1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Scanning implementation 4 * 5 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> 6 * Copyright 2004, Instant802 Networks, Inc. 7 * Copyright 2005, Devicescape Software, Inc. 8 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 9 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 10 * Copyright 2013-2015 Intel Mobile Communications GmbH 11 * Copyright 2016-2017 Intel Deutschland GmbH 12 * Copyright (C) 2018-2019 Intel Corporation 13 */ 14 15 #include <linux/if_arp.h> 16 #include <linux/etherdevice.h> 17 #include <linux/rtnetlink.h> 18 #include <net/sch_generic.h> 19 #include <linux/slab.h> 20 #include <linux/export.h> 21 #include <linux/random.h> 22 #include <net/mac80211.h> 23 24 #include "ieee80211_i.h" 25 #include "driver-ops.h" 26 #include "mesh.h" 27 28 #define IEEE80211_PROBE_DELAY (HZ / 33) 29 #define IEEE80211_CHANNEL_TIME (HZ / 33) 30 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 9) 31 32 void ieee80211_rx_bss_put(struct ieee80211_local *local, 33 struct ieee80211_bss *bss) 34 { 35 if (!bss) 36 return; 37 cfg80211_put_bss(local->hw.wiphy, 38 container_of((void *)bss, struct cfg80211_bss, priv)); 39 } 40 41 static bool is_uapsd_supported(struct ieee802_11_elems *elems) 42 { 43 u8 qos_info; 44 45 if (elems->wmm_info && elems->wmm_info_len == 7 46 && elems->wmm_info[5] == 1) 47 qos_info = elems->wmm_info[6]; 48 else if (elems->wmm_param && elems->wmm_param_len == 24 49 && elems->wmm_param[5] == 1) 50 qos_info = elems->wmm_param[6]; 51 else 52 /* no valid wmm information or parameter element found */ 53 return false; 54 55 return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD; 56 } 57 58 static void 59 ieee80211_update_bss_from_elems(struct ieee80211_local *local, 60 struct ieee80211_bss *bss, 61 struct ieee802_11_elems *elems, 62 struct ieee80211_rx_status *rx_status, 63 bool beacon) 64 { 65 int clen, srlen; 66 67 if (beacon) 68 bss->device_ts_beacon = rx_status->device_timestamp; 69 else 70 bss->device_ts_presp = rx_status->device_timestamp; 71 72 if (elems->parse_error) { 73 if (beacon) 74 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON; 75 else 76 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_PROBE_RESP; 77 } else { 78 if (beacon) 79 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_BEACON; 80 else 81 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_PROBE_RESP; 82 } 83 84 /* save the ERP value so that it is available at association time */ 85 if (elems->erp_info && (!elems->parse_error || 86 !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) { 87 bss->erp_value = elems->erp_info[0]; 88 bss->has_erp_value = true; 89 if (!elems->parse_error) 90 bss->valid_data |= IEEE80211_BSS_VALID_ERP; 91 } 92 93 /* replace old supported rates if we get new values */ 94 if (!elems->parse_error || 95 !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) { 96 srlen = 0; 97 if (elems->supp_rates) { 98 clen = IEEE80211_MAX_SUPP_RATES; 99 if (clen > elems->supp_rates_len) 100 clen = elems->supp_rates_len; 101 memcpy(bss->supp_rates, elems->supp_rates, clen); 102 srlen += clen; 103 } 104 if (elems->ext_supp_rates) { 105 clen = IEEE80211_MAX_SUPP_RATES - srlen; 106 if (clen > elems->ext_supp_rates_len) 107 clen = elems->ext_supp_rates_len; 108 memcpy(bss->supp_rates + srlen, elems->ext_supp_rates, 109 clen); 110 srlen += clen; 111 } 112 if (srlen) { 113 bss->supp_rates_len = srlen; 114 if (!elems->parse_error) 115 bss->valid_data |= IEEE80211_BSS_VALID_RATES; 116 } 117 } 118 119 if (!elems->parse_error || 120 !(bss->valid_data & IEEE80211_BSS_VALID_WMM)) { 121 bss->wmm_used = elems->wmm_param || elems->wmm_info; 122 bss->uapsd_supported = is_uapsd_supported(elems); 123 if (!elems->parse_error) 124 bss->valid_data |= IEEE80211_BSS_VALID_WMM; 125 } 126 127 if (beacon) { 128 struct ieee80211_supported_band *sband = 129 local->hw.wiphy->bands[rx_status->band]; 130 if (!(rx_status->encoding == RX_ENC_HT) && 131 !(rx_status->encoding == RX_ENC_VHT)) 132 bss->beacon_rate = 133 &sband->bitrates[rx_status->rate_idx]; 134 } 135 } 136 137 struct ieee80211_bss * 138 ieee80211_bss_info_update(struct ieee80211_local *local, 139 struct ieee80211_rx_status *rx_status, 140 struct ieee80211_mgmt *mgmt, size_t len, 141 struct ieee80211_channel *channel) 142 { 143 bool beacon = ieee80211_is_beacon(mgmt->frame_control); 144 struct cfg80211_bss *cbss, *non_tx_cbss; 145 struct ieee80211_bss *bss, *non_tx_bss; 146 struct cfg80211_inform_bss bss_meta = { 147 .boottime_ns = rx_status->boottime_ns, 148 }; 149 bool signal_valid; 150 struct ieee80211_sub_if_data *scan_sdata; 151 struct ieee802_11_elems elems; 152 size_t baselen; 153 u8 *elements; 154 155 if (rx_status->flag & RX_FLAG_NO_SIGNAL_VAL) 156 bss_meta.signal = 0; /* invalid signal indication */ 157 else if (ieee80211_hw_check(&local->hw, SIGNAL_DBM)) 158 bss_meta.signal = rx_status->signal * 100; 159 else if (ieee80211_hw_check(&local->hw, SIGNAL_UNSPEC)) 160 bss_meta.signal = (rx_status->signal * 100) / local->hw.max_signal; 161 162 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_20; 163 if (rx_status->bw == RATE_INFO_BW_5) 164 