1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/pm_qos.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) 35 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 36 #define IEEE80211_AUTH_MAX_TRIES 3 37 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 38 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 39 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 40 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 41 #define IEEE80211_ASSOC_MAX_TRIES 3 42 43 static int max_nullfunc_tries = 2; 44 module_param(max_nullfunc_tries, int, 0644); 45 MODULE_PARM_DESC(max_nullfunc_tries, 46 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 47 48 static int max_probe_tries = 5; 49 module_param(max_probe_tries, int, 0644); 50 MODULE_PARM_DESC(max_probe_tries, 51 "Maximum probe tries before disconnecting (reason 4)."); 52 53 /* 54 * Beacon loss timeout is calculated as N frames times the 55 * advertised beacon interval. This may need to be somewhat 56 * higher than what hardware might detect to account for 57 * delays in the host processing frames. But since we also 58 * probe on beacon miss before declaring the connection lost 59 * default to what we want. 60 */ 61 static int beacon_loss_count = 7; 62 module_param(beacon_loss_count, int, 0644); 63 MODULE_PARM_DESC(beacon_loss_count, 64 "Number of beacon intervals before we decide beacon was lost."); 65 66 /* 67 * Time the connection can be idle before we probe 68 * it to see if we can still talk to the AP. 69 */ 70 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 71 /* 72 * Time we wait for a probe response after sending 73 * a probe request because of beacon loss or for 74 * checking the connection still works. 75 */ 76 static int probe_wait_ms = 500; 77 module_param(probe_wait_ms, int, 0644); 78 MODULE_PARM_DESC(probe_wait_ms, 79 "Maximum time(ms) to wait for probe response" 80 " before disconnecting (reason 4)."); 81 82 /* 83 * Weight given to the latest Beacon frame when calculating average signal 84 * strength for Beacon frames received in the current BSS. This must be 85 * between 1 and 15. 86 */ 87 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 88 89 /* 90 * How many Beacon frames need to have been used in average signal strength 91 * before starting to indicate signal change events. 92 */ 93 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 94 95 /* 96 * We can have multiple work items (and connection probing) 97 * scheduling this timer, but we need to take care to only 98 * reschedule it when it should fire _earlier_ than it was 99 * asked for before, or if it's not pending right now. This 100 * function ensures that. Note that it then is required to 101 * run this function for all timeouts after the first one 102 * has happened -- the work that runs from this timer will 103 * do that. 104 */ 105 static void run_again(struct ieee80211_sub_if_data *sdata, 106 unsigned long timeout) 107 { 108 sdata_assert_lock(sdata); 109 110 if (!timer_pending(&sdata->u.mgd.timer) || 111 time_before(timeout, sdata->u.mgd.timer.expires)) 112 mod_timer(&sdata->u.mgd.timer, timeout); 113 } 114 115 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 116 { 117 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 118 return; 119 120 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 121 return; 122 123 mod_timer(&sdata->u.mgd.bcn_mon_timer, 124 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 125 } 126 127 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 128 { 129 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 130 131 if (unlikely(!sdata->u.mgd.associated)) 132 return; 133 134 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 135 return; 136 137 mod_timer(&sdata->u.mgd.conn_mon_timer, 138 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 139 140 ifmgd->probe_send_count = 0; 141 } 142 143 static int ecw2cw(int ecw) 144 { 145 return (1 << ecw) - 1; 146 } 147 148 static u32 chandef_downgrade(struct cfg80211_chan_def *c) 149 { 150 u32 ret; 151 int tmp; 152 153 switch (c->width) { 154 case NL80211_CHAN_WIDTH_20: 155 c->width = NL80211_CHAN_WIDTH_20_NOHT; 156 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 157 break; 158 case NL80211_CHAN_WIDTH_40: 159 c->width = NL80211_CHAN_WIDTH_20; 160 c->center_freq1 = c->chan->center_freq; 161 ret = IEEE80211_STA_DISABLE_40MHZ | 162 IEEE80211_STA_DISABLE_VHT; 163 break; 164 case NL80211_CHAN_WIDTH_80: 165 tmp = (30 + c->chan->center_freq - c->center_freq1)/20; 166 /* n_P40 */ 167 tmp /= 2; 168 /* freq_P40 */ 169 c->center_freq1 = c->center_freq1 - 20 + 40 * tmp; 170 c->width = NL80211_CHAN_WIDTH_40; 171 ret = IEEE80211_STA_DISABLE_VHT; 172 break; 173 case NL80211_CHAN_WIDTH_80P80: 174 c->center_freq2 = 0; 175 c->width = NL80211_CHAN_WIDTH_80; 176 ret = IEEE80211_STA_DISABLE_80P80MHZ | 177 IEEE80211_STA_DISABLE_160MHZ; 178 break; 179 case NL80211_CHAN_WIDTH_160: 180 /* n_P20 */ 181 tmp = (70 + c->chan->center_freq - c->center_freq1)/20; 182 /* n_P80 */ 183 tmp /= 4; 184 c->center_freq1 = c->center_freq1 - 40 + 80 * tmp; 185 c->width = NL80211_CHAN_WIDTH_80; 186 ret = IEEE80211_STA_DISABLE_80P80MHZ | 187 IEEE80211_STA_DISABLE_160MHZ; 188 break; 189 default: 190 case NL80211_CHAN_WIDTH_20_NOHT: 191 WARN_ON_ONCE(1); 192 c->width = NL80211_CHAN_WIDTH_20_NOHT; 193 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 194 break; 195 case NL80211_CHAN_WIDTH_5: 196 case NL80211_CHAN_WIDTH_10: 197 WARN_ON_ONCE(1); 198 /* keep c->width */ 199 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 200 break; 201 } 202 203 WARN_ON_ONCE(!cfg80211_chandef_valid(c)); 204 205 return ret; 206 } 207 208 static u32 209 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 210 struct ieee80211_supported_band *sband, 211 struct ieee80211_channel *channel, 212 const struct ieee80211_ht_operation *ht_oper, 213 const struct ieee80211_vht_operation *vht_oper, 214 struct cfg80211_chan_def *chandef, bool tracking) 215 { 216 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 217 struct cfg80211_chan_def vht_chandef; 218 u32 ht_cfreq, ret; 219 220 chandef->chan = channel; 221 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 222 chandef->center_freq1 = channel->center_freq; 223 chandef->center_freq2 = 0; 224 225 if (!ht_oper || !sband->ht_cap.ht_supported) { 226 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 227 goto out; 228 } 229 230 chandef->width = NL80211_CHAN_WIDTH_20; 231 232 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 233 channel->band); 234 /* check that channel matches the right operating channel */ 235 if (!tracking && channel->center_freq != ht_cfreq) { 236 /* 237 * It's possible that some APs are confused here; 238 * Netgear WNDR3700 sometimes reports 4 higher than 239 * the actual channel in association responses, but 240 * since we look at probe response/beacon data here 241 * it should be OK. 242 */ 243 sdata_info(sdata, 244 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 245 channel->center_freq, ht_cfreq, 246 ht_oper->primary_chan, channel->band); 247 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 248 goto out; 249 } 250 251 /* check 40 MHz support, if we have it */ 252 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 253 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 254 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 255 chandef->width = NL80211_CHAN_WIDTH_40; 256 chandef->center_freq1 += 10; 257 break; 258 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 259 chandef->width = NL80211_CHAN_WIDTH_40; 260 chandef->center_freq1 -= 10; 261 break; 262 } 263 } else { 264 /* 40 MHz (and 80 MHz) must be supported for VHT */ 265 ret = IEEE80211_STA_DISABLE_VHT; 266 /* also mark 40 MHz disabled */ 267 ret |= IEEE80211_STA_DISABLE_40MHZ; 268 goto out; 269 } 270 271 if (!vht_oper || !sband->vht_cap.vht_supported) { 272 ret = IEEE80211_STA_DISABLE_VHT; 273 goto out; 274 } 275 276 vht_chandef.chan = channel; 277 vht_chandef.center_freq1 = 278 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 279 channel->band); 280 vht_chandef.center_freq2 = 0; 281 282 switch (vht_oper->chan_width) { 283 case IEEE80211_VHT_CHANWIDTH_USE_HT: 284 vht_chandef.width = chandef->width; 285 break; 286 case IEEE80211_VHT_CHANWIDTH_80MHZ: 287 vht_chandef.width = NL80211_CHAN_WIDTH_80; 288 break; 289 case IEEE80211_VHT_CHANWIDTH_160MHZ: 290 vht_chandef.width = NL80211_CHAN_WIDTH_160; 291 break; 292 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 293 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 294 vht_chandef.center_freq2 = 295 ieee80211_channel_to_frequency( 296 vht_oper->center_freq_seg2_idx, 297 channel->band); 298 break; 299 default: 300 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 301 sdata_info(sdata, 302 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 303 vht_oper->chan_width); 304 ret = IEEE80211_STA_DISABLE_VHT; 305 goto out; 306 } 307 308 if (!cfg80211_chandef_valid(&vht_chandef)) { 309 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 310 sdata_info(sdata, 311 "AP VHT information is invalid, disable VHT\n"); 312 ret = IEEE80211_STA_DISABLE_VHT; 313 goto out; 314 } 315 316 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 317 ret = 0; 318 goto out; 319 } 320 321 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 322 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 323 sdata_info(sdata, 324 "AP VHT information doesn't match HT, disable VHT\n"); 325 ret = IEEE80211_STA_DISABLE_VHT; 326 goto out; 327 } 328 329 *chandef = vht_chandef; 330 331 ret = 0; 332 333 out: 334 /* don't print the message below for VHT mismatch if VHT is disabled */ 335 if (ret & IEEE80211_STA_DISABLE_VHT) 336 vht_chandef = *chandef; 337 338 /* 339 * Ignore the DISABLED flag when we're already connected and only 340 * tracking the APs beacon for bandwidth changes - otherwise we 341 * might get disconnected here if we connect to an AP, update our 342 * regulatory information based on the AP's country IE and the 343 * information we have is wrong/outdated and disables the channel 344 * that we're actually using for the connection to the AP. 345 */ 346 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 347 tracking ? 0 : 348 IEEE80211_CHAN_DISABLED)) { 349 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 350 ret = IEEE80211_STA_DISABLE_HT | 351 IEEE80211_STA_DISABLE_VHT; 352 break; 353 } 354 355 ret |= chandef_downgrade(chandef); 356 } 357 358 if (chandef->width != vht_chandef.width && !tracking) 359 sdata_info(sdata, 360 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 361 362 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 363 return ret; 364 } 365 366 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 367 struct sta_info *sta, 368 const struct ieee80211_ht_operation *ht_oper, 369 const struct ieee80211_vht_operation *vht_oper, 370 const u8 *bssid, u32 *changed) 371 { 372 struct ieee80211_local *local = sdata->local; 373 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 374 struct ieee80211_supported_band *sband; 375 struct ieee80211_channel *chan; 376 struct cfg80211_chan_def chandef; 377 u16 ht_opmode; 378 u32 flags; 379 enum ieee80211_sta_rx_bandwidth new_sta_bw; 380 int ret; 381 382 /* if HT was/is disabled, don't track any bandwidth changes */ 383 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 384 return 0; 385 386 /* don't check VHT if we associated as non-VHT station */ 387 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 388 vht_oper = NULL; 389 390 if (WARN_ON_ONCE(!sta)) 391 return -EINVAL; 392 393 chan = sdata->vif.bss_conf.chandef.chan; 394 sband = local->hw.wiphy->bands[chan->band]; 395 396 /* calculate new channel (type) based on HT/VHT operation IEs */ 397 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, 398 vht_oper, &chandef, true); 399 400 /* 401 * Downgrade the new channel if we associated with restricted 402 * capabilities. For example, if we associated as a 20 MHz STA 403 * to a 40 MHz AP (due to regulatory, capabilities or config 404 * reasons) then switching to a 40 MHz channel now won't do us 405 * any good -- we couldn't use it with the AP. 406 */ 407 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 408 chandef.width == NL80211_CHAN_WIDTH_80P80) 409 flags |= chandef_downgrade(&chandef); 410 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 411 chandef.width == NL80211_CHAN_WIDTH_160) 412 flags |= chandef_downgrade(&chandef); 413 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 414 chandef.width > NL80211_CHAN_WIDTH_20) 415 flags |= chandef_downgrade(&chandef); 416 417 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 418 return 0; 419 420 sdata_info(sdata, 421 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 422 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 423 chandef.center_freq1, chandef.center_freq2); 424 425 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 426 IEEE80211_STA_DISABLE_VHT | 427 IEEE80211_STA_DISABLE_40MHZ | 428 IEEE80211_STA_DISABLE_80P80MHZ | 429 IEEE80211_STA_DISABLE_160MHZ)) || 430 !cfg80211_chandef_valid(&chandef)) { 431 sdata_info(sdata, 432 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 433 ifmgd->bssid); 434 return -EINVAL; 435 } 436 437 switch (chandef.width) { 438 case NL80211_CHAN_WIDTH_20_NOHT: 439 case NL80211_CHAN_WIDTH_20: 440 new_sta_bw = IEEE80211_STA_RX_BW_20; 441 break; 442 case NL80211_CHAN_WIDTH_40: 443 new_sta_bw = IEEE80211_STA_RX_BW_40; 444 break; 445 case NL80211_CHAN_WIDTH_80: 446 new_sta_bw = IEEE80211_STA_RX_BW_80; 447 break; 448 case NL80211_CHAN_WIDTH_80P80: 449 case NL80211_CHAN_WIDTH_160: 450 new_sta_bw = IEEE80211_STA_RX_BW_160; 451 break; 452 default: 453 return -EINVAL; 454 } 455 456 if (new_sta_bw > sta->cur_max_bandwidth) 457 new_sta_bw = sta->cur_max_bandwidth; 458 459 if (new_sta_bw < sta->sta.bandwidth) { 460 sta->sta.bandwidth = new_sta_bw; 461 rate_control_rate_update(local, sband, sta, 462 IEEE80211_RC_BW_CHANGED); 463 } 464 465 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 466 if (ret) { 467 sdata_info(sdata, 468 "AP %pM changed bandwidth to incompatible one - disconnect\n", 469 ifmgd->bssid); 470 return ret; 471 } 472 473 if (new_sta_bw > sta->sta.bandwidth) { 474 sta->sta.bandwidth = new_sta_bw; 475 rate_control_rate_update(local, sband, sta, 476 IEEE80211_RC_BW_CHANGED); 477 } 478 479 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 480 481 /* if bss configuration changed store the new one */ 482 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 483 *changed |= BSS_CHANGED_HT; 484 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 485 } 486 487 return 0; 488 } 489 490 /* frame sending functions */ 491 492 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 493 struct ieee80211_supported_band *sband, 494 u32 *rates) 495 { 496 int i, j, count; 497 *rates = 0; 498 count = 0; 499 for (i = 0; i < supp_rates_len; i++) { 500 int rate = (supp_rates[i] & 0x7F) * 5; 501 502 for (j = 0; j < sband->n_bitrates; j++) 503 if (sband->bitrates[j].bitrate == rate) { 504 *rates |= BIT(j); 505 count++; 506 break; 507 } 508 } 509 510 return count; 511 } 512 513 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 514 struct sk_buff *skb, u8 ap_ht_param, 515 struct ieee80211_supported_band *sband, 516 struct ieee80211_channel *channel, 517 enum ieee80211_smps_mode smps) 518 { 519 u8 *pos; 520 u32 flags = channel->flags; 521 u16 cap; 522 struct ieee80211_sta_ht_cap ht_cap; 523 524 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 525 526 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 527 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 528 529 /* determine capability flags */ 530 cap = ht_cap.cap; 531 532 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 533 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 534 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 535 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 536 cap &= ~IEEE80211_HT_CAP_SGI_40; 537 } 538 break; 539 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 540 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 541 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 542 cap &= ~IEEE80211_HT_CAP_SGI_40; 543 } 544 break; 545 } 546 547 /* 548 * If 40 MHz was disabled associate as though we weren't 549 * capable of 40 MHz -- some broken APs will never fall 550 * back to trying to transmit in 20 MHz. 551 */ 552 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 553 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 554 cap &= ~IEEE80211_HT_CAP_SGI_40; 555 } 556 557 /* set SM PS mode properly */ 558 cap &= ~IEEE80211_HT_CAP_SM_PS; 559 switch (smps) { 560 case IEEE80211_SMPS_AUTOMATIC: 561 case IEEE80211_SMPS_NUM_MODES: 562 WARN_ON(1); 563 case IEEE80211_SMPS_OFF: 564 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 565 IEEE80211_HT_CAP_SM_PS_SHIFT; 566 break; 567 case IEEE80211_SMPS_STATIC: 568 cap |= WLAN_HT_CAP_SM_PS_STATIC << 569 IEEE80211_HT_CAP_SM_PS_SHIFT; 570 break; 571 case IEEE80211_SMPS_DYNAMIC: 572 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 573 IEEE80211_HT_CAP_SM_PS_SHIFT; 574 break; 575 } 576 577 /* reserve and fill IE */ 578 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 579 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 580 } 581 582 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 583 struct sk_buff *skb, 584 struct ieee80211_supported_band *sband, 585 struct ieee80211_vht_cap *ap_vht_cap) 586 { 587 u8 *pos; 588 u32 cap; 589 struct ieee80211_sta_vht_cap vht_cap; 590 591 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 592 593 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 594 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 595 596 /* determine capability flags */ 597 cap = vht_cap.cap; 598 599 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 600 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; 601 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 602 } 603 604 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 605 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 606 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 607 } 608 609 /* 610 * Some APs apparently get confused if our capabilities are better 611 * than theirs, so restrict what we advertise in the assoc request. 