1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/pm_qos.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) 35 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 36 #define IEEE80211_AUTH_MAX_TRIES 3 37 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 38 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 39 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 40 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 41 #define IEEE80211_ASSOC_MAX_TRIES 3 42 43 static int max_nullfunc_tries = 2; 44 module_param(max_nullfunc_tries, int, 0644); 45 MODULE_PARM_DESC(max_nullfunc_tries, 46 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 47 48 static int max_probe_tries = 5; 49 module_param(max_probe_tries, int, 0644); 50 MODULE_PARM_DESC(max_probe_tries, 51 "Maximum probe tries before disconnecting (reason 4)."); 52 53 /* 54 * Beacon loss timeout is calculated as N frames times the 55 * advertised beacon interval. This may need to be somewhat 56 * higher than what hardware might detect to account for 57 * delays in the host processing frames. But since we also 58 * probe on beacon miss before declaring the connection lost 59 * default to what we want. 60 */ 61 static int beacon_loss_count = 7; 62 module_param(beacon_loss_count, int, 0644); 63 MODULE_PARM_DESC(beacon_loss_count, 64 "Number of beacon intervals before we decide beacon was lost."); 65 66 /* 67 * Time the connection can be idle before we probe 68 * it to see if we can still talk to the AP. 69 */ 70 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 71 /* 72 * Time we wait for a probe response after sending 73 * a probe request because of beacon loss or for 74 * checking the connection still works. 75 */ 76 static int probe_wait_ms = 500; 77 module_param(probe_wait_ms, int, 0644); 78 MODULE_PARM_DESC(probe_wait_ms, 79 "Maximum time(ms) to wait for probe response" 80 " before disconnecting (reason 4)."); 81 82 /* 83 * Weight given to the latest Beacon frame when calculating average signal 84 * strength for Beacon frames received in the current BSS. This must be 85 * between 1 and 15. 86 */ 87 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 88 89 /* 90 * How many Beacon frames need to have been used in average signal strength 91 * before starting to indicate signal change events. 92 */ 93 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 94 95 /* 96 * We can have multiple work items (and connection probing) 97 * scheduling this timer, but we need to take care to only 98 * reschedule it when it should fire _earlier_ than it was 99 * asked for before, or if it's not pending right now. This 100 * function ensures that. Note that it then is required to 101 * run this function for all timeouts after the first one 102 * has happened -- the work that runs from this timer will 103 * do that. 104 */ 105 static void run_again(struct ieee80211_sub_if_data *sdata, 106 unsigned long timeout) 107 { 108 sdata_assert_lock(sdata); 109 110 if (!timer_pending(&sdata->u.mgd.timer) || 111 time_before(timeout, sdata->u.mgd.timer.expires)) 112 mod_timer(&sdata->u.mgd.timer, timeout); 113 } 114 115 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 116 { 117 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 118 return; 119 120 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 121 return; 122 123 mod_timer(&sdata->u.mgd.bcn_mon_timer, 124 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 125 } 126 127 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 128 { 129 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 130 131 if (unlikely(!sdata->u.mgd.associated)) 132 return; 133 134 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 135 return; 136 137 mod_timer(&sdata->u.mgd.conn_mon_timer, 138 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 139 140 ifmgd->probe_send_count = 0; 141 } 142 143 static int ecw2cw(int ecw) 144 { 145 return (1 << ecw) - 1; 146 } 147 148 static u32 chandef_downgrade(struct cfg80211_chan_def *c) 149 { 150 u32 ret; 151 int tmp; 152 153 switch (c->width) { 154 case NL80211_CHAN_WIDTH_20: 155 c->width = NL80211_CHAN_WIDTH_20_NOHT; 156 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 157 break; 158 case NL80211_CHAN_WIDTH_40: 159 c->width = NL80211_CHAN_WIDTH_20; 160 c->center_freq1 = c->chan->center_freq; 161 ret = IEEE80211_STA_DISABLE_40MHZ | 162 IEEE80211_STA_DISABLE_VHT; 163 break; 164 case NL80211_CHAN_WIDTH_80: 165 tmp = (30 + c->chan->center_freq - c->center_freq1)/20; 166 /* n_P40 */ 167 tmp /= 2; 168 /* freq_P40 */ 169 c->center_freq1 = c->center_freq1 - 20 + 40 * tmp; 170 c->width = NL80211_CHAN_WIDTH_40; 171 ret = IEEE80211_STA_DISABLE_VHT; 172 break; 173 case NL80211_CHAN_WIDTH_80P80: 174 c->center_freq2 = 0; 175 c->width = NL80211_CHAN_WIDTH_80; 176 ret = IEEE80211_STA_DISABLE_80P80MHZ | 177 IEEE80211_STA_DISABLE_160MHZ; 178 break; 179 case NL80211_CHAN_WIDTH_160: 180 /* n_P20 */ 181 tmp = (70 + c->chan->center_freq - c->center_freq1)/20; 182 /* n_P80 */ 183 tmp /= 4; 184 c->center_freq1 = c->center_freq1 - 40 + 80 * tmp; 185 c->width = NL80211_CHAN_WIDTH_80; 186 ret = IEEE80211_STA_DISABLE_80P80MHZ | 187 IEEE80211_STA_DISABLE_160MHZ; 188 break; 189 default: 190 case NL80211_CHAN_WIDTH_20_NOHT: 191 WARN_ON_ONCE(1); 192 c->width = NL80211_CHAN_WIDTH_20_NOHT; 193 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 194 break; 195 case NL80211_CHAN_WIDTH_5: 196 case NL80211_CHAN_WIDTH_10: 197 WARN_ON_ONCE(1); 198 /* keep c->width */ 199 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 200 break; 201 } 202 203 WARN_ON_ONCE(!cfg80211_chandef_valid(c)); 204 205 return ret; 206 } 207 208 static u32 209 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 210 struct ieee80211_supported_band *sband, 211 struct ieee80211_channel *channel, 212 const struct ieee80211_ht_operation *ht_oper, 213 const struct ieee80211_vht_operation *vht_oper, 214 struct cfg80211_chan_def *chandef, bool tracking) 215 { 216 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 217 struct cfg80211_chan_def vht_chandef; 218 u32 ht_cfreq, ret; 219 220 chandef->chan = channel; 221 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 222 chandef->center_freq1 = channel->center_freq; 223 chandef->center_freq2 = 0; 224 225 if (!ht_oper || !sband->ht_cap.ht_supported) { 226 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 227 goto out; 228 } 229 230 chandef->width = NL80211_CHAN_WIDTH_20; 231 232 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 233 channel->band); 234 /* check that channel matches the right operating channel */ 235 if (!tracking && channel->center_freq != ht_cfreq) { 236 /* 237 * It's possible that some APs are confused here; 238 * Netgear WNDR3700 sometimes reports 4 higher than 239 * the actual channel in association responses, but 240 * since we look at probe response/beacon data here 241 * it should be OK. 242 */ 243 sdata_info(sdata, 244 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 245 channel->center_freq, ht_cfreq, 246 ht_oper->primary_chan, channel->band); 247 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 248 goto out; 249 } 250 251 /* check 40 MHz support, if we have it */ 252 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 253 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 254 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 255 chandef->width = NL80211_CHAN_WIDTH_40; 256 chandef->center_freq1 += 10; 257 break; 258 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 259 chandef->width = NL80211_CHAN_WIDTH_40; 260 chandef->center_freq1 -= 10; 261 break; 262 } 263 } else { 264 /* 40 MHz (and 80 MHz) must be supported for VHT */ 265 ret = IEEE80211_STA_DISABLE_VHT; 266 /* also mark 40 MHz disabled */ 267 ret |= IEEE80211_STA_DISABLE_40MHZ; 268 goto out; 269 } 270 271 if (!vht_oper || !sband->vht_cap.vht_supported) { 272 ret = IEEE80211_STA_DISABLE_VHT; 273 goto out; 274 } 275 276 vht_chandef.chan = channel; 277 vht_chandef.center_freq1 = 278 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 279 channel->band); 280 vht_chandef.center_freq2 = 0; 281 282 switch (vht_oper->chan_width) { 283 case IEEE80211_VHT_CHANWIDTH_USE_HT: 284 vht_chandef.width = chandef->width; 285 break; 286 case IEEE80211_VHT_CHANWIDTH_80MHZ: 287 vht_chandef.width = NL80211_CHAN_WIDTH_80; 288 break; 289 case IEEE80211_VHT_CHANWIDTH_160MHZ: 290 vht_chandef.width = NL80211_CHAN_WIDTH_160; 291 break; 292 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 293 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 294 vht_chandef.center_freq2 = 295 ieee80211_channel_to_frequency( 296 vht_oper->center_freq_seg2_idx, 297 channel->band); 298 break; 299 default: 300 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 301 sdata_info(sdata, 302 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 303 vht_oper->chan_width); 304 ret = IEEE80211_STA_DISABLE_VHT; 305 goto out; 306 } 307 308 if (!cfg80211_chandef_valid(&vht_chandef)) { 309 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 310 sdata_info(sdata, 311 "AP VHT information is invalid, disable VHT\n"); 312 ret = IEEE80211_STA_DISABLE_VHT; 313 goto out; 314 } 315 316 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 317 ret = 0; 318 goto out; 319 } 320 321 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 322 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 323 sdata_info(sdata, 324 "AP VHT information doesn't match HT, disable VHT\n"); 325 ret = IEEE80211_STA_DISABLE_VHT; 326 goto out; 327 } 328 329 *chandef = vht_chandef; 330 331 ret = 0; 332 333 out: 334 /* don't print the message below for VHT mismatch if VHT is disabled */ 335 if (ret & IEEE80211_STA_DISABLE_VHT) 336 vht_chandef = *chandef; 337 338 /* 339 * Ignore the DISABLED flag when we're already connected and only 340 * tracking the APs beacon for bandwidth changes - otherwise we 341 * might get disconnected here if we connect to an AP, update our 342 * regulatory information based on the AP's country IE and the 343 * information we have is wrong/outdated and disables the channel 344 * that we're actually using for the connection to the AP. 345 */ 346 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 347 tracking ? 0 : 348 IEEE80211_CHAN_DISABLED)) { 349 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 350 ret = IEEE80211_STA_DISABLE_HT | 351 IEEE80211_STA_DISABLE_VHT; 352 break; 353 } 354 355 ret |= chandef_downgrade(chandef); 356 } 357 358 if (chandef->width != vht_chandef.width && !tracking) 359 sdata_info(sdata, 360 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 361 362 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 363 return ret; 364 } 365 366 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 367 struct sta_info *sta, 368 const struct ieee80211_ht_operation *ht_oper, 369 const struct ieee80211_vht_operation *vht_oper, 370 const u8 *bssid, u32 *changed) 371 { 372 struct ieee80211_local *local = sdata->local; 373 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 374 struct ieee80211_supported_band *sband; 375 struct ieee80211_channel *chan; 376 struct cfg80211_chan_def chandef; 377 u16 ht_opmode; 378 u32 flags; 379 enum ieee80211_sta_rx_bandwidth new_sta_bw; 380 int ret; 381 382 /* if HT was/is disabled, don't track any bandwidth changes */ 383 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 384 return 0; 385 386 /* don't check VHT if we associated as non-VHT station */ 387 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 388 vht_oper = NULL; 389 390 if (WARN_ON_ONCE(!sta)) 391 return -EINVAL; 392 393 chan = sdata->vif.bss_conf.chandef.chan; 394 sband = local->hw.wiphy->bands[chan->band]; 395 396 /* calculate new channel (type) based on HT/VHT operation IEs */ 397 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, 398 vht_oper, &chandef, true); 399 400 /* 401 * Downgrade the new channel if we associated with restricted 402 * capabilities. For example, if we associated as a 20 MHz STA 403 * to a 40 MHz AP (due to regulatory, capabilities or config 404 * reasons) then switching to a 40 MHz channel now won't do us 405 * any good -- we couldn't use it with the AP. 406 */ 407 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 408 chandef.width == NL80211_CHAN_WIDTH_80P80) 409 flags |= chandef_downgrade(&chandef); 410 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 411 chandef.width == NL80211_CHAN_WIDTH_160) 412 flags |= chandef_downgrade(&chandef); 413 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 414 chandef.width > NL80211_CHAN_WIDTH_20) 415 flags |= chandef_downgrade(&chandef); 416 417 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 418 return 0; 419 420 sdata_info(sdata, 421 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 422 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 423 chandef.center_freq1, chandef.center_freq2); 424 425 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 426 IEEE80211_STA_DISABLE_VHT | 427 IEEE80211_STA_DISABLE_40MHZ | 428 IEEE80211_STA_DISABLE_80P80MHZ | 429 IEEE80211_STA_DISABLE_160MHZ)) || 430 !cfg80211_chandef_valid(&chandef)) { 431 sdata_info(sdata, 432 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 433 ifmgd->bssid); 434 return -EINVAL; 435 } 436 437 switch (chandef.width) { 438 case NL80211_CHAN_WIDTH_20_NOHT: 439 case NL80211_CHAN_WIDTH_20: 440 new_sta_bw = IEEE80211_STA_RX_BW_20; 441 break; 442 case NL80211_CHAN_WIDTH_40: 443 new_sta_bw = IEEE80211_STA_RX_BW_40; 444 break; 445 case NL80211_CHAN_WIDTH_80: 446 new_sta_bw = IEEE80211_STA_RX_BW_80; 447 break; 448 case NL80211_CHAN_WIDTH_80P80: 449 case NL80211_CHAN_WIDTH_160: 450 new_sta_bw = IEEE80211_STA_RX_BW_160; 451 break; 452 default: 453 return -EINVAL; 454 } 455 456 if (new_sta_bw > sta->cur_max_bandwidth) 457 new_sta_bw = sta->cur_max_bandwidth; 458 459 if (new_sta_bw < sta->sta.bandwidth) { 460 sta->sta.bandwidth = new_sta_bw; 461 rate_control_rate_update(local, sband, sta, 462 IEEE80211_RC_BW_CHANGED); 463 } 464 465 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 466 if (ret) { 467 sdata_info(sdata, 468 "AP %pM changed bandwidth to incompatible one - disconnect\n", 469 ifmgd->bssid); 470 return ret; 471 } 472 473 if (new_sta_bw > sta->sta.bandwidth) { 474 sta->sta.bandwidth = new_sta_bw; 475 rate_control_rate_update(local, sband, sta, 476 IEEE80211_RC_BW_CHANGED); 477 } 478 479 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 480 481 /* if bss configuration changed store the new one */ 482 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 483 *changed |= BSS_CHANGED_HT; 484 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 485 } 486 487 return 0; 488 } 489 490 /* frame sending functions */ 491 492 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 493 struct sk_buff *skb, u8 ap_ht_param, 494 struct ieee80211_supported_band *sband, 495 struct ieee80211_channel *channel, 496 enum ieee80211_smps_mode smps) 497 { 498 u8 *pos; 499 u32 flags = channel->flags; 500 u16 cap; 501 struct ieee80211_sta_ht_cap ht_cap; 502 503 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 504 505 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 506 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 507 508 /* determine capability flags */ 509 cap = ht_cap.cap; 510 511 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 512 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 513 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 514 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 515 cap &= ~IEEE80211_HT_CAP_SGI_40; 516 } 517 break; 518 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 519 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 520 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 521 cap &= ~IEEE80211_HT_CAP_SGI_40; 522 } 523 break; 524 } 525 526 /* 527 * If 40 MHz was disabled associate as though we weren't 528 * capable of 40 MHz -- some broken APs will never fall 529 * back to trying to transmit in 20 MHz. 530 */ 531 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 532 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 533 cap &= ~IEEE80211_HT_CAP_SGI_40; 534 } 535 536 /* set SM PS mode properly */ 537 cap &= ~IEEE80211_HT_CAP_SM_PS; 538 switch (smps) { 539 case IEEE80211_SMPS_AUTOMATIC: 540 case IEEE80211_SMPS_NUM_MODES: 541 WARN_ON(1); 542 case IEEE80211_SMPS_OFF: 543 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 544 IEEE80211_HT_CAP_SM_PS_SHIFT; 545 break; 546 case IEEE80211_SMPS_STATIC: 547 cap |= WLAN_HT_CAP_SM_PS_STATIC << 548 IEEE80211_HT_CAP_SM_PS_SHIFT; 549 break; 550 case IEEE80211_SMPS_DYNAMIC: 551 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 552 IEEE80211_HT_CAP_SM_PS_SHIFT; 553 break; 554 } 555 556 /* reserve and fill IE */ 557 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 558 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 559 } 560 561 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 562 struct sk_buff *skb, 563 struct ieee80211_supported_band *sband, 564 struct ieee80211_vht_cap *ap_vht_cap) 565 { 566 u8 *pos; 567 u32 cap; 568 struct ieee80211_sta_vht_cap vht_cap; 569 570 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 571 572 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 573 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 574 575 /* determine capability flags */ 576 cap = vht_cap.cap; 577 578 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 579 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; 580 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 581 } 582 583 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 584 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 585 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 586 } 587 588 /* 589 * Some APs apparently get confused if our capabilities are better 590 * than theirs, so restrict what we advertise in the assoc request. 