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_5; 165 else if (rx_status->bw == RATE_INFO_BW_10) 166 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_10; 167 168 bss_meta.chan = channel; 169 170 rcu_read_lock(); 171 scan_sdata = rcu_dereference(local->scan_sdata); 172 if (scan_sdata && scan_sdata->vif.type == NL80211_IFTYPE_STATION && 173 scan_sdata->vif.bss_conf.assoc && 174 ieee80211_have_rx_timestamp(rx_status)) { 175 bss_meta.parent_tsf = 176 ieee80211_calculate_rx_timestamp(local, rx_status, 177 len + FCS_LEN, 24); 178 ether_addr_copy(bss_meta.parent_bssid, 179 scan_sdata->vif.bss_conf.bssid); 180 } 181 rcu_read_unlock(); 182 183 cbss = cfg80211_inform_bss_frame_data(local->hw.wiphy, &bss_meta, 184 mgmt, len, GFP_ATOMIC); 185 if (!cbss) 186 return NULL; 187 188 if (ieee80211_is_probe_resp(mgmt->frame_control)) { 189 elements = mgmt->u.probe_resp.variable; 190 baselen = offsetof(struct ieee80211_mgmt, 191 u.probe_resp.variable); 192 } else { 193 baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable); 194 elements = mgmt->u.beacon.variable; 195 } 196 197 if (baselen > len) 198 return NULL; 199 200 ieee802_11_parse_elems(elements, len - baselen, false, &elems, 201 mgmt->bssid, cbss->bssid); 202 203 /* In case the signal is invalid update the status */ 204 signal_valid = channel == cbss->channel; 205 if (!signal_valid) 206 rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL; 207 208 bss = (void *)cbss->priv; 209 ieee80211_update_bss_from_elems(local, bss, &elems, rx_status, beacon); 210 211 list_for_each_entry(non_tx_cbss, &cbss->nontrans_list, nontrans_list) { 212 non_tx_bss = (void *)non_tx_cbss->priv; 213 214 ieee80211_update_bss_from_elems(local, non_tx_bss, &elems, 215 rx_status, beacon); 216 } 217 218 return bss; 219 } 220 221 static bool ieee80211_scan_accept_presp(struct ieee80211_sub_if_data *sdata, 222 u32 scan_flags, const u8 *da) 223 { 224 if (!sdata) 225 return false; 226 /* accept broadcast for OCE */ 227 if (scan_flags & NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP && 228 is_broadcast_ether_addr(da)) 229 return true; 230 if (scan_flags & NL80211_SCAN_FLAG_RANDOM_ADDR) 231 return true; 232 return ether_addr_equal(da, sdata->vif.addr); 233 } 234 235 void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb) 236 { 237 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 238 struct ieee80211_sub_if_data *sdata1, *sdata2; 239 struct ieee80211_mgmt *mgmt = (void *)skb->data; 240 struct ieee80211_bss *bss; 241 struct ieee80211_channel *channel; 242 243 if (skb->len < 24 || 244 (!ieee80211_is_probe_resp(mgmt->frame_control) && 245 !ieee80211_is_beacon(mgmt->frame_control))) 246 return; 247 248 sdata1 = rcu_dereference(local->scan_sdata); 249 sdata2 = rcu_dereference(local->sched_scan_sdata); 250 251 if (likely(!sdata1 && !sdata2)) 252 return; 253 254 if (ieee80211_is_probe_resp(mgmt->frame_control)) { 255 struct cfg80211_scan_request *scan_req; 256 struct cfg80211_sched_scan_request *sched_scan_req; 257 u32 scan_req_flags = 0, sched_scan_req_flags = 0; 258 259 scan_req = rcu_dereference(local->scan_req); 260 sched_scan_req = rcu_dereference(local->sched_scan_req); 261 262 if (scan_req) 263 scan_req_flags = scan_req->flags; 264 265 if (sched_scan_req) 266 sched_scan_req_flags = sched_scan_req->flags; 267 268 /* ignore ProbeResp to foreign address or non-bcast (OCE) 269 * unless scanning with randomised address 270 */ 271 if (!ieee80211_scan_accept_presp(sdata1, scan_req_flags, 272 mgmt->da) && 273 !ieee80211_scan_accept_presp(sdata2, sched_scan_req_flags, 274 mgmt->da)) 275 return; 276 } 277 278 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq); 279 280 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 281 return; 282 283 bss = ieee80211_bss_info_update(local, rx_status, 284 mgmt, skb->len, 285 channel); 286 if (bss) 287 ieee80211_rx_bss_put(local, bss); 288 } 289 290 static void 291 ieee80211_prepare_scan_chandef(struct cfg80211_chan_def *chandef, 292 enum nl80211_bss_scan_width scan_width) 293 { 294 memset(chandef, 0, sizeof(*chandef)); 295 switch (scan_width) { 296 case NL80211_BSS_CHAN_WIDTH_5: 297 chandef->width = NL80211_CHAN_WIDTH_5; 298 break; 299 case NL80211_BSS_CHAN_WIDTH_10: 300 chandef->width = NL80211_CHAN_WIDTH_10; 301 break; 302 default: 303 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 304 break; 305 } 306 } 307 308 /* return false if no more work */ 309 static bool ieee80211_prep_hw_scan(struct ieee80211_local *local) 310 { 311 struct cfg80211_scan_request *req; 312 struct cfg80211_chan_def chandef; 313 u8 bands_used = 0; 314 int i, ielen, n_chans; 315 u32 flags = 0; 316 317 req = rcu_dereference_protected(local->scan_req, 318 lockdep_is_held(&local->mtx)); 319 320 if (test_bit(SCAN_HW_CANCELLED, &local->scanning)) 321 return false; 322 323 if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { 324 for (i = 0; i < req->n_channels; i++) { 325 local->hw_scan_req->req.channels[i] = req->channels[i]; 326 bands_used |= BIT(req->channels[i]->band); 327 } 328 329 n_chans = req->n_channels; 330 } else { 331 do { 332 if (local->hw_scan_band == NUM_NL80211_BANDS) 333 return false; 334 335 n_chans = 0; 