1 /* 2 * Scanning implementation 3 * 4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> 5 * Copyright 2004, Instant802 Networks, Inc. 6 * Copyright 2005, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * Copyright 2013-2015 Intel Mobile Communications GmbH 10 * Copyright 2016-2017 Intel Deutschland GmbH 11 * Copyright (C) 2018-2019 Intel Corporation 12 * 13 * This program is free software; you can redistribute it and/or modify 14 * it under the terms of the GNU General Public License version 2 as 15 * published by the Free Software Foundation. 16 */ 17 18 #include <linux/if_arp.h> 19 #include <linux/etherdevice.h> 20 #include <linux/rtnetlink.h> 21 #include <net/sch_generic.h> 22 #include <linux/slab.h> 23 #include <linux/export.h> 24 #include <linux/random.h> 25 #include <net/mac80211.h> 26 27 #include "ieee80211_i.h" 28 #include "driver-ops.h" 29 #include "mesh.h" 30 31 #define IEEE80211_PROBE_DELAY (HZ / 33) 32 #define IEEE80211_CHANNEL_TIME (HZ / 33) 33 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 9) 34 35 void ieee80211_rx_bss_put(struct ieee80211_local *local, 36 struct ieee80211_bss *bss) 37 { 38 if (!bss) 39 return; 40 cfg80211_put_bss(local->hw.wiphy, 41 container_of((void *)bss, struct cfg80211_bss, priv)); 42 } 43 44 static bool is_uapsd_supported(struct ieee802_11_elems *elems) 45 { 46 u8 qos_info; 47 48 if (elems->wmm_info && elems->wmm_info_len == 7 49 && elems->wmm_info[5] == 1) 50 qos_info = elems->wmm_info[6]; 51 else if (elems->wmm_param && elems->wmm_param_len == 24 52 && elems->wmm_param[5] == 1) 53 qos_info = elems->wmm_param[6]; 54 else 55 /* no valid wmm information or parameter element found */ 56 return false; 57 58 return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD; 59 } 60 61 static void 62 ieee80211_update_bss_from_elems(struct ieee80211_local *local, 63 struct ieee80211_bss *bss, 64 struct ieee802_11_elems *elems, 65 struct ieee80211_rx_status *rx_status, 66 bool beacon) 67 { 68 int clen, srlen; 69 70 if (beacon) 71 bss->device_ts_beacon = rx_status->device_timestamp; 72 else 73 bss->device_ts_presp = rx_status->device_timestamp; 74 75 if (elems->parse_error) { 76 if (beacon) 77 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON; 78 else 79 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_PROBE_RESP; 80 } else { 81 if (beacon) 82 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_BEACON; 83 else 84 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_PROBE_RESP; 85 } 86 87 /* save the ERP value so that it is available at association time */ 88 if (elems->erp_info && (!elems->parse_error || 89 !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) { 90 bss->erp_value = elems->erp_info[0]; 91 bss->has_erp_value = true; 92 if (!elems->parse_error) 93 bss->valid_data |= IEEE80211_BSS_VALID_ERP; 94 } 95 96 /* replace old supported rates if we get new values */ 97 if (!elems->parse_error || 98 !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) { 99 srlen = 0; 100 if (elems->supp_rates) { 101 clen = IEEE80211_MAX_SUPP_RATES; 102 if (clen > elems->supp_rates_len) 103 clen = elems->supp_rates_len; 104 memcpy(bss->supp_rates, elems->supp_rates, clen); 105 srlen += clen; 106 } 107 if (elems->ext_supp_rates) { 108 clen = IEEE80211_MAX_SUPP_RATES - srlen; 109 if (clen > elems->ext_supp_rates_len) 110 clen = elems->ext_supp_rates_len; 111 memcpy(bss->supp_rates + srlen, elems->ext_supp_rates, 112 clen); 113 srlen += clen; 114 } 115 if (srlen) { 116 bss->supp_rates_len = srlen; 117 if (!elems->parse_error) 118 bss->valid_data |= IEEE80211_BSS_VALID_RATES; 119 } 120 } 121 122 if (!elems->parse_error || 123 !(bss->valid_data & IEEE80211_BSS_VALID_WMM)) { 124 bss->wmm_used = elems->wmm_param || elems->wmm_info; 125 bss->uapsd_supported = is_uapsd_supported(elems); 126 if (!elems->parse_error) 127 bss->valid_data |= IEEE80211_BSS_VALID_WMM; 128 } 129 130 if (beacon) { 131 struct ieee80211_supported_band *sband = 132 local->hw.wiphy->bands[rx_status->band]; 133 if (!(rx_status->encoding == RX_ENC_HT) && 134 !(rx_status->encoding == RX_ENC_VHT)) 135 bss->beacon_rate = 136 &sband->bitrates[rx_status->rate_idx]; 137 } 138 } 139 140 struct ieee80211_bss * 141 ieee80211_bss_info_update(struct ieee80211_local *local, 142 struct ieee80211_rx_status *rx_status, 143 struct ieee80211_mgmt *mgmt, size_t len, 144 struct ieee80211_channel *channel) 145 { 146 bool beacon = ieee80211_is_beacon(mgmt->frame_control); 147 struct cfg80211_bss *cbss, *non_tx_cbss; 148 struct ieee80211_bss *bss, *non_tx_bss; 149 struct cfg80211_inform_bss bss_meta = { 150 .boottime_ns = rx_status->boottime_ns, 151 }; 152 bool signal_valid; 153 struct ieee80211_sub_if_data *scan_sdata; 154 struct ieee802_11_elems elems; 155 size_t baselen; 156 u8 *elements; 157 158 if (rx_status->flag & RX_FLAG_NO_SIGNAL_VAL) 159 bss_meta.signal = 0; /* invalid signal indication */ 160 else if (ieee80211_hw_check(&local->hw, SIGNAL_DBM)) 161 bss_meta.signal = rx_status->signal * 100; 162 else if (ieee80211_hw_check(&local->hw, SIGNAL_UNSPEC)) 163 bss_meta.signal = (rx_status->signal * 100) / local->hw.max_signal; 