1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/pm_qos.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) 35 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 36 #define IEEE80211_AUTH_MAX_TRIES 3 37 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 38 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 39 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 40 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 41 #define IEEE80211_ASSOC_MAX_TRIES 3 42 43 static int max_nullfunc_tries = 2; 44 module_param(max_nullfunc_tries, int, 0644); 45 MODULE_PARM_DESC(max_nullfunc_tries, 46 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 47 48 static int max_probe_tries = 5; 49 module_param(max_probe_tries, int, 0644); 50 MODULE_PARM_DESC(max_probe_tries, 51 "Maximum probe tries before disconnecting (reason 4)."); 52 53 /* 54 * Beacon loss timeout is calculated as N frames times the 55 * advertised beacon interval. This may need to be somewhat 56 * higher than what hardware might detect to account for 57 * delays in the host processing frames. But since we also 58 * probe on beacon miss before declaring the connection lost 59 * default to what we want. 60 */ 61 static int beacon_loss_count = 7; 62 module_param(beacon_loss_count, int, 0644); 63 MODULE_PARM_DESC(beacon_loss_count, 64 "Number of beacon intervals before we decide beacon was lost."); 65 66 /* 67 * Time the connection can be idle before we probe 68 * it to see if we can still talk to the AP. 69 */ 70 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 71 /* 72 * Time we wait for a probe response after sending 73 * a probe request because of beacon loss or for 74 * checking the connection still works. 75 */ 76 static int probe_wait_ms = 500; 77 module_param(probe_wait_ms, int, 0644); 78 MODULE_PARM_DESC(probe_wait_ms, 79 "Maximum time(ms) to wait for probe response" 80 " before disconnecting (reason 4)."); 81 82 /* 83 * Weight given to the latest Beacon frame when calculating average signal 84 * strength for Beacon frames received in the current BSS. This must be 85 * between 1 and 15. 86 */ 87 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 88 89 /* 90 * How many Beacon frames need to have been used in average signal strength 91 * before starting to indicate signal change events. 92 */ 93 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 94 95 /* 96 * We can have multiple work items (and connection probing) 97 * scheduling this timer, but we need to take care to only 98 * reschedule it when it should fire _earlier_ than it was 99 * asked for before, or if it's not pending right now. This 100 * function ensures that. Note that it then is required to 101 * run this function for all timeouts after the first one 102 * has happened -- the work that runs from this timer will 103 * do that. 104 */ 105 static void run_again(struct ieee80211_sub_if_data *sdata, 106 unsigned long timeout) 107 { 108 sdata_assert_lock(sdata); 109 110 if (!timer_pending(&sdata->u.mgd.timer) || 111 time_before(timeout, sdata->u.mgd.timer.expires)) 112 mod_timer(&sdata->u.mgd.timer, timeout); 113 } 114 115 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 116 { 117 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 118 return; 119 120 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 121 return; 122 123 mod_timer(&sdata->u.mgd.bcn_mon_timer, 124 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 125 } 126 127 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 128 { 129 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 130 131 if (unlikely(!sdata->u.mgd.associated)) 132 return; 133 134 ifmgd->probe_send_count = 0; 135 136 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 137 return; 138 139 mod_timer(&sdata->u.mgd.conn_mon_timer, 140 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 141 } 142 143 static int ecw2cw(int ecw) 144 { 145 return (1 << ecw) - 1; 146 } 147 148 static u32 149 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 150 struct ieee80211_supported_band *sband, 151 struct ieee80211_channel *channel, 152 const struct ieee80211_ht_operation *ht_oper, 153 const struct ieee80211_vht_operation *vht_oper, 154 struct cfg80211_chan_def *chandef, bool tracking) 155 { 156 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 157 struct cfg80211_chan_def vht_chandef; 158 u32 ht_cfreq, ret; 159 160 chandef->chan = channel; 161 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 162 chandef->center_freq1 = channel->center_freq; 163 chandef->center_freq2 = 0; 164 165 if (!ht_oper || !sband->ht_cap.ht_supported) { 166 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 167 goto out; 168 } 169 170 chandef->width = NL80211_CHAN_WIDTH_20; 171 172 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 173 channel->band); 174 /* check that channel matches the right operating channel */ 175 if (!tracking && channel->center_freq != ht_cfreq) { 176 /* 177 * It's possible that some APs are confused here; 178 * Netgear WNDR3700 sometimes reports 4 higher than 179 * the actual channel in association responses, but 180 * since we look at probe response/beacon data here 181 * it should be OK. 182 */ 183 sdata_info(sdata, 184 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 185 channel->center_freq, ht_cfreq, 186 ht_oper->primary_chan, channel->band); 187 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 188 goto out; 189 } 190 191 /* check 40 MHz support, if we have it */ 192 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 193 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 194 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 195 chandef->width = NL80211_CHAN_WIDTH_40; 196 chandef->center_freq1 += 10; 197 break; 198 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 199 chandef->width = NL80211_CHAN_WIDTH_40; 200 chandef->center_freq1 -= 10; 201 break; 202 } 203 } else { 204 /* 40 MHz (and 80 MHz) must be supported for VHT */ 205 ret = IEEE80211_STA_DISABLE_VHT; 206 /* also mark 40 MHz disabled */ 207 ret |= IEEE80211_STA_DISABLE_40MHZ; 208 goto out; 209 } 210 211 if (!vht_oper || !sband->vht_cap.vht_supported) { 212 ret = IEEE80211_STA_DISABLE_VHT; 213 goto out; 214 } 215 216 vht_chandef.chan = channel; 217 vht_chandef.center_freq1 = 218 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 219 channel->band); 220 vht_chandef.center_freq2 = 0; 221 222 switch (vht_oper->chan_width) { 223 case IEEE80211_VHT_CHANWIDTH_USE_HT: 224 vht_chandef.width = chandef->width; 225 vht_chandef.center_freq1 = chandef->center_freq1; 226 break; 227 case IEEE80211_VHT_CHANWIDTH_80MHZ: 228 vht_chandef.width = NL80211_CHAN_WIDTH_80; 229 break; 230 case IEEE80211_VHT_CHANWIDTH_160MHZ: 231 vht_chandef.width = NL80211_CHAN_WIDTH_160; 232 break; 233 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 234 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 235 vht_chandef.center_freq2 = 236 ieee80211_channel_to_frequency( 237 vht_oper->center_freq_seg2_idx, 238 channel->band); 239 break; 240 default: 241 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 242 sdata_info(sdata, 243 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 244 vht_oper->chan_width); 245 ret = IEEE80211_STA_DISABLE_VHT; 246 goto out; 247 } 248 249 if (!cfg80211_chandef_valid(&vht_chandef)) { 250 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 251 sdata_info(sdata, 252 "AP VHT information is invalid, disable VHT\n"); 253 ret = IEEE80211_STA_DISABLE_VHT; 254 goto out; 255 } 256 257 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 258 ret = 0; 259 goto out; 260 } 261 262 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 263 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 264 sdata_info(sdata, 265 "AP VHT information doesn't match HT, disable VHT\n"); 266 ret = IEEE80211_STA_DISABLE_VHT; 267 goto out; 268 } 269 270 *chandef = vht_chandef; 271 272 ret = 0; 273 274 out: 275 /* 276 * When tracking the current AP, don't do any further checks if the 277 * new chandef is identical to the one we're currently using for the 278 * connection. This keeps us from playing ping-pong with regulatory, 279 * without it the following can happen (for example): 280 * - connect to an AP with 80 MHz, world regdom allows 80 MHz 281 * - AP advertises regdom US 282 * - CRDA loads regdom US with 80 MHz prohibited (old database) 283 * - the code below detects an unsupported channel, downgrades, and 284 * we disconnect from the AP in the caller 285 * - disconnect causes CRDA to reload world regdomain and the game 286 * starts anew. 287 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881) 288 * 289 * It seems possible that there are still scenarios with CSA or real 290 * bandwidth changes where a this could happen, but those cases are 291 * less common and wouldn't completely prevent using the AP. 292 */ 293 if (tracking && 294 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef)) 295 return ret; 296 297 /* don't print the message below for VHT mismatch if VHT is disabled */ 298 if (ret & IEEE80211_STA_DISABLE_VHT) 299 vht_chandef = *chandef; 300 301 /* 302 * Ignore the DISABLED flag when we're already connected and only 303 * tracking the APs beacon for bandwidth changes - otherwise we 304 * might get disconnected here if we connect to an AP, update our 305 * regulatory information based on the AP's country IE and the 306 * information we have is wrong/outdated and disables the channel 307 * that we're actually using for the connection to the AP. 308 */ 309 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 310 tracking ? 0 : 311 IEEE80211_CHAN_DISABLED)) { 312 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 313 ret = IEEE80211_STA_DISABLE_HT | 314 IEEE80211_STA_DISABLE_VHT; 315 break; 316 } 317 318 ret |= ieee80211_chandef_downgrade(chandef); 319 } 320 321 if (chandef->width != vht_chandef.width && !tracking) 322 sdata_info(sdata, 323 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 324 325 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 326 return ret; 327 } 328 329 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 330 struct sta_info *sta, 331 const struct ieee80211_ht_operation *ht_oper, 332 const struct ieee80211_vht_operation *vht_oper, 333 const u8 *bssid, u32 *changed) 334 { 335 struct ieee80211_local *local = sdata->local; 336 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 337 struct ieee80211_supported_band *sband; 338 struct ieee80211_channel *chan; 339 struct cfg80211_chan_def chandef; 340 u16 ht_opmode; 341 u32 flags; 342 enum ieee80211_sta_rx_bandwidth new_sta_bw; 343 int ret; 344 345 /* if HT was/is disabled, don't track any bandwidth changes */ 346 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 347 return 0; 348 349 /* don't check VHT if we associated as non-VHT station */ 350 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 351 vht_oper = NULL; 352 353 if (WARN_ON_ONCE(!sta)) 354 return -EINVAL; 355 356 /* 357 * if bss configuration changed store the new one - 358 * this may be applicable even if channel is identical 359 */ 360 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 361 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 362 *changed |= BSS_CHANGED_HT; 363 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 364 } 365 366 chan = sdata->vif.bss_conf.chandef.chan; 367 sband = local->hw.wiphy->bands[chan->band]; 368 369 /* calculate new channel (type) based on HT/VHT operation IEs */ 370 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, 371 vht_oper, &chandef, true); 372 373 /* 374 * Downgrade the new channel if we associated with restricted 375 * capabilities. For example, if we associated as a 20 MHz STA 376 * to a 40 MHz AP (due to regulatory, capabilities or config 377 * reasons) then switching to a 40 MHz channel now won't do us 378 * any good -- we couldn't use it with the AP. 379 */ 380 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 381 chandef.width == NL80211_CHAN_WIDTH_80P80) 382 flags |= ieee80211_chandef_downgrade(&chandef); 383 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 384 chandef.width == NL80211_CHAN_WIDTH_160) 385 flags |= ieee80211_chandef_downgrade(&chandef); 386 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 387 chandef.width > NL80211_CHAN_WIDTH_20) 388 flags |= ieee80211_chandef_downgrade(&chandef); 389 390 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 391 return 0; 392 393 sdata_info(sdata, 394 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 395 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 396 chandef.center_freq1, chandef.center_freq2); 397 398 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 399 IEEE80211_STA_DISABLE_VHT | 400 IEEE80211_STA_DISABLE_40MHZ | 401 IEEE80211_STA_DISABLE_80P80MHZ | 402 IEEE80211_STA_DISABLE_160MHZ)) || 403 !cfg80211_chandef_valid(&chandef)) { 404 sdata_info(sdata, 405 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 406 ifmgd->bssid); 407 return -EINVAL; 408 } 409 410 switch (chandef.width) { 411 case NL80211_CHAN_WIDTH_20_NOHT: 412 case NL80211_CHAN_WIDTH_20: 413 new_sta_bw = IEEE80211_STA_RX_BW_20; 414 break; 415 case NL80211_CHAN_WIDTH_40: 416 new_sta_bw = IEEE80211_STA_RX_BW_40; 417 break; 418 case NL80211_CHAN_WIDTH_80: 419 new_sta_bw = IEEE80211_STA_RX_BW_80; 420 break; 421 case NL80211_CHAN_WIDTH_80P80: 422 case NL80211_CHAN_WIDTH_160: 423 new_sta_bw = IEEE80211_STA_RX_BW_160; 424 break; 425 default: 426 return -EINVAL; 427 } 428 429 if (new_sta_bw > sta->cur_max_bandwidth) 430 new_sta_bw = sta->cur_max_bandwidth; 431 432 if (new_sta_bw < sta->sta.bandwidth) { 433 sta->sta.bandwidth = new_sta_bw; 434 rate_control_rate_update(local, sband, sta, 435 IEEE80211_RC_BW_CHANGED); 436 } 437 438 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 439 if (ret) { 440 sdata_info(sdata, 441 "AP %pM changed bandwidth to incompatible one - disconnect\n", 442 ifmgd->bssid); 443 return ret; 444 } 445 446 if (new_sta_bw > sta->sta.bandwidth) { 447 sta->sta.bandwidth = new_sta_bw; 448 rate_control_rate_update(local, sband, sta, 449 IEEE80211_RC_BW_CHANGED); 450 } 451 452 return 0; 453 } 454 455 /* frame sending functions */ 456 457 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 458 struct sk_buff *skb, u8 ap_ht_param, 459 struct ieee80211_supported_band *sband, 460 struct ieee80211_channel *channel, 461 enum ieee80211_smps_mode smps) 462 { 463 u8 *pos; 464 u32 flags = channel->flags; 465 u16 cap; 466 struct ieee80211_sta_ht_cap ht_cap; 467 468 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 469 470 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 471 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 472 473 /* determine capability flags */ 474 cap = ht_cap.cap; 475 476 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 477 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 478 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 479 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 480 cap &= ~IEEE80211_HT_CAP_SGI_40; 481 } 482 break; 483 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 484 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 485 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 486 cap &= ~IEEE80211_HT_CAP_SGI_40; 487 } 488 break; 489 } 490 491 /* 492 * If 40 MHz was disabled associate as though we weren't 493 * capable of 40 MHz -- some broken APs will never fall 494 * back to trying to transmit in 20 MHz. 495 */ 496 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 497 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 498 cap &= ~IEEE80211_HT_CAP_SGI_40; 499 } 500 501 /* set SM PS mode properly */ 502 cap &= ~IEEE80211_HT_CAP_SM_PS; 503 switch (smps) { 504 case IEEE80211_SMPS_AUTOMATIC: 505 case IEEE80211_SMPS_NUM_MODES: 506 WARN_ON(1); 507 case IEEE80211_SMPS_OFF: 508 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 509 IEEE80211_HT_CAP_SM_PS_SHIFT; 510 break; 511 case IEEE80211_SMPS_STATIC: 512 cap |= WLAN_HT_CAP_SM_PS_STATIC << 513 IEEE80211_HT_CAP_SM_PS_SHIFT; 514 break; 515 case IEEE80211_SMPS_DYNAMIC: 516 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 517 IEEE80211_HT_CAP_SM_PS_SHIFT; 518 break; 519 } 520 521 /* reserve and fill IE */ 522 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 523 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 524 } 525 526 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 527 struct sk_buff *skb, 528 struct ieee80211_supported_band *sband, 529 struct ieee80211_vht_cap *ap_vht_cap) 530 { 531 u8 *pos; 532 u32 cap; 533 struct ieee80211_sta_vht_cap vht_cap; 534 u32 mask, ap_bf_sts, our_bf_sts; 535 536 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 537 538 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 539 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 540 541 /* determine capability flags */ 542 cap = vht_cap.cap; 543 544 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 545 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; 546 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 547 } 548 549 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 550 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 551 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 552 } 553 554 /* 555 * Some APs apparently get confused if our capabilities are better 556 * than theirs, so restrict what we advertise in the assoc request. 557 */ 558 if (!