History log of /net/wireless/scan.c
Revision Date Author Comments
21bf6954f4a0c3f852540356323deded47b6b025 24-Jun-2014 Dmitry Shmidt <dimitrysh@google.com> net: wireless: Increase scan entry expiration to fit new scan time

Change-Id: I0e23ce45d78d7c17633670973f49943a5ed6032d
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
eaac37e09b3476d2cebed2abf739f1abcca5a8fe 09-Sep-2011 jun.ho.lee <jun.ho.lee@samsung.com> net: wireless: change the expire time about each entry of scan results

Change-Id: I6e8d838d91bebc28f4cd09dcb8b9f1de775be13d
Signed-off-by: jun.ho.lee <jun.ho.lee@samsung.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2740f0cf8ec8bc7ee6a58f68841759e367dda98f 03-Sep-2014 Johannes Berg <johannes.berg@intel.com> cfg80211: add Intel Mobile Communications copyright

Our legal structure changed at some point (see wikipedia), but
we forgot to immediately switch over to the new copyright
notice.

For files that we have modified in the time since the change,
add the proper copyright notice now.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
5bc8c1f2b070bab82ed738f98ecfac725e33c57f 12-Aug-2014 Johannes Berg <johannes.berg@intel.com> cfg80211: allow passing frame type to cfg80211_inform_bss()

When using the cfg80211_inform_bss[_width]() functions drivers
cannot currently indicate whether the data was received in a
beacon or probe response. Fix that by passing a new enum that
indicates such (or unknown).

For good measure, use it in ath6kl.

Acked-by: Kalle Valo <kvalo@qca.qualcomm.com> [ath6kl]
Acked-by: Arend van Spriel <arend@broadcom.com> [brcmfmac]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
0e227084aee36b3ba27b4fc9cd9e425be6ce2ab8 12-Aug-2014 Johannes Berg <johannes.berg@intel.com> cfg80211: clarify BSS probe response vs. beacon data

There are a few possible cases of where BSS data came from:
1) only a beacon has been received
2) only a probe response has been received
3) the driver didn't report what it received (this happens when
using cfg80211_inform_bss[_width]())
4) both probe response and beacon data has been received

Unfortunately, in the userspace API, a few things weren't there:
a) there was no way to differentiate cases 1) and 4) above
without comparing the data of the IEs
b) the TSF was always from the last frame, instead of being
exposed for beacon/probe response separately like IEs

Fix this by
i) exporting a new flag attribute that indicates whether or
not probe response data has been received - this addresses (a)
ii) exporting a BEACON_TSF attribute that holds the beacon's TSF
if a beacon has been received
iii) not exporting the beacon attributes in case (3) above as that
would just lead userspace into thinking the data actually came
from a beacon when that isn't clear

To implement this, track inside the IEs struct whether or not it
(definitely) came from a beacon.

Reported-by: William Seto
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
67af9811539be83dbdc0739215d29af23c870405 18-May-2014 Emmanuel Grumbach <emmanuel.grumbach@intel.com> cfg80211: allow RSSI compensation

Channels in 2.4GHz band overlap, this means that if we
send a probe request on channel 1 and then move to channel
2, we will hear the probe response on channel 2. In this
case, the RSSI will be lower than if we had heard it on
the channel on which it was sent (1 in this case).

The firmware / low level driver can parse the channel in
the DS IE or HT IE and compensate the RSSI so that it will
still have a valid value even if we heard the frame on an
adjacent channel. This can be done up to a certain offset.

Add this offset as a configuration for the low level driver.
A low level driver that can compensate the low RSSI in this
case should assign the maximal offset for which the RSSI
value is still valid.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
792e6aa7a15ea0fb16f8687e93caede1ea9118c7 30-Apr-2014 Eliad Peller <eliad@wizery.com> cfg80211: add cfg80211_sched_scan_stopped_rtnl

Add locked-version for cfg80211_sched_scan_stopped.
This is used for some users that might want to
call it when rtnl is already locked.

Fixes: d43c6b6 ("mac80211: reschedule sched scan after HW restart")
Cc: stable@vger.kernel.org (3.14+)
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
f26cbf401be935eec13da6fca7088b50d797d78b 20-Apr-2014 Zhao, Gang <gamerh2o@gmail.com> cfg80211: change wiphy_to_dev function name

Name wiphy_to_rdev is more accurate to describe what the function
does, i.e., return a pointer pointing to struct
cfg80211_registered_device.

Signed-off-by: Zhao, Gang <gamerh2o@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
1b8ec87aa077c527c9e3525e16098ca7efbc853d 20-Apr-2014 Zhao, Gang <gamerh2o@gmail.com> cfg80211: change registered device pointer name

Name "dev" is too common and ambiguous, let all the pointer name
pointing to struct cfg80211_registered_device be "rdev". This can
improve code readability and consistency(since other places have
already called it rdev).

Signed-off-by: Zhao, Gang <gamerh2o@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
c14a74007f3712413140b5d06d4f7691234a8d3b 09-Apr-2014 Johannes Berg <johannes.berg@intel.com> cfg80211: ignore invalid BSSIDs when looking for BSSes

When looking for a BSS matching given parameters, ignore invalid
BSSIDs. This avoids, for example, trying to join an IBSS that has
a multicast BSSID, which isn't supported by all drivers nor is it
a valid configuration of the IBSS so better create a new one with
a correctly chosen random BSSID.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
96998e3a2f6aeb6e7d91f6b1ced98d4b903d75fd 09-Apr-2014 Zhao, Gang <gamerh2o@gmail.com> cfg80211: remove unused wiphy argument from cfg80211_wext_freq()

cfg80211_wext_freq() is declared in wext-compat.h, but its
parameter struct wiphy's declaration is not included there.
As the parameter isn't used, just remove it.

Signed-off-by: Zhao, Gang <gamerh2o@gmail.com>
[remove parameter instead of changing to netdev]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
4da64622131b6b0cd1211e220dc88cc15007b59d 19-Mar-2014 Zhao, Gang <gamerh2o@gmail.com> cfg80211: remove unnecessary check

RCU pointer bss->pub.beacon_ies is checked before in previous
statement:

if (rcu_access_pointer(bss->pub.beacon_ies))
continue;

There is no need to check it twice(and in the wrong way :) ).

Signed-off-by: Zhao, Gang <gamerh2o@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
3afc2167f60a327a2c1e1e2600ef209a3c2b75b7 04-Mar-2014 Emmanuel Grumbach <emmanuel.grumbach@intel.com> cfg80211/mac80211: ignore signal if the frame was heard on wrong channel

On 2.4Ghz band, the channels overlap since the delta
between different channels is 5Mhz while the width of the
receiver is 20Mhz (at least).

This means that we can hear beacons or probe responses from
adjacent channels. These frames will have a significant
lower RSSI which will feed all kinds of logic with inaccurate
data. An obvious example is the roaming algorithm that will
think our AP is getting weak and will try to move to another
AP.

In order to avoid this, update the signal only if the frame
has been heard on the same channel as the one advertised by
the AP in its DS / HT IEs.
We refrain from updating the values only if the AP is
already in the BSS list so that we will still have a valid
(but inaccurate) value if the AP was heard on an adjacent
channel only.

To achieve this, stop taking the channel from DS / HT IEs
in mac80211. The DS / HT IEs is taken into account to
discard the frame if it was received on a disabled channel.
This can happen due to the same phenomenon: the frame is
sent on channel 12, but heard on channel 11 while channel
12 can be disabled on certain devices. Since this check
is done in cfg80211, stop even checking this in mac80211.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
[remove unused rx_freq variable]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
f9d15d162b3acf28f85b3ac05c4883e5ed588d28 22-Jan-2014 Johannes Berg <johannes.berg@intel.com> cfg80211: send scan results from work queue

Due to the previous commit, when a scan finishes, it is in theory
possible to hit the following sequence:
1. interface starts being removed
2. scan is cancelled by driver and cfg80211 is notified
3. scan done work is scheduled
4. interface is removed completely, rdev->scan_req is freed,
event sent to userspace but scan done work remains pending
5. new scan is requested on another virtual interface
6. scan done work runs, freeing the still-running scan

To fix this situation, hang on to the scan done message and block
new scans while that is the case, and only send the message from
the work function, regardless of whether the scan_req is already
freed from interface removal. This makes step 5 above impossible
and changes step 6 to be
5. scan done work runs, sending the scan done message

As this can't work for wext, so we send the message immediately,
but this shouldn't be an issue since we still return -EBUSY.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
bdfbec2d2d240e9c528caae9c743801629b60166 09-Jan-2014 Ilan Peer <ilan.peer@intel.com> cfg80211: Add a function to get the number of supported channels

Add a utility function to get the number of channels supported by
the device, and update the places in the code that need this data.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
[replace another occurrence in libertas, fix kernel-doc, fix bugs]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
4a58e7c38443154fce1b47910e1a9184f65c5d72 05-Dec-2013 Eliad Peller <eliad@wizery.com> cfg80211: don't "leak" uncompleted scans

___cfg80211_scan_done() can be called in some cases
(e.g. on NETDEV_DOWN) before the low level driver
notified scan completion (which is indicated by
passing leak=true).

