1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * BSS client mode implementation
4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2013-2014 Intel Mobile Communications GmbH
10 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
11 * Copyright (C) 2018 - 2026 Intel Corporation
12 */
13
14 #include <linux/delay.h>
15 #include <linux/fips.h>
16 #include <linux/if_ether.h>
17 #include <linux/skbuff.h>
18 #include <linux/if_arp.h>
19 #include <linux/etherdevice.h>
20 #include <linux/moduleparam.h>
21 #include <linux/rtnetlink.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <linux/unaligned.h>
27
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
30 #include "rate.h"
31 #include "led.h"
32 #include "fils_aead.h"
33
34 #include <kunit/static_stub.h>
35
36 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
37 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
38 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
39 #define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2)
40 #define IEEE80211_AUTH_MAX_TRIES 3
41 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
42 #define IEEE80211_AUTH_WAIT_SAE_RETRY (HZ * 2)
43 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
44 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
45 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
46 #define IEEE80211_ASSOC_MAX_TRIES 3
47
48 #define IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS (100 * USEC_PER_MSEC)
49 #define IEEE80211_ADV_TTLM_ST_UNDERFLOW 0xff00
50
51 #define IEEE80211_NEG_TTLM_REQ_TIMEOUT (HZ / 5)
52
53 static int max_nullfunc_tries = 2;
54 module_param(max_nullfunc_tries, int, 0644);
55 MODULE_PARM_DESC(max_nullfunc_tries,
56 "Maximum nullfunc tx tries before disconnecting (reason 4).");
57
58 static int max_probe_tries = 5;
59 module_param(max_probe_tries, int, 0644);
60 MODULE_PARM_DESC(max_probe_tries,
61 "Maximum probe tries before disconnecting (reason 4).");
62
63 /*
64 * Beacon loss timeout is calculated as N frames times the
65 * advertised beacon interval. This may need to be somewhat
66 * higher than what hardware might detect to account for
67 * delays in the host processing frames. But since we also
68 * probe on beacon miss before declaring the connection lost
69 * default to what we want.
70 */
71 static int beacon_loss_count = 7;
72 module_param(beacon_loss_count, int, 0644);
73 MODULE_PARM_DESC(beacon_loss_count,
74 "Number of beacon intervals before we decide beacon was lost.");
75
76 /*
77 * Time the connection can be idle before we probe
78 * it to see if we can still talk to the AP.
79 */
80 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
81 /*
82 * Time we wait for a probe response after sending
83 * a probe request because of beacon loss or for
84 * checking the connection still works.
85 */
86 static int probe_wait_ms = 500;
87 module_param(probe_wait_ms, int, 0644);
88 MODULE_PARM_DESC(probe_wait_ms,
89 "Maximum time(ms) to wait for probe response"
90 " before disconnecting (reason 4).");
91
92 /*
93 * How many Beacon frames need to have been used in average signal strength
94 * before starting to indicate signal change events.
95 */
96 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
97
98 /*
99 * We can have multiple work items (and connection probing)
100 * scheduling this timer, but we need to take care to only
101 * reschedule it when it should fire _earlier_ than it was
102 * asked for before, or if it's not pending right now. This
103 * function ensures that. Note that it then is required to
104 * run this function for all timeouts after the first one
105 * has happened -- the work that runs from this timer will
106 * do that.
107 */
run_again(struct ieee80211_sub_if_data * sdata,unsigned long timeout)108 static void run_again(struct ieee80211_sub_if_data *sdata,
109 unsigned long timeout)
110 {
111 lockdep_assert_wiphy(sdata->local->hw.wiphy);
112
113 if (!timer_pending(&sdata->u.mgd.timer) ||
114 time_before(timeout, sdata->u.mgd.timer.expires))
115 mod_timer(&sdata->u.mgd.timer, timeout);
116 }
117
ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data * sdata)118 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
119 {
120 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
121 return;
122
123 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
124 return;
125
126 mod_timer(&sdata->u.mgd.bcn_mon_timer,
127 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
128 }
129
ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data * sdata)130 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
131 {
132 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
133
134 if (unlikely(!ifmgd->associated))
135 return;
136
137 if (ifmgd->probe_send_count)
138 ifmgd->probe_send_count = 0;
139
140 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
141 return;
142
143 mod_timer(&ifmgd->conn_mon_timer,
144 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
145 }
146
ecw2cw(int ecw)147 static int ecw2cw(int ecw)
148 {
149 return (1 << ecw) - 1;
150 }
151
152 static enum ieee80211_conn_mode
ieee80211_determine_ap_chan(struct ieee80211_sub_if_data * sdata,struct ieee80211_channel * channel,u32 vht_cap_info,const struct ieee802_11_elems * elems,bool ignore_ht_channel_mismatch,const struct ieee80211_conn_settings * conn,struct cfg80211_chan_def * chandef)153 ieee80211_determine_ap_chan(struct ieee80211_sub_if_data *sdata,
154 struct ieee80211_channel *channel,
155 u32 vht_cap_info,
156 const struct ieee802_11_elems *elems,
157 bool ignore_ht_channel_mismatch,
158 const struct ieee80211_conn_settings *conn,
159 struct cfg80211_chan_def *chandef)
160 {
161 const struct ieee80211_ht_operation *ht_oper = elems->ht_operation;
162 const struct ieee80211_vht_operation *vht_oper = elems->vht_operation;
163 const struct ieee80211_he_operation *he_oper = elems->he_operation;
164 const struct ieee80211_eht_operation *eht_oper = elems->eht_operation;
165 const struct ieee80211_uhr_operation *uhr_oper = elems->uhr_operation;
166 struct ieee80211_supported_band *sband =
167 sdata->local->hw.wiphy->bands[channel->band];
168 struct cfg80211_chan_def vht_chandef;
169 bool no_vht = false;
170 u32 ht_cfreq;
171
172 if (ieee80211_hw_check(&sdata->local->hw, STRICT))
173 ignore_ht_channel_mismatch = false;
174
175 *chandef = (struct cfg80211_chan_def) {
176 .chan = channel,
177 .width = NL80211_CHAN_WIDTH_20_NOHT,
178 .center_freq1 = channel->center_freq,
179 .freq1_offset = channel->freq_offset,
180 };
181
182 /* get special S1G case out of the way */
183 if (sband->band == NL80211_BAND_S1GHZ) {
184 if (!ieee80211_chandef_s1g_oper(sdata->local, elems->s1g_oper,
185 chandef)) {
186 /* Fallback to default 1MHz */
187 chandef->width = NL80211_CHAN_WIDTH_1;
188 chandef->s1g_primary_2mhz = false;
189 }
190
191 return IEEE80211_CONN_MODE_S1G;
192 }
193
194 /* get special 6 GHz case out of the way */
195 if (sband->band == NL80211_BAND_6GHZ) {
196 enum ieee80211_conn_mode mode = IEEE80211_CONN_MODE_HIGHEST;
197
198 /* this is an error */
199 if (conn->mode < IEEE80211_CONN_MODE_HE)
200 return IEEE80211_CONN_MODE_LEGACY;
201
202 if (!elems->he_6ghz_capa || !elems->he_cap) {
203 sdata_info(sdata,
204 "HE 6 GHz AP is missing HE/HE 6 GHz band capability\n");
205 return IEEE80211_CONN_MODE_LEGACY;
206 }
207
208 if (!eht_oper || !elems->eht_cap) {
209 eht_oper = NULL;
210 mode = IEEE80211_CONN_MODE_HE;
211 }
212
213 if (!ieee80211_chandef_he_6ghz_oper(sdata->local, he_oper,
214 eht_oper, chandef)) {
215 sdata_info(sdata, "bad HE/EHT 6 GHz operation\n");
216 return IEEE80211_CONN_MODE_LEGACY;
217 }
218
219 if (mode <= IEEE80211_CONN_MODE_EHT)
220 return mode;
221 goto check_uhr;
222 }
223
224 /* now we have the progression HT, VHT, ... */
225 if (conn->mode < IEEE80211_CONN_MODE_HT)
226 return IEEE80211_CONN_MODE_LEGACY;
227
228 if (!ht_oper || !elems->ht_cap_elem)
229 return IEEE80211_CONN_MODE_LEGACY;
230
231 chandef->width = NL80211_CHAN_WIDTH_20;
232
233 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
234 channel->band);
235 /* check that channel matches the right operating channel */
236 if (!ignore_ht_channel_mismatch && channel->center_freq != ht_cfreq) {
237 /*
238 * It's possible that some APs are confused here;
239 * Netgear WNDR3700 sometimes reports 4 higher than
240 * the actual channel in association responses, but
241 * since we look at probe response/beacon data here
242 * it should be OK.
243 */
244 sdata_info(sdata,
245 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
246 channel->center_freq, ht_cfreq,
247 ht_oper->primary_chan, channel->band);
248 return IEEE80211_CONN_MODE_LEGACY;
249 }
250
251 ieee80211_chandef_ht_oper(ht_oper, chandef);
252
253 if (conn->mode < IEEE80211_CONN_MODE_VHT)
254 return IEEE80211_CONN_MODE_HT;
255
256 vht_chandef = *chandef;
257
258 /*
259 * having he_cap/he_oper parsed out implies we're at
260 * least operating as HE STA
261 */
262 if (elems->he_cap && he_oper &&
263 he_oper->he_oper_params & cpu_to_le32(IEEE80211_HE_OPERATION_VHT_OPER_INFO)) {
264 struct ieee80211_vht_operation he_oper_vht_cap;
265
266 /*
267 * Set only first 3 bytes (other 2 aren't used in
268 * ieee80211_chandef_vht_oper() anyway)
269 */
270 memcpy(&he_oper_vht_cap, he_oper->optional, 3);
271 he_oper_vht_cap.basic_mcs_set = cpu_to_le16(0);
272
273 if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info,
274 &he_oper_vht_cap, ht_oper,
275 &vht_chandef)) {
276 sdata_info(sdata,
277 "HE AP VHT information is invalid, disabling HE\n");
278 /* this will cause us to re-parse as VHT STA */
279 return IEEE80211_CONN_MODE_VHT;
280 }
281 } else if (!vht_oper || !elems->vht_cap_elem) {
282 if (sband->band == NL80211_BAND_5GHZ)
283 return IEEE80211_CONN_MODE_HT;
284 no_vht = true;
285 } else if (sband->band == NL80211_BAND_2GHZ) {
286 no_vht = true;
287 } else if (!ieee80211_chandef_vht_oper(&sdata->local->hw,
288 vht_cap_info,
289 vht_oper, ht_oper,
290 &vht_chandef)) {
291 sdata_info(sdata,
292 "AP VHT information is invalid, disabling VHT\n");
293 return IEEE80211_CONN_MODE_HT;
294 }
295
296 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
297 sdata_info(sdata,
298 "AP VHT information doesn't match HT, disabling VHT\n");
299 return IEEE80211_CONN_MODE_HT;
300 }
301
302 *chandef = vht_chandef;
303
304 /* stick to current max mode if we or the AP don't have HE */
305 if (conn->mode < IEEE80211_CONN_MODE_HE ||
306 !elems->he_operation || !elems->he_cap) {
307 if (no_vht)
308 return IEEE80211_CONN_MODE_HT;
309 return IEEE80211_CONN_MODE_VHT;
310 }
311
312 /* stick to HE if we or the AP don't have EHT */
313 if (conn->mode < IEEE80211_CONN_MODE_EHT ||
314 !eht_oper || !elems->eht_cap)
315 return IEEE80211_CONN_MODE_HE;
316
317 /*
318 * handle the case that the EHT operation indicates that it holds EHT
319 * operation information (in case that the channel width differs from
320 * the channel width reported in HT/VHT/HE).
321 */
322 if (eht_oper->params & IEEE80211_EHT_OPER_INFO_PRESENT) {
323 struct cfg80211_chan_def eht_chandef = *chandef;
324
325 ieee80211_chandef_eht_oper((const void *)eht_oper->optional,
326 &eht_chandef);
327
328 eht_chandef.punctured =
329 ieee80211_eht_oper_dis_subchan_bitmap(eht_oper);
330
331 if (!cfg80211_chandef_valid(&eht_chandef)) {
332 sdata_info(sdata,
333 "AP EHT information is invalid, disabling EHT\n");
334 return IEEE80211_CONN_MODE_HE;
335 }
336
337 if (!cfg80211_chandef_compatible(chandef, &eht_chandef)) {
338 sdata_info(sdata,
339 "AP EHT information doesn't match HT/VHT/HE, disabling EHT\n");
340 return IEEE80211_CONN_MODE_HE;
341 }
342
343 *chandef = eht_chandef;
344 }
345
346 check_uhr:
347 if (conn->mode < IEEE80211_CONN_MODE_UHR || !uhr_oper)
348 return IEEE80211_CONN_MODE_EHT;
349
350 /*
351 * In beacons we don't have all the data - but we know the size was OK,
352 * so if the size is valid as a non-beacon case, we have more data and
353 * can validate the NPCA parameters.
354 */
355 if (ieee80211_uhr_oper_size_ok((const void *)uhr_oper,
356 elems->uhr_operation_len,
357 false)) {
358 struct cfg80211_chan_def npca_chandef = *chandef;
359 const struct ieee80211_uhr_npca_info *npca;
360 const __le16 *dis_subch_bmap;
361 u16 punct = chandef->punctured, npca_punct;
362
363 npca = ieee80211_uhr_npca_info(uhr_oper);
364 if (npca) {
365 int width = cfg80211_chandef_get_width(chandef);
366 u8 offs = le32_get_bits(npca->params,
367 IEEE80211_UHR_NPCA_PARAMS_PRIMARY_CHAN_OFFS);
368 u32 cf1 = chandef->center_freq1;
369 bool pri_upper, npca_upper;
370
371 pri_upper = chandef->chan->center_freq > cf1;
372 npca_upper = 20 * offs >= width / 2;
373
374 if (20 * offs >= cfg80211_chandef_get_width(chandef) ||
375 pri_upper == npca_upper) {
376 sdata_info(sdata,
377 "AP UHR NPCA primary channel invalid, disabling UHR\n");
378 return IEEE80211_CONN_MODE_EHT;
379 }
380 }
381
382 dis_subch_bmap = ieee80211_uhr_npca_dis_subch_bitmap(uhr_oper);
383
384 if (dis_subch_bmap) {
385 npca_punct = get_unaligned_le16(dis_subch_bmap);
386 npca_chandef.punctured = npca_punct;
387 }
388
389 /*
390 * must be a valid puncturing pattern for this channel as
391 * well as puncturing all subchannels that are already in
392 * the disabled subchannel bitmap on the primary channel
393 */
394 if (!cfg80211_chandef_valid(&npca_chandef) ||
395 ((punct & npca_punct) != punct)) {
396 sdata_info(sdata,
397 "AP UHR NPCA disabled subchannel bitmap invalid, disabling UHR\n");
398 return IEEE80211_CONN_MODE_EHT;
399 }
400 }
401
402 return IEEE80211_CONN_MODE_UHR;
403 }
404
405 static bool
ieee80211_verify_sta_ht_mcs_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct ieee80211_ht_operation * ht_op)406 ieee80211_verify_sta_ht_mcs_support(struct ieee80211_sub_if_data *sdata,
407 struct ieee80211_supported_band *sband,
408 const struct ieee80211_ht_operation *ht_op)
409 {
410 struct ieee80211_sta_ht_cap sta_ht_cap;
411 int i;
412
413 if (sband->band == NL80211_BAND_6GHZ)
414 return true;
415
416 if (!ht_op)
417 return false;
418
419 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
420 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
421
422 /*
423 * P802.11REVme/D7.0 - 6.5.4.2.4
424 * ...
425 * If the MLME of an HT STA receives an MLME-JOIN.request primitive
426 * with the SelectedBSS parameter containing a Basic HT-MCS Set field
427 * in the HT Operation parameter that contains any unsupported MCSs,
428 * the MLME response in the resulting MLME-JOIN.confirm primitive shall
429 * contain a ResultCode parameter that is not set to the value SUCCESS.
430 * ...
431 */
432
433 /* Simply check that all basic rates are in the STA RX mask */
434 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
435 if ((ht_op->basic_set[i] & sta_ht_cap.mcs.rx_mask[i]) !=
436 ht_op->basic_set[i])
437 return false;
438 }
439
440 return true;
441 }
442
443 static bool
ieee80211_verify_sta_vht_mcs_support(struct ieee80211_sub_if_data * sdata,int link_id,struct ieee80211_supported_band * sband,const struct ieee80211_vht_operation * vht_op)444 ieee80211_verify_sta_vht_mcs_support(struct ieee80211_sub_if_data *sdata,
445 int link_id,
446 struct ieee80211_supported_band *sband,
447 const struct ieee80211_vht_operation *vht_op)
448 {
449 struct ieee80211_sta_vht_cap sta_vht_cap;
450 u16 ap_min_req_set, sta_rx_mcs_map, sta_tx_mcs_map;
451 int nss;
452
453 if (sband->band != NL80211_BAND_5GHZ)
454 return true;
455
456 if (!vht_op)
457 return false;
458
459 memcpy(&sta_vht_cap, &sband->vht_cap, sizeof(sta_vht_cap));
460 ieee80211_apply_vhtcap_overrides(sdata, &sta_vht_cap);
461
462 ap_min_req_set = le16_to_cpu(vht_op->basic_mcs_set);
463 sta_rx_mcs_map = le16_to_cpu(sta_vht_cap.vht_mcs.rx_mcs_map);
464 sta_tx_mcs_map = le16_to_cpu(sta_vht_cap.vht_mcs.tx_mcs_map);
465
466 /*
467 * Many APs are incorrectly advertising an all-zero value here,
468 * which really means MCS 0-7 are required for 1-8 streams, but
469 * they don't really mean it that way.
470 * Some other APs are incorrectly advertising 3 spatial streams
471 * with MCS 0-7 are required, but don't really mean it that way
472 * and we'll connect only with HT, rather than even HE.
473 * As a result, unfortunately the VHT basic MCS/NSS set cannot
474 * be used at all, so check it only in strict mode.
475 */
476 if (!ieee80211_hw_check(&sdata->local->hw, STRICT))
477 return true;
478
479 /*
480 * P802.11REVme/D7.0 - 6.5.4.2.4
481 * ...
482 * If the MLME of a VHT STA receives an MLME-JOIN.request primitive
483 * with a SelectedBSS parameter containing a Basic VHT-MCS And NSS Set
484 * field in the VHT Operation parameter that contains any unsupported
485 * <VHT-MCS, NSS> tuple, the MLME response in the resulting
486 * MLME-JOIN.confirm primitive shall contain a ResultCode parameter
487 * that is not set to the value SUCCESS.
488 * ...
489 */
490 for (nss = 8; nss > 0; nss--) {
491 u8 ap_op_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
492 u8 sta_rx_val;
493 u8 sta_tx_val;
494
495 if (ap_op_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
496 continue;
497
498 sta_rx_val = (sta_rx_mcs_map >> (2 * (nss - 1))) & 3;
499 sta_tx_val = (sta_tx_mcs_map >> (2 * (nss - 1))) & 3;
500
501 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
502 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
503 sta_rx_val < ap_op_val || sta_tx_val < ap_op_val) {
504 link_id_info(sdata, link_id,
505 "Missing mandatory rates for %d Nss, rx %d, tx %d oper %d, disable VHT\n",
506 nss, sta_rx_val, sta_tx_val, ap_op_val);
507 return false;
508 }
509 }
510
511 return true;
512 }
513
514 static bool
ieee80211_verify_peer_he_mcs_support(struct ieee80211_sub_if_data * sdata,int link_id,const struct ieee80211_he_cap_elem * he_cap,const struct ieee80211_he_operation * he_op)515 ieee80211_verify_peer_he_mcs_support(struct ieee80211_sub_if_data *sdata,
516 int link_id,
517 const struct ieee80211_he_cap_elem *he_cap,
518 const struct ieee80211_he_operation *he_op)
519 {
520 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp;
521 u16 mcs_80_map_tx, mcs_80_map_rx;
522 u16 ap_min_req_set;
523 int nss;
524
525 if (!he_cap)
526 return false;
527
528 /* mcs_nss is right after he_cap info */
529 he_mcs_nss_supp = (void *)(he_cap + 1);
530
531 mcs_80_map_tx = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80);
532 mcs_80_map_rx = le16_to_cpu(he_mcs_nss_supp->rx_mcs_80);
533
534 /* P802.11-REVme/D0.3
535 * 27.1.1 Introduction to the HE PHY
536 * ...
537 * An HE STA shall support the following features:
538 * ...
539 * Single spatial stream HE-MCSs 0 to 7 (transmit and receive) in all
540 * supported channel widths for HE SU PPDUs
541 */
542 if ((mcs_80_map_tx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED ||
543 (mcs_80_map_rx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED) {
544 link_id_info(sdata, link_id,
545 "Missing mandatory rates for 1 Nss, rx 0x%x, tx 0x%x, disable HE\n",
546 mcs_80_map_tx, mcs_80_map_rx);
547 return false;
548 }
549
550 if (!he_op)
551 return true;
552
553 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
554
555 /*
556 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all
557 * zeroes, which is nonsense, and completely inconsistent with itself
558 * (it doesn't have 8 streams). Accept the settings in this case anyway.
559 */
560 if (!ieee80211_hw_check(&sdata->local->hw, STRICT) && !ap_min_req_set)
561 return true;
562
563 /* make sure the AP is consistent with itself
564 *
565 * P802.11-REVme/D0.3
566 * 26.17.1 Basic HE BSS operation
567 *
568 * A STA that is operating in an HE BSS shall be able to receive and
569 * transmit at each of the <HE-MCS, NSS> tuple values indicated by the
570 * Basic HE-MCS And NSS Set field of the HE Operation parameter of the
571 * MLME-START.request primitive and shall be able to receive at each of
572 * the <HE-MCS, NSS> tuple values indicated by the Supported HE-MCS and
573 * NSS Set field in the HE Capabilities parameter of the MLMESTART.request
574 * primitive
575 */
576 for (nss = 8; nss > 0; nss--) {
577 u8 ap_op_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
578 u8 ap_rx_val;
579 u8 ap_tx_val;
580
581 if (ap_op_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
582 continue;
583
584 ap_rx_val = (mcs_80_map_rx >> (2 * (nss - 1))) & 3;
585 ap_tx_val = (mcs_80_map_tx >> (2 * (nss - 1))) & 3;
586
587 if (ap_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
588 ap_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
589 ap_rx_val < ap_op_val || ap_tx_val < ap_op_val) {
590 link_id_info(sdata, link_id,
591 "Invalid rates for %d Nss, rx %d, tx %d oper %d, disable HE\n",
592 nss, ap_rx_val, ap_tx_val, ap_op_val);
593 return false;
594 }
595 }
596
597 return true;
598 }
599
600 static bool
ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct ieee80211_he_operation * he_op)601 ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data *sdata,
602 struct ieee80211_supported_band *sband,
603 const struct ieee80211_he_operation *he_op)
604 {
605 const struct ieee80211_sta_he_cap *sta_he_cap =
606 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
607 u16 ap_min_req_set;
608 int i;
609
610 if (!sta_he_cap || !he_op)
611 return false;
612
613 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
614
615 /*
616 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all
617 * zeroes, which is nonsense, and completely inconsistent with itself
618 * (it doesn't have 8 streams). Accept the settings in this case anyway.