336 337 for (i = 0; i < req->n_channels; i++) { 338 if (req->channels[i]->band != 339 local->hw_scan_band) 340 continue; 341 local->hw_scan_req->req.channels[n_chans] = 342 req->channels[i]; 343 n_chans++; 344 bands_used |= BIT(req->channels[i]->band); 345 } 346 347 local->hw_scan_band++; 348 } while (!n_chans); 349 } 350 351 local->hw_scan_req->req.n_channels = n_chans; 352 ieee80211_prepare_scan_chandef(&chandef, req->scan_width); 353 354 if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) 355 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; 356 357 ielen = ieee80211_build_preq_ies(local, 358 (u8 *)local->hw_scan_req->req.ie, 359 local->hw_scan_ies_bufsize, 360 &local->hw_scan_req->ies, 361 req->ie, req->ie_len, 362 bands_used, req->rates, &chandef, 363 flags); 364 local->hw_scan_req->req.ie_len = ielen; 365 local->hw_scan_req->req.no_cck = req->no_cck; 366 ether_addr_copy(local->hw_scan_req->req.mac_addr, req->mac_addr); 367 ether_addr_copy(local->hw_scan_req->req.mac_addr_mask, 368 req->mac_addr_mask); 369 ether_addr_copy(local->hw_scan_req->req.bssid, req->bssid); 370 371 return true; 372 } 373 374 static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) 375 { 376 struct ieee80211_local *local = hw_to_local(hw); 377 bool hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning); 378 bool was_scanning = local->scanning; 379 struct cfg80211_scan_request *scan_req; 380 struct ieee80211_sub_if_data *scan_sdata; 381 struct ieee80211_sub_if_data *sdata; 382 383 lockdep_assert_held(&local->mtx); 384 385 /* 386 * It's ok to abort a not-yet-running scan (that 387 * we have one at all will be verified by checking 388 * local->scan_req next), but not to complete it 389 * successfully. 390 */ 391 if (WARN_ON(!local->scanning && !aborted)) 392 aborted = true; 393 394 if (WARN_ON(!local->scan_req)) 395 return; 396 397 if (hw_scan && !aborted && 398 !ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS) && 399 ieee80211_prep_hw_scan(local)) { 400 int rc; 401 402 rc = drv_hw_scan(local, 403 rcu_dereference_protected(local->scan_sdata, 404 lockdep_is_held(&local->mtx)), 405 local->hw_scan_req); 406 407 if (rc == 0) 408 return; 409 410 /* HW scan failed and is going to be reported as aborted, 411 * so clear old scan info. 412 */ 413 memset(&local->scan_info, 0, sizeof(local->scan_info)); 414 aborted = true; 415 } 416 417 kfree(local->hw_scan_req); 418 local->hw_scan_req = NULL; 419 420 scan_req = rcu_dereference_protected(local->scan_req, 421 lockdep_is_held(&local->mtx)); 422 423 if (scan_req != local->int_scan_req) { 424 local->scan_info.aborted = aborted; 425 cfg80211_scan_done(scan_req, &local->scan_info); 426 } 427 RCU_INIT_POINTER(local->scan_req, NULL); 428 429 scan_sdata = rcu_dereference_protected(local->scan_sdata, 430 lockdep_is_held(&local->mtx)); 431 RCU_INIT_POINTER(local->scan_sdata, NULL); 432 433 local->scanning = 0; 434 local->scan_chandef.chan = NULL; 435 436 /* Set power back to normal operating levels. */ 437 ieee80211_hw_config(local, 0); 438 439 if (!hw_scan) { 440 ieee80211_configure_filter(local); 441 drv_sw_scan_complete(local, scan_sdata); 442 ieee80211_offchannel_return(local); 443 } 444 445 ieee80211_recalc_idle(local); 446 447 ieee80211_mlme_notify_scan_completed(local); 448 ieee80211_ibss_notify_scan_completed(local); 449 450 /* Requeue all the work that might have been ignored while 451 * the scan was in progress; if there was none this will 452 * just be a no-op for the particular interface. 453 */ 454 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 455 if (ieee80211_sdata_running(sdata)) 456 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 457 } 458 459 if (was_scanning) 460 ieee80211_start_next_roc(local); 461 } 462 463 void ieee80211_scan_completed(struct ieee80211_hw *hw, 464 struct cfg80211_scan_info *info) 465 { 466 struct ieee80211_local *local = hw_to_local(hw); 467 468 trace_api_scan_completed(local, info->aborted); 469 470 set_bit(SCAN_COMPLETED, &local->scanning); 471 if (info->aborted) 472 set_bit(SCAN_ABORTED, &local->scanning); 473 474 memcpy(&local->scan_info, info, sizeof(*info)); 475 476 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0); 477 } 478 EXPORT_SYMBOL(ieee80211_scan_completed); 479 480 static int ieee80211_start_sw_scan(struct ieee80211_local *local, 481 struct ieee80211_sub_if_data *sdata) 482 { 483 /* Software scan is not supported in multi-channel cases */ 484 if (local->use_chanctx) 485 return -EOPNOTSUPP; 486 487 /* 488 * Hardware/driver doesn't support hw_scan, so use software 489 * scanning instead. First send a nullfunc frame with power save 490 * bit on so that AP will buffer the frames for us while we are not 491 * listening, then send probe requests to each channel and wait for 492 * the responses. After all channels are scanned, tune back to the 493 * original channel and send a nullfunc frame with power save bit 494 * off to trigger the AP to send us all the buffered frames. 495 * 496 * Note that while local->sw_scanning is true everything else but 497 * nullfunc frames and probe requests will be dropped in 498 * ieee80211_tx_h_check_assoc(). 