Clearing rdev->scan_req in this case is buggy, as
scan_done_wk might have already being queued/running
(and can't be flushed as it takes rtnl()).

If a new scan will be requested at this stage, the
scan_done_wk will try freeing it (instead of the
previous scan), and this will later result in
a use after free.

Simply remove the "leak" option, and replace it with
a standard WARN_ON.

An example backtrace after such crash:
Unable to handle kernel paging request at virtual address fffffee5
pgd = c0004000
[fffffee5] *pgd=9fdf6821, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] SMP ARM
PC is at cfg80211_scan_done+0x28/0xc4 [cfg80211]
LR is at __ieee80211_scan_completed+0xe4/0x2dc [mac80211]
[<bf0077b0>] (cfg80211_scan_done+0x28/0xc4 [cfg80211])
[<bf0973d4>] (__ieee80211_scan_completed+0xe4/0x2dc [mac80211])
[<bf0982cc>] (ieee80211_scan_work+0x94/0x4f0 [mac80211])
[<c005fd10>] (process_one_work+0x1b0/0x4a8)
[<c0060404>] (worker_thread+0x138/0x37c)
[<c0066d70>] (kthread+0xa4/0xb0)

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
79845c662eeb95c9a180b9bd0d3ad848ee65b94c 21-Oct-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: fix scheduled scan pointer access

Since rdev->sched_scan_req is dereferenced outside the
lock protecting it, this might be done at the wrong
time, causing crashes. Move the dereference to where
it should be - inside the RTNL locked section.

Cc: stable@vger.kernel.org [3.8+]
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
1372a298ea4f2772655b2e69caa634f132f1d019 02-Sep-2013 Joe Perches <joe@perches.com> wireless: scan: Remove comment to compare_ether_addr

This function is being removed, so remove the reference to it.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
dcd6eac1f3b5fa1df11dfa99da0cf75b76cfef97 08-Jul-2013 Simon Wunderlich <simon.wunderlich@s2003.tu-chemnitz.de> nl80211: add scan width to bss and scan request structs

To allow scanning and working with 5 MHz and 10 MHz BSS, extend the
inform bss commands and add wrappers to take 5 and 10 MHz bss into
account.

Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-off-by: Mathias Kretschmer <mathias.kretschmer@fokus.fraunhofer.de>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
0e3a39b5620bc84f25ffb0592b05b0350e8b0520 19-Jun-2013 Ben Greear <greearb@candelatech.com> wireless: add comments about bss refcounting

Should help the next person that tries to understand
the bss refcounting logic.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
5fe231e873729fa2f57cdc417d5c1f80871e2d7d 08-May-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: vastly simplify locking

Virtually all code paths in cfg80211 already (need to) hold
the RTNL. As such, there's little point in having another
four mutexes for various parts of the code, they just cause
lock ordering issues (and much of the time, the RTNL and a
few of the others need thus be held.)

Simplify all this by getting rid of the extra four mutexes
and just use the RTNL throughout. Only a few code changes
were needed to do this and we can get rid of a work struct
for bonus points.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
9f419f3851041e0c8170629f0639813dbfc79d5e 08-May-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: move cfg80211_get_dev_from_ifindex under wext

The function is only used and needed by the wext code
for scanning, so move it there.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
f9f475292dbb0e7035fb6661d1524761ea0888d9 19-Mar-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: always check for scan end on P2P device

If a P2P device wdev is removed while it has a scan, then the
scan completion might crash later as it is already freed by
that time. To avoid the crash always check the scan completion
when the P2P device is being removed for some reason. If the
driver already canceled it, don't want and free it, otherwise
warn and leak it to avoid later crashes.

In order to do this, locking needs to be changed away from the
rdev mutex (which can't always be guaranteed). For now, use
the sched_scan_mtx instead, I'll rename it to just scan_mtx in
a later patch.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
1345ee6a6d90813f972379fad8b75f17026fc8b2 06-Mar-2013 Johannes Berg <johannes@sipsolutions.net> cfg80211: fix potential BSS memory leak and update

In the odd case that while updating information from a beacon,
a BSS was found that is part of a hidden group, we drop the
new information. In this case, however, we leak the IE buffer
from the update, and erroneously update the entry's timestamp
so it will never time out. Fix both these issues.

Cc: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
04f39047af2a6df64b763ea5a271db24879d0391 08-Feb-2013 Simon Wunderlich <simon.wunderlich@s2003.tu-chemnitz.de> nl80211/cfg80211: add radar detection command/event

Add new NL80211_CMD_RADAR_DETECT, which starts the Channel
Availability Check (CAC). This command will also notify the
usermode about events (CAC finished, CAC aborted, radar
detected, NOP finished).
Once radar detection has started it should continuously
monitor for radars as long as the channel is active.

This patch enables DFS for AP mode in nl80211/cfg80211.

Based on original patch by Victor Goldenshtein <victorg@ti.com>

Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
[remove WIPHY_FLAG_HAS_RADAR_DETECT again -- my mistake]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
6719429dd61cde1fe30d9644d0aa2369eefc9005 12-Feb-2013 Luciano Coelho <coelho@ti.com> cfg80211: check vendor IE length to avoid overrun

cfg80211_find_vendor_ie() was checking only that the vendor IE would
fit in the remaining IEs buffer. If a corrupt includes a vendor IE
that is too small, we could potentially overrun the IEs buffer.

Fix this by checking that the vendor IE fits in the reported IE length
field and skip it otherwise.

Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Luciano Coelho <coelho@ti.com>
[change BUILD_BUG_ON to != 1 (from >= 2)]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8cef2c9df88fdd13f518e6607de9d664b31f26cc 05-Feb-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: move TSF into IEs

While technically the TSF isn't an IE, it can be
necessary to distinguish between the TSF from a
beacon and a probe response, in particular in
order to know the next DTIM TBTT, as not all APs
are spec compliant wrt. TSF==0 being a DTIM TBTT
and thus the DTIM count needs to be taken into
account as well.

To allow this, move the TSF into the IE struct
so it can be known whence it came.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
83c7aa1a1475ae1c42640ab6e4559016142efc67 05-Feb-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: remove scan ies NULL check

There's no way scan BSS IEs can be NULL as even
if the allocation fails the frame is discarded.
Remove some code checking for this and document
that it is always non-NULL.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
776b3580178f2065838fa0db0eb7a41b57495c0a 01-Feb-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: track hidden SSID networks properly

Currently, cfg80211 will copy beacon IEs from a previously
received hidden SSID beacon to a probe response entry, if
that entry is created after the beacon entry. However, if
it is the other way around, or if the beacon is updated,
such changes aren't propagated.

Fix this by tracking the relation between the probe
response and beacon BSS structs in this case.

In case drivers have private data stored in a BSS struct
and need access to such data from a beacon entry, cfg80211
now provides the hidden_beacon_bss pointer from the probe
response entry to the beacon entry.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
5b112d3d098c97b867cc580f590395cd1e72f18c 01-Feb-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: pass wiphy to cfg80211_ref_bss/put_bss

This prepares for using the spinlock instead of krefs
which is needed in the next patch to track the refs
of combined BSSes correctly.

