projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac802...
[deliverable/linux.git] / net / mac80211 / mlme.c
1 /*
2 * BSS client mode implementation
3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 */
13
14 #include <linux/delay.h>
15 #include <linux/if_ether.h>
16 #include <linux/skbuff.h>
17 #include <linux/if_arp.h>
18 #include <linux/etherdevice.h>
19 #include <linux/moduleparam.h>
20 #include <linux/rtnetlink.h>
21 #include <linux/pm_qos.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
27
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
30 #include "rate.h"
31 #include "led.h"
32
33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
34 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
35 #define IEEE80211_AUTH_MAX_TRIES 3
36 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
37 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
38 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
39 #define IEEE80211_ASSOC_MAX_TRIES 3
40
41 static int max_nullfunc_tries = 2;
42 module_param(max_nullfunc_tries, int, 0644);
43 MODULE_PARM_DESC(max_nullfunc_tries,
44 "Maximum nullfunc tx tries before disconnecting (reason 4).");
45
46 static int max_probe_tries = 5;
47 module_param(max_probe_tries, int, 0644);
48 MODULE_PARM_DESC(max_probe_tries,
49 "Maximum probe tries before disconnecting (reason 4).");
50
51 /*
52 * Beacon loss timeout is calculated as N frames times the
53 * advertised beacon interval. This may need to be somewhat
54 * higher than what hardware might detect to account for
55 * delays in the host processing frames. But since we also
56 * probe on beacon miss before declaring the connection lost
57 * default to what we want.
58 */
59 static int beacon_loss_count = 7;
60 module_param(beacon_loss_count, int, 0644);
61 MODULE_PARM_DESC(beacon_loss_count,
62 "Number of beacon intervals before we decide beacon was lost.");
63
64 /*
65 * Time the connection can be idle before we probe
66 * it to see if we can still talk to the AP.
67 */
68 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
69 /*
70 * Time we wait for a probe response after sending
71 * a probe request because of beacon loss or for
72 * checking the connection still works.
73 */
74 static int probe_wait_ms = 500;
75 module_param(probe_wait_ms, int, 0644);
76 MODULE_PARM_DESC(probe_wait_ms,
77 "Maximum time(ms) to wait for probe response"
78 " before disconnecting (reason 4).");
79
80 /*
81 * Weight given to the latest Beacon frame when calculating average signal
82 * strength for Beacon frames received in the current BSS. This must be
83 * between 1 and 15.
84 */
85 #define IEEE80211_SIGNAL_AVE_WEIGHT 3
86
87 /*
88 * How many Beacon frames need to have been used in average signal strength
89 * before starting to indicate signal change events.
90 */
91 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
92
93 /*
94 * All cfg80211 functions have to be called outside a locked
95 * section so that they can acquire a lock themselves... This
96 * is much simpler than queuing up things in cfg80211, but we
97 * do need some indirection for that here.
98 */
99 enum rx_mgmt_action {
100 /* no action required */
101 RX_MGMT_NONE,
102
103 /* caller must call cfg80211_send_deauth() */
104 RX_MGMT_CFG80211_DEAUTH,
105
106 /* caller must call cfg80211_send_disassoc() */
107 RX_MGMT_CFG80211_DISASSOC,
108
109 /* caller must call cfg80211_send_rx_auth() */
110 RX_MGMT_CFG80211_RX_AUTH,
111
112 /* caller must call cfg80211_send_rx_assoc() */
113 RX_MGMT_CFG80211_RX_ASSOC,
114
115 /* caller must call cfg80211_send_assoc_timeout() */
116 RX_MGMT_CFG80211_ASSOC_TIMEOUT,
117
118 /* used when a processed beacon causes a deauth */
119 RX_MGMT_CFG80211_TX_DEAUTH,
120 };
121
122 /* utils */
123 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd)
124 {
125 lockdep_assert_held(&ifmgd->mtx);
126 }
127
128 /*
129 * We can have multiple work items (and connection probing)
130 * scheduling this timer, but we need to take care to only
131 * reschedule it when it should fire _earlier_ than it was
132 * asked for before, or if it's not pending right now. This
133 * function ensures that. Note that it then is required to
134 * run this function for all timeouts after the first one
135 * has happened -- the work that runs from this timer will
136 * do that.
137 */
138 static void run_again(struct ieee80211_if_managed *ifmgd, unsigned long timeout)
139 {
140 ASSERT_MGD_MTX(ifmgd);
141
142 if (!timer_pending(&ifmgd->timer) ||
143 time_before(timeout, ifmgd->timer.expires))
144 mod_timer(&ifmgd->timer, timeout);
145 }
146
147 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
148 {
149 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
150 return;
151
152 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
153 return;
154
155 mod_timer(&sdata->u.mgd.bcn_mon_timer,
156 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
157 }
158
159 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
160 {
161 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
162
163 if (unlikely(!sdata->u.mgd.associated))
164 return;
165
166 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
167 return;
168
169 mod_timer(&sdata->u.mgd.conn_mon_timer,
170 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
171
172 ifmgd->probe_send_count = 0;
173 }
174
175 static int ecw2cw(int ecw)
176 {
177 return (1 << ecw) - 1;
178 }
179
180 static u32 chandef_downgrade(struct cfg80211_chan_def *c)
181 {
182 u32 ret;
183 int tmp;
184
185 switch (c->width) {
186 case NL80211_CHAN_WIDTH_20:
187 c->width = NL80211_CHAN_WIDTH_20_NOHT;
188 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
189 break;
190 case NL80211_CHAN_WIDTH_40:
191 c->width = NL80211_CHAN_WIDTH_20;
192 c->center_freq1 = c->chan->center_freq;
193 ret = IEEE80211_STA_DISABLE_40MHZ |
194 IEEE80211_STA_DISABLE_VHT;
195 break;
196 case NL80211_CHAN_WIDTH_80:
197 tmp = (30 + c->chan->center_freq - c->center_freq1)/20;
198 /* n_P40 */
199 tmp /= 2;
200 /* freq_P40 */
201 c->center_freq1 = c->center_freq1 - 20 + 40 * tmp;
202 c->width = NL80211_CHAN_WIDTH_40;
203 ret = IEEE80211_STA_DISABLE_VHT;
204 break;
205 case NL80211_CHAN_WIDTH_80P80:
206 c->center_freq2 = 0;
207 c->width = NL80211_CHAN_WIDTH_80;
208 ret = IEEE80211_STA_DISABLE_80P80MHZ |
209 IEEE80211_STA_DISABLE_160MHZ;
210 break;
211 case NL80211_CHAN_WIDTH_160:
212 /* n_P20 */
213 tmp = (70 + c->chan->center_freq - c->center_freq1)/20;
214 /* n_P80 */
215 tmp /= 4;
216 c->center_freq1 = c->center_freq1 - 40 + 80 * tmp;
217 c->width = NL80211_CHAN_WIDTH_80;
218 ret = IEEE80211_STA_DISABLE_80P80MHZ |
219 IEEE80211_STA_DISABLE_160MHZ;
220 break;
221 default:
222 case NL80211_CHAN_WIDTH_20_NOHT:
223 WARN_ON_ONCE(1);
224 c->width = NL80211_CHAN_WIDTH_20_NOHT;
225 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
226 break;
227 }
228
229 WARN_ON_ONCE(!cfg80211_chandef_valid(c));
230
231 return ret;
232 }
233
234 static u32
235 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
236 struct ieee80211_supported_band *sband,
237 struct ieee80211_channel *channel,
238 const struct ieee80211_ht_operation *ht_oper,
239 const struct ieee80211_vht_operation *vht_oper,
240 struct cfg80211_chan_def *chandef, bool verbose)
241 {
242 struct cfg80211_chan_def vht_chandef;
243 u32 ht_cfreq, ret;
244
245 chandef->chan = channel;
246 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
247 chandef->center_freq1 = channel->center_freq;
248 chandef->center_freq2 = 0;
249
250 if (!ht_oper || !sband->ht_cap.ht_supported) {
251 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
252 goto out;
253 }
254
255 chandef->width = NL80211_CHAN_WIDTH_20;
256
257 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
258 channel->band);
259 /* check that channel matches the right operating channel */
260 if (channel->center_freq != ht_cfreq) {
261 /*
262 * It's possible that some APs are confused here;
263 * Netgear WNDR3700 sometimes reports 4 higher than
264 * the actual channel in association responses, but
265 * since we look at probe response/beacon data here
266 * it should be OK.
267 */
268 if (verbose)
269 sdata_info(sdata,
270 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
271 channel->center_freq, ht_cfreq,
272 ht_oper->primary_chan, channel->band);
273 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
274 goto out;
275 }
276
277 /* check 40 MHz support, if we have it */
278 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
279 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
280 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
281 chandef->width = NL80211_CHAN_WIDTH_40;
282 chandef->center_freq1 += 10;
283 break;
284 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
285 chandef->width = NL80211_CHAN_WIDTH_40;
286 chandef->center_freq1 -= 10;
287 break;
288 }
289 } else {
290 /* 40 MHz (and 80 MHz) must be supported for VHT */
291 ret = IEEE80211_STA_DISABLE_VHT;
292 goto out;
293 }
294
295 if (!vht_oper || !sband->vht_cap.vht_supported) {
296 ret = IEEE80211_STA_DISABLE_VHT;
297 goto out;
298 }
299
300 vht_chandef.chan = channel;
301 vht_chandef.center_freq1 =
302 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx,
303 channel->band);
304 vht_chandef.center_freq2 = 0;
305
306 if (vht_oper->center_freq_seg2_idx)
307 vht_chandef.center_freq2 =
308 ieee80211_channel_to_frequency(
309 vht_oper->center_freq_seg2_idx,
310 channel->band);
311
312 switch (vht_oper->chan_width) {
313 case IEEE80211_VHT_CHANWIDTH_USE_HT:
314 vht_chandef.width = chandef->width;
315 break;
316 case IEEE80211_VHT_CHANWIDTH_80MHZ:
317 vht_chandef.width = NL80211_CHAN_WIDTH_80;
318 break;
319 case IEEE80211_VHT_CHANWIDTH_160MHZ:
320 vht_chandef.width = NL80211_CHAN_WIDTH_160;
321 break;
322 case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
323 vht_chandef.width = NL80211_CHAN_WIDTH_80P80;
324 break;
325 default:
326 if (verbose)
327 sdata_info(sdata,
328 "AP VHT operation IE has invalid channel width (%d), disable VHT\n",
329 vht_oper->chan_width);
330 ret = IEEE80211_STA_DISABLE_VHT;
331 goto out;
332 }
333
334 if (!cfg80211_chandef_valid(&vht_chandef)) {
335 if (verbose)
336 sdata_info(sdata,
337 "AP VHT information is invalid, disable VHT\n");
338 ret = IEEE80211_STA_DISABLE_VHT;
339 goto out;
340 }
341
342 if (cfg80211_chandef_identical(chandef, &vht_chandef)) {
343 ret = 0;
344 goto out;
345 }
346
347 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
348 if (verbose)
349 sdata_info(sdata,
350 "AP VHT information doesn't match HT, disable VHT\n");
351 ret = IEEE80211_STA_DISABLE_VHT;
352 goto out;
353 }
354
355 *chandef = vht_chandef;
356
357 ret = 0;
358
359 out:
360 /* don't print the message below for VHT mismatch if VHT is disabled */
361 if (ret & IEEE80211_STA_DISABLE_VHT)
362 vht_chandef = *chandef;
363
364 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
365 IEEE80211_CHAN_DISABLED)) {
366 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
367 ret = IEEE80211_STA_DISABLE_HT |
368 IEEE80211_STA_DISABLE_VHT;
369 goto out;
370 }
371
372 ret |= chandef_downgrade(chandef);
373 }
374
375 if (chandef->width != vht_chandef.width && verbose)
376 sdata_info(sdata,
377 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
378
379 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef));
380 return ret;
381 }
382
383 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
384 struct sta_info *sta,
385 const struct ieee80211_ht_operation *ht_oper,
386 const struct ieee80211_vht_operation *vht_oper,
387 const u8 *bssid, u32 *changed)
388 {
389 struct ieee80211_local *local = sdata->local;
390 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
391 struct ieee80211_supported_band *sband;
392 struct ieee80211_channel *chan;
393 struct cfg80211_chan_def chandef;
394 u16 ht_opmode;
395 u32 flags;
396 enum ieee80211_sta_rx_bandwidth new_sta_bw;
397 int ret;
398
399 /* if HT was/is disabled, don't track any bandwidth changes */
400 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper)
401 return 0;
402
403 /* don't check VHT if we associated as non-VHT station */
404 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
405 vht_oper = NULL;
406
407 if (WARN_ON_ONCE(!sta))
408 return -EINVAL;
409
410 chan = sdata->vif.bss_conf.chandef.chan;
411 sband = local->hw.wiphy->bands[chan->band];
412
413 /* calculate new channel (type) based on HT/VHT operation IEs */
414 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper,
415 vht_oper, &chandef, false);
416
417 /*
418 * Downgrade the new channel if we associated with restricted
419 * capabilities. For example, if we associated as a 20 MHz STA
420 * to a 40 MHz AP (due to regulatory, capabilities or config
421 * reasons) then switching to a 40 MHz channel now won't do us
422 * any good -- we couldn't use it with the AP.
423 */
424 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
425 chandef.width == NL80211_CHAN_WIDTH_80P80)
426 flags |= chandef_downgrade(&chandef);
427 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
428 chandef.width == NL80211_CHAN_WIDTH_160)
429 flags |= chandef_downgrade(&chandef);
430 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
431 chandef.width > NL80211_CHAN_WIDTH_20)
432 flags |= chandef_downgrade(&chandef);
433
434 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef))
435 return 0;
436
437 sdata_info(sdata,
438 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n",
439 ifmgd->bssid, chandef.chan->center_freq, chandef.width,
440 chandef.center_freq1, chandef.center_freq2);
441
442 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
443 IEEE80211_STA_DISABLE_VHT |
444 IEEE80211_STA_DISABLE_40MHZ |
445 IEEE80211_STA_DISABLE_80P80MHZ |
446 IEEE80211_STA_DISABLE_160MHZ)) ||
447 !cfg80211_chandef_valid(&chandef)) {
448 sdata_info(sdata,
449 "AP %pM changed bandwidth in a way we can't support - disconnect\n",
450 ifmgd->bssid);
451 return -EINVAL;
452 }
453
454 switch (chandef.width) {
455 case NL80211_CHAN_WIDTH_20_NOHT:
456 case NL80211_CHAN_WIDTH_20:
457 new_sta_bw = IEEE80211_STA_RX_BW_20;
458 break;
459 case NL80211_CHAN_WIDTH_40:
460 new_sta_bw = IEEE80211_STA_RX_BW_40;
461 break;
462 case NL80211_CHAN_WIDTH_80:
463 new_sta_bw = IEEE80211_STA_RX_BW_80;
464 break;
465 case NL80211_CHAN_WIDTH_80P80:
466 case NL80211_CHAN_WIDTH_160:
467 new_sta_bw = IEEE80211_STA_RX_BW_160;
468 break;
469 default:
470 return -EINVAL;
471 }
472
473 if (new_sta_bw > sta->cur_max_bandwidth)
474 new_sta_bw = sta->cur_max_bandwidth;
475
476 if (new_sta_bw < sta->sta.bandwidth) {
477 sta->sta.bandwidth = new_sta_bw;
478 rate_control_rate_update(local, sband, sta,
479 IEEE80211_RC_BW_CHANGED);
480 }
481
482 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed);
483 if (ret) {
484 sdata_info(sdata,
485 "AP %pM changed bandwidth to incompatible one - disconnect\n",
486 ifmgd->bssid);
487 return ret;
488 }
489
490 if (new_sta_bw > sta->sta.bandwidth) {
491 sta->sta.bandwidth = new_sta_bw;
492 rate_control_rate_update(local, sband, sta,
493 IEEE80211_RC_BW_CHANGED);
494 }
495
496 ht_opmode = le16_to_cpu(ht_oper->operation_mode);
497
498 /* if bss configuration changed store the new one */
499 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
500 *changed |= BSS_CHANGED_HT;
501 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
502 }
503
504 return 0;
505 }
506
507 /* frame sending functions */
508
509 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
510 struct ieee80211_supported_band *sband,
511 u32 *rates)
512 {
513 int i, j, count;
514 *rates = 0;
515 count = 0;
516 for (i = 0; i < supp_rates_len; i++) {
517 int rate = (supp_rates[i] & 0x7F) * 5;
518
519 for (j = 0; j < sband->n_bitrates; j++)
520 if (sband->bitrates[j].bitrate == rate) {
521 *rates |= BIT(j);
522 count++;
523 break;
524 }
525 }
526
527 return count;
528 }
529
530 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
531 struct sk_buff *skb, u8 ap_ht_param,
532 struct ieee80211_supported_band *sband,
533 struct ieee80211_channel *channel,
534 enum ieee80211_smps_mode smps)
535 {
536 u8 *pos;
537 u32 flags = channel->flags;
538 u16 cap;
539 struct ieee80211_sta_ht_cap ht_cap;
540
541 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
542
543 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
544 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
545
546 /* determine capability flags */
547 cap = ht_cap.cap;
548
549 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
550 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
551 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
552 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
553 cap &= ~IEEE80211_HT_CAP_SGI_40;
554 }
555 break;
556 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
557 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
558 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
559 cap &= ~IEEE80211_HT_CAP_SGI_40;
560 }
561 break;
562 }
563
564 /*
565 * If 40 MHz was disabled associate as though we weren't
566 * capable of 40 MHz -- some broken APs will never fall
567 * back to trying to transmit in 20 MHz.
