1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/pm_qos.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 35 #define IEEE80211_AUTH_MAX_TRIES 3 36 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 37 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 38 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 39 #define IEEE80211_ASSOC_MAX_TRIES 3 40 41 static int max_nullfunc_tries = 2; 42 module_param(max_nullfunc_tries, int, 0644); 43 MODULE_PARM_DESC(max_nullfunc_tries, 44 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 45 46 static int max_probe_tries = 5; 47 module_param(max_probe_tries, int, 0644); 48 MODULE_PARM_DESC(max_probe_tries, 49 "Maximum probe tries before disconnecting (reason 4)."); 50 51 /* 52 * Beacon loss timeout is calculated as N frames times the 53 * advertised beacon interval. This may need to be somewhat 54 * higher than what hardware might detect to account for 55 * delays in the host processing frames. But since we also 56 * probe on beacon miss before declaring the connection lost 57 * default to what we want. 58 */ 59 #define IEEE80211_BEACON_LOSS_COUNT 7 60 61 /* 62 * Time the connection can be idle before we probe 63 * it to see if we can still talk to the AP. 64 */ 65 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 66 /* 67 * Time we wait for a probe response after sending 68 * a probe request because of beacon loss or for 69 * checking the connection still works. 70 */ 71 static int probe_wait_ms = 500; 72 module_param(probe_wait_ms, int, 0644); 73 MODULE_PARM_DESC(probe_wait_ms, 74 "Maximum time(ms) to wait for probe response" 75 " before disconnecting (reason 4)."); 76 77 /* 78 * Weight given to the latest Beacon frame when calculating average signal 79 * strength for Beacon frames received in the current BSS. This must be 80 * between 1 and 15. 81 */ 82 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 83 84 /* 85 * How many Beacon frames need to have been used in average signal strength 86 * before starting to indicate signal change events. 87 */ 88 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 89 90 #define TMR_RUNNING_TIMER 0 91 #define TMR_RUNNING_CHANSW 1 92 93 /* 94 * All cfg80211 functions have to be called outside a locked 95 * section so that they can acquire a lock themselves... This 96 * is much simpler than queuing up things in cfg80211, but we 97 * do need some indirection for that here. 98 */ 99 enum rx_mgmt_action { 100 /* no action required */ 101 RX_MGMT_NONE, 102 103 /* caller must call cfg80211_send_deauth() */ 104 RX_MGMT_CFG80211_DEAUTH, 105 106 /* caller must call cfg80211_send_disassoc() */ 107 RX_MGMT_CFG80211_DISASSOC, 108 109 /* caller must call cfg80211_send_rx_auth() */ 110 RX_MGMT_CFG80211_RX_AUTH, 111 112 /* caller must call cfg80211_send_rx_assoc() */ 113 RX_MGMT_CFG80211_RX_ASSOC, 114 115 /* caller must call cfg80211_send_assoc_timeout() */ 116 RX_MGMT_CFG80211_ASSOC_TIMEOUT, 117 118 /* used when a processed beacon causes a deauth */ 119 RX_MGMT_CFG80211_TX_DEAUTH, 120 }; 121 122 /* utils */ 123 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd) 124 { 125 lockdep_assert_held(&ifmgd->mtx); 126 } 127 128 /* 129 * We can have multiple work items (and connection probing) 130 * scheduling this timer, but we need to take care to only 131 * reschedule it when it should fire _earlier_ than it was 132 * asked for before, or if it's not pending right now. This 133 * function ensures that. Note that it then is required to 134 * run this function for all timeouts after the first one 135 * has happened -- the work that runs from this timer will 136 * do that. 137 */ 138 static void run_again(struct ieee80211_if_managed *ifmgd, unsigned long timeout) 139 { 140 ASSERT_MGD_MTX(ifmgd); 141 142 if (!timer_pending(&ifmgd->timer) || 143 time_before(timeout, ifmgd->timer.expires)) 144 mod_timer(&ifmgd->timer, timeout); 145 } 146 147 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 148 { 149 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 150 return; 151 152 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 153 return; 154 155 mod_timer(&sdata->u.mgd.bcn_mon_timer, 156 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 157 } 158 159 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 160 { 161 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 162 163 if (unlikely(!sdata->u.mgd.associated)) 164 return; 165 166 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 167 return; 168 169 mod_timer(&sdata->u.mgd.conn_mon_timer, 170 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 171 172 ifmgd->probe_send_count = 0; 173 } 174 175 static int ecw2cw(int ecw) 176 { 177 return (1 << ecw) - 1; 178 } 179 180 static u32 chandef_downgrade(struct cfg80211_chan_def *c) 181 { 182 u32 ret; 183 int tmp; 184 185 switch (c->width) { 186 case NL80211_CHAN_WIDTH_20: 187 c->width = NL80211_CHAN_WIDTH_20_NOHT; 188 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 189 break; 190 case NL80211_CHAN_WIDTH_40: 191 c->width = NL80211_CHAN_WIDTH_20; 192 c->center_freq1 = c->chan->center_freq; 193 ret = IEEE80211_STA_DISABLE_40MHZ | 194 IEEE80211_STA_DISABLE_VHT; 195 break; 196 case NL80211_CHAN_WIDTH_80: 197 tmp = (30 + c->chan->center_freq - c->center_freq1)/20; 198 /* n_P40 */ 199 tmp /= 2; 200 /* freq_P40 */ 201 c->center_freq1 = c->center_freq1 - 20 + 40 * tmp; 202 c->width = NL80211_CHAN_WIDTH_40; 203 ret = IEEE80211_STA_DISABLE_VHT; 204 break; 205 case NL80211_CHAN_WIDTH_80P80: 206 c->center_freq2 = 0; 207 c->width = NL80211_CHAN_WIDTH_80; 208 ret = IEEE80211_STA_DISABLE_80P80MHZ | 209 IEEE80211_STA_DISABLE_160MHZ; 210 break; 211 case NL80211_CHAN_WIDTH_160: 212 /* n_P20 */ 213 tmp = (70 + c->chan->center_freq - c->center_freq1)/20; 214 /* n_P80 */ 215 tmp /= 4; 216 c->center_freq1 = c->center_freq1 - 40 + 80 * tmp; 217 c->width = NL80211_CHAN_WIDTH_80; 218 ret = IEEE80211_STA_DISABLE_80P80MHZ | 219 IEEE80211_STA_DISABLE_160MHZ; 220 break; 221 default: 222 case NL80211_CHAN_WIDTH_20_NOHT: 223 WARN_ON_ONCE(1); 224 c->width = NL80211_CHAN_WIDTH_20_NOHT; 225 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 226 break; 227 } 228 229 WARN_ON_ONCE(!cfg80211_chandef_valid(c)); 230 231 return ret; 232 } 233 234 static u32 235 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 236 struct ieee80211_supported_band *sband, 237 struct ieee80211_channel *channel, 238 const struct ieee80211_ht_operation *ht_oper, 239 const struct ieee80211_vht_operation *vht_oper, 240 struct cfg80211_chan_def *chandef, bool verbose) 241 { 242 struct cfg80211_chan_def vht_chandef; 243 u32 ht_cfreq, ret; 244 245 chandef->chan = channel; 246 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 247 chandef->center_freq1 = channel->center_freq; 248 chandef->center_freq2 = 0; 249 250 if (!ht_oper || !sband->ht_cap.ht_supported) { 251 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 252 goto out; 253 } 254 255 chandef->width = NL80211_CHAN_WIDTH_20; 256 257 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 258 channel->band); 259 /* check that channel matches the right operating channel */ 260 if (channel->center_freq != ht_cfreq) { 261 /* 262 * It's possible that some APs are confused here; 263 * Netgear WNDR3700 sometimes reports 4 higher than 264 * the actual channel in association responses, but 265 * since we look at probe response/beacon data here 266 * it should be OK. 267 */ 268 if (verbose) 269 sdata_info(sdata, 270 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 271 channel->center_freq, ht_cfreq, 272 ht_oper->primary_chan, channel->band); 273 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 274 goto out; 275 } 276 277 /* check 40 MHz support, if we have it */ 278 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 279 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 280 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 281 chandef->width = NL80211_CHAN_WIDTH_40; 282 chandef->center_freq1 += 10; 283 break; 284 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 285 chandef->width = NL80211_CHAN_WIDTH_40; 286 chandef->center_freq1 -= 10; 287 break; 288 } 289 } else { 290 /* 40 MHz (and 80 MHz) must be supported for VHT */ 291 ret = IEEE80211_STA_DISABLE_VHT; 292 goto out; 293 } 294 295 if (!vht_oper || !sband->vht_cap.vht_supported) { 296 ret = IEEE80211_STA_DISABLE_VHT; 297 goto out; 298 } 299 300 vht_chandef.chan = channel; 301 vht_chandef.center_freq1 = 302 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 303 channel->band); 304 vht_chandef.center_freq2 = 0; 305 306 if (vht_oper->center_freq_seg2_idx) 307 vht_chandef.center_freq2 = 308 ieee80211_channel_to_frequency( 309 vht_oper->center_freq_seg2_idx, 310 channel->band); 311 312 switch (vht_oper->chan_width) { 313 case IEEE80211_VHT_CHANWIDTH_USE_HT: 314 vht_chandef.width = chandef->width; 315 break; 316 case IEEE80211_VHT_CHANWIDTH_80MHZ: 317 vht_chandef.width = NL80211_CHAN_WIDTH_80; 318 break; 319 case IEEE80211_VHT_CHANWIDTH_160MHZ: 320 vht_chandef.width = NL80211_CHAN_WIDTH_160; 321 break; 322 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 323 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 324 break; 325 default: 326 if (verbose) 327 sdata_info(sdata, 328 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 329 vht_oper->chan_width); 330 ret = IEEE80211_STA_DISABLE_VHT; 331 goto out; 332 } 333 334 if (!cfg80211_chandef_valid(&vht_chandef)) { 335 if (verbose) 336 sdata_info(sdata, 337 "AP VHT information is invalid, disable VHT\n"); 338 ret = IEEE80211_STA_DISABLE_VHT; 339 goto out; 340 } 341 342 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 343 ret = 0; 344 goto out; 345 } 346 347 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 348 if (verbose) 349 sdata_info(sdata, 350 "AP VHT information doesn't match HT, disable VHT\n"); 351 ret = IEEE80211_STA_DISABLE_VHT; 352 goto out; 353 } 354 355 *chandef = vht_chandef; 356 357 ret = 0; 358 359 out: 360 /* don't print the message below for VHT mismatch if VHT is disabled */ 361 if (ret & IEEE80211_STA_DISABLE_VHT) 362 vht_chandef = *chandef; 363 364 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 365 IEEE80211_CHAN_DISABLED)) { 366 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 367 ret = IEEE80211_STA_DISABLE_HT | 368 IEEE80211_STA_DISABLE_VHT; 369 goto out; 370 } 371 372 ret |= chandef_downgrade(chandef); 373 } 374 375 if (chandef->width != vht_chandef.width && verbose) 376 sdata_info(sdata, 377 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 378 379 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 380 return ret; 381 } 382 383 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 384 struct sta_info *sta, 385 const struct ieee80211_ht_operation *ht_oper, 386 const struct ieee80211_vht_operation *vht_oper, 387 const u8 *bssid, u32 *changed) 388 { 389 struct ieee80211_local *local = sdata->local; 390 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 391 struct ieee80211_supported_band *sband; 392 struct ieee80211_channel *chan; 393 struct cfg80211_chan_def chandef; 394 u16 ht_opmode; 395 u32 flags; 396 enum ieee80211_sta_rx_bandwidth new_sta_bw; 397 int ret; 398 399 /* if HT was/is disabled, don't track any bandwidth changes */ 400 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 401 return 0; 402 403 /* don't check VHT if we associated as non-VHT station */ 404 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 405 vht_oper = NULL; 406 407 if (WARN_ON_ONCE(!sta)) 408 return -EINVAL; 409 410 chan = sdata->vif.bss_conf.chandef.chan; 411 sband = local->hw.wiphy->bands[chan->band]; 412 413 /* calculate new channel (type) based on HT/VHT operation IEs */ 414 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, 415 vht_oper, &chandef, false); 416 417 /* 418 * Downgrade the new channel if we associated with restricted 419 * capabilities. For example, if we associated as a 20 MHz STA 420 * to a 40 MHz AP (due to regulatory, capabilities or config 421 * reasons) then switching to a 40 MHz channel now won't do us 422 * any good -- we couldn't use it with the AP. 423 */ 424 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 425 chandef.width == NL80211_CHAN_WIDTH_80P80) 426 flags |= chandef_downgrade(&chandef); 427 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 428 chandef.width == NL80211_CHAN_WIDTH_160) 429 flags |= chandef_downgrade(&chandef); 430 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 431 chandef.width > NL80211_CHAN_WIDTH_20) 432 flags |= chandef_downgrade(&chandef); 433 434 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 435 return 0; 436 437 sdata_info(sdata, 438 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 439 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 440 chandef.center_freq1, chandef.center_freq2); 441 442 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 443 IEEE80211_STA_DISABLE_VHT | 444 IEEE80211_STA_DISABLE_40MHZ | 445 IEEE80211_STA_DISABLE_80P80MHZ | 446 IEEE80211_STA_DISABLE_160MHZ)) || 447 !cfg80211_chandef_valid(&chandef)) { 448 sdata_info(sdata, 449 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 450 ifmgd->bssid); 451 return -EINVAL; 452 } 453 454 switch (chandef.width) { 455 case NL80211_CHAN_WIDTH_20_NOHT: 456 case NL80211_CHAN_WIDTH_20: 457 new_sta_bw = IEEE80211_STA_RX_BW_20; 458 break; 459 case NL80211_CHAN_WIDTH_40: 460 new_sta_bw = IEEE80211_STA_RX_BW_40; 461 break; 462 case NL80211_CHAN_WIDTH_80: 463 new_sta_bw = IEEE80211_STA_RX_BW_80; 464 break; 465 case NL80211_CHAN_WIDTH_80P80: 466 case NL80211_CHAN_WIDTH_160: 467 new_sta_bw = IEEE80211_STA_RX_BW_160; 468 break; 469 default: 470 return -EINVAL; 471 } 472 473 if (new_sta_bw > sta->cur_max_bandwidth) 474 new_sta_bw = sta->cur_max_bandwidth; 475 476 if (new_sta_bw < sta->sta.bandwidth) { 477 sta->sta.bandwidth = new_sta_bw; 478 rate_control_rate_update(local, sband, sta, 479 IEEE80211_RC_BW_CHANGED); 480 } 481 482 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 483 if (ret) { 484 sdata_info(sdata, 485 "AP %pM changed bandwidth to incompatible one - disconnect\n", 486 ifmgd->bssid); 487 return ret; 488 } 489 490 if (new_sta_bw > sta->sta.bandwidth) { 491 sta->sta.bandwidth = new_sta_bw; 492 rate_control_rate_update(local, sband, sta, 493 IEEE80211_RC_BW_CHANGED); 494 } 495 496 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 497 498 /* if bss configuration changed store the new one */ 499 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 500 *changed |= BSS_CHANGED_HT; 501 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 502 } 503 504 return 0; 505 } 506 507 /* frame sending functions */ 508 509 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 510 struct ieee80211_supported_band *sband, 511 u32 *rates) 512 { 513 int i, j, count; 514 *rates = 0; 515 count = 0; 516 for (i = 0; i < supp_rates_len; i++) { 517 int rate = (supp_rates[i] & 0x7F) * 5; 518 519 for (j = 0; j < sband->n_bitrates; j++) 520 if (sband->bitrates[j].bitrate == rate) { 521 *rates |= BIT(j); 522 count++; 523 break; 524 } 525 } 526 527 return count; 528 } 529 530 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 531 struct sk_buff *skb, u8 ap_ht_param, 532 struct ieee80211_supported_band *sband, 533 struct ieee80211_channel *channel, 534 enum ieee80211_smps_mode smps) 535 { 536 u8 *pos; 537 u32 flags = channel->flags; 538 u16 cap; 539 struct ieee80211_sta_ht_cap ht_cap; 540 541 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 542 543 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 544 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 545 546 /* determine capability flags */ 547 cap = ht_cap.cap; 548 549 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 550 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 551 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 552 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 553 cap &= ~IEEE80211_HT_CAP_SGI_40; 554 } 555 break; 556 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 557 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 558 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 559 cap &= ~IEEE80211_HT_CAP_SGI_40; 560 } 561 break; 562 } 563 564 /* 565 * If 40 MHz was disabled associate as though we weren't 566 * capable of 40 MHz -- some broken APs will never fall 567 * back to trying to transmit in 20 MHz. 568 */ 569 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 570 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 571 cap &= ~IEEE80211_HT_CAP_SGI_40; 572 } 573 574 /* set SM PS mode properly */ 575 cap &= ~IEEE80211_HT_CAP_SM_PS; 576 switch (smps) { 577 case IEEE80211_SMPS_AUTOMATIC: 578 case IEEE80211_SMPS_NUM_MODES: 579 WARN_ON(1); 580 case IEEE80211_SMPS_OFF: 581 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 582 IEEE80211_HT_CAP_SM_PS_SHIFT; 583 break; 584 case IEEE80211_SMPS_STATIC: 585 cap |= WLAN_HT_CAP_SM_PS_STATIC << 586 IEEE80211_HT_CAP_SM_PS_SHIFT; 587 break; 588 case IEEE80211_SMPS_DYNAMIC: 589 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 590 IEEE80211_HT_CAP_SM_PS_SHIFT; 591 break; 592 } 593 594 /* reserve and fill IE */ 595 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 596 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 597 } 598 599 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 600 struct sk_buff *skb, 601 struct ieee80211_supported_band *sband, 602 struct ieee80211_vht_cap *ap_vht_cap) 603 { 604 u8 *pos; 605 u32 cap; 606 struct ieee80211_sta_vht_cap vht_cap; 607 int i; 608 609 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 610 611 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 612 613 /* determine capability flags */ 614 cap = vht_cap.cap; 615 616 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 617 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; 618 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 619 } 620 621 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 622 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 623 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 624 } 625 626 /* 627 * Some APs apparently get confused if our capabilities are better 628 * than theirs, so restrict what we advertise in the assoc request. 