Acked-by: Bing Zhao <bzhao@marvell.com> [mwifiex]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
0532d4f154b87da6361ab90d12f35142d5119dc1 01-Feb-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: wrap BSS kref

Add inline wrappers for the BSS struct krefs
to be able to extend them easily later.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
9537f227b44762591a5598b79522789c573d34b3 01-Feb-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: remove a local variable

This local variable is only used once, so remove it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
4b1af4792a2aa686483fc9bb2155f7269fa6399c 01-Feb-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: use lockdep to assert lock is held

Instead of annotating with a comment, add a lockdep
annotation which also serves as documentation.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2ca813ad61136896c91a40194452ff665a522711 01-Feb-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: move locking into cfg80211_bss_age

There's no reason for it to require external
locking, move it into the function.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
50521aa8817e3f6a77eb7aaabdbbb7b5c2fe0ea3 30-Jan-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: fix BSS IE allocation comment

The comment about allocating the IEs together with
the BSS struct is no longer true, remove it. Also
fix a typo in the same area.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
37e0838117084eb957fdf124bf555f4b9933a5a5 30-Jan-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: remove unused cfg80211_get_mesh

As Thomas pointed out, cfg80211_get_mesh() is
unused and can be removed.

Cc: Thomas Pedersen <thomas@cozybit.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
3af6341c5378d1ed0905614575ee9ee2e5522c81 30-Jan-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: simplify mesh BSS comparison

Instead of first checking if a BSS is an MBSS
and then doing the comparisons, inline it all
into the BSS comparison function. This avoids
doing the IE searches twice and is also a lot
less code.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
4593c4cbe1c96b3995727dc42f6aa103f4ff5afc 01-Feb-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: fix BSS list hidden SSID lookup

When trying to find a hidden SSID, the lookup function
is done wrong; the code is trying to combine the two
lookups into one, and as a consequence doesn't always
find the entry at all. To understand this, consider a
case where multiple BSS entries with the same channel
and BSSID exist but have different SSID length. Then
comparing against the probe response SSID length is
bound to cause problems since the hidden one might be
either zeroed out or zero-length.

To fix this we need to do two lookups for the two ways
to hide SSIDs.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
5622f5bb8dd3cafe0e56014ed03e31957d1b4a03 30-Jan-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: refactor hidden SSID finding

Instead of duplicating the rbtree functions, pass
an argument to the compare function. This removes
the code duplication for the two searches.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
3ff9a827c683353b9826ef57366b0f313acc21b0 29-Jan-2013 Johannes Berg <johannes.berg@intel.com> cfg80211: remove free_priv BSS API

Now that mac80211 no longer uses this API, remove
it completely. If anyone needs it again, we can
revert this patch of course, but mac80211 was the
only user right now.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
c49dc9008b1c641a86837297df7c90cef070571b 24-Jan-2013 Dan Carpenter <dan.carpenter@oracle.com> cfg80211: off by one in ieee80211_bss()

We do a:

sprintf(buf, " Last beacon: %ums ago",
elapsed_jiffies_msecs(bss->ts));

elapsed_jiffies_msecs() can return a 10 digit number so "buf" needs to
be 31 characters long.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
9caf03640279e64d0ba36539b42daa1b43a49486 29-Nov-2012 Johannes Berg <johannes.berg@intel.com> cfg80211: fix BSS struct IE access races

When a BSS struct is updated, the IEs are currently
overwritten or freed. This can lead to races if some
other CPU is accessing the BSS struct and using the
IEs concurrently.

Fix this by always allocating the IEs in a new struct
that holds the data and length and protecting access
to this new struct with RCU.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
f94f8b168cf2e46da180bbba2afd626d7af0579d 28-Nov-2012 Johannes Berg <johannes.berg@intel.com> cfg80211: fix cmp_hidden_bss

The cmp_bss() comparator function uses memcmp() to
compare the SSID. This means that cmp_hidden_bss()
needs to similarly return a number bigger than zero
(use 1) instead of -1 when ie1 is bigger than ie2,
which is the case if an ie2 byte is non-zero.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
915de2ff4a79f1f98362035060777b6c8ce889bb 28-Nov-2012 Johannes Berg <johannes.berg@intel.com> cfg80211: fix whitespace in scan handling

Fix a number of indentation and similar issues.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
b629ea3db4c0da4465ffa532914e4a3081f93cdf 28-Nov-2012 Johannes Berg <johannes.berg@intel.com> cfg80211: don't BUG_ON BSS struct issues

There's no need to stop the machine, just leak
the BSS entry if there's an issue with its hold
counter when freeing.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
0172bb75073e11a5aa9d8a953bdaefb8709f00c8 23-Nov-2012 Johannes Berg <johannes.berg@intel.com> cfg80211: use DS or HT operation IEs to determine BSS channel

Currently, mac80211 checks the DS params IE if present and
uses it for the (primary) BSS channel, instead of the one
that the frame was received on. This is particularly useful
in the 2.4 GHz band since a frame is often received on one
of the adjacent channels due to overlap.

Move this code to cfg80211 so other drivers also do this.

Additionally, on 5 GHz, in particular with some (possibly)
upcoming changes in 802.11ai and duplicate transmissions
when wider channels are used, something similar happens.
So if present, also use the (primary) channel information
contained in the HT operation IE.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
4ee3e063f10acf6fd17c0ee6f1d0a95726e74cb2 26-Aug-2012 Beni Lev <beni.lev@intel.com> cfg80211: add cfg80211 exported function tracing

Also add tracing to the API functions that drivers
(and mac80211) can call in cfg80211.

Signed-off-by: Beni Lev <beni.lev@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
e35e4d28b687d4e849573419fdcf90f1cce2a14c 27-Jun-2012 Hila Gonen <hila.gonen@intel.com> cfg80211: add wrappers for registered_device_ops

This will allow adding central tracing like in mac80211.

Signed-off-by: Hila Gonen <hila.gonen@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
15d6030b4bec618742b8b9ccae9209c8f9e4a916 12-Oct-2012 Sam Leffler <sleffler@chromium.org> cfg80211: add support for flushing old scan results

Add an NL80211_SCAN_FLAG_FLUSH flag that causes old bss cache
entries to be flushed on scan completion. This is useful for
collecting guaranteed fresh scan/survey result (e.g. on resume).

For normal scan, flushing only happens on successful completion
of a scan; i.e. it does not happen if the scan is aborted.
For scheduled scan, previous scan results are flushed everytime
when we get new scan results.

This feature is enabled by default. Drivers can disable it by
unsetting the NL80211_FEATURE_SCAN_FLUSH flag.

Signed-off-by: Sam Leffler <sleffler@chromium.org>
Tested-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
[invert polarity of feature flag to account for old kernels]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
e8e27c668bf5977d9fe1a64d0b69598ff9e292b7 12-Oct-2012 Amitkumar Karwar <akarwar@marvell.com> cfg80211: code rearrangement to avoid forward declarations

bss_release() and __cfg80211_unlink_bss() function definitions
are moved at the begining of the file. They are used in next
patch in this series.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
768be59f30f2ee8958ba3718101162c694efab12 26-Aug-2012 Hila Gonen <hila.gonen@intel.com> cfg80211: fix indentation

checkpatch pointed out an issue, fix it.

Signed-off-by: Hila Gonen <hila.gonen@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
fd0142844efa85d89017c89227a0f03de1eee327 18-Jun-2012 Johannes Berg <johannes.berg@intel.com> nl80211: move scan API to wdev

The new P2P Device will have to be able to scan for
P2P search, so move scanning to use struct wireless_dev
instead of struct net_device.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
ac422d3cc25351819ec80b7e2852fd2c600c317c 08-May-2012 Joe Perches <joe@perches.com> wireless: Convert compare_ether_addr to ether_addr_equal

Use the new bool function ether_addr_equal to add
some clarity and reduce the likelihood for misuse
of compare_ether_addr for sorting.

I removed a conversion from scan.c/cmp_bss_core
that appears to be a sorting function.

Done via cocci script:

$ cat compare_ether_addr.cocci
@@
expression a,b;
@@
- !compare_ether_addr(a, b)
+ ether_addr_equal(a, b)

@@
expression a,b;
@@
- compare_ether_addr(a, b)
+ !ether_addr_equal(a, b)

@@
expression a,b;
@@
- !ether_addr_equal(a, b) == 0
+ ether_addr_equal(a, b)

@@
expression a,b;
@@
- !ether_addr_equal(a, b) != 0
+ !ether_addr_equal(a, b)

@@
expression a,b;
@@
- ether_addr_equal(a, b) == 0
+ !ether_addr_equal(a, b)

@@
expression a,b;
@@
- ether_addr_equal(a, b) != 0
+ ether_addr_equal(a, b)

@@
expression a,b;
@@
- !!ether_addr_equal(a, b)
+ ether_addr_equal(a, b)

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
ef9456a85dabe2222a4cb80fe8eef6361170c55d 30-Apr-2012 Emmanuel Grumbach <emmanuel.grumbach@intel.com> cfg80211: fix BSS comparison

Since the BSS table is organized in a RB tree, the BSSs need to be
comparable. This means that we must define a < and > operator to
the BSS object.
compare_ethr_addr isn't enough since it returns only a binary value.