568 */
569 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
570 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
571 cap &= ~IEEE80211_HT_CAP_SGI_40;
572 }
573
574 /* set SM PS mode properly */
575 cap &= ~IEEE80211_HT_CAP_SM_PS;
576 switch (smps) {
577 case IEEE80211_SMPS_AUTOMATIC:
578 case IEEE80211_SMPS_NUM_MODES:
579 WARN_ON(1);
580 case IEEE80211_SMPS_OFF:
581 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
582 IEEE80211_HT_CAP_SM_PS_SHIFT;
583 break;
584 case IEEE80211_SMPS_STATIC:
585 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
586 IEEE80211_HT_CAP_SM_PS_SHIFT;
587 break;
588 case IEEE80211_SMPS_DYNAMIC:
589 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
590 IEEE80211_HT_CAP_SM_PS_SHIFT;
591 break;
592 }
593
594 /* reserve and fill IE */
595 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
596 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
597 }
598
599 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
600 struct sk_buff *skb,
601 struct ieee80211_supported_band *sband,
602 struct ieee80211_vht_cap *ap_vht_cap)
603 {
604 u8 *pos;
605 u32 cap;
606 struct ieee80211_sta_vht_cap vht_cap;
607 int i;
608
609 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
610
611 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
612 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
613
614 /* determine capability flags */
615 cap = vht_cap.cap;
616
617 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
618 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
619 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
620 }
621
622 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
623 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
624 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
625 }
626
627 /*
628 * Some APs apparently get confused if our capabilities are better
629 * than theirs, so restrict what we advertise in the assoc request.
630 */
631 if (!(ap_vht_cap->vht_cap_info &
632 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
633 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
634
635 if (!(ap_vht_cap->vht_cap_info &
636 cpu_to_le32(IEEE80211_VHT_CAP_TXSTBC)))
637 cap &= ~(IEEE80211_VHT_CAP_RXSTBC_1 |
638 IEEE80211_VHT_CAP_RXSTBC_3 |
639 IEEE80211_VHT_CAP_RXSTBC_4);
640
641 for (i = 0; i < 8; i++) {
642 int shift = i * 2;
643 u16 mask = IEEE80211_VHT_MCS_NOT_SUPPORTED << shift;
644 u16 ap_mcs, our_mcs;
645
646 ap_mcs = (le16_to_cpu(ap_vht_cap->supp_mcs.tx_mcs_map) &
647 mask) >> shift;
648 our_mcs = (le16_to_cpu(vht_cap.vht_mcs.rx_mcs_map) &
649 mask) >> shift;
650
651 if (our_mcs == IEEE80211_VHT_MCS_NOT_SUPPORTED)
652 continue;
653
654 switch (ap_mcs) {
655 default:
656 if (our_mcs <= ap_mcs)
657 break;
658 /* fall through */
659 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
660 vht_cap.vht_mcs.rx_mcs_map &= cpu_to_le16(~mask);
661 vht_cap.vht_mcs.rx_mcs_map |=
662 cpu_to_le16(ap_mcs << shift);
663 }
664 }
665
666 /* reserve and fill IE */
667 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
668 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
669 }
670
671 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
672 {
673 struct ieee80211_local *local = sdata->local;
674 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
675 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
676 struct sk_buff *skb;
677 struct ieee80211_mgmt *mgmt;
678 u8 *pos, qos_info;
679 size_t offset = 0, noffset;
680 int i, count, rates_len, supp_rates_len;
681 u16 capab;
682 struct ieee80211_supported_band *sband;
683 struct ieee80211_chanctx_conf *chanctx_conf;
684 struct ieee80211_channel *chan;
685 u32 rates = 0;
686
687 lockdep_assert_held(&ifmgd->mtx);
688
689 rcu_read_lock();
690 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
691 if (WARN_ON(!chanctx_conf)) {
692 rcu_read_unlock();
693 return;
694 }
695 chan = chanctx_conf->def.chan;
696 rcu_read_unlock();
697 sband = local->hw.wiphy->bands[chan->band];
698
699 if (assoc_data->supp_rates_len) {
700 /*
701 * Get all rates supported by the device and the AP as
702 * some APs don't like getting a superset of their rates
703 * in the association request (e.g. D-Link DAP 1353 in
704 * b-only mode)...
705 */
706 rates_len = ieee80211_compatible_rates(assoc_data->supp_rates,
707 assoc_data->supp_rates_len,
708 sband, &rates);
709 } else {
710 /*
711 * In case AP not provide any supported rates information
712 * before association, we send information element(s) with
713 * all rates that we support.
714 */
715 rates = ~0;
716 rates_len = sband->n_bitrates;
717 }
718
719 skb = alloc_skb(local->hw.extra_tx_headroom +
720 sizeof(*mgmt) + /* bit too much but doesn't matter */
721 2 + assoc_data->ssid_len + /* SSID */
722 4 + rates_len + /* (extended) rates */
723 4 + /* power capability */
724 2 + 2 * sband->n_channels + /* supported channels */
725 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
726 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */
727 assoc_data->ie_len + /* extra IEs */
728 9, /* WMM */
729 GFP_KERNEL);
730 if (!skb)
731 return;
732
733 skb_reserve(skb, local->hw.extra_tx_headroom);
734
735 capab = WLAN_CAPABILITY_ESS;
736
737 if (sband->band == IEEE80211_BAND_2GHZ) {
738 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
739 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
740 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
741 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
742 }
743
744 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
745 capab |= WLAN_CAPABILITY_PRIVACY;
746
747 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
748 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
749 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
750
751 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
752 memset(mgmt, 0, 24);
753 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
754 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
755 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
756
757 if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
758 skb_put(skb, 10);
759 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
760 IEEE80211_STYPE_REASSOC_REQ);
761 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
762 mgmt->u.reassoc_req.listen_interval =
763 cpu_to_le16(local->hw.conf.listen_interval);
764 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
765 ETH_ALEN);
766 } else {
767 skb_put(skb, 4);
768 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
769 IEEE80211_STYPE_ASSOC_REQ);
770 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
771 mgmt->u.assoc_req.listen_interval =
772 cpu_to_le16(local->hw.conf.listen_interval);
773 }
774
775 /* SSID */
776 pos = skb_put(skb, 2 + assoc_data->ssid_len);
777 *pos++ = WLAN_EID_SSID;
778 *pos++ = assoc_data->ssid_len;
779 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
780
781 /* add all rates which were marked to be used above */
782 supp_rates_len = rates_len;
783 if (supp_rates_len > 8)
784 supp_rates_len = 8;
785
786 pos = skb_put(skb, supp_rates_len + 2);
787 *pos++ = WLAN_EID_SUPP_RATES;
788 *pos++ = supp_rates_len;
789
790 count = 0;
791 for (i = 0; i < sband->n_bitrates; i++) {
792 if (BIT(i) & rates) {
793 int rate = sband->bitrates[i].bitrate;
794 *pos++ = (u8) (rate / 5);
795 if (++count == 8)
796 break;
797 }
798 }
799
800 if (rates_len > count) {
801 pos = skb_put(skb, rates_len - count + 2);
802 *pos++ = WLAN_EID_EXT_SUPP_RATES;
803 *pos++ = rates_len - count;
804
805 for (i++; i < sband->n_bitrates; i++) {
806 if (BIT(i) & rates) {
807 int rate = sband->bitrates[i].bitrate;
808 *pos++ = (u8) (rate / 5);
809 }
810 }
811 }
812
813 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
814 /* 1. power capabilities */
815 pos = skb_put(skb, 4);
816 *pos++ = WLAN_EID_PWR_CAPABILITY;
817 *pos++ = 2;
818 *pos++ = 0; /* min tx power */
819 *pos++ = chan->max_power; /* max tx power */
820
821 /* 2. supported channels */
822 /* TODO: get this in reg domain format */
823 pos = skb_put(skb, 2 * sband->n_channels + 2);
824 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
825 *pos++ = 2 * sband->n_channels;
826 for (i = 0; i < sband->n_channels; i++) {
827 *pos++ = ieee80211_frequency_to_channel(
828 sband->channels[i].center_freq);
829 *pos++ = 1; /* one channel in the subband*/
830 }
831 }
832
833 /* if present, add any custom IEs that go before HT */
834 if (assoc_data->ie_len && assoc_data->ie) {
835 static const u8 before_ht[] = {
836 WLAN_EID_SSID,
837 WLAN_EID_SUPP_RATES,
838 WLAN_EID_EXT_SUPP_RATES,
839 WLAN_EID_PWR_CAPABILITY,
840 WLAN_EID_SUPPORTED_CHANNELS,
841 WLAN_EID_RSN,
842 WLAN_EID_QOS_CAPA,
843 WLAN_EID_RRM_ENABLED_CAPABILITIES,
844 WLAN_EID_MOBILITY_DOMAIN,
845 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
846 };
847 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
848 before_ht, ARRAY_SIZE(before_ht),
849 offset);
850 pos = skb_put(skb, noffset - offset);
851 memcpy(pos, assoc_data->ie + offset, noffset - offset);
852 offset = noffset;
853 }
854
855 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
856 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)))
857 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
858
859 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
860 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
861 sband, chan, sdata->smps_mode);
862
863 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
864 ieee80211_add_vht_ie(sdata, skb, sband,
865 &assoc_data->ap_vht_cap);
866
867 /* if present, add any custom non-vendor IEs that go after HT */
868 if (assoc_data->ie_len && assoc_data->ie) {
869 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
870 assoc_data->ie_len,
871 offset);
872 pos = skb_put(skb, noffset - offset);
873 memcpy(pos, assoc_data->ie + offset, noffset - offset);
874 offset = noffset;
875 }
876
877 if (assoc_data->wmm) {
878 if (assoc_data->uapsd) {
879 qos_info = ifmgd->uapsd_queues;
880 qos_info |= (ifmgd->uapsd_max_sp_len <<
881 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
882 } else {
883 qos_info = 0;
884 }
885
886 pos = skb_put(skb, 9);
887 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
888 *pos++ = 7; /* len */
889 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
890 *pos++ = 0x50;
891 *pos++ = 0xf2;
892 *pos++ = 2; /* WME */
893 *pos++ = 0; /* WME info */
894 *pos++ = 1; /* WME ver */
895 *pos++ = qos_info;
896 }
897
898 /* add any remaining custom (i.e. vendor specific here) IEs */
899 if (assoc_data->ie_len && assoc_data->ie) {
900 noffset = assoc_data->ie_len;
901 pos = skb_put(skb, noffset - offset);
902 memcpy(pos, assoc_data->ie + offset, noffset - offset);
903 }
904
905 drv_mgd_prepare_tx(local, sdata);
906
907 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
908 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
909 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
910 IEEE80211_TX_INTFL_MLME_CONN_TX;
911 ieee80211_tx_skb(sdata, skb);
912 }
913
914 void ieee80211_send_pspoll(struct ieee80211_local *local,
915 struct ieee80211_sub_if_data *sdata)
916 {
917 struct ieee80211_pspoll *pspoll;
918 struct sk_buff *skb;
919
920 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
921 if (!skb)
922 return;
923
924 pspoll = (struct ieee80211_pspoll *) skb->data;
925 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
926
927 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
928 ieee80211_tx_skb(sdata, skb);
929 }
930
931 void ieee80211_send_nullfunc(struct ieee80211_local *local,
932 struct ieee80211_sub_if_data *sdata,
933 int powersave)
934 {
935 struct sk_buff *skb;
936 struct ieee80211_hdr_3addr *nullfunc;
937 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
938
939 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif);
940 if (!skb)
941 return;
942
943 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
944 if (powersave)
945 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
946
947 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
948 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
949 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
950 IEEE80211_STA_CONNECTION_POLL))
951 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
952
953 ieee80211_tx_skb(sdata, skb);
954 }
955
956 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
957 struct ieee80211_sub_if_data *sdata)
958 {
959 struct sk_buff *skb;
960 struct ieee80211_hdr *nullfunc;
961 __le16 fc;
962
963 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
964 return;
965
966 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
967 if (!skb)
968 return;
969
970 skb_reserve(skb, local->hw.extra_tx_headroom);
971
972 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30);
973 memset(nullfunc, 0, 30);
974 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
975 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
976 nullfunc->frame_control = fc;
977 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
978 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
979 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
980 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
981
982 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
983 ieee80211_tx_skb(sdata, skb);
984 }
985
986 /* spectrum management related things */
987 static void ieee80211_chswitch_work(struct work_struct *work)
988 {
989 struct ieee80211_sub_if_data *sdata =
990 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
991 struct ieee80211_local *local = sdata->local;
992 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
993
994 if (!ieee80211_sdata_running(sdata))
995 return;
996
997 mutex_lock(&ifmgd->mtx);
998 if (!ifmgd->associated)
999 goto out;
1000
1001 /*
1002 * FIXME: Here we are downgrading to NL80211_CHAN_WIDTH_20_NOHT
1003 * and don't adjust our ht/vht settings
1004 * This is wrong - we should behave according to the CSA params
1005 */
1006 local->_oper_chandef.chan = local->csa_channel;
1007 local->_oper_chandef.width = NL80211_CHAN_WIDTH_20_NOHT;
1008 local->_oper_chandef.center_freq1 =
1009 local->_oper_chandef.chan->center_freq;
1010 local->_oper_chandef.center_freq2 = 0;
1011
1012 if (!local->ops->channel_switch) {
1013 /* call "hw_config" only if doing sw channel switch */
1014 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
1015 } else {
1016 /* update the device channel directly */
1017 local->hw.conf.chandef = local->_oper_chandef;
1018 }
1019
1020 /* XXX: shouldn't really modify cfg80211-owned data! */
1021 ifmgd->associated->channel = local->_oper_chandef.chan;
1022
1023 /* XXX: wait for a beacon first? */
1024 ieee80211_wake_queues_by_reason(&local->hw,
1025 IEEE80211_MAX_QUEUE_MAP,
1026 IEEE80211_QUEUE_STOP_REASON_CSA);
1027 out:
1028 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
1029 mutex_unlock(&ifmgd->mtx);
1030 }
1031
1032 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
1033 {
1034 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1035 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1036
1037 trace_api_chswitch_done(sdata, success);
1038 if (!success) {
1039 sdata_info(sdata,
1040 "driver channel switch failed, disconnecting\n");
1041 ieee80211_queue_work(&sdata->local->hw,
1042 &ifmgd->csa_connection_drop_work);
1043 } else {
1044 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1045 }
1046 }
1047 EXPORT_SYMBOL(ieee80211_chswitch_done);
1048
1049 static void ieee80211_chswitch_timer(unsigned long data)
1050 {
1051 struct ieee80211_sub_if_data *sdata =
1052 (struct ieee80211_sub_if_data *) data;
1053
1054 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
1055 }
1056
1057 void
1058 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1059 const struct ieee80211_channel_sw_ie *sw_elem,
1060 struct ieee80211_bss *bss, u64 timestamp)
1061 {
1062 struct cfg80211_bss *cbss =
1063 container_of((void *)bss, struct cfg80211_bss, priv);
1064 struct ieee80211_channel *new_ch;
1065 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1066 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num,
1067 cbss->channel->band);
1068 struct ieee80211_chanctx *chanctx;
1069
1070 ASSERT_MGD_MTX(ifmgd);
1071
1072 if (!ifmgd->associated)
1073 return;
1074
1075 if (sdata->local->scanning)
1076 return;
1077
1078 /* Disregard subsequent beacons if we are already running a timer
1079 processing a CSA */
1080
1081 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED)
1082 return;
1083
1084 new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq);
1085 if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) {
1086 sdata_info(sdata,
1087 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n",
1088 ifmgd->associated->bssid, new_freq);
1089 ieee80211_queue_work(&sdata->local->hw,
1090 &ifmgd->csa_connection_drop_work);
1091 return;
1092 }
1093
1094 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
1095
1096 if (sdata->local->use_chanctx) {
1097 sdata_info(sdata,
1098 "not handling channel switch with channel contexts\n");
1099 ieee80211_queue_work(&sdata->local->hw,
1100 &ifmgd->csa_connection_drop_work);
1101 return;
1102 }
1103
1104 mutex_lock(&sdata->local->chanctx_mtx);
1105 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) {
1106 mutex_unlock(&sdata->local->chanctx_mtx);
1107 return;
1108 }
1109 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf),
1110 struct ieee80211_chanctx, conf);
1111 if (chanctx->refcount > 1) {
1112 sdata_info(sdata,
1113 "channel switch with multiple interfaces on the same channel, disconnecting\n");
1114 ieee80211_queue_work(&sdata->local->hw,
1115 &ifmgd->csa_connection_drop_work);
1116 mutex_unlock(&sdata->local->chanctx_mtx);
1117 return;
1118 }
1119 mutex_unlock(&sdata->local->chanctx_mtx);
1120
1121 sdata->local->csa_channel = new_ch;
1122
1123 if (sw_elem->mode)
1124 ieee80211_stop_queues_by_reason(&sdata->local->hw,
1125 IEEE80211_MAX_QUEUE_MAP,
1126 IEEE80211_QUEUE_STOP_REASON_CSA);
1127
1128 if (sdata->local->ops->channel_switch) {
1129 /* use driver's channel switch callback */
1130 struct ieee80211_channel_switch ch_switch = {
1131 .timestamp = timestamp,
1132 .block_tx = sw_elem->mode,
1133 .channel = new_ch,
1134 .count = sw_elem->count,
1135 };
1136
1137 drv_channel_switch(sdata->local, &ch_switch);
1138 return;
1139 }
1140
1141 /* channel switch handled in software */
1142 if (sw_elem->count <= 1)
1143 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1144 else
1145 mod_timer(&ifmgd->chswitch_timer,
1146 TU_TO_EXP_TIME(sw_elem->count *
1147 cbss->beacon_interval));
1148 }
1149
1150 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
1151 struct ieee80211_channel *channel,
1152 const u8 *country_ie, u8 country_ie_len,
1153 const u8 *pwr_constr_elem)
1154 {
1155 struct ieee80211_country_ie_triplet *triplet;
1156 int chan = ieee80211_frequency_to_channel(channel->center_freq);
1157 int i, chan_pwr, chan_increment, new_ap_level;
1158 bool have_chan_pwr = false;
1159
1160 /* Invalid IE */
1161 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
1162 return 0;
1163
1164 triplet = (void *)(country_ie + 3);
1165 country_ie_len -= 3;
1166
1167 switch (channel->band) {
1168 default:
1169 WARN_ON_ONCE(1);
1170 /* fall through */
1171 case IEEE80211_BAND_2GHZ:
1172 case IEEE80211_BAND_60GHZ:
1173 chan_increment = 1;
1174 break;
1175 case IEEE80211_BAND_5GHZ:
1176 chan_increment = 4;
1177 break;
1178 }
1179
1180 /* find channel */
1181 while (country_ie_len >= 3) {
1182 u8 first_channel = triplet->chans.first_channel;
1183
1184 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
1185 goto next;
1186
1187 for (i = 0; i < triplet->chans.num_channels; i++) {
1188 if (first_channel + i * chan_increment == chan) {
1189 have_chan_pwr = true;
1190 chan_pwr = triplet->chans.max_power;
1191 break;
1192 }
1193 }
1194 if (have_chan_pwr)
1195 break;
1196
1197 next:
1198 triplet++;
1199 country_ie_len -= 3;
1200 }
1201
1202 if (!have_chan_pwr)
1203 return 0;
1204
1205 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem);
1206
1207 if (sdata->ap_power_level == new_ap_level)
1208 return 0;
1209
1210 sdata_info(sdata,
1211 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1212 new_ap_level, chan_pwr, *pwr_constr_elem,
1213 sdata->u.mgd.bssid);
1214 sdata->ap_power_level = new_ap_level;
1215 if (__ieee80211_recalc_txpower(sdata))
1216 return BSS_CHANGED_TXPOWER;
1217 return 0;
1218 }
1219
1220 /* powersave */
1221 static void ieee80211_enable_ps(struct ieee80211_local *local,
1222 struct ieee80211_sub_if_data *sdata)
1223 {
1224 struct ieee80211_conf *conf = &local->hw.conf;
1225
1226 /*
1227 * If we are scanning right now then the parameters will
1228 * take effect when scan finishes.
