1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Scanning implementation 4 * 5 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> 6 * Copyright 2004, Instant802 Networks, Inc. 7 * Copyright 2005, Devicescape Software, Inc. 8 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 9 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 10 * Copyright 2013-2015 Intel Mobile Communications GmbH 11 * Copyright 2016-2017 Intel Deutschland GmbH 12 * Copyright (C) 2018-2019 Intel Corporation 13 */ 14 15 #include <linux/if_arp.h> 16 #include <linux/etherdevice.h> 17 #include <linux/rtnetlink.h> 18 #include <net/sch_generic.h> 19 #include <linux/slab.h> 20 #include <linux/export.h> 21 #include <linux/random.h> 22 #include <net/mac80211.h> 23 24 #include "ieee80211_i.h" 25 #include "driver-ops.h" 26 #include "mesh.h" 27 28 #define IEEE80211_PROBE_DELAY (HZ / 33) 29 #define IEEE80211_CHANNEL_TIME (HZ / 33) 30 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 9) 31 32 void ieee80211_rx_bss_put(struct ieee80211_local *local, 33 struct ieee80211_bss *bss) 34 { 35 if (!bss) 36 return; 37 cfg80211_put_bss(local->hw.wiphy, 38 container_of((void *)bss, struct cfg80211_bss, priv)); 39 } 40 41 static bool is_uapsd_supported(struct ieee802_11_elems *elems) 42 { 43 u8 qos_info; 44 45 if (elems->wmm_info && elems->wmm_info_len == 7 46 && elems->wmm_info[5] == 1) 47 qos_info = elems->wmm_info[6]; 48 else if (elems->wmm_param && elems->wmm_param_len == 24 49 && elems->wmm_param[5] == 1) 50 qos_info = elems->wmm_param[6]; 51 else 52 /* no valid wmm information or parameter element found */ 53 return false; 54 55 return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD; 56 } 57 58 static void 59 ieee80211_update_bss_from_elems(struct ieee80211_local *local, 60 struct ieee80211_bss *bss, 61 struct ieee802_11_elems *elems, 62 struct ieee80211_rx_status *rx_status, 63 bool beacon) 64 { 65 int clen, srlen; 66 67 if (beacon) 68 bss->device_ts_beacon = rx_status->device_timestamp; 69 else 70 bss->device_ts_presp = rx_status->device_timestamp; 71 72 if (elems->parse_error) { 73 if (beacon) 74 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON; 75 else 76 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_PROBE_RESP; 77 } else { 78 if (beacon) 79 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_BEACON; 80 else 81 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_PROBE_RESP; 82 } 83 84 /* save the ERP value so that it is available at association time */ 85 if (elems->erp_info && (!elems->parse_error || 86 !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) { 87 bss->erp_value = elems->erp_info[0]; 88 bss->has_erp_value = true; 89 if (!elems->parse_error) 90 bss->valid_data |= IEEE80211_BSS_VALID_ERP; 91 } 92 93 /* replace old supported rates if we get new values */ 94 if (!elems->parse_error || 95 !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) { 96 srlen = 0; 97 if (elems->supp_rates) { 98 clen = IEEE80211_MAX_SUPP_RATES; 99 if (clen > elems->supp_rates_len) 100 clen = elems->supp_rates_len; 101 memcpy(bss->supp_rates, elems->supp_rates, clen); 102 srlen += clen; 103 } 104 if (elems->ext_supp_rates) { 105 clen = IEEE80211_MAX_SUPP_RATES - srlen; 106 if (clen > elems->ext_supp_rates_len) 107 clen = elems->ext_supp_rates_len; 108 memcpy(bss->supp_rates + srlen, elems->ext_supp_rates, 109 clen); 110 srlen += clen; 111 } 112 if (srlen) { 113 bss->supp_rates_len = srlen; 114 if (!elems->parse_error) 115 bss->valid_data |= IEEE80211_BSS_VALID_RATES; 116 } 117 } 118 119 if (!elems->parse_error || 120 !(bss->valid_data & IEEE80211_BSS_VALID_WMM)) { 121 bss->wmm_used = elems->wmm_param || elems->wmm_info; 122 bss->uapsd_supported = is_uapsd_supported(elems); 123 if (!elems->parse_error) 124 bss->valid_data |= IEEE80211_BSS_VALID_WMM; 125 } 126 127 if (beacon) { 128 struct ieee80211_supported_band *sband = 129 local->hw.wiphy->bands[rx_status->band]; 130 if (!(rx_status->encoding == RX_ENC_HT) && 131 !(rx_status->encoding == RX_ENC_VHT)) 132 bss->beacon_rate = 133 &sband->bitrates[rx_status->rate_idx]; 134 } 135 136 if (elems->vht_cap_elem) 137 bss->vht_cap_info = 138 le32_to_cpu(elems->vht_cap_elem->vht_cap_info); 139 else 140 bss->vht_cap_info = 0; 141 } 142 143 struct ieee80211_bss * 144 ieee80211_bss_info_update(struct ieee80211_local *local, 145 struct ieee80211_rx_status *rx_status, 146 struct ieee80211_mgmt *mgmt, size_t len, 147 struct ieee80211_channel *channel) 148 { 149 bool beacon = ieee80211_is_beacon(mgmt->frame_control); 150 struct cfg80211_bss *cbss, *non_tx_cbss; 151 struct ieee80211_bss *bss, *non_tx_bss; 152 struct cfg80211_inform_bss bss_meta = { 153 .boottime_ns = rx_status->boottime_ns, 154 }; 155 bool signal_valid; 156 struct ieee80211_sub_if_data *scan_sdata; 157 struct ieee802_11_elems elems; 158 size_t baselen; 159 u8 *elements; 160 161 if (rx_status->flag & RX_FLAG_NO_SIGNAL_VAL) 162 bss_meta.signal = 0; /* invalid signal indication */ 163 else if (ieee80211_hw_check(&local->hw, SIGNAL_DBM)) 164 bss_meta.signal = rx_status->signal * 100; 165 else if (ieee80211_hw_check(&local->hw, SIGNAL_UNSPEC)) 166 bss_meta.signal = (rx_status->signal * 100) / local->hw.max_signal; 167 168 