1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * BSS client mode implementation
4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2013-2014 Intel Mobile Communications GmbH
10 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
11 * Copyright (C) 2018 - 2025 Intel Corporation
12 */
13
14 #include <linux/delay.h>
15 #include <linux/fips.h>
16 #include <linux/if_ether.h>
17 #include <linux/skbuff.h>
18 #include <linux/if_arp.h>
19 #include <linux/etherdevice.h>
20 #include <linux/moduleparam.h>
21 #include <linux/rtnetlink.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <linux/unaligned.h>
27
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
30 #include "rate.h"
31 #include "led.h"
32 #include "fils_aead.h"
33
34 #include <kunit/static_stub.h>
35
36 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
37 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
38 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
39 #define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2)
40 #define IEEE80211_AUTH_MAX_TRIES 3
41 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
42 #define IEEE80211_AUTH_WAIT_SAE_RETRY (HZ * 2)
43 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
44 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
45 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
46 #define IEEE80211_ASSOC_MAX_TRIES 3
47
48 #define IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS msecs_to_jiffies(100)
49 #define IEEE80211_ADV_TTLM_ST_UNDERFLOW 0xff00
50
51 #define IEEE80211_NEG_TTLM_REQ_TIMEOUT (HZ / 5)
52
53 static int max_nullfunc_tries = 2;
54 module_param(max_nullfunc_tries, int, 0644);
55 MODULE_PARM_DESC(max_nullfunc_tries,
56 "Maximum nullfunc tx tries before disconnecting (reason 4).");
57
58 static int max_probe_tries = 5;
59 module_param(max_probe_tries, int, 0644);
60 MODULE_PARM_DESC(max_probe_tries,
61 "Maximum probe tries before disconnecting (reason 4).");
62
63 /*
64 * Beacon loss timeout is calculated as N frames times the
65 * advertised beacon interval. This may need to be somewhat
66 * higher than what hardware might detect to account for
67 * delays in the host processing frames. But since we also
68 * probe on beacon miss before declaring the connection lost
69 * default to what we want.
70 */
71 static int beacon_loss_count = 7;
72 module_param(beacon_loss_count, int, 0644);
73 MODULE_PARM_DESC(beacon_loss_count,
74 "Number of beacon intervals before we decide beacon was lost.");
75
76 /*
77 * Time the connection can be idle before we probe
78 * it to see if we can still talk to the AP.
79 */
80 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
81 /*
82 * Time we wait for a probe response after sending
83 * a probe request because of beacon loss or for
84 * checking the connection still works.
85 */
86 static int probe_wait_ms = 500;
87 module_param(probe_wait_ms, int, 0644);
88 MODULE_PARM_DESC(probe_wait_ms,
89 "Maximum time(ms) to wait for probe response"
90 " before disconnecting (reason 4).");
91
92 /*
93 * How many Beacon frames need to have been used in average signal strength
94 * before starting to indicate signal change events.
95 */
96 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
97
98 /*
99 * We can have multiple work items (and connection probing)
100 * scheduling this timer, but we need to take care to only
101 * reschedule it when it should fire _earlier_ than it was
102 * asked for before, or if it's not pending right now. This
103 * function ensures that. Note that it then is required to
104 * run this function for all timeouts after the first one
105 * has happened -- the work that runs from this timer will
106 * do that.
107 */
run_again(struct ieee80211_sub_if_data * sdata,unsigned long timeout)108 static void run_again(struct ieee80211_sub_if_data *sdata,
109 unsigned long timeout)
110 {
111 lockdep_assert_wiphy(sdata->local->hw.wiphy);
112
113 if (!timer_pending(&sdata->u.mgd.timer) ||
114 time_before(timeout, sdata->u.mgd.timer.expires))
115 mod_timer(&sdata->u.mgd.timer, timeout);
116 }
117
ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data * sdata)118 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
119 {
120 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
121 return;
122
123 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
124 return;
125
126 mod_timer(&sdata->u.mgd.bcn_mon_timer,
127 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
128 }
129
ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data * sdata)130 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
131 {
132 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
133
134 if (unlikely(!ifmgd->associated))
135 return;
136
137 if (ifmgd->probe_send_count)
138 ifmgd->probe_send_count = 0;
139
140 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
141 return;
142
143 mod_timer(&ifmgd->conn_mon_timer,
144 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
145 }
146
ecw2cw(int ecw)147 static int ecw2cw(int ecw)
148 {
149 return (1 << ecw) - 1;
150 }
151
152 static enum ieee80211_conn_mode
ieee80211_determine_ap_chan(struct ieee80211_sub_if_data * sdata,struct ieee80211_channel * channel,u32 vht_cap_info,const struct ieee802_11_elems * elems,bool ignore_ht_channel_mismatch,const struct ieee80211_conn_settings * conn,struct cfg80211_chan_def * chandef)153 ieee80211_determine_ap_chan(struct ieee80211_sub_if_data *sdata,
154 struct ieee80211_channel *channel,
155 u32 vht_cap_info,
156 const struct ieee802_11_elems *elems,
157 bool ignore_ht_channel_mismatch,
158 const struct ieee80211_conn_settings *conn,
159 struct cfg80211_chan_def *chandef)
160 {
161 const struct ieee80211_ht_operation *ht_oper = elems->ht_operation;
162 const struct ieee80211_vht_operation *vht_oper = elems->vht_operation;
163 const struct ieee80211_he_operation *he_oper = elems->he_operation;
164 const struct ieee80211_eht_operation *eht_oper = elems->eht_operation;
165 struct ieee80211_supported_band *sband =
166 sdata->local->hw.wiphy->bands[channel->band];
167 struct cfg80211_chan_def vht_chandef;
168 bool no_vht = false;
169 u32 ht_cfreq;
170
171 if (ieee80211_hw_check(&sdata->local->hw, STRICT))
172 ignore_ht_channel_mismatch = false;
173
174 *chandef = (struct cfg80211_chan_def) {
175 .chan = channel,
176 .width = NL80211_CHAN_WIDTH_20_NOHT,
177 .center_freq1 = channel->center_freq,
178 .freq1_offset = channel->freq_offset,
179 };
180
181 /* get special S1G case out of the way */
182 if (sband->band == NL80211_BAND_S1GHZ) {
183 if (!ieee80211_chandef_s1g_oper(elems->s1g_oper, chandef)) {
184 sdata_info(sdata,
185 "Missing S1G Operation Element? Trying operating == primary\n");
186 chandef->width = ieee80211_s1g_channel_width(channel);
187 }
188
189 return IEEE80211_CONN_MODE_S1G;
190 }
191
192 /* get special 6 GHz case out of the way */
193 if (sband->band == NL80211_BAND_6GHZ) {
194 enum ieee80211_conn_mode mode = IEEE80211_CONN_MODE_EHT;
195
196 /* this is an error */
197 if (conn->mode < IEEE80211_CONN_MODE_HE)
198 return IEEE80211_CONN_MODE_LEGACY;
199
200 if (!elems->he_6ghz_capa || !elems->he_cap) {
201 sdata_info(sdata,
202 "HE 6 GHz AP is missing HE/HE 6 GHz band capability\n");
203 return IEEE80211_CONN_MODE_LEGACY;
204 }
205
206 if (!eht_oper || !elems->eht_cap) {
207 eht_oper = NULL;
208 mode = IEEE80211_CONN_MODE_HE;
209 }
210
211 if (!ieee80211_chandef_he_6ghz_oper(sdata->local, he_oper,
212 eht_oper, chandef)) {
213 sdata_info(sdata, "bad HE/EHT 6 GHz operation\n");
214 return IEEE80211_CONN_MODE_LEGACY;
215 }
216
217 return mode;
218 }
219
220 /* now we have the progression HT, VHT, ... */
221 if (conn->mode < IEEE80211_CONN_MODE_HT)
222 return IEEE80211_CONN_MODE_LEGACY;
223
224 if (!ht_oper || !elems->ht_cap_elem)
225 return IEEE80211_CONN_MODE_LEGACY;
226
227 chandef->width = NL80211_CHAN_WIDTH_20;
228
229 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
230 channel->band);
231 /* check that channel matches the right operating channel */
232 if (!ignore_ht_channel_mismatch && channel->center_freq != ht_cfreq) {
233 /*
234 * It's possible that some APs are confused here;
235 * Netgear WNDR3700 sometimes reports 4 higher than
236 * the actual channel in association responses, but
237 * since we look at probe response/beacon data here
238 * it should be OK.
239 */
240 sdata_info(sdata,
241 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
242 channel->center_freq, ht_cfreq,
243 ht_oper->primary_chan, channel->band);
244 return IEEE80211_CONN_MODE_LEGACY;
245 }
246
247 ieee80211_chandef_ht_oper(ht_oper, chandef);
248
249 if (conn->mode < IEEE80211_CONN_MODE_VHT)
250 return IEEE80211_CONN_MODE_HT;
251
252 vht_chandef = *chandef;
253
254 /*
255 * having he_cap/he_oper parsed out implies we're at
256 * least operating as HE STA
257 */
258 if (elems->he_cap && he_oper &&
259 he_oper->he_oper_params & cpu_to_le32(IEEE80211_HE_OPERATION_VHT_OPER_INFO)) {
260 struct ieee80211_vht_operation he_oper_vht_cap;
261
262 /*
263 * Set only first 3 bytes (other 2 aren't used in
264 * ieee80211_chandef_vht_oper() anyway)
265 */
266 memcpy(&he_oper_vht_cap, he_oper->optional, 3);
267 he_oper_vht_cap.basic_mcs_set = cpu_to_le16(0);
268
269 if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info,
270 &he_oper_vht_cap, ht_oper,
271 &vht_chandef)) {
272 sdata_info(sdata,
273 "HE AP VHT information is invalid, disabling HE\n");
274 /* this will cause us to re-parse as VHT STA */
275 return IEEE80211_CONN_MODE_VHT;
276 }
277 } else if (!vht_oper || !elems->vht_cap_elem) {
278 if (sband->band == NL80211_BAND_5GHZ) {
279 sdata_info(sdata,
280 "VHT information is missing, disabling VHT\n");
281 return IEEE80211_CONN_MODE_HT;
282 }
283 no_vht = true;
284 } else if (sband->band == NL80211_BAND_2GHZ) {
285 no_vht = true;
286 } else if (!ieee80211_chandef_vht_oper(&sdata->local->hw,
287 vht_cap_info,
288 vht_oper, ht_oper,
289 &vht_chandef)) {
290 sdata_info(sdata,
291 "AP VHT information is invalid, disabling VHT\n");
292 return IEEE80211_CONN_MODE_HT;
293 }
294
295 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
296 sdata_info(sdata,
297 "AP VHT information doesn't match HT, disabling VHT\n");
298 return IEEE80211_CONN_MODE_HT;
299 }
300
301 *chandef = vht_chandef;
302
303 /* stick to current max mode if we or the AP don't have HE */
304 if (conn->mode < IEEE80211_CONN_MODE_HE ||
305 !elems->he_operation || !elems->he_cap) {
306 if (no_vht)
307 return IEEE80211_CONN_MODE_HT;
308 return IEEE80211_CONN_MODE_VHT;
309 }
310
311 /* stick to HE if we or the AP don't have EHT */
312 if (conn->mode < IEEE80211_CONN_MODE_EHT ||
313 !eht_oper || !elems->eht_cap)
314 return IEEE80211_CONN_MODE_HE;
315
316 /*
317 * handle the case that the EHT operation indicates that it holds EHT
318 * operation information (in case that the channel width differs from
319 * the channel width reported in HT/VHT/HE).
320 */
321 if (eht_oper->params & IEEE80211_EHT_OPER_INFO_PRESENT) {
322 struct cfg80211_chan_def eht_chandef = *chandef;
323
324 ieee80211_chandef_eht_oper((const void *)eht_oper->optional,
325 &eht_chandef);
326
327 eht_chandef.punctured =
328 ieee80211_eht_oper_dis_subchan_bitmap(eht_oper);
329
330 if (!cfg80211_chandef_valid(&eht_chandef)) {
331 sdata_info(sdata,
332 "AP EHT information is invalid, disabling EHT\n");
333 return IEEE80211_CONN_MODE_HE;
334 }
335
336 if (!cfg80211_chandef_compatible(chandef, &eht_chandef)) {
337 sdata_info(sdata,
338 "AP EHT information doesn't match HT/VHT/HE, disabling EHT\n");
339 return IEEE80211_CONN_MODE_HE;
340 }
341
342 *chandef = eht_chandef;
343 }
344
345 return IEEE80211_CONN_MODE_EHT;
346 }
347
348 static bool
ieee80211_verify_sta_ht_mcs_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct ieee80211_ht_operation * ht_op)349 ieee80211_verify_sta_ht_mcs_support(struct ieee80211_sub_if_data *sdata,
350 struct ieee80211_supported_band *sband,
351 const struct ieee80211_ht_operation *ht_op)
352 {
353 struct ieee80211_sta_ht_cap sta_ht_cap;
354 int i;
355
356 if (sband->band == NL80211_BAND_6GHZ)
357 return true;
358
359 if (!ht_op)
360 return false;
361
362 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
363 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
364
365 /*
366 * P802.11REVme/D7.0 - 6.5.4.2.4
367 * ...
368 * If the MLME of an HT STA receives an MLME-JOIN.request primitive
369 * with the SelectedBSS parameter containing a Basic HT-MCS Set field
370 * in the HT Operation parameter that contains any unsupported MCSs,
371 * the MLME response in the resulting MLME-JOIN.confirm primitive shall
372 * contain a ResultCode parameter that is not set to the value SUCCESS.
373 * ...
374 */
375
376 /* Simply check that all basic rates are in the STA RX mask */
377 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
378 if ((ht_op->basic_set[i] & sta_ht_cap.mcs.rx_mask[i]) !=
379 ht_op->basic_set[i])
380 return false;
381 }
382
383 return true;
384 }
385
386 static bool
ieee80211_verify_sta_vht_mcs_support(struct ieee80211_sub_if_data * sdata,int link_id,struct ieee80211_supported_band * sband,const struct ieee80211_vht_operation * vht_op)387 ieee80211_verify_sta_vht_mcs_support(struct ieee80211_sub_if_data *sdata,
388 int link_id,
389 struct ieee80211_supported_band *sband,
390 const struct ieee80211_vht_operation *vht_op)
391 {
392 struct ieee80211_sta_vht_cap sta_vht_cap;
393 u16 ap_min_req_set, sta_rx_mcs_map, sta_tx_mcs_map;
394 int nss;
395
396 if (sband->band != NL80211_BAND_5GHZ)
397 return true;
398
399 if (!vht_op)
400 return false;
401
402 memcpy(&sta_vht_cap, &sband->vht_cap, sizeof(sta_vht_cap));
403 ieee80211_apply_vhtcap_overrides(sdata, &sta_vht_cap);
404
405 ap_min_req_set = le16_to_cpu(vht_op->basic_mcs_set);
406 sta_rx_mcs_map = le16_to_cpu(sta_vht_cap.vht_mcs.rx_mcs_map);
407 sta_tx_mcs_map = le16_to_cpu(sta_vht_cap.vht_mcs.tx_mcs_map);
408
409 /*
410 * Many APs are incorrectly advertising an all-zero value here,
411 * which really means MCS 0-7 are required for 1-8 streams, but
412 * they don't really mean it that way.
413 * Some other APs are incorrectly advertising 3 spatial streams
414 * with MCS 0-7 are required, but don't really mean it that way
415 * and we'll connect only with HT, rather than even HE.
416 * As a result, unfortunately the VHT basic MCS/NSS set cannot
417 * be used at all, so check it only in strict mode.
418 */
419 if (!ieee80211_hw_check(&sdata->local->hw, STRICT))
420 return true;
421
422 /*
423 * P802.11REVme/D7.0 - 6.5.4.2.4
424 * ...
425 * If the MLME of a VHT STA receives an MLME-JOIN.request primitive
426 * with a SelectedBSS parameter containing a Basic VHT-MCS And NSS Set
427 * field in the VHT Operation parameter that contains any unsupported
428 * <VHT-MCS, NSS> tuple, the MLME response in the resulting
429 * MLME-JOIN.confirm primitive shall contain a ResultCode parameter
430 * that is not set to the value SUCCESS.
431 * ...
432 */
433 for (nss = 8; nss > 0; nss--) {
434 u8 ap_op_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
435 u8 sta_rx_val;
436 u8 sta_tx_val;
437
438 if (ap_op_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
439 continue;
440
441 sta_rx_val = (sta_rx_mcs_map >> (2 * (nss - 1))) & 3;
442 sta_tx_val = (sta_tx_mcs_map >> (2 * (nss - 1))) & 3;
443
444 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
445 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
446 sta_rx_val < ap_op_val || sta_tx_val < ap_op_val) {
447 link_id_info(sdata, link_id,
448 "Missing mandatory rates for %d Nss, rx %d, tx %d oper %d, disable VHT\n",
449 nss, sta_rx_val, sta_tx_val, ap_op_val);
450 return false;
451 }
452 }
453
454 return true;
455 }
456
457 static bool
ieee80211_verify_peer_he_mcs_support(struct ieee80211_sub_if_data * sdata,int link_id,const struct ieee80211_he_cap_elem * he_cap,const struct ieee80211_he_operation * he_op)458 ieee80211_verify_peer_he_mcs_support(struct ieee80211_sub_if_data *sdata,
459 int link_id,
460 const struct ieee80211_he_cap_elem *he_cap,
461 const struct ieee80211_he_operation *he_op)
462 {
463 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp;
464 u16 mcs_80_map_tx, mcs_80_map_rx;
465 u16 ap_min_req_set;
466 int nss;
467
468 if (!he_cap)
469 return false;
470
471 /* mcs_nss is right after he_cap info */
472 he_mcs_nss_supp = (void *)(he_cap + 1);
473
474 mcs_80_map_tx = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80);
475 mcs_80_map_rx = le16_to_cpu(he_mcs_nss_supp->rx_mcs_80);
476
477 /* P802.11-REVme/D0.3
478 * 27.1.1 Introduction to the HE PHY
479 * ...
480 * An HE STA shall support the following features:
481 * ...
482 * Single spatial stream HE-MCSs 0 to 7 (transmit and receive) in all
483 * supported channel widths for HE SU PPDUs
484 */
485 if ((mcs_80_map_tx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED ||
486 (mcs_80_map_rx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED) {
487 link_id_info(sdata, link_id,
488 "Missing mandatory rates for 1 Nss, rx 0x%x, tx 0x%x, disable HE\n",
489 mcs_80_map_tx, mcs_80_map_rx);
490 return false;
491 }
492
493 if (!he_op)
494 return true;
495
496 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
497
498 /*
499 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all
500 * zeroes, which is nonsense, and completely inconsistent with itself
501 * (it doesn't have 8 streams). Accept the settings in this case anyway.
502 */
503 if (!ieee80211_hw_check(&sdata->local->hw, STRICT) && !ap_min_req_set)
504 return true;
505
506 /* make sure the AP is consistent with itself
507 *
508 * P802.11-REVme/D0.3
509 * 26.17.1 Basic HE BSS operation
510 *
511 * A STA that is operating in an HE BSS shall be able to receive and
512 * transmit at each of the <HE-MCS, NSS> tuple values indicated by the
513 * Basic HE-MCS And NSS Set field of the HE Operation parameter of the
514 * MLME-START.request primitive and shall be able to receive at each of
515 * the <HE-MCS, NSS> tuple values indicated by the Supported HE-MCS and
516 * NSS Set field in the HE Capabilities parameter of the MLMESTART.request
517 * primitive
518 */
519 for (nss = 8; nss > 0; nss--) {
520 u8 ap_op_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
521 u8 ap_rx_val;
522 u8 ap_tx_val;
523
524 if (ap_op_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
525 continue;
526
527 ap_rx_val = (mcs_80_map_rx >> (2 * (nss - 1))) & 3;
528 ap_tx_val = (mcs_80_map_tx >> (2 * (nss - 1))) & 3;
529
530 if (ap_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
531 ap_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
532 ap_rx_val < ap_op_val || ap_tx_val < ap_op_val) {
533 link_id_info(sdata, link_id,
534 "Invalid rates for %d Nss, rx %d, tx %d oper %d, disable HE\n",
535 nss, ap_rx_val, ap_tx_val, ap_op_val);
536 return false;
537 }
538 }
539
540 return true;
541 }
542
543 static bool
ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct ieee80211_he_operation * he_op)544 ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data *sdata,
545 struct ieee80211_supported_band *sband,
546 const struct ieee80211_he_operation *he_op)
547 {
548 const struct ieee80211_sta_he_cap *sta_he_cap =
549 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
550 u16 ap_min_req_set;
551 int i;
552
553 if (!sta_he_cap || !he_op)
554 return false;
555
556 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
557
558 /*
559 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all
560 * zeroes, which is nonsense, and completely inconsistent with itself
561 * (it doesn't have 8 streams). Accept the settings in this case anyway.
562 */
563 if (!ieee80211_hw_check(&sdata->local->hw, STRICT) && !ap_min_req_set)
564 return true;
565
566 /* Need to go over for 80MHz, 160MHz and for 80+80 */
567 for (i = 0; i < 3; i++) {
568 const struct ieee80211_he_mcs_nss_supp *sta_mcs_nss_supp =
569 &sta_he_cap->he_mcs_nss_supp;
570 u16 sta_mcs_map_rx =
571 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i]);
572 u16 sta_mcs_map_tx =
573 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i + 1]);
574 u8 nss;
575 bool verified = true;
576
577 /*
578 * For each band there is a maximum of 8 spatial streams
579 * possible. Each of the sta_mcs_map_* is a 16-bit struct built
580 * of 2 bits per NSS (1-8), with the values defined in enum
581 * ieee80211_he_mcs_support. Need to make sure STA TX and RX
582 * capabilities aren't less than the AP's minimum requirements
583 * for this HE BSS per SS.
584 * It is enough to find one such band that meets the reqs.
585 */
586 for (nss = 8; nss > 0; nss--) {
587 u8 sta_rx_val = (sta_mcs_map_rx >> (2 * (nss - 1))) & 3;
588 u8 sta_tx_val = (sta_mcs_map_tx >> (2 * (nss - 1))) & 3;
589 u8 ap_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
590
591 if (ap_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
592 continue;
593
594 /*
595 * Make sure the HE AP doesn't require MCSs that aren't
596 * supported by the client as required by spec
597 *
598 * P802.11-REVme/D0.3
599 * 26.17.1 Basic HE BSS operation
600 *
601 * An HE STA shall not attempt to join * (MLME-JOIN.request primitive)
602 * a BSS, unless it supports (i.e., is able to both transmit and
603 * receive using) all of the <HE-MCS, NSS> tuples in the basic
604 * HE-MCS and NSS set.
605 */
606 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
607 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
608 (ap_val > sta_rx_val) || (ap_val > sta_tx_val)) {
609 verified = false;
610 break;
611 }
612 }
613
614 if (verified)
615 return true;
616 }
617
618 /* If here, STA doesn't meet AP's HE min requirements */
619 return false;
620 }
621
622 static u8
ieee80211_get_eht_cap_mcs_nss(const struct ieee80211_sta_he_cap * sta_he_cap,const struct ieee80211_sta_eht_cap * sta_eht_cap,unsigned int idx,int bw)623 ieee80211_get_eht_cap_mcs_nss(const struct ieee80211_sta_he_cap *sta_he_cap,
624 const struct ieee80211_sta_eht_cap *sta_eht_cap,
625 unsigned int idx, int bw)
626 {
627 u8 he_phy_cap0 = sta_he_cap->he_cap_elem.phy_cap_info[0];
628 u8 eht_phy_cap0 = sta_eht_cap->eht_cap_elem.phy_cap_info[0];
629
630 /* handle us being a 20 MHz-only EHT STA - with four values
631 * for MCS 0-7, 8-9, 10-11, 12-13.
632 */
633 if (!(he_phy_cap0 & IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_MASK_ALL))
634 return sta_eht_cap->eht_mcs_nss_supp.only_20mhz.rx_tx_max_nss[idx];
635
636 /* the others have MCS 0-9 together, rather than separately from 0-7 */
637 if (idx > 0)
638 idx--;
639
640 switch (bw) {
641 case 0:
642 return sta_eht_cap->eht_mcs_nss_supp.bw._80.rx_tx_max_nss[idx];
643 case 1:
644 if (!(he_phy_cap0 &
645 (IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
646 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G)))
647 return 0xff; /* pass check */
648 return sta_eht_cap->eht_mcs_nss_supp.bw._160.rx_tx_max_nss[idx];
649 case 2:
650 if (!(eht_phy_cap0 & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ))
651 return 0xff; /* pass check */
652 return sta_eht_cap->eht_mcs_nss_supp.bw._320.rx_tx_max_nss[idx];
653 }
654
655 WARN_ON(1);
656 return 0;
657 }
658
659 static bool
ieee80211_verify_sta_eht_mcs_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct ieee80211_eht_operation * eht_op)660 ieee80211_verify_sta_eht_mcs_support(struct ieee80211_sub_if_data *sdata,
661 struct ieee80211_supported_band *sband,
662 const struct ieee80211_eht_operation *eht_op)
663 {
664 const struct ieee80211_sta_he_cap *sta_he_cap =
665 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
666 const struct ieee80211_sta_eht_cap *sta_eht_cap =
667 ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif);
668 const struct ieee80211_eht_mcs_nss_supp_20mhz_only *req;
669 unsigned int i;
670
671 if (!sta_he_cap || !sta_eht_cap || !eht_op)
672 return false;
673
674 req = &eht_op->basic_mcs_nss;
675
676 for (i = 0; i < ARRAY_SIZE(req->rx_tx_max_nss); i++) {
677 u8 req_rx_nss, req_tx_nss;
678 unsigned int bw;
679
680 req_rx_nss = u8_get_bits(req->rx_tx_max_nss[i],
681 IEEE80211_EHT_MCS_NSS_RX);
682 req_tx_nss = u8_get_bits(req->rx_tx_max_nss[i],
683 IEEE80211_EHT_MCS_NSS_TX);
684
685 for (bw = 0; bw < 3; bw++) {
686 u8 have, have_rx_nss, have_tx_nss;
687
688 have = ieee80211_get_eht_cap_mcs_nss(sta_he_cap,
689 sta_eht_cap,
690 i, bw);
691 have_rx_nss = u8_get_bits(have,
692 IEEE80211_EHT_MCS_NSS_RX);
693 have_tx_nss = u8_get_bits(have,
694 IEEE80211_EHT_MCS_NSS_TX);
695
696 if (req_rx_nss > have_rx_nss ||
697 req_tx_nss > have_tx_nss)
698 return false;
699 }
700 }
701
702 return true;
703 }
704
ieee80211_get_rates(struct ieee80211_supported_band * sband,const u8 * supp_rates,unsigned int supp_rates_len,const u8 * ext_supp_rates,unsigned int ext_supp_rates_len,u32 * rates,u32 * basic_rates,unsigned long * unknown_rates_selectors,bool * have_higher_than_11mbit,int * min_rate,int * min_rate_index)705 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
706 const u8 *supp_rates,
707 unsigned int supp_rates_len,
708 const u8 *ext_supp_rates,
709 unsigned int ext_supp_rates_len,
710 u32 *rates, u32 *basic_rates,
711 unsigned long *unknown_rates_selectors,
712 bool *have_higher_than_11mbit,
713 int *min_rate, int *min_rate_index)
714 {
715 int i, j;
716
717 for (i = 0; i < supp_rates_len + ext_supp_rates_len; i++) {
718 u8 supp_rate = i < supp_rates_len ?
719 supp_rates[i] :
720 ext_supp_rates[i - supp_rates_len];
721 int rate = supp_rate & 0x7f;
722 bool is_basic = !!(supp_rate & 0x80);
723
724 if ((rate * 5) > 110 && have_higher_than_11mbit)
725 *have_higher_than_11mbit = true;
726
727 /*
728 * Skip membership selectors since they're not rates.
729 *
730 * Note: Even though the membership selector and the basic
731 * rate flag share the same bit, they are not exactly
732 * the same.
733 */
734 if (is_basic && rate >= BSS_MEMBERSHIP_SELECTOR_MIN) {
735 if (unknown_rates_selectors)
736 set_bit(rate, unknown_rates_selectors);
737 continue;
738 }
739
740 for (j = 0; j < sband->n_bitrates; j++) {
741 struct ieee80211_rate *br;
742 int brate;
743
744 br = &sband->bitrates[j];
745
746 brate = DIV_ROUND_UP(br->bitrate, 5);
747 if (brate == rate) {
748 if (rates)
749 *rates |= BIT(j);
750 if (is_basic && basic_rates)
751 *basic_rates |= BIT(j);
752 if (min_rate && (rate * 5) < *min_rate) {
753 *min_rate = rate * 5;
754 if (min_rate_index)
755 *min_rate_index = j;
756 }
757 break;
758 }
759 }
760
761 /* Handle an unknown entry as if it is an unknown selector */
762 if (is_basic && unknown_rates_selectors && j == sband->n_bitrates)
763 set_bit(rate, unknown_rates_selectors);
764 }
765 }
766
ieee80211_chandef_usable(struct ieee80211_sub_if_data * sdata,const struct cfg80211_chan_def * chandef,u32 prohibited_flags)767 static bool ieee80211_chandef_usable(struct ieee80211_sub_if_data *sdata,
768 const struct cfg80211_chan_def *chandef,
769 u32 prohibited_flags)
770 {
771 if (!cfg80211_chandef_usable(sdata->local->hw.wiphy,
772 chandef, prohibited_flags))
773 return false;
774
775 if (chandef->punctured &&
776 ieee80211_hw_check(&sdata->local->hw, DISALLOW_PUNCTURING))
777 return false;
778
779 if (chandef->punctured && chandef->chan->band == NL80211_BAND_5GHZ &&
780 ieee80211_hw_check(&sdata->local->hw, DISALLOW_PUNCTURING_5GHZ))
781 return false;
782
783 return true;
784 }
785
ieee80211_chandef_num_subchans(const struct cfg80211_chan_def * c)786 static int ieee80211_chandef_num_subchans(const struct cfg80211_chan_def *c)
787 {
788 if (c->width == NL80211_CHAN_WIDTH_80P80)
789 return 4 + 4;
790
791 return cfg80211_chandef_get_width(c) / 20;
792 }
793
ieee80211_chandef_num_widths(const struct cfg80211_chan_def * c)794 static int ieee80211_chandef_num_widths(const struct cfg80211_chan_def *c)
795 {
796 switch (c->width) {
797 case NL80211_CHAN_WIDTH_20:
798 case NL80211_CHAN_WIDTH_20_NOHT:
799 return 1;
800 case NL80211_CHAN_WIDTH_40:
801 return 2;
802 case NL80211_CHAN_WIDTH_80P80:
803 case NL80211_CHAN_WIDTH_80:
804 return 3;
805 case NL80211_CHAN_WIDTH_160:
806 return 4;
807 case NL80211_CHAN_WIDTH_320:
808 return 5;
809 default:
810 WARN_ON(1);
811 return 0;
812 }
813 }
814
815 VISIBLE_IF_MAC80211_KUNIT int
ieee80211_calc_chandef_subchan_offset(const struct cfg80211_chan_def * ap,u8 n_partial_subchans)816 ieee80211_calc_chandef_subchan_offset(const struct cfg80211_chan_def *ap,
817 u8 n_partial_subchans)
818 {
819 int n = ieee80211_chandef_num_subchans(ap);
820 struct cfg80211_chan_def tmp = *ap;
821 int offset = 0;
822
823 /*
824 * Given a chandef (in this context, it's the AP's) and a number
825 * of subchannels that we want to look at ('n_partial_subchans'),
826 * calculate the offset in number of subchannels between the full
827 * and the subset with the desired width.
828 */
829
830 /* same number of subchannels means no offset, obviously */
831 if (n == n_partial_subchans)
832 return 0;
833
834 /* don't WARN - misconfigured APs could cause this if their N > width */
835 if (n < n_partial_subchans)
836 return 0;
837
838 while (ieee80211_chandef_num_subchans(&tmp) > n_partial_subchans) {
839 u32 prev = tmp.center_freq1;
840
841 ieee80211_chandef_downgrade(&tmp, NULL);
842
843 /*
844 * if center_freq moved up, half the original channels
845 * are gone now but were below, so increase offset
846 */
847 if (prev < tmp.center_freq1)
848 offset += ieee80211_chandef_num_subchans(&tmp);
849 }
850
851 /*
852 * 80+80 with secondary 80 below primary - four subchannels for it
853 * (we cannot downgrade *to* 80+80, so no need to consider 'tmp')
854 */
855 if (ap->width == NL80211_CHAN_WIDTH_80P80 &&
856 ap->center_freq2 < ap->center_freq1)
857 offset += 4;
858
859 return offset;
860 }
861 EXPORT_SYMBOL_IF_MAC80211_KUNIT(ieee80211_calc_chandef_subchan_offset);
862
863 VISIBLE_IF_MAC80211_KUNIT void
ieee80211_rearrange_tpe_psd(struct ieee80211_parsed_tpe_psd * psd,const struct cfg80211_chan_def * ap,const struct cfg80211_chan_def * used)864 ieee80211_rearrange_tpe_psd(struct ieee80211_parsed_tpe_psd *psd,
865 const struct cfg80211_chan_def *ap,
866 const struct cfg80211_chan_def *used)
867 {
868 u8 needed = ieee80211_chandef_num_subchans(used);
869 u8 have = ieee80211_chandef_num_subchans(ap);
870 u8 tmp[IEEE80211_TPE_PSD_ENTRIES_320MHZ];
871 u8 offset;
872
873 if (!psd->valid)
874 return;
875
876 /* if N is zero, all defaults were used, no point in rearranging */
877 if (!psd->n)
878 goto out;
879
880 BUILD_BUG_ON(sizeof(tmp) != sizeof(psd->power));
881
882 /*
883 * This assumes that 'N' is consistent with the HE channel, as
884 * it should be (otherwise the AP is broken).
885 *
886 * In psd->power we have values in the order 0..N, 0..K, where
887 * N+K should cover the entire channel per 'ap', but even if it
888 * doesn't then we've pre-filled 'unlimited' as defaults.
889 *
890 * But this is all the wrong order, we want to have them in the
891 * order of the 'used' channel.
892 *
893 * So for example, we could have a 320 MHz EHT AP, which has the
894 * HE channel as 80 MHz (e.g. due to puncturing, which doesn't
895 * seem to be considered for the TPE), as follows:
896 *
897 * EHT 320: | | | | | | | | | | | | | | | | |
898 * HE 80: | | | | |
899 * used 160: | | | | | | | | |
900 *
901 * N entries: |--|--|--|--|
902 * K entries: |--|--|--|--|--|--|--|--| |--|--|--|--|
903 * power idx: 4 5 6 7 8 9 10 11 0 1 2 3 12 13 14 15
904 * full chan: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
905 * used chan: 0 1 2 3 4 5 6 7
906 *
907 * The idx in the power array ('power idx') is like this since it
908 * comes directly from the element's N and K entries in their
909 * element order, and those are this way for HE compatibility.
910 *
911 * Rearrange them as desired here, first by putting them into the
912 * 'full chan' order, and then selecting the necessary subset for
913 * the 'used chan'.
914 */
915
916 /* first reorder according to AP channel */
917 offset = ieee80211_calc_chandef_subchan_offset(ap, psd->n);
918 for (int i = 0; i < have; i++) {
919 if (i < offset)
920 tmp[i] = psd->power[i + psd->n];
921 else if (i < offset + psd->n)
922 tmp[i] = psd->power[i - offset];
923 else
924 tmp[i] = psd->power[i];
925 }
926
927 /*
928 * and then select the subset for the used channel
929 * (set everything to defaults first in case a driver is confused)
930 */
931 memset(psd->power, IEEE80211_TPE_PSD_NO_LIMIT, sizeof(psd->power));
932 offset = ieee80211_calc_chandef_subchan_offset(ap, needed);
933 for (int i = 0; i < needed; i++)
934 psd->power[i] = tmp[offset + i];
935
936 out:
937 /* limit, but don't lie if there are defaults in the data */
938 if (needed < psd->count)
939 psd->count = needed;
940 }
941 EXPORT_SYMBOL_IF_MAC80211_KUNIT(ieee80211_rearrange_tpe_psd);
942
ieee80211_rearrange_tpe(struct ieee80211_parsed_tpe * tpe,const struct cfg80211_chan_def * ap,const struct cfg80211_chan_def * used)943 static void ieee80211_rearrange_tpe(struct ieee80211_parsed_tpe *tpe,
944 const struct cfg80211_chan_def *ap,
945 const struct cfg80211_chan_def *used)
946 {
947 /* ignore this completely for narrow/invalid channels */
948 if (!ieee80211_chandef_num_subchans(ap) ||
949 !ieee80211_chandef_num_subchans(used)) {
950 ieee80211_clear_tpe(tpe);
951 return;
952 }
953
954 for (int i = 0; i < 2; i++) {
955 int needed_pwr_count;
956
957 ieee80211_rearrange_tpe_psd(&tpe->psd_local[i], ap, used);
958 ieee80211_rearrange_tpe_psd(&tpe->psd_reg_client[i], ap, used);
959
960 /* limit this to the widths we actually need */
961 needed_pwr_count = ieee80211_chandef_num_widths(used);
962 if (needed_pwr_count < tpe->max_local[i].count)
963 tpe->max_local[i].count = needed_pwr_count;
964 if (needed_pwr_count < tpe->max_reg_client[i].count)
965 tpe->max_reg_client[i].count = needed_pwr_count;
966 }
967 }
968
969 /*
970 * The AP part of the channel request is used to distinguish settings
971 * to the device used for wider bandwidth OFDMA. This is used in the
972 * channel context code to assign two channel contexts even if they're
973 * both for the same channel, if the AP bandwidths are incompatible.
974 * If not EHT (or driver override) then ap.chan == NULL indicates that
975 * there's no wider BW OFDMA used.
976 */
ieee80211_set_chanreq_ap(struct ieee80211_sub_if_data * sdata,struct ieee80211_chan_req * chanreq,struct ieee80211_conn_settings * conn,struct cfg80211_chan_def * ap_chandef)977 static void ieee80211_set_chanreq_ap(struct ieee80211_sub_if_data *sdata,
978 struct ieee80211_chan_req *chanreq,
979 struct ieee80211_conn_settings *conn,
980 struct cfg80211_chan_def *ap_chandef)
981 {
982 chanreq->ap.chan = NULL;
983
984 if (conn->mode < IEEE80211_CONN_MODE_EHT)
985 return;
986 if (sdata->vif.driver_flags & IEEE80211_VIF_IGNORE_OFDMA_WIDER_BW)
987 return;
988
989 chanreq->ap = *ap_chandef;
990 }
991
992 VISIBLE_IF_MAC80211_KUNIT struct ieee802_11_elems *
ieee80211_determine_chan_mode(struct ieee80211_sub_if_data * sdata,struct ieee80211_conn_settings * conn,struct cfg80211_bss * cbss,int link_id,struct ieee80211_chan_req * chanreq,struct cfg80211_chan_def * ap_chandef,unsigned long * userspace_selectors)993 ieee80211_determine_chan_mode(struct ieee80211_sub_if_data *sdata,
994 struct ieee80211_conn_settings *conn,
995 struct cfg80211_bss *cbss, int link_id,
996 struct ieee80211_chan_req *chanreq,
997 struct cfg80211_chan_def *ap_chandef,
998 unsigned long *userspace_selectors)
999 {
1000 const struct cfg80211_bss_ies *ies = rcu_dereference(cbss->ies);
1001 struct ieee80211_bss *bss = (void *)cbss->priv;
1002 struct ieee80211_channel *channel = cbss->channel;
1003 struct ieee80211_elems_parse_params parse_params = {
1004 .link_id = -1,
1005 .from_ap = true,
1006 .start = ies->data,
1007 .len = ies->len,
1008 };
1009 struct ieee802_11_elems *elems;
1010 struct ieee80211_supported_band *sband;
1011 enum ieee80211_conn_mode ap_mode;
1012 unsigned long unknown_rates_selectors[BITS_TO_LONGS(128)] = {};
1013 unsigned long sta_selectors[BITS_TO_LONGS(128)] = {};
1014 int ret;
1015
1016 again:
1017 parse_params.mode = conn->mode;
1018 elems = ieee802_11_parse_elems_full(&parse_params);
1019 if (!elems)
1020 return ERR_PTR(-ENOMEM);
1021
1022 ap_mode = ieee80211_determine_ap_chan(sdata, channel, bss->vht_cap_info,
1023 elems, false, conn, ap_chandef);
1024
1025 /* this should be impossible since parsing depends on our mode */
1026 if (WARN_ON(ap_mode > conn->mode)) {
1027 ret = -EINVAL;
1028 goto free;
1029 }
1030
1031 if (conn->mode != ap_mode) {
1032 conn->mode = ap_mode;
1033 kfree(elems);
1034 goto again;
1035 }
1036
1037 mlme_link_id_dbg(sdata, link_id, "determined AP %pM to be %s\n",
1038 cbss->bssid, ieee80211_conn_mode_str(ap_mode));
1039
1040 sband = sdata->local->hw.wiphy->bands[channel->band];
1041
1042 ieee80211_get_rates(sband, elems->supp_rates, elems->supp_rates_len,
1043 elems->ext_supp_rates, elems->ext_supp_rates_len,
1044 NULL, NULL, unknown_rates_selectors, NULL, NULL,
1045 NULL);
1046
1047 switch (channel->band) {
1048 case NL80211_BAND_S1GHZ:
1049 if (WARN_ON(ap_mode != IEEE80211_CONN_MODE_S1G)) {
1050 ret = -EINVAL;
1051 goto free;
1052 }
1053 return elems;
1054 case NL80211_BAND_6GHZ:
1055 if (ap_mode < IEEE80211_CONN_MODE_HE) {
1056 link_id_info(sdata, link_id,
1057 "Rejecting non-HE 6/7 GHz connection");
1058 ret = -EINVAL;
1059 goto free;
1060 }
1061 break;
1062 default:
1063 if (WARN_ON(ap_mode == IEEE80211_CONN_MODE_S1G)) {
1064 ret = -EINVAL;
1065 goto free;
1066 }
1067 }
1068
1069 switch (ap_mode) {
1070 case IEEE80211_CONN_MODE_S1G:
1071 WARN_ON(1);
1072 ret = -EINVAL;
1073 goto free;
1074 case IEEE80211_CONN_MODE_LEGACY:
1075 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
1076 break;
1077 case IEEE80211_CONN_MODE_HT:
1078 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1079 conn->bw_limit,
1080 IEEE80211_CONN_BW_LIMIT_40);
1081 break;
1082 case IEEE80211_CONN_MODE_VHT:
1083 case IEEE80211_CONN_MODE_HE:
1084 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1085 conn->bw_limit,
1086 IEEE80211_CONN_BW_LIMIT_160);
1087 break;
1088 case IEEE80211_CONN_MODE_EHT:
1089 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1090 conn->bw_limit,
1091 IEEE80211_CONN_BW_LIMIT_320);
1092 break;
1093 }
1094
1095 chanreq->oper = *ap_chandef;
1096
1097 bitmap_copy(sta_selectors, userspace_selectors, 128);
1098 if (conn->mode >= IEEE80211_CONN_MODE_HT)
1099 set_bit(BSS_MEMBERSHIP_SELECTOR_HT_PHY, sta_selectors);
1100 if (conn->mode >= IEEE80211_CONN_MODE_VHT)
1101 set_bit(BSS_MEMBERSHIP_SELECTOR_VHT_PHY, sta_selectors);
1102 if (conn->mode >= IEEE80211_CONN_MODE_HE)
1103 set_bit(BSS_MEMBERSHIP_SELECTOR_HE_PHY, sta_selectors);
1104 if (conn->mode >= IEEE80211_CONN_MODE_EHT)
1105 set_bit(BSS_MEMBERSHIP_SELECTOR_EHT_PHY, sta_selectors);
1106
1107 /*
1108 * We do not support EPD or GLK so never add them.
1109 * SAE_H2E is handled through userspace_selectors.
1110 */
1111
1112 /* Check if we support all required features */
1113 if (!bitmap_subset(unknown_rates_selectors, sta_selectors, 128)) {
1114 link_id_info(sdata, link_id,
1115 "required basic rate or BSS membership selectors not supported or disabled, rejecting connection\n");
1116 ret = -EINVAL;
1117 goto free;
1118 }
1119
1120 ieee80211_set_chanreq_ap(sdata, chanreq, conn, ap_chandef);
1121
1122 while (!ieee80211_chandef_usable(sdata, &chanreq->oper,
1123 IEEE80211_CHAN_DISABLED)) {
1124 if (WARN_ON(chanreq->oper.width == NL80211_CHAN_WIDTH_20_NOHT)) {
1125 ret = -EINVAL;
1126 goto free;
1127 }
1128
1129 ieee80211_chanreq_downgrade(chanreq, conn);
1130 }
1131
1132 if (conn->mode >= IEEE80211_CONN_MODE_HE &&
1133 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
1134 IEEE80211_CHAN_NO_HE)) {
1135 conn->mode = IEEE80211_CONN_MODE_VHT;
1136 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1137 conn->bw_limit,
1138 IEEE80211_CONN_BW_LIMIT_160);
1139 }
1140
1141 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
1142 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
1143 IEEE80211_CHAN_NO_EHT)) {
1144 conn->mode = IEEE80211_CONN_MODE_HE;
1145 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1146 conn->bw_limit,
1147 IEEE80211_CONN_BW_LIMIT_160);
1148 }
1149
1150 if (chanreq->oper.width != ap_chandef->width || ap_mode != conn->mode)
1151 link_id_info(sdata, link_id,
1152 "regulatory prevented using AP config, downgraded\n");
1153
1154 if (conn->mode >= IEEE80211_CONN_MODE_HT &&
1155 !ieee80211_verify_sta_ht_mcs_support(sdata, sband,
1156 elems->ht_operation)) {
1157 conn->mode = IEEE80211_CONN_MODE_LEGACY;
1158 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
1159 link_id_info(sdata, link_id,
1160 "required MCSes not supported, disabling HT\n");
1161 }
1162
1163 if (conn->mode >= IEEE80211_CONN_MODE_VHT &&
1164 !ieee80211_verify_sta_vht_mcs_support(sdata, link_id, sband,
1165 elems->vht_operation)) {
1166 conn->mode = IEEE80211_CONN_MODE_HT;
1167 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1168 conn->bw_limit,
1169 IEEE80211_CONN_BW_LIMIT_40);
1170 link_id_info(sdata, link_id,
1171 "required MCSes not supported, disabling VHT\n");
1172 }
1173
1174 if (conn->mode >= IEEE80211_CONN_MODE_HE &&
1175 (!ieee80211_verify_peer_he_mcs_support(sdata, link_id,
1176 (void *)elems->he_cap,
1177 elems->he_operation) ||
1178 !ieee80211_verify_sta_he_mcs_support(sdata, sband,
1179 elems->he_operation))) {
1180 conn->mode = IEEE80211_CONN_MODE_VHT;
1181 link_id_info(sdata, link_id,
1182 "required MCSes not supported, disabling HE\n");
1183 }
1184
1185 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
1186 !ieee80211_verify_sta_eht_mcs_support(sdata, sband,
1187 elems->eht_operation)) {
1188 conn->mode = IEEE80211_CONN_MODE_HE;
1189 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1190 conn->bw_limit,
1191 IEEE80211_CONN_BW_LIMIT_160);
1192 link_id_info(sdata, link_id,
1193 "required MCSes not supported, disabling EHT\n");
1194 }
1195
1196 /* the mode can only decrease, so this must terminate */
1197 if (ap_mode != conn->mode) {
1198 kfree(elems);
1199 goto again;
1200 }
1201
1202 mlme_link_id_dbg(sdata, link_id,
1203 "connecting with %s mode, max bandwidth %d MHz\n",
1204 ieee80211_conn_mode_str(conn->mode),
1205 20 * (1 << conn->bw_limit));
1206
1207 if (WARN_ON_ONCE(!cfg80211_chandef_valid(&chanreq->oper))) {
1208 ret = -EINVAL;
1209 goto free;
1210 }
1211
1212 return elems;
1213 free:
1214 kfree(elems);
1215 return ERR_PTR(ret);
1216 }
1217 EXPORT_SYMBOL_IF_MAC80211_KUNIT(ieee80211_determine_chan_mode);
1218
ieee80211_config_bw(struct ieee80211_link_data * link,struct ieee802_11_elems * elems,bool update,u64 * changed,const char * frame)1219 static int ieee80211_config_bw(struct ieee80211_link_data *link,
1220 struct ieee802_11_elems *elems,
1221 bool update, u64 *changed,
1222 const char *frame)
1223 {
1224 struct ieee80211_channel *channel = link->conf->chanreq.oper.chan;
1225 struct ieee80211_sub_if_data *sdata = link->sdata;
1226 struct ieee80211_chan_req chanreq = {};
1227 struct cfg80211_chan_def ap_chandef;
1228 enum ieee80211_conn_mode ap_mode;
1229 u32 vht_cap_info = 0;
1230 u16 ht_opmode;
1231 int ret;
1232
1233 /* don't track any bandwidth changes in legacy/S1G modes */
1234 if (link->u.mgd.conn.mode == IEEE80211_CONN_MODE_LEGACY ||
1235 link->u.mgd.conn.mode == IEEE80211_CONN_MODE_S1G)
1236 return 0;
1237
1238 if (elems->vht_cap_elem)
1239 vht_cap_info = le32_to_cpu(elems->vht_cap_elem->vht_cap_info);
1240
1241 ap_mode = ieee80211_determine_ap_chan(sdata, channel, vht_cap_info,
1242 elems, true, &link->u.mgd.conn,
1243 &ap_chandef);
1244
1245 if (ap_mode != link->u.mgd.conn.mode) {
1246 link_info(link,
1247 "AP %pM appears to change mode (expected %s, found %s) in %s, disconnect\n",
1248 link->u.mgd.bssid,
1249 ieee80211_conn_mode_str(link->u.mgd.conn.mode),
1250 ieee80211_conn_mode_str(ap_mode), frame);
1251 return -EINVAL;
1252 }
1253
1254 chanreq.oper = ap_chandef;
1255 ieee80211_set_chanreq_ap(sdata, &chanreq, &link->u.mgd.conn,
1256 &ap_chandef);
1257
1258 /*
1259 * if HT operation mode changed store the new one -
1260 * this may be applicable even if channel is identical
1261 */
1262 if (elems->ht_operation) {
1263 ht_opmode = le16_to_cpu(elems->ht_operation->operation_mode);
1264 if (link->conf->ht_operation_mode != ht_opmode) {
1265 *changed |= BSS_CHANGED_HT;
1266 link->conf->ht_operation_mode = ht_opmode;
1267 }
1268 }
1269
1270 /*
1271 * Downgrade the new channel if we associated with restricted
1272 * bandwidth capabilities. For example, if we associated as a
1273 * 20 MHz STA to a 40 MHz AP (due to regulatory, capabilities
1274 * or config reasons) then switching to a 40 MHz channel now
1275 * won't do us any good -- we couldn't use it with the AP.