612 */ 613 if (!(ap_vht_cap->vht_cap_info & 614 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 615 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 616 617 /* reserve and fill IE */ 618 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 619 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 620 } 621 622 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 623 { 624 struct ieee80211_local *local = sdata->local; 625 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 626 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 627 struct sk_buff *skb; 628 struct ieee80211_mgmt *mgmt; 629 u8 *pos, qos_info; 630 size_t offset = 0, noffset; 631 int i, count, rates_len, supp_rates_len; 632 u16 capab; 633 struct ieee80211_supported_band *sband; 634 struct ieee80211_chanctx_conf *chanctx_conf; 635 struct ieee80211_channel *chan; 636 u32 rates = 0; 637 638 sdata_assert_lock(sdata); 639 640 rcu_read_lock(); 641 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 642 if (WARN_ON(!chanctx_conf)) { 643 rcu_read_unlock(); 644 return; 645 } 646 chan = chanctx_conf->def.chan; 647 rcu_read_unlock(); 648 sband = local->hw.wiphy->bands[chan->band]; 649 650 if (assoc_data->supp_rates_len) { 651 /* 652 * Get all rates supported by the device and the AP as 653 * some APs don't like getting a superset of their rates 654 * in the association request (e.g. D-Link DAP 1353 in 655 * b-only mode)... 656 */ 657 rates_len = ieee80211_compatible_rates(assoc_data->supp_rates, 658 assoc_data->supp_rates_len, 659 sband, &rates); 660 } else { 661 /* 662 * In case AP not provide any supported rates information 663 * before association, we send information element(s) with 664 * all rates that we support. 665 */ 666 rates = ~0; 667 rates_len = sband->n_bitrates; 668 } 669 670 skb = alloc_skb(local->hw.extra_tx_headroom + 671 sizeof(*mgmt) + /* bit too much but doesn't matter */ 672 2 + assoc_data->ssid_len + /* SSID */ 673 4 + rates_len + /* (extended) rates */ 674 4 + /* power capability */ 675 2 + 2 * sband->n_channels + /* supported channels */ 676 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 677 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 678 assoc_data->ie_len + /* extra IEs */ 679 9, /* WMM */ 680 GFP_KERNEL); 681 if (!skb) 682 return; 683 684 skb_reserve(skb, local->hw.extra_tx_headroom); 685 686 capab = WLAN_CAPABILITY_ESS; 687 688 if (sband->band == IEEE80211_BAND_2GHZ) { 689 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 690 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 691 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 692 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 693 } 694 695 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 696 capab |= WLAN_CAPABILITY_PRIVACY; 697 698 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 699 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 700 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 701 702 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 703 memset(mgmt, 0, 24); 704 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 705 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 706 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 707 708 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 709 skb_put(skb, 10); 710 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 711 IEEE80211_STYPE_REASSOC_REQ); 712 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 713 mgmt->u.reassoc_req.listen_interval = 714 cpu_to_le16(local->hw.conf.listen_interval); 715 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 716 ETH_ALEN); 717 } else { 718 skb_put(skb, 4); 719 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 720 IEEE80211_STYPE_ASSOC_REQ); 721 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 722 mgmt->u.assoc_req.listen_interval = 723 cpu_to_le16(local->hw.conf.listen_interval); 724 } 725 726 /* SSID */ 727 pos = skb_put(skb, 2 + assoc_data->ssid_len); 728 *pos++ = WLAN_EID_SSID; 729 *pos++ = assoc_data->ssid_len; 730 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 731 732 /* add all rates which were marked to be used above */ 733 supp_rates_len = rates_len; 734 if (supp_rates_len > 8) 735 supp_rates_len = 8; 736 737 pos = skb_put(skb, supp_rates_len + 2); 738 *pos++ = WLAN_EID_SUPP_RATES; 739 *pos++ = supp_rates_len; 740 741 count = 0; 742 for (i = 0; i < sband->n_bitrates; i++) { 743 if (BIT(i) & rates) { 744 int rate = sband->bitrates[i].bitrate; 745 *pos++ = (u8) (rate / 5); 746 if (++count == 8) 747 break; 748 } 749 } 750 751 if (rates_len > count) { 752 pos = skb_put(skb, rates_len - count + 2); 753 *pos++ = WLAN_EID_EXT_SUPP_RATES; 754 *pos++ = rates_len - count; 755 756 for (i++; i < sband->n_bitrates; i++) { 757 if (BIT(i) & rates) { 758 int rate = sband->bitrates[i].bitrate; 759 *pos++ = (u8) (rate / 5); 760 } 761 } 762 } 763 764 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 765 /* 1. power capabilities */ 766 pos = skb_put(skb, 4); 767 *pos++ = WLAN_EID_PWR_CAPABILITY; 768 *pos++ = 2; 769 *pos++ = 0; /* min tx power */ 770 *pos++ = chan->max_power; /* max tx power */ 771 772 /* 2. supported channels */ 773 /* TODO: get this in reg domain format */ 774 pos = skb_put(skb, 2 * sband->n_channels + 2); 775 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 776 *pos++ = 2 * sband->n_channels; 777 for (i = 0; i < sband->n_channels; i++) { 778 *pos++ = ieee80211_frequency_to_channel( 779 sband->channels[i].center_freq); 780 *pos++ = 1; /* one channel in the subband*/ 781 } 782 } 783 784 /* if present, add any custom IEs that go before HT */ 785 if (assoc_data->ie_len && assoc_data->ie) { 786 static const u8 before_ht[] = { 787 WLAN_EID_SSID, 788 WLAN_EID_SUPP_RATES, 789 WLAN_EID_EXT_SUPP_RATES, 790 WLAN_EID_PWR_CAPABILITY, 791 WLAN_EID_SUPPORTED_CHANNELS, 792 WLAN_EID_RSN, 793 WLAN_EID_QOS_CAPA, 794 WLAN_EID_RRM_ENABLED_CAPABILITIES, 795 WLAN_EID_MOBILITY_DOMAIN, 796 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 797 }; 798 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 799 before_ht, ARRAY_SIZE(before_ht), 800 offset); 801 pos = skb_put(skb, noffset - offset); 802 memcpy(pos, assoc_data->ie + offset, noffset - offset); 803 offset = noffset; 804 } 805 806 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 807 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 808 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 809 810 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 811 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 812 sband, chan, sdata->smps_mode); 813 814 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 815 ieee80211_add_vht_ie(sdata, skb, sband, 816 &assoc_data->ap_vht_cap); 817 818 /* if present, add any custom non-vendor IEs that go after HT */ 819 if (assoc_data->ie_len && assoc_data->ie) { 820 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 821 assoc_data->ie_len, 822 offset); 823 pos = skb_put(skb, noffset - offset); 824 memcpy(pos, assoc_data->ie + offset, noffset - offset); 825 offset = noffset; 826 } 827 828 if (assoc_data->wmm) { 829 if (assoc_data->uapsd) { 830 qos_info = ifmgd->uapsd_queues; 831 qos_info |= (ifmgd->uapsd_max_sp_len << 832 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 833 } else { 834 qos_info = 0; 835 } 836 837 pos = skb_put(skb, 9); 838 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 839 *pos++ = 7; /* len */ 840 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 841 *pos++ = 0x50; 842 *pos++ = 0xf2; 843 *pos++ = 2; /* WME */ 844 *pos++ = 0; /* WME info */ 845 *pos++ = 1; /* WME ver */ 846 *pos++ = qos_info; 847 } 848 849 /* add any remaining custom (i.e. vendor specific here) IEs */ 850 if (assoc_data->ie_len && assoc_data->ie) { 851 noffset = assoc_data->ie_len; 852 pos = skb_put(skb, noffset - offset); 853 memcpy(pos, assoc_data->ie + offset, noffset - offset); 854 } 855 856 drv_mgd_prepare_tx(local, sdata); 857 858 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 859 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 860 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 861 IEEE80211_TX_INTFL_MLME_CONN_TX; 862 ieee80211_tx_skb(sdata, skb); 863 } 864 865 void ieee80211_send_pspoll(struct ieee80211_local *local, 866 struct ieee80211_sub_if_data *sdata) 867 { 868 struct ieee80211_pspoll *pspoll; 869 struct sk_buff *skb; 870 871 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 872 if (!skb) 873 return; 874 875 pspoll = (struct ieee80211_pspoll *) skb->data; 876 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 877 878 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 879 ieee80211_tx_skb(sdata, skb); 880 } 881 882 void ieee80211_send_nullfunc(struct ieee80211_local *local, 883 struct ieee80211_sub_if_data *sdata, 884 int powersave) 885 { 886 struct sk_buff *skb; 887 struct ieee80211_hdr_3addr *nullfunc; 888 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 889 890 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 891 if (!skb) 892 return; 893 894 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 895 if (powersave) 896 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 897 898 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 899 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 900 901 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 902 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 903 904 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 905 IEEE80211_STA_CONNECTION_POLL)) 906 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 907 908 ieee80211_tx_skb(sdata, skb); 909 } 910 911 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 912 struct ieee80211_sub_if_data *sdata) 913 { 914 struct sk_buff *skb; 915 struct ieee80211_hdr *nullfunc; 916 __le16 fc; 917 918 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 919 return; 920 921 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 922 if (!skb) 923 return; 924 925 skb_reserve(skb, local->hw.extra_tx_headroom); 926 927 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 928 memset(nullfunc, 0, 30); 929 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 930 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 931 nullfunc->frame_control = fc; 932 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 933 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 934 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 935 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 936 937 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 938 ieee80211_tx_skb(sdata, skb); 939 } 940 941 /* spectrum management related things */ 942 static void ieee80211_chswitch_work(struct work_struct *work) 943 { 944 struct ieee80211_sub_if_data *sdata = 945 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 946 struct ieee80211_local *local = sdata->local; 947 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 948 949 if (!ieee80211_sdata_running(sdata)) 950 return; 951 952 sdata_lock(sdata); 953 if (!ifmgd->associated) 954 goto out; 955 956 local->_oper_chandef = local->csa_chandef; 957 958 if (!local->ops->channel_switch) { 959 /* call "hw_config" only if doing sw channel switch */ 960 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 961 } else { 962 /* update the device channel directly */ 963 local->hw.conf.chandef = local->_oper_chandef; 964 } 965 966 /* XXX: shouldn't really modify cfg80211-owned data! */ 967 ifmgd->associated->channel = local->_oper_chandef.chan; 968 969 /* XXX: wait for a beacon first? */ 970 ieee80211_wake_queues_by_reason(&local->hw, 971 IEEE80211_MAX_QUEUE_MAP, 972 IEEE80211_QUEUE_STOP_REASON_CSA); 973 out: 974 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 975 sdata_unlock(sdata); 976 } 977 978 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 979 { 980 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 981 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 982 983 trace_api_chswitch_done(sdata, success); 984 if (!success) { 985 sdata_info(sdata, 986 "driver channel switch failed, disconnecting\n"); 987 ieee80211_queue_work(&sdata->local->hw, 988 &ifmgd->csa_connection_drop_work); 989 } else { 990 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 991 } 992 } 993 EXPORT_SYMBOL(ieee80211_chswitch_done); 994 995 static void ieee80211_chswitch_timer(unsigned long data) 996 { 997 struct ieee80211_sub_if_data *sdata = 998 (struct ieee80211_sub_if_data *) data; 999 1000 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 1001 } 1002 1003 static void 1004 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1005 u64 timestamp, struct ieee802_11_elems *elems, 1006 bool beacon) 1007 { 1008 struct ieee80211_local *local = sdata->local; 1009 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1010 struct cfg80211_bss *cbss = ifmgd->associated; 1011 struct ieee80211_bss *bss; 1012 struct ieee80211_chanctx *chanctx; 1013 enum ieee80211_band new_band; 1014 int new_freq; 1015 u8 new_chan_no; 1016 u8 count; 1017 u8 mode; 1018 struct ieee80211_channel *new_chan; 1019 struct cfg80211_chan_def new_chandef = {}; 1020 struct cfg80211_chan_def new_vht_chandef = {}; 1021 const struct ieee80211_sec_chan_offs_ie *sec_chan_offs; 1022 const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie; 1023 const struct ieee80211_ht_operation *ht_oper; 1024 int secondary_channel_offset = -1; 1025 1026 sdata_assert_lock(sdata); 1027 1028 if (!cbss) 1029 return; 1030 1031 if (local->scanning) 1032 return; 1033 1034 /* disregard subsequent announcements if we are already processing */ 1035 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 1036 return; 1037 1038 sec_chan_offs = elems->sec_chan_offs; 1039 wide_bw_chansw_ie = elems->wide_bw_chansw_ie; 1040 ht_oper = elems->ht_operation; 1041 1042 if (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 1043 IEEE80211_STA_DISABLE_40MHZ)) { 1044 sec_chan_offs = NULL; 1045 wide_bw_chansw_ie = NULL; 1046 /* only used for bandwidth here */ 1047 ht_oper = NULL; 1048 } 1049 1050 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 1051 wide_bw_chansw_ie = NULL; 1052 1053 if (elems->ext_chansw_ie) { 1054 if (!ieee80211_operating_class_to_band( 1055 elems->ext_chansw_ie->new_operating_class, 1056 &new_band)) { 1057 sdata_info(sdata, 1058 "cannot understand ECSA IE operating class %d, disconnecting\n", 1059 elems->ext_chansw_ie->new_operating_class); 1060 ieee80211_queue_work(&local->hw, 1061 &ifmgd->csa_connection_drop_work); 1062 } 1063 new_chan_no = elems->ext_chansw_ie->new_ch_num; 1064 count = elems->ext_chansw_ie->count; 1065 mode = elems->ext_chansw_ie->mode; 1066 } else if (elems->ch_switch_ie) { 1067 new_band = cbss->channel->band; 1068 new_chan_no = elems->ch_switch_ie->new_ch_num; 1069 count = elems->ch_switch_ie->count; 1070 mode = elems->ch_switch_ie->mode; 1071 } else { 1072 /* nothing here we understand */ 1073 return; 1074 } 1075 1076 bss = (void *)cbss->priv; 1077 1078 new_freq = ieee80211_channel_to_frequency(new_chan_no, new_band); 1079 new_chan = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 1080 if (!new_chan || new_chan->flags & IEEE80211_CHAN_DISABLED) { 1081 sdata_info(sdata, 1082 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n", 1083 ifmgd->associated->bssid, new_freq); 1084 ieee80211_queue_work(&local->hw, 1085 &ifmgd->csa_connection_drop_work); 1086 return; 1087 } 1088 1089 if (!beacon && sec_chan_offs) { 1090 secondary_channel_offset = sec_chan_offs->sec_chan_offs; 1091 } else if (beacon && ht_oper) { 1092 secondary_channel_offset = 1093 ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET; 1094 } else if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 1095 /* 1096 * If it's not a beacon, HT is enabled and the IE not present, 1097 * it's 20 MHz, 802.11-2012 8.5.2.6: 1098 * This element [the Secondary Channel Offset Element] is 1099 * present when switching to a 40 MHz channel. It may be 1100 * present when switching to a 20 MHz channel (in which 1101 * case the secondary channel offset is set to SCN). 