[RFC 1/3] cfg80211: fix data type of sta_opmode_info parameter
Currently bw and smps_mode are u8 type value in sta_opmode_info structure. This values filled in mac80211 from ieee80211_sta_rx_bandwidth and ieee80211_smps_mode. These enum values are specific to mac80211 and userspace/cfg80211 doesn't know about that. This will lead to incorrect result/assumption by the user space application. Change bw and smps_mode parameters to their respective enums in nl80211. Signed-off-by: Tamizh chelvam --- include/net/cfg80211.h | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index fc40843..4341508 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -3572,15 +3572,15 @@ enum wiphy_opmode_flag { /** * struct sta_opmode_info - Station's ht/vht operation mode information * @changed: contains value from &enum wiphy_opmode_flag - * @smps_mode: New SMPS mode of a station - * @bw: new max bandwidth value of a station + * @smps_mode: New SMPS mode value from &enum nl80211_smps_mode of a station + * @bw: new max bandwidth value from &enum nl80211_chan_width of a station * @rx_nss: new rx_nss value of a station */ struct sta_opmode_info { u32 changed; - u8 smps_mode; - u8 bw; + enum nl80211_smps_mode smps_mode; + enum nl80211_chan_width bw; u8 rx_nss; }; -- 1.9.1
[RFC 2/3] mac80211: Use proper smps_mode enum in sta opmode event
SMPS_MODE change value notified via nl80211 contains mac80211 specific value(ieee80211_smps_mode) and user space application will not know those values. This patch add support to map the mac80211 enum value to nl80211_smps_mode which will be understood by the userspace application. Signed-off-by: Tamizh chelvam --- net/mac80211/ht.c | 15 +++ net/mac80211/ieee80211_i.h | 2 ++ net/mac80211/rx.c | 3 ++- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c index d752353..c78036a 100644 --- a/net/mac80211/ht.c +++ b/net/mac80211/ht.c @@ -466,6 +466,21 @@ void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata, __ieee80211_stop_tx_ba_session(sta, tid, AGG_STOP_PEER_REQUEST); } +enum nl80211_smps_mode +ieee80211_smps_mode_to_smps_mode(enum ieee80211_smps_mode smps) +{ + switch (smps) { + case IEEE80211_SMPS_OFF: + return NL80211_SMPS_OFF; + case IEEE80211_SMPS_STATIC: + return NL80211_SMPS_STATIC; + case IEEE80211_SMPS_DYNAMIC: + return NL80211_SMPS_DYNAMIC; + default: + return NL80211_SMPS_OFF; + } +} + int ieee80211_send_smps_action(struct ieee80211_sub_if_data *sdata, enum ieee80211_smps_mode smps, const u8 *da, const u8 *bssid) diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index ae9c33c..9237ffb 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -1788,6 +1788,8 @@ void ieee80211_stop_tx_ba_cb(struct sta_info *sta, int tid, void ieee80211_release_reorder_timeout(struct sta_info *sta, int tid); u8 ieee80211_mcs_to_chains(const struct ieee80211_mcs_info *mcs); +enum nl80211_smps_mode +ieee80211_smps_mode_to_smps_mode(enum ieee80211_smps_mode smps); /* VHT */ void diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 27bb1f0..f8c69ac 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -2883,7 +2883,8 @@ static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata, if (rx->sta->sta.smps_mode == smps_mode) goto handled; rx->sta->sta.smps_mode = smps_mode; - sta_opmode.smps_mode = smps_mode; + sta_opmode.smps_mode = + ieee80211_smps_mode_to_smps_mode(smps_mode); sta_opmode.changed = STA_OPMODE_SMPS_MODE_CHANGED; sband = rx->local->hw.wiphy->bands[status->band]; -- 1.9.1
[RFC 0/3] cfg80211/mac80211: Notify proper sta opmode change value
Currently bw and smps_mode are u8 type value in sta_opmode_info structure. This values filled in mac80211 from ieee80211_sta_rx_bandwidth and ieee80211_smps_mode. These enum values are specific to mac80211 and userspace/cfg80211 doesn't know about that. This patchset change its data type in the sta_opmode_info structure and mapping from mac80211 specific enum to nl80211 enum value. Tamizh chelvam (3): cfg80211: fix data type of sta_opmode_info parameter mac80211: Use proper smps_mode enum in sta opmode event mac80211: Use proper chan_width enum in sta opmode event Note : * Is this mac80211 approach sufficient ? or whether some more complete cleanup would be preferred ? include/net/cfg80211.h | 8 net/mac80211/ht.c | 15 +++ net/mac80211/ieee80211_i.h | 4 net/mac80211/rx.c | 6 -- net/mac80211/vht.c | 32 +++- 5 files changed, 58 insertions(+), 7 deletions(-) -- 1.9.1
[RFC 3/3] mac80211: Use proper chan_width enum in sta opmode event
Bandwidth change value reported via nl80211 contains mac80211 specific enum value(ieee80211_sta_rx_bw) and which is not understand by userspace application. Map the mac80211 specific value to nl80211_chan_width enum value to avoid using wrong value in the userspace application. And used station's ht/vht capability to map IEEE80211_STA_RX_BW_20 and IEEE80211_STA_RX_BW_160 with proper nl80211 value. Signed-off-by: Tamizh chelvam --- net/mac80211/ieee80211_i.h | 2 ++ net/mac80211/rx.c | 3 ++- net/mac80211/vht.c | 32 +++- 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 9237ffb..6c341d8 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -1816,6 +1816,8 @@ void ieee80211_apply_vhtcap_overrides(struct ieee80211_sub_if_data *sdata, struct ieee80211_sta_vht_cap *vht_cap); void ieee80211_get_vht_mask_from_cap(__le16 vht_cap, u16 vht_mask[NL80211_VHT_NSS_MAX]); +enum nl80211_chan_width +ieee80211_sta_rx_bw_to_chan_width(struct sta_info *sta); /* Spectrum management */ void ieee80211_process_measurement_req(struct ieee80211_sub_if_data *sdata, diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index f8c69ac..3a9f0c0 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -2922,7 +2922,8 @@ static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata, rx->sta->sta.bandwidth = new_bw; sband = rx->local->hw.wiphy->bands[status->band]; - sta_opmode.bw = new_bw; + sta_opmode.bw = + ieee80211_sta_rx_bw_to_chan_width(rx->sta); sta_opmode.changed = STA_OPMODE_MAX_BW_CHANGED; rate_control_rate_update(local, sband, rx->sta, diff --git a/net/mac80211/vht.c b/net/mac80211/vht.c index 5714dee..259325c 100644 --- a/net/mac80211/vht.c +++ b/net/mac80211/vht.c @@ -358,6 +358,36 @@ enum nl80211_chan_width ieee80211_sta_cap_chan_bw(struct sta_info *sta) return NL80211_CHAN_WIDTH_80; } +enum nl80211_chan_width +ieee80211_sta_rx_bw_to_chan_width(struct sta_info *sta) +{ + enum ieee80211_sta_rx_bandwidth cur_bw = sta->sta.bandwidth; + struct ieee80211_sta_vht_cap *vht_cap = &sta->sta.vht_cap; + u32 cap_width; + + switch (cur_bw) { + case IEEE80211_STA_RX_BW_20: + if (!sta->sta.ht_cap.ht_supported) + return NL80211_CHAN_WIDTH_20_NOHT; + else + return NL80211_CHAN_WIDTH_20; + case IEEE80211_STA_RX_BW_40: + return NL80211_CHAN_WIDTH_40; + case IEEE80211_STA_RX_BW_80: + return NL80211_CHAN_WIDTH_80; + case IEEE80211_STA_RX_BW_160: + cap_width = + vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; + + if (cap_width == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ) + return NL80211_CHAN_WIDTH_160; + + return NL80211_CHAN_WIDTH_80P80; + default: + return NL80211_CHAN_WIDTH_20; + } +} + enum ieee80211_sta_rx_bandwidth ieee80211_chan_width_to_rx_bw(enum nl80211_chan_width width) { @@ -484,7 +514,7 @@ u32 __ieee80211_vht_handle_opmode(struct ieee80211_sub_if_data *sdata, new_bw = ieee80211_sta_cur_vht_bw(sta); if (new_bw != sta->sta.bandwidth) { sta->sta.bandwidth = new_bw; - sta_opmode.bw = new_bw; + sta_opmode.bw = ieee80211_sta_rx_bw_to_chan_width(sta); changed |= IEEE80211_RC_BW_CHANGED; sta_opmode.changed |= STA_OPMODE_MAX_BW_CHANGED; } -- 1.9.1
Re: [PATCHv2] ath10k: fix kernel panic while reading tpc_stats
On 2018-03-26 21:19, Kalle Valo wrote: Tamizh chelvam writes: When attempt to read tpc_stats for the chipsets which support more than 3 tx chain will trigger kernel panic(kernel stack is corrupted) due to writing values on rate_code array out of range. This patch changes the array size depends on the WMI_TPC_TX_N_CHAIN and added check to avoid write values on the array if the num tx chain get in tpc config event is greater than WMI_TPC_TX_N_CHAIN. Tested on QCA9984 with firmware-5.bin_10.4-3.5.3-00057 Kernel panic log : [ 323.510944] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: bf90c654 [ 323.510944] [ 323.524390] CPU: 0 PID: 1908 Comm: cat Not tainted 3.14.77 #31 [ 323.530224] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 323.537941] [] (show_stack) from [] (dump_stack+0x80/0xa0) [ 323.545146] [] (dump_stack) from [] (panic+0x84/0x1e4) [ 323.552000] [] (panic) from [] (__stack_chk_fail+0x10/0x14) [ 323.559350] [] (__stack_chk_fail) from [] (ath10k_wmi_event_pdev_tpc_config+0x424/0x438 [ath10k_core]) [ 323.570471] [] (ath10k_wmi_event_pdev_tpc_config [ath10k_core]) from [] (ath10k_wmi_10_4_op_rx+0x2f0/0x39c [ath10k_core]) [ 323.583047] [] (ath10k_wmi_10_4_op_rx [ath10k_core]) from [] (ath10k_htc_rx_completion_handler+0x170/0x1a0 [ath10k_core]) [ 323.595702] [] (ath10k_htc_rx_completion_handler [ath10k_core]) from [] (ath10k_pci_hif_send_complete_check+0x1f0/0x220 [ath10k_pci]) [ 323.609421] [] (ath10k_pci_hif_send_complete_check [ath10k_pci]) from [] (ath10k_ce_per_engine_service+0x74/0xc4 [ath10k_pci]) [ 323.622490] [] (ath10k_ce_per_engine_service [ath10k_pci]) from [] (ath10k_ce_per_engine_service_any+0x74/0x80 [ath10k_pci]) [ 323.635423] [] (ath10k_ce_per_engine_service_any [ath10k_pci]) from [] (ath10k_pci_napi_poll+0x44/0xe8 [ath10k_pci]) [ 323.647665] [] (ath10k_pci_napi_poll [ath10k_pci]) from [] (net_rx_action+0xac/0x160) [ 323.657208] [] (net_rx_action) from [] (__do_softirq+0x104/0x294) [ 323.665017] [] (__do_softirq) from [] (irq_exit+0x9c/0x11c) [ 323.672314] [] (irq_exit) from [] (handle_IRQ+0x6c/0x90) [ 323.679341] [] (handle_IRQ) from [] (gic_handle_irq+0x3c/0x60) [ 323.686893] [] (gic_handle_irq) from [] (__irq_svc+0x40/0x70) [ 323.694349] Exception stack(0xdd489c58 to 0xdd489ca0) [ 323.699384] 9c40: a013 [ 323.707547] 9c60: dc4bce40 6013 ddc1d800 dd488000 0990 c085c800 [ 323.715707] 9c80: dd489d44 092d dd489ca0 c026e664 c026e668 6013 [ 323.723877] [] (__irq_svc) from [] (rcu_note_context_switch+0x170/0x184) [ 323.732298] [] (rcu_note_context_switch) from [] (__schedule+0x50/0x4d4) [ 323.740716] [] (__schedule) from [] (schedule_timeout+0x148/0x178) [ 323.748611] [] (schedule_timeout) from [] (wait_for_common+0x114/0x154) [ 323.756972] [] (wait_for_common) from [] (ath10k_tpc_stats_open+0xc8/0x340 [ath10k_core]) [ 323.766873] [] (ath10k_tpc_stats_open [ath10k_core]) from [] (do_dentry_open+0x1ac/0x274) [ 323.776741] [] (do_dentry_open) from [] (do_last+0x8c0/0xb08) [ 323.784201] [] (do_last) from [] (path_openat+0x210/0x598) [ 323.791408] [] (path_openat) from [] (do_filp_open+0x2c/0x78) [ 323.798873] [] (do_filp_open) from [] (do_sys_open+0x114/0x1b4) [ 323.806509] [] (do_sys_open) from [] (ret_fast_syscall+0x0/0x44) [ 323.814241] CPU1: stopping [ 323.816927] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 3.14.77 #31 [ 323.823008] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 323.830731] [] (show_stack) from [] (dump_stack+0x80/0xa0) [ 323.837934] [] (dump_stack) from [] (handle_IPI+0xb8/0x140) [ 323.845224] [] (handle_IPI) from [] (gic_handle_irq+0x58/0x60) [ 323.852774] [] (gic_handle_irq) from [] (__irq_svc+0x40/0x70) [ 323.860233] Exception stack(0xdd499fa0 to 0xdd499fe8) [ 323.865273] 9fa0: ffed 1d3c9000 dd498000 dd498030 10c0387d c08b62c8 [ 323.873432] 9fc0: 4220406a 512f04d0 0001 dd499fe8 c021838c c0218390 [ 323.881588] 9fe0: 6013 [ 323.885070] [] (__irq_svc) from [] (arch_cpu_idle+0x30/0x50) [ 323.892454] [] (arch_cpu_idle) from [] (cpu_startup_entry+0xa4/0x108) [ 323.900690] [] (cpu_startup_entry) from [<422085a4>] (0x422085a4) Signed-off-by: Tamizh chelvam In v1 kbuild reported this warning: drivers/net/wireless/ath/ath10k/wmi.c:4465:14: error: 'struct ath10k' has no member named 'debug' Did you fix it? oops:( sorry, I'll send next version of the patch by fixing it. @@ -4455,6 +4461,8 @@ void ath10k_wmi_event_pdev_tpc_config(struct ath10k *ar, struct sk_buff *skb) __le32_to_cpu(ev->twice_max_rd_power) / 2, __le32_to_cpu(ev->num_tx_chain), __le32_to_cpu(ev->rate_max)); +exit: + complete(&ar->debug.tpc_complete); } And why do you need this anyway? The commit log doesn't explain
Re: [PATCH v2] ath10k: debugfs support to get final TPC stats for 10.4 variants
What exactly "control power" means? Can you illustrate or give examples? Thanks! On Mon, Feb 26, 2018 at 9:33 PM, Maharaja Kennadyrajan wrote: > On 2018-02-27 1:19 am, Joshua Zhao wrote: >> >> as you said: >> The existing tpc_stats debugfs file provides the dump which is >> minimum of target power and regulatory domain. >> cat >> /sys/kernel/debug/ieee80211/phyX/ath10k/tpc_stats >> >> I’m curious what’s exact difference w/ this new addition: >> Export the final Transmit Power Control (TPC) value, which is >> the minimum of control power and existing TPC value to user space via >> a new debugfs file "tpc_stats_final" to help with debugging. >> >> Can you clarify or give examples on the difference? >> >> Thanks! > > > The existing tpc_stats is the minimum of "target power and regulatory > domain". > The new addition is the minimum of "existing tpc_stats and control power" > which means minimum of "control power, target power and regulatory domain". > > -- > Regards, > Maha
Re: [PATCH] staging: wilc1000: replace kmalloc + memcpy with kmemdup
On Mon, 26 Mar 2018 18:16:29 +0100 Colin King wrote: > From: Colin Ian King > > Replace several allocation and memcpys with kmemdup and add in some > missing memory allocation failure checks. Also fix an incorrect > -EFAULT return with -ENOMEM. > > Signed-off-by: Colin Ian King > --- > drivers/staging/wilc1000/host_interface.c | 75 > +++ > 1 file changed, 46 insertions(+), 29 deletions(-) > > diff --git a/drivers/staging/wilc1000/host_interface.c > b/drivers/staging/wilc1000/host_interface.c > index 9b9b86654958..8fd367f87fa5 100644 > --- a/drivers/staging/wilc1000/host_interface.c > +++ b/drivers/staging/wilc1000/host_interface.c > @@ -797,6 +797,10 @@ static s32 handle_scan(struct wilc_vif *vif, struct > scan_attr *scan_info) > for (i = 0; i < hidden_net->n_ssids; i++) > valuesize += ((hidden_net->net_info[i].ssid_len) + 1); > hdn_ntwk_wid_val = kmalloc(valuesize + 1, GFP_KERNEL); > + if (!hdn_ntwk_wid_val) { > + result = -ENOMEM; > + goto error; > + } Please do not apply this changes. It will change the code flow differently. Check for NULl value in '(wid_list[index].val)' is already presented. It has to proceed with the below flow instead of returning from there. > wid_list[index].val = hdn_ntwk_wid_val; > if (wid_list[index].val) { > buffer = wid_list[index].val; > @@ -943,39 +947,35 @@ static s32 handle_connect(struct wilc_vif *vif, > } > > if (conn_attr->bssid) { > - hif_drv->usr_conn_req.bssid = kmalloc(6, GFP_KERNEL); > + hif_drv->usr_conn_req.bssid = kmemdup(conn_attr->bssid, 6, > + GFP_KERNEL); > if (!hif_drv->usr_conn_req.bssid) { > result = -ENOMEM; > goto error; > } > - memcpy(hif_drv->usr_conn_req.bssid, conn_attr->bssid, 6); > } > > hif_drv->usr_conn_req.ssid_len = conn_attr->ssid_len; > if (conn_attr->ssid) { > - hif_drv->usr_conn_req.ssid = kmalloc(conn_attr->ssid_len + 1, > + hif_drv->usr_conn_req.ssid = kmemdup(conn_attr->ssid, > + conn_attr->ssid_len + 1, >GFP_KERNEL); Sorry, I too missed to see that scenario. As suggested, kmemdup can not be used directly to replace kmalloc & memcpy in this case. The size used for kmalloc is not equal to size of data copy in memcpy i.e kmalloc is done for 1 byte extra to keep the NULL character. The direct replacement of kmalloc with kmemdup is not applicable here. > if (!hif_drv->usr_conn_req.ssid) { > result = -ENOMEM; > goto error; > } > - memcpy(hif_drv->usr_conn_req.ssid, > -conn_attr->ssid, > -conn_attr->ssid_len); > hif_drv->usr_conn_req.ssid[conn_attr->ssid_len] = '\0'; > } > > hif_drv->usr_conn_req.ies_len = conn_attr->ies_len; > if (conn_attr->ies) { > - hif_drv->usr_conn_req.ies = kmalloc(conn_attr->ies_len, > + hif_drv->usr_conn_req.ies = kmemdup(conn_attr->ies, > + conn_attr->ies_len, > GFP_KERNEL); > if (!hif_drv->usr_conn_req.ies) { > result = -ENOMEM; > goto error; > } > - memcpy(hif_drv->usr_conn_req.ies, > -conn_attr->ies, > -conn_attr->ies_len); > } > > hif_drv->usr_conn_req.security = conn_attr->security; > @@ -1009,9 +1009,12 @@ static s32 handle_connect(struct wilc_vif *vif, > > if (memcmp("DIRECT-", conn_attr->ssid, 7)) { > info_element_size = hif_drv->usr_conn_req.ies_len; > - info_element = kmalloc(info_element_size, GFP_KERNEL); > - memcpy(info_element, hif_drv->usr_conn_req.ies, > -info_element_size); > + info_element = kmemdup(hif_drv->usr_conn_req.ies, > +info_element_size, GFP_KERNEL); > + if (!info_element) { > + result = -ENOMEM; > + goto error; > + } > } "info_element" variable was removed in my previous submitted patchset. Those changes are still not included in Greg's staging repo. Few changes in this patch are already included in previous patchset,which might give conflict. But few changes are not present which can be applied like returning -ENOMEM in case of allocation failure. Regards, Ajay
Re: [PATCH] mac80211: Fix wlan freezes under load at rekey
> so far i see no regressions with 9984 with that patch > > except that 9984 has a rekeying problem at all. with wds ap -> wds sta > mode rekeying will fail and it will reauthenticate at each interval. (it > disconnects and reconnects) > but this is a long term issue qca never fixed for years. 988x doesnt > suffer from that issue Thanks for testing, sounds promising. If anyone is interested how it looks in my test environment I've uploaded two sample captures to https://www.awhome.eu/index.php/s/abxgp9pfi2ssCNy, showing how the unpatched and patched mac80211 are reacting to the rekey. The WPA Password is Induction and the AP rekeys all 30s. The AP is running lede 17.01.4, so it's way off from the current kernel/mac80211. The client is a HTC 10 phone running Lineageos. (The phone also has a WLAN card which has problems when rekeying.) There are quite many interesting things visible here, not the least one that ath9k leaks unencrypted frames for both patched and unpatched mac80211 which at least for my patched variant probably allow to calculate the TK key and encrypt all frames. I'm now experimenting now with KEY_FLAG_TAINTED, but it's not as straight forward as I expected.