1276 */
1277 while (link->u.mgd.conn.bw_limit <
1278 ieee80211_min_bw_limit_from_chandef(&chanreq.oper))
1279 ieee80211_chandef_downgrade(&chanreq.oper, NULL);
1280
1281 if (ap_chandef.chan->band == NL80211_BAND_6GHZ &&
1282 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE) {
1283 ieee80211_rearrange_tpe(&elems->tpe, &ap_chandef,
1284 &chanreq.oper);
1285 if (memcmp(&link->conf->tpe, &elems->tpe, sizeof(elems->tpe))) {
1286 link->conf->tpe = elems->tpe;
1287 *changed |= BSS_CHANGED_TPE;
1288 }
1289 }
1290
1291 if (ieee80211_chanreq_identical(&chanreq, &link->conf->chanreq))
1292 return 0;
1293
1294 link_info(link,
1295 "AP %pM changed bandwidth in %s, new used config is %d.%03d MHz, width %d (%d.%03d/%d MHz)\n",
1296 link->u.mgd.bssid, frame, chanreq.oper.chan->center_freq,
1297 chanreq.oper.chan->freq_offset, chanreq.oper.width,
1298 chanreq.oper.center_freq1, chanreq.oper.freq1_offset,
1299 chanreq.oper.center_freq2);
1300
1301 if (!cfg80211_chandef_valid(&chanreq.oper)) {
1302 sdata_info(sdata,
1303 "AP %pM changed caps/bw in %s in a way we can't support - disconnect\n",
1304 link->u.mgd.bssid, frame);
1305 return -EINVAL;
1306 }
1307
1308 if (!update) {
1309 link->conf->chanreq = chanreq;
1310 return 0;
1311 }
1312
1313 /*
1314 * We're tracking the current AP here, so don't do any further checks
1315 * here. This keeps us from playing ping-pong with regulatory, without
1316 * it the following can happen (for example):
1317 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
1318 * - AP advertises regdom US
1319 * - CRDA loads regdom US with 80 MHz prohibited (old database)
1320 * - we detect an unsupported channel and disconnect
1321 * - disconnect causes CRDA to reload world regdomain and the game
1322 * starts anew.
1323 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
1324 *
1325 * It seems possible that there are still scenarios with CSA or real
1326 * bandwidth changes where a this could happen, but those cases are
1327 * less common and wouldn't completely prevent using the AP.
1328 */
1329
1330 ret = ieee80211_link_change_chanreq(link, &chanreq, changed);
1331 if (ret) {
1332 sdata_info(sdata,
1333 "AP %pM changed bandwidth in %s to incompatible one - disconnect\n",
1334 link->u.mgd.bssid, frame);
1335 return ret;
1336 }
1337
1338 cfg80211_schedule_channels_check(&sdata->wdev);
1339 return 0;
1340 }
1341
1342 /* frame sending functions */
1343
ieee80211_add_ht_ie(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,u8 ap_ht_param,struct ieee80211_supported_band * sband,struct ieee80211_channel * channel,enum ieee80211_smps_mode smps,const struct ieee80211_conn_settings * conn)1344 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
1345 struct sk_buff *skb, u8 ap_ht_param,
1346 struct ieee80211_supported_band *sband,
1347 struct ieee80211_channel *channel,
1348 enum ieee80211_smps_mode smps,
1349 const struct ieee80211_conn_settings *conn)
1350 {
1351 u8 *pos;
1352 u32 flags = channel->flags;
1353 u16 cap;
1354 struct ieee80211_sta_ht_cap ht_cap;
1355
1356 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
1357
1358 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
1359 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
1360
1361 /* determine capability flags */
1362 cap = ht_cap.cap;
1363
1364 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
1365 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
1366 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
1367 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
1368 cap &= ~IEEE80211_HT_CAP_SGI_40;
1369 }
1370 break;
1371 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
1372 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
1373 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
1374 cap &= ~IEEE80211_HT_CAP_SGI_40;
1375 }
1376 break;
1377 }
1378
1379 /*
1380 * If 40 MHz was disabled associate as though we weren't
1381 * capable of 40 MHz -- some broken APs will never fall
1382 * back to trying to transmit in 20 MHz.
1383 */
1384 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_20) {
1385 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
1386 cap &= ~IEEE80211_HT_CAP_SGI_40;
1387 }
1388
1389 /* set SM PS mode properly */
1390 cap &= ~IEEE80211_HT_CAP_SM_PS;
1391 switch (smps) {
1392 case IEEE80211_SMPS_AUTOMATIC:
1393 case IEEE80211_SMPS_NUM_MODES:
1394 WARN_ON(1);
1395 fallthrough;
1396 case IEEE80211_SMPS_OFF:
1397 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
1398 IEEE80211_HT_CAP_SM_PS_SHIFT;
1399 break;
1400 case IEEE80211_SMPS_STATIC:
1401 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
1402 IEEE80211_HT_CAP_SM_PS_SHIFT;
1403 break;
1404 case IEEE80211_SMPS_DYNAMIC:
1405 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
1406 IEEE80211_HT_CAP_SM_PS_SHIFT;
1407 break;
1408 }
1409
1410 /* reserve and fill IE */
1411 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
1412 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
1413 }
1414
1415 /* This function determines vht capability flags for the association
1416 * and builds the IE.
1417 * Note - the function returns true to own the MU-MIMO capability
1418 */
ieee80211_add_vht_ie(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,struct ieee80211_supported_band * sband,struct ieee80211_vht_cap * ap_vht_cap,const struct ieee80211_conn_settings * conn)1419 static bool ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
1420 struct sk_buff *skb,
1421 struct ieee80211_supported_band *sband,
1422 struct ieee80211_vht_cap *ap_vht_cap,
1423 const struct ieee80211_conn_settings *conn)
1424 {
1425 struct ieee80211_local *local = sdata->local;
1426 u8 *pos;
1427 u32 cap;
1428 struct ieee80211_sta_vht_cap vht_cap;
1429 u32 mask, ap_bf_sts, our_bf_sts;
1430 bool mu_mimo_owner = false;
1431
1432 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
1433
1434 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
1435 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
1436
1437 /* determine capability flags */
1438 cap = vht_cap.cap;
1439
1440 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_80) {
1441 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
1442 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
1443 }
1444
1445 /*
1446 * Some APs apparently get confused if our capabilities are better
1447 * than theirs, so restrict what we advertise in the assoc request.
1448 */
1449 if (!ieee80211_hw_check(&local->hw, STRICT)) {
1450 if (!(ap_vht_cap->vht_cap_info &
1451 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
1452 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
1453 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1454 else if (!(ap_vht_cap->vht_cap_info &
1455 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
1456 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
1457 }
1458
1459 /*
1460 * If some other vif is using the MU-MIMO capability we cannot associate
1461 * using MU-MIMO - this will lead to contradictions in the group-id
1462 * mechanism.
1463 * Ownership is defined since association request, in order to avoid
1464 * simultaneous associations with MU-MIMO.
1465 */
1466 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) {
1467 bool disable_mu_mimo = false;
1468 struct ieee80211_sub_if_data *other;
1469
1470 list_for_each_entry(other, &local->interfaces, list) {
1471 if (other->vif.bss_conf.mu_mimo_owner) {
1472 disable_mu_mimo = true;
1473 break;
1474 }
1475 }
1476 if (disable_mu_mimo)
1477 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
1478 else
1479 mu_mimo_owner = true;
1480 }
1481
1482 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
1483
1484 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
1485 our_bf_sts = cap & mask;
1486
1487 if (ap_bf_sts < our_bf_sts) {
1488 cap &= ~mask;
1489 cap |= ap_bf_sts;
1490 }
1491
1492 /* reserve and fill IE */
1493 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
1494 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
1495
1496 return mu_mimo_owner;
1497 }
1498
ieee80211_assoc_add_rates(struct ieee80211_local * local,struct sk_buff * skb,enum nl80211_chan_width width,struct ieee80211_supported_band * sband,struct ieee80211_mgd_assoc_data * assoc_data)1499 static void ieee80211_assoc_add_rates(struct ieee80211_local *local,
1500 struct sk_buff *skb,
1501 enum nl80211_chan_width width,
1502 struct ieee80211_supported_band *sband,
1503 struct ieee80211_mgd_assoc_data *assoc_data)
1504 {
1505 u32 rates;
1506
1507 if (assoc_data->supp_rates_len &&
1508 !ieee80211_hw_check(&local->hw, STRICT)) {
1509 /*
1510 * Get all rates supported by the device and the AP as
1511 * some APs don't like getting a superset of their rates
1512 * in the association request (e.g. D-Link DAP 1353 in
1513 * b-only mode)...
1514 */
1515 ieee80211_parse_bitrates(width, sband,
1516 assoc_data->supp_rates,
1517 assoc_data->supp_rates_len,
1518 &rates);
1519 } else {
1520 /*
1521 * In case AP not provide any supported rates information
1522 * before association, we send information element(s) with
1523 * all rates that we support.
1524 */
1525 rates = ~0;
1526 }
1527
1528 ieee80211_put_srates_elem(skb, sband, 0, 0, ~rates,
1529 WLAN_EID_SUPP_RATES);
1530 ieee80211_put_srates_elem(skb, sband, 0, 0, ~rates,
1531 WLAN_EID_EXT_SUPP_RATES);
1532 }
1533
ieee80211_add_before_ht_elems(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1534 static size_t ieee80211_add_before_ht_elems(struct sk_buff *skb,
1535 const u8 *elems,
1536 size_t elems_len,
1537 size_t offset)
1538 {
1539 size_t noffset;
1540
1541 static const u8 before_ht[] = {
1542 WLAN_EID_SSID,
1543 WLAN_EID_SUPP_RATES,
1544 WLAN_EID_EXT_SUPP_RATES,
1545 WLAN_EID_PWR_CAPABILITY,
1546 WLAN_EID_SUPPORTED_CHANNELS,
1547 WLAN_EID_RSN,
1548 WLAN_EID_QOS_CAPA,
1549 WLAN_EID_RRM_ENABLED_CAPABILITIES,
1550 WLAN_EID_MOBILITY_DOMAIN,
1551 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */
1552 WLAN_EID_RIC_DATA, /* reassoc only */
1553 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1554 };
1555 static const u8 after_ric[] = {
1556 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1557 WLAN_EID_HT_CAPABILITY,
1558 WLAN_EID_BSS_COEX_2040,
1559 /* luckily this is almost always there */
1560 WLAN_EID_EXT_CAPABILITY,
1561 WLAN_EID_QOS_TRAFFIC_CAPA,
1562 WLAN_EID_TIM_BCAST_REQ,
1563 WLAN_EID_INTERWORKING,
1564 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
1565 WLAN_EID_VHT_CAPABILITY,
1566 WLAN_EID_OPMODE_NOTIF,
1567 };
1568
1569 if (!elems_len)
1570 return offset;
1571
1572 noffset = ieee80211_ie_split_ric(elems, elems_len,
1573 before_ht,
1574 ARRAY_SIZE(before_ht),
1575 after_ric,
1576 ARRAY_SIZE(after_ric),
1577 offset);
1578 skb_put_data(skb, elems + offset, noffset - offset);
1579
1580 return noffset;
1581 }
1582
ieee80211_add_before_vht_elems(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1583 static size_t ieee80211_add_before_vht_elems(struct sk_buff *skb,
1584 const u8 *elems,
1585 size_t elems_len,
1586 size_t offset)
1587 {
1588 static const u8 before_vht[] = {
1589 /*
1590 * no need to list the ones split off before HT
1591 * or generated here
1592 */
1593 WLAN_EID_BSS_COEX_2040,
1594 WLAN_EID_EXT_CAPABILITY,
1595 WLAN_EID_QOS_TRAFFIC_CAPA,
1596 WLAN_EID_TIM_BCAST_REQ,
1597 WLAN_EID_INTERWORKING,
1598 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
1599 };
1600 size_t noffset;
1601
1602 if (!elems_len)
1603 return offset;
1604
1605 /* RIC already taken care of in ieee80211_add_before_ht_elems() */
1606 noffset = ieee80211_ie_split(elems, elems_len,
1607 before_vht, ARRAY_SIZE(before_vht),
1608 offset);
1609 skb_put_data(skb, elems + offset, noffset - offset);
1610
1611 return noffset;
1612 }
1613
ieee80211_add_before_he_elems(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1614 static size_t ieee80211_add_before_he_elems(struct sk_buff *skb,
1615 const u8 *elems,
1616 size_t elems_len,
1617 size_t offset)
1618 {
1619 static const u8 before_he[] = {
1620 /*
1621 * no need to list the ones split off before VHT
1622 * or generated here
1623 */
1624 WLAN_EID_OPMODE_NOTIF,
1625 WLAN_EID_EXTENSION, WLAN_EID_EXT_FUTURE_CHAN_GUIDANCE,
1626 /* 11ai elements */
1627 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_SESSION,
1628 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_PUBLIC_KEY,
1629 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_KEY_CONFIRM,
1630 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_HLP_CONTAINER,
1631 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_IP_ADDR_ASSIGN,
1632 /* TODO: add 11ah/11aj/11ak elements */
1633 };
1634 size_t noffset;
1635
1636 if (!elems_len)
1637 return offset;
1638
1639 /* RIC already taken care of in ieee80211_add_before_ht_elems() */
1640 noffset = ieee80211_ie_split(elems, elems_len,
1641 before_he, ARRAY_SIZE(before_he),
1642 offset);
1643 skb_put_data(skb, elems + offset, noffset - offset);
1644
1645 return noffset;
1646 }
1647
1648 #define PRESENT_ELEMS_MAX 8
1649 #define PRESENT_ELEM_EXT_OFFS 0x100
1650
1651 static void
1652 ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
1653 struct sk_buff *skb, u16 capab,
1654 const struct element *ext_capa,
1655 const u16 *present_elems,
1656 struct ieee80211_mgd_assoc_data *assoc_data);
1657
1658 static size_t
ieee80211_add_link_elems(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,u16 * capab,const struct element * ext_capa,const u8 * extra_elems,size_t extra_elems_len,unsigned int link_id,struct ieee80211_link_data * link,u16 * present_elems,struct ieee80211_mgd_assoc_data * assoc_data)1659 ieee80211_add_link_elems(struct ieee80211_sub_if_data *sdata,
1660 struct sk_buff *skb, u16 *capab,
1661 const struct element *ext_capa,
1662 const u8 *extra_elems,
1663 size_t extra_elems_len,
1664 unsigned int link_id,
1665 struct ieee80211_link_data *link,
1666 u16 *present_elems,
1667 struct ieee80211_mgd_assoc_data *assoc_data)
1668 {
1669 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
1670 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
1671 struct ieee80211_channel *chan = cbss->channel;
1672 const struct ieee80211_sband_iftype_data *iftd;
1673 struct ieee80211_local *local = sdata->local;
1674 struct ieee80211_supported_band *sband;
1675 enum nl80211_chan_width width = NL80211_CHAN_WIDTH_20;
1676 struct ieee80211_chanctx_conf *chanctx_conf;
1677 enum ieee80211_smps_mode smps_mode;
1678 u16 orig_capab = *capab;
1679 size_t offset = 0;
1680 int present_elems_len = 0;
1681 u8 *pos;
1682 int i;
1683
1684 #define ADD_PRESENT_ELEM(id) do { \
1685 /* need a last for termination - we use 0 == SSID */ \
1686 if (!WARN_ON(present_elems_len >= PRESENT_ELEMS_MAX - 1)) \
1687 present_elems[present_elems_len++] = (id); \
1688 } while (0)
1689 #define ADD_PRESENT_EXT_ELEM(id) ADD_PRESENT_ELEM(PRESENT_ELEM_EXT_OFFS | (id))
1690
1691 if (link)
1692 smps_mode = link->smps_mode;
1693 else if (sdata->u.mgd.powersave)
1694 smps_mode = IEEE80211_SMPS_DYNAMIC;
1695 else
1696 smps_mode = IEEE80211_SMPS_OFF;
1697
1698 if (link) {
1699 /*
1700 * 5/10 MHz scenarios are only viable without MLO, in which
1701 * case this pointer should be used ... All of this is a bit
1702 * unclear though, not sure this even works at all.
1703 */
1704 rcu_read_lock();
1705 chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
1706 if (chanctx_conf)
1707 width = chanctx_conf->def.width;
1708 rcu_read_unlock();
1709 }
1710
1711 sband = local->hw.wiphy->bands[chan->band];
1712 iftd = ieee80211_get_sband_iftype_data(sband, iftype);
1713
1714 if (sband->band == NL80211_BAND_2GHZ) {
1715 *capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
1716 *capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
1717 }
1718
1719 if ((cbss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
1720 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT))
1721 *capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
1722
1723 if (sband->band != NL80211_BAND_S1GHZ)
1724 ieee80211_assoc_add_rates(local, skb, width, sband, assoc_data);
1725
1726 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT ||
1727 *capab & WLAN_CAPABILITY_RADIO_MEASURE) {
1728 struct cfg80211_chan_def chandef = {
1729 .width = width,
1730 .chan = chan,
1731 };
1732
1733 pos = skb_put(skb, 4);
1734 *pos++ = WLAN_EID_PWR_CAPABILITY;
1735 *pos++ = 2;
1736 *pos++ = 0; /* min tx power */
1737 /* max tx power */
1738 *pos++ = ieee80211_chandef_max_power(&chandef);
1739 ADD_PRESENT_ELEM(WLAN_EID_PWR_CAPABILITY);
1740 }
1741
1742 /*
1743 * Per spec, we shouldn't include the list of channels if we advertise
1744 * support for extended channel switching, but we've always done that;
1745 * (for now?) apply this restriction only on the (new) 6 GHz band.
1746 */
1747 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT &&
1748 (sband->band != NL80211_BAND_6GHZ ||
1749 !ext_capa || ext_capa->datalen < 1 ||
1750 !(ext_capa->data[0] & WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING))) {
1751 /* TODO: get this in reg domain format */
1752 pos = skb_put(skb, 2 * sband->n_channels + 2);
1753 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
1754 *pos++ = 2 * sband->n_channels;
1755 for (i = 0; i < sband->n_channels; i++) {
1756 int cf = sband->channels[i].center_freq;
1757
1758 *pos++ = ieee80211_frequency_to_channel(cf);
1759 *pos++ = 1; /* one channel in the subband*/
1760 }
1761 ADD_PRESENT_ELEM(WLAN_EID_SUPPORTED_CHANNELS);
1762 }
1763
1764 /* if present, add any custom IEs that go before HT */
1765 offset = ieee80211_add_before_ht_elems(skb, extra_elems,
1766 extra_elems_len,
1767 offset);
1768
1769 if (sband->band != NL80211_BAND_6GHZ &&
1770 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HT) {
1771 ieee80211_add_ht_ie(sdata, skb,
1772 assoc_data->link[link_id].ap_ht_param,
1773 sband, chan, smps_mode,
1774 &assoc_data->link[link_id].conn);
1775 ADD_PRESENT_ELEM(WLAN_EID_HT_CAPABILITY);
1776 }
1777
1778 /* if present, add any custom IEs that go before VHT */
1779 offset = ieee80211_add_before_vht_elems(skb, extra_elems,
1780 extra_elems_len,
1781 offset);
1782
1783 if (sband->band != NL80211_BAND_6GHZ &&
1784 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_VHT &&
1785 sband->vht_cap.vht_supported) {
1786 bool mu_mimo_owner =
1787 ieee80211_add_vht_ie(sdata, skb, sband,
1788 &assoc_data->link[link_id].ap_vht_cap,
1789 &assoc_data->link[link_id].conn);
1790
1791 if (link)
1792 link->conf->mu_mimo_owner = mu_mimo_owner;
1793 ADD_PRESENT_ELEM(WLAN_EID_VHT_CAPABILITY);
1794 }
1795
1796 /* if present, add any custom IEs that go before HE */
1797 offset = ieee80211_add_before_he_elems(skb, extra_elems,
1798 extra_elems_len,
1799 offset);
1800
1801 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HE) {
1802 ieee80211_put_he_cap(skb, sdata, sband,
1803 &assoc_data->link[link_id].conn);
1804 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_HE_CAPABILITY);
1805 ieee80211_put_he_6ghz_cap(skb, sdata, smps_mode);
1806 }
1807
1808 /*
1809 * careful - need to know about all the present elems before
1810 * calling ieee80211_assoc_add_ml_elem(), so add this one if
1811 * we're going to put it after the ML element
1812 */
1813 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT)
1814 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_EHT_CAPABILITY);
1815
1816 if (link_id == assoc_data->assoc_link_id)
1817 ieee80211_assoc_add_ml_elem(sdata, skb, orig_capab, ext_capa,
1818 present_elems, assoc_data);
1819
1820 /* crash if somebody gets it wrong */
1821 present_elems = NULL;
1822
1823 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT)
1824 ieee80211_put_eht_cap(skb, sdata, sband,
1825 &assoc_data->link[link_id].conn);
1826
1827 if (sband->band == NL80211_BAND_S1GHZ) {
1828 ieee80211_add_aid_request_ie(sdata, skb);
1829 ieee80211_add_s1g_capab_ie(sdata, &sband->s1g_cap, skb);
1830 }
1831
1832 if (iftd && iftd->vendor_elems.data && iftd->vendor_elems.len)
1833 skb_put_data(skb, iftd->vendor_elems.data, iftd->vendor_elems.len);
1834
1835 return offset;
1836 }
1837
ieee80211_add_non_inheritance_elem(struct sk_buff * skb,const u16 * outer,const u16 * inner)1838 static void ieee80211_add_non_inheritance_elem(struct sk_buff *skb,
1839 const u16 *outer,
1840 const u16 *inner)
1841 {
1842 unsigned int skb_len = skb->len;
1843 bool at_extension = false;
1844 bool added = false;
1845 int i, j;
1846 u8 *len, *list_len = NULL;
1847
1848 skb_put_u8(skb, WLAN_EID_EXTENSION);
1849 len = skb_put(skb, 1);
1850 skb_put_u8(skb, WLAN_EID_EXT_NON_INHERITANCE);
1851
1852 for (i = 0; i < PRESENT_ELEMS_MAX && outer[i]; i++) {
1853 u16 elem = outer[i];
1854 bool have_inner = false;
1855
1856 /* should at least be sorted in the sense of normal -> ext */
1857 WARN_ON(at_extension && elem < PRESENT_ELEM_EXT_OFFS);
1858
1859 /* switch to extension list */
1860 if (!at_extension && elem >= PRESENT_ELEM_EXT_OFFS) {
1861 at_extension = true;
1862 if (!list_len)
1863 skb_put_u8(skb, 0);
1864 list_len = NULL;
1865 }
1866
1867 for (j = 0; j < PRESENT_ELEMS_MAX && inner[j]; j++) {
1868 if (elem == inner[j]) {
1869 have_inner = true;
1870 break;
1871 }
1872 }
1873
1874 if (have_inner)
1875 continue;
1876
1877 if (!list_len) {
1878 list_len = skb_put(skb, 1);
1879 *list_len = 0;
1880 }
1881 *list_len += 1;
1882 skb_put_u8(skb, (u8)elem);
1883 added = true;
1884 }
1885
1886 /* if we added a list but no extension list, make a zero-len one */
1887 if (added && (!at_extension || !list_len))
1888 skb_put_u8(skb, 0);
1889
1890 /* if nothing added remove extension element completely */
1891 if (!added)
1892 skb_trim(skb, skb_len);
1893 else
1894 *len = skb->len - skb_len - 2;
1895 }
1896
1897 static void
ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,u16 capab,const struct element * ext_capa,const u16 * outer_present_elems,struct ieee80211_mgd_assoc_data * assoc_data)1898 ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
1899 struct sk_buff *skb, u16 capab,
1900 const struct element *ext_capa,
1901 const u16 *outer_present_elems,
1902 struct ieee80211_mgd_assoc_data *assoc_data)
1903 {
1904 struct ieee80211_local *local = sdata->local;
1905 struct ieee80211_multi_link_elem *ml_elem;
1906 struct ieee80211_mle_basic_common_info *common;
1907 const struct wiphy_iftype_ext_capab *ift_ext_capa;
1908 __le16 eml_capa = 0, mld_capa_ops = 0;
1909 unsigned int link_id;
1910 u8 *ml_elem_len;
1911 void *capab_pos;
1912
1913 if (!ieee80211_vif_is_mld(&sdata->vif))
1914 return;
1915
1916 ift_ext_capa = cfg80211_get_iftype_ext_capa(local->hw.wiphy,
1917 ieee80211_vif_type_p2p(&sdata->vif));
1918 if (ift_ext_capa) {
1919 eml_capa = cpu_to_le16(ift_ext_capa->eml_capabilities);
1920 mld_capa_ops = cpu_to_le16(ift_ext_capa->mld_capa_and_ops);
1921 }
1922
1923 skb_put_u8(skb, WLAN_EID_EXTENSION);
1924 ml_elem_len = skb_put(skb, 1);
1925 skb_put_u8(skb, WLAN_EID_EXT_EHT_MULTI_LINK);
1926 ml_elem = skb_put(skb, sizeof(*ml_elem));
1927 ml_elem->control =
1928 cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_BASIC |
1929 IEEE80211_MLC_BASIC_PRES_MLD_CAPA_OP);
1930 common = skb_put(skb, sizeof(*common));
1931 common->len = sizeof(*common) +
1932 2; /* MLD capa/ops */
1933 memcpy(common->mld_mac_addr, sdata->vif.addr, ETH_ALEN);
1934
1935 /* add EML_CAPA only if needed, see Draft P802.11be_D2.1, 35.3.17 */
1936 if (eml_capa &
1937 cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP |
1938 IEEE80211_EML_CAP_EMLMR_SUPPORT))) {
1939 common->len += 2; /* EML capabilities */
1940 ml_elem->control |=
1941 cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EML_CAPA);
1942 skb_put_data(skb, &eml_capa, sizeof(eml_capa));
1943 }
1944 skb_put_data(skb, &mld_capa_ops, sizeof(mld_capa_ops));
1945
1946 /* Many APs have broken parsing of the extended MLD capa/ops field,
1947 * dropping (re-)association request frames or replying with association
1948 * response with a failure status if it's present. Without a clear
1949 * indication as to whether the AP supports parsing this field or not do
1950 * not include it in the common information unless strict mode is set.
1951 */
1952 if (ieee80211_hw_check(&local->hw, STRICT) &&
1953 assoc_data->ext_mld_capa_ops) {
1954 ml_elem->control |=
1955 cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EXT_MLD_CAPA_OP);
1956 common->len += 2;
1957 skb_put_data(skb, &assoc_data->ext_mld_capa_ops,
1958 sizeof(assoc_data->ext_mld_capa_ops));
1959 }
1960
1961 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
1962 u16 link_present_elems[PRESENT_ELEMS_MAX] = {};
1963 const u8 *extra_elems;
1964 size_t extra_elems_len;
1965 size_t extra_used;
1966 u8 *subelem_len = NULL;
1967 __le16 ctrl;
1968
1969 if (!assoc_data->link[link_id].bss ||
1970 link_id == assoc_data->assoc_link_id)
1971 continue;
1972
1973 extra_elems = assoc_data->link[link_id].elems;
1974 extra_elems_len = assoc_data->link[link_id].elems_len;
1975
1976 skb_put_u8(skb, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE);
1977 subelem_len = skb_put(skb, 1);
1978
1979 ctrl = cpu_to_le16(link_id |
1980 IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE |
1981 IEEE80211_MLE_STA_CONTROL_STA_MAC_ADDR_PRESENT);
1982 skb_put_data(skb, &ctrl, sizeof(ctrl));
1983 skb_put_u8(skb, 1 + ETH_ALEN); /* STA Info Length */
1984 skb_put_data(skb, assoc_data->link[link_id].addr,
1985 ETH_ALEN);
1986 /*
1987 * Now add the contents of the (re)association request,
1988 * but the "listen interval" and "current AP address"
1989 * (if applicable) are skipped. So we only have
1990 * the capability field (remember the position and fill
1991 * later), followed by the elements added below by
1992 * calling ieee80211_add_link_elems().
1993 */
1994 capab_pos = skb_put(skb, 2);
1995
1996 extra_used = ieee80211_add_link_elems(sdata, skb, &capab,
1997 ext_capa,
1998 extra_elems,
1999 extra_elems_len,
2000 link_id, NULL,
2001 link_present_elems,
2002 assoc_data);
2003 if (extra_elems)
2004 skb_put_data(skb, extra_elems + extra_used,
2005 extra_elems_len - extra_used);
2006
2007 put_unaligned_le16(capab, capab_pos);
2008
2009 ieee80211_add_non_inheritance_elem(skb, outer_present_elems,
2010 link_present_elems);
2011
2012 ieee80211_fragment_element(skb, subelem_len,
2013 IEEE80211_MLE_SUBELEM_FRAGMENT);
2014 }
2015
2016 ieee80211_fragment_element(skb, ml_elem_len, WLAN_EID_FRAGMENT);
2017 }
2018
2019 static int
ieee80211_link_common_elems_size(struct ieee80211_sub_if_data * sdata,enum nl80211_iftype iftype,struct cfg80211_bss * cbss,size_t elems_len)2020 ieee80211_link_common_elems_size(struct ieee80211_sub_if_data *sdata,
2021 enum nl80211_iftype iftype,
2022 struct cfg80211_bss *cbss,
2023 size_t elems_len)
2024 {
2025 struct ieee80211_local *local = sdata->local;
2026 const struct ieee80211_sband_iftype_data *iftd;
2027 struct ieee80211_supported_band *sband;
2028 size_t size = 0;
2029
2030 if (!cbss)
2031 return size;
2032
2033 sband = local->hw.wiphy->bands[cbss->channel->band];
2034
2035 /* add STA profile elements length */
2036 size += elems_len;
2037
2038 /* and supported rates length */
2039 size += 4 + sband->n_bitrates;
2040
2041 /* supported channels */
2042 size += 2 + 2 * sband->n_channels;
2043
2044 iftd = ieee80211_get_sband_iftype_data(sband, iftype);
2045 if (iftd)
2046 size += iftd->vendor_elems.len;
2047
2048 /* power capability */
2049 size += 4;
2050
2051 /* HT, VHT, HE, EHT */
2052 size += 2 + sizeof(struct ieee80211_ht_cap);
2053 size += 2 + sizeof(struct ieee80211_vht_cap);
2054 size += 2 + 1 + sizeof(struct ieee80211_he_cap_elem) +
2055 sizeof(struct ieee80211_he_mcs_nss_supp) +
2056 IEEE80211_HE_PPE_THRES_MAX_LEN;
2057
2058 if (sband->band == NL80211_BAND_6GHZ)
2059 size += 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa);
2060
2061 size += 2 + 1 + sizeof(struct ieee80211_eht_cap_elem) +
2062 sizeof(struct ieee80211_eht_mcs_nss_supp) +
2063 IEEE80211_EHT_PPE_THRES_MAX_LEN;
2064
2065 return size;
2066 }
2067
ieee80211_send_assoc(struct ieee80211_sub_if_data * sdata)2068 static int ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
2069 {
2070 struct ieee80211_local *local = sdata->local;
2071 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2072 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2073 struct ieee80211_link_data *link;
2074 struct sk_buff *skb;
2075 struct ieee80211_mgmt *mgmt;
2076 u8 *pos, qos_info, *ie_start;
2077 size_t offset, noffset;
2078 u16 capab = 0, link_capab;
2079 __le16 listen_int;
2080 struct element *ext_capa = NULL;
2081 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
2082 struct ieee80211_prep_tx_info info = {};
2083 unsigned int link_id, n_links = 0;
2084 u16 present_elems[PRESENT_ELEMS_MAX] = {};
2085 void *capab_pos;
2086 size_t size;
2087 int ret;
2088
2089 /* we know it's writable, cast away the const */
2090 if (assoc_data->ie_len)
2091 ext_capa = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
2092 assoc_data->ie,
2093 assoc_data->ie_len);
2094
2095 lockdep_assert_wiphy(sdata->local->hw.wiphy);
2096
2097 size = local->hw.extra_tx_headroom +
2098 sizeof(*mgmt) + /* bit too much but doesn't matter */
2099 2 + assoc_data->ssid_len + /* SSID */
2100 assoc_data->ie_len + /* extra IEs */
2101 (assoc_data->fils_kek_len ? 16 /* AES-SIV */ : 0) +
2102 9; /* WMM */
2103
2104 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
2105 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
2106 size_t elems_len = assoc_data->link[link_id].elems_len;
2107
2108 if (!cbss)
2109 continue;
2110
2111 n_links++;
2112
2113 size += ieee80211_link_common_elems_size(sdata, iftype, cbss,
2114 elems_len);
2115
2116 /* non-inheritance element */
2117 size += 2 + 2 + PRESENT_ELEMS_MAX;
2118
2119 /* should be the same across all BSSes */
2120 if (cbss->capability & WLAN_CAPABILITY_PRIVACY)
2121 capab |= WLAN_CAPABILITY_PRIVACY;
2122 }
2123
2124 if (ieee80211_vif_is_mld(&sdata->vif)) {
2125 /* consider the multi-link element with STA profile */
2126 size += sizeof(struct ieee80211_multi_link_elem);
2127 /* max common info field in basic multi-link element */
2128 size += sizeof(struct ieee80211_mle_basic_common_info) +
2129 2 + /* capa & op */
2130 2 + /* ext capa & op */
2131 2; /* EML capa */
2132
2133 /*
2134 * The capability elements were already considered above;
2135 * note this over-estimates a bit because there's no
2136 * STA profile for the assoc link.
2137 */
2138 size += (n_links - 1) *
2139 (1 + 1 + /* subelement ID/length */
2140 2 + /* STA control */
2141 1 + ETH_ALEN + 2 /* STA Info field */);
2142 }
2143
2144 link = sdata_dereference(sdata->link[assoc_data->assoc_link_id], sdata);
2145 if (WARN_ON(!link))
2146 return -EINVAL;
2147
2148 if (WARN_ON(!assoc_data->link[assoc_data->assoc_link_id].bss))
2149 return -EINVAL;
2150
2151 skb = alloc_skb(size, GFP_KERNEL);
2152 if (!skb)
2153 return -ENOMEM;
2154
2155 skb_reserve(skb, local->hw.extra_tx_headroom);
2156
2157 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM)
2158 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
2159
2160 /* Set MBSSID support for HE AP if needed */
2161 if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) &&
2162 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE &&
2163 ext_capa && ext_capa->datalen >= 3)
2164 ext_capa->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT;
2165
2166 mgmt = skb_put_zero(skb, 24);
2167 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
2168 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
2169 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
2170
2171 listen_int = cpu_to_le16(assoc_data->s1g ?
2172 ieee80211_encode_usf(local->hw.conf.listen_interval) :
2173 local->hw.conf.listen_interval);
2174 if (!is_zero_ether_addr(assoc_data->prev_ap_addr)) {
2175 skb_put(skb, 10);
2176 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2177 IEEE80211_STYPE_REASSOC_REQ);
2178 capab_pos = &mgmt->u.reassoc_req.capab_info;
2179 mgmt->u.reassoc_req.listen_interval = listen_int;
2180 memcpy(mgmt->u.reassoc_req.current_ap,
2181 assoc_data->prev_ap_addr, ETH_ALEN);
2182 info.subtype = IEEE80211_STYPE_REASSOC_REQ;
2183 } else {
2184 skb_put(skb, 4);
2185 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2186 IEEE80211_STYPE_ASSOC_REQ);
2187 capab_pos = &mgmt->u.assoc_req.capab_info;
2188 mgmt->u.assoc_req.listen_interval = listen_int;
2189 info.subtype = IEEE80211_STYPE_ASSOC_REQ;
2190 }
2191
2192 /* SSID */
2193 pos = skb_put(skb, 2 + assoc_data->ssid_len);
2194 ie_start = pos;
2195 *pos++ = WLAN_EID_SSID;
2196 *pos++ = assoc_data->ssid_len;
2197 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
2198
2199 /*
2200 * This bit is technically reserved, so it shouldn't matter for either
2201 * the AP or us, but it also means we shouldn't set it. However, we've
2202 * always set it in the past, and apparently some EHT APs check that
2203 * we don't set it. To avoid interoperability issues with old APs that
2204 * for some reason check it and want it to be set, set the bit for all
2205 * pre-EHT connections as we used to do.
2206 */
2207 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_EHT &&
2208 !ieee80211_hw_check(&local->hw, STRICT))
2209 capab |= WLAN_CAPABILITY_ESS;
2210
2211 /* add the elements for the assoc (main) link */
2212 link_capab = capab;
2213 offset = ieee80211_add_link_elems(sdata, skb, &link_capab,
2214 ext_capa,
2215 assoc_data->ie,
2216 assoc_data->ie_len,
2217 assoc_data->assoc_link_id, link,
2218 present_elems, assoc_data);
2219 put_unaligned_le16(link_capab, capab_pos);
2220
2221 /* if present, add any custom non-vendor IEs */
2222 if (assoc_data->ie_len) {
2223 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
2224 assoc_data->ie_len,
2225 offset);
2226 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
2227 offset = noffset;
2228 }
2229
2230 if (assoc_data->wmm) {
2231 if (assoc_data->uapsd) {
2232 qos_info = ifmgd->uapsd_queues;
2233 qos_info |= (ifmgd->uapsd_max_sp_len <<
2234 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
2235 } else {
2236 qos_info = 0;
2237 }
2238
2239 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
2240 }
2241
2242 /* add any remaining custom (i.e. vendor specific here) IEs */
2243 if (assoc_data->ie_len) {
2244 noffset = assoc_data->ie_len;
2245 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
2246 }
2247
2248 if (assoc_data->fils_kek_len) {
2249 ret = fils_encrypt_assoc_req(skb, assoc_data);
2250 if (ret < 0) {
2251 dev_kfree_skb(skb);
2252 return ret;
2253 }
2254 }
2255
2256 pos = skb_tail_pointer(skb);
2257 kfree(ifmgd->assoc_req_ies);
2258 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC);
2259 if (!ifmgd->assoc_req_ies) {
2260 dev_kfree_skb(skb);
2261 return -ENOMEM;
2262 }
2263
2264 ifmgd->assoc_req_ies_len = pos - ie_start;
2265
2266 info.link_id = assoc_data->assoc_link_id;
2267 drv_mgd_prepare_tx(local, sdata, &info);
2268
2269 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2270 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2271 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
2272 IEEE80211_TX_INTFL_MLME_CONN_TX;
2273 ieee80211_tx_skb(sdata, skb);
2274
2275 return 0;
2276 }
2277
ieee80211_send_pspoll(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)2278 void ieee80211_send_pspoll(struct ieee80211_local *local,
2279 struct ieee80211_sub_if_data *sdata)
2280 {
2281 struct ieee80211_pspoll *pspoll;
2282 struct sk_buff *skb;
2283
2284 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
2285 if (!skb)
2286 return;
2287
2288 pspoll = (struct ieee80211_pspoll *) skb->data;
2289 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
2290
2291 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2292 ieee80211_tx_skb(sdata, skb);
2293 }
2294
ieee80211_send_nullfunc(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata,bool powersave)2295 void ieee80211_send_nullfunc(struct ieee80211_local *local,
2296 struct ieee80211_sub_if_data *sdata,
2297 bool powersave)
2298 {
2299 struct sk_buff *skb;
2300 struct ieee80211_hdr_3addr *nullfunc;
2301 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2302
2303 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif, -1,
2304 !ieee80211_hw_check(&local->hw,
2305 DOESNT_SUPPORT_QOS_NDP));
2306 if (!skb)
2307 return;
2308
2309 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
2310 if (powersave)
2311 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
2312
2313 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
2314 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
2315
2316 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2317 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2318
2319 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
2320 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
2321
2322 ieee80211_tx_skb(sdata, skb);
2323 }
2324
ieee80211_send_4addr_nullfunc(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)2325 void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
2326 struct ieee80211_sub_if_data *sdata)
2327 {
2328 struct sk_buff *skb;
2329 struct ieee80211_hdr *nullfunc;
2330 __le16 fc;
2331
2332 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2333 return;
2334
2335 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
2336 if (!skb)
2337 return;
2338
2339 skb_reserve(skb, local->hw.extra_tx_headroom);
2340
2341 nullfunc = skb_put_zero(skb, 30);
2342 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
2343 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
2344 nullfunc->frame_control = fc;
2345 memcpy(nullfunc->addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN);
2346 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
2347 memcpy(nullfunc->addr3, sdata->deflink.u.mgd.bssid, ETH_ALEN);
2348 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
2349
2350 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2351 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
2352 ieee80211_tx_skb(sdata, skb);
2353 }
2354
2355 /* spectrum management related things */
ieee80211_csa_switch_work(struct wiphy * wiphy,struct wiphy_work * work)2356 static void ieee80211_csa_switch_work(struct wiphy *wiphy,
2357 struct wiphy_work *work)
2358 {
2359 struct ieee80211_link_data *link =
2360 container_of(work, struct ieee80211_link_data,
2361 u.mgd.csa.switch_work.work);
2362 struct ieee80211_sub_if_data *sdata = link->sdata;
2363 struct ieee80211_local *local = sdata->local;
2364 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2365 int ret;
2366
2367 if (!ieee80211_sdata_running(sdata))
2368 return;
2369
2370 lockdep_assert_wiphy(local->hw.wiphy);
2371
2372 if (!ifmgd->associated)
2373 return;
2374
2375 if (!link->conf->csa_active)
2376 return;
2377
2378 /*
2379 * If the link isn't active (now), we cannot wait for beacons, won't
2380 * have a reserved chanctx, etc. Just switch over the chandef and
2381 * update cfg80211 directly.
2382 */
2383 if (!ieee80211_vif_link_active(&sdata->vif, link->link_id)) {
2384 link->conf->chanreq = link->csa.chanreq;
2385 cfg80211_ch_switch_notify(sdata->dev, &link->csa.chanreq.oper,
2386 link->link_id);
2387 return;
2388 }
2389
2390 /*
2391 * using reservation isn't immediate as it may be deferred until later
2392 * with multi-vif. once reservation is complete it will re-schedule the
2393 * work with no reserved_chanctx so verify chandef to check if it
2394 * completed successfully
2395 */
2396
2397 if (link->reserved_chanctx) {
2398 /*
2399 * with multi-vif csa driver may call ieee80211_csa_finish()
2400 * many times while waiting for other interfaces to use their
2401 * reservations
2402 */
2403 if (link->reserved_ready)
2404 return;
2405
2406 ret = ieee80211_link_use_reserved_context(link);
2407 if (ret) {
2408 link_info(link,
2409 "failed to use reserved channel context, disconnecting (err=%d)\n",
2410 ret);
2411 wiphy_work_queue(sdata->local->hw.wiphy,
2412 &ifmgd->csa_connection_drop_work);
2413 }
2414 return;
2415 }
2416
2417 if (!ieee80211_chanreq_identical(&link->conf->chanreq,
2418 &link->csa.chanreq)) {
2419 link_info(link,
2420 "failed to finalize channel switch, disconnecting\n");
2421 wiphy_work_queue(sdata->local->hw.wiphy,
2422 &ifmgd->csa_connection_drop_work);
2423 return;
2424 }
2425
2426 link->u.mgd.csa.waiting_bcn = true;
2427
2428 /* apply new TPE restrictions immediately on the new channel */
2429 if (link->u.mgd.csa.ap_chandef.chan->band == NL80211_BAND_6GHZ &&
2430 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE) {
2431 ieee80211_rearrange_tpe(&link->u.mgd.csa.tpe,
2432 &link->u.mgd.csa.ap_chandef,
2433 &link->conf->chanreq.oper);
2434 if (memcmp(&link->conf->tpe, &link->u.mgd.csa.tpe,
2435 sizeof(link->u.mgd.csa.tpe))) {
2436 link->conf->tpe = link->u.mgd.csa.tpe;
2437 ieee80211_link_info_change_notify(sdata, link,
2438 BSS_CHANGED_TPE);
2439 }
2440 }
2441
2442 ieee80211_sta_reset_beacon_monitor(sdata);
2443 ieee80211_sta_reset_conn_monitor(sdata);
2444 }
2445
ieee80211_chswitch_post_beacon(struct ieee80211_link_data * link)2446 static void ieee80211_chswitch_post_beacon(struct ieee80211_link_data *link)
2447 {
2448 struct ieee80211_sub_if_data *sdata = link->sdata;
2449 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2450 int ret;
2451
2452 lockdep_assert_wiphy(sdata->local->hw.wiphy);
2453
2454 WARN_ON(!link->conf->csa_active);
2455
2456 ieee80211_vif_unblock_queues_csa(sdata);
2457
2458 link->conf->csa_active = false;
2459 link->u.mgd.csa.blocked_tx = false;
2460 link->u.mgd.csa.waiting_bcn = false;
2461
2462 ret = drv_post_channel_switch(link);
2463 if (ret) {
2464 link_info(link,
2465 "driver post channel switch failed, disconnecting\n");
2466 wiphy_work_queue(sdata->local->hw.wiphy,
2467 &ifmgd->csa_connection_drop_work);
2468 return;
2469 }
2470
2471 cfg80211_ch_switch_notify(sdata->dev, &link->conf->chanreq.oper,
2472 link->link_id);
2473 }
2474
ieee80211_chswitch_done(struct ieee80211_vif * vif,bool success,unsigned int link_id)2475 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success,
2476 unsigned int link_id)
2477 {
2478 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2479
2480 trace_api_chswitch_done(sdata, success, link_id);
2481
2482 rcu_read_lock();
2483
2484 if (!success) {
2485 sdata_info(sdata,
2486 "driver channel switch failed (link %d), disconnecting\n",
2487 link_id);
2488 wiphy_work_queue(sdata->local->hw.wiphy,
2489 &sdata->u.mgd.csa_connection_drop_work);
2490 } else {
2491 struct ieee80211_link_data *link =
2492 rcu_dereference(sdata->link[link_id]);
2493
2494 if (WARN_ON(!link)) {
2495 rcu_read_unlock();
2496 return;
2497 }
2498
2499 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
2500 &link->u.mgd.csa.switch_work, 0);
2501 }
2502
2503 rcu_read_unlock();
2504 }
2505 EXPORT_SYMBOL(ieee80211_chswitch_done);
2506
2507 static void
ieee80211_sta_abort_chanswitch(struct ieee80211_link_data * link)2508 ieee80211_sta_abort_chanswitch(struct ieee80211_link_data *link)
2509 {
2510 struct ieee80211_sub_if_data *sdata = link->sdata;
2511 struct ieee80211_local *local = sdata->local;
2512
2513 lockdep_assert_wiphy(local->hw.wiphy);
2514
2515 if (!local->ops->abort_channel_switch)
2516 return;
2517
2518 ieee80211_link_unreserve_chanctx(link);
2519
2520 ieee80211_vif_unblock_queues_csa(sdata);
2521
2522 link->conf->csa_active = false;
2523 link->u.mgd.csa.blocked_tx = false;
2524
2525 drv_abort_channel_switch(link);
2526 }
2527
2528 struct sta_csa_rnr_iter_data {
2529 struct ieee80211_link_data *link;
2530 struct ieee80211_channel *chan;
2531 u8 mld_id;
2532 };
2533
2534 static enum cfg80211_rnr_iter_ret
ieee80211_sta_csa_rnr_iter(void * _data,u8 type,const struct ieee80211_neighbor_ap_info * info,const u8 * tbtt_info,u8 tbtt_info_len)2535 ieee80211_sta_csa_rnr_iter(void *_data, u8 type,
2536 const struct ieee80211_neighbor_ap_info *info,
2537 const u8 *tbtt_info, u8 tbtt_info_len)
2538 {
2539 struct sta_csa_rnr_iter_data *data = _data;
2540 struct ieee80211_link_data *link = data->link;
2541 struct ieee80211_sub_if_data *sdata = link->sdata;
2542 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2543 const struct ieee80211_tbtt_info_ge_11 *ti;
2544 enum nl80211_band band;
2545 unsigned int center_freq;
2546 int link_id;
2547
2548 if (type != IEEE80211_TBTT_INFO_TYPE_TBTT)
2549 return RNR_ITER_CONTINUE;
2550
2551 if (tbtt_info_len < sizeof(*ti))
2552 return RNR_ITER_CONTINUE;
2553
2554 ti = (const void *)tbtt_info;
2555
2556 if (ti->mld_params.mld_id != data->mld_id)
2557 return RNR_ITER_CONTINUE;
2558
2559 link_id = le16_get_bits(ti->mld_params.params,
2560 IEEE80211_RNR_MLD_PARAMS_LINK_ID);
2561 if (link_id != data->link->link_id)
2562 return RNR_ITER_CONTINUE;
2563
2564 /* we found the entry for our link! */
2565
2566 /* this AP is confused, it had this right before ... just disconnect */
2567 if (!ieee80211_operating_class_to_band(info->op_class, &band)) {
2568 link_info(link,
2569 "AP now has invalid operating class in RNR, disconnect\n");
2570 wiphy_work_queue(sdata->local->hw.wiphy,
2571 &ifmgd->csa_connection_drop_work);
2572 return RNR_ITER_BREAK;
2573 }
2574
2575 center_freq = ieee80211_channel_to_frequency(info->channel, band);
2576 data->chan = ieee80211_get_channel(sdata->local->hw.wiphy, center_freq);
2577
2578 return RNR_ITER_BREAK;
2579 }
2580
2581 static void
ieee80211_sta_other_link_csa_disappeared(struct ieee80211_link_data * link,struct ieee802_11_elems * elems)2582 ieee80211_sta_other_link_csa_disappeared(struct ieee80211_link_data *link,
2583 struct ieee802_11_elems *elems)
2584 {
2585 struct ieee80211_sub_if_data *sdata = link->sdata;
2586 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2587 struct sta_csa_rnr_iter_data data = {
2588 .link = link,
2589 };
2590
2591 /*
2592 * If we get here, we see a beacon from another link without
2593 * CSA still being reported for it, so now we have to check
2594 * if the CSA was aborted or completed. This may not even be
2595 * perfectly possible if the CSA was only done for changing
2596 * the puncturing, but in that case if the link in inactive
2597 * we don't really care, and if it's an active link (or when
2598 * it's activated later) we'll get a beacon and adjust.
2599 */
2600
2601 if (WARN_ON(!elems->ml_basic))
2602 return;
2603
2604 data.mld_id = ieee80211_mle_get_mld_id((const void *)elems->ml_basic);
2605
2606 /*
2607 * So in order to do this, iterate the RNR element(s) and see
2608 * what channel is reported now.
2609 */
2610 cfg80211_iter_rnr(elems->ie_start, elems->total_len,
2611 ieee80211_sta_csa_rnr_iter, &data);
2612
2613 if (!data.chan) {
2614 link_info(link,
2615 "couldn't find (valid) channel in RNR for CSA, disconnect\n");
2616 wiphy_work_queue(sdata->local->hw.wiphy,
2617 &ifmgd->csa_connection_drop_work);
2618 return;
2619 }
2620
2621 /*
2622 * If it doesn't match the CSA, then assume it aborted. This
2623 * may erroneously detect that it was _not_ aborted when it
2624 * was in fact aborted, but only changed the bandwidth or the
2625 * puncturing configuration, but we don't have enough data to
2626 * detect that.