1102 */ 1103 secondary_channel_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE; 1104 } 1105 1106 switch (secondary_channel_offset) { 1107 default: 1108 /* secondary_channel_offset was present but is invalid */ 1109 case IEEE80211_HT_PARAM_CHA_SEC_NONE: 1110 cfg80211_chandef_create(&new_chandef, new_chan, 1111 NL80211_CHAN_HT20); 1112 break; 1113 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 1114 cfg80211_chandef_create(&new_chandef, new_chan, 1115 NL80211_CHAN_HT40PLUS); 1116 break; 1117 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 1118 cfg80211_chandef_create(&new_chandef, new_chan, 1119 NL80211_CHAN_HT40MINUS); 1120 break; 1121 case -1: 1122 cfg80211_chandef_create(&new_chandef, new_chan, 1123 NL80211_CHAN_NO_HT); 1124 break; 1125 } 1126 1127 if (wide_bw_chansw_ie) { 1128 new_vht_chandef.chan = new_chan; 1129 new_vht_chandef.center_freq1 = 1130 ieee80211_channel_to_frequency( 1131 wide_bw_chansw_ie->new_center_freq_seg0, 1132 new_band); 1133 1134 switch (wide_bw_chansw_ie->new_channel_width) { 1135 default: 1136 /* hmmm, ignore VHT and use HT if present */ 1137 case IEEE80211_VHT_CHANWIDTH_USE_HT: 1138 new_vht_chandef.chan = NULL; 1139 break; 1140 case IEEE80211_VHT_CHANWIDTH_80MHZ: 1141 new_vht_chandef.width = NL80211_CHAN_WIDTH_80; 1142 break; 1143 case IEEE80211_VHT_CHANWIDTH_160MHZ: 1144 new_vht_chandef.width = NL80211_CHAN_WIDTH_160; 1145 break; 1146 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 1147 /* field is otherwise reserved */ 1148 new_vht_chandef.center_freq2 = 1149 ieee80211_channel_to_frequency( 1150 wide_bw_chansw_ie->new_center_freq_seg1, 1151 new_band); 1152 new_vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 1153 break; 1154 } 1155 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 1156 new_vht_chandef.width == NL80211_CHAN_WIDTH_80P80) 1157 chandef_downgrade(&new_vht_chandef); 1158 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 1159 new_vht_chandef.width == NL80211_CHAN_WIDTH_160) 1160 chandef_downgrade(&new_vht_chandef); 1161 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 1162 new_vht_chandef.width > NL80211_CHAN_WIDTH_20) 1163 chandef_downgrade(&new_vht_chandef); 1164 } 1165 1166 /* if VHT data is there validate & use it */ 1167 if (new_vht_chandef.chan) { 1168 if (!cfg80211_chandef_compatible(&new_vht_chandef, 1169 &new_chandef)) { 1170 sdata_info(sdata, 1171 "AP %pM CSA has inconsistent channel data, disconnecting\n", 1172 ifmgd->associated->bssid); 1173 ieee80211_queue_work(&local->hw, 1174 &ifmgd->csa_connection_drop_work); 1175 return; 1176 } 1177 new_chandef = new_vht_chandef; 1178 } 1179 1180 if (!cfg80211_chandef_usable(local->hw.wiphy, &new_chandef, 1181 IEEE80211_CHAN_DISABLED)) { 1182 sdata_info(sdata, 1183 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 1184 ifmgd->associated->bssid, new_freq, 1185 new_chandef.width, new_chandef.center_freq1, 1186 new_chandef.center_freq2); 1187 ieee80211_queue_work(&local->hw, 1188 &ifmgd->csa_connection_drop_work); 1189 return; 1190 } 1191 1192 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 1193 1194 if (local->use_chanctx) { 1195 sdata_info(sdata, 1196 "not handling channel switch with channel contexts\n"); 1197 ieee80211_queue_work(&local->hw, 1198 &ifmgd->csa_connection_drop_work); 1199 return; 1200 } 1201 1202 mutex_lock(&local->chanctx_mtx); 1203 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { 1204 mutex_unlock(&local->chanctx_mtx); 1205 return; 1206 } 1207 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), 1208 struct ieee80211_chanctx, conf); 1209 if (chanctx->refcount > 1) { 1210 sdata_info(sdata, 1211 "channel switch with multiple interfaces on the same channel, disconnecting\n"); 1212 ieee80211_queue_work(&local->hw, 1213 &ifmgd->csa_connection_drop_work); 1214 mutex_unlock(&local->chanctx_mtx); 1215 return; 1216 } 1217 mutex_unlock(&local->chanctx_mtx); 1218 1219 local->csa_chandef = new_chandef; 1220 1221 if (mode) 1222 ieee80211_stop_queues_by_reason(&local->hw, 1223 IEEE80211_MAX_QUEUE_MAP, 1224 IEEE80211_QUEUE_STOP_REASON_CSA); 1225 1226 if (local->ops->channel_switch) { 1227 /* use driver's channel switch callback */ 1228 struct ieee80211_channel_switch ch_switch = { 1229 .timestamp = timestamp, 1230 .block_tx = mode, 1231 .chandef = new_chandef, 1232 .count = count, 1233 }; 1234 1235 drv_channel_switch(local, &ch_switch); 1236 return; 1237 } 1238 1239 /* channel switch handled in software */ 1240 if (count <= 1) 1241 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1242 else 1243 mod_timer(&ifmgd->chswitch_timer, 1244 TU_TO_EXP_TIME(count * cbss->beacon_interval)); 1245 } 1246 1247 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1248 struct ieee80211_channel *channel, 1249 const u8 *country_ie, u8 country_ie_len, 1250 const u8 *pwr_constr_elem) 1251 { 1252 struct ieee80211_country_ie_triplet *triplet; 1253 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1254 int i, chan_pwr, chan_increment, new_ap_level; 1255 bool have_chan_pwr = false; 1256 1257 /* Invalid IE */ 1258 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1259 return 0; 1260 1261 triplet = (void *)(country_ie + 3); 1262 country_ie_len -= 3; 1263 1264 switch (channel->band) { 1265 default: 1266 WARN_ON_ONCE(1); 1267 /* fall through */ 1268 case IEEE80211_BAND_2GHZ: 1269 case IEEE80211_BAND_60GHZ: 1270 chan_increment = 1; 1271 break; 1272 case IEEE80211_BAND_5GHZ: 1273 chan_increment = 4; 1274 break; 1275 } 1276 1277 /* find channel */ 1278 while (country_ie_len >= 3) { 1279 u8 first_channel = triplet->chans.first_channel; 1280 1281 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1282 goto next; 1283 1284 for (i = 0; i < triplet->chans.num_channels; i++) { 1285 if (first_channel + i * chan_increment == chan) { 1286 have_chan_pwr = true; 1287 chan_pwr = triplet->chans.max_power; 1288 break; 1289 } 1290 } 1291 if (have_chan_pwr) 1292 break; 1293 1294 next: 1295 triplet++; 1296 country_ie_len -= 3; 1297 } 1298 1299 if (!have_chan_pwr) 1300 return 0; 1301 1302 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem); 1303 1304 if (sdata->ap_power_level == new_ap_level) 1305 return 0; 1306 1307 sdata_info(sdata, 1308 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1309 new_ap_level, chan_pwr, *pwr_constr_elem, 1310 sdata->u.mgd.bssid); 1311 sdata->ap_power_level = new_ap_level; 1312 if (__ieee80211_recalc_txpower(sdata)) 1313 return BSS_CHANGED_TXPOWER; 1314 return 0; 1315 } 1316 1317 /* powersave */ 1318 static void ieee80211_enable_ps(struct ieee80211_local *local, 1319 struct ieee80211_sub_if_data *sdata) 1320 { 1321 struct ieee80211_conf *conf = &local->hw.conf; 1322 1323 /* 1324 * If we are scanning right now then the parameters will 1325 * take effect when scan finishes. 1326 */ 1327 if (local->scanning) 1328 return; 1329 1330 if (conf->dynamic_ps_timeout > 0 && 1331 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1332 mod_timer(&local->dynamic_ps_timer, jiffies + 1333 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1334 } else { 1335 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1336 ieee80211_send_nullfunc(local, sdata, 1); 1337 1338 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1339 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1340 return; 1341 1342 conf->flags |= IEEE80211_CONF_PS; 1343 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1344 } 1345 } 1346 1347 static void ieee80211_change_ps(struct ieee80211_local *local) 1348 { 1349 struct ieee80211_conf *conf = &local->hw.conf; 1350 1351 if (local->ps_sdata) { 1352 ieee80211_enable_ps(local, local->ps_sdata); 1353 } else if (conf->flags & IEEE80211_CONF_PS) { 1354 conf->flags &= ~IEEE80211_CONF_PS; 1355 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1356 del_timer_sync(&local->dynamic_ps_timer); 1357 cancel_work_sync(&local->dynamic_ps_enable_work); 1358 } 1359 } 1360 1361 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1362 { 1363 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1364 struct sta_info *sta = NULL; 1365 bool authorized = false; 1366 1367 if (!mgd->powersave) 1368 return false; 1369 1370 if (mgd->broken_ap) 1371 return false; 1372 1373 if (!mgd->associated) 1374 return false; 1375 1376 if (mgd->flags & (IEEE80211_STA_BEACON_POLL | 1377 IEEE80211_STA_CONNECTION_POLL)) 1378 return false; 1379 1380 if (!mgd->have_beacon) 1381 return false; 1382 1383 rcu_read_lock(); 1384 sta = sta_info_get(sdata, mgd->bssid); 1385 if (sta) 1386 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1387 rcu_read_unlock(); 1388 1389 return authorized; 1390 } 1391 1392 /* need to hold RTNL or interface lock */ 1393 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1394 { 1395 struct ieee80211_sub_if_data *sdata, *found = NULL; 1396 int count = 0; 1397 int timeout; 1398 1399 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1400 local->ps_sdata = NULL; 1401 return; 1402 } 1403 1404 list_for_each_entry(sdata, &local->interfaces, list) { 1405 if (!ieee80211_sdata_running(sdata)) 1406 continue; 1407 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1408 /* If an AP vif is found, then disable PS 1409 * by setting the count to zero thereby setting 1410 * ps_sdata to NULL. 1411 */ 1412 count = 0; 1413 break; 1414 } 1415 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1416 continue; 1417 found = sdata; 1418 count++; 1419 } 1420 1421 if (count == 1 && ieee80211_powersave_allowed(found)) { 1422 s32 beaconint_us; 1423 1424 if (latency < 0) 1425 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1426 1427 beaconint_us = ieee80211_tu_to_usec( 1428 found->vif.bss_conf.beacon_int); 1429 1430 timeout = local->dynamic_ps_forced_timeout; 1431 if (timeout < 0) { 1432 /* 1433 * Go to full PSM if the user configures a very low 1434 * latency requirement. 1435 * The 2000 second value is there for compatibility 1436 * until the PM_QOS_NETWORK_LATENCY is configured 1437 * with real values. 1438 */ 1439 if (latency > (1900 * USEC_PER_MSEC) && 1440 latency != (2000 * USEC_PER_SEC)) 1441 timeout = 0; 1442 else 1443 timeout = 100; 1444 } 1445 local->hw.conf.dynamic_ps_timeout = timeout; 1446 1447 if (beaconint_us > latency) { 1448 local->ps_sdata = NULL; 1449 } else { 1450 int maxslp = 1; 1451 u8 dtimper = found->u.mgd.dtim_period; 1452 1453 /* If the TIM IE is invalid, pretend the value is 1 */ 1454 if (!dtimper) 1455 dtimper = 1; 1456 else if (dtimper > 1) 1457 maxslp = min_t(int, dtimper, 1458 latency / beaconint_us); 1459 1460 local->hw.conf.max_sleep_period = maxslp; 1461 local->hw.conf.ps_dtim_period = dtimper; 1462 local->ps_sdata = found; 1463 } 1464 } else { 1465 local->ps_sdata = NULL; 1466 } 1467 1468 ieee80211_change_ps(local); 1469 } 1470 1471 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1472 { 1473 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1474 1475 if (sdata->vif.bss_conf.ps != ps_allowed) { 1476 sdata->vif.bss_conf.ps = ps_allowed; 1477 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1478 } 1479 } 1480 1481 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1482 { 1483 struct ieee80211_local *local = 1484 container_of(work, struct ieee80211_local, 1485 dynamic_ps_disable_work); 1486 1487 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1488 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1489 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1490 } 1491 1492 ieee80211_wake_queues_by_reason(&local->hw, 1493 IEEE80211_MAX_QUEUE_MAP, 1494 IEEE80211_QUEUE_STOP_REASON_PS); 1495 } 1496 1497 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1498 { 1499 struct ieee80211_local *local = 1500 container_of(work, struct ieee80211_local, 1501 dynamic_ps_enable_work); 1502 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1503 struct ieee80211_if_managed *ifmgd; 1504 unsigned long flags; 1505 int q; 1506 1507 /* can only happen when PS was just disabled anyway */ 1508 if (!sdata) 1509 return; 1510 1511 ifmgd = &sdata->u.mgd; 1512 1513 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1514 return; 1515 1516 if (local->hw.conf.dynamic_ps_timeout > 0) { 1517 /* don't enter PS if TX frames are pending */ 1518 if (drv_tx_frames_pending(local)) { 1519 mod_timer(&local->dynamic_ps_timer, jiffies + 1520 msecs_to_jiffies( 1521 local->hw.conf.dynamic_ps_timeout)); 1522 return; 1523 } 1524 1525 /* 1526 * transmission can be stopped by others which leads to 1527 * dynamic_ps_timer expiry. Postpone the ps timer if it 1528 * is not the actual idle state. 1529 */ 1530 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1531 for (q = 0; q < local->hw.queues; q++) { 1532 if (local->queue_stop_reasons[q]) { 1533 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1534 flags); 1535 mod_timer(&local->dynamic_ps_timer, jiffies + 1536 msecs_to_jiffies( 1537 local->hw.conf.dynamic_ps_timeout)); 1538 return; 1539 } 1540 } 1541 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1542 } 1543 1544 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1545 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1546 if (drv_tx_frames_pending(local)) { 1547 mod_timer(&local->dynamic_ps_timer, jiffies + 1548 msecs_to_jiffies( 1549 local->hw.conf.dynamic_ps_timeout)); 1550 } else { 1551 ieee80211_send_nullfunc(local, sdata, 1); 1552 /* Flush to get the tx status of nullfunc frame */ 1553 ieee80211_flush_queues(local, sdata); 1554 } 1555 } 1556 1557 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1558 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1559 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1560 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1561 local->hw.conf.flags |= IEEE80211_CONF_PS; 1562 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1563 } 1564 } 1565 1566 void ieee80211_dynamic_ps_timer(unsigned long data) 1567 { 1568 struct ieee80211_local *local = (void *) data; 1569 1570 if (local->quiescing || local->suspended) 1571 return; 1572 1573 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1574 } 1575 1576 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1577 { 1578 struct delayed_work *delayed_work = 1579 container_of(work, struct delayed_work, work); 1580 struct ieee80211_sub_if_data *sdata = 1581 container_of(delayed_work, struct ieee80211_sub_if_data, 1582 dfs_cac_timer_work); 1583 1584 ieee80211_vif_release_channel(sdata); 1585 1586 cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL); 1587 } 1588 1589 /* MLME */ 1590 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1591 struct ieee80211_sub_if_data *sdata, 1592 const u8 *wmm_param, size_t wmm_param_len) 1593 { 1594 struct ieee80211_tx_queue_params params; 1595 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1596 size_t left; 1597 int count; 1598 const u8 *pos; 1599 u8 uapsd_queues = 0; 1600 1601 if (!local->ops->conf_tx) 1602 return false; 1603 1604 if (local->hw.queues < IEEE80211_NUM_ACS) 1605 return false; 1606 1607 if (!wmm_param) 1608 return false; 1609 1610 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1611 return false; 1612 1613 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1614 uapsd_queues = ifmgd->uapsd_queues; 1615 1616 count = wmm_param[6] & 0x0f; 1617 if (count == ifmgd->wmm_last_param_set) 1618 return false; 1619 ifmgd->wmm_last_param_set = count; 1620 1621 pos = wmm_param + 8; 1622 left = wmm_param_len - 8; 1623 1624 memset(¶ms, 0, sizeof(params)); 1625 1626 sdata->wmm_acm = 0; 1627 for (; left >= 4; left -= 4, pos += 4) { 1628 int aci = (pos[0] >> 5) & 0x03; 1629 int acm = (pos[0] >> 4) & 0x01; 1630 bool uapsd = false; 1631 int queue; 1632 1633 switch (aci) { 1634 case 1: /* AC_BK */ 1635 queue = 3; 1636 if (acm) 1637 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1638 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1639 uapsd = true; 1640 break; 1641 case 2: /* AC_VI */ 1642 queue = 1; 1643 if (acm) 1644 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1645 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1646 uapsd = true; 1647 break; 1648 case 3: /* AC_VO */ 1649 queue = 0; 1650 if (acm) 1651 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1652 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1653 uapsd = true; 1654 break; 1655 case 0: /* AC_BE */ 1656 default: 1657 queue = 2; 1658 if (acm) 1659 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1660 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1661 uapsd = true; 1662 break; 1663 } 1664 1665 params.aifs = pos[0] & 0x0f; 1666 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1667 params.cw_min = ecw2cw(pos[1] & 0x0f); 1668 params.txop = get_unaligned_le16(pos + 2); 1669 params.acm = acm; 1670 params.uapsd = uapsd; 1671 1672 mlme_dbg(sdata, 1673 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 1674 queue, aci, acm, 1675 params.aifs, params.cw_min, params.cw_max, 1676 params.txop, params.uapsd); 1677 sdata->tx_conf[queue] = params; 1678 if (drv_conf_tx(local, sdata, queue, ¶ms)) 1679 sdata_err(sdata, 1680 "failed to set TX queue parameters for queue %d\n", 1681 queue); 1682 } 1683 1684 /* enable WMM or activate new settings */ 1685 sdata->vif.bss_conf.qos = true; 1686 return true; 1687 } 1688 1689 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1690 { 1691 lockdep_assert_held(&sdata->local->mtx); 1692 1693 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1694 IEEE80211_STA_BEACON_POLL); 1695 ieee80211_run_deferred_scan(sdata->local); 1696 } 1697 1698 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1699 { 1700 mutex_lock(&sdata->local->mtx); 1701 __ieee80211_stop_poll(sdata); 1702 mutex_unlock(&sdata->local->mtx); 1703 } 1704 1705 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1706 u16 capab, bool erp_valid, u8 