1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/pm_qos.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 35 #define IEEE80211_AUTH_MAX_TRIES 3 36 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 37 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 38 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 39 #define IEEE80211_ASSOC_MAX_TRIES 3 40 41 static int max_nullfunc_tries = 2; 42 module_param(max_nullfunc_tries, int, 0644); 43 MODULE_PARM_DESC(max_nullfunc_tries, 44 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 45 46 static int max_probe_tries = 5; 47 module_param(max_probe_tries, int, 0644); 48 MODULE_PARM_DESC(max_probe_tries, 49 "Maximum probe tries before disconnecting (reason 4)."); 50 51 /* 52 * Beacon loss timeout is calculated as N frames times the 53 * advertised beacon interval. This may need to be somewhat 54 * higher than what hardware might detect to account for 55 * delays in the host processing frames. But since we also 56 * probe on beacon miss before declaring the connection lost 57 * default to what we want. 58 */ 59 static int beacon_loss_count = 7; 60 module_param(beacon_loss_count, int, 0644); 61 MODULE_PARM_DESC(beacon_loss_count, 62 "Number of beacon intervals before we decide beacon was lost."); 63 64 /* 65 * Time the connection can be idle before we probe 66 * it to see if we can still talk to the AP. 67 */ 68 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 69 /* 70 * Time we wait for a probe response after sending 71 * a probe request because of beacon loss or for 72 * checking the connection still works. 73 */ 74 static int probe_wait_ms = 500; 75 module_param(probe_wait_ms, int, 0644); 76 MODULE_PARM_DESC(probe_wait_ms, 77 "Maximum time(ms) to wait for probe response" 78 " before disconnecting (reason 4)."); 79 80 /* 81 * Weight given to the latest Beacon frame when calculating average signal 82 * strength for Beacon frames received in the current BSS. This must be 83 * between 1 and 15. 84 */ 85 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 86 87 /* 88 * How many Beacon frames need to have been used in average signal strength 89 * before starting to indicate signal change events. 90 */ 91 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 92 93 /* 94 * All cfg80211 functions have to be called outside a locked 95 * section so that they can acquire a lock themselves... This 96 * is much simpler than queuing up things in cfg80211, but we 97 * do need some indirection for that here. 98 */ 99 enum rx_mgmt_action { 100 /* no action required */ 101 RX_MGMT_NONE, 102 103 /* caller must call cfg80211_send_deauth() */ 104 RX_MGMT_CFG80211_DEAUTH, 105 106 /* caller must call cfg80211_send_disassoc() */ 107 RX_MGMT_CFG80211_DISASSOC, 108 109 /* caller must call cfg80211_send_rx_auth() */ 110 RX_MGMT_CFG80211_RX_AUTH, 111 112 /* caller must call cfg80211_send_rx_assoc() */ 113 RX_MGMT_CFG80211_RX_ASSOC, 114 115 /* caller must call cfg80211_send_assoc_timeout() */ 116 RX_MGMT_CFG80211_ASSOC_TIMEOUT, 117 118 /* used when a processed beacon causes a deauth */ 119 RX_MGMT_CFG80211_TX_DEAUTH, 120 }; 121 122 /* utils */ 123 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd) 124 { 125 lockdep_assert_held(&ifmgd->mtx); 126 } 127 128 /* 129 * We can have multiple work items (and connection probing) 130 * scheduling this timer, but we need to take care to only 131 * reschedule it when it should fire _earlier_ than it was 132 * asked for before, or if it's not pending right now. This 133 * function ensures that. Note that it then is required to 134 * run this function for all timeouts after the first one 135 * has happened -- the work that runs from this timer will 136 * do that. 137 */ 138 static void run_again(struct ieee80211_if_managed *ifmgd, unsigned long timeout) 139 { 140 ASSERT_MGD_MTX(ifmgd); 141 142 if (!timer_pending(&ifmgd->timer) || 143 time_before(timeout, ifmgd->timer.expires)) 144 mod_timer(&ifmgd->timer, timeout); 145 } 146 147 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 148 { 149 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 150 return; 151 152 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 153 return; 154 155 mod_timer(&sdata->u.mgd.bcn_mon_timer, 156 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 157 } 158 159 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 160 { 161 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 162 163 if (unlikely(!sdata->u.mgd.associated)) 164 return; 165 166 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 167 return; 168 169 mod_timer(&sdata->u.mgd.conn_mon_timer, 170 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 171 172 ifmgd->probe_send_count = 0; 173 } 174 175 static int ecw2cw(int ecw) 176 { 177 return (1 << ecw) - 1; 178 } 179 180 static u32 chandef_downgrade(struct cfg80211_chan_def *c) 181 { 182 u32 ret; 183 int tmp; 184 185 switch (c->width) { 186 case NL80211_CHAN_WIDTH_20: 187 c->width = NL80211_CHAN_WIDTH_20_NOHT; 188 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 189 break; 190 case NL80211_CHAN_WIDTH_40: 191 c->width = NL80211_CHAN_WIDTH_20; 192 c->center_freq1 = c->chan->center_freq; 193 ret = IEEE80211_STA_DISABLE_40MHZ | 194 IEEE80211_STA_DISABLE_VHT; 195 break; 196 case NL80211_CHAN_WIDTH_80: 197 tmp = (30 + c->chan->center_freq - c->center_freq1)/20; 198 /* n_P40 */ 199 tmp /= 2; 200 /* freq_P40 */ 201 c->center_freq1 = c->center_freq1 - 20 + 40 * tmp; 202 c->width = NL80211_CHAN_WIDTH_40; 203 ret = IEEE80211_STA_DISABLE_VHT; 204 break; 205 case NL80211_CHAN_WIDTH_80P80: 206 c->center_freq2 = 0; 207 c->width = NL80211_CHAN_WIDTH_80; 208 ret = IEEE80211_STA_DISABLE_80P80MHZ | 209 IEEE80211_STA_DISABLE_160MHZ; 210 break; 211 case NL80211_CHAN_WIDTH_160: 212 /* n_P20 */ 213 tmp = (70 + c->chan->center_freq - c->center_freq1)/20; 214 /* n_P80 */ 215 tmp /= 4; 216 c->center_freq1 = c->center_freq1 - 40 + 80 * tmp; 217 c->width = NL80211_CHAN_WIDTH_80; 218 ret = IEEE80211_STA_DISABLE_80P80MHZ | 219 IEEE80211_STA_DISABLE_160MHZ; 220 break; 221 default: 222 case NL80211_CHAN_WIDTH_20_NOHT: 223 WARN_ON_ONCE(1); 224 c->width = NL80211_CHAN_WIDTH_20_NOHT; 225 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 226 break; 227 } 228 229 WARN_ON_ONCE(!cfg80211_chandef_valid(c)); 230 231 return ret; 232 } 233 234 static u32 235 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 236 struct ieee80211_supported_band *sband, 237 struct ieee80211_channel *channel, 238 const struct ieee80211_ht_operation *ht_oper, 239 const struct ieee80211_vht_operation *vht_oper, 240 struct cfg80211_chan_def *chandef, bool verbose) 241 { 242 struct cfg80211_chan_def vht_chandef; 243 u32 ht_cfreq, ret; 244 245 chandef->chan = channel; 246 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 247 chandef->center_freq1 = channel->center_freq; 248 chandef->center_freq2 = 0; 249 250 if (!ht_oper || !sband->ht_cap.ht_supported) { 251 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 252 goto out; 253 } 254 255 chandef->width = NL80211_CHAN_WIDTH_20; 256 257 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 258 channel->band); 259 /* check that channel matches the right operating channel */ 260 if (channel->center_freq != ht_cfreq) { 261 /* 262 * It's possible that some APs are confused here; 263 * Netgear WNDR3700 sometimes reports 4 higher than 264 * the actual channel in association responses, but 265 * since we look at probe response/beacon data here 266 * it should be OK. 267 */ 268 if (verbose) 269 sdata_info(sdata, 270 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 271 channel->center_freq, ht_cfreq, 272 ht_oper->primary_chan, channel->band); 273 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 274 goto out; 275 } 276 277 /* check 40 MHz support, if we have it */ 278 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 279 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 280 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 281 chandef->width = NL80211_CHAN_WIDTH_40; 282 chandef->center_freq1 += 10; 283 break; 284 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 285 chandef->width = NL80211_CHAN_WIDTH_40; 286 chandef->center_freq1 -= 10; 287 break; 288 } 289 } else { 290 /* 40 MHz (and 80 MHz) must be supported for VHT */ 291 ret = IEEE80211_STA_DISABLE_VHT; 292 /* also mark 40 MHz disabled */ 293 ret |= IEEE80211_STA_DISABLE_40MHZ; 294 goto out; 295 } 296 297 if (!vht_oper || !sband->vht_cap.vht_supported) { 298 ret = IEEE80211_STA_DISABLE_VHT; 299 goto out; 300 } 301 302 vht_chandef.chan = channel; 303 vht_chandef.center_freq1 = 304 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 305 channel->band); 306 vht_chandef.center_freq2 = 0; 307 308 switch (vht_oper->chan_width) { 309 case IEEE80211_VHT_CHANWIDTH_USE_HT: 310 vht_chandef.width = chandef->width; 311 break; 312 case IEEE80211_VHT_CHANWIDTH_80MHZ: 313 vht_chandef.width = NL80211_CHAN_WIDTH_80; 314 break; 315 case IEEE80211_VHT_CHANWIDTH_160MHZ: 316 vht_chandef.width = NL80211_CHAN_WIDTH_160; 317 break; 318 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 319 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 320 vht_chandef.center_freq2 = 321 ieee80211_channel_to_frequency( 322 vht_oper->center_freq_seg2_idx, 323 channel->band); 324 break; 325 default: 326 if (verbose) 327 sdata_info(sdata, 328 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 329 vht_oper->chan_width); 330 ret = IEEE80211_STA_DISABLE_VHT; 331 goto out; 332 } 333 334 if (!cfg80211_chandef_valid(&vht_chandef)) { 335 if (verbose) 336 sdata_info(sdata, 337 "AP VHT information is invalid, disable VHT\n"); 338 ret = IEEE80211_STA_DISABLE_VHT; 339 goto out; 340 } 341 342 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 343 ret = 0; 344 goto out; 345 } 346 347 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 348 if (verbose) 349 sdata_info(sdata, 350 "AP VHT information doesn't match HT, disable VHT\n"); 351 ret = IEEE80211_STA_DISABLE_VHT; 352 goto out; 353 } 354 355 *chandef = vht_chandef; 356 357 ret = 0; 358 359 out: 360 /* don't print the message below for VHT mismatch if VHT is disabled */ 361 if (ret & IEEE80211_STA_DISABLE_VHT) 362 vht_chandef = *chandef; 363 364 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 365 IEEE80211_CHAN_DISABLED)) { 366 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 367 ret = IEEE80211_STA_DISABLE_HT | 368 IEEE80211_STA_DISABLE_VHT; 369 goto out; 370 } 371 372 ret |= chandef_downgrade(chandef); 373 } 374 375 if (chandef->width != vht_chandef.width && verbose) 376 sdata_info(sdata, 377 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 378 379 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 380 return ret; 381 } 382 383 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 384 struct sta_info *sta, 385 const struct ieee80211_ht_operation *ht_oper, 386 const struct ieee80211_vht_operation *vht_oper, 387 const u8 *bssid, u32 *changed) 388 { 389 struct ieee80211_local *local = sdata->local; 390 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 391 struct ieee80211_supported_band *sband; 392 struct ieee80211_channel *chan; 393 struct cfg80211_chan_def chandef; 394 u16 ht_opmode; 395 u32 flags; 396 enum ieee80211_sta_rx_bandwidth new_sta_bw; 397 int ret; 398 399 /* if HT was/is disabled, don't track any bandwidth changes */ 400 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 401 return 0; 402 403 /* don't check VHT if we associated as non-VHT station */ 404 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 405 vht_oper = NULL; 406 407 if (WARN_ON_ONCE(!sta)) 408 return -EINVAL; 409 410 chan = sdata->vif.bss_conf.chandef.chan; 411 sband = local->hw.wiphy->bands[chan->band]; 412 413 /* calculate new channel (type) based on HT/VHT operation IEs */ 414 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, 415 vht_oper, &chandef, false); 416 417 /* 418 * Downgrade the new channel if we associated with restricted 419 * capabilities. For example, if we associated as a 20 MHz STA 420 * to a 40 MHz AP (due to regulatory, capabilities or config 421 * reasons) then switching to a 40 MHz channel now won't do us 422 * any good -- we couldn't use it with the AP. 423 */ 424 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 425 chandef.width == NL80211_CHAN_WIDTH_80P80) 426 flags |= chandef_downgrade(&chandef); 427 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 428 chandef.width == NL80211_CHAN_WIDTH_160) 429 flags |= chandef_downgrade(&chandef); 430 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 431 chandef.width > NL80211_CHAN_WIDTH_20) 432 flags |= chandef_downgrade(&chandef); 433 434 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 435 return 0; 436 437 sdata_info(sdata, 438 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 439 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 440 chandef.center_freq1, chandef.center_freq2); 441 442 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 443 IEEE80211_STA_DISABLE_VHT | 444 IEEE80211_STA_DISABLE_40MHZ | 445 IEEE80211_STA_DISABLE_80P80MHZ | 446 IEEE80211_STA_DISABLE_160MHZ)) || 447 !cfg80211_chandef_valid(&chandef)) { 448 sdata_info(sdata, 449 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 450 ifmgd->bssid); 451 return -EINVAL; 452 } 453 454 switch (chandef.width) { 455 case NL80211_CHAN_WIDTH_20_NOHT: 456 case NL80211_CHAN_WIDTH_20: 457 new_sta_bw = IEEE80211_STA_RX_BW_20; 458 break; 459 case NL80211_CHAN_WIDTH_40: 460 new_sta_bw = IEEE80211_STA_RX_BW_40; 461 break; 462 case NL80211_CHAN_WIDTH_80: 463 new_sta_bw = IEEE80211_STA_RX_BW_80; 464 break; 465 case NL80211_CHAN_WIDTH_80P80: 466 case NL80211_CHAN_WIDTH_160: 467 new_sta_bw = IEEE80211_STA_RX_BW_160; 468 break; 469 default: 470 return -EINVAL; 471 } 472 473 if (new_sta_bw > sta->cur_max_bandwidth) 474 new_sta_bw = sta->cur_max_bandwidth; 475 476 if (new_sta_bw < sta->sta.bandwidth) { 477 sta->sta.bandwidth = new_sta_bw; 478 rate_control_rate_update(local, sband, sta, 479 IEEE80211_RC_BW_CHANGED); 480 } 481 482 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 483 if (ret) { 484 sdata_info(sdata, 485 "AP %pM changed bandwidth to incompatible one - disconnect\n", 486 ifmgd->bssid); 487 return ret; 488 } 489 490 if (new_sta_bw > sta->sta.bandwidth) { 491 sta->sta.bandwidth = new_sta_bw; 492 rate_control_rate_update(local, sband, sta, 493 IEEE80211_RC_BW_CHANGED); 494 } 495 496 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 497 498 /* if bss configuration changed store the new one */ 499 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 500 *changed |= BSS_CHANGED_HT; 501 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 502 } 503 504 return 0; 505 } 506 507 /* frame sending functions */ 508 509 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 510 struct ieee80211_supported_band *sband, 511 u32 *rates) 512 { 513 int i, j, count; 514 *rates = 0; 515 count = 0; 516 for (i = 0; i < supp_rates_len; i++) { 517 int rate = (supp_rates[i] & 0x7F) * 5; 518 519 for (j = 0; j < sband->n_bitrates; j++) 520 if (sband->bitrates[j].bitrate == rate) { 521 *rates |= BIT(j); 522 count++; 523 break; 524 } 525 } 526 527 return count; 528 } 529 530 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 531 struct sk_buff *skb, u8 ap_ht_param, 532 struct ieee80211_supported_band *sband, 533 struct ieee80211_channel *channel, 534 enum ieee80211_smps_mode smps) 535 { 536 u8 *pos; 537 u32 flags = channel->flags; 538 u16 cap; 539 struct ieee80211_sta_ht_cap ht_cap; 540 541 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 542 543 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 544 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 545 546 /* determine capability flags */ 547 cap = ht_cap.cap; 548 549 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 550 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 551 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 552 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 553 cap &= ~IEEE80211_HT_CAP_SGI_40; 554 } 555 break; 556 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 557 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 558 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 559 cap &= ~IEEE80211_HT_CAP_SGI_40; 560 } 561 break; 562 } 563 564 /* 565 * If 40 MHz was disabled associate as though we weren't 566 * capable of 40 MHz -- some broken APs will never fall 567 * back to trying to transmit in 20 MHz. 568 */ 569 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 570 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 571 cap &= ~IEEE80211_HT_CAP_SGI_40; 572 } 573 574 /* set SM PS mode properly */ 575 cap &= ~IEEE80211_HT_CAP_SM_PS; 576 switch (smps) { 577 case IEEE80211_SMPS_AUTOMATIC: 578 case IEEE80211_SMPS_NUM_MODES: 579 WARN_ON(1); 580 case IEEE80211_SMPS_OFF: 581 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 582 IEEE80211_HT_CAP_SM_PS_SHIFT; 583 break; 584 case IEEE80211_SMPS_STATIC: 585 cap |= WLAN_HT_CAP_SM_PS_STATIC << 586 IEEE80211_HT_CAP_SM_PS_SHIFT; 587 break; 588 case IEEE80211_SMPS_DYNAMIC: 589 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 590 IEEE80211_HT_CAP_SM_PS_SHIFT; 591 break; 592 } 593 594 /* reserve and fill IE */ 595 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 596 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 597 } 598 599 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 600 struct sk_buff *skb, 601 struct ieee80211_supported_band *sband, 602 struct ieee80211_vht_cap *ap_vht_cap) 603 { 604 u8 *pos; 605 u32 cap; 606 struct ieee80211_sta_vht_cap vht_cap; 607 608 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 609 610 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 611 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 612 613 /* determine capability flags */ 614 cap = vht_cap.cap; 615 616 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 617 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; 618 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 619 } 620 621 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 622 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 623 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 624 } 625 626 /* 627 * Some APs apparently get confused if our capabilities are better 628 * than theirs, so restrict what we advertise in the assoc request. 