1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/pm_qos.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) 35 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 36 #define IEEE80211_AUTH_MAX_TRIES 3 37 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 38 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 39 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 40 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 41 #define IEEE80211_ASSOC_MAX_TRIES 3 42 43 static int max_nullfunc_tries = 2; 44 module_param(max_nullfunc_tries, int, 0644); 45 MODULE_PARM_DESC(max_nullfunc_tries, 46 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 47 48 static int max_probe_tries = 5; 49 module_param(max_probe_tries, int, 0644); 50 MODULE_PARM_DESC(max_probe_tries, 51 "Maximum probe tries before disconnecting (reason 4)."); 52 53 /* 54 * Beacon loss timeout is calculated as N frames times the 55 * advertised beacon interval. This may need to be somewhat 56 * higher than what hardware might detect to account for 57 * delays in the host processing frames. But since we also 58 * probe on beacon miss before declaring the connection lost 59 * default to what we want. 60 */ 61 static int beacon_loss_count = 7; 62 module_param(beacon_loss_count, int, 0644); 63 MODULE_PARM_DESC(beacon_loss_count, 64 "Number of beacon intervals before we decide beacon was lost."); 65 66 /* 67 * Time the connection can be idle before we probe 68 * it to see if we can still talk to the AP. 69 */ 70 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 71 /* 72 * Time we wait for a probe response after sending 73 * a probe request because of beacon loss or for 74 * checking the connection still works. 75 */ 76 static int probe_wait_ms = 500; 77 module_param(probe_wait_ms, int, 0644); 78 MODULE_PARM_DESC(probe_wait_ms, 79 "Maximum time(ms) to wait for probe response" 80 " before disconnecting (reason 4)."); 81 82 /* 83 * Weight given to the latest Beacon frame when calculating average signal 84 * strength for Beacon frames received in the current BSS. This must be 85 * between 1 and 15. 86 */ 87 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 88 89 /* 90 * How many Beacon frames need to have been used in average signal strength 91 * before starting to indicate signal change events. 92 */ 93 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 94 95 /* 96 * We can have multiple work items (and connection probing) 97 * scheduling this timer, but we need to take care to only 98 * reschedule it when it should fire _earlier_ than it was 99 * asked for before, or if it's not pending right now. This 100 * function ensures that. Note that it then is required to 101 * run this function for all timeouts after the first one 102 * has happened -- the work that runs from this timer will 103 * do that. 104 */ 105 static void run_again(struct ieee80211_sub_if_data *sdata, 106 unsigned long timeout) 107 { 108 sdata_assert_lock(sdata); 109 110 if (!timer_pending(&sdata->u.mgd.timer) || 111 time_before(timeout, sdata->u.mgd.timer.expires)) 112 mod_timer(&sdata->u.mgd.timer, timeout); 113 } 114 115 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 116 { 117 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 118 return; 119 120 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 121 return; 122 123 mod_timer(&sdata->u.mgd.bcn_mon_timer, 124 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 125 } 126 127 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 128 { 129 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 130 131 if (unlikely(!sdata->u.mgd.associated)) 132 return; 133 134 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 135 return; 136 137 mod_timer(&sdata->u.mgd.conn_mon_timer, 138 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 139 140 ifmgd->probe_send_count = 0; 141 } 142 143 static int ecw2cw(int ecw) 144 { 145 return (1 << ecw) - 1; 146 } 147 148 static u32 149 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 150 struct ieee80211_supported_band *sband, 151 struct ieee80211_channel *channel, 152 const struct ieee80211_ht_operation *ht_oper, 153 const struct ieee80211_vht_operation *vht_oper, 154 struct cfg80211_chan_def *chandef, bool tracking) 155 { 156 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 157 struct cfg80211_chan_def vht_chandef; 158 u32 ht_cfreq, ret; 159 160 chandef->chan = channel; 161 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 162 chandef->center_freq1 = channel->center_freq; 163 chandef->center_freq2 = 0; 164 165 if (!ht_oper || !sband->ht_cap.ht_supported) { 166 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 167 goto out; 168 } 169 170 chandef->width = NL80211_CHAN_WIDTH_20; 171 172 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 173 channel->band); 174 /* check that channel matches the right operating channel */ 175 if (!tracking && channel->center_freq != ht_cfreq) { 176 /* 177 * It's possible that some APs are confused here; 178 * Netgear WNDR3700 sometimes reports 4 higher than 179 * the actual channel in association responses, but 180 * since we look at probe response/beacon data here 181 * it should be OK. 182 */ 183 sdata_info(sdata, 184 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 185 channel->center_freq, ht_cfreq, 186 ht_oper->primary_chan, channel->band); 187 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 188 goto out; 189 } 190 191 /* check 40 MHz support, if we have it */ 192 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 193 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 194 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 195 chandef->width = NL80211_CHAN_WIDTH_40; 196 chandef->center_freq1 += 10; 197 break; 198 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 199 chandef->width = NL80211_CHAN_WIDTH_40; 200 chandef->center_freq1 -= 10; 201 break; 202 } 203 } else { 204 /* 40 MHz (and 80 MHz) must be supported for VHT */ 205 ret = IEEE80211_STA_DISABLE_VHT; 206 /* also mark 40 MHz disabled */ 207 ret |= IEEE80211_STA_DISABLE_40MHZ; 208 goto out; 209 } 210 211 if (!vht_oper || !sband->vht_cap.vht_supported) { 212 ret = IEEE80211_STA_DISABLE_VHT; 213 goto out; 214 } 215 216 vht_chandef.chan = channel; 217 vht_chandef.center_freq1 = 218 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 219 channel->band); 220 vht_chandef.center_freq2 = 0; 221 222 switch (vht_oper->chan_width) { 223 case IEEE80211_VHT_CHANWIDTH_USE_HT: 224 vht_chandef.width = chandef->width; 225 break; 226 case IEEE80211_VHT_CHANWIDTH_80MHZ: 227 vht_chandef.width = NL80211_CHAN_WIDTH_80; 228 break; 229 case IEEE80211_VHT_CHANWIDTH_160MHZ: 230 vht_chandef.width = NL80211_CHAN_WIDTH_160; 231 break; 232 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 233 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 234 vht_chandef.center_freq2 = 235 ieee80211_channel_to_frequency( 236 vht_oper->center_freq_seg2_idx, 237 channel->band); 238 break; 239 default: 240 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 241 sdata_info(sdata, 242 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 243 vht_oper->chan_width); 244 ret = IEEE80211_STA_DISABLE_VHT; 245 goto out; 246 } 247 248 if (!cfg80211_chandef_valid(&vht_chandef)) { 249 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 250 sdata_info(sdata, 251 "AP VHT information is invalid, disable VHT\n"); 252 ret = IEEE80211_STA_DISABLE_VHT; 253 goto out; 254 } 255 256 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 257 ret = 0; 258 goto out; 259 } 260 261 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 262 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 263 sdata_info(sdata, 264 "AP VHT information doesn't match HT, disable VHT\n"); 265 ret = IEEE80211_STA_DISABLE_VHT; 266 goto out; 267 } 268 269 *chandef = vht_chandef; 270 271 ret = 0; 272 273 out: 274 /* don't print the message below for VHT mismatch if VHT is disabled */ 275 if (ret & IEEE80211_STA_DISABLE_VHT) 276 vht_chandef = *chandef; 277 278 /* 279 * Ignore the DISABLED flag when we're already connected and only 280 * tracking the APs beacon for bandwidth changes - otherwise we 281 * might get disconnected here if we connect to an AP, update our 282 * regulatory information based on the AP's country IE and the 283 * information we have is wrong/outdated and disables the channel 284 * that we're actually using for the connection to the AP. 285 */ 286 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 287 tracking ? 0 : 288 IEEE80211_CHAN_DISABLED)) { 289 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 290 ret = IEEE80211_STA_DISABLE_HT | 291 IEEE80211_STA_DISABLE_VHT; 292 break; 293 } 294 295 ret |= ieee80211_chandef_downgrade(chandef); 296 } 297 298 if (chandef->width != vht_chandef.width && !tracking) 299 sdata_info(sdata, 300 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 301 302 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 303 return ret; 304 } 305 306 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 307 struct sta_info *sta, 308 const struct ieee80211_ht_operation *ht_oper, 309 const struct ieee80211_vht_operation *vht_oper, 310 const u8 *bssid, u32 *changed) 311 { 312 struct ieee80211_local *local = sdata->local; 313 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 314 struct ieee80211_supported_band *sband; 315 struct ieee80211_channel *chan; 316 struct cfg80211_chan_def chandef; 317 u16 ht_opmode; 318 u32 flags; 319 enum ieee80211_sta_rx_bandwidth new_sta_bw; 320 int ret; 321 322 /* if HT was/is disabled, don't track any bandwidth changes */ 323 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 324 return 0; 325 326 /* don't check VHT if we associated as non-VHT station */ 327 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 328 vht_oper = NULL; 329 330 if (WARN_ON_ONCE(!sta)) 331 return -EINVAL; 332 333 chan = sdata->vif.bss_conf.chandef.chan; 334 sband = local->hw.wiphy->bands[chan->band]; 335 336 /* calculate new channel (type) based on HT/VHT operation IEs */ 337 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, 338 vht_oper, &chandef, true); 339 340 /* 341 * Downgrade the new channel if we associated with restricted 342 * capabilities. For example, if we associated as a 20 MHz STA 343 * to a 40 MHz AP (due to regulatory, capabilities or config 344 * reasons) then switching to a 40 MHz channel now won't do us 345 * any good -- we couldn't use it with the AP. 346 */ 347 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 348 chandef.width == NL80211_CHAN_WIDTH_80P80) 349 flags |= ieee80211_chandef_downgrade(&chandef); 350 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 351 chandef.width == NL80211_CHAN_WIDTH_160) 352 flags |= ieee80211_chandef_downgrade(&chandef); 353 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 354 chandef.width > NL80211_CHAN_WIDTH_20) 355 flags |= ieee80211_chandef_downgrade(&chandef); 356 357 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 358 return 0; 359 360 sdata_info(sdata, 361 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 362 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 363 chandef.center_freq1, chandef.center_freq2); 364 365 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 366 IEEE80211_STA_DISABLE_VHT | 367 IEEE80211_STA_DISABLE_40MHZ | 368 IEEE80211_STA_DISABLE_80P80MHZ | 369 IEEE80211_STA_DISABLE_160MHZ)) || 370 !cfg80211_chandef_valid(&chandef)) { 371 sdata_info(sdata, 372 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 373 ifmgd->bssid); 374 return -EINVAL; 375 } 376 377 switch (chandef.width) { 378 case NL80211_CHAN_WIDTH_20_NOHT: 379 case NL80211_CHAN_WIDTH_20: 380 new_sta_bw = IEEE80211_STA_RX_BW_20; 381 break; 382 case NL80211_CHAN_WIDTH_40: 383 new_sta_bw = IEEE80211_STA_RX_BW_40; 384 break; 385 case NL80211_CHAN_WIDTH_80: 386 new_sta_bw = IEEE80211_STA_RX_BW_80; 387 break; 388 case NL80211_CHAN_WIDTH_80P80: 389 case NL80211_CHAN_WIDTH_160: 390 new_sta_bw = IEEE80211_STA_RX_BW_160; 391 break; 392 default: 393 return -EINVAL; 394 } 395 396 if (new_sta_bw > sta->cur_max_bandwidth) 397 new_sta_bw = sta->cur_max_bandwidth; 398 399 if (new_sta_bw < sta->sta.bandwidth) { 400 sta->sta.bandwidth = new_sta_bw; 401 rate_control_rate_update(local, sband, sta, 402 IEEE80211_RC_BW_CHANGED); 403 } 404 405 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 406 if (ret) { 407 sdata_info(sdata, 408 "AP %pM changed bandwidth to incompatible one - disconnect\n", 409 ifmgd->bssid); 410 return ret; 411 } 412 413 if (new_sta_bw > sta->sta.bandwidth) { 414 sta->sta.bandwidth = new_sta_bw; 415 rate_control_rate_update(local, sband, sta, 416 IEEE80211_RC_BW_CHANGED); 417 } 418 419 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 420 421 /* if bss configuration changed store the new one */ 422 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 423 *changed |= BSS_CHANGED_HT; 424 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 425 } 426 427 return 0; 428 } 429 430 /* frame sending functions */ 431 432 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 433 struct sk_buff *skb, u8 ap_ht_param, 434 struct ieee80211_supported_band *sband, 435 struct ieee80211_channel *channel, 436 enum ieee80211_smps_mode smps) 437 { 438 u8 *pos; 439 u32 flags = channel->flags; 440 u16 cap; 441 struct ieee80211_sta_ht_cap ht_cap; 442 443 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 444 445 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 446 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 447 448 /* determine capability flags */ 449 cap = ht_cap.cap; 450 451 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 452 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 453 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 454 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 455 cap &= ~IEEE80211_HT_CAP_SGI_40; 456 } 457 break; 458 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 459 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 460 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 461 cap &= ~IEEE80211_HT_CAP_SGI_40; 462 } 463 break; 464 } 465 466 /* 467 * If 40 MHz was disabled associate as though we weren't 468 * capable of 40 MHz -- some broken APs will never fall 469 * back to trying to transmit in 20 MHz. 470 */ 471 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 472 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 473 cap &= ~IEEE80211_HT_CAP_SGI_40; 474 } 475 476 /* set SM PS mode properly */ 477 cap &= ~IEEE80211_HT_CAP_SM_PS; 478 switch (smps) { 479 case IEEE80211_SMPS_AUTOMATIC: 480 case IEEE80211_SMPS_NUM_MODES: 481 WARN_ON(1); 482 case IEEE80211_SMPS_OFF: 483 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 484 IEEE80211_HT_CAP_SM_PS_SHIFT; 485 break; 486 case IEEE80211_SMPS_STATIC: 487 cap |= WLAN_HT_CAP_SM_PS_STATIC << 488 IEEE80211_HT_CAP_SM_PS_SHIFT; 489 break; 490 case IEEE80211_SMPS_DYNAMIC: 491 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 492 IEEE80211_HT_CAP_SM_PS_SHIFT; 493 break; 494 } 495 496 /* reserve and fill IE */ 497 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 498 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 499 } 500 501 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 502 struct sk_buff *skb, 503 struct ieee80211_supported_band *sband, 504 struct ieee80211_vht_cap *ap_vht_cap) 505 { 506 u8 *pos; 507 u32 cap; 508 struct ieee80211_sta_vht_cap vht_cap; 509 510 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 511 512 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 513 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 514 515 /* determine capability flags */ 516 cap = vht_cap.cap; 517 518 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 519 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; 520 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 521 } 522 523 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 524 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 525 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 526 } 527 528 /* 529 * Some APs apparently get confused if our capabilities are better 530 * than theirs, so restrict what we advertise in the assoc request. 531 */ 532 if (!