All of lore.kernel.org
 help / color / mirror / Atom feed
* pull-request: iwlwifi 2016-06-10
@ 2016-06-10 12:36 Luca Coelho
  2016-06-10 12:39 ` [PATCH 1/5] iwlwifi: mvm: increase scan timeout to 20 seconds Luca Coelho
  2016-06-14 14:09 ` pull-request: iwlwifi 2016-06-10 Kalle Valo
  0 siblings, 2 replies; 7+ messages in thread
From: Luca Coelho @ 2016-06-10 12:36 UTC (permalink / raw)
  To: kvalo; +Cc: linux-wireless

[-- Attachment #1: Type: text/plain, Size: 2002 bytes --]

Hi Kalle,

Here are some fixes intended for 4.7.  Nothing really big, just some
fixes for bugs introduced in recent patches and a long-standing bug
with IGTK keys, which apparently had never worked properly before.  A
few more details in the tag message.

Let me know if everything's fine (or not). :)

Luca.


The following changes since commit 182fd9eecb287e696c82b30d06c6150d80a49c5b:

  MAINTAINERS: Add file patterns for wireless device tree bindings (2016-06-04 17:24:02 +0300)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes.git tags/iwlwifi-for-kalle-2016-06-10

for you to fetch changes up to 280a3efa82fccc9532c968a77e5162cb9f0af497:

  iwlwifi: mvm: fix a few firmware capability checks (2016-06-10 14:20:08 +0300)

----------------------------------------------------------------
* fix the scan timeout for long scans
* fix an RCU splat caused when updating the TKIP key
* fix a potential NULL-derefence introduced recently
* fix a IGTK key bug that has existed since the MVM driver was introduced
* fix some fw capabilities checks that got accidentally inverted

----------------------------------------------------------------
Ayala Beker (1):
      iwlwifi: mvm: set the encryption type of an IGTK key

Emmanuel Grumbach (1):
      iwlwifi: mvm: fix RCU splat in TKIP's update_key

Johannes Berg (1):
      iwlwifi: mvm: fix a few firmware capability checks

Luca Coelho (2):
      iwlwifi: mvm: increase scan timeout to 20 seconds
      iwlwifi: mvm: fix potential NULL-dereference in iwl_mvm_reorder()

 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c |  8 ++++----
 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c     |  4 +++-
 drivers/net/wireless/intel/iwlwifi/mvm/scan.c     |  2 +-
 drivers/net/wireless/intel/iwlwifi/mvm/sta.c      | 16 +++++++++++++++-
 4 files changed, 23 insertions(+), 7 deletions(-)

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 1/5] iwlwifi: mvm: increase scan timeout to 20 seconds
  2016-06-10 12:36 pull-request: iwlwifi 2016-06-10 Luca Coelho
@ 2016-06-10 12:39 ` Luca Coelho
  2016-06-10 12:39   ` [PATCH 2/5] iwlwifi: mvm: fix RCU splat in TKIP's update_key Luca Coelho
                     ` (3 more replies)
  2016-06-14 14:09 ` pull-request: iwlwifi 2016-06-10 Kalle Valo
  1 sibling, 4 replies; 7+ messages in thread
From: Luca Coelho @ 2016-06-10 12:39 UTC (permalink / raw)
  To: linux-wireless; +Cc: Luca Coelho

From: Luca Coelho <luciano.coelho@intel.com>

The 16 seconds timeout we were using turned out to be too short.
Recalculations by system show that the total time in both bands should
be < 18.5 seconds, even in the slowest cases (e.g. DCM P2P with
DTIM=2).  Rounding it up to 20 seconds for a bit more safety.