Since Felix's

cfg80211: use compare_ether_addr on MAC addresses instead of memcmp

Because of the constant size and guaranteed 16 bit alignment, the inline
compare_ether_addr function is much cheaper than calling memcmp.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

The BSS table is corrupted: rb_find_bss can't find the bss.
As a result BSSes are duplicated in the BSS table, and we get stuck
while probing an AP before associating (in STA mode).

Change-Id: I85928756f4328028230832c1565ece7f412f3843
CC: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Acked-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
f9616e0f8828fba6c06d1feff1c26eaf049b1e8a 13-Apr-2012 Rajkumar Manoharan <rmanohar@qca.qualcomm.com> cfg80211: increse bss expire time

The background scan completion takes more time when the station is
having heavy uplink traffic. The scan state machine decides to fall
back to home channel on every off-channel visit when there are pending
frames in tx queue. bgscan completion took ~30sec on dual band US
regulatory card.

scan period = (20 active channels * probe timeout) +
(12 passive channels * passive probe timeout) +
(32 * timeout on home channel) +
(32 * flush timeout)

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
c6fb08aaa879d1a70ed01e9ac1080066abf7ef78 18-Mar-2012 Felix Fietkau <nbd@openwrt.org> cfg80211: use compare_ether_addr on MAC addresses instead of memcmp

Because of the constant size and guaranteed 16 bit alignment, the inline
compare_ether_addr function is much cheaper than calling memcmp.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
7b8bcff2e0f11981dd6840f9feefe0914e4ea521 13-Mar-2012 Johannes Berg <johannes.berg@intel.com> cfg80211: clarify timestamp in cfg80211_inform_bss

This is intended to be the timestamp sent by the
peer in the beacon/probe response, not any form
of host timestamp. Clarify the documentation and
variable names.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
4c0c0b75e0c35ddb8f61c06bcbffede63ab4f4a2 20-Jan-2012 Johannes Berg <johannes.berg@intel.com> cfg80211: export cfg80211_ref_bss

This is needed by mac80211 to keep a reference
to a BSS alive for the auth process. Remove the
old version of cfg80211_ref_bss() since it's
not actually used.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
dd9dfb9f95e2141db672eb12a1d71892e9e481fb 04-Nov-2011 Dmitry Tarnyagin <abi.dmitryt@gmail.com> cfg80211: merge in beacon ies of hidden bss.

The problem with PSM when a hidden SSID was used was originally
reported by Juuso Oikarinen.

- When generally scanning, the AP is getting a bss entry with
a zero SSID.
- When associating, a probe-req is sent to the AP with the SSID,
and as a result a probe-response is received with the hidden
SSID in place. As a consequence, a second bss entry is created
for the AP, now with the real SSID.
- After association, mac80211 executes ieee80211_recalc_ps(),
but does not switch to powersave because the beacon-ies are missing.

As result, the STA does not ever enter PSM.

The patch merges in beacon ies of hidden bss from beacon to the probe
response, creating a consistent set of ies in place.

Patch is depended on "cfg80211: fix cmp_ies" made by Johannes.

Signed-off-by: Dmitry Tarnyagin <dmitry.tarnyagin@stericsson.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
3b6ef6334febb05d3050a96546e635f038dbcb15 04-Nov-2011 Johannes Berg <johannes.berg@intel.com> cfg80211: fix cmp_ies

When comparing two items by IE, the sort order
wasn't stable, which could lead to issues in the
rbtree. Make it stable by making a missing IE
sort before a present IE.

Also sort by length first if it differs and then
by contents.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
0c28ec587a2f061b93a98ac02a53b4152cbe48f4 15-Sep-2011 Eliad Peller <eliad@wizery.com> cfg80211: add cfg80211_find_vendor_ie() function

Add function to find vendor-specific ie (along with
vendor-specific ie struct definition and P2P OUI values)

Signed-off-by: Eliad Peller <eliad@wizery.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
262eb9b2237ecee047451a636e799ea1572b685a 13-Jul-2011 Johannes Berg <johannes.berg@intel.com> cfg80211: split wext compatibility to separate header

A lot of drivers erroneously use wext constants
and don't notice since cfg80211.h includes them.
Make this more split up so drivers needing wext
compatibility from cfg80211 need to explicitly
include that from cfg80211-wext.h.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
a401d2bb363d942245acdd81c5b5a754011696ee 20-Jul-2011 Johannes Berg <johannes.berg@intel.com> cfg80211: fix scan crash on single-band cards

commit 58389c69150e6032504dfcd3edca6b1975c8b5bc
Author: Johannes Berg <johannes.berg@intel.com>
Date: Mon Jul 18 18:08:35 2011 +0200

cfg80211: allow userspace to control supported rates in scan

made single-band cards crash since it would always
access all wiphy->bands[]. Fix this and reject any
attempts in the new helper ieee80211_get_ratemask()
to do the same, rejecting rates configuration for
unsupported bands.

Reported-by: Pavel Roskin <proski@gnu.org>
Tested-by: Pavel Roskin <proski@gnu.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
34850ab25d74ab4eead62c3b4a9e8036a25cc669 18-Jul-2011 Johannes Berg <johannes.berg@intel.com> cfg80211: allow userspace to control supported rates in scan

Some P2P scans are not allowed to advertise
11b rates, but that is a rather special case
so instead of having that, allow userspace
to request the rate sets (per band) that are
advertised in scan probe request frames.

Since it's needed in two places now, factor
out some common code parsing a rate array.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
1a84ff7564ae43dd1ea20e17f867de2700ca5b5b 08-Jul-2011 Luciano Coelho <coelho@ti.com> cfg80211: return -ENOENT when stopping sched_scan while not running

If we try to stop a scheduled scan while it is not running, we should
return -ENOENT instead of simply ignoring the command and returning
success. This is more consistent with other parts of the code.

Reported-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
3b4670ffe7824d1fc4db2f73101015056ecb4415 29-Jun-2011 Jesper Juhl <jj@chaosbits.net> net, wireless: Don't return uninitialized in __cfg80211_stop_sched_scan()

If the 'driver_initiated' function argument to
__cfg80211_stop_sched_scan() is not 0 then we'll return an
uninitialized 'err' from the function.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
c10841ca722a0bc960dc541c51582773f9a24f98 30-Jun-2011 Luciano Coelho <coelho@ti.com> cfg80211: fix deadlock with rfkill/sched_scan by adding new mutex

There was a deadlock when rfkill-blocking a wireless interface,
because we were locking the rdev mutex on NETDEV_GOING_DOWN to stop
sched_scans that were eventually running. The rfkill block code was
already holding a mutex under rdev:

kernel: =======================================================
kernel: [ INFO: possible circular locking dependency detected ]
kernel: 3.0.0-rc1-00049-g1fa7b6a #57
kernel: -------------------------------------------------------
kernel: kworker/0:1/4525 is trying to acquire lock:
kernel: (&rdev->mtx){+.+.+.}, at: [<ffffffff8164c831>] cfg80211_netdev_notifier_call+0x131/0x5b0
kernel:
kernel: but task is already holding lock:
kernel: (&rdev->devlist_mtx){+.+.+.}, at: [<ffffffff8164dcef>] cfg80211_rfkill_set_block+0x4f/0xa0
kernel:
kernel: which lock already depends on the new lock.

To fix this, add a new mutex specifically for sched_scan, to protect
the sched_scan_req element in the rdev struct, instead of using the
global rdev mutex.

Reported-by: Duane Griffin <duaneg@dghda.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
333ba7325213f0a09dfa5ceeddb056d6ad74b3b5 29-May-2011 Eliad Peller <eliad@wizery.com> cfg80211: don't drop p2p probe responses

Commit 0a35d36 ("cfg80211: Use capability info to detect mesh beacons")
assumed that probe response with both ESS and IBSS bits cleared
means that the frame was sent by a mesh sta.

However, these capabilities are also being used in the p2p_find phase,
and the mesh-validation broke it.