(ap_vht_cap->vht_cap_info & 559 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 560 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 561 562 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK; 563 564 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask; 565 our_bf_sts = cap & mask; 566 567 if (ap_bf_sts < our_bf_sts) { 568 cap &= ~mask; 569 cap |= ap_bf_sts; 570 } 571 572 /* reserve and fill IE */ 573 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 574 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 575 } 576 577 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 578 { 579 struct ieee80211_local *local = sdata->local; 580 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 581 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 582 struct sk_buff *skb; 583 struct ieee80211_mgmt *mgmt; 584 u8 *pos, qos_info; 585 size_t offset = 0, noffset; 586 int i, count, rates_len, supp_rates_len, shift; 587 u16 capab; 588 struct ieee80211_supported_band *sband; 589 struct ieee80211_chanctx_conf *chanctx_conf; 590 struct ieee80211_channel *chan; 591 u32 rate_flags, rates = 0; 592 593 sdata_assert_lock(sdata); 594 595 rcu_read_lock(); 596 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 597 if (WARN_ON(!chanctx_conf)) { 598 rcu_read_unlock(); 599 return; 600 } 601 chan = chanctx_conf->def.chan; 602 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 603 rcu_read_unlock(); 604 sband = local->hw.wiphy->bands[chan->band]; 605 shift = ieee80211_vif_get_shift(&sdata->vif); 606 607 if (assoc_data->supp_rates_len) { 608 /* 609 * Get all rates supported by the device and the AP as 610 * some APs don't like getting a superset of their rates 611 * in the association request (e.g. D-Link DAP 1353 in 612 * b-only mode)... 613 */ 614 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband, 615 assoc_data->supp_rates, 616 assoc_data->supp_rates_len, 617 &rates); 618 } else { 619 /* 620 * In case AP not provide any supported rates information 621 * before association, we send information element(s) with 622 * all rates that we support. 623 */ 624 rates_len = 0; 625 for (i = 0; i < sband->n_bitrates; i++) { 626 if ((rate_flags & sband->bitrates[i].flags) 627 != rate_flags) 628 continue; 629 rates |= BIT(i); 630 rates_len++; 631 } 632 } 633 634 skb = alloc_skb(local->hw.extra_tx_headroom + 635 sizeof(*mgmt) + /* bit too much but doesn't matter */ 636 2 + assoc_data->ssid_len + /* SSID */ 637 4 + rates_len + /* (extended) rates */ 638 4 + /* power capability */ 639 2 + 2 * sband->n_channels + /* supported channels */ 640 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 641 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 642 assoc_data->ie_len + /* extra IEs */ 643 9, /* WMM */ 644 GFP_KERNEL); 645 if (!skb) 646 return; 647 648 skb_reserve(skb, local->hw.extra_tx_headroom); 649 650 capab = WLAN_CAPABILITY_ESS; 651 652 if (sband->band == IEEE80211_BAND_2GHZ) { 653 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 654 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 655 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 656 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 657 } 658 659 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 660 capab |= WLAN_CAPABILITY_PRIVACY; 661 662 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 663 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 664 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 665 666 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 667 memset(mgmt, 0, 24); 668 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 669 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 670 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 671 672 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 673 skb_put(skb, 10); 674 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 675 IEEE80211_STYPE_REASSOC_REQ); 676 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 677 mgmt->u.reassoc_req.listen_interval = 678 cpu_to_le16(local->hw.conf.listen_interval); 679 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 680 ETH_ALEN); 681 } else { 682 skb_put(skb, 4); 683 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 684 IEEE80211_STYPE_ASSOC_REQ); 685 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 686 mgmt->u.assoc_req.listen_interval = 687 cpu_to_le16(local->hw.conf.listen_interval); 688 } 689 690 /* SSID */ 691 pos = skb_put(skb, 2 + assoc_data->ssid_len); 692 *pos++ = WLAN_EID_SSID; 693 *pos++ = assoc_data->ssid_len; 694 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 695 696 /* add all rates which were marked to be used above */ 697 supp_rates_len = rates_len; 698 if (supp_rates_len > 8) 699 supp_rates_len = 8; 700 701 pos = skb_put(skb, supp_rates_len + 2); 702 *pos++ = WLAN_EID_SUPP_RATES; 703 *pos++ = supp_rates_len; 704 705 count = 0; 706 for (i = 0; i < sband->n_bitrates; i++) { 707 if (BIT(i) & rates) { 708 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 709 5 * (1 << shift)); 710 *pos++ = (u8) rate; 711 if (++count == 8) 712 break; 713 } 714 } 715 716 if (rates_len > count) { 717 pos = skb_put(skb, rates_len - count + 2); 718 *pos++ = WLAN_EID_EXT_SUPP_RATES; 719 *pos++ = rates_len - count; 720 721 for (i++; i < sband->n_bitrates; i++) { 722 if (BIT(i) & rates) { 723 int rate; 724 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 725 5 * (1 << shift)); 726 *pos++ = (u8) rate; 727 } 728 } 729 } 730 731 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 732 /* 1. power capabilities */ 733 pos = skb_put(skb, 4); 734 *pos++ = WLAN_EID_PWR_CAPABILITY; 735 *pos++ = 2; 736 *pos++ = 0; /* min tx power */ 737 /* max tx power */ 738 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def); 739 740 /* 2. supported channels */ 741 /* TODO: get this in reg domain format */ 742 pos = skb_put(skb, 2 * sband->n_channels + 2); 743 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 744 *pos++ = 2 * sband->n_channels; 745 for (i = 0; i < sband->n_channels; i++) { 746 *pos++ = ieee80211_frequency_to_channel( 747 sband->channels[i].center_freq); 748 *pos++ = 1; /* one channel in the subband*/ 749 } 750 } 751 752 /* if present, add any custom IEs that go before HT */ 753 if (assoc_data->ie_len) { 754 static const u8 before_ht[] = { 755 WLAN_EID_SSID, 756 WLAN_EID_SUPP_RATES, 757 WLAN_EID_EXT_SUPP_RATES, 758 WLAN_EID_PWR_CAPABILITY, 759 WLAN_EID_SUPPORTED_CHANNELS, 760 WLAN_EID_RSN, 761 WLAN_EID_QOS_CAPA, 762 WLAN_EID_RRM_ENABLED_CAPABILITIES, 763 WLAN_EID_MOBILITY_DOMAIN, 764 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 765 }; 766 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 767 before_ht, ARRAY_SIZE(before_ht), 768 offset); 769 pos = skb_put(skb, noffset - offset); 770 memcpy(pos, assoc_data->ie + offset, noffset - offset); 771 offset = noffset; 772 } 773 774 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 775 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 776 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 777 778 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 779 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 780 sband, chan, sdata->smps_mode); 781 782 /* if present, add any custom IEs that go before VHT */ 783 if (assoc_data->ie_len) { 784 static const u8 before_vht[] = { 785 WLAN_EID_SSID, 786 WLAN_EID_SUPP_RATES, 787 WLAN_EID_EXT_SUPP_RATES, 788 WLAN_EID_PWR_CAPABILITY, 789 WLAN_EID_SUPPORTED_CHANNELS, 790 WLAN_EID_RSN, 791 WLAN_EID_QOS_CAPA, 792 WLAN_EID_RRM_ENABLED_CAPABILITIES, 793 WLAN_EID_MOBILITY_DOMAIN, 794 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 795 WLAN_EID_HT_CAPABILITY, 796 WLAN_EID_BSS_COEX_2040, 797 WLAN_EID_EXT_CAPABILITY, 798 WLAN_EID_QOS_TRAFFIC_CAPA, 799 WLAN_EID_TIM_BCAST_REQ, 800 WLAN_EID_INTERWORKING, 801 }; 802 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 803 before_vht, ARRAY_SIZE(before_vht), 804 offset); 805 pos = skb_put(skb, noffset - offset); 806 memcpy(pos, assoc_data->ie + offset, noffset - offset); 807 offset = noffset; 808 } 809 810 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 811 ieee80211_add_vht_ie(sdata, skb, sband, 812 &assoc_data->ap_vht_cap); 813 814 /* if present, add any custom non-vendor IEs that go after HT */ 815 if (assoc_data->ie_len) { 816 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 817 assoc_data->ie_len, 818 offset); 819 pos = skb_put(skb, noffset - offset); 820 memcpy(pos, assoc_data->ie + offset, noffset - offset); 821 offset = noffset; 822 } 823 824 if (assoc_data->wmm) { 825 if (assoc_data->uapsd) { 826 qos_info = ifmgd->uapsd_queues; 827 qos_info |= (ifmgd->uapsd_max_sp_len << 828 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 829 } else { 830 qos_info = 0; 831 } 832 833 pos = skb_put(skb, 9); 834 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 835 *pos++ = 7; /* len */ 836 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 837 *pos++ = 0x50; 838 *pos++ = 0xf2; 839 *pos++ = 2; /* WME */ 840 *pos++ = 0; /* WME info */ 841 *pos++ = 1; /* WME ver */ 842 *pos++ = qos_info; 843 } 844 845 /* add any remaining custom (i.e. vendor specific here) IEs */ 846 if (assoc_data->ie_len) { 847 noffset = assoc_data->ie_len; 848 pos = skb_put(skb, noffset - offset); 849 memcpy(pos, assoc_data->ie + offset, noffset - offset); 850 } 851 852 drv_mgd_prepare_tx(local, sdata); 853 854 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 855 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 856 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 857 IEEE80211_TX_INTFL_MLME_CONN_TX; 858 ieee80211_tx_skb(sdata, skb); 859 } 860 861 void ieee80211_send_pspoll(struct ieee80211_local *local, 862 struct ieee80211_sub_if_data *sdata) 863 { 864 struct ieee80211_pspoll *pspoll; 865 struct sk_buff *skb; 866 867 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 868 if (!skb) 869 return; 870 871 pspoll = (struct ieee80211_pspoll *) skb->data; 872 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 873 874 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 875 ieee80211_tx_skb(sdata, skb); 876 } 877 878 void ieee80211_send_nullfunc(struct ieee80211_local *local, 879 struct ieee80211_sub_if_data *sdata, 880 int powersave) 881 { 882 struct sk_buff *skb; 883 struct ieee80211_hdr_3addr *nullfunc; 884 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 885 886 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 887 if (!skb) 888 return; 889 890 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 891 if (powersave) 892 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 893 894 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 895 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 896 897 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 898 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 899 900 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 901 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 902 903 ieee80211_tx_skb(sdata, skb); 904 } 905 906 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 907 struct ieee80211_sub_if_data *sdata) 908 { 909 struct sk_buff *skb; 910 struct ieee80211_hdr *nullfunc; 911 __le16 fc; 912 913 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 914 return; 915 916 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 917 if (!skb) 918 return; 919 920 skb_reserve(skb, local->hw.extra_tx_headroom); 921 922 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 923 memset(nullfunc, 0, 30); 924 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 925 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 926 nullfunc->frame_control = fc; 927 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 928 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 929 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 930 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 931 932 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 933 ieee80211_tx_skb(sdata, skb); 934 } 935 936 /* spectrum management related things */ 937 static void ieee80211_chswitch_work(struct work_struct *work) 938 { 939 struct ieee80211_sub_if_data *sdata = 940 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 941 struct ieee80211_local *local = sdata->local; 942 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 943 u32 changed = 0; 944 int ret; 945 946 if (!ieee80211_sdata_running(sdata)) 947 return; 948 949 sdata_lock(sdata); 950 if (!ifmgd->associated) 951 goto out; 952 953 mutex_lock(&local->mtx); 954 ret = ieee80211_vif_change_channel(sdata, &changed); 955 mutex_unlock(&local->mtx); 956 if (ret) { 957 sdata_info(sdata, 958 "vif channel switch failed, disconnecting\n"); 959 ieee80211_queue_work(&sdata->local->hw, 960 &ifmgd->csa_connection_drop_work); 961 goto out; 962 } 963 964 if (!local->use_chanctx) { 965 local->_oper_chandef = sdata->csa_chandef; 966 /* Call "hw_config" only if doing sw channel switch. 967 * Otherwise update the channel directly 968 */ 969 if (!local->ops->channel_switch) 970 ieee80211_hw_config(local, 0); 971 else 972 local->hw.conf.chandef = local->_oper_chandef; 973 } 974 975 /* XXX: shouldn't really modify cfg80211-owned data! */ 976 ifmgd->associated->channel = sdata->csa_chandef.chan; 977 978 ieee80211_bss_info_change_notify(sdata, changed); 979 980 mutex_lock(&local->mtx); 981 sdata->vif.csa_active = false; 982 /* XXX: wait for a beacon first? */ 983 if (!ieee80211_csa_needs_block_tx(local)) 984 ieee80211_wake_queues_by_reason(&local->hw, 985 IEEE80211_MAX_QUEUE_MAP, 986 IEEE80211_QUEUE_STOP_REASON_CSA); 987 mutex_unlock(&local->mtx); 988 989 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 990 991 ieee80211_sta_reset_beacon_monitor(sdata); 992 ieee80211_sta_reset_conn_monitor(sdata); 993 994 out: 995 sdata_unlock(sdata); 996 } 997 998 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 999 { 1000 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1001 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1002 1003 trace_api_chswitch_done(sdata, success); 1004 if (!success) { 1005 sdata_info(sdata, 1006 "driver channel switch failed, disconnecting\n"); 1007 ieee80211_queue_work(&sdata->local->hw, 1008 &ifmgd->csa_connection_drop_work); 1009 } else { 1010 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1011 } 1012 } 1013 EXPORT_SYMBOL(ieee80211_chswitch_done); 1014 1015 static void ieee80211_chswitch_timer(unsigned long data) 1016 { 1017 struct ieee80211_sub_if_data *sdata = 1018 (struct ieee80211_sub_if_data *) data; 1019 1020 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 1021 } 1022 1023 static void 1024 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1025 u64 timestamp, struct ieee802_11_elems *elems, 1026 bool beacon) 1027 { 1028 struct ieee80211_local *local = sdata->local; 1029 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1030 struct cfg80211_bss *cbss = ifmgd->associated; 1031 struct ieee80211_chanctx *chanctx; 1032 enum ieee80211_band current_band; 1033 struct ieee80211_csa_ie csa_ie; 1034 int res; 1035 1036 sdata_assert_lock(sdata); 1037 1038 if (!cbss) 1039 return; 1040 1041 if (local->scanning) 1042 return; 1043 1044 /* disregard subsequent announcements if we are already processing */ 1045 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 1046 return; 1047 1048 current_band = cbss->channel->band; 1049 memset(&csa_ie, 0, sizeof(csa_ie)); 1050 res = ieee80211_parse_ch_switch_ie(sdata, elems, beacon, current_band, 1051 ifmgd->flags, 1052 ifmgd->associated->bssid, &csa_ie); 1053 if (res < 0) 1054 ieee80211_queue_work(&local->hw, 1055 &ifmgd->csa_connection_drop_work); 1056 if (res) 1057 return; 1058 1059 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef, 1060 IEEE80211_CHAN_DISABLED)) { 1061 sdata_info(sdata, 1062 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 1063 ifmgd->associated->bssid, 1064 csa_ie.chandef.chan->center_freq, 1065 csa_ie.chandef.width, csa_ie.chandef.center_freq1, 1066 csa_ie.chandef.center_freq2); 1067 ieee80211_queue_work(&local->hw, 1068 &ifmgd->csa_connection_drop_work); 1069 return; 1070 } 1071 1072 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 1073 1074 mutex_lock(&local->chanctx_mtx); 1075 if (local->use_chanctx) { 1076 u32 num_chanctx = 0; 1077 list_for_each_entry(chanctx, &local->chanctx_list, list) 1078 num_chanctx++; 1079 1080 if (num_chanctx > 1 || 1081 !