629 */ 630 if (!(ap_vht_cap->vht_cap_info & 631 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 632 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 633 634 /* reserve and fill IE */ 635 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 636 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 637 } 638 639 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 640 { 641 struct ieee80211_local *local = sdata->local; 642 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 643 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 644 struct sk_buff *skb; 645 struct ieee80211_mgmt *mgmt; 646 u8 *pos, qos_info; 647 size_t offset = 0, noffset; 648 int i, count, rates_len, supp_rates_len; 649 u16 capab; 650 struct ieee80211_supported_band *sband; 651 struct ieee80211_chanctx_conf *chanctx_conf; 652 struct ieee80211_channel *chan; 653 u32 rates = 0; 654 655 lockdep_assert_held(&ifmgd->mtx); 656 657 rcu_read_lock(); 658 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 659 if (WARN_ON(!chanctx_conf)) { 660 rcu_read_unlock(); 661 return; 662 } 663 chan = chanctx_conf->def.chan; 664 rcu_read_unlock(); 665 sband = local->hw.wiphy->bands[chan->band]; 666 667 if (assoc_data->supp_rates_len) { 668 /* 669 * Get all rates supported by the device and the AP as 670 * some APs don't like getting a superset of their rates 671 * in the association request (e.g. D-Link DAP 1353 in 672 * b-only mode)... 673 */ 674 rates_len = ieee80211_compatible_rates(assoc_data->supp_rates, 675 assoc_data->supp_rates_len, 676 sband, &rates); 677 } else { 678 /* 679 * In case AP not provide any supported rates information 680 * before association, we send information element(s) with 681 * all rates that we support. 682 */ 683 rates = ~0; 684 rates_len = sband->n_bitrates; 685 } 686 687 skb = alloc_skb(local->hw.extra_tx_headroom + 688 sizeof(*mgmt) + /* bit too much but doesn't matter */ 689 2 + assoc_data->ssid_len + /* SSID */ 690 4 + rates_len + /* (extended) rates */ 691 4 + /* power capability */ 692 2 + 2 * sband->n_channels + /* supported channels */ 693 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 694 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 695 assoc_data->ie_len + /* extra IEs */ 696 9, /* WMM */ 697 GFP_KERNEL); 698 if (!skb) 699 return; 700 701 skb_reserve(skb, local->hw.extra_tx_headroom); 702 703 capab = WLAN_CAPABILITY_ESS; 704 705 if (sband->band == IEEE80211_BAND_2GHZ) { 706 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 707 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 708 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 709 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 710 } 711 712 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 713 capab |= WLAN_CAPABILITY_PRIVACY; 714 715 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 716 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 717 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 718 719 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 720 memset(mgmt, 0, 24); 721 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 722 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 723 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 724 725 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 726 skb_put(skb, 10); 727 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 728 IEEE80211_STYPE_REASSOC_REQ); 729 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 730 mgmt->u.reassoc_req.listen_interval = 731 cpu_to_le16(local->hw.conf.listen_interval); 732 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 733 ETH_ALEN); 734 } else { 735 skb_put(skb, 4); 736 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 737 IEEE80211_STYPE_ASSOC_REQ); 738 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 739 mgmt->u.assoc_req.listen_interval = 740 cpu_to_le16(local->hw.conf.listen_interval); 741 } 742 743 /* SSID */ 744 pos = skb_put(skb, 2 + assoc_data->ssid_len); 745 *pos++ = WLAN_EID_SSID; 746 *pos++ = assoc_data->ssid_len; 747 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 748 749 /* add all rates which were marked to be used above */ 750 supp_rates_len = rates_len; 751 if (supp_rates_len > 8) 752 supp_rates_len = 8; 753 754 pos = skb_put(skb, supp_rates_len + 2); 755 *pos++ = WLAN_EID_SUPP_RATES; 756 *pos++ = supp_rates_len; 757 758 count = 0; 759 for (i = 0; i < sband->n_bitrates; i++) { 760 if (BIT(i) & rates) { 761 int rate = sband->bitrates[i].bitrate; 762 *pos++ = (u8) (rate / 5); 763 if (++count == 8) 764 break; 765 } 766 } 767 768 if (rates_len > count) { 769 pos = skb_put(skb, rates_len - count + 2); 770 *pos++ = WLAN_EID_EXT_SUPP_RATES; 771 *pos++ = rates_len - count; 772 773 for (i++; i < sband->n_bitrates; i++) { 774 if (BIT(i) & rates) { 775 int rate = sband->bitrates[i].bitrate; 776 *pos++ = (u8) (rate / 5); 777 } 778 } 779 } 780 781 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 782 /* 1. power capabilities */ 783 pos = skb_put(skb, 4); 784 *pos++ = WLAN_EID_PWR_CAPABILITY; 785 *pos++ = 2; 786 *pos++ = 0; /* min tx power */ 787 *pos++ = chan->max_power; /* max tx power */ 788 789 /* 2. supported channels */ 790 /* TODO: get this in reg domain format */ 791 pos = skb_put(skb, 2 * sband->n_channels + 2); 792 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 793 *pos++ = 2 * sband->n_channels; 794 for (i = 0; i < sband->n_channels; i++) { 795 *pos++ = ieee80211_frequency_to_channel( 796 sband->channels[i].center_freq); 797 *pos++ = 1; /* one channel in the subband*/ 798 } 799 } 800 801 /* if present, add any custom IEs that go before HT */ 802 if (assoc_data->ie_len && assoc_data->ie) { 803 static const u8 before_ht[] = { 804 WLAN_EID_SSID, 805 WLAN_EID_SUPP_RATES, 806 WLAN_EID_EXT_SUPP_RATES, 807 WLAN_EID_PWR_CAPABILITY, 808 WLAN_EID_SUPPORTED_CHANNELS, 809 WLAN_EID_RSN, 810 WLAN_EID_QOS_CAPA, 811 WLAN_EID_RRM_ENABLED_CAPABILITIES, 812 WLAN_EID_MOBILITY_DOMAIN, 813 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 814 }; 815 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 816 before_ht, ARRAY_SIZE(before_ht), 817 offset); 818 pos = skb_put(skb, noffset - offset); 819 memcpy(pos, assoc_data->ie + offset, noffset - offset); 820 offset = noffset; 821 } 822 823 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 824 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 825 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 826 827 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 828 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 829 sband, chan, sdata->smps_mode); 830 831 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 832 ieee80211_add_vht_ie(sdata, skb, sband, 833 &assoc_data->ap_vht_cap); 834 835 /* if present, add any custom non-vendor IEs that go after HT */ 836 if (assoc_data->ie_len && assoc_data->ie) { 837 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 838 assoc_data->ie_len, 839 offset); 840 pos = skb_put(skb, noffset - offset); 841 memcpy(pos, assoc_data->ie + offset, noffset - offset); 842 offset = noffset; 843 } 844 845 if (assoc_data->wmm) { 846 if (assoc_data->uapsd) { 847 qos_info = ifmgd->uapsd_queues; 848 qos_info |= (ifmgd->uapsd_max_sp_len << 849 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 850 } else { 851 qos_info = 0; 852 } 853 854 pos = skb_put(skb, 9); 855 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 856 *pos++ = 7; /* len */ 857 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 858 *pos++ = 0x50; 859 *pos++ = 0xf2; 860 *pos++ = 2; /* WME */ 861 *pos++ = 0; /* WME info */ 862 *pos++ = 1; /* WME ver */ 863 *pos++ = qos_info; 864 } 865 866 /* add any remaining custom (i.e. vendor specific here) IEs */ 867 if (assoc_data->ie_len && assoc_data->ie) { 868 noffset = assoc_data->ie_len; 869 pos = skb_put(skb, noffset - offset); 870 memcpy(pos, assoc_data->ie + offset, noffset - offset); 871 } 872 873 drv_mgd_prepare_tx(local, sdata); 874 875 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 876 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 877 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 878 IEEE80211_TX_INTFL_MLME_CONN_TX; 879 ieee80211_tx_skb(sdata, skb); 880 } 881 882 void ieee80211_send_pspoll(struct ieee80211_local *local, 883 struct ieee80211_sub_if_data *sdata) 884 { 885 struct ieee80211_pspoll *pspoll; 886 struct sk_buff *skb; 887 888 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 889 if (!skb) 890 return; 891 892 pspoll = (struct ieee80211_pspoll *) skb->data; 893 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 894 895 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 896 ieee80211_tx_skb(sdata, skb); 897 } 898 899 void ieee80211_send_nullfunc(struct ieee80211_local *local, 900 struct ieee80211_sub_if_data *sdata, 901 int powersave) 902 { 903 struct sk_buff *skb; 904 struct ieee80211_hdr_3addr *nullfunc; 905 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 906 907 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 908 if (!skb) 909 return; 910 911 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 912 if (powersave) 913 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 914 915 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 916 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 917 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 918 IEEE80211_STA_CONNECTION_POLL)) 919 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 920 921 ieee80211_tx_skb(sdata, skb); 922 } 923 924 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 925 struct ieee80211_sub_if_data *sdata) 926 { 927 struct sk_buff *skb; 928 struct ieee80211_hdr *nullfunc; 929 __le16 fc; 930 931 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 932 return; 933 934 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 935 if (!skb) 936 return; 937 938 skb_reserve(skb, local->hw.extra_tx_headroom); 939 940 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 941 memset(nullfunc, 0, 30); 942 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 943 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 944 nullfunc->frame_control = fc; 945 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 946 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 947 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 948 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 949 950 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 951 ieee80211_tx_skb(sdata, skb); 952 } 953 954 /* spectrum management related things */ 955 static void ieee80211_chswitch_work(struct work_struct *work) 956 { 957 struct ieee80211_sub_if_data *sdata = 958 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 959 struct ieee80211_local *local = sdata->local; 960 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 961 962 if (!ieee80211_sdata_running(sdata)) 963 return; 964 965 mutex_lock(&ifmgd->mtx); 966 if (!ifmgd->associated) 967 goto out; 968 969 local->_oper_chandef = local->csa_chandef; 970 971 if (!local->ops->channel_switch) { 972 /* call "hw_config" only if doing sw channel switch */ 973 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 974 } else { 975 /* update the device channel directly */ 976 local->hw.conf.chandef = local->_oper_chandef; 977 } 978 979 /* XXX: shouldn't really modify cfg80211-owned data! */ 980 ifmgd->associated->channel = local->_oper_chandef.chan; 981 982 /* XXX: wait for a beacon first? */ 983 ieee80211_wake_queues_by_reason(&local->hw, 984 IEEE80211_MAX_QUEUE_MAP, 985 IEEE80211_QUEUE_STOP_REASON_CSA); 986 out: 987 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 988 mutex_unlock(&ifmgd->mtx); 989 } 990 991 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 992 { 993 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 994 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 995 996 trace_api_chswitch_done(sdata, success); 997 if (!success) { 998 sdata_info(sdata, 999 "driver channel switch failed, disconnecting\n"); 1000 ieee80211_queue_work(&sdata->local->hw, 1001 &ifmgd->csa_connection_drop_work); 1002 } else { 1003 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1004 } 1005 } 1006 EXPORT_SYMBOL(ieee80211_chswitch_done); 1007 1008 static void ieee80211_chswitch_timer(unsigned long data) 1009 { 1010 struct ieee80211_sub_if_data *sdata = 1011 (struct ieee80211_sub_if_data *) data; 1012 1013 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 1014 } 1015 1016 static void 1017 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1018 u64 timestamp, struct ieee802_11_elems *elems, 1019 bool beacon) 1020 { 1021 struct ieee80211_local *local = sdata->local; 1022 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1023 struct cfg80211_bss *cbss = ifmgd->associated; 1024 struct ieee80211_bss *bss; 1025 struct ieee80211_chanctx *chanctx; 1026 enum ieee80211_band new_band; 1027 int new_freq; 1028 u8 new_chan_no; 1029 u8 count; 1030 u8 mode; 1031 struct ieee80211_channel *new_chan; 1032 struct cfg80211_chan_def new_chandef = {}; 1033 struct cfg80211_chan_def new_vht_chandef = {}; 1034 const struct ieee80211_sec_chan_offs_ie *sec_chan_offs; 1035 const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie; 1036 const struct ieee80211_ht_operation *ht_oper; 1037 int secondary_channel_offset = -1; 1038 1039 ASSERT_MGD_MTX(ifmgd); 1040 1041 if (!cbss) 1042 return; 1043 1044 if (local->scanning) 1045 return; 1046 1047 /* disregard subsequent announcements if we are already processing */ 1048 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 1049 return; 1050 1051 sec_chan_offs = elems->sec_chan_offs; 1052 wide_bw_chansw_ie = elems->wide_bw_chansw_ie; 1053 ht_oper = elems->ht_operation; 1054 1055 if (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 1056 IEEE80211_STA_DISABLE_40MHZ)) { 1057 sec_chan_offs = NULL; 1058 wide_bw_chansw_ie = NULL; 1059 /* only used for bandwidth here */ 1060 ht_oper = NULL; 1061 } 1062 1063 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 1064 wide_bw_chansw_ie = NULL; 1065 1066 if (elems->ext_chansw_ie) { 1067 if (!ieee80211_operating_class_to_band( 1068 elems->ext_chansw_ie->new_operating_class, 1069 &new_band)) { 1070 sdata_info(sdata, 1071 "cannot understand ECSA IE operating class %d, disconnecting\n", 1072 elems->ext_chansw_ie->new_operating_class); 1073 ieee80211_queue_work(&local->hw, 1074 &ifmgd->csa_connection_drop_work); 1075 } 1076 new_chan_no = elems->ext_chansw_ie->new_ch_num; 1077 count = elems->ext_chansw_ie->count; 1078 mode = elems->ext_chansw_ie->mode; 1079 } else if (elems->ch_switch_ie) { 1080 new_band = cbss->channel->band; 1081 new_chan_no = elems->ch_switch_ie->new_ch_num; 1082 count = elems->ch_switch_ie->count; 1083 mode = elems->ch_switch_ie->mode; 1084 } else { 1085 /* nothing here we understand */ 1086 return; 1087 } 1088 1089 bss = (void *)cbss->priv; 1090 1091 new_freq = ieee80211_channel_to_frequency(new_chan_no, new_band); 1092 new_chan = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 1093 if (!new_chan || new_chan->flags & IEEE80211_CHAN_DISABLED) { 1094 sdata_info(sdata, 1095 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n", 1096 ifmgd->associated->bssid, new_freq); 1097 ieee80211_queue_work(&local->hw, 1098 &ifmgd->csa_connection_drop_work); 1099 return; 1100 } 1101 1102 if (!beacon && sec_chan_offs) { 1103 secondary_channel_offset = sec_chan_offs->sec_chan_offs; 1104 } else if (beacon && ht_oper) { 1105 secondary_channel_offset = 1106 ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET; 1107 } else if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 1108 /* 1109 * If it's not a beacon, HT is enabled and the IE not present, 1110 * it's 20 MHz, 802.11-2012 8.5.2.6: 1111 * This element [the Secondary Channel Offset Element] is 1112 * present when switching to a 40 MHz channel. It may be 1113 * present when switching to a 20 MHz channel (in which 1114 * case the secondary channel offset is set to SCN). 