1. 06 Sep, 2018 26 commits
  2. 05 Sep, 2018 14 commits
    • YueHaibing's avatar
      net: lan743x_ptp: make function lan743x_ptp_set_sync_ts_insert() static · 05dcc712
      YueHaibing authored
      Fixes the following sparse warning:
      
      drivers/net/ethernet/microchip/lan743x_ptp.c:980:6: warning:
       symbol 'lan743x_ptp_set_sync_ts_insert' was not declared. Should it be static?
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      05dcc712
    • Wei Yongjun's avatar
      net/mlx5e: Make function mlx5i_grp_sw_update_stats() static · fbb66ad5
      Wei Yongjun authored
      Fixes the following sparse warning:
      
      drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c:119:6: warning:
       symbol 'mlx5i_grp_sw_update_stats' was not declared. Should it be static?
      Signed-off-by: default avatarWei Yongjun <weiyongjun1@huawei.com>
      Reviewed-by: default avatarLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fbb66ad5
    • David S. Miller's avatar
      Merge tag 'mac80211-next-for-davem-2018-09-05' of... · 579d03fe
      David S. Miller authored
      Merge tag 'mac80211-next-for-davem-2018-09-05' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next
      
      Johannes Berg says:
      
      ====================
      This time, we have some pretty impactful work. Among
      the changes:
       * changes to make PTK rekeying work better, or actually
         better/safely if drivers get updated
       * VHT extended NSS support - some APs had capabilities
         that didn't fit into the VHT (11ac) spec, so the spec
         was updated and we follow that now
       * some TXQ and A-MSDU building work - will allow iwlwifi
         to use this soon
       * more HE work, including aligning to 802.11ax Draft 3.0
       * L-SIG and 0-length-PSDU support in radiotap
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      579d03fe
    • Stanislaw Gruszka's avatar
      cfg80211: validate wmm rule when setting · 014f5a25
      Stanislaw Gruszka authored
      Add validation check for wmm rule when copy rules from fwdb and print
      error when rule is invalid.
      Signed-off-by: default avatarStanislaw Gruszka <sgruszka@redhat.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      014f5a25
    • Gustavo A. R. Silva's avatar
      mac80211: remove unnecessary NULL check · 40b5a0f8
      Gustavo A. R. Silva authored
      Both old and new cannot be NULL at the same time, hence checking
      new when old is not NULL is unnecessary.
      
      Also, notice that new is being dereferenced before it is checked:
      
      	idx = new->conf.keyidx;
      
      The above triggers a static code analysis warning.
      
      Address this by removing the NULL check on new and adding a code
      comment based on the following piece of code:
      
      387        /* caller must provide at least one old/new */
      388        if (WARN_ON(!new && !old))
      389                return 0;
      
      Addresses-Coverity-ID: 1473176 ("Dereference before null check")
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      40b5a0f8
    • Sara Sharon's avatar
      mac80211: add an option for drivers to check if packets can be aggregated · 9739fe29
      Sara Sharon authored
      Some hardwares have limitations on the packets' type in AMSDU.
      Add an optional driver callback to determine if two skbs can
      be used in the same AMSDU or not.
      Signed-off-by: default avatarSara Sharon <sara.sharon@intel.com>
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      9739fe29
    • Sara Sharon's avatar
      mac80211: allow AMSDU size limitation per-TID · edba6bda
      Sara Sharon authored
      Some drivers may have AMSDU size limitation per TID, due to
      HW constrains. Add an option to set this limit.
      Signed-off-by: default avatarSara Sharon <sara.sharon@intel.com>
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      edba6bda
    • Sara Sharon's avatar
      mac80211: add an option for station management TXQ · 0eeb2b67
      Sara Sharon authored
      We have a TXQ abstraction for non-data packets that need
      powersave buffering. Since the AP cannot sleep, in case
      of station we can use this TXQ for all management frames,
      regardless if they are bufferable. Add HW flag to allow
      that.
      Signed-off-by: default avatarSara Sharon <sara.sharon@intel.com>
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      0eeb2b67
    • Shaul Triebitz's avatar
      wireless: align to draft 11ax D3.0 · add7453a
      Shaul Triebitz authored
      Align to new 11ax draft D3.0.  Change/add new MAC and PHY capabilities
      and update drivers' 11ax capabilities and mac80211's debugfs
      accordingly.
      Signed-off-by: default avatarShaul Triebitz <shaul.triebitz@intel.com>
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      add7453a
    • Naftali Goldstein's avatar
      mac80211: fix saving a few HE values · 77cbbc35
      Naftali Goldstein authored
      After masking the he_oper_params, to get the requested values as
      integers one must rshift and not lshift.  Fix that by using the
      le32_get_bits() macro.
      
      Fixes: 41cbb0f5 ("mac80211: add support for HE")
      Signed-off-by: default avatarNaftali Goldstein <naftali.goldstein@intel.com>
      [converted to use le32_get_bits()]
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      77cbbc35
    • Shaul Triebitz's avatar
      mac80211: support reporting 0-length PSDU in radiotap · c3d1f875
      Shaul Triebitz authored
      For certain sounding frames, it may be useful to report them
      to userspace even though they don't have a PSDU in order to
      determine the PHY parameters (e.g. VHT rate/stream config.)
      Add support for this to mac80211.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarShaul Triebitz <shaul.triebitz@intel.com>
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      c3d1f875
    • Alexander Wetzel's avatar
      mac80211: Fix PTK rekey freezes and clear text leak · 62872a9b
      Alexander Wetzel authored
      Rekeying PTK keys without "Extended Key ID for Individually Addressed
      Frames" did use a procedure not suitable to replace in-use keys and
      could caused the following issues:
      
       1) Freeze caused by incoming frames:
          If the local STA installed the key prior to the remote STA we still
          had the old key active in the hardware when mac80211 switched over
          to the new key.
          Therefore there was a window where the card could hand over frames
          decoded with the old key to mac80211 and bump the new PN (IV) value
          to an incorrect high number. When it happened the local replay
          detection silently started to drop all frames sent with the new key.
      