591 */ 592 if (!(ap_vht_cap->vht_cap_info & 593 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 594 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 595 596 /* reserve and fill IE */ 597 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 598 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 599 } 600 601 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 602 { 603 struct ieee80211_local *local = sdata->local; 604 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 605 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 606 struct sk_buff *skb; 607 struct ieee80211_mgmt *mgmt; 608 u8 *pos, qos_info; 609 size_t offset = 0, noffset; 610 int i, count, rates_len, supp_rates_len, shift; 611 u16 capab; 612 struct ieee80211_supported_band *sband; 613 struct ieee80211_chanctx_conf *chanctx_conf; 614 struct ieee80211_channel *chan; 615 u32 rate_flags, rates = 0; 616 617 sdata_assert_lock(sdata); 618 619 rcu_read_lock(); 620 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 621 if (WARN_ON(!chanctx_conf)) { 622 rcu_read_unlock(); 623 return; 624 } 625 chan = chanctx_conf->def.chan; 626 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 627 rcu_read_unlock(); 628 sband = local->hw.wiphy->bands[chan->band]; 629 shift = ieee80211_vif_get_shift(&sdata->vif); 630 631 if (assoc_data->supp_rates_len) { 632 /* 633 * Get all rates supported by the device and the AP as 634 * some APs don't like getting a superset of their rates 635 * in the association request (e.g. D-Link DAP 1353 in 636 * b-only mode)... 637 */ 638 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband, 639 assoc_data->supp_rates, 640 assoc_data->supp_rates_len, 641 &rates); 642 } else { 643 /* 644 * In case AP not provide any supported rates information 645 * before association, we send information element(s) with 646 * all rates that we support. 647 */ 648 rates_len = 0; 649 for (i = 0; i < sband->n_bitrates; i++) { 650 if ((rate_flags & sband->bitrates[i].flags) 651 != rate_flags) 652 continue; 653 rates |= BIT(i); 654 rates_len++; 655 } 656 } 657 658 skb = alloc_skb(local->hw.extra_tx_headroom + 659 sizeof(*mgmt) + /* bit too much but doesn't matter */ 660 2 + assoc_data->ssid_len + /* SSID */ 661 4 + rates_len + /* (extended) rates */ 662 4 + /* power capability */ 663 2 + 2 * sband->n_channels + /* supported channels */ 664 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 665 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 666 assoc_data->ie_len + /* extra IEs */ 667 9, /* WMM */ 668 GFP_KERNEL); 669 if (!skb) 670 return; 671 672 skb_reserve(skb, local->hw.extra_tx_headroom); 673 674 capab = WLAN_CAPABILITY_ESS; 675 676 if (sband->band == IEEE80211_BAND_2GHZ) { 677 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 678 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 679 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 680 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 681 } 682 683 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 684 capab |= WLAN_CAPABILITY_PRIVACY; 685 686 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 687 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 688 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 689 690 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 691 memset(mgmt, 0, 24); 692 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 693 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 694 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 695 696 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 697 skb_put(skb, 10); 698 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 699 IEEE80211_STYPE_REASSOC_REQ); 700 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 701 mgmt->u.reassoc_req.listen_interval = 702 cpu_to_le16(local->hw.conf.listen_interval); 703 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 704 ETH_ALEN); 705 } else { 706 skb_put(skb, 4); 707 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 708 IEEE80211_STYPE_ASSOC_REQ); 709 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 710 mgmt->u.assoc_req.listen_interval = 711 cpu_to_le16(local->hw.conf.listen_interval); 712 } 713 714 /* SSID */ 715 pos = skb_put(skb, 2 + assoc_data->ssid_len); 716 *pos++ = WLAN_EID_SSID; 717 *pos++ = assoc_data->ssid_len; 718 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 719 720 /* add all rates which were marked to be used above */ 721 supp_rates_len = rates_len; 722 if (supp_rates_len > 8) 723 supp_rates_len = 8; 724 725 pos = skb_put(skb, supp_rates_len + 2); 726 *pos++ = WLAN_EID_SUPP_RATES; 727 *pos++ = supp_rates_len; 728 729 count = 0; 730 for (i = 0; i < sband->n_bitrates; i++) { 731 if (BIT(i) & rates) { 732 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 733 5 * (1 << shift)); 734 *pos++ = (u8) rate; 735 if (++count == 8) 736 break; 737 } 738 } 739 740 if (rates_len > count) { 741 pos = skb_put(skb, rates_len - count + 2); 742 *pos++ = WLAN_EID_EXT_SUPP_RATES; 743 *pos++ = rates_len - count; 744 745 for (i++; i < sband->n_bitrates; i++) { 746 if (BIT(i) & rates) { 747 int rate; 748 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 749 5 * (1 << shift)); 750 *pos++ = (u8) rate; 751 } 752 } 753 } 754 755 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 756 /* 1. power capabilities */ 757 pos = skb_put(skb, 4); 758 *pos++ = WLAN_EID_PWR_CAPABILITY; 759 *pos++ = 2; 760 *pos++ = 0; /* min tx power */ 761 /* max tx power */ 762 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def); 763 764 /* 2. supported channels */ 765 /* TODO: get this in reg domain format */ 766 pos = skb_put(skb, 2 * sband->n_channels + 2); 767 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 768 *pos++ = 2 * sband->n_channels; 769 for (i = 0; i < sband->n_channels; i++) { 770 *pos++ = ieee80211_frequency_to_channel( 771 sband->channels[i].center_freq); 772 *pos++ = 1; /* one channel in the subband*/ 773 } 774 } 775 776 /* if present, add any custom IEs that go before HT */ 777 if (assoc_data->ie_len && assoc_data->ie) { 778 static const u8 before_ht[] = { 779 WLAN_EID_SSID, 780 WLAN_EID_SUPP_RATES, 781 WLAN_EID_EXT_SUPP_RATES, 782 WLAN_EID_PWR_CAPABILITY, 783 WLAN_EID_SUPPORTED_CHANNELS, 784 WLAN_EID_RSN, 785 WLAN_EID_QOS_CAPA, 786 WLAN_EID_RRM_ENABLED_CAPABILITIES, 787 WLAN_EID_MOBILITY_DOMAIN, 788 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 789 }; 790 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 791 before_ht, ARRAY_SIZE(before_ht), 792 offset); 793 pos = skb_put(skb, noffset - offset); 794 memcpy(pos, assoc_data->ie + offset, noffset - offset); 795 offset = noffset; 796 } 797 798 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 799 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 800 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 801 802 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 803 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 804 sband, chan, sdata->smps_mode); 805 806 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 807 ieee80211_add_vht_ie(sdata, skb, sband, 808 &assoc_data->ap_vht_cap); 809 810 /* if present, add any custom non-vendor IEs that go after HT */ 811 if (assoc_data->ie_len && assoc_data->ie) { 812 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 813 assoc_data->ie_len, 814 offset); 815 pos = skb_put(skb, noffset - offset); 816 memcpy(pos, assoc_data->ie + offset, noffset - offset); 817 offset = noffset; 818 } 819 820 if (assoc_data->wmm) { 821 if (assoc_data->uapsd) { 822 qos_info = ifmgd->uapsd_queues; 823 qos_info |= (ifmgd->uapsd_max_sp_len << 824 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 825 } else { 826 qos_info = 0; 827 } 828 829 pos = skb_put(skb, 9); 830 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 831 *pos++ = 7; /* len */ 832 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 833 *pos++ = 0x50; 834 *pos++ = 0xf2; 835 *pos++ = 2; /* WME */ 836 *pos++ = 0; /* WME info */ 837 *pos++ = 1; /* WME ver */ 838 *pos++ = qos_info; 839 } 840 841 /* add any remaining custom (i.e. vendor specific here) IEs */ 842 if (assoc_data->ie_len && assoc_data->ie) { 843 noffset = assoc_data->ie_len; 844 pos = skb_put(skb, noffset - offset); 845 memcpy(pos, assoc_data->ie + offset, noffset - offset); 846 } 847 848 drv_mgd_prepare_tx(local, sdata); 849 850 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 851 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 852 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 853 IEEE80211_TX_INTFL_MLME_CONN_TX; 854 ieee80211_tx_skb(sdata, skb); 855 } 856 857 void ieee80211_send_pspoll(struct ieee80211_local *local, 858 struct ieee80211_sub_if_data *sdata) 859 { 860 struct ieee80211_pspoll *pspoll; 861 struct sk_buff *skb; 862 863 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 864 if (!skb) 865 return; 866 867 pspoll = (struct ieee80211_pspoll *) skb->data; 868 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 869 870 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 871 ieee80211_tx_skb(sdata, skb); 872 } 873 874 void ieee80211_send_nullfunc(struct ieee80211_local *local, 875 struct ieee80211_sub_if_data *sdata, 876 int powersave) 877 { 878 struct sk_buff *skb; 879 struct ieee80211_hdr_3addr *nullfunc; 880 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 881 882 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 883 if (!skb) 884 return; 885 886 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 887 if (powersave) 888 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 889 890 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 891 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 892 893 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 894 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 895 896 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 897 IEEE80211_STA_CONNECTION_POLL)) 898 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 899 900 ieee80211_tx_skb(sdata, skb); 901 } 902 903 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 904 struct ieee80211_sub_if_data *sdata) 905 { 906 struct sk_buff *skb; 907 struct ieee80211_hdr *nullfunc; 908 __le16 fc; 909 910 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 911 return; 912 913 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 914 if (!skb) 915 return; 916 917 skb_reserve(skb, local->hw.extra_tx_headroom); 918 919 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 920 memset(nullfunc, 0, 30); 921 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 922 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 923 nullfunc->frame_control = fc; 924 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 925 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 926 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 927 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 928 929 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 930 ieee80211_tx_skb(sdata, skb); 931 } 932 933 /* spectrum management related things */ 934 static void ieee80211_chswitch_work(struct work_struct *work) 935 { 936 struct ieee80211_sub_if_data *sdata = 937 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 938 struct ieee80211_local *local = sdata->local; 939 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 940 941 if (!ieee80211_sdata_running(sdata)) 942 return; 943 944 sdata_lock(sdata); 945 if (!ifmgd->associated) 946 goto out; 947 948 local->_oper_chandef = local->csa_chandef; 949 950 if (!local->ops->channel_switch) { 951 /* call "hw_config" only if doing sw channel switch */ 952 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 953 } else { 954 /* update the device channel directly */ 955 local->hw.conf.chandef = local->_oper_chandef; 956 } 957 958 /* XXX: shouldn't really modify cfg80211-owned data! */ 959 ifmgd->associated->channel = local->_oper_chandef.chan; 960 961 /* XXX: wait for a beacon first? */ 962 ieee80211_wake_queues_by_reason(&local->hw, 963 IEEE80211_MAX_QUEUE_MAP, 964 IEEE80211_QUEUE_STOP_REASON_CSA); 965 out: 966 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 967 sdata_unlock(sdata); 968 } 969 970 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 971 { 972 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 973 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 974 975 trace_api_chswitch_done(sdata, success); 976 if (!success) { 977 sdata_info(sdata, 978 "driver channel switch failed, disconnecting\n"); 979 ieee80211_queue_work(&sdata->local->hw, 980 &ifmgd->csa_connection_drop_work); 981 } else { 982 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 983 } 984 } 985 EXPORT_SYMBOL(ieee80211_chswitch_done); 986 987 static void ieee80211_chswitch_timer(unsigned long data) 988 { 989 struct ieee80211_sub_if_data *sdata = 990 (struct ieee80211_sub_if_data *) data; 991 992 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 993 } 994 995 static void 996 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 997 u64 timestamp, struct ieee802_11_elems *elems, 998 bool beacon) 999 { 1000 struct ieee80211_local *local = sdata->local; 1001 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1002 struct cfg80211_bss *cbss = ifmgd->associated; 1003 struct ieee80211_bss *bss; 1004 struct ieee80211_chanctx *chanctx; 1005 enum ieee80211_band new_band; 1006 int new_freq; 1007 u8 new_chan_no; 1008 u8 count; 1009 u8 mode; 1010 struct ieee80211_channel *new_chan; 1011 struct cfg80211_chan_def new_chandef = {}; 1012 struct cfg80211_chan_def new_vht_chandef = {}; 1013 const struct ieee80211_sec_chan_offs_ie *sec_chan_offs; 1014 const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie; 1015 const struct ieee80211_ht_operation *ht_oper; 1016 int secondary_channel_offset = -1; 1017 1018 sdata_assert_lock(sdata); 1019 1020 if (!cbss) 1021 return; 1022 1023 if (local->scanning) 1024 return; 1025 1026 /* disregard subsequent announcements if we are already processing */ 1027 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 1028 return; 1029 1030 sec_chan_offs = elems->sec_chan_offs; 1031 wide_bw_chansw_ie = elems->wide_bw_chansw_ie; 1032 ht_oper = elems->ht_operation; 1033 1034 if (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 1035 IEEE80211_STA_DISABLE_40MHZ)) { 1036 sec_chan_offs = NULL; 1037 wide_bw_chansw_ie = NULL; 1038 /* only used for bandwidth here */ 1039 ht_oper = NULL; 1040 } 1041 1042 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 1043 wide_bw_chansw_ie = NULL; 1044 1045 if (elems->ext_chansw_ie) { 1046 if (!ieee80211_operating_class_to_band( 1047 elems->ext_chansw_ie->new_operating_class, 1048 &new_band)) { 1049 sdata_info(sdata, 1050 "cannot understand ECSA IE operating class %d, disconnecting\n", 1051 elems->ext_chansw_ie->new_operating_class); 1052 ieee80211_queue_work(&local->hw, 1053 &ifmgd->csa_connection_drop_work); 1054 } 1055 new_chan_no = elems->ext_chansw_ie->new_ch_num; 1056 count = elems->ext_chansw_ie->count; 1057 mode = elems->ext_chansw_ie->mode; 1058 } else if (elems->ch_switch_ie) { 1059 new_band = cbss->channel->band; 1060 new_chan_no = elems->ch_switch_ie->new_ch_num; 1061 count = elems->ch_switch_ie->count; 1062 mode = elems->ch_switch_ie->mode; 1063 } else { 1064 /* nothing here we understand */ 1065 return; 1066 } 1067 1068 bss = (void *)cbss->priv; 1069 1070 new_freq = ieee80211_channel_to_frequency(new_chan_no, new_band); 1071 new_chan = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 1072 if (!new_chan || new_chan->flags & IEEE80211_CHAN_DISABLED) { 1073 sdata_info(sdata, 1074 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n", 1075 ifmgd->associated->bssid, new_freq); 1076 ieee80211_queue_work(&local->hw, 1077 &ifmgd->csa_connection_drop_work); 1078 return; 1079 } 1080 1081 if (!beacon && sec_chan_offs) { 1082 secondary_channel_offset = sec_chan_offs->sec_chan_offs; 1083 } else if (beacon && ht_oper) { 1084 secondary_channel_offset = 1085 ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET; 1086 } else if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 1087 /* 1088 * If it's not a beacon, HT is enabled and the IE not present, 1089 * it's 20 MHz, 802.11-2012 8.5.2.6: 1090 * This element [the Secondary Channel Offset Element] is 1091 * present when switching to a 40 MHz channel. It may be 1092 * present when switching to a 20 MHz channel (in which 1093 * case the secondary channel offset is set to SCN). 