(local->hw.flags & IEEE80211_HW_CHANCTX_STA_CSA)) { 1082 sdata_info(sdata, 1083 "not handling chan-switch with channel contexts\n"); 1084 ieee80211_queue_work(&local->hw, 1085 &ifmgd->csa_connection_drop_work); 1086 mutex_unlock(&local->chanctx_mtx); 1087 return; 1088 } 1089 } 1090 1091 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { 1092 ieee80211_queue_work(&local->hw, 1093 &ifmgd->csa_connection_drop_work); 1094 mutex_unlock(&local->chanctx_mtx); 1095 return; 1096 } 1097 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), 1098 struct ieee80211_chanctx, conf); 1099 if (ieee80211_chanctx_refcount(local, chanctx) > 1) { 1100 sdata_info(sdata, 1101 "channel switch with multiple interfaces on the same channel, disconnecting\n"); 1102 ieee80211_queue_work(&local->hw, 1103 &ifmgd->csa_connection_drop_work); 1104 mutex_unlock(&local->chanctx_mtx); 1105 return; 1106 } 1107 mutex_unlock(&local->chanctx_mtx); 1108 1109 sdata->csa_chandef = csa_ie.chandef; 1110 1111 mutex_lock(&local->mtx); 1112 sdata->vif.csa_active = true; 1113 sdata->csa_block_tx = csa_ie.mode; 1114 1115 if (sdata->csa_block_tx) 1116 ieee80211_stop_queues_by_reason(&local->hw, 1117 IEEE80211_MAX_QUEUE_MAP, 1118 IEEE80211_QUEUE_STOP_REASON_CSA); 1119 mutex_unlock(&local->mtx); 1120 1121 if (local->ops->channel_switch) { 1122 /* use driver's channel switch callback */ 1123 struct ieee80211_channel_switch ch_switch = { 1124 .timestamp = timestamp, 1125 .block_tx = csa_ie.mode, 1126 .chandef = csa_ie.chandef, 1127 .count = csa_ie.count, 1128 }; 1129 1130 drv_channel_switch(local, &ch_switch); 1131 return; 1132 } 1133 1134 /* channel switch handled in software */ 1135 if (csa_ie.count <= 1) 1136 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1137 else 1138 mod_timer(&ifmgd->chswitch_timer, 1139 TU_TO_EXP_TIME(csa_ie.count * cbss->beacon_interval)); 1140 } 1141 1142 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1143 struct ieee80211_channel *channel, 1144 const u8 *country_ie, u8 country_ie_len, 1145 const u8 *pwr_constr_elem) 1146 { 1147 struct ieee80211_country_ie_triplet *triplet; 1148 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1149 int i, chan_pwr, chan_increment, new_ap_level; 1150 bool have_chan_pwr = false; 1151 1152 /* Invalid IE */ 1153 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1154 return 0; 1155 1156 triplet = (void *)(country_ie + 3); 1157 country_ie_len -= 3; 1158 1159 switch (channel->band) { 1160 default: 1161 WARN_ON_ONCE(1); 1162 /* fall through */ 1163 case IEEE80211_BAND_2GHZ: 1164 case IEEE80211_BAND_60GHZ: 1165 chan_increment = 1; 1166 break; 1167 case IEEE80211_BAND_5GHZ: 1168 chan_increment = 4; 1169 break; 1170 } 1171 1172 /* find channel */ 1173 while (country_ie_len >= 3) { 1174 u8 first_channel = triplet->chans.first_channel; 1175 1176 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1177 goto next; 1178 1179 for (i = 0; i < triplet->chans.num_channels; i++) { 1180 if (first_channel + i * chan_increment == chan) { 1181 have_chan_pwr = true; 1182 chan_pwr = triplet->chans.max_power; 1183 break; 1184 } 1185 } 1186 if (have_chan_pwr) 1187 break; 1188 1189 next: 1190 triplet++; 1191 country_ie_len -= 3; 1192 } 1193 1194 if (!have_chan_pwr) 1195 return 0; 1196 1197 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem); 1198 1199 if (sdata->ap_power_level == new_ap_level) 1200 return 0; 1201 1202 sdata_info(sdata, 1203 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1204 new_ap_level, chan_pwr, *pwr_constr_elem, 1205 sdata->u.mgd.bssid); 1206 sdata->ap_power_level = new_ap_level; 1207 if (__ieee80211_recalc_txpower(sdata)) 1208 return BSS_CHANGED_TXPOWER; 1209 return 0; 1210 } 1211 1212 /* powersave */ 1213 static void ieee80211_enable_ps(struct ieee80211_local *local, 1214 struct ieee80211_sub_if_data *sdata) 1215 { 1216 struct ieee80211_conf *conf = &local->hw.conf; 1217 1218 /* 1219 * If we are scanning right now then the parameters will 1220 * take effect when scan finishes. 1221 */ 1222 if (local->scanning) 1223 return; 1224 1225 if (conf->dynamic_ps_timeout > 0 && 1226 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1227 mod_timer(&local->dynamic_ps_timer, jiffies + 1228 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1229 } else { 1230 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1231 ieee80211_send_nullfunc(local, sdata, 1); 1232 1233 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1234 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1235 return; 1236 1237 conf->flags |= IEEE80211_CONF_PS; 1238 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1239 } 1240 } 1241 1242 static void ieee80211_change_ps(struct ieee80211_local *local) 1243 { 1244 struct ieee80211_conf *conf = &local->hw.conf; 1245 1246 if (local->ps_sdata) { 1247 ieee80211_enable_ps(local, local->ps_sdata); 1248 } else if (conf->flags & IEEE80211_CONF_PS) { 1249 conf->flags &= ~IEEE80211_CONF_PS; 1250 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1251 del_timer_sync(&local->dynamic_ps_timer); 1252 cancel_work_sync(&local->dynamic_ps_enable_work); 1253 } 1254 } 1255 1256 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1257 { 1258 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1259 struct sta_info *sta = NULL; 1260 bool authorized = false; 1261 1262 if (!mgd->powersave) 1263 return false; 1264 1265 if (mgd->broken_ap) 1266 return false; 1267 1268 if (!mgd->associated) 1269 return false; 1270 1271 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL) 1272 return false; 1273 1274 if (!mgd->have_beacon) 1275 return false; 1276 1277 rcu_read_lock(); 1278 sta = sta_info_get(sdata, mgd->bssid); 1279 if (sta) 1280 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1281 rcu_read_unlock(); 1282 1283 return authorized; 1284 } 1285 1286 /* need to hold RTNL or interface lock */ 1287 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1288 { 1289 struct ieee80211_sub_if_data *sdata, *found = NULL; 1290 int count = 0; 1291 int timeout; 1292 1293 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1294 local->ps_sdata = NULL; 1295 return; 1296 } 1297 1298 list_for_each_entry(sdata, &local->interfaces, list) { 1299 if (!ieee80211_sdata_running(sdata)) 1300 continue; 1301 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1302 /* If an AP vif is found, then disable PS 1303 * by setting the count to zero thereby setting 1304 * ps_sdata to NULL. 1305 */ 1306 count = 0; 1307 break; 1308 } 1309 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1310 continue; 1311 found = sdata; 1312 count++; 1313 } 1314 1315 if (count == 1 && ieee80211_powersave_allowed(found)) { 1316 s32 beaconint_us; 1317 1318 if (latency < 0) 1319 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1320 1321 beaconint_us = ieee80211_tu_to_usec( 1322 found->vif.bss_conf.beacon_int); 1323 1324 timeout = local->dynamic_ps_forced_timeout; 1325 if (timeout < 0) { 1326 /* 1327 * Go to full PSM if the user configures a very low 1328 * latency requirement. 1329 * The 2000 second value is there for compatibility 1330 * until the PM_QOS_NETWORK_LATENCY is configured 1331 * with real values. 1332 */ 1333 if (latency > (1900 * USEC_PER_MSEC) && 1334 latency != (2000 * USEC_PER_SEC)) 1335 timeout = 0; 1336 else 1337 timeout = 100; 1338 } 1339 local->hw.conf.dynamic_ps_timeout = timeout; 1340 1341 if (beaconint_us > latency) { 1342 local->ps_sdata = NULL; 1343 } else { 1344 int maxslp = 1; 1345 u8 dtimper = found->u.mgd.dtim_period; 1346 1347 /* If the TIM IE is invalid, pretend the value is 1 */ 1348 if (!dtimper) 1349 dtimper = 1; 1350 else if (dtimper > 1) 1351 maxslp = min_t(int, dtimper, 1352 latency / beaconint_us); 1353 1354 local->hw.conf.max_sleep_period = maxslp; 1355 local->hw.conf.ps_dtim_period = dtimper; 1356 local->ps_sdata = found; 1357 } 1358 } else { 1359 local->ps_sdata = NULL; 1360 } 1361 1362 ieee80211_change_ps(local); 1363 } 1364 1365 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1366 { 1367 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1368 1369 if (sdata->vif.bss_conf.ps != ps_allowed) { 1370 sdata->vif.bss_conf.ps = ps_allowed; 1371 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1372 } 1373 } 1374 1375 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1376 { 1377 struct ieee80211_local *local = 1378 container_of(work, struct ieee80211_local, 1379 dynamic_ps_disable_work); 1380 1381 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1382 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1383 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1384 } 1385 1386 ieee80211_wake_queues_by_reason(&local->hw, 1387 IEEE80211_MAX_QUEUE_MAP, 1388 IEEE80211_QUEUE_STOP_REASON_PS); 1389 } 1390 1391 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1392 { 1393 struct ieee80211_local *local = 1394 container_of(work, struct ieee80211_local, 1395 dynamic_ps_enable_work); 1396 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1397 struct ieee80211_if_managed *ifmgd; 1398 unsigned long flags; 1399 int q; 1400 1401 /* can only happen when PS was just disabled anyway */ 1402 if (!sdata) 1403 return; 1404 1405 ifmgd = &sdata->u.mgd; 1406 1407 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1408 return; 1409 1410 if (local->hw.conf.dynamic_ps_timeout > 0) { 1411 /* don't enter PS if TX frames are pending */ 1412 if (drv_tx_frames_pending(local)) { 1413 mod_timer(&local->dynamic_ps_timer, jiffies + 1414 msecs_to_jiffies( 1415 local->hw.conf.dynamic_ps_timeout)); 1416 return; 1417 } 1418 1419 /* 1420 * transmission can be stopped by others which leads to 1421 * dynamic_ps_timer expiry. Postpone the ps timer if it 1422 * is not the actual idle state. 1423 */ 1424 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1425 for (q = 0; q < local->hw.queues; q++) { 1426 if (local->queue_stop_reasons[q]) { 1427 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1428 flags); 1429 mod_timer(&local->dynamic_ps_timer, jiffies + 1430 msecs_to_jiffies( 1431 local->hw.conf.dynamic_ps_timeout)); 1432 return; 1433 } 1434 } 1435 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1436 } 1437 1438 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1439 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1440 if (drv_tx_frames_pending(local)) { 1441 mod_timer(&local->dynamic_ps_timer, jiffies + 1442 msecs_to_jiffies( 1443 local->hw.conf.dynamic_ps_timeout)); 1444 } else { 1445 ieee80211_send_nullfunc(local, sdata, 1); 1446 /* Flush to get the tx status of nullfunc frame */ 1447 ieee80211_flush_queues(local, sdata); 1448 } 1449 } 1450 1451 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1452 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1453 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1454 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1455 local->hw.conf.flags |= IEEE80211_CONF_PS; 1456 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1457 } 1458 } 1459 1460 void ieee80211_dynamic_ps_timer(unsigned long data) 1461 { 1462 struct ieee80211_local *local = (void *) data; 1463 1464 if (local->quiescing || local->suspended) 1465 return; 1466 1467 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1468 } 1469 1470 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1471 { 1472 struct delayed_work *delayed_work = 1473 container_of(work, struct delayed_work, work); 1474 struct ieee80211_sub_if_data *sdata = 1475 container_of(delayed_work, struct ieee80211_sub_if_data, 1476 dfs_cac_timer_work); 1477 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef; 1478 1479 mutex_lock(&sdata->local->mtx); 1480 if (sdata->wdev.cac_started) { 1481 ieee80211_vif_release_channel(sdata); 1482 cfg80211_cac_event(sdata->dev, &chandef, 1483 NL80211_RADAR_CAC_FINISHED, 1484 GFP_KERNEL); 1485 } 1486 mutex_unlock(&sdata->local->mtx); 1487 } 1488 1489 /* MLME */ 1490 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1491 struct ieee80211_sub_if_data *sdata, 1492 const u8 *wmm_param, size_t wmm_param_len) 1493 { 1494 struct ieee80211_tx_queue_params params; 1495 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1496 size_t left; 1497 int count; 1498 const u8 *pos; 1499 u8 uapsd_queues = 0; 1500 1501 if (!local->ops->conf_tx) 1502 return false; 1503 1504 if (local->hw.queues < IEEE80211_NUM_ACS) 1505 return false; 1506 1507 if (!wmm_param) 1508 return false; 1509 1510 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1511 return false; 1512 1513 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1514 uapsd_queues = ifmgd->uapsd_queues; 1515 1516 count = wmm_param[6] & 0x0f; 1517 if (count == ifmgd->wmm_last_param_set) 1518 return false; 1519 ifmgd->wmm_last_param_set = count; 1520 1521 pos = wmm_param + 8; 1522 left = wmm_param_len - 8; 1523 1524 memset(¶ms, 0, sizeof(params)); 1525 1526 sdata->wmm_acm = 0; 1527 for (; left >= 4; left -= 4, pos += 4) { 1528 int aci = (pos[0] >> 5) & 0x03; 1529 int acm = (pos[0] >> 4) & 0x01; 1530 bool uapsd = false; 1531 int queue; 1532 1533 switch (aci) { 1534 case 1: /* AC_BK */ 1535 queue = 3; 1536 if (acm) 1537 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1538 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1539 uapsd = true; 1540 break; 1541 case 2: /* AC_VI */ 1542 queue = 1; 1543 if (acm) 1544 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1545 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1546 uapsd = true; 1547 break; 1548 case 3: /* AC_VO */ 1549 queue = 0; 1550 if (acm) 1551 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1552 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1553 uapsd = true; 1554 break; 1555 case 0: /* AC_BE */ 1556 default: 1557 queue = 2; 1558 if (acm) 1559 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1560 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1561 uapsd = true; 1562 break; 1563 } 1564 1565 params.aifs = pos[0] & 0x0f; 1566 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1567 params.cw_min = ecw2cw(pos[1] & 0x0f); 1568 params.txop = get_unaligned_le16(pos + 2); 1569 params.acm = acm; 1570 params.uapsd = uapsd; 1571 1572 mlme_dbg(sdata, 1573 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 1574 queue, aci, acm, 1575 params.aifs, params.cw_min, params.cw_max, 1576 params.txop, params.uapsd); 1577 sdata->tx_conf[queue] = params; 1578 if (drv_conf_tx(local, sdata, queue, ¶ms)) 1579 sdata_err(sdata, 1580 "failed to set TX queue parameters for queue %d\n", 1581 queue); 1582 } 1583 1584 /* enable WMM or activate new settings */ 1585 sdata->vif.bss_conf.qos = true; 1586 return true; 1587 } 1588 1589 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1590 { 1591 lockdep_assert_held(&sdata->local->mtx); 1592 1593 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL; 1594 ieee80211_run_deferred_scan(sdata->local); 1595 } 1596 1597 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1598 { 1599 mutex_lock(&sdata->local->mtx); 1600 __ieee80211_stop_poll(sdata); 1601 mutex_unlock(&sdata->local->mtx); 1602 } 1603 1604 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1605 u16 capab, bool erp_valid, u8 erp) 1606 { 1607 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1608 u32 changed = 0; 1609 bool use_protection; 1610 bool use_short_preamble; 1611 bool use_short_slot; 1612 1613 if (erp_valid) { 1614 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1615 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1616 } else { 1617 use_protection = false; 1618 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1619 } 1620 1621 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1622 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1623 use_short_slot = true; 1624 1625 if (use_protection != bss_conf->use_cts_prot) { 1626 bss_conf->use_cts_prot = use_protection; 1627 changed |= BSS_CHANGED_ERP_CTS_PROT; 1628 } 1629 1630 if (use_short_preamble != bss_conf->use_short_preamble) { 1631 bss_conf->use_short_preamble = use_short_preamble; 1632 changed |= BSS_CHANGED_ERP_PREAMBLE; 1633 } 1634 1635 if (use_short_slot != bss_conf->use_short_slot) { 1636 bss_conf->use_short_slot = use_short_slot; 1637 changed |= BSS_CHANGED_ERP_SLOT; 1638 } 1639 1640 return changed; 1641 } 1642 1643 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1644 struct cfg80211_bss *cbss, 1645 u32 bss_info_changed) 1646 { 1647 struct ieee80211_bss *bss = (void *)cbss->priv; 1648 struct ieee80211_local *local = sdata->local; 1649 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1650 1651 bss_info_changed |= BSS_CHANGED_ASSOC; 1652 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1653 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1654 1655 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1656 beacon_loss_count * bss_conf->beacon_int)); 1657 1658 sdata->u.mgd.associated = cbss; 1659 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1660 1661 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1662 1663 if (sdata->vif.p2p) { 1664 const struct cfg80211_bss_ies *ies; 1665 1666 rcu_read_lock(); 1667 ies = rcu_dereference(cbss->ies); 1668 if (ies) { 1669 int ret; 1670 1671 ret = cfg80211_get_p2p_attr( 1672 ies->data, ies->len, 1673 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1674 (u8 *) &bss_conf->p2p_noa_attr, 1675 sizeof(bss_conf->p2p_noa_attr)); 1676 if (ret >= 2) { 1677 sdata->u.mgd.p2p_noa_index = 1678 bss_conf->p2p_noa_attr.index; 1679 bss_info_changed |= BSS_CHANGED_P2P_PS; 1680 } 1681 } 1682 rcu_read_unlock(); 1683 } 1684 1685 /* just to be sure */ 1686 ieee80211_stop_poll(sdata); 1687 1688 ieee80211_led_assoc(local, 1); 1689 1690 if (sdata->u.mgd.have_beacon) { 1691 /* 1692 * If the AP is buggy we may get here with no DTIM period 1693 * known, so assume it's 1 which is the only safe assumption 1694 * in that case, although if the TIM IE is broken powersave 1695 * probably just won't work at all. 1696 */ 1697 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1698 bss_conf->beacon_rate = bss->beacon_rate; 1699 bss_info_changed |= BSS_CHANGED_BEACON_INFO; 1700 } else { 1701 bss_conf->beacon_rate = NULL; 1702 bss_conf->dtim_period = 0; 1703 } 1704 1705 bss_conf->assoc = 1; 1706 1707 /* Tell the driver to monitor connection quality (if supported) */ 1708 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1709 bss_conf->cqm_rssi_thold) 1710 bss_info_changed |= BSS_CHANGED_CQM; 1711 1712 /* Enable ARP filtering */ 1713 if (bss_conf->arp_addr_cnt) 1714 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1715 1716 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1717 1718 mutex_lock(&local->iflist_mtx); 1719 ieee80211_recalc_ps(local, -1); 1720 mutex_unlock(&local->iflist_mtx); 1721 1722 ieee80211_recalc_smps(sdata); 1723 ieee80211_recalc_ps_vif(sdata); 1724 1725 netif_carrier_on(sdata->dev); 1726 } 1727 1728 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1729 u16 stype, u16 reason, bool tx, 1730 u8 *frame_buf) 1731 { 1732 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1733 struct ieee80211_local *local = sdata->local; 1734 u32 changed = 0; 1735 1736 sdata_assert_lock(sdata); 1737 1738 if (WARN_ON_ONCE(tx && !frame_buf)) 1739 return; 1740 1741 if (WARN_ON(!ifmgd->associated)) 1742 return; 1743 1744 ieee80211_stop_poll(sdata); 1745 1746 ifmgd->associated = NULL; 1747 netif_carrier_off(sdata->dev); 1748 1749 /* 1750 * if we want to get out of ps before disassoc (why?) we have 1751 * to do it before sending disassoc, as otherwise the null-packet 1752 * won't be valid. 