1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/pm_qos.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 35 #define IEEE80211_AUTH_MAX_TRIES 3 36 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 37 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 38 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 39 #define IEEE80211_ASSOC_MAX_TRIES 3 40 41 static int max_nullfunc_tries = 2; 42 module_param(max_nullfunc_tries, int, 0644); 43 MODULE_PARM_DESC(max_nullfunc_tries, 44 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 45 46 static int max_probe_tries = 5; 47 module_param(max_probe_tries, int, 0644); 48 MODULE_PARM_DESC(max_probe_tries, 49 "Maximum probe tries before disconnecting (reason 4)."); 50 51 /* 52 * Beacon loss timeout is calculated as N frames times the 53 * advertised beacon interval. This may need to be somewhat 54 * higher than what hardware might detect to account for 55 * delays in the host processing frames. But since we also 56 * probe on beacon miss before declaring the connection lost 57 * default to what we want. 58 */ 59 static int beacon_loss_count = 7; 60 module_param(beacon_loss_count, int, 0644); 61 MODULE_PARM_DESC(beacon_loss_count, 62 "Number of beacon intervals before we decide beacon was lost."); 63 64 /* 65 * Time the connection can be idle before we probe 66 * it to see if we can still talk to the AP. 67 */ 68 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 69 /* 70 * Time we wait for a probe response after sending 71 * a probe request because of beacon loss or for 72 * checking the connection still works. 73 */ 74 static int probe_wait_ms = 500; 75 module_param(probe_wait_ms, int, 0644); 76 MODULE_PARM_DESC(probe_wait_ms, 77 "Maximum time(ms) to wait for probe response" 78 " before disconnecting (reason 4)."); 79 80 /* 81 * Weight given to the latest Beacon frame when calculating average signal 82 * strength for Beacon frames received in the current BSS. This must be 83 * between 1 and 15. 84 */ 85 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 86 87 /* 88 * How many Beacon frames need to have been used in average signal strength 89 * before starting to indicate signal change events. 90 */ 91 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 92 93 /* 94 * We can have multiple work items (and connection probing) 95 * scheduling this timer, but we need to take care to only 96 * reschedule it when it should fire _earlier_ than it was 97 * asked for before, or if it's not pending right now. This 98 * function ensures that. Note that it then is required to 99 * run this function for all timeouts after the first one 100 * has happened -- the work that runs from this timer will 101 * do that. 102 */ 103 static void run_again(struct ieee80211_sub_if_data *sdata, 104 unsigned long timeout) 105 { 106 sdata_assert_lock(sdata); 107 108 if (!timer_pending(&sdata->u.mgd.timer) || 109 time_before(timeout, sdata->u.mgd.timer.expires)) 110 mod_timer(&sdata->u.mgd.timer, timeout); 111 } 112 113 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 114 { 115 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 116 return; 117 118 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 119 return; 120 121 mod_timer(&sdata->u.mgd.bcn_mon_timer, 122 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 123 } 124 125 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 126 { 127 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 128 129 if (unlikely(!sdata->u.mgd.associated)) 130 return; 131 132 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 133 return; 134 135 mod_timer(&sdata->u.mgd.conn_mon_timer, 136 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 137 138 ifmgd->probe_send_count = 0; 139 } 140 141 static int ecw2cw(int ecw) 142 { 143 return (1 << ecw) - 1; 144 } 145 146 static u32 chandef_downgrade(struct cfg80211_chan_def *c) 147 { 148 u32 ret; 149 int tmp; 150 151 switch (c->width) { 152 case NL80211_CHAN_WIDTH_20: 153 c->width = NL80211_CHAN_WIDTH_20_NOHT; 154 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 155 break; 156 case NL80211_CHAN_WIDTH_40: 157 c->width = NL80211_CHAN_WIDTH_20; 158 c->center_freq1 = c->chan->center_freq; 159 ret = IEEE80211_STA_DISABLE_40MHZ | 160 IEEE80211_STA_DISABLE_VHT; 161 break; 162 case NL80211_CHAN_WIDTH_80: 163 tmp = (30 + c->chan->center_freq - c->center_freq1)/20; 164 /* n_P40 */ 165 tmp /= 2; 166 /* freq_P40 */ 167 c->center_freq1 = c->center_freq1 - 20 + 40 * tmp; 168 c->width = NL80211_CHAN_WIDTH_40; 169 ret = IEEE80211_STA_DISABLE_VHT; 170 break; 171 case NL80211_CHAN_WIDTH_80P80: 172 c->center_freq2 = 0; 173 c->width = NL80211_CHAN_WIDTH_80; 174 ret = IEEE80211_STA_DISABLE_80P80MHZ | 175 IEEE80211_STA_DISABLE_160MHZ; 176 break; 177 case NL80211_CHAN_WIDTH_160: 178 /* n_P20 */ 179 tmp = (70 + c->chan->center_freq - c->center_freq1)/20; 180 /* n_P80 */ 181 tmp /= 4; 182 c->center_freq1 = c->center_freq1 - 40 + 80 * tmp; 183 c->width = NL80211_CHAN_WIDTH_80; 184 ret = IEEE80211_STA_DISABLE_80P80MHZ | 185 IEEE80211_STA_DISABLE_160MHZ; 186 break; 187 default: 188 case NL80211_CHAN_WIDTH_20_NOHT: 189 WARN_ON_ONCE(1); 190 c->width = NL80211_CHAN_WIDTH_20_NOHT; 191 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 192 break; 193 case NL80211_CHAN_WIDTH_5: 194 case NL80211_CHAN_WIDTH_10: 195 WARN_ON_ONCE(1); 196 /* keep c->width */ 197 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 198 break; 199 } 200 201 WARN_ON_ONCE(!cfg80211_chandef_valid(c)); 202 203 return ret; 204 } 205 206 static u32 207 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 208 struct ieee80211_supported_band *sband, 209 struct ieee80211_channel *channel, 210 const struct ieee80211_ht_operation *ht_oper, 211 const struct ieee80211_vht_operation *vht_oper, 212 struct cfg80211_chan_def *chandef, bool verbose) 213 { 214 struct cfg80211_chan_def vht_chandef; 215 u32 ht_cfreq, ret; 216 217 chandef->chan = channel; 218 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 219 chandef->center_freq1 = channel->center_freq; 220 chandef->center_freq2 = 0; 221 222 if (!ht_oper || !sband->ht_cap.ht_supported) { 223 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 224 goto out; 225 } 226 227 chandef->width = NL80211_CHAN_WIDTH_20; 228 229 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 230 channel->band); 231 /* check that channel matches the right operating channel */ 232 if (channel->center_freq != ht_cfreq) { 233 /* 234 * It's possible that some APs are confused here; 235 * Netgear WNDR3700 sometimes reports 4 higher than 236 * the actual channel in association responses, but 237 * since we look at probe response/beacon data here 238 * it should be OK. 239 */ 240 if (verbose) 241 sdata_info(sdata, 242 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 243 channel->center_freq, ht_cfreq, 244 ht_oper->primary_chan, channel->band); 245 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 246 goto out; 247 } 248 249 /* check 40 MHz support, if we have it */ 250 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 251 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 252 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 253 chandef->width = NL80211_CHAN_WIDTH_40; 254 chandef->center_freq1 += 10; 255 break; 256 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 257 chandef->width = NL80211_CHAN_WIDTH_40; 258 chandef->center_freq1 -= 10; 259 break; 260 } 261 } else { 262 /* 40 MHz (and 80 MHz) must be supported for VHT */ 263 ret = IEEE80211_STA_DISABLE_VHT; 264 /* also mark 40 MHz disabled */ 265 ret |= IEEE80211_STA_DISABLE_40MHZ; 266 goto out; 267 } 268 269 if (!vht_oper || !sband->vht_cap.vht_supported) { 270 ret = IEEE80211_STA_DISABLE_VHT; 271 goto out; 272 } 273 274 vht_chandef.chan = channel; 275 vht_chandef.center_freq1 = 276 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 277 channel->band); 278 vht_chandef.center_freq2 = 0; 279 280 switch (vht_oper->chan_width) { 281 case IEEE80211_VHT_CHANWIDTH_USE_HT: 282 vht_chandef.width = chandef->width; 283 break; 284 case IEEE80211_VHT_CHANWIDTH_80MHZ: 285 vht_chandef.width = NL80211_CHAN_WIDTH_80; 286 break; 287 case IEEE80211_VHT_CHANWIDTH_160MHZ: 288 vht_chandef.width = NL80211_CHAN_WIDTH_160; 289 break; 290 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 291 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 292 vht_chandef.center_freq2 = 293 ieee80211_channel_to_frequency( 294 vht_oper->center_freq_seg2_idx, 295 channel->band); 296 break; 297 default: 298 if (verbose) 299 sdata_info(sdata, 300 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 301 vht_oper->chan_width); 302 ret = IEEE80211_STA_DISABLE_VHT; 303 goto out; 304 } 305 306 if (!cfg80211_chandef_valid(&vht_chandef)) { 307 if (verbose) 308 sdata_info(sdata, 309 "AP VHT information is invalid, disable VHT\n"); 310 ret = IEEE80211_STA_DISABLE_VHT; 311 goto out; 312 } 313 314 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 315 ret = 0; 316 goto out; 317 } 318 319 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 320 if (verbose) 321 sdata_info(sdata, 322 "AP VHT information doesn't match HT, disable VHT\n"); 323 ret = IEEE80211_STA_DISABLE_VHT; 324 goto out; 325 } 326 327 *chandef = vht_chandef; 328 329 ret = 0; 330 331 out: 332 /* don't print the message below for VHT mismatch if VHT is disabled */ 333 if (ret & IEEE80211_STA_DISABLE_VHT) 334 vht_chandef = *chandef; 335 336 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 337 IEEE80211_CHAN_DISABLED)) { 338 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 339 ret = IEEE80211_STA_DISABLE_HT | 340 IEEE80211_STA_DISABLE_VHT; 341 goto out; 342 } 343 344 ret |= chandef_downgrade(chandef); 345 } 346 347 if (chandef->width != vht_chandef.width && verbose) 348 sdata_info(sdata, 349 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 350 351 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 352 return ret; 353 } 354 355 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 356 struct sta_info *sta, 357 const struct ieee80211_ht_operation *ht_oper, 358 const struct ieee80211_vht_operation *vht_oper, 359 const u8 *bssid, u32 *changed) 360 { 361 struct ieee80211_local *local = sdata->local; 362 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 363 struct ieee80211_supported_band *sband; 364 struct ieee80211_channel *chan; 365 struct cfg80211_chan_def chandef; 366 u16 ht_opmode; 367 u32 flags; 368 enum ieee80211_sta_rx_bandwidth new_sta_bw; 369 int ret; 370 371 /* if HT was/is disabled, don't track any bandwidth changes */ 372 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 373 return 0; 374 375 /* don't check VHT if we associated as non-VHT station */ 376 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 377 vht_oper = NULL; 378 379 if (WARN_ON_ONCE(!sta)) 380 return -EINVAL; 381 382 chan = sdata->vif.bss_conf.chandef.chan; 383 sband = local->hw.wiphy->bands[chan->band]; 384 385 /* calculate new channel (type) based on HT/VHT operation IEs */ 386 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, 387 vht_oper, &chandef, false); 388 389 /* 390 * Downgrade the new channel if we associated with restricted 391 * capabilities. For example, if we associated as a 20 MHz STA 392 * to a 40 MHz AP (due to regulatory, capabilities or config 393 * reasons) then switching to a 40 MHz channel now won't do us 394 * any good -- we couldn't use it with the AP. 395 */ 396 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 397 chandef.width == NL80211_CHAN_WIDTH_80P80) 398 flags |= chandef_downgrade(&chandef); 399 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 400 chandef.width == NL80211_CHAN_WIDTH_160) 401 flags |= chandef_downgrade(&chandef); 402 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 403 chandef.width > NL80211_CHAN_WIDTH_20) 404 flags |= chandef_downgrade(&chandef); 405 406 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 407 return 0; 408 409 sdata_info(sdata, 410 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 411 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 412 chandef.center_freq1, chandef.center_freq2); 413 414 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 415 IEEE80211_STA_DISABLE_VHT | 416 IEEE80211_STA_DISABLE_40MHZ | 417 IEEE80211_STA_DISABLE_80P80MHZ | 418 IEEE80211_STA_DISABLE_160MHZ)) || 419 !cfg80211_chandef_valid(&chandef)) { 420 sdata_info(sdata, 421 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 422 ifmgd->bssid); 423 return -EINVAL; 424 } 425 426 switch (chandef.width) { 427 case NL80211_CHAN_WIDTH_20_NOHT: 428 case NL80211_CHAN_WIDTH_20: 429 new_sta_bw = IEEE80211_STA_RX_BW_20; 430 break; 431 case NL80211_CHAN_WIDTH_40: 432 new_sta_bw = IEEE80211_STA_RX_BW_40; 433 break; 434 case NL80211_CHAN_WIDTH_80: 435 new_sta_bw = IEEE80211_STA_RX_BW_80; 436 break; 437 case NL80211_CHAN_WIDTH_80P80: 438 case NL80211_CHAN_WIDTH_160: 439 new_sta_bw = IEEE80211_STA_RX_BW_160; 440 break; 441 default: 442 return -EINVAL; 443 } 444 445 if (new_sta_bw > sta->cur_max_bandwidth) 446 new_sta_bw = sta->cur_max_bandwidth; 447 448 if (new_sta_bw < sta->sta.bandwidth) { 449 sta->sta.bandwidth = new_sta_bw; 450 rate_control_rate_update(local, sband, sta, 451 IEEE80211_RC_BW_CHANGED); 452 } 453 454 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 455 if (ret) { 456 sdata_info(sdata, 457 "AP %pM changed bandwidth to incompatible one - disconnect\n", 458 ifmgd->bssid); 459 return ret; 460 } 461 462 if (new_sta_bw > sta->sta.bandwidth) { 463 sta->sta.bandwidth = new_sta_bw; 464 rate_control_rate_update(local, sband, sta, 465 IEEE80211_RC_BW_CHANGED); 466 } 467 468 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 469 470 /* if bss configuration changed store the new one */ 471 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 472 *changed |= BSS_CHANGED_HT; 473 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 474 } 475 476 return 0; 477 } 478 479 /* frame sending functions */ 480 481 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 482 struct ieee80211_supported_band *sband, 483 u32 *rates) 484 { 485 int i, j, count; 486 *rates = 0; 487 count = 0; 488 for (i = 0; i < supp_rates_len; i++) { 489 int rate = (supp_rates[i] & 0x7F) * 5; 490 491 for (j = 0; j < sband->n_bitrates; j++) 492 if (sband->bitrates[j].bitrate == rate) { 493 *rates |= BIT(j); 494 count++; 495 break; 496 } 497 } 498 499 return count; 500 } 501 502 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 503 struct sk_buff *skb, u8 ap_ht_param, 504 struct ieee80211_supported_band *sband, 505 struct ieee80211_channel *channel, 506 enum ieee80211_smps_mode smps) 507 { 508 u8 *pos; 509 u32 flags = channel->flags; 510 u16 cap; 511 struct ieee80211_sta_ht_cap ht_cap; 512 513 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 514 515 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 516 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 517 518 /* determine capability flags */ 519 cap = ht_cap.cap; 520 521 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 522 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 523 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 524 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 525 cap &= ~IEEE80211_HT_CAP_SGI_40; 526 } 527 break; 528 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 529 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 530 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 531 cap &= ~IEEE80211_HT_CAP_SGI_40; 532 } 533 break; 534 } 535 536 /* 537 * If 40 MHz was disabled associate as though we weren't 538 * capable of 40 MHz -- some broken APs will never fall 539 * back to trying to transmit in 20 MHz. 540 */ 541 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 542 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 543 cap &= ~IEEE80211_HT_CAP_SGI_40; 544 } 545 546 /* set SM PS mode properly */ 547 cap &= ~IEEE80211_HT_CAP_SM_PS; 548 switch (smps) { 549 case IEEE80211_SMPS_AUTOMATIC: 550 case IEEE80211_SMPS_NUM_MODES: 551 WARN_ON(1); 552 case IEEE80211_SMPS_OFF: 553 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 554 IEEE80211_HT_CAP_SM_PS_SHIFT; 555 break; 556 case IEEE80211_SMPS_STATIC: 557 cap |= WLAN_HT_CAP_SM_PS_STATIC << 558 IEEE80211_HT_CAP_SM_PS_SHIFT; 559 break; 560 case IEEE80211_SMPS_DYNAMIC: 561 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 562 IEEE80211_HT_CAP_SM_PS_SHIFT; 563 break; 564 } 565 566 /* reserve and fill IE */ 567 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 568 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 569 } 570 571 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 572 struct sk_buff *skb, 573 struct ieee80211_supported_band *sband, 574 struct ieee80211_vht_cap *ap_vht_cap) 575 { 576 u8 *pos; 577 u32 cap; 578 struct ieee80211_sta_vht_cap vht_cap; 579 580 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 581 582 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 583 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 584 585 /* determine capability flags */ 586 cap = vht_cap.cap; 587 588 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 589 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; 590 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 591 } 592 593 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 594 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 595 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 596 } 597 598 /* 599 * Some APs apparently get confused if our capabilities are better 600 * than theirs, so restrict what we advertise in the assoc request. 