2627 */
2628 if (data.chan != link->csa.chanreq.oper.chan)
2629 ieee80211_sta_abort_chanswitch(link);
2630 }
2631
2632 enum ieee80211_csa_source {
2633 IEEE80211_CSA_SOURCE_BEACON,
2634 IEEE80211_CSA_SOURCE_OTHER_LINK,
2635 IEEE80211_CSA_SOURCE_PROT_ACTION,
2636 IEEE80211_CSA_SOURCE_UNPROT_ACTION,
2637 };
2638
2639 static void
ieee80211_sta_process_chanswitch(struct ieee80211_link_data * link,u64 timestamp,u32 device_timestamp,struct ieee802_11_elems * full_elems,struct ieee802_11_elems * csa_elems,enum ieee80211_csa_source source)2640 ieee80211_sta_process_chanswitch(struct ieee80211_link_data *link,
2641 u64 timestamp, u32 device_timestamp,
2642 struct ieee802_11_elems *full_elems,
2643 struct ieee802_11_elems *csa_elems,
2644 enum ieee80211_csa_source source)
2645 {
2646 struct ieee80211_sub_if_data *sdata = link->sdata;
2647 struct ieee80211_local *local = sdata->local;
2648 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2649 struct ieee80211_chanctx *chanctx = NULL;
2650 struct ieee80211_chanctx_conf *conf;
2651 struct ieee80211_csa_ie csa_ie = {};
2652 struct ieee80211_channel_switch ch_switch = {
2653 .link_id = link->link_id,
2654 .timestamp = timestamp,
2655 .device_timestamp = device_timestamp,
2656 };
2657 unsigned long now;
2658 int res;
2659
2660 lockdep_assert_wiphy(local->hw.wiphy);
2661
2662 if (csa_elems) {
2663 struct cfg80211_bss *cbss = link->conf->bss;
2664 enum nl80211_band current_band;
2665 struct ieee80211_bss *bss;
2666
2667 if (WARN_ON(!cbss))
2668 return;
2669
2670 current_band = cbss->channel->band;
2671 bss = (void *)cbss->priv;
2672
2673 res = ieee80211_parse_ch_switch_ie(sdata, csa_elems,
2674 current_band,
2675 bss->vht_cap_info,
2676 &link->u.mgd.conn,
2677 link->u.mgd.bssid,
2678 source == IEEE80211_CSA_SOURCE_UNPROT_ACTION,
2679 &csa_ie);
2680 if (res == 0) {
2681 ch_switch.block_tx = csa_ie.mode;
2682 ch_switch.chandef = csa_ie.chanreq.oper;
2683 ch_switch.count = csa_ie.count;
2684 ch_switch.delay = csa_ie.max_switch_time;
2685 }
2686
2687 link->u.mgd.csa.tpe = csa_elems->csa_tpe;
2688 } else {
2689 /*
2690 * If there was no per-STA profile for this link, we
2691 * get called with csa_elems == NULL. This of course means
2692 * there are no CSA elements, so set res=1 indicating
2693 * no more CSA.
2694 */
2695 res = 1;
2696 }
2697
2698 if (res < 0) {
2699 /* ignore this case, not a protected frame */
2700 if (source == IEEE80211_CSA_SOURCE_UNPROT_ACTION)
2701 return;
2702 goto drop_connection;
2703 }
2704
2705 if (link->conf->csa_active) {
2706 switch (source) {
2707 case IEEE80211_CSA_SOURCE_PROT_ACTION:
2708 case IEEE80211_CSA_SOURCE_UNPROT_ACTION:
2709 /* already processing - disregard action frames */
2710 return;
2711 case IEEE80211_CSA_SOURCE_BEACON:
2712 if (link->u.mgd.csa.waiting_bcn) {
2713 ieee80211_chswitch_post_beacon(link);
2714 /*
2715 * If the CSA is still present after the switch
2716 * we need to consider it as a new CSA (possibly
2717 * to self). This happens by not returning here
2718 * so we'll get to the check below.
2719 */
2720 } else if (res) {
2721 ieee80211_sta_abort_chanswitch(link);
2722 return;
2723 } else {
2724 drv_channel_switch_rx_beacon(sdata, &ch_switch);
2725 return;
2726 }
2727 break;
2728 case IEEE80211_CSA_SOURCE_OTHER_LINK:
2729 /* active link: we want to see the beacon to continue */
2730 if (ieee80211_vif_link_active(&sdata->vif,
2731 link->link_id))
2732 return;
2733
2734 /* switch work ran, so just complete the process */
2735 if (link->u.mgd.csa.waiting_bcn) {
2736 ieee80211_chswitch_post_beacon(link);
2737 /*
2738 * If the CSA is still present after the switch
2739 * we need to consider it as a new CSA (possibly
2740 * to self). This happens by not returning here
2741 * so we'll get to the check below.
2742 */
2743 break;
2744 }
2745
2746 /* link still has CSA but we already know, do nothing */
2747 if (!res)
2748 return;
2749
2750 /* check in the RNR if the CSA aborted */
2751 ieee80211_sta_other_link_csa_disappeared(link,
2752 full_elems);
2753 return;
2754 }
2755 }
2756
2757 /* no active CSA nor a new one */
2758 if (res) {
2759 /*
2760 * However, we may have stopped queues when receiving a public
2761 * action frame that couldn't be protected, if it had the quiet
2762 * bit set. This is a trade-off, we want to be quiet as soon as
2763 * possible, but also don't trust the public action frame much,
2764 * as it can't be protected.
2765 */
2766 if (unlikely(link->u.mgd.csa.blocked_tx)) {
2767 link->u.mgd.csa.blocked_tx = false;
2768 ieee80211_vif_unblock_queues_csa(sdata);
2769 }
2770 return;
2771 }
2772
2773 /*
2774 * We don't really trust public action frames, but block queues (go to
2775 * quiet mode) for them anyway, we should get a beacon soon to either
2776 * know what the CSA really is, or figure out the public action frame
2777 * was actually an attack.
2778 */
2779 if (source == IEEE80211_CSA_SOURCE_UNPROT_ACTION) {
2780 if (csa_ie.mode) {
2781 link->u.mgd.csa.blocked_tx = true;
2782 ieee80211_vif_block_queues_csa(sdata);
2783 }
2784 return;
2785 }
2786
2787 if (link->conf->chanreq.oper.chan->band !=
2788 csa_ie.chanreq.oper.chan->band) {
2789 link_info(link,
2790 "AP %pM switches to different band (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
2791 link->u.mgd.bssid,
2792 csa_ie.chanreq.oper.chan->center_freq,
2793 csa_ie.chanreq.oper.width,
2794 csa_ie.chanreq.oper.center_freq1,
2795 csa_ie.chanreq.oper.center_freq2);
2796 goto drop_connection;
2797 }
2798
2799 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chanreq.oper,
2800 IEEE80211_CHAN_DISABLED)) {
2801 link_info(link,
2802 "AP %pM switches to unsupported channel (%d.%03d MHz, width:%d, CF1/2: %d.%03d/%d MHz), disconnecting\n",
2803 link->u.mgd.bssid,
2804 csa_ie.chanreq.oper.chan->center_freq,
2805 csa_ie.chanreq.oper.chan->freq_offset,
2806 csa_ie.chanreq.oper.width,
2807 csa_ie.chanreq.oper.center_freq1,
2808 csa_ie.chanreq.oper.freq1_offset,
2809 csa_ie.chanreq.oper.center_freq2);
2810 goto drop_connection;
2811 }
2812
2813 if (cfg80211_chandef_identical(&csa_ie.chanreq.oper,
2814 &link->conf->chanreq.oper) &&
2815 (!csa_ie.mode || source != IEEE80211_CSA_SOURCE_BEACON)) {
2816 if (link->u.mgd.csa.ignored_same_chan)
2817 return;
2818 link_info(link,
2819 "AP %pM tries to chanswitch to same channel, ignore\n",
2820 link->u.mgd.bssid);
2821 link->u.mgd.csa.ignored_same_chan = true;
2822 return;
2823 }
2824
2825 /*
2826 * Drop all TDLS peers on the affected link - either we disconnect or
2827 * move to a different channel from this point on. There's no telling
2828 * what our peer will do.
2829 * The TDLS WIDER_BW scenario is also problematic, as peers might now
2830 * have an incompatible wider chandef.
2831 */
2832 ieee80211_teardown_tdls_peers(link);
2833
2834 conf = rcu_dereference_protected(link->conf->chanctx_conf,
2835 lockdep_is_held(&local->hw.wiphy->mtx));
2836 if (ieee80211_vif_link_active(&sdata->vif, link->link_id) && !conf) {
2837 link_info(link,
2838 "no channel context assigned to vif?, disconnecting\n");
2839 goto drop_connection;
2840 }
2841
2842 if (conf)
2843 chanctx = container_of(conf, struct ieee80211_chanctx, conf);
2844
2845 if (!ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) {
2846 link_info(link,
2847 "driver doesn't support chan-switch with channel contexts\n");
2848 goto drop_connection;
2849 }
2850
2851 if (drv_pre_channel_switch(sdata, &ch_switch)) {
2852 link_info(link,
2853 "preparing for channel switch failed, disconnecting\n");
2854 goto drop_connection;
2855 }
2856
2857 link->u.mgd.csa.ap_chandef = csa_ie.chanreq.ap;
2858
2859 link->csa.chanreq.oper = csa_ie.chanreq.oper;
2860 ieee80211_set_chanreq_ap(sdata, &link->csa.chanreq, &link->u.mgd.conn,
2861 &csa_ie.chanreq.ap);
2862
2863 if (chanctx) {
2864 res = ieee80211_link_reserve_chanctx(link, &link->csa.chanreq,
2865 chanctx->mode, false);
2866 if (res) {
2867 link_info(link,
2868 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n",
2869 res);
2870 goto drop_connection;
2871 }
2872 }
2873
2874 link->conf->csa_active = true;
2875 link->u.mgd.csa.ignored_same_chan = false;
2876 link->u.mgd.beacon_crc_valid = false;
2877 link->u.mgd.csa.blocked_tx = csa_ie.mode;
2878
2879 if (csa_ie.mode)
2880 ieee80211_vif_block_queues_csa(sdata);
2881
2882 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chanreq.oper,
2883 link->link_id, csa_ie.count,
2884 csa_ie.mode);
2885
2886 /* we may have to handle timeout for deactivated link in software */
2887 now = jiffies;
2888 link->u.mgd.csa.time = now +
2889 TU_TO_JIFFIES((max_t(int, csa_ie.count, 1) - 1) *
2890 link->conf->beacon_int);
2891
2892 if (ieee80211_vif_link_active(&sdata->vif, link->link_id) &&
2893 local->ops->channel_switch) {
2894 /*
2895 * Use driver's channel switch callback, the driver will
2896 * later call ieee80211_chswitch_done(). It may deactivate
2897 * the link as well, we handle that elsewhere and queue
2898 * the csa.switch_work for the calculated time then.
2899 */
2900 drv_channel_switch(local, sdata, &ch_switch);
2901 return;
2902 }
2903
2904 /* channel switch handled in software */
2905 wiphy_delayed_work_queue(local->hw.wiphy,
2906 &link->u.mgd.csa.switch_work,
2907 link->u.mgd.csa.time - now);
2908 return;
2909 drop_connection:
2910 /*
2911 * This is just so that the disconnect flow will know that
2912 * we were trying to switch channel and failed. In case the
2913 * mode is 1 (we are not allowed to Tx), we will know not to
2914 * send a deauthentication frame. Those two fields will be
2915 * reset when the disconnection worker runs.
2916 */
2917 link->conf->csa_active = true;
2918 link->u.mgd.csa.blocked_tx = csa_ie.mode;
2919
2920 wiphy_work_queue(sdata->local->hw.wiphy,
2921 &ifmgd->csa_connection_drop_work);
2922 }
2923
2924 struct sta_bss_param_ch_cnt_data {
2925 struct ieee80211_sub_if_data *sdata;
2926 u8 reporting_link_id;
2927 u8 mld_id;
2928 };
2929
2930 static enum cfg80211_rnr_iter_ret
ieee80211_sta_bss_param_ch_cnt_iter(void * _data,u8 type,const struct ieee80211_neighbor_ap_info * info,const u8 * tbtt_info,u8 tbtt_info_len)2931 ieee80211_sta_bss_param_ch_cnt_iter(void *_data, u8 type,
2932 const struct ieee80211_neighbor_ap_info *info,
2933 const u8 *tbtt_info, u8 tbtt_info_len)
2934 {
2935 struct sta_bss_param_ch_cnt_data *data = _data;
2936 struct ieee80211_sub_if_data *sdata = data->sdata;
2937 const struct ieee80211_tbtt_info_ge_11 *ti;
2938 u8 bss_param_ch_cnt;
2939 int link_id;
2940
2941 if (type != IEEE80211_TBTT_INFO_TYPE_TBTT)
2942 return RNR_ITER_CONTINUE;
2943
2944 if (tbtt_info_len < sizeof(*ti))
2945 return RNR_ITER_CONTINUE;
2946
2947 ti = (const void *)tbtt_info;
2948
2949 if (ti->mld_params.mld_id != data->mld_id)
2950 return RNR_ITER_CONTINUE;
2951
2952 link_id = le16_get_bits(ti->mld_params.params,
2953 IEEE80211_RNR_MLD_PARAMS_LINK_ID);
2954 bss_param_ch_cnt =
2955 le16_get_bits(ti->mld_params.params,
2956 IEEE80211_RNR_MLD_PARAMS_BSS_CHANGE_COUNT);
2957
2958 if (bss_param_ch_cnt != 255 &&
2959 link_id < ARRAY_SIZE(sdata->link)) {
2960 struct ieee80211_link_data *link =
2961 sdata_dereference(sdata->link[link_id], sdata);
2962
2963 if (link && link->conf->bss_param_ch_cnt != bss_param_ch_cnt) {
2964 link->conf->bss_param_ch_cnt = bss_param_ch_cnt;
2965 link->conf->bss_param_ch_cnt_link_id =
2966 data->reporting_link_id;
2967 }
2968 }
2969
2970 return RNR_ITER_CONTINUE;
2971 }
2972
2973 static void
ieee80211_mgd_update_bss_param_ch_cnt(struct ieee80211_sub_if_data * sdata,struct ieee80211_bss_conf * bss_conf,struct ieee802_11_elems * elems)2974 ieee80211_mgd_update_bss_param_ch_cnt(struct ieee80211_sub_if_data *sdata,
2975 struct ieee80211_bss_conf *bss_conf,
2976 struct ieee802_11_elems *elems)
2977 {
2978 struct sta_bss_param_ch_cnt_data data = {
2979 .reporting_link_id = bss_conf->link_id,
2980 .sdata = sdata,
2981 };
2982 int bss_param_ch_cnt;
2983
2984 if (!elems->ml_basic)
2985 return;
2986
2987 data.mld_id = ieee80211_mle_get_mld_id((const void *)elems->ml_basic);
2988
2989 cfg80211_iter_rnr(elems->ie_start, elems->total_len,
2990 ieee80211_sta_bss_param_ch_cnt_iter, &data);
2991
2992 bss_param_ch_cnt =
2993 ieee80211_mle_get_bss_param_ch_cnt((const void *)elems->ml_basic);
2994
2995 /*
2996 * Update bss_param_ch_cnt_link_id even if bss_param_ch_cnt
2997 * didn't change to indicate that we got a beacon on our own
2998 * link.
2999 */
3000 if (bss_param_ch_cnt >= 0 && bss_param_ch_cnt != 255) {
3001 bss_conf->bss_param_ch_cnt = bss_param_ch_cnt;
3002 bss_conf->bss_param_ch_cnt_link_id =
3003 bss_conf->link_id;
3004 }
3005 }
3006
3007 static bool
ieee80211_find_80211h_pwr_constr(struct ieee80211_channel * channel,const u8 * country_ie,u8 country_ie_len,const u8 * pwr_constr_elem,int * chan_pwr,int * pwr_reduction)3008 ieee80211_find_80211h_pwr_constr(struct ieee80211_channel *channel,
3009 const u8 *country_ie, u8 country_ie_len,
3010 const u8 *pwr_constr_elem,
3011 int *chan_pwr, int *pwr_reduction)
3012 {
3013 struct ieee80211_country_ie_triplet *triplet;
3014 int chan = ieee80211_frequency_to_channel(channel->center_freq);
3015 int i, chan_increment;
3016 bool have_chan_pwr = false;
3017
3018 /* Invalid IE */
3019 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
3020 return false;
3021
3022 triplet = (void *)(country_ie + 3);
3023 country_ie_len -= 3;
3024
3025 switch (channel->band) {
3026 default:
3027 WARN_ON_ONCE(1);
3028 fallthrough;
3029 case NL80211_BAND_2GHZ:
3030 case NL80211_BAND_60GHZ:
3031 case NL80211_BAND_LC:
3032 chan_increment = 1;
3033 break;
3034 case NL80211_BAND_5GHZ:
3035 chan_increment = 4;
3036 break;
3037 case NL80211_BAND_6GHZ:
3038 /*
3039 * In the 6 GHz band, the "maximum transmit power level"
3040 * field in the triplets is reserved, and thus will be
3041 * zero and we shouldn't use it to control TX power.
3042 * The actual TX power will be given in the transmit
3043 * power envelope element instead.
3044 */
3045 return false;
3046 }
3047
3048 /* find channel */
3049 while (country_ie_len >= 3) {
3050 u8 first_channel = triplet->chans.first_channel;
3051
3052 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
3053 goto next;
3054
3055 for (i = 0; i < triplet->chans.num_channels; i++) {
3056 if (first_channel + i * chan_increment == chan) {
3057 have_chan_pwr = true;
3058 *chan_pwr = triplet->chans.max_power;
3059 break;
3060 }
3061 }
3062 if (have_chan_pwr)
3063 break;
3064
3065 next:
3066 triplet++;
3067 country_ie_len -= 3;
3068 }
3069
3070 if (have_chan_pwr && pwr_constr_elem)
3071 *pwr_reduction = *pwr_constr_elem;
3072 else
3073 *pwr_reduction = 0;
3074
3075 return have_chan_pwr;
3076 }
3077
ieee80211_find_cisco_dtpc(struct ieee80211_channel * channel,const u8 * cisco_dtpc_ie,int * pwr_level)3078 static void ieee80211_find_cisco_dtpc(struct ieee80211_channel *channel,
3079 const u8 *cisco_dtpc_ie,
3080 int *pwr_level)
3081 {
3082 /* From practical testing, the first data byte of the DTPC element
3083 * seems to contain the requested dBm level, and the CLI on Cisco
3084 * APs clearly state the range is -127 to 127 dBm, which indicates
3085 * a signed byte, although it seemingly never actually goes negative.
3086 * The other byte seems to always be zero.
3087 */
3088 *pwr_level = (__s8)cisco_dtpc_ie[4];
3089 }
3090
ieee80211_handle_pwr_constr(struct ieee80211_link_data * link,struct ieee80211_channel * channel,struct ieee80211_mgmt * mgmt,const u8 * country_ie,u8 country_ie_len,const u8 * pwr_constr_ie,const u8 * cisco_dtpc_ie)3091 static u64 ieee80211_handle_pwr_constr(struct ieee80211_link_data *link,
3092 struct ieee80211_channel *channel,
3093 struct ieee80211_mgmt *mgmt,
3094 const u8 *country_ie, u8 country_ie_len,
3095 const u8 *pwr_constr_ie,
3096 const u8 *cisco_dtpc_ie)
3097 {
3098 struct ieee80211_sub_if_data *sdata = link->sdata;
3099 bool has_80211h_pwr = false, has_cisco_pwr = false;
3100 int chan_pwr = 0, pwr_reduction_80211h = 0;
3101 int pwr_level_cisco, pwr_level_80211h;
3102 int new_ap_level;
3103 __le16 capab = mgmt->u.probe_resp.capab_info;
3104
3105 if (ieee80211_is_s1g_beacon(mgmt->frame_control))
3106 return 0; /* TODO */
3107
3108 if (country_ie &&
3109 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) ||
3110 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) {
3111 has_80211h_pwr = ieee80211_find_80211h_pwr_constr(
3112 channel, country_ie, country_ie_len,
3113 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h);
3114 pwr_level_80211h =
3115 max_t(int, 0, chan_pwr - pwr_reduction_80211h);
3116 }
3117
3118 if (cisco_dtpc_ie) {
3119 ieee80211_find_cisco_dtpc(
3120 channel, cisco_dtpc_ie, &pwr_level_cisco);
3121 has_cisco_pwr = true;
3122 }
3123
3124 if (!has_80211h_pwr && !has_cisco_pwr)
3125 return 0;
3126
3127 /* If we have both 802.11h and Cisco DTPC, apply both limits
3128 * by picking the smallest of the two power levels advertised.
3129 */
3130 if (has_80211h_pwr &&
3131 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) {
3132 new_ap_level = pwr_level_80211h;
3133
3134 if (link->ap_power_level == new_ap_level)
3135 return 0;
3136
3137 sdata_dbg(sdata,
3138 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
3139 pwr_level_80211h, chan_pwr, pwr_reduction_80211h,
3140 link->u.mgd.bssid);
3141 } else { /* has_cisco_pwr is always true here. */
3142 new_ap_level = pwr_level_cisco;
3143
3144 if (link->ap_power_level == new_ap_level)
3145 return 0;
3146
3147 sdata_dbg(sdata,
3148 "Limiting TX power to %d dBm as advertised by %pM\n",
3149 pwr_level_cisco, link->u.mgd.bssid);
3150 }
3151
3152 link->ap_power_level = new_ap_level;
3153 if (__ieee80211_recalc_txpower(link))
3154 return BSS_CHANGED_TXPOWER;
3155 return 0;
3156 }
3157
3158 /* powersave */
ieee80211_enable_ps(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)3159 static void ieee80211_enable_ps(struct ieee80211_local *local,
3160 struct ieee80211_sub_if_data *sdata)
3161 {
3162 struct ieee80211_conf *conf = &local->hw.conf;
3163
3164 /*
3165 * If we are scanning right now then the parameters will
3166 * take effect when scan finishes.
3167 */
3168 if (local->scanning)
3169 return;
3170
3171 if (conf->dynamic_ps_timeout > 0 &&
3172 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
3173 mod_timer(&local->dynamic_ps_timer, jiffies +
3174 msecs_to_jiffies(conf->dynamic_ps_timeout));
3175 } else {
3176 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
3177 ieee80211_send_nullfunc(local, sdata, true);
3178
3179 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
3180 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
3181 return;
3182
3183 conf->flags |= IEEE80211_CONF_PS;
3184 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
3185 }
3186 }
3187
ieee80211_change_ps(struct ieee80211_local * local)3188 static void ieee80211_change_ps(struct ieee80211_local *local)
3189 {
3190 struct ieee80211_conf *conf = &local->hw.conf;
3191
3192 if (local->ps_sdata) {
3193 ieee80211_enable_ps(local, local->ps_sdata);
3194 } else if (conf->flags & IEEE80211_CONF_PS) {
3195 conf->flags &= ~IEEE80211_CONF_PS;
3196 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
3197 del_timer_sync(&local->dynamic_ps_timer);
3198 wiphy_work_cancel(local->hw.wiphy,
3199 &local->dynamic_ps_enable_work);
3200 }
3201 }
3202
ieee80211_powersave_allowed(struct ieee80211_sub_if_data * sdata)3203 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
3204 {
3205 struct ieee80211_local *local = sdata->local;
3206 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
3207 struct sta_info *sta = NULL;
3208 bool authorized = false;
3209
3210 if (!mgd->powersave)
3211 return false;
3212
3213 if (mgd->broken_ap)
3214 return false;
3215
3216 if (!mgd->associated)
3217 return false;
3218
3219 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
3220 return false;
3221
3222 if (!(local->hw.wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO) &&
3223 !sdata->deflink.u.mgd.have_beacon)
3224 return false;
3225
3226 rcu_read_lock();
3227 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
3228 if (sta)
3229 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
3230 rcu_read_unlock();
3231
3232 return authorized;
3233 }
3234
3235 /* need to hold RTNL or interface lock */
ieee80211_recalc_ps(struct ieee80211_local * local)3236 void ieee80211_recalc_ps(struct ieee80211_local *local)
3237 {
3238 struct ieee80211_sub_if_data *sdata, *found = NULL;
3239 int count = 0;
3240 int timeout;
3241
3242 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS) ||
3243 ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
3244 local->ps_sdata = NULL;
3245 return;
3246 }
3247
3248 list_for_each_entry(sdata, &local->interfaces, list) {
3249 if (!ieee80211_sdata_running(sdata))
3250 continue;
3251 if (sdata->vif.type == NL80211_IFTYPE_AP) {
3252 /* If an AP vif is found, then disable PS
3253 * by setting the count to zero thereby setting
3254 * ps_sdata to NULL.
3255 */
3256 count = 0;
3257 break;
3258 }
3259 if (sdata->vif.type != NL80211_IFTYPE_STATION)
3260 continue;
3261 found = sdata;
3262 count++;
3263 }
3264
3265 if (count == 1 && ieee80211_powersave_allowed(found)) {
3266 u8 dtimper = found->deflink.u.mgd.dtim_period;
3267
3268 timeout = local->dynamic_ps_forced_timeout;
3269 if (timeout < 0)
3270 timeout = 100;
3271 local->hw.conf.dynamic_ps_timeout = timeout;
3272
3273 /* If the TIM IE is invalid, pretend the value is 1 */
3274 if (!dtimper)
3275 dtimper = 1;
3276
3277 local->hw.conf.ps_dtim_period = dtimper;
3278 local->ps_sdata = found;
3279 } else {
3280 local->ps_sdata = NULL;
3281 }
3282
3283 ieee80211_change_ps(local);
3284 }
3285
ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data * sdata)3286 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
3287 {
3288 bool ps_allowed = ieee80211_powersave_allowed(sdata);
3289
3290 if (sdata->vif.cfg.ps != ps_allowed) {
3291 sdata->vif.cfg.ps = ps_allowed;
3292 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_PS);
3293 }
3294 }
3295
ieee80211_dynamic_ps_disable_work(struct wiphy * wiphy,struct wiphy_work * work)3296 void ieee80211_dynamic_ps_disable_work(struct wiphy *wiphy,
3297 struct wiphy_work *work)
3298 {
3299 struct ieee80211_local *local =
3300 container_of(work, struct ieee80211_local,
3301 dynamic_ps_disable_work);
3302
3303 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
3304 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
3305 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
3306 }
3307
3308 ieee80211_wake_queues_by_reason(&local->hw,
3309 IEEE80211_MAX_QUEUE_MAP,
3310 IEEE80211_QUEUE_STOP_REASON_PS,
3311 false);
3312 }
3313
ieee80211_dynamic_ps_enable_work(struct wiphy * wiphy,struct wiphy_work * work)3314 void ieee80211_dynamic_ps_enable_work(struct wiphy *wiphy,
3315 struct wiphy_work *work)
3316 {
3317 struct ieee80211_local *local =
3318 container_of(work, struct ieee80211_local,
3319 dynamic_ps_enable_work);
3320 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
3321 struct ieee80211_if_managed *ifmgd;
3322 unsigned long flags;
3323 int q;
3324
3325 /* can only happen when PS was just disabled anyway */
3326 if (!sdata)
3327 return;
3328
3329 ifmgd = &sdata->u.mgd;
3330
3331 if (local->hw.conf.flags & IEEE80211_CONF_PS)
3332 return;
3333
3334 if (local->hw.conf.dynamic_ps_timeout > 0) {
3335 /* don't enter PS if TX frames are pending */
3336 if (drv_tx_frames_pending(local)) {
3337 mod_timer(&local->dynamic_ps_timer, jiffies +
3338 msecs_to_jiffies(
3339 local->hw.conf.dynamic_ps_timeout));
3340 return;
3341 }
3342
3343 /*
3344 * transmission can be stopped by others which leads to
3345 * dynamic_ps_timer expiry. Postpone the ps timer if it
3346 * is not the actual idle state.
3347 */
3348 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
3349 for (q = 0; q < local->hw.queues; q++) {
3350 if (local->queue_stop_reasons[q]) {
3351 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
3352 flags);
3353 mod_timer(&local->dynamic_ps_timer, jiffies +
3354 msecs_to_jiffies(
3355 local->hw.conf.dynamic_ps_timeout));
3356 return;
3357 }
3358 }
3359 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
3360 }
3361
3362 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
3363 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
3364 if (drv_tx_frames_pending(local)) {
3365 mod_timer(&local->dynamic_ps_timer, jiffies +
3366 msecs_to_jiffies(
3367 local->hw.conf.dynamic_ps_timeout));
3368 } else {
3369 ieee80211_send_nullfunc(local, sdata, true);
3370 /* Flush to get the tx status of nullfunc frame */
3371 ieee80211_flush_queues(local, sdata, false);
3372 }
3373 }
3374
3375 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
3376 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) ||
3377 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
3378 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
3379 local->hw.conf.flags |= IEEE80211_CONF_PS;
3380 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
3381 }
3382 }
3383
ieee80211_dynamic_ps_timer(struct timer_list * t)3384 void ieee80211_dynamic_ps_timer(struct timer_list *t)
3385 {
3386 struct ieee80211_local *local = from_timer(local, t, dynamic_ps_timer);
3387
3388 wiphy_work_queue(local->hw.wiphy, &local->dynamic_ps_enable_work);
3389 }
3390
ieee80211_dfs_cac_timer_work(struct wiphy * wiphy,struct wiphy_work * work)3391 void ieee80211_dfs_cac_timer_work(struct wiphy *wiphy, struct wiphy_work *work)
3392 {
3393 struct ieee80211_link_data *link =
3394 container_of(work, struct ieee80211_link_data,
3395 dfs_cac_timer_work.work);
3396 struct cfg80211_chan_def chandef = link->conf->chanreq.oper;
3397 struct ieee80211_sub_if_data *sdata = link->sdata;
3398
3399 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3400
3401 if (sdata->wdev.links[link->link_id].cac_started) {
3402 ieee80211_link_release_channel(link);
3403 cfg80211_cac_event(sdata->dev, &chandef,
3404 NL80211_RADAR_CAC_FINISHED,
3405 GFP_KERNEL, link->link_id);
3406 }
3407 }
3408
3409 static bool
__ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data * sdata)3410 __ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
3411 {
3412 struct ieee80211_local *local = sdata->local;
3413 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3414 bool ret = false;
3415 int ac;
3416
3417 if (local->hw.queues < IEEE80211_NUM_ACS)
3418 return false;
3419
3420 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3421 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
3422 int non_acm_ac;
3423 unsigned long now = jiffies;
3424
3425 if (tx_tspec->action == TX_TSPEC_ACTION_NONE &&
3426 tx_tspec->admitted_time &&
3427 time_after(now, tx_tspec->time_slice_start + HZ)) {
3428 tx_tspec->consumed_tx_time = 0;
3429 tx_tspec->time_slice_start = now;
3430
3431 if (tx_tspec->downgraded)
3432 tx_tspec->action =
3433 TX_TSPEC_ACTION_STOP_DOWNGRADE;
3434 }
3435
3436 switch (tx_tspec->action) {
3437 case TX_TSPEC_ACTION_STOP_DOWNGRADE:
3438 /* take the original parameters */
3439 if (drv_conf_tx(local, &sdata->deflink, ac,
3440 &sdata->deflink.tx_conf[ac]))
3441 link_err(&sdata->deflink,
3442 "failed to set TX queue parameters for queue %d\n",
3443 ac);
3444 tx_tspec->action = TX_TSPEC_ACTION_NONE;
3445 tx_tspec->downgraded = false;
3446 ret = true;
3447 break;
3448 case TX_TSPEC_ACTION_DOWNGRADE:
3449 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
3450 tx_tspec->action = TX_TSPEC_ACTION_NONE;
3451 ret = true;
3452 break;
3453 }
3454 /* downgrade next lower non-ACM AC */
3455 for (non_acm_ac = ac + 1;
3456 non_acm_ac < IEEE80211_NUM_ACS;
3457 non_acm_ac++)
3458 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac)))
3459 break;
3460 /* Usually the loop will result in using BK even if it
3461 * requires admission control, but such a configuration
3462 * makes no sense and we have to transmit somehow - the
3463 * AC selection does the same thing.
3464 * If we started out trying to downgrade from BK, then
3465 * the extra condition here might be needed.
3466 */
3467 if (non_acm_ac >= IEEE80211_NUM_ACS)
3468 non_acm_ac = IEEE80211_AC_BK;
3469 if (drv_conf_tx(local, &sdata->deflink, ac,
3470 &sdata->deflink.tx_conf[non_acm_ac]))
3471 link_err(&sdata->deflink,
3472 "failed to set TX queue parameters for queue %d\n",
3473 ac);
3474 tx_tspec->action = TX_TSPEC_ACTION_NONE;
3475 ret = true;
3476 wiphy_delayed_work_queue(local->hw.wiphy,
3477 &ifmgd->tx_tspec_wk,
3478 tx_tspec->time_slice_start +
3479 HZ - now + 1);
3480 break;
3481 case TX_TSPEC_ACTION_NONE:
3482 /* nothing now */
3483 break;
3484 }
3485 }
3486
3487 return ret;
3488 }
3489
ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data * sdata)3490 void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
3491 {
3492 if (__ieee80211_sta_handle_tspec_ac_params(sdata))
3493 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
3494 BSS_CHANGED_QOS);
3495 }
3496
ieee80211_sta_handle_tspec_ac_params_wk(struct wiphy * wiphy,struct wiphy_work * work)3497 static void ieee80211_sta_handle_tspec_ac_params_wk(struct wiphy *wiphy,
3498 struct wiphy_work *work)
3499 {
3500 struct ieee80211_sub_if_data *sdata;
3501
3502 sdata = container_of(work, struct ieee80211_sub_if_data,
3503 u.mgd.tx_tspec_wk.work);
3504 ieee80211_sta_handle_tspec_ac_params(sdata);
3505 }
3506
ieee80211_mgd_set_link_qos_params(struct ieee80211_link_data * link)3507 void ieee80211_mgd_set_link_qos_params(struct ieee80211_link_data *link)
3508 {
3509 struct ieee80211_sub_if_data *sdata = link->sdata;
3510 struct ieee80211_local *local = sdata->local;
3511 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3512 struct ieee80211_tx_queue_params *params = link->tx_conf;
3513 u8 ac;
3514
3515 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3516 mlme_dbg(sdata,
3517 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n",
3518 ac, params[ac].acm,
3519 params[ac].aifs, params[ac].cw_min, params[ac].cw_max,
3520 params[ac].txop, params[ac].uapsd,
3521 ifmgd->tx_tspec[ac].downgraded);
3522 if (!ifmgd->tx_tspec[ac].downgraded &&
3523 drv_conf_tx(local, link, ac, ¶ms[ac]))
3524 link_err(link,
3525 "failed to set TX queue parameters for AC %d\n",
3526 ac);
3527 }
3528 }
3529
3530 /* MLME */
3531 static bool
_ieee80211_sta_wmm_params(struct ieee80211_local * local,struct ieee80211_link_data * link,const u8 * wmm_param,size_t wmm_param_len,const struct ieee80211_mu_edca_param_set * mu_edca)3532 _ieee80211_sta_wmm_params(struct ieee80211_local *local,
3533 struct ieee80211_link_data *link,
3534 const u8 *wmm_param, size_t wmm_param_len,
3535 const struct ieee80211_mu_edca_param_set *mu_edca)
3536 {
3537 struct ieee80211_sub_if_data *sdata = link->sdata;
3538 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS];
3539 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3540 size_t left;
3541 int count, mu_edca_count, ac;
3542 const u8 *pos;
3543 u8 uapsd_queues = 0;
3544
3545 if (!local->ops->conf_tx)
3546 return false;
3547
3548 if (local->hw.queues < IEEE80211_NUM_ACS)
3549 return false;
3550
3551 if (!wmm_param)
3552 return false;
3553
3554 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
3555 return false;
3556
3557 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
3558 uapsd_queues = ifmgd->uapsd_queues;
3559
3560 count = wmm_param[6] & 0x0f;
3561 /* -1 is the initial value of ifmgd->mu_edca_last_param_set.
3562 * if mu_edca was preset before and now it disappeared tell
3563 * the driver about it.
3564 */
3565 mu_edca_count = mu_edca ? mu_edca->mu_qos_info & 0x0f : -1;
3566 if (count == link->u.mgd.wmm_last_param_set &&
3567 mu_edca_count == link->u.mgd.mu_edca_last_param_set)
3568 return false;
3569 link->u.mgd.wmm_last_param_set = count;
3570 link->u.mgd.mu_edca_last_param_set = mu_edca_count;
3571
3572 pos = wmm_param + 8;
3573 left = wmm_param_len - 8;
3574
3575 memset(¶ms, 0, sizeof(params));
3576
3577 sdata->wmm_acm = 0;
3578 for (; left >= 4; left -= 4, pos += 4) {
3579 int aci = (pos[0] >> 5) & 0x03;
3580 int acm = (pos[0] >> 4) & 0x01;
3581 bool uapsd = false;
3582
3583 switch (aci) {
3584 case 1: /* AC_BK */
3585 ac = IEEE80211_AC_BK;
3586 if (acm)
3587 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
3588 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
3589 uapsd = true;
3590 params[ac].mu_edca = !!mu_edca;
3591 if (mu_edca)
3592 params[ac].mu_edca_param_rec = mu_edca->ac_bk;
3593 break;
3594 case 2: /* AC_VI */
3595 ac = IEEE80211_AC_VI;
3596 if (acm)
3597 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
3598 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
3599 uapsd = true;
3600 params[ac].mu_edca = !!mu_edca;
3601 if (mu_edca)
3602 params[ac].mu_edca_param_rec = mu_edca->ac_vi;
3603 break;
3604 case 3: /* AC_VO */
3605 ac = IEEE80211_AC_VO;
3606 if (acm)
3607 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
3608 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
3609 uapsd = true;
3610 params[ac].mu_edca = !!mu_edca;
3611 if (mu_edca)
3612 params[ac].mu_edca_param_rec = mu_edca->ac_vo;
3613 break;
3614 case 0: /* AC_BE */
3615 default:
3616 ac = IEEE80211_AC_BE;
3617 if (acm)
3618 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
3619 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
3620 uapsd = true;
3621 params[ac].mu_edca = !!mu_edca;
3622 if (mu_edca)
3623 params[ac].mu_edca_param_rec = mu_edca->ac_be;
3624 break;
3625 }
3626
3627 params[ac].aifs = pos[0] & 0x0f;
3628
3629 if (params[ac].aifs < 2) {
3630 link_info(link,
3631 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n",
3632 params[ac].aifs, aci);
3633 params[ac].aifs = 2;
3634 }
3635 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
3636 params[ac].cw_min = ecw2cw(pos[1] & 0x0f);
3637 params[ac].txop = get_unaligned_le16(pos + 2);
3638 params[ac].acm = acm;
3639 params[ac].uapsd = uapsd;
3640
3641 if (params[ac].cw_min == 0 ||
3642 params[ac].cw_min > params[ac].cw_max) {
3643 link_info(link,
3644 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n",
3645 params[ac].cw_min, params[ac].cw_max, aci);
3646 return false;
3647 }
3648 ieee80211_regulatory_limit_wmm_params(sdata, ¶ms[ac], ac);
3649 }
3650
3651 /* WMM specification requires all 4 ACIs. */
3652 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3653 if (params[ac].cw_min == 0) {
3654 link_info(link,
3655 "AP has invalid WMM params (missing AC %d), using defaults\n",
3656 ac);
3657 return false;
3658 }
3659 }
3660
3661 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
3662 link->tx_conf[ac] = params[ac];
3663
3664 return true;
3665 }
3666
3667 static bool
ieee80211_sta_wmm_params(struct ieee80211_local * local,struct ieee80211_link_data * link,const u8 * wmm_param,size_t wmm_param_len,const struct ieee80211_mu_edca_param_set * mu_edca)3668 ieee80211_sta_wmm_params(struct ieee80211_local *local,
3669 struct ieee80211_link_data *link,
3670 const u8 *wmm_param, size_t wmm_param_len,
3671 const struct ieee80211_mu_edca_param_set *mu_edca)
3672 {
3673 if (!_ieee80211_sta_wmm_params(local, link, wmm_param, wmm_param_len,
3674 mu_edca))
3675 return false;
3676
3677 ieee80211_mgd_set_link_qos_params(link);
3678
3679 /* enable WMM or activate new settings */
3680 link->conf->qos = true;
3681 return true;
3682 }
3683
__ieee80211_stop_poll(struct ieee80211_sub_if_data * sdata)3684 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
3685 {
3686 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3687
3688 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
3689 ieee80211_run_deferred_scan(sdata->local);
3690 }
3691
ieee80211_stop_poll(struct ieee80211_sub_if_data * sdata)3692 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
3693 {
3694 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3695
3696 __ieee80211_stop_poll(sdata);
3697 }
3698
ieee80211_handle_bss_capability(struct ieee80211_link_data * link,u16 capab,bool erp_valid,u8 erp)3699 static u64 ieee80211_handle_bss_capability(struct ieee80211_link_data *link,
3700 u16 capab, bool erp_valid, u8 erp)
3701 {
3702 struct ieee80211_bss_conf *bss_conf = link->conf;
3703 struct ieee80211_supported_band *sband;
3704 u64 changed = 0;
3705 bool use_protection;
3706 bool use_short_preamble;
3707 bool use_short_slot;
3708
3709 sband = ieee80211_get_link_sband(link);
3710 if (!sband)
3711 return changed;
3712
3713 if (erp_valid) {
3714 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
3715 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
3716 } else {
3717 use_protection = false;
3718 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
3719 }
3720
3721 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
3722 if (sband->band == NL80211_BAND_5GHZ ||
3723 sband->band == NL80211_BAND_6GHZ)
3724 use_short_slot = true;
3725
3726 if (use_protection != bss_conf->use_cts_prot) {
3727 bss_conf->use_cts_prot = use_protection;
3728 changed |= BSS_CHANGED_ERP_CTS_PROT;
3729 }
3730
3731 if (use_short_preamble != bss_conf->use_short_preamble) {
3732 bss_conf->use_short_preamble = use_short_preamble;
3733 changed |= BSS_CHANGED_ERP_PREAMBLE;
3734 }
3735
3736 if (use_short_slot != bss_conf->use_short_slot) {
3737 bss_conf->use_short_slot = use_short_slot;
3738 changed |= BSS_CHANGED_ERP_SLOT;
3739 }
3740
3741 return changed;
3742 }
3743
ieee80211_link_set_associated(struct ieee80211_link_data * link,struct cfg80211_bss * cbss)3744 static u64 ieee80211_link_set_associated(struct ieee80211_link_data *link,
3745 struct cfg80211_bss *cbss)
3746 {
3747 struct ieee80211_sub_if_data *sdata = link->sdata;
3748 struct ieee80211_bss_conf *bss_conf = link->conf;
3749 struct ieee80211_bss *bss = (void *)cbss->priv;
3750 u64 changed = BSS_CHANGED_QOS;
3751
3752 /* not really used in MLO */
3753 sdata->u.mgd.beacon_timeout =
3754 usecs_to_jiffies(ieee80211_tu_to_usec(beacon_loss_count *
3755 bss_conf->beacon_int));
3756
3757 changed |= ieee80211_handle_bss_capability(link,
3758 bss_conf->assoc_capability,
3759 bss->has_erp_value,
3760 bss->erp_value);
3761
3762 ieee80211_check_rate_mask(link);
3763
3764 link->conf->bss = cbss;
3765 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN);
3766
3767 if (sdata->vif.p2p ||
3768 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
3769 const struct cfg80211_bss_ies *ies;
3770
3771 rcu_read_lock();
3772 ies = rcu_dereference(cbss->ies);
3773 if (ies) {
3774 int ret;
3775
3776 ret = cfg80211_get_p2p_attr(
3777 ies->data, ies->len,
3778 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
3779 (u8 *) &bss_conf->p2p_noa_attr,
3780 sizeof(bss_conf->p2p_noa_attr));
3781 if (ret >= 2) {
3782 link->u.mgd.p2p_noa_index =
3783 bss_conf->p2p_noa_attr.index;
3784 changed |= BSS_CHANGED_P2P_PS;
3785 }
3786 }
3787 rcu_read_unlock();
3788 }
3789
3790 if (link->u.mgd.have_beacon) {
3791 bss_conf->beacon_rate = bss->beacon_rate;
3792 changed |= BSS_CHANGED_BEACON_INFO;
3793 } else {
3794 bss_conf->beacon_rate = NULL;
3795 }
3796
3797 /* Tell the driver to monitor connection quality (if supported) */
3798 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
3799 bss_conf->cqm_rssi_thold)
3800 changed |= BSS_CHANGED_CQM;
3801
3802 return changed;
3803 }
3804
ieee80211_set_associated(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * assoc_data,u64 changed[IEEE80211_MLD_MAX_NUM_LINKS])3805 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
3806 struct ieee80211_mgd_assoc_data *assoc_data,
3807 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS])
3808 {
3809 struct ieee80211_local *local = sdata->local;
3810 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
3811 u64 vif_changed = BSS_CHANGED_ASSOC;
3812 unsigned int link_id;
3813
3814 lockdep_assert_wiphy(local->hw.wiphy);
3815
3816 sdata->u.mgd.associated = true;
3817
3818 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
3819 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
3820 struct ieee80211_link_data *link;
3821
3822 if (!cbss ||
3823 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS)
3824 continue;
3825
3826 if (ieee80211_vif_is_mld(&sdata->vif) &&
3827 !(ieee80211_vif_usable_links(&sdata->vif) & BIT(link_id)))
3828 continue;
3829
3830 link = sdata_dereference(sdata->link[link_id], sdata);
3831 if (WARN_ON(!link))
3832 return;
3833
3834 changed[link_id] |= ieee80211_link_set_associated(link, cbss);
3835 }
3836
3837 /* just to be sure */
3838 ieee80211_stop_poll(sdata);
3839
3840 ieee80211_led_assoc(local, 1);
3841
3842 vif_cfg->assoc = 1;
3843
3844 /* Enable ARP filtering */
3845 if (vif_cfg->arp_addr_cnt)
3846 vif_changed |= BSS_CHANGED_ARP_FILTER;
3847
3848 if (ieee80211_vif_is_mld(&sdata->vif)) {
3849 for (link_id = 0;
3850 link_id < IEEE80211_MLD_MAX_NUM_LINKS;
3851 link_id++) {
3852 struct ieee80211_link_data *link;
3853 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
3854
3855 if (!cbss ||
3856 !(BIT(link_id) &
3857 ieee80211_vif_usable_links(&sdata->vif)) ||
3858 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS)
3859 continue;
3860
3861 link = sdata_dereference(sdata->link[link_id], sdata);
3862 if (WARN_ON(!link))
3863 return;
3864
3865 ieee80211_link_info_change_notify(sdata, link,
3866 changed[link_id]);
3867
3868 ieee80211_recalc_smps(sdata, link);
3869 }
3870
3871 ieee80211_vif_cfg_change_notify(sdata, vif_changed);
3872 } else {
3873 ieee80211_bss_info_change_notify(sdata,
3874 vif_changed | changed[0]);
3875 }
3876
3877 ieee80211_recalc_ps(local);
3878
3879 /* leave this here to not change ordering in non-MLO cases */
3880 if (!ieee80211_vif_is_mld(&sdata->vif))
3881 ieee80211_recalc_smps(sdata, &sdata->deflink);
3882 ieee80211_recalc_ps_vif(sdata);
3883
3884 netif_carrier_on(sdata->dev);
3885 }
3886
ieee80211_ml_reconf_reset(struct ieee80211_sub_if_data * sdata)3887 static void ieee80211_ml_reconf_reset(struct ieee80211_sub_if_data *sdata)
3888 {
3889 struct ieee80211_mgd_assoc_data *add_links_data =
3890 sdata->u.mgd.reconf.add_links_data;
3891
3892 if (!ieee80211_vif_is_mld(&sdata->vif) ||
3893 !(sdata->u.mgd.reconf.added_links |
3894 sdata->u.mgd.reconf.removed_links))
3895 return;
3896
3897 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
3898 &sdata->u.mgd.reconf.wk);
3899 sdata->u.mgd.reconf.added_links = 0;
3900 sdata->u.mgd.reconf.removed_links = 0;
3901 sdata->u.mgd.reconf.dialog_token = 0;
3902
3903 if (add_links_data) {
3904 struct cfg80211_mlo_reconf_done_data done_data = {};
3905 u8 link_id;
3906
3907 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
3908 link_id++)
3909 done_data.links[link_id].bss =
3910 add_links_data->link[link_id].bss;
3911
3912 cfg80211_mlo_reconf_add_done(sdata->dev, &done_data);
3913
3914 kfree(sdata->u.mgd.reconf.add_links_data);
3915 sdata->u.mgd.reconf.add_links_data = NULL;
3916 }
3917 }
3918
ieee80211_set_disassoc(struct ieee80211_sub_if_data * sdata,u16 stype,u16 reason,bool tx,u8 * frame_buf)3919 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
3920 u16 stype, u16 reason, bool tx,
3921 u8 *frame_buf)
3922 {
3923 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3924 struct ieee80211_local *local = sdata->local;
3925 struct sta_info *ap_sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
3926 unsigned int link_id;
3927 u64 changed = 0;
3928 struct ieee80211_prep_tx_info info = {
3929 .subtype = stype,
3930 .was_assoc = true,
3931 .link_id = ffs(sdata->vif.active_links) - 1,
3932 };
3933
3934 lockdep_assert_wiphy(local->hw.wiphy);
3935
3936 if (WARN_ON(!ap_sta))
3937 return;
3938
3939 if (WARN_ON_ONCE(tx && !frame_buf))
3940 return;
3941
3942 if (WARN_ON(!ifmgd->associated))
3943 return;
3944
3945 ieee80211_stop_poll(sdata);
3946
3947 ifmgd->associated = false;
3948
3949 if (tx) {
3950 bool tx_link_found = false;
3951
3952 for (link_id = 0;
3953 link_id < ARRAY_SIZE(sdata->link);
3954 link_id++) {
3955 struct ieee80211_link_data *link;
3956
3957 if (!ieee80211_vif_link_active(&sdata->vif, link_id))
3958 continue;
3959
3960 link = sdata_dereference(sdata->link[link_id], sdata);
3961 if (WARN_ON_ONCE(!link))
3962 continue;
3963
3964 if (link->u.mgd.csa.blocked_tx)
3965 continue;
3966
3967 tx_link_found = true;
3968 break;
3969 }
3970
3971 tx = tx_link_found;
3972 }
3973
3974 /* other links will be destroyed */
3975 sdata->deflink.conf->bss = NULL;
3976 sdata->deflink.conf->epcs_support = false;
3977 sdata->deflink.smps_mode = IEEE80211_SMPS_OFF;
3978
3979 netif_carrier_off(sdata->dev);
3980
3981 /*
3982 * if we want to get out of ps before disassoc (why?) we have
3983 * to do it before sending disassoc, as otherwise the null-packet
3984 * won't be valid.
3985 */
3986 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
3987 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
3988 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
3989 }
3990 local->ps_sdata = NULL;
3991
3992 /* disable per-vif ps */
3993 ieee80211_recalc_ps_vif(sdata);
3994
3995 /* make sure ongoing transmission finishes */
3996 synchronize_net();
3997
3998 /*
3999 * drop any frame before deauth/disassoc, this can be data or
4000 * management frame. Since we are disconnecting, we should not
4001 * insist sending these frames which can take time and delay
4002 * the disconnection and possible the roaming.