(ap_vht_cap->vht_cap_info & 533 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 534 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 535 536 /* reserve and fill IE */ 537 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 538 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 539 } 540 541 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 542 { 543 struct ieee80211_local *local = sdata->local; 544 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 545 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 546 struct sk_buff *skb; 547 struct ieee80211_mgmt *mgmt; 548 u8 *pos, qos_info; 549 size_t offset = 0, noffset; 550 int i, count, rates_len, supp_rates_len, shift; 551 u16 capab; 552 struct ieee80211_supported_band *sband; 553 struct ieee80211_chanctx_conf *chanctx_conf; 554 struct ieee80211_channel *chan; 555 u32 rate_flags, rates = 0; 556 557 sdata_assert_lock(sdata); 558 559 rcu_read_lock(); 560 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 561 if (WARN_ON(!chanctx_conf)) { 562 rcu_read_unlock(); 563 return; 564 } 565 chan = chanctx_conf->def.chan; 566 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 567 rcu_read_unlock(); 568 sband = local->hw.wiphy->bands[chan->band]; 569 shift = ieee80211_vif_get_shift(&sdata->vif); 570 571 if (assoc_data->supp_rates_len) { 572 /* 573 * Get all rates supported by the device and the AP as 574 * some APs don't like getting a superset of their rates 575 * in the association request (e.g. D-Link DAP 1353 in 576 * b-only mode)... 577 */ 578 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband, 579 assoc_data->supp_rates, 580 assoc_data->supp_rates_len, 581 &rates); 582 } else { 583 /* 584 * In case AP not provide any supported rates information 585 * before association, we send information element(s) with 586 * all rates that we support. 587 */ 588 rates_len = 0; 589 for (i = 0; i < sband->n_bitrates; i++) { 590 if ((rate_flags & sband->bitrates[i].flags) 591 != rate_flags) 592 continue; 593 rates |= BIT(i); 594 rates_len++; 595 } 596 } 597 598 skb = alloc_skb(local->hw.extra_tx_headroom + 599 sizeof(*mgmt) + /* bit too much but doesn't matter */ 600 2 + assoc_data->ssid_len + /* SSID */ 601 4 + rates_len + /* (extended) rates */ 602 4 + /* power capability */ 603 2 + 2 * sband->n_channels + /* supported channels */ 604 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 605 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 606 assoc_data->ie_len + /* extra IEs */ 607 9, /* WMM */ 608 GFP_KERNEL); 609 if (!skb) 610 return; 611 612 skb_reserve(skb, local->hw.extra_tx_headroom); 613 614 capab = WLAN_CAPABILITY_ESS; 615 616 if (sband->band == IEEE80211_BAND_2GHZ) { 617 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 618 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 619 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 620 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 621 } 622 623 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 624 capab |= WLAN_CAPABILITY_PRIVACY; 625 626 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 627 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 628 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 629 630 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 631 memset(mgmt, 0, 24); 632 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 633 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 634 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 635 636 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 637 skb_put(skb, 10); 638 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 639 IEEE80211_STYPE_REASSOC_REQ); 640 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 641 mgmt->u.reassoc_req.listen_interval = 642 cpu_to_le16(local->hw.conf.listen_interval); 643 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 644 ETH_ALEN); 645 } else { 646 skb_put(skb, 4); 647 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 648 IEEE80211_STYPE_ASSOC_REQ); 649 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 650 mgmt->u.assoc_req.listen_interval = 651 cpu_to_le16(local->hw.conf.listen_interval); 652 } 653 654 /* SSID */ 655 pos = skb_put(skb, 2 + assoc_data->ssid_len); 656 *pos++ = WLAN_EID_SSID; 657 *pos++ = assoc_data->ssid_len; 658 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 659 660 /* add all rates which were marked to be used above */ 661 supp_rates_len = rates_len; 662 if (supp_rates_len > 8) 663 supp_rates_len = 8; 664 665 pos = skb_put(skb, supp_rates_len + 2); 666 *pos++ = WLAN_EID_SUPP_RATES; 667 *pos++ = supp_rates_len; 668 669 count = 0; 670 for (i = 0; i < sband->n_bitrates; i++) { 671 if (BIT(i) & rates) { 672 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 673 5 * (1 << shift)); 674 *pos++ = (u8) rate; 675 if (++count == 8) 676 break; 677 } 678 } 679 680 if (rates_len > count) { 681 pos = skb_put(skb, rates_len - count + 2); 682 *pos++ = WLAN_EID_EXT_SUPP_RATES; 683 *pos++ = rates_len - count; 684 685 for (i++; i < sband->n_bitrates; i++) { 686 if (BIT(i) & rates) { 687 int rate; 688 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 689 5 * (1 << shift)); 690 *pos++ = (u8) rate; 691 } 692 } 693 } 694 695 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 696 /* 1. power capabilities */ 697 pos = skb_put(skb, 4); 698 *pos++ = WLAN_EID_PWR_CAPABILITY; 699 *pos++ = 2; 700 *pos++ = 0; /* min tx power */ 701 /* max tx power */ 702 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def); 703 704 /* 2. supported channels */ 705 /* TODO: get this in reg domain format */ 706 pos = skb_put(skb, 2 * sband->n_channels + 2); 707 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 708 *pos++ = 2 * sband->n_channels; 709 for (i = 0; i < sband->n_channels; i++) { 710 *pos++ = ieee80211_frequency_to_channel( 711 sband->channels[i].center_freq); 712 *pos++ = 1; /* one channel in the subband*/ 713 } 714 } 715 716 /* if present, add any custom IEs that go before HT */ 717 if (assoc_data->ie_len && assoc_data->ie) { 718 static const u8 before_ht[] = { 719 WLAN_EID_SSID, 720 WLAN_EID_SUPP_RATES, 721 WLAN_EID_EXT_SUPP_RATES, 722 WLAN_EID_PWR_CAPABILITY, 723 WLAN_EID_SUPPORTED_CHANNELS, 724 WLAN_EID_RSN, 725 WLAN_EID_QOS_CAPA, 726 WLAN_EID_RRM_ENABLED_CAPABILITIES, 727 WLAN_EID_MOBILITY_DOMAIN, 728 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 729 }; 730 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 731 before_ht, ARRAY_SIZE(before_ht), 732 offset); 733 pos = skb_put(skb, noffset - offset); 734 memcpy(pos, assoc_data->ie + offset, noffset - offset); 735 offset = noffset; 736 } 737 738 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 739 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 740 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 741 742 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 743 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 744 sband, chan, sdata->smps_mode); 745 746 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 747 ieee80211_add_vht_ie(sdata, skb, sband, 748 &assoc_data->ap_vht_cap); 749 750 /* if present, add any custom non-vendor IEs that go after HT */ 751 if (assoc_data->ie_len && assoc_data->ie) { 752 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 753 assoc_data->ie_len, 754 offset); 755 pos = skb_put(skb, noffset - offset); 756 memcpy(pos, assoc_data->ie + offset, noffset - offset); 757 offset = noffset; 758 } 759 760 if (assoc_data->wmm) { 761 if (assoc_data->uapsd) { 762 qos_info = ifmgd->uapsd_queues; 763 qos_info |= (ifmgd->uapsd_max_sp_len << 764 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 765 } else { 766 qos_info = 0; 767 } 768 769 pos = skb_put(skb, 9); 770 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 771 *pos++ = 7; /* len */ 772 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 773 *pos++ = 0x50; 774 *pos++ = 0xf2; 775 *pos++ = 2; /* WME */ 776 *pos++ = 0; /* WME info */ 777 *pos++ = 1; /* WME ver */ 778 *pos++ = qos_info; 779 } 780 781 /* add any remaining custom (i.e. vendor specific here) IEs */ 782 if (assoc_data->ie_len && assoc_data->ie) { 783 noffset = assoc_data->ie_len; 784 pos = skb_put(skb, noffset - offset); 785 memcpy(pos, assoc_data->ie + offset, noffset - offset); 786 } 787 788 drv_mgd_prepare_tx(local, sdata); 789 790 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 791 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 792 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 793 IEEE80211_TX_INTFL_MLME_CONN_TX; 794 ieee80211_tx_skb(sdata, skb); 795 } 796 797 void ieee80211_send_pspoll(struct ieee80211_local *local, 798 struct ieee80211_sub_if_data *sdata) 799 { 800 struct ieee80211_pspoll *pspoll; 801 struct sk_buff *skb; 802 803 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 804 if (!skb) 805 return; 806 807 pspoll = (struct ieee80211_pspoll *) skb->data; 808 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 809 810 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 811 ieee80211_tx_skb(sdata, skb); 812 } 813 814 void ieee80211_send_nullfunc(struct ieee80211_local *local, 815 struct ieee80211_sub_if_data *sdata, 816 int powersave) 817 { 818 struct sk_buff *skb; 819 struct ieee80211_hdr_3addr *nullfunc; 820 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 821 822 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 823 if (!skb) 824 return; 825 826 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 827 if (powersave) 828 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 829 830 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 831 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 832 833 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 834 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 835 836 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 837 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 838 839 ieee80211_tx_skb(sdata, skb); 840 } 841 842 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 843 struct ieee80211_sub_if_data *sdata) 844 { 845 struct sk_buff *skb; 846 struct ieee80211_hdr *nullfunc; 847 __le16 fc; 848 849 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 850 return; 851 852 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 853 if (!skb) 854 return; 855 856 skb_reserve(skb, local->hw.extra_tx_headroom); 857 858 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 859 memset(nullfunc, 0, 30); 860 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 861 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 862 nullfunc->frame_control = fc; 863 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 864 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 865 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 866 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 867 868 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 869 ieee80211_tx_skb(sdata, skb); 870 } 871 872 /* spectrum management related things */ 873 static void ieee80211_chswitch_work(struct work_struct *work) 874 { 875 struct ieee80211_sub_if_data *sdata = 876 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 877 struct ieee80211_local *local = sdata->local; 878 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 879 u32 changed = 0; 880 int ret; 881 882 if (!ieee80211_sdata_running(sdata)) 883 return; 884 885 sdata_lock(sdata); 886 if (!ifmgd->associated) 887 goto out; 888 889 ret = ieee80211_vif_change_channel(sdata, &local->csa_chandef, 890 &changed); 891 if (ret) { 892 sdata_info(sdata, 893 "vif channel switch failed, disconnecting\n"); 894 ieee80211_queue_work(&sdata->local->hw, 895 &ifmgd->csa_connection_drop_work); 896 goto out; 897 } 898 899 if (!local->use_chanctx) { 900 local->_oper_chandef = local->csa_chandef; 901 /* Call "hw_config" only if doing sw channel switch. 902 * Otherwise update the channel directly 903 */ 904 if (!local->ops->channel_switch) 905 ieee80211_hw_config(local, 0); 906 else 907 local->hw.conf.chandef = local->_oper_chandef; 908 } 909 910 /* XXX: shouldn't really modify cfg80211-owned data! */ 911 ifmgd->associated->channel = local->csa_chandef.chan; 912 913 /* XXX: wait for a beacon first? */ 914 ieee80211_wake_queues_by_reason(&local->hw, 915 IEEE80211_MAX_QUEUE_MAP, 916 IEEE80211_QUEUE_STOP_REASON_CSA); 917 918 ieee80211_bss_info_change_notify(sdata, changed); 919 920 out: 921 sdata->vif.csa_active = false; 922 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 923 sdata_unlock(sdata); 924 } 925 926 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 927 { 928 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 929 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 930 931 trace_api_chswitch_done(sdata, success); 932 if (!success) { 933 sdata_info(sdata, 934 "driver channel switch failed, disconnecting\n"); 935 ieee80211_queue_work(&sdata->local->hw, 936 &ifmgd->csa_connection_drop_work); 937 } else { 938 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 939 } 940 } 941 EXPORT_SYMBOL(ieee80211_chswitch_done); 942 943 static void ieee80211_chswitch_timer(unsigned long data) 944 { 945 struct ieee80211_sub_if_data *sdata = 946 (struct ieee80211_sub_if_data *) data; 947 948 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 949 } 950 951 static void 952 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 953 u64 timestamp, struct ieee802_11_elems *elems, 954 bool beacon) 955 { 956 struct ieee80211_local *local = sdata->local; 957 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 958 struct cfg80211_bss *cbss = ifmgd->associated; 959 struct ieee80211_chanctx *chanctx; 960 enum ieee80211_band current_band; 961 struct ieee80211_csa_ie csa_ie; 962 int res; 963 964 sdata_assert_lock(sdata); 965 966 if (!cbss) 967 return; 968 969 if (local->scanning) 970 return; 971 972 /* disregard subsequent announcements if we are already processing */ 973 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 974 return; 975 976 current_band = cbss->channel->band; 977 memset(&csa_ie, 0, sizeof(csa_ie)); 978 res = ieee80211_parse_ch_switch_ie(sdata, elems, beacon, current_band, 979 ifmgd->flags, 980 ifmgd->associated->bssid, &csa_ie); 981 if (res < 0) 982 ieee80211_queue_work(&local->hw, 983 &ifmgd->csa_connection_drop_work); 984 if (res) 985 return; 986 987 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef, 988 IEEE80211_CHAN_DISABLED)) { 989 sdata_info(sdata, 990 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 991 ifmgd->associated->bssid, 992 csa_ie.chandef.chan->center_freq, 993 csa_ie.chandef.width, csa_ie.chandef.center_freq1, 994 csa_ie.chandef.center_freq2); 995 ieee80211_queue_work(&local->hw, 996 &ifmgd->csa_connection_drop_work); 997 return; 998 } 999 1000 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 1001 sdata->vif.csa_active = true; 1002 1003 mutex_lock(&local->chanctx_mtx); 1004 if (local->use_chanctx) { 1005 u32 num_chanctx = 0; 1006 list_for_each_entry(chanctx, &local->chanctx_list, list) 1007 num_chanctx++; 1008 1009 if (num_chanctx > 1 || 1010 !(local->hw.flags & IEEE80211_HW_CHANCTX_STA_CSA)) { 1011 sdata_info(sdata, 1012 "not handling chan-switch with channel contexts\n"); 1013 ieee80211_queue_work(&local->hw, 1014 &ifmgd->csa_connection_drop_work); 1015 mutex_unlock(&local->chanctx_mtx); 1016 return; 1017 } 1018 } 1019 1020 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { 1021 ieee80211_queue_work(&local->hw, 1022 &ifmgd->csa_connection_drop_work); 1023 mutex_unlock(&local->chanctx_mtx); 1024 return; 1025 } 1026 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), 1027 struct ieee80211_chanctx, conf); 1028 if (chanctx->refcount > 1) { 1029 sdata_info(sdata, 1030 "channel switch with multiple interfaces on the same channel, disconnecting\n"); 1031 ieee80211_queue_work(&local->hw, 1032 &ifmgd->csa_connection_drop_work); 1033 mutex_unlock(&local->chanctx_mtx); 1034 return; 1035 } 1036 mutex_unlock(&local->chanctx_mtx); 1037 1038 local->csa_chandef = csa_ie.chandef; 1039 1040 if (csa_ie.mode) 1041 ieee80211_stop_queues_by_reason(&local->hw, 1042 IEEE80211_MAX_QUEUE_MAP, 1043 IEEE80211_QUEUE_STOP_REASON_CSA); 1044 1045 if (local->ops->channel_switch) { 1046 /* use driver's channel switch callback */ 1047 struct ieee80211_channel_switch ch_switch = { 1048 .timestamp = timestamp, 1049 .block_tx = csa_ie.mode, 1050 .chandef = csa_ie.chandef, 1051 .count = csa_ie.count, 1052 }; 1053 1054 drv_channel_switch(local, &ch_switch); 1055 return; 1056 } 1057 1058 /* channel switch handled in software */ 1059 if (csa_ie.count <= 1) 1060 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1061 else 1062 mod_timer(&ifmgd->chswitch_timer, 1063 TU_TO_EXP_TIME(csa_ie.count * cbss->beacon_interval)); 1064 } 1065 1066 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1067 struct ieee80211_channel *channel, 1068 const u8 *country_ie, u8 country_ie_len, 1069 const u8 *pwr_constr_elem) 1070 { 1071 struct ieee80211_country_ie_triplet *triplet; 1072 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1073 int i, chan_pwr, chan_increment, new_ap_level; 1074 bool have_chan_pwr = false; 1075 1076 /* Invalid IE */ 1077 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1078 return 0; 1079 1080 triplet = (void *)(country_ie + 3); 1081 country_ie_len -= 3; 1082 1083 switch (channel->band) { 1084 default: 1085 WARN_ON_ONCE(1); 1086 /* fall through */ 1087 case IEEE80211_BAND_2GHZ: 1088 case IEEE80211_BAND_60GHZ: 1089 chan_increment = 1; 1090 break; 1091 case IEEE80211_BAND_5GHZ: 1092 chan_increment = 4; 1093 break; 1094 } 1095 1096 /* find channel */ 1097 while (country_ie_len >= 3) { 1098 u8 first_channel = triplet->chans.first_channel; 1099 1100 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1101 goto next; 1102 1103 for (i = 0; i < triplet->chans.num_channels; i++) { 1104 if (first_channel + i * chan_increment == chan) { 1105 have_chan_pwr = true; 1106 chan_pwr = triplet->chans.max_power; 1107 break; 1108 } 1109 } 1110 if (have_chan_pwr) 1111 break; 1112 1113 next: 1114 triplet++; 1115 country_ie_len -= 3; 1116 } 1117 1118 if (!have_chan_pwr) 1119 return 0; 1120 1121 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem); 1122 1123 if (sdata->ap_power_level == new_ap_level) 1124 return 0; 1125 1126 sdata_info(sdata, 1127 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1128 new_ap_level, chan_pwr, *pwr_constr_elem, 1129 sdata->u.mgd.bssid); 1130 sdata->ap_power_level = new_ap_level; 1131 if (__ieee80211_recalc_txpower(sdata)) 1132 return BSS_CHANGED_TXPOWER; 1133 return 0; 1134 } 1135 1136 /* powersave */ 1137 static void ieee80211_enable_ps(struct ieee80211_local *local, 1138 struct ieee80211_sub_if_data *sdata) 1139 { 1140 struct ieee80211_conf *conf = &local->hw.conf; 1141 1142 /* 1143 * If we are scanning right now then the parameters will 1144 * take effect when scan finishes. 