Rename the WLAN_CAPABILITY_IS_MBSS macro, and verify that mesh ies
exist before assuming this frame was sent by a mesh sta.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
85a9994a0a6cba1a6cc6af4bd3ebd85f778be0fe 12-May-2011 Luciano Coelho <coelho@ti.com> cfg80211/mac80211: avoid bounce back mac->cfg->mac on sched_scan_stopped

When sched_scan_stopped was called by the driver, mac80211 calls
cfg80211, which in turn was calling mac80211 back with a flag
"driver_initiated". This flag was used so that mac80211 would do the
necessary cleanup but would not call the driver. This was enough to
prevent the bounce back between the driver and mac80211, but not
between mac80211 and cfg80211.

To fix this, we now do the cleanup in mac80211 before calling
cfg80211. To help with locking issues, the workqueue was moved from
cfg80211 to mac80211.

Reported-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
807f8a8c300435d5483e8d78df9dcdbc27333166 11-May-2011 Luciano Coelho <coelho@ti.com> cfg80211/nl80211: add support for scheduled scans

Implement new functionality for scheduled scan offload. With this feature we
can scan automatically at certain intervals.

The idea is that the hardware can perform scan automatically and filter on
desired results without waking up the host unnecessarily.

Add NL80211_CMD_START_SCHED_SCAN and NL80211_CMD_STOP_SCHED_SCAN
commands to the nl80211 interface. When results are available they are
reported by NL80211_CMD_SCHED_SCAN_RESULTS events. The userspace is
informed when the scheduled scan has stopped with a
NL80211_CMD_SCHED_SCAN_STOPPED event, which can be triggered either by
the driver or by a call to NL80211_CMD_STOP_SCHED_SCAN.

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
0a35d36d6f019bde6c98812456798275b02e5aee 04-May-2011 Javier Cardona <javier@cozybit.com> cfg80211: Use capability info to detect mesh beacons.

Mesh beacons no longer use all-zeroes BSSID. Beacon frames for MBSS,
infrastructure BSS, or IBSS are differentiated by the Capability
Information field in the Beacon frame. A mesh STA sets the ESS and IBSS
subfields to 0 in transmitted Beacon or Probe Response management
frames.

Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2b78ac9bfc7483ba4bda9ad3d10dd4afcf88337c 28-Mar-2011 Juuso Oikarinen <juuso.oikarinen@nokia.com> cfg80211: fix BSS double-unlinking (continued)

This patch adds to the fix "fix BSS double-unlinking"
(commit 3207390a8b58bfc1335750f91cf6783c48ca19ca) by Johannes Berg.

It turns out, that the double-unlinking scenario can also occur if expired
BSS elements are removed whilst an interface is performing association.

To work around that, replace list_del with list_del_init also in the
"cfg80211_bss_expire" function, so that the check for whether the BSS still is
in the list works correctly in cfg80211_unlink_bss.

Signed-off-by: Juuso Oikarinen <juuso.oikarinen@nokia.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
bef9bacc4ec7ea6a02876164cd6ccaa4759edce4 26-Mar-2011 Mariusz Kozlowski <mk@lab.zgora.pl> cfg80211:: fix possible NULL pointer dereference

In cfg80211_inform_bss_frame() wiphy is first dereferenced on privsz
initialisation and then it is checked for NULL. This patch fixes that.

Signed-off-by: Mariusz Kozlowski <mk@lab.zgora.pl>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
01123e233193a544c85b622e1690f44532052c5b 09-Dec-2010 Sven Neumann <s.neumann@raumfeld.com> cfg80211: update information elements in cached BSS struct

When a cached BSS struct is updated because a new beacon was received,
the code replaces the cached information elements by the IEs from the
new beacon. However it did not update the pub.information_elements
and pub.len_information_elements fields leaving them either pointing
to the old beacon IEs or in an inconsistent state where the data is
replaced by the new beacon IEs but len_information_elements still has
its value from the first beacon.

Fix this by updating the information elements fields if they are
pointing to beacon IEs.

Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
3207390a8b58bfc1335750f91cf6783c48ca19ca 06-Oct-2010 Johannes Berg <johannes.berg@intel.com> cfg80211: fix BSS double-unlinking

When multiple interfaces are actively trying
to associate with the same BSS, they may both
find that the BSS isn't there and then try to
unlink it. This can cause errors since the
unlinking code can't currently deal with items
that have already been unlinked.

Normally this doesn't happen as most people
don't try to use multiple station interfaces
that associate at the same time too.

Fix this by using the list entry as a flag to
see if the item is still on a list.

Cc: stable@kernel.org
Reported-by: Ben Greear <greearb@candelatech.com>
Tested-by: Hun-Kyi Wynn <hkwynn@candelatech.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
ccb6c1360f8dd43303c659db718e7e0b24175db5 13-Jul-2010 Johannes Berg <johannes.berg@intel.com> cfg80211: don't get expired BSSes

When kernel-internal users use cfg80211_get_bss()
to get a reference to a BSS struct, they may end
up getting one that would have been removed from
the list if there had been any userspace access
to the list. This leads to inconsistencies and
problems.

Fix it by making cfg80211_get_bss() ignore BSSes
that cfg80211_bss_expire() would remove.

Fixes http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2180

Cc: stable@kernel.org
Reported-by: Jiajia Zheng <jiajia.zheng@intel.com>
Tested-by: Jiajia Zheng <jiajia.zheng@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
22fe88d3d85850267ff4535b465794a5768f868a 13-May-2010 Sujith <Sujith.Manoharan@atheros.com> cfg80211: Fix signal_type comparison

signal_type is enum cfg80211_signal_type.

This fixes the gcc warning:

scan.c: In function `cfg80211_inform_bss':
scan.c:518:6: warning: comparison between `enum cfg80211_signal_type' and `enum nl80211_bss'
scan.c: In function `cfg80211_inform_bss_frame':
scan.c:574:6: warning: comparison between `enum cfg80211_signal_type' and `enum nl80211_bss'

Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
5a0e3ad6af8660be21ca98a971cd00f331318c05 24-Mar-2010 Tejun Heo <tj@kernel.org> include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h

percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.

percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.

http://userweb.kernel.org/~tj/misc/slabh-sweep.py

The script does the followings.

* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.

* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.

* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.

The conversion was done in the following steps.

1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.

2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.

3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.

4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.

5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.

6. percpu.h was updated not to include slab.h.

7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).

* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig

8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.

Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.

Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
c21dbf9214bce129f92e1af05552553ff0e318ed 26-Jan-2010 Johannes Berg <johannes@sipsolutions.net> cfg80211: export cfg80211_find_ie

This new function (previously a static function
called just "find_ie" can be used to find a
specific IE in a buffer of IEs.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
34a6eddbabd704b3c7dae9362234552267573be2 06-Jan-2010 Jouni Malinen <j@w1.fi> cfg80211: Store IEs from both Beacon and Probe Response frames

Store information elements from Beacon and Probe Response frames in
separate buffers to allow both sets to be made available through
nl80211. This allows user space applications to get access to IEs from
Beacon frames even if we have received Probe Response frames from the
BSS. Previously, the IEs from Probe Response frames would have
overridden the IEs from Beacon frames.

This feature is of somewhat limited use since most protocols include
the same (or extended) information in Probe Response frames. However,
there are couple of exceptions where the IEs from Beacon frames could
be of some use: TIM IE is only included in Beacon frames (and it would
be needed to figure out the DTIM period used in the BSS) and at least
some implementations of Wireless Provisioning Services seem to include
the full IE only in Beacon frames).

The new BSS attribute for scan results is added to allow both the IE
sets to be delivered. This is done in a way that maintains the
previously used behavior for applications that are not aware of the
new NL80211_BSS_BEACON_IES attribute.

Signed-off-by: Jouni Malinen <j@w1.fi>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
65486c8b30498dd274eea2c542696f22b63fe5b8 23-Dec-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: fix error path in cfg80211_wext_siwscan

If there's an invalid channel or SSID, the code leaks
the scan request. Always free the scan request, unless
it was successfully given to the driver.

Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
f64f9e719261a87818dd192a3a2352e5b20fbd0f 30-Nov-2009 Joe Perches <joe@perches.com> net: Move && and || to end of previous line

Not including net/atm/

Compiled tested x86 allyesconfig only
Added a > 80 column line or two, which I ignored.
Existing checkpatch plaints willfully, cheerfully ignored.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
e60d7443e00a72a2c056950cdaab79c7b077f3d4 25-Nov-2009 Alban Browaeys <prahal@yahoo.com> wireless : use a dedicated workqueue for cfg80211.