Re: [PATCH v3 00/12] *** Add support for wifi QMI client driver ***
Add QMI client driver for Q6 integrated WLAN connectivity subsystem. Can you give an example which chipset series is Q6 integrated WLAN ? Thanks, Peter
[PATCH] staging: wilc1000: fix memdup.cocci warnings
From: Fengguang Wu drivers/staging/wilc1000/host_interface.c:946:32-39: WARNING opportunity for kmemdup drivers/staging/wilc1000/host_interface.c:970:30-37: WARNING opportunity for kmemdup Use kmemdup rather than duplicating its implementation Generated by: scripts/coccinelle/api/memdup.cocci Fixes: aaea2164bdff ("staging: wilc1000: check for kmalloc allocation failures") CC: Colin Ian King Signed-off-by: Fengguang Wu Signed-off-by: Julia Lawall --- tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git staging-next head: 12a0148711a440f5b7111f95a34dfce88cdb47d6 commit: aaea2164bdff39697d0f1ec69dcae62632e37974 [400/412] staging: wilc1000: check for kmalloc allocation failures In the first hunk, should 6 be ETH_ALEN? host_interface.c | 10 -- 1 file changed, 4 insertions(+), 6 deletions(-) --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -943,12 +943,12 @@ static s32 handle_connect(struct wilc_vi } if (conn_attr->bssid) { - hif_drv->usr_conn_req.bssid = kmalloc(6, GFP_KERNEL); + hif_drv->usr_conn_req.bssid = kmemdup(conn_attr->bssid, 6, + GFP_KERNEL); if (!hif_drv->usr_conn_req.bssid) { result = -ENOMEM; goto error; } - memcpy(hif_drv->usr_conn_req.bssid, conn_attr->bssid, 6); } hif_drv->usr_conn_req.ssid_len = conn_attr->ssid_len; @@ -967,15 +967,13 @@ static s32 handle_connect(struct wilc_vi hif_drv->usr_conn_req.ies_len = conn_attr->ies_len; if (conn_attr->ies) { - hif_drv->usr_conn_req.ies = kmalloc(conn_attr->ies_len, + hif_drv->usr_conn_req.ies = kmemdup(conn_attr->ies, + conn_attr->ies_len, GFP_KERNEL); if (!hif_drv->usr_conn_req.ies) { result = -ENOMEM; goto error; } - memcpy(hif_drv->usr_conn_req.ies, - conn_attr->ies, - conn_attr->ies_len); } hif_drv->usr_conn_req.security = conn_attr->security;
wil6210: low level sector API
Hi, I am working on wil6210 sector control. Now I think I can successfully call these 4 functions( set_cfg, get_cfg, set_selected and get selected index) but it looks like it does not work well because, in the next Beacon Interval, TXSS will set a new TX sector again. My question is how I can disable TXSS. One way I found in the wmi.h is setting the number of sectors of TXSS to 0 or 1 by using wmi_prio_tx_sectors_num_cmd so that the TXSS will only use 1 sector. However, when I called this cmd, I got this error: wil6210 :03:00.0 wlp3s0: wil6210_irq_misc: Firmware error detected, assert codes FW 0x1038, UCODE 0x wil6210 :03:00.0 wlp3s0: wil_fw_core_dump: fw core dumped, size 823296 bytes wil6210 :03:00.0 wlp3s0: wil_notify_fw_error: Notify about firmware error So I am wondering whether the firmware does not support these kinds of wmi commands. Does anyone have any experience on this? Thank you. Thanks, David
[PATCH v7 05/11] nl80211: Add SOCKET_OWNER support to JOIN_IBSS
Signed-off-by: Denis Kenzior --- include/uapi/linux/nl80211.h | 2 ++ net/wireless/ibss.c | 1 + net/wireless/nl80211.c | 6 ++ 3 files changed, 9 insertions(+) diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index 1cdac3d732c1..877fab2836ec 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -1985,6 +1985,8 @@ enum nl80211_commands { * multicast group. * If set during %NL80211_CMD_ASSOCIATE or %NL80211_CMD_CONNECT the * station will deauthenticate when the socket is closed. + * If set during %NL80211_CMD_JOIN_IBSS the IBSS will be automatically + * torn down when the socket is closed. * * @NL80211_ATTR_TDLS_INITIATOR: flag attribute indicating the current end is * the TDLS link initiator. diff --git a/net/wireless/ibss.c b/net/wireless/ibss.c index a1d10993d08a..d5d26fc5b853 100644 --- a/net/wireless/ibss.c +++ b/net/wireless/ibss.c @@ -224,6 +224,7 @@ int __cfg80211_leave_ibss(struct cfg80211_registered_device *rdev, if (err) return err; + wdev->conn_owner_nlportid = 0; __cfg80211_clear_ibss(dev, nowext); return 0; diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 234f6a41aa03..2f630ee3240b 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -8704,6 +8704,12 @@ static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); if (err) kzfree(connkeys); + else if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) { + wdev_lock(dev->ieee80211_ptr); + dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; + wdev_unlock(dev->ieee80211_ptr); + } + return err; } -- 2.13.5
[PATCH v7 03/11] nl80211: Add CONTROL_PORT_OVER_NL80211 attribute
Signed-off-by: Denis Kenzior --- include/net/cfg80211.h | 3 +++ include/uapi/linux/nl80211.h | 14 +- net/wireless/nl80211.c | 26 ++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 76b6783f35f6..2e7f30c66913 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -646,6 +646,8 @@ struct survey_info { * allowed through even on unauthorized ports * @control_port_no_encrypt: TRUE to prevent encryption of control port * protocol frames. + * @control_port_over_nl80211: TRUE if userspace expects to exchange control + * port frames over NL80211 instead of the network interface. * @wep_keys: static WEP keys, if not NULL points to an array of * CFG80211_MAX_WEP_KEYS WEP keys * @wep_tx_key: key index (0..3) of the default TX static WEP key @@ -661,6 +663,7 @@ struct cfg80211_crypto_settings { bool control_port; __be16 control_port_ethertype; bool control_port_no_encrypt; + bool control_port_over_nl80211; struct key_params *wep_keys; int wep_tx_key; const u8 *psk; diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index 77675ae3e475..1cdac3d732c1 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -542,7 +542,8 @@ * IEs in %NL80211_ATTR_IE, %NL80211_ATTR_AUTH_TYPE, %NL80211_ATTR_USE_MFP, * %NL80211_ATTR_MAC, %NL80211_ATTR_WIPHY_FREQ, %NL80211_ATTR_CONTROL_PORT, * %NL80211_ATTR_CONTROL_PORT_ETHERTYPE, - * %NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT, %NL80211_ATTR_MAC_HINT, and + * %NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT, + * %NL80211_ATTR_CONTROL_PORT_OVER_NL80211, %NL80211_ATTR_MAC_HINT, and * %NL80211_ATTR_WIPHY_FREQ_HINT. * If included, %NL80211_ATTR_MAC and %NL80211_ATTR_WIPHY_FREQ are * restrictions on BSS selection, i.e., they effectively prevent roaming @@ -1488,6 +1489,15 @@ enum nl80211_commands { * @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT: When included along with * %NL80211_ATTR_CONTROL_PORT_ETHERTYPE, indicates that the custom * ethertype frames used for key negotiation must not be encrypted. + * @NL80211_ATTR_CONTROL_PORT_OVER_NL80211: A flag indicating whether control + * port frames (e.g. of type given in %NL80211_ATTR_CONTROL_PORT_ETHERTYPE) + * will be sent directly to the network interface or sent via the NL80211 + * socket. If this attribute is missing, then legacy behavior of sending + * control port frames directly to the network interface is used. If the + * flag is included, then control port frames are sent over NL80211 instead + * using %CMD_CONTROL_PORT_FRAME. If control port routing over NL80211 is + * to be used then userspace must also use the %NL80211_ATTR_SOCKET_OWNER + * flag. * * @NL80211_ATTR_TESTDATA: Testmode data blob, passed through to the driver. * We recommend using nested, driver-specific attributes within this. @@ -2641,6 +2651,8 @@ enum nl80211_attrs { NL80211_ATTR_NSS, NL80211_ATTR_ACK_SIGNAL, + NL80211_ATTR_CONTROL_PORT_OVER_NL80211, + /* add attributes here, update the policy in nl80211.c */ __NL80211_ATTR_AFTER_LAST, diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index aadc1f090b65..234f6a41aa03 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -287,6 +287,7 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, + [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG }, [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, @@ -8204,6 +8205,22 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) return err; } +static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev, +struct genl_info *info) +{ + if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) { + GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set"); + return -EINVAL; + } + + if (!rdev->ops->tx_control_port || + !wiphy_ext_feature_isset(&rdev->wiphy, + NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) + return -EOPNOTSUPP; + + return 0; +} + static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, struct genl_info *info, struct cfg80211_crypto_settings *settings, @@ -8227,6 +8244,15 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
[PATCH v7 10/11] mac80211: Add support for tx_control_port
Signed-off-by: Denis Kenzior --- net/mac80211/cfg.c | 1 + net/mac80211/ieee80211_i.h | 3 +++ net/mac80211/tx.c | 46 ++ 3 files changed, 50 insertions(+) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index fd68f6fb02d7..9294acb495ee 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -3786,4 +3786,5 @@ const struct cfg80211_ops mac80211_config_ops = { .add_nan_func = ieee80211_add_nan_func, .del_nan_func = ieee80211_del_nan_func, .set_multicast_to_unicast = ieee80211_set_multicast_to_unicast, + .tx_control_port = ieee80211_tx_control_port, }; diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index ae9c33cd8ada..a52bd2a61a27 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -1734,6 +1734,9 @@ void ieee80211_check_fast_xmit(struct sta_info *sta); void ieee80211_check_fast_xmit_all(struct ieee80211_local *local); void ieee80211_check_fast_xmit_iface(struct ieee80211_sub_if_data *sdata); void ieee80211_clear_fast_xmit(struct sta_info *sta); +int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev, + const u8 *buf, size_t len, + const u8 *dest, __be16 proto, bool unencrypted); /* HT */ void ieee80211_apply_htcap_overrides(struct ieee80211_sub_if_data *sdata, diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 7643178ef132..6ae8fe121500 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -4749,3 +4749,49 @@ void __ieee80211_tx_skb_tid_band(struct ieee80211_sub_if_data *sdata, ieee80211_xmit(sdata, NULL, skb); local_bh_enable(); } + +int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev, + const u8 *buf, size_t len, + const u8 *dest, __be16 proto, bool unencrypted) +{ + struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); + struct ieee80211_local *local = sdata->local; + struct sk_buff *skb; + struct ethhdr *ehdr; + u32 flags; + + /* Only accept CONTROL_PORT_PROTOCOL configured in CONNECT/ASSOCIATE +* or Pre-Authentication +*/ + if (proto != sdata->control_port_protocol && + proto != cpu_to_be16(ETH_P_PREAUTH)) + return -EINVAL; + + if (unencrypted) + flags = IEEE80211_TX_INTFL_DONT_ENCRYPT; + else + flags = 0; + + skb = dev_alloc_skb(local->hw.extra_tx_headroom + + sizeof(struct ethhdr) + len); + if (!skb) + return -ENOMEM; + + skb_reserve(skb, local->hw.extra_tx_headroom + sizeof(struct ethhdr)); + + skb_put_data(skb, buf, len); + + ehdr = skb_push(skb, sizeof(struct ethhdr)); + memcpy(ehdr->h_dest, dest, ETH_ALEN); + memcpy(ehdr->h_source, sdata->vif.addr, ETH_ALEN); + ehdr->h_proto = proto; + + skb->dev = dev; + skb->protocol = htons(ETH_P_802_3); + skb_reset_network_header(skb); + skb_reset_mac_header(skb); + + __ieee80211_subif_start_xmit(skb, skb->dev, flags); + + return 0; +} -- 2.13.5
[PATCH v7 08/11] nl80211: Add control_port_over_nl80211 for ibss
Signed-off-by: Denis Kenzior --- include/net/cfg80211.h | 3 +++ net/wireless/nl80211.c | 9 + 2 files changed, 12 insertions(+) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 2e7f30c66913..2a28f446648e 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -2033,6 +2033,8 @@ struct cfg80211_disassoc_request { * sets/clears %NL80211_STA_FLAG_AUTHORIZED. If true, the driver is * required to assume that the port is unauthorized until authorized by * user space. Otherwise, port is marked authorized by default. + * @control_port_over_nl80211: TRUE if userspace expects to exchange control + * port frames over NL80211 instead of the network interface. * @userspace_handles_dfs: whether user space controls DFS operation, i.e. * changes the channel when a radar is detected. This is required * to operate on DFS channels. @@ -2056,6 +2058,7 @@ struct cfg80211_ibss_params { bool channel_fixed; bool privacy; bool control_port; + bool control_port_over_nl80211; bool userspace_handles_dfs; int mcast_rate[NUM_NL80211_BANDS]; struct ieee80211_ht_cap ht_capa; diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 34e8435f0c43..774f5d6ba8e4 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -8702,6 +8702,15 @@ static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) ibss.control_port = nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); + if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { + int r = validate_pae_over_nl80211(rdev, info); + + if (r < 0) + return r; + + ibss.control_port_over_nl80211 = true; + } + ibss.userspace_handles_dfs = nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); -- 2.13.5
[PATCH v7 02/11] nl80211: Implement TX of control port frames
This commit implements the TX side of NL80211_CMD_CONTROL_PORT_FRAME. Userspace provides the raw EAPoL frame using NL80211_ATTR_FRAME. Userspace should also provide the destination address and the protocol type to use when sending the frame. This is used to implement TX of Pre-authentication frames. If CONTROL_PORT_ETHERTYPE_NO_ENCRYPT is specified, then the driver will be asked not to encrypt the outgoing frame. A new EXT_FEATURE flag is introduced so that nl80211 code can check whether a given wiphy has capability to pass EAPoL frames over NL80211. Signed-off-by: Denis Kenzior --- include/net/cfg80211.h | 9 ++ include/uapi/linux/nl80211.h | 3 ++ net/wireless/nl80211.c | 71 +++- net/wireless/rdev-ops.h | 15 ++ net/wireless/trace.h | 26 5 files changed, 123 insertions(+), 1 deletion(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 6dee630ee66d..76b6783f35f6 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -2960,6 +2960,9 @@ struct cfg80211_external_auth_params { * * @external_auth: indicates result of offloaded authentication processing from * user space + * + * @tx_control_port: TX a control port frame (EAPoL). The noencrypt parameter + * tells the driver that the frame should not be encrypted. */ struct cfg80211_ops { int (*suspend)(struct wiphy *wiphy, struct cfg80211_wowlan *wow); @@ -3255,6 +3258,12 @@ struct cfg80211_ops { const u8 *aa); int (*external_auth)(struct wiphy *wiphy, struct net_device *dev, struct cfg80211_external_auth_params *params); + + int (*tx_control_port)(struct wiphy *wiphy, + struct net_device *dev, + const u8 *buf, size_t len, + const u8 *dest, const __be16 proto, + const bool noencrypt); }; /* diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index 1334f810f7b4..77675ae3e475 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -5012,6 +5012,8 @@ enum nl80211_feature_flags { * @NL80211_EXT_FEATURE_LOW_SPAN_SCAN: Driver supports low span scan. * @NL80211_EXT_FEATURE_LOW_POWER_SCAN: Driver supports low power scan. * @NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN: Driver supports high accuracy scan. + * @NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211: Driver supports sending and + * receiving control port frames over NL80211 instead of the netdevice. * * @NUM_NL80211_EXT_FEATURES: number of extended features. * @MAX_NL80211_EXT_FEATURES: highest extended feature index. @@ -5042,6 +5044,7 @@ enum nl80211_ext_feature_index { NL80211_EXT_FEATURE_LOW_SPAN_SCAN, NL80211_EXT_FEATURE_LOW_POWER_SCAN, NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN, + NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211, /* add new features before the definition below */ NUM_NL80211_EXT_FEATURES, diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index d7dcc2d05025..aadc1f090b65 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -12517,6 +12517,68 @@ static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info) return rdev_external_auth(rdev, dev, ¶ms); } +static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info) +{ + struct cfg80211_registered_device *rdev = info->user_ptr[0]; + struct net_device *dev = info->user_ptr[1]; + struct wireless_dev *wdev = dev->ieee80211_ptr; + const u8 *buf; + size_t len; + u8 *dest; + u16 proto; + bool noencrypt; + int err; + + if (!wiphy_ext_feature_isset(&rdev->wiphy, + NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) + return -EOPNOTSUPP; + + if (!rdev->ops->tx_control_port) + return -EOPNOTSUPP; + + if (!info->attrs[NL80211_ATTR_FRAME] || + !info->attrs[NL80211_ATTR_MAC] || + !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { + GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing"); + return -EINVAL; + } + + wdev_lock(wdev); + + switch (wdev->iftype) { + case NL80211_IFTYPE_AP: + case NL80211_IFTYPE_P2P_GO: + case NL80211_IFTYPE_MESH_POINT: + break; + case NL80211_IFTYPE_ADHOC: + case NL80211_IFTYPE_STATION: + case NL80211_IFTYPE_P2P_CLIENT: + if (wdev->current_bss) + break; + err = -ENOTCONN; + goto out; + default: + err = -EOPNOTSUPP; + goto out; + } + + wdev_unlock(wdev); + + buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); + len = nla_len(info-
[PATCH v7 04/11] cfg80211: Support all iftypes in autodisconnect_wk
Currently autodisconnect_wk assumes that only interface types of P2P_CLIENT and STATION use conn_owner_nlportid. Change this so all interface types are supported. Signed-off-by: Denis Kenzior --- net/wireless/sme.c | 43 --- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 701cfd7acc1b..5df6b33db786 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -1239,17 +1239,38 @@ void cfg80211_autodisconnect_wk(struct work_struct *work) wdev_lock(wdev); if (wdev->conn_owner_nlportid) { - /* -* Use disconnect_bssid if still connecting and ops->disconnect -* not implemented. Otherwise we can use cfg80211_disconnect. -*/ - if (rdev->ops->disconnect || wdev->current_bss) - cfg80211_disconnect(rdev, wdev->netdev, - WLAN_REASON_DEAUTH_LEAVING, true); - else - cfg80211_mlme_deauth(rdev, wdev->netdev, -wdev->disconnect_bssid, NULL, 0, -WLAN_REASON_DEAUTH_LEAVING, false); + switch (wdev->iftype) { + case NL80211_IFTYPE_ADHOC: + cfg80211_leave_ibss(rdev, wdev->netdev, false); + break; + case NL80211_IFTYPE_AP: + case NL80211_IFTYPE_P2P_GO: + cfg80211_stop_ap(rdev, wdev->netdev, false); + break; + case NL80211_IFTYPE_MESH_POINT: + cfg80211_leave_mesh(rdev, wdev->netdev); + break; + case NL80211_IFTYPE_STATION: + case NL80211_IFTYPE_P2P_CLIENT: + /* +* Use disconnect_bssid if still connecting and +* ops->disconnect not implemented. Otherwise we can +* use cfg80211_disconnect. +*/ + if (rdev->ops->disconnect || wdev->current_bss) + cfg80211_disconnect(rdev, wdev->netdev, + WLAN_REASON_DEAUTH_LEAVING, + true); + else + cfg80211_mlme_deauth(rdev, wdev->netdev, +wdev->disconnect_bssid, +NULL, 0, +WLAN_REASON_DEAUTH_LEAVING, +false); + break; + default: + break; + } } wdev_unlock(wdev); -- 2.13.5
[PATCH v7 00/11] EAPoL over NL80211
This patchset adds support for running 802.11 authentication mechanisms (e.g. 802.1X, 4-Way Handshake, etc) over NL80211 instead of putting them onto the network device. This has the advantage of fixing several long-standing race conditions that result from userspace operating on multiple transports in order to manage a 802.11 connection (e.g. NL80211 and wireless netdev, wlan0, etc). For example, userspace would sometimes see 4-Way handshake packets before NL80211 signaled that the connection has been established. Leading to ugly hacks or having the STA wait for retransmissions from the AP. This also provides a way to mitigate a particularly nasty race condition where the encryption key could be set prior to the 4-way handshake packet 4/4 being sent. This would result in the packet being sent encrypted and discarded by the peer. The mitigation strategy for this race is for userspace to explicitly tell the kernel that a particular EAPoL packet should not be encrypted. To make this possible this patchset introduces a new NL80211 command and several new attributes. A userspace that is capable of processing EAPoL packets over NL80211 includes a new NL80211_ATTR_CONTROL_PORT_OVER_NL80211 attribute in its NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT requests being sent to the kernel. The previously added NL80211_ATTR_SOCKET_OWNER attribute must also be included. The latter is used by the kernel to send NL80211_CMD_CONTROL_PORT_FRAME notifications back to userspace via a netlink unicast. If the NL80211_ATTR_CONTROL_PORT_OVER_NL80211 attribute is not specified, then legacy behavior is kept and control port packets continue to flow over the network interface. If control port over nl80211 transport is requested, then control port packets are intercepted just prior to being handed to the network device and sent over netlink via the NL80211_CMD_CONTROL_PORT_FRAME notification. NL80211_ATTR_CONTROL_PORT_ETHERTYPE and NL80211_ATTR_MAC are included to specify the control port frame protocol and source address respectively. If the control port frame was received unencrypted then NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT flag is also included. NL80211_ATTR_FRAME attribute contains the raw control port frame with all transport layer headers stripped (e.g. this would be the raw EAPoL frame). Userspace can reply to control port frames either via legacy methods (by sending frames to the network device) or via NL80211_CMD_CONTROL_PORT_FRAME request. Userspace would included NL80211_ATTR_FRAME with the raw control port frame as well as NL80211_Attr_MAC and NL80211_ATTR_CONTROL_PORT_ETHERTYPE attributes to specify the destination address and protocol respectively. This allows Pre-Authentication (protocol 0x88c7) frames to be sent via this mechanism as well. Finally, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT flag can be included to tell the driver to send the frame unencrypted, e.g. for 4-Way handshake 4/4 frames. The proposed patchset has been tested in a mac80211_hwsim based environment with hostapd and iwd. ChangeLog v7 - Resubmission dropping RFC tag v6 - Dropped AP_VLAN from supported interface types in patch 2 per mailing list discussion with Johannes - Added GENL_SET_ERR_MSG where appropriate - Added control_port_over_nl80211 parameter to ibss_params and mesh_config - Last patch updated to set sdata->control_port_over_nl80211 for ibss and mesh v5 - Johannes' main comment was that we're not handling interface types other than STATION inside tx_control_port (patch 2). This patch was modified to support all interface types that seemed relevant. - Since tx_control_port relies on wdev->conn_owner_nlportid being set, SOCKET_OWNER support was added to JOIN_IBSS, JOIN_MESH and START_AP - SOCKET_OWNER auto-destruction logic was updated to support interface types other than STATION/P2P_CLIENT - Last patch was modified to support control_port_over_nl80211 for mac80211 based AP mode. It also copies necessary bits for AP_VLAN interfaces. This version has been tested on both STATION and AP mode interfaces with SOCKET_OWNER & CONTROL_PORT_OVER_NL80211 attributes provided to CMD_CONNECT and CMD_START_AP. TODO: - It is unclear to me how AP_VLAN and AP interfaces should synchronize on conn_owner_nlportid. This is required for tx_control_port to work. - JOIN_IBSS & JOIN_MESH don't seem to support control_port_ethertype or control_port_no_encrypt. Should struct cfg80211_crypto_settings parsed inside nl80211_crypto_settings be added to ibss_params or mesh_config/mesh_setup? v4 - Reordered the patches to make sure that: when CONTROL_PORT_OVER_NL80211 is provided by userspace, nl80211 checks that both EXT_FEATURE bit is set and the tx_control_port is present in rdev ops. - Fixed up various issues Johannes found in his review v3 - Added ETH_P_PREAUTH to if_ether.h - Moved NL80211 feature bit from wiphy features to ext features - Addressed various comments from Johannes v2 - Added WIPHY_FLAG_CONTROL_PORT_OVER_NL80211 flag
[PATCH v7 01/11] nl80211: Add CMD_CONTROL_PORT_FRAME API