4003 */
4004 ieee80211_flush_queues(local, sdata, true);
4005
4006 if (tx) {
4007 drv_mgd_prepare_tx(sdata->local, sdata, &info);
4008
4009 ieee80211_send_deauth_disassoc(sdata, sdata->vif.cfg.ap_addr,
4010 sdata->vif.cfg.ap_addr, stype,
4011 reason, true, frame_buf);
4012
4013 /* flush out frame - make sure the deauth was actually sent */
4014 ieee80211_flush_queues(local, sdata, false);
4015
4016 drv_mgd_complete_tx(sdata->local, sdata, &info);
4017 } else if (frame_buf) {
4018 ieee80211_send_deauth_disassoc(sdata, sdata->vif.cfg.ap_addr,
4019 sdata->vif.cfg.ap_addr, stype,
4020 reason, false, frame_buf);
4021 }
4022
4023 /* clear AP addr only after building the needed mgmt frames */
4024 eth_zero_addr(sdata->deflink.u.mgd.bssid);
4025 eth_zero_addr(sdata->vif.cfg.ap_addr);
4026
4027 sdata->vif.cfg.ssid_len = 0;
4028
4029 /* Remove TDLS peers */
4030 __sta_info_flush(sdata, false, -1, ap_sta);
4031
4032 if (sdata->vif.driver_flags & IEEE80211_VIF_REMOVE_AP_AFTER_DISASSOC) {
4033 /* Only move the AP state */
4034 sta_info_move_state(ap_sta, IEEE80211_STA_NONE);
4035 } else {
4036 /* Remove AP peer */
4037 sta_info_flush(sdata, -1);
4038 }
4039
4040 /* finally reset all BSS / config parameters */
4041 if (!ieee80211_vif_is_mld(&sdata->vif))
4042 changed |= ieee80211_reset_erp_info(sdata);
4043
4044 ieee80211_led_assoc(local, 0);
4045 changed |= BSS_CHANGED_ASSOC;
4046 sdata->vif.cfg.assoc = false;
4047
4048 sdata->deflink.u.mgd.p2p_noa_index = -1;
4049 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
4050 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
4051
4052 /* on the next assoc, re-program HT/VHT parameters */
4053 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
4054 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
4055 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
4056 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
4057
4058 /*
4059 * reset MU-MIMO ownership and group data in default link,
4060 * if used, other links are destroyed
4061 */
4062 memset(sdata->vif.bss_conf.mu_group.membership, 0,
4063 sizeof(sdata->vif.bss_conf.mu_group.membership));
4064 memset(sdata->vif.bss_conf.mu_group.position, 0,
4065 sizeof(sdata->vif.bss_conf.mu_group.position));
4066 if (!ieee80211_vif_is_mld(&sdata->vif))
4067 changed |= BSS_CHANGED_MU_GROUPS;
4068 sdata->vif.bss_conf.mu_mimo_owner = false;
4069
4070 sdata->deflink.ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
4071
4072 del_timer_sync(&local->dynamic_ps_timer);
4073 wiphy_work_cancel(local->hw.wiphy, &local->dynamic_ps_enable_work);
4074
4075 /* Disable ARP filtering */
4076 if (sdata->vif.cfg.arp_addr_cnt)
4077 changed |= BSS_CHANGED_ARP_FILTER;
4078
4079 sdata->vif.bss_conf.qos = false;
4080 if (!ieee80211_vif_is_mld(&sdata->vif)) {
4081 changed |= BSS_CHANGED_QOS;
4082 /* The BSSID (not really interesting) and HT changed */
4083 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
4084 ieee80211_bss_info_change_notify(sdata, changed);
4085 } else {
4086 ieee80211_vif_cfg_change_notify(sdata, changed);
4087 }
4088
4089 if (sdata->vif.driver_flags & IEEE80211_VIF_REMOVE_AP_AFTER_DISASSOC) {
4090 /*
4091 * After notifying the driver about the disassoc,
4092 * remove the ap sta.
4093 */
4094 sta_info_flush(sdata, -1);
4095 }
4096
4097 /* disassociated - set to defaults now */
4098 ieee80211_set_wmm_default(&sdata->deflink, false, false);
4099
4100 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
4101 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
4102 del_timer_sync(&sdata->u.mgd.timer);
4103
4104 sdata->vif.bss_conf.dtim_period = 0;
4105 sdata->vif.bss_conf.beacon_rate = NULL;
4106
4107 sdata->deflink.u.mgd.have_beacon = false;
4108 sdata->deflink.u.mgd.tracking_signal_avg = false;
4109 sdata->deflink.u.mgd.disable_wmm_tracking = false;
4110
4111 ifmgd->flags = 0;
4112
4113 for (link_id = 0; link_id < ARRAY_SIZE(sdata->link); link_id++) {
4114 struct ieee80211_link_data *link;
4115
4116 link = sdata_dereference(sdata->link[link_id], sdata);
4117 if (!link)
4118 continue;
4119 ieee80211_link_release_channel(link);
4120 }
4121
4122 sdata->vif.bss_conf.csa_active = false;
4123 sdata->deflink.u.mgd.csa.blocked_tx = false;
4124 sdata->deflink.u.mgd.csa.waiting_bcn = false;
4125 sdata->deflink.u.mgd.csa.ignored_same_chan = false;
4126 ieee80211_vif_unblock_queues_csa(sdata);
4127
4128 /* existing TX TSPEC sessions no longer exist */
4129 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec));
4130 wiphy_delayed_work_cancel(local->hw.wiphy, &ifmgd->tx_tspec_wk);
4131
4132 sdata->vif.bss_conf.power_type = IEEE80211_REG_UNSET_AP;
4133 sdata->vif.bss_conf.pwr_reduction = 0;
4134 ieee80211_clear_tpe(&sdata->vif.bss_conf.tpe);
4135
4136 sdata->vif.cfg.eml_cap = 0;
4137 sdata->vif.cfg.eml_med_sync_delay = 0;
4138 sdata->vif.cfg.mld_capa_op = 0;
4139
4140 memset(&sdata->u.mgd.ttlm_info, 0,
4141 sizeof(sdata->u.mgd.ttlm_info));
4142 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, &ifmgd->ttlm_work);
4143
4144 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
4145 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
4146 &ifmgd->neg_ttlm_timeout_work);
4147
4148 sdata->u.mgd.removed_links = 0;
4149 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
4150 &sdata->u.mgd.ml_reconf_work);
4151
4152 wiphy_work_cancel(sdata->local->hw.wiphy,
4153 &ifmgd->teardown_ttlm_work);
4154
4155 /* if disconnection happens in the middle of the ML reconfiguration
4156 * flow, cfg80211 must called to release the BSS references obtained
4157 * when the flow started.
4158 */
4159 ieee80211_ml_reconf_reset(sdata);
4160
4161 ieee80211_vif_set_links(sdata, 0, 0);
4162
4163 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO;
4164
4165 ifmgd->epcs.enabled = false;
4166 ifmgd->epcs.dialog_token = 0;
4167
4168 memset(ifmgd->userspace_selectors, 0,
4169 sizeof(ifmgd->userspace_selectors));
4170 }
4171
ieee80211_reset_ap_probe(struct ieee80211_sub_if_data * sdata)4172 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
4173 {
4174 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4175 struct ieee80211_local *local = sdata->local;
4176
4177 lockdep_assert_wiphy(local->hw.wiphy);
4178
4179 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
4180 return;
4181
4182 __ieee80211_stop_poll(sdata);
4183
4184 ieee80211_recalc_ps(local);
4185
4186 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
4187 return;
4188
4189 /*
4190 * We've received a probe response, but are not sure whether
4191 * we have or will be receiving any beacons or data, so let's
4192 * schedule the timers again, just in case.
4193 */
4194 ieee80211_sta_reset_beacon_monitor(sdata);
4195
4196 mod_timer(&ifmgd->conn_mon_timer,
4197 round_jiffies_up(jiffies +
4198 IEEE80211_CONNECTION_IDLE_TIME));
4199 }
4200
ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data * sdata,struct ieee80211_hdr * hdr,u16 tx_time)4201 static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata,
4202 struct ieee80211_hdr *hdr,
4203 u16 tx_time)
4204 {
4205 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4206 u16 tid;
4207 int ac;
4208 struct ieee80211_sta_tx_tspec *tx_tspec;
4209 unsigned long now = jiffies;
4210
4211 if (!ieee80211_is_data_qos(hdr->frame_control))
4212 return;
4213
4214 tid = ieee80211_get_tid(hdr);
4215 ac = ieee80211_ac_from_tid(tid);
4216 tx_tspec = &ifmgd->tx_tspec[ac];
4217
4218 if (likely(!tx_tspec->admitted_time))
4219 return;
4220
4221 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
4222 tx_tspec->consumed_tx_time = 0;
4223 tx_tspec->time_slice_start = now;
4224
4225 if (tx_tspec->downgraded) {
4226 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
4227 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
4228 &ifmgd->tx_tspec_wk, 0);
4229 }
4230 }
4231
4232 if (tx_tspec->downgraded)
4233 return;
4234
4235 tx_tspec->consumed_tx_time += tx_time;
4236
4237 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) {
4238 tx_tspec->downgraded = true;
4239 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE;
4240 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
4241 &ifmgd->tx_tspec_wk, 0);
4242 }
4243 }
4244
ieee80211_sta_tx_notify(struct ieee80211_sub_if_data * sdata,struct ieee80211_hdr * hdr,bool ack,u16 tx_time)4245 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
4246 struct ieee80211_hdr *hdr, bool ack, u16 tx_time)
4247 {
4248 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time);
4249
4250 if (!ieee80211_is_any_nullfunc(hdr->frame_control) ||
4251 !sdata->u.mgd.probe_send_count)
4252 return;
4253
4254 if (ack)
4255 sdata->u.mgd.probe_send_count = 0;
4256 else
4257 sdata->u.mgd.nullfunc_failed = true;
4258 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
4259 }
4260
ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data * sdata,const u8 * src,const u8 * dst,const u8 * ssid,size_t ssid_len,struct ieee80211_channel * channel)4261 static void ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data *sdata,
4262 const u8 *src, const u8 *dst,
4263 const u8 *ssid, size_t ssid_len,
4264 struct ieee80211_channel *channel)
4265 {
4266 struct sk_buff *skb;
4267
4268 skb = ieee80211_build_probe_req(sdata, src, dst, (u32)-1, channel,
4269 ssid, ssid_len, NULL, 0,
4270 IEEE80211_PROBE_FLAG_DIRECTED);
4271 if (skb)
4272 ieee80211_tx_skb(sdata, skb);
4273 }
4274
ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data * sdata)4275 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
4276 {
4277 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4278 u8 *dst = sdata->vif.cfg.ap_addr;
4279 u8 unicast_limit = max(1, max_probe_tries - 3);
4280 struct sta_info *sta;
4281
4282 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4283
4284 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif)))
4285 return;
4286
4287 /*
4288 * Try sending broadcast probe requests for the last three
4289 * probe requests after the first ones failed since some
4290 * buggy APs only support broadcast probe requests.
4291 */
4292 if (ifmgd->probe_send_count >= unicast_limit)
4293 dst = NULL;
4294
4295 /*
4296 * When the hardware reports an accurate Tx ACK status, it's
4297 * better to send a nullfunc frame instead of a probe request,
4298 * as it will kick us off the AP quickly if we aren't associated
4299 * anymore. The timeout will be reset if the frame is ACKed by
4300 * the AP.
4301 */
4302 ifmgd->probe_send_count++;
4303
4304 if (dst) {
4305 sta = sta_info_get(sdata, dst);
4306 if (!WARN_ON(!sta))
4307 ieee80211_check_fast_rx(sta);
4308 }
4309
4310 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
4311 ifmgd->nullfunc_failed = false;
4312 ieee80211_send_nullfunc(sdata->local, sdata, false);
4313 } else {
4314 ieee80211_mlme_send_probe_req(sdata, sdata->vif.addr, dst,
4315 sdata->vif.cfg.ssid,
4316 sdata->vif.cfg.ssid_len,
4317 sdata->deflink.conf->bss->channel);
4318 }
4319
4320 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
4321 run_again(sdata, ifmgd->probe_timeout);
4322 }
4323
ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data * sdata,bool beacon)4324 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
4325 bool beacon)
4326 {
4327 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4328 bool already = false;
4329
4330 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4331
4332 if (WARN_ON_ONCE(ieee80211_vif_is_mld(&sdata->vif)))
4333 return;
4334
4335 if (!ieee80211_sdata_running(sdata))
4336 return;
4337
4338 if (!ifmgd->associated)
4339 return;
4340
4341 if (sdata->local->tmp_channel || sdata->local->scanning)
4342 return;
4343
4344 if (sdata->local->suspending) {
4345 /* reschedule after resume */
4346 ieee80211_reset_ap_probe(sdata);
4347 return;
4348 }
4349
4350 if (beacon) {
4351 mlme_dbg_ratelimited(sdata,
4352 "detected beacon loss from AP (missed %d beacons) - probing\n",
4353 beacon_loss_count);
4354
4355 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL);
4356 }
4357
4358 /*
4359 * The driver/our work has already reported this event or the
4360 * connection monitoring has kicked in and we have already sent
4361 * a probe request. Or maybe the AP died and the driver keeps
4362 * reporting until we disassociate...
4363 *
4364 * In either case we have to ignore the current call to this
4365 * function (except for setting the correct probe reason bit)
4366 * because otherwise we would reset the timer every time and
4367 * never check whether we received a probe response!
4368 */
4369 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
4370 already = true;
4371
4372 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
4373
4374 if (already)
4375 return;
4376
4377 ieee80211_recalc_ps(sdata->local);
4378
4379 ifmgd->probe_send_count = 0;
4380 ieee80211_mgd_probe_ap_send(sdata);
4381 }
4382
ieee80211_ap_probereq_get(struct ieee80211_hw * hw,struct ieee80211_vif * vif)4383 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
4384 struct ieee80211_vif *vif)
4385 {
4386 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4387 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4388 struct cfg80211_bss *cbss;
4389 struct sk_buff *skb;
4390 const struct element *ssid;
4391 int ssid_len;
4392
4393 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4394
4395 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION ||
4396 ieee80211_vif_is_mld(&sdata->vif)))
4397 return NULL;
4398
4399 if (ifmgd->associated)
4400 cbss = sdata->deflink.conf->bss;
4401 else if (ifmgd->auth_data)
4402 cbss = ifmgd->auth_data->bss;
4403 else if (ifmgd->assoc_data && ifmgd->assoc_data->link[0].bss)
4404 cbss = ifmgd->assoc_data->link[0].bss;
4405 else
4406 return NULL;
4407
4408 rcu_read_lock();
4409 ssid = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID);
4410 if (WARN_ONCE(!ssid || ssid->datalen > IEEE80211_MAX_SSID_LEN,
4411 "invalid SSID element (len=%d)",
4412 ssid ? ssid->datalen : -1))
4413 ssid_len = 0;
4414 else
4415 ssid_len = ssid->datalen;
4416
4417 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid,
4418 (u32) -1, cbss->channel,
4419 ssid->data, ssid_len,
4420 NULL, 0, IEEE80211_PROBE_FLAG_DIRECTED);
4421 rcu_read_unlock();
4422
4423 return skb;
4424 }
4425 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
4426
ieee80211_report_disconnect(struct ieee80211_sub_if_data * sdata,const u8 * buf,size_t len,bool tx,u16 reason,bool reconnect)4427 static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
4428 const u8 *buf, size_t len, bool tx,
4429 u16 reason, bool reconnect)
4430 {
4431 struct ieee80211_event event = {
4432 .type = MLME_EVENT,
4433 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT,
4434 .u.mlme.reason = reason,
4435 };
4436
4437 if (tx)
4438 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len, reconnect);
4439 else
4440 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
4441
4442 drv_event_callback(sdata->local, sdata, &event);
4443 }
4444
__ieee80211_disconnect(struct ieee80211_sub_if_data * sdata)4445 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
4446 {
4447 struct ieee80211_local *local = sdata->local;
4448 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4449 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4450
4451 lockdep_assert_wiphy(local->hw.wiphy);
4452
4453 if (!ifmgd->associated)
4454 return;
4455
4456 if (!ifmgd->driver_disconnect) {
4457 unsigned int link_id;
4458
4459 /*
4460 * AP is probably out of range (or not reachable for another
4461 * reason) so remove the bss structs for that AP. In the case
4462 * of multi-link, it's not clear that all of them really are
4463 * out of range, but if they weren't the driver likely would
4464 * have switched to just have a single link active?
4465 */
4466 for (link_id = 0;
4467 link_id < ARRAY_SIZE(sdata->link);
4468 link_id++) {
4469 struct ieee80211_link_data *link;
4470
4471 link = sdata_dereference(sdata->link[link_id], sdata);
4472 if (!link || !link->conf->bss)
4473 continue;
4474 cfg80211_unlink_bss(local->hw.wiphy, link->conf->bss);
4475 link->conf->bss = NULL;
4476 }
4477 }
4478
4479 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4480 ifmgd->driver_disconnect ?
4481 WLAN_REASON_DEAUTH_LEAVING :
4482 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4483 true, frame_buf);
4484 /* the other links will be destroyed */
4485 sdata->vif.bss_conf.csa_active = false;
4486 sdata->deflink.u.mgd.csa.waiting_bcn = false;
4487 sdata->deflink.u.mgd.csa.blocked_tx = false;
4488 ieee80211_vif_unblock_queues_csa(sdata);
4489
4490 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
4491 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4492 ifmgd->reconnect);
4493 ifmgd->reconnect = false;
4494 }
4495
ieee80211_beacon_connection_loss_work(struct wiphy * wiphy,struct wiphy_work * work)4496 static void ieee80211_beacon_connection_loss_work(struct wiphy *wiphy,
4497 struct wiphy_work *work)
4498 {
4499 struct ieee80211_sub_if_data *sdata =
4500 container_of(work, struct ieee80211_sub_if_data,
4501 u.mgd.beacon_connection_loss_work);
4502 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4503
4504 if (ifmgd->connection_loss) {
4505 sdata_info(sdata, "Connection to AP %pM lost\n",
4506 sdata->vif.cfg.ap_addr);
4507 __ieee80211_disconnect(sdata);
4508 ifmgd->connection_loss = false;
4509 } else if (ifmgd->driver_disconnect) {
4510 sdata_info(sdata,
4511 "Driver requested disconnection from AP %pM\n",
4512 sdata->vif.cfg.ap_addr);
4513 __ieee80211_disconnect(sdata);
4514 ifmgd->driver_disconnect = false;
4515 } else {
4516 if (ifmgd->associated)
4517 sdata->deflink.u.mgd.beacon_loss_count++;
4518 ieee80211_mgd_probe_ap(sdata, true);
4519 }
4520 }
4521
ieee80211_csa_connection_drop_work(struct wiphy * wiphy,struct wiphy_work * work)4522 static void ieee80211_csa_connection_drop_work(struct wiphy *wiphy,
4523 struct wiphy_work *work)
4524 {
4525 struct ieee80211_sub_if_data *sdata =
4526 container_of(work, struct ieee80211_sub_if_data,
4527 u.mgd.csa_connection_drop_work);
4528
4529 __ieee80211_disconnect(sdata);
4530 }
4531
ieee80211_beacon_loss(struct ieee80211_vif * vif)4532 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
4533 {
4534 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4535 struct ieee80211_hw *hw = &sdata->local->hw;
4536
4537 trace_api_beacon_loss(sdata);
4538
4539 sdata->u.mgd.connection_loss = false;
4540 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
4541 }
4542 EXPORT_SYMBOL(ieee80211_beacon_loss);
4543
ieee80211_connection_loss(struct ieee80211_vif * vif)4544 void ieee80211_connection_loss(struct ieee80211_vif *vif)
4545 {
4546 struct ieee80211_sub_if_data *sdata;
4547 struct ieee80211_hw *hw;
4548
4549 KUNIT_STATIC_STUB_REDIRECT(ieee80211_connection_loss, vif);
4550
4551 sdata = vif_to_sdata(vif);
4552 hw = &sdata->local->hw;
4553
4554 trace_api_connection_loss(sdata);
4555
4556 sdata->u.mgd.connection_loss = true;
4557 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
4558 }
4559 EXPORT_SYMBOL(ieee80211_connection_loss);
4560
ieee80211_disconnect(struct ieee80211_vif * vif,bool reconnect)4561 void ieee80211_disconnect(struct ieee80211_vif *vif, bool reconnect)
4562 {
4563 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4564 struct ieee80211_hw *hw = &sdata->local->hw;
4565
4566 trace_api_disconnect(sdata, reconnect);
4567
4568 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
4569 return;
4570
4571 sdata->u.mgd.driver_disconnect = true;
4572 sdata->u.mgd.reconnect = reconnect;
4573 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
4574 }
4575 EXPORT_SYMBOL(ieee80211_disconnect);
4576
ieee80211_destroy_auth_data(struct ieee80211_sub_if_data * sdata,bool assoc)4577 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
4578 bool assoc)
4579 {
4580 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
4581
4582 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4583
4584 sdata->u.mgd.auth_data = NULL;
4585
4586 if (!assoc) {
4587 /*
4588 * we are not authenticated yet, the only timer that could be
4589 * running is the timeout for the authentication response which
4590 * which is not relevant anymore.
4591 */
4592 del_timer_sync(&sdata->u.mgd.timer);
4593 sta_info_destroy_addr(sdata, auth_data->ap_addr);
4594
4595 /* other links are destroyed */
4596 eth_zero_addr(sdata->deflink.u.mgd.bssid);
4597 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
4598 BSS_CHANGED_BSSID);
4599 sdata->u.mgd.flags = 0;
4600
4601 ieee80211_link_release_channel(&sdata->deflink);
4602 ieee80211_vif_set_links(sdata, 0, 0);
4603 }
4604
4605 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
4606 kfree(auth_data);
4607 }
4608
4609 enum assoc_status {
4610 ASSOC_SUCCESS,
4611 ASSOC_REJECTED,
4612 ASSOC_TIMEOUT,
4613 ASSOC_ABANDON,
4614 };
4615
ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data * sdata,enum assoc_status status)4616 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
4617 enum assoc_status status)
4618 {
4619 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
4620
4621 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4622
4623 sdata->u.mgd.assoc_data = NULL;
4624
4625 if (status != ASSOC_SUCCESS) {
4626 /*
4627 * we are not associated yet, the only timer that could be
4628 * running is the timeout for the association response which
4629 * which is not relevant anymore.
4630 */
4631 del_timer_sync(&sdata->u.mgd.timer);
4632 sta_info_destroy_addr(sdata, assoc_data->ap_addr);
4633
4634 eth_zero_addr(sdata->deflink.u.mgd.bssid);
4635 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
4636 BSS_CHANGED_BSSID);
4637 sdata->u.mgd.flags = 0;
4638 sdata->vif.bss_conf.mu_mimo_owner = false;
4639
4640 if (status != ASSOC_REJECTED) {
4641 struct cfg80211_assoc_failure data = {
4642 .timeout = status == ASSOC_TIMEOUT,
4643 };
4644 int i;
4645
4646 BUILD_BUG_ON(ARRAY_SIZE(data.bss) !=
4647 ARRAY_SIZE(assoc_data->link));
4648
4649 for (i = 0; i < ARRAY_SIZE(data.bss); i++)
4650 data.bss[i] = assoc_data->link[i].bss;
4651
4652 if (ieee80211_vif_is_mld(&sdata->vif))
4653 data.ap_mld_addr = assoc_data->ap_addr;
4654
4655 cfg80211_assoc_failure(sdata->dev, &data);
4656 }
4657
4658 ieee80211_link_release_channel(&sdata->deflink);
4659 ieee80211_vif_set_links(sdata, 0, 0);
4660 }
4661
4662 kfree(assoc_data);
4663 }
4664
ieee80211_auth_challenge(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)4665 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
4666 struct ieee80211_mgmt *mgmt, size_t len)
4667 {
4668 struct ieee80211_local *local = sdata->local;
4669 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
4670 const struct element *challenge;
4671 u8 *pos;
4672 u32 tx_flags = 0;
4673 struct ieee80211_prep_tx_info info = {
4674 .subtype = IEEE80211_STYPE_AUTH,
4675 .link_id = auth_data->link_id,
4676 };
4677
4678 pos = mgmt->u.auth.variable;
4679 challenge = cfg80211_find_elem(WLAN_EID_CHALLENGE, pos,
4680 len - (pos - (u8 *)mgmt));
4681 if (!challenge)
4682 return;
4683 auth_data->expected_transaction = 4;
4684 drv_mgd_prepare_tx(sdata->local, sdata, &info);
4685 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4686 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
4687 IEEE80211_TX_INTFL_MLME_CONN_TX;
4688 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
4689 (void *)challenge,
4690 challenge->datalen + sizeof(*challenge),
4691 auth_data->ap_addr, auth_data->ap_addr,
4692 auth_data->key, auth_data->key_len,
4693 auth_data->key_idx, tx_flags);
4694 }
4695
ieee80211_mark_sta_auth(struct ieee80211_sub_if_data * sdata)4696 static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata)
4697 {
4698 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4699 const u8 *ap_addr = ifmgd->auth_data->ap_addr;
4700 struct sta_info *sta;
4701
4702 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4703
4704 sdata_info(sdata, "authenticated\n");
4705 ifmgd->auth_data->done = true;
4706 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
4707 ifmgd->auth_data->timeout_started = true;
4708 run_again(sdata, ifmgd->auth_data->timeout);
4709
4710 /* move station state to auth */
4711 sta = sta_info_get(sdata, ap_addr);
4712 if (!sta) {
4713 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, ap_addr);
4714 return false;
4715 }
4716 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
4717 sdata_info(sdata, "failed moving %pM to auth\n", ap_addr);
4718 return false;
4719 }
4720
4721 return true;
4722 }
4723
ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)4724 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
4725 struct ieee80211_mgmt *mgmt, size_t len)
4726 {
4727 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4728 u16 auth_alg, auth_transaction, status_code;
4729 struct ieee80211_event event = {
4730 .type = MLME_EVENT,
4731 .u.mlme.data = AUTH_EVENT,
4732 };
4733 struct ieee80211_prep_tx_info info = {
4734 .subtype = IEEE80211_STYPE_AUTH,
4735 };
4736
4737 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4738
4739 if (len < 24 + 6)
4740 return;
4741
4742 if (!ifmgd->auth_data || ifmgd->auth_data->done)
4743 return;
4744
4745 if (!ether_addr_equal(ifmgd->auth_data->ap_addr, mgmt->bssid))
4746 return;
4747
4748 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
4749 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
4750 status_code = le16_to_cpu(mgmt->u.auth.status_code);
4751
4752 info.link_id = ifmgd->auth_data->link_id;
4753
4754 if (auth_alg != ifmgd->auth_data->algorithm ||
4755 (auth_alg != WLAN_AUTH_SAE &&
4756 auth_transaction != ifmgd->auth_data->expected_transaction) ||
4757 (auth_alg == WLAN_AUTH_SAE &&
4758 (auth_transaction < ifmgd->auth_data->expected_transaction ||
4759 auth_transaction > 2))) {
4760 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
4761 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
4762 auth_transaction,
4763 ifmgd->auth_data->expected_transaction);
4764 goto notify_driver;
4765 }
4766
4767 if (status_code != WLAN_STATUS_SUCCESS) {
4768 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
4769
4770 if (auth_alg == WLAN_AUTH_SAE &&
4771 (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED ||
4772 (auth_transaction == 1 &&
4773 (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
4774 status_code == WLAN_STATUS_SAE_PK)))) {
4775 /* waiting for userspace now */
4776 ifmgd->auth_data->waiting = true;
4777 ifmgd->auth_data->timeout =
4778 jiffies + IEEE80211_AUTH_WAIT_SAE_RETRY;
4779 ifmgd->auth_data->timeout_started = true;
4780 run_again(sdata, ifmgd->auth_data->timeout);
4781 goto notify_driver;
4782 }
4783
4784 sdata_info(sdata, "%pM denied authentication (status %d)\n",
4785 mgmt->sa, status_code);
4786 ieee80211_destroy_auth_data(sdata, false);
4787 event.u.mlme.status = MLME_DENIED;
4788 event.u.mlme.reason = status_code;
4789 drv_event_callback(sdata->local, sdata, &event);
4790 goto notify_driver;
4791 }
4792
4793 switch (ifmgd->auth_data->algorithm) {
4794 case WLAN_AUTH_OPEN:
4795 case WLAN_AUTH_LEAP:
4796 case WLAN_AUTH_FT:
4797 case WLAN_AUTH_SAE:
4798 case WLAN_AUTH_FILS_SK:
4799 case WLAN_AUTH_FILS_SK_PFS:
4800 case WLAN_AUTH_FILS_PK:
4801 break;
4802 case WLAN_AUTH_SHARED_KEY:
4803 if (ifmgd->auth_data->expected_transaction != 4) {
4804 ieee80211_auth_challenge(sdata, mgmt, len);
4805 /* need another frame */
4806 return;
4807 }
4808 break;
4809 default:
4810 WARN_ONCE(1, "invalid auth alg %d",
4811 ifmgd->auth_data->algorithm);
4812 goto notify_driver;
4813 }
4814
4815 event.u.mlme.status = MLME_SUCCESS;
4816 info.success = 1;
4817 drv_event_callback(sdata->local, sdata, &event);
4818 if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE ||
4819 (auth_transaction == 2 &&
4820 ifmgd->auth_data->expected_transaction == 2)) {
4821 if (!ieee80211_mark_sta_auth(sdata))
4822 return; /* ignore frame -- wait for timeout */
4823 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
4824 auth_transaction == 2) {
4825 sdata_info(sdata, "SAE peer confirmed\n");
4826 ifmgd->auth_data->peer_confirmed = true;
4827 }
4828
4829 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
4830 notify_driver:
4831 drv_mgd_complete_tx(sdata->local, sdata, &info);
4832 }
4833
4834 #define case_WLAN(type) \
4835 case WLAN_REASON_##type: return #type
4836
ieee80211_get_reason_code_string(u16 reason_code)4837 const char *ieee80211_get_reason_code_string(u16 reason_code)
4838 {
4839 switch (reason_code) {
4840 case_WLAN(UNSPECIFIED);
4841 case_WLAN(PREV_AUTH_NOT_VALID);
4842 case_WLAN(DEAUTH_LEAVING);
4843 case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
4844 case_WLAN(DISASSOC_AP_BUSY);
4845 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
4846 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
4847 case_WLAN(DISASSOC_STA_HAS_LEFT);
4848 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
4849 case_WLAN(DISASSOC_BAD_POWER);
4850 case_WLAN(DISASSOC_BAD_SUPP_CHAN);
4851 case_WLAN(INVALID_IE);
4852 case_WLAN(MIC_FAILURE);
4853 case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
4854 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
4855 case_WLAN(IE_DIFFERENT);
4856 case_WLAN(INVALID_GROUP_CIPHER);
4857 case_WLAN(INVALID_PAIRWISE_CIPHER);
4858 case_WLAN(INVALID_AKMP);
4859 case_WLAN(UNSUPP_RSN_VERSION);
4860 case_WLAN(INVALID_RSN_IE_CAP);
4861 case_WLAN(IEEE8021X_FAILED);
4862 case_WLAN(CIPHER_SUITE_REJECTED);
4863 case_WLAN(DISASSOC_UNSPECIFIED_QOS);
4864 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
4865 case_WLAN(DISASSOC_LOW_ACK);
4866 case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
4867 case_WLAN(QSTA_LEAVE_QBSS);
4868 case_WLAN(QSTA_NOT_USE);
4869 case_WLAN(QSTA_REQUIRE_SETUP);
4870 case_WLAN(QSTA_TIMEOUT);
4871 case_WLAN(QSTA_CIPHER_NOT_SUPP);
4872 case_WLAN(MESH_PEER_CANCELED);
4873 case_WLAN(MESH_MAX_PEERS);
4874 case_WLAN(MESH_CONFIG);
4875 case_WLAN(MESH_CLOSE);
4876 case_WLAN(MESH_MAX_RETRIES);
4877 case_WLAN(MESH_CONFIRM_TIMEOUT);
4878 case_WLAN(MESH_INVALID_GTK);
4879 case_WLAN(MESH_INCONSISTENT_PARAM);
4880 case_WLAN(MESH_INVALID_SECURITY);
4881 case_WLAN(MESH_PATH_ERROR);
4882 case_WLAN(MESH_PATH_NOFORWARD);
4883 case_WLAN(MESH_PATH_DEST_UNREACHABLE);
4884 case_WLAN(MAC_EXISTS_IN_MBSS);
4885 case_WLAN(MESH_CHAN_REGULATORY);
4886 case_WLAN(MESH_CHAN);
4887 default: return "<unknown>";
4888 }
4889 }
4890
ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)4891 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
4892 struct ieee80211_mgmt *mgmt, size_t len)
4893 {
4894 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4895 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
4896
4897 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4898
4899 if (len < 24 + 2)
4900 return;
4901
4902 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
4903 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
4904 return;
4905 }
4906
4907 if (ifmgd->associated &&
4908 ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)) {
4909 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
4910 sdata->vif.cfg.ap_addr, reason_code,
4911 ieee80211_get_reason_code_string(reason_code));
4912
4913 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
4914
4915 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
4916 reason_code, false);
4917 return;
4918 }
4919
4920 if (ifmgd->assoc_data &&
4921 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->ap_addr)) {
4922 sdata_info(sdata,
4923 "deauthenticated from %pM while associating (Reason: %u=%s)\n",
4924 ifmgd->assoc_data->ap_addr, reason_code,
4925 ieee80211_get_reason_code_string(reason_code));
4926
4927 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
4928
4929 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
4930 return;
4931 }
4932 }
4933
4934
ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)4935 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
4936 struct ieee80211_mgmt *mgmt, size_t len)
4937 {
4938 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4939 u16 reason_code;
4940
4941 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4942
4943 if (len < 24 + 2)
4944 return;
4945
4946 if (!ifmgd->associated ||
4947 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr))
4948 return;
4949
4950 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
4951
4952 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
4953 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
4954 return;
4955 }
4956
4957 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
4958 sdata->vif.cfg.ap_addr, reason_code,
4959 ieee80211_get_reason_code_string(reason_code));
4960
4961 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
4962
4963 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code,
4964 false);
4965 }
4966
ieee80211_twt_req_supported(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct link_sta_info * link_sta,const struct ieee802_11_elems * elems)4967 static bool ieee80211_twt_req_supported(struct ieee80211_sub_if_data *sdata,
4968 struct ieee80211_supported_band *sband,
4969 const struct link_sta_info *link_sta,
4970 const struct ieee802_11_elems *elems)
4971 {
4972 const struct ieee80211_sta_he_cap *own_he_cap =
4973 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
4974
4975 if (elems->ext_capab_len < 10)
4976 return false;
4977
4978 if (!(elems->ext_capab[9] & WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT))
4979 return false;
4980
4981 return link_sta->pub->he_cap.he_cap_elem.mac_cap_info[0] &
4982 IEEE80211_HE_MAC_CAP0_TWT_RES &&
4983 own_he_cap &&
4984 (own_he_cap->he_cap_elem.mac_cap_info[0] &
4985 IEEE80211_HE_MAC_CAP0_TWT_REQ);
4986 }
4987
ieee80211_recalc_twt_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct ieee80211_link_data * link,struct link_sta_info * link_sta,struct ieee802_11_elems * elems)4988 static u64 ieee80211_recalc_twt_req(struct ieee80211_sub_if_data *sdata,
4989 struct ieee80211_supported_band *sband,
4990 struct ieee80211_link_data *link,
4991 struct link_sta_info *link_sta,
4992 struct ieee802_11_elems *elems)
4993 {
4994 bool twt = ieee80211_twt_req_supported(sdata, sband, link_sta, elems);
4995
4996 if (link->conf->twt_requester != twt) {
4997 link->conf->twt_requester = twt;
4998 return BSS_CHANGED_TWT;
4999 }
5000 return 0;
5001 }
5002
ieee80211_twt_bcast_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_bss_conf * bss_conf,struct ieee80211_supported_band * sband,struct link_sta_info * link_sta)5003 static bool ieee80211_twt_bcast_support(struct ieee80211_sub_if_data *sdata,
5004 struct ieee80211_bss_conf *bss_conf,
5005 struct ieee80211_supported_band *sband,
5006 struct link_sta_info *link_sta)
5007 {
5008 const struct ieee80211_sta_he_cap *own_he_cap =
5009 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
5010
5011 return bss_conf->he_support &&
5012 (link_sta->pub->he_cap.he_cap_elem.mac_cap_info[2] &
5013 IEEE80211_HE_MAC_CAP2_BCAST_TWT) &&
5014 own_he_cap &&
5015 (own_he_cap->he_cap_elem.mac_cap_info[2] &
5016 IEEE80211_HE_MAC_CAP2_BCAST_TWT);
5017 }
5018
ieee80211_epcs_changed(struct ieee80211_sub_if_data * sdata,bool enabled)5019 static void ieee80211_epcs_changed(struct ieee80211_sub_if_data *sdata,
5020 bool enabled)
5021 {
5022 /* in any case this is called, dialog token should be reset */
5023 sdata->u.mgd.epcs.dialog_token = 0;
5024
5025 if (sdata->u.mgd.epcs.enabled == enabled)
5026 return;
5027
5028 sdata->u.mgd.epcs.enabled = enabled;
5029 cfg80211_epcs_changed(sdata->dev, enabled);
5030 }
5031
ieee80211_epcs_teardown(struct ieee80211_sub_if_data * sdata)5032 static void ieee80211_epcs_teardown(struct ieee80211_sub_if_data *sdata)
5033 {
5034 struct ieee80211_local *local = sdata->local;
5035 u8 link_id;
5036
5037 if (!sdata->u.mgd.epcs.enabled)
5038 return;
5039
5040 lockdep_assert_wiphy(local->hw.wiphy);
5041
5042 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
5043 struct ieee802_11_elems *elems;
5044 struct ieee80211_link_data *link;
5045 const struct cfg80211_bss_ies *ies;
5046 bool ret;
5047
5048 rcu_read_lock();
5049
5050 link = sdata_dereference(sdata->link[link_id], sdata);
5051 if (!link || !link->conf || !link->conf->bss) {
5052 rcu_read_unlock();
5053 continue;
5054 }
5055
5056 if (link->u.mgd.disable_wmm_tracking) {
5057 rcu_read_unlock();
5058 ieee80211_set_wmm_default(link, false, false);
5059 continue;
5060 }
5061
5062 ies = rcu_dereference(link->conf->bss->beacon_ies);
5063 if (!ies) {
5064 rcu_read_unlock();
5065 ieee80211_set_wmm_default(link, false, false);
5066 continue;
5067 }
5068
5069 elems = ieee802_11_parse_elems(ies->data, ies->len, false,
5070 NULL);
5071 if (!elems) {
5072 rcu_read_unlock();
5073 ieee80211_set_wmm_default(link, false, false);
5074 continue;
5075 }
5076
5077 ret = _ieee80211_sta_wmm_params(local, link,
5078 elems->wmm_param,
5079 elems->wmm_param_len,
5080 elems->mu_edca_param_set);
5081
5082 kfree(elems);
5083 rcu_read_unlock();
5084
5085 if (!ret) {
5086 ieee80211_set_wmm_default(link, false, false);
5087 continue;
5088 }
5089
5090 ieee80211_mgd_set_link_qos_params(link);
5091 ieee80211_link_info_change_notify(sdata, link, BSS_CHANGED_QOS);
5092 }
5093 }
5094
ieee80211_assoc_config_link(struct ieee80211_link_data * link,struct link_sta_info * link_sta,struct cfg80211_bss * cbss,struct ieee80211_mgmt * mgmt,const u8 * elem_start,unsigned int elem_len,u64 * changed)5095 static bool ieee80211_assoc_config_link(struct ieee80211_link_data *link,
5096 struct link_sta_info *link_sta,
5097 struct cfg80211_bss *cbss,
5098 struct ieee80211_mgmt *mgmt,
5099 const u8 *elem_start,
5100 unsigned int elem_len,
5101 u64 *changed)
5102 {
5103 struct ieee80211_sub_if_data *sdata = link->sdata;
5104 struct ieee80211_mgd_assoc_data *assoc_data =
5105 sdata->u.mgd.assoc_data ?: sdata->u.mgd.reconf.add_links_data;
5106 struct ieee80211_bss_conf *bss_conf = link->conf;
5107 struct ieee80211_local *local = sdata->local;
5108 unsigned int link_id = link->link_id;
5109 struct ieee80211_elems_parse_params parse_params = {
5110 .mode = link->u.mgd.conn.mode,
5111 .start = elem_start,
5112 .len = elem_len,
5113 .link_id = link_id == assoc_data->assoc_link_id ? -1 : link_id,
5114 .from_ap = true,
5115 };
5116 bool is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ;
5117 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
5118 bool is_s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
5119 const struct cfg80211_bss_ies *bss_ies = NULL;
5120 struct ieee80211_supported_band *sband;
5121 struct ieee802_11_elems *elems;
5122 const __le16 prof_bss_param_ch_present =
5123 cpu_to_le16(IEEE80211_MLE_STA_CONTROL_BSS_PARAM_CHANGE_CNT_PRESENT);
5124 u16 capab_info;
5125 bool ret;
5126
5127 elems = ieee802_11_parse_elems_full(&parse_params);
5128 if (!elems)
5129 return false;
5130
5131 if (link_id == assoc_data->assoc_link_id) {
5132 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
5133
5134 /*
5135 * we should not get to this flow unless the association was
5136 * successful, so set the status directly to success
5137 */
5138 assoc_data->link[link_id].status = WLAN_STATUS_SUCCESS;
5139 if (elems->ml_basic) {
5140 int bss_param_ch_cnt =
5141 ieee80211_mle_get_bss_param_ch_cnt((const void *)elems->ml_basic);
5142
5143 if (bss_param_ch_cnt < 0) {
5144 ret = false;
5145 goto out;
5146 }
5147 bss_conf->bss_param_ch_cnt = bss_param_ch_cnt;
5148 bss_conf->bss_param_ch_cnt_link_id = link_id;
5149 }
5150 } else if (elems->parse_error & IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC ||
5151 !elems->prof ||
5152 !(elems->prof->control & prof_bss_param_ch_present)) {
5153 ret = false;
5154 goto out;
5155 } else {
5156 const u8 *ptr = elems->prof->variable +
5157 elems->prof->sta_info_len - 1;
5158 int bss_param_ch_cnt;
5159
5160 /*
5161 * During parsing, we validated that these fields exist,
5162 * otherwise elems->prof would have been set to NULL.
5163 */
5164 capab_info = get_unaligned_le16(ptr);
5165 assoc_data->link[link_id].status = get_unaligned_le16(ptr + 2);
5166 bss_param_ch_cnt =
5167 ieee80211_mle_basic_sta_prof_bss_param_ch_cnt(elems->prof);
5168 bss_conf->bss_param_ch_cnt = bss_param_ch_cnt;
5169 bss_conf->bss_param_ch_cnt_link_id = link_id;
5170
5171 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) {
5172 link_info(link, "association response status code=%u\n",
5173 assoc_data->link[link_id].status);
5174 ret = true;
5175 goto out;
5176 }
5177 }
5178
5179 if (!is_s1g && !elems->supp_rates) {
5180 sdata_info(sdata, "no SuppRates element in AssocResp\n");
5181 ret = false;
5182 goto out;
5183 }
5184
5185 link->u.mgd.tdls_chan_switch_prohibited =
5186 elems->ext_capab && elems->ext_capab_len >= 5 &&
5187 (elems->ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED);
5188
5189 /*
5190 * Some APs are erroneously not including some information in their
5191 * (re)association response frames. Try to recover by using the data
5192 * from the beacon or probe response. This seems to afflict mobile
5193 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
5194 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
5195 */
5196 if (!ieee80211_hw_check(&local->hw, STRICT) && !is_6ghz &&
5197 ((assoc_data->wmm && !elems->wmm_param) ||
5198 (link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT &&
5199 (!elems->ht_cap_elem || !elems->ht_operation)) ||
5200 (is_5ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT &&
5201 (!elems->vht_cap_elem || !elems->vht_operation)))) {
5202 const struct cfg80211_bss_ies *ies;
5203 struct ieee802_11_elems *bss_elems;
5204
5205 rcu_read_lock();
5206 ies = rcu_dereference(cbss->ies);
5207 if (ies)
5208 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
5209 GFP_ATOMIC);
5210 rcu_read_unlock();
5211 if (!bss_ies) {
5212 ret = false;
5213 goto out;
5214 }
5215
5216 parse_params.start = bss_ies->data;
5217 parse_params.len = bss_ies->len;
5218 parse_params.bss = cbss;
5219 parse_params.link_id = -1;
5220 bss_elems = ieee802_11_parse_elems_full(&parse_params);
5221 if (!bss_elems) {
5222 ret = false;
5223 goto out;
5224 }
5225
5226 if (assoc_data->wmm &&
5227 !elems->wmm_param && bss_elems->wmm_param) {
5228 elems->wmm_param = bss_elems->wmm_param;
5229 sdata_info(sdata,
5230 "AP bug: WMM param missing from AssocResp\n");
5231 }
5232
5233 /*
5234 * Also check if we requested HT/VHT, otherwise the AP doesn't
5235 * have to include the IEs in the (re)association response.
5236 */
5237 if (!elems->ht_cap_elem && bss_elems->ht_cap_elem &&
5238 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) {
5239 elems->ht_cap_elem = bss_elems->ht_cap_elem;
5240 sdata_info(sdata,
5241 "AP bug: HT capability missing from AssocResp\n");
5242 }
5243 if (!elems->ht_operation && bss_elems->ht_operation &&
5244 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) {
5245 elems->ht_operation = bss_elems->ht_operation;
5246 sdata_info(sdata,
5247 "AP bug: HT operation missing from AssocResp\n");
5248 }
5249
5250 if (is_5ghz) {
5251 if (!elems->vht_cap_elem && bss_elems->vht_cap_elem &&
5252 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
5253 elems->vht_cap_elem = bss_elems->vht_cap_elem;
5254 sdata_info(sdata,
5255 "AP bug: VHT capa missing from AssocResp\n");
5256 }
5257
5258 if (!elems->vht_operation && bss_elems->vht_operation &&
5259 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
5260 elems->vht_operation = bss_elems->vht_operation;
5261 sdata_info(sdata,
5262 "AP bug: VHT operation missing from AssocResp\n");
5263 }
5264 }
5265 kfree(bss_elems);
5266 }
5267
5268 /*
5269 * We previously checked these in the beacon/probe response, so
5270 * they should be present here. This is just a safety net.
5271 * Note that the ieee80211_config_bw() below would also check
5272 * for this (and more), but this has better error reporting.
5273 */
5274 if (!is_6ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT &&
5275 (!elems->wmm_param || !elems->ht_cap_elem || !elems->ht_operation)) {
5276 sdata_info(sdata,
5277 "HT AP is missing WMM params or HT capability/operation\n");
5278 ret = false;
5279 goto out;
5280 }
5281
5282 if (is_5ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT &&
5283 (!elems->vht_cap_elem || !elems->vht_operation)) {
5284 sdata_info(sdata,
5285 "VHT AP is missing VHT capability/operation\n");
5286 ret = false;
5287 goto out;
5288 }
5289
5290 /* check/update if AP changed anything in assoc response vs. scan */
5291 if (ieee80211_config_bw(link, elems,
5292 link_id == assoc_data->assoc_link_id,
5293 changed, "assoc response")) {
5294 ret = false;
5295 goto out;
5296 }
5297
5298 if (WARN_ON(!link->conf->chanreq.oper.chan)) {
5299 ret = false;
5300 goto out;
5301 }
5302 sband = local->hw.wiphy->bands[link->conf->chanreq.oper.chan->band];
5303
5304 /* Set up internal HT/VHT capabilities */
5305 if (elems->ht_cap_elem && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT)
5306 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
5307 elems->ht_cap_elem,
5308 link_sta);
5309
5310 if (elems->vht_cap_elem &&
5311 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
5312 const struct ieee80211_vht_cap *bss_vht_cap = NULL;
5313 const struct cfg80211_bss_ies *ies;
5314
5315 /*
5316 * Cisco AP module 9115 with FW 17.3 has a bug and sends a
5317 * too large maximum MPDU length in the association response
5318 * (indicating 12k) that it cannot actually process ...
5319 * Work around that.
5320 */
5321 rcu_read_lock();
5322 ies = rcu_dereference(cbss->ies);
5323 if (ies) {
5324 const struct element *elem;
5325
5326 elem = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY,
5327 ies->data, ies->len);
5328 if (elem && elem->datalen >= sizeof(*bss_vht_cap))
5329 bss_vht_cap = (const void *)elem->data;
5330 }
5331
5332 if (ieee80211_hw_check(&local->hw, STRICT) &&
5333 (!bss_vht_cap || memcmp(bss_vht_cap, elems->vht_cap_elem,
5334 sizeof(*bss_vht_cap)))) {
5335 rcu_read_unlock();
5336 ret = false;
5337 link_info(link, "VHT capabilities mismatch\n");
5338 goto out;
5339 }
5340
5341 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
5342 elems->vht_cap_elem,
5343 bss_vht_cap, link_sta);
5344 rcu_read_unlock();
5345 }
5346
5347 if (elems->he_operation &&
5348 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE &&
5349 elems->he_cap) {
5350 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband,
5351 elems->he_cap,
5352 elems->he_cap_len,
5353 elems->he_6ghz_capa,
5354 link_sta);
5355
5356 bss_conf->he_support = link_sta->pub->he_cap.has_he;
5357 if (elems->rsnx && elems->rsnx_len &&
5358 (elems->rsnx[0] & WLAN_RSNX_CAPA_PROTECTED_TWT) &&
5359 wiphy_ext_feature_isset(local->hw.wiphy,
5360 NL80211_EXT_FEATURE_PROTECTED_TWT))
5361 bss_conf->twt_protected = true;
5362 else
5363 bss_conf->twt_protected = false;
5364
5365 *changed |= ieee80211_recalc_twt_req(sdata, sband, link,
5366 link_sta, elems);
5367
5368 if (elems->eht_operation && elems->eht_cap &&
5369 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_EHT) {
5370 ieee80211_eht_cap_ie_to_sta_eht_cap(sdata, sband,
5371 elems->he_cap,
5372 elems->he_cap_len,
5373 elems->eht_cap,
5374 elems->eht_cap_len,
5375 link_sta);
5376
5377 bss_conf->eht_support = link_sta->pub->eht_cap.has_eht;
5378 bss_conf->epcs_support = bss_conf->eht_support &&
5379 !!(elems->eht_cap->fixed.mac_cap_info[0] &
5380 IEEE80211_EHT_MAC_CAP0_EPCS_PRIO_ACCESS);
5381
5382 /* EPCS might be already enabled but a new added link
5383 * does not support EPCS. This should not really happen
5384 * in practice.
5385 */
5386 if (sdata->u.mgd.epcs.enabled &&
5387 !bss_conf->epcs_support)
5388 ieee80211_epcs_teardown(sdata);
5389 } else {
5390 bss_conf->eht_support = false;
5391 bss_conf->epcs_support = false;
5392 }
5393 } else {
5394 bss_conf->he_support = false;
5395 bss_conf->twt_requester = false;
5396 bss_conf->twt_protected = false;
5397 bss_conf->eht_support = false;
5398 bss_conf->epcs_support = false;
5399 }
5400
5401 bss_conf->twt_broadcast =
5402 ieee80211_twt_bcast_support(sdata, bss_conf, sband, link_sta);
5403
5404 if (bss_conf->he_support) {
5405 bss_conf->he_bss_color.color =
5406 le32_get_bits(elems->he_operation->he_oper_params,
5407 IEEE80211_HE_OPERATION_BSS_COLOR_MASK);
5408 bss_conf->he_bss_color.partial =
5409 le32_get_bits(elems->he_operation->he_oper_params,
5410 IEEE80211_HE_OPERATION_PARTIAL_BSS_COLOR);
5411 bss_conf->he_bss_color.enabled =
5412 !le32_get_bits(elems->he_operation->he_oper_params,
5413 IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED);
5414
5415 if (bss_conf->he_bss_color.enabled)
5416 *changed |= BSS_CHANGED_HE_BSS_COLOR;
5417
5418 bss_conf->htc_trig_based_pkt_ext =
5419 le32_get_bits(elems->he_operation->he_oper_params,
5420 IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK);
5421 bss_conf->frame_time_rts_th =
5422 le32_get_bits(elems->he_operation->he_oper_params,
5423 IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
5424
5425 bss_conf->uora_exists = !!elems->uora_element;
5426 if (elems->uora_element)
5427 bss_conf->uora_ocw_range = elems->uora_element[0];
5428
5429 ieee80211_he_op_ie_to_bss_conf(&sdata->vif, elems->he_operation);
5430 ieee80211_he_spr_ie_to_bss_conf(&sdata->vif, elems->he_spr);
5431 /* TODO: OPEN: what happens if BSS color disable is set? */
5432 }
5433
5434 if (cbss->transmitted_bss) {
5435 bss_conf->nontransmitted = true;
5436 ether_addr_copy(bss_conf->transmitter_bssid,
5437 cbss->transmitted_bss->bssid);
5438 bss_conf->bssid_indicator = cbss->max_bssid_indicator;
5439 bss_conf->bssid_index = cbss->bssid_index;
5440 }
5441
5442 /*
5443 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
5444 * in their association response, so ignore that data for our own
5445 * configuration. If it changed since the last beacon, we'll get the
5446 * next beacon and update then.