619 */
620 if (!ieee80211_hw_check(&sdata->local->hw, STRICT) && !ap_min_req_set)
621 return true;
622
623 /* Need to go over for 80MHz, 160MHz and for 80+80 */
624 for (i = 0; i < 3; i++) {
625 const struct ieee80211_he_mcs_nss_supp *sta_mcs_nss_supp =
626 &sta_he_cap->he_mcs_nss_supp;
627 u16 sta_mcs_map_rx =
628 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i]);
629 u16 sta_mcs_map_tx =
630 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i + 1]);
631 u8 nss;
632 bool verified = true;
633
634 /*
635 * For each band there is a maximum of 8 spatial streams
636 * possible. Each of the sta_mcs_map_* is a 16-bit struct built
637 * of 2 bits per NSS (1-8), with the values defined in enum
638 * ieee80211_he_mcs_support. Need to make sure STA TX and RX
639 * capabilities aren't less than the AP's minimum requirements
640 * for this HE BSS per SS.
641 * It is enough to find one such band that meets the reqs.
642 */
643 for (nss = 8; nss > 0; nss--) {
644 u8 sta_rx_val = (sta_mcs_map_rx >> (2 * (nss - 1))) & 3;
645 u8 sta_tx_val = (sta_mcs_map_tx >> (2 * (nss - 1))) & 3;
646 u8 ap_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
647
648 if (ap_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
649 continue;
650
651 /*
652 * Make sure the HE AP doesn't require MCSs that aren't
653 * supported by the client as required by spec
654 *
655 * P802.11-REVme/D0.3
656 * 26.17.1 Basic HE BSS operation
657 *
658 * An HE STA shall not attempt to join * (MLME-JOIN.request primitive)
659 * a BSS, unless it supports (i.e., is able to both transmit and
660 * receive using) all of the <HE-MCS, NSS> tuples in the basic
661 * HE-MCS and NSS set.
662 */
663 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
664 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
665 (ap_val > sta_rx_val) || (ap_val > sta_tx_val)) {
666 verified = false;
667 break;
668 }
669 }
670
671 if (verified)
672 return true;
673 }
674
675 /* If here, STA doesn't meet AP's HE min requirements */
676 return false;
677 }
678
679 static u8
ieee80211_get_eht_cap_mcs_nss(const struct ieee80211_sta_he_cap * sta_he_cap,const struct ieee80211_sta_eht_cap * sta_eht_cap,unsigned int idx,int bw)680 ieee80211_get_eht_cap_mcs_nss(const struct ieee80211_sta_he_cap *sta_he_cap,
681 const struct ieee80211_sta_eht_cap *sta_eht_cap,
682 unsigned int idx, int bw)
683 {
684 u8 he_phy_cap0 = sta_he_cap->he_cap_elem.phy_cap_info[0];
685 u8 eht_phy_cap0 = sta_eht_cap->eht_cap_elem.phy_cap_info[0];
686
687 /* handle us being a 20 MHz-only EHT STA - with four values
688 * for MCS 0-7, 8-9, 10-11, 12-13.
689 */
690 if (!(he_phy_cap0 & IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_MASK_ALL))
691 return sta_eht_cap->eht_mcs_nss_supp.only_20mhz.rx_tx_max_nss[idx];
692
693 /* the others have MCS 0-9 together, rather than separately from 0-7 */
694 if (idx > 0)
695 idx--;
696
697 switch (bw) {
698 case 0:
699 return sta_eht_cap->eht_mcs_nss_supp.bw._80.rx_tx_max_nss[idx];
700 case 1:
701 if (!(he_phy_cap0 &
702 (IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
703 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G)))
704 return 0xff; /* pass check */
705 return sta_eht_cap->eht_mcs_nss_supp.bw._160.rx_tx_max_nss[idx];
706 case 2:
707 if (!(eht_phy_cap0 & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ))
708 return 0xff; /* pass check */
709 return sta_eht_cap->eht_mcs_nss_supp.bw._320.rx_tx_max_nss[idx];
710 }
711
712 WARN_ON(1);
713 return 0;
714 }
715
716 static bool
ieee80211_verify_sta_eht_mcs_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct ieee80211_eht_operation * eht_op)717 ieee80211_verify_sta_eht_mcs_support(struct ieee80211_sub_if_data *sdata,
718 struct ieee80211_supported_band *sband,
719 const struct ieee80211_eht_operation *eht_op)
720 {
721 const struct ieee80211_sta_he_cap *sta_he_cap =
722 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
723 const struct ieee80211_sta_eht_cap *sta_eht_cap =
724 ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif);
725 const struct ieee80211_eht_mcs_nss_supp_20mhz_only *req;
726 unsigned int i;
727
728 if (!sta_he_cap || !sta_eht_cap || !eht_op)
729 return false;
730
731 req = &eht_op->basic_mcs_nss;
732
733 for (i = 0; i < ARRAY_SIZE(req->rx_tx_max_nss); i++) {
734 u8 req_rx_nss, req_tx_nss;
735 unsigned int bw;
736
737 req_rx_nss = u8_get_bits(req->rx_tx_max_nss[i],
738 IEEE80211_EHT_MCS_NSS_RX);
739 req_tx_nss = u8_get_bits(req->rx_tx_max_nss[i],
740 IEEE80211_EHT_MCS_NSS_TX);
741
742 for (bw = 0; bw < 3; bw++) {
743 u8 have, have_rx_nss, have_tx_nss;
744
745 have = ieee80211_get_eht_cap_mcs_nss(sta_he_cap,
746 sta_eht_cap,
747 i, bw);
748 have_rx_nss = u8_get_bits(have,
749 IEEE80211_EHT_MCS_NSS_RX);
750 have_tx_nss = u8_get_bits(have,
751 IEEE80211_EHT_MCS_NSS_TX);
752
753 if (req_rx_nss > have_rx_nss ||
754 req_tx_nss > have_tx_nss)
755 return false;
756 }
757 }
758
759 return true;
760 }
761
ieee80211_get_rates(struct ieee80211_supported_band * sband,const u8 * supp_rates,unsigned int supp_rates_len,const u8 * ext_supp_rates,unsigned int ext_supp_rates_len,u32 * rates,u32 * basic_rates,unsigned long * unknown_rates_selectors,bool * have_higher_than_11mbit,int * min_rate,int * min_rate_index)762 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
763 const u8 *supp_rates,
764 unsigned int supp_rates_len,
765 const u8 *ext_supp_rates,
766 unsigned int ext_supp_rates_len,
767 u32 *rates, u32 *basic_rates,
768 unsigned long *unknown_rates_selectors,
769 bool *have_higher_than_11mbit,
770 int *min_rate, int *min_rate_index)
771 {
772 int i, j;
773
774 for (i = 0; i < supp_rates_len + ext_supp_rates_len; i++) {
775 u8 supp_rate = i < supp_rates_len ?
776 supp_rates[i] :
777 ext_supp_rates[i - supp_rates_len];
778 int rate = supp_rate & 0x7f;
779 bool is_basic = !!(supp_rate & 0x80);
780
781 if ((rate * 5) > 110 && have_higher_than_11mbit)
782 *have_higher_than_11mbit = true;
783
784 /*
785 * Skip membership selectors since they're not rates.
786 *
787 * Note: Even though the membership selector and the basic
788 * rate flag share the same bit, they are not exactly
789 * the same.
790 */
791 if (is_basic && rate >= BSS_MEMBERSHIP_SELECTOR_MIN) {
792 if (unknown_rates_selectors)
793 set_bit(rate, unknown_rates_selectors);
794 continue;
795 }
796
797 for (j = 0; j < sband->n_bitrates; j++) {
798 struct ieee80211_rate *br;
799 int brate;
800
801 br = &sband->bitrates[j];
802
803 brate = DIV_ROUND_UP(br->bitrate, 5);
804 if (brate == rate) {
805 if (rates)
806 *rates |= BIT(j);
807 if (is_basic && basic_rates)
808 *basic_rates |= BIT(j);
809 if (min_rate && (rate * 5) < *min_rate) {
810 *min_rate = rate * 5;
811 if (min_rate_index)
812 *min_rate_index = j;
813 }
814 break;
815 }
816 }
817
818 /* Handle an unknown entry as if it is an unknown selector */
819 if (is_basic && unknown_rates_selectors && j == sband->n_bitrates)
820 set_bit(rate, unknown_rates_selectors);
821 }
822 }
823
ieee80211_chandef_usable(struct ieee80211_sub_if_data * sdata,const struct cfg80211_chan_def * chandef,u32 prohibited_flags)824 static bool ieee80211_chandef_usable(struct ieee80211_sub_if_data *sdata,
825 const struct cfg80211_chan_def *chandef,
826 u32 prohibited_flags)
827 {
828 if (!cfg80211_chandef_usable(sdata->local->hw.wiphy,
829 chandef, prohibited_flags))
830 return false;
831
832 if (chandef->punctured &&
833 ieee80211_hw_check(&sdata->local->hw, DISALLOW_PUNCTURING))
834 return false;
835
836 return true;
837 }
838
ieee80211_chandef_num_subchans(const struct cfg80211_chan_def * c)839 static int ieee80211_chandef_num_subchans(const struct cfg80211_chan_def *c)
840 {
841 if (c->width == NL80211_CHAN_WIDTH_80P80)
842 return 4 + 4;
843
844 return cfg80211_chandef_get_width(c) / 20;
845 }
846
ieee80211_chandef_num_widths(const struct cfg80211_chan_def * c)847 static int ieee80211_chandef_num_widths(const struct cfg80211_chan_def *c)
848 {
849 switch (c->width) {
850 case NL80211_CHAN_WIDTH_20:
851 case NL80211_CHAN_WIDTH_20_NOHT:
852 return 1;
853 case NL80211_CHAN_WIDTH_40:
854 return 2;
855 case NL80211_CHAN_WIDTH_80P80:
856 case NL80211_CHAN_WIDTH_80:
857 return 3;
858 case NL80211_CHAN_WIDTH_160:
859 return 4;
860 case NL80211_CHAN_WIDTH_320:
861 return 5;
862 default:
863 WARN_ON(1);
864 return 0;
865 }
866 }
867
868 VISIBLE_IF_MAC80211_KUNIT int
ieee80211_calc_chandef_subchan_offset(const struct cfg80211_chan_def * ap,u8 n_partial_subchans)869 ieee80211_calc_chandef_subchan_offset(const struct cfg80211_chan_def *ap,
870 u8 n_partial_subchans)
871 {
872 int n = ieee80211_chandef_num_subchans(ap);
873 struct cfg80211_chan_def tmp = *ap;
874 int offset = 0;
875
876 /*
877 * Given a chandef (in this context, it's the AP's) and a number
878 * of subchannels that we want to look at ('n_partial_subchans'),
879 * calculate the offset in number of subchannels between the full
880 * and the subset with the desired width.
881 */
882
883 /* same number of subchannels means no offset, obviously */
884 if (n == n_partial_subchans)
885 return 0;
886
887 /* don't WARN - misconfigured APs could cause this if their N > width */
888 if (n < n_partial_subchans)
889 return 0;
890
891 while (ieee80211_chandef_num_subchans(&tmp) > n_partial_subchans) {
892 u32 prev = tmp.center_freq1;
893
894 ieee80211_chandef_downgrade(&tmp, NULL);
895
896 /*
897 * if center_freq moved up, half the original channels
898 * are gone now but were below, so increase offset
899 */
900 if (prev < tmp.center_freq1)
901 offset += ieee80211_chandef_num_subchans(&tmp);
902 }
903
904 /*
905 * 80+80 with secondary 80 below primary - four subchannels for it
906 * (we cannot downgrade *to* 80+80, so no need to consider 'tmp')
907 */
908 if (ap->width == NL80211_CHAN_WIDTH_80P80 &&
909 ap->center_freq2 < ap->center_freq1)
910 offset += 4;
911
912 return offset;
913 }
914 EXPORT_SYMBOL_IF_MAC80211_KUNIT(ieee80211_calc_chandef_subchan_offset);
915
916 VISIBLE_IF_MAC80211_KUNIT void
ieee80211_rearrange_tpe_psd(struct ieee80211_parsed_tpe_psd * psd,const struct cfg80211_chan_def * ap,const struct cfg80211_chan_def * used)917 ieee80211_rearrange_tpe_psd(struct ieee80211_parsed_tpe_psd *psd,
918 const struct cfg80211_chan_def *ap,
919 const struct cfg80211_chan_def *used)
920 {
921 u8 needed = ieee80211_chandef_num_subchans(used);
922 u8 have = ieee80211_chandef_num_subchans(ap);
923 u8 tmp[IEEE80211_TPE_PSD_ENTRIES_320MHZ];
924 u8 offset;
925
926 if (!psd->valid)
927 return;
928
929 /* if N is zero, all defaults were used, no point in rearranging */
930 if (!psd->n)
931 goto out;
932
933 BUILD_BUG_ON(sizeof(tmp) != sizeof(psd->power));
934
935 /*
936 * This assumes that 'N' is consistent with the HE channel, as
937 * it should be (otherwise the AP is broken).
938 *
939 * In psd->power we have values in the order 0..N, 0..K, where
940 * N+K should cover the entire channel per 'ap', but even if it
941 * doesn't then we've pre-filled 'unlimited' as defaults.
942 *
943 * But this is all the wrong order, we want to have them in the
944 * order of the 'used' channel.
945 *
946 * So for example, we could have a 320 MHz EHT AP, which has the
947 * HE channel as 80 MHz (e.g. due to puncturing, which doesn't
948 * seem to be considered for the TPE), as follows:
949 *
950 * EHT 320: | | | | | | | | | | | | | | | | |
951 * HE 80: | | | | |
952 * used 160: | | | | | | | | |
953 *
954 * N entries: |--|--|--|--|
955 * K entries: |--|--|--|--|--|--|--|--| |--|--|--|--|
956 * power idx: 4 5 6 7 8 9 10 11 0 1 2 3 12 13 14 15
957 * full chan: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
958 * used chan: 0 1 2 3 4 5 6 7
959 *
960 * The idx in the power array ('power idx') is like this since it
961 * comes directly from the element's N and K entries in their
962 * element order, and those are this way for HE compatibility.
963 *
964 * Rearrange them as desired here, first by putting them into the
965 * 'full chan' order, and then selecting the necessary subset for
966 * the 'used chan'.
967 */
968
969 /* first reorder according to AP channel */
970 offset = ieee80211_calc_chandef_subchan_offset(ap, psd->n);
971 for (int i = 0; i < have; i++) {
972 if (i < offset)
973 tmp[i] = psd->power[i + psd->n];
974 else if (i < offset + psd->n)
975 tmp[i] = psd->power[i - offset];
976 else
977 tmp[i] = psd->power[i];
978 }
979
980 /*
981 * and then select the subset for the used channel
982 * (set everything to defaults first in case a driver is confused)
983 */
984 memset(psd->power, IEEE80211_TPE_PSD_NO_LIMIT, sizeof(psd->power));
985 offset = ieee80211_calc_chandef_subchan_offset(ap, needed);
986 for (int i = 0; i < needed; i++)
987 psd->power[i] = tmp[offset + i];
988
989 out:
990 /* limit, but don't lie if there are defaults in the data */
991 if (needed < psd->count)
992 psd->count = needed;
993 }
994 EXPORT_SYMBOL_IF_MAC80211_KUNIT(ieee80211_rearrange_tpe_psd);
995
ieee80211_rearrange_tpe(struct ieee80211_parsed_tpe * tpe,const struct cfg80211_chan_def * ap,const struct cfg80211_chan_def * used)996 static void ieee80211_rearrange_tpe(struct ieee80211_parsed_tpe *tpe,
997 const struct cfg80211_chan_def *ap,
998 const struct cfg80211_chan_def *used)
999 {
1000 /* ignore this completely for narrow/invalid channels */
1001 if (!ieee80211_chandef_num_subchans(ap) ||
1002 !ieee80211_chandef_num_subchans(used)) {
1003 ieee80211_clear_tpe(tpe);
1004 return;
1005 }
1006
1007 for (int i = 0; i < 2; i++) {
1008 int needed_pwr_count;
1009
1010 ieee80211_rearrange_tpe_psd(&tpe->psd_local[i], ap, used);
1011 ieee80211_rearrange_tpe_psd(&tpe->psd_reg_client[i], ap, used);
1012
1013 /* limit this to the widths we actually need */
1014 needed_pwr_count = ieee80211_chandef_num_widths(used);
1015 if (needed_pwr_count < tpe->max_local[i].count)
1016 tpe->max_local[i].count = needed_pwr_count;
1017 if (needed_pwr_count < tpe->max_reg_client[i].count)
1018 tpe->max_reg_client[i].count = needed_pwr_count;
1019 }
1020 }
1021
1022 /*
1023 * The AP part of the channel request is used to distinguish settings
1024 * to the device used for wider bandwidth OFDMA. This is used in the
1025 * channel context code to assign two channel contexts even if they're
1026 * both for the same channel, if the AP bandwidths are incompatible.
1027 * If not EHT (or driver override) then ap.chan == NULL indicates that
1028 * there's no wider BW OFDMA used.
1029 */
ieee80211_set_chanreq_ap(struct ieee80211_sub_if_data * sdata,struct ieee80211_chan_req * chanreq,struct ieee80211_conn_settings * conn,struct cfg80211_chan_def * ap_chandef)1030 static void ieee80211_set_chanreq_ap(struct ieee80211_sub_if_data *sdata,
1031 struct ieee80211_chan_req *chanreq,
1032 struct ieee80211_conn_settings *conn,
1033 struct cfg80211_chan_def *ap_chandef)
1034 {
1035 chanreq->ap.chan = NULL;
1036
1037 if (conn->mode < IEEE80211_CONN_MODE_EHT)
1038 return;
1039 if (sdata->vif.driver_flags & IEEE80211_VIF_IGNORE_OFDMA_WIDER_BW)
1040 return;
1041
1042 chanreq->ap = *ap_chandef;
1043 }
1044
1045 VISIBLE_IF_MAC80211_KUNIT struct ieee802_11_elems *
ieee80211_determine_chan_mode(struct ieee80211_sub_if_data * sdata,struct ieee80211_conn_settings * conn,struct cfg80211_bss * cbss,int link_id,struct ieee80211_chan_req * chanreq,struct cfg80211_chan_def * ap_chandef,unsigned long * userspace_selectors)1046 ieee80211_determine_chan_mode(struct ieee80211_sub_if_data *sdata,
1047 struct ieee80211_conn_settings *conn,
1048 struct cfg80211_bss *cbss, int link_id,
1049 struct ieee80211_chan_req *chanreq,
1050 struct cfg80211_chan_def *ap_chandef,
1051 unsigned long *userspace_selectors)
1052 {
1053 const struct cfg80211_bss_ies *ies = rcu_dereference(cbss->ies);
1054 struct ieee80211_bss *bss = (void *)cbss->priv;
1055 struct ieee80211_channel *channel = cbss->channel;
1056 struct ieee80211_elems_parse_params parse_params = {
1057 .link_id = -1,
1058 .from_ap = true,
1059 .start = ies->data,
1060 .len = ies->len,
1061 .type = ies->from_beacon ?
1062 IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON :
1063 IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_PROBE_RESP,
1064 };
1065 struct ieee802_11_elems *elems;
1066 struct ieee80211_supported_band *sband;
1067 enum ieee80211_conn_mode ap_mode;
1068 unsigned long unknown_rates_selectors[BITS_TO_LONGS(128)] = {};
1069 unsigned long sta_selectors[BITS_TO_LONGS(128)] = {};
1070 int ret;
1071
1072 again:
1073 parse_params.mode = conn->mode;
1074 elems = ieee802_11_parse_elems_full(&parse_params);
1075 if (!elems)
1076 return ERR_PTR(-ENOMEM);
1077
1078 ap_mode = ieee80211_determine_ap_chan(sdata, channel, bss->vht_cap_info,
1079 elems, false, conn, ap_chandef);
1080
1081 /* this should be impossible since parsing depends on our mode */
1082 if (WARN_ON(ap_mode > conn->mode)) {
1083 ret = -EINVAL;
1084 goto free;
1085 }
1086
1087 if (conn->mode != ap_mode) {
1088 conn->mode = ap_mode;
1089 kfree(elems);
1090 goto again;
1091 }
1092
1093 mlme_link_id_dbg(sdata, link_id, "determined AP %pM to be %s\n",
1094 cbss->bssid, ieee80211_conn_mode_str(ap_mode));
1095
1096 sband = sdata->local->hw.wiphy->bands[channel->band];
1097
1098 ieee80211_get_rates(sband, elems->supp_rates, elems->supp_rates_len,
1099 elems->ext_supp_rates, elems->ext_supp_rates_len,
1100 NULL, NULL, unknown_rates_selectors, NULL, NULL,
1101 NULL);
1102
1103 switch (channel->band) {
1104 case NL80211_BAND_S1GHZ:
1105 if (WARN_ON(ap_mode != IEEE80211_CONN_MODE_S1G)) {
1106 ret = -EINVAL;
1107 goto free;
1108 }
1109
1110 chanreq->oper = *ap_chandef;
1111 if (!cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
1112 IEEE80211_CHAN_DISABLED)) {
1113 ret = -EINVAL;
1114 goto free;
1115 }
1116
1117 return elems;
1118 case NL80211_BAND_6GHZ:
1119 if (ap_mode < IEEE80211_CONN_MODE_HE) {
1120 link_id_info(sdata, link_id,
1121 "Rejecting non-HE 6/7 GHz connection");
1122 ret = -EINVAL;
1123 goto free;
1124 }
1125 break;
1126 default:
1127 if (WARN_ON(ap_mode == IEEE80211_CONN_MODE_S1G)) {
1128 ret = -EINVAL;
1129 goto free;
1130 }
1131 }
1132
1133 switch (ap_mode) {
1134 case IEEE80211_CONN_MODE_S1G:
1135 WARN_ON(1);
1136 ret = -EINVAL;
1137 goto free;
1138 case IEEE80211_CONN_MODE_LEGACY:
1139 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
1140 break;
1141 case IEEE80211_CONN_MODE_HT:
1142 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1143 conn->bw_limit,
1144 IEEE80211_CONN_BW_LIMIT_40);
1145 break;
1146 case IEEE80211_CONN_MODE_VHT:
1147 case IEEE80211_CONN_MODE_HE:
1148 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1149 conn->bw_limit,
1150 IEEE80211_CONN_BW_LIMIT_160);
1151 break;
1152 case IEEE80211_CONN_MODE_EHT:
1153 case IEEE80211_CONN_MODE_UHR:
1154 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1155 conn->bw_limit,
1156 IEEE80211_CONN_BW_LIMIT_320);
1157 break;
1158 }
1159
1160 chanreq->oper = *ap_chandef;
1161
1162 bitmap_copy(sta_selectors, userspace_selectors, 128);
1163 if (conn->mode >= IEEE80211_CONN_MODE_HT)
1164 set_bit(BSS_MEMBERSHIP_SELECTOR_HT_PHY, sta_selectors);
1165 if (conn->mode >= IEEE80211_CONN_MODE_VHT)
1166 set_bit(BSS_MEMBERSHIP_SELECTOR_VHT_PHY, sta_selectors);
1167 if (conn->mode >= IEEE80211_CONN_MODE_HE)
1168 set_bit(BSS_MEMBERSHIP_SELECTOR_HE_PHY, sta_selectors);
1169 if (conn->mode >= IEEE80211_CONN_MODE_EHT)
1170 set_bit(BSS_MEMBERSHIP_SELECTOR_EHT_PHY, sta_selectors);
1171 if (conn->mode >= IEEE80211_CONN_MODE_UHR)
1172 set_bit(BSS_MEMBERSHIP_SELECTOR_UHR_PHY, sta_selectors);
1173
1174 /*
1175 * We do not support EPD or GLK so never add them.
1176 * SAE_H2E is handled through userspace_selectors.