This commit also adds cfg80211_rx_control_port function. This is used to generate a CMD_CONTROL_PORT_FRAME event out to userspace. The conn_owner_nlportid is used as the unicast destination. This means that userspace must specify NL80211_ATTR_SOCKET_OWNER flag if control port over nl80211 routing is requested in NL80211_CMD_CONNECT, NL80211_CMD_ASSOCIATE or NL80211_CMD_START_AP Signed-off-by: Denis Kenzior --- include/net/cfg80211.h | 22 + include/uapi/linux/nl80211.h | 13 ++ net/wireless/nl80211.c | 58 net/wireless/trace.h | 21 4 files changed, 114 insertions(+) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index fc40843baed3..6dee630ee66d 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -5694,6 +5694,28 @@ void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie, /** + * cfg80211_rx_control_port - notification about a received control port frame + * @dev: The device the frame matched to + * @buf: control port frame + * @len: length of the frame data + * @addr: The peer from which the frame was received + * @proto: frame protocol, typically PAE or Pre-authentication + * @unencrypted: Whether the frame was received unencrypted + * + * This function is used to inform userspace about a received control port + * frame. It should only be used if userspace indicated it wants to receive + * control port frames over NL80211. + * + * The frame is the data portion of the 802.3 or 802.11 data frame with all + * network layer headers removed (e.g. the raw EAPoL frame). + * + * Return: %true if the frame was passed to userspace + */ +bool cfg80211_rx_control_port(struct net_device *dev, + const u8 *buf, size_t len, + const u8 *addr, u16 proto, bool unencrypted); + +/** * cfg80211_cqm_rssi_notify - connection quality monitoring rssi event * @dev: network device * @rssi_event: the triggered RSSI event diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index c13c84304be3..1334f810f7b4 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -990,6 +990,17 @@ * &NL80211_CMD_CONNECT or &NL80211_CMD_ROAM. If the 4 way handshake failed * &NL80211_CMD_DISCONNECT should be indicated instead. * + * @NL80211_CMD_CONTROL_PORT_FRAME: Control Port (e.g. PAE) frame TX request + * and RX notification. This command is used both as a request to transmit + * a control port frame and as a notification that a control port frame + * has been received. %NL80211_ATTR_FRAME is used to specify the + * frame contents. The frame is the raw EAPoL data, without ethernet or + * 802.11 headers. + * When used as an event indication %NL80211_ATTR_CONTROL_PORT_ETHERTYPE, + * %NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT and %NL80211_ATTR_MAC are added + * indicating the protocol type of the received frame; whether the frame + * was received unencrypted and the MAC address of the peer respectively. + * * @NL80211_CMD_RELOAD_REGDB: Request that the regdb firmware file is reloaded. * * @NL80211_CMD_EXTERNAL_AUTH: This interface is exclusively defined for host @@ -1228,6 +1239,8 @@ enum nl80211_commands { NL80211_CMD_STA_OPMODE_CHANGED, + NL80211_CMD_CONTROL_PORT_FRAME, + /* add new commands above here */ /* used to define NL80211_CMD_MAX below */ diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index a910150f8169..d7dcc2d05025 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -14535,6 +14535,64 @@ void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie, } EXPORT_SYMBOL(cfg80211_mgmt_tx_status); +static int __nl80211_rx_control_port(struct net_device *dev, +const u8 *buf, size_t len, +const u8 *addr, u16 proto, +bool unencrypted, gfp_t gfp) +{ + struct wireless_dev *wdev = dev->ieee80211_ptr; + struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); + struct sk_buff *msg; + void *hdr; + u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid); + + if (!nlportid) + return -ENOENT; + + msg = nlmsg_new(100 + len, gfp); + if (!msg) + return -ENOMEM; + + hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME); + if (!hdr) { + nlmsg_free(msg); + return -ENOMEM; + } + + if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || + nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || + nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), + NL80211_ATTR_PAD) || + nla_put(msg, NL80211_ATTR_FRAME, len, buf) || + nla_put(msg, NL80211_ATTR_MAC,
[PATCH v7 06/11] nl80211: Add SOCKET_OWNER support to JOIN_MESH
Signed-off-by: Denis Kenzior --- include/uapi/linux/nl80211.h | 2 ++ net/wireless/mesh.c | 1 + net/wireless/nl80211.c | 10 +- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index 877fab2836ec..e3329bc4644b 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -1987,6 +1987,8 @@ enum nl80211_commands { * station will deauthenticate when the socket is closed. * If set during %NL80211_CMD_JOIN_IBSS the IBSS will be automatically * torn down when the socket is closed. + * If set during %NL80211_CMD_JOIN_MESH the mesh setup will be + * automatically torn down when the socket is closed. * * @NL80211_ATTR_TDLS_INITIATOR: flag attribute indicating the current end is * the TDLS link initiator. diff --git a/net/wireless/mesh.c b/net/wireless/mesh.c index b12da6ef3c12..e91a5078615b 100644 --- a/net/wireless/mesh.c +++ b/net/wireless/mesh.c @@ -286,6 +286,7 @@ int __cfg80211_leave_mesh(struct cfg80211_registered_device *rdev, err = rdev_leave_mesh(rdev, dev); if (!err) { + wdev->conn_owner_nlportid = 0; wdev->mesh_id_len = 0; wdev->beacon_interval = 0; memset(&wdev->chandef, 0, sizeof(wdev->chandef)); diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 2f630ee3240b..05b903958894 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -10153,7 +10153,15 @@ static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) setup.userspace_handles_dfs = nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); - return cfg80211_join_mesh(rdev, dev, &setup, &cfg); + err = cfg80211_join_mesh(rdev, dev, &setup, &cfg); + + if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) { + wdev_lock(dev->ieee80211_ptr); + dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; + wdev_unlock(dev->ieee80211_ptr); + } + + return err; } static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) -- 2.13.5
[PATCH v7 07/11] nl80211: Add SOCKET_OWNER support to START_AP
Signed-off-by: Denis Kenzior --- include/uapi/linux/nl80211.h | 2 ++ net/wireless/ap.c| 1 + net/wireless/nl80211.c | 4 3 files changed, 7 insertions(+) diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index e3329bc4644b..9b4fd4bca141 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -1989,6 +1989,8 @@ enum nl80211_commands { * torn down when the socket is closed. * If set during %NL80211_CMD_JOIN_MESH the mesh setup will be * automatically torn down when the socket is closed. + * If set during %NL80211_CMD_START_AP the AP will be automatically + * disabled when the socket is closed. * * @NL80211_ATTR_TDLS_INITIATOR: flag attribute indicating the current end is * the TDLS link initiator. diff --git a/net/wireless/ap.c b/net/wireless/ap.c index 63682176c96c..882d97bdc6bf 100644 --- a/net/wireless/ap.c +++ b/net/wireless/ap.c @@ -27,6 +27,7 @@ int __cfg80211_stop_ap(struct cfg80211_registered_device *rdev, err = rdev_stop_ap(rdev, dev); if (!err) { + wdev->conn_owner_nlportid = 0; wdev->beacon_interval = 0; memset(&wdev->chandef, 0, sizeof(wdev->chandef)); wdev->ssid_len = 0; diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 05b903958894..34e8435f0c43 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -4135,6 +4135,10 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) wdev->chandef = params.chandef; wdev->ssid_len = params.ssid_len; memcpy(wdev->ssid, params.ssid, wdev->ssid_len); + + if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) + wdev->conn_owner_nlportid = info->snd_portid; + } wdev_unlock(wdev); -- 2.13.5
[PATCH v7 09/11] nl80211: Add control_port_over_nl80211 to mesh_setup
Signed-off-by: Denis Kenzior --- include/net/cfg80211.h | 3 +++ net/wireless/nl80211.c | 9 + 2 files changed, 12 insertions(+) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 2a28f446648e..bdb1a3c2661e 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -1453,6 +1453,8 @@ struct mesh_config { * @userspace_handles_dfs: whether user space controls DFS operation, i.e. * changes the channel when a radar is detected. This is required * to operate on DFS channels. + * @control_port_over_nl80211: TRUE if userspace expects to exchange control + * port frames over NL80211 instead of the network interface. * * These parameters are fixed when the mesh is created. */ @@ -1475,6 +1477,7 @@ struct mesh_setup { u32 basic_rates; struct cfg80211_bitrate_mask beacon_rate; bool userspace_handles_dfs; + bool control_port_over_nl80211; }; /** diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 774f5d6ba8e4..3947ec7bc3a0 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -10166,6 +10166,15 @@ static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) setup.userspace_handles_dfs = nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); + if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { + int r = validate_pae_over_nl80211(rdev, info); + + if (r < 0) + return r; + + setup.control_port_over_nl80211 = true; + } + err = cfg80211_join_mesh(rdev, dev, &setup, &cfg); if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) { -- 2.13.5
[PATCH v7 11/11] mac80211: Send control port frames over nl80211
If userspace requested control port frames to go over 80211, then do so. The control packets are intercepted just prior to delivery of the packet to the underlying network device. Pre-authentication type frames (protocol: 0x88c7) are also forwarded over nl80211. Signed-off-by: Denis Kenzior --- net/mac80211/cfg.c | 6 ++ net/mac80211/ibss.c| 1 + net/mac80211/ieee80211_i.h | 1 + net/mac80211/iface.c | 2 ++ net/mac80211/main.c| 2 ++ net/mac80211/mlme.c| 2 ++ net/mac80211/rx.c | 33 - 7 files changed, 42 insertions(+), 5 deletions(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 9294acb495ee..49112378e503 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -925,6 +925,8 @@ static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev, */ sdata->control_port_protocol = params->crypto.control_port_ethertype; sdata->control_port_no_encrypt = params->crypto.control_port_no_encrypt; + sdata->control_port_over_nl80211 = + params->crypto.control_port_over_nl80211; sdata->encrypt_headroom = ieee80211_cs_headroom(sdata->local, ¶ms->crypto, sdata->vif.type); @@ -934,6 +936,8 @@ static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev, params->crypto.control_port_ethertype; vlan->control_port_no_encrypt = params->crypto.control_port_no_encrypt; + vlan->control_port_over_nl80211 = + params->crypto.control_port_over_nl80211; vlan->encrypt_headroom = ieee80211_cs_headroom(sdata->local, ¶ms->crypto, @@ -2019,6 +2023,8 @@ static int ieee80211_join_mesh(struct wiphy *wiphy, struct net_device *dev, if (err) return err; + sdata->control_port_over_nl80211 = setup.control_port_over_nl80211; + /* can mesh use other SMPS modes? */ sdata->smps_mode = IEEE80211_SMPS_OFF; sdata->needed_rx_chains = sdata->local->rx_chains; diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c index db07e0de9a03..05ddc9291ec5 100644 --- a/net/mac80211/ibss.c +++ b/net/mac80211/ibss.c @@ -1844,6 +1844,7 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata, sdata->smps_mode = IEEE80211_SMPS_OFF; sdata->needed_rx_chains = local->rx_chains; + sdata->control_port_over_nl80211 = params->control_port_over_nl80211; ieee80211_queue_work(&local->hw, &sdata->work); diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index a52bd2a61a27..00dbc6a1b79d 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -899,6 +899,7 @@ struct ieee80211_sub_if_data { u16 sequence_number; __be16 control_port_protocol; bool control_port_no_encrypt; + bool control_port_over_nl80211; int encrypt_headroom; atomic_t num_tx_queued; diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index d13ba064951f..555e389b7dfa 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -519,6 +519,8 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) master->control_port_protocol; sdata->control_port_no_encrypt = master->control_port_no_encrypt; + sdata->control_port_over_nl80211 = + master->control_port_over_nl80211; sdata->vif.cab_queue = master->vif.cab_queue; memcpy(sdata->vif.hw_queue, master->vif.hw_queue, sizeof(sdata->vif.hw_queue)); diff --git a/net/mac80211/main.c b/net/mac80211/main.c index 0785d04a80bc..e5a51267c75d 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -554,6 +554,8 @@ struct ieee80211_hw *ieee80211_alloc_hw_nm(size_t priv_data_len, NL80211_FEATURE_USERSPACE_MPM | NL80211_FEATURE_FULL_AP_CLIENT_STATE; wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_FILS_STA); + wiphy_ext_feature_set(wiphy, + NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211); if (!ops->hw_scan) wiphy->features |= NL80211_FEATURE_LOW_PRIORITY_SCAN | diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 0024eff9bb84..b3665b857883 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -4844,6 +4844,8 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, sdata->control_port_protocol = req->crypto.control_port_ethertype; sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; + sdata->control_port_over_nl80211 = +
Re: [PATCH] staging: wilc1000: replace kmalloc + memcpy with kmemdup
Le 26/03/2018 à 19:16, Colin King a écrit : From: Colin Ian King Replace several allocation and memcpys with kmemdup and add in some missing memory allocation failure checks. Also fix an incorrect -EFAULT return with -ENOMEM. Signed-off-by: Colin Ian King --- drivers/staging/wilc1000/host_interface.c | 75 +++ 1 file changed, 46 insertions(+), 29 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index 9b9b86654958..8fd367f87fa5 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c [...] hif_drv->usr_conn_req.ssid_len = conn_attr->ssid_len; if (conn_attr->ssid) { - hif_drv->usr_conn_req.ssid = kmalloc(conn_attr->ssid_len + 1, + hif_drv->usr_conn_req.ssid = kmemdup(conn_attr->ssid, +conn_attr->ssid_len + 1, GFP_KERNEL); if (!hif_drv->usr_conn_req.ssid) { result = -ENOMEM; goto error; } - memcpy(hif_drv->usr_conn_req.ssid, - conn_attr->ssid, - conn_attr->ssid_len); > hif_drv->usr_conn_req.ssid[conn_attr->ssid_len] = '\0'; I don't know if it is an issue, but now the memcpy is 1 more byte (conn_attr->ssid_len vs conn_attr->ssid_len + 1) kmemdup_nul(conn_attr->ssid, conn_attr->ssid_len, GFP_KERNEL) and remove hif_drv->usr_conn_req.ssid[conn_attr->ssid_len] = '\0' ? CJ [...]
[RFC v6 06/11] nl80211: Add SOCKET_OWNER support to JOIN_MESH
Signed-off-by: Denis Kenzior --- include/uapi/linux/nl80211.h | 2 ++ net/wireless/mesh.c | 1 + net/wireless/nl80211.c | 10 +- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index 877fab2836ec..e3329bc4644b 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -1987,6 +1987,8 @@ enum nl80211_commands { * station will deauthenticate when the socket is closed. * If set during %NL80211_CMD_JOIN_IBSS the IBSS will be automatically * torn down when the socket is closed. + * If set during %NL80211_CMD_JOIN_MESH the mesh setup will be + * automatically torn down when the socket is closed. * * @NL80211_ATTR_TDLS_INITIATOR: flag attribute indicating the current end is * the TDLS link initiator. diff --git a/net/wireless/mesh.c b/net/wireless/mesh.c index b12da6ef3c12..e91a5078615b 100644 --- a/net/wireless/mesh.c +++ b/net/wireless/mesh.c @@ -286,6 +286,7 @@ int __cfg80211_leave_mesh(struct cfg80211_registered_device *rdev, err = rdev_leave_mesh(rdev, dev); if (!err) { + wdev->conn_owner_nlportid = 0; wdev->mesh_id_len = 0; wdev->beacon_interval = 0; memset(&wdev->chandef, 0, sizeof(wdev->chandef)); diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 2f630ee3240b..05b903958894 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -10153,7 +10153,15 @@ static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) setup.userspace_handles_dfs = nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); - return cfg80211_join_mesh(rdev, dev, &setup, &cfg); + err = cfg80211_join_mesh(rdev, dev, &setup, &cfg); + + if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) { + wdev_lock(dev->ieee80211_ptr); + dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; + wdev_unlock(dev->ieee80211_ptr); + } + + return err; } static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) -- 2.13.5
[RFC v6 00/11] EAPoL over NL80211
This patchset adds support for running 802.11 authentication mechanisms (e.g. 802.1X, 4-Way Handshake, etc) over NL80211 instead of putting them onto the network device. This has the advantage of fixing several long-standing race conditions that result from userspace operating on multiple transports in order to manage a 802.11 connection (e.g. NL80211 and wireless netdev, wlan0, etc). For example, userspace would sometimes see 4-Way handshake packets before NL80211 signaled that the connection has been established. Leading to ugly hacks or having the STA wait for retransmissions from the AP. This also provides a way to mitigate a particularly nasty race condition where the encryption key could be set prior to the 4-way handshake packet 4/4 being sent. This would result in the packet being sent encrypted and discarded by the peer. The mitigation strategy for this race is for userspace to explicitly tell the kernel that a particular EAPoL packet should not be encrypted. To make this possible this patchset introduces a new NL80211 command and several new attributes. A userspace that is capable of processing EAPoL packets over NL80211 includes a new NL80211_ATTR_CONTROL_PORT_OVER_NL80211 attribute in its NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT requests being sent to the kernel. The previously added NL80211_ATTR_SOCKET_OWNER attribute must also be included. The latter is used by the kernel to send NL80211_CMD_CONTROL_PORT_FRAME notifications back to userspace via a netlink unicast. If the NL80211_ATTR_CONTROL_PORT_OVER_NL80211 attribute is not specified, then legacy behavior is kept and control port packets continue to flow over the network interface. If control port over nl80211 transport is requested, then control port packets are intercepted just prior to being handed to the network device and sent over netlink via the NL80211_CMD_CONTROL_PORT_FRAME notification. NL80211_ATTR_CONTROL_PORT_ETHERTYPE and NL80211_ATTR_MAC are included to specify the control port frame protocol and source address respectively. If the control port frame was received unencrypted then NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT flag is also included. NL80211_ATTR_FRAME attribute contains the raw control port frame with all transport layer headers stripped (e.g. this would be the raw EAPoL frame). Userspace can reply to control port frames either via legacy methods (by sending frames to the network device) or via NL80211_CMD_CONTROL_PORT_FRAME request. Userspace would included NL80211_ATTR_FRAME with the raw control port frame as well as NL80211_Attr_MAC and NL80211_ATTR_CONTROL_PORT_ETHERTYPE attributes to specify the destination address and protocol respectively. This allows Pre-Authentication (protocol 0x88c7) frames to be sent via this mechanism as well. Finally, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT flag can be included to tell the driver to send the frame unencrypted, e.g. for 4-Way handshake 4/4 frames. The proposed patchset has been tested in a mac80211_hwsim based environment with hostapd and iwd. ChangeLog v6 - Dropped AP_VLAN from supported interface types in patch 2 per mailing list discussion with Johannes - Added GENL_SET_ERR_MSG where appropriate - Added control_port_over_nl80211 parameter to ibss_params and mesh_config - Last patch updated to set sdata->control_port_over_nl80211 for ibss and mesh v5 - Johannes' main comment was that we're not handling interface types other than STATION inside tx_control_port (patch 2). This patch was modified to support all interface types that seemed relevant. - Since tx_control_port relies on wdev->conn_owner_nlportid being set, SOCKET_OWNER support was added to JOIN_IBSS, JOIN_MESH and START_AP - SOCKET_OWNER auto-destruction logic was updated to support interface types other than STATION/P2P_CLIENT - Last patch was modified to support control_port_over_nl80211 for mac80211 based AP mode. It also copies necessary bits for AP_VLAN interfaces. This version has been tested on both STATION and AP mode interfaces with SOCKET_OWNER & CONTROL_PORT_OVER_NL80211 attributes provided to CMD_CONNECT and CMD_START_AP. TODO: - It is unclear to me how AP_VLAN and AP interfaces should synchronize on conn_owner_nlportid. This is required for tx_control_port to work. - JOIN_IBSS & JOIN_MESH don't seem to support control_port_ethertype or control_port_no_encrypt. Should struct cfg80211_crypto_settings parsed inside nl80211_crypto_settings be added to ibss_params or mesh_config/mesh_setup? v4 - Reordered the patches to make sure that: when CONTROL_PORT_OVER_NL80211 is provided by userspace, nl80211 checks that both EXT_FEATURE bit is set and the tx_control_port is present in rdev ops. - Fixed up various issues Johannes found in his review v3 - Added ETH_P_PREAUTH to if_ether.h - Moved NL80211 feature bit from wiphy features to ext features - Addressed various comments from Johannes v2 - Added WIPHY_FLAG_CONTROL_PORT_OVER_NL80211 flag. This is a capability flag used by
[PATCH] staging: wilc1000: replace kmalloc + memcpy with kmemdup
From: Colin Ian King Replace several allocation and memcpys with kmemdup and add in some missing memory allocation failure checks. Also fix an incorrect -EFAULT return with -ENOMEM. Signed-off-by: Colin Ian King --- drivers/staging/wilc1000/host_interface.c | 75 +++ 1 file changed, 46 insertions(+), 29 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index 9b9b86654958..8fd367f87fa5 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -797,6 +797,10 @@ static s32 handle_scan(struct wilc_vif *vif, struct scan_attr *scan_info) for (i = 0; i < hidden_net->n_ssids; i++) valuesize += ((hidden_net->net_info[i].ssid_len) + 1); hdn_ntwk_wid_val = kmalloc(valuesize + 1, GFP_KERNEL); + if (!hdn_ntwk_wid_val) { + result = -ENOMEM; + goto error; + } wid_list[index].val = hdn_ntwk_wid_val; if (wid_list[index].val) { buffer = wid_list[index].val; @@ -943,39 +947,35 @@ static s32 handle_connect(struct wilc_vif *vif, } if (conn_attr->bssid) { - hif_drv->usr_conn_req.bssid = kmalloc(6, GFP_KERNEL); + hif_drv->usr_conn_req.bssid = kmemdup(conn_attr->bssid, 6, + GFP_KERNEL); if (!hif_drv->usr_conn_req.bssid) { result = -ENOMEM; goto error; } - memcpy(hif_drv->usr_conn_req.bssid, conn_attr->bssid, 6); } hif_drv->usr_conn_req.ssid_len = conn_attr->ssid_len; if (conn_attr->ssid) { - hif_drv->usr_conn_req.ssid = kmalloc(conn_attr->ssid_len + 1, + hif_drv->usr_conn_req.ssid = kmemdup(conn_attr->ssid, +conn_attr->ssid_len + 1, GFP_KERNEL); if (!hif_drv->usr_conn_req.ssid) { result = -ENOMEM; goto error; } - memcpy(hif_drv->usr_conn_req.ssid, - conn_attr->ssid, - conn_attr->ssid_len); hif_drv->usr_conn_req.ssid[conn_attr->ssid_len] = '\0'; } hif_drv->usr_conn_req.ies_len = conn_attr->ies_len; if (conn_attr->ies) { - hif_drv->usr_conn_req.ies = kmalloc(conn_attr->ies_len, + hif_drv->usr_conn_req.ies = kmemdup(conn_attr->ies, + conn_attr->ies_len, GFP_KERNEL); if (!hif_drv->usr_conn_req.ies) { result = -ENOMEM; goto error; } - memcpy(hif_drv->usr_conn_req.ies, - conn_attr->ies, - conn_attr->ies_len); } hif_drv->usr_conn_req.security = conn_attr->security; @@ -1009,9 +1009,12 @@ static s32 handle_connect(struct wilc_vif *vif, if (memcmp("DIRECT-", conn_attr->ssid, 7)) { info_element_size = hif_drv->usr_conn_req.ies_len; - info_element = kmalloc(info_element_size, GFP_KERNEL); - memcpy(info_element, hif_drv->usr_conn_req.ies, - info_element_size); + info_element = kmemdup(hif_drv->usr_conn_req.ies, + info_element_size, GFP_KERNEL); + if (!info_element) { + result = -ENOMEM; + goto error; + } } wid_list[wid_cnt].id = (u16)WID_11I_MODE; wid_list[wid_cnt].type = WID_CHAR; @@ -1039,9 +1042,13 @@ static s32 handle_connect(struct wilc_vif *vif, if (memcmp("DIRECT-", conn_attr->ssid, 7)) { join_req_size = wid_list[wid_cnt].size; join_req = kmalloc(join_req_size, GFP_KERNEL); + if (!join_req) { + result = -ENOMEM; + goto error; + } } if (!wid_list[wid_cnt].val) { - result = -EFAULT; + result = -ENOMEM; goto error; } @@ -1166,11 +1173,13 @@ static s32 handle_connect(struct wilc_vif *vif, if (conn_attr->ies) { conn_info.req_ies_len = conn_attr->ies_len; - conn_info.req_ies = kmalloc(conn_attr->ies_len, + conn_info.req_ies = kmemdup(conn_attr->ies, + conn_attr->ies_len, GFP_KERNEL); - memcpy(conn_info.req_ies, -
[RFC v6 02/11] nl80211: Implement TX of control port frames
This commit implements the TX side of NL80211_CMD_CONTROL_PORT_FRAME. Userspace provides the raw EAPoL frame using NL80211_ATTR_FRAME. Userspace should also provide the destination address and the protocol type to use when sending the frame. This is used to implement TX of Pre-authentication frames. If CONTROL_PORT_ETHERTYPE_NO_ENCRYPT is specified, then the driver will be asked not to encrypt the outgoing frame. A new EXT_FEATURE flag is introduced so that nl80211 code can check whether a given wiphy has capability to pass EAPoL frames over NL80211. Signed-off-by: Denis Kenzior --- include/net/cfg80211.h | 9 ++ include/uapi/linux/nl80211.h | 3 ++ net/wireless/nl80211.c | 71 +++- net/wireless/rdev-ops.h | 15 ++ net/wireless/trace.h | 26 5 files changed, 123 insertions(+), 1 deletion(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 6dee630ee66d..76b6783f35f6 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -2960,6 +2960,9 @@ struct cfg80211_external_auth_params { * * @external_auth: indicates result of offloaded authentication processing from * user space + * + * @tx_control_port: TX a control port frame (EAPoL). The noencrypt parameter + * tells the driver that the frame should not be encrypted. */ struct cfg80211_ops { int (*suspend)(struct wiphy *wiphy, struct cfg80211_wowlan *wow); @@ -3255,6 +3258,12 @@ struct cfg80211_ops { const u8 *aa); int (*external_auth)(struct wiphy *wiphy, struct net_device *dev, struct cfg80211_external_auth_params *params); + + int (*tx_control_port)(struct wiphy *wiphy, + struct net_device *dev, + const u8 *buf, size_t len, + const u8 *dest, const __be16 proto, + const bool noencrypt); }; /* diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index 1334f810f7b4..77675ae3e475 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -5012,6 +5012,8 @@ enum nl80211_feature_flags { * @NL80211_EXT_FEATURE_LOW_SPAN_SCAN: Driver supports low span scan. * @NL80211_EXT_FEATURE_LOW_POWER_SCAN: Driver supports low power scan. * @NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN: Driver supports high accuracy scan. + * @NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211: Driver supports sending and + * receiving control port frames over NL80211 instead of the netdevice. * * @NUM_NL80211_EXT_FEATURES: number of extended features. * @MAX_NL80211_EXT_FEATURES: highest extended feature index. @@ -5042,6 +5044,7 @@ enum nl80211_ext_feature_index { NL80211_EXT_FEATURE_LOW_SPAN_SCAN, NL80211_EXT_FEATURE_LOW_POWER_SCAN, NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN, + NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211, /* add new features before the definition below */ NUM_NL80211_EXT_FEATURES, diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index d7dcc2d05025..aadc1f090b65 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -12517,6 +12517,68 @@ static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info) return rdev_external_auth(rdev, dev, ¶ms); } +static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info) +{ + struct cfg80211_registered_device *rdev = info->user_ptr[0]; + struct net_device *dev = info->user_ptr[1]; + struct wireless_dev *wdev = dev->ieee80211_ptr; + const u8 *buf; + size_t len; + u8 *dest; + u16 proto; + bool noencrypt; + int err; + + if (!wiphy_ext_feature_isset(&rdev->wiphy, + NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) + return -EOPNOTSUPP; + + if (!rdev->ops->tx_control_port) + return -EOPNOTSUPP; + + if (!info->attrs[NL80211_ATTR_FRAME] || + !info->attrs[NL80211_ATTR_MAC] || + !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { + GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing"); + return -EINVAL; + } + + wdev_lock(wdev); + + switch (wdev->iftype) { + case NL80211_IFTYPE_AP: + case NL80211_IFTYPE_P2P_GO: + case NL80211_IFTYPE_MESH_POINT: + break; + case NL80211_IFTYPE_ADHOC: + case NL80211_IFTYPE_STATION: + case NL80211_IFTYPE_P2P_CLIENT: + if (wdev->current_bss) + break; + err = -ENOTCONN; + goto out; + default: + err = -EOPNOTSUPP; + goto out; + } + + wdev_unlock(wdev); + + buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); + len = nla_len(info-