erp) 1707 { 1708 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1709 u32 changed = 0; 1710 bool use_protection; 1711 bool use_short_preamble; 1712 bool use_short_slot; 1713 1714 if (erp_valid) { 1715 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1716 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1717 } else { 1718 use_protection = false; 1719 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1720 } 1721 1722 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1723 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1724 use_short_slot = true; 1725 1726 if (use_protection != bss_conf->use_cts_prot) { 1727 bss_conf->use_cts_prot = use_protection; 1728 changed |= BSS_CHANGED_ERP_CTS_PROT; 1729 } 1730 1731 if (use_short_preamble != bss_conf->use_short_preamble) { 1732 bss_conf->use_short_preamble = use_short_preamble; 1733 changed |= BSS_CHANGED_ERP_PREAMBLE; 1734 } 1735 1736 if (use_short_slot != bss_conf->use_short_slot) { 1737 bss_conf->use_short_slot = use_short_slot; 1738 changed |= BSS_CHANGED_ERP_SLOT; 1739 } 1740 1741 return changed; 1742 } 1743 1744 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1745 struct cfg80211_bss *cbss, 1746 u32 bss_info_changed) 1747 { 1748 struct ieee80211_bss *bss = (void *)cbss->priv; 1749 struct ieee80211_local *local = sdata->local; 1750 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1751 1752 bss_info_changed |= BSS_CHANGED_ASSOC; 1753 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1754 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1755 1756 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1757 beacon_loss_count * bss_conf->beacon_int)); 1758 1759 sdata->u.mgd.associated = cbss; 1760 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1761 1762 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1763 1764 if (sdata->vif.p2p) { 1765 const struct cfg80211_bss_ies *ies; 1766 1767 rcu_read_lock(); 1768 ies = rcu_dereference(cbss->ies); 1769 if (ies) { 1770 int ret; 1771 1772 ret = cfg80211_get_p2p_attr( 1773 ies->data, ies->len, 1774 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1775 (u8 *) &bss_conf->p2p_noa_attr, 1776 sizeof(bss_conf->p2p_noa_attr)); 1777 if (ret >= 2) { 1778 sdata->u.mgd.p2p_noa_index = 1779 bss_conf->p2p_noa_attr.index; 1780 bss_info_changed |= BSS_CHANGED_P2P_PS; 1781 } 1782 } 1783 rcu_read_unlock(); 1784 } 1785 1786 /* just to be sure */ 1787 ieee80211_stop_poll(sdata); 1788 1789 ieee80211_led_assoc(local, 1); 1790 1791 if (sdata->u.mgd.have_beacon) { 1792 /* 1793 * If the AP is buggy we may get here with no DTIM period 1794 * known, so assume it's 1 which is the only safe assumption 1795 * in that case, although if the TIM IE is broken powersave 1796 * probably just won't work at all. 1797 */ 1798 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1799 bss_conf->beacon_rate = bss->beacon_rate; 1800 bss_info_changed |= BSS_CHANGED_BEACON_INFO; 1801 } else { 1802 bss_conf->beacon_rate = NULL; 1803 bss_conf->dtim_period = 0; 1804 } 1805 1806 bss_conf->assoc = 1; 1807 1808 /* Tell the driver to monitor connection quality (if supported) */ 1809 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1810 bss_conf->cqm_rssi_thold) 1811 bss_info_changed |= BSS_CHANGED_CQM; 1812 1813 /* Enable ARP filtering */ 1814 if (bss_conf->arp_addr_cnt) 1815 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1816 1817 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1818 1819 mutex_lock(&local->iflist_mtx); 1820 ieee80211_recalc_ps(local, -1); 1821 mutex_unlock(&local->iflist_mtx); 1822 1823 ieee80211_recalc_smps(sdata); 1824 ieee80211_recalc_ps_vif(sdata); 1825 1826 netif_carrier_on(sdata->dev); 1827 } 1828 1829 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1830 u16 stype, u16 reason, bool tx, 1831 u8 *frame_buf) 1832 { 1833 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1834 struct ieee80211_local *local = sdata->local; 1835 u32 changed = 0; 1836 1837 sdata_assert_lock(sdata); 1838 1839 if (WARN_ON_ONCE(tx && !frame_buf)) 1840 return; 1841 1842 if (WARN_ON(!ifmgd->associated)) 1843 return; 1844 1845 ieee80211_stop_poll(sdata); 1846 1847 ifmgd->associated = NULL; 1848 netif_carrier_off(sdata->dev); 1849 1850 /* 1851 * if we want to get out of ps before disassoc (why?) we have 1852 * to do it before sending disassoc, as otherwise the null-packet 1853 * won't be valid. 1854 */ 1855 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1856 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1857 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1858 } 1859 local->ps_sdata = NULL; 1860 1861 /* disable per-vif ps */ 1862 ieee80211_recalc_ps_vif(sdata); 1863 1864 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1865 if (tx) 1866 ieee80211_flush_queues(local, sdata); 1867 1868 /* deauthenticate/disassociate now */ 1869 if (tx || frame_buf) 1870 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1871 reason, tx, frame_buf); 1872 1873 /* flush out frame */ 1874 if (tx) 1875 ieee80211_flush_queues(local, sdata); 1876 1877 /* clear bssid only after building the needed mgmt frames */ 1878 memset(ifmgd->bssid, 0, ETH_ALEN); 1879 1880 /* remove AP and TDLS peers */ 1881 sta_info_flush_defer(sdata); 1882 1883 /* finally reset all BSS / config parameters */ 1884 changed |= ieee80211_reset_erp_info(sdata); 1885 1886 ieee80211_led_assoc(local, 0); 1887 changed |= BSS_CHANGED_ASSOC; 1888 sdata->vif.bss_conf.assoc = false; 1889 1890 ifmgd->p2p_noa_index = -1; 1891 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 1892 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 1893 1894 /* on the next assoc, re-program HT/VHT parameters */ 1895 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1896 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 1897 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 1898 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 1899 1900 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 1901 1902 del_timer_sync(&local->dynamic_ps_timer); 1903 cancel_work_sync(&local->dynamic_ps_enable_work); 1904 1905 /* Disable ARP filtering */ 1906 if (sdata->vif.bss_conf.arp_addr_cnt) 1907 changed |= BSS_CHANGED_ARP_FILTER; 1908 1909 sdata->vif.bss_conf.qos = false; 1910 changed |= BSS_CHANGED_QOS; 1911 1912 /* The BSSID (not really interesting) and HT changed */ 1913 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1914 ieee80211_bss_info_change_notify(sdata, changed); 1915 1916 /* disassociated - set to defaults now */ 1917 ieee80211_set_wmm_default(sdata, false); 1918 1919 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1920 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1921 del_timer_sync(&sdata->u.mgd.timer); 1922 del_timer_sync(&sdata->u.mgd.chswitch_timer); 1923 1924 sdata->vif.bss_conf.dtim_period = 0; 1925 sdata->vif.bss_conf.beacon_rate = NULL; 1926 1927 ifmgd->have_beacon = false; 1928 1929 ifmgd->flags = 0; 1930 ieee80211_vif_release_channel(sdata); 1931 } 1932 1933 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1934 struct ieee80211_hdr *hdr) 1935 { 1936 /* 1937 * We can postpone the mgd.timer whenever receiving unicast frames 1938 * from AP because we know that the connection is working both ways 1939 * at that time. But multicast frames (and hence also beacons) must 1940 * be ignored here, because we need to trigger the timer during 1941 * data idle periods for sending the periodic probe request to the 1942 * AP we're connected to. 1943 */ 1944 if (is_multicast_ether_addr(hdr->addr1)) 1945 return; 1946 1947 ieee80211_sta_reset_conn_monitor(sdata); 1948 } 1949 1950 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 1951 { 1952 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1953 struct ieee80211_local *local = sdata->local; 1954 1955 mutex_lock(&local->mtx); 1956 if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1957 IEEE80211_STA_CONNECTION_POLL))) { 1958 mutex_unlock(&local->mtx); 1959 return; 1960 } 1961 1962 __ieee80211_stop_poll(sdata); 1963 1964 mutex_lock(&local->iflist_mtx); 1965 ieee80211_recalc_ps(local, -1); 1966 mutex_unlock(&local->iflist_mtx); 1967 1968 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1969 goto out; 1970 1971 /* 1972 * We've received a probe response, but are not sure whether 1973 * we have or will be receiving any beacons or data, so let's 1974 * schedule the timers again, just in case. 1975 */ 1976 ieee80211_sta_reset_beacon_monitor(sdata); 1977 1978 mod_timer(&ifmgd->conn_mon_timer, 1979 round_jiffies_up(jiffies + 1980 IEEE80211_CONNECTION_IDLE_TIME)); 1981 out: 1982 mutex_unlock(&local->mtx); 1983 } 1984 1985 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1986 struct ieee80211_hdr *hdr, bool ack) 1987 { 1988 if (!ieee80211_is_data(hdr->frame_control)) 1989 return; 1990 1991 if (ieee80211_is_nullfunc(hdr->frame_control) && 1992 sdata->u.mgd.probe_send_count > 0) { 1993 if (ack) 1994 ieee80211_sta_reset_conn_monitor(sdata); 1995 else 1996 sdata->u.mgd.nullfunc_failed = true; 1997 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 1998 return; 1999 } 2000 2001 if (ack) 2002 ieee80211_sta_reset_conn_monitor(sdata); 2003 } 2004 2005 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 2006 { 2007 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2008 const u8 *ssid; 2009 u8 *dst = ifmgd->associated->bssid; 2010 u8 unicast_limit = max(1, max_probe_tries - 3); 2011 2012 /* 2013 * Try sending broadcast probe requests for the last three 2014 * probe requests after the first ones failed since some 2015 * buggy APs only support broadcast probe requests. 2016 */ 2017 if (ifmgd->probe_send_count >= unicast_limit) 2018 dst = NULL; 2019 2020 /* 2021 * When the hardware reports an accurate Tx ACK status, it's 2022 * better to send a nullfunc frame instead of a probe request, 2023 * as it will kick us off the AP quickly if we aren't associated 2024 * anymore. The timeout will be reset if the frame is ACKed by 2025 * the AP. 2026 */ 2027 ifmgd->probe_send_count++; 2028 2029 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 2030 ifmgd->nullfunc_failed = false; 2031 ieee80211_send_nullfunc(sdata->local, sdata, 0); 2032 } else { 2033 int ssid_len; 2034 2035 rcu_read_lock(); 2036 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 2037 if (WARN_ON_ONCE(ssid == NULL)) 2038 ssid_len = 0; 2039 else 2040 ssid_len = ssid[1]; 2041 2042 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 2043 0, (u32) -1, true, 0, 2044 ifmgd->associated->channel, false); 2045 rcu_read_unlock(); 2046 } 2047 2048 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 2049 run_again(sdata, ifmgd->probe_timeout); 2050 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2051 ieee80211_flush_queues(sdata->local, sdata); 2052 } 2053 2054 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 2055 bool beacon) 2056 { 2057 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2058 bool already = false; 2059 2060 if (!ieee80211_sdata_running(sdata)) 2061 return; 2062 2063 sdata_lock(sdata); 2064 2065 if (!ifmgd->associated) 2066 goto out; 2067 2068 mutex_lock(&sdata->local->mtx); 2069 2070 if (sdata->local->tmp_channel || sdata->local->scanning) { 2071 mutex_unlock(&sdata->local->mtx); 2072 goto out; 2073 } 2074 2075 if (beacon) { 2076 mlme_dbg_ratelimited(sdata, 2077 "detected beacon loss from AP (missed %d beacons) - probing\n", 2078 beacon_loss_count); 2079 2080 ieee80211_cqm_rssi_notify(&sdata->vif, 2081 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, 2082 GFP_KERNEL); 2083 } 2084 2085 /* 2086 * The driver/our work has already reported this event or the 2087 * connection monitoring has kicked in and we have already sent 2088 * a probe request. Or maybe the AP died and the driver keeps 2089 * reporting until we disassociate... 2090 * 2091 * In either case we have to ignore the current call to this 2092 * function (except for setting the correct probe reason bit) 2093 * because otherwise we would reset the timer every time and 2094 * never check whether we received a probe response! 2095 */ 2096 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 2097 IEEE80211_STA_CONNECTION_POLL)) 2098 already = true; 2099 2100 if (beacon) 2101 ifmgd->flags |= IEEE80211_STA_BEACON_POLL; 2102 else 2103 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 2104 2105 mutex_unlock(&sdata->local->mtx); 2106 2107 if (already) 2108 goto out; 2109 2110 mutex_lock(&sdata->local->iflist_mtx); 2111 ieee80211_recalc_ps(sdata->local, -1); 2112 mutex_unlock(&sdata->local->iflist_mtx); 2113 2114 ifmgd->probe_send_count = 0; 2115 ieee80211_mgd_probe_ap_send(sdata); 2116 out: 2117 sdata_unlock(sdata); 2118 } 2119 2120 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 2121 struct ieee80211_vif *vif) 2122 { 2123 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2124 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2125 struct cfg80211_bss *cbss; 2126 struct sk_buff *skb; 2127 const u8 *ssid; 2128 int ssid_len; 2129 2130 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2131 return NULL; 2132 2133 sdata_assert_lock(sdata); 2134 2135 if (ifmgd->associated) 2136 cbss = ifmgd->associated; 2137 else if (ifmgd->auth_data) 2138 cbss = ifmgd->auth_data->bss; 2139 else if (ifmgd->assoc_data) 2140 cbss = ifmgd->assoc_data->bss; 2141 else 2142 return NULL; 2143 2144 rcu_read_lock(); 2145 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 2146 if (WARN_ON_ONCE(ssid == NULL)) 2147 ssid_len = 0; 2148 else 2149 ssid_len = ssid[1]; 2150 2151 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 2152 (u32) -1, cbss->channel, 2153 ssid + 2, ssid_len, 2154 NULL, 0, true); 2155 rcu_read_unlock(); 2156 2157 return skb; 2158 } 2159 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2160 2161 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2162 { 2163 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2164 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2165 2166 sdata_lock(sdata); 2167 if (!ifmgd->associated) { 2168 sdata_unlock(sdata); 2169 return; 2170 } 2171 2172 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2173 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2174 true, frame_buf); 2175 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 2176 ieee80211_wake_queues_by_reason(&sdata->local->hw, 2177 IEEE80211_MAX_QUEUE_MAP, 2178 IEEE80211_QUEUE_STOP_REASON_CSA); 2179 2180 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 2181 IEEE80211_DEAUTH_FRAME_LEN); 2182 sdata_unlock(sdata); 2183 } 2184 2185 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2186 { 2187 struct ieee80211_sub_if_data *sdata = 2188 container_of(work, struct ieee80211_sub_if_data, 2189 u.mgd.beacon_connection_loss_work); 2190 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2191 struct sta_info *sta; 2192 2193 if (ifmgd->associated) { 2194 rcu_read_lock(); 2195 sta = sta_info_get(sdata, ifmgd->bssid); 2196 if (sta) 2197 sta->beacon_loss_count++; 2198 rcu_read_unlock(); 2199 } 2200 2201 if (ifmgd->connection_loss) { 2202 sdata_info(sdata, "Connection to AP %pM lost\n", 2203 ifmgd->bssid); 2204 __ieee80211_disconnect(sdata); 2205 } else { 2206 ieee80211_mgd_probe_ap(sdata, true); 2207 } 2208 } 2209 2210 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2211 { 2212 struct ieee80211_sub_if_data *sdata = 2213 container_of(work, struct ieee80211_sub_if_data, 2214 u.mgd.csa_connection_drop_work); 2215 2216 __ieee80211_disconnect(sdata); 2217 } 2218 2219 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2220 { 2221 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2222 struct ieee80211_hw *hw = &sdata->local->hw; 2223 2224 trace_api_beacon_loss(sdata); 2225 2226 sdata->u.mgd.connection_loss = false; 2227 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2228 } 2229 EXPORT_SYMBOL(ieee80211_beacon_loss); 2230 2231 void ieee80211_connection_loss(struct ieee80211_vif *vif) 2232 { 2233 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2234 struct ieee80211_hw *hw = &sdata->local->hw; 2235 2236 trace_api_connection_loss(sdata); 2237 2238 sdata->u.mgd.connection_loss = true; 2239 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2240 } 2241 EXPORT_SYMBOL(ieee80211_connection_loss); 2242 2243 2244 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2245 bool assoc) 2246 { 2247 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2248 2249 sdata_assert_lock(sdata); 2250 2251 if (!assoc) { 2252 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2253 2254 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2255 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2256 sdata->u.mgd.flags = 0; 2257 ieee80211_vif_release_channel(sdata); 2258 } 2259 2260 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2261 kfree(auth_data); 2262 sdata->u.mgd.auth_data = NULL; 2263 } 2264 2265 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2266 struct ieee80211_mgmt *mgmt, size_t len) 2267 { 2268 struct ieee80211_local *local = sdata->local; 2269 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2270 u8 *pos; 2271 struct ieee802_11_elems elems; 2272 u32 tx_flags = 0; 2273 2274 pos = mgmt->u.auth.variable; 2275 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2276 if (!elems.challenge) 2277 return; 2278 auth_data->expected_transaction = 4; 2279 drv_mgd_prepare_tx(sdata->local, sdata); 2280 