629 */ 630 if (!(ap_vht_cap->vht_cap_info & 631 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 632 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 633 634 if (!(ap_vht_cap->vht_cap_info & 635 cpu_to_le32(IEEE80211_VHT_CAP_TXSTBC))) 636 cap &= ~(IEEE80211_VHT_CAP_RXSTBC_1 | 637 IEEE80211_VHT_CAP_RXSTBC_3 | 638 IEEE80211_VHT_CAP_RXSTBC_4); 639 640 for (i = 0; i < 8; i++) { 641 int shift = i * 2; 642 u16 mask = IEEE80211_VHT_MCS_NOT_SUPPORTED << shift; 643 u16 ap_mcs, our_mcs; 644 645 ap_mcs = (le16_to_cpu(ap_vht_cap->supp_mcs.tx_mcs_map) & 646 mask) >> shift; 647 our_mcs = (le16_to_cpu(vht_cap.vht_mcs.rx_mcs_map) & 648 mask) >> shift; 649 650 if (our_mcs == IEEE80211_VHT_MCS_NOT_SUPPORTED) 651 continue; 652 653 switch (ap_mcs) { 654 default: 655 if (our_mcs <= ap_mcs) 656 break; 657 /* fall through */ 658 case IEEE80211_VHT_MCS_NOT_SUPPORTED: 659 vht_cap.vht_mcs.rx_mcs_map &= cpu_to_le16(~mask); 660 vht_cap.vht_mcs.rx_mcs_map |= 661 cpu_to_le16(ap_mcs << shift); 662 } 663 } 664 665 /* reserve and fill IE */ 666 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 667 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 668 } 669 670 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 671 { 672 struct ieee80211_local *local = sdata->local; 673 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 674 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 675 struct sk_buff *skb; 676 struct ieee80211_mgmt *mgmt; 677 u8 *pos, qos_info; 678 size_t offset = 0, noffset; 679 int i, count, rates_len, supp_rates_len; 680 u16 capab; 681 struct ieee80211_supported_band *sband; 682 struct ieee80211_chanctx_conf *chanctx_conf; 683 struct ieee80211_channel *chan; 684 u32 rates = 0; 685 686 lockdep_assert_held(&ifmgd->mtx); 687 688 rcu_read_lock(); 689 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 690 if (WARN_ON(!chanctx_conf)) { 691 rcu_read_unlock(); 692 return; 693 } 694 chan = chanctx_conf->def.chan; 695 rcu_read_unlock(); 696 sband = local->hw.wiphy->bands[chan->band]; 697 698 if (assoc_data->supp_rates_len) { 699 /* 700 * Get all rates supported by the device and the AP as 701 * some APs don't like getting a superset of their rates 702 * in the association request (e.g. D-Link DAP 1353 in 703 * b-only mode)... 704 */ 705 rates_len = ieee80211_compatible_rates(assoc_data->supp_rates, 706 assoc_data->supp_rates_len, 707 sband, &rates); 708 } else { 709 /* 710 * In case AP not provide any supported rates information 711 * before association, we send information element(s) with 712 * all rates that we support. 713 */ 714 rates = ~0; 715 rates_len = sband->n_bitrates; 716 } 717 718 skb = alloc_skb(local->hw.extra_tx_headroom + 719 sizeof(*mgmt) + /* bit too much but doesn't matter */ 720 2 + assoc_data->ssid_len + /* SSID */ 721 4 + rates_len + /* (extended) rates */ 722 4 + /* power capability */ 723 2 + 2 * sband->n_channels + /* supported channels */ 724 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 725 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 726 assoc_data->ie_len + /* extra IEs */ 727 9, /* WMM */ 728 GFP_KERNEL); 729 if (!skb) 730 return; 731 732 skb_reserve(skb, local->hw.extra_tx_headroom); 733 734 capab = WLAN_CAPABILITY_ESS; 735 736 if (sband->band == IEEE80211_BAND_2GHZ) { 737 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 738 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 739 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 740 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 741 } 742 743 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 744 capab |= WLAN_CAPABILITY_PRIVACY; 745 746 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 747 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 748 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 749 750 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 751 memset(mgmt, 0, 24); 752 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 753 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 754 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 755 756 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 757 skb_put(skb, 10); 758 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 759 IEEE80211_STYPE_REASSOC_REQ); 760 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 761 mgmt->u.reassoc_req.listen_interval = 762 cpu_to_le16(local->hw.conf.listen_interval); 763 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 764 ETH_ALEN); 765 } else { 766 skb_put(skb, 4); 767 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 768 IEEE80211_STYPE_ASSOC_REQ); 769 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 770 mgmt->u.assoc_req.listen_interval = 771 cpu_to_le16(local->hw.conf.listen_interval); 772 } 773 774 /* SSID */ 775 pos = skb_put(skb, 2 + assoc_data->ssid_len); 776 *pos++ = WLAN_EID_SSID; 777 *pos++ = assoc_data->ssid_len; 778 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 779 780 /* add all rates which were marked to be used above */ 781 supp_rates_len = rates_len; 782 if (supp_rates_len > 8) 783 supp_rates_len = 8; 784 785 pos = skb_put(skb, supp_rates_len + 2); 786 *pos++ = WLAN_EID_SUPP_RATES; 787 *pos++ = supp_rates_len; 788 789 count = 0; 790 for (i = 0; i < sband->n_bitrates; i++) { 791 if (BIT(i) & rates) { 792 int rate = sband->bitrates[i].bitrate; 793 *pos++ = (u8) (rate / 5); 794 if (++count == 8) 795 break; 796 } 797 } 798 799 if (rates_len > count) { 800 pos = skb_put(skb, rates_len - count + 2); 801 *pos++ = WLAN_EID_EXT_SUPP_RATES; 802 *pos++ = rates_len - count; 803 804 for (i++; i < sband->n_bitrates; i++) { 805 if (BIT(i) & rates) { 806 int rate = sband->bitrates[i].bitrate; 807 *pos++ = (u8) (rate / 5); 808 } 809 } 810 } 811 812 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 813 /* 1. power capabilities */ 814 pos = skb_put(skb, 4); 815 *pos++ = WLAN_EID_PWR_CAPABILITY; 816 *pos++ = 2; 817 *pos++ = 0; /* min tx power */ 818 *pos++ = chan->max_power; /* max tx power */ 819 820 /* 2. supported channels */ 821 /* TODO: get this in reg domain format */ 822 pos = skb_put(skb, 2 * sband->n_channels + 2); 823 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 824 *pos++ = 2 * sband->n_channels; 825 for (i = 0; i < sband->n_channels; i++) { 826 *pos++ = ieee80211_frequency_to_channel( 827 sband->channels[i].center_freq); 828 *pos++ = 1; /* one channel in the subband*/ 829 } 830 } 831 832 /* if present, add any custom IEs that go before HT */ 833 if (assoc_data->ie_len && assoc_data->ie) { 834 static const u8 before_ht[] = { 835 WLAN_EID_SSID, 836 WLAN_EID_SUPP_RATES, 837 WLAN_EID_EXT_SUPP_RATES, 838 WLAN_EID_PWR_CAPABILITY, 839 WLAN_EID_SUPPORTED_CHANNELS, 840 WLAN_EID_RSN, 841 WLAN_EID_QOS_CAPA, 842 WLAN_EID_RRM_ENABLED_CAPABILITIES, 843 WLAN_EID_MOBILITY_DOMAIN, 844 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 845 }; 846 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 847 before_ht, ARRAY_SIZE(before_ht), 848 offset); 849 pos = skb_put(skb, noffset - offset); 850 memcpy(pos, assoc_data->ie + offset, noffset - offset); 851 offset = noffset; 852 } 853 854 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 855 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 856 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 857 858 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 859 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 860 sband, chan, sdata->smps_mode); 861 862 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 863 ieee80211_add_vht_ie(sdata, skb, sband, 864 &assoc_data->ap_vht_cap); 865 866 /* if present, add any custom non-vendor IEs that go after HT */ 867 if (assoc_data->ie_len && assoc_data->ie) { 868 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 869 assoc_data->ie_len, 870 offset); 871 pos = skb_put(skb, noffset - offset); 872 memcpy(pos, assoc_data->ie + offset, noffset - offset); 873 offset = noffset; 874 } 875 876 if (assoc_data->wmm) { 877 if (assoc_data->uapsd) { 878 qos_info = ifmgd->uapsd_queues; 879 qos_info |= (ifmgd->uapsd_max_sp_len << 880 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 881 } else { 882 qos_info = 0; 883 } 884 885 pos = skb_put(skb, 9); 886 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 887 *pos++ = 7; /* len */ 888 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 889 *pos++ = 0x50; 890 *pos++ = 0xf2; 891 *pos++ = 2; /* WME */ 892 *pos++ = 0; /* WME info */ 893 *pos++ = 1; /* WME ver */ 894 *pos++ = qos_info; 895 } 896 897 /* add any remaining custom (i.e. vendor specific here) IEs */ 898 if (assoc_data->ie_len && assoc_data->ie) { 899 noffset = assoc_data->ie_len; 900 pos = skb_put(skb, noffset - offset); 901 memcpy(pos, assoc_data->ie + offset, noffset - offset); 902 } 903 904 drv_mgd_prepare_tx(local, sdata); 905 906 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 907 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 908 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 909 IEEE80211_TX_INTFL_MLME_CONN_TX; 910 ieee80211_tx_skb(sdata, skb); 911 } 912 913 void ieee80211_send_pspoll(struct ieee80211_local *local, 914 struct ieee80211_sub_if_data *sdata) 915 { 916 struct ieee80211_pspoll *pspoll; 917 struct sk_buff *skb; 918 919 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 920 if (!skb) 921 return; 922 923 pspoll = (struct ieee80211_pspoll *) skb->data; 924 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 925 926 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 927 ieee80211_tx_skb(sdata, skb); 928 } 929 930 void ieee80211_send_nullfunc(struct ieee80211_local *local, 931 struct ieee80211_sub_if_data *sdata, 932 int powersave) 933 { 934 struct sk_buff *skb; 935 struct ieee80211_hdr_3addr *nullfunc; 936 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 937 938 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 939 if (!skb) 940 return; 941 942 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 943 if (powersave) 944 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 945 946 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 947 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 948 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 949 IEEE80211_STA_CONNECTION_POLL)) 950 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 951 952 ieee80211_tx_skb(sdata, skb); 953 } 954 955 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 956 struct ieee80211_sub_if_data *sdata) 957 { 958 struct sk_buff *skb; 959 struct ieee80211_hdr *nullfunc; 960 __le16 fc; 961 962 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 963 return; 964 965 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 966 if (!skb) 967 return; 968 969 skb_reserve(skb, local->hw.extra_tx_headroom); 970 971 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 972 memset(nullfunc, 0, 30); 973 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 974 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 975 nullfunc->frame_control = fc; 976 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 977 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 978 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 979 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 980 981 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 982 ieee80211_tx_skb(sdata, skb); 983 } 984 985 /* spectrum management related things */ 986 static void ieee80211_chswitch_work(struct work_struct *work) 987 { 988 struct ieee80211_sub_if_data *sdata = 989 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 990 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 991 992 if (!ieee80211_sdata_running(sdata)) 993 return; 994 995 mutex_lock(&ifmgd->mtx); 996 if (!ifmgd->associated) 997 goto out; 998 999 sdata->local->_oper_channel = sdata->local->csa_channel; 1000 if (!sdata->local->ops->channel_switch) { 1001 /* call "hw_config" only if doing sw channel switch */ 1002 ieee80211_hw_config(sdata->local, 1003 IEEE80211_CONF_CHANGE_CHANNEL); 1004 } else { 1005 /* update the device channel directly */ 1006 sdata->local->hw.conf.channel = sdata->local->_oper_channel; 1007 } 1008 1009 /* XXX: shouldn't really modify cfg80211-owned data! */ 1010 ifmgd->associated->channel = sdata->local->_oper_channel; 1011 1012 /* XXX: wait for a beacon first? */ 1013 ieee80211_wake_queues_by_reason(&sdata->local->hw, 1014 IEEE80211_QUEUE_STOP_REASON_CSA); 1015 out: 1016 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 1017 mutex_unlock(&ifmgd->mtx); 1018 } 1019 1020 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 1021 { 1022 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1023 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1024 1025 trace_api_chswitch_done(sdata, success); 1026 if (!success) { 1027 sdata_info(sdata, 1028 "driver channel switch failed, disconnecting\n"); 1029 ieee80211_queue_work(&sdata->local->hw, 1030 &ifmgd->csa_connection_drop_work); 1031 } else { 1032 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1033 } 1034 } 1035 EXPORT_SYMBOL(ieee80211_chswitch_done); 1036 1037 static void ieee80211_chswitch_timer(unsigned long data) 1038 { 1039 struct ieee80211_sub_if_data *sdata = 1040 (struct ieee80211_sub_if_data *) data; 1041 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1042 1043 if (sdata->local->quiescing) { 1044 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 1045 return; 1046 } 1047 1048 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1049 } 1050 1051 void 1052 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1053 const struct ieee80211_channel_sw_ie *sw_elem, 1054 struct ieee80211_bss *bss, u64 timestamp) 1055 { 1056 struct cfg80211_bss *cbss = 1057 container_of((void *)bss, struct cfg80211_bss, priv); 1058 struct ieee80211_channel *new_ch; 1059 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1060 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num, 1061 cbss->channel->band); 1062 struct ieee80211_chanctx *chanctx; 1063 1064 ASSERT_MGD_MTX(ifmgd); 1065 1066 if (!ifmgd->associated) 1067 return; 1068 1069 if (sdata->local->scanning) 1070 return; 1071 1072 /* Disregard subsequent beacons if we are already running a timer 1073 processing a CSA */ 1074 1075 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 1076 return; 1077 1078 new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 1079 if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) { 1080 sdata_info(sdata, 1081 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n", 1082 ifmgd->associated->bssid, new_freq); 1083 ieee80211_queue_work(&sdata->local->hw, 1084 &ifmgd->csa_connection_drop_work); 1085 return; 1086 } 1087 1088 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 1089 1090 if (sdata->local->use_chanctx) { 1091 sdata_info(sdata, 1092 "not handling channel switch with channel contexts\n"); 1093 ieee80211_queue_work(&sdata->local->hw, 1094 &ifmgd->csa_connection_drop_work); 1095 return; 1096 } 1097 1098 mutex_lock(&sdata->local->chanctx_mtx); 1099 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { 1100 mutex_unlock(&sdata->local->chanctx_mtx); 1101 return; 1102 } 1103 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), 1104 struct ieee80211_chanctx, conf); 1105 if (chanctx->refcount > 1) { 1106 sdata_info(sdata, 1107 "channel switch with multiple