1177 */
1178
1179 /* Check if we support all required features */
1180 if (!bitmap_subset(unknown_rates_selectors, sta_selectors, 128)) {
1181 link_id_info(sdata, link_id,
1182 "required basic rate or BSS membership selectors not supported or disabled, rejecting connection\n");
1183 ret = -EINVAL;
1184 goto free;
1185 }
1186
1187 ieee80211_set_chanreq_ap(sdata, chanreq, conn, ap_chandef);
1188
1189 while (!ieee80211_chandef_usable(sdata, &chanreq->oper,
1190 IEEE80211_CHAN_DISABLED)) {
1191 if (chanreq->oper.width == NL80211_CHAN_WIDTH_20_NOHT) {
1192 link_id_info(sdata, link_id,
1193 "unusable channel (%d MHz) for connection\n",
1194 chanreq->oper.chan->center_freq);
1195 ret = -EINVAL;
1196 goto free;
1197 }
1198
1199 ieee80211_chanreq_downgrade(chanreq, conn);
1200 }
1201
1202 if (conn->mode >= IEEE80211_CONN_MODE_HE &&
1203 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
1204 IEEE80211_CHAN_NO_HE)) {
1205 conn->mode = IEEE80211_CONN_MODE_VHT;
1206 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1207 conn->bw_limit,
1208 IEEE80211_CONN_BW_LIMIT_160);
1209 }
1210
1211 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
1212 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
1213 IEEE80211_CHAN_NO_EHT)) {
1214 conn->mode = IEEE80211_CONN_MODE_HE;
1215 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1216 conn->bw_limit,
1217 IEEE80211_CONN_BW_LIMIT_160);
1218 }
1219
1220 if (conn->mode >= IEEE80211_CONN_MODE_UHR &&
1221 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
1222 IEEE80211_CHAN_NO_UHR))
1223 conn->mode = IEEE80211_CONN_MODE_EHT;
1224
1225 if (chanreq->oper.width != ap_chandef->width || ap_mode != conn->mode)
1226 link_id_info(sdata, link_id,
1227 "regulatory prevented using AP config, downgraded\n");
1228
1229 if (conn->mode >= IEEE80211_CONN_MODE_HT &&
1230 !ieee80211_verify_sta_ht_mcs_support(sdata, sband,
1231 elems->ht_operation)) {
1232 conn->mode = IEEE80211_CONN_MODE_LEGACY;
1233 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
1234 link_id_info(sdata, link_id,
1235 "required MCSes not supported, disabling HT\n");
1236 }
1237
1238 if (conn->mode >= IEEE80211_CONN_MODE_VHT &&
1239 !ieee80211_verify_sta_vht_mcs_support(sdata, link_id, sband,
1240 elems->vht_operation)) {
1241 conn->mode = IEEE80211_CONN_MODE_HT;
1242 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1243 conn->bw_limit,
1244 IEEE80211_CONN_BW_LIMIT_40);
1245 link_id_info(sdata, link_id,
1246 "required MCSes not supported, disabling VHT\n");
1247 }
1248
1249 if (conn->mode >= IEEE80211_CONN_MODE_HE &&
1250 (!ieee80211_verify_peer_he_mcs_support(sdata, link_id,
1251 (void *)elems->he_cap,
1252 elems->he_operation) ||
1253 !ieee80211_verify_sta_he_mcs_support(sdata, sband,
1254 elems->he_operation))) {
1255 conn->mode = IEEE80211_CONN_MODE_VHT;
1256 link_id_info(sdata, link_id,
1257 "required MCSes not supported, disabling HE\n");
1258 }
1259
1260 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
1261 !ieee80211_verify_sta_eht_mcs_support(sdata, sband,
1262 elems->eht_operation)) {
1263 conn->mode = IEEE80211_CONN_MODE_HE;
1264 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1265 conn->bw_limit,
1266 IEEE80211_CONN_BW_LIMIT_160);
1267 link_id_info(sdata, link_id,
1268 "required MCSes not supported, disabling EHT\n");
1269 }
1270
1271 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
1272 channel->band != NL80211_BAND_2GHZ &&
1273 conn->bw_limit == IEEE80211_CONN_BW_LIMIT_40) {
1274 conn->mode = IEEE80211_CONN_MODE_HE;
1275 link_id_info(sdata, link_id,
1276 "required bandwidth not supported, disabling EHT\n");
1277 }
1278
1279 /* the mode can only decrease, so this must terminate */
1280 if (ap_mode != conn->mode) {
1281 kfree(elems);
1282 goto again;
1283 }
1284
1285 mlme_link_id_dbg(sdata, link_id,
1286 "connecting with %s mode, max bandwidth %d MHz\n",
1287 ieee80211_conn_mode_str(conn->mode),
1288 20 * (1 << conn->bw_limit));
1289
1290 if (WARN_ON_ONCE(!cfg80211_chandef_valid(&chanreq->oper))) {
1291 ret = -EINVAL;
1292 goto free;
1293 }
1294
1295 return elems;
1296 free:
1297 kfree(elems);
1298 return ERR_PTR(ret);
1299 }
1300 EXPORT_SYMBOL_IF_MAC80211_KUNIT(ieee80211_determine_chan_mode);
1301
ieee80211_config_bw(struct ieee80211_link_data * link,struct ieee802_11_elems * elems,bool update,u64 * changed,u16 stype)1302 static int ieee80211_config_bw(struct ieee80211_link_data *link,
1303 struct ieee802_11_elems *elems,
1304 bool update, u64 *changed, u16 stype)
1305 {
1306 struct ieee80211_channel *channel = link->conf->chanreq.oper.chan;
1307 struct ieee80211_sub_if_data *sdata = link->sdata;
1308 struct ieee80211_chan_req chanreq = {};
1309 struct cfg80211_chan_def ap_chandef;
1310 enum ieee80211_conn_mode ap_mode;
1311 const char *frame;
1312 u32 vht_cap_info = 0;
1313 u16 ht_opmode;
1314 int ret;
1315
1316 switch (stype) {
1317 case IEEE80211_STYPE_BEACON:
1318 frame = "beacon";
1319 break;
1320 case IEEE80211_STYPE_ASSOC_RESP:
1321 frame = "assoc response";
1322 break;
1323 case IEEE80211_STYPE_REASSOC_RESP:
1324 frame = "reassoc response";
1325 break;
1326 case IEEE80211_STYPE_ACTION:
1327 /* the only action frame that gets here */
1328 frame = "ML reconf response";
1329 break;
1330 default:
1331 return -EINVAL;
1332 }
1333
1334 /* don't track any bandwidth changes in legacy/S1G modes */
1335 if (link->u.mgd.conn.mode == IEEE80211_CONN_MODE_LEGACY ||
1336 link->u.mgd.conn.mode == IEEE80211_CONN_MODE_S1G)
1337 return 0;
1338
1339 if (elems->vht_cap_elem)
1340 vht_cap_info = le32_to_cpu(elems->vht_cap_elem->vht_cap_info);
1341
1342 ap_mode = ieee80211_determine_ap_chan(sdata, channel, vht_cap_info,
1343 elems, true, &link->u.mgd.conn,
1344 &ap_chandef);
1345
1346 if (ap_mode != link->u.mgd.conn.mode) {
1347 link_info(link,
1348 "AP %pM appears to change mode (expected %s, found %s) in %s, disconnect\n",
1349 link->u.mgd.bssid,
1350 ieee80211_conn_mode_str(link->u.mgd.conn.mode),
1351 ieee80211_conn_mode_str(ap_mode), frame);
1352 return -EINVAL;
1353 }
1354
1355 chanreq.oper = ap_chandef;
1356 ieee80211_set_chanreq_ap(sdata, &chanreq, &link->u.mgd.conn,
1357 &ap_chandef);
1358
1359 /*
1360 * if HT operation mode changed store the new one -
1361 * this may be applicable even if channel is identical
1362 */
1363 if (elems->ht_operation) {
1364 ht_opmode = le16_to_cpu(elems->ht_operation->operation_mode);
1365 if (link->conf->ht_operation_mode != ht_opmode) {
1366 *changed |= BSS_CHANGED_HT;
1367 link->conf->ht_operation_mode = ht_opmode;
1368 }
1369 }
1370
1371 /*
1372 * Downgrade the new channel if we associated with restricted
1373 * bandwidth capabilities. For example, if we associated as a
1374 * 20 MHz STA to a 40 MHz AP (due to regulatory, capabilities
1375 * or config reasons) then switching to a 40 MHz channel now
1376 * won't do us any good -- we couldn't use it with the AP.
1377 */
1378 while (link->u.mgd.conn.bw_limit <
1379 ieee80211_min_bw_limit_from_chandef(&chanreq.oper))
1380 ieee80211_chandef_downgrade(&chanreq.oper, NULL);
1381
1382 /* TPE element is not present in (re)assoc/ML reconfig response */
1383 if (stype == IEEE80211_STYPE_BEACON &&
1384 ap_chandef.chan->band == NL80211_BAND_6GHZ &&
1385 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE) {
1386 ieee80211_rearrange_tpe(&elems->tpe, &ap_chandef,
1387 &chanreq.oper);
1388 if (memcmp(&link->conf->tpe, &elems->tpe, sizeof(elems->tpe))) {
1389 link->conf->tpe = elems->tpe;
1390 *changed |= BSS_CHANGED_TPE;
1391 }
1392 }
1393
1394 if (ieee80211_chanreq_identical(&chanreq, &link->conf->chanreq))
1395 return 0;
1396
1397 link_info(link,
1398 "AP %pM changed bandwidth in %s, new used config is %d.%03d MHz, width %d (%d.%03d/%d MHz)\n",
1399 link->u.mgd.bssid, frame, chanreq.oper.chan->center_freq,
1400 chanreq.oper.chan->freq_offset, chanreq.oper.width,
1401 chanreq.oper.center_freq1, chanreq.oper.freq1_offset,
1402 chanreq.oper.center_freq2);
1403
1404 if (!cfg80211_chandef_valid(&chanreq.oper)) {
1405 sdata_info(sdata,
1406 "AP %pM changed caps/bw in %s in a way we can't support - disconnect\n",
1407 link->u.mgd.bssid, frame);
1408 return -EINVAL;
1409 }
1410
1411 if (!update) {
1412 link->conf->chanreq = chanreq;
1413 return 0;
1414 }
1415
1416 /*
1417 * We're tracking the current AP here, so don't do any further checks
1418 * here. This keeps us from playing ping-pong with regulatory, without
1419 * it the following can happen (for example):
1420 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
1421 * - AP advertises regdom US
1422 * - CRDA loads regdom US with 80 MHz prohibited (old database)
1423 * - we detect an unsupported channel and disconnect
1424 * - disconnect causes CRDA to reload world regdomain and the game
1425 * starts anew.
1426 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
1427 *
1428 * It seems possible that there are still scenarios with CSA or real
1429 * bandwidth changes where a this could happen, but those cases are
1430 * less common and wouldn't completely prevent using the AP.
1431 */
1432
1433 ret = ieee80211_link_change_chanreq(link, &chanreq, changed);
1434 if (ret) {
1435 sdata_info(sdata,
1436 "AP %pM changed bandwidth in %s to incompatible one - disconnect\n",
1437 link->u.mgd.bssid, frame);
1438 return ret;
1439 }
1440
1441 cfg80211_schedule_channels_check(&sdata->wdev);
1442 return 0;
1443 }
1444
1445 /* frame sending functions */
1446
ieee80211_add_ht_ie(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,u8 ap_ht_param,struct ieee80211_supported_band * sband,struct ieee80211_channel * channel,enum ieee80211_smps_mode smps,const struct ieee80211_conn_settings * conn)1447 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
1448 struct sk_buff *skb, u8 ap_ht_param,
1449 struct ieee80211_supported_band *sband,
1450 struct ieee80211_channel *channel,
1451 enum ieee80211_smps_mode smps,
1452 const struct ieee80211_conn_settings *conn)
1453 {
1454 u8 *pos;
1455 u32 flags = channel->flags;
1456 u16 cap;
1457 struct ieee80211_sta_ht_cap ht_cap;
1458
1459 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
1460
1461 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
1462 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
1463
1464 /* determine capability flags */
1465 cap = ht_cap.cap;
1466
1467 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
1468 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
1469 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
1470 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
1471 cap &= ~IEEE80211_HT_CAP_SGI_40;
1472 }
1473 break;
1474 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
1475 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
1476 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
1477 cap &= ~IEEE80211_HT_CAP_SGI_40;
1478 }
1479 break;
1480 }
1481
1482 /*
1483 * If 40 MHz was disabled associate as though we weren't
1484 * capable of 40 MHz -- some broken APs will never fall
1485 * back to trying to transmit in 20 MHz.
1486 */
1487 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_20) {
1488 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
1489 cap &= ~IEEE80211_HT_CAP_SGI_40;
1490 }
1491
1492 /* set SM PS mode properly */
1493 cap &= ~IEEE80211_HT_CAP_SM_PS;
1494 switch (smps) {
1495 case IEEE80211_SMPS_AUTOMATIC:
1496 case IEEE80211_SMPS_NUM_MODES:
1497 WARN_ON(1);
1498 fallthrough;
1499 case IEEE80211_SMPS_OFF:
1500 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
1501 IEEE80211_HT_CAP_SM_PS_SHIFT;
1502 break;
1503 case IEEE80211_SMPS_STATIC:
1504 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
1505 IEEE80211_HT_CAP_SM_PS_SHIFT;
1506 break;
1507 case IEEE80211_SMPS_DYNAMIC:
1508 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
1509 IEEE80211_HT_CAP_SM_PS_SHIFT;
1510 break;
1511 }
1512
1513 /* reserve and fill IE */
1514 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
1515 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
1516 }
1517
1518 /* This function determines vht capability flags for the association
1519 * and builds the IE.
1520 * Note - the function returns true to own the MU-MIMO capability
1521 */
ieee80211_add_vht_ie(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,struct ieee80211_supported_band * sband,struct ieee80211_vht_cap * ap_vht_cap,const struct ieee80211_conn_settings * conn)1522 static bool ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
1523 struct sk_buff *skb,
1524 struct ieee80211_supported_band *sband,
1525 struct ieee80211_vht_cap *ap_vht_cap,
1526 const struct ieee80211_conn_settings *conn)
1527 {
1528 struct ieee80211_local *local = sdata->local;
1529 u8 *pos;
1530 u32 cap;
1531 struct ieee80211_sta_vht_cap vht_cap;
1532 u32 mask, ap_bf_sts, our_bf_sts;
1533 bool mu_mimo_owner = false;
1534
1535 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
1536
1537 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
1538 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
1539
1540 /* determine capability flags */
1541 cap = vht_cap.cap;
1542
1543 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_80) {
1544 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
1545 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
1546 }
1547
1548 /*
1549 * Some APs apparently get confused if our capabilities are better
1550 * than theirs, so restrict what we advertise in the assoc request.
1551 */
1552 if (!ieee80211_hw_check(&local->hw, STRICT)) {
1553 if (!(ap_vht_cap->vht_cap_info &
1554 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
1555 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
1556 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1557 else if (!(ap_vht_cap->vht_cap_info &
1558 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
1559 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
1560 }
1561
1562 /*
1563 * If some other vif is using the MU-MIMO capability we cannot associate
1564 * using MU-MIMO - this will lead to contradictions in the group-id
1565 * mechanism.
1566 * Ownership is defined since association request, in order to avoid
1567 * simultaneous associations with MU-MIMO.
1568 */
1569 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) {
1570 bool disable_mu_mimo = false;
1571 struct ieee80211_sub_if_data *other;
1572
1573 list_for_each_entry(other, &local->interfaces, list) {
1574 if (other->vif.bss_conf.mu_mimo_owner) {
1575 disable_mu_mimo = true;
1576 break;
1577 }
1578 }
1579 if (disable_mu_mimo)
1580 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
1581 else
1582 mu_mimo_owner = true;
1583 }
1584
1585 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
1586
1587 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
1588 our_bf_sts = cap & mask;
1589
1590 if (ap_bf_sts < our_bf_sts) {
1591 cap &= ~mask;
1592 cap |= ap_bf_sts;
1593 }
1594
1595 /* reserve and fill IE */
1596 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
1597 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
1598
1599 return mu_mimo_owner;
1600 }
1601
ieee80211_assoc_add_rates(struct ieee80211_local * local,struct sk_buff * skb,enum nl80211_chan_width width,struct ieee80211_supported_band * sband,struct ieee80211_mgd_assoc_data * assoc_data)1602 static void ieee80211_assoc_add_rates(struct ieee80211_local *local,
1603 struct sk_buff *skb,
1604 enum nl80211_chan_width width,
1605 struct ieee80211_supported_band *sband,
1606 struct ieee80211_mgd_assoc_data *assoc_data)
1607 {
1608 u32 rates;
1609
1610 if (assoc_data->supp_rates_len &&
1611 !ieee80211_hw_check(&local->hw, STRICT)) {
1612 /*
1613 * Get all rates supported by the device and the AP as
1614 * some APs don't like getting a superset of their rates
1615 * in the association request (e.g. D-Link DAP 1353 in
1616 * b-only mode)...
1617 */
1618 ieee80211_parse_bitrates(sband,
1619 assoc_data->supp_rates,
1620 assoc_data->supp_rates_len,
1621 &rates);
1622 } else {
1623 /*
1624 * In case AP not provide any supported rates information
1625 * before association, we send information element(s) with
1626 * all rates that we support.
1627 */
1628 rates = ~0;
1629 }
1630
1631 ieee80211_put_srates_elem(skb, sband, 0, ~rates,
1632 WLAN_EID_SUPP_RATES);
1633 ieee80211_put_srates_elem(skb, sband, 0, ~rates,
1634 WLAN_EID_EXT_SUPP_RATES);
1635 }
1636
ieee80211_add_before_ht_elems(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1637 static size_t ieee80211_add_before_ht_elems(struct sk_buff *skb,
1638 const u8 *elems,
1639 size_t elems_len,
1640 size_t offset)
1641 {
1642 size_t noffset;
1643
1644 static const u8 before_ht[] = {
1645 WLAN_EID_SSID,
1646 WLAN_EID_SUPP_RATES,
1647 WLAN_EID_EXT_SUPP_RATES,
1648 WLAN_EID_PWR_CAPABILITY,
1649 WLAN_EID_SUPPORTED_CHANNELS,
1650 WLAN_EID_RSN,
1651 WLAN_EID_QOS_CAPA,
1652 WLAN_EID_RRM_ENABLED_CAPABILITIES,
1653 WLAN_EID_MOBILITY_DOMAIN,
1654 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */
1655 WLAN_EID_RIC_DATA, /* reassoc only */
1656 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1657 };
1658 static const u8 after_ric[] = {
1659 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1660 WLAN_EID_HT_CAPABILITY,
1661 WLAN_EID_BSS_COEX_2040,
1662 /* luckily this is almost always there */
1663 WLAN_EID_EXT_CAPABILITY,
1664 WLAN_EID_QOS_TRAFFIC_CAPA,
1665 WLAN_EID_TIM_BCAST_REQ,
1666 WLAN_EID_INTERWORKING,
1667 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
1668 WLAN_EID_VHT_CAPABILITY,
1669 WLAN_EID_OPMODE_NOTIF,
1670 };
1671
1672 if (!elems_len)
1673 return offset;
1674
1675 noffset = ieee80211_ie_split_ric(elems, elems_len,
1676 before_ht,
1677 ARRAY_SIZE(before_ht),
1678 after_ric,
1679 ARRAY_SIZE(after_ric),
1680 offset);
1681 skb_put_data(skb, elems + offset, noffset - offset);
1682
1683 return noffset;
1684 }
1685
ieee80211_add_before_vht_elems(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1686 static size_t ieee80211_add_before_vht_elems(struct sk_buff *skb,
1687 const u8 *elems,
1688 size_t elems_len,
1689 size_t offset)
1690 {
1691 static const u8 before_vht[] = {
1692 /*
1693 * no need to list the ones split off before HT
1694 * or generated here
1695 */
1696 WLAN_EID_BSS_COEX_2040,
1697 WLAN_EID_EXT_CAPABILITY,
1698 WLAN_EID_QOS_TRAFFIC_CAPA,
1699 WLAN_EID_TIM_BCAST_REQ,
1700 WLAN_EID_INTERWORKING,
1701 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
1702 };
1703 size_t noffset;
1704
1705 if (!elems_len)
1706 return offset;
1707
1708 /* RIC already taken care of in ieee80211_add_before_ht_elems() */
1709 noffset = ieee80211_ie_split(elems, elems_len,
1710 before_vht, ARRAY_SIZE(before_vht),
1711 offset);
1712 skb_put_data(skb, elems + offset, noffset - offset);
1713
1714 return noffset;
1715 }
1716
ieee80211_add_before_he_elems(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1717 static size_t ieee80211_add_before_he_elems(struct sk_buff *skb,
1718 const u8 *elems,
1719 size_t elems_len,
1720 size_t offset)
1721 {
1722 static const u8 before_he[] = {
1723 /*
1724 * no need to list the ones split off before VHT
1725 * or generated here
1726 */
1727 WLAN_EID_OPMODE_NOTIF,
1728 WLAN_EID_EXTENSION, WLAN_EID_EXT_FUTURE_CHAN_GUIDANCE,
1729 /* 11ai elements */
1730 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_SESSION,
1731 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_PUBLIC_KEY,
1732 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_KEY_CONFIRM,
1733 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_HLP_CONTAINER,
1734 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_IP_ADDR_ASSIGN,
1735 /* TODO: add 11ah/11aj/11ak elements */
1736 };
1737 size_t noffset;
1738
1739 if (!elems_len)
1740 return offset;
1741
1742 /* RIC already taken care of in ieee80211_add_before_ht_elems() */
1743 noffset = ieee80211_ie_split(elems, elems_len,
1744 before_he, ARRAY_SIZE(before_he),
1745 offset);
1746 skb_put_data(skb, elems + offset, noffset - offset);
1747
1748 return noffset;
1749 }
1750
ieee80211_add_before_reg_conn(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1751 static size_t ieee80211_add_before_reg_conn(struct sk_buff *skb,
1752 const u8 *elems, size_t elems_len,
1753 size_t offset)
1754 {
1755 static const u8 before_reg_conn[] = {
1756 /*
1757 * no need to list the ones split off before HE
1758 * or generated here
1759 */
1760 WLAN_EID_EXTENSION, WLAN_EID_EXT_DH_PARAMETER,
1761 WLAN_EID_EXTENSION, WLAN_EID_EXT_KNOWN_STA_IDENTIFCATION,
1762 };
1763 size_t noffset;
1764
1765 if (!elems_len)
1766 return offset;
1767
1768 noffset = ieee80211_ie_split(elems, elems_len, before_reg_conn,
1769 ARRAY_SIZE(before_reg_conn), offset);
1770 skb_put_data(skb, elems + offset, noffset - offset);
1771
1772 return noffset;
1773 }
1774
1775 #define PRESENT_ELEMS_MAX 8
1776 #define PRESENT_ELEM_EXT_OFFS 0x100
1777
1778 static void
1779 ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
1780 struct sk_buff *skb, u16 capab,
1781 const struct element *ext_capa,
1782 const u16 *present_elems,
1783 struct ieee80211_mgd_assoc_data *assoc_data);
1784
1785 static size_t
ieee80211_add_link_elems(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,u16 * capab,const struct element * ext_capa,const u8 * extra_elems,size_t extra_elems_len,unsigned int link_id,struct ieee80211_link_data * link,u16 * present_elems,struct ieee80211_mgd_assoc_data * assoc_data)1786 ieee80211_add_link_elems(struct ieee80211_sub_if_data *sdata,
1787 struct sk_buff *skb, u16 *capab,
1788 const struct element *ext_capa,
1789 const u8 *extra_elems,
1790 size_t extra_elems_len,
1791 unsigned int link_id,
1792 struct ieee80211_link_data *link,
1793 u16 *present_elems,
1794 struct ieee80211_mgd_assoc_data *assoc_data)
1795 {
1796 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
1797 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
1798 struct ieee80211_channel *chan = cbss->channel;
1799 const struct ieee80211_sband_iftype_data *iftd;
1800 struct ieee80211_local *local = sdata->local;
1801 struct ieee80211_supported_band *sband;
1802 enum nl80211_chan_width width = NL80211_CHAN_WIDTH_20;
1803 struct ieee80211_chanctx_conf *chanctx_conf;
1804 enum ieee80211_smps_mode smps_mode;
1805 u16 orig_capab = *capab;
1806 size_t offset = 0;
1807 int present_elems_len = 0;
1808 u8 *pos;
1809 int i;
1810
1811 #define ADD_PRESENT_ELEM(id) do { \
1812 /* need a last for termination - we use 0 == SSID */ \
1813 if (!WARN_ON(present_elems_len >= PRESENT_ELEMS_MAX - 1)) \
1814 present_elems[present_elems_len++] = (id); \
1815 } while (0)
1816 #define ADD_PRESENT_EXT_ELEM(id) ADD_PRESENT_ELEM(PRESENT_ELEM_EXT_OFFS | (id))
1817
1818 if (link)
1819 smps_mode = link->smps_mode;
1820 else if (sdata->u.mgd.powersave)
1821 smps_mode = IEEE80211_SMPS_DYNAMIC;
1822 else
1823 smps_mode = IEEE80211_SMPS_OFF;
1824
1825 if (link) {
1826 /*
1827 * 5/10 MHz scenarios are only viable without MLO, in which
1828 * case this pointer should be used ... All of this is a bit
1829 * unclear though, not sure this even works at all.