5447 */
5448
5449 /*
5450 * If an operating mode notification IE is present, override the
5451 * NSS calculation (that would be done in rate_control_rate_init())
5452 * and use the # of streams from that element.
5453 */
5454 if (elems->opmode_notif &&
5455 !(*elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
5456 u8 nss;
5457
5458 nss = *elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
5459 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
5460 nss += 1;
5461 link_sta->pub->rx_nss = nss;
5462 }
5463
5464 /*
5465 * Always handle WMM once after association regardless
5466 * of the first value the AP uses. Setting -1 here has
5467 * that effect because the AP values is an unsigned
5468 * 4-bit value.
5469 */
5470 link->u.mgd.wmm_last_param_set = -1;
5471 link->u.mgd.mu_edca_last_param_set = -1;
5472
5473 if (link->u.mgd.disable_wmm_tracking) {
5474 ieee80211_set_wmm_default(link, false, false);
5475 } else if (!ieee80211_sta_wmm_params(local, link, elems->wmm_param,
5476 elems->wmm_param_len,
5477 elems->mu_edca_param_set)) {
5478 /* still enable QoS since we might have HT/VHT */
5479 ieee80211_set_wmm_default(link, false, true);
5480 /* disable WMM tracking in this case to disable
5481 * tracking WMM parameter changes in the beacon if
5482 * the parameters weren't actually valid. Doing so
5483 * avoids changing parameters very strangely when
5484 * the AP is going back and forth between valid and
5485 * invalid parameters.
5486 */
5487 link->u.mgd.disable_wmm_tracking = true;
5488 }
5489
5490 if (elems->max_idle_period_ie) {
5491 bss_conf->max_idle_period =
5492 le16_to_cpu(elems->max_idle_period_ie->max_idle_period);
5493 bss_conf->protected_keep_alive =
5494 !!(elems->max_idle_period_ie->idle_options &
5495 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE);
5496 *changed |= BSS_CHANGED_KEEP_ALIVE;
5497 } else {
5498 bss_conf->max_idle_period = 0;
5499 bss_conf->protected_keep_alive = false;
5500 }
5501
5502 /* set assoc capability (AID was already set earlier),
5503 * ieee80211_set_associated() will tell the driver */
5504 bss_conf->assoc_capability = capab_info;
5505
5506 ret = true;
5507 out:
5508 kfree(elems);
5509 kfree(bss_ies);
5510 return ret;
5511 }
5512
ieee80211_mgd_setup_link_sta(struct ieee80211_link_data * link,struct sta_info * sta,struct link_sta_info * link_sta,struct cfg80211_bss * cbss)5513 static int ieee80211_mgd_setup_link_sta(struct ieee80211_link_data *link,
5514 struct sta_info *sta,
5515 struct link_sta_info *link_sta,
5516 struct cfg80211_bss *cbss)
5517 {
5518 struct ieee80211_sub_if_data *sdata = link->sdata;
5519 struct ieee80211_local *local = sdata->local;
5520 struct ieee80211_bss *bss = (void *)cbss->priv;
5521 u32 rates = 0, basic_rates = 0;
5522 bool have_higher_than_11mbit = false;
5523 int min_rate = INT_MAX, min_rate_index = -1;
5524 struct ieee80211_supported_band *sband;
5525
5526 memcpy(link_sta->addr, cbss->bssid, ETH_ALEN);
5527 memcpy(link_sta->pub->addr, cbss->bssid, ETH_ALEN);
5528
5529 /* TODO: S1G Basic Rate Set is expressed elsewhere */
5530 if (cbss->channel->band == NL80211_BAND_S1GHZ) {
5531 ieee80211_s1g_sta_rate_init(sta);
5532 return 0;
5533 }
5534
5535 sband = local->hw.wiphy->bands[cbss->channel->band];
5536
5537 ieee80211_get_rates(sband, bss->supp_rates, bss->supp_rates_len,
5538 NULL, 0,
5539 &rates, &basic_rates, NULL,
5540 &have_higher_than_11mbit,
5541 &min_rate, &min_rate_index);
5542
5543 /*
5544 * This used to be a workaround for basic rates missing
5545 * in the association response frame. Now that we no
5546 * longer use the basic rates from there, it probably
5547 * doesn't happen any more, but keep the workaround so
5548 * in case some *other* APs are buggy in different ways
5549 * we can connect -- with a warning.
5550 * Allow this workaround only in case the AP provided at least
5551 * one rate.
5552 */
5553 if (min_rate_index < 0) {
5554 link_info(link, "No legacy rates in association response\n");
5555 return -EINVAL;
5556 } else if (!basic_rates) {
5557 link_info(link, "No basic rates, using min rate instead\n");
5558 basic_rates = BIT(min_rate_index);
5559 }
5560
5561 if (rates)
5562 link_sta->pub->supp_rates[cbss->channel->band] = rates;
5563 else
5564 link_info(link, "No rates found, keeping mandatory only\n");
5565
5566 link->conf->basic_rates = basic_rates;
5567
5568 /* cf. IEEE 802.11 9.2.12 */
5569 link->operating_11g_mode = sband->band == NL80211_BAND_2GHZ &&
5570 have_higher_than_11mbit;
5571
5572 return 0;
5573 }
5574
ieee80211_max_rx_chains(struct ieee80211_link_data * link,struct cfg80211_bss * cbss)5575 static u8 ieee80211_max_rx_chains(struct ieee80211_link_data *link,
5576 struct cfg80211_bss *cbss)
5577 {
5578 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp;
5579 const struct element *ht_cap_elem, *vht_cap_elem;
5580 const struct cfg80211_bss_ies *ies;
5581 const struct ieee80211_ht_cap *ht_cap;
5582 const struct ieee80211_vht_cap *vht_cap;
5583 const struct ieee80211_he_cap_elem *he_cap;
5584 const struct element *he_cap_elem;
5585 u16 mcs_80_map, mcs_160_map;
5586 int i, mcs_nss_size;
5587 bool support_160;
5588 u8 chains = 1;
5589
5590 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HT)
5591 return chains;
5592
5593 ht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_CAPABILITY);
5594 if (ht_cap_elem && ht_cap_elem->datalen >= sizeof(*ht_cap)) {
5595 ht_cap = (void *)ht_cap_elem->data;
5596 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
5597 /*
5598 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
5599 * "Tx Unequal Modulation Supported" fields.
5600 */
5601 }
5602
5603 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_VHT)
5604 return chains;
5605
5606 vht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY);
5607 if (vht_cap_elem && vht_cap_elem->datalen >= sizeof(*vht_cap)) {
5608 u8 nss;
5609 u16 tx_mcs_map;
5610
5611 vht_cap = (void *)vht_cap_elem->data;
5612 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
5613 for (nss = 8; nss > 0; nss--) {
5614 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
5615 IEEE80211_VHT_MCS_NOT_SUPPORTED)
5616 break;
5617 }
5618 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
5619 chains = max(chains, nss);
5620 }
5621
5622 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HE)
5623 return chains;
5624
5625 ies = rcu_dereference(cbss->ies);
5626 he_cap_elem = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY,
5627 ies->data, ies->len);
5628
5629 if (!he_cap_elem || he_cap_elem->datalen < sizeof(*he_cap))
5630 return chains;
5631
5632 /* skip one byte ext_tag_id */
5633 he_cap = (void *)(he_cap_elem->data + 1);
5634 mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap);
5635
5636 /* invalid HE IE */
5637 if (he_cap_elem->datalen < 1 + mcs_nss_size + sizeof(*he_cap))
5638 return chains;
5639
5640 /* mcs_nss is right after he_cap info */
5641 he_mcs_nss_supp = (void *)(he_cap + 1);
5642
5643 mcs_80_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80);
5644
5645 for (i = 7; i >= 0; i--) {
5646 u8 mcs_80 = mcs_80_map >> (2 * i) & 3;
5647
5648 if (mcs_80 != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
5649 chains = max_t(u8, chains, i + 1);
5650 break;
5651 }
5652 }
5653
5654 support_160 = he_cap->phy_cap_info[0] &
5655 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
5656
5657 if (!support_160)
5658 return chains;
5659
5660 mcs_160_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_160);
5661 for (i = 7; i >= 0; i--) {
5662 u8 mcs_160 = mcs_160_map >> (2 * i) & 3;
5663
5664 if (mcs_160 != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
5665 chains = max_t(u8, chains, i + 1);
5666 break;
5667 }
5668 }
5669
5670 return chains;
5671 }
5672
5673 static void
ieee80211_determine_our_sta_mode(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct cfg80211_assoc_request * req,bool wmm_used,int link_id,struct ieee80211_conn_settings * conn)5674 ieee80211_determine_our_sta_mode(struct ieee80211_sub_if_data *sdata,
5675 struct ieee80211_supported_band *sband,
5676 struct cfg80211_assoc_request *req,
5677 bool wmm_used, int link_id,
5678 struct ieee80211_conn_settings *conn)
5679 {
5680 struct ieee80211_sta_ht_cap sta_ht_cap = sband->ht_cap;
5681 bool is_5ghz = sband->band == NL80211_BAND_5GHZ;
5682 bool is_6ghz = sband->band == NL80211_BAND_6GHZ;
5683 const struct ieee80211_sta_he_cap *he_cap;
5684 const struct ieee80211_sta_eht_cap *eht_cap;
5685 struct ieee80211_sta_vht_cap vht_cap;
5686
5687 if (sband->band == NL80211_BAND_S1GHZ) {
5688 conn->mode = IEEE80211_CONN_MODE_S1G;
5689 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
5690 mlme_dbg(sdata, "operating as S1G STA\n");
5691 return;
5692 }
5693
5694 conn->mode = IEEE80211_CONN_MODE_LEGACY;
5695 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
5696
5697 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
5698
5699 if (req && req->flags & ASSOC_REQ_DISABLE_HT) {
5700 mlme_link_id_dbg(sdata, link_id,
5701 "HT disabled by flag, limiting to legacy\n");
5702 goto out;
5703 }
5704
5705 if (!wmm_used) {
5706 mlme_link_id_dbg(sdata, link_id,
5707 "WMM/QoS not supported, limiting to legacy\n");
5708 goto out;
5709 }
5710
5711 if (req) {
5712 unsigned int i;
5713
5714 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
5715 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
5716 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
5717 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
5718 netdev_info(sdata->dev,
5719 "WEP/TKIP use, limiting to legacy\n");
5720 goto out;
5721 }
5722 }
5723 }
5724
5725 if (!sta_ht_cap.ht_supported && !is_6ghz) {
5726 mlme_link_id_dbg(sdata, link_id,
5727 "HT not supported (and not on 6 GHz), limiting to legacy\n");
5728 goto out;
5729 }
5730
5731 /* HT is fine */
5732 conn->mode = IEEE80211_CONN_MODE_HT;
5733 conn->bw_limit = sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 ?
5734 IEEE80211_CONN_BW_LIMIT_40 :
5735 IEEE80211_CONN_BW_LIMIT_20;
5736
5737 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
5738 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
5739
5740 if (req && req->flags & ASSOC_REQ_DISABLE_VHT) {
5741 mlme_link_id_dbg(sdata, link_id,
5742 "VHT disabled by flag, limiting to HT\n");
5743 goto out;
5744 }
5745
5746 if (vht_cap.vht_supported && is_5ghz) {
5747 bool have_80mhz = false;
5748 unsigned int i;
5749
5750 if (conn->bw_limit == IEEE80211_CONN_BW_LIMIT_20) {
5751 mlme_link_id_dbg(sdata, link_id,
5752 "no 40 MHz support on 5 GHz, limiting to HT\n");
5753 goto out;
5754 }
5755
5756 /* Allow VHT if at least one channel on the sband supports 80 MHz */
5757 for (i = 0; i < sband->n_channels; i++) {
5758 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED |
5759 IEEE80211_CHAN_NO_80MHZ))
5760 continue;
5761
5762 have_80mhz = true;
5763 break;
5764 }
5765
5766 if (!have_80mhz) {
5767 mlme_link_id_dbg(sdata, link_id,
5768 "no 80 MHz channel support on 5 GHz, limiting to HT\n");
5769 goto out;
5770 }
5771 } else if (is_5ghz) { /* !vht_supported but on 5 GHz */
5772 mlme_link_id_dbg(sdata, link_id,
5773 "no VHT support on 5 GHz, limiting to HT\n");
5774 goto out;
5775 }
5776
5777 /* VHT - if we have - is fine, including 80 MHz, check 160 below again */
5778 if (sband->band != NL80211_BAND_2GHZ) {
5779 conn->mode = IEEE80211_CONN_MODE_VHT;
5780 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_160;
5781 }
5782
5783 if (is_5ghz &&
5784 !(vht_cap.cap & (IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
5785 IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))) {
5786 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_80;
5787 mlme_link_id_dbg(sdata, link_id,
5788 "no VHT 160 MHz capability on 5 GHz, limiting to 80 MHz");
5789 }
5790
5791 if (req && req->flags & ASSOC_REQ_DISABLE_HE) {
5792 mlme_link_id_dbg(sdata, link_id,
5793 "HE disabled by flag, limiting to HT/VHT\n");
5794 goto out;
5795 }
5796
5797 he_cap = ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
5798 if (!he_cap) {
5799 WARN_ON(is_6ghz);
5800 mlme_link_id_dbg(sdata, link_id,
5801 "no HE support, limiting to HT/VHT\n");
5802 goto out;
5803 }
5804
5805 /* so we have HE */
5806 conn->mode = IEEE80211_CONN_MODE_HE;
5807
5808 /* check bandwidth */
5809 switch (sband->band) {
5810 default:
5811 case NL80211_BAND_2GHZ:
5812 if (he_cap->he_cap_elem.phy_cap_info[0] &
5813 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G)
5814 break;
5815 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
5816 mlme_link_id_dbg(sdata, link_id,
5817 "no 40 MHz HE cap in 2.4 GHz, limiting to 20 MHz\n");
5818 break;
5819 case NL80211_BAND_5GHZ:
5820 if (!(he_cap->he_cap_elem.phy_cap_info[0] &
5821 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) {
5822 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
5823 mlme_link_id_dbg(sdata, link_id,
5824 "no 40/80 MHz HE cap in 5 GHz, limiting to 20 MHz\n");
5825 break;
5826 }
5827 if (!(he_cap->he_cap_elem.phy_cap_info[0] &
5828 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G)) {
5829 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
5830 conn->bw_limit,
5831 IEEE80211_CONN_BW_LIMIT_80);
5832 mlme_link_id_dbg(sdata, link_id,
5833 "no 160 MHz HE cap in 5 GHz, limiting to 80 MHz\n");
5834 }
5835 break;
5836 case NL80211_BAND_6GHZ:
5837 if (he_cap->he_cap_elem.phy_cap_info[0] &
5838 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G)
5839 break;
5840 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
5841 conn->bw_limit,
5842 IEEE80211_CONN_BW_LIMIT_80);
5843 mlme_link_id_dbg(sdata, link_id,
5844 "no 160 MHz HE cap in 6 GHz, limiting to 80 MHz\n");
5845 break;
5846 }
5847
5848 if (req && req->flags & ASSOC_REQ_DISABLE_EHT) {
5849 mlme_link_id_dbg(sdata, link_id,
5850 "EHT disabled by flag, limiting to HE\n");
5851 goto out;
5852 }
5853
5854 eht_cap = ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif);
5855 if (!eht_cap) {
5856 mlme_link_id_dbg(sdata, link_id,
5857 "no EHT support, limiting to HE\n");
5858 goto out;
5859 }
5860
5861 /* we have EHT */
5862
5863 conn->mode = IEEE80211_CONN_MODE_EHT;
5864
5865 /* check bandwidth */
5866 if (is_6ghz &&
5867 eht_cap->eht_cap_elem.phy_cap_info[0] & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ)
5868 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_320;
5869 else if (is_6ghz)
5870 mlme_link_id_dbg(sdata, link_id,
5871 "no EHT 320 MHz cap in 6 GHz, limiting to 160 MHz\n");
5872
5873 out:
5874 mlme_link_id_dbg(sdata, link_id,
5875 "determined local STA to be %s, BW limited to %d MHz\n",
5876 ieee80211_conn_mode_str(conn->mode),
5877 20 * (1 << conn->bw_limit));
5878 }
5879
5880 static void
ieee80211_determine_our_sta_mode_auth(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct cfg80211_auth_request * req,bool wmm_used,struct ieee80211_conn_settings * conn)5881 ieee80211_determine_our_sta_mode_auth(struct ieee80211_sub_if_data *sdata,
5882 struct ieee80211_supported_band *sband,
5883 struct cfg80211_auth_request *req,
5884 bool wmm_used,
5885 struct ieee80211_conn_settings *conn)
5886 {
5887 ieee80211_determine_our_sta_mode(sdata, sband, NULL, wmm_used,
5888 req->link_id > 0 ? req->link_id : 0,
5889 conn);
5890 }
5891
5892 static void
ieee80211_determine_our_sta_mode_assoc(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct cfg80211_assoc_request * req,bool wmm_used,int link_id,struct ieee80211_conn_settings * conn)5893 ieee80211_determine_our_sta_mode_assoc(struct ieee80211_sub_if_data *sdata,
5894 struct ieee80211_supported_band *sband,
5895 struct cfg80211_assoc_request *req,
5896 bool wmm_used, int link_id,
5897 struct ieee80211_conn_settings *conn)
5898 {
5899 struct ieee80211_conn_settings tmp;
5900
5901 WARN_ON(!req);
5902
5903 ieee80211_determine_our_sta_mode(sdata, sband, req, wmm_used, link_id,
5904 &tmp);
5905
5906 conn->mode = min_t(enum ieee80211_conn_mode,
5907 conn->mode, tmp.mode);
5908 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
5909 conn->bw_limit, tmp.bw_limit);
5910 }
5911
5912 static enum ieee80211_ap_reg_power
ieee80211_ap_power_type(u8 control)5913 ieee80211_ap_power_type(u8 control)
5914 {
5915 switch (u8_get_bits(control, IEEE80211_HE_6GHZ_OPER_CTRL_REG_INFO)) {
5916 case IEEE80211_6GHZ_CTRL_REG_LPI_AP:
5917 case IEEE80211_6GHZ_CTRL_REG_INDOOR_LPI_AP:
5918 return IEEE80211_REG_LPI_AP;
5919 case IEEE80211_6GHZ_CTRL_REG_SP_AP:
5920 case IEEE80211_6GHZ_CTRL_REG_INDOOR_SP_AP:
5921 return IEEE80211_REG_SP_AP;
5922 case IEEE80211_6GHZ_CTRL_REG_VLP_AP:
5923 return IEEE80211_REG_VLP_AP;
5924 default:
5925 return IEEE80211_REG_UNSET_AP;
5926 }
5927 }
5928
ieee80211_prep_channel(struct ieee80211_sub_if_data * sdata,struct ieee80211_link_data * link,int link_id,struct cfg80211_bss * cbss,bool mlo,struct ieee80211_conn_settings * conn,unsigned long * userspace_selectors)5929 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
5930 struct ieee80211_link_data *link,
5931 int link_id,
5932 struct cfg80211_bss *cbss, bool mlo,
5933 struct ieee80211_conn_settings *conn,
5934 unsigned long *userspace_selectors)
5935 {
5936 struct ieee80211_local *local = sdata->local;
5937 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
5938 struct ieee80211_chan_req chanreq = {};
5939 struct cfg80211_chan_def ap_chandef;
5940 struct ieee802_11_elems *elems;
5941 int ret;
5942
5943 lockdep_assert_wiphy(local->hw.wiphy);
5944
5945 rcu_read_lock();
5946 elems = ieee80211_determine_chan_mode(sdata, conn, cbss, link_id,
5947 &chanreq, &ap_chandef,
5948 userspace_selectors);
5949
5950 if (IS_ERR(elems)) {
5951 rcu_read_unlock();
5952 return PTR_ERR(elems);
5953 }
5954
5955 if (mlo && !elems->ml_basic) {
5956 sdata_info(sdata, "Rejecting MLO as it is not supported by AP\n");
5957 rcu_read_unlock();
5958 kfree(elems);
5959 return -EINVAL;
5960 }
5961
5962 if (link && is_6ghz && conn->mode >= IEEE80211_CONN_MODE_HE) {
5963 const struct ieee80211_he_6ghz_oper *he_6ghz_oper;
5964
5965 if (elems->pwr_constr_elem)
5966 link->conf->pwr_reduction = *elems->pwr_constr_elem;
5967
5968 he_6ghz_oper = ieee80211_he_6ghz_oper(elems->he_operation);
5969 if (he_6ghz_oper)
5970 link->conf->power_type =
5971 ieee80211_ap_power_type(he_6ghz_oper->control);
5972 else
5973 link_info(link,
5974 "HE 6 GHz operation missing (on %d MHz), expect issues\n",
5975 cbss->channel->center_freq);
5976
5977 link->conf->tpe = elems->tpe;
5978 ieee80211_rearrange_tpe(&link->conf->tpe, &ap_chandef,
5979 &chanreq.oper);
5980 }
5981 rcu_read_unlock();
5982 /* the element data was RCU protected so no longer valid anyway */
5983 kfree(elems);
5984 elems = NULL;
5985
5986 if (!link)
5987 return 0;
5988
5989 rcu_read_lock();
5990 link->needed_rx_chains = min(ieee80211_max_rx_chains(link, cbss),
5991 local->rx_chains);
5992 rcu_read_unlock();
5993
5994 /*
5995 * If this fails (possibly due to channel context sharing
5996 * on incompatible channels, e.g. 80+80 and 160 sharing the
5997 * same control channel) try to use a smaller bandwidth.
5998 */
5999 ret = ieee80211_link_use_channel(link, &chanreq,
6000 IEEE80211_CHANCTX_SHARED);
6001
6002 /* don't downgrade for 5 and 10 MHz channels, though. */
6003 if (chanreq.oper.width == NL80211_CHAN_WIDTH_5 ||
6004 chanreq.oper.width == NL80211_CHAN_WIDTH_10)
6005 return ret;
6006
6007 while (ret && chanreq.oper.width != NL80211_CHAN_WIDTH_20_NOHT) {
6008 ieee80211_chanreq_downgrade(&chanreq, conn);
6009
6010 ret = ieee80211_link_use_channel(link, &chanreq,
6011 IEEE80211_CHANCTX_SHARED);
6012 }
6013
6014 return ret;
6015 }
6016
ieee80211_get_dtim(const struct cfg80211_bss_ies * ies,u8 * dtim_count,u8 * dtim_period)6017 static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies,
6018 u8 *dtim_count, u8 *dtim_period)
6019 {
6020 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len);
6021 const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data,
6022 ies->len);
6023 const struct ieee80211_tim_ie *tim = NULL;
6024 const struct ieee80211_bssid_index *idx;
6025 bool valid = tim_ie && tim_ie[1] >= 2;
6026
6027 if (valid)
6028 tim = (void *)(tim_ie + 2);
6029
6030 if (dtim_count)
6031 *dtim_count = valid ? tim->dtim_count : 0;
6032
6033 if (dtim_period)
6034 *dtim_period = valid ? tim->dtim_period : 0;
6035
6036 /* Check if value is overridden by non-transmitted profile */
6037 if (!idx_ie || idx_ie[1] < 3)
6038 return valid;
6039
6040 idx = (void *)(idx_ie + 2);
6041
6042 if (dtim_count)
6043 *dtim_count = idx->dtim_count;
6044
6045 if (dtim_period)
6046 *dtim_period = idx->dtim_period;
6047
6048 return true;
6049 }
6050
ieee80211_assoc_success(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,struct ieee802_11_elems * elems,const u8 * elem_start,unsigned int elem_len)6051 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
6052 struct ieee80211_mgmt *mgmt,
6053 struct ieee802_11_elems *elems,
6054 const u8 *elem_start, unsigned int elem_len)
6055 {
6056 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
6057 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
6058 struct ieee80211_local *local = sdata->local;
6059 unsigned int link_id;
6060 struct sta_info *sta;
6061 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS] = {};
6062 u16 valid_links = 0, dormant_links = 0;
6063 int err;
6064
6065 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6066 /*
6067 * station info was already allocated and inserted before
6068 * the association and should be available to us
6069 */
6070 sta = sta_info_get(sdata, assoc_data->ap_addr);
6071 if (WARN_ON(!sta))
6072 goto out_err;
6073
6074 sta->sta.spp_amsdu = assoc_data->spp_amsdu;
6075
6076 if (ieee80211_vif_is_mld(&sdata->vif)) {
6077 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
6078 if (!assoc_data->link[link_id].bss)
6079 continue;
6080
6081 valid_links |= BIT(link_id);
6082 if (assoc_data->link[link_id].disabled)
6083 dormant_links |= BIT(link_id);
6084
6085 if (link_id != assoc_data->assoc_link_id) {
6086 err = ieee80211_sta_allocate_link(sta, link_id);
6087 if (err)
6088 goto out_err;
6089 }
6090 }
6091
6092 ieee80211_vif_set_links(sdata, valid_links, dormant_links);
6093 }
6094
6095 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
6096 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
6097 struct ieee80211_link_data *link;
6098 struct link_sta_info *link_sta;
6099
6100 if (!cbss)
6101 continue;
6102
6103 link = sdata_dereference(sdata->link[link_id], sdata);
6104 if (WARN_ON(!link))
6105 goto out_err;
6106
6107 if (ieee80211_vif_is_mld(&sdata->vif))
6108 link_info(link,
6109 "local address %pM, AP link address %pM%s\n",
6110 link->conf->addr,
6111 assoc_data->link[link_id].bss->bssid,
6112 link_id == assoc_data->assoc_link_id ?
6113 " (assoc)" : "");
6114
6115 link_sta = rcu_dereference_protected(sta->link[link_id],
6116 lockdep_is_held(&local->hw.wiphy->mtx));
6117 if (WARN_ON(!link_sta))
6118 goto out_err;
6119
6120 if (!link->u.mgd.have_beacon) {
6121 const struct cfg80211_bss_ies *ies;
6122
6123 rcu_read_lock();
6124 ies = rcu_dereference(cbss->beacon_ies);
6125 if (ies)
6126 link->u.mgd.have_beacon = true;
6127 else
6128 ies = rcu_dereference(cbss->ies);
6129 ieee80211_get_dtim(ies,
6130 &link->conf->sync_dtim_count,
6131 &link->u.mgd.dtim_period);
6132 link->conf->beacon_int = cbss->beacon_interval;
6133 rcu_read_unlock();
6134 }
6135
6136 link->conf->dtim_period = link->u.mgd.dtim_period ?: 1;
6137
6138 if (link_id != assoc_data->assoc_link_id) {
6139 link->u.mgd.conn = assoc_data->link[link_id].conn;
6140
6141 err = ieee80211_prep_channel(sdata, link, link_id, cbss,
6142 true, &link->u.mgd.conn,
6143 sdata->u.mgd.userspace_selectors);
6144 if (err) {
6145 link_info(link, "prep_channel failed\n");
6146 goto out_err;
6147 }
6148 }
6149
6150 err = ieee80211_mgd_setup_link_sta(link, sta, link_sta,
6151 assoc_data->link[link_id].bss);
6152 if (err)
6153 goto out_err;
6154
6155 if (!ieee80211_assoc_config_link(link, link_sta,
6156 assoc_data->link[link_id].bss,
6157 mgmt, elem_start, elem_len,
6158 &changed[link_id]))
6159 goto out_err;
6160
6161 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) {
6162 valid_links &= ~BIT(link_id);
6163 ieee80211_sta_remove_link(sta, link_id);
6164 continue;
6165 }
6166
6167 if (link_id != assoc_data->assoc_link_id) {
6168 err = ieee80211_sta_activate_link(sta, link_id);
6169 if (err)
6170 goto out_err;
6171 }
6172 }
6173
6174 /* links might have changed due to rejected ones, set them again */
6175 ieee80211_vif_set_links(sdata, valid_links, dormant_links);
6176
6177 rate_control_rate_init_all_links(sta);
6178
6179 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) {
6180 set_sta_flag(sta, WLAN_STA_MFP);
6181 sta->sta.mfp = true;
6182 } else {
6183 sta->sta.mfp = false;
6184 }
6185
6186 ieee80211_sta_set_max_amsdu_subframes(sta, elems->ext_capab,
6187 elems->ext_capab_len);
6188
6189 sta->sta.wme = (elems->wmm_param || elems->s1g_capab) &&
6190 local->hw.queues >= IEEE80211_NUM_ACS;
6191
6192 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
6193 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
6194 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
6195 if (err) {
6196 sdata_info(sdata,
6197 "failed to move station %pM to desired state\n",
6198 sta->sta.addr);
6199 WARN_ON(__sta_info_destroy(sta));
6200 goto out_err;
6201 }
6202
6203 if (sdata->wdev.use_4addr)
6204 drv_sta_set_4addr(local, sdata, &sta->sta, true);
6205
6206 ieee80211_set_associated(sdata, assoc_data, changed);
6207
6208 /*
6209 * If we're using 4-addr mode, let the AP know that we're
6210 * doing so, so that it can create the STA VLAN on its side
6211 */
6212 if (ifmgd->use_4addr)
6213 ieee80211_send_4addr_nullfunc(local, sdata);
6214
6215 /*
6216 * Start timer to probe the connection to the AP now.
6217 * Also start the timer that will detect beacon loss.
6218 */
6219 ieee80211_sta_reset_beacon_monitor(sdata);
6220 ieee80211_sta_reset_conn_monitor(sdata);
6221
6222 return true;
6223 out_err:
6224 eth_zero_addr(sdata->vif.cfg.ap_addr);
6225 return false;
6226 }
6227
ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)6228 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
6229 struct ieee80211_mgmt *mgmt,
6230 size_t len)
6231 {
6232 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
6233 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
6234 u16 capab_info, status_code, aid;
6235 struct ieee80211_elems_parse_params parse_params = {
6236 .bss = NULL,
6237 .link_id = -1,
6238 .from_ap = true,
6239 };
6240 struct ieee802_11_elems *elems;
6241 int ac;
6242 const u8 *elem_start;
6243 unsigned int elem_len;
6244 bool reassoc;
6245 struct ieee80211_event event = {
6246 .type = MLME_EVENT,
6247 .u.mlme.data = ASSOC_EVENT,
6248 };
6249 struct ieee80211_prep_tx_info info = {};
6250 struct cfg80211_rx_assoc_resp_data resp = {
6251 .uapsd_queues = -1,
6252 };
6253 u8 ap_mld_addr[ETH_ALEN] __aligned(2);
6254 unsigned int link_id;
6255
6256 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6257
6258 if (!assoc_data)
6259 return;
6260
6261 info.link_id = assoc_data->assoc_link_id;
6262
6263 parse_params.mode =
6264 assoc_data->link[assoc_data->assoc_link_id].conn.mode;
6265
6266 if (!ether_addr_equal(assoc_data->ap_addr, mgmt->bssid) ||
6267 !ether_addr_equal(assoc_data->ap_addr, mgmt->sa))
6268 return;
6269
6270 /*
6271 * AssocResp and ReassocResp have identical structure, so process both
6272 * of them in this function.
6273 */
6274
6275 if (len < 24 + 6)
6276 return;
6277
6278 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control);
6279 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
6280 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
6281 if (assoc_data->s1g)
6282 elem_start = mgmt->u.s1g_assoc_resp.variable;
6283 else
6284 elem_start = mgmt->u.assoc_resp.variable;
6285
6286 /*
6287 * Note: this may not be perfect, AP might misbehave - if
6288 * anyone needs to rely on perfect complete notification
6289 * with the exact right subtype, then we need to track what
6290 * we actually transmitted.
6291 */
6292 info.subtype = reassoc ? IEEE80211_STYPE_REASSOC_REQ :
6293 IEEE80211_STYPE_ASSOC_REQ;
6294
6295 if (assoc_data->fils_kek_len &&
6296 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0)
6297 return;
6298
6299 elem_len = len - (elem_start - (u8 *)mgmt);
6300 parse_params.start = elem_start;
6301 parse_params.len = elem_len;
6302 elems = ieee802_11_parse_elems_full(&parse_params);
6303 if (!elems)
6304 goto notify_driver;
6305
6306 if (elems->aid_resp)
6307 aid = le16_to_cpu(elems->aid_resp->aid);
6308 else if (assoc_data->s1g)
6309 aid = 0; /* TODO */
6310 else
6311 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
6312
6313 /*
6314 * The 5 MSB of the AID field are reserved
6315 * (802.11-2016 9.4.1.8 AID field)
6316 */
6317 aid &= 0x7ff;
6318
6319 sdata_info(sdata,
6320 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
6321 reassoc ? "Rea" : "A", assoc_data->ap_addr,
6322 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
6323
6324 ifmgd->broken_ap = false;
6325
6326 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
6327 elems->timeout_int &&
6328 elems->timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
6329 u32 tu, ms;
6330
6331 cfg80211_assoc_comeback(sdata->dev, assoc_data->ap_addr,
6332 le32_to_cpu(elems->timeout_int->value));
6333
6334 tu = le32_to_cpu(elems->timeout_int->value);
6335 ms = tu * 1024 / 1000;
6336 sdata_info(sdata,
6337 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
6338 assoc_data->ap_addr, tu, ms);
6339 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
6340 assoc_data->timeout_started = true;
6341 assoc_data->comeback = true;
6342 if (ms > IEEE80211_ASSOC_TIMEOUT)
6343 run_again(sdata, assoc_data->timeout);
6344 goto notify_driver;
6345 }
6346
6347 if (status_code != WLAN_STATUS_SUCCESS) {
6348 sdata_info(sdata, "%pM denied association (code=%d)\n",
6349 assoc_data->ap_addr, status_code);
6350 event.u.mlme.status = MLME_DENIED;
6351 event.u.mlme.reason = status_code;
6352 drv_event_callback(sdata->local, sdata, &event);
6353 } else {
6354 if (aid == 0 || aid > IEEE80211_MAX_AID) {
6355 sdata_info(sdata,
6356 "invalid AID value %d (out of range), turn off PS\n",
6357 aid);
6358 aid = 0;
6359 ifmgd->broken_ap = true;
6360 }
6361
6362 if (ieee80211_vif_is_mld(&sdata->vif)) {
6363 struct ieee80211_mle_basic_common_info *common;
6364
6365 if (!elems->ml_basic) {
6366 sdata_info(sdata,
6367 "MLO association with %pM but no (basic) multi-link element in response!\n",
6368 assoc_data->ap_addr);
6369 goto abandon_assoc;
6370 }
6371
6372 common = (void *)elems->ml_basic->variable;
6373
6374 if (memcmp(assoc_data->ap_addr,
6375 common->mld_mac_addr, ETH_ALEN)) {
6376 sdata_info(sdata,
6377 "AP MLD MAC address mismatch: got %pM expected %pM\n",
6378 common->mld_mac_addr,
6379 assoc_data->ap_addr);
6380 goto abandon_assoc;
6381 }
6382
6383 sdata->vif.cfg.eml_cap =
6384 ieee80211_mle_get_eml_cap((const void *)elems->ml_basic);
6385 sdata->vif.cfg.eml_med_sync_delay =
6386 ieee80211_mle_get_eml_med_sync_delay((const void *)elems->ml_basic);
6387 sdata->vif.cfg.mld_capa_op =
6388 ieee80211_mle_get_mld_capa_op((const void *)elems->ml_basic);
6389 }
6390
6391 sdata->vif.cfg.aid = aid;
6392
6393 if (!ieee80211_assoc_success(sdata, mgmt, elems,
6394 elem_start, elem_len)) {
6395 /* oops -- internal error -- send timeout for now */
6396 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
6397 goto notify_driver;
6398 }
6399 event.u.mlme.status = MLME_SUCCESS;
6400 drv_event_callback(sdata->local, sdata, &event);
6401 sdata_info(sdata, "associated\n");
6402
6403 info.success = 1;
6404 }
6405
6406 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
6407 struct ieee80211_link_data *link;
6408
6409 if (!assoc_data->link[link_id].bss)
6410 continue;
6411
6412 resp.links[link_id].bss = assoc_data->link[link_id].bss;
6413 ether_addr_copy(resp.links[link_id].addr,
6414 assoc_data->link[link_id].addr);
6415 resp.links[link_id].status = assoc_data->link[link_id].status;
6416
6417 link = sdata_dereference(sdata->link[link_id], sdata);
6418 if (!link)
6419 continue;
6420
6421 /* get uapsd queues configuration - same for all links */
6422 resp.uapsd_queues = 0;
6423 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
6424 if (link->tx_conf[ac].uapsd)
6425 resp.uapsd_queues |= ieee80211_ac_to_qos_mask[ac];
6426 }
6427
6428 if (ieee80211_vif_is_mld(&sdata->vif)) {
6429 ether_addr_copy(ap_mld_addr, sdata->vif.cfg.ap_addr);
6430 resp.ap_mld_addr = ap_mld_addr;
6431 }
6432
6433 ieee80211_destroy_assoc_data(sdata,
6434 status_code == WLAN_STATUS_SUCCESS ?
6435 ASSOC_SUCCESS :
6436 ASSOC_REJECTED);
6437
6438 resp.buf = (u8 *)mgmt;
6439 resp.len = len;
6440 resp.req_ies = ifmgd->assoc_req_ies;
6441 resp.req_ies_len = ifmgd->assoc_req_ies_len;
6442 cfg80211_rx_assoc_resp(sdata->dev, &resp);
6443 notify_driver:
6444 drv_mgd_complete_tx(sdata->local, sdata, &info);
6445 kfree(elems);
6446 return;
6447 abandon_assoc:
6448 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
6449 goto notify_driver;
6450 }
6451
ieee80211_rx_bss_info(struct ieee80211_link_data * link,struct ieee80211_mgmt * mgmt,size_t len,struct ieee80211_rx_status * rx_status)6452 static void ieee80211_rx_bss_info(struct ieee80211_link_data *link,
6453 struct ieee80211_mgmt *mgmt, size_t len,
6454 struct ieee80211_rx_status *rx_status)
6455 {
6456 struct ieee80211_sub_if_data *sdata = link->sdata;
6457 struct ieee80211_local *local = sdata->local;
6458 struct ieee80211_bss *bss;
6459 struct ieee80211_channel *channel;
6460
6461 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6462
6463 channel = ieee80211_get_channel_khz(local->hw.wiphy,
6464 ieee80211_rx_status_to_khz(rx_status));
6465 if (!channel)
6466 return;
6467
6468 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel);
6469 if (bss) {
6470 link->conf->beacon_rate = bss->beacon_rate;
6471 ieee80211_rx_bss_put(local, bss);
6472 }
6473 }
6474
6475
ieee80211_rx_mgmt_probe_resp(struct ieee80211_link_data * link,struct sk_buff * skb)6476 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_link_data *link,
6477 struct sk_buff *skb)
6478 {
6479 struct ieee80211_sub_if_data *sdata = link->sdata;
6480 struct ieee80211_mgmt *mgmt = (void *)skb->data;
6481 struct ieee80211_if_managed *ifmgd;
6482 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
6483 struct ieee80211_channel *channel;
6484 size_t baselen, len = skb->len;
6485
6486 ifmgd = &sdata->u.mgd;
6487
6488 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6489
6490 /*
6491 * According to Draft P802.11ax D6.0 clause 26.17.2.3.2:
6492 * "If a 6 GHz AP receives a Probe Request frame and responds with
6493 * a Probe Response frame [..], the Address 1 field of the Probe
6494 * Response frame shall be set to the broadcast address [..]"
6495 * So, on 6GHz band we should also accept broadcast responses.
6496 */
6497 channel = ieee80211_get_channel(sdata->local->hw.wiphy,
6498 rx_status->freq);
6499 if (!channel)
6500 return;
6501
6502 if (!ether_addr_equal(mgmt->da, sdata->vif.addr) &&
6503 (channel->band != NL80211_BAND_6GHZ ||
6504 !is_broadcast_ether_addr(mgmt->da)))
6505 return; /* ignore ProbeResp to foreign address */
6506
6507 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
6508 if (baselen > len)
6509 return;
6510
6511 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
6512
6513 if (ifmgd->associated &&
6514 ether_addr_equal(mgmt->bssid, link->u.mgd.bssid))
6515 ieee80211_reset_ap_probe(sdata);
6516 }
6517
6518 /*
6519 * This is the canonical list of information elements we care about,
6520 * the filter code also gives us all changes to the Microsoft OUI
6521 * (00:50:F2) vendor IE which is used for WMM which we need to track,
6522 * as well as the DTPC IE (part of the Cisco OUI) used for signaling
6523 * changes to requested client power.
6524 *
6525 * We implement beacon filtering in software since that means we can
6526 * avoid processing the frame here and in cfg80211, and userspace
6527 * will not be able to tell whether the hardware supports it or not.
6528 *
6529 * XXX: This list needs to be dynamic -- userspace needs to be able to
6530 * add items it requires. It also needs to be able to tell us to
6531 * look out for other vendor IEs.
6532 */
6533 static const u64 care_about_ies =
6534 (1ULL << WLAN_EID_COUNTRY) |
6535 (1ULL << WLAN_EID_ERP_INFO) |
6536 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
6537 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
6538 (1ULL << WLAN_EID_HT_CAPABILITY) |
6539 (1ULL << WLAN_EID_HT_OPERATION) |
6540 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN);
6541
ieee80211_handle_beacon_sig(struct ieee80211_link_data * link,struct ieee80211_if_managed * ifmgd,struct ieee80211_bss_conf * bss_conf,struct ieee80211_local * local,struct ieee80211_rx_status * rx_status)6542 static void ieee80211_handle_beacon_sig(struct ieee80211_link_data *link,
6543 struct ieee80211_if_managed *ifmgd,
6544 struct ieee80211_bss_conf *bss_conf,
6545 struct ieee80211_local *local,
6546 struct ieee80211_rx_status *rx_status)
6547 {
6548 struct ieee80211_sub_if_data *sdata = link->sdata;
6549
6550 /* Track average RSSI from the Beacon frames of the current AP */
6551
6552 if (!link->u.mgd.tracking_signal_avg) {
6553 link->u.mgd.tracking_signal_avg = true;
6554 ewma_beacon_signal_init(&link->u.mgd.ave_beacon_signal);
6555 link->u.mgd.last_cqm_event_signal = 0;
6556 link->u.mgd.count_beacon_signal = 1;
6557 link->u.mgd.last_ave_beacon_signal = 0;
6558 } else {
6559 link->u.mgd.count_beacon_signal++;
6560 }
6561
6562 ewma_beacon_signal_add(&link->u.mgd.ave_beacon_signal,
6563 -rx_status->signal);
6564
6565 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
6566 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
6567 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
6568 int last_sig = link->u.mgd.last_ave_beacon_signal;
6569 struct ieee80211_event event = {
6570 .type = RSSI_EVENT,
6571 };
6572
6573 /*
6574 * if signal crosses either of the boundaries, invoke callback
6575 * with appropriate parameters
6576 */
6577 if (sig > ifmgd->rssi_max_thold &&
6578 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
6579 link->u.mgd.last_ave_beacon_signal = sig;
6580 event.u.rssi.data = RSSI_EVENT_HIGH;
6581 drv_event_callback(local, sdata, &event);
6582 } else if (sig < ifmgd->rssi_min_thold &&
6583 (last_sig >= ifmgd->rssi_max_thold ||
6584 last_sig == 0)) {
6585 link->u.mgd.last_ave_beacon_signal = sig;
6586 event.u.rssi.data = RSSI_EVENT_LOW;
6587 drv_event_callback(local, sdata, &event);
6588 }
6589 }
6590
6591 if (bss_conf->cqm_rssi_thold &&
6592 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
6593 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
6594 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
6595 int last_event = link->u.mgd.last_cqm_event_signal;
6596 int thold = bss_conf->cqm_rssi_thold;
6597 int hyst = bss_conf->cqm_rssi_hyst;
6598
6599 if (sig < thold &&
6600 (last_event == 0 || sig < last_event - hyst)) {
6601 link->u.mgd.last_cqm_event_signal = sig;
6602 ieee80211_cqm_rssi_notify(
6603 &sdata->vif,
6604 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
6605 sig, GFP_KERNEL);
6606 } else if (sig > thold &&
6607 (last_event == 0 || sig > last_event + hyst)) {
6608 link->u.mgd.last_cqm_event_signal = sig;
6609 ieee80211_cqm_rssi_notify(
6610 &sdata->vif,
6611 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
6612 sig, GFP_KERNEL);
6613 }
6614 }
6615
6616 if (bss_conf->cqm_rssi_low &&
6617 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
6618 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
6619 int last_event = link->u.mgd.last_cqm_event_signal;
6620 int low = bss_conf->cqm_rssi_low;
6621 int high = bss_conf->cqm_rssi_high;
6622
6623 if (sig < low &&
6624 (last_event == 0 || last_event >= low)) {
6625 link->u.mgd.last_cqm_event_signal = sig;
6626 ieee80211_cqm_rssi_notify(
6627 &sdata->vif,
6628 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
6629 sig, GFP_KERNEL);
6630 } else if (sig > high &&
6631 (last_event == 0 || last_event <= high)) {
6632 link->u.mgd.last_cqm_event_signal = sig;
6633 ieee80211_cqm_rssi_notify(
6634 &sdata->vif,
6635 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
6636 sig, GFP_KERNEL);
6637 }
6638 }
6639 }
6640
ieee80211_rx_our_beacon(const u8 * tx_bssid,struct cfg80211_bss * bss)6641 static bool ieee80211_rx_our_beacon(const u8 *tx_bssid,
6642 struct cfg80211_bss *bss)
6643 {
6644 if (ether_addr_equal(tx_bssid, bss->bssid))
6645 return true;
6646 if (!bss->transmitted_bss)
6647 return false;
6648 return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid);
6649 }
6650
ieee80211_ml_reconf_work(struct wiphy * wiphy,struct wiphy_work * work)6651 static void ieee80211_ml_reconf_work(struct wiphy *wiphy,
6652 struct wiphy_work *work)
6653 {
6654 struct ieee80211_sub_if_data *sdata =
6655 container_of(work, struct ieee80211_sub_if_data,
6656 u.mgd.ml_reconf_work.work);
6657 u16 new_valid_links, new_active_links, new_dormant_links;
6658 int ret;
6659
6660 if (!sdata->u.mgd.removed_links)
6661 return;
6662
6663 sdata_info(sdata,
6664 "MLO Reconfiguration: work: valid=0x%x, removed=0x%x\n",
6665 sdata->vif.valid_links, sdata->u.mgd.removed_links);
6666
6667 new_valid_links = sdata->vif.valid_links & ~sdata->u.mgd.removed_links;
6668 if (new_valid_links == sdata->vif.valid_links)
6669 return;
6670
6671 if (!new_valid_links ||
6672 !(new_valid_links & ~sdata->vif.dormant_links)) {
6673 sdata_info(sdata, "No valid links after reconfiguration\n");
6674 ret = -EINVAL;
6675 goto out;
6676 }
6677
6678 new_active_links = sdata->vif.active_links & ~sdata->u.mgd.removed_links;
6679 if (new_active_links != sdata->vif.active_links) {
6680 if (!new_active_links)
6681 new_active_links =
6682 BIT(ffs(new_valid_links &
6683 ~sdata->vif.dormant_links) - 1);
6684
6685 ret = ieee80211_set_active_links(&sdata->vif, new_active_links);
6686 if (ret) {
6687 sdata_info(sdata,
6688 "Failed setting active links\n");
6689 goto out;
6690 }
6691 }
6692
6693 new_dormant_links = sdata->vif.dormant_links & ~sdata->u.mgd.removed_links;
6694
6695 ret = ieee80211_vif_set_links(sdata, new_valid_links,
6696 new_dormant_links);
6697 if (ret)
6698 sdata_info(sdata, "Failed setting valid links\n");
6699
6700 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_VALID_LINKS);
6701
6702 out:
6703 if (!ret)
6704 cfg80211_links_removed(sdata->dev, sdata->u.mgd.removed_links);
6705 else
6706 __ieee80211_disconnect(sdata);
6707
6708 sdata->u.mgd.removed_links = 0;
6709 }
6710
ieee80211_ml_reconfiguration(struct ieee80211_sub_if_data * sdata,struct ieee802_11_elems * elems)6711 static void ieee80211_ml_reconfiguration(struct ieee80211_sub_if_data *sdata,
6712 struct ieee802_11_elems *elems)
6713 {
6714 const struct element *sub;
6715 unsigned long removed_links = 0;
6716 u16 link_removal_timeout[IEEE80211_MLD_MAX_NUM_LINKS] = {};
6717 u8 link_id;
6718 u32 delay;
6719
6720 if (!ieee80211_vif_is_mld(&sdata->vif) || !elems->ml_reconf)
6721 return;
6722
6723 /* Directly parse the sub elements as the common information doesn't
6724 * hold any useful information.
6725 */
6726 for_each_mle_subelement(sub, (const u8 *)elems->ml_reconf,
6727 elems->ml_reconf_len) {
6728 struct ieee80211_mle_per_sta_profile *prof = (void *)sub->data;
6729 u8 *pos = prof->variable;
6730 u16 control;
6731
6732 if (sub->id != IEEE80211_MLE_SUBELEM_PER_STA_PROFILE)
6733 continue;
6734
6735 if (!ieee80211_mle_reconf_sta_prof_size_ok(sub->data,
6736 sub->datalen))
6737 return;
6738
6739 control = le16_to_cpu(prof->control);
6740 link_id = control & IEEE80211_MLE_STA_RECONF_CONTROL_LINK_ID;
6741
6742 removed_links |= BIT(link_id);
6743
6744 /* the MAC address should not be included, but handle it */
6745 if (control &
6746 IEEE80211_MLE_STA_RECONF_CONTROL_STA_MAC_ADDR_PRESENT)
6747 pos += 6;
6748
6749 /* According to Draft P802.11be_D3.0, the control should
6750 * include the AP Removal Timer present. If the AP Removal Timer
6751 * is not present assume immediate removal.