interfaces on the same channel, disconnecting\n"); 1108 ieee80211_queue_work(&sdata->local->hw, 1109 &ifmgd->csa_connection_drop_work); 1110 mutex_unlock(&sdata->local->chanctx_mtx); 1111 return; 1112 } 1113 mutex_unlock(&sdata->local->chanctx_mtx); 1114 1115 sdata->local->csa_channel = new_ch; 1116 1117 if (sw_elem->mode) 1118 ieee80211_stop_queues_by_reason(&sdata->local->hw, 1119 IEEE80211_QUEUE_STOP_REASON_CSA); 1120 1121 if (sdata->local->ops->channel_switch) { 1122 /* use driver's channel switch callback */ 1123 struct ieee80211_channel_switch ch_switch = { 1124 .timestamp = timestamp, 1125 .block_tx = sw_elem->mode, 1126 .channel = new_ch, 1127 .count = sw_elem->count, 1128 }; 1129 1130 drv_channel_switch(sdata->local, &ch_switch); 1131 return; 1132 } 1133 1134 /* channel switch handled in software */ 1135 if (sw_elem->count <= 1) 1136 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1137 else 1138 mod_timer(&ifmgd->chswitch_timer, 1139 TU_TO_EXP_TIME(sw_elem->count * 1140 cbss->beacon_interval)); 1141 } 1142 1143 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1144 struct ieee80211_channel *channel, 1145 const u8 *country_ie, u8 country_ie_len, 1146 const u8 *pwr_constr_elem) 1147 { 1148 struct ieee80211_country_ie_triplet *triplet; 1149 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1150 int i, chan_pwr, chan_increment, new_ap_level; 1151 bool have_chan_pwr = false; 1152 1153 /* Invalid IE */ 1154 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1155 return 0; 1156 1157 triplet = (void *)(country_ie + 3); 1158 country_ie_len -= 3; 1159 1160 switch (channel->band) { 1161 default: 1162 WARN_ON_ONCE(1); 1163 /* fall through */ 1164 case IEEE80211_BAND_2GHZ: 1165 case IEEE80211_BAND_60GHZ: 1166 chan_increment = 1; 1167 break; 1168 case IEEE80211_BAND_5GHZ: 1169 chan_increment = 4; 1170 break; 1171 } 1172 1173 /* find channel */ 1174 while (country_ie_len >= 3) { 1175 u8 first_channel = triplet->chans.first_channel; 1176 1177 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1178 goto next; 1179 1180 for (i = 0; i < triplet->chans.num_channels; i++) { 1181 if (first_channel + i * chan_increment == chan) { 1182 have_chan_pwr = true; 1183 chan_pwr = triplet->chans.max_power; 1184 break; 1185 } 1186 } 1187 if (have_chan_pwr) 1188 break; 1189 1190 next: 1191 triplet++; 1192 country_ie_len -= 3; 1193 } 1194 1195 if (!have_chan_pwr) 1196 return 0; 1197 1198 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem); 1199 1200 if (sdata->ap_power_level == new_ap_level) 1201 return 0; 1202 1203 sdata_info(sdata, 1204 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1205 new_ap_level, chan_pwr, *pwr_constr_elem, 1206 sdata->u.mgd.bssid); 1207 sdata->ap_power_level = new_ap_level; 1208 if (__ieee80211_recalc_txpower(sdata)) 1209 return BSS_CHANGED_TXPOWER; 1210 return 0; 1211 } 1212 1213 /* powersave */ 1214 static void ieee80211_enable_ps(struct ieee80211_local *local, 1215 struct ieee80211_sub_if_data *sdata) 1216 { 1217 struct ieee80211_conf *conf = &local->hw.conf; 1218 1219 /* 1220 * If we are scanning right now then the parameters will 1221 * take effect when scan finishes. 1222 */ 1223 if (local->scanning) 1224 return; 1225 1226 if (conf->dynamic_ps_timeout > 0 && 1227 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1228 mod_timer(&local->dynamic_ps_timer, jiffies + 1229 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1230 } else { 1231 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1232 ieee80211_send_nullfunc(local, sdata, 1); 1233 1234 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1235 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1236 return; 1237 1238 conf->flags |= IEEE80211_CONF_PS; 1239 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1240 } 1241 } 1242 1243 static void ieee80211_change_ps(struct ieee80211_local *local) 1244 { 1245 struct ieee80211_conf *conf = &local->hw.conf; 1246 1247 if (local->ps_sdata) { 1248 ieee80211_enable_ps(local, local->ps_sdata); 1249 } else if (conf->flags & IEEE80211_CONF_PS) { 1250 conf->flags &= ~IEEE80211_CONF_PS; 1251 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1252 del_timer_sync(&local->dynamic_ps_timer); 1253 cancel_work_sync(&local->dynamic_ps_enable_work); 1254 } 1255 } 1256 1257 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1258 { 1259 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1260 struct sta_info *sta = NULL; 1261 bool authorized = false; 1262 1263 if (!mgd->powersave) 1264 return false; 1265 1266 if (mgd->broken_ap) 1267 return false; 1268 1269 if (!mgd->associated) 1270 return false; 1271 1272 if (mgd->flags & (IEEE80211_STA_BEACON_POLL | 1273 IEEE80211_STA_CONNECTION_POLL)) 1274 return false; 1275 1276 rcu_read_lock(); 1277 sta = sta_info_get(sdata, mgd->bssid); 1278 if (sta) 1279 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1280 rcu_read_unlock(); 1281 1282 return authorized; 1283 } 1284 1285 /* need to hold RTNL or interface lock */ 1286 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1287 { 1288 struct ieee80211_sub_if_data *sdata, *found = NULL; 1289 int count = 0; 1290 int timeout; 1291 1292 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1293 local->ps_sdata = NULL; 1294 return; 1295 } 1296 1297 list_for_each_entry(sdata, &local->interfaces, list) { 1298 if (!ieee80211_sdata_running(sdata)) 1299 continue; 1300 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1301 /* If an AP vif is found, then disable PS 1302 * by setting the count to zero thereby setting 1303 * ps_sdata to NULL. 1304 */ 1305 count = 0; 1306 break; 1307 } 1308 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1309 continue; 1310 found = sdata; 1311 count++; 1312 } 1313 1314 if (count == 1 && ieee80211_powersave_allowed(found)) { 1315 s32 beaconint_us; 1316 1317 if (latency < 0) 1318 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1319 1320 beaconint_us = ieee80211_tu_to_usec( 1321 found->vif.bss_conf.beacon_int); 1322 1323 timeout = local->dynamic_ps_forced_timeout; 1324 if (timeout < 0) { 1325 /* 1326 * Go to full PSM if the user configures a very low 1327 * latency requirement. 1328 * The 2000 second value is there for compatibility 1329 * until the PM_QOS_NETWORK_LATENCY is configured 1330 * with real values. 1331 */ 1332 if (latency > (1900 * USEC_PER_MSEC) && 1333 latency != (2000 * USEC_PER_SEC)) 1334 timeout = 0; 1335 else 1336 timeout = 100; 1337 } 1338 local->hw.conf.dynamic_ps_timeout = timeout; 1339 1340 if (beaconint_us > latency) { 1341 local->ps_sdata = NULL; 1342 } else { 1343 int maxslp = 1; 1344 u8 dtimper = found->u.mgd.dtim_period; 1345 1346 /* If the TIM IE is invalid, pretend the value is 1 */ 1347 if (!dtimper) 1348 dtimper = 1; 1349 else if (dtimper > 1) 1350 maxslp = min_t(int, dtimper, 1351 latency / beaconint_us); 1352 1353 local->hw.conf.max_sleep_period = maxslp; 1354 local->hw.conf.ps_dtim_period = dtimper; 1355 local->ps_sdata = found; 1356 } 1357 } else { 1358 local->ps_sdata = NULL; 1359 } 1360 1361 ieee80211_change_ps(local); 1362 } 1363 1364 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1365 { 1366 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1367 1368 if (sdata->vif.bss_conf.ps != ps_allowed) { 1369 sdata->vif.bss_conf.ps = ps_allowed; 1370 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1371 } 1372 } 1373 1374 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1375 { 1376 struct ieee80211_local *local = 1377 container_of(work, struct ieee80211_local, 1378 dynamic_ps_disable_work); 1379 1380 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1381 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1382 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1383 } 1384 1385 ieee80211_wake_queues_by_reason(&local->hw, 1386 IEEE80211_QUEUE_STOP_REASON_PS); 1387 } 1388 1389 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1390 { 1391 struct ieee80211_local *local = 1392 container_of(work, struct ieee80211_local, 1393 dynamic_ps_enable_work); 1394 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1395 struct ieee80211_if_managed *ifmgd; 1396 unsigned long flags; 1397 int q; 1398 1399 /* can only happen when PS was just disabled anyway */ 1400 if (!sdata) 1401 return; 1402 1403 ifmgd = &sdata->u.mgd; 1404 1405 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1406 return; 1407 1408 if (local->hw.conf.dynamic_ps_timeout > 0) { 1409 /* don't enter PS if TX frames are pending */ 1410 if (drv_tx_frames_pending(local)) { 1411 mod_timer(&local->dynamic_ps_timer, jiffies + 1412 msecs_to_jiffies( 1413 local->hw.conf.dynamic_ps_timeout)); 1414 return; 1415 } 1416 1417 /* 1418 * transmission can be stopped by others which leads to 1419 * dynamic_ps_timer expiry. Postpone the ps timer if it 1420 * is not the actual idle state. 1421 */ 1422 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1423 for (q = 0; q < local->hw.queues; q++) { 1424 if (local->queue_stop_reasons[q]) { 1425 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1426 flags); 1427 mod_timer(&local->dynamic_ps_timer, jiffies + 1428 msecs_to_jiffies( 1429 local->hw.conf.dynamic_ps_timeout)); 1430 return; 1431 } 1432 } 1433 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1434 } 1435 1436 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1437 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1438 netif_tx_stop_all_queues(sdata->dev); 1439 1440 if (drv_tx_frames_pending(local)) 1441 mod_timer(&local->dynamic_ps_timer, jiffies + 1442 msecs_to_jiffies( 1443 local->hw.conf.dynamic_ps_timeout)); 1444 else { 1445 ieee80211_send_nullfunc(local, sdata, 1); 1446 /* Flush to get the tx status of nullfunc frame */ 1447 drv_flush(local, false); 1448 } 1449 } 1450 1451 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1452 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1453 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1454 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1455 local->hw.conf.flags |= IEEE80211_CONF_PS; 1456 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1457 } 1458 1459 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1460 netif_tx_wake_all_queues(sdata->dev); 1461 } 1462 1463 void ieee80211_dynamic_ps_timer(unsigned long data) 1464 { 1465 struct ieee80211_local *local = (void *) data; 1466 1467 if (local->quiescing || local->suspended) 1468 return; 1469 1470 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1471 } 1472 1473 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1474 { 1475 struct delayed_work *delayed_work = 1476 container_of(work, struct delayed_work, work); 1477 struct ieee80211_sub_if_data *sdata = 1478 container_of(delayed_work, struct ieee80211_sub_if_data, 1479 dfs_cac_timer_work); 1480 1481 ieee80211_vif_release_channel(sdata); 1482 1483 cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL); 1484 } 1485 1486 /* MLME */ 1487 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1488 struct ieee80211_sub_if_data *sdata, 1489 const u8 *wmm_param, size_t wmm_param_len) 1490 { 1491 struct ieee80211_tx_queue_params params; 1492 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1493 size_t left; 1494 int count; 1495 const u8 *pos; 1496 u8 uapsd_queues = 0; 1497 1498 if (!local->ops->conf_tx) 1499 return false; 1500 1501 if (local->hw.queues < IEEE80211_NUM_ACS) 1502 return false; 1503 1504 if (!wmm_param) 1505 return false; 1506 1507 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1508 return false; 1509 1510 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1511 uapsd_queues = ifmgd->uapsd_queues; 1512 1513 count = wmm_param[6] & 0x0f; 1514 if (count == ifmgd->wmm_last_param_set) 1515 return false; 1516 ifmgd->wmm_last_param_set = count; 1517 1518 pos = wmm_param + 8; 1519 left = wmm_param_len - 8; 1520 1521 memset(¶ms, 0, sizeof(params)); 1522 1523 sdata->wmm_acm = 0; 1524 for (; left >= 4; left -= 4, pos += 4) { 1525 int aci = (pos[0] >> 5) & 0x03; 1526 int acm = (pos[0] >> 4) & 0x01; 1527 bool uapsd = false; 1528 int queue; 1529 1530 switch (aci) { 1531 case 1: /* AC_BK */ 1532 queue = 3; 1533 if (acm) 1534 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1535 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1536 uapsd = true; 1537 break; 1538 case 2: /* AC_VI */ 1539 queue = 1; 1540 if (acm) 1541 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1542 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1543 uapsd = true; 1544 break; 1545 case 3: /* AC_VO */ 1546 queue = 0; 1547 if (acm) 1548 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1549 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1550 uapsd = true; 1551 break; 1552 case 0: /* AC_BE */ 1553 default: 1554 queue = 2; 1555 if (acm) 1556 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1557 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1558 uapsd = true; 1559 break; 1560 } 1561 1562 params.aifs = pos[0] & 0x0f; 1563 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1564 params.cw_min = ecw2cw(pos[1] & 0x0f); 1565 params.txop = get_unaligned_le16(pos + 2); 1566 params.uapsd = uapsd; 1567 1568 mlme_dbg(sdata, 1569 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 1570 queue, aci, acm, 1571 params.aifs, params.cw_min, params.cw_max, 1572 params.txop, params.uapsd); 1573 sdata->tx_conf[queue] = params; 1574 if (drv_conf_tx(local, sdata, queue, ¶ms)) 1575 sdata_err(sdata, 1576 "failed to set TX queue parameters for queue %d\n", 1577 queue); 1578 } 1579 1580 /* enable WMM or activate new settings */ 1581 sdata->vif.bss_conf.qos = true; 1582 return true; 1583 } 1584 1585 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1586 { 1587 lockdep_assert_held(&sdata->local->mtx); 1588 1589 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1590 IEEE80211_STA_BEACON_POLL); 1591 ieee80211_run_deferred_scan(sdata->local); 1592 } 1593 1594 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1595 { 1596 mutex_lock(&sdata->local->mtx); 1597 __ieee80211_stop_poll(sdata); 1598 mutex_unlock(&sdata->local->mtx); 1599 } 1600 1601 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1602 u16 capab, bool erp_valid, u8 erp) 1603 { 1604 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1605 u32 changed = 0; 1606 bool use_protection; 1607 bool use_short_preamble; 1608 bool use_short_slot; 1609 1610 if (erp_valid) { 1611 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1612 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1613 } else { 1614 use_protection = false; 1615 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1616 } 1617 1618 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1619 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1620 use_short_slot = true; 1621 1622 if (use_protection != bss_conf->use_cts_prot) { 1623 bss_conf->use_cts_prot = use_protection; 1624 changed |= BSS_CHANGED_ERP_CTS_PROT; 1625 } 1626 1627 if (use_short_preamble != bss_conf->use_short_preamble) { 1628 bss_conf->use_short_preamble = use_short_preamble; 1629 changed |= BSS_CHANGED_ERP_PREAMBLE; 1630 } 1631 1632 if (use_short_slot != bss_conf->use_short_slot) { 1633 bss_conf->use_short_slot = use_short_slot; 1634 changed |= BSS_CHANGED_ERP_SLOT; 1635 } 1636 1637 return changed; 1638 } 1639 1640 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1641 struct cfg80211_bss *cbss, 1642 u32 bss_info_changed) 1643 { 1644 struct ieee80211_bss *bss = (void *)cbss->priv; 1645 struct ieee80211_local *local = sdata->local; 1646 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1647 1648 bss_info_changed |= BSS_CHANGED_ASSOC; 1649 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1650 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1651 1652 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1653 IEEE80211_BEACON_LOSS_COUNT * bss_conf->beacon_int)); 1654 1655 sdata->u.mgd.associated = cbss; 1656 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1657 1658 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1659 1660 if (sdata->vif.p2p) { 1661 const struct cfg80211_bss_ies *ies; 1662 1663 rcu_read_lock(); 1664 ies = rcu_dereference(cbss->ies); 1665 if (ies) { 1666 u8 noa[2]; 1667 int ret; 1668 1669 ret = cfg80211_get_p2p_attr( 1670 ies->data, ies->len, 1671 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1672 noa, sizeof(noa)); 1673 if (ret >= 2) { 1674 bss_conf->p2p_oppps = noa[1] & 0x80; 1675 bss_conf->p2p_ctwindow = noa[1] & 0x7f; 1676 bss_info_changed |= BSS_CHANGED_P2P_PS; 1677 sdata->u.mgd.p2p_noa_index = noa[0]; 1678 } 1679 } 1680 rcu_read_unlock(); 1681 } 1682 1683 /* just to be sure */ 1684 ieee80211_stop_poll(sdata); 1685 1686 ieee80211_led_assoc(local, 1); 1687 1688 if (sdata->u.mgd.assoc_data->have_beacon) { 1689 /* 1690 * If the AP is buggy we may get here with no DTIM period 1691 * known, so assume it's 1 which is the only safe assumption 1692 * in that case, although if the TIM IE is broken powersave 1693 * probably just won't work at all. 1694 */ 1695 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1696 bss_info_changed |= BSS_CHANGED_DTIM_PERIOD; 1697 } else { 1698 bss_conf->dtim_period = 0; 1699 } 1700 1701 bss_conf->assoc = 1; 1702 1703 /* Tell the driver to monitor connection quality (if supported) */ 1704 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1705 bss_conf->cqm_rssi_thold) 1706 bss_info_changed |= BSS_CHANGED_CQM; 1707 1708 /* Enable ARP filtering */ 1709 if (bss_conf->arp_addr_cnt) 1710 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1711 1712 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1713 1714 mutex_lock(&local->iflist_mtx); 1715 ieee80211_recalc_ps(local, -1); 1716 mutex_unlock(&local->iflist_mtx); 1717 1718 ieee80211_recalc_smps(sdata); 1719 ieee80211_recalc_ps_vif(sdata); 1720 1721 netif_tx_start_all_queues(sdata->dev); 1722 netif_carrier_on(sdata->dev); 1723 } 1724 1725 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1726 u16 stype, u16 reason, bool tx, 1727 u8 *frame_buf) 1728 { 1729 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1730 struct ieee80211_local *local = sdata->local; 1731 u32 changed = 0; 1732 1733 ASSERT_MGD_MTX(ifmgd); 1734 1735 if (WARN_ON_ONCE(tx && !frame_buf)) 1736 return; 1737 1738 if (WARN_ON(!ifmgd->associated)) 1739 return; 1740 1741 ieee80211_stop_poll(sdata); 1742 1743 ifmgd->associated = NULL; 1744 1745 /* 1746 * we need to commit the associated = NULL change because the 1747 * scan code uses that to determine whether this iface should 1748 * go to/wake up from powersave or not -- and could otherwise 1749 * wake the queues erroneously. 