1753 */ 1754 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1755 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1756 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1757 } 1758 local->ps_sdata = NULL; 1759 1760 /* disable per-vif ps */ 1761 ieee80211_recalc_ps_vif(sdata); 1762 1763 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1764 if (tx) 1765 ieee80211_flush_queues(local, sdata); 1766 1767 /* deauthenticate/disassociate now */ 1768 if (tx || frame_buf) 1769 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1770 reason, tx, frame_buf); 1771 1772 /* flush out frame */ 1773 if (tx) 1774 ieee80211_flush_queues(local, sdata); 1775 1776 /* clear bssid only after building the needed mgmt frames */ 1777 memset(ifmgd->bssid, 0, ETH_ALEN); 1778 1779 /* remove AP and TDLS peers */ 1780 sta_info_flush(sdata); 1781 1782 /* finally reset all BSS / config parameters */ 1783 changed |= ieee80211_reset_erp_info(sdata); 1784 1785 ieee80211_led_assoc(local, 0); 1786 changed |= BSS_CHANGED_ASSOC; 1787 sdata->vif.bss_conf.assoc = false; 1788 1789 ifmgd->p2p_noa_index = -1; 1790 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 1791 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 1792 1793 /* on the next assoc, re-program HT/VHT parameters */ 1794 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1795 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 1796 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 1797 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 1798 1799 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 1800 1801 del_timer_sync(&local->dynamic_ps_timer); 1802 cancel_work_sync(&local->dynamic_ps_enable_work); 1803 1804 /* Disable ARP filtering */ 1805 if (sdata->vif.bss_conf.arp_addr_cnt) 1806 changed |= BSS_CHANGED_ARP_FILTER; 1807 1808 sdata->vif.bss_conf.qos = false; 1809 changed |= BSS_CHANGED_QOS; 1810 1811 /* The BSSID (not really interesting) and HT changed */ 1812 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1813 ieee80211_bss_info_change_notify(sdata, changed); 1814 1815 /* disassociated - set to defaults now */ 1816 ieee80211_set_wmm_default(sdata, false); 1817 1818 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1819 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1820 del_timer_sync(&sdata->u.mgd.timer); 1821 del_timer_sync(&sdata->u.mgd.chswitch_timer); 1822 1823 sdata->vif.bss_conf.dtim_period = 0; 1824 sdata->vif.bss_conf.beacon_rate = NULL; 1825 1826 ifmgd->have_beacon = false; 1827 1828 ifmgd->flags = 0; 1829 mutex_lock(&local->mtx); 1830 ieee80211_vif_release_channel(sdata); 1831 1832 sdata->vif.csa_active = false; 1833 if (!ieee80211_csa_needs_block_tx(local)) 1834 ieee80211_wake_queues_by_reason(&local->hw, 1835 IEEE80211_MAX_QUEUE_MAP, 1836 IEEE80211_QUEUE_STOP_REASON_CSA); 1837 mutex_unlock(&local->mtx); 1838 1839 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM; 1840 } 1841 1842 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1843 struct ieee80211_hdr *hdr) 1844 { 1845 /* 1846 * We can postpone the mgd.timer whenever receiving unicast frames 1847 * from AP because we know that the connection is working both ways 1848 * at that time. But multicast frames (and hence also beacons) must 1849 * be ignored here, because we need to trigger the timer during 1850 * data idle periods for sending the periodic probe request to the 1851 * AP we're connected to. 1852 */ 1853 if (is_multicast_ether_addr(hdr->addr1)) 1854 return; 1855 1856 ieee80211_sta_reset_conn_monitor(sdata); 1857 } 1858 1859 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 1860 { 1861 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1862 struct ieee80211_local *local = sdata->local; 1863 1864 mutex_lock(&local->mtx); 1865 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)) 1866 goto out; 1867 1868 __ieee80211_stop_poll(sdata); 1869 1870 mutex_lock(&local->iflist_mtx); 1871 ieee80211_recalc_ps(local, -1); 1872 mutex_unlock(&local->iflist_mtx); 1873 1874 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1875 goto out; 1876 1877 /* 1878 * We've received a probe response, but are not sure whether 1879 * we have or will be receiving any beacons or data, so let's 1880 * schedule the timers again, just in case. 1881 */ 1882 ieee80211_sta_reset_beacon_monitor(sdata); 1883 1884 mod_timer(&ifmgd->conn_mon_timer, 1885 round_jiffies_up(jiffies + 1886 IEEE80211_CONNECTION_IDLE_TIME)); 1887 out: 1888 mutex_unlock(&local->mtx); 1889 } 1890 1891 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1892 struct ieee80211_hdr *hdr, bool ack) 1893 { 1894 if (!ieee80211_is_data(hdr->frame_control)) 1895 return; 1896 1897 if (ieee80211_is_nullfunc(hdr->frame_control) && 1898 sdata->u.mgd.probe_send_count > 0) { 1899 if (ack) 1900 ieee80211_sta_reset_conn_monitor(sdata); 1901 else 1902 sdata->u.mgd.nullfunc_failed = true; 1903 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 1904 return; 1905 } 1906 1907 if (ack) 1908 ieee80211_sta_reset_conn_monitor(sdata); 1909 } 1910 1911 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 1912 { 1913 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1914 const u8 *ssid; 1915 u8 *dst = ifmgd->associated->bssid; 1916 u8 unicast_limit = max(1, max_probe_tries - 3); 1917 1918 /* 1919 * Try sending broadcast probe requests for the last three 1920 * probe requests after the first ones failed since some 1921 * buggy APs only support broadcast probe requests. 1922 */ 1923 if (ifmgd->probe_send_count >= unicast_limit) 1924 dst = NULL; 1925 1926 /* 1927 * When the hardware reports an accurate Tx ACK status, it's 1928 * better to send a nullfunc frame instead of a probe request, 1929 * as it will kick us off the AP quickly if we aren't associated 1930 * anymore. The timeout will be reset if the frame is ACKed by 1931 * the AP. 1932 */ 1933 ifmgd->probe_send_count++; 1934 1935 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 1936 ifmgd->nullfunc_failed = false; 1937 ieee80211_send_nullfunc(sdata->local, sdata, 0); 1938 } else { 1939 int ssid_len; 1940 1941 rcu_read_lock(); 1942 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 1943 if (WARN_ON_ONCE(ssid == NULL)) 1944 ssid_len = 0; 1945 else 1946 ssid_len = ssid[1]; 1947 1948 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 1949 0, (u32) -1, true, 0, 1950 ifmgd->associated->channel, false); 1951 rcu_read_unlock(); 1952 } 1953 1954 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 1955 run_again(sdata, ifmgd->probe_timeout); 1956 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 1957 ieee80211_flush_queues(sdata->local, sdata); 1958 } 1959 1960 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 1961 bool beacon) 1962 { 1963 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1964 bool already = false; 1965 1966 if (!ieee80211_sdata_running(sdata)) 1967 return; 1968 1969 sdata_lock(sdata); 1970 1971 if (!ifmgd->associated) 1972 goto out; 1973 1974 mutex_lock(&sdata->local->mtx); 1975 1976 if (sdata->local->tmp_channel || sdata->local->scanning) { 1977 mutex_unlock(&sdata->local->mtx); 1978 goto out; 1979 } 1980 1981 if (beacon) { 1982 mlme_dbg_ratelimited(sdata, 1983 "detected beacon loss from AP (missed %d beacons) - probing\n", 1984 beacon_loss_count); 1985 1986 ieee80211_cqm_rssi_notify(&sdata->vif, 1987 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, 1988 GFP_KERNEL); 1989 } 1990 1991 /* 1992 * The driver/our work has already reported this event or the 1993 * connection monitoring has kicked in and we have already sent 1994 * a probe request. Or maybe the AP died and the driver keeps 1995 * reporting until we disassociate... 1996 * 1997 * In either case we have to ignore the current call to this 1998 * function (except for setting the correct probe reason bit) 1999 * because otherwise we would reset the timer every time and 2000 * never check whether we received a probe response! 2001 */ 2002 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 2003 already = true; 2004 2005 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 2006 2007 mutex_unlock(&sdata->local->mtx); 2008 2009 if (already) 2010 goto out; 2011 2012 mutex_lock(&sdata->local->iflist_mtx); 2013 ieee80211_recalc_ps(sdata->local, -1); 2014 mutex_unlock(&sdata->local->iflist_mtx); 2015 2016 ifmgd->probe_send_count = 0; 2017 ieee80211_mgd_probe_ap_send(sdata); 2018 out: 2019 sdata_unlock(sdata); 2020 } 2021 2022 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 2023 struct ieee80211_vif *vif) 2024 { 2025 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2026 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2027 struct cfg80211_bss *cbss; 2028 struct sk_buff *skb; 2029 const u8 *ssid; 2030 int ssid_len; 2031 2032 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2033 return NULL; 2034 2035 sdata_assert_lock(sdata); 2036 2037 if (ifmgd->associated) 2038 cbss = ifmgd->associated; 2039 else if (ifmgd->auth_data) 2040 cbss = ifmgd->auth_data->bss; 2041 else if (ifmgd->assoc_data) 2042 cbss = ifmgd->assoc_data->bss; 2043 else 2044 return NULL; 2045 2046 rcu_read_lock(); 2047 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 2048 if (WARN_ON_ONCE(ssid == NULL)) 2049 ssid_len = 0; 2050 else 2051 ssid_len = ssid[1]; 2052 2053 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 2054 (u32) -1, cbss->channel, 2055 ssid + 2, ssid_len, 2056 NULL, 0, true); 2057 rcu_read_unlock(); 2058 2059 return skb; 2060 } 2061 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2062 2063 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2064 { 2065 struct ieee80211_local *local = sdata->local; 2066 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2067 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2068 2069 sdata_lock(sdata); 2070 if (!ifmgd->associated) { 2071 sdata_unlock(sdata); 2072 return; 2073 } 2074 2075 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2076 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2077 true, frame_buf); 2078 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 2079 2080 mutex_lock(&local->mtx); 2081 sdata->vif.csa_active = false; 2082 if (!ieee80211_csa_needs_block_tx(local)) 2083 ieee80211_wake_queues_by_reason(&local->hw, 2084 IEEE80211_MAX_QUEUE_MAP, 2085 IEEE80211_QUEUE_STOP_REASON_CSA); 2086 mutex_unlock(&local->mtx); 2087 2088 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 2089 IEEE80211_DEAUTH_FRAME_LEN); 2090 sdata_unlock(sdata); 2091 } 2092 2093 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2094 { 2095 struct ieee80211_sub_if_data *sdata = 2096 container_of(work, struct ieee80211_sub_if_data, 2097 u.mgd.beacon_connection_loss_work); 2098 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2099 struct sta_info *sta; 2100 2101 if (ifmgd->associated) { 2102 rcu_read_lock(); 2103 sta = sta_info_get(sdata, ifmgd->bssid); 2104 if (sta) 2105 sta->beacon_loss_count++; 2106 rcu_read_unlock(); 2107 } 2108 2109 if (ifmgd->connection_loss) { 2110 sdata_info(sdata, "Connection to AP %pM lost\n", 2111 ifmgd->bssid); 2112 __ieee80211_disconnect(sdata); 2113 } else { 2114 ieee80211_mgd_probe_ap(sdata, true); 2115 } 2116 } 2117 2118 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2119 { 2120 struct ieee80211_sub_if_data *sdata = 2121 container_of(work, struct ieee80211_sub_if_data, 2122 u.mgd.csa_connection_drop_work); 2123 2124 __ieee80211_disconnect(sdata); 2125 } 2126 2127 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2128 { 2129 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2130 struct ieee80211_hw *hw = &sdata->local->hw; 2131 2132 trace_api_beacon_loss(sdata); 2133 2134 sdata->u.mgd.connection_loss = false; 2135 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2136 } 2137 EXPORT_SYMBOL(ieee80211_beacon_loss); 2138 2139 void ieee80211_connection_loss(struct ieee80211_vif *vif) 2140 { 2141 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2142 struct ieee80211_hw *hw = &sdata->local->hw; 2143 2144 trace_api_connection_loss(sdata); 2145 2146 sdata->u.mgd.connection_loss = true; 2147 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2148 } 2149 EXPORT_SYMBOL(ieee80211_connection_loss); 2150 2151 2152 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2153 bool assoc) 2154 { 2155 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2156 2157 sdata_assert_lock(sdata); 2158 2159 if (!assoc) { 2160 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2161 2162 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2163 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2164 sdata->u.mgd.flags = 0; 2165 mutex_lock(&sdata->local->mtx); 2166 ieee80211_vif_release_channel(sdata); 2167 mutex_unlock(&sdata->local->mtx); 2168 } 2169 2170 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2171 kfree(auth_data); 2172 sdata->u.mgd.auth_data = NULL; 2173 } 2174 2175 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2176 struct ieee80211_mgmt *mgmt, size_t len) 2177 { 2178 struct ieee80211_local *local = sdata->local; 2179 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2180 u8 *pos; 2181 struct ieee802_11_elems elems; 2182 u32 tx_flags = 0; 2183 2184 pos = mgmt->u.auth.variable; 2185 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2186 if (!elems.challenge) 2187 return; 2188 auth_data->expected_transaction = 4; 2189 drv_mgd_prepare_tx(sdata->local, sdata); 2190 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2191 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2192 IEEE80211_TX_INTFL_MLME_CONN_TX; 2193 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2194 elems.challenge - 2, elems.challenge_len + 2, 2195 auth_data->bss->bssid, auth_data->bss->bssid, 2196 auth_data->key, auth_data->key_len, 2197 auth_data->key_idx, tx_flags); 2198 } 2199 2200 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2201 struct ieee80211_mgmt *mgmt, size_t len) 2202 { 2203 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2204 u8 bssid[ETH_ALEN]; 2205 u16 auth_alg, auth_transaction, status_code; 2206 struct sta_info *sta; 2207 2208 sdata_assert_lock(sdata); 2209 2210 if (len < 24 + 6) 2211 return; 2212 2213 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2214 return; 2215 2216 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2217 2218 if (!ether_addr_equal(bssid, mgmt->bssid)) 2219 return; 2220 2221 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2222 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2223 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2224 2225 if (auth_alg != ifmgd->auth_data->algorithm || 2226 auth_transaction != ifmgd->auth_data->expected_transaction) { 2227 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2228 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2229 auth_transaction, 2230 ifmgd->auth_data->expected_transaction); 2231 return; 2232 } 2233 2234 if (status_code != WLAN_STATUS_SUCCESS) { 2235 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2236 mgmt->sa, status_code); 2237 ieee80211_destroy_auth_data(sdata, false); 2238 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2239 return; 2240 } 2241 2242 switch (ifmgd->auth_data->algorithm) { 2243 case WLAN_AUTH_OPEN: 2244 case WLAN_AUTH_LEAP: 2245 case WLAN_AUTH_FT: 2246 case WLAN_AUTH_SAE: 2247 break; 2248 case WLAN_AUTH_SHARED_KEY: 2249 if (ifmgd->auth_data->expected_transaction != 4) { 2250 ieee80211_auth_challenge(sdata, mgmt, len); 2251 /* need another frame */ 2252 return; 2253 } 2254 break; 2255 default: 2256 WARN_ONCE(1, "invalid auth alg %d", 2257 ifmgd->auth_data->algorithm); 2258 return; 2259 } 2260 2261 sdata_info(sdata, "authenticated\n"); 2262 ifmgd->auth_data->done = true; 2263 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2264 ifmgd->auth_data->timeout_started = true; 2265 run_again(sdata, ifmgd->auth_data->timeout); 2266 2267 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2268 ifmgd->auth_data->expected_transaction != 2) { 2269 /* 2270 * Report auth frame to user space for processing since another 2271 * round of Authentication frames is still needed. 