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_20; 169 if (rx_status->bw == RATE_INFO_BW_5) 170 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_5; 171 else if (rx_status->bw == RATE_INFO_BW_10) 172 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_10; 173 174 bss_meta.chan = channel; 175 176 rcu_read_lock(); 177 scan_sdata = rcu_dereference(local->scan_sdata); 178 if (scan_sdata && scan_sdata->vif.type == NL80211_IFTYPE_STATION && 179 scan_sdata->vif.bss_conf.assoc && 180 ieee80211_have_rx_timestamp(rx_status)) { 181 bss_meta.parent_tsf = 182 ieee80211_calculate_rx_timestamp(local, rx_status, 183 len + FCS_LEN, 24); 184 ether_addr_copy(bss_meta.parent_bssid, 185 scan_sdata->vif.bss_conf.bssid); 186 } 187 rcu_read_unlock(); 188 189 cbss = cfg80211_inform_bss_frame_data(local->hw.wiphy, &bss_meta, 190 mgmt, len, GFP_ATOMIC); 191 if (!cbss) 192 return NULL; 193 194 if (ieee80211_is_probe_resp(mgmt->frame_control)) { 195 elements = mgmt->u.probe_resp.variable; 196 baselen = offsetof(struct ieee80211_mgmt, 197 u.probe_resp.variable); 198 } else { 199 baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable); 200 elements = mgmt->u.beacon.variable; 201 } 202 203 if (baselen > len) 204 return NULL; 205 206 ieee802_11_parse_elems(elements, len - baselen, false, &elems, 207 mgmt->bssid, cbss->bssid); 208 209 /* In case the signal is invalid update the status */ 210 signal_valid = channel == cbss->channel; 211 if (!signal_valid) 212 rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL; 213 214 bss = (void *)cbss->priv; 215 ieee80211_update_bss_from_elems(local, bss, &elems, rx_status, beacon); 216 217 list_for_each_entry(non_tx_cbss, &cbss->nontrans_list, nontrans_list) { 218 non_tx_bss = (void *)non_tx_cbss->priv; 219 220 ieee80211_update_bss_from_elems(local, non_tx_bss, &elems, 221 rx_status, beacon); 222 } 223 224 return bss; 225 } 226 227 static bool ieee80211_scan_accept_presp(struct ieee80211_sub_if_data *sdata, 228 u32 scan_flags, const u8 *da) 229 { 230 if (!sdata) 231 return false; 232 /* accept broadcast for OCE */ 233 if (scan_flags & NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP && 234 is_broadcast_ether_addr(da)) 235 return true; 236 if (scan_flags & NL80211_SCAN_FLAG_RANDOM_ADDR) 237 return true; 238 return ether_addr_equal(da, sdata->vif.addr); 239 } 240 241 void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb) 242 { 243 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 244 struct ieee80211_sub_if_data *sdata1, *sdata2; 245 struct ieee80211_mgmt *mgmt = (void *)skb->data; 246 struct ieee80211_bss *bss; 247 struct ieee80211_channel *channel; 248 249 if (skb->len < 24 || 250 (!ieee80211_is_probe_resp(mgmt->frame_control) && 251 !ieee80211_is_beacon(mgmt->frame_control))) 252 return; 253 254 sdata1 = rcu_dereference(local->scan_sdata); 255 sdata2 = rcu_dereference(local->sched_scan_sdata); 256 257 if (likely(!sdata1 && !sdata2)) 258 return; 259 260 if (ieee80211_is_probe_resp(mgmt->frame_control)) { 261 struct cfg80211_scan_request *scan_req; 262 struct cfg80211_sched_scan_request *sched_scan_req; 263 u32 scan_req_flags = 0, sched_scan_req_flags = 0; 264 265 scan_req = rcu_dereference(local->scan_req); 266 sched_scan_req = rcu_dereference(local->sched_scan_req); 267 268 if (scan_req) 269 scan_req_flags = scan_req->flags; 270 271 if (sched_scan_req) 272 sched_scan_req_flags = sched_scan_req->flags; 273 274 /* ignore ProbeResp to foreign address or non-bcast (OCE) 275 * unless scanning with randomised address 276 */ 277 if (!ieee80211_scan_accept_presp(sdata1, scan_req_flags, 278 mgmt->da) && 279 !ieee80211_scan_accept_presp(sdata2, sched_scan_req_flags, 280 mgmt->da)) 281 return; 282 } 283 284 channel = ieee80211_get_channel_khz(local->hw.wiphy, 285 ieee80211_rx_status_to_khz(rx_status)); 286 287 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 288 return; 289 290 bss = ieee80211_bss_info_update(local, rx_status, 291 mgmt, skb->len, 292 channel); 293 if (bss) 294 ieee80211_rx_bss_put(local, bss); 295 } 296 297 static void 298 ieee80211_prepare_scan_chandef(struct cfg80211_chan_def *chandef, 299 enum nl80211_bss_scan_width scan_width) 300 { 301 memset(chandef, 0, sizeof(*chandef)); 302 switch (scan_width) { 303 case NL80211_BSS_CHAN_WIDTH_5: 304 chandef->width = NL80211_CHAN_WIDTH_5; 305 break; 306 case NL80211_BSS_CHAN_WIDTH_10: 307 chandef->width = NL80211_CHAN_WIDTH_10; 308 break; 309 default: 310 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 311 break; 312 } 313 } 314 315 /* return false if no more work */ 316 static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata) 317 { 318 struct ieee80211_local *local = sdata->local; 319 struct cfg80211_scan_request *req; 320 struct cfg80211_chan_def chandef; 321 u8 bands_used = 0; 322 int i, ielen, n_chans; 323 u32 flags = 0; 324 325 req = rcu_dereference_protected(local->scan_req, 326 lockdep_is_held(&local->mtx)); 327 328 if (test_bit(SCAN_HW_CANCELLED, &local->scanning)) 329 return false; 330 331 if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { 332 for (i = 0; i < req->n_channels; i++) { 333 local->hw_scan_req->req.channels[i] = req->channels[i]; 334 bands_used |= BIT(req->channels[i]->band); 