[RFC v6 11/11] mac80211: Send control port frames over nl80211
If userspace requested control port frames to go over 80211, then do so. The control packets are intercepted just prior to delivery of the packet to the underlying network device. Pre-authentication type frames (protocol: 0x88c7) are also forwarded over nl80211. Signed-off-by: Denis Kenzior --- net/mac80211/cfg.c | 6 ++ net/mac80211/ibss.c| 1 + net/mac80211/ieee80211_i.h | 1 + net/mac80211/iface.c | 2 ++ net/mac80211/main.c| 2 ++ net/mac80211/mlme.c| 2 ++ net/mac80211/rx.c | 33 - 7 files changed, 42 insertions(+), 5 deletions(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 9294acb495ee..49112378e503 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -925,6 +925,8 @@ static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev, */ sdata->control_port_protocol = params->crypto.control_port_ethertype; sdata->control_port_no_encrypt = params->crypto.control_port_no_encrypt; + sdata->control_port_over_nl80211 = + params->crypto.control_port_over_nl80211; sdata->encrypt_headroom = ieee80211_cs_headroom(sdata->local, ¶ms->crypto, sdata->vif.type); @@ -934,6 +936,8 @@ static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev, params->crypto.control_port_ethertype; vlan->control_port_no_encrypt = params->crypto.control_port_no_encrypt; + vlan->control_port_over_nl80211 = + params->crypto.control_port_over_nl80211; vlan->encrypt_headroom = ieee80211_cs_headroom(sdata->local, ¶ms->crypto, @@ -2019,6 +2023,8 @@ static int ieee80211_join_mesh(struct wiphy *wiphy, struct net_device *dev, if (err) return err; + sdata->control_port_over_nl80211 = setup.control_port_over_nl80211; + /* can mesh use other SMPS modes? */ sdata->smps_mode = IEEE80211_SMPS_OFF; sdata->needed_rx_chains = sdata->local->rx_chains; diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c index db07e0de9a03..05ddc9291ec5 100644 --- a/net/mac80211/ibss.c +++ b/net/mac80211/ibss.c @@ -1844,6 +1844,7 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata, sdata->smps_mode = IEEE80211_SMPS_OFF; sdata->needed_rx_chains = local->rx_chains; + sdata->control_port_over_nl80211 = params->control_port_over_nl80211; ieee80211_queue_work(&local->hw, &sdata->work); diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index a52bd2a61a27..00dbc6a1b79d 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -899,6 +899,7 @@ struct ieee80211_sub_if_data { u16 sequence_number; __be16 control_port_protocol; bool control_port_no_encrypt; + bool control_port_over_nl80211; int encrypt_headroom; atomic_t num_tx_queued; diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index d13ba064951f..555e389b7dfa 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -519,6 +519,8 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) master->control_port_protocol; sdata->control_port_no_encrypt = master->control_port_no_encrypt; + sdata->control_port_over_nl80211 = + master->control_port_over_nl80211; sdata->vif.cab_queue = master->vif.cab_queue; memcpy(sdata->vif.hw_queue, master->vif.hw_queue, sizeof(sdata->vif.hw_queue)); diff --git a/net/mac80211/main.c b/net/mac80211/main.c index 0785d04a80bc..e5a51267c75d 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -554,6 +554,8 @@ struct ieee80211_hw *ieee80211_alloc_hw_nm(size_t priv_data_len, NL80211_FEATURE_USERSPACE_MPM | NL80211_FEATURE_FULL_AP_CLIENT_STATE; wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_FILS_STA); + wiphy_ext_feature_set(wiphy, + NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211); if (!ops->hw_scan) wiphy->features |= NL80211_FEATURE_LOW_PRIORITY_SCAN | diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 0024eff9bb84..b3665b857883 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -4844,6 +4844,8 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, sdata->control_port_protocol = req->crypto.control_port_ethertype; sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; + sdata->control_port_over_nl80211 = +
[RFC v6 09/11] nl80211: Add control_port_over_nl80211 to mesh_setup
Signed-off-by: Denis Kenzior --- include/net/cfg80211.h | 3 +++ net/wireless/nl80211.c | 9 + 2 files changed, 12 insertions(+) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 2a28f446648e..bdb1a3c2661e 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -1453,6 +1453,8 @@ struct mesh_config { * @userspace_handles_dfs: whether user space controls DFS operation, i.e. * changes the channel when a radar is detected. This is required * to operate on DFS channels. + * @control_port_over_nl80211: TRUE if userspace expects to exchange control + * port frames over NL80211 instead of the network interface. * * These parameters are fixed when the mesh is created. */ @@ -1475,6 +1477,7 @@ struct mesh_setup { u32 basic_rates; struct cfg80211_bitrate_mask beacon_rate; bool userspace_handles_dfs; + bool control_port_over_nl80211; }; /** diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 774f5d6ba8e4..3947ec7bc3a0 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -10166,6 +10166,15 @@ static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) setup.userspace_handles_dfs = nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); + if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { + int r = validate_pae_over_nl80211(rdev, info); + + if (r < 0) + return r; + + setup.control_port_over_nl80211 = true; + } + err = cfg80211_join_mesh(rdev, dev, &setup, &cfg); if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) { -- 2.13.5
[RFC v6 03/11] nl80211: Add CONTROL_PORT_OVER_NL80211 attribute
Signed-off-by: Denis Kenzior --- include/net/cfg80211.h | 3 +++ include/uapi/linux/nl80211.h | 14 +- net/wireless/nl80211.c | 26 ++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 76b6783f35f6..2e7f30c66913 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -646,6 +646,8 @@ struct survey_info { * allowed through even on unauthorized ports * @control_port_no_encrypt: TRUE to prevent encryption of control port * protocol frames. + * @control_port_over_nl80211: TRUE if userspace expects to exchange control + * port frames over NL80211 instead of the network interface. * @wep_keys: static WEP keys, if not NULL points to an array of * CFG80211_MAX_WEP_KEYS WEP keys * @wep_tx_key: key index (0..3) of the default TX static WEP key @@ -661,6 +663,7 @@ struct cfg80211_crypto_settings { bool control_port; __be16 control_port_ethertype; bool control_port_no_encrypt; + bool control_port_over_nl80211; struct key_params *wep_keys; int wep_tx_key; const u8 *psk; diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index 77675ae3e475..1cdac3d732c1 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -542,7 +542,8 @@ * IEs in %NL80211_ATTR_IE, %NL80211_ATTR_AUTH_TYPE, %NL80211_ATTR_USE_MFP, * %NL80211_ATTR_MAC, %NL80211_ATTR_WIPHY_FREQ, %NL80211_ATTR_CONTROL_PORT, * %NL80211_ATTR_CONTROL_PORT_ETHERTYPE, - * %NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT, %NL80211_ATTR_MAC_HINT, and + * %NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT, + * %NL80211_ATTR_CONTROL_PORT_OVER_NL80211, %NL80211_ATTR_MAC_HINT, and * %NL80211_ATTR_WIPHY_FREQ_HINT. * If included, %NL80211_ATTR_MAC and %NL80211_ATTR_WIPHY_FREQ are * restrictions on BSS selection, i.e., they effectively prevent roaming @@ -1488,6 +1489,15 @@ enum nl80211_commands { * @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT: When included along with * %NL80211_ATTR_CONTROL_PORT_ETHERTYPE, indicates that the custom * ethertype frames used for key negotiation must not be encrypted. + * @NL80211_ATTR_CONTROL_PORT_OVER_NL80211: A flag indicating whether control + * port frames (e.g. of type given in %NL80211_ATTR_CONTROL_PORT_ETHERTYPE) + * will be sent directly to the network interface or sent via the NL80211 + * socket. If this attribute is missing, then legacy behavior of sending + * control port frames directly to the network interface is used. If the + * flag is included, then control port frames are sent over NL80211 instead + * using %CMD_CONTROL_PORT_FRAME. If control port routing over NL80211 is + * to be used then userspace must also use the %NL80211_ATTR_SOCKET_OWNER + * flag. * * @NL80211_ATTR_TESTDATA: Testmode data blob, passed through to the driver. * We recommend using nested, driver-specific attributes within this. @@ -2641,6 +2651,8 @@ enum nl80211_attrs { NL80211_ATTR_NSS, NL80211_ATTR_ACK_SIGNAL, + NL80211_ATTR_CONTROL_PORT_OVER_NL80211, + /* add attributes here, update the policy in nl80211.c */ __NL80211_ATTR_AFTER_LAST, diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index aadc1f090b65..234f6a41aa03 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -287,6 +287,7 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, + [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG }, [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, @@ -8204,6 +8205,22 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) return err; } +static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev, +struct genl_info *info) +{ + if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) { + GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set"); + return -EINVAL; + } + + if (!rdev->ops->tx_control_port || + !wiphy_ext_feature_isset(&rdev->wiphy, + NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) + return -EOPNOTSUPP; + + return 0; +} + static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, struct genl_info *info, struct cfg80211_crypto_settings *settings, @@ -8227,6 +8244,15 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
[RFC v6 07/11] nl80211: Add SOCKET_OWNER support to START_AP
Signed-off-by: Denis Kenzior --- include/uapi/linux/nl80211.h | 2 ++ net/wireless/ap.c| 1 + net/wireless/nl80211.c | 4 3 files changed, 7 insertions(+) diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index e3329bc4644b..9b4fd4bca141 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -1989,6 +1989,8 @@ enum nl80211_commands { * torn down when the socket is closed. * If set during %NL80211_CMD_JOIN_MESH the mesh setup will be * automatically torn down when the socket is closed. + * If set during %NL80211_CMD_START_AP the AP will be automatically + * disabled when the socket is closed. * * @NL80211_ATTR_TDLS_INITIATOR: flag attribute indicating the current end is * the TDLS link initiator. diff --git a/net/wireless/ap.c b/net/wireless/ap.c index 63682176c96c..882d97bdc6bf 100644 --- a/net/wireless/ap.c +++ b/net/wireless/ap.c @@ -27,6 +27,7 @@ int __cfg80211_stop_ap(struct cfg80211_registered_device *rdev, err = rdev_stop_ap(rdev, dev); if (!err) { + wdev->conn_owner_nlportid = 0; wdev->beacon_interval = 0; memset(&wdev->chandef, 0, sizeof(wdev->chandef)); wdev->ssid_len = 0; diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 05b903958894..34e8435f0c43 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -4135,6 +4135,10 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) wdev->chandef = params.chandef; wdev->ssid_len = params.ssid_len; memcpy(wdev->ssid, params.ssid, wdev->ssid_len); + + if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) + wdev->conn_owner_nlportid = info->snd_portid; + } wdev_unlock(wdev); -- 2.13.5
[RFC v6 04/11] cfg80211: Support all iftypes in autodisconnect_wk
Currently autodisconnect_wk assumes that only interface types of P2P_CLIENT and STATION use conn_owner_nlportid. Change this so all interface types are supported. Signed-off-by: Denis Kenzior --- net/wireless/sme.c | 43 --- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 701cfd7acc1b..5df6b33db786 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -1239,17 +1239,38 @@ void cfg80211_autodisconnect_wk(struct work_struct *work) wdev_lock(wdev); if (wdev->conn_owner_nlportid) { - /* -* Use disconnect_bssid if still connecting and ops->disconnect -* not implemented. Otherwise we can use cfg80211_disconnect. -*/ - if (rdev->ops->disconnect || wdev->current_bss) - cfg80211_disconnect(rdev, wdev->netdev, - WLAN_REASON_DEAUTH_LEAVING, true); - else - cfg80211_mlme_deauth(rdev, wdev->netdev, -wdev->disconnect_bssid, NULL, 0, -WLAN_REASON_DEAUTH_LEAVING, false); + switch (wdev->iftype) { + case NL80211_IFTYPE_ADHOC: + cfg80211_leave_ibss(rdev, wdev->netdev, false); + break; + case NL80211_IFTYPE_AP: + case NL80211_IFTYPE_P2P_GO: + cfg80211_stop_ap(rdev, wdev->netdev, false); + break; + case NL80211_IFTYPE_MESH_POINT: + cfg80211_leave_mesh(rdev, wdev->netdev); + break; + case NL80211_IFTYPE_STATION: + case NL80211_IFTYPE_P2P_CLIENT: + /* +* Use disconnect_bssid if still connecting and +* ops->disconnect not implemented. Otherwise we can +* use cfg80211_disconnect. +*/ + if (rdev->ops->disconnect || wdev->current_bss) + cfg80211_disconnect(rdev, wdev->netdev, + WLAN_REASON_DEAUTH_LEAVING, + true); + else + cfg80211_mlme_deauth(rdev, wdev->netdev, +wdev->disconnect_bssid, +NULL, 0, +WLAN_REASON_DEAUTH_LEAVING, +false); + break; + default: + break; + } } wdev_unlock(wdev); -- 2.13.5
[RFC v6 05/11] nl80211: Add SOCKET_OWNER support to JOIN_IBSS
Signed-off-by: Denis Kenzior --- include/uapi/linux/nl80211.h | 2 ++ net/wireless/ibss.c | 1 + net/wireless/nl80211.c | 6 ++ 3 files changed, 9 insertions(+) diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index 1cdac3d732c1..877fab2836ec 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -1985,6 +1985,8 @@ enum nl80211_commands { * multicast group. * If set during %NL80211_CMD_ASSOCIATE or %NL80211_CMD_CONNECT the * station will deauthenticate when the socket is closed. + * If set during %NL80211_CMD_JOIN_IBSS the IBSS will be automatically + * torn down when the socket is closed. * * @NL80211_ATTR_TDLS_INITIATOR: flag attribute indicating the current end is * the TDLS link initiator. diff --git a/net/wireless/ibss.c b/net/wireless/ibss.c index a1d10993d08a..d5d26fc5b853 100644 --- a/net/wireless/ibss.c +++ b/net/wireless/ibss.c @@ -224,6 +224,7 @@ int __cfg80211_leave_ibss(struct cfg80211_registered_device *rdev, if (err) return err; + wdev->conn_owner_nlportid = 0; __cfg80211_clear_ibss(dev, nowext); return 0; diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 234f6a41aa03..2f630ee3240b 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -8704,6 +8704,12 @@ static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); if (err) kzfree(connkeys); + else if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) { + wdev_lock(dev->ieee80211_ptr); + dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; + wdev_unlock(dev->ieee80211_ptr); + } + return err; } -- 2.13.5
[RFC v6 10/11] mac80211: Add support for tx_control_port
Signed-off-by: Denis Kenzior --- net/mac80211/cfg.c | 1 + net/mac80211/ieee80211_i.h | 3 +++ net/mac80211/tx.c | 46 ++ 3 files changed, 50 insertions(+) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index fd68f6fb02d7..9294acb495ee 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -3786,4 +3786,5 @@ const struct cfg80211_ops mac80211_config_ops = { .add_nan_func = ieee80211_add_nan_func, .del_nan_func = ieee80211_del_nan_func, .set_multicast_to_unicast = ieee80211_set_multicast_to_unicast, + .tx_control_port = ieee80211_tx_control_port, }; diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index ae9c33cd8ada..a52bd2a61a27 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -1734,6 +1734,9 @@ void ieee80211_check_fast_xmit(struct sta_info *sta); void ieee80211_check_fast_xmit_all(struct ieee80211_local *local); void ieee80211_check_fast_xmit_iface(struct ieee80211_sub_if_data *sdata); void ieee80211_clear_fast_xmit(struct sta_info *sta); +int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev, + const u8 *buf, size_t len, + const u8 *dest, __be16 proto, bool unencrypted); /* HT */ void ieee80211_apply_htcap_overrides(struct ieee80211_sub_if_data *sdata, diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 7643178ef132..6ae8fe121500 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -4749,3 +4749,49 @@ void __ieee80211_tx_skb_tid_band(struct ieee80211_sub_if_data *sdata, ieee80211_xmit(sdata, NULL, skb); local_bh_enable(); } + +int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev, + const u8 *buf, size_t len, + const u8 *dest, __be16 proto, bool unencrypted) +{ + struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); + struct ieee80211_local *local = sdata->local; + struct sk_buff *skb; + struct ethhdr *ehdr; + u32 flags; + + /* Only accept CONTROL_PORT_PROTOCOL configured in CONNECT/ASSOCIATE +* or Pre-Authentication +*/ + if (proto != sdata->control_port_protocol && + proto != cpu_to_be16(ETH_P_PREAUTH)) + return -EINVAL; + + if (unencrypted) + flags = IEEE80211_TX_INTFL_DONT_ENCRYPT; + else + flags = 0; + + skb = dev_alloc_skb(local->hw.extra_tx_headroom + + sizeof(struct ethhdr) + len); + if (!skb) + return -ENOMEM; + + skb_reserve(skb, local->hw.extra_tx_headroom + sizeof(struct ethhdr)); + + skb_put_data(skb, buf, len); + + ehdr = skb_push(skb, sizeof(struct ethhdr)); + memcpy(ehdr->h_dest, dest, ETH_ALEN); + memcpy(ehdr->h_source, sdata->vif.addr, ETH_ALEN); + ehdr->h_proto = proto; + + skb->dev = dev; + skb->protocol = htons(ETH_P_802_3); + skb_reset_network_header(skb); + skb_reset_mac_header(skb); + + __ieee80211_subif_start_xmit(skb, skb->dev, flags); + + return 0; +} -- 2.13.5
[RFC v6 08/11] nl80211: Add control_port_over_nl80211 for ibss
Signed-off-by: Denis Kenzior --- include/net/cfg80211.h | 3 +++ net/wireless/nl80211.c | 9 + 2 files changed, 12 insertions(+) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 2e7f30c66913..2a28f446648e 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -2033,6 +2033,8 @@ struct cfg80211_disassoc_request { * sets/clears %NL80211_STA_FLAG_AUTHORIZED. If true, the driver is * required to assume that the port is unauthorized until authorized by * user space. Otherwise, port is marked authorized by default. + * @control_port_over_nl80211: TRUE if userspace expects to exchange control + * port frames over NL80211 instead of the network interface. * @userspace_handles_dfs: whether user space controls DFS operation, i.e. * changes the channel when a radar is detected. This is required * to operate on DFS channels. @@ -2056,6 +2058,7 @@ struct cfg80211_ibss_params { bool channel_fixed; bool privacy; bool control_port; + bool control_port_over_nl80211; bool userspace_handles_dfs; int mcast_rate[NUM_NL80211_BANDS]; struct ieee80211_ht_cap ht_capa; diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 34e8435f0c43..774f5d6ba8e4 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -8702,6 +8702,15 @@ static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) ibss.control_port = nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); + if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { + int r = validate_pae_over_nl80211(rdev, info); + + if (r < 0) + return r; + + ibss.control_port_over_nl80211 = true; + } + ibss.userspace_handles_dfs = nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); -- 2.13.5
[RFC v6 01/11] nl80211: Add CMD_CONTROL_PORT_FRAME API
This commit also adds cfg80211_rx_control_port function. This is used to generate a CMD_CONTROL_PORT_FRAME event out to userspace. The conn_owner_nlportid is used as the unicast destination. This means that userspace must specify NL80211_ATTR_SOCKET_OWNER flag if control port over nl80211 routing is requested in NL80211_CMD_CONNECT, NL80211_CMD_ASSOCIATE or NL80211_CMD_START_AP Signed-off-by: Denis Kenzior --- include/net/cfg80211.h | 22 + include/uapi/linux/nl80211.h | 13 ++ net/wireless/nl80211.c | 58 net/wireless/trace.h | 21 4 files changed, 114 insertions(+) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index fc40843baed3..6dee630ee66d 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -5694,6 +5694,28 @@ void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie, /** + * cfg80211_rx_control_port - notification about a received control port frame + * @dev: The device the frame matched to + * @buf: control port frame + * @len: length of the frame data + * @addr: The peer from which the frame was received + * @proto: frame protocol, typically PAE or Pre-authentication + * @unencrypted: Whether the frame was received unencrypted + * + * This function is used to inform userspace about a received control port + * frame. It should only be used if userspace indicated it wants to receive + * control port frames over NL80211. + * + * The frame is the data portion of the 802.3 or 802.11 data frame with all + * network layer headers removed (e.g. the raw EAPoL frame). + * + * Return: %true if the frame was passed to userspace + */ +bool cfg80211_rx_control_port(struct net_device *dev, + const u8 *buf, size_t len, + const u8 *addr, u16 proto, bool unencrypted); + +/** * cfg80211_cqm_rssi_notify - connection quality monitoring rssi event * @dev: network device * @rssi_event: the triggered RSSI event diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index c13c84304be3..1334f810f7b4 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -990,6 +990,17 @@ * &NL80211_CMD_CONNECT or &NL80211_CMD_ROAM. If the 4 way handshake failed * &NL80211_CMD_DISCONNECT should be indicated instead. * + * @NL80211_CMD_CONTROL_PORT_FRAME: Control Port (e.g. PAE) frame TX request + * and RX notification. This command is used both as a request to transmit + * a control port frame and as a notification that a control port frame + * has been received. %NL80211_ATTR_FRAME is used to specify the + * frame contents. The frame is the raw EAPoL data, without ethernet or + * 802.11 headers. + * When used as an event indication %NL80211_ATTR_CONTROL_PORT_ETHERTYPE, + * %NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT and %NL80211_ATTR_MAC are added + * indicating the protocol type of the received frame; whether the frame + * was received unencrypted and the MAC address of the peer respectively. + * * @NL80211_CMD_RELOAD_REGDB: Request that the regdb firmware file is reloaded. * * @NL80211_CMD_EXTERNAL_AUTH: This interface is exclusively defined for host @@ -1228,6 +1239,8 @@ enum nl80211_commands { NL80211_CMD_STA_OPMODE_CHANGED, + NL80211_CMD_CONTROL_PORT_FRAME, + /* add new commands above here */ /* used to define NL80211_CMD_MAX below */ diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index a910150f8169..d7dcc2d05025 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -14535,6 +14535,64 @@ void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie, } EXPORT_SYMBOL(cfg80211_mgmt_tx_status); +static int __nl80211_rx_control_port(struct net_device *dev, +const u8 *buf, size_t len, +const u8 *addr, u16 proto, +bool unencrypted, gfp_t gfp) +{ + struct wireless_dev *wdev = dev->ieee80211_ptr; + struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); + struct sk_buff *msg; + void *hdr; + u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid); + + if (!nlportid) + return -ENOENT; + + msg = nlmsg_new(100 + len, gfp); + if (!msg) + return -ENOMEM; + + hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME); + if (!hdr) { + nlmsg_free(msg); + return -ENOMEM; + } + + if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || + nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || + nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), + NL80211_ATTR_PAD) || + nla_put(msg, NL80211_ATTR_FRAME, len, buf) || + nla_put(msg, NL80211_ATTR_MAC,
Re: [PATCH] staging: wilc1000: check for kmalloc allocation failures
On 26/03/18 16:35, Ajay Singh wrote: > Thanks for submitting the patch. > > On Wed, 21 Mar 2018 13:03:18 -0700 > Joe Perches wrote: > >> On Wed, 2018-03-21 at 19:19 +, Colin King wrote: >>> From: Colin Ian King >>> >>> There are three kmalloc allocations that are not null checked which >>> potentially could lead to null pointer dereference issues. Fix this >>> by adding null pointer return checks. >> >> looks like all of these should be kmemdup or kstrdup >> >>> >>> @@ -951,6 +955,10 @@ static s32 handle_connect(struct wilc_vif *vif, >>> if (conn_attr->ssid) { >>> hif_drv->usr_conn_req.ssid = kmalloc(conn_attr->ssid_len + 1, >>> GFP_KERNEL); >>> + if (!hif_drv->usr_conn_req.ssid) { >>> + result = -ENOMEM; >>> + goto error; >>> + } >>> memcpy(hif_drv->usr_conn_req.ssid, >>>conn_attr->ssid, >>>conn_attr->ssid_len); > > With this changes the Coverity reported warning is handled correctly. > > For further improvement to the patch, as Joe Perches suggested, its better > to make use of kmemdup instead of kmalloc & memcpy. As kstrdup requires the > source string to be NULL terminated('\0') and conn_attr->ssid might not > contains the '\0' terminated string. So kmemdup with length of > 'conn_attr->ssid_len' can be used instead. > > Please include the changes by using kmemdup() for all kmalloc/memcpy in > this patch. The original has been included into Greg's staging repo, so I'll send a send patch that addresses the kmemdup. Colin > > > > Regards, > Ajay >
Re: [PATCH 3/4] net: Use octal not symbolic permissions
Applied.