1145 */ 1146 if (local->scanning) 1147 return; 1148 1149 if (conf->dynamic_ps_timeout > 0 && 1150 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1151 mod_timer(&local->dynamic_ps_timer, jiffies + 1152 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1153 } else { 1154 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1155 ieee80211_send_nullfunc(local, sdata, 1); 1156 1157 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1158 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1159 return; 1160 1161 conf->flags |= IEEE80211_CONF_PS; 1162 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1163 } 1164 } 1165 1166 static void ieee80211_change_ps(struct ieee80211_local *local) 1167 { 1168 struct ieee80211_conf *conf = &local->hw.conf; 1169 1170 if (local->ps_sdata) { 1171 ieee80211_enable_ps(local, local->ps_sdata); 1172 } else if (conf->flags & IEEE80211_CONF_PS) { 1173 conf->flags &= ~IEEE80211_CONF_PS; 1174 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1175 del_timer_sync(&local->dynamic_ps_timer); 1176 cancel_work_sync(&local->dynamic_ps_enable_work); 1177 } 1178 } 1179 1180 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1181 { 1182 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1183 struct sta_info *sta = NULL; 1184 bool authorized = false; 1185 1186 if (!mgd->powersave) 1187 return false; 1188 1189 if (mgd->broken_ap) 1190 return false; 1191 1192 if (!mgd->associated) 1193 return false; 1194 1195 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL) 1196 return false; 1197 1198 if (!mgd->have_beacon) 1199 return false; 1200 1201 rcu_read_lock(); 1202 sta = sta_info_get(sdata, mgd->bssid); 1203 if (sta) 1204 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1205 rcu_read_unlock(); 1206 1207 return authorized; 1208 } 1209 1210 /* need to hold RTNL or interface lock */ 1211 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1212 { 1213 struct ieee80211_sub_if_data *sdata, *found = NULL; 1214 int count = 0; 1215 int timeout; 1216 1217 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1218 local->ps_sdata = NULL; 1219 return; 1220 } 1221 1222 list_for_each_entry(sdata, &local->interfaces, list) { 1223 if (!ieee80211_sdata_running(sdata)) 1224 continue; 1225 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1226 /* If an AP vif is found, then disable PS 1227 * by setting the count to zero thereby setting 1228 * ps_sdata to NULL. 1229 */ 1230 count = 0; 1231 break; 1232 } 1233 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1234 continue; 1235 found = sdata; 1236 count++; 1237 } 1238 1239 if (count == 1 && ieee80211_powersave_allowed(found)) { 1240 s32 beaconint_us; 1241 1242 if (latency < 0) 1243 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1244 1245 beaconint_us = ieee80211_tu_to_usec( 1246 found->vif.bss_conf.beacon_int); 1247 1248 timeout = local->dynamic_ps_forced_timeout; 1249 if (timeout < 0) { 1250 /* 1251 * Go to full PSM if the user configures a very low 1252 * latency requirement. 1253 * The 2000 second value is there for compatibility 1254 * until the PM_QOS_NETWORK_LATENCY is configured 1255 * with real values. 1256 */ 1257 if (latency > (1900 * USEC_PER_MSEC) && 1258 latency != (2000 * USEC_PER_SEC)) 1259 timeout = 0; 1260 else 1261 timeout = 100; 1262 } 1263 local->hw.conf.dynamic_ps_timeout = timeout; 1264 1265 if (beaconint_us > latency) { 1266 local->ps_sdata = NULL; 1267 } else { 1268 int maxslp = 1; 1269 u8 dtimper = found->u.mgd.dtim_period; 1270 1271 /* If the TIM IE is invalid, pretend the value is 1 */ 1272 if (!dtimper) 1273 dtimper = 1; 1274 else if (dtimper > 1) 1275 maxslp = min_t(int, dtimper, 1276 latency / beaconint_us); 1277 1278 local->hw.conf.max_sleep_period = maxslp; 1279 local->hw.conf.ps_dtim_period = dtimper; 1280 local->ps_sdata = found; 1281 } 1282 } else { 1283 local->ps_sdata = NULL; 1284 } 1285 1286 ieee80211_change_ps(local); 1287 } 1288 1289 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1290 { 1291 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1292 1293 if (sdata->vif.bss_conf.ps != ps_allowed) { 1294 sdata->vif.bss_conf.ps = ps_allowed; 1295 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1296 } 1297 } 1298 1299 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1300 { 1301 struct ieee80211_local *local = 1302 container_of(work, struct ieee80211_local, 1303 dynamic_ps_disable_work); 1304 1305 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1306 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1307 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1308 } 1309 1310 ieee80211_wake_queues_by_reason(&local->hw, 1311 IEEE80211_MAX_QUEUE_MAP, 1312 IEEE80211_QUEUE_STOP_REASON_PS); 1313 } 1314 1315 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1316 { 1317 struct ieee80211_local *local = 1318 container_of(work, struct ieee80211_local, 1319 dynamic_ps_enable_work); 1320 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1321 struct ieee80211_if_managed *ifmgd; 1322 unsigned long flags; 1323 int q; 1324 1325 /* can only happen when PS was just disabled anyway */ 1326 if (!sdata) 1327 return; 1328 1329 ifmgd = &sdata->u.mgd; 1330 1331 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1332 return; 1333 1334 if (local->hw.conf.dynamic_ps_timeout > 0) { 1335 /* don't enter PS if TX frames are pending */ 1336 if (drv_tx_frames_pending(local)) { 1337 mod_timer(&local->dynamic_ps_timer, jiffies + 1338 msecs_to_jiffies( 1339 local->hw.conf.dynamic_ps_timeout)); 1340 return; 1341 } 1342 1343 /* 1344 * transmission can be stopped by others which leads to 1345 * dynamic_ps_timer expiry. Postpone the ps timer if it 1346 * is not the actual idle state. 1347 */ 1348 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1349 for (q = 0; q < local->hw.queues; q++) { 1350 if (local->queue_stop_reasons[q]) { 1351 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1352 flags); 1353 mod_timer(&local->dynamic_ps_timer, jiffies + 1354 msecs_to_jiffies( 1355 local->hw.conf.dynamic_ps_timeout)); 1356 return; 1357 } 1358 } 1359 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1360 } 1361 1362 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1363 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1364 if (drv_tx_frames_pending(local)) { 1365 mod_timer(&local->dynamic_ps_timer, jiffies + 1366 msecs_to_jiffies( 1367 local->hw.conf.dynamic_ps_timeout)); 1368 } else { 1369 ieee80211_send_nullfunc(local, sdata, 1); 1370 /* Flush to get the tx status of nullfunc frame */ 1371 ieee80211_flush_queues(local, sdata); 1372 } 1373 } 1374 1375 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1376 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1377 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1378 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1379 local->hw.conf.flags |= IEEE80211_CONF_PS; 1380 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1381 } 1382 } 1383 1384 void ieee80211_dynamic_ps_timer(unsigned long data) 1385 { 1386 struct ieee80211_local *local = (void *) data; 1387 1388 if (local->quiescing || local->suspended) 1389 return; 1390 1391 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1392 } 1393 1394 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1395 { 1396 struct delayed_work *delayed_work = 1397 container_of(work, struct delayed_work, work); 1398 struct ieee80211_sub_if_data *sdata = 1399 container_of(delayed_work, struct ieee80211_sub_if_data, 1400 dfs_cac_timer_work); 1401 1402 ieee80211_vif_release_channel(sdata); 1403 1404 cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL); 1405 } 1406 1407 /* MLME */ 1408 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1409 struct ieee80211_sub_if_data *sdata, 1410 const u8 *wmm_param, size_t wmm_param_len) 1411 { 1412 struct ieee80211_tx_queue_params params; 1413 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1414 size_t left; 1415 int count; 1416 const u8 *pos; 1417 u8 uapsd_queues = 0; 1418 1419 if (!local->ops->conf_tx) 1420 return false; 1421 1422 if (local->hw.queues < IEEE80211_NUM_ACS) 1423 return false; 1424 1425 if (!wmm_param) 1426 return false; 1427 1428 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1429 return false; 1430 1431 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1432 uapsd_queues = ifmgd->uapsd_queues; 1433 1434 count = wmm_param[6] & 0x0f; 1435 if (count == ifmgd->wmm_last_param_set) 1436 return false; 1437 ifmgd->wmm_last_param_set = count; 1438 1439 pos = wmm_param + 8; 1440 left = wmm_param_len - 8; 1441 1442 memset(¶ms, 0, sizeof(params)); 1443 1444 sdata->wmm_acm = 0; 1445 for (; left >= 4; left -= 4, pos += 4) { 1446 int aci = (pos[0] >> 5) & 0x03; 1447 int acm = (pos[0] >> 4) & 0x01; 1448 bool uapsd = false; 1449 int queue; 1450 1451 switch (aci) { 1452 case 1: /* AC_BK */ 1453 queue = 3; 1454 if (acm) 1455 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1456 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1457 uapsd = true; 1458 break; 1459 case 2: /* AC_VI */ 1460 queue = 1; 1461 if (acm) 1462 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1463 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1464 uapsd = true; 1465 break; 1466 case 3: /* AC_VO */ 1467 queue = 0; 1468 if (acm) 1469 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1470 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1471 uapsd = true; 1472 break; 1473 case 0: /* AC_BE */ 1474 default: 1475 queue = 2; 1476 if (acm) 1477 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1478 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1479 uapsd = true; 1480 break; 1481 } 1482 1483 params.aifs = pos[0] & 0x0f; 1484 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1485 params.cw_min = ecw2cw(pos[1] & 0x0f); 1486 params.txop = get_unaligned_le16(pos + 2); 1487 params.acm = acm; 1488 params.uapsd = uapsd; 1489 1490 mlme_dbg(sdata, 1491 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 1492 queue, aci, acm, 1493 params.aifs, params.cw_min, params.cw_max, 1494 params.txop, params.uapsd); 1495 sdata->tx_conf[queue] = params; 1496 if (drv_conf_tx(local, sdata, queue, ¶ms)) 1497 sdata_err(sdata, 1498 "failed to set TX queue parameters for queue %d\n", 1499 queue); 1500 } 1501 1502 /* enable WMM or activate new settings */ 1503 sdata->vif.bss_conf.qos = true; 1504 return true; 1505 } 1506 1507 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1508 { 1509 lockdep_assert_held(&sdata->local->mtx); 1510 1511 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL; 1512 ieee80211_run_deferred_scan(sdata->local); 1513 } 1514 1515 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1516 { 1517 mutex_lock(&sdata->local->mtx); 1518 __ieee80211_stop_poll(sdata); 1519 mutex_unlock(&sdata->local->mtx); 1520 } 1521 1522 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1523 u16 capab, bool erp_valid, u8 erp) 1524 { 1525 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1526 u32 changed = 0; 1527 bool use_protection; 1528 bool use_short_preamble; 1529 bool use_short_slot; 1530 1531 if (erp_valid) { 1532 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1533 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1534 } else { 1535 use_protection = false; 1536 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1537 } 1538 1539 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1540 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1541 use_short_slot = true; 1542 1543 if (use_protection != bss_conf->use_cts_prot) { 1544 bss_conf->use_cts_prot = use_protection; 1545 changed |= BSS_CHANGED_ERP_CTS_PROT; 1546 } 1547 1548 if (use_short_preamble != bss_conf->use_short_preamble) { 1549 bss_conf->use_short_preamble = use_short_preamble; 1550 changed |= BSS_CHANGED_ERP_PREAMBLE; 1551 } 1552 1553 if (use_short_slot != bss_conf->use_short_slot) { 1554 bss_conf->use_short_slot = use_short_slot; 1555 changed |= BSS_CHANGED_ERP_SLOT; 1556 } 1557 1558 return changed; 1559 } 1560 1561 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1562 struct cfg80211_bss *cbss, 1563 u32 bss_info_changed) 1564 { 1565 struct ieee80211_bss *bss = (void *)cbss->priv; 1566 struct ieee80211_local *local = sdata->local; 1567 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1568 1569 bss_info_changed |= BSS_CHANGED_ASSOC; 1570 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1571 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1572 1573 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1574 beacon_loss_count * bss_conf->beacon_int)); 1575 1576 sdata->u.mgd.associated = cbss; 1577 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1578 1579 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1580 1581 if (sdata->vif.p2p) { 1582 const struct cfg80211_bss_ies *ies; 1583 1584 rcu_read_lock(); 1585 ies = rcu_dereference(cbss->ies); 1586 if (ies) { 1587 int ret; 1588 1589 ret = cfg80211_get_p2p_attr( 1590 ies->data, ies->len, 1591 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1592 (u8 *) &bss_conf->p2p_noa_attr, 1593 sizeof(bss_conf->p2p_noa_attr)); 1594 if (ret >= 2) { 1595 sdata->u.mgd.p2p_noa_index = 1596 bss_conf->p2p_noa_attr.index; 1597 bss_info_changed |= BSS_CHANGED_P2P_PS; 1598 } 1599 } 1600 rcu_read_unlock(); 1601 } 1602 1603 /* just to be sure */ 1604 ieee80211_stop_poll(sdata); 1605 1606 ieee80211_led_assoc(local, 1); 1607 1608 if (sdata->u.mgd.have_beacon) { 1609 /* 1610 * If the AP is buggy we may get here with no DTIM period 1611 * known, so assume it's 1 which is the only safe assumption 1612 * in that case, although if the TIM IE is broken powersave 1613 * probably just won't work at all. 1614 */ 1615 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1616 bss_conf->beacon_rate = bss->beacon_rate; 1617 bss_info_changed |= BSS_CHANGED_BEACON_INFO; 1618 } else { 1619 bss_conf->beacon_rate = NULL; 1620 bss_conf->dtim_period = 0; 1621 } 1622 1623 bss_conf->assoc = 1; 1624 1625 /* Tell the driver to monitor connection quality (if supported) */ 1626 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1627 bss_conf->cqm_rssi_thold) 1628 bss_info_changed |= BSS_CHANGED_CQM; 1629 1630 /* Enable ARP filtering */ 1631 if (bss_conf->arp_addr_cnt) 1632 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1633 1634 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1635 1636 mutex_lock(&local->iflist_mtx); 1637 ieee80211_recalc_ps(local, -1); 1638 mutex_unlock(&local->iflist_mtx); 1639 1640 ieee80211_recalc_smps(sdata); 1641 ieee80211_recalc_ps_vif(sdata); 1642 1643 netif_carrier_on(sdata->dev); 1644 } 1645 1646 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1647 u16 stype, u16 reason, bool tx, 1648 u8 *frame_buf) 1649 { 1650 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1651 struct ieee80211_local *local = sdata->local; 1652 u32 changed = 0; 1653 1654 sdata_assert_lock(sdata); 1655 1656 if (WARN_ON_ONCE(tx && !frame_buf)) 1657 return; 1658 1659 if (WARN_ON(!ifmgd->associated)) 1660 return; 1661 1662 ieee80211_stop_poll(sdata); 1663 1664 ifmgd->associated = NULL; 1665 netif_carrier_off(sdata->dev); 1666 1667 /* 1668 * if we want to get out of ps before disassoc (why?) we have 1669 * to do it before sending disassoc, as otherwise the null-packet 1670 * won't be valid. 