499 */ 500 drv_sw_scan_start(local, sdata, local->scan_addr); 501 502 local->leave_oper_channel_time = jiffies; 503 local->next_scan_state = SCAN_DECISION; 504 local->scan_channel_idx = 0; 505 506 ieee80211_offchannel_stop_vifs(local); 507 508 /* ensure nullfunc is transmitted before leaving operating channel */ 509 ieee80211_flush_queues(local, NULL, false); 510 511 ieee80211_configure_filter(local); 512 513 /* We need to set power level at maximum rate for scanning. */ 514 ieee80211_hw_config(local, 0); 515 516 ieee80211_queue_delayed_work(&local->hw, 517 &local->scan_work, 0); 518 519 return 0; 520 } 521 522 static bool __ieee80211_can_leave_ch(struct ieee80211_sub_if_data *sdata) 523 { 524 struct ieee80211_local *local = sdata->local; 525 struct ieee80211_sub_if_data *sdata_iter; 526 527 if (!ieee80211_is_radar_required(local)) 528 return true; 529 530 if (!regulatory_pre_cac_allowed(local->hw.wiphy)) 531 return false; 532 533 mutex_lock(&local->iflist_mtx); 534 list_for_each_entry(sdata_iter, &local->interfaces, list) { 535 if (sdata_iter->wdev.cac_started) { 536 mutex_unlock(&local->iflist_mtx); 537 return false; 538 } 539 } 540 mutex_unlock(&local->iflist_mtx); 541 542 return true; 543 } 544 545 static bool ieee80211_can_scan(struct ieee80211_local *local, 546 struct ieee80211_sub_if_data *sdata) 547 { 548 if (!__ieee80211_can_leave_ch(sdata)) 549 return false; 550 551 if (!list_empty(&local->roc_list)) 552 return false; 553 554 if (sdata->vif.type == NL80211_IFTYPE_STATION && 555 sdata->u.mgd.flags & IEEE80211_STA_CONNECTION_POLL) 556 return false; 557 558 return true; 559 } 560 561 void ieee80211_run_deferred_scan(struct ieee80211_local *local) 562 { 563 lockdep_assert_held(&local->mtx); 564 565 if (!local->scan_req || local->scanning) 566 return; 567 568 if (!ieee80211_can_scan(local, 569 rcu_dereference_protected( 570 local->scan_sdata, 571 lockdep_is_held(&local->mtx)))) 572 return; 573 574 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 575 round_jiffies_relative(0)); 576 } 577 578 static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata, 579 const u8 *src, const u8 *dst, 580 const u8 *ssid, size_t ssid_len, 581 const u8 *ie, size_t ie_len, 582 u32 ratemask, u32 flags, u32 tx_flags, 583 struct ieee80211_channel *channel) 584 { 585 struct sk_buff *skb; 586 u32 txdata_flags = 0; 587 588 skb = ieee80211_build_probe_req(sdata, src, dst, ratemask, channel, 589 ssid, ssid_len, 590 ie, ie_len, flags); 591 592 if (skb) { 593 if (flags & IEEE80211_PROBE_FLAG_RANDOM_SN) { 594 struct ieee80211_hdr *hdr = (void *)skb->data; 595 u16 sn = get_random_u32(); 596 597 txdata_flags |= IEEE80211_TX_NO_SEQNO; 598 hdr->seq_ctrl = 599 cpu_to_le16(IEEE80211_SN_TO_SEQ(sn)); 600 } 601 IEEE80211_SKB_CB(skb)->flags |= tx_flags; 602 ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band, 603 txdata_flags); 604 } 605 } 606 607 static void ieee80211_scan_state_send_probe(struct ieee80211_local *local, 608 unsigned long *next_delay) 609 { 610 int i; 611 struct ieee80211_sub_if_data *sdata; 612 struct cfg80211_scan_request *scan_req; 613 enum nl80211_band band = local->hw.conf.chandef.chan->band; 614 u32 flags = 0, tx_flags; 615 616 scan_req = rcu_dereference_protected(local->scan_req, 617 lockdep_is_held(&local->mtx)); 618 619 tx_flags = IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 620 if (scan_req->no_cck) 621 tx_flags |= IEEE80211_TX_CTL_NO_CCK_RATE; 622 if (scan_req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) 623 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; 624 if (scan_req->flags & NL80211_SCAN_FLAG_RANDOM_SN) 625 flags |= IEEE80211_PROBE_FLAG_RANDOM_SN; 626 627 sdata = rcu_dereference_protected(local->scan_sdata, 628 lockdep_is_held(&local->mtx)); 629 630 for (i = 0; i < scan_req->n_ssids; i++) 631 ieee80211_send_scan_probe_req( 632 sdata, local->scan_addr, scan_req->bssid, 633 scan_req->ssids[i].ssid, scan_req->ssids[i].ssid_len, 634 scan_req->ie, scan_req->ie_len, 635 scan_req->rates[band], flags, 636 tx_flags, local->hw.conf.chandef.chan); 637 638 /* 639 * After sending probe requests, wait for probe responses 640 * on the channel. 641 */ 642 *next_delay = IEEE80211_CHANNEL_TIME; 643 local->next_scan_state = SCAN_DECISION; 644 } 645 646 static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata, 647 struct cfg80211_scan_request *req) 648 { 649 struct ieee80211_local *local = sdata->local; 650 bool hw_scan = local->ops->hw_scan; 651 int rc; 652 653 lockdep_assert_held(&local->mtx); 654 655 if (local->scan_req) 656 return -EBUSY; 657 658 if (!