1750 */ 1751 smp_mb(); 1752 1753 /* 1754 * Thus, we can only afterwards stop the queues -- to account 1755 * for the case where another CPU is finishing a scan at this 1756 * time -- we don't want the scan code to enable queues. 1757 */ 1758 1759 netif_tx_stop_all_queues(sdata->dev); 1760 netif_carrier_off(sdata->dev); 1761 1762 /* 1763 * if we want to get out of ps before disassoc (why?) we have 1764 * to do it before sending disassoc, as otherwise the null-packet 1765 * won't be valid. 1766 */ 1767 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1768 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1769 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1770 } 1771 local->ps_sdata = NULL; 1772 1773 /* disable per-vif ps */ 1774 ieee80211_recalc_ps_vif(sdata); 1775 1776 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1777 if (tx) 1778 drv_flush(local, false); 1779 1780 /* deauthenticate/disassociate now */ 1781 if (tx || frame_buf) 1782 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1783 reason, tx, frame_buf); 1784 1785 /* flush out frame */ 1786 if (tx) 1787 drv_flush(local, false); 1788 1789 /* clear bssid only after building the needed mgmt frames */ 1790 memset(ifmgd->bssid, 0, ETH_ALEN); 1791 1792 /* remove AP and TDLS peers */ 1793 sta_info_flush_defer(sdata); 1794 1795 /* finally reset all BSS / config parameters */ 1796 changed |= ieee80211_reset_erp_info(sdata); 1797 1798 ieee80211_led_assoc(local, 0); 1799 changed |= BSS_CHANGED_ASSOC; 1800 sdata->vif.bss_conf.assoc = false; 1801 1802 sdata->vif.bss_conf.p2p_ctwindow = 0; 1803 sdata->vif.bss_conf.p2p_oppps = false; 1804 1805 /* on the next assoc, re-program HT parameters */ 1806 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1807 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 1808 1809 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 1810 1811 del_timer_sync(&local->dynamic_ps_timer); 1812 cancel_work_sync(&local->dynamic_ps_enable_work); 1813 1814 /* Disable ARP filtering */ 1815 if (sdata->vif.bss_conf.arp_addr_cnt) 1816 changed |= BSS_CHANGED_ARP_FILTER; 1817 1818 sdata->vif.bss_conf.qos = false; 1819 changed |= BSS_CHANGED_QOS; 1820 1821 /* The BSSID (not really interesting) and HT changed */ 1822 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1823 ieee80211_bss_info_change_notify(sdata, changed); 1824 1825 /* disassociated - set to defaults now */ 1826 ieee80211_set_wmm_default(sdata, false); 1827 1828 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1829 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1830 del_timer_sync(&sdata->u.mgd.timer); 1831 del_timer_sync(&sdata->u.mgd.chswitch_timer); 1832 1833 sdata->u.mgd.timers_running = 0; 1834 1835 sdata->vif.bss_conf.dtim_period = 0; 1836 1837 ifmgd->flags = 0; 1838 ieee80211_vif_release_channel(sdata); 1839 } 1840 1841 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1842 struct ieee80211_hdr *hdr) 1843 { 1844 /* 1845 * We can postpone the mgd.timer whenever receiving unicast frames 1846 * from AP because we know that the connection is working both ways 1847 * at that time. But multicast frames (and hence also beacons) must 1848 * be ignored here, because we need to trigger the timer during 1849 * data idle periods for sending the periodic probe request to the 1850 * AP we're connected to. 1851 */ 1852 if (is_multicast_ether_addr(hdr->addr1)) 1853 return; 1854 1855 ieee80211_sta_reset_conn_monitor(sdata); 1856 } 1857 1858 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 1859 { 1860 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1861 struct ieee80211_local *local = sdata->local; 1862 1863 mutex_lock(&local->mtx); 1864 if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1865 IEEE80211_STA_CONNECTION_POLL))) { 1866 mutex_unlock(&local->mtx); 1867 return; 1868 } 1869 1870 __ieee80211_stop_poll(sdata); 1871 1872 mutex_lock(&local->iflist_mtx); 1873 ieee80211_recalc_ps(local, -1); 1874 mutex_unlock(&local->iflist_mtx); 1875 1876 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1877 goto out; 1878 1879 /* 1880 * We've received a probe response, but are not sure whether 1881 * we have or will be receiving any beacons or data, so let's 1882 * schedule the timers again, just in case. 1883 */ 1884 ieee80211_sta_reset_beacon_monitor(sdata); 1885 1886 mod_timer(&ifmgd->conn_mon_timer, 1887 round_jiffies_up(jiffies + 1888 IEEE80211_CONNECTION_IDLE_TIME)); 1889 out: 1890 mutex_unlock(&local->mtx); 1891 } 1892 1893 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1894 struct ieee80211_hdr *hdr, bool ack) 1895 { 1896 if (!ieee80211_is_data(hdr->frame_control)) 1897 return; 1898 1899 if (ieee80211_is_nullfunc(hdr->frame_control) && 1900 sdata->u.mgd.probe_send_count > 0) { 1901 if (ack) 1902 ieee80211_sta_reset_conn_monitor(sdata); 1903 else 1904 sdata->u.mgd.nullfunc_failed = true; 1905 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 1906 return; 1907 } 1908 1909 if (ack) 1910 ieee80211_sta_reset_conn_monitor(sdata); 1911 } 1912 1913 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 1914 { 1915 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1916 const u8 *ssid; 1917 u8 *dst = ifmgd->associated->bssid; 1918 u8 unicast_limit = max(1, max_probe_tries - 3); 1919 1920 /* 1921 * Try sending broadcast probe requests for the last three 1922 * probe requests after the first ones failed since some 1923 * buggy APs only support broadcast probe requests. 1924 */ 1925 if (ifmgd->probe_send_count >= unicast_limit) 1926 dst = NULL; 1927 1928 /* 1929 * When the hardware reports an accurate Tx ACK status, it's 1930 * better to send a nullfunc frame instead of a probe request, 1931 * as it will kick us off the AP quickly if we aren't associated 1932 * anymore. The timeout will be reset if the frame is ACKed by 1933 * the AP. 1934 */ 1935 ifmgd->probe_send_count++; 1936 1937 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 1938 ifmgd->nullfunc_failed = false; 1939 ieee80211_send_nullfunc(sdata->local, sdata, 0); 1940 } else { 1941 int ssid_len; 1942 1943 rcu_read_lock(); 1944 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 1945 if (WARN_ON_ONCE(ssid == NULL)) 1946 ssid_len = 0; 1947 else 1948 ssid_len = ssid[1]; 1949 1950 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 1951 0, (u32) -1, true, 0, 1952 ifmgd->associated->channel, false); 1953 rcu_read_unlock(); 1954 } 1955 1956 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 1957 run_again(ifmgd, ifmgd->probe_timeout); 1958 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 1959 drv_flush(sdata->local, false); 1960 } 1961 1962 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 1963 bool beacon) 1964 { 1965 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1966 bool already = false; 1967 1968 if (!ieee80211_sdata_running(sdata)) 1969 return; 1970 1971 mutex_lock(&ifmgd->mtx); 1972 1973 if (!ifmgd->associated) 1974 goto out; 1975 1976 mutex_lock(&sdata->local->mtx); 1977 1978 if (sdata->local->tmp_channel || sdata->local->scanning) { 1979 mutex_unlock(&sdata->local->mtx); 1980 goto out; 1981 } 1982 1983 if (beacon) 1984 mlme_dbg_ratelimited(sdata, 1985 "detected beacon loss from AP - probing\n"); 1986 1987 ieee80211_cqm_rssi_notify(&sdata->vif, 1988 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, GFP_KERNEL); 1989 1990 /* 1991 * The driver/our work has already reported this event or the 1992 * connection monitoring has kicked in and we have already sent 1993 * a probe request. Or maybe the AP died and the driver keeps 1994 * reporting until we disassociate... 1995 * 1996 * In either case we have to ignore the current call to this 1997 * function (except for setting the correct probe reason bit) 1998 * because otherwise we would reset the timer every time and 1999 * never check whether we received a probe response! 2000 */ 2001 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 2002 IEEE80211_STA_CONNECTION_POLL)) 2003 already = true; 2004 2005 if (beacon) 2006 ifmgd->flags |= IEEE80211_STA_BEACON_POLL; 2007 else 2008 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 2009 2010 mutex_unlock(&sdata->local->mtx); 2011 2012 if (already) 2013 goto out; 2014 2015 mutex_lock(&sdata->local->iflist_mtx); 2016 ieee80211_recalc_ps(sdata->local, -1); 2017 mutex_unlock(&sdata->local->iflist_mtx); 2018 2019 ifmgd->probe_send_count = 0; 2020 ieee80211_mgd_probe_ap_send(sdata); 2021 out: 2022 mutex_unlock(&ifmgd->mtx); 2023 } 2024 2025 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 2026 struct ieee80211_vif *vif) 2027 { 2028 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2029 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2030 struct cfg80211_bss *cbss; 2031 struct sk_buff *skb; 2032 const u8 *ssid; 2033 int ssid_len; 2034 2035 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2036 return NULL; 2037 2038 ASSERT_MGD_MTX(ifmgd); 2039 2040 if (ifmgd->associated) 2041 cbss = ifmgd->associated; 2042 else if (ifmgd->auth_data) 2043 cbss = ifmgd->auth_data->bss; 2044 else if (ifmgd->assoc_data) 2045 cbss = ifmgd->assoc_data->bss; 2046 else 2047 return NULL; 2048 2049 rcu_read_lock(); 2050 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 2051 if (WARN_ON_ONCE(ssid == NULL)) 2052 ssid_len = 0; 2053 else 2054 ssid_len = ssid[1]; 2055 2056 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 2057 (u32) -1, cbss->channel, 2058 ssid + 2, ssid_len, 2059 NULL, 0, true); 2060 rcu_read_unlock(); 2061 2062 return skb; 2063 } 2064 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2065 2066 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2067 { 2068 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2069 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2070 2071 mutex_lock(&ifmgd->mtx); 2072 if (!ifmgd->associated) { 2073 mutex_unlock(&ifmgd->mtx); 2074 return; 2075 } 2076 2077 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2078 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2079 true, frame_buf); 2080 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 2081 ieee80211_wake_queues_by_reason(&sdata->local->hw, 2082 IEEE80211_QUEUE_STOP_REASON_CSA); 2083 mutex_unlock(&ifmgd->mtx); 2084 2085 /* 2086 * must be outside lock due to cfg80211, 2087 * but that's not a problem. 2088 */ 2089 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN); 2090 } 2091 2092 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2093 { 2094 struct ieee80211_sub_if_data *sdata = 2095 container_of(work, struct ieee80211_sub_if_data, 2096 u.mgd.beacon_connection_loss_work); 2097 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2098 struct sta_info *sta; 2099 2100 if (ifmgd->associated) { 2101 rcu_read_lock(); 2102 sta = sta_info_get(sdata, ifmgd->bssid); 2103 if (sta) 2104 sta->beacon_loss_count++; 2105 rcu_read_unlock(); 2106 } 2107 2108 if (ifmgd->connection_loss) { 2109 sdata_info(sdata, "Connection to AP %pM lost\n", 2110 ifmgd->bssid); 2111 __ieee80211_disconnect(sdata); 2112 } else { 2113 ieee80211_mgd_probe_ap(sdata, true); 2114 } 2115 } 2116 2117 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2118 { 2119 struct ieee80211_sub_if_data *sdata = 2120 container_of(work, struct ieee80211_sub_if_data, 2121 u.mgd.csa_connection_drop_work); 2122 2123 __ieee80211_disconnect(sdata); 2124 } 2125 2126 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2127 { 2128 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2129 struct ieee80211_hw *hw = &sdata->local->hw; 2130 2131 trace_api_beacon_loss(sdata); 2132 2133 WARN_ON(hw->flags & IEEE80211_HW_CONNECTION_MONITOR); 2134 sdata->u.mgd.connection_loss = false; 2135 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2136 } 2137 EXPORT_SYMBOL(ieee80211_beacon_loss); 2138 2139 void ieee80211_connection_loss(struct ieee80211_vif *vif) 2140 { 2141 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2142 struct ieee80211_hw *hw = &sdata->local->hw; 2143 2144 trace_api_connection_loss(sdata); 2145 2146 sdata->u.mgd.connection_loss = true; 2147 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2148 } 2149 EXPORT_SYMBOL(ieee80211_connection_loss); 2150 2151 2152 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2153 bool assoc) 2154 { 2155 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2156 2157 lockdep_assert_held(&sdata->u.mgd.mtx); 2158 2159 if (!assoc) { 2160 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2161 2162 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2163 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2164 sdata->u.mgd.flags = 0; 2165 ieee80211_vif_release_channel(sdata); 2166 } 2167 2168 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2169 kfree(auth_data); 2170 sdata->u.mgd.auth_data = NULL; 2171 } 2172 2173 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2174 struct ieee80211_mgmt *mgmt, size_t len) 2175 { 2176 struct ieee80211_local *local = sdata->local; 2177 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2178 u8 *pos; 2179 struct ieee802_11_elems elems; 2180 u32 tx_flags = 0; 2181 2182 pos = mgmt->u.auth.variable; 2183 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2184 if (!elems.challenge) 2185 return; 2186 auth_data->expected_transaction = 4; 2187 drv_mgd_prepare_tx(sdata->local, sdata); 2188 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2189 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2190 IEEE80211_TX_INTFL_MLME_CONN_TX; 2191 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2192 elems.challenge - 2, elems.challenge_len + 2, 2193 auth_data->bss->bssid, auth_data->bss->bssid, 2194 auth_data->key, auth_data->key_len, 2195 auth_data->key_idx, tx_flags); 2196 } 2197 2198 static enum rx_mgmt_action __must_check 2199 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2200 struct ieee80211_mgmt *mgmt, size_t len) 2201 { 2202 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2203 u8 bssid[ETH_ALEN]; 2204 u16 auth_alg, auth_transaction, status_code; 2205 struct sta_info *sta; 2206 2207 lockdep_assert_held(&ifmgd->mtx); 2208 2209 if (len < 24 + 6) 2210 return RX_MGMT_NONE; 2211 2212 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2213 return RX_MGMT_NONE; 2214 2215 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2216 2217 if (!ether_addr_equal(bssid, mgmt->bssid)) 2218 return RX_MGMT_NONE; 2219 2220 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2221 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2222 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2223 2224 if (auth_alg != ifmgd->auth_data->algorithm || 2225 auth_transaction != ifmgd->auth_data->expected_transaction) { 2226 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2227 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2228 auth_transaction, 2229 ifmgd->auth_data->expected_transaction); 2230 return RX_MGMT_NONE; 2231 } 2232 2233 if (status_code != WLAN_STATUS_SUCCESS) { 2234 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2235 mgmt->sa, status_code); 2236 ieee80211_destroy_auth_data(sdata, false); 2237 return RX_MGMT_CFG80211_RX_AUTH; 2238 } 2239 2240 switch (ifmgd->auth_data->algorithm) { 2241 case WLAN_AUTH_OPEN: 2242 case WLAN_AUTH_LEAP: 2243 case WLAN_AUTH_FT: 2244 case WLAN_AUTH_SAE: 2245 break; 2246 case WLAN_AUTH_SHARED_KEY: 2247 if (ifmgd->auth_data->expected_transaction != 4) { 2248 ieee80211_auth_challenge(sdata, mgmt, len); 2249 /* need another frame */ 2250 return RX_MGMT_NONE; 2251 } 2252 break; 2253 default: 2254 WARN_ONCE(1, "invalid auth alg %d", 2255 ifmgd->auth_data->algorithm); 2256 return RX_MGMT_NONE; 2257 } 2258 2259 sdata_info(sdata, "authenticated\n"); 2260 ifmgd->auth_data->done = true; 2261 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2262 ifmgd->auth_data->timeout_started = true; 2263 run_again(ifmgd, ifmgd->auth_data->timeout); 2264 2265 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2266 ifmgd->auth_data->expected_transaction != 2) { 2267 /* 2268 * Report auth frame to user space for processing since another 2269 * round of Authentication frames is still needed. 