6752 */
6753 if (control &
6754 IEEE80211_MLE_STA_RECONF_CONTROL_AP_REM_TIMER_PRESENT)
6755 link_removal_timeout[link_id] = get_unaligned_le16(pos);
6756 }
6757
6758 removed_links &= sdata->vif.valid_links;
6759 if (!removed_links) {
6760 /* In case the removal was cancelled, abort it */
6761 if (sdata->u.mgd.removed_links) {
6762 sdata->u.mgd.removed_links = 0;
6763 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
6764 &sdata->u.mgd.ml_reconf_work);
6765 }
6766 return;
6767 }
6768
6769 delay = 0;
6770 for_each_set_bit(link_id, &removed_links, IEEE80211_MLD_MAX_NUM_LINKS) {
6771 struct ieee80211_bss_conf *link_conf =
6772 sdata_dereference(sdata->vif.link_conf[link_id], sdata);
6773 u32 link_delay;
6774
6775 if (!link_conf) {
6776 removed_links &= ~BIT(link_id);
6777 continue;
6778 }
6779
6780 if (link_removal_timeout[link_id] < 1)
6781 link_delay = 0;
6782 else
6783 link_delay = link_conf->beacon_int *
6784 (link_removal_timeout[link_id] - 1);
6785
6786 if (!delay)
6787 delay = link_delay;
6788 else
6789 delay = min(delay, link_delay);
6790 }
6791
6792 sdata->u.mgd.removed_links = removed_links;
6793 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
6794 &sdata->u.mgd.ml_reconf_work,
6795 TU_TO_JIFFIES(delay));
6796 }
6797
ieee80211_ttlm_set_links(struct ieee80211_sub_if_data * sdata,u16 active_links,u16 dormant_links,u16 suspended_links)6798 static int ieee80211_ttlm_set_links(struct ieee80211_sub_if_data *sdata,
6799 u16 active_links, u16 dormant_links,
6800 u16 suspended_links)
6801 {
6802 u64 changed = 0;
6803 int ret;
6804
6805 if (!active_links) {
6806 ret = -EINVAL;
6807 goto out;
6808 }
6809
6810 /* If there is an active negotiated TTLM, it should be discarded by
6811 * the new negotiated/advertised TTLM.
6812 */
6813 if (sdata->vif.neg_ttlm.valid) {
6814 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
6815 sdata->vif.suspended_links = 0;
6816 changed = BSS_CHANGED_MLD_TTLM;
6817 }
6818
6819 if (sdata->vif.active_links != active_links) {
6820 /* usable links are affected when active_links are changed,
6821 * so notify the driver about the status change
6822 */
6823 changed |= BSS_CHANGED_MLD_VALID_LINKS;
6824 active_links &= sdata->vif.active_links;
6825 if (!active_links)
6826 active_links =
6827 BIT(__ffs(sdata->vif.valid_links &
6828 ~dormant_links));
6829 ret = ieee80211_set_active_links(&sdata->vif, active_links);
6830 if (ret) {
6831 sdata_info(sdata, "Failed to set TTLM active links\n");
6832 goto out;
6833 }
6834 }
6835
6836 ret = ieee80211_vif_set_links(sdata, sdata->vif.valid_links,
6837 dormant_links);
6838 if (ret) {
6839 sdata_info(sdata, "Failed to set TTLM dormant links\n");
6840 goto out;
6841 }
6842
6843 sdata->vif.suspended_links = suspended_links;
6844 if (sdata->vif.suspended_links)
6845 changed |= BSS_CHANGED_MLD_TTLM;
6846
6847 ieee80211_vif_cfg_change_notify(sdata, changed);
6848
6849 out:
6850 if (ret)
6851 ieee80211_disconnect(&sdata->vif, false);
6852
6853 return ret;
6854 }
6855
ieee80211_tid_to_link_map_work(struct wiphy * wiphy,struct wiphy_work * work)6856 static void ieee80211_tid_to_link_map_work(struct wiphy *wiphy,
6857 struct wiphy_work *work)
6858 {
6859 u16 new_active_links, new_dormant_links;
6860 struct ieee80211_sub_if_data *sdata =
6861 container_of(work, struct ieee80211_sub_if_data,
6862 u.mgd.ttlm_work.work);
6863
6864 new_active_links = sdata->u.mgd.ttlm_info.map &
6865 sdata->vif.valid_links;
6866 new_dormant_links = ~sdata->u.mgd.ttlm_info.map &
6867 sdata->vif.valid_links;
6868
6869 ieee80211_vif_set_links(sdata, sdata->vif.valid_links, 0);
6870 if (ieee80211_ttlm_set_links(sdata, new_active_links, new_dormant_links,
6871 0))
6872 return;
6873
6874 sdata->u.mgd.ttlm_info.active = true;
6875 sdata->u.mgd.ttlm_info.switch_time = 0;
6876 }
6877
ieee80211_get_ttlm(u8 bm_size,u8 * data)6878 static u16 ieee80211_get_ttlm(u8 bm_size, u8 *data)
6879 {
6880 if (bm_size == 1)
6881 return *data;
6882 else
6883 return get_unaligned_le16(data);
6884 }
6885
6886 static int
ieee80211_parse_adv_t2l(struct ieee80211_sub_if_data * sdata,const struct ieee80211_ttlm_elem * ttlm,struct ieee80211_adv_ttlm_info * ttlm_info)6887 ieee80211_parse_adv_t2l(struct ieee80211_sub_if_data *sdata,
6888 const struct ieee80211_ttlm_elem *ttlm,
6889 struct ieee80211_adv_ttlm_info *ttlm_info)
6890 {
6891 /* The element size was already validated in
6892 * ieee80211_tid_to_link_map_size_ok()
6893 */
6894 u8 control, link_map_presence, map_size, tid;
6895 u8 *pos;
6896
6897 memset(ttlm_info, 0, sizeof(*ttlm_info));
6898 pos = (void *)ttlm->optional;
6899 control = ttlm->control;
6900
6901 if ((control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) ||
6902 !(control & IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT))
6903 return 0;
6904
6905 if ((control & IEEE80211_TTLM_CONTROL_DIRECTION) !=
6906 IEEE80211_TTLM_DIRECTION_BOTH) {
6907 sdata_info(sdata, "Invalid advertised T2L map direction\n");
6908 return -EINVAL;
6909 }
6910
6911 link_map_presence = *pos;
6912 pos++;
6913
6914 ttlm_info->switch_time = get_unaligned_le16(pos);
6915
6916 /* Since ttlm_info->switch_time == 0 means no switch time, bump it
6917 * by 1.
6918 */
6919 if (!ttlm_info->switch_time)
6920 ttlm_info->switch_time = 1;
6921
6922 pos += 2;
6923
6924 if (control & IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT) {
6925 ttlm_info->duration = pos[0] | pos[1] << 8 | pos[2] << 16;
6926 pos += 3;
6927 }
6928
6929 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE)
6930 map_size = 1;
6931 else
6932 map_size = 2;
6933
6934 /* According to Draft P802.11be_D3.0 clause 35.3.7.1.7, an AP MLD shall
6935 * not advertise a TID-to-link mapping that does not map all TIDs to the
6936 * same link set, reject frame if not all links have mapping
6937 */
6938 if (link_map_presence != 0xff) {
6939 sdata_info(sdata,
6940 "Invalid advertised T2L mapping presence indicator\n");
6941 return -EINVAL;
6942 }
6943
6944 ttlm_info->map = ieee80211_get_ttlm(map_size, pos);
6945 if (!ttlm_info->map) {
6946 sdata_info(sdata,
6947 "Invalid advertised T2L map for TID 0\n");
6948 return -EINVAL;
6949 }
6950
6951 pos += map_size;
6952
6953 for (tid = 1; tid < 8; tid++) {
6954 u16 map = ieee80211_get_ttlm(map_size, pos);
6955
6956 if (map != ttlm_info->map) {
6957 sdata_info(sdata, "Invalid advertised T2L map for tid %d\n",
6958 tid);
6959 return -EINVAL;
6960 }
6961
6962 pos += map_size;
6963 }
6964 return 0;
6965 }
6966
ieee80211_process_adv_ttlm(struct ieee80211_sub_if_data * sdata,struct ieee802_11_elems * elems,u64 beacon_ts)6967 static void ieee80211_process_adv_ttlm(struct ieee80211_sub_if_data *sdata,
6968 struct ieee802_11_elems *elems,
6969 u64 beacon_ts)
6970 {
6971 u8 i;
6972 int ret;
6973
6974 if (!ieee80211_vif_is_mld(&sdata->vif))
6975 return;
6976
6977 if (!elems->ttlm_num) {
6978 if (sdata->u.mgd.ttlm_info.switch_time) {
6979 /* if a planned TID-to-link mapping was cancelled -
6980 * abort it
6981 */
6982 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
6983 &sdata->u.mgd.ttlm_work);
6984 } else if (sdata->u.mgd.ttlm_info.active) {
6985 /* if no TID-to-link element, set to default mapping in
6986 * which all TIDs are mapped to all setup links
6987 */
6988 ret = ieee80211_vif_set_links(sdata,
6989 sdata->vif.valid_links,
6990 0);
6991 if (ret) {
6992 sdata_info(sdata, "Failed setting valid/dormant links\n");
6993 return;
6994 }
6995 ieee80211_vif_cfg_change_notify(sdata,
6996 BSS_CHANGED_MLD_VALID_LINKS);
6997 }
6998 memset(&sdata->u.mgd.ttlm_info, 0,
6999 sizeof(sdata->u.mgd.ttlm_info));
7000 return;
7001 }
7002
7003 for (i = 0; i < elems->ttlm_num; i++) {
7004 struct ieee80211_adv_ttlm_info ttlm_info;
7005 u32 res;
7006
7007 res = ieee80211_parse_adv_t2l(sdata, elems->ttlm[i],
7008 &ttlm_info);
7009
7010 if (res) {
7011 __ieee80211_disconnect(sdata);
7012 return;
7013 }
7014
7015 if (ttlm_info.switch_time) {
7016 u16 beacon_ts_tu, st_tu, delay;
7017 u32 delay_jiffies;
7018 u64 mask;
7019
7020 /* The t2l map switch time is indicated with a partial
7021 * TSF value (bits 10 to 25), get the partial beacon TS
7022 * as well, and calc the delay to the start time.
7023 */
7024 mask = GENMASK_ULL(25, 10);
7025 beacon_ts_tu = (beacon_ts & mask) >> 10;
7026 st_tu = ttlm_info.switch_time;
7027 delay = st_tu - beacon_ts_tu;
7028
7029 /*
7030 * If the switch time is far in the future, then it
7031 * could also be the previous switch still being
7032 * announced.
7033 * We can simply ignore it for now, if it is a future
7034 * switch the AP will continue to announce it anyway.
7035 */
7036 if (delay > IEEE80211_ADV_TTLM_ST_UNDERFLOW)
7037 return;
7038
7039 delay_jiffies = TU_TO_JIFFIES(delay);
7040
7041 /* Link switching can take time, so schedule it
7042 * 100ms before to be ready on time
7043 */
7044 if (delay_jiffies > IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS)
7045 delay_jiffies -=
7046 IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS;
7047 else
7048 delay_jiffies = 0;
7049
7050 sdata->u.mgd.ttlm_info = ttlm_info;
7051 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
7052 &sdata->u.mgd.ttlm_work);
7053 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
7054 &sdata->u.mgd.ttlm_work,
7055 delay_jiffies);
7056 return;
7057 }
7058 }
7059 }
7060
7061 static void
ieee80211_mgd_check_cross_link_csa(struct ieee80211_sub_if_data * sdata,int reporting_link_id,struct ieee802_11_elems * elems)7062 ieee80211_mgd_check_cross_link_csa(struct ieee80211_sub_if_data *sdata,
7063 int reporting_link_id,
7064 struct ieee802_11_elems *elems)
7065 {
7066 const struct element *sta_profiles[IEEE80211_MLD_MAX_NUM_LINKS] = {};
7067 ssize_t sta_profiles_len[IEEE80211_MLD_MAX_NUM_LINKS] = {};
7068 const struct element *sub;
7069 const u8 *subelems;
7070 size_t subelems_len;
7071 u8 common_size;
7072 int link_id;
7073
7074 if (!ieee80211_mle_size_ok((u8 *)elems->ml_basic, elems->ml_basic_len))
7075 return;
7076
7077 common_size = ieee80211_mle_common_size((u8 *)elems->ml_basic);
7078 subelems = (u8 *)elems->ml_basic + common_size;
7079 subelems_len = elems->ml_basic_len - common_size;
7080
7081 for_each_element_id(sub, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE,
7082 subelems, subelems_len) {
7083 struct ieee80211_mle_per_sta_profile *prof = (void *)sub->data;
7084 struct ieee80211_link_data *link;
7085 ssize_t len;
7086
7087 if (!ieee80211_mle_basic_sta_prof_size_ok(sub->data,
7088 sub->datalen))
7089 continue;
7090
7091 link_id = le16_get_bits(prof->control,
7092 IEEE80211_MLE_STA_CONTROL_LINK_ID);
7093 /* need a valid link ID, but also not our own, both AP bugs */
7094 if (link_id == reporting_link_id ||
7095 link_id >= IEEE80211_MLD_MAX_NUM_LINKS)
7096 continue;
7097
7098 link = sdata_dereference(sdata->link[link_id], sdata);
7099 if (!link)
7100 continue;
7101
7102 len = cfg80211_defragment_element(sub, subelems, subelems_len,
7103 NULL, 0,
7104 IEEE80211_MLE_SUBELEM_FRAGMENT);
7105 if (WARN_ON(len < 0))
7106 continue;
7107
7108 sta_profiles[link_id] = sub;
7109 sta_profiles_len[link_id] = len;
7110 }
7111
7112 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
7113 struct ieee80211_mle_per_sta_profile *prof;
7114 struct ieee802_11_elems *prof_elems;
7115 struct ieee80211_link_data *link;
7116 ssize_t len;
7117
7118 if (link_id == reporting_link_id)
7119 continue;
7120
7121 link = sdata_dereference(sdata->link[link_id], sdata);
7122 if (!link)
7123 continue;
7124
7125 if (!sta_profiles[link_id]) {
7126 prof_elems = NULL;
7127 goto handle;
7128 }
7129
7130 /* we can defragment in-place, won't use the buffer again */
7131 len = cfg80211_defragment_element(sta_profiles[link_id],
7132 subelems, subelems_len,
7133 (void *)sta_profiles[link_id],
7134 sta_profiles_len[link_id],
7135 IEEE80211_MLE_SUBELEM_FRAGMENT);
7136 if (WARN_ON(len != sta_profiles_len[link_id]))
7137 continue;
7138
7139 prof = (void *)sta_profiles[link_id];
7140 prof_elems = ieee802_11_parse_elems(prof->variable +
7141 (prof->sta_info_len - 1),
7142 len -
7143 (prof->sta_info_len - 1),
7144 false, NULL);
7145
7146 /* memory allocation failed - let's hope that's transient */
7147 if (!prof_elems)
7148 continue;
7149
7150 handle:
7151 /*
7152 * FIXME: the timings here are obviously incorrect,
7153 * but only older Intel drivers seem to care, and
7154 * those don't have MLO. If you really need this,
7155 * the problem is having to calculate it with the
7156 * TSF offset etc. The device_timestamp is still
7157 * correct, of course.
7158 */
7159 ieee80211_sta_process_chanswitch(link, 0, 0, elems, prof_elems,
7160 IEEE80211_CSA_SOURCE_OTHER_LINK);
7161 kfree(prof_elems);
7162 }
7163 }
7164
ieee80211_mgd_ssid_mismatch(struct ieee80211_sub_if_data * sdata,const struct ieee802_11_elems * elems)7165 static bool ieee80211_mgd_ssid_mismatch(struct ieee80211_sub_if_data *sdata,
7166 const struct ieee802_11_elems *elems)
7167 {
7168 struct ieee80211_vif_cfg *cfg = &sdata->vif.cfg;
7169 static u8 zero_ssid[IEEE80211_MAX_SSID_LEN];
7170
7171 if (!elems->ssid)
7172 return false;
7173
7174 /* hidden SSID: zero length */
7175 if (elems->ssid_len == 0)
7176 return false;
7177
7178 if (elems->ssid_len != cfg->ssid_len)
7179 return true;
7180
7181 /* hidden SSID: zeroed out */
7182 if (!memcmp(elems->ssid, zero_ssid, elems->ssid_len))
7183 return false;
7184
7185 return memcmp(elems->ssid, cfg->ssid, cfg->ssid_len);
7186 }
7187
ieee80211_rx_mgmt_beacon(struct ieee80211_link_data * link,struct ieee80211_hdr * hdr,size_t len,struct ieee80211_rx_status * rx_status)7188 static void ieee80211_rx_mgmt_beacon(struct ieee80211_link_data *link,
7189 struct ieee80211_hdr *hdr, size_t len,
7190 struct ieee80211_rx_status *rx_status)
7191 {
7192 struct ieee80211_sub_if_data *sdata = link->sdata;
7193 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7194 struct ieee80211_bss_conf *bss_conf = link->conf;
7195 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
7196 struct ieee80211_mgmt *mgmt = (void *) hdr;
7197 size_t baselen;
7198 struct ieee802_11_elems *elems;
7199 struct ieee80211_local *local = sdata->local;
7200 struct ieee80211_chanctx_conf *chanctx_conf;
7201 struct ieee80211_supported_band *sband;
7202 struct ieee80211_channel *chan;
7203 struct link_sta_info *link_sta;
7204 struct sta_info *sta;
7205 u64 changed = 0;
7206 bool erp_valid;
7207 u8 erp_value = 0;
7208 u32 ncrc = 0;
7209 u8 *bssid, *variable = mgmt->u.beacon.variable;
7210 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
7211 struct ieee80211_elems_parse_params parse_params = {
7212 .mode = link->u.mgd.conn.mode,
7213 .link_id = -1,
7214 .from_ap = true,
7215 };
7216
7217 lockdep_assert_wiphy(local->hw.wiphy);
7218
7219 /* Process beacon from the current BSS */
7220 bssid = ieee80211_get_bssid(hdr, len, sdata->vif.type);
7221 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) {
7222 struct ieee80211_ext *ext = (void *) mgmt;
7223
7224 if (ieee80211_is_s1g_short_beacon(ext->frame_control))
7225 variable = ext->u.s1g_short_beacon.variable;
7226 else
7227 variable = ext->u.s1g_beacon.variable;
7228 }
7229
7230 baselen = (u8 *) variable - (u8 *) mgmt;
7231 if (baselen > len)
7232 return;
7233
7234 parse_params.start = variable;
7235 parse_params.len = len - baselen;
7236
7237 rcu_read_lock();
7238 chanctx_conf = rcu_dereference(bss_conf->chanctx_conf);
7239 if (!chanctx_conf) {
7240 rcu_read_unlock();
7241 return;
7242 }
7243
7244 if (ieee80211_rx_status_to_khz(rx_status) !=
7245 ieee80211_channel_to_khz(chanctx_conf->def.chan)) {
7246 rcu_read_unlock();
7247 return;
7248 }
7249 chan = chanctx_conf->def.chan;
7250 rcu_read_unlock();
7251
7252 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
7253 !WARN_ON(ieee80211_vif_is_mld(&sdata->vif)) &&
7254 ieee80211_rx_our_beacon(bssid, ifmgd->assoc_data->link[0].bss)) {
7255 parse_params.bss = ifmgd->assoc_data->link[0].bss;
7256 elems = ieee802_11_parse_elems_full(&parse_params);
7257 if (!elems)
7258 return;
7259
7260 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
7261
7262 if (elems->dtim_period)
7263 link->u.mgd.dtim_period = elems->dtim_period;
7264 link->u.mgd.have_beacon = true;
7265 ifmgd->assoc_data->need_beacon = false;
7266 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) &&
7267 !ieee80211_is_s1g_beacon(hdr->frame_control)) {
7268 bss_conf->sync_tsf =
7269 le64_to_cpu(mgmt->u.beacon.timestamp);
7270 bss_conf->sync_device_ts =
7271 rx_status->device_timestamp;
7272 bss_conf->sync_dtim_count = elems->dtim_count;
7273 }
7274
7275 if (elems->mbssid_config_ie)
7276 bss_conf->profile_periodicity =
7277 elems->mbssid_config_ie->profile_periodicity;
7278 else
7279 bss_conf->profile_periodicity = 0;
7280
7281 if (elems->ext_capab_len >= 11 &&
7282 (elems->ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
7283 bss_conf->ema_ap = true;
7284 else
7285 bss_conf->ema_ap = false;
7286
7287 /* continue assoc process */
7288 ifmgd->assoc_data->timeout = jiffies;
7289 ifmgd->assoc_data->timeout_started = true;
7290 run_again(sdata, ifmgd->assoc_data->timeout);
7291 kfree(elems);
7292 return;
7293 }
7294
7295 if (!ifmgd->associated ||
7296 !ieee80211_rx_our_beacon(bssid, bss_conf->bss))
7297 return;
7298 bssid = link->u.mgd.bssid;
7299
7300 if (!(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL))
7301 ieee80211_handle_beacon_sig(link, ifmgd, bss_conf,
7302 local, rx_status);
7303
7304 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
7305 mlme_dbg_ratelimited(sdata,
7306 "cancelling AP probe due to a received beacon\n");
7307 ieee80211_reset_ap_probe(sdata);
7308 }
7309
7310 /*
7311 * Push the beacon loss detection into the future since
7312 * we are processing a beacon from the AP just now.
7313 */
7314 ieee80211_sta_reset_beacon_monitor(sdata);
7315
7316 /* TODO: CRC urrently not calculated on S1G Beacon Compatibility
7317 * element (which carries the beacon interval). Don't forget to add a
7318 * bit to care_about_ies[] above if mac80211 is interested in a
7319 * changing S1G element.
7320 */
7321 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
7322 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
7323 parse_params.bss = bss_conf->bss;
7324 parse_params.filter = care_about_ies;
7325 parse_params.crc = ncrc;
7326 elems = ieee802_11_parse_elems_full(&parse_params);
7327 if (!elems)
7328 return;
7329
7330 if (rx_status->flag & RX_FLAG_DECRYPTED &&
7331 ieee80211_mgd_ssid_mismatch(sdata, elems)) {
7332 sdata_info(sdata, "SSID mismatch for AP %pM, disconnect\n",
7333 sdata->vif.cfg.ap_addr);
7334 __ieee80211_disconnect(sdata);
7335 return;
7336 }
7337
7338 ncrc = elems->crc;
7339
7340 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
7341 ieee80211_check_tim(elems->tim, elems->tim_len, vif_cfg->aid)) {
7342 if (local->hw.conf.dynamic_ps_timeout > 0) {
7343 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
7344 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
7345 ieee80211_hw_config(local,
7346 IEEE80211_CONF_CHANGE_PS);
7347 }
7348 ieee80211_send_nullfunc(local, sdata, false);
7349 } else if (!local->pspolling && sdata->u.mgd.powersave) {
7350 local->pspolling = true;
7351
7352 /*
7353 * Here is assumed that the driver will be
7354 * able to send ps-poll frame and receive a
7355 * response even though power save mode is
7356 * enabled, but some drivers might require
7357 * to disable power save here. This needs
7358 * to be investigated.
7359 */
7360 ieee80211_send_pspoll(local, sdata);
7361 }
7362 }
7363
7364 if (sdata->vif.p2p ||
7365 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
7366 struct ieee80211_p2p_noa_attr noa = {};
7367 int ret;
7368
7369 ret = cfg80211_get_p2p_attr(variable,
7370 len - baselen,
7371 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
7372 (u8 *) &noa, sizeof(noa));
7373 if (ret >= 2) {
7374 if (link->u.mgd.p2p_noa_index != noa.index) {
7375 /* valid noa_attr and index changed */
7376 link->u.mgd.p2p_noa_index = noa.index;
7377 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
7378 changed |= BSS_CHANGED_P2P_PS;
7379 /*
7380 * make sure we update all information, the CRC
7381 * mechanism doesn't look at P2P attributes.
7382 */
7383 link->u.mgd.beacon_crc_valid = false;
7384 }
7385 } else if (link->u.mgd.p2p_noa_index != -1) {
7386 /* noa_attr not found and we had valid noa_attr before */
7387 link->u.mgd.p2p_noa_index = -1;
7388 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
7389 changed |= BSS_CHANGED_P2P_PS;
7390 link->u.mgd.beacon_crc_valid = false;
7391 }
7392 }
7393
7394 /*
7395 * Update beacon timing and dtim count on every beacon appearance. This
7396 * will allow the driver to use the most updated values. Do it before
7397 * comparing this one with last received beacon.
7398 * IMPORTANT: These parameters would possibly be out of sync by the time
7399 * the driver will use them. The synchronized view is currently
7400 * guaranteed only in certain callbacks.
7401 */
7402 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) &&
7403 !ieee80211_is_s1g_beacon(hdr->frame_control)) {
7404 bss_conf->sync_tsf =
7405 le64_to_cpu(mgmt->u.beacon.timestamp);
7406 bss_conf->sync_device_ts =
7407 rx_status->device_timestamp;
7408 bss_conf->sync_dtim_count = elems->dtim_count;
7409 }
7410
7411 if ((ncrc == link->u.mgd.beacon_crc && link->u.mgd.beacon_crc_valid) ||
7412 ieee80211_is_s1g_short_beacon(mgmt->frame_control))
7413 goto free;
7414 link->u.mgd.beacon_crc = ncrc;
7415 link->u.mgd.beacon_crc_valid = true;
7416
7417 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
7418
7419 ieee80211_sta_process_chanswitch(link, rx_status->mactime,
7420 rx_status->device_timestamp,
7421 elems, elems,
7422 IEEE80211_CSA_SOURCE_BEACON);
7423
7424 /* note that after this elems->ml_basic can no longer be used fully */
7425 ieee80211_mgd_check_cross_link_csa(sdata, rx_status->link_id, elems);
7426
7427 ieee80211_mgd_update_bss_param_ch_cnt(sdata, bss_conf, elems);
7428
7429 if (!sdata->u.mgd.epcs.enabled &&
7430 !link->u.mgd.disable_wmm_tracking &&
7431 ieee80211_sta_wmm_params(local, link, elems->wmm_param,
7432 elems->wmm_param_len,
7433 elems->mu_edca_param_set))
7434 changed |= BSS_CHANGED_QOS;
7435
7436 /*
7437 * If we haven't had a beacon before, tell the driver about the
7438 * DTIM period (and beacon timing if desired) now.
7439 */
7440 if (!link->u.mgd.have_beacon) {
7441 /* a few bogus AP send dtim_period = 0 or no TIM IE */
7442 bss_conf->dtim_period = elems->dtim_period ?: 1;
7443
7444 changed |= BSS_CHANGED_BEACON_INFO;
7445 link->u.mgd.have_beacon = true;
7446
7447 ieee80211_recalc_ps(local);
7448
7449 ieee80211_recalc_ps_vif(sdata);
7450 }
7451
7452 if (elems->erp_info) {
7453 erp_valid = true;
7454 erp_value = elems->erp_info[0];
7455 } else {
7456 erp_valid = false;
7457 }
7458
7459 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
7460 changed |= ieee80211_handle_bss_capability(link,
7461 le16_to_cpu(mgmt->u.beacon.capab_info),
7462 erp_valid, erp_value);
7463
7464 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
7465 if (WARN_ON(!sta)) {
7466 goto free;
7467 }
7468 link_sta = rcu_dereference_protected(sta->link[link->link_id],
7469 lockdep_is_held(&local->hw.wiphy->mtx));
7470 if (WARN_ON(!link_sta)) {
7471 goto free;
7472 }
7473
7474 if (WARN_ON(!bss_conf->chanreq.oper.chan))
7475 goto free;
7476
7477 sband = local->hw.wiphy->bands[bss_conf->chanreq.oper.chan->band];
7478
7479 changed |= ieee80211_recalc_twt_req(sdata, sband, link, link_sta, elems);
7480
7481 if (ieee80211_config_bw(link, elems, true, &changed, "beacon")) {
7482 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
7483 WLAN_REASON_DEAUTH_LEAVING,
7484 true, deauth_buf);
7485 ieee80211_report_disconnect(sdata, deauth_buf,
7486 sizeof(deauth_buf), true,
7487 WLAN_REASON_DEAUTH_LEAVING,
7488 false);
7489 goto free;
7490 }
7491
7492 if (elems->opmode_notif)
7493 ieee80211_vht_handle_opmode(sdata, link_sta,
7494 *elems->opmode_notif,
7495 rx_status->band);
7496
7497 changed |= ieee80211_handle_pwr_constr(link, chan, mgmt,
7498 elems->country_elem,
7499 elems->country_elem_len,
7500 elems->pwr_constr_elem,
7501 elems->cisco_dtpc_elem);
7502
7503 ieee80211_ml_reconfiguration(sdata, elems);
7504 ieee80211_process_adv_ttlm(sdata, elems,
7505 le64_to_cpu(mgmt->u.beacon.timestamp));
7506
7507 ieee80211_link_info_change_notify(sdata, link, changed);
7508 free:
7509 kfree(elems);
7510 }
7511
ieee80211_apply_neg_ttlm(struct ieee80211_sub_if_data * sdata,struct ieee80211_neg_ttlm neg_ttlm)7512 static void ieee80211_apply_neg_ttlm(struct ieee80211_sub_if_data *sdata,
7513 struct ieee80211_neg_ttlm neg_ttlm)
7514 {
7515 u16 new_active_links, new_dormant_links, new_suspended_links, map = 0;
7516 u8 i;
7517
7518 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++)
7519 map |= neg_ttlm.downlink[i] | neg_ttlm.uplink[i];
7520
7521 /* If there is an active TTLM, unset previously suspended links */
7522 if (sdata->vif.neg_ttlm.valid)
7523 sdata->vif.dormant_links &= ~sdata->vif.suspended_links;
7524
7525 /* exclude links that are already disabled by advertised TTLM */
7526 new_active_links =
7527 map & sdata->vif.valid_links & ~sdata->vif.dormant_links;
7528 new_suspended_links =
7529 (~map & sdata->vif.valid_links) & ~sdata->vif.dormant_links;
7530 new_dormant_links = sdata->vif.dormant_links | new_suspended_links;
7531 if (ieee80211_ttlm_set_links(sdata, new_active_links,
7532 new_dormant_links, new_suspended_links))
7533 return;
7534
7535 sdata->vif.neg_ttlm = neg_ttlm;
7536 sdata->vif.neg_ttlm.valid = true;
7537 }
7538
ieee80211_neg_ttlm_timeout_work(struct wiphy * wiphy,struct wiphy_work * work)7539 static void ieee80211_neg_ttlm_timeout_work(struct wiphy *wiphy,
7540 struct wiphy_work *work)
7541 {
7542 struct ieee80211_sub_if_data *sdata =
7543 container_of(work, struct ieee80211_sub_if_data,
7544 u.mgd.neg_ttlm_timeout_work.work);
7545
7546 sdata_info(sdata,
7547 "No negotiated TTLM response from AP, disconnecting.\n");
7548
7549 __ieee80211_disconnect(sdata);
7550 }
7551
7552 static void
ieee80211_neg_ttlm_add_suggested_map(struct sk_buff * skb,struct ieee80211_neg_ttlm * neg_ttlm)7553 ieee80211_neg_ttlm_add_suggested_map(struct sk_buff *skb,
7554 struct ieee80211_neg_ttlm *neg_ttlm)
7555 {
7556 u8 i, direction[IEEE80211_TTLM_MAX_CNT];
7557
7558 if (memcmp(neg_ttlm->downlink, neg_ttlm->uplink,
7559 sizeof(neg_ttlm->downlink))) {
7560 direction[0] = IEEE80211_TTLM_DIRECTION_DOWN;
7561 direction[1] = IEEE80211_TTLM_DIRECTION_UP;
7562 } else {
7563 direction[0] = IEEE80211_TTLM_DIRECTION_BOTH;
7564 }
7565
7566 for (i = 0; i < ARRAY_SIZE(direction); i++) {
7567 u8 tid, len, map_ind = 0, *len_pos, *map_ind_pos, *pos;
7568 __le16 map;
7569
7570 len = sizeof(struct ieee80211_ttlm_elem) + 1 + 1;
7571
7572 pos = skb_put(skb, len + 2);
7573 *pos++ = WLAN_EID_EXTENSION;
7574 len_pos = pos++;
7575 *pos++ = WLAN_EID_EXT_TID_TO_LINK_MAPPING;
7576 *pos++ = direction[i];
7577 map_ind_pos = pos++;
7578 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
7579 map = direction[i] == IEEE80211_TTLM_DIRECTION_UP ?
7580 cpu_to_le16(neg_ttlm->uplink[tid]) :
7581 cpu_to_le16(neg_ttlm->downlink[tid]);
7582 if (!map)
7583 continue;
7584
7585 len += 2;
7586 map_ind |= BIT(tid);
7587 skb_put_data(skb, &map, sizeof(map));
7588 }
7589
7590 *map_ind_pos = map_ind;
7591 *len_pos = len;
7592
7593 if (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH)
7594 break;
7595 }
7596 }
7597
7598 static void
ieee80211_send_neg_ttlm_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_neg_ttlm * neg_ttlm,u8 dialog_token)7599 ieee80211_send_neg_ttlm_req(struct ieee80211_sub_if_data *sdata,
7600 struct ieee80211_neg_ttlm *neg_ttlm,
7601 u8 dialog_token)
7602 {
7603 struct ieee80211_local *local = sdata->local;
7604 struct ieee80211_mgmt *mgmt;
7605 struct sk_buff *skb;
7606 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.ttlm_req);
7607 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 +
7608 2 * 2 * IEEE80211_TTLM_NUM_TIDS;
7609
7610 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len);
7611 if (!skb)
7612 return;
7613
7614 skb_reserve(skb, local->tx_headroom);
7615 mgmt = skb_put_zero(skb, hdr_len);
7616 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
7617 IEEE80211_STYPE_ACTION);
7618 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
7619 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
7620 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
7621
7622 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
7623 mgmt->u.action.u.ttlm_req.action_code =
7624 WLAN_PROTECTED_EHT_ACTION_TTLM_REQ;
7625 mgmt->u.action.u.ttlm_req.dialog_token = dialog_token;
7626 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm);
7627 ieee80211_tx_skb(sdata, skb);
7628 }
7629
ieee80211_req_neg_ttlm(struct ieee80211_sub_if_data * sdata,struct cfg80211_ttlm_params * params)7630 int ieee80211_req_neg_ttlm(struct ieee80211_sub_if_data *sdata,
7631 struct cfg80211_ttlm_params *params)
7632 {
7633 struct ieee80211_neg_ttlm neg_ttlm = {};
7634 u8 i;
7635
7636 if (!ieee80211_vif_is_mld(&sdata->vif) ||
7637 !(sdata->vif.cfg.mld_capa_op &
7638 IEEE80211_MLD_CAP_OP_TID_TO_LINK_MAP_NEG_SUPP))
7639 return -EINVAL;
7640
7641 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) {
7642 if ((params->dlink[i] & ~sdata->vif.valid_links) ||
7643 (params->ulink[i] & ~sdata->vif.valid_links))
7644 return -EINVAL;
7645
7646 neg_ttlm.downlink[i] = params->dlink[i];
7647 neg_ttlm.uplink[i] = params->ulink[i];
7648 }
7649
7650 if (drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm) !=
7651 NEG_TTLM_RES_ACCEPT)
7652 return -EINVAL;
7653
7654 ieee80211_apply_neg_ttlm(sdata, neg_ttlm);
7655 sdata->u.mgd.dialog_token_alloc++;
7656 ieee80211_send_neg_ttlm_req(sdata, &sdata->vif.neg_ttlm,
7657 sdata->u.mgd.dialog_token_alloc);
7658 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
7659 &sdata->u.mgd.neg_ttlm_timeout_work);
7660 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
7661 &sdata->u.mgd.neg_ttlm_timeout_work,
7662 IEEE80211_NEG_TTLM_REQ_TIMEOUT);
7663 return 0;
7664 }
7665
7666 static void
ieee80211_send_neg_ttlm_res(struct ieee80211_sub_if_data * sdata,enum ieee80211_neg_ttlm_res ttlm_res,u8 dialog_token,struct ieee80211_neg_ttlm * neg_ttlm)7667 ieee80211_send_neg_ttlm_res(struct ieee80211_sub_if_data *sdata,
7668 enum ieee80211_neg_ttlm_res ttlm_res,
7669 u8 dialog_token,
7670 struct ieee80211_neg_ttlm *neg_ttlm)
7671 {
7672 struct ieee80211_local *local = sdata->local;
7673 struct ieee80211_mgmt *mgmt;
7674 struct sk_buff *skb;
7675 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.ttlm_res);
7676 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 +
7677 2 * 2 * IEEE80211_TTLM_NUM_TIDS;
7678
7679 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len);
7680 if (!skb)
7681 return;
7682
7683 skb_reserve(skb, local->tx_headroom);
7684 mgmt = skb_put_zero(skb, hdr_len);
7685 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
7686 IEEE80211_STYPE_ACTION);
7687 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
7688 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
7689 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
7690
7691 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
7692 mgmt->u.action.u.ttlm_res.action_code =
7693 WLAN_PROTECTED_EHT_ACTION_TTLM_RES;
7694 mgmt->u.action.u.ttlm_res.dialog_token = dialog_token;
7695 switch (ttlm_res) {
7696 default:
7697 WARN_ON(1);
7698 fallthrough;
7699 case NEG_TTLM_RES_REJECT:
7700 mgmt->u.action.u.ttlm_res.status_code =
7701 WLAN_STATUS_DENIED_TID_TO_LINK_MAPPING;
7702 break;
7703 case NEG_TTLM_RES_ACCEPT:
7704 mgmt->u.action.u.ttlm_res.status_code = WLAN_STATUS_SUCCESS;
7705 break;
7706 case NEG_TTLM_RES_SUGGEST_PREFERRED:
7707 mgmt->u.action.u.ttlm_res.status_code =
7708 WLAN_STATUS_PREF_TID_TO_LINK_MAPPING_SUGGESTED;
7709 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm);
7710 break;
7711 }
7712
7713 ieee80211_tx_skb(sdata, skb);
7714 }
7715
7716 static int
ieee80211_parse_neg_ttlm(struct ieee80211_sub_if_data * sdata,const struct ieee80211_ttlm_elem * ttlm,struct ieee80211_neg_ttlm * neg_ttlm,u8 * direction)7717 ieee80211_parse_neg_ttlm(struct ieee80211_sub_if_data *sdata,
7718 const struct ieee80211_ttlm_elem *ttlm,
7719 struct ieee80211_neg_ttlm *neg_ttlm,
7720 u8 *direction)
7721 {
7722 u8 control, link_map_presence, map_size, tid;
7723 u8 *pos;
7724
7725 /* The element size was already validated in
7726 * ieee80211_tid_to_link_map_size_ok()
7727 */
7728 pos = (void *)ttlm->optional;
7729
7730 control = ttlm->control;
7731
7732 /* mapping switch time and expected duration fields are not expected
7733 * in case of negotiated TTLM
7734 */
7735 if (control & (IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT |
7736 IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT)) {
7737 mlme_dbg(sdata,
7738 "Invalid TTLM element in negotiated TTLM request\n");
7739 return -EINVAL;
7740 }
7741
7742 if (control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) {
7743 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
7744 neg_ttlm->downlink[tid] = sdata->vif.valid_links;
7745 neg_ttlm->uplink[tid] = sdata->vif.valid_links;
7746 }
7747 *direction = IEEE80211_TTLM_DIRECTION_BOTH;
7748 return 0;
7749 }
7750
7751 *direction = u8_get_bits(control, IEEE80211_TTLM_CONTROL_DIRECTION);
7752 if (*direction != IEEE80211_TTLM_DIRECTION_DOWN &&
7753 *direction != IEEE80211_TTLM_DIRECTION_UP &&
7754 *direction != IEEE80211_TTLM_DIRECTION_BOTH)
7755 return -EINVAL;
7756
7757 link_map_presence = *pos;
7758 pos++;
7759
7760 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE)
7761 map_size = 1;
7762 else
7763 map_size = 2;
7764
7765 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
7766 u16 map;
7767
7768 if (link_map_presence & BIT(tid)) {
7769 map = ieee80211_get_ttlm(map_size, pos);
7770 if (!map) {
7771 mlme_dbg(sdata,
7772 "No active links for TID %d", tid);
7773 return -EINVAL;
7774 }
7775 } else {
7776 map = 0;
7777 }
7778
7779 switch (*direction) {
7780 case IEEE80211_TTLM_DIRECTION_BOTH:
7781 neg_ttlm->downlink[tid] = map;
7782 neg_ttlm->uplink[tid] = map;
7783 break;
7784 case IEEE80211_TTLM_DIRECTION_DOWN:
7785 neg_ttlm->downlink[tid] = map;
7786 break;
7787 case IEEE80211_TTLM_DIRECTION_UP:
7788 neg_ttlm->uplink[tid] = map;
7789 break;
7790 default:
7791 return -EINVAL;
7792 }
7793 pos += map_size;
7794 }
7795 return 0;
7796 }
7797
ieee80211_process_neg_ttlm_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)7798 void ieee80211_process_neg_ttlm_req(struct ieee80211_sub_if_data *sdata,
7799 struct ieee80211_mgmt *mgmt, size_t len)
7800 {
7801 u8 dialog_token, direction[IEEE80211_TTLM_MAX_CNT] = {}, i;
7802 size_t ies_len;
7803 enum ieee80211_neg_ttlm_res ttlm_res = NEG_TTLM_RES_ACCEPT;
7804 struct ieee802_11_elems *elems = NULL;
7805 struct ieee80211_neg_ttlm neg_ttlm = {};
7806
7807 BUILD_BUG_ON(ARRAY_SIZE(direction) != ARRAY_SIZE(elems->ttlm));
7808
7809 if (!ieee80211_vif_is_mld(&sdata->vif))
7810 return;
7811
7812 dialog_token = mgmt->u.action.u.ttlm_req.dialog_token;
7813 ies_len = len - offsetof(struct ieee80211_mgmt,
7814 u.action.u.ttlm_req.variable);
7815 elems = ieee802_11_parse_elems(mgmt->u.action.u.ttlm_req.variable,
7816 ies_len, true, NULL);
7817 if (!elems) {
7818 ttlm_res = NEG_TTLM_RES_REJECT;
7819 goto out;
7820 }
7821
7822 for (i = 0; i < elems->ttlm_num; i++) {
7823 if (ieee80211_parse_neg_ttlm(sdata, elems->ttlm[i],
7824 &neg_ttlm, &direction[i]) ||
7825 (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH &&
7826 elems->ttlm_num != 1)) {
7827 ttlm_res = NEG_TTLM_RES_REJECT;
7828 goto out;
7829 }
7830 }
7831
7832 if (!elems->ttlm_num ||
7833 (elems->ttlm_num == 2 && direction[0] == direction[1])) {
7834 ttlm_res = NEG_TTLM_RES_REJECT;
7835 goto out;
7836 }
7837
7838 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) {
7839 if ((neg_ttlm.downlink[i] &&
7840 (neg_ttlm.downlink[i] & ~sdata->vif.valid_links)) ||
7841 (neg_ttlm.uplink[i] &&
7842 (neg_ttlm.uplink[i] & ~sdata->vif.valid_links))) {
7843 ttlm_res = NEG_TTLM_RES_REJECT;
7844 goto out;
7845 }
7846 }
7847
7848 ttlm_res = drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm);
7849
7850 if (ttlm_res != NEG_TTLM_RES_ACCEPT)
7851 goto out;
7852
7853 ieee80211_apply_neg_ttlm(sdata, neg_ttlm);
7854 out:
7855 kfree(elems);
7856 ieee80211_send_neg_ttlm_res(sdata, ttlm_res, dialog_token, &neg_ttlm);
7857 }
7858
ieee80211_process_neg_ttlm_res(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)7859 void ieee80211_process_neg_ttlm_res(struct ieee80211_sub_if_data *sdata,
7860 struct ieee80211_mgmt *mgmt, size_t len)
7861 {
7862 if (!ieee80211_vif_is_mld(&sdata->vif) ||
7863 mgmt->u.action.u.ttlm_req.dialog_token !=
7864 sdata->u.mgd.dialog_token_alloc)
7865 return;
7866
7867 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
7868 &sdata->u.mgd.neg_ttlm_timeout_work);
7869
7870 /* MLD station sends a TID to link mapping request, mainly to handle
7871 * BTM (BSS transition management) request, in which case it needs to
7872 * restrict the active links set.
7873 * In this case it's not expected that the MLD AP will reject the
7874 * negotiated TTLM request.
7875 * This can be better implemented in the future, to handle request
7876 * rejections.
7877 */
7878 if (mgmt->u.action.u.ttlm_res.status_code != WLAN_STATUS_SUCCESS)
7879 __ieee80211_disconnect(sdata);
7880 }
7881
ieee80211_process_ttlm_teardown(struct ieee80211_sub_if_data * sdata)7882 void ieee80211_process_ttlm_teardown(struct ieee80211_sub_if_data *sdata)
7883 {
7884 u16 new_dormant_links;
7885
7886 if (!sdata->vif.neg_ttlm.valid)
7887 return;
7888
7889 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
7890 new_dormant_links =
7891 sdata->vif.dormant_links & ~sdata->vif.suspended_links;
7892 sdata->vif.suspended_links = 0;
7893 ieee80211_vif_set_links(sdata, sdata->vif.valid_links,
7894 new_dormant_links);
7895 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_TTLM |
7896 BSS_CHANGED_MLD_VALID_LINKS);
7897 }
7898
ieee80211_teardown_ttlm_work(struct wiphy * wiphy,struct wiphy_work * work)7899 static void ieee80211_teardown_ttlm_work(struct wiphy *wiphy,
7900 struct wiphy_work *work)
7901 {
7902 struct ieee80211_sub_if_data *sdata =
7903 container_of(work, struct ieee80211_sub_if_data,
7904 u.mgd.teardown_ttlm_work);
7905
7906 ieee80211_process_ttlm_teardown(sdata);
7907 }
7908
ieee80211_send_teardown_neg_ttlm(struct ieee80211_vif * vif)7909 void ieee80211_send_teardown_neg_ttlm(struct ieee80211_vif *vif)
7910 {
7911 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
7912 struct ieee80211_local *local = sdata->local;
7913 struct ieee80211_mgmt *mgmt;
7914 struct sk_buff *skb;
7915 int frame_len = offsetofend(struct ieee80211_mgmt,
7916 u.action.u.ttlm_tear_down);
7917 struct ieee80211_tx_info *info;
7918
7919 skb = dev_alloc_skb(local->hw.extra_tx_headroom + frame_len);
7920 if (!skb)
7921 return;
7922
7923 skb_reserve(skb, local->hw.extra_tx_headroom);
7924 mgmt = skb_put_zero(skb, frame_len);
7925 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
7926 IEEE80211_STYPE_ACTION);
7927 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
7928 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
7929 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
7930
7931 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
7932 mgmt->u.action.u.ttlm_tear_down.action_code =
7933 WLAN_PROTECTED_EHT_ACTION_TTLM_TEARDOWN;
7934
7935 info = IEEE80211_SKB_CB(skb);
7936 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
7937 info->status_data = IEEE80211_STATUS_TYPE_NEG_TTLM;
7938 ieee80211_tx_skb(sdata, skb);
7939 }
7940 EXPORT_SYMBOL(ieee80211_send_teardown_neg_ttlm);
7941
ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb)7942 void ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data *sdata,
7943 struct sk_buff *skb)
7944 {
7945 struct ieee80211_link_data *link = &sdata->deflink;
7946 struct ieee80211_rx_status *rx_status;
7947 struct ieee80211_hdr *hdr;
7948 u16 fc;
7949
7950 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7951
7952 rx_status = (struct ieee80211_rx_status *) skb->cb;
7953 hdr = (struct ieee80211_hdr *) skb->data;
7954 fc = le16_to_cpu(hdr->frame_control);
7955
7956 switch (fc & IEEE80211_FCTL_STYPE) {
7957 case IEEE80211_STYPE_S1G_BEACON:
7958 ieee80211_rx_mgmt_beacon(link, hdr, skb->len, rx_status);
7959 break;
7960 }
7961 }
7962
ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb)7963 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
7964 struct sk_buff *skb)
7965 {
7966 struct ieee80211_link_data *link = &sdata->deflink;
7967 struct ieee80211_rx_status *rx_status;
7968 struct ieee802_11_elems *elems;
7969 struct ieee80211_mgmt *mgmt;
7970 u16 fc;
7971 int ies_len;
7972
7973 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7974
7975 rx_status = (struct ieee80211_rx_status *) skb->cb;
7976 mgmt = (struct ieee80211_mgmt *) skb->data;
7977 fc = le16_to_cpu(mgmt->frame_control);
7978
7979 if (rx_status->link_valid) {
7980 link = sdata_dereference(sdata->link[rx_status->link_id],
7981 sdata);
7982 if (!link)
7983 return;
7984 }
7985
7986 switch (fc & IEEE80211_FCTL_STYPE) {
7987 case IEEE80211_STYPE_BEACON:
7988 ieee80211_rx_mgmt_beacon(link, (void *)mgmt,
7989 skb->len, rx_status);
7990 break;
7991 case IEEE80211_STYPE_PROBE_RESP:
7992 ieee80211_rx_mgmt_probe_resp(link, skb);
7993 break;
7994 case IEEE80211_STYPE_AUTH:
7995 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
7996 break;
7997 case IEEE80211_STYPE_DEAUTH:
7998 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
7999 break;
8000 case IEEE80211_STYPE_DISASSOC:
8001 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
8002 break;
8003 case IEEE80211_STYPE_ASSOC_RESP:
8004 case IEEE80211_STYPE_REASSOC_RESP:
8005 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
8006 break;
8007 case IEEE80211_STYPE_ACTION:
8008 if (!sdata->u.mgd.associated ||
8009 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr))
8010 break;
8011
8012 switch (mgmt->u.action.category) {
8013 case WLAN_CATEGORY_SPECTRUM_MGMT:
8014 ies_len = skb->len -
8015 offsetof(struct ieee80211_mgmt,
8016 u.action.u.chan_switch.variable);
8017
8018 if (ies_len < 0)
8019 break;
8020
8021 /* CSA IE cannot be overridden, no need for BSSID */
8022 elems = ieee802_11_parse_elems(
8023 mgmt->u.action.u.chan_switch.variable,
8024 ies_len, true, NULL);
8025
8026 if (elems && !elems->parse_error) {
8027 enum ieee80211_csa_source src =
8028 IEEE80211_CSA_SOURCE_PROT_ACTION;
8029
8030 ieee80211_sta_process_chanswitch(link,
8031 rx_status->mactime,
8032 rx_status->device_timestamp,
8033 elems, elems,
8034 src);
8035 }
8036 kfree(elems);
8037 break;
8038 case WLAN_CATEGORY_PUBLIC:
8039 case WLAN_CATEGORY_PROTECTED_DUAL_OF_ACTION:
8040 ies_len = skb->len -
8041 offsetof(struct ieee80211_mgmt,
8042 u.action.u.ext_chan_switch.variable);
8043
8044 if (ies_len < 0)
8045 break;
8046
8047 /*
8048 * extended CSA IE can't be overridden, no need for
8049 * BSSID
8050 */
8051 elems = ieee802_11_parse_elems(
8052 mgmt->u.action.u.ext_chan_switch.variable,
8053 ies_len, true, NULL);
8054
8055 if (elems && !elems->parse_error) {
8056 enum ieee80211_csa_source src;
8057
8058 if (mgmt->u.action.category ==
8059 WLAN_CATEGORY_PROTECTED_DUAL_OF_ACTION)
8060 src = IEEE80211_CSA_SOURCE_PROT_ACTION;
8061 else
8062 src = IEEE80211_CSA_SOURCE_UNPROT_ACTION;
8063
8064 /* for the handling code pretend it was an IE */
8065 elems->ext_chansw_ie =
8066 &mgmt->u.action.u.ext_chan_switch.data;
8067
8068 ieee80211_sta_process_chanswitch(link,
8069 rx_status->mactime,
8070 rx_status->device_timestamp,
8071 elems, elems,
8072 src);
8073 }
8074
8075 kfree(elems);
8076 break;
8077 }
8078 break;
8079 }
8080 }
8081
ieee80211_sta_timer(struct timer_list * t)8082 static void ieee80211_sta_timer(struct timer_list *t)
8083 {
8084 struct ieee80211_sub_if_data *sdata =
8085 from_timer(sdata, t, u.mgd.timer);
8086
8087 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
8088 }
8089
ieee80211_sta_connection_lost(struct ieee80211_sub_if_data * sdata,u8 reason,bool tx)8090 void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
8091 u8 reason, bool tx)
8092 {
8093 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8094
8095 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
8096 tx, frame_buf);
8097
8098 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
8099 reason, false);
8100 }
8101
ieee80211_auth(struct ieee80211_sub_if_data * sdata)8102 static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
8103 {
8104 struct ieee80211_local *local = sdata->local;
8105 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8106 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
8107 u32 tx_flags = 0;
8108 u16 trans = 1;
8109 u16 status = 0;
8110 struct ieee80211_prep_tx_info info = {
8111 .subtype = IEEE80211_STYPE_AUTH,
8112 };
8113
8114 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8115
8116 if (WARN_ON_ONCE(!auth_data))
8117 return -EINVAL;
8118
8119 auth_data->tries++;
8120
8121 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
8122 sdata_info(sdata, "authentication with %pM timed out\n",
8123 auth_data->ap_addr);
8124
8125 /*
8126 * Most likely AP is not in the range so remove the
8127 * bss struct for that AP.
