1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * BSS client mode implementation
4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2013-2014 Intel Mobile Communications GmbH
10 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
11 * Copyright (C) 2018 - 2024 Intel Corporation
12 */
13
14 #include <linux/delay.h>
15 #include <linux/fips.h>
16 #include <linux/if_ether.h>
17 #include <linux/skbuff.h>
18 #include <linux/if_arp.h>
19 #include <linux/etherdevice.h>
20 #include <linux/moduleparam.h>
21 #include <linux/rtnetlink.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <linux/unaligned.h>
27
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
30 #include "rate.h"
31 #include "led.h"
32 #include "fils_aead.h"
33
34 #include <kunit/static_stub.h>
35
36 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
37 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
38 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
39 #define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2)
40 #define IEEE80211_AUTH_MAX_TRIES 3
41 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
42 #define IEEE80211_AUTH_WAIT_SAE_RETRY (HZ * 2)
43 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
44 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
45 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
46 #define IEEE80211_ASSOC_MAX_TRIES 3
47
48 #define IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS msecs_to_jiffies(100)
49 #define IEEE80211_ADV_TTLM_ST_UNDERFLOW 0xff00
50
51 #define IEEE80211_NEG_TTLM_REQ_TIMEOUT (HZ / 5)
52
53 static int max_nullfunc_tries = 2;
54 module_param(max_nullfunc_tries, int, 0644);
55 MODULE_PARM_DESC(max_nullfunc_tries,
56 "Maximum nullfunc tx tries before disconnecting (reason 4).");
57
58 static int max_probe_tries = 5;
59 module_param(max_probe_tries, int, 0644);
60 MODULE_PARM_DESC(max_probe_tries,
61 "Maximum probe tries before disconnecting (reason 4).");
62
63 /*
64 * Beacon loss timeout is calculated as N frames times the
65 * advertised beacon interval. This may need to be somewhat
66 * higher than what hardware might detect to account for
67 * delays in the host processing frames. But since we also
68 * probe on beacon miss before declaring the connection lost
69 * default to what we want.
70 */
71 static int beacon_loss_count = 7;
72 module_param(beacon_loss_count, int, 0644);
73 MODULE_PARM_DESC(beacon_loss_count,
74 "Number of beacon intervals before we decide beacon was lost.");
75
76 /*
77 * Time the connection can be idle before we probe
78 * it to see if we can still talk to the AP.
79 */
80 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
81 /*
82 * Time we wait for a probe response after sending
83 * a probe request because of beacon loss or for
84 * checking the connection still works.
85 */
86 static int probe_wait_ms = 500;
87 module_param(probe_wait_ms, int, 0644);
88 MODULE_PARM_DESC(probe_wait_ms,
89 "Maximum time(ms) to wait for probe response"
90 " before disconnecting (reason 4).");
91
92 /*
93 * How many Beacon frames need to have been used in average signal strength
94 * before starting to indicate signal change events.
95 */
96 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
97
98 /*
99 * We can have multiple work items (and connection probing)
100 * scheduling this timer, but we need to take care to only
101 * reschedule it when it should fire _earlier_ than it was
102 * asked for before, or if it's not pending right now. This
103 * function ensures that. Note that it then is required to
104 * run this function for all timeouts after the first one
105 * has happened -- the work that runs from this timer will
106 * do that.
107 */
run_again(struct ieee80211_sub_if_data * sdata,unsigned long timeout)108 static void run_again(struct ieee80211_sub_if_data *sdata,
109 unsigned long timeout)
110 {
111 lockdep_assert_wiphy(sdata->local->hw.wiphy);
112
113 if (!timer_pending(&sdata->u.mgd.timer) ||
114 time_before(timeout, sdata->u.mgd.timer.expires))
115 mod_timer(&sdata->u.mgd.timer, timeout);
116 }
117
ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data * sdata)118 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
119 {
120 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
121 return;
122
123 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
124 return;
125
126 mod_timer(&sdata->u.mgd.bcn_mon_timer,
127 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
128 }
129
ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data * sdata)130 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
131 {
132 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
133
134 if (unlikely(!ifmgd->associated))
135 return;
136
137 if (ifmgd->probe_send_count)
138 ifmgd->probe_send_count = 0;
139
140 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
141 return;
142
143 mod_timer(&ifmgd->conn_mon_timer,
144 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
145 }
146
ecw2cw(int ecw)147 static int ecw2cw(int ecw)
148 {
149 return (1 << ecw) - 1;
150 }
151
152 static enum ieee80211_conn_mode
ieee80211_determine_ap_chan(struct ieee80211_sub_if_data * sdata,struct ieee80211_channel * channel,u32 vht_cap_info,const struct ieee802_11_elems * elems,bool ignore_ht_channel_mismatch,const struct ieee80211_conn_settings * conn,struct cfg80211_chan_def * chandef)153 ieee80211_determine_ap_chan(struct ieee80211_sub_if_data *sdata,
154 struct ieee80211_channel *channel,
155 u32 vht_cap_info,
156 const struct ieee802_11_elems *elems,
157 bool ignore_ht_channel_mismatch,
158 const struct ieee80211_conn_settings *conn,
159 struct cfg80211_chan_def *chandef)
160 {
161 const struct ieee80211_ht_operation *ht_oper = elems->ht_operation;
162 const struct ieee80211_vht_operation *vht_oper = elems->vht_operation;
163 const struct ieee80211_he_operation *he_oper = elems->he_operation;
164 const struct ieee80211_eht_operation *eht_oper = elems->eht_operation;
165 struct ieee80211_supported_band *sband =
166 sdata->local->hw.wiphy->bands[channel->band];
167 struct cfg80211_chan_def vht_chandef;
168 bool no_vht = false;
169 u32 ht_cfreq;
170
171 *chandef = (struct cfg80211_chan_def) {
172 .chan = channel,
173 .width = NL80211_CHAN_WIDTH_20_NOHT,
174 .center_freq1 = channel->center_freq,
175 .freq1_offset = channel->freq_offset,
176 };
177
178 /* get special S1G case out of the way */
179 if (sband->band == NL80211_BAND_S1GHZ) {
180 if (!ieee80211_chandef_s1g_oper(elems->s1g_oper, chandef)) {
181 sdata_info(sdata,
182 "Missing S1G Operation Element? Trying operating == primary\n");
183 chandef->width = ieee80211_s1g_channel_width(channel);
184 }
185
186 return IEEE80211_CONN_MODE_S1G;
187 }
188
189 /* get special 6 GHz case out of the way */
190 if (sband->band == NL80211_BAND_6GHZ) {
191 enum ieee80211_conn_mode mode = IEEE80211_CONN_MODE_EHT;
192
193 /* this is an error */
194 if (conn->mode < IEEE80211_CONN_MODE_HE)
195 return IEEE80211_CONN_MODE_LEGACY;
196
197 if (!elems->he_6ghz_capa || !elems->he_cap) {
198 sdata_info(sdata,
199 "HE 6 GHz AP is missing HE/HE 6 GHz band capability\n");
200 return IEEE80211_CONN_MODE_LEGACY;
201 }
202
203 if (!eht_oper || !elems->eht_cap) {
204 eht_oper = NULL;
205 mode = IEEE80211_CONN_MODE_HE;
206 }
207
208 if (!ieee80211_chandef_he_6ghz_oper(sdata->local, he_oper,
209 eht_oper, chandef)) {
210 sdata_info(sdata, "bad HE/EHT 6 GHz operation\n");
211 return IEEE80211_CONN_MODE_LEGACY;
212 }
213
214 return mode;
215 }
216
217 /* now we have the progression HT, VHT, ... */
218 if (conn->mode < IEEE80211_CONN_MODE_HT)
219 return IEEE80211_CONN_MODE_LEGACY;
220
221 if (!ht_oper || !elems->ht_cap_elem)
222 return IEEE80211_CONN_MODE_LEGACY;
223
224 chandef->width = NL80211_CHAN_WIDTH_20;
225
226 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
227 channel->band);
228 /* check that channel matches the right operating channel */
229 if (!ignore_ht_channel_mismatch && channel->center_freq != ht_cfreq) {
230 /*
231 * It's possible that some APs are confused here;
232 * Netgear WNDR3700 sometimes reports 4 higher than
233 * the actual channel in association responses, but
234 * since we look at probe response/beacon data here
235 * it should be OK.
236 */
237 sdata_info(sdata,
238 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
239 channel->center_freq, ht_cfreq,
240 ht_oper->primary_chan, channel->band);
241 return IEEE80211_CONN_MODE_LEGACY;
242 }
243
244 ieee80211_chandef_ht_oper(ht_oper, chandef);
245
246 if (conn->mode < IEEE80211_CONN_MODE_VHT)
247 return IEEE80211_CONN_MODE_HT;
248
249 vht_chandef = *chandef;
250
251 /*
252 * having he_cap/he_oper parsed out implies we're at
253 * least operating as HE STA
254 */
255 if (elems->he_cap && he_oper &&
256 he_oper->he_oper_params & cpu_to_le32(IEEE80211_HE_OPERATION_VHT_OPER_INFO)) {
257 struct ieee80211_vht_operation he_oper_vht_cap;
258
259 /*
260 * Set only first 3 bytes (other 2 aren't used in
261 * ieee80211_chandef_vht_oper() anyway)
262 */
263 memcpy(&he_oper_vht_cap, he_oper->optional, 3);
264 he_oper_vht_cap.basic_mcs_set = cpu_to_le16(0);
265
266 if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info,
267 &he_oper_vht_cap, ht_oper,
268 &vht_chandef)) {
269 sdata_info(sdata,
270 "HE AP VHT information is invalid, disabling HE\n");
271 /* this will cause us to re-parse as VHT STA */
272 return IEEE80211_CONN_MODE_VHT;
273 }
274 } else if (!vht_oper || !elems->vht_cap_elem) {
275 if (sband->band == NL80211_BAND_5GHZ) {
276 sdata_info(sdata,
277 "VHT information is missing, disabling VHT\n");
278 return IEEE80211_CONN_MODE_HT;
279 }
280 no_vht = true;
281 } else if (sband->band == NL80211_BAND_2GHZ) {
282 no_vht = true;
283 } else if (!ieee80211_chandef_vht_oper(&sdata->local->hw,
284 vht_cap_info,
285 vht_oper, ht_oper,
286 &vht_chandef)) {
287 sdata_info(sdata,
288 "AP VHT information is invalid, disabling VHT\n");
289 return IEEE80211_CONN_MODE_HT;
290 }
291
292 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
293 sdata_info(sdata,
294 "AP VHT information doesn't match HT, disabling VHT\n");
295 return IEEE80211_CONN_MODE_HT;
296 }
297
298 *chandef = vht_chandef;
299
300 /* stick to current max mode if we or the AP don't have HE */
301 if (conn->mode < IEEE80211_CONN_MODE_HE ||
302 !elems->he_operation || !elems->he_cap) {
303 if (no_vht)
304 return IEEE80211_CONN_MODE_HT;
305 return IEEE80211_CONN_MODE_VHT;
306 }
307
308 /* stick to HE if we or the AP don't have EHT */
309 if (conn->mode < IEEE80211_CONN_MODE_EHT ||
310 !eht_oper || !elems->eht_cap)
311 return IEEE80211_CONN_MODE_HE;
312
313 /*
314 * handle the case that the EHT operation indicates that it holds EHT
315 * operation information (in case that the channel width differs from
316 * the channel width reported in HT/VHT/HE).
317 */
318 if (eht_oper->params & IEEE80211_EHT_OPER_INFO_PRESENT) {
319 struct cfg80211_chan_def eht_chandef = *chandef;
320
321 ieee80211_chandef_eht_oper((const void *)eht_oper->optional,
322 &eht_chandef);
323
324 eht_chandef.punctured =
325 ieee80211_eht_oper_dis_subchan_bitmap(eht_oper);
326
327 if (!cfg80211_chandef_valid(&eht_chandef)) {
328 sdata_info(sdata,
329 "AP EHT information is invalid, disabling EHT\n");
330 return IEEE80211_CONN_MODE_HE;
331 }
332
333 if (!cfg80211_chandef_compatible(chandef, &eht_chandef)) {
334 sdata_info(sdata,
335 "AP EHT information doesn't match HT/VHT/HE, disabling EHT\n");
336 return IEEE80211_CONN_MODE_HE;
337 }
338
339 *chandef = eht_chandef;
340 }
341
342 return IEEE80211_CONN_MODE_EHT;
343 }
344
345 static bool
ieee80211_verify_peer_he_mcs_support(struct ieee80211_sub_if_data * sdata,const struct ieee80211_he_cap_elem * he_cap,const struct ieee80211_he_operation * he_op)346 ieee80211_verify_peer_he_mcs_support(struct ieee80211_sub_if_data *sdata,
347 const struct ieee80211_he_cap_elem *he_cap,
348 const struct ieee80211_he_operation *he_op)
349 {
350 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp;
351 u16 mcs_80_map_tx, mcs_80_map_rx;
352 u16 ap_min_req_set;
353 int nss;
354
355 if (!he_cap)
356 return false;
357
358 /* mcs_nss is right after he_cap info */
359 he_mcs_nss_supp = (void *)(he_cap + 1);
360
361 mcs_80_map_tx = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80);
362 mcs_80_map_rx = le16_to_cpu(he_mcs_nss_supp->rx_mcs_80);
363
364 /* P802.11-REVme/D0.3
365 * 27.1.1 Introduction to the HE PHY
366 * ...
367 * An HE STA shall support the following features:
368 * ...
369 * Single spatial stream HE-MCSs 0 to 7 (transmit and receive) in all
370 * supported channel widths for HE SU PPDUs
371 */
372 if ((mcs_80_map_tx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED ||
373 (mcs_80_map_rx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED) {
374 sdata_info(sdata,
375 "Missing mandatory rates for 1 Nss, rx 0x%x, tx 0x%x, disable HE\n",
376 mcs_80_map_tx, mcs_80_map_rx);
377 return false;
378 }
379
380 if (!he_op)
381 return true;
382
383 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
384
385 /*
386 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all
387 * zeroes, which is nonsense, and completely inconsistent with itself
388 * (it doesn't have 8 streams). Accept the settings in this case anyway.
389 */
390 if (!ap_min_req_set)
391 return true;
392
393 /* make sure the AP is consistent with itself
394 *
395 * P802.11-REVme/D0.3
396 * 26.17.1 Basic HE BSS operation
397 *
398 * A STA that is operating in an HE BSS shall be able to receive and
399 * transmit at each of the <HE-MCS, NSS> tuple values indicated by the
400 * Basic HE-MCS And NSS Set field of the HE Operation parameter of the
401 * MLME-START.request primitive and shall be able to receive at each of
402 * the <HE-MCS, NSS> tuple values indicated by the Supported HE-MCS and
403 * NSS Set field in the HE Capabilities parameter of the MLMESTART.request
404 * primitive
405 */
406 for (nss = 8; nss > 0; nss--) {
407 u8 ap_op_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
408 u8 ap_rx_val;
409 u8 ap_tx_val;
410
411 if (ap_op_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
412 continue;
413
414 ap_rx_val = (mcs_80_map_rx >> (2 * (nss - 1))) & 3;
415 ap_tx_val = (mcs_80_map_tx >> (2 * (nss - 1))) & 3;
416
417 if (ap_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
418 ap_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
419 ap_rx_val < ap_op_val || ap_tx_val < ap_op_val) {
420 sdata_info(sdata,
421 "Invalid rates for %d Nss, rx %d, tx %d oper %d, disable HE\n",
422 nss, ap_rx_val, ap_rx_val, ap_op_val);
423 return false;
424 }
425 }
426
427 return true;
428 }
429
430 static bool
ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct ieee80211_he_operation * he_op)431 ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data *sdata,
432 struct ieee80211_supported_band *sband,
433 const struct ieee80211_he_operation *he_op)
434 {
435 const struct ieee80211_sta_he_cap *sta_he_cap =
436 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
437 u16 ap_min_req_set;
438 int i;
439
440 if (!sta_he_cap || !he_op)
441 return false;
442
443 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
444
445 /*
446 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all
447 * zeroes, which is nonsense, and completely inconsistent with itself
448 * (it doesn't have 8 streams). Accept the settings in this case anyway.
449 */
450 if (!ap_min_req_set)
451 return true;
452
453 /* Need to go over for 80MHz, 160MHz and for 80+80 */
454 for (i = 0; i < 3; i++) {
455 const struct ieee80211_he_mcs_nss_supp *sta_mcs_nss_supp =
456 &sta_he_cap->he_mcs_nss_supp;
457 u16 sta_mcs_map_rx =
458 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i]);
459 u16 sta_mcs_map_tx =
460 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i + 1]);
461 u8 nss;
462 bool verified = true;
463
464 /*
465 * For each band there is a maximum of 8 spatial streams
466 * possible. Each of the sta_mcs_map_* is a 16-bit struct built
467 * of 2 bits per NSS (1-8), with the values defined in enum
468 * ieee80211_he_mcs_support. Need to make sure STA TX and RX
469 * capabilities aren't less than the AP's minimum requirements
470 * for this HE BSS per SS.
471 * It is enough to find one such band that meets the reqs.
472 */
473 for (nss = 8; nss > 0; nss--) {
474 u8 sta_rx_val = (sta_mcs_map_rx >> (2 * (nss - 1))) & 3;
475 u8 sta_tx_val = (sta_mcs_map_tx >> (2 * (nss - 1))) & 3;
476 u8 ap_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
477
478 if (ap_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
479 continue;
480
481 /*
482 * Make sure the HE AP doesn't require MCSs that aren't
483 * supported by the client as required by spec
484 *
485 * P802.11-REVme/D0.3
486 * 26.17.1 Basic HE BSS operation
487 *
488 * An HE STA shall not attempt to join * (MLME-JOIN.request primitive)
489 * a BSS, unless it supports (i.e., is able to both transmit and
490 * receive using) all of the <HE-MCS, NSS> tuples in the basic
491 * HE-MCS and NSS set.
492 */
493 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
494 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
495 (ap_val > sta_rx_val) || (ap_val > sta_tx_val)) {
496 verified = false;
497 break;
498 }
499 }
500
501 if (verified)
502 return true;
503 }
504
505 /* If here, STA doesn't meet AP's HE min requirements */
506 return false;
507 }
508
509 static u8
ieee80211_get_eht_cap_mcs_nss(const struct ieee80211_sta_he_cap * sta_he_cap,const struct ieee80211_sta_eht_cap * sta_eht_cap,unsigned int idx,int bw)510 ieee80211_get_eht_cap_mcs_nss(const struct ieee80211_sta_he_cap *sta_he_cap,
511 const struct ieee80211_sta_eht_cap *sta_eht_cap,
512 unsigned int idx, int bw)
513 {
514 u8 he_phy_cap0 = sta_he_cap->he_cap_elem.phy_cap_info[0];
515 u8 eht_phy_cap0 = sta_eht_cap->eht_cap_elem.phy_cap_info[0];
516
517 /* handle us being a 20 MHz-only EHT STA - with four values
518 * for MCS 0-7, 8-9, 10-11, 12-13.
519 */
520 if (!(he_phy_cap0 & IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_MASK_ALL))
521 return sta_eht_cap->eht_mcs_nss_supp.only_20mhz.rx_tx_max_nss[idx];
522
523 /* the others have MCS 0-9 together, rather than separately from 0-7 */
524 if (idx > 0)
525 idx--;
526
527 switch (bw) {
528 case 0:
529 return sta_eht_cap->eht_mcs_nss_supp.bw._80.rx_tx_max_nss[idx];
530 case 1:
531 if (!(he_phy_cap0 &
532 (IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
533 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G)))
534 return 0xff; /* pass check */
535 return sta_eht_cap->eht_mcs_nss_supp.bw._160.rx_tx_max_nss[idx];
536 case 2:
537 if (!(eht_phy_cap0 & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ))
538 return 0xff; /* pass check */
539 return sta_eht_cap->eht_mcs_nss_supp.bw._320.rx_tx_max_nss[idx];
540 }
541
542 WARN_ON(1);
543 return 0;
544 }
545
546 static bool
ieee80211_verify_sta_eht_mcs_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct ieee80211_eht_operation * eht_op)547 ieee80211_verify_sta_eht_mcs_support(struct ieee80211_sub_if_data *sdata,
548 struct ieee80211_supported_band *sband,
549 const struct ieee80211_eht_operation *eht_op)
550 {
551 const struct ieee80211_sta_he_cap *sta_he_cap =
552 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
553 const struct ieee80211_sta_eht_cap *sta_eht_cap =
554 ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif);
555 const struct ieee80211_eht_mcs_nss_supp_20mhz_only *req;
556 unsigned int i;
557
558 if (!sta_he_cap || !sta_eht_cap || !eht_op)
559 return false;
560
561 req = &eht_op->basic_mcs_nss;
562
563 for (i = 0; i < ARRAY_SIZE(req->rx_tx_max_nss); i++) {
564 u8 req_rx_nss, req_tx_nss;
565 unsigned int bw;
566
567 req_rx_nss = u8_get_bits(req->rx_tx_max_nss[i],
568 IEEE80211_EHT_MCS_NSS_RX);
569 req_tx_nss = u8_get_bits(req->rx_tx_max_nss[i],
570 IEEE80211_EHT_MCS_NSS_TX);
571
572 for (bw = 0; bw < 3; bw++) {
573 u8 have, have_rx_nss, have_tx_nss;
574
575 have = ieee80211_get_eht_cap_mcs_nss(sta_he_cap,
576 sta_eht_cap,
577 i, bw);
578 have_rx_nss = u8_get_bits(have,
579 IEEE80211_EHT_MCS_NSS_RX);
580 have_tx_nss = u8_get_bits(have,
581 IEEE80211_EHT_MCS_NSS_TX);
582
583 if (req_rx_nss > have_rx_nss ||
584 req_tx_nss > have_tx_nss)
585 return false;
586 }
587 }
588
589 return true;
590 }
591
ieee80211_chandef_usable(struct ieee80211_sub_if_data * sdata,const struct cfg80211_chan_def * chandef,u32 prohibited_flags)592 static bool ieee80211_chandef_usable(struct ieee80211_sub_if_data *sdata,
593 const struct cfg80211_chan_def *chandef,
594 u32 prohibited_flags)
595 {
596 if (!cfg80211_chandef_usable(sdata->local->hw.wiphy,
597 chandef, prohibited_flags))
598 return false;
599
600 if (chandef->punctured &&
601 ieee80211_hw_check(&sdata->local->hw, DISALLOW_PUNCTURING))
602 return false;
603
604 if (chandef->punctured && chandef->chan->band == NL80211_BAND_5GHZ &&
605 ieee80211_hw_check(&sdata->local->hw, DISALLOW_PUNCTURING_5GHZ))
606 return false;
607
608 return true;
609 }
610
ieee80211_chandef_num_subchans(const struct cfg80211_chan_def * c)611 static int ieee80211_chandef_num_subchans(const struct cfg80211_chan_def *c)
612 {
613 if (c->width == NL80211_CHAN_WIDTH_80P80)
614 return 4 + 4;
615
616 return nl80211_chan_width_to_mhz(c->width) / 20;
617 }
618
ieee80211_chandef_num_widths(const struct cfg80211_chan_def * c)619 static int ieee80211_chandef_num_widths(const struct cfg80211_chan_def *c)
620 {
621 switch (c->width) {
622 case NL80211_CHAN_WIDTH_20:
623 case NL80211_CHAN_WIDTH_20_NOHT:
624 return 1;
625 case NL80211_CHAN_WIDTH_40:
626 return 2;
627 case NL80211_CHAN_WIDTH_80P80:
628 case NL80211_CHAN_WIDTH_80:
629 return 3;
630 case NL80211_CHAN_WIDTH_160:
631 return 4;
632 case NL80211_CHAN_WIDTH_320:
633 return 5;
634 default:
635 WARN_ON(1);
636 return 0;
637 }
638 }
639
640 VISIBLE_IF_MAC80211_KUNIT int
ieee80211_calc_chandef_subchan_offset(const struct cfg80211_chan_def * ap,u8 n_partial_subchans)641 ieee80211_calc_chandef_subchan_offset(const struct cfg80211_chan_def *ap,
642 u8 n_partial_subchans)
643 {
644 int n = ieee80211_chandef_num_subchans(ap);
645 struct cfg80211_chan_def tmp = *ap;
646 int offset = 0;
647
648 /*
649 * Given a chandef (in this context, it's the AP's) and a number
650 * of subchannels that we want to look at ('n_partial_subchans'),
651 * calculate the offset in number of subchannels between the full
652 * and the subset with the desired width.
653 */
654
655 /* same number of subchannels means no offset, obviously */
656 if (n == n_partial_subchans)
657 return 0;
658
659 /* don't WARN - misconfigured APs could cause this if their N > width */
660 if (n < n_partial_subchans)
661 return 0;
662
663 while (ieee80211_chandef_num_subchans(&tmp) > n_partial_subchans) {
664 u32 prev = tmp.center_freq1;
665
666 ieee80211_chandef_downgrade(&tmp, NULL);
667
668 /*
669 * if center_freq moved up, half the original channels
670 * are gone now but were below, so increase offset
671 */
672 if (prev < tmp.center_freq1)
673 offset += ieee80211_chandef_num_subchans(&tmp);
674 }
675
676 /*
677 * 80+80 with secondary 80 below primary - four subchannels for it
678 * (we cannot downgrade *to* 80+80, so no need to consider 'tmp')
679 */
680 if (ap->width == NL80211_CHAN_WIDTH_80P80 &&
681 ap->center_freq2 < ap->center_freq1)
682 offset += 4;
683
684 return offset;
685 }
686 EXPORT_SYMBOL_IF_MAC80211_KUNIT(ieee80211_calc_chandef_subchan_offset);
687
688 VISIBLE_IF_MAC80211_KUNIT void
ieee80211_rearrange_tpe_psd(struct ieee80211_parsed_tpe_psd * psd,const struct cfg80211_chan_def * ap,const struct cfg80211_chan_def * used)689 ieee80211_rearrange_tpe_psd(struct ieee80211_parsed_tpe_psd *psd,
690 const struct cfg80211_chan_def *ap,
691 const struct cfg80211_chan_def *used)
692 {
693 u8 needed = ieee80211_chandef_num_subchans(used);
694 u8 have = ieee80211_chandef_num_subchans(ap);
695 u8 tmp[IEEE80211_TPE_PSD_ENTRIES_320MHZ];
696 u8 offset;
697
698 if (!psd->valid)
699 return;
700
701 /* if N is zero, all defaults were used, no point in rearranging */
702 if (!psd->n)
703 goto out;
704
705 BUILD_BUG_ON(sizeof(tmp) != sizeof(psd->power));
706
707 /*
708 * This assumes that 'N' is consistent with the HE channel, as
709 * it should be (otherwise the AP is broken).
710 *
711 * In psd->power we have values in the order 0..N, 0..K, where
712 * N+K should cover the entire channel per 'ap', but even if it
713 * doesn't then we've pre-filled 'unlimited' as defaults.
714 *
715 * But this is all the wrong order, we want to have them in the
716 * order of the 'used' channel.
717 *
718 * So for example, we could have a 320 MHz EHT AP, which has the
719 * HE channel as 80 MHz (e.g. due to puncturing, which doesn't
720 * seem to be considered for the TPE), as follows:
721 *
722 * EHT 320: | | | | | | | | | | | | | | | | |
723 * HE 80: | | | | |
724 * used 160: | | | | | | | | |
725 *
726 * N entries: |--|--|--|--|
727 * K entries: |--|--|--|--|--|--|--|--| |--|--|--|--|
728 * power idx: 4 5 6 7 8 9 10 11 0 1 2 3 12 13 14 15
729 * full chan: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
730 * used chan: 0 1 2 3 4 5 6 7
731 *
732 * The idx in the power array ('power idx') is like this since it
733 * comes directly from the element's N and K entries in their
734 * element order, and those are this way for HE compatibility.
735 *
736 * Rearrange them as desired here, first by putting them into the
737 * 'full chan' order, and then selecting the necessary subset for
738 * the 'used chan'.
739 */
740
741 /* first reorder according to AP channel */
742 offset = ieee80211_calc_chandef_subchan_offset(ap, psd->n);
743 for (int i = 0; i < have; i++) {
744 if (i < offset)
745 tmp[i] = psd->power[i + psd->n];
746 else if (i < offset + psd->n)
747 tmp[i] = psd->power[i - offset];
748 else
749 tmp[i] = psd->power[i];
750 }
751
752 /*
753 * and then select the subset for the used channel
754 * (set everything to defaults first in case a driver is confused)
755 */
756 memset(psd->power, IEEE80211_TPE_PSD_NO_LIMIT, sizeof(psd->power));
757 offset = ieee80211_calc_chandef_subchan_offset(ap, needed);
758 for (int i = 0; i < needed; i++)
759 psd->power[i] = tmp[offset + i];
760
761 out:
762 /* limit, but don't lie if there are defaults in the data */
763 if (needed < psd->count)
764 psd->count = needed;
765 }
766 EXPORT_SYMBOL_IF_MAC80211_KUNIT(ieee80211_rearrange_tpe_psd);
767
ieee80211_rearrange_tpe(struct ieee80211_parsed_tpe * tpe,const struct cfg80211_chan_def * ap,const struct cfg80211_chan_def * used)768 static void ieee80211_rearrange_tpe(struct ieee80211_parsed_tpe *tpe,
769 const struct cfg80211_chan_def *ap,
770 const struct cfg80211_chan_def *used)
771 {
772 /* ignore this completely for narrow/invalid channels */
773 if (!ieee80211_chandef_num_subchans(ap) ||
774 !ieee80211_chandef_num_subchans(used)) {
775 ieee80211_clear_tpe(tpe);
776 return;
777 }
778
779 for (int i = 0; i < 2; i++) {
780 int needed_pwr_count;
781
782 ieee80211_rearrange_tpe_psd(&tpe->psd_local[i], ap, used);
783 ieee80211_rearrange_tpe_psd(&tpe->psd_reg_client[i], ap, used);
784
785 /* limit this to the widths we actually need */
786 needed_pwr_count = ieee80211_chandef_num_widths(used);
787 if (needed_pwr_count < tpe->max_local[i].count)
788 tpe->max_local[i].count = needed_pwr_count;
789 if (needed_pwr_count < tpe->max_reg_client[i].count)
790 tpe->max_reg_client[i].count = needed_pwr_count;
791 }
792 }
793
794 /*
795 * The AP part of the channel request is used to distinguish settings
796 * to the device used for wider bandwidth OFDMA. This is used in the
797 * channel context code to assign two channel contexts even if they're
798 * both for the same channel, if the AP bandwidths are incompatible.
799 * If not EHT (or driver override) then ap.chan == NULL indicates that
800 * there's no wider BW OFDMA used.
801 */
ieee80211_set_chanreq_ap(struct ieee80211_sub_if_data * sdata,struct ieee80211_chan_req * chanreq,struct ieee80211_conn_settings * conn,struct cfg80211_chan_def * ap_chandef)802 static void ieee80211_set_chanreq_ap(struct ieee80211_sub_if_data *sdata,
803 struct ieee80211_chan_req *chanreq,
804 struct ieee80211_conn_settings *conn,
805 struct cfg80211_chan_def *ap_chandef)
806 {
807 chanreq->ap.chan = NULL;
808
809 if (conn->mode < IEEE80211_CONN_MODE_EHT)
810 return;
811 if (sdata->vif.driver_flags & IEEE80211_VIF_IGNORE_OFDMA_WIDER_BW)
812 return;
813
814 chanreq->ap = *ap_chandef;
815 }
816
817 static struct ieee802_11_elems *
ieee80211_determine_chan_mode(struct ieee80211_sub_if_data * sdata,struct ieee80211_conn_settings * conn,struct cfg80211_bss * cbss,int link_id,struct ieee80211_chan_req * chanreq,struct cfg80211_chan_def * ap_chandef)818 ieee80211_determine_chan_mode(struct ieee80211_sub_if_data *sdata,
819 struct ieee80211_conn_settings *conn,
820 struct cfg80211_bss *cbss, int link_id,
821 struct ieee80211_chan_req *chanreq,
822 struct cfg80211_chan_def *ap_chandef)
823 {
824 const struct cfg80211_bss_ies *ies = rcu_dereference(cbss->ies);
825 struct ieee80211_bss *bss = (void *)cbss->priv;
826 struct ieee80211_channel *channel = cbss->channel;
827 struct ieee80211_elems_parse_params parse_params = {
828 .link_id = -1,
829 .from_ap = true,
830 .start = ies->data,
831 .len = ies->len,
832 };
833 struct ieee802_11_elems *elems;
834 struct ieee80211_supported_band *sband;
835 enum ieee80211_conn_mode ap_mode;
836 int ret;
837
838 again:
839 parse_params.mode = conn->mode;
840 elems = ieee802_11_parse_elems_full(&parse_params);
841 if (!elems)
842 return ERR_PTR(-ENOMEM);
843
844 ap_mode = ieee80211_determine_ap_chan(sdata, channel, bss->vht_cap_info,
845 elems, false, conn, ap_chandef);
846
847 /* this should be impossible since parsing depends on our mode */
848 if (WARN_ON(ap_mode > conn->mode)) {
849 ret = -EINVAL;
850 goto free;
851 }
852
853 if (conn->mode != ap_mode) {
854 conn->mode = ap_mode;
855 kfree(elems);
856 goto again;
857 }
858
859 mlme_link_id_dbg(sdata, link_id, "determined AP %pM to be %s\n",
860 cbss->bssid, ieee80211_conn_mode_str(ap_mode));
861
862 sband = sdata->local->hw.wiphy->bands[channel->band];
863
864 switch (channel->band) {
865 case NL80211_BAND_S1GHZ:
866 if (WARN_ON(ap_mode != IEEE80211_CONN_MODE_S1G)) {
867 ret = -EINVAL;
868 goto free;
869 }
870 return elems;
871 case NL80211_BAND_6GHZ:
872 if (ap_mode < IEEE80211_CONN_MODE_HE) {
873 sdata_info(sdata,
874 "Rejecting non-HE 6/7 GHz connection");
875 ret = -EINVAL;
876 goto free;
877 }
878 break;
879 default:
880 if (WARN_ON(ap_mode == IEEE80211_CONN_MODE_S1G)) {
881 ret = -EINVAL;
882 goto free;
883 }
884 }
885
886 switch (ap_mode) {
887 case IEEE80211_CONN_MODE_S1G:
888 WARN_ON(1);
889 ret = -EINVAL;
890 goto free;
891 case IEEE80211_CONN_MODE_LEGACY:
892 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
893 break;
894 case IEEE80211_CONN_MODE_HT:
895 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
896 conn->bw_limit,
897 IEEE80211_CONN_BW_LIMIT_40);
898 break;
899 case IEEE80211_CONN_MODE_VHT:
900 case IEEE80211_CONN_MODE_HE:
901 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
902 conn->bw_limit,
903 IEEE80211_CONN_BW_LIMIT_160);
904 break;
905 case IEEE80211_CONN_MODE_EHT:
906 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
907 conn->bw_limit,
908 IEEE80211_CONN_BW_LIMIT_320);
909 break;
910 }
911
912 chanreq->oper = *ap_chandef;
913
914 ieee80211_set_chanreq_ap(sdata, chanreq, conn, ap_chandef);
915
916 while (!ieee80211_chandef_usable(sdata, &chanreq->oper,
917 IEEE80211_CHAN_DISABLED)) {
918 if (WARN_ON(chanreq->oper.width == NL80211_CHAN_WIDTH_20_NOHT)) {
919 ret = -EINVAL;
920 goto free;
921 }
922
923 ieee80211_chanreq_downgrade(chanreq, conn);
924 }
925
926 if (conn->mode >= IEEE80211_CONN_MODE_HE &&
927 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
928 IEEE80211_CHAN_NO_HE)) {
929 conn->mode = IEEE80211_CONN_MODE_VHT;
930 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
931 conn->bw_limit,
932 IEEE80211_CONN_BW_LIMIT_160);
933 }
934
935 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
936 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
937 IEEE80211_CHAN_NO_EHT)) {
938 conn->mode = IEEE80211_CONN_MODE_HE;
939 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
940 conn->bw_limit,
941 IEEE80211_CONN_BW_LIMIT_160);
942 }
943
944 if (chanreq->oper.width != ap_chandef->width || ap_mode != conn->mode)
945 sdata_info(sdata,
946 "regulatory prevented using AP config, downgraded\n");
947
948 if (conn->mode >= IEEE80211_CONN_MODE_HE &&
949 (!ieee80211_verify_peer_he_mcs_support(sdata, (void *)elems->he_cap,
950 elems->he_operation) ||
951 !ieee80211_verify_sta_he_mcs_support(sdata, sband,
952 elems->he_operation))) {
953 conn->mode = IEEE80211_CONN_MODE_VHT;
954 sdata_info(sdata, "required MCSes not supported, disabling HE\n");
955 }
956
957 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
958 !ieee80211_verify_sta_eht_mcs_support(sdata, sband,
959 elems->eht_operation)) {
960 conn->mode = IEEE80211_CONN_MODE_HE;
961 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
962 conn->bw_limit,
963 IEEE80211_CONN_BW_LIMIT_160);
964 sdata_info(sdata, "required MCSes not supported, disabling EHT\n");
965 }
966
967 /* the mode can only decrease, so this must terminate */
968 if (ap_mode != conn->mode) {
969 kfree(elems);
970 goto again;
971 }
972
973 mlme_link_id_dbg(sdata, link_id,
974 "connecting with %s mode, max bandwidth %d MHz\n",
975 ieee80211_conn_mode_str(conn->mode),
976 20 * (1 << conn->bw_limit));
977
978 if (WARN_ON_ONCE(!cfg80211_chandef_valid(&chanreq->oper))) {
979 ret = -EINVAL;
980 goto free;
981 }
982
983 return elems;
984 free:
985 kfree(elems);
986 return ERR_PTR(ret);
987 }
988
ieee80211_config_bw(struct ieee80211_link_data * link,struct ieee802_11_elems * elems,bool update,u64 * changed)989 static int ieee80211_config_bw(struct ieee80211_link_data *link,
990 struct ieee802_11_elems *elems,
991 bool update, u64 *changed)
992 {
993 struct ieee80211_channel *channel = link->conf->chanreq.oper.chan;
994 struct ieee80211_sub_if_data *sdata = link->sdata;
995 struct ieee80211_chan_req chanreq = {};
996 struct cfg80211_chan_def ap_chandef;
997 enum ieee80211_conn_mode ap_mode;
998 u32 vht_cap_info = 0;
999 u16 ht_opmode;
1000 int ret;
1001
1002 /* don't track any bandwidth changes in legacy/S1G modes */
1003 if (link->u.mgd.conn.mode == IEEE80211_CONN_MODE_LEGACY ||
1004 link->u.mgd.conn.mode == IEEE80211_CONN_MODE_S1G)
1005 return 0;
1006
1007 if (elems->vht_cap_elem)
1008 vht_cap_info = le32_to_cpu(elems->vht_cap_elem->vht_cap_info);
1009
1010 ap_mode = ieee80211_determine_ap_chan(sdata, channel, vht_cap_info,
1011 elems, true, &link->u.mgd.conn,
1012 &ap_chandef);
1013
1014 if (ap_mode != link->u.mgd.conn.mode) {
1015 link_info(link,
1016 "AP appears to change mode (expected %s, found %s), disconnect\n",
1017 ieee80211_conn_mode_str(link->u.mgd.conn.mode),
1018 ieee80211_conn_mode_str(ap_mode));
1019 return -EINVAL;
1020 }
1021
1022 chanreq.oper = ap_chandef;
1023 ieee80211_set_chanreq_ap(sdata, &chanreq, &link->u.mgd.conn,
1024 &ap_chandef);
1025
1026 /*
1027 * if HT operation mode changed store the new one -
1028 * this may be applicable even if channel is identical
1029 */
1030 if (elems->ht_operation) {
1031 ht_opmode = le16_to_cpu(elems->ht_operation->operation_mode);
1032 if (link->conf->ht_operation_mode != ht_opmode) {
1033 *changed |= BSS_CHANGED_HT;
1034 link->conf->ht_operation_mode = ht_opmode;
1035 }
1036 }
1037
1038 /*
1039 * Downgrade the new channel if we associated with restricted
1040 * bandwidth capabilities. For example, if we associated as a
1041 * 20 MHz STA to a 40 MHz AP (due to regulatory, capabilities
1042 * or config reasons) then switching to a 40 MHz channel now
1043 * won't do us any good -- we couldn't use it with the AP.
1044 */
1045 while (link->u.mgd.conn.bw_limit <
1046 ieee80211_min_bw_limit_from_chandef(&chanreq.oper))
1047 ieee80211_chandef_downgrade(&chanreq.oper, NULL);
1048
1049 if (ap_chandef.chan->band == NL80211_BAND_6GHZ &&
1050 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE) {
1051 ieee80211_rearrange_tpe(&elems->tpe, &ap_chandef,
1052 &chanreq.oper);
1053 if (memcmp(&link->conf->tpe, &elems->tpe, sizeof(elems->tpe))) {
1054 link->conf->tpe = elems->tpe;
1055 *changed |= BSS_CHANGED_TPE;
1056 }
1057 }
1058
1059 if (ieee80211_chanreq_identical(&chanreq, &link->conf->chanreq))
1060 return 0;
1061
1062 link_info(link,
1063 "AP %pM changed bandwidth, new used config is %d.%03d MHz, width %d (%d.%03d/%d MHz)\n",
1064 link->u.mgd.bssid, chanreq.oper.chan->center_freq,
1065 chanreq.oper.chan->freq_offset, chanreq.oper.width,
1066 chanreq.oper.center_freq1, chanreq.oper.freq1_offset,
1067 chanreq.oper.center_freq2);
1068
1069 if (!cfg80211_chandef_valid(&chanreq.oper)) {
1070 sdata_info(sdata,
1071 "AP %pM changed caps/bw in a way we can't support - disconnect\n",
1072 link->u.mgd.bssid);
1073 return -EINVAL;
1074 }
1075
1076 if (!update) {
1077 link->conf->chanreq = chanreq;
1078 return 0;
1079 }
1080
1081 /*
1082 * We're tracking the current AP here, so don't do any further checks
1083 * here. This keeps us from playing ping-pong with regulatory, without
1084 * it the following can happen (for example):
1085 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
1086 * - AP advertises regdom US
1087 * - CRDA loads regdom US with 80 MHz prohibited (old database)
1088 * - we detect an unsupported channel and disconnect
1089 * - disconnect causes CRDA to reload world regdomain and the game
1090 * starts anew.
1091 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
1092 *
1093 * It seems possible that there are still scenarios with CSA or real
1094 * bandwidth changes where a this could happen, but those cases are
1095 * less common and wouldn't completely prevent using the AP.
1096 */
1097
1098 ret = ieee80211_link_change_chanreq(link, &chanreq, changed);
1099 if (ret) {
1100 sdata_info(sdata,
1101 "AP %pM changed bandwidth to incompatible one - disconnect\n",
1102 link->u.mgd.bssid);
1103 return ret;
1104 }
1105
1106 cfg80211_schedule_channels_check(&sdata->wdev);
1107 return 0;
1108 }
1109
1110 /* frame sending functions */
1111
ieee80211_add_ht_ie(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,u8 ap_ht_param,struct ieee80211_supported_band * sband,struct ieee80211_channel * channel,enum ieee80211_smps_mode smps,const struct ieee80211_conn_settings * conn)1112 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
1113 struct sk_buff *skb, u8 ap_ht_param,
1114 struct ieee80211_supported_band *sband,
1115 struct ieee80211_channel *channel,
1116 enum ieee80211_smps_mode smps,
1117 const struct ieee80211_conn_settings *conn)
1118 {
1119 u8 *pos;
1120 u32 flags = channel->flags;
1121 u16 cap;
1122 struct ieee80211_sta_ht_cap ht_cap;
1123
1124 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
1125
1126 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
1127 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
1128
1129 /* determine capability flags */
1130 cap = ht_cap.cap;
1131
1132 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
1133 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
1134 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
1135 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
1136 cap &= ~IEEE80211_HT_CAP_SGI_40;
1137 }
1138 break;
1139 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
1140 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
1141 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
1142 cap &= ~IEEE80211_HT_CAP_SGI_40;
1143 }
1144 break;
1145 }
1146
1147 /*
1148 * If 40 MHz was disabled associate as though we weren't
1149 * capable of 40 MHz -- some broken APs will never fall
1150 * back to trying to transmit in 20 MHz.
