From 00fc90c886220efe8b634d3f2a04713fcebbe2c0 Mon Sep 17 00:00:00 2001 From: "John W. Linville" Date: Thu, 22 Jul 2010 15:36:02 -0400 Subject: minstrel_ht: remove unnecessary NULL check in minstrel_ht_update_caps If sta is NULL, we will have problems long before we get here... Reported-by: Dan Carpenter Signed-off-by: John W. Linville Cc: Felix Fietkau --- net/mac80211/rc80211_minstrel_ht.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/mac80211') diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c index b5ace243546..a16694bb634 100644 --- a/net/mac80211/rc80211_minstrel_ht.c +++ b/net/mac80211/rc80211_minstrel_ht.c @@ -636,7 +636,7 @@ minstrel_ht_update_caps(void *priv, struct ieee80211_supported_band *sband, int i; /* fall back to the old minstrel for legacy stations */ - if (sta && !sta->ht_cap.ht_supported) { + if (!sta->ht_cap.ht_supported) { msp->is_ht = false; memset(&msp->legacy, 0, sizeof(msp->legacy)); msp->legacy.r = msp->ratelist; -- cgit v1.2.3-70-g09d2 From ea65145da88e9fa04cb15c7a2a550ad1d3fde02a Mon Sep 17 00:00:00 2001 From: "John W. Linville" Date: Thu, 22 Jul 2010 15:43:13 -0400 Subject: minstrel: don't complain about feedback for unrequested rates "It's not problematic if minstrel gets feedback for rates that it doesn't have in its list, it should just ignore it. - Felix" Signed-off-by: John W. Linville Cc: Felix Fietkau --- net/mac80211/rc80211_minstrel.c | 1 - 1 file changed, 1 deletion(-) (limited to 'net/mac80211') diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c index f65ce6dcc8e..778c604d793 100644 --- a/net/mac80211/rc80211_minstrel.c +++ b/net/mac80211/rc80211_minstrel.c @@ -67,7 +67,6 @@ rix_to_ndx(struct minstrel_sta_info *mi, int rix) for (i = rix; i >= 0; i--) if (mi->r[i].rix == rix) break; - WARN_ON(i < 0); return i; } -- cgit v1.2.3-70-g09d2 From 7e988014cd6dec991f095305256f57168b5610e8 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 22 Jul 2010 13:14:19 +0200 Subject: mac80211: freeing the wrong variable The intent was to free "msp->ratelist" here. "msp->sample_table" is always NULL at this point. Signed-off-by: Dan Carpenter Signed-off-by: John W. Linville --- net/mac80211/rc80211_minstrel_ht.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/mac80211') diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c index a16694bb634..c5b465904e3 100644 --- a/net/mac80211/rc80211_minstrel_ht.c +++ b/net/mac80211/rc80211_minstrel_ht.c @@ -748,7 +748,7 @@ minstrel_ht_alloc_sta(void *priv, struct ieee80211_sta *sta, gfp_t gfp) return msp; error1: - kfree(msp->sample_table); + kfree(msp->ratelist); error: kfree(msp); return NULL; -- cgit v1.2.3-70-g09d2 From 66c524210ab9217528b01b63c43903545e03a58c Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 22 Jul 2010 13:58:51 +0200 Subject: mac80211: remove bogus rcu_read_lock() Another remnant of the previous key locking scheme needs to be removed -- this causes a warning otherwise as ieee80211_set_default_mgmt_key will acquire a mutex. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/cfg.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'net/mac80211') diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 35b07ea0633..db82da90df7 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -324,15 +324,10 @@ static int ieee80211_config_default_mgmt_key(struct wiphy *wiphy, struct net_device *dev, u8 key_idx) { - struct ieee80211_sub_if_data *sdata; - - rcu_read_lock(); + struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); - sdata = IEEE80211_DEV_TO_SUB_IF(dev); ieee80211_set_default_mgmt_key(sdata, key_idx); - rcu_read_unlock(); - return 0; } -- cgit v1.2.3-70-g09d2 From ec25acc46a62db98baaa9b221f33b66af09a1964 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 22 Jul 2010 17:11:28 +0200 Subject: mac80211: fix sta assignment I just had the following: WARNING: at drivers/net/wireless/iwlwifi/iwl-agn-tx.c:574 iwlagn_tx_skb+0x1576/0x15f0 [iwlagn]() Call Trace: [] warn_slowpath_common+0x7f/0xc0 [] warn_slowpath_null+0x1a/0x20 [] iwlagn_tx_skb+0x1576/0x15f0 [iwlagn] [] iwl_mac_tx+0x5c/0x260 [iwlagn] [] __ieee80211_tx+0x10b/0x1a0 [mac80211] [] ieee80211_tx_pending+0x186/0x2d0 [mac80211] [] tasklet_action+0x125/0x130 [] __do_softirq+0x106/0x270 [] call_softirq+0x1c/0x30 iwlagn 0000:02:00.0: Attempting to modify non-existing station 107 Note that 107 == 0x6b which is slab poison. The reason is that mac80211 passed a freed station pointer to mac80211, because as it happened iwlwifi reset itself while mac80211 was disconnecting from the network. It turns out that we do take care to look up the station pointer in ieee80211_tx_pending_skb, but then don't use it, which obviously is a bug. Fix this by removing the ieee80211_tx_h_sta handler and assigning the station pointer directly. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/tx.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) (limited to 'net/mac80211') diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 698d4718b1a..2f8182dc94a 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -575,17 +575,6 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx) return TX_CONTINUE; } -static ieee80211_tx_result debug_noinline -ieee80211_tx_h_sta(struct ieee80211_tx_data *tx) -{ - struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); - - if (tx->sta && tx->sta->uploaded) - info->control.sta = &tx->sta->sta; - - return TX_CONTINUE; -} - static ieee80211_tx_result debug_noinline ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx) { @@ -1307,6 +1296,11 @@ static int __ieee80211_tx(struct ieee80211_local *local, break; } + if (sta && sta->uploaded) + info->control.sta = &sta->sta; + else + info->control.sta = NULL; + ret = drv_tx(local, skb); if (WARN_ON(ret != NETDEV_TX_OK && skb->len != len)) { dev_kfree_skb(skb); @@ -1346,7 +1340,6 @@ static int invoke_tx_handlers(struct ieee80211_tx_data *tx) CALL_TXH(ieee80211_tx_h_check_assoc); CALL_TXH(ieee80211_tx_h_ps_buf); CALL_TXH(ieee80211_tx_h_select_key); - CALL_TXH(ieee80211_tx_h_sta); if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)) CALL_TXH(ieee80211_tx_h_rate_ctrl); -- cgit v1.2.3-70-g09d2 From d97349797fa76753c747ed8b888414fe78795439 Mon Sep 17 00:00:00 2001 From: Sujith Date: Fri, 23 Jul 2010 10:47:11 +0530 Subject: mac80211: Don't set per-BSS QoS for monitor interfaces In AP mode, there is no need to notify the driver about QoS changes for the monitor interface that is created. The warning in ieee80211_bss_info_change_notify() would be hit otherwise. Signed-off-by: Sujith Acked-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/util.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'net/mac80211') diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 79479217737..748387d45bc 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -803,8 +803,12 @@ void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata) /* after reinitialize QoS TX queues setting to default, * disable QoS at all */ - sdata->vif.bss_conf.qos = sdata->vif.type != NL80211_IFTYPE_STATION; - ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS); + + if (sdata->vif.type != NL80211_IFTYPE_MONITOR) { + sdata->vif.bss_conf.qos = + sdata->vif.type != NL80211_IFTYPE_STATION; + ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS); + } } void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata, -- cgit v1.2.3-70-g09d2 From 32162a4dab0e6a4ca7f886a01173b5f9b80843be Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 26 Jul 2010 15:52:03 -0700 Subject: mac80211: Fix key freeing to handle unlinked keys Key locking simplification removed key->sdata != NULL verification from ieee80211_key_free(). While that is fine for most use cases, there is one path where this function can be called with an unlinked key (i.e., key->sdata == NULL && key->local == NULL). This results in a NULL pointer dereference with the current implementation. This is known to happen at least with FT protocol when wpa_supplicant tries to configure the key before association. Avoid the issue by passing in the local pointer to ieee80211_key_free(). In addition, do not clear the key from hw_accel or debugfs if it has not yet been added. At least the hw_accel one could trigger another