1229 */
1230 if (local->scanning)
1231 return;
1232
1233 if (conf->dynamic_ps_timeout > 0 &&
1234 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) {
1235 mod_timer(&local->dynamic_ps_timer, jiffies +
1236 msecs_to_jiffies(conf->dynamic_ps_timeout));
1237 } else {
1238 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
1239 ieee80211_send_nullfunc(local, sdata, 1);
1240
1241 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1242 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS))
1243 return;
1244
1245 conf->flags |= IEEE80211_CONF_PS;
1246 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1247 }
1248 }
1249
1250 static void ieee80211_change_ps(struct ieee80211_local *local)
1251 {
1252 struct ieee80211_conf *conf = &local->hw.conf;
1253
1254 if (local->ps_sdata) {
1255 ieee80211_enable_ps(local, local->ps_sdata);
1256 } else if (conf->flags & IEEE80211_CONF_PS) {
1257 conf->flags &= ~IEEE80211_CONF_PS;
1258 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1259 del_timer_sync(&local->dynamic_ps_timer);
1260 cancel_work_sync(&local->dynamic_ps_enable_work);
1261 }
1262 }
1263
1264 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
1265 {
1266 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
1267 struct sta_info *sta = NULL;
1268 bool authorized = false;
1269
1270 if (!mgd->powersave)
1271 return false;
1272
1273 if (mgd->broken_ap)
1274 return false;
1275
1276 if (!mgd->associated)
1277 return false;
1278
1279 if (mgd->flags & (IEEE80211_STA_BEACON_POLL |
1280 IEEE80211_STA_CONNECTION_POLL))
1281 return false;
1282
1283 rcu_read_lock();
1284 sta = sta_info_get(sdata, mgd->bssid);
1285 if (sta)
1286 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1287 rcu_read_unlock();
1288
1289 return authorized;
1290 }
1291
1292 /* need to hold RTNL or interface lock */
1293 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
1294 {
1295 struct ieee80211_sub_if_data *sdata, *found = NULL;
1296 int count = 0;
1297 int timeout;
1298
1299 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) {
1300 local->ps_sdata = NULL;
1301 return;
1302 }
1303
1304 list_for_each_entry(sdata, &local->interfaces, list) {
1305 if (!ieee80211_sdata_running(sdata))
1306 continue;
1307 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1308 /* If an AP vif is found, then disable PS
1309 * by setting the count to zero thereby setting
1310 * ps_sdata to NULL.
1311 */
1312 count = 0;
1313 break;
1314 }
1315 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1316 continue;
1317 found = sdata;
1318 count++;
1319 }
1320
1321 if (count == 1 && ieee80211_powersave_allowed(found)) {
1322 s32 beaconint_us;
1323
1324 if (latency < 0)
1325 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY);
1326
1327 beaconint_us = ieee80211_tu_to_usec(
1328 found->vif.bss_conf.beacon_int);
1329
1330 timeout = local->dynamic_ps_forced_timeout;
1331 if (timeout < 0) {
1332 /*
1333 * Go to full PSM if the user configures a very low
1334 * latency requirement.
1335 * The 2000 second value is there for compatibility
1336 * until the PM_QOS_NETWORK_LATENCY is configured
1337 * with real values.
1338 */
1339 if (latency > (1900 * USEC_PER_MSEC) &&
1340 latency != (2000 * USEC_PER_SEC))
1341 timeout = 0;
1342 else
1343 timeout = 100;
1344 }
1345 local->hw.conf.dynamic_ps_timeout = timeout;
1346
1347 if (beaconint_us > latency) {
1348 local->ps_sdata = NULL;
1349 } else {
1350 int maxslp = 1;
1351 u8 dtimper = found->u.mgd.dtim_period;
1352
1353 /* If the TIM IE is invalid, pretend the value is 1 */
1354 if (!dtimper)
1355 dtimper = 1;
1356 else if (dtimper > 1)
1357 maxslp = min_t(int, dtimper,
1358 latency / beaconint_us);
1359
1360 local->hw.conf.max_sleep_period = maxslp;
1361 local->hw.conf.ps_dtim_period = dtimper;
1362 local->ps_sdata = found;
1363 }
1364 } else {
1365 local->ps_sdata = NULL;
1366 }
1367
1368 ieee80211_change_ps(local);
1369 }
1370
1371 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1372 {
1373 bool ps_allowed = ieee80211_powersave_allowed(sdata);
1374
1375 if (sdata->vif.bss_conf.ps != ps_allowed) {
1376 sdata->vif.bss_conf.ps = ps_allowed;
1377 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1378 }
1379 }
1380
1381 void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1382 {
1383 struct ieee80211_local *local =
1384 container_of(work, struct ieee80211_local,
1385 dynamic_ps_disable_work);
1386
1387 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1388 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1389 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1390 }
1391
1392 ieee80211_wake_queues_by_reason(&local->hw,
1393 IEEE80211_MAX_QUEUE_MAP,
1394 IEEE80211_QUEUE_STOP_REASON_PS);
1395 }
1396
1397 void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1398 {
1399 struct ieee80211_local *local =
1400 container_of(work, struct ieee80211_local,
1401 dynamic_ps_enable_work);
1402 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1403 struct ieee80211_if_managed *ifmgd;
1404 unsigned long flags;
1405 int q;
1406
1407 /* can only happen when PS was just disabled anyway */
1408 if (!sdata)
1409 return;
1410
1411 ifmgd = &sdata->u.mgd;
1412
1413 if (local->hw.conf.flags & IEEE80211_CONF_PS)
1414 return;
1415
1416 if (local->hw.conf.dynamic_ps_timeout > 0) {
1417 /* don't enter PS if TX frames are pending */
1418 if (drv_tx_frames_pending(local)) {
1419 mod_timer(&local->dynamic_ps_timer, jiffies +
1420 msecs_to_jiffies(
1421 local->hw.conf.dynamic_ps_timeout));
1422 return;
1423 }
1424
1425 /*
1426 * transmission can be stopped by others which leads to
1427 * dynamic_ps_timer expiry. Postpone the ps timer if it
1428 * is not the actual idle state.
1429 */
1430 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1431 for (q = 0; q < local->hw.queues; q++) {
1432 if (local->queue_stop_reasons[q]) {
1433 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1434 flags);
1435 mod_timer(&local->dynamic_ps_timer, jiffies +
1436 msecs_to_jiffies(
1437 local->hw.conf.dynamic_ps_timeout));
1438 return;
1439 }
1440 }
1441 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1442 }
1443
1444 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1445 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1446 if (drv_tx_frames_pending(local)) {
1447 mod_timer(&local->dynamic_ps_timer, jiffies +
1448 msecs_to_jiffies(
1449 local->hw.conf.dynamic_ps_timeout));
1450 } else {
1451 ieee80211_send_nullfunc(local, sdata, 1);
1452 /* Flush to get the tx status of nullfunc frame */
1453 ieee80211_flush_queues(local, sdata);
1454 }
1455 }
1456
1457 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
1458 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) ||
1459 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1460 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1461 local->hw.conf.flags |= IEEE80211_CONF_PS;
1462 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1463 }
1464 }
1465
1466 void ieee80211_dynamic_ps_timer(unsigned long data)
1467 {
1468 struct ieee80211_local *local = (void *) data;
1469
1470 if (local->quiescing || local->suspended)
1471 return;
1472
1473 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1474 }
1475
1476 void ieee80211_dfs_cac_timer_work(struct work_struct *work)
1477 {
1478 struct delayed_work *delayed_work =
1479 container_of(work, struct delayed_work, work);
1480 struct ieee80211_sub_if_data *sdata =
1481 container_of(delayed_work, struct ieee80211_sub_if_data,
1482 dfs_cac_timer_work);
1483
1484 ieee80211_vif_release_channel(sdata);
1485
1486 cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL);
1487 }
1488
1489 /* MLME */
1490 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
1491 struct ieee80211_sub_if_data *sdata,
1492 const u8 *wmm_param, size_t wmm_param_len)
1493 {
1494 struct ieee80211_tx_queue_params params;
1495 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1496 size_t left;
1497 int count;
1498 const u8 *pos;
1499 u8 uapsd_queues = 0;
1500
1501 if (!local->ops->conf_tx)
1502 return false;
1503
1504 if (local->hw.queues < IEEE80211_NUM_ACS)
1505 return false;
1506
1507 if (!wmm_param)
1508 return false;
1509
1510 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
1511 return false;
1512
1513 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
1514 uapsd_queues = ifmgd->uapsd_queues;
1515
1516 count = wmm_param[6] & 0x0f;
1517 if (count == ifmgd->wmm_last_param_set)
1518 return false;
1519 ifmgd->wmm_last_param_set = count;
1520
1521 pos = wmm_param + 8;
1522 left = wmm_param_len - 8;
1523
1524 memset(&params, 0, sizeof(params));
1525
1526 sdata->wmm_acm = 0;
1527 for (; left >= 4; left -= 4, pos += 4) {
1528 int aci = (pos[0] >> 5) & 0x03;
1529 int acm = (pos[0] >> 4) & 0x01;
1530 bool uapsd = false;
1531 int queue;
1532
1533 switch (aci) {
1534 case 1: /* AC_BK */
1535 queue = 3;
1536 if (acm)
1537 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
1538 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
1539 uapsd = true;
1540 break;
1541 case 2: /* AC_VI */
1542 queue = 1;
1543 if (acm)
1544 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
1545 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
1546 uapsd = true;
1547 break;
1548 case 3: /* AC_VO */
1549 queue = 0;
1550 if (acm)
1551 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
1552 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
1553 uapsd = true;
1554 break;
1555 case 0: /* AC_BE */
1556 default:
1557 queue = 2;
1558 if (acm)
1559 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
1560 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
1561 uapsd = true;
1562 break;
1563 }
1564
1565 params.aifs = pos[0] & 0x0f;
1566 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
1567 params.cw_min = ecw2cw(pos[1] & 0x0f);
1568 params.txop = get_unaligned_le16(pos + 2);
1569 params.uapsd = uapsd;
1570
1571 mlme_dbg(sdata,
1572 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n",
1573 queue, aci, acm,
1574 params.aifs, params.cw_min, params.cw_max,
1575 params.txop, params.uapsd);
1576 sdata->tx_conf[queue] = params;
1577 if (drv_conf_tx(local, sdata, queue, &params))
1578 sdata_err(sdata,
1579 "failed to set TX queue parameters for queue %d\n",
1580 queue);
1581 }
1582
1583 /* enable WMM or activate new settings */
1584 sdata->vif.bss_conf.qos = true;
1585 return true;
1586 }
1587
1588 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1589 {
1590 lockdep_assert_held(&sdata->local->mtx);
1591
1592 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL |
1593 IEEE80211_STA_BEACON_POLL);
1594 ieee80211_run_deferred_scan(sdata->local);
1595 }
1596
1597 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1598 {
1599 mutex_lock(&sdata->local->mtx);
1600 __ieee80211_stop_poll(sdata);
1601 mutex_unlock(&sdata->local->mtx);
1602 }
1603
1604 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
1605 u16 capab, bool erp_valid, u8 erp)
1606 {
1607 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1608 u32 changed = 0;
1609 bool use_protection;
1610 bool use_short_preamble;
1611 bool use_short_slot;
1612
1613 if (erp_valid) {
1614 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
1615 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
1616 } else {
1617 use_protection = false;
1618 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
1619 }
1620
1621 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
1622 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ)
1623 use_short_slot = true;
1624
1625 if (use_protection != bss_conf->use_cts_prot) {
1626 bss_conf->use_cts_prot = use_protection;
1627 changed |= BSS_CHANGED_ERP_CTS_PROT;
1628 }
1629
1630 if (use_short_preamble != bss_conf->use_short_preamble) {
1631 bss_conf->use_short_preamble = use_short_preamble;
1632 changed |= BSS_CHANGED_ERP_PREAMBLE;
1633 }
1634
1635 if (use_short_slot != bss_conf->use_short_slot) {
1636 bss_conf->use_short_slot = use_short_slot;
1637 changed |= BSS_CHANGED_ERP_SLOT;
1638 }
1639
1640 return changed;
1641 }
1642
1643 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1644 struct cfg80211_bss *cbss,
1645 u32 bss_info_changed)
1646 {
1647 struct ieee80211_bss *bss = (void *)cbss->priv;
1648 struct ieee80211_local *local = sdata->local;
1649 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1650
1651 bss_info_changed |= BSS_CHANGED_ASSOC;
1652 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
1653 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
1654
1655 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
1656 beacon_loss_count * bss_conf->beacon_int));
1657
1658 sdata->u.mgd.associated = cbss;
1659 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
1660
1661 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
1662
1663 if (sdata->vif.p2p) {
1664 const struct cfg80211_bss_ies *ies;
1665
1666 rcu_read_lock();
1667 ies = rcu_dereference(cbss->ies);
1668 if (ies) {
1669 int ret;
1670
1671 ret = cfg80211_get_p2p_attr(
1672 ies->data, ies->len,
1673 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
1674 (u8 *) &bss_conf->p2p_noa_attr,
1675 sizeof(bss_conf->p2p_noa_attr));
1676 if (ret >= 2) {
1677 sdata->u.mgd.p2p_noa_index =
1678 bss_conf->p2p_noa_attr.index;
1679 bss_info_changed |= BSS_CHANGED_P2P_PS;
1680 }
1681 }
1682 rcu_read_unlock();
1683 }
1684
1685 /* just to be sure */
1686 ieee80211_stop_poll(sdata);
1687
1688 ieee80211_led_assoc(local, 1);
1689
1690 if (sdata->u.mgd.assoc_data->have_beacon) {
1691 /*
1692 * If the AP is buggy we may get here with no DTIM period
1693 * known, so assume it's 1 which is the only safe assumption
1694 * in that case, although if the TIM IE is broken powersave
1695 * probably just won't work at all.