__ieee80211_can_leave_ch(sdata)) 659 return -EBUSY; 660 661 if (!ieee80211_can_scan(local, sdata)) { 662 /* wait for the work to finish/time out */ 663 rcu_assign_pointer(local->scan_req, req); 664 rcu_assign_pointer(local->scan_sdata, sdata); 665 return 0; 666 } 667 668 again: 669 if (hw_scan) { 670 u8 *ies; 671 672 local->hw_scan_ies_bufsize = local->scan_ies_len + req->ie_len; 673 674 if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { 675 int i, n_bands = 0; 676 u8 bands_counted = 0; 677 678 for (i = 0; i < req->n_channels; i++) { 679 if (bands_counted & BIT(req->channels[i]->band)) 680 continue; 681 bands_counted |= BIT(req->channels[i]->band); 682 n_bands++; 683 } 684 685 local->hw_scan_ies_bufsize *= n_bands; 686 } 687 688 local->hw_scan_req = kmalloc( 689 sizeof(*local->hw_scan_req) + 690 req->n_channels * sizeof(req->channels[0]) + 691 local->hw_scan_ies_bufsize, GFP_KERNEL); 692 if (!local->hw_scan_req) 693 return -ENOMEM; 694 695 local->hw_scan_req->req.ssids = req->ssids; 696 local->hw_scan_req->req.n_ssids = req->n_ssids; 697 ies = (u8 *)local->hw_scan_req + 698 sizeof(*local->hw_scan_req) + 699 req->n_channels * sizeof(req->channels[0]); 700 local->hw_scan_req->req.ie = ies; 701 local->hw_scan_req->req.flags = req->flags; 702 eth_broadcast_addr(local->hw_scan_req->req.bssid); 703 local->hw_scan_req->req.duration = req->duration; 704 local->hw_scan_req->req.duration_mandatory = 705 req->duration_mandatory; 706 707 local->hw_scan_band = 0; 708 709 /* 710 * After allocating local->hw_scan_req, we must 711 * go through until ieee80211_prep_hw_scan(), so 712 * anything that might be changed here and leave 713 * this function early must not go after this 714 * allocation. 715 */ 716 } 717 718 rcu_assign_pointer(local->scan_req, req); 719 rcu_assign_pointer(local->scan_sdata, sdata); 720 721 if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) 722 get_random_mask_addr(local->scan_addr, 723 req->mac_addr, 724 req->mac_addr_mask); 725 else 726 memcpy(local->scan_addr, sdata->vif.addr, ETH_ALEN); 727 728 if (hw_scan) { 729 __set_bit(SCAN_HW_SCANNING, &local->scanning); 730 } else if ((req->n_channels == 1) && 731 (req->channels[0] == local->_oper_chandef.chan)) { 732 /* 733 * If we are scanning only on the operating channel 734 * then we do not need to stop normal activities 735 */ 736 unsigned long next_delay; 737 738 __set_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning); 739 740 ieee80211_recalc_idle(local); 741 742 /* Notify driver scan is starting, keep order of operations 743 * same as normal software scan, in case that matters. */ 744 drv_sw_scan_start(local, sdata, local->scan_addr); 745 746 ieee80211_configure_filter(local); /* accept probe-responses */ 747 748 /* We need to ensure power level is at max for scanning. */ 749 ieee80211_hw_config(local, 0); 750 751 if ((req->channels[0]->flags & (IEEE80211_CHAN_NO_IR | 752 IEEE80211_CHAN_RADAR)) || 753 !req->n_ssids) { 754 next_delay = IEEE80211_PASSIVE_CHANNEL_TIME; 755 } else { 756 ieee80211_scan_state_send_probe(local, &next_delay); 757 next_delay = IEEE80211_CHANNEL_TIME; 758 } 759 760 /* Now, just wait a bit and we are all done! */ 761 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 762 next_delay); 763 return 0; 764 } else { 765 /* Do normal software scan */ 766 __set_bit(SCAN_SW_SCANNING, &local->scanning); 767 } 768 769 ieee80211_recalc_idle(local); 770 771 if (hw_scan) { 772 WARN_ON(!ieee80211_prep_hw_scan(local)); 773 rc = drv_hw_scan(local, sdata, local->hw_scan_req); 774 } else { 775 rc = ieee80211_start_sw_scan(local, sdata); 776 } 777 778 if (rc) { 779 kfree(local->hw_scan_req); 780 local->hw_scan_req = NULL; 781 local->scanning = 0; 782 783 ieee80211_recalc_idle(local); 784 785 local->scan_req = NULL; 786 RCU_INIT_POINTER(local->scan_sdata, NULL); 787 } 788 789 if (hw_scan && rc == 1) { 790 /* 791 * we can't fall back to software for P2P-GO 792 * as it must update NoA etc. 793 */ 794 if (ieee80211_vif_type_p2p(&sdata->vif) == 795 NL80211_IFTYPE_P2P_GO) 796 return -EOPNOTSUPP; 797 hw_scan = false; 798 goto again; 799 } 800 801 return rc; 802 } 803 804 static unsigned long 805 ieee80211_scan_get_channel_time(struct ieee80211_channel *chan) 806 { 807 /* 808 * TODO: channel switching also consumes quite some time, 809 * add that delay as well to get a better estimation 810 */ 811 if (chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) 812 return IEEE80211_PASSIVE_CHANNEL_TIME; 813 return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME; 814 } 815 816 static void ieee80211_scan_state_decision(struct ieee80211_local *local, 817 unsigned long *next_delay) 818 { 819 bool associated = false; 820 bool tx_empty = true; 821 bool bad_latency; 822 struct ieee80211_sub_if_data *sdata; 823 struct ieee80211_channel *next_chan; 824 enum mac80211_scan_state next_scan_state; 825 struct cfg80211_scan_request *scan_req; 826 827 /* 828 * check if at least one STA interface is associated, 829 * check if at least one STA interface has pending tx frames 830 * and grab the lowest used beacon interval 831 */ 832 mutex_lock(&local->iflist_mtx); 833 list_for_each_entry(sdata, &local->interfaces, list) { 834 if (!ieee80211_sdata_running(sdata)) 835 continue; 836 837 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 838 if (sdata->u.mgd.associated) { 839 associated = true; 840 841 if (!qdisc_all_tx_empty(sdata->dev)) { 842 tx_empty = false; 843 break; 844 } 845 } 846 } 847 } 848 mutex_unlock(&local->iflist_mtx); 849 850 scan_req = rcu_dereference_protected(local->scan_req, 851 lockdep_is_held(&local->mtx)); 852 853 next_chan = scan_req->channels[local->scan_channel_idx]; 854 855 /* 856 * we're currently scanning a different channel, let's 857 * see if we can scan another channel without interfering 858 * with the current traffic situation. 