1830 */
1831 rcu_read_lock();
1832 chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
1833 if (chanctx_conf)
1834 width = chanctx_conf->def.width;
1835 rcu_read_unlock();
1836 }
1837
1838 sband = local->hw.wiphy->bands[chan->band];
1839 iftd = ieee80211_get_sband_iftype_data(sband, iftype);
1840
1841 if (sband->band == NL80211_BAND_2GHZ) {
1842 *capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
1843 *capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
1844 }
1845
1846 if ((cbss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
1847 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT))
1848 *capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
1849
1850 if (sband->band != NL80211_BAND_S1GHZ)
1851 ieee80211_assoc_add_rates(local, skb, width, sband, assoc_data);
1852
1853 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT ||
1854 *capab & WLAN_CAPABILITY_RADIO_MEASURE) {
1855 struct cfg80211_chan_def chandef = {
1856 .width = width,
1857 .chan = chan,
1858 };
1859
1860 pos = skb_put(skb, 4);
1861 *pos++ = WLAN_EID_PWR_CAPABILITY;
1862 *pos++ = 2;
1863 *pos++ = 0; /* min tx power */
1864 /* max tx power */
1865 *pos++ = ieee80211_chandef_max_power(&chandef);
1866 ADD_PRESENT_ELEM(WLAN_EID_PWR_CAPABILITY);
1867 }
1868
1869 /*
1870 * Per spec, we shouldn't include the list of channels if we advertise
1871 * support for extended channel switching, but we've always done that;
1872 * (for now?) apply this restriction only on the (new) 6 GHz band.
1873 */
1874 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT &&
1875 (sband->band != NL80211_BAND_6GHZ ||
1876 !ext_capa || ext_capa->datalen < 1 ||
1877 !(ext_capa->data[0] & WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING))) {
1878 /* TODO: get this in reg domain format */
1879 pos = skb_put(skb, 2 * sband->n_channels + 2);
1880 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
1881 *pos++ = 2 * sband->n_channels;
1882 for (i = 0; i < sband->n_channels; i++) {
1883 int cf = sband->channels[i].center_freq;
1884
1885 *pos++ = ieee80211_frequency_to_channel(cf);
1886 *pos++ = 1; /* one channel in the subband*/
1887 }
1888 ADD_PRESENT_ELEM(WLAN_EID_SUPPORTED_CHANNELS);
1889 }
1890
1891 /* if present, add any custom IEs that go before HT */
1892 offset = ieee80211_add_before_ht_elems(skb, extra_elems,
1893 extra_elems_len,
1894 offset);
1895
1896 if (sband->band != NL80211_BAND_6GHZ &&
1897 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HT) {
1898 ieee80211_add_ht_ie(sdata, skb,
1899 assoc_data->link[link_id].ap_ht_param,
1900 sband, chan, smps_mode,
1901 &assoc_data->link[link_id].conn);
1902 ADD_PRESENT_ELEM(WLAN_EID_HT_CAPABILITY);
1903 }
1904
1905 /* if present, add any custom IEs that go before VHT */
1906 offset = ieee80211_add_before_vht_elems(skb, extra_elems,
1907 extra_elems_len,
1908 offset);
1909
1910 if (sband->band != NL80211_BAND_6GHZ &&
1911 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_VHT &&
1912 sband->vht_cap.vht_supported) {
1913 bool mu_mimo_owner =
1914 ieee80211_add_vht_ie(sdata, skb, sband,
1915 &assoc_data->link[link_id].ap_vht_cap,
1916 &assoc_data->link[link_id].conn);
1917
1918 if (link)
1919 link->conf->mu_mimo_owner = mu_mimo_owner;
1920 ADD_PRESENT_ELEM(WLAN_EID_VHT_CAPABILITY);
1921 }
1922
1923 /* if present, add any custom IEs that go before HE */
1924 offset = ieee80211_add_before_he_elems(skb, extra_elems,
1925 extra_elems_len,
1926 offset);
1927
1928 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HE) {
1929 ieee80211_put_he_cap(skb, sdata, sband,
1930 &assoc_data->link[link_id].conn);
1931 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_HE_CAPABILITY);
1932 if (sband->band == NL80211_BAND_6GHZ)
1933 ieee80211_put_he_6ghz_cap(skb, sdata, smps_mode);
1934 }
1935
1936 /*
1937 * if present, add any custom IEs that go before regulatory
1938 * connectivity element
1939 */
1940 offset = ieee80211_add_before_reg_conn(skb, extra_elems,
1941 extra_elems_len, offset);
1942
1943 if (sband->band == NL80211_BAND_6GHZ) {
1944 /*
1945 * as per Section E.2.7 of IEEE 802.11 REVme D7.0, non-AP STA
1946 * capable of operating on the 6 GHz band shall transmit
1947 * regulatory connectivity element.
1948 */
1949 ieee80211_put_reg_conn(skb, chan->flags);
1950 }
1951
1952 /*
1953 * careful - need to know about all the present elems before
1954 * calling ieee80211_assoc_add_ml_elem(), so add these if
1955 * we're going to put them after the ML element
1956 */
1957 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT)
1958 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_EHT_CAPABILITY);
1959 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_UHR)
1960 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_UHR_CAPA);
1961
1962 if (link_id == assoc_data->assoc_link_id)
1963 ieee80211_assoc_add_ml_elem(sdata, skb, orig_capab, ext_capa,
1964 present_elems, assoc_data);
1965
1966 /* crash if somebody gets it wrong */
1967 present_elems = NULL;
1968
1969 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT)
1970 ieee80211_put_eht_cap(skb, sdata, sband,
1971 &assoc_data->link[link_id].conn);
1972
1973 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_UHR)
1974 ieee80211_put_uhr_cap(skb, sdata, sband);
1975
1976 if (sband->band == NL80211_BAND_S1GHZ) {
1977 ieee80211_add_aid_request_ie(sdata, skb);
1978 ieee80211_add_s1g_capab_ie(sdata, &sband->s1g_cap, skb);
1979 }
1980
1981 if (iftd && iftd->vendor_elems.data && iftd->vendor_elems.len)
1982 skb_put_data(skb, iftd->vendor_elems.data, iftd->vendor_elems.len);
1983
1984 return offset;
1985 }
1986
ieee80211_add_non_inheritance_elem(struct sk_buff * skb,const u16 * outer,const u16 * inner)1987 static void ieee80211_add_non_inheritance_elem(struct sk_buff *skb,
1988 const u16 *outer,
1989 const u16 *inner)
1990 {
1991 unsigned int skb_len = skb->len;
1992 bool at_extension = false;
1993 bool added = false;
1994 int i, j;
1995 u8 *len, *list_len = NULL;
1996
1997 skb_put_u8(skb, WLAN_EID_EXTENSION);
1998 len = skb_put(skb, 1);
1999 skb_put_u8(skb, WLAN_EID_EXT_NON_INHERITANCE);
2000
2001 for (i = 0; i < PRESENT_ELEMS_MAX && outer[i]; i++) {
2002 u16 elem = outer[i];
2003 bool have_inner = false;
2004
2005 /* should at least be sorted in the sense of normal -> ext */
2006 WARN_ON(at_extension && elem < PRESENT_ELEM_EXT_OFFS);
2007
2008 /* switch to extension list */
2009 if (!at_extension && elem >= PRESENT_ELEM_EXT_OFFS) {
2010 at_extension = true;
2011 if (!list_len)
2012 skb_put_u8(skb, 0);
2013 list_len = NULL;
2014 }
2015
2016 for (j = 0; j < PRESENT_ELEMS_MAX && inner[j]; j++) {
2017 if (elem == inner[j]) {
2018 have_inner = true;
2019 break;
2020 }
2021 }
2022
2023 if (have_inner)
2024 continue;
2025
2026 if (!list_len) {
2027 list_len = skb_put(skb, 1);
2028 *list_len = 0;
2029 }
2030 *list_len += 1;
2031 skb_put_u8(skb, (u8)elem);
2032 added = true;
2033 }
2034
2035 /* if we added a list but no extension list, make a zero-len one */
2036 if (added && (!at_extension || !list_len))
2037 skb_put_u8(skb, 0);
2038
2039 /* if nothing added remove extension element completely */
2040 if (!added)
2041 skb_trim(skb, skb_len);
2042 else
2043 *len = skb->len - skb_len - 2;
2044 }
2045
2046 static void
ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,u16 capab,const struct element * ext_capa,const u16 * outer_present_elems,struct ieee80211_mgd_assoc_data * assoc_data)2047 ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
2048 struct sk_buff *skb, u16 capab,
2049 const struct element *ext_capa,
2050 const u16 *outer_present_elems,
2051 struct ieee80211_mgd_assoc_data *assoc_data)
2052 {
2053 struct ieee80211_local *local = sdata->local;
2054 struct ieee80211_multi_link_elem *ml_elem;
2055 struct ieee80211_mle_basic_common_info *common;
2056 const struct wiphy_iftype_ext_capab *ift_ext_capa;
2057 __le16 eml_capa = 0, mld_capa_ops = 0;
2058 unsigned int link_id;
2059 u8 *ml_elem_len;
2060 void *capab_pos;
2061
2062 if (!ieee80211_vif_is_mld(&sdata->vif))
2063 return;
2064
2065 ift_ext_capa = cfg80211_get_iftype_ext_capa(local->hw.wiphy,
2066 ieee80211_vif_type_p2p(&sdata->vif));
2067 if (ift_ext_capa) {
2068 eml_capa = cpu_to_le16(ift_ext_capa->eml_capabilities);
2069 mld_capa_ops = cpu_to_le16(ift_ext_capa->mld_capa_and_ops);
2070 }
2071
2072 skb_put_u8(skb, WLAN_EID_EXTENSION);
2073 ml_elem_len = skb_put(skb, 1);
2074 skb_put_u8(skb, WLAN_EID_EXT_EHT_MULTI_LINK);
2075 ml_elem = skb_put(skb, sizeof(*ml_elem));
2076 ml_elem->control =
2077 cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_BASIC |
2078 IEEE80211_MLC_BASIC_PRES_MLD_CAPA_OP);
2079 common = skb_put(skb, sizeof(*common));
2080 common->len = sizeof(*common) +
2081 2; /* MLD capa/ops */
2082 memcpy(common->mld_mac_addr, sdata->vif.addr, ETH_ALEN);
2083
2084 /* add EML_CAPA only if needed, see Draft P802.11be_D2.1, 35.3.17 */
2085 if (eml_capa &
2086 cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP |
2087 IEEE80211_EML_CAP_EMLMR_SUPPORT))) {
2088 common->len += 2; /* EML capabilities */
2089 ml_elem->control |=
2090 cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EML_CAPA);
2091 skb_put_data(skb, &eml_capa, sizeof(eml_capa));
2092 }
2093 skb_put_data(skb, &mld_capa_ops, sizeof(mld_capa_ops));
2094
2095 if (assoc_data->ext_mld_capa_ops) {
2096 ml_elem->control |=
2097 cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EXT_MLD_CAPA_OP);
2098 common->len += 2;
2099 skb_put_data(skb, &assoc_data->ext_mld_capa_ops,
2100 sizeof(assoc_data->ext_mld_capa_ops));
2101 }
2102
2103 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
2104 u16 link_present_elems[PRESENT_ELEMS_MAX] = {};
2105 const u8 *extra_elems;
2106 size_t extra_elems_len;
2107 size_t extra_used;
2108 u8 *subelem_len = NULL;
2109 __le16 ctrl;
2110
2111 if (!assoc_data->link[link_id].bss ||
2112 link_id == assoc_data->assoc_link_id)
2113 continue;
2114
2115 extra_elems = assoc_data->link[link_id].elems;
2116 extra_elems_len = assoc_data->link[link_id].elems_len;
2117
2118 skb_put_u8(skb, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE);
2119 subelem_len = skb_put(skb, 1);
2120
2121 ctrl = cpu_to_le16(link_id |
2122 IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE |
2123 IEEE80211_MLE_STA_CONTROL_STA_MAC_ADDR_PRESENT);
2124 skb_put_data(skb, &ctrl, sizeof(ctrl));
2125 skb_put_u8(skb, 1 + ETH_ALEN); /* STA Info Length */
2126 skb_put_data(skb, assoc_data->link[link_id].addr,
2127 ETH_ALEN);
2128 /*
2129 * Now add the contents of the (re)association request,
2130 * but the "listen interval" and "current AP address"
2131 * (if applicable) are skipped. So we only have
2132 * the capability field (remember the position and fill
2133 * later), followed by the elements added below by
2134 * calling ieee80211_add_link_elems().
2135 */
2136 capab_pos = skb_put(skb, 2);
2137
2138 extra_used = ieee80211_add_link_elems(sdata, skb, &capab,
2139 ext_capa,
2140 extra_elems,
2141 extra_elems_len,
2142 link_id, NULL,
2143 link_present_elems,
2144 assoc_data);
2145 if (extra_elems)
2146 skb_put_data(skb, extra_elems + extra_used,
2147 extra_elems_len - extra_used);
2148
2149 put_unaligned_le16(capab, capab_pos);
2150
2151 ieee80211_add_non_inheritance_elem(skb, outer_present_elems,
2152 link_present_elems);
2153
2154 ieee80211_fragment_element(skb, subelem_len,
2155 IEEE80211_MLE_SUBELEM_FRAGMENT);
2156 }
2157
2158 ieee80211_fragment_element(skb, ml_elem_len, WLAN_EID_FRAGMENT);
2159 }
2160
2161 static int
ieee80211_link_common_elems_size(struct ieee80211_sub_if_data * sdata,enum nl80211_iftype iftype,struct cfg80211_bss * cbss,size_t elems_len)2162 ieee80211_link_common_elems_size(struct ieee80211_sub_if_data *sdata,
2163 enum nl80211_iftype iftype,
2164 struct cfg80211_bss *cbss,
2165 size_t elems_len)
2166 {
2167 struct ieee80211_local *local = sdata->local;
2168 const struct ieee80211_sband_iftype_data *iftd;
2169 struct ieee80211_supported_band *sband;
2170 size_t size = 0;
2171
2172 if (!cbss)
2173 return size;
2174
2175 sband = local->hw.wiphy->bands[cbss->channel->band];
2176
2177 /* add STA profile elements length */
2178 size += elems_len;
2179
2180 /* and supported rates length */
2181 size += 4 + sband->n_bitrates;
2182
2183 /* supported channels */
2184 size += 2 + 2 * sband->n_channels;
2185
2186 iftd = ieee80211_get_sband_iftype_data(sband, iftype);
2187 if (iftd)
2188 size += iftd->vendor_elems.len;
2189
2190 /* power capability */
2191 size += 4;
2192
2193 /* HT, VHT, HE, EHT */
2194 size += 2 + sizeof(struct ieee80211_ht_cap);
2195 size += 2 + sizeof(struct ieee80211_vht_cap);
2196 size += 2 + 1 + sizeof(struct ieee80211_he_cap_elem) +
2197 sizeof(struct ieee80211_he_mcs_nss_supp) +
2198 IEEE80211_HE_PPE_THRES_MAX_LEN;
2199
2200 if (sband->band == NL80211_BAND_6GHZ) {
2201 size += 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa);
2202 /* reg connection */
2203 size += 4;
2204 }
2205
2206 size += 2 + 1 + sizeof(struct ieee80211_eht_cap_elem) +
2207 sizeof(struct ieee80211_eht_mcs_nss_supp) +
2208 IEEE80211_EHT_PPE_THRES_MAX_LEN;
2209
2210 size += 2 + 1 + sizeof(struct ieee80211_uhr_cap) +
2211 sizeof(struct ieee80211_uhr_cap_phy);
2212
2213 return size;
2214 }
2215
ieee80211_send_assoc(struct ieee80211_sub_if_data * sdata)2216 static int ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
2217 {
2218 struct ieee80211_local *local = sdata->local;
2219 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2220 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2221 struct ieee80211_link_data *link;
2222 struct sk_buff *skb;
2223 struct ieee80211_mgmt *mgmt;
2224 u8 *pos, qos_info, *ie_start;
2225 size_t offset, noffset;
2226 u16 capab = 0, link_capab;
2227 __le16 listen_int;
2228 struct element *ext_capa = NULL;
2229 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
2230 struct ieee80211_prep_tx_info info = {};
2231 unsigned int link_id, n_links = 0;
2232 u16 present_elems[PRESENT_ELEMS_MAX] = {};
2233 struct sta_info *sta;
2234 bool assoc_encrypt;
2235 void *capab_pos;
2236 size_t size;
2237 int ret;
2238
2239 /* we know it's writable, cast away the const */
2240 if (assoc_data->ie_len)
2241 ext_capa = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
2242 assoc_data->ie,
2243 assoc_data->ie_len);
2244
2245 lockdep_assert_wiphy(sdata->local->hw.wiphy);
2246
2247 size = local->hw.extra_tx_headroom +
2248 sizeof(*mgmt) + /* bit too much but doesn't matter */
2249 2 + assoc_data->ssid_len + /* SSID */
2250 assoc_data->ie_len + /* extra IEs */
2251 (assoc_data->fils_kek_len ? 16 /* AES-SIV */ : 0) +
2252 9; /* WMM */
2253
2254 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
2255 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
2256 size_t elems_len = assoc_data->link[link_id].elems_len;
2257
2258 if (!cbss)
2259 continue;
2260
2261 n_links++;
2262
2263 size += ieee80211_link_common_elems_size(sdata, iftype, cbss,
2264 elems_len);
2265
2266 /* non-inheritance element */
2267 size += 2 + 2 + PRESENT_ELEMS_MAX;
2268
2269 /* should be the same across all BSSes */
2270 if (cbss->capability & WLAN_CAPABILITY_PRIVACY)
2271 capab |= WLAN_CAPABILITY_PRIVACY;
2272 }
2273
2274 if (ieee80211_vif_is_mld(&sdata->vif)) {
2275 /* consider the multi-link element with STA profile */
2276 size += sizeof(struct ieee80211_multi_link_elem);
2277 /* max common info field in basic multi-link element */
2278 size += sizeof(struct ieee80211_mle_basic_common_info) +
2279 2 + /* capa & op */
2280 2 + /* ext capa & op */
2281 2; /* EML capa */
2282
2283 /* The capability elements were already considered above */
2284 size += (n_links - 1) *
2285 (1 + 1 + /* subelement ID/length */
2286 2 + /* STA control */
2287 1 + ETH_ALEN + 2 /* STA Info field */);
2288 }
2289
2290 link = sdata_dereference(sdata->link[assoc_data->assoc_link_id], sdata);
2291 if (WARN_ON(!link))
2292 return -EINVAL;
2293
2294 if (WARN_ON(!assoc_data->link[assoc_data->assoc_link_id].bss))
2295 return -EINVAL;
2296
2297 skb = alloc_skb(size, GFP_KERNEL);
2298 if (!skb)
2299 return -ENOMEM;
2300
2301 skb_reserve(skb, local->hw.extra_tx_headroom);
2302
2303 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM)
2304 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
2305
2306 /* Set MBSSID support for HE AP if needed */
2307 if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) &&
2308 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE &&
2309 ext_capa && ext_capa->datalen >= 3)
2310 ext_capa->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT;
2311
2312 mgmt = skb_put_zero(skb, 24);
2313 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
2314 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
2315 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
2316
2317 listen_int = cpu_to_le16(assoc_data->s1g ?
2318 ieee80211_encode_usf(local->hw.conf.listen_interval) :
2319 local->hw.conf.listen_interval);
2320 if (!is_zero_ether_addr(assoc_data->prev_ap_addr)) {
2321 skb_put(skb, 10);
2322 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2323 IEEE80211_STYPE_REASSOC_REQ);
2324 capab_pos = &mgmt->u.reassoc_req.capab_info;
2325 mgmt->u.reassoc_req.listen_interval = listen_int;
2326 memcpy(mgmt->u.reassoc_req.current_ap,
2327 assoc_data->prev_ap_addr, ETH_ALEN);
2328 info.subtype = IEEE80211_STYPE_REASSOC_REQ;
2329 } else {
2330 skb_put(skb, 4);
2331 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2332 IEEE80211_STYPE_ASSOC_REQ);
2333 capab_pos = &mgmt->u.assoc_req.capab_info;
2334 mgmt->u.assoc_req.listen_interval = listen_int;
2335 info.subtype = IEEE80211_STYPE_ASSOC_REQ;
2336 }
2337
2338 /* SSID */
2339 pos = skb_put(skb, 2 + assoc_data->ssid_len);
2340 ie_start = pos;
2341 *pos++ = WLAN_EID_SSID;
2342 *pos++ = assoc_data->ssid_len;
2343 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
2344
2345 /*
2346 * This bit is technically reserved, so it shouldn't matter for either
2347 * the AP or us, but it also means we shouldn't set it. However, we've
2348 * always set it in the past, and apparently some EHT APs check that
2349 * we don't set it. To avoid interoperability issues with old APs that
2350 * for some reason check it and want it to be set, set the bit for all
2351 * pre-EHT connections as we used to do.