335 } 336 337 n_chans = req->n_channels; 338 } else { 339 do { 340 if (local->hw_scan_band == NUM_NL80211_BANDS) 341 return false; 342 343 n_chans = 0; 344 345 for (i = 0; i < req->n_channels; i++) { 346 if (req->channels[i]->band != 347 local->hw_scan_band) 348 continue; 349 local->hw_scan_req->req.channels[n_chans] = 350 req->channels[i]; 351 n_chans++; 352 bands_used |= BIT(req->channels[i]->band); 353 } 354 355 local->hw_scan_band++; 356 } while (!n_chans); 357 } 358 359 local->hw_scan_req->req.n_channels = n_chans; 360 ieee80211_prepare_scan_chandef(&chandef, req->scan_width); 361 362 if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) 363 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; 364 365 ielen = ieee80211_build_preq_ies(sdata, 366 (u8 *)local->hw_scan_req->req.ie, 367 local->hw_scan_ies_bufsize, 368 &local->hw_scan_req->ies, 369 req->ie, req->ie_len, 370 bands_used, req->rates, &chandef, 371 flags); 372 local->hw_scan_req->req.ie_len = ielen; 373 local->hw_scan_req->req.no_cck = req->no_cck; 374 ether_addr_copy(local->hw_scan_req->req.mac_addr, req->mac_addr); 375 ether_addr_copy(local->hw_scan_req->req.mac_addr_mask, 376 req->mac_addr_mask); 377 ether_addr_copy(local->hw_scan_req->req.bssid, req->bssid); 378 379 return true; 380 } 381 382 static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) 383 { 384 struct ieee80211_local *local = hw_to_local(hw); 385 bool hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning); 386 bool was_scanning = local->scanning; 387 struct cfg80211_scan_request *scan_req; 388 struct ieee80211_sub_if_data *scan_sdata; 389 struct ieee80211_sub_if_data *sdata; 390 391 lockdep_assert_held(&local->mtx); 392 393 /* 394 * It's ok to abort a not-yet-running scan (that 395 * we have one at all will be verified by checking 396 * local->scan_req next), but not to complete it 397 * successfully. 398 */ 399 if (WARN_ON(!local->scanning && !aborted)) 400 aborted = true; 401 402 if (WARN_ON(!local->scan_req)) 403 return; 404 405 scan_sdata = rcu_dereference_protected(local->scan_sdata, 406 lockdep_is_held(&local->mtx)); 407 408 if (hw_scan && !aborted && 409 !ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS) && 410 ieee80211_prep_hw_scan(scan_sdata)) { 411 int rc; 412 413 rc = drv_hw_scan(local, 414 rcu_dereference_protected(local->scan_sdata, 415 lockdep_is_held(&local->mtx)), 416 local->hw_scan_req); 417 418 if (rc == 0) 419 return; 420 421 /* HW scan failed and is going to be reported as aborted, 422 * so clear old scan info. 423 */ 424 memset(&local->scan_info, 0, sizeof(local->scan_info)); 425 aborted = true; 426 } 427 428 kfree(local->hw_scan_req); 429 local->hw_scan_req = NULL; 430 431 scan_req = rcu_dereference_protected(local->scan_req, 432 lockdep_is_held(&local->mtx)); 433 434 if (scan_req != local->int_scan_req) { 435 local->scan_info.aborted = aborted; 436 cfg80211_scan_done(scan_req, &local->scan_info); 437 } 438 RCU_INIT_POINTER(local->scan_req, NULL); 439 RCU_INIT_POINTER(local->scan_sdata, NULL); 440 441 local->scanning = 0; 442 local->scan_chandef.chan = NULL; 443 444 /* Set power back to normal operating levels. */ 445 ieee80211_hw_config(local, 0); 446 447 if (!hw_scan) { 448 ieee80211_configure_filter(local); 449 drv_sw_scan_complete(local, scan_sdata); 450 ieee80211_offchannel_return(local); 451 } 452 453 ieee80211_recalc_idle(local); 454 455 ieee80211_mlme_notify_scan_completed(local); 456 ieee80211_ibss_notify_scan_completed(local); 457 458 /* Requeue all the work that might have been ignored while 459 * the scan was in progress; if there was none this will 460 * just be a no-op for the particular interface. 461 */ 462 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 463 if (ieee80211_sdata_running(sdata)) 464 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 465 } 466 467 if (was_scanning) 468 ieee80211_start_next_roc(local); 469 } 470 471 void ieee80211_scan_completed(struct ieee80211_hw *hw, 472 struct cfg80211_scan_info *info) 473 { 474 struct ieee80211_local *local = hw_to_local(hw); 475 476 trace_api_scan_completed(local, info->aborted); 477 478 set_bit(SCAN_COMPLETED, &local->scanning); 479 if (info->aborted) 480 set_bit(SCAN_ABORTED, &local->scanning); 481 482 memcpy(&local->scan_info, info, sizeof(*info)); 483 484 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0); 485 } 486 EXPORT_SYMBOL(ieee80211_scan_completed); 487 488 static int ieee80211_start_sw_scan(struct ieee80211_local *local, 489 struct ieee80211_sub_if_data *sdata) 490 { 491 /* Software scan is not supported in multi-channel cases */ 492 if (local->use_chanctx) 493 return -EOPNOTSUPP; 494 495 /* 496 * Hardware/driver doesn't support hw_scan, so use software 497 * scanning instead. First send a nullfunc frame with power save 498 * bit on so that AP will buffer the frames for us while we are not 499 * listening, then send probe requests to each channel and wait for 500 * the responses. After all channels are scanned, tune back to the 501 * original channel and send a nullfunc frame with power save bit 502 * off to trigger the AP to send us all the buffered frames. 