2272 */ 2273 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2274 return; 2275 } 2276 2277 /* move station state to auth */ 2278 mutex_lock(&sdata->local->sta_mtx); 2279 sta = sta_info_get(sdata, bssid); 2280 if (!sta) { 2281 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2282 goto out_err; 2283 } 2284 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2285 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2286 goto out_err; 2287 } 2288 mutex_unlock(&sdata->local->sta_mtx); 2289 2290 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2291 return; 2292 out_err: 2293 mutex_unlock(&sdata->local->sta_mtx); 2294 /* ignore frame -- wait for timeout */ 2295 } 2296 2297 #define case_WLAN(type) \ 2298 case WLAN_REASON_##type: return #type 2299 2300 static const char *ieee80211_get_reason_code_string(u16 reason_code) 2301 { 2302 switch (reason_code) { 2303 case_WLAN(UNSPECIFIED); 2304 case_WLAN(PREV_AUTH_NOT_VALID); 2305 case_WLAN(DEAUTH_LEAVING); 2306 case_WLAN(DISASSOC_DUE_TO_INACTIVITY); 2307 case_WLAN(DISASSOC_AP_BUSY); 2308 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA); 2309 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA); 2310 case_WLAN(DISASSOC_STA_HAS_LEFT); 2311 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH); 2312 case_WLAN(DISASSOC_BAD_POWER); 2313 case_WLAN(DISASSOC_BAD_SUPP_CHAN); 2314 case_WLAN(INVALID_IE); 2315 case_WLAN(MIC_FAILURE); 2316 case_WLAN(4WAY_HANDSHAKE_TIMEOUT); 2317 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT); 2318 case_WLAN(IE_DIFFERENT); 2319 case_WLAN(INVALID_GROUP_CIPHER); 2320 case_WLAN(INVALID_PAIRWISE_CIPHER); 2321 case_WLAN(INVALID_AKMP); 2322 case_WLAN(UNSUPP_RSN_VERSION); 2323 case_WLAN(INVALID_RSN_IE_CAP); 2324 case_WLAN(IEEE8021X_FAILED); 2325 case_WLAN(CIPHER_SUITE_REJECTED); 2326 case_WLAN(DISASSOC_UNSPECIFIED_QOS); 2327 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH); 2328 case_WLAN(DISASSOC_LOW_ACK); 2329 case_WLAN(DISASSOC_QAP_EXCEED_TXOP); 2330 case_WLAN(QSTA_LEAVE_QBSS); 2331 case_WLAN(QSTA_NOT_USE); 2332 case_WLAN(QSTA_REQUIRE_SETUP); 2333 case_WLAN(QSTA_TIMEOUT); 2334 case_WLAN(QSTA_CIPHER_NOT_SUPP); 2335 case_WLAN(MESH_PEER_CANCELED); 2336 case_WLAN(MESH_MAX_PEERS); 2337 case_WLAN(MESH_CONFIG); 2338 case_WLAN(MESH_CLOSE); 2339 case_WLAN(MESH_MAX_RETRIES); 2340 case_WLAN(MESH_CONFIRM_TIMEOUT); 2341 case_WLAN(MESH_INVALID_GTK); 2342 case_WLAN(MESH_INCONSISTENT_PARAM); 2343 case_WLAN(MESH_INVALID_SECURITY); 2344 case_WLAN(MESH_PATH_ERROR); 2345 case_WLAN(MESH_PATH_NOFORWARD); 2346 case_WLAN(MESH_PATH_DEST_UNREACHABLE); 2347 case_WLAN(MAC_EXISTS_IN_MBSS); 2348 case_WLAN(MESH_CHAN_REGULATORY); 2349 case_WLAN(MESH_CHAN); 2350 default: return "<unknown>"; 2351 } 2352 } 2353 2354 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2355 struct ieee80211_mgmt *mgmt, size_t len) 2356 { 2357 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2358 const u8 *bssid = NULL; 2359 u16 reason_code; 2360 2361 sdata_assert_lock(sdata); 2362 2363 if (len < 24 + 2) 2364 return; 2365 2366 if (!ifmgd->associated || 2367 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2368 return; 2369 2370 bssid = ifmgd->associated->bssid; 2371 2372 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2373 2374 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n", 2375 bssid, reason_code, ieee80211_get_reason_code_string(reason_code)); 2376 2377 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2378 2379 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2380 } 2381 2382 2383 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2384 struct ieee80211_mgmt *mgmt, size_t len) 2385 { 2386 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2387 u16 reason_code; 2388 2389 sdata_assert_lock(sdata); 2390 2391 if (len < 24 + 2) 2392 return; 2393 2394 if (!ifmgd->associated || 2395 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2396 return; 2397 2398 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2399 2400 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2401 mgmt->sa, reason_code); 2402 2403 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2404 2405 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2406 } 2407 2408 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2409 u8 *supp_rates, unsigned int supp_rates_len, 2410 u32 *rates, u32 *basic_rates, 2411 bool *have_higher_than_11mbit, 2412 int *min_rate, int *min_rate_index, 2413 int shift, u32 rate_flags) 2414 { 2415 int i, j; 2416 2417 for (i = 0; i < supp_rates_len; i++) { 2418 int rate = supp_rates[i] & 0x7f; 2419 bool is_basic = !!(supp_rates[i] & 0x80); 2420 2421 if ((rate * 5 * (1 << shift)) > 110) 2422 *have_higher_than_11mbit = true; 2423 2424 /* 2425 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2426 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2427 * 2428 * Note: Even through the membership selector and the basic 2429 * rate flag share the same bit, they are not exactly 2430 * the same. 2431 */ 2432 if (!!(supp_rates[i] & 0x80) && 2433 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2434 continue; 2435 2436 for (j = 0; j < sband->n_bitrates; j++) { 2437 struct ieee80211_rate *br; 2438 int brate; 2439 2440 br = &sband->bitrates[j]; 2441 if ((rate_flags & br->flags) != rate_flags) 2442 continue; 2443 2444 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5); 2445 if (brate == rate) { 2446 *rates |= BIT(j); 2447 if (is_basic) 2448 *basic_rates |= BIT(j); 2449 if ((rate * 5) < *min_rate) { 2450 *min_rate = rate * 5; 2451 *min_rate_index = j; 2452 } 2453 break; 2454 } 2455 } 2456 } 2457 } 2458 2459 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2460 bool assoc) 2461 { 2462 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2463 2464 sdata_assert_lock(sdata); 2465 2466 if (!assoc) { 2467 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2468 2469 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2470 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2471 sdata->u.mgd.flags = 0; 2472 mutex_lock(&sdata->local->mtx); 2473 ieee80211_vif_release_channel(sdata); 2474 mutex_unlock(&sdata->local->mtx); 2475 } 2476 2477 kfree(assoc_data); 2478 sdata->u.mgd.assoc_data = NULL; 2479 } 2480 2481 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2482 struct cfg80211_bss *cbss, 2483 struct ieee80211_mgmt *mgmt, size_t len) 2484 { 2485 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2486 struct ieee80211_local *local = sdata->local; 2487 struct ieee80211_supported_band *sband; 2488 struct sta_info *sta; 2489 u8 *pos; 2490 u16 capab_info, aid; 2491 struct ieee802_11_elems elems; 2492 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2493 const struct cfg80211_bss_ies *bss_ies = NULL; 2494 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2495 u32 changed = 0; 2496 int err; 2497 bool ret; 2498 2499 /* AssocResp and ReassocResp have identical structure */ 2500 2501 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2502 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2503 2504 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2505 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2506 aid); 2507 aid &= ~(BIT(15) | BIT(14)); 2508 2509 ifmgd->broken_ap = false; 2510 2511 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2512 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2513 aid); 2514 aid = 0; 2515 ifmgd->broken_ap = true; 2516 } 2517 2518 pos = mgmt->u.assoc_resp.variable; 2519 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2520 2521 if (!elems.supp_rates) { 2522 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2523 return false; 2524 } 2525 2526 ifmgd->aid = aid; 2527 2528 /* 2529 * Some APs are erroneously not including some information in their 2530 * (re)association response frames. Try to recover by using the data 2531 * from the beacon or probe response. This seems to afflict mobile 2532 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 2533 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 2534 */ 2535 if ((assoc_data->wmm && !elems.wmm_param) || 2536 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2537 (!elems.ht_cap_elem || !elems.ht_operation)) || 2538 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2539 (!elems.vht_cap_elem || !elems.vht_operation))) { 2540 const struct cfg80211_bss_ies *ies; 2541 struct ieee802_11_elems bss_elems; 2542 2543 rcu_read_lock(); 2544 ies = rcu_dereference(cbss->ies); 2545 if (ies) 2546 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 2547 GFP_ATOMIC); 2548 rcu_read_unlock(); 2549 if (!bss_ies) 2550 return false; 2551 2552 ieee802_11_parse_elems(bss_ies->data, bss_ies->len, 2553 false, &bss_elems); 2554 if (assoc_data->wmm && 2555 !elems.wmm_param && bss_elems.wmm_param) { 2556 elems.wmm_param = bss_elems.wmm_param; 2557 sdata_info(sdata, 2558 "AP bug: WMM param missing from AssocResp\n"); 2559 } 2560 2561 /* 2562 * Also check if we requested HT/VHT, otherwise the AP doesn't 2563 * have to include the IEs in the (re)association response. 2564 */ 2565 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem && 2566 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2567 elems.ht_cap_elem = bss_elems.ht_cap_elem; 2568 sdata_info(sdata, 2569 "AP bug: HT capability missing from AssocResp\n"); 2570 } 2571 if (!elems.ht_operation && bss_elems.ht_operation && 2572 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2573 elems.ht_operation = bss_elems.ht_operation; 2574 sdata_info(sdata, 2575 "AP bug: HT operation missing from AssocResp\n"); 2576 } 2577 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem && 2578 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2579 elems.vht_cap_elem = bss_elems.vht_cap_elem; 2580 sdata_info(sdata, 2581 "AP bug: VHT capa missing from AssocResp\n"); 2582 } 2583 if (!elems.vht_operation && bss_elems.vht_operation && 2584 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2585 elems.vht_operation = bss_elems.vht_operation; 2586 sdata_info(sdata, 2587 "AP bug: VHT operation missing from AssocResp\n"); 2588 } 2589 } 2590 2591 /* 2592 * We previously checked these in the beacon/probe response, so 2593 * they should be present here. This is just a safety net. 2594 */ 2595 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2596 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2597 sdata_info(sdata, 2598 "HT AP is missing WMM params or HT capability/operation\n"); 2599 ret = false; 2600 goto out; 2601 } 2602 2603 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2604 (!elems.vht_cap_elem || !elems.vht_operation)) { 2605 sdata_info(sdata, 2606 "VHT AP is missing VHT capability/operation\n"); 2607 ret = false; 2608 goto out; 2609 } 2610 2611 mutex_lock(&sdata->local->sta_mtx); 2612 /* 2613 * station info was already allocated and inserted before 2614 * the association and should be available to us 2615 */ 2616 sta = sta_info_get(sdata, cbss->bssid); 2617 if (WARN_ON(!sta)) { 2618 mutex_unlock(&sdata->local->sta_mtx); 2619 ret = false; 2620 goto out; 2621 } 2622 2623 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2624 2625 /* Set up internal HT/VHT capabilities */ 2626 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2627 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2628 elems.ht_cap_elem, sta); 2629 2630 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2631 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2632 elems.vht_cap_elem, sta); 2633 2634 /* 2635 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2636 * in their association response, so ignore that data for our own 2637 * configuration. If it changed since the last beacon, we'll get the 2638 * next beacon and update then. 2639 */ 2640 2641 /* 2642 * If an operating mode notification IE is present, override the 2643 * NSS calculation (that would be done in rate_control_rate_init()) 2644 * and use the # of streams from that element. 2645 */ 2646 if (elems.opmode_notif && 2647 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2648 u8 nss; 2649 2650 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2651 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2652 nss += 1; 2653 sta->sta.rx_nss = nss; 2654 } 2655 2656 rate_control_rate_init(sta); 2657 2658 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2659 set_sta_flag(sta, WLAN_STA_MFP); 2660 2661 if (elems.wmm_param) 2662 set_sta_flag(sta, WLAN_STA_WME); 2663 2664 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2665 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2666 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2667 if (err) { 2668 sdata_info(sdata, 2669 "failed to move station %pM to desired state\n", 2670 sta->sta.addr); 2671 WARN_ON(__sta_info_destroy(sta)); 2672 mutex_unlock(&sdata->local->sta_mtx); 2673 ret = false; 2674 goto out; 2675 } 2676 2677 mutex_unlock(&sdata->local->sta_mtx); 2678 2679 /* 2680 * Always handle WMM once after association regardless 2681 * of the first value the AP uses. Setting -1 here has 2682 * that effect because the AP values is an unsigned 2683 * 4-bit value. 2684 */ 2685 ifmgd->wmm_last_param_set = -1; 2686 2687 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && elems.wmm_param) 2688 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2689 elems.wmm_param_len); 2690 else 2691 ieee80211_set_wmm_default(sdata, false); 2692 changed |= BSS_CHANGED_QOS; 2693 2694 /* set AID and assoc capability, 2695 * ieee80211_set_associated() will tell the driver */ 2696 bss_conf->aid = aid; 2697 bss_conf->assoc_capability = capab_info; 2698 ieee80211_set_associated(sdata, cbss, changed); 2699 2700 /* 2701 * If we're using 4-addr mode, let the AP know that we're 2702 * doing so, so that it can create the STA VLAN on its side 2703 */ 2704 if (ifmgd->use_4addr) 2705 ieee80211_send_4addr_nullfunc(local, sdata); 2706 2707 /* 2708 * Start timer to probe the connection to the AP now. 2709 * Also start the timer that will detect beacon loss. 2710 */ 2711 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2712 ieee80211_sta_reset_beacon_monitor(sdata); 2713 2714 ret = true; 2715 out: 2716 kfree(bss_ies); 2717 return ret; 2718 } 2719 2720 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 2721 struct ieee80211_mgmt *mgmt, 2722 size_t len) 2723 { 2724 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2725 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2726 u16 capab_info, status_code, aid; 2727 struct ieee802_11_elems elems; 2728 u8 *pos; 2729 bool reassoc; 2730 struct cfg80211_bss *bss; 2731 2732 sdata_assert_lock(sdata); 2733 2734 if (!assoc_data) 2735 return; 2736 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 2737 return; 2738 2739 /* 2740 * AssocResp and ReassocResp have identical structure, so process both 2741 * of them in this function. 2742 */ 2743 2744 if (len < 24 + 6) 2745 return; 2746 2747 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 2748 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2749 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2750 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2751 2752 sdata_info(sdata, 2753 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 2754 reassoc ? "Rea" : "A", mgmt->sa, 2755 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2756 2757 pos = mgmt->u.assoc_resp.variable; 2758 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2759 2760 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2761 elems.timeout_int && 2762 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2763 u32 tu, ms; 2764 tu = le32_to_cpu(elems.timeout_int->value); 2765 ms = tu * 1024 / 1000; 2766 sdata_info(sdata, 2767 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2768 mgmt->sa, tu, ms); 2769 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 2770 assoc_data->timeout_started = true; 2771 if (ms > IEEE80211_ASSOC_TIMEOUT) 2772 run_again(sdata, assoc_data->timeout); 2773 return; 2774 } 2775 2776 bss = assoc_data->bss; 2777 2778 if (status_code != WLAN_STATUS_SUCCESS) { 2779 sdata_info(sdata, "%pM denied association (code=%d)\n", 2780 mgmt->sa, status_code); 2781 ieee80211_destroy_assoc_data(sdata, false); 2782 } else { 2783 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) { 2784 /* oops -- internal error -- send timeout for now */ 2785 ieee80211_destroy_assoc_data(sdata, false); 2786 cfg80211_assoc_timeout(sdata->dev, bss); 2787 return; 2788 } 2789 sdata_info(sdata, "associated\n"); 2790 2791 /* 2792 * destroy assoc_data afterwards, as otherwise an idle 2793 * recalc after assoc_data is NULL but before associated 2794 * is set can cause the interface to go idle 2795 */ 2796 ieee80211_destroy_assoc_data(sdata, true); 2797 } 2798 2799 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len); 2800 } 2801 2802 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2803 struct ieee80211_mgmt *mgmt, size_t len, 2804 struct ieee80211_rx_status *rx_status, 2805 struct ieee802_11_elems *elems) 2806 { 2807 struct ieee80211_local *local = sdata->local; 2808 struct ieee80211_bss *bss; 2809 struct ieee80211_channel *channel; 2810 2811 sdata_assert_lock(sdata); 2812 2813 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq); 2814 if (!channel) 2815 return; 2816 2817 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 2818 channel); 2819 if (bss) { 2820 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; 2821 ieee80211_rx_bss_put(local, bss); 2822 } 2823 } 2824 2825 2826 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 2827 struct sk_buff *skb) 2828 { 2829 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2830 struct ieee80211_if_managed *ifmgd; 2831 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 2832 size_t baselen, len = skb->len; 2833 struct ieee802_11_elems elems; 2834 2835 ifmgd = &sdata->u.mgd; 2836 2837 sdata_assert_lock(sdata); 2838 2839 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 2840 return; /* ignore ProbeResp to foreign address */ 2841 2842 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2843 if (baselen > len) 2844 return; 2845 2846 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2847 false, &elems); 2848 2849 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2850 2851 if (ifmgd->associated && 2852 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2853 ieee80211_reset_ap_probe(sdata); 2854 2855 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 2856 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 2857 /* got probe response, continue with auth */ 2858 sdata_info(sdata, "direct probe responded\n"); 2859 ifmgd->auth_data->tries = 0; 2860 ifmgd->auth_data->timeout = jiffies; 2861 ifmgd->auth_data->timeout_started = true; 2862 run_again(sdata, ifmgd->auth_data->timeout); 2863 } 2864 } 2865 2866 /* 2867 * This is the canonical list of information elements we care about, 2868 * the filter code also gives us all changes to the Microsoft OUI 2869 * (00:50:F2) vendor IE which is used for WMM which we need to track. 