Fixes: 728e825f81b1 ("iwlwifi: mvm: add a scan timeout for regular scans")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c
index 6f609dd..e78fc56 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c
@@ -1222,7 +1222,7 @@ static int iwl_mvm_check_running_scans(struct iwl_mvm *mvm, int type)
 	return -EIO;
 }
 
-#define SCAN_TIMEOUT (16 * HZ)
+#define SCAN_TIMEOUT (20 * HZ)
 
 void iwl_mvm_scan_timeout(unsigned long data)
 {
-- 
2.8.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH 2/5] iwlwifi: mvm: fix RCU splat in TKIP's update_key
  2016-06-10 12:39 ` [PATCH 1/5] iwlwifi: mvm: increase scan timeout to 20 seconds Luca Coelho
@ 2016-06-10 12:39   ` Luca Coelho
  2016-06-10 12:39   ` [PATCH 3/5] iwlwifi: mvm: fix potential NULL-dereference in iwl_mvm_reorder() Luca Coelho
                     ` (2 subsequent siblings)
  3 siblings, 0 replies; 7+ messages in thread
From: Luca Coelho @ 2016-06-10 12:39 UTC (permalink / raw)
  To: linux-wireless; +Cc: Emmanuel Grumbach, Luca Coelho

From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>

The commit below mistakenly changed an rcu_dereference_check
to a rcu_dereference_protected which introduced the
following RCU warning:

[ INFO: suspicious RCU usage. ]
 4.6.0-rc7-next-20160513-dbg-00004-g8de8b92-dirty #655 Not tainted
 -------------------------------
 drivers/net/wireless/intel/iwlwifi/mvm/mvm.h:1069 suspicious rcu_dereference_protected() usage!
 Call Trace:
  [<ffffffff8106b836>] lockdep_rcu_suspicious+0xf7/0x100
  [<ffffffffa03b2321>] iwl_mvm_get_key_sta.part.0+0x5d/0x80 [iwlmvm]
  [<ffffffffa03b4acb>] iwl_mvm_update_tkip_key+0xd3/0x162 [iwlmvm]
  [<ffffffffa03a2b60>] iwl_mvm_mac_update_tkip_key+0x17/0x19 [iwlmvm]
  [<ffffffffa0329646>] ieee80211_tkip_decrypt_data+0x22c/0x24b [mac80211]
  [<ffffffffa0318bb1>] ieee80211_crypto_tkip_decrypt+0xc5/0x110 [mac80211]
  [<ffffffffa033102e>] ieee80211_rx_handlers+0x9bb/0x1fe1 [mac80211]

Fixes: 13303c0fb148 ("iwlwifi: mvm: use helpers to get iwl_mvm_sta")
Reported-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
 drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
index fea4d3437..0454bfe 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
@@ -1852,12 +1852,18 @@ static struct iwl_mvm_sta *iwl_mvm_get_key_sta(struct iwl_mvm *mvm,
 	    mvmvif->ap_sta_id != IWL_MVM_STATION_COUNT) {
 		u8 sta_id = mvmvif->ap_sta_id;
 
+		sta = rcu_dereference_check(mvm->fw_id_to_mac_id[sta_id],
+					    lockdep_is_held(&mvm->mutex));
+
 		/*
 		 * It is possible that the 'sta' parameter is NULL,
 		 * for example when a GTK is removed - the sta_id will then
 		 * be the AP ID, and no station was passed by mac80211.
 		 */
-		return iwl_mvm_sta_from_staid_protected(mvm, sta_id);
+		if (IS_ERR_OR_NULL(sta))
+			return NULL;
+
+		return iwl_mvm_sta_from_mac80211(sta);
 	}
 
 	return NULL;
-- 
2.8.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH 3/5] iwlwifi: mvm: fix potential NULL-dereference in iwl_mvm_reorder()
  2016-06-10 12:39 ` [PATCH 1/5] iwlwifi: mvm: increase scan timeout to 20 seconds Luca Coelho
  2016-06-10 12:39   ` [PATCH 2/5] iwlwifi: mvm: fix RCU splat in TKIP's update_key Luca Coelho
@ 2016-06-10 12:39   ` Luca Coelho
  2016-06-10 12:39   ` [PATCH 4/5] iwlwifi: mvm: set the encryption type of an IGTK key Luca Coelho
  2016-06-10 12:39   ` [PATCH 5/5] iwlwifi: mvm: fix a few firmware capability checks Luca Coelho
  3 siblings, 0 replies; 7+ messages in thread
From: Luca Coelho @ 2016-06-10 12:39 UTC (permalink / raw)
  To: linux-wireless; +Cc: Luca Coelho

From: Luca Coelho <luciano.coelho@intel.com>

We try to access sta before we check for IS_ERR_OR_NULL(), so we may
end up accessing a NULL pointer.  To prevent that, move the conversion
from sta to mvm_sta below the check.