This patch moves the works cleanup, scan and events to a cfg80211
dedicated workqueue.

Platform driver like eeepc-laptop ought to use works to rfkill (as
new rfkill does lock in rfkill_unregister and the platform driver is
called from rfkill_switch_all which also lock the same mutex).
This raise a new issue in itself that the work scheduled by the platform
driver to the global worqueue calls wiphy_unregister which flush_work
scan and event works (which thus flush works on the global workqueue inside
a work on the global workqueue) and also put on hold the wdev_cleanup_work
(which prevents the dev_put on netdev thus indefinite Usage count error on
wifi device).

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Alban Browaeys <prahal@yahoo.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
76aa5e704c80fb7ca8bd3d05593d9a28298c92cd 18-Nov-2009 Rui Paulo <rpaulo@gmail.com> mac80211: update cfg80211 scan result code for the updated mesh conf IE

Signed-off-by: Rui Paulo <rpaulo@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
136cfa28615ccce0f9374811480e0b81c4191ea5 18-Nov-2009 Rui Paulo <rpaulo@gmail.com> mac80211: use a structure to hold the mesh config information element

Signed-off-by: Rui Paulo <rpaulo@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
584991dccfd347cd2e1675ab262998f6c335d3c0 02-Nov-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: validate scan channels

Currently it is possible to request a scan on only
disabled channels, which could be problematic for
some drivers. Reject such scans, and also ignore
disabled channels that are given. This resuls in
the scan begin/end event only including channels
that are actually used.

This makes the mac80211 check for disabled channels
superfluous. At the same time, remove the no-IBSS
check from mac80211 -- nothing says that we should
not find any networks on channels that cannot be
used for an IBSS, even when operating in IBSS mode.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
3d23e349d807177eaf519d444677cee86b1a04cf 29-Sep-2009 Johannes Berg <johannes@sipsolutions.net> wext: refactor

Refactor wext to
* split out iwpriv handling
* split out iwspy handling
* split out procfs support
* allow cfg80211 to have wireless extensions compat code
w/o CONFIG_WIRELESS_EXT

After this, drivers need to
- select WIRELESS_EXT - for wext support
- select WEXT_PRIV - for iwpriv support
- select WEXT_SPY - for iwspy support

except cfg80211 -- which gets new hooks in wext-core.c
and can then get wext handlers without CONFIG_WIRELESS_EXT.

Wireless extensions procfs support is auto-selected
based on PROC_FS and anything that requires the wext core
(i.e. WIRELESS_EXT or CFG80211_WEXT).

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
012a1b3e5e3561376dacf07efee15688284302c6 11-Sep-2009 Holger Schurig <hs4233@mail.mn-solutions.de> cfg80211: minimal error handling for wext-compat freq scanning

Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
50425b0977c53c6ac608f0b2c8a562a5c7cd5602 11-Sep-2009 Holger Schurig <h.schurig@mn-solutions.de> cfg80211: use cfg80211_wext_freq() for freq conversion

WEXT's "struct iw_freq" can also be used to handle a channel. This patch now
uses cfg80211_wext_freq() instead of hand-converting the frequency. That
allows user-space to specify channels as well, like with SIOCSIWFREQ.

Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
8862dc5f25153a3c565a097220ed3de14ed72dfd 11-Sep-2009 Holger Schurig <hs4233@mail.mn-solutions.de> cfg80211: minimal error handling for wext-compat freq scanning

Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
a4e7b730f1c8c9179def7033a024183c58cf2538 11-Sep-2009 Holger Schurig <h.schurig@mn-solutions.de> cfg80211: use cfg80211_wext_freq() for freq conversion

WEXT's "struct iw_freq" can also be used to handle a channel. This patch now
uses cfg80211_wext_freq() instead of hand-converting the frequency. That
allows user-space to specify channels as well, like with SIOCSIWFREQ.

Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
b2e3abdc708f8c0eff194af25362fdb239abe241 09-Sep-2009 Holger Schurig <hs4233@mail.mn-solutions.de> cfg80211: allow scanning on specified frequencies when using wext-compatibility

Handles the case when SIOCSIWSCAN specified iw_scan_req.num_channels and
iw_scan_req.channels[].

Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
fcc6cb0c13555e78c2d47257b6d1b5e59b0c419a 02-Sep-2009 Bob Copeland <me@bobcopeland.com> cfg80211: fix looping soft lockup in find_ie()

The find_ie() function uses a size_t for the len parameter, and
directly uses len as a loop variable. If any received packets
are malformed, it is possible for the decrease of len to overflow,
and since the result is unsigned, the loop will not terminate.
Change it to a signed int so the loop conditional works for
negative values.

This fixes the following soft lockup:

[38573.102007] BUG: soft lockup - CPU#0 stuck for 61s! [phy0:2230]
[38573.102007] Modules linked in: aes_i586 aes_generic fuse af_packet ipt_REJECT xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_state iptable_filter ip_tables x_tables acpi_cpufreq binfmt_misc dm_mirror dm_region_hash dm_log dm_multipath dm_mod kvm_intel kvm uinput i915 arc4 ecb drm snd_hda_codec_idt ath5k snd_hda_intel hid_apple mac80211 usbhid appletouch snd_hda_codec snd_pcm ath cfg80211 snd_timer i2c_algo_bit ohci1394 video snd processor ieee1394 rfkill ehci_hcd sg sky2 backlight snd_page_alloc uhci_hcd joydev output ac thermal button battery sr_mod applesmc cdrom input_polldev evdev unix [last unloaded: scsi_wait_scan]
[38573.102007] irq event stamp: 2547724535
[38573.102007] hardirqs last enabled at (2547724534): [<c1002ffc>] restore_all_notrace+0x0/0x18
[38573.102007] hardirqs last disabled at (2547724535): [<c10038f4>] apic_timer_interrupt+0x28/0x34
[38573.102007] softirqs last enabled at (92950144): [<c103ab48>] __do_softirq+0x108/0x210
[38573.102007] softirqs last disabled at (92950274): [<c1348e74>] _spin_lock_bh+0x14/0x80
[38573.102007]
[38573.102007] Pid: 2230, comm: phy0 Tainted: G W (2.6.31-rc7-wl #8) MacBook1,1
[38573.102007] EIP: 0060:[<f8ea2d50>] EFLAGS: 00010292 CPU: 0
[38573.102007] EIP is at cmp_ies+0x30/0x180 [cfg80211]
[38573.102007] EAX: 00000082 EBX: 00000000 ECX: ffffffc1 EDX: d8efd014
[38573.102007] ESI: ffffff7c EDI: 0000004d EBP: eee2dc50 ESP: eee2dc3c
[38573.102007] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[38573.102007] CR0: 8005003b CR2: d8efd014 CR3: 01694000 CR4: 000026d0
[38573.102007] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[38573.102007] DR6: ffff0ff0 DR7: 00000400
[38573.102007] Call Trace:
[38573.102007] [<f8ea2f8d>] cmp_bss+0xed/0x100 [cfg80211]
[38573.102007] [<f8ea33e4>] cfg80211_bss_update+0x84/0x410 [cfg80211]
[38573.102007] [<f8ea3884>] cfg80211_inform_bss_frame+0x114/0x180 [cfg80211]
[38573.102007] [<f97255ff>] ieee80211_bss_info_update+0x4f/0x180 [mac80211]
[38573.102007] [<f972b118>] ieee80211_rx_bss_info+0x88/0xf0 [mac80211]
[38573.102007] [<f9739297>] ? ieee802_11_parse_elems+0x27/0x30 [mac80211]
[38573.102007] [<f972b224>] ieee80211_rx_mgmt_probe_resp+0xa4/0x1c0 [mac80211]
[38573.102007] [<f972bc59>] ieee80211_sta_rx_queued_mgmt+0x919/0xc50 [mac80211]
[38573.102007] [<c1009707>] ? sched_clock+0x27/0xa0
[38573.102007] [<c1009707>] ? sched_clock+0x27/0xa0
[38573.102007] [<c105ffd0>] ? mark_held_locks+0x60/0x80
[38573.102007] [<c1348be5>] ? _spin_unlock_irqrestore+0x55/0x70
[38573.102007] [<c134baa5>] ? sub_preempt_count+0x85/0xc0
[38573.102007] [<c1348bce>] ? _spin_unlock_irqrestore+0x3e/0x70
[38573.102007] [<c12c1c0f>] ? skb_dequeue+0x4f/0x70
[38573.102007] [<f972c021>] ieee80211_sta_work+0x91/0xb80 [mac80211]
[38573.102007] [<c1009707>] ? sched_clock+0x27/0xa0
[38573.102007] [<c134baa5>] ? sub_preempt_count+0x85/0xc0
[38573.102007] [<c10479af>] worker_thread+0x18f/0x320
[38573.102007] [<c104794e>] ? worker_thread+0x12e/0x320
[38573.102007] [<c1348be5>] ? _spin_unlock_irqrestore+0x55/0x70
[38573.102007] [<f972bf90>] ? ieee80211_sta_work+0x0/0xb80 [mac80211]
[38573.102007] [<c104cbb0>] ? autoremove_wake_function+0x0/0x50
[38573.102007] [<c1047820>] ? worker_thread+0x0/0x320
[38573.102007] [<c104c854>] kthread+0x84/0x90
[38573.102007] [<c104c7d0>] ? kthread+0x0/0x90
[38573.102007] [<c1003ab7>] kernel_thread_helper+0x7/0x10