1696 */
1697 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
1698 bss_info_changed |= BSS_CHANGED_DTIM_PERIOD;
1699 } else {
1700 bss_conf->dtim_period = 0;
1701 }
1702
1703 bss_conf->assoc = 1;
1704
1705 /* Tell the driver to monitor connection quality (if supported) */
1706 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
1707 bss_conf->cqm_rssi_thold)
1708 bss_info_changed |= BSS_CHANGED_CQM;
1709
1710 /* Enable ARP filtering */
1711 if (bss_conf->arp_addr_cnt)
1712 bss_info_changed |= BSS_CHANGED_ARP_FILTER;
1713
1714 ieee80211_bss_info_change_notify(sdata, bss_info_changed);
1715
1716 mutex_lock(&local->iflist_mtx);
1717 ieee80211_recalc_ps(local, -1);
1718 mutex_unlock(&local->iflist_mtx);
1719
1720 ieee80211_recalc_smps(sdata);
1721 ieee80211_recalc_ps_vif(sdata);
1722
1723 netif_carrier_on(sdata->dev);
1724 }
1725
1726 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1727 u16 stype, u16 reason, bool tx,
1728 u8 *frame_buf)
1729 {
1730 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1731 struct ieee80211_local *local = sdata->local;
1732 u32 changed = 0;
1733
1734 ASSERT_MGD_MTX(ifmgd);
1735
1736 if (WARN_ON_ONCE(tx && !frame_buf))
1737 return;
1738
1739 if (WARN_ON(!ifmgd->associated))
1740 return;
1741
1742 ieee80211_stop_poll(sdata);
1743
1744 ifmgd->associated = NULL;
1745 netif_carrier_off(sdata->dev);
1746
1747 /*
1748 * if we want to get out of ps before disassoc (why?) we have
1749 * to do it before sending disassoc, as otherwise the null-packet
1750 * won't be valid.
1751 */
1752 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1753 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1754 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1755 }
1756 local->ps_sdata = NULL;
1757
1758 /* disable per-vif ps */
1759 ieee80211_recalc_ps_vif(sdata);
1760
1761 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */
1762 if (tx)
1763 ieee80211_flush_queues(local, sdata);
1764
1765 /* deauthenticate/disassociate now */
1766 if (tx || frame_buf)
1767 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
1768 reason, tx, frame_buf);
1769
1770 /* flush out frame */
1771 if (tx)
1772 ieee80211_flush_queues(local, sdata);
1773
1774 /* clear bssid only after building the needed mgmt frames */
1775 memset(ifmgd->bssid, 0, ETH_ALEN);
1776
1777 /* remove AP and TDLS peers */
1778 sta_info_flush_defer(sdata);
1779
1780 /* finally reset all BSS / config parameters */
1781 changed |= ieee80211_reset_erp_info(sdata);
1782
1783 ieee80211_led_assoc(local, 0);
1784 changed |= BSS_CHANGED_ASSOC;
1785 sdata->vif.bss_conf.assoc = false;
1786
1787 ifmgd->p2p_noa_index = -1;
1788 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
1789 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
1790
1791 /* on the next assoc, re-program HT/VHT parameters */
1792 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
1793 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
1794 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
1795 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
1796
1797 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
1798
1799 del_timer_sync(&local->dynamic_ps_timer);
1800 cancel_work_sync(&local->dynamic_ps_enable_work);
1801
1802 /* Disable ARP filtering */
1803 if (sdata->vif.bss_conf.arp_addr_cnt)
1804 changed |= BSS_CHANGED_ARP_FILTER;
1805
1806 sdata->vif.bss_conf.qos = false;
1807 changed |= BSS_CHANGED_QOS;
1808
1809 /* The BSSID (not really interesting) and HT changed */
1810 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
1811 ieee80211_bss_info_change_notify(sdata, changed);
1812
1813 /* disassociated - set to defaults now */
1814 ieee80211_set_wmm_default(sdata, false);
1815
1816 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
1817 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
1818 del_timer_sync(&sdata->u.mgd.timer);
1819 del_timer_sync(&sdata->u.mgd.chswitch_timer);
1820
1821 sdata->vif.bss_conf.dtim_period = 0;
1822
1823 ifmgd->flags = 0;
1824 ieee80211_vif_release_channel(sdata);
1825 }
1826
1827 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
1828 struct ieee80211_hdr *hdr)
1829 {
1830 /*
1831 * We can postpone the mgd.timer whenever receiving unicast frames
1832 * from AP because we know that the connection is working both ways
1833 * at that time. But multicast frames (and hence also beacons) must
1834 * be ignored here, because we need to trigger the timer during
1835 * data idle periods for sending the periodic probe request to the
1836 * AP we're connected to.
1837 */
1838 if (is_multicast_ether_addr(hdr->addr1))
1839 return;
1840
1841 ieee80211_sta_reset_conn_monitor(sdata);
1842 }
1843
1844 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
1845 {
1846 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1847 struct ieee80211_local *local = sdata->local;
1848
1849 mutex_lock(&local->mtx);
1850 if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
1851 IEEE80211_STA_CONNECTION_POLL))) {
1852 mutex_unlock(&local->mtx);
1853 return;
1854 }
1855
1856 __ieee80211_stop_poll(sdata);
1857
1858 mutex_lock(&local->iflist_mtx);
1859 ieee80211_recalc_ps(local, -1);
1860 mutex_unlock(&local->iflist_mtx);
1861
1862 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
1863 goto out;
1864
1865 /*
1866 * We've received a probe response, but are not sure whether
1867 * we have or will be receiving any beacons or data, so let's
1868 * schedule the timers again, just in case.
1869 */
1870 ieee80211_sta_reset_beacon_monitor(sdata);
1871
1872 mod_timer(&ifmgd->conn_mon_timer,
1873 round_jiffies_up(jiffies +
1874 IEEE80211_CONNECTION_IDLE_TIME));
1875 out:
1876 mutex_unlock(&local->mtx);
1877 }
1878
1879 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
1880 struct ieee80211_hdr *hdr, bool ack)
1881 {
1882 if (!ieee80211_is_data(hdr->frame_control))
1883 return;
1884
1885 if (ieee80211_is_nullfunc(hdr->frame_control) &&
1886 sdata->u.mgd.probe_send_count > 0) {
1887 if (ack)
1888 ieee80211_sta_reset_conn_monitor(sdata);
1889 else
1890 sdata->u.mgd.nullfunc_failed = true;
1891 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
1892 return;
1893 }
1894
1895 if (ack)
1896 ieee80211_sta_reset_conn_monitor(sdata);
1897 }
1898
1899 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1900 {
1901 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1902 const u8 *ssid;
1903 u8 *dst = ifmgd->associated->bssid;
1904 u8 unicast_limit = max(1, max_probe_tries - 3);
1905
1906 /*
1907 * Try sending broadcast probe requests for the last three
1908 * probe requests after the first ones failed since some
1909 * buggy APs only support broadcast probe requests.
1910 */
1911 if (ifmgd->probe_send_count >= unicast_limit)
1912 dst = NULL;
1913
1914 /*
1915 * When the hardware reports an accurate Tx ACK status, it's
1916 * better to send a nullfunc frame instead of a probe request,
1917 * as it will kick us off the AP quickly if we aren't associated
1918 * anymore. The timeout will be reset if the frame is ACKed by
1919 * the AP.
1920 */
1921 ifmgd->probe_send_count++;
1922
1923 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
1924 ifmgd->nullfunc_failed = false;
1925 ieee80211_send_nullfunc(sdata->local, sdata, 0);
1926 } else {
1927 int ssid_len;
1928
1929 rcu_read_lock();
1930 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
1931 if (WARN_ON_ONCE(ssid == NULL))
1932 ssid_len = 0;
1933 else
1934 ssid_len = ssid[1];
1935
1936 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL,
1937 0, (u32) -1, true, 0,
1938 ifmgd->associated->channel, false);
1939 rcu_read_unlock();
1940 }
1941
1942 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
1943 run_again(ifmgd, ifmgd->probe_timeout);
1944 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
1945 ieee80211_flush_queues(sdata->local, sdata);
1946 }
1947
1948 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
1949 bool beacon)
1950 {
1951 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1952 bool already = false;
1953
1954 if (!ieee80211_sdata_running(sdata))
1955 return;
1956
1957 mutex_lock(&ifmgd->mtx);
1958
1959 if (!ifmgd->associated)
1960 goto out;
1961
1962 mutex_lock(&sdata->local->mtx);
1963
1964 if (sdata->local->tmp_channel || sdata->local->scanning) {
1965 mutex_unlock(&sdata->local->mtx);
1966 goto out;
1967 }
1968
1969 if (beacon) {
1970 mlme_dbg_ratelimited(sdata,
1971 "detected beacon loss from AP (missed %d beacons) - probing\n",
1972 beacon_loss_count);
1973
1974 ieee80211_cqm_rssi_notify(&sdata->vif,
1975 NL80211_CQM_RSSI_BEACON_LOSS_EVENT,
1976 GFP_KERNEL);
1977 }
1978
1979 /*
1980 * The driver/our work has already reported this event or the
1981 * connection monitoring has kicked in and we have already sent
1982 * a probe request. Or maybe the AP died and the driver keeps
1983 * reporting until we disassociate...
1984 *
1985 * In either case we have to ignore the current call to this
1986 * function (except for setting the correct probe reason bit)
1987 * because otherwise we would reset the timer every time and
1988 * never check whether we received a probe response!
1989 */
1990 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
1991 IEEE80211_STA_CONNECTION_POLL))
1992 already = true;
1993
1994 if (beacon)
1995 ifmgd->flags |= IEEE80211_STA_BEACON_POLL;
1996 else
1997 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
1998
1999 mutex_unlock(&sdata->local->mtx);
2000
2001 if (already)
2002 goto out;
2003
2004 mutex_lock(&sdata->local->iflist_mtx);
2005 ieee80211_recalc_ps(sdata->local, -1);
2006 mutex_unlock(&sdata->local->iflist_mtx);
2007
2008 ifmgd->probe_send_count = 0;
2009 ieee80211_mgd_probe_ap_send(sdata);
2010 out:
2011 mutex_unlock(&ifmgd->mtx);
2012 }
2013
2014 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
2015 struct ieee80211_vif *vif)
2016 {
2017 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2018 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2019 struct cfg80211_bss *cbss;
2020 struct sk_buff *skb;
2021 const u8 *ssid;
2022 int ssid_len;
2023
2024 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2025 return NULL;
2026
2027 ASSERT_MGD_MTX(ifmgd);
2028
2029 if (ifmgd->associated)
2030 cbss = ifmgd->associated;
2031 else if (ifmgd->auth_data)
2032 cbss = ifmgd->auth_data->bss;
2033 else if (ifmgd->assoc_data)
2034 cbss = ifmgd->assoc_data->bss;
2035 else
2036 return NULL;
2037
2038 rcu_read_lock();
2039 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
2040 if (WARN_ON_ONCE(ssid == NULL))
2041 ssid_len = 0;
2042 else
2043 ssid_len = ssid[1];
2044
2045 skb = ieee80211_build_probe_req(sdata, cbss->bssid,
2046 (u32) -1, cbss->channel,
2047 ssid + 2, ssid_len,
2048 NULL, 0, true);
2049 rcu_read_unlock();
2050
2051 return skb;
2052 }
2053 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
2054
2055 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
2056 {
2057 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2058 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
2059
2060 mutex_lock(&ifmgd->mtx);
2061 if (!ifmgd->associated) {
2062 mutex_unlock(&ifmgd->mtx);
2063 return;
2064 }
2065
2066 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
2067 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2068 true, frame_buf);
2069 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
2070 ieee80211_wake_queues_by_reason(&sdata->local->hw,
2071 IEEE80211_MAX_QUEUE_MAP,
2072 IEEE80211_QUEUE_STOP_REASON_CSA);
2073 mutex_unlock(&ifmgd->mtx);
2074
2075 /*
2076 * must be outside lock due to cfg80211,
2077 * but that's not a problem.
2078 */
2079 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN);
2080 }
2081
2082 static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
2083 {
2084 struct ieee80211_sub_if_data *sdata =
2085 container_of(work, struct ieee80211_sub_if_data,
2086 u.mgd.beacon_connection_loss_work);
2087 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2088 struct sta_info *sta;
2089
2090 if (ifmgd->associated) {
2091 rcu_read_lock();
2092 sta = sta_info_get(sdata, ifmgd->bssid);
2093 if (sta)
2094 sta->beacon_loss_count++;
2095 rcu_read_unlock();
2096 }
2097
2098 if (ifmgd->connection_loss) {
2099 sdata_info(sdata, "Connection to AP %pM lost\n",
2100 ifmgd->bssid);
2101 __ieee80211_disconnect(sdata);
2102 } else {
2103 ieee80211_mgd_probe_ap(sdata, true);
2104 }
2105 }
2106
2107 static void ieee80211_csa_connection_drop_work(struct work_struct *work)
2108 {
2109 struct ieee80211_sub_if_data *sdata =
2110 container_of(work, struct ieee80211_sub_if_data,
2111 u.mgd.csa_connection_drop_work);
2112
2113 __ieee80211_disconnect(sdata);
2114 }
2115
2116 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2117 {
2118 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2119 struct ieee80211_hw *hw = &sdata->local->hw;
2120
2121 trace_api_beacon_loss(sdata);
2122
2123 WARN_ON(hw->flags & IEEE80211_HW_CONNECTION_MONITOR);
2124 sdata->u.mgd.connection_loss = false;
2125 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2126 }
2127 EXPORT_SYMBOL(ieee80211_beacon_loss);
2128
2129 void ieee80211_connection_loss(struct ieee80211_vif *vif)
2130 {
2131 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2132 struct ieee80211_hw *hw = &sdata->local->hw;
2133
2134 trace_api_connection_loss(sdata);
2135
2136 sdata->u.mgd.connection_loss = true;
2137 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2138 }
2139 EXPORT_SYMBOL(ieee80211_connection_loss);
2140
2141
2142 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
2143 bool assoc)
2144 {
2145 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2146
2147 lockdep_assert_held(&sdata->u.mgd.mtx);
2148
2149 if (!assoc) {
2150 sta_info_destroy_addr(sdata, auth_data->bss->bssid);
2151
2152 memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2153 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2154 sdata->u.mgd.flags = 0;
2155 ieee80211_vif_release_channel(sdata);
2156 }
2157
2158 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
2159 kfree(auth_data);
2160 sdata->u.mgd.auth_data = NULL;
2161 }
2162
2163 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2164 struct ieee80211_mgmt *mgmt, size_t len)
2165 {
2166 struct ieee80211_local *local = sdata->local;
2167 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2168 u8 *pos;
2169 struct ieee802_11_elems elems;
2170 u32 tx_flags = 0;
2171
2172 pos = mgmt->u.auth.variable;
2173 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
2174 if (!elems.challenge)
2175 return;
2176 auth_data->expected_transaction = 4;
2177 drv_mgd_prepare_tx(sdata->local, sdata);
2178 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
2179 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2180 IEEE80211_TX_INTFL_MLME_CONN_TX;
2181 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
2182 elems.challenge - 2, elems.challenge_len + 2,
2183 auth_data->bss->bssid, auth_data->bss->bssid,
2184 auth_data->key, auth_data->key_len,
2185 auth_data->key_idx, tx_flags);
2186 }
2187
2188 static enum rx_mgmt_action __must_check
2189 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2190 struct ieee80211_mgmt *mgmt, size_t len)
2191 {
2192 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2193 u8 bssid[ETH_ALEN];
2194 u16 auth_alg, auth_transaction, status_code;
2195 struct sta_info *sta;
2196
2197 lockdep_assert_held(&ifmgd->mtx);
2198
2199 if (len < 24 + 6)
2200 return RX_MGMT_NONE;
2201
2202 if (!ifmgd->auth_data || ifmgd->auth_data->done)
2203 return RX_MGMT_NONE;
2204
2205 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2206
2207 if (!ether_addr_equal(bssid, mgmt->bssid))
2208 return RX_MGMT_NONE;
2209
2210 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
2211 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
2212 status_code = le16_to_cpu(mgmt->u.auth.status_code);
2213
2214 if (auth_alg != ifmgd->auth_data->algorithm ||
2215 auth_transaction != ifmgd->auth_data->expected_transaction) {
2216 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2217 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
2218 auth_transaction,
2219 ifmgd->auth_data->expected_transaction);
2220 return RX_MGMT_NONE;
2221 }
2222
2223 if (status_code != WLAN_STATUS_SUCCESS) {
2224 sdata_info(sdata, "%pM denied authentication (status %d)\n",
2225 mgmt->sa, status_code);
2226 ieee80211_destroy_auth_data(sdata, false);
2227 return RX_MGMT_CFG80211_RX_AUTH;
2228 }
2229
2230 switch (ifmgd->auth_data->algorithm) {
2231 case WLAN_AUTH_OPEN:
2232 case WLAN_AUTH_LEAP:
2233 case WLAN_AUTH_FT:
2234 case WLAN_AUTH_SAE:
2235 break;
2236 case WLAN_AUTH_SHARED_KEY:
2237 if (ifmgd->auth_data->expected_transaction != 4) {
2238 ieee80211_auth_challenge(sdata, mgmt, len);
2239 /* need another frame */
2240 return RX_MGMT_NONE;
2241 }
2242 break;
2243 default:
2244 WARN_ONCE(1, "invalid auth alg %d",
2245 ifmgd->auth_data->algorithm);
2246 return RX_MGMT_NONE;
2247 }
2248
2249 sdata_info(sdata, "authenticated\n");
2250 ifmgd->auth_data->done = true;
2251 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
2252 ifmgd->auth_data->timeout_started = true;
2253 run_again(ifmgd, ifmgd->auth_data->timeout);
2254
2255 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
2256 ifmgd->auth_data->expected_transaction != 2) {
2257 /*
2258 * Report auth frame to user space for processing since another
2259 * round of Authentication frames is still needed.