503 * 504 * Note that while local->sw_scanning is true everything else but 505 * nullfunc frames and probe requests will be dropped in 506 * ieee80211_tx_h_check_assoc(). 507 */ 508 drv_sw_scan_start(local, sdata, local->scan_addr); 509 510 local->leave_oper_channel_time = jiffies; 511 local->next_scan_state = SCAN_DECISION; 512 local->scan_channel_idx = 0; 513 514 ieee80211_offchannel_stop_vifs(local); 515 516 /* ensure nullfunc is transmitted before leaving operating channel */ 517 ieee80211_flush_queues(local, NULL, false); 518 519 ieee80211_configure_filter(local); 520 521 /* We need to set power level at maximum rate for scanning. */ 522 ieee80211_hw_config(local, 0); 523 524 ieee80211_queue_delayed_work(&local->hw, 525 &local->scan_work, 0); 526 527 return 0; 528 } 529 530 static bool __ieee80211_can_leave_ch(struct ieee80211_sub_if_data *sdata) 531 { 532 struct ieee80211_local *local = sdata->local; 533 struct ieee80211_sub_if_data *sdata_iter; 534 535 if (!ieee80211_is_radar_required(local)) 536 return true; 537 538 if (!regulatory_pre_cac_allowed(local->hw.wiphy)) 539 return false; 540 541 mutex_lock(&local->iflist_mtx); 542 list_for_each_entry(sdata_iter, &local->interfaces, list) { 543 if (sdata_iter->wdev.cac_started) { 544 mutex_unlock(&local->iflist_mtx); 545 return false; 546 } 547 } 548 mutex_unlock(&local->iflist_mtx); 549 550 return true; 551 } 552 553 static bool ieee80211_can_scan(struct ieee80211_local *local, 554 struct ieee80211_sub_if_data *sdata) 555 { 556 if (!__ieee80211_can_leave_ch(sdata)) 557 return false; 558 559 if (!list_empty(&local->roc_list)) 560 return false; 561 562 if (sdata->vif.type == NL80211_IFTYPE_STATION && 563 sdata->u.mgd.flags & IEEE80211_STA_CONNECTION_POLL) 564 return false; 565 566 return true; 567 } 568 569 void ieee80211_run_deferred_scan(struct ieee80211_local *local) 570 { 571 lockdep_assert_held(&local->mtx); 572 573 if (!local->scan_req || local->scanning) 574 return; 575 576 if (!ieee80211_can_scan(local, 577 rcu_dereference_protected( 578 local->scan_sdata, 579 lockdep_is_held(&local->mtx)))) 580 return; 581 582 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 583 round_jiffies_relative(0)); 584 } 585 586 static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata, 587 const u8 *src, const u8 *dst, 588 const u8 *ssid, size_t ssid_len, 589 const u8 *ie, size_t ie_len, 590 u32 ratemask, u32 flags, u32 tx_flags, 591 struct ieee80211_channel *channel) 592 { 593 struct sk_buff *skb; 594 u32 txdata_flags = 0; 595 596 skb = ieee80211_build_probe_req(sdata, src, dst, ratemask, channel, 597 ssid, ssid_len, 598 ie, ie_len, flags); 599 600 if (skb) { 601 if (flags & IEEE80211_PROBE_FLAG_RANDOM_SN) { 602 struct ieee80211_hdr *hdr = (void *)skb->data; 603 u16 sn = get_random_u32(); 604 605 txdata_flags |= IEEE80211_TX_NO_SEQNO; 606 hdr->seq_ctrl = 607 cpu_to_le16(IEEE80211_SN_TO_SEQ(sn)); 608 } 609 IEEE80211_SKB_CB(skb)->flags |= tx_flags; 610 ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band, 611 txdata_flags); 612 } 613 } 614 615 static void ieee80211_scan_state_send_probe(struct ieee80211_local *local, 616 unsigned long *next_delay) 617 { 618 int i; 619 struct ieee80211_sub_if_data *sdata; 620 struct cfg80211_scan_request *scan_req; 621 enum nl80211_band band = local->hw.conf.chandef.chan->band; 622 u32 flags = 0, tx_flags; 623 624 scan_req = rcu_dereference_protected(local->scan_req, 625 lockdep_is_held(&local->mtx)); 626 627 tx_flags = IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 628 if (scan_req->no_cck) 629 tx_flags |= IEEE80211_TX_CTL_NO_CCK_RATE; 630 if (scan_req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) 631 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; 632 if (scan_req->flags & NL80211_SCAN_FLAG_RANDOM_SN) 633 flags |= IEEE80211_PROBE_FLAG_RANDOM_SN; 634 635 sdata = rcu_dereference_protected(local->scan_sdata, 636 lockdep_is_held(&local->mtx)); 637 638 for (i = 0; i < scan_req->n_ssids; i++) 639 ieee80211_send_scan_probe_req( 640 sdata, local->scan_addr, scan_req->bssid, 641 scan_req->ssids[i].ssid, scan_req->ssids[i].ssid_len, 642 scan_req->ie, scan_req->ie_len, 643 scan_req->rates[band], flags, 644 tx_flags, local->hw.conf.chandef.chan); 645 646 /* 647 * After sending probe requests, wait for probe responses 648 * on the channel. 649 */ 650 *next_delay = IEEE80211_CHANNEL_TIME; 651 local->next_scan_state = SCAN_DECISION; 652 } 653 654 static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata, 655 struct cfg80211_scan_request *req) 656 { 657 struct ieee80211_local *local = sdata->local; 658 bool hw_scan = local->ops->hw_scan; 659 int rc; 660 661 lockdep_assert_held(&local->mtx); 662 663 if (local->scan_req) 664 return -EBUSY; 665 666 if (!