164 165 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_20; 166 if (rx_status->bw == RATE_INFO_BW_5) 167 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_5; 168 else if (rx_status->bw == RATE_INFO_BW_10) 169 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_10; 170 171 bss_meta.chan = channel; 172 173 rcu_read_lock(); 174 scan_sdata = rcu_dereference(local->scan_sdata); 175 if (scan_sdata && scan_sdata->vif.type == NL80211_IFTYPE_STATION && 176 scan_sdata->vif.bss_conf.assoc && 177 ieee80211_have_rx_timestamp(rx_status)) { 178 bss_meta.parent_tsf = 179 ieee80211_calculate_rx_timestamp(local, rx_status, 180 len + FCS_LEN, 24); 181 ether_addr_copy(bss_meta.parent_bssid, 182 scan_sdata->vif.bss_conf.bssid); 183 } 184 rcu_read_unlock(); 185 186 cbss = cfg80211_inform_bss_frame_data(local->hw.wiphy, &bss_meta, 187 mgmt, len, GFP_ATOMIC); 188 if (!cbss) 189 return NULL; 190 191 if (ieee80211_is_probe_resp(mgmt->frame_control)) { 192 elements = mgmt->u.probe_resp.variable; 193 baselen = offsetof(struct ieee80211_mgmt, 194 u.probe_resp.variable); 195 } else { 196 baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable); 197 elements = mgmt->u.beacon.variable; 198 } 199 200 if (baselen > len) 201 return NULL; 202 203 ieee802_11_parse_elems(elements, len - baselen, false, &elems, 204 mgmt->bssid, cbss->bssid); 205 206 /* In case the signal is invalid update the status */ 207 signal_valid = abs(channel->center_freq - cbss->channel->center_freq) 208 <= local->hw.wiphy->max_adj_channel_rssi_comp; 209 if (!signal_valid) 210 rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL; 211 212 bss = (void *)cbss->priv; 213 ieee80211_update_bss_from_elems(local, bss, &elems, rx_status, beacon); 214 215 list_for_each_entry(non_tx_cbss, &cbss->nontrans_list, nontrans_list) { 216 non_tx_bss = (void *)non_tx_cbss->priv; 217 218 ieee80211_update_bss_from_elems(local, non_tx_bss, &elems, 219 rx_status, beacon); 220 } 221 222 return bss; 223 } 224 225 static bool ieee80211_scan_accept_presp(struct ieee80211_sub_if_data *sdata, 226 u32 scan_flags, const u8 *da) 227 { 228 if (!sdata) 229 return false; 230 /* accept broadcast for OCE */ 231 if (scan_flags & NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP && 232 is_broadcast_ether_addr(da)) 233 return true; 234 if (scan_flags & NL80211_SCAN_FLAG_RANDOM_ADDR) 235 return true; 236 return ether_addr_equal(da, sdata->vif.addr); 237 } 238 239 void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb) 240 { 241 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 242 struct ieee80211_sub_if_data *sdata1, *sdata2; 243 struct ieee80211_mgmt *mgmt = (void *)skb->data; 244 struct ieee80211_bss *bss; 245 struct ieee80211_channel *channel; 246 247 if (skb->len < 24 || 248 (!ieee80211_is_probe_resp(mgmt->frame_control) && 249 !ieee80211_is_beacon(mgmt->frame_control))) 250 return; 251 252 sdata1 = rcu_dereference(local->scan_sdata); 253 sdata2 = rcu_dereference(local->sched_scan_sdata); 254 255 if (likely(!sdata1 && !sdata2)) 256 return; 257 258 if (ieee80211_is_probe_resp(mgmt->frame_control)) { 259 struct cfg80211_scan_request *scan_req; 260 struct cfg80211_sched_scan_request *sched_scan_req; 261 u32 scan_req_flags = 0, sched_scan_req_flags = 0; 262 263 scan_req = rcu_dereference(local->scan_req); 264 sched_scan_req = rcu_dereference(local->sched_scan_req); 265 266 if (scan_req) 267 scan_req_flags = scan_req->flags; 268 269 if (sched_scan_req) 270 sched_scan_req_flags = sched_scan_req->flags; 271 272 /* ignore ProbeResp to foreign address or non-bcast (OCE) 273 * unless scanning with randomised address 274 */ 275 if (!ieee80211_scan_accept_presp(sdata1, scan_req_flags, 276 mgmt->da) && 277 !ieee80211_scan_accept_presp(sdata2, sched_scan_req_flags, 278 mgmt->da)) 279 return; 280 } 281 282 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq); 283 284 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 285 return; 286 287 bss = ieee80211_bss_info_update(local, rx_status, 288 mgmt, skb->len, 289 channel); 290 if (bss) 291 ieee80211_rx_bss_put(local, bss); 292 } 293 294 static void 295 ieee80211_prepare_scan_chandef(struct cfg80211_chan_def *chandef, 296 enum nl80211_bss_scan_width scan_width) 297 { 298 memset(chandef, 0, sizeof(*chandef)); 299 switch (scan_width) { 300 case NL80211_BSS_CHAN_WIDTH_5: 301 chandef->width = NL80211_CHAN_WIDTH_5; 302 break; 303 case NL80211_BSS_CHAN_WIDTH_10: 304 chandef->width = NL80211_CHAN_WIDTH_10; 305 break; 306 default: 307 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 308 break; 309 } 310 } 311 312 /* return false if no more work */ 313 static bool ieee80211_prep_hw_scan(struct ieee80211_local *local) 314 { 315 struct cfg80211_scan_request *req; 316 struct cfg80211_chan_def chandef; 317 u8 bands_used = 0; 318 int i, ielen, n_chans; 319 u32 flags = 0; 320 321 req = rcu_dereference_protected(local->scan_req, 322 lockdep_is_held(&local->mtx)); 323 324 if (test_bit(SCAN_HW_CANCELLED, &local->scanning)) 325 return false; 326 327 if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { 328 for (i = 0; i < req->n_channels; i++) { 