From 51ceddade0fb1e15f080b2555f3b3e1d68c6707e Mon Sep 17 00:00:00 2001 From: Luis Carlos Cobo Date: Wed, 23 Apr 2008 12:15:29 -0700 Subject: [PATCH 1/7] mac80211: use 4-byte mesh sequence number This follows the new 802.11s/D2.0 draft. Signed-off-by: Luis Carlos Cobo Signed-off-by: John W. Linville --- include/linux/ieee80211.h | 2 +- net/mac80211/ieee80211_i.h | 2 +- net/mac80211/mesh.c | 17 +++++------------ net/mac80211/mesh.h | 2 +- 4 files changed, 8 insertions(+), 15 deletions(-) diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index 529f301d9372..0b5e03eae6d2 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -113,7 +113,7 @@ struct ieee80211_hdr { struct ieee80211s_hdr { u8 flags; u8 ttl; - u8 seqnum[3]; + __le32 seqnum; u8 eaddr1[6]; u8 eaddr2[6]; u8 eaddr3[6]; diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 8e53ce7ed444..c7314bf4bec2 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -354,7 +354,7 @@ struct ieee80211_if_sta { int preq_queue_len; struct mesh_stats mshstats; struct mesh_config mshcfg; - u8 mesh_seqnum[3]; + u32 mesh_seqnum; bool accepting_plinks; #endif u16 aid; diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index 594a3356a508..f76bc26ae4d2 100644 --- a/net/mac80211/mesh.c +++ b/net/mac80211/mesh.c @@ -8,6 +8,7 @@ * published by the Free Software Foundation. */ +#include #include "ieee80211_i.h" #include "mesh.h" @@ -167,8 +168,8 @@ int mesh_rmc_check(u8 *sa, struct ieee80211s_hdr *mesh_hdr, struct rmc_entry *p, *n; /* Don't care about endianness since only match matters */ - memcpy(&seqnum, mesh_hdr->seqnum, sizeof(mesh_hdr->seqnum)); - idx = mesh_hdr->seqnum[0] & rmc->idx_mask; + memcpy(&seqnum, &mesh_hdr->seqnum, sizeof(mesh_hdr->seqnum)); + idx = le32_to_cpu(mesh_hdr->seqnum) & rmc->idx_mask; list_for_each_entry_safe(p, n, &rmc->bucket[idx].list, list) { ++entries; if (time_after(jiffies, p->exp_time) || @@ -393,16 +394,8 @@ int ieee80211_new_mesh_header(struct ieee80211s_hdr *meshhdr, { meshhdr->flags = 0; meshhdr->ttl = sdata->u.sta.mshcfg.dot11MeshTTL; - - meshhdr->seqnum[0] = sdata->u.sta.mesh_seqnum[0]++; - meshhdr->seqnum[1] = sdata->u.sta.mesh_seqnum[1]; - meshhdr->seqnum[2] = sdata->u.sta.mesh_seqnum[2]; - - if (sdata->u.sta.mesh_seqnum[0] == 0) { - sdata->u.sta.mesh_seqnum[1]++; - if (sdata->u.sta.mesh_seqnum[1] == 0) - sdata->u.sta.mesh_seqnum[2]++; - } + put_unaligned(cpu_to_le32(sdata->u.sta.mesh_seqnum), &meshhdr->seqnum); + sdata->u.sta.mesh_seqnum++; return 5; } diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h index 742003d3a841..9f8cb7690498 100644 --- a/net/mac80211/mesh.h +++ b/net/mac80211/mesh.h @@ -139,7 +139,7 @@ struct rmc_entry { struct mesh_rmc { struct rmc_entry bucket[RMC_BUCKETS]; - u8 idx_mask; + u32 idx_mask; }; From 8b808bf29bdafe9270cb283ea093bb87f5a3be19 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 23 Apr 2008 23:35:09 +0200 Subject: [PATCH 2/7] mac80211: assign conf.beacon_control for mesh Drivers can rightfully assume that they get a beacon_control if the beacon is set. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/mac80211/main.c b/net/mac80211/main.c index e9a978979d38..e12ffa172813 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -975,6 +975,7 @@ static int __ieee80211_if_config(struct net_device *dev, conf.ssid_len = sdata->u.sta.ssid_len; } else if (ieee80211_vif_is_mesh(&sdata->vif)) { conf.beacon = beacon; + conf.beacon_control = control; ieee80211_start_mesh(dev); } else if (sdata->vif.type == IEEE80211_IF_TYPE_AP) { conf.ssid = sdata->u.ap.ssid; From e94e106831403d5028e7bb73c3163951134de1ba Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 24 Apr 2008 14:16:36 +0200 Subject: [PATCH 3/7] mac80211: don't allow invalid WDS peer addresses Rather than just disallowing the zero address, disallow all invalid ones. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mac80211/main.c b/net/mac80211/main.c index e12ffa172813..ab952fff1811 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -255,7 +255,7 @@ static int ieee80211_open(struct net_device *dev) switch (sdata->vif.type) { case IEEE80211_IF_TYPE_WDS: - if (is_zero_ether_addr(sdata->u.wds.remote_addr)) + if (!is_valid_ether_addr(sdata->u.wds.remote_addr)) return -ENOLINK; /* Create STA entry for the WDS peer */ From 636c5d488bc0b349e01cf5bfbf85588134af70a0 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 24 Apr 2008 14:18:37 +0200 Subject: [PATCH 4/7] mac80211: insert WDS peer after adding interface This reorders the open code so that WDS peer STA info entries are added after the corresponding interface is added to the driver so that driver callbacks aren't invoked out of order. Also make any master device startup fatal. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/main.c | 44 +++++++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/net/mac80211/main.c b/net/mac80211/main.c index ab952fff1811..9ad4e3631b6b 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -257,20 +257,6 @@ static int ieee80211_open(struct net_device *dev) case IEEE80211_IF_TYPE_WDS: if (!is_valid_ether_addr(sdata->u.wds.remote_addr)) return -ENOLINK; - - /* Create STA entry for the WDS peer */ - sta = sta_info_alloc(sdata, sdata->u.wds.remote_addr, - GFP_KERNEL); - if (!sta) - return -ENOMEM; - - sta->flags |= WLAN_STA_AUTHORIZED; - - res = sta_info_insert(sta); - if (res) { - /* STA has been freed */ - return res; - } break; case IEEE80211_IF_TYPE_VLAN: if (!sdata->u.vlan.ap) @@ -337,10 +323,8 @@ static int ieee80211_open(struct net_device *dev) conf.type = sdata->vif.type; conf.mac_addr = dev->dev_addr; res = local->ops->add_interface(local_to_hw(local), &conf); - if (res && !local->open_count && local->ops->stop) - local->ops->stop(local_to_hw(local)); if (res) - return res; + goto err_stop; ieee80211_if_config(dev); ieee80211_reset_erp_info(dev); @@ -353,9 +337,29 @@ static int ieee80211_open(struct net_device *dev) netif_carrier_on(dev); } + if (sdata->vif.type == IEEE80211_IF_TYPE_WDS) { + /* Create STA entry for the WDS peer */ + sta = sta_info_alloc(sdata, sdata->u.wds.remote_addr, + GFP_KERNEL); + if (!sta) { + res = -ENOMEM; + goto err_del_interface; + } + + sta->flags |= WLAN_STA_AUTHORIZED; + + res = sta_info_insert(sta); + if (res) { + /* STA has been freed */ + goto err_del_interface; + } + } + if (local->open_count == 0) { res = dev_open(local->mdev); WARN_ON(res); + if (res) + goto err_del_interface; tasklet_enable(&local->tx_pending_tasklet); tasklet_enable(&local->tasklet); } @@ -390,6 +394,12 @@ static int ieee80211_open(struct net_device *dev) netif_start_queue(dev); return 0; + err_del_interface: + local->ops->remove_interface(local_to_hw(local), &conf); + err_stop: + if (!local->open_count && local->ops->stop) + local->ops->stop(local_to_hw(local)); + return res; } static int