summaryrefslogtreecommitdiff
path: root/net/wireless/nl80211.c
AgeCommit message (Collapse)AuthorFilesLines
2011-11-28nl80211: fix MAC address validationEliad Peller1-2/+2
MAC addresses have a fixed length. The current policy allows passing < ETH_ALEN bytes, which might result in reading beyond the buffer. Cc: stable@vger.kernel.org Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-11-07cfg80211: allow setting TXQ parameters only in AP modeJohannes Berg1-0/+6
In other modes the parameters should not be set. Right now, mac80211 will set them, even if the user asked for setting them on VLANs which the driver doesn't know about, causing all kinds of trouble. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-11-07nl80211: fix HT capability attribute validationJohannes Berg1-2/+1
Since the NL80211_ATTR_HT_CAPABILITY attribute is used as a struct, it needs a minimum, not maximum length. Enforce that properly. Not doing so could potentially lead to reading after the buffer. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-10-14nl80211: Add sta_flags to the station infoHelmut Schaa1-0/+4
Reuse the already existing struct nl80211_sta_flag_update to specify both, a flag mask and the flag set itself. This means nl80211_sta_flag_update is now used for setting station flags and also for getting station flags. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-30nl80211/mac80211: allow adding TDLS peers as stationsArik Nemtsov1-4/+22
When adding a TDLS peer STA, mark it with a new flag in both nl80211 and mac80211. Before adding a peer, make sure the wiphy supports TDLS and our operating mode is appropriate (managed). In addition, make sure all peers are removed on disassociation. A TDLS peer is first added just before link setup is initiated. In later setup stages we have more info about peer supported rates, capabilities, etc. This info is reported via nl80211_set_station(). Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-30nl80211: support sending TDLS commands/framesArik Nemtsov1-1/+80
Add support for sending high-level TDLS commands and TDLS frames via NL80211_CMD_TDLS_OPER and NL80211_CMD_TDLS_MGMT, respectively. Add appropriate cfg80211 callbacks for lower level drivers. Add wiphy capability flags for TDLS support and advertise them via nl80211. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-30cfg80211/mac80211: apply station uAPSD parameters selectivelyJohannes Berg1-0/+2
Currently, when hostapd sets the station as authorized we also overwrite its uAPSD parameter. This obviously leads to buggy behaviour (later, with my patches that actually add uAPSD support). To fix this, only apply those parameters if they were actually set in nl80211, and to achieve that add a bitmap of things to apply. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-28Merge branch 'master' of git://git.infradead.org/users/linville/wirelessJohn W. Linville1-0/+3
Conflicts: drivers/net/wireless/iwlwifi/iwl-scan.c net/wireless/nl80211.c
2011-09-27mac80211: treat the WME sta flag as a bitArik Nemtsov1-1/+1
Correct flag usage - use it as a bit index instead of a bit value. Signed-off-by: Arik Nemtsov <arik@wizery.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-27cfg80211/mac80211: add netdev param to set_txq_params()Eliad Peller1-0/+6
tx params are currently configured per hw, although they should be configured per interface. Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-27nl80211/cfg80211: Add support to disable CCK rate for management frameRajkumar Manoharan1-1/+8
Add a new nl80211 attribute to specify whether to send the management frames in CCK rate or not. As of now the wpa_supplicant is disabling CCK rate at P2P init itself. So this patch helps to send P2P probe request/probe response/action frames being sent at non CCK rate in 2GHz without disabling 11b rates. This attribute is used with NL80211_CMD_TRIGGER_SCAN and NL80211_CMD_FRAME commands to disable CCK rate for management frame transmission. Cc: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-27cfg80211: Validate cipher suite against supported ciphersJouni Malinen1-12/+4
Instead of using a hardcoded list of cipher suites in nl80211.c, use a shared function in util.c to verify that the driver advertises support for the specified cipher. This provides more accurate validation of the values and allows vendor-specific cipher suites to be added in drivers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-27cfg80211: Remove strict validation of AKM suitesJouni Malinen1-11/+1
NL80211_ATTR_AKM_SUITES can be used to configure new AKMs, like FT or the SHA-256 -based AKMs or FT from 802.11r/802.11w. In addition, vendor specific AKMs could be used. The current validation code for the connect command prevents cfg80211-based drivers from using these mechanisms even if the driver would not actually use this AKM value (i.e., it uses WPA/RSN IE from user space). mac80211-based drivers allow any AKM to be used since this value is not used there. Remove the unnecessary validation step in cfg80211 to allow drivers to decide what AKMs are supported. In theory, we could handle this by advertising supported AKMs, but that would not be very effective unless we enforce all drivers (including mac80211) to advertise the set of supported AKMs. This would require additional changes in many places whenever a new AKM is introduced even though no actually functionality changes may be required in most drivers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-21cfg80211: Fix validation of AKM suitesJouni Malinen1-1/+4