601 */ 602 if (!(ap_vht_cap->vht_cap_info & 603 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 604 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 605 606 /* reserve and fill IE */ 607 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 608 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 609 } 610 611 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 612 { 613 struct ieee80211_local *local = sdata->local; 614 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 615 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 616 struct sk_buff *skb; 617 struct ieee80211_mgmt *mgmt; 618 u8 *pos, qos_info; 619 size_t offset = 0, noffset; 620 int i, count, rates_len, supp_rates_len; 621 u16 capab; 622 struct ieee80211_supported_band *sband; 623 struct ieee80211_chanctx_conf *chanctx_conf; 624 struct ieee80211_channel *chan; 625 u32 rates = 0; 626 627 sdata_assert_lock(sdata); 628 629 rcu_read_lock(); 630 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 631 if (WARN_ON(!chanctx_conf)) { 632 rcu_read_unlock(); 633 return; 634 } 635 chan = chanctx_conf->def.chan; 636 rcu_read_unlock(); 637 sband = local->hw.wiphy->bands[chan->band]; 638 639 if (assoc_data->supp_rates_len) { 640 /* 641 * Get all rates supported by the device and the AP as 642 * some APs don't like getting a superset of their rates 643 * in the association request (e.g. D-Link DAP 1353 in 644 * b-only mode)... 645 */ 646 rates_len = ieee80211_compatible_rates(assoc_data->supp_rates, 647 assoc_data->supp_rates_len, 648 sband, &rates); 649 } else { 650 /* 651 * In case AP not provide any supported rates information 652 * before association, we send information element(s) with 653 * all rates that we support. 654 */ 655 rates = ~0; 656 rates_len = sband->n_bitrates; 657 } 658 659 skb = alloc_skb(local->hw.extra_tx_headroom + 660 sizeof(*mgmt) + /* bit too much but doesn't matter */ 661 2 + assoc_data->ssid_len + /* SSID */ 662 4 + rates_len + /* (extended) rates */ 663 4 + /* power capability */ 664 2 + 2 * sband->n_channels + /* supported channels */ 665 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 666 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 667 assoc_data->ie_len + /* extra IEs */ 668 9, /* WMM */ 669 GFP_KERNEL); 670 if (!skb) 671 return; 672 673 skb_reserve(skb, local->hw.extra_tx_headroom); 674 675 capab = WLAN_CAPABILITY_ESS; 676 677 if (sband->band == IEEE80211_BAND_2GHZ) { 678 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 679 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 680 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 681 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 682 } 683 684 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 685 capab |= WLAN_CAPABILITY_PRIVACY; 686 687 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 688 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 689 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 690 691 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 692 memset(mgmt, 0, 24); 693 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 694 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 695 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 696 697 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 698 skb_put(skb, 10); 699 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 700 IEEE80211_STYPE_REASSOC_REQ); 701 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 702 mgmt->u.reassoc_req.listen_interval = 703 cpu_to_le16(local->hw.conf.listen_interval); 704 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 705 ETH_ALEN); 706 } else { 707 skb_put(skb, 4); 708 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 709 IEEE80211_STYPE_ASSOC_REQ); 710 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 711 mgmt->u.assoc_req.listen_interval = 712 cpu_to_le16(local->hw.conf.listen_interval); 713 } 714 715 /* SSID */ 716 pos = skb_put(skb, 2 + assoc_data->ssid_len); 717 *pos++ = WLAN_EID_SSID; 718 *pos++ = assoc_data->ssid_len; 719 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 720 721 /* add all rates which were marked to be used above */ 722 supp_rates_len = rates_len; 723 if (supp_rates_len > 8) 724 supp_rates_len = 8; 725 726 pos = skb_put(skb, supp_rates_len + 2); 727 *pos++ = WLAN_EID_SUPP_RATES; 728 *pos++ = supp_rates_len; 729 730 count = 0; 731 for (i = 0; i < sband->n_bitrates; i++) { 732 if (BIT(i) & rates) { 733 int rate = sband->bitrates[i].bitrate; 734 *pos++ = (u8) (rate / 5); 735 if (++count == 8) 736 break; 737 } 738 } 739 740 if (rates_len > count) { 741 pos = skb_put(skb, rates_len - count + 2); 742 *pos++ = WLAN_EID_EXT_SUPP_RATES; 743 *pos++ = rates_len - count; 744 745 for (i++; i < sband->n_bitrates; i++) { 746 if (BIT(i) & rates) { 747 int rate = sband->bitrates[i].bitrate; 748 *pos++ = (u8) (rate / 5); 749 } 750 } 751 } 752 753 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 754 /* 1. power capabilities */ 755 pos = skb_put(skb, 4); 756 *pos++ = WLAN_EID_PWR_CAPABILITY; 757 *pos++ = 2; 758 *pos++ = 0; /* min tx power */ 759 *pos++ = chan->max_power; /* max tx power */ 760 761 /* 2. supported channels */ 762 /* TODO: get this in reg domain format */ 763 pos = skb_put(skb, 2 * sband->n_channels + 2); 764 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 765 *pos++ = 2 * sband->n_channels; 766 for (i = 0; i < sband->n_channels; i++) { 767 *pos++ = ieee80211_frequency_to_channel( 768 sband->channels[i].center_freq); 769 *pos++ = 1; /* one channel in the subband*/ 770 } 771 } 772 773 /* if present, add any custom IEs that go before HT */ 774 if (assoc_data->ie_len && assoc_data->ie) { 775 static const u8 before_ht[] = { 776 WLAN_EID_SSID, 777 WLAN_EID_SUPP_RATES, 778 WLAN_EID_EXT_SUPP_RATES, 779 WLAN_EID_PWR_CAPABILITY, 780 WLAN_EID_SUPPORTED_CHANNELS, 781 WLAN_EID_RSN, 782 WLAN_EID_QOS_CAPA, 783 WLAN_EID_RRM_ENABLED_CAPABILITIES, 784 WLAN_EID_MOBILITY_DOMAIN, 785 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 786 }; 787 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 788 before_ht, ARRAY_SIZE(before_ht), 789 offset); 790 pos = skb_put(skb, noffset - offset); 791 memcpy(pos, assoc_data->ie + offset, noffset - offset); 792 offset = noffset; 793 } 794 795 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 796 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 797 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 798 799 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 800 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 801 sband, chan, sdata->smps_mode); 802 803 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 804 ieee80211_add_vht_ie(sdata, skb, sband, 805 &assoc_data->ap_vht_cap); 806 807 /* if present, add any custom non-vendor IEs that go after HT */ 808 if (assoc_data->ie_len && assoc_data->ie) { 809 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 810 assoc_data->ie_len, 811 offset); 812 pos = skb_put(skb, noffset - offset); 813 memcpy(pos, assoc_data->ie + offset, noffset - offset); 814 offset = noffset; 815 } 816 817 if (assoc_data->wmm) { 818 if (assoc_data->uapsd) { 819 qos_info = ifmgd->uapsd_queues; 820 qos_info |= (ifmgd->uapsd_max_sp_len << 821 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 822 } else { 823 qos_info = 0; 824 } 825 826 pos = skb_put(skb, 9); 827 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 828 *pos++ = 7; /* len */ 829 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 830 *pos++ = 0x50; 831 *pos++ = 0xf2; 832 *pos++ = 2; /* WME */ 833 *pos++ = 0; /* WME info */ 834 *pos++ = 1; /* WME ver */ 835 *pos++ = qos_info; 836 } 837 838 /* add any remaining custom (i.e. vendor specific here) IEs */ 839 if (assoc_data->ie_len && assoc_data->ie) { 840 noffset = assoc_data->ie_len; 841 pos = skb_put(skb, noffset - offset); 842 memcpy(pos, assoc_data->ie + offset, noffset - offset); 843 } 844 845 drv_mgd_prepare_tx(local, sdata); 846 847 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 848 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 849 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 850 IEEE80211_TX_INTFL_MLME_CONN_TX; 851 ieee80211_tx_skb(sdata, skb); 852 } 853 854 void ieee80211_send_pspoll(struct ieee80211_local *local, 855 struct ieee80211_sub_if_data *sdata) 856 { 857 struct ieee80211_pspoll *pspoll; 858 struct sk_buff *skb; 859 860 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 861 if (!skb) 862 return; 863 864 pspoll = (struct ieee80211_pspoll *) skb->data; 865 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 866 867 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 868 ieee80211_tx_skb(sdata, skb); 869 } 870 871 void ieee80211_send_nullfunc(struct ieee80211_local *local, 872 struct ieee80211_sub_if_data *sdata, 873 int powersave) 874 { 875 struct sk_buff *skb; 876 struct ieee80211_hdr_3addr *nullfunc; 877 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 878 879 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 880 if (!skb) 881 return; 882 883 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 884 if (powersave) 885 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 886 887 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 888 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 889 890 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 891 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 892 893 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 894 IEEE80211_STA_CONNECTION_POLL)) 895 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 896 897 ieee80211_tx_skb(sdata, skb); 898 } 899 900 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 901 struct ieee80211_sub_if_data *sdata) 902 { 903 struct sk_buff *skb; 904 struct ieee80211_hdr *nullfunc; 905 __le16 fc; 906 907 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 908 return; 909 910 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 911 if (!skb) 912 return; 913 914 skb_reserve(skb, local->hw.extra_tx_headroom); 915 916 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 917 memset(nullfunc, 0, 30); 918 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 919 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 920 nullfunc->frame_control = fc; 921 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 922 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 923 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 924 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 925 926 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 927 ieee80211_tx_skb(sdata, skb); 928 } 929 930 /* spectrum management related things */ 931 static void ieee80211_chswitch_work(struct work_struct *work) 932 { 933 struct ieee80211_sub_if_data *sdata = 934 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 935 struct ieee80211_local *local = sdata->local; 936 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 937 938 if (!ieee80211_sdata_running(sdata)) 939 return; 940 941 sdata_lock(sdata); 942 if (!ifmgd->associated) 943 goto out; 944 945 local->_oper_chandef = local->csa_chandef; 946 947 if (!local->ops->channel_switch) { 948 /* call "hw_config" only if doing sw channel switch */ 949 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 950 } else { 951 /* update the device channel directly */ 952 local->hw.conf.chandef = local->_oper_chandef; 953 } 954 955 /* XXX: shouldn't really modify cfg80211-owned data! */ 956 ifmgd->associated->channel = local->_oper_chandef.chan; 957 958 /* XXX: wait for a beacon first? */ 959 ieee80211_wake_queues_by_reason(&local->hw, 960 IEEE80211_MAX_QUEUE_MAP, 961 IEEE80211_QUEUE_STOP_REASON_CSA); 962 out: 963 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 964 sdata_unlock(sdata); 965 } 966 967 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 968 { 969 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 970 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 971 972 trace_api_chswitch_done(sdata, success); 973 if (!success) { 974 sdata_info(sdata, 975 "driver channel switch failed, disconnecting\n"); 976 ieee80211_queue_work(&sdata->local->hw, 977 &ifmgd->csa_connection_drop_work); 978 } else { 979 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 980 } 981 } 982 EXPORT_SYMBOL(ieee80211_chswitch_done); 983 984 static void ieee80211_chswitch_timer(unsigned long data) 985 { 986 struct ieee80211_sub_if_data *sdata = 987 (struct ieee80211_sub_if_data *) data; 988 989 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 990 } 991 992 static void 993 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 994 u64 timestamp, struct ieee802_11_elems *elems, 995 bool beacon) 996 { 997 struct ieee80211_local *local = sdata->local; 998 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 999 struct cfg80211_bss *cbss = ifmgd->associated; 1000 struct ieee80211_bss *bss; 1001 struct ieee80211_chanctx *chanctx; 1002 enum ieee80211_band new_band; 1003 int new_freq; 1004 u8 new_chan_no; 1005 u8 count; 1006 u8 mode; 1007 struct ieee80211_channel *new_chan; 1008 struct cfg80211_chan_def new_chandef = {}; 1009 struct cfg80211_chan_def new_vht_chandef = {}; 1010 const struct ieee80211_sec_chan_offs_ie *sec_chan_offs; 1011 const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie; 1012 const struct ieee80211_ht_operation *ht_oper; 1013 int secondary_channel_offset = -1; 1014 1015 sdata_assert_lock(sdata); 1016 1017 if (!cbss) 1018 return; 1019 1020 if (local->scanning) 1021 return; 1022 1023 /* disregard subsequent announcements if we are already processing */ 1024 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 1025 return; 1026 1027 sec_chan_offs = elems->sec_chan_offs; 1028 wide_bw_chansw_ie = elems->wide_bw_chansw_ie; 1029 ht_oper = elems->ht_operation; 1030 1031 if (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 1032 IEEE80211_STA_DISABLE_40MHZ)) { 1033 sec_chan_offs = NULL; 1034 wide_bw_chansw_ie = NULL; 1035 /* only used for bandwidth here */ 1036 ht_oper = NULL; 1037 } 1038 1039 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 1040 wide_bw_chansw_ie = NULL; 1041 1042 if (elems->ext_chansw_ie) { 1043 if (!ieee80211_operating_class_to_band( 1044 elems->ext_chansw_ie->new_operating_class, 1045 &new_band)) { 1046 sdata_info(sdata, 1047 "cannot understand ECSA IE operating class %d, disconnecting\n", 1048 elems->ext_chansw_ie->new_operating_class); 1049 ieee80211_queue_work(&local->hw, 1050 &ifmgd->csa_connection_drop_work); 1051 } 1052 new_chan_no = elems->ext_chansw_ie->new_ch_num; 1053 count = elems->ext_chansw_ie->count; 1054 mode = elems->ext_chansw_ie->mode; 1055 } else if (elems->ch_switch_ie) { 1056 new_band = cbss->channel->band; 1057 new_chan_no = elems->ch_switch_ie->new_ch_num; 1058 count = elems->ch_switch_ie->count; 1059 mode = elems->ch_switch_ie->mode; 1060 } else { 1061 /* nothing here we understand */ 1062 return; 1063 } 1064 1065 bss = (void *)cbss->priv; 1066 1067 new_freq = ieee80211_channel_to_frequency(new_chan_no, new_band); 1068 new_chan = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 1069 if (!new_chan || new_chan->flags & IEEE80211_CHAN_DISABLED) { 1070 sdata_info(sdata, 1071 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n", 1072 ifmgd->associated->bssid, new_freq); 1073 ieee80211_queue_work(&local->hw, 1074 &ifmgd->csa_connection_drop_work); 1075 return; 1076 } 1077 1078 if (!beacon && sec_chan_offs) { 1079 secondary_channel_offset = sec_chan_offs->sec_chan_offs; 1080 } else if (beacon && ht_oper) { 1081 secondary_channel_offset = 1082 ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET; 1083 } else if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 1084 /* 1085 * If it's not a beacon, HT is enabled and the IE not present, 1086 * it's 20 MHz, 802.11-2012 8.5.2.6: 1087 * This element [the Secondary Channel Offset Element] is 1088 * present when switching to a 40 MHz channel. It may be 1089 * present when switching to a 20 MHz channel (in which 1090 * case the secondary channel offset is set to SCN). 