329 local->hw_scan_req->req.channels[i] = req->channels[i]; 330 bands_used |= BIT(req->channels[i]->band); 331 } 332 333 n_chans = req->n_channels; 334 } else { 335 do { 336 if (local->hw_scan_band == NUM_NL80211_BANDS) 337 return false; 338 339 n_chans = 0; 340 341 for (i = 0; i < req->n_channels; i++) { 342 if (req->channels[i]->band != 343 local->hw_scan_band) 344 continue; 345 local->hw_scan_req->req.channels[n_chans] = 346 req->channels[i]; 347 n_chans++; 348 bands_used |= BIT(req->channels[i]->band); 349 } 350 351 local->hw_scan_band++; 352 } while (!n_chans); 353 } 354 355 local->hw_scan_req->req.n_channels = n_chans; 356 ieee80211_prepare_scan_chandef(&chandef, req->scan_width); 357 358 if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) 359 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; 360 361 ielen = ieee80211_build_preq_ies(local, 362 (u8 *)local->hw_scan_req->req.ie, 363 local->hw_scan_ies_bufsize, 364 &local->hw_scan_req->ies, 365 req->ie, req->ie_len, 366 bands_used, req->rates, &chandef, 367 flags); 368 local->hw_scan_req->req.ie_len = ielen; 369 local->hw_scan_req->req.no_cck = req->no_cck; 370 ether_addr_copy(local->hw_scan_req->req.mac_addr, req->mac_addr); 371 ether_addr_copy(local->hw_scan_req->req.mac_addr_mask, 372 req->mac_addr_mask); 373 ether_addr_copy(local->hw_scan_req->req.bssid, req->bssid); 374 375 return true; 376 } 377 378 static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) 379 { 380 struct ieee80211_local *local = hw_to_local(hw); 381 bool hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning); 382 bool was_scanning = local->scanning; 383 struct cfg80211_scan_request *scan_req; 384 struct ieee80211_sub_if_data *scan_sdata; 385 struct ieee80211_sub_if_data *sdata; 386 387 lockdep_assert_held(&local->mtx); 388 389 /* 390 * It's ok to abort a not-yet-running scan (that 391 * we have one at all will be verified by checking 392 * local->scan_req next), but not to complete it 393 * successfully. 394 */ 395 if (WARN_ON(!local->scanning && !aborted)) 396 aborted = true; 397 398 if (WARN_ON(!local->scan_req)) 399 return; 400 401 if (hw_scan && !aborted && 402 !ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS) && 403 ieee80211_prep_hw_scan(local)) { 404 int rc; 405 406 rc = drv_hw_scan(local, 407 rcu_dereference_protected(local->scan_sdata, 408 lockdep_is_held(&local->mtx)), 409 local->hw_scan_req); 410 411 if (rc == 0) 412 return; 413 414 /* HW scan failed and is going to be reported as aborted, 415 * so clear old scan info. 416 */ 417 memset(&local->scan_info, 0, sizeof(local->scan_info)); 418 aborted = true; 419 } 420 421 kfree(local->hw_scan_req); 422 local->hw_scan_req = NULL; 423 424 scan_req = rcu_dereference_protected(local->scan_req, 425 lockdep_is_held(&local->mtx)); 426 427 if (scan_req != local->int_scan_req) { 428 local->scan_info.aborted = aborted; 429 cfg80211_scan_done(scan_req, &local->scan_info); 430 } 431 RCU_INIT_POINTER(local->scan_req, NULL); 432 433 scan_sdata = rcu_dereference_protected(local->scan_sdata, 434 lockdep_is_held(&local->mtx)); 435 RCU_INIT_POINTER(local->scan_sdata, NULL); 436 437 local->scanning = 0; 438 local->scan_chandef.chan = NULL; 439 440 /* Set power back to normal operating levels. */ 441 ieee80211_hw_config(local, 0); 442 443 if (!hw_scan) { 444 ieee80211_configure_filter(local); 445 drv_sw_scan_complete(local, scan_sdata); 446 ieee80211_offchannel_return(local); 447 } 448 449 ieee80211_recalc_idle(local); 450 451 ieee80211_mlme_notify_scan_completed(local); 452 ieee80211_ibss_notify_scan_completed(local); 453 454 /* Requeue all the work that might have been ignored while 455 * the scan was in progress; if there was none this will 456 * just be a no-op for the particular interface. 457 */ 458 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 459 if (ieee80211_sdata_running(sdata)) 460 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 461 } 462 463 if (was_scanning) 464 ieee80211_start_next_roc(local); 465 } 466 467 void ieee80211_scan_completed(struct ieee80211_hw *hw, 468 struct cfg80211_scan_info *info) 469 { 470 struct ieee80211_local *local = hw_to_local(hw); 471 472 trace_api_scan_completed(local, info->aborted); 473 474 set_bit(SCAN_COMPLETED, &local->scanning); 475 if (info->aborted) 476 set_bit(SCAN_ABORTED, &local->scanning); 477 478 memcpy(&local->scan_info, info, sizeof(*info)); 479 480 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0); 481 } 482 EXPORT_SYMBOL(ieee80211_scan_completed); 483 484 static int ieee80211_start_sw_scan(struct ieee80211_local *local, 485 struct ieee80211_sub_if_data *sdata) 486 { 487 /* Software scan is not supported in multi-channel cases */ 488 if (local->use_chanctx) 489 return -EOPNOTSUPP; 490 491 /* 492 * Hardware/driver doesn't support hw_scan, so use software 493 * scanning instead. First send a nullfunc frame with power save 494 * bit on so that AP will buffer the frames for us while we are not 495 * listening, then send probe requests to each channel and wait for 496 * the responses. After all channels are scanned, tune back to the 497 * original channel and send a nullfunc frame with power save bit 498 * off to trigger the AP to send us all the buffered frames. 