Fixes: b915c10174fb ("iwlwifi: mvm: add reorder buffer per queue")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
index ac2c571..2c61516 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
@@ -581,7 +581,7 @@ static bool iwl_mvm_reorder(struct iwl_mvm *mvm,
 			    struct iwl_rx_mpdu_desc *desc)
 {
 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
-	struct iwl_mvm_sta *mvm_sta = iwl_mvm_sta_from_mac80211(sta);
+	struct iwl_mvm_sta *mvm_sta;
 	struct iwl_mvm_baid_data *baid_data;
 	struct iwl_mvm_reorder_buffer *buffer;
 	struct sk_buff *tail;
@@ -604,6 +604,8 @@ static bool iwl_mvm_reorder(struct iwl_mvm *mvm,
 	if (WARN_ON(IS_ERR_OR_NULL(sta)))
 		return false;
 
+	mvm_sta = iwl_mvm_sta_from_mac80211(sta);
+
 	/* not a data packet */
 	if (!ieee80211_is_data_qos(hdr->frame_control) ||
 	    is_multicast_ether_addr(hdr->addr1))
-- 
2.8.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH 4/5] iwlwifi: mvm: set the encryption type of an IGTK key
  2016-06-10 12:39 ` [PATCH 1/5] iwlwifi: mvm: increase scan timeout to 20 seconds Luca Coelho
  2016-06-10 12:39   ` [PATCH 2/5] iwlwifi: mvm: fix RCU splat in TKIP's update_key Luca Coelho
  2016-06-10 12:39   ` [PATCH 3/5] iwlwifi: mvm: fix potential NULL-dereference in iwl_mvm_reorder() Luca Coelho
@ 2016-06-10 12:39   ` Luca Coelho
  2016-06-10 12:39   ` [PATCH 5/5] iwlwifi: mvm: fix a few firmware capability checks Luca Coelho
  3 siblings, 0 replies; 7+ messages in thread
From: Luca Coelho @ 2016-06-10 12:39 UTC (permalink / raw)
  To: linux-wireless; +Cc: Ayala Beker, Luca Coelho

From: Ayala Beker <ayala.beker@intel.com>

The FW expect the driver to set the encryption algorithm type when
installing the IGTK key in the HW.
Currently when installing CMAC IGTK key we don't set the algorithm type
and as a result the FW fails to calculate the MIC of multicast management
frames.
Fix it.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
 drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
index 0454bfe..b23ab4a 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
@@ -1961,6 +1961,14 @@ static int iwl_mvm_send_sta_igtk(struct iwl_mvm *mvm,
 		struct ieee80211_key_seq seq;
 		const u8 *pn;
 
+		switch (keyconf->cipher) {
+		case WLAN_CIPHER_SUITE_AES_CMAC:
+			igtk_cmd.ctrl_flags |= cpu_to_le32(STA_KEY_FLG_CCM);
+			break;
+		default:
+			return -EINVAL;
+		}
+
 		memcpy(igtk_cmd.IGTK, keyconf->key, keyconf->keylen);
 		ieee80211_get_key_rx_seq(keyconf, 0, &seq);
 		pn = seq.aes_cmac.pn;
-- 
2.8.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH 5/5] iwlwifi: mvm: fix a few firmware capability checks
  2016-06-10 12:39 ` [PATCH 1/5] iwlwifi: mvm: increase scan timeout to 20 seconds Luca Coelho
                     ` (2 preceding siblings ...)
  2016-06-10 12:39   ` [PATCH 4/5] iwlwifi: mvm: set the encryption type of an IGTK key Luca Coelho
@ 2016-06-10 12:39   ` Luca Coelho
  3 siblings, 0 replies; 7+ messages in thread
From: Luca Coelho @ 2016-06-10 12:39 UTC (permalink / raw)
  To: linux-wireless; +Cc: Johannes Berg, Luca Coelho

From: Johannes Berg <johannes.berg@intel.com>

My cleanup in "iwlwifi: prepare for higher API/CAPA bits" accidentally
inverted a few tests - fix them.