1115 */ 1116 secondary_channel_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE; 1117 } 1118 1119 switch (secondary_channel_offset) { 1120 default: 1121 /* secondary_channel_offset was present but is invalid */ 1122 case IEEE80211_HT_PARAM_CHA_SEC_NONE: 1123 cfg80211_chandef_create(&new_chandef, new_chan, 1124 NL80211_CHAN_HT20); 1125 break; 1126 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 1127 cfg80211_chandef_create(&new_chandef, new_chan, 1128 NL80211_CHAN_HT40PLUS); 1129 break; 1130 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 1131 cfg80211_chandef_create(&new_chandef, new_chan, 1132 NL80211_CHAN_HT40MINUS); 1133 break; 1134 case -1: 1135 cfg80211_chandef_create(&new_chandef, new_chan, 1136 NL80211_CHAN_NO_HT); 1137 break; 1138 } 1139 1140 if (wide_bw_chansw_ie) { 1141 new_vht_chandef.chan = new_chan; 1142 new_vht_chandef.center_freq1 = 1143 ieee80211_channel_to_frequency( 1144 wide_bw_chansw_ie->new_center_freq_seg0, 1145 new_band); 1146 1147 switch (wide_bw_chansw_ie->new_channel_width) { 1148 default: 1149 /* hmmm, ignore VHT and use HT if present */ 1150 case IEEE80211_VHT_CHANWIDTH_USE_HT: 1151 new_vht_chandef.chan = NULL; 1152 break; 1153 case IEEE80211_VHT_CHANWIDTH_80MHZ: 1154 new_vht_chandef.width = NL80211_CHAN_WIDTH_80; 1155 break; 1156 case IEEE80211_VHT_CHANWIDTH_160MHZ: 1157 new_vht_chandef.width = NL80211_CHAN_WIDTH_160; 1158 break; 1159 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 1160 /* field is otherwise reserved */ 1161 new_vht_chandef.center_freq2 = 1162 ieee80211_channel_to_frequency( 1163 wide_bw_chansw_ie->new_center_freq_seg1, 1164 new_band); 1165 new_vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 1166 break; 1167 } 1168 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 1169 new_vht_chandef.width == NL80211_CHAN_WIDTH_80P80) 1170 chandef_downgrade(&new_vht_chandef); 1171 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 1172 new_vht_chandef.width == NL80211_CHAN_WIDTH_160) 1173 chandef_downgrade(&new_vht_chandef); 1174 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 1175 new_vht_chandef.width > NL80211_CHAN_WIDTH_20) 1176 chandef_downgrade(&new_vht_chandef); 1177 } 1178 1179 /* if VHT data is there validate & use it */ 1180 if (new_vht_chandef.chan) { 1181 if (!cfg80211_chandef_compatible(&new_vht_chandef, 1182 &new_chandef)) { 1183 sdata_info(sdata, 1184 "AP %pM CSA has inconsistent channel data, disconnecting\n", 1185 ifmgd->associated->bssid); 1186 ieee80211_queue_work(&local->hw, 1187 &ifmgd->csa_connection_drop_work); 1188 return; 1189 } 1190 new_chandef = new_vht_chandef; 1191 } 1192 1193 if (!cfg80211_chandef_usable(local->hw.wiphy, &new_chandef, 1194 IEEE80211_CHAN_DISABLED)) { 1195 sdata_info(sdata, 1196 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 1197 ifmgd->associated->bssid, new_freq, 1198 new_chandef.width, new_chandef.center_freq1, 1199 new_chandef.center_freq2); 1200 ieee80211_queue_work(&local->hw, 1201 &ifmgd->csa_connection_drop_work); 1202 return; 1203 } 1204 1205 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 1206 1207 if (local->use_chanctx) { 1208 sdata_info(sdata, 1209 "not handling channel switch with channel contexts\n"); 1210 ieee80211_queue_work(&local->hw, 1211 &ifmgd->csa_connection_drop_work); 1212 return; 1213 } 1214 1215 mutex_lock(&local->chanctx_mtx); 1216 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { 1217 mutex_unlock(&local->chanctx_mtx); 1218 return; 1219 } 1220 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), 1221 struct ieee80211_chanctx, conf); 1222 if (chanctx->refcount > 1) { 1223 sdata_info(sdata, 1224 "channel switch with multiple interfaces on the same channel, disconnecting\n"); 1225 ieee80211_queue_work(&local->hw, 1226 &ifmgd->csa_connection_drop_work); 1227 mutex_unlock(&local->chanctx_mtx); 1228 return; 1229 } 1230 mutex_unlock(&local->chanctx_mtx); 1231 1232 local->csa_chandef = new_chandef; 1233 1234 if (mode) 1235 ieee80211_stop_queues_by_reason(&local->hw, 1236 IEEE80211_MAX_QUEUE_MAP, 1237 IEEE80211_QUEUE_STOP_REASON_CSA); 1238 1239 if (local->ops->channel_switch) { 1240 /* use driver's channel switch callback */ 1241 struct ieee80211_channel_switch ch_switch = { 1242 .timestamp = timestamp, 1243 .block_tx = mode, 1244 .chandef = new_chandef, 1245 .count = count, 1246 }; 1247 1248 drv_channel_switch(local, &ch_switch); 1249 return; 1250 } 1251 1252 /* channel switch handled in software */ 1253 if (count <= 1) 1254 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1255 else 1256 mod_timer(&ifmgd->chswitch_timer, 1257 TU_TO_EXP_TIME(count * cbss->beacon_interval)); 1258 } 1259 1260 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1261 struct ieee80211_channel *channel, 1262 const u8 *country_ie, u8 country_ie_len, 1263 const u8 *pwr_constr_elem) 1264 { 1265 struct ieee80211_country_ie_triplet *triplet; 1266 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1267 int i, chan_pwr, chan_increment, new_ap_level; 1268 bool have_chan_pwr = false; 1269 1270 /* Invalid IE */ 1271 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1272 return 0; 1273 1274 triplet = (void *)(country_ie + 3); 1275 country_ie_len -= 3; 1276 1277 switch (channel->band) { 1278 default: 1279 WARN_ON_ONCE(1); 1280 /* fall through */ 1281 case IEEE80211_BAND_2GHZ: 1282 case IEEE80211_BAND_60GHZ: 1283 chan_increment = 1; 1284 break; 1285 case IEEE80211_BAND_5GHZ: 1286 chan_increment = 4; 1287 break; 1288 } 1289 1290 /* find channel */ 1291 while (country_ie_len >= 3) { 1292 u8 first_channel = triplet->chans.first_channel; 1293 1294 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1295 goto next; 1296 1297 for (i = 0; i < triplet->chans.num_channels; i++) { 1298 if (first_channel + i * chan_increment == chan) { 1299 have_chan_pwr = true; 1300 chan_pwr = triplet->chans.max_power; 1301 break; 1302 } 1303 } 1304 if (have_chan_pwr) 1305 break; 1306 1307 next: 1308 triplet++; 1309 country_ie_len -= 3; 1310 } 1311 1312 if (!have_chan_pwr) 1313 return 0; 1314 1315 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem); 1316 1317 if (sdata->ap_power_level == new_ap_level) 1318 return 0; 1319 1320 sdata_info(sdata, 1321 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1322 new_ap_level, chan_pwr, *pwr_constr_elem, 1323 sdata->u.mgd.bssid); 1324 sdata->ap_power_level = new_ap_level; 1325 if (__ieee80211_recalc_txpower(sdata)) 1326 return BSS_CHANGED_TXPOWER; 1327 return 0; 1328 } 1329 1330 /* powersave */ 1331 static void ieee80211_enable_ps(struct ieee80211_local *local, 1332 struct ieee80211_sub_if_data *sdata) 1333 { 1334 struct ieee80211_conf *conf = &local->hw.conf; 1335 1336 /* 1337 * If we are scanning right now then the parameters will 1338 * take effect when scan finishes. 1339 */ 1340 if (local->scanning) 1341 return; 1342 1343 if (conf->dynamic_ps_timeout > 0 && 1344 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1345 mod_timer(&local->dynamic_ps_timer, jiffies + 1346 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1347 } else { 1348 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1349 ieee80211_send_nullfunc(local, sdata, 1); 1350 1351 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1352 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1353 return; 1354 1355 conf->flags |= IEEE80211_CONF_PS; 1356 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1357 } 1358 } 1359 1360 static void ieee80211_change_ps(struct ieee80211_local *local) 1361 { 1362 struct ieee80211_conf *conf = &local->hw.conf; 1363 1364 if (local->ps_sdata) { 1365 ieee80211_enable_ps(local, local->ps_sdata); 1366 } else if (conf->flags & IEEE80211_CONF_PS) { 1367 conf->flags &= ~IEEE80211_CONF_PS; 1368 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1369 del_timer_sync(&local->dynamic_ps_timer); 1370 cancel_work_sync(&local->dynamic_ps_enable_work); 1371 } 1372 } 1373 1374 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1375 { 1376 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1377 struct sta_info *sta = NULL; 1378 bool authorized = false; 1379 1380 if (!mgd->powersave) 1381 return false; 1382 1383 if (mgd->broken_ap) 1384 return false; 1385 1386 if (!mgd->associated) 1387 return false; 1388 1389 if (mgd->flags & (IEEE80211_STA_BEACON_POLL | 1390 IEEE80211_STA_CONNECTION_POLL)) 1391 return false; 1392 1393 rcu_read_lock(); 1394 sta = sta_info_get(sdata, mgd->bssid); 1395 if (sta) 1396 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1397 rcu_read_unlock(); 1398 1399 return authorized; 1400 } 1401 1402 /* need to hold RTNL or interface lock */ 1403 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1404 { 1405 struct ieee80211_sub_if_data *sdata, *found = NULL; 1406 int count = 0; 1407 int timeout; 1408 1409 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1410 local->ps_sdata = NULL; 1411 return; 1412 } 1413 1414 list_for_each_entry(sdata, &local->interfaces, list) { 1415 if (!ieee80211_sdata_running(sdata)) 1416 continue; 1417 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1418 /* If an AP vif is found, then disable PS 1419 * by setting the count to zero thereby setting 1420 * ps_sdata to NULL. 1421 */ 1422 count = 0; 1423 break; 1424 } 1425 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1426 continue; 1427 found = sdata; 1428 count++; 1429 } 1430 1431 if (count == 1 && ieee80211_powersave_allowed(found)) { 1432 s32 beaconint_us; 1433 1434 if (latency < 0) 1435 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1436 1437 beaconint_us = ieee80211_tu_to_usec( 1438 found->vif.bss_conf.beacon_int); 1439 1440 timeout = local->dynamic_ps_forced_timeout; 1441 if (timeout < 0) { 1442 /* 1443 * Go to full PSM if the user configures a very low 1444 * latency requirement. 1445 * The 2000 second value is there for compatibility 1446 * until the PM_QOS_NETWORK_LATENCY is configured 1447 * with real values. 1448 */ 1449 if (latency > (1900 * USEC_PER_MSEC) && 1450 latency != (2000 * USEC_PER_SEC)) 1451 timeout = 0; 1452 else 1453 timeout = 100; 1454 } 1455 local->hw.conf.dynamic_ps_timeout = timeout; 1456 1457 if (beaconint_us > latency) { 1458 local->ps_sdata = NULL; 1459 } else { 1460 int maxslp = 1; 1461 u8 dtimper = found->u.mgd.dtim_period; 1462 1463 /* If the TIM IE is invalid, pretend the value is 1 */ 1464 if (!dtimper) 1465 dtimper = 1; 1466 else if (dtimper > 1) 1467 maxslp = min_t(int, dtimper, 1468 latency / beaconint_us); 1469 1470 local->hw.conf.max_sleep_period = maxslp; 1471 local->hw.conf.ps_dtim_period = dtimper; 1472 local->ps_sdata = found; 1473 } 1474 } else { 1475 local->ps_sdata = NULL; 1476 } 1477 1478 ieee80211_change_ps(local); 1479 } 1480 1481 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1482 { 1483 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1484 1485 if (sdata->vif.bss_conf.ps != ps_allowed) { 1486 sdata->vif.bss_conf.ps = ps_allowed; 1487 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1488 } 1489 } 1490 1491 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1492 { 1493 struct ieee80211_local *local = 1494 container_of(work, struct ieee80211_local, 1495 dynamic_ps_disable_work); 1496 1497 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1498 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1499 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1500 } 1501 1502 ieee80211_wake_queues_by_reason(&local->hw, 1503 IEEE80211_MAX_QUEUE_MAP, 1504 IEEE80211_QUEUE_STOP_REASON_PS); 1505 } 1506 1507 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1508 { 1509 struct ieee80211_local *local = 1510 container_of(work, struct ieee80211_local, 1511 dynamic_ps_enable_work); 1512 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1513 struct ieee80211_if_managed *ifmgd; 1514 unsigned long flags; 1515 int q; 1516 1517 /* can only happen when PS was just disabled anyway */ 1518 if (!sdata) 1519 return; 1520 1521 ifmgd = &sdata->u.mgd; 1522 1523 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1524 return; 1525 1526 if (local->hw.conf.dynamic_ps_timeout > 0) { 1527 /* don't enter PS if TX frames are pending */ 1528 if (drv_tx_frames_pending(local)) { 1529 mod_timer(&local->dynamic_ps_timer, jiffies + 1530 msecs_to_jiffies( 1531 local->hw.conf.dynamic_ps_timeout)); 1532 return; 1533 } 1534 1535 /* 1536 * transmission can be stopped by others which leads to 1537 * dynamic_ps_timer expiry. Postpone the ps timer if it 1538 * is not the actual idle state. 1539 */ 1540 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1541 for (q = 0; q < local->hw.queues; q++) { 1542 if (local->queue_stop_reasons[q]) { 1543 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1544 flags); 1545 mod_timer(&local->dynamic_ps_timer, jiffies + 1546 msecs_to_jiffies( 1547 local->hw.conf.dynamic_ps_timeout)); 1548 return; 1549 } 1550 } 1551 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1552 } 1553 1554 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1555 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1556 if (drv_tx_frames_pending(local)) { 1557 mod_timer(&local->dynamic_ps_timer, jiffies + 1558 msecs_to_jiffies( 1559 local->hw.conf.dynamic_ps_timeout)); 1560 } else { 1561 ieee80211_send_nullfunc(local, sdata, 1); 1562 /* Flush to get the tx status of nullfunc frame */ 1563 ieee80211_flush_queues(local, sdata); 1564 } 1565 } 1566 1567 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1568 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1569 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1570 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1571 local->hw.conf.flags |= IEEE80211_CONF_PS; 1572 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1573 } 1574 } 1575 1576 void ieee80211_dynamic_ps_timer(unsigned long data) 1577 { 1578 struct ieee80211_local *local = (void *) data; 1579 1580 if (local->quiescing || local->suspended) 1581 return; 1582 1583 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1584 } 1585 1586 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1587 { 1588 struct delayed_work *delayed_work = 1589 container_of(work, struct delayed_work, work); 1590 struct ieee80211_sub_if_data *sdata = 1591 container_of(delayed_work, struct ieee80211_sub_if_data, 1592 dfs_cac_timer_work); 1593 1594 ieee80211_vif_release_channel(sdata); 1595 1596 cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL); 1597 } 1598 1599 /* MLME */ 1600 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1601 struct ieee80211_sub_if_data *sdata, 1602 const u8 *wmm_param, size_t wmm_param_len) 1603 { 1604 struct ieee80211_tx_queue_params params; 1605 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1606 size_t left; 1607 int count; 1608 const u8 *pos; 1609 u8 uapsd_queues = 0; 1610 1611 if (!local->ops->conf_tx) 1612 return false; 1613 1614 if (local->hw.queues < IEEE80211_NUM_ACS) 1615 return false; 1616 1617 if (!wmm_param) 1618 return false; 1619 1620 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1621 return false; 1622 1623 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1624 uapsd_queues = ifmgd->uapsd_queues; 1625 1626 count = wmm_param[6] & 0x0f; 1627 if (count == ifmgd->wmm_last_param_set) 1628 return false; 1629 ifmgd->wmm_last_param_set = count; 1630 1631 pos = wmm_param + 8; 1632 left = wmm_param_len - 8; 1633 1634 memset(¶ms, 0, sizeof(params)); 1635 1636 sdata->wmm_acm = 0; 1637 for (; left >= 4; left -= 4, pos += 4) { 1638 int aci = (pos[0] >> 5) & 0x03; 1639 int acm = (pos[0] >> 4) & 0x01; 1640 bool uapsd = false; 1641 int queue; 1642 1643 switch (aci) { 1644 case 1: /* AC_BK */ 1645 queue = 3; 1646 if (acm) 1647 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1648 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1649 uapsd = true; 1650 break; 1651 case 2: /* AC_VI */ 1652 queue = 1; 1653 if (acm) 1654 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1655 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1656 uapsd = true; 1657 break; 1658 case 3: /* AC_VO */ 1659 queue = 0; 1660 if (acm) 1661 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1662 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1663 uapsd = true; 1664 break; 1665 case 0: /* AC_BE */ 1666 default: 1667 queue = 2; 1668 if (acm) 1669 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1670 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1671 uapsd = true; 1672 break; 1673 } 1674 1675 params.aifs = pos[0] & 0x0f; 1676 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1677 params.cw_min = ecw2cw(pos[1] & 0x0f); 1678 params.txop = get_unaligned_le16(pos + 2); 1679 params.acm = acm; 1680 params.uapsd = uapsd; 1681 1682 mlme_dbg(sdata, 1683 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 1684 queue, aci, acm, 1685 params.aifs, params.cw_min, params.cw_max, 1686 params.txop, params.uapsd); 1687 sdata->tx_conf[queue] = params; 1688 if (drv_conf_tx(local, sdata, queue, ¶ms)) 1689 sdata_err(sdata, 1690 "failed to set TX queue parameters for queue %d\n", 1691 queue); 1692 } 1693 1694 /* enable WMM or activate new settings */ 1695 sdata->vif.bss_conf.qos = true; 1696 return true; 1697 } 1698 1699 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1700 { 1701 lockdep_assert_held(&sdata->local->mtx); 1702 1703 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1704 IEEE80211_STA_BEACON_POLL); 1705 ieee80211_run_deferred_scan(sdata->local); 1706 } 1707 1708 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1709 { 1710 mutex_lock(&sdata->local->mtx); 