1094 */ 1095 secondary_channel_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE; 1096 } 1097 1098 switch (secondary_channel_offset) { 1099 default: 1100 /* secondary_channel_offset was present but is invalid */ 1101 case IEEE80211_HT_PARAM_CHA_SEC_NONE: 1102 cfg80211_chandef_create(&new_chandef, new_chan, 1103 NL80211_CHAN_HT20); 1104 break; 1105 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 1106 cfg80211_chandef_create(&new_chandef, new_chan, 1107 NL80211_CHAN_HT40PLUS); 1108 break; 1109 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 1110 cfg80211_chandef_create(&new_chandef, new_chan, 1111 NL80211_CHAN_HT40MINUS); 1112 break; 1113 case -1: 1114 cfg80211_chandef_create(&new_chandef, new_chan, 1115 NL80211_CHAN_NO_HT); 1116 /* keep width for 5/10 MHz channels */ 1117 switch (sdata->vif.bss_conf.chandef.width) { 1118 case NL80211_CHAN_WIDTH_5: 1119 case NL80211_CHAN_WIDTH_10: 1120 new_chandef.width = sdata->vif.bss_conf.chandef.width; 1121 break; 1122 default: 1123 break; 1124 } 1125 break; 1126 } 1127 1128 if (wide_bw_chansw_ie) { 1129 new_vht_chandef.chan = new_chan; 1130 new_vht_chandef.center_freq1 = 1131 ieee80211_channel_to_frequency( 1132 wide_bw_chansw_ie->new_center_freq_seg0, 1133 new_band); 1134 1135 switch (wide_bw_chansw_ie->new_channel_width) { 1136 default: 1137 /* hmmm, ignore VHT and use HT if present */ 1138 case IEEE80211_VHT_CHANWIDTH_USE_HT: 1139 new_vht_chandef.chan = NULL; 1140 break; 1141 case IEEE80211_VHT_CHANWIDTH_80MHZ: 1142 new_vht_chandef.width = NL80211_CHAN_WIDTH_80; 1143 break; 1144 case IEEE80211_VHT_CHANWIDTH_160MHZ: 1145 new_vht_chandef.width = NL80211_CHAN_WIDTH_160; 1146 break; 1147 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 1148 /* field is otherwise reserved */ 1149 new_vht_chandef.center_freq2 = 1150 ieee80211_channel_to_frequency( 1151 wide_bw_chansw_ie->new_center_freq_seg1, 1152 new_band); 1153 new_vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 1154 break; 1155 } 1156 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 1157 new_vht_chandef.width == NL80211_CHAN_WIDTH_80P80) 1158 chandef_downgrade(&new_vht_chandef); 1159 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 1160 new_vht_chandef.width == NL80211_CHAN_WIDTH_160) 1161 chandef_downgrade(&new_vht_chandef); 1162 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 1163 new_vht_chandef.width > NL80211_CHAN_WIDTH_20) 1164 chandef_downgrade(&new_vht_chandef); 1165 } 1166 1167 /* if VHT data is there validate & use it */ 1168 if (new_vht_chandef.chan) { 1169 if (!cfg80211_chandef_compatible(&new_vht_chandef, 1170 &new_chandef)) { 1171 sdata_info(sdata, 1172 "AP %pM CSA has inconsistent channel data, disconnecting\n", 1173 ifmgd->associated->bssid); 1174 ieee80211_queue_work(&local->hw, 1175 &ifmgd->csa_connection_drop_work); 1176 return; 1177 } 1178 new_chandef = new_vht_chandef; 1179 } 1180 1181 if (!cfg80211_chandef_usable(local->hw.wiphy, &new_chandef, 1182 IEEE80211_CHAN_DISABLED)) { 1183 sdata_info(sdata, 1184 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 1185 ifmgd->associated->bssid, new_freq, 1186 new_chandef.width, new_chandef.center_freq1, 1187 new_chandef.center_freq2); 1188 ieee80211_queue_work(&local->hw, 1189 &ifmgd->csa_connection_drop_work); 1190 return; 1191 } 1192 1193 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 1194 1195 if (local->use_chanctx) { 1196 sdata_info(sdata, 1197 "not handling channel switch with channel contexts\n"); 1198 ieee80211_queue_work(&local->hw, 1199 &ifmgd->csa_connection_drop_work); 1200 return; 1201 } 1202 1203 mutex_lock(&local->chanctx_mtx); 1204 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { 1205 mutex_unlock(&local->chanctx_mtx); 1206 return; 1207 } 1208 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), 1209 struct ieee80211_chanctx, conf); 1210 if (chanctx->refcount > 1) { 1211 sdata_info(sdata, 1212 "channel switch with multiple interfaces on the same channel, disconnecting\n"); 1213 ieee80211_queue_work(&local->hw, 1214 &ifmgd->csa_connection_drop_work); 1215 mutex_unlock(&local->chanctx_mtx); 1216 return; 1217 } 1218 mutex_unlock(&local->chanctx_mtx); 1219 1220 local->csa_chandef = new_chandef; 1221 1222 if (mode) 1223 ieee80211_stop_queues_by_reason(&local->hw, 1224 IEEE80211_MAX_QUEUE_MAP, 1225 IEEE80211_QUEUE_STOP_REASON_CSA); 1226 1227 if (local->ops->channel_switch) { 1228 /* use driver's channel switch callback */ 1229 struct ieee80211_channel_switch ch_switch = { 1230 .timestamp = timestamp, 1231 .block_tx = mode, 1232 .chandef = new_chandef, 1233 .count = count, 1234 }; 1235 1236 drv_channel_switch(local, &ch_switch); 1237 return; 1238 } 1239 1240 /* channel switch handled in software */ 1241 if (count <= 1) 1242 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1243 else 1244 mod_timer(&ifmgd->chswitch_timer, 1245 TU_TO_EXP_TIME(count * cbss->beacon_interval)); 1246 } 1247 1248 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1249 struct ieee80211_channel *channel, 1250 const u8 *country_ie, u8 country_ie_len, 1251 const u8 *pwr_constr_elem) 1252 { 1253 struct ieee80211_country_ie_triplet *triplet; 1254 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1255 int i, chan_pwr, chan_increment, new_ap_level; 1256 bool have_chan_pwr = false; 1257 1258 /* Invalid IE */ 1259 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1260 return 0; 1261 1262 triplet = (void *)(country_ie + 3); 1263 country_ie_len -= 3; 1264 1265 switch (channel->band) { 1266 default: 1267 WARN_ON_ONCE(1); 1268 /* fall through */ 1269 case IEEE80211_BAND_2GHZ: 1270 case IEEE80211_BAND_60GHZ: 1271 chan_increment = 1; 1272 break; 1273 case IEEE80211_BAND_5GHZ: 1274 chan_increment = 4; 1275 break; 1276 } 1277 1278 /* find channel */ 1279 while (country_ie_len >= 3) { 1280 u8 first_channel = triplet->chans.first_channel; 1281 1282 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1283 goto next; 1284 1285 for (i = 0; i < triplet->chans.num_channels; i++) { 1286 if (first_channel + i * chan_increment == chan) { 1287 have_chan_pwr = true; 1288 chan_pwr = triplet->chans.max_power; 1289 break; 1290 } 1291 } 1292 if (have_chan_pwr) 1293 break; 1294 1295 next: 1296 triplet++; 1297 country_ie_len -= 3; 1298 } 1299 1300 if (!have_chan_pwr) 1301 return 0; 1302 1303 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem); 1304 1305 if (sdata->ap_power_level == new_ap_level) 1306 return 0; 1307 1308 sdata_info(sdata, 1309 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1310 new_ap_level, chan_pwr, *pwr_constr_elem, 1311 sdata->u.mgd.bssid); 1312 sdata->ap_power_level = new_ap_level; 1313 if (__ieee80211_recalc_txpower(sdata)) 1314 return BSS_CHANGED_TXPOWER; 1315 return 0; 1316 } 1317 1318 /* powersave */ 1319 static void ieee80211_enable_ps(struct ieee80211_local *local, 1320 struct ieee80211_sub_if_data *sdata) 1321 { 1322 struct ieee80211_conf *conf = &local->hw.conf; 1323 1324 /* 1325 * If we are scanning right now then the parameters will 1326 * take effect when scan finishes. 1327 */ 1328 if (local->scanning) 1329 return; 1330 1331 if (conf->dynamic_ps_timeout > 0 && 1332 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1333 mod_timer(&local->dynamic_ps_timer, jiffies + 1334 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1335 } else { 1336 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1337 ieee80211_send_nullfunc(local, sdata, 1); 1338 1339 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1340 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1341 return; 1342 1343 conf->flags |= IEEE80211_CONF_PS; 1344 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1345 } 1346 } 1347 1348 static void ieee80211_change_ps(struct ieee80211_local *local) 1349 { 1350 struct ieee80211_conf *conf = &local->hw.conf; 1351 1352 if (local->ps_sdata) { 1353 ieee80211_enable_ps(local, local->ps_sdata); 1354 } else if (conf->flags & IEEE80211_CONF_PS) { 1355 conf->flags &= ~IEEE80211_CONF_PS; 1356 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1357 del_timer_sync(&local->dynamic_ps_timer); 1358 cancel_work_sync(&local->dynamic_ps_enable_work); 1359 } 1360 } 1361 1362 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1363 { 1364 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1365 struct sta_info *sta = NULL; 1366 bool authorized = false; 1367 1368 if (!mgd->powersave) 1369 return false; 1370 1371 if (mgd->broken_ap) 1372 return false; 1373 1374 if (!mgd->associated) 1375 return false; 1376 1377 if (mgd->flags & (IEEE80211_STA_BEACON_POLL | 1378 IEEE80211_STA_CONNECTION_POLL)) 1379 return false; 1380 1381 if (!mgd->have_beacon) 1382 return false; 1383 1384 rcu_read_lock(); 1385 sta = sta_info_get(sdata, mgd->bssid); 1386 if (sta) 1387 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1388 rcu_read_unlock(); 1389 1390 return authorized; 1391 } 1392 1393 /* need to hold RTNL or interface lock */ 1394 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1395 { 1396 struct ieee80211_sub_if_data *sdata, *found = NULL; 1397 int count = 0; 1398 int timeout; 1399 1400 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1401 local->ps_sdata = NULL; 1402 return; 1403 } 1404 1405 list_for_each_entry(sdata, &local->interfaces, list) { 1406 if (!ieee80211_sdata_running(sdata)) 1407 continue; 1408 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1409 /* If an AP vif is found, then disable PS 1410 * by setting the count to zero thereby setting 1411 * ps_sdata to NULL. 1412 */ 1413 count = 0; 1414 break; 1415 } 1416 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1417 continue; 1418 found = sdata; 1419 count++; 1420 } 1421 1422 if (count == 1 && ieee80211_powersave_allowed(found)) { 1423 s32 beaconint_us; 1424 1425 if (latency < 0) 1426 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1427 1428 beaconint_us = ieee80211_tu_to_usec( 1429 found->vif.bss_conf.beacon_int); 1430 1431 timeout = local->dynamic_ps_forced_timeout; 1432 if (timeout < 0) { 1433 /* 1434 * Go to full PSM if the user configures a very low 1435 * latency requirement. 1436 * The 2000 second value is there for compatibility 1437 * until the PM_QOS_NETWORK_LATENCY is configured 1438 * with real values. 1439 */ 1440 if (latency > (1900 * USEC_PER_MSEC) && 1441 latency != (2000 * USEC_PER_SEC)) 1442 timeout = 0; 1443 else 1444 timeout = 100; 1445 } 1446 local->hw.conf.dynamic_ps_timeout = timeout; 1447 1448 if (beaconint_us > latency) { 1449 local->ps_sdata = NULL; 1450 } else { 1451 int maxslp = 1; 1452 u8 dtimper = found->u.mgd.dtim_period; 1453 1454 /* If the TIM IE is invalid, pretend the value is 1 */ 1455 if (!dtimper) 1456 dtimper = 1; 1457 else if (dtimper > 1) 1458 maxslp = min_t(int, dtimper, 1459 latency / beaconint_us); 1460 1461 local->hw.conf.max_sleep_period = maxslp; 1462 local->hw.conf.ps_dtim_period = dtimper; 1463 local->ps_sdata = found; 1464 } 1465 } else { 1466 local->ps_sdata = NULL; 1467 } 1468 1469 ieee80211_change_ps(local); 1470 } 1471 1472 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1473 { 1474 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1475 1476 if (sdata->vif.bss_conf.ps != ps_allowed) { 1477 sdata->vif.bss_conf.ps = ps_allowed; 1478 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1479 } 1480 } 1481 1482 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1483 { 1484 struct ieee80211_local *local = 1485 container_of(work, struct ieee80211_local, 1486 dynamic_ps_disable_work); 1487 1488 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1489 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1490 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1491 } 1492 1493 ieee80211_wake_queues_by_reason(&local->hw, 1494 IEEE80211_MAX_QUEUE_MAP, 1495 IEEE80211_QUEUE_STOP_REASON_PS); 1496 } 1497 1498 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1499 { 1500 struct ieee80211_local *local = 1501 container_of(work, struct ieee80211_local, 1502 dynamic_ps_enable_work); 1503 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1504 struct ieee80211_if_managed *ifmgd; 1505 unsigned long flags; 1506 int q; 1507 1508 /* can only happen when PS was just disabled anyway */ 1509 if (!sdata) 1510 return; 1511 1512 ifmgd = &sdata->u.mgd; 1513 1514 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1515 return; 1516 1517 if (local->hw.conf.dynamic_ps_timeout > 0) { 1518 /* don't enter PS if TX frames are pending */ 1519 if (drv_tx_frames_pending(local)) { 1520 mod_timer(&local->dynamic_ps_timer, jiffies + 1521 msecs_to_jiffies( 1522 local->hw.conf.dynamic_ps_timeout)); 1523 return; 1524 } 1525 1526 /* 1527 * transmission can be stopped by others which leads to 1528 * dynamic_ps_timer expiry. Postpone the ps timer if it 1529 * is not the actual idle state. 1530 */ 1531 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1532 for (q = 0; q < local->hw.queues; q++) { 1533 if (local->queue_stop_reasons[q]) { 1534 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1535 flags); 1536 mod_timer(&local->dynamic_ps_timer, jiffies + 1537 msecs_to_jiffies( 1538 local->hw.conf.dynamic_ps_timeout)); 1539 return; 1540 } 1541 } 1542 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1543 } 1544 1545 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1546 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1547 if (drv_tx_frames_pending(local)) { 1548 mod_timer(&local->dynamic_ps_timer, jiffies + 1549 msecs_to_jiffies( 1550 local->hw.conf.dynamic_ps_timeout)); 1551 } else { 1552 ieee80211_send_nullfunc(local, sdata, 1); 1553 /* Flush to get the tx status of nullfunc frame */ 1554 ieee80211_flush_queues(local, sdata); 1555 } 1556 } 1557 1558 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1559 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1560 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1561 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1562 local->hw.conf.flags |= IEEE80211_CONF_PS; 1563 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1564 } 1565 } 1566 1567 void ieee80211_dynamic_ps_timer(unsigned long data) 1568 { 1569 struct ieee80211_local *local = (void *) data; 1570 1571 if (local->quiescing || local->suspended) 1572 return; 1573 1574 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1575 } 1576 1577 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1578 { 1579 struct delayed_work *delayed_work = 1580 container_of(work, struct delayed_work, work); 1581 struct ieee80211_sub_if_data *sdata = 1582 container_of(delayed_work, struct ieee80211_sub_if_data, 1583 dfs_cac_timer_work); 1584 1585 ieee80211_vif_release_channel(sdata); 1586 1587 cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL); 1588 } 1589 1590 /* MLME */ 1591 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1592 struct ieee80211_sub_if_data *sdata, 1593 const u8 *wmm_param, size_t wmm_param_len) 1594 { 1595 struct ieee80211_tx_queue_params params; 1596 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1597 size_t left; 1598 int count; 1599 const u8 *pos; 1600 u8 uapsd_queues = 0; 1601 1602 if (!local->ops->conf_tx) 1603 return false; 1604 1605 if (local->hw.queues < IEEE80211_NUM_ACS) 1606 return false; 1607 1608 if (!wmm_param) 1609 return false; 1610 1611 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1612 return false; 1613 1614 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1615 uapsd_queues = ifmgd->uapsd_queues; 1616 1617 count = wmm_param[6] & 0x0f; 1618 if (count == ifmgd->wmm_last_param_set) 1619 return false; 1620 ifmgd->wmm_last_param_set = count; 1621 1622 pos = wmm_param + 8; 1623 left = wmm_param_len - 8; 1624 1625 memset(¶ms, 0, sizeof(params)); 1626 1627 sdata->wmm_acm = 0; 1628 for (; left >= 4; left -= 4, pos += 4) { 1629 int aci = (pos[0] >> 5) & 0x03; 1630 int acm = (pos[0] >> 4) & 0x01; 1631 bool uapsd = false; 1632 int queue; 1633 1634 switch (aci) { 1635 case 1: /* AC_BK */ 1636 queue = 3; 1637 if (acm) 1638 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1639 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1640 uapsd = true; 1641 break; 1642 case 2: /* AC_VI */ 1643 queue = 1; 1644 if (acm) 1645 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1646 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1647 uapsd = true; 1648 break; 1649 case 3: /* AC_VO */ 1650 queue = 0; 1651 if (acm) 1652 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1653 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1654 uapsd = true; 1655 break; 1656 case 0: /* AC_BE */ 1657 default: 1658 queue = 2; 1659 if (acm) 1660 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1661 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1662 uapsd = true; 1663 break; 1664 } 1665 1666 params.aifs = pos[0] & 0x0f; 1667 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1668 params.cw_min = ecw2cw(pos[1] & 0x0f); 1669 params.txop = get_unaligned_le16(pos + 2); 1670 params.acm = acm; 1671 params.uapsd = uapsd; 1672 1673 mlme_dbg(sdata, 1674 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 1675 queue, aci, acm, 1676 params.aifs, params.cw_min, params.cw_max, 1677 params.txop, params.uapsd); 1678 sdata->tx_conf[queue] = params; 1679 if (drv_conf_tx(local, sdata, queue, ¶ms)) 1680 sdata_err(sdata, 1681 "failed to set TX queue parameters for queue %d\n", 1682 queue); 1683 } 1684 1685 /* enable WMM or activate new settings */ 1686 sdata->vif.bss_conf.qos = true; 1687 return true; 1688 } 1689 1690 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1691 { 1692 lockdep_assert_held(&sdata->local->mtx); 1693 1694 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1695 IEEE80211_STA_BEACON_POLL); 1696 ieee80211_run_deferred_scan(sdata->local); 1697 } 1698 1699 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1700 { 1701 mutex_lock(&sdata->local->mtx); 1702 __ieee80211_stop_poll(sdata); 1703 mutex_unlock(&sdata->local->mtx); 1704 } 1705 1706 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1707 u16 capab, bool erp_valid, u8 erp) 1708 { 1709 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1710 