__ieee80211_can_leave_ch(sdata)) 667 return -EBUSY; 668 669 if (!ieee80211_can_scan(local, sdata)) { 670 /* wait for the work to finish/time out */ 671 rcu_assign_pointer(local->scan_req, req); 672 rcu_assign_pointer(local->scan_sdata, sdata); 673 return 0; 674 } 675 676 again: 677 if (hw_scan) { 678 u8 *ies; 679 680 local->hw_scan_ies_bufsize = local->scan_ies_len + req->ie_len; 681 682 if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { 683 int i, n_bands = 0; 684 u8 bands_counted = 0; 685 686 for (i = 0; i < req->n_channels; i++) { 687 if (bands_counted & BIT(req->channels[i]->band)) 688 continue; 689 bands_counted |= BIT(req->channels[i]->band); 690 n_bands++; 691 } 692 693 local->hw_scan_ies_bufsize *= n_bands; 694 } 695 696 local->hw_scan_req = kmalloc( 697 sizeof(*local->hw_scan_req) + 698 req->n_channels * sizeof(req->channels[0]) + 699 local->hw_scan_ies_bufsize, GFP_KERNEL); 700 if (!local->hw_scan_req) 701 return -ENOMEM; 702 703 local->hw_scan_req->req.ssids = req->ssids; 704 local->hw_scan_req->req.n_ssids = req->n_ssids; 705 ies = (u8 *)local->hw_scan_req + 706 sizeof(*local->hw_scan_req) + 707 req->n_channels * sizeof(req->channels[0]); 708 local->hw_scan_req->req.ie = ies; 709 local->hw_scan_req->req.flags = req->flags; 710 eth_broadcast_addr(local->hw_scan_req->req.bssid); 711 local->hw_scan_req->req.duration = req->duration; 712 local->hw_scan_req->req.duration_mandatory = 713 req->duration_mandatory; 714 715 local->hw_scan_band = 0; 716 717 /* 718 * After allocating local->hw_scan_req, we must 719 * go through until ieee80211_prep_hw_scan(), so 720 * anything that might be changed here and leave 721 * this function early must not go after this 722 * allocation. 723 */ 724 } 725 726 rcu_assign_pointer(local->scan_req, req); 727 rcu_assign_pointer(local->scan_sdata, sdata); 728 729 if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) 730 get_random_mask_addr(local->scan_addr, 731 req->mac_addr, 732 req->mac_addr_mask); 733 else 734 memcpy(local->scan_addr, sdata->vif.addr, ETH_ALEN); 735 736 if (hw_scan) { 737 __set_bit(SCAN_HW_SCANNING, &local->scanning); 738 } else if ((req->n_channels == 1) && 739 (req->channels[0] == local->_oper_chandef.chan)) { 740 /* 741 * If we are scanning only on the operating channel 742 * then we do not need to stop normal activities 743 */ 744 unsigned long next_delay; 745 746 __set_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning); 747 748 ieee80211_recalc_idle(local); 749 750 /* Notify driver scan is starting, keep order of operations 751 * same as normal software scan, in case that matters. */ 752 drv_sw_scan_start(local, sdata, local->scan_addr); 753 754 ieee80211_configure_filter(local); /* accept probe-responses */ 755 756 /* We need to ensure power level is at max for scanning. */ 757 ieee80211_hw_config(local, 0); 758 759 if ((req->channels[0]->flags & (IEEE80211_CHAN_NO_IR | 760 IEEE80211_CHAN_RADAR)) || 761 !req->n_ssids) { 762 next_delay = IEEE80211_PASSIVE_CHANNEL_TIME; 763 } else { 764 ieee80211_scan_state_send_probe(local, &next_delay); 765 next_delay = IEEE80211_CHANNEL_TIME; 766 } 767 768 /* Now, just wait a bit and we are all done! */ 769 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 770 next_delay); 771 return 0; 772 } else { 773 /* Do normal software scan */ 774 __set_bit(SCAN_SW_SCANNING, &local->scanning); 775 } 776 777 ieee80211_recalc_idle(local); 778 779 if (hw_scan) { 780 WARN_ON(!ieee80211_prep_hw_scan(sdata)); 781 rc = drv_hw_scan(local, sdata, local->hw_scan_req); 782 } else { 783 rc = ieee80211_start_sw_scan(local, sdata); 784 } 785 786 if (rc) { 787 kfree(local->hw_scan_req); 788 local->hw_scan_req = NULL; 789 local->scanning = 0; 790 791 ieee80211_recalc_idle(local); 792 793 local->scan_req = NULL; 794 RCU_INIT_POINTER(local->scan_sdata, NULL); 795 } 796 797 if (hw_scan && rc == 1) { 798 /* 799 * we can't fall back to software for P2P-GO 800 * as it must update NoA etc. 801 */ 802 if (ieee80211_vif_type_p2p(&sdata->vif) == 803 NL80211_IFTYPE_P2P_GO) 804 return -EOPNOTSUPP; 805 hw_scan = false; 806 goto again; 807 } 808 809 return rc; 810 } 811 812 static unsigned long 813 ieee80211_scan_get_channel_time(struct ieee80211_channel *chan) 814 { 815 /* 816 * TODO: channel switching also consumes quite some time, 817 * add that delay as well to get a better estimation 818 */ 819 if (chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) 820 return IEEE80211_PASSIVE_CHANNEL_TIME; 821 return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME; 822 } 823 824 static void ieee80211_scan_state_decision(struct ieee80211_local *local, 825 unsigned long *next_delay) 826 { 827 bool associated = false; 828 bool tx_empty = true; 829 bool bad_latency; 830 struct ieee80211_sub_if_data *sdata; 831 struct ieee80211_channel *next_chan; 832 enum mac80211_scan_state next_scan_state; 833 struct cfg80211_scan_request *scan_req; 834 835 /* 836 * check if at least one STA interface is associated, 837 * check if at least one STA interface has pending tx frames 838 * and grab the lowest used beacon interval 839 */ 840 mutex_lock(&local->iflist_mtx); 841 list_for_each_entry(sdata, &local->interfaces, list) { 842 if (!ieee80211_sdata_running(sdata)) 843 continue; 844 845 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 846 if (sdata->u.mgd.associated) { 847 associated = true; 848 849 if (!qdisc_all_tx_empty(sdata->dev)) { 850 tx_empty = false; 851 break; 852 } 853 } 854 } 855 } 856 mutex_unlock(&local->iflist_mtx); 857 858 scan_req = rcu_dereference_protected(local->scan_req, 859 lockdep_is_held(&local->mtx)); 860 861 next_chan = scan_req->channels[local->scan_channel_idx]; 862 863 /* 864 * we're currently scanning a different channel, let's 865 * see if we can scan another channel without interfering 866 * with the current traffic situation. 