1711 __ieee80211_stop_poll(sdata); 1712 mutex_unlock(&sdata->local->mtx); 1713 } 1714 1715 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1716 u16 capab, bool erp_valid, u8 erp) 1717 { 1718 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1719 u32 changed = 0; 1720 bool use_protection; 1721 bool use_short_preamble; 1722 bool use_short_slot; 1723 1724 if (erp_valid) { 1725 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1726 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1727 } else { 1728 use_protection = false; 1729 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1730 } 1731 1732 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1733 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1734 use_short_slot = true; 1735 1736 if (use_protection != bss_conf->use_cts_prot) { 1737 bss_conf->use_cts_prot = use_protection; 1738 changed |= BSS_CHANGED_ERP_CTS_PROT; 1739 } 1740 1741 if (use_short_preamble != bss_conf->use_short_preamble) { 1742 bss_conf->use_short_preamble = use_short_preamble; 1743 changed |= BSS_CHANGED_ERP_PREAMBLE; 1744 } 1745 1746 if (use_short_slot != bss_conf->use_short_slot) { 1747 bss_conf->use_short_slot = use_short_slot; 1748 changed |= BSS_CHANGED_ERP_SLOT; 1749 } 1750 1751 return changed; 1752 } 1753 1754 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1755 struct cfg80211_bss *cbss, 1756 u32 bss_info_changed) 1757 { 1758 struct ieee80211_bss *bss = (void *)cbss->priv; 1759 struct ieee80211_local *local = sdata->local; 1760 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1761 1762 bss_info_changed |= BSS_CHANGED_ASSOC; 1763 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1764 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1765 1766 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1767 beacon_loss_count * bss_conf->beacon_int)); 1768 1769 sdata->u.mgd.associated = cbss; 1770 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1771 1772 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1773 1774 if (sdata->vif.p2p) { 1775 const struct cfg80211_bss_ies *ies; 1776 1777 rcu_read_lock(); 1778 ies = rcu_dereference(cbss->ies); 1779 if (ies) { 1780 int ret; 1781 1782 ret = cfg80211_get_p2p_attr( 1783 ies->data, ies->len, 1784 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1785 (u8 *) &bss_conf->p2p_noa_attr, 1786 sizeof(bss_conf->p2p_noa_attr)); 1787 if (ret >= 2) { 1788 sdata->u.mgd.p2p_noa_index = 1789 bss_conf->p2p_noa_attr.index; 1790 bss_info_changed |= BSS_CHANGED_P2P_PS; 1791 } 1792 } 1793 rcu_read_unlock(); 1794 } 1795 1796 /* just to be sure */ 1797 ieee80211_stop_poll(sdata); 1798 1799 ieee80211_led_assoc(local, 1); 1800 1801 if (sdata->u.mgd.assoc_data->have_beacon) { 1802 /* 1803 * If the AP is buggy we may get here with no DTIM period 1804 * known, so assume it's 1 which is the only safe assumption 1805 * in that case, although if the TIM IE is broken powersave 1806 * probably just won't work at all. 1807 */ 1808 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1809 bss_info_changed |= BSS_CHANGED_DTIM_PERIOD; 1810 } else { 1811 bss_conf->dtim_period = 0; 1812 } 1813 1814 bss_conf->assoc = 1; 1815 1816 /* Tell the driver to monitor connection quality (if supported) */ 1817 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1818 bss_conf->cqm_rssi_thold) 1819 bss_info_changed |= BSS_CHANGED_CQM; 1820 1821 /* Enable ARP filtering */ 1822 if (bss_conf->arp_addr_cnt) 1823 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1824 1825 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1826 1827 mutex_lock(&local->iflist_mtx); 1828 ieee80211_recalc_ps(local, -1); 1829 mutex_unlock(&local->iflist_mtx); 1830 1831 ieee80211_recalc_smps(sdata); 1832 ieee80211_recalc_ps_vif(sdata); 1833 1834 netif_carrier_on(sdata->dev); 1835 } 1836 1837 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1838 u16 stype, u16 reason, bool tx, 1839 u8 *frame_buf) 1840 { 1841 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1842 struct ieee80211_local *local = sdata->local; 1843 u32 changed = 0; 1844 1845 ASSERT_MGD_MTX(ifmgd); 1846 1847 if (WARN_ON_ONCE(tx && !frame_buf)) 1848 return; 1849 1850 if (WARN_ON(!ifmgd->associated)) 1851 return; 1852 1853 ieee80211_stop_poll(sdata); 1854 1855 ifmgd->associated = NULL; 1856 netif_carrier_off(sdata->dev); 1857 1858 /* 1859 * if we want to get out of ps before disassoc (why?) we have 1860 * to do it before sending disassoc, as otherwise the null-packet 1861 * won't be valid. 1862 */ 1863 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1864 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1865 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1866 } 1867 local->ps_sdata = NULL; 1868 1869 /* disable per-vif ps */ 1870 ieee80211_recalc_ps_vif(sdata); 1871 1872 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1873 if (tx) 1874 ieee80211_flush_queues(local, sdata); 1875 1876 /* deauthenticate/disassociate now */ 1877 if (tx || frame_buf) 1878 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1879 reason, tx, frame_buf); 1880 1881 /* flush out frame */ 1882 if (tx) 1883 ieee80211_flush_queues(local, sdata); 1884 1885 /* clear bssid only after building the needed mgmt frames */ 1886 memset(ifmgd->bssid, 0, ETH_ALEN); 1887 1888 /* remove AP and TDLS peers */ 1889 sta_info_flush_defer(sdata); 1890 1891 /* finally reset all BSS / config parameters */ 1892 changed |= ieee80211_reset_erp_info(sdata); 1893 1894 ieee80211_led_assoc(local, 0); 1895 changed |= BSS_CHANGED_ASSOC; 1896 sdata->vif.bss_conf.assoc = false; 1897 1898 ifmgd->p2p_noa_index = -1; 1899 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 1900 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 1901 1902 /* on the next assoc, re-program HT/VHT parameters */ 1903 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1904 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 1905 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 1906 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 1907 1908 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 1909 1910 del_timer_sync(&local->dynamic_ps_timer); 1911 cancel_work_sync(&local->dynamic_ps_enable_work); 1912 1913 /* Disable ARP filtering */ 1914 if (sdata->vif.bss_conf.arp_addr_cnt) 1915 changed |= BSS_CHANGED_ARP_FILTER; 1916 1917 sdata->vif.bss_conf.qos = false; 1918 changed |= BSS_CHANGED_QOS; 1919 1920 /* The BSSID (not really interesting) and HT changed */ 1921 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1922 ieee80211_bss_info_change_notify(sdata, changed); 1923 1924 /* disassociated - set to defaults now */ 1925 ieee80211_set_wmm_default(sdata, false); 1926 1927 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1928 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1929 del_timer_sync(&sdata->u.mgd.timer); 1930 del_timer_sync(&sdata->u.mgd.chswitch_timer); 1931 1932 sdata->vif.bss_conf.dtim_period = 0; 1933 1934 ifmgd->flags = 0; 1935 ieee80211_vif_release_channel(sdata); 1936 } 1937 1938 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1939 struct ieee80211_hdr *hdr) 1940 { 1941 /* 1942 * We can postpone the mgd.timer whenever receiving unicast frames 1943 * from AP because we know that the connection is working both ways 1944 * at that time. But multicast frames (and hence also beacons) must 1945 * be ignored here, because we need to trigger the timer during 1946 * data idle periods for sending the periodic probe request to the 1947 * AP we're connected to. 1948 */ 1949 if (is_multicast_ether_addr(hdr->addr1)) 1950 return; 1951 1952 ieee80211_sta_reset_conn_monitor(sdata); 1953 } 1954 1955 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 1956 { 1957 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1958 struct ieee80211_local *local = sdata->local; 1959 1960 mutex_lock(&local->mtx); 1961 if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1962 IEEE80211_STA_CONNECTION_POLL))) { 1963 mutex_unlock(&local->mtx); 1964 return; 1965 } 1966 1967 __ieee80211_stop_poll(sdata); 1968 1969 mutex_lock(&local->iflist_mtx); 1970 ieee80211_recalc_ps(local, -1); 1971 mutex_unlock(&local->iflist_mtx); 1972 1973 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1974 goto out; 1975 1976 /* 1977 * We've received a probe response, but are not sure whether 1978 * we have or will be receiving any beacons or data, so let's 1979 * schedule the timers again, just in case. 1980 */ 1981 ieee80211_sta_reset_beacon_monitor(sdata); 1982 1983 mod_timer(&ifmgd->conn_mon_timer, 1984 round_jiffies_up(jiffies + 1985 IEEE80211_CONNECTION_IDLE_TIME)); 1986 out: 1987 mutex_unlock(&local->mtx); 1988 } 1989 1990 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1991 struct ieee80211_hdr *hdr, bool ack) 1992 { 1993 if (!ieee80211_is_data(hdr->frame_control)) 1994 return; 1995 1996 if (ieee80211_is_nullfunc(hdr->frame_control) && 1997 sdata->u.mgd.probe_send_count > 0) { 1998 if (ack) 1999 ieee80211_sta_reset_conn_monitor(sdata); 2000 else 2001 sdata->u.mgd.nullfunc_failed = true; 2002 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 2003 return; 2004 } 2005 2006 if (ack) 2007 ieee80211_sta_reset_conn_monitor(sdata); 2008 } 2009 2010 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 2011 { 2012 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2013 const u8 *ssid; 2014 u8 *dst = ifmgd->associated->bssid; 2015 u8 unicast_limit = max(1, max_probe_tries - 3); 2016 2017 /* 2018 * Try sending broadcast probe requests for the last three 2019 * probe requests after the first ones failed since some 2020 * buggy APs only support broadcast probe requests. 2021 */ 2022 if (ifmgd->probe_send_count >= unicast_limit) 2023 dst = NULL; 2024 2025 /* 2026 * When the hardware reports an accurate Tx ACK status, it's 2027 * better to send a nullfunc frame instead of a probe request, 2028 * as it will kick us off the AP quickly if we aren't associated 2029 * anymore. The timeout will be reset if the frame is ACKed by 2030 * the AP. 2031 */ 2032 ifmgd->probe_send_count++; 2033 2034 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 2035 ifmgd->nullfunc_failed = false; 2036 ieee80211_send_nullfunc(sdata->local, sdata, 0); 2037 } else { 2038 int ssid_len; 2039 2040 rcu_read_lock(); 2041 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 2042 if (WARN_ON_ONCE(ssid == NULL)) 2043 ssid_len = 0; 2044 else 2045 ssid_len = ssid[1]; 2046 2047 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 2048 0, (u32) -1, true, 0, 2049 ifmgd->associated->channel, false); 2050 rcu_read_unlock(); 2051 } 2052 2053 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 2054 run_again(ifmgd, ifmgd->probe_timeout); 2055 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2056 ieee80211_flush_queues(sdata->local, sdata); 2057 } 2058 2059 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 2060 bool beacon) 2061 { 2062 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2063 bool already = false; 2064 2065 if (!ieee80211_sdata_running(sdata)) 2066 return; 2067 2068 mutex_lock(&ifmgd->mtx); 2069 2070 if (!ifmgd->associated) 2071 goto out; 2072 2073 mutex_lock(&sdata->local->mtx); 2074 2075 if (sdata->local->tmp_channel || sdata->local->scanning) { 2076 mutex_unlock(&sdata->local->mtx); 2077 goto out; 2078 } 2079 2080 if (beacon) { 2081 mlme_dbg_ratelimited(sdata, 2082 "detected beacon loss from AP (missed %d beacons) - probing\n", 2083 beacon_loss_count); 2084 2085 ieee80211_cqm_rssi_notify(&sdata->vif, 2086 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, 2087 GFP_KERNEL); 2088 } 2089 2090 /* 2091 * The driver/our work has already reported this event or the 2092 * connection monitoring has kicked in and we have already sent 2093 * a probe request. Or maybe the AP died and the driver keeps 2094 * reporting until we disassociate... 2095 * 2096 * In either case we have to ignore the current call to this 2097 * function (except for setting the correct probe reason bit) 2098 * because otherwise we would reset the timer every time and 2099 * never check whether we received a probe response! 2100 */ 2101 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 2102 IEEE80211_STA_CONNECTION_POLL)) 2103 already = true; 2104 2105 if (beacon) 2106 ifmgd->flags |= IEEE80211_STA_BEACON_POLL; 2107 else 2108 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 2109 2110 mutex_unlock(&sdata->local->mtx); 2111 2112 if (already) 2113 goto out; 2114 2115 mutex_lock(&sdata->local->iflist_mtx); 2116 ieee80211_recalc_ps(sdata->local, -1); 2117 mutex_unlock(&sdata->local->iflist_mtx); 2118 2119 ifmgd->probe_send_count = 0; 2120 ieee80211_mgd_probe_ap_send(sdata); 2121 out: 2122 mutex_unlock(&ifmgd->mtx); 2123 } 2124 2125 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 2126 struct ieee80211_vif *vif) 2127 { 2128 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2129 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2130 struct cfg80211_bss *cbss; 2131 struct sk_buff *skb; 2132 const u8 *ssid; 2133 int ssid_len; 2134 2135 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2136 return NULL; 2137 2138 ASSERT_MGD_MTX(ifmgd); 2139 2140 if (ifmgd->associated) 2141 cbss = ifmgd->associated; 2142 else if (ifmgd->auth_data) 2143 cbss = ifmgd->auth_data->bss; 2144 else if (ifmgd->assoc_data) 2145 cbss = ifmgd->assoc_data->bss; 2146 else 2147 return NULL; 2148 2149 rcu_read_lock(); 2150 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 2151 if (WARN_ON_ONCE(ssid == NULL)) 2152 ssid_len = 0; 2153 else 2154 ssid_len = ssid[1]; 2155 2156 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 2157 (u32) -1, cbss->channel, 2158 ssid + 2, ssid_len, 2159 NULL, 0, true); 2160 rcu_read_unlock(); 2161 2162 return skb; 2163 } 2164 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2165 2166 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2167 { 2168 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2169 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2170 2171 mutex_lock(&ifmgd->mtx); 2172 if (!ifmgd->associated) { 2173 mutex_unlock(&ifmgd->mtx); 2174 return; 2175 } 2176 2177 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2178 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2179 true, frame_buf); 2180 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 2181 ieee80211_wake_queues_by_reason(&sdata->local->hw, 2182 IEEE80211_MAX_QUEUE_MAP, 2183 IEEE80211_QUEUE_STOP_REASON_CSA); 2184 mutex_unlock(&ifmgd->mtx); 2185 2186 /* 2187 * must be outside lock due to cfg80211, 2188 * but that's not a problem. 2189 */ 2190 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN); 2191 } 2192 2193 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2194 { 2195 struct ieee80211_sub_if_data *sdata = 2196 container_of(work, struct ieee80211_sub_if_data, 2197 u.mgd.beacon_connection_loss_work); 2198 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2199 struct sta_info *sta; 2200 2201 if (ifmgd->associated) { 2202 rcu_read_lock(); 2203 sta = sta_info_get(sdata, ifmgd->bssid); 2204 if (sta) 2205 sta->beacon_loss_count++; 2206 rcu_read_unlock(); 2207 } 2208 2209 if (ifmgd->connection_loss) { 2210 sdata_info(sdata, "Connection to AP %pM lost\n", 2211 ifmgd->bssid); 2212 __ieee80211_disconnect(sdata); 2213 } else { 2214 ieee80211_mgd_probe_ap(sdata, true); 2215 } 2216 } 2217 2218 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2219 { 2220 struct ieee80211_sub_if_data *sdata = 2221 container_of(work, struct ieee80211_sub_if_data, 2222 u.mgd.csa_connection_drop_work); 2223 2224 __ieee80211_disconnect(sdata); 2225 } 2226 2227 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2228 { 2229 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2230 struct ieee80211_hw *hw = &sdata->local->hw; 2231 2232 trace_api_beacon_loss(sdata); 2233 2234 sdata->u.mgd.connection_loss = false; 2235 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2236 } 2237 EXPORT_SYMBOL(ieee80211_beacon_loss); 2238 2239 void ieee80211_connection_loss(struct ieee80211_vif *vif) 2240 { 2241 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2242 struct ieee80211_hw *hw = &sdata->local->hw; 2243 2244 trace_api_connection_loss(sdata); 2245 2246 sdata->u.mgd.connection_loss = true; 2247 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2248 } 2249 EXPORT_SYMBOL(ieee80211_connection_loss); 2250 2251 2252 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2253 bool assoc) 2254 { 2255 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2256 2257 lockdep_assert_held(&sdata->u.mgd.mtx); 2258 2259 if (!assoc) { 2260 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2261 2262 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2263 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2264 sdata->u.mgd.flags = 0; 2265 ieee80211_vif_release_channel(sdata); 2266 } 2267 2268 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2269 kfree(auth_data); 2270 sdata->u.mgd.auth_data = NULL; 2271 } 2272 2273 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2274 struct ieee80211_mgmt *mgmt, size_t len) 2275 { 2276 struct ieee80211_local *local = sdata->local; 2277 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2278 u8 *pos; 2279 struct ieee802_11_elems elems; 2280 u32 tx_flags = 0; 2281 2282 pos = mgmt->u.auth.variable; 2283 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2284 if (!elems.challenge) 2285 return; 2286 auth_data->expected_transaction = 4; 2287 drv_mgd_prepare_tx(sdata->local, sdata); 2288 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2289 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2290 IEEE80211_TX_INTFL_MLME_CONN_TX; 2291 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2292 elems.challenge - 2, elems.challenge_len + 2, 2293 auth_data->bss->bssid, auth_data->bss->bssid, 2294 auth_data->key, auth_data->key_len, 2295 auth_data->key_idx, tx_flags); 2296 } 2297 2298 static enum rx_mgmt_action __must_check 2299 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2300 struct ieee80211_mgmt *mgmt, size_t len) 2301 { 2302 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2303 u8 bssid[ETH_ALEN]; 2304 u16 auth_alg, auth_transaction, status_code; 2305 struct sta_info *sta; 2306 2307 lockdep_assert_held(&ifmgd->mtx); 2308 2309 if (len < 24 + 6) 2310 return RX_MGMT_NONE; 2311 2312 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2313 return RX_MGMT_NONE; 2314 2315 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2316 2317 if (!ether_addr_equal(bssid, mgmt->bssid)) 2318 return RX_MGMT_NONE; 2319 2320 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2321 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2322 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2323 2324 if (auth_alg != ifmgd->auth_data->algorithm || 2325 auth_transaction != ifmgd->auth_data->expected_transaction) { 2326 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2327 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2328 auth_transaction, 2329 ifmgd->auth_data->expected_transaction); 2330 return RX_MGMT_NONE; 2331 } 2332 2333 if (status_code != WLAN_STATUS_SUCCESS) { 2334 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2335 mgmt->sa, status_code); 2336 ieee80211_destroy_auth_data(sdata, false); 2337 return RX_MGMT_CFG80211_RX_AUTH; 2338 } 2339 2340 switch (ifmgd->auth_data->algorithm) { 2341 case WLAN_AUTH_OPEN: 2342 case WLAN_AUTH_LEAP: 2343 case WLAN_AUTH_FT: 2344 case WLAN_AUTH_SAE: 2345 break; 2346 case WLAN_AUTH_SHARED_KEY: 2347 if (ifmgd->auth_data->expected_transaction != 4) { 2348 ieee80211_auth_challenge(sdata, mgmt, len); 2349 /* need another frame */ 2350 return RX_MGMT_NONE; 2351 } 2352 break; 2353 default: 2354 WARN_ONCE(1, "invalid auth alg %d", 2355 ifmgd->auth_data->algorithm); 2356 return RX_MGMT_NONE; 2357 } 2358 2359 sdata_info(sdata, "authenticated\n"); 2360 ifmgd->auth_data->done = true; 2361 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2362 ifmgd->auth_data->timeout_started = true; 2363 run_again(ifmgd, ifmgd->auth_data->timeout); 2364 2365 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2366 ifmgd->auth_data->expected_transaction != 2) { 2367 /* 2368 * Report auth frame to user space for processing since another 2369 * round of Authentication frames is still needed. 2370 */ 2371 return RX_MGMT_CFG80211_RX_AUTH; 2372 } 2373 2374 /* move station state to auth */ 2375 mutex_lock(&sdata->local->sta_mtx); 2376 sta = sta_info_get(sdata, bssid); 2377 if (!sta) { 2378 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2379 goto out_err; 2380 } 2381 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2382 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2383 goto out_err; 2384 } 2385 mutex_unlock(&sdata->local->sta_mtx); 2386 2387 return RX_MGMT_CFG80211_RX_AUTH; 2388 out_err: 2389 mutex_unlock(&sdata->local->sta_mtx); 2390 /* ignore frame -- wait for timeout */ 2391 return RX_MGMT_NONE; 2392 } 2393 2394 2395 static enum rx_mgmt_action __must_check 2396 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2397 struct ieee80211_mgmt *mgmt, size_t len) 2398 { 2399 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2400 const u8 *bssid = NULL; 2401 u16 reason_code; 2402 2403 lockdep_assert_held(&ifmgd->mtx); 2404 2405 if (len < 24 + 2) 2406 return RX_MGMT_NONE; 2407 2408 if (!ifmgd->associated || 2409 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2410 return RX_MGMT_NONE; 2411 2412 bssid = ifmgd->associated->bssid; 2413 2414 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2415 2416 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n", 2417 bssid, reason_code); 2418 2419 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2420 2421 return RX_MGMT_CFG80211_DEAUTH; 2422 } 2423 2424 2425 static enum rx_mgmt_action __must_check 2426 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2427 struct ieee80211_mgmt *mgmt, size_t len) 2428 { 2429 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2430 u16 reason_code; 2431 2432 lockdep_assert_held(&ifmgd->mtx); 2433 2434 if (len < 24 + 2) 2435 return RX_MGMT_NONE; 2436 2437 if (!ifmgd->associated || 2438 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2439 return RX_MGMT_NONE; 2440 2441 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2442 2443 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2444 mgmt->sa, reason_code); 2445 2446 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2447 2448 return RX_MGMT_CFG80211_DISASSOC; 2449 } 2450 2451 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2452 u8 *supp_rates, unsigned int supp_rates_len, 2453 u32 *rates, u32 *basic_rates, 2454 bool *have_higher_than_11mbit, 2455 int *min_rate, int *min_rate_index) 2456 { 2457 int i, j; 2458 2459 for (i = 0; i < supp_rates_len; i++) { 2460 int rate = (supp_rates[i] & 0x7f) * 5; 2461 bool is_basic = !!(supp_rates[i] & 0x80); 2462 2463 if (rate > 110) 2464 *have_higher_than_11mbit = true; 2465 2466 /* 2467 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2468 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2469 * 2470 * Note: Even through the membership selector and the basic 2471 * rate flag share the same bit, they are not exactly 2472 * the same. 2473 */ 2474 if (!!(supp_rates[i] & 0x80) && 2475 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2476 continue; 2477 2478 for (j = 0; j < sband->n_bitrates; j++) { 2479 if (sband->bitrates[j].bitrate == rate) { 2480 *rates |= BIT(j); 2481 if (is_basic) 2482 *basic_rates |= BIT(j); 2483 if (rate < *min_rate) { 2484 *min_rate = rate; 2485 *min_rate_index = j; 2486 } 2487 break; 2488 } 2489 } 2490 } 2491 } 2492 2493 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2494 bool assoc) 2495 { 2496 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2497 2498 lockdep_assert_held(&sdata->u.mgd.mtx); 2499 2500 if (!assoc) { 2501 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2502 2503 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2504 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2505 sdata->u.mgd.flags = 0; 2506 ieee80211_vif_release_channel(sdata); 2507 } 2508 2509 kfree(assoc_data); 2510 sdata->u.mgd.assoc_data = NULL; 2511 } 2512 2513 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2514 struct cfg80211_bss *cbss, 2515 struct ieee80211_mgmt *mgmt, size_t len) 2516 { 2517 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2518 struct ieee80211_local *local = sdata->local; 2519 struct ieee80211_supported_band *sband; 2520 struct sta_info *sta; 2521 u8 *pos; 2522 u16 capab_info, aid; 2523 struct ieee802_11_elems elems; 2524 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2525 u32 changed = 0; 2526 int err; 2527 2528 /* AssocResp and ReassocResp have identical structure */ 2529 2530 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2531 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2532 2533 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2534 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2535 aid); 2536 aid &= ~(BIT(15) | BIT(14)); 2537 2538 ifmgd->broken_ap = false; 2539 2540 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2541 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2542 aid); 2543 aid = 0; 2544 ifmgd->broken_ap = true; 2545 } 2546 2547 pos = mgmt->u.assoc_resp.variable; 2548 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2549 2550 if (!elems.supp_rates) { 2551 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2552 return false; 2553 } 2554 2555 ifmgd->aid = aid; 2556 2557 /* 2558 * We previously checked these in the beacon/probe response, so 2559 * they should be present here. This is just a safety net. 2560 */ 2561 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2562 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2563 sdata_info(sdata, 2564 "HT AP is missing WMM params or HT capability/operation in AssocResp\n"); 2565 return false; 2566 } 2567 2568 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2569 (!elems.vht_cap_elem || !elems.vht_operation)) { 2570 sdata_info(sdata, 2571 "VHT AP is missing VHT capability/operation in AssocResp\n"); 2572 return false; 2573 } 2574 2575 mutex_lock(&sdata->local->sta_mtx); 2576 /* 2577 * station info was already allocated and inserted before 2578 * the association and should be available to us 2579 */ 2580 sta = sta_info_get(sdata, cbss->bssid); 2581 if (WARN_ON(!sta)) { 2582 mutex_unlock(&sdata->local->sta_mtx); 2583 return false; 2584 } 2585 2586 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2587 2588 /* Set up internal HT/VHT capabilities */ 2589 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2590 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2591 elems.ht_cap_elem, sta); 2592 2593 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2594 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2595 elems.vht_cap_elem, sta); 2596 2597 /* 2598 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2599 * in their association response, so ignore that data for our own 2600 * configuration. If it changed since the last beacon, we'll get the 2601 * next beacon and update then. 2602 */ 2603 2604 /* 2605 * If an operating mode notification IE is present, override the 2606 * NSS calculation (that would be done in rate_control_rate_init()) 2607 * and use the # of streams from that element. 2608 */ 2609 if (elems.opmode_notif && 2610 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2611 u8 nss; 2612 2613 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2614 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2615 nss += 1; 2616 sta->sta.rx_nss = nss; 2617 } 2618 2619 rate_control_rate_init(sta); 2620 2621 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2622 set_sta_flag(sta, WLAN_STA_MFP); 2623 2624 if (elems.wmm_param) 2625 set_sta_flag(sta, WLAN_STA_WME); 2626 2627 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2628 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2629 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2630 if (err) { 2631 sdata_info(sdata, 2632 "failed to move station %pM to desired state\n", 2633 sta->sta.addr); 2634 WARN_ON(__sta_info_destroy(sta)); 2635 mutex_unlock(&sdata->local->sta_mtx); 2636 return false; 2637 } 2638 2639 mutex_unlock(&sdata->local->sta_mtx); 2640 2641 /* 2642 * Always handle WMM once after association regardless 2643 * of the first value the AP uses. Setting -1 here has 2644 * that effect because the AP values is an unsigned 2645 * 4-bit value. 2646 */ 2647 ifmgd->wmm_last_param_set = -1; 2648 2649 if (elems.wmm_param) 2650 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2651 elems.wmm_param_len); 2652 else 2653 ieee80211_set_wmm_default(sdata, false); 2654 changed |= BSS_CHANGED_QOS; 2655 2656 /* set AID and assoc capability, 2657 * ieee80211_set_associated() will tell the driver */ 2658 bss_conf->aid = aid; 2659 bss_conf->assoc_capability = capab_info; 2660 ieee80211_set_associated(sdata, cbss, changed); 2661 2662 /* 2663 * If we're using 4-addr mode, let the AP know that we're 2664 * doing so, so that it can create the STA VLAN on its side 2665 */ 2666 if (ifmgd->use_4addr) 2667 ieee80211_send_4addr_nullfunc(local, sdata); 2668 2669 /* 2670 * Start timer to probe the connection to the AP now. 2671 * Also start the timer that will detect beacon loss. 2672 */ 2673 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2674 ieee80211_sta_reset_beacon_monitor(sdata); 2675 2676 return true; 2677 } 2678 2679 static enum rx_mgmt_action __must_check 2680 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 2681 struct ieee80211_mgmt *mgmt, size_t len, 2682 struct cfg80211_bss **bss) 2683 { 2684 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2685 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2686 u16 capab_info, status_code, aid; 2687 struct ieee802_11_elems elems; 2688 u8 *pos; 2689 bool reassoc; 2690 2691 lockdep_assert_held(&ifmgd->mtx); 2692 2693 if (!assoc_data) 2694 return RX_MGMT_NONE; 2695 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 2696 return RX_MGMT_NONE; 2697 2698 /* 2699 * AssocResp and ReassocResp have identical structure, so process both 2700 * of them in this function. 2701 */ 2702 2703 if (len < 24 + 6) 2704 return RX_MGMT_NONE; 2705 2706 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 2707 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2708 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2709 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2710 2711 sdata_info(sdata, 2712 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 2713 reassoc ? "Rea" : "A", mgmt->sa, 2714 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2715 2716 pos = mgmt->u.assoc_resp.variable; 2717 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2718 2719 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2720 elems.timeout_int && 2721 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2722 u32 tu, ms; 2723 tu = le32_to_cpu(elems.timeout_int->value); 2724 ms = tu * 1024 / 1000; 2725 sdata_info(sdata, 2726 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2727 mgmt->sa, tu, ms); 2728 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 2729 assoc_data->timeout_started = true; 2730 if (ms > IEEE80211_ASSOC_TIMEOUT) 2731 run_again(ifmgd, assoc_data->timeout); 2732 return RX_MGMT_NONE; 2733 } 2734 2735 *bss = assoc_data->bss; 2736 2737 if (status_code != WLAN_STATUS_SUCCESS) { 2738 sdata_info(sdata, "%pM denied association (code=%d)\n", 2739 mgmt->sa, status_code); 2740 ieee80211_destroy_assoc_data(sdata, false); 2741 } else { 2742 if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) { 2743 /* oops -- internal error -- send timeout for now */ 2744 ieee80211_destroy_assoc_data(sdata, false); 2745 cfg80211_put_bss(sdata->local->hw.wiphy, *bss); 2746 return RX_MGMT_CFG80211_ASSOC_TIMEOUT; 2747 } 2748 sdata_info(sdata, "associated\n"); 2749 2750 /* 2751 * destroy assoc_data afterwards, as otherwise an idle 2752 * recalc after assoc_data is NULL but before associated 2753 * is set can cause the interface to go idle 2754 */ 2755 ieee80211_destroy_assoc_data(sdata, true); 2756 } 2757 2758 return RX_MGMT_CFG80211_RX_ASSOC; 2759 } 2760 2761 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2762 struct ieee80211_mgmt *mgmt, size_t len, 2763 struct ieee80211_rx_status *rx_status, 2764 struct ieee802_11_elems *elems) 2765 { 2766 struct ieee80211_local *local = sdata->local; 2767 int freq; 2768 struct ieee80211_bss *bss; 2769 struct ieee80211_channel *channel; 2770 bool need_ps = false; 2771 2772 lockdep_assert_held(&sdata->u.mgd.mtx); 2773 2774 if ((sdata->u.mgd.associated && 2775 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) || 2776 (sdata->u.mgd.assoc_data && 2777 ether_addr_equal(mgmt->bssid, 2778 sdata->u.mgd.assoc_data->bss->bssid))) { 2779 /* not previously set so we may need to recalc */ 2780 need_ps = sdata->u.mgd.associated && !sdata->u.mgd.dtim_period; 2781 2782 if (elems->tim && !elems->parse_error) { 2783 const struct ieee80211_tim_ie *tim_ie = elems->tim; 2784 sdata->u.mgd.dtim_period = tim_ie->dtim_period; 2785 } 2786 } 2787 2788 if (elems->ds_params) 2789 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2790 rx_status->band); 2791 else 2792 freq = rx_status->freq; 2793 2794 channel = ieee80211_get_channel(local->hw.wiphy, freq); 2795 2796 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 2797 return; 2798 2799 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 2800 channel); 2801 if (bss) 2802 ieee80211_rx_bss_put(local, bss); 2803 2804 if (!sdata->u.mgd.associated || 2805 !ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) 2806 return; 2807 2808 if (need_ps) { 2809 mutex_lock(&local->iflist_mtx); 2810 ieee80211_recalc_ps(local, -1); 2811 mutex_unlock(&local->iflist_mtx); 2812 } 2813 2814 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 2815 elems, true); 2816 2817 } 2818 2819 2820 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 2821 struct sk_buff *skb) 2822 { 2823 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2824 struct ieee80211_if_managed *ifmgd; 2825 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 2826 size_t baselen, len = skb->len; 2827 struct ieee802_11_elems elems; 2828 2829 ifmgd = &sdata->u.mgd; 2830 2831 ASSERT_MGD_MTX(ifmgd); 2832 2833 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 2834 return; /* ignore ProbeResp to foreign address */ 2835 2836 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2837 if (baselen > len) 2838 return; 2839 2840 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2841 false, &elems); 2842 2843 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2844 2845 if (ifmgd->associated && 2846 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2847 ieee80211_reset_ap_probe(sdata); 2848 2849 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 2850 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 2851 /* got probe response, continue with auth */ 2852 sdata_info(sdata, "direct probe responded\n"); 2853 ifmgd->auth_data->tries = 0; 2854 ifmgd->auth_data->timeout = jiffies; 2855 ifmgd->auth_data->timeout_started = true; 2856 run_again(ifmgd, ifmgd->auth_data->timeout); 2857 } 2858 } 2859 2860 /* 2861 * This is the canonical list of information elements we care about, 2862 * the filter code also gives us all changes to the Microsoft OUI 2863 * (00:50:F2) vendor IE which is used for WMM which we need to track. 