Linux kernel source tree https://git.amat.us/linux/atom/net/wireless?h=v2.6.35.11 2010-12-14T22:40:18Z 2010-12-14T22:40:18Z Luis R. Rodriguez lrodriguez@atheros.com 2010-11-13T00:31:23Z urn:sha1:3acc1eff9aab5dc224463d6fdc1fc98912f97a6f commit 9236d838c920e90708570d9bbd7bb82d30a38130 upstream. When operating in a mode that initiates communication and using HT40 we should fail if we cannot use both primary and secondary channels to initiate communication. Our current ht40 allowmap only covers STA mode of operation, for beaconing modes we need a check on the fly as the mode of operation is dynamic and there other flags other than disable which we should read to check if we can initiate communication. Do not allow for initiating communication if our secondary HT40 channel has is either disabled, has a passive scan flag, a no-ibss flag or is a radar channel. Userspace now has similar checks but this is also needed in-kernel. Reported-by: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Andi Kleen <ak@linux.intel.com> 2010-12-14T22:40:01Z Luis R. Rodriguez lrodriguez@atheros.com 2010-10-19T00:44:51Z urn:sha1:12e3edfbbf42a116afc5e491930c5a1e56f4edb2 commit a171fba491f54216e356efa46096171a7ed01d10 upstream. The patch 4f366c5: wireless: only use alpha2 regulatory information from country IE removed some complex intersection we were always doing between the AP's country IE info and what we got from CRDA. When CRDA sent us back a regulatory domain we would do some sanity checks on that regulatory domain response we just got. Part of these sanity checks included checking that we already had performed an intersection for the request of NL80211_REGDOM_SET_BY_COUNTRY_IE type. This mean that cfg80211 was only processing country IEs for cases where we already had an intersection, but since we removed enforcing this this is no longer required, we should just apply the country IE country hint with the data received from CRDA. This patch has fixes intended for kernels >= 2.6.36. [AK: it seems to be needed for .35 too?? Kept for now] Reported-by: Easwar Krishnan <easwar.krishnan@atheros.com> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Andi Kleen <ak@linux.intel.com> 2010-12-14T22:40:00Z Johannes Berg johannes.berg@intel.com 2010-09-30T20:17:43Z urn:sha1:b4c656d2584875fc74bbda31687eeac9dbb03d41 commit 2234362c427e2ef667595b9b81c0125003ac5607 upstream. Add missing unlocking of the wiphy in set_channel, and don't try to unlock a non-existing wiphy in set_cqm. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Andi Kleen <ak@linux.intel.com> 2010-12-14T22:40:00Z Johannes Berg johannes.berg@intel.com 2010-10-06T19:18:04Z urn:sha1:8c344624d82e34d805d9250b942158f652e9ac75 commit 3207390a8b58bfc1335750f91cf6783c48ca19ca upstream. When multiple interfaces are actively trying to associate with the same BSS, they may both find that the BSS isn't there and then try to unlink it. This can cause errors since the unlinking code can't currently deal with items that have already been unlinked. Normally this doesn't happen as most people don't try to use multiple station interfaces that associate at the same time too. Fix this by using the list entry as a flag to see if the item is still on a list. Reported-by: Ben Greear <greearb@candelatech.com> Tested-by: Hun-Kyi Wynn <hkwynn@candelatech.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Andi Kleen <ak@linux.intel.com> 2010-10-29T04:51:27Z Johannes Berg johannes.berg@intel.com 2010-09-16T22:38:25Z urn:sha1:7ca9783455c1226bcecd1e543b50e6cc38994535 commit df6d02300f7c2fbd0fbe626d819c8e5237d72c62 upstream. When a driver doesn't fill the entire buffer, old heap contents may remain, and if it also doesn't update the length properly, this old heap content will be copied back to userspace. It is very unlikely that this happens in any of the drivers using private ioctls since it would show up as junk being reported by iwpriv, but it seems better to be safe here, so use kzalloc. Reported-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2010-09-20T20:36:42Z Johannes Berg johannes.berg@intel.com 2010-08-30T10:24:54Z urn:sha1:53d9dee0d76a860134cb8360f296bb01efea2558 commit 42da2f948d949efd0111309f5827bf0298bcc9a4 upstream. Wireless extensions have an unfortunate, undocumented requirement which requires drivers to always fill iwp->length when returning a successful status. When a driver doesn't do this, it leads to a kernel heap content leak when userspace offers a larger buffer than would have been necessary. Arguably, this is a driver bug, as it should, if it returns 0, fill iwp->length, even if it separately indicated that the buffer contents was not valid. However, we can also at least avoid the memory content leak if the driver doesn't do this by setting the iwp length to max_tokens, which then reflects how big the buffer is that the driver may fill, regardless of how big the userspace buffer is. To illustrate the point, this patch also fixes a corresponding cfg80211 bug (since this requirement isn't documented nor was ever pointed out by anyone during code review, I don't trust all drivers nor all cfg80211 handlers to implement it correctly). Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2010-08-26T23:45:48Z Johannes Berg johannes.berg@intel.com 2010-08-09T13:52:03Z urn:sha1:57001f2240b0cba6ec95f460da34c0e81f52b4c2 commit fe100acddf438591ecf3582cb57241e560da70b7 upstream. Accesses to "wdev->current_bss" must be locked with the wdev lock, which action frame transmission is missing. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2010-08-10T18:09:20Z Johannes Berg johannes.berg@intel.com 2010-07-13T08:55:38Z urn:sha1:bfcd88d2b16638f74957a78c787e0284d7080284 commit ccb6c1360f8dd43303c659db718e7e0b24175db5 upstream. When kernel-internal users use cfg80211_get_bss() to get a reference to a BSS struct, they may end up getting one that would have been removed from the list if there had been any userspace access to the list. This leads to inconsistencies and problems. Fix it by making cfg80211_get_bss() ignore BSSes that cfg80211_bss_expire() would remove. Fixes http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2180 Reported-by: Jiajia Zheng <jiajia.zheng@intel.com> Tested-by: Jiajia Zheng <jiajia.zheng@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2010-08-10T18:09:20Z Johannes Berg johannes.berg@intel.com 2010-07-12T12:46:43Z urn:sha1:89b15fbbcb5e77845ea1d8e96e0973caa0749fed commit 643f82e32f14faf0d0944c804203a6681b6b0a1e upstream. Ever since mac80211/drivers are no longer fully in charge of keeping track of the auth status, trying to make them do so will fail. Instead of warning and reporting the deauthentication to userspace, cfg80211 must simply ignore it so that spurious deauthentications, e.g. before starting authentication, aren't seen by userspace as actual deauthentications. Reported-by: Paul Stewart <pstew@google.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2010-05-21T18:40:01Z Johannes Berg johannes@sipsolutions.net 2010-05-18T12:36:34Z urn:sha1:579d7534ca83235794b6d9ef3cd473ffc14e9d42 Specifying a valid channel type will get goto out rather than continuing, due to missing braces. This affects both remain on channel and action frame TX commands. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>