user/sven/linux.git/net/wireless, branch v3.12.23

cfg80211: free sme on connection failures

2014-06-06T09:40:22Z

commit c1fbb258846dfc425507a093922d2d001e54c3ea upstream. cfg80211 is notified about connection failures by __cfg80211_connect_result() call. However, this function currently does not free cfg80211 sme. This results in hanging connection attempts in some cases e.g. when mac80211 authentication attempt is denied, we have this function call: ieee80211_rx_mgmt_auth() -> cfg80211_rx_mlme_mgmt() -> cfg80211_process_auth() -> cfg80211_sme_rx_auth() -> __cfg80211_connect_result() but cfg80211_sme_free() is never get called. Fixes: ceca7b712 ("cfg80211: separate internal SME implementation") Signed-off-by: Eliad Peller Signed-off-by: Johannes Berg Signed-off-by: Jiri Slaby

nl80211: Reset split_start when netlink skb is exhausted

2014-02-22T21:32:25Z

commit f12cb2893069495726c21a4b0178705dacfecfe0 upstream. When the netlink skb is exhausted split_start is left set. In the subsequent retry, with a larger buffer, the dump is continued from the failing point instead of from the beginning. This was causing my rt28xx based USB dongle to now show up when running "iw list" with an old iw version without split dump support. Fixes: 3713b4e364ef ("nl80211: allow splitting wiphy information in dumps") Signed-off-by: Pontus Fuchs [avoid the entire workaround when state->split is set] Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman

radiotap: fix bitmap-end-finding buffer overrun

2014-01-09T20:25:13Z

commit bd02cd2549cfcdfc57cb5ce57ffc3feb94f70575 upstream. Evan Huus found (by fuzzing in wireshark) that the radiotap iterator code can access beyond the length of the buffer if the first bitmap claims an extension but then there's no data at all. Fix this. Reported-by: Evan Huus Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman

cfg80211: disable 5/10 MHz support for all drivers

2013-12-20T15:48:58Z

commit 9f16d84ad73ea04145a5dc85c8f1067915b37eea upstream. Due to nl80211 API breakage, 5/10 MHz support is broken for all drivers. Fixing it requires adding new API, but that can't be done as a bugfix commit since that would require either updating all APIs in the trees needing the bugfix or cause different kernels to have incompatible API. Therefore, just disable 5/10 MHz support for all drivers. Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman

cfg80211: fix scheduled scan pointer access

2013-12-04T19:05:11Z

commit 79845c662eeb95c9a180b9bd0d3ad848ee65b94c upstream. Since rdev->sched_scan_req is dereferenced outside the lock protecting it, this might be done at the wrong time, causing crashes. Move the dereference to where it should be - inside the RTNL locked section. Reviewed-by: Emmanuel Grumbach Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman

wireless: radiotap: fix parsing buffer overrun

2013-10-14T07:47:00Z

When parsing an invalid radiotap header, the parser can overrun the buffer that is passed in because it doesn't correctly check 1) the minimum radiotap header size 2) the space for extended bitmaps The first issue doesn't affect any in-kernel user as they all check the minimum size before calling the radiotap function. The second issue could potentially affect the kernel if an skb is passed in that consists only of the radiotap header with a lot of extended bitmaps that extend past the SKB. In that case a read-only buffer overrun by at most 4 bytes is possible. Fix this by adding the appropriate checks to the parser. Cc: stable@vger.kernel.org Reported-by: Evan Huus Signed-off-by: Johannes Berg

cfg80211: don't add p2p device while in RFKILL

2013-10-09T16:40:16Z

Since P2P device doesn't have a netdev associated to it, we cannot prevent the user to start it when in RFKILL. So refuse to even add it when in RFKILL. Signed-off-by: Emmanuel Grumbach Signed-off-by: Johannes Berg

cfg80211: fix sysfs registration race

2013-09-26T18:03:45Z

My locking rework/race fixes caused a regression in the registration, causing uevent notifications for wireless devices before the device is really fully registered and available in nl80211. Fix this by moving the device_add() under rtnl and move the rfkill to afterwards (it can't be under rtnl.) Reported-and-tested-by: Maxime Bizon Signed-off-by: Johannes Berg

cfg80211: fix warning when using WEXT for IBSS

2013-09-26T17:43:14Z

Fix kernel warning when using WEXT for configuring ad-hoc mode, e.g. "iwconfig wlan0 essid test channel 1" WARNING: at net/wireless/chan.c:373 cfg80211_chandef_usable+0x50/0x21c [cfg80211]() The warning is caused by an uninitialized variable center_freq1. Cc: stable@vger.kernel.org Signed-off-by: Bruno Randolf Signed-off-by: Johannes Berg

cfg80211: use the correct macro to check for active monitor support

2013-09-26T11:22:45Z

Use MONITOR_FLAG_ACTIVE, which is a flag mask, instead of NL80211_MNTR_FLAG_ACTIVE, which is a flag index, when checking if the hardware supports active monitoring. Cc: stable@vger.kernel.org Signed-off-by: Luciano Coelho Signed-off-by: Johannes Berg