From 50425b0977c53c6ac608f0b2c8a562a5c7cd5602 Mon Sep 17 00:00:00 2001 From: Holger Schurig Date: Fri, 11 Sep 2009 10:13:53 +0200 Subject: cfg80211: use cfg80211_wext_freq() for freq conversion WEXT's "struct iw_freq" can also be used to handle a channel. This patch now uses cfg80211_wext_freq() instead of hand-converting the frequency. That allows user-space to specify channels as well, like with SIOCSIWFREQ. Signed-off-by: Holger Schurig Signed-off-by: John W. Linville --- net/wireless/scan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/wireless') diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 4c210c2debc..6c20b6515ab 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -662,7 +662,7 @@ int cfg80211_wext_siwscan(struct net_device *dev, int k; int wiphy_freq = wiphy->bands[band]->channels[j].center_freq; for (k = 0; k < wreq->num_channels; k++) { - int wext_freq = wreq->channel_list[k].m / 100000; + int wext_freq = cfg80211_wext_freq(wiphy, &wreq->channel_list[k]); if (wext_freq == wiphy_freq) goto wext_freq_found; } -- cgit v1.2.3-18-g5258 From 012a1b3e5e3561376dacf07efee15688284302c6 Mon Sep 17 00:00:00 2001 From: Holger Schurig Date: Fri, 11 Sep 2009 10:13:55 +0200 Subject: cfg80211: minimal error handling for wext-compat freq scanning Signed-off-by: Holger Schurig Signed-off-by: John W. Linville --- net/wireless/scan.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'net/wireless') diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 6c20b6515ab..e5f92ee758f 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -675,6 +675,11 @@ int cfg80211_wext_siwscan(struct net_device *dev, wext_freq_not_found: ; } } + /* No channels found? */ + if (!i) { + err = -EINVAL; + goto out; + } /* Set real number of channels specified in creq->channels[] */ creq->n_channels = i; -- cgit v1.2.3-18-g5258 From 90c215c47675be42f164a4bac282666753e09225 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 16 Sep 2009 09:04:26 -0700 Subject: cfg80211: fix SME connect There's a check saying /* we're good if we have both BSSID and channel */ if (wdev->conn->params.bssid && wdev->conn->params.channel) { but that isn't true -- we need the BSS struct. This leads to errors such as Trying to associate with 00:1b:53:11:dc:40 (SSID='TEST' freq=2412 MHz) ioctl[SIOCSIWFREQ]: No such file or directory ioctl[SIOCSIWESSID]: No such file or directory Association request to the driver failed Associated with 00:1b:53:11:dc:40 in wpa_supplicant, as reported by Holger. Instead, we really need to have the BSS struct, and if we don't, then we need to initiate a scan for it. But we may already have the BSS struct here, so hang on to it if we do and scan if we don't. Signed-off-by: Johannes Berg Tested-by: Holger Schurig Signed-off-by: John W. Linville --- net/wireless/sme.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'net/wireless') diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 68307883ec8..7fae7eee65d 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -188,7 +188,7 @@ void cfg80211_conn_work(struct work_struct *work) rtnl_unlock(); } -static bool cfg80211_get_conn_bss(struct wireless_dev *wdev) +static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev) { struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); struct cfg80211_bss *bss; @@ -205,7 +205,7 @@ static bool cfg80211_get_conn_bss(struct wireless_dev *wdev) WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY, capa); if (!bss) - return false; + return NULL; memcpy(wdev->conn->bssid, bss->bssid, ETH_ALEN); wdev->conn->params.bssid = wdev->conn->bssid; @@ -213,14 +213,14 @@ static bool cfg80211_get_conn_bss(struct wireless_dev *wdev) wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; schedule_work(&rdev->conn_work); - cfg80211_put_bss(bss); - return