Re: [PATCHv2] ath10k: fix kernel panic while reading tpc_stats
Tamizh chelvam writes: > When attempt to read tpc_stats for the chipsets which support > more than 3 tx chain will trigger kernel panic(kernel stack is corrupted) > due to writing values on rate_code array out of range. > This patch changes the array size depends on the WMI_TPC_TX_N_CHAIN and > added check to avoid write values on the array if the num tx chain > get in tpc config event is greater than WMI_TPC_TX_N_CHAIN. > > Tested on QCA9984 with firmware-5.bin_10.4-3.5.3-00057 > > Kernel panic log : > > [ 323.510944] Kernel panic - not syncing: stack-protector: Kernel stack is > corrupted in: bf90c654 > [ 323.510944] > [ 323.524390] CPU: 0 PID: 1908 Comm: cat Not tainted 3.14.77 #31 > [ 323.530224] [] (unwind_backtrace) from [] > (show_stack+0x10/0x14) > [ 323.537941] [] (show_stack) from [] > (dump_stack+0x80/0xa0) > [ 323.545146] [] (dump_stack) from [] (panic+0x84/0x1e4) > [ 323.552000] [] (panic) from [] > (__stack_chk_fail+0x10/0x14) > [ 323.559350] [] (__stack_chk_fail) from [] > (ath10k_wmi_event_pdev_tpc_config+0x424/0x438 [ath10k_core]) > [ 323.570471] [] (ath10k_wmi_event_pdev_tpc_config [ath10k_core]) > from [] (ath10k_wmi_10_4_op_rx+0x2f0/0x39c [ath10k_core]) > [ 323.583047] [] (ath10k_wmi_10_4_op_rx [ath10k_core]) from > [] (ath10k_htc_rx_completion_handler+0x170/0x1a0 [ath10k_core]) > [ 323.595702] [] (ath10k_htc_rx_completion_handler [ath10k_core]) > from [] (ath10k_pci_hif_send_complete_check+0x1f0/0x220 > [ath10k_pci]) > [ 323.609421] [] (ath10k_pci_hif_send_complete_check [ath10k_pci]) > from [] (ath10k_ce_per_engine_service+0x74/0xc4 [ath10k_pci]) > [ 323.622490] [] (ath10k_ce_per_engine_service [ath10k_pci]) from > [] (ath10k_ce_per_engine_service_any+0x74/0x80 [ath10k_pci]) > [ 323.635423] [] (ath10k_ce_per_engine_service_any [ath10k_pci]) > from [] (ath10k_pci_napi_poll+0x44/0xe8 [ath10k_pci]) > [ 323.647665] [] (ath10k_pci_napi_poll [ath10k_pci]) from > [] (net_rx_action+0xac/0x160) > [ 323.657208] [] (net_rx_action) from [] > (__do_softirq+0x104/0x294) > [ 323.665017] [] (__do_softirq) from [] > (irq_exit+0x9c/0x11c) > [ 323.672314] [] (irq_exit) from [] > (handle_IRQ+0x6c/0x90) > [ 323.679341] [] (handle_IRQ) from [] > (gic_handle_irq+0x3c/0x60) > [ 323.686893] [] (gic_handle_irq) from [] > (__irq_svc+0x40/0x70) > [ 323.694349] Exception stack(0xdd489c58 to 0xdd489ca0) > [ 323.699384] 9c40: > a013 > [ 323.707547] 9c60: dc4bce40 6013 ddc1d800 dd488000 0990 > c085c800 > [ 323.715707] 9c80: dd489d44 092d dd489ca0 c026e664 c026e668 > 6013 > [ 323.723877] [] (__irq_svc) from [] > (rcu_note_context_switch+0x170/0x184) > [ 323.732298] [] (rcu_note_context_switch) from [] > (__schedule+0x50/0x4d4) > [ 323.740716] [] (__schedule) from [] > (schedule_timeout+0x148/0x178) > [ 323.748611] [] (schedule_timeout) from [] > (wait_for_common+0x114/0x154) > [ 323.756972] [] (wait_for_common) from [] > (ath10k_tpc_stats_open+0xc8/0x340 [ath10k_core]) > [ 323.766873] [] (ath10k_tpc_stats_open [ath10k_core]) from > [] (do_dentry_open+0x1ac/0x274) > [ 323.776741] [] (do_dentry_open) from [] > (do_last+0x8c0/0xb08) > [ 323.784201] [] (do_last) from [] > (path_openat+0x210/0x598) > [ 323.791408] [] (path_openat) from [] > (do_filp_open+0x2c/0x78) > [ 323.798873] [] (do_filp_open) from [] > (do_sys_open+0x114/0x1b4) > [ 323.806509] [] (do_sys_open) from [] > (ret_fast_syscall+0x0/0x44) > [ 323.814241] CPU1: stopping > [ 323.816927] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 3.14.77 #31 > [ 323.823008] [] (unwind_backtrace) from [] > (show_stack+0x10/0x14) > [ 323.830731] [] (show_stack) from [] > (dump_stack+0x80/0xa0) > [ 323.837934] [] (dump_stack) from [] > (handle_IPI+0xb8/0x140) > [ 323.845224] [] (handle_IPI) from [] > (gic_handle_irq+0x58/0x60) > [ 323.852774] [] (gic_handle_irq) from [] > (__irq_svc+0x40/0x70) > [ 323.860233] Exception stack(0xdd499fa0 to 0xdd499fe8) > [ 323.865273] 9fa0: ffed 1d3c9000 dd498000 dd498030 > 10c0387d c08b62c8 > [ 323.873432] 9fc0: 4220406a 512f04d0 0001 dd499fe8 > c021838c c0218390 > [ 323.881588] 9fe0: 6013 > [ 323.885070] [] (__irq_svc) from [] > (arch_cpu_idle+0x30/0x50) > [ 323.892454] [] (arch_cpu_idle) from [] > (cpu_startup_entry+0xa4/0x108) > [ 323.900690] [] (cpu_startup_entry) from [<422085a4>] (0x422085a4) > > Signed-off-by: Tamizh chelvam In v1 kbuild reported this warning: drivers/net/wireless/ath/ath10k/wmi.c:4465:14: error: 'struct ath10k' has no member named 'debug' Did you fix it? > @@ -4455,6 +4461,8 @@ void ath10k_wmi_event_pdev_tpc_config(struct ath10k > *ar, struct sk_buff *skb) > __le32_to_cpu(ev->twice_max_rd_power) / 2, > __le32_to_cpu(ev->num_tx_chain), > __le32_to_cpu(ev->rate_max)); > +exit: > + complete(&ar->debug.t
Re: [PATCH] staging: wilc1000: check for kmalloc allocation failures
Thanks for submitting the patch. On Wed, 21 Mar 2018 13:03:18 -0700 Joe Perches wrote: > On Wed, 2018-03-21 at 19:19 +, Colin King wrote: > > From: Colin Ian King > > > > There are three kmalloc allocations that are not null checked which > > potentially could lead to null pointer dereference issues. Fix this > > by adding null pointer return checks. > > looks like all of these should be kmemdup or kstrdup > > > > > @@ -951,6 +955,10 @@ static s32 handle_connect(struct wilc_vif *vif, > > if (conn_attr->ssid) { > > hif_drv->usr_conn_req.ssid = kmalloc(conn_attr->ssid_len + 1, > > GFP_KERNEL); > > + if (!hif_drv->usr_conn_req.ssid) { > > + result = -ENOMEM; > > + goto error; > > + } > > memcpy(hif_drv->usr_conn_req.ssid, > >conn_attr->ssid, > >conn_attr->ssid_len); With this changes the Coverity reported warning is handled correctly. For further improvement to the patch, as Joe Perches suggested, its better to make use of kmemdup instead of kmalloc & memcpy. As kstrdup requires the source string to be NULL terminated('\0') and conn_attr->ssid might not contains the '\0' terminated string. So kmemdup with length of 'conn_attr->ssid_len' can be used instead. Please include the changes by using kmemdup() for all kmalloc/memcpy in this patch. Regards, Ajay
Re: wcn36xx: Check DXE IRQ reason
Ramon Fried wrote: > IRQ reason was not cheked for errors. > Although error handing is not currently supported, it > will be nice to output an error value to the log if the > DMA operation failed. > > Signed-off-by: Ramon Fried > Signed-off-by: Kalle Valo Patch applied to ath-next branch of ath.git, thanks. 6767b302e1c9 wcn36xx: Check DXE IRQ reason -- https://patchwork.kernel.org/patch/10274695/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Re: wcn36xx: calculate DXE default channel values
Ramon Fried wrote: > DXE channel defaults used hardcoded magic values. > Added bit definitions of the control register and > calculate this values in compilation for clarity. > > Signed-off-by: Ramon Fried > Signed-off-by: Kalle Valo Patch applied to ath-next branch of ath.git, thanks. e5d04670904f wcn36xx: calculate DXE default channel values -- https://patchwork.kernel.org/patch/10274693/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Re: wcn36xx: calculate DXE control registers values
Ramon Fried wrote: > DXE descriptor control registers used hardcoded magic values. Added bit > definitions of the control register and calculate this values in compilation > for clarity. No functional changes. > > Signed-off-by: Ramon Fried > Signed-off-by: Kalle Valo Patch applied to ath-next branch of ath.git, thanks. 6ced7958168f wcn36xx: calculate DXE control registers values -- https://patchwork.kernel.org/patch/10257759/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Re: ath9k: spelling s/premble/preamble/
Peter Große wrote: > Signed-off-by: Peter Große > Signed-off-by: Kalle Valo Patch applied to ath-next branch of ath.git, thanks. 1fb148f51e6c ath9k: spelling s/premble/preamble/ -- https://patchwork.kernel.org/patch/10262081/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Re: ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
Karthikeyan Periyasamy wrote: > When attempt to run worker (ath10k_sta_rc_update_wk) after the station object > (ieee80211_sta) delete will trigger the kernel panic. > > This problem arise in AP + Mesh configuration, Where the current node AP VAP > and neighbor node mesh VAP MAC address are same. When the current mesh node > try to establish the mesh link with neighbor node, driver peer creation for > the neighbor mesh node fails due to duplication MAC address. Already the AP > VAP created with same MAC address. > > It is caused by the following scenario steps. > > Steps: > 1. In above condition, ath10k driver sta_state callback (ath10k_sta_state) >fails to do the state change for a station from IEEE80211_STA_NOTEXIST >to IEEE80211_STA_NONE due to peer creation fails. Sta_state callback is >called from ieee80211_add_station() to handle the new station >(neighbor mesh node) request from the wpa_supplicant. > 2. Concurrently ath10k receive the sta_rc_update callback notification from >the mesh_neighbour_update() to handle the beacon frames of the above >neighbor mesh node. since its atomic callback, ath10k driver queue the >work (ath10k_sta_rc_update_wk) to handle rc update. > 3. Due to driver sta_state callback fails (step 1), mac80211 free the station >object. > 4. When the worker (ath10k_sta_rc_update_wk) scheduled to run, it will access >the station object which is already deleted. so it will trigger kernel >panic. > > Added the peer exist check in sta_rc_update callback before queue the work. > > Kernel Panic log: > > Unable to handle kernel NULL pointer dereference at virtual address > pgd = c0204000 > [] *pgd= > Internal error: Oops: 17 [#1] PREEMPT SMP ARM > CPU: 1 PID: 1833 Comm: kworker/u4:2 Not tainted 3.14.77 #1 > task: dcef ti: d72b6000 task.ti: d72b6000 > PC is at pwq_activate_delayed_work+0x10/0x40 > LR is at pwq_activate_delayed_work+0xc/0x40 > pc : []lr : []psr: 4193 > sp : d72b7f18 ip : 007a fp : d72b6000 > r10: r9 : dd404414 r8 : d8c31998 > r7 : d72b6038 r6 : 0004 r5 : d4907ec8 r4 : dcee1300 > r3 : ffe0 r2 : r1 : 0001 r0 : > Flags: nZcv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel > Control: 10c5787d Table: 595bc06a DAC: 0015 > ... > Process kworker/u4:2 (pid: 1833, stack limit = 0xd72b6238) > Stack: (0xd72b7f18 to 0xd72b8000) > 7f00: 0001 dcee1300 > 7f20: 0001 c02410dc d8c31980 dd404400 dd404400 c0242790 d8c31980 0089 > 7f40: d93e1340 d8c31980 c0242568 > 7f60: c02474dc 00f8 d8c31980 > 7f80: d72b7f80 d72b7f80 d72b7f90 d72b7f90 d72b7fac d93e1340 > 7fa0: c0247404 c0208d20 > 7fc0: > 7fe0: 0013 > [] (pwq_activate_delayed_work) from [] > (pwq_dec_nr_in_flight+0x58/0xc4) > [] (pwq_dec_nr_in_flight) from [] > (worker_thread+0x228/0x360) > [] (worker_thread) from [] (kthread+0xd8/0xec) > [] (kthread) from [] (ret_from_fork+0x14/0x34) > Code: e92d4038 e1a05000 ebbc[69210.619376] SMP: failed to stop secondary > CPUs > Rebooting in 3 seconds.. > > Signed-off-by: Karthikeyan Periyasamy > Signed-off-by: Kalle Valo Patch applied to ath-next branch of ath.git, thanks. 8b2d93dd2261 ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) -- https://patchwork.kernel.org/patch/10276043/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Re: [v2] ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait
Carl Huang wrote: > The skb may be freed in tx completion context before > trace_ath10k_wmi_cmd is called. This can be easily captured when > KASAN(Kernel Address Sanitizer) is enabled. The fix is to move > trace_ath10k_wmi_cmd before the send operation. As the ret has no > meaning in trace_ath10k_wmi_cmd then, so remove this parameter too. > > Signed-off-by: Carl Huang > Tested-by: Brian Norris > Reviewed-by: Brian Norris > Signed-off-by: Kalle Valo Patch applied to ath-next branch of ath.git, thanks. 9ef0f58ed7b4 ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait -- https://patchwork.kernel.org/patch/10258179/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Re: [v3] wcn36xx: reduce verbosity of drivers messages
Ramon Fried wrote: > Whenever the WLAN interface is started the FW > version and caps are printed. > The caps now will be displayed only in debug mode. > Firmware version will be displayed only once on first > startup of the interface. > > Change-Id: I4db6ea7f384fe15eebe4c3ddb1d1ccab00094332 > Signed-off-by: Ramon Fried > Signed-off-by: Kalle Valo Patch applied to ath-next branch of ath.git, thanks. 6b8a127bf66d wcn36xx: reduce verbosity of drivers messages -- https://patchwork.kernel.org/patch/10245303/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Re: ath: fix false radar detection in JP region
srirr...@codeaurora.org wrote: > This fixes false radar detection (of radar type 7) > in Japan region by correcting the radar pulse type > to Chirp as per specification. > > Signed-off-by: Sriram R > Signed-off-by: Kalle Valo Patch applied to ath-next branch of ath.git, thanks. ba21ac6cdaef ath: fix false radar detection in JP region -- https://patchwork.kernel.org/patch/10237459/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Re: [v2] ath10k: debugfs support to get final TPC stats for 10.4 variants
mke...@codeaurora.org wrote: > Export the final Transmit Power Control (TPC) value, which is the > minimum of control power and existing TPC value to user space via > a new debugfs file "tpc_stats_final" to help with debugging. > It works with the new wmi cmd and event introduced in 10.4 firmware > branch. > > WMI command ID: WMI_PDEV_GET_TPC_TABLE_CMDID > WMI event ID: WMI_PDEV_TPC_TABLE_EVENTID > > cat /sys/kernel/debug/ieee80211/phyX/ath10k/tpc_stats_final > > $ cat /sys/kernel/debug/ieee80211/phyX/ath10k/tpc_stats_final > > TPC config for channel 5180 mode 10 > > CTL = 0x 0 Reg. Domain = 58 > Antenna Gain= 0 Reg. Max Antenna Gain = 0 > Power Limit = 60 Reg. Max Power = 60 > Num tx chains = 2 Num supported rates= 109 > > *** CDD POWER TABLE > > No. Preamble Rate_code tpc_value1 tpc_value2 tpc_value3 > 0CCK 0x400 0 > 1CCK 0x410 0 > [...] > 107 HTCUP0x 0 46 46 > 108 HTCUP0x 0 46 46 > > *** STBC POWER TABLE > > No. Preamble Rate_code tpc_value1 tpc_value2 tpc_value3 > 0CCK 0x400 0 > 1CCK 0x410 0 > [...] > 107 HTCUP0x 046 46 > 108 HTCUP0x 046 46 > > *** > TXBF not supported > ** > > The existing tpc_stats debugfs file provides the dump > which is minimum of target power and regulatory domain. > > cat /sys/kernel/debug/ieee80211/phyX/ath10k/tpc_stats > > Hardware_used: QCA4019 > Firmware version: firmware-5.bin_10.4-3.0-00209 > > Signed-off-by: Maharaja Kennadyrajan > Signed-off-by: Kalle Valo Patch applied to ath-next branch of ath.git, thanks. bc64d05220f3 ath10k: debugfs support to get final TPC stats for 10.4 variants -- https://patchwork.kernel.org/patch/10241601/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Re: ath10k: Add sta rx packet stats per tid
Vasanthakumar Thiagarajan wrote: > Added per tid sta counters for the following > > - Total number MSDUs received from firmware > - Number of MSDUs received with errors like decryption, crc, mic ,etc. > - Number of MSDUs dropped in the driver > - A-MPDU/A-MSDU subframe stats > - Number of MSDUS passed to mac80211 > > All stats other than A-MPDU stats are only for received data frames. > A-MPDU stats might have stats for management frames when monitor > interface is active where management frames are notified both in wmi > and HTT interfaces. > > These per tid stats can be enabled with tid bitmask through a debugfs > like below > > echo > > /sys/kernel/debug/ieee80211/phyX/ath10k/sta_tid_stats_mask > > tid 16 (tid_bitmask 0x1) is used for non-qos data/management frames > > The stats are read from > /sys/kernel/debug/ieee80211/phyX/netdev\:wlanX/stations//dump_tid_stats > > Sample output: > > To enable rx stats for tid 0, 5 and 6, > > echo 0x0061 > /sys/kernel/debug/ieee80211/phy0/ath10k/sta_tid_stats_mask > > cat > /sys/kernel/debug/ieee80211/phy0/netdev\:wlan15/stations/8c\:fd\:f0\:0a\:8e\:df/dump_tid_stats > > Driver Rx pkt stats per tid, ([tid] count) > -- > MSDUs from FW [00] 2567[05] 3178[06] 1089 > MSDUs unchained [00] 0 [05] 0 [06] 0 > MSDUs locally dropped:chained [00] 0 [05] 0 [06] 0 > MSDUs locally dropped:filtered [00] 0 [05] 0 [06] 0 > MSDUs queued for mac80211 [00] 2567[05] 3178[06] 1089 > MSDUs with error:fcs_err[00] 0 [05] 0 [06] 2 > MSDUs with error:tkip_err [00] 0 [05] 0 [06] 0 > MSDUs with error:crypt_err [00] 0 [05] 0 [06] 0 > MSDUs with error:peer_idx_inval [00] 0 [05] 0 [06] 0 > > A-MPDU num subframes upto 10[00] 2567[05] 3178[06] 1087 > A-MPDU num subframes 11-20 [00] 0 [05] 0 [06] 0 > A-MPDU num subframes 21-30 [00] 0 [05] 0 [06] 0 > A-MPDU num subframes 31-40 [00] 0 [05] 0 [06] 0 > A-MPDU num subframes 41-50 [00] 0 [05] 0 [06] 0 > A-MPDU num subframes 51-60 [00] 0 [05] 0 [06] 0 > A-MPDU num subframes >60[00] 0 [05] 0 [06] 0 > > A-MSDU num subframes 1 [00] 2567[05] 3178[06] 1089 > A-MSDU num subframes 2 [00] 0 [05] 0 [06] 0 > A-MSDU num subframes 3 [00] 0 [05] 0 [06] 0 > A-MSDU num subframes 4 [00] 0 [05] 0 [06] 0 > A-MSDU num subframes >4 [00] 0 [05] 0 [06] 0 > > Signed-off-by: Vasanthakumar Thiagarajan > Signed-off-by: Kalle Valo Patch applied to ath-next branch of ath.git, thanks. caee728ab761 ath10k: add sta rx packet stats per tid -- https://patchwork.kernel.org/patch/10193935/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Re: [PATCH v3] wcn36xx: reduce verbosity of drivers messages
Ramon Fried writes: > Kind reminder. Is the patch ok ? First of all, please don't top most as it makes using patchwork annoying. I wish it would detect these top posts somehow. And for checking the state of patch I have a written instructions to the wiki: https://wireless.wiki.kernel.org/doku.php?id=en/developers/documentation/submittingpatches#checking_state_of_patches_from_patchwork And the actual answer: I'm lagging behind with ath.git patches but should catch up soon. -- Kalle Valo
[PATCH 1/3] cfg80211: fix CAC_STARTED event handling