1151 */
1152 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_20) {
1153 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
1154 cap &= ~IEEE80211_HT_CAP_SGI_40;
1155 }
1156
1157 /* set SM PS mode properly */
1158 cap &= ~IEEE80211_HT_CAP_SM_PS;
1159 switch (smps) {
1160 case IEEE80211_SMPS_AUTOMATIC:
1161 case IEEE80211_SMPS_NUM_MODES:
1162 WARN_ON(1);
1163 fallthrough;
1164 case IEEE80211_SMPS_OFF:
1165 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
1166 IEEE80211_HT_CAP_SM_PS_SHIFT;
1167 break;
1168 case IEEE80211_SMPS_STATIC:
1169 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
1170 IEEE80211_HT_CAP_SM_PS_SHIFT;
1171 break;
1172 case IEEE80211_SMPS_DYNAMIC:
1173 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
1174 IEEE80211_HT_CAP_SM_PS_SHIFT;
1175 break;
1176 }
1177
1178 /* reserve and fill IE */
1179 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
1180 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
1181 }
1182
1183 /* This function determines vht capability flags for the association
1184 * and builds the IE.
1185 * Note - the function returns true to own the MU-MIMO capability
1186 */
ieee80211_add_vht_ie(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,struct ieee80211_supported_band * sband,struct ieee80211_vht_cap * ap_vht_cap,const struct ieee80211_conn_settings * conn)1187 static bool ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
1188 struct sk_buff *skb,
1189 struct ieee80211_supported_band *sband,
1190 struct ieee80211_vht_cap *ap_vht_cap,
1191 const struct ieee80211_conn_settings *conn)
1192 {
1193 struct ieee80211_local *local = sdata->local;
1194 u8 *pos;
1195 u32 cap;
1196 struct ieee80211_sta_vht_cap vht_cap;
1197 u32 mask, ap_bf_sts, our_bf_sts;
1198 bool mu_mimo_owner = false;
1199
1200 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
1201
1202 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
1203 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
1204
1205 /* determine capability flags */
1206 cap = vht_cap.cap;
1207
1208 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_80) {
1209 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
1210 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
1211 }
1212
1213 /*
1214 * Some APs apparently get confused if our capabilities are better
1215 * than theirs, so restrict what we advertise in the assoc request.
1216 */
1217 if (!(ap_vht_cap->vht_cap_info &
1218 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
1219 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
1220 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1221 else if (!(ap_vht_cap->vht_cap_info &
1222 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
1223 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
1224
1225 /*
1226 * If some other vif is using the MU-MIMO capability we cannot associate
1227 * using MU-MIMO - this will lead to contradictions in the group-id
1228 * mechanism.
1229 * Ownership is defined since association request, in order to avoid
1230 * simultaneous associations with MU-MIMO.
1231 */
1232 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) {
1233 bool disable_mu_mimo = false;
1234 struct ieee80211_sub_if_data *other;
1235
1236 list_for_each_entry(other, &local->interfaces, list) {
1237 if (other->vif.bss_conf.mu_mimo_owner) {
1238 disable_mu_mimo = true;
1239 break;
1240 }
1241 }
1242 if (disable_mu_mimo)
1243 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
1244 else
1245 mu_mimo_owner = true;
1246 }
1247
1248 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
1249
1250 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
1251 our_bf_sts = cap & mask;
1252
1253 if (ap_bf_sts < our_bf_sts) {
1254 cap &= ~mask;
1255 cap |= ap_bf_sts;
1256 }
1257
1258 /* reserve and fill IE */
1259 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
1260 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
1261
1262 return mu_mimo_owner;
1263 }
1264
ieee80211_assoc_add_rates(struct sk_buff * skb,enum nl80211_chan_width width,struct ieee80211_supported_band * sband,struct ieee80211_mgd_assoc_data * assoc_data)1265 static void ieee80211_assoc_add_rates(struct sk_buff *skb,
1266 enum nl80211_chan_width width,
1267 struct ieee80211_supported_band *sband,
1268 struct ieee80211_mgd_assoc_data *assoc_data)
1269 {
1270 u32 rates;
1271
1272 if (assoc_data->supp_rates_len) {
1273 /*
1274 * Get all rates supported by the device and the AP as
1275 * some APs don't like getting a superset of their rates
1276 * in the association request (e.g. D-Link DAP 1353 in
1277 * b-only mode)...
1278 */
1279 ieee80211_parse_bitrates(width, sband,
1280 assoc_data->supp_rates,
1281 assoc_data->supp_rates_len,
1282 &rates);
1283 } else {
1284 /*
1285 * In case AP not provide any supported rates information
1286 * before association, we send information element(s) with
1287 * all rates that we support.
1288 */
1289 rates = ~0;
1290 }
1291
1292 ieee80211_put_srates_elem(skb, sband, 0, 0, ~rates,
1293 WLAN_EID_SUPP_RATES);
1294 ieee80211_put_srates_elem(skb, sband, 0, 0, ~rates,
1295 WLAN_EID_EXT_SUPP_RATES);
1296 }
1297
ieee80211_add_before_ht_elems(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1298 static size_t ieee80211_add_before_ht_elems(struct sk_buff *skb,
1299 const u8 *elems,
1300 size_t elems_len,
1301 size_t offset)
1302 {
1303 size_t noffset;
1304
1305 static const u8 before_ht[] = {
1306 WLAN_EID_SSID,
1307 WLAN_EID_SUPP_RATES,
1308 WLAN_EID_EXT_SUPP_RATES,
1309 WLAN_EID_PWR_CAPABILITY,
1310 WLAN_EID_SUPPORTED_CHANNELS,
1311 WLAN_EID_RSN,
1312 WLAN_EID_QOS_CAPA,
1313 WLAN_EID_RRM_ENABLED_CAPABILITIES,
1314 WLAN_EID_MOBILITY_DOMAIN,
1315 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */
1316 WLAN_EID_RIC_DATA, /* reassoc only */
1317 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1318 };
1319 static const u8 after_ric[] = {
1320 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1321 WLAN_EID_HT_CAPABILITY,
1322 WLAN_EID_BSS_COEX_2040,
1323 /* luckily this is almost always there */
1324 WLAN_EID_EXT_CAPABILITY,
1325 WLAN_EID_QOS_TRAFFIC_CAPA,
1326 WLAN_EID_TIM_BCAST_REQ,
1327 WLAN_EID_INTERWORKING,
1328 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
1329 WLAN_EID_VHT_CAPABILITY,
1330 WLAN_EID_OPMODE_NOTIF,
1331 };
1332
1333 if (!elems_len)
1334 return offset;
1335
1336 noffset = ieee80211_ie_split_ric(elems, elems_len,
1337 before_ht,
1338 ARRAY_SIZE(before_ht),
1339 after_ric,
1340 ARRAY_SIZE(after_ric),
1341 offset);
1342 skb_put_data(skb, elems + offset, noffset - offset);
1343
1344 return noffset;
1345 }
1346
ieee80211_add_before_vht_elems(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1347 static size_t ieee80211_add_before_vht_elems(struct sk_buff *skb,
1348 const u8 *elems,
1349 size_t elems_len,
1350 size_t offset)
1351 {
1352 static const u8 before_vht[] = {
1353 /*
1354 * no need to list the ones split off before HT
1355 * or generated here
1356 */
1357 WLAN_EID_BSS_COEX_2040,
1358 WLAN_EID_EXT_CAPABILITY,
1359 WLAN_EID_QOS_TRAFFIC_CAPA,
1360 WLAN_EID_TIM_BCAST_REQ,
1361 WLAN_EID_INTERWORKING,
1362 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
1363 };
1364 size_t noffset;
1365
1366 if (!elems_len)
1367 return offset;
1368
1369 /* RIC already taken care of in ieee80211_add_before_ht_elems() */
1370 noffset = ieee80211_ie_split(elems, elems_len,
1371 before_vht, ARRAY_SIZE(before_vht),
1372 offset);
1373 skb_put_data(skb, elems + offset, noffset - offset);
1374
1375 return noffset;
1376 }
1377
ieee80211_add_before_he_elems(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1378 static size_t ieee80211_add_before_he_elems(struct sk_buff *skb,
1379 const u8 *elems,
1380 size_t elems_len,
1381 size_t offset)
1382 {
1383 static const u8 before_he[] = {
1384 /*
1385 * no need to list the ones split off before VHT
1386 * or generated here
1387 */
1388 WLAN_EID_OPMODE_NOTIF,
1389 WLAN_EID_EXTENSION, WLAN_EID_EXT_FUTURE_CHAN_GUIDANCE,
1390 /* 11ai elements */
1391 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_SESSION,
1392 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_PUBLIC_KEY,
1393 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_KEY_CONFIRM,
1394 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_HLP_CONTAINER,
1395 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_IP_ADDR_ASSIGN,
1396 /* TODO: add 11ah/11aj/11ak elements */
1397 };
1398 size_t noffset;
1399
1400 if (!elems_len)
1401 return offset;
1402
1403 /* RIC already taken care of in ieee80211_add_before_ht_elems() */
1404 noffset = ieee80211_ie_split(elems, elems_len,
1405 before_he, ARRAY_SIZE(before_he),
1406 offset);
1407 skb_put_data(skb, elems + offset, noffset - offset);
1408
1409 return noffset;
1410 }
1411
1412 #define PRESENT_ELEMS_MAX 8
1413 #define PRESENT_ELEM_EXT_OFFS 0x100
1414
1415 static void ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
1416 struct sk_buff *skb, u16 capab,
1417 const struct element *ext_capa,
1418 const u16 *present_elems);
1419
ieee80211_assoc_link_elems(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,u16 * capab,const struct element * ext_capa,const u8 * extra_elems,size_t extra_elems_len,unsigned int link_id,struct ieee80211_link_data * link,u16 * present_elems)1420 static size_t ieee80211_assoc_link_elems(struct ieee80211_sub_if_data *sdata,
1421 struct sk_buff *skb, u16 *capab,
1422 const struct element *ext_capa,
1423 const u8 *extra_elems,
1424 size_t extra_elems_len,
1425 unsigned int link_id,
1426 struct ieee80211_link_data *link,
1427 u16 *present_elems)
1428 {
1429 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
1430 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1431 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
1432 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
1433 struct ieee80211_channel *chan = cbss->channel;
1434 const struct ieee80211_sband_iftype_data *iftd;
1435 struct ieee80211_local *local = sdata->local;
1436 struct ieee80211_supported_band *sband;
1437 enum nl80211_chan_width width = NL80211_CHAN_WIDTH_20;
1438 struct ieee80211_chanctx_conf *chanctx_conf;
1439 enum ieee80211_smps_mode smps_mode;
1440 u16 orig_capab = *capab;
1441 size_t offset = 0;
1442 int present_elems_len = 0;
1443 u8 *pos;
1444 int i;
1445
1446 #define ADD_PRESENT_ELEM(id) do { \
1447 /* need a last for termination - we use 0 == SSID */ \
1448 if (!WARN_ON(present_elems_len >= PRESENT_ELEMS_MAX - 1)) \
1449 present_elems[present_elems_len++] = (id); \
1450 } while (0)
1451 #define ADD_PRESENT_EXT_ELEM(id) ADD_PRESENT_ELEM(PRESENT_ELEM_EXT_OFFS | (id))
1452
1453 if (link)
1454 smps_mode = link->smps_mode;
1455 else if (sdata->u.mgd.powersave)
1456 smps_mode = IEEE80211_SMPS_DYNAMIC;
1457 else
1458 smps_mode = IEEE80211_SMPS_OFF;
1459
1460 if (link) {
1461 /*
1462 * 5/10 MHz scenarios are only viable without MLO, in which
1463 * case this pointer should be used ... All of this is a bit
1464 * unclear though, not sure this even works at all.
1465 */
1466 rcu_read_lock();
1467 chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
1468 if (chanctx_conf)
1469 width = chanctx_conf->def.width;
1470 rcu_read_unlock();
1471 }
1472
1473 sband = local->hw.wiphy->bands[chan->band];
1474 iftd = ieee80211_get_sband_iftype_data(sband, iftype);
1475
1476 if (sband->band == NL80211_BAND_2GHZ) {
1477 *capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
1478 *capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
1479 }
1480
1481 if ((cbss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
1482 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT))
1483 *capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
1484
1485 if (sband->band != NL80211_BAND_S1GHZ)
1486 ieee80211_assoc_add_rates(skb, width, sband, assoc_data);
1487
1488 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT ||
1489 *capab & WLAN_CAPABILITY_RADIO_MEASURE) {
1490 struct cfg80211_chan_def chandef = {
1491 .width = width,
1492 .chan = chan,
1493 };
1494
1495 pos = skb_put(skb, 4);
1496 *pos++ = WLAN_EID_PWR_CAPABILITY;
1497 *pos++ = 2;
1498 *pos++ = 0; /* min tx power */
1499 /* max tx power */
1500 *pos++ = ieee80211_chandef_max_power(&chandef);
1501 ADD_PRESENT_ELEM(WLAN_EID_PWR_CAPABILITY);
1502 }
1503
1504 /*
1505 * Per spec, we shouldn't include the list of channels if we advertise
1506 * support for extended channel switching, but we've always done that;
1507 * (for now?) apply this restriction only on the (new) 6 GHz band.
1508 */
1509 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT &&
1510 (sband->band != NL80211_BAND_6GHZ ||
1511 !ext_capa || ext_capa->datalen < 1 ||
1512 !(ext_capa->data[0] & WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING))) {
1513 /* TODO: get this in reg domain format */
1514 pos = skb_put(skb, 2 * sband->n_channels + 2);
1515 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
1516 *pos++ = 2 * sband->n_channels;
1517 for (i = 0; i < sband->n_channels; i++) {
1518 int cf = sband->channels[i].center_freq;
1519
1520 *pos++ = ieee80211_frequency_to_channel(cf);
1521 *pos++ = 1; /* one channel in the subband*/
1522 }
1523 ADD_PRESENT_ELEM(WLAN_EID_SUPPORTED_CHANNELS);
1524 }
1525
1526 /* if present, add any custom IEs that go before HT */
1527 offset = ieee80211_add_before_ht_elems(skb, extra_elems,
1528 extra_elems_len,
1529 offset);
1530
1531 if (sband->band != NL80211_BAND_6GHZ &&
1532 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HT) {
1533 ieee80211_add_ht_ie(sdata, skb,
1534 assoc_data->link[link_id].ap_ht_param,
1535 sband, chan, smps_mode,
1536 &assoc_data->link[link_id].conn);
1537 ADD_PRESENT_ELEM(WLAN_EID_HT_CAPABILITY);
1538 }
1539
1540 /* if present, add any custom IEs that go before VHT */
1541 offset = ieee80211_add_before_vht_elems(skb, extra_elems,
1542 extra_elems_len,
1543 offset);
1544
1545 if (sband->band != NL80211_BAND_6GHZ &&
1546 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_VHT &&
1547 sband->vht_cap.vht_supported) {
1548 bool mu_mimo_owner =
1549 ieee80211_add_vht_ie(sdata, skb, sband,
1550 &assoc_data->link[link_id].ap_vht_cap,
1551 &assoc_data->link[link_id].conn);
1552
1553 if (link)
1554 link->conf->mu_mimo_owner = mu_mimo_owner;
1555 ADD_PRESENT_ELEM(WLAN_EID_VHT_CAPABILITY);
1556 }
1557
1558 /* if present, add any custom IEs that go before HE */
1559 offset = ieee80211_add_before_he_elems(skb, extra_elems,
1560 extra_elems_len,
1561 offset);
1562
1563 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HE) {
1564 ieee80211_put_he_cap(skb, sdata, sband,
1565 &assoc_data->link[link_id].conn);
1566 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_HE_CAPABILITY);
1567 ieee80211_put_he_6ghz_cap(skb, sdata, smps_mode);
1568 }
1569
1570 /*
1571 * careful - need to know about all the present elems before
1572 * calling ieee80211_assoc_add_ml_elem(), so add this one if
1573 * we're going to put it after the ML element
1574 */
1575 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT)
1576 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_EHT_CAPABILITY);
1577
1578 if (link_id == assoc_data->assoc_link_id)
1579 ieee80211_assoc_add_ml_elem(sdata, skb, orig_capab, ext_capa,
1580 present_elems);
1581
1582 /* crash if somebody gets it wrong */
1583 present_elems = NULL;
1584
1585 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT)
1586 ieee80211_put_eht_cap(skb, sdata, sband,
1587 &assoc_data->link[link_id].conn);
1588
1589 if (sband->band == NL80211_BAND_S1GHZ) {
1590 ieee80211_add_aid_request_ie(sdata, skb);
1591 ieee80211_add_s1g_capab_ie(sdata, &sband->s1g_cap, skb);
1592 }
1593
1594 if (iftd && iftd->vendor_elems.data && iftd->vendor_elems.len)
1595 skb_put_data(skb, iftd->vendor_elems.data, iftd->vendor_elems.len);
1596
1597 return offset;
1598 }
1599
ieee80211_add_non_inheritance_elem(struct sk_buff * skb,const u16 * outer,const u16 * inner)1600 static void ieee80211_add_non_inheritance_elem(struct sk_buff *skb,
1601 const u16 *outer,
1602 const u16 *inner)
1603 {
1604 unsigned int skb_len = skb->len;
1605 bool at_extension = false;
1606 bool added = false;
1607 int i, j;
1608 u8 *len, *list_len = NULL;
1609
1610 skb_put_u8(skb, WLAN_EID_EXTENSION);
1611 len = skb_put(skb, 1);
1612 skb_put_u8(skb, WLAN_EID_EXT_NON_INHERITANCE);
1613
1614 for (i = 0; i < PRESENT_ELEMS_MAX && outer[i]; i++) {
1615 u16 elem = outer[i];
1616 bool have_inner = false;
1617
1618 /* should at least be sorted in the sense of normal -> ext */
1619 WARN_ON(at_extension && elem < PRESENT_ELEM_EXT_OFFS);
1620
1621 /* switch to extension list */
1622 if (!at_extension && elem >= PRESENT_ELEM_EXT_OFFS) {
1623 at_extension = true;
1624 if (!list_len)
1625 skb_put_u8(skb, 0);
1626 list_len = NULL;
1627 }
1628
1629 for (j = 0; j < PRESENT_ELEMS_MAX && inner[j]; j++) {
1630 if (elem == inner[j]) {
1631 have_inner = true;
1632 break;
1633 }
1634 }
1635
1636 if (have_inner)
1637 continue;
1638
1639 if (!list_len) {
1640 list_len = skb_put(skb, 1);
1641 *list_len = 0;
1642 }
1643 *list_len += 1;
1644 skb_put_u8(skb, (u8)elem);
1645 added = true;
1646 }
1647
1648 /* if we added a list but no extension list, make a zero-len one */
1649 if (added && (!at_extension || !list_len))
1650 skb_put_u8(skb, 0);
1651
1652 /* if nothing added remove extension element completely */
1653 if (!added)
1654 skb_trim(skb, skb_len);
1655 else
1656 *len = skb->len - skb_len - 2;
1657 }
1658
ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,u16 capab,const struct element * ext_capa,const u16 * outer_present_elems)1659 static void ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
1660 struct sk_buff *skb, u16 capab,
1661 const struct element *ext_capa,
1662 const u16 *outer_present_elems)
1663 {
1664 struct ieee80211_local *local = sdata->local;
1665 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1666 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
1667 struct ieee80211_multi_link_elem *ml_elem;
1668 struct ieee80211_mle_basic_common_info *common;
1669 const struct wiphy_iftype_ext_capab *ift_ext_capa;
1670 __le16 eml_capa = 0, mld_capa_ops = 0;
1671 unsigned int link_id;
1672 u8 *ml_elem_len;
1673 void *capab_pos;
1674
1675 if (!ieee80211_vif_is_mld(&sdata->vif))
1676 return;
1677
1678 ift_ext_capa = cfg80211_get_iftype_ext_capa(local->hw.wiphy,
1679 ieee80211_vif_type_p2p(&sdata->vif));
1680 if (ift_ext_capa) {
1681 eml_capa = cpu_to_le16(ift_ext_capa->eml_capabilities);
1682 mld_capa_ops = cpu_to_le16(ift_ext_capa->mld_capa_and_ops);
1683 }
1684
1685 skb_put_u8(skb, WLAN_EID_EXTENSION);
1686 ml_elem_len = skb_put(skb, 1);
1687 skb_put_u8(skb, WLAN_EID_EXT_EHT_MULTI_LINK);
1688 ml_elem = skb_put(skb, sizeof(*ml_elem));
1689 ml_elem->control =
1690 cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_BASIC |
1691 IEEE80211_MLC_BASIC_PRES_MLD_CAPA_OP);
1692 common = skb_put(skb, sizeof(*common));
1693 common->len = sizeof(*common) +
1694 2; /* MLD capa/ops */
1695 memcpy(common->mld_mac_addr, sdata->vif.addr, ETH_ALEN);
1696
1697 /* add EML_CAPA only if needed, see Draft P802.11be_D2.1, 35.3.17 */
1698 if (eml_capa &
1699 cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP |
1700 IEEE80211_EML_CAP_EMLMR_SUPPORT))) {
1701 common->len += 2; /* EML capabilities */
1702 ml_elem->control |=
1703 cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EML_CAPA);
1704 skb_put_data(skb, &eml_capa, sizeof(eml_capa));
1705 }
1706 skb_put_data(skb, &mld_capa_ops, sizeof(mld_capa_ops));
1707
1708 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
1709 u16 link_present_elems[PRESENT_ELEMS_MAX] = {};
1710 const u8 *extra_elems;
1711 size_t extra_elems_len;
1712 size_t extra_used;
1713 u8 *subelem_len = NULL;
1714 __le16 ctrl;
1715
1716 if (!assoc_data->link[link_id].bss ||
1717 link_id == assoc_data->assoc_link_id)
1718 continue;
1719
1720 extra_elems = assoc_data->link[link_id].elems;
1721 extra_elems_len = assoc_data->link[link_id].elems_len;
1722
1723 skb_put_u8(skb, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE);
1724 subelem_len = skb_put(skb, 1);
1725
1726 ctrl = cpu_to_le16(link_id |
1727 IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE |
1728 IEEE80211_MLE_STA_CONTROL_STA_MAC_ADDR_PRESENT);
1729 skb_put_data(skb, &ctrl, sizeof(ctrl));
1730 skb_put_u8(skb, 1 + ETH_ALEN); /* STA Info Length */
1731 skb_put_data(skb, assoc_data->link[link_id].addr,
1732 ETH_ALEN);
1733 /*
1734 * Now add the contents of the (re)association request,
1735 * but the "listen interval" and "current AP address"
1736 * (if applicable) are skipped. So we only have
1737 * the capability field (remember the position and fill
1738 * later), followed by the elements added below by
1739 * calling ieee80211_assoc_link_elems().
1740 */
1741 capab_pos = skb_put(skb, 2);
1742
1743 extra_used = ieee80211_assoc_link_elems(sdata, skb, &capab,
1744 ext_capa,
1745 extra_elems,
1746 extra_elems_len,
1747 link_id, NULL,
1748 link_present_elems);
1749 if (extra_elems)
1750 skb_put_data(skb, extra_elems + extra_used,
1751 extra_elems_len - extra_used);
1752
1753 put_unaligned_le16(capab, capab_pos);
1754
1755 ieee80211_add_non_inheritance_elem(skb, outer_present_elems,
1756 link_present_elems);
1757
1758 ieee80211_fragment_element(skb, subelem_len,
1759 IEEE80211_MLE_SUBELEM_FRAGMENT);
1760 }
1761
1762 ieee80211_fragment_element(skb, ml_elem_len, WLAN_EID_FRAGMENT);
1763 }
1764
ieee80211_send_assoc(struct ieee80211_sub_if_data * sdata)1765 static int ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
1766 {
1767 struct ieee80211_local *local = sdata->local;
1768 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1769 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
1770 struct ieee80211_link_data *link;
1771 struct sk_buff *skb;
1772 struct ieee80211_mgmt *mgmt;
1773 u8 *pos, qos_info, *ie_start;
1774 size_t offset, noffset;
1775 u16 capab = 0, link_capab;
1776 __le16 listen_int;
1777 struct element *ext_capa = NULL;
1778 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
1779 struct ieee80211_prep_tx_info info = {};
1780 unsigned int link_id, n_links = 0;
1781 u16 present_elems[PRESENT_ELEMS_MAX] = {};
1782 void *capab_pos;
1783 size_t size;
1784 int ret;
1785
1786 /* we know it's writable, cast away the const */
1787 if (assoc_data->ie_len)
1788 ext_capa = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
1789 assoc_data->ie,
1790 assoc_data->ie_len);
1791
1792 lockdep_assert_wiphy(sdata->local->hw.wiphy);
1793
1794 size = local->hw.extra_tx_headroom +
1795 sizeof(*mgmt) + /* bit too much but doesn't matter */
1796 2 + assoc_data->ssid_len + /* SSID */
1797 assoc_data->ie_len + /* extra IEs */
1798 (assoc_data->fils_kek_len ? 16 /* AES-SIV */ : 0) +
1799 9; /* WMM */
1800
1801 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
1802 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
1803 const struct ieee80211_sband_iftype_data *iftd;
1804 struct ieee80211_supported_band *sband;
1805
1806 if (!cbss)
1807 continue;
1808
1809 sband = local->hw.wiphy->bands[cbss->channel->band];
1810
1811 n_links++;
1812 /* add STA profile elements length */
1813 size += assoc_data->link[link_id].elems_len;
1814 /* and supported rates length */
1815 size += 4 + sband->n_bitrates;
1816 /* supported channels */
1817 size += 2 + 2 * sband->n_channels;
1818
1819 iftd = ieee80211_get_sband_iftype_data(sband, iftype);
1820 if (iftd)
1821 size += iftd->vendor_elems.len;
1822
1823 /* power capability */
1824 size += 4;
1825
1826 /* HT, VHT, HE, EHT */
1827 size += 2 + sizeof(struct ieee80211_ht_cap);
1828 size += 2 + sizeof(struct ieee80211_vht_cap);
1829 size += 2 + 1 + sizeof(struct ieee80211_he_cap_elem) +
1830 sizeof(struct ieee80211_he_mcs_nss_supp) +
1831 IEEE80211_HE_PPE_THRES_MAX_LEN;
1832
1833 if (sband->band == NL80211_BAND_6GHZ)
1834 size += 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa);
1835
1836 size += 2 + 1 + sizeof(struct ieee80211_eht_cap_elem) +
1837 sizeof(struct ieee80211_eht_mcs_nss_supp) +
1838 IEEE80211_EHT_PPE_THRES_MAX_LEN;
1839
1840 /* non-inheritance element */
1841 size += 2 + 2 + PRESENT_ELEMS_MAX;
1842
1843 /* should be the same across all BSSes */
1844 if (cbss->capability & WLAN_CAPABILITY_PRIVACY)
1845 capab |= WLAN_CAPABILITY_PRIVACY;
1846 }
1847
1848 if (ieee80211_vif_is_mld(&sdata->vif)) {
1849 /* consider the multi-link element with STA profile */
1850 size += sizeof(struct ieee80211_multi_link_elem);
1851 /* max common info field in basic multi-link element */
1852 size += sizeof(struct ieee80211_mle_basic_common_info) +
1853 2 + /* capa & op */
1854 2; /* EML capa */
1855
1856 /*
1857 * The capability elements were already considered above;
1858 * note this over-estimates a bit because there's no
1859 * STA profile for the assoc link.
1860 */
1861 size += (n_links - 1) *
1862 (1 + 1 + /* subelement ID/length */
1863 2 + /* STA control */
1864 1 + ETH_ALEN + 2 /* STA Info field */);
1865 }
1866
1867 link = sdata_dereference(sdata->link[assoc_data->assoc_link_id], sdata);
1868 if (WARN_ON(!link))
1869 return -EINVAL;
1870
1871 if (WARN_ON(!assoc_data->link[assoc_data->assoc_link_id].bss))
1872 return -EINVAL;
1873
1874 skb = alloc_skb(size, GFP_KERNEL);
1875 if (!skb)
1876 return -ENOMEM;
1877
1878 skb_reserve(skb, local->hw.extra_tx_headroom);
1879
1880 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM)
1881 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
1882
1883 /* Set MBSSID support for HE AP if needed */
1884 if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) &&
1885 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE &&
1886 ext_capa && ext_capa->datalen >= 3)
1887 ext_capa->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT;
1888
1889 mgmt = skb_put_zero(skb, 24);
1890 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
1891 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
1892 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
1893
1894 listen_int = cpu_to_le16(assoc_data->s1g ?
1895 ieee80211_encode_usf(local->hw.conf.listen_interval) :
1896 local->hw.conf.listen_interval);
1897 if (!is_zero_ether_addr(assoc_data->prev_ap_addr)) {
1898 skb_put(skb, 10);
1899 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1900 IEEE80211_STYPE_REASSOC_REQ);
1901 capab_pos = &mgmt->u.reassoc_req.capab_info;
1902 mgmt->u.reassoc_req.listen_interval = listen_int;
1903 memcpy(mgmt->u.reassoc_req.current_ap,
1904 assoc_data->prev_ap_addr, ETH_ALEN);
1905 info.subtype = IEEE80211_STYPE_REASSOC_REQ;
1906 } else {
1907 skb_put(skb, 4);
1908 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1909 IEEE80211_STYPE_ASSOC_REQ);
1910 capab_pos = &mgmt->u.assoc_req.capab_info;
1911 mgmt->u.assoc_req.listen_interval = listen_int;
1912 info.subtype = IEEE80211_STYPE_ASSOC_REQ;
1913 }
1914
1915 /* SSID */
1916 pos = skb_put(skb, 2 + assoc_data->ssid_len);
1917 ie_start = pos;
1918 *pos++ = WLAN_EID_SSID;
1919 *pos++ = assoc_data->ssid_len;
1920 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
1921
1922 /*
1923 * This bit is technically reserved, so it shouldn't matter for either
1924 * the AP or us, but it also means we shouldn't set it. However, we've
1925 * always set it in the past, and apparently some EHT APs check that
1926 * we don't set it. To avoid interoperability issues with old APs that
1927 * for some reason check it and want it to be set, set the bit for all
1928 * pre-EHT connections as we used to do.
1929 */
1930 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_EHT)
1931 capab |= WLAN_CAPABILITY_ESS;
1932
1933 /* add the elements for the assoc (main) link */
1934 link_capab = capab;
1935 offset = ieee80211_assoc_link_elems(sdata, skb, &link_capab,
1936 ext_capa,
1937 assoc_data->ie,
1938 assoc_data->ie_len,
1939 assoc_data->assoc_link_id, link,
1940 present_elems);
1941 put_unaligned_le16(link_capab, capab_pos);
1942
1943 /* if present, add any custom non-vendor IEs */
1944 if (assoc_data->ie_len) {
1945 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
1946 assoc_data->ie_len,
1947 offset);
1948 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1949 offset = noffset;
1950 }
1951
1952 if (assoc_data->wmm) {
1953 if (assoc_data->uapsd) {
1954 qos_info = ifmgd->uapsd_queues;
1955 qos_info |= (ifmgd->uapsd_max_sp_len <<
1956 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
1957 } else {
1958 qos_info = 0;
1959 }
1960
1961 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
1962 }
1963
1964 /* add any remaining custom (i.e. vendor specific here) IEs */
1965 if (assoc_data->ie_len) {
1966 noffset = assoc_data->ie_len;
1967 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1968 }
1969
1970 if (assoc_data->fils_kek_len) {
1971 ret = fils_encrypt_assoc_req(skb, assoc_data);
1972 if (ret < 0) {
1973 dev_kfree_skb(skb);
1974 return ret;
1975 }
1976 }
1977
1978 pos = skb_tail_pointer(skb);
1979 kfree(ifmgd->assoc_req_ies);
1980 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC);
1981 if (!ifmgd->assoc_req_ies) {
1982 dev_kfree_skb(skb);
1983 return -ENOMEM;
1984 }
1985
1986 ifmgd->assoc_req_ies_len = pos - ie_start;
1987
1988 info.link_id = assoc_data->assoc_link_id;
1989 drv_mgd_prepare_tx(local, sdata, &info);
1990
1991 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1992 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1993 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
1994 IEEE80211_TX_INTFL_MLME_CONN_TX;
1995 ieee80211_tx_skb(sdata, skb);
1996
1997 return 0;
1998 }
1999
ieee80211_send_pspoll(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)2000 void ieee80211_send_pspoll(struct ieee80211_local *local,
2001 struct ieee80211_sub_if_data *sdata)
2002 {
2003 struct ieee80211_pspoll *pspoll;
2004 struct sk_buff *skb;
2005
2006 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
2007 if (!skb)
2008 return;
2009
2010 pspoll = (struct ieee80211_pspoll *) skb->data;
2011 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
2012
2013 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2014 ieee80211_tx_skb(sdata, skb);
2015 }
2016
ieee80211_send_nullfunc(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata,bool powersave)2017 void ieee80211_send_nullfunc(struct ieee80211_local *local,
2018 struct ieee80211_sub_if_data *sdata,
2019 bool powersave)
2020 {
2021 struct sk_buff *skb;
2022 struct ieee80211_hdr_3addr *nullfunc;
2023 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2024
2025 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif, -1,
2026 !ieee80211_hw_check(&local->hw,
2027 DOESNT_SUPPORT_QOS_NDP));
2028 if (!skb)
2029 return;
2030
2031 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
2032 if (powersave)
2033 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
2034
2035 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
2036 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
2037
2038 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2039 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2040
2041 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
2042 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
2043
2044 ieee80211_tx_skb(sdata, skb);
2045 }
2046
ieee80211_send_4addr_nullfunc(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)2047 void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
2048 struct ieee80211_sub_if_data *sdata)
2049 {
2050 struct sk_buff *skb;
2051 struct ieee80211_hdr *nullfunc;
2052 __le16 fc;
2053
2054 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2055 return;
2056
2057 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
2058 if (!skb)
2059 return;
2060
2061 skb_reserve(skb, local->hw.extra_tx_headroom);
2062
2063 nullfunc = skb_put_zero(skb, 30);
2064 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
2065 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
2066 nullfunc->frame_control = fc;
2067 memcpy(nullfunc->addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN);
2068 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
2069 memcpy(nullfunc->addr3, sdata->deflink.u.mgd.bssid, ETH_ALEN);
2070 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
2071
2072 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2073 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
2074 ieee80211_tx_skb(sdata, skb);
2075 }
2076
2077 /* spectrum management related things */
ieee80211_csa_switch_work(struct wiphy * wiphy,struct wiphy_work * work)2078 static void ieee80211_csa_switch_work(struct wiphy *wiphy,
2079 struct wiphy_work *work)
2080 {
2081 struct ieee80211_link_data *link =
2082 container_of(work, struct ieee80211_link_data,
2083 u.mgd.csa.switch_work.work);
2084 struct ieee80211_sub_if_data *sdata = link->sdata;
2085 struct ieee80211_local *local = sdata->local;
2086 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2087 int ret;
2088
2089 if (!ieee80211_sdata_running(sdata))
2090 return;
2091
2092 lockdep_assert_wiphy(local->hw.wiphy);
2093
2094 if (!ifmgd->associated)
2095 return;
2096
2097 if (!link->conf->csa_active)
2098 return;
2099
2100 /*
2101 * If the link isn't active (now), we cannot wait for beacons, won't
2102 * have a reserved chanctx, etc. Just switch over the chandef and
2103 * update cfg80211 directly.
2104 */
2105 if (!ieee80211_vif_link_active(&sdata->vif, link->link_id)) {
2106 link->conf->chanreq = link->csa.chanreq;
2107 cfg80211_ch_switch_notify(sdata->dev, &link->csa.chanreq.oper,
2108 link->link_id);
2109 return;
2110 }
2111
2112 /*
2113 * using reservation isn't immediate as it may be deferred until later
2114 * with multi-vif. once reservation is complete it will re-schedule the
2115 * work with no reserved_chanctx so verify chandef to check if it
2116 * completed successfully
2117 */
2118
2119 if (link->reserved_chanctx) {
2120 /*
2121 * with multi-vif csa driver may call ieee80211_csa_finish()
2122 * many times while waiting for other interfaces to use their
2123 * reservations
2124 */
2125 if (link->reserved_ready)
2126 return;
2127
2128 ret = ieee80211_link_use_reserved_context(link);
2129 if (ret) {
2130 link_info(link,
2131 "failed to use reserved channel context, disconnecting (err=%d)\n",
2132 ret);
2133 wiphy_work_queue(sdata->local->hw.wiphy,
2134 &ifmgd->csa_connection_drop_work);
2135 }
2136 return;
2137 }
2138
2139 if (!ieee80211_chanreq_identical(&link->conf->chanreq,
2140 &link->csa.chanreq)) {
2141 link_info(link,
2142 "failed to finalize channel switch, disconnecting\n");
2143 wiphy_work_queue(sdata->local->hw.wiphy,
2144 &ifmgd->csa_connection_drop_work);
2145 return;
2146 }
2147
2148 link->u.mgd.csa.waiting_bcn = true;
2149
2150 /* apply new TPE restrictions immediately on the new channel */
2151 if (link->u.mgd.csa.ap_chandef.chan->band == NL80211_BAND_6GHZ &&
2152 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE) {
2153 ieee80211_rearrange_tpe(&link->u.mgd.csa.tpe,
2154 &link->u.mgd.csa.ap_chandef,
2155 &link->conf->chanreq.oper);
2156 if (memcmp(&link->conf->tpe, &link->u.mgd.csa.tpe,
2157 sizeof(link->u.mgd.csa.tpe))) {
2158 link->conf->tpe = link->u.mgd.csa.tpe;
2159 ieee80211_link_info_change_notify(sdata, link,
2160 BSS_CHANGED_TPE);
2161 }
2162 }
2163
2164 ieee80211_sta_reset_beacon_monitor(sdata);
2165 ieee80211_sta_reset_conn_monitor(sdata);
2166 }
2167
ieee80211_chswitch_post_beacon(struct ieee80211_link_data * link)2168 static void ieee80211_chswitch_post_beacon(struct ieee80211_link_data *link)
2169 {
2170 struct ieee80211_sub_if_data *sdata = link->sdata;
2171 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2172 int ret;
2173
2174 lockdep_assert_wiphy(sdata->local->hw.wiphy);
2175
2176 WARN_ON(!link->conf->csa_active);
2177
2178 ieee80211_vif_unblock_queues_csa(sdata);
2179
2180 link->conf->csa_active = false;
2181 link->u.mgd.csa.blocked_tx = false;
2182 link->u.mgd.csa.waiting_bcn = false;
2183
2184 ret = drv_post_channel_switch(link);
2185 if (ret) {
2186 link_info(link,
2187 "driver post channel switch failed, disconnecting\n");
2188 wiphy_work_queue(sdata->local->hw.wiphy,
2189 &ifmgd->csa_connection_drop_work);
2190 return;
2191 }
2192
2193 cfg80211_ch_switch_notify(sdata->dev, &link->conf->chanreq.oper,
2194 link->link_id);
2195 }
2196
ieee80211_chswitch_done(struct ieee80211_vif * vif,bool success,unsigned int link_id)2197 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success,
2198 unsigned int link_id)
2199 {
2200 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2201
2202 trace_api_chswitch_done(sdata, success, link_id);
2203
2204 rcu_read_lock();
2205
2206 if (!success) {
2207 sdata_info(sdata,
2208 "driver channel switch failed (link %d), disconnecting\n",
2209 link_id);
2210 wiphy_work_queue(sdata->local->hw.wiphy,
2211 &sdata->u.mgd.csa_connection_drop_work);
2212 } else {
2213 struct ieee80211_link_data *link =
2214 rcu_dereference(sdata->link[link_id]);
2215
2216 if (WARN_ON(!link)) {
2217 rcu_read_unlock();
2218 return;
2219 }
2220
2221 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
2222 &link->u.mgd.csa.switch_work, 0);
2223 }
2224
2225 rcu_read_unlock();
2226 }
2227 EXPORT_SYMBOL(ieee80211_chswitch_done);
2228
2229 static void
ieee80211_sta_abort_chanswitch(struct ieee80211_link_data * link)2230 ieee80211_sta_abort_chanswitch(struct ieee80211_link_data *link)
2231 {
2232 struct ieee80211_sub_if_data *sdata = link->sdata;
2233 struct ieee80211_local *local = sdata->local;
2234
2235 lockdep_assert_wiphy(local->hw.wiphy);
2236
2237 if (!local->ops->abort_channel_switch)
2238 return;
2239
2240 ieee80211_link_unreserve_chanctx(link);
2241
2242 ieee80211_vif_unblock_queues_csa(sdata);
2243
2244 link->conf->csa_active = false;
2245 link->u.mgd.csa.blocked_tx = false;
2246
2247 drv_abort_channel_switch(link);
2248 }
2249
2250 struct sta_csa_rnr_iter_data {
2251 struct ieee80211_link_data *link;
2252 struct ieee80211_channel *chan;
2253 u8 mld_id;
2254 };
2255
2256 static enum cfg80211_rnr_iter_ret
ieee80211_sta_csa_rnr_iter(void * _data,u8 type,const struct ieee80211_neighbor_ap_info * info,const u8 * tbtt_info,u8 tbtt_info_len)2257 ieee80211_sta_csa_rnr_iter(void *_data, u8 type,
2258 const struct ieee80211_neighbor_ap_info *info,
2259 const u8 *tbtt_info, u8 tbtt_info_len)
2260 {
2261 struct sta_csa_rnr_iter_data *data = _data;
2262 struct ieee80211_link_data *link = data->link;
2263 struct ieee80211_sub_if_data *sdata = link->sdata;
2264 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2265 const struct ieee80211_tbtt_info_ge_11 *ti;
2266 enum nl80211_band band;
2267 unsigned int center_freq;
2268 int link_id;
2269
2270 if (type != IEEE80211_TBTT_INFO_TYPE_TBTT)
2271 return RNR_ITER_CONTINUE;
2272
2273 if (tbtt_info_len < sizeof(*ti))
2274 return RNR_ITER_CONTINUE;
2275
2276 ti = (const void *)tbtt_info;
2277
2278 if (ti->mld_params.mld_id != data->mld_id)
2279 return RNR_ITER_CONTINUE;
2280
2281 link_id = le16_get_bits(ti->mld_params.params,
2282 IEEE80211_RNR_MLD_PARAMS_LINK_ID);
2283 if (link_id != data->link->link_id)
2284 return RNR_ITER_CONTINUE;
2285
2286 /* we found the entry for our link! */
2287
2288 /* this AP is confused, it had this right before ... just disconnect */
2289 if (!ieee80211_operating_class_to_band(info->op_class, &band)) {
2290 link_info(link,
2291 "AP now has invalid operating class in RNR, disconnect\n");
2292 wiphy_work_queue(sdata->local->hw.wiphy,
2293 &ifmgd->csa_connection_drop_work);
2294 return RNR_ITER_BREAK;
2295 }
2296
2297 center_freq = ieee80211_channel_to_frequency(info->channel, band);
2298 data->chan = ieee80211_get_channel(sdata->local->hw.wiphy, center_freq);
2299
2300 return RNR_ITER_BREAK;
2301 }
2302
2303 static void
ieee80211_sta_other_link_csa_disappeared(struct ieee80211_link_data * link,struct ieee802_11_elems * elems)2304 ieee80211_sta_other_link_csa_disappeared(struct ieee80211_link_data *link,
2305 struct ieee802_11_elems *elems)
2306 {
2307 struct ieee80211_sub_if_data *sdata = link->sdata;
2308 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2309 struct sta_csa_rnr_iter_data data = {
2310 .link = link,
2311 };
2312
2313 /*
2314 * If we get here, we see a beacon from another link without
2315 * CSA still being reported for it, so now we have to check
2316 * if the CSA was aborted or completed. This may not even be
2317 * perfectly possible if the CSA was only done for changing
2318 * the puncturing, but in that case if the link in inactive
2319 * we don't really care, and if it's an active link (or when
2320 * it's activated later) we'll get a beacon and adjust.
2321 */
2322
2323 if (WARN_ON(!elems->ml_basic))
2324 return;
2325
2326 data.mld_id = ieee80211_mle_get_mld_id((const void *)elems->ml_basic);
2327
2328 /*
2329 * So in order to do this, iterate the RNR element(s) and see
2330 * what channel is reported now.
2331 */
2332 cfg80211_iter_rnr(elems->ie_start, elems->total_len,
2333 ieee80211_sta_csa_rnr_iter, &data);
2334
2335 if (!data.chan) {
2336 link_info(link,
2337 "couldn't find (valid) channel in RNR for CSA, disconnect\n");
2338 wiphy_work_queue(sdata->local->hw.wiphy,
2339 &ifmgd->csa_connection_drop_work);
2340 return;
2341 }
2342
2343 /*
2344 * If it doesn't match the CSA, then assume it aborted. This
2345 * may erroneously detect that it was _not_ aborted when it
2346 * was in fact aborted, but only changed the bandwidth or the
2347 * puncturing configuration, but we don't have enough data to
2348 * detect that.