u32 changed = 0; 1711 bool use_protection; 1712 bool use_short_preamble; 1713 bool use_short_slot; 1714 1715 if (erp_valid) { 1716 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1717 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1718 } else { 1719 use_protection = false; 1720 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1721 } 1722 1723 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1724 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1725 use_short_slot = true; 1726 1727 if (use_protection != bss_conf->use_cts_prot) { 1728 bss_conf->use_cts_prot = use_protection; 1729 changed |= BSS_CHANGED_ERP_CTS_PROT; 1730 } 1731 1732 if (use_short_preamble != bss_conf->use_short_preamble) { 1733 bss_conf->use_short_preamble = use_short_preamble; 1734 changed |= BSS_CHANGED_ERP_PREAMBLE; 1735 } 1736 1737 if (use_short_slot != bss_conf->use_short_slot) { 1738 bss_conf->use_short_slot = use_short_slot; 1739 changed |= BSS_CHANGED_ERP_SLOT; 1740 } 1741 1742 return changed; 1743 } 1744 1745 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1746 struct cfg80211_bss *cbss, 1747 u32 bss_info_changed) 1748 { 1749 struct ieee80211_bss *bss = (void *)cbss->priv; 1750 struct ieee80211_local *local = sdata->local; 1751 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1752 1753 bss_info_changed |= BSS_CHANGED_ASSOC; 1754 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1755 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1756 1757 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1758 beacon_loss_count * bss_conf->beacon_int)); 1759 1760 sdata->u.mgd.associated = cbss; 1761 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1762 1763 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1764 1765 if (sdata->vif.p2p) { 1766 const struct cfg80211_bss_ies *ies; 1767 1768 rcu_read_lock(); 1769 ies = rcu_dereference(cbss->ies); 1770 if (ies) { 1771 int ret; 1772 1773 ret = cfg80211_get_p2p_attr( 1774 ies->data, ies->len, 1775 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1776 (u8 *) &bss_conf->p2p_noa_attr, 1777 sizeof(bss_conf->p2p_noa_attr)); 1778 if (ret >= 2) { 1779 sdata->u.mgd.p2p_noa_index = 1780 bss_conf->p2p_noa_attr.index; 1781 bss_info_changed |= BSS_CHANGED_P2P_PS; 1782 } 1783 } 1784 rcu_read_unlock(); 1785 } 1786 1787 /* just to be sure */ 1788 ieee80211_stop_poll(sdata); 1789 1790 ieee80211_led_assoc(local, 1); 1791 1792 if (sdata->u.mgd.have_beacon) { 1793 /* 1794 * If the AP is buggy we may get here with no DTIM period 1795 * known, so assume it's 1 which is the only safe assumption 1796 * in that case, although if the TIM IE is broken powersave 1797 * probably just won't work at all. 1798 */ 1799 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1800 bss_conf->beacon_rate = bss->beacon_rate; 1801 bss_info_changed |= BSS_CHANGED_BEACON_INFO; 1802 } else { 1803 bss_conf->beacon_rate = NULL; 1804 bss_conf->dtim_period = 0; 1805 } 1806 1807 bss_conf->assoc = 1; 1808 1809 /* Tell the driver to monitor connection quality (if supported) */ 1810 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1811 bss_conf->cqm_rssi_thold) 1812 bss_info_changed |= BSS_CHANGED_CQM; 1813 1814 /* Enable ARP filtering */ 1815 if (bss_conf->arp_addr_cnt) 1816 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1817 1818 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1819 1820 mutex_lock(&local->iflist_mtx); 1821 ieee80211_recalc_ps(local, -1); 1822 mutex_unlock(&local->iflist_mtx); 1823 1824 ieee80211_recalc_smps(sdata); 1825 ieee80211_recalc_ps_vif(sdata); 1826 1827 netif_carrier_on(sdata->dev); 1828 } 1829 1830 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1831 u16 stype, u16 reason, bool tx, 1832 u8 *frame_buf) 1833 { 1834 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1835 struct ieee80211_local *local = sdata->local; 1836 u32 changed = 0; 1837 1838 sdata_assert_lock(sdata); 1839 1840 if (WARN_ON_ONCE(tx && !frame_buf)) 1841 return; 1842 1843 if (WARN_ON(!ifmgd->associated)) 1844 return; 1845 1846 ieee80211_stop_poll(sdata); 1847 1848 ifmgd->associated = NULL; 1849 netif_carrier_off(sdata->dev); 1850 1851 /* 1852 * if we want to get out of ps before disassoc (why?) we have 1853 * to do it before sending disassoc, as otherwise the null-packet 1854 * won't be valid. 1855 */ 1856 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1857 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1858 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1859 } 1860 local->ps_sdata = NULL; 1861 1862 /* disable per-vif ps */ 1863 ieee80211_recalc_ps_vif(sdata); 1864 1865 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1866 if (tx) 1867 ieee80211_flush_queues(local, sdata); 1868 1869 /* deauthenticate/disassociate now */ 1870 if (tx || frame_buf) 1871 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1872 reason, tx, frame_buf); 1873 1874 /* flush out frame */ 1875 if (tx) 1876 ieee80211_flush_queues(local, sdata); 1877 1878 /* clear bssid only after building the needed mgmt frames */ 1879 memset(ifmgd->bssid, 0, ETH_ALEN); 1880 1881 /* remove AP and TDLS peers */ 1882 sta_info_flush_defer(sdata); 1883 1884 /* finally reset all BSS / config parameters */ 1885 changed |= ieee80211_reset_erp_info(sdata); 1886 1887 ieee80211_led_assoc(local, 0); 1888 changed |= BSS_CHANGED_ASSOC; 1889 sdata->vif.bss_conf.assoc = false; 1890 1891 ifmgd->p2p_noa_index = -1; 1892 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 1893 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 1894 1895 /* on the next assoc, re-program HT/VHT parameters */ 1896 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1897 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 1898 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 1899 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 1900 1901 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 1902 1903 del_timer_sync(&local->dynamic_ps_timer); 1904 cancel_work_sync(&local->dynamic_ps_enable_work); 1905 1906 /* Disable ARP filtering */ 1907 if (sdata->vif.bss_conf.arp_addr_cnt) 1908 changed |= BSS_CHANGED_ARP_FILTER; 1909 1910 sdata->vif.bss_conf.qos = false; 1911 changed |= BSS_CHANGED_QOS; 1912 1913 /* The BSSID (not really interesting) and HT changed */ 1914 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1915 ieee80211_bss_info_change_notify(sdata, changed); 1916 1917 /* disassociated - set to defaults now */ 1918 ieee80211_set_wmm_default(sdata, false); 1919 1920 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1921 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1922 del_timer_sync(&sdata->u.mgd.timer); 1923 del_timer_sync(&sdata->u.mgd.chswitch_timer); 1924 1925 sdata->vif.bss_conf.dtim_period = 0; 1926 sdata->vif.bss_conf.beacon_rate = NULL; 1927 1928 ifmgd->have_beacon = false; 1929 1930 ifmgd->flags = 0; 1931 ieee80211_vif_release_channel(sdata); 1932 } 1933 1934 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1935 struct ieee80211_hdr *hdr) 1936 { 1937 /* 1938 * We can postpone the mgd.timer whenever receiving unicast frames 1939 * from AP because we know that the connection is working both ways 1940 * at that time. But multicast frames (and hence also beacons) must 1941 * be ignored here, because we need to trigger the timer during 1942 * data idle periods for sending the periodic probe request to the 1943 * AP we're connected to. 1944 */ 1945 if (is_multicast_ether_addr(hdr->addr1)) 1946 return; 1947 1948 ieee80211_sta_reset_conn_monitor(sdata); 1949 } 1950 1951 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 1952 { 1953 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1954 struct ieee80211_local *local = sdata->local; 1955 1956 mutex_lock(&local->mtx); 1957 if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1958 IEEE80211_STA_CONNECTION_POLL))) { 1959 mutex_unlock(&local->mtx); 1960 return; 1961 } 1962 1963 __ieee80211_stop_poll(sdata); 1964 1965 mutex_lock(&local->iflist_mtx); 1966 ieee80211_recalc_ps(local, -1); 1967 mutex_unlock(&local->iflist_mtx); 1968 1969 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1970 goto out; 1971 1972 /* 1973 * We've received a probe response, but are not sure whether 1974 * we have or will be receiving any beacons or data, so let's 1975 * schedule the timers again, just in case. 1976 */ 1977 ieee80211_sta_reset_beacon_monitor(sdata); 1978 1979 mod_timer(&ifmgd->conn_mon_timer, 1980 round_jiffies_up(jiffies + 1981 IEEE80211_CONNECTION_IDLE_TIME)); 1982 out: 1983 mutex_unlock(&local->mtx); 1984 } 1985 1986 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1987 struct ieee80211_hdr *hdr, bool ack) 1988 { 1989 if (!ieee80211_is_data(hdr->frame_control)) 1990 return; 1991 1992 if (ieee80211_is_nullfunc(hdr->frame_control) && 1993 sdata->u.mgd.probe_send_count > 0) { 1994 if (ack) 1995 ieee80211_sta_reset_conn_monitor(sdata); 1996 else 1997 sdata->u.mgd.nullfunc_failed = true; 1998 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 1999 return; 2000 } 2001 2002 if (ack) 2003 ieee80211_sta_reset_conn_monitor(sdata); 2004 } 2005 2006 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 2007 { 2008 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2009 const u8 *ssid; 2010 u8 *dst = ifmgd->associated->bssid; 2011 u8 unicast_limit = max(1, max_probe_tries - 3); 2012 2013 /* 2014 * Try sending broadcast probe requests for the last three 2015 * probe requests after the first ones failed since some 2016 * buggy APs only support broadcast probe requests. 2017 */ 2018 if (ifmgd->probe_send_count >= unicast_limit) 2019 dst = NULL; 2020 2021 /* 2022 * When the hardware reports an accurate Tx ACK status, it's 2023 * better to send a nullfunc frame instead of a probe request, 2024 * as it will kick us off the AP quickly if we aren't associated 2025 * anymore. The timeout will be reset if the frame is ACKed by 2026 * the AP. 2027 */ 2028 ifmgd->probe_send_count++; 2029 2030 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 2031 ifmgd->nullfunc_failed = false; 2032 ieee80211_send_nullfunc(sdata->local, sdata, 0); 2033 } else { 2034 int ssid_len; 2035 2036 rcu_read_lock(); 2037 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 2038 if (WARN_ON_ONCE(ssid == NULL)) 2039 ssid_len = 0; 2040 else 2041 ssid_len = ssid[1]; 2042 2043 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 2044 0, (u32) -1, true, 0, 2045 ifmgd->associated->channel, false); 2046 rcu_read_unlock(); 2047 } 2048 2049 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 2050 run_again(sdata, ifmgd->probe_timeout); 2051 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2052 ieee80211_flush_queues(sdata->local, sdata); 2053 } 2054 2055 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 2056 bool beacon) 2057 { 2058 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2059 bool already = false; 2060 2061 if (!ieee80211_sdata_running(sdata)) 2062 return; 2063 2064 sdata_lock(sdata); 2065 2066 if (!ifmgd->associated) 2067 goto out; 2068 2069 mutex_lock(&sdata->local->mtx); 2070 2071 if (sdata->local->tmp_channel || sdata->local->scanning) { 2072 mutex_unlock(&sdata->local->mtx); 2073 goto out; 2074 } 2075 2076 if (beacon) { 2077 mlme_dbg_ratelimited(sdata, 2078 "detected beacon loss from AP (missed %d beacons) - probing\n", 2079 beacon_loss_count); 2080 2081 ieee80211_cqm_rssi_notify(&sdata->vif, 2082 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, 2083 GFP_KERNEL); 2084 } 2085 2086 /* 2087 * The driver/our work has already reported this event or the 2088 * connection monitoring has kicked in and we have already sent 2089 * a probe request. Or maybe the AP died and the driver keeps 2090 * reporting until we disassociate... 2091 * 2092 * In either case we have to ignore the current call to this 2093 * function (except for setting the correct probe reason bit) 2094 * because otherwise we would reset the timer every time and 2095 * never check whether we received a probe response! 2096 */ 2097 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 2098 IEEE80211_STA_CONNECTION_POLL)) 2099 already = true; 2100 2101 if (beacon) 2102 ifmgd->flags |= IEEE80211_STA_BEACON_POLL; 2103 else 2104 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 2105 2106 mutex_unlock(&sdata->local->mtx); 2107 2108 if (already) 2109 goto out; 2110 2111 mutex_lock(&sdata->local->iflist_mtx); 2112 ieee80211_recalc_ps(sdata->local, -1); 2113 mutex_unlock(&sdata->local->iflist_mtx); 2114 2115 ifmgd->probe_send_count = 0; 2116 ieee80211_mgd_probe_ap_send(sdata); 2117 out: 2118 sdata_unlock(sdata); 2119 } 2120 2121 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 2122 struct ieee80211_vif *vif) 2123 { 2124 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2125 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2126 struct cfg80211_bss *cbss; 2127 struct sk_buff *skb; 2128 const u8 *ssid; 2129 int ssid_len; 2130 2131 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2132 return NULL; 2133 2134 sdata_assert_lock(sdata); 2135 2136 if (ifmgd->associated) 2137 cbss = ifmgd->associated; 2138 else if (ifmgd->auth_data) 2139 cbss = ifmgd->auth_data->bss; 2140 else if (ifmgd->assoc_data) 2141 cbss = ifmgd->assoc_data->bss; 2142 else 2143 return NULL; 2144 2145 rcu_read_lock(); 2146 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 2147 if (WARN_ON_ONCE(ssid == NULL)) 2148 ssid_len = 0; 2149 else 2150 ssid_len = ssid[1]; 2151 2152 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 2153 (u32) -1, cbss->channel, 2154 ssid + 2, ssid_len, 2155 NULL, 0, true); 2156 rcu_read_unlock(); 2157 2158 return skb; 2159 } 2160 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2161 2162 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2163 { 2164 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2165 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2166 2167 sdata_lock(sdata); 2168 if (!ifmgd->associated) { 2169 sdata_unlock(sdata); 2170 return; 2171 } 2172 2173 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2174 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2175 true, frame_buf); 2176 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 2177 ieee80211_wake_queues_by_reason(&sdata->local->hw, 2178 IEEE80211_MAX_QUEUE_MAP, 2179 IEEE80211_QUEUE_STOP_REASON_CSA); 2180 2181 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 2182 IEEE80211_DEAUTH_FRAME_LEN); 2183 sdata_unlock(sdata); 2184 } 2185 2186 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2187 { 2188 struct ieee80211_sub_if_data *sdata = 2189 container_of(work, struct ieee80211_sub_if_data, 2190 u.mgd.beacon_connection_loss_work); 2191 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2192 struct sta_info *sta; 2193 2194 if (ifmgd->associated) { 2195 rcu_read_lock(); 2196 sta = sta_info_get(sdata, ifmgd->bssid); 2197 if (sta) 2198 sta->beacon_loss_count++; 2199 rcu_read_unlock(); 2200 } 2201 2202 if (ifmgd->connection_loss) { 2203 sdata_info(sdata, "Connection to AP %pM lost\n", 2204 ifmgd->bssid); 2205 __ieee80211_disconnect(sdata); 2206 } else { 2207 ieee80211_mgd_probe_ap(sdata, true); 2208 } 2209 } 2210 2211 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2212 { 2213 struct ieee80211_sub_if_data *sdata = 2214 container_of(work, struct ieee80211_sub_if_data, 2215 u.mgd.csa_connection_drop_work); 2216 2217 __ieee80211_disconnect(sdata); 2218 } 2219 2220 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2221 { 2222 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2223 struct ieee80211_hw *hw = &sdata->local->hw; 2224 2225 trace_api_beacon_loss(sdata); 2226 2227 sdata->u.mgd.connection_loss = false; 2228 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2229 } 2230 EXPORT_SYMBOL(ieee80211_beacon_loss); 2231 2232 void ieee80211_connection_loss(struct ieee80211_vif *vif) 2233 { 2234 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2235 struct ieee80211_hw *hw = &sdata->local->hw; 2236 2237 trace_api_connection_loss(sdata); 2238 2239 sdata->u.mgd.connection_loss = true; 2240 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2241 } 2242 EXPORT_SYMBOL(ieee80211_connection_loss); 2243 2244 2245 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2246 bool assoc) 2247 { 2248 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2249 2250 sdata_assert_lock(sdata); 2251 2252 if (!assoc) { 2253 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2254 2255 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2256 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2257 sdata->u.mgd.flags = 0; 2258 ieee80211_vif_release_channel(sdata); 2259 } 2260 2261 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2262 kfree(auth_data); 2263 sdata->u.mgd.auth_data = NULL; 2264 } 2265 2266 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2267 struct ieee80211_mgmt *mgmt, size_t len) 2268 { 2269 struct ieee80211_local *local = sdata->local; 2270 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2271 u8 *pos; 2272 struct ieee802_11_elems elems; 2273 u32 tx_flags = 0; 2274 2275 pos = mgmt->u.auth.variable; 2276 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2277 if (!elems.challenge) 2278 return; 2279 auth_data->expected_transaction = 4; 2280 drv_mgd_prepare_tx(sdata->local, sdata); 2281 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2282 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2283 IEEE80211_TX_INTFL_MLME_CONN_TX; 2284 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2285 elems.challenge - 2, elems.challenge_len + 2, 2286 auth_data->bss->bssid, auth_data->bss->bssid, 2287 auth_data->key, auth_data->key_len, 2288 auth_data->key_idx, tx_flags); 2289 } 2290 2291 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2292 struct ieee80211_mgmt *mgmt, size_t len) 2293 { 2294 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2295 u8 bssid[ETH_ALEN]; 2296 u16 auth_alg, auth_transaction, status_code; 2297 struct sta_info *sta; 2298 2299 sdata_assert_lock(sdata); 2300 2301 if (len < 24 + 6) 2302 return; 2303 2304 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2305 return; 2306 2307 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2308 2309 if (!ether_addr_equal(bssid, mgmt->bssid)) 2310 return; 2311 2312 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2313 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2314 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2315 2316 if (auth_alg != ifmgd->auth_data->algorithm || 2317 auth_transaction != ifmgd->auth_data->expected_transaction) { 2318 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2319 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2320 auth_transaction, 2321 ifmgd->auth_data->expected_transaction); 2322 return; 2323 } 2324 2325 if (status_code != WLAN_STATUS_SUCCESS) { 2326 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2327 mgmt->sa, status_code); 2328 ieee80211_destroy_auth_data(sdata, false); 2329 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2330 return; 2331 } 2332 2333 switch (ifmgd->auth_data->algorithm) { 2334 case WLAN_AUTH_OPEN: 2335 case WLAN_AUTH_LEAP: 2336 case WLAN_AUTH_FT: 2337 case WLAN_AUTH_SAE: 2338 break; 2339 case WLAN_AUTH_SHARED_KEY: 2340 if (ifmgd->auth_data->expected_transaction != 4) { 2341 ieee80211_auth_challenge(sdata, mgmt, len); 2342 /* need another frame */ 2343 return; 2344 } 2345 break; 2346 default: 2347 WARN_ONCE(1, "invalid auth alg %d", 2348 ifmgd->auth_data->algorithm); 2349 return; 2350 } 2351 2352 sdata_info(sdata, "authenticated\n"); 2353 ifmgd->auth_data->done = true; 2354 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2355 ifmgd->auth_data->timeout_started = true; 2356 run_again(sdata, ifmgd->auth_data->timeout); 2357 2358 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2359 ifmgd->auth_data->expected_transaction != 2) { 2360 /* 2361 * Report auth frame to user space for processing since another 2362 * round of Authentication frames is still needed. 