2870 * 2871 * We implement beacon filtering in software since that means we can 2872 * avoid processing the frame here and in cfg80211, and userspace 2873 * will not be able to tell whether the hardware supports it or not. 2874 * 2875 * XXX: This list needs to be dynamic -- userspace needs to be able to 2876 * add items it requires. It also needs to be able to tell us to 2877 * look out for other vendor IEs. 2878 */ 2879 static const u64 care_about_ies = 2880 (1ULL << WLAN_EID_COUNTRY) | 2881 (1ULL << WLAN_EID_ERP_INFO) | 2882 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 2883 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 2884 (1ULL << WLAN_EID_HT_CAPABILITY) | 2885 (1ULL << WLAN_EID_HT_OPERATION); 2886 2887 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 2888 struct ieee80211_mgmt *mgmt, size_t len, 2889 struct ieee80211_rx_status *rx_status) 2890 { 2891 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2892 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2893 size_t baselen; 2894 struct ieee802_11_elems elems; 2895 struct ieee80211_local *local = sdata->local; 2896 struct ieee80211_chanctx_conf *chanctx_conf; 2897 struct ieee80211_channel *chan; 2898 struct sta_info *sta; 2899 u32 changed = 0; 2900 bool erp_valid; 2901 u8 erp_value = 0; 2902 u32 ncrc; 2903 u8 *bssid; 2904 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2905 2906 sdata_assert_lock(sdata); 2907 2908 /* Process beacon from the current BSS */ 2909 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2910 if (baselen > len) 2911 return; 2912 2913 rcu_read_lock(); 2914 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 2915 if (!chanctx_conf) { 2916 rcu_read_unlock(); 2917 return; 2918 } 2919 2920 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 2921 rcu_read_unlock(); 2922 return; 2923 } 2924 chan = chanctx_conf->def.chan; 2925 rcu_read_unlock(); 2926 2927 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 2928 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2929 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2930 len - baselen, false, &elems); 2931 2932 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2933 if (elems.tim && !elems.parse_error) { 2934 const struct ieee80211_tim_ie *tim_ie = elems.tim; 2935 ifmgd->dtim_period = tim_ie->dtim_period; 2936 } 2937 ifmgd->have_beacon = true; 2938 ifmgd->assoc_data->need_beacon = false; 2939 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2940 sdata->vif.bss_conf.sync_tsf = 2941 le64_to_cpu(mgmt->u.beacon.timestamp); 2942 sdata->vif.bss_conf.sync_device_ts = 2943 rx_status->device_timestamp; 2944 if (elems.tim) 2945 sdata->vif.bss_conf.sync_dtim_count = 2946 elems.tim->dtim_count; 2947 else 2948 sdata->vif.bss_conf.sync_dtim_count = 0; 2949 } 2950 /* continue assoc process */ 2951 ifmgd->assoc_data->timeout = jiffies; 2952 ifmgd->assoc_data->timeout_started = true; 2953 run_again(sdata, ifmgd->assoc_data->timeout); 2954 return; 2955 } 2956 2957 if (!ifmgd->associated || 2958 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2959 return; 2960 bssid = ifmgd->associated->bssid; 2961 2962 /* Track average RSSI from the Beacon frames of the current AP */ 2963 ifmgd->last_beacon_signal = rx_status->signal; 2964 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 2965 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 2966 ifmgd->ave_beacon_signal = rx_status->signal * 16; 2967 ifmgd->last_cqm_event_signal = 0; 2968 ifmgd->count_beacon_signal = 1; 2969 ifmgd->last_ave_beacon_signal = 0; 2970 } else { 2971 ifmgd->ave_beacon_signal = 2972 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 2973 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 2974 ifmgd->ave_beacon_signal) / 16; 2975 ifmgd->count_beacon_signal++; 2976 } 2977 2978 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 2979 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 2980 int sig = ifmgd->ave_beacon_signal; 2981 int last_sig = ifmgd->last_ave_beacon_signal; 2982 2983 /* 2984 * if signal crosses either of the boundaries, invoke callback 2985 * with appropriate parameters 2986 */ 2987 if (sig > ifmgd->rssi_max_thold && 2988 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 2989 ifmgd->last_ave_beacon_signal = sig; 2990 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH); 2991 } else if (sig < ifmgd->rssi_min_thold && 2992 (last_sig >= ifmgd->rssi_max_thold || 2993 last_sig == 0)) { 2994 ifmgd->last_ave_beacon_signal = sig; 2995 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW); 2996 } 2997 } 2998 2999 if (bss_conf->cqm_rssi_thold && 3000 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 3001 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 3002 int sig = ifmgd->ave_beacon_signal / 16; 3003 int last_event = ifmgd->last_cqm_event_signal; 3004 int thold = bss_conf->cqm_rssi_thold; 3005 int hyst = bss_conf->cqm_rssi_hyst; 3006 if (sig < thold && 3007 (last_event == 0 || sig < last_event - hyst)) { 3008 ifmgd->last_cqm_event_signal = sig; 3009 ieee80211_cqm_rssi_notify( 3010 &sdata->vif, 3011 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 3012 GFP_KERNEL); 3013 } else if (sig > thold && 3014 (last_event == 0 || sig > last_event + hyst)) { 3015 ifmgd->last_cqm_event_signal = sig; 3016 ieee80211_cqm_rssi_notify( 3017 &sdata->vif, 3018 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 3019 GFP_KERNEL); 3020 } 3021 } 3022 3023 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) { 3024 mlme_dbg_ratelimited(sdata, 3025 "cancelling AP probe due to a received beacon\n"); 3026 ieee80211_reset_ap_probe(sdata); 3027 } 3028 3029 /* 3030 * Push the beacon loss detection into the future since 3031 * we are processing a beacon from the AP just now. 3032 */ 3033 ieee80211_sta_reset_beacon_monitor(sdata); 3034 3035 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 3036 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 3037 len - baselen, false, &elems, 3038 care_about_ies, ncrc); 3039 3040 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 3041 bool directed_tim = ieee80211_check_tim(elems.tim, 3042 elems.tim_len, 3043 ifmgd->aid); 3044 if (directed_tim) { 3045 if (local->hw.conf.dynamic_ps_timeout > 0) { 3046 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 3047 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 3048 ieee80211_hw_config(local, 3049 IEEE80211_CONF_CHANGE_PS); 3050 } 3051 ieee80211_send_nullfunc(local, sdata, 0); 3052 } else if (!local->pspolling && sdata->u.mgd.powersave) { 3053 local->pspolling = true; 3054 3055 /* 3056 * Here is assumed that the driver will be 3057 * able to send ps-poll frame and receive a 3058 * response even though power save mode is 3059 * enabled, but some drivers might require 3060 * to disable power save here. This needs 3061 * to be investigated. 3062 */ 3063 ieee80211_send_pspoll(local, sdata); 3064 } 3065 } 3066 } 3067 3068 if (sdata->vif.p2p) { 3069 struct ieee80211_p2p_noa_attr noa = {}; 3070 int ret; 3071 3072 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 3073 len - baselen, 3074 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 3075 (u8 *) &noa, sizeof(noa)); 3076 if (ret >= 2) { 3077 if (sdata->u.mgd.p2p_noa_index != noa.index) { 3078 /* valid noa_attr and index changed */ 3079 sdata->u.mgd.p2p_noa_index = noa.index; 3080 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 3081 changed |= BSS_CHANGED_P2P_PS; 3082 /* 3083 * make sure we update all information, the CRC 3084 * mechanism doesn't look at P2P attributes. 3085 */ 3086 ifmgd->beacon_crc_valid = false; 3087 } 3088 } else if (sdata->u.mgd.p2p_noa_index != -1) { 3089 /* noa_attr not found and we had valid noa_attr before */ 3090 sdata->u.mgd.p2p_noa_index = -1; 3091 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 3092 changed |= BSS_CHANGED_P2P_PS; 3093 ifmgd->beacon_crc_valid = false; 3094 } 3095 } 3096 3097 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 3098 return; 3099 ifmgd->beacon_crc = ncrc; 3100 ifmgd->beacon_crc_valid = true; 3101 3102 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3103 3104 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 3105 &elems, true); 3106 3107 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && 3108 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 3109 elems.wmm_param_len)) 3110 changed |= BSS_CHANGED_QOS; 3111 3112 /* 3113 * If we haven't had a beacon before, tell the driver about the 3114 * DTIM period (and beacon timing if desired) now. 3115 */ 3116 if (!ifmgd->have_beacon) { 3117 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 3118 if (elems.tim) 3119 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 3120 else 3121 bss_conf->dtim_period = 1; 3122 3123 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3124 sdata->vif.bss_conf.sync_tsf = 3125 le64_to_cpu(mgmt->u.beacon.timestamp); 3126 sdata->vif.bss_conf.sync_device_ts = 3127 rx_status->device_timestamp; 3128 if (elems.tim) 3129 sdata->vif.bss_conf.sync_dtim_count = 3130 elems.tim->dtim_count; 3131 else 3132 sdata->vif.bss_conf.sync_dtim_count = 0; 3133 } 3134 3135 changed |= BSS_CHANGED_BEACON_INFO; 3136 ifmgd->have_beacon = true; 3137 3138 mutex_lock(&local->iflist_mtx); 3139 ieee80211_recalc_ps(local, -1); 3140 mutex_unlock(&local->iflist_mtx); 3141 3142 ieee80211_recalc_ps_vif(sdata); 3143 } 3144 3145 if (elems.erp_info) { 3146 erp_valid = true; 3147 erp_value = elems.erp_info[0]; 3148 } else { 3149 erp_valid = false; 3150 } 3151 changed |= ieee80211_handle_bss_capability(sdata, 3152 le16_to_cpu(mgmt->u.beacon.capab_info), 3153 erp_valid, erp_value); 3154 3155 mutex_lock(&local->sta_mtx); 3156 sta = sta_info_get(sdata, bssid); 3157 3158 if (ieee80211_config_bw(sdata, sta, elems.ht_operation, 3159 elems.vht_operation, bssid, &changed)) { 3160 mutex_unlock(&local->sta_mtx); 3161 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3162 WLAN_REASON_DEAUTH_LEAVING, 3163 true, deauth_buf); 3164 cfg80211_tx_mlme_mgmt(sdata->dev, deauth_buf, 3165 sizeof(deauth_buf)); 3166 return; 3167 } 3168 3169 if (sta && elems.opmode_notif) 3170 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3171 rx_status->band, true); 3172 mutex_unlock(&local->sta_mtx); 3173 3174 if (elems.country_elem && elems.pwr_constr_elem && 3175 mgmt->u.probe_resp.capab_info & 3176 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) 3177 changed |= ieee80211_handle_pwr_constr(sdata, chan, 3178 elems.country_elem, 3179 elems.country_elem_len, 3180 elems.pwr_constr_elem); 3181 3182 ieee80211_bss_info_change_notify(sdata, changed); 3183 } 3184 3185 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3186 struct sk_buff *skb) 3187 { 3188 struct ieee80211_rx_status *rx_status; 3189 struct ieee80211_mgmt *mgmt; 3190 u16 fc; 3191 struct ieee802_11_elems elems; 3192 int ies_len; 3193 3194 rx_status = (struct ieee80211_rx_status *) skb->cb; 3195 mgmt = (struct ieee80211_mgmt *) skb->data; 3196 fc = le16_to_cpu(mgmt->frame_control); 3197 3198 sdata_lock(sdata); 3199 3200 switch (fc & IEEE80211_FCTL_STYPE) { 3201 case IEEE80211_STYPE_BEACON: 3202 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status); 3203 break; 3204 case IEEE80211_STYPE_PROBE_RESP: 3205 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3206 break; 3207 case IEEE80211_STYPE_AUTH: 3208 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3209 break; 3210 case IEEE80211_STYPE_DEAUTH: 3211 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3212 break; 3213 case IEEE80211_STYPE_DISASSOC: 3214 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3215 break; 3216 case IEEE80211_STYPE_ASSOC_RESP: 3217 case IEEE80211_STYPE_REASSOC_RESP: 3218 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 3219 break; 3220 case IEEE80211_STYPE_ACTION: 3221 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 3222 ies_len = skb->len - 3223 offsetof(struct ieee80211_mgmt, 3224 u.action.u.chan_switch.variable); 3225 3226 if (ies_len < 0) 3227 break; 3228 3229 ieee802_11_parse_elems( 3230 mgmt->u.action.u.chan_switch.variable, 3231 ies_len, true, &elems); 3232 3233 if (elems.parse_error) 3234 break; 3235 3236 ieee80211_sta_process_chanswitch(sdata, 3237 rx_status->mactime, 3238 &elems, false); 3239 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3240 ies_len = skb->len - 3241 offsetof(struct ieee80211_mgmt, 3242 u.action.u.ext_chan_switch.variable); 3243 3244 if (ies_len < 0) 3245 break; 3246 3247 ieee802_11_parse_elems( 3248 mgmt->u.action.u.ext_chan_switch.variable, 3249 ies_len, true, &elems); 3250 3251 if (elems.parse_error) 3252 break; 3253 3254 /* for the handling code pretend this was also an IE */ 3255 elems.ext_chansw_ie = 3256 &mgmt->u.action.u.ext_chan_switch.data; 3257 3258 ieee80211_sta_process_chanswitch(sdata, 3259 rx_status->mactime, 3260 &elems, false); 3261 } 3262 break; 3263 } 3264 sdata_unlock(sdata); 3265 } 3266 3267 static void ieee80211_sta_timer(unsigned long data) 3268 { 3269 struct ieee80211_sub_if_data *sdata = 3270 (struct ieee80211_sub_if_data *) data; 3271 3272 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3273 } 3274 3275 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3276 u8 *bssid, u8 reason, bool tx) 3277 { 3278 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3279 3280 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3281 tx, frame_buf); 3282 3283 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3284 IEEE80211_DEAUTH_FRAME_LEN); 3285 } 3286 3287 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3288 { 3289 struct ieee80211_local *local = sdata->local; 3290 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3291 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3292 u32 tx_flags = 0; 3293 3294 sdata_assert_lock(sdata); 3295 3296 if (WARN_ON_ONCE(!auth_data)) 3297 return -EINVAL; 3298 3299 auth_data->tries++; 3300 3301 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3302 sdata_info(sdata, "authentication with %pM timed out\n", 3303 auth_data->bss->bssid); 3304 3305 /* 3306 * Most likely AP is not in the range so remove the 3307 * bss struct for that AP. 3308 */ 3309 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3310 3311 return -ETIMEDOUT; 3312 } 3313 3314 drv_mgd_prepare_tx(local, sdata); 3315 3316 if (auth_data->bss->proberesp_ies) { 3317 u16 trans = 1; 3318 u16 status = 0; 3319 3320 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3321 auth_data->bss->bssid, auth_data->tries, 3322 IEEE80211_AUTH_MAX_TRIES); 3323 3324 auth_data->expected_transaction = 2; 3325 3326 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3327 trans = auth_data->sae_trans; 3328 status = auth_data->sae_status; 3329 auth_data->expected_transaction = trans; 3330 } 3331 3332 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3333 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3334 IEEE80211_TX_INTFL_MLME_CONN_TX; 3335 3336 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3337 auth_data->data, auth_data->data_len, 3338 auth_data->bss->bssid, 3339 auth_data->bss->bssid, NULL, 0, 0, 3340 tx_flags); 3341 } else { 3342 const u8 *ssidie; 3343 3344 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3345 auth_data->bss->bssid, auth_data->tries, 3346 IEEE80211_AUTH_MAX_TRIES); 3347 3348 rcu_read_lock(); 3349 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3350 if (!ssidie) { 3351 rcu_read_unlock(); 3352 return -EINVAL; 3353 } 3354 /* 3355 * Direct probe is sent to broadcast address as some APs 3356 * will not answer to direct packet in unassociated state. 3357 */ 3358 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 3359 NULL, 0, (u32) -1, true, 0, 3360 auth_data->bss->channel, false); 3361 rcu_read_unlock(); 3362 } 3363 3364 if (tx_flags == 0) { 3365 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3366 auth_data->timeout_started = true; 3367 run_again(sdata, auth_data->timeout); 3368 } else { 3369 auth_data->timeout = 3370 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); 3371 auth_data->timeout_started = true; 3372 run_again(sdata, auth_data->timeout); 3373 } 3374 3375 return 0; 3376 } 3377 3378 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3379 { 3380 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3381 struct ieee80211_local *local = sdata->local; 3382 3383 sdata_assert_lock(sdata); 3384 3385 assoc_data->tries++; 3386 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3387 sdata_info(sdata, "association with %pM timed out\n", 3388 assoc_data->bss->bssid); 3389 3390 /* 3391 * Most likely AP is not in the range so remove the 3392 * bss struct for that AP. 3393 */ 3394 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3395 3396 return -ETIMEDOUT; 3397 } 3398 3399 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3400 assoc_data->bss->bssid, assoc_data->tries, 3401 IEEE80211_ASSOC_MAX_TRIES); 3402 ieee80211_send_assoc(sdata); 3403 3404 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3405 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3406 assoc_data->timeout_started = true; 3407 run_again(sdata, assoc_data->timeout); 3408 } else { 3409 assoc_data->timeout = 3410 round_jiffies_up(jiffies + 3411 IEEE80211_ASSOC_TIMEOUT_LONG); 3412 assoc_data->timeout_started = true; 3413 run_again(sdata, assoc_data->timeout); 3414 } 3415 3416 return 0; 3417 } 3418 3419 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3420 __le16 fc, bool acked) 3421 { 3422 struct ieee80211_local *local = sdata->local; 3423 3424 sdata->u.mgd.status_fc = fc; 3425 sdata->u.mgd.status_acked = acked; 3426 sdata->u.mgd.status_received = true; 3427 3428 ieee80211_queue_work(&local->hw, &sdata->work); 3429 } 3430 3431 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3432 { 3433 struct ieee80211_local *local = sdata->local; 3434 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3435 3436 sdata_lock(sdata); 3437 3438 if (ifmgd->status_received) { 3439 __le16 fc = ifmgd->status_fc; 3440 bool status_acked = ifmgd->status_acked; 3441 3442 ifmgd->status_received = false; 3443 if (ifmgd->auth_data && 3444 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3445 if (status_acked) { 3446 ifmgd->auth_data->timeout = 3447 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3448 run_again(sdata, ifmgd->auth_data->timeout); 3449 } else { 3450 