867 * 868 * Keep good latency, do not stay off-channel more than 125 ms. 869 */ 870 871 bad_latency = time_after(jiffies + 872 ieee80211_scan_get_channel_time(next_chan), 873 local->leave_oper_channel_time + HZ / 8); 874 875 if (associated && !tx_empty) { 876 if (scan_req->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) 877 next_scan_state = SCAN_ABORT; 878 else 879 next_scan_state = SCAN_SUSPEND; 880 } else if (associated && bad_latency) { 881 next_scan_state = SCAN_SUSPEND; 882 } else { 883 next_scan_state = SCAN_SET_CHANNEL; 884 } 885 886 local->next_scan_state = next_scan_state; 887 888 *next_delay = 0; 889 } 890 891 static void ieee80211_scan_state_set_channel(struct ieee80211_local *local, 892 unsigned long *next_delay) 893 { 894 int skip; 895 struct ieee80211_channel *chan; 896 enum nl80211_bss_scan_width oper_scan_width; 897 struct cfg80211_scan_request *scan_req; 898 899 scan_req = rcu_dereference_protected(local->scan_req, 900 lockdep_is_held(&local->mtx)); 901 902 skip = 0; 903 chan = scan_req->channels[local->scan_channel_idx]; 904 905 local->scan_chandef.chan = chan; 906 local->scan_chandef.center_freq1 = chan->center_freq; 907 local->scan_chandef.freq1_offset = chan->freq_offset; 908 local->scan_chandef.center_freq2 = 0; 909 switch (scan_req->scan_width) { 910 case NL80211_BSS_CHAN_WIDTH_5: 911 local->scan_chandef.width = NL80211_CHAN_WIDTH_5; 912 break; 913 case NL80211_BSS_CHAN_WIDTH_10: 914 local->scan_chandef.width = NL80211_CHAN_WIDTH_10; 915 break; 916 case NL80211_BSS_CHAN_WIDTH_20: 917 /* If scanning on oper channel, use whatever channel-type 918 * is currently in use. 919 */ 920 oper_scan_width = cfg80211_chandef_to_scan_width( 921 &local->_oper_chandef); 922 if (chan == local->_oper_chandef.chan && 923 oper_scan_width == scan_req->scan_width) 924 local->scan_chandef = local->_oper_chandef; 925 else 926 local->scan_chandef.width = NL80211_CHAN_WIDTH_20_NOHT; 927 break; 928 } 929 930 if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL)) 931 skip = 1; 932 933 /* advance state machine to next channel/band */ 934 local->scan_channel_idx++; 935 936 if (skip) { 937 /* if we skip this channel return to the decision state */ 938 local->next_scan_state = SCAN_DECISION; 939 return; 940 } 941 942 /* 943 * Probe delay is used to update the NAV, cf. 11.1.3.2.2 944 * (which unfortunately doesn't say _why_ step a) is done, 945 * but it waits for the probe delay or until a frame is 946 * received - and the received frame would update the NAV). 947 * For now, we do not support waiting until a frame is 948 * received. 949 * 950 * In any case, it is not necessary for a passive scan. 951 */ 952 if ((chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) || 953 !scan_req->n_ssids) { 954 *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME; 955 local->next_scan_state = SCAN_DECISION; 956 return; 957 } 958 959 /* active scan, send probes */ 960 *next_delay = IEEE80211_PROBE_DELAY; 961 local->next_scan_state = SCAN_SEND_PROBE; 962 } 963 964 static void ieee80211_scan_state_suspend(struct ieee80211_local *local, 965 unsigned long *next_delay) 966 { 967 /* switch back to the operating channel */ 968 local->scan_chandef.chan = NULL; 969 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 970 971 /* disable PS */ 972 ieee80211_offchannel_return(local); 973 974 *next_delay = HZ / 5; 975 /* afterwards, resume scan & go to next channel */ 976 local->next_scan_state = SCAN_RESUME; 977 } 978 979 static void ieee80211_scan_state_resume(struct ieee80211_local *local, 980 unsigned long *next_delay) 981 { 982 ieee80211_offchannel_stop_vifs(local); 983 984 if (local->ops->flush) { 985 ieee80211_flush_queues(local, NULL, false); 986 *next_delay = 0; 987 } else 988 *next_delay = HZ / 10; 989 990 /* remember when we left the operating channel */ 991 local->leave_oper_channel_time = jiffies; 992 993 /* advance to the next channel to be scanned */ 994 local->next_scan_state = SCAN_SET_CHANNEL; 995 } 996 997 void ieee80211_scan_work(struct work_struct *work) 998 { 999 struct ieee80211_local *local = 1000 container_of(work, struct ieee80211_local, scan_work.work); 1001 struct ieee80211_sub_if_data *sdata; 1002 struct cfg80211_scan_request *scan_req; 1003 unsigned long next_delay = 0; 1004 bool aborted; 1005 1006 mutex_lock(&local->mtx); 1007 1008 if (!ieee80211_can_run_worker(local)) { 1009 aborted = true; 1010 goto out_complete; 1011 } 1012 1013 sdata = rcu_dereference_protected(local->scan_sdata, 1014 lockdep_is_held(&local->mtx)); 1015 scan_req = rcu_dereference_protected(local->scan_req, 1016 lockdep_is_held(&local->mtx)); 1017 1018 /* When scanning on-channel, the first-callback means completed. */ 1019 if (test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning)) { 1020 aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning); 1021 goto out_complete; 1022 } 1023 1024 if (test_and_clear_bit(SCAN_COMPLETED, &local->scanning)) { 1025 aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning); 1026 goto out_complete; 1027 } 1028 1029 if (!sdata || !scan_req) 1030 goto out; 1031 1032 if (!local->scanning) { 