2363 */ 2364 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2365 return; 2366 } 2367 2368 /* move station state to auth */ 2369 mutex_lock(&sdata->local->sta_mtx); 2370 sta = sta_info_get(sdata, bssid); 2371 if (!sta) { 2372 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2373 goto out_err; 2374 } 2375 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2376 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2377 goto out_err; 2378 } 2379 mutex_unlock(&sdata->local->sta_mtx); 2380 2381 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2382 return; 2383 out_err: 2384 mutex_unlock(&sdata->local->sta_mtx); 2385 /* ignore frame -- wait for timeout */ 2386 } 2387 2388 2389 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2390 struct ieee80211_mgmt *mgmt, size_t len) 2391 { 2392 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2393 const u8 *bssid = NULL; 2394 u16 reason_code; 2395 2396 sdata_assert_lock(sdata); 2397 2398 if (len < 24 + 2) 2399 return; 2400 2401 if (!ifmgd->associated || 2402 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2403 return; 2404 2405 bssid = ifmgd->associated->bssid; 2406 2407 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2408 2409 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n", 2410 bssid, reason_code); 2411 2412 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2413 2414 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2415 } 2416 2417 2418 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2419 struct ieee80211_mgmt *mgmt, size_t len) 2420 { 2421 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2422 u16 reason_code; 2423 2424 sdata_assert_lock(sdata); 2425 2426 if (len < 24 + 2) 2427 return; 2428 2429 if (!ifmgd->associated || 2430 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2431 return; 2432 2433 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2434 2435 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2436 mgmt->sa, reason_code); 2437 2438 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2439 2440 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2441 } 2442 2443 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2444 u8 *supp_rates, unsigned int supp_rates_len, 2445 u32 *rates, u32 *basic_rates, 2446 bool *have_higher_than_11mbit, 2447 int *min_rate, int *min_rate_index, 2448 int shift, u32 rate_flags) 2449 { 2450 int i, j; 2451 2452 for (i = 0; i < supp_rates_len; i++) { 2453 int rate = supp_rates[i] & 0x7f; 2454 bool is_basic = !!(supp_rates[i] & 0x80); 2455 2456 if ((rate * 5 * (1 << shift)) > 110) 2457 *have_higher_than_11mbit = true; 2458 2459 /* 2460 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2461 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2462 * 2463 * Note: Even through the membership selector and the basic 2464 * rate flag share the same bit, they are not exactly 2465 * the same. 2466 */ 2467 if (!!(supp_rates[i] & 0x80) && 2468 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2469 continue; 2470 2471 for (j = 0; j < sband->n_bitrates; j++) { 2472 struct ieee80211_rate *br; 2473 int brate; 2474 2475 br = &sband->bitrates[j]; 2476 if ((rate_flags & br->flags) != rate_flags) 2477 continue; 2478 2479 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5); 2480 if (brate == rate) { 2481 *rates |= BIT(j); 2482 if (is_basic) 2483 *basic_rates |= BIT(j); 2484 if ((rate * 5) < *min_rate) { 2485 *min_rate = rate * 5; 2486 *min_rate_index = j; 2487 } 2488 break; 2489 } 2490 } 2491 } 2492 } 2493 2494 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2495 bool assoc) 2496 { 2497 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2498 2499 sdata_assert_lock(sdata); 2500 2501 if (!assoc) { 2502 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2503 2504 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2505 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2506 sdata->u.mgd.flags = 0; 2507 ieee80211_vif_release_channel(sdata); 2508 } 2509 2510 kfree(assoc_data); 2511 sdata->u.mgd.assoc_data = NULL; 2512 } 2513 2514 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2515 struct cfg80211_bss *cbss, 2516 struct ieee80211_mgmt *mgmt, size_t len) 2517 { 2518 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2519 struct ieee80211_local *local = sdata->local; 2520 struct ieee80211_supported_band *sband; 2521 struct sta_info *sta; 2522 u8 *pos; 2523 u16 capab_info, aid; 2524 struct ieee802_11_elems elems; 2525 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2526 const struct cfg80211_bss_ies *bss_ies = NULL; 2527 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2528 u32 changed = 0; 2529 int err; 2530 bool ret; 2531 2532 /* AssocResp and ReassocResp have identical structure */ 2533 2534 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2535 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2536 2537 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2538 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2539 aid); 2540 aid &= ~(BIT(15) | BIT(14)); 2541 2542 ifmgd->broken_ap = false; 2543 2544 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2545 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2546 aid); 2547 aid = 0; 2548 ifmgd->broken_ap = true; 2549 } 2550 2551 pos = mgmt->u.assoc_resp.variable; 2552 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2553 2554 if (!elems.supp_rates) { 2555 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2556 return false; 2557 } 2558 2559 ifmgd->aid = aid; 2560 2561 /* 2562 * Some APs are erroneously not including some information in their 2563 * (re)association response frames. Try to recover by using the data 2564 * from the beacon or probe response. This seems to afflict mobile 2565 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 2566 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 2567 */ 2568 if ((assoc_data->wmm && !elems.wmm_param) || 2569 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2570 (!elems.ht_cap_elem || !elems.ht_operation)) || 2571 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2572 (!elems.vht_cap_elem || !elems.vht_operation))) { 2573 const struct cfg80211_bss_ies *ies; 2574 struct ieee802_11_elems bss_elems; 2575 2576 rcu_read_lock(); 2577 ies = rcu_dereference(cbss->ies); 2578 if (ies) 2579 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 2580 GFP_ATOMIC); 2581 rcu_read_unlock(); 2582 if (!bss_ies) 2583 return false; 2584 2585 ieee802_11_parse_elems(bss_ies->data, bss_ies->len, 2586 false, &bss_elems); 2587 if (assoc_data->wmm && 2588 !elems.wmm_param && bss_elems.wmm_param) { 2589 elems.wmm_param = bss_elems.wmm_param; 2590 sdata_info(sdata, 2591 "AP bug: WMM param missing from AssocResp\n"); 2592 } 2593 2594 /* 2595 * Also check if we requested HT/VHT, otherwise the AP doesn't 2596 * have to include the IEs in the (re)association response. 2597 */ 2598 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem && 2599 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2600 elems.ht_cap_elem = bss_elems.ht_cap_elem; 2601 sdata_info(sdata, 2602 "AP bug: HT capability missing from AssocResp\n"); 2603 } 2604 if (!elems.ht_operation && bss_elems.ht_operation && 2605 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2606 elems.ht_operation = bss_elems.ht_operation; 2607 sdata_info(sdata, 2608 "AP bug: HT operation missing from AssocResp\n"); 2609 } 2610 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem && 2611 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2612 elems.vht_cap_elem = bss_elems.vht_cap_elem; 2613 sdata_info(sdata, 2614 "AP bug: VHT capa missing from AssocResp\n"); 2615 } 2616 if (!elems.vht_operation && bss_elems.vht_operation && 2617 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2618 elems.vht_operation = bss_elems.vht_operation; 2619 sdata_info(sdata, 2620 "AP bug: VHT operation missing from AssocResp\n"); 2621 } 2622 } 2623 2624 /* 2625 * We previously checked these in the beacon/probe response, so 2626 * they should be present here. This is just a safety net. 2627 */ 2628 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2629 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2630 sdata_info(sdata, 2631 "HT AP is missing WMM params or HT capability/operation\n"); 2632 ret = false; 2633 goto out; 2634 } 2635 2636 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2637 (!elems.vht_cap_elem || !elems.vht_operation)) { 2638 sdata_info(sdata, 2639 "VHT AP is missing VHT capability/operation\n"); 2640 ret = false; 2641 goto out; 2642 } 2643 2644 mutex_lock(&sdata->local->sta_mtx); 2645 /* 2646 * station info was already allocated and inserted before 2647 * the association and should be available to us 2648 */ 2649 sta = sta_info_get(sdata, cbss->bssid); 2650 if (WARN_ON(!sta)) { 2651 mutex_unlock(&sdata->local->sta_mtx); 2652 ret = false; 2653 goto out; 2654 } 2655 2656 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2657 2658 /* Set up internal HT/VHT capabilities */ 2659 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2660 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2661 elems.ht_cap_elem, sta); 2662 2663 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2664 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2665 elems.vht_cap_elem, sta); 2666 2667 /* 2668 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2669 * in their association response, so ignore that data for our own 2670 * configuration. If it changed since the last beacon, we'll get the 2671 * next beacon and update then. 2672 */ 2673 2674 /* 2675 * If an operating mode notification IE is present, override the 2676 * NSS calculation (that would be done in rate_control_rate_init()) 2677 * and use the # of streams from that element. 2678 */ 2679 if (elems.opmode_notif && 2680 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2681 u8 nss; 2682 2683 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2684 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2685 nss += 1; 2686 sta->sta.rx_nss = nss; 2687 } 2688 2689 rate_control_rate_init(sta); 2690 2691 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2692 set_sta_flag(sta, WLAN_STA_MFP); 2693 2694 if (elems.wmm_param) 2695 set_sta_flag(sta, WLAN_STA_WME); 2696 2697 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2698 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2699 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2700 if (err) { 2701 sdata_info(sdata, 2702 "failed to move station %pM to desired state\n", 2703 sta->sta.addr); 2704 WARN_ON(__sta_info_destroy(sta)); 2705 mutex_unlock(&sdata->local->sta_mtx); 2706 ret = false; 2707 goto out; 2708 } 2709 2710 mutex_unlock(&sdata->local->sta_mtx); 2711 2712 /* 2713 * Always handle WMM once after association regardless 2714 * of the first value the AP uses. Setting -1 here has 2715 * that effect because the AP values is an unsigned 2716 * 4-bit value. 2717 */ 2718 ifmgd->wmm_last_param_set = -1; 2719 2720 if (elems.wmm_param) 2721 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2722 elems.wmm_param_len); 2723 else 2724 ieee80211_set_wmm_default(sdata, false); 2725 changed |= BSS_CHANGED_QOS; 2726 2727 /* set AID and assoc capability, 2728 * ieee80211_set_associated() will tell the driver */ 2729 bss_conf->aid = aid; 2730 bss_conf->assoc_capability = capab_info; 2731 ieee80211_set_associated(sdata, cbss, changed); 2732 2733 /* 2734 * If we're using 4-addr mode, let the AP know that we're 2735 * doing so, so that it can create the STA VLAN on its side 2736 */ 2737 if (ifmgd->use_4addr) 2738 ieee80211_send_4addr_nullfunc(local, sdata); 2739 2740 /* 2741 * Start timer to probe the connection to the AP now. 2742 * Also start the timer that will detect beacon loss. 2743 */ 2744 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2745 ieee80211_sta_reset_beacon_monitor(sdata); 2746 2747 ret = true; 2748 out: 2749 kfree(bss_ies); 2750 return ret; 2751 } 2752 2753 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 2754 struct ieee80211_mgmt *mgmt, 2755 size_t len) 2756 { 2757 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2758 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2759 u16 capab_info, status_code, aid; 2760 struct ieee802_11_elems elems; 2761 u8 *pos; 2762 bool reassoc; 2763 struct cfg80211_bss *bss; 2764 2765 sdata_assert_lock(sdata); 2766 2767 if (!assoc_data) 2768 return; 2769 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 2770 return; 2771 2772 /* 2773 * AssocResp and ReassocResp have identical structure, so process both 2774 * of them in this function. 2775 */ 2776 2777 if (len < 24 + 6) 2778 return; 2779 2780 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 2781 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2782 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2783 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2784 2785 sdata_info(sdata, 2786 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 2787 reassoc ? "Rea" : "A", mgmt->sa, 2788 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2789 2790 pos = mgmt->u.assoc_resp.variable; 2791 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2792 2793 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2794 elems.timeout_int && 2795 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2796 u32 tu, ms; 2797 tu = le32_to_cpu(elems.timeout_int->value); 2798 ms = tu * 1024 / 1000; 2799 sdata_info(sdata, 2800 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2801 mgmt->sa, tu, ms); 2802 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 2803 assoc_data->timeout_started = true; 2804 if (ms > IEEE80211_ASSOC_TIMEOUT) 2805 run_again(sdata, assoc_data->timeout); 2806 return; 2807 } 2808 2809 bss = assoc_data->bss; 2810 2811 if (status_code != WLAN_STATUS_SUCCESS) { 2812 sdata_info(sdata, "%pM denied association (code=%d)\n", 2813 mgmt->sa, status_code); 2814 ieee80211_destroy_assoc_data(sdata, false); 2815 } else { 2816 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) { 2817 /* oops -- internal error -- send timeout for now */ 2818 ieee80211_destroy_assoc_data(sdata, false); 2819 cfg80211_assoc_timeout(sdata->dev, bss); 2820 return; 2821 } 2822 sdata_info(sdata, "associated\n"); 2823 2824 /* 2825 * destroy assoc_data afterwards, as otherwise an idle 2826 * recalc after assoc_data is NULL but before associated 2827 * is set can cause the interface to go idle 2828 */ 2829 ieee80211_destroy_assoc_data(sdata, true); 2830 } 2831 2832 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len); 2833 } 2834 2835 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2836 struct ieee80211_mgmt *mgmt, size_t len, 2837 struct ieee80211_rx_status *rx_status, 2838 struct ieee802_11_elems *elems) 2839 { 2840 struct ieee80211_local *local = sdata->local; 2841 int freq; 2842 struct ieee80211_bss *bss; 2843 struct ieee80211_channel *channel; 2844 2845 sdata_assert_lock(sdata); 2846 2847 if (elems->ds_params) 2848 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2849 rx_status->band); 2850 else 2851 freq = rx_status->freq; 2852 2853 channel = ieee80211_get_channel(local->hw.wiphy, freq); 2854 2855 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 2856 return; 2857 2858 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 2859 channel); 2860 if (bss) { 2861 ieee80211_rx_bss_put(local, bss); 2862 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; 2863 } 2864 } 2865 2866 2867 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 2868 struct sk_buff *skb) 2869 { 2870 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2871 struct ieee80211_if_managed *ifmgd; 2872 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 2873 size_t baselen, len = skb->len; 2874 struct ieee802_11_elems elems; 2875 2876 ifmgd = &sdata->u.mgd; 2877 2878 sdata_assert_lock(sdata); 2879 2880 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 2881 return; /* ignore ProbeResp to foreign address */ 2882 2883 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2884 if (baselen > len) 2885 return; 2886 2887 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2888 false, &elems); 2889 2890 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2891 2892 if (ifmgd->associated && 2893 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2894 ieee80211_reset_ap_probe(sdata); 2895 2896 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 2897 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 2898 /* got probe response, continue with auth */ 2899 sdata_info(sdata, "direct probe responded\n"); 2900 ifmgd->auth_data->tries = 0; 2901 ifmgd->auth_data->timeout = jiffies; 2902 ifmgd->auth_data->timeout_started = true; 2903 run_again(sdata, ifmgd->auth_data->timeout); 2904 } 2905 } 2906 2907 /* 2908 * This is the canonical list of information elements we care about, 2909 * the filter code also gives us all changes to the Microsoft OUI 2910 * (00:50:F2) vendor IE which is used for WMM which we need to track. 