1091 */ 1092 secondary_channel_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE; 1093 } 1094 1095 switch (secondary_channel_offset) { 1096 default: 1097 /* secondary_channel_offset was present but is invalid */ 1098 case IEEE80211_HT_PARAM_CHA_SEC_NONE: 1099 cfg80211_chandef_create(&new_chandef, new_chan, 1100 NL80211_CHAN_HT20); 1101 break; 1102 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 1103 cfg80211_chandef_create(&new_chandef, new_chan, 1104 NL80211_CHAN_HT40PLUS); 1105 break; 1106 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 1107 cfg80211_chandef_create(&new_chandef, new_chan, 1108 NL80211_CHAN_HT40MINUS); 1109 break; 1110 case -1: 1111 cfg80211_chandef_create(&new_chandef, new_chan, 1112 NL80211_CHAN_NO_HT); 1113 break; 1114 } 1115 1116 if (wide_bw_chansw_ie) { 1117 new_vht_chandef.chan = new_chan; 1118 new_vht_chandef.center_freq1 = 1119 ieee80211_channel_to_frequency( 1120 wide_bw_chansw_ie->new_center_freq_seg0, 1121 new_band); 1122 1123 switch (wide_bw_chansw_ie->new_channel_width) { 1124 default: 1125 /* hmmm, ignore VHT and use HT if present */ 1126 case IEEE80211_VHT_CHANWIDTH_USE_HT: 1127 new_vht_chandef.chan = NULL; 1128 break; 1129 case IEEE80211_VHT_CHANWIDTH_80MHZ: 1130 new_vht_chandef.width = NL80211_CHAN_WIDTH_80; 1131 break; 1132 case IEEE80211_VHT_CHANWIDTH_160MHZ: 1133 new_vht_chandef.width = NL80211_CHAN_WIDTH_160; 1134 break; 1135 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 1136 /* field is otherwise reserved */ 1137 new_vht_chandef.center_freq2 = 1138 ieee80211_channel_to_frequency( 1139 wide_bw_chansw_ie->new_center_freq_seg1, 1140 new_band); 1141 new_vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 1142 break; 1143 } 1144 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 1145 new_vht_chandef.width == NL80211_CHAN_WIDTH_80P80) 1146 chandef_downgrade(&new_vht_chandef); 1147 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 1148 new_vht_chandef.width == NL80211_CHAN_WIDTH_160) 1149 chandef_downgrade(&new_vht_chandef); 1150 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 1151 new_vht_chandef.width > NL80211_CHAN_WIDTH_20) 1152 chandef_downgrade(&new_vht_chandef); 1153 } 1154 1155 /* if VHT data is there validate & use it */ 1156 if (new_vht_chandef.chan) { 1157 if (!cfg80211_chandef_compatible(&new_vht_chandef, 1158 &new_chandef)) { 1159 sdata_info(sdata, 1160 "AP %pM CSA has inconsistent channel data, disconnecting\n", 1161 ifmgd->associated->bssid); 1162 ieee80211_queue_work(&local->hw, 1163 &ifmgd->csa_connection_drop_work); 1164 return; 1165 } 1166 new_chandef = new_vht_chandef; 1167 } 1168 1169 if (!cfg80211_chandef_usable(local->hw.wiphy, &new_chandef, 1170 IEEE80211_CHAN_DISABLED)) { 1171 sdata_info(sdata, 1172 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 1173 ifmgd->associated->bssid, new_freq, 1174 new_chandef.width, new_chandef.center_freq1, 1175 new_chandef.center_freq2); 1176 ieee80211_queue_work(&local->hw, 1177 &ifmgd->csa_connection_drop_work); 1178 return; 1179 } 1180 1181 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 1182 1183 if (local->use_chanctx) { 1184 sdata_info(sdata, 1185 "not handling channel switch with channel contexts\n"); 1186 ieee80211_queue_work(&local->hw, 1187 &ifmgd->csa_connection_drop_work); 1188 return; 1189 } 1190 1191 mutex_lock(&local->chanctx_mtx); 1192 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { 1193 mutex_unlock(&local->chanctx_mtx); 1194 return; 1195 } 1196 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), 1197 struct ieee80211_chanctx, conf); 1198 if (chanctx->refcount > 1) { 1199 sdata_info(sdata, 1200 "channel switch with multiple interfaces on the same channel, disconnecting\n"); 1201 ieee80211_queue_work(&local->hw, 1202 &ifmgd->csa_connection_drop_work); 1203 mutex_unlock(&local->chanctx_mtx); 1204 return; 1205 } 1206 mutex_unlock(&local->chanctx_mtx); 1207 1208 local->csa_chandef = new_chandef; 1209 1210 if (mode) 1211 ieee80211_stop_queues_by_reason(&local->hw, 1212 IEEE80211_MAX_QUEUE_MAP, 1213 IEEE80211_QUEUE_STOP_REASON_CSA); 1214 1215 if (local->ops->channel_switch) { 1216 /* use driver's channel switch callback */ 1217 struct ieee80211_channel_switch ch_switch = { 1218 .timestamp = timestamp, 1219 .block_tx = mode, 1220 .chandef = new_chandef, 1221 .count = count, 1222 }; 1223 1224 drv_channel_switch(local, &ch_switch); 1225 return; 1226 } 1227 1228 /* channel switch handled in software */ 1229 if (count <= 1) 1230 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1231 else 1232 mod_timer(&ifmgd->chswitch_timer, 1233 TU_TO_EXP_TIME(count * cbss->beacon_interval)); 1234 } 1235 1236 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1237 struct ieee80211_channel *channel, 1238 const u8 *country_ie, u8 country_ie_len, 1239 const u8 *pwr_constr_elem) 1240 { 1241 struct ieee80211_country_ie_triplet *triplet; 1242 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1243 int i, chan_pwr, chan_increment, new_ap_level; 1244 bool have_chan_pwr = false; 1245 1246 /* Invalid IE */ 1247 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1248 return 0; 1249 1250 triplet = (void *)(country_ie + 3); 1251 country_ie_len -= 3; 1252 1253 switch (channel->band) { 1254 default: 1255 WARN_ON_ONCE(1); 1256 /* fall through */ 1257 case IEEE80211_BAND_2GHZ: 1258 case IEEE80211_BAND_60GHZ: 1259 chan_increment = 1; 1260 break; 1261 case IEEE80211_BAND_5GHZ: 1262 chan_increment = 4; 1263 break; 1264 } 1265 1266 /* find channel */ 1267 while (country_ie_len >= 3) { 1268 u8 first_channel = triplet->chans.first_channel; 1269 1270 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1271 goto next; 1272 1273 for (i = 0; i < triplet->chans.num_channels; i++) { 1274 if (first_channel + i * chan_increment == chan) { 1275 have_chan_pwr = true; 1276 chan_pwr = triplet->chans.max_power; 1277 break; 1278 } 1279 } 1280 if (have_chan_pwr) 1281 break; 1282 1283 next: 1284 triplet++; 1285 country_ie_len -= 3; 1286 } 1287 1288 if (!have_chan_pwr) 1289 return 0; 1290 1291 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem); 1292 1293 if (sdata->ap_power_level == new_ap_level) 1294 return 0; 1295 1296 sdata_info(sdata, 1297 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1298 new_ap_level, chan_pwr, *pwr_constr_elem, 1299 sdata->u.mgd.bssid); 1300 sdata->ap_power_level = new_ap_level; 1301 if (__ieee80211_recalc_txpower(sdata)) 1302 return BSS_CHANGED_TXPOWER; 1303 return 0; 1304 } 1305 1306 /* powersave */ 1307 static void ieee80211_enable_ps(struct ieee80211_local *local, 1308 struct ieee80211_sub_if_data *sdata) 1309 { 1310 struct ieee80211_conf *conf = &local->hw.conf; 1311 1312 /* 1313 * If we are scanning right now then the parameters will 1314 * take effect when scan finishes. 1315 */ 1316 if (local->scanning) 1317 return; 1318 1319 if (conf->dynamic_ps_timeout > 0 && 1320 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1321 mod_timer(&local->dynamic_ps_timer, jiffies + 1322 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1323 } else { 1324 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1325 ieee80211_send_nullfunc(local, sdata, 1); 1326 1327 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1328 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1329 return; 1330 1331 conf->flags |= IEEE80211_CONF_PS; 1332 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1333 } 1334 } 1335 1336 static void ieee80211_change_ps(struct ieee80211_local *local) 1337 { 1338 struct ieee80211_conf *conf = &local->hw.conf; 1339 1340 if (local->ps_sdata) { 1341 ieee80211_enable_ps(local, local->ps_sdata); 1342 } else if (conf->flags & IEEE80211_CONF_PS) { 1343 conf->flags &= ~IEEE80211_CONF_PS; 1344 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1345 del_timer_sync(&local->dynamic_ps_timer); 1346 cancel_work_sync(&local->dynamic_ps_enable_work); 1347 } 1348 } 1349 1350 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1351 { 1352 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1353 struct sta_info *sta = NULL; 1354 bool authorized = false; 1355 1356 if (!mgd->powersave) 1357 return false; 1358 1359 if (mgd->broken_ap) 1360 return false; 1361 1362 if (!mgd->associated) 1363 return false; 1364 1365 if (mgd->flags & (IEEE80211_STA_BEACON_POLL | 1366 IEEE80211_STA_CONNECTION_POLL)) 1367 return false; 1368 1369 if (!mgd->have_beacon) 1370 return false; 1371 1372 rcu_read_lock(); 1373 sta = sta_info_get(sdata, mgd->bssid); 1374 if (sta) 1375 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1376 rcu_read_unlock(); 1377 1378 return authorized; 1379 } 1380 1381 /* need to hold RTNL or interface lock */ 1382 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1383 { 1384 struct ieee80211_sub_if_data *sdata, *found = NULL; 1385 int count = 0; 1386 int timeout; 1387 1388 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1389 local->ps_sdata = NULL; 1390 return; 1391 } 1392 1393 list_for_each_entry(sdata, &local->interfaces, list) { 1394 if (!ieee80211_sdata_running(sdata)) 1395 continue; 1396 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1397 /* If an AP vif is found, then disable PS 1398 * by setting the count to zero thereby setting 1399 * ps_sdata to NULL. 1400 */ 1401 count = 0; 1402 break; 1403 } 1404 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1405 continue; 1406 found = sdata; 1407 count++; 1408 } 1409 1410 if (count == 1 && ieee80211_powersave_allowed(found)) { 1411 s32 beaconint_us; 1412 1413 if (latency < 0) 1414 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1415 1416 beaconint_us = ieee80211_tu_to_usec( 1417 found->vif.bss_conf.beacon_int); 1418 1419 timeout = local->dynamic_ps_forced_timeout; 1420 if (timeout < 0) { 1421 /* 1422 * Go to full PSM if the user configures a very low 1423 * latency requirement. 1424 * The 2000 second value is there for compatibility 1425 * until the PM_QOS_NETWORK_LATENCY is configured 1426 * with real values. 1427 */ 1428 if (latency > (1900 * USEC_PER_MSEC) && 1429 latency != (2000 * USEC_PER_SEC)) 1430 timeout = 0; 1431 else 1432 timeout = 100; 1433 } 1434 local->hw.conf.dynamic_ps_timeout = timeout; 1435 1436 if (beaconint_us > latency) { 1437 local->ps_sdata = NULL; 1438 } else { 1439 int maxslp = 1; 1440 u8 dtimper = found->u.mgd.dtim_period; 1441 1442 /* If the TIM IE is invalid, pretend the value is 1 */ 1443 if (!dtimper) 1444 dtimper = 1; 1445 else if (dtimper > 1) 1446 maxslp = min_t(int, dtimper, 1447 latency / beaconint_us); 1448 1449 local->hw.conf.max_sleep_period = maxslp; 1450 local->hw.conf.ps_dtim_period = dtimper; 1451 local->ps_sdata = found; 1452 } 1453 } else { 1454 local->ps_sdata = NULL; 1455 } 1456 1457 ieee80211_change_ps(local); 1458 } 1459 1460 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1461 { 1462 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1463 1464 if (sdata->vif.bss_conf.ps != ps_allowed) { 1465 sdata->vif.bss_conf.ps = ps_allowed; 1466 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1467 } 1468 } 1469 1470 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1471 { 1472 struct ieee80211_local *local = 1473 container_of(work, struct ieee80211_local, 1474 dynamic_ps_disable_work); 1475 1476 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1477 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1478 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1479 } 1480 1481 ieee80211_wake_queues_by_reason(&local->hw, 1482 IEEE80211_MAX_QUEUE_MAP, 1483 IEEE80211_QUEUE_STOP_REASON_PS); 1484 } 1485 1486 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1487 { 1488 struct ieee80211_local *local = 1489 container_of(work, struct ieee80211_local, 1490 dynamic_ps_enable_work); 1491 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1492 struct ieee80211_if_managed *ifmgd; 1493 unsigned long flags; 1494 int q; 1495 1496 /* can only happen when PS was just disabled anyway */ 1497 if (!sdata) 1498 return; 1499 1500 ifmgd = &sdata->u.mgd; 1501 1502 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1503 return; 1504 1505 if (local->hw.conf.dynamic_ps_timeout > 0) { 1506 /* don't enter PS if TX frames are pending */ 1507 if (drv_tx_frames_pending(local)) { 1508 mod_timer(&local->dynamic_ps_timer, jiffies + 1509 msecs_to_jiffies( 1510 local->hw.conf.dynamic_ps_timeout)); 1511 return; 1512 } 1513 1514 /* 1515 * transmission can be stopped by others which leads to 1516 * dynamic_ps_timer expiry. Postpone the ps timer if it 1517 * is not the actual idle state. 1518 */ 1519 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1520 for (q = 0; q < local->hw.queues; q++) { 1521 if (local->queue_stop_reasons[q]) { 1522 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1523 flags); 1524 mod_timer(&local->dynamic_ps_timer, jiffies + 1525 msecs_to_jiffies( 1526 local->hw.conf.dynamic_ps_timeout)); 1527 return; 1528 } 1529 } 1530 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1531 } 1532 1533 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1534 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1535 if (drv_tx_frames_pending(local)) { 1536 mod_timer(&local->dynamic_ps_timer, jiffies + 1537 msecs_to_jiffies( 1538 local->hw.conf.dynamic_ps_timeout)); 1539 } else { 1540 ieee80211_send_nullfunc(local, sdata, 1); 1541 /* Flush to get the tx status of nullfunc frame */ 1542 ieee80211_flush_queues(local, sdata); 1543 } 1544 } 1545 1546 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1547 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1548 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1549 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1550 local->hw.conf.flags |= IEEE80211_CONF_PS; 1551 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1552 } 1553 } 1554 1555 void ieee80211_dynamic_ps_timer(unsigned long data) 1556 { 1557 struct ieee80211_local *local = (void *) data; 1558 1559 if (local->quiescing || local->suspended) 1560 return; 1561 1562 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1563 } 1564 1565 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1566 { 1567 struct delayed_work *delayed_work = 1568 container_of(work, struct delayed_work, work); 1569 struct ieee80211_sub_if_data *sdata = 1570 container_of(delayed_work, struct ieee80211_sub_if_data, 1571 dfs_cac_timer_work); 1572 1573 ieee80211_vif_release_channel(sdata); 1574 1575 cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL); 1576 } 1577 1578 /* MLME */ 1579 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1580 struct ieee80211_sub_if_data *sdata, 1581 const u8 *wmm_param, size_t wmm_param_len) 1582 { 1583 struct ieee80211_tx_queue_params params; 1584 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1585 size_t left; 1586 int count; 1587 const u8 *pos; 1588 u8 uapsd_queues = 0; 1589 1590 if (!local->ops->conf_tx) 1591 return false; 1592 1593 if (local->hw.queues < IEEE80211_NUM_ACS) 1594 return false; 1595 1596 if (!wmm_param) 1597 return false; 1598 1599 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1600 return false; 1601 1602 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1603 uapsd_queues = ifmgd->uapsd_queues; 1604 1605 count = wmm_param[6] & 0x0f; 1606 if (count == ifmgd->wmm_last_param_set) 1607 return false; 1608 ifmgd->wmm_last_param_set = count; 1609 1610 pos = wmm_param + 8; 1611 left = wmm_param_len - 8; 1612 1613 memset(¶ms, 0, sizeof(params)); 1614 1615 sdata->wmm_acm = 0; 1616 for (; left >= 4; left -= 4, pos += 4) { 1617 int aci = (pos[0] >> 5) & 0x03; 1618 int acm = (pos[0] >> 4) & 0x01; 1619 bool uapsd = false; 1620 int queue; 1621 1622 switch (aci) { 1623 case 1: /* AC_BK */ 1624 queue = 3; 1625 if (acm) 1626 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1627 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1628 uapsd = true; 1629 break; 1630 case 2: /* AC_VI */ 1631 queue = 1; 1632 if (acm) 1633 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1634 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1635 uapsd = true; 1636 break; 1637 case 3: /* AC_VO */ 1638 queue = 0; 1639 if (acm) 1640 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1641 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1642 uapsd = true; 1643 break; 1644 case 0: /* AC_BE */ 1645 default: 1646 queue = 2; 1647 if (acm) 1648 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1649 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1650 uapsd = true; 1651 break; 1652 } 1653 1654 params.aifs = pos[0] & 0x0f; 1655 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1656 params.cw_min = ecw2cw(pos[1] & 0x0f); 1657 params.txop = get_unaligned_le16(pos + 2); 1658 params.acm = acm; 1659 params.uapsd = uapsd; 1660 1661 mlme_dbg(sdata, 1662 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 1663 queue, aci, acm, 1664 params.aifs, params.cw_min, params.cw_max, 1665 params.txop, params.uapsd); 1666 sdata->tx_conf[queue] = params; 1667 if (drv_conf_tx(local, sdata, queue, ¶ms)) 1668 sdata_err(sdata, 1669 "failed to set TX queue parameters for queue %d\n", 1670 queue); 1671 } 1672 1673 /* enable WMM or activate new settings */ 1674 sdata->vif.bss_conf.qos = true; 1675 return true; 1676 } 1677 1678 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1679 { 1680 lockdep_assert_held(&sdata->local->mtx); 1681 1682 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1683 IEEE80211_STA_BEACON_POLL); 1684 ieee80211_run_deferred_scan(sdata->local); 1685 } 1686 1687 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1688 { 1689 mutex_lock(&sdata->local->mtx); 1690 __ieee80211_stop_poll(sdata); 1691 mutex_unlock(&sdata->local->mtx); 1692 } 1693 1694 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1695 u16 capab, bool erp_valid, u8 erp) 1696 { 1697 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1698 u32 changed = 0; 1699 bool use_protection; 1700 bool use_short_preamble; 1701 bool use_short_slot; 1702 1703 if (erp_valid) { 1704 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1705 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1706 } else { 1707 use_protection = false; 