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2281 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2282 IEEE80211_TX_INTFL_MLME_CONN_TX; 2283 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2284 elems.challenge - 2, elems.challenge_len + 2, 2285 auth_data->bss->bssid, auth_data->bss->bssid, 2286 auth_data->key, auth_data->key_len, 2287 auth_data->key_idx, tx_flags); 2288 } 2289 2290 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2291 struct ieee80211_mgmt *mgmt, size_t len) 2292 { 2293 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2294 u8 bssid[ETH_ALEN]; 2295 u16 auth_alg, auth_transaction, status_code; 2296 struct sta_info *sta; 2297 2298 sdata_assert_lock(sdata); 2299 2300 if (len < 24 + 6) 2301 return; 2302 2303 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2304 return; 2305 2306 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2307 2308 if (!ether_addr_equal(bssid, mgmt->bssid)) 2309 return; 2310 2311 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2312 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2313 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2314 2315 if (auth_alg != ifmgd->auth_data->algorithm || 2316 auth_transaction != ifmgd->auth_data->expected_transaction) { 2317 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2318 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2319 auth_transaction, 2320 ifmgd->auth_data->expected_transaction); 2321 return; 2322 } 2323 2324 if (status_code != WLAN_STATUS_SUCCESS) { 2325 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2326 mgmt->sa, status_code); 2327 ieee80211_destroy_auth_data(sdata, false); 2328 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2329 return; 2330 } 2331 2332 switch (ifmgd->auth_data->algorithm) { 2333 case WLAN_AUTH_OPEN: 2334 case WLAN_AUTH_LEAP: 2335 case WLAN_AUTH_FT: 2336 case WLAN_AUTH_SAE: 2337 break; 2338 case WLAN_AUTH_SHARED_KEY: 2339 if (ifmgd->auth_data->expected_transaction != 4) { 2340 ieee80211_auth_challenge(sdata, mgmt, len); 2341 /* need another frame */ 2342 return; 2343 } 2344 break; 2345 default: 2346 WARN_ONCE(1, "invalid auth alg %d", 2347 ifmgd->auth_data->algorithm); 2348 return; 2349 } 2350 2351 sdata_info(sdata, "authenticated\n"); 2352 ifmgd->auth_data->done = true; 2353 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2354 ifmgd->auth_data->timeout_started = true; 2355 run_again(sdata, ifmgd->auth_data->timeout); 2356 2357 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2358 ifmgd->auth_data->expected_transaction != 2) { 2359 /* 2360 * Report auth frame to user space for processing since another 2361 * round of Authentication frames is still needed. 2362 */ 2363 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2364 return; 2365 } 2366 2367 /* move station state to auth */ 2368 mutex_lock(&sdata->local->sta_mtx); 2369 sta = sta_info_get(sdata, bssid); 2370 if (!sta) { 2371 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2372 goto out_err; 2373 } 2374 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2375 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2376 goto out_err; 2377 } 2378 mutex_unlock(&sdata->local->sta_mtx); 2379 2380 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2381 return; 2382 out_err: 2383 mutex_unlock(&sdata->local->sta_mtx); 2384 /* ignore frame -- wait for timeout */ 2385 } 2386 2387 2388 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2389 struct ieee80211_mgmt *mgmt, size_t len) 2390 { 2391 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2392 const u8 *bssid = NULL; 2393 u16 reason_code; 2394 2395 sdata_assert_lock(sdata); 2396 2397 if (len < 24 + 2) 2398 return; 2399 2400 if (!ifmgd->associated || 2401 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2402 return; 2403 2404 bssid = ifmgd->associated->bssid; 2405 2406 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2407 2408 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n", 2409 bssid, reason_code); 2410 2411 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2412 2413 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2414 } 2415 2416 2417 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2418 struct ieee80211_mgmt *mgmt, size_t len) 2419 { 2420 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2421 u16 reason_code; 2422 2423 sdata_assert_lock(sdata); 2424 2425 if (len < 24 + 2) 2426 return; 2427 2428 if (!ifmgd->associated || 2429 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2430 return; 2431 2432 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2433 2434 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2435 mgmt->sa, reason_code); 2436 2437 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2438 2439 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2440 } 2441 2442 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2443 u8 *supp_rates, unsigned int supp_rates_len, 2444 u32 *rates, u32 *basic_rates, 2445 bool *have_higher_than_11mbit, 2446 int *min_rate, int *min_rate_index) 2447 { 2448 int i, j; 2449 2450 for (i = 0; i < supp_rates_len; i++) { 2451 int rate = (supp_rates[i] & 0x7f) * 5; 2452 bool is_basic = !!(supp_rates[i] & 0x80); 2453 2454 if (rate > 110) 2455 *have_higher_than_11mbit = true; 2456 2457 /* 2458 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2459 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2460 * 2461 * Note: Even through the membership selector and the basic 2462 * rate flag share the same bit, they are not exactly 2463 * the same. 2464 */ 2465 if (!!(supp_rates[i] & 0x80) && 2466 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2467 continue; 2468 2469 for (j = 0; j < sband->n_bitrates; j++) { 2470 if (sband->bitrates[j].bitrate == rate) { 2471 *rates |= BIT(j); 2472 if (is_basic) 2473 *basic_rates |= BIT(j); 2474 if (rate < *min_rate) { 2475 *min_rate = rate; 2476 *min_rate_index = j; 2477 } 2478 break; 2479 } 2480 } 2481 } 2482 } 2483 2484 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2485 bool assoc) 2486 { 2487 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2488 2489 sdata_assert_lock(sdata); 2490 2491 if (!assoc) { 2492 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2493 2494 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2495 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2496 sdata->u.mgd.flags = 0; 2497 ieee80211_vif_release_channel(sdata); 2498 } 2499 2500 kfree(assoc_data); 2501 sdata->u.mgd.assoc_data = NULL; 2502 } 2503 2504 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2505 struct cfg80211_bss *cbss, 2506 struct ieee80211_mgmt *mgmt, size_t len) 2507 { 2508 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2509 struct ieee80211_local *local = sdata->local; 2510 struct ieee80211_supported_band *sband; 2511 struct sta_info *sta; 2512 u8 *pos; 2513 u16 capab_info, aid; 2514 struct ieee802_11_elems elems; 2515 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2516 const struct cfg80211_bss_ies *bss_ies = NULL; 2517 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2518 u32 changed = 0; 2519 int err; 2520 bool ret; 2521 2522 /* AssocResp and ReassocResp have identical structure */ 2523 2524 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2525 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2526 2527 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2528 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2529 aid); 2530 aid &= ~(BIT(15) | BIT(14)); 2531 2532 ifmgd->broken_ap = false; 2533 2534 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2535 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2536 aid); 2537 aid = 0; 2538 ifmgd->broken_ap = true; 2539 } 2540 2541 pos = mgmt->u.assoc_resp.variable; 2542 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2543 2544 if (!elems.supp_rates) { 2545 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2546 return false; 2547 } 2548 2549 ifmgd->aid = aid; 2550 2551 /* 2552 * Some APs are erroneously not including some information in their 2553 * (re)association response frames. Try to recover by using the data 2554 * from the beacon or probe response. This seems to afflict mobile 2555 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 2556 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 2557 */ 2558 if ((assoc_data->wmm && !elems.wmm_param) || 2559 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2560 (!elems.ht_cap_elem || !elems.ht_operation)) || 2561 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2562 (!elems.vht_cap_elem || !elems.vht_operation))) { 2563 const struct cfg80211_bss_ies *ies; 2564 struct ieee802_11_elems bss_elems; 2565 2566 rcu_read_lock(); 2567 ies = rcu_dereference(cbss->ies); 2568 if (ies) 2569 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 2570 GFP_ATOMIC); 2571 rcu_read_unlock(); 2572 if (!bss_ies) 2573 return false; 2574 2575 ieee802_11_parse_elems(bss_ies->data, bss_ies->len, 2576 false, &bss_elems); 2577 if (assoc_data->wmm && 2578 !elems.wmm_param && bss_elems.wmm_param) { 2579 elems.wmm_param = bss_elems.wmm_param; 2580 sdata_info(sdata, 2581 "AP bug: WMM param missing from AssocResp\n"); 2582 } 2583 2584 /* 2585 * Also check if we requested HT/VHT, otherwise the AP doesn't 2586 * have to include the IEs in the (re)association response. 2587 */ 2588 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem && 2589 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2590 elems.ht_cap_elem = bss_elems.ht_cap_elem; 2591 sdata_info(sdata, 2592 "AP bug: HT capability missing from AssocResp\n"); 2593 } 2594 if (!elems.ht_operation && bss_elems.ht_operation && 2595 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2596 elems.ht_operation = bss_elems.ht_operation; 2597 sdata_info(sdata, 2598 "AP bug: HT operation missing from AssocResp\n"); 2599 } 2600 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem && 2601 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2602 elems.vht_cap_elem = bss_elems.vht_cap_elem; 2603 sdata_info(sdata, 2604 "AP bug: VHT capa missing from AssocResp\n"); 2605 } 2606 if (!elems.vht_operation && bss_elems.vht_operation && 2607 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2608 elems.vht_operation = bss_elems.vht_operation; 2609 sdata_info(sdata, 2610 "AP bug: VHT operation missing from AssocResp\n"); 2611 } 2612 } 2613 2614 /* 2615 * We previously checked these in the beacon/probe response, so 2616 * they should be present here. This is just a safety net. 2617 */ 2618 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2619 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2620 sdata_info(sdata, 2621 "HT AP is missing WMM params or HT capability/operation\n"); 2622 ret = false; 2623 goto out; 2624 } 2625 2626 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2627 (!elems.vht_cap_elem || !elems.vht_operation)) { 2628 sdata_info(sdata, 2629 "VHT AP is missing VHT capability/operation\n"); 2630 ret = false; 2631 goto out; 2632 } 2633 2634 mutex_lock(&sdata->local->sta_mtx); 2635 /* 2636 * station info was already allocated and inserted before 2637 * the association and should be available to us 2638 */ 2639 sta = sta_info_get(sdata, cbss->bssid); 2640 if (WARN_ON(!sta)) { 2641 mutex_unlock(&sdata->local->sta_mtx); 2642 ret = false; 2643 goto out; 2644 } 2645 2646 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2647 2648 /* Set up internal HT/VHT capabilities */ 2649 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2650 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2651 elems.ht_cap_elem, sta); 2652 2653 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2654 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2655 elems.vht_cap_elem, sta); 2656 2657 /* 2658 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2659 * in their association response, so ignore that data for our own 2660 * configuration. If it changed since the last beacon, we'll get the 2661 * next beacon and update then. 2662 */ 2663 2664 /* 2665 * If an operating mode notification IE is present, override the 2666 * NSS calculation (that would be done in rate_control_rate_init()) 2667 * and use the # of streams from that element. 2668 */ 2669 if (elems.opmode_notif && 2670 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2671 u8 nss; 2672 2673 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2674 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2675 nss += 1; 2676 sta->sta.rx_nss = nss; 2677 } 2678 2679 rate_control_rate_init(sta); 2680 2681 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2682 set_sta_flag(sta, WLAN_STA_MFP); 2683 2684 if (elems.wmm_param) 2685 set_sta_flag(sta, WLAN_STA_WME); 2686 2687 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2688 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2689 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2690 if (err) { 2691 sdata_info(sdata, 2692 "failed to move station %pM to desired state\n", 2693 sta->sta.addr); 2694 WARN_ON(__sta_info_destroy(sta)); 2695 mutex_unlock(&sdata->local->sta_mtx); 2696 ret = false; 2697 goto out; 2698 } 2699 2700 mutex_unlock(&sdata->local->sta_mtx); 2701 2702 /* 2703 * Always handle WMM once after association regardless 2704 * of the first value the AP uses. Setting -1 here has 2705 * that effect because the AP values is an unsigned 2706 * 4-bit value. 2707 */ 2708 ifmgd->wmm_last_param_set = -1; 2709 2710 if (elems.wmm_param) 2711 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2712 elems.wmm_param_len); 2713 else 2714 ieee80211_set_wmm_default(sdata, false); 2715 changed |= BSS_CHANGED_QOS; 2716 2717 /* set AID and assoc capability, 2718 * ieee80211_set_associated() will tell the driver */ 2719 bss_conf->aid = aid; 2720 bss_conf->assoc_capability = capab_info; 2721 ieee80211_set_associated(sdata, cbss, changed); 2722 2723 /* 2724 * If we're using 4-addr mode, let the AP know that we're 2725 * doing so, so that it can create the STA VLAN on its side 2726 */ 2727 if (ifmgd->use_4addr) 2728 ieee80211_send_4addr_nullfunc(local, sdata); 2729 2730 /* 2731 * Start timer to probe the connection to the AP now. 2732 * Also start the timer that will detect beacon loss. 2733 */ 2734 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2735 ieee80211_sta_reset_beacon_monitor(sdata); 2736 2737 ret = true; 2738 out: 2739 kfree(bss_ies); 2740 return ret; 2741 } 2742 2743 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 2744 struct ieee80211_mgmt *mgmt, 2745 size_t len) 2746 { 2747 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2748 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2749 u16 capab_info, status_code, aid; 2750 struct ieee802_11_elems elems; 2751 u8 *pos; 2752 bool reassoc; 2753 struct cfg80211_bss *bss; 2754 2755 sdata_assert_lock(sdata); 2756 2757 if (!assoc_data) 2758 return; 2759 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 2760 return; 2761 2762 /* 2763 * AssocResp and ReassocResp have identical structure, so process both 2764 * of them in this function. 2765 */ 2766 2767 if (len < 24 + 6) 2768 return; 2769 2770 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 2771 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2772 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2773 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2774 2775 sdata_info(sdata, 2776 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 2777 reassoc ? "Rea" : "A", mgmt->sa, 2778 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2779 2780 pos = mgmt->u.assoc_resp.variable; 2781 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2782 2783 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2784 elems.timeout_int && 2785 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2786 u32 tu, ms; 2787 tu = le32_to_cpu(elems.timeout_int->value); 2788 ms = tu * 1024 / 1000; 2789 sdata_info(sdata, 2790 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2791 mgmt->sa, tu, ms); 2792 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 2793 assoc_data->timeout_started = true; 2794 if (ms > IEEE80211_ASSOC_TIMEOUT) 2795 run_again(sdata, assoc_data->timeout); 2796 return; 2797 } 2798 2799 bss = assoc_data->bss; 2800 2801 if (status_code != WLAN_STATUS_SUCCESS) { 2802 sdata_info(sdata, "%pM denied association (code=%d)\n", 2803 mgmt->sa, status_code); 2804 ieee80211_destroy_assoc_data(sdata, false); 2805 } else { 2806 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) { 2807 /* oops -- internal error -- send timeout for now */ 2808 ieee80211_destroy_assoc_data(sdata, false); 2809 cfg80211_assoc_timeout(sdata->dev, bss); 2810 return; 2811 } 2812 sdata_info(sdata, "associated\n"); 2813 2814 /* 2815 * destroy assoc_data afterwards, as otherwise an idle 2816 * recalc after assoc_data is NULL but before associated 2817 * is set can cause the interface to go idle 2818 */ 2819 ieee80211_destroy_assoc_data(sdata, true); 2820 } 2821 2822 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len); 2823 } 2824 2825 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2826 struct ieee80211_mgmt *mgmt, size_t len, 2827 struct ieee80211_rx_status *rx_status, 2828 struct ieee802_11_elems *elems) 2829 { 2830 struct ieee80211_local *local = sdata->local; 2831 int freq; 2832 struct ieee80211_bss *bss; 2833 struct ieee80211_channel *channel; 2834 2835 sdata_assert_lock(sdata); 2836 2837 if (elems->ds_params) 2838 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2839 rx_status->band); 2840 else 2841 freq = rx_status->freq; 2842 2843 channel = ieee80211_get_channel(local->hw.wiphy, freq); 2844 2845 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 2846 return; 2847 2848 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 2849 channel); 2850 if (bss) { 2851 ieee80211_rx_bss_put(local, bss); 2852 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; 2853 } 2854 2855 if (!sdata->u.mgd.associated || 2856 !ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) 2857 return; 2858 2859 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 2860 elems, true); 2861 2862 } 2863 2864 2865 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 2866 struct sk_buff *skb) 2867 { 2868 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2869 struct ieee80211_if_managed *ifmgd; 2870 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 2871 size_t baselen, len = skb->len; 2872 struct ieee802_11_elems elems; 2873 2874 ifmgd = &sdata->u.mgd; 2875 2876 sdata_assert_lock(sdata); 2877 2878 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 2879 return; /* ignore ProbeResp to foreign address */ 2880 2881 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2882 if (baselen > len) 2883 return; 2884 2885 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2886 false, &elems); 2887 2888 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2889 2890 if (ifmgd->associated && 2891 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2892 ieee80211_reset_ap_probe(sdata); 2893 2894 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 2895 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 2896 /* got probe response, continue with auth */ 2897 sdata_info(sdata, "direct probe responded\n"); 2898 ifmgd->auth_data->tries = 0; 2899 ifmgd->auth_data->timeout = jiffies; 2900 ifmgd->auth_data->timeout_started = true; 2901 run_again(sdata, ifmgd->auth_data->timeout); 2902 } 2903 } 2904 2905 /* 2906 * This is the canonical list of information elements we care about, 2907 * the filter code also gives us all changes to the Microsoft OUI 2908 * (00:50:F2) vendor IE which is used for WMM which we need to track. 2909 * 2910 * We implement beacon filtering in software since that means we can 2911 * avoid processing the frame here and in cfg80211, and userspace 2912 * will not be able to tell whether the hardware supports it or not. 2913 * 2914 * XXX: This list needs to be dynamic -- userspace needs to be able to 2915 * add items it requires. It also needs to be able to tell us to 2916 * look out for other vendor IEs. 2917 */ 2918 static const u64 care_about_ies = 2919 (1ULL << WLAN_EID_COUNTRY) | 2920 (1ULL << WLAN_EID_ERP_INFO) | 2921 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 2922 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 2923 (1ULL << WLAN_EID_HT_CAPABILITY) | 2924 (1ULL << WLAN_EID_HT_OPERATION); 2925 2926 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 2927 struct ieee80211_mgmt *mgmt, size_t len, 2928 struct ieee80211_rx_status *rx_status) 2929 { 2930 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2931 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2932 size_t baselen; 2933 struct ieee802_11_elems elems; 2934 struct ieee80211_local *local = sdata->local; 2935 struct ieee80211_chanctx_conf *chanctx_conf; 2936 struct ieee80211_channel *chan; 2937 struct sta_info *sta; 2938 u32 changed = 0; 2939 bool erp_valid; 2940 u8 erp_value = 0; 2941 u32 ncrc; 2942 u8 *bssid; 2943 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2944 2945 sdata_assert_lock(sdata); 2946 2947 /* Process beacon from the current BSS */ 2948 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2949 if (baselen > len) 2950 return; 2951 2952 rcu_read_lock(); 2953 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 2954 if (!chanctx_conf) { 2955 rcu_read_unlock(); 2956 return; 2957 } 2958 2959 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 2960 rcu_read_unlock(); 2961 return; 2962 } 2963 chan = chanctx_conf->def.chan; 2964 rcu_read_unlock(); 2965 2966 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 2967 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2968 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2969 len - baselen, false, &elems); 2970 2971 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2972 if (elems.tim && !elems.parse_error) { 2973 const struct ieee80211_tim_ie *tim_ie = elems.tim; 2974 ifmgd->dtim_period = tim_ie->dtim_period; 2975 } 2976 ifmgd->have_beacon = true; 2977 ifmgd->assoc_data->need_beacon = false; 2978 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2979 sdata->vif.bss_conf.sync_tsf = 2980 le64_to_cpu(mgmt->u.beacon.timestamp); 2981 sdata->vif.bss_conf.sync_device_ts = 2982 rx_status->device_timestamp; 2983 if (elems.tim) 2984 sdata->vif.bss_conf.sync_dtim_count = 2985 elems.tim->dtim_count; 2986 else 2987 sdata->vif.bss_conf.sync_dtim_count = 0; 2988 } 2989 /* continue assoc process */ 2990 ifmgd->assoc_data->timeout = jiffies; 2991 ifmgd->assoc_data->timeout_started = true; 2992 run_again(sdata, ifmgd->assoc_data->timeout); 2993 return; 2994 } 2995 2996 if (!ifmgd->associated || 2997 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2998 return; 2999 bssid = ifmgd->associated->bssid; 3000 3001 /* Track average RSSI from the Beacon frames of the current AP */ 3002 ifmgd->last_beacon_signal = rx_status->signal; 3003 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 3004 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 3005 ifmgd->ave_beacon_signal = rx_status->signal * 16; 3006 ifmgd->last_cqm_event_signal = 0; 3007 ifmgd->count_beacon_signal = 1; 3008 ifmgd->last_ave_beacon_signal = 0; 3009 } else { 3010 ifmgd->ave_beacon_signal = 3011 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 3012 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 3013 ifmgd->ave_beacon_signal) / 16; 3014 ifmgd->count_beacon_signal++; 3015 } 3016 3017 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 3018 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 3019 int sig = ifmgd->ave_beacon_signal; 3020 int last_sig = ifmgd->last_ave_beacon_signal; 3021 3022 /* 3023 * if signal crosses either of the boundaries, invoke callback 3024 * with appropriate parameters 3025 */ 3026 if (sig > ifmgd->rssi_max_thold && 3027 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 3028 ifmgd->last_ave_beacon_signal = sig; 3029 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH); 3030 } else if (sig < ifmgd->rssi_min_thold && 3031 (last_sig >= ifmgd->rssi_max_thold || 3032 last_sig == 0)) { 3033 ifmgd->last_ave_beacon_signal = sig; 3034 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW); 3035 } 3036 } 3037 3038 if (bss_conf->cqm_rssi_thold && 3039 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 3040 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 3041 int sig = ifmgd->ave_beacon_signal / 16; 3042 int last_event = ifmgd->last_cqm_event_signal; 3043 int thold = bss_conf->cqm_rssi_thold; 3044 int hyst = bss_conf->cqm_rssi_hyst; 3045 if (sig < thold && 3046 (last_event == 0 || sig < last_event - hyst)) { 3047 ifmgd->last_cqm_event_signal = sig; 3048 ieee80211_cqm_rssi_notify( 3049 &sdata->vif, 3050 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 3051 GFP_KERNEL); 3052 } else if (sig > thold && 3053 (last_event == 0 || sig > last_event + hyst)) { 3054 ifmgd->last_cqm_event_signal = sig; 3055 ieee80211_cqm_rssi_notify( 3056 &sdata->vif, 3057 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 3058 GFP_KERNEL); 3059 } 3060 } 3061 3062 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) { 3063 mlme_dbg_ratelimited(sdata, 3064 "cancelling AP probe due to a received beacon\n"); 3065 mutex_lock(&local->mtx); 3066 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL; 3067 ieee80211_run_deferred_scan(local); 3068 mutex_unlock(&local->mtx); 3069 3070 mutex_lock(&local->iflist_mtx); 3071 ieee80211_recalc_ps(local, -1); 3072 mutex_unlock(&local->iflist_mtx); 3073 } 3074 3075 /* 3076 * Push the beacon loss detection into the future since 3077 * we are processing a beacon from the AP just now. 3078 */ 3079 ieee80211_sta_reset_beacon_monitor(sdata); 3080 3081 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 3082 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 3083 len - baselen, false, &elems, 3084 care_about_ies, ncrc); 3085 3086 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 3087 bool directed_tim = ieee80211_check_tim(elems.tim, 3088 elems.tim_len, 3089 ifmgd->aid); 3090 if (directed_tim) { 3091 if (local->hw.conf.dynamic_ps_timeout > 0) { 3092 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 3093 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 3094 ieee80211_hw_config(local, 3095 IEEE80211_CONF_CHANGE_PS); 3096 } 3097 ieee80211_send_nullfunc(local, sdata, 0); 3098 } else if (!local->pspolling && sdata->u.mgd.powersave) { 3099 local->pspolling = true; 3100 3101 /* 3102 * Here is assumed that the driver will be 3103 * able to send ps-poll frame and receive a 3104 * response even though power save mode is 3105 * enabled, but some drivers might require 3106 * to disable power save here. This needs 3107 * to be investigated. 3108 */ 3109 ieee80211_send_pspoll(local, sdata); 3110 } 3111 } 3112 } 3113 3114 if (sdata->vif.p2p) { 3115 struct ieee80211_p2p_noa_attr noa = {}; 3116 int ret; 3117 3118 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 3119 len - baselen, 3120 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 3121 (u8 *) &noa, sizeof(noa)); 3122 if (ret >= 2) { 3123 if (sdata->u.mgd.p2p_noa_index != noa.index) { 3124 /* valid noa_attr and index changed */ 3125 sdata->u.mgd.p2p_noa_index = noa.index; 3126 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 3127 changed |= BSS_CHANGED_P2P_PS; 3128 /* 3129 * make sure we update all information, the CRC 3130 * mechanism doesn't look at P2P attributes. 3131 */ 3132 ifmgd->beacon_crc_valid = false; 3133 } 3134 } else if (sdata->u.mgd.p2p_noa_index != -1) { 3135 /* noa_attr not found and we had valid noa_attr before */ 3136 sdata->u.mgd.p2p_noa_index = -1; 3137 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 3138 changed |= BSS_CHANGED_P2P_PS; 3139 ifmgd->beacon_crc_valid = false; 3140 } 3141 } 3142 3143 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 3144 return; 3145 ifmgd->beacon_crc = ncrc; 3146 ifmgd->beacon_crc_valid = true; 3147 3148 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3149 3150 if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 3151 elems.wmm_param_len)) 3152 changed |= BSS_CHANGED_QOS; 3153 3154 /* 3155 * If we haven't had a beacon before, tell the driver about the 3156 * DTIM period (and beacon timing if desired) now. 3157 */ 3158 if (!ifmgd->have_beacon) { 3159 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 3160 if (elems.tim) 3161 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 3162 else 3163 bss_conf->dtim_period = 1; 3164 3165 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3166 sdata->vif.bss_conf.sync_tsf = 3167 le64_to_cpu(mgmt->u.beacon.timestamp); 3168 sdata->vif.bss_conf.sync_device_ts = 3169 rx_status->device_timestamp; 3170 if (elems.tim) 3171 sdata->vif.bss_conf.sync_dtim_count = 3172 elems.tim->dtim_count; 3173 else 3174 sdata->vif.bss_conf.sync_dtim_count = 0; 3175 } 3176 3177 changed |= BSS_CHANGED_BEACON_INFO; 3178 ifmgd->have_beacon = true; 3179 3180 mutex_lock(&local->iflist_mtx); 3181 ieee80211_recalc_ps(local, -1); 3182 mutex_unlock(&local->iflist_mtx); 3183 3184 ieee80211_recalc_ps_vif(sdata); 3185 } 3186 3187 if (elems.erp_info) { 3188 erp_valid = true; 3189 erp_value = elems.erp_info[0]; 3190 } else { 3191 erp_valid = false; 3192 } 3193 changed |= ieee80211_handle_bss_capability(sdata, 3194 le16_to_cpu(mgmt->u.beacon.capab_info), 3195 erp_valid, erp_value); 3196 3197 mutex_lock(&local->sta_mtx); 3198 sta = sta_info_get(sdata, bssid); 3199 3200 if (ieee80211_config_bw(sdata, sta, elems.ht_operation, 3201 elems.vht_operation, bssid, &changed)) { 3202 mutex_unlock(&local->sta_mtx); 3203 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3204 WLAN_REASON_DEAUTH_LEAVING, 3205 true, deauth_buf); 3206 cfg80211_tx_mlme_mgmt(sdata->dev, deauth_buf, 3207 sizeof(deauth_buf)); 3208 return; 3209 } 3210 3211 if (sta && elems.opmode_notif) 3212 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3213 rx_status->band, true); 3214 mutex_unlock(&local->sta_mtx); 3215 3216 if (elems.country_elem && elems.pwr_constr_elem && 3217 mgmt->u.probe_resp.capab_info & 3218 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) 3219 changed |= ieee80211_handle_pwr_constr(sdata, chan, 3220 elems.country_elem, 3221 elems.country_elem_len, 3222 elems.pwr_constr_elem); 3223 3224 ieee80211_bss_info_change_notify(sdata, changed); 3225 } 3226 3227 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3228 struct sk_buff *skb) 3229 { 3230 struct ieee80211_rx_status *rx_status; 3231 struct ieee80211_mgmt *mgmt; 3232 u16 fc; 3233 struct ieee802_11_elems elems; 3234 int ies_len; 3235 3236 rx_status = (struct ieee80211_rx_status *) skb->cb; 3237 mgmt = (struct ieee80211_mgmt *) skb->data; 3238 fc = le16_to_cpu(mgmt->frame_control); 3239 3240 sdata_lock(sdata); 3241 3242 switch (fc & IEEE80211_FCTL_STYPE) { 3243 case IEEE80211_STYPE_BEACON: 3244 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status); 3245 break; 3246 case IEEE80211_STYPE_PROBE_RESP: 3247 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3248 break; 3249 case IEEE80211_STYPE_AUTH: 3250 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3251 break; 3252 case IEEE80211_STYPE_DEAUTH: 3253 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3254 break; 3255 case IEEE80211_STYPE_DISASSOC: 3256 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3257 break; 3258 case IEEE80211_STYPE_ASSOC_RESP: 3259 case IEEE80211_STYPE_REASSOC_RESP: 3260 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 3261 break; 3262 case IEEE80211_STYPE_ACTION: 3263 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 3264 ies_len = skb->len - 3265 offsetof(struct ieee80211_mgmt, 3266 u.action.u.chan_switch.variable); 3267 3268 if (ies_len < 0) 3269 break; 3270 3271 ieee802_11_parse_elems( 3272 mgmt->u.action.u.chan_switch.variable, 3273 ies_len, true, &elems); 3274 3275 if (elems.parse_error) 3276 break; 3277 3278 ieee80211_sta_process_chanswitch(sdata, 3279 rx_status->mactime, 3280 &elems, false); 3281 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3282 ies_len = skb->len - 3283 offsetof(struct ieee80211_mgmt, 3284 u.action.u.ext_chan_switch.variable); 3285 3286 if (ies_len < 0) 3287 break; 3288 3289 ieee802_11_parse_elems( 3290 mgmt->u.action.u.ext_chan_switch.variable, 3291 ies_len, true, &elems); 3292 3293 if (elems.parse_error) 3294 break; 3295 3296 /* for the handling code pretend this was also an IE */ 3297 elems.ext_chansw_ie = 3298 &mgmt->u.action.u.ext_chan_switch.data; 3299 3300 ieee80211_sta_process_chanswitch(sdata, 3301 rx_status->mactime, 3302 &elems, false); 3303 } 3304 break; 3305 } 3306 sdata_unlock(sdata); 3307 } 3308 3309 static void ieee80211_sta_timer(unsigned long data) 3310 { 3311 struct ieee80211_sub_if_data *sdata = 3312 (struct ieee80211_sub_if_data *) data; 3313 3314 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3315 } 3316 3317 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3318 u8 *bssid, u8 reason, bool tx) 3319 { 3320 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3321 3322 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3323 tx, frame_buf); 3324 3325 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3326 IEEE80211_DEAUTH_FRAME_LEN); 3327 } 3328 3329 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3330 { 3331 struct ieee80211_local *local = sdata->local; 3332 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3333 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3334 u32 tx_flags = 0; 3335 3336 sdata_assert_lock(sdata); 3337 3338 if (WARN_ON_ONCE(!auth_data)) 3339 return -EINVAL; 3340 3341 auth_data->tries++; 3342 3343 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3344 sdata_info(sdata, "authentication with %pM timed out\n", 3345 auth_data->bss->bssid); 3346 3347 /* 3348 * Most likely AP is not in the range so remove the 3349 * bss struct for that AP. 3350 */ 3351 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3352 3353 return -ETIMEDOUT; 3354 } 3355 3356 drv_mgd_prepare_tx(local, sdata); 3357 3358 if (auth_data->bss->proberesp_ies) { 3359 u16 trans = 1; 3360 u16 status = 0; 3361 3362 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3363 auth_data->bss->bssid, auth_data->tries, 3364 IEEE80211_AUTH_MAX_TRIES); 3365 3366 auth_data->expected_transaction = 2; 3367 3368 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3369 trans = auth_data->sae_trans; 3370 status = auth_data->sae_status; 3371 auth_data->expected_transaction = trans; 3372 } 3373 3374 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3375 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3376 IEEE80211_TX_INTFL_MLME_CONN_TX; 3377 3378 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3379 auth_data->data, auth_data->data_len, 3380 auth_data->bss->bssid, 3381 auth_data->bss->bssid, NULL, 0, 0, 3382 tx_flags); 3383 } else { 3384 const u8 *ssidie; 3385 3386 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3387 auth_data->bss->bssid, auth_data->tries, 3388 IEEE80211_AUTH_MAX_TRIES); 3389 3390 rcu_read_lock(); 3391 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3392 if (!ssidie) { 3393 rcu_read_unlock(); 3394 return -EINVAL; 3395 } 3396 /* 3397 * Direct probe is sent to broadcast address as some APs 3398 * will not answer to direct packet in unassociated state. 