2352 */
2353 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_EHT &&
2354 !ieee80211_hw_check(&local->hw, STRICT))
2355 capab |= WLAN_CAPABILITY_ESS;
2356
2357 /* add the elements for the assoc (main) link */
2358 link_capab = capab;
2359 offset = ieee80211_add_link_elems(sdata, skb, &link_capab,
2360 ext_capa,
2361 assoc_data->ie,
2362 assoc_data->ie_len,
2363 assoc_data->assoc_link_id, link,
2364 present_elems, assoc_data);
2365 put_unaligned_le16(link_capab, capab_pos);
2366
2367 /* if present, add any custom non-vendor IEs */
2368 if (assoc_data->ie_len) {
2369 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
2370 assoc_data->ie_len,
2371 offset);
2372 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
2373 offset = noffset;
2374 }
2375
2376 if (assoc_data->wmm) {
2377 if (assoc_data->uapsd) {
2378 qos_info = ifmgd->uapsd_queues;
2379 qos_info |= (ifmgd->uapsd_max_sp_len <<
2380 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
2381 } else {
2382 qos_info = 0;
2383 }
2384
2385 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
2386 }
2387
2388 /* add any remaining custom (i.e. vendor specific here) IEs */
2389 if (assoc_data->ie_len) {
2390 noffset = assoc_data->ie_len;
2391 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
2392 }
2393
2394 if (assoc_data->fils_kek_len) {
2395 ret = fils_encrypt_assoc_req(skb, assoc_data);
2396 if (ret < 0) {
2397 dev_kfree_skb(skb);
2398 return ret;
2399 }
2400 }
2401
2402 pos = skb_tail_pointer(skb);
2403 kfree(ifmgd->assoc_req_ies);
2404 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC);
2405 if (!ifmgd->assoc_req_ies) {
2406 dev_kfree_skb(skb);
2407 return -ENOMEM;
2408 }
2409
2410 ifmgd->assoc_req_ies_len = pos - ie_start;
2411
2412 info.link_id = assoc_data->assoc_link_id;
2413 drv_mgd_prepare_tx(local, sdata, &info);
2414
2415 sta = sta_info_get_bss(sdata, sdata->vif.cfg.ap_addr);
2416
2417 assoc_encrypt = sta && sta->sta.epp_peer &&
2418 wiphy_dereference(sdata->local->hw.wiphy,
2419 sta->ptk[sta->ptk_idx]);
2420
2421 if (!assoc_encrypt)
2422 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2423
2424 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2425 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
2426 IEEE80211_TX_INTFL_MLME_CONN_TX;
2427 ieee80211_tx_skb(sdata, skb);
2428
2429 return 0;
2430 }
2431
ieee80211_send_pspoll(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)2432 void ieee80211_send_pspoll(struct ieee80211_local *local,
2433 struct ieee80211_sub_if_data *sdata)
2434 {
2435 struct ieee80211_pspoll *pspoll;
2436 struct sk_buff *skb;
2437
2438 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
2439 if (!skb)
2440 return;
2441
2442 pspoll = (struct ieee80211_pspoll *) skb->data;
2443 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
2444
2445 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2446 ieee80211_tx_skb(sdata, skb);
2447 }
2448
ieee80211_send_nullfunc(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata,bool powersave)2449 void ieee80211_send_nullfunc(struct ieee80211_local *local,
2450 struct ieee80211_sub_if_data *sdata,
2451 bool powersave)
2452 {
2453 struct sk_buff *skb;
2454 struct ieee80211_hdr_3addr *nullfunc;
2455 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2456
2457 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif, -1,
2458 !ieee80211_hw_check(&local->hw,
2459 DOESNT_SUPPORT_QOS_NDP));
2460 if (!skb)
2461 return;
2462
2463 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
2464 if (powersave)
2465 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
2466
2467 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
2468 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
2469
2470 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2471 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2472
2473 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
2474 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
2475
2476 ieee80211_tx_skb(sdata, skb);
2477 }
2478
ieee80211_send_4addr_nullfunc(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)2479 void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
2480 struct ieee80211_sub_if_data *sdata)
2481 {
2482 struct sk_buff *skb;
2483 struct ieee80211_hdr *nullfunc;
2484 __le16 fc;
2485
2486 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2487 return;
2488
2489 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
2490 if (!skb)
2491 return;
2492
2493 skb_reserve(skb, local->hw.extra_tx_headroom);
2494
2495 nullfunc = skb_put_zero(skb, 30);
2496 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
2497 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
2498 nullfunc->frame_control = fc;
2499 memcpy(nullfunc->addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN);
2500 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
2501 memcpy(nullfunc->addr3, sdata->deflink.u.mgd.bssid, ETH_ALEN);
2502 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
2503
2504 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2505 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
2506 ieee80211_tx_skb(sdata, skb);
2507 }
2508
2509 /* spectrum management related things */
ieee80211_csa_switch_work(struct wiphy * wiphy,struct wiphy_work * work)2510 static void ieee80211_csa_switch_work(struct wiphy *wiphy,
2511 struct wiphy_work *work)
2512 {
2513 struct ieee80211_link_data *link =
2514 container_of(work, struct ieee80211_link_data,
2515 u.mgd.csa.switch_work.work);
2516 struct ieee80211_sub_if_data *sdata = link->sdata;
2517 struct ieee80211_local *local = sdata->local;
2518 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2519 int ret;
2520
2521 if (!ieee80211_sdata_running(sdata))
2522 return;
2523
2524 lockdep_assert_wiphy(local->hw.wiphy);
2525
2526 if (!ifmgd->associated)
2527 return;
2528
2529 if (!link->conf->csa_active)
2530 return;
2531
2532 /*
2533 * If the link isn't active (now), we cannot wait for beacons, won't
2534 * have a reserved chanctx, etc. Just switch over the chandef and
2535 * update cfg80211 directly.
2536 */
2537 if (!ieee80211_vif_link_active(&sdata->vif, link->link_id)) {
2538 struct link_sta_info *link_sta;
2539 struct sta_info *ap_sta;
2540
2541 link->conf->chanreq = link->csa.chanreq;
2542 cfg80211_ch_switch_notify(sdata->dev, &link->csa.chanreq.oper,
2543 link->link_id);
2544 link->conf->csa_active = false;
2545
2546 ap_sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
2547 if (WARN_ON(!ap_sta))
2548 return;
2549
2550 link_sta = wiphy_dereference(wiphy,
2551 ap_sta->link[link->link_id]);
2552 if (WARN_ON(!link_sta))
2553 return;
2554
2555 link_sta->pub->bandwidth =
2556 _ieee80211_sta_cur_vht_bw(link_sta,
2557 &link->csa.chanreq.oper);
2558 return;
2559 }
2560
2561 /*
2562 * using reservation isn't immediate as it may be deferred until later
2563 * with multi-vif. once reservation is complete it will re-schedule the
2564 * work with no reserved_chanctx so verify chandef to check if it
2565 * completed successfully
2566 */
2567
2568 if (link->reserved_chanctx) {
2569 /*
2570 * with multi-vif csa driver may call ieee80211_csa_finish()
2571 * many times while waiting for other interfaces to use their
2572 * reservations
2573 */
2574 if (link->reserved_ready)
2575 return;
2576
2577 ret = ieee80211_link_use_reserved_context(link);
2578 if (ret) {
2579 link_info(link,
2580 "failed to use reserved channel context, disconnecting (err=%d)\n",
2581 ret);
2582 wiphy_work_queue(sdata->local->hw.wiphy,
2583 &ifmgd->csa_connection_drop_work);
2584 }
2585 return;
2586 }
2587
2588 if (!ieee80211_chanreq_identical(&link->conf->chanreq,
2589 &link->csa.chanreq)) {
2590 link_info(link,
2591 "failed to finalize channel switch, disconnecting\n");
2592 wiphy_work_queue(sdata->local->hw.wiphy,
2593 &ifmgd->csa_connection_drop_work);
2594 return;
2595 }
2596
2597 link->u.mgd.csa.waiting_bcn = true;
2598
2599 /*
2600 * The next beacon really should always be different, so this should
2601 * have no effect whatsoever. However, some APs (we observed this in
2602 * an Asus AXE11000), the beacon after the CSA might be identical to
2603 * the last beacon on the old channel - in this case we'd ignore it.
2604 * Resetting the CRC will lead us to handle it better (albeit with a
2605 * disconnect, but clearly the AP is broken.)
2606 */
2607 link->u.mgd.beacon_crc_valid = false;
2608
2609 /* apply new TPE restrictions immediately on the new channel */
2610 if (link->u.mgd.csa.ap_chandef.chan->band == NL80211_BAND_6GHZ &&
2611 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE) {
2612 ieee80211_rearrange_tpe(&link->u.mgd.csa.tpe,
2613 &link->u.mgd.csa.ap_chandef,
2614 &link->conf->chanreq.oper);
2615 if (memcmp(&link->conf->tpe, &link->u.mgd.csa.tpe,
2616 sizeof(link->u.mgd.csa.tpe))) {
2617 link->conf->tpe = link->u.mgd.csa.tpe;
2618 ieee80211_link_info_change_notify(sdata, link,
2619 BSS_CHANGED_TPE);
2620 }
2621 }
2622
2623 /*
2624 * It is not necessary to reset these timers if any link does not
2625 * have an active CSA and that link still receives the beacons
2626 * when other links have active CSA.
2627 */
2628 for_each_link_data(sdata, link) {
2629 if (!link->conf->csa_active)
2630 return;
2631 }
2632
2633 /*
2634 * Reset the beacon monitor and connection monitor timers when CSA
2635 * is active for all links in MLO when channel switch occurs in all
2636 * the links.
2637 */
2638 ieee80211_sta_reset_beacon_monitor(sdata);
2639 ieee80211_sta_reset_conn_monitor(sdata);
2640 }
2641
ieee80211_chswitch_post_beacon(struct ieee80211_link_data * link)2642 static void ieee80211_chswitch_post_beacon(struct ieee80211_link_data *link)
2643 {
2644 struct ieee80211_sub_if_data *sdata = link->sdata;
2645 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2646 int ret;
2647
2648 lockdep_assert_wiphy(sdata->local->hw.wiphy);
2649
2650 WARN_ON(!link->conf->csa_active);
2651
2652 ieee80211_vif_unblock_queues_csa(sdata);
2653
2654 link->conf->csa_active = false;
2655 link->u.mgd.csa.blocked_tx = false;
2656 link->u.mgd.csa.waiting_bcn = false;
2657
2658 ret = drv_post_channel_switch(link);
2659 if (ret) {
2660 link_info(link,
2661 "driver post channel switch failed, disconnecting\n");
2662 wiphy_work_queue(sdata->local->hw.wiphy,
2663 &ifmgd->csa_connection_drop_work);
2664 return;
2665 }
2666
2667 cfg80211_ch_switch_notify(sdata->dev, &link->conf->chanreq.oper,
2668 link->link_id);
2669 }
2670
ieee80211_chswitch_done(struct ieee80211_vif * vif,bool success,unsigned int link_id)2671 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success,
2672 unsigned int link_id)
2673 {
2674 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2675
2676 trace_api_chswitch_done(sdata, success, link_id);
2677
2678 rcu_read_lock();
2679
2680 if (!success) {
2681 sdata_info(sdata,
2682 "driver channel switch failed (link %d), disconnecting\n",
2683 link_id);
2684 wiphy_work_queue(sdata->local->hw.wiphy,
2685 &sdata->u.mgd.csa_connection_drop_work);
2686 } else {
2687 struct ieee80211_link_data *link =
2688 rcu_dereference(sdata->link[link_id]);
2689
2690 if (WARN_ON(!link)) {
2691 rcu_read_unlock();
2692 return;
2693 }
2694
2695 wiphy_hrtimer_work_queue(sdata->local->hw.wiphy,
2696 &link->u.mgd.csa.switch_work, 0);
2697 }
2698
2699 rcu_read_unlock();
2700 }
2701 EXPORT_SYMBOL(ieee80211_chswitch_done);
2702
2703 static void
ieee80211_sta_abort_chanswitch(struct ieee80211_link_data * link)2704 ieee80211_sta_abort_chanswitch(struct ieee80211_link_data *link)
2705 {
2706 struct ieee80211_sub_if_data *sdata = link->sdata;
2707 struct ieee80211_local *local = sdata->local;
2708
2709 lockdep_assert_wiphy(local->hw.wiphy);
2710
2711 if (!local->ops->abort_channel_switch)
2712 return;
2713
2714 if (rcu_access_pointer(link->conf->chanctx_conf))
2715 ieee80211_link_unreserve_chanctx(link);
2716
2717 ieee80211_vif_unblock_queues_csa(sdata);
2718
2719 link->conf->csa_active = false;
2720 link->u.mgd.csa.blocked_tx = false;
2721
2722 drv_abort_channel_switch(link);
2723 }
2724
2725 struct sta_csa_rnr_iter_data {
2726 struct ieee80211_link_data *link;
2727 struct ieee80211_channel *chan;
2728 u8 mld_id;
2729 };
2730
2731 static enum cfg80211_rnr_iter_ret
ieee80211_sta_csa_rnr_iter(void * _data,u8 type,const struct ieee80211_neighbor_ap_info * info,const u8 * tbtt_info,u8 tbtt_info_len)2732 ieee80211_sta_csa_rnr_iter(void *_data, u8 type,
2733 const struct ieee80211_neighbor_ap_info *info,
2734 const u8 *tbtt_info, u8 tbtt_info_len)
2735 {
2736 struct sta_csa_rnr_iter_data *data = _data;
2737 struct ieee80211_link_data *link = data->link;
2738 struct ieee80211_sub_if_data *sdata = link->sdata;
2739 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2740 const struct ieee80211_tbtt_info_ge_11 *ti;
2741 enum nl80211_band band;
2742 unsigned int center_freq;
2743 int link_id;
2744
2745 if (type != IEEE80211_TBTT_INFO_TYPE_TBTT)
2746 return RNR_ITER_CONTINUE;
2747
2748 if (tbtt_info_len < sizeof(*ti))
2749 return RNR_ITER_CONTINUE;
2750
2751 ti = (const void *)tbtt_info;
2752
2753 if (ti->mld_params.mld_id != data->mld_id)
2754 return RNR_ITER_CONTINUE;
2755
2756 link_id = le16_get_bits(ti->mld_params.params,
2757 IEEE80211_RNR_MLD_PARAMS_LINK_ID);
2758 if (link_id != data->link->link_id)
2759 return RNR_ITER_CONTINUE;
2760
2761 /* we found the entry for our link! */
2762
2763 /* this AP is confused, it had this right before ... just disconnect */
2764 if (!ieee80211_operating_class_to_band(info->op_class, &band)) {
2765 link_info(link,
2766 "AP now has invalid operating class in RNR, disconnect\n");
2767 wiphy_work_queue(sdata->local->hw.wiphy,
2768 &ifmgd->csa_connection_drop_work);
2769 return RNR_ITER_BREAK;
2770 }
2771
2772 center_freq = ieee80211_channel_to_frequency(info->channel, band);
2773 data->chan = ieee80211_get_channel(sdata->local->hw.wiphy, center_freq);
2774
2775 return RNR_ITER_BREAK;
2776 }
2777
2778 static void
ieee80211_sta_other_link_csa_disappeared(struct ieee80211_link_data * link,struct ieee802_11_elems * elems)2779 ieee80211_sta_other_link_csa_disappeared(struct ieee80211_link_data *link,
2780 struct ieee802_11_elems *elems)
2781 {
2782 struct ieee80211_sub_if_data *sdata = link->sdata;
2783 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2784 struct sta_csa_rnr_iter_data data = {
2785 .link = link,
2786 };
2787
2788 /*
2789 * If we get here, we see a beacon from another link without
2790 * CSA still being reported for it, so now we have to check
2791 * if the CSA was aborted or completed. This may not even be
2792 * perfectly possible if the CSA was only done for changing
2793 * the puncturing, but in that case if the link in inactive
2794 * we don't really care, and if it's an active link (or when
2795 * it's activated later) we'll get a beacon and adjust.
2796 */
2797
2798 if (WARN_ON(!elems->ml_basic))
2799 return;
2800
2801 data.mld_id = ieee80211_mle_get_mld_id((const void *)elems->ml_basic);
2802
2803 /*
2804 * So in order to do this, iterate the RNR element(s) and see
2805 * what channel is reported now.
2806 */
2807 cfg80211_iter_rnr(elems->ie_start, elems->total_len,
2808 ieee80211_sta_csa_rnr_iter, &data);
2809
2810 if (!data.chan) {
2811 link_info(link,
2812 "couldn't find (valid) channel in RNR for CSA, disconnect\n");
2813 wiphy_work_queue(sdata->local->hw.wiphy,
2814 &ifmgd->csa_connection_drop_work);
2815 return;
2816 }
2817
2818 /*
2819 * If it doesn't match the CSA, then assume it aborted. This
2820 * may erroneously detect that it was _not_ aborted when it
2821 * was in fact aborted, but only changed the bandwidth or the
2822 * puncturing configuration, but we don't have enough data to
2823 * detect that.
2824 */
2825 if (data.chan != link->csa.chanreq.oper.chan)
2826 ieee80211_sta_abort_chanswitch(link);
2827 }
2828
2829 enum ieee80211_csa_source {
2830 IEEE80211_CSA_SOURCE_BEACON,
2831 IEEE80211_CSA_SOURCE_OTHER_LINK,
2832 IEEE80211_CSA_SOURCE_PROT_ACTION,
2833 IEEE80211_CSA_SOURCE_UNPROT_ACTION,
2834 };
2835
2836 static void
ieee80211_sta_process_chanswitch(struct ieee80211_link_data * link,u64 timestamp,u32 device_timestamp,struct ieee802_11_elems * full_elems,struct ieee802_11_elems * csa_elems,enum ieee80211_csa_source source)2837 ieee80211_sta_process_chanswitch(struct ieee80211_link_data *link,
2838 u64 timestamp, u32 device_timestamp,
2839 struct ieee802_11_elems *full_elems,
2840 struct ieee802_11_elems *csa_elems,
2841 enum ieee80211_csa_source source)
2842 {
2843 struct ieee80211_sub_if_data *sdata = link->sdata;
2844 struct ieee80211_local *local = sdata->local;
2845 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2846 struct ieee80211_chanctx *chanctx = NULL;
2847 struct ieee80211_chanctx_conf *conf;
2848 struct ieee80211_csa_ie csa_ie = {};
2849 struct ieee80211_channel_switch ch_switch = {
2850 .link_id = link->link_id,
2851 .timestamp = timestamp,
2852 .device_timestamp = device_timestamp,
2853 };
2854 u32 csa_time_tu;
2855 ktime_t now;
2856 int res;
2857
2858 lockdep_assert_wiphy(local->hw.wiphy);
2859
2860 if (csa_elems) {
2861 struct cfg80211_bss *cbss = link->conf->bss;
2862 enum nl80211_band current_band;
2863 struct ieee80211_bss *bss;
2864
2865 if (WARN_ON(!cbss))
2866 return;
2867
2868 current_band = cbss->channel->band;
2869 bss = (void *)cbss->priv;
2870
2871 res = ieee80211_parse_ch_switch_ie(sdata, csa_elems,
2872 current_band,
2873 bss->vht_cap_info,
2874 &link->u.mgd.conn,
2875 link->u.mgd.bssid,
2876 source == IEEE80211_CSA_SOURCE_UNPROT_ACTION,
2877 &csa_ie);
2878 if (res == 0) {
2879 ch_switch.block_tx = csa_ie.mode;
2880 ch_switch.chandef = csa_ie.chanreq.oper;
2881 ch_switch.count = csa_ie.count;
2882 ch_switch.delay = csa_ie.max_switch_time;
2883 }
2884
2885 link->u.mgd.csa.tpe = csa_elems->csa_tpe;
2886 } else {
2887 /*
2888 * If there was no per-STA profile for this link, we
2889 * get called with csa_elems == NULL. This of course means
2890 * there are no CSA elements, so set res=1 indicating
2891 * no more CSA.
2892 */
2893 res = 1;
2894 }
2895
2896 if (res < 0) {
2897 /* ignore this case, not a protected frame */
2898 if (source == IEEE80211_CSA_SOURCE_UNPROT_ACTION)
2899 return;
2900 goto drop_connection;
2901 }
2902
2903 if (link->conf->csa_active) {
2904 switch (source) {
2905 case IEEE80211_CSA_SOURCE_PROT_ACTION:
2906 case IEEE80211_CSA_SOURCE_UNPROT_ACTION:
2907 /* already processing - disregard action frames */
2908 return;
2909 case IEEE80211_CSA_SOURCE_BEACON:
2910 if (link->u.mgd.csa.waiting_bcn) {
2911 ieee80211_chswitch_post_beacon(link);
2912 /*
2913 * If the CSA is still present after the switch
2914 * we need to consider it as a new CSA (possibly
2915 * to self). This happens by not returning here
2916 * so we'll get to the check below.
2917 */
2918 } else if (res) {
2919 ieee80211_sta_abort_chanswitch(link);
2920 return;
2921 } else {
2922 drv_channel_switch_rx_beacon(sdata, &ch_switch);
2923 return;
2924 }
2925 break;
2926 case IEEE80211_CSA_SOURCE_OTHER_LINK:
2927 /* active link: we want to see the beacon to continue */
2928 if (ieee80211_vif_link_active(&sdata->vif,
2929 link->link_id))
2930 return;
2931
2932 /* switch work ran, so just complete the process */
2933 if (link->u.mgd.csa.waiting_bcn) {
2934 ieee80211_chswitch_post_beacon(link);
2935 /*
2936 * If the CSA is still present after the switch
2937 * we need to consider it as a new CSA (possibly
2938 * to self). This happens by not returning here
2939 * so we'll get to the check below.
2940 */
2941 break;
2942 }
2943
2944 /* link still has CSA but we already know, do nothing */
2945 if (!res)
2946 return;
2947
2948 /* check in the RNR if the CSA aborted */
2949 ieee80211_sta_other_link_csa_disappeared(link,
2950 full_elems);
2951 return;
2952 }
2953 }
2954
2955 /* no active CSA nor a new one */
2956 if (res) {
2957 /*
2958 * However, we may have stopped queues when receiving a public
2959 * action frame that couldn't be protected, if it had the quiet
2960 * bit set. This is a trade-off, we want to be quiet as soon as
2961 * possible, but also don't trust the public action frame much,
2962 * as it can't be protected.
2963 */
2964 if (unlikely(link->u.mgd.csa.blocked_tx)) {
2965 link->u.mgd.csa.blocked_tx = false;
2966 ieee80211_vif_unblock_queues_csa(sdata);
2967 }
2968 return;
2969 }
2970
2971 /*
2972 * We don't really trust public action frames, but block queues (go to
2973 * quiet mode) for them anyway, we should get a beacon soon to either
2974 * know what the CSA really is, or figure out the public action frame
2975 * was actually an attack.
2976 */
2977 if (source == IEEE80211_CSA_SOURCE_UNPROT_ACTION) {
2978 if (csa_ie.mode) {
2979 link->u.mgd.csa.blocked_tx = true;
2980 ieee80211_vif_block_queues_csa(sdata);
2981 }
2982 return;
2983 }
2984
2985 if (link->conf->chanreq.oper.chan->band !=
2986 csa_ie.chanreq.oper.chan->band) {
2987 link_info(link,
2988 "AP %pM switches to different band (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
2989 link->u.mgd.bssid,
2990 csa_ie.chanreq.oper.chan->center_freq,
2991 csa_ie.chanreq.oper.width,
2992 csa_ie.chanreq.oper.center_freq1,
2993 csa_ie.chanreq.oper.center_freq2);
2994 goto drop_connection;
2995 }
2996
2997 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chanreq.oper,
2998 IEEE80211_CHAN_DISABLED)) {
2999 link_info(link,
3000 "AP %pM switches to unsupported channel (%d.%03d MHz, width:%d, CF1/2: %d.%03d/%d MHz), disconnecting\n",
3001 link->u.mgd.bssid,
3002 csa_ie.chanreq.oper.chan->center_freq,
3003 csa_ie.chanreq.oper.chan->freq_offset,
3004 csa_ie.chanreq.oper.width,
3005 csa_ie.chanreq.oper.center_freq1,
3006 csa_ie.chanreq.oper.freq1_offset,
3007 csa_ie.chanreq.oper.center_freq2);
3008 goto drop_connection;
3009 }
3010
3011 if (cfg80211_chandef_identical(&csa_ie.chanreq.oper,
3012 &link->conf->chanreq.oper) &&
3013 (!csa_ie.mode || source != IEEE80211_CSA_SOURCE_BEACON)) {
3014 if (link->u.mgd.csa.ignored_same_chan)
3015 return;
3016 link_info(link,
3017 "AP %pM tries to chanswitch to same channel, ignore\n",
3018 link->u.mgd.bssid);
3019 link->u.mgd.csa.ignored_same_chan = true;
3020 return;
3021 }
3022
3023 /*
3024 * Drop all TDLS peers on the affected link - either we disconnect or
3025 * move to a different channel from this point on. There's no telling
3026 * what our peer will do.