2260 */
2261 return RX_MGMT_CFG80211_RX_AUTH;
2262 }
2263
2264 /* move station state to auth */
2265 mutex_lock(&sdata->local->sta_mtx);
2266 sta = sta_info_get(sdata, bssid);
2267 if (!sta) {
2268 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
2269 goto out_err;
2270 }
2271 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
2272 sdata_info(sdata, "failed moving %pM to auth\n", bssid);
2273 goto out_err;
2274 }
2275 mutex_unlock(&sdata->local->sta_mtx);
2276
2277 return RX_MGMT_CFG80211_RX_AUTH;
2278 out_err:
2279 mutex_unlock(&sdata->local->sta_mtx);
2280 /* ignore frame -- wait for timeout */
2281 return RX_MGMT_NONE;
2282 }
2283
2284
2285 static enum rx_mgmt_action __must_check
2286 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
2287 struct ieee80211_mgmt *mgmt, size_t len)
2288 {
2289 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2290 const u8 *bssid = NULL;
2291 u16 reason_code;
2292
2293 lockdep_assert_held(&ifmgd->mtx);
2294
2295 if (len < 24 + 2)
2296 return RX_MGMT_NONE;
2297
2298 if (!ifmgd->associated ||
2299 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2300 return RX_MGMT_NONE;
2301
2302 bssid = ifmgd->associated->bssid;
2303
2304 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
2305
2306 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n",
2307 bssid, reason_code);
2308
2309 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2310
2311 return RX_MGMT_CFG80211_DEAUTH;
2312 }
2313
2314
2315 static enum rx_mgmt_action __must_check
2316 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
2317 struct ieee80211_mgmt *mgmt, size_t len)
2318 {
2319 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2320 u16 reason_code;
2321
2322 lockdep_assert_held(&ifmgd->mtx);
2323
2324 if (len < 24 + 2)
2325 return RX_MGMT_NONE;
2326
2327 if (!ifmgd->associated ||
2328 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2329 return RX_MGMT_NONE;
2330
2331 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
2332
2333 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n",
2334 mgmt->sa, reason_code);
2335
2336 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2337
2338 return RX_MGMT_CFG80211_DISASSOC;
2339 }
2340
2341 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
2342 u8 *supp_rates, unsigned int supp_rates_len,
2343 u32 *rates, u32 *basic_rates,
2344 bool *have_higher_than_11mbit,
2345 int *min_rate, int *min_rate_index)
2346 {
2347 int i, j;
2348
2349 for (i = 0; i < supp_rates_len; i++) {
2350 int rate = (supp_rates[i] & 0x7f) * 5;
2351 bool is_basic = !!(supp_rates[i] & 0x80);
2352
2353 if (rate > 110)
2354 *have_higher_than_11mbit = true;
2355
2356 /*
2357 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009
2358 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it.
2359 *
2360 * Note: Even through the membership selector and the basic
2361 * rate flag share the same bit, they are not exactly
2362 * the same.
2363 */
2364 if (!!(supp_rates[i] & 0x80) &&
2365 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
2366 continue;
2367
2368 for (j = 0; j < sband->n_bitrates; j++) {
2369 if (sband->bitrates[j].bitrate == rate) {
2370 *rates |= BIT(j);
2371 if (is_basic)
2372 *basic_rates |= BIT(j);
2373 if (rate < *min_rate) {
2374 *min_rate = rate;
2375 *min_rate_index = j;
2376 }
2377 break;
2378 }
2379 }
2380 }
2381 }
2382
2383 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2384 bool assoc)
2385 {
2386 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2387
2388 lockdep_assert_held(&sdata->u.mgd.mtx);
2389
2390 if (!assoc) {
2391 sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2392
2393 memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2394 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2395 sdata->u.mgd.flags = 0;
2396 ieee80211_vif_release_channel(sdata);
2397 }
2398
2399 kfree(assoc_data);
2400 sdata->u.mgd.assoc_data = NULL;
2401 }
2402
2403 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
2404 struct cfg80211_bss *cbss,
2405 struct ieee80211_mgmt *mgmt, size_t len)
2406 {
2407 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2408 struct ieee80211_local *local = sdata->local;
2409 struct ieee80211_supported_band *sband;
2410 struct sta_info *sta;
2411 u8 *pos;
2412 u16 capab_info, aid;
2413 struct ieee802_11_elems elems;
2414 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2415 u32 changed = 0;
2416 int err;
2417
2418 /* AssocResp and ReassocResp have identical structure */
2419
2420 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2421 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2422
2423 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
2424 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n",
2425 aid);
2426 aid &= ~(BIT(15) | BIT(14));
2427
2428 ifmgd->broken_ap = false;
2429
2430 if (aid == 0 || aid > IEEE80211_MAX_AID) {
2431 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
2432 aid);
2433 aid = 0;
2434 ifmgd->broken_ap = true;
2435 }
2436
2437 pos = mgmt->u.assoc_resp.variable;
2438 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
2439
2440 if (!elems.supp_rates) {
2441 sdata_info(sdata, "no SuppRates element in AssocResp\n");
2442 return false;
2443 }
2444
2445 ifmgd->aid = aid;
2446
2447 /*
2448 * We previously checked these in the beacon/probe response, so
2449 * they should be present here. This is just a safety net.
2450 */
2451 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
2452 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) {
2453 sdata_info(sdata,
2454 "HT AP is missing WMM params or HT capability/operation in AssocResp\n");
2455 return false;
2456 }
2457
2458 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
2459 (!elems.vht_cap_elem || !elems.vht_operation)) {
2460 sdata_info(sdata,
2461 "VHT AP is missing VHT capability/operation in AssocResp\n");
2462 return false;
2463 }
2464
2465 mutex_lock(&sdata->local->sta_mtx);
2466 /*
2467 * station info was already allocated and inserted before
2468 * the association and should be available to us
2469 */
2470 sta = sta_info_get(sdata, cbss->bssid);
2471 if (WARN_ON(!sta)) {
2472 mutex_unlock(&sdata->local->sta_mtx);
2473 return false;
2474 }
2475
2476 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)];
2477
2478 /* Set up internal HT/VHT capabilities */
2479 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
2480 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
2481 elems.ht_cap_elem, sta);
2482
2483 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
2484 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
2485 elems.vht_cap_elem, sta);
2486
2487 /*
2488 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
2489 * in their association response, so ignore that data for our own
2490 * configuration. If it changed since the last beacon, we'll get the
2491 * next beacon and update then.
2492 */
2493
2494 /*
2495 * If an operating mode notification IE is present, override the
2496 * NSS calculation (that would be done in rate_control_rate_init())
2497 * and use the # of streams from that element.
2498 */
2499 if (elems.opmode_notif &&
2500 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
2501 u8 nss;
2502
2503 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
2504 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
2505 nss += 1;
2506 sta->sta.rx_nss = nss;
2507 }
2508
2509 rate_control_rate_init(sta);
2510
2511 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED)
2512 set_sta_flag(sta, WLAN_STA_MFP);
2513
2514 if (elems.wmm_param)
2515 set_sta_flag(sta, WLAN_STA_WME);
2516
2517 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
2518 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
2519 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
2520 if (err) {
2521 sdata_info(sdata,
2522 "failed to move station %pM to desired state\n",
2523 sta->sta.addr);
2524 WARN_ON(__sta_info_destroy(sta));
2525 mutex_unlock(&sdata->local->sta_mtx);
2526 return false;
2527 }
2528
2529 mutex_unlock(&sdata->local->sta_mtx);
2530
2531 /*
2532 * Always handle WMM once after association regardless
2533 * of the first value the AP uses. Setting -1 here has
2534 * that effect because the AP values is an unsigned
2535 * 4-bit value.
2536 */
2537 ifmgd->wmm_last_param_set = -1;
2538
2539 if (elems.wmm_param)
2540 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2541 elems.wmm_param_len);
2542 else
2543 ieee80211_set_wmm_default(sdata, false);
2544 changed |= BSS_CHANGED_QOS;
2545
2546 /* set AID and assoc capability,
2547 * ieee80211_set_associated() will tell the driver */
2548 bss_conf->aid = aid;
2549 bss_conf->assoc_capability = capab_info;
2550 ieee80211_set_associated(sdata, cbss, changed);
2551
2552 /*
2553 * If we're using 4-addr mode, let the AP know that we're
2554 * doing so, so that it can create the STA VLAN on its side
2555 */
2556 if (ifmgd->use_4addr)
2557 ieee80211_send_4addr_nullfunc(local, sdata);
2558
2559 /*
2560 * Start timer to probe the connection to the AP now.
2561 * Also start the timer that will detect beacon loss.
2562 */
2563 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
2564 ieee80211_sta_reset_beacon_monitor(sdata);
2565
2566 return true;
2567 }
2568
2569 static enum rx_mgmt_action __must_check
2570 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2571 struct ieee80211_mgmt *mgmt, size_t len,
2572 struct cfg80211_bss **bss)
2573 {
2574 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2575 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2576 u16 capab_info, status_code, aid;
2577 struct ieee802_11_elems elems;
2578 u8 *pos;
2579 bool reassoc;
2580
2581 lockdep_assert_held(&ifmgd->mtx);
2582
2583 if (!assoc_data)
2584 return RX_MGMT_NONE;
2585 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
2586 return RX_MGMT_NONE;
2587
2588 /*
2589 * AssocResp and ReassocResp have identical structure, so process both
2590 * of them in this function.
2591 */
2592
2593 if (len < 24 + 6)
2594 return RX_MGMT_NONE;
2595
2596 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control);
2597 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2598 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
2599 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2600
2601 sdata_info(sdata,
2602 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
2603 reassoc ? "Rea" : "A", mgmt->sa,
2604 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
2605
2606 pos = mgmt->u.assoc_resp.variable;
2607 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
2608
2609 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
2610 elems.timeout_int &&
2611 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
2612 u32 tu, ms;
2613 tu = le32_to_cpu(elems.timeout_int->value);
2614 ms = tu * 1024 / 1000;
2615 sdata_info(sdata,
2616 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
2617 mgmt->sa, tu, ms);
2618 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
2619 assoc_data->timeout_started = true;
2620 if (ms > IEEE80211_ASSOC_TIMEOUT)
2621 run_again(ifmgd, assoc_data->timeout);
2622 return RX_MGMT_NONE;
2623 }
2624
2625 *bss = assoc_data->bss;
2626
2627 if (status_code != WLAN_STATUS_SUCCESS) {
2628 sdata_info(sdata, "%pM denied association (code=%d)\n",
2629 mgmt->sa, status_code);
2630 ieee80211_destroy_assoc_data(sdata, false);
2631 } else {
2632 if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) {
2633 /* oops -- internal error -- send timeout for now */
2634 ieee80211_destroy_assoc_data(sdata, false);
2635 cfg80211_put_bss(sdata->local->hw.wiphy, *bss);
2636 return RX_MGMT_CFG80211_ASSOC_TIMEOUT;
2637 }
2638 sdata_info(sdata, "associated\n");
2639
2640 /*
2641 * destroy assoc_data afterwards, as otherwise an idle
2642 * recalc after assoc_data is NULL but before associated
2643 * is set can cause the interface to go idle
2644 */
2645 ieee80211_destroy_assoc_data(sdata, true);
2646 }
2647
2648 return RX_MGMT_CFG80211_RX_ASSOC;
2649 }
2650
2651 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2652 struct ieee80211_mgmt *mgmt, size_t len,
2653 struct ieee80211_rx_status *rx_status,
2654 struct ieee802_11_elems *elems)
2655 {
2656 struct ieee80211_local *local = sdata->local;
2657 int freq;
2658 struct ieee80211_bss *bss;
2659 struct ieee80211_channel *channel;
2660 bool need_ps = false;
2661
2662 if ((sdata->u.mgd.associated &&
2663 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) ||
2664 (sdata->u.mgd.assoc_data &&
2665 ether_addr_equal(mgmt->bssid,
2666 sdata->u.mgd.assoc_data->bss->bssid))) {
2667 /* not previously set so we may need to recalc */
2668 need_ps = sdata->u.mgd.associated && !sdata->u.mgd.dtim_period;
2669
2670 if (elems->tim && !elems->parse_error) {
2671 const struct ieee80211_tim_ie *tim_ie = elems->tim;
2672 sdata->u.mgd.dtim_period = tim_ie->dtim_period;
2673 }
2674 }
2675
2676 if (elems->ds_params)
2677 freq = ieee80211_channel_to_frequency(elems->ds_params[0],
2678 rx_status->band);
2679 else
2680 freq = rx_status->freq;
2681
2682 channel = ieee80211_get_channel(local->hw.wiphy, freq);
2683
2684 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
2685 return;
2686
2687 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
2688 channel);
2689 if (bss)
2690 ieee80211_rx_bss_put(local, bss);
2691
2692 if (!sdata->u.mgd.associated)
2693 return;
2694
2695 if (need_ps) {
2696 mutex_lock(&local->iflist_mtx);
2697 ieee80211_recalc_ps(local, -1);
2698 mutex_unlock(&local->iflist_mtx);
2699 }
2700
2701 if (elems->ch_switch_ie &&
2702 memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, ETH_ALEN) == 0)
2703 ieee80211_sta_process_chanswitch(sdata, elems->ch_switch_ie,
2704 bss, rx_status->mactime);
2705 }
2706
2707
2708 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
2709 struct sk_buff *skb)
2710 {
2711 struct ieee80211_mgmt *mgmt = (void *)skb->data;
2712 struct ieee80211_if_managed *ifmgd;
2713 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
2714 size_t baselen, len = skb->len;
2715 struct ieee802_11_elems elems;
2716
2717 ifmgd = &sdata->u.mgd;
2718
2719 ASSERT_MGD_MTX(ifmgd);
2720
2721 if (!ether_addr_equal(mgmt->da, sdata->vif.addr))
2722 return; /* ignore ProbeResp to foreign address */
2723
2724 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
2725 if (baselen > len)
2726 return;
2727
2728 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
2729 &elems);
2730
2731 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2732
2733 if (ifmgd->associated &&
2734 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2735 ieee80211_reset_ap_probe(sdata);
2736
2737 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies &&
2738 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) {
2739 /* got probe response, continue with auth */
2740 sdata_info(sdata, "direct probe responded\n");
2741 ifmgd->auth_data->tries = 0;
2742 ifmgd->auth_data->timeout = jiffies;
2743 ifmgd->auth_data->timeout_started = true;
2744 run_again(ifmgd, ifmgd->auth_data->timeout);
2745 }
2746 }
2747
2748 /*
2749 * This is the canonical list of information elements we care about,
2750 * the filter code also gives us all changes to the Microsoft OUI
2751 * (00:50:F2) vendor IE which is used for WMM which we need to track.