1033 int rc; 1034 1035 RCU_INIT_POINTER(local->scan_req, NULL); 1036 RCU_INIT_POINTER(local->scan_sdata, NULL); 1037 1038 rc = __ieee80211_start_scan(sdata, scan_req); 1039 if (rc) { 1040 /* need to complete scan in cfg80211 */ 1041 rcu_assign_pointer(local->scan_req, scan_req); 1042 aborted = true; 1043 goto out_complete; 1044 } else 1045 goto out; 1046 } 1047 1048 /* 1049 * as long as no delay is required advance immediately 1050 * without scheduling a new work 1051 */ 1052 do { 1053 if (!ieee80211_sdata_running(sdata)) { 1054 aborted = true; 1055 goto out_complete; 1056 } 1057 1058 switch (local->next_scan_state) { 1059 case SCAN_DECISION: 1060 /* if no more bands/channels left, complete scan */ 1061 if (local->scan_channel_idx >= scan_req->n_channels) { 1062 aborted = false; 1063 goto out_complete; 1064 } 1065 ieee80211_scan_state_decision(local, &next_delay); 1066 break; 1067 case SCAN_SET_CHANNEL: 1068 ieee80211_scan_state_set_channel(local, &next_delay); 1069 break; 1070 case SCAN_SEND_PROBE: 1071 ieee80211_scan_state_send_probe(local, &next_delay); 1072 break; 1073 case SCAN_SUSPEND: 1074 ieee80211_scan_state_suspend(local, &next_delay); 1075 break; 1076 case SCAN_RESUME: 1077 ieee80211_scan_state_resume(local, &next_delay); 1078 break; 1079 case SCAN_ABORT: 1080 aborted = true; 1081 goto out_complete; 1082 } 1083 } while (next_delay == 0); 1084 1085 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay); 1086 goto out; 1087 1088 out_complete: 1089 __ieee80211_scan_completed(&local->hw, aborted); 1090 out: 1091 mutex_unlock(&local->mtx); 1092 } 1093 1094 int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata, 1095 struct cfg80211_scan_request *req) 1096 { 1097 int res; 1098 1099 mutex_lock(&sdata->local->mtx); 1100 res = __ieee80211_start_scan(sdata, req); 1101 mutex_unlock(&sdata->local->mtx); 1102 1103 return res; 1104 } 1105 1106 int ieee80211_request_ibss_scan(struct ieee80211_sub_if_data *sdata, 1107 const u8 *ssid, u8 ssid_len, 1108 struct ieee80211_channel **channels, 1109 unsigned int n_channels, 1110 enum nl80211_bss_scan_width scan_width) 1111 { 1112 struct ieee80211_local *local = sdata->local; 1113 int ret = -EBUSY, i, n_ch = 0; 1114 enum nl80211_band band; 1115 1116 mutex_lock(&local->mtx); 1117 1118 /* busy scanning */ 1119 if (local->scan_req) 1120 goto unlock; 1121 1122 /* fill internal scan request */ 1123 if (!channels) { 1124 int max_n; 1125 1126 for (band = 0; band < NUM_NL80211_BANDS; band++) { 1127 if (!local->hw.wiphy->bands[band]) 1128 continue; 1129 1130 max_n = local->hw.wiphy->bands[band]->n_channels; 1131 for (i = 0; i < max_n; i++) { 1132 struct ieee80211_channel *tmp_ch = 1133 &local->hw.wiphy->bands[band]->channels[i]; 1134 1135 if (tmp_ch->flags & (IEEE80211_CHAN_NO_IR | 1136 IEEE80211_CHAN_DISABLED)) 1137 continue; 1138 1139 local->int_scan_req->channels[n_ch] = tmp_ch; 1140 n_ch++; 1141 } 1142 } 1143 1144 if (WARN_ON_ONCE(n_ch == 0)) 1145 goto unlock; 1146 1147 local->int_scan_req->n_channels = n_ch; 1148 } else { 1149 for (i = 0; i < n_channels; i++) { 1150 if (channels[i]->flags & (IEEE80211_CHAN_NO_IR | 1151 IEEE80211_CHAN_DISABLED)) 1152 continue; 1153 1154 local->int_scan_req->channels[n_ch] = channels[i]; 1155 n_ch++; 1156 } 1157 1158 if (WARN_ON_ONCE(n_ch == 0)) 1159 goto unlock; 1160 1161 local->int_scan_req->n_channels = n_ch; 1162 } 1163 1164 local->int_scan_req->ssids = &local->scan_ssid; 1165 local->int_scan_req->n_ssids = 1; 1166 local->int_scan_req->scan_width = scan_width; 1167 memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN); 1168 local->int_scan_req->ssids[0].ssid_len = ssid_len; 1169 1170 ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req); 1171 unlock: 1172 mutex_unlock(&local->mtx); 1173 return ret; 1174 } 1175 1176 /* 1177 * Only call this function when a scan can't be queued -- under RTNL. 1178 */ 1179 void ieee80211_scan_cancel(struct ieee80211_local *local) 1180 { 1181 /* 1182 * We are canceling software scan, or deferred scan that was not 1183 * yet really started (see __ieee80211_start_scan ). 1184 * 1185 * Regarding hardware scan: 1186 * - we can not call __ieee80211_scan_completed() as when 1187 * SCAN_HW_SCANNING bit is set this function change 1188 * local->hw_scan_req to operate on 5G band, what race with 1189 * driver which can use local->hw_scan_req 1190 * 1191 * - we can not cancel scan_work since driver can schedule it 1192 * by ieee80211_scan_completed(..., true) to finish scan 1193 * 1194 * Hence we only call the cancel_hw_scan() callback, but the low-level 1195 * driver is still responsible for calling ieee80211_scan_completed() 1196 * after the scan was completed/aborted. 1197 */ 1198 1199 mutex_lock(&local->mtx); 1200 if (!local->scan_req) 1201 goto out; 1202 1203 /* 1204 * We have a scan running and the driver already reported completion, 1205 * but the worker hasn't run yet or is stuck on the mutex - mark it as 1206 * cancelled. 