2349 */
2350 if (data.chan != link->csa.chanreq.oper.chan)
2351 ieee80211_sta_abort_chanswitch(link);
2352 }
2353
2354 enum ieee80211_csa_source {
2355 IEEE80211_CSA_SOURCE_BEACON,
2356 IEEE80211_CSA_SOURCE_OTHER_LINK,
2357 IEEE80211_CSA_SOURCE_PROT_ACTION,
2358 IEEE80211_CSA_SOURCE_UNPROT_ACTION,
2359 };
2360
2361 static void
ieee80211_sta_process_chanswitch(struct ieee80211_link_data * link,u64 timestamp,u32 device_timestamp,struct ieee802_11_elems * full_elems,struct ieee802_11_elems * csa_elems,enum ieee80211_csa_source source)2362 ieee80211_sta_process_chanswitch(struct ieee80211_link_data *link,
2363 u64 timestamp, u32 device_timestamp,
2364 struct ieee802_11_elems *full_elems,
2365 struct ieee802_11_elems *csa_elems,
2366 enum ieee80211_csa_source source)
2367 {
2368 struct ieee80211_sub_if_data *sdata = link->sdata;
2369 struct ieee80211_local *local = sdata->local;
2370 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2371 struct ieee80211_chanctx *chanctx = NULL;
2372 struct ieee80211_chanctx_conf *conf;
2373 struct ieee80211_csa_ie csa_ie = {};
2374 struct ieee80211_channel_switch ch_switch = {
2375 .link_id = link->link_id,
2376 .timestamp = timestamp,
2377 .device_timestamp = device_timestamp,
2378 };
2379 unsigned long now;
2380 int res;
2381
2382 lockdep_assert_wiphy(local->hw.wiphy);
2383
2384 if (csa_elems) {
2385 struct cfg80211_bss *cbss = link->conf->bss;
2386 enum nl80211_band current_band;
2387 struct ieee80211_bss *bss;
2388
2389 if (WARN_ON(!cbss))
2390 return;
2391
2392 current_band = cbss->channel->band;
2393 bss = (void *)cbss->priv;
2394
2395 res = ieee80211_parse_ch_switch_ie(sdata, csa_elems,
2396 current_band,
2397 bss->vht_cap_info,
2398 &link->u.mgd.conn,
2399 link->u.mgd.bssid,
2400 source == IEEE80211_CSA_SOURCE_UNPROT_ACTION,
2401 &csa_ie);
2402 if (res == 0) {
2403 ch_switch.block_tx = csa_ie.mode;
2404 ch_switch.chandef = csa_ie.chanreq.oper;
2405 ch_switch.count = csa_ie.count;
2406 ch_switch.delay = csa_ie.max_switch_time;
2407 }
2408
2409 link->u.mgd.csa.tpe = csa_elems->csa_tpe;
2410 } else {
2411 /*
2412 * If there was no per-STA profile for this link, we
2413 * get called with csa_elems == NULL. This of course means
2414 * there are no CSA elements, so set res=1 indicating
2415 * no more CSA.
2416 */
2417 res = 1;
2418 }
2419
2420 if (res < 0) {
2421 /* ignore this case, not a protected frame */
2422 if (source == IEEE80211_CSA_SOURCE_UNPROT_ACTION)
2423 return;
2424 goto drop_connection;
2425 }
2426
2427 if (link->conf->csa_active) {
2428 switch (source) {
2429 case IEEE80211_CSA_SOURCE_PROT_ACTION:
2430 case IEEE80211_CSA_SOURCE_UNPROT_ACTION:
2431 /* already processing - disregard action frames */
2432 return;
2433 case IEEE80211_CSA_SOURCE_BEACON:
2434 if (link->u.mgd.csa.waiting_bcn) {
2435 ieee80211_chswitch_post_beacon(link);
2436 /*
2437 * If the CSA is still present after the switch
2438 * we need to consider it as a new CSA (possibly
2439 * to self). This happens by not returning here
2440 * so we'll get to the check below.
2441 */
2442 } else if (res) {
2443 ieee80211_sta_abort_chanswitch(link);
2444 return;
2445 } else {
2446 drv_channel_switch_rx_beacon(sdata, &ch_switch);
2447 return;
2448 }
2449 break;
2450 case IEEE80211_CSA_SOURCE_OTHER_LINK:
2451 /* active link: we want to see the beacon to continue */
2452 if (ieee80211_vif_link_active(&sdata->vif,
2453 link->link_id))
2454 return;
2455
2456 /* switch work ran, so just complete the process */
2457 if (link->u.mgd.csa.waiting_bcn) {
2458 ieee80211_chswitch_post_beacon(link);
2459 /*
2460 * If the CSA is still present after the switch
2461 * we need to consider it as a new CSA (possibly
2462 * to self). This happens by not returning here
2463 * so we'll get to the check below.
2464 */
2465 break;
2466 }
2467
2468 /* link still has CSA but we already know, do nothing */
2469 if (!res)
2470 return;
2471
2472 /* check in the RNR if the CSA aborted */
2473 ieee80211_sta_other_link_csa_disappeared(link,
2474 full_elems);
2475 return;
2476 }
2477 }
2478
2479 /* no active CSA nor a new one */
2480 if (res) {
2481 /*
2482 * However, we may have stopped queues when receiving a public
2483 * action frame that couldn't be protected, if it had the quiet
2484 * bit set. This is a trade-off, we want to be quiet as soon as
2485 * possible, but also don't trust the public action frame much,
2486 * as it can't be protected.
2487 */
2488 if (unlikely(link->u.mgd.csa.blocked_tx)) {
2489 link->u.mgd.csa.blocked_tx = false;
2490 ieee80211_vif_unblock_queues_csa(sdata);
2491 }
2492 return;
2493 }
2494
2495 /*
2496 * We don't really trust public action frames, but block queues (go to
2497 * quiet mode) for them anyway, we should get a beacon soon to either
2498 * know what the CSA really is, or figure out the public action frame
2499 * was actually an attack.
2500 */
2501 if (source == IEEE80211_CSA_SOURCE_UNPROT_ACTION) {
2502 if (csa_ie.mode) {
2503 link->u.mgd.csa.blocked_tx = true;
2504 ieee80211_vif_block_queues_csa(sdata);
2505 }
2506 return;
2507 }
2508
2509 if (link->conf->chanreq.oper.chan->band !=
2510 csa_ie.chanreq.oper.chan->band) {
2511 link_info(link,
2512 "AP %pM switches to different band (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
2513 link->u.mgd.bssid,
2514 csa_ie.chanreq.oper.chan->center_freq,
2515 csa_ie.chanreq.oper.width,
2516 csa_ie.chanreq.oper.center_freq1,
2517 csa_ie.chanreq.oper.center_freq2);
2518 goto drop_connection;
2519 }
2520
2521 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chanreq.oper,
2522 IEEE80211_CHAN_DISABLED)) {
2523 link_info(link,
2524 "AP %pM switches to unsupported channel (%d.%03d MHz, width:%d, CF1/2: %d.%03d/%d MHz), disconnecting\n",
2525 link->u.mgd.bssid,
2526 csa_ie.chanreq.oper.chan->center_freq,
2527 csa_ie.chanreq.oper.chan->freq_offset,
2528 csa_ie.chanreq.oper.width,
2529 csa_ie.chanreq.oper.center_freq1,
2530 csa_ie.chanreq.oper.freq1_offset,
2531 csa_ie.chanreq.oper.center_freq2);
2532 goto drop_connection;
2533 }
2534
2535 if (cfg80211_chandef_identical(&csa_ie.chanreq.oper,
2536 &link->conf->chanreq.oper) &&
2537 (!csa_ie.mode || source != IEEE80211_CSA_SOURCE_BEACON)) {
2538 if (link->u.mgd.csa.ignored_same_chan)
2539 return;
2540 link_info(link,
2541 "AP %pM tries to chanswitch to same channel, ignore\n",
2542 link->u.mgd.bssid);
2543 link->u.mgd.csa.ignored_same_chan = true;
2544 return;
2545 }
2546
2547 /*
2548 * Drop all TDLS peers on the affected link - either we disconnect or
2549 * move to a different channel from this point on. There's no telling
2550 * what our peer will do.
2551 * The TDLS WIDER_BW scenario is also problematic, as peers might now
2552 * have an incompatible wider chandef.
2553 */
2554 ieee80211_teardown_tdls_peers(link);
2555
2556 conf = rcu_dereference_protected(link->conf->chanctx_conf,
2557 lockdep_is_held(&local->hw.wiphy->mtx));
2558 if (ieee80211_vif_link_active(&sdata->vif, link->link_id) && !conf) {
2559 link_info(link,
2560 "no channel context assigned to vif?, disconnecting\n");
2561 goto drop_connection;
2562 }
2563
2564 if (conf)
2565 chanctx = container_of(conf, struct ieee80211_chanctx, conf);
2566
2567 if (!ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) {
2568 link_info(link,
2569 "driver doesn't support chan-switch with channel contexts\n");
2570 goto drop_connection;
2571 }
2572
2573 if (drv_pre_channel_switch(sdata, &ch_switch)) {
2574 link_info(link,
2575 "preparing for channel switch failed, disconnecting\n");
2576 goto drop_connection;
2577 }
2578
2579 link->u.mgd.csa.ap_chandef = csa_ie.chanreq.ap;
2580
2581 link->csa.chanreq.oper = csa_ie.chanreq.oper;
2582 ieee80211_set_chanreq_ap(sdata, &link->csa.chanreq, &link->u.mgd.conn,
2583 &csa_ie.chanreq.ap);
2584
2585 if (chanctx) {
2586 res = ieee80211_link_reserve_chanctx(link, &link->csa.chanreq,
2587 chanctx->mode, false);
2588 if (res) {
2589 link_info(link,
2590 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n",
2591 res);
2592 goto drop_connection;
2593 }
2594 }
2595
2596 link->conf->csa_active = true;
2597 link->u.mgd.csa.ignored_same_chan = false;
2598 link->u.mgd.beacon_crc_valid = false;
2599 link->u.mgd.csa.blocked_tx = csa_ie.mode;
2600
2601 if (csa_ie.mode)
2602 ieee80211_vif_block_queues_csa(sdata);
2603
2604 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chanreq.oper,
2605 link->link_id, csa_ie.count,
2606 csa_ie.mode);
2607
2608 /* we may have to handle timeout for deactivated link in software */
2609 now = jiffies;
2610 link->u.mgd.csa.time = now +
2611 TU_TO_JIFFIES((max_t(int, csa_ie.count, 1) - 1) *
2612 link->conf->beacon_int);
2613
2614 if (ieee80211_vif_link_active(&sdata->vif, link->link_id) &&
2615 local->ops->channel_switch) {
2616 /*
2617 * Use driver's channel switch callback, the driver will
2618 * later call ieee80211_chswitch_done(). It may deactivate
2619 * the link as well, we handle that elsewhere and queue
2620 * the csa.switch_work for the calculated time then.
2621 */
2622 drv_channel_switch(local, sdata, &ch_switch);
2623 return;
2624 }
2625
2626 /* channel switch handled in software */
2627 wiphy_delayed_work_queue(local->hw.wiphy,
2628 &link->u.mgd.csa.switch_work,
2629 link->u.mgd.csa.time - now);
2630 return;
2631 drop_connection:
2632 /*
2633 * This is just so that the disconnect flow will know that
2634 * we were trying to switch channel and failed. In case the
2635 * mode is 1 (we are not allowed to Tx), we will know not to
2636 * send a deauthentication frame. Those two fields will be
2637 * reset when the disconnection worker runs.
2638 */
2639 link->conf->csa_active = true;
2640 link->u.mgd.csa.blocked_tx = csa_ie.mode;
2641
2642 wiphy_work_queue(sdata->local->hw.wiphy,
2643 &ifmgd->csa_connection_drop_work);
2644 }
2645
2646 struct sta_bss_param_ch_cnt_data {
2647 struct ieee80211_sub_if_data *sdata;
2648 u8 reporting_link_id;
2649 u8 mld_id;
2650 };
2651
2652 static enum cfg80211_rnr_iter_ret
ieee80211_sta_bss_param_ch_cnt_iter(void * _data,u8 type,const struct ieee80211_neighbor_ap_info * info,const u8 * tbtt_info,u8 tbtt_info_len)2653 ieee80211_sta_bss_param_ch_cnt_iter(void *_data, u8 type,
2654 const struct ieee80211_neighbor_ap_info *info,
2655 const u8 *tbtt_info, u8 tbtt_info_len)
2656 {
2657 struct sta_bss_param_ch_cnt_data *data = _data;
2658 struct ieee80211_sub_if_data *sdata = data->sdata;
2659 const struct ieee80211_tbtt_info_ge_11 *ti;
2660 u8 bss_param_ch_cnt;
2661 int link_id;
2662
2663 if (type != IEEE80211_TBTT_INFO_TYPE_TBTT)
2664 return RNR_ITER_CONTINUE;
2665
2666 if (tbtt_info_len < sizeof(*ti))
2667 return RNR_ITER_CONTINUE;
2668
2669 ti = (const void *)tbtt_info;
2670
2671 if (ti->mld_params.mld_id != data->mld_id)
2672 return RNR_ITER_CONTINUE;
2673
2674 link_id = le16_get_bits(ti->mld_params.params,
2675 IEEE80211_RNR_MLD_PARAMS_LINK_ID);
2676 bss_param_ch_cnt =
2677 le16_get_bits(ti->mld_params.params,
2678 IEEE80211_RNR_MLD_PARAMS_BSS_CHANGE_COUNT);
2679
2680 if (bss_param_ch_cnt != 255 &&
2681 link_id < ARRAY_SIZE(sdata->link)) {
2682 struct ieee80211_link_data *link =
2683 sdata_dereference(sdata->link[link_id], sdata);
2684
2685 if (link && link->conf->bss_param_ch_cnt != bss_param_ch_cnt) {
2686 link->conf->bss_param_ch_cnt = bss_param_ch_cnt;
2687 link->conf->bss_param_ch_cnt_link_id =
2688 data->reporting_link_id;
2689 }
2690 }
2691
2692 return RNR_ITER_CONTINUE;
2693 }
2694
2695 static void
ieee80211_mgd_update_bss_param_ch_cnt(struct ieee80211_sub_if_data * sdata,struct ieee80211_bss_conf * bss_conf,struct ieee802_11_elems * elems)2696 ieee80211_mgd_update_bss_param_ch_cnt(struct ieee80211_sub_if_data *sdata,
2697 struct ieee80211_bss_conf *bss_conf,
2698 struct ieee802_11_elems *elems)
2699 {
2700 struct sta_bss_param_ch_cnt_data data = {
2701 .reporting_link_id = bss_conf->link_id,
2702 .sdata = sdata,
2703 };
2704 int bss_param_ch_cnt;
2705
2706 if (!elems->ml_basic)
2707 return;
2708
2709 data.mld_id = ieee80211_mle_get_mld_id((const void *)elems->ml_basic);
2710
2711 cfg80211_iter_rnr(elems->ie_start, elems->total_len,
2712 ieee80211_sta_bss_param_ch_cnt_iter, &data);
2713
2714 bss_param_ch_cnt =
2715 ieee80211_mle_get_bss_param_ch_cnt((const void *)elems->ml_basic);
2716
2717 /*
2718 * Update bss_param_ch_cnt_link_id even if bss_param_ch_cnt
2719 * didn't change to indicate that we got a beacon on our own
2720 * link.
2721 */
2722 if (bss_param_ch_cnt >= 0 && bss_param_ch_cnt != 255) {
2723 bss_conf->bss_param_ch_cnt = bss_param_ch_cnt;
2724 bss_conf->bss_param_ch_cnt_link_id =
2725 bss_conf->link_id;
2726 }
2727 }
2728
2729 static bool
ieee80211_find_80211h_pwr_constr(struct ieee80211_channel * channel,const u8 * country_ie,u8 country_ie_len,const u8 * pwr_constr_elem,int * chan_pwr,int * pwr_reduction)2730 ieee80211_find_80211h_pwr_constr(struct ieee80211_channel *channel,
2731 const u8 *country_ie, u8 country_ie_len,
2732 const u8 *pwr_constr_elem,
2733 int *chan_pwr, int *pwr_reduction)
2734 {
2735 struct ieee80211_country_ie_triplet *triplet;
2736 int chan = ieee80211_frequency_to_channel(channel->center_freq);
2737 int i, chan_increment;
2738 bool have_chan_pwr = false;
2739
2740 /* Invalid IE */
2741 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
2742 return false;
2743
2744 triplet = (void *)(country_ie + 3);
2745 country_ie_len -= 3;
2746
2747 switch (channel->band) {
2748 default:
2749 WARN_ON_ONCE(1);
2750 fallthrough;
2751 case NL80211_BAND_2GHZ:
2752 case NL80211_BAND_60GHZ:
2753 case NL80211_BAND_LC:
2754 chan_increment = 1;
2755 break;
2756 case NL80211_BAND_5GHZ:
2757 chan_increment = 4;
2758 break;
2759 case NL80211_BAND_6GHZ:
2760 /*
2761 * In the 6 GHz band, the "maximum transmit power level"
2762 * field in the triplets is reserved, and thus will be
2763 * zero and we shouldn't use it to control TX power.
2764 * The actual TX power will be given in the transmit
2765 * power envelope element instead.
2766 */
2767 return false;
2768 }
2769
2770 /* find channel */
2771 while (country_ie_len >= 3) {
2772 u8 first_channel = triplet->chans.first_channel;
2773
2774 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
2775 goto next;
2776
2777 for (i = 0; i < triplet->chans.num_channels; i++) {
2778 if (first_channel + i * chan_increment == chan) {
2779 have_chan_pwr = true;
2780 *chan_pwr = triplet->chans.max_power;
2781 break;
2782 }
2783 }
2784 if (have_chan_pwr)
2785 break;
2786
2787 next:
2788 triplet++;
2789 country_ie_len -= 3;
2790 }
2791
2792 if (have_chan_pwr && pwr_constr_elem)
2793 *pwr_reduction = *pwr_constr_elem;
2794 else
2795 *pwr_reduction = 0;
2796
2797 return have_chan_pwr;
2798 }
2799
ieee80211_find_cisco_dtpc(struct ieee80211_channel * channel,const u8 * cisco_dtpc_ie,int * pwr_level)2800 static void ieee80211_find_cisco_dtpc(struct ieee80211_channel *channel,
2801 const u8 *cisco_dtpc_ie,
2802 int *pwr_level)
2803 {
2804 /* From practical testing, the first data byte of the DTPC element
2805 * seems to contain the requested dBm level, and the CLI on Cisco
2806 * APs clearly state the range is -127 to 127 dBm, which indicates
2807 * a signed byte, although it seemingly never actually goes negative.
2808 * The other byte seems to always be zero.
2809 */
2810 *pwr_level = (__s8)cisco_dtpc_ie[4];
2811 }
2812
ieee80211_handle_pwr_constr(struct ieee80211_link_data * link,struct ieee80211_channel * channel,struct ieee80211_mgmt * mgmt,const u8 * country_ie,u8 country_ie_len,const u8 * pwr_constr_ie,const u8 * cisco_dtpc_ie)2813 static u64 ieee80211_handle_pwr_constr(struct ieee80211_link_data *link,
2814 struct ieee80211_channel *channel,
2815 struct ieee80211_mgmt *mgmt,
2816 const u8 *country_ie, u8 country_ie_len,
2817 const u8 *pwr_constr_ie,
2818 const u8 *cisco_dtpc_ie)
2819 {
2820 struct ieee80211_sub_if_data *sdata = link->sdata;
2821 bool has_80211h_pwr = false, has_cisco_pwr = false;
2822 int chan_pwr = 0, pwr_reduction_80211h = 0;
2823 int pwr_level_cisco, pwr_level_80211h;
2824 int new_ap_level;
2825 __le16 capab = mgmt->u.probe_resp.capab_info;
2826
2827 if (ieee80211_is_s1g_beacon(mgmt->frame_control))
2828 return 0; /* TODO */
2829
2830 if (country_ie &&
2831 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) ||
2832 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) {
2833 has_80211h_pwr = ieee80211_find_80211h_pwr_constr(
2834 channel, country_ie, country_ie_len,
2835 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h);
2836 pwr_level_80211h =
2837 max_t(int, 0, chan_pwr - pwr_reduction_80211h);
2838 }
2839
2840 if (cisco_dtpc_ie) {
2841 ieee80211_find_cisco_dtpc(
2842 channel, cisco_dtpc_ie, &pwr_level_cisco);
2843 has_cisco_pwr = true;
2844 }
2845
2846 if (!has_80211h_pwr && !has_cisco_pwr)
2847 return 0;
2848
2849 /* If we have both 802.11h and Cisco DTPC, apply both limits
2850 * by picking the smallest of the two power levels advertised.
2851 */
2852 if (has_80211h_pwr &&
2853 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) {
2854 new_ap_level = pwr_level_80211h;
2855
2856 if (link->ap_power_level == new_ap_level)
2857 return 0;
2858
2859 sdata_dbg(sdata,
2860 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
2861 pwr_level_80211h, chan_pwr, pwr_reduction_80211h,
2862 link->u.mgd.bssid);
2863 } else { /* has_cisco_pwr is always true here. */
2864 new_ap_level = pwr_level_cisco;
2865
2866 if (link->ap_power_level == new_ap_level)
2867 return 0;
2868
2869 sdata_dbg(sdata,
2870 "Limiting TX power to %d dBm as advertised by %pM\n",
2871 pwr_level_cisco, link->u.mgd.bssid);
2872 }
2873
2874 link->ap_power_level = new_ap_level;
2875 if (__ieee80211_recalc_txpower(link))
2876 return BSS_CHANGED_TXPOWER;
2877 return 0;
2878 }
2879
2880 /* powersave */
ieee80211_enable_ps(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)2881 static void ieee80211_enable_ps(struct ieee80211_local *local,
2882 struct ieee80211_sub_if_data *sdata)
2883 {
2884 struct ieee80211_conf *conf = &local->hw.conf;
2885
2886 /*
2887 * If we are scanning right now then the parameters will
2888 * take effect when scan finishes.
2889 */
2890 if (local->scanning)
2891 return;
2892
2893 if (conf->dynamic_ps_timeout > 0 &&
2894 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
2895 mod_timer(&local->dynamic_ps_timer, jiffies +
2896 msecs_to_jiffies(conf->dynamic_ps_timeout));
2897 } else {
2898 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
2899 ieee80211_send_nullfunc(local, sdata, true);
2900
2901 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
2902 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2903 return;
2904
2905 conf->flags |= IEEE80211_CONF_PS;
2906 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2907 }
2908 }
2909
ieee80211_change_ps(struct ieee80211_local * local)2910 static void ieee80211_change_ps(struct ieee80211_local *local)
2911 {
2912 struct ieee80211_conf *conf = &local->hw.conf;
2913
2914 if (local->ps_sdata) {
2915 ieee80211_enable_ps(local, local->ps_sdata);
2916 } else if (conf->flags & IEEE80211_CONF_PS) {
2917 conf->flags &= ~IEEE80211_CONF_PS;
2918 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2919 del_timer_sync(&local->dynamic_ps_timer);
2920 wiphy_work_cancel(local->hw.wiphy,
2921 &local->dynamic_ps_enable_work);
2922 }
2923 }
2924
ieee80211_powersave_allowed(struct ieee80211_sub_if_data * sdata)2925 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
2926 {
2927 struct ieee80211_local *local = sdata->local;
2928 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
2929 struct sta_info *sta = NULL;
2930 bool authorized = false;
2931
2932 if (!mgd->powersave)
2933 return false;
2934
2935 if (mgd->broken_ap)
2936 return false;
2937
2938 if (!mgd->associated)
2939 return false;
2940
2941 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
2942 return false;
2943
2944 if (!(local->hw.wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO) &&
2945 !sdata->deflink.u.mgd.have_beacon)
2946 return false;
2947
2948 rcu_read_lock();
2949 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
2950 if (sta)
2951 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
2952 rcu_read_unlock();
2953
2954 return authorized;
2955 }
2956
2957 /* need to hold RTNL or interface lock */
ieee80211_recalc_ps(struct ieee80211_local * local)2958 void ieee80211_recalc_ps(struct ieee80211_local *local)
2959 {
2960 struct ieee80211_sub_if_data *sdata, *found = NULL;
2961 int count = 0;
2962 int timeout;
2963
2964 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS) ||
2965 ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
2966 local->ps_sdata = NULL;
2967 return;
2968 }
2969
2970 list_for_each_entry(sdata, &local->interfaces, list) {
2971 if (!ieee80211_sdata_running(sdata))
2972 continue;
2973 if (sdata->vif.type == NL80211_IFTYPE_AP) {
2974 /* If an AP vif is found, then disable PS
2975 * by setting the count to zero thereby setting
2976 * ps_sdata to NULL.
2977 */
2978 count = 0;
2979 break;
2980 }
2981 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2982 continue;
2983 found = sdata;
2984 count++;
2985 }
2986
2987 if (count == 1 && ieee80211_powersave_allowed(found)) {
2988 u8 dtimper = found->deflink.u.mgd.dtim_period;
2989
2990 timeout = local->dynamic_ps_forced_timeout;
2991 if (timeout < 0)
2992 timeout = 100;
2993 local->hw.conf.dynamic_ps_timeout = timeout;
2994
2995 /* If the TIM IE is invalid, pretend the value is 1 */
2996 if (!dtimper)
2997 dtimper = 1;
2998
2999 local->hw.conf.ps_dtim_period = dtimper;
3000 local->ps_sdata = found;
3001 } else {
3002 local->ps_sdata = NULL;
3003 }
3004
3005 ieee80211_change_ps(local);
3006 }
3007
ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data * sdata)3008 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
3009 {
3010 bool ps_allowed = ieee80211_powersave_allowed(sdata);
3011
3012 if (sdata->vif.cfg.ps != ps_allowed) {
3013 sdata->vif.cfg.ps = ps_allowed;
3014 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_PS);
3015 }
3016 }
3017
ieee80211_dynamic_ps_disable_work(struct wiphy * wiphy,struct wiphy_work * work)3018 void ieee80211_dynamic_ps_disable_work(struct wiphy *wiphy,
3019 struct wiphy_work *work)
3020 {
3021 struct ieee80211_local *local =
3022 container_of(work, struct ieee80211_local,
3023 dynamic_ps_disable_work);
3024
3025 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
3026 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
3027 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
3028 }
3029
3030 ieee80211_wake_queues_by_reason(&local->hw,
3031 IEEE80211_MAX_QUEUE_MAP,
3032 IEEE80211_QUEUE_STOP_REASON_PS,
3033 false);
3034 }
3035
ieee80211_dynamic_ps_enable_work(struct wiphy * wiphy,struct wiphy_work * work)3036 void ieee80211_dynamic_ps_enable_work(struct wiphy *wiphy,
3037 struct wiphy_work *work)
3038 {
3039 struct ieee80211_local *local =
3040 container_of(work, struct ieee80211_local,
3041 dynamic_ps_enable_work);
3042 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
3043 struct ieee80211_if_managed *ifmgd;
3044 unsigned long flags;
3045 int q;
3046
3047 /* can only happen when PS was just disabled anyway */
3048 if (!sdata)
3049 return;
3050
3051 ifmgd = &sdata->u.mgd;
3052
3053 if (local->hw.conf.flags & IEEE80211_CONF_PS)
3054 return;
3055
3056 if (local->hw.conf.dynamic_ps_timeout > 0) {
3057 /* don't enter PS if TX frames are pending */
3058 if (drv_tx_frames_pending(local)) {
3059 mod_timer(&local->dynamic_ps_timer, jiffies +
3060 msecs_to_jiffies(
3061 local->hw.conf.dynamic_ps_timeout));
3062 return;
3063 }
3064
3065 /*
3066 * transmission can be stopped by others which leads to
3067 * dynamic_ps_timer expiry. Postpone the ps timer if it
3068 * is not the actual idle state.
3069 */
3070 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
3071 for (q = 0; q < local->hw.queues; q++) {
3072 if (local->queue_stop_reasons[q]) {
3073 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
3074 flags);
3075 mod_timer(&local->dynamic_ps_timer, jiffies +
3076 msecs_to_jiffies(
3077 local->hw.conf.dynamic_ps_timeout));
3078 return;
3079 }
3080 }
3081 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
3082 }
3083
3084 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
3085 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
3086 if (drv_tx_frames_pending(local)) {
3087 mod_timer(&local->dynamic_ps_timer, jiffies +
3088 msecs_to_jiffies(
3089 local->hw.conf.dynamic_ps_timeout));
3090 } else {
3091 ieee80211_send_nullfunc(local, sdata, true);
3092 /* Flush to get the tx status of nullfunc frame */
3093 ieee80211_flush_queues(local, sdata, false);
3094 }
3095 }
3096
3097 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
3098 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) ||
3099 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
3100 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
3101 local->hw.conf.flags |= IEEE80211_CONF_PS;
3102 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
3103 }
3104 }
3105
ieee80211_dynamic_ps_timer(struct timer_list * t)3106 void ieee80211_dynamic_ps_timer(struct timer_list *t)
3107 {
3108 struct ieee80211_local *local = from_timer(local, t, dynamic_ps_timer);
3109
3110 wiphy_work_queue(local->hw.wiphy, &local->dynamic_ps_enable_work);
3111 }
3112
ieee80211_dfs_cac_timer_work(struct wiphy * wiphy,struct wiphy_work * work)3113 void ieee80211_dfs_cac_timer_work(struct wiphy *wiphy, struct wiphy_work *work)
3114 {
3115 struct ieee80211_link_data *link =
3116 container_of(work, struct ieee80211_link_data,
3117 dfs_cac_timer_work.work);
3118 struct cfg80211_chan_def chandef = link->conf->chanreq.oper;
3119 struct ieee80211_sub_if_data *sdata = link->sdata;
3120
3121 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3122
3123 if (sdata->wdev.links[link->link_id].cac_started) {
3124 ieee80211_link_release_channel(link);
3125 cfg80211_cac_event(sdata->dev, &chandef,
3126 NL80211_RADAR_CAC_FINISHED,
3127 GFP_KERNEL, link->link_id);
3128 }
3129 }
3130
3131 static bool
__ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data * sdata)3132 __ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
3133 {
3134 struct ieee80211_local *local = sdata->local;
3135 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3136 bool ret = false;
3137 int ac;
3138
3139 if (local->hw.queues < IEEE80211_NUM_ACS)
3140 return false;
3141
3142 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3143 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
3144 int non_acm_ac;
3145 unsigned long now = jiffies;
3146
3147 if (tx_tspec->action == TX_TSPEC_ACTION_NONE &&
3148 tx_tspec->admitted_time &&
3149 time_after(now, tx_tspec->time_slice_start + HZ)) {
3150 tx_tspec->consumed_tx_time = 0;
3151 tx_tspec->time_slice_start = now;
3152
3153 if (tx_tspec->downgraded)
3154 tx_tspec->action =
3155 TX_TSPEC_ACTION_STOP_DOWNGRADE;
3156 }
3157
3158 switch (tx_tspec->action) {
3159 case TX_TSPEC_ACTION_STOP_DOWNGRADE:
3160 /* take the original parameters */
3161 if (drv_conf_tx(local, &sdata->deflink, ac,
3162 &sdata->deflink.tx_conf[ac]))
3163 link_err(&sdata->deflink,
3164 "failed to set TX queue parameters for queue %d\n",
3165 ac);
3166 tx_tspec->action = TX_TSPEC_ACTION_NONE;
3167 tx_tspec->downgraded = false;
3168 ret = true;
3169 break;
3170 case TX_TSPEC_ACTION_DOWNGRADE:
3171 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
3172 tx_tspec->action = TX_TSPEC_ACTION_NONE;
3173 ret = true;
3174 break;
3175 }
3176 /* downgrade next lower non-ACM AC */
3177 for (non_acm_ac = ac + 1;
3178 non_acm_ac < IEEE80211_NUM_ACS;
3179 non_acm_ac++)
3180 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac)))
3181 break;
3182 /* Usually the loop will result in using BK even if it
3183 * requires admission control, but such a configuration
3184 * makes no sense and we have to transmit somehow - the
3185 * AC selection does the same thing.
3186 * If we started out trying to downgrade from BK, then
3187 * the extra condition here might be needed.
3188 */
3189 if (non_acm_ac >= IEEE80211_NUM_ACS)
3190 non_acm_ac = IEEE80211_AC_BK;
3191 if (drv_conf_tx(local, &sdata->deflink, ac,
3192 &sdata->deflink.tx_conf[non_acm_ac]))
3193 link_err(&sdata->deflink,
3194 "failed to set TX queue parameters for queue %d\n",
3195 ac);
3196 tx_tspec->action = TX_TSPEC_ACTION_NONE;
3197 ret = true;
3198 wiphy_delayed_work_queue(local->hw.wiphy,
3199 &ifmgd->tx_tspec_wk,
3200 tx_tspec->time_slice_start +
3201 HZ - now + 1);
3202 break;
3203 case TX_TSPEC_ACTION_NONE:
3204 /* nothing now */
3205 break;
3206 }
3207 }
3208
3209 return ret;
3210 }
3211
ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data * sdata)3212 void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
3213 {
3214 if (__ieee80211_sta_handle_tspec_ac_params(sdata))
3215 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
3216 BSS_CHANGED_QOS);
3217 }
3218
ieee80211_sta_handle_tspec_ac_params_wk(struct wiphy * wiphy,struct wiphy_work * work)3219 static void ieee80211_sta_handle_tspec_ac_params_wk(struct wiphy *wiphy,
3220 struct wiphy_work *work)
3221 {
3222 struct ieee80211_sub_if_data *sdata;
3223
3224 sdata = container_of(work, struct ieee80211_sub_if_data,
3225 u.mgd.tx_tspec_wk.work);
3226 ieee80211_sta_handle_tspec_ac_params(sdata);
3227 }
3228
ieee80211_mgd_set_link_qos_params(struct ieee80211_link_data * link)3229 void ieee80211_mgd_set_link_qos_params(struct ieee80211_link_data *link)
3230 {
3231 struct ieee80211_sub_if_data *sdata = link->sdata;
3232 struct ieee80211_local *local = sdata->local;
3233 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3234 struct ieee80211_tx_queue_params *params = link->tx_conf;
3235 u8 ac;
3236
3237 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3238 mlme_dbg(sdata,
3239 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n",
3240 ac, params[ac].acm,
3241 params[ac].aifs, params[ac].cw_min, params[ac].cw_max,
3242 params[ac].txop, params[ac].uapsd,
3243 ifmgd->tx_tspec[ac].downgraded);
3244 if (!ifmgd->tx_tspec[ac].downgraded &&
3245 drv_conf_tx(local, link, ac, ¶ms[ac]))
3246 link_err(link,
3247 "failed to set TX queue parameters for AC %d\n",
3248 ac);
3249 }
3250 }
3251
3252 /* MLME */
3253 static bool
ieee80211_sta_wmm_params(struct ieee80211_local * local,struct ieee80211_link_data * link,const u8 * wmm_param,size_t wmm_param_len,const struct ieee80211_mu_edca_param_set * mu_edca)3254 ieee80211_sta_wmm_params(struct ieee80211_local *local,
3255 struct ieee80211_link_data *link,
3256 const u8 *wmm_param, size_t wmm_param_len,
3257 const struct ieee80211_mu_edca_param_set *mu_edca)
3258 {
3259 struct ieee80211_sub_if_data *sdata = link->sdata;
3260 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS];
3261 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3262 size_t left;
3263 int count, mu_edca_count, ac;
3264 const u8 *pos;
3265 u8 uapsd_queues = 0;
3266
3267 if (!local->ops->conf_tx)
3268 return false;
3269
3270 if (local->hw.queues < IEEE80211_NUM_ACS)
3271 return false;
3272
3273 if (!wmm_param)
3274 return false;
3275
3276 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
3277 return false;
3278
3279 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
3280 uapsd_queues = ifmgd->uapsd_queues;
3281
3282 count = wmm_param[6] & 0x0f;
3283 /* -1 is the initial value of ifmgd->mu_edca_last_param_set.
3284 * if mu_edca was preset before and now it disappeared tell
3285 * the driver about it.
3286 */
3287 mu_edca_count = mu_edca ? mu_edca->mu_qos_info & 0x0f : -1;
3288 if (count == link->u.mgd.wmm_last_param_set &&
3289 mu_edca_count == link->u.mgd.mu_edca_last_param_set)
3290 return false;
3291 link->u.mgd.wmm_last_param_set = count;
3292 link->u.mgd.mu_edca_last_param_set = mu_edca_count;
3293
3294 pos = wmm_param + 8;
3295 left = wmm_param_len - 8;
3296
3297 memset(¶ms, 0, sizeof(params));
3298
3299 sdata->wmm_acm = 0;
3300 for (; left >= 4; left -= 4, pos += 4) {
3301 int aci = (pos[0] >> 5) & 0x03;
3302 int acm = (pos[0] >> 4) & 0x01;
3303 bool uapsd = false;
3304
3305 switch (aci) {
3306 case 1: /* AC_BK */
3307 ac = IEEE80211_AC_BK;
3308 if (acm)
3309 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
3310 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
3311 uapsd = true;
3312 params[ac].mu_edca = !!mu_edca;
3313 if (mu_edca)
3314 params[ac].mu_edca_param_rec = mu_edca->ac_bk;
3315 break;
3316 case 2: /* AC_VI */
3317 ac = IEEE80211_AC_VI;
3318 if (acm)
3319 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
3320 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
3321 uapsd = true;
3322 params[ac].mu_edca = !!mu_edca;
3323 if (mu_edca)
3324 params[ac].mu_edca_param_rec = mu_edca->ac_vi;
3325 break;
3326 case 3: /* AC_VO */
3327 ac = IEEE80211_AC_VO;
3328 if (acm)
3329 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
3330 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
3331 uapsd = true;
3332 params[ac].mu_edca = !!mu_edca;
3333 if (mu_edca)
3334 params[ac].mu_edca_param_rec = mu_edca->ac_vo;
3335 break;
3336 case 0: /* AC_BE */
3337 default:
3338 ac = IEEE80211_AC_BE;
3339 if (acm)
3340 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
3341 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
3342 uapsd = true;
3343 params[ac].mu_edca = !!mu_edca;
3344 if (mu_edca)
3345 params[ac].mu_edca_param_rec = mu_edca->ac_be;
3346 break;
3347 }
3348
3349 params[ac].aifs = pos[0] & 0x0f;
3350
3351 if (params[ac].aifs < 2) {
3352 link_info(link,
3353 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n",
3354 params[ac].aifs, aci);
3355 params[ac].aifs = 2;
3356 }
3357 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
3358 params[ac].cw_min = ecw2cw(pos[1] & 0x0f);
3359 params[ac].txop = get_unaligned_le16(pos + 2);
3360 params[ac].acm = acm;
3361 params[ac].uapsd = uapsd;
3362
3363 if (params[ac].cw_min == 0 ||
3364 params[ac].cw_min > params[ac].cw_max) {
3365 link_info(link,
3366 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n",
3367 params[ac].cw_min, params[ac].cw_max, aci);
3368 return false;
3369 }
3370 ieee80211_regulatory_limit_wmm_params(sdata, ¶ms[ac], ac);
3371 }
3372
3373 /* WMM specification requires all 4 ACIs. */
3374 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3375 if (params[ac].cw_min == 0) {
3376 link_info(link,
3377 "AP has invalid WMM params (missing AC %d), using defaults\n",
3378 ac);
3379 return false;
3380 }
3381 }
3382
3383 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
3384 link->tx_conf[ac] = params[ac];
3385
3386 ieee80211_mgd_set_link_qos_params(link);
3387
3388 /* enable WMM or activate new settings */
3389 link->conf->qos = true;
3390 return true;
3391 }
3392
__ieee80211_stop_poll(struct ieee80211_sub_if_data * sdata)3393 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
3394 {
3395 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3396
3397 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
3398 ieee80211_run_deferred_scan(sdata->local);
3399 }
3400
ieee80211_stop_poll(struct ieee80211_sub_if_data * sdata)3401 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
3402 {
3403 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3404
3405 __ieee80211_stop_poll(sdata);
3406 }
3407
ieee80211_handle_bss_capability(struct ieee80211_link_data * link,u16 capab,bool erp_valid,u8 erp)3408 static u64 ieee80211_handle_bss_capability(struct ieee80211_link_data *link,
3409 u16 capab, bool erp_valid, u8 erp)
3410 {
3411 struct ieee80211_bss_conf *bss_conf = link->conf;
3412 struct ieee80211_supported_band *sband;
3413 u64 changed = 0;
3414 bool use_protection;
3415 bool use_short_preamble;
3416 bool use_short_slot;
3417
3418 sband = ieee80211_get_link_sband(link);
3419 if (!sband)
3420 return changed;
3421
3422 if (erp_valid) {
3423 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
3424 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
3425 } else {
3426 use_protection = false;
3427 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
3428 }
3429
3430 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
3431 if (sband->band == NL80211_BAND_5GHZ ||
3432 sband->band == NL80211_BAND_6GHZ)
3433 use_short_slot = true;
3434
3435 if (use_protection != bss_conf->use_cts_prot) {
3436 bss_conf->use_cts_prot = use_protection;
3437 changed |= BSS_CHANGED_ERP_CTS_PROT;
3438 }
3439
3440 if (use_short_preamble != bss_conf->use_short_preamble) {
3441 bss_conf->use_short_preamble = use_short_preamble;
3442 changed |= BSS_CHANGED_ERP_PREAMBLE;
3443 }
3444
3445 if (use_short_slot != bss_conf->use_short_slot) {
3446 bss_conf->use_short_slot = use_short_slot;
3447 changed |= BSS_CHANGED_ERP_SLOT;
3448 }
3449
3450 return changed;
3451 }
3452
ieee80211_link_set_associated(struct ieee80211_link_data * link,struct cfg80211_bss * cbss)3453 static u64 ieee80211_link_set_associated(struct ieee80211_link_data *link,
3454 struct cfg80211_bss *cbss)
3455 {
3456 struct ieee80211_sub_if_data *sdata = link->sdata;
3457 struct ieee80211_bss_conf *bss_conf = link->conf;
3458 struct ieee80211_bss *bss = (void *)cbss->priv;
3459 u64 changed = BSS_CHANGED_QOS;
3460
3461 /* not really used in MLO */
3462 sdata->u.mgd.beacon_timeout =
3463 usecs_to_jiffies(ieee80211_tu_to_usec(beacon_loss_count *
3464 bss_conf->beacon_int));
3465
3466 changed |= ieee80211_handle_bss_capability(link,
3467 bss_conf->assoc_capability,
3468 bss->has_erp_value,
3469 bss->erp_value);
3470
3471 ieee80211_check_rate_mask(link);
3472
3473 link->conf->bss = cbss;
3474 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN);
3475
3476 if (sdata->vif.p2p ||
3477 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
3478 const struct cfg80211_bss_ies *ies;
3479
3480 rcu_read_lock();
3481 ies = rcu_dereference(cbss->ies);
3482 if (ies) {
3483 int ret;
3484
3485 ret = cfg80211_get_p2p_attr(
3486 ies->data, ies->len,
3487 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
3488 (u8 *) &bss_conf->p2p_noa_attr,
3489 sizeof(bss_conf->p2p_noa_attr));
3490 if (ret >= 2) {
3491 link->u.mgd.p2p_noa_index =
3492 bss_conf->p2p_noa_attr.index;
3493 changed |= BSS_CHANGED_P2P_PS;
3494 }
3495 }
3496 rcu_read_unlock();
3497 }
3498
3499 if (link->u.mgd.have_beacon) {
3500 bss_conf->beacon_rate = bss->beacon_rate;
3501 changed |= BSS_CHANGED_BEACON_INFO;
3502 } else {
3503 bss_conf->beacon_rate = NULL;
3504 }
3505
3506 /* Tell the driver to monitor connection quality (if supported) */
3507 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
3508 bss_conf->cqm_rssi_thold)
3509 changed |= BSS_CHANGED_CQM;
3510
3511 return changed;
3512 }
3513
ieee80211_set_associated(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * assoc_data,u64 changed[IEEE80211_MLD_MAX_NUM_LINKS])3514 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
3515 struct ieee80211_mgd_assoc_data *assoc_data,
3516 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS])
3517 {
3518 struct ieee80211_local *local = sdata->local;
3519 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
3520 u64 vif_changed = BSS_CHANGED_ASSOC;
3521 unsigned int link_id;
3522
3523 lockdep_assert_wiphy(local->hw.wiphy);
3524
3525 sdata->u.mgd.associated = true;
3526
3527 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
3528 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
3529 struct ieee80211_link_data *link;
3530
3531 if (!cbss ||
3532 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS)
3533 continue;
3534
3535 if (ieee80211_vif_is_mld(&sdata->vif) &&
3536 !(ieee80211_vif_usable_links(&sdata->vif) & BIT(link_id)))
3537 continue;
3538
3539 link = sdata_dereference(sdata->link[link_id], sdata);
3540 if (WARN_ON(!link))
3541 return;
3542
3543 changed[link_id] |= ieee80211_link_set_associated(link, cbss);
3544 }
3545
3546 /* just to be sure */
3547 ieee80211_stop_poll(sdata);
3548
3549 ieee80211_led_assoc(local, 1);
3550
3551 vif_cfg->assoc = 1;
3552
3553 /* Enable ARP filtering */
3554 if (vif_cfg->arp_addr_cnt)
3555 vif_changed |= BSS_CHANGED_ARP_FILTER;
3556
3557 if (ieee80211_vif_is_mld(&sdata->vif)) {
3558 for (link_id = 0;
3559 link_id < IEEE80211_MLD_MAX_NUM_LINKS;
3560 link_id++) {
3561 struct ieee80211_link_data *link;
3562 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
3563
3564 if (!cbss ||
3565 !(BIT(link_id) &
3566 ieee80211_vif_usable_links(&sdata->vif)) ||
3567 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS)
3568 continue;
3569
3570 link = sdata_dereference(sdata->link[link_id], sdata);
3571 if (WARN_ON(!link))
3572 return;
3573
3574 ieee80211_link_info_change_notify(sdata, link,
3575 changed[link_id]);
3576
3577 ieee80211_recalc_smps(sdata, link);
3578 }
3579
3580 ieee80211_vif_cfg_change_notify(sdata, vif_changed);
3581 } else {
3582 ieee80211_bss_info_change_notify(sdata,
3583 vif_changed | changed[0]);
3584 }
3585
3586 ieee80211_recalc_ps(local);
3587
3588 /* leave this here to not change ordering in non-MLO cases */
3589 if (!ieee80211_vif_is_mld(&sdata->vif))
3590 ieee80211_recalc_smps(sdata, &sdata->deflink);
3591 ieee80211_recalc_ps_vif(sdata);
3592
3593 netif_carrier_on(sdata->dev);
3594 }
3595
ieee80211_set_disassoc(struct ieee80211_sub_if_data * sdata,u16 stype,u16 reason,bool tx,u8 * frame_buf)3596 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
3597 u16 stype, u16 reason, bool tx,
3598 u8 *frame_buf)
3599 {
3600 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3601 struct ieee80211_local *local = sdata->local;
3602 unsigned int link_id;
3603 u64 changed = 0;
3604 struct ieee80211_prep_tx_info info = {
3605 .subtype = stype,
3606 .was_assoc = true,
3607 .link_id = ffs(sdata->vif.active_links) - 1,
3608 };
3609
3610 lockdep_assert_wiphy(local->hw.wiphy);
3611
3612 if (WARN_ON_ONCE(tx && !frame_buf))
3613 return;
3614
3615 if (WARN_ON(!ifmgd->associated))
3616 return;
3617
3618 ieee80211_stop_poll(sdata);
3619
3620 ifmgd->associated = false;
3621
3622 /* other links will be destroyed */
3623 sdata->deflink.conf->bss = NULL;
3624 sdata->deflink.smps_mode = IEEE80211_SMPS_OFF;
3625
3626 netif_carrier_off(sdata->dev);
3627
3628 /*
3629 * if we want to get out of ps before disassoc (why?) we have
3630 * to do it before sending disassoc, as otherwise the null-packet
3631 * won't be valid.