From: Dmitry Lebed Exclude CAC_STARTED event from !wdev->cac_started check, since cac_started will be set later in the same function. Signed-off-by: Dmitry Lebed --- net/wireless/mlme.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c index 6b6818dd76bd..12b3edf70a7b 100644 --- a/net/wireless/mlme.c +++ b/net/wireless/mlme.c @@ -872,7 +872,7 @@ void cfg80211_cac_event(struct net_device *netdev, trace_cfg80211_cac_event(netdev, event); - if (WARN_ON(!wdev->cac_started)) + if (WARN_ON(!wdev->cac_started && event != NL80211_RADAR_CAC_STARTED)) return; if (WARN_ON(!wdev->chandef.chan)) -- 2.11.0
[PATCH 3/3] qtnfmac: add DFS offload support
From: Dmitry Lebed DFS offload support implemented: - DFS_OFFLOAD feature is advertised depending on HW capabilities - CAC_STARTED event forwarding from HW implemented - start_radar_detection() callback now returning -ENOTSUPP if DFS_OFFLOAD is enabled Signed-off-by: Dmitry Lebed --- drivers/net/wireless/quantenna/qtnfmac/cfg80211.c | 9 + drivers/net/wireless/quantenna/qtnfmac/event.c| 11 +++ drivers/net/wireless/quantenna/qtnfmac/qlink.h| 7 +-- 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c b/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c index 0398bece5782..5122dc798064 100644 --- a/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c +++ b/drivers/net/wireless/quantenna/qtnfmac/cfg80211.c @@ -813,6 +813,9 @@ static int qtnf_start_radar_detection(struct wiphy *wiphy, struct qtnf_vif *vif = qtnf_netdev_get_priv(ndev); int ret; + if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD)) + return -ENOTSUPP; + ret = qtnf_cmd_start_cac(vif, chandef, cac_time_ms); if (ret) pr_err("%s: failed to start CAC ret=%d\n", ndev->name, ret); @@ -909,6 +912,9 @@ struct wiphy *qtnf_wiphy_allocate(struct qtnf_bus *bus) { struct wiphy *wiphy; + if (bus->hw_info.hw_capab & QLINK_HW_CAPAB_DFS_OFFLOAD) + qtn_cfg80211_ops.start_radar_detection = NULL; + wiphy = wiphy_new(&qtn_cfg80211_ops, sizeof(struct qtnf_wmac)); if (!wiphy) return NULL; @@ -982,6 +988,9 @@ int qtnf_wiphy_register(struct qtnf_hw_info *hw_info, struct qtnf_wmac *mac) WIPHY_FLAG_AP_UAPSD | WIPHY_FLAG_HAS_CHANNEL_SWITCH; + if (hw_info->hw_capab & QLINK_HW_CAPAB_DFS_OFFLOAD) + wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD); + wiphy->probe_resp_offload = NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS | NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2; diff --git a/drivers/net/wireless/quantenna/qtnfmac/event.c b/drivers/net/wireless/quantenna/qtnfmac/event.c index bcd415f96412..cb2a6c12f870 100644 --- a/drivers/net/wireless/quantenna/qtnfmac/event.c +++ b/drivers/net/wireless/quantenna/qtnfmac/event.c @@ -443,6 +443,17 @@ static int qtnf_event_handle_radar(struct qtnf_vif *vif, cfg80211_cac_event(vif->netdev, &chandef, NL80211_RADAR_CAC_ABORTED, GFP_KERNEL); break; + case QLINK_RADAR_CAC_STARTED: + if (vif->wdev.cac_started) + break; + + if (!wiphy_ext_feature_isset(wiphy, +NL80211_EXT_FEATURE_DFS_OFFLOAD)) + break; + + cfg80211_cac_event(vif->netdev, &chandef, + NL80211_RADAR_CAC_STARTED, GFP_KERNEL); + break; default: pr_warn("%s: unhandled radar event %u\n", vif->netdev->name, ev->event); diff --git a/drivers/net/wireless/quantenna/qtnfmac/qlink.h b/drivers/net/wireless/quantenna/qtnfmac/qlink.h index 9bf3ae4d1b3b..9ab27e158023 100644 --- a/drivers/net/wireless/quantenna/qtnfmac/qlink.h +++ b/drivers/net/wireless/quantenna/qtnfmac/qlink.h @@ -68,10 +68,12 @@ struct qlink_msg_header { * @QLINK_HW_CAPAB_STA_INACT_TIMEOUT: device implements a logic to kick-out * associated STAs due to inactivity. Inactivity timeout period is taken * from QLINK_CMD_START_AP parameters. + * @QLINK_HW_CAPAB_DFS_OFFLOAD: device implements DFS offload functionality */ enum qlink_hw_capab { - QLINK_HW_CAPAB_REG_UPDATE = BIT(0), - QLINK_HW_CAPAB_STA_INACT_TIMEOUT = BIT(1), + QLINK_HW_CAPAB_REG_UPDATE = BIT(0), + QLINK_HW_CAPAB_STA_INACT_TIMEOUT= BIT(1), + QLINK_HW_CAPAB_DFS_OFFLOAD = BIT(2), }; enum qlink_iface_type { @@ -1031,6 +1033,7 @@ enum qlink_radar_event { QLINK_RADAR_CAC_ABORTED, QLINK_RADAR_NOP_FINISHED, QLINK_RADAR_PRE_CAC_EXPIRED, + QLINK_RADAR_CAC_STARTED, }; /** -- 2.11.0
[PATCH 2/3] cfg80211: enable use of non-cleared DFS channels for DFS offload
From: Dmitry Lebed Currently channel switch/start_ap to DFS channel cannot be done to non-CAC-cleared channel even if DFS offload if enabled. Make non-cleared DFS channels available if DFS offload is enabled. CAC will be started by HW after channel change, start_ap call, etc. Signed-off-by: Dmitry Lebed --- net/wireless/chan.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/net/wireless/chan.c b/net/wireless/chan.c index a48859982a32..2db713d18f71 100644 --- a/net/wireless/chan.c +++ b/net/wireless/chan.c @@ -579,6 +579,10 @@ static bool cfg80211_get_chans_dfs_available(struct wiphy *wiphy, { struct ieee80211_channel *c; u32 freq, start_freq, end_freq; + bool dfs_offload; + + dfs_offload = wiphy_ext_feature_isset(wiphy, + NL80211_EXT_FEATURE_DFS_OFFLOAD); start_freq = cfg80211_get_start_freq(center_freq, bandwidth); end_freq = cfg80211_get_end_freq(center_freq, bandwidth); @@ -596,8 +600,9 @@ static bool cfg80211_get_chans_dfs_available(struct wiphy *wiphy, if (c->flags & IEEE80211_CHAN_DISABLED) return false; - if ((c->flags & IEEE80211_CHAN_RADAR) && - (c->dfs_state != NL80211_DFS_AVAILABLE)) + if ((c->flags & IEEE80211_CHAN_RADAR) && + (c->dfs_state != NL80211_DFS_AVAILABLE) && + !(c->dfs_state == NL80211_DFS_USABLE && dfs_offload)) return false; } -- 2.11.0
[PATCH 0/3] cfg80211: further work on DFS offload enablement
Hello Johannes and all, Here is a patch set with minor cleanups/updates needed to enable DFS offload in cfg80211. Note that the third patch enables DFS offload for qtnfmac driver. We assume that it should go through wireless-drivers tree after all cfg80211/nl80211 changes are reviewed and merged. So it is posted here for reference purposes only. Besides, minimal set of user-space changes for hostapd has been already posted to hostapd mailing list. Thanks, Sergey Dmitrii Lebed (3): cfg80211: fix CAC_STARTED event handling cfg80211: enable use of non-cleared DFS channels for DFS qtnfmac: add DFS offload support drivers/net/wireless/quantenna/qtnfmac/cfg80211.c |9 + drivers/net/wireless/quantenna/qtnfmac/event.c| 11 +++ drivers/net/wireless/quantenna/qtnfmac/qlink.h|7 +-- net/wireless/chan.c |9 +++-- net/wireless/mlme.c |2 +- 5 files changed, 33 insertions(+), 5 deletions(-)
Re: AP6335 with mainline kernel
On Seg, 2018-03-26 at 09:24 -0300, Vanessa Maegima wrote: > Hi Arend, > > > > > Here's the hexdump: http://code.bulix.org/trv3o7-306254 > > > The link above provides the hexdump from the html nvram, which makes > wifi work on pico-imx7d. > > I also got the hexdump of the nvram file provided by TechNexion for > comparison, which returns the error "brcmfmac: brcmf_sdio_htclk: HT > Avail timeout (100): clkctl 0x50": http://code.bulix.org/mw4x62-3 > 09 > 095 Fixing second URL: http://code.bulix.org/mw4x62-309095
[PATCH] staging: wilc1000: remove unused return variable
From: HariPrasath Elango In this function,removed the unused integer variable as it is not actually used to return function success or failure. Return is a pointer to net_device structure. Signed-off-by: HariPrasath Elango --- drivers/staging/wilc1000/linux_mon.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/staging/wilc1000/linux_mon.c b/drivers/staging/wilc1000/linux_mon.c index 47e3025..169213f 100644 --- a/drivers/staging/wilc1000/linux_mon.c +++ b/drivers/staging/wilc1000/linux_mon.c @@ -252,7 +252,7 @@ static const struct net_device_ops wilc_wfi_netdev_ops = { * @brief WILC_WFI_init_mon_interface * @details * @param[in] - * @return int : Return 0 on Success + * @return Pointer to net_device * @authormdaftedar * @date 12 JUL 2012 * @version 1.0 @@ -260,7 +260,6 @@ static const struct net_device_ops wilc_wfi_netdev_ops = { struct net_device *WILC_WFI_init_mon_interface(const char *name, struct net_device *real_dev) { - u32 ret = 0; struct WILC_WFI_mon_priv *priv; /*If monitor interface is already initialized, return it*/ @@ -275,8 +274,7 @@ struct net_device *WILC_WFI_init_mon_interface(const char *name, wilc_wfi_mon->name[IFNAMSIZ - 1] = 0; wilc_wfi_mon->netdev_ops = &wilc_wfi_netdev_ops; - ret = register_netdevice(wilc_wfi_mon); - if (ret) { + if (register_netdevice(wilc_wfi_mon)) { netdev_err(real_dev, "register_netdevice failed\n"); return NULL; } -- 2.10.0.GIT
[PATCH] mac80211: don't WARN on bad WMM parameters from buggy APs
Apparently, some APs are buggy enough to send a zeroed WMM IE. Don't WARN on this since this is not caused by a bug on the client's system. This aligns the condition of the WARNING in drv_conf_tx with the validity check in ieee80211_sta_wmm_params. We will now pick the default values whenever we get a zeroed WMM IE. This has been reported here: https://bugzilla.kernel.org/show_bug.cgi?id=199161 Signed-off-by: Emmanuel Grumbach --- net/mac80211/mlme.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 39b660b9a908..a6b628964b84 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -1785,7 +1785,8 @@ static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, params[ac].acm = acm; params[ac].uapsd = uapsd; - if (params[ac].cw_min > params[ac].cw_max) { + if (params->cw_min == 0 || + params[ac].cw_min > params[ac].cw_max) { sdata_info(sdata, "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n", params[ac].cw_min, params[ac].cw_max, aci); -- 2.14.3
Re: [PATCH v3] wcn36xx: reduce verbosity of drivers messages
Hi Kalle. Kind reminder. Is the patch ok ? Thanks, Ramon On 2/27/2018 4:05 PM, Ramon Fried wrote: > Whenever the WLAN interface is started the FW > version and caps are printed. > The caps now will be displayed only in debug mode. > Firmware version will be displayed only once on first > startup of the interface. > > Change-Id: I4db6ea7f384fe15eebe4c3ddb1d1ccab00094332 > Signed-off-by: Ramon Fried > --- > v2: print the firwmare version as info but only > onetime. > v3: change the static variable to a struct variable. > > drivers/net/wireless/ath/wcn36xx/main.c| 3 ++- > drivers/net/wireless/ath/wcn36xx/smd.c | 18 ++ > drivers/net/wireless/ath/wcn36xx/wcn36xx.h | 2 ++ > 3 files changed, 14 insertions(+), 9 deletions(-) > > diff --git a/drivers/net/wireless/ath/wcn36xx/main.c > b/drivers/net/wireless/ath/wcn36xx/main.c > index ab5be6d2c691..bfe9062bfa52 100644 > --- a/drivers/net/wireless/ath/wcn36xx/main.c > +++ b/drivers/net/wireless/ath/wcn36xx/main.c > @@ -261,7 +261,7 @@ static void wcn36xx_feat_caps_info(struct wcn36xx *wcn) > > for (i = 0; i < MAX_FEATURE_SUPPORTED; i++) { > if (get_feat_caps(wcn->fw_feat_caps, i)) > - wcn36xx_info("FW Cap %s\n", wcn36xx_get_cap_name(i)); > + wcn36xx_dbg(WCN36XX_DBG_MAC, "FW Cap %s\n", > wcn36xx_get_cap_name(i)); > } > } > > @@ -1283,6 +1283,7 @@ static int wcn36xx_probe(struct platform_device *pdev) > wcn = hw->priv; > wcn->hw = hw; > wcn->dev = &pdev->dev; > + wcn->first_boot = true; > mutex_init(&wcn->conf_mutex); > mutex_init(&wcn->hal_mutex); > mutex_init(&wcn->scan_lock); > diff --git a/drivers/net/wireless/ath/wcn36xx/smd.c > b/drivers/net/wireless/ath/wcn36xx/smd.c > index 2a4871ca9c72..1a5b4d57c0ac 100644 > --- a/drivers/net/wireless/ath/wcn36xx/smd.c > +++ b/drivers/net/wireless/ath/wcn36xx/smd.c > @@ -409,15 +409,17 @@ static int wcn36xx_smd_start_rsp(struct wcn36xx *wcn, > void *buf, size_t len) > wcn->fw_minor = rsp->start_rsp_params.version.minor; > wcn->fw_major = rsp->start_rsp_params.version.major; > > - wcn36xx_info("firmware WLAN version '%s' and CRM version '%s'\n", > - wcn->wlan_version, wcn->crm_version); > - > - wcn36xx_info("firmware API %u.%u.%u.%u, %u stations, %u bssids\n", > - wcn->fw_major, wcn->fw_minor, > - wcn->fw_version, wcn->fw_revision, > - rsp->start_rsp_params.stations, > - rsp->start_rsp_params.bssids); > + if (wcn->first_boot) { > + wcn->first_boot = false; > + wcn36xx_info("firmware WLAN version '%s' and CRM version > '%s'\n", > + wcn->wlan_version, wcn->crm_version); > > + wcn36xx_info("firmware API %u.%u.%u.%u, %u stations, %u > bssids\n", > + wcn->fw_major, wcn->fw_minor, > + wcn->fw_version, wcn->fw_revision, > + rsp->start_rsp_params.stations, > + rsp->start_rsp_params.bssids); > + } > return 0; > } > > diff --git a/drivers/net/wireless/ath/wcn36xx/wcn36xx.h > b/drivers/net/wireless/ath/wcn36xx/wcn36xx.h > index 81017e6703b4..5854adf43f3a 100644 > --- a/drivers/net/wireless/ath/wcn36xx/wcn36xx.h > +++ b/drivers/net/wireless/ath/wcn36xx/wcn36xx.h > @@ -192,6 +192,8 @@ struct wcn36xx { > u8 crm_version[WCN36XX_HAL_VERSION_LENGTH + 1]; > u8 wlan_version[WCN36XX_HAL_VERSION_LENGTH + 1]; > > + boolfirst_boot; > + > /* IRQs */ > int tx_irq; > int rx_irq;
Re: AP6335 with mainline kernel
Hi Arend, > Here's the hexdump: http://code.bulix.org/trv3o7-306254 > The link above provides the hexdump from the html nvram, which makes wifi work on pico-imx7d. I also got the hexdump of the nvram file provided by TechNexion for comparison, which returns the error "brcmfmac: brcmf_sdio_htclk: HT Avail timeout (100): clkctl 0x50": http://code.bulix.org/mw4x62-309 095 Thanks! Best Regards, Vanessa
Re: [PATCH 9/9] staging: wilc1000: free memory allocated for general info message from firmware
On Mon, Mar 26, 2018 at 05:01:50PM +0530, Ajay Singh wrote: > On Mon, 26 Mar 2018 11:32:41 +0300 > Dan Carpenter wrote: > > > What happened to patch 8/9? Anyway, I can't apply this patch and it > > could be my fault or it could be the missing patch. I don't know... > > I rechecked by applying the patches in order and didn't face any conflict. > I am going to send the v2 for this patch series by including the review > comments. The problem was on my end. Sorry. Gmail's spam filtering messed up. I should have checked better. regards, dan carpenter
Re: [PATCH] mac80211: Fix wlan freezes under load at rekey
so far i see no regressions with 9984 with that patch except that 9984 has a rekeying problem at all. with wds ap -> wds sta mode rekeying will fail and it will reauthenticate at each interval. (it disconnects and reconnects) but this is a long term issue qca never fixed for years. 988x doesnt suffer from that issue Am 25.03.2018 um 23:59 schrieb Ben Greear: On 03/25/2018 12:45 PM, Alexander Wetzel wrote: What will happen to drivers like ath10k that cannot do software encrypt/decrypt? ath10k can support multiple key-ids as far as I can tell, so maybe it would just never hit this code? Still learning how that all fits together, but I'm sure any card using mac80211 will also use ieee80211_key_replace, including ath10k. We are in a race with the remote station there is no chance that we can switch over exactly at the same time. If we can't fall pack to software encryption we'll just have to drop some more packets. I'm pretty sure mac80211 will just encrypt a frame in software and send it to ath10 for processing once we have removed the key from the hw in the same way as for any other card. I don't think ath10k can handle sending already-encrypted data packets, but possibly it works with newer upstream firmware/driver. Either way, as long as it does not fundamentally break something (like a non-recoverable data stall), then maybe your patch is fine anyway and ath10k may just drop a few extra frames. My expectation here would be, that the driver detects and drops the pre-encrypted frames it no longer has a hw key for. Unfortunately this is just an assumption, since I haven't found the code handling this case in ath10k. And even if true this could well cause some undesired warning messages. I guess we should therefore make sure we do not send out any packets in the critical time window. Now stopping and flushing the queues seems to be bad idea which could cause a real performance impact for on a busy AP with many stations and rekeys enabled... Luckily it looks like we can instead just set KEY_FLAG_TAINTED for the old key to make sure we stop sending packets till the rekey is done. That should cause ieee80211_tx_h_select_key to drop all packets without a new per-packet check and also should cover potential undesired side effects, isn't it? I get lost in the weeds when trying to understand all of this, and some previous attempts of mine to fix some of this evidently wasn't correct enough to accept upstream: https://www.spinics.net/lists/hostap/msg03677.html So I really don't know enough to properly review your patch. Just be aware that ath10k is weird about sw-crypt, maybe make sure your patch is tested on it to make sure it doesn't out-right break something. Thanks, Ben -- Mit freundlichen Grüssen / Regards Sebastian Gottschall / CTO NewMedia-NET GmbH - DD-WRT Firmensitz: Stubenwaldallee 21a, 64625 Bensheim Registergericht: Amtsgericht Darmstadt, HRB 25473 Geschäftsführer: Peter Steinhäuser, Christian Scheele http://www.dd-wrt.com email: s.gottsch...@dd-wrt.com Tel.: +496251-582650 / Fax: +496251-5826565
Cześć słodka
Am Wes ze Stanów Zjednoczonych, ale obecnie przebywa w Syrii na misji pokojowej. Obecnie szukam przyjaźni, która doprowadzi do związku, w którym znowu czuję się kochana ... Chcę cię lepiej poznać, jeśli mogę być odważny. Uważam się za łatwego człowieka .. Proszę wybaczyć moje maniery nie są dobre, jeśli chodzi o Internet, ponieważ to nie jest moja dziedzina. Tutaj w Syrii nie wolno nam wychodzić, co sprawia, że bardzo się nudzę, więc myślę, że potrzebuję przyjaciela do rozmowy z zewnątrz, żeby mnie utrzymać ... Chciałbym poznać "prawdziwego" ciebie jako przyjaciela. Twoje polubienia, nielubienia, twoje zainteresowania .. co cię wyróżnia. Mój ulubiony kolor to niebieski. Moje ulubione jedzenie to BACON, mogłem z łatwością zostać wegetarianinem, gdyby nie było to na bekonie !! Mam nadzieję, że możesz mi powiedzieć więcej szczegółów na temat twojej pracy, związku i przeszłości . Mam nadzieję, że wkrótce skontaktuję się z Tobą . Wes.