ifmgd->auth_data->timeout = jiffies - 1; 3451 } 3452 ifmgd->auth_data->timeout_started = true; 3453 } else if (ifmgd->assoc_data && 3454 (ieee80211_is_assoc_req(fc) || 3455 ieee80211_is_reassoc_req(fc))) { 3456 if (status_acked) { 3457 ifmgd->assoc_data->timeout = 3458 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3459 run_again(sdata, ifmgd->assoc_data->timeout); 3460 } else { 3461 ifmgd->assoc_data->timeout = jiffies - 1; 3462 } 3463 ifmgd->assoc_data->timeout_started = true; 3464 } 3465 } 3466 3467 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3468 time_after(jiffies, ifmgd->auth_data->timeout)) { 3469 if (ifmgd->auth_data->done) { 3470 /* 3471 * ok ... we waited for assoc but userspace didn't, 3472 * so let's just kill the auth data 3473 */ 3474 ieee80211_destroy_auth_data(sdata, false); 3475 } else if (ieee80211_probe_auth(sdata)) { 3476 u8 bssid[ETH_ALEN]; 3477 3478 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3479 3480 ieee80211_destroy_auth_data(sdata, false); 3481 3482 cfg80211_auth_timeout(sdata->dev, bssid); 3483 } 3484 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3485 run_again(sdata, ifmgd->auth_data->timeout); 3486 3487 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3488 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3489 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) || 3490 ieee80211_do_assoc(sdata)) { 3491 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 3492 3493 ieee80211_destroy_assoc_data(sdata, false); 3494 cfg80211_assoc_timeout(sdata->dev, bss); 3495 } 3496 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3497 run_again(sdata, ifmgd->assoc_data->timeout); 3498 3499 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL && 3500 ifmgd->associated) { 3501 u8 bssid[ETH_ALEN]; 3502 int max_tries; 3503 3504 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3505 3506 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3507 max_tries = max_nullfunc_tries; 3508 else 3509 max_tries = max_probe_tries; 3510 3511 /* ACK received for nullfunc probing frame */ 3512 if (!ifmgd->probe_send_count) 3513 ieee80211_reset_ap_probe(sdata); 3514 else if (ifmgd->nullfunc_failed) { 3515 if (ifmgd->probe_send_count < max_tries) { 3516 mlme_dbg(sdata, 3517 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3518 bssid, ifmgd->probe_send_count, 3519 max_tries); 3520 ieee80211_mgd_probe_ap_send(sdata); 3521 } else { 3522 mlme_dbg(sdata, 3523 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3524 bssid); 3525 ieee80211_sta_connection_lost(sdata, bssid, 3526 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3527 false); 3528 } 3529 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3530 run_again(sdata, ifmgd->probe_timeout); 3531 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3532 mlme_dbg(sdata, 3533 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3534 bssid, probe_wait_ms); 3535 ieee80211_sta_connection_lost(sdata, bssid, 3536 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3537 } else if (ifmgd->probe_send_count < max_tries) { 3538 mlme_dbg(sdata, 3539 "No probe response from AP %pM after %dms, try %d/%i\n", 3540 bssid, probe_wait_ms, 3541 ifmgd->probe_send_count, max_tries); 3542 ieee80211_mgd_probe_ap_send(sdata); 3543 } else { 3544 /* 3545 * We actually lost the connection ... or did we? 3546 * Let's make sure! 3547 */ 3548 wiphy_debug(local->hw.wiphy, 3549 "%s: No probe response from AP %pM" 3550 " after %dms, disconnecting.\n", 3551 sdata->name, 3552 bssid, probe_wait_ms); 3553 3554 ieee80211_sta_connection_lost(sdata, bssid, 3555 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3556 } 3557 } 3558 3559 sdata_unlock(sdata); 3560 } 3561 3562 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3563 { 3564 struct ieee80211_sub_if_data *sdata = 3565 (struct ieee80211_sub_if_data *) data; 3566 struct ieee80211_local *local = sdata->local; 3567 3568 if (local->quiescing) 3569 return; 3570 3571 if (sdata->vif.csa_active) 3572 return; 3573 3574 sdata->u.mgd.connection_loss = false; 3575 ieee80211_queue_work(&sdata->local->hw, 3576 &sdata->u.mgd.beacon_connection_loss_work); 3577 } 3578 3579 static void ieee80211_sta_conn_mon_timer(unsigned long data) 3580 { 3581 struct ieee80211_sub_if_data *sdata = 3582 (struct ieee80211_sub_if_data *) data; 3583 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3584 struct ieee80211_local *local = sdata->local; 3585 3586 if (local->quiescing) 3587 return; 3588 3589 if (sdata->vif.csa_active) 3590 return; 3591 3592 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3593 } 3594 3595 static void ieee80211_sta_monitor_work(struct work_struct *work) 3596 { 3597 struct ieee80211_sub_if_data *sdata = 3598 container_of(work, struct ieee80211_sub_if_data, 3599 u.mgd.monitor_work); 3600 3601 ieee80211_mgd_probe_ap(sdata, false); 3602 } 3603 3604 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3605 { 3606 u32 flags; 3607 3608 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3609 __ieee80211_stop_poll(sdata); 3610 3611 /* let's probe the connection once */ 3612 flags = sdata->local->hw.flags; 3613 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 3614 ieee80211_queue_work(&sdata->local->hw, 3615 &sdata->u.mgd.monitor_work); 3616 /* and do all the other regular work too */ 3617 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3618 } 3619 } 3620 3621 #ifdef CONFIG_PM 3622 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata) 3623 { 3624 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3625 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3626 3627 sdata_lock(sdata); 3628 3629 if (ifmgd->auth_data || ifmgd->assoc_data) { 3630 const u8 *bssid = ifmgd->auth_data ? 3631 ifmgd->auth_data->bss->bssid : 3632 ifmgd->assoc_data->bss->bssid; 3633 3634 /* 3635 * If we are trying to authenticate / associate while suspending, 3636 * cfg80211 won't know and won't actually abort those attempts, 3637 * thus we need to do that ourselves. 3638 */ 3639 ieee80211_send_deauth_disassoc(sdata, bssid, 3640 IEEE80211_STYPE_DEAUTH, 3641 WLAN_REASON_DEAUTH_LEAVING, 3642 false, frame_buf); 3643 if (ifmgd->assoc_data) 3644 ieee80211_destroy_assoc_data(sdata, false); 3645 if (ifmgd->auth_data) 3646 ieee80211_destroy_auth_data(sdata, false); 3647 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3648 IEEE80211_DEAUTH_FRAME_LEN); 3649 } 3650 3651 sdata_unlock(sdata); 3652 } 3653 3654 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 3655 { 3656 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3657 3658 sdata_lock(sdata); 3659 if (!ifmgd->associated) { 3660 sdata_unlock(sdata); 3661 return; 3662 } 3663 3664 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 3665 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 3666 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 3667 ieee80211_sta_connection_lost(sdata, 3668 ifmgd->associated->bssid, 3669 WLAN_REASON_UNSPECIFIED, 3670 true); 3671 sdata_unlock(sdata); 3672 return; 3673 } 3674 sdata_unlock(sdata); 3675 } 3676 #endif 3677 3678 /* interface setup */ 3679 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3680 { 3681 struct ieee80211_if_managed *ifmgd; 3682 3683 ifmgd = &sdata->u.mgd; 3684 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3685 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3686 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3687 ieee80211_beacon_connection_loss_work); 3688 INIT_WORK(&ifmgd->csa_connection_drop_work, 3689 ieee80211_csa_connection_drop_work); 3690 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work); 3691 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3692 (unsigned long) sdata); 3693 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3694 (unsigned long) sdata); 3695 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3696 (unsigned long) sdata); 3697 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 3698 (unsigned long) sdata); 3699 3700 ifmgd->flags = 0; 3701 ifmgd->powersave = sdata->wdev.ps; 3702 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 3703 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 3704 ifmgd->p2p_noa_index = -1; 3705 3706 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 3707 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 3708 else 3709 ifmgd->req_smps = IEEE80211_SMPS_OFF; 3710 } 3711 3712 /* scan finished notification */ 3713 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 3714 { 3715 struct ieee80211_sub_if_data *sdata; 3716 3717 /* Restart STA timers */ 3718 rcu_read_lock(); 3719 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 3720 if (ieee80211_sdata_running(sdata)) 3721 ieee80211_restart_sta_timer(sdata); 3722 } 3723 rcu_read_unlock(); 3724 } 3725 3726 int ieee80211_max_network_latency(struct notifier_block *nb, 3727 unsigned long data, void *dummy) 3728 { 3729 s32 latency_usec = (s32) data; 3730 struct ieee80211_local *local = 3731 container_of(nb, struct ieee80211_local, 3732 network_latency_notifier); 3733 3734 mutex_lock(&local->iflist_mtx); 3735 ieee80211_recalc_ps(local, latency_usec); 3736 mutex_unlock(&local->iflist_mtx); 3737 3738 return NOTIFY_OK; 3739 } 3740 3741 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 3742 struct cfg80211_bss *cbss) 3743 { 3744 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3745 const u8 *ht_cap_ie, *vht_cap_ie; 3746 const struct ieee80211_ht_cap *ht_cap; 3747 const struct ieee80211_vht_cap *vht_cap; 3748 u8 chains = 1; 3749 3750 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 3751 return chains; 3752 3753 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3754 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 3755 ht_cap = (void *)(ht_cap_ie + 2); 3756 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 3757 /* 3758 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 3759 * "Tx Unequal Modulation Supported" fields. 3760 */ 3761 } 3762 3763 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 3764 return chains; 3765 3766 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3767 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 3768 u8 nss; 3769 u16 tx_mcs_map; 3770 3771 vht_cap = (void *)(vht_cap_ie + 2); 3772 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 3773 for (nss = 8; nss > 0; nss--) { 3774 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 3775 IEEE80211_VHT_MCS_NOT_SUPPORTED) 3776 break; 3777 } 3778 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 3779 chains = max(chains, nss); 3780 } 3781 3782 return chains; 3783 } 3784 3785 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 3786 struct cfg80211_bss *cbss) 3787 { 3788 struct ieee80211_local *local = sdata->local; 3789 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3790 const struct ieee80211_ht_operation *ht_oper = NULL; 3791 const struct ieee80211_vht_operation *vht_oper = NULL; 3792 struct ieee80211_supported_band *sband; 3793 struct cfg80211_chan_def chandef; 3794 int ret; 3795 3796 sband = local->hw.wiphy->bands[cbss->channel->band]; 3797 3798 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 3799 IEEE80211_STA_DISABLE_80P80MHZ | 3800 IEEE80211_STA_DISABLE_160MHZ); 3801 3802 rcu_read_lock(); 3803 3804 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 3805 sband->ht_cap.ht_supported) { 3806 const u8 *ht_oper_ie, *ht_cap; 3807 3808 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 3809 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 3810 ht_oper = (void *)(ht_oper_ie + 2); 3811 3812 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3813 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) { 3814 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3815 ht_oper = NULL; 3816 } 3817 } 3818 3819 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 3820 sband->vht_cap.vht_supported) { 3821 const u8 *vht_oper_ie, *vht_cap; 3822 3823 vht_oper_ie = ieee80211_bss_get_ie(cbss, 3824 WLAN_EID_VHT_OPERATION); 3825 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 3826 vht_oper = (void *)(vht_oper_ie + 2); 3827 if (vht_oper && !ht_oper) { 3828 vht_oper = NULL; 3829 sdata_info(sdata, 3830 "AP advertised VHT without HT, disabling both\n"); 3831 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3832 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3833 } 3834 3835 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3836 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 3837 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3838 vht_oper = NULL; 3839 } 3840 } 3841 3842 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 3843 cbss->channel, 3844 ht_oper, vht_oper, 3845 &chandef, false); 3846 3847 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 3848 local->rx_chains); 3849 3850 rcu_read_unlock(); 3851 3852 /* will change later if needed */ 3853 sdata->smps_mode = IEEE80211_SMPS_OFF; 3854 3855 mutex_lock(&local->mtx); 3856 /* 3857 * If this fails (possibly due to channel context sharing 3858 * on incompatible channels, e.g. 80+80 and 160 sharing the 3859 * same control channel) try to use a smaller bandwidth. 3860 */ 3861 ret = ieee80211_vif_use_channel(sdata, &chandef, 3862 IEEE80211_CHANCTX_SHARED); 3863 3864 /* don't downgrade for 5 and 10 MHz channels, though. */ 3865 if (chandef.width == NL80211_CHAN_WIDTH_5 || 3866 chandef.width == NL80211_CHAN_WIDTH_10) 3867 goto out; 3868 3869 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 3870 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef); 3871 ret = ieee80211_vif_use_channel(sdata, &chandef, 3872 IEEE80211_CHANCTX_SHARED); 3873 } 3874 out: 3875 mutex_unlock(&local->mtx); 3876 return ret; 3877 } 3878 3879 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3880 struct cfg80211_bss *cbss, bool assoc) 3881 { 3882 struct ieee80211_local *local = sdata->local; 3883 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3884 struct ieee80211_bss *bss = (void *)cbss->priv; 3885 struct sta_info *new_sta = NULL; 3886 bool have_sta = false; 3887 int err; 3888 3889 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 3890 return -EINVAL; 3891 3892 if (assoc) { 3893 rcu_read_lock(); 3894 have_sta = sta_info_get(sdata, cbss->bssid); 3895 rcu_read_unlock(); 3896 } 3897 3898 if (!have_sta) { 3899 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 3900 if (!new_sta) 3901 return -ENOMEM; 3902 } 3903 if (new_sta) { 3904 u32 rates = 0, basic_rates = 0; 3905 bool have_higher_than_11mbit; 3906 int min_rate = INT_MAX, min_rate_index = -1; 3907 struct ieee80211_chanctx_conf *chanctx_conf; 3908 struct ieee80211_supported_band *sband; 3909 const struct cfg80211_bss_ies *ies; 3910 int shift; 3911 u32 rate_flags; 3912 3913 sband = local->hw.wiphy->bands[cbss->channel->band]; 3914 3915 err = ieee80211_prep_channel(sdata, cbss); 3916 if (err) { 3917 sta_info_free(local, new_sta); 3918 return -EINVAL; 3919 } 3920 shift = ieee80211_vif_get_shift(&sdata->vif); 3921 3922 rcu_read_lock(); 3923 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 3924 if (WARN_ON(!chanctx_conf)) { 3925 rcu_read_unlock(); 3926 sta_info_free(local, new_sta); 3927 return -EINVAL; 3928 } 3929 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 3930 rcu_read_unlock(); 3931 3932 ieee80211_get_rates(sband, bss->supp_rates, 3933 bss->supp_rates_len, 3934 &rates, &basic_rates, 3935 &have_higher_than_11mbit, 3936 &min_rate, &min_rate_index, 3937 shift, rate_flags); 3938 3939 /* 3940 * This used to be a workaround for basic rates missing 3941 * in the association response frame. Now that we no 3942 * longer use the basic rates from there, it probably 3943 * doesn't happen any more, but keep the workaround so 3944 * in case some *other* APs are buggy in different ways 3945 * we can connect -- with a warning. 3946 */ 3947 if (!basic_rates && min_rate_index >= 0) { 3948 sdata_info(sdata, 3949 "No basic rates, using min rate instead\n"); 3950 basic_rates = BIT(min_rate_index); 3951 } 3952 3953 new_sta->sta.supp_rates[cbss->channel->band] = rates; 3954 sdata->vif.bss_conf.basic_rates = basic_rates; 3955 3956 /* cf. IEEE 802.11 9.2.12 */ 3957 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 3958 have_higher_than_11mbit) 3959 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 3960 else 3961 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 3962 3963 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3964 3965 /* set timing information */ 3966 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 3967 rcu_read_lock(); 3968 ies = rcu_dereference(cbss->beacon_ies); 3969 if (ies) { 3970 const u8 *tim_ie; 3971 3972 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3973 sdata->vif.bss_conf.sync_device_ts = 3974 bss->device_ts_beacon; 3975 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 3976 ies->data, ies->len); 3977 if (tim_ie && tim_ie[1] >= 2) 3978 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 3979 else 3980 sdata->vif.bss_conf.sync_dtim_count = 0; 3981 } else if (!