8128 */
8129 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
8130
8131 return -ETIMEDOUT;
8132 }
8133
8134 if (auth_data->algorithm == WLAN_AUTH_SAE)
8135 info.duration = jiffies_to_msecs(IEEE80211_AUTH_TIMEOUT_SAE);
8136
8137 info.link_id = auth_data->link_id;
8138 drv_mgd_prepare_tx(local, sdata, &info);
8139
8140 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
8141 auth_data->ap_addr, auth_data->tries,
8142 IEEE80211_AUTH_MAX_TRIES);
8143
8144 auth_data->expected_transaction = 2;
8145
8146 if (auth_data->algorithm == WLAN_AUTH_SAE) {
8147 trans = auth_data->sae_trans;
8148 status = auth_data->sae_status;
8149 auth_data->expected_transaction = trans;
8150 }
8151
8152 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
8153 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
8154 IEEE80211_TX_INTFL_MLME_CONN_TX;
8155
8156 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
8157 auth_data->data, auth_data->data_len,
8158 auth_data->ap_addr, auth_data->ap_addr,
8159 NULL, 0, 0, tx_flags);
8160
8161 if (tx_flags == 0) {
8162 if (auth_data->algorithm == WLAN_AUTH_SAE)
8163 auth_data->timeout = jiffies +
8164 IEEE80211_AUTH_TIMEOUT_SAE;
8165 else
8166 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
8167 } else {
8168 auth_data->timeout =
8169 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
8170 }
8171
8172 auth_data->timeout_started = true;
8173 run_again(sdata, auth_data->timeout);
8174
8175 return 0;
8176 }
8177
ieee80211_do_assoc(struct ieee80211_sub_if_data * sdata)8178 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
8179 {
8180 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
8181 struct ieee80211_local *local = sdata->local;
8182 int ret;
8183
8184 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8185
8186 assoc_data->tries++;
8187 assoc_data->comeback = false;
8188 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
8189 sdata_info(sdata, "association with %pM timed out\n",
8190 assoc_data->ap_addr);
8191
8192 /*
8193 * Most likely AP is not in the range so remove the
8194 * bss struct for that AP.
8195 */
8196 cfg80211_unlink_bss(local->hw.wiphy,
8197 assoc_data->link[assoc_data->assoc_link_id].bss);
8198
8199 return -ETIMEDOUT;
8200 }
8201
8202 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
8203 assoc_data->ap_addr, assoc_data->tries,
8204 IEEE80211_ASSOC_MAX_TRIES);
8205 ret = ieee80211_send_assoc(sdata);
8206 if (ret)
8207 return ret;
8208
8209 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
8210 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
8211 assoc_data->timeout_started = true;
8212 run_again(sdata, assoc_data->timeout);
8213 } else {
8214 assoc_data->timeout =
8215 round_jiffies_up(jiffies +
8216 IEEE80211_ASSOC_TIMEOUT_LONG);
8217 assoc_data->timeout_started = true;
8218 run_again(sdata, assoc_data->timeout);
8219 }
8220
8221 return 0;
8222 }
8223
ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data * sdata,__le16 fc,bool acked)8224 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
8225 __le16 fc, bool acked)
8226 {
8227 struct ieee80211_local *local = sdata->local;
8228
8229 sdata->u.mgd.status_fc = fc;
8230 sdata->u.mgd.status_acked = acked;
8231 sdata->u.mgd.status_received = true;
8232
8233 wiphy_work_queue(local->hw.wiphy, &sdata->work);
8234 }
8235
ieee80211_sta_work(struct ieee80211_sub_if_data * sdata)8236 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
8237 {
8238 struct ieee80211_local *local = sdata->local;
8239 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8240
8241 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8242
8243 if (ifmgd->status_received) {
8244 __le16 fc = ifmgd->status_fc;
8245 bool status_acked = ifmgd->status_acked;
8246
8247 ifmgd->status_received = false;
8248 if (ifmgd->auth_data && ieee80211_is_auth(fc)) {
8249 if (status_acked) {
8250 if (ifmgd->auth_data->algorithm ==
8251 WLAN_AUTH_SAE)
8252 ifmgd->auth_data->timeout =
8253 jiffies +
8254 IEEE80211_AUTH_TIMEOUT_SAE;
8255 else
8256 ifmgd->auth_data->timeout =
8257 jiffies +
8258 IEEE80211_AUTH_TIMEOUT_SHORT;
8259 run_again(sdata, ifmgd->auth_data->timeout);
8260 } else {
8261 ifmgd->auth_data->timeout = jiffies - 1;
8262 }
8263 ifmgd->auth_data->timeout_started = true;
8264 } else if (ifmgd->assoc_data &&
8265 !ifmgd->assoc_data->comeback &&
8266 (ieee80211_is_assoc_req(fc) ||
8267 ieee80211_is_reassoc_req(fc))) {
8268 /*
8269 * Update association timeout based on the TX status
8270 * for the (Re)Association Request frame. Skip this if
8271 * we have already processed a (Re)Association Response
8272 * frame that indicated need for association comeback
8273 * at a specific time in the future. This could happen
8274 * if the TX status information is delayed enough for
8275 * the response to be received and processed first.
8276 */
8277 if (status_acked) {
8278 ifmgd->assoc_data->timeout =
8279 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
8280 run_again(sdata, ifmgd->assoc_data->timeout);
8281 } else {
8282 ifmgd->assoc_data->timeout = jiffies - 1;
8283 }
8284 ifmgd->assoc_data->timeout_started = true;
8285 }
8286 }
8287
8288 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
8289 time_after(jiffies, ifmgd->auth_data->timeout)) {
8290 if (ifmgd->auth_data->done || ifmgd->auth_data->waiting) {
8291 /*
8292 * ok ... we waited for assoc or continuation but
8293 * userspace didn't do it, so kill the auth data
8294 */
8295 ieee80211_destroy_auth_data(sdata, false);
8296 } else if (ieee80211_auth(sdata)) {
8297 u8 ap_addr[ETH_ALEN];
8298 struct ieee80211_event event = {
8299 .type = MLME_EVENT,
8300 .u.mlme.data = AUTH_EVENT,
8301 .u.mlme.status = MLME_TIMEOUT,
8302 };
8303
8304 memcpy(ap_addr, ifmgd->auth_data->ap_addr, ETH_ALEN);
8305
8306 ieee80211_destroy_auth_data(sdata, false);
8307
8308 cfg80211_auth_timeout(sdata->dev, ap_addr);
8309 drv_event_callback(sdata->local, sdata, &event);
8310 }
8311 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
8312 run_again(sdata, ifmgd->auth_data->timeout);
8313
8314 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
8315 time_after(jiffies, ifmgd->assoc_data->timeout)) {
8316 if ((ifmgd->assoc_data->need_beacon &&
8317 !sdata->deflink.u.mgd.have_beacon) ||
8318 ieee80211_do_assoc(sdata)) {
8319 struct ieee80211_event event = {
8320 .type = MLME_EVENT,
8321 .u.mlme.data = ASSOC_EVENT,
8322 .u.mlme.status = MLME_TIMEOUT,
8323 };
8324
8325 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
8326 drv_event_callback(sdata->local, sdata, &event);
8327 }
8328 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
8329 run_again(sdata, ifmgd->assoc_data->timeout);
8330
8331 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
8332 ifmgd->associated) {
8333 u8 *bssid = sdata->deflink.u.mgd.bssid;
8334 int max_tries;
8335
8336 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
8337 max_tries = max_nullfunc_tries;
8338 else
8339 max_tries = max_probe_tries;
8340
8341 /* ACK received for nullfunc probing frame */
8342 if (!ifmgd->probe_send_count)
8343 ieee80211_reset_ap_probe(sdata);
8344 else if (ifmgd->nullfunc_failed) {
8345 if (ifmgd->probe_send_count < max_tries) {
8346 mlme_dbg(sdata,
8347 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
8348 bssid, ifmgd->probe_send_count,
8349 max_tries);
8350 ieee80211_mgd_probe_ap_send(sdata);
8351 } else {
8352 mlme_dbg(sdata,
8353 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
8354 bssid);
8355 ieee80211_sta_connection_lost(sdata,
8356 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
8357 false);
8358 }
8359 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
8360 run_again(sdata, ifmgd->probe_timeout);
8361 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
8362 mlme_dbg(sdata,
8363 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
8364 bssid, probe_wait_ms);
8365 ieee80211_sta_connection_lost(sdata,
8366 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
8367 } else if (ifmgd->probe_send_count < max_tries) {
8368 mlme_dbg(sdata,
8369 "No probe response from AP %pM after %dms, try %d/%i\n",
8370 bssid, probe_wait_ms,
8371 ifmgd->probe_send_count, max_tries);
8372 ieee80211_mgd_probe_ap_send(sdata);
8373 } else {
8374 /*
8375 * We actually lost the connection ... or did we?
8376 * Let's make sure!
8377 */
8378 mlme_dbg(sdata,
8379 "No probe response from AP %pM after %dms, disconnecting.\n",
8380 bssid, probe_wait_ms);
8381
8382 ieee80211_sta_connection_lost(sdata,
8383 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
8384 }
8385 }
8386 }
8387
ieee80211_sta_bcn_mon_timer(struct timer_list * t)8388 static void ieee80211_sta_bcn_mon_timer(struct timer_list *t)
8389 {
8390 struct ieee80211_sub_if_data *sdata =
8391 from_timer(sdata, t, u.mgd.bcn_mon_timer);
8392
8393 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif)))
8394 return;
8395
8396 if (sdata->vif.bss_conf.csa_active &&
8397 !sdata->deflink.u.mgd.csa.waiting_bcn)
8398 return;
8399
8400 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
8401 return;
8402
8403 sdata->u.mgd.connection_loss = false;
8404 wiphy_work_queue(sdata->local->hw.wiphy,
8405 &sdata->u.mgd.beacon_connection_loss_work);
8406 }
8407
ieee80211_sta_conn_mon_timer(struct timer_list * t)8408 static void ieee80211_sta_conn_mon_timer(struct timer_list *t)
8409 {
8410 struct ieee80211_sub_if_data *sdata =
8411 from_timer(sdata, t, u.mgd.conn_mon_timer);
8412 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8413 struct ieee80211_local *local = sdata->local;
8414 struct sta_info *sta;
8415 unsigned long timeout;
8416
8417 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif)))
8418 return;
8419
8420 if (sdata->vif.bss_conf.csa_active &&
8421 !sdata->deflink.u.mgd.csa.waiting_bcn)
8422 return;
8423
8424 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
8425 if (!sta)
8426 return;
8427
8428 timeout = sta->deflink.status_stats.last_ack;
8429 if (time_before(sta->deflink.status_stats.last_ack, sta->deflink.rx_stats.last_rx))
8430 timeout = sta->deflink.rx_stats.last_rx;
8431 timeout += IEEE80211_CONNECTION_IDLE_TIME;
8432
8433 /* If timeout is after now, then update timer to fire at
8434 * the later date, but do not actually probe at this time.
8435 */
8436 if (time_is_after_jiffies(timeout)) {
8437 mod_timer(&ifmgd->conn_mon_timer, round_jiffies_up(timeout));
8438 return;
8439 }
8440
8441 wiphy_work_queue(local->hw.wiphy, &sdata->u.mgd.monitor_work);
8442 }
8443
ieee80211_sta_monitor_work(struct wiphy * wiphy,struct wiphy_work * work)8444 static void ieee80211_sta_monitor_work(struct wiphy *wiphy,
8445 struct wiphy_work *work)
8446 {
8447 struct ieee80211_sub_if_data *sdata =
8448 container_of(work, struct ieee80211_sub_if_data,
8449 u.mgd.monitor_work);
8450
8451 ieee80211_mgd_probe_ap(sdata, false);
8452 }
8453
ieee80211_restart_sta_timer(struct ieee80211_sub_if_data * sdata)8454 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
8455 {
8456 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
8457 __ieee80211_stop_poll(sdata);
8458
8459 /* let's probe the connection once */
8460 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
8461 wiphy_work_queue(sdata->local->hw.wiphy,
8462 &sdata->u.mgd.monitor_work);
8463 }
8464 }
8465
8466 #ifdef CONFIG_PM
ieee80211_mgd_quiesce(struct ieee80211_sub_if_data * sdata)8467 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
8468 {
8469 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8470 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8471
8472 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8473
8474 if (ifmgd->auth_data || ifmgd->assoc_data) {
8475 const u8 *ap_addr = ifmgd->auth_data ?
8476 ifmgd->auth_data->ap_addr :
8477 ifmgd->assoc_data->ap_addr;
8478
8479 /*
8480 * If we are trying to authenticate / associate while suspending,
8481 * cfg80211 won't know and won't actually abort those attempts,
8482 * thus we need to do that ourselves.
8483 */
8484 ieee80211_send_deauth_disassoc(sdata, ap_addr, ap_addr,
8485 IEEE80211_STYPE_DEAUTH,
8486 WLAN_REASON_DEAUTH_LEAVING,
8487 false, frame_buf);
8488 if (ifmgd->assoc_data)
8489 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
8490 if (ifmgd->auth_data)
8491 ieee80211_destroy_auth_data(sdata, false);
8492 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
8493 IEEE80211_DEAUTH_FRAME_LEN,
8494 false);
8495 }
8496
8497 /* This is a bit of a hack - we should find a better and more generic
8498 * solution to this. Normally when suspending, cfg80211 will in fact
8499 * deauthenticate. However, it doesn't (and cannot) stop an ongoing
8500 * auth (not so important) or assoc (this is the problem) process.
8501 *
8502 * As a consequence, it can happen that we are in the process of both
8503 * associating and suspending, and receive an association response
8504 * after cfg80211 has checked if it needs to disconnect, but before
8505 * we actually set the flag to drop incoming frames. This will then
8506 * cause the workqueue flush to process the association response in
8507 * the suspend, resulting in a successful association just before it
8508 * tries to remove the interface from the driver, which now though
8509 * has a channel context assigned ... this results in issues.
8510 *
8511 * To work around this (for now) simply deauth here again if we're
8512 * now connected.
8513 */
8514 if (ifmgd->associated && !sdata->local->wowlan) {
8515 u8 bssid[ETH_ALEN];
8516 struct cfg80211_deauth_request req = {
8517 .reason_code = WLAN_REASON_DEAUTH_LEAVING,
8518 .bssid = bssid,
8519 };
8520
8521 memcpy(bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
8522 ieee80211_mgd_deauth(sdata, &req);
8523 }
8524 }
8525 #endif
8526
ieee80211_sta_restart(struct ieee80211_sub_if_data * sdata)8527 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
8528 {
8529 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8530
8531 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8532
8533 if (!ifmgd->associated)
8534 return;
8535
8536 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
8537 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
8538 mlme_dbg(sdata, "driver requested disconnect after resume\n");
8539 ieee80211_sta_connection_lost(sdata,
8540 WLAN_REASON_UNSPECIFIED,
8541 true);
8542 return;
8543 }
8544
8545 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_HW_RESTART) {
8546 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_HW_RESTART;
8547 mlme_dbg(sdata, "driver requested disconnect after hardware restart\n");
8548 ieee80211_sta_connection_lost(sdata,
8549 WLAN_REASON_UNSPECIFIED,
8550 true);
8551 return;
8552 }
8553 }
8554
ieee80211_request_smps_mgd_work(struct wiphy * wiphy,struct wiphy_work * work)8555 static void ieee80211_request_smps_mgd_work(struct wiphy *wiphy,
8556 struct wiphy_work *work)
8557 {
8558 struct ieee80211_link_data *link =
8559 container_of(work, struct ieee80211_link_data,
8560 u.mgd.request_smps_work);
8561
8562 __ieee80211_request_smps_mgd(link->sdata, link,
8563 link->u.mgd.driver_smps_mode);
8564 }
8565
ieee80211_ml_sta_reconf_timeout(struct wiphy * wiphy,struct wiphy_work * work)8566 static void ieee80211_ml_sta_reconf_timeout(struct wiphy *wiphy,
8567 struct wiphy_work *work)
8568 {
8569 struct ieee80211_sub_if_data *sdata =
8570 container_of(work, struct ieee80211_sub_if_data,
8571 u.mgd.reconf.wk.work);
8572
8573 if (!sdata->u.mgd.reconf.added_links &&
8574 !sdata->u.mgd.reconf.removed_links)
8575 return;
8576
8577 sdata_info(sdata,
8578 "mlo: reconf: timeout: added=0x%x, removed=0x%x\n",
8579 sdata->u.mgd.reconf.added_links,
8580 sdata->u.mgd.reconf.removed_links);
8581
8582 __ieee80211_disconnect(sdata);
8583 }
8584
8585 /* interface setup */
ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data * sdata)8586 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
8587 {
8588 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8589
8590 wiphy_work_init(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
8591 wiphy_work_init(&ifmgd->beacon_connection_loss_work,
8592 ieee80211_beacon_connection_loss_work);
8593 wiphy_work_init(&ifmgd->csa_connection_drop_work,
8594 ieee80211_csa_connection_drop_work);
8595 wiphy_delayed_work_init(&ifmgd->tdls_peer_del_work,
8596 ieee80211_tdls_peer_del_work);
8597 wiphy_delayed_work_init(&ifmgd->ml_reconf_work,
8598 ieee80211_ml_reconf_work);
8599 wiphy_delayed_work_init(&ifmgd->reconf.wk,
8600 ieee80211_ml_sta_reconf_timeout);
8601 timer_setup(&ifmgd->timer, ieee80211_sta_timer, 0);
8602 timer_setup(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 0);
8603 timer_setup(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 0);
8604 wiphy_delayed_work_init(&ifmgd->tx_tspec_wk,
8605 ieee80211_sta_handle_tspec_ac_params_wk);
8606 wiphy_delayed_work_init(&ifmgd->ttlm_work,
8607 ieee80211_tid_to_link_map_work);
8608 wiphy_delayed_work_init(&ifmgd->neg_ttlm_timeout_work,
8609 ieee80211_neg_ttlm_timeout_work);
8610 wiphy_work_init(&ifmgd->teardown_ttlm_work,
8611 ieee80211_teardown_ttlm_work);
8612
8613 ifmgd->flags = 0;
8614 ifmgd->powersave = sdata->wdev.ps;
8615 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
8616 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
8617 /* Setup TDLS data */
8618 spin_lock_init(&ifmgd->teardown_lock);
8619 ifmgd->teardown_skb = NULL;
8620 ifmgd->orig_teardown_skb = NULL;
8621 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO;
8622 }
8623
ieee80211_recalc_smps_work(struct wiphy * wiphy,struct wiphy_work * work)8624 static void ieee80211_recalc_smps_work(struct wiphy *wiphy,
8625 struct wiphy_work *work)
8626 {
8627 struct ieee80211_link_data *link =
8628 container_of(work, struct ieee80211_link_data,
8629 u.mgd.recalc_smps);
8630
8631 ieee80211_recalc_smps(link->sdata, link);
8632 }
8633
ieee80211_mgd_setup_link(struct ieee80211_link_data * link)8634 void ieee80211_mgd_setup_link(struct ieee80211_link_data *link)
8635 {
8636 struct ieee80211_sub_if_data *sdata = link->sdata;
8637 struct ieee80211_local *local = sdata->local;
8638 unsigned int link_id = link->link_id;
8639
8640 link->u.mgd.p2p_noa_index = -1;
8641 link->conf->bssid = link->u.mgd.bssid;
8642 link->smps_mode = IEEE80211_SMPS_OFF;
8643
8644 wiphy_work_init(&link->u.mgd.request_smps_work,
8645 ieee80211_request_smps_mgd_work);
8646 wiphy_work_init(&link->u.mgd.recalc_smps,
8647 ieee80211_recalc_smps_work);
8648 if (local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS)
8649 link->u.mgd.req_smps = IEEE80211_SMPS_AUTOMATIC;
8650 else
8651 link->u.mgd.req_smps = IEEE80211_SMPS_OFF;
8652
8653 wiphy_delayed_work_init(&link->u.mgd.csa.switch_work,
8654 ieee80211_csa_switch_work);
8655
8656 ieee80211_clear_tpe(&link->conf->tpe);
8657
8658 if (sdata->u.mgd.assoc_data)
8659 ether_addr_copy(link->conf->addr,
8660 sdata->u.mgd.assoc_data->link[link_id].addr);
8661 else if (sdata->u.mgd.reconf.add_links_data)
8662 ether_addr_copy(link->conf->addr,
8663 sdata->u.mgd.reconf.add_links_data->link[link_id].addr);
8664 else if (!is_valid_ether_addr(link->conf->addr))
8665 eth_random_addr(link->conf->addr);
8666 }
8667
8668 /* scan finished notification */
ieee80211_mlme_notify_scan_completed(struct ieee80211_local * local)8669 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
8670 {
8671 struct ieee80211_sub_if_data *sdata;
8672
8673 /* Restart STA timers */
8674 rcu_read_lock();
8675 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
8676 if (ieee80211_sdata_running(sdata))
8677 ieee80211_restart_sta_timer(sdata);
8678 }
8679 rcu_read_unlock();
8680 }
8681
ieee80211_prep_connection(struct ieee80211_sub_if_data * sdata,struct cfg80211_bss * cbss,s8 link_id,const u8 * ap_mld_addr,bool assoc,struct ieee80211_conn_settings * conn,bool override,unsigned long * userspace_selectors)8682 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
8683 struct cfg80211_bss *cbss, s8 link_id,
8684 const u8 *ap_mld_addr, bool assoc,
8685 struct ieee80211_conn_settings *conn,
8686 bool override,
8687 unsigned long *userspace_selectors)
8688 {
8689 struct ieee80211_local *local = sdata->local;
8690 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8691 struct ieee80211_bss *bss = (void *)cbss->priv;
8692 struct sta_info *new_sta = NULL;
8693 struct ieee80211_link_data *link;
8694 bool have_sta = false;
8695 bool mlo;
8696 int err;
8697
8698 if (link_id >= 0) {
8699 mlo = true;
8700 if (WARN_ON(!ap_mld_addr))
8701 return -EINVAL;
8702 err = ieee80211_vif_set_links(sdata, BIT(link_id), 0);
8703 } else {
8704 if (WARN_ON(ap_mld_addr))
8705 return -EINVAL;
8706 ap_mld_addr = cbss->bssid;
8707 err = ieee80211_vif_set_links(sdata, 0, 0);
8708 link_id = 0;
8709 mlo = false;
8710 }
8711
8712 if (err)
8713 return err;
8714
8715 link = sdata_dereference(sdata->link[link_id], sdata);
8716 if (WARN_ON(!link)) {
8717 err = -ENOLINK;
8718 goto out_err;
8719 }
8720
8721 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) {
8722 err = -EINVAL;
8723 goto out_err;
8724 }
8725
8726 /* If a reconfig is happening, bail out */
8727 if (local->in_reconfig) {
8728 err = -EBUSY;
8729 goto out_err;
8730 }
8731
8732 if (assoc) {
8733 rcu_read_lock();
8734 have_sta = sta_info_get(sdata, ap_mld_addr);
8735 rcu_read_unlock();
8736 }
8737
8738 if (!have_sta) {
8739 if (mlo)
8740 new_sta = sta_info_alloc_with_link(sdata, ap_mld_addr,
8741 link_id, cbss->bssid,
8742 GFP_KERNEL);
8743 else
8744 new_sta = sta_info_alloc(sdata, ap_mld_addr, GFP_KERNEL);
8745
8746 if (!new_sta) {
8747 err = -ENOMEM;
8748 goto out_err;
8749 }
8750
8751 new_sta->sta.mlo = mlo;
8752 }
8753
8754 /*
8755 * Set up the information for the new channel before setting the
8756 * new channel. We can't - completely race-free - change the basic
8757 * rates bitmap and the channel (sband) that it refers to, but if
8758 * we set it up before we at least avoid calling into the driver's
8759 * bss_info_changed() method with invalid information (since we do
8760 * call that from changing the channel - only for IDLE and perhaps
8761 * some others, but ...).
8762 *
8763 * So to avoid that, just set up all the new information before the
8764 * channel, but tell the driver to apply it only afterwards, since
8765 * it might need the new channel for that.
8766 */
8767 if (new_sta) {
8768 const struct cfg80211_bss_ies *ies;
8769 struct link_sta_info *link_sta;
8770
8771 rcu_read_lock();
8772 link_sta = rcu_dereference(new_sta->link[link_id]);
8773 if (WARN_ON(!link_sta)) {
8774 rcu_read_unlock();
8775 sta_info_free(local, new_sta);
8776 err = -EINVAL;
8777 goto out_err;
8778 }
8779
8780 err = ieee80211_mgd_setup_link_sta(link, new_sta,
8781 link_sta, cbss);
8782 if (err) {
8783 rcu_read_unlock();
8784 sta_info_free(local, new_sta);
8785 goto out_err;
8786 }
8787
8788 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN);
8789
8790 /* set timing information */
8791 link->conf->beacon_int = cbss->beacon_interval;
8792 ies = rcu_dereference(cbss->beacon_ies);
8793 if (ies) {
8794 link->conf->sync_tsf = ies->tsf;
8795 link->conf->sync_device_ts =
8796 bss->device_ts_beacon;
8797
8798 ieee80211_get_dtim(ies,
8799 &link->conf->sync_dtim_count,
8800 NULL);
8801 } else if (!ieee80211_hw_check(&sdata->local->hw,
8802 TIMING_BEACON_ONLY)) {
8803 ies = rcu_dereference(cbss->proberesp_ies);
8804 /* must be non-NULL since beacon IEs were NULL */
8805 link->conf->sync_tsf = ies->tsf;
8806 link->conf->sync_device_ts =
8807 bss->device_ts_presp;
8808 link->conf->sync_dtim_count = 0;
8809 } else {
8810 link->conf->sync_tsf = 0;
8811 link->conf->sync_device_ts = 0;
8812 link->conf->sync_dtim_count = 0;
8813 }
8814 rcu_read_unlock();
8815 }
8816
8817 if (new_sta || override) {
8818 /*
8819 * Only set this if we're also going to calculate the AP
8820 * settings etc., otherwise this was set before in a
8821 * previous call. Note override is set to %true in assoc
8822 * if the settings were changed.
8823 */
8824 link->u.mgd.conn = *conn;
8825 err = ieee80211_prep_channel(sdata, link, link->link_id, cbss,
8826 mlo, &link->u.mgd.conn,
8827 userspace_selectors);
8828 if (err) {
8829 if (new_sta)
8830 sta_info_free(local, new_sta);
8831 goto out_err;
8832 }
8833 /* pass out for use in assoc */
8834 *conn = link->u.mgd.conn;
8835 }
8836
8837 if (new_sta) {
8838 /*
8839 * tell driver about BSSID, basic rates and timing
8840 * this was set up above, before setting the channel
8841 */
8842 ieee80211_link_info_change_notify(sdata, link,
8843 BSS_CHANGED_BSSID |
8844 BSS_CHANGED_BASIC_RATES |
8845 BSS_CHANGED_BEACON_INT);
8846
8847 if (assoc)
8848 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
8849
8850 err = sta_info_insert(new_sta);
8851 new_sta = NULL;
8852 if (err) {
8853 sdata_info(sdata,
8854 "failed to insert STA entry for the AP (error %d)\n",
8855 err);
8856 goto out_release_chan;
8857 }
8858 } else
8859 WARN_ON_ONCE(!ether_addr_equal(link->u.mgd.bssid, cbss->bssid));
8860
8861 /* Cancel scan to ensure that nothing interferes with connection */
8862 if (local->scanning)
8863 ieee80211_scan_cancel(local);
8864
8865 return 0;
8866
8867 out_release_chan:
8868 ieee80211_link_release_channel(link);
8869 out_err:
8870 ieee80211_vif_set_links(sdata, 0, 0);
8871 return err;
8872 }
8873
ieee80211_mgd_csa_present(struct ieee80211_sub_if_data * sdata,const struct cfg80211_bss_ies * ies,u8 cur_channel,bool ignore_ecsa)8874 static bool ieee80211_mgd_csa_present(struct ieee80211_sub_if_data *sdata,
8875 const struct cfg80211_bss_ies *ies,
8876 u8 cur_channel, bool ignore_ecsa)
8877 {
8878 const struct element *csa_elem, *ecsa_elem;
8879 struct ieee80211_channel_sw_ie *csa = NULL;
8880 struct ieee80211_ext_chansw_ie *ecsa = NULL;
8881
8882 if (!ies)
8883 return false;
8884
8885 csa_elem = cfg80211_find_elem(WLAN_EID_CHANNEL_SWITCH,
8886 ies->data, ies->len);
8887 if (csa_elem && csa_elem->datalen == sizeof(*csa))
8888 csa = (void *)csa_elem->data;
8889
8890 ecsa_elem = cfg80211_find_elem(WLAN_EID_EXT_CHANSWITCH_ANN,
8891 ies->data, ies->len);
8892 if (ecsa_elem && ecsa_elem->datalen == sizeof(*ecsa))
8893 ecsa = (void *)ecsa_elem->data;
8894
8895 if (csa && csa->count == 0)
8896 csa = NULL;
8897 if (csa && !csa->mode && csa->new_ch_num == cur_channel)
8898 csa = NULL;
8899
8900 if (ecsa && ecsa->count == 0)
8901 ecsa = NULL;
8902 if (ecsa && !ecsa->mode && ecsa->new_ch_num == cur_channel)
8903 ecsa = NULL;
8904
8905 if (ignore_ecsa && ecsa) {
8906 sdata_info(sdata,
8907 "Ignoring ECSA in probe response - was considered stuck!\n");
8908 return csa;
8909 }
8910
8911 return csa || ecsa;
8912 }
8913
ieee80211_mgd_csa_in_process(struct ieee80211_sub_if_data * sdata,struct cfg80211_bss * bss)8914 static bool ieee80211_mgd_csa_in_process(struct ieee80211_sub_if_data *sdata,
8915 struct cfg80211_bss *bss)
8916 {
8917 u8 cur_channel;
8918 bool ret;
8919
8920 cur_channel = ieee80211_frequency_to_channel(bss->channel->center_freq);
8921
8922 rcu_read_lock();
8923 if (ieee80211_mgd_csa_present(sdata,
8924 rcu_dereference(bss->beacon_ies),
8925 cur_channel, false)) {
8926 ret = true;
8927 goto out;
8928 }
8929
8930 if (ieee80211_mgd_csa_present(sdata,
8931 rcu_dereference(bss->proberesp_ies),
8932 cur_channel, bss->proberesp_ecsa_stuck)) {
8933 ret = true;
8934 goto out;
8935 }
8936
8937 ret = false;
8938 out:
8939 rcu_read_unlock();
8940 return ret;
8941 }
8942
ieee80211_parse_cfg_selectors(unsigned long * userspace_selectors,const u8 * supported_selectors,u8 supported_selectors_len)8943 static void ieee80211_parse_cfg_selectors(unsigned long *userspace_selectors,
8944 const u8 *supported_selectors,
8945 u8 supported_selectors_len)
8946 {
8947 if (supported_selectors) {
8948 for (int i = 0; i < supported_selectors_len; i++) {
8949 set_bit(supported_selectors[i],
8950 userspace_selectors);
8951 }
8952 } else {
8953 /* Assume SAE_H2E support for backward compatibility. */
8954 set_bit(BSS_MEMBERSHIP_SELECTOR_SAE_H2E,
8955 userspace_selectors);
8956 }
8957 }
8958
8959 /* config hooks */
ieee80211_mgd_auth(struct ieee80211_sub_if_data * sdata,struct cfg80211_auth_request * req)8960 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
8961 struct cfg80211_auth_request *req)
8962 {
8963 struct ieee80211_local *local = sdata->local;
8964 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8965 struct ieee80211_mgd_auth_data *auth_data;
8966 struct ieee80211_conn_settings conn;
8967 struct ieee80211_link_data *link;
8968 struct ieee80211_supported_band *sband;
8969 struct ieee80211_bss *bss;
8970 u16 auth_alg;
8971 int err;
8972 bool cont_auth, wmm_used;
8973
8974 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8975
8976 /* prepare auth data structure */
8977
8978 switch (req->auth_type) {
8979 case NL80211_AUTHTYPE_OPEN_SYSTEM:
8980 auth_alg = WLAN_AUTH_OPEN;
8981 break;
8982 case NL80211_AUTHTYPE_SHARED_KEY:
8983 if (fips_enabled)
8984 return -EOPNOTSUPP;
8985 auth_alg = WLAN_AUTH_SHARED_KEY;
8986 break;
8987 case NL80211_AUTHTYPE_FT:
8988 auth_alg = WLAN_AUTH_FT;
8989 break;
8990 case NL80211_AUTHTYPE_NETWORK_EAP:
8991 auth_alg = WLAN_AUTH_LEAP;
8992 break;
8993 case NL80211_AUTHTYPE_SAE:
8994 auth_alg = WLAN_AUTH_SAE;
8995 break;
8996 case NL80211_AUTHTYPE_FILS_SK:
8997 auth_alg = WLAN_AUTH_FILS_SK;
8998 break;
8999 case NL80211_AUTHTYPE_FILS_SK_PFS:
9000 auth_alg = WLAN_AUTH_FILS_SK_PFS;
9001 break;
9002 case NL80211_AUTHTYPE_FILS_PK:
9003 auth_alg = WLAN_AUTH_FILS_PK;
9004 break;
9005 default:
9006 return -EOPNOTSUPP;
9007 }
9008
9009 if (ifmgd->assoc_data)
9010 return -EBUSY;
9011
9012 if (ieee80211_mgd_csa_in_process(sdata, req->bss)) {
9013 sdata_info(sdata, "AP is in CSA process, reject auth\n");
9014 return -EINVAL;
9015 }
9016
9017 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len +
9018 req->ie_len, GFP_KERNEL);
9019 if (!auth_data)
9020 return -ENOMEM;
9021
9022 memcpy(auth_data->ap_addr,
9023 req->ap_mld_addr ?: req->bss->bssid,
9024 ETH_ALEN);
9025 auth_data->bss = req->bss;
9026 auth_data->link_id = req->link_id;
9027
9028 if (req->auth_data_len >= 4) {
9029 if (req->auth_type == NL80211_AUTHTYPE_SAE) {
9030 __le16 *pos = (__le16 *) req->auth_data;
9031
9032 auth_data->sae_trans = le16_to_cpu(pos[0]);
9033 auth_data->sae_status = le16_to_cpu(pos[1]);
9034 }
9035 memcpy(auth_data->data, req->auth_data + 4,
9036 req->auth_data_len - 4);
9037 auth_data->data_len += req->auth_data_len - 4;
9038 }
9039
9040 /* Check if continuing authentication or trying to authenticate with the
9041 * same BSS that we were in the process of authenticating with and avoid
9042 * removal and re-addition of the STA entry in
9043 * ieee80211_prep_connection().
9044 */
9045 cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss &&
9046 ifmgd->auth_data->link_id == req->link_id;
9047
9048 if (req->ie && req->ie_len) {
9049 memcpy(&auth_data->data[auth_data->data_len],
9050 req->ie, req->ie_len);
9051 auth_data->data_len += req->ie_len;
9052 }
9053
9054 if (req->key && req->key_len) {
9055 auth_data->key_len = req->key_len;
9056 auth_data->key_idx = req->key_idx;
9057 memcpy(auth_data->key, req->key, req->key_len);
9058 }
9059
9060 ieee80211_parse_cfg_selectors(auth_data->userspace_selectors,
9061 req->supported_selectors,
9062 req->supported_selectors_len);
9063
9064 auth_data->algorithm = auth_alg;
9065
9066 /* try to authenticate/probe */
9067
9068 if (ifmgd->auth_data) {
9069 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) {
9070 auth_data->peer_confirmed =
9071 ifmgd->auth_data->peer_confirmed;
9072 }
9073 ieee80211_destroy_auth_data(sdata, cont_auth);
9074 }
9075
9076 /* prep auth_data so we don't go into idle on disassoc */
9077 ifmgd->auth_data = auth_data;
9078
9079 /* If this is continuation of an ongoing SAE authentication exchange
9080 * (i.e., request to send SAE Confirm) and the peer has already
9081 * confirmed, mark authentication completed since we are about to send
9082 * out SAE Confirm.
9083 */
9084 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE &&
9085 auth_data->peer_confirmed && auth_data->sae_trans == 2)
9086 ieee80211_mark_sta_auth(sdata);
9087
9088 if (ifmgd->associated) {
9089 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
9090
9091 sdata_info(sdata,
9092 "disconnect from AP %pM for new auth to %pM\n",
9093 sdata->vif.cfg.ap_addr, auth_data->ap_addr);
9094 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
9095 WLAN_REASON_UNSPECIFIED,
9096 false, frame_buf);
9097
9098 ieee80211_report_disconnect(sdata, frame_buf,
9099 sizeof(frame_buf), true,
9100 WLAN_REASON_UNSPECIFIED,
9101 false);
9102 }
9103
9104 /* needed for transmitting the auth frame(s) properly */
9105 memcpy(sdata->vif.cfg.ap_addr, auth_data->ap_addr, ETH_ALEN);
9106
9107 bss = (void *)req->bss->priv;
9108 wmm_used = bss->wmm_used && (local->hw.queues >= IEEE80211_NUM_ACS);
9109
9110 sband = local->hw.wiphy->bands[req->bss->channel->band];
9111
9112 ieee80211_determine_our_sta_mode_auth(sdata, sband, req, wmm_used,
9113 &conn);
9114
9115 err = ieee80211_prep_connection(sdata, req->bss, req->link_id,
9116 req->ap_mld_addr, cont_auth,
9117 &conn, false,
9118 auth_data->userspace_selectors);
9119 if (err)
9120 goto err_clear;
9121
9122 if (req->link_id >= 0)
9123 link = sdata_dereference(sdata->link[req->link_id], sdata);
9124 else
9125 link = &sdata->deflink;
9126
9127 if (WARN_ON(!link)) {
9128 err = -ENOLINK;
9129 goto err_clear;
9130 }
9131
9132 sdata_info(sdata, "authenticate with %pM (local address=%pM)\n",
9133 auth_data->ap_addr, link->conf->addr);
9134
9135 err = ieee80211_auth(sdata);
9136 if (err) {
9137 sta_info_destroy_addr(sdata, auth_data->ap_addr);
9138 goto err_clear;
9139 }
9140
9141 /* hold our own reference */
9142 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
9143 return 0;
9144
9145 err_clear:
9146 if (!ieee80211_vif_is_mld(&sdata->vif)) {
9147 eth_zero_addr(sdata->deflink.u.mgd.bssid);
9148 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
9149 BSS_CHANGED_BSSID);
9150 ieee80211_link_release_channel(&sdata->deflink);
9151 }
9152 ifmgd->auth_data = NULL;
9153 kfree(auth_data);
9154 return err;
9155 }
9156
9157 static void
ieee80211_setup_assoc_link(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * assoc_data,struct cfg80211_assoc_request * req,struct ieee80211_conn_settings * conn,unsigned int link_id)9158 ieee80211_setup_assoc_link(struct ieee80211_sub_if_data *sdata,
9159 struct ieee80211_mgd_assoc_data *assoc_data,
9160 struct cfg80211_assoc_request *req,
9161 struct ieee80211_conn_settings *conn,
9162 unsigned int link_id)
9163 {
9164 struct ieee80211_local *local = sdata->local;
9165 const struct cfg80211_bss_ies *bss_ies;
9166 struct ieee80211_supported_band *sband;
9167 struct ieee80211_link_data *link;
9168 struct cfg80211_bss *cbss;
9169 struct ieee80211_bss *bss;
9170
9171 cbss = assoc_data->link[link_id].bss;
9172 if (WARN_ON(!cbss))
9173 return;
9174
9175 bss = (void *)cbss->priv;
9176
9177 sband = local->hw.wiphy->bands[cbss->channel->band];
9178 if (WARN_ON(!sband))
9179 return;
9180
9181 link = sdata_dereference(sdata->link[link_id], sdata);
9182 if (WARN_ON(!link))
9183 return;
9184
9185 /* for MLO connections assume advertising all rates is OK */
9186 if (!req->ap_mld_addr) {
9187 assoc_data->supp_rates = bss->supp_rates;
9188 assoc_data->supp_rates_len = bss->supp_rates_len;
9189 }
9190
9191 /* copy and link elems for the STA profile */
9192 if (req->links[link_id].elems_len) {
9193 memcpy(assoc_data->ie_pos, req->links[link_id].elems,
9194 req->links[link_id].elems_len);
9195 assoc_data->link[link_id].elems = assoc_data->ie_pos;
9196 assoc_data->link[link_id].elems_len = req->links[link_id].elems_len;
9197 assoc_data->ie_pos += req->links[link_id].elems_len;
9198 }
9199
9200 link->u.mgd.beacon_crc_valid = false;
9201 link->u.mgd.dtim_period = 0;
9202 link->u.mgd.have_beacon = false;
9203
9204 /* override HT configuration only if the AP and we support it */
9205 if (conn->mode >= IEEE80211_CONN_MODE_HT) {
9206 struct ieee80211_sta_ht_cap sta_ht_cap;
9207
9208 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
9209 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
9210 }
9211
9212 rcu_read_lock();
9213 bss_ies = rcu_dereference(cbss->beacon_ies);
9214 if (bss_ies) {
9215 u8 dtim_count = 0;
9216
9217 ieee80211_get_dtim(bss_ies, &dtim_count,
9218 &link->u.mgd.dtim_period);
9219
9220 sdata->deflink.u.mgd.have_beacon = true;
9221
9222 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
9223 link->conf->sync_tsf = bss_ies->tsf;
9224 link->conf->sync_device_ts = bss->device_ts_beacon;
9225 link->conf->sync_dtim_count = dtim_count;
9226 }
9227 } else {
9228 bss_ies = rcu_dereference(cbss->ies);
9229 }
9230
9231 if (bss_ies) {
9232 const struct element *elem;
9233
9234 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION,
9235 bss_ies->data, bss_ies->len);
9236 if (elem && elem->datalen >= 3)
9237 link->conf->profile_periodicity = elem->data[2];
9238 else
9239 link->conf->profile_periodicity = 0;
9240
9241 elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
9242 bss_ies->data, bss_ies->len);
9243 if (elem && elem->datalen >= 11 &&
9244 (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
9245 link->conf->ema_ap = true;
9246 else
9247 link->conf->ema_ap = false;
9248 }
9249 rcu_read_unlock();
9250
9251 if (bss->corrupt_data) {
9252 char *corrupt_type = "data";
9253
9254 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
9255 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
9256 corrupt_type = "beacon and probe response";
9257 else
9258 corrupt_type = "beacon";
9259 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) {
9260 corrupt_type = "probe response";
9261 }
9262 sdata_info(sdata, "associating to AP %pM with corrupt %s\n",
9263 cbss->bssid, corrupt_type);
9264 }
9265
9266 if (link->u.mgd.req_smps == IEEE80211_SMPS_AUTOMATIC) {
9267 if (sdata->u.mgd.powersave)
9268 link->smps_mode = IEEE80211_SMPS_DYNAMIC;
9269 else
9270 link->smps_mode = IEEE80211_SMPS_OFF;
9271 } else {
9272 link->smps_mode = link->u.mgd.req_smps;
9273 }
9274 }
9275
9276 static int
ieee80211_mgd_get_ap_ht_vht_capa(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * assoc_data,int link_id)9277 ieee80211_mgd_get_ap_ht_vht_capa(struct ieee80211_sub_if_data *sdata,
9278 struct ieee80211_mgd_assoc_data *assoc_data,
9279 int link_id)
9280 {
9281 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
9282 enum nl80211_band band = cbss->channel->band;
9283 struct ieee80211_supported_band *sband;
9284 const struct element *elem;
9285 int err;
9286
9287 /* neither HT nor VHT elements used on 6 GHz */
9288 if (band == NL80211_BAND_6GHZ)
9289 return 0;
9290
9291 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_HT)
9292 return 0;
9293
9294 rcu_read_lock();
9295 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_OPERATION);
9296 if (!elem || elem->datalen < sizeof(struct ieee80211_ht_operation)) {
9297 mlme_link_id_dbg(sdata, link_id, "no HT operation on BSS %pM\n",
9298 cbss->bssid);
9299 err = -EINVAL;
9300 goto out_rcu;
9301 }
9302 assoc_data->link[link_id].ap_ht_param =
9303 ((struct ieee80211_ht_operation *)(elem->data))->ht_param;
9304 rcu_read_unlock();
9305
9306 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_VHT)
9307 return 0;
9308
9309 /* some drivers want to support VHT on 2.4 GHz even */
9310 sband = sdata->local->hw.wiphy->bands[band];
9311 if (!sband->vht_cap.vht_supported)
9312 return 0;
9313
9314 rcu_read_lock();
9315 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY);
9316 /* but even then accept it not being present on the AP */
9317 if (!elem && band == NL80211_BAND_2GHZ) {
9318 err = 0;
9319 goto out_rcu;
9320 }
9321 if (!elem || elem->datalen < sizeof(struct ieee80211_vht_cap)) {
9322 mlme_link_id_dbg(sdata, link_id, "no VHT capa on BSS %pM\n",
9323 cbss->bssid);
9324 err = -EINVAL;
9325 goto out_rcu;
9326 }
9327 memcpy(&assoc_data->link[link_id].ap_vht_cap, elem->data,
9328 sizeof(struct ieee80211_vht_cap));
9329 rcu_read_unlock();
9330
9331 return 0;
9332 out_rcu:
9333 rcu_read_unlock();
9334 return err;
9335 }
9336
ieee80211_mgd_assoc(struct ieee80211_sub_if_data * sdata,struct cfg80211_assoc_request * req)9337 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
9338 struct cfg80211_assoc_request *req)
9339 {
9340 unsigned int assoc_link_id = req->link_id < 0 ? 0 : req->link_id;
9341 struct ieee80211_local *local = sdata->local;
9342 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
9343 struct ieee80211_mgd_assoc_data *assoc_data;
9344 const struct element *ssid_elem;
9345 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
9346 struct ieee80211_link_data *link;
9347 struct cfg80211_bss *cbss;
9348 bool override, uapsd_supported;
9349 bool match_auth;
9350 int i, err;
9351 size_t size = sizeof(*assoc_data) + req->ie_len;
9352
9353 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++)
9354 size += req->links[i].elems_len;
9355
9356 /* FIXME: no support for 4-addr MLO yet */
9357 if (sdata->u.mgd.use_4addr && req->link_id >= 0)
9358 return -EOPNOTSUPP;
9359
9360 assoc_data = kzalloc(size, GFP_KERNEL);
9361 if (!assoc_data)
9362 return -ENOMEM;
9363
9364 cbss = req->link_id < 0 ? req->bss : req->links[req->link_id].bss;
9365
9366 if (ieee80211_mgd_csa_in_process(sdata, cbss)) {
9367 sdata_info(sdata, "AP is in CSA process, reject assoc\n");
9368 err = -EINVAL;
9369 goto err_free;
9370 }
9371
9372 rcu_read_lock();
9373 ssid_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID);
9374 if (!ssid_elem || ssid_elem->datalen > sizeof(assoc_data->ssid)) {
9375 rcu_read_unlock();
9376 err = -EINVAL;
9377 goto err_free;
9378 }
9379
9380 memcpy(assoc_data->ssid, ssid_elem->data, ssid_elem->datalen);
9381 assoc_data->ssid_len = ssid_elem->datalen;
9382 rcu_read_unlock();
9383
9384 if (req->ap_mld_addr)
9385 memcpy(assoc_data->ap_addr, req->ap_mld_addr, ETH_ALEN);
9386 else
9387 memcpy(assoc_data->ap_addr, cbss->bssid, ETH_ALEN);
9388
9389 assoc_data->ext_mld_capa_ops = cpu_to_le16(req->ext_mld_capa_ops);
9390
9391 if (ifmgd->associated) {
9392 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
9393
9394 sdata_info(sdata,
9395 "disconnect from AP %pM for new assoc to %pM\n",
9396 sdata->vif.cfg.ap_addr, assoc_data->ap_addr);
9397 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
9398 WLAN_REASON_UNSPECIFIED,
9399 false, frame_buf);
9400
9401 ieee80211_report_disconnect(sdata, frame_buf,
9402 sizeof(frame_buf), true,
9403 WLAN_REASON_UNSPECIFIED,
9404 false);
9405 }
9406
9407 memset(sdata->u.mgd.userspace_selectors, 0,
9408 sizeof(sdata->u.mgd.userspace_selectors));
9409 ieee80211_parse_cfg_selectors(sdata->u.mgd.userspace_selectors,
9410 req->supported_selectors,
9411 req->supported_selectors_len);
9412
9413 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
9414 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
9415 sizeof(ifmgd->ht_capa_mask));
9416
9417 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
9418 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
9419 sizeof(ifmgd->vht_capa_mask));
9420
9421 memcpy(&ifmgd->s1g_capa, &req->s1g_capa, sizeof(ifmgd->s1g_capa));
9422 memcpy(&ifmgd->s1g_capa_mask, &req->s1g_capa_mask,
9423 sizeof(ifmgd->s1g_capa_mask));
9424
9425 /* keep some setup (AP STA, channel, ...) if matching */
9426 match_auth = ifmgd->auth_data &&
9427 ether_addr_equal(ifmgd->auth_data->ap_addr,
9428 assoc_data->ap_addr) &&
9429 ifmgd->auth_data->link_id == req->link_id;
9430
9431 if (req->ap_mld_addr) {
9432 uapsd_supported = true;
9433
9434 if (req->flags & (ASSOC_REQ_DISABLE_HT |
9435 ASSOC_REQ_DISABLE_VHT |
9436 ASSOC_REQ_DISABLE_HE |
9437 ASSOC_REQ_DISABLE_EHT)) {
9438 err = -EINVAL;
9439 goto err_free;
9440 }
9441
9442 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
9443 struct ieee80211_supported_band *sband;
9444 struct cfg80211_bss *link_cbss = req->links[i].bss;
9445 struct ieee80211_bss *bss;
9446
9447 if (!link_cbss)
9448 continue;
9449
9450 bss = (void *)link_cbss->priv;
9451
9452 if (!bss->wmm_used) {
9453 err = -EINVAL;
9454 req->links[i].error = err;
9455 goto err_free;
9456 }
9457
9458 if (link_cbss->channel->band == NL80211_BAND_S1GHZ) {
9459 err = -EINVAL;
9460 req->links[i].error = err;
9461 goto err_free;
9462 }
9463
9464 link = sdata_dereference(sdata->link[i], sdata);
9465 if (link)
9466 ether_addr_copy(assoc_data->link[i].addr,
9467 link->conf->addr);
9468 else
9469 eth_random_addr(assoc_data->link[i].addr);
9470 sband = local->hw.wiphy->bands[link_cbss->channel->band];
9471
9472 if (match_auth && i == assoc_link_id && link)
9473 assoc_data->link[i].conn = link->u.mgd.conn;
9474 else
9475 assoc_data->link[i].conn =
9476 ieee80211_conn_settings_unlimited;
9477 ieee80211_determine_our_sta_mode_assoc(sdata, sband,
9478 req, true, i,
9479 &assoc_data->link[i].conn);
9480 assoc_data->link[i].bss = link_cbss;
9481 assoc_data->link[i].disabled = req->links[i].disabled;
9482
9483 if (!bss->uapsd_supported)
9484 uapsd_supported = false;
9485
9486 if (assoc_data->link[i].conn.mode < IEEE80211_CONN_MODE_EHT) {
9487 err = -EINVAL;
9488 req->links[i].error = err;
9489 goto err_free;
9490 }
9491
9492 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata,
9493 assoc_data, i);
9494 if (err) {
9495 err = -EINVAL;
9496 req->links[i].error = err;
9497 goto err_free;
9498 }
9499 }
9500
9501 assoc_data->wmm = true;
9502 } else {
9503 struct ieee80211_supported_band *sband;
9504 struct ieee80211_bss *bss = (void *)cbss->priv;
9505
9506 memcpy(assoc_data->link[0].addr, sdata->vif.addr, ETH_ALEN);
9507 assoc_data->s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
9508
9509 assoc_data->wmm = bss->wmm_used &&
9510 (local->hw.queues >= IEEE80211_NUM_ACS);
9511
9512 if (cbss->channel->band == NL80211_BAND_6GHZ &&
9513 req->flags & (ASSOC_REQ_DISABLE_HT |
9514 ASSOC_REQ_DISABLE_VHT |
9515 ASSOC_REQ_DISABLE_HE)) {
9516 err = -EINVAL;
9517 goto err_free;
9518 }
9519
9520 sband = local->hw.wiphy->bands[cbss->channel->band];
9521
9522 assoc_data->link[0].bss = cbss;
9523
9524 if (match_auth)
9525 assoc_data->link[0].conn = sdata->deflink.u.mgd.conn;
9526 else
9527 assoc_data->link[0].conn =
9528 ieee80211_conn_settings_unlimited;
9529 ieee80211_determine_our_sta_mode_assoc(sdata, sband, req,
9530 assoc_data->wmm, 0,
9531 &assoc_data->link[0].conn);
9532
9533 uapsd_supported = bss->uapsd_supported;
9534
9535 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata, assoc_data, 0);
9536 if (err)
9537 goto err_free;
9538 }
9539
9540 assoc_data->spp_amsdu = req->flags & ASSOC_REQ_SPP_AMSDU;
9541
9542 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
9543 err = -EBUSY;
9544 goto err_free;
9545 }
9546
9547 if (ifmgd->assoc_data) {
9548 err = -EBUSY;
9549 goto err_free;
9550 }
9551
9552 /* Cleanup is delayed if auth_data matches */
9553 if (ifmgd->auth_data && !match_auth)
9554 ieee80211_destroy_auth_data(sdata, false);
9555
9556 if (req->ie && req->ie_len) {
9557 memcpy(assoc_data->ie, req->ie, req->ie_len);
9558 assoc_data->ie_len = req->ie_len;
9559 assoc_data->ie_pos = assoc_data->ie + assoc_data->ie_len;
9560 } else {
9561 assoc_data->ie_pos = assoc_data->ie;
9562 }
9563
9564 if (req->fils_kek) {
9565 /* should already be checked in cfg80211 - so warn */
9566 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) {
9567 err = -EINVAL;
9568 goto err_free;
9569 }
9570 memcpy(assoc_data->fils_kek, req->fils_kek,
9571 req->fils_kek_len);
9572 assoc_data->fils_kek_len = req->fils_kek_len;
9573 }
9574
9575 if (req->fils_nonces)
9576 memcpy(assoc_data->fils_nonces, req->fils_nonces,
9577 2 * FILS_NONCE_LEN);
9578
9579 /* default timeout */
9580 assoc_data->timeout = jiffies;
9581 assoc_data->timeout_started = true;
9582
9583 assoc_data->assoc_link_id = assoc_link_id;
9584
9585 if (req->ap_mld_addr) {
9586 /* if there was no authentication, set up the link */
9587 err = ieee80211_vif_set_links(sdata, BIT(assoc_link_id), 0);
9588 if (err)
9589 goto err_clear;
9590 }
9591
9592 link = sdata_dereference(sdata->link[assoc_link_id], sdata);
9593 if (WARN_ON(!link)) {
9594 err = -EINVAL;
9595 goto err_clear;
9596 }
9597
9598 override = link->u.mgd.conn.mode !=
9599 assoc_data->link[assoc_link_id].conn.mode ||
9600 link->u.mgd.conn.bw_limit !=
9601 assoc_data->link[assoc_link_id].conn.bw_limit;
9602 link->u.mgd.conn = assoc_data->link[assoc_link_id].conn;
9603
9604 ieee80211_setup_assoc_link(sdata, assoc_data, req, &link->u.mgd.conn,
9605 assoc_link_id);
9606
9607 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) &&
9608 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK),
9609 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n"))
9610 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD;
9611
9612 if (assoc_data->wmm && uapsd_supported &&
9613 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) {
9614 assoc_data->uapsd = true;
9615 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
9616 } else {
9617 assoc_data->uapsd = false;
9618 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
9619 }
9620
9621 if (req->prev_bssid)
9622 memcpy(assoc_data->prev_ap_addr, req->prev_bssid, ETH_ALEN);
9623
9624 if (req->use_mfp) {
9625 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
9626 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
9627 } else {
9628 ifmgd->mfp = IEEE80211_MFP_DISABLED;
9629 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
9630 }
9631
9632 if (req->flags & ASSOC_REQ_USE_RRM)
9633 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM;
9634 else
9635 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM;
9636
9637 if (req->crypto.control_port)
9638 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
9639 else
9640 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
9641
9642 sdata->control_port_protocol = req->crypto.control_port_ethertype;
9643 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
9644 sdata->control_port_over_nl80211 =
9645 req->crypto.control_port_over_nl80211;
9646 sdata->control_port_no_preauth = req->crypto.control_port_no_preauth;
9647
9648 /* kick off associate process */
9649 ifmgd->assoc_data = assoc_data;
9650
9651 for (i = 0; i < ARRAY_SIZE(assoc_data->link); i++) {
9652 if (!assoc_data->link[i].bss)
9653 continue;
9654 if (i == assoc_data->assoc_link_id)
9655 continue;
9656 /* only calculate the mode, hence link == NULL */
9657 err = ieee80211_prep_channel(sdata, NULL, i,
9658 assoc_data->link[i].bss, true,
9659 &assoc_data->link[i].conn,
9660 sdata->u.mgd.userspace_selectors);
9661 if (err) {
9662 req->links[i].error = err;
9663 goto err_clear;
9664 }
9665 }
9666
9667 memcpy(vif_cfg->ssid, assoc_data->ssid, assoc_data->ssid_len);
9668 vif_cfg->ssid_len = assoc_data->ssid_len;
9669
9670 /* needed for transmitting the assoc frames properly */
9671 memcpy(sdata->vif.cfg.ap_addr, assoc_data->ap_addr, ETH_ALEN);
9672
9673 err = ieee80211_prep_connection(sdata, cbss, req->link_id,
9674 req->ap_mld_addr, true,
9675 &assoc_data->link[assoc_link_id].conn,
9676 override,
9677 sdata->u.mgd.userspace_selectors);
9678 if (err)
9679 goto err_clear;
9680
9681 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC)) {
9682 const struct cfg80211_bss_ies *beacon_ies;
9683
9684 rcu_read_lock();
9685 beacon_ies = rcu_dereference(req->bss->beacon_ies);
9686 if (!beacon_ies) {
9687 /*
9688 * Wait up to one beacon interval ...