1671 */ 1672 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1673 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1674 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1675 } 1676 local->ps_sdata = NULL; 1677 1678 /* disable per-vif ps */ 1679 ieee80211_recalc_ps_vif(sdata); 1680 1681 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1682 if (tx) 1683 ieee80211_flush_queues(local, sdata); 1684 1685 /* deauthenticate/disassociate now */ 1686 if (tx || frame_buf) 1687 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1688 reason, tx, frame_buf); 1689 1690 /* flush out frame */ 1691 if (tx) 1692 ieee80211_flush_queues(local, sdata); 1693 1694 /* clear bssid only after building the needed mgmt frames */ 1695 memset(ifmgd->bssid, 0, ETH_ALEN); 1696 1697 /* remove AP and TDLS peers */ 1698 sta_info_flush_defer(sdata); 1699 1700 /* finally reset all BSS / config parameters */ 1701 changed |= ieee80211_reset_erp_info(sdata); 1702 1703 ieee80211_led_assoc(local, 0); 1704 changed |= BSS_CHANGED_ASSOC; 1705 sdata->vif.bss_conf.assoc = false; 1706 1707 ifmgd->p2p_noa_index = -1; 1708 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 1709 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 1710 1711 /* on the next assoc, re-program HT/VHT parameters */ 1712 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1713 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 1714 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 1715 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 1716 1717 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 1718 1719 del_timer_sync(&local->dynamic_ps_timer); 1720 cancel_work_sync(&local->dynamic_ps_enable_work); 1721 1722 /* Disable ARP filtering */ 1723 if (sdata->vif.bss_conf.arp_addr_cnt) 1724 changed |= BSS_CHANGED_ARP_FILTER; 1725 1726 sdata->vif.bss_conf.qos = false; 1727 changed |= BSS_CHANGED_QOS; 1728 1729 /* The BSSID (not really interesting) and HT changed */ 1730 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1731 ieee80211_bss_info_change_notify(sdata, changed); 1732 1733 /* disassociated - set to defaults now */ 1734 ieee80211_set_wmm_default(sdata, false); 1735 1736 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1737 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1738 del_timer_sync(&sdata->u.mgd.timer); 1739 del_timer_sync(&sdata->u.mgd.chswitch_timer); 1740 1741 sdata->vif.bss_conf.dtim_period = 0; 1742 sdata->vif.bss_conf.beacon_rate = NULL; 1743 1744 ifmgd->have_beacon = false; 1745 1746 ifmgd->flags = 0; 1747 ieee80211_vif_release_channel(sdata); 1748 } 1749 1750 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1751 struct ieee80211_hdr *hdr) 1752 { 1753 /* 1754 * We can postpone the mgd.timer whenever receiving unicast frames 1755 * from AP because we know that the connection is working both ways 1756 * at that time. But multicast frames (and hence also beacons) must 1757 * be ignored here, because we need to trigger the timer during 1758 * data idle periods for sending the periodic probe request to the 1759 * AP we're connected to. 1760 */ 1761 if (is_multicast_ether_addr(hdr->addr1)) 1762 return; 1763 1764 ieee80211_sta_reset_conn_monitor(sdata); 1765 } 1766 1767 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 1768 { 1769 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1770 struct ieee80211_local *local = sdata->local; 1771 1772 mutex_lock(&local->mtx); 1773 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)) 1774 goto out; 1775 1776 __ieee80211_stop_poll(sdata); 1777 1778 mutex_lock(&local->iflist_mtx); 1779 ieee80211_recalc_ps(local, -1); 1780 mutex_unlock(&local->iflist_mtx); 1781 1782 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1783 goto out; 1784 1785 /* 1786 * We've received a probe response, but are not sure whether 1787 * we have or will be receiving any beacons or data, so let's 1788 * schedule the timers again, just in case. 1789 */ 1790 ieee80211_sta_reset_beacon_monitor(sdata); 1791 1792 mod_timer(&ifmgd->conn_mon_timer, 1793 round_jiffies_up(jiffies + 1794 IEEE80211_CONNECTION_IDLE_TIME)); 1795 out: 1796 mutex_unlock(&local->mtx); 1797 } 1798 1799 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1800 struct ieee80211_hdr *hdr, bool ack) 1801 { 1802 if (!ieee80211_is_data(hdr->frame_control)) 1803 return; 1804 1805 if (ieee80211_is_nullfunc(hdr->frame_control) && 1806 sdata->u.mgd.probe_send_count > 0) { 1807 if (ack) 1808 ieee80211_sta_reset_conn_monitor(sdata); 1809 else 1810 sdata->u.mgd.nullfunc_failed = true; 1811 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 1812 return; 1813 } 1814 1815 if (ack) 1816 ieee80211_sta_reset_conn_monitor(sdata); 1817 } 1818 1819 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 1820 { 1821 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1822 const u8 *ssid; 1823 u8 *dst = ifmgd->associated->bssid; 1824 u8 unicast_limit = max(1, max_probe_tries - 3); 1825 1826 /* 1827 * Try sending broadcast probe requests for the last three 1828 * probe requests after the first ones failed since some 1829 * buggy APs only support broadcast probe requests. 1830 */ 1831 if (ifmgd->probe_send_count >= unicast_limit) 1832 dst = NULL; 1833 1834 /* 1835 * When the hardware reports an accurate Tx ACK status, it's 1836 * better to send a nullfunc frame instead of a probe request, 1837 * as it will kick us off the AP quickly if we aren't associated 1838 * anymore. The timeout will be reset if the frame is ACKed by 1839 * the AP. 1840 */ 1841 ifmgd->probe_send_count++; 1842 1843 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 1844 ifmgd->nullfunc_failed = false; 1845 ieee80211_send_nullfunc(sdata->local, sdata, 0); 1846 } else { 1847 int ssid_len; 1848 1849 rcu_read_lock(); 1850 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 1851 if (WARN_ON_ONCE(ssid == NULL)) 1852 ssid_len = 0; 1853 else 1854 ssid_len = ssid[1]; 1855 1856 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 1857 0, (u32) -1, true, 0, 1858 ifmgd->associated->channel, false); 1859 rcu_read_unlock(); 1860 } 1861 1862 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 1863 run_again(sdata, ifmgd->probe_timeout); 1864 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 1865 ieee80211_flush_queues(sdata->local, sdata); 1866 } 1867 1868 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 1869 bool beacon) 1870 { 1871 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1872 bool already = false; 1873 1874 if (!ieee80211_sdata_running(sdata)) 1875 return; 1876 1877 sdata_lock(sdata); 1878 1879 if (!ifmgd->associated) 1880 goto out; 1881 1882 mutex_lock(&sdata->local->mtx); 1883 1884 if (sdata->local->tmp_channel || sdata->local->scanning) { 1885 mutex_unlock(&sdata->local->mtx); 1886 goto out; 1887 } 1888 1889 if (beacon) { 1890 mlme_dbg_ratelimited(sdata, 1891 "detected beacon loss from AP (missed %d beacons) - probing\n", 1892 beacon_loss_count); 1893 1894 ieee80211_cqm_rssi_notify(&sdata->vif, 1895 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, 1896 GFP_KERNEL); 1897 } 1898 1899 /* 1900 * The driver/our work has already reported this event or the 1901 * connection monitoring has kicked in and we have already sent 1902 * a probe request. Or maybe the AP died and the driver keeps 1903 * reporting until we disassociate... 1904 * 1905 * In either case we have to ignore the current call to this 1906 * function (except for setting the correct probe reason bit) 1907 * because otherwise we would reset the timer every time and 1908 * never check whether we received a probe response! 1909 */ 1910 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 1911 already = true; 1912 1913 mutex_unlock(&sdata->local->mtx); 1914 1915 if (already) 1916 goto out; 1917 1918 mutex_lock(&sdata->local->iflist_mtx); 1919 ieee80211_recalc_ps(sdata->local, -1); 1920 mutex_unlock(&sdata->local->iflist_mtx); 1921 1922 ifmgd->probe_send_count = 0; 1923 ieee80211_mgd_probe_ap_send(sdata); 1924 out: 1925 sdata_unlock(sdata); 1926 } 1927 1928 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 1929 struct ieee80211_vif *vif) 1930 { 1931 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1932 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1933 struct cfg80211_bss *cbss; 1934 struct sk_buff *skb; 1935 const u8 *ssid; 1936 int ssid_len; 1937 1938 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 1939 return NULL; 1940 1941 sdata_assert_lock(sdata); 1942 1943 if (ifmgd->associated) 1944 cbss = ifmgd->associated; 1945 else if (ifmgd->auth_data) 1946 cbss = ifmgd->auth_data->bss; 1947 else if (ifmgd->assoc_data) 1948 cbss = ifmgd->assoc_data->bss; 1949 else 1950 return NULL; 1951 1952 rcu_read_lock(); 1953 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 1954 if (WARN_ON_ONCE(ssid == NULL)) 1955 ssid_len = 0; 1956 else 1957 ssid_len = ssid[1]; 1958 1959 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 1960 (u32) -1, cbss->channel, 1961 ssid + 2, ssid_len, 1962 NULL, 0, true); 1963 rcu_read_unlock(); 1964 1965 return skb; 1966 } 1967 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 1968 1969 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 1970 { 1971 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1972 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 1973 1974 sdata_lock(sdata); 1975 if (!ifmgd->associated) { 1976 sdata_unlock(sdata); 1977 return; 1978 } 1979 1980 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 1981 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 1982 true, frame_buf); 1983 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 1984 sdata->vif.csa_active = false; 1985 ieee80211_wake_queues_by_reason(&sdata->local->hw, 1986 IEEE80211_MAX_QUEUE_MAP, 1987 IEEE80211_QUEUE_STOP_REASON_CSA); 1988 1989 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 1990 IEEE80211_DEAUTH_FRAME_LEN); 1991 sdata_unlock(sdata); 1992 } 1993 1994 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 1995 { 1996 struct ieee80211_sub_if_data *sdata = 1997 container_of(work, struct ieee80211_sub_if_data, 1998 u.mgd.beacon_connection_loss_work); 1999 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2000 struct sta_info *sta; 2001 2002 if (ifmgd->associated) { 2003 rcu_read_lock(); 2004 sta = sta_info_get(sdata, ifmgd->bssid); 2005 if (sta) 2006 sta->beacon_loss_count++; 2007 rcu_read_unlock(); 2008 } 2009 2010 if (ifmgd->connection_loss) { 2011 sdata_info(sdata, "Connection to AP %pM lost\n", 2012 ifmgd->bssid); 2013 __ieee80211_disconnect(sdata); 2014 } else { 2015 ieee80211_mgd_probe_ap(sdata, true); 2016 } 2017 } 2018 2019 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2020 { 2021 struct ieee80211_sub_if_data *sdata = 2022 container_of(work, struct ieee80211_sub_if_data, 2023 u.mgd.csa_connection_drop_work); 2024 2025 __ieee80211_disconnect(sdata); 2026 } 2027 2028 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2029 { 2030 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2031 struct ieee80211_hw *hw = &sdata->local->hw; 2032 2033 trace_api_beacon_loss(sdata); 2034 2035 sdata->u.mgd.connection_loss = false; 2036 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2037 } 2038 EXPORT_SYMBOL(ieee80211_beacon_loss); 2039 2040 void ieee80211_connection_loss(struct ieee80211_vif *vif) 2041 { 2042 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2043 struct ieee80211_hw *hw = &sdata->local->hw; 2044 2045 trace_api_connection_loss(sdata); 2046 2047 sdata->u.mgd.connection_loss = true; 2048 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2049 } 2050 EXPORT_SYMBOL(ieee80211_connection_loss); 2051 2052 2053 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2054 bool assoc) 2055 { 2056 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2057 2058 sdata_assert_lock(sdata); 2059 2060 if (!assoc) { 2061 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2062 2063 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2064 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2065 sdata->u.mgd.flags = 0; 2066 ieee80211_vif_release_channel(sdata); 2067 } 2068 2069 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2070 kfree(auth_data); 2071 sdata->u.mgd.auth_data = NULL; 2072 } 2073 2074 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2075 struct ieee80211_mgmt *mgmt, size_t len) 2076 { 2077 struct ieee80211_local *local = sdata->local; 2078 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2079 u8 *pos; 2080 struct ieee802_11_elems elems; 2081 u32 tx_flags = 0; 2082 2083 pos = mgmt->u.auth.variable; 2084 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2085 if (!elems.challenge) 2086 return; 2087 auth_data->expected_transaction = 4; 2088 drv_mgd_prepare_tx(sdata->local, sdata); 2089 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2090 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2091 IEEE80211_TX_INTFL_MLME_CONN_TX; 2092 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2093 elems.challenge - 2, elems.challenge_len + 2, 2094 auth_data->bss->bssid, auth_data->bss->bssid, 2095 auth_data->key, auth_data->key_len, 2096 auth_data->key_idx, tx_flags); 2097 } 2098 2099 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2100 struct ieee80211_mgmt *mgmt, size_t len) 2101 { 2102 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2103 u8 bssid[ETH_ALEN]; 2104 u16 auth_alg, auth_transaction, status_code; 2105 struct sta_info *sta; 2106 2107 sdata_assert_lock(sdata); 2108 2109 if (len < 24 + 6) 2110 return; 2111 2112 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2113 return; 2114 2115 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2116 2117 if (!ether_addr_equal(bssid, mgmt->bssid)) 2118 return; 2119 2120 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2121 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2122 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2123 2124 if (auth_alg != ifmgd->auth_data->algorithm || 2125 auth_transaction != ifmgd->auth_data->expected_transaction) { 2126 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2127 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2128 auth_transaction, 2129 ifmgd->auth_data->expected_transaction); 2130 return; 2131 } 2132 2133 if (status_code != WLAN_STATUS_SUCCESS) { 2134 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2135 mgmt->sa, status_code); 2136 ieee80211_destroy_auth_data(sdata, false); 2137 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2138 return; 2139 } 2140 2141 switch (ifmgd->auth_data->algorithm) { 2142 case WLAN_AUTH_OPEN: 2143 case WLAN_AUTH_LEAP: 2144 case WLAN_AUTH_FT: 2145 case WLAN_AUTH_SAE: 2146 break; 2147 case WLAN_AUTH_SHARED_KEY: 2148 if (ifmgd->auth_data->expected_transaction != 4) { 2149 ieee80211_auth_challenge(sdata, mgmt, len); 2150 /* need another frame */ 2151 return; 2152 } 2153 break; 2154 default: 2155 WARN_ONCE(1, "invalid auth alg %d", 2156 ifmgd->auth_data->algorithm); 2157 return; 2158 } 2159 2160 sdata_info(sdata, "authenticated\n"); 2161 ifmgd->auth_data->done = true; 2162 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2163 ifmgd->auth_data->timeout_started = true; 2164 run_again(sdata, ifmgd->auth_data->timeout); 2165 2166 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2167 ifmgd->auth_data->expected_transaction != 2) { 2168 /* 2169 * Report auth frame to user space for processing since another 2170 * round of Authentication frames is still needed. 2171 */ 2172 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2173 return; 2174 } 2175 2176 /* move station state to auth */ 2177 mutex_lock(&sdata->local->sta_mtx); 2178 sta = sta_info_get(sdata, bssid); 2179 if (!sta) { 2180 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2181 goto out_err; 2182 } 2183 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2184 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2185 goto out_err; 2186 } 2187 mutex_unlock(&sdata->local->sta_mtx); 2188 2189 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2190 return; 2191 out_err: 2192 mutex_unlock(&sdata->local->sta_mtx); 2193 /* ignore frame -- wait for timeout */ 2194 } 2195 2196 2197 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2198 struct ieee80211_mgmt *mgmt, size_t len) 2199 { 2200 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2201 const u8 *bssid = NULL; 2202 u16 reason_code; 2203 2204 sdata_assert_lock(sdata); 2205 2206 if (len < 24 + 2) 2207 return; 2208 2209 if (!ifmgd->associated || 2210 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2211 return; 2212 2213 bssid = ifmgd->associated->bssid; 2214 2215 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2216 2217 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n", 2218 bssid, reason_code); 2219 2220 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2221 2222 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2223 } 2224 2225 2226 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2227 struct ieee80211_mgmt *mgmt, size_t len) 2228 { 2229 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2230 u16 reason_code; 2231 2232 sdata_assert_lock(sdata); 2233 2234 if (len < 24 + 2) 2235 return; 2236 2237 if (!ifmgd->associated || 2238 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2239 return; 2240 2241 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2242 2243 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2244 mgmt->sa, reason_code); 2245 2246 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2247 2248 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2249 } 2250 2251 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2252 u8 *supp_rates, unsigned int supp_rates_len, 2253 u32 *rates, u32 *basic_rates, 2254 bool *have_higher_than_11mbit, 2255 int *min_rate, int *min_rate_index, 2256 int shift, u32 rate_flags) 2257 { 2258 int i, j; 2259 2260 for (i = 0; i < supp_rates_len; i++) { 2261 int rate = supp_rates[i] & 0x7f; 2262 bool is_basic = !!