3632 */
3633 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
3634 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
3635 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
3636 }
3637 local->ps_sdata = NULL;
3638
3639 /* disable per-vif ps */
3640 ieee80211_recalc_ps_vif(sdata);
3641
3642 /* make sure ongoing transmission finishes */
3643 synchronize_net();
3644
3645 /*
3646 * drop any frame before deauth/disassoc, this can be data or
3647 * management frame. Since we are disconnecting, we should not
3648 * insist sending these frames which can take time and delay
3649 * the disconnection and possible the roaming.
3650 */
3651 if (tx)
3652 ieee80211_flush_queues(local, sdata, true);
3653
3654 /* deauthenticate/disassociate now */
3655 if (tx || frame_buf) {
3656 drv_mgd_prepare_tx(sdata->local, sdata, &info);
3657
3658 ieee80211_send_deauth_disassoc(sdata, sdata->vif.cfg.ap_addr,
3659 sdata->vif.cfg.ap_addr, stype,
3660 reason, tx, frame_buf);
3661 }
3662
3663 /* flush out frame - make sure the deauth was actually sent */
3664 if (tx)
3665 ieee80211_flush_queues(local, sdata, false);
3666
3667 drv_mgd_complete_tx(sdata->local, sdata, &info);
3668
3669 /* clear AP addr only after building the needed mgmt frames */
3670 eth_zero_addr(sdata->deflink.u.mgd.bssid);
3671 eth_zero_addr(sdata->vif.cfg.ap_addr);
3672
3673 sdata->vif.cfg.ssid_len = 0;
3674
3675 /* remove AP and TDLS peers */
3676 sta_info_flush(sdata, -1);
3677
3678 /* finally reset all BSS / config parameters */
3679 if (!ieee80211_vif_is_mld(&sdata->vif))
3680 changed |= ieee80211_reset_erp_info(sdata);
3681
3682 ieee80211_led_assoc(local, 0);
3683 changed |= BSS_CHANGED_ASSOC;
3684 sdata->vif.cfg.assoc = false;
3685
3686 sdata->deflink.u.mgd.p2p_noa_index = -1;
3687 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
3688 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
3689
3690 /* on the next assoc, re-program HT/VHT parameters */
3691 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
3692 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
3693 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
3694 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
3695
3696 /*
3697 * reset MU-MIMO ownership and group data in default link,
3698 * if used, other links are destroyed
3699 */
3700 memset(sdata->vif.bss_conf.mu_group.membership, 0,
3701 sizeof(sdata->vif.bss_conf.mu_group.membership));
3702 memset(sdata->vif.bss_conf.mu_group.position, 0,
3703 sizeof(sdata->vif.bss_conf.mu_group.position));
3704 if (!ieee80211_vif_is_mld(&sdata->vif))
3705 changed |= BSS_CHANGED_MU_GROUPS;
3706 sdata->vif.bss_conf.mu_mimo_owner = false;
3707
3708 sdata->deflink.ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
3709
3710 del_timer_sync(&local->dynamic_ps_timer);
3711 wiphy_work_cancel(local->hw.wiphy, &local->dynamic_ps_enable_work);
3712
3713 /* Disable ARP filtering */
3714 if (sdata->vif.cfg.arp_addr_cnt)
3715 changed |= BSS_CHANGED_ARP_FILTER;
3716
3717 sdata->vif.bss_conf.qos = false;
3718 if (!ieee80211_vif_is_mld(&sdata->vif)) {
3719 changed |= BSS_CHANGED_QOS;
3720 /* The BSSID (not really interesting) and HT changed */
3721 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
3722 ieee80211_bss_info_change_notify(sdata, changed);
3723 } else {
3724 ieee80211_vif_cfg_change_notify(sdata, changed);
3725 }
3726
3727 /* disassociated - set to defaults now */
3728 ieee80211_set_wmm_default(&sdata->deflink, false, false);
3729
3730 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
3731 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
3732 del_timer_sync(&sdata->u.mgd.timer);
3733
3734 sdata->vif.bss_conf.dtim_period = 0;
3735 sdata->vif.bss_conf.beacon_rate = NULL;
3736
3737 sdata->deflink.u.mgd.have_beacon = false;
3738 sdata->deflink.u.mgd.tracking_signal_avg = false;
3739 sdata->deflink.u.mgd.disable_wmm_tracking = false;
3740
3741 ifmgd->flags = 0;
3742
3743 for (link_id = 0; link_id < ARRAY_SIZE(sdata->link); link_id++) {
3744 struct ieee80211_link_data *link;
3745
3746 link = sdata_dereference(sdata->link[link_id], sdata);
3747 if (!link)
3748 continue;
3749 ieee80211_link_release_channel(link);
3750 }
3751
3752 sdata->vif.bss_conf.csa_active = false;
3753 sdata->deflink.u.mgd.csa.blocked_tx = false;
3754 sdata->deflink.u.mgd.csa.waiting_bcn = false;
3755 sdata->deflink.u.mgd.csa.ignored_same_chan = false;
3756 ieee80211_vif_unblock_queues_csa(sdata);
3757
3758 /* existing TX TSPEC sessions no longer exist */
3759 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec));
3760 wiphy_delayed_work_cancel(local->hw.wiphy, &ifmgd->tx_tspec_wk);
3761
3762 sdata->vif.bss_conf.power_type = IEEE80211_REG_UNSET_AP;
3763 sdata->vif.bss_conf.pwr_reduction = 0;
3764 ieee80211_clear_tpe(&sdata->vif.bss_conf.tpe);
3765
3766 sdata->vif.cfg.eml_cap = 0;
3767 sdata->vif.cfg.eml_med_sync_delay = 0;
3768 sdata->vif.cfg.mld_capa_op = 0;
3769
3770 memset(&sdata->u.mgd.ttlm_info, 0,
3771 sizeof(sdata->u.mgd.ttlm_info));
3772 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, &ifmgd->ttlm_work);
3773
3774 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
3775 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
3776 &ifmgd->neg_ttlm_timeout_work);
3777
3778 sdata->u.mgd.removed_links = 0;
3779 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
3780 &sdata->u.mgd.ml_reconf_work);
3781
3782 wiphy_work_cancel(sdata->local->hw.wiphy,
3783 &ifmgd->teardown_ttlm_work);
3784
3785 ieee80211_vif_set_links(sdata, 0, 0);
3786
3787 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO;
3788 }
3789
ieee80211_reset_ap_probe(struct ieee80211_sub_if_data * sdata)3790 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
3791 {
3792 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3793 struct ieee80211_local *local = sdata->local;
3794
3795 lockdep_assert_wiphy(local->hw.wiphy);
3796
3797 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
3798 return;
3799
3800 __ieee80211_stop_poll(sdata);
3801
3802 ieee80211_recalc_ps(local);
3803
3804 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
3805 return;
3806
3807 /*
3808 * We've received a probe response, but are not sure whether
3809 * we have or will be receiving any beacons or data, so let's
3810 * schedule the timers again, just in case.
3811 */
3812 ieee80211_sta_reset_beacon_monitor(sdata);
3813
3814 mod_timer(&ifmgd->conn_mon_timer,
3815 round_jiffies_up(jiffies +
3816 IEEE80211_CONNECTION_IDLE_TIME));
3817 }
3818
ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data * sdata,struct ieee80211_hdr * hdr,u16 tx_time)3819 static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata,
3820 struct ieee80211_hdr *hdr,
3821 u16 tx_time)
3822 {
3823 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3824 u16 tid;
3825 int ac;
3826 struct ieee80211_sta_tx_tspec *tx_tspec;
3827 unsigned long now = jiffies;
3828
3829 if (!ieee80211_is_data_qos(hdr->frame_control))
3830 return;
3831
3832 tid = ieee80211_get_tid(hdr);
3833 ac = ieee80211_ac_from_tid(tid);
3834 tx_tspec = &ifmgd->tx_tspec[ac];
3835
3836 if (likely(!tx_tspec->admitted_time))
3837 return;
3838
3839 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
3840 tx_tspec->consumed_tx_time = 0;
3841 tx_tspec->time_slice_start = now;
3842
3843 if (tx_tspec->downgraded) {
3844 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
3845 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
3846 &ifmgd->tx_tspec_wk, 0);
3847 }
3848 }
3849
3850 if (tx_tspec->downgraded)
3851 return;
3852
3853 tx_tspec->consumed_tx_time += tx_time;
3854
3855 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) {
3856 tx_tspec->downgraded = true;
3857 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE;
3858 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
3859 &ifmgd->tx_tspec_wk, 0);
3860 }
3861 }
3862
ieee80211_sta_tx_notify(struct ieee80211_sub_if_data * sdata,struct ieee80211_hdr * hdr,bool ack,u16 tx_time)3863 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
3864 struct ieee80211_hdr *hdr, bool ack, u16 tx_time)
3865 {
3866 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time);
3867
3868 if (!ieee80211_is_any_nullfunc(hdr->frame_control) ||
3869 !sdata->u.mgd.probe_send_count)
3870 return;
3871
3872 if (ack)
3873 sdata->u.mgd.probe_send_count = 0;
3874 else
3875 sdata->u.mgd.nullfunc_failed = true;
3876 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
3877 }
3878
ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data * sdata,const u8 * src,const u8 * dst,const u8 * ssid,size_t ssid_len,struct ieee80211_channel * channel)3879 static void ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data *sdata,
3880 const u8 *src, const u8 *dst,
3881 const u8 *ssid, size_t ssid_len,
3882 struct ieee80211_channel *channel)
3883 {
3884 struct sk_buff *skb;
3885
3886 skb = ieee80211_build_probe_req(sdata, src, dst, (u32)-1, channel,
3887 ssid, ssid_len, NULL, 0,
3888 IEEE80211_PROBE_FLAG_DIRECTED);
3889 if (skb)
3890 ieee80211_tx_skb(sdata, skb);
3891 }
3892
ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data * sdata)3893 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
3894 {
3895 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3896 u8 *dst = sdata->vif.cfg.ap_addr;
3897 u8 unicast_limit = max(1, max_probe_tries - 3);
3898 struct sta_info *sta;
3899
3900 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3901
3902 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif)))
3903 return;
3904
3905 /*
3906 * Try sending broadcast probe requests for the last three
3907 * probe requests after the first ones failed since some
3908 * buggy APs only support broadcast probe requests.
3909 */
3910 if (ifmgd->probe_send_count >= unicast_limit)
3911 dst = NULL;
3912
3913 /*
3914 * When the hardware reports an accurate Tx ACK status, it's
3915 * better to send a nullfunc frame instead of a probe request,
3916 * as it will kick us off the AP quickly if we aren't associated
3917 * anymore. The timeout will be reset if the frame is ACKed by
3918 * the AP.
3919 */
3920 ifmgd->probe_send_count++;
3921
3922 if (dst) {
3923 sta = sta_info_get(sdata, dst);
3924 if (!WARN_ON(!sta))
3925 ieee80211_check_fast_rx(sta);
3926 }
3927
3928 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
3929 ifmgd->nullfunc_failed = false;
3930 ieee80211_send_nullfunc(sdata->local, sdata, false);
3931 } else {
3932 ieee80211_mlme_send_probe_req(sdata, sdata->vif.addr, dst,
3933 sdata->vif.cfg.ssid,
3934 sdata->vif.cfg.ssid_len,
3935 sdata->deflink.conf->bss->channel);
3936 }
3937
3938 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
3939 run_again(sdata, ifmgd->probe_timeout);
3940 }
3941
ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data * sdata,bool beacon)3942 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
3943 bool beacon)
3944 {
3945 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3946 bool already = false;
3947
3948 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3949
3950 if (WARN_ON_ONCE(ieee80211_vif_is_mld(&sdata->vif)))
3951 return;
3952
3953 if (!ieee80211_sdata_running(sdata))
3954 return;
3955
3956 if (!ifmgd->associated)
3957 return;
3958
3959 if (sdata->local->tmp_channel || sdata->local->scanning)
3960 return;
3961
3962 if (sdata->local->suspending) {
3963 /* reschedule after resume */
3964 ieee80211_reset_ap_probe(sdata);
3965 return;
3966 }
3967
3968 if (beacon) {
3969 mlme_dbg_ratelimited(sdata,
3970 "detected beacon loss from AP (missed %d beacons) - probing\n",
3971 beacon_loss_count);
3972
3973 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL);
3974 }
3975
3976 /*
3977 * The driver/our work has already reported this event or the
3978 * connection monitoring has kicked in and we have already sent
3979 * a probe request. Or maybe the AP died and the driver keeps
3980 * reporting until we disassociate...
3981 *
3982 * In either case we have to ignore the current call to this
3983 * function (except for setting the correct probe reason bit)
3984 * because otherwise we would reset the timer every time and
3985 * never check whether we received a probe response!
3986 */
3987 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
3988 already = true;
3989
3990 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
3991
3992 if (already)
3993 return;
3994
3995 ieee80211_recalc_ps(sdata->local);
3996
3997 ifmgd->probe_send_count = 0;
3998 ieee80211_mgd_probe_ap_send(sdata);
3999 }
4000
ieee80211_ap_probereq_get(struct ieee80211_hw * hw,struct ieee80211_vif * vif)4001 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
4002 struct ieee80211_vif *vif)
4003 {
4004 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4005 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4006 struct cfg80211_bss *cbss;
4007 struct sk_buff *skb;
4008 const struct element *ssid;
4009 int ssid_len;
4010
4011 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4012
4013 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION ||
4014 ieee80211_vif_is_mld(&sdata->vif)))
4015 return NULL;
4016
4017 if (ifmgd->associated)
4018 cbss = sdata->deflink.conf->bss;
4019 else if (ifmgd->auth_data)
4020 cbss = ifmgd->auth_data->bss;
4021 else if (ifmgd->assoc_data && ifmgd->assoc_data->link[0].bss)
4022 cbss = ifmgd->assoc_data->link[0].bss;
4023 else
4024 return NULL;
4025
4026 rcu_read_lock();
4027 ssid = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID);
4028 if (WARN_ONCE(!ssid || ssid->datalen > IEEE80211_MAX_SSID_LEN,
4029 "invalid SSID element (len=%d)",
4030 ssid ? ssid->datalen : -1))
4031 ssid_len = 0;
4032 else
4033 ssid_len = ssid->datalen;
4034
4035 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid,
4036 (u32) -1, cbss->channel,
4037 ssid->data, ssid_len,
4038 NULL, 0, IEEE80211_PROBE_FLAG_DIRECTED);
4039 rcu_read_unlock();
4040
4041 return skb;
4042 }
4043 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
4044
ieee80211_report_disconnect(struct ieee80211_sub_if_data * sdata,const u8 * buf,size_t len,bool tx,u16 reason,bool reconnect)4045 static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
4046 const u8 *buf, size_t len, bool tx,
4047 u16 reason, bool reconnect)
4048 {
4049 struct ieee80211_event event = {
4050 .type = MLME_EVENT,
4051 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT,
4052 .u.mlme.reason = reason,
4053 };
4054
4055 if (tx)
4056 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len, reconnect);
4057 else
4058 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
4059
4060 drv_event_callback(sdata->local, sdata, &event);
4061 }
4062
__ieee80211_disconnect(struct ieee80211_sub_if_data * sdata)4063 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
4064 {
4065 struct ieee80211_local *local = sdata->local;
4066 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4067 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4068 bool tx = false;
4069
4070 lockdep_assert_wiphy(local->hw.wiphy);
4071
4072 if (!ifmgd->associated)
4073 return;
4074
4075 /* only transmit if we have a link that makes that worthwhile */
4076 for (unsigned int link_id = 0;
4077 link_id < ARRAY_SIZE(sdata->link);
4078 link_id++) {
4079 struct ieee80211_link_data *link;
4080
4081 if (!ieee80211_vif_link_active(&sdata->vif, link_id))
4082 continue;
4083
4084 link = sdata_dereference(sdata->link[link_id], sdata);
4085 if (WARN_ON_ONCE(!link))
4086 continue;
4087
4088 if (link->u.mgd.csa.blocked_tx)
4089 continue;
4090
4091 tx = true;
4092 break;
4093 }
4094
4095 if (!ifmgd->driver_disconnect) {
4096 unsigned int link_id;
4097
4098 /*
4099 * AP is probably out of range (or not reachable for another
4100 * reason) so remove the bss structs for that AP. In the case
4101 * of multi-link, it's not clear that all of them really are
4102 * out of range, but if they weren't the driver likely would
4103 * have switched to just have a single link active?
4104 */
4105 for (link_id = 0;
4106 link_id < ARRAY_SIZE(sdata->link);
4107 link_id++) {
4108 struct ieee80211_link_data *link;
4109
4110 link = sdata_dereference(sdata->link[link_id], sdata);
4111 if (!link)
4112 continue;
4113 cfg80211_unlink_bss(local->hw.wiphy, link->conf->bss);
4114 link->conf->bss = NULL;
4115 }
4116 }
4117
4118 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4119 ifmgd->driver_disconnect ?
4120 WLAN_REASON_DEAUTH_LEAVING :
4121 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4122 tx, frame_buf);
4123 /* the other links will be destroyed */
4124 sdata->vif.bss_conf.csa_active = false;
4125 sdata->deflink.u.mgd.csa.waiting_bcn = false;
4126 sdata->deflink.u.mgd.csa.blocked_tx = false;
4127 ieee80211_vif_unblock_queues_csa(sdata);
4128
4129 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
4130 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4131 ifmgd->reconnect);
4132 ifmgd->reconnect = false;
4133 }
4134
ieee80211_beacon_connection_loss_work(struct wiphy * wiphy,struct wiphy_work * work)4135 static void ieee80211_beacon_connection_loss_work(struct wiphy *wiphy,
4136 struct wiphy_work *work)
4137 {
4138 struct ieee80211_sub_if_data *sdata =
4139 container_of(work, struct ieee80211_sub_if_data,
4140 u.mgd.beacon_connection_loss_work);
4141 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4142
4143 if (ifmgd->connection_loss) {
4144 sdata_info(sdata, "Connection to AP %pM lost\n",
4145 sdata->vif.cfg.ap_addr);
4146 __ieee80211_disconnect(sdata);
4147 ifmgd->connection_loss = false;
4148 } else if (ifmgd->driver_disconnect) {
4149 sdata_info(sdata,
4150 "Driver requested disconnection from AP %pM\n",
4151 sdata->vif.cfg.ap_addr);
4152 __ieee80211_disconnect(sdata);
4153 ifmgd->driver_disconnect = false;
4154 } else {
4155 if (ifmgd->associated)
4156 sdata->deflink.u.mgd.beacon_loss_count++;
4157 ieee80211_mgd_probe_ap(sdata, true);
4158 }
4159 }
4160
ieee80211_csa_connection_drop_work(struct wiphy * wiphy,struct wiphy_work * work)4161 static void ieee80211_csa_connection_drop_work(struct wiphy *wiphy,
4162 struct wiphy_work *work)
4163 {
4164 struct ieee80211_sub_if_data *sdata =
4165 container_of(work, struct ieee80211_sub_if_data,
4166 u.mgd.csa_connection_drop_work);
4167
4168 __ieee80211_disconnect(sdata);
4169 }
4170
ieee80211_beacon_loss(struct ieee80211_vif * vif)4171 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
4172 {
4173 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4174 struct ieee80211_hw *hw = &sdata->local->hw;
4175
4176 trace_api_beacon_loss(sdata);
4177
4178 sdata->u.mgd.connection_loss = false;
4179 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
4180 }
4181 EXPORT_SYMBOL(ieee80211_beacon_loss);
4182
ieee80211_connection_loss(struct ieee80211_vif * vif)4183 void ieee80211_connection_loss(struct ieee80211_vif *vif)
4184 {
4185 struct ieee80211_sub_if_data *sdata;
4186 struct ieee80211_hw *hw;
4187
4188 KUNIT_STATIC_STUB_REDIRECT(ieee80211_connection_loss, vif);
4189
4190 sdata = vif_to_sdata(vif);
4191 hw = &sdata->local->hw;
4192
4193 trace_api_connection_loss(sdata);
4194
4195 sdata->u.mgd.connection_loss = true;
4196 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
4197 }
4198 EXPORT_SYMBOL(ieee80211_connection_loss);
4199
ieee80211_disconnect(struct ieee80211_vif * vif,bool reconnect)4200 void ieee80211_disconnect(struct ieee80211_vif *vif, bool reconnect)
4201 {
4202 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4203 struct ieee80211_hw *hw = &sdata->local->hw;
4204
4205 trace_api_disconnect(sdata, reconnect);
4206
4207 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
4208 return;
4209
4210 sdata->u.mgd.driver_disconnect = true;
4211 sdata->u.mgd.reconnect = reconnect;
4212 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
4213 }
4214 EXPORT_SYMBOL(ieee80211_disconnect);
4215
ieee80211_destroy_auth_data(struct ieee80211_sub_if_data * sdata,bool assoc)4216 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
4217 bool assoc)
4218 {
4219 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
4220
4221 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4222
4223 if (!assoc) {
4224 /*
4225 * we are not authenticated yet, the only timer that could be
4226 * running is the timeout for the authentication response which
4227 * which is not relevant anymore.
4228 */
4229 del_timer_sync(&sdata->u.mgd.timer);
4230 sta_info_destroy_addr(sdata, auth_data->ap_addr);
4231
4232 /* other links are destroyed */
4233 eth_zero_addr(sdata->deflink.u.mgd.bssid);
4234 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
4235 BSS_CHANGED_BSSID);
4236 sdata->u.mgd.flags = 0;
4237
4238 ieee80211_link_release_channel(&sdata->deflink);
4239 ieee80211_vif_set_links(sdata, 0, 0);
4240 }
4241
4242 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
4243 kfree(auth_data);
4244 sdata->u.mgd.auth_data = NULL;
4245 }
4246
4247 enum assoc_status {
4248 ASSOC_SUCCESS,
4249 ASSOC_REJECTED,
4250 ASSOC_TIMEOUT,
4251 ASSOC_ABANDON,
4252 };
4253
ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data * sdata,enum assoc_status status)4254 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
4255 enum assoc_status status)
4256 {
4257 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
4258
4259 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4260
4261 if (status != ASSOC_SUCCESS) {
4262 /*
4263 * we are not associated yet, the only timer that could be
4264 * running is the timeout for the association response which
4265 * which is not relevant anymore.
4266 */
4267 del_timer_sync(&sdata->u.mgd.timer);
4268 sta_info_destroy_addr(sdata, assoc_data->ap_addr);
4269
4270 eth_zero_addr(sdata->deflink.u.mgd.bssid);
4271 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
4272 BSS_CHANGED_BSSID);
4273 sdata->u.mgd.flags = 0;
4274 sdata->vif.bss_conf.mu_mimo_owner = false;
4275
4276 if (status != ASSOC_REJECTED) {
4277 struct cfg80211_assoc_failure data = {
4278 .timeout = status == ASSOC_TIMEOUT,
4279 };
4280 int i;
4281
4282 BUILD_BUG_ON(ARRAY_SIZE(data.bss) !=
4283 ARRAY_SIZE(assoc_data->link));
4284
4285 for (i = 0; i < ARRAY_SIZE(data.bss); i++)
4286 data.bss[i] = assoc_data->link[i].bss;
4287
4288 if (ieee80211_vif_is_mld(&sdata->vif))
4289 data.ap_mld_addr = assoc_data->ap_addr;
4290
4291 cfg80211_assoc_failure(sdata->dev, &data);
4292 }
4293
4294 ieee80211_link_release_channel(&sdata->deflink);
4295 ieee80211_vif_set_links(sdata, 0, 0);
4296 }
4297
4298 kfree(assoc_data);
4299 sdata->u.mgd.assoc_data = NULL;
4300 }
4301
ieee80211_auth_challenge(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)4302 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
4303 struct ieee80211_mgmt *mgmt, size_t len)
4304 {
4305 struct ieee80211_local *local = sdata->local;
4306 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
4307 const struct element *challenge;
4308 u8 *pos;
4309 u32 tx_flags = 0;
4310 struct ieee80211_prep_tx_info info = {
4311 .subtype = IEEE80211_STYPE_AUTH,
4312 .link_id = auth_data->link_id,
4313 };
4314
4315 pos = mgmt->u.auth.variable;
4316 challenge = cfg80211_find_elem(WLAN_EID_CHALLENGE, pos,
4317 len - (pos - (u8 *)mgmt));
4318 if (!challenge)
4319 return;
4320 auth_data->expected_transaction = 4;
4321 drv_mgd_prepare_tx(sdata->local, sdata, &info);
4322 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4323 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
4324 IEEE80211_TX_INTFL_MLME_CONN_TX;
4325 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
4326 (void *)challenge,
4327 challenge->datalen + sizeof(*challenge),
4328 auth_data->ap_addr, auth_data->ap_addr,
4329 auth_data->key, auth_data->key_len,
4330 auth_data->key_idx, tx_flags);
4331 }
4332
ieee80211_mark_sta_auth(struct ieee80211_sub_if_data * sdata)4333 static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata)
4334 {
4335 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4336 const u8 *ap_addr = ifmgd->auth_data->ap_addr;
4337 struct sta_info *sta;
4338
4339 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4340
4341 sdata_info(sdata, "authenticated\n");
4342 ifmgd->auth_data->done = true;
4343 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
4344 ifmgd->auth_data->timeout_started = true;
4345 run_again(sdata, ifmgd->auth_data->timeout);
4346
4347 /* move station state to auth */
4348 sta = sta_info_get(sdata, ap_addr);
4349 if (!sta) {
4350 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, ap_addr);
4351 return false;
4352 }
4353 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
4354 sdata_info(sdata, "failed moving %pM to auth\n", ap_addr);
4355 return false;
4356 }
4357
4358 return true;
4359 }
4360
ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)4361 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
4362 struct ieee80211_mgmt *mgmt, size_t len)
4363 {
4364 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4365 u16 auth_alg, auth_transaction, status_code;
4366 struct ieee80211_event event = {
4367 .type = MLME_EVENT,
4368 .u.mlme.data = AUTH_EVENT,
4369 };
4370 struct ieee80211_prep_tx_info info = {
4371 .subtype = IEEE80211_STYPE_AUTH,
4372 };
4373
4374 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4375
4376 if (len < 24 + 6)
4377 return;
4378
4379 if (!ifmgd->auth_data || ifmgd->auth_data->done)
4380 return;
4381
4382 if (!ether_addr_equal(ifmgd->auth_data->ap_addr, mgmt->bssid))
4383 return;
4384
4385 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
4386 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
4387 status_code = le16_to_cpu(mgmt->u.auth.status_code);
4388
4389 if (auth_alg != ifmgd->auth_data->algorithm ||
4390 (auth_alg != WLAN_AUTH_SAE &&
4391 auth_transaction != ifmgd->auth_data->expected_transaction) ||
4392 (auth_alg == WLAN_AUTH_SAE &&
4393 (auth_transaction < ifmgd->auth_data->expected_transaction ||
4394 auth_transaction > 2))) {
4395 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
4396 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
4397 auth_transaction,
4398 ifmgd->auth_data->expected_transaction);
4399 goto notify_driver;
4400 }
4401
4402 if (status_code != WLAN_STATUS_SUCCESS) {
4403 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
4404
4405 if (auth_alg == WLAN_AUTH_SAE &&
4406 (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED ||
4407 (auth_transaction == 1 &&
4408 (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
4409 status_code == WLAN_STATUS_SAE_PK)))) {
4410 /* waiting for userspace now */
4411 ifmgd->auth_data->waiting = true;
4412 ifmgd->auth_data->timeout =
4413 jiffies + IEEE80211_AUTH_WAIT_SAE_RETRY;
4414 ifmgd->auth_data->timeout_started = true;
4415 run_again(sdata, ifmgd->auth_data->timeout);
4416 goto notify_driver;
4417 }
4418
4419 sdata_info(sdata, "%pM denied authentication (status %d)\n",
4420 mgmt->sa, status_code);
4421 ieee80211_destroy_auth_data(sdata, false);
4422 event.u.mlme.status = MLME_DENIED;
4423 event.u.mlme.reason = status_code;
4424 drv_event_callback(sdata->local, sdata, &event);
4425 goto notify_driver;
4426 }
4427
4428 switch (ifmgd->auth_data->algorithm) {
4429 case WLAN_AUTH_OPEN:
4430 case WLAN_AUTH_LEAP:
4431 case WLAN_AUTH_FT:
4432 case WLAN_AUTH_SAE:
4433 case WLAN_AUTH_FILS_SK:
4434 case WLAN_AUTH_FILS_SK_PFS:
4435 case WLAN_AUTH_FILS_PK:
4436 break;
4437 case WLAN_AUTH_SHARED_KEY:
4438 if (ifmgd->auth_data->expected_transaction != 4) {
4439 ieee80211_auth_challenge(sdata, mgmt, len);
4440 /* need another frame */
4441 return;
4442 }
4443 break;
4444 default:
4445 WARN_ONCE(1, "invalid auth alg %d",
4446 ifmgd->auth_data->algorithm);
4447 goto notify_driver;
4448 }
4449
4450 event.u.mlme.status = MLME_SUCCESS;
4451 info.success = 1;
4452 drv_event_callback(sdata->local, sdata, &event);
4453 if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE ||
4454 (auth_transaction == 2 &&
4455 ifmgd->auth_data->expected_transaction == 2)) {
4456 if (!ieee80211_mark_sta_auth(sdata))
4457 return; /* ignore frame -- wait for timeout */
4458 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
4459 auth_transaction == 2) {
4460 sdata_info(sdata, "SAE peer confirmed\n");
4461 ifmgd->auth_data->peer_confirmed = true;
4462 }
4463
4464 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
4465 notify_driver:
4466 drv_mgd_complete_tx(sdata->local, sdata, &info);
4467 }
4468
4469 #define case_WLAN(type) \
4470 case WLAN_REASON_##type: return #type
4471
ieee80211_get_reason_code_string(u16 reason_code)4472 const char *ieee80211_get_reason_code_string(u16 reason_code)
4473 {
4474 switch (reason_code) {
4475 case_WLAN(UNSPECIFIED);
4476 case_WLAN(PREV_AUTH_NOT_VALID);
4477 case_WLAN(DEAUTH_LEAVING);
4478 case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
4479 case_WLAN(DISASSOC_AP_BUSY);
4480 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
4481 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
4482 case_WLAN(DISASSOC_STA_HAS_LEFT);
4483 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
4484 case_WLAN(DISASSOC_BAD_POWER);
4485 case_WLAN(DISASSOC_BAD_SUPP_CHAN);
4486 case_WLAN(INVALID_IE);
4487 case_WLAN(MIC_FAILURE);
4488 case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
4489 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
4490 case_WLAN(IE_DIFFERENT);
4491 case_WLAN(INVALID_GROUP_CIPHER);
4492 case_WLAN(INVALID_PAIRWISE_CIPHER);
4493 case_WLAN(INVALID_AKMP);
4494 case_WLAN(UNSUPP_RSN_VERSION);
4495 case_WLAN(INVALID_RSN_IE_CAP);
4496 case_WLAN(IEEE8021X_FAILED);
4497 case_WLAN(CIPHER_SUITE_REJECTED);
4498 case_WLAN(DISASSOC_UNSPECIFIED_QOS);
4499 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
4500 case_WLAN(DISASSOC_LOW_ACK);
4501 case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
4502 case_WLAN(QSTA_LEAVE_QBSS);
4503 case_WLAN(QSTA_NOT_USE);
4504 case_WLAN(QSTA_REQUIRE_SETUP);
4505 case_WLAN(QSTA_TIMEOUT);
4506 case_WLAN(QSTA_CIPHER_NOT_SUPP);
4507 case_WLAN(MESH_PEER_CANCELED);
4508 case_WLAN(MESH_MAX_PEERS);
4509 case_WLAN(MESH_CONFIG);
4510 case_WLAN(MESH_CLOSE);
4511 case_WLAN(MESH_MAX_RETRIES);
4512 case_WLAN(MESH_CONFIRM_TIMEOUT);
4513 case_WLAN(MESH_INVALID_GTK);
4514 case_WLAN(MESH_INCONSISTENT_PARAM);
4515 case_WLAN(MESH_INVALID_SECURITY);
4516 case_WLAN(MESH_PATH_ERROR);
4517 case_WLAN(MESH_PATH_NOFORWARD);
4518 case_WLAN(MESH_PATH_DEST_UNREACHABLE);
4519 case_WLAN(MAC_EXISTS_IN_MBSS);
4520 case_WLAN(MESH_CHAN_REGULATORY);
4521 case_WLAN(MESH_CHAN);
4522 default: return "<unknown>";
4523 }
4524 }
4525
ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)4526 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
4527 struct ieee80211_mgmt *mgmt, size_t len)
4528 {
4529 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4530 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
4531
4532 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4533
4534 if (len < 24 + 2)
4535 return;
4536
4537 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
4538 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
4539 return;
4540 }
4541
4542 if (ifmgd->associated &&
4543 ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)) {
4544 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
4545 sdata->vif.cfg.ap_addr, reason_code,
4546 ieee80211_get_reason_code_string(reason_code));
4547
4548 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
4549
4550 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
4551 reason_code, false);
4552 return;
4553 }
4554
4555 if (ifmgd->assoc_data &&
4556 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->ap_addr)) {
4557 sdata_info(sdata,
4558 "deauthenticated from %pM while associating (Reason: %u=%s)\n",
4559 ifmgd->assoc_data->ap_addr, reason_code,
4560 ieee80211_get_reason_code_string(reason_code));
4561
4562 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
4563
4564 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
4565 return;
4566 }
4567 }
4568
4569
ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)4570 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
4571 struct ieee80211_mgmt *mgmt, size_t len)
4572 {
4573 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4574 u16 reason_code;
4575
4576 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4577
4578 if (len < 24 + 2)
4579 return;
4580
4581 if (!ifmgd->associated ||
4582 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr))
4583 return;
4584
4585 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
4586
4587 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
4588 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
4589 return;
4590 }
4591
4592 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
4593 sdata->vif.cfg.ap_addr, reason_code,
4594 ieee80211_get_reason_code_string(reason_code));
4595
4596 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
4597
4598 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code,
4599 false);
4600 }
4601
ieee80211_get_rates(struct ieee80211_supported_band * sband,u8 * supp_rates,unsigned int supp_rates_len,u32 * rates,u32 * basic_rates,bool * have_higher_than_11mbit,int * min_rate,int * min_rate_index)4602 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
4603 u8 *supp_rates, unsigned int supp_rates_len,
4604 u32 *rates, u32 *basic_rates,
4605 bool *have_higher_than_11mbit,
4606 int *min_rate, int *min_rate_index)
4607 {
4608 int i, j;
4609
4610 for (i = 0; i < supp_rates_len; i++) {
4611 int rate = supp_rates[i] & 0x7f;
4612 bool is_basic = !!(supp_rates[i] & 0x80);
4613
4614 if ((rate * 5) > 110)
4615 *have_higher_than_11mbit = true;
4616
4617 /*
4618 * Skip HT, VHT, HE, EHT and SAE H2E only BSS membership
4619 * selectors since they're not rates.
4620 *
4621 * Note: Even though the membership selector and the basic
4622 * rate flag share the same bit, they are not exactly
4623 * the same.
4624 */
4625 if (supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY) ||
4626 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY) ||
4627 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HE_PHY) ||
4628 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_EHT_PHY) ||
4629 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E))
4630 continue;
4631
4632 for (j = 0; j < sband->n_bitrates; j++) {
4633 struct ieee80211_rate *br;
4634 int brate;
4635
4636 br = &sband->bitrates[j];
4637
4638 brate = DIV_ROUND_UP(br->bitrate, 5);
4639 if (brate == rate) {
4640 *rates |= BIT(j);
4641 if (is_basic)
4642 *basic_rates |= BIT(j);
4643 if ((rate * 5) < *min_rate) {
4644 *min_rate = rate * 5;
4645 *min_rate_index = j;
4646 }
4647 break;
4648 }
4649 }
4650 }
4651 }
4652
ieee80211_twt_req_supported(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct link_sta_info * link_sta,const struct ieee802_11_elems * elems)4653 static bool ieee80211_twt_req_supported(struct ieee80211_sub_if_data *sdata,
4654 struct ieee80211_supported_band *sband,
4655 const struct link_sta_info *link_sta,
4656 const struct ieee802_11_elems *elems)
4657 {
4658 const struct ieee80211_sta_he_cap *own_he_cap =
4659 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
4660
4661 if (elems->ext_capab_len < 10)
4662 return false;
4663
4664 if (!(elems->ext_capab[9] & WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT))
4665 return false;
4666
4667 return link_sta->pub->he_cap.he_cap_elem.mac_cap_info[0] &
4668 IEEE80211_HE_MAC_CAP0_TWT_RES &&
4669 own_he_cap &&
4670 (own_he_cap->he_cap_elem.mac_cap_info[0] &
4671 IEEE80211_HE_MAC_CAP0_TWT_REQ);
4672 }
4673
ieee80211_recalc_twt_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct ieee80211_link_data * link,struct link_sta_info * link_sta,struct ieee802_11_elems * elems)4674 static u64 ieee80211_recalc_twt_req(struct ieee80211_sub_if_data *sdata,
4675 struct ieee80211_supported_band *sband,
4676 struct ieee80211_link_data *link,
4677 struct link_sta_info *link_sta,
4678 struct ieee802_11_elems *elems)
4679 {
4680 bool twt = ieee80211_twt_req_supported(sdata, sband, link_sta, elems);
4681
4682 if (link->conf->twt_requester != twt) {
4683 link->conf->twt_requester = twt;
4684 return BSS_CHANGED_TWT;
4685 }
4686 return 0;
4687 }
4688
ieee80211_twt_bcast_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_bss_conf * bss_conf,struct ieee80211_supported_band * sband,struct link_sta_info * link_sta)4689 static bool ieee80211_twt_bcast_support(struct ieee80211_sub_if_data *sdata,
4690 struct ieee80211_bss_conf *bss_conf,
4691 struct ieee80211_supported_band *sband,
4692 struct link_sta_info *link_sta)
4693 {
4694 const struct ieee80211_sta_he_cap *own_he_cap =
4695 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
4696
4697 return bss_conf->he_support &&
4698 (link_sta->pub->he_cap.he_cap_elem.mac_cap_info[2] &
4699 IEEE80211_HE_MAC_CAP2_BCAST_TWT) &&
4700 own_he_cap &&
4701 (own_he_cap->he_cap_elem.mac_cap_info[2] &
4702 IEEE80211_HE_MAC_CAP2_BCAST_TWT);
4703 }
4704
ieee80211_assoc_config_link(struct ieee80211_link_data * link,struct link_sta_info * link_sta,struct cfg80211_bss * cbss,struct ieee80211_mgmt * mgmt,const u8 * elem_start,unsigned int elem_len,u64 * changed)4705 static bool ieee80211_assoc_config_link(struct ieee80211_link_data *link,
4706 struct link_sta_info *link_sta,
4707 struct cfg80211_bss *cbss,
4708 struct ieee80211_mgmt *mgmt,
4709 const u8 *elem_start,
4710 unsigned int elem_len,
4711 u64 *changed)
4712 {
4713 struct ieee80211_sub_if_data *sdata = link->sdata;
4714 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
4715 struct ieee80211_bss_conf *bss_conf = link->conf;
4716 struct ieee80211_local *local = sdata->local;
4717 unsigned int link_id = link->link_id;
4718 struct ieee80211_elems_parse_params parse_params = {
4719 .mode = link->u.mgd.conn.mode,
4720 .start = elem_start,
4721 .len = elem_len,
4722 .link_id = link_id == assoc_data->assoc_link_id ? -1 : link_id,
4723 .from_ap = true,
4724 };
4725 bool is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ;
4726 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
4727 bool is_s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
4728 const struct cfg80211_bss_ies *bss_ies = NULL;
4729 struct ieee80211_supported_band *sband;
4730 struct ieee802_11_elems *elems;
4731 const __le16 prof_bss_param_ch_present =
4732 cpu_to_le16(IEEE80211_MLE_STA_CONTROL_BSS_PARAM_CHANGE_CNT_PRESENT);
4733 u16 capab_info;
4734 bool ret;
4735
4736 elems = ieee802_11_parse_elems_full(&parse_params);
4737 if (!elems)
4738 return false;
4739
4740 if (link_id == assoc_data->assoc_link_id) {
4741 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
4742
4743 /*
4744 * we should not get to this flow unless the association was
4745 * successful, so set the status directly to success
4746 */
4747 assoc_data->link[link_id].status = WLAN_STATUS_SUCCESS;
4748 if (elems->ml_basic) {
4749 int bss_param_ch_cnt =
4750 ieee80211_mle_get_bss_param_ch_cnt((const void *)elems->ml_basic);
4751
4752 if (bss_param_ch_cnt < 0) {
4753 ret = false;
4754 goto out;
4755 }
4756 bss_conf->bss_param_ch_cnt = bss_param_ch_cnt;
4757 bss_conf->bss_param_ch_cnt_link_id = link_id;
4758 }
4759 } else if (elems->parse_error & IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC ||
4760 !elems->prof ||
4761 !(elems->prof->control & prof_bss_param_ch_present)) {
4762 ret = false;
4763 goto out;
4764 } else {
4765 const u8 *ptr = elems->prof->variable +
4766 elems->prof->sta_info_len - 1;
4767 int bss_param_ch_cnt;
4768
4769 /*
4770 * During parsing, we validated that these fields exist,
4771 * otherwise elems->prof would have been set to NULL.