9689 * should this be more if we miss one?
9690 */
9691 sdata_info(sdata, "waiting for beacon from %pM\n",
9692 link->u.mgd.bssid);
9693 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
9694 assoc_data->timeout_started = true;
9695 assoc_data->need_beacon = true;
9696 }
9697 rcu_read_unlock();
9698 }
9699
9700 run_again(sdata, assoc_data->timeout);
9701
9702 /* We are associating, clean up auth_data */
9703 if (ifmgd->auth_data)
9704 ieee80211_destroy_auth_data(sdata, true);
9705
9706 return 0;
9707 err_clear:
9708 if (!ifmgd->auth_data) {
9709 eth_zero_addr(sdata->deflink.u.mgd.bssid);
9710 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
9711 BSS_CHANGED_BSSID);
9712 }
9713 ifmgd->assoc_data = NULL;
9714 err_free:
9715 kfree(assoc_data);
9716 return err;
9717 }
9718
ieee80211_mgd_deauth(struct ieee80211_sub_if_data * sdata,struct cfg80211_deauth_request * req)9719 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
9720 struct cfg80211_deauth_request *req)
9721 {
9722 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
9723 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
9724 bool tx = !req->local_state_change;
9725 struct ieee80211_prep_tx_info info = {
9726 .subtype = IEEE80211_STYPE_DEAUTH,
9727 };
9728
9729 if (ifmgd->auth_data &&
9730 ether_addr_equal(ifmgd->auth_data->ap_addr, req->bssid)) {
9731 sdata_info(sdata,
9732 "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
9733 req->bssid, req->reason_code,
9734 ieee80211_get_reason_code_string(req->reason_code));
9735
9736 info.link_id = ifmgd->auth_data->link_id;
9737 drv_mgd_prepare_tx(sdata->local, sdata, &info);
9738 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
9739 IEEE80211_STYPE_DEAUTH,
9740 req->reason_code, tx,
9741 frame_buf);
9742 ieee80211_destroy_auth_data(sdata, false);
9743 ieee80211_report_disconnect(sdata, frame_buf,
9744 sizeof(frame_buf), true,
9745 req->reason_code, false);
9746 drv_mgd_complete_tx(sdata->local, sdata, &info);
9747 return 0;
9748 }
9749
9750 if (ifmgd->assoc_data &&
9751 ether_addr_equal(ifmgd->assoc_data->ap_addr, req->bssid)) {
9752 sdata_info(sdata,
9753 "aborting association with %pM by local choice (Reason: %u=%s)\n",
9754 req->bssid, req->reason_code,
9755 ieee80211_get_reason_code_string(req->reason_code));
9756
9757 info.link_id = ifmgd->assoc_data->assoc_link_id;
9758 drv_mgd_prepare_tx(sdata->local, sdata, &info);
9759 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
9760 IEEE80211_STYPE_DEAUTH,
9761 req->reason_code, tx,
9762 frame_buf);
9763 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
9764 ieee80211_report_disconnect(sdata, frame_buf,
9765 sizeof(frame_buf), true,
9766 req->reason_code, false);
9767 drv_mgd_complete_tx(sdata->local, sdata, &info);
9768 return 0;
9769 }
9770
9771 if (ifmgd->associated &&
9772 ether_addr_equal(sdata->vif.cfg.ap_addr, req->bssid)) {
9773 sdata_info(sdata,
9774 "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
9775 req->bssid, req->reason_code,
9776 ieee80211_get_reason_code_string(req->reason_code));
9777
9778 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
9779 req->reason_code, tx, frame_buf);
9780 ieee80211_report_disconnect(sdata, frame_buf,
9781 sizeof(frame_buf), true,
9782 req->reason_code, false);
9783 return 0;
9784 }
9785
9786 return -ENOTCONN;
9787 }
9788
ieee80211_mgd_disassoc(struct ieee80211_sub_if_data * sdata,struct cfg80211_disassoc_request * req)9789 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
9790 struct cfg80211_disassoc_request *req)
9791 {
9792 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
9793
9794 if (!sdata->u.mgd.associated ||
9795 memcmp(sdata->vif.cfg.ap_addr, req->ap_addr, ETH_ALEN))
9796 return -ENOTCONN;
9797
9798 sdata_info(sdata,
9799 "disassociating from %pM by local choice (Reason: %u=%s)\n",
9800 req->ap_addr, req->reason_code,
9801 ieee80211_get_reason_code_string(req->reason_code));
9802
9803 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
9804 req->reason_code, !req->local_state_change,
9805 frame_buf);
9806
9807 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
9808 req->reason_code, false);
9809
9810 return 0;
9811 }
9812
ieee80211_mgd_stop_link(struct ieee80211_link_data * link)9813 void ieee80211_mgd_stop_link(struct ieee80211_link_data *link)
9814 {
9815 wiphy_work_cancel(link->sdata->local->hw.wiphy,
9816 &link->u.mgd.request_smps_work);
9817 wiphy_work_cancel(link->sdata->local->hw.wiphy,
9818 &link->u.mgd.recalc_smps);
9819 wiphy_delayed_work_cancel(link->sdata->local->hw.wiphy,
9820 &link->u.mgd.csa.switch_work);
9821 }
9822
ieee80211_mgd_stop(struct ieee80211_sub_if_data * sdata)9823 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
9824 {
9825 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
9826
9827 /*
9828 * Make sure some work items will not run after this,
9829 * they will not do anything but might not have been
9830 * cancelled when disconnecting.
9831 */
9832 wiphy_work_cancel(sdata->local->hw.wiphy,
9833 &ifmgd->monitor_work);
9834 wiphy_work_cancel(sdata->local->hw.wiphy,
9835 &ifmgd->beacon_connection_loss_work);
9836 wiphy_work_cancel(sdata->local->hw.wiphy,
9837 &ifmgd->csa_connection_drop_work);
9838 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
9839 &ifmgd->tdls_peer_del_work);
9840
9841 if (ifmgd->assoc_data)
9842 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
9843 if (ifmgd->auth_data)
9844 ieee80211_destroy_auth_data(sdata, false);
9845 spin_lock_bh(&ifmgd->teardown_lock);
9846 if (ifmgd->teardown_skb) {
9847 kfree_skb(ifmgd->teardown_skb);
9848 ifmgd->teardown_skb = NULL;
9849 ifmgd->orig_teardown_skb = NULL;
9850 }
9851 kfree(ifmgd->assoc_req_ies);
9852 ifmgd->assoc_req_ies = NULL;
9853 ifmgd->assoc_req_ies_len = 0;
9854 spin_unlock_bh(&ifmgd->teardown_lock);
9855 del_timer_sync(&ifmgd->timer);
9856 }
9857
ieee80211_cqm_rssi_notify(struct ieee80211_vif * vif,enum nl80211_cqm_rssi_threshold_event rssi_event,s32 rssi_level,gfp_t gfp)9858 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
9859 enum nl80211_cqm_rssi_threshold_event rssi_event,
9860 s32 rssi_level,
9861 gfp_t gfp)
9862 {
9863 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
9864
9865 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level);
9866
9867 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp);
9868 }
9869 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
9870
ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif * vif,gfp_t gfp)9871 void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp)
9872 {
9873 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
9874
9875 trace_api_cqm_beacon_loss_notify(sdata->local, sdata);
9876
9877 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp);
9878 }
9879 EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify);
9880
_ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data * sdata,int rssi_min_thold,int rssi_max_thold)9881 static void _ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data *sdata,
9882 int rssi_min_thold,
9883 int rssi_max_thold)
9884 {
9885 trace_api_enable_rssi_reports(sdata, rssi_min_thold, rssi_max_thold);
9886
9887 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
9888 return;
9889
9890 /*
9891 * Scale up threshold values before storing it, as the RSSI averaging
9892 * algorithm uses a scaled up value as well. Change this scaling
9893 * factor if the RSSI averaging algorithm changes.
9894 */
9895 sdata->u.mgd.rssi_min_thold = rssi_min_thold*16;
9896 sdata->u.mgd.rssi_max_thold = rssi_max_thold*16;
9897 }
9898
ieee80211_enable_rssi_reports(struct ieee80211_vif * vif,int rssi_min_thold,int rssi_max_thold)9899 void ieee80211_enable_rssi_reports(struct ieee80211_vif *vif,
9900 int rssi_min_thold,
9901 int rssi_max_thold)
9902 {
9903 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
9904
9905 WARN_ON(rssi_min_thold == rssi_max_thold ||
9906 rssi_min_thold > rssi_max_thold);
9907
9908 _ieee80211_enable_rssi_reports(sdata, rssi_min_thold,
9909 rssi_max_thold);
9910 }
9911 EXPORT_SYMBOL(ieee80211_enable_rssi_reports);
9912
ieee80211_disable_rssi_reports(struct ieee80211_vif * vif)9913 void ieee80211_disable_rssi_reports(struct ieee80211_vif *vif)
9914 {
9915 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
9916
9917 _ieee80211_enable_rssi_reports(sdata, 0, 0);
9918 }
9919 EXPORT_SYMBOL(ieee80211_disable_rssi_reports);
9920
ieee80211_process_ml_reconf_resp(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)9921 void ieee80211_process_ml_reconf_resp(struct ieee80211_sub_if_data *sdata,
9922 struct ieee80211_mgmt *mgmt, size_t len)
9923 {
9924 struct ieee80211_local *local = sdata->local;
9925 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
9926 struct ieee80211_mgd_assoc_data *add_links_data =
9927 ifmgd->reconf.add_links_data;
9928 struct sta_info *sta;
9929 struct cfg80211_mlo_reconf_done_data done_data = {};
9930 u16 sta_changed_links = sdata->u.mgd.reconf.added_links |
9931 sdata->u.mgd.reconf.removed_links;
9932 u16 link_mask, valid_links;
9933 unsigned int link_id;
9934 size_t orig_len = len;
9935 u8 i, group_key_data_len;
9936 u8 *pos;
9937
9938 if (!ieee80211_vif_is_mld(&sdata->vif) ||
9939 len < offsetofend(typeof(*mgmt), u.action.u.ml_reconf_resp) ||
9940 mgmt->u.action.u.ml_reconf_resp.dialog_token !=
9941 sdata->u.mgd.reconf.dialog_token ||
9942 !sta_changed_links)
9943 return;
9944
9945 pos = mgmt->u.action.u.ml_reconf_resp.variable;
9946 len -= offsetofend(typeof(*mgmt), u.action.u.ml_reconf_resp);
9947
9948 /* each status duple is 3 octets */
9949 if (len < mgmt->u.action.u.ml_reconf_resp.count * 3) {
9950 sdata_info(sdata,
9951 "mlo: reconf: unexpected len=%zu, count=%u\n",
9952 len, mgmt->u.action.u.ml_reconf_resp.count);
9953 goto disconnect;
9954 }
9955
9956 link_mask = sta_changed_links;
9957 for (i = 0; i < mgmt->u.action.u.ml_reconf_resp.count; i++) {
9958 u16 status = get_unaligned_le16(pos + 1);
9959
9960 link_id = *pos;
9961
9962 if (!(link_mask & BIT(link_id))) {
9963 sdata_info(sdata,
9964 "mlo: reconf: unexpected link: %u, changed=0x%x\n",
9965 link_id, sta_changed_links);
9966 goto disconnect;
9967 }
9968
9969 /* clear the corresponding link, to detect the case that
9970 * the same link was included more than one time
9971 */
9972 link_mask &= ~BIT(link_id);
9973
9974 /* Handle failure to remove links here. Failure to remove added
9975 * links will be done later in the flow.
9976 */
9977 if (status != WLAN_STATUS_SUCCESS) {
9978 sdata_info(sdata,
9979 "mlo: reconf: failed on link=%u, status=%u\n",
9980 link_id, status);
9981
9982 /* The AP MLD failed to remove a link that was already
9983 * removed locally. As this is not expected behavior,
9984 * disconnect
9985 */
9986 if (sdata->u.mgd.reconf.removed_links & BIT(link_id))
9987 goto disconnect;
9988
9989 /* The AP MLD failed to add a link. Remove it from the
9990 * added links.
9991 */
9992 sdata->u.mgd.reconf.added_links &= ~BIT(link_id);
9993 }
9994
9995 pos += 3;
9996 len -= 3;
9997 }
9998
9999 if (link_mask) {
10000 sdata_info(sdata,
10001 "mlo: reconf: no response for links=0x%x\n",
10002 link_mask);
10003 goto disconnect;
10004 }
10005
10006 if (!sdata->u.mgd.reconf.added_links)
10007 goto out;
10008
10009 if (len < 1 || len < 1 + *pos) {
10010 sdata_info(sdata,
10011 "mlo: reconf: invalid group key data length");
10012 goto disconnect;
10013 }
10014
10015 /* The Group Key Data field must be present when links are added. This
10016 * field should be processed by userland.
10017 */
10018 group_key_data_len = *pos++;
10019
10020 pos += group_key_data_len;
10021 len -= group_key_data_len + 1;
10022
10023 /* Process the information for the added links */
10024 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
10025 if (WARN_ON(!sta))
10026 goto disconnect;
10027
10028 valid_links = sdata->vif.valid_links;
10029 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10030 if (!add_links_data->link[link_id].bss ||
10031 !(sdata->u.mgd.reconf.added_links & BIT(link_id)))
10032
10033 continue;
10034
10035 valid_links |= BIT(link_id);
10036 if (ieee80211_sta_allocate_link(sta, link_id))
10037 goto disconnect;
10038 }
10039
10040 ieee80211_vif_set_links(sdata, valid_links, sdata->vif.dormant_links);
10041 link_mask = 0;
10042 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10043 struct cfg80211_bss *cbss = add_links_data->link[link_id].bss;
10044 struct ieee80211_link_data *link;
10045 struct link_sta_info *link_sta;
10046 u64 changed = 0;
10047
10048 if (!cbss)
10049 continue;
10050
10051 link = sdata_dereference(sdata->link[link_id], sdata);
10052 if (WARN_ON(!link))
10053 goto disconnect;
10054
10055 link_info(link,
10056 "mlo: reconf: local address %pM, AP link address %pM\n",
10057 add_links_data->link[link_id].addr,
10058 add_links_data->link[link_id].bss->bssid);
10059
10060 link_sta = rcu_dereference_protected(sta->link[link_id],
10061 lockdep_is_held(&local->hw.wiphy->mtx));
10062 if (WARN_ON(!link_sta))
10063 goto disconnect;
10064
10065 if (!link->u.mgd.have_beacon) {
10066 const struct cfg80211_bss_ies *ies;
10067
10068 rcu_read_lock();
10069 ies = rcu_dereference(cbss->beacon_ies);
10070 if (ies)
10071 link->u.mgd.have_beacon = true;
10072 else
10073 ies = rcu_dereference(cbss->ies);
10074 ieee80211_get_dtim(ies,
10075 &link->conf->sync_dtim_count,
10076 &link->u.mgd.dtim_period);
10077 link->conf->beacon_int = cbss->beacon_interval;
10078 rcu_read_unlock();
10079 }
10080
10081 link->conf->dtim_period = link->u.mgd.dtim_period ?: 1;
10082
10083 link->u.mgd.conn = add_links_data->link[link_id].conn;
10084 if (ieee80211_prep_channel(sdata, link, link_id, cbss,
10085 true, &link->u.mgd.conn,
10086 sdata->u.mgd.userspace_selectors)) {
10087 link_info(link, "mlo: reconf: prep_channel failed\n");
10088 goto disconnect;
10089 }
10090
10091 if (ieee80211_mgd_setup_link_sta(link, sta, link_sta,
10092 add_links_data->link[link_id].bss))
10093 goto disconnect;
10094
10095 if (!ieee80211_assoc_config_link(link, link_sta,
10096 add_links_data->link[link_id].bss,
10097 mgmt, pos, len,
10098 &changed))
10099 goto disconnect;
10100
10101 /* The AP MLD indicated success for this link, but the station
10102 * profile status indicated otherwise. Since there is an
10103 * inconsistency in the ML reconfiguration response, disconnect
10104 */
10105 if (add_links_data->link[link_id].status != WLAN_STATUS_SUCCESS)
10106 goto disconnect;
10107
10108 ieee80211_sta_init_nss(link_sta);
10109 if (ieee80211_sta_activate_link(sta, link_id))
10110 goto disconnect;
10111
10112 changed |= ieee80211_link_set_associated(link, cbss);
10113 ieee80211_link_info_change_notify(sdata, link, changed);
10114
10115 ieee80211_recalc_smps(sdata, link);
10116 link_mask |= BIT(link_id);
10117 }
10118
10119 sdata_info(sdata,
10120 "mlo: reconf: current valid_links=0x%x, added=0x%x\n",
10121 valid_links, link_mask);
10122
10123 /* links might have changed due to rejected ones, set them again */
10124 ieee80211_vif_set_links(sdata, valid_links, sdata->vif.dormant_links);
10125 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_VALID_LINKS);
10126
10127 ieee80211_recalc_ps(local);
10128 ieee80211_recalc_ps_vif(sdata);
10129
10130 done_data.buf = (const u8 *)mgmt;
10131 done_data.len = orig_len;
10132 done_data.added_links = link_mask;
10133
10134 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10135 done_data.links[link_id].bss = add_links_data->link[link_id].bss;
10136 done_data.links[link_id].addr =
10137 add_links_data->link[link_id].addr;
10138 }
10139
10140 cfg80211_mlo_reconf_add_done(sdata->dev, &done_data);
10141 kfree(sdata->u.mgd.reconf.add_links_data);
10142 sdata->u.mgd.reconf.add_links_data = NULL;
10143 out:
10144 ieee80211_ml_reconf_reset(sdata);
10145 return;
10146
10147 disconnect:
10148 __ieee80211_disconnect(sdata);
10149 }
10150
10151 static struct sk_buff *
ieee80211_build_ml_reconf_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * add_links_data,u16 removed_links,__le16 ext_mld_capa_ops)10152 ieee80211_build_ml_reconf_req(struct ieee80211_sub_if_data *sdata,
10153 struct ieee80211_mgd_assoc_data *add_links_data,
10154 u16 removed_links, __le16 ext_mld_capa_ops)
10155 {
10156 struct ieee80211_local *local = sdata->local;
10157 struct ieee80211_mgmt *mgmt;
10158 struct ieee80211_multi_link_elem *ml_elem;
10159 struct ieee80211_mle_basic_common_info *common;
10160 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
10161 struct sk_buff *skb;
10162 size_t size;
10163 unsigned int link_id;
10164 __le16 eml_capa = 0, mld_capa_ops = 0;
10165 struct ieee80211_tx_info *info;
10166 u8 common_size, var_common_size;
10167 u8 *ml_elem_len;
10168 u16 capab = 0;
10169
10170 size = local->hw.extra_tx_headroom + sizeof(*mgmt);
10171
10172 /* Consider the maximal length of the reconfiguration ML element */
10173 size += sizeof(struct ieee80211_multi_link_elem);
10174
10175 /* The Basic ML element and the Reconfiguration ML element have the same
10176 * fixed common information fields in the context of ML reconfiguration
10177 * action frame. The AP MLD MAC address must always be present
10178 */
10179 common_size = sizeof(*common);
10180
10181 /* when adding links, the MLD capabilities must be present */
10182 var_common_size = 0;
10183 if (add_links_data) {
10184 const struct wiphy_iftype_ext_capab *ift_ext_capa =
10185 cfg80211_get_iftype_ext_capa(local->hw.wiphy,
10186 ieee80211_vif_type_p2p(&sdata->vif));
10187
10188 if (ift_ext_capa) {
10189 eml_capa = cpu_to_le16(ift_ext_capa->eml_capabilities);
10190 mld_capa_ops =
10191 cpu_to_le16(ift_ext_capa->mld_capa_and_ops);
10192 }
10193
10194 /* MLD capabilities and operation */
10195 var_common_size += 2;
10196
10197 /* EML capabilities */
10198 if (eml_capa & cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP |
10199 IEEE80211_EML_CAP_EMLMR_SUPPORT)))
10200 var_common_size += 2;
10201 }
10202
10203 if (ext_mld_capa_ops)
10204 var_common_size += 2;
10205
10206 /* Add the common information length */
10207 size += common_size + var_common_size;
10208
10209 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10210 struct cfg80211_bss *cbss;
10211 size_t elems_len;
10212
10213 if (removed_links & BIT(link_id)) {
10214 size += sizeof(struct ieee80211_mle_per_sta_profile) +
10215 ETH_ALEN;
10216 continue;
10217 }
10218
10219 if (!add_links_data || !add_links_data->link[link_id].bss)
10220 continue;
10221
10222 elems_len = add_links_data->link[link_id].elems_len;
10223 cbss = add_links_data->link[link_id].bss;
10224
10225 /* should be the same across all BSSes */
10226 if (cbss->capability & WLAN_CAPABILITY_PRIVACY)
10227 capab |= WLAN_CAPABILITY_PRIVACY;
10228
10229 size += 2 + sizeof(struct ieee80211_mle_per_sta_profile) +
10230 ETH_ALEN;
10231
10232 /* WMM */
10233 size += 9;
10234 size += ieee80211_link_common_elems_size(sdata, iftype, cbss,
10235 elems_len);
10236 }
10237
10238 skb = alloc_skb(size, GFP_KERNEL);
10239 if (!skb)
10240 return NULL;
10241
10242 skb_reserve(skb, local->hw.extra_tx_headroom);
10243 mgmt = skb_put_zero(skb, offsetofend(struct ieee80211_mgmt,
10244 u.action.u.ml_reconf_req));
10245
10246 /* Add the MAC header */
10247 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
10248 IEEE80211_STYPE_ACTION);
10249 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
10250 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
10251 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
10252
10253 /* Add the action frame fixed fields */
10254 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
10255 mgmt->u.action.u.ml_reconf_req.action_code =
10256 WLAN_PROTECTED_EHT_ACTION_LINK_RECONFIG_REQ;
10257
10258 /* allocate a dialog token and store it */
10259 sdata->u.mgd.reconf.dialog_token = ++sdata->u.mgd.dialog_token_alloc;
10260 mgmt->u.action.u.ml_reconf_req.dialog_token =
10261 sdata->u.mgd.reconf.dialog_token;
10262
10263 /* Add the ML reconfiguration element and the common information */
10264 skb_put_u8(skb, WLAN_EID_EXTENSION);
10265 ml_elem_len = skb_put(skb, 1);
10266 skb_put_u8(skb, WLAN_EID_EXT_EHT_MULTI_LINK);
10267 ml_elem = skb_put(skb, sizeof(*ml_elem));
10268 ml_elem->control =
10269 cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_RECONF |
10270 IEEE80211_MLC_RECONF_PRES_MLD_MAC_ADDR);
10271 common = skb_put(skb, common_size);
10272 common->len = common_size + var_common_size;
10273 memcpy(common->mld_mac_addr, sdata->vif.addr, ETH_ALEN);
10274
10275 if (add_links_data) {
10276 if (eml_capa &
10277 cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP |
10278 IEEE80211_EML_CAP_EMLMR_SUPPORT))) {
10279 ml_elem->control |=
10280 cpu_to_le16(IEEE80211_MLC_RECONF_PRES_EML_CAPA);
10281 skb_put_data(skb, &eml_capa, sizeof(eml_capa));
10282 }
10283
10284 ml_elem->control |=
10285 cpu_to_le16(IEEE80211_MLC_RECONF_PRES_MLD_CAPA_OP);
10286
10287 skb_put_data(skb, &mld_capa_ops, sizeof(mld_capa_ops));
10288 }
10289
10290 if (ext_mld_capa_ops) {
10291 ml_elem->control |=
10292 cpu_to_le16(IEEE80211_MLC_RECONF_PRES_EXT_MLD_CAPA_OP);
10293 skb_put_data(skb, &ext_mld_capa_ops, sizeof(ext_mld_capa_ops));
10294 }
10295
10296 if (sdata->u.mgd.flags & IEEE80211_STA_ENABLE_RRM)
10297 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
10298
10299 /* Add the per station profile */
10300 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10301 u8 *subelem_len = NULL;
10302 u16 ctrl;
10303 const u8 *addr;
10304
10305 /* Skip links that are not changing */
10306 if (!(removed_links & BIT(link_id)) &&
10307 (!add_links_data || !add_links_data->link[link_id].bss))
10308 continue;
10309
10310 ctrl = link_id |
10311 IEEE80211_MLE_STA_RECONF_CONTROL_STA_MAC_ADDR_PRESENT;
10312
10313 if (removed_links & BIT(link_id)) {
10314 struct ieee80211_bss_conf *conf =
10315 sdata_dereference(sdata->vif.link_conf[link_id],
10316 sdata);
10317 if (!conf)
10318 continue;
10319
10320 addr = conf->addr;
10321 ctrl |= u16_encode_bits(IEEE80211_MLE_STA_RECONF_CONTROL_OPERATION_TYPE_DEL_LINK,
10322 IEEE80211_MLE_STA_RECONF_CONTROL_OPERATION_TYPE);
10323 } else {
10324 addr = add_links_data->link[link_id].addr;
10325 ctrl |= IEEE80211_MLE_STA_RECONF_CONTROL_COMPLETE_PROFILE |
10326 u16_encode_bits(IEEE80211_MLE_STA_RECONF_CONTROL_OPERATION_TYPE_ADD_LINK,
10327 IEEE80211_MLE_STA_RECONF_CONTROL_OPERATION_TYPE);
10328 }
10329
10330 skb_put_u8(skb, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE);
10331 subelem_len = skb_put(skb, 1);
10332
10333 put_unaligned_le16(ctrl, skb_put(skb, sizeof(ctrl)));
10334 skb_put_u8(skb, 1 + ETH_ALEN);
10335 skb_put_data(skb, addr, ETH_ALEN);
10336
10337 if (!(removed_links & BIT(link_id))) {
10338 u16 link_present_elems[PRESENT_ELEMS_MAX] = {};
10339 size_t extra_used;
10340 void *capab_pos;
10341 u8 qos_info;
10342
10343 capab_pos = skb_put(skb, 2);
10344
10345 extra_used =
10346 ieee80211_add_link_elems(sdata, skb, &capab, NULL,
10347 add_links_data->link[link_id].elems,
10348 add_links_data->link[link_id].elems_len,
10349 link_id, NULL,
10350 link_present_elems,
10351 add_links_data);
10352
10353 if (add_links_data->link[link_id].elems)
10354 skb_put_data(skb,
10355 add_links_data->link[link_id].elems +
10356 extra_used,
10357 add_links_data->link[link_id].elems_len -
10358 extra_used);
10359 if (sdata->u.mgd.flags & IEEE80211_STA_UAPSD_ENABLED) {
10360 qos_info = sdata->u.mgd.uapsd_queues;
10361 qos_info |= (sdata->u.mgd.uapsd_max_sp_len <<
10362 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
10363 } else {
10364 qos_info = 0;
10365 }
10366
10367 ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
10368 put_unaligned_le16(capab, capab_pos);
10369 }
10370
10371 ieee80211_fragment_element(skb, subelem_len,
10372 IEEE80211_MLE_SUBELEM_FRAGMENT);
10373 }
10374
10375 ieee80211_fragment_element(skb, ml_elem_len, WLAN_EID_FRAGMENT);
10376
10377 info = IEEE80211_SKB_CB(skb);
10378 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
10379
10380 return skb;
10381 }
10382
ieee80211_mgd_assoc_ml_reconf(struct ieee80211_sub_if_data * sdata,struct cfg80211_ml_reconf_req * req)10383 int ieee80211_mgd_assoc_ml_reconf(struct ieee80211_sub_if_data *sdata,
10384 struct cfg80211_ml_reconf_req *req)
10385 {
10386 struct ieee80211_local *local = sdata->local;
10387 struct ieee80211_mgd_assoc_data *data = NULL;
10388 struct sta_info *sta;
10389 struct sk_buff *skb;
10390 u16 added_links, new_valid_links;
10391 int link_id, err;
10392
10393 if (!ieee80211_vif_is_mld(&sdata->vif) ||
10394 !(sdata->vif.cfg.mld_capa_op &
10395 IEEE80211_MLD_CAP_OP_LINK_RECONF_SUPPORT))
10396 return -EINVAL;
10397
10398 /* No support for concurrent ML reconfiguration operation */
10399 if (sdata->u.mgd.reconf.added_links ||
10400 sdata->u.mgd.reconf.removed_links)
10401 return -EBUSY;
10402
10403 added_links = 0;
10404 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10405 if (!req->add_links[link_id].bss)
10406 continue;
10407
10408 added_links |= BIT(link_id);
10409 }
10410
10411 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
10412 if (WARN_ON(!sta))
10413 return -ENOLINK;
10414
10415 /* Adding links to the set of valid link is done only after a successful
10416 * ML reconfiguration frame exchange. Here prepare the data for the ML
10417 * reconfiguration frame construction and allocate the required
10418 * resources
10419 */
10420 if (added_links) {
10421 bool uapsd_supported;
10422
10423 data = kzalloc(sizeof(*data), GFP_KERNEL);
10424 if (!data)
10425 return -ENOMEM;
10426
10427 data->assoc_link_id = -1;
10428 data->wmm = true;
10429
10430 uapsd_supported = true;
10431 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
10432 link_id++) {
10433 struct ieee80211_supported_band *sband;
10434 struct cfg80211_bss *link_cbss =
10435 req->add_links[link_id].bss;
10436 struct ieee80211_bss *bss;
10437
10438 if (!link_cbss)
10439 continue;
10440
10441 bss = (void *)link_cbss->priv;
10442
10443 if (!bss->wmm_used) {
10444 err = -EINVAL;
10445 goto err_free;
10446 }
10447
10448 if (link_cbss->channel->band == NL80211_BAND_S1GHZ) {
10449 err = -EINVAL;
10450 goto err_free;
10451 }
10452
10453 eth_random_addr(data->link[link_id].addr);
10454 data->link[link_id].conn =
10455 ieee80211_conn_settings_unlimited;
10456 sband =
10457 local->hw.wiphy->bands[link_cbss->channel->band];
10458
10459 ieee80211_determine_our_sta_mode(sdata, sband,
10460 NULL, true, link_id,
10461 &data->link[link_id].conn);
10462
10463 data->link[link_id].bss = link_cbss;
10464 data->link[link_id].disabled =
10465 req->add_links[link_id].disabled;
10466 data->link[link_id].elems =
10467 (u8 *)req->add_links[link_id].elems;
10468 data->link[link_id].elems_len =
10469 req->add_links[link_id].elems_len;
10470
10471 if (!bss->uapsd_supported)
10472 uapsd_supported = false;
10473
10474 if (data->link[link_id].conn.mode <
10475 IEEE80211_CONN_MODE_EHT) {
10476 err = -EINVAL;
10477 goto err_free;
10478 }
10479
10480 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata, data,
10481 link_id);
10482 if (err) {
10483 err = -EINVAL;
10484 goto err_free;
10485 }
10486 }
10487
10488 /* Require U-APSD support if we enabled it */
10489 if (sdata->u.mgd.flags & IEEE80211_STA_UAPSD_ENABLED &&
10490 !uapsd_supported) {
10491 err = -EINVAL;
10492 sdata_info(sdata, "U-APSD on but not available on (all) new links\n");
10493 goto err_free;
10494 }
10495
10496 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
10497 link_id++) {
10498 if (!data->link[link_id].bss)
10499 continue;
10500
10501 /* only used to verify the mode, nothing is allocated */
10502 err = ieee80211_prep_channel(sdata, NULL, link_id,
10503 data->link[link_id].bss,
10504 true,
10505 &data->link[link_id].conn,
10506 sdata->u.mgd.userspace_selectors);
10507 if (err)
10508 goto err_free;
10509 }
10510 }
10511
10512 /* link removal is done before the ML reconfiguration frame exchange so
10513 * that these links will not be used between their removal by the AP MLD
10514 * and before the station got the ML reconfiguration response. Based on
10515 * Section 35.3.6.4 in Draft P802.11be_D7.0 the AP MLD should accept the
10516 * link removal request.
10517 */
10518 if (req->rem_links) {
10519 u16 new_active_links =
10520 sdata->vif.active_links & ~req->rem_links;
10521
10522 new_valid_links = sdata->vif.valid_links & ~req->rem_links;
10523
10524 /* Should not be left with no valid links to perform the
10525 * ML reconfiguration
10526 */
10527 if (!new_valid_links ||
10528 !(new_valid_links & ~sdata->vif.dormant_links)) {
10529 sdata_info(sdata, "mlo: reconf: no valid links\n");
10530 err = -EINVAL;
10531 goto err_free;
10532 }
10533
10534 if (new_active_links != sdata->vif.active_links) {
10535 if (!new_active_links)
10536 new_active_links =
10537 BIT(__ffs(new_valid_links &
10538 ~sdata->vif.dormant_links));
10539
10540 err = ieee80211_set_active_links(&sdata->vif,
10541 new_active_links);
10542 if (err) {
10543 sdata_info(sdata,
10544 "mlo: reconf: failed set active links\n");
10545 goto err_free;
10546 }
10547 }
10548 }
10549
10550 /* Build the SKB before the link removal as the construction of the
10551 * station info for removed links requires the local address.
10552 * Invalidate the removed links, so that the transmission of the ML
10553 * reconfiguration request frame would not be done using them, as the AP
10554 * is expected to send the ML reconfiguration response frame on the link
10555 * on which the request was received.
10556 */
10557 skb = ieee80211_build_ml_reconf_req(sdata, data, req->rem_links,
10558 cpu_to_le16(req->ext_mld_capa_ops));
10559 if (!skb) {
10560 err = -ENOMEM;
10561 goto err_free;
10562 }
10563
10564 if (req->rem_links) {
10565 u16 new_dormant_links =
10566 sdata->vif.dormant_links & ~req->rem_links;
10567
10568 err = ieee80211_vif_set_links(sdata, new_valid_links,
10569 new_dormant_links);
10570 if (err) {
10571 sdata_info(sdata,
10572 "mlo: reconf: failed set valid links\n");
10573 kfree_skb(skb);
10574 goto err_free;
10575 }
10576
10577 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
10578 link_id++) {
10579 if (!(req->rem_links & BIT(link_id)))
10580 continue;
10581
10582 ieee80211_sta_remove_link(sta, link_id);
10583 }
10584
10585 /* notify the driver and upper layers */
10586 ieee80211_vif_cfg_change_notify(sdata,
10587 BSS_CHANGED_MLD_VALID_LINKS);
10588 cfg80211_links_removed(sdata->dev, req->rem_links);
10589 }
10590
10591 sdata_info(sdata, "mlo: reconf: adding=0x%x, removed=0x%x\n",
10592 added_links, req->rem_links);
10593
10594 ieee80211_tx_skb(sdata, skb);
10595
10596 sdata->u.mgd.reconf.added_links = added_links;
10597 sdata->u.mgd.reconf.add_links_data = data;
10598 sdata->u.mgd.reconf.removed_links = req->rem_links;
10599 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
10600 &sdata->u.mgd.reconf.wk,
10601 IEEE80211_ASSOC_TIMEOUT_SHORT);
10602 return 0;
10603
10604 err_free:
10605 kfree(data);
10606 return err;
10607 }
10608
ieee80211_mgd_epcs_supp(struct ieee80211_sub_if_data * sdata)10609 static bool ieee80211_mgd_epcs_supp(struct ieee80211_sub_if_data *sdata)
10610 {
10611 unsigned long valid_links = sdata->vif.valid_links;
10612 u8 link_id;
10613
10614 lockdep_assert_wiphy(sdata->local->hw.wiphy);
10615
10616 if (!ieee80211_vif_is_mld(&sdata->vif))
10617 return false;
10618
10619 for_each_set_bit(link_id, &valid_links, IEEE80211_MLD_MAX_NUM_LINKS) {
10620 struct ieee80211_bss_conf *bss_conf =
10621 sdata_dereference(sdata->vif.link_conf[link_id], sdata);
10622
10623 if (WARN_ON(!bss_conf) || !bss_conf->epcs_support)
10624 return false;
10625 }
10626
10627 return true;
10628 }
10629
ieee80211_mgd_set_epcs(struct ieee80211_sub_if_data * sdata,bool enable)10630 int ieee80211_mgd_set_epcs(struct ieee80211_sub_if_data *sdata, bool enable)
10631 {
10632 struct ieee80211_local *local = sdata->local;
10633 struct ieee80211_mgmt *mgmt;
10634 struct sk_buff *skb;
10635 int frame_len = offsetofend(struct ieee80211_mgmt,
10636 u.action.u.epcs) + (enable ? 1 : 0);
10637
10638 if (!ieee80211_mgd_epcs_supp(sdata))
10639 return -EINVAL;
10640
10641 if (sdata->u.mgd.epcs.enabled == enable &&
10642 !sdata->u.mgd.epcs.dialog_token)
10643 return 0;
10644
10645 /* Do not allow enabling EPCS if the AP didn't respond yet.
10646 * However, allow disabling EPCS in such a case.
10647 */
10648 if (sdata->u.mgd.epcs.dialog_token && enable)
10649 return -EALREADY;
10650
10651 skb = dev_alloc_skb(local->hw.extra_tx_headroom + frame_len);
10652 if (!skb)
10653 return -ENOBUFS;
10654
10655 skb_reserve(skb, local->hw.extra_tx_headroom);
10656 mgmt = skb_put_zero(skb, frame_len);
10657 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
10658 IEEE80211_STYPE_ACTION);
10659 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
10660 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
10661 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
10662
10663 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
10664 if (enable) {
10665 u8 *pos = mgmt->u.action.u.epcs.variable;
10666
10667 mgmt->u.action.u.epcs.action_code =
10668 WLAN_PROTECTED_EHT_ACTION_EPCS_ENABLE_REQ;
10669
10670 *pos = ++sdata->u.mgd.dialog_token_alloc;
10671 sdata->u.mgd.epcs.dialog_token = *pos;
10672 } else {
10673 mgmt->u.action.u.epcs.action_code =
10674 WLAN_PROTECTED_EHT_ACTION_EPCS_ENABLE_TEARDOWN;
10675
10676 ieee80211_epcs_teardown(sdata);
10677 ieee80211_epcs_changed(sdata, false);
10678 }
10679
10680 ieee80211_tx_skb(sdata, skb);
10681 return 0;
10682 }
10683
ieee80211_ml_epcs(struct ieee80211_sub_if_data * sdata,struct ieee802_11_elems * elems)10684 static void ieee80211_ml_epcs(struct ieee80211_sub_if_data *sdata,
10685 struct ieee802_11_elems *elems)
10686 {
10687 const struct element *sub;
10688 size_t scratch_len = elems->ml_epcs_len;
10689 u8 *scratch __free(kfree) = kzalloc(scratch_len, GFP_KERNEL);
10690
10691 lockdep_assert_wiphy(sdata->local->hw.wiphy);
10692
10693 if (!ieee80211_vif_is_mld(&sdata->vif) || !elems->ml_epcs)
10694 return;
10695
10696 if (WARN_ON(!scratch))
10697 return;
10698
10699 /* Directly parse the sub elements as the common information doesn't
10700 * hold any useful information.
10701 */
10702 for_each_mle_subelement(sub, (const u8 *)elems->ml_epcs,
10703 elems->ml_epcs_len) {
10704 struct ieee80211_link_data *link;
10705 struct ieee802_11_elems *link_elems __free(kfree);
10706 u8 *pos = (void *)sub->data;
10707 u16 control;
10708 ssize_t len;
10709 u8 link_id;
10710
10711 if (sub->id != IEEE80211_MLE_SUBELEM_PER_STA_PROFILE)
10712 continue;
10713
10714 if (sub->datalen < sizeof(control))
10715 break;
10716
10717 control = get_unaligned_le16(pos);
10718 link_id = control & IEEE80211_MLE_STA_EPCS_CONTROL_LINK_ID;
10719
10720 link = sdata_dereference(sdata->link[link_id], sdata);
10721 if (!link)
10722 continue;
10723
10724 len = cfg80211_defragment_element(sub, (u8 *)elems->ml_epcs,
10725 elems->ml_epcs_len,
10726 scratch, scratch_len,
10727 IEEE80211_MLE_SUBELEM_FRAGMENT);
10728 if (len < (ssize_t)sizeof(control))
10729 continue;
10730
10731 pos = scratch + sizeof(control);
10732 len -= sizeof(control);
10733
10734 link_elems = ieee802_11_parse_elems(pos, len, false, NULL);
10735 if (!link_elems)
10736 continue;
10737
10738 if (ieee80211_sta_wmm_params(sdata->local, link,
10739 link_elems->wmm_param,
10740 link_elems->wmm_param_len,
10741 link_elems->mu_edca_param_set))
10742 ieee80211_link_info_change_notify(sdata, link,
10743 BSS_CHANGED_QOS);
10744 }
10745 }
10746
ieee80211_process_epcs_ena_resp(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)10747 void ieee80211_process_epcs_ena_resp(struct ieee80211_sub_if_data *sdata,
10748 struct ieee80211_mgmt *mgmt, size_t len)
10749 {
10750 struct ieee802_11_elems *elems __free(kfree) = NULL;
10751 size_t ies_len;
10752 u16 status_code;
10753 u8 *pos, dialog_token;
10754
10755 if (!ieee80211_mgd_epcs_supp(sdata))
10756 return;
10757
10758 /* Handle dialog token and status code */
10759 pos = mgmt->u.action.u.epcs.variable;
10760 dialog_token = *pos;
10761 status_code = get_unaligned_le16(pos + 1);
10762
10763 /* An EPCS enable response with dialog token == 0 is an unsolicited
10764 * notification from the AP MLD. In such a case, EPCS should already be
10765 * enabled and status must be success
10766 */
10767 if (!dialog_token &&
10768 (!sdata->u.mgd.epcs.enabled ||
10769 status_code != WLAN_STATUS_SUCCESS))
10770 return;
10771
10772 if (sdata->u.mgd.epcs.dialog_token != dialog_token)
10773 return;
10774
10775 sdata->u.mgd.epcs.dialog_token = 0;
10776
10777 if (status_code != WLAN_STATUS_SUCCESS)
10778 return;
10779
10780 pos += IEEE80211_EPCS_ENA_RESP_BODY_LEN;
10781 ies_len = len - offsetof(struct ieee80211_mgmt,
10782 u.action.u.epcs.variable) -
10783 IEEE80211_EPCS_ENA_RESP_BODY_LEN;
10784
10785 elems = ieee802_11_parse_elems(pos, ies_len, true, NULL);
10786 if (!elems)
10787 return;
10788
10789 ieee80211_ml_epcs(sdata, elems);
10790 ieee80211_epcs_changed(sdata, true);
10791 }
10792
ieee80211_process_epcs_teardown(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)10793 void ieee80211_process_epcs_teardown(struct ieee80211_sub_if_data *sdata,
10794 struct ieee80211_mgmt *mgmt, size_t len)
10795 {
10796 if (!ieee80211_vif_is_mld(&sdata->vif) ||
10797 !sdata->u.mgd.epcs.enabled)
10798 return;
10799
10800 ieee80211_epcs_teardown(sdata);
10801 ieee80211_epcs_changed(sdata, false);
10802 }
10803