true; + return bss; } static void __cfg80211_sme_scan_done(struct net_device *dev) { struct wireless_dev *wdev = dev->ieee80211_ptr; struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); + struct cfg80211_bss *bss; ASSERT_WDEV_LOCK(wdev); @@ -234,7 +234,10 @@ static void __cfg80211_sme_scan_done(struct net_device *dev) wdev->conn->state != CFG80211_CONN_SCAN_AGAIN) return; - if (!cfg80211_get_conn_bss(wdev)) { + bss = cfg80211_get_conn_bss(wdev); + if (bss) { + cfg80211_put_bss(bss); + } else { /* not found */ if (wdev->conn->state == CFG80211_CONN_SCAN_AGAIN) schedule_work(&rdev->conn_work); @@ -670,6 +673,7 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev, { struct wireless_dev *wdev = dev->ieee80211_ptr; struct ieee80211_channel *chan; + struct cfg80211_bss *bss = NULL; int err; ASSERT_WDEV_LOCK(wdev); @@ -760,7 +764,7 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev, /* don't care about result -- but fill bssid & channel */ if (!wdev->conn->params.bssid || !wdev->conn->params.channel) - cfg80211_get_conn_bss(wdev); + bss = cfg80211_get_conn_bss(wdev); wdev->sme_state = CFG80211_SME_CONNECTING; wdev->connect_keys = connkeys; @@ -770,10 +774,11 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev, wdev->conn->prev_bssid_valid = true; } - /* we're good if we have both BSSID and channel */ - if (wdev->conn->params.bssid && wdev->conn->params.channel) { + /* we're good if we have a matching bss struct */ + if (bss) { wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; err = cfg80211_conn_do_work(wdev); + cfg80211_put_bss(bss); } else { /* otherwise we'll need to scan for the AP first */ err = cfg80211_conn_scan(wdev); -- cgit v1.2.3-18-g5258 From 94f85853324e02c3a32bc3101f090dc9a3f512b4 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 17 Sep 2009 17:15:31 -0700 Subject: cfg80211: don't overwrite privacy setting When cfg80211 is instructed to connect, it always uses the default WEP key for the privacy setting, which clearly is wrong when using wpa_supplicant. Don't overwrite the setting, and rely on it being false when wpa_supplicant is not running, instead set it to true when we have keys. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/wireless/wext-sme.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/wireless') diff --git a/net/wireless/wext-sme.c b/net/wireless/wext-sme.c index d16cd9ea4d0..bf725275eb8 100644 --- a/net/wireless/wext-sme.c +++ b/net/wireless/wext-sme.c @@ -26,11 +26,11 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev, wdev->wext.connect.ie = wdev->wext.ie; wdev->wext.connect.ie_len = wdev->wext.ie_len; - wdev->wext.connect.privacy = wdev->wext.default_key != -1; if (wdev->wext.keys) { wdev->wext.keys->def = wdev->wext.default_key; wdev->wext.keys->defmgmt = wdev->wext.default_mgmt_key; + wdev->wext.connect.privacy = true; } if (!wdev->wext.connect.ssid_len) -- cgit v1.2.3-18-g5258 From 33de4f9d787e01646f715ac10c2699fb98fd479e Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 17 Sep 2009 08:35:54 -0700 Subject: cfg80211: wext: don't display BSSID unless associated Currently, cfg80211's SIOCGIWAP implementation returns the BSSID that the user set, even if the connection has since been dropped due to other changes. It only should return the current BSSID when actually connected. Also do a small code cleanup. Reported-by: Thomas H. Guenther Signed-off-by: Johannes Berg Tested-by: Thomas H. Guenther Signed-off-by: John W. Linville --- net/wireless/wext-sme.