2270 */ 2271 return RX_MGMT_CFG80211_RX_AUTH; 2272 } 2273 2274 /* move station state to auth */ 2275 mutex_lock(&sdata->local->sta_mtx); 2276 sta = sta_info_get(sdata, bssid); 2277 if (!sta) { 2278 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2279 goto out_err; 2280 } 2281 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2282 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2283 goto out_err; 2284 } 2285 mutex_unlock(&sdata->local->sta_mtx); 2286 2287 return RX_MGMT_CFG80211_RX_AUTH; 2288 out_err: 2289 mutex_unlock(&sdata->local->sta_mtx); 2290 /* ignore frame -- wait for timeout */ 2291 return RX_MGMT_NONE; 2292 } 2293 2294 2295 static enum rx_mgmt_action __must_check 2296 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2297 struct ieee80211_mgmt *mgmt, size_t len) 2298 { 2299 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2300 const u8 *bssid = NULL; 2301 u16 reason_code; 2302 2303 lockdep_assert_held(&ifmgd->mtx); 2304 2305 if (len < 24 + 2) 2306 return RX_MGMT_NONE; 2307 2308 if (!ifmgd->associated || 2309 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2310 return RX_MGMT_NONE; 2311 2312 bssid = ifmgd->associated->bssid; 2313 2314 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2315 2316 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n", 2317 bssid, reason_code); 2318 2319 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2320 2321 return RX_MGMT_CFG80211_DEAUTH; 2322 } 2323 2324 2325 static enum rx_mgmt_action __must_check 2326 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2327 struct ieee80211_mgmt *mgmt, size_t len) 2328 { 2329 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2330 u16 reason_code; 2331 2332 lockdep_assert_held(&ifmgd->mtx); 2333 2334 if (len < 24 + 2) 2335 return RX_MGMT_NONE; 2336 2337 if (!ifmgd->associated || 2338 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2339 return RX_MGMT_NONE; 2340 2341 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2342 2343 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2344 mgmt->sa, reason_code); 2345 2346 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2347 2348 return RX_MGMT_CFG80211_DISASSOC; 2349 } 2350 2351 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2352 u8 *supp_rates, unsigned int supp_rates_len, 2353 u32 *rates, u32 *basic_rates, 2354 bool *have_higher_than_11mbit, 2355 int *min_rate, int *min_rate_index) 2356 { 2357 int i, j; 2358 2359 for (i = 0; i < supp_rates_len; i++) { 2360 int rate = (supp_rates[i] & 0x7f) * 5; 2361 bool is_basic = !!(supp_rates[i] & 0x80); 2362 2363 if (rate > 110) 2364 *have_higher_than_11mbit = true; 2365 2366 /* 2367 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2368 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2369 * 2370 * Note: Even through the membership selector and the basic 2371 * rate flag share the same bit, they are not exactly 2372 * the same. 2373 */ 2374 if (!!(supp_rates[i] & 0x80) && 2375 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2376 continue; 2377 2378 for (j = 0; j < sband->n_bitrates; j++) { 2379 if (sband->bitrates[j].bitrate == rate) { 2380 *rates |= BIT(j); 2381 if (is_basic) 2382 *basic_rates |= BIT(j); 2383 if (rate < *min_rate) { 2384 *min_rate = rate; 2385 *min_rate_index = j; 2386 } 2387 break; 2388 } 2389 } 2390 } 2391 } 2392 2393 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2394 bool assoc) 2395 { 2396 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2397 2398 lockdep_assert_held(&sdata->u.mgd.mtx); 2399 2400 if (!assoc) { 2401 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2402 2403 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2404 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2405 sdata->u.mgd.flags = 0; 2406 ieee80211_vif_release_channel(sdata); 2407 } 2408 2409 kfree(assoc_data); 2410 sdata->u.mgd.assoc_data = NULL; 2411 } 2412 2413 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2414 struct cfg80211_bss *cbss, 2415 struct ieee80211_mgmt *mgmt, size_t len) 2416 { 2417 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2418 struct ieee80211_local *local = sdata->local; 2419 struct ieee80211_supported_band *sband; 2420 struct sta_info *sta; 2421 u8 *pos; 2422 u16 capab_info, aid; 2423 struct ieee802_11_elems elems; 2424 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2425 u32 changed = 0; 2426 int err; 2427 2428 /* AssocResp and ReassocResp have identical structure */ 2429 2430 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2431 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2432 2433 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2434 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2435 aid); 2436 aid &= ~(BIT(15) | BIT(14)); 2437 2438 ifmgd->broken_ap = false; 2439 2440 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2441 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2442 aid); 2443 aid = 0; 2444 ifmgd->broken_ap = true; 2445 } 2446 2447 pos = mgmt->u.assoc_resp.variable; 2448 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2449 2450 if (!elems.supp_rates) { 2451 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2452 return false; 2453 } 2454 2455 ifmgd->aid = aid; 2456 2457 /* 2458 * We previously checked these in the beacon/probe response, so 2459 * they should be present here. This is just a safety net. 2460 */ 2461 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2462 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2463 sdata_info(sdata, 2464 "HT AP is missing WMM params or HT capability/operation in AssocResp\n"); 2465 return false; 2466 } 2467 2468 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2469 (!elems.vht_cap_elem || !elems.vht_operation)) { 2470 sdata_info(sdata, 2471 "VHT AP is missing VHT capability/operation in AssocResp\n"); 2472 return false; 2473 } 2474 2475 mutex_lock(&sdata->local->sta_mtx); 2476 /* 2477 * station info was already allocated and inserted before 2478 * the association and should be available to us 2479 */ 2480 sta = sta_info_get(sdata, cbss->bssid); 2481 if (WARN_ON(!sta)) { 2482 mutex_unlock(&sdata->local->sta_mtx); 2483 return false; 2484 } 2485 2486 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2487 2488 /* Set up internal HT/VHT capabilities */ 2489 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2490 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2491 elems.ht_cap_elem, sta); 2492 2493 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2494 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2495 elems.vht_cap_elem, sta); 2496 2497 /* 2498 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2499 * in their association response, so ignore that data for our own 2500 * configuration. If it changed since the last beacon, we'll get the 2501 * next beacon and update then. 2502 */ 2503 2504 /* 2505 * If an operating mode notification IE is present, override the 2506 * NSS calculation (that would be done in rate_control_rate_init()) 2507 * and use the # of streams from that element. 2508 */ 2509 if (elems.opmode_notif && 2510 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2511 u8 nss; 2512 2513 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2514 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2515 nss += 1; 2516 sta->sta.rx_nss = nss; 2517 } 2518 2519 rate_control_rate_init(sta); 2520 2521 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2522 set_sta_flag(sta, WLAN_STA_MFP); 2523 2524 if (elems.wmm_param) 2525 set_sta_flag(sta, WLAN_STA_WME); 2526 2527 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2528 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2529 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2530 if (err) { 2531 sdata_info(sdata, 2532 "failed to move station %pM to desired state\n", 2533 sta->sta.addr); 2534 WARN_ON(__sta_info_destroy(sta)); 2535 mutex_unlock(&sdata->local->sta_mtx); 2536 return false; 2537 } 2538 2539 mutex_unlock(&sdata->local->sta_mtx); 2540 2541 /* 2542 * Always handle WMM once after association regardless 2543 * of the first value the AP uses. Setting -1 here has 2544 * that effect because the AP values is an unsigned 2545 * 4-bit value. 2546 */ 2547 ifmgd->wmm_last_param_set = -1; 2548 2549 if (elems.wmm_param) 2550 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2551 elems.wmm_param_len); 2552 else 2553 ieee80211_set_wmm_default(sdata, false); 2554 changed |= BSS_CHANGED_QOS; 2555 2556 /* set AID and assoc capability, 2557 * ieee80211_set_associated() will tell the driver */ 2558 bss_conf->aid = aid; 2559 bss_conf->assoc_capability = capab_info; 2560 ieee80211_set_associated(sdata, cbss, changed); 2561 2562 /* 2563 * If we're using 4-addr mode, let the AP know that we're 2564 * doing so, so that it can create the STA VLAN on its side 2565 */ 2566 if (ifmgd->use_4addr) 2567 ieee80211_send_4addr_nullfunc(local, sdata); 2568 2569 /* 2570 * Start timer to probe the connection to the AP now. 2571 * Also start the timer that will detect beacon loss. 2572 */ 2573 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2574 ieee80211_sta_reset_beacon_monitor(sdata); 2575 2576 return true; 2577 } 2578 2579 static enum rx_mgmt_action __must_check 2580 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 2581 struct ieee80211_mgmt *mgmt, size_t len, 2582 struct cfg80211_bss **bss) 2583 { 2584 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2585 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2586 u16 capab_info, status_code, aid; 2587 struct ieee802_11_elems elems; 2588 u8 *pos; 2589 bool reassoc; 2590 2591 lockdep_assert_held(&ifmgd->mtx); 2592 2593 if (!assoc_data) 2594 return RX_MGMT_NONE; 2595 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 2596 return RX_MGMT_NONE; 2597 2598 /* 2599 * AssocResp and ReassocResp have identical structure, so process both 2600 * of them in this function. 2601 */ 2602 2603 if (len < 24 + 6) 2604 return RX_MGMT_NONE; 2605 2606 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 2607 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2608 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2609 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2610 2611 sdata_info(sdata, 2612 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 2613 reassoc ? "Rea" : "A", mgmt->sa, 2614 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2615 2616 pos = mgmt->u.assoc_resp.variable; 2617 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2618 2619 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2620 elems.timeout_int && elems.timeout_int_len == 5 && 2621 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2622 u32 tu, ms; 2623 tu = get_unaligned_le32(elems.timeout_int + 1); 2624 ms = tu * 1024 / 1000; 2625 sdata_info(sdata, 2626 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2627 mgmt->sa, tu, ms); 2628 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 2629 assoc_data->timeout_started = true; 2630 if (ms > IEEE80211_ASSOC_TIMEOUT) 2631 run_again(ifmgd, assoc_data->timeout); 2632 return RX_MGMT_NONE; 2633 } 2634 2635 *bss = assoc_data->bss; 2636 2637 if (status_code != WLAN_STATUS_SUCCESS) { 2638 sdata_info(sdata, "%pM denied association (code=%d)\n", 2639 mgmt->sa, status_code); 2640 ieee80211_destroy_assoc_data(sdata, false); 2641 } else { 2642 if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) { 2643 /* oops -- internal error -- send timeout for now */ 2644 ieee80211_destroy_assoc_data(sdata, false); 2645 cfg80211_put_bss(sdata->local->hw.wiphy, *bss); 2646 return RX_MGMT_CFG80211_ASSOC_TIMEOUT; 2647 } 2648 sdata_info(sdata, "associated\n"); 2649 2650 /* 2651 * destroy assoc_data afterwards, as otherwise an idle 2652 * recalc after assoc_data is NULL but before associated 2653 * is set can cause the interface to go idle 2654 */ 2655 ieee80211_destroy_assoc_data(sdata, true); 2656 } 2657 2658 return RX_MGMT_CFG80211_RX_ASSOC; 2659 } 2660 2661 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2662 struct ieee80211_mgmt *mgmt, size_t len, 2663 struct ieee80211_rx_status *rx_status, 2664 struct ieee802_11_elems *elems) 2665 { 2666 struct ieee80211_local *local = sdata->local; 2667 int freq; 2668 struct ieee80211_bss *bss; 2669 struct ieee80211_channel *channel; 2670 bool need_ps = false; 2671 2672 if ((sdata->u.mgd.associated && 2673 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) || 2674 (sdata->u.mgd.assoc_data && 2675 ether_addr_equal(mgmt->bssid, 2676 sdata->u.mgd.assoc_data->bss->bssid))) { 2677 /* not previously set so we may need to recalc */ 2678 need_ps = sdata->u.mgd.associated && !sdata->u.mgd.dtim_period; 2679 2680 if (elems->tim && !elems->parse_error) { 2681 const struct ieee80211_tim_ie *tim_ie = elems->tim; 2682 sdata->u.mgd.dtim_period = tim_ie->dtim_period; 2683 } 2684 } 2685 2686 if (elems->ds_params && elems->ds_params_len == 1) 2687 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2688 rx_status->band); 2689 else 2690 freq = rx_status->freq; 2691 2692 channel = ieee80211_get_channel(local->hw.wiphy, freq); 2693 2694 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 2695 return; 2696 2697 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 2698 channel); 2699 if (bss) 2700 ieee80211_rx_bss_put(local, bss); 2701 2702 if (!sdata->u.mgd.associated) 2703 return; 2704 2705 if (need_ps) { 2706 mutex_lock(&local->iflist_mtx); 2707 ieee80211_recalc_ps(local, -1); 2708 mutex_unlock(&local->iflist_mtx); 2709 } 2710 2711 if (elems->ch_switch_ie && 2712 memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, ETH_ALEN) == 0) 2713 ieee80211_sta_process_chanswitch(sdata, elems->ch_switch_ie, 2714 bss, rx_status->mactime); 2715 } 2716 2717 2718 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 2719 struct sk_buff *skb) 2720 { 2721 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2722 struct ieee80211_if_managed *ifmgd; 2723 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 2724 size_t baselen, len = skb->len; 2725 struct ieee802_11_elems elems; 2726 2727 ifmgd = &sdata->u.mgd; 2728 2729 ASSERT_MGD_MTX(ifmgd); 2730 2731 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 2732 return; /* ignore ProbeResp to foreign address */ 2733 2734 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2735 if (baselen > len) 2736 return; 2737 2738 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2739 &elems); 2740 2741 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2742 2743 if (ifmgd->associated && 2744 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2745 ieee80211_reset_ap_probe(sdata); 2746 2747 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 2748 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 2749 /* got probe response, continue with auth */ 2750 sdata_info(sdata, "direct probe responded\n"); 2751 ifmgd->auth_data->tries = 0; 2752 ifmgd->auth_data->timeout = jiffies; 2753 ifmgd->auth_data->timeout_started = true; 2754 run_again(ifmgd, ifmgd->auth_data->timeout); 2755 } 2756 } 2757 2758 /* 2759 * This is the canonical list of information elements we care about, 2760 * the filter code also gives us all changes to the Microsoft OUI 2761 * (00:50:F2) vendor IE which is used for WMM which we need to track. 