859 * 860 * Keep good latency, do not stay off-channel more than 125 ms. 861 */ 862 863 bad_latency = time_after(jiffies + 864 ieee80211_scan_get_channel_time(next_chan), 865 local->leave_oper_channel_time + HZ / 8); 866 867 if (associated && !tx_empty) { 868 if (scan_req->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) 869 next_scan_state = SCAN_ABORT; 870 else 871 next_scan_state = SCAN_SUSPEND; 872 } else if (associated && bad_latency) { 873 next_scan_state = SCAN_SUSPEND; 874 } else { 875 next_scan_state = SCAN_SET_CHANNEL; 876 } 877 878 local->next_scan_state = next_scan_state; 879 880 *next_delay = 0; 881 } 882 883 static void ieee80211_scan_state_set_channel(struct ieee80211_local *local, 884 unsigned long *next_delay) 885 { 886 int skip; 887 struct ieee80211_channel *chan; 888 enum nl80211_bss_scan_width oper_scan_width; 889 struct cfg80211_scan_request *scan_req; 890 891 scan_req = rcu_dereference_protected(local->scan_req, 892 lockdep_is_held(&local->mtx)); 893 894 skip = 0; 895 chan = scan_req->channels[local->scan_channel_idx]; 896 897 local->scan_chandef.chan = chan; 898 local->scan_chandef.center_freq1 = chan->center_freq; 899 local->scan_chandef.center_freq2 = 0; 900 switch (scan_req->scan_width) { 901 case NL80211_BSS_CHAN_WIDTH_5: 902 local->scan_chandef.width = NL80211_CHAN_WIDTH_5; 903 break; 904 case NL80211_BSS_CHAN_WIDTH_10: 905 local->scan_chandef.width = NL80211_CHAN_WIDTH_10; 906 break; 907 case NL80211_BSS_CHAN_WIDTH_20: 908 /* If scanning on oper channel, use whatever channel-type 909 * is currently in use. 910 */ 911 oper_scan_width = cfg80211_chandef_to_scan_width( 912 &local->_oper_chandef); 913 if (chan == local->_oper_chandef.chan && 914 oper_scan_width == scan_req->scan_width) 915 local->scan_chandef = local->_oper_chandef; 916 else 917 local->scan_chandef.width = NL80211_CHAN_WIDTH_20_NOHT; 918 break; 919 } 920 921 if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL)) 922 skip = 1; 923 924 /* advance state machine to next channel/band */ 925 local->scan_channel_idx++; 926 927 if (skip) { 928 /* if we skip this channel return to the decision state */ 929 local->next_scan_state = SCAN_DECISION; 930 return; 931 } 932 933 /* 934 * Probe delay is used to update the NAV, cf. 11.1.3.2.2 935 * (which unfortunately doesn't say _why_ step a) is done, 936 * but it waits for the probe delay or until a frame is 937 * received - and the received frame would update the NAV). 938 * For now, we do not support waiting until a frame is 939 * received. 940 * 941 * In any case, it is not necessary for a passive scan. 942 */ 943 if ((chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) || 944 !scan_req->n_ssids) { 945 *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME; 946 local->next_scan_state = SCAN_DECISION; 947 return; 948 } 949 950 /* active scan, send probes */ 951 *next_delay = IEEE80211_PROBE_DELAY; 952 local->next_scan_state = SCAN_SEND_PROBE; 953 } 954 955 static void ieee80211_scan_state_suspend(struct ieee80211_local *local, 956 unsigned long *next_delay) 957 { 958 /* switch back to the operating channel */ 959 local->scan_chandef.chan = NULL; 960 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 961 962 /* disable PS */ 963 ieee80211_offchannel_return(local); 964 965 *next_delay = HZ / 5; 966 /* afterwards, resume scan & go to next channel */ 967 local->next_scan_state = SCAN_RESUME; 968 } 969 970 static void ieee80211_scan_state_resume(struct ieee80211_local *local, 971 unsigned long *next_delay) 972 { 973 ieee80211_offchannel_stop_vifs(local); 974 975 if (local->ops->flush) { 976 ieee80211_flush_queues(local, NULL, false); 977 *next_delay = 0; 978 } else 979 *next_delay = HZ / 10; 980 981 /* remember when we left the operating channel */ 982 local->leave_oper_channel_time = jiffies; 983 984 /* advance to the next channel to be scanned */ 985 local->next_scan_state = SCAN_SET_CHANNEL; 986 } 987 988 void ieee80211_scan_work(struct work_struct *work) 989 { 990 struct ieee80211_local *local = 991 container_of(work, struct ieee80211_local, scan_work.work); 992 struct ieee80211_sub_if_data *sdata; 993 struct cfg80211_scan_request *scan_req; 994 unsigned long next_delay = 0; 995 bool aborted; 996 997 mutex_lock(&local->mtx); 998 999 if (!ieee80211_can_run_worker(local)) { 1000 aborted = true; 1001 goto out_complete; 1002 } 1003 1004 sdata = rcu_dereference_protected(local->scan_sdata, 1005 lockdep_is_held(&local->mtx)); 1006 scan_req = rcu_dereference_protected(local->scan_req, 1007 lockdep_is_held(&local->mtx)); 1008 1009 /* When scanning on-channel, the first-callback means completed. */ 1010 if (test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning)) { 1011 aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning); 1012 goto out_complete; 1013 } 1014 1015 if (test_and_clear_bit(SCAN_COMPLETED, &local->scanning)) { 1016 aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning); 1017 goto out_complete; 1018 } 1019 1020 if (!sdata || !scan_req) 1021 goto out; 1022 1023 if (!local->scanning) { 1024 int rc; 1025 1026 RCU_INIT_POINTER(local->scan_req, NULL); 1027 