Cc: stable@kernel.org
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
01a0ac417ce9b4f1216a266f2fd454cffefc5aee 20-Aug-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: check lost scans later, fix bug

When we lose a scan, cfg80211 tries to clean up after
the driver. However, it currently does this too early,
it does this in GOING_DOWN already instead of DOWN, so
it may happen with mac80211. Besides fixing this, also
make it more robust by leaking the scan request so if
the driver later actually finishes the scan, it won't
crash. Also check in ___cfg80211_scan_done whether a
scan request is still pending and exit if not.

Reported-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Tested-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
36e6fea84905512ea776707e82b5b435220efc17 12-Aug-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: check for and abort dangling scan requests

If you trigger a scan request on an interface and then
take it down, or rmmod the module or unplug the device
the driver might "forget" to cancel the scan request.
That is a bug in the driver, but the current behaviour
is that we just hang endlessly waiting for the netdev
refcount to become 0 which it never will. To improve
robustness, check for this situation in cfg80211, warn
about it and clean up behind the driver. I don't just
clean up silently because it's likely that the driver
also has some internal state it has now leaked.

Additionally, this fixes a locking bug, clearing the
scan_req pointer should be done under the rdev lock.

Finally, we also need to _wait_ for the scan work and
not just abort it since it might be pending and wanting
to do a cleanup.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
5ba63533bbf653631faab60f6988506160ec6ba4 07-Aug-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: fix alignment problem in scan request

The memory layout for scan requests was rather wrong,
we put the scan SSIDs before the channels which could
lead to the channel pointers being unaligned in memory.
It turns out that using a pointer to the channel array
isn't necessary anyway since we can embed a zero-length
array into the struct.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
f5ea9120be2e5d5c846243416cfdce01d02f5836 07-Aug-2009 Johannes Berg <johannes@sipsolutions.net> nl80211: add generation number to all dumps

In order for userspace to be able to figure out whether
it obtained a consistent snapshot of data or not when
using netlink dumps, we need to have a generation number
in each dump message that indicates whether the list has
changed or not -- its value is arbitrary.

This patch adds such a number to all dumps, this needs
some mac80211 involvement to keep track of a generation
number to start with when adding/removing mesh paths or
stations.

The wiphy and netdev lists can be fully handled within
cfg80211, of course, but generation numbers need to be
stored there as well.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
cd3468bad96c00b5a512f551674f36776129520e 29-Jul-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: add two missing NULL pointer checks

These pointers can be NULL, the is_mesh() case isn't
ever hit in the current kernel, but cmp_ies() can be
hit under certain conditions.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Cc: stable@kernel.org [2.6.29, 2.6.30]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
a9a11622c5c742c115fad371c0397ae86dd3bb67 27-Jul-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: self-contained wext handling where possible

Finally! This is what you've all been waiting for!

This patch makes cfg80211 take care of wext emulation
_completely_ by itself, drivers that don't need things
cfg80211 doesn't do yet don't even need to be aware of
wireless extensions.
This means we can also clean up mac80211's and iwm's
Kconfig and make it possible to build them w/o wext
now!

RIP wext.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
09f97e0fc4ae81f151bd76b97e28d2af429c1427 23-Jul-2009 Helmut Schaa <helmut.schaa@googlemail.com> cfg80211: increase scan result expire time

Using background scanning in mac80211 the time a scan needs to
finish can exceed 10 seconds. Hence, increase the scan results
expire time to 15 seconds which should be sufficient.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
463d018323851a608eef52a9427b0585005c647f 14-Jul-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: make aware of net namespaces

In order to make cfg80211/nl80211 aware of network namespaces,
we have to do the following things:

* del_virtual_intf method takes an interface index rather
than a netdev pointer - simply change this

* nl80211 uses init_net a lot, it changes to use the sender's
network namespace

* scan requests use the interface index, hold a netdev pointer
and reference instead

* we want a wiphy and its associated virtual interfaces to be
in one netns together, so
- we need to be able to change ns for a given interface, so
export dev_change_net_namespace()
- for each virtual interface set the NETIF_F_NETNS_LOCAL
flag, and clear that flag only when the wiphy changes ns,
to disallow breaking this invariant

* when a network namespace goes away, we need to reparent the
wiphy to init_net

* cfg80211 users that support creating virtual interfaces must
create them in the wiphy's namespace, currently this affects
only mac80211

The end result is that you can now switch an entire wiphy into
a different network namespace with the new command
iw phy#<idx> set netns <pid>
and all virtual interfaces will follow (or the operation fails).

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
9e81eccf199d910e5ea8db377a43478e4eccd033 19-Jul-2009 Christian Lamparter <chunkeey@web.de> cfg80211: double free in __cfg80211_scan_done

This patch fixes a double free corruption in __cfg80211_scan_done:

================================================
BUG kmalloc-512: Object already free
------------------------------------------------

INFO: Allocated in load_elf_binary+0x18b/0x19af age=6
INFO: Freed in load_elf_binary+0x104e/0x19af age=5
INFO: Slab 0xffffea0001bae4c0 objects=14 used=7
INFO: Object 0xffff88007e8a9918 @offset=6424 fp=0xffff88007e8a9488

Bytes b4 0xffff88007e8a9908: 00 00 00 00 00 00 00 00 5a 5a
[...]
Pid: 28705, comm: rmmod Tainted: P C 2.6.31-rc2-wl #1
Call Trace:
[<ffffffff810da9f4>] print_trailer+0x14e/0x16e
[<ffffffff810daa56>] object_err+0x42/0x61
[<ffffffff810dbcd9>] __slab_free+0x2af/0x396
[<ffffffffa0ec9694>] ? wiphy_unregister+0x92/0x142 [cfg80211]
[<ffffffff810dd5e3>] kfree+0x13c/0x17a
[<ffffffffa0ec9694>] ? wiphy_unregister+0x92/0x142 [cfg80211]
[<ffffffffa0ec9694>] wiphy_unregister+0x92/0x142 [cfg80211]
[<ffffffffa0eed163>] ieee80211_unregister_hw+0xc8/0xff [mac80211]
[<ffffffffa0f3fbc8>] p54_unregister_common+0x31/0x66 [p54common]
[...]
FIX kmalloc-512: Object at 0xffff88007e8a9918 not freed

The code path which leads to the *funny* double free:

request = rdev->scan_req;
dev = dev_get_by_index(&init_net, request->ifidx);
/*
* the driver was unloaded recently and
* therefore dev_get_by_index will return NULL!
*/
if (!dev)
goto out;
[...]
rdev->scan_req = NULL; /* not executed... */
[...]
out:
kfree(request);

Signed-off-by: Christian Lamparter <chunkeey@web.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
667503ddcb96f3b10211f997fe55907fa7509841 07-Jul-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: fix locking

Over time, a lot of locking issues have crept into
the smarts of cfg80211, so e.g. scan completion can
race against a new scan, IBSS join can race against
leaving an IBSS, etc.

Introduce a new per-interface lock that protects
most of the per-interface data that we need to keep
track of, and sprinkle assertions about that lock
everywhere. Some things now need to be offloaded to
work structs so that we don't require being able to
sleep in functions the drivers call. The exception
to that are the MLME callbacks (rx_auth etc.) that
currently only mac80211 calls because it was easier
to do that there instead of in cfg80211, and future
drivers implementing those calls will, if they ever
exist, probably need to use a similar scheme like
mac80211 anyway...