ieee80211_stop(struct net_device *dev) From 17f830459d6116ae13dbcfc9d09a406e6717b1a6 Mon Sep 17 00:00:00 2001 From: Harvey Harrison Date: Sun, 27 Apr 2008 03:48:40 -0700 Subject: [PATCH 5/7] mac80211: incorrect shift direction Looks like 5d2cdcd4e85c5187db30a6b29f79fbbe59f39f78 ("mac80211: get a TKIP phase key from skb") got the shifts wrong. Noticed by sparse: net/mac80211/tkip.c:234:25: warning: right shift by bigger than source value net/mac80211/tkip.c:235:25: warning: right shift by bigger than source value net/mac80211/tkip.c:236:25: warning: right shift by bigger than source value Signed-off-by: Harvey Harrison Signed-off-by: John W. Linville --- net/mac80211/tkip.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c index dddbfd60f351..09093da24af6 100644 --- a/net/mac80211/tkip.c +++ b/net/mac80211/tkip.c @@ -230,10 +230,8 @@ void ieee80211_get_tkip_key(struct ieee80211_key_conf *keyconf, iv16 = data[hdr_len] << 8; iv16 += data[hdr_len + 2]; - iv32 = data[hdr_len + 4] + - (data[hdr_len + 5] >> 8) + - (data[hdr_len + 6] >> 16) + - (data[hdr_len + 7] >> 24); + iv32 = data[hdr_len + 4] | (data[hdr_len + 5] << 8) | + (data[hdr_len + 6] << 16) | (data[hdr_len + 7] << 24); #ifdef CONFIG_TKIP_DEBUG printk(KERN_DEBUG "TKIP encrypt: iv16 = 0x%04x, iv32 = 0x%08x\n", From 2e35af143a1380173ba292e48e9b4913ef16b4ee Mon Sep 17 00:00:00 2001 From: Michael Buesch Date: Sun, 27 Apr 2008 19:06:18 +0200 Subject: [PATCH 6/7] b43: Fix dual-PHY devices This fixes operation of dual-PHY (A/B/G) devices. Do not anounce the A-PHY to mac80211, as that's not supported, yet. Signed-off-by: Michael Buesch Signed-off-by: John W. Linville --- drivers/net/wireless/b43/main.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c index 94a0cdeb39a8..1e95c4f5256b 100644 --- a/drivers/net/wireless/b43/main.c +++ b/drivers/net/wireless/b43/main.c @@ -4326,6 +4326,14 @@ static int b43_wireless_core_attach(struct b43_wldev *dev) err = -EOPNOTSUPP; goto err_powerdown; } + if (1 /* disable A-PHY */) { + /* FIXME: For now we disable the A-PHY on multi-PHY devices. */ + if (dev->phy.type != B43_PHYTYPE_N) { + have_2ghz_phy = 1; + have_5ghz_phy = 0; + } + } + dev->phy.gmode = have_2ghz_phy; tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0; b43_wireless_core_reset(dev, tmp); From c0d43990768b6ca83604ff4be80425b89d317e2f Mon Sep 17 00:00:00 2001 From: Holger Schurig Date: Tue, 29 Apr 2008 10:07:56 +0200 Subject: [PATCH 7/7] libertas: fix use-before-check violation According to Coverity (kudo's to Adrian Bunk), we had one use-before-check bug in libe libertas driver. This patch fixes this issue. Signed-off-by: Holger Schurig Signed-off-by: John W. Linville --- drivers/net/wireless/libertas/scan.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/libertas/scan.c b/drivers/net/wireless/libertas/scan.c index e72c97a0d6c1..7234669d05c0 100644 --- a/drivers/net/wireless/libertas/scan.c +++ b/drivers/net/wireless/libertas/scan.c @@ -298,7 +298,8 @@ static int lbs_do_scan(struct lbs_private *priv, uint8_t bsstype, uint8_t *tlv; /* pointer into our current, growing TLV storage area */ lbs_deb_enter_args(LBS_DEB_SCAN, "bsstype %d, chanlist[].chan %d, chan_count %d", - bsstype, chan_list[0].channumber, chan_count); + bsstype, chan_list ? chan_list[0].channumber : -1, + chan_count); /* create the fixed part for scan command */ scan_cmd = kzalloc(MAX_SCAN_CFG_ALLOC, GFP_KERNEL);