Fixes: 859d914c8f5c ("iwlwifi: prepare for higher API/CAPA bits")
Reported-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
index e5f267b..18a8474 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -3851,8 +3851,8 @@ static int iwl_mvm_mac_get_survey(struct ieee80211_hw *hw, int idx,
 	if (idx != 0)
 		return -ENOENT;
 
-	if (fw_has_capa(&mvm->fw->ucode_capa,
-			IWL_UCODE_TLV_CAPA_RADIO_BEACON_STATS))
+	if (!fw_has_capa(&mvm->fw->ucode_capa,
+			 IWL_UCODE_TLV_CAPA_RADIO_BEACON_STATS))
 		return -ENOENT;
 
 	mutex_lock(&mvm->mutex);
@@ -3898,8 +3898,8 @@ static void iwl_mvm_mac_sta_statistics(struct ieee80211_hw *hw,
 	struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
 	struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
 
-	if (fw_has_capa(&mvm->fw->ucode_capa,
-			IWL_UCODE_TLV_CAPA_RADIO_BEACON_STATS))
+	if (!fw_has_capa(&mvm->fw->ucode_capa,
+			 IWL_UCODE_TLV_CAPA_RADIO_BEACON_STATS))
 		return;
 
 	/* if beacon filtering isn't on mac80211 does it anyway */
-- 
2.8.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: pull-request: iwlwifi 2016-06-10
  2016-06-10 12:36 pull-request: iwlwifi 2016-06-10 Luca Coelho
  2016-06-10 12:39 ` [PATCH 1/5] iwlwifi: mvm: increase scan timeout to 20 seconds Luca Coelho
@ 2016-06-14 14:09 ` Kalle Valo
  1 sibling, 0 replies; 7+ messages in thread
From: Kalle Valo @ 2016-06-14 14:09 UTC (permalink / raw)
  To: Luca Coelho; +Cc: linux-wireless

Luca Coelho <luca@coelho.fi> writes:

> Here are some fixes intended for 4.7.  Nothing really big, just some
> fixes for bugs introduced in recent patches and a long-standing bug
> with IGTK keys, which apparently had never worked properly before.  A
> few more details in the tag message.
>
> Let me know if everything's fine (or not). :)
>
> Luca.
>
>
> The following changes since commit 182fd9eecb287e696c82b30d06c6150d80a49c5b:
>
>   MAINTAINERS: Add file patterns for wireless device tree bindings (2016-06-04 17:24:02 +0300)
>
> are available in the git repository at:
>
>   git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes.git tags/iwlwifi-for-kalle-2016-06-10

Pulled, thanks.

-- 
Kalle Valo

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2016-06-14 14:09 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-10 12:36 pull-request: iwlwifi 2016-06-10 Luca Coelho
2016-06-10 12:39 ` [PATCH 1/5] iwlwifi: mvm: increase scan timeout to 20 seconds Luca Coelho
2016-06-10 12:39   ` [PATCH 2/5] iwlwifi: mvm: fix RCU splat in TKIP's update_key Luca Coelho
2016-06-10 12:39   ` [PATCH 3/5] iwlwifi: mvm: fix potential NULL-dereference in iwl_mvm_reorder() Luca Coelho
2016-06-10 12:39   ` [PATCH 4/5] iwlwifi: mvm: set the encryption type of an IGTK key Luca Coelho
2016-06-10 12:39   ` [PATCH 5/5] iwlwifi: mvm: fix a few firmware capability checks Luca Coelho
2016-06-14 14:09 ` pull-request: iwlwifi 2016-06-10 Kalle Valo

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.