RCU_INIT_POINTER(local->scan_sdata, NULL); 1028 1029 rc = __ieee80211_start_scan(sdata, scan_req); 1030 if (rc) { 1031 /* need to complete scan in cfg80211 */ 1032 rcu_assign_pointer(local->scan_req, scan_req); 1033 aborted = true; 1034 goto out_complete; 1035 } else 1036 goto out; 1037 } 1038 1039 /* 1040 * as long as no delay is required advance immediately 1041 * without scheduling a new work 1042 */ 1043 do { 1044 if (!ieee80211_sdata_running(sdata)) { 1045 aborted = true; 1046 goto out_complete; 1047 } 1048 1049 switch (local->next_scan_state) { 1050 case SCAN_DECISION: 1051 /* if no more bands/channels left, complete scan */ 1052 if (local->scan_channel_idx >= scan_req->n_channels) { 1053 aborted = false; 1054 goto out_complete; 1055 } 1056 ieee80211_scan_state_decision(local, &next_delay); 1057 break; 1058 case SCAN_SET_CHANNEL: 1059 ieee80211_scan_state_set_channel(local, &next_delay); 1060 break; 1061 case SCAN_SEND_PROBE: 1062 ieee80211_scan_state_send_probe(local, &next_delay); 1063 break; 1064 case SCAN_SUSPEND: 1065 ieee80211_scan_state_suspend(local, &next_delay); 1066 break; 1067 case SCAN_RESUME: 1068 ieee80211_scan_state_resume(local, &next_delay); 1069 break; 1070 case SCAN_ABORT: 1071 aborted = true; 1072 goto out_complete; 1073 } 1074 } while (next_delay == 0); 1075 1076 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay); 1077 goto out; 1078 1079 out_complete: 1080 __ieee80211_scan_completed(&local->hw, aborted); 1081 out: 1082 mutex_unlock(&local->mtx); 1083 } 1084 1085 int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata, 1086 struct cfg80211_scan_request *req) 1087 { 1088 int res; 1089 1090 mutex_lock(&sdata->local->mtx); 1091 res = __ieee80211_start_scan(sdata, req); 1092 mutex_unlock(&sdata->local->mtx); 1093 1094 return res; 1095 } 1096 1097 int ieee80211_request_ibss_scan(struct ieee80211_sub_if_data *sdata, 1098 const u8 *ssid, u8 ssid_len, 1099 struct ieee80211_channel **channels, 1100 unsigned int n_channels, 1101 enum nl80211_bss_scan_width scan_width) 1102 { 1103 struct ieee80211_local *local = sdata->local; 1104 int ret = -EBUSY, i, n_ch = 0; 1105 enum nl80211_band band; 1106 1107 mutex_lock(&local->mtx); 1108 1109 /* busy scanning */ 1110 if (local->scan_req) 1111 goto unlock; 1112 1113 /* fill internal scan request */ 1114 if (!channels) { 1115 int max_n; 1116 1117 for (band = 0; band < NUM_NL80211_BANDS; band++) { 1118 if (!local->hw.wiphy->bands[band]) 1119 continue; 1120 1121 max_n = local->hw.wiphy->bands[band]->n_channels; 1122 for (i = 0; i < max_n; i++) { 1123 struct ieee80211_channel *tmp_ch = 1124 &local->hw.wiphy->bands[band]->channels[i]; 1125 1126 if (tmp_ch->flags & (IEEE80211_CHAN_NO_IR | 1127 IEEE80211_CHAN_DISABLED)) 1128 continue; 1129 1130 local->int_scan_req->channels[n_ch] = tmp_ch; 1131 n_ch++; 1132 } 1133 } 1134 1135 if (WARN_ON_ONCE(n_ch == 0)) 1136 goto unlock; 1137 1138 local->int_scan_req->n_channels = n_ch; 1139 } else { 1140 for (i = 0; i < n_channels; i++) { 1141 if (channels[i]->flags & (IEEE80211_CHAN_NO_IR | 1142 IEEE80211_CHAN_DISABLED)) 1143 continue; 1144 1145 local->int_scan_req->channels[n_ch] = channels[i]; 1146 n_ch++; 1147 } 1148 1149 if (WARN_ON_ONCE(n_ch == 0)) 1150 goto unlock; 1151 1152 local->int_scan_req->n_channels = n_ch; 1153 } 1154 1155 local->int_scan_req->ssids = &local->scan_ssid; 1156 local->int_scan_req->n_ssids = 1; 1157 local->int_scan_req->scan_width = scan_width; 1158 memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN); 1159 local->int_scan_req->ssids[0].ssid_len = ssid_len; 1160 1161 ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req); 1162 unlock: 1163 mutex_unlock(&local->mtx); 1164 return ret; 1165 } 1166 1167 /* 1168 * Only call this function when a scan can't be queued -- under RTNL. 1169 */ 1170 void ieee80211_scan_cancel(struct ieee80211_local *local) 1171 { 1172 /* 1173 * We are canceling software scan, or deferred scan that was not 1174 * yet really started (see __ieee80211_start_scan ). 1175 * 1176 * Regarding hardware scan: 1177 * - we can not call __ieee80211_scan_completed() as when 1178 * SCAN_HW_SCANNING bit is set this function change 1179 * local->hw_scan_req to operate on 5G band, what race with 1180 * driver which can use local->hw_scan_req 1181 * 1182 * - we can not cancel scan_work since driver can schedule it 1183 * by ieee80211_scan_completed(..., true) to finish scan 1184 * 1185 * Hence we only call the cancel_hw_scan() callback, but the low-level 1186 * driver is still responsible for calling ieee80211_scan_completed() 1187 * after the scan was completed/aborted. 1188 */ 1189 1190 mutex_lock(&local->mtx); 1191 if (!local->scan_req) 1192 goto out; 1193 1194 /* 1195 * We have a scan running and the driver already reported completion, 1196 * but the worker hasn't run yet or is stuck on the mutex - mark it as 1197 * cancelled. 