4772 */
4773 capab_info = get_unaligned_le16(ptr);
4774 assoc_data->link[link_id].status = get_unaligned_le16(ptr + 2);
4775 bss_param_ch_cnt =
4776 ieee80211_mle_basic_sta_prof_bss_param_ch_cnt(elems->prof);
4777 bss_conf->bss_param_ch_cnt = bss_param_ch_cnt;
4778 bss_conf->bss_param_ch_cnt_link_id = link_id;
4779
4780 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) {
4781 link_info(link, "association response status code=%u\n",
4782 assoc_data->link[link_id].status);
4783 ret = true;
4784 goto out;
4785 }
4786 }
4787
4788 if (!is_s1g && !elems->supp_rates) {
4789 sdata_info(sdata, "no SuppRates element in AssocResp\n");
4790 ret = false;
4791 goto out;
4792 }
4793
4794 link->u.mgd.tdls_chan_switch_prohibited =
4795 elems->ext_capab && elems->ext_capab_len >= 5 &&
4796 (elems->ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED);
4797
4798 /*
4799 * Some APs are erroneously not including some information in their
4800 * (re)association response frames. Try to recover by using the data
4801 * from the beacon or probe response. This seems to afflict mobile
4802 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
4803 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
4804 */
4805 if (!is_6ghz &&
4806 ((assoc_data->wmm && !elems->wmm_param) ||
4807 (link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT &&
4808 (!elems->ht_cap_elem || !elems->ht_operation)) ||
4809 (is_5ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT &&
4810 (!elems->vht_cap_elem || !elems->vht_operation)))) {
4811 const struct cfg80211_bss_ies *ies;
4812 struct ieee802_11_elems *bss_elems;
4813
4814 rcu_read_lock();
4815 ies = rcu_dereference(cbss->ies);
4816 if (ies)
4817 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
4818 GFP_ATOMIC);
4819 rcu_read_unlock();
4820 if (!bss_ies) {
4821 ret = false;
4822 goto out;
4823 }
4824
4825 parse_params.start = bss_ies->data;
4826 parse_params.len = bss_ies->len;
4827 parse_params.bss = cbss;
4828 bss_elems = ieee802_11_parse_elems_full(&parse_params);
4829 if (!bss_elems) {
4830 ret = false;
4831 goto out;
4832 }
4833
4834 if (assoc_data->wmm &&
4835 !elems->wmm_param && bss_elems->wmm_param) {
4836 elems->wmm_param = bss_elems->wmm_param;
4837 sdata_info(sdata,
4838 "AP bug: WMM param missing from AssocResp\n");
4839 }
4840
4841 /*
4842 * Also check if we requested HT/VHT, otherwise the AP doesn't
4843 * have to include the IEs in the (re)association response.
4844 */
4845 if (!elems->ht_cap_elem && bss_elems->ht_cap_elem &&
4846 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) {
4847 elems->ht_cap_elem = bss_elems->ht_cap_elem;
4848 sdata_info(sdata,
4849 "AP bug: HT capability missing from AssocResp\n");
4850 }
4851 if (!elems->ht_operation && bss_elems->ht_operation &&
4852 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) {
4853 elems->ht_operation = bss_elems->ht_operation;
4854 sdata_info(sdata,
4855 "AP bug: HT operation missing from AssocResp\n");
4856 }
4857
4858 if (is_5ghz) {
4859 if (!elems->vht_cap_elem && bss_elems->vht_cap_elem &&
4860 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
4861 elems->vht_cap_elem = bss_elems->vht_cap_elem;
4862 sdata_info(sdata,
4863 "AP bug: VHT capa missing from AssocResp\n");
4864 }
4865
4866 if (!elems->vht_operation && bss_elems->vht_operation &&
4867 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
4868 elems->vht_operation = bss_elems->vht_operation;
4869 sdata_info(sdata,
4870 "AP bug: VHT operation missing from AssocResp\n");
4871 }
4872 }
4873 kfree(bss_elems);
4874 }
4875
4876 /*
4877 * We previously checked these in the beacon/probe response, so
4878 * they should be present here. This is just a safety net.
4879 * Note that the ieee80211_config_bw() below would also check
4880 * for this (and more), but this has better error reporting.
4881 */
4882 if (!is_6ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT &&
4883 (!elems->wmm_param || !elems->ht_cap_elem || !elems->ht_operation)) {
4884 sdata_info(sdata,
4885 "HT AP is missing WMM params or HT capability/operation\n");
4886 ret = false;
4887 goto out;
4888 }
4889
4890 if (is_5ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT &&
4891 (!elems->vht_cap_elem || !elems->vht_operation)) {
4892 sdata_info(sdata,
4893 "VHT AP is missing VHT capability/operation\n");
4894 ret = false;
4895 goto out;
4896 }
4897
4898 /* check/update if AP changed anything in assoc response vs. scan */
4899 if (ieee80211_config_bw(link, elems,
4900 link_id == assoc_data->assoc_link_id,
4901 changed)) {
4902 ret = false;
4903 goto out;
4904 }
4905
4906 if (WARN_ON(!link->conf->chanreq.oper.chan)) {
4907 ret = false;
4908 goto out;
4909 }
4910 sband = local->hw.wiphy->bands[link->conf->chanreq.oper.chan->band];
4911
4912 /* Set up internal HT/VHT capabilities */
4913 if (elems->ht_cap_elem && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT)
4914 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
4915 elems->ht_cap_elem,
4916 link_sta);
4917
4918 if (elems->vht_cap_elem &&
4919 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
4920 const struct ieee80211_vht_cap *bss_vht_cap = NULL;
4921 const struct cfg80211_bss_ies *ies;
4922
4923 /*
4924 * Cisco AP module 9115 with FW 17.3 has a bug and sends a
4925 * too large maximum MPDU length in the association response
4926 * (indicating 12k) that it cannot actually process ...
4927 * Work around that.
4928 */
4929 rcu_read_lock();
4930 ies = rcu_dereference(cbss->ies);
4931 if (ies) {
4932 const struct element *elem;
4933
4934 elem = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY,
4935 ies->data, ies->len);
4936 if (elem && elem->datalen >= sizeof(*bss_vht_cap))
4937 bss_vht_cap = (const void *)elem->data;
4938 }
4939
4940 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
4941 elems->vht_cap_elem,
4942 bss_vht_cap, link_sta);
4943 rcu_read_unlock();
4944 }
4945
4946 if (elems->he_operation &&
4947 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE &&
4948 elems->he_cap) {
4949 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband,
4950 elems->he_cap,
4951 elems->he_cap_len,
4952 elems->he_6ghz_capa,
4953 link_sta);
4954
4955 bss_conf->he_support = link_sta->pub->he_cap.has_he;
4956 if (elems->rsnx && elems->rsnx_len &&
4957 (elems->rsnx[0] & WLAN_RSNX_CAPA_PROTECTED_TWT) &&
4958 wiphy_ext_feature_isset(local->hw.wiphy,
4959 NL80211_EXT_FEATURE_PROTECTED_TWT))
4960 bss_conf->twt_protected = true;
4961 else
4962 bss_conf->twt_protected = false;
4963
4964 *changed |= ieee80211_recalc_twt_req(sdata, sband, link,
4965 link_sta, elems);
4966
4967 if (elems->eht_operation && elems->eht_cap &&
4968 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_EHT) {
4969 ieee80211_eht_cap_ie_to_sta_eht_cap(sdata, sband,
4970 elems->he_cap,
4971 elems->he_cap_len,
4972 elems->eht_cap,
4973 elems->eht_cap_len,
4974 link_sta);
4975
4976 bss_conf->eht_support = link_sta->pub->eht_cap.has_eht;
4977 } else {
4978 bss_conf->eht_support = false;
4979 }
4980 } else {
4981 bss_conf->he_support = false;
4982 bss_conf->twt_requester = false;
4983 bss_conf->twt_protected = false;
4984 bss_conf->eht_support = false;
4985 }
4986
4987 bss_conf->twt_broadcast =
4988 ieee80211_twt_bcast_support(sdata, bss_conf, sband, link_sta);
4989
4990 if (bss_conf->he_support) {
4991 bss_conf->he_bss_color.color =
4992 le32_get_bits(elems->he_operation->he_oper_params,
4993 IEEE80211_HE_OPERATION_BSS_COLOR_MASK);
4994 bss_conf->he_bss_color.partial =
4995 le32_get_bits(elems->he_operation->he_oper_params,
4996 IEEE80211_HE_OPERATION_PARTIAL_BSS_COLOR);
4997 bss_conf->he_bss_color.enabled =
4998 !le32_get_bits(elems->he_operation->he_oper_params,
4999 IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED);
5000
5001 if (bss_conf->he_bss_color.enabled)
5002 *changed |= BSS_CHANGED_HE_BSS_COLOR;
5003
5004 bss_conf->htc_trig_based_pkt_ext =
5005 le32_get_bits(elems->he_operation->he_oper_params,
5006 IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK);
5007 bss_conf->frame_time_rts_th =
5008 le32_get_bits(elems->he_operation->he_oper_params,
5009 IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
5010
5011 bss_conf->uora_exists = !!elems->uora_element;
5012 if (elems->uora_element)
5013 bss_conf->uora_ocw_range = elems->uora_element[0];
5014
5015 ieee80211_he_op_ie_to_bss_conf(&sdata->vif, elems->he_operation);
5016 ieee80211_he_spr_ie_to_bss_conf(&sdata->vif, elems->he_spr);
5017 /* TODO: OPEN: what happens if BSS color disable is set? */
5018 }
5019
5020 if (cbss->transmitted_bss) {
5021 bss_conf->nontransmitted = true;
5022 ether_addr_copy(bss_conf->transmitter_bssid,
5023 cbss->transmitted_bss->bssid);
5024 bss_conf->bssid_indicator = cbss->max_bssid_indicator;
5025 bss_conf->bssid_index = cbss->bssid_index;
5026 }
5027
5028 /*
5029 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
5030 * in their association response, so ignore that data for our own
5031 * configuration. If it changed since the last beacon, we'll get the
5032 * next beacon and update then.
5033 */
5034
5035 /*
5036 * If an operating mode notification IE is present, override the
5037 * NSS calculation (that would be done in rate_control_rate_init())
5038 * and use the # of streams from that element.
5039 */
5040 if (elems->opmode_notif &&
5041 !(*elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
5042 u8 nss;
5043
5044 nss = *elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
5045 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
5046 nss += 1;
5047 link_sta->pub->rx_nss = nss;
5048 }
5049
5050 /*
5051 * Always handle WMM once after association regardless
5052 * of the first value the AP uses. Setting -1 here has
5053 * that effect because the AP values is an unsigned
5054 * 4-bit value.
5055 */
5056 link->u.mgd.wmm_last_param_set = -1;
5057 link->u.mgd.mu_edca_last_param_set = -1;
5058
5059 if (link->u.mgd.disable_wmm_tracking) {
5060 ieee80211_set_wmm_default(link, false, false);
5061 } else if (!ieee80211_sta_wmm_params(local, link, elems->wmm_param,
5062 elems->wmm_param_len,
5063 elems->mu_edca_param_set)) {
5064 /* still enable QoS since we might have HT/VHT */
5065 ieee80211_set_wmm_default(link, false, true);
5066 /* disable WMM tracking in this case to disable
5067 * tracking WMM parameter changes in the beacon if
5068 * the parameters weren't actually valid. Doing so
5069 * avoids changing parameters very strangely when
5070 * the AP is going back and forth between valid and
5071 * invalid parameters.
5072 */
5073 link->u.mgd.disable_wmm_tracking = true;
5074 }
5075
5076 if (elems->max_idle_period_ie) {
5077 bss_conf->max_idle_period =
5078 le16_to_cpu(elems->max_idle_period_ie->max_idle_period);
5079 bss_conf->protected_keep_alive =
5080 !!(elems->max_idle_period_ie->idle_options &
5081 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE);
5082 *changed |= BSS_CHANGED_KEEP_ALIVE;
5083 } else {
5084 bss_conf->max_idle_period = 0;
5085 bss_conf->protected_keep_alive = false;
5086 }
5087
5088 /* set assoc capability (AID was already set earlier),
5089 * ieee80211_set_associated() will tell the driver */
5090 bss_conf->assoc_capability = capab_info;
5091
5092 ret = true;
5093 out:
5094 kfree(elems);
5095 kfree(bss_ies);
5096 return ret;
5097 }
5098
ieee80211_mgd_setup_link_sta(struct ieee80211_link_data * link,struct sta_info * sta,struct link_sta_info * link_sta,struct cfg80211_bss * cbss)5099 static int ieee80211_mgd_setup_link_sta(struct ieee80211_link_data *link,
5100 struct sta_info *sta,
5101 struct link_sta_info *link_sta,
5102 struct cfg80211_bss *cbss)
5103 {
5104 struct ieee80211_sub_if_data *sdata = link->sdata;
5105 struct ieee80211_local *local = sdata->local;
5106 struct ieee80211_bss *bss = (void *)cbss->priv;
5107 u32 rates = 0, basic_rates = 0;
5108 bool have_higher_than_11mbit = false;
5109 int min_rate = INT_MAX, min_rate_index = -1;
5110 struct ieee80211_supported_band *sband;
5111
5112 memcpy(link_sta->addr, cbss->bssid, ETH_ALEN);
5113 memcpy(link_sta->pub->addr, cbss->bssid, ETH_ALEN);
5114
5115 /* TODO: S1G Basic Rate Set is expressed elsewhere */
5116 if (cbss->channel->band == NL80211_BAND_S1GHZ) {
5117 ieee80211_s1g_sta_rate_init(sta);
5118 return 0;
5119 }
5120
5121 sband = local->hw.wiphy->bands[cbss->channel->band];
5122
5123 ieee80211_get_rates(sband, bss->supp_rates, bss->supp_rates_len,
5124 &rates, &basic_rates, &have_higher_than_11mbit,
5125 &min_rate, &min_rate_index);
5126
5127 /*
5128 * This used to be a workaround for basic rates missing
5129 * in the association response frame. Now that we no
5130 * longer use the basic rates from there, it probably
5131 * doesn't happen any more, but keep the workaround so
5132 * in case some *other* APs are buggy in different ways
5133 * we can connect -- with a warning.
5134 * Allow this workaround only in case the AP provided at least
5135 * one rate.
5136 */
5137 if (min_rate_index < 0) {
5138 link_info(link, "No legacy rates in association response\n");
5139 return -EINVAL;
5140 } else if (!basic_rates) {
5141 link_info(link, "No basic rates, using min rate instead\n");
5142 basic_rates = BIT(min_rate_index);
5143 }
5144
5145 if (rates)
5146 link_sta->pub->supp_rates[cbss->channel->band] = rates;
5147 else
5148 link_info(link, "No rates found, keeping mandatory only\n");
5149
5150 link->conf->basic_rates = basic_rates;
5151
5152 /* cf. IEEE 802.11 9.2.12 */
5153 link->operating_11g_mode = sband->band == NL80211_BAND_2GHZ &&
5154 have_higher_than_11mbit;
5155
5156 return 0;
5157 }
5158
ieee80211_max_rx_chains(struct ieee80211_link_data * link,struct cfg80211_bss * cbss)5159 static u8 ieee80211_max_rx_chains(struct ieee80211_link_data *link,
5160 struct cfg80211_bss *cbss)
5161 {
5162 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp;
5163 const struct element *ht_cap_elem, *vht_cap_elem;
5164 const struct cfg80211_bss_ies *ies;
5165 const struct ieee80211_ht_cap *ht_cap;
5166 const struct ieee80211_vht_cap *vht_cap;
5167 const struct ieee80211_he_cap_elem *he_cap;
5168 const struct element *he_cap_elem;
5169 u16 mcs_80_map, mcs_160_map;
5170 int i, mcs_nss_size;
5171 bool support_160;
5172 u8 chains = 1;
5173
5174 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HT)
5175 return chains;
5176
5177 ht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_CAPABILITY);
5178 if (ht_cap_elem && ht_cap_elem->datalen >= sizeof(*ht_cap)) {
5179 ht_cap = (void *)ht_cap_elem->data;
5180 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
5181 /*
5182 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
5183 * "Tx Unequal Modulation Supported" fields.
5184 */
5185 }
5186
5187 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_VHT)
5188 return chains;
5189
5190 vht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY);
5191 if (vht_cap_elem && vht_cap_elem->datalen >= sizeof(*vht_cap)) {
5192 u8 nss;
5193 u16 tx_mcs_map;
5194
5195 vht_cap = (void *)vht_cap_elem->data;
5196 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
5197 for (nss = 8; nss > 0; nss--) {
5198 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
5199 IEEE80211_VHT_MCS_NOT_SUPPORTED)
5200 break;
5201 }
5202 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
5203 chains = max(chains, nss);
5204 }
5205
5206 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HE)
5207 return chains;
5208
5209 ies = rcu_dereference(cbss->ies);
5210 he_cap_elem = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY,
5211 ies->data, ies->len);
5212
5213 if (!he_cap_elem || he_cap_elem->datalen < sizeof(*he_cap))
5214 return chains;
5215
5216 /* skip one byte ext_tag_id */
5217 he_cap = (void *)(he_cap_elem->data + 1);
5218 mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap);
5219
5220 /* invalid HE IE */
5221 if (he_cap_elem->datalen < 1 + mcs_nss_size + sizeof(*he_cap))
5222 return chains;
5223
5224 /* mcs_nss is right after he_cap info */
5225 he_mcs_nss_supp = (void *)(he_cap + 1);
5226
5227 mcs_80_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80);
5228
5229 for (i = 7; i >= 0; i--) {
5230 u8 mcs_80 = mcs_80_map >> (2 * i) & 3;
5231
5232 if (mcs_80 != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
5233 chains = max_t(u8, chains, i + 1);
5234 break;
5235 }
5236 }
5237
5238 support_160 = he_cap->phy_cap_info[0] &
5239 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
5240
5241 if (!support_160)
5242 return chains;
5243
5244 mcs_160_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_160);
5245 for (i = 7; i >= 0; i--) {
5246 u8 mcs_160 = mcs_160_map >> (2 * i) & 3;
5247
5248 if (mcs_160 != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
5249 chains = max_t(u8, chains, i + 1);
5250 break;
5251 }
5252 }
5253
5254 return chains;
5255 }
5256
5257 static void
ieee80211_determine_our_sta_mode(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct cfg80211_assoc_request * req,bool wmm_used,int link_id,struct ieee80211_conn_settings * conn)5258 ieee80211_determine_our_sta_mode(struct ieee80211_sub_if_data *sdata,
5259 struct ieee80211_supported_band *sband,
5260 struct cfg80211_assoc_request *req,
5261 bool wmm_used, int link_id,
5262 struct ieee80211_conn_settings *conn)
5263 {
5264 struct ieee80211_sta_ht_cap sta_ht_cap = sband->ht_cap;
5265 bool is_5ghz = sband->band == NL80211_BAND_5GHZ;
5266 bool is_6ghz = sband->band == NL80211_BAND_6GHZ;
5267 const struct ieee80211_sta_he_cap *he_cap;
5268 const struct ieee80211_sta_eht_cap *eht_cap;
5269 struct ieee80211_sta_vht_cap vht_cap;
5270
5271 if (sband->band == NL80211_BAND_S1GHZ) {
5272 conn->mode = IEEE80211_CONN_MODE_S1G;
5273 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
5274 mlme_dbg(sdata, "operating as S1G STA\n");
5275 return;
5276 }
5277
5278 conn->mode = IEEE80211_CONN_MODE_LEGACY;
5279 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
5280
5281 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
5282
5283 if (req && req->flags & ASSOC_REQ_DISABLE_HT) {
5284 mlme_link_id_dbg(sdata, link_id,
5285 "HT disabled by flag, limiting to legacy\n");
5286 goto out;
5287 }
5288
5289 if (!wmm_used) {
5290 mlme_link_id_dbg(sdata, link_id,
5291 "WMM/QoS not supported, limiting to legacy\n");
5292 goto out;
5293 }
5294
5295 if (req) {
5296 unsigned int i;
5297
5298 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
5299 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
5300 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
5301 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
5302 netdev_info(sdata->dev,
5303 "WEP/TKIP use, limiting to legacy\n");
5304 goto out;
5305 }
5306 }
5307 }
5308
5309 if (!sta_ht_cap.ht_supported && !is_6ghz) {
5310 mlme_link_id_dbg(sdata, link_id,
5311 "HT not supported (and not on 6 GHz), limiting to legacy\n");
5312 goto out;
5313 }
5314
5315 /* HT is fine */
5316 conn->mode = IEEE80211_CONN_MODE_HT;
5317 conn->bw_limit = sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 ?
5318 IEEE80211_CONN_BW_LIMIT_40 :
5319 IEEE80211_CONN_BW_LIMIT_20;
5320
5321 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
5322 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
5323
5324 if (req && req->flags & ASSOC_REQ_DISABLE_VHT) {
5325 mlme_link_id_dbg(sdata, link_id,
5326 "VHT disabled by flag, limiting to HT\n");
5327 goto out;
5328 }
5329
5330 if (vht_cap.vht_supported && is_5ghz) {
5331 bool have_80mhz = false;
5332 unsigned int i;
5333
5334 if (conn->bw_limit == IEEE80211_CONN_BW_LIMIT_20) {
5335 mlme_link_id_dbg(sdata, link_id,
5336 "no 40 MHz support on 5 GHz, limiting to HT\n");
5337 goto out;
5338 }
5339
5340 /* Allow VHT if at least one channel on the sband supports 80 MHz */
5341 for (i = 0; i < sband->n_channels; i++) {
5342 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED |
5343 IEEE80211_CHAN_NO_80MHZ))
5344 continue;
5345
5346 have_80mhz = true;
5347 break;
5348 }
5349
5350 if (!have_80mhz) {
5351 mlme_link_id_dbg(sdata, link_id,
5352 "no 80 MHz channel support on 5 GHz, limiting to HT\n");
5353 goto out;
5354 }
5355 } else if (is_5ghz) { /* !vht_supported but on 5 GHz */
5356 mlme_link_id_dbg(sdata, link_id,
5357 "no VHT support on 5 GHz, limiting to HT\n");
5358 goto out;
5359 }
5360
5361 /* VHT - if we have - is fine, including 80 MHz, check 160 below again */
5362 if (sband->band != NL80211_BAND_2GHZ) {
5363 conn->mode = IEEE80211_CONN_MODE_VHT;
5364 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_160;
5365 }
5366
5367 if (is_5ghz &&
5368 !(vht_cap.cap & (IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
5369 IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))) {
5370 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_80;
5371 mlme_link_id_dbg(sdata, link_id,
5372 "no VHT 160 MHz capability on 5 GHz, limiting to 80 MHz");
5373 }
5374
5375 if (req && req->flags & ASSOC_REQ_DISABLE_HE) {
5376 mlme_link_id_dbg(sdata, link_id,
5377 "HE disabled by flag, limiting to HT/VHT\n");
5378 goto out;
5379 }
5380
5381 he_cap = ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
5382 if (!he_cap) {
5383 WARN_ON(is_6ghz);
5384 mlme_link_id_dbg(sdata, link_id,
5385 "no HE support, limiting to HT/VHT\n");
5386 goto out;
5387 }
5388
5389 /* so we have HE */
5390 conn->mode = IEEE80211_CONN_MODE_HE;
5391
5392 /* check bandwidth */
5393 switch (sband->band) {
5394 default:
5395 case NL80211_BAND_2GHZ:
5396 if (he_cap->he_cap_elem.phy_cap_info[0] &
5397 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G)
5398 break;
5399 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
5400 mlme_link_id_dbg(sdata, link_id,
5401 "no 40 MHz HE cap in 2.4 GHz, limiting to 20 MHz\n");
5402 break;
5403 case NL80211_BAND_5GHZ:
5404 if (!(he_cap->he_cap_elem.phy_cap_info[0] &
5405 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) {
5406 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
5407 mlme_link_id_dbg(sdata, link_id,
5408 "no 40/80 MHz HE cap in 5 GHz, limiting to 20 MHz\n");
5409 break;
5410 }
5411 if (!(he_cap->he_cap_elem.phy_cap_info[0] &
5412 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G)) {
5413 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
5414 conn->bw_limit,
5415 IEEE80211_CONN_BW_LIMIT_80);
5416 mlme_link_id_dbg(sdata, link_id,
5417 "no 160 MHz HE cap in 5 GHz, limiting to 80 MHz\n");
5418 }
5419 break;
5420 case NL80211_BAND_6GHZ:
5421 if (he_cap->he_cap_elem.phy_cap_info[0] &
5422 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G)
5423 break;
5424 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
5425 conn->bw_limit,
5426 IEEE80211_CONN_BW_LIMIT_80);
5427 mlme_link_id_dbg(sdata, link_id,
5428 "no 160 MHz HE cap in 6 GHz, limiting to 80 MHz\n");
5429 break;
5430 }
5431
5432 if (req && req->flags & ASSOC_REQ_DISABLE_EHT) {
5433 mlme_link_id_dbg(sdata, link_id,
5434 "EHT disabled by flag, limiting to HE\n");
5435 goto out;
5436 }
5437
5438 eht_cap = ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif);
5439 if (!eht_cap) {
5440 mlme_link_id_dbg(sdata, link_id,
5441 "no EHT support, limiting to HE\n");
5442 goto out;
5443 }
5444
5445 /* we have EHT */
5446
5447 conn->mode = IEEE80211_CONN_MODE_EHT;
5448
5449 /* check bandwidth */
5450 if (is_6ghz &&
5451 eht_cap->eht_cap_elem.phy_cap_info[0] & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ)
5452 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_320;
5453 else if (is_6ghz)
5454 mlme_link_id_dbg(sdata, link_id,
5455 "no EHT 320 MHz cap in 6 GHz, limiting to 160 MHz\n");
5456
5457 out:
5458 mlme_link_id_dbg(sdata, link_id,
5459 "determined local STA to be %s, BW limited to %d MHz\n",
5460 ieee80211_conn_mode_str(conn->mode),
5461 20 * (1 << conn->bw_limit));
5462 }
5463
5464 static void
ieee80211_determine_our_sta_mode_auth(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct cfg80211_auth_request * req,bool wmm_used,struct ieee80211_conn_settings * conn)5465 ieee80211_determine_our_sta_mode_auth(struct ieee80211_sub_if_data *sdata,
5466 struct ieee80211_supported_band *sband,
5467 struct cfg80211_auth_request *req,
5468 bool wmm_used,
5469 struct ieee80211_conn_settings *conn)
5470 {
5471 ieee80211_determine_our_sta_mode(sdata, sband, NULL, wmm_used,
5472 req->link_id > 0 ? req->link_id : 0,
5473 conn);
5474 }
5475
5476 static void
ieee80211_determine_our_sta_mode_assoc(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct cfg80211_assoc_request * req,bool wmm_used,int link_id,struct ieee80211_conn_settings * conn)5477 ieee80211_determine_our_sta_mode_assoc(struct ieee80211_sub_if_data *sdata,
5478 struct ieee80211_supported_band *sband,
5479 struct cfg80211_assoc_request *req,
5480 bool wmm_used, int link_id,
5481 struct ieee80211_conn_settings *conn)
5482 {
5483 struct ieee80211_conn_settings tmp;
5484
5485 WARN_ON(!req);
5486
5487 ieee80211_determine_our_sta_mode(sdata, sband, req, wmm_used, link_id,
5488 &tmp);
5489
5490 conn->mode = min_t(enum ieee80211_conn_mode,
5491 conn->mode, tmp.mode);
5492 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
5493 conn->bw_limit, tmp.bw_limit);
5494 }
5495
5496 static enum ieee80211_ap_reg_power
ieee80211_ap_power_type(u8 control)5497 ieee80211_ap_power_type(u8 control)
5498 {
5499 switch (u8_get_bits(control, IEEE80211_HE_6GHZ_OPER_CTRL_REG_INFO)) {
5500 case IEEE80211_6GHZ_CTRL_REG_LPI_AP:
5501 case IEEE80211_6GHZ_CTRL_REG_INDOOR_LPI_AP:
5502 return IEEE80211_REG_LPI_AP;
5503 case IEEE80211_6GHZ_CTRL_REG_SP_AP:
5504 case IEEE80211_6GHZ_CTRL_REG_INDOOR_SP_AP:
5505 return IEEE80211_REG_SP_AP;
5506 case IEEE80211_6GHZ_CTRL_REG_VLP_AP:
5507 return IEEE80211_REG_VLP_AP;
5508 default:
5509 return IEEE80211_REG_UNSET_AP;
5510 }
5511 }
5512
ieee80211_prep_channel(struct ieee80211_sub_if_data * sdata,struct ieee80211_link_data * link,int link_id,struct cfg80211_bss * cbss,bool mlo,struct ieee80211_conn_settings * conn)5513 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
5514 struct ieee80211_link_data *link,
5515 int link_id,
5516 struct cfg80211_bss *cbss, bool mlo,
5517 struct ieee80211_conn_settings *conn)
5518 {
5519 struct ieee80211_local *local = sdata->local;
5520 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
5521 struct ieee80211_chan_req chanreq = {};
5522 struct cfg80211_chan_def ap_chandef;
5523 struct ieee802_11_elems *elems;
5524 int ret;
5525
5526 lockdep_assert_wiphy(local->hw.wiphy);
5527
5528 rcu_read_lock();
5529 elems = ieee80211_determine_chan_mode(sdata, conn, cbss, link_id,
5530 &chanreq, &ap_chandef);
5531
5532 if (IS_ERR(elems)) {
5533 rcu_read_unlock();
5534 return PTR_ERR(elems);
5535 }
5536
5537 if (mlo && !elems->ml_basic) {
5538 sdata_info(sdata, "Rejecting MLO as it is not supported by AP\n");
5539 rcu_read_unlock();
5540 kfree(elems);
5541 return -EINVAL;
5542 }
5543
5544 if (link && is_6ghz && conn->mode >= IEEE80211_CONN_MODE_HE) {
5545 const struct ieee80211_he_6ghz_oper *he_6ghz_oper;
5546
5547 if (elems->pwr_constr_elem)
5548 link->conf->pwr_reduction = *elems->pwr_constr_elem;
5549
5550 he_6ghz_oper = ieee80211_he_6ghz_oper(elems->he_operation);
5551 if (he_6ghz_oper)
5552 link->conf->power_type =
5553 ieee80211_ap_power_type(he_6ghz_oper->control);
5554 else
5555 link_info(link,
5556 "HE 6 GHz operation missing (on %d MHz), expect issues\n",
5557 cbss->channel->center_freq);
5558
5559 link->conf->tpe = elems->tpe;
5560 ieee80211_rearrange_tpe(&link->conf->tpe, &ap_chandef,
5561 &chanreq.oper);
5562 }
5563 rcu_read_unlock();
5564 /* the element data was RCU protected so no longer valid anyway */
5565 kfree(elems);
5566 elems = NULL;
5567
5568 if (!link)
5569 return 0;
5570
5571 rcu_read_lock();
5572 link->needed_rx_chains = min(ieee80211_max_rx_chains(link, cbss),
5573 local->rx_chains);
5574 rcu_read_unlock();
5575
5576 /*
5577 * If this fails (possibly due to channel context sharing
5578 * on incompatible channels, e.g. 80+80 and 160 sharing the
5579 * same control channel) try to use a smaller bandwidth.
5580 */
5581 ret = ieee80211_link_use_channel(link, &chanreq,
5582 IEEE80211_CHANCTX_SHARED);
5583
5584 /* don't downgrade for 5 and 10 MHz channels, though. */
5585 if (chanreq.oper.width == NL80211_CHAN_WIDTH_5 ||
5586 chanreq.oper.width == NL80211_CHAN_WIDTH_10)
5587 return ret;
5588
5589 while (ret && chanreq.oper.width != NL80211_CHAN_WIDTH_20_NOHT) {
5590 ieee80211_chanreq_downgrade(&chanreq, conn);
5591
5592 ret = ieee80211_link_use_channel(link, &chanreq,
5593 IEEE80211_CHANCTX_SHARED);
5594 }
5595
5596 return ret;
5597 }
5598
ieee80211_get_dtim(const struct cfg80211_bss_ies * ies,u8 * dtim_count,u8 * dtim_period)5599 static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies,
5600 u8 *dtim_count, u8 *dtim_period)
5601 {
5602 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len);
5603 const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data,
5604 ies->len);
5605 const struct ieee80211_tim_ie *tim = NULL;
5606 const struct ieee80211_bssid_index *idx;
5607 bool valid = tim_ie && tim_ie[1] >= 2;
5608
5609 if (valid)
5610 tim = (void *)(tim_ie + 2);
5611
5612 if (dtim_count)
5613 *dtim_count = valid ? tim->dtim_count : 0;
5614
5615 if (dtim_period)
5616 *dtim_period = valid ? tim->dtim_period : 0;
5617
5618 /* Check if value is overridden by non-transmitted profile */
5619 if (!idx_ie || idx_ie[1] < 3)
5620 return valid;
5621
5622 idx = (void *)(idx_ie + 2);
5623
5624 if (dtim_count)
5625 *dtim_count = idx->dtim_count;
5626
5627 if (dtim_period)
5628 *dtim_period = idx->dtim_period;
5629
5630 return true;
5631 }
5632
ieee80211_assoc_success(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,struct ieee802_11_elems * elems,const u8 * elem_start,unsigned int elem_len)5633 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
5634 struct ieee80211_mgmt *mgmt,
5635 struct ieee802_11_elems *elems,
5636 const u8 *elem_start, unsigned int elem_len)
5637 {
5638 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5639 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
5640 struct ieee80211_local *local = sdata->local;
5641 unsigned int link_id;
5642 struct sta_info *sta;
5643 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS] = {};
5644 u16 valid_links = 0, dormant_links = 0;
5645 int err;
5646
5647 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5648 /*
5649 * station info was already allocated and inserted before
5650 * the association and should be available to us
5651 */
5652 sta = sta_info_get(sdata, assoc_data->ap_addr);
5653 if (WARN_ON(!sta))
5654 goto out_err;
5655
5656 sta->sta.spp_amsdu = assoc_data->spp_amsdu;
5657
5658 if (ieee80211_vif_is_mld(&sdata->vif)) {
5659 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
5660 if (!assoc_data->link[link_id].bss)
5661 continue;
5662
5663 valid_links |= BIT(link_id);
5664 if (assoc_data->link[link_id].disabled)
5665 dormant_links |= BIT(link_id);
5666
5667 if (link_id != assoc_data->assoc_link_id) {
5668 err = ieee80211_sta_allocate_link(sta, link_id);
5669 if (err)
5670 goto out_err;
5671 }
5672 }
5673
5674 ieee80211_vif_set_links(sdata, valid_links, dormant_links);
5675 }
5676
5677 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
5678 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
5679 struct ieee80211_link_data *link;
5680 struct link_sta_info *link_sta;
5681
5682 if (!cbss)
5683 continue;
5684
5685 link = sdata_dereference(sdata->link[link_id], sdata);
5686 if (WARN_ON(!link))
5687 goto out_err;
5688
5689 if (ieee80211_vif_is_mld(&sdata->vif))
5690 link_info(link,
5691 "local address %pM, AP link address %pM%s\n",
5692 link->conf->addr,
5693 assoc_data->link[link_id].bss->bssid,
5694 link_id == assoc_data->assoc_link_id ?
5695 " (assoc)" : "");
5696
5697 link_sta = rcu_dereference_protected(sta->link[link_id],
5698 lockdep_is_held(&local->hw.wiphy->mtx));
5699 if (WARN_ON(!link_sta))
5700 goto out_err;
5701
5702 if (!link->u.mgd.have_beacon) {
5703 const struct cfg80211_bss_ies *ies;
5704
5705 rcu_read_lock();
5706 ies = rcu_dereference(cbss->beacon_ies);
5707 if (ies)
5708 link->u.mgd.have_beacon = true;
5709 else
5710 ies = rcu_dereference(cbss->ies);
5711 ieee80211_get_dtim(ies,
5712 &link->conf->sync_dtim_count,
5713 &link->u.mgd.dtim_period);
5714 link->conf->beacon_int = cbss->beacon_interval;
5715 rcu_read_unlock();
5716 }
5717
5718 link->conf->dtim_period = link->u.mgd.dtim_period ?: 1;
5719
5720 if (link_id != assoc_data->assoc_link_id) {
5721 link->u.mgd.conn = assoc_data->link[link_id].conn;
5722
5723 err = ieee80211_prep_channel(sdata, link, link_id, cbss,
5724 true, &link->u.mgd.conn);
5725 if (err) {
5726 link_info(link, "prep_channel failed\n");
5727 goto out_err;
5728 }
5729 }
5730
5731 err = ieee80211_mgd_setup_link_sta(link, sta, link_sta,
5732 assoc_data->link[link_id].bss);
5733 if (err)
5734 goto out_err;
5735
5736 if (!ieee80211_assoc_config_link(link, link_sta,
5737 assoc_data->link[link_id].bss,
5738 mgmt, elem_start, elem_len,
5739 &changed[link_id]))
5740 goto out_err;
5741
5742 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) {
5743 valid_links &= ~BIT(link_id);
5744 ieee80211_sta_remove_link(sta, link_id);
5745 continue;
5746 }
5747
5748 if (link_id != assoc_data->assoc_link_id) {
5749 err = ieee80211_sta_activate_link(sta, link_id);
5750 if (err)
5751 goto out_err;
5752 }
5753 }
5754
5755 /* links might have changed due to rejected ones, set them again */
5756 ieee80211_vif_set_links(sdata, valid_links, dormant_links);
5757
5758 rate_control_rate_init_all_links(sta);
5759
5760 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) {
5761 set_sta_flag(sta, WLAN_STA_MFP);
5762 sta->sta.mfp = true;
5763 } else {
5764 sta->sta.mfp = false;
5765 }
5766
5767 ieee80211_sta_set_max_amsdu_subframes(sta, elems->ext_capab,
5768 elems->ext_capab_len);
5769
5770 sta->sta.wme = (elems->wmm_param || elems->s1g_capab) &&
5771 local->hw.queues >= IEEE80211_NUM_ACS;
5772
5773 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
5774 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
5775 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
5776 if (err) {
5777 sdata_info(sdata,
5778 "failed to move station %pM to desired state\n",
5779 sta->sta.addr);
5780 WARN_ON(__sta_info_destroy(sta));
5781 goto out_err;
5782 }
5783
5784 if (sdata->wdev.use_4addr)
5785 drv_sta_set_4addr(local, sdata, &sta->sta, true);
5786
5787 ieee80211_set_associated(sdata, assoc_data, changed);
5788
5789 /*
5790 * If we're using 4-addr mode, let the AP know that we're
5791 * doing so, so that it can create the STA VLAN on its side
5792 */
5793 if (ifmgd->use_4addr)
5794 ieee80211_send_4addr_nullfunc(local, sdata);
5795
5796 /*
5797 * Start timer to probe the connection to the AP now.
5798 * Also start the timer that will detect beacon loss.
5799 */
5800 ieee80211_sta_reset_beacon_monitor(sdata);
5801 ieee80211_sta_reset_conn_monitor(sdata);
5802
5803 return true;
5804 out_err:
5805 eth_zero_addr(sdata->vif.cfg.ap_addr);
5806 return false;
5807 }
5808
ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)5809 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
5810 struct ieee80211_mgmt *mgmt,
5811 size_t len)
5812 {
5813 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5814 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
5815 u16 capab_info, status_code, aid;
5816 struct ieee80211_elems_parse_params parse_params = {
5817 .bss = NULL,
5818 .link_id = -1,
5819 .from_ap = true,
5820 };
5821 struct ieee802_11_elems *elems;
5822 int ac;
5823 const u8 *elem_start;
5824 unsigned int elem_len;
5825 bool reassoc;
5826 struct ieee80211_event event = {
5827 .type = MLME_EVENT,
5828 .u.mlme.data = ASSOC_EVENT,
5829 };
5830 struct ieee80211_prep_tx_info info = {};
5831 struct cfg80211_rx_assoc_resp_data resp = {
5832 .uapsd_queues = -1,
5833 };
5834 u8 ap_mld_addr[ETH_ALEN] __aligned(2);
5835 unsigned int link_id;
5836
5837 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5838
5839 if (!assoc_data)
5840 return;
5841
5842 parse_params.mode =
5843 assoc_data->link[assoc_data->assoc_link_id].conn.mode;
5844
5845 if (!ether_addr_equal(assoc_data->ap_addr, mgmt->bssid) ||
5846 !ether_addr_equal(assoc_data->ap_addr, mgmt->sa))
5847 return;
5848
5849 /*
5850 * AssocResp and ReassocResp have identical structure, so process both
5851 * of them in this function.
5852 */
5853
5854 if (len < 24 + 6)
5855 return;
5856
5857 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control);
5858 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
5859 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
5860 if (assoc_data->s1g)
5861 elem_start = mgmt->u.s1g_assoc_resp.variable;
5862 else
5863 elem_start = mgmt->u.assoc_resp.variable;
5864
5865 /*
5866 * Note: this may not be perfect, AP might misbehave - if
5867 * anyone needs to rely on perfect complete notification
5868 * with the exact right subtype, then we need to track what
5869 * we actually transmitted.
5870 */
5871 info.subtype = reassoc ? IEEE80211_STYPE_REASSOC_REQ :
5872 IEEE80211_STYPE_ASSOC_REQ;
5873
5874 if (assoc_data->fils_kek_len &&
5875 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0)
5876 return;
5877
5878 elem_len = len - (elem_start - (u8 *)mgmt);
5879 parse_params.start = elem_start;
5880 parse_params.len = elem_len;
5881 elems = ieee802_11_parse_elems_full(&parse_params);
5882 if (!elems)
5883 goto notify_driver;
5884
5885 if (elems->aid_resp)
5886 aid = le16_to_cpu(elems->aid_resp->aid);
5887 else if (assoc_data->s1g)
5888 aid = 0; /* TODO */
5889 else
5890 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
5891
5892 /*
5893 * The 5 MSB of the AID field are reserved
5894 * (802.11-2016 9.4.1.8 AID field)
5895 */
5896 aid &= 0x7ff;
5897
5898 sdata_info(sdata,
5899 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
5900 reassoc ? "Rea" : "A", assoc_data->ap_addr,
5901 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
5902
5903 ifmgd->broken_ap = false;
5904
5905 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
5906 elems->timeout_int &&
5907 elems->timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
5908 u32 tu, ms;
5909
5910 cfg80211_assoc_comeback(sdata->dev, assoc_data->ap_addr,
5911 le32_to_cpu(elems->timeout_int->value));
5912
5913 tu = le32_to_cpu(elems->timeout_int->value);
5914 ms = tu * 1024 / 1000;
5915 sdata_info(sdata,
5916 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
5917 assoc_data->ap_addr, tu, ms);
5918 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
5919 assoc_data->timeout_started = true;
5920 assoc_data->comeback = true;
5921 if (ms > IEEE80211_ASSOC_TIMEOUT)
5922 run_again(sdata, assoc_data->timeout);
5923 goto notify_driver;
5924 }
5925
5926 if (status_code != WLAN_STATUS_SUCCESS) {
5927 sdata_info(sdata, "%pM denied association (code=%d)\n",
5928 assoc_data->ap_addr, status_code);
5929 event.u.mlme.status = MLME_DENIED;
5930 event.u.mlme.reason = status_code;
5931 drv_event_callback(sdata->local, sdata, &event);
5932 } else {
5933 if (aid == 0 || aid > IEEE80211_MAX_AID) {
5934 sdata_info(sdata,
5935 "invalid AID value %d (out of range), turn off PS\n",
5936 aid);
5937 aid = 0;
5938 ifmgd->broken_ap = true;
5939 }
5940
5941 if (ieee80211_vif_is_mld(&sdata->vif)) {
5942 struct ieee80211_mle_basic_common_info *common;
5943
5944 if (!elems->ml_basic) {
5945 sdata_info(sdata,
5946 "MLO association with %pM but no (basic) multi-link element in response!\n",
5947 assoc_data->ap_addr);
5948 goto abandon_assoc;
5949 }
5950
5951 common = (void *)elems->ml_basic->variable;
5952
5953 if (memcmp(assoc_data->ap_addr,
5954 common->mld_mac_addr, ETH_ALEN)) {
5955 sdata_info(sdata,
5956 "AP MLD MAC address mismatch: got %pM expected %pM\n",
5957 common->mld_mac_addr,
5958 assoc_data->ap_addr);
5959 goto abandon_assoc;
5960 }
5961
5962 sdata->vif.cfg.eml_cap =
5963 ieee80211_mle_get_eml_cap((const void *)elems->ml_basic);
5964 sdata->vif.cfg.eml_med_sync_delay =
5965 ieee80211_mle_get_eml_med_sync_delay((const void *)elems->ml_basic);
5966 sdata->vif.cfg.mld_capa_op =
5967 ieee80211_mle_get_mld_capa_op((const void *)elems->ml_basic);
5968 }
5969
5970 sdata->vif.cfg.aid = aid;
5971
5972 if (!ieee80211_assoc_success(sdata, mgmt, elems,
5973 elem_start, elem_len)) {
5974 /* oops -- internal error -- send timeout for now */
5975 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
5976 goto notify_driver;
5977 }
5978 event.u.mlme.status = MLME_SUCCESS;
5979 drv_event_callback(sdata->local, sdata, &event);
5980 sdata_info(sdata, "associated\n");
5981
5982 info.success = 1;
5983 }
5984
5985 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
5986 struct ieee80211_link_data *link;
5987
5988 if (!assoc_data->link[link_id].bss)
5989 continue;
5990
5991 resp.links[link_id].bss = assoc_data->link[link_id].bss;
5992 ether_addr_copy(resp.links[link_id].addr,
5993 assoc_data->link[link_id].addr);
5994 resp.links[link_id].status = assoc_data->link[link_id].status;
5995
5996 link = sdata_dereference(sdata->link[link_id], sdata);
5997 if (!link)
5998 continue;
5999
6000 /* get uapsd queues configuration - same for all links */
6001 resp.uapsd_queues = 0;
6002 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
6003 if (link->tx_conf[ac].uapsd)
6004 resp.uapsd_queues |= ieee80211_ac_to_qos_mask[ac];
6005 }
6006
6007 if (ieee80211_vif_is_mld(&sdata->vif)) {
6008 ether_addr_copy(ap_mld_addr, sdata->vif.cfg.ap_addr);
6009 resp.ap_mld_addr = ap_mld_addr;
6010 }
6011
6012 ieee80211_destroy_assoc_data(sdata,
6013 status_code == WLAN_STATUS_SUCCESS ?