499 * 500 * Note that while local->sw_scanning is true everything else but 501 * nullfunc frames and probe requests will be dropped in 502 * ieee80211_tx_h_check_assoc(). 503 */ 504 drv_sw_scan_start(local, sdata, local->scan_addr); 505 506 local->leave_oper_channel_time = jiffies; 507 local->next_scan_state = SCAN_DECISION; 508 local->scan_channel_idx = 0; 509 510 ieee80211_offchannel_stop_vifs(local); 511 512 /* ensure nullfunc is transmitted before leaving operating channel */ 513 ieee80211_flush_queues(local, NULL, false); 514 515 ieee80211_configure_filter(local); 516 517 /* We need to set power level at maximum rate for scanning. */ 518 ieee80211_hw_config(local, 0); 519 520 ieee80211_queue_delayed_work(&local->hw, 521 &local->scan_work, 0); 522 523 return 0; 524 } 525 526 static bool ieee80211_can_scan(struct ieee80211_local *local, 527 struct ieee80211_sub_if_data *sdata) 528 { 529 if (ieee80211_is_radar_required(local)) 530 return false; 531 532 if (!list_empty(&local->roc_list)) 533 return false; 534 535 if (sdata->vif.type == NL80211_IFTYPE_STATION && 536 sdata->u.mgd.flags & IEEE80211_STA_CONNECTION_POLL) 537 return false; 538 539 return true; 540 } 541 542 void ieee80211_run_deferred_scan(struct ieee80211_local *local) 543 { 544 lockdep_assert_held(&local->mtx); 545 546 if (!local->scan_req || local->scanning) 547 return; 548 549 if (!ieee80211_can_scan(local, 550 rcu_dereference_protected( 551 local->scan_sdata, 552 lockdep_is_held(&local->mtx)))) 553 return; 554 555 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 556 round_jiffies_relative(0)); 557 } 558 559 static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata, 560 const u8 *src, const u8 *dst, 561 const u8 *ssid, size_t ssid_len, 562 const u8 *ie, size_t ie_len, 563 u32 ratemask, u32 flags, u32 tx_flags, 564 struct ieee80211_channel *channel) 565 { 566 struct sk_buff *skb; 567 u32 txdata_flags = 0; 568 569 skb = ieee80211_build_probe_req(sdata, src, dst, ratemask, channel, 570 ssid, ssid_len, 571 ie, ie_len, flags); 572 573 if (skb) { 574 if (flags & IEEE80211_PROBE_FLAG_RANDOM_SN) { 575 struct ieee80211_hdr *hdr = (void *)skb->data; 576 u16 sn = get_random_u32(); 577 578 txdata_flags |= IEEE80211_TX_NO_SEQNO; 579 hdr->seq_ctrl = 580 cpu_to_le16(IEEE80211_SN_TO_SEQ(sn)); 581 } 582 IEEE80211_SKB_CB(skb)->flags |= tx_flags; 583 ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band, 584 txdata_flags); 585 } 586 } 587 588 static void ieee80211_scan_state_send_probe(struct ieee80211_local *local, 589 unsigned long *next_delay) 590 { 591 int i; 592 struct ieee80211_sub_if_data *sdata; 593 struct cfg80211_scan_request *scan_req; 594 enum nl80211_band band = local->hw.conf.chandef.chan->band; 595 u32 flags = 0, tx_flags; 596 597 scan_req = rcu_dereference_protected(local->scan_req, 598 lockdep_is_held(&local->mtx)); 599 600 tx_flags = IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 601 if (scan_req->no_cck) 602 tx_flags |= IEEE80211_TX_CTL_NO_CCK_RATE; 603 if (scan_req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) 604 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; 605 if (scan_req->flags & NL80211_SCAN_FLAG_RANDOM_SN) 606 flags |= IEEE80211_PROBE_FLAG_RANDOM_SN; 607 608 sdata = rcu_dereference_protected(local->scan_sdata, 609 lockdep_is_held(&local->mtx)); 610 611 for (i = 0; i < scan_req->n_ssids; i++) 612 ieee80211_send_scan_probe_req( 613 sdata, local->scan_addr, scan_req->bssid, 614 scan_req->ssids[i].ssid, scan_req->ssids[i].ssid_len, 615 scan_req->ie, scan_req->ie_len, 616 scan_req->rates[band], flags, 617 tx_flags, local->hw.conf.chandef.chan); 618 619 /* 620 * After sending probe requests, wait for probe responses 621 * on the channel. 622 */ 623 *next_delay = IEEE80211_CHANNEL_TIME; 624 local->next_scan_state = SCAN_DECISION; 625 } 626 627 static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata, 628 struct cfg80211_scan_request *req) 629 { 630 struct ieee80211_local *local = sdata->local; 631 bool hw_scan = local->ops->hw_scan; 632 int rc; 633 634 lockdep_assert_held(&local->mtx); 635 636 if (local->scan_req || ieee80211_is_radar_required(local)) 637 return -EBUSY; 638 639 if (!ieee80211_can_scan(local, sdata)) { 640 /* wait for the work to finish/time out */ 641 rcu_assign_pointer(local->scan_req, req); 642 rcu_assign_pointer(local->scan_sdata, sdata); 643 return 0; 644 } 645 646 again: 647 if (hw_scan) { 648 u8 *ies; 649 650 local->hw_scan_ies_bufsize = local->scan_ies_len + req->ie_len; 651 652 if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { 653 int i, n_bands = 0; 654 u8 bands_counted = 0; 655 656 for (i = 0; i < req->n_channels; i++) { 657 if (bands_counted & BIT(req->channels[i]->band)) 658 continue; 659 bands_counted |= BIT(req->channels[i]->band); 660 n_bands++; 661 } 662 663 local->hw_scan_ies_bufsize *= n_bands; 664 } 665 666 local->hw_scan_req = kmalloc( 667 sizeof(*local->hw_scan_req) + 668 req->n_channels * sizeof(req->channels[0]) + 