1198 */ 1199 if (test_bit(SCAN_HW_SCANNING, &local->scanning) && 1200 test_bit(SCAN_COMPLETED, &local->scanning)) { 1201 set_bit(SCAN_HW_CANCELLED, &local->scanning); 1202 goto out; 1203 } 1204 1205 if (test_bit(SCAN_HW_SCANNING, &local->scanning)) { 1206 /* 1207 * Make sure that __ieee80211_scan_completed doesn't trigger a 1208 * scan on another band. 1209 */ 1210 set_bit(SCAN_HW_CANCELLED, &local->scanning); 1211 if (local->ops->cancel_hw_scan) 1212 drv_cancel_hw_scan(local, 1213 rcu_dereference_protected(local->scan_sdata, 1214 lockdep_is_held(&local->mtx))); 1215 goto out; 1216 } 1217 1218 /* 1219 * If the work is currently running, it must be blocked on 1220 * the mutex, but we'll set scan_sdata = NULL and it'll 1221 * simply exit once it acquires the mutex. 1222 */ 1223 cancel_delayed_work(&local->scan_work); 1224 /* and clean up */ 1225 memset(&local->scan_info, 0, sizeof(local->scan_info)); 1226 __ieee80211_scan_completed(&local->hw, true); 1227 out: 1228 mutex_unlock(&local->mtx); 1229 } 1230 1231 int __ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata, 1232 struct cfg80211_sched_scan_request *req) 1233 { 1234 struct ieee80211_local *local = sdata->local; 1235 struct ieee80211_scan_ies sched_scan_ies = {}; 1236 struct cfg80211_chan_def chandef; 1237 int ret, i, iebufsz, num_bands = 0; 1238 u32 rate_masks[NUM_NL80211_BANDS] = {}; 1239 u8 bands_used = 0; 1240 u8 *ie; 1241 u32 flags = 0; 1242 1243 iebufsz = local->scan_ies_len + req->ie_len; 1244 1245 lockdep_assert_held(&local->mtx); 1246 1247 if (!local->ops->sched_scan_start) 1248 return -ENOTSUPP; 1249 1250 for (i = 0; i < NUM_NL80211_BANDS; i++) { 1251 if (local->hw.wiphy->bands[i]) { 1252 bands_used |= BIT(i); 1253 rate_masks[i] = (u32) -1; 1254 num_bands++; 1255 } 1256 } 1257 1258 if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) 1259 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; 1260 1261 ie = kcalloc(iebufsz, num_bands, GFP_KERNEL); 1262 if (!ie) { 1263 ret = -ENOMEM; 1264 goto out; 1265 } 1266 1267 ieee80211_prepare_scan_chandef(&chandef, req->scan_width); 1268 1269 ieee80211_build_preq_ies(local, ie, num_bands * iebufsz, 1270 &sched_scan_ies, req->ie, 1271 req->ie_len, bands_used, rate_masks, &chandef, 1272 flags); 1273 1274 ret = drv_sched_scan_start(local, sdata, req, &sched_scan_ies); 1275 if (ret == 0) { 1276 rcu_assign_pointer(local->sched_scan_sdata, sdata); 1277 rcu_assign_pointer(local->sched_scan_req, req); 1278 } 1279 1280 kfree(ie); 1281 1282 out: 1283 if (ret) { 1284 /* Clean in case of failure after HW restart or upon resume. */ 1285 RCU_INIT_POINTER(local->sched_scan_sdata, NULL); 1286 RCU_INIT_POINTER(local->sched_scan_req, NULL); 1287 } 1288 1289 return ret; 1290 } 1291 1292 int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata, 1293 struct cfg80211_sched_scan_request *req) 1294 { 1295 struct ieee80211_local *local = sdata->local; 1296 int ret; 1297 1298 mutex_lock(&local->mtx); 1299 1300 if (rcu_access_pointer(local->sched_scan_sdata)) { 1301 mutex_unlock(&local->mtx); 1302 return -EBUSY; 1303 } 1304 1305 ret = __ieee80211_request_sched_scan_start(sdata, req); 1306 1307 mutex_unlock(&local->mtx); 1308 return ret; 1309 } 1310 1311 int ieee80211_request_sched_scan_stop(struct ieee80211_local *local) 1312 { 1313 struct ieee80211_sub_if_data *sched_scan_sdata; 1314 int ret = -ENOENT; 1315 1316 mutex_lock(&local->mtx); 1317 1318 if (!local->ops->sched_scan_stop) { 1319 ret = -ENOTSUPP; 1320 goto out; 1321 } 1322 1323 /* We don't want to restart sched scan anymore. */ 1324 RCU_INIT_POINTER(local->sched_scan_req, NULL); 1325 1326 sched_scan_sdata = rcu_dereference_protected(local->sched_scan_sdata, 1327 lockdep_is_held(&local->mtx)); 1328 if (sched_scan_sdata) { 1329 ret = drv_sched_scan_stop(local, sched_scan_sdata); 1330 if (!ret) 1331 RCU_INIT_POINTER(local->sched_scan_sdata, NULL); 1332 } 1333 out: 1334 mutex_unlock(&local->mtx); 1335 1336 return ret; 1337 } 1338 1339 void ieee80211_sched_scan_results(struct ieee80211_hw *hw) 1340 { 1341 struct ieee80211_local *local = hw_to_local(hw); 1342 1343 trace_api_sched_scan_results(local); 1344 1345 cfg80211_sched_scan_results(hw->wiphy, 0); 1346 } 1347 EXPORT_SYMBOL(ieee80211_sched_scan_results); 1348 1349 void ieee80211_sched_scan_end(struct ieee80211_local *local) 1350 { 1351 mutex_lock(&local->mtx); 1352 1353 if (!rcu_access_pointer(local->sched_scan_sdata)) { 1354 mutex_unlock(&local->mtx); 1355 return; 1356 } 1357 1358 RCU_INIT_POINTER(local->sched_scan_sdata, NULL); 1359 1360 /* If sched scan was aborted by the driver. */ 1361 RCU_INIT_POINTER(local->sched_scan_req, NULL); 1362 1363 mutex_unlock(&local->mtx); 1364 1365 cfg80211_sched_scan_stopped(local->hw.wiphy, 0); 1366 } 1367 1368 void ieee80211_sched_scan_stopped_work(struct work_struct *work) 1369 { 1370 struct ieee80211_local *local = 1371 container_of(work, struct ieee80211_local, 1372 sched_scan_stopped_work); 1373 1374 ieee80211_sched_scan_end(local); 1375 } 1376 1377 void ieee80211_sched_scan_stopped(struct ieee80211_hw *hw) 1378 { 1379 struct ieee80211_local *local = hw_to_local(hw); 1380 1381 trace_api_sched_scan_stopped(local); 1382 1383 /* 1384 * this shouldn't really happen, so for simplicity 1385 * simply ignore it, and let mac80211 reconfigure 1386 * the sched scan later on. 1387 */ 1388 if (local->in_reconfig) 1389 return; 1390 1391 schedule_work(&local->sched_scan_stopped_work); 1392 } 1393 EXPORT_SYMBOL(ieee80211_sched_scan_stopped); 1394