save code by relying on
the APIS provided to entrust channels that should not be enabled
be respected by only having to use wiphy_apply_custom_regulatory()
or regulatory_hint() with the WIPHY_FLAG_STRICT_REGULATORY set.
If wiphy_apply_custom_regulatory() is used together with
WIPHY_FLAG_STRICT_REGULATORY and a regulatory_hint() issued
later, the incoming regulatory domain can override previously
set _orig parameters from the initial custom regulatory
setting.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If genregdb.awk assumes the file will end with an
extra empty line or a comment line. This is could
not be true so just address this.
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Acked-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>