6014 ASSOC_SUCCESS :
6015 ASSOC_REJECTED);
6016
6017 resp.buf = (u8 *)mgmt;
6018 resp.len = len;
6019 resp.req_ies = ifmgd->assoc_req_ies;
6020 resp.req_ies_len = ifmgd->assoc_req_ies_len;
6021 cfg80211_rx_assoc_resp(sdata->dev, &resp);
6022 notify_driver:
6023 drv_mgd_complete_tx(sdata->local, sdata, &info);
6024 kfree(elems);
6025 return;
6026 abandon_assoc:
6027 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
6028 goto notify_driver;
6029 }
6030
ieee80211_rx_bss_info(struct ieee80211_link_data * link,struct ieee80211_mgmt * mgmt,size_t len,struct ieee80211_rx_status * rx_status)6031 static void ieee80211_rx_bss_info(struct ieee80211_link_data *link,
6032 struct ieee80211_mgmt *mgmt, size_t len,
6033 struct ieee80211_rx_status *rx_status)
6034 {
6035 struct ieee80211_sub_if_data *sdata = link->sdata;
6036 struct ieee80211_local *local = sdata->local;
6037 struct ieee80211_bss *bss;
6038 struct ieee80211_channel *channel;
6039
6040 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6041
6042 channel = ieee80211_get_channel_khz(local->hw.wiphy,
6043 ieee80211_rx_status_to_khz(rx_status));
6044 if (!channel)
6045 return;
6046
6047 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel);
6048 if (bss) {
6049 link->conf->beacon_rate = bss->beacon_rate;
6050 ieee80211_rx_bss_put(local, bss);
6051 }
6052 }
6053
6054
ieee80211_rx_mgmt_probe_resp(struct ieee80211_link_data * link,struct sk_buff * skb)6055 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_link_data *link,
6056 struct sk_buff *skb)
6057 {
6058 struct ieee80211_sub_if_data *sdata = link->sdata;
6059 struct ieee80211_mgmt *mgmt = (void *)skb->data;
6060 struct ieee80211_if_managed *ifmgd;
6061 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
6062 struct ieee80211_channel *channel;
6063 size_t baselen, len = skb->len;
6064
6065 ifmgd = &sdata->u.mgd;
6066
6067 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6068
6069 /*
6070 * According to Draft P802.11ax D6.0 clause 26.17.2.3.2:
6071 * "If a 6 GHz AP receives a Probe Request frame and responds with
6072 * a Probe Response frame [..], the Address 1 field of the Probe
6073 * Response frame shall be set to the broadcast address [..]"
6074 * So, on 6GHz band we should also accept broadcast responses.
6075 */
6076 channel = ieee80211_get_channel(sdata->local->hw.wiphy,
6077 rx_status->freq);
6078 if (!channel)
6079 return;
6080
6081 if (!ether_addr_equal(mgmt->da, sdata->vif.addr) &&
6082 (channel->band != NL80211_BAND_6GHZ ||
6083 !is_broadcast_ether_addr(mgmt->da)))
6084 return; /* ignore ProbeResp to foreign address */
6085
6086 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
6087 if (baselen > len)
6088 return;
6089
6090 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
6091
6092 if (ifmgd->associated &&
6093 ether_addr_equal(mgmt->bssid, link->u.mgd.bssid))
6094 ieee80211_reset_ap_probe(sdata);
6095 }
6096
6097 /*
6098 * This is the canonical list of information elements we care about,
6099 * the filter code also gives us all changes to the Microsoft OUI
6100 * (00:50:F2) vendor IE which is used for WMM which we need to track,
6101 * as well as the DTPC IE (part of the Cisco OUI) used for signaling
6102 * changes to requested client power.
6103 *
6104 * We implement beacon filtering in software since that means we can
6105 * avoid processing the frame here and in cfg80211, and userspace
6106 * will not be able to tell whether the hardware supports it or not.
6107 *
6108 * XXX: This list needs to be dynamic -- userspace needs to be able to
6109 * add items it requires. It also needs to be able to tell us to
6110 * look out for other vendor IEs.
6111 */
6112 static const u64 care_about_ies =
6113 (1ULL << WLAN_EID_COUNTRY) |
6114 (1ULL << WLAN_EID_ERP_INFO) |
6115 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
6116 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
6117 (1ULL << WLAN_EID_HT_CAPABILITY) |
6118 (1ULL << WLAN_EID_HT_OPERATION) |
6119 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN);
6120
ieee80211_handle_beacon_sig(struct ieee80211_link_data * link,struct ieee80211_if_managed * ifmgd,struct ieee80211_bss_conf * bss_conf,struct ieee80211_local * local,struct ieee80211_rx_status * rx_status)6121 static void ieee80211_handle_beacon_sig(struct ieee80211_link_data *link,
6122 struct ieee80211_if_managed *ifmgd,
6123 struct ieee80211_bss_conf *bss_conf,
6124 struct ieee80211_local *local,
6125 struct ieee80211_rx_status *rx_status)
6126 {
6127 struct ieee80211_sub_if_data *sdata = link->sdata;
6128
6129 /* Track average RSSI from the Beacon frames of the current AP */
6130
6131 if (!link->u.mgd.tracking_signal_avg) {
6132 link->u.mgd.tracking_signal_avg = true;
6133 ewma_beacon_signal_init(&link->u.mgd.ave_beacon_signal);
6134 link->u.mgd.last_cqm_event_signal = 0;
6135 link->u.mgd.count_beacon_signal = 1;
6136 link->u.mgd.last_ave_beacon_signal = 0;
6137 } else {
6138 link->u.mgd.count_beacon_signal++;
6139 }
6140
6141 ewma_beacon_signal_add(&link->u.mgd.ave_beacon_signal,
6142 -rx_status->signal);
6143
6144 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
6145 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
6146 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
6147 int last_sig = link->u.mgd.last_ave_beacon_signal;
6148 struct ieee80211_event event = {
6149 .type = RSSI_EVENT,
6150 };
6151
6152 /*
6153 * if signal crosses either of the boundaries, invoke callback
6154 * with appropriate parameters
6155 */
6156 if (sig > ifmgd->rssi_max_thold &&
6157 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
6158 link->u.mgd.last_ave_beacon_signal = sig;
6159 event.u.rssi.data = RSSI_EVENT_HIGH;
6160 drv_event_callback(local, sdata, &event);
6161 } else if (sig < ifmgd->rssi_min_thold &&
6162 (last_sig >= ifmgd->rssi_max_thold ||
6163 last_sig == 0)) {
6164 link->u.mgd.last_ave_beacon_signal = sig;
6165 event.u.rssi.data = RSSI_EVENT_LOW;
6166 drv_event_callback(local, sdata, &event);
6167 }
6168 }
6169
6170 if (bss_conf->cqm_rssi_thold &&
6171 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
6172 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
6173 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
6174 int last_event = link->u.mgd.last_cqm_event_signal;
6175 int thold = bss_conf->cqm_rssi_thold;
6176 int hyst = bss_conf->cqm_rssi_hyst;
6177
6178 if (sig < thold &&
6179 (last_event == 0 || sig < last_event - hyst)) {
6180 link->u.mgd.last_cqm_event_signal = sig;
6181 ieee80211_cqm_rssi_notify(
6182 &sdata->vif,
6183 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
6184 sig, GFP_KERNEL);
6185 } else if (sig > thold &&
6186 (last_event == 0 || sig > last_event + hyst)) {
6187 link->u.mgd.last_cqm_event_signal = sig;
6188 ieee80211_cqm_rssi_notify(
6189 &sdata->vif,
6190 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
6191 sig, GFP_KERNEL);
6192 }
6193 }
6194
6195 if (bss_conf->cqm_rssi_low &&
6196 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
6197 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
6198 int last_event = link->u.mgd.last_cqm_event_signal;
6199 int low = bss_conf->cqm_rssi_low;
6200 int high = bss_conf->cqm_rssi_high;
6201
6202 if (sig < low &&
6203 (last_event == 0 || last_event >= low)) {
6204 link->u.mgd.last_cqm_event_signal = sig;
6205 ieee80211_cqm_rssi_notify(
6206 &sdata->vif,
6207 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
6208 sig, GFP_KERNEL);
6209 } else if (sig > high &&
6210 (last_event == 0 || last_event <= high)) {
6211 link->u.mgd.last_cqm_event_signal = sig;
6212 ieee80211_cqm_rssi_notify(
6213 &sdata->vif,
6214 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
6215 sig, GFP_KERNEL);
6216 }
6217 }
6218 }
6219
ieee80211_rx_our_beacon(const u8 * tx_bssid,struct cfg80211_bss * bss)6220 static bool ieee80211_rx_our_beacon(const u8 *tx_bssid,
6221 struct cfg80211_bss *bss)
6222 {
6223 if (ether_addr_equal(tx_bssid, bss->bssid))
6224 return true;
6225 if (!bss->transmitted_bss)
6226 return false;
6227 return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid);
6228 }
6229
ieee80211_ml_reconf_work(struct wiphy * wiphy,struct wiphy_work * work)6230 static void ieee80211_ml_reconf_work(struct wiphy *wiphy,
6231 struct wiphy_work *work)
6232 {
6233 struct ieee80211_sub_if_data *sdata =
6234 container_of(work, struct ieee80211_sub_if_data,
6235 u.mgd.ml_reconf_work.work);
6236 u16 new_valid_links, new_active_links, new_dormant_links;
6237 int ret;
6238
6239 if (!sdata->u.mgd.removed_links)
6240 return;
6241
6242 sdata_info(sdata,
6243 "MLO Reconfiguration: work: valid=0x%x, removed=0x%x\n",
6244 sdata->vif.valid_links, sdata->u.mgd.removed_links);
6245
6246 new_valid_links = sdata->vif.valid_links & ~sdata->u.mgd.removed_links;
6247 if (new_valid_links == sdata->vif.valid_links)
6248 return;
6249
6250 if (!new_valid_links ||
6251 !(new_valid_links & ~sdata->vif.dormant_links)) {
6252 sdata_info(sdata, "No valid links after reconfiguration\n");
6253 ret = -EINVAL;
6254 goto out;
6255 }
6256
6257 new_active_links = sdata->vif.active_links & ~sdata->u.mgd.removed_links;
6258 if (new_active_links != sdata->vif.active_links) {
6259 if (!new_active_links)
6260 new_active_links =
6261 BIT(ffs(new_valid_links &
6262 ~sdata->vif.dormant_links) - 1);
6263
6264 ret = ieee80211_set_active_links(&sdata->vif, new_active_links);
6265 if (ret) {
6266 sdata_info(sdata,
6267 "Failed setting active links\n");
6268 goto out;
6269 }
6270 }
6271
6272 new_dormant_links = sdata->vif.dormant_links & ~sdata->u.mgd.removed_links;
6273
6274 ret = ieee80211_vif_set_links(sdata, new_valid_links,
6275 new_dormant_links);
6276 if (ret)
6277 sdata_info(sdata, "Failed setting valid links\n");
6278
6279 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_VALID_LINKS);
6280
6281 out:
6282 if (!ret)
6283 cfg80211_links_removed(sdata->dev, sdata->u.mgd.removed_links);
6284 else
6285 __ieee80211_disconnect(sdata);
6286
6287 sdata->u.mgd.removed_links = 0;
6288 }
6289
ieee80211_ml_reconfiguration(struct ieee80211_sub_if_data * sdata,struct ieee802_11_elems * elems)6290 static void ieee80211_ml_reconfiguration(struct ieee80211_sub_if_data *sdata,
6291 struct ieee802_11_elems *elems)
6292 {
6293 const struct element *sub;
6294 unsigned long removed_links = 0;
6295 u16 link_removal_timeout[IEEE80211_MLD_MAX_NUM_LINKS] = {};
6296 u8 link_id;
6297 u32 delay;
6298
6299 if (!ieee80211_vif_is_mld(&sdata->vif) || !elems->ml_reconf)
6300 return;
6301
6302 /* Directly parse the sub elements as the common information doesn't
6303 * hold any useful information.
6304 */
6305 for_each_mle_subelement(sub, (const u8 *)elems->ml_reconf,
6306 elems->ml_reconf_len) {
6307 struct ieee80211_mle_per_sta_profile *prof = (void *)sub->data;
6308 u8 *pos = prof->variable;
6309 u16 control;
6310
6311 if (sub->id != IEEE80211_MLE_SUBELEM_PER_STA_PROFILE)
6312 continue;
6313
6314 if (!ieee80211_mle_reconf_sta_prof_size_ok(sub->data,
6315 sub->datalen))
6316 return;
6317
6318 control = le16_to_cpu(prof->control);
6319 link_id = control & IEEE80211_MLE_STA_RECONF_CONTROL_LINK_ID;
6320
6321 removed_links |= BIT(link_id);
6322
6323 /* the MAC address should not be included, but handle it */
6324 if (control &
6325 IEEE80211_MLE_STA_RECONF_CONTROL_STA_MAC_ADDR_PRESENT)
6326 pos += 6;
6327
6328 /* According to Draft P802.11be_D3.0, the control should
6329 * include the AP Removal Timer present. If the AP Removal Timer
6330 * is not present assume immediate removal.
6331 */
6332 if (control &
6333 IEEE80211_MLE_STA_RECONF_CONTROL_AP_REM_TIMER_PRESENT)
6334 link_removal_timeout[link_id] = get_unaligned_le16(pos);
6335 }
6336
6337 removed_links &= sdata->vif.valid_links;
6338 if (!removed_links) {
6339 /* In case the removal was cancelled, abort it */
6340 if (sdata->u.mgd.removed_links) {
6341 sdata->u.mgd.removed_links = 0;
6342 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
6343 &sdata->u.mgd.ml_reconf_work);
6344 }
6345 return;
6346 }
6347
6348 delay = 0;
6349 for_each_set_bit(link_id, &removed_links, IEEE80211_MLD_MAX_NUM_LINKS) {
6350 struct ieee80211_bss_conf *link_conf =
6351 sdata_dereference(sdata->vif.link_conf[link_id], sdata);
6352 u32 link_delay;
6353
6354 if (!link_conf) {
6355 removed_links &= ~BIT(link_id);
6356 continue;
6357 }
6358
6359 if (link_removal_timeout[link_id] < 1)
6360 link_delay = 0;
6361 else
6362 link_delay = link_conf->beacon_int *
6363 (link_removal_timeout[link_id] - 1);
6364
6365 if (!delay)
6366 delay = link_delay;
6367 else
6368 delay = min(delay, link_delay);
6369 }
6370
6371 sdata->u.mgd.removed_links = removed_links;
6372 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
6373 &sdata->u.mgd.ml_reconf_work,
6374 TU_TO_JIFFIES(delay));
6375 }
6376
ieee80211_ttlm_set_links(struct ieee80211_sub_if_data * sdata,u16 active_links,u16 dormant_links,u16 suspended_links)6377 static int ieee80211_ttlm_set_links(struct ieee80211_sub_if_data *sdata,
6378 u16 active_links, u16 dormant_links,
6379 u16 suspended_links)
6380 {
6381 u64 changed = 0;
6382 int ret;
6383
6384 if (!active_links) {
6385 ret = -EINVAL;
6386 goto out;
6387 }
6388
6389 /* If there is an active negotiated TTLM, it should be discarded by
6390 * the new negotiated/advertised TTLM.
6391 */
6392 if (sdata->vif.neg_ttlm.valid) {
6393 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
6394 sdata->vif.suspended_links = 0;
6395 changed = BSS_CHANGED_MLD_TTLM;
6396 }
6397
6398 if (sdata->vif.active_links != active_links) {
6399 /* usable links are affected when active_links are changed,
6400 * so notify the driver about the status change
6401 */
6402 changed |= BSS_CHANGED_MLD_VALID_LINKS;
6403 active_links &= sdata->vif.active_links;
6404 if (!active_links)
6405 active_links =
6406 BIT(__ffs(sdata->vif.valid_links &
6407 ~dormant_links));
6408 ret = ieee80211_set_active_links(&sdata->vif, active_links);
6409 if (ret) {
6410 sdata_info(sdata, "Failed to set TTLM active links\n");
6411 goto out;
6412 }
6413 }
6414
6415 ret = ieee80211_vif_set_links(sdata, sdata->vif.valid_links,
6416 dormant_links);
6417 if (ret) {
6418 sdata_info(sdata, "Failed to set TTLM dormant links\n");
6419 goto out;
6420 }
6421
6422 sdata->vif.suspended_links = suspended_links;
6423 if (sdata->vif.suspended_links)
6424 changed |= BSS_CHANGED_MLD_TTLM;
6425
6426 ieee80211_vif_cfg_change_notify(sdata, changed);
6427
6428 out:
6429 if (ret)
6430 ieee80211_disconnect(&sdata->vif, false);
6431
6432 return ret;
6433 }
6434
ieee80211_tid_to_link_map_work(struct wiphy * wiphy,struct wiphy_work * work)6435 static void ieee80211_tid_to_link_map_work(struct wiphy *wiphy,
6436 struct wiphy_work *work)
6437 {
6438 u16 new_active_links, new_dormant_links;
6439 struct ieee80211_sub_if_data *sdata =
6440 container_of(work, struct ieee80211_sub_if_data,
6441 u.mgd.ttlm_work.work);
6442
6443 new_active_links = sdata->u.mgd.ttlm_info.map &
6444 sdata->vif.valid_links;
6445 new_dormant_links = ~sdata->u.mgd.ttlm_info.map &
6446 sdata->vif.valid_links;
6447
6448 ieee80211_vif_set_links(sdata, sdata->vif.valid_links, 0);
6449 if (ieee80211_ttlm_set_links(sdata, new_active_links, new_dormant_links,
6450 0))
6451 return;
6452
6453 sdata->u.mgd.ttlm_info.active = true;
6454 sdata->u.mgd.ttlm_info.switch_time = 0;
6455 }
6456
ieee80211_get_ttlm(u8 bm_size,u8 * data)6457 static u16 ieee80211_get_ttlm(u8 bm_size, u8 *data)
6458 {
6459 if (bm_size == 1)
6460 return *data;
6461 else
6462 return get_unaligned_le16(data);
6463 }
6464
6465 static int
ieee80211_parse_adv_t2l(struct ieee80211_sub_if_data * sdata,const struct ieee80211_ttlm_elem * ttlm,struct ieee80211_adv_ttlm_info * ttlm_info)6466 ieee80211_parse_adv_t2l(struct ieee80211_sub_if_data *sdata,
6467 const struct ieee80211_ttlm_elem *ttlm,
6468 struct ieee80211_adv_ttlm_info *ttlm_info)
6469 {
6470 /* The element size was already validated in
6471 * ieee80211_tid_to_link_map_size_ok()
6472 */
6473 u8 control, link_map_presence, map_size, tid;
6474 u8 *pos;
6475
6476 memset(ttlm_info, 0, sizeof(*ttlm_info));
6477 pos = (void *)ttlm->optional;
6478 control = ttlm->control;
6479
6480 if ((control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) ||
6481 !(control & IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT))
6482 return 0;
6483
6484 if ((control & IEEE80211_TTLM_CONTROL_DIRECTION) !=
6485 IEEE80211_TTLM_DIRECTION_BOTH) {
6486 sdata_info(sdata, "Invalid advertised T2L map direction\n");
6487 return -EINVAL;
6488 }
6489
6490 link_map_presence = *pos;
6491 pos++;
6492
6493 ttlm_info->switch_time = get_unaligned_le16(pos);
6494
6495 /* Since ttlm_info->switch_time == 0 means no switch time, bump it
6496 * by 1.
6497 */
6498 if (!ttlm_info->switch_time)
6499 ttlm_info->switch_time = 1;
6500
6501 pos += 2;
6502
6503 if (control & IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT) {
6504 ttlm_info->duration = pos[0] | pos[1] << 8 | pos[2] << 16;
6505 pos += 3;
6506 }
6507
6508 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE)
6509 map_size = 1;
6510 else
6511 map_size = 2;
6512
6513 /* According to Draft P802.11be_D3.0 clause 35.3.7.1.7, an AP MLD shall
6514 * not advertise a TID-to-link mapping that does not map all TIDs to the
6515 * same link set, reject frame if not all links have mapping
6516 */
6517 if (link_map_presence != 0xff) {
6518 sdata_info(sdata,
6519 "Invalid advertised T2L mapping presence indicator\n");
6520 return -EINVAL;
6521 }
6522
6523 ttlm_info->map = ieee80211_get_ttlm(map_size, pos);
6524 if (!ttlm_info->map) {
6525 sdata_info(sdata,
6526 "Invalid advertised T2L map for TID 0\n");
6527 return -EINVAL;
6528 }
6529
6530 pos += map_size;
6531
6532 for (tid = 1; tid < 8; tid++) {
6533 u16 map = ieee80211_get_ttlm(map_size, pos);
6534
6535 if (map != ttlm_info->map) {
6536 sdata_info(sdata, "Invalid advertised T2L map for tid %d\n",
6537 tid);
6538 return -EINVAL;
6539 }
6540
6541 pos += map_size;
6542 }
6543 return 0;
6544 }
6545
ieee80211_process_adv_ttlm(struct ieee80211_sub_if_data * sdata,struct ieee802_11_elems * elems,u64 beacon_ts)6546 static void ieee80211_process_adv_ttlm(struct ieee80211_sub_if_data *sdata,
6547 struct ieee802_11_elems *elems,
6548 u64 beacon_ts)
6549 {
6550 u8 i;
6551 int ret;
6552
6553 if (!ieee80211_vif_is_mld(&sdata->vif))
6554 return;
6555
6556 if (!elems->ttlm_num) {
6557 if (sdata->u.mgd.ttlm_info.switch_time) {
6558 /* if a planned TID-to-link mapping was cancelled -
6559 * abort it
6560 */
6561 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
6562 &sdata->u.mgd.ttlm_work);
6563 } else if (sdata->u.mgd.ttlm_info.active) {
6564 /* if no TID-to-link element, set to default mapping in
6565 * which all TIDs are mapped to all setup links
6566 */
6567 ret = ieee80211_vif_set_links(sdata,
6568 sdata->vif.valid_links,
6569 0);
6570 if (ret) {
6571 sdata_info(sdata, "Failed setting valid/dormant links\n");
6572 return;
6573 }
6574 ieee80211_vif_cfg_change_notify(sdata,
6575 BSS_CHANGED_MLD_VALID_LINKS);
6576 }
6577 memset(&sdata->u.mgd.ttlm_info, 0,
6578 sizeof(sdata->u.mgd.ttlm_info));
6579 return;
6580 }
6581
6582 for (i = 0; i < elems->ttlm_num; i++) {
6583 struct ieee80211_adv_ttlm_info ttlm_info;
6584 u32 res;
6585
6586 res = ieee80211_parse_adv_t2l(sdata, elems->ttlm[i],
6587 &ttlm_info);
6588
6589 if (res) {
6590 __ieee80211_disconnect(sdata);
6591 return;
6592 }
6593
6594 if (ttlm_info.switch_time) {
6595 u16 beacon_ts_tu, st_tu, delay;
6596 u32 delay_jiffies;
6597 u64 mask;
6598
6599 /* The t2l map switch time is indicated with a partial
6600 * TSF value (bits 10 to 25), get the partial beacon TS
6601 * as well, and calc the delay to the start time.
6602 */
6603 mask = GENMASK_ULL(25, 10);
6604 beacon_ts_tu = (beacon_ts & mask) >> 10;
6605 st_tu = ttlm_info.switch_time;
6606 delay = st_tu - beacon_ts_tu;
6607
6608 /*
6609 * If the switch time is far in the future, then it
6610 * could also be the previous switch still being
6611 * announced.
6612 * We can simply ignore it for now, if it is a future
6613 * switch the AP will continue to announce it anyway.
6614 */
6615 if (delay > IEEE80211_ADV_TTLM_ST_UNDERFLOW)
6616 return;
6617
6618 delay_jiffies = TU_TO_JIFFIES(delay);
6619
6620 /* Link switching can take time, so schedule it
6621 * 100ms before to be ready on time
6622 */
6623 if (delay_jiffies > IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS)
6624 delay_jiffies -=
6625 IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS;
6626 else
6627 delay_jiffies = 0;
6628
6629 sdata->u.mgd.ttlm_info = ttlm_info;
6630 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
6631 &sdata->u.mgd.ttlm_work);
6632 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
6633 &sdata->u.mgd.ttlm_work,
6634 delay_jiffies);
6635 return;
6636 }
6637 }
6638 }
6639
6640 static void
ieee80211_mgd_check_cross_link_csa(struct ieee80211_sub_if_data * sdata,int reporting_link_id,struct ieee802_11_elems * elems)6641 ieee80211_mgd_check_cross_link_csa(struct ieee80211_sub_if_data *sdata,
6642 int reporting_link_id,
6643 struct ieee802_11_elems *elems)
6644 {
6645 const struct element *sta_profiles[IEEE80211_MLD_MAX_NUM_LINKS] = {};
6646 ssize_t sta_profiles_len[IEEE80211_MLD_MAX_NUM_LINKS] = {};
6647 const struct element *sub;
6648 const u8 *subelems;
6649 size_t subelems_len;
6650 u8 common_size;
6651 int link_id;
6652
6653 if (!ieee80211_mle_size_ok((u8 *)elems->ml_basic, elems->ml_basic_len))
6654 return;
6655
6656 common_size = ieee80211_mle_common_size((u8 *)elems->ml_basic);
6657 subelems = (u8 *)elems->ml_basic + common_size;
6658 subelems_len = elems->ml_basic_len - common_size;
6659
6660 for_each_element_id(sub, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE,
6661 subelems, subelems_len) {
6662 struct ieee80211_mle_per_sta_profile *prof = (void *)sub->data;
6663 struct ieee80211_link_data *link;
6664 ssize_t len;
6665
6666 if (!ieee80211_mle_basic_sta_prof_size_ok(sub->data,
6667 sub->datalen))
6668 continue;
6669
6670 link_id = le16_get_bits(prof->control,
6671 IEEE80211_MLE_STA_CONTROL_LINK_ID);
6672 /* need a valid link ID, but also not our own, both AP bugs */
6673 if (link_id == reporting_link_id ||
6674 link_id >= IEEE80211_MLD_MAX_NUM_LINKS)
6675 continue;
6676
6677 link = sdata_dereference(sdata->link[link_id], sdata);
6678 if (!link)
6679 continue;
6680
6681 len = cfg80211_defragment_element(sub, subelems, subelems_len,
6682 NULL, 0,
6683 IEEE80211_MLE_SUBELEM_FRAGMENT);
6684 if (WARN_ON(len < 0))
6685 continue;
6686
6687 sta_profiles[link_id] = sub;
6688 sta_profiles_len[link_id] = len;
6689 }
6690
6691 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
6692 struct ieee80211_mle_per_sta_profile *prof;
6693 struct ieee802_11_elems *prof_elems;
6694 struct ieee80211_link_data *link;
6695 ssize_t len;
6696
6697 if (link_id == reporting_link_id)
6698 continue;
6699
6700 link = sdata_dereference(sdata->link[link_id], sdata);
6701 if (!link)
6702 continue;
6703
6704 if (!sta_profiles[link_id]) {
6705 prof_elems = NULL;
6706 goto handle;
6707 }
6708
6709 /* we can defragment in-place, won't use the buffer again */
6710 len = cfg80211_defragment_element(sta_profiles[link_id],
6711 subelems, subelems_len,
6712 (void *)sta_profiles[link_id],
6713 sta_profiles_len[link_id],
6714 IEEE80211_MLE_SUBELEM_FRAGMENT);
6715 if (WARN_ON(len != sta_profiles_len[link_id]))
6716 continue;
6717
6718 prof = (void *)sta_profiles[link_id];
6719 prof_elems = ieee802_11_parse_elems(prof->variable +
6720 (prof->sta_info_len - 1),
6721 len -
6722 (prof->sta_info_len - 1),
6723 false, NULL);
6724
6725 /* memory allocation failed - let's hope that's transient */
6726 if (!prof_elems)
6727 continue;
6728
6729 handle:
6730 /*
6731 * FIXME: the timings here are obviously incorrect,
6732 * but only older Intel drivers seem to care, and
6733 * those don't have MLO. If you really need this,
6734 * the problem is having to calculate it with the
6735 * TSF offset etc. The device_timestamp is still
6736 * correct, of course.
6737 */
6738 ieee80211_sta_process_chanswitch(link, 0, 0, elems, prof_elems,
6739 IEEE80211_CSA_SOURCE_OTHER_LINK);
6740 kfree(prof_elems);
6741 }
6742 }
6743
ieee80211_mgd_ssid_mismatch(struct ieee80211_sub_if_data * sdata,const struct ieee802_11_elems * elems)6744 static bool ieee80211_mgd_ssid_mismatch(struct ieee80211_sub_if_data *sdata,
6745 const struct ieee802_11_elems *elems)
6746 {
6747 struct ieee80211_vif_cfg *cfg = &sdata->vif.cfg;
6748 static u8 zero_ssid[IEEE80211_MAX_SSID_LEN];
6749
6750 if (!elems->ssid)
6751 return false;
6752
6753 /* hidden SSID: zero length */
6754 if (elems->ssid_len == 0)
6755 return false;
6756
6757 if (elems->ssid_len != cfg->ssid_len)
6758 return true;
6759
6760 /* hidden SSID: zeroed out */
6761 if (!memcmp(elems->ssid, zero_ssid, elems->ssid_len))
6762 return false;
6763
6764 return memcmp(elems->ssid, cfg->ssid, cfg->ssid_len);
6765 }
6766
ieee80211_rx_mgmt_beacon(struct ieee80211_link_data * link,struct ieee80211_hdr * hdr,size_t len,struct ieee80211_rx_status * rx_status)6767 static void ieee80211_rx_mgmt_beacon(struct ieee80211_link_data *link,
6768 struct ieee80211_hdr *hdr, size_t len,
6769 struct ieee80211_rx_status *rx_status)
6770 {
6771 struct ieee80211_sub_if_data *sdata = link->sdata;
6772 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
6773 struct ieee80211_bss_conf *bss_conf = link->conf;
6774 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
6775 struct ieee80211_mgmt *mgmt = (void *) hdr;
6776 size_t baselen;
6777 struct ieee802_11_elems *elems;
6778 struct ieee80211_local *local = sdata->local;
6779 struct ieee80211_chanctx_conf *chanctx_conf;
6780 struct ieee80211_supported_band *sband;
6781 struct ieee80211_channel *chan;
6782 struct link_sta_info *link_sta;
6783 struct sta_info *sta;
6784 u64 changed = 0;
6785 bool erp_valid;
6786 u8 erp_value = 0;
6787 u32 ncrc = 0;
6788 u8 *bssid, *variable = mgmt->u.beacon.variable;
6789 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
6790 struct ieee80211_elems_parse_params parse_params = {
6791 .mode = link->u.mgd.conn.mode,
6792 .link_id = -1,
6793 .from_ap = true,
6794 };
6795
6796 lockdep_assert_wiphy(local->hw.wiphy);
6797
6798 /* Process beacon from the current BSS */
6799 bssid = ieee80211_get_bssid(hdr, len, sdata->vif.type);
6800 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) {
6801 struct ieee80211_ext *ext = (void *) mgmt;
6802
6803 if (ieee80211_is_s1g_short_beacon(ext->frame_control))
6804 variable = ext->u.s1g_short_beacon.variable;
6805 else
6806 variable = ext->u.s1g_beacon.variable;
6807 }
6808
6809 baselen = (u8 *) variable - (u8 *) mgmt;
6810 if (baselen > len)
6811 return;
6812
6813 parse_params.start = variable;
6814 parse_params.len = len - baselen;
6815
6816 rcu_read_lock();
6817 chanctx_conf = rcu_dereference(bss_conf->chanctx_conf);
6818 if (!chanctx_conf) {
6819 rcu_read_unlock();
6820 return;
6821 }
6822
6823 if (ieee80211_rx_status_to_khz(rx_status) !=
6824 ieee80211_channel_to_khz(chanctx_conf->def.chan)) {
6825 rcu_read_unlock();
6826 return;
6827 }
6828 chan = chanctx_conf->def.chan;
6829 rcu_read_unlock();
6830
6831 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
6832 !WARN_ON(ieee80211_vif_is_mld(&sdata->vif)) &&
6833 ieee80211_rx_our_beacon(bssid, ifmgd->assoc_data->link[0].bss)) {
6834 parse_params.bss = ifmgd->assoc_data->link[0].bss;
6835 elems = ieee802_11_parse_elems_full(&parse_params);
6836 if (!elems)
6837 return;
6838
6839 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
6840
6841 if (elems->dtim_period)
6842 link->u.mgd.dtim_period = elems->dtim_period;
6843 link->u.mgd.have_beacon = true;
6844 ifmgd->assoc_data->need_beacon = false;
6845 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) &&
6846 !ieee80211_is_s1g_beacon(hdr->frame_control)) {
6847 bss_conf->sync_tsf =
6848 le64_to_cpu(mgmt->u.beacon.timestamp);
6849 bss_conf->sync_device_ts =
6850 rx_status->device_timestamp;
6851 bss_conf->sync_dtim_count = elems->dtim_count;
6852 }
6853
6854 if (elems->mbssid_config_ie)
6855 bss_conf->profile_periodicity =
6856 elems->mbssid_config_ie->profile_periodicity;
6857 else
6858 bss_conf->profile_periodicity = 0;
6859
6860 if (elems->ext_capab_len >= 11 &&
6861 (elems->ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
6862 bss_conf->ema_ap = true;
6863 else
6864 bss_conf->ema_ap = false;
6865
6866 /* continue assoc process */
6867 ifmgd->assoc_data->timeout = jiffies;
6868 ifmgd->assoc_data->timeout_started = true;
6869 run_again(sdata, ifmgd->assoc_data->timeout);
6870 kfree(elems);
6871 return;
6872 }
6873
6874 if (!ifmgd->associated ||
6875 !ieee80211_rx_our_beacon(bssid, bss_conf->bss))
6876 return;
6877 bssid = link->u.mgd.bssid;
6878
6879 if (!(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL))
6880 ieee80211_handle_beacon_sig(link, ifmgd, bss_conf,
6881 local, rx_status);
6882
6883 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
6884 mlme_dbg_ratelimited(sdata,
6885 "cancelling AP probe due to a received beacon\n");
6886 ieee80211_reset_ap_probe(sdata);
6887 }
6888
6889 /*
6890 * Push the beacon loss detection into the future since
6891 * we are processing a beacon from the AP just now.
6892 */
6893 ieee80211_sta_reset_beacon_monitor(sdata);
6894
6895 /* TODO: CRC urrently not calculated on S1G Beacon Compatibility
6896 * element (which carries the beacon interval). Don't forget to add a
6897 * bit to care_about_ies[] above if mac80211 is interested in a
6898 * changing S1G element.
6899 */
6900 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
6901 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
6902 parse_params.bss = bss_conf->bss;
6903 parse_params.filter = care_about_ies;
6904 parse_params.crc = ncrc;
6905 elems = ieee802_11_parse_elems_full(&parse_params);
6906 if (!elems)
6907 return;
6908
6909 if (rx_status->flag & RX_FLAG_DECRYPTED &&
6910 ieee80211_mgd_ssid_mismatch(sdata, elems)) {
6911 sdata_info(sdata, "SSID mismatch for AP %pM, disconnect\n",
6912 sdata->vif.cfg.ap_addr);
6913 __ieee80211_disconnect(sdata);
6914 return;
6915 }
6916
6917 ncrc = elems->crc;
6918
6919 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
6920 ieee80211_check_tim(elems->tim, elems->tim_len, vif_cfg->aid)) {
6921 if (local->hw.conf.dynamic_ps_timeout > 0) {
6922 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
6923 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
6924 ieee80211_hw_config(local,
6925 IEEE80211_CONF_CHANGE_PS);
6926 }
6927 ieee80211_send_nullfunc(local, sdata, false);
6928 } else if (!local->pspolling && sdata->u.mgd.powersave) {
6929 local->pspolling = true;
6930
6931 /*
6932 * Here is assumed that the driver will be
6933 * able to send ps-poll frame and receive a
6934 * response even though power save mode is
6935 * enabled, but some drivers might require
6936 * to disable power save here. This needs
6937 * to be investigated.
6938 */
6939 ieee80211_send_pspoll(local, sdata);
6940 }
6941 }
6942
6943 if (sdata->vif.p2p ||
6944 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
6945 struct ieee80211_p2p_noa_attr noa = {};
6946 int ret;
6947
6948 ret = cfg80211_get_p2p_attr(variable,
6949 len - baselen,
6950 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
6951 (u8 *) &noa, sizeof(noa));
6952 if (ret >= 2) {
6953 if (link->u.mgd.p2p_noa_index != noa.index) {
6954 /* valid noa_attr and index changed */
6955 link->u.mgd.p2p_noa_index = noa.index;
6956 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
6957 changed |= BSS_CHANGED_P2P_PS;
6958 /*
6959 * make sure we update all information, the CRC
6960 * mechanism doesn't look at P2P attributes.
6961 */
6962 link->u.mgd.beacon_crc_valid = false;
6963 }
6964 } else if (link->u.mgd.p2p_noa_index != -1) {
6965 /* noa_attr not found and we had valid noa_attr before */
6966 link->u.mgd.p2p_noa_index = -1;
6967 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
6968 changed |= BSS_CHANGED_P2P_PS;
6969 link->u.mgd.beacon_crc_valid = false;
6970 }
6971 }
6972
6973 /*
6974 * Update beacon timing and dtim count on every beacon appearance. This
6975 * will allow the driver to use the most updated values. Do it before
6976 * comparing this one with last received beacon.
6977 * IMPORTANT: These parameters would possibly be out of sync by the time
6978 * the driver will use them. The synchronized view is currently
6979 * guaranteed only in certain callbacks.
6980 */
6981 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) &&
6982 !ieee80211_is_s1g_beacon(hdr->frame_control)) {
6983 bss_conf->sync_tsf =
6984 le64_to_cpu(mgmt->u.beacon.timestamp);
6985 bss_conf->sync_device_ts =
6986 rx_status->device_timestamp;
6987 bss_conf->sync_dtim_count = elems->dtim_count;
6988 }
6989
6990 if ((ncrc == link->u.mgd.beacon_crc && link->u.mgd.beacon_crc_valid) ||
6991 ieee80211_is_s1g_short_beacon(mgmt->frame_control))
6992 goto free;
6993 link->u.mgd.beacon_crc = ncrc;
6994 link->u.mgd.beacon_crc_valid = true;
6995
6996 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
6997
6998 ieee80211_sta_process_chanswitch(link, rx_status->mactime,
6999 rx_status->device_timestamp,
7000 elems, elems,
7001 IEEE80211_CSA_SOURCE_BEACON);
7002
7003 /* note that after this elems->ml_basic can no longer be used fully */
7004 ieee80211_mgd_check_cross_link_csa(sdata, rx_status->link_id, elems);
7005
7006 ieee80211_mgd_update_bss_param_ch_cnt(sdata, bss_conf, elems);
7007
7008 if (!link->u.mgd.disable_wmm_tracking &&
7009 ieee80211_sta_wmm_params(local, link, elems->wmm_param,
7010 elems->wmm_param_len,
7011 elems->mu_edca_param_set))
7012 changed |= BSS_CHANGED_QOS;
7013
7014 /*
7015 * If we haven't had a beacon before, tell the driver about the
7016 * DTIM period (and beacon timing if desired) now.