3027 * The TDLS WIDER_BW scenario is also problematic, as peers might now
3028 * have an incompatible wider chandef.
3029 */
3030 ieee80211_teardown_tdls_peers(link);
3031
3032 conf = rcu_dereference_protected(link->conf->chanctx_conf,
3033 lockdep_is_held(&local->hw.wiphy->mtx));
3034 if (ieee80211_vif_link_active(&sdata->vif, link->link_id) && !conf) {
3035 link_info(link,
3036 "no channel context assigned to vif?, disconnecting\n");
3037 goto drop_connection;
3038 }
3039
3040 if (conf)
3041 chanctx = container_of(conf, struct ieee80211_chanctx, conf);
3042
3043 if (!ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) {
3044 link_info(link,
3045 "driver doesn't support chan-switch with channel contexts\n");
3046 goto drop_connection;
3047 }
3048
3049 if (drv_pre_channel_switch(sdata, &ch_switch)) {
3050 link_info(link,
3051 "preparing for channel switch failed, disconnecting\n");
3052 goto drop_connection;
3053 }
3054
3055 link->u.mgd.csa.ap_chandef = csa_ie.chanreq.ap;
3056
3057 link->csa.chanreq.oper = csa_ie.chanreq.oper;
3058 ieee80211_set_chanreq_ap(sdata, &link->csa.chanreq, &link->u.mgd.conn,
3059 &csa_ie.chanreq.ap);
3060
3061 if (chanctx) {
3062 res = ieee80211_link_reserve_chanctx(link, &link->csa.chanreq,
3063 chanctx->mode, false);
3064 if (res) {
3065 link_info(link,
3066 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n",
3067 res);
3068 goto drop_connection;
3069 }
3070 }
3071
3072 link->conf->csa_active = true;
3073 link->u.mgd.csa.ignored_same_chan = false;
3074 link->u.mgd.beacon_crc_valid = false;
3075 link->u.mgd.csa.blocked_tx = csa_ie.mode;
3076
3077 if (csa_ie.mode)
3078 ieee80211_vif_block_queues_csa(sdata);
3079
3080 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chanreq.oper,
3081 link->link_id, csa_ie.count,
3082 csa_ie.mode);
3083
3084 /* we may have to handle timeout for deactivated link in software */
3085 now = ktime_get_boottime();
3086 csa_time_tu = (max_t(int, csa_ie.count, 1) - 1) * link->conf->beacon_int;
3087 link->u.mgd.csa.time = now + us_to_ktime(ieee80211_tu_to_usec(csa_time_tu));
3088
3089 if (ieee80211_vif_link_active(&sdata->vif, link->link_id) &&
3090 local->ops->channel_switch) {
3091 /*
3092 * Use driver's channel switch callback, the driver will
3093 * later call ieee80211_chswitch_done(). It may deactivate
3094 * the link as well, we handle that elsewhere and queue
3095 * the csa.switch_work for the calculated time then.
3096 */
3097 drv_channel_switch(local, sdata, &ch_switch);
3098 return;
3099 }
3100
3101 /* channel switch handled in software */
3102 wiphy_hrtimer_work_queue(local->hw.wiphy,
3103 &link->u.mgd.csa.switch_work,
3104 link->u.mgd.csa.time - now);
3105 return;
3106 drop_connection:
3107 /*
3108 * This is just so that the disconnect flow will know that
3109 * we were trying to switch channel and failed. In case the
3110 * mode is 1 (we are not allowed to Tx), we will know not to
3111 * send a deauthentication frame. Those two fields will be
3112 * reset when the disconnection worker runs.
3113 */
3114 link->conf->csa_active = true;
3115 link->u.mgd.csa.blocked_tx = csa_ie.mode;
3116
3117 wiphy_work_queue(sdata->local->hw.wiphy,
3118 &ifmgd->csa_connection_drop_work);
3119 }
3120
3121 struct sta_bss_param_ch_cnt_data {
3122 struct ieee80211_sub_if_data *sdata;
3123 u8 reporting_link_id;
3124 u8 mld_id;
3125 };
3126
3127 static enum cfg80211_rnr_iter_ret
ieee80211_sta_bss_param_ch_cnt_iter(void * _data,u8 type,const struct ieee80211_neighbor_ap_info * info,const u8 * tbtt_info,u8 tbtt_info_len)3128 ieee80211_sta_bss_param_ch_cnt_iter(void *_data, u8 type,
3129 const struct ieee80211_neighbor_ap_info *info,
3130 const u8 *tbtt_info, u8 tbtt_info_len)
3131 {
3132 struct sta_bss_param_ch_cnt_data *data = _data;
3133 struct ieee80211_sub_if_data *sdata = data->sdata;
3134 const struct ieee80211_tbtt_info_ge_11 *ti;
3135 u8 bss_param_ch_cnt;
3136 int link_id;
3137
3138 if (type != IEEE80211_TBTT_INFO_TYPE_TBTT)
3139 return RNR_ITER_CONTINUE;
3140
3141 if (tbtt_info_len < sizeof(*ti))
3142 return RNR_ITER_CONTINUE;
3143
3144 ti = (const void *)tbtt_info;
3145
3146 if (ti->mld_params.mld_id != data->mld_id)
3147 return RNR_ITER_CONTINUE;
3148
3149 link_id = le16_get_bits(ti->mld_params.params,
3150 IEEE80211_RNR_MLD_PARAMS_LINK_ID);
3151 bss_param_ch_cnt =
3152 le16_get_bits(ti->mld_params.params,
3153 IEEE80211_RNR_MLD_PARAMS_BSS_CHANGE_COUNT);
3154
3155 if (bss_param_ch_cnt != 255 &&
3156 link_id < ARRAY_SIZE(sdata->link)) {
3157 struct ieee80211_link_data *link =
3158 sdata_dereference(sdata->link[link_id], sdata);
3159
3160 if (link && link->conf->bss_param_ch_cnt != bss_param_ch_cnt) {
3161 link->conf->bss_param_ch_cnt = bss_param_ch_cnt;
3162 link->conf->bss_param_ch_cnt_link_id =
3163 data->reporting_link_id;
3164 }
3165 }
3166
3167 return RNR_ITER_CONTINUE;
3168 }
3169
3170 static void
ieee80211_mgd_update_bss_param_ch_cnt(struct ieee80211_sub_if_data * sdata,struct ieee80211_bss_conf * bss_conf,struct ieee802_11_elems * elems)3171 ieee80211_mgd_update_bss_param_ch_cnt(struct ieee80211_sub_if_data *sdata,
3172 struct ieee80211_bss_conf *bss_conf,
3173 struct ieee802_11_elems *elems)
3174 {
3175 struct sta_bss_param_ch_cnt_data data = {
3176 .reporting_link_id = bss_conf->link_id,
3177 .sdata = sdata,
3178 };
3179 int bss_param_ch_cnt;
3180
3181 if (!elems->ml_basic)
3182 return;
3183
3184 data.mld_id = ieee80211_mle_get_mld_id((const void *)elems->ml_basic);
3185
3186 cfg80211_iter_rnr(elems->ie_start, elems->total_len,
3187 ieee80211_sta_bss_param_ch_cnt_iter, &data);
3188
3189 bss_param_ch_cnt =
3190 ieee80211_mle_get_bss_param_ch_cnt((const void *)elems->ml_basic);
3191
3192 /*
3193 * Update bss_param_ch_cnt_link_id even if bss_param_ch_cnt
3194 * didn't change to indicate that we got a beacon on our own
3195 * link.
3196 */
3197 if (bss_param_ch_cnt >= 0 && bss_param_ch_cnt != 255) {
3198 bss_conf->bss_param_ch_cnt = bss_param_ch_cnt;
3199 bss_conf->bss_param_ch_cnt_link_id =
3200 bss_conf->link_id;
3201 }
3202 }
3203
3204 static bool
ieee80211_find_80211h_pwr_constr(struct ieee80211_channel * channel,const u8 * country_ie,u8 country_ie_len,const u8 * pwr_constr_elem,int * chan_pwr,int * pwr_reduction)3205 ieee80211_find_80211h_pwr_constr(struct ieee80211_channel *channel,
3206 const u8 *country_ie, u8 country_ie_len,
3207 const u8 *pwr_constr_elem,
3208 int *chan_pwr, int *pwr_reduction)
3209 {
3210 struct ieee80211_country_ie_triplet *triplet;
3211 int chan = ieee80211_frequency_to_channel(channel->center_freq);
3212 int i, chan_increment;
3213 bool have_chan_pwr = false;
3214
3215 /* Invalid IE */
3216 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
3217 return false;
3218
3219 triplet = (void *)(country_ie + 3);
3220 country_ie_len -= 3;
3221
3222 switch (channel->band) {
3223 default:
3224 WARN_ON_ONCE(1);
3225 fallthrough;
3226 case NL80211_BAND_2GHZ:
3227 case NL80211_BAND_60GHZ:
3228 case NL80211_BAND_LC:
3229 chan_increment = 1;
3230 break;
3231 case NL80211_BAND_5GHZ:
3232 chan_increment = 4;
3233 break;
3234 case NL80211_BAND_6GHZ:
3235 /*
3236 * In the 6 GHz band, the "maximum transmit power level"
3237 * field in the triplets is reserved, and thus will be
3238 * zero and we shouldn't use it to control TX power.
3239 * The actual TX power will be given in the transmit
3240 * power envelope element instead.
3241 */
3242 return false;
3243 }
3244
3245 /* find channel */
3246 while (country_ie_len >= 3) {
3247 u8 first_channel = triplet->chans.first_channel;
3248
3249 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
3250 goto next;
3251
3252 for (i = 0; i < triplet->chans.num_channels; i++) {
3253 if (first_channel + i * chan_increment == chan) {
3254 have_chan_pwr = true;
3255 *chan_pwr = triplet->chans.max_power;
3256 break;
3257 }
3258 }
3259 if (have_chan_pwr)
3260 break;
3261
3262 next:
3263 triplet++;
3264 country_ie_len -= 3;
3265 }
3266
3267 if (have_chan_pwr && pwr_constr_elem)
3268 *pwr_reduction = *pwr_constr_elem;
3269 else
3270 *pwr_reduction = 0;
3271
3272 return have_chan_pwr;
3273 }
3274
ieee80211_find_cisco_dtpc(struct ieee80211_channel * channel,const u8 * cisco_dtpc_ie,int * pwr_level)3275 static void ieee80211_find_cisco_dtpc(struct ieee80211_channel *channel,
3276 const u8 *cisco_dtpc_ie,
3277 int *pwr_level)
3278 {
3279 /* From practical testing, the first data byte of the DTPC element
3280 * seems to contain the requested dBm level, and the CLI on Cisco
3281 * APs clearly state the range is -127 to 127 dBm, which indicates
3282 * a signed byte, although it seemingly never actually goes negative.
3283 * The other byte seems to always be zero.
3284 */
3285 *pwr_level = (__s8)cisco_dtpc_ie[4];
3286 }
3287
ieee80211_handle_pwr_constr(struct ieee80211_link_data * link,struct ieee80211_channel * channel,struct ieee80211_mgmt * mgmt,const u8 * country_ie,u8 country_ie_len,const u8 * pwr_constr_ie,const u8 * cisco_dtpc_ie)3288 static u64 ieee80211_handle_pwr_constr(struct ieee80211_link_data *link,
3289 struct ieee80211_channel *channel,
3290 struct ieee80211_mgmt *mgmt,
3291 const u8 *country_ie, u8 country_ie_len,
3292 const u8 *pwr_constr_ie,
3293 const u8 *cisco_dtpc_ie)
3294 {
3295 struct ieee80211_sub_if_data *sdata = link->sdata;
3296 bool has_80211h_pwr = false, has_cisco_pwr = false;
3297 int chan_pwr = 0, pwr_reduction_80211h = 0;
3298 int pwr_level_cisco, pwr_level_80211h;
3299 int new_ap_level;
3300 __le16 capab = mgmt->u.probe_resp.capab_info;
3301
3302 if (ieee80211_is_s1g_beacon(mgmt->frame_control))
3303 return 0; /* TODO */
3304
3305 if (country_ie &&
3306 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) ||
3307 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) {
3308 has_80211h_pwr = ieee80211_find_80211h_pwr_constr(
3309 channel, country_ie, country_ie_len,
3310 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h);
3311 pwr_level_80211h =
3312 max_t(int, 0, chan_pwr - pwr_reduction_80211h);
3313 }
3314
3315 if (cisco_dtpc_ie) {
3316 ieee80211_find_cisco_dtpc(
3317 channel, cisco_dtpc_ie, &pwr_level_cisco);
3318 has_cisco_pwr = true;
3319 }
3320
3321 if (!has_80211h_pwr && !has_cisco_pwr)
3322 return 0;
3323
3324 /* If we have both 802.11h and Cisco DTPC, apply both limits
3325 * by picking the smallest of the two power levels advertised.
3326 */
3327 if (has_80211h_pwr &&
3328 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) {
3329 new_ap_level = pwr_level_80211h;
3330
3331 if (link->ap_power_level == new_ap_level)
3332 return 0;
3333
3334 sdata_dbg(sdata,
3335 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
3336 pwr_level_80211h, chan_pwr, pwr_reduction_80211h,
3337 link->u.mgd.bssid);
3338 } else { /* has_cisco_pwr is always true here. */
3339 new_ap_level = pwr_level_cisco;
3340
3341 if (link->ap_power_level == new_ap_level)
3342 return 0;
3343
3344 sdata_dbg(sdata,
3345 "Limiting TX power to %d dBm as advertised by %pM\n",
3346 pwr_level_cisco, link->u.mgd.bssid);
3347 }
3348
3349 link->ap_power_level = new_ap_level;
3350 if (__ieee80211_recalc_txpower(link))
3351 return BSS_CHANGED_TXPOWER;
3352 return 0;
3353 }
3354
3355 /* powersave */
ieee80211_enable_ps(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)3356 static void ieee80211_enable_ps(struct ieee80211_local *local,
3357 struct ieee80211_sub_if_data *sdata)
3358 {
3359 struct ieee80211_conf *conf = &local->hw.conf;
3360
3361 /*
3362 * If we are scanning right now then the parameters will
3363 * take effect when scan finishes.
3364 */
3365 if (local->scanning)
3366 return;
3367
3368 if (conf->dynamic_ps_timeout > 0 &&
3369 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
3370 mod_timer(&local->dynamic_ps_timer, jiffies +
3371 msecs_to_jiffies(conf->dynamic_ps_timeout));
3372 } else {
3373 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
3374 ieee80211_send_nullfunc(local, sdata, true);
3375
3376 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
3377 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
3378 return;
3379
3380 conf->flags |= IEEE80211_CONF_PS;
3381 ieee80211_hw_config(local, -1, IEEE80211_CONF_CHANGE_PS);
3382 }
3383 }
3384
ieee80211_change_ps(struct ieee80211_local * local)3385 static void ieee80211_change_ps(struct ieee80211_local *local)
3386 {
3387 struct ieee80211_conf *conf = &local->hw.conf;
3388
3389 if (local->ps_sdata) {
3390 ieee80211_enable_ps(local, local->ps_sdata);
3391 } else if (conf->flags & IEEE80211_CONF_PS) {
3392 conf->flags &= ~IEEE80211_CONF_PS;
3393 ieee80211_hw_config(local, -1, IEEE80211_CONF_CHANGE_PS);
3394 timer_delete_sync(&local->dynamic_ps_timer);
3395 wiphy_work_cancel(local->hw.wiphy,
3396 &local->dynamic_ps_enable_work);
3397 }
3398 }
3399
ieee80211_powersave_allowed(struct ieee80211_sub_if_data * sdata)3400 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
3401 {
3402 struct ieee80211_local *local = sdata->local;
3403 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
3404 struct sta_info *sta = NULL;
3405 bool authorized = false;
3406
3407 if (!mgd->powersave)
3408 return false;
3409
3410 if (mgd->broken_ap)
3411 return false;
3412
3413 if (!mgd->associated)
3414 return false;
3415
3416 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
3417 return false;
3418
3419 if (!(local->hw.wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO) &&
3420 !sdata->deflink.u.mgd.have_beacon)
3421 return false;
3422
3423 rcu_read_lock();
3424 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
3425 if (sta)
3426 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
3427 rcu_read_unlock();
3428
3429 return authorized;
3430 }
3431
3432 /* need to hold RTNL or interface lock */
ieee80211_recalc_ps(struct ieee80211_local * local)3433 void ieee80211_recalc_ps(struct ieee80211_local *local)
3434 {
3435 struct ieee80211_sub_if_data *sdata, *found = NULL;
3436 int count = 0;
3437 int timeout;
3438
3439 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS) ||
3440 ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
3441 local->ps_sdata = NULL;
3442 return;
3443 }
3444
3445 list_for_each_entry(sdata, &local->interfaces, list) {
3446 if (!ieee80211_sdata_running(sdata))
3447 continue;
3448 if (sdata->vif.type == NL80211_IFTYPE_AP) {
3449 /* If an AP vif is found, then disable PS
3450 * by setting the count to zero thereby setting
3451 * ps_sdata to NULL.
3452 */
3453 count = 0;
3454 break;
3455 }
3456 if (sdata->vif.type != NL80211_IFTYPE_STATION)
3457 continue;
3458 found = sdata;
3459 count++;
3460 }
3461
3462 if (count == 1 && ieee80211_powersave_allowed(found)) {
3463 u8 dtimper = found->deflink.u.mgd.dtim_period;
3464
3465 timeout = local->dynamic_ps_forced_timeout;
3466 if (timeout < 0)
3467 timeout = 100;
3468 local->hw.conf.dynamic_ps_timeout = timeout;
3469
3470 /* If the TIM IE is invalid, pretend the value is 1 */
3471 if (!dtimper)
3472 dtimper = 1;
3473
3474 local->hw.conf.ps_dtim_period = dtimper;
3475 local->ps_sdata = found;
3476 } else {
3477 local->ps_sdata = NULL;
3478 }
3479
3480 ieee80211_change_ps(local);
3481 }
3482
ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data * sdata)3483 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
3484 {
3485 bool ps_allowed = ieee80211_powersave_allowed(sdata);
3486
3487 if (sdata->vif.cfg.ps != ps_allowed) {
3488 sdata->vif.cfg.ps = ps_allowed;
3489 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_PS);
3490 }
3491 }
3492
ieee80211_dynamic_ps_disable_work(struct wiphy * wiphy,struct wiphy_work * work)3493 void ieee80211_dynamic_ps_disable_work(struct wiphy *wiphy,
3494 struct wiphy_work *work)
3495 {
3496 struct ieee80211_local *local =
3497 container_of(work, struct ieee80211_local,
3498 dynamic_ps_disable_work);
3499
3500 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
3501 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
3502 ieee80211_hw_config(local, -1, IEEE80211_CONF_CHANGE_PS);
3503 }
3504
3505 ieee80211_wake_queues_by_reason(&local->hw,
3506 IEEE80211_MAX_QUEUE_MAP,
3507 IEEE80211_QUEUE_STOP_REASON_PS,
3508 false);
3509 }
3510
ieee80211_dynamic_ps_enable_work(struct wiphy * wiphy,struct wiphy_work * work)3511 void ieee80211_dynamic_ps_enable_work(struct wiphy *wiphy,
3512 struct wiphy_work *work)
3513 {
3514 struct ieee80211_local *local =
3515 container_of(work, struct ieee80211_local,
3516 dynamic_ps_enable_work);
3517 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
3518 struct ieee80211_if_managed *ifmgd;
3519 unsigned long flags;
3520 int q;
3521
3522 /* can only happen when PS was just disabled anyway */
3523 if (!sdata)
3524 return;
3525
3526 ifmgd = &sdata->u.mgd;
3527
3528 if (local->hw.conf.flags & IEEE80211_CONF_PS)
3529 return;
3530
3531 if (local->hw.conf.dynamic_ps_timeout > 0) {
3532 /* don't enter PS if TX frames are pending */
3533 if (drv_tx_frames_pending(local)) {
3534 mod_timer(&local->dynamic_ps_timer, jiffies +
3535 msecs_to_jiffies(
3536 local->hw.conf.dynamic_ps_timeout));
3537 return;
3538 }
3539
3540 /*
3541 * transmission can be stopped by others which leads to
3542 * dynamic_ps_timer expiry. Postpone the ps timer if it
3543 * is not the actual idle state.
3544 */
3545 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
3546 for (q = 0; q < local->hw.queues; q++) {
3547 if (local->queue_stop_reasons[q]) {
3548 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
3549 flags);
3550 mod_timer(&local->dynamic_ps_timer, jiffies +
3551 msecs_to_jiffies(
3552 local->hw.conf.dynamic_ps_timeout));
3553 return;
3554 }
3555 }
3556 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
3557 }
3558
3559 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
3560 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
3561 if (drv_tx_frames_pending(local)) {
3562 mod_timer(&local->dynamic_ps_timer, jiffies +
3563 msecs_to_jiffies(
3564 local->hw.conf.dynamic_ps_timeout));
3565 } else {
3566 ieee80211_send_nullfunc(local, sdata, true);
3567 /* Flush to get the tx status of nullfunc frame */
3568 ieee80211_flush_queues(local, sdata, false);
3569 }
3570 }
3571
3572 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
3573 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) ||
3574 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
3575 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
3576 local->hw.conf.flags |= IEEE80211_CONF_PS;
3577 ieee80211_hw_config(local, -1, IEEE80211_CONF_CHANGE_PS);
3578 }
3579 }
3580
ieee80211_dynamic_ps_timer(struct timer_list * t)3581 void ieee80211_dynamic_ps_timer(struct timer_list *t)
3582 {
3583 struct ieee80211_local *local = timer_container_of(local, t,
3584 dynamic_ps_timer);
3585
3586 wiphy_work_queue(local->hw.wiphy, &local->dynamic_ps_enable_work);
3587 }
3588
ieee80211_dfs_cac_timer_work(struct wiphy * wiphy,struct wiphy_work * work)3589 void ieee80211_dfs_cac_timer_work(struct wiphy *wiphy, struct wiphy_work *work)
3590 {
3591 struct ieee80211_link_data *link =
3592 container_of(work, struct ieee80211_link_data,
3593 dfs_cac_timer_work.work);
3594 struct cfg80211_chan_def chandef = link->conf->chanreq.oper;
3595 struct ieee80211_sub_if_data *sdata = link->sdata;
3596
3597 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3598
3599 if (sdata->wdev.links[link->link_id].cac_started) {
3600 ieee80211_link_release_channel(link);
3601 cfg80211_cac_event(sdata->dev, &chandef,
3602 NL80211_RADAR_CAC_FINISHED,
3603 GFP_KERNEL, link->link_id);
3604 }
3605 }
3606
3607 static bool
__ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data * sdata)3608 __ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
3609 {
3610 struct ieee80211_local *local = sdata->local;
3611 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3612 bool ret = false;
3613 int ac;
3614
3615 if (local->hw.queues < IEEE80211_NUM_ACS)
3616 return false;
3617
3618 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3619 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
3620 int non_acm_ac;
3621 unsigned long now = jiffies;
3622
3623 if (tx_tspec->action == TX_TSPEC_ACTION_NONE &&
3624 tx_tspec->admitted_time &&
3625 time_after(now, tx_tspec->time_slice_start + HZ)) {
3626 tx_tspec->consumed_tx_time = 0;
3627 tx_tspec->time_slice_start = now;
3628
3629 if (tx_tspec->downgraded)
3630 tx_tspec->action =
3631 TX_TSPEC_ACTION_STOP_DOWNGRADE;
3632 }
3633
3634 switch (tx_tspec->action) {
3635 case TX_TSPEC_ACTION_STOP_DOWNGRADE:
3636 /* take the original parameters */
3637 if (drv_conf_tx(local, &sdata->deflink, ac,
3638 &sdata->deflink.tx_conf[ac]))
3639 link_err(&sdata->deflink,
3640 "failed to set TX queue parameters for queue %d\n",
3641 ac);
3642 tx_tspec->action = TX_TSPEC_ACTION_NONE;
3643 tx_tspec->downgraded = false;
3644 ret = true;
3645 break;
3646 case TX_TSPEC_ACTION_DOWNGRADE:
3647 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
3648 tx_tspec->action = TX_TSPEC_ACTION_NONE;
3649 ret = true;
3650 break;
3651 }
3652 /* downgrade next lower non-ACM AC */
3653 for (non_acm_ac = ac + 1;
3654 non_acm_ac < IEEE80211_NUM_ACS;
3655 non_acm_ac++)
3656 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac)))
3657 break;
3658 /* Usually the loop will result in using BK even if it
3659 * requires admission control, but such a configuration
3660 * makes no sense and we have to transmit somehow - the
3661 * AC selection does the same thing.