[PATCH v2 6/9] staging: wilc1000: fix to free allocated memory in wilc_add_ptk()
Free allocated memory in wilc_add_ptk() when it fails to enqueue the command. Signed-off-by: Ajay Singh Reviewed-by: Claudiu Beznea --- drivers/staging/wilc1000/host_interface.c | 13 +++-- 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index 0494234..e58fa87 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -2781,7 +2781,7 @@ int wilc_add_ptk(struct wilc_vif *vif, const u8 *ptk, u8 ptk_key_len, const u8 *mac_addr, const u8 *rx_mic, const u8 *tx_mic, u8 mode, u8 cipher_mode, u8 index) { - int result = 0; + int result; struct host_if_msg msg; struct host_if_drv *hif_drv = vif->hif_drv; u8 key_len = ptk_key_len; @@ -2826,13 +2826,14 @@ int wilc_add_ptk(struct wilc_vif *vif, const u8 *ptk, u8 ptk_key_len, msg.vif = vif; result = wilc_enqueue_cmd(&msg); - - if (result) + if (result) { netdev_err(vif->ndev, "PTK Key\n"); - else - wait_for_completion(&hif_drv->comp_test_key_block); + kfree(msg.body.key_info.attr.wpa.key); + return result; + } - return result; + wait_for_completion(&hif_drv->comp_test_key_block); + return 0; } int wilc_add_rx_gtk(struct wilc_vif *vif, const u8 *rx_gtk, u8 gtk_key_len, -- 2.7.4
[PATCH v2 4/9] staging: wilc1000: free memory allocated in add wep key functions
Free memory allocated for wep key when command enqueue is failed. Signed-off-by: Ajay Singh Reviewed-by: Claudiu Beznea --- drivers/staging/wilc1000/host_interface.c | 24 ++-- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index 1cc4c08..4db15c7 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -2704,7 +2704,7 @@ int wilc_set_wep_default_keyid(struct wilc_vif *vif, u8 index) int wilc_add_wep_key_bss_sta(struct wilc_vif *vif, const u8 *key, u8 len, u8 index) { - int result = 0; + int result; struct host_if_msg msg; struct host_if_drv *hif_drv = vif->hif_drv; @@ -2727,17 +2727,20 @@ int wilc_add_wep_key_bss_sta(struct wilc_vif *vif, const u8 *key, u8 len, msg.body.key_info.attr.wep.index = index; result = wilc_enqueue_cmd(&msg); - if (result) + if (result) { netdev_err(vif->ndev, "STA - WEP Key\n"); - wait_for_completion(&hif_drv->comp_test_key_block); + kfree(msg.body.key_info.attr.wep.key); + return result; + } - return result; + wait_for_completion(&hif_drv->comp_test_key_block); + return 0; } int wilc_add_wep_key_bss_ap(struct wilc_vif *vif, const u8 *key, u8 len, u8 index, u8 mode, enum AUTHTYPE auth_type) { - int result = 0; + int result; struct host_if_msg msg; struct host_if_drv *hif_drv = vif->hif_drv; @@ -2762,13 +2765,14 @@ int wilc_add_wep_key_bss_ap(struct wilc_vif *vif, const u8 *key, u8 len, msg.body.key_info.attr.wep.auth_type = auth_type; result = wilc_enqueue_cmd(&msg); - - if (result) + if (result) { netdev_err(vif->ndev, "AP - WEP Key\n"); - else - wait_for_completion(&hif_drv->comp_test_key_block); + kfree(msg.body.key_info.attr.wep.key); + return result; + } - return result; + wait_for_completion(&hif_drv->comp_test_key_block); + return 0; } int wilc_add_ptk(struct wilc_vif *vif, const u8 *ptk, u8 ptk_key_len, -- 2.7.4
[PATCH v2 9/9] staging: wilc1000: free memory allocated for general info message from firmware
Free allocated memory for failure scenario while processing the information message received from the firmware. Added NULL check and used kmemdup in the flow of handling information message. Signed-off-by: Ajay Singh Reviewed-by: Claudiu Beznea --- drivers/staging/wilc1000/host_interface.c | 48 --- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index 73bdd24..c06920b 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -1346,16 +1346,15 @@ static inline void host_int_parse_assoc_resp_info(struct wilc_vif *vif, if (conn_info.status == SUCCESSFUL_STATUSCODE && connect_resp_info->ies) { - conn_info.resp_ies_len = connect_resp_info->ies_len; - conn_info.resp_ies = kmalloc(connect_resp_info->ies_len, GFP_KERNEL); - memcpy(conn_info.resp_ies, connect_resp_info->ies, - connect_resp_info->ies_len); + conn_info.resp_ies = kmemdup(connect_resp_info->ies, + connect_resp_info->ies_len, + GFP_KERNEL); + if (conn_info.resp_ies) + conn_info.resp_ies_len = connect_resp_info->ies_len; } - if (connect_resp_info) { - kfree(connect_resp_info->ies); - kfree(connect_resp_info); - } + kfree(connect_resp_info->ies); + kfree(connect_resp_info); } } } @@ -1381,11 +1380,11 @@ static inline void host_int_parse_assoc_resp_info(struct wilc_vif *vif, } if (hif_drv->usr_conn_req.ies) { - conn_info.req_ies_len = hif_drv->usr_conn_req.ies_len; - conn_info.req_ies = kmalloc(hif_drv->usr_conn_req.ies_len, + conn_info.req_ies = kmemdup(conn_info.req_ies, + hif_drv->usr_conn_req.ies_len, GFP_KERNEL); - memcpy(conn_info.req_ies, hif_drv->usr_conn_req.ies, - hif_drv->usr_conn_req.ies_len); + if (conn_info.req_ies) + conn_info.req_ies_len = hif_drv->usr_conn_req.ies_len; } del_timer(&hif_drv->connect_timer); @@ -1463,17 +1462,25 @@ static s32 handle_rcvd_gnrl_async_info(struct wilc_vif *vif, u8 mac_status_additional_info; struct host_if_drv *hif_drv = vif->hif_drv; + if (!rcvd_info->buffer) { + netdev_err(vif->ndev, "Received buffer is NULL\n"); + return -EINVAL; + } + if (!hif_drv) { netdev_err(vif->ndev, "Driver handler is NULL\n"); + kfree(rcvd_info->buffer); + rcvd_info->buffer = NULL; return -ENODEV; } if (hif_drv->hif_state == HOST_IF_WAITING_CONN_RESP || hif_drv->hif_state == HOST_IF_CONNECTED || hif_drv->usr_scan_req.scan_result) { - if (!rcvd_info->buffer || - !hif_drv->usr_conn_req.conn_result) { + if (!hif_drv->usr_conn_req.conn_result) { netdev_err(vif->ndev, "driver is null\n"); + kfree(rcvd_info->buffer); + rcvd_info->buffer = NULL; return -EINVAL; } @@ -1481,6 +1488,8 @@ static s32 handle_rcvd_gnrl_async_info(struct wilc_vif *vif, if ('I' != msg_type) { netdev_err(vif->ndev, "Received Message incorrect.\n"); + kfree(rcvd_info->buffer); + rcvd_info->buffer = NULL; return -EFAULT; } @@ -3527,12 +3536,17 @@ void wilc_gnrl_async_info_received(struct wilc *wilc, u8 *buffer, u32 length) msg.vif = vif; msg.body.async_info.len = length; - msg.body.async_info.buffer = kmalloc(length, GFP_KERNEL); - memcpy(msg.body.async_info.buffer, buffer, length); + msg.body.async_info.buffer = kmemdup(buffer, length, GFP_KERNEL); + if (!msg.body.async_info.buffer) { + mutex_unlock(&hif_deinit_lock); + return; + } result = wilc_enqueue_cmd(&msg); - if (result) + if (result) { netdev_err(vif->ndev, "synchronous info (%d)\n",
[PATCH v2 8/9] staging: wilc1000: split handle_rcvd_gnrl_async_info() to avoid leading tabs
Fix 'Too many leading tabs' issue found by checkpatch.pl script in handle_rcvd_gnrl_async_info(). Signed-off-by: Ajay Singh Reviewed-by: Claudiu Beznea --- drivers/staging/wilc1000/host_interface.c | 286 -- 1 file changed, 149 insertions(+), 137 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index d2efec2..73bdd24 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -1302,6 +1302,153 @@ static s32 host_int_get_assoc_res_info(struct wilc_vif *vif, u32 max_assoc_resp_info_len, u32 *rcvd_assoc_resp_info_len); +static inline void host_int_free_user_conn_req(struct host_if_drv *hif_drv) +{ + hif_drv->usr_conn_req.ssid_len = 0; + kfree(hif_drv->usr_conn_req.ssid); + hif_drv->usr_conn_req.ssid = NULL; + kfree(hif_drv->usr_conn_req.bssid); + hif_drv->usr_conn_req.bssid = NULL; + hif_drv->usr_conn_req.ies_len = 0; + kfree(hif_drv->usr_conn_req.ies); + hif_drv->usr_conn_req.ies = NULL; +} + +static inline void host_int_parse_assoc_resp_info(struct wilc_vif *vif, + u8 mac_status) +{ + struct connect_resp_info *connect_resp_info = NULL; + struct connect_info conn_info; + struct host_if_drv *hif_drv = vif->hif_drv; + + memset(&conn_info, 0, sizeof(struct connect_info)); + + if (mac_status == MAC_CONNECTED) { + u32 rcvd_assoc_resp_info_len; + + memset(rcv_assoc_resp, 0, MAX_ASSOC_RESP_FRAME_SIZE); + + host_int_get_assoc_res_info(vif, rcv_assoc_resp, + MAX_ASSOC_RESP_FRAME_SIZE, + &rcvd_assoc_resp_info_len); + + if (rcvd_assoc_resp_info_len != 0) { + s32 err = 0; + + err = wilc_parse_assoc_resp_info(rcv_assoc_resp, rcvd_assoc_resp_info_len, +&connect_resp_info); + if (err) { + netdev_err(vif->ndev, + "wilc_parse_assoc_resp_info() returned error %d\n", + err); + } else { + conn_info.status = connect_resp_info->status; + + if (conn_info.status == SUCCESSFUL_STATUSCODE && + connect_resp_info->ies) { + conn_info.resp_ies_len = connect_resp_info->ies_len; + conn_info.resp_ies = kmalloc(connect_resp_info->ies_len, GFP_KERNEL); + memcpy(conn_info.resp_ies, connect_resp_info->ies, + connect_resp_info->ies_len); + } + + if (connect_resp_info) { + kfree(connect_resp_info->ies); + kfree(connect_resp_info); + } + } + } + } + + if (mac_status == MAC_CONNECTED && + conn_info.status != SUCCESSFUL_STATUSCODE) { + netdev_err(vif->ndev, + "Received MAC status is MAC_CONNECTED while the received status code in Asoc Resp is not SUCCESSFUL_STATUSCODE\n"); + eth_zero_addr(wilc_connected_ssid); + } else if (mac_status == MAC_DISCONNECTED){ + netdev_err(vif->ndev, "Received MAC status is MAC_DISCONNECTED\n"); + eth_zero_addr(wilc_connected_ssid); + } + + if (hif_drv->usr_conn_req.bssid) { + memcpy(conn_info.bssid, hif_drv->usr_conn_req.bssid, 6); + + if (mac_status == MAC_CONNECTED && + conn_info.status == SUCCESSFUL_STATUSCODE) { + memcpy(hif_drv->assoc_bssid, + hif_drv->usr_conn_req.bssid, ETH_ALEN); + } + } + + if (hif_drv->usr_conn_req.ies) { + conn_info.req_ies_len = hif_drv->usr_conn_req.ies_len; + conn_info.req_ies = kmalloc(hif_drv->usr_conn_req.ies_len, + GFP_KERNEL); + memcpy(conn_info.req_ies, hif_drv->usr_conn_req.ies, + hif_drv->usr_conn_req.ies_len); + } + + del_timer(&hif_drv->connect_timer); + hif_drv->usr_conn_req.conn_result(CONN_DISCONN_EVENT_CONN_RESP, + &conn_info, mac_status, NULL, + hif_drv->usr_conn_req.arg); + + if (mac_status == MAC_CONNECTED && + conn_info.status ==
[PATCH v2 7/9] staging: wilc1000: free allocated memory in wilc_add_rx_gtk()
Free memory allocated in wilc_add_rx_gtk() before returing from the function. Signed-off-by: Ajay Singh Reviewed-by: Claudiu Beznea --- drivers/staging/wilc1000/host_interface.c | 17 +++-- 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index e58fa87..d2efec2 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -2841,7 +2841,7 @@ int wilc_add_rx_gtk(struct wilc_vif *vif, const u8 *rx_gtk, u8 gtk_key_len, const u8 *rx_mic, const u8 *tx_mic, u8 mode, u8 cipher_mode) { - int result = 0; + int result; struct host_if_msg msg; struct host_if_drv *hif_drv = vif->hif_drv; u8 key_len = gtk_key_len; @@ -2880,8 +2880,10 @@ int wilc_add_rx_gtk(struct wilc_vif *vif, const u8 *rx_gtk, u8 gtk_key_len, msg.body.key_info.attr.wpa.key = kmemdup(rx_gtk, key_len, GFP_KERNEL); - if (!msg.body.key_info.attr.wpa.key) + if (!msg.body.key_info.attr.wpa.key) { + kfree(msg.body.key_info.attr.wpa.seq); return -ENOMEM; + } if (rx_mic) memcpy(msg.body.key_info.attr.wpa.key + 16, rx_mic, @@ -2896,12 +2898,15 @@ int wilc_add_rx_gtk(struct wilc_vif *vif, const u8 *rx_gtk, u8 gtk_key_len, msg.body.key_info.attr.wpa.seq_len = key_rsc_len; result = wilc_enqueue_cmd(&msg); - if (result) + if (result) { netdev_err(vif->ndev, "RX GTK\n"); - else - wait_for_completion(&hif_drv->comp_test_key_block); + kfree(msg.body.key_info.attr.wpa.seq); + kfree(msg.body.key_info.attr.wpa.key); + return result; + } - return result; + wait_for_completion(&hif_drv->comp_test_key_block); + return 0; } int wilc_set_pmkid_info(struct wilc_vif *vif, -- 2.7.4
[PATCH v2 3/9] staging: wilc1000: free allocated memory in edit and add station functions
Added fix to free the allocated memory in case of failure to enqueue the command. Signed-off-by: Ajay Singh Reviewed-by: Claudiu Beznea --- drivers/staging/wilc1000/host_interface.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index 70c10bc..1cc4c08 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -3709,8 +3709,10 @@ int wilc_add_station(struct wilc_vif *vif, struct add_sta_param *sta_param) } result = wilc_enqueue_cmd(&msg); - if (result) + if (result) { netdev_err(vif->ndev, "wilc_mq_send fail\n"); + kfree(add_sta_info->rates); + } return result; } @@ -3793,8 +3795,10 @@ int wilc_edit_station(struct wilc_vif *vif, } result = wilc_enqueue_cmd(&msg); - if (result) + if (result) { netdev_err(vif->ndev, "wilc_mq_send fail\n"); + kfree(add_sta_info->rates); + } return result; } -- 2.7.4
[PATCH v2 5/9] staging: wilc1000: free allocated memory after processing wilc_send_config_pkt()
Free allocated memory after completing wilc_send_config_pkt() function. Remove unncessary use of 'stamac' pointer in handle_get_inactive_time(). Signed-off-by: Ajay Singh Reviewed-by: Claudiu Beznea --- drivers/staging/wilc1000/host_interface.c | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index 4db15c7..0494234 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -1909,7 +1909,6 @@ static s32 handle_get_inactive_time(struct wilc_vif *vif, struct sta_inactive_t *hif_sta_inactive) { s32 result = 0; - u8 *stamac; struct wid wid; struct host_if_drv *hif_drv = vif->hif_drv; @@ -1920,11 +1919,11 @@ static s32 handle_get_inactive_time(struct wilc_vif *vif, if (!wid.val) return -ENOMEM; - stamac = wid.val; - ether_addr_copy(stamac, hif_sta_inactive->mac); + ether_addr_copy(wid.val, hif_sta_inactive->mac); result = wilc_send_config_pkt(vif, SET_CFG, &wid, 1, wilc_get_vif_idx(vif)); + kfree(wid.val); if (result) { netdev_err(vif->ndev, "Failed to SET inactive time\n"); @@ -2225,6 +2224,7 @@ static int handle_remain_on_chan(struct wilc_vif *vif, result = wilc_send_config_pkt(vif, SET_CFG, &wid, 1, wilc_get_vif_idx(vif)); + kfree(wid.val); if (result != 0) netdev_err(vif->ndev, "Failed to set remain on channel\n"); @@ -2269,6 +2269,7 @@ static int handle_register_frame(struct wilc_vif *vif, result = wilc_send_config_pkt(vif, SET_CFG, &wid, 1, wilc_get_vif_idx(vif)); + kfree(wid.val); if (result) { netdev_err(vif->ndev, "Failed to frame register\n"); result = -EINVAL; @@ -2300,6 +2301,7 @@ static u32 handle_listen_state_expired(struct wilc_vif *vif, result = wilc_send_config_pkt(vif, SET_CFG, &wid, 1, wilc_get_vif_idx(vif)); + kfree(wid.val); if (result != 0) { netdev_err(vif->ndev, "Failed to set remain channel\n"); goto _done_; -- 2.7.4
[PATCH v2 1/9] staging: wilc1000: remove unused global variables related to p2p
Cleanup patch to remove the unused global variables defined for p2p. Signed-off-by: Ajay Singh Reviewed-by: Claudiu Beznea --- drivers/staging/wilc1000/host_interface.c | 59 --- 1 file changed, 59 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index 5082ede..a13998d 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -254,13 +254,6 @@ static u32 inactive_time; static u8 del_beacon; static u32 clients_count; -static u8 *join_req; -static u8 *info_element; -static u8 mode_11i; -static u8 auth_type; -static u32 join_req_size; -static u32 info_element_size; -static struct wilc_vif *join_req_vif; #define REAL_JOIN_REQ 0 #define FLUSHED_JOIN_REQ 1 #define FLUSHED_BYTE_POS 79 @@ -995,39 +988,23 @@ static s32 handle_connect(struct wilc_vif *vif, wid_list[wid_cnt].size = hif_drv->usr_conn_req.ies_len; wid_cnt++; - if (memcmp("DIRECT-", conn_attr->ssid, 7)) { - info_element_size = hif_drv->usr_conn_req.ies_len; - info_element = kmalloc(info_element_size, GFP_KERNEL); - memcpy(info_element, hif_drv->usr_conn_req.ies, - info_element_size); - } wid_list[wid_cnt].id = (u16)WID_11I_MODE; wid_list[wid_cnt].type = WID_CHAR; wid_list[wid_cnt].size = sizeof(char); wid_list[wid_cnt].val = (s8 *)&hif_drv->usr_conn_req.security; wid_cnt++; - if (memcmp("DIRECT-", conn_attr->ssid, 7)) - mode_11i = hif_drv->usr_conn_req.security; - wid_list[wid_cnt].id = (u16)WID_AUTH_TYPE; wid_list[wid_cnt].type = WID_CHAR; wid_list[wid_cnt].size = sizeof(char); wid_list[wid_cnt].val = (s8 *)&hif_drv->usr_conn_req.auth_type; wid_cnt++; - if (memcmp("DIRECT-", conn_attr->ssid, 7)) - auth_type = (u8)hif_drv->usr_conn_req.auth_type; - wid_list[wid_cnt].id = (u16)WID_JOIN_REQ_EXTENDED; wid_list[wid_cnt].type = WID_STR; wid_list[wid_cnt].size = 112; wid_list[wid_cnt].val = kmalloc(wid_list[wid_cnt].size, GFP_KERNEL); - if (memcmp("DIRECT-", conn_attr->ssid, 7)) { - join_req_size = wid_list[wid_cnt].size; - join_req = kmalloc(join_req_size, GFP_KERNEL); - } if (!wid_list[wid_cnt].val) { result = -EFAULT; goto error; @@ -1120,11 +1097,6 @@ static s32 handle_connect(struct wilc_vif *vif, cur_byte = wid_list[wid_cnt].val; wid_cnt++; - if (memcmp("DIRECT-", conn_attr->ssid, 7)) { - memcpy(join_req, cur_byte, join_req_size); - join_req_vif = vif; - } - if (conn_attr->bssid) memcpy(wilc_connected_ssid, conn_attr->bssid, ETH_ALEN); @@ -1254,16 +1226,6 @@ static s32 handle_connect_timeout(struct wilc_vif *vif) eth_zero_addr(wilc_connected_ssid); - if (join_req && join_req_vif == vif) { - kfree(join_req); - join_req = NULL; - } - - if (info_element && join_req_vif == vif) { - kfree(info_element); - info_element = NULL; - } - return result; } @@ -1519,17 +1481,6 @@ static s32 handle_rcvd_gnrl_async_info(struct wilc_vif *vif, hif_drv->usr_conn_req.ies_len = 0; kfree(hif_drv->usr_conn_req.ies); hif_drv->usr_conn_req.ies = NULL; - - if (join_req && join_req_vif == vif) { - kfree(join_req); - join_req = NULL; - } - - if (info_element && join_req_vif == vif) { - kfree(info_element); - info_element = NULL; - } - hif_drv->hif_state = HOST_IF_IDLE; scan_while_connected = false; @@ -1866,16 +1817,6 @@ static void handle_disconnect(struct wilc_vif *vif) kfree(conn_req->ies); conn_req->ies = NULL; - if (join_req && join_req_vif == vif) { - kfree(join_req); - join_req = NULL; - } - - if (info_element && join_req_vif == vif) { - kfree(info_element); - info_element = NULL; - } - out: complete(&hif_drv->comp_test_disconn_block); -- 2.7.4
[PATCH v2 2/9] staging: wilc1000: avoid 'NULL' pointer access in wilc_network_info_received()
Added 'NULL' check before accessing the allocated memory. Free up the memory incase of failure to enqueue the command. Used kmemdup instead of kmalloc & memcpy. Signed-off-by: Ajay Singh Reviewed-by: Claudiu Beznea --- drivers/staging/wilc1000/host_interface.c | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index a13998d..70c10bc 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -3453,12 +3453,15 @@ void wilc_network_info_received(struct wilc *wilc, u8 *buffer, u32 length) msg.vif = vif; msg.body.net_info.len = length; - msg.body.net_info.buffer = kmalloc(length, GFP_KERNEL); - memcpy(msg.body.net_info.buffer, buffer, length); + msg.body.net_info.buffer = kmemdup(buffer, length, GFP_KERNEL); + if (!msg.body.net_info.buffer) + return; result = wilc_enqueue_cmd(&msg); - if (result) + if (result) { netdev_err(vif->ndev, "message parameters (%d)\n", result); + kfree(msg.body.net_info.buffer); + } } void wilc_gnrl_async_info_received(struct wilc *wilc, u8 *buffer, u32 length) -- 2.7.4
[PATCH v2 0/9] staging: wilc1000: fix memory leaks and checkpatch reported issues
This patch series contains changes to fix memory leaks, avoid NULL pointer exceptions and checkpatch reported issue fixes. V2: Modified patch #4, #6, #7 as per review comments. Added 'Reviewed-by' tags in commit description. Ajay Singh (9): staging: wilc1000: remove unused global variables related to p2p staging: wilc1000: avoid 'NULL' pointer access in wilc_network_info_received() staging: wilc1000: free allocated memory in edit and add station functions staging: wilc1000: free memory allocated in add wep key functions staging: wilc1000: free allocated memory after processing wilc_send_config_pkt() staging: wilc1000: fix to free allocated memory in wilc_add_ptk() staging: wilc1000: free allocated memory in wilc_add_rx_gtk() staging: wilc1000: split handle_rcvd_gnrl_async_info() to avoid leading tabs staging: wilc1000: free memory allocated for general info message from firmware drivers/staging/wilc1000/host_interface.c | 448 +++--- 1 file changed, 217 insertions(+), 231 deletions(-) -- 2.7.4
Re: [PATCH 9/9] staging: wilc1000: free memory allocated for general info message from firmware
On Mon, 26 Mar 2018 11:32:41 +0300 Dan Carpenter wrote: > What happened to patch 8/9? Anyway, I can't apply this patch and it > could be my fault or it could be the missing patch. I don't know... I rechecked by applying the patches in order and didn't face any conflict. I am going to send the v2 for this patch series by including the review comments. Regards, Ajay
Re: [PATCH 4/9] staging: wilc1000: free memory allocated in add wep key functions
Hi Dan, On Mon, 26 Mar 2018 11:17:48 +0300 Dan Carpenter wrote: > On Fri, Mar 23, 2018 at 08:38:53PM +0530, Ajay Singh wrote: > We should "return result;" here otherwise we'll hang when we > wait_for_completion(). This is the sort of bug why I always encourage > people to keep the error path and success path separate (unless they > both have to unlock or free the same resources). > Yes, wait_for_completion() will hang for the error path. I have included the changes in V2 patch series. > > This code works, but it would look cleaner with "return result;". > > result = wilc_enqueue_cmd(&msg); > if (result) { > netdev_err(vif->ndev, "AP - WEP Key\n"); > kfree(msg.body.key_info.attr.wep.key); > return result; > } > > wait_for_completion(&hif_drv->comp_test_key_block); > return 0; > > I removed a blank line between the wilc_enqueue_cmd() and the error > handling because they're very connected. All the success path is at > indent level one so you can just glance at the function and see what > it's supposed to do in the normal case. The error handling is self > contained at indent level two. > I will send the updated patch by modifying the code as suggested. Regards, Ajay
Re: ieee80211 phy0: rt2x00queue_write_tx_frame: Error - Dropping frame due to full tx queue...?
Hi Mathias > sorry for the delayed testing. I had to create a new test setup > first, fought with buggy hardware and was busy with other stuff. Thanks for doing it. > The two attached patches are causing a performance regression for me again: > > OpenWrt head (forced HT40, 100Mbit wired interface) > > wireless (iperf client) to wired (iperf server) > Interval Transfer Bitrate Retr > 0.00-60.00 sec 584 MBytes 81.6 Mbits/sec 666 sender > 0.00-60.00 sec 584 MBytes 81.6 Mbits/secreceiver > > wired (iperf client) to wireless (iperf server) > Interval Transfer Bitrate Retr > 0.00-60.00 sec 620 MBytes 86.7 Mbits/sec 33 sender > 0.00-60.00 sec 617 MBytes 86.2 Mbits/secreceiver > > > > OpenWrt head (forced HT40, 100Mbit wired interface) > + rt2800_change_rx_ampdu_factor.patch > + rt2800_change_ba_size.patch > > wireless (iperf client) to wired (iperf server) > Interval Transfer Bitrate Retr > 0.00-60.00 sec 356 MBytes 49.8 Mbits/sec6 sender > 0.00-60.00 sec 356 MBytes 49.7 Mbits/secreceiver > > wired (iperf client) to wireless (iperf server) > Interval Transfer Bitrate Retr > 0.00-60.00 sec 627 MBytes 87.7 Mbits/sec5 sender > 0.00-60.00 sec 626 MBytes 87.5 Mbits/secreceiver > > > Due to the regression I haven't tested your ampdu_density patch so > far. Let me hear if you want to see more tests done. Could you test just RX AMPDU patches, i.e. rt2800_change_rx_ampdu_factor.patch rt2800_change_rx_ampdu_density.patch I have somewhat positive results on RX performance on some devices with those. Perhaps you could confirm that :-) Regards Stanislaw
[PATCH] staging: rtl8723bs: Remove duplicate #defines.
The modified file includes 'linux/ieee80211.h', but redefines many constants that already exist in the header. This will create a conflict if the values are ever changed in the kernel. Signed-off-by: Quytelda Kahja --- drivers/staging/rtl8723bs/include/ieee80211.h | 12 1 file changed, 12 deletions(-) diff --git a/drivers/staging/rtl8723bs/include/ieee80211.h b/drivers/staging/rtl8723bs/include/ieee80211.h index 73ce63770c3c..a2402495f447 100644 --- a/drivers/staging/rtl8723bs/include/ieee80211.h +++ b/drivers/staging/rtl8723bs/include/ieee80211.h @@ -435,19 +435,7 @@ struct ieee80211_snap_hdr { #define WLAN_GET_SEQ_SEQ(seq) ((seq) & RTW_IEEE80211_SCTL_SEQ) /* Authentication algorithms */ -#define WLAN_AUTH_OPEN 0 -#define WLAN_AUTH_SHARED_KEY 1 - -#define WLAN_AUTH_CHALLENGE_LEN 128 - #define WLAN_CAPABILITY_BSS (1<<0) -#define WLAN_CAPABILITY_IBSS (1<<1) -#define WLAN_CAPABILITY_CF_POLLABLE (1<<2) -#define WLAN_CAPABILITY_CF_POLL_REQUEST (1<<3) -#define WLAN_CAPABILITY_PRIVACY (1<<4) -#define WLAN_CAPABILITY_SHORT_PREAMBLE (1<<5) -#define WLAN_CAPABILITY_PBCC (1<<6) -#define WLAN_CAPABILITY_CHANNEL_AGILITY (1<<7) #define WLAN_CAPABILITY_SHORT_SLOT (1<<10) /* Status codes */ -- 2.16.2
Re: [PATCH 1/3] ieee80211: Replace bit shifts with the BIT() macro for WLAN_CAPABILITY_*.