1207 */ 1208 if (test_bit(SCAN_HW_SCANNING, &local->scanning) && 1209 test_bit(SCAN_COMPLETED, &local->scanning)) { 1210 set_bit(SCAN_HW_CANCELLED, &local->scanning); 1211 goto out; 1212 } 1213 1214 if (test_bit(SCAN_HW_SCANNING, &local->scanning)) { 1215 /* 1216 * Make sure that __ieee80211_scan_completed doesn't trigger a 1217 * scan on another band. 1218 */ 1219 set_bit(SCAN_HW_CANCELLED, &local->scanning); 1220 if (local->ops->cancel_hw_scan) 1221 drv_cancel_hw_scan(local, 1222 rcu_dereference_protected(local->scan_sdata, 1223 lockdep_is_held(&local->mtx))); 1224 goto out; 1225 } 1226 1227 /* 1228 * If the work is currently running, it must be blocked on 1229 * the mutex, but we'll set scan_sdata = NULL and it'll 1230 * simply exit once it acquires the mutex. 1231 */ 1232 cancel_delayed_work(&local->scan_work); 1233 /* and clean up */ 1234 memset(&local->scan_info, 0, sizeof(local->scan_info)); 1235 __ieee80211_scan_completed(&local->hw, true); 1236 out: 1237 mutex_unlock(&local->mtx); 1238 } 1239 1240 int __ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata, 1241 struct cfg80211_sched_scan_request *req) 1242 { 1243 struct ieee80211_local *local = sdata->local; 1244 struct ieee80211_scan_ies sched_scan_ies = {}; 1245 struct cfg80211_chan_def chandef; 1246 int ret, i, iebufsz, num_bands = 0; 1247 u32 rate_masks[NUM_NL80211_BANDS] = {}; 1248 u8 bands_used = 0; 1249 u8 *ie; 1250 u32 flags = 0; 1251 1252 iebufsz = local->scan_ies_len + req->ie_len; 1253 1254 lockdep_assert_held(&local->mtx); 1255 1256 if (!local->ops->sched_scan_start) 1257 return -ENOTSUPP; 1258 1259 for (i = 0; i < NUM_NL80211_BANDS; i++) { 1260 if (local->hw.wiphy->bands[i]) { 1261 bands_used |= BIT(i); 1262 rate_masks[i] = (u32) -1; 1263 num_bands++; 1264 } 1265 } 1266 1267 if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) 1268 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; 1269 1270 ie = kcalloc(iebufsz, num_bands, GFP_KERNEL); 1271 if (!ie) { 1272 ret = -ENOMEM; 1273 goto out; 1274 } 1275 1276 ieee80211_prepare_scan_chandef(&chandef, req->scan_width); 1277 1278 ieee80211_build_preq_ies(sdata, ie, num_bands * iebufsz, 1279 &sched_scan_ies, req->ie, 1280 req->ie_len, bands_used, rate_masks, &chandef, 1281 flags); 1282 1283 ret = drv_sched_scan_start(local, sdata, req, &sched_scan_ies); 1284 if (ret == 0) { 1285 rcu_assign_pointer(local->sched_scan_sdata, sdata); 1286 rcu_assign_pointer(local->sched_scan_req, req); 1287 } 1288 1289 kfree(ie); 1290 1291 out: 1292 if (ret) { 1293 /* Clean in case of failure after HW restart or upon resume. */ 1294 RCU_INIT_POINTER(local->sched_scan_sdata, NULL); 1295 RCU_INIT_POINTER(local->sched_scan_req, NULL); 1296 } 1297 1298 return ret; 1299 } 1300 1301 int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata, 1302 struct cfg80211_sched_scan_request *req) 1303 { 1304 struct ieee80211_local *local = sdata->local; 1305 int ret; 1306 1307 mutex_lock(&local->mtx); 1308 1309 if (rcu_access_pointer(local->sched_scan_sdata)) { 1310 mutex_unlock(&local->mtx); 1311 return -EBUSY; 1312 } 1313 1314 ret = __ieee80211_request_sched_scan_start(sdata, req); 1315 1316 mutex_unlock(&local->mtx); 1317 return ret; 1318 } 1319 1320 int ieee80211_request_sched_scan_stop(struct ieee80211_local *local) 1321 { 1322 struct ieee80211_sub_if_data *sched_scan_sdata; 1323 int ret = -ENOENT; 1324 1325 mutex_lock(&local->mtx); 1326 1327 if (!local->ops->sched_scan_stop) { 1328 ret = -ENOTSUPP; 1329 goto out; 1330 } 1331 1332 /* We don't want to restart sched scan anymore. */ 1333 RCU_INIT_POINTER(local->sched_scan_req, NULL); 1334 1335 sched_scan_sdata = rcu_dereference_protected(local->sched_scan_sdata, 1336 lockdep_is_held(&local->mtx)); 1337 if (sched_scan_sdata) { 1338 ret = drv_sched_scan_stop(local, sched_scan_sdata); 1339 if (!ret) 1340 RCU_INIT_POINTER(local->sched_scan_sdata, NULL); 1341 } 1342 out: 1343 mutex_unlock(&local->mtx); 1344 1345 return ret; 1346 } 1347 1348 void ieee80211_sched_scan_results(struct ieee80211_hw *hw) 1349 { 1350 struct ieee80211_local *local = hw_to_local(hw); 1351 1352 trace_api_sched_scan_results(local); 1353 1354 cfg80211_sched_scan_results(hw->wiphy, 0); 1355 } 1356 EXPORT_SYMBOL(ieee80211_sched_scan_results); 1357 1358 void ieee80211_sched_scan_end(struct ieee80211_local *local) 1359 { 1360 mutex_lock(&local->mtx); 1361 1362 if (!rcu_access_pointer(local->sched_scan_sdata)) { 1363 mutex_unlock(&local->mtx); 1364 return; 1365 } 1366 1367 RCU_INIT_POINTER(local->sched_scan_sdata, NULL); 1368 1369 /* If sched scan was aborted by the driver. */ 1370 RCU_INIT_POINTER(local->sched_scan_req, NULL); 1371 1372 mutex_unlock(&local->mtx); 1373 1374 cfg80211_sched_scan_stopped(local->hw.wiphy, 0); 1375 } 1376 1377 void ieee80211_sched_scan_stopped_work(struct work_struct *work) 1378 { 1379 struct ieee80211_local *local = 1380 container_of(work, struct ieee80211_local, 1381 sched_scan_stopped_work); 1382 1383 ieee80211_sched_scan_end(local); 1384 } 1385 1386 void ieee80211_sched_scan_stopped(struct ieee80211_hw *hw) 1387 { 1388 struct ieee80211_local *local = hw_to_local(hw); 1389 1390 trace_api_sched_scan_stopped(local); 1391 1392 /* 1393 * this shouldn't really happen, so for simplicity 1394 * simply ignore it, and let mac80211 reconfigure 1395 * the sched scan later on. 1396 */ 1397 if (local->in_reconfig) 1398 return; 1399 1400 schedule_work(&local->sched_scan_stopped_work); 1401 } 1402 EXPORT_SYMBOL(ieee80211_sched_scan_stopped); 1403