(supp_rates[i] & 0x80); 2263 2264 if ((rate * 5 * (1 << shift)) > 110) 2265 *have_higher_than_11mbit = true; 2266 2267 /* 2268 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2269 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2270 * 2271 * Note: Even through the membership selector and the basic 2272 * rate flag share the same bit, they are not exactly 2273 * the same. 2274 */ 2275 if (!!(supp_rates[i] & 0x80) && 2276 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2277 continue; 2278 2279 for (j = 0; j < sband->n_bitrates; j++) { 2280 struct ieee80211_rate *br; 2281 int brate; 2282 2283 br = &sband->bitrates[j]; 2284 if ((rate_flags & br->flags) != rate_flags) 2285 continue; 2286 2287 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5); 2288 if (brate == rate) { 2289 *rates |= BIT(j); 2290 if (is_basic) 2291 *basic_rates |= BIT(j); 2292 if ((rate * 5) < *min_rate) { 2293 *min_rate = rate * 5; 2294 *min_rate_index = j; 2295 } 2296 break; 2297 } 2298 } 2299 } 2300 } 2301 2302 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2303 bool assoc) 2304 { 2305 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2306 2307 sdata_assert_lock(sdata); 2308 2309 if (!assoc) { 2310 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2311 2312 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2313 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2314 sdata->u.mgd.flags = 0; 2315 ieee80211_vif_release_channel(sdata); 2316 } 2317 2318 kfree(assoc_data); 2319 sdata->u.mgd.assoc_data = NULL; 2320 } 2321 2322 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2323 struct cfg80211_bss *cbss, 2324 struct ieee80211_mgmt *mgmt, size_t len) 2325 { 2326 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2327 struct ieee80211_local *local = sdata->local; 2328 struct ieee80211_supported_band *sband; 2329 struct sta_info *sta; 2330 u8 *pos; 2331 u16 capab_info, aid; 2332 struct ieee802_11_elems elems; 2333 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2334 const struct cfg80211_bss_ies *bss_ies = NULL; 2335 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2336 u32 changed = 0; 2337 int err; 2338 bool ret; 2339 2340 /* AssocResp and ReassocResp have identical structure */ 2341 2342 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2343 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2344 2345 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2346 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2347 aid); 2348 aid &= ~(BIT(15) | BIT(14)); 2349 2350 ifmgd->broken_ap = false; 2351 2352 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2353 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2354 aid); 2355 aid = 0; 2356 ifmgd->broken_ap = true; 2357 } 2358 2359 pos = mgmt->u.assoc_resp.variable; 2360 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2361 2362 if (!elems.supp_rates) { 2363 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2364 return false; 2365 } 2366 2367 ifmgd->aid = aid; 2368 2369 /* 2370 * Some APs are erroneously not including some information in their 2371 * (re)association response frames. Try to recover by using the data 2372 * from the beacon or probe response. This seems to afflict mobile 2373 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 2374 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 2375 */ 2376 if ((assoc_data->wmm && !elems.wmm_param) || 2377 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2378 (!elems.ht_cap_elem || !elems.ht_operation)) || 2379 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2380 (!elems.vht_cap_elem || !elems.vht_operation))) { 2381 const struct cfg80211_bss_ies *ies; 2382 struct ieee802_11_elems bss_elems; 2383 2384 rcu_read_lock(); 2385 ies = rcu_dereference(cbss->ies); 2386 if (ies) 2387 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 2388 GFP_ATOMIC); 2389 rcu_read_unlock(); 2390 if (!bss_ies) 2391 return false; 2392 2393 ieee802_11_parse_elems(bss_ies->data, bss_ies->len, 2394 false, &bss_elems); 2395 if (assoc_data->wmm && 2396 !elems.wmm_param && bss_elems.wmm_param) { 2397 elems.wmm_param = bss_elems.wmm_param; 2398 sdata_info(sdata, 2399 "AP bug: WMM param missing from AssocResp\n"); 2400 } 2401 2402 /* 2403 * Also check if we requested HT/VHT, otherwise the AP doesn't 2404 * have to include the IEs in the (re)association response. 2405 */ 2406 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem && 2407 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2408 elems.ht_cap_elem = bss_elems.ht_cap_elem; 2409 sdata_info(sdata, 2410 "AP bug: HT capability missing from AssocResp\n"); 2411 } 2412 if (!elems.ht_operation && bss_elems.ht_operation && 2413 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2414 elems.ht_operation = bss_elems.ht_operation; 2415 sdata_info(sdata, 2416 "AP bug: HT operation missing from AssocResp\n"); 2417 } 2418 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem && 2419 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2420 elems.vht_cap_elem = bss_elems.vht_cap_elem; 2421 sdata_info(sdata, 2422 "AP bug: VHT capa missing from AssocResp\n"); 2423 } 2424 if (!elems.vht_operation && bss_elems.vht_operation && 2425 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2426 elems.vht_operation = bss_elems.vht_operation; 2427 sdata_info(sdata, 2428 "AP bug: VHT operation missing from AssocResp\n"); 2429 } 2430 } 2431 2432 /* 2433 * We previously checked these in the beacon/probe response, so 2434 * they should be present here. This is just a safety net. 2435 */ 2436 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2437 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2438 sdata_info(sdata, 2439 "HT AP is missing WMM params or HT capability/operation\n"); 2440 ret = false; 2441 goto out; 2442 } 2443 2444 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2445 (!elems.vht_cap_elem || !elems.vht_operation)) { 2446 sdata_info(sdata, 2447 "VHT AP is missing VHT capability/operation\n"); 2448 ret = false; 2449 goto out; 2450 } 2451 2452 mutex_lock(&sdata->local->sta_mtx); 2453 /* 2454 * station info was already allocated and inserted before 2455 * the association and should be available to us 2456 */ 2457 sta = sta_info_get(sdata, cbss->bssid); 2458 if (WARN_ON(!sta)) { 2459 mutex_unlock(&sdata->local->sta_mtx); 2460 ret = false; 2461 goto out; 2462 } 2463 2464 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2465 2466 /* Set up internal HT/VHT capabilities */ 2467 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2468 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2469 elems.ht_cap_elem, sta); 2470 2471 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2472 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2473 elems.vht_cap_elem, sta); 2474 2475 /* 2476 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2477 * in their association response, so ignore that data for our own 2478 * configuration. If it changed since the last beacon, we'll get the 2479 * next beacon and update then. 2480 */ 2481 2482 /* 2483 * If an operating mode notification IE is present, override the 2484 * NSS calculation (that would be done in rate_control_rate_init()) 2485 * and use the # of streams from that element. 2486 */ 2487 if (elems.opmode_notif && 2488 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2489 u8 nss; 2490 2491 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2492 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2493 nss += 1; 2494 sta->sta.rx_nss = nss; 2495 } 2496 2497 rate_control_rate_init(sta); 2498 2499 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2500 set_sta_flag(sta, WLAN_STA_MFP); 2501 2502 if (elems.wmm_param) 2503 set_sta_flag(sta, WLAN_STA_WME); 2504 2505 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2506 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2507 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2508 if (err) { 2509 sdata_info(sdata, 2510 "failed to move station %pM to desired state\n", 2511 sta->sta.addr); 2512 WARN_ON(__sta_info_destroy(sta)); 2513 mutex_unlock(&sdata->local->sta_mtx); 2514 ret = false; 2515 goto out; 2516 } 2517 2518 mutex_unlock(&sdata->local->sta_mtx); 2519 2520 /* 2521 * Always handle WMM once after association regardless 2522 * of the first value the AP uses. Setting -1 here has 2523 * that effect because the AP values is an unsigned 2524 * 4-bit value. 2525 */ 2526 ifmgd->wmm_last_param_set = -1; 2527 2528 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && elems.wmm_param) 2529 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2530 elems.wmm_param_len); 2531 else 2532 ieee80211_set_wmm_default(sdata, false); 2533 changed |= BSS_CHANGED_QOS; 2534 2535 /* set AID and assoc capability, 2536 * ieee80211_set_associated() will tell the driver */ 2537 bss_conf->aid = aid; 2538 bss_conf->assoc_capability = capab_info; 2539 ieee80211_set_associated(sdata, cbss, changed); 2540 2541 /* 2542 * If we're using 4-addr mode, let the AP know that we're 2543 * doing so, so that it can create the STA VLAN on its side 2544 */ 2545 if (ifmgd->use_4addr) 2546 ieee80211_send_4addr_nullfunc(local, sdata); 2547 2548 /* 2549 * Start timer to probe the connection to the AP now. 2550 * Also start the timer that will detect beacon loss. 2551 */ 2552 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2553 ieee80211_sta_reset_beacon_monitor(sdata); 2554 2555 ret = true; 2556 out: 2557 kfree(bss_ies); 2558 return ret; 2559 } 2560 2561 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 2562 struct ieee80211_mgmt *mgmt, 2563 size_t len) 2564 { 2565 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2566 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2567 u16 capab_info, status_code, aid; 2568 struct ieee802_11_elems elems; 2569 u8 *pos; 2570 bool reassoc; 2571 struct cfg80211_bss *bss; 2572 2573 sdata_assert_lock(sdata); 2574 2575 if (!assoc_data) 2576 return; 2577 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 2578 return; 2579 2580 /* 2581 * AssocResp and ReassocResp have identical structure, so process both 2582 * of them in this function. 2583 */ 2584 2585 if (len < 24 + 6) 2586 return; 2587 2588 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 2589 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2590 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2591 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2592 2593 sdata_info(sdata, 2594 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 2595 reassoc ? "Rea" : "A", mgmt->sa, 2596 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2597 2598 pos = mgmt->u.assoc_resp.variable; 2599 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2600 2601 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2602 elems.timeout_int && 2603 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2604 u32 tu, ms; 2605 tu = le32_to_cpu(elems.timeout_int->value); 2606 ms = tu * 1024 / 1000; 2607 sdata_info(sdata, 2608 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2609 mgmt->sa, tu, ms); 2610 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 2611 assoc_data->timeout_started = true; 2612 if (ms > IEEE80211_ASSOC_TIMEOUT) 2613 run_again(sdata, assoc_data->timeout); 2614 return; 2615 } 2616 2617 bss = assoc_data->bss; 2618 2619 if (status_code != WLAN_STATUS_SUCCESS) { 2620 sdata_info(sdata, "%pM denied association (code=%d)\n", 2621 mgmt->sa, status_code); 2622 ieee80211_destroy_assoc_data(sdata, false); 2623 } else { 2624 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) { 2625 /* oops -- internal error -- send timeout for now */ 2626 ieee80211_destroy_assoc_data(sdata, false); 2627 cfg80211_assoc_timeout(sdata->dev, bss); 2628 return; 2629 } 2630 sdata_info(sdata, "associated\n"); 2631 2632 /* 2633 * destroy assoc_data afterwards, as otherwise an idle 2634 * recalc after assoc_data is NULL but before associated 2635 * is set can cause the interface to go idle 2636 */ 2637 ieee80211_destroy_assoc_data(sdata, true); 2638 } 2639 2640 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len); 2641 } 2642 2643 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2644 struct ieee80211_mgmt *mgmt, size_t len, 2645 struct ieee80211_rx_status *rx_status, 2646 struct ieee802_11_elems *elems) 2647 { 2648 struct ieee80211_local *local = sdata->local; 2649 int freq; 2650 struct ieee80211_bss *bss; 2651 struct ieee80211_channel *channel; 2652 2653 sdata_assert_lock(sdata); 2654 2655 if (elems->ds_params) 2656 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2657 rx_status->band); 2658 else 2659 freq = rx_status->freq; 2660 2661 channel = ieee80211_get_channel(local->hw.wiphy, freq); 2662 2663 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 2664 return; 2665 2666 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 2667 channel); 2668 if (bss) { 2669 ieee80211_rx_bss_put(local, bss); 2670 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; 2671 } 2672 } 2673 2674 2675 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 2676 struct sk_buff *skb) 2677 { 2678 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2679 struct ieee80211_if_managed *ifmgd; 2680 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 2681 size_t baselen, len = skb->len; 2682 struct ieee802_11_elems elems; 2683 2684 ifmgd = &sdata->u.mgd; 2685 2686 sdata_assert_lock(sdata); 2687 2688 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 2689 return; /* ignore ProbeResp to foreign address */ 2690 2691 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2692 if (baselen > len) 2693 return; 2694 2695 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2696 false, &elems); 2697 2698 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2699 2700 if (ifmgd->associated && 2701 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2702 ieee80211_reset_ap_probe(sdata); 2703 2704 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 2705 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 2706 /* got probe response, continue with auth */ 2707 sdata_info(sdata, "direct probe responded\n"); 2708 ifmgd->auth_data->tries = 0; 2709 ifmgd->auth_data->timeout = jiffies; 2710 ifmgd->auth_data->timeout_started = true; 2711 run_again(sdata, ifmgd->auth_data->timeout); 2712 } 2713 } 2714 2715 /* 2716 * This is the canonical list of information elements we care about, 2717 * the filter code also gives us all changes to the Microsoft OUI 2718 * (00:50:F2) vendor IE which is used for WMM which we need to track. 