- 22 Aug, 2023 40 commits
-
-
Arnd Bergmann authored
While looking at a bug, I got rather confused by the layout of the 'status' field in ieee80211_tx_info. Apparently, the intention is that status_driver_data[] is used for driver specific data, and fills up the size of the union to 40 bytes, just like the other ones. This is indeed what actually happens, but only because of the combination of two mistakes: - "void *status_driver_data[18 / sizeof(void *)];" is intended to be 18 bytes long but is actually two bytes shorter because of rounding-down in the division, to a multiple of the pointer size (4 bytes or 8 bytes). - The other fields combined are intended to be 22 bytes long, but are actually 24 bytes because of padding in front of the unaligned tx_time member, and in front of the pointer array. The two mistakes cancel out. so the size ends up fine, but it seems more helpful to make this explicit, by having a multiple of 8 bytes in the size calculation and explicitly describing the padding. Fixes: ea5907db ("mac80211: fix struct ieee80211_tx_info size") Fixes: 02219b3a ("mac80211: add WMM admission control support") Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Reviewed-by:
Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20230623152443.2296825-2-arnd@kernel.orgSigned-off-by:
Johannes Berg <johannes.berg@intel.com>
-
Randy Dunlap authored
Add description for struct member 'agg' to prevent a kernel-doc warning. mac80211.h:2289: warning: Function parameter or member 'agg' not described in 'ieee80211_link_sta' Fixes: 4c51541d ("wifi: mac80211: keep A-MSDU data in sta and per-link") Signed-off-by:
Randy Dunlap <rdunlap@infradead.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: Johannes Berg <johannes@sipsolutions.net> Cc: Benjamin Berg <benjamin.berg@intel.com> Cc: linux-wireless@vger.kernel.org Link: https://lore.kernel.org/r/20230710230312.31197-10-rdunlap@infradead.org [reword the kernel-doc comment] Signed-off-by:
-
Randy Dunlap authored
Fix a typo (82011 -> 80211) to prevent a kernel-doc warning. Add one missing function parameter description to prevent a kernel-doc warning. ieee80211_radiotap.h:52: warning: expecting prototype for struct ieee82011_radiotap_header. Prototype was for struct ieee80211_radiotap_header instead ieee80211_radiotap.h:581: warning: Function parameter or member 'data' not described in 'ieee80211_get_radiotap_len' Fixes: 42f82e2e ("wireless: radiotap: rewrite the radiotap header file") Signed-off-by:
-
Randy Dunlap authored
Drop an unused (extra) enum value to prevent a kernel-doc warning. cfg80211.h:1492: warning: Excess enum value 'STATION_PARAM_APPLY_STA_TXPOWER' description in 'station_parameters_apply_mask' Fixes: 2d8b08fe ("wifi: cfg80211: fix kernel-doc warnings all over the file") Signed-off-by:
-
Dmitry Antipov authored
Fix and hopefully improve documentation for 'flag' fields of a few types by adding references to relevant enumerations. Signed-off-by:
Dmitry Antipov <dmantipov@yandex.ru> Link: https://lore.kernel.org/r/20230713132957.275859-1-dmantipov@yandex.ruSigned-off-by:
-
Yue Haibing authored
nl80211_pmsr_dump_results() is never implemented since it was added in commit 9bb7e0f2 ("cfg80211: add peer measurement with FTM initiator API"). Signed-off-by:
Yue Haibing <yuehaibing@huawei.com> Reviewed-by:
Simon Horman <horms@kernel.org> Link: https://lore.kernel.org/r/20230729121651.36836-1-yuehaibing@huawei.comSigned-off-by:
-
Yue Haibing authored
Commit ccf80ddf ("mac80211: mesh function and data structures definitions") introducted this but never implemented it. Signed-off-by:
-
Yue Haibing authored
Commit 68542962 ("mac80211: Fix circular locking dependency in ARP filter handling") left the ieee80211_set_arp_filter() declaration unused. And commit 164eb02d ("mac80211: add radar detection command/event") introducted ieee80211_dfs_cac_timer() declaration but never implemented it. Signed-off-by:
-
Yue Haibing authored
Commit 55682965 ("[NL80211]: add netlink interface to cfg80211") declared but never implemented this, remove it. Commit 11433ee4 ("[WEXT]: Move to net/wireless") rename net/core/wireless.c to net/wireless/wext.c, then commit 3d23e349 ("wext: refactor") refactor wext.c to wext-core.c, fix the wext comment. Signed-off-by:
-
Lin Ma authored