This is a problem with the rtl8723bs driver in staging; it's source tree has a custom IEEE80211 header which imports 'linux/ieee80211.h', but redefines many of the #define's from the original header. Functionally, they are the same, but I will submit a patch in reply to this email which removes the duplicate #defines from drivers/staging/rtl8723bs/include/ieee80211.h. It looks like there's also some #defines there that shadow enum members in 'linux/ieee80211.h', but I will address that in separate patch(es) when I have a chance. Thank you, Quytelda Kahja On Sun, Mar 25, 2018 at 7:05 AM, kbuild test robot wrote: > Hi Quytelda, > > Thank you for the patch! Perhaps something to improve: > > [auto build test WARNING on mac80211-next/master] > [also build test WARNING on v4.16-rc6 next-20180323] > [if your patch is applied to the wrong git tree, please drop us a note to > help improve the system] > > url: > https://github.com/0day-ci/linux/commits/Quytelda-Kahja/ieee80211-Replace-bit-shifts-with-the-BIT-macro-for-WLAN_CAPABILITY_/20180325-211645 > base: > https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git master > config: i386-randconfig-s1-03251817 (attached as .config) > compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026 > reproduce: > # save the attached .config to linux build tree > make ARCH=i386 > > All warnings (new ones prefixed by >>): > >In file included from drivers/staging/rtl8723bs/include/drv_types.h:33:0, > from drivers/staging/rtl8723bs/hal/rtl8723b_dm.c:20: >>> drivers/staging/rtl8723bs/include/ieee80211.h:444:0: warning: >>> "WLAN_CAPABILITY_IBSS" redefined > #define WLAN_CAPABILITY_IBSS (1<<1) > >In file included from include/net/cfg80211.h:23:0, > from > drivers/staging/rtl8723bs/include/osdep_service_linux.h:50, > from drivers/staging/rtl8723bs/include/osdep_service.h:23, > from drivers/staging/rtl8723bs/include/drv_types.h:29, > from drivers/staging/rtl8723bs/hal/rtl8723b_dm.c:20: >include/linux/ieee80211.h:1593:0: note: this is the location of the > previous definition > #define WLAN_CAPABILITY_IBSS BIT(1) > >In file included from drivers/staging/rtl8723bs/include/drv_types.h:33:0, > from drivers/staging/rtl8723bs/hal/rtl8723b_dm.c:20: >>> drivers/staging/rtl8723bs/include/ieee80211.h:445:0: warning: >>> "WLAN_CAPABILITY_CF_POLLABLE" redefined > #define WLAN_CAPABILITY_CF_POLLABLE (1<<2) > >In file included from include/net/cfg80211.h:23:0, > from > drivers/staging/rtl8723bs/include/osdep_service_linux.h:50, > from drivers/staging/rtl8723bs/include/osdep_service.h:23, > from drivers/staging/rtl8723bs/include/drv_types.h:29, > from drivers/staging/rtl8723bs/hal/rtl8723b_dm.c:20: >include/linux/ieee80211.h:1603:0: note: this is the location of the > previous definition > #define WLAN_CAPABILITY_CF_POLLABLE BIT(2) > >In file included from drivers/staging/rtl8723bs/include/drv_types.h:33:0, > from drivers/staging/rtl8723bs/hal/rtl8723b_dm.c:20: >>> drivers/staging/rtl8723bs/include/ieee80211.h:446:0: warning: >>> "WLAN_CAPABILITY_CF_POLL_REQUEST" redefined > #define WLAN_CAPABILITY_CF_POLL_REQUEST (1<<3) > >In file included from include/net/cfg80211.h:23:0, > from > drivers/staging/rtl8723bs/include/osdep_service_linux.h:50, > from drivers/staging/rtl8723bs/include/osdep_service.h:23, > from drivers/staging/rtl8723bs/include/drv_types.h:29, > from drivers/staging/rtl8723bs/hal/rtl8723b_dm.c:20: >include/linux/ieee80211.h:1604:0: note: this is the location of the > previous definition > #define WLAN_CAPABILITY_CF_POLL_REQUEST BIT(3) > >In file included from drivers/staging/rtl8723bs/include/drv_types.h:33:0, > from drivers/staging/rtl8723bs/hal/rtl8723b_dm.c:20: >>> drivers/staging/rtl8723bs/include/ieee80211.h:447:0: warning: >>> "WLAN_CAPABILITY_PRIVACY" redefined > #define WLAN_CAPABILITY_PRIVACY (1<<4) > >In file included from include/net/cfg80211.h:23:0, > from > drivers/staging/rtl8723bs/include/osdep_service_linux.h:50, > from drivers/staging/rtl8723bs/include/osdep_service.h:23, > from drivers/staging/rtl8723bs/include/drv_types.h:29, > from drivers/staging/rtl8723bs/hal/rtl8723b_dm.c:20: >include/linux/ieee80211.h:1605:0: note: this is the location of the > previous definition > #define WLAN_CAPABILITY_PRIVACY BIT(4) > >In file included from drivers/staging/rtl8723bs/include/drv_types.h:33:0, > from drivers/staging/rtl8723bs/hal/rtl8723b_dm.c:20: >>> drivers/staging/rtl8723bs/include/ieee80211.h:448:0: warning: >>> "WLAN_CAPABILIT
[PATCH 2/2] ath10k: add memory dump support QCA9984
From: Anilkumar Kolli QCA9984/QCA99X0/QCA4019 chipsets have 8 memory regions, dump all of them to the firmware coredump file. Some of the regions need to be read using ioread() so add new region types for them. Signed-off-by: Anilkumar Kolli [kvalo: refactoring etc] Signed-off-by: Kalle Valo --- drivers/net/wireless/ath/ath10k/coredump.c | 90 ++ drivers/net/wireless/ath/ath10k/coredump.h | 2 + drivers/net/wireless/ath/ath10k/pci.c | 43 ++ 3 files changed, 135 insertions(+) diff --git a/drivers/net/wireless/ath/ath10k/coredump.c b/drivers/net/wireless/ath/ath10k/coredump.c index 7173b3743b43..f90cec0ebb1c 100644 --- a/drivers/net/wireless/ath/ath10k/coredump.c +++ b/drivers/net/wireless/ath/ath10k/coredump.c @@ -701,6 +701,89 @@ static const struct ath10k_mem_region qca988x_hw20_mem_regions[] = { }, }; +static const struct ath10k_mem_region qca9984_hw10_mem_regions[] = { + { + .type = ATH10K_MEM_REGION_TYPE_DRAM, + .start = 0x40, + .len = 0x8, + .name = "DRAM", + .section_table = { + .sections = NULL, + .size = 0, + }, + }, + { + .type = ATH10K_MEM_REGION_TYPE_REG, + .start = 0x98000, + .len = 0x5, + .name = "IRAM", + .section_table = { + .sections = NULL, + .size = 0, + }, + }, + { + .type = ATH10K_MEM_REGION_TYPE_IOSRAM, + .start = 0xC, + .len = 0x4, + .name = "SRAM", + .section_table = { + .sections = NULL, + .size = 0, + }, + }, + { + .type = ATH10K_MEM_REGION_TYPE_IOREG, + .start = 0x3, + .len = 0x7000, + .name = "APB REG 1", + .section_table = { + .sections = NULL, + .size = 0, + }, + }, + { + .type = ATH10K_MEM_REGION_TYPE_IOREG, + .start = 0x3f000, + .len = 0x3000, + .name = "APB REG 2", + .section_table = { + .sections = NULL, + .size = 0, + }, + }, + { + .type = ATH10K_MEM_REGION_TYPE_IOREG, + .start = 0x43000, + .len = 0x3000, + .name = "WIFI REG", + .section_table = { + .sections = NULL, + .size = 0, + }, + }, + { + .type = ATH10K_MEM_REGION_TYPE_IOREG, + .start = 0x4A000, + .len = 0x5000, + .name = "CE REG", + .section_table = { + .sections = NULL, + .size = 0, + }, + }, + { + .type = ATH10K_MEM_REGION_TYPE_IOREG, + .start = 0x8, + .len = 0x6000, + .name = "SOC REG", + .section_table = { + .sections = NULL, + .size = 0, + }, + }, +}; + static const struct ath10k_hw_mem_layout hw_mem_layouts[] = { { .hw_id = QCA6174_HW_1_0_VERSION, @@ -758,6 +841,13 @@ static const struct ath10k_hw_mem_layout hw_mem_layouts[] = { .size = ARRAY_SIZE(qca988x_hw20_mem_regions), }, }, + { + .hw_id = QCA9984_HW_1_0_DEV_VERSION, + .region_table = { + .regions = qca9984_hw10_mem_regions, + .size = ARRAY_SIZE(qca9984_hw10_mem_regions), + }, + }, }; static u32 ath10k_coredump_get_ramdump_size(struct ath10k *ar) diff --git a/drivers/net/wireless/ath/ath10k/coredump.h b/drivers/net/wireless/ath/ath10k/coredump.h index bfee13038e59..3baaf9d2cbcd 100644 --- a/drivers/net/wireless/ath/ath10k/coredump.h +++ b/drivers/net/wireless/ath/ath10k/coredump.h @@ -124,6 +124,8 @@ enum ath10k_mem_region_type { ATH10K_MEM_REGION_TYPE_AXI = 3, ATH10K_MEM_REGION_TYPE_IRAM1= 4, ATH10K_MEM_REGION_TYPE_IRAM2= 5, + ATH10K_MEM_REGION_TYPE_IOSRAM = 6, + ATH10K_MEM_REGION_TYPE_IOREG= 7, }; /* Define a section of the region which should be copied. As not all parts diff --git a/drivers/net/wireless/ath/ath10k/pci.c b/drivers/net/wireless/ath/ath10k/pci.c index 977b7dade44e..cc42c96e3c05 100644 --- a/drivers/net/wireless/ath/ath10k/pci.c +++ b/drivers/net/wireless/ath/ath10k/pci.c @@ -57,6 +57,10 @@ MODULE_PARM_DESC(reset_mode, "0: auto, 1: warm only (default: 0)"); */ #define ATH10K_DIAG_TRANSFER_LIMIT 0x5000 +#d
[PATCH 1/2] ath10k: refactor ath10k_pci_dump_memory() in preparation for QCA9984 support
As QCA9984 needs two region types refactor the code to make it easier add the new types. No functional changes. Signed-off-by: Kalle Valo --- drivers/net/wireless/ath/ath10k/pci.c | 55 +++ 1 file changed, 36 insertions(+), 19 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/pci.c b/drivers/net/wireless/ath/ath10k/pci.c index 808f3d67ba90..977b7dade44e 100644 --- a/drivers/net/wireless/ath/ath10k/pci.c +++ b/drivers/net/wireless/ath/ath10k/pci.c @@ -1584,6 +1584,36 @@ static int ath10k_pci_set_ram_config(struct ath10k *ar, u32 config) return 0; } +/* if an error happened returns < 0, otherwise the length */ +static int ath10k_pci_dump_memory_generic(struct ath10k *ar, + const struct ath10k_mem_region *current_region, + u8 *buf) +{ + int ret; + + if (current_region->section_table.size > 0) + /* Copy each section individually. */ + return ath10k_pci_dump_memory_section(ar, + current_region, + buf, + current_region->len); + + /* No individiual memory sections defined so we can +* copy the entire memory region. +*/ + ret = ath10k_pci_diag_read_mem(ar, + current_region->start, + buf, + current_region->len); + if (ret) { + ath10k_warn(ar, "failed to copy ramdump region %s: %d\n", + current_region->name, ret); + return ret; + } + + return current_region->len; +} + static void ath10k_pci_dump_memory(struct ath10k *ar, struct ath10k_fw_crash_data *crash_data) { @@ -1642,27 +1672,14 @@ static void ath10k_pci_dump_memory(struct ath10k *ar, buf += sizeof(*hdr); buf_len -= sizeof(*hdr); - if (current_region->section_table.size > 0) { - /* Copy each section individually. */ - count = ath10k_pci_dump_memory_section(ar, - current_region, - buf, - current_region->len); - } else { - /* No individiual memory sections defined so we can -* copy the entire memory region. -*/ - ret = ath10k_pci_diag_read_mem(ar, - current_region->start, - buf, - current_region->len); - if (ret) { - ath10k_warn(ar, "failed to copy ramdump region %s: %d\n", - current_region->name, ret); + switch (current_region->type) { + default: + ret = ath10k_pci_dump_memory_generic(ar, current_region, buf); + if (ret < 0) break; - } - count = current_region->len; + count = ret; + break; } hdr->region_type = cpu_to_le32(current_region->type); -- 2.7.4
Re: [PATCH 0/9] staging: wilc1000: fix memory leaks and checkpatch reported issues
Reviewed-by: Claudiu Beznea On 23.03.2018 17:08, Ajay Singh wrote: > This patch series contains changes to fix memory leaks, avoid NULL pointer > exceptions and checkpatch reported issue fixes. > > Ajay Singh (9): > staging: wilc1000: remove unused global variables related to p2p > staging: wilc1000: avoid 'NULL' pointer access in > wilc_network_info_received() > staging: wilc1000: free allocated memory in edit and add station > functions > staging: wilc1000: free memory allocated in add wep key functions > staging: wilc1000: free allocated memory after processing > wilc_send_config_pkt() > staging: wilc1000: fix to free allocated memory in wilc_add_ptk() > staging: wilc1000: free allocated memory in wilc_add_rx_gtk() > staging: wilc1000: split handle_rcvd_gnrl_async_info() to avoid > leading tabs > staging: wilc1000: free memory allocated for general info message from > firmware > > drivers/staging/wilc1000/host_interface.c | 421 > +++--- > 1 file changed, 204 insertions(+), 217 deletions(-) >
Re: [PATCH 9/9] staging: wilc1000: free memory allocated for general info message from firmware
What happened to patch 8/9? Anyway, I can't apply this patch and it could be my fault or it could be the missing patch. I don't know... Anwyway, seems like a nice patchset. regards, dan carpenter
Re: [PATCH 4/9] staging: wilc1000: free memory allocated in add wep key functions
On Fri, Mar 23, 2018 at 08:38:53PM +0530, Ajay Singh wrote: > Free memory allocated for wep key when command enqueue is failed. > > Signed-off-by: Ajay Singh > --- > drivers/staging/wilc1000/host_interface.c | 10 +++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/drivers/staging/wilc1000/host_interface.c > b/drivers/staging/wilc1000/host_interface.c > index 1cc4c08..c958dd3 100644 > --- a/drivers/staging/wilc1000/host_interface.c > +++ b/drivers/staging/wilc1000/host_interface.c > @@ -2727,8 +2727,10 @@ int wilc_add_wep_key_bss_sta(struct wilc_vif *vif, > const u8 *key, u8 len, > msg.body.key_info.attr.wep.index = index; > > result = wilc_enqueue_cmd(&msg); > - if (result) > + if (result) { > netdev_err(vif->ndev, "STA - WEP Key\n"); > + kfree(msg.body.key_info.attr.wep.key); We should "return result;" here otherwise we'll hang when we wait_for_completion(). This is the sort of bug why I always encourage people to keep the error path and success path separate (unless they both have to unlock or free the same resources). > + } > wait_for_completion(&hif_drv->comp_test_key_block); > > return result; That way this becomes a "return 0;" instead of a "return result;". > @@ -2763,10 +2765,12 @@ int wilc_add_wep_key_bss_ap(struct wilc_vif *vif, > const u8 *key, u8 len, > > result = wilc_enqueue_cmd(&msg); > > - if (result) > + if (result) { > netdev_err(vif->ndev, "AP - WEP Key\n"); > - else > + kfree(msg.body.key_info.attr.wep.key); > + } else { > wait_for_completion(&hif_drv->comp_test_key_block); > + } > > return result; > } This code works, but it would look cleaner with "return result;". result = wilc_enqueue_cmd(&msg); if (result) { netdev_err(vif->ndev, "AP - WEP Key\n"); kfree(msg.body.key_info.attr.wep.key); return result; } wait_for_completion(&hif_drv->comp_test_key_block); return 0; I removed a blank line between the wilc_enqueue_cmd() and the error handling because they're very connected. All the success path is at indent level one so you can just glance at the function and see what it's supposed to do in the normal case. The error handling is self contained at indent level two. regards, dan carpenter
Re: [PATCH] mac80211: Fix wlan freezes under load at rekey
So I really don't know enough to properly review your patch. Just be aware that ath10k is weird about sw-crypt, maybe make sure your patch is tested on it to make sure it doesn't out-right break something. i will test it today in sta and ap mode. lets see whats the result after some hours Sebastian -- Mit freundlichen Grüssen / Regards Sebastian Gottschall / CTO NewMedia-NET GmbH - DD-WRT Firmensitz: Stubenwaldallee 21a, 64625 Bensheim Registergericht: Amtsgericht Darmstadt, HRB 25473 Geschäftsführer: Peter Steinhäuser, Christian Scheele http://www.dd-wrt.com email: s.gottsch...@dd-wrt.com Tel.: +496251-582650 / Fax: +496251-5826565
Re: [PATCH 10/12] ath10k: add bdf/cal indication support
Hi Govind, On Mon, Mar 26, 2018 at 11:11:26AM +0530, Govind Singh wrote: > Add support for bdf download and cold boot > calibration trigger qmi message support. > > Signed-off-by: Govind Singh > --- > drivers/net/wireless/ath/ath10k/qmi.c | 195 > ++ > drivers/net/wireless/ath/ath10k/qmi.h | 10 ++ > 2 files changed, 205 insertions(+) > > diff --git a/drivers/net/wireless/ath/ath10k/qmi.c > b/drivers/net/wireless/ath/ath10k/qmi.c > index a33681d..f23d0fe 100644 > --- a/drivers/net/wireless/ath/ath10k/qmi.c > +++ b/drivers/net/wireless/ath/ath10k/qmi.c > @@ -28,6 +28,7 @@ > #include > #include > #include > +#include > #include "qmi.h" > #include "qmi_svc_v01.h" > > @@ -270,6 +271,179 @@ static int ath10k_qmi_msa_ready_send_sync_msg(struct > ath10k_qmi *qmi) > return ret; > } > > +int ath10k_qmi_bdf_dnld_send_sync(struct ath10k_qmi *qmi) > +{ > + struct wlfw_bdf_download_resp_msg_v01 *resp; > + struct wlfw_bdf_download_req_msg_v01 *req; > + const struct firmware *fw_entry; > + unsigned int remaining; > + struct qmi_txn txn; > + const u8 *temp; > + int ret; > + > + req = kzalloc(sizeof(*req), GFP_KERNEL); > + if (!req) > + return -ENOMEM; > + > + resp = kzalloc(sizeof(*resp), GFP_KERNEL); > + if (!resp) { > + kfree(req); > + return -ENOMEM; > + } > + > + ret = request_firmware(&fw_entry, BDF_FILE_NAME, &qmi->pdev->dev); > + if (ret < 0) { > + pr_err("fail to load bdf: %s\n", BDF_FILE_NAME); Do we want to use the dev_* family print functions instead? For example: dev_err(&qmi->pdev->dev,"fail to load bdf: %s\n", BDF_FILE_NAME); > + goto err_req_fw; > + } > + > + temp = fw_entry->data; > + remaining = fw_entry->size; > + > + pr_debug("downloading bdf: %s, size: %u\n", > + BDF_FILE_NAME, remaining); > + > + while (remaining) { > + req->valid = 1; > + req->file_id_valid = 1; > + req->file_id = 0; > + req->total_size_valid = 1; > + req->total_size = fw_entry->size; > + req->seg_id_valid = 1; > + req->data_valid = 1; > + req->end_valid = 1; > + > + if (remaining > QMI_WLFW_MAX_DATA_SIZE_V01) { > + req->data_len = QMI_WLFW_MAX_DATA_SIZE_V01; > + } else { > + req->data_len = remaining; > + req->end = 1; > + } > + > + memcpy(req->data, temp, req->data_len); > + > + ret = qmi_txn_init(&qmi->qmi_hdl, &txn, > +wlfw_bdf_download_resp_msg_v01_ei, > +resp); > + if (ret < 0) { > + pr_err("fail to init txn for bdf download %d\n", ret); > + goto out; > + } > + > + ret = > + qmi_send_request(&qmi->qmi_hdl, NULL, &txn, > + QMI_WLFW_BDF_DOWNLOAD_REQ_V01, > + WLFW_BDF_DOWNLOAD_REQ_MSG_V01_MAX_MSG_LEN, > + wlfw_bdf_download_req_msg_v01_ei, req); > + if (ret < 0) { > + qmi_txn_cancel(&txn); > + goto err_send; > + } > + > + ret = qmi_txn_wait(&txn, WLFW_TIMEOUT * HZ); > + > + if (ret < 0) > + goto err_send; > + > + if (resp->resp.result != QMI_RESULT_SUCCESS_V01) { > + pr_err("bdf download failed, res:%d, err:%d\n", > +resp->resp.result, resp->resp.error); > + ret = resp->resp.result; > + goto err_send; > + } > + > + remaining -= req->data_len; > + temp += req->data_len; > + req->seg_id++; > + } > + > + pr_debug("bdf download request completed\n"); > + > + kfree(resp); > + kfree(req); release_firmware(fw_entry); I think we need to release firmware before return? > + return 0; > + > +err_send: > + release_firmware(fw_entry); > + > +err_req_fw: > + kfree(req); > + kfree(resp); > + > +out: > + return ret; > +} Best regards Marcus Folkesson signature.asc Description: PGP signature
[PATCH] ath10k: Suppress "Unknown eventid: 36925" warnings
FW has Smart Logging feature enabled by default for detecting failures and processing FATAL_CONDITION_EVENTID (36925 - 0x903D) back to host. Since ath10k doesn't implement the Smart Logging and FATAL CONDITION EVENT processing yet, suppressing the unknown event ID warning by moving this under ATH10K_DBG_WMI. Simulated the same issue by having associated STA powered off when ping flood was running from AP backbone. This triggerd STA KICKOUT in AP followed by FATAL CONDITION event 36925. Issue was reproduced and verified in below DUT AP mode of OpenWRT QCA9984 running 6.0.8 with FW ver 10.4-3.5.3-00053 Signed-off-by: Sathishkumar Muruganandam --- drivers/net/wireless/ath/ath10k/wmi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/wireless/ath/ath10k/wmi.c b/drivers/net/wireless/ath/ath10k/wmi.c index 58dc2189ba49..ace181403739 100644 --- a/drivers/net/wireless/ath/ath10k/wmi.c +++ b/drivers/net/wireless/ath/ath10k/wmi.c @@ -5531,6 +5531,7 @@ static void ath10k_wmi_10_4_op_rx(struct ath10k *ar, struct sk_buff *skb) case WMI_10_4_WOW_WAKEUP_HOST_EVENTID: case WMI_10_4_PEER_RATECODE_LIST_EVENTID: case WMI_10_4_WDS_PEER_EVENTID: + case WMI_10_4_DEBUG_FATAL_CONDITION_EVENTID: ath10k_dbg(ar, ATH10K_DBG_WMI, "received event id %d not implemented\n", id); break; -- 2.7.4
Re: [PATCH v2] ath10k: Implement get_expected_throughput callback
On Freitag, 23. März 2018 19:37:14 CEST Anilkumar Kolli wrote: > +static u32 ath10k_get_expected_throughput(struct ieee80211_hw *hw, > + struct ieee80211_sta *sta) > +{ > + struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv; > + > + return ewma_sta_txrate_read(&arsta->ave_sta_txrate); > +} On Freitag, 23. März 2018 19:11:48 CEST ako...@codeaurora.org wrote: > > Antonio and Felix, please correct me when this statement is incorrect. > > > > The expected_throughput as initially implemented for minstrel(_ht) is > > not > > about the raw physical bitrate but about the throughput which is > > expected for > > things running on top of the wifi link. See > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cca674d47e59665630f3005291b61bb883015fc5 > > for more details > > > > when I interpret your change correctly then your it doesn't get the > > information about packet loss or aggregation and doesn't do anything > > convert > > from raw physical rate to something the user could get see. It will > > just > > overestimate the throughput for ath10k links and thus give wrong > > information > > to routing algorithms. This could for example cause them to prefer > > links over > > ath10k based hw when mt76 would actually provide a significant better > > throughput. > > > > Beside that - why is the ave_sta_txrate only filled when with new > > information > > when someone requests the current expected_throughput via > > get_expected_throughput. I would have expected that it is filled > > everytime you > > get new information about the current rate from the firmware > > (ath10k_sta_statistics). > > > Yes. ideally it should be doing the rate avg. of all the sent packets. No, not the PHY rate average - but the "throughput avg". And the "ideally" here sounds a little bit like in "Our medical doctor would ideally not decapitate each patient but we have at least an MD". Kind regards, Sven signature.asc Description: This is a digitally signed message part.