Incorrect variable was used in validating the akm_suites array from NL80211_ATTR_AKM_SUITES. In addition, there was no explicit validation of the array length (we only have room for NL80211_MAX_NR_AKM_SUITES). This can result in a buffer write overflow for stack variables with arbitrary data from user space. The nl80211 commands using the affected functionality require GENL_ADMIN_PERM, so this is only exposed to admin users. Cc: stable@kernel.org Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-19cfg80211/nl80211: Add PMKSA caching candidate eventJouni Malinen1-0/+46
When the driver (or most likely firmware) decides which AP to use for roaming based on internal scan result processing, user space needs to be notified of PMKSA caching candidates to allow RSN pre-authentication to be used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-19cfg80211: validate IBSS BSSIDJohannes Berg1-1/+5
The IBSS BSSID is never validated, so an invalid one might end up being used. Fix this by rejecting invalid configuration. Reported-by: Marek Lindner <lindner_marek@yahoo.de> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-14cfg80211: verify format of uAPSD informationJohannes Berg1-0/+5
The format is intended to be like the subfields in the QoS Info field, verify that is the case. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-13nl80211/cfg80211: add match filtering for sched_scanLuciano Coelho1-1/+58
Introduce filtering for scheduled scans to reduce the number of unnecessary results (which cause useless wake-ups). Add a new nested attribute where sets of parameters to be matched can be passed when starting a scheduled scan. Only scan results that match any of the sets will be returned. At this point, the set consists of a single parameter, an SSID. This can be easily extended in the future to support more complex matches. Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-13nl80211/cfg80211: add WIPHY_FLAG_AP_UAPSD flagEliad Peller1-1/+4
add WIPHY_FLAG_AP_UAPSD flag to indicate uapsd support on AP mode. Advertise it to userspace by including a new NL80211_ATTR_SUPPORT_AP_UAPSD attribute. Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-13cfg80211/nl80211: Indicate roaming feature capability to userspace.Vivek Natarajan1-0/+4
When the rssi of the current AP drops, both wpa_supplicant and the firmware may do a background scan to find a better AP and try to associate. Since firmware based roaming is faster, inform wpa_supplicant to avoid roaming and let the firmware decide to roam if necessary. For fullmac drivers like ath6kl, it is just enough to provide the ESSID and the firmware will decide on the BSSID. Since it is not possible to do pre-auth during roaming for fullmac drivers, the wpa_supplicant needs to completely disconnect with the old AP and reconnect with the new AP. This consumes lot of time and it is better to leave the roaming decision to the firmware. Signed-off-by: Vivek Natarajan <nataraja@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-26nl80211/cfg80211: add STA WME parametersEliad Peller1-0/+27
Add new NL80211_ATTR_STA_WME nested attribute that contains wme params needed by the low-level driver (uapsd_queues and max_sp). Add these params to the station_parameters struct as well. Signed-off-by: Eliad Peller <eliad@wizery.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-24{nl,cfg,mac}80211: let userspace make meshif mesh gateJavier Cardona1-0/+7
Allow userspace to set NL80211_MESHCONF_GATE_ANNOUNCEMENTS attribute, which will advertise this mesh node as being a mesh gate. NL80211_HWMP_ROOTMODE must be set or this will do nothing. Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-24{nl,cfg,mac}80211: let userspace set RANN intervalJavier Cardona1-0/+7
Allow userspace to set Root Announcement Interval for our mesh interface. Also, RANN interval is now in proper units of TUs. Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-24{nl,mac}80211: add missing root mode meshconf entriesJavier Cardona1-0/+1
This fix allows userspace to mark a meshif as a root node. Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-12nl80211/cfg80211: Add extra IE configuration to AP mode setupJouni Malinen1-1/+27
The NL80211_CMD_NEW_BEACON command is, in practice, requesting AP mode operations to be started. Add new attributes to provide extra IEs (e.g., WPS IE, P2P IE) for drivers that build Beacon, Probe Response, and (Re)Association Response frames internally (likely in firmware). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-12nl80211/cfg80211: Add crypto settings into NEW_BEACONJouni Malinen1-0/+21
This removes need from drivers to parse the beacon tail/head data to figure out what crypto settings are to be used in AP mode in case the Beacon and Probe Response frames are fully constructed in the driver/firmware. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-12nl80211/cfg80211: Allow SSID to be specified in new beacon commandJouni Malinen1-0/+29