2911 * 2912 * We implement beacon filtering in software since that means we can 2913 * avoid processing the frame here and in cfg80211, and userspace 2914 * will not be able to tell whether the hardware supports it or not. 2915 * 2916 * XXX: This list needs to be dynamic -- userspace needs to be able to 2917 * add items it requires. It also needs to be able to tell us to 2918 * look out for other vendor IEs. 2919 */ 2920 static const u64 care_about_ies = 2921 (1ULL << WLAN_EID_COUNTRY) | 2922 (1ULL << WLAN_EID_ERP_INFO) | 2923 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 2924 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 2925 (1ULL << WLAN_EID_HT_CAPABILITY) | 2926 (1ULL << WLAN_EID_HT_OPERATION); 2927 2928 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 2929 struct ieee80211_mgmt *mgmt, size_t len, 2930 struct ieee80211_rx_status *rx_status) 2931 { 2932 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2933 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2934 size_t baselen; 2935 struct ieee802_11_elems elems; 2936 struct ieee80211_local *local = sdata->local; 2937 struct ieee80211_chanctx_conf *chanctx_conf; 2938 struct ieee80211_channel *chan; 2939 struct sta_info *sta; 2940 u32 changed = 0; 2941 bool erp_valid; 2942 u8 erp_value = 0; 2943 u32 ncrc; 2944 u8 *bssid; 2945 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2946 2947 sdata_assert_lock(sdata); 2948 2949 /* Process beacon from the current BSS */ 2950 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2951 if (baselen > len) 2952 return; 2953 2954 rcu_read_lock(); 2955 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 2956 if (!chanctx_conf) { 2957 rcu_read_unlock(); 2958 return; 2959 } 2960 2961 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 2962 rcu_read_unlock(); 2963 return; 2964 } 2965 chan = chanctx_conf->def.chan; 2966 rcu_read_unlock(); 2967 2968 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 2969 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2970 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2971 len - baselen, false, &elems); 2972 2973 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2974 if (elems.tim && !elems.parse_error) { 2975 const struct ieee80211_tim_ie *tim_ie = elems.tim; 2976 ifmgd->dtim_period = tim_ie->dtim_period; 2977 } 2978 ifmgd->have_beacon = true; 2979 ifmgd->assoc_data->need_beacon = false; 2980 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2981 sdata->vif.bss_conf.sync_tsf = 2982 le64_to_cpu(mgmt->u.beacon.timestamp); 2983 sdata->vif.bss_conf.sync_device_ts = 2984 rx_status->device_timestamp; 2985 if (elems.tim) 2986 sdata->vif.bss_conf.sync_dtim_count = 2987 elems.tim->dtim_count; 2988 else 2989 sdata->vif.bss_conf.sync_dtim_count = 0; 2990 } 2991 /* continue assoc process */ 2992 ifmgd->assoc_data->timeout = jiffies; 2993 ifmgd->assoc_data->timeout_started = true; 2994 run_again(sdata, ifmgd->assoc_data->timeout); 2995 return; 2996 } 2997 2998 if (!ifmgd->associated || 2999 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 3000 return; 3001 bssid = ifmgd->associated->bssid; 3002 3003 /* Track average RSSI from the Beacon frames of the current AP */ 3004 ifmgd->last_beacon_signal = rx_status->signal; 3005 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 3006 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 3007 ifmgd->ave_beacon_signal = rx_status->signal * 16; 3008 ifmgd->last_cqm_event_signal = 0; 3009 ifmgd->count_beacon_signal = 1; 3010 ifmgd->last_ave_beacon_signal = 0; 3011 } else { 3012 ifmgd->ave_beacon_signal = 3013 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 3014 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 3015 ifmgd->ave_beacon_signal) / 16; 3016 ifmgd->count_beacon_signal++; 3017 } 3018 3019 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 3020 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 3021 int sig = ifmgd->ave_beacon_signal; 3022 int last_sig = ifmgd->last_ave_beacon_signal; 3023 3024 /* 3025 * if signal crosses either of the boundaries, invoke callback 3026 * with appropriate parameters 3027 */ 3028 if (sig > ifmgd->rssi_max_thold && 3029 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 3030 ifmgd->last_ave_beacon_signal = sig; 3031 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH); 3032 } else if (sig < ifmgd->rssi_min_thold && 3033 (last_sig >= ifmgd->rssi_max_thold || 3034 last_sig == 0)) { 3035 ifmgd->last_ave_beacon_signal = sig; 3036 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW); 3037 } 3038 } 3039 3040 if (bss_conf->cqm_rssi_thold && 3041 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 3042 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 3043 int sig = ifmgd->ave_beacon_signal / 16; 3044 int last_event = ifmgd->last_cqm_event_signal; 3045 int thold = bss_conf->cqm_rssi_thold; 3046 int hyst = bss_conf->cqm_rssi_hyst; 3047 if (sig < thold && 3048 (last_event == 0 || sig < last_event - hyst)) { 3049 ifmgd->last_cqm_event_signal = sig; 3050 ieee80211_cqm_rssi_notify( 3051 &sdata->vif, 3052 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 3053 GFP_KERNEL); 3054 } else if (sig > thold && 3055 (last_event == 0 || sig > last_event + hyst)) { 3056 ifmgd->last_cqm_event_signal = sig; 3057 ieee80211_cqm_rssi_notify( 3058 &sdata->vif, 3059 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 3060 GFP_KERNEL); 3061 } 3062 } 3063 3064 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) { 3065 mlme_dbg_ratelimited(sdata, 3066 "cancelling AP probe due to a received beacon\n"); 3067 mutex_lock(&local->mtx); 3068 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL; 3069 ieee80211_run_deferred_scan(local); 3070 mutex_unlock(&local->mtx); 3071 3072 mutex_lock(&local->iflist_mtx); 3073 ieee80211_recalc_ps(local, -1); 3074 mutex_unlock(&local->iflist_mtx); 3075 } 3076 3077 /* 3078 * Push the beacon loss detection into the future since 3079 * we are processing a beacon from the AP just now. 3080 */ 3081 ieee80211_sta_reset_beacon_monitor(sdata); 3082 3083 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 3084 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 3085 len - baselen, false, &elems, 3086 care_about_ies, ncrc); 3087 3088 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 3089 bool directed_tim = ieee80211_check_tim(elems.tim, 3090 elems.tim_len, 3091 ifmgd->aid); 3092 if (directed_tim) { 3093 if (local->hw.conf.dynamic_ps_timeout > 0) { 3094 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 3095 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 3096 ieee80211_hw_config(local, 3097 IEEE80211_CONF_CHANGE_PS); 3098 } 3099 ieee80211_send_nullfunc(local, sdata, 0); 3100 } else if (!local->pspolling && sdata->u.mgd.powersave) { 3101 local->pspolling = true; 3102 3103 /* 3104 * Here is assumed that the driver will be 3105 * able to send ps-poll frame and receive a 3106 * response even though power save mode is 3107 * enabled, but some drivers might require 3108 * to disable power save here. This needs 3109 * to be investigated. 3110 */ 3111 ieee80211_send_pspoll(local, sdata); 3112 } 3113 } 3114 } 3115 3116 if (sdata->vif.p2p) { 3117 struct ieee80211_p2p_noa_attr noa = {}; 3118 int ret; 3119 3120 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 3121 len - baselen, 3122 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 3123 (u8 *) &noa, sizeof(noa)); 3124 if (ret >= 2) { 3125 if (sdata->u.mgd.p2p_noa_index != noa.index) { 3126 /* valid noa_attr and index changed */ 3127 sdata->u.mgd.p2p_noa_index = noa.index; 3128 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 3129 changed |= BSS_CHANGED_P2P_PS; 3130 /* 3131 * make sure we update all information, the CRC 3132 * mechanism doesn't look at P2P attributes. 3133 */ 3134 ifmgd->beacon_crc_valid = false; 3135 } 3136 } else if (sdata->u.mgd.p2p_noa_index != -1) { 3137 /* noa_attr not found and we had valid noa_attr before */ 3138 sdata->u.mgd.p2p_noa_index = -1; 3139 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 3140 changed |= BSS_CHANGED_P2P_PS; 3141 ifmgd->beacon_crc_valid = false; 3142 } 3143 } 3144 3145 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 3146 return; 3147 ifmgd->beacon_crc = ncrc; 3148 ifmgd->beacon_crc_valid = true; 3149 3150 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3151 3152 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 3153 &elems, true); 3154 3155 if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 3156 elems.wmm_param_len)) 3157 changed |= BSS_CHANGED_QOS; 3158 3159 /* 3160 * If we haven't had a beacon before, tell the driver about the 3161 * DTIM period (and beacon timing if desired) now. 3162 */ 3163 if (!ifmgd->have_beacon) { 3164 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 3165 if (elems.tim) 3166 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 3167 else 3168 bss_conf->dtim_period = 1; 3169 3170 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3171 sdata->vif.bss_conf.sync_tsf = 3172 le64_to_cpu(mgmt->u.beacon.timestamp); 3173 sdata->vif.bss_conf.sync_device_ts = 3174 rx_status->device_timestamp; 3175 if (elems.tim) 3176 sdata->vif.bss_conf.sync_dtim_count = 3177 elems.tim->dtim_count; 3178 else 3179 sdata->vif.bss_conf.sync_dtim_count = 0; 3180 } 3181 3182 changed |= BSS_CHANGED_BEACON_INFO; 3183 ifmgd->have_beacon = true; 3184 3185 mutex_lock(&local->iflist_mtx); 3186 ieee80211_recalc_ps(local, -1); 3187 mutex_unlock(&local->iflist_mtx); 3188 3189 ieee80211_recalc_ps_vif(sdata); 3190 } 3191 3192 if (elems.erp_info) { 3193 erp_valid = true; 3194 erp_value = elems.erp_info[0]; 3195 } else { 3196 erp_valid = false; 3197 } 3198 changed |= ieee80211_handle_bss_capability(sdata, 3199 le16_to_cpu(mgmt->u.beacon.capab_info), 3200 erp_valid, erp_value); 3201 3202 mutex_lock(&local->sta_mtx); 3203 sta = sta_info_get(sdata, bssid); 3204 3205 if (ieee80211_config_bw(sdata, sta, elems.ht_operation, 3206 elems.vht_operation, bssid, &changed)) { 3207 mutex_unlock(&local->sta_mtx); 3208 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3209 WLAN_REASON_DEAUTH_LEAVING, 3210 true, deauth_buf); 3211 cfg80211_tx_mlme_mgmt(sdata->dev, deauth_buf, 3212 sizeof(deauth_buf)); 3213 return; 3214 } 3215 3216 if (sta && elems.opmode_notif) 3217 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3218 rx_status->band, true); 3219 mutex_unlock(&local->sta_mtx); 3220 3221 if (elems.country_elem && elems.pwr_constr_elem && 3222 mgmt->u.probe_resp.capab_info & 3223 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) 3224 changed |= ieee80211_handle_pwr_constr(sdata, chan, 3225 elems.country_elem, 3226 elems.country_elem_len, 3227 elems.pwr_constr_elem); 3228 3229 ieee80211_bss_info_change_notify(sdata, changed); 3230 } 3231 3232 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3233 struct sk_buff *skb) 3234 { 3235 struct ieee80211_rx_status *rx_status; 3236 struct ieee80211_mgmt *mgmt; 3237 u16 fc; 3238 struct ieee802_11_elems elems; 3239 int ies_len; 3240 3241 rx_status = (struct ieee80211_rx_status *) skb->cb; 3242 mgmt = (struct ieee80211_mgmt *) skb->data; 3243 fc = le16_to_cpu(mgmt->frame_control); 3244 3245 sdata_lock(sdata); 3246 3247 switch (fc & IEEE80211_FCTL_STYPE) { 3248 case IEEE80211_STYPE_BEACON: 3249 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status); 3250 break; 3251 case IEEE80211_STYPE_PROBE_RESP: 3252 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3253 break; 3254 case IEEE80211_STYPE_AUTH: 3255 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3256 break; 3257 case IEEE80211_STYPE_DEAUTH: 3258 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3259 break; 3260 case IEEE80211_STYPE_DISASSOC: 3261 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3262 break; 3263 case IEEE80211_STYPE_ASSOC_RESP: 3264 case IEEE80211_STYPE_REASSOC_RESP: 3265 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 3266 break; 3267 case IEEE80211_STYPE_ACTION: 3268 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 3269 ies_len = skb->len - 3270 offsetof(struct ieee80211_mgmt, 3271 u.action.u.chan_switch.variable); 3272 3273 if (ies_len < 0) 3274 break; 3275 3276 ieee802_11_parse_elems( 3277 mgmt->u.action.u.chan_switch.variable, 3278 ies_len, true, &elems); 3279 3280 if (elems.parse_error) 3281 break; 3282 3283 ieee80211_sta_process_chanswitch(sdata, 3284 rx_status->mactime, 3285 &elems, false); 3286 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3287 ies_len = skb->len - 3288 offsetof(struct ieee80211_mgmt, 3289 u.action.u.ext_chan_switch.variable); 3290 3291 if (ies_len < 0) 3292 break; 3293 3294 ieee802_11_parse_elems( 3295 mgmt->u.action.u.ext_chan_switch.variable, 3296 ies_len, true, &elems); 3297 3298 if (elems.parse_error) 3299 break; 3300 3301 /* for the handling code pretend this was also an IE */ 3302 elems.ext_chansw_ie = 3303 &mgmt->u.action.u.ext_chan_switch.data; 3304 3305 ieee80211_sta_process_chanswitch(sdata, 3306 rx_status->mactime, 3307 &elems, false); 3308 } 3309 break; 3310 } 3311 sdata_unlock(sdata); 3312 } 3313 3314 static void ieee80211_sta_timer(unsigned long data) 3315 { 3316 struct ieee80211_sub_if_data *sdata = 3317 (struct ieee80211_sub_if_data *) data; 3318 3319 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3320 } 3321 3322 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3323 u8 *bssid, u8 reason, bool tx) 3324 { 3325 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3326 3327 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3328 tx, frame_buf); 3329 3330 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3331 IEEE80211_DEAUTH_FRAME_LEN); 3332 } 3333 3334 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3335 { 3336 struct ieee80211_local *local = sdata->local; 3337 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3338 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3339 u32 tx_flags = 0; 3340 3341 sdata_assert_lock(sdata); 3342 3343 if (WARN_ON_ONCE(!auth_data)) 3344 return -EINVAL; 3345 3346 auth_data->tries++; 3347 3348 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3349 sdata_info(sdata, "authentication with %pM timed out\n", 3350 auth_data->bss->bssid); 3351 3352 /* 3353 * Most likely AP is not in the range so remove the 3354 * bss struct for that AP. 3355 */ 3356 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3357 3358 return -ETIMEDOUT; 3359 } 3360 3361 drv_mgd_prepare_tx(local, sdata); 3362 3363 if (auth_data->bss->proberesp_ies) { 3364 u16 trans = 1; 3365 u16 status = 0; 3366 3367 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3368 auth_data->bss->bssid, auth_data->tries, 3369 IEEE80211_AUTH_MAX_TRIES); 3370 3371 auth_data->expected_transaction = 2; 3372 3373 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3374 trans = auth_data->sae_trans; 3375 status = auth_data->sae_status; 3376 auth_data->expected_transaction = trans; 3377 } 3378 3379 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3380 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3381 IEEE80211_TX_INTFL_MLME_CONN_TX; 3382 3383 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3384 auth_data->data, auth_data->data_len, 3385 auth_data->bss->bssid, 3386 auth_data->bss->bssid, NULL, 0, 0, 3387 tx_flags); 3388 } else { 3389 const u8 *ssidie; 3390 3391 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3392 auth_data->bss->bssid, auth_data->tries, 3393 IEEE80211_AUTH_MAX_TRIES); 3394 3395 rcu_read_lock(); 3396 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3397 if (!ssidie) { 3398 rcu_read_unlock(); 3399 return -EINVAL; 3400 } 3401 /* 3402 * Direct probe is sent to broadcast address as some APs 3403 * will not answer to direct packet in unassociated state. 