669 local->hw_scan_ies_bufsize, GFP_KERNEL); 670 if (!local->hw_scan_req) 671 return -ENOMEM; 672 673 local->hw_scan_req->req.ssids = req->ssids; 674 local->hw_scan_req->req.n_ssids = req->n_ssids; 675 ies = (u8 *)local->hw_scan_req + 676 sizeof(*local->hw_scan_req) + 677 req->n_channels * sizeof(req->channels[0]); 678 local->hw_scan_req->req.ie = ies; 679 local->hw_scan_req->req.flags = req->flags; 680 eth_broadcast_addr(local->hw_scan_req->req.bssid); 681 local->hw_scan_req->req.duration = req->duration; 682 local->hw_scan_req->req.duration_mandatory = 683 req->duration_mandatory; 684 685 local->hw_scan_band = 0; 686 687 /* 688 * After allocating local->hw_scan_req, we must 689 * go through until ieee80211_prep_hw_scan(), so 690 * anything that might be changed here and leave 691 * this function early must not go after this 692 * allocation. 693 */ 694 } 695 696 rcu_assign_pointer(local->scan_req, req); 697 rcu_assign_pointer(local->scan_sdata, sdata); 698 699 if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) 700 get_random_mask_addr(local->scan_addr, 701 req->mac_addr, 702 req->mac_addr_mask); 703 else 704 memcpy(local->scan_addr, sdata->vif.addr, ETH_ALEN); 705 706 if (hw_scan) { 707 __set_bit(SCAN_HW_SCANNING, &local->scanning); 708 } else if ((req->n_channels == 1) && 709 (req->channels[0] == local->_oper_chandef.chan)) { 710 /* 711 * If we are scanning only on the operating channel 712 * then we do not need to stop normal activities 713 */ 714 unsigned long next_delay; 715 716 __set_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning); 717 718 ieee80211_recalc_idle(local); 719 720 /* Notify driver scan is starting, keep order of operations 721 * same as normal software scan, in case that matters. */ 722 drv_sw_scan_start(local, sdata, local->scan_addr); 723 724 ieee80211_configure_filter(local); /* accept probe-responses */ 725 726 /* We need to ensure power level is at max for scanning. */ 727 ieee80211_hw_config(local, 0); 728 729 if ((req->channels[0]->flags & (IEEE80211_CHAN_NO_IR | 730 IEEE80211_CHAN_RADAR)) || 731 !req->n_ssids) { 732 next_delay = IEEE80211_PASSIVE_CHANNEL_TIME; 733 } else { 734 ieee80211_scan_state_send_probe(local, &next_delay); 735 next_delay = IEEE80211_CHANNEL_TIME; 736 } 737 738 /* Now, just wait a bit and we are all done! */ 739 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 740 next_delay); 741 return 0; 742 } else { 743 /* Do normal software scan */ 744 __set_bit(SCAN_SW_SCANNING, &local->scanning); 745 } 746 747 ieee80211_recalc_idle(local); 748 749 if (hw_scan) { 750 WARN_ON(!ieee80211_prep_hw_scan(local)); 751 rc = drv_hw_scan(local, sdata, local->hw_scan_req); 752 } else { 753 rc = ieee80211_start_sw_scan(local, sdata); 754 } 755 756 if (rc) { 757 kfree(local->hw_scan_req); 758 local->hw_scan_req = NULL; 759 local->scanning = 0; 760 761 ieee80211_recalc_idle(local); 762 763 local->scan_req = NULL; 764 RCU_INIT_POINTER(local->scan_sdata, NULL); 765 } 766 767 if (hw_scan && rc == 1) { 768 /* 769 * we can't fall back to software for P2P-GO 770 * as it must update NoA etc. 771 */ 772 if (ieee80211_vif_type_p2p(&sdata->vif) == 773 NL80211_IFTYPE_P2P_GO) 774 return -EOPNOTSUPP; 775 hw_scan = false; 776 goto again; 777 } 778 779 return rc; 780 } 781 782 static unsigned long 783 ieee80211_scan_get_channel_time(struct ieee80211_channel *chan) 784 { 785 /* 786 * TODO: channel switching also consumes quite some time, 787 * add that delay as well to get a better estimation 788 */ 789 if (chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) 790 return IEEE80211_PASSIVE_CHANNEL_TIME; 791 return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME; 792 } 793 794 static void ieee80211_scan_state_decision(struct ieee80211_local *local, 795 unsigned long *next_delay) 796 { 797 bool associated = false; 798 bool tx_empty = true; 799 bool bad_latency; 800 struct ieee80211_sub_if_data *sdata; 801 struct ieee80211_channel *next_chan; 802 enum mac80211_scan_state next_scan_state; 803 struct cfg80211_scan_request *scan_req; 804 805 /* 806 * check if at least one STA interface is associated, 807 * check if at least one STA interface has pending tx frames 808 * and grab the lowest used beacon interval 809 */ 810 mutex_lock(&local->iflist_mtx); 811 list_for_each_entry(sdata, &local->interfaces, list) { 812 if (!ieee80211_sdata_running(sdata)) 813 continue; 814 815 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 816 if (sdata->u.mgd.associated) { 817 associated = true; 818 819 if (!qdisc_all_tx_empty(sdata->dev)) { 820 tx_empty = false; 821 break; 822 } 823 } 824 } 825 } 826 mutex_unlock(&local->iflist_mtx); 827 828 scan_req = rcu_dereference_protected(local->scan_req, 829 lockdep_is_held(&local->mtx)); 830 831 next_chan = scan_req->channels[local->scan_channel_idx]; 832 833 /* 834 * we're currently scanning a different channel, let's 835 * see if we can scan another channel without interfering 836 * with the current traffic situation. 