In order to be able to handle _deauth and _disassoc
properly, introduce a cookie passed to it that will
determine locking requirements.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
4d0c8aead32ecdbe1310ad473b3637991f560865 07-Jul-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: properly name driver locking

Currently we call that cfg80211_put_dev(), but that is
misleading. With the new convention of using 'rdev' for
registered_device variables, also call that function
cfg80211_unlock_rdev().

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
19957bb399e2722719c0e20c9ae91cf8b6aaff04 02-Jul-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: keep track of BSSes

In order to avoid problems with BSS structs going away
while they're in use, I've long wanted to make cfg80211
keep track of them. Without the SME, that wasn't doable
but now that we have the SME we can do this too. It can
keep track of up to four separate authentications and
one association, regardless of whether it's controlled
by the cfg80211 SME or the userspace SME.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
6829c878ecd24ff0ae41b4668c7e9d0f11b66942 02-Jul-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: emulate connect with auth/assoc

This adds code to cfg80211 so that drivers (mac80211 right
now) that don't implement connect but rather auth/assoc can
still be used with the nl80211 connect command. This will
also be necessary for the wext compat code.

Signed-off-by: Samuel Ortiz <samuel.ortiz@intel.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
a538e2d5a30f577e9c8f6ccfe72b29a258e0fe86 16-Jun-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: issue netlink notification when scan starts

To ease multiple apps working together smoothly,
send a notification when a scan is started.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2dce4c2b5f0b43bd25bf9ea6ded06b7f8a54c91f 02-Jul-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: fix refcount leak

The code in cfg80211's cfg80211_bss_update erroneously
grabs a reference to the BSS, which means that it will
never be freed.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Cc: stable@kernel.org [2.6.29, 2.6.30]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
362a415dce2130b0e4cebfc8f8fbd8128baff308 24-May-2009 Johannes Berg <johannes@sipsolutions.net> nl80211: bounce scan request back to userspace

When a scan finishes only the program that asked for it
knows what kind of scan it was; let's tell everybody else
about the scan parameters as well so they can evaluate
the result of the scan better. Also helps with debugging.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
44e1b98f733e48bb781e4229120e1de5e0c9fdbb 26-Apr-2009 Michael Buesch <mb@bu3sch.de> cfg80211: Use the correct IE buffer pointer

If the IE buffer was allocated, the pub.information_elements pointer
was also changed to the allocated space. So we must not assume anymore
that the pointer points at the "found" tail.

So if it was allocated previously, take the codebranch that grows the
buffer size (if necessary) and put the data into the allocated buffer.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
273de92c8461776aaac7b32f8d5889a72b38ea10 25-Apr-2009 Michael Buesch <mb@bu3sch.de> cfg80211: Remove unnecessary ksize() call

This removes an unnecessary ksize() call. krealloc() will do this
test internally and won't perform any allocation if the space is
already sufficient to hold the data.
So remove the redundant check.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
c0f0aac05fa84b37ed46db8cf6c8bee9a67bbcca 30-Apr-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: fix truncated IEs

Another bug in the "cfg80211: do not replace BSS structs" patch,
a forgotten length update leads to bogus data being stored and
passed to userspace, often truncated.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
ba44cb7226afd4e19308c1d8a90e8b7c566c0d8b 20-Apr-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: mark all WEXT handlers _GPL

The fact that these are exported is a technical detail
of the conversion period -- we don't want anybody to
start relying on these. Ultimately we want things to
use cfg80211 only, and once everything that is in wext
is converted to cfg80211 drivers will not need to touch
wext _at all_.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
06aa7afaaa21a4e7f1bcb196bd3f29193924a603 26-Mar-2009 Jussi Kivilinna <jussi.kivilinna@mbnet.fi> cfg80211: add cfg80211_inform_bss

Added cfg80211_inform_bss() for full-mac devices to use.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
cd1658f592a60d028dd2e48d86724b737a82cab0 16-Apr-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: do not replace BSS structs

Instead, allocate extra IE memory if necessary. Normally,
this isn't even necessary since there's enough space.

This is a better way of correcting the "held BSS can
disappear" issue, but also a lot more code. It is also
necessary for proper auth/assoc BSS handling in the
future.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
160002fe845218f5789a26954048592c3920ac7b 16-Apr-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: copy hold when replacing BSS

When we receive a probe response frame we can replace the
BSS struct in our list -- but if that struct is held then
we need to hold the new one as well.

We really should fix this completely and not replace the
struct, but this is a bandaid for now.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
a08c1c1ac0c26229ca1ca45d554b209a56edc8be 22-Mar-2009 Kalle Valo <kalle.valo@nokia.com> cfg80211: add feature to hold bss

In beacon filtering there needs to be a way to not expire the BSS even
when no beacons are received. Add an interface to cfg80211 to hold
BSS and make sure that it's not expired.

Signed-off-by: Kalle Valo <kalle.valo@nokia.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
e38f8a7a8bebbab9d97f204e2cf05ef58b048a1d 21-Feb-2009 Luis R. Rodriguez <lrodriguez@atheros.com> cfg80211: Add AP beacon regulatory hints

When devices are world roaming they cannot beacon or do active scan
on 5 GHz or on channels 12, 13 and 14 on the 2 GHz band. Although
we have a good regulatory API some cards may _always_ world roam, this
is also true when a system does not have CRDA present. Devices doing world
roaming can still passive scan, if they find a beacon from an AP on
one of the world roaming frequencies we make the assumption we can do
the same and we also remove the passive scan requirement.

This adds support for providing beacon regulatory hints based on scans.
This works for devices that do either hardware or software scanning.
If a channel has not yet been marked as having had a beacon present
on it we queue the beacon hint processing into the workqueue.

All wireless devices will benefit from beacon regulatory hints from
any wireless device on a system including new devices connected to
the system at a later time.

Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
77965c970d7da9c9b6349ff2b1d9adecf54c403b 18-Feb-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: clean up signal type

It wasn't a good idea to make the signal type a per-BSS option,
although then it is closer to the actual value. Move it to be
a per-wiphy setting, update mac80211 to match.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
a77b855245541823b49999a27245ad7428879096 18-Feb-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211/mac80211: fill qual.qual value/adjust max_qual.qual

Due to various bugs in the software stack we end up having
to fill qual.qual; level should be used, but wpa_supplicant
doesn't properly ignore qual.qual, NM should use qual.level
regardless of that because qual.qual is 0 but doesn't handle
IW_QUAL_DBM right now.

So fill qual.qual with the qual.level value clamped to
-110..-40 dBm or just the regular 'unspecified' signal level.
This requires a mac80211 change to properly announce the
max_qual.qual and avg_qual.qual values.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
cb3a8eec0e66edfe8db7d3b3bf19d25745bae3c3 11-Feb-2009 Dan Williams <dcbw@redhat.com> cfg80211: age scan results on resume

Scanned BSS entries are timestamped with jiffies, which doesn't
increment across suspend and hibernate. On resume, every BSS in the
scan list looks like it was scanned within the last 10 seconds,
irregardless of how long the machine was actually asleep. Age scan
results on resume with the time spent during sleep so userspace has a
clue how old they really are.

Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
79420f09e76e8e1dd1149d6ce9c20e06cbb5802a 10-Feb-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: add more flexible BSS lookup

Add a more flexible BSS lookup function so that mac80211 or
other drivers can actually use this for getting the BSS to
connect to.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
d491af19db3adcc1eb1653e60a427fb4df36f361 10-Feb-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: allow users to request removing a BSS

This patch introduces cfg80211_unlink_bss, a function to
allow a driver to remove a BSS from the internal list and
make it not show up in scan results any more -- this is
to be used when the driver detects that the BSS is no
longer available.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
78c1c7e109f1f14e7c18f290c4ebc58da220c7ba 10-Feb-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211: free_priv for BSS info

When cfg80211 users have their own allocated data in the per-BSS
private data, they will need to free this when the BSS struct is
destroyed. Add a free_priv method and fix one place where the BSS
was kfree'd rather than released properly.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2a5193119269062608582418deba7af82844159a 10-Feb-2009 Johannes Berg <johannes@sipsolutions.net> cfg80211/nl80211: scanning (and mac80211 update to use it)

This patch adds basic scan capability to cfg80211/nl80211 and
changes mac80211 to use it. The BSS list that cfg80211 maintains
is made driver-accessible with a private area in each BSS struct,
but mac80211 doesn't yet use it. That's another large project.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>