1708 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1709 } 1710 1711 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1712 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1713 use_short_slot = true; 1714 1715 if (use_protection != bss_conf->use_cts_prot) { 1716 bss_conf->use_cts_prot = use_protection; 1717 changed |= BSS_CHANGED_ERP_CTS_PROT; 1718 } 1719 1720 if (use_short_preamble != bss_conf->use_short_preamble) { 1721 bss_conf->use_short_preamble = use_short_preamble; 1722 changed |= BSS_CHANGED_ERP_PREAMBLE; 1723 } 1724 1725 if (use_short_slot != bss_conf->use_short_slot) { 1726 bss_conf->use_short_slot = use_short_slot; 1727 changed |= BSS_CHANGED_ERP_SLOT; 1728 } 1729 1730 return changed; 1731 } 1732 1733 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1734 struct cfg80211_bss *cbss, 1735 u32 bss_info_changed) 1736 { 1737 struct ieee80211_bss *bss = (void *)cbss->priv; 1738 struct ieee80211_local *local = sdata->local; 1739 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1740 1741 bss_info_changed |= BSS_CHANGED_ASSOC; 1742 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1743 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1744 1745 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1746 beacon_loss_count * bss_conf->beacon_int)); 1747 1748 sdata->u.mgd.associated = cbss; 1749 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1750 1751 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1752 1753 if (sdata->vif.p2p) { 1754 const struct cfg80211_bss_ies *ies; 1755 1756 rcu_read_lock(); 1757 ies = rcu_dereference(cbss->ies); 1758 if (ies) { 1759 int ret; 1760 1761 ret = cfg80211_get_p2p_attr( 1762 ies->data, ies->len, 1763 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1764 (u8 *) &bss_conf->p2p_noa_attr, 1765 sizeof(bss_conf->p2p_noa_attr)); 1766 if (ret >= 2) { 1767 sdata->u.mgd.p2p_noa_index = 1768 bss_conf->p2p_noa_attr.index; 1769 bss_info_changed |= BSS_CHANGED_P2P_PS; 1770 } 1771 } 1772 rcu_read_unlock(); 1773 } 1774 1775 /* just to be sure */ 1776 ieee80211_stop_poll(sdata); 1777 1778 ieee80211_led_assoc(local, 1); 1779 1780 if (sdata->u.mgd.have_beacon) { 1781 /* 1782 * If the AP is buggy we may get here with no DTIM period 1783 * known, so assume it's 1 which is the only safe assumption 1784 * in that case, although if the TIM IE is broken powersave 1785 * probably just won't work at all. 1786 */ 1787 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1788 bss_conf->beacon_rate = bss->beacon_rate; 1789 bss_info_changed |= BSS_CHANGED_BEACON_INFO; 1790 } else { 1791 bss_conf->beacon_rate = NULL; 1792 bss_conf->dtim_period = 0; 1793 } 1794 1795 bss_conf->assoc = 1; 1796 1797 /* Tell the driver to monitor connection quality (if supported) */ 1798 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1799 bss_conf->cqm_rssi_thold) 1800 bss_info_changed |= BSS_CHANGED_CQM; 1801 1802 /* Enable ARP filtering */ 1803 if (bss_conf->arp_addr_cnt) 1804 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1805 1806 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1807 1808 mutex_lock(&local->iflist_mtx); 1809 ieee80211_recalc_ps(local, -1); 1810 mutex_unlock(&local->iflist_mtx); 1811 1812 ieee80211_recalc_smps(sdata); 1813 ieee80211_recalc_ps_vif(sdata); 1814 1815 netif_carrier_on(sdata->dev); 1816 } 1817 1818 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1819 u16 stype, u16 reason, bool tx, 1820 u8 *frame_buf) 1821 { 1822 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1823 struct ieee80211_local *local = sdata->local; 1824 u32 changed = 0; 1825 1826 sdata_assert_lock(sdata); 1827 1828 if (WARN_ON_ONCE(tx && !frame_buf)) 1829 return; 1830 1831 if (WARN_ON(!ifmgd->associated)) 1832 return; 1833 1834 ieee80211_stop_poll(sdata); 1835 1836 ifmgd->associated = NULL; 1837 netif_carrier_off(sdata->dev); 1838 1839 /* 1840 * if we want to get out of ps before disassoc (why?) we have 1841 * to do it before sending disassoc, as otherwise the null-packet 1842 * won't be valid. 1843 */ 1844 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1845 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1846 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1847 } 1848 local->ps_sdata = NULL; 1849 1850 /* disable per-vif ps */ 1851 ieee80211_recalc_ps_vif(sdata); 1852 1853 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1854 if (tx) 1855 ieee80211_flush_queues(local, sdata); 1856 1857 /* deauthenticate/disassociate now */ 1858 if (tx || frame_buf) 1859 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1860 reason, tx, frame_buf); 1861 1862 /* flush out frame */ 1863 if (tx) 1864 ieee80211_flush_queues(local, sdata); 1865 1866 /* clear bssid only after building the needed mgmt frames */ 1867 memset(ifmgd->bssid, 0, ETH_ALEN); 1868 1869 /* remove AP and TDLS peers */ 1870 sta_info_flush_defer(sdata); 1871 1872 /* finally reset all BSS / config parameters */ 1873 changed |= ieee80211_reset_erp_info(sdata); 1874 1875 ieee80211_led_assoc(local, 0); 1876 changed |= BSS_CHANGED_ASSOC; 1877 sdata->vif.bss_conf.assoc = false; 1878 1879 ifmgd->p2p_noa_index = -1; 1880 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 1881 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 1882 1883 /* on the next assoc, re-program HT/VHT parameters */ 1884 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1885 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 1886 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 1887 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 1888 1889 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 1890 1891 del_timer_sync(&local->dynamic_ps_timer); 1892 cancel_work_sync(&local->dynamic_ps_enable_work); 1893 1894 /* Disable ARP filtering */ 1895 if (sdata->vif.bss_conf.arp_addr_cnt) 1896 changed |= BSS_CHANGED_ARP_FILTER; 1897 1898 sdata->vif.bss_conf.qos = false; 1899 changed |= BSS_CHANGED_QOS; 1900 1901 /* The BSSID (not really interesting) and HT changed */ 1902 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1903 ieee80211_bss_info_change_notify(sdata, changed); 1904 1905 /* disassociated - set to defaults now */ 1906 ieee80211_set_wmm_default(sdata, false); 1907 1908 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1909 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1910 del_timer_sync(&sdata->u.mgd.timer); 1911 del_timer_sync(&sdata->u.mgd.chswitch_timer); 1912 1913 sdata->vif.bss_conf.dtim_period = 0; 1914 sdata->vif.bss_conf.beacon_rate = NULL; 1915 1916 ifmgd->have_beacon = false; 1917 1918 ifmgd->flags = 0; 1919 ieee80211_vif_release_channel(sdata); 1920 } 1921 1922 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1923 struct ieee80211_hdr *hdr) 1924 { 1925 /* 1926 * We can postpone the mgd.timer whenever receiving unicast frames 1927 * from AP because we know that the connection is working both ways 1928 * at that time. But multicast frames (and hence also beacons) must 1929 * be ignored here, because we need to trigger the timer during 1930 * data idle periods for sending the periodic probe request to the 1931 * AP we're connected to. 1932 */ 1933 if (is_multicast_ether_addr(hdr->addr1)) 1934 return; 1935 1936 ieee80211_sta_reset_conn_monitor(sdata); 1937 } 1938 1939 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 1940 { 1941 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1942 struct ieee80211_local *local = sdata->local; 1943 1944 mutex_lock(&local->mtx); 1945 if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1946 IEEE80211_STA_CONNECTION_POLL))) { 1947 mutex_unlock(&local->mtx); 1948 return; 1949 } 1950 1951 __ieee80211_stop_poll(sdata); 1952 1953 mutex_lock(&local->iflist_mtx); 1954 ieee80211_recalc_ps(local, -1); 1955 mutex_unlock(&local->iflist_mtx); 1956 1957 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1958 goto out; 1959 1960 /* 1961 * We've received a probe response, but are not sure whether 1962 * we have or will be receiving any beacons or data, so let's 1963 * schedule the timers again, just in case. 1964 */ 1965 ieee80211_sta_reset_beacon_monitor(sdata); 1966 1967 mod_timer(&ifmgd->conn_mon_timer, 1968 round_jiffies_up(jiffies + 1969 IEEE80211_CONNECTION_IDLE_TIME)); 1970 out: 1971 mutex_unlock(&local->mtx); 1972 } 1973 1974 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1975 struct ieee80211_hdr *hdr, bool ack) 1976 { 1977 if (!ieee80211_is_data(hdr->frame_control)) 1978 return; 1979 1980 if (ieee80211_is_nullfunc(hdr->frame_control) && 1981 sdata->u.mgd.probe_send_count > 0) { 1982 if (ack) 1983 ieee80211_sta_reset_conn_monitor(sdata); 1984 else 1985 sdata->u.mgd.nullfunc_failed = true; 1986 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 1987 return; 1988 } 1989 1990 if (ack) 1991 ieee80211_sta_reset_conn_monitor(sdata); 1992 } 1993 1994 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 1995 { 1996 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1997 const u8 *ssid; 1998 u8 *dst = ifmgd->associated->bssid; 1999 u8 unicast_limit = max(1, max_probe_tries - 3); 2000 2001 /* 2002 * Try sending broadcast probe requests for the last three 2003 * probe requests after the first ones failed since some 2004 * buggy APs only support broadcast probe requests. 2005 */ 2006 if (ifmgd->probe_send_count >= unicast_limit) 2007 dst = NULL; 2008 2009 /* 2010 * When the hardware reports an accurate Tx ACK status, it's 2011 * better to send a nullfunc frame instead of a probe request, 2012 * as it will kick us off the AP quickly if we aren't associated 2013 * anymore. The timeout will be reset if the frame is ACKed by 2014 * the AP. 2015 */ 2016 ifmgd->probe_send_count++; 2017 2018 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 2019 ifmgd->nullfunc_failed = false; 2020 ieee80211_send_nullfunc(sdata->local, sdata, 0); 2021 } else { 2022 int ssid_len; 2023 2024 rcu_read_lock(); 2025 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 2026 if (WARN_ON_ONCE(ssid == NULL)) 2027 ssid_len = 0; 2028 else 2029 ssid_len = ssid[1]; 2030 2031 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 2032 0, (u32) -1, true, 0, 2033 ifmgd->associated->channel, false); 2034 rcu_read_unlock(); 2035 } 2036 2037 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 2038 run_again(sdata, ifmgd->probe_timeout); 2039 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2040 ieee80211_flush_queues(sdata->local, sdata); 2041 } 2042 2043 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 2044 bool beacon) 2045 { 2046 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2047 bool already = false; 2048 2049 if (!ieee80211_sdata_running(sdata)) 2050 return; 2051 2052 sdata_lock(sdata); 2053 2054 if (!ifmgd->associated) 2055 goto out; 2056 2057 mutex_lock(&sdata->local->mtx); 2058 2059 if (sdata->local->tmp_channel || sdata->local->scanning) { 2060 mutex_unlock(&sdata->local->mtx); 2061 goto out; 2062 } 2063 2064 if (beacon) { 2065 mlme_dbg_ratelimited(sdata, 2066 "detected beacon loss from AP (missed %d beacons) - probing\n", 2067 beacon_loss_count); 2068 2069 ieee80211_cqm_rssi_notify(&sdata->vif, 2070 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, 2071 GFP_KERNEL); 2072 } 2073 2074 /* 2075 * The driver/our work has already reported this event or the 2076 * connection monitoring has kicked in and we have already sent 2077 * a probe request. Or maybe the AP died and the driver keeps 2078 * reporting until we disassociate... 2079 * 2080 * In either case we have to ignore the current call to this 2081 * function (except for setting the correct probe reason bit) 2082 * because otherwise we would reset the timer every time and 2083 * never check whether we received a probe response! 2084 */ 2085 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 2086 IEEE80211_STA_CONNECTION_POLL)) 2087 already = true; 2088 2089 if (beacon) 2090 ifmgd->flags |= IEEE80211_STA_BEACON_POLL; 2091 else 2092 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 2093 2094 mutex_unlock(&sdata->local->mtx); 2095 2096 if (already) 2097 goto out; 2098 2099 mutex_lock(&sdata->local->iflist_mtx); 2100 ieee80211_recalc_ps(sdata->local, -1); 2101 mutex_unlock(&sdata->local->iflist_mtx); 2102 2103 ifmgd->probe_send_count = 0; 2104 ieee80211_mgd_probe_ap_send(sdata); 2105 out: 2106 sdata_unlock(sdata); 2107 } 2108 2109 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 2110 struct ieee80211_vif *vif) 2111 { 2112 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2113 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2114 struct cfg80211_bss *cbss; 2115 struct sk_buff *skb; 2116 const u8 *ssid; 2117 int ssid_len; 2118 2119 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2120 return NULL; 2121 2122 sdata_assert_lock(sdata); 2123 2124 if (ifmgd->associated) 2125 cbss = ifmgd->associated; 2126 else if (ifmgd->auth_data) 2127 cbss = ifmgd->auth_data->bss; 2128 else if (ifmgd->assoc_data) 2129 cbss = ifmgd->assoc_data->bss; 2130 else 2131 return NULL; 2132 2133 rcu_read_lock(); 2134 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 2135 if (WARN_ON_ONCE(ssid == NULL)) 2136 ssid_len = 0; 2137 else 2138 ssid_len = ssid[1]; 2139 2140 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 2141 (u32) -1, cbss->channel, 2142 ssid + 2, ssid_len, 2143 NULL, 0, true); 2144 rcu_read_unlock(); 2145 2146 return skb; 2147 } 2148 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2149 2150 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2151 { 2152 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2153 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2154 2155 sdata_lock(sdata); 2156 if (!ifmgd->associated) { 2157 sdata_unlock(sdata); 2158 return; 2159 } 2160 2161 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2162 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2163 true, frame_buf); 2164 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 2165 ieee80211_wake_queues_by_reason(&sdata->local->hw, 2166 IEEE80211_MAX_QUEUE_MAP, 2167 IEEE80211_QUEUE_STOP_REASON_CSA); 2168 2169 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 2170 IEEE80211_DEAUTH_FRAME_LEN); 2171 sdata_unlock(sdata); 2172 } 2173 2174 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2175 { 2176 struct ieee80211_sub_if_data *sdata = 2177 container_of(work, struct ieee80211_sub_if_data, 2178 u.mgd.beacon_connection_loss_work); 2179 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2180 struct sta_info *sta; 2181 2182 if (ifmgd->associated) { 2183 rcu_read_lock(); 2184 sta = sta_info_get(sdata, ifmgd->bssid); 2185 if (sta) 2186 sta->beacon_loss_count++; 2187 rcu_read_unlock(); 2188 } 2189 2190 if (ifmgd->connection_loss) { 2191 sdata_info(sdata, "Connection to AP %pM lost\n", 2192 ifmgd->bssid); 2193 __ieee80211_disconnect(sdata); 2194 } else { 2195 ieee80211_mgd_probe_ap(sdata, true); 2196 } 2197 } 2198 2199 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2200 { 2201 struct ieee80211_sub_if_data *sdata = 2202 container_of(work, struct ieee80211_sub_if_data, 2203 u.mgd.csa_connection_drop_work); 2204 2205 __ieee80211_disconnect(sdata); 2206 } 2207 2208 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2209 { 2210 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2211 struct ieee80211_hw *hw = &sdata->local->hw; 2212 2213 trace_api_beacon_loss(sdata); 2214 2215 sdata->u.mgd.connection_loss = false; 2216 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2217 } 2218 EXPORT_SYMBOL(ieee80211_beacon_loss); 2219 2220 void ieee80211_connection_loss(struct ieee80211_vif *vif) 2221 { 2222 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2223 struct ieee80211_hw *hw = &sdata->local->hw; 2224 2225 trace_api_connection_loss(sdata); 2226 2227 sdata->u.mgd.connection_loss = true; 2228 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2229 } 2230 EXPORT_SYMBOL(ieee80211_connection_loss); 2231 2232 2233 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2234 bool assoc) 2235 { 2236 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2237 2238 sdata_assert_lock(sdata); 2239 2240 if (!assoc) { 2241 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2242 2243 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2244 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2245 sdata->u.mgd.flags = 0; 2246 ieee80211_vif_release_channel(sdata); 2247 } 2248 2249 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2250 kfree(auth_data); 2251 sdata->u.mgd.auth_data = NULL; 2252 } 2253 2254 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2255 struct ieee80211_mgmt *mgmt, size_t len) 2256 { 2257 struct ieee80211_local *local = sdata->local; 2258 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2259 u8 *pos; 2260 struct ieee802_11_elems elems; 2261 u32 tx_flags = 0; 2262 2263 pos = mgmt->u.auth.variable; 2264 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2265 if (!elems.challenge) 2266 return; 2267 auth_data->expected_transaction = 4; 2268 drv_mgd_prepare_tx(sdata->local, sdata); 2269 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2270 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2271 IEEE80211_TX_INTFL_MLME_CONN_TX; 2272 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2273 elems.challenge - 2, elems.challenge_len + 2, 2274 auth_data->bss->bssid, auth_data->bss->bssid, 2275 auth_data->key, auth_data->key_len, 2276 auth_data->key_idx, tx_flags); 2277 } 2278 2279 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2280 struct ieee80211_mgmt *mgmt, size_t len) 2281 { 2282 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2283 u8 bssid[ETH_ALEN]; 2284 u16 auth_alg, auth_transaction, status_code; 2285 struct sta_info *sta; 2286 2287 sdata_assert_lock(sdata); 2288 2289 if (len < 24 + 6) 2290 return; 2291 2292 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2293 return; 2294 2295 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2296 2297 if (!ether_addr_equal(bssid, mgmt->bssid)) 2298 return; 2299 2300 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2301 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2302 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2303 2304 if (auth_alg != ifmgd->auth_data->algorithm || 2305 auth_transaction != ifmgd->auth_data->expected_transaction) { 2306 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2307 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2308 auth_transaction, 2309 ifmgd->auth_data->expected_transaction); 2310 return; 2311 } 2312 2313 if (status_code != WLAN_STATUS_SUCCESS) { 2314 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2315 mgmt->sa, status_code); 2316 ieee80211_destroy_auth_data(sdata, false); 2317 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2318 return; 2319 } 2320 2321 switch (ifmgd->auth_data->algorithm) { 2322 case WLAN_AUTH_OPEN: 2323 case WLAN_AUTH_LEAP: 2324 case WLAN_AUTH_FT: 2325 case WLAN_AUTH_SAE: 2326 break; 2327 case WLAN_AUTH_SHARED_KEY: 2328 if (ifmgd->auth_data->expected_transaction != 4) { 2329 ieee80211_auth_challenge(sdata, mgmt, len); 2330 /* need another frame */ 2331 return; 2332 } 2333 break; 2334 default: 2335 WARN_ONCE(1, "invalid auth alg %d", 2336 ifmgd->auth_data->algorithm); 2337 return; 2338 } 2339 2340 sdata_info(sdata, "authenticated\n"); 2341 ifmgd->auth_data->done = true; 2342 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2343 ifmgd->auth_data->timeout_started = true; 2344 run_again(sdata, ifmgd->auth_data->timeout); 2345 2346 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2347 ifmgd->auth_data->expected_transaction != 2) { 2348 /* 2349 * Report auth frame to user space for processing since another 2350 * round of Authentication frames is still needed. 