2719 * 2720 * We implement beacon filtering in software since that means we can 2721 * avoid processing the frame here and in cfg80211, and userspace 2722 * will not be able to tell whether the hardware supports it or not. 2723 * 2724 * XXX: This list needs to be dynamic -- userspace needs to be able to 2725 * add items it requires. It also needs to be able to tell us to 2726 * look out for other vendor IEs. 2727 */ 2728 static const u64 care_about_ies = 2729 (1ULL << WLAN_EID_COUNTRY) | 2730 (1ULL << WLAN_EID_ERP_INFO) | 2731 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 2732 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 2733 (1ULL << WLAN_EID_HT_CAPABILITY) | 2734 (1ULL << WLAN_EID_HT_OPERATION); 2735 2736 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 2737 struct ieee80211_mgmt *mgmt, size_t len, 2738 struct ieee80211_rx_status *rx_status) 2739 { 2740 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2741 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2742 size_t baselen; 2743 struct ieee802_11_elems elems; 2744 struct ieee80211_local *local = sdata->local; 2745 struct ieee80211_chanctx_conf *chanctx_conf; 2746 struct ieee80211_channel *chan; 2747 struct sta_info *sta; 2748 u32 changed = 0; 2749 bool erp_valid; 2750 u8 erp_value = 0; 2751 u32 ncrc; 2752 u8 *bssid; 2753 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2754 2755 sdata_assert_lock(sdata); 2756 2757 /* Process beacon from the current BSS */ 2758 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2759 if (baselen > len) 2760 return; 2761 2762 rcu_read_lock(); 2763 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 2764 if (!chanctx_conf) { 2765 rcu_read_unlock(); 2766 return; 2767 } 2768 2769 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 2770 rcu_read_unlock(); 2771 return; 2772 } 2773 chan = chanctx_conf->def.chan; 2774 rcu_read_unlock(); 2775 2776 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 2777 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2778 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2779 len - baselen, false, &elems); 2780 2781 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2782 if (elems.tim && !elems.parse_error) { 2783 const struct ieee80211_tim_ie *tim_ie = elems.tim; 2784 ifmgd->dtim_period = tim_ie->dtim_period; 2785 } 2786 ifmgd->have_beacon = true; 2787 ifmgd->assoc_data->need_beacon = false; 2788 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2789 sdata->vif.bss_conf.sync_tsf = 2790 le64_to_cpu(mgmt->u.beacon.timestamp); 2791 sdata->vif.bss_conf.sync_device_ts = 2792 rx_status->device_timestamp; 2793 if (elems.tim) 2794 sdata->vif.bss_conf.sync_dtim_count = 2795 elems.tim->dtim_count; 2796 else 2797 sdata->vif.bss_conf.sync_dtim_count = 0; 2798 } 2799 /* continue assoc process */ 2800 ifmgd->assoc_data->timeout = jiffies; 2801 ifmgd->assoc_data->timeout_started = true; 2802 run_again(sdata, ifmgd->assoc_data->timeout); 2803 return; 2804 } 2805 2806 if (!ifmgd->associated || 2807 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2808 return; 2809 bssid = ifmgd->associated->bssid; 2810 2811 /* Track average RSSI from the Beacon frames of the current AP */ 2812 ifmgd->last_beacon_signal = rx_status->signal; 2813 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 2814 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 2815 ifmgd->ave_beacon_signal = rx_status->signal * 16; 2816 ifmgd->last_cqm_event_signal = 0; 2817 ifmgd->count_beacon_signal = 1; 2818 ifmgd->last_ave_beacon_signal = 0; 2819 } else { 2820 ifmgd->ave_beacon_signal = 2821 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 2822 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 2823 ifmgd->ave_beacon_signal) / 16; 2824 ifmgd->count_beacon_signal++; 2825 } 2826 2827 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 2828 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 2829 int sig = ifmgd->ave_beacon_signal; 2830 int last_sig = ifmgd->last_ave_beacon_signal; 2831 2832 /* 2833 * if signal crosses either of the boundaries, invoke callback 2834 * with appropriate parameters 2835 */ 2836 if (sig > ifmgd->rssi_max_thold && 2837 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 2838 ifmgd->last_ave_beacon_signal = sig; 2839 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH); 2840 } else if (sig < ifmgd->rssi_min_thold && 2841 (last_sig >= ifmgd->rssi_max_thold || 2842 last_sig == 0)) { 2843 ifmgd->last_ave_beacon_signal = sig; 2844 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW); 2845 } 2846 } 2847 2848 if (bss_conf->cqm_rssi_thold && 2849 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 2850 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 2851 int sig = ifmgd->ave_beacon_signal / 16; 2852 int last_event = ifmgd->last_cqm_event_signal; 2853 int thold = bss_conf->cqm_rssi_thold; 2854 int hyst = bss_conf->cqm_rssi_hyst; 2855 if (sig < thold && 2856 (last_event == 0 || sig < last_event - hyst)) { 2857 ifmgd->last_cqm_event_signal = sig; 2858 ieee80211_cqm_rssi_notify( 2859 &sdata->vif, 2860 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 2861 GFP_KERNEL); 2862 } else if (sig > thold && 2863 (last_event == 0 || sig > last_event + hyst)) { 2864 ifmgd->last_cqm_event_signal = sig; 2865 ieee80211_cqm_rssi_notify( 2866 &sdata->vif, 2867 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 2868 GFP_KERNEL); 2869 } 2870 } 2871 2872 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) { 2873 mlme_dbg_ratelimited(sdata, 2874 "cancelling AP probe due to a received beacon\n"); 2875 ieee80211_reset_ap_probe(sdata); 2876 } 2877 2878 /* 2879 * Push the beacon loss detection into the future since 2880 * we are processing a beacon from the AP just now. 2881 */ 2882 ieee80211_sta_reset_beacon_monitor(sdata); 2883 2884 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 2885 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 2886 len - baselen, false, &elems, 2887 care_about_ies, ncrc); 2888 2889 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 2890 bool directed_tim = ieee80211_check_tim(elems.tim, 2891 elems.tim_len, 2892 ifmgd->aid); 2893 if (directed_tim) { 2894 if (local->hw.conf.dynamic_ps_timeout > 0) { 2895 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 2896 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 2897 ieee80211_hw_config(local, 2898 IEEE80211_CONF_CHANGE_PS); 2899 } 2900 ieee80211_send_nullfunc(local, sdata, 0); 2901 } else if (!local->pspolling && sdata->u.mgd.powersave) { 2902 local->pspolling = true; 2903 2904 /* 2905 * Here is assumed that the driver will be 2906 * able to send ps-poll frame and receive a 2907 * response even though power save mode is 2908 * enabled, but some drivers might require 2909 * to disable power save here. This needs 2910 * to be investigated. 2911 */ 2912 ieee80211_send_pspoll(local, sdata); 2913 } 2914 } 2915 } 2916 2917 if (sdata->vif.p2p) { 2918 struct ieee80211_p2p_noa_attr noa = {}; 2919 int ret; 2920 2921 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 2922 len - baselen, 2923 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 2924 (u8 *) &noa, sizeof(noa)); 2925 if (ret >= 2) { 2926 if (sdata->u.mgd.p2p_noa_index != noa.index) { 2927 /* valid noa_attr and index changed */ 2928 sdata->u.mgd.p2p_noa_index = noa.index; 2929 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 2930 changed |= BSS_CHANGED_P2P_PS; 2931 /* 2932 * make sure we update all information, the CRC 2933 * mechanism doesn't look at P2P attributes. 2934 */ 2935 ifmgd->beacon_crc_valid = false; 2936 } 2937 } else if (sdata->u.mgd.p2p_noa_index != -1) { 2938 /* noa_attr not found and we had valid noa_attr before */ 2939 sdata->u.mgd.p2p_noa_index = -1; 2940 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 2941 changed |= BSS_CHANGED_P2P_PS; 2942 ifmgd->beacon_crc_valid = false; 2943 } 2944 } 2945 2946 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 2947 return; 2948 ifmgd->beacon_crc = ncrc; 2949 ifmgd->beacon_crc_valid = true; 2950 2951 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2952 2953 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 2954 &elems, true); 2955 2956 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && 2957 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2958 elems.wmm_param_len)) 2959 changed |= BSS_CHANGED_QOS; 2960 2961 /* 2962 * If we haven't had a beacon before, tell the driver about the 2963 * DTIM period (and beacon timing if desired) now. 2964 */ 2965 if (!ifmgd->have_beacon) { 2966 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 2967 if (elems.tim) 2968 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 2969 else 2970 bss_conf->dtim_period = 1; 2971 2972 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2973 sdata->vif.bss_conf.sync_tsf = 2974 le64_to_cpu(mgmt->u.beacon.timestamp); 2975 sdata->vif.bss_conf.sync_device_ts = 2976 rx_status->device_timestamp; 2977 if (elems.tim) 2978 sdata->vif.bss_conf.sync_dtim_count = 2979 elems.tim->dtim_count; 2980 else 2981 sdata->vif.bss_conf.sync_dtim_count = 0; 2982 } 2983 2984 changed |= BSS_CHANGED_BEACON_INFO; 2985 ifmgd->have_beacon = true; 2986 2987 mutex_lock(&local->iflist_mtx); 2988 ieee80211_recalc_ps(local, -1); 2989 mutex_unlock(&local->iflist_mtx); 2990 2991 ieee80211_recalc_ps_vif(sdata); 2992 } 2993 2994 if (elems.erp_info) { 2995 erp_valid = true; 2996 erp_value = elems.erp_info[0]; 2997 } else { 2998 erp_valid = false; 2999 } 3000 changed |= ieee80211_handle_bss_capability(sdata, 3001 le16_to_cpu(mgmt->u.beacon.capab_info), 3002 erp_valid, erp_value); 3003 3004 mutex_lock(&local->sta_mtx); 3005 sta = sta_info_get(sdata, bssid); 3006 3007 if (ieee80211_config_bw(sdata, sta, elems.ht_operation, 3008 elems.vht_operation, bssid, &changed)) { 3009 mutex_unlock(&local->sta_mtx); 3010 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3011 WLAN_REASON_DEAUTH_LEAVING, 3012 true, deauth_buf); 3013 cfg80211_tx_mlme_mgmt(sdata->dev, deauth_buf, 3014 sizeof(deauth_buf)); 3015 return; 3016 } 3017 3018 if (sta && elems.opmode_notif) 3019 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3020 rx_status->band, true); 3021 mutex_unlock(&local->sta_mtx); 3022 3023 if (elems.country_elem && elems.pwr_constr_elem && 3024 mgmt->u.probe_resp.capab_info & 3025 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) 3026 changed |= ieee80211_handle_pwr_constr(sdata, chan, 3027 elems.country_elem, 3028 elems.country_elem_len, 3029 elems.pwr_constr_elem); 3030 3031 ieee80211_bss_info_change_notify(sdata, changed); 3032 } 3033 3034 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3035 struct sk_buff *skb) 3036 { 3037 struct ieee80211_rx_status *rx_status; 3038 struct ieee80211_mgmt *mgmt; 3039 u16 fc; 3040 struct ieee802_11_elems elems; 3041 int ies_len; 3042 3043 rx_status = (struct ieee80211_rx_status *) skb->cb; 3044 mgmt = (struct ieee80211_mgmt *) skb->data; 3045 fc = le16_to_cpu(mgmt->frame_control); 3046 3047 sdata_lock(sdata); 3048 3049 switch (fc & IEEE80211_FCTL_STYPE) { 3050 case IEEE80211_STYPE_BEACON: 3051 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status); 3052 break; 3053 case IEEE80211_STYPE_PROBE_RESP: 3054 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3055 break; 3056 case IEEE80211_STYPE_AUTH: 3057 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3058 break; 3059 case IEEE80211_STYPE_DEAUTH: 3060 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3061 break; 3062 case IEEE80211_STYPE_DISASSOC: 3063 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3064 break; 3065 case IEEE80211_STYPE_ASSOC_RESP: 3066 case IEEE80211_STYPE_REASSOC_RESP: 3067 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 3068 break; 3069 case IEEE80211_STYPE_ACTION: 3070 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 3071 ies_len = skb->len - 3072 offsetof(struct ieee80211_mgmt, 3073 u.action.u.chan_switch.variable); 3074 3075 if (ies_len < 0) 3076 break; 3077 3078 ieee802_11_parse_elems( 3079 mgmt->u.action.u.chan_switch.variable, 3080 ies_len, true, &elems); 3081 3082 if (elems.parse_error) 3083 break; 3084 3085 ieee80211_sta_process_chanswitch(sdata, 3086 rx_status->mactime, 3087 &elems, false); 3088 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3089 ies_len = skb->len - 3090 offsetof(struct ieee80211_mgmt, 3091 u.action.u.ext_chan_switch.variable); 3092 3093 if (ies_len < 0) 3094 break; 3095 3096 ieee802_11_parse_elems( 3097 mgmt->u.action.u.ext_chan_switch.variable, 3098 ies_len, true, &elems); 3099 3100 if (elems.parse_error) 3101 break; 3102 3103 /* for the handling code pretend this was also an IE */ 3104 elems.ext_chansw_ie = 3105 &mgmt->u.action.u.ext_chan_switch.data; 3106 3107 ieee80211_sta_process_chanswitch(sdata, 3108 rx_status->mactime, 3109 &elems, false); 3110 } 3111 break; 3112 } 3113 sdata_unlock(sdata); 3114 } 3115 3116 static void ieee80211_sta_timer(unsigned long data) 3117 { 3118 struct ieee80211_sub_if_data *sdata = 3119 (struct ieee80211_sub_if_data *) data; 3120 3121 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3122 } 3123 3124 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3125 u8 *bssid, u8 reason, bool tx) 3126 { 3127 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3128 3129 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3130 tx, frame_buf); 3131 3132 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3133 IEEE80211_DEAUTH_FRAME_LEN); 3134 } 3135 3136 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3137 { 3138 struct ieee80211_local *local = sdata->local; 3139 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3140 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3141 u32 tx_flags = 0; 3142 3143 sdata_assert_lock(sdata); 3144 3145 if (WARN_ON_ONCE(!auth_data)) 3146 return -EINVAL; 3147 3148 auth_data->tries++; 3149 3150 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3151 sdata_info(sdata, "authentication with %pM timed out\n", 3152 auth_data->bss->bssid); 3153 3154 /* 3155 * Most likely AP is not in the range so remove the 3156 * bss struct for that AP. 3157 */ 3158 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3159 3160 return -ETIMEDOUT; 3161 } 3162 3163 drv_mgd_prepare_tx(local, sdata); 3164 3165 if (auth_data->bss->proberesp_ies) { 3166 u16 trans = 1; 3167 u16 status = 0; 3168 3169 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3170 auth_data->bss->bssid, auth_data->tries, 3171 IEEE80211_AUTH_MAX_TRIES); 3172 3173 auth_data->expected_transaction = 2; 3174 3175 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3176 trans = auth_data->sae_trans; 3177 status = auth_data->sae_status; 3178 auth_data->expected_transaction = trans; 3179 } 3180 3181 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3182 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3183 IEEE80211_TX_INTFL_MLME_CONN_TX; 3184 3185 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3186 auth_data->data, auth_data->data_len, 3187 auth_data->bss->bssid, 3188 auth_data->bss->bssid, NULL, 0, 0, 3189 tx_flags); 3190 } else { 3191 const u8 *ssidie; 3192 3193 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3194 auth_data->bss->bssid, auth_data->tries, 3195 IEEE80211_AUTH_MAX_TRIES); 3196 3197 rcu_read_lock(); 3198 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3199 if (!ssidie) { 3200 rcu_read_unlock(); 3201 return -EINVAL; 3202 } 3203 /* 3204 * Direct probe is sent to broadcast address as some APs 3205 * will not answer to direct packet in unassociated state. 3206 */ 3207 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 3208 NULL, 0, (u32) -1, true, 0, 3209 auth_data->bss->channel, false); 3210 rcu_read_unlock(); 3211 } 3212 3213 if (tx_flags == 0) { 3214 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3215 auth_data->timeout_started = true; 3216 run_again(sdata, auth_data->timeout); 3217 } else { 3218 auth_data->timeout = 3219 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); 3220 auth_data->timeout_started = true; 3221 run_again(sdata, auth_data->timeout); 3222 } 3223 3224 return 0; 3225 } 3226 3227 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3228 { 3229 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3230 struct ieee80211_local *local = sdata->local; 3231 3232 sdata_assert_lock(sdata); 3233 3234 assoc_data->tries++; 3235 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3236 sdata_info(sdata, "association with %pM timed out\n", 3237 assoc_data->bss->bssid); 3238 3239 /* 3240 * Most likely AP is not in the range so remove the 3241 * bss struct for that AP. 3242 */ 3243 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3244 3245 return -ETIMEDOUT; 3246 } 3247 3248 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3249 assoc_data->bss->bssid, assoc_data->tries, 3250 IEEE80211_ASSOC_MAX_TRIES); 3251 ieee80211_send_assoc(sdata); 3252 3253 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3254 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3255 assoc_data->timeout_started = true; 3256 run_again(sdata, assoc_data->timeout); 3257 } else { 3258 assoc_data->timeout = 3259 round_jiffies_up(jiffies + 3260 IEEE80211_ASSOC_TIMEOUT_LONG); 3261 assoc_data->timeout_started = true; 3262 run_again(sdata, assoc_data->timeout); 3263 } 3264 3265 return 0; 3266 } 3267 3268 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3269 __le16 fc, bool acked) 3270 { 3271 struct ieee80211_local *local = sdata->local; 3272 3273 sdata->u.mgd.status_fc = fc; 3274 sdata->u.mgd.status_acked = acked; 3275 sdata->u.mgd.status_received = true; 3276 3277 ieee80211_queue_work(&local->hw, &sdata->work); 3278 } 3279 3280 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3281 { 3282 struct ieee80211_local *local = sdata->local; 3283 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3284 3285 sdata_lock(sdata); 3286 3287 if (ifmgd->status_received) { 3288 __le16 fc = ifmgd->status_fc; 3289 bool status_acked = ifmgd->status_acked; 3290 3291 ifmgd->status_received = false; 3292 if (ifmgd->auth_data && 3293 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3294 if (status_acked) { 3295 ifmgd->auth_data->timeout = 3296 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3297 run_again(sdata, ifmgd->auth_data->timeout); 3298 } else { 3299 ifmgd->auth_data->timeout = jiffies - 1; 3300 } 3301 ifmgd->auth_data->timeout_started = true; 3302 } else if (ifmgd->assoc_data && 3303 (ieee80211_is_assoc_req(fc) || 3304 ieee80211_is_reassoc_req(fc))) { 3305 if (status_acked) { 3306 ifmgd->assoc_data->timeout = 3307 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3308 run_again(sdata, ifmgd->assoc_data->timeout); 3309 } else { 3310 ifmgd->assoc_data->timeout = jiffies - 1; 3311 } 3312 ifmgd->assoc_data->timeout_started = true; 3313 } 3314 } 3315 3316 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3317 time_after(jiffies, ifmgd->auth_data->timeout)) { 3318 if (ifmgd->auth_data->done) { 3319 /* 3320 * ok ... we waited for assoc but userspace didn't, 3321 * so let's just kill the auth data 3322 */ 3323 ieee80211_destroy_auth_data(sdata, false); 3324 } else if (ieee80211_probe_auth(sdata)) { 3325 u8 bssid[ETH_ALEN]; 3326 3327 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3328 3329 ieee80211_destroy_auth_data(sdata, false); 3330 3331 cfg80211_auth_timeout(sdata->dev, bssid); 3332 } 3333 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3334 run_again(sdata, ifmgd->auth_data->timeout); 3335 3336 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3337 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3338 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) || 3339 ieee80211_do_assoc(sdata)) { 3340 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 3341 3342 ieee80211_destroy_assoc_data(sdata, false); 3343 cfg80211_assoc_timeout(sdata->dev, bss); 3344 } 3345 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3346 run_again(sdata, ifmgd->assoc_data->timeout); 3347 3348 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL && 3349 ifmgd->associated) { 3350 u8 bssid[ETH_ALEN]; 3351 int max_tries; 3352 3353 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3354 3355 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3356 max_tries = max_nullfunc_tries; 3357 else 3358 max_tries = max_probe_tries; 3359 3360 /* ACK received for nullfunc probing frame */ 3361 if (!ifmgd->probe_send_count) 3362 ieee80211_reset_ap_probe(sdata); 3363 else if (ifmgd->nullfunc_failed) { 3364 if (ifmgd->probe_send_count < max_tries) { 3365 mlme_dbg(sdata, 3366 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3367 bssid, ifmgd->probe_send_count, 3368 max_tries); 3369 ieee80211_mgd_probe_ap_send(sdata); 3370 } else { 3371 mlme_dbg(sdata, 3372 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3373 bssid); 3374 ieee80211_sta_connection_lost(sdata, bssid, 3375 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3376 false); 3377 } 3378 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3379 run_again(sdata, ifmgd->probe_timeout); 3380 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3381 mlme_dbg(sdata, 3382 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3383 bssid, probe_wait_ms); 3384 ieee80211_sta_connection_lost(sdata, bssid, 3385 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3386 } else if (ifmgd->probe_send_count < max_tries) { 3387 mlme_dbg(sdata, 3388 "No probe response from AP %pM after %dms, try %d/%i\n", 3389 bssid, probe_wait_ms, 3390 ifmgd->probe_send_count, max_tries); 3391 ieee80211_mgd_probe_ap_send(sdata); 3392 } else { 3393 /* 3394 * We actually lost the connection ... or did we? 3395 * Let's make sure! 3396 */ 3397 wiphy_debug(local->hw.wiphy, 3398 "%s: No probe response from AP %pM" 3399 " after %dms, disconnecting.\n", 3400 sdata->name, 3401 bssid, probe_wait_ms); 3402 3403 ieee80211_sta_connection_lost(sdata, bssid, 3404 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3405 } 3406 } 3407 3408 sdata_unlock(sdata); 3409 } 3410 3411 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3412 { 3413 struct ieee80211_sub_if_data *sdata = 3414 (struct ieee80211_sub_if_data *) data; 3415 struct ieee80211_local *local = sdata->local; 3416 3417 if (local->quiescing) 3418 return; 3419 3420 sdata->u.mgd.connection_loss = false; 3421 ieee80211_queue_work(&sdata->local->hw, 3422 &sdata->u.mgd.beacon_connection_loss_work); 3423 } 3424 3425 static void ieee80211_sta_conn_mon_timer(unsigned long data) 3426 { 3427 struct ieee80211_sub_if_data *sdata = 3428 (struct ieee80211_sub_if_data *) data; 3429 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3430 struct ieee80211_local *local = sdata->local; 3431 3432 if (local->quiescing) 3433 return; 3434 3435 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3436 } 3437 3438 static void ieee80211_sta_monitor_work(struct work_struct *work) 3439 { 3440 struct ieee80211_sub_if_data *sdata = 3441 container_of(work, struct ieee80211_sub_if_data, 3442 u.mgd.monitor_work); 3443 3444 ieee80211_mgd_probe_ap(sdata, false); 3445 } 3446 3447 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3448 { 3449 u32 flags; 3450 3451 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3452 __ieee80211_stop_poll(sdata); 3453 3454 /* let's probe the connection once */ 3455 flags = sdata->local->hw.flags; 3456 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 3457 ieee80211_queue_work(&sdata->local->hw, 3458 &sdata->u.mgd.monitor_work); 3459 /* and do all the other regular work too */ 3460 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3461 } 3462 } 3463 3464 #ifdef CONFIG_PM 3465 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 3466 { 3467 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3468 3469 sdata_lock(sdata); 3470 if (!ifmgd->associated) { 3471 sdata_unlock(sdata); 3472 return; 3473 } 3474 3475 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 3476 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 3477 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 3478 ieee80211_sta_connection_lost(sdata, 3479 ifmgd->associated->bssid, 3480 WLAN_REASON_UNSPECIFIED, 3481 true); 3482 sdata_unlock(sdata); 3483 return; 3484 } 3485 sdata_unlock(sdata); 3486 } 3487 #endif 3488 3489 /* interface setup */ 3490 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3491 { 3492 struct ieee80211_if_managed *ifmgd; 3493 3494 ifmgd = &sdata->u.mgd; 3495 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3496 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3497 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3498 ieee80211_beacon_connection_loss_work); 3499 INIT_WORK(&ifmgd->csa_connection_drop_work, 3500 ieee80211_csa_connection_drop_work); 3501 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work); 3502 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3503 (unsigned long) sdata); 3504 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3505 (unsigned long) sdata); 3506 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3507 (unsigned long) sdata); 3508 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 3509 (unsigned long) sdata); 3510 3511 ifmgd->flags = 0; 3512 ifmgd->powersave = sdata->wdev.ps; 3513 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 3514 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 3515 ifmgd->p2p_noa_index = -1; 3516 3517 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 3518 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 3519 else 3520 ifmgd->req_smps = IEEE80211_SMPS_OFF; 3521 } 3522 3523 /* scan finished notification */ 3524 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 3525 { 3526 struct ieee80211_sub_if_data *sdata; 3527 3528 /* Restart STA timers */ 3529 rcu_read_lock(); 3530 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 3531 if (ieee80211_sdata_running(sdata)) 3532 ieee80211_restart_sta_timer(sdata); 3533 } 3534 rcu_read_unlock(); 3535 } 3536 3537 int ieee80211_max_network_latency(struct notifier_block *nb, 3538 unsigned long data, void *dummy) 3539 { 3540 s32 latency_usec = (s32) data; 3541 struct ieee80211_local *local = 3542 container_of(nb, struct ieee80211_local, 3543 network_latency_notifier); 3544 3545 mutex_lock(&local->iflist_mtx); 3546 ieee80211_recalc_ps(local, latency_usec); 3547 mutex_unlock(&local->iflist_mtx); 3548 3549 return 0; 3550 } 3551 3552 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 3553 struct cfg80211_bss *cbss) 3554 { 3555 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3556 const u8 *ht_cap_ie, *vht_cap_ie; 3557 const struct ieee80211_ht_cap *ht_cap; 3558 const struct ieee80211_vht_cap *vht_cap; 3559 u8 chains = 1; 3560 3561 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 3562 return chains; 3563 3564 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3565 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 3566 ht_cap = (void *)(ht_cap_ie + 2); 3567 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 3568 /* 3569 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 3570 * "Tx Unequal Modulation Supported" fields. 3571 */ 3572 } 3573 3574 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 3575 return chains; 3576 3577 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3578 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 3579 u8 nss; 3580 u16 tx_mcs_map; 3581 3582 vht_cap = (void *)(vht_cap_ie + 2); 3583 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 3584 for (nss = 8; nss > 0; nss--) { 3585 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 3586 IEEE80211_VHT_MCS_NOT_SUPPORTED) 3587 break; 3588 } 3589 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 3590 chains = max(chains, nss); 3591 } 3592 3593 return chains; 3594 } 3595 3596 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 3597 struct cfg80211_bss *cbss) 3598 { 3599 struct ieee80211_local *local = sdata->local; 3600 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3601 const struct ieee80211_ht_operation *ht_oper = NULL; 3602 const struct ieee80211_vht_operation *vht_oper = NULL; 3603 struct ieee80211_supported_band *sband; 3604 struct cfg80211_chan_def chandef; 3605 int ret; 3606 3607 sband = local->hw.wiphy->bands[cbss->channel->band]; 3608 3609 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 3610 IEEE80211_STA_DISABLE_80P80MHZ | 3611 IEEE80211_STA_DISABLE_160MHZ); 3612 3613 rcu_read_lock(); 3614 3615 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 3616 sband->ht_cap.ht_supported) { 3617 const u8 *ht_oper_ie, *ht_cap; 3618 3619 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 3620 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 3621 ht_oper = (void *)(ht_oper_ie + 2); 3622 3623 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3624 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) { 3625 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3626 ht_oper = NULL; 3627 } 3628 } 3629 3630 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 3631 sband->vht_cap.vht_supported) { 3632 const u8 *vht_oper_ie, *vht_cap; 3633 3634 vht_oper_ie = ieee80211_bss_get_ie(cbss, 3635 WLAN_EID_VHT_OPERATION); 3636 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 3637 vht_oper = (void *)(vht_oper_ie + 2); 3638 if (vht_oper && !ht_oper) { 3639 vht_oper = NULL; 3640 sdata_info(sdata, 3641 "AP advertised VHT without HT, disabling both\n"); 3642 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3643 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3644 } 3645 3646 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3647 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 3648 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3649 vht_oper = NULL; 3650 } 3651 } 3652 3653 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 3654 cbss->channel, 3655 ht_oper, vht_oper, 3656 &chandef, false); 3657 3658 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 3659 local->rx_chains); 3660 3661 rcu_read_unlock(); 3662 3663 /* will change later if needed */ 3664 sdata->smps_mode = IEEE80211_SMPS_OFF; 3665 3666 /* 3667 * If this fails (possibly due to channel context sharing 3668 * on incompatible channels, e.g. 80+80 and 160 sharing the 3669 * same control channel) try to use a smaller bandwidth. 3670 */ 3671 ret = ieee80211_vif_use_channel(sdata, &chandef, 3672 IEEE80211_CHANCTX_SHARED); 3673 3674 /* don't downgrade for 5 and 10 MHz channels, though. */ 3675 if (chandef.width == NL80211_CHAN_WIDTH_5 || 3676 chandef.width == NL80211_CHAN_WIDTH_10) 3677 return ret; 3678 3679 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 3680 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef); 3681 ret = ieee80211_vif_use_channel(sdata, &chandef, 3682 IEEE80211_CHANCTX_SHARED); 3683 } 3684 return ret; 3685 } 3686 3687 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3688 struct cfg80211_bss *cbss, bool assoc) 3689 { 3690 struct ieee80211_local *local = sdata->local; 3691 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3692 struct ieee80211_bss *bss = (void *)cbss->priv; 3693 struct sta_info *new_sta = NULL; 3694 bool have_sta = false; 3695 int err; 3696 3697 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 3698 return -EINVAL; 3699 3700 if (assoc) { 3701 rcu_read_lock(); 3702 have_sta = sta_info_get(sdata, cbss->bssid); 3703 rcu_read_unlock(); 3704 } 3705 3706 if (!have_sta) { 3707 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 3708 if (!new_sta) 3709 return -ENOMEM; 3710 } 3711 if (new_sta) { 3712 u32 rates = 0, basic_rates = 0; 3713 bool have_higher_than_11mbit; 3714 int min_rate = INT_MAX, min_rate_index = -1; 3715 struct ieee80211_chanctx_conf *chanctx_conf; 3716 struct ieee80211_supported_band *sband; 3717 const struct cfg80211_bss_ies *ies; 3718 int shift; 3719 u32 rate_flags; 3720 3721 sband = local->hw.wiphy->bands[cbss->channel->band]; 3722 3723 err = ieee80211_prep_channel(sdata, cbss); 3724 if (err) { 3725 sta_info_free(local, new_sta); 3726 return -EINVAL; 3727 } 3728 shift = ieee80211_vif_get_shift(&sdata->vif); 3729 3730 rcu_read_lock(); 3731 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 3732 if (WARN_ON(!chanctx_conf)) { 3733 rcu_read_unlock(); 3734 return -EINVAL; 3735 } 3736 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 3737 rcu_read_unlock(); 3738 3739 ieee80211_get_rates(sband, bss->supp_rates, 3740 bss->supp_rates_len, 3741 &rates, &basic_rates, 3742 &have_higher_than_11mbit, 3743 &min_rate, &min_rate_index, 3744 shift, rate_flags); 3745 3746 /* 3747 * This used to be a workaround for basic rates missing 3748 * in the association response frame. Now that we no 3749 * longer use the basic rates from there, it probably 3750 * doesn't happen any more, but keep the workaround so 3751 * in case some *other* APs are buggy in different ways 3752 * we can connect -- with a warning. 3753 */ 3754 if (!basic_rates && min_rate_index >= 0) { 3755 sdata_info(sdata, 3756 "No basic rates, using min rate instead\n"); 3757 basic_rates = BIT(min_rate_index); 3758 } 3759 3760 new_sta->sta.supp_rates[cbss->channel->band] = rates; 3761 sdata->vif.bss_conf.basic_rates = basic_rates; 3762 3763 /* cf. IEEE 802.11 9.2.12 */ 3764 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 3765 have_higher_than_11mbit) 3766 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 3767 else 3768 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 3769 3770 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3771 3772 /* set timing information */ 3773 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 3774 rcu_read_lock(); 3775 ies = rcu_dereference(cbss->beacon_ies); 3776 if (ies) { 3777 const u8 *tim_ie; 3778 3779 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3780 sdata->vif.bss_conf.sync_device_ts = 3781 bss->device_ts_beacon; 3782 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 3783 ies->data, ies->len); 3784 if (tim_ie && tim_ie[1] >= 2) 3785 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 3786 else 3787 sdata->vif.bss_conf.sync_dtim_count = 0; 3788 } else if (!