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'net/wireless') diff --git a/net/wireless/wext-sme.c b/net/wireless/wext-sme.c index bf725275eb8..53c6ba98dc2 100644 --- a/net/wireless/wext-sme.c +++ b/net/wireless/wext-sme.c @@ -229,8 +229,7 @@ int cfg80211_mgd_wext_giwessid(struct net_device *dev, data->flags = 1; data->length = wdev->wext.connect.ssid_len; memcpy(ssid, wdev->wext.connect.ssid, data->length); - } else - data->flags = 0; + } wdev_unlock(wdev); return 0; @@ -306,8 +305,6 @@ int cfg80211_mgd_wext_giwap(struct net_device *dev, wdev_lock(wdev); if (wdev->current_bss) memcpy(ap_addr->sa_data, wdev->current_bss->pub.bssid, ETH_ALEN); - else if (wdev->wext.connect.bssid) - memcpy(ap_addr->sa_data, wdev->wext.connect.bssid, ETH_ALEN); else memset(ap_addr->sa_data, 0, ETH_ALEN); wdev_unlock(wdev); -- cgit v1.2.3-18-g5258 From 4be3bd8ccc195297870b9ffca4ef18bcbc2f1822 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 24 Sep 2009 09:00:57 +0200 Subject: cfg80211: don't set privacy w/o key When wpa_supplicant is used to connect to open networks, it causes the wdev->wext.keys to point to key memory, but that key memory is all empty. Only use privacy when there is a default key to be used. Signed-off-by: Johannes Berg Tested-by: Luis R. Rodriguez Tested-by: Kalle Valo Signed-off-by: John W. Linville --- net/wireless/wext-sme.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'net/wireless') diff --git a/net/wireless/wext-sme.c b/net/wireless/wext-sme.c index 53c6ba98dc2..5615a880253 100644 --- a/net/wireless/wext-sme.c +++ b/net/wireless/wext-sme.c @@ -30,7 +30,8 @@ int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev, if (wdev->wext.keys) { wdev->wext.keys->def = wdev->wext.default_key; wdev->wext.keys->defmgmt = wdev->wext.default_mgmt_key; - wdev->wext.connect.privacy = true; + if (wdev->wext.default_key != -1) + wdev->wext.connect.privacy = true; } if (!wdev->wext.connect.ssid_len) -- cgit v1.2.3-18-g5258 From 8bb894859e9495a94f94af3ee4711c89cdf24a95 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Sat, 26 Sep 2009 14:42:53 +0200 Subject: cfg80211: always get BSS Multiple problems were reported due to interaction between wpa_supplicant and the wext compat code in cfg80211, which appear to be due to it not getting any bss pointer here when wpa_supplicant sets all parameters -- do that now. We should still get the bss after doing an extra scan, but that appears to increase the time we need for connecting enough to sometimes cause timeouts. Signed-off-by: Johannes Berg Tested-by: Hin-Tak Leung , Signed-off-by: John W. Linville --- net/wireless/sme.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'net/wireless') diff --git a/net/wireless/sme.c b/net/wireless/sme.c index 7fae7eee65d..93c3ed32920 100644 --- a/net/wireless/sme.c +++ b/net/wireless/sme.c @@ -762,9 +762,8 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev, wdev->conn->params.ssid = wdev->ssid; wdev->conn->params.ssid_len = connect->ssid_len; - /* don't care about result -- but fill bssid & channel */ - if (!wdev->conn->params.bssid || !wdev->conn->params.channel) - bss = cfg80211_get_conn_bss(wdev); + /* see if we have the bss already */ + bss = cfg80211_get_conn_bss(wdev); wdev->sme_state = CFG80211_SME_CONNECTING; wdev->connect_keys = connkeys; -- cgit v1.2.3-18-g5258 From 8503bd8c7dc6f82ec2de9d05e0a476e6ca5adc8b Mon Sep 17 00:00:00 2001 From: Arjan van de Ven Date: Sat, 26 Sep 2009 20:51:14 +0200 Subject: wext: Add bound checks for copy_from_user The wireless extensions have a copy_from_user to a local stack array "essid", but both me and gcc have failed to find where the bounds for this copy are located in the code. This patch adds some basic sanity checks for the copy length to make sure that we don't overflow the stack buffer. Signed-off-by: Arjan van de Ven Cc: linux-wireless@vger.kernel.org Signed-off-by: John W. Linville --- net/wireless/wext.