2351 */ 2352 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2353 return; 2354 } 2355 2356 /* move station state to auth */ 2357 mutex_lock(&sdata->local->sta_mtx); 2358 sta = sta_info_get(sdata, bssid); 2359 if (!sta) { 2360 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2361 goto out_err; 2362 } 2363 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2364 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2365 goto out_err; 2366 } 2367 mutex_unlock(&sdata->local->sta_mtx); 2368 2369 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2370 return; 2371 out_err: 2372 mutex_unlock(&sdata->local->sta_mtx); 2373 /* ignore frame -- wait for timeout */ 2374 } 2375 2376 2377 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2378 struct ieee80211_mgmt *mgmt, size_t len) 2379 { 2380 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2381 const u8 *bssid = NULL; 2382 u16 reason_code; 2383 2384 sdata_assert_lock(sdata); 2385 2386 if (len < 24 + 2) 2387 return; 2388 2389 if (!ifmgd->associated || 2390 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2391 return; 2392 2393 bssid = ifmgd->associated->bssid; 2394 2395 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2396 2397 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n", 2398 bssid, reason_code); 2399 2400 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2401 2402 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2403 } 2404 2405 2406 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2407 struct ieee80211_mgmt *mgmt, size_t len) 2408 { 2409 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2410 u16 reason_code; 2411 2412 sdata_assert_lock(sdata); 2413 2414 if (len < 24 + 2) 2415 return; 2416 2417 if (!ifmgd->associated || 2418 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2419 return; 2420 2421 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2422 2423 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2424 mgmt->sa, reason_code); 2425 2426 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2427 2428 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2429 } 2430 2431 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2432 u8 *supp_rates, unsigned int supp_rates_len, 2433 u32 *rates, u32 *basic_rates, 2434 bool *have_higher_than_11mbit, 2435 int *min_rate, int *min_rate_index) 2436 { 2437 int i, j; 2438 2439 for (i = 0; i < supp_rates_len; i++) { 2440 int rate = (supp_rates[i] & 0x7f) * 5; 2441 bool is_basic = !!(supp_rates[i] & 0x80); 2442 2443 if (rate > 110) 2444 *have_higher_than_11mbit = true; 2445 2446 /* 2447 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2448 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2449 * 2450 * Note: Even through the membership selector and the basic 2451 * rate flag share the same bit, they are not exactly 2452 * the same. 2453 */ 2454 if (!!(supp_rates[i] & 0x80) && 2455 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2456 continue; 2457 2458 for (j = 0; j < sband->n_bitrates; j++) { 2459 if (sband->bitrates[j].bitrate == rate) { 2460 *rates |= BIT(j); 2461 if (is_basic) 2462 *basic_rates |= BIT(j); 2463 if (rate < *min_rate) { 2464 *min_rate = rate; 2465 *min_rate_index = j; 2466 } 2467 break; 2468 } 2469 } 2470 } 2471 } 2472 2473 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2474 bool assoc) 2475 { 2476 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2477 2478 sdata_assert_lock(sdata); 2479 2480 if (!assoc) { 2481 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2482 2483 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2484 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2485 sdata->u.mgd.flags = 0; 2486 ieee80211_vif_release_channel(sdata); 2487 } 2488 2489 kfree(assoc_data); 2490 sdata->u.mgd.assoc_data = NULL; 2491 } 2492 2493 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2494 struct cfg80211_bss *cbss, 2495 struct ieee80211_mgmt *mgmt, size_t len) 2496 { 2497 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2498 struct ieee80211_local *local = sdata->local; 2499 struct ieee80211_supported_band *sband; 2500 struct sta_info *sta; 2501 u8 *pos; 2502 u16 capab_info, aid; 2503 struct ieee802_11_elems elems; 2504 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2505 const struct cfg80211_bss_ies *bss_ies = NULL; 2506 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2507 u32 changed = 0; 2508 int err; 2509 bool ret; 2510 2511 /* AssocResp and ReassocResp have identical structure */ 2512 2513 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2514 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2515 2516 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2517 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2518 aid); 2519 aid &= ~(BIT(15) | BIT(14)); 2520 2521 ifmgd->broken_ap = false; 2522 2523 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2524 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2525 aid); 2526 aid = 0; 2527 ifmgd->broken_ap = true; 2528 } 2529 2530 pos = mgmt->u.assoc_resp.variable; 2531 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2532 2533 if (!elems.supp_rates) { 2534 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2535 return false; 2536 } 2537 2538 ifmgd->aid = aid; 2539 2540 /* 2541 * Some APs are erroneously not including some information in their 2542 * (re)association response frames. Try to recover by using the data 2543 * from the beacon or probe response. This seems to afflict mobile 2544 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 2545 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 2546 */ 2547 if ((assoc_data->wmm && !elems.wmm_param) || 2548 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2549 (!elems.ht_cap_elem || !elems.ht_operation)) || 2550 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2551 (!elems.vht_cap_elem || !elems.vht_operation))) { 2552 const struct cfg80211_bss_ies *ies; 2553 struct ieee802_11_elems bss_elems; 2554 2555 rcu_read_lock(); 2556 ies = rcu_dereference(cbss->ies); 2557 if (ies) 2558 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 2559 GFP_ATOMIC); 2560 rcu_read_unlock(); 2561 if (!bss_ies) 2562 return false; 2563 2564 ieee802_11_parse_elems(bss_ies->data, bss_ies->len, 2565 false, &bss_elems); 2566 if (assoc_data->wmm && 2567 !elems.wmm_param && bss_elems.wmm_param) { 2568 elems.wmm_param = bss_elems.wmm_param; 2569 sdata_info(sdata, 2570 "AP bug: WMM param missing from AssocResp\n"); 2571 } 2572 2573 /* 2574 * Also check if we requested HT/VHT, otherwise the AP doesn't 2575 * have to include the IEs in the (re)association response. 2576 */ 2577 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem && 2578 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2579 elems.ht_cap_elem = bss_elems.ht_cap_elem; 2580 sdata_info(sdata, 2581 "AP bug: HT capability missing from AssocResp\n"); 2582 } 2583 if (!elems.ht_operation && bss_elems.ht_operation && 2584 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2585 elems.ht_operation = bss_elems.ht_operation; 2586 sdata_info(sdata, 2587 "AP bug: HT operation missing from AssocResp\n"); 2588 } 2589 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem && 2590 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2591 elems.vht_cap_elem = bss_elems.vht_cap_elem; 2592 sdata_info(sdata, 2593 "AP bug: VHT capa missing from AssocResp\n"); 2594 } 2595 if (!elems.vht_operation && bss_elems.vht_operation && 2596 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2597 elems.vht_operation = bss_elems.vht_operation; 2598 sdata_info(sdata, 2599 "AP bug: VHT operation missing from AssocResp\n"); 2600 } 2601 } 2602 2603 /* 2604 * We previously checked these in the beacon/probe response, so 2605 * they should be present here. This is just a safety net. 2606 */ 2607 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2608 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2609 sdata_info(sdata, 2610 "HT AP is missing WMM params or HT capability/operation\n"); 2611 ret = false; 2612 goto out; 2613 } 2614 2615 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2616 (!elems.vht_cap_elem || !elems.vht_operation)) { 2617 sdata_info(sdata, 2618 "VHT AP is missing VHT capability/operation\n"); 2619 ret = false; 2620 goto out; 2621 } 2622 2623 mutex_lock(&sdata->local->sta_mtx); 2624 /* 2625 * station info was already allocated and inserted before 2626 * the association and should be available to us 2627 */ 2628 sta = sta_info_get(sdata, cbss->bssid); 2629 if (WARN_ON(!sta)) { 2630 mutex_unlock(&sdata->local->sta_mtx); 2631 ret = false; 2632 goto out; 2633 } 2634 2635 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2636 2637 /* Set up internal HT/VHT capabilities */ 2638 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2639 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2640 elems.ht_cap_elem, sta); 2641 2642 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2643 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2644 elems.vht_cap_elem, sta); 2645 2646 /* 2647 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2648 * in their association response, so ignore that data for our own 2649 * configuration. If it changed since the last beacon, we'll get the 2650 * next beacon and update then. 2651 */ 2652 2653 /* 2654 * If an operating mode notification IE is present, override the 2655 * NSS calculation (that would be done in rate_control_rate_init()) 2656 * and use the # of streams from that element. 2657 */ 2658 if (elems.opmode_notif && 2659 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2660 u8 nss; 2661 2662 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2663 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2664 nss += 1; 2665 sta->sta.rx_nss = nss; 2666 } 2667 2668 rate_control_rate_init(sta); 2669 2670 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2671 set_sta_flag(sta, WLAN_STA_MFP); 2672 2673 if (elems.wmm_param) 2674 set_sta_flag(sta, WLAN_STA_WME); 2675 2676 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2677 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2678 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2679 if (err) { 2680 sdata_info(sdata, 2681 "failed to move station %pM to desired state\n", 2682 sta->sta.addr); 2683 WARN_ON(__sta_info_destroy(sta)); 2684 mutex_unlock(&sdata->local->sta_mtx); 2685 ret = false; 2686 goto out; 2687 } 2688 2689 mutex_unlock(&sdata->local->sta_mtx); 2690 2691 /* 2692 * Always handle WMM once after association regardless 2693 * of the first value the AP uses. Setting -1 here has 2694 * that effect because the AP values is an unsigned 2695 * 4-bit value. 2696 */ 2697 ifmgd->wmm_last_param_set = -1; 2698 2699 if (elems.wmm_param) 2700 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2701 elems.wmm_param_len); 2702 else 2703 ieee80211_set_wmm_default(sdata, false); 2704 changed |= BSS_CHANGED_QOS; 2705 2706 /* set AID and assoc capability, 2707 * ieee80211_set_associated() will tell the driver */ 2708 bss_conf->aid = aid; 2709 bss_conf->assoc_capability = capab_info; 2710 ieee80211_set_associated(sdata, cbss, changed); 2711 2712 /* 2713 * If we're using 4-addr mode, let the AP know that we're 2714 * doing so, so that it can create the STA VLAN on its side 2715 */ 2716 if (ifmgd->use_4addr) 2717 ieee80211_send_4addr_nullfunc(local, sdata); 2718 2719 /* 2720 * Start timer to probe the connection to the AP now. 2721 * Also start the timer that will detect beacon loss. 2722 */ 2723 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2724 ieee80211_sta_reset_beacon_monitor(sdata); 2725 2726 ret = true; 2727 out: 2728 kfree(bss_ies); 2729 return ret; 2730 } 2731 2732 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 2733 struct ieee80211_mgmt *mgmt, 2734 size_t len) 2735 { 2736 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2737 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2738 u16 capab_info, status_code, aid; 2739 struct ieee802_11_elems elems; 2740 u8 *pos; 2741 bool reassoc; 2742 struct cfg80211_bss *bss; 2743 2744 sdata_assert_lock(sdata); 2745 2746 if (!assoc_data) 2747 return; 2748 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 2749 return; 2750 2751 /* 2752 * AssocResp and ReassocResp have identical structure, so process both 2753 * of them in this function. 2754 */ 2755 2756 if (len < 24 + 6) 2757 return; 2758 2759 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 2760 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2761 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2762 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2763 2764 sdata_info(sdata, 2765 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 2766 reassoc ? "Rea" : "A", mgmt->sa, 2767 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2768 2769 pos = mgmt->u.assoc_resp.variable; 2770 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2771 2772 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2773 elems.timeout_int && 2774 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2775 u32 tu, ms; 2776 tu = le32_to_cpu(elems.timeout_int->value); 2777 ms = tu * 1024 / 1000; 2778 sdata_info(sdata, 2779 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2780 mgmt->sa, tu, ms); 2781 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 2782 assoc_data->timeout_started = true; 2783 if (ms > IEEE80211_ASSOC_TIMEOUT) 2784 run_again(sdata, assoc_data->timeout); 2785 return; 2786 } 2787 2788 bss = assoc_data->bss; 2789 2790 if (status_code != WLAN_STATUS_SUCCESS) { 2791 sdata_info(sdata, "%pM denied association (code=%d)\n", 2792 mgmt->sa, status_code); 2793 ieee80211_destroy_assoc_data(sdata, false); 2794 } else { 2795 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) { 2796 /* oops -- internal error -- send timeout for now */ 2797 ieee80211_destroy_assoc_data(sdata, false); 2798 cfg80211_assoc_timeout(sdata->dev, bss); 2799 return; 2800 } 2801 sdata_info(sdata, "associated\n"); 2802 2803 /* 2804 * destroy assoc_data afterwards, as otherwise an idle 2805 * recalc after assoc_data is NULL but before associated 2806 * is set can cause the interface to go idle 2807 */ 2808 ieee80211_destroy_assoc_data(sdata, true); 2809 } 2810 2811 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len); 2812 } 2813 2814 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2815 struct ieee80211_mgmt *mgmt, size_t len, 2816 struct ieee80211_rx_status *rx_status, 2817 struct ieee802_11_elems *elems) 2818 { 2819 struct ieee80211_local *local = sdata->local; 2820 int freq; 2821 struct ieee80211_bss *bss; 2822 struct ieee80211_channel *channel; 2823 2824 sdata_assert_lock(sdata); 2825 2826 if (elems->ds_params) 2827 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2828 rx_status->band); 2829 else 2830 freq = rx_status->freq; 2831 2832 channel = ieee80211_get_channel(local->hw.wiphy, freq); 2833 2834 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 2835 return; 2836 2837 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 2838 channel); 2839 if (bss) { 2840 ieee80211_rx_bss_put(local, bss); 2841 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; 2842 } 2843 2844 if (!sdata->u.mgd.associated || 2845 !ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) 2846 return; 2847 2848 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 2849 elems, true); 2850 2851 } 2852 2853 2854 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 2855 struct sk_buff *skb) 2856 { 2857 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2858 struct ieee80211_if_managed *ifmgd; 2859 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 2860 size_t baselen, len = skb->len; 2861 struct ieee802_11_elems elems; 2862 2863 ifmgd = &sdata->u.mgd; 2864 2865 sdata_assert_lock(sdata); 2866 2867 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 2868 return; /* ignore ProbeResp to foreign address */ 2869 2870 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2871 if (baselen > len) 2872 return; 2873 2874 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2875 false, &elems); 2876 2877 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2878 2879 if (ifmgd->associated && 2880 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2881 ieee80211_reset_ap_probe(sdata); 2882 2883 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 2884 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 2885 /* got probe response, continue with auth */ 2886 sdata_info(sdata, "direct probe responded\n"); 2887 ifmgd->auth_data->tries = 0; 2888 ifmgd->auth_data->timeout = jiffies; 2889 ifmgd->auth_data->timeout_started = true; 2890 run_again(sdata, ifmgd->auth_data->timeout); 2891 } 2892 } 2893 2894 /* 2895 * This is the canonical list of information elements we care about, 2896 * the filter code also gives us all changes to the Microsoft OUI 2897 * (00:50:F2) vendor IE which is used for WMM which we need to track. 2898 * 2899 * We implement beacon filtering in software since that means we can 2900 * avoid processing the frame here and in cfg80211, and userspace 2901 * will not be able to tell whether the hardware supports it or not. 2902 * 2903 * XXX: This list needs to be dynamic -- userspace needs to be able to 2904 * add items it requires. It also needs to be able to tell us to 2905 * look out for other vendor IEs. 2906 */ 2907 static const u64 care_about_ies = 2908 (1ULL << WLAN_EID_COUNTRY) | 2909 (1ULL << WLAN_EID_ERP_INFO) | 2910 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 2911 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 2912 (1ULL << WLAN_EID_HT_CAPABILITY) | 2913 (1ULL << WLAN_EID_HT_OPERATION); 2914 2915 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 2916 struct ieee80211_mgmt *mgmt, size_t len, 2917 struct ieee80211_rx_status *rx_status) 2918 { 2919 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2920 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2921 size_t baselen; 2922 struct ieee802_11_elems elems; 2923 struct ieee80211_local *local = sdata->local; 2924 struct ieee80211_chanctx_conf *chanctx_conf; 2925 struct ieee80211_channel *chan; 2926 struct sta_info *sta; 2927 u32 changed = 0; 2928 bool erp_valid; 2929 u8 erp_value = 0; 2930 u32 ncrc; 2931 u8 *bssid; 2932 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2933 2934 sdata_assert_lock(sdata); 2935 2936 /* Process beacon from the current BSS */ 2937 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2938 if (baselen > len) 2939 return; 2940 2941 rcu_read_lock(); 2942 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 2943 if (!chanctx_conf) { 2944 rcu_read_unlock(); 2945 return; 2946 } 2947 2948 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 2949 rcu_read_unlock(); 2950 return; 2951 } 2952 chan = chanctx_conf->def.chan; 2953 rcu_read_unlock(); 2954 2955 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 2956 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2957 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2958 len - baselen, false, &elems); 2959 2960 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2961 if (elems.tim && !elems.parse_error) { 2962 const struct ieee80211_tim_ie *tim_ie = elems.tim; 2963 ifmgd->dtim_period = tim_ie->dtim_period; 2964 } 2965 ifmgd->have_beacon = true; 2966 ifmgd->assoc_data->need_beacon = false; 2967 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2968 sdata->vif.bss_conf.sync_tsf = 2969 le64_to_cpu(mgmt->u.beacon.timestamp); 2970 sdata->vif.bss_conf.sync_device_ts = 2971 rx_status->device_timestamp; 2972 if (elems.tim) 2973 sdata->vif.bss_conf.sync_dtim_count = 2974 elems.tim->dtim_count; 2975 else 2976 sdata->vif.bss_conf.sync_dtim_count = 0; 2977 } 2978 /* continue assoc process */ 2979 ifmgd->assoc_data->timeout = jiffies; 2980 ifmgd->assoc_data->timeout_started = true; 2981 run_again(sdata, ifmgd->assoc_data->timeout); 2982 return; 2983 } 2984 2985 if (!ifmgd->associated || 2986 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2987 return; 2988 bssid = ifmgd->associated->bssid; 2989 2990 /* Track average RSSI from the Beacon frames of the current AP */ 2991 ifmgd->last_beacon_signal = rx_status->signal; 2992 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 2993 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 2994 ifmgd->ave_beacon_signal = rx_status->signal * 16; 2995 ifmgd->last_cqm_event_signal = 0; 2996 ifmgd->count_beacon_signal = 1; 2997 ifmgd->last_ave_beacon_signal = 0; 2998 } else { 2999 ifmgd->ave_beacon_signal = 3000 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 3001 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 3002 ifmgd->ave_beacon_signal) / 16; 3003 ifmgd->count_beacon_signal++; 3004 } 3005 3006 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 3007 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 3008 int sig = ifmgd->ave_beacon_signal; 3009 int last_sig = ifmgd->last_ave_beacon_signal; 3010 3011 /* 3012 * if signal crosses either of the boundaries, invoke callback 3013 * with appropriate parameters 3014 */ 3015 if (sig > ifmgd->rssi_max_thold && 3016 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 3017 ifmgd->last_ave_beacon_signal = sig; 3018 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH); 3019 } else if (sig < ifmgd->rssi_min_thold && 3020 (last_sig >= ifmgd->rssi_max_thold || 3021 last_sig == 0)) { 3022 ifmgd->last_ave_beacon_signal = sig; 3023 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW); 3024 } 3025 } 3026 3027 if (bss_conf->cqm_rssi_thold && 3028 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 3029 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 3030 int sig = ifmgd->ave_beacon_signal / 16; 3031 int last_event = ifmgd->last_cqm_event_signal; 3032 int thold = bss_conf->cqm_rssi_thold; 3033 int hyst = bss_conf->cqm_rssi_hyst; 3034 if (sig < thold && 3035 (last_event == 0 || sig < last_event - hyst)) { 3036 ifmgd->last_cqm_event_signal = sig; 3037 ieee80211_cqm_rssi_notify( 3038 &sdata->vif, 3039 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 3040 GFP_KERNEL); 3041 } else if (sig > thold && 3042 (last_event == 0 || sig > last_event + hyst)) { 3043 ifmgd->last_cqm_event_signal = sig; 3044 ieee80211_cqm_rssi_notify( 3045 &sdata->vif, 3046 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 3047 GFP_KERNEL); 3048 } 3049 } 3050 3051 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) { 3052 mlme_dbg_ratelimited(sdata, 3053 "cancelling AP probe due to a received beacon\n"); 3054 mutex_lock(&local->mtx); 3055 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL; 3056 ieee80211_run_deferred_scan(local); 3057 mutex_unlock(&local->mtx); 3058 3059 mutex_lock(&local->iflist_mtx); 3060 ieee80211_recalc_ps(local, -1); 3061 mutex_unlock(&local->iflist_mtx); 3062 } 3063 3064 /* 3065 * Push the beacon loss detection into the future since 3066 * we are processing a beacon from the AP just now. 3067 */ 3068 ieee80211_sta_reset_beacon_monitor(sdata); 3069 3070 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 3071 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 3072 len - baselen, false, &elems, 3073 care_about_ies, ncrc); 3074 3075 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 3076 bool directed_tim = ieee80211_check_tim(elems.tim, 3077 elems.tim_len, 3078 ifmgd->aid); 3079 if (directed_tim) { 3080 if (local->hw.conf.dynamic_ps_timeout > 0) { 3081 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 3082 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 3083 ieee80211_hw_config(local, 3084 IEEE80211_CONF_CHANGE_PS); 3085 } 3086 ieee80211_send_nullfunc(local, sdata, 0); 3087 } else if (!local->pspolling && sdata->u.mgd.powersave) { 3088 local->pspolling = true; 3089 3090 /* 3091 * Here is assumed that the driver will be 3092 * able to send ps-poll frame and receive a 3093 * response even though power save mode is 3094 * enabled, but some drivers might require 3095 * to disable power save here. This needs 3096 * to be investigated. 3097 */ 3098 ieee80211_send_pspoll(local, sdata); 3099 } 3100 } 3101 } 3102 3103 if (sdata->vif.p2p) { 3104 struct ieee80211_p2p_noa_attr noa = {}; 3105 int ret; 3106 3107 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 3108 len - baselen, 3109 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 3110 (u8 *) &noa, sizeof(noa)); 3111 if (ret >= 2) { 3112 if (sdata->u.mgd.p2p_noa_index != noa.index) { 3113 /* valid noa_attr and index changed */ 3114 sdata->u.mgd.p2p_noa_index = noa.index; 3115 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 3116 changed |= BSS_CHANGED_P2P_PS; 3117 /* 3118 * make sure we update all information, the CRC 3119 * mechanism doesn't look at P2P attributes. 3120 */ 3121 ifmgd->beacon_crc_valid = false; 3122 } 3123 } else if (sdata->u.mgd.p2p_noa_index != -1) { 3124 /* noa_attr not found and we had valid noa_attr before */ 3125 sdata->u.mgd.p2p_noa_index = -1; 3126 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 3127 changed |= BSS_CHANGED_P2P_PS; 3128 ifmgd->beacon_crc_valid = false; 3129 } 3130 } 3131 3132 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 3133 return; 3134 ifmgd->beacon_crc = ncrc; 3135 ifmgd->beacon_crc_valid = true; 3136 3137 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3138 3139 if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 3140 elems.wmm_param_len)) 3141 changed |= BSS_CHANGED_QOS; 3142 3143 /* 3144 * If we haven't had a beacon before, tell the driver about the 3145 * DTIM period (and beacon timing if desired) now. 3146 */ 3147 if (!ifmgd->have_beacon) { 3148 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 3149 if (elems.tim) 3150 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 3151 else 3152 bss_conf->dtim_period = 1; 3153 3154 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3155 sdata->vif.bss_conf.sync_tsf = 3156 le64_to_cpu(mgmt->u.beacon.timestamp); 3157 sdata->vif.bss_conf.sync_device_ts = 3158 rx_status->device_timestamp; 3159 if (elems.tim) 3160 sdata->vif.bss_conf.sync_dtim_count = 3161 elems.tim->dtim_count; 3162 else 3163 sdata->vif.bss_conf.sync_dtim_count = 0; 3164 } 3165 3166 changed |= BSS_CHANGED_BEACON_INFO; 3167 ifmgd->have_beacon = true; 3168 3169 mutex_lock(&local->iflist_mtx); 3170 ieee80211_recalc_ps(local, -1); 3171 mutex_unlock(&local->iflist_mtx); 3172 3173 ieee80211_recalc_ps_vif(sdata); 3174 } 3175 3176 if (elems.erp_info) { 3177 erp_valid = true; 3178 erp_value = elems.erp_info[0]; 3179 } else { 3180 erp_valid = false; 3181 } 3182 changed |= ieee80211_handle_bss_capability(sdata, 3183 le16_to_cpu(mgmt->u.beacon.capab_info), 3184 erp_valid, erp_value); 3185 3186 mutex_lock(&local->sta_mtx); 3187 sta = sta_info_get(sdata, bssid); 3188 3189 if (ieee80211_config_bw(sdata, sta, elems.ht_operation, 3190 elems.vht_operation, bssid, &changed)) { 3191 mutex_unlock(&local->sta_mtx); 3192 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3193 WLAN_REASON_DEAUTH_LEAVING, 3194 true, deauth_buf); 3195 cfg80211_tx_mlme_mgmt(sdata->dev, deauth_buf, 3196 sizeof(deauth_buf)); 3197 return; 3198 } 3199 3200 if (sta && elems.opmode_notif) 3201 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3202 rx_status->band, true); 3203 mutex_unlock(&local->sta_mtx); 3204 3205 if (elems.country_elem && elems.pwr_constr_elem && 3206 mgmt->u.probe_resp.capab_info & 3207 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) 3208 changed |= ieee80211_handle_pwr_constr(sdata, chan, 3209 elems.country_elem, 3210 elems.country_elem_len, 3211 elems.pwr_constr_elem); 3212 3213 ieee80211_bss_info_change_notify(sdata, changed); 3214 } 3215 3216 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3217 struct sk_buff *skb) 3218 { 3219 struct ieee80211_rx_status *rx_status; 3220 struct ieee80211_mgmt *mgmt; 3221 u16 fc; 3222 struct ieee802_11_elems elems; 3223 int ies_len; 3224 3225 rx_status = (struct ieee80211_rx_status *) skb->cb; 3226 mgmt = (struct ieee80211_mgmt *) skb->data; 3227 fc = le16_to_cpu(mgmt->frame_control); 3228 3229 sdata_lock(sdata); 3230 3231 switch (fc & IEEE80211_FCTL_STYPE) { 3232 case IEEE80211_STYPE_BEACON: 3233 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status); 3234 break; 3235 case IEEE80211_STYPE_PROBE_RESP: 3236 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3237 break; 3238 case IEEE80211_STYPE_AUTH: 3239 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3240 break; 3241 case IEEE80211_STYPE_DEAUTH: 3242 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3243 break; 3244 case IEEE80211_STYPE_DISASSOC: 3245 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3246 break; 3247 case IEEE80211_STYPE_ASSOC_RESP: 3248 case IEEE80211_STYPE_REASSOC_RESP: 3249 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 3250 break; 3251 case IEEE80211_STYPE_ACTION: 3252 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 3253 ies_len = skb->len - 3254 offsetof(struct ieee80211_mgmt, 3255 u.action.u.chan_switch.variable); 3256 3257 if (ies_len < 0) 3258 break; 3259 3260 ieee802_11_parse_elems( 3261 mgmt->u.action.u.chan_switch.variable, 3262 ies_len, true, &elems); 3263 3264 if (elems.parse_error) 3265 break; 3266 3267 ieee80211_sta_process_chanswitch(sdata, 3268 rx_status->mactime, 3269 &elems, false); 3270 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3271 ies_len = skb->len - 3272 offsetof(struct ieee80211_mgmt, 3273 u.action.u.ext_chan_switch.variable); 3274 3275 if (ies_len < 0) 3276 break; 3277 3278 ieee802_11_parse_elems( 3279 mgmt->u.action.u.ext_chan_switch.variable, 3280 ies_len, true, &elems); 3281 3282 if (elems.parse_error) 3283 break; 3284 3285 /* for the handling code pretend this was also an IE */ 3286 elems.ext_chansw_ie = 3287 &mgmt->u.action.u.ext_chan_switch.data; 3288 3289 ieee80211_sta_process_chanswitch(sdata, 3290 rx_status->mactime, 3291 &elems, false); 3292 } 3293 break; 3294 } 3295 sdata_unlock(sdata); 3296 } 3297 3298 static void ieee80211_sta_timer(unsigned long data) 3299 { 3300 struct ieee80211_sub_if_data *sdata = 3301 (struct ieee80211_sub_if_data *) data; 3302 3303 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3304 } 3305 3306 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3307 u8 *bssid, u8 reason, bool tx) 3308 { 3309 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3310 3311 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3312 tx, frame_buf); 3313 3314 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3315 IEEE80211_DEAUTH_FRAME_LEN); 3316 } 3317 3318 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3319 { 3320 struct ieee80211_local *local = sdata->local; 3321 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3322 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3323 u32 tx_flags = 0; 3324 3325 sdata_assert_lock(sdata); 3326 3327 if (WARN_ON_ONCE(!auth_data)) 3328 return -EINVAL; 3329 3330 auth_data->tries++; 3331 3332 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3333 sdata_info(sdata, "authentication with %pM timed out\n", 3334 auth_data->bss->bssid); 3335 3336 /* 3337 * Most likely AP is not in the range so remove the 3338 * bss struct for that AP. 3339 */ 3340 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3341 3342 return -ETIMEDOUT; 3343 } 3344 3345 drv_mgd_prepare_tx(local, sdata); 3346 3347 if (auth_data->bss->proberesp_ies) { 3348 u16 trans = 1; 3349 u16 status = 0; 3350 3351 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3352 auth_data->bss->bssid, auth_data->tries, 3353 IEEE80211_AUTH_MAX_TRIES); 3354 3355 auth_data->expected_transaction = 2; 3356 3357 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3358 trans = auth_data->sae_trans; 3359 status = auth_data->sae_status; 3360 auth_data->expected_transaction = trans; 3361 } 3362 3363 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3364 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3365 IEEE80211_TX_INTFL_MLME_CONN_TX; 3366 3367 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3368 auth_data->data, auth_data->data_len, 3369 auth_data->bss->bssid, 3370 auth_data->bss->bssid, NULL, 0, 0, 3371 tx_flags); 3372 } else { 3373 const u8 *ssidie; 3374 3375 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3376 auth_data->bss->bssid, auth_data->tries, 3377 IEEE80211_AUTH_MAX_TRIES); 3378 3379 rcu_read_lock(); 3380 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3381 if (!ssidie) { 3382 rcu_read_unlock(); 3383 return -EINVAL; 3384 } 3385 /* 3386 * Direct probe is sent to broadcast address as some APs 3387 * will not answer to direct packet in unassociated state. 