2864 * 2865 * We implement beacon filtering in software since that means we can 2866 * avoid processing the frame here and in cfg80211, and userspace 2867 * will not be able to tell whether the hardware supports it or not. 2868 * 2869 * XXX: This list needs to be dynamic -- userspace needs to be able to 2870 * add items it requires. It also needs to be able to tell us to 2871 * look out for other vendor IEs. 2872 */ 2873 static const u64 care_about_ies = 2874 (1ULL << WLAN_EID_COUNTRY) | 2875 (1ULL << WLAN_EID_ERP_INFO) | 2876 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 2877 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 2878 (1ULL << WLAN_EID_HT_CAPABILITY) | 2879 (1ULL << WLAN_EID_HT_OPERATION); 2880 2881 static enum rx_mgmt_action 2882 ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 2883 struct ieee80211_mgmt *mgmt, size_t len, 2884 u8 *deauth_buf, struct ieee80211_rx_status *rx_status) 2885 { 2886 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2887 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2888 size_t baselen; 2889 struct ieee802_11_elems elems; 2890 struct ieee80211_local *local = sdata->local; 2891 struct ieee80211_chanctx_conf *chanctx_conf; 2892 struct ieee80211_channel *chan; 2893 struct sta_info *sta; 2894 u32 changed = 0; 2895 bool erp_valid; 2896 u8 erp_value = 0; 2897 u32 ncrc; 2898 u8 *bssid; 2899 2900 lockdep_assert_held(&ifmgd->mtx); 2901 2902 /* Process beacon from the current BSS */ 2903 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2904 if (baselen > len) 2905 return RX_MGMT_NONE; 2906 2907 rcu_read_lock(); 2908 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 2909 if (!chanctx_conf) { 2910 rcu_read_unlock(); 2911 return RX_MGMT_NONE; 2912 } 2913 2914 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 2915 rcu_read_unlock(); 2916 return RX_MGMT_NONE; 2917 } 2918 chan = chanctx_conf->def.chan; 2919 rcu_read_unlock(); 2920 2921 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 2922 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2923 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2924 len - baselen, false, &elems); 2925 2926 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2927 ifmgd->assoc_data->have_beacon = true; 2928 ifmgd->assoc_data->need_beacon = false; 2929 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2930 sdata->vif.bss_conf.sync_tsf = 2931 le64_to_cpu(mgmt->u.beacon.timestamp); 2932 sdata->vif.bss_conf.sync_device_ts = 2933 rx_status->device_timestamp; 2934 if (elems.tim) 2935 sdata->vif.bss_conf.sync_dtim_count = 2936 elems.tim->dtim_count; 2937 else 2938 sdata->vif.bss_conf.sync_dtim_count = 0; 2939 } 2940 /* continue assoc process */ 2941 ifmgd->assoc_data->timeout = jiffies; 2942 ifmgd->assoc_data->timeout_started = true; 2943 run_again(ifmgd, ifmgd->assoc_data->timeout); 2944 return RX_MGMT_NONE; 2945 } 2946 2947 if (!ifmgd->associated || 2948 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2949 return RX_MGMT_NONE; 2950 bssid = ifmgd->associated->bssid; 2951 2952 /* Track average RSSI from the Beacon frames of the current AP */ 2953 ifmgd->last_beacon_signal = rx_status->signal; 2954 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 2955 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 2956 ifmgd->ave_beacon_signal = rx_status->signal * 16; 2957 ifmgd->last_cqm_event_signal = 0; 2958 ifmgd->count_beacon_signal = 1; 2959 ifmgd->last_ave_beacon_signal = 0; 2960 } else { 2961 ifmgd->ave_beacon_signal = 2962 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 2963 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 2964 ifmgd->ave_beacon_signal) / 16; 2965 ifmgd->count_beacon_signal++; 2966 } 2967 2968 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 2969 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 2970 int sig = ifmgd->ave_beacon_signal; 2971 int last_sig = ifmgd->last_ave_beacon_signal; 2972 2973 /* 2974 * if signal crosses either of the boundaries, invoke callback 2975 * with appropriate parameters 2976 */ 2977 if (sig > ifmgd->rssi_max_thold && 2978 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 2979 ifmgd->last_ave_beacon_signal = sig; 2980 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH); 2981 } else if (sig < ifmgd->rssi_min_thold && 2982 (last_sig >= ifmgd->rssi_max_thold || 2983 last_sig == 0)) { 2984 ifmgd->last_ave_beacon_signal = sig; 2985 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW); 2986 } 2987 } 2988 2989 if (bss_conf->cqm_rssi_thold && 2990 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 2991 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 2992 int sig = ifmgd->ave_beacon_signal / 16; 2993 int last_event = ifmgd->last_cqm_event_signal; 2994 int thold = bss_conf->cqm_rssi_thold; 2995 int hyst = bss_conf->cqm_rssi_hyst; 2996 if (sig < thold && 2997 (last_event == 0 || sig < last_event - hyst)) { 2998 ifmgd->last_cqm_event_signal = sig; 2999 ieee80211_cqm_rssi_notify( 3000 &sdata->vif, 3001 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 3002 GFP_KERNEL); 3003 } else if (sig > thold && 3004 (last_event == 0 || sig > last_event + hyst)) { 3005 ifmgd->last_cqm_event_signal = sig; 3006 ieee80211_cqm_rssi_notify( 3007 &sdata->vif, 3008 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 3009 GFP_KERNEL); 3010 } 3011 } 3012 3013 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) { 3014 mlme_dbg_ratelimited(sdata, 3015 "cancelling AP probe due to a received beacon\n"); 3016 mutex_lock(&local->mtx); 3017 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL; 3018 ieee80211_run_deferred_scan(local); 3019 mutex_unlock(&local->mtx); 3020 3021 mutex_lock(&local->iflist_mtx); 3022 ieee80211_recalc_ps(local, -1); 3023 mutex_unlock(&local->iflist_mtx); 3024 } 3025 3026 /* 3027 * Push the beacon loss detection into the future since 3028 * we are processing a beacon from the AP just now. 3029 */ 3030 ieee80211_sta_reset_beacon_monitor(sdata); 3031 3032 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 3033 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 3034 len - baselen, false, &elems, 3035 care_about_ies, ncrc); 3036 3037 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 3038 bool directed_tim = ieee80211_check_tim(elems.tim, 3039 elems.tim_len, 3040 ifmgd->aid); 3041 if (directed_tim) { 3042 if (local->hw.conf.dynamic_ps_timeout > 0) { 3043 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 3044 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 3045 ieee80211_hw_config(local, 3046 IEEE80211_CONF_CHANGE_PS); 3047 } 3048 ieee80211_send_nullfunc(local, sdata, 0); 3049 } else if (!local->pspolling && sdata->u.mgd.powersave) { 3050 local->pspolling = true; 3051 3052 /* 3053 * Here is assumed that the driver will be 3054 * able to send ps-poll frame and receive a 3055 * response even though power save mode is 3056 * enabled, but some drivers might require 3057 * to disable power save here. This needs 3058 * to be investigated. 3059 */ 3060 ieee80211_send_pspoll(local, sdata); 3061 } 3062 } 3063 } 3064 3065 if (sdata->vif.p2p) { 3066 struct ieee80211_p2p_noa_attr noa = {}; 3067 int ret; 3068 3069 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 3070 len - baselen, 3071 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 3072 (u8 *) &noa, sizeof(noa)); 3073 if (ret >= 2) { 3074 if (sdata->u.mgd.p2p_noa_index != noa.index) { 3075 /* valid noa_attr and index changed */ 3076 sdata->u.mgd.p2p_noa_index = noa.index; 3077 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 3078 changed |= BSS_CHANGED_P2P_PS; 3079 /* 3080 * make sure we update all information, the CRC 3081 * mechanism doesn't look at P2P attributes. 3082 */ 3083 ifmgd->beacon_crc_valid = false; 3084 } 3085 } else if (sdata->u.mgd.p2p_noa_index != -1) { 3086 /* noa_attr not found and we had valid noa_attr before */ 3087 sdata->u.mgd.p2p_noa_index = -1; 3088 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 3089 changed |= BSS_CHANGED_P2P_PS; 3090 ifmgd->beacon_crc_valid = false; 3091 } 3092 } 3093 3094 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 3095 return RX_MGMT_NONE; 3096 ifmgd->beacon_crc = ncrc; 3097 ifmgd->beacon_crc_valid = true; 3098 3099 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3100 3101 if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 3102 elems.wmm_param_len)) 3103 changed |= BSS_CHANGED_QOS; 3104 3105 /* 3106 * If we haven't had a beacon before, tell the driver about the 3107 * DTIM period (and beacon timing if desired) now. 3108 */ 3109 if (!bss_conf->dtim_period) { 3110 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 3111 if (elems.tim) 3112 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 3113 else 3114 bss_conf->dtim_period = 1; 3115 3116 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3117 sdata->vif.bss_conf.sync_tsf = 3118 le64_to_cpu(mgmt->u.beacon.timestamp); 3119 sdata->vif.bss_conf.sync_device_ts = 3120 rx_status->device_timestamp; 3121 if (elems.tim) 3122 sdata->vif.bss_conf.sync_dtim_count = 3123 elems.tim->dtim_count; 3124 else 3125 sdata->vif.bss_conf.sync_dtim_count = 0; 3126 } 3127 3128 changed |= BSS_CHANGED_DTIM_PERIOD; 3129 } 3130 3131 if (elems.erp_info) { 3132 erp_valid = true; 3133 erp_value = elems.erp_info[0]; 3134 } else { 3135 erp_valid = false; 3136 } 3137 changed |= ieee80211_handle_bss_capability(sdata, 3138 le16_to_cpu(mgmt->u.beacon.capab_info), 3139 erp_valid, erp_value); 3140 3141 mutex_lock(&local->sta_mtx); 3142 sta = sta_info_get(sdata, bssid); 3143 3144 if (ieee80211_config_bw(sdata, sta, elems.ht_operation, 3145 elems.vht_operation, bssid, &changed)) { 3146 mutex_unlock(&local->sta_mtx); 3147 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3148 WLAN_REASON_DEAUTH_LEAVING, 3149 true, deauth_buf); 3150 return RX_MGMT_CFG80211_TX_DEAUTH; 3151 } 3152 3153 if (sta && elems.opmode_notif) 3154 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3155 rx_status->band, true); 3156 mutex_unlock(&local->sta_mtx); 3157 3158 if (elems.country_elem && elems.pwr_constr_elem && 3159 mgmt->u.probe_resp.capab_info & 3160 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) 3161 changed |= ieee80211_handle_pwr_constr(sdata, chan, 3162 elems.country_elem, 3163 elems.country_elem_len, 3164 elems.pwr_constr_elem); 3165 3166 ieee80211_bss_info_change_notify(sdata, changed); 3167 3168 return RX_MGMT_NONE; 3169 } 3170 3171 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3172 struct sk_buff *skb) 3173 { 3174 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3175 struct ieee80211_rx_status *rx_status; 3176 struct ieee80211_mgmt *mgmt; 3177 struct cfg80211_bss *bss = NULL; 3178 enum rx_mgmt_action rma = RX_MGMT_NONE; 3179 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3180 u16 fc; 3181 struct ieee802_11_elems elems; 3182 int ies_len; 3183 3184 rx_status = (struct ieee80211_rx_status *) skb->cb; 3185 mgmt = (struct ieee80211_mgmt *) skb->data; 3186 fc = le16_to_cpu(mgmt->frame_control); 3187 3188 mutex_lock(&ifmgd->mtx); 3189 3190 switch (fc & IEEE80211_FCTL_STYPE) { 3191 case IEEE80211_STYPE_BEACON: 3192 rma = ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, 3193 deauth_buf, rx_status); 3194 break; 3195 case IEEE80211_STYPE_PROBE_RESP: 3196 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3197 break; 3198 case IEEE80211_STYPE_AUTH: 3199 rma = ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3200 break; 3201 case IEEE80211_STYPE_DEAUTH: 3202 rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3203 break; 3204 case IEEE80211_STYPE_DISASSOC: 3205 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3206 break; 3207 case IEEE80211_STYPE_ASSOC_RESP: 3208 case IEEE80211_STYPE_REASSOC_RESP: 3209 rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss); 3210 break; 3211 case IEEE80211_STYPE_ACTION: 3212 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 3213 ies_len = skb->len - 3214 offsetof(struct ieee80211_mgmt, 3215 u.action.u.chan_switch.variable); 3216 3217 if (ies_len < 0) 3218 break; 3219 3220 ieee802_11_parse_elems( 3221 mgmt->u.action.u.chan_switch.variable, 3222 ies_len, true, &elems); 3223 3224 if (elems.parse_error) 3225 break; 3226 3227 ieee80211_sta_process_chanswitch(sdata, 3228 rx_status->mactime, 3229 &elems, false); 3230 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3231 ies_len = skb->len - 3232 offsetof(struct ieee80211_mgmt, 3233 u.action.u.ext_chan_switch.variable); 3234 3235 if (ies_len < 0) 3236 break; 3237 3238 ieee802_11_parse_elems( 3239 mgmt->u.action.u.ext_chan_switch.variable, 3240 ies_len, true, &elems); 3241 3242 if (elems.parse_error) 3243 break; 3244 3245 /* for the handling code pretend this was also an IE */ 3246 elems.ext_chansw_ie = 3247 &mgmt->u.action.u.ext_chan_switch.data; 3248 3249 ieee80211_sta_process_chanswitch(sdata, 3250 rx_status->mactime, 3251 &elems, false); 3252 } 3253 break; 3254 } 3255 mutex_unlock(&ifmgd->mtx); 3256 3257 switch (rma) { 3258 case RX_MGMT_NONE: 3259 /* no action */ 3260 break; 3261 case RX_MGMT_CFG80211_DEAUTH: 3262 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 3263 break; 3264 case RX_MGMT_CFG80211_DISASSOC: 3265 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 3266 break; 3267 case RX_MGMT_CFG80211_RX_AUTH: 3268 cfg80211_send_rx_auth(sdata->dev, (u8 *)mgmt, skb->len); 3269 break; 3270 case RX_MGMT_CFG80211_RX_ASSOC: 3271 cfg80211_send_rx_assoc(sdata->dev, bss, (u8 *)mgmt, skb->len); 3272 break; 3273 case RX_MGMT_CFG80211_ASSOC_TIMEOUT: 3274 cfg80211_send_assoc_timeout(sdata->dev, mgmt->bssid); 3275 break; 3276 case RX_MGMT_CFG80211_TX_DEAUTH: 3277 cfg80211_send_deauth(sdata->dev, deauth_buf, 3278 sizeof(deauth_buf)); 3279 break; 3280 default: 3281 WARN(1, "unexpected: %d", rma); 3282 } 3283 } 3284 3285 static void ieee80211_sta_timer(unsigned long data) 3286 { 3287 struct ieee80211_sub_if_data *sdata = 3288 (struct ieee80211_sub_if_data *) data; 3289 3290 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3291 } 3292 3293 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3294 u8 *bssid, u8 reason, bool tx) 3295 { 3296 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3297 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3298 3299 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3300 tx, frame_buf); 3301 mutex_unlock(&ifmgd->mtx); 3302 3303 /* 3304 * must be outside lock due to cfg80211, 3305 * but that's not a problem. 3306 */ 3307 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN); 3308 3309 mutex_lock(&ifmgd->mtx); 3310 } 3311 3312 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3313 { 3314 struct ieee80211_local *local = sdata->local; 3315 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3316 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3317 u32 tx_flags = 0; 3318 3319 lockdep_assert_held(&ifmgd->mtx); 3320 3321 if (WARN_ON_ONCE(!auth_data)) 3322 return -EINVAL; 3323 3324 auth_data->tries++; 3325 3326 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3327 sdata_info(sdata, "authentication with %pM timed out\n", 3328 auth_data->bss->bssid); 3329 3330 /* 3331 * Most likely AP is not in the range so remove the 3332 * bss struct for that AP. 3333 */ 3334 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3335 3336 return -ETIMEDOUT; 3337 } 3338 3339 drv_mgd_prepare_tx(local, sdata); 3340 3341 if (auth_data->bss->proberesp_ies) { 3342 u16 trans = 1; 3343 u16 status = 0; 3344 3345 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3346 auth_data->bss->bssid, auth_data->tries, 3347 IEEE80211_AUTH_MAX_TRIES); 3348 3349 auth_data->expected_transaction = 2; 3350 3351 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3352 trans = auth_data->sae_trans; 3353 status = auth_data->sae_status; 3354 auth_data->expected_transaction = trans; 3355 } 3356 3357 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3358 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3359 IEEE80211_TX_INTFL_MLME_CONN_TX; 3360 3361 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3362 auth_data->data, auth_data->data_len, 3363 auth_data->bss->bssid, 3364 auth_data->bss->bssid, NULL, 0, 0, 3365 tx_flags); 3366 } else { 3367 const u8 *ssidie; 3368 3369 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3370 auth_data->bss->bssid, auth_data->tries, 3371 IEEE80211_AUTH_MAX_TRIES); 3372 3373 rcu_read_lock(); 3374 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3375 if (!ssidie) { 3376 rcu_read_unlock(); 3377 return -EINVAL; 3378 } 3379 /* 3380 * Direct probe is sent to broadcast address as some APs 3381 * will not answer to direct packet in unassociated state. 