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'net/wireless') diff --git a/net/wireless/wext.c b/net/wireless/wext.c index 5b4a0cee441..ac4ac26b53c 100644 --- a/net/wireless/wext.c +++ b/net/wireless/wext.c @@ -773,10 +773,13 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd, essid_compat = 1; else if (IW_IS_SET(cmd) && (iwp->length != 0)) { char essid[IW_ESSID_MAX_SIZE + 1]; + unsigned int len; + len = iwp->length * descr->token_size; - err = copy_from_user(essid, iwp->pointer, - iwp->length * - descr->token_size); + if (len > IW_ESSID_MAX_SIZE) + return -EFAULT; + + err = copy_from_user(essid, iwp->pointer, len); if (err) return -EFAULT; -- cgit v1.2.3-18-g5258 From 8f1546cadf7ac5e9a40d54089a1c7302264ec49b Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 28 Sep 2009 15:26:43 +0200 Subject: wext: add back wireless/ dir in sysfs for cfg80211 interfaces The move away from having drivers assign wireless handlers, in favour of making cfg80211 assign them, broke the sysfs registration (the wireless/ dir went missing) because the handlers are now assigned only after registration, which is too late. Fix this by special-casing cfg80211-based devices, all of which are required to have an ieee80211_ptr, in the sysfs code, and also using get_wireless_stats() to have the same values reported as in procfs. Signed-off-by: Johannes Berg Reported-by: Hugh Dickins Tested-by: Hugh Dickins Signed-off-by: John W. Linville --- net/wireless/wext.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/wireless') diff --git a/net/wireless/wext.c b/net/wireless/wext.c index ac4ac26b53c..60fe57761ca 100644 --- a/net/wireless/wext.c +++ b/net/wireless/wext.c @@ -470,7 +470,7 @@ static iw_handler get_handler(struct net_device *dev, unsigned int cmd) /* * Get statistics out of the driver */ -static struct iw_statistics *get_wireless_stats(struct net_device *dev) +struct iw_statistics *get_wireless_stats(struct net_device *dev) { /* New location */ if ((dev->wireless_handlers != NULL) && -- cgit v1.2.3-18-g5258 From 8a8e05e5d8f6155788761961fc9845328863c16d Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 8 Oct 2009 21:02:02 +0200 Subject: cfg80211: fix netns error unwinding bug The error unwinding code in set_netns has a bug that will make it run into a BUG_ON if passed a bad wiphy index, fix by not trying to unlock a wiphy that doesn't exist. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/wireless/nl80211.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'net/wireless') diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index eddab097435..ca3c92a0a14 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -4029,7 +4029,7 @@ static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) rdev = cfg80211_get_dev_from_info(info); if (IS_ERR(rdev)) { err = PTR_ERR(rdev); - goto out; + goto out_rtnl; } net = get_net_ns_by_pid(pid); @@ -4049,6 +4049,7 @@ static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) put_net(net); out: cfg80211_unlock_rdev(rdev); + out_rtnl: rtnl_unlock(); return err; } -- cgit v1.2.3-18-g5258 From d43c36dc6b357fa1806800f18aa30123c747a6d1 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Wed, 7 Oct 2009 17:09:06 +0400 Subject: headers: remove sched.h from interrupt.h After m68k's task_thread_info() doesn't refer to current, it's possible to remove sched.h from interrupt.h and not break m68k! Many thanks to Heiko Carstens for allowing this. Signed-off-by: Alexey Dobriyan --- net/wireless/core.c | 1 + 1 file changed, 1 insertion(+) (limited to 'net/wireless') diff --git a/net/wireless/core.c b/net/wireless/core.c index 45b2be3274d..a595f712b5b 100644 --- a/net/wireless/core.c +++ b/net/wireless/core.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include "nl80211.h" -- cgit v1.2.3-18-g5258