3404 */ 3405 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 3406 NULL, 0, (u32) -1, true, 0, 3407 auth_data->bss->channel, false); 3408 rcu_read_unlock(); 3409 } 3410 3411 if (tx_flags == 0) { 3412 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3413 auth_data->timeout_started = true; 3414 run_again(sdata, auth_data->timeout); 3415 } else { 3416 auth_data->timeout = 3417 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); 3418 auth_data->timeout_started = true; 3419 run_again(sdata, auth_data->timeout); 3420 } 3421 3422 return 0; 3423 } 3424 3425 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3426 { 3427 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3428 struct ieee80211_local *local = sdata->local; 3429 3430 sdata_assert_lock(sdata); 3431 3432 assoc_data->tries++; 3433 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3434 sdata_info(sdata, "association with %pM timed out\n", 3435 assoc_data->bss->bssid); 3436 3437 /* 3438 * Most likely AP is not in the range so remove the 3439 * bss struct for that AP. 3440 */ 3441 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3442 3443 return -ETIMEDOUT; 3444 } 3445 3446 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3447 assoc_data->bss->bssid, assoc_data->tries, 3448 IEEE80211_ASSOC_MAX_TRIES); 3449 ieee80211_send_assoc(sdata); 3450 3451 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3452 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3453 assoc_data->timeout_started = true; 3454 run_again(sdata, assoc_data->timeout); 3455 } else { 3456 assoc_data->timeout = 3457 round_jiffies_up(jiffies + 3458 IEEE80211_ASSOC_TIMEOUT_LONG); 3459 assoc_data->timeout_started = true; 3460 run_again(sdata, assoc_data->timeout); 3461 } 3462 3463 return 0; 3464 } 3465 3466 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3467 __le16 fc, bool acked) 3468 { 3469 struct ieee80211_local *local = sdata->local; 3470 3471 sdata->u.mgd.status_fc = fc; 3472 sdata->u.mgd.status_acked = acked; 3473 sdata->u.mgd.status_received = true; 3474 3475 ieee80211_queue_work(&local->hw, &sdata->work); 3476 } 3477 3478 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3479 { 3480 struct ieee80211_local *local = sdata->local; 3481 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3482 3483 sdata_lock(sdata); 3484 3485 if (ifmgd->status_received) { 3486 __le16 fc = ifmgd->status_fc; 3487 bool status_acked = ifmgd->status_acked; 3488 3489 ifmgd->status_received = false; 3490 if (ifmgd->auth_data && 3491 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3492 if (status_acked) { 3493 ifmgd->auth_data->timeout = 3494 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3495 run_again(sdata, ifmgd->auth_data->timeout); 3496 } else { 3497 ifmgd->auth_data->timeout = jiffies - 1; 3498 } 3499 ifmgd->auth_data->timeout_started = true; 3500 } else if (ifmgd->assoc_data && 3501 (ieee80211_is_assoc_req(fc) || 3502 ieee80211_is_reassoc_req(fc))) { 3503 if (status_acked) { 3504 ifmgd->assoc_data->timeout = 3505 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3506 run_again(sdata, ifmgd->assoc_data->timeout); 3507 } else { 3508 ifmgd->assoc_data->timeout = jiffies - 1; 3509 } 3510 ifmgd->assoc_data->timeout_started = true; 3511 } 3512 } 3513 3514 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3515 time_after(jiffies, ifmgd->auth_data->timeout)) { 3516 if (ifmgd->auth_data->done) { 3517 /* 3518 * ok ... we waited for assoc but userspace didn't, 3519 * so let's just kill the auth data 3520 */ 3521 ieee80211_destroy_auth_data(sdata, false); 3522 } else if (ieee80211_probe_auth(sdata)) { 3523 u8 bssid[ETH_ALEN]; 3524 3525 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3526 3527 ieee80211_destroy_auth_data(sdata, false); 3528 3529 cfg80211_auth_timeout(sdata->dev, bssid); 3530 } 3531 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3532 run_again(sdata, ifmgd->auth_data->timeout); 3533 3534 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3535 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3536 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) || 3537 ieee80211_do_assoc(sdata)) { 3538 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 3539 3540 ieee80211_destroy_assoc_data(sdata, false); 3541 cfg80211_assoc_timeout(sdata->dev, bss); 3542 } 3543 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3544 run_again(sdata, ifmgd->assoc_data->timeout); 3545 3546 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 3547 IEEE80211_STA_CONNECTION_POLL) && 3548 ifmgd->associated) { 3549 u8 bssid[ETH_ALEN]; 3550 int max_tries; 3551 3552 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3553 3554 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3555 max_tries = max_nullfunc_tries; 3556 else 3557 max_tries = max_probe_tries; 3558 3559 /* ACK received for nullfunc probing frame */ 3560 if (!ifmgd->probe_send_count) 3561 ieee80211_reset_ap_probe(sdata); 3562 else if (ifmgd->nullfunc_failed) { 3563 if (ifmgd->probe_send_count < max_tries) { 3564 mlme_dbg(sdata, 3565 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3566 bssid, ifmgd->probe_send_count, 3567 max_tries); 3568 ieee80211_mgd_probe_ap_send(sdata); 3569 } else { 3570 mlme_dbg(sdata, 3571 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3572 bssid); 3573 ieee80211_sta_connection_lost(sdata, bssid, 3574 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3575 false); 3576 } 3577 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3578 run_again(sdata, ifmgd->probe_timeout); 3579 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3580 mlme_dbg(sdata, 3581 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3582 bssid, probe_wait_ms); 3583 ieee80211_sta_connection_lost(sdata, bssid, 3584 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3585 } else if (ifmgd->probe_send_count < max_tries) { 3586 mlme_dbg(sdata, 3587 "No probe response from AP %pM after %dms, try %d/%i\n", 3588 bssid, probe_wait_ms, 3589 ifmgd->probe_send_count, max_tries); 3590 ieee80211_mgd_probe_ap_send(sdata); 3591 } else { 3592 /* 3593 * We actually lost the connection ... or did we? 3594 * Let's make sure! 3595 */ 3596 wiphy_debug(local->hw.wiphy, 3597 "%s: No probe response from AP %pM" 3598 " after %dms, disconnecting.\n", 3599 sdata->name, 3600 bssid, probe_wait_ms); 3601 3602 ieee80211_sta_connection_lost(sdata, bssid, 3603 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3604 } 3605 } 3606 3607 sdata_unlock(sdata); 3608 } 3609 3610 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3611 { 3612 struct ieee80211_sub_if_data *sdata = 3613 (struct ieee80211_sub_if_data *) data; 3614 struct ieee80211_local *local = sdata->local; 3615 3616 if (local->quiescing) 3617 return; 3618 3619 sdata->u.mgd.connection_loss = false; 3620 ieee80211_queue_work(&sdata->local->hw, 3621 &sdata->u.mgd.beacon_connection_loss_work); 3622 } 3623 3624 static void ieee80211_sta_conn_mon_timer(unsigned long data) 3625 { 3626 struct ieee80211_sub_if_data *sdata = 3627 (struct ieee80211_sub_if_data *) data; 3628 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3629 struct ieee80211_local *local = sdata->local; 3630 3631 if (local->quiescing) 3632 return; 3633 3634 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3635 } 3636 3637 static void ieee80211_sta_monitor_work(struct work_struct *work) 3638 { 3639 struct ieee80211_sub_if_data *sdata = 3640 container_of(work, struct ieee80211_sub_if_data, 3641 u.mgd.monitor_work); 3642 3643 ieee80211_mgd_probe_ap(sdata, false); 3644 } 3645 3646 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3647 { 3648 u32 flags; 3649 3650 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3651 __ieee80211_stop_poll(sdata); 3652 3653 /* let's probe the connection once */ 3654 flags = sdata->local->hw.flags; 3655 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 3656 ieee80211_queue_work(&sdata->local->hw, 3657 &sdata->u.mgd.monitor_work); 3658 /* and do all the other regular work too */ 3659 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3660 } 3661 } 3662 3663 #ifdef CONFIG_PM 3664 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 3665 { 3666 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3667 3668 sdata_lock(sdata); 3669 if (!ifmgd->associated) { 3670 sdata_unlock(sdata); 3671 return; 3672 } 3673 3674 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 3675 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 3676 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 3677 ieee80211_sta_connection_lost(sdata, 3678 ifmgd->associated->bssid, 3679 WLAN_REASON_UNSPECIFIED, 3680 true); 3681 sdata_unlock(sdata); 3682 return; 3683 } 3684 sdata_unlock(sdata); 3685 } 3686 #endif 3687 3688 /* interface setup */ 3689 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3690 { 3691 struct ieee80211_if_managed *ifmgd; 3692 3693 ifmgd = &sdata->u.mgd; 3694 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3695 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3696 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3697 ieee80211_beacon_connection_loss_work); 3698 INIT_WORK(&ifmgd->csa_connection_drop_work, 3699 ieee80211_csa_connection_drop_work); 3700 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work); 3701 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3702 (unsigned long) sdata); 3703 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3704 (unsigned long) sdata); 3705 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3706 (unsigned long) sdata); 3707 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 3708 (unsigned long) sdata); 3709 3710 ifmgd->flags = 0; 3711 ifmgd->powersave = sdata->wdev.ps; 3712 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 3713 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 3714 ifmgd->p2p_noa_index = -1; 3715 3716 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 3717 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 3718 else 3719 ifmgd->req_smps = IEEE80211_SMPS_OFF; 3720 } 3721 3722 /* scan finished notification */ 3723 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 3724 { 3725 struct ieee80211_sub_if_data *sdata; 3726 3727 /* Restart STA timers */ 3728 rcu_read_lock(); 3729 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 3730 if (ieee80211_sdata_running(sdata)) 3731 ieee80211_restart_sta_timer(sdata); 3732 } 3733 rcu_read_unlock(); 3734 } 3735 3736 int ieee80211_max_network_latency(struct notifier_block *nb, 3737 unsigned long data, void *dummy) 3738 { 3739 s32 latency_usec = (s32) data; 3740 struct ieee80211_local *local = 3741 container_of(nb, struct ieee80211_local, 3742 network_latency_notifier); 3743 3744 mutex_lock(&local->iflist_mtx); 3745 ieee80211_recalc_ps(local, latency_usec); 3746 mutex_unlock(&local->iflist_mtx); 3747 3748 return 0; 3749 } 3750 3751 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 3752 struct cfg80211_bss *cbss) 3753 { 3754 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3755 const u8 *ht_cap_ie, *vht_cap_ie; 3756 const struct ieee80211_ht_cap *ht_cap; 3757 const struct ieee80211_vht_cap *vht_cap; 3758 u8 chains = 1; 3759 3760 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 3761 return chains; 3762 3763 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3764 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 3765 ht_cap = (void *)(ht_cap_ie + 2); 3766 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 3767 /* 3768 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 3769 * "Tx Unequal Modulation Supported" fields. 3770 */ 3771 } 3772 3773 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 3774 return chains; 3775 3776 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3777 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 3778 u8 nss; 3779 u16 tx_mcs_map; 3780 3781 vht_cap = (void *)(vht_cap_ie + 2); 3782 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 3783 for (nss = 8; nss > 0; nss--) { 3784 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 3785 IEEE80211_VHT_MCS_NOT_SUPPORTED) 3786 break; 3787 } 3788 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 3789 chains = max(chains, nss); 3790 } 3791 3792 return chains; 3793 } 3794 3795 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 3796 struct cfg80211_bss *cbss) 3797 { 3798 struct ieee80211_local *local = sdata->local; 3799 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3800 const struct ieee80211_ht_operation *ht_oper = NULL; 3801 const struct ieee80211_vht_operation *vht_oper = NULL; 3802 struct ieee80211_supported_band *sband; 3803 struct cfg80211_chan_def chandef; 3804 int ret; 3805 3806 sband = local->hw.wiphy->bands[cbss->channel->band]; 3807 3808 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 3809 IEEE80211_STA_DISABLE_80P80MHZ | 3810 IEEE80211_STA_DISABLE_160MHZ); 3811 3812 rcu_read_lock(); 3813 3814 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 3815 sband->ht_cap.ht_supported) { 3816 const u8 *ht_oper_ie, *ht_cap; 3817 3818 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 3819 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 3820 ht_oper = (void *)(ht_oper_ie + 2); 3821 3822 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3823 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) { 3824 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3825 ht_oper = NULL; 3826 } 3827 } 3828 3829 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 3830 sband->vht_cap.vht_supported) { 3831 const u8 *vht_oper_ie, *vht_cap; 3832 3833 vht_oper_ie = ieee80211_bss_get_ie(cbss, 3834 WLAN_EID_VHT_OPERATION); 3835 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 3836 vht_oper = (void *)(vht_oper_ie + 2); 3837 if (vht_oper && !ht_oper) { 3838 vht_oper = NULL; 3839 sdata_info(sdata, 3840 "AP advertised VHT without HT, disabling both\n"); 3841 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3842 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3843 } 3844 3845 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3846 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 3847 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3848 vht_oper = NULL; 3849 } 3850 } 3851 3852 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 3853 cbss->channel, 3854 ht_oper, vht_oper, 3855 &chandef, false); 3856 3857 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 3858 local->rx_chains); 3859 3860 rcu_read_unlock(); 3861 3862 /* will change later if needed */ 3863 sdata->smps_mode = IEEE80211_SMPS_OFF; 3864 3865 /* 3866 * If this fails (possibly due to channel context sharing 3867 * on incompatible channels, e.g. 80+80 and 160 sharing the 3868 * same control channel) try to use a smaller bandwidth. 3869 */ 3870 ret = ieee80211_vif_use_channel(sdata, &chandef, 3871 IEEE80211_CHANCTX_SHARED); 3872 3873 /* don't downgrade for 5 and 10 MHz channels, though. */ 3874 if (chandef.width == NL80211_CHAN_WIDTH_5 || 3875 chandef.width == NL80211_CHAN_WIDTH_10) 3876 return ret; 3877 3878 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 3879 ifmgd->flags |= chandef_downgrade(&chandef); 3880 ret = ieee80211_vif_use_channel(sdata, &chandef, 3881 IEEE80211_CHANCTX_SHARED); 3882 } 3883 return ret; 3884 } 3885 3886 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3887 struct cfg80211_bss *cbss, bool assoc) 3888 { 3889 struct ieee80211_local *local = sdata->local; 3890 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3891 struct ieee80211_bss *bss = (void *)cbss->priv; 3892 struct sta_info *new_sta = NULL; 3893 bool have_sta = false; 3894 int err; 3895 3896 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 3897 return -EINVAL; 3898 3899 if (assoc) { 3900 rcu_read_lock(); 3901 have_sta = sta_info_get(sdata, cbss->bssid); 3902 rcu_read_unlock(); 3903 } 3904 3905 if (!have_sta) { 3906 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 3907 if (!new_sta) 3908 return -ENOMEM; 3909 } 3910 if (new_sta) { 3911 u32 rates = 0, basic_rates = 0; 3912 bool have_higher_than_11mbit; 3913 int min_rate = INT_MAX, min_rate_index = -1; 3914 struct ieee80211_chanctx_conf *chanctx_conf; 3915 struct ieee80211_supported_band *sband; 3916 const struct cfg80211_bss_ies *ies; 3917 int shift; 3918 u32 rate_flags; 3919 3920 sband = local->hw.wiphy->bands[cbss->channel->band]; 3921 3922 err = ieee80211_prep_channel(sdata, cbss); 3923 if (err) { 3924 sta_info_free(local, new_sta); 3925 return -EINVAL; 3926 } 3927 shift = ieee80211_vif_get_shift(&sdata->vif); 3928 3929 rcu_read_lock(); 3930 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 3931 if (WARN_ON(!chanctx_conf)) { 3932 rcu_read_unlock(); 3933 return -EINVAL; 3934 } 3935 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 3936 rcu_read_unlock(); 3937 3938 ieee80211_get_rates(sband, bss->supp_rates, 3939 bss->supp_rates_len, 3940 &rates, &basic_rates, 3941 &have_higher_than_11mbit, 3942 &min_rate, &min_rate_index, 3943 shift, rate_flags); 3944 3945 /* 3946 * This used to be a workaround for basic rates missing 3947 * in the association response frame. Now that we no 3948 * longer use the basic rates from there, it probably 3949 * doesn't happen any more, but keep the workaround so 3950 * in case some *other* APs are buggy in different ways 3951 * we can connect -- with a warning. 