3388 */ 3389 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 3390 NULL, 0, (u32) -1, true, 0, 3391 auth_data->bss->channel, false); 3392 rcu_read_unlock(); 3393 } 3394 3395 if (tx_flags == 0) { 3396 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3397 ifmgd->auth_data->timeout_started = true; 3398 run_again(sdata, auth_data->timeout); 3399 } else { 3400 auth_data->timeout_started = false; 3401 } 3402 3403 return 0; 3404 } 3405 3406 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3407 { 3408 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3409 struct ieee80211_local *local = sdata->local; 3410 3411 sdata_assert_lock(sdata); 3412 3413 assoc_data->tries++; 3414 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3415 sdata_info(sdata, "association with %pM timed out\n", 3416 assoc_data->bss->bssid); 3417 3418 /* 3419 * Most likely AP is not in the range so remove the 3420 * bss struct for that AP. 3421 */ 3422 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3423 3424 return -ETIMEDOUT; 3425 } 3426 3427 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3428 assoc_data->bss->bssid, assoc_data->tries, 3429 IEEE80211_ASSOC_MAX_TRIES); 3430 ieee80211_send_assoc(sdata); 3431 3432 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3433 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3434 assoc_data->timeout_started = true; 3435 run_again(sdata, assoc_data->timeout); 3436 } else { 3437 assoc_data->timeout_started = false; 3438 } 3439 3440 return 0; 3441 } 3442 3443 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3444 __le16 fc, bool acked) 3445 { 3446 struct ieee80211_local *local = sdata->local; 3447 3448 sdata->u.mgd.status_fc = fc; 3449 sdata->u.mgd.status_acked = acked; 3450 sdata->u.mgd.status_received = true; 3451 3452 ieee80211_queue_work(&local->hw, &sdata->work); 3453 } 3454 3455 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3456 { 3457 struct ieee80211_local *local = sdata->local; 3458 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3459 3460 sdata_lock(sdata); 3461 3462 if (ifmgd->status_received) { 3463 __le16 fc = ifmgd->status_fc; 3464 bool status_acked = ifmgd->status_acked; 3465 3466 ifmgd->status_received = false; 3467 if (ifmgd->auth_data && 3468 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3469 if (status_acked) { 3470 ifmgd->auth_data->timeout = 3471 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3472 run_again(sdata, ifmgd->auth_data->timeout); 3473 } else { 3474 ifmgd->auth_data->timeout = jiffies - 1; 3475 } 3476 ifmgd->auth_data->timeout_started = true; 3477 } else if (ifmgd->assoc_data && 3478 (ieee80211_is_assoc_req(fc) || 3479 ieee80211_is_reassoc_req(fc))) { 3480 if (status_acked) { 3481 ifmgd->assoc_data->timeout = 3482 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3483 run_again(sdata, ifmgd->assoc_data->timeout); 3484 } else { 3485 ifmgd->assoc_data->timeout = jiffies - 1; 3486 } 3487 ifmgd->assoc_data->timeout_started = true; 3488 } 3489 } 3490 3491 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3492 time_after(jiffies, ifmgd->auth_data->timeout)) { 3493 if (ifmgd->auth_data->done) { 3494 /* 3495 * ok ... we waited for assoc but userspace didn't, 3496 * so let's just kill the auth data 3497 */ 3498 ieee80211_destroy_auth_data(sdata, false); 3499 } else if (ieee80211_probe_auth(sdata)) { 3500 u8 bssid[ETH_ALEN]; 3501 3502 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3503 3504 ieee80211_destroy_auth_data(sdata, false); 3505 3506 cfg80211_auth_timeout(sdata->dev, bssid); 3507 } 3508 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3509 run_again(sdata, ifmgd->auth_data->timeout); 3510 3511 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3512 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3513 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) || 3514 ieee80211_do_assoc(sdata)) { 3515 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 3516 3517 ieee80211_destroy_assoc_data(sdata, false); 3518 cfg80211_assoc_timeout(sdata->dev, bss); 3519 } 3520 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3521 run_again(sdata, ifmgd->assoc_data->timeout); 3522 3523 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 3524 IEEE80211_STA_CONNECTION_POLL) && 3525 ifmgd->associated) { 3526 u8 bssid[ETH_ALEN]; 3527 int max_tries; 3528 3529 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3530 3531 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3532 max_tries = max_nullfunc_tries; 3533 else 3534 max_tries = max_probe_tries; 3535 3536 /* ACK received for nullfunc probing frame */ 3537 if (!ifmgd->probe_send_count) 3538 ieee80211_reset_ap_probe(sdata); 3539 else if (ifmgd->nullfunc_failed) { 3540 if (ifmgd->probe_send_count < max_tries) { 3541 mlme_dbg(sdata, 3542 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3543 bssid, ifmgd->probe_send_count, 3544 max_tries); 3545 ieee80211_mgd_probe_ap_send(sdata); 3546 } else { 3547 mlme_dbg(sdata, 3548 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3549 bssid); 3550 ieee80211_sta_connection_lost(sdata, bssid, 3551 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3552 false); 3553 } 3554 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3555 run_again(sdata, ifmgd->probe_timeout); 3556 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3557 mlme_dbg(sdata, 3558 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3559 bssid, probe_wait_ms); 3560 ieee80211_sta_connection_lost(sdata, bssid, 3561 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3562 } else if (ifmgd->probe_send_count < max_tries) { 3563 mlme_dbg(sdata, 3564 "No probe response from AP %pM after %dms, try %d/%i\n", 3565 bssid, probe_wait_ms, 3566 ifmgd->probe_send_count, max_tries); 3567 ieee80211_mgd_probe_ap_send(sdata); 3568 } else { 3569 /* 3570 * We actually lost the connection ... or did we? 3571 * Let's make sure! 3572 */ 3573 wiphy_debug(local->hw.wiphy, 3574 "%s: No probe response from AP %pM" 3575 " after %dms, disconnecting.\n", 3576 sdata->name, 3577 bssid, probe_wait_ms); 3578 3579 ieee80211_sta_connection_lost(sdata, bssid, 3580 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3581 } 3582 } 3583 3584 sdata_unlock(sdata); 3585 } 3586 3587 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3588 { 3589 struct ieee80211_sub_if_data *sdata = 3590 (struct ieee80211_sub_if_data *) data; 3591 struct ieee80211_local *local = sdata->local; 3592 3593 if (local->quiescing) 3594 return; 3595 3596 sdata->u.mgd.connection_loss = false; 3597 ieee80211_queue_work(&sdata->local->hw, 3598 &sdata->u.mgd.beacon_connection_loss_work); 3599 } 3600 3601 static void ieee80211_sta_conn_mon_timer(unsigned long data) 3602 { 3603 struct ieee80211_sub_if_data *sdata = 3604 (struct ieee80211_sub_if_data *) data; 3605 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3606 struct ieee80211_local *local = sdata->local; 3607 3608 if (local->quiescing) 3609 return; 3610 3611 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3612 } 3613 3614 static void ieee80211_sta_monitor_work(struct work_struct *work) 3615 { 3616 struct ieee80211_sub_if_data *sdata = 3617 container_of(work, struct ieee80211_sub_if_data, 3618 u.mgd.monitor_work); 3619 3620 ieee80211_mgd_probe_ap(sdata, false); 3621 } 3622 3623 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3624 { 3625 u32 flags; 3626 3627 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3628 __ieee80211_stop_poll(sdata); 3629 3630 /* let's probe the connection once */ 3631 flags = sdata->local->hw.flags; 3632 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 3633 ieee80211_queue_work(&sdata->local->hw, 3634 &sdata->u.mgd.monitor_work); 3635 /* and do all the other regular work too */ 3636 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3637 } 3638 } 3639 3640 #ifdef CONFIG_PM 3641 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 3642 { 3643 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3644 3645 sdata_lock(sdata); 3646 if (!ifmgd->associated) { 3647 sdata_unlock(sdata); 3648 return; 3649 } 3650 3651 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 3652 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 3653 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 3654 ieee80211_sta_connection_lost(sdata, 3655 ifmgd->associated->bssid, 3656 WLAN_REASON_UNSPECIFIED, 3657 true); 3658 sdata_unlock(sdata); 3659 return; 3660 } 3661 sdata_unlock(sdata); 3662 } 3663 #endif 3664 3665 /* interface setup */ 3666 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3667 { 3668 struct ieee80211_if_managed *ifmgd; 3669 3670 ifmgd = &sdata->u.mgd; 3671 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3672 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3673 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3674 ieee80211_beacon_connection_loss_work); 3675 INIT_WORK(&ifmgd->csa_connection_drop_work, 3676 ieee80211_csa_connection_drop_work); 3677 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work); 3678 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3679 (unsigned long) sdata); 3680 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3681 (unsigned long) sdata); 3682 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3683 (unsigned long) sdata); 3684 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 3685 (unsigned long) sdata); 3686 3687 ifmgd->flags = 0; 3688 ifmgd->powersave = sdata->wdev.ps; 3689 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 3690 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 3691 ifmgd->p2p_noa_index = -1; 3692 3693 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 3694 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 3695 else 3696 ifmgd->req_smps = IEEE80211_SMPS_OFF; 3697 } 3698 3699 /* scan finished notification */ 3700 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 3701 { 3702 struct ieee80211_sub_if_data *sdata; 3703 3704 /* Restart STA timers */ 3705 rcu_read_lock(); 3706 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 3707 if (ieee80211_sdata_running(sdata)) 3708 ieee80211_restart_sta_timer(sdata); 3709 } 3710 rcu_read_unlock(); 3711 } 3712 3713 int ieee80211_max_network_latency(struct notifier_block *nb, 3714 unsigned long data, void *dummy) 3715 { 3716 s32 latency_usec = (s32) data; 3717 struct ieee80211_local *local = 3718 container_of(nb, struct ieee80211_local, 3719 network_latency_notifier); 3720 3721 mutex_lock(&local->iflist_mtx); 3722 ieee80211_recalc_ps(local, latency_usec); 3723 mutex_unlock(&local->iflist_mtx); 3724 3725 return 0; 3726 } 3727 3728 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 3729 struct cfg80211_bss *cbss) 3730 { 3731 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3732 const u8 *ht_cap_ie, *vht_cap_ie; 3733 const struct ieee80211_ht_cap *ht_cap; 3734 const struct ieee80211_vht_cap *vht_cap; 3735 u8 chains = 1; 3736 3737 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 3738 return chains; 3739 3740 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3741 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 3742 ht_cap = (void *)(ht_cap_ie + 2); 3743 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 3744 /* 3745 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 3746 * "Tx Unequal Modulation Supported" fields. 3747 */ 3748 } 3749 3750 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 3751 return chains; 3752 3753 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3754 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 3755 u8 nss; 3756 u16 tx_mcs_map; 3757 3758 vht_cap = (void *)(vht_cap_ie + 2); 3759 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 3760 for (nss = 8; nss > 0; nss--) { 3761 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 3762 IEEE80211_VHT_MCS_NOT_SUPPORTED) 3763 break; 3764 } 3765 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 3766 chains = max(chains, nss); 3767 } 3768 3769 return chains; 3770 } 3771 3772 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 3773 struct cfg80211_bss *cbss) 3774 { 3775 struct ieee80211_local *local = sdata->local; 3776 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3777 const struct ieee80211_ht_operation *ht_oper = NULL; 3778 const struct ieee80211_vht_operation *vht_oper = NULL; 3779 struct ieee80211_supported_band *sband; 3780 struct cfg80211_chan_def chandef; 3781 int ret; 3782 3783 sband = local->hw.wiphy->bands[cbss->channel->band]; 3784 3785 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 3786 IEEE80211_STA_DISABLE_80P80MHZ | 3787 IEEE80211_STA_DISABLE_160MHZ); 3788 3789 rcu_read_lock(); 3790 3791 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 3792 sband->ht_cap.ht_supported) { 3793 const u8 *ht_oper_ie, *ht_cap; 3794 3795 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 3796 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 3797 ht_oper = (void *)(ht_oper_ie + 2); 3798 3799 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3800 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) { 3801 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3802 ht_oper = NULL; 3803 } 3804 } 3805 3806 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 3807 sband->vht_cap.vht_supported) { 3808 const u8 *vht_oper_ie, *vht_cap; 3809 3810 vht_oper_ie = ieee80211_bss_get_ie(cbss, 3811 WLAN_EID_VHT_OPERATION); 3812 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 3813 vht_oper = (void *)(vht_oper_ie + 2); 3814 if (vht_oper && !ht_oper) { 3815 vht_oper = NULL; 3816 sdata_info(sdata, 3817 "AP advertised VHT without HT, disabling both\n"); 3818 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3819 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3820 } 3821 3822 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3823 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 3824 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3825 vht_oper = NULL; 3826 } 3827 } 3828 3829 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 3830 cbss->channel, 3831 ht_oper, vht_oper, 3832 &chandef, true); 3833 3834 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 3835 local->rx_chains); 3836 3837 rcu_read_unlock(); 3838 3839 /* will change later if needed */ 3840 sdata->smps_mode = IEEE80211_SMPS_OFF; 3841 3842 /* 3843 * If this fails (possibly due to channel context sharing 3844 * on incompatible channels, e.g. 80+80 and 160 sharing the 3845 * same control channel) try to use a smaller bandwidth. 3846 */ 3847 ret = ieee80211_vif_use_channel(sdata, &chandef, 3848 IEEE80211_CHANCTX_SHARED); 3849 3850 /* don't downgrade for 5 and 10 MHz channels, though. */ 3851 if (chandef.width == NL80211_CHAN_WIDTH_5 || 3852 chandef.width == NL80211_CHAN_WIDTH_10) 3853 return ret; 3854 3855 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 3856 ifmgd->flags |= chandef_downgrade(&chandef); 3857 ret = ieee80211_vif_use_channel(sdata, &chandef, 3858 IEEE80211_CHANCTX_SHARED); 3859 } 3860 return ret; 3861 } 3862 3863 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3864 struct cfg80211_bss *cbss, bool assoc) 3865 { 3866 struct ieee80211_local *local = sdata->local; 3867 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3868 struct ieee80211_bss *bss = (void *)cbss->priv; 3869 struct sta_info *new_sta = NULL; 3870 bool have_sta = false; 3871 int err; 3872 3873 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 3874 return -EINVAL; 3875 3876 if (assoc) { 3877 rcu_read_lock(); 3878 have_sta = sta_info_get(sdata, cbss->bssid); 3879 rcu_read_unlock(); 3880 } 3881 3882 if (!have_sta) { 3883 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 3884 if (!new_sta) 3885 return -ENOMEM; 3886 } 3887 3888 if (new_sta) { 3889 u32 rates = 0, basic_rates = 0; 3890 bool have_higher_than_11mbit; 3891 int min_rate = INT_MAX, min_rate_index = -1; 3892 struct ieee80211_supported_band *sband; 3893 const struct cfg80211_bss_ies *ies; 3894 3895 sband = local->hw.wiphy->bands[cbss->channel->band]; 3896 3897 err = ieee80211_prep_channel(sdata, cbss); 3898 if (err) { 3899 sta_info_free(local, new_sta); 3900 return err; 3901 } 3902 3903 ieee80211_get_rates(sband, bss->supp_rates, 3904 bss->supp_rates_len, 3905 &rates, &basic_rates, 3906 &have_higher_than_11mbit, 3907 &min_rate, &min_rate_index); 3908 3909 /* 3910 * This used to be a workaround for basic rates missing 3911 * in the association response frame. Now that we no 3912 * longer use the basic rates from there, it probably 3913 * doesn't happen any more, but keep the workaround so 3914 * in case some *other* APs are buggy in different ways 3915 * we can connect -- with a warning. 