This makes it easier for drivers that generate Beacon and Probe Response frames internally (in firmware most likely) in AP mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-11nl80211/cfg80211: Make addition of new sinfo fields saferJouni Malinen1-0/+1
Add a comment pointing out the use of enum station_info_flags for all new struct station_info fields. In addition, memset the sinfo buffer to zero before use on all paths in the current tree to avoid leaving uninitialized pointers in the data. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-11cfg80211: fix a crash in nl80211_send_stationFelix Fietkau1-1/+1
mac80211 leaves sinfo->assoc_req_ies uninitialized, causing a random pointer memory access in nl80211_send_station. Instead of checking if the pointer is null, use sinfo->filled, like the rest of the fields. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-10cfg80211/nl80211: Send AssocReq IEs to user space in AP modeJouni Malinen1-0/+4
When user space SME/MLME (e.g., hostapd) is not used in AP mode, the IEs from the (Re)Association Request frame that was processed in firmware need to be made available for user space (e.g., RSN IE for hostapd). Allow this to be done with cfg80211_new_sta(). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-10nl80211: Indicate driver-based offchannel TX on mgmt_tx_cancel_waitJouni Malinen1-2/+1
Drivers that support frame transmission with mgmt_tx() may not support driver-based offchannel TX. Use mgmt_tx_cancel_wait instead of mgmt_tx when figuring out whether to indicate support for this with NL80211_ATTR_OFFCHANNEL_TX_OK. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-08-01cfg80211: off by one in nl80211_trigger_scan()Dan Carpenter1-1/+1
The test is off by one so we'd read past the end of the wiphy->bands[] array on the next line. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-07-20cfg80211: fix scan crash on single-band cardsJohannes Berg1-1/+3
commit 58389c69150e6032504dfcd3edca6b1975c8b5bc Author: Johannes Berg <johannes.berg@intel.com> Date: Mon Jul 18 18:08:35 2011 +0200 cfg80211: allow userspace to control supported rates in scan made single-band cards crash since it would always access all wiphy->bands[]. Fix this and reject any attempts in the new helper ieee80211_get_ratemask() to do the same, rejecting rates configuration for unsupported bands. Reported-by: Pavel Roskin <proski@gnu.org> Tested-by: Pavel Roskin <proski@gnu.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-07-19cfg80211: allow userspace to control supported rates in scanJohannes Berg1-19/+31
Some P2P scans are not allowed to advertise 11b rates, but that is a rather special case so instead of having that, allow userspace to request the rate sets (per band) that are advertised in scan probe request frames. Since it's needed in two places now, factor out some common code parsing a rate array. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-07-15nl80211/cfg80211: add max_sched_scan_ie_len in the hw descriptionLuciano Coelho1-1/+3
Some chips may support different lengths of user-supplied IEs with a single scheduled scan command than with a single normal scan command. To support this, this patch creates a separate hardware description element that describes the maximum size of user-supplied information element data supported in scheduled scans. Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-07-15nl80211/cfg80211: add max_sched_scan_ssids in the hw descriptionLuciano Coelho1-1/+3
Some chips can scan more SSIDs with a single scheduled scan command than with a single normal scan command (eg. wl12xx chips). To support this, this patch creates a separate hardware description element that describes the amount of SSIDs supported in scheduled scans. Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-07-15nl80211: advertise GTK rekey support, new triggersJohannes Berg1-0/+49
Since we now have the necessary API in place to support GTK rekeying, applications will need to know whether it is supported by a device. Add a pseudo-trigger that is used only to advertise that capability. Also, add some new triggers that match what iwlagn devices can do. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-07-11Merge branch 'master' of ↵John W. Linville1-6/+18
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 Conflicts: drivers/net/wireless/ath/ath5k/sysfs.c net/bluetooth/l2cap_core.c net/mac80211/wpa.c
2011-07-06cfg80211/nl80211: support GTK rekey offloadJohannes Berg1-0/+113
In certain circumstances, like WoWLAN scenarios, devices may implement (partial) GTK rekeying on the device to avoid waking up the host for it. In order to successfully go through GTK rekeying, the KEK, KCK and the replay counter are required. Add API to let the supplicant hand the parameters to the driver which may store it for future GTK rekey operations. Note that, of course, if GTK rekeying is done by the device, the EAP frame must not be passed up to userspace, instead a rekey event needs to be sent to let userspace update its replay counter. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-07-05cfg80211: fix deadlock with rfkill/sched_scan by adding new mutexLuciano Coelho1-6/+18