837 * 838 * Keep good latency, do not stay off-channel more than 125 ms. 839 */ 840 841 bad_latency = time_after(jiffies + 842 ieee80211_scan_get_channel_time(next_chan), 843 local->leave_oper_channel_time + HZ / 8); 844 845 if (associated && !tx_empty) { 846 if (scan_req->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) 847 next_scan_state = SCAN_ABORT; 848 else 849 next_scan_state = SCAN_SUSPEND; 850 } else if (associated && bad_latency) { 851 next_scan_state = SCAN_SUSPEND; 852 } else { 853 next_scan_state = SCAN_SET_CHANNEL; 854 } 855 856 local->next_scan_state = next_scan_state; 857 858 *next_delay = 0; 859 } 860 861 static void ieee80211_scan_state_set_channel(struct ieee80211_local *local, 862 unsigned long *next_delay) 863 { 864 int skip; 865 struct ieee80211_channel *chan; 866 enum nl80211_bss_scan_width oper_scan_width; 867 struct cfg80211_scan_request *scan_req; 868 869 scan_req = rcu_dereference_protected(local->scan_req, 870 lockdep_is_held(&local->mtx)); 871 872 skip = 0; 873 chan = scan_req->channels[local->scan_channel_idx]; 874 875 local->scan_chandef.chan = chan; 876 local->scan_chandef.center_freq1 = chan->center_freq; 877 local->scan_chandef.center_freq2 = 0; 878 switch (scan_req->scan_width) { 879 case NL80211_BSS_CHAN_WIDTH_5: 880 local->scan_chandef.width = NL80211_CHAN_WIDTH_5; 881 break; 882 case NL80211_BSS_CHAN_WIDTH_10: 883 local->scan_chandef.width = NL80211_CHAN_WIDTH_10; 884 break; 885 case NL80211_BSS_CHAN_WIDTH_20: 886 /* If scanning on oper channel, use whatever channel-type 887 * is currently in use. 888 */ 889 oper_scan_width = cfg80211_chandef_to_scan_width( 890 &local->_oper_chandef); 891 if (chan == local->_oper_chandef.chan && 892 oper_scan_width == scan_req->scan_width) 893 local->scan_chandef = local->_oper_chandef; 894 else 895 local->scan_chandef.width = NL80211_CHAN_WIDTH_20_NOHT; 896 break; 897 } 898 899 if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL)) 900 skip = 1; 901 902 /* advance state machine to next channel/band */ 903 local->scan_channel_idx++; 904 905 if (skip) { 906 /* if we skip this channel return to the decision state */ 907 local->next_scan_state = SCAN_DECISION; 908 return; 909 } 910 911 /* 912 * Probe delay is used to update the NAV, cf. 11.1.3.2.2 913 * (which unfortunately doesn't say _why_ step a) is done, 914 * but it waits for the probe delay or until a frame is 915 * received - and the received frame would update the NAV). 916 * For now, we do not support waiting until a frame is 917 * received. 918 * 919 * In any case, it is not necessary for a passive scan. 920 */ 921 if ((chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) || 922 !scan_req->n_ssids) { 923 *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME; 924 local->next_scan_state = SCAN_DECISION; 925 return; 926 } 927 928 /* active scan, send probes */ 929 *next_delay = IEEE80211_PROBE_DELAY; 930 local->next_scan_state = SCAN_SEND_PROBE; 931 } 932 933 static void ieee80211_scan_state_suspend(struct ieee80211_local *local, 934 unsigned long *next_delay) 935 { 936 /* switch back to the operating channel */ 937 local->scan_chandef.chan = NULL; 938 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 939 940 /* disable PS */ 941 ieee80211_offchannel_return(local); 942 943 *next_delay = HZ / 5; 944 /* afterwards, resume scan & go to next channel */ 945 local->next_scan_state = SCAN_RESUME; 946 } 947 948 static void ieee80211_scan_state_resume(struct ieee80211_local *local, 949 unsigned long *next_delay) 950 { 951 ieee80211_offchannel_stop_vifs(local); 952 953 if (local->ops->flush) { 954 ieee80211_flush_queues(local, NULL, false); 955 *next_delay = 0; 956 } else 957 *next_delay = HZ / 10; 958 959 /* remember when we left the operating channel */ 960 local->leave_oper_channel_time = jiffies; 961 962 /* advance to the next channel to be scanned */ 963 local->next_scan_state = SCAN_SET_CHANNEL; 964 } 965 966 void ieee80211_scan_work(struct work_struct *work) 967 { 968 struct ieee80211_local *local = 969 container_of(work, struct ieee80211_local, scan_work.work); 970 struct ieee80211_sub_if_data *sdata; 971 struct cfg80211_scan_request *scan_req; 972 unsigned long next_delay = 0; 973 bool aborted; 974 975 mutex_lock(&local->mtx); 976 977 if (!ieee80211_can_run_worker(local)) { 978 aborted = true; 979 goto out_complete; 980 } 981 982 sdata = rcu_dereference_protected(local->scan_sdata, 983 lockdep_is_held(&local->mtx)); 984 scan_req = rcu_dereference_protected(local->scan_req, 985 lockdep_is_held(&local->mtx)); 986 987 /* When scanning on-channel, the first-callback means completed. */ 988 if (test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning)) { 989 aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning); 990 goto out_complete; 991 } 992 993 if (test_and_clear_bit(SCAN_COMPLETED, &local->scanning)) { 994 aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning); 995 goto out_complete; 996 } 997 998 if (!sdata || !scan_req) 999 goto out; 1000 1001 if (!local->scanning) { 1002 int rc; 1003 1004 RCU_INIT_POINTER(local->scan_req, NULL); 1005 RCU_INIT_POINTER(local->scan_sdata, NULL); 1006 1007 rc = __ieee80211_start_scan(sdata, scan_req); 1008 if (rc) { 1009 /* need to