7017 */
7018 if (!link->u.mgd.have_beacon) {
7019 /* a few bogus AP send dtim_period = 0 or no TIM IE */
7020 bss_conf->dtim_period = elems->dtim_period ?: 1;
7021
7022 changed |= BSS_CHANGED_BEACON_INFO;
7023 link->u.mgd.have_beacon = true;
7024
7025 ieee80211_recalc_ps(local);
7026
7027 ieee80211_recalc_ps_vif(sdata);
7028 }
7029
7030 if (elems->erp_info) {
7031 erp_valid = true;
7032 erp_value = elems->erp_info[0];
7033 } else {
7034 erp_valid = false;
7035 }
7036
7037 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
7038 changed |= ieee80211_handle_bss_capability(link,
7039 le16_to_cpu(mgmt->u.beacon.capab_info),
7040 erp_valid, erp_value);
7041
7042 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
7043 if (WARN_ON(!sta)) {
7044 goto free;
7045 }
7046 link_sta = rcu_dereference_protected(sta->link[link->link_id],
7047 lockdep_is_held(&local->hw.wiphy->mtx));
7048 if (WARN_ON(!link_sta)) {
7049 goto free;
7050 }
7051
7052 if (WARN_ON(!bss_conf->chanreq.oper.chan))
7053 goto free;
7054
7055 sband = local->hw.wiphy->bands[bss_conf->chanreq.oper.chan->band];
7056
7057 changed |= ieee80211_recalc_twt_req(sdata, sband, link, link_sta, elems);
7058
7059 if (ieee80211_config_bw(link, elems, true, &changed)) {
7060 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
7061 WLAN_REASON_DEAUTH_LEAVING,
7062 true, deauth_buf);
7063 ieee80211_report_disconnect(sdata, deauth_buf,
7064 sizeof(deauth_buf), true,
7065 WLAN_REASON_DEAUTH_LEAVING,
7066 false);
7067 goto free;
7068 }
7069
7070 if (elems->opmode_notif)
7071 ieee80211_vht_handle_opmode(sdata, link_sta,
7072 *elems->opmode_notif,
7073 rx_status->band);
7074
7075 changed |= ieee80211_handle_pwr_constr(link, chan, mgmt,
7076 elems->country_elem,
7077 elems->country_elem_len,
7078 elems->pwr_constr_elem,
7079 elems->cisco_dtpc_elem);
7080
7081 ieee80211_ml_reconfiguration(sdata, elems);
7082 ieee80211_process_adv_ttlm(sdata, elems,
7083 le64_to_cpu(mgmt->u.beacon.timestamp));
7084
7085 ieee80211_link_info_change_notify(sdata, link, changed);
7086 free:
7087 kfree(elems);
7088 }
7089
ieee80211_apply_neg_ttlm(struct ieee80211_sub_if_data * sdata,struct ieee80211_neg_ttlm neg_ttlm)7090 static void ieee80211_apply_neg_ttlm(struct ieee80211_sub_if_data *sdata,
7091 struct ieee80211_neg_ttlm neg_ttlm)
7092 {
7093 u16 new_active_links, new_dormant_links, new_suspended_links, map = 0;
7094 u8 i;
7095
7096 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++)
7097 map |= neg_ttlm.downlink[i] | neg_ttlm.uplink[i];
7098
7099 /* If there is an active TTLM, unset previously suspended links */
7100 if (sdata->vif.neg_ttlm.valid)
7101 sdata->vif.dormant_links &= ~sdata->vif.suspended_links;
7102
7103 /* exclude links that are already disabled by advertised TTLM */
7104 new_active_links =
7105 map & sdata->vif.valid_links & ~sdata->vif.dormant_links;
7106 new_suspended_links =
7107 (~map & sdata->vif.valid_links) & ~sdata->vif.dormant_links;
7108 new_dormant_links = sdata->vif.dormant_links | new_suspended_links;
7109 if (ieee80211_ttlm_set_links(sdata, new_active_links,
7110 new_dormant_links, new_suspended_links))
7111 return;
7112
7113 sdata->vif.neg_ttlm = neg_ttlm;
7114 sdata->vif.neg_ttlm.valid = true;
7115 }
7116
ieee80211_neg_ttlm_timeout_work(struct wiphy * wiphy,struct wiphy_work * work)7117 static void ieee80211_neg_ttlm_timeout_work(struct wiphy *wiphy,
7118 struct wiphy_work *work)
7119 {
7120 struct ieee80211_sub_if_data *sdata =
7121 container_of(work, struct ieee80211_sub_if_data,
7122 u.mgd.neg_ttlm_timeout_work.work);
7123
7124 sdata_info(sdata,
7125 "No negotiated TTLM response from AP, disconnecting.\n");
7126
7127 __ieee80211_disconnect(sdata);
7128 }
7129
7130 static void
ieee80211_neg_ttlm_add_suggested_map(struct sk_buff * skb,struct ieee80211_neg_ttlm * neg_ttlm)7131 ieee80211_neg_ttlm_add_suggested_map(struct sk_buff *skb,
7132 struct ieee80211_neg_ttlm *neg_ttlm)
7133 {
7134 u8 i, direction[IEEE80211_TTLM_MAX_CNT];
7135
7136 if (memcmp(neg_ttlm->downlink, neg_ttlm->uplink,
7137 sizeof(neg_ttlm->downlink))) {
7138 direction[0] = IEEE80211_TTLM_DIRECTION_DOWN;
7139 direction[1] = IEEE80211_TTLM_DIRECTION_UP;
7140 } else {
7141 direction[0] = IEEE80211_TTLM_DIRECTION_BOTH;
7142 }
7143
7144 for (i = 0; i < ARRAY_SIZE(direction); i++) {
7145 u8 tid, len, map_ind = 0, *len_pos, *map_ind_pos, *pos;
7146 __le16 map;
7147
7148 len = sizeof(struct ieee80211_ttlm_elem) + 1 + 1;
7149
7150 pos = skb_put(skb, len + 2);
7151 *pos++ = WLAN_EID_EXTENSION;
7152 len_pos = pos++;
7153 *pos++ = WLAN_EID_EXT_TID_TO_LINK_MAPPING;
7154 *pos++ = direction[i];
7155 map_ind_pos = pos++;
7156 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
7157 map = direction[i] == IEEE80211_TTLM_DIRECTION_UP ?
7158 cpu_to_le16(neg_ttlm->uplink[tid]) :
7159 cpu_to_le16(neg_ttlm->downlink[tid]);
7160 if (!map)
7161 continue;
7162
7163 len += 2;
7164 map_ind |= BIT(tid);
7165 skb_put_data(skb, &map, sizeof(map));
7166 }
7167
7168 *map_ind_pos = map_ind;
7169 *len_pos = len;
7170
7171 if (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH)
7172 break;
7173 }
7174 }
7175
7176 static void
ieee80211_send_neg_ttlm_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_neg_ttlm * neg_ttlm,u8 dialog_token)7177 ieee80211_send_neg_ttlm_req(struct ieee80211_sub_if_data *sdata,
7178 struct ieee80211_neg_ttlm *neg_ttlm,
7179 u8 dialog_token)
7180 {
7181 struct ieee80211_local *local = sdata->local;
7182 struct ieee80211_mgmt *mgmt;
7183 struct sk_buff *skb;
7184 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.ttlm_req);
7185 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 +
7186 2 * 2 * IEEE80211_TTLM_NUM_TIDS;
7187
7188 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len);
7189 if (!skb)
7190 return;
7191
7192 skb_reserve(skb, local->tx_headroom);
7193 mgmt = skb_put_zero(skb, hdr_len);
7194 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
7195 IEEE80211_STYPE_ACTION);
7196 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
7197 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
7198 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
7199
7200 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
7201 mgmt->u.action.u.ttlm_req.action_code =
7202 WLAN_PROTECTED_EHT_ACTION_TTLM_REQ;
7203 mgmt->u.action.u.ttlm_req.dialog_token = dialog_token;
7204 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm);
7205 ieee80211_tx_skb(sdata, skb);
7206 }
7207
ieee80211_req_neg_ttlm(struct ieee80211_sub_if_data * sdata,struct cfg80211_ttlm_params * params)7208 int ieee80211_req_neg_ttlm(struct ieee80211_sub_if_data *sdata,
7209 struct cfg80211_ttlm_params *params)
7210 {
7211 struct ieee80211_neg_ttlm neg_ttlm = {};
7212 u8 i;
7213
7214 if (!ieee80211_vif_is_mld(&sdata->vif) ||
7215 !(sdata->vif.cfg.mld_capa_op &
7216 IEEE80211_MLD_CAP_OP_TID_TO_LINK_MAP_NEG_SUPP))
7217 return -EINVAL;
7218
7219 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) {
7220 if ((params->dlink[i] & ~sdata->vif.valid_links) ||
7221 (params->ulink[i] & ~sdata->vif.valid_links))
7222 return -EINVAL;
7223
7224 neg_ttlm.downlink[i] = params->dlink[i];
7225 neg_ttlm.uplink[i] = params->ulink[i];
7226 }
7227
7228 if (drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm) !=
7229 NEG_TTLM_RES_ACCEPT)
7230 return -EINVAL;
7231
7232 ieee80211_apply_neg_ttlm(sdata, neg_ttlm);
7233 sdata->u.mgd.dialog_token_alloc++;
7234 ieee80211_send_neg_ttlm_req(sdata, &sdata->vif.neg_ttlm,
7235 sdata->u.mgd.dialog_token_alloc);
7236 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
7237 &sdata->u.mgd.neg_ttlm_timeout_work);
7238 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
7239 &sdata->u.mgd.neg_ttlm_timeout_work,
7240 IEEE80211_NEG_TTLM_REQ_TIMEOUT);
7241 return 0;
7242 }
7243
7244 static void
ieee80211_send_neg_ttlm_res(struct ieee80211_sub_if_data * sdata,enum ieee80211_neg_ttlm_res ttlm_res,u8 dialog_token,struct ieee80211_neg_ttlm * neg_ttlm)7245 ieee80211_send_neg_ttlm_res(struct ieee80211_sub_if_data *sdata,
7246 enum ieee80211_neg_ttlm_res ttlm_res,
7247 u8 dialog_token,
7248 struct ieee80211_neg_ttlm *neg_ttlm)
7249 {
7250 struct ieee80211_local *local = sdata->local;
7251 struct ieee80211_mgmt *mgmt;
7252 struct sk_buff *skb;
7253 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.ttlm_res);
7254 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 +
7255 2 * 2 * IEEE80211_TTLM_NUM_TIDS;
7256
7257 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len);
7258 if (!skb)
7259 return;
7260
7261 skb_reserve(skb, local->tx_headroom);
7262 mgmt = skb_put_zero(skb, hdr_len);
7263 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
7264 IEEE80211_STYPE_ACTION);
7265 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
7266 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
7267 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
7268
7269 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
7270 mgmt->u.action.u.ttlm_res.action_code =
7271 WLAN_PROTECTED_EHT_ACTION_TTLM_RES;
7272 mgmt->u.action.u.ttlm_res.dialog_token = dialog_token;
7273 switch (ttlm_res) {
7274 default:
7275 WARN_ON(1);
7276 fallthrough;
7277 case NEG_TTLM_RES_REJECT:
7278 mgmt->u.action.u.ttlm_res.status_code =
7279 WLAN_STATUS_DENIED_TID_TO_LINK_MAPPING;
7280 break;
7281 case NEG_TTLM_RES_ACCEPT:
7282 mgmt->u.action.u.ttlm_res.status_code = WLAN_STATUS_SUCCESS;
7283 break;
7284 case NEG_TTLM_RES_SUGGEST_PREFERRED:
7285 mgmt->u.action.u.ttlm_res.status_code =
7286 WLAN_STATUS_PREF_TID_TO_LINK_MAPPING_SUGGESTED;
7287 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm);
7288 break;
7289 }
7290
7291 ieee80211_tx_skb(sdata, skb);
7292 }
7293
7294 static int
ieee80211_parse_neg_ttlm(struct ieee80211_sub_if_data * sdata,const struct ieee80211_ttlm_elem * ttlm,struct ieee80211_neg_ttlm * neg_ttlm,u8 * direction)7295 ieee80211_parse_neg_ttlm(struct ieee80211_sub_if_data *sdata,
7296 const struct ieee80211_ttlm_elem *ttlm,
7297 struct ieee80211_neg_ttlm *neg_ttlm,
7298 u8 *direction)
7299 {
7300 u8 control, link_map_presence, map_size, tid;
7301 u8 *pos;
7302
7303 /* The element size was already validated in
7304 * ieee80211_tid_to_link_map_size_ok()
7305 */
7306 pos = (void *)ttlm->optional;
7307
7308 control = ttlm->control;
7309
7310 /* mapping switch time and expected duration fields are not expected
7311 * in case of negotiated TTLM
7312 */
7313 if (control & (IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT |
7314 IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT)) {
7315 mlme_dbg(sdata,
7316 "Invalid TTLM element in negotiated TTLM request\n");
7317 return -EINVAL;
7318 }
7319
7320 if (control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) {
7321 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
7322 neg_ttlm->downlink[tid] = sdata->vif.valid_links;
7323 neg_ttlm->uplink[tid] = sdata->vif.valid_links;
7324 }
7325 *direction = IEEE80211_TTLM_DIRECTION_BOTH;
7326 return 0;
7327 }
7328
7329 *direction = u8_get_bits(control, IEEE80211_TTLM_CONTROL_DIRECTION);
7330 if (*direction != IEEE80211_TTLM_DIRECTION_DOWN &&
7331 *direction != IEEE80211_TTLM_DIRECTION_UP &&
7332 *direction != IEEE80211_TTLM_DIRECTION_BOTH)
7333 return -EINVAL;
7334
7335 link_map_presence = *pos;
7336 pos++;
7337
7338 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE)
7339 map_size = 1;
7340 else
7341 map_size = 2;
7342
7343 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
7344 u16 map;
7345
7346 if (link_map_presence & BIT(tid)) {
7347 map = ieee80211_get_ttlm(map_size, pos);
7348 if (!map) {
7349 mlme_dbg(sdata,
7350 "No active links for TID %d", tid);
7351 return -EINVAL;
7352 }
7353 } else {
7354 map = 0;
7355 }
7356
7357 switch (*direction) {
7358 case IEEE80211_TTLM_DIRECTION_BOTH:
7359 neg_ttlm->downlink[tid] = map;
7360 neg_ttlm->uplink[tid] = map;
7361 break;
7362 case IEEE80211_TTLM_DIRECTION_DOWN:
7363 neg_ttlm->downlink[tid] = map;
7364 break;
7365 case IEEE80211_TTLM_DIRECTION_UP:
7366 neg_ttlm->uplink[tid] = map;
7367 break;
7368 default:
7369 return -EINVAL;
7370 }
7371 pos += map_size;
7372 }
7373 return 0;
7374 }
7375
ieee80211_process_neg_ttlm_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)7376 void ieee80211_process_neg_ttlm_req(struct ieee80211_sub_if_data *sdata,
7377 struct ieee80211_mgmt *mgmt, size_t len)
7378 {
7379 u8 dialog_token, direction[IEEE80211_TTLM_MAX_CNT] = {}, i;
7380 size_t ies_len;
7381 enum ieee80211_neg_ttlm_res ttlm_res = NEG_TTLM_RES_ACCEPT;
7382 struct ieee802_11_elems *elems = NULL;
7383 struct ieee80211_neg_ttlm neg_ttlm = {};
7384
7385 BUILD_BUG_ON(ARRAY_SIZE(direction) != ARRAY_SIZE(elems->ttlm));
7386
7387 if (!ieee80211_vif_is_mld(&sdata->vif))
7388 return;
7389
7390 dialog_token = mgmt->u.action.u.ttlm_req.dialog_token;
7391 ies_len = len - offsetof(struct ieee80211_mgmt,
7392 u.action.u.ttlm_req.variable);
7393 elems = ieee802_11_parse_elems(mgmt->u.action.u.ttlm_req.variable,
7394 ies_len, true, NULL);
7395 if (!elems) {
7396 ttlm_res = NEG_TTLM_RES_REJECT;
7397 goto out;
7398 }
7399
7400 for (i = 0; i < elems->ttlm_num; i++) {
7401 if (ieee80211_parse_neg_ttlm(sdata, elems->ttlm[i],
7402 &neg_ttlm, &direction[i]) ||
7403 (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH &&
7404 elems->ttlm_num != 1)) {
7405 ttlm_res = NEG_TTLM_RES_REJECT;
7406 goto out;
7407 }
7408 }
7409
7410 if (!elems->ttlm_num ||
7411 (elems->ttlm_num == 2 && direction[0] == direction[1])) {
7412 ttlm_res = NEG_TTLM_RES_REJECT;
7413 goto out;
7414 }
7415
7416 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) {
7417 if ((neg_ttlm.downlink[i] &&
7418 (neg_ttlm.downlink[i] & ~sdata->vif.valid_links)) ||
7419 (neg_ttlm.uplink[i] &&
7420 (neg_ttlm.uplink[i] & ~sdata->vif.valid_links))) {
7421 ttlm_res = NEG_TTLM_RES_REJECT;
7422 goto out;
7423 }
7424 }
7425
7426 ttlm_res = drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm);
7427
7428 if (ttlm_res != NEG_TTLM_RES_ACCEPT)
7429 goto out;
7430
7431 ieee80211_apply_neg_ttlm(sdata, neg_ttlm);
7432 out:
7433 kfree(elems);
7434 ieee80211_send_neg_ttlm_res(sdata, ttlm_res, dialog_token, &neg_ttlm);
7435 }
7436
ieee80211_process_neg_ttlm_res(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)7437 void ieee80211_process_neg_ttlm_res(struct ieee80211_sub_if_data *sdata,
7438 struct ieee80211_mgmt *mgmt, size_t len)
7439 {
7440 if (!ieee80211_vif_is_mld(&sdata->vif) ||
7441 mgmt->u.action.u.ttlm_req.dialog_token !=
7442 sdata->u.mgd.dialog_token_alloc)
7443 return;
7444
7445 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
7446 &sdata->u.mgd.neg_ttlm_timeout_work);
7447
7448 /* MLD station sends a TID to link mapping request, mainly to handle
7449 * BTM (BSS transition management) request, in which case it needs to
7450 * restrict the active links set.
7451 * In this case it's not expected that the MLD AP will reject the
7452 * negotiated TTLM request.
7453 * This can be better implemented in the future, to handle request
7454 * rejections.
7455 */
7456 if (mgmt->u.action.u.ttlm_res.status_code != WLAN_STATUS_SUCCESS)
7457 __ieee80211_disconnect(sdata);
7458 }
7459
ieee80211_teardown_ttlm_work(struct wiphy * wiphy,struct wiphy_work * work)7460 static void ieee80211_teardown_ttlm_work(struct wiphy *wiphy,
7461 struct wiphy_work *work)
7462 {
7463 u16 new_dormant_links;
7464 struct ieee80211_sub_if_data *sdata =
7465 container_of(work, struct ieee80211_sub_if_data,
7466 u.mgd.teardown_ttlm_work);
7467
7468 if (!sdata->vif.neg_ttlm.valid)
7469 return;
7470
7471 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
7472 new_dormant_links =
7473 sdata->vif.dormant_links & ~sdata->vif.suspended_links;
7474 sdata->vif.suspended_links = 0;
7475 ieee80211_vif_set_links(sdata, sdata->vif.valid_links,
7476 new_dormant_links);
7477 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_TTLM |
7478 BSS_CHANGED_MLD_VALID_LINKS);
7479 }
7480
ieee80211_send_teardown_neg_ttlm(struct ieee80211_vif * vif)7481 void ieee80211_send_teardown_neg_ttlm(struct ieee80211_vif *vif)
7482 {
7483 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
7484 struct ieee80211_local *local = sdata->local;
7485 struct ieee80211_mgmt *mgmt;
7486 struct sk_buff *skb;
7487 int frame_len = offsetofend(struct ieee80211_mgmt,
7488 u.action.u.ttlm_tear_down);
7489 struct ieee80211_tx_info *info;
7490
7491 skb = dev_alloc_skb(local->hw.extra_tx_headroom + frame_len);
7492 if (!skb)
7493 return;
7494
7495 skb_reserve(skb, local->hw.extra_tx_headroom);
7496 mgmt = skb_put_zero(skb, frame_len);
7497 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
7498 IEEE80211_STYPE_ACTION);
7499 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
7500 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
7501 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
7502
7503 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
7504 mgmt->u.action.u.ttlm_tear_down.action_code =
7505 WLAN_PROTECTED_EHT_ACTION_TTLM_TEARDOWN;
7506
7507 info = IEEE80211_SKB_CB(skb);
7508 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
7509 info->status_data = IEEE80211_STATUS_TYPE_NEG_TTLM;
7510 ieee80211_tx_skb(sdata, skb);
7511 }
7512 EXPORT_SYMBOL(ieee80211_send_teardown_neg_ttlm);
7513
ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb)7514 void ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data *sdata,
7515 struct sk_buff *skb)
7516 {
7517 struct ieee80211_link_data *link = &sdata->deflink;
7518 struct ieee80211_rx_status *rx_status;
7519 struct ieee80211_hdr *hdr;
7520 u16 fc;
7521
7522 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7523
7524 rx_status = (struct ieee80211_rx_status *) skb->cb;
7525 hdr = (struct ieee80211_hdr *) skb->data;
7526 fc = le16_to_cpu(hdr->frame_control);
7527
7528 switch (fc & IEEE80211_FCTL_STYPE) {
7529 case IEEE80211_STYPE_S1G_BEACON:
7530 ieee80211_rx_mgmt_beacon(link, hdr, skb->len, rx_status);
7531 break;
7532 }
7533 }
7534
ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb)7535 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
7536 struct sk_buff *skb)
7537 {
7538 struct ieee80211_link_data *link = &sdata->deflink;
7539 struct ieee80211_rx_status *rx_status;
7540 struct ieee802_11_elems *elems;
7541 struct ieee80211_mgmt *mgmt;
7542 u16 fc;
7543 int ies_len;
7544
7545 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7546
7547 rx_status = (struct ieee80211_rx_status *) skb->cb;
7548 mgmt = (struct ieee80211_mgmt *) skb->data;
7549 fc = le16_to_cpu(mgmt->frame_control);
7550
7551 if (rx_status->link_valid) {
7552 link = sdata_dereference(sdata->link[rx_status->link_id],
7553 sdata);
7554 if (!link)
7555 return;
7556 }
7557
7558 switch (fc & IEEE80211_FCTL_STYPE) {
7559 case IEEE80211_STYPE_BEACON:
7560 ieee80211_rx_mgmt_beacon(link, (void *)mgmt,
7561 skb->len, rx_status);
7562 break;
7563 case IEEE80211_STYPE_PROBE_RESP:
7564 ieee80211_rx_mgmt_probe_resp(link, skb);
7565 break;
7566 case IEEE80211_STYPE_AUTH:
7567 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
7568 break;
7569 case IEEE80211_STYPE_DEAUTH:
7570 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
7571 break;
7572 case IEEE80211_STYPE_DISASSOC:
7573 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
7574 break;
7575 case IEEE80211_STYPE_ASSOC_RESP:
7576 case IEEE80211_STYPE_REASSOC_RESP:
7577 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
7578 break;
7579 case IEEE80211_STYPE_ACTION:
7580 if (!sdata->u.mgd.associated ||
7581 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr))
7582 break;
7583
7584 switch (mgmt->u.action.category) {
7585 case WLAN_CATEGORY_SPECTRUM_MGMT:
7586 ies_len = skb->len -
7587 offsetof(struct ieee80211_mgmt,
7588 u.action.u.chan_switch.variable);
7589
7590 if (ies_len < 0)
7591 break;
7592
7593 /* CSA IE cannot be overridden, no need for BSSID */
7594 elems = ieee802_11_parse_elems(
7595 mgmt->u.action.u.chan_switch.variable,
7596 ies_len, true, NULL);
7597
7598 if (elems && !elems->parse_error) {
7599 enum ieee80211_csa_source src =
7600 IEEE80211_CSA_SOURCE_PROT_ACTION;
7601
7602 ieee80211_sta_process_chanswitch(link,
7603 rx_status->mactime,
7604 rx_status->device_timestamp,
7605 elems, elems,
7606 src);
7607 }
7608 kfree(elems);
7609 break;
7610 case WLAN_CATEGORY_PUBLIC:
7611 case WLAN_CATEGORY_PROTECTED_DUAL_OF_ACTION:
7612 ies_len = skb->len -
7613 offsetof(struct ieee80211_mgmt,
7614 u.action.u.ext_chan_switch.variable);
7615
7616 if (ies_len < 0)
7617 break;
7618
7619 /*
7620 * extended CSA IE can't be overridden, no need for
7621 * BSSID
7622 */
7623 elems = ieee802_11_parse_elems(
7624 mgmt->u.action.u.ext_chan_switch.variable,
7625 ies_len, true, NULL);
7626
7627 if (elems && !elems->parse_error) {
7628 enum ieee80211_csa_source src;
7629
7630 if (mgmt->u.action.category ==
7631 WLAN_CATEGORY_PROTECTED_DUAL_OF_ACTION)
7632 src = IEEE80211_CSA_SOURCE_PROT_ACTION;
7633 else
7634 src = IEEE80211_CSA_SOURCE_UNPROT_ACTION;
7635
7636 /* for the handling code pretend it was an IE */
7637 elems->ext_chansw_ie =
7638 &mgmt->u.action.u.ext_chan_switch.data;
7639
7640 ieee80211_sta_process_chanswitch(link,
7641 rx_status->mactime,
7642 rx_status->device_timestamp,
7643 elems, elems,
7644 src);
7645 }
7646
7647 kfree(elems);
7648 break;
7649 }
7650 break;
7651 }
7652 }
7653
ieee80211_sta_timer(struct timer_list * t)7654 static void ieee80211_sta_timer(struct timer_list *t)
7655 {
7656 struct ieee80211_sub_if_data *sdata =
7657 from_timer(sdata, t, u.mgd.timer);
7658
7659 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
7660 }
7661
ieee80211_sta_connection_lost(struct ieee80211_sub_if_data * sdata,u8 reason,bool tx)7662 void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
7663 u8 reason, bool tx)
7664 {
7665 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
7666
7667 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
7668 tx, frame_buf);
7669
7670 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
7671 reason, false);
7672 }
7673
ieee80211_auth(struct ieee80211_sub_if_data * sdata)7674 static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
7675 {
7676 struct ieee80211_local *local = sdata->local;
7677 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7678 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
7679 u32 tx_flags = 0;
7680 u16 trans = 1;
7681 u16 status = 0;
7682 struct ieee80211_prep_tx_info info = {
7683 .subtype = IEEE80211_STYPE_AUTH,
7684 };
7685
7686 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7687
7688 if (WARN_ON_ONCE(!auth_data))
7689 return -EINVAL;
7690
7691 auth_data->tries++;
7692
7693 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
7694 sdata_info(sdata, "authentication with %pM timed out\n",
7695 auth_data->ap_addr);
7696
7697 /*
7698 * Most likely AP is not in the range so remove the
7699 * bss struct for that AP.
7700 */
7701 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
7702
7703 return -ETIMEDOUT;
7704 }
7705
7706 if (auth_data->algorithm == WLAN_AUTH_SAE)
7707 info.duration = jiffies_to_msecs(IEEE80211_AUTH_TIMEOUT_SAE);
7708
7709 info.link_id = auth_data->link_id;
7710 drv_mgd_prepare_tx(local, sdata, &info);
7711
7712 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
7713 auth_data->ap_addr, auth_data->tries,
7714 IEEE80211_AUTH_MAX_TRIES);
7715
7716 auth_data->expected_transaction = 2;
7717
7718 if (auth_data->algorithm == WLAN_AUTH_SAE) {
7719 trans = auth_data->sae_trans;
7720 status = auth_data->sae_status;
7721 auth_data->expected_transaction = trans;
7722 }
7723
7724 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
7725 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
7726 IEEE80211_TX_INTFL_MLME_CONN_TX;
7727
7728 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
7729 auth_data->data, auth_data->data_len,
7730 auth_data->ap_addr, auth_data->ap_addr,
7731 NULL, 0, 0, tx_flags);
7732
7733 if (tx_flags == 0) {
7734 if (auth_data->algorithm == WLAN_AUTH_SAE)
7735 auth_data->timeout = jiffies +
7736 IEEE80211_AUTH_TIMEOUT_SAE;
7737 else
7738 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
7739 } else {
7740 auth_data->timeout =
7741 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
7742 }
7743
7744 auth_data->timeout_started = true;
7745 run_again(sdata, auth_data->timeout);
7746
7747 return 0;
7748 }
7749
ieee80211_do_assoc(struct ieee80211_sub_if_data * sdata)7750 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
7751 {
7752 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
7753 struct ieee80211_local *local = sdata->local;
7754 int ret;
7755
7756 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7757
7758 assoc_data->tries++;
7759 assoc_data->comeback = false;
7760 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
7761 sdata_info(sdata, "association with %pM timed out\n",
7762 assoc_data->ap_addr);
7763
7764 /*
7765 * Most likely AP is not in the range so remove the
7766 * bss struct for that AP.
7767 */
7768 cfg80211_unlink_bss(local->hw.wiphy,
7769 assoc_data->link[assoc_data->assoc_link_id].bss);
7770
7771 return -ETIMEDOUT;
7772 }
7773
7774 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
7775 assoc_data->ap_addr, assoc_data->tries,
7776 IEEE80211_ASSOC_MAX_TRIES);
7777 ret = ieee80211_send_assoc(sdata);
7778 if (ret)
7779 return ret;
7780
7781 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
7782 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
7783 assoc_data->timeout_started = true;
7784 run_again(sdata, assoc_data->timeout);
7785 } else {
7786 assoc_data->timeout =
7787 round_jiffies_up(jiffies +
7788 IEEE80211_ASSOC_TIMEOUT_LONG);
7789 assoc_data->timeout_started = true;
7790 run_again(sdata, assoc_data->timeout);
7791 }
7792
7793 return 0;
7794 }
7795
ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data * sdata,__le16 fc,bool acked)7796 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
7797 __le16 fc, bool acked)
7798 {
7799 struct ieee80211_local *local = sdata->local;
7800
7801 sdata->u.mgd.status_fc = fc;
7802 sdata->u.mgd.status_acked = acked;
7803 sdata->u.mgd.status_received = true;
7804
7805 wiphy_work_queue(local->hw.wiphy, &sdata->work);
7806 }
7807
ieee80211_sta_work(struct ieee80211_sub_if_data * sdata)7808 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
7809 {
7810 struct ieee80211_local *local = sdata->local;
7811 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7812
7813 lockdep_assert_wiphy(sdata->local->hw.wiphy);
7814
7815 if (ifmgd->status_received) {
7816 __le16 fc = ifmgd->status_fc;
7817 bool status_acked = ifmgd->status_acked;
7818
7819 ifmgd->status_received = false;
7820 if (ifmgd->auth_data && ieee80211_is_auth(fc)) {
7821 if (status_acked) {
7822 if (ifmgd->auth_data->algorithm ==
7823 WLAN_AUTH_SAE)
7824 ifmgd->auth_data->timeout =
7825 jiffies +
7826 IEEE80211_AUTH_TIMEOUT_SAE;
7827 else
7828 ifmgd->auth_data->timeout =
7829 jiffies +
7830 IEEE80211_AUTH_TIMEOUT_SHORT;
7831 run_again(sdata, ifmgd->auth_data->timeout);
7832 } else {
7833 ifmgd->auth_data->timeout = jiffies - 1;
7834 }
7835 ifmgd->auth_data->timeout_started = true;
7836 } else if (ifmgd->assoc_data &&
7837 !ifmgd->assoc_data->comeback &&
7838 (ieee80211_is_assoc_req(fc) ||
7839 ieee80211_is_reassoc_req(fc))) {
7840 /*
7841 * Update association timeout based on the TX status
7842 * for the (Re)Association Request frame. Skip this if
7843 * we have already processed a (Re)Association Response
7844 * frame that indicated need for association comeback
7845 * at a specific time in the future. This could happen
7846 * if the TX status information is delayed enough for
7847 * the response to be received and processed first.
7848 */
7849 if (status_acked) {
7850 ifmgd->assoc_data->timeout =
7851 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
7852 run_again(sdata, ifmgd->assoc_data->timeout);
7853 } else {
7854 ifmgd->assoc_data->timeout = jiffies - 1;
7855 }
7856 ifmgd->assoc_data->timeout_started = true;
7857 }
7858 }
7859
7860 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
7861 time_after(jiffies, ifmgd->auth_data->timeout)) {
7862 if (ifmgd->auth_data->done || ifmgd->auth_data->waiting) {
7863 /*
7864 * ok ... we waited for assoc or continuation but
7865 * userspace didn't do it, so kill the auth data
7866 */
7867 ieee80211_destroy_auth_data(sdata, false);
7868 } else if (ieee80211_auth(sdata)) {
7869 u8 ap_addr[ETH_ALEN];
7870 struct ieee80211_event event = {
7871 .type = MLME_EVENT,
7872 .u.mlme.data = AUTH_EVENT,
7873 .u.mlme.status = MLME_TIMEOUT,
7874 };
7875
7876 memcpy(ap_addr, ifmgd->auth_data->ap_addr, ETH_ALEN);
7877
7878 ieee80211_destroy_auth_data(sdata, false);
7879
7880 cfg80211_auth_timeout(sdata->dev, ap_addr);
7881 drv_event_callback(sdata->local, sdata, &event);
7882 }
7883 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
7884 run_again(sdata, ifmgd->auth_data->timeout);
7885
7886 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
7887 time_after(jiffies, ifmgd->assoc_data->timeout)) {
7888 if ((ifmgd->assoc_data->need_beacon &&
7889 !sdata->deflink.u.mgd.have_beacon) ||
7890 ieee80211_do_assoc(sdata)) {
7891 struct ieee80211_event event = {
7892 .type = MLME_EVENT,
7893 .u.mlme.data = ASSOC_EVENT,
7894 .u.mlme.status = MLME_TIMEOUT,
7895 };
7896
7897 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
7898 drv_event_callback(sdata->local, sdata, &event);
7899 }
7900 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
7901 run_again(sdata, ifmgd->assoc_data->timeout);
7902
7903 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
7904 ifmgd->associated) {
7905 u8 *bssid = sdata->deflink.u.mgd.bssid;
7906 int max_tries;
7907
7908 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
7909 max_tries = max_nullfunc_tries;
7910 else
7911 max_tries = max_probe_tries;
7912
7913 /* ACK received for nullfunc probing frame */
7914 if (!ifmgd->probe_send_count)
7915 ieee80211_reset_ap_probe(sdata);
7916 else if (ifmgd->nullfunc_failed) {
7917 if (ifmgd->probe_send_count < max_tries) {
7918 mlme_dbg(sdata,
7919 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
7920 bssid, ifmgd->probe_send_count,
7921 max_tries);
7922 ieee80211_mgd_probe_ap_send(sdata);
7923 } else {
7924 mlme_dbg(sdata,
7925 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
7926 bssid);
7927 ieee80211_sta_connection_lost(sdata,
7928 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
7929 false);
7930 }
7931 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
7932 run_again(sdata, ifmgd->probe_timeout);
7933 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
7934 mlme_dbg(sdata,
7935 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
7936 bssid, probe_wait_ms);
7937 ieee80211_sta_connection_lost(sdata,
7938 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
7939 } else if (ifmgd->probe_send_count < max_tries) {
7940 mlme_dbg(sdata,
7941 "No probe response from AP %pM after %dms, try %d/%i\n",
7942 bssid, probe_wait_ms,
7943 ifmgd->probe_send_count, max_tries);
7944 ieee80211_mgd_probe_ap_send(sdata);
7945 } else {
7946 /*
7947 * We actually lost the connection ... or did we?
7948 * Let's make sure!
7949 */
7950 mlme_dbg(sdata,
7951 "No probe response from AP %pM after %dms, disconnecting.\n",
7952 bssid, probe_wait_ms);
7953
7954 ieee80211_sta_connection_lost(sdata,
7955 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
7956 }
7957 }
7958 }
7959
ieee80211_sta_bcn_mon_timer(struct timer_list * t)7960 static void ieee80211_sta_bcn_mon_timer(struct timer_list *t)
7961 {
7962 struct ieee80211_sub_if_data *sdata =
7963 from_timer(sdata, t, u.mgd.bcn_mon_timer);
7964
7965 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif)))
7966 return;
7967
7968 if (sdata->vif.bss_conf.csa_active &&
7969 !sdata->deflink.u.mgd.csa.waiting_bcn)
7970 return;
7971
7972 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
7973 return;
7974
7975 sdata->u.mgd.connection_loss = false;
7976 wiphy_work_queue(sdata->local->hw.wiphy,
7977 &sdata->u.mgd.beacon_connection_loss_work);
7978 }
7979
ieee80211_sta_conn_mon_timer(struct timer_list * t)7980 static void ieee80211_sta_conn_mon_timer(struct timer_list *t)
7981 {
7982 struct ieee80211_sub_if_data *sdata =
7983 from_timer(sdata, t, u.mgd.conn_mon_timer);
7984 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7985 struct ieee80211_local *local = sdata->local;
7986 struct sta_info *sta;
7987 unsigned long timeout;
7988
7989 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif)))
7990 return;
7991
7992 if (sdata->vif.bss_conf.csa_active &&
7993 !sdata->deflink.u.mgd.csa.waiting_bcn)
7994 return;
7995
7996 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
7997 if (!sta)
7998 return;
7999
8000 timeout = sta->deflink.status_stats.last_ack;
8001 if (time_before(sta->deflink.status_stats.last_ack, sta->deflink.rx_stats.last_rx))
8002 timeout = sta->deflink.rx_stats.last_rx;
8003 timeout += IEEE80211_CONNECTION_IDLE_TIME;
8004
8005 /* If timeout is after now, then update timer to fire at
8006 * the later date, but do not actually probe at this time.
8007 */
8008 if (time_is_after_jiffies(timeout)) {
8009 mod_timer(&ifmgd->conn_mon_timer, round_jiffies_up(timeout));
8010 return;
8011 }
8012
8013 wiphy_work_queue(local->hw.wiphy, &sdata->u.mgd.monitor_work);
8014 }
8015
ieee80211_sta_monitor_work(struct wiphy * wiphy,struct wiphy_work * work)8016 static void ieee80211_sta_monitor_work(struct wiphy *wiphy,
8017 struct wiphy_work *work)
8018 {
8019 struct ieee80211_sub_if_data *sdata =
8020 container_of(work, struct ieee80211_sub_if_data,
8021 u.mgd.monitor_work);
8022
8023 ieee80211_mgd_probe_ap(sdata, false);
8024 }
8025
ieee80211_restart_sta_timer(struct ieee80211_sub_if_data * sdata)8026 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
8027 {
8028 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
8029 __ieee80211_stop_poll(sdata);
8030
8031 /* let's probe the connection once */
8032 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
8033 wiphy_work_queue(sdata->local->hw.wiphy,
8034 &sdata->u.mgd.monitor_work);
8035 }
8036 }
8037
8038 #ifdef CONFIG_PM
ieee80211_mgd_quiesce(struct ieee80211_sub_if_data * sdata)8039 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
8040 {
8041 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8042 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8043
8044 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8045
8046 if (ifmgd->auth_data || ifmgd->assoc_data) {
8047 const u8 *ap_addr = ifmgd->auth_data ?
8048 ifmgd->auth_data->ap_addr :
8049 ifmgd->assoc_data->ap_addr;
8050
8051 /*
8052 * If we are trying to authenticate / associate while suspending,
8053 * cfg80211 won't know and won't actually abort those attempts,
8054 * thus we need to do that ourselves.
8055 */
8056 ieee80211_send_deauth_disassoc(sdata, ap_addr, ap_addr,
8057 IEEE80211_STYPE_DEAUTH,
8058 WLAN_REASON_DEAUTH_LEAVING,
8059 false, frame_buf);
8060 if (ifmgd->assoc_data)
8061 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
8062 if (ifmgd->auth_data)
8063 ieee80211_destroy_auth_data(sdata, false);
8064 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
8065 IEEE80211_DEAUTH_FRAME_LEN,
8066 false);
8067 }
8068
8069 /* This is a bit of a hack - we should find a better and more generic
8070 * solution to this. Normally when suspending, cfg80211 will in fact
8071 * deauthenticate. However, it doesn't (and cannot) stop an ongoing
8072 * auth (not so important) or assoc (this is the problem) process.
8073 *
8074 * As a consequence, it can happen that we are in the process of both
8075 * associating and suspending, and receive an association response
8076 * after cfg80211 has checked if it needs to disconnect, but before
8077 * we actually set the flag to drop incoming frames. This will then
8078 * cause the workqueue flush to process the association response in
8079 * the suspend, resulting in a successful association just before it
8080 * tries to remove the interface from the driver, which now though
8081 * has a channel context assigned ... this results in issues.
8082 *
8083 * To work around this (for now) simply deauth here again if we're
8084 * now connected.
8085 */
8086 if (ifmgd->associated && !sdata->local->wowlan) {
8087 u8 bssid[ETH_ALEN];
8088 struct cfg80211_deauth_request req = {
8089 .reason_code = WLAN_REASON_DEAUTH_LEAVING,
8090 .bssid = bssid,
8091 };
8092
8093 memcpy(bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
8094 ieee80211_mgd_deauth(sdata, &req);
8095 }
8096 }
8097 #endif
8098
ieee80211_sta_restart(struct ieee80211_sub_if_data * sdata)8099 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
8100 {
8101 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8102
8103 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8104
8105 if (!ifmgd->associated)
8106 return;
8107
8108 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
8109 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
8110 mlme_dbg(sdata, "driver requested disconnect after resume\n");
8111 ieee80211_sta_connection_lost(sdata,
8112 WLAN_REASON_UNSPECIFIED,
8113 true);
8114 return;
8115 }
8116
8117 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_HW_RESTART) {
8118 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_HW_RESTART;
8119 mlme_dbg(sdata, "driver requested disconnect after hardware restart\n");
8120 ieee80211_sta_connection_lost(sdata,
8121 WLAN_REASON_UNSPECIFIED,
8122 true);
8123 return;
8124 }
8125 }
8126
ieee80211_request_smps_mgd_work(struct wiphy * wiphy,struct wiphy_work * work)8127 static void ieee80211_request_smps_mgd_work(struct wiphy *wiphy,
8128 struct wiphy_work *work)
8129 {
8130 struct ieee80211_link_data *link =
8131 container_of(work, struct ieee80211_link_data,
8132 u.mgd.request_smps_work);
8133
8134 __ieee80211_request_smps_mgd(link->sdata, link,
8135 link->u.mgd.driver_smps_mode);
8136 }
8137
8138 /* interface setup */
ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data * sdata)8139 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
8140 {
8141 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8142
8143 wiphy_work_init(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
8144 wiphy_work_init(&ifmgd->beacon_connection_loss_work,
8145 ieee80211_beacon_connection_loss_work);
8146 wiphy_work_init(&ifmgd->csa_connection_drop_work,
8147 ieee80211_csa_connection_drop_work);
8148 wiphy_delayed_work_init(&ifmgd->tdls_peer_del_work,
8149 ieee80211_tdls_peer_del_work);
8150 wiphy_delayed_work_init(&ifmgd->ml_reconf_work,
8151 ieee80211_ml_reconf_work);
8152 timer_setup(&ifmgd->timer, ieee80211_sta_timer, 0);
8153 timer_setup(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 0);
8154 timer_setup(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 0);
8155 wiphy_delayed_work_init(&ifmgd->tx_tspec_wk,
8156 ieee80211_sta_handle_tspec_ac_params_wk);
8157 wiphy_delayed_work_init(&ifmgd->ttlm_work,
8158 ieee80211_tid_to_link_map_work);
8159 wiphy_delayed_work_init(&ifmgd->neg_ttlm_timeout_work,
8160 ieee80211_neg_ttlm_timeout_work);
8161 wiphy_work_init(&ifmgd->teardown_ttlm_work,
8162 ieee80211_teardown_ttlm_work);
8163
8164 ifmgd->flags = 0;
8165 ifmgd->powersave = sdata->wdev.ps;
8166 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
8167 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
8168 /* Setup TDLS data */
8169 spin_lock_init(&ifmgd->teardown_lock);
8170 ifmgd->teardown_skb = NULL;
8171 ifmgd->orig_teardown_skb = NULL;
8172 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO;
8173 }
8174
ieee80211_recalc_smps_work(struct wiphy * wiphy,struct wiphy_work * work)8175 static void ieee80211_recalc_smps_work(struct wiphy *wiphy,
8176 struct wiphy_work *work)
8177 {
8178 struct ieee80211_link_data *link =
8179 container_of(work, struct ieee80211_link_data,
8180 u.mgd.recalc_smps);
8181
8182 ieee80211_recalc_smps(link->sdata, link);
8183 }
8184
ieee80211_mgd_setup_link(struct ieee80211_link_data * link)8185 void ieee80211_mgd_setup_link(struct ieee80211_link_data *link)
8186 {
8187 struct ieee80211_sub_if_data *sdata = link->sdata;
8188 struct ieee80211_local *local = sdata->local;
8189 unsigned int link_id = link->link_id;
8190
8191 link->u.mgd.p2p_noa_index = -1;
8192 link->conf->bssid = link->u.mgd.bssid;
8193 link->smps_mode = IEEE80211_SMPS_OFF;
8194
8195 wiphy_work_init(&link->u.mgd.request_smps_work,
8196 ieee80211_request_smps_mgd_work);
8197 wiphy_work_init(&link->u.mgd.recalc_smps,
8198 ieee80211_recalc_smps_work);
8199 if (local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS)
8200 link->u.mgd.req_smps = IEEE80211_SMPS_AUTOMATIC;
8201 else
8202 link->u.mgd.req_smps = IEEE80211_SMPS_OFF;
8203
8204 wiphy_delayed_work_init(&link->u.mgd.csa.switch_work,
8205 ieee80211_csa_switch_work);
8206
8207 ieee80211_clear_tpe(&link->conf->tpe);
8208
8209 if (sdata->u.mgd.assoc_data)
8210 ether_addr_copy(link->conf->addr,
8211 sdata->u.mgd.assoc_data->link[link_id].addr);
8212 else if (!is_valid_ether_addr(link->conf->addr))
8213 eth_random_addr(link->conf->addr);
8214 }
8215
8216 /* scan finished notification */
ieee80211_mlme_notify_scan_completed(struct ieee80211_local * local)8217 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
8218 {
8219 struct ieee80211_sub_if_data *sdata;
8220
8221 /* Restart STA timers */
8222 rcu_read_lock();
8223 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
8224 if (ieee80211_sdata_running(sdata))
8225 ieee80211_restart_sta_timer(sdata);
8226 }
8227 rcu_read_unlock();
8228 }
8229
ieee80211_prep_connection(struct ieee80211_sub_if_data * sdata,struct cfg80211_bss * cbss,s8 link_id,const u8 * ap_mld_addr,bool assoc,struct ieee80211_conn_settings * conn,bool override)8230 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
8231 struct cfg80211_bss *cbss, s8 link_id,
8232 const u8 *ap_mld_addr, bool assoc,
8233 struct ieee80211_conn_settings *conn,
8234 bool override)
8235 {
8236 struct ieee80211_local *local = sdata->local;
8237 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8238 struct ieee80211_bss *bss = (void *)cbss->priv;
8239 struct sta_info *new_sta = NULL;
8240 struct ieee80211_link_data *link;
8241 bool have_sta = false;
8242 bool mlo;
8243 int err;
8244
8245 if (link_id >= 0) {
8246 mlo = true;
8247 if (WARN_ON(!ap_mld_addr))
8248 return -EINVAL;
8249 err = ieee80211_vif_set_links(sdata, BIT(link_id), 0);
8250 } else {
8251 if (WARN_ON(ap_mld_addr))
8252 return -EINVAL;
8253 ap_mld_addr = cbss->bssid;
8254 err = ieee80211_vif_set_links(sdata, 0, 0);
8255 link_id = 0;
8256 mlo = false;
8257 }
8258
8259 if (err)
8260 return err;
8261
8262 link = sdata_dereference(sdata->link[link_id], sdata);
8263 if (WARN_ON(!link)) {
8264 err = -ENOLINK;
8265 goto out_err;
8266 }
8267
8268 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) {
8269 err = -EINVAL;
8270 goto out_err;
8271 }
8272
8273 /* If a reconfig is happening, bail out */
8274 if (local->in_reconfig) {
8275 err = -EBUSY;
8276 goto out_err;
8277 }
8278
8279 if (assoc) {
8280 rcu_read_lock();
8281 have_sta = sta_info_get(sdata, ap_mld_addr);
8282 rcu_read_unlock();
8283 }
8284
8285 if (!have_sta) {
8286 if (mlo)
8287 new_sta = sta_info_alloc_with_link(sdata, ap_mld_addr,
8288 link_id, cbss->bssid,
8289 GFP_KERNEL);
8290 else
8291 new_sta = sta_info_alloc(sdata, ap_mld_addr, GFP_KERNEL);
8292
8293 if (!new_sta) {
8294 err = -ENOMEM;
8295 goto out_err;
8296 }
8297
8298 new_sta->sta.mlo = mlo;
8299 }
8300
8301 /*
8302 * Set up the information for the new channel before setting the
8303 * new channel. We can't - completely race-free - change the basic
8304 * rates bitmap and the channel (sband) that it refers to, but if
8305 * we set it up before we at least avoid calling into the driver's
8306 * bss_info_changed() method with invalid information (since we do
8307 * call that from changing the channel - only for IDLE and perhaps
8308 * some others, but ...).