3662 * If we started out trying to downgrade from BK, then
3663 * the extra condition here might be needed.
3664 */
3665 if (non_acm_ac >= IEEE80211_NUM_ACS)
3666 non_acm_ac = IEEE80211_AC_BK;
3667 if (drv_conf_tx(local, &sdata->deflink, ac,
3668 &sdata->deflink.tx_conf[non_acm_ac]))
3669 link_err(&sdata->deflink,
3670 "failed to set TX queue parameters for queue %d\n",
3671 ac);
3672 tx_tspec->action = TX_TSPEC_ACTION_NONE;
3673 ret = true;
3674 wiphy_delayed_work_queue(local->hw.wiphy,
3675 &ifmgd->tx_tspec_wk,
3676 tx_tspec->time_slice_start +
3677 HZ - now + 1);
3678 break;
3679 case TX_TSPEC_ACTION_NONE:
3680 /* nothing now */
3681 break;
3682 }
3683 }
3684
3685 return ret;
3686 }
3687
ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data * sdata)3688 void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
3689 {
3690 if (__ieee80211_sta_handle_tspec_ac_params(sdata))
3691 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
3692 BSS_CHANGED_QOS);
3693 }
3694
ieee80211_sta_handle_tspec_ac_params_wk(struct wiphy * wiphy,struct wiphy_work * work)3695 static void ieee80211_sta_handle_tspec_ac_params_wk(struct wiphy *wiphy,
3696 struct wiphy_work *work)
3697 {
3698 struct ieee80211_sub_if_data *sdata;
3699
3700 sdata = container_of(work, struct ieee80211_sub_if_data,
3701 u.mgd.tx_tspec_wk.work);
3702 ieee80211_sta_handle_tspec_ac_params(sdata);
3703 }
3704
ieee80211_mgd_set_link_qos_params(struct ieee80211_link_data * link)3705 void ieee80211_mgd_set_link_qos_params(struct ieee80211_link_data *link)
3706 {
3707 struct ieee80211_sub_if_data *sdata = link->sdata;
3708 struct ieee80211_local *local = sdata->local;
3709 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3710 struct ieee80211_tx_queue_params *params = link->tx_conf;
3711 u8 ac;
3712
3713 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3714 mlme_dbg(sdata,
3715 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n",
3716 ac, params[ac].acm,
3717 params[ac].aifs, params[ac].cw_min, params[ac].cw_max,
3718 params[ac].txop, params[ac].uapsd,
3719 ifmgd->tx_tspec[ac].downgraded);
3720 if (!ifmgd->tx_tspec[ac].downgraded &&
3721 drv_conf_tx(local, link, ac, ¶ms[ac]))
3722 link_err(link,
3723 "failed to set TX queue parameters for AC %d\n",
3724 ac);
3725 }
3726 }
3727
3728 /* MLME */
3729 static bool
_ieee80211_sta_wmm_params(struct ieee80211_local * local,struct ieee80211_link_data * link,const u8 * wmm_param,size_t wmm_param_len,const struct ieee80211_mu_edca_param_set * mu_edca)3730 _ieee80211_sta_wmm_params(struct ieee80211_local *local,
3731 struct ieee80211_link_data *link,
3732 const u8 *wmm_param, size_t wmm_param_len,
3733 const struct ieee80211_mu_edca_param_set *mu_edca)
3734 {
3735 struct ieee80211_sub_if_data *sdata = link->sdata;
3736 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS];
3737 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3738 size_t left;
3739 int count, mu_edca_count, ac;
3740 const u8 *pos;
3741 u8 uapsd_queues = 0;
3742
3743 if (!local->ops->conf_tx)
3744 return false;
3745
3746 if (local->hw.queues < IEEE80211_NUM_ACS)
3747 return false;
3748
3749 if (!wmm_param)
3750 return false;
3751
3752 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
3753 return false;
3754
3755 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
3756 uapsd_queues = ifmgd->uapsd_queues;
3757
3758 count = wmm_param[6] & 0x0f;
3759 /* -1 is the initial value of ifmgd->mu_edca_last_param_set.
3760 * if mu_edca was preset before and now it disappeared tell
3761 * the driver about it.
3762 */
3763 mu_edca_count = mu_edca ? mu_edca->mu_qos_info & 0x0f : -1;
3764 if (count == link->u.mgd.wmm_last_param_set &&
3765 mu_edca_count == link->u.mgd.mu_edca_last_param_set)
3766 return false;
3767 link->u.mgd.wmm_last_param_set = count;
3768 link->u.mgd.mu_edca_last_param_set = mu_edca_count;
3769
3770 pos = wmm_param + 8;
3771 left = wmm_param_len - 8;
3772
3773 memset(¶ms, 0, sizeof(params));
3774
3775 sdata->wmm_acm = 0;
3776 for (; left >= 4; left -= 4, pos += 4) {
3777 int aci = (pos[0] >> 5) & 0x03;
3778 int acm = (pos[0] >> 4) & 0x01;
3779 bool uapsd = false;
3780
3781 switch (aci) {
3782 case 1: /* AC_BK */
3783 ac = IEEE80211_AC_BK;
3784 if (acm)
3785 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
3786 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
3787 uapsd = true;
3788 params[ac].mu_edca = !!mu_edca;
3789 if (mu_edca)
3790 params[ac].mu_edca_param_rec = mu_edca->ac_bk;
3791 break;
3792 case 2: /* AC_VI */
3793 ac = IEEE80211_AC_VI;
3794 if (acm)
3795 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
3796 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
3797 uapsd = true;
3798 params[ac].mu_edca = !!mu_edca;
3799 if (mu_edca)
3800 params[ac].mu_edca_param_rec = mu_edca->ac_vi;
3801 break;
3802 case 3: /* AC_VO */
3803 ac = IEEE80211_AC_VO;
3804 if (acm)
3805 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
3806 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
3807 uapsd = true;
3808 params[ac].mu_edca = !!mu_edca;
3809 if (mu_edca)
3810 params[ac].mu_edca_param_rec = mu_edca->ac_vo;
3811 break;
3812 case 0: /* AC_BE */
3813 default:
3814 ac = IEEE80211_AC_BE;
3815 if (acm)
3816 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
3817 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
3818 uapsd = true;
3819 params[ac].mu_edca = !!mu_edca;
3820 if (mu_edca)
3821 params[ac].mu_edca_param_rec = mu_edca->ac_be;
3822 break;
3823 }
3824
3825 params[ac].aifs = pos[0] & 0x0f;
3826
3827 if (params[ac].aifs < 2) {
3828 link_info(link,
3829 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n",
3830 params[ac].aifs, aci);
3831 params[ac].aifs = 2;
3832 }
3833 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
3834 params[ac].cw_min = ecw2cw(pos[1] & 0x0f);
3835 params[ac].txop = get_unaligned_le16(pos + 2);
3836 params[ac].acm = acm;
3837 params[ac].uapsd = uapsd;
3838
3839 if (params[ac].cw_min == 0 ||
3840 params[ac].cw_min > params[ac].cw_max) {
3841 link_info(link,
3842 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n",
3843 params[ac].cw_min, params[ac].cw_max, aci);
3844 return false;
3845 }
3846 ieee80211_regulatory_limit_wmm_params(sdata, ¶ms[ac], ac);
3847 }
3848
3849 /* WMM specification requires all 4 ACIs. */
3850 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3851 if (params[ac].cw_min == 0) {
3852 link_info(link,
3853 "AP has invalid WMM params (missing AC %d), using defaults\n",
3854 ac);
3855 return false;
3856 }
3857 }
3858
3859 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
3860 link->tx_conf[ac] = params[ac];
3861
3862 return true;
3863 }
3864
3865 static bool
ieee80211_sta_wmm_params(struct ieee80211_local * local,struct ieee80211_link_data * link,const u8 * wmm_param,size_t wmm_param_len,const struct ieee80211_mu_edca_param_set * mu_edca)3866 ieee80211_sta_wmm_params(struct ieee80211_local *local,
3867 struct ieee80211_link_data *link,
3868 const u8 *wmm_param, size_t wmm_param_len,
3869 const struct ieee80211_mu_edca_param_set *mu_edca)
3870 {
3871 if (!_ieee80211_sta_wmm_params(local, link, wmm_param, wmm_param_len,
3872 mu_edca))
3873 return false;
3874
3875 ieee80211_mgd_set_link_qos_params(link);
3876
3877 /* enable WMM or activate new settings */
3878 link->conf->qos = true;
3879 return true;
3880 }
3881
__ieee80211_stop_poll(struct ieee80211_sub_if_data * sdata)3882 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
3883 {
3884 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3885
3886 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
3887 ieee80211_run_deferred_scan(sdata->local);
3888 }
3889
ieee80211_stop_poll(struct ieee80211_sub_if_data * sdata)3890 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
3891 {
3892 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3893
3894 __ieee80211_stop_poll(sdata);
3895 }
3896
ieee80211_handle_bss_capability(struct ieee80211_link_data * link,u16 capab,bool erp_valid,u8 erp)3897 static u64 ieee80211_handle_bss_capability(struct ieee80211_link_data *link,
3898 u16 capab, bool erp_valid, u8 erp)
3899 {
3900 struct ieee80211_bss_conf *bss_conf = link->conf;
3901 struct ieee80211_supported_band *sband;
3902 u64 changed = 0;
3903 bool use_protection;
3904 bool use_short_preamble;
3905 bool use_short_slot;
3906
3907 sband = ieee80211_get_link_sband(link);
3908 if (!sband)
3909 return changed;
3910
3911 if (erp_valid) {
3912 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
3913 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
3914 } else {
3915 use_protection = false;
3916 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
3917 }
3918
3919 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
3920 if (sband->band == NL80211_BAND_5GHZ ||
3921 sband->band == NL80211_BAND_6GHZ)
3922 use_short_slot = true;
3923
3924 if (use_protection != bss_conf->use_cts_prot) {
3925 bss_conf->use_cts_prot = use_protection;
3926 changed |= BSS_CHANGED_ERP_CTS_PROT;
3927 }
3928
3929 if (use_short_preamble != bss_conf->use_short_preamble) {
3930 bss_conf->use_short_preamble = use_short_preamble;
3931 changed |= BSS_CHANGED_ERP_PREAMBLE;
3932 }
3933
3934 if (use_short_slot != bss_conf->use_short_slot) {
3935 bss_conf->use_short_slot = use_short_slot;
3936 changed |= BSS_CHANGED_ERP_SLOT;
3937 }
3938
3939 return changed;
3940 }
3941
ieee80211_link_set_associated(struct ieee80211_link_data * link,struct cfg80211_bss * cbss)3942 static u64 ieee80211_link_set_associated(struct ieee80211_link_data *link,
3943 struct cfg80211_bss *cbss)
3944 {
3945 struct ieee80211_sub_if_data *sdata = link->sdata;
3946 struct ieee80211_bss_conf *bss_conf = link->conf;
3947 struct ieee80211_bss *bss = (void *)cbss->priv;
3948 u64 changed = BSS_CHANGED_QOS;
3949
3950 /* not really used in MLO */
3951 sdata->u.mgd.beacon_timeout =
3952 usecs_to_jiffies(ieee80211_tu_to_usec(beacon_loss_count *
3953 bss_conf->beacon_int));
3954
3955 changed |= ieee80211_handle_bss_capability(link,
3956 bss_conf->assoc_capability,
3957 bss->has_erp_value,
3958 bss->erp_value);
3959
3960 ieee80211_check_rate_mask(link);
3961
3962 link->conf->bss = cbss;
3963 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN);
3964
3965 if (sdata->vif.p2p ||
3966 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
3967 const struct cfg80211_bss_ies *ies;
3968
3969 rcu_read_lock();
3970 ies = rcu_dereference(cbss->ies);
3971 if (ies) {
3972 int ret;
3973
3974 ret = cfg80211_get_p2p_attr(
3975 ies->data, ies->len,
3976 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
3977 (u8 *) &bss_conf->p2p_noa_attr,
3978 sizeof(bss_conf->p2p_noa_attr));
3979 if (ret >= 2) {
3980 link->u.mgd.p2p_noa_index =
3981 bss_conf->p2p_noa_attr.index;
3982 changed |= BSS_CHANGED_P2P_PS;
3983 }
3984 }
3985 rcu_read_unlock();
3986 }
3987
3988 if (link->u.mgd.have_beacon) {
3989 bss_conf->beacon_rate = bss->beacon_rate;
3990 changed |= BSS_CHANGED_BEACON_INFO;
3991 } else {
3992 bss_conf->beacon_rate = NULL;
3993 }
3994
3995 /* Tell the driver to monitor connection quality (if supported) */
3996 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
3997 bss_conf->cqm_rssi_thold)
3998 changed |= BSS_CHANGED_CQM;
3999
4000 return changed;
4001 }
4002
ieee80211_set_associated(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * assoc_data,u64 changed[IEEE80211_MLD_MAX_NUM_LINKS])4003 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
4004 struct ieee80211_mgd_assoc_data *assoc_data,
4005 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS])
4006 {
4007 struct ieee80211_local *local = sdata->local;
4008 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
4009 u64 vif_changed = BSS_CHANGED_ASSOC;
4010 unsigned int link_id;
4011
4012 lockdep_assert_wiphy(local->hw.wiphy);
4013
4014 sdata->u.mgd.associated = true;
4015
4016 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
4017 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
4018 struct ieee80211_link_data *link;
4019
4020 if (!cbss ||
4021 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS)
4022 continue;
4023
4024 if (ieee80211_vif_is_mld(&sdata->vif) &&
4025 !(ieee80211_vif_usable_links(&sdata->vif) & BIT(link_id)))
4026 continue;
4027
4028 link = sdata_dereference(sdata->link[link_id], sdata);
4029 if (WARN_ON(!link))
4030 return;
4031
4032 changed[link_id] |= ieee80211_link_set_associated(link, cbss);
4033 }
4034
4035 /* just to be sure */
4036 ieee80211_stop_poll(sdata);
4037
4038 ieee80211_led_assoc(local, 1);
4039
4040 vif_cfg->assoc = 1;
4041
4042 /* Enable ARP filtering */
4043 if (vif_cfg->arp_addr_cnt)
4044 vif_changed |= BSS_CHANGED_ARP_FILTER;
4045
4046 if (ieee80211_vif_is_mld(&sdata->vif)) {
4047 for (link_id = 0;
4048 link_id < IEEE80211_MLD_MAX_NUM_LINKS;
4049 link_id++) {
4050 struct ieee80211_link_data *link;
4051 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
4052
4053 if (!cbss ||
4054 !(BIT(link_id) &
4055 ieee80211_vif_usable_links(&sdata->vif)) ||
4056 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS)
4057 continue;
4058
4059 link = sdata_dereference(sdata->link[link_id], sdata);
4060 if (WARN_ON(!link))
4061 return;
4062
4063 ieee80211_link_info_change_notify(sdata, link,
4064 changed[link_id]);
4065
4066 ieee80211_recalc_smps(sdata, link);
4067 }
4068
4069 ieee80211_vif_cfg_change_notify(sdata, vif_changed);
4070 } else {
4071 ieee80211_bss_info_change_notify(sdata,
4072 vif_changed | changed[0]);
4073 }
4074
4075 ieee80211_recalc_ps(local);
4076
4077 /* leave this here to not change ordering in non-MLO cases */
4078 if (!ieee80211_vif_is_mld(&sdata->vif))
4079 ieee80211_recalc_smps(sdata, &sdata->deflink);
4080 ieee80211_recalc_ps_vif(sdata);
4081
4082 netif_carrier_on(sdata->dev);
4083 }
4084
ieee80211_ml_reconf_reset(struct ieee80211_sub_if_data * sdata)4085 static void ieee80211_ml_reconf_reset(struct ieee80211_sub_if_data *sdata)
4086 {
4087 struct ieee80211_mgd_assoc_data *add_links_data =
4088 sdata->u.mgd.reconf.add_links_data;
4089
4090 if (!ieee80211_vif_is_mld(&sdata->vif) ||
4091 !(sdata->u.mgd.reconf.added_links |
4092 sdata->u.mgd.reconf.removed_links))
4093 return;
4094
4095 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
4096 &sdata->u.mgd.reconf.wk);
4097 sdata->u.mgd.reconf.added_links = 0;
4098 sdata->u.mgd.reconf.removed_links = 0;
4099 sdata->u.mgd.reconf.dialog_token = 0;
4100
4101 if (add_links_data) {
4102 struct cfg80211_mlo_reconf_done_data done_data = {};
4103 u8 link_id;
4104
4105 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
4106 link_id++)
4107 done_data.links[link_id].bss =
4108 add_links_data->link[link_id].bss;
4109
4110 cfg80211_mlo_reconf_add_done(sdata->dev, &done_data);
4111
4112 kfree(sdata->u.mgd.reconf.add_links_data);
4113 sdata->u.mgd.reconf.add_links_data = NULL;
4114 }
4115 }
4116
ieee80211_set_disassoc(struct ieee80211_sub_if_data * sdata,u16 stype,u16 reason,bool tx,u8 * frame_buf)4117 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
4118 u16 stype, u16 reason, bool tx,
4119 u8 *frame_buf)
4120 {
4121 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4122 struct ieee80211_local *local = sdata->local;
4123 struct sta_info *ap_sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
4124 unsigned int link_id;
4125 u64 changed = 0;
4126 struct ieee80211_prep_tx_info info = {
4127 .subtype = stype,
4128 .was_assoc = true,
4129 .link_id = ffs(sdata->vif.active_links) - 1,
4130 };
4131
4132 lockdep_assert_wiphy(local->hw.wiphy);
4133
4134 if (frame_buf)
4135 memset(frame_buf, 0, IEEE80211_DEAUTH_FRAME_LEN);
4136
4137 if (WARN_ON(!ap_sta))
4138 return;
4139
4140 if (WARN_ON_ONCE(tx && !frame_buf))
4141 return;
4142
4143 if (WARN_ON(!ifmgd->associated))
4144 return;
4145
4146 ieee80211_stop_poll(sdata);
4147
4148 ifmgd->associated = false;
4149
4150 if (tx) {
4151 bool tx_link_found = false;
4152
4153 for (link_id = 0;
4154 link_id < ARRAY_SIZE(sdata->link);
4155 link_id++) {
4156 struct ieee80211_link_data *link;
4157
4158 if (!ieee80211_vif_link_active(&sdata->vif, link_id))
4159 continue;
4160
4161 link = sdata_dereference(sdata->link[link_id], sdata);
4162 if (WARN_ON_ONCE(!link))
4163 continue;
4164
4165 if (link->u.mgd.csa.blocked_tx)
4166 continue;
4167
4168 tx_link_found = true;
4169 break;
4170 }
4171
4172 tx = tx_link_found;
4173 }
4174
4175 /* other links will be destroyed */
4176 sdata->deflink.conf->bss = NULL;
4177 sdata->deflink.conf->epcs_support = false;
4178 sdata->deflink.smps_mode = IEEE80211_SMPS_OFF;
4179
4180 netif_carrier_off(sdata->dev);
4181
4182 /*
4183 * if we want to get out of ps before disassoc (why?) we have
4184 * to do it before sending disassoc, as otherwise the null-packet
4185 * won't be valid.
4186 */
4187 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
4188 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
4189 ieee80211_hw_config(local, -1, IEEE80211_CONF_CHANGE_PS);
4190 }
4191 local->ps_sdata = NULL;
4192
4193 /* disable per-vif ps */
4194 ieee80211_recalc_ps_vif(sdata);
4195
4196 /* make sure ongoing transmission finishes */
4197 synchronize_net();
4198
4199 /*
4200 * drop any frame before deauth/disassoc, this can be data or
4201 * management frame. Since we are disconnecting, we should not
4202 * insist sending these frames which can take time and delay
4203 * the disconnection and possible the roaming.
4204 */
4205 ieee80211_flush_queues(local, sdata, true);
4206
4207 if (tx) {
4208 drv_mgd_prepare_tx(sdata->local, sdata, &info);
4209
4210 ieee80211_send_deauth_disassoc(sdata, sdata->vif.cfg.ap_addr,
4211 sdata->vif.cfg.ap_addr, stype,
4212 reason, true, frame_buf);
4213
4214 /* flush out frame - make sure the deauth was actually sent */
4215 ieee80211_flush_queues(local, sdata, false);
4216
4217 drv_mgd_complete_tx(sdata->local, sdata, &info);
4218 } else if (frame_buf) {
4219 ieee80211_send_deauth_disassoc(sdata, sdata->vif.cfg.ap_addr,
4220 sdata->vif.cfg.ap_addr, stype,
4221 reason, false, frame_buf);
4222 }
4223
4224 /* clear AP addr only after building the needed mgmt frames */
4225 eth_zero_addr(sdata->deflink.u.mgd.bssid);
4226 eth_zero_addr(sdata->vif.cfg.ap_addr);
4227
4228 sdata->vif.cfg.ssid_len = 0;
4229
4230 /* Remove TDLS peers */
4231 __sta_info_flush(sdata, false, -1, ap_sta);
4232
4233 if (sdata->vif.driver_flags & IEEE80211_VIF_REMOVE_AP_AFTER_DISASSOC) {
4234 /* Only move the AP state */
4235 sta_info_move_state(ap_sta, IEEE80211_STA_NONE);
4236 } else {
4237 /* Remove AP peer */
4238 sta_info_flush(sdata, -1);
4239 }
4240
4241 /* finally reset all BSS / config parameters */
4242 if (!ieee80211_vif_is_mld(&sdata->vif))
4243 changed |= ieee80211_reset_erp_info(sdata);
4244
4245 ieee80211_led_assoc(local, 0);
4246 changed |= BSS_CHANGED_ASSOC;
4247 sdata->vif.cfg.assoc = false;
4248
4249 sdata->deflink.u.mgd.p2p_noa_index = -1;
4250 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
4251 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
4252
4253 /* on the next assoc, re-program HT/VHT parameters */
4254 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
4255 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
4256 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
4257 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
4258
4259 /*
4260 * reset MU-MIMO ownership and group data in default link,
4261 * if used, other links are destroyed
4262 */
4263 memset(sdata->vif.bss_conf.mu_group.membership, 0,
4264 sizeof(sdata->vif.bss_conf.mu_group.membership));
4265 memset(sdata->vif.bss_conf.mu_group.position, 0,
4266 sizeof(sdata->vif.bss_conf.mu_group.position));
4267 if (!ieee80211_vif_is_mld(&sdata->vif))
4268 changed |= BSS_CHANGED_MU_GROUPS;
4269 sdata->vif.bss_conf.mu_mimo_owner = false;
4270
4271 sdata->deflink.ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
4272
4273 timer_delete_sync(&local->dynamic_ps_timer);
4274 wiphy_work_cancel(local->hw.wiphy, &local->dynamic_ps_enable_work);
4275
4276 /* Disable ARP filtering */
4277 if (sdata->vif.cfg.arp_addr_cnt)
4278 changed |= BSS_CHANGED_ARP_FILTER;
4279
4280 sdata->vif.bss_conf.qos = false;
4281 if (!ieee80211_vif_is_mld(&sdata->vif)) {
4282 changed |= BSS_CHANGED_QOS;
4283 /* The BSSID (not really interesting) and HT changed */
4284 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
4285 ieee80211_bss_info_change_notify(sdata, changed);
4286 } else {
4287 ieee80211_vif_cfg_change_notify(sdata, changed);
4288 }
4289
4290 if (sdata->vif.driver_flags & IEEE80211_VIF_REMOVE_AP_AFTER_DISASSOC) {
4291 /*
4292 * After notifying the driver about the disassoc,
4293 * remove the ap sta.