There was a deadlock when rfkill-blocking a wireless interface, because we were locking the rdev mutex on NETDEV_GOING_DOWN to stop sched_scans that were eventually running. The rfkill block code was already holding a mutex under rdev: kernel: ======================================================= kernel: [ INFO: possible circular locking dependency detected ] kernel: 3.0.0-rc1-00049-g1fa7b6a #57 kernel: ------------------------------------------------------- kernel: kworker/0:1/4525 is trying to acquire lock: kernel: (&rdev->mtx){+.+.+.}, at: [<ffffffff8164c831>] cfg80211_netdev_notifier_call+0x131/0x5b0 kernel: kernel: but task is already holding lock: kernel: (&rdev->devlist_mtx){+.+.+.}, at: [<ffffffff8164dcef>] cfg80211_rfkill_set_block+0x4f/0xa0 kernel: kernel: which lock already depends on the new lock. To fix this, add a new mutex specifically for sched_scan, to protect the sched_scan_req element in the rdev struct, instead of using the global rdev mutex. Reported-by: Duane Griffin <duaneg@dghda.com> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-06-28Merge branch 'master' of ↵John W. Linville1-1/+2
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 Conflicts: drivers/net/wireless/iwlwifi/iwl-tx.c
2011-06-27mac80211: fix rx->key NULL dereference during mic failureArik Nemtsov1-1/+2
Sometimes when reporting a MIC failure rx->key may be unset. This code path is hit when receiving a packet meant for a multicast address, and decryption is performed in HW. Fortunately, the failing key_idx is not used for anything up to (and including) usermode, so we allow ourselves to drop it on the way up when a key cannot be retrieved. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-06-22nl80211: use netlink consistent dump feature for BSS dumpsJohannes Berg1-4/+8
Use the new consistent dump feature from (generic) netlink to advertise when dumps are incomplete. Readers may note that this does not initialize the rdev->bss_generation counter to a non-zero value. This is still OK since the value is modified only under spinlock when the list is modified. Since the dump code holds the spinlock, the value will either be > 0 already, or the list will still be empty in which case a consistent dump will actually be made (and be empty). Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-06-10Merge branch 'master' of ↵John W. Linville1-5/+4
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 Conflicts: drivers/net/wireless/iwlwifi/iwl-agn-rxon.c drivers/net/wireless/rtlwifi/pci.c
2011-06-07nl80211: fix overflow in ssid_lenLuciano Coelho1-5/+4
When one of the SSID's length passed in a scan or sched_scan request is larger than 255, there will be an overflow in the u8 that is used to store the length before checking. This causes the check to fail and we overrun the buffer when copying the SSID. Fix this by checking the nl80211 attribute length before copying it to the struct. This is a follow up for the previous commit 208c72f4fe44fe09577e7975ba0e7fa0278f3d03, which didn't fix the problem entirely. Reported-by: Ido Yariv <ido@wizery.com> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-06-01cfg80211: skip disabled channels on channel surveyLuis R. Rodriguez1-4/+15
The channel survey information will be empy for disabled channels so simply discard those entries. Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-06-01nl80211: add testmode dump supportWey-Yi Guy1-0/+88
This adds dump support to testmode. The testmode dump support in nl80211 requires using two of the six cb->args, the rest can be used by the driver to figure out where the dump position is at or to store other data across invocations. Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-26nl80211: fix check for valid SSID size in scan operationsLuciano Coelho1-2/+2
In both trigger_scan and sched_scan operations, we were checking for the SSID length before assigning the value correctly. Since the memory was just kzalloc'ed, the check was always failing and SSID with over 32 characters were allowed to go through. This was causing a buffer overflow when copying the actual SSID to the proper place. This bug has been there since 2.6.29-rc4. Cc: stable@kernel.org Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-19nl80211: remove some stack variables in trigger_scan and start_sched_scanLuciano Coelho1-8/+4
Some stack variables (name *ssid and *channel) are only used to define the size of the memory block that needs to be allocated for the request structure in the nl80211_trigger_scan() and nl80211_start_sched_scan() functions. This is unnecessary because the sizes of the actual elements in the structure can be used instead. Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-16nl80211: Move peer link state definition to nl80211Javier Cardona1-1/+1
These definitions need to be exposed now that we can set the peer link states via NL80211_ATTR_STA_PLINK_STATE. They were already being (opaquely) reported by NL80211_STA_INFO_PLINK_STATE. Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>