NULL pointer dereference. Signed-off-by: Jouni Malinen Reviewed-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/cfg.c | 6 +++--- net/mac80211/key.c | 13 ++++++------- net/mac80211/key.h | 3 ++- net/mac80211/sta_info.c | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) (limited to 'net/mac80211') diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index b769567949b..dab6b8efe5f 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -158,7 +158,7 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev, if (mac_addr) { sta = sta_info_get_bss(sdata, mac_addr); if (!sta) { - ieee80211_key_free(key); + ieee80211_key_free(sdata->local, key); err = -ENOENT; goto out_unlock; } @@ -192,7 +192,7 @@ static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev, goto out_unlock; if (sta->key) { - ieee80211_key_free(sta->key); + ieee80211_key_free(sdata->local, sta->key); WARN_ON(sta->key); ret = 0; } @@ -205,7 +205,7 @@ static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev, goto out_unlock; } - ieee80211_key_free(sdata->keys[key_idx]); + ieee80211_key_free(sdata->local, sdata->keys[key_idx]); WARN_ON(sdata->keys[key_idx]); ret = 0; diff --git a/net/mac80211/key.c b/net/mac80211/key.c index 50d1cff23d8..1b9d87ed143 100644 --- a/net/mac80211/key.c +++ b/net/mac80211/key.c @@ -323,13 +323,15 @@ static void __ieee80211_key_destroy(struct ieee80211_key *key) if (!key) return; - ieee80211_key_disable_hw_accel(key); + if (key->local) + ieee80211_key_disable_hw_accel(key); if (key->conf.alg == ALG_CCMP) ieee80211_aes_key_free(key->u.ccmp.tfm); if (key->conf.alg == ALG_AES_CMAC) ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); - ieee80211_debugfs_key_remove(key); + if (key->local) + ieee80211_debugfs_key_remove(key); kfree(key); } @@ -410,15 +412,12 @@ static void __ieee80211_key_free(struct ieee80211_key *key) __ieee80211_key_destroy(key); } -void ieee80211_key_free(struct ieee80211_key *key) +void ieee80211_key_free(struct ieee80211_local *local, + struct ieee80211_key *key) { - struct ieee80211_local *local; - if (!key) return; - local = key->sdata->local; - mutex_lock(&local->key_mtx); __ieee80211_key_free(key); mutex_unlock(&local->key_mtx); diff --git a/net/mac80211/key.h b/net/mac80211/key.h index a3849fa3fce..b665bbb7a47 100644 --- a/net/mac80211/key.h +++ b/net/mac80211/key.h @@ -135,7 +135,8 @@ struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg, void ieee80211_key_link(struct ieee80211_key *key, struct ieee80211_sub_if_data *sdata, struct sta_info *sta); -void ieee80211_key_free(struct ieee80211_key *key); +void ieee80211_key_free(struct ieee80211_local *local, + struct ieee80211_key *key); void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx); void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx); diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 67656cbf2b1..6d86f0c1ad0 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -647,7 +647,7 @@ static int __must_check __sta_info_destroy(struct sta_info *sta) return ret; if (sta->key) { - ieee80211_key_free(sta->key); + ieee80211_key_free(local, sta->key); WARN_ON(sta->key); } -- cgit v1.2.3-70-g09d2 From e4ab7eb0aecbe56ac280486c61cd3f0f6c42870b Mon Sep 17 00:00:00 2001 From: Yuri Ershov Date: Tue, 29 Jun 2010 15:08:06 +0400 Subject: mac80211: Put some code under MESH macro In the function ieee80211_subif_start_xmit the logic related with meshdrlen is under CONFIG_MAC80211_MESH macro, but in one place it isn't. This is some update for this Signed-off-by: Yuri Ershov Signed-off-by: John W. Linville --- net/mac80211/tx.