3952 */ 3953 if (!basic_rates && min_rate_index >= 0) { 3954 sdata_info(sdata, 3955 "No basic rates, using min rate instead\n"); 3956 basic_rates = BIT(min_rate_index); 3957 } 3958 3959 new_sta->sta.supp_rates[cbss->channel->band] = rates; 3960 sdata->vif.bss_conf.basic_rates = basic_rates; 3961 3962 /* cf. IEEE 802.11 9.2.12 */ 3963 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 3964 have_higher_than_11mbit) 3965 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 3966 else 3967 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 3968 3969 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3970 3971 /* set timing information */ 3972 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 3973 rcu_read_lock(); 3974 ies = rcu_dereference(cbss->beacon_ies); 3975 if (ies) { 3976 const u8 *tim_ie; 3977 3978 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3979 sdata->vif.bss_conf.sync_device_ts = 3980 bss->device_ts_beacon; 3981 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 3982 ies->data, ies->len); 3983 if (tim_ie && tim_ie[1] >= 2) 3984 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 3985 else 3986 sdata->vif.bss_conf.sync_dtim_count = 0; 3987 } else if (!(local->hw.flags & 3988 IEEE80211_HW_TIMING_BEACON_ONLY)) { 3989 ies = rcu_dereference(cbss->proberesp_ies); 3990 /* must be non-NULL since beacon IEs were NULL */ 3991 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3992 sdata->vif.bss_conf.sync_device_ts = 3993 bss->device_ts_presp; 3994 sdata->vif.bss_conf.sync_dtim_count = 0; 3995 } else { 3996 sdata->vif.bss_conf.sync_tsf = 0; 3997 sdata->vif.bss_conf.sync_device_ts = 0; 3998 sdata->vif.bss_conf.sync_dtim_count = 0; 3999 } 4000 rcu_read_unlock(); 4001 4002 /* tell driver about BSSID, basic rates and timing */ 4003 ieee80211_bss_info_change_notify(sdata, 4004 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 4005 BSS_CHANGED_BEACON_INT); 4006 4007 if (assoc) 4008 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 4009 4010 err = sta_info_insert(new_sta); 4011 new_sta = NULL; 4012 if (err) { 4013 sdata_info(sdata, 4014 "failed to insert STA entry for the AP (error %d)\n", 4015 err); 4016 return err; 4017 } 4018 } else 4019 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 4020 4021 return 0; 4022 } 4023 4024 /* config hooks */ 4025 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 4026 struct cfg80211_auth_request *req) 4027 { 4028 struct ieee80211_local *local = sdata->local; 4029 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4030 struct ieee80211_mgd_auth_data *auth_data; 4031 u16 auth_alg; 4032 int err; 4033 4034 /* prepare auth data structure */ 4035 4036 switch (req->auth_type) { 4037 case NL80211_AUTHTYPE_OPEN_SYSTEM: 4038 auth_alg = WLAN_AUTH_OPEN; 4039 break; 4040 case NL80211_AUTHTYPE_SHARED_KEY: 4041 if (IS_ERR(local->wep_tx_tfm)) 4042 return -EOPNOTSUPP; 4043 auth_alg = WLAN_AUTH_SHARED_KEY; 4044 break; 4045 case NL80211_AUTHTYPE_FT: 4046 auth_alg = WLAN_AUTH_FT; 4047 break; 4048 case NL80211_AUTHTYPE_NETWORK_EAP: 4049 auth_alg = WLAN_AUTH_LEAP; 4050 break; 4051 case NL80211_AUTHTYPE_SAE: 4052 auth_alg = WLAN_AUTH_SAE; 4053 break; 4054 default: 4055 return -EOPNOTSUPP; 4056 } 4057 4058 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 4059 req->ie_len, GFP_KERNEL); 4060 if (!auth_data) 4061 return -ENOMEM; 4062 4063 auth_data->bss = req->bss; 4064 4065 if (req->sae_data_len >= 4) { 4066 __le16 *pos = (__le16 *) req->sae_data; 4067 auth_data->sae_trans = le16_to_cpu(pos[0]); 4068 auth_data->sae_status = le16_to_cpu(pos[1]); 4069 memcpy(auth_data->data, req->sae_data + 4, 4070 req->sae_data_len - 4); 4071 auth_data->data_len += req->sae_data_len - 4; 4072 } 4073 4074 if (req->ie && req->ie_len) { 4075 memcpy(&auth_data->data[auth_data->data_len], 4076 req->ie, req->ie_len); 4077 auth_data->data_len += req->ie_len; 4078 } 4079 4080 if (req->key && req->key_len) { 4081 auth_data->key_len = req->key_len; 4082 auth_data->key_idx = req->key_idx; 4083 memcpy(auth_data->key, req->key, req->key_len); 4084 } 4085 4086 auth_data->algorithm = auth_alg; 4087 4088 /* try to authenticate/probe */ 4089 4090 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 4091 ifmgd->assoc_data) { 4092 err = -EBUSY; 4093 goto err_free; 4094 } 4095 4096 if (ifmgd->auth_data) 4097 ieee80211_destroy_auth_data(sdata, false); 4098 4099 /* prep auth_data so we don't go into idle on disassoc */ 4100 ifmgd->auth_data = auth_data; 4101 4102 if (ifmgd->associated) { 4103 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4104 4105 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4106 WLAN_REASON_UNSPECIFIED, 4107 false, frame_buf); 4108 4109 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4110 sizeof(frame_buf)); 4111 } 4112 4113 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 4114 4115 err = ieee80211_prep_connection(sdata, req->bss, false); 4116 if (err) 4117 goto err_clear; 4118 4119 err = ieee80211_probe_auth(sdata); 4120 if (err) { 4121 sta_info_destroy_addr(sdata, req->bss->bssid); 4122 goto err_clear; 4123 } 4124 4125 /* hold our own reference */ 4126 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 4127 return 0; 4128 4129 err_clear: 4130 memset(ifmgd->bssid, 0, ETH_ALEN); 4131 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4132 ifmgd->auth_data = NULL; 4133 err_free: 4134 kfree(auth_data); 4135 return err; 4136 } 4137 4138 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 4139 struct cfg80211_assoc_request *req) 4140 { 4141 struct ieee80211_local *local = sdata->local; 4142 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4143 struct ieee80211_bss *bss = (void *)req->bss->priv; 4144 struct ieee80211_mgd_assoc_data *assoc_data; 4145 const struct cfg80211_bss_ies *beacon_ies; 4146 struct ieee80211_supported_band *sband; 4147 const u8 *ssidie, *ht_ie, *vht_ie; 4148 int i, err; 4149 4150 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 4151 if (!assoc_data) 4152 return -ENOMEM; 4153 4154 rcu_read_lock(); 4155 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 4156 if (!ssidie) { 4157 rcu_read_unlock(); 4158 kfree(assoc_data); 4159 return -EINVAL; 4160 } 4161 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4162 assoc_data->ssid_len = ssidie[1]; 4163 rcu_read_unlock(); 4164 4165 if (ifmgd->associated) { 4166 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4167 4168 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4169 WLAN_REASON_UNSPECIFIED, 4170 false, frame_buf); 4171 4172 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4173 sizeof(frame_buf)); 4174 } 4175 4176 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4177 err = -EBUSY; 4178 goto err_free; 4179 } 4180 4181 if (ifmgd->assoc_data) { 4182 err = -EBUSY; 4183 goto err_free; 4184 } 4185 4186 if (ifmgd->auth_data) { 4187 bool match; 4188 4189 /* keep sta info, bssid if matching */ 4190 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4191 ieee80211_destroy_auth_data(sdata, match); 4192 } 4193 4194 /* prepare assoc data */ 4195 4196 ifmgd->beacon_crc_valid = false; 4197 4198 /* 4199 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4200 * We still associate in non-HT mode (11a/b/g) if any one of these 4201 * ciphers is configured as pairwise. 4202 * We can set this to true for non-11n hardware, that'll be checked 4203 * separately along with the peer capabilities. 4204 */ 4205 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4206 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4207 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4208 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4209 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4210 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4211 netdev_info(sdata->dev, 4212 "disabling HT/VHT due to WEP/TKIP use\n"); 4213 } 4214 } 4215 4216 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4217 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4218 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4219 } 4220 4221 if (req->flags & ASSOC_REQ_DISABLE_VHT) 4222 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4223 4224 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4225 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4226 if (!sband->ht_cap.ht_supported || 4227 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4228 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4229 if (!bss->wmm_used) 4230 netdev_info(sdata->dev, 4231 "disabling HT as WMM/QoS is not supported by the AP\n"); 4232 } 4233 4234 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4235 if (!sband->vht_cap.vht_supported || 4236 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4237 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4238 if (!bss->wmm_used) 4239 netdev_info(sdata->dev, 4240 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4241 } 4242 4243 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4244 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4245 sizeof(ifmgd->ht_capa_mask)); 4246 4247 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4248 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4249 sizeof(ifmgd->vht_capa_mask)); 4250 4251 if (req->ie && req->ie_len) { 4252 memcpy(assoc_data->ie, req->ie, req->ie_len); 4253 assoc_data->ie_len = req->ie_len; 4254 } 4255 4256 assoc_data->bss = req->bss; 4257 4258 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4259 if (ifmgd->powersave) 4260 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4261 else 4262 sdata->smps_mode = IEEE80211_SMPS_OFF; 4263 } else 4264 sdata->smps_mode = ifmgd->req_smps; 4265 4266 assoc_data->capability = req->bss->capability; 4267 assoc_data->wmm = bss->wmm_used && 4268 (local->hw.queues >= IEEE80211_NUM_ACS); 4269 assoc_data->supp_rates = bss->supp_rates; 4270 assoc_data->supp_rates_len = bss->supp_rates_len; 4271 4272 rcu_read_lock(); 4273 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4274 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4275 assoc_data->ap_ht_param = 4276 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4277 else 4278 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4279 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4280 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4281 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4282 sizeof(struct ieee80211_vht_cap)); 4283 else 4284 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4285 rcu_read_unlock(); 4286 4287 if (bss->wmm_used && bss->uapsd_supported && 4288 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) && 4289 sdata->wmm_acm != 0xff) { 4290 assoc_data->uapsd = true; 4291 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4292 } else { 4293 assoc_data->uapsd = false; 4294 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4295 } 4296 4297 if (req->prev_bssid) 4298 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4299 4300 if (req->use_mfp) { 4301 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4302 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4303 } else { 4304 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4305 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4306 } 4307 4308 if (req->crypto.control_port) 4309 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4310 else 4311 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4312 4313 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4314 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4315 4316 /* kick off associate process */ 4317 4318 ifmgd->assoc_data = assoc_data; 4319 ifmgd->dtim_period = 0; 4320 ifmgd->have_beacon = false; 4321 4322 err = ieee80211_prep_connection(sdata, req->bss, true); 4323 if (err) 4324 goto err_clear; 4325 4326 rcu_read_lock(); 4327 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4328 4329 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4330 !beacon_ies) { 4331 /* 4332 * Wait up to one beacon interval ... 4333 * should this be more if we miss one? 4334 */ 4335 sdata_info(sdata, "waiting for beacon from %pM\n", 4336 ifmgd->bssid); 4337 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4338 assoc_data->timeout_started = true; 4339 assoc_data->need_beacon = true; 4340 } else if (beacon_ies) { 4341 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4342 beacon_ies->data, 4343 beacon_ies->len); 4344 u8 dtim_count = 0; 4345 4346 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4347 const struct ieee80211_tim_ie *tim; 4348 tim = (void *)(tim_ie + 2); 4349 ifmgd->dtim_period = tim->dtim_period; 4350 dtim_count = tim->dtim_count; 4351 } 4352 ifmgd->have_beacon = true; 4353 assoc_data->timeout = jiffies; 4354 assoc_data->timeout_started = true; 4355 4356 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4357 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4358 sdata->vif.bss_conf.sync_device_ts = 4359 bss->device_ts_beacon; 4360 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4361 } 4362 } else { 4363 assoc_data->timeout = jiffies; 4364 assoc_data->timeout_started = true; 4365 } 4366 rcu_read_unlock(); 4367 4368 run_again(sdata, assoc_data->timeout); 4369 4370 if (bss->corrupt_data) { 4371 char *corrupt_type = "data"; 4372 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4373 if (bss->corrupt_data & 4374 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4375 corrupt_type = "beacon and probe response"; 4376 else 4377 corrupt_type = "beacon"; 4378 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4379 corrupt_type = "probe response"; 4380 sdata_info(sdata, "associating with AP with corrupt %s\n", 4381 corrupt_type); 4382 } 4383 4384 return 0; 4385 err_clear: 4386 memset(ifmgd->bssid, 0, ETH_ALEN); 4387 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4388 ifmgd->assoc_data = NULL; 4389 err_free: 4390 kfree(assoc_data); 4391 return err; 4392 } 4393 4394 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4395 struct cfg80211_deauth_request *req) 4396 { 4397 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4398 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4399 bool tx = !req->local_state_change; 4400 bool report_frame = false; 4401 4402 sdata_info(sdata, 4403 "deauthenticating from %pM by local choice (reason=%d)\n", 4404 req->bssid, req->reason_code); 4405 4406 if (ifmgd->auth_data) { 4407 drv_mgd_prepare_tx(sdata->local, sdata); 4408 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4409 IEEE80211_STYPE_DEAUTH, 4410 req->reason_code, tx, 4411 frame_buf); 4412 ieee80211_destroy_auth_data(sdata, false); 4413 4414 report_frame = true; 4415 goto out; 4416 } 4417 4418 if (ifmgd->associated && 4419 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4420 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4421 req->reason_code, tx, frame_buf); 4422 report_frame = true; 4423 } 4424 4425 out: 4426 if (report_frame) 4427 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4428 IEEE80211_DEAUTH_FRAME_LEN); 4429 4430 return 0; 4431 } 4432 4433 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4434 struct cfg80211_disassoc_request *req) 4435 { 4436 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4437 u8 bssid[ETH_ALEN]; 4438 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4439 4440 /* 4441 * cfg80211 should catch this ... but it's racy since 4442 * we can receive a disassoc frame, process it, hand it 4443 * to cfg80211 while that's in a locked section already 4444 * trying to tell us that the user wants to disconnect. 4445 */ 4446 if (ifmgd->associated != req->bss) 4447 return -ENOLINK; 4448 4449 sdata_info(sdata, 4450 "disassociating from %pM by local choice (reason=%d)\n", 4451 req->bss->bssid, req->reason_code); 4452 4453 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4454 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4455 req->reason_code, !req->local_state_change, 4456 frame_buf); 4457 4458 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4459 IEEE80211_DEAUTH_FRAME_LEN); 4460 4461 return 0; 4462 } 4463 4464 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4465 { 4466 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4467 4468 /* 4469 * Make sure some work items will not run after this, 4470 * they will not do anything but might not have been 4471 * cancelled when disconnecting. 4472 */ 4473 cancel_work_sync(&ifmgd->monitor_work); 4474 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4475 cancel_work_sync(&ifmgd->request_smps_work); 4476 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4477 cancel_work_sync(&ifmgd->chswitch_work); 4478 4479 sdata_lock(sdata); 4480 if (ifmgd->assoc_data) { 4481 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 4482 ieee80211_destroy_assoc_data(sdata, false); 4483 cfg80211_assoc_timeout(sdata->dev, bss); 4484 } 4485 if (ifmgd->auth_data) 4486 ieee80211_destroy_auth_data(sdata, false); 4487 del_timer_sync(&ifmgd->timer); 4488 sdata_unlock(sdata); 4489 } 4490 4491 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 4492 enum nl80211_cqm_rssi_threshold_event rssi_event, 4493 gfp_t gfp) 4494 { 4495 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4496 4497 trace_api_cqm_rssi_notify(sdata, rssi_event); 4498 4499 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4500 } 4501 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4502