3382 */ 3383 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 3384 NULL, 0, (u32) -1, true, 0, 3385 auth_data->bss->channel, false); 3386 rcu_read_unlock(); 3387 } 3388 3389 if (tx_flags == 0) { 3390 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3391 ifmgd->auth_data->timeout_started = true; 3392 run_again(ifmgd, auth_data->timeout); 3393 } else { 3394 auth_data->timeout_started = false; 3395 } 3396 3397 return 0; 3398 } 3399 3400 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3401 { 3402 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3403 struct ieee80211_local *local = sdata->local; 3404 3405 lockdep_assert_held(&sdata->u.mgd.mtx); 3406 3407 assoc_data->tries++; 3408 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3409 sdata_info(sdata, "association with %pM timed out\n", 3410 assoc_data->bss->bssid); 3411 3412 /* 3413 * Most likely AP is not in the range so remove the 3414 * bss struct for that AP. 3415 */ 3416 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3417 3418 return -ETIMEDOUT; 3419 } 3420 3421 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3422 assoc_data->bss->bssid, assoc_data->tries, 3423 IEEE80211_ASSOC_MAX_TRIES); 3424 ieee80211_send_assoc(sdata); 3425 3426 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3427 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3428 assoc_data->timeout_started = true; 3429 run_again(&sdata->u.mgd, assoc_data->timeout); 3430 } else { 3431 assoc_data->timeout_started = false; 3432 } 3433 3434 return 0; 3435 } 3436 3437 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3438 __le16 fc, bool acked) 3439 { 3440 struct ieee80211_local *local = sdata->local; 3441 3442 sdata->u.mgd.status_fc = fc; 3443 sdata->u.mgd.status_acked = acked; 3444 sdata->u.mgd.status_received = true; 3445 3446 ieee80211_queue_work(&local->hw, &sdata->work); 3447 } 3448 3449 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3450 { 3451 struct ieee80211_local *local = sdata->local; 3452 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3453 3454 mutex_lock(&ifmgd->mtx); 3455 3456 if (ifmgd->status_received) { 3457 __le16 fc = ifmgd->status_fc; 3458 bool status_acked = ifmgd->status_acked; 3459 3460 ifmgd->status_received = false; 3461 if (ifmgd->auth_data && 3462 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3463 if (status_acked) { 3464 ifmgd->auth_data->timeout = 3465 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3466 run_again(ifmgd, ifmgd->auth_data->timeout); 3467 } else { 3468 ifmgd->auth_data->timeout = jiffies - 1; 3469 } 3470 ifmgd->auth_data->timeout_started = true; 3471 } else if (ifmgd->assoc_data && 3472 (ieee80211_is_assoc_req(fc) || 3473 ieee80211_is_reassoc_req(fc))) { 3474 if (status_acked) { 3475 ifmgd->assoc_data->timeout = 3476 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3477 run_again(ifmgd, ifmgd->assoc_data->timeout); 3478 } else { 3479 ifmgd->assoc_data->timeout = jiffies - 1; 3480 } 3481 ifmgd->assoc_data->timeout_started = true; 3482 } 3483 } 3484 3485 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3486 time_after(jiffies, ifmgd->auth_data->timeout)) { 3487 if (ifmgd->auth_data->done) { 3488 /* 3489 * ok ... we waited for assoc but userspace didn't, 3490 * so let's just kill the auth data 3491 */ 3492 ieee80211_destroy_auth_data(sdata, false); 3493 } else if (ieee80211_probe_auth(sdata)) { 3494 u8 bssid[ETH_ALEN]; 3495 3496 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3497 3498 ieee80211_destroy_auth_data(sdata, false); 3499 3500 mutex_unlock(&ifmgd->mtx); 3501 cfg80211_send_auth_timeout(sdata->dev, bssid); 3502 mutex_lock(&ifmgd->mtx); 3503 } 3504 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3505 run_again(ifmgd, ifmgd->auth_data->timeout); 3506 3507 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3508 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3509 if ((ifmgd->assoc_data->need_beacon && 3510 !ifmgd->assoc_data->have_beacon) || 3511 ieee80211_do_assoc(sdata)) { 3512 u8 bssid[ETH_ALEN]; 3513 3514 memcpy(bssid, ifmgd->assoc_data->bss->bssid, ETH_ALEN); 3515 3516 ieee80211_destroy_assoc_data(sdata, false); 3517 3518 mutex_unlock(&ifmgd->mtx); 3519 cfg80211_send_assoc_timeout(sdata->dev, bssid); 3520 mutex_lock(&ifmgd->mtx); 3521 } 3522 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3523 run_again(ifmgd, ifmgd->assoc_data->timeout); 3524 3525 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 3526 IEEE80211_STA_CONNECTION_POLL) && 3527 ifmgd->associated) { 3528 u8 bssid[ETH_ALEN]; 3529 int max_tries; 3530 3531 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3532 3533 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3534 max_tries = max_nullfunc_tries; 3535 else 3536 max_tries = max_probe_tries; 3537 3538 /* ACK received for nullfunc probing frame */ 3539 if (!ifmgd->probe_send_count) 3540 ieee80211_reset_ap_probe(sdata); 3541 else if (ifmgd->nullfunc_failed) { 3542 if (ifmgd->probe_send_count < max_tries) { 3543 mlme_dbg(sdata, 3544 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3545 bssid, ifmgd->probe_send_count, 3546 max_tries); 3547 ieee80211_mgd_probe_ap_send(sdata); 3548 } else { 3549 mlme_dbg(sdata, 3550 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3551 bssid); 3552 ieee80211_sta_connection_lost(sdata, bssid, 3553 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3554 false); 3555 } 3556 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3557 run_again(ifmgd, ifmgd->probe_timeout); 3558 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3559 mlme_dbg(sdata, 3560 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3561 bssid, probe_wait_ms); 3562 ieee80211_sta_connection_lost(sdata, bssid, 3563 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3564 } else if (ifmgd->probe_send_count < max_tries) { 3565 mlme_dbg(sdata, 3566 "No probe response from AP %pM after %dms, try %d/%i\n", 3567 bssid, probe_wait_ms, 3568 ifmgd->probe_send_count, max_tries); 3569 ieee80211_mgd_probe_ap_send(sdata); 3570 } else { 3571 /* 3572 * We actually lost the connection ... or did we? 3573 * Let's make sure! 3574 */ 3575 wiphy_debug(local->hw.wiphy, 3576 "%s: No probe response from AP %pM" 3577 " after %dms, disconnecting.\n", 3578 sdata->name, 3579 bssid, probe_wait_ms); 3580 3581 ieee80211_sta_connection_lost(sdata, bssid, 3582 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3583 } 3584 } 3585 3586 mutex_unlock(&ifmgd->mtx); 3587 } 3588 3589 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3590 { 3591 struct ieee80211_sub_if_data *sdata = 3592 (struct ieee80211_sub_if_data *) data; 3593 struct ieee80211_local *local = sdata->local; 3594 3595 if (local->quiescing) 3596 return; 3597 3598 sdata->u.mgd.connection_loss = false; 3599 ieee80211_queue_work(&sdata->local->hw, 3600 &sdata->u.mgd.beacon_connection_loss_work); 3601 } 3602 3603 static void ieee80211_sta_conn_mon_timer(unsigned long data) 3604 { 3605 struct ieee80211_sub_if_data *sdata = 3606 (struct ieee80211_sub_if_data *) data; 3607 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3608 struct ieee80211_local *local = sdata->local; 3609 3610 if (local->quiescing) 3611 return; 3612 3613 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3614 } 3615 3616 static void ieee80211_sta_monitor_work(struct work_struct *work) 3617 { 3618 struct ieee80211_sub_if_data *sdata = 3619 container_of(work, struct ieee80211_sub_if_data, 3620 u.mgd.monitor_work); 3621 3622 ieee80211_mgd_probe_ap(sdata, false); 3623 } 3624 3625 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3626 { 3627 u32 flags; 3628 3629 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3630 __ieee80211_stop_poll(sdata); 3631 3632 /* let's probe the connection once */ 3633 flags = sdata->local->hw.flags; 3634 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 3635 ieee80211_queue_work(&sdata->local->hw, 3636 &sdata->u.mgd.monitor_work); 3637 /* and do all the other regular work too */ 3638 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3639 } 3640 } 3641 3642 #ifdef CONFIG_PM 3643 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 3644 { 3645 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3646 3647 mutex_lock(&ifmgd->mtx); 3648 if (!ifmgd->associated) { 3649 mutex_unlock(&ifmgd->mtx); 3650 return; 3651 } 3652 3653 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 3654 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 3655 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 3656 ieee80211_sta_connection_lost(sdata, 3657 ifmgd->associated->bssid, 3658 WLAN_REASON_UNSPECIFIED, 3659 true); 3660 mutex_unlock(&ifmgd->mtx); 3661 return; 3662 } 3663 mutex_unlock(&ifmgd->mtx); 3664 } 3665 #endif 3666 3667 /* interface setup */ 3668 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3669 { 3670 struct ieee80211_if_managed *ifmgd; 3671 3672 ifmgd = &sdata->u.mgd; 3673 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3674 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3675 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3676 ieee80211_beacon_connection_loss_work); 3677 INIT_WORK(&ifmgd->csa_connection_drop_work, 3678 ieee80211_csa_connection_drop_work); 3679 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work); 3680 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3681 (unsigned long) sdata); 3682 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3683 (unsigned long) sdata); 3684 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3685 (unsigned long) sdata); 3686 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 3687 (unsigned long) sdata); 3688 3689 ifmgd->flags = 0; 3690 ifmgd->powersave = sdata->wdev.ps; 3691 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 3692 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 3693 ifmgd->p2p_noa_index = -1; 3694 3695 mutex_init(&ifmgd->mtx); 3696 3697 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 3698 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 3699 else 3700 ifmgd->req_smps = IEEE80211_SMPS_OFF; 3701 } 3702 3703 /* scan finished notification */ 3704 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 3705 { 3706 struct ieee80211_sub_if_data *sdata; 3707 3708 /* Restart STA timers */ 3709 rcu_read_lock(); 3710 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 3711 if (ieee80211_sdata_running(sdata)) 3712 ieee80211_restart_sta_timer(sdata); 3713 } 3714 rcu_read_unlock(); 3715 } 3716 3717 int ieee80211_max_network_latency(struct notifier_block *nb, 3718 unsigned long data, void *dummy) 3719 { 3720 s32 latency_usec = (s32) data; 3721 struct ieee80211_local *local = 3722 container_of(nb, struct ieee80211_local, 3723 network_latency_notifier); 3724 3725 mutex_lock(&local->iflist_mtx); 3726 ieee80211_recalc_ps(local, latency_usec); 3727 mutex_unlock(&local->iflist_mtx); 3728 3729 return 0; 3730 } 3731 3732 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 3733 struct cfg80211_bss *cbss) 3734 { 3735 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3736 const u8 *ht_cap_ie, *vht_cap_ie; 3737 const struct ieee80211_ht_cap *ht_cap; 3738 const struct ieee80211_vht_cap *vht_cap; 3739 u8 chains = 1; 3740 3741 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 3742 return chains; 3743 3744 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3745 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 3746 ht_cap = (void *)(ht_cap_ie + 2); 3747 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 3748 /* 3749 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 3750 * "Tx Unequal Modulation Supported" fields. 3751 */ 3752 } 3753 3754 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 3755 return chains; 3756 3757 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3758 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 3759 u8 nss; 3760 u16 tx_mcs_map; 3761 3762 vht_cap = (void *)(vht_cap_ie + 2); 3763 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 3764 for (nss = 8; nss > 0; nss--) { 3765 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 3766 IEEE80211_VHT_MCS_NOT_SUPPORTED) 3767 break; 3768 } 3769 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 3770 chains = max(chains, nss); 3771 } 3772 3773 return chains; 3774 } 3775 3776 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 3777 struct cfg80211_bss *cbss) 3778 { 3779 struct ieee80211_local *local = sdata->local; 3780 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3781 const struct ieee80211_ht_operation *ht_oper = NULL; 3782 const struct ieee80211_vht_operation *vht_oper = NULL; 3783 struct ieee80211_supported_band *sband; 3784 struct cfg80211_chan_def chandef; 3785 int ret; 3786 3787 sband = local->hw.wiphy->bands[cbss->channel->band]; 3788 3789 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 3790 IEEE80211_STA_DISABLE_80P80MHZ | 3791 IEEE80211_STA_DISABLE_160MHZ); 3792 3793 rcu_read_lock(); 3794 3795 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 3796 sband->ht_cap.ht_supported) { 3797 const u8 *ht_oper_ie, *ht_cap; 3798 3799 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 3800 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 3801 ht_oper = (void *)(ht_oper_ie + 2); 3802 3803 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3804 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) { 3805 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3806 ht_oper = NULL; 3807 } 3808 } 3809 3810 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 3811 sband->vht_cap.vht_supported) { 3812 const u8 *vht_oper_ie, *vht_cap; 3813 3814 vht_oper_ie = ieee80211_bss_get_ie(cbss, 3815 WLAN_EID_VHT_OPERATION); 3816 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 3817 vht_oper = (void *)(vht_oper_ie + 2); 3818 if (vht_oper && !ht_oper) { 3819 vht_oper = NULL; 3820 sdata_info(sdata, 3821 "AP advertised VHT without HT, disabling both\n"); 3822 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3823 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3824 } 3825 3826 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3827 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 3828 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3829 vht_oper = NULL; 3830 } 3831 } 3832 3833 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 3834 cbss->channel, 3835 ht_oper, vht_oper, 3836 &chandef, true); 3837 3838 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 3839 local->rx_chains); 3840 3841 rcu_read_unlock(); 3842 3843 /* will change later if needed */ 3844 sdata->smps_mode = IEEE80211_SMPS_OFF; 3845 3846 /* 3847 * If this fails (possibly due to channel context sharing 3848 * on incompatible channels, e.g. 80+80 and 160 sharing the 3849 * same control channel) try to use a smaller bandwidth. 3850 */ 3851 ret = ieee80211_vif_use_channel(sdata, &chandef, 3852 IEEE80211_CHANCTX_SHARED); 3853 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 3854 ifmgd->flags |= chandef_downgrade(&chandef); 3855 ret = ieee80211_vif_use_channel(sdata, &chandef, 3856 IEEE80211_CHANCTX_SHARED); 3857 } 3858 return ret; 3859 } 3860 3861 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3862 struct cfg80211_bss *cbss, bool assoc) 3863 { 3864 struct ieee80211_local *local = sdata->local; 3865 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3866 struct ieee80211_bss *bss = (void *)cbss->priv; 3867 struct sta_info *new_sta = NULL; 3868 bool have_sta = false; 3869 int err; 3870 3871 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 3872 return -EINVAL; 3873 3874 if (assoc) { 3875 rcu_read_lock(); 3876 have_sta = sta_info_get(sdata, cbss->bssid); 3877 rcu_read_unlock(); 3878 } 3879 3880 if (!have_sta) { 3881 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 3882 if (!new_sta) 3883 return -ENOMEM; 3884 } 3885 3886 if (new_sta) { 3887 u32 rates = 0, basic_rates = 0; 3888 bool have_higher_than_11mbit; 3889 int min_rate = INT_MAX, min_rate_index = -1; 3890 struct ieee80211_supported_band *sband; 3891 const struct cfg80211_bss_ies *ies; 3892 3893 sband = local->hw.wiphy->bands[cbss->channel->band]; 3894 3895 err = ieee80211_prep_channel(sdata, cbss); 3896 if (err) { 3897 sta_info_free(local, new_sta); 3898 return err; 3899 } 3900 3901 ieee80211_get_rates(sband, bss->supp_rates, 3902 bss->supp_rates_len, 3903 &rates, &basic_rates, 3904 &have_higher_than_11mbit, 3905 &min_rate, &min_rate_index); 3906 3907 /* 3908 * This used to be a workaround for basic rates missing 3909 * in the association response frame. Now that we no 3910 * longer use the basic rates from there, it probably 3911 * doesn't happen any more, but keep the workaround so 3912 * in case some *other* APs are buggy in different ways 3913 * we can connect -- with a warning. 