2762 * 2763 * We implement beacon filtering in software since that means we can 2764 * avoid processing the frame here and in cfg80211, and userspace 2765 * will not be able to tell whether the hardware supports it or not. 2766 * 2767 * XXX: This list needs to be dynamic -- userspace needs to be able to 2768 * add items it requires. It also needs to be able to tell us to 2769 * look out for other vendor IEs. 2770 */ 2771 static const u64 care_about_ies = 2772 (1ULL << WLAN_EID_COUNTRY) | 2773 (1ULL << WLAN_EID_ERP_INFO) | 2774 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 2775 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 2776 (1ULL << WLAN_EID_HT_CAPABILITY) | 2777 (1ULL << WLAN_EID_HT_OPERATION); 2778 2779 static enum rx_mgmt_action 2780 ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 2781 struct ieee80211_mgmt *mgmt, size_t len, 2782 u8 *deauth_buf, struct ieee80211_rx_status *rx_status) 2783 { 2784 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2785 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2786 size_t baselen; 2787 struct ieee802_11_elems elems; 2788 struct ieee80211_local *local = sdata->local; 2789 struct ieee80211_chanctx_conf *chanctx_conf; 2790 struct ieee80211_channel *chan; 2791 struct sta_info *sta; 2792 u32 changed = 0; 2793 bool erp_valid; 2794 u8 erp_value = 0; 2795 u32 ncrc; 2796 u8 *bssid; 2797 2798 lockdep_assert_held(&ifmgd->mtx); 2799 2800 /* Process beacon from the current BSS */ 2801 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2802 if (baselen > len) 2803 return RX_MGMT_NONE; 2804 2805 rcu_read_lock(); 2806 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 2807 if (!chanctx_conf) { 2808 rcu_read_unlock(); 2809 return RX_MGMT_NONE; 2810 } 2811 2812 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 2813 rcu_read_unlock(); 2814 return RX_MGMT_NONE; 2815 } 2816 chan = chanctx_conf->def.chan; 2817 rcu_read_unlock(); 2818 2819 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 2820 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2821 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2822 len - baselen, &elems); 2823 2824 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2825 ifmgd->assoc_data->have_beacon = true; 2826 ifmgd->assoc_data->need_beacon = false; 2827 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2828 sdata->vif.bss_conf.sync_tsf = 2829 le64_to_cpu(mgmt->u.beacon.timestamp); 2830 sdata->vif.bss_conf.sync_device_ts = 2831 rx_status->device_timestamp; 2832 if (elems.tim) 2833 sdata->vif.bss_conf.sync_dtim_count = 2834 elems.tim->dtim_count; 2835 else 2836 sdata->vif.bss_conf.sync_dtim_count = 0; 2837 } 2838 /* continue assoc process */ 2839 ifmgd->assoc_data->timeout = jiffies; 2840 ifmgd->assoc_data->timeout_started = true; 2841 run_again(ifmgd, ifmgd->assoc_data->timeout); 2842 return RX_MGMT_NONE; 2843 } 2844 2845 if (!ifmgd->associated || 2846 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2847 return RX_MGMT_NONE; 2848 bssid = ifmgd->associated->bssid; 2849 2850 /* Track average RSSI from the Beacon frames of the current AP */ 2851 ifmgd->last_beacon_signal = rx_status->signal; 2852 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 2853 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 2854 ifmgd->ave_beacon_signal = rx_status->signal * 16; 2855 ifmgd->last_cqm_event_signal = 0; 2856 ifmgd->count_beacon_signal = 1; 2857 ifmgd->last_ave_beacon_signal = 0; 2858 } else { 2859 ifmgd->ave_beacon_signal = 2860 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 2861 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 2862 ifmgd->ave_beacon_signal) / 16; 2863 ifmgd->count_beacon_signal++; 2864 } 2865 2866 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 2867 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 2868 int sig = ifmgd->ave_beacon_signal; 2869 int last_sig = ifmgd->last_ave_beacon_signal; 2870 2871 /* 2872 * if signal crosses either of the boundaries, invoke callback 2873 * with appropriate parameters 2874 */ 2875 if (sig > ifmgd->rssi_max_thold && 2876 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 2877 ifmgd->last_ave_beacon_signal = sig; 2878 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH); 2879 } else if (sig < ifmgd->rssi_min_thold && 2880 (last_sig >= ifmgd->rssi_max_thold || 2881 last_sig == 0)) { 2882 ifmgd->last_ave_beacon_signal = sig; 2883 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW); 2884 } 2885 } 2886 2887 if (bss_conf->cqm_rssi_thold && 2888 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 2889 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 2890 int sig = ifmgd->ave_beacon_signal / 16; 2891 int last_event = ifmgd->last_cqm_event_signal; 2892 int thold = bss_conf->cqm_rssi_thold; 2893 int hyst = bss_conf->cqm_rssi_hyst; 2894 if (sig < thold && 2895 (last_event == 0 || sig < last_event - hyst)) { 2896 ifmgd->last_cqm_event_signal = sig; 2897 ieee80211_cqm_rssi_notify( 2898 &sdata->vif, 2899 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 2900 GFP_KERNEL); 2901 } else if (sig > thold && 2902 (last_event == 0 || sig > last_event + hyst)) { 2903 ifmgd->last_cqm_event_signal = sig; 2904 ieee80211_cqm_rssi_notify( 2905 &sdata->vif, 2906 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 2907 GFP_KERNEL); 2908 } 2909 } 2910 2911 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) { 2912 mlme_dbg_ratelimited(sdata, 2913 "cancelling AP probe due to a received beacon\n"); 2914 mutex_lock(&local->mtx); 2915 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL; 2916 ieee80211_run_deferred_scan(local); 2917 mutex_unlock(&local->mtx); 2918 2919 mutex_lock(&local->iflist_mtx); 2920 ieee80211_recalc_ps(local, -1); 2921 mutex_unlock(&local->iflist_mtx); 2922 } 2923 2924 /* 2925 * Push the beacon loss detection into the future since 2926 * we are processing a beacon from the AP just now. 2927 */ 2928 ieee80211_sta_reset_beacon_monitor(sdata); 2929 2930 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 2931 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 2932 len - baselen, &elems, 2933 care_about_ies, ncrc); 2934 2935 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 2936 bool directed_tim = ieee80211_check_tim(elems.tim, 2937 elems.tim_len, 2938 ifmgd->aid); 2939 if (directed_tim) { 2940 if (local->hw.conf.dynamic_ps_timeout > 0) { 2941 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 2942 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 2943 ieee80211_hw_config(local, 2944 IEEE80211_CONF_CHANGE_PS); 2945 } 2946 ieee80211_send_nullfunc(local, sdata, 0); 2947 } else if (!local->pspolling && sdata->u.mgd.powersave) { 2948 local->pspolling = true; 2949 2950 /* 2951 * Here is assumed that the driver will be 2952 * able to send ps-poll frame and receive a 2953 * response even though power save mode is 2954 * enabled, but some drivers might require 2955 * to disable power save here. This needs 2956 * to be investigated. 2957 */ 2958 ieee80211_send_pspoll(local, sdata); 2959 } 2960 } 2961 } 2962 2963 if (sdata->vif.p2p) { 2964 u8 noa[2]; 2965 int ret; 2966 2967 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 2968 len - baselen, 2969 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 2970 noa, sizeof(noa)); 2971 if (ret >= 2 && sdata->u.mgd.p2p_noa_index != noa[0]) { 2972 bss_conf->p2p_oppps = noa[1] & 0x80; 2973 bss_conf->p2p_ctwindow = noa[1] & 0x7f; 2974 changed |= BSS_CHANGED_P2P_PS; 2975 sdata->u.mgd.p2p_noa_index = noa[0]; 2976 /* 2977 * make sure we update all information, the CRC 2978 * mechanism doesn't look at P2P attributes. 2979 */ 2980 ifmgd->beacon_crc_valid = false; 2981 } 2982 } 2983 2984 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 2985 return RX_MGMT_NONE; 2986 ifmgd->beacon_crc = ncrc; 2987 ifmgd->beacon_crc_valid = true; 2988 2989 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2990 2991 if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2992 elems.wmm_param_len)) 2993 changed |= BSS_CHANGED_QOS; 2994 2995 /* 2996 * If we haven't had a beacon before, tell the driver about the 2997 * DTIM period (and beacon timing if desired) now. 2998 */ 2999 if (!bss_conf->dtim_period) { 3000 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 3001 if (elems.tim) 3002 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 3003 else 3004 bss_conf->dtim_period = 1; 3005 3006 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3007 sdata->vif.bss_conf.sync_tsf = 3008 le64_to_cpu(mgmt->u.beacon.timestamp); 3009 sdata->vif.bss_conf.sync_device_ts = 3010 rx_status->device_timestamp; 3011 if (elems.tim) 3012 sdata->vif.bss_conf.sync_dtim_count = 3013 elems.tim->dtim_count; 3014 else 3015 sdata->vif.bss_conf.sync_dtim_count = 0; 3016 } 3017 3018 changed |= BSS_CHANGED_DTIM_PERIOD; 3019 } 3020 3021 if (elems.erp_info && elems.erp_info_len >= 1) { 3022 erp_valid = true; 3023 erp_value = elems.erp_info[0]; 3024 } else { 3025 erp_valid = false; 3026 } 3027 changed |= ieee80211_handle_bss_capability(sdata, 3028 le16_to_cpu(mgmt->u.beacon.capab_info), 3029 erp_valid, erp_value); 3030 3031 mutex_lock(&local->sta_mtx); 3032 sta = sta_info_get(sdata, bssid); 3033 3034 if (ieee80211_config_bw(sdata, sta, elems.ht_operation, 3035 elems.vht_operation, bssid, &changed)) { 3036 mutex_unlock(&local->sta_mtx); 3037 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3038 WLAN_REASON_DEAUTH_LEAVING, 3039 true, deauth_buf); 3040 return RX_MGMT_CFG80211_TX_DEAUTH; 3041 } 3042 3043 if (sta && elems.opmode_notif) 3044 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3045 rx_status->band, true); 3046 mutex_unlock(&local->sta_mtx); 3047 3048 if (elems.country_elem && elems.pwr_constr_elem && 3049 mgmt->u.probe_resp.capab_info & 3050 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) 3051 changed |= ieee80211_handle_pwr_constr(sdata, chan, 3052 elems.country_elem, 3053 elems.country_elem_len, 3054 elems.pwr_constr_elem); 3055 3056 ieee80211_bss_info_change_notify(sdata, changed); 3057 3058 return RX_MGMT_NONE; 3059 } 3060 3061 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3062 struct sk_buff *skb) 3063 { 3064 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3065 struct ieee80211_rx_status *rx_status; 3066 struct ieee80211_mgmt *mgmt; 3067 struct cfg80211_bss *bss = NULL; 3068 enum rx_mgmt_action rma = RX_MGMT_NONE; 3069 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3070 u16 fc; 3071 3072 rx_status = (struct ieee80211_rx_status *) skb->cb; 3073 mgmt = (struct ieee80211_mgmt *) skb->data; 3074 fc = le16_to_cpu(mgmt->frame_control); 3075 3076 mutex_lock(&ifmgd->mtx); 3077 3078 switch (fc & IEEE80211_FCTL_STYPE) { 3079 case IEEE80211_STYPE_BEACON: 3080 rma = ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, 3081 deauth_buf, rx_status); 3082 break; 3083 case IEEE80211_STYPE_PROBE_RESP: 3084 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3085 break; 3086 case IEEE80211_STYPE_AUTH: 3087 rma = ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3088 break; 3089 case IEEE80211_STYPE_DEAUTH: 3090 rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3091 break; 3092 case IEEE80211_STYPE_DISASSOC: 3093 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3094 break; 3095 case IEEE80211_STYPE_ASSOC_RESP: 3096 case IEEE80211_STYPE_REASSOC_RESP: 3097 rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss); 3098 break; 3099 case IEEE80211_STYPE_ACTION: 3100 switch (mgmt->u.action.category) { 3101 case WLAN_CATEGORY_SPECTRUM_MGMT: 3102 ieee80211_sta_process_chanswitch(sdata, 3103 &mgmt->u.action.u.chan_switch.sw_elem, 3104 (void *)ifmgd->associated->priv, 3105 rx_status->mactime); 3106 break; 3107 } 3108 } 3109 mutex_unlock(&ifmgd->mtx); 3110 3111 switch (rma) { 3112 case RX_MGMT_NONE: 3113 /* no action */ 3114 break; 3115 case RX_MGMT_CFG80211_DEAUTH: 3116 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 3117 break; 3118 case RX_MGMT_CFG80211_DISASSOC: 3119 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 3120 break; 3121 case RX_MGMT_CFG80211_RX_AUTH: 3122 cfg80211_send_rx_auth(sdata->dev, (u8 *)mgmt, skb->len); 3123 break; 3124 case RX_MGMT_CFG80211_RX_ASSOC: 3125 cfg80211_send_rx_assoc(sdata->dev, bss, (u8 *)mgmt, skb->len); 3126 break; 3127 case RX_MGMT_CFG80211_ASSOC_TIMEOUT: 3128 cfg80211_send_assoc_timeout(sdata->dev, mgmt->bssid); 3129 break; 3130 case RX_MGMT_CFG80211_TX_DEAUTH: 3131 cfg80211_send_deauth(sdata->dev, deauth_buf, 3132 sizeof(deauth_buf)); 3133 break; 3134 default: 3135 WARN(1, "unexpected: %d", rma); 3136 } 3137 } 3138 3139 static void ieee80211_sta_timer(unsigned long data) 3140 { 3141 struct ieee80211_sub_if_data *sdata = 3142 (struct ieee80211_sub_if_data *) data; 3143 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3144 struct ieee80211_local *local = sdata->local; 3145 3146 if (local->quiescing) { 3147 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 3148 return; 3149 } 3150 3151 ieee80211_queue_work(&local->hw, &sdata->work); 3152 } 3153 3154 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3155 u8 *bssid, u8 reason, bool tx) 3156 { 3157 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3158 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3159 3160 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3161 tx, frame_buf); 3162 mutex_unlock(&ifmgd->mtx); 3163 3164 /* 3165 * must be outside lock due to cfg80211, 3166 * but that's not a problem. 3167 */ 3168 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN); 3169 3170 mutex_lock(&ifmgd->mtx); 3171 } 3172 3173 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3174 { 3175 struct ieee80211_local *local = sdata->local; 3176 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3177 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3178 u32 tx_flags = 0; 3179 3180 lockdep_assert_held(&ifmgd->mtx); 3181 3182 if (WARN_ON_ONCE(!auth_data)) 3183 return -EINVAL; 3184 3185 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3186 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3187 IEEE80211_TX_INTFL_MLME_CONN_TX; 3188 3189 auth_data->tries++; 3190 3191 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3192 sdata_info(sdata, "authentication with %pM timed out\n", 3193 auth_data->bss->bssid); 3194 3195 /* 3196 * Most likely AP is not in the range so remove the 3197 * bss struct for that AP. 3198 */ 3199 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3200 3201 return -ETIMEDOUT; 3202 } 3203 3204 drv_mgd_prepare_tx(local, sdata); 3205 3206 if (auth_data->bss->proberesp_ies) { 3207 u16 trans = 1; 3208 u16 status = 0; 3209 3210 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3211 auth_data->bss->bssid, auth_data->tries, 3212 IEEE80211_AUTH_MAX_TRIES); 3213 3214 auth_data->expected_transaction = 2; 3215 3216 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3217 trans = auth_data->sae_trans; 3218 status = auth_data->sae_status; 3219 auth_data->expected_transaction = trans; 3220 } 3221 3222 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3223 auth_data->data, auth_data->data_len, 3224 auth_data->bss->bssid, 3225 auth_data->bss->bssid, NULL, 0, 0, 3226 tx_flags); 3227 } else { 3228 const u8 *ssidie; 3229 3230 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3231 auth_data->bss->bssid, auth_data->tries, 3232 IEEE80211_AUTH_MAX_TRIES); 3233 3234 rcu_read_lock(); 3235 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3236 if (!ssidie) { 3237 rcu_read_unlock(); 3238 return -EINVAL; 3239 } 3240 /* 3241 * Direct probe is sent to broadcast address as some APs 3242 * will not answer to direct packet in unassociated state. 