complete scan in cfg80211 */ 1010 rcu_assign_pointer(local->scan_req, scan_req); 1011 aborted = true; 1012 goto out_complete; 1013 } else 1014 goto out; 1015 } 1016 1017 /* 1018 * as long as no delay is required advance immediately 1019 * without scheduling a new work 1020 */ 1021 do { 1022 if (!ieee80211_sdata_running(sdata)) { 1023 aborted = true; 1024 goto out_complete; 1025 } 1026 1027 switch (local->next_scan_state) { 1028 case SCAN_DECISION: 1029 /* if no more bands/channels left, complete scan */ 1030 if (local->scan_channel_idx >= scan_req->n_channels) { 1031 aborted = false; 1032 goto out_complete; 1033 } 1034 ieee80211_scan_state_decision(local, &next_delay); 1035 break; 1036 case SCAN_SET_CHANNEL: 1037 ieee80211_scan_state_set_channel(local, &next_delay); 1038 break; 1039 case SCAN_SEND_PROBE: 1040 ieee80211_scan_state_send_probe(local, &next_delay); 1041 break; 1042 case SCAN_SUSPEND: 1043 ieee80211_scan_state_suspend(local, &next_delay); 1044 break; 1045 case SCAN_RESUME: 1046 ieee80211_scan_state_resume(local, &next_delay); 1047 break; 1048 case SCAN_ABORT: 1049 aborted = true; 1050 goto out_complete; 1051 } 1052 } while (next_delay == 0); 1053 1054 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay); 1055 goto out; 1056 1057 out_complete: 1058 __ieee80211_scan_completed(&local->hw, aborted); 1059 out: 1060 mutex_unlock(&local->mtx); 1061 } 1062 1063 int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata, 1064 struct cfg80211_scan_request *req) 1065 { 1066 int res; 1067 1068 mutex_lock(&sdata->local->mtx); 1069 res = __ieee80211_start_scan(sdata, req); 1070 mutex_unlock(&sdata->local->mtx); 1071 1072 return res; 1073 } 1074 1075 int ieee80211_request_ibss_scan(struct ieee80211_sub_if_data *sdata, 1076 const u8 *ssid, u8 ssid_len, 1077 struct ieee80211_channel **channels, 1078 unsigned int n_channels, 1079 enum nl80211_bss_scan_width scan_width) 1080 { 1081 struct ieee80211_local *local = sdata->local; 1082 int ret = -EBUSY, i, n_ch = 0; 1083 enum nl80211_band band; 1084 1085 mutex_lock(&local->mtx); 1086 1087 /* busy scanning */ 1088 if (local->scan_req) 1089 goto unlock; 1090 1091 /* fill internal scan request */ 1092 if (!channels) { 1093 int max_n; 1094 1095 for (band = 0; band < NUM_NL80211_BANDS; band++) { 1096 if (!local->hw.wiphy->bands[band]) 1097 continue; 1098 1099 max_n = local->hw.wiphy->bands[band]->n_channels; 1100 for (i = 0; i < max_n; i++) { 1101 struct ieee80211_channel *tmp_ch = 1102 &local->hw.wiphy->bands[band]->channels[i]; 1103 1104 if (tmp_ch->flags & (IEEE80211_CHAN_NO_IR | 1105 IEEE80211_CHAN_DISABLED)) 1106 continue; 1107 1108 local->int_scan_req->channels[n_ch] = tmp_ch; 1109 n_ch++; 1110 } 1111 } 1112 1113 if (WARN_ON_ONCE(n_ch == 0)) 1114 goto unlock; 1115 1116 local->int_scan_req->n_channels = n_ch; 1117 } else { 1118 for (i = 0; i < n_channels; i++) { 1119 if (channels[i]->flags & (IEEE80211_CHAN_NO_IR | 1120 IEEE80211_CHAN_DISABLED)) 1121 continue; 1122 1123 local->int_scan_req->channels[n_ch] = channels[i]; 1124 n_ch++; 1125 } 1126 1127 if (WARN_ON_ONCE(n_ch == 0)) 1128 goto unlock; 1129 1130 local->int_scan_req->n_channels = n_ch; 1131 } 1132 1133 local->int_scan_req->ssids = &local->scan_ssid; 1134 local->int_scan_req->n_ssids = 1; 1135 local->int_scan_req->scan_width = scan_width; 1136 memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN); 1137 local->int_scan_req->ssids[0].ssid_len = ssid_len; 1138 1139 ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req); 1140 unlock: 1141 mutex_unlock(&local->mtx); 1142 return ret; 1143 } 1144 1145 /* 1146 * Only call this function when a scan can't be queued -- under RTNL. 1147 */ 1148 void ieee80211_scan_cancel(struct ieee80211_local *local) 1149 { 1150 /* 1151 * We are canceling software scan, or deferred scan that was not 1152 * yet really started (see __ieee80211_start_scan ). 1153 * 1154 * Regarding hardware scan: 1155 * - we can not call __ieee80211_scan_completed() as when 1156 * SCAN_HW_SCANNING bit is set this function change 1157 * local->hw_scan_req to operate on 5G band, what race with 1158 * driver which can use local->hw_scan_req 1159 * 1160 * - we can not cancel scan_work since driver can schedule it 1161 * by ieee80211_scan_completed(..., true) to finish scan 1162 * 1163 * Hence we only call the cancel_hw_scan() callback, but the low-level 1164 * driver is still responsible for calling ieee80211_scan_completed() 1165 * after the scan was completed/aborted. 1166 */ 1167 1168 mutex_lock(&local->mtx); 1169 if (!local->scan_req) 1170 goto out; 1171 1172 /* 1173 * We have a scan running and the driver already reported completion, 1174 * but the worker hasn't run yet or is stuck on the mutex - mark it as 1175 * cancelled. 