(local->hw.flags & 3982 IEEE80211_HW_TIMING_BEACON_ONLY)) { 3983 ies = rcu_dereference(cbss->proberesp_ies); 3984 /* must be non-NULL since beacon IEs were NULL */ 3985 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3986 sdata->vif.bss_conf.sync_device_ts = 3987 bss->device_ts_presp; 3988 sdata->vif.bss_conf.sync_dtim_count = 0; 3989 } else { 3990 sdata->vif.bss_conf.sync_tsf = 0; 3991 sdata->vif.bss_conf.sync_device_ts = 0; 3992 sdata->vif.bss_conf.sync_dtim_count = 0; 3993 } 3994 rcu_read_unlock(); 3995 3996 /* tell driver about BSSID, basic rates and timing */ 3997 ieee80211_bss_info_change_notify(sdata, 3998 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 3999 BSS_CHANGED_BEACON_INT); 4000 4001 if (assoc) 4002 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 4003 4004 err = sta_info_insert(new_sta); 4005 new_sta = NULL; 4006 if (err) { 4007 sdata_info(sdata, 4008 "failed to insert STA entry for the AP (error %d)\n", 4009 err); 4010 return err; 4011 } 4012 } else 4013 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 4014 4015 return 0; 4016 } 4017 4018 /* config hooks */ 4019 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 4020 struct cfg80211_auth_request *req) 4021 { 4022 struct ieee80211_local *local = sdata->local; 4023 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4024 struct ieee80211_mgd_auth_data *auth_data; 4025 u16 auth_alg; 4026 int err; 4027 4028 /* prepare auth data structure */ 4029 4030 switch (req->auth_type) { 4031 case NL80211_AUTHTYPE_OPEN_SYSTEM: 4032 auth_alg = WLAN_AUTH_OPEN; 4033 break; 4034 case NL80211_AUTHTYPE_SHARED_KEY: 4035 if (IS_ERR(local->wep_tx_tfm)) 4036 return -EOPNOTSUPP; 4037 auth_alg = WLAN_AUTH_SHARED_KEY; 4038 break; 4039 case NL80211_AUTHTYPE_FT: 4040 auth_alg = WLAN_AUTH_FT; 4041 break; 4042 case NL80211_AUTHTYPE_NETWORK_EAP: 4043 auth_alg = WLAN_AUTH_LEAP; 4044 break; 4045 case NL80211_AUTHTYPE_SAE: 4046 auth_alg = WLAN_AUTH_SAE; 4047 break; 4048 default: 4049 return -EOPNOTSUPP; 4050 } 4051 4052 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 4053 req->ie_len, GFP_KERNEL); 4054 if (!auth_data) 4055 return -ENOMEM; 4056 4057 auth_data->bss = req->bss; 4058 4059 if (req->sae_data_len >= 4) { 4060 __le16 *pos = (__le16 *) req->sae_data; 4061 auth_data->sae_trans = le16_to_cpu(pos[0]); 4062 auth_data->sae_status = le16_to_cpu(pos[1]); 4063 memcpy(auth_data->data, req->sae_data + 4, 4064 req->sae_data_len - 4); 4065 auth_data->data_len += req->sae_data_len - 4; 4066 } 4067 4068 if (req->ie && req->ie_len) { 4069 memcpy(&auth_data->data[auth_data->data_len], 4070 req->ie, req->ie_len); 4071 auth_data->data_len += req->ie_len; 4072 } 4073 4074 if (req->key && req->key_len) { 4075 auth_data->key_len = req->key_len; 4076 auth_data->key_idx = req->key_idx; 4077 memcpy(auth_data->key, req->key, req->key_len); 4078 } 4079 4080 auth_data->algorithm = auth_alg; 4081 4082 /* try to authenticate/probe */ 4083 4084 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 4085 ifmgd->assoc_data) { 4086 err = -EBUSY; 4087 goto err_free; 4088 } 4089 4090 if (ifmgd->auth_data) 4091 ieee80211_destroy_auth_data(sdata, false); 4092 4093 /* prep auth_data so we don't go into idle on disassoc */ 4094 ifmgd->auth_data = auth_data; 4095 4096 if (ifmgd->associated) { 4097 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4098 4099 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4100 WLAN_REASON_UNSPECIFIED, 4101 false, frame_buf); 4102 4103 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4104 sizeof(frame_buf)); 4105 } 4106 4107 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 4108 4109 err = ieee80211_prep_connection(sdata, req->bss, false); 4110 if (err) 4111 goto err_clear; 4112 4113 err = ieee80211_probe_auth(sdata); 4114 if (err) { 4115 sta_info_destroy_addr(sdata, req->bss->bssid); 4116 goto err_clear; 4117 } 4118 4119 /* hold our own reference */ 4120 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 4121 return 0; 4122 4123 err_clear: 4124 memset(ifmgd->bssid, 0, ETH_ALEN); 4125 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4126 ifmgd->auth_data = NULL; 4127 err_free: 4128 kfree(auth_data); 4129 return err; 4130 } 4131 4132 static bool ieee80211_usable_wmm_params(struct ieee80211_sub_if_data *sdata, 4133 const u8 *wmm_param, int len) 4134 { 4135 const u8 *pos; 4136 size_t left; 4137 4138 if (len < 8) 4139 return false; 4140 4141 if (wmm_param[5] != 1 /* version */) 4142 return false; 4143 4144 pos = wmm_param + 8; 4145 left = len - 8; 4146 4147 for (; left >= 4; left -= 4, pos += 4) { 4148 u8 aifsn = pos[0] & 0x0f; 4149 u8 ecwmin = pos[1] & 0x0f; 4150 u8 ecwmax = (pos[1] & 0xf0) >> 4; 4151 int aci = (pos[0] >> 5) & 0x03; 4152 4153 if (aifsn < 2) { 4154 sdata_info(sdata, 4155 "AP has invalid WMM params (AIFSN=%d for ACI %d), disabling WMM\n", 4156 aifsn, aci); 4157 return false; 4158 } 4159 if (ecwmin > ecwmax) { 4160 sdata_info(sdata, 4161 "AP has invalid WMM params (ECWmin/max=%d/%d for ACI %d), disabling WMM\n", 4162 ecwmin, ecwmax, aci); 4163 return false; 4164 } 4165 } 4166 4167 return true; 4168 } 4169 4170 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 4171 struct cfg80211_assoc_request *req) 4172 { 4173 struct ieee80211_local *local = sdata->local; 4174 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4175 struct ieee80211_bss *bss = (void *)req->bss->priv; 4176 struct ieee80211_mgd_assoc_data *assoc_data; 4177 const struct cfg80211_bss_ies *beacon_ies; 4178 struct ieee80211_supported_band *sband; 4179 const u8 *ssidie, *ht_ie, *vht_ie; 4180 int i, err; 4181 4182 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 4183 if (!assoc_data) 4184 return -ENOMEM; 4185 4186 rcu_read_lock(); 4187 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 4188 if (!ssidie) { 4189 rcu_read_unlock(); 4190 kfree(assoc_data); 4191 return -EINVAL; 4192 } 4193 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4194 assoc_data->ssid_len = ssidie[1]; 4195 rcu_read_unlock(); 4196 4197 if (ifmgd->associated) { 4198 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4199 4200 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4201 WLAN_REASON_UNSPECIFIED, 4202 false, frame_buf); 4203 4204 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4205 sizeof(frame_buf)); 4206 } 4207 4208 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4209 err = -EBUSY; 4210 goto err_free; 4211 } 4212 4213 if (ifmgd->assoc_data) { 4214 err = -EBUSY; 4215 goto err_free; 4216 } 4217 4218 if (ifmgd->auth_data) { 4219 bool match; 4220 4221 /* keep sta info, bssid if matching */ 4222 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4223 ieee80211_destroy_auth_data(sdata, match); 4224 } 4225 4226 /* prepare assoc data */ 4227 4228 ifmgd->beacon_crc_valid = false; 4229 4230 assoc_data->wmm = bss->wmm_used && 4231 (local->hw.queues >= IEEE80211_NUM_ACS); 4232 if (assoc_data->wmm) { 4233 /* try to check validity of WMM params IE */ 4234 const struct cfg80211_bss_ies *ies; 4235 const u8 *wp, *start, *end; 4236 4237 rcu_read_lock(); 4238 ies = rcu_dereference(req->bss->ies); 4239 start = ies->data; 4240 end = start + ies->len; 4241 4242 while (true) { 4243 wp = cfg80211_find_vendor_ie( 4244 WLAN_OUI_MICROSOFT, 4245 WLAN_OUI_TYPE_MICROSOFT_WMM, 4246 start, end - start); 4247 if (!wp) 4248 break; 4249 start = wp + wp[1] + 2; 4250 /* if this IE is too short, try the next */ 4251 if (wp[1] <= 4) 4252 continue; 4253 /* if this IE is WMM params, we found what we wanted */ 4254 if (wp[6] == 1) 4255 break; 4256 } 4257 4258 if (!wp || !ieee80211_usable_wmm_params(sdata, wp + 2, 4259 wp[1] - 2)) { 4260 assoc_data->wmm = false; 4261 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM; 4262 } 4263 rcu_read_unlock(); 4264 } 4265 4266 /* 4267 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4268 * We still associate in non-HT mode (11a/b/g) if any one of these 4269 * ciphers is configured as pairwise. 4270 * We can set this to true for non-11n hardware, that'll be checked 4271 * separately along with the peer capabilities. 4272 */ 4273 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4274 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4275 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4276 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4277 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4278 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4279 netdev_info(sdata->dev, 4280 "disabling HT/VHT due to WEP/TKIP use\n"); 4281 } 4282 } 4283 4284 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4285 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4286 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4287 } 4288 4289 if (req->flags & ASSOC_REQ_DISABLE_VHT) 4290 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4291 4292 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4293 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4294 if (!sband->ht_cap.ht_supported || 4295 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4296 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4297 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4298 if (!bss->wmm_used && 4299 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4300 netdev_info(sdata->dev, 4301 "disabling HT as WMM/QoS is not supported by the AP\n"); 4302 } 4303 4304 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4305 if (!sband->vht_cap.vht_supported || 4306 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4307 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4308 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4309 if (!bss->wmm_used && 4310 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4311 netdev_info(sdata->dev, 4312 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4313 } 4314 4315 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4316 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4317 sizeof(ifmgd->ht_capa_mask)); 4318 4319 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4320 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4321 sizeof(ifmgd->vht_capa_mask)); 4322 4323 if (req->ie && req->ie_len) { 4324 memcpy(assoc_data->ie, req->ie, req->ie_len); 4325 assoc_data->ie_len = req->ie_len; 4326 } 4327 4328 assoc_data->bss = req->bss; 4329 4330 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4331 if (ifmgd->powersave) 4332 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4333 else 4334 sdata->smps_mode = IEEE80211_SMPS_OFF; 4335 } else 4336 sdata->smps_mode = ifmgd->req_smps; 4337 4338 assoc_data->capability = req->bss->capability; 4339 assoc_data->supp_rates = bss->supp_rates; 4340 assoc_data->supp_rates_len = bss->supp_rates_len; 4341 4342 rcu_read_lock(); 4343 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4344 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4345 assoc_data->ap_ht_param = 4346 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4347 else 4348 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4349 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4350 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4351 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4352 sizeof(struct ieee80211_vht_cap)); 4353 else 4354 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4355 rcu_read_unlock(); 4356 4357 if (bss->wmm_used && bss->uapsd_supported && 4358 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) && 4359 sdata->wmm_acm != 0xff) { 4360 assoc_data->uapsd = true; 4361 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4362 } else { 4363 assoc_data->uapsd = false; 4364 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4365 } 4366 4367 if (req->prev_bssid) 4368 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4369 4370 if (req->use_mfp) { 4371 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4372 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4373 } else { 4374 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4375 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4376 } 4377 4378 if (req->crypto.control_port) 4379 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4380 else 4381 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4382 4383 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4384 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4385 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto, 4386 sdata->vif.type); 4387 4388 /* kick off associate process */ 4389 4390 ifmgd->assoc_data = assoc_data; 4391 ifmgd->dtim_period = 0; 4392 ifmgd->have_beacon = false; 4393 4394 err = ieee80211_prep_connection(sdata, req->bss, true); 4395 if (err) 4396 goto err_clear; 4397 4398 rcu_read_lock(); 4399 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4400 4401 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4402 !beacon_ies) { 4403 /* 4404 * Wait up to one beacon interval ... 4405 * should this be more if we miss one? 4406 */ 4407 sdata_info(sdata, "waiting for beacon from %pM\n", 4408 ifmgd->bssid); 4409 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4410 assoc_data->timeout_started = true; 4411 assoc_data->need_beacon = true; 4412 } else if (beacon_ies) { 4413 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4414 beacon_ies->data, 4415 beacon_ies->len); 4416 u8 dtim_count = 0; 4417 4418 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4419 const struct ieee80211_tim_ie *tim; 4420 tim = (void *)(tim_ie + 2); 4421 ifmgd->dtim_period = tim->dtim_period; 4422 dtim_count = tim->dtim_count; 4423 } 4424 ifmgd->have_beacon = true; 4425 assoc_data->timeout = jiffies; 4426 assoc_data->timeout_started = true; 4427 4428 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4429 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4430 sdata->vif.bss_conf.sync_device_ts = 4431 bss->device_ts_beacon; 4432 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4433 } 4434 } else { 4435 assoc_data->timeout = jiffies; 4436 assoc_data->timeout_started = true; 4437 } 4438 rcu_read_unlock(); 4439 4440 run_again(sdata, assoc_data->timeout); 4441 4442 if (bss->corrupt_data) { 4443 char *corrupt_type = "data"; 4444 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4445 if (bss->corrupt_data & 4446 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4447 corrupt_type = "beacon and probe response"; 4448 else 4449 corrupt_type = "beacon"; 4450 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4451 corrupt_type = "probe response"; 4452 sdata_info(sdata, "associating with AP with corrupt %s\n", 4453 corrupt_type); 4454 } 4455 4456 return 0; 4457 err_clear: 4458 memset(ifmgd->bssid, 0, ETH_ALEN); 4459 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4460 ifmgd->assoc_data = NULL; 4461 err_free: 4462 kfree(assoc_data); 4463 return err; 4464 } 4465 4466 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4467 struct cfg80211_deauth_request *req) 4468 { 4469 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4470 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4471 bool tx = !req->local_state_change; 4472 4473 if (ifmgd->auth_data && 4474 ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) { 4475 sdata_info(sdata, 4476 "aborting authentication with %pM by local choice (Reason: %u=%s)\n", 4477 req->bssid, req->reason_code, 4478 ieee80211_get_reason_code_string(req->reason_code)); 4479 4480 drv_mgd_prepare_tx(sdata->local, sdata); 4481 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4482 IEEE80211_STYPE_DEAUTH, 4483 req->reason_code, tx, 4484 frame_buf); 4485 ieee80211_destroy_auth_data(sdata, false); 4486 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4487 IEEE80211_DEAUTH_FRAME_LEN); 4488 4489 return 0; 4490 } 4491 4492 if (ifmgd->associated && 4493 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4494 sdata_info(sdata, 4495 "deauthenticating from %pM by local choice (Reason: %u=%s)\n", 4496 req->bssid, req->reason_code, 4497 ieee80211_get_reason_code_string(req->reason_code)); 4498 4499 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4500 req->reason_code, tx, frame_buf); 4501 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4502 IEEE80211_DEAUTH_FRAME_LEN); 4503 return 0; 4504 } 4505 4506 return -ENOTCONN; 4507 } 4508 4509 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4510 struct cfg80211_disassoc_request *req) 4511 { 4512 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4513 u8 bssid[ETH_ALEN]; 4514 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4515 4516 /* 4517 * cfg80211 should catch this ... but it's racy since 4518 * we can receive a disassoc frame, process it, hand it 4519 * to cfg80211 while that's in a locked section already 4520 * trying to tell us that the user wants to disconnect. 4521 */ 4522 if (ifmgd->associated != req->bss) 4523 return -ENOLINK; 4524 4525 sdata_info(sdata, 4526 "disassociating from %pM by local choice (Reason: %u=%s)\n", 4527 req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code)); 4528 4529 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4530 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4531 req->reason_code, !req->local_state_change, 4532 frame_buf); 4533 4534 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4535 IEEE80211_DEAUTH_FRAME_LEN); 4536 4537 return 0; 4538 } 4539 4540 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4541 { 4542 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4543 4544 /* 4545 * Make sure some work items will not run after this, 4546 * they will not do anything but might not have been 4547 * cancelled when disconnecting. 4548 */ 4549 cancel_work_sync(&ifmgd->monitor_work); 4550 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4551 cancel_work_sync(&ifmgd->request_smps_work); 4552 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4553 cancel_work_sync(&ifmgd->chswitch_work); 4554 4555 sdata_lock(sdata); 4556 if (ifmgd->assoc_data) { 4557 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 4558 ieee80211_destroy_assoc_data(sdata, false); 4559 cfg80211_assoc_timeout(sdata->dev, bss); 4560 } 4561 if (ifmgd->auth_data) 4562 ieee80211_destroy_auth_data(sdata, false); 4563 del_timer_sync(&ifmgd->timer); 4564 sdata_unlock(sdata); 4565 } 4566 4567 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 4568 enum nl80211_cqm_rssi_threshold_event rssi_event, 4569 gfp_t gfp) 4570 { 4571 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4572 4573 trace_api_cqm_rssi_notify(sdata, rssi_event); 4574 4575 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4576 } 4577 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4578