2752 *
2753 * We implement beacon filtering in software since that means we can
2754 * avoid processing the frame here and in cfg80211, and userspace
2755 * will not be able to tell whether the hardware supports it or not.
2756 *
2757 * XXX: This list needs to be dynamic -- userspace needs to be able to
2758 * add items it requires. It also needs to be able to tell us to
2759 * look out for other vendor IEs.
2760 */
2761 static const u64 care_about_ies =
2762 (1ULL << WLAN_EID_COUNTRY) |
2763 (1ULL << WLAN_EID_ERP_INFO) |
2764 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
2765 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
2766 (1ULL << WLAN_EID_HT_CAPABILITY) |
2767 (1ULL << WLAN_EID_HT_OPERATION);
2768
2769 static enum rx_mgmt_action
2770 ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2771 struct ieee80211_mgmt *mgmt, size_t len,
2772 u8 *deauth_buf, struct ieee80211_rx_status *rx_status)
2773 {
2774 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2775 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2776 size_t baselen;
2777 struct ieee802_11_elems elems;
2778 struct ieee80211_local *local = sdata->local;
2779 struct ieee80211_chanctx_conf *chanctx_conf;
2780 struct ieee80211_channel *chan;
2781 struct sta_info *sta;
2782 u32 changed = 0;
2783 bool erp_valid;
2784 u8 erp_value = 0;
2785 u32 ncrc;
2786 u8 *bssid;
2787
2788 lockdep_assert_held(&ifmgd->mtx);
2789
2790 /* Process beacon from the current BSS */
2791 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2792 if (baselen > len)
2793 return RX_MGMT_NONE;
2794
2795 rcu_read_lock();
2796 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2797 if (!chanctx_conf) {
2798 rcu_read_unlock();
2799 return RX_MGMT_NONE;
2800 }
2801
2802 if (rx_status->freq != chanctx_conf->def.chan->center_freq) {
2803 rcu_read_unlock();
2804 return RX_MGMT_NONE;
2805 }
2806 chan = chanctx_conf->def.chan;
2807 rcu_read_unlock();
2808
2809 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
2810 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
2811 ieee802_11_parse_elems(mgmt->u.beacon.variable,
2812 len - baselen, &elems);
2813
2814 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2815 ifmgd->assoc_data->have_beacon = true;
2816 ifmgd->assoc_data->need_beacon = false;
2817 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
2818 sdata->vif.bss_conf.sync_tsf =
2819 le64_to_cpu(mgmt->u.beacon.timestamp);
2820 sdata->vif.bss_conf.sync_device_ts =
2821 rx_status->device_timestamp;
2822 if (elems.tim)
2823 sdata->vif.bss_conf.sync_dtim_count =
2824 elems.tim->dtim_count;
2825 else
2826 sdata->vif.bss_conf.sync_dtim_count = 0;
2827 }
2828 /* continue assoc process */
2829 ifmgd->assoc_data->timeout = jiffies;
2830 ifmgd->assoc_data->timeout_started = true;
2831 run_again(ifmgd, ifmgd->assoc_data->timeout);
2832 return RX_MGMT_NONE;
2833 }
2834
2835 if (!ifmgd->associated ||
2836 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2837 return RX_MGMT_NONE;
2838 bssid = ifmgd->associated->bssid;
2839
2840 /* Track average RSSI from the Beacon frames of the current AP */
2841 ifmgd->last_beacon_signal = rx_status->signal;
2842 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
2843 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
2844 ifmgd->ave_beacon_signal = rx_status->signal * 16;
2845 ifmgd->last_cqm_event_signal = 0;
2846 ifmgd->count_beacon_signal = 1;
2847 ifmgd->last_ave_beacon_signal = 0;
2848 } else {
2849 ifmgd->ave_beacon_signal =
2850 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 +
2851 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) *
2852 ifmgd->ave_beacon_signal) / 16;
2853 ifmgd->count_beacon_signal++;
2854 }
2855
2856 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
2857 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
2858 int sig = ifmgd->ave_beacon_signal;
2859 int last_sig = ifmgd->last_ave_beacon_signal;
2860
2861 /*
2862 * if signal crosses either of the boundaries, invoke callback
2863 * with appropriate parameters
2864 */
2865 if (sig > ifmgd->rssi_max_thold &&
2866 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
2867 ifmgd->last_ave_beacon_signal = sig;
2868 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH);
2869 } else if (sig < ifmgd->rssi_min_thold &&
2870 (last_sig >= ifmgd->rssi_max_thold ||
2871 last_sig == 0)) {
2872 ifmgd->last_ave_beacon_signal = sig;
2873 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW);
2874 }
2875 }
2876
2877 if (bss_conf->cqm_rssi_thold &&
2878 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
2879 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
2880 int sig = ifmgd->ave_beacon_signal / 16;
2881 int last_event = ifmgd->last_cqm_event_signal;
2882 int thold = bss_conf->cqm_rssi_thold;
2883 int hyst = bss_conf->cqm_rssi_hyst;
2884 if (sig < thold &&
2885 (last_event == 0 || sig < last_event - hyst)) {
2886 ifmgd->last_cqm_event_signal = sig;
2887 ieee80211_cqm_rssi_notify(
2888 &sdata->vif,
2889 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
2890 GFP_KERNEL);
2891 } else if (sig > thold &&
2892 (last_event == 0 || sig > last_event + hyst)) {
2893 ifmgd->last_cqm_event_signal = sig;
2894 ieee80211_cqm_rssi_notify(
2895 &sdata->vif,
2896 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
2897 GFP_KERNEL);
2898 }
2899 }
2900
2901 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) {
2902 mlme_dbg_ratelimited(sdata,
2903 "cancelling AP probe due to a received beacon\n");
2904 mutex_lock(&local->mtx);
2905 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL;
2906 ieee80211_run_deferred_scan(local);
2907 mutex_unlock(&local->mtx);
2908
2909 mutex_lock(&local->iflist_mtx);
2910 ieee80211_recalc_ps(local, -1);
2911 mutex_unlock(&local->iflist_mtx);
2912 }
2913
2914 /*
2915 * Push the beacon loss detection into the future since
2916 * we are processing a beacon from the AP just now.
2917 */
2918 ieee80211_sta_reset_beacon_monitor(sdata);
2919
2920 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
2921 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
2922 len - baselen, &elems,
2923 care_about_ies, ncrc);
2924
2925 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
2926 bool directed_tim = ieee80211_check_tim(elems.tim,
2927 elems.tim_len,
2928 ifmgd->aid);
2929 if (directed_tim) {
2930 if (local->hw.conf.dynamic_ps_timeout > 0) {
2931 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2932 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2933 ieee80211_hw_config(local,
2934 IEEE80211_CONF_CHANGE_PS);
2935 }
2936 ieee80211_send_nullfunc(local, sdata, 0);
2937 } else if (!local->pspolling && sdata->u.mgd.powersave) {
2938 local->pspolling = true;
2939
2940 /*
2941 * Here is assumed that the driver will be
2942 * able to send ps-poll frame and receive a
2943 * response even though power save mode is
2944 * enabled, but some drivers might require
2945 * to disable power save here. This needs
2946 * to be investigated.
2947 */
2948 ieee80211_send_pspoll(local, sdata);
2949 }
2950 }
2951 }
2952
2953 if (sdata->vif.p2p) {
2954 struct ieee80211_p2p_noa_attr noa = {};
2955 int ret;
2956
2957 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
2958 len - baselen,
2959 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
2960 (u8 *) &noa, sizeof(noa));
2961 if (ret >= 2) {
2962 if (sdata->u.mgd.p2p_noa_index != noa.index) {
2963 /* valid noa_attr and index changed */
2964 sdata->u.mgd.p2p_noa_index = noa.index;
2965 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
2966 changed |= BSS_CHANGED_P2P_PS;
2967 /*
2968 * make sure we update all information, the CRC
2969 * mechanism doesn't look at P2P attributes.
2970 */
2971 ifmgd->beacon_crc_valid = false;
2972 }
2973 } else if (sdata->u.mgd.p2p_noa_index != -1) {
2974 /* noa_attr not found and we had valid noa_attr before */
2975 sdata->u.mgd.p2p_noa_index = -1;
2976 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
2977 changed |= BSS_CHANGED_P2P_PS;
2978 ifmgd->beacon_crc_valid = false;
2979 }
2980 }
2981
2982 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
2983 return RX_MGMT_NONE;
2984 ifmgd->beacon_crc = ncrc;
2985 ifmgd->beacon_crc_valid = true;
2986
2987 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2988
2989 if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2990 elems.wmm_param_len))
2991 changed |= BSS_CHANGED_QOS;
2992
2993 /*
2994 * If we haven't had a beacon before, tell the driver about the
2995 * DTIM period (and beacon timing if desired) now.
2996 */
2997 if (!bss_conf->dtim_period) {
2998 /* a few bogus AP send dtim_period = 0 or no TIM IE */
2999 if (elems.tim)
3000 bss_conf->dtim_period = elems.tim->dtim_period ?: 1;
3001 else
3002 bss_conf->dtim_period = 1;
3003
3004 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
3005 sdata->vif.bss_conf.sync_tsf =
3006 le64_to_cpu(mgmt->u.beacon.timestamp);
3007 sdata->vif.bss_conf.sync_device_ts =
3008 rx_status->device_timestamp;
3009 if (elems.tim)
3010 sdata->vif.bss_conf.sync_dtim_count =
3011 elems.tim->dtim_count;
3012 else
3013 sdata->vif.bss_conf.sync_dtim_count = 0;
3014 }
3015
3016 changed |= BSS_CHANGED_DTIM_PERIOD;
3017 }
3018
3019 if (elems.erp_info) {
3020 erp_valid = true;
3021 erp_value = elems.erp_info[0];
3022 } else {
3023 erp_valid = false;
3024 }
3025 changed |= ieee80211_handle_bss_capability(sdata,
3026 le16_to_cpu(mgmt->u.beacon.capab_info),
3027 erp_valid, erp_value);
3028
3029 mutex_lock(&local->sta_mtx);
3030 sta = sta_info_get(sdata, bssid);
3031
3032 if (ieee80211_config_bw(sdata, sta, elems.ht_operation,
3033 elems.vht_operation, bssid, &changed)) {
3034 mutex_unlock(&local->sta_mtx);
3035 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3036 WLAN_REASON_DEAUTH_LEAVING,
3037 true, deauth_buf);
3038 return RX_MGMT_CFG80211_TX_DEAUTH;
3039 }
3040
3041 if (sta && elems.opmode_notif)
3042 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
3043 rx_status->band, true);
3044 mutex_unlock(&local->sta_mtx);
3045
3046 if (elems.country_elem && elems.pwr_constr_elem &&
3047 mgmt->u.probe_resp.capab_info &
3048 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT))
3049 changed |= ieee80211_handle_pwr_constr(sdata, chan,
3050 elems.country_elem,
3051 elems.country_elem_len,
3052 elems.pwr_constr_elem);
3053
3054 ieee80211_bss_info_change_notify(sdata, changed);
3055
3056 return RX_MGMT_NONE;
3057 }
3058
3059 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3060 struct sk_buff *skb)
3061 {
3062 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3063 struct ieee80211_rx_status *rx_status;
3064 struct ieee80211_mgmt *mgmt;
3065 struct cfg80211_bss *bss = NULL;
3066 enum rx_mgmt_action rma = RX_MGMT_NONE;
3067 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
3068 u16 fc;
3069
3070 rx_status = (struct ieee80211_rx_status *) skb->cb;
3071 mgmt = (struct ieee80211_mgmt *) skb->data;
3072 fc = le16_to_cpu(mgmt->frame_control);
3073
3074 mutex_lock(&ifmgd->mtx);
3075
3076 switch (fc & IEEE80211_FCTL_STYPE) {
3077 case IEEE80211_STYPE_BEACON:
3078 rma = ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len,
3079 deauth_buf, rx_status);
3080 break;
3081 case IEEE80211_STYPE_PROBE_RESP:
3082 ieee80211_rx_mgmt_probe_resp(sdata, skb);
3083 break;
3084 case IEEE80211_STYPE_AUTH:
3085 rma = ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
3086 break;
3087 case IEEE80211_STYPE_DEAUTH:
3088 rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
3089 break;
3090 case IEEE80211_STYPE_DISASSOC:
3091 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
3092 break;
3093 case IEEE80211_STYPE_ASSOC_RESP:
3094 case IEEE80211_STYPE_REASSOC_RESP:
3095 rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss);
3096 break;
3097 case IEEE80211_STYPE_ACTION:
3098 switch (mgmt->u.action.category) {
3099 case WLAN_CATEGORY_SPECTRUM_MGMT:
3100 ieee80211_sta_process_chanswitch(sdata,
3101 &mgmt->u.action.u.chan_switch.sw_elem,
3102 (void *)ifmgd->associated->priv,
3103 rx_status->mactime);
3104 break;
3105 }
3106 }
3107 mutex_unlock(&ifmgd->mtx);
3108
3109 switch (rma) {
3110 case RX_MGMT_NONE:
3111 /* no action */
3112 break;
3113 case RX_MGMT_CFG80211_DEAUTH:
3114 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
3115 break;
3116 case RX_MGMT_CFG80211_DISASSOC:
3117 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
3118 break;
3119 case RX_MGMT_CFG80211_RX_AUTH:
3120 cfg80211_send_rx_auth(sdata->dev, (u8 *)mgmt, skb->len);
3121 break;
3122 case RX_MGMT_CFG80211_RX_ASSOC:
3123 cfg80211_send_rx_assoc(sdata->dev, bss, (u8 *)mgmt, skb->len);
3124 break;
3125 case RX_MGMT_CFG80211_ASSOC_TIMEOUT:
3126 cfg80211_send_assoc_timeout(sdata->dev, mgmt->bssid);
3127 break;
3128 case RX_MGMT_CFG80211_TX_DEAUTH:
3129 cfg80211_send_deauth(sdata->dev, deauth_buf,
3130 sizeof(deauth_buf));
3131 break;
3132 default:
3133 WARN(1, "unexpected: %d", rma);
3134 }
3135 }
3136
3137 static void ieee80211_sta_timer(unsigned long data)
3138 {
3139 struct ieee80211_sub_if_data *sdata =
3140 (struct ieee80211_sub_if_data *) data;
3141
3142 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3143 }
3144
3145 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
3146 u8 *bssid, u8 reason, bool tx)
3147 {
3148 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3149 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3150
3151 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
3152 tx, frame_buf);
3153 mutex_unlock(&ifmgd->mtx);
3154
3155 /*
3156 * must be outside lock due to cfg80211,
3157 * but that's not a problem.
3158 */
3159 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN);
3160
3161 mutex_lock(&ifmgd->mtx);
3162 }
3163
3164 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
3165 {
3166 struct ieee80211_local *local = sdata->local;
3167 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3168 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
3169 u32 tx_flags = 0;
3170
3171 lockdep_assert_held(&ifmgd->mtx);
3172
3173 if (WARN_ON_ONCE(!auth_data))
3174 return -EINVAL;
3175
3176 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3177 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
3178 IEEE80211_TX_INTFL_MLME_CONN_TX;
3179
3180 auth_data->tries++;
3181
3182 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
3183 sdata_info(sdata, "authentication with %pM timed out\n",
3184 auth_data->bss->bssid);
3185
3186 /*
3187 * Most likely AP is not in the range so remove the
3188 * bss struct for that AP.
3189 */
3190 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
3191
3192 return -ETIMEDOUT;
3193 }
3194
3195 drv_mgd_prepare_tx(local, sdata);
3196
3197 if (auth_data->bss->proberesp_ies) {
3198 u16 trans = 1;
3199 u16 status = 0;
3200
3201 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
3202 auth_data->bss->bssid, auth_data->tries,
3203 IEEE80211_AUTH_MAX_TRIES);
3204
3205 auth_data->expected_transaction = 2;
3206
3207 if (auth_data->algorithm == WLAN_AUTH_SAE) {
3208 trans = auth_data->sae_trans;
3209 status = auth_data->sae_status;
3210 auth_data->expected_transaction = trans;
3211 }
3212
3213 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
3214 auth_data->data, auth_data->data_len,
3215 auth_data->bss->bssid,
3216 auth_data->bss->bssid, NULL, 0, 0,
3217 tx_flags);
3218 } else {
3219 const u8 *ssidie;
3220
3221 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n",
3222 auth_data->bss->bssid, auth_data->tries,
3223 IEEE80211_AUTH_MAX_TRIES);
3224
3225 rcu_read_lock();
3226 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID);
3227 if (!ssidie) {
3228 rcu_read_unlock();
3229 return -EINVAL;
3230 }
3231 /*
3232 * Direct probe is sent to broadcast address as some APs
3233 * will not answer to direct packet in unassociated state.