       2) Freeze caused by outgoing frames:
          If mac80211 was providing the PN (IV) and handed over a clear text
          frame for encryption to the hardware prior to a key change the
          driver/card could have processed the queued frame after switching
          to the new key. This bumped the PN value on the remote STA to an
          incorrect high number, tricking the remote STA to discard all frames
          we sent later.
      
       3) Freeze caused by RX aggregation reorder buffer:
          An aggregation session started with the old key and ending after the
          switch to the new key also bumped the PN to an incorrect high number,
          freezing the connection quite similar to 1).
      
       4) Freeze caused by repeating lost frames in an aggregation session:
          A driver could repeat a lost frame and encrypt it with the new key
          while in a TX aggregation session without updating the PN for the
          new key. This also could freeze connections similar to 2).
      
       5) Clear text leak:
          Removing encryption offload from the card cleared the encryption
          offload flag only after the card had deleted the key and we did not
          stop TX during the rekey. The driver/card could therefore get
          unencrypted frames from mac80211 while no longer be instructed to
          encrypt them.
      
      To prevent those issues the key install logic has been changed:
       - Mac80211 divers known to be able to rekey PTK0 keys have to set
         @NL80211_EXT_FEATURE_CAN_REPLACE_PTK0,
       - mac80211 stops queuing frames depending on the key during the replace
       - the key is first replaced in the hardware and after that in mac80211
       - and mac80211 stops/blocks new aggregation sessions during the rekey.
      
      For drivers not setting
      @NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 the user space must avoid PTK
      rekeys if "Extended Key ID for Individually Addressed Frames" is not
      being used. Rekeys for mac80211 drivers without this flag will generate a
      warning and use an extra call to ieee80211_flush_queues() to both
      highlight and try to prevent the issues with not updated drivers.
      
      The core of the fix changes the key install procedure from:
       - atomic switch over to the new key in mac80211
       - remove the old key in the hardware (stops encryption offloading, fall
         back to software encryption with a potential clear text packet leak
         in between)
       - delete the inactive old key in mac80211
       - enable hardware encryption offloading for the new key
      to:
       - if it's a PTK mark the old key as tainted to drop TX frames with the
         outgoing key
       - replace the key in hardware with the new one
       - atomic switch over to the new (not marked as tainted) key in
         mac80211 (which also resumes TX)
       - delete the inactive old key in mac80211
      
      With the new sequence the hardware will be unable to decrypt frames
      encrypted with the old key prior to switching to the new key in mac80211
      and thus prevent PNs from packets decrypted with the old key to be
      accounted against the new key.
      
      For that to work the drivers have to provide a clear boundary.
      Mac80211 drivers setting @NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 confirm
      to provide it and mac80211 will then be able to correctly rekey in-use
      PTK keys with those drivers.
      
      The mac80211 requirements for drivers to set the flag have been added to
      the "Hardware crypto acceleration" documentation section. It drills down
      to:
      The drivers must not hand over frames decrypted with the old key to
      mac80211 once the call to set_key() with %DISABLE_KEY has been
      completed. It's allowed to either drop or continue to use the old key
      for any outgoing frames which are already in the queues, but it must not
      send out any of them unencrypted or encrypted with the new key.
      
      Even with the new boundary in place aggregation sessions with the
      reorder buffer are problematic:
      RX aggregation session started prior and completed after the rekey could
      still dump frames received with the old key at mac80211 after it
      switched over to the new key. This is side stepped by stopping all (RX
      and TX) aggregation sessions when replacing a PTK key and hardware key
      offloading.
      Stopping TX aggregation sessions avoids the need to get
      the PNs (IVs) updated in frames prepared for the old key and
      (re)transmitted after the switch to the new key. As a bonus it improves
      the compatibility when the remote STA is not handling rekeys as it
      should.
      
      When using software crypto aggregation sessions are not stopped.
      Mac80211 won't be able to decode the dangerous frames and discard them
      without special handling.
      Signed-off-by: default avatarAlexander Wetzel <alexander@wetzel-home.de>
      [trim overly long rekey warning]
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      62872a9b
    • Alexander Wetzel's avatar
      nl80211: Add CAN_REPLACE_PTK0 API · 2b815b04
      Alexander Wetzel authored
      Drivers able to correctly replace a in-use key should set
      @NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 to allow the user space (e.g.
      hostapd or wpa_supplicant) to rekey PTK keys.
      
      The user space must detect a PTK rekey attempt and only go ahead with it
      when the driver has set this flag. If the driver is not supporting the
      feature the user space either must not replace the PTK key or perform a
      full re-association instead.
      
      Ignoring this flag and continuing to rekey the connection can still work
      but has to be considered insecure and broken. Depending on the driver it
      can leak clear text packets or freeze the connection and is only
      supported to allow the user space to be updated.
      Signed-off-by: default avatarAlexander Wetzel <alexander@wetzel-home.de>
      Reviewed-by: default avatarDenis Kenzior <denkenz@gmail.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      2b815b04
    • Shaul Triebitz's avatar
      mac80211: support radiotap L-SIG data · d1332e7b
      Shaul Triebitz authored
      As before with HE, the data needs to be provided by the
      driver in the skb head, since there's not enough space
      in the skb CB.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarShaul Triebitz <shaul.triebitz@intel.com>
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      d1332e7b