3399 */ 3400 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 3401 NULL, 0, (u32) -1, true, 0, 3402 auth_data->bss->channel, false); 3403 rcu_read_unlock(); 3404 } 3405 3406 if (tx_flags == 0) { 3407 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3408 auth_data->timeout_started = true; 3409 run_again(sdata, auth_data->timeout); 3410 } else { 3411 auth_data->timeout = 3412 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); 3413 auth_data->timeout_started = true; 3414 run_again(sdata, auth_data->timeout); 3415 } 3416 3417 return 0; 3418 } 3419 3420 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3421 { 3422 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3423 struct ieee80211_local *local = sdata->local; 3424 3425 sdata_assert_lock(sdata); 3426 3427 assoc_data->tries++; 3428 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3429 sdata_info(sdata, "association with %pM timed out\n", 3430 assoc_data->bss->bssid); 3431 3432 /* 3433 * Most likely AP is not in the range so remove the 3434 * bss struct for that AP. 3435 */ 3436 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3437 3438 return -ETIMEDOUT; 3439 } 3440 3441 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3442 assoc_data->bss->bssid, assoc_data->tries, 3443 IEEE80211_ASSOC_MAX_TRIES); 3444 ieee80211_send_assoc(sdata); 3445 3446 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3447 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3448 assoc_data->timeout_started = true; 3449 run_again(sdata, assoc_data->timeout); 3450 } else { 3451 assoc_data->timeout = 3452 round_jiffies_up(jiffies + 3453 IEEE80211_ASSOC_TIMEOUT_LONG); 3454 assoc_data->timeout_started = true; 3455 run_again(sdata, assoc_data->timeout); 3456 } 3457 3458 return 0; 3459 } 3460 3461 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3462 __le16 fc, bool acked) 3463 { 3464 struct ieee80211_local *local = sdata->local; 3465 3466 sdata->u.mgd.status_fc = fc; 3467 sdata->u.mgd.status_acked = acked; 3468 sdata->u.mgd.status_received = true; 3469 3470 ieee80211_queue_work(&local->hw, &sdata->work); 3471 } 3472 3473 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3474 { 3475 struct ieee80211_local *local = sdata->local; 3476 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3477 3478 sdata_lock(sdata); 3479 3480 if (ifmgd->status_received) { 3481 __le16 fc = ifmgd->status_fc; 3482 bool status_acked = ifmgd->status_acked; 3483 3484 ifmgd->status_received = false; 3485 if (ifmgd->auth_data && 3486 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3487 if (status_acked) { 3488 ifmgd->auth_data->timeout = 3489 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3490 run_again(sdata, ifmgd->auth_data->timeout); 3491 } else { 3492 ifmgd->auth_data->timeout = jiffies - 1; 3493 } 3494 ifmgd->auth_data->timeout_started = true; 3495 } else if (ifmgd->assoc_data && 3496 (ieee80211_is_assoc_req(fc) || 3497 ieee80211_is_reassoc_req(fc))) { 3498 if (status_acked) { 3499 ifmgd->assoc_data->timeout = 3500 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3501 run_again(sdata, ifmgd->assoc_data->timeout); 3502 } else { 3503 ifmgd->assoc_data->timeout = jiffies - 1; 3504 } 3505 ifmgd->assoc_data->timeout_started = true; 3506 } 3507 } 3508 3509 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3510 time_after(jiffies, ifmgd->auth_data->timeout)) { 3511 if (ifmgd->auth_data->done) { 3512 /* 3513 * ok ... we waited for assoc but userspace didn't, 3514 * so let's just kill the auth data 3515 */ 3516 ieee80211_destroy_auth_data(sdata, false); 3517 } else if (ieee80211_probe_auth(sdata)) { 3518 u8 bssid[ETH_ALEN]; 3519 3520 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3521 3522 ieee80211_destroy_auth_data(sdata, false); 3523 3524 cfg80211_auth_timeout(sdata->dev, bssid); 3525 } 3526 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3527 run_again(sdata, ifmgd->auth_data->timeout); 3528 3529 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3530 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3531 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) || 3532 ieee80211_do_assoc(sdata)) { 3533 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 3534 3535 ieee80211_destroy_assoc_data(sdata, false); 3536 cfg80211_assoc_timeout(sdata->dev, bss); 3537 } 3538 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3539 run_again(sdata, ifmgd->assoc_data->timeout); 3540 3541 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 3542 IEEE80211_STA_CONNECTION_POLL) && 3543 ifmgd->associated) { 3544 u8 bssid[ETH_ALEN]; 3545 int max_tries; 3546 3547 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3548 3549 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3550 max_tries = max_nullfunc_tries; 3551 else 3552 max_tries = max_probe_tries; 3553 3554 /* ACK received for nullfunc probing frame */ 3555 if (!ifmgd->probe_send_count) 3556 ieee80211_reset_ap_probe(sdata); 3557 else if (ifmgd->nullfunc_failed) { 3558 if (ifmgd->probe_send_count < max_tries) { 3559 mlme_dbg(sdata, 3560 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3561 bssid, ifmgd->probe_send_count, 3562 max_tries); 3563 ieee80211_mgd_probe_ap_send(sdata); 3564 } else { 3565 mlme_dbg(sdata, 3566 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3567 bssid); 3568 ieee80211_sta_connection_lost(sdata, bssid, 3569 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3570 false); 3571 } 3572 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3573 run_again(sdata, ifmgd->probe_timeout); 3574 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3575 mlme_dbg(sdata, 3576 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3577 bssid, probe_wait_ms); 3578 ieee80211_sta_connection_lost(sdata, bssid, 3579 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3580 } else if (ifmgd->probe_send_count < max_tries) { 3581 mlme_dbg(sdata, 3582 "No probe response from AP %pM after %dms, try %d/%i\n", 3583 bssid, probe_wait_ms, 3584 ifmgd->probe_send_count, max_tries); 3585 ieee80211_mgd_probe_ap_send(sdata); 3586 } else { 3587 /* 3588 * We actually lost the connection ... or did we? 3589 * Let's make sure! 3590 */ 3591 wiphy_debug(local->hw.wiphy, 3592 "%s: No probe response from AP %pM" 3593 " after %dms, disconnecting.\n", 3594 sdata->name, 3595 bssid, probe_wait_ms); 3596 3597 ieee80211_sta_connection_lost(sdata, bssid, 3598 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3599 } 3600 } 3601 3602 sdata_unlock(sdata); 3603 } 3604 3605 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3606 { 3607 struct ieee80211_sub_if_data *sdata = 3608 (struct ieee80211_sub_if_data *) data; 3609 struct ieee80211_local *local = sdata->local; 3610 3611 if (local->quiescing) 3612 return; 3613 3614 sdata->u.mgd.connection_loss = false; 3615 ieee80211_queue_work(&sdata->local->hw, 3616 &sdata->u.mgd.beacon_connection_loss_work); 3617 } 3618 3619 static void ieee80211_sta_conn_mon_timer(unsigned long data) 3620 { 3621 struct ieee80211_sub_if_data *sdata = 3622 (struct ieee80211_sub_if_data *) data; 3623 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3624 struct ieee80211_local *local = sdata->local; 3625 3626 if (local->quiescing) 3627 return; 3628 3629 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3630 } 3631 3632 static void ieee80211_sta_monitor_work(struct work_struct *work) 3633 { 3634 struct ieee80211_sub_if_data *sdata = 3635 container_of(work, struct ieee80211_sub_if_data, 3636 u.mgd.monitor_work); 3637 3638 ieee80211_mgd_probe_ap(sdata, false); 3639 } 3640 3641 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3642 { 3643 u32 flags; 3644 3645 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3646 __ieee80211_stop_poll(sdata); 3647 3648 /* let's probe the connection once */ 3649 flags = sdata->local->hw.flags; 3650 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 3651 ieee80211_queue_work(&sdata->local->hw, 3652 &sdata->u.mgd.monitor_work); 3653 /* and do all the other regular work too */ 3654 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3655 } 3656 } 3657 3658 #ifdef CONFIG_PM 3659 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 3660 { 3661 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3662 3663 sdata_lock(sdata); 3664 if (!ifmgd->associated) { 3665 sdata_unlock(sdata); 3666 return; 3667 } 3668 3669 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 3670 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 3671 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 3672 ieee80211_sta_connection_lost(sdata, 3673 ifmgd->associated->bssid, 3674 WLAN_REASON_UNSPECIFIED, 3675 true); 3676 sdata_unlock(sdata); 3677 return; 3678 } 3679 sdata_unlock(sdata); 3680 } 3681 #endif 3682 3683 /* interface setup */ 3684 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3685 { 3686 struct ieee80211_if_managed *ifmgd; 3687 3688 ifmgd = &sdata->u.mgd; 3689 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3690 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3691 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3692 ieee80211_beacon_connection_loss_work); 3693 INIT_WORK(&ifmgd->csa_connection_drop_work, 3694 ieee80211_csa_connection_drop_work); 3695 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work); 3696 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3697 (unsigned long) sdata); 3698 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3699 (unsigned long) sdata); 3700 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3701 (unsigned long) sdata); 3702 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 3703 (unsigned long) sdata); 3704 3705 ifmgd->flags = 0; 3706 ifmgd->powersave = sdata->wdev.ps; 3707 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 3708 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 3709 ifmgd->p2p_noa_index = -1; 3710 3711 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 3712 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 3713 else 3714 ifmgd->req_smps = IEEE80211_SMPS_OFF; 3715 } 3716 3717 /* scan finished notification */ 3718 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 3719 { 3720 struct ieee80211_sub_if_data *sdata; 3721 3722 /* Restart STA timers */ 3723 rcu_read_lock(); 3724 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 3725 if (ieee80211_sdata_running(sdata)) 3726 ieee80211_restart_sta_timer(sdata); 3727 } 3728 rcu_read_unlock(); 3729 } 3730 3731 int ieee80211_max_network_latency(struct notifier_block *nb, 3732 unsigned long data, void *dummy) 3733 { 3734 s32 latency_usec = (s32) data; 3735 struct ieee80211_local *local = 3736 container_of(nb, struct ieee80211_local, 3737 network_latency_notifier); 3738 3739 mutex_lock(&local->iflist_mtx); 3740 ieee80211_recalc_ps(local, latency_usec); 3741 mutex_unlock(&local->iflist_mtx); 3742 3743 return 0; 3744 } 3745 3746 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 3747 struct cfg80211_bss *cbss) 3748 { 3749 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3750 const u8 *ht_cap_ie, *vht_cap_ie; 3751 const struct ieee80211_ht_cap *ht_cap; 3752 const struct ieee80211_vht_cap *vht_cap; 3753 u8 chains = 1; 3754 3755 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 3756 return chains; 3757 3758 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3759 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 3760 ht_cap = (void *)(ht_cap_ie + 2); 3761 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 3762 /* 3763 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 3764 * "Tx Unequal Modulation Supported" fields. 3765 */ 3766 } 3767 3768 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 3769 return chains; 3770 3771 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3772 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 3773 u8 nss; 3774 u16 tx_mcs_map; 3775 3776 vht_cap = (void *)(vht_cap_ie + 2); 3777 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 3778 for (nss = 8; nss > 0; nss--) { 3779 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 3780 IEEE80211_VHT_MCS_NOT_SUPPORTED) 3781 break; 3782 } 3783 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 3784 chains = max(chains, nss); 3785 } 3786 3787 return chains; 3788 } 3789 3790 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 3791 struct cfg80211_bss *cbss) 3792 { 3793 struct ieee80211_local *local = sdata->local; 3794 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3795 const struct ieee80211_ht_operation *ht_oper = NULL; 3796 const struct ieee80211_vht_operation *vht_oper = NULL; 3797 struct ieee80211_supported_band *sband; 3798 struct cfg80211_chan_def chandef; 3799 int ret; 3800 3801 sband = local->hw.wiphy->bands[cbss->channel->band]; 3802 3803 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 3804 IEEE80211_STA_DISABLE_80P80MHZ | 3805 IEEE80211_STA_DISABLE_160MHZ); 3806 3807 rcu_read_lock(); 3808 3809 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 3810 sband->ht_cap.ht_supported) { 3811 const u8 *ht_oper_ie, *ht_cap; 3812 3813 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 3814 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 3815 ht_oper = (void *)(ht_oper_ie + 2); 3816 3817 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3818 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) { 3819 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3820 ht_oper = NULL; 3821 } 3822 } 3823 3824 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 3825 sband->vht_cap.vht_supported) { 3826 const u8 *vht_oper_ie, *vht_cap; 3827 3828 vht_oper_ie = ieee80211_bss_get_ie(cbss, 3829 WLAN_EID_VHT_OPERATION); 3830 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 3831 vht_oper = (void *)(vht_oper_ie + 2); 3832 if (vht_oper && !ht_oper) { 3833 vht_oper = NULL; 3834 sdata_info(sdata, 3835 "AP advertised VHT without HT, disabling both\n"); 3836 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3837 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3838 } 3839 3840 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3841 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 3842 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3843 vht_oper = NULL; 3844 } 3845 } 3846 3847 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 3848 cbss->channel, 3849 ht_oper, vht_oper, 3850 &chandef, false); 3851 3852 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 3853 local->rx_chains); 3854 3855 rcu_read_unlock(); 3856 3857 /* will change later if needed */ 3858 sdata->smps_mode = IEEE80211_SMPS_OFF; 3859 3860 /* 3861 * If this fails (possibly due to channel context sharing 3862 * on incompatible channels, e.g. 80+80 and 160 sharing the 3863 * same control channel) try to use a smaller bandwidth. 3864 */ 3865 ret = ieee80211_vif_use_channel(sdata, &chandef, 3866 IEEE80211_CHANCTX_SHARED); 3867 3868 /* don't downgrade for 5 and 10 MHz channels, though. */ 3869 if (chandef.width == NL80211_CHAN_WIDTH_5 || 3870 chandef.width == NL80211_CHAN_WIDTH_10) 3871 return ret; 3872 3873 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 3874 ifmgd->flags |= chandef_downgrade(&chandef); 3875 ret = ieee80211_vif_use_channel(sdata, &chandef, 3876 IEEE80211_CHANCTX_SHARED); 3877 } 3878 return ret; 3879 } 3880 3881 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3882 struct cfg80211_bss *cbss, bool assoc) 3883 { 3884 struct ieee80211_local *local = sdata->local; 3885 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3886 struct ieee80211_bss *bss = (void *)cbss->priv; 3887 struct sta_info *new_sta = NULL; 3888 bool have_sta = false; 3889 int err; 3890 3891 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 3892 return -EINVAL; 3893 3894 if (assoc) { 3895 rcu_read_lock(); 3896 have_sta = sta_info_get(sdata, cbss->bssid); 3897 rcu_read_unlock(); 3898 } 3899 3900 if (!have_sta) { 3901 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 3902 if (!new_sta) 3903 return -ENOMEM; 3904 } 3905 3906 if (new_sta) { 3907 u32 rates = 0, basic_rates = 0; 3908 bool have_higher_than_11mbit; 3909 int min_rate = INT_MAX, min_rate_index = -1; 3910 struct ieee80211_supported_band *sband; 3911 const struct cfg80211_bss_ies *ies; 3912 3913 sband = local->hw.wiphy->bands[cbss->channel->band]; 3914 3915 err = ieee80211_prep_channel(sdata, cbss); 3916 if (err) { 3917 sta_info_free(local, new_sta); 3918 return err; 3919 } 3920 3921 ieee80211_get_rates(sband, bss->supp_rates, 3922 bss->supp_rates_len, 3923 &rates, &basic_rates, 3924 &have_higher_than_11mbit, 3925 &min_rate, &min_rate_index); 3926 3927 /* 3928 * This used to be a workaround for basic rates missing 3929 * in the association response frame. Now that we no 3930 * longer use the basic rates from there, it probably 3931 * doesn't happen any more, but keep the workaround so 3932 * in case some *other* APs are buggy in different ways 3933 * we can connect -- with a warning. 