3234 */
3235 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1],
3236 NULL, 0, (u32) -1, true, tx_flags,
3237 auth_data->bss->channel, false);
3238 rcu_read_unlock();
3239 }
3240
3241 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) {
3242 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
3243 ifmgd->auth_data->timeout_started = true;
3244 run_again(ifmgd, auth_data->timeout);
3245 } else {
3246 auth_data->timeout_started = false;
3247 }
3248
3249 return 0;
3250 }
3251
3252 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
3253 {
3254 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
3255 struct ieee80211_local *local = sdata->local;
3256
3257 lockdep_assert_held(&sdata->u.mgd.mtx);
3258
3259 assoc_data->tries++;
3260 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
3261 sdata_info(sdata, "association with %pM timed out\n",
3262 assoc_data->bss->bssid);
3263
3264 /*
3265 * Most likely AP is not in the range so remove the
3266 * bss struct for that AP.
3267 */
3268 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
3269
3270 return -ETIMEDOUT;
3271 }
3272
3273 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
3274 assoc_data->bss->bssid, assoc_data->tries,
3275 IEEE80211_ASSOC_MAX_TRIES);
3276 ieee80211_send_assoc(sdata);
3277
3278 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) {
3279 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
3280 assoc_data->timeout_started = true;
3281 run_again(&sdata->u.mgd, assoc_data->timeout);
3282 } else {
3283 assoc_data->timeout_started = false;
3284 }
3285
3286 return 0;
3287 }
3288
3289 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
3290 __le16 fc, bool acked)
3291 {
3292 struct ieee80211_local *local = sdata->local;
3293
3294 sdata->u.mgd.status_fc = fc;
3295 sdata->u.mgd.status_acked = acked;
3296 sdata->u.mgd.status_received = true;
3297
3298 ieee80211_queue_work(&local->hw, &sdata->work);
3299 }
3300
3301 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
3302 {
3303 struct ieee80211_local *local = sdata->local;
3304 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3305
3306 mutex_lock(&ifmgd->mtx);
3307
3308 if (ifmgd->status_received) {
3309 __le16 fc = ifmgd->status_fc;
3310 bool status_acked = ifmgd->status_acked;
3311
3312 ifmgd->status_received = false;
3313 if (ifmgd->auth_data &&
3314 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) {
3315 if (status_acked) {
3316 ifmgd->auth_data->timeout =
3317 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT;
3318 run_again(ifmgd, ifmgd->auth_data->timeout);
3319 } else {
3320 ifmgd->auth_data->timeout = jiffies - 1;
3321 }
3322 ifmgd->auth_data->timeout_started = true;
3323 } else if (ifmgd->assoc_data &&
3324 (ieee80211_is_assoc_req(fc) ||
3325 ieee80211_is_reassoc_req(fc))) {
3326 if (status_acked) {
3327 ifmgd->assoc_data->timeout =
3328 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
3329 run_again(ifmgd, ifmgd->assoc_data->timeout);
3330 } else {
3331 ifmgd->assoc_data->timeout = jiffies - 1;
3332 }
3333 ifmgd->assoc_data->timeout_started = true;
3334 }
3335 }
3336
3337 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
3338 time_after(jiffies, ifmgd->auth_data->timeout)) {
3339 if (ifmgd->auth_data->done) {
3340 /*
3341 * ok ... we waited for assoc but userspace didn't,
3342 * so let's just kill the auth data
3343 */
3344 ieee80211_destroy_auth_data(sdata, false);
3345 } else if (ieee80211_probe_auth(sdata)) {
3346 u8 bssid[ETH_ALEN];
3347
3348 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
3349
3350 ieee80211_destroy_auth_data(sdata, false);
3351
3352 mutex_unlock(&ifmgd->mtx);
3353 cfg80211_send_auth_timeout(sdata->dev, bssid);
3354 mutex_lock(&ifmgd->mtx);
3355 }
3356 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
3357 run_again(ifmgd, ifmgd->auth_data->timeout);
3358
3359 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
3360 time_after(jiffies, ifmgd->assoc_data->timeout)) {
3361 if ((ifmgd->assoc_data->need_beacon &&
3362 !ifmgd->assoc_data->have_beacon) ||
3363 ieee80211_do_assoc(sdata)) {
3364 u8 bssid[ETH_ALEN];
3365
3366 memcpy(bssid, ifmgd->assoc_data->bss->bssid, ETH_ALEN);
3367
3368 ieee80211_destroy_assoc_data(sdata, false);
3369
3370 mutex_unlock(&ifmgd->mtx);
3371 cfg80211_send_assoc_timeout(sdata->dev, bssid);
3372 mutex_lock(&ifmgd->mtx);
3373 }
3374 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
3375 run_again(ifmgd, ifmgd->assoc_data->timeout);
3376
3377 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
3378 IEEE80211_STA_CONNECTION_POLL) &&
3379 ifmgd->associated) {
3380 u8 bssid[ETH_ALEN];
3381 int max_tries;
3382
3383 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
3384
3385 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3386 max_tries = max_nullfunc_tries;
3387 else
3388 max_tries = max_probe_tries;
3389
3390 /* ACK received for nullfunc probing frame */
3391 if (!ifmgd->probe_send_count)
3392 ieee80211_reset_ap_probe(sdata);
3393 else if (ifmgd->nullfunc_failed) {
3394 if (ifmgd->probe_send_count < max_tries) {
3395 mlme_dbg(sdata,
3396 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
3397 bssid, ifmgd->probe_send_count,
3398 max_tries);
3399 ieee80211_mgd_probe_ap_send(sdata);
3400 } else {
3401 mlme_dbg(sdata,
3402 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
3403 bssid);
3404 ieee80211_sta_connection_lost(sdata, bssid,
3405 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
3406 false);
3407 }
3408 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
3409 run_again(ifmgd, ifmgd->probe_timeout);
3410 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
3411 mlme_dbg(sdata,
3412 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
3413 bssid, probe_wait_ms);
3414 ieee80211_sta_connection_lost(sdata, bssid,
3415 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3416 } else if (ifmgd->probe_send_count < max_tries) {
3417 mlme_dbg(sdata,
3418 "No probe response from AP %pM after %dms, try %d/%i\n",
3419 bssid, probe_wait_ms,
3420 ifmgd->probe_send_count, max_tries);
3421 ieee80211_mgd_probe_ap_send(sdata);
3422 } else {
3423 /*
3424 * We actually lost the connection ... or did we?
3425 * Let's make sure!
3426 */
3427 wiphy_debug(local->hw.wiphy,
3428 "%s: No probe response from AP %pM"
3429 " after %dms, disconnecting.\n",
3430 sdata->name,
3431 bssid, probe_wait_ms);
3432
3433 ieee80211_sta_connection_lost(sdata, bssid,
3434 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3435 }
3436 }
3437
3438 mutex_unlock(&ifmgd->mtx);
3439 }
3440
3441 static void ieee80211_sta_bcn_mon_timer(unsigned long data)
3442 {
3443 struct ieee80211_sub_if_data *sdata =
3444 (struct ieee80211_sub_if_data *) data;
3445 struct ieee80211_local *local = sdata->local;
3446
3447 if (local->quiescing)
3448 return;
3449
3450 sdata->u.mgd.connection_loss = false;
3451 ieee80211_queue_work(&sdata->local->hw,
3452 &sdata->u.mgd.beacon_connection_loss_work);
3453 }
3454
3455 static void ieee80211_sta_conn_mon_timer(unsigned long data)
3456 {
3457 struct ieee80211_sub_if_data *sdata =
3458 (struct ieee80211_sub_if_data *) data;
3459 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3460 struct ieee80211_local *local = sdata->local;
3461
3462 if (local->quiescing)
3463 return;
3464
3465 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
3466 }
3467
3468 static void ieee80211_sta_monitor_work(struct work_struct *work)
3469 {
3470 struct ieee80211_sub_if_data *sdata =
3471 container_of(work, struct ieee80211_sub_if_data,
3472 u.mgd.monitor_work);
3473
3474 ieee80211_mgd_probe_ap(sdata, false);
3475 }
3476
3477 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
3478 {
3479 u32 flags;
3480
3481 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
3482 __ieee80211_stop_poll(sdata);
3483
3484 /* let's probe the connection once */
3485 flags = sdata->local->hw.flags;
3486 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR))
3487 ieee80211_queue_work(&sdata->local->hw,
3488 &sdata->u.mgd.monitor_work);
3489 /* and do all the other regular work too */
3490 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3491 }
3492 }
3493
3494 /* interface setup */
3495 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
3496 {
3497 struct ieee80211_if_managed *ifmgd;
3498
3499 ifmgd = &sdata->u.mgd;
3500 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
3501 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
3502 INIT_WORK(&ifmgd->beacon_connection_loss_work,
3503 ieee80211_beacon_connection_loss_work);
3504 INIT_WORK(&ifmgd->csa_connection_drop_work,
3505 ieee80211_csa_connection_drop_work);
3506 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work);
3507 setup_timer(&ifmgd->timer, ieee80211_sta_timer,
3508 (unsigned long) sdata);
3509 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
3510 (unsigned long) sdata);
3511 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer,
3512 (unsigned long) sdata);
3513 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
3514 (unsigned long) sdata);
3515
3516 ifmgd->flags = 0;
3517 ifmgd->powersave = sdata->wdev.ps;
3518 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
3519 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
3520 ifmgd->p2p_noa_index = -1;
3521
3522 mutex_init(&ifmgd->mtx);
3523
3524 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
3525 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
3526 else
3527 ifmgd->req_smps = IEEE80211_SMPS_OFF;
3528 }
3529
3530 /* scan finished notification */
3531 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
3532 {
3533 struct ieee80211_sub_if_data *sdata;
3534
3535 /* Restart STA timers */
3536 rcu_read_lock();
3537 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3538 if (ieee80211_sdata_running(sdata))
3539 ieee80211_restart_sta_timer(sdata);
3540 }
3541 rcu_read_unlock();
3542 }
3543
3544 int ieee80211_max_network_latency(struct notifier_block *nb,
3545 unsigned long data, void *dummy)
3546 {
3547 s32 latency_usec = (s32) data;
3548 struct ieee80211_local *local =
3549 container_of(nb, struct ieee80211_local,
3550 network_latency_notifier);
3551
3552 mutex_lock(&local->iflist_mtx);
3553 ieee80211_recalc_ps(local, latency_usec);
3554 mutex_unlock(&local->iflist_mtx);
3555
3556 return 0;
3557 }
3558
3559 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata,
3560 struct cfg80211_bss *cbss)
3561 {
3562 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3563 const u8 *ht_cap_ie, *vht_cap_ie;
3564 const struct ieee80211_ht_cap *ht_cap;
3565 const struct ieee80211_vht_cap *vht_cap;
3566 u8 chains = 1;
3567
3568 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT)
3569 return chains;
3570
3571 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3572 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) {
3573 ht_cap = (void *)(ht_cap_ie + 2);
3574 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
3575 /*
3576 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
3577 * "Tx Unequal Modulation Supported" fields.
3578 */
3579 }
3580
3581 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
3582 return chains;
3583
3584 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3585 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) {
3586 u8 nss;
3587 u16 tx_mcs_map;
3588
3589 vht_cap = (void *)(vht_cap_ie + 2);
3590 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
3591 for (nss = 8; nss > 0; nss--) {
3592 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
3593 IEEE80211_VHT_MCS_NOT_SUPPORTED)
3594 break;
3595 }
3596 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
3597 chains = max(chains, nss);
3598 }
3599
3600 return chains;
3601 }
3602
3603 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
3604 struct cfg80211_bss *cbss)
3605 {
3606 struct ieee80211_local *local = sdata->local;
3607 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3608 const struct ieee80211_ht_operation *ht_oper = NULL;
3609 const struct ieee80211_vht_operation *vht_oper = NULL;
3610 struct ieee80211_supported_band *sband;
3611 struct cfg80211_chan_def chandef;
3612 int ret;
3613
3614 sband = local->hw.wiphy->bands[cbss->channel->band];
3615
3616 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
3617 IEEE80211_STA_DISABLE_80P80MHZ |
3618 IEEE80211_STA_DISABLE_160MHZ);
3619
3620 rcu_read_lock();
3621
3622 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3623 sband->ht_cap.ht_supported) {
3624 const u8 *ht_oper_ie, *ht_cap;
3625
3626 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
3627 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
3628 ht_oper = (void *)(ht_oper_ie + 2);
3629
3630 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3631 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) {
3632 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3633 ht_oper = NULL;
3634 }
3635 }
3636
3637 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3638 sband->vht_cap.vht_supported) {
3639 const u8 *vht_oper_ie, *vht_cap;
3640
3641 vht_oper_ie = ieee80211_bss_get_ie(cbss,
3642 WLAN_EID_VHT_OPERATION);
3643 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
3644 vht_oper = (void *)(vht_oper_ie + 2);
3645 if (vht_oper && !ht_oper) {
3646 vht_oper = NULL;
3647 sdata_info(sdata,
3648 "AP advertised VHT without HT, disabling both\n");
3649 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3650 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3651 }
3652
3653 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3654 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
3655 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3656 vht_oper = NULL;
3657 }
3658 }
3659
3660 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
3661 cbss->channel,
3662 ht_oper, vht_oper,
3663 &chandef, true);
3664
3665 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
3666 local->rx_chains);
3667
3668 rcu_read_unlock();
3669
3670 /* will change later if needed */
3671 sdata->smps_mode = IEEE80211_SMPS_OFF;
3672
3673 /*
3674 * If this fails (possibly due to channel context sharing
3675 * on incompatible channels, e.g. 80+80 and 160 sharing the
3676 * same control channel) try to use a smaller bandwidth.
3677 */
3678 ret = ieee80211_vif_use_channel(sdata, &chandef,
3679 IEEE80211_CHANCTX_SHARED);
3680 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
3681 ifmgd->flags |= chandef_downgrade(&chandef);
3682 ret = ieee80211_vif_use_channel(sdata, &chandef,
3683 IEEE80211_CHANCTX_SHARED);
3684 }
3685 return ret;
3686 }
3687
3688 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3689 struct cfg80211_bss *cbss, bool assoc)
3690 {
3691 struct ieee80211_local *local = sdata->local;
3692 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3693 struct ieee80211_bss *bss = (void *)cbss->priv;
3694 struct sta_info *new_sta = NULL;
3695 bool have_sta = false;
3696 int err;
3697
3698 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
3699 return -EINVAL;
3700
3701 if (assoc) {
3702 rcu_read_lock();
3703 have_sta = sta_info_get(sdata, cbss->bssid);
3704 rcu_read_unlock();
3705 }
3706
3707 if (!have_sta) {
3708 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
3709 if (!new_sta)
3710 return -ENOMEM;
3711 }
3712
3713 if (new_sta) {
3714 u32 rates = 0, basic_rates = 0;
3715 bool have_higher_than_11mbit;
3716 int min_rate = INT_MAX, min_rate_index = -1;
3717 struct ieee80211_supported_band *sband;
3718 const struct cfg80211_bss_ies *ies;
3719
3720 sband = local->hw.wiphy->bands[cbss->channel->band];
3721
3722 err = ieee80211_prep_channel(sdata, cbss);
3723 if (err) {
3724 sta_info_free(local, new_sta);
3725 return err;
3726 }
3727
3728 ieee80211_get_rates(sband, bss->supp_rates,
3729 bss->supp_rates_len,
3730 &rates, &basic_rates,
3731 &have_higher_than_11mbit,
3732 &min_rate, &min_rate_index);
3733
3734 /*
3735 * This used to be a workaround for basic rates missing
3736 * in the association response frame. Now that we no
3737 * longer use the basic rates from there, it probably
3738 * doesn't happen any more, but keep the workaround so
3739 * in case some *other* APs are buggy in different ways
3740 * we can connect -- with a warning.