The previous commit dd3e4fc7 ("nl80211/cfg80211: add BSS color to NDP ranging parameters") adds a parameter for NDP ranging by introducing a new attribute type named NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR. However, the author forgot to also describe the nla_policy at nl80211_pmsr_ftm_req_attr_policy (net/wireless/nl80211.c). Just complement it to avoid malformed attribute that causes out-of-attribute access. Fixes: dd3e4fc7 ("nl80211/cfg80211: add BSS color to NDP ranging parameters") Signed-off-by:
Lin Ma <linma@zju.edu.cn> Reviewed-by:
-
EN-WEI WU authored
The nlmsg_free() ends up calling kfree_skb(), and kfree_skb() is not allowed to be called from hardware interrupt context or with hardware interrupts being disabled. Replace the mistaken usage of nlmsg_free() by dev_kfree_skb_irq(), which is safe in both cases. Signed-off-by:
EN-WEI WU <enweiwu@FreeBSD.org> Link: https://lore.kernel.org/r/20230815095427.13589-1-enweiwu@FreeBSD.orgSigned-off-by:
-
Johannes Berg authored
Code inspection reveals that we switch the puncturing bitmap before the real channel switch, since that happens only in the second round of the worker after the channel context is switched by ieee80211_link_use_reserved_context(). Fixes: 2cc25e4b ("wifi: mac80211: configure puncturing bitmap") Signed-off-by:
-
Johannes Berg authored
While technically some control frames like ACK are shorter and end after Address 1, such frames shouldn't be forwarded through wmediumd or similar userspace, so require the full 3-address header to avoid accessing invalid memory if shorter frames are passed in. Reported-by: syzbot+b2645b5bf1512b81fa22@syzkaller.appspotmail.com Reviewed-by:
Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by:
-
Johannes Berg authored
When probing a client, first check if we have it, and then check for the channel context, otherwise you can trigger the warning there easily by probing when the AP isn't even started yet. Since a client existing means the AP is also operating, we can then keep the warning. Also simplify the moved code a bit. Reported-by: syzbot+999fac712d84878a7379@syzkaller.appspotmail.com Signed-off-by: -
Johannes Berg authored
If there's no OCB state, don't ask the driver/mac80211 to leave, since that's just confusing. Since set/clear the chandef state, that's a simple check. Reported-by: syzbot+09d1cd2f71e6dd3bfd2c@syzkaller.appspotmail.com Signed-off-by: -
Johannes Berg authored
If the AP uses our own address as its MLD address or BSSID, then clearly something's wrong. Reject such connections so we don't try and fail later. Reported-by: syzbot+2676771ed06a6df166ad@syzkaller.appspotmail.com Signed-off-by: -
Johannes Berg authored
Before checking the action code, check that it even exists in the frame. Reported-by: syzbot+be9c824e6f269d608288@syzkaller.appspotmail.com Signed-off-by: -
Avraham Stern authored
In case the SAP connection is established before the interface is added, the mac address is still not set. Don't send the nic info SAP message in this case since it will result in sending an invalid mac address. The nic info message will be sent with a valid mac address when the interface is added. Signed-off-by:
Avraham Stern <avraham.stern@intel.com> Signed-off-by:
Gregory Greenman <gregory.greenman@intel.com> Link: https://lore.kernel.org/r/20230822103048.a49436bed387.I0ca88d72456e6e9f939bbc2e0c52ffb173fbc97e@changeidSigned-off-by:
-
Avraham Stern authored
When wiamt is disabled the driver up SAP message is not sent, so there is no need to send the driver down message as well. Signed-off-by:
-
Avraham Stern authored
The HOST_GOES_DOWN message should be sent even if wiamt is disabled. Otherwise wiamt may still use the shared memory (e.g. if enabled later) while it's no longer valid. Signed-off-by:
-
Avraham Stern authored
SAP messages should not be sent when AMT is disabled. Signed-off-by:
-
Avraham Stern authored
In case CSME holds the NIC and SAP connection is already established, iwl_pcie_prepare_card_hw() during iwl_pci_probe() will fail (which is fine since CSME will release the nic later when asked with a SAP message). In this case tring to grab nic access to read the crf ids will fail with a warning. Avoid the warning by only trying to read the crf ids in case prepare card succeeded. Signed-off-by:
-
Mukesh Sisodiya authored
LMAC error table address was checked against UMAC error table minimum address defined. Because of that, the LMAC error table was not read, since both addresses belong to different ranges. As addresses are updated from FW alive message and should be correct, this check is not needed. Still keep the check for address 0 to avoid NULL address read. Signed-off-by:
Mukesh Sisodiya <mukesh.sisodiya@intel.com> Signed-off-by:
-
Johannes Berg authored
Support TX flush on AP interfaces so that we will do a proper flush for frames on the queue before keys are removed. Signed-off-by:
-
Johannes Berg authored
Two new RFs were added in the code, but we forgot to add them to the list here that enables HE TX/RX 1024 QAM less than 242 tone RU. Signed-off-by:
-
Gregory Greenman authored
Add a new vendor (Razer) to PPAG approved list. Signed-off-by:
-
Johannes Berg authored
There are occasionally bugs which cause the device to try to use a TFD that it wasn't supposed to, and these are very hard to diagnose. Fill all unused TFDs with a debug command that immediately causes an error to be detected in these cases. Signed-off-by:
-
Johannes Berg authored
We need this earlier in the file next, move it up to have an easier to read change, since this moves other things in the diff git generates by default. Signed-off-by:
-
Johannes Berg authored
We will need this in another place soon in reclaim and init, so add this function to the queue header file instead. Signed-off-by:
-
Johannes Berg authored
This is only ever initialized to zero, use a new define for the default RX queue instead. Signed-off-by:
-
Johannes Berg authored
This is a bit messy right now, there are functions for both, but then gen1 function can actually deal with both gen1 and gen2, due to the confusion about use_tfh/gen2 cleaned up in the previous patch. Fix the common paths to call the right functions and remove handling of gen2 from the gen1 function. Signed-off-by:
-
Johannes Berg authored
There's no reason to warn here, it's not an internal consistency issue, we even use this to check if the device is dead, and if it read_mem() returns an error that's either because grab NIC access or memory allocation failed, both of which are already noisy. Just remove the warning entirely. Signed-off-by:
-
Johannes Berg authored
The structure name in the docs should be given in all lower case matching the actual C declaration. Signed-off-by:
-
Johannes Berg authored
If 11ax/EHT is disabled, then we shouldn't advertise MLO support either. Signed-off-by:
-
Kees Cook authored
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct cfg80211_tid_config. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Johannes Berg <johannes@sipsolutions.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by:
Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by:
-
Kees Cook authored
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct cfg80211_scan_request. Additionally, since the element count member must be set before accessing the annotated flexible array member, move its initialization earlier. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Johannes Berg <johannes@sipsolutions.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by:
-
Kees Cook authored
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct cfg80211_rnr_elems. Additionally, since the element count member must be set before accessing the annotated flexible array member, move its initialization earlier. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Johannes Berg <johannes@sipsolutions.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by:
-
Kees Cook authored
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct cfg80211_pmsr_request. Additionally, since the element count member must be set before accessing the annotated flexible array member, move its initialization earlier. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Johannes Berg <johannes@sipsolutions.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by:
-
Kees Cook authored
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct cfg80211_mbssid_elems. Additionally, since the element count member must be set before accessing the annotated flexible array member, move its initialization earlier. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Johannes Berg <johannes@sipsolutions.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by:
-
Kees Cook authored
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). As found with Coccinelle[1], add __counted_by for struct cfg80211_cqm_config. [1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci Cc: Johannes Berg <johannes@sipsolutions.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by:
-