3934 */ 3935 if (!basic_rates && min_rate_index >= 0) { 3936 sdata_info(sdata, 3937 "No basic rates, using min rate instead\n"); 3938 basic_rates = BIT(min_rate_index); 3939 } 3940 3941 new_sta->sta.supp_rates[cbss->channel->band] = rates; 3942 sdata->vif.bss_conf.basic_rates = basic_rates; 3943 3944 /* cf. IEEE 802.11 9.2.12 */ 3945 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 3946 have_higher_than_11mbit) 3947 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 3948 else 3949 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 3950 3951 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3952 3953 /* set timing information */ 3954 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 3955 rcu_read_lock(); 3956 ies = rcu_dereference(cbss->beacon_ies); 3957 if (ies) { 3958 const u8 *tim_ie; 3959 3960 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3961 sdata->vif.bss_conf.sync_device_ts = 3962 bss->device_ts_beacon; 3963 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 3964 ies->data, ies->len); 3965 if (tim_ie && tim_ie[1] >= 2) 3966 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 3967 else 3968 sdata->vif.bss_conf.sync_dtim_count = 0; 3969 } else if (!(local->hw.flags & 3970 IEEE80211_HW_TIMING_BEACON_ONLY)) { 3971 ies = rcu_dereference(cbss->proberesp_ies); 3972 /* must be non-NULL since beacon IEs were NULL */ 3973 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3974 sdata->vif.bss_conf.sync_device_ts = 3975 bss->device_ts_presp; 3976 sdata->vif.bss_conf.sync_dtim_count = 0; 3977 } else { 3978 sdata->vif.bss_conf.sync_tsf = 0; 3979 sdata->vif.bss_conf.sync_device_ts = 0; 3980 sdata->vif.bss_conf.sync_dtim_count = 0; 3981 } 3982 rcu_read_unlock(); 3983 3984 /* tell driver about BSSID, basic rates and timing */ 3985 ieee80211_bss_info_change_notify(sdata, 3986 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 3987 BSS_CHANGED_BEACON_INT); 3988 3989 if (assoc) 3990 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 3991 3992 err = sta_info_insert(new_sta); 3993 new_sta = NULL; 3994 if (err) { 3995 sdata_info(sdata, 3996 "failed to insert STA entry for the AP (error %d)\n", 3997 err); 3998 return err; 3999 } 4000 } else 4001 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 4002 4003 return 0; 4004 } 4005 4006 /* config hooks */ 4007 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 4008 struct cfg80211_auth_request *req) 4009 { 4010 struct ieee80211_local *local = sdata->local; 4011 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4012 struct ieee80211_mgd_auth_data *auth_data; 4013 u16 auth_alg; 4014 int err; 4015 4016 /* prepare auth data structure */ 4017 4018 switch (req->auth_type) { 4019 case NL80211_AUTHTYPE_OPEN_SYSTEM: 4020 auth_alg = WLAN_AUTH_OPEN; 4021 break; 4022 case NL80211_AUTHTYPE_SHARED_KEY: 4023 if (IS_ERR(local->wep_tx_tfm)) 4024 return -EOPNOTSUPP; 4025 auth_alg = WLAN_AUTH_SHARED_KEY; 4026 break; 4027 case NL80211_AUTHTYPE_FT: 4028 auth_alg = WLAN_AUTH_FT; 4029 break; 4030 case NL80211_AUTHTYPE_NETWORK_EAP: 4031 auth_alg = WLAN_AUTH_LEAP; 4032 break; 4033 case NL80211_AUTHTYPE_SAE: 4034 auth_alg = WLAN_AUTH_SAE; 4035 break; 4036 default: 4037 return -EOPNOTSUPP; 4038 } 4039 4040 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 4041 req->ie_len, GFP_KERNEL); 4042 if (!auth_data) 4043 return -ENOMEM; 4044 4045 auth_data->bss = req->bss; 4046 4047 if (req->sae_data_len >= 4) { 4048 __le16 *pos = (__le16 *) req->sae_data; 4049 auth_data->sae_trans = le16_to_cpu(pos[0]); 4050 auth_data->sae_status = le16_to_cpu(pos[1]); 4051 memcpy(auth_data->data, req->sae_data + 4, 4052 req->sae_data_len - 4); 4053 auth_data->data_len += req->sae_data_len - 4; 4054 } 4055 4056 if (req->ie && req->ie_len) { 4057 memcpy(&auth_data->data[auth_data->data_len], 4058 req->ie, req->ie_len); 4059 auth_data->data_len += req->ie_len; 4060 } 4061 4062 if (req->key && req->key_len) { 4063 auth_data->key_len = req->key_len; 4064 auth_data->key_idx = req->key_idx; 4065 memcpy(auth_data->key, req->key, req->key_len); 4066 } 4067 4068 auth_data->algorithm = auth_alg; 4069 4070 /* try to authenticate/probe */ 4071 4072 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 4073 ifmgd->assoc_data) { 4074 err = -EBUSY; 4075 goto err_free; 4076 } 4077 4078 if (ifmgd->auth_data) 4079 ieee80211_destroy_auth_data(sdata, false); 4080 4081 /* prep auth_data so we don't go into idle on disassoc */ 4082 ifmgd->auth_data = auth_data; 4083 4084 if (ifmgd->associated) { 4085 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4086 4087 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4088 WLAN_REASON_UNSPECIFIED, 4089 false, frame_buf); 4090 4091 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4092 sizeof(frame_buf)); 4093 } 4094 4095 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 4096 4097 err = ieee80211_prep_connection(sdata, req->bss, false); 4098 if (err) 4099 goto err_clear; 4100 4101 err = ieee80211_probe_auth(sdata); 4102 if (err) { 4103 sta_info_destroy_addr(sdata, req->bss->bssid); 4104 goto err_clear; 4105 } 4106 4107 /* hold our own reference */ 4108 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 4109 return 0; 4110 4111 err_clear: 4112 memset(ifmgd->bssid, 0, ETH_ALEN); 4113 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4114 ifmgd->auth_data = NULL; 4115 err_free: 4116 kfree(auth_data); 4117 return err; 4118 } 4119 4120 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 4121 struct cfg80211_assoc_request *req) 4122 { 4123 struct ieee80211_local *local = sdata->local; 4124 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4125 struct ieee80211_bss *bss = (void *)req->bss->priv; 4126 struct ieee80211_mgd_assoc_data *assoc_data; 4127 const struct cfg80211_bss_ies *beacon_ies; 4128 struct ieee80211_supported_band *sband; 4129 const u8 *ssidie, *ht_ie, *vht_ie; 4130 int i, err; 4131 4132 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 4133 if (!assoc_data) 4134 return -ENOMEM; 4135 4136 rcu_read_lock(); 4137 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 4138 if (!ssidie) { 4139 rcu_read_unlock(); 4140 kfree(assoc_data); 4141 return -EINVAL; 4142 } 4143 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4144 assoc_data->ssid_len = ssidie[1]; 4145 rcu_read_unlock(); 4146 4147 if (ifmgd->associated) { 4148 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4149 4150 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4151 WLAN_REASON_UNSPECIFIED, 4152 false, frame_buf); 4153 4154 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4155 sizeof(frame_buf)); 4156 } 4157 4158 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4159 err = -EBUSY; 4160 goto err_free; 4161 } 4162 4163 if (ifmgd->assoc_data) { 4164 err = -EBUSY; 4165 goto err_free; 4166 } 4167 4168 if (ifmgd->auth_data) { 4169 bool match; 4170 4171 /* keep sta info, bssid if matching */ 4172 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4173 ieee80211_destroy_auth_data(sdata, match); 4174 } 4175 4176 /* prepare assoc data */ 4177 4178 ifmgd->beacon_crc_valid = false; 4179 4180 /* 4181 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4182 * We still associate in non-HT mode (11a/b/g) if any one of these 4183 * ciphers is configured as pairwise. 4184 * We can set this to true for non-11n hardware, that'll be checked 4185 * separately along with the peer capabilities. 4186 */ 4187 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4188 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4189 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4190 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4191 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4192 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4193 netdev_info(sdata->dev, 4194 "disabling HT/VHT due to WEP/TKIP use\n"); 4195 } 4196 } 4197 4198 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4199 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4200 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4201 } 4202 4203 if (req->flags & ASSOC_REQ_DISABLE_VHT) 4204 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4205 4206 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4207 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4208 if (!sband->ht_cap.ht_supported || 4209 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4210 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4211 if (!bss->wmm_used) 4212 netdev_info(sdata->dev, 4213 "disabling HT as WMM/QoS is not supported by the AP\n"); 4214 } 4215 4216 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4217 if (!sband->vht_cap.vht_supported || 4218 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4219 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4220 if (!bss->wmm_used) 4221 netdev_info(sdata->dev, 4222 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4223 } 4224 4225 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4226 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4227 sizeof(ifmgd->ht_capa_mask)); 4228 4229 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4230 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4231 sizeof(ifmgd->vht_capa_mask)); 4232 4233 if (req->ie && req->ie_len) { 4234 memcpy(assoc_data->ie, req->ie, req->ie_len); 4235 assoc_data->ie_len = req->ie_len; 4236 } 4237 4238 assoc_data->bss = req->bss; 4239 4240 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4241 if (ifmgd->powersave) 4242 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4243 else 4244 sdata->smps_mode = IEEE80211_SMPS_OFF; 4245 } else 4246 sdata->smps_mode = ifmgd->req_smps; 4247 4248 assoc_data->capability = req->bss->capability; 4249 assoc_data->wmm = bss->wmm_used && 4250 (local->hw.queues >= IEEE80211_NUM_ACS); 4251 assoc_data->supp_rates = bss->supp_rates; 4252 assoc_data->supp_rates_len = bss->supp_rates_len; 4253 4254 rcu_read_lock(); 4255 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4256 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4257 assoc_data->ap_ht_param = 4258 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4259 else 4260 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4261 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4262 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4263 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4264 sizeof(struct ieee80211_vht_cap)); 4265 else 4266 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4267 rcu_read_unlock(); 4268 4269 if (bss->wmm_used && bss->uapsd_supported && 4270 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) && 4271 sdata->wmm_acm != 0xff) { 4272 assoc_data->uapsd = true; 4273 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4274 } else { 4275 assoc_data->uapsd = false; 4276 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4277 } 4278 4279 if (req->prev_bssid) 4280 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4281 4282 if (req->use_mfp) { 4283 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4284 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4285 } else { 4286 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4287 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4288 } 4289 4290 if (req->crypto.control_port) 4291 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4292 else 4293 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4294 4295 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4296 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4297 4298 /* kick off associate process */ 4299 4300 ifmgd->assoc_data = assoc_data; 4301 ifmgd->dtim_period = 0; 4302 ifmgd->have_beacon = false; 4303 4304 err = ieee80211_prep_connection(sdata, req->bss, true); 4305 if (err) 4306 goto err_clear; 4307 4308 rcu_read_lock(); 4309 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4310 4311 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4312 !beacon_ies) { 4313 /* 4314 * Wait up to one beacon interval ... 4315 * should this be more if we miss one? 4316 */ 4317 sdata_info(sdata, "waiting for beacon from %pM\n", 4318 ifmgd->bssid); 4319 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4320 assoc_data->timeout_started = true; 4321 assoc_data->need_beacon = true; 4322 } else if (beacon_ies) { 4323 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4324 beacon_ies->data, 4325 beacon_ies->len); 4326 u8 dtim_count = 0; 4327 4328 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4329 const struct ieee80211_tim_ie *tim; 4330 tim = (void *)(tim_ie + 2); 4331 ifmgd->dtim_period = tim->dtim_period; 4332 dtim_count = tim->dtim_count; 4333 } 4334 ifmgd->have_beacon = true; 4335 assoc_data->timeout = jiffies; 4336 assoc_data->timeout_started = true; 4337 4338 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4339 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4340 sdata->vif.bss_conf.sync_device_ts = 4341 bss->device_ts_beacon; 4342 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4343 } 4344 } else { 4345 assoc_data->timeout = jiffies; 4346 assoc_data->timeout_started = true; 4347 } 4348 rcu_read_unlock(); 4349 4350 run_again(sdata, assoc_data->timeout); 4351 4352 if (bss->corrupt_data) { 4353 char *corrupt_type = "data"; 4354 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4355 if (bss->corrupt_data & 4356 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4357 corrupt_type = "beacon and probe response"; 4358 else 4359 corrupt_type = "beacon"; 4360 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4361 corrupt_type = "probe response"; 4362 sdata_info(sdata, "associating with AP with corrupt %s\n", 4363 corrupt_type); 4364 } 4365 4366 return 0; 4367 err_clear: 4368 memset(ifmgd->bssid, 0, ETH_ALEN); 4369 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4370 ifmgd->assoc_data = NULL; 4371 err_free: 4372 kfree(assoc_data); 4373 return err; 4374 } 4375 4376 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4377 struct cfg80211_deauth_request *req) 4378 { 4379 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4380 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4381 bool tx = !req->local_state_change; 4382 bool report_frame = false; 4383 4384 sdata_info(sdata, 4385 "deauthenticating from %pM by local choice (reason=%d)\n", 4386 req->bssid, req->reason_code); 4387 4388 if (ifmgd->auth_data) { 4389 drv_mgd_prepare_tx(sdata->local, sdata); 4390 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4391 IEEE80211_STYPE_DEAUTH, 4392 req->reason_code, tx, 4393 frame_buf); 4394 ieee80211_destroy_auth_data(sdata, false); 4395 4396 report_frame = true; 4397 goto out; 4398 } 4399 4400 if (ifmgd->associated && 4401 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4402 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4403 req->reason_code, tx, frame_buf); 4404 report_frame = true; 4405 } 4406 4407 out: 4408 if (report_frame) 4409 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4410 IEEE80211_DEAUTH_FRAME_LEN); 4411 4412 return 0; 4413 } 4414 4415 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4416 struct cfg80211_disassoc_request *req) 4417 { 4418 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4419 u8 bssid[ETH_ALEN]; 4420 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4421 4422 /* 4423 * cfg80211 should catch this ... but it's racy since 4424 * we can receive a disassoc frame, process it, hand it 4425 * to cfg80211 while that's in a locked section already 4426 * trying to tell us that the user wants to disconnect. 4427 */ 4428 if (ifmgd->associated != req->bss) 4429 return -ENOLINK; 4430 4431 sdata_info(sdata, 4432 "disassociating from %pM by local choice (reason=%d)\n", 4433 req->bss->bssid, req->reason_code); 4434 4435 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4436 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4437 req->reason_code, !req->local_state_change, 4438 frame_buf); 4439 4440 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4441 IEEE80211_DEAUTH_FRAME_LEN); 4442 4443 return 0; 4444 } 4445 4446 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4447 { 4448 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4449 4450 /* 4451 * Make sure some work items will not run after this, 4452 * they will not do anything but might not have been 4453 * cancelled when disconnecting. 4454 */ 4455 cancel_work_sync(&ifmgd->monitor_work); 4456 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4457 cancel_work_sync(&ifmgd->request_smps_work); 4458 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4459 cancel_work_sync(&ifmgd->chswitch_work); 4460 4461 sdata_lock(sdata); 4462 if (ifmgd->assoc_data) { 4463 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 4464 ieee80211_destroy_assoc_data(sdata, false); 4465 cfg80211_assoc_timeout(sdata->dev, bss); 4466 } 4467 if (ifmgd->auth_data) 4468 ieee80211_destroy_auth_data(sdata, false); 4469 del_timer_sync(&ifmgd->timer); 4470 sdata_unlock(sdata); 4471 } 4472 4473 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 4474 enum nl80211_cqm_rssi_threshold_event rssi_event, 4475 gfp_t gfp) 4476 { 4477 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4478 4479 trace_api_cqm_rssi_notify(sdata, rssi_event); 4480 4481 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4482 } 4483 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4484