3914 */ 3915 if (!basic_rates && min_rate_index >= 0) { 3916 sdata_info(sdata, 3917 "No basic rates, using min rate instead\n"); 3918 basic_rates = BIT(min_rate_index); 3919 } 3920 3921 new_sta->sta.supp_rates[cbss->channel->band] = rates; 3922 sdata->vif.bss_conf.basic_rates = basic_rates; 3923 3924 /* cf. IEEE 802.11 9.2.12 */ 3925 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 3926 have_higher_than_11mbit) 3927 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 3928 else 3929 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 3930 3931 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3932 3933 /* set timing information */ 3934 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 3935 rcu_read_lock(); 3936 ies = rcu_dereference(cbss->beacon_ies); 3937 if (ies) { 3938 const u8 *tim_ie; 3939 3940 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3941 sdata->vif.bss_conf.sync_device_ts = 3942 bss->device_ts_beacon; 3943 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 3944 ies->data, ies->len); 3945 if (tim_ie && tim_ie[1] >= 2) 3946 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 3947 else 3948 sdata->vif.bss_conf.sync_dtim_count = 0; 3949 } else if (!(local->hw.flags & 3950 IEEE80211_HW_TIMING_BEACON_ONLY)) { 3951 ies = rcu_dereference(cbss->proberesp_ies); 3952 /* must be non-NULL since beacon IEs were NULL */ 3953 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3954 sdata->vif.bss_conf.sync_device_ts = 3955 bss->device_ts_presp; 3956 sdata->vif.bss_conf.sync_dtim_count = 0; 3957 } else { 3958 sdata->vif.bss_conf.sync_tsf = 0; 3959 sdata->vif.bss_conf.sync_device_ts = 0; 3960 sdata->vif.bss_conf.sync_dtim_count = 0; 3961 } 3962 rcu_read_unlock(); 3963 3964 /* tell driver about BSSID, basic rates and timing */ 3965 ieee80211_bss_info_change_notify(sdata, 3966 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 3967 BSS_CHANGED_BEACON_INT); 3968 3969 if (assoc) 3970 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 3971 3972 err = sta_info_insert(new_sta); 3973 new_sta = NULL; 3974 if (err) { 3975 sdata_info(sdata, 3976 "failed to insert STA entry for the AP (error %d)\n", 3977 err); 3978 return err; 3979 } 3980 } else 3981 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 3982 3983 return 0; 3984 } 3985 3986 /* config hooks */ 3987 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 3988 struct cfg80211_auth_request *req) 3989 { 3990 struct ieee80211_local *local = sdata->local; 3991 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3992 struct ieee80211_mgd_auth_data *auth_data; 3993 u16 auth_alg; 3994 int err; 3995 3996 /* prepare auth data structure */ 3997 3998 switch (req->auth_type) { 3999 case NL80211_AUTHTYPE_OPEN_SYSTEM: 4000 auth_alg = WLAN_AUTH_OPEN; 4001 break; 4002 case NL80211_AUTHTYPE_SHARED_KEY: 4003 if (IS_ERR(local->wep_tx_tfm)) 4004 return -EOPNOTSUPP; 4005 auth_alg = WLAN_AUTH_SHARED_KEY; 4006 break; 4007 case NL80211_AUTHTYPE_FT: 4008 auth_alg = WLAN_AUTH_FT; 4009 break; 4010 case NL80211_AUTHTYPE_NETWORK_EAP: 4011 auth_alg = WLAN_AUTH_LEAP; 4012 break; 4013 case NL80211_AUTHTYPE_SAE: 4014 auth_alg = WLAN_AUTH_SAE; 4015 break; 4016 default: 4017 return -EOPNOTSUPP; 4018 } 4019 4020 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 4021 req->ie_len, GFP_KERNEL); 4022 if (!auth_data) 4023 return -ENOMEM; 4024 4025 auth_data->bss = req->bss; 4026 4027 if (req->sae_data_len >= 4) { 4028 __le16 *pos = (__le16 *) req->sae_data; 4029 auth_data->sae_trans = le16_to_cpu(pos[0]); 4030 auth_data->sae_status = le16_to_cpu(pos[1]); 4031 memcpy(auth_data->data, req->sae_data + 4, 4032 req->sae_data_len - 4); 4033 auth_data->data_len += req->sae_data_len - 4; 4034 } 4035 4036 if (req->ie && req->ie_len) { 4037 memcpy(&auth_data->data[auth_data->data_len], 4038 req->ie, req->ie_len); 4039 auth_data->data_len += req->ie_len; 4040 } 4041 4042 if (req->key && req->key_len) { 4043 auth_data->key_len = req->key_len; 4044 auth_data->key_idx = req->key_idx; 4045 memcpy(auth_data->key, req->key, req->key_len); 4046 } 4047 4048 auth_data->algorithm = auth_alg; 4049 4050 /* try to authenticate/probe */ 4051 4052 mutex_lock(&ifmgd->mtx); 4053 4054 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 4055 ifmgd->assoc_data) { 4056 err = -EBUSY; 4057 goto err_free; 4058 } 4059 4060 if (ifmgd->auth_data) 4061 ieee80211_destroy_auth_data(sdata, false); 4062 4063 /* prep auth_data so we don't go into idle on disassoc */ 4064 ifmgd->auth_data = auth_data; 4065 4066 if (ifmgd->associated) { 4067 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4068 4069 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4070 WLAN_REASON_UNSPECIFIED, 4071 false, frame_buf); 4072 4073 __cfg80211_send_deauth(sdata->dev, frame_buf, 4074 sizeof(frame_buf)); 4075 } 4076 4077 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 4078 4079 err = ieee80211_prep_connection(sdata, req->bss, false); 4080 if (err) 4081 goto err_clear; 4082 4083 err = ieee80211_probe_auth(sdata); 4084 if (err) { 4085 sta_info_destroy_addr(sdata, req->bss->bssid); 4086 goto err_clear; 4087 } 4088 4089 /* hold our own reference */ 4090 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 4091 err = 0; 4092 goto out_unlock; 4093 4094 err_clear: 4095 memset(ifmgd->bssid, 0, ETH_ALEN); 4096 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4097 ifmgd->auth_data = NULL; 4098 err_free: 4099 kfree(auth_data); 4100 out_unlock: 4101 mutex_unlock(&ifmgd->mtx); 4102 4103 return err; 4104 } 4105 4106 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 4107 struct cfg80211_assoc_request *req) 4108 { 4109 struct ieee80211_local *local = sdata->local; 4110 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4111 struct ieee80211_bss *bss = (void *)req->bss->priv; 4112 struct ieee80211_mgd_assoc_data *assoc_data; 4113 const struct cfg80211_bss_ies *beacon_ies; 4114 struct ieee80211_supported_band *sband; 4115 const u8 *ssidie, *ht_ie, *vht_ie; 4116 int i, err; 4117 4118 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 4119 if (!assoc_data) 4120 return -ENOMEM; 4121 4122 rcu_read_lock(); 4123 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 4124 if (!ssidie) { 4125 rcu_read_unlock(); 4126 kfree(assoc_data); 4127 return -EINVAL; 4128 } 4129 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4130 assoc_data->ssid_len = ssidie[1]; 4131 rcu_read_unlock(); 4132 4133 mutex_lock(&ifmgd->mtx); 4134 4135 if (ifmgd->associated) { 4136 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4137 4138 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4139 WLAN_REASON_UNSPECIFIED, 4140 false, frame_buf); 4141 4142 __cfg80211_send_deauth(sdata->dev, frame_buf, 4143 sizeof(frame_buf)); 4144 } 4145 4146 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4147 err = -EBUSY; 4148 goto err_free; 4149 } 4150 4151 if (ifmgd->assoc_data) { 4152 err = -EBUSY; 4153 goto err_free; 4154 } 4155 4156 if (ifmgd->auth_data) { 4157 bool match; 4158 4159 /* keep sta info, bssid if matching */ 4160 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4161 ieee80211_destroy_auth_data(sdata, match); 4162 } 4163 4164 /* prepare assoc data */ 4165 4166 ifmgd->beacon_crc_valid = false; 4167 4168 /* 4169 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4170 * We still associate in non-HT mode (11a/b/g) if any one of these 4171 * ciphers is configured as pairwise. 4172 * We can set this to true for non-11n hardware, that'll be checked 4173 * separately along with the peer capabilities. 4174 */ 4175 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4176 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4177 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4178 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4179 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4180 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4181 netdev_info(sdata->dev, 4182 "disabling HT/VHT due to WEP/TKIP use\n"); 4183 } 4184 } 4185 4186 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4187 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4188 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4189 } 4190 4191 if (req->flags & ASSOC_REQ_DISABLE_VHT) 4192 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4193 4194 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4195 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4196 if (!sband->ht_cap.ht_supported || 4197 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4198 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4199 if (!bss->wmm_used) 4200 netdev_info(sdata->dev, 4201 "disabling HT as WMM/QoS is not supported by the AP\n"); 4202 } 4203 4204 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4205 if (!sband->vht_cap.vht_supported || 4206 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4207 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4208 if (!bss->wmm_used) 4209 netdev_info(sdata->dev, 4210 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4211 } 4212 4213 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4214 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4215 sizeof(ifmgd->ht_capa_mask)); 4216 4217 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4218 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4219 sizeof(ifmgd->vht_capa_mask)); 4220 4221 if (req->ie && req->ie_len) { 4222 memcpy(assoc_data->ie, req->ie, req->ie_len); 4223 assoc_data->ie_len = req->ie_len; 4224 } 4225 4226 assoc_data->bss = req->bss; 4227 4228 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4229 if (ifmgd->powersave) 4230 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4231 else 4232 sdata->smps_mode = IEEE80211_SMPS_OFF; 4233 } else 4234 sdata->smps_mode = ifmgd->req_smps; 4235 4236 assoc_data->capability = req->bss->capability; 4237 assoc_data->wmm = bss->wmm_used && 4238 (local->hw.queues >= IEEE80211_NUM_ACS); 4239 assoc_data->supp_rates = bss->supp_rates; 4240 assoc_data->supp_rates_len = bss->supp_rates_len; 4241 4242 rcu_read_lock(); 4243 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4244 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4245 assoc_data->ap_ht_param = 4246 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4247 else 4248 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4249 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4250 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4251 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4252 sizeof(struct ieee80211_vht_cap)); 4253 else 4254 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4255 rcu_read_unlock(); 4256 4257 if (bss->wmm_used && bss->uapsd_supported && 4258 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) && 4259 sdata->wmm_acm != 0xff) { 4260 assoc_data->uapsd = true; 4261 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4262 } else { 4263 assoc_data->uapsd = false; 4264 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4265 } 4266 4267 if (req->prev_bssid) 4268 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4269 4270 if (req->use_mfp) { 4271 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4272 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4273 } else { 4274 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4275 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4276 } 4277 4278 if (req->crypto.control_port) 4279 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4280 else 4281 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4282 4283 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4284 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4285 4286 /* kick off associate process */ 4287 4288 ifmgd->assoc_data = assoc_data; 4289 ifmgd->dtim_period = 0; 4290 4291 err = ieee80211_prep_connection(sdata, req->bss, true); 4292 if (err) 4293 goto err_clear; 4294 4295 rcu_read_lock(); 4296 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4297 4298 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4299 !beacon_ies) { 4300 /* 4301 * Wait up to one beacon interval ... 4302 * should this be more if we miss one? 4303 */ 4304 sdata_info(sdata, "waiting for beacon from %pM\n", 4305 ifmgd->bssid); 4306 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4307 assoc_data->timeout_started = true; 4308 assoc_data->need_beacon = true; 4309 } else if (beacon_ies) { 4310 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4311 beacon_ies->data, 4312 beacon_ies->len); 4313 u8 dtim_count = 0; 4314 4315 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4316 const struct ieee80211_tim_ie *tim; 4317 tim = (void *)(tim_ie + 2); 4318 ifmgd->dtim_period = tim->dtim_period; 4319 dtim_count = tim->dtim_count; 4320 } 4321 assoc_data->have_beacon = true; 4322 assoc_data->timeout = jiffies; 4323 assoc_data->timeout_started = true; 4324 4325 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4326 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4327 sdata->vif.bss_conf.sync_device_ts = 4328 bss->device_ts_beacon; 4329 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4330 } 4331 } else { 4332 assoc_data->timeout = jiffies; 4333 assoc_data->timeout_started = true; 4334 } 4335 rcu_read_unlock(); 4336 4337 run_again(ifmgd, assoc_data->timeout); 4338 4339 if (bss->corrupt_data) { 4340 char *corrupt_type = "data"; 4341 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4342 if (bss->corrupt_data & 4343 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4344 corrupt_type = "beacon and probe response"; 4345 else 4346 corrupt_type = "beacon"; 4347 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4348 corrupt_type = "probe response"; 4349 sdata_info(sdata, "associating with AP with corrupt %s\n", 4350 corrupt_type); 4351 } 4352 4353 err = 0; 4354 goto out; 4355 err_clear: 4356 memset(ifmgd->bssid, 0, ETH_ALEN); 4357 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4358 ifmgd->assoc_data = NULL; 4359 err_free: 4360 kfree(assoc_data); 4361 out: 4362 mutex_unlock(&ifmgd->mtx); 4363 4364 return err; 4365 } 4366 4367 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4368 struct cfg80211_deauth_request *req) 4369 { 4370 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4371 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4372 bool tx = !req->local_state_change; 4373 bool report_frame = false; 4374 4375 mutex_lock(&ifmgd->mtx); 4376 4377 sdata_info(sdata, 4378 "deauthenticating from %pM by local choice (reason=%d)\n", 4379 req->bssid, req->reason_code); 4380 4381 if (ifmgd->auth_data) { 4382 drv_mgd_prepare_tx(sdata->local, sdata); 4383 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4384 IEEE80211_STYPE_DEAUTH, 4385 req->reason_code, tx, 4386 frame_buf); 4387 ieee80211_destroy_auth_data(sdata, false); 4388 mutex_unlock(&ifmgd->mtx); 4389 4390 report_frame = true; 4391 goto out; 4392 } 4393 4394 if (ifmgd->associated && 4395 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4396 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4397 req->reason_code, tx, frame_buf); 4398 report_frame = true; 4399 } 4400 mutex_unlock(&ifmgd->mtx); 4401 4402 out: 4403 if (report_frame) 4404 __cfg80211_send_deauth(sdata->dev, frame_buf, 4405 IEEE80211_DEAUTH_FRAME_LEN); 4406 4407 return 0; 4408 } 4409 4410 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4411 struct cfg80211_disassoc_request *req) 4412 { 4413 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4414 u8 bssid[ETH_ALEN]; 4415 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4416 4417 mutex_lock(&ifmgd->mtx); 4418 4419 /* 4420 * cfg80211 should catch this ... but it's racy since 4421 * we can receive a disassoc frame, process it, hand it 4422 * to cfg80211 while that's in a locked section already 4423 * trying to tell us that the user wants to disconnect. 4424 */ 4425 if (ifmgd->associated != req->bss) { 4426 mutex_unlock(&ifmgd->mtx); 4427 return -ENOLINK; 4428 } 4429 4430 sdata_info(sdata, 4431 "disassociating from %pM by local choice (reason=%d)\n", 4432 req->bss->bssid, req->reason_code); 4433 4434 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4435 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4436 req->reason_code, !req->local_state_change, 4437 frame_buf); 4438 mutex_unlock(&ifmgd->mtx); 4439 4440 __cfg80211_send_disassoc(sdata->dev, frame_buf, 4441 IEEE80211_DEAUTH_FRAME_LEN); 4442 4443 return 0; 4444 } 4445 4446 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4447 { 4448 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4449 4450 /* 4451 * Make sure some work items will not run after this, 4452 * they will not do anything but might not have been 4453 * cancelled when disconnecting. 4454 */ 4455 cancel_work_sync(&ifmgd->monitor_work); 4456 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4457 cancel_work_sync(&ifmgd->request_smps_work); 4458 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4459 cancel_work_sync(&ifmgd->chswitch_work); 4460 4461 mutex_lock(&ifmgd->mtx); 4462 if (ifmgd->assoc_data) 4463 ieee80211_destroy_assoc_data(sdata, false); 4464 if (ifmgd->auth_data) 4465 ieee80211_destroy_auth_data(sdata, false); 4466 del_timer_sync(&ifmgd->timer); 4467 mutex_unlock(&ifmgd->mtx); 4468 } 4469 4470 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 4471 enum nl80211_cqm_rssi_threshold_event rssi_event, 4472 gfp_t gfp) 4473 { 4474 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4475 4476 trace_api_cqm_rssi_notify(sdata, rssi_event); 4477 4478 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4479 } 4480 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4481