1176 */ 1177 if (test_bit(SCAN_HW_SCANNING, &local->scanning) && 1178 test_bit(SCAN_COMPLETED, &local->scanning)) { 1179 set_bit(SCAN_HW_CANCELLED, &local->scanning); 1180 goto out; 1181 } 1182 1183 if (test_bit(SCAN_HW_SCANNING, &local->scanning)) { 1184 /* 1185 * Make sure that __ieee80211_scan_completed doesn't trigger a 1186 * scan on another band. 1187 */ 1188 set_bit(SCAN_HW_CANCELLED, &local->scanning); 1189 if (local->ops->cancel_hw_scan) 1190 drv_cancel_hw_scan(local, 1191 rcu_dereference_protected(local->scan_sdata, 1192 lockdep_is_held(&local->mtx))); 1193 goto out; 1194 } 1195 1196 /* 1197 * If the work is currently running, it must be blocked on 1198 * the mutex, but we'll set scan_sdata = NULL and it'll 1199 * simply exit once it acquires the mutex. 1200 */ 1201 cancel_delayed_work(&local->scan_work); 1202 /* and clean up */ 1203 memset(&local->scan_info, 0, sizeof(local->scan_info)); 1204 __ieee80211_scan_completed(&local->hw, true); 1205 out: 1206 mutex_unlock(&local->mtx); 1207 } 1208 1209 int __ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata, 1210 struct cfg80211_sched_scan_request *req) 1211 { 1212 struct ieee80211_local *local = sdata->local; 1213 struct ieee80211_scan_ies sched_scan_ies = {}; 1214 struct cfg80211_chan_def chandef; 1215 int ret, i, iebufsz, num_bands = 0; 1216 u32 rate_masks[NUM_NL80211_BANDS] = {}; 1217 u8 bands_used = 0; 1218 u8 *ie; 1219 u32 flags = 0; 1220 1221 iebufsz = local->scan_ies_len + req->ie_len; 1222 1223 lockdep_assert_held(&local->mtx); 1224 1225 if (!local->ops->sched_scan_start) 1226 return -ENOTSUPP; 1227 1228 for (i = 0; i < NUM_NL80211_BANDS; i++) { 1229 if (local->hw.wiphy->bands[i]) { 1230 bands_used |= BIT(i); 1231 rate_masks[i] = (u32) -1; 1232 num_bands++; 1233 } 1234 } 1235 1236 if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) 1237 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; 1238 1239 ie = kcalloc(iebufsz, num_bands, GFP_KERNEL); 1240 if (!ie) { 1241 ret = -ENOMEM; 1242 goto out; 1243 } 1244 1245 ieee80211_prepare_scan_chandef(&chandef, req->scan_width); 1246 1247 ieee80211_build_preq_ies(local, ie, num_bands * iebufsz, 1248 &sched_scan_ies, req->ie, 1249 req->ie_len, bands_used, rate_masks, &chandef, 1250 flags); 1251 1252 ret = drv_sched_scan_start(local, sdata, req, &sched_scan_ies); 1253 if (ret == 0) { 1254 rcu_assign_pointer(local->sched_scan_sdata, sdata); 1255 rcu_assign_pointer(local->sched_scan_req, req); 1256 } 1257 1258 kfree(ie); 1259 1260 out: 1261 if (ret) { 1262 /* Clean in case of failure after HW restart or upon resume. */ 1263 RCU_INIT_POINTER(local->sched_scan_sdata, NULL); 1264 RCU_INIT_POINTER(local->sched_scan_req, NULL); 1265 } 1266 1267 return ret; 1268 } 1269 1270 int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata, 1271 struct cfg80211_sched_scan_request *req) 1272 { 1273 struct ieee80211_local *local = sdata->local; 1274 int ret; 1275 1276 mutex_lock(&local->mtx); 1277 1278 if (rcu_access_pointer(local->sched_scan_sdata)) { 1279 mutex_unlock(&local->mtx); 1280 return -EBUSY; 1281 } 1282 1283 ret = __ieee80211_request_sched_scan_start(sdata, req); 1284 1285 mutex_unlock(&local->mtx); 1286 return ret; 1287 } 1288 1289 int ieee80211_request_sched_scan_stop(struct ieee80211_local *local) 1290 { 1291 struct ieee80211_sub_if_data *sched_scan_sdata; 1292 int ret = -ENOENT; 1293 1294 mutex_lock(&local->mtx); 1295 1296 if (!local->ops->sched_scan_stop) { 1297 ret = -ENOTSUPP; 1298 goto out; 1299 } 1300 1301 /* We don't want to restart sched scan anymore. */ 1302 RCU_INIT_POINTER(local->sched_scan_req, NULL); 1303 1304 sched_scan_sdata = rcu_dereference_protected(local->sched_scan_sdata, 1305 lockdep_is_held(&local->mtx)); 1306 if (sched_scan_sdata) { 1307 ret = drv_sched_scan_stop(local, sched_scan_sdata); 1308 if (!ret) 1309 RCU_INIT_POINTER(local->sched_scan_sdata, NULL); 1310 } 1311 out: 1312 mutex_unlock(&local->mtx); 1313 1314 return ret; 1315 } 1316 1317 void ieee80211_sched_scan_results(struct ieee80211_hw *hw) 1318 { 1319 struct ieee80211_local *local = hw_to_local(hw); 1320 1321 trace_api_sched_scan_results(local); 1322 1323 cfg80211_sched_scan_results(hw->wiphy, 0); 1324 } 1325 EXPORT_SYMBOL(ieee80211_sched_scan_results); 1326 1327 void ieee80211_sched_scan_end(struct ieee80211_local *local) 1328 { 1329 mutex_lock(&local->mtx); 1330 1331 if (!rcu_access_pointer(local->sched_scan_sdata)) { 1332 mutex_unlock(&local->mtx); 1333 return; 1334 } 1335 1336 RCU_INIT_POINTER(local->sched_scan_sdata, NULL); 1337 1338 /* If sched scan was aborted by the driver. */ 1339 RCU_INIT_POINTER(local->sched_scan_req, NULL); 1340 1341 mutex_unlock(&local->mtx); 1342 1343 cfg80211_sched_scan_stopped(local->hw.wiphy, 0); 1344 } 1345 1346 void ieee80211_sched_scan_stopped_work(struct work_struct *work) 1347 { 1348 struct ieee80211_local *local = 1349 container_of(work, struct ieee80211_local, 1350 sched_scan_stopped_work); 1351 1352 ieee80211_sched_scan_end(local); 1353 } 1354 1355 void ieee80211_sched_scan_stopped(struct ieee80211_hw *hw) 1356 { 1357 struct ieee80211_local *local = hw_to_local(hw); 1358 1359 trace_api_sched_scan_stopped(local); 1360 1361 /* 1362 * this shouldn't really happen, so for simplicity 1363 * simply ignore it, and let mac80211 reconfigure 1364 * the sched scan later on. 1365 */ 1366 if (local->in_reconfig) 1367 return; 1368 1369 schedule_work(&local->sched_scan_stopped_work); 1370 } 1371 EXPORT_SYMBOL(ieee80211_sched_scan_stopped); 1372