3741 */
3742 if (!basic_rates && min_rate_index >= 0) {
3743 sdata_info(sdata,
3744 "No basic rates, using min rate instead\n");
3745 basic_rates = BIT(min_rate_index);
3746 }
3747
3748 new_sta->sta.supp_rates[cbss->channel->band] = rates;
3749 sdata->vif.bss_conf.basic_rates = basic_rates;
3750
3751 /* cf. IEEE 802.11 9.2.12 */
3752 if (cbss->channel->band == IEEE80211_BAND_2GHZ &&
3753 have_higher_than_11mbit)
3754 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
3755 else
3756 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
3757
3758 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
3759
3760 /* set timing information */
3761 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
3762 rcu_read_lock();
3763 ies = rcu_dereference(cbss->beacon_ies);
3764 if (ies) {
3765 const u8 *tim_ie;
3766
3767 sdata->vif.bss_conf.sync_tsf = ies->tsf;
3768 sdata->vif.bss_conf.sync_device_ts =
3769 bss->device_ts_beacon;
3770 tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
3771 ies->data, ies->len);
3772 if (tim_ie && tim_ie[1] >= 2)
3773 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2];
3774 else
3775 sdata->vif.bss_conf.sync_dtim_count = 0;
3776 } else if (!(local->hw.flags &
3777 IEEE80211_HW_TIMING_BEACON_ONLY)) {
3778 ies = rcu_dereference(cbss->proberesp_ies);
3779 /* must be non-NULL since beacon IEs were NULL */
3780 sdata->vif.bss_conf.sync_tsf = ies->tsf;
3781 sdata->vif.bss_conf.sync_device_ts =
3782 bss->device_ts_presp;
3783 sdata->vif.bss_conf.sync_dtim_count = 0;
3784 } else {
3785 sdata->vif.bss_conf.sync_tsf = 0;
3786 sdata->vif.bss_conf.sync_device_ts = 0;
3787 sdata->vif.bss_conf.sync_dtim_count = 0;
3788 }
3789 rcu_read_unlock();
3790
3791 /* tell driver about BSSID, basic rates and timing */
3792 ieee80211_bss_info_change_notify(sdata,
3793 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
3794 BSS_CHANGED_BEACON_INT);
3795
3796 if (assoc)
3797 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
3798
3799 err = sta_info_insert(new_sta);
3800 new_sta = NULL;
3801 if (err) {
3802 sdata_info(sdata,
3803 "failed to insert STA entry for the AP (error %d)\n",
3804 err);
3805 return err;
3806 }
3807 } else
3808 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
3809
3810 return 0;
3811 }
3812
3813 /* config hooks */
3814 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
3815 struct cfg80211_auth_request *req)
3816 {
3817 struct ieee80211_local *local = sdata->local;
3818 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3819 struct ieee80211_mgd_auth_data *auth_data;
3820 u16 auth_alg;
3821 int err;
3822
3823 /* prepare auth data structure */
3824
3825 switch (req->auth_type) {
3826 case NL80211_AUTHTYPE_OPEN_SYSTEM:
3827 auth_alg = WLAN_AUTH_OPEN;
3828 break;
3829 case NL80211_AUTHTYPE_SHARED_KEY:
3830 if (IS_ERR(local->wep_tx_tfm))
3831 return -EOPNOTSUPP;
3832 auth_alg = WLAN_AUTH_SHARED_KEY;
3833 break;
3834 case NL80211_AUTHTYPE_FT:
3835 auth_alg = WLAN_AUTH_FT;
3836 break;
3837 case NL80211_AUTHTYPE_NETWORK_EAP:
3838 auth_alg = WLAN_AUTH_LEAP;
3839 break;
3840 case NL80211_AUTHTYPE_SAE:
3841 auth_alg = WLAN_AUTH_SAE;
3842 break;
3843 default:
3844 return -EOPNOTSUPP;
3845 }
3846
3847 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len +
3848 req->ie_len, GFP_KERNEL);
3849 if (!auth_data)
3850 return -ENOMEM;
3851
3852 auth_data->bss = req->bss;
3853
3854 if (req->sae_data_len >= 4) {
3855 __le16 *pos = (__le16 *) req->sae_data;
3856 auth_data->sae_trans = le16_to_cpu(pos[0]);
3857 auth_data->sae_status = le16_to_cpu(pos[1]);
3858 memcpy(auth_data->data, req->sae_data + 4,
3859 req->sae_data_len - 4);
3860 auth_data->data_len += req->sae_data_len - 4;
3861 }
3862
3863 if (req->ie && req->ie_len) {
3864 memcpy(&auth_data->data[auth_data->data_len],
3865 req->ie, req->ie_len);
3866 auth_data->data_len += req->ie_len;
3867 }
3868
3869 if (req->key && req->key_len) {
3870 auth_data->key_len = req->key_len;
3871 auth_data->key_idx = req->key_idx;
3872 memcpy(auth_data->key, req->key, req->key_len);
3873 }
3874
3875 auth_data->algorithm = auth_alg;
3876
3877 /* try to authenticate/probe */
3878
3879 mutex_lock(&ifmgd->mtx);
3880
3881 if ((ifmgd->auth_data && !ifmgd->auth_data->done) ||
3882 ifmgd->assoc_data) {
3883 err = -EBUSY;
3884 goto err_free;
3885 }
3886
3887 if (ifmgd->auth_data)
3888 ieee80211_destroy_auth_data(sdata, false);
3889
3890 /* prep auth_data so we don't go into idle on disassoc */
3891 ifmgd->auth_data = auth_data;
3892
3893 if (ifmgd->associated)
3894 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3895
3896 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
3897
3898 err = ieee80211_prep_connection(sdata, req->bss, false);
3899 if (err)
3900 goto err_clear;
3901
3902 err = ieee80211_probe_auth(sdata);
3903 if (err) {
3904 sta_info_destroy_addr(sdata, req->bss->bssid);
3905 goto err_clear;
3906 }
3907
3908 /* hold our own reference */
3909 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
3910 err = 0;
3911 goto out_unlock;
3912
3913 err_clear:
3914 memset(ifmgd->bssid, 0, ETH_ALEN);
3915 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
3916 ifmgd->auth_data = NULL;
3917 err_free:
3918 kfree(auth_data);
3919 out_unlock:
3920 mutex_unlock(&ifmgd->mtx);
3921
3922 return err;
3923 }
3924
3925 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
3926 struct cfg80211_assoc_request *req)
3927 {
3928 struct ieee80211_local *local = sdata->local;
3929 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3930 struct ieee80211_bss *bss = (void *)req->bss->priv;
3931 struct ieee80211_mgd_assoc_data *assoc_data;
3932 const struct cfg80211_bss_ies *beacon_ies;
3933 struct ieee80211_supported_band *sband;
3934 const u8 *ssidie, *ht_ie, *vht_ie;
3935 int i, err;
3936
3937 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
3938 if (!assoc_data)
3939 return -ENOMEM;
3940
3941 rcu_read_lock();
3942 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
3943 if (!ssidie) {
3944 rcu_read_unlock();
3945 kfree(assoc_data);
3946 return -EINVAL;
3947 }
3948 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
3949 assoc_data->ssid_len = ssidie[1];
3950 rcu_read_unlock();
3951
3952 mutex_lock(&ifmgd->mtx);
3953
3954 if (ifmgd->associated)
3955 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3956
3957 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
3958 err = -EBUSY;
3959 goto err_free;
3960 }
3961
3962 if (ifmgd->assoc_data) {
3963 err = -EBUSY;
3964 goto err_free;
3965 }
3966
3967 if (ifmgd->auth_data) {
3968 bool match;
3969
3970 /* keep sta info, bssid if matching */
3971 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
3972 ieee80211_destroy_auth_data(sdata, match);
3973 }
3974
3975 /* prepare assoc data */
3976
3977 ifmgd->beacon_crc_valid = false;
3978
3979 /*
3980 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
3981 * We still associate in non-HT mode (11a/b/g) if any one of these
3982 * ciphers is configured as pairwise.
3983 * We can set this to true for non-11n hardware, that'll be checked
3984 * separately along with the peer capabilities.
3985 */
3986 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
3987 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
3988 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
3989 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
3990 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3991 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3992 netdev_info(sdata->dev,
3993 "disabling HT/VHT due to WEP/TKIP use\n");
3994 }
3995 }
3996
3997 if (req->flags & ASSOC_REQ_DISABLE_HT) {
3998 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3999 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4000 }
4001
4002 if (req->flags & ASSOC_REQ_DISABLE_VHT)
4003 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4004
4005 /* Also disable HT if we don't support it or the AP doesn't use WMM */
4006 sband = local->hw.wiphy->bands[req->bss->channel->band];
4007 if (!sband->ht_cap.ht_supported ||
4008 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) {
4009 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4010 if (!bss->wmm_used)
4011 netdev_info(sdata->dev,
4012 "disabling HT as WMM/QoS is not supported by the AP\n");
4013 }
4014
4015 /* disable VHT if we don't support it or the AP doesn't use WMM */
4016 if (!sband->vht_cap.vht_supported ||
4017 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) {
4018 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4019 if (!bss->wmm_used)
4020 netdev_info(sdata->dev,
4021 "disabling VHT as WMM/QoS is not supported by the AP\n");
4022 }
4023
4024 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
4025 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
4026 sizeof(ifmgd->ht_capa_mask));
4027
4028 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
4029 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
4030 sizeof(ifmgd->vht_capa_mask));
4031
4032 if (req->ie && req->ie_len) {
4033 memcpy(assoc_data->ie, req->ie, req->ie_len);
4034 assoc_data->ie_len = req->ie_len;
4035 }
4036
4037 assoc_data->bss = req->bss;
4038
4039 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
4040 if (ifmgd->powersave)
4041 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
4042 else
4043 sdata->smps_mode = IEEE80211_SMPS_OFF;
4044 } else
4045 sdata->smps_mode = ifmgd->req_smps;
4046
4047 assoc_data->capability = req->bss->capability;
4048 assoc_data->wmm = bss->wmm_used &&
4049 (local->hw.queues >= IEEE80211_NUM_ACS);
4050 assoc_data->supp_rates = bss->supp_rates;
4051 assoc_data->supp_rates_len = bss->supp_rates_len;
4052
4053 rcu_read_lock();
4054 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
4055 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
4056 assoc_data->ap_ht_param =
4057 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
4058 else
4059 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4060 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY);
4061 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap))
4062 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2,
4063 sizeof(struct ieee80211_vht_cap));
4064 else
4065 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4066 rcu_read_unlock();
4067
4068 if (bss->wmm_used && bss->uapsd_supported &&
4069 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) &&
4070 sdata->wmm_acm != 0xff) {
4071 assoc_data->uapsd = true;
4072 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
4073 } else {
4074 assoc_data->uapsd = false;
4075 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
4076 }
4077
4078 if (req->prev_bssid)
4079 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
4080
4081 if (req->use_mfp) {
4082 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
4083 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
4084 } else {
4085 ifmgd->mfp = IEEE80211_MFP_DISABLED;
4086 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
4087 }
4088
4089 if (req->crypto.control_port)
4090 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
4091 else
4092 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
4093
4094 sdata->control_port_protocol = req->crypto.control_port_ethertype;
4095 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
4096
4097 /* kick off associate process */
4098
4099 ifmgd->assoc_data = assoc_data;
4100 ifmgd->dtim_period = 0;
4101
4102 err = ieee80211_prep_connection(sdata, req->bss, true);
4103 if (err)
4104 goto err_clear;
4105
4106 rcu_read_lock();
4107 beacon_ies = rcu_dereference(req->bss->beacon_ies);
4108
4109 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC &&
4110 !beacon_ies) {
4111 /*
4112 * Wait up to one beacon interval ...
4113 * should this be more if we miss one?
4114 */
4115 sdata_info(sdata, "waiting for beacon from %pM\n",
4116 ifmgd->bssid);
4117 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
4118 assoc_data->timeout_started = true;
4119 assoc_data->need_beacon = true;
4120 } else if (beacon_ies) {
4121 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
4122 beacon_ies->data,
4123 beacon_ies->len);
4124 u8 dtim_count = 0;
4125
4126 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) {
4127 const struct ieee80211_tim_ie *tim;
4128 tim = (void *)(tim_ie + 2);
4129 ifmgd->dtim_period = tim->dtim_period;
4130 dtim_count = tim->dtim_count;
4131 }
4132 assoc_data->have_beacon = true;
4133 assoc_data->timeout = jiffies;
4134 assoc_data->timeout_started = true;
4135
4136 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
4137 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf;
4138 sdata->vif.bss_conf.sync_device_ts =
4139 bss->device_ts_beacon;
4140 sdata->vif.bss_conf.sync_dtim_count = dtim_count;
4141 }
4142 } else {
4143 assoc_data->timeout = jiffies;
4144 assoc_data->timeout_started = true;
4145 }
4146 rcu_read_unlock();
4147
4148 run_again(ifmgd, assoc_data->timeout);
4149
4150 if (bss->corrupt_data) {
4151 char *corrupt_type = "data";
4152 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
4153 if (bss->corrupt_data &
4154 IEEE80211_BSS_CORRUPT_PROBE_RESP)
4155 corrupt_type = "beacon and probe response";
4156 else
4157 corrupt_type = "beacon";
4158 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
4159 corrupt_type = "probe response";
4160 sdata_info(sdata, "associating with AP with corrupt %s\n",
4161 corrupt_type);
4162 }
4163
4164 err = 0;
4165 goto out;
4166 err_clear:
4167 memset(ifmgd->bssid, 0, ETH_ALEN);
4168 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
4169 ifmgd->assoc_data = NULL;
4170 err_free:
4171 kfree(assoc_data);
4172 out:
4173 mutex_unlock(&ifmgd->mtx);
4174
4175 return err;
4176 }
4177
4178 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
4179 struct cfg80211_deauth_request *req)
4180 {
4181 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4182 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4183 bool tx = !req->local_state_change;
4184 bool sent_frame = false;
4185
4186 mutex_lock(&ifmgd->mtx);
4187
4188 sdata_info(sdata,
4189 "deauthenticating from %pM by local choice (reason=%d)\n",
4190 req->bssid, req->reason_code);
4191
4192 if (ifmgd->auth_data) {
4193 drv_mgd_prepare_tx(sdata->local, sdata);
4194 ieee80211_send_deauth_disassoc(sdata, req->bssid,
4195 IEEE80211_STYPE_DEAUTH,
4196 req->reason_code, tx,
4197 frame_buf);
4198 ieee80211_destroy_auth_data(sdata, false);
4199 mutex_unlock(&ifmgd->mtx);
4200
4201 sent_frame = tx;
4202 goto out;
4203 }
4204
4205 if (ifmgd->associated &&
4206 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
4207 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4208 req->reason_code, tx, frame_buf);
4209 sent_frame = tx;
4210 }
4211 mutex_unlock(&ifmgd->mtx);
4212
4213 out:
4214 if (sent_frame)
4215 __cfg80211_send_deauth(sdata->dev, frame_buf,
4216 IEEE80211_DEAUTH_FRAME_LEN);
4217
4218 return 0;
4219 }
4220
4221 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
4222 struct cfg80211_disassoc_request *req)
4223 {
4224 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4225 u8 bssid[ETH_ALEN];
4226 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4227
4228 mutex_lock(&ifmgd->mtx);
4229
4230 /*
4231 * cfg80211 should catch this ... but it's racy since
4232 * we can receive a disassoc frame, process it, hand it
4233 * to cfg80211 while that's in a locked section already
4234 * trying to tell us that the user wants to disconnect.
4235 */
4236 if (ifmgd->associated != req->bss) {
4237 mutex_unlock(&ifmgd->mtx);
4238 return -ENOLINK;
4239 }
4240
4241 sdata_info(sdata,
4242 "disassociating from %pM by local choice (reason=%d)\n",
4243 req->bss->bssid, req->reason_code);
4244
4245 memcpy(bssid, req->bss->bssid, ETH_ALEN);
4246 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
4247 req->reason_code, !req->local_state_change,
4248 frame_buf);
4249 mutex_unlock(&ifmgd->mtx);
4250
4251 __cfg80211_send_disassoc(sdata->dev, frame_buf,
4252 IEEE80211_DEAUTH_FRAME_LEN);
4253
4254 return 0;
4255 }
4256
4257 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
4258 {
4259 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4260
4261 /*
4262 * Make sure some work items will not run after this,
4263 * they will not do anything but might not have been
4264 * cancelled when disconnecting.
4265 */
4266 cancel_work_sync(&ifmgd->monitor_work);
4267 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
4268 cancel_work_sync(&ifmgd->request_smps_work);
4269 cancel_work_sync(&ifmgd->csa_connection_drop_work);
4270 cancel_work_sync(&ifmgd->chswitch_work);
4271
4272 mutex_lock(&ifmgd->mtx);
4273 if (ifmgd->assoc_data)
4274 ieee80211_destroy_assoc_data(sdata, false);
4275 if (ifmgd->auth_data)
4276 ieee80211_destroy_auth_data(sdata, false);
4277 del_timer_sync(&ifmgd->timer);
4278 mutex_unlock(&ifmgd->mtx);
4279 }
4280
4281 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
4282 enum nl80211_cqm_rssi_threshold_event rssi_event,
4283 gfp_t gfp)
4284 {
4285 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4286
4287 trace_api_cqm_rssi_notify(sdata, rssi_event);
4288
4289 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp);
4290 }
4291 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
Linux kernel - Deliverables
This page took 0.135319 seconds and 5 git commands to generate.