8309 *
8310 * So to avoid that, just set up all the new information before the
8311 * channel, but tell the driver to apply it only afterwards, since
8312 * it might need the new channel for that.
8313 */
8314 if (new_sta) {
8315 const struct cfg80211_bss_ies *ies;
8316 struct link_sta_info *link_sta;
8317
8318 rcu_read_lock();
8319 link_sta = rcu_dereference(new_sta->link[link_id]);
8320 if (WARN_ON(!link_sta)) {
8321 rcu_read_unlock();
8322 sta_info_free(local, new_sta);
8323 err = -EINVAL;
8324 goto out_err;
8325 }
8326
8327 err = ieee80211_mgd_setup_link_sta(link, new_sta,
8328 link_sta, cbss);
8329 if (err) {
8330 rcu_read_unlock();
8331 sta_info_free(local, new_sta);
8332 goto out_err;
8333 }
8334
8335 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN);
8336
8337 /* set timing information */
8338 link->conf->beacon_int = cbss->beacon_interval;
8339 ies = rcu_dereference(cbss->beacon_ies);
8340 if (ies) {
8341 link->conf->sync_tsf = ies->tsf;
8342 link->conf->sync_device_ts =
8343 bss->device_ts_beacon;
8344
8345 ieee80211_get_dtim(ies,
8346 &link->conf->sync_dtim_count,
8347 NULL);
8348 } else if (!ieee80211_hw_check(&sdata->local->hw,
8349 TIMING_BEACON_ONLY)) {
8350 ies = rcu_dereference(cbss->proberesp_ies);
8351 /* must be non-NULL since beacon IEs were NULL */
8352 link->conf->sync_tsf = ies->tsf;
8353 link->conf->sync_device_ts =
8354 bss->device_ts_presp;
8355 link->conf->sync_dtim_count = 0;
8356 } else {
8357 link->conf->sync_tsf = 0;
8358 link->conf->sync_device_ts = 0;
8359 link->conf->sync_dtim_count = 0;
8360 }
8361 rcu_read_unlock();
8362 }
8363
8364 if (new_sta || override) {
8365 /*
8366 * Only set this if we're also going to calculate the AP
8367 * settings etc., otherwise this was set before in a
8368 * previous call. Note override is set to %true in assoc
8369 * if the settings were changed.
8370 */
8371 link->u.mgd.conn = *conn;
8372 err = ieee80211_prep_channel(sdata, link, link->link_id, cbss,
8373 mlo, &link->u.mgd.conn);
8374 if (err) {
8375 if (new_sta)
8376 sta_info_free(local, new_sta);
8377 goto out_err;
8378 }
8379 /* pass out for use in assoc */
8380 *conn = link->u.mgd.conn;
8381 }
8382
8383 if (new_sta) {
8384 /*
8385 * tell driver about BSSID, basic rates and timing
8386 * this was set up above, before setting the channel
8387 */
8388 ieee80211_link_info_change_notify(sdata, link,
8389 BSS_CHANGED_BSSID |
8390 BSS_CHANGED_BASIC_RATES |
8391 BSS_CHANGED_BEACON_INT);
8392
8393 if (assoc)
8394 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
8395
8396 err = sta_info_insert(new_sta);
8397 new_sta = NULL;
8398 if (err) {
8399 sdata_info(sdata,
8400 "failed to insert STA entry for the AP (error %d)\n",
8401 err);
8402 goto out_release_chan;
8403 }
8404 } else
8405 WARN_ON_ONCE(!ether_addr_equal(link->u.mgd.bssid, cbss->bssid));
8406
8407 /* Cancel scan to ensure that nothing interferes with connection */
8408 if (local->scanning)
8409 ieee80211_scan_cancel(local);
8410
8411 return 0;
8412
8413 out_release_chan:
8414 ieee80211_link_release_channel(link);
8415 out_err:
8416 ieee80211_vif_set_links(sdata, 0, 0);
8417 return err;
8418 }
8419
ieee80211_mgd_csa_present(struct ieee80211_sub_if_data * sdata,const struct cfg80211_bss_ies * ies,u8 cur_channel,bool ignore_ecsa)8420 static bool ieee80211_mgd_csa_present(struct ieee80211_sub_if_data *sdata,
8421 const struct cfg80211_bss_ies *ies,
8422 u8 cur_channel, bool ignore_ecsa)
8423 {
8424 const struct element *csa_elem, *ecsa_elem;
8425 struct ieee80211_channel_sw_ie *csa = NULL;
8426 struct ieee80211_ext_chansw_ie *ecsa = NULL;
8427
8428 if (!ies)
8429 return false;
8430
8431 csa_elem = cfg80211_find_elem(WLAN_EID_CHANNEL_SWITCH,
8432 ies->data, ies->len);
8433 if (csa_elem && csa_elem->datalen == sizeof(*csa))
8434 csa = (void *)csa_elem->data;
8435
8436 ecsa_elem = cfg80211_find_elem(WLAN_EID_EXT_CHANSWITCH_ANN,
8437 ies->data, ies->len);
8438 if (ecsa_elem && ecsa_elem->datalen == sizeof(*ecsa))
8439 ecsa = (void *)ecsa_elem->data;
8440
8441 if (csa && csa->count == 0)
8442 csa = NULL;
8443 if (csa && !csa->mode && csa->new_ch_num == cur_channel)
8444 csa = NULL;
8445
8446 if (ecsa && ecsa->count == 0)
8447 ecsa = NULL;
8448 if (ecsa && !ecsa->mode && ecsa->new_ch_num == cur_channel)
8449 ecsa = NULL;
8450
8451 if (ignore_ecsa && ecsa) {
8452 sdata_info(sdata,
8453 "Ignoring ECSA in probe response - was considered stuck!\n");
8454 return csa;
8455 }
8456
8457 return csa || ecsa;
8458 }
8459
ieee80211_mgd_csa_in_process(struct ieee80211_sub_if_data * sdata,struct cfg80211_bss * bss)8460 static bool ieee80211_mgd_csa_in_process(struct ieee80211_sub_if_data *sdata,
8461 struct cfg80211_bss *bss)
8462 {
8463 u8 cur_channel;
8464 bool ret;
8465
8466 cur_channel = ieee80211_frequency_to_channel(bss->channel->center_freq);
8467
8468 rcu_read_lock();
8469 if (ieee80211_mgd_csa_present(sdata,
8470 rcu_dereference(bss->beacon_ies),
8471 cur_channel, false)) {
8472 ret = true;
8473 goto out;
8474 }
8475
8476 if (ieee80211_mgd_csa_present(sdata,
8477 rcu_dereference(bss->proberesp_ies),
8478 cur_channel, bss->proberesp_ecsa_stuck)) {
8479 ret = true;
8480 goto out;
8481 }
8482
8483 ret = false;
8484 out:
8485 rcu_read_unlock();
8486 return ret;
8487 }
8488
8489 /* config hooks */
ieee80211_mgd_auth(struct ieee80211_sub_if_data * sdata,struct cfg80211_auth_request * req)8490 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
8491 struct cfg80211_auth_request *req)
8492 {
8493 struct ieee80211_local *local = sdata->local;
8494 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8495 struct ieee80211_mgd_auth_data *auth_data;
8496 struct ieee80211_conn_settings conn;
8497 struct ieee80211_link_data *link;
8498 struct ieee80211_supported_band *sband;
8499 struct ieee80211_bss *bss;
8500 u16 auth_alg;
8501 int err;
8502 bool cont_auth, wmm_used;
8503
8504 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8505
8506 /* prepare auth data structure */
8507
8508 switch (req->auth_type) {
8509 case NL80211_AUTHTYPE_OPEN_SYSTEM:
8510 auth_alg = WLAN_AUTH_OPEN;
8511 break;
8512 case NL80211_AUTHTYPE_SHARED_KEY:
8513 if (fips_enabled)
8514 return -EOPNOTSUPP;
8515 auth_alg = WLAN_AUTH_SHARED_KEY;
8516 break;
8517 case NL80211_AUTHTYPE_FT:
8518 auth_alg = WLAN_AUTH_FT;
8519 break;
8520 case NL80211_AUTHTYPE_NETWORK_EAP:
8521 auth_alg = WLAN_AUTH_LEAP;
8522 break;
8523 case NL80211_AUTHTYPE_SAE:
8524 auth_alg = WLAN_AUTH_SAE;
8525 break;
8526 case NL80211_AUTHTYPE_FILS_SK:
8527 auth_alg = WLAN_AUTH_FILS_SK;
8528 break;
8529 case NL80211_AUTHTYPE_FILS_SK_PFS:
8530 auth_alg = WLAN_AUTH_FILS_SK_PFS;
8531 break;
8532 case NL80211_AUTHTYPE_FILS_PK:
8533 auth_alg = WLAN_AUTH_FILS_PK;
8534 break;
8535 default:
8536 return -EOPNOTSUPP;
8537 }
8538
8539 if (ifmgd->assoc_data)
8540 return -EBUSY;
8541
8542 if (ieee80211_mgd_csa_in_process(sdata, req->bss)) {
8543 sdata_info(sdata, "AP is in CSA process, reject auth\n");
8544 return -EINVAL;
8545 }
8546
8547 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len +
8548 req->ie_len, GFP_KERNEL);
8549 if (!auth_data)
8550 return -ENOMEM;
8551
8552 memcpy(auth_data->ap_addr,
8553 req->ap_mld_addr ?: req->bss->bssid,
8554 ETH_ALEN);
8555 auth_data->bss = req->bss;
8556 auth_data->link_id = req->link_id;
8557
8558 if (req->auth_data_len >= 4) {
8559 if (req->auth_type == NL80211_AUTHTYPE_SAE) {
8560 __le16 *pos = (__le16 *) req->auth_data;
8561
8562 auth_data->sae_trans = le16_to_cpu(pos[0]);
8563 auth_data->sae_status = le16_to_cpu(pos[1]);
8564 }
8565 memcpy(auth_data->data, req->auth_data + 4,
8566 req->auth_data_len - 4);
8567 auth_data->data_len += req->auth_data_len - 4;
8568 }
8569
8570 /* Check if continuing authentication or trying to authenticate with the
8571 * same BSS that we were in the process of authenticating with and avoid
8572 * removal and re-addition of the STA entry in
8573 * ieee80211_prep_connection().
8574 */
8575 cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss &&
8576 ifmgd->auth_data->link_id == req->link_id;
8577
8578 if (req->ie && req->ie_len) {
8579 memcpy(&auth_data->data[auth_data->data_len],
8580 req->ie, req->ie_len);
8581 auth_data->data_len += req->ie_len;
8582 }
8583
8584 if (req->key && req->key_len) {
8585 auth_data->key_len = req->key_len;
8586 auth_data->key_idx = req->key_idx;
8587 memcpy(auth_data->key, req->key, req->key_len);
8588 }
8589
8590 auth_data->algorithm = auth_alg;
8591
8592 /* try to authenticate/probe */
8593
8594 if (ifmgd->auth_data) {
8595 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) {
8596 auth_data->peer_confirmed =
8597 ifmgd->auth_data->peer_confirmed;
8598 }
8599 ieee80211_destroy_auth_data(sdata, cont_auth);
8600 }
8601
8602 /* prep auth_data so we don't go into idle on disassoc */
8603 ifmgd->auth_data = auth_data;
8604
8605 /* If this is continuation of an ongoing SAE authentication exchange
8606 * (i.e., request to send SAE Confirm) and the peer has already
8607 * confirmed, mark authentication completed since we are about to send
8608 * out SAE Confirm.
8609 */
8610 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE &&
8611 auth_data->peer_confirmed && auth_data->sae_trans == 2)
8612 ieee80211_mark_sta_auth(sdata);
8613
8614 if (ifmgd->associated) {
8615 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8616
8617 sdata_info(sdata,
8618 "disconnect from AP %pM for new auth to %pM\n",
8619 sdata->vif.cfg.ap_addr, auth_data->ap_addr);
8620 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
8621 WLAN_REASON_UNSPECIFIED,
8622 false, frame_buf);
8623
8624 ieee80211_report_disconnect(sdata, frame_buf,
8625 sizeof(frame_buf), true,
8626 WLAN_REASON_UNSPECIFIED,
8627 false);
8628 }
8629
8630 /* needed for transmitting the auth frame(s) properly */
8631 memcpy(sdata->vif.cfg.ap_addr, auth_data->ap_addr, ETH_ALEN);
8632
8633 bss = (void *)req->bss->priv;
8634 wmm_used = bss->wmm_used && (local->hw.queues >= IEEE80211_NUM_ACS);
8635
8636 sband = local->hw.wiphy->bands[req->bss->channel->band];
8637
8638 ieee80211_determine_our_sta_mode_auth(sdata, sband, req, wmm_used,
8639 &conn);
8640
8641 err = ieee80211_prep_connection(sdata, req->bss, req->link_id,
8642 req->ap_mld_addr, cont_auth,
8643 &conn, false);
8644 if (err)
8645 goto err_clear;
8646
8647 if (req->link_id >= 0)
8648 link = sdata_dereference(sdata->link[req->link_id], sdata);
8649 else
8650 link = &sdata->deflink;
8651
8652 if (WARN_ON(!link)) {
8653 err = -ENOLINK;
8654 goto err_clear;
8655 }
8656
8657 sdata_info(sdata, "authenticate with %pM (local address=%pM)\n",
8658 auth_data->ap_addr, link->conf->addr);
8659
8660 err = ieee80211_auth(sdata);
8661 if (err) {
8662 sta_info_destroy_addr(sdata, auth_data->ap_addr);
8663 goto err_clear;
8664 }
8665
8666 /* hold our own reference */
8667 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
8668 return 0;
8669
8670 err_clear:
8671 if (!ieee80211_vif_is_mld(&sdata->vif)) {
8672 eth_zero_addr(sdata->deflink.u.mgd.bssid);
8673 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
8674 BSS_CHANGED_BSSID);
8675 ieee80211_link_release_channel(&sdata->deflink);
8676 }
8677 ifmgd->auth_data = NULL;
8678 kfree(auth_data);
8679 return err;
8680 }
8681
8682 static void
ieee80211_setup_assoc_link(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * assoc_data,struct cfg80211_assoc_request * req,struct ieee80211_conn_settings * conn,unsigned int link_id)8683 ieee80211_setup_assoc_link(struct ieee80211_sub_if_data *sdata,
8684 struct ieee80211_mgd_assoc_data *assoc_data,
8685 struct cfg80211_assoc_request *req,
8686 struct ieee80211_conn_settings *conn,
8687 unsigned int link_id)
8688 {
8689 struct ieee80211_local *local = sdata->local;
8690 const struct cfg80211_bss_ies *bss_ies;
8691 struct ieee80211_supported_band *sband;
8692 struct ieee80211_link_data *link;
8693 struct cfg80211_bss *cbss;
8694 struct ieee80211_bss *bss;
8695
8696 cbss = assoc_data->link[link_id].bss;
8697 if (WARN_ON(!cbss))
8698 return;
8699
8700 bss = (void *)cbss->priv;
8701
8702 sband = local->hw.wiphy->bands[cbss->channel->band];
8703 if (WARN_ON(!sband))
8704 return;
8705
8706 link = sdata_dereference(sdata->link[link_id], sdata);
8707 if (WARN_ON(!link))
8708 return;
8709
8710 /* for MLO connections assume advertising all rates is OK */
8711 if (!req->ap_mld_addr) {
8712 assoc_data->supp_rates = bss->supp_rates;
8713 assoc_data->supp_rates_len = bss->supp_rates_len;
8714 }
8715
8716 /* copy and link elems for the STA profile */
8717 if (req->links[link_id].elems_len) {
8718 memcpy(assoc_data->ie_pos, req->links[link_id].elems,
8719 req->links[link_id].elems_len);
8720 assoc_data->link[link_id].elems = assoc_data->ie_pos;
8721 assoc_data->link[link_id].elems_len = req->links[link_id].elems_len;
8722 assoc_data->ie_pos += req->links[link_id].elems_len;
8723 }
8724
8725 link->u.mgd.beacon_crc_valid = false;
8726 link->u.mgd.dtim_period = 0;
8727 link->u.mgd.have_beacon = false;
8728
8729 /* override HT configuration only if the AP and we support it */
8730 if (conn->mode >= IEEE80211_CONN_MODE_HT) {
8731 struct ieee80211_sta_ht_cap sta_ht_cap;
8732
8733 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
8734 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
8735 }
8736
8737 rcu_read_lock();
8738 bss_ies = rcu_dereference(cbss->beacon_ies);
8739 if (bss_ies) {
8740 u8 dtim_count = 0;
8741
8742 ieee80211_get_dtim(bss_ies, &dtim_count,
8743 &link->u.mgd.dtim_period);
8744
8745 sdata->deflink.u.mgd.have_beacon = true;
8746
8747 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
8748 link->conf->sync_tsf = bss_ies->tsf;
8749 link->conf->sync_device_ts = bss->device_ts_beacon;
8750 link->conf->sync_dtim_count = dtim_count;
8751 }
8752 } else {
8753 bss_ies = rcu_dereference(cbss->ies);
8754 }
8755
8756 if (bss_ies) {
8757 const struct element *elem;
8758
8759 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION,
8760 bss_ies->data, bss_ies->len);
8761 if (elem && elem->datalen >= 3)
8762 link->conf->profile_periodicity = elem->data[2];
8763 else
8764 link->conf->profile_periodicity = 0;
8765
8766 elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
8767 bss_ies->data, bss_ies->len);
8768 if (elem && elem->datalen >= 11 &&
8769 (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
8770 link->conf->ema_ap = true;
8771 else
8772 link->conf->ema_ap = false;
8773 }
8774 rcu_read_unlock();
8775
8776 if (bss->corrupt_data) {
8777 char *corrupt_type = "data";
8778
8779 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
8780 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
8781 corrupt_type = "beacon and probe response";
8782 else
8783 corrupt_type = "beacon";
8784 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) {
8785 corrupt_type = "probe response";
8786 }
8787 sdata_info(sdata, "associating to AP %pM with corrupt %s\n",
8788 cbss->bssid, corrupt_type);
8789 }
8790
8791 if (link->u.mgd.req_smps == IEEE80211_SMPS_AUTOMATIC) {
8792 if (sdata->u.mgd.powersave)
8793 link->smps_mode = IEEE80211_SMPS_DYNAMIC;
8794 else
8795 link->smps_mode = IEEE80211_SMPS_OFF;
8796 } else {
8797 link->smps_mode = link->u.mgd.req_smps;
8798 }
8799 }
8800
8801 static int
ieee80211_mgd_get_ap_ht_vht_capa(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * assoc_data,int link_id)8802 ieee80211_mgd_get_ap_ht_vht_capa(struct ieee80211_sub_if_data *sdata,
8803 struct ieee80211_mgd_assoc_data *assoc_data,
8804 int link_id)
8805 {
8806 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
8807 enum nl80211_band band = cbss->channel->band;
8808 struct ieee80211_supported_band *sband;
8809 const struct element *elem;
8810 int err;
8811
8812 /* neither HT nor VHT elements used on 6 GHz */
8813 if (band == NL80211_BAND_6GHZ)
8814 return 0;
8815
8816 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_HT)
8817 return 0;
8818
8819 rcu_read_lock();
8820 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_OPERATION);
8821 if (!elem || elem->datalen < sizeof(struct ieee80211_ht_operation)) {
8822 mlme_link_id_dbg(sdata, link_id, "no HT operation on BSS %pM\n",
8823 cbss->bssid);
8824 err = -EINVAL;
8825 goto out_rcu;
8826 }
8827 assoc_data->link[link_id].ap_ht_param =
8828 ((struct ieee80211_ht_operation *)(elem->data))->ht_param;
8829 rcu_read_unlock();
8830
8831 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_VHT)
8832 return 0;
8833
8834 /* some drivers want to support VHT on 2.4 GHz even */
8835 sband = sdata->local->hw.wiphy->bands[band];
8836 if (!sband->vht_cap.vht_supported)
8837 return 0;
8838
8839 rcu_read_lock();
8840 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY);
8841 /* but even then accept it not being present on the AP */
8842 if (!elem && band == NL80211_BAND_2GHZ) {
8843 err = 0;
8844 goto out_rcu;
8845 }
8846 if (!elem || elem->datalen < sizeof(struct ieee80211_vht_cap)) {
8847 mlme_link_id_dbg(sdata, link_id, "no VHT capa on BSS %pM\n",
8848 cbss->bssid);
8849 err = -EINVAL;
8850 goto out_rcu;
8851 }
8852 memcpy(&assoc_data->link[link_id].ap_vht_cap, elem->data,
8853 sizeof(struct ieee80211_vht_cap));
8854 rcu_read_unlock();
8855
8856 return 0;
8857 out_rcu:
8858 rcu_read_unlock();
8859 return err;
8860 }
8861
ieee80211_mgd_assoc(struct ieee80211_sub_if_data * sdata,struct cfg80211_assoc_request * req)8862 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
8863 struct cfg80211_assoc_request *req)
8864 {
8865 unsigned int assoc_link_id = req->link_id < 0 ? 0 : req->link_id;
8866 struct ieee80211_local *local = sdata->local;
8867 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8868 struct ieee80211_mgd_assoc_data *assoc_data;
8869 const struct element *ssid_elem;
8870 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
8871 struct ieee80211_link_data *link;
8872 struct cfg80211_bss *cbss;
8873 bool override, uapsd_supported;
8874 bool match_auth;
8875 int i, err;
8876 size_t size = sizeof(*assoc_data) + req->ie_len;
8877
8878 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++)
8879 size += req->links[i].elems_len;
8880
8881 /* FIXME: no support for 4-addr MLO yet */
8882 if (sdata->u.mgd.use_4addr && req->link_id >= 0)
8883 return -EOPNOTSUPP;
8884
8885 assoc_data = kzalloc(size, GFP_KERNEL);
8886 if (!assoc_data)
8887 return -ENOMEM;
8888
8889 cbss = req->link_id < 0 ? req->bss : req->links[req->link_id].bss;
8890
8891 if (ieee80211_mgd_csa_in_process(sdata, cbss)) {
8892 sdata_info(sdata, "AP is in CSA process, reject assoc\n");
8893 err = -EINVAL;
8894 goto err_free;
8895 }
8896
8897 rcu_read_lock();
8898 ssid_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID);
8899 if (!ssid_elem || ssid_elem->datalen > sizeof(assoc_data->ssid)) {
8900 rcu_read_unlock();
8901 err = -EINVAL;
8902 goto err_free;
8903 }
8904
8905 memcpy(assoc_data->ssid, ssid_elem->data, ssid_elem->datalen);
8906 assoc_data->ssid_len = ssid_elem->datalen;
8907 rcu_read_unlock();
8908
8909 if (req->ap_mld_addr)
8910 memcpy(assoc_data->ap_addr, req->ap_mld_addr, ETH_ALEN);
8911 else
8912 memcpy(assoc_data->ap_addr, cbss->bssid, ETH_ALEN);
8913
8914 if (ifmgd->associated) {
8915 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8916
8917 sdata_info(sdata,
8918 "disconnect from AP %pM for new assoc to %pM\n",
8919 sdata->vif.cfg.ap_addr, assoc_data->ap_addr);
8920 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
8921 WLAN_REASON_UNSPECIFIED,
8922 false, frame_buf);
8923
8924 ieee80211_report_disconnect(sdata, frame_buf,
8925 sizeof(frame_buf), true,
8926 WLAN_REASON_UNSPECIFIED,
8927 false);
8928 }
8929
8930 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
8931 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
8932 sizeof(ifmgd->ht_capa_mask));
8933
8934 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
8935 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
8936 sizeof(ifmgd->vht_capa_mask));
8937
8938 memcpy(&ifmgd->s1g_capa, &req->s1g_capa, sizeof(ifmgd->s1g_capa));
8939 memcpy(&ifmgd->s1g_capa_mask, &req->s1g_capa_mask,
8940 sizeof(ifmgd->s1g_capa_mask));
8941
8942 /* keep some setup (AP STA, channel, ...) if matching */
8943 match_auth = ifmgd->auth_data &&
8944 ether_addr_equal(ifmgd->auth_data->ap_addr,
8945 assoc_data->ap_addr) &&
8946 ifmgd->auth_data->link_id == req->link_id;
8947
8948 if (req->ap_mld_addr) {
8949 uapsd_supported = true;
8950
8951 if (req->flags & (ASSOC_REQ_DISABLE_HT |
8952 ASSOC_REQ_DISABLE_VHT |
8953 ASSOC_REQ_DISABLE_HE |
8954 ASSOC_REQ_DISABLE_EHT)) {
8955 err = -EINVAL;
8956 goto err_free;
8957 }
8958
8959 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
8960 struct ieee80211_supported_band *sband;
8961 struct cfg80211_bss *link_cbss = req->links[i].bss;
8962 struct ieee80211_bss *bss;
8963
8964 if (!link_cbss)
8965 continue;
8966
8967 bss = (void *)link_cbss->priv;
8968
8969 if (!bss->wmm_used) {
8970 err = -EINVAL;
8971 req->links[i].error = err;
8972 goto err_free;
8973 }
8974
8975 if (link_cbss->channel->band == NL80211_BAND_S1GHZ) {
8976 err = -EINVAL;
8977 req->links[i].error = err;
8978 goto err_free;
8979 }
8980
8981 link = sdata_dereference(sdata->link[i], sdata);
8982 if (link)
8983 ether_addr_copy(assoc_data->link[i].addr,
8984 link->conf->addr);
8985 else
8986 eth_random_addr(assoc_data->link[i].addr);
8987 sband = local->hw.wiphy->bands[link_cbss->channel->band];
8988
8989 if (match_auth && i == assoc_link_id && link)
8990 assoc_data->link[i].conn = link->u.mgd.conn;
8991 else
8992 assoc_data->link[i].conn =
8993 ieee80211_conn_settings_unlimited;
8994 ieee80211_determine_our_sta_mode_assoc(sdata, sband,
8995 req, true, i,
8996 &assoc_data->link[i].conn);
8997 assoc_data->link[i].bss = link_cbss;
8998 assoc_data->link[i].disabled = req->links[i].disabled;
8999
9000 if (!bss->uapsd_supported)
9001 uapsd_supported = false;
9002
9003 if (assoc_data->link[i].conn.mode < IEEE80211_CONN_MODE_EHT) {
9004 err = -EINVAL;
9005 req->links[i].error = err;
9006 goto err_free;
9007 }
9008
9009 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata,
9010 assoc_data, i);
9011 if (err) {
9012 err = -EINVAL;
9013 req->links[i].error = err;
9014 goto err_free;
9015 }
9016 }
9017
9018 assoc_data->wmm = true;
9019 } else {
9020 struct ieee80211_supported_band *sband;
9021 struct ieee80211_bss *bss = (void *)cbss->priv;
9022
9023 memcpy(assoc_data->link[0].addr, sdata->vif.addr, ETH_ALEN);
9024 assoc_data->s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
9025
9026 assoc_data->wmm = bss->wmm_used &&
9027 (local->hw.queues >= IEEE80211_NUM_ACS);
9028
9029 if (cbss->channel->band == NL80211_BAND_6GHZ &&
9030 req->flags & (ASSOC_REQ_DISABLE_HT |
9031 ASSOC_REQ_DISABLE_VHT |
9032 ASSOC_REQ_DISABLE_HE)) {
9033 err = -EINVAL;
9034 goto err_free;
9035 }
9036
9037 sband = local->hw.wiphy->bands[cbss->channel->band];
9038
9039 assoc_data->link[0].bss = cbss;
9040
9041 if (match_auth)
9042 assoc_data->link[0].conn = sdata->deflink.u.mgd.conn;
9043 else
9044 assoc_data->link[0].conn =
9045 ieee80211_conn_settings_unlimited;
9046 ieee80211_determine_our_sta_mode_assoc(sdata, sband, req,
9047 assoc_data->wmm, 0,
9048 &assoc_data->link[0].conn);
9049
9050 uapsd_supported = bss->uapsd_supported;
9051
9052 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata, assoc_data, 0);
9053 if (err)
9054 goto err_free;
9055 }
9056
9057 assoc_data->spp_amsdu = req->flags & ASSOC_REQ_SPP_AMSDU;
9058
9059 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
9060 err = -EBUSY;
9061 goto err_free;
9062 }
9063
9064 if (ifmgd->assoc_data) {
9065 err = -EBUSY;
9066 goto err_free;
9067 }
9068
9069 /* Cleanup is delayed if auth_data matches */
9070 if (ifmgd->auth_data && !match_auth)
9071 ieee80211_destroy_auth_data(sdata, false);
9072
9073 if (req->ie && req->ie_len) {
9074 memcpy(assoc_data->ie, req->ie, req->ie_len);
9075 assoc_data->ie_len = req->ie_len;
9076 assoc_data->ie_pos = assoc_data->ie + assoc_data->ie_len;
9077 } else {
9078 assoc_data->ie_pos = assoc_data->ie;
9079 }
9080
9081 if (req->fils_kek) {
9082 /* should already be checked in cfg80211 - so warn */
9083 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) {
9084 err = -EINVAL;
9085 goto err_free;
9086 }
9087 memcpy(assoc_data->fils_kek, req->fils_kek,
9088 req->fils_kek_len);
9089 assoc_data->fils_kek_len = req->fils_kek_len;
9090 }
9091
9092 if (req->fils_nonces)
9093 memcpy(assoc_data->fils_nonces, req->fils_nonces,
9094 2 * FILS_NONCE_LEN);
9095
9096 /* default timeout */
9097 assoc_data->timeout = jiffies;
9098 assoc_data->timeout_started = true;
9099
9100 assoc_data->assoc_link_id = assoc_link_id;
9101
9102 if (req->ap_mld_addr) {
9103 /* if there was no authentication, set up the link */
9104 err = ieee80211_vif_set_links(sdata, BIT(assoc_link_id), 0);
9105 if (err)
9106 goto err_clear;
9107 }
9108
9109 link = sdata_dereference(sdata->link[assoc_link_id], sdata);
9110 if (WARN_ON(!link)) {
9111 err = -EINVAL;
9112 goto err_clear;
9113 }
9114
9115 override = link->u.mgd.conn.mode !=
9116 assoc_data->link[assoc_link_id].conn.mode ||
9117 link->u.mgd.conn.bw_limit !=
9118 assoc_data->link[assoc_link_id].conn.bw_limit;
9119 link->u.mgd.conn = assoc_data->link[assoc_link_id].conn;
9120
9121 ieee80211_setup_assoc_link(sdata, assoc_data, req, &link->u.mgd.conn,
9122 assoc_link_id);
9123
9124 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) &&
9125 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK),
9126 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n"))
9127 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD;
9128
9129 if (assoc_data->wmm && uapsd_supported &&
9130 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) {
9131 assoc_data->uapsd = true;
9132 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
9133 } else {
9134 assoc_data->uapsd = false;
9135 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
9136 }
9137
9138 if (req->prev_bssid)
9139 memcpy(assoc_data->prev_ap_addr, req->prev_bssid, ETH_ALEN);
9140
9141 if (req->use_mfp) {
9142 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
9143 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
9144 } else {
9145 ifmgd->mfp = IEEE80211_MFP_DISABLED;
9146 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
9147 }
9148
9149 if (req->flags & ASSOC_REQ_USE_RRM)
9150 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM;
9151 else
9152 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM;
9153
9154 if (req->crypto.control_port)
9155 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
9156 else
9157 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
9158
9159 sdata->control_port_protocol = req->crypto.control_port_ethertype;
9160 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
9161 sdata->control_port_over_nl80211 =
9162 req->crypto.control_port_over_nl80211;
9163 sdata->control_port_no_preauth = req->crypto.control_port_no_preauth;
9164
9165 /* kick off associate process */
9166 ifmgd->assoc_data = assoc_data;
9167
9168 for (i = 0; i < ARRAY_SIZE(assoc_data->link); i++) {
9169 if (!assoc_data->link[i].bss)
9170 continue;
9171 if (i == assoc_data->assoc_link_id)
9172 continue;
9173 /* only calculate the mode, hence link == NULL */
9174 err = ieee80211_prep_channel(sdata, NULL, i,
9175 assoc_data->link[i].bss, true,
9176 &assoc_data->link[i].conn);
9177 if (err) {
9178 req->links[i].error = err;
9179 goto err_clear;
9180 }
9181 }
9182
9183 memcpy(vif_cfg->ssid, assoc_data->ssid, assoc_data->ssid_len);
9184 vif_cfg->ssid_len = assoc_data->ssid_len;
9185
9186 /* needed for transmitting the assoc frames properly */
9187 memcpy(sdata->vif.cfg.ap_addr, assoc_data->ap_addr, ETH_ALEN);
9188
9189 err = ieee80211_prep_connection(sdata, cbss, req->link_id,
9190 req->ap_mld_addr, true,
9191 &assoc_data->link[assoc_link_id].conn,
9192 override);
9193 if (err)
9194 goto err_clear;
9195
9196 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC)) {
9197 const struct cfg80211_bss_ies *beacon_ies;
9198
9199 rcu_read_lock();
9200 beacon_ies = rcu_dereference(req->bss->beacon_ies);
9201 if (!beacon_ies) {
9202 /*
9203 * Wait up to one beacon interval ...
9204 * should this be more if we miss one?
9205 */
9206 sdata_info(sdata, "waiting for beacon from %pM\n",
9207 link->u.mgd.bssid);
9208 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
9209 assoc_data->timeout_started = true;
9210 assoc_data->need_beacon = true;
9211 }
9212 rcu_read_unlock();
9213 }
9214
9215 run_again(sdata, assoc_data->timeout);
9216
9217 /* We are associating, clean up auth_data */
9218 if (ifmgd->auth_data)
9219 ieee80211_destroy_auth_data(sdata, true);
9220
9221 return 0;
9222 err_clear:
9223 if (!ifmgd->auth_data) {
9224 eth_zero_addr(sdata->deflink.u.mgd.bssid);
9225 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
9226 BSS_CHANGED_BSSID);
9227 }
9228 ifmgd->assoc_data = NULL;
9229 err_free:
9230 kfree(assoc_data);
9231 return err;
9232 }
9233
ieee80211_mgd_deauth(struct ieee80211_sub_if_data * sdata,struct cfg80211_deauth_request * req)9234 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
9235 struct cfg80211_deauth_request *req)
9236 {
9237 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
9238 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
9239 bool tx = !req->local_state_change;
9240 struct ieee80211_prep_tx_info info = {
9241 .subtype = IEEE80211_STYPE_DEAUTH,
9242 };
9243
9244 if (ifmgd->auth_data &&
9245 ether_addr_equal(ifmgd->auth_data->ap_addr, req->bssid)) {
9246 sdata_info(sdata,
9247 "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
9248 req->bssid, req->reason_code,
9249 ieee80211_get_reason_code_string(req->reason_code));
9250
9251 info.link_id = ifmgd->auth_data->link_id;
9252 drv_mgd_prepare_tx(sdata->local, sdata, &info);
9253 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
9254 IEEE80211_STYPE_DEAUTH,
9255 req->reason_code, tx,
9256 frame_buf);
9257 ieee80211_destroy_auth_data(sdata, false);
9258 ieee80211_report_disconnect(sdata, frame_buf,
9259 sizeof(frame_buf), true,
9260 req->reason_code, false);
9261 drv_mgd_complete_tx(sdata->local, sdata, &info);
9262 return 0;
9263 }
9264
9265 if (ifmgd->assoc_data &&
9266 ether_addr_equal(ifmgd->assoc_data->ap_addr, req->bssid)) {
9267 sdata_info(sdata,
9268 "aborting association with %pM by local choice (Reason: %u=%s)\n",
9269 req->bssid, req->reason_code,
9270 ieee80211_get_reason_code_string(req->reason_code));
9271
9272 info.link_id = ifmgd->assoc_data->assoc_link_id;
9273 drv_mgd_prepare_tx(sdata->local, sdata, &info);
9274 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
9275 IEEE80211_STYPE_DEAUTH,
9276 req->reason_code, tx,
9277 frame_buf);
9278 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
9279 ieee80211_report_disconnect(sdata, frame_buf,
9280 sizeof(frame_buf), true,
9281 req->reason_code, false);
9282 drv_mgd_complete_tx(sdata->local, sdata, &info);
9283 return 0;
9284 }
9285
9286 if (ifmgd->associated &&
9287 ether_addr_equal(sdata->vif.cfg.ap_addr, req->bssid)) {
9288 sdata_info(sdata,
9289 "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
9290 req->bssid, req->reason_code,
9291 ieee80211_get_reason_code_string(req->reason_code));
9292
9293 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
9294 req->reason_code, tx, frame_buf);
9295 ieee80211_report_disconnect(sdata, frame_buf,
9296 sizeof(frame_buf), true,
9297 req->reason_code, false);
9298 drv_mgd_complete_tx(sdata->local, sdata, &info);
9299 return 0;
9300 }
9301
9302 return -ENOTCONN;
9303 }
9304
ieee80211_mgd_disassoc(struct ieee80211_sub_if_data * sdata,struct cfg80211_disassoc_request * req)9305 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
9306 struct cfg80211_disassoc_request *req)
9307 {
9308 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
9309
9310 if (!sdata->u.mgd.associated ||
9311 memcmp(sdata->vif.cfg.ap_addr, req->ap_addr, ETH_ALEN))
9312 return -ENOTCONN;
9313
9314 sdata_info(sdata,
9315 "disassociating from %pM by local choice (Reason: %u=%s)\n",
9316 req->ap_addr, req->reason_code,
9317 ieee80211_get_reason_code_string(req->reason_code));
9318
9319 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
9320 req->reason_code, !req->local_state_change,
9321 frame_buf);
9322
9323 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
9324 req->reason_code, false);
9325
9326 return 0;
9327 }
9328
ieee80211_mgd_stop_link(struct ieee80211_link_data * link)9329 void ieee80211_mgd_stop_link(struct ieee80211_link_data *link)
9330 {
9331 wiphy_work_cancel(link->sdata->local->hw.wiphy,
9332 &link->u.mgd.request_smps_work);
9333 wiphy_work_cancel(link->sdata->local->hw.wiphy,
9334 &link->u.mgd.recalc_smps);
9335 wiphy_delayed_work_cancel(link->sdata->local->hw.wiphy,
9336 &link->u.mgd.csa.switch_work);
9337 }
9338
ieee80211_mgd_stop(struct ieee80211_sub_if_data * sdata)9339 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
9340 {
9341 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
9342
9343 /*
9344 * Make sure some work items will not run after this,
9345 * they will not do anything but might not have been
9346 * cancelled when disconnecting.
9347 */
9348 wiphy_work_cancel(sdata->local->hw.wiphy,
9349 &ifmgd->monitor_work);
9350 wiphy_work_cancel(sdata->local->hw.wiphy,
9351 &ifmgd->beacon_connection_loss_work);
9352 wiphy_work_cancel(sdata->local->hw.wiphy,
9353 &ifmgd->csa_connection_drop_work);
9354 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
9355 &ifmgd->tdls_peer_del_work);
9356
9357 if (ifmgd->assoc_data)
9358 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
9359 if (ifmgd->auth_data)
9360 ieee80211_destroy_auth_data(sdata, false);
9361 spin_lock_bh(&ifmgd->teardown_lock);
9362 if (ifmgd->teardown_skb) {
9363 kfree_skb(ifmgd->teardown_skb);
9364 ifmgd->teardown_skb = NULL;
9365 ifmgd->orig_teardown_skb = NULL;
9366 }
9367 kfree(ifmgd->assoc_req_ies);
9368 ifmgd->assoc_req_ies = NULL;
9369 ifmgd->assoc_req_ies_len = 0;
9370 spin_unlock_bh(&ifmgd->teardown_lock);
9371 del_timer_sync(&ifmgd->timer);
9372 }
9373
ieee80211_cqm_rssi_notify(struct ieee80211_vif * vif,enum nl80211_cqm_rssi_threshold_event rssi_event,s32 rssi_level,gfp_t gfp)9374 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
9375 enum nl80211_cqm_rssi_threshold_event rssi_event,
9376 s32 rssi_level,
9377 gfp_t gfp)
9378 {
9379 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
9380
9381 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level);
9382
9383 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp);
9384 }
9385 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
9386
ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif * vif,gfp_t gfp)9387 void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp)
9388 {
9389 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
9390
9391 trace_api_cqm_beacon_loss_notify(sdata->local, sdata);
9392
9393 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp);
9394 }
9395 EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify);
9396
_ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data * sdata,int rssi_min_thold,int rssi_max_thold)9397 static void _ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data *sdata,
9398 int rssi_min_thold,
9399 int rssi_max_thold)
9400 {
9401 trace_api_enable_rssi_reports(sdata, rssi_min_thold, rssi_max_thold);
9402
9403 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
9404 return;
9405
9406 /*
9407 * Scale up threshold values before storing it, as the RSSI averaging
9408 * algorithm uses a scaled up value as well. Change this scaling
9409 * factor if the RSSI averaging algorithm changes.
9410 */
9411 sdata->u.mgd.rssi_min_thold = rssi_min_thold*16;
9412 sdata->u.mgd.rssi_max_thold = rssi_max_thold*16;
9413 }
9414
ieee80211_enable_rssi_reports(struct ieee80211_vif * vif,int rssi_min_thold,int rssi_max_thold)9415 void ieee80211_enable_rssi_reports(struct ieee80211_vif *vif,
9416 int rssi_min_thold,
9417 int rssi_max_thold)
9418 {
9419 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
9420
9421 WARN_ON(rssi_min_thold == rssi_max_thold ||
9422 rssi_min_thold > rssi_max_thold);
9423
9424 _ieee80211_enable_rssi_reports(sdata, rssi_min_thold,
9425 rssi_max_thold);
9426 }
9427 EXPORT_SYMBOL(ieee80211_enable_rssi_reports);
9428
ieee80211_disable_rssi_reports(struct ieee80211_vif * vif)9429 void ieee80211_disable_rssi_reports(struct ieee80211_vif *vif)
9430 {
9431 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
9432
9433 _ieee80211_enable_rssi_reports(sdata, 0, 0);
9434 }
9435 EXPORT_SYMBOL(ieee80211_disable_rssi_reports);
9436