3243 */ 3244 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 3245 NULL, 0, (u32) -1, true, tx_flags, 3246 auth_data->bss->channel, false); 3247 rcu_read_unlock(); 3248 } 3249 3250 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3251 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3252 ifmgd->auth_data->timeout_started = true; 3253 run_again(ifmgd, auth_data->timeout); 3254 } else { 3255 auth_data->timeout_started = false; 3256 } 3257 3258 return 0; 3259 } 3260 3261 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3262 { 3263 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3264 struct ieee80211_local *local = sdata->local; 3265 3266 lockdep_assert_held(&sdata->u.mgd.mtx); 3267 3268 assoc_data->tries++; 3269 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3270 sdata_info(sdata, "association with %pM timed out\n", 3271 assoc_data->bss->bssid); 3272 3273 /* 3274 * Most likely AP is not in the range so remove the 3275 * bss struct for that AP. 3276 */ 3277 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3278 3279 return -ETIMEDOUT; 3280 } 3281 3282 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3283 assoc_data->bss->bssid, assoc_data->tries, 3284 IEEE80211_ASSOC_MAX_TRIES); 3285 ieee80211_send_assoc(sdata); 3286 3287 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3288 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3289 assoc_data->timeout_started = true; 3290 run_again(&sdata->u.mgd, assoc_data->timeout); 3291 } else { 3292 assoc_data->timeout_started = false; 3293 } 3294 3295 return 0; 3296 } 3297 3298 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3299 __le16 fc, bool acked) 3300 { 3301 struct ieee80211_local *local = sdata->local; 3302 3303 sdata->u.mgd.status_fc = fc; 3304 sdata->u.mgd.status_acked = acked; 3305 sdata->u.mgd.status_received = true; 3306 3307 ieee80211_queue_work(&local->hw, &sdata->work); 3308 } 3309 3310 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3311 { 3312 struct ieee80211_local *local = sdata->local; 3313 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3314 3315 mutex_lock(&ifmgd->mtx); 3316 3317 if (ifmgd->status_received) { 3318 __le16 fc = ifmgd->status_fc; 3319 bool status_acked = ifmgd->status_acked; 3320 3321 ifmgd->status_received = false; 3322 if (ifmgd->auth_data && 3323 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3324 if (status_acked) { 3325 ifmgd->auth_data->timeout = 3326 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3327 run_again(ifmgd, ifmgd->auth_data->timeout); 3328 } else { 3329 ifmgd->auth_data->timeout = jiffies - 1; 3330 } 3331 ifmgd->auth_data->timeout_started = true; 3332 } else if (ifmgd->assoc_data && 3333 (ieee80211_is_assoc_req(fc) || 3334 ieee80211_is_reassoc_req(fc))) { 3335 if (status_acked) { 3336 ifmgd->assoc_data->timeout = 3337 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3338 run_again(ifmgd, ifmgd->assoc_data->timeout); 3339 } else { 3340 ifmgd->assoc_data->timeout = jiffies - 1; 3341 } 3342 ifmgd->assoc_data->timeout_started = true; 3343 } 3344 } 3345 3346 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3347 time_after(jiffies, ifmgd->auth_data->timeout)) { 3348 if (ifmgd->auth_data->done) { 3349 /* 3350 * ok ... we waited for assoc but userspace didn't, 3351 * so let's just kill the auth data 3352 */ 3353 ieee80211_destroy_auth_data(sdata, false); 3354 } else if (ieee80211_probe_auth(sdata)) { 3355 u8 bssid[ETH_ALEN]; 3356 3357 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3358 3359 ieee80211_destroy_auth_data(sdata, false); 3360 3361 mutex_unlock(&ifmgd->mtx); 3362 cfg80211_send_auth_timeout(sdata->dev, bssid); 3363 mutex_lock(&ifmgd->mtx); 3364 } 3365 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3366 run_again(ifmgd, ifmgd->auth_data->timeout); 3367 3368 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3369 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3370 if ((ifmgd->assoc_data->need_beacon && 3371 !ifmgd->assoc_data->have_beacon) || 3372 ieee80211_do_assoc(sdata)) { 3373 u8 bssid[ETH_ALEN]; 3374 3375 memcpy(bssid, ifmgd->assoc_data->bss->bssid, ETH_ALEN); 3376 3377 ieee80211_destroy_assoc_data(sdata, false); 3378 3379 mutex_unlock(&ifmgd->mtx); 3380 cfg80211_send_assoc_timeout(sdata->dev, bssid); 3381 mutex_lock(&ifmgd->mtx); 3382 } 3383 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3384 run_again(ifmgd, ifmgd->assoc_data->timeout); 3385 3386 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 3387 IEEE80211_STA_CONNECTION_POLL) && 3388 ifmgd->associated) { 3389 u8 bssid[ETH_ALEN]; 3390 int max_tries; 3391 3392 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3393 3394 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3395 max_tries = max_nullfunc_tries; 3396 else 3397 max_tries = max_probe_tries; 3398 3399 /* ACK received for nullfunc probing frame */ 3400 if (!ifmgd->probe_send_count) 3401 ieee80211_reset_ap_probe(sdata); 3402 else if (ifmgd->nullfunc_failed) { 3403 if (ifmgd->probe_send_count < max_tries) { 3404 mlme_dbg(sdata, 3405 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3406 bssid, ifmgd->probe_send_count, 3407 max_tries); 3408 ieee80211_mgd_probe_ap_send(sdata); 3409 } else { 3410 mlme_dbg(sdata, 3411 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3412 bssid); 3413 ieee80211_sta_connection_lost(sdata, bssid, 3414 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3415 false); 3416 } 3417 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3418 run_again(ifmgd, ifmgd->probe_timeout); 3419 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3420 mlme_dbg(sdata, 3421 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3422 bssid, probe_wait_ms); 3423 ieee80211_sta_connection_lost(sdata, bssid, 3424 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3425 } else if (ifmgd->probe_send_count < max_tries) { 3426 mlme_dbg(sdata, 3427 "No probe response from AP %pM after %dms, try %d/%i\n", 3428 bssid, probe_wait_ms, 3429 ifmgd->probe_send_count, max_tries); 3430 ieee80211_mgd_probe_ap_send(sdata); 3431 } else { 3432 /* 3433 * We actually lost the connection ... or did we? 3434 * Let's make sure! 3435 */ 3436 wiphy_debug(local->hw.wiphy, 3437 "%s: No probe response from AP %pM" 3438 " after %dms, disconnecting.\n", 3439 sdata->name, 3440 bssid, probe_wait_ms); 3441 3442 ieee80211_sta_connection_lost(sdata, bssid, 3443 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3444 } 3445 } 3446 3447 mutex_unlock(&ifmgd->mtx); 3448 } 3449 3450 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3451 { 3452 struct ieee80211_sub_if_data *sdata = 3453 (struct ieee80211_sub_if_data *) data; 3454 struct ieee80211_local *local = sdata->local; 3455 3456 if (local->quiescing) 3457 return; 3458 3459 sdata->u.mgd.connection_loss = false; 3460 ieee80211_queue_work(&sdata->local->hw, 3461 &sdata->u.mgd.beacon_connection_loss_work); 3462 } 3463 3464 static void ieee80211_sta_conn_mon_timer(unsigned long data) 3465 { 3466 struct ieee80211_sub_if_data *sdata = 3467 (struct ieee80211_sub_if_data *) data; 3468 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3469 struct ieee80211_local *local = sdata->local; 3470 3471 if (local->quiescing) 3472 return; 3473 3474 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3475 } 3476 3477 static void ieee80211_sta_monitor_work(struct work_struct *work) 3478 { 3479 struct ieee80211_sub_if_data *sdata = 3480 container_of(work, struct ieee80211_sub_if_data, 3481 u.mgd.monitor_work); 3482 3483 ieee80211_mgd_probe_ap(sdata, false); 3484 } 3485 3486 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3487 { 3488 u32 flags; 3489 3490 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3491 __ieee80211_stop_poll(sdata); 3492 3493 /* let's probe the connection once */ 3494 flags = sdata->local->hw.flags; 3495 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 3496 ieee80211_queue_work(&sdata->local->hw, 3497 &sdata->u.mgd.monitor_work); 3498 /* and do all the other regular work too */ 3499 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3500 } 3501 } 3502 3503 #ifdef CONFIG_PM 3504 void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata) 3505 { 3506 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3507 3508 /* 3509 * Stop timers before deleting work items, as timers 3510 * could race and re-add the work-items. They will be 3511 * re-established on connection. 3512 */ 3513 del_timer_sync(&ifmgd->conn_mon_timer); 3514 del_timer_sync(&ifmgd->bcn_mon_timer); 3515 3516 /* 3517 * we need to use atomic bitops for the running bits 3518 * only because both timers might fire at the same 3519 * time -- the code here is properly synchronised. 3520 */ 3521 3522 cancel_work_sync(&ifmgd->request_smps_work); 3523 3524 cancel_work_sync(&ifmgd->monitor_work); 3525 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 3526 cancel_work_sync(&ifmgd->csa_connection_drop_work); 3527 if (del_timer_sync(&ifmgd->timer)) 3528 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 3529 3530 if (del_timer_sync(&ifmgd->chswitch_timer)) 3531 set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running); 3532 cancel_work_sync(&ifmgd->chswitch_work); 3533 } 3534 3535 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 3536 { 3537 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3538 3539 mutex_lock(&ifmgd->mtx); 3540 if (!ifmgd->associated) { 3541 mutex_unlock(&ifmgd->mtx); 3542 return; 3543 } 3544 3545 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 3546 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 3547 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 3548 ieee80211_sta_connection_lost(sdata, 3549 ifmgd->associated->bssid, 3550 WLAN_REASON_UNSPECIFIED, 3551 true); 3552 mutex_unlock(&ifmgd->mtx); 3553 return; 3554 } 3555 mutex_unlock(&ifmgd->mtx); 3556 3557 if (test_and_clear_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running)) 3558 add_timer(&ifmgd->timer); 3559 if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running)) 3560 add_timer(&ifmgd->chswitch_timer); 3561 ieee80211_sta_reset_beacon_monitor(sdata); 3562 3563 mutex_lock(&sdata->local->mtx); 3564 ieee80211_restart_sta_timer(sdata); 3565 mutex_unlock(&sdata->local->mtx); 3566 } 3567 #endif 3568 3569 /* interface setup */ 3570 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3571 { 3572 struct ieee80211_if_managed *ifmgd; 3573 3574 ifmgd = &sdata->u.mgd; 3575 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3576 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3577 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3578 ieee80211_beacon_connection_loss_work); 3579 INIT_WORK(&ifmgd->csa_connection_drop_work, 3580 ieee80211_csa_connection_drop_work); 3581 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work); 3582 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3583 (unsigned long) sdata); 3584 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3585 (unsigned long) sdata); 3586 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3587 (unsigned long) sdata); 3588 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 3589 (unsigned long) sdata); 3590 3591 ifmgd->flags = 0; 3592 ifmgd->powersave = sdata->wdev.ps; 3593 ifmgd->uapsd_queues = IEEE80211_DEFAULT_UAPSD_QUEUES; 3594 ifmgd->uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN; 3595 3596 mutex_init(&ifmgd->mtx); 3597 3598 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 3599 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 3600 else 3601 ifmgd->req_smps = IEEE80211_SMPS_OFF; 3602 } 3603 3604 /* scan finished notification */ 3605 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 3606 { 3607 struct ieee80211_sub_if_data *sdata; 3608 3609 /* Restart STA timers */ 3610 rcu_read_lock(); 3611 list_for_each_entry_rcu(sdata, &local->interfaces, list) 3612 ieee80211_restart_sta_timer(sdata); 3613 rcu_read_unlock(); 3614 } 3615 3616 int ieee80211_max_network_latency(struct notifier_block *nb, 3617 unsigned long data, void *dummy) 3618 { 3619 s32 latency_usec = (s32) data; 3620 struct ieee80211_local *local = 3621 container_of(nb, struct ieee80211_local, 3622 network_latency_notifier); 3623 3624 mutex_lock(&local->iflist_mtx); 3625 ieee80211_recalc_ps(local, latency_usec); 3626 mutex_unlock(&local->iflist_mtx); 3627 3628 return 0; 3629 } 3630 3631 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 3632 struct cfg80211_bss *cbss) 3633 { 3634 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3635 const u8 *ht_cap_ie, *vht_cap_ie; 3636 const struct ieee80211_ht_cap *ht_cap; 3637 const struct ieee80211_vht_cap *vht_cap; 3638 u8 chains = 1; 3639 3640 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 3641 return chains; 3642 3643 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3644 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 3645 ht_cap = (void *)(ht_cap_ie + 2); 3646 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 3647 /* 3648 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 3649 * "Tx Unequal Modulation Supported" fields. 3650 */ 3651 } 3652 3653 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 3654 return chains; 3655 3656 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3657 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 3658 u8 nss; 3659 u16 tx_mcs_map; 3660 3661 vht_cap = (void *)(vht_cap_ie + 2); 3662 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 3663 for (nss = 8; nss > 0; nss--) { 3664 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 3665 IEEE80211_VHT_MCS_NOT_SUPPORTED) 3666 break; 3667 } 3668 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 3669 chains = max(chains, nss); 3670 } 3671 3672 return chains; 3673 } 3674 3675 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 3676 struct cfg80211_bss *cbss) 3677 { 3678 struct ieee80211_local *local = sdata->local; 3679 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3680 const struct ieee80211_ht_operation *ht_oper = NULL; 3681 const struct ieee80211_vht_operation *vht_oper = NULL; 3682 struct ieee80211_supported_band *sband; 3683 struct cfg80211_chan_def chandef; 3684 int ret; 3685 3686 sband = local->hw.wiphy->bands[cbss->channel->band]; 3687 3688 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 3689 IEEE80211_STA_DISABLE_80P80MHZ | 3690 IEEE80211_STA_DISABLE_160MHZ); 3691 3692 rcu_read_lock(); 3693 3694 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 3695 sband->ht_cap.ht_supported) { 3696 const u8 *ht_oper_ie, *ht_cap; 3697 3698 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 3699 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 3700 ht_oper = (void *)(ht_oper_ie + 2); 3701 3702 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3703 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) { 3704 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3705 ht_oper = NULL; 3706 } 3707 } 3708 3709 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 3710 sband->vht_cap.vht_supported) { 3711 const u8 *vht_oper_ie, *vht_cap; 3712 3713 vht_oper_ie = ieee80211_bss_get_ie(cbss, 3714 WLAN_EID_VHT_OPERATION); 3715 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 3716 vht_oper = (void *)(vht_oper_ie + 2); 3717 if (vht_oper && !ht_oper) { 3718 vht_oper = NULL; 3719 sdata_info(sdata, 3720 "AP advertised VHT without HT, disabling both\n"); 3721 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3722 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3723 } 3724 3725 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3726 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 3727 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3728 vht_oper = NULL; 3729 } 3730 } 3731 3732 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 3733 cbss->channel, 3734 ht_oper, vht_oper, 3735 &chandef, true); 3736 3737 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 3738 local->rx_chains); 3739 3740 rcu_read_unlock(); 3741 3742 /* will change later if needed */ 3743 sdata->smps_mode = IEEE80211_SMPS_OFF; 3744 3745 /* 3746 * If this fails (possibly due to channel context sharing 3747 * on incompatible channels, e.g. 80+80 and 160 sharing the 3748 * same control channel) try to use a smaller bandwidth. 3749 */ 3750 ret = ieee80211_vif_use_channel(sdata, &chandef, 3751 IEEE80211_CHANCTX_SHARED); 3752 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 3753 ifmgd->flags |= chandef_downgrade(&chandef); 3754 ret = ieee80211_vif_use_channel(sdata, &chandef, 3755 IEEE80211_CHANCTX_SHARED); 3756 } 3757 return ret; 3758 } 3759 3760 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3761 struct cfg80211_bss *cbss, bool assoc) 3762 { 3763 struct ieee80211_local *local = sdata->local; 3764 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3765 struct ieee80211_bss *bss = (void *)cbss->priv; 3766 struct sta_info *new_sta = NULL; 3767 bool have_sta = false; 3768 int err; 3769 3770 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 3771 return -EINVAL; 3772 3773 if (assoc) { 3774 rcu_read_lock(); 3775 have_sta = sta_info_get(sdata, cbss->bssid); 3776 rcu_read_unlock(); 3777 } 3778 3779 if (!have_sta) { 3780 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 3781 if (!new_sta) 3782 return -ENOMEM; 3783 } 3784 3785 if (new_sta) { 3786 u32 rates = 0, basic_rates = 0; 3787 bool have_higher_than_11mbit; 3788 int min_rate = INT_MAX, min_rate_index = -1; 3789 struct ieee80211_supported_band *sband; 3790 const struct cfg80211_bss_ies *ies; 3791 3792 sband = local->hw.wiphy->bands[cbss->channel->band]; 3793 3794 err = ieee80211_prep_channel(sdata, cbss); 3795 if (err) { 3796 sta_info_free(local, new_sta); 3797 return err; 3798 } 3799 3800 ieee80211_get_rates(sband, bss->supp_rates, 3801 bss->supp_rates_len, 3802 &rates, &basic_rates, 3803 &have_higher_than_11mbit, 3804 &min_rate, &min_rate_index); 3805 3806 /* 3807 * This used to be a workaround for basic rates missing 3808 * in the association response frame. Now that we no 3809 * longer use the basic rates from there, it probably 3810 * doesn't happen any more, but keep the workaround so 3811 * in case some *other* APs are buggy in different ways 3812 * we can connect -- with a warning. 