3916 */ 3917 if (!basic_rates && min_rate_index >= 0) { 3918 sdata_info(sdata, 3919 "No basic rates, using min rate instead\n"); 3920 basic_rates = BIT(min_rate_index); 3921 } 3922 3923 new_sta->sta.supp_rates[cbss->channel->band] = rates; 3924 sdata->vif.bss_conf.basic_rates = basic_rates; 3925 3926 /* cf. IEEE 802.11 9.2.12 */ 3927 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 3928 have_higher_than_11mbit) 3929 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 3930 else 3931 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 3932 3933 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3934 3935 /* set timing information */ 3936 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 3937 rcu_read_lock(); 3938 ies = rcu_dereference(cbss->beacon_ies); 3939 if (ies) { 3940 const u8 *tim_ie; 3941 3942 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3943 sdata->vif.bss_conf.sync_device_ts = 3944 bss->device_ts_beacon; 3945 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 3946 ies->data, ies->len); 3947 if (tim_ie && tim_ie[1] >= 2) 3948 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 3949 else 3950 sdata->vif.bss_conf.sync_dtim_count = 0; 3951 } else if (!(local->hw.flags & 3952 IEEE80211_HW_TIMING_BEACON_ONLY)) { 3953 ies = rcu_dereference(cbss->proberesp_ies); 3954 /* must be non-NULL since beacon IEs were NULL */ 3955 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3956 sdata->vif.bss_conf.sync_device_ts = 3957 bss->device_ts_presp; 3958 sdata->vif.bss_conf.sync_dtim_count = 0; 3959 } else { 3960 sdata->vif.bss_conf.sync_tsf = 0; 3961 sdata->vif.bss_conf.sync_device_ts = 0; 3962 sdata->vif.bss_conf.sync_dtim_count = 0; 3963 } 3964 rcu_read_unlock(); 3965 3966 /* tell driver about BSSID, basic rates and timing */ 3967 ieee80211_bss_info_change_notify(sdata, 3968 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 3969 BSS_CHANGED_BEACON_INT); 3970 3971 if (assoc) 3972 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 3973 3974 err = sta_info_insert(new_sta); 3975 new_sta = NULL; 3976 if (err) { 3977 sdata_info(sdata, 3978 "failed to insert STA entry for the AP (error %d)\n", 3979 err); 3980 return err; 3981 } 3982 } else 3983 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 3984 3985 return 0; 3986 } 3987 3988 /* config hooks */ 3989 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 3990 struct cfg80211_auth_request *req) 3991 { 3992 struct ieee80211_local *local = sdata->local; 3993 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3994 struct ieee80211_mgd_auth_data *auth_data; 3995 u16 auth_alg; 3996 int err; 3997 3998 /* prepare auth data structure */ 3999 4000 switch (req->auth_type) { 4001 case NL80211_AUTHTYPE_OPEN_SYSTEM: 4002 auth_alg = WLAN_AUTH_OPEN; 4003 break; 4004 case NL80211_AUTHTYPE_SHARED_KEY: 4005 if (IS_ERR(local->wep_tx_tfm)) 4006 return -EOPNOTSUPP; 4007 auth_alg = WLAN_AUTH_SHARED_KEY; 4008 break; 4009 case NL80211_AUTHTYPE_FT: 4010 auth_alg = WLAN_AUTH_FT; 4011 break; 4012 case NL80211_AUTHTYPE_NETWORK_EAP: 4013 auth_alg = WLAN_AUTH_LEAP; 4014 break; 4015 case NL80211_AUTHTYPE_SAE: 4016 auth_alg = WLAN_AUTH_SAE; 4017 break; 4018 default: 4019 return -EOPNOTSUPP; 4020 } 4021 4022 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 4023 req->ie_len, GFP_KERNEL); 4024 if (!auth_data) 4025 return -ENOMEM; 4026 4027 auth_data->bss = req->bss; 4028 4029 if (req->sae_data_len >= 4) { 4030 __le16 *pos = (__le16 *) req->sae_data; 4031 auth_data->sae_trans = le16_to_cpu(pos[0]); 4032 auth_data->sae_status = le16_to_cpu(pos[1]); 4033 memcpy(auth_data->data, req->sae_data + 4, 4034 req->sae_data_len - 4); 4035 auth_data->data_len += req->sae_data_len - 4; 4036 } 4037 4038 if (req->ie && req->ie_len) { 4039 memcpy(&auth_data->data[auth_data->data_len], 4040 req->ie, req->ie_len); 4041 auth_data->data_len += req->ie_len; 4042 } 4043 4044 if (req->key && req->key_len) { 4045 auth_data->key_len = req->key_len; 4046 auth_data->key_idx = req->key_idx; 4047 memcpy(auth_data->key, req->key, req->key_len); 4048 } 4049 4050 auth_data->algorithm = auth_alg; 4051 4052 /* try to authenticate/probe */ 4053 4054 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 4055 ifmgd->assoc_data) { 4056 err = -EBUSY; 4057 goto err_free; 4058 } 4059 4060 if (ifmgd->auth_data) 4061 ieee80211_destroy_auth_data(sdata, false); 4062 4063 /* prep auth_data so we don't go into idle on disassoc */ 4064 ifmgd->auth_data = auth_data; 4065 4066 if (ifmgd->associated) { 4067 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4068 4069 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4070 WLAN_REASON_UNSPECIFIED, 4071 false, frame_buf); 4072 4073 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4074 sizeof(frame_buf)); 4075 } 4076 4077 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 4078 4079 err = ieee80211_prep_connection(sdata, req->bss, false); 4080 if (err) 4081 goto err_clear; 4082 4083 err = ieee80211_probe_auth(sdata); 4084 if (err) { 4085 sta_info_destroy_addr(sdata, req->bss->bssid); 4086 goto err_clear; 4087 } 4088 4089 /* hold our own reference */ 4090 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 4091 return 0; 4092 4093 err_clear: 4094 memset(ifmgd->bssid, 0, ETH_ALEN); 4095 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4096 ifmgd->auth_data = NULL; 4097 err_free: 4098 kfree(auth_data); 4099 return err; 4100 } 4101 4102 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 4103 struct cfg80211_assoc_request *req) 4104 { 4105 struct ieee80211_local *local = sdata->local; 4106 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4107 struct ieee80211_bss *bss = (void *)req->bss->priv; 4108 struct ieee80211_mgd_assoc_data *assoc_data; 4109 const struct cfg80211_bss_ies *beacon_ies; 4110 struct ieee80211_supported_band *sband; 4111 const u8 *ssidie, *ht_ie, *vht_ie; 4112 int i, err; 4113 4114 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 4115 if (!assoc_data) 4116 return -ENOMEM; 4117 4118 rcu_read_lock(); 4119 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 4120 if (!ssidie) { 4121 rcu_read_unlock(); 4122 kfree(assoc_data); 4123 return -EINVAL; 4124 } 4125 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4126 assoc_data->ssid_len = ssidie[1]; 4127 rcu_read_unlock(); 4128 4129 if (ifmgd->associated) { 4130 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4131 4132 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4133 WLAN_REASON_UNSPECIFIED, 4134 false, frame_buf); 4135 4136 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4137 sizeof(frame_buf)); 4138 } 4139 4140 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4141 err = -EBUSY; 4142 goto err_free; 4143 } 4144 4145 if (ifmgd->assoc_data) { 4146 err = -EBUSY; 4147 goto err_free; 4148 } 4149 4150 if (ifmgd->auth_data) { 4151 bool match; 4152 4153 /* keep sta info, bssid if matching */ 4154 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4155 ieee80211_destroy_auth_data(sdata, match); 4156 } 4157 4158 /* prepare assoc data */ 4159 4160 ifmgd->beacon_crc_valid = false; 4161 4162 /* 4163 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4164 * We still associate in non-HT mode (11a/b/g) if any one of these 4165 * ciphers is configured as pairwise. 4166 * We can set this to true for non-11n hardware, that'll be checked 4167 * separately along with the peer capabilities. 4168 */ 4169 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4170 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4171 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4172 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4173 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4174 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4175 netdev_info(sdata->dev, 4176 "disabling HT/VHT due to WEP/TKIP use\n"); 4177 } 4178 } 4179 4180 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4181 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4182 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4183 } 4184 4185 if (req->flags & ASSOC_REQ_DISABLE_VHT) 4186 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4187 4188 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4189 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4190 if (!sband->ht_cap.ht_supported || 4191 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4192 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4193 if (!bss->wmm_used) 4194 netdev_info(sdata->dev, 4195 "disabling HT as WMM/QoS is not supported by the AP\n"); 4196 } 4197 4198 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4199 if (!sband->vht_cap.vht_supported || 4200 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4201 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4202 if (!bss->wmm_used) 4203 netdev_info(sdata->dev, 4204 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4205 } 4206 4207 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4208 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4209 sizeof(ifmgd->ht_capa_mask)); 4210 4211 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4212 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4213 sizeof(ifmgd->vht_capa_mask)); 4214 4215 if (req->ie && req->ie_len) { 4216 memcpy(assoc_data->ie, req->ie, req->ie_len); 4217 assoc_data->ie_len = req->ie_len; 4218 } 4219 4220 assoc_data->bss = req->bss; 4221 4222 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4223 if (ifmgd->powersave) 4224 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4225 else 4226 sdata->smps_mode = IEEE80211_SMPS_OFF; 4227 } else 4228 sdata->smps_mode = ifmgd->req_smps; 4229 4230 assoc_data->capability = req->bss->capability; 4231 assoc_data->wmm = bss->wmm_used && 4232 (local->hw.queues >= IEEE80211_NUM_ACS); 4233 assoc_data->supp_rates = bss->supp_rates; 4234 assoc_data->supp_rates_len = bss->supp_rates_len; 4235 4236 rcu_read_lock(); 4237 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4238 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4239 assoc_data->ap_ht_param = 4240 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4241 else 4242 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4243 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4244 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4245 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4246 sizeof(struct ieee80211_vht_cap)); 4247 else 4248 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4249 rcu_read_unlock(); 4250 4251 if (bss->wmm_used && bss->uapsd_supported && 4252 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) && 4253 sdata->wmm_acm != 0xff) { 4254 assoc_data->uapsd = true; 4255 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4256 } else { 4257 assoc_data->uapsd = false; 4258 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4259 } 4260 4261 if (req->prev_bssid) 4262 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4263 4264 if (req->use_mfp) { 4265 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4266 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4267 } else { 4268 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4269 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4270 } 4271 4272 if (req->crypto.control_port) 4273 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4274 else 4275 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4276 4277 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4278 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4279 4280 /* kick off associate process */ 4281 4282 ifmgd->assoc_data = assoc_data; 4283 ifmgd->dtim_period = 0; 4284 ifmgd->have_beacon = false; 4285 4286 err = ieee80211_prep_connection(sdata, req->bss, true); 4287 if (err) 4288 goto err_clear; 4289 4290 rcu_read_lock(); 4291 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4292 4293 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4294 !beacon_ies) { 4295 /* 4296 * Wait up to one beacon interval ... 4297 * should this be more if we miss one? 4298 */ 4299 sdata_info(sdata, "waiting for beacon from %pM\n", 4300 ifmgd->bssid); 4301 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4302 assoc_data->timeout_started = true; 4303 assoc_data->need_beacon = true; 4304 } else if (beacon_ies) { 4305 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4306 beacon_ies->data, 4307 beacon_ies->len); 4308 u8 dtim_count = 0; 4309 4310 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4311 const struct ieee80211_tim_ie *tim; 4312 tim = (void *)(tim_ie + 2); 4313 ifmgd->dtim_period = tim->dtim_period; 4314 dtim_count = tim->dtim_count; 4315 } 4316 ifmgd->have_beacon = true; 4317 assoc_data->timeout = jiffies; 4318 assoc_data->timeout_started = true; 4319 4320 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4321 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4322 sdata->vif.bss_conf.sync_device_ts = 4323 bss->device_ts_beacon; 4324 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4325 } 4326 } else { 4327 assoc_data->timeout = jiffies; 4328 assoc_data->timeout_started = true; 4329 } 4330 rcu_read_unlock(); 4331 4332 run_again(sdata, assoc_data->timeout); 4333 4334 if (bss->corrupt_data) { 4335 char *corrupt_type = "data"; 4336 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4337 if (bss->corrupt_data & 4338 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4339 corrupt_type = "beacon and probe response"; 4340 else 4341 corrupt_type = "beacon"; 4342 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4343 corrupt_type = "probe response"; 4344 sdata_info(sdata, "associating with AP with corrupt %s\n", 4345 corrupt_type); 4346 } 4347 4348 return 0; 4349 err_clear: 4350 memset(ifmgd->bssid, 0, ETH_ALEN); 4351 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4352 ifmgd->assoc_data = NULL; 4353 err_free: 4354 kfree(assoc_data); 4355 return err; 4356 } 4357 4358 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4359 struct cfg80211_deauth_request *req) 4360 { 4361 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4362 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4363 bool tx = !req->local_state_change; 4364 bool report_frame = false; 4365 4366 sdata_info(sdata, 4367 "deauthenticating from %pM by local choice (reason=%d)\n", 4368 req->bssid, req->reason_code); 4369 4370 if (ifmgd->auth_data) { 4371 drv_mgd_prepare_tx(sdata->local, sdata); 4372 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4373 IEEE80211_STYPE_DEAUTH, 4374 req->reason_code, tx, 4375 frame_buf); 4376 ieee80211_destroy_auth_data(sdata, false); 4377 4378 report_frame = true; 4379 goto out; 4380 } 4381 4382 if (ifmgd->associated && 4383 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4384 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4385 req->reason_code, tx, frame_buf); 4386 report_frame = true; 4387 } 4388 4389 out: 4390 if (report_frame) 4391 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4392 IEEE80211_DEAUTH_FRAME_LEN); 4393 4394 return 0; 4395 } 4396 4397 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4398 struct cfg80211_disassoc_request *req) 4399 { 4400 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4401 u8 bssid[ETH_ALEN]; 4402 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4403 4404 /* 4405 * cfg80211 should catch this ... but it's racy since 4406 * we can receive a disassoc frame, process it, hand it 4407 * to cfg80211 while that's in a locked section already 4408 * trying to tell us that the user wants to disconnect. 4409 */ 4410 if (ifmgd->associated != req->bss) 4411 return -ENOLINK; 4412 4413 sdata_info(sdata, 4414 "disassociating from %pM by local choice (reason=%d)\n", 4415 req->bss->bssid, req->reason_code); 4416 4417 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4418 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4419 req->reason_code, !req->local_state_change, 4420 frame_buf); 4421 4422 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4423 IEEE80211_DEAUTH_FRAME_LEN); 4424 4425 return 0; 4426 } 4427 4428 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4429 { 4430 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4431 4432 /* 4433 * Make sure some work items will not run after this, 4434 * they will not do anything but might not have been 4435 * cancelled when disconnecting. 4436 */ 4437 cancel_work_sync(&ifmgd->monitor_work); 4438 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4439 cancel_work_sync(&ifmgd->request_smps_work); 4440 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4441 cancel_work_sync(&ifmgd->chswitch_work); 4442 4443 sdata_lock(sdata); 4444 if (ifmgd->assoc_data) { 4445 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 4446 ieee80211_destroy_assoc_data(sdata, false); 4447 cfg80211_assoc_timeout(sdata->dev, bss); 4448 } 4449 if (ifmgd->auth_data) 4450 ieee80211_destroy_auth_data(sdata, false); 4451 del_timer_sync(&ifmgd->timer); 4452 sdata_unlock(sdata); 4453 } 4454 4455 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 4456 enum nl80211_cqm_rssi_threshold_event rssi_event, 4457 gfp_t gfp) 4458 { 4459 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4460 4461 trace_api_cqm_rssi_notify(sdata, rssi_event); 4462 4463 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4464 } 4465 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4466