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'net/mac80211') diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 2f8182dc94a..c54db966926 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -1935,11 +1935,13 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb, h_pos += encaps_len; } +#ifdef CONFIG_MAC80211_MESH if (meshhdrlen > 0) { memcpy(skb_push(skb, meshhdrlen), &mesh_hdr, meshhdrlen); nh_pos += meshhdrlen; h_pos += meshhdrlen; } +#endif if (ieee80211_is_data_qos(fc)) { __le16 *qos_control; -- cgit v1.2.3-70-g09d2 From a0daa0e7592ada797d6835f11529097aabc27ad2 Mon Sep 17 00:00:00 2001 From: "Luis R. Rodriguez" Date: Tue, 27 Jul 2010 16:33:08 -0400 Subject: Revert "mac80211: fix sw scan bracketing" This reverts this commit. While in theory the change is correct the patch does not address current assumptions made by some drivers, one which is definitley affected is ath9k. Prior to this change the scan complete callback would be called after we returned to the home channel and configured the hardware RX filters. After this change we call the scan complete callback prior to both the hw config and the config filter. At least for ath9k this breaks quite a few assumptions on the callback, leading to disconnects to the AP after every scan making the driver pretty useless on STA mode. The goal behind this commit was to address the now understood spurious warnings from ath9k and mac80211_hwsim on scanning on two wiphys at the same time but we have now supressed these and will address this issue in the next kernel release. When fixing this for good next we must first review the other driver's dependence on this logic and perhaps consider removal of the scan complete callback all together. Cc: Johannes Berg Signed-off-by: Luis R. Rodriguez Signed-off-by: John W. Linville --- net/mac80211/scan.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'net/mac80211') diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 439c98d93a7..41635b2c91b 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -286,8 +286,6 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) local->scanning = 0; local->scan_channel = NULL; - drv_sw_scan_complete(local); - /* we only have to protect scan_req and hw/sw scan */ mutex_unlock(&local->scan_mtx); @@ -297,6 +295,8 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) ieee80211_configure_filter(local); + drv_sw_scan_complete(local); + ieee80211_offchannel_return(local, true); done: -- cgit v1.2.3-70-g09d2 From 4552124543141debf40a94b67155e57aa6bb34d6 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Wed, 28 Jul 2010 02:40:49 +0200 Subject: mac80211: inform drivers about the off-channel status on channel changes For some drivers it can be useful to know whether the channel they're supposed to switch to is going to be used for short off-channel work or scanning, or whether the hardware is expected to stay on it for a while longer. This is important for various kinds of calibration work, which takes longer to complete and should keep some persistent state, even if the channel temporarily changes. Signed-off-by: Felix Fietkau Signed-off-by: John W. Linville --- include/net/mac80211.h | 3 +++ net/mac80211/main.c | 3 +++ 2 files changed, 6 insertions(+) (limited to 'net/mac80211') diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 20d372edec2..c7027ef51c7 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -625,11 +625,14 @@ struct ieee80211_rx_status { * may turn the device off as much as possible. Typically, this flag will * be set when an interface is set UP but not associated or scanning, but * it can also be unset in that case when monitor interfaces are active. + * @IEEE80211_CONF_OFFCHANNEL: The device is currently not on its main + * operating channel. */ enum ieee80211_conf_flags { IEEE80211_CONF_MONITOR = (1<<0), IEEE80211_CONF_PS = (1<<1), IEEE80211_CONF_IDLE = (1<<2), + IEEE80211_CONF_OFFCHANNEL = (1<<3), }; diff --git a/net/mac80211/main.c b/net/mac80211/main.c index 0e95c750ded..7cc4f913a43 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -107,12 +107,15 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) if (scan_chan) { chan = scan_chan; channel_type = NL80211_CHAN_NO_HT; + local->hw.conf.flags |= IEEE80211_CONF_OFFCHANNEL; } else if (local->tmp_channel) { chan = scan_chan = local->tmp_channel; channel_type = local->tmp_channel_type; + local->hw.conf.flags |= IEEE80211_CONF_OFFCHANNEL; } else { chan = local->oper_channel; channel_type = local->_oper_channel_type; + local->hw.conf.flags &= ~IEEE80211_CONF_OFFCHANNEL; } if (chan != local->hw.conf.channel || -- cgit v1.2.3-70-g09d2 From e5b900d228b76d445a4240d9aeb3cd8f79205a91 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 29 Jul 2010 16:08:55 +0200 Subject: mac80211: allow drivers to request DTIM period Some features require knowing the DTIM period before associating. This implements the ability to wait for a beacon in mac80211 before assoc to provide this value. It is optional since most likely not all drivers will need this. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- include/net/mac80211.h | 9 +++++++-- net/mac80211/ieee80211_i.h | 1 + net/mac80211/mlme.c | 32 +++++++++++++++++++++++++++++--- net/mac80211/scan.c | 4 ++++ net/mac80211/work.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 84 insertions(+), 5 deletions(-) (limited to 'net/mac80211') diff --git a/include/net/mac80211.h b/include/net/mac80211.h index c7027ef51c7..f85fc8a140d 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -194,7 +194,9 @@ enum ieee80211_bss_change { * if the hardware cannot handle this it must set the * IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE hardware flag * @dtim_period: num of beacons before the next DTIM, for beaconing, - * not valid in station mode (cf. hw conf ps_dtim_period) + * valid in station mode only while @assoc is true and if also + * requested by %IEEE80211_HW_NEED_DTIM_PERIOD (cf. also hw conf + * @ps_dtim_period) * @timestamp: beacon timestamp * @beacon_int: beacon interval * @assoc_capability: capabilities taken from assoc resp @@ -1027,6 +1029,9 @@ enum ieee80211_tkip_key_type { * connection quality related parameters, such as the RSSI level and * provide notifications if configured trigger levels are reached. * + * @IEEE80211_HW_NEED_DTIM_PERIOD: + * This device needs to know the DTIM period for the BSS before + * associating. */ enum ieee80211_hw_flags { IEEE80211_HW_HAS_RATE_CONTROL = 1<<0, @@ -1036,7 +1041,7 @@ enum ieee80211_hw_flags { IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE = 1<<4, IEEE80211_HW_SIGNAL_UNSPEC = 1<<5, IEEE80211_HW_SIGNAL_DBM = 1<<6, - /* use this hole */ + IEEE80211_HW_NEED_DTIM_PERIOD = 1<<7, IEEE80211_HW_SPECTRUM_MGMT = 1<<8, IEEE80211_HW_AMPDU_AGGREGATION = 1<<9, IEEE80211_HW_SUPPORTS_PS = 1<<10, diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index ef470064b15..65e0ed6c297 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -238,6 +238,7 @@ enum ieee80211_work_type { IEEE80211_WORK_ABORT, IEEE80211_WORK_DIRECT_PROBE, IEEE80211_WORK_AUTH, + IEEE80211_WORK_ASSOC_BEACON_WAIT, IEEE80211_WORK_ASSOC, IEEE80211_WORK_REMAIN_ON_CHANNEL, }; diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index cf8d72196c6..b6c163ac22d 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -870,6 +870,11 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, ieee80211_led_assoc(local, 1); + if (local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD) + bss_conf->dtim_period = bss->dtim_period; + else + bss_conf->dtim_period = 0; + bss_conf->assoc = 1; /* * For now just always ask the driver to update the basic rateset @@ -1751,7 +1756,8 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, if (wk->sdata != sdata) continue; - if (wk->type != IEEE80211_WORK_ASSOC) + if (wk->type != IEEE80211_WORK_ASSOC && + wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT) continue; if (memcmp(mgmt->bssid, wk->filter_ta, ETH_ALEN)) @@ -2086,6 +2092,8 @@ static enum work_done_result ieee80211_assoc_done(struct ieee80211_work *wk, struct sk_buff *skb) { struct ieee80211_mgmt *mgmt; + struct ieee80211_rx_status *rx_status; + struct ieee802_11_elems elems; u16 status; if (!skb) { @@ -2093,6 +2101,19 @@ static enum work_done_result ieee80211_assoc_done(struct ieee80211_work *wk, return WORK_DONE_DESTROY; } + if (wk->type == IEEE80211_WORK_ASSOC_BEACON_WAIT) { + mutex_lock(&wk->sdata->u.mgd.mtx); + rx_status = (void *) skb->cb; + ieee802_11_parse_elems(skb->data + 24 + 12, skb->len - 24 - 12, &elems); + ieee80211_rx_bss_info(wk->sdata, (void *)skb->data, skb->len, rx_status, + &elems, true); + mutex_unlock(&wk->sdata->u.mgd.mtx); + + wk->type = IEEE80211_WORK_ASSOC; + /* not really done yet */ + return WORK_DONE_REQUEUE; + } + mgmt = (void *)skb->data; status = le16_to_cpu(mgmt->u.assoc_resp.status_code); @@ -2206,10 +2227,14 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, if (req->prev_bssid) memcpy(wk->assoc.prev_bssid, req->prev_bssid, ETH_ALEN); - wk->type = IEEE80211_WORK_ASSOC; wk->chan = req->bss->channel; wk->sdata = sdata; wk->done = ieee80211_assoc_done; + if (!bss->dtim_period && + sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD) + wk->type = IEEE80211_WORK_ASSOC_BEACON_WAIT; + else + wk->type = IEEE80211_WORK_ASSOC; if (req->use_mfp) { ifmgd->mfp = IEEE80211_MFP_REQUIRED; @@ -2257,7 +2282,8 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, if (wk->type != IEEE80211_WORK_DIRECT_PROBE && wk->type != IEEE80211_WORK_AUTH && - wk->type != IEEE80211_WORK_ASSOC) + wk->type != IEEE80211_WORK_ASSOC && + wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT) continue; if (memcmp(req->bss->bssid, wk->filter_ta, ETH_ALEN)) diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 41635b2c91b..41f20fb7e67 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -114,6 +114,10 @@ ieee80211_bss_info_update(struct ieee80211_local *local, bss->dtim_period = tim_ie->dtim_period; } + /* If the beacon had no TIM IE, or it was invalid, use 1 */ + if (beacon && !bss->dtim_period) + bss->dtim_period = 1; + /* replace old supported rates if we get new values */ srlen = 0; if (elems->supp_rates) { diff --git a/net/mac80211/work.c b/net/mac80211/work.c index c22a71c5cb4..81d4ad64184 100644 --- a/net/mac80211/work.c +++ b/net/mac80211/work.c @@ -560,6 +560,22 @@ ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk) return WORK_ACT_TIMEOUT; } +static enum work_action __must_check +ieee80211_assoc_beacon_wait(struct ieee80211_work *wk) +{ + if (wk->started) + return WORK_ACT_TIMEOUT; + + /* + * Wait up to one beacon interval ... + * should this be more if we miss one? + */ + printk(KERN_DEBUG "%s: waiting for beacon from %pM\n", + wk->sdata->name, wk->filter_ta); + wk->timeout = TU_TO_EXP_TIME(wk->assoc.bss->beacon_interval); + return WORK_ACT_NONE; +} + static void ieee80211_auth_challenge(struct ieee80211_work *wk, struct ieee80211_mgmt *mgmt, size_t len) @@ -709,6 +725,25 @@ ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk, return WORK_ACT_DONE; } +static enum work_action __must_check +ieee80211_rx_mgmt_beacon(struct ieee80211_work *wk, + struct ieee80211_mgmt *mgmt, size_t len) +{ + struct ieee80211_sub_if_data *sdata = wk->sdata; + struct ieee80211_local *local = sdata->local; + + ASSERT_WORK_MTX(local); + + if (wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT) + return WORK_ACT_MISMATCH; + + if (len < 24 + 12) + return WORK_ACT_NONE; + + printk(KERN_DEBUG "%s: beacon received\n", sdata->name); + return WORK_ACT_DONE; +} + static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local, struct sk_buff *skb) { @@ -731,6 +766,7 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local, case IEEE80211_WORK_DIRECT_PROBE: case IEEE80211_WORK_AUTH: case IEEE80211_WORK_ASSOC: + case IEEE80211_WORK_ASSOC_BEACON_WAIT: bssid = wk->filter_ta; break; default: @@ -745,6 +781,9 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local, continue; switch (fc & IEEE80211_FCTL_STYPE) { + case IEEE80211_STYPE_BEACON: + rma = ieee80211_rx_mgmt_beacon(wk, mgmt, skb->len); + break; case IEEE80211_STYPE_PROBE_RESP: rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len, rx_status); @@ -916,6 +955,9 @@ static void ieee80211_work_work(struct work_struct *work) case IEEE80211_WORK_REMAIN_ON_CHANNEL: rma = ieee80211_remain_on_channel_timeout(wk); break; + case IEEE80211_WORK_ASSOC_BEACON_WAIT: + rma = ieee80211_assoc_beacon_wait(wk); + break; } wk->started = started; @@ -1065,6 +1107,7 @@ ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata, case IEEE80211_STYPE_PROBE_RESP: case IEEE80211_STYPE_ASSOC_RESP: case IEEE80211_STYPE_REASSOC_RESP: + case IEEE80211_STYPE_BEACON: skb_queue_tail(&local->work_skb_queue, skb); ieee80211_queue_work(&local->hw, &local->work_work); return RX_QUEUED; -- cgit v1.2.3-70-g09d2