(local->hw.flags & 3789 IEEE80211_HW_TIMING_BEACON_ONLY)) { 3790 ies = rcu_dereference(cbss->proberesp_ies); 3791 /* must be non-NULL since beacon IEs were NULL */ 3792 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3793 sdata->vif.bss_conf.sync_device_ts = 3794 bss->device_ts_presp; 3795 sdata->vif.bss_conf.sync_dtim_count = 0; 3796 } else { 3797 sdata->vif.bss_conf.sync_tsf = 0; 3798 sdata->vif.bss_conf.sync_device_ts = 0; 3799 sdata->vif.bss_conf.sync_dtim_count = 0; 3800 } 3801 rcu_read_unlock(); 3802 3803 /* tell driver about BSSID, basic rates and timing */ 3804 ieee80211_bss_info_change_notify(sdata, 3805 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 3806 BSS_CHANGED_BEACON_INT); 3807 3808 if (assoc) 3809 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 3810 3811 err = sta_info_insert(new_sta); 3812 new_sta = NULL; 3813 if (err) { 3814 sdata_info(sdata, 3815 "failed to insert STA entry for the AP (error %d)\n", 3816 err); 3817 return err; 3818 } 3819 } else 3820 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 3821 3822 return 0; 3823 } 3824 3825 /* config hooks */ 3826 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 3827 struct cfg80211_auth_request *req) 3828 { 3829 struct ieee80211_local *local = sdata->local; 3830 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3831 struct ieee80211_mgd_auth_data *auth_data; 3832 u16 auth_alg; 3833 int err; 3834 3835 /* prepare auth data structure */ 3836 3837 switch (req->auth_type) { 3838 case NL80211_AUTHTYPE_OPEN_SYSTEM: 3839 auth_alg = WLAN_AUTH_OPEN; 3840 break; 3841 case NL80211_AUTHTYPE_SHARED_KEY: 3842 if (IS_ERR(local->wep_tx_tfm)) 3843 return -EOPNOTSUPP; 3844 auth_alg = WLAN_AUTH_SHARED_KEY; 3845 break; 3846 case NL80211_AUTHTYPE_FT: 3847 auth_alg = WLAN_AUTH_FT; 3848 break; 3849 case NL80211_AUTHTYPE_NETWORK_EAP: 3850 auth_alg = WLAN_AUTH_LEAP; 3851 break; 3852 case NL80211_AUTHTYPE_SAE: 3853 auth_alg = WLAN_AUTH_SAE; 3854 break; 3855 default: 3856 return -EOPNOTSUPP; 3857 } 3858 3859 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 3860 req->ie_len, GFP_KERNEL); 3861 if (!auth_data) 3862 return -ENOMEM; 3863 3864 auth_data->bss = req->bss; 3865 3866 if (req->sae_data_len >= 4) { 3867 __le16 *pos = (__le16 *) req->sae_data; 3868 auth_data->sae_trans = le16_to_cpu(pos[0]); 3869 auth_data->sae_status = le16_to_cpu(pos[1]); 3870 memcpy(auth_data->data, req->sae_data + 4, 3871 req->sae_data_len - 4); 3872 auth_data->data_len += req->sae_data_len - 4; 3873 } 3874 3875 if (req->ie && req->ie_len) { 3876 memcpy(&auth_data->data[auth_data->data_len], 3877 req->ie, req->ie_len); 3878 auth_data->data_len += req->ie_len; 3879 } 3880 3881 if (req->key && req->key_len) { 3882 auth_data->key_len = req->key_len; 3883 auth_data->key_idx = req->key_idx; 3884 memcpy(auth_data->key, req->key, req->key_len); 3885 } 3886 3887 auth_data->algorithm = auth_alg; 3888 3889 /* try to authenticate/probe */ 3890 3891 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 3892 ifmgd->assoc_data) { 3893 err = -EBUSY; 3894 goto err_free; 3895 } 3896 3897 if (ifmgd->auth_data) 3898 ieee80211_destroy_auth_data(sdata, false); 3899 3900 /* prep auth_data so we don't go into idle on disassoc */ 3901 ifmgd->auth_data = auth_data; 3902 3903 if (ifmgd->associated) { 3904 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3905 3906 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3907 WLAN_REASON_UNSPECIFIED, 3908 false, frame_buf); 3909 3910 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3911 sizeof(frame_buf)); 3912 } 3913 3914 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 3915 3916 err = ieee80211_prep_connection(sdata, req->bss, false); 3917 if (err) 3918 goto err_clear; 3919 3920 err = ieee80211_probe_auth(sdata); 3921 if (err) { 3922 sta_info_destroy_addr(sdata, req->bss->bssid); 3923 goto err_clear; 3924 } 3925 3926 /* hold our own reference */ 3927 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 3928 return 0; 3929 3930 err_clear: 3931 memset(ifmgd->bssid, 0, ETH_ALEN); 3932 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 3933 ifmgd->auth_data = NULL; 3934 err_free: 3935 kfree(auth_data); 3936 return err; 3937 } 3938 3939 static bool ieee80211_usable_wmm_params(struct ieee80211_sub_if_data *sdata, 3940 const u8 *wmm_param, int len) 3941 { 3942 const u8 *pos; 3943 size_t left; 3944 3945 if (len < 8) 3946 return false; 3947 3948 if (wmm_param[5] != 1 /* version */) 3949 return false; 3950 3951 pos = wmm_param + 8; 3952 left = len - 8; 3953 3954 for (; left >= 4; left -= 4, pos += 4) { 3955 u8 aifsn = pos[0] & 0x0f; 3956 u8 ecwmin = pos[1] & 0x0f; 3957 u8 ecwmax = (pos[1] & 0xf0) >> 4; 3958 int aci = (pos[0] >> 5) & 0x03; 3959 3960 if (aifsn < 2) { 3961 sdata_info(sdata, 3962 "AP has invalid WMM params (AIFSN=%d for ACI %d), disabling WMM\n", 3963 aifsn, aci); 3964 return false; 3965 } 3966 if (ecwmin > ecwmax) { 3967 sdata_info(sdata, 3968 "AP has invalid WMM params (ECWmin/max=%d/%d for ACI %d), disabling WMM\n", 3969 ecwmin, ecwmax, aci); 3970 return false; 3971 } 3972 } 3973 3974 return true; 3975 } 3976 3977 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 3978 struct cfg80211_assoc_request *req) 3979 { 3980 struct ieee80211_local *local = sdata->local; 3981 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3982 struct ieee80211_bss *bss = (void *)req->bss->priv; 3983 struct ieee80211_mgd_assoc_data *assoc_data; 3984 const struct cfg80211_bss_ies *beacon_ies; 3985 struct ieee80211_supported_band *sband; 3986 const u8 *ssidie, *ht_ie, *vht_ie; 3987 int i, err; 3988 3989 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 3990 if (!assoc_data) 3991 return -ENOMEM; 3992 3993 rcu_read_lock(); 3994 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 3995 if (!ssidie) { 3996 rcu_read_unlock(); 3997 kfree(assoc_data); 3998 return -EINVAL; 3999 } 4000 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4001 assoc_data->ssid_len = ssidie[1]; 4002 rcu_read_unlock(); 4003 4004 if (ifmgd->associated) { 4005 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4006 4007 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4008 WLAN_REASON_UNSPECIFIED, 4009 false, frame_buf); 4010 4011 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4012 sizeof(frame_buf)); 4013 } 4014 4015 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4016 err = -EBUSY; 4017 goto err_free; 4018 } 4019 4020 if (ifmgd->assoc_data) { 4021 err = -EBUSY; 4022 goto err_free; 4023 } 4024 4025 if (ifmgd->auth_data) { 4026 bool match; 4027 4028 /* keep sta info, bssid if matching */ 4029 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4030 ieee80211_destroy_auth_data(sdata, match); 4031 } 4032 4033 /* prepare assoc data */ 4034 4035 ifmgd->beacon_crc_valid = false; 4036 4037 assoc_data->wmm = bss->wmm_used && 4038 (local->hw.queues >= IEEE80211_NUM_ACS); 4039 if (assoc_data->wmm) { 4040 /* try to check validity of WMM params IE */ 4041 const struct cfg80211_bss_ies *ies; 4042 const u8 *wp, *start, *end; 4043 4044 rcu_read_lock(); 4045 ies = rcu_dereference(req->bss->ies); 4046 start = ies->data; 4047 end = start + ies->len; 4048 4049 while (true) { 4050 wp = cfg80211_find_vendor_ie( 4051 WLAN_OUI_MICROSOFT, 4052 WLAN_OUI_TYPE_MICROSOFT_WMM, 4053 start, end - start); 4054 if (!wp) 4055 break; 4056 start = wp + wp[1] + 2; 4057 /* if this IE is too short, try the next */ 4058 if (wp[1] <= 4) 4059 continue; 4060 /* if this IE is WMM params, we found what we wanted */ 4061 if (wp[6] == 1) 4062 break; 4063 } 4064 4065 if (!wp || !ieee80211_usable_wmm_params(sdata, wp + 2, 4066 wp[1] - 2)) { 4067 assoc_data->wmm = false; 4068 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM; 4069 } 4070 rcu_read_unlock(); 4071 } 4072 4073 /* 4074 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4075 * We still associate in non-HT mode (11a/b/g) if any one of these 4076 * ciphers is configured as pairwise. 4077 * We can set this to true for non-11n hardware, that'll be checked 4078 * separately along with the peer capabilities. 4079 */ 4080 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4081 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4082 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4083 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4084 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4085 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4086 netdev_info(sdata->dev, 4087 "disabling HT/VHT due to WEP/TKIP use\n"); 4088 } 4089 } 4090 4091 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4092 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4093 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4094 } 4095 4096 if (req->flags & ASSOC_REQ_DISABLE_VHT) 4097 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4098 4099 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4100 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4101 if (!sband->ht_cap.ht_supported || 4102 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4103 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4104 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4105 if (!bss->wmm_used && 4106 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4107 netdev_info(sdata->dev, 4108 "disabling HT as WMM/QoS is not supported by the AP\n"); 4109 } 4110 4111 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4112 if (!sband->vht_cap.vht_supported || 4113 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4114 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4115 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4116 if (!bss->wmm_used && 4117 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4118 netdev_info(sdata->dev, 4119 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4120 } 4121 4122 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4123 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4124 sizeof(ifmgd->ht_capa_mask)); 4125 4126 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4127 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4128 sizeof(ifmgd->vht_capa_mask)); 4129 4130 if (req->ie && req->ie_len) { 4131 memcpy(assoc_data->ie, req->ie, req->ie_len); 4132 assoc_data->ie_len = req->ie_len; 4133 } 4134 4135 assoc_data->bss = req->bss; 4136 4137 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4138 if (ifmgd->powersave) 4139 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4140 else 4141 sdata->smps_mode = IEEE80211_SMPS_OFF; 4142 } else 4143 sdata->smps_mode = ifmgd->req_smps; 4144 4145 assoc_data->capability = req->bss->capability; 4146 assoc_data->supp_rates = bss->supp_rates; 4147 assoc_data->supp_rates_len = bss->supp_rates_len; 4148 4149 rcu_read_lock(); 4150 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4151 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4152 assoc_data->ap_ht_param = 4153 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4154 else 4155 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4156 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4157 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4158 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4159 sizeof(struct ieee80211_vht_cap)); 4160 else 4161 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4162 rcu_read_unlock(); 4163 4164 if (bss->wmm_used && bss->uapsd_supported && 4165 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) && 4166 sdata->wmm_acm != 0xff) { 4167 assoc_data->uapsd = true; 4168 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4169 } else { 4170 assoc_data->uapsd = false; 4171 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4172 } 4173 4174 if (req->prev_bssid) 4175 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4176 4177 if (req->use_mfp) { 4178 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4179 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4180 } else { 4181 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4182 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4183 } 4184 4185 if (req->crypto.control_port) 4186 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4187 else 4188 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4189 4190 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4191 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4192 4193 /* kick off associate process */ 4194 4195 ifmgd->assoc_data = assoc_data; 4196 ifmgd->dtim_period = 0; 4197 ifmgd->have_beacon = false; 4198 4199 err = ieee80211_prep_connection(sdata, req->bss, true); 4200 if (err) 4201 goto err_clear; 4202 4203 rcu_read_lock(); 4204 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4205 4206 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4207 !beacon_ies) { 4208 /* 4209 * Wait up to one beacon interval ... 4210 * should this be more if we miss one? 4211 */ 4212 sdata_info(sdata, "waiting for beacon from %pM\n", 4213 ifmgd->bssid); 4214 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4215 assoc_data->timeout_started = true; 4216 assoc_data->need_beacon = true; 4217 } else if (beacon_ies) { 4218 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4219 beacon_ies->data, 4220 beacon_ies->len); 4221 u8 dtim_count = 0; 4222 4223 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4224 const struct ieee80211_tim_ie *tim; 4225 tim = (void *)(tim_ie + 2); 4226 ifmgd->dtim_period = tim->dtim_period; 4227 dtim_count = tim->dtim_count; 4228 } 4229 ifmgd->have_beacon = true; 4230 assoc_data->timeout = jiffies; 4231 assoc_data->timeout_started = true; 4232 4233 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4234 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4235 sdata->vif.bss_conf.sync_device_ts = 4236 bss->device_ts_beacon; 4237 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4238 } 4239 } else { 4240 assoc_data->timeout = jiffies; 4241 assoc_data->timeout_started = true; 4242 } 4243 rcu_read_unlock(); 4244 4245 run_again(sdata, assoc_data->timeout); 4246 4247 if (bss->corrupt_data) { 4248 char *corrupt_type = "data"; 4249 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4250 if (bss->corrupt_data & 4251 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4252 corrupt_type = "beacon and probe response"; 4253 else 4254 corrupt_type = "beacon"; 4255 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4256 corrupt_type = "probe response"; 4257 sdata_info(sdata, "associating with AP with corrupt %s\n", 4258 corrupt_type); 4259 } 4260 4261 return 0; 4262 err_clear: 4263 memset(ifmgd->bssid, 0, ETH_ALEN); 4264 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4265 ifmgd->assoc_data = NULL; 4266 err_free: 4267 kfree(assoc_data); 4268 return err; 4269 } 4270 4271 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4272 struct cfg80211_deauth_request *req) 4273 { 4274 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4275 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4276 bool tx = !req->local_state_change; 4277 bool report_frame = false; 4278 4279 sdata_info(sdata, 4280 "deauthenticating from %pM by local choice (reason=%d)\n", 4281 req->bssid, req->reason_code); 4282 4283 if (ifmgd->auth_data) { 4284 drv_mgd_prepare_tx(sdata->local, sdata); 4285 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4286 IEEE80211_STYPE_DEAUTH, 4287 req->reason_code, tx, 4288 frame_buf); 4289 ieee80211_destroy_auth_data(sdata, false); 4290 4291 report_frame = true; 4292 goto out; 4293 } 4294 4295 if (ifmgd->associated && 4296 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4297 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4298 req->reason_code, tx, frame_buf); 4299 report_frame = true; 4300 } 4301 4302 out: 4303 if (report_frame) 4304 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4305 IEEE80211_DEAUTH_FRAME_LEN); 4306 4307 return 0; 4308 } 4309 4310 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4311 struct cfg80211_disassoc_request *req) 4312 { 4313 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4314 u8 bssid[ETH_ALEN]; 4315 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4316 4317 /* 4318 * cfg80211 should catch this ... but it's racy since 4319 * we can receive a disassoc frame, process it, hand it 4320 * to cfg80211 while that's in a locked section already 4321 * trying to tell us that the user wants to disconnect. 4322 */ 4323 if (ifmgd->associated != req->bss) 4324 return -ENOLINK; 4325 4326 sdata_info(sdata, 4327 "disassociating from %pM by local choice (reason=%d)\n", 4328 req->bss->bssid, req->reason_code); 4329 4330 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4331 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4332 req->reason_code, !req->local_state_change, 4333 frame_buf); 4334 4335 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4336 IEEE80211_DEAUTH_FRAME_LEN); 4337 4338 return 0; 4339 } 4340 4341 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4342 { 4343 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4344 4345 /* 4346 * Make sure some work items will not run after this, 4347 * they will not do anything but might not have been 4348 * cancelled when disconnecting. 4349 */ 4350 cancel_work_sync(&ifmgd->monitor_work); 4351 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4352 cancel_work_sync(&ifmgd->request_smps_work); 4353 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4354 cancel_work_sync(&ifmgd->chswitch_work); 4355 4356 sdata_lock(sdata); 4357 if (ifmgd->assoc_data) { 4358 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 4359 ieee80211_destroy_assoc_data(sdata, false); 4360 cfg80211_assoc_timeout(sdata->dev, bss); 4361 } 4362 if (ifmgd->auth_data) 4363 ieee80211_destroy_auth_data(sdata, false); 4364 del_timer_sync(&ifmgd->timer); 4365 sdata_unlock(sdata); 4366 } 4367 4368 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 4369 enum nl80211_cqm_rssi_threshold_event rssi_event, 4370 gfp_t gfp) 4371 { 4372 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4373 4374 trace_api_cqm_rssi_notify(sdata, rssi_event); 4375 4376 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4377 } 4378 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4379