3813 */ 3814 if (!basic_rates && min_rate_index >= 0) { 3815 sdata_info(sdata, 3816 "No basic rates, using min rate instead\n"); 3817 basic_rates = BIT(min_rate_index); 3818 } 3819 3820 new_sta->sta.supp_rates[cbss->channel->band] = rates; 3821 sdata->vif.bss_conf.basic_rates = basic_rates; 3822 3823 /* cf. IEEE 802.11 9.2.12 */ 3824 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 3825 have_higher_than_11mbit) 3826 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 3827 else 3828 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 3829 3830 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3831 3832 /* set timing information */ 3833 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 3834 rcu_read_lock(); 3835 ies = rcu_dereference(cbss->beacon_ies); 3836 if (ies) { 3837 const u8 *tim_ie; 3838 3839 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3840 sdata->vif.bss_conf.sync_device_ts = 3841 bss->device_ts_beacon; 3842 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 3843 ies->data, ies->len); 3844 if (tim_ie && tim_ie[1] >= 2) 3845 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 3846 else 3847 sdata->vif.bss_conf.sync_dtim_count = 0; 3848 } else if (!(local->hw.flags & 3849 IEEE80211_HW_TIMING_BEACON_ONLY)) { 3850 ies = rcu_dereference(cbss->proberesp_ies); 3851 /* must be non-NULL since beacon IEs were NULL */ 3852 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3853 sdata->vif.bss_conf.sync_device_ts = 3854 bss->device_ts_presp; 3855 sdata->vif.bss_conf.sync_dtim_count = 0; 3856 } else { 3857 sdata->vif.bss_conf.sync_tsf = 0; 3858 sdata->vif.bss_conf.sync_device_ts = 0; 3859 sdata->vif.bss_conf.sync_dtim_count = 0; 3860 } 3861 rcu_read_unlock(); 3862 3863 /* tell driver about BSSID, basic rates and timing */ 3864 ieee80211_bss_info_change_notify(sdata, 3865 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 3866 BSS_CHANGED_BEACON_INT); 3867 3868 if (assoc) 3869 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 3870 3871 err = sta_info_insert(new_sta); 3872 new_sta = NULL; 3873 if (err) { 3874 sdata_info(sdata, 3875 "failed to insert STA entry for the AP (error %d)\n", 3876 err); 3877 return err; 3878 } 3879 } else 3880 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 3881 3882 return 0; 3883 } 3884 3885 /* config hooks */ 3886 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 3887 struct cfg80211_auth_request *req) 3888 { 3889 struct ieee80211_local *local = sdata->local; 3890 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3891 struct ieee80211_mgd_auth_data *auth_data; 3892 u16 auth_alg; 3893 int err; 3894 3895 /* prepare auth data structure */ 3896 3897 switch (req->auth_type) { 3898 case NL80211_AUTHTYPE_OPEN_SYSTEM: 3899 auth_alg = WLAN_AUTH_OPEN; 3900 break; 3901 case NL80211_AUTHTYPE_SHARED_KEY: 3902 if (IS_ERR(local->wep_tx_tfm)) 3903 return -EOPNOTSUPP; 3904 auth_alg = WLAN_AUTH_SHARED_KEY; 3905 break; 3906 case NL80211_AUTHTYPE_FT: 3907 auth_alg = WLAN_AUTH_FT; 3908 break; 3909 case NL80211_AUTHTYPE_NETWORK_EAP: 3910 auth_alg = WLAN_AUTH_LEAP; 3911 break; 3912 case NL80211_AUTHTYPE_SAE: 3913 auth_alg = WLAN_AUTH_SAE; 3914 break; 3915 default: 3916 return -EOPNOTSUPP; 3917 } 3918 3919 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 3920 req->ie_len, GFP_KERNEL); 3921 if (!auth_data) 3922 return -ENOMEM; 3923 3924 auth_data->bss = req->bss; 3925 3926 if (req->sae_data_len >= 4) { 3927 __le16 *pos = (__le16 *) req->sae_data; 3928 auth_data->sae_trans = le16_to_cpu(pos[0]); 3929 auth_data->sae_status = le16_to_cpu(pos[1]); 3930 memcpy(auth_data->data, req->sae_data + 4, 3931 req->sae_data_len - 4); 3932 auth_data->data_len += req->sae_data_len - 4; 3933 } 3934 3935 if (req->ie && req->ie_len) { 3936 memcpy(&auth_data->data[auth_data->data_len], 3937 req->ie, req->ie_len); 3938 auth_data->data_len += req->ie_len; 3939 } 3940 3941 if (req->key && req->key_len) { 3942 auth_data->key_len = req->key_len; 3943 auth_data->key_idx = req->key_idx; 3944 memcpy(auth_data->key, req->key, req->key_len); 3945 } 3946 3947 auth_data->algorithm = auth_alg; 3948 3949 /* try to authenticate/probe */ 3950 3951 mutex_lock(&ifmgd->mtx); 3952 3953 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 3954 ifmgd->assoc_data) { 3955 err = -EBUSY; 3956 goto err_free; 3957 } 3958 3959 if (ifmgd->auth_data) 3960 ieee80211_destroy_auth_data(sdata, false); 3961 3962 /* prep auth_data so we don't go into idle on disassoc */ 3963 ifmgd->auth_data = auth_data; 3964 3965 if (ifmgd->associated) 3966 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 3967 3968 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 3969 3970 err = ieee80211_prep_connection(sdata, req->bss, false); 3971 if (err) 3972 goto err_clear; 3973 3974 err = ieee80211_probe_auth(sdata); 3975 if (err) { 3976 sta_info_destroy_addr(sdata, req->bss->bssid); 3977 goto err_clear; 3978 } 3979 3980 /* hold our own reference */ 3981 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 3982 err = 0; 3983 goto out_unlock; 3984 3985 err_clear: 3986 memset(ifmgd->bssid, 0, ETH_ALEN); 3987 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 3988 ifmgd->auth_data = NULL; 3989 err_free: 3990 kfree(auth_data); 3991 out_unlock: 3992 mutex_unlock(&ifmgd->mtx); 3993 3994 return err; 3995 } 3996 3997 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 3998 struct cfg80211_assoc_request *req) 3999 { 4000 struct ieee80211_local *local = sdata->local; 4001 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4002 struct ieee80211_bss *bss = (void *)req->bss->priv; 4003 struct ieee80211_mgd_assoc_data *assoc_data; 4004 const struct cfg80211_bss_ies *beacon_ies; 4005 struct ieee80211_supported_band *sband; 4006 const u8 *ssidie, *ht_ie, *vht_ie; 4007 int i, err; 4008 4009 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 4010 if (!assoc_data) 4011 return -ENOMEM; 4012 4013 rcu_read_lock(); 4014 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 4015 if (!ssidie) { 4016 rcu_read_unlock(); 4017 kfree(assoc_data); 4018 return -EINVAL; 4019 } 4020 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4021 assoc_data->ssid_len = ssidie[1]; 4022 rcu_read_unlock(); 4023 4024 mutex_lock(&ifmgd->mtx); 4025 4026 if (ifmgd->associated) 4027 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 4028 4029 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4030 err = -EBUSY; 4031 goto err_free; 4032 } 4033 4034 if (ifmgd->assoc_data) { 4035 err = -EBUSY; 4036 goto err_free; 4037 } 4038 4039 if (ifmgd->auth_data) { 4040 bool match; 4041 4042 /* keep sta info, bssid if matching */ 4043 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4044 ieee80211_destroy_auth_data(sdata, match); 4045 } 4046 4047 /* prepare assoc data */ 4048 4049 ifmgd->beacon_crc_valid = false; 4050 4051 /* 4052 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4053 * We still associate in non-HT mode (11a/b/g) if any one of these 4054 * ciphers is configured as pairwise. 4055 * We can set this to true for non-11n hardware, that'll be checked 4056 * separately along with the peer capabilities. 4057 */ 4058 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4059 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4060 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4061 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4062 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4063 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4064 netdev_info(sdata->dev, 4065 "disabling HT/VHT due to WEP/TKIP use\n"); 4066 } 4067 } 4068 4069 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4070 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4071 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4072 } 4073 4074 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4075 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4076 if (!sband->ht_cap.ht_supported || 4077 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4078 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4079 if (!bss->wmm_used) 4080 netdev_info(sdata->dev, 4081 "disabling HT as WMM/QoS is not supported by the AP\n"); 4082 } 4083 4084 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4085 if (!sband->vht_cap.vht_supported || 4086 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4087 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4088 if (!bss->wmm_used) 4089 netdev_info(sdata->dev, 4090 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4091 } 4092 4093 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4094 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4095 sizeof(ifmgd->ht_capa_mask)); 4096 4097 if (req->ie && req->ie_len) { 4098 memcpy(assoc_data->ie, req->ie, req->ie_len); 4099 assoc_data->ie_len = req->ie_len; 4100 } 4101 4102 assoc_data->bss = req->bss; 4103 4104 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4105 if (ifmgd->powersave) 4106 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4107 else 4108 sdata->smps_mode = IEEE80211_SMPS_OFF; 4109 } else 4110 sdata->smps_mode = ifmgd->req_smps; 4111 4112 assoc_data->capability = req->bss->capability; 4113 assoc_data->wmm = bss->wmm_used && 4114 (local->hw.queues >= IEEE80211_NUM_ACS); 4115 assoc_data->supp_rates = bss->supp_rates; 4116 assoc_data->supp_rates_len = bss->supp_rates_len; 4117 4118 rcu_read_lock(); 4119 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4120 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4121 assoc_data->ap_ht_param = 4122 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4123 else 4124 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4125 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4126 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4127 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4128 sizeof(struct ieee80211_vht_cap)); 4129 else 4130 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4131 rcu_read_unlock(); 4132 4133 if (bss->wmm_used && bss->uapsd_supported && 4134 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) { 4135 assoc_data->uapsd = true; 4136 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4137 } else { 4138 assoc_data->uapsd = false; 4139 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4140 } 4141 4142 if (req->prev_bssid) 4143 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4144 4145 if (req->use_mfp) { 4146 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4147 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4148 } else { 4149 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4150 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4151 } 4152 4153 if (req->crypto.control_port) 4154 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4155 else 4156 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4157 4158 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4159 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4160 4161 /* kick off associate process */ 4162 4163 ifmgd->assoc_data = assoc_data; 4164 ifmgd->dtim_period = 0; 4165 4166 err = ieee80211_prep_connection(sdata, req->bss, true); 4167 if (err) 4168 goto err_clear; 4169 4170 rcu_read_lock(); 4171 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4172 4173 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4174 !beacon_ies) { 4175 /* 4176 * Wait up to one beacon interval ... 4177 * should this be more if we miss one? 4178 */ 4179 sdata_info(sdata, "waiting for beacon from %pM\n", 4180 ifmgd->bssid); 4181 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4182 assoc_data->timeout_started = true; 4183 assoc_data->need_beacon = true; 4184 } else if (beacon_ies) { 4185 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4186 beacon_ies->data, 4187 beacon_ies->len); 4188 u8 dtim_count = 0; 4189 4190 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4191 const struct ieee80211_tim_ie *tim; 4192 tim = (void *)(tim_ie + 2); 4193 ifmgd->dtim_period = tim->dtim_period; 4194 dtim_count = tim->dtim_count; 4195 } 4196 assoc_data->have_beacon = true; 4197 assoc_data->timeout = jiffies; 4198 assoc_data->timeout_started = true; 4199 4200 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4201 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4202 sdata->vif.bss_conf.sync_device_ts = 4203 bss->device_ts_beacon; 4204 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4205 } 4206 } else { 4207 assoc_data->timeout = jiffies; 4208 assoc_data->timeout_started = true; 4209 } 4210 rcu_read_unlock(); 4211 4212 run_again(ifmgd, assoc_data->timeout); 4213 4214 if (bss->corrupt_data) { 4215 char *corrupt_type = "data"; 4216 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4217 if (bss->corrupt_data & 4218 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4219 corrupt_type = "beacon and probe response"; 4220 else 4221 corrupt_type = "beacon"; 4222 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4223 corrupt_type = "probe response"; 4224 sdata_info(sdata, "associating with AP with corrupt %s\n", 4225 corrupt_type); 4226 } 4227 4228 err = 0; 4229 goto out; 4230 err_clear: 4231 memset(ifmgd->bssid, 0, ETH_ALEN); 4232 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4233 ifmgd->assoc_data = NULL; 4234 err_free: 4235 kfree(assoc_data); 4236 out: 4237 mutex_unlock(&ifmgd->mtx); 4238 4239 return err; 4240 } 4241 4242 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4243 struct cfg80211_deauth_request *req) 4244 { 4245 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4246 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4247 bool tx = !req->local_state_change; 4248 bool sent_frame = false; 4249 4250 mutex_lock(&ifmgd->mtx); 4251 4252 sdata_info(sdata, 4253 "deauthenticating from %pM by local choice (reason=%d)\n", 4254 req->bssid, req->reason_code); 4255 4256 if (ifmgd->auth_data) { 4257 drv_mgd_prepare_tx(sdata->local, sdata); 4258 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4259 IEEE80211_STYPE_DEAUTH, 4260 req->reason_code, tx, 4261 frame_buf); 4262 ieee80211_destroy_auth_data(sdata, false); 4263 mutex_unlock(&ifmgd->mtx); 4264 4265 sent_frame = tx; 4266 goto out; 4267 } 4268 4269 if (ifmgd->associated && 4270 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4271 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4272 req->reason_code, tx, frame_buf); 4273 sent_frame = tx; 4274 } 4275 mutex_unlock(&ifmgd->mtx); 4276 4277 out: 4278 if (sent_frame) 4279 __cfg80211_send_deauth(sdata->dev, frame_buf, 4280 IEEE80211_DEAUTH_FRAME_LEN); 4281 4282 return 0; 4283 } 4284 4285 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4286 struct cfg80211_disassoc_request *req) 4287 { 4288 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4289 u8 bssid[ETH_ALEN]; 4290 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4291 4292 mutex_lock(&ifmgd->mtx); 4293 4294 /* 4295 * cfg80211 should catch this ... but it's racy since 4296 * we can receive a disassoc frame, process it, hand it 4297 * to cfg80211 while that's in a locked section already 4298 * trying to tell us that the user wants to disconnect. 4299 */ 4300 if (ifmgd->associated != req->bss) { 4301 mutex_unlock(&ifmgd->mtx); 4302 return -ENOLINK; 4303 } 4304 4305 sdata_info(sdata, 4306 "disassociating from %pM by local choice (reason=%d)\n", 4307 req->bss->bssid, req->reason_code); 4308 4309 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4310 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4311 req->reason_code, !req->local_state_change, 4312 frame_buf); 4313 mutex_unlock(&ifmgd->mtx); 4314 4315 __cfg80211_send_disassoc(sdata->dev, frame_buf, 4316 IEEE80211_DEAUTH_FRAME_LEN); 4317 4318 return 0; 4319 } 4320 4321 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4322 { 4323 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4324 4325 /* 4326 * Make sure some work items will not run after this, 4327 * they will not do anything but might not have been 4328 * cancelled when disconnecting. 4329 */ 4330 cancel_work_sync(&ifmgd->monitor_work); 4331 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4332 cancel_work_sync(&ifmgd->request_smps_work); 4333 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4334 cancel_work_sync(&ifmgd->chswitch_work); 4335 4336 mutex_lock(&ifmgd->mtx); 4337 if (ifmgd->assoc_data) 4338 ieee80211_destroy_assoc_data(sdata, false); 4339 if (ifmgd->auth_data) 4340 ieee80211_destroy_auth_data(sdata, false); 4341 del_timer_sync(&ifmgd->timer); 4342 mutex_unlock(&ifmgd->mtx); 4343 } 4344 4345 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 4346 enum nl80211_cqm_rssi_threshold_event rssi_event, 4347 gfp_t gfp) 4348 { 4349 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4350 4351 trace_api_cqm_rssi_notify(sdata, rssi_event); 4352 4353 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4354 } 4355 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4356