4294 */
4295 sta_info_flush(sdata, -1);
4296 }
4297
4298 /* disassociated - set to defaults now */
4299 ieee80211_set_wmm_default(&sdata->deflink, false, false);
4300
4301 timer_delete_sync(&sdata->u.mgd.conn_mon_timer);
4302 timer_delete_sync(&sdata->u.mgd.bcn_mon_timer);
4303 timer_delete_sync(&sdata->u.mgd.timer);
4304
4305 sdata->vif.bss_conf.dtim_period = 0;
4306 sdata->vif.bss_conf.beacon_rate = NULL;
4307
4308 sdata->deflink.u.mgd.have_beacon = false;
4309 sdata->deflink.u.mgd.tracking_signal_avg = false;
4310 sdata->deflink.u.mgd.disable_wmm_tracking = false;
4311
4312 ifmgd->flags = 0;
4313
4314 for (link_id = 0; link_id < ARRAY_SIZE(sdata->link); link_id++) {
4315 struct ieee80211_link_data *link;
4316
4317 link = sdata_dereference(sdata->link[link_id], sdata);
4318 if (!link)
4319 continue;
4320 ieee80211_link_release_channel(link);
4321 }
4322
4323 sdata->vif.bss_conf.csa_active = false;
4324 sdata->deflink.u.mgd.csa.blocked_tx = false;
4325 sdata->deflink.u.mgd.csa.waiting_bcn = false;
4326 sdata->deflink.u.mgd.csa.ignored_same_chan = false;
4327 ieee80211_vif_unblock_queues_csa(sdata);
4328
4329 /* existing TX TSPEC sessions no longer exist */
4330 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec));
4331 wiphy_delayed_work_cancel(local->hw.wiphy, &ifmgd->tx_tspec_wk);
4332
4333 sdata->vif.bss_conf.power_type = IEEE80211_REG_UNSET_AP;
4334 sdata->vif.bss_conf.pwr_reduction = 0;
4335 ieee80211_clear_tpe(&sdata->vif.bss_conf.tpe);
4336
4337 sdata->vif.cfg.eml_cap = 0;
4338 sdata->vif.cfg.eml_med_sync_delay = 0;
4339 sdata->vif.cfg.mld_capa_op = 0;
4340
4341 memset(&sdata->u.mgd.ttlm_info, 0,
4342 sizeof(sdata->u.mgd.ttlm_info));
4343 wiphy_hrtimer_work_cancel(sdata->local->hw.wiphy, &ifmgd->ttlm_work);
4344
4345 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
4346 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
4347 &ifmgd->neg_ttlm_timeout_work);
4348
4349 sdata->u.mgd.removed_links = 0;
4350 wiphy_hrtimer_work_cancel(sdata->local->hw.wiphy,
4351 &sdata->u.mgd.ml_reconf_work);
4352
4353 wiphy_work_cancel(sdata->local->hw.wiphy,
4354 &ifmgd->teardown_ttlm_work);
4355
4356 /* if disconnection happens in the middle of the ML reconfiguration
4357 * flow, cfg80211 must called to release the BSS references obtained
4358 * when the flow started.
4359 */
4360 ieee80211_ml_reconf_reset(sdata);
4361
4362 ieee80211_vif_set_links(sdata, 0, 0);
4363
4364 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO;
4365
4366 ifmgd->epcs.enabled = false;
4367 ifmgd->epcs.dialog_token = 0;
4368
4369 memset(ifmgd->userspace_selectors, 0,
4370 sizeof(ifmgd->userspace_selectors));
4371 }
4372
ieee80211_reset_ap_probe(struct ieee80211_sub_if_data * sdata)4373 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
4374 {
4375 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4376 struct ieee80211_local *local = sdata->local;
4377
4378 lockdep_assert_wiphy(local->hw.wiphy);
4379
4380 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
4381 return;
4382
4383 __ieee80211_stop_poll(sdata);
4384
4385 ieee80211_recalc_ps(local);
4386
4387 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
4388 return;
4389
4390 /*
4391 * We've received a probe response, but are not sure whether
4392 * we have or will be receiving any beacons or data, so let's
4393 * schedule the timers again, just in case.
4394 */
4395 ieee80211_sta_reset_beacon_monitor(sdata);
4396
4397 mod_timer(&ifmgd->conn_mon_timer,
4398 round_jiffies_up(jiffies +
4399 IEEE80211_CONNECTION_IDLE_TIME));
4400 }
4401
ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data * sdata,struct ieee80211_hdr * hdr,u16 tx_time)4402 static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata,
4403 struct ieee80211_hdr *hdr,
4404 u16 tx_time)
4405 {
4406 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4407 u16 tid;
4408 int ac;
4409 struct ieee80211_sta_tx_tspec *tx_tspec;
4410 unsigned long now = jiffies;
4411
4412 if (!ieee80211_is_data_qos(hdr->frame_control))
4413 return;
4414
4415 tid = ieee80211_get_tid(hdr);
4416 ac = ieee80211_ac_from_tid(tid);
4417 tx_tspec = &ifmgd->tx_tspec[ac];
4418
4419 if (likely(!tx_tspec->admitted_time))
4420 return;
4421
4422 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
4423 tx_tspec->consumed_tx_time = 0;
4424 tx_tspec->time_slice_start = now;
4425
4426 if (tx_tspec->downgraded) {
4427 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
4428 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
4429 &ifmgd->tx_tspec_wk, 0);
4430 }
4431 }
4432
4433 if (tx_tspec->downgraded)
4434 return;
4435
4436 tx_tspec->consumed_tx_time += tx_time;
4437
4438 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) {
4439 tx_tspec->downgraded = true;
4440 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE;
4441 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
4442 &ifmgd->tx_tspec_wk, 0);
4443 }
4444 }
4445
ieee80211_sta_tx_notify(struct ieee80211_sub_if_data * sdata,struct ieee80211_hdr * hdr,bool ack,u16 tx_time)4446 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
4447 struct ieee80211_hdr *hdr, bool ack, u16 tx_time)
4448 {
4449 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time);
4450
4451 if (!ieee80211_is_any_nullfunc(hdr->frame_control) ||
4452 !sdata->u.mgd.probe_send_count)
4453 return;
4454
4455 if (ack)
4456 sdata->u.mgd.probe_send_count = 0;
4457 else
4458 sdata->u.mgd.nullfunc_failed = true;
4459 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
4460 }
4461
ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data * sdata,const u8 * src,const u8 * dst,const u8 * ssid,size_t ssid_len,struct ieee80211_channel * channel)4462 static void ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data *sdata,
4463 const u8 *src, const u8 *dst,
4464 const u8 *ssid, size_t ssid_len,
4465 struct ieee80211_channel *channel)
4466 {
4467 struct sk_buff *skb;
4468
4469 skb = ieee80211_build_probe_req(sdata, src, dst, (u32)-1, channel,
4470 ssid, ssid_len, NULL, 0,
4471 IEEE80211_PROBE_FLAG_DIRECTED);
4472 if (skb)
4473 ieee80211_tx_skb(sdata, skb);
4474 }
4475
ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data * sdata)4476 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
4477 {
4478 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4479 u8 *dst = sdata->vif.cfg.ap_addr;
4480 u8 unicast_limit = max(1, max_probe_tries - 3);
4481 struct sta_info *sta;
4482
4483 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4484
4485 /*
4486 * Try sending broadcast probe requests for the last three
4487 * probe requests after the first ones failed since some
4488 * buggy APs only support broadcast probe requests.
4489 */
4490 if (ifmgd->probe_send_count >= unicast_limit)
4491 dst = NULL;
4492
4493 /*
4494 * When the hardware reports an accurate Tx ACK status, it's
4495 * better to send a nullfunc frame instead of a probe request,
4496 * as it will kick us off the AP quickly if we aren't associated
4497 * anymore. The timeout will be reset if the frame is ACKed by
4498 * the AP.
4499 */
4500 ifmgd->probe_send_count++;
4501
4502 if (dst) {
4503 sta = sta_info_get(sdata, dst);
4504 if (!WARN_ON(!sta))
4505 ieee80211_check_fast_rx(sta);
4506 }
4507
4508 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
4509 ifmgd->nullfunc_failed = false;
4510 ieee80211_send_nullfunc(sdata->local, sdata, false);
4511 } else {
4512 ieee80211_mlme_send_probe_req(sdata, sdata->vif.addr, dst,
4513 sdata->vif.cfg.ssid,
4514 sdata->vif.cfg.ssid_len,
4515 sdata->deflink.conf->bss->channel);
4516 }
4517
4518 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
4519 run_again(sdata, ifmgd->probe_timeout);
4520 }
4521
ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data * sdata,bool beacon)4522 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
4523 bool beacon)
4524 {
4525 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4526 bool already = false;
4527
4528 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4529
4530 if (!ieee80211_sdata_running(sdata))
4531 return;
4532
4533 if (!ifmgd->associated)
4534 return;
4535
4536 if (sdata->local->tmp_channel || sdata->local->scanning)
4537 return;
4538
4539 if (sdata->local->suspending) {
4540 /* reschedule after resume */
4541 ieee80211_reset_ap_probe(sdata);
4542 return;
4543 }
4544
4545 if (beacon) {
4546 mlme_dbg_ratelimited(sdata,
4547 "detected beacon loss from AP (missed %d beacons) - probing\n",
4548 beacon_loss_count);
4549
4550 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL);
4551 }
4552
4553 /*
4554 * The driver/our work has already reported this event or the
4555 * connection monitoring has kicked in and we have already sent
4556 * a probe request. Or maybe the AP died and the driver keeps
4557 * reporting until we disassociate...
4558 *
4559 * In either case we have to ignore the current call to this
4560 * function (except for setting the correct probe reason bit)
4561 * because otherwise we would reset the timer every time and
4562 * never check whether we received a probe response!
4563 */
4564 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
4565 already = true;
4566
4567 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
4568
4569 if (already)
4570 return;
4571
4572 ieee80211_recalc_ps(sdata->local);
4573
4574 ifmgd->probe_send_count = 0;
4575 ieee80211_mgd_probe_ap_send(sdata);
4576 }
4577
ieee80211_ap_probereq_get(struct ieee80211_hw * hw,struct ieee80211_vif * vif)4578 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
4579 struct ieee80211_vif *vif)
4580 {
4581 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4582 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4583 struct cfg80211_bss *cbss;
4584 struct sk_buff *skb;
4585 const struct element *ssid;
4586 int ssid_len;
4587
4588 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4589
4590 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION ||
4591 ieee80211_vif_is_mld(&sdata->vif)))
4592 return NULL;
4593
4594 if (ifmgd->associated)
4595 cbss = sdata->deflink.conf->bss;
4596 else if (ifmgd->auth_data)
4597 cbss = ifmgd->auth_data->bss;
4598 else if (ifmgd->assoc_data && ifmgd->assoc_data->link[0].bss)
4599 cbss = ifmgd->assoc_data->link[0].bss;
4600 else
4601 return NULL;
4602
4603 rcu_read_lock();
4604 ssid = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID);
4605 if (WARN_ONCE(!ssid || ssid->datalen > IEEE80211_MAX_SSID_LEN,
4606 "invalid SSID element (len=%d)",
4607 ssid ? ssid->datalen : -1))
4608 ssid_len = 0;
4609 else
4610 ssid_len = ssid->datalen;
4611
4612 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid,
4613 (u32) -1, cbss->channel,
4614 ssid->data, ssid_len,
4615 NULL, 0, IEEE80211_PROBE_FLAG_DIRECTED);
4616 rcu_read_unlock();
4617
4618 return skb;
4619 }
4620 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
4621
ieee80211_report_disconnect(struct ieee80211_sub_if_data * sdata,const u8 * buf,size_t len,bool tx,u16 reason,bool reconnect)4622 static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
4623 const u8 *buf, size_t len, bool tx,
4624 u16 reason, bool reconnect)
4625 {
4626 struct ieee80211_event event = {
4627 .type = MLME_EVENT,
4628 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT,
4629 .u.mlme.reason = reason,
4630 };
4631
4632 if (tx)
4633 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len, reconnect);
4634 else
4635 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
4636
4637 drv_event_callback(sdata->local, sdata, &event);
4638 }
4639
__ieee80211_disconnect(struct ieee80211_sub_if_data * sdata)4640 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
4641 {
4642 struct ieee80211_local *local = sdata->local;
4643 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4644 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4645
4646 lockdep_assert_wiphy(local->hw.wiphy);
4647
4648 if (!ifmgd->associated)
4649 return;
4650
4651 if (!ifmgd->driver_disconnect) {
4652 unsigned int link_id;
4653
4654 /*
4655 * AP is probably out of range (or not reachable for another
4656 * reason) so remove the bss structs for that AP. In the case
4657 * of multi-link, it's not clear that all of them really are
4658 * out of range, but if they weren't the driver likely would
4659 * have switched to just have a single link active?
4660 */
4661 for (link_id = 0;
4662 link_id < ARRAY_SIZE(sdata->link);
4663 link_id++) {
4664 struct ieee80211_link_data *link;
4665
4666 link = sdata_dereference(sdata->link[link_id], sdata);
4667 if (!link || !link->conf->bss)
4668 continue;
4669 cfg80211_unlink_bss(local->hw.wiphy, link->conf->bss);
4670 link->conf->bss = NULL;
4671 }
4672 }
4673
4674 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4675 ifmgd->driver_disconnect ?
4676 WLAN_REASON_DEAUTH_LEAVING :
4677 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4678 true, frame_buf);
4679 /* the other links will be destroyed */
4680 sdata->vif.bss_conf.csa_active = false;
4681 sdata->deflink.u.mgd.csa.waiting_bcn = false;
4682 sdata->deflink.u.mgd.csa.blocked_tx = false;
4683 ieee80211_vif_unblock_queues_csa(sdata);
4684
4685 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
4686 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4687 ifmgd->reconnect);
4688 ifmgd->reconnect = false;
4689 }
4690
ieee80211_beacon_connection_loss_work(struct wiphy * wiphy,struct wiphy_work * work)4691 static void ieee80211_beacon_connection_loss_work(struct wiphy *wiphy,
4692 struct wiphy_work *work)
4693 {
4694 struct ieee80211_sub_if_data *sdata =
4695 container_of(work, struct ieee80211_sub_if_data,
4696 u.mgd.beacon_connection_loss_work);
4697 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4698
4699 if (ifmgd->connection_loss) {
4700 sdata_info(sdata, "Connection to AP %pM lost\n",
4701 sdata->vif.cfg.ap_addr);
4702 __ieee80211_disconnect(sdata);
4703 ifmgd->connection_loss = false;
4704 } else if (ifmgd->driver_disconnect) {
4705 sdata_info(sdata,
4706 "Driver requested disconnection from AP %pM\n",
4707 sdata->vif.cfg.ap_addr);
4708 __ieee80211_disconnect(sdata);
4709 ifmgd->driver_disconnect = false;
4710 } else {
4711 if (ifmgd->associated)
4712 sdata->deflink.u.mgd.beacon_loss_count++;
4713 ieee80211_mgd_probe_ap(sdata, true);
4714 }
4715 }
4716
ieee80211_csa_connection_drop_work(struct wiphy * wiphy,struct wiphy_work * work)4717 static void ieee80211_csa_connection_drop_work(struct wiphy *wiphy,
4718 struct wiphy_work *work)
4719 {
4720 struct ieee80211_sub_if_data *sdata =
4721 container_of(work, struct ieee80211_sub_if_data,
4722 u.mgd.csa_connection_drop_work);
4723
4724 __ieee80211_disconnect(sdata);
4725 }
4726
ieee80211_beacon_loss(struct ieee80211_vif * vif)4727 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
4728 {
4729 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4730 struct ieee80211_hw *hw = &sdata->local->hw;
4731
4732 trace_api_beacon_loss(sdata);
4733
4734 sdata->u.mgd.connection_loss = false;
4735 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
4736 }
4737 EXPORT_SYMBOL(ieee80211_beacon_loss);
4738
ieee80211_connection_loss(struct ieee80211_vif * vif)4739 void ieee80211_connection_loss(struct ieee80211_vif *vif)
4740 {
4741 struct ieee80211_sub_if_data *sdata;
4742 struct ieee80211_hw *hw;
4743
4744 KUNIT_STATIC_STUB_REDIRECT(ieee80211_connection_loss, vif);
4745
4746 sdata = vif_to_sdata(vif);
4747 hw = &sdata->local->hw;
4748
4749 trace_api_connection_loss(sdata);
4750
4751 sdata->u.mgd.connection_loss = true;
4752 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
4753 }
4754 EXPORT_SYMBOL(ieee80211_connection_loss);
4755
ieee80211_disconnect(struct ieee80211_vif * vif,bool reconnect)4756 void ieee80211_disconnect(struct ieee80211_vif *vif, bool reconnect)
4757 {
4758 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4759 struct ieee80211_hw *hw = &sdata->local->hw;
4760
4761 trace_api_disconnect(sdata, reconnect);
4762
4763 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
4764 return;
4765
4766 sdata->u.mgd.driver_disconnect = true;
4767 sdata->u.mgd.reconnect = reconnect;
4768 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
4769 }
4770 EXPORT_SYMBOL(ieee80211_disconnect);
4771
ieee80211_destroy_auth_data(struct ieee80211_sub_if_data * sdata,bool assoc)4772 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
4773 bool assoc)
4774 {
4775 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
4776
4777 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4778
4779 sdata->u.mgd.auth_data = NULL;
4780
4781 if (!assoc) {
4782 /*
4783 * we are not authenticated yet, the only timer that could be
4784 * running is the timeout for the authentication response which
4785 * which is not relevant anymore.
4786 */
4787 timer_delete_sync(&sdata->u.mgd.timer);
4788 sta_info_destroy_addr(sdata, auth_data->ap_addr);
4789
4790 /* other links are destroyed */
4791 eth_zero_addr(sdata->deflink.u.mgd.bssid);
4792 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
4793 BSS_CHANGED_BSSID);
4794 sdata->u.mgd.flags = 0;
4795
4796 ieee80211_link_release_channel(&sdata->deflink);
4797 ieee80211_vif_set_links(sdata, 0, 0);
4798 }
4799
4800 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
4801 kfree(auth_data);
4802 }
4803
4804 enum assoc_status {
4805 ASSOC_SUCCESS,
4806 ASSOC_REJECTED,
4807 ASSOC_TIMEOUT,
4808 ASSOC_ABANDON,
4809 };
4810
ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data * sdata,enum assoc_status status)4811 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
4812 enum assoc_status status)
4813 {
4814 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
4815
4816 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4817
4818 sdata->u.mgd.assoc_data = NULL;
4819
4820 if (status != ASSOC_SUCCESS) {
4821 /*
4822 * we are not associated yet, the only timer that could be
4823 * running is the timeout for the association response which
4824 * which is not relevant anymore.
4825 */
4826 timer_delete_sync(&sdata->u.mgd.timer);
4827 sta_info_destroy_addr(sdata, assoc_data->ap_addr);
4828
4829 eth_zero_addr(sdata->deflink.u.mgd.bssid);
4830 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
4831 BSS_CHANGED_BSSID);
4832 sdata->u.mgd.flags = 0;
4833 sdata->vif.bss_conf.mu_mimo_owner = false;
4834
4835 if (status != ASSOC_REJECTED) {
4836 struct cfg80211_assoc_failure data = {
4837 .timeout = status == ASSOC_TIMEOUT,
4838 };
4839 int i;
4840
4841 BUILD_BUG_ON(ARRAY_SIZE(data.bss) !=
4842 ARRAY_SIZE(assoc_data->link));
4843
4844 for (i = 0; i < ARRAY_SIZE(data.bss); i++)
4845 data.bss[i] = assoc_data->link[i].bss;
4846
4847 if (ieee80211_vif_is_mld(&sdata->vif))
4848 data.ap_mld_addr = assoc_data->ap_addr;
4849
4850 cfg80211_assoc_failure(sdata->dev, &data);
4851 }
4852
4853 ieee80211_link_release_channel(&sdata->deflink);
4854 ieee80211_vif_set_links(sdata, 0, 0);
4855 }
4856
4857 kfree(assoc_data);
4858 }
4859
ieee80211_auth_challenge(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)4860 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
4861 struct ieee80211_mgmt *mgmt, size_t len)
4862 {
4863 struct ieee80211_local *local = sdata->local;
4864 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
4865 const struct element *challenge;
4866 u8 *pos;
4867 u32 tx_flags = 0;
4868 struct ieee80211_prep_tx_info info = {
4869 .subtype = IEEE80211_STYPE_AUTH,
4870 .link_id = auth_data->link_id,
4871 };
4872
4873 pos = mgmt->u.auth.variable;
4874 challenge = cfg80211_find_elem(WLAN_EID_CHALLENGE, pos,
4875 len - (pos - (u8 *)mgmt));
4876 if (!challenge)
4877 return;
4878 auth_data->expected_transaction = 4;
4879 drv_mgd_prepare_tx(sdata->local, sdata, &info);
4880 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4881 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
4882 IEEE80211_TX_INTFL_MLME_CONN_TX;
4883 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
4884 (void *)challenge,
4885 challenge->datalen + sizeof(*challenge),
4886 auth_data->ap_addr, auth_data->ap_addr,
4887 auth_data->key, auth_data->key_len,
4888 auth_data->key_idx, tx_flags);
4889 }
4890
ieee80211_mark_sta_auth(struct ieee80211_sub_if_data * sdata)4891 static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata)
4892 {
4893 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4894 const u8 *ap_addr = ifmgd->auth_data->ap_addr;
4895 struct sta_info *sta;
4896
4897 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4898
4899 sdata_info(sdata, "authenticated\n");
4900 ifmgd->auth_data->done = true;
4901 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
4902 ifmgd->auth_data->timeout_started = true;
4903 run_again(sdata, ifmgd->auth_data->timeout);
4904
4905 /* move station state to auth */
4906 sta = sta_info_get(sdata, ap_addr);
4907 if (!sta) {
4908 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, ap_addr);
4909 return false;
4910 }
4911 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
4912 sdata_info(sdata, "failed moving %pM to auth\n", ap_addr);
4913 return false;
4914 }
4915
4916 return true;
4917 }
4918
ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)4919 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
4920 struct ieee80211_mgmt *mgmt, size_t len)
4921 {
4922 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4923 u16 auth_alg, auth_transaction, status_code;
4924 struct ieee80211_event event = {
4925 .type = MLME_EVENT,
4926 .u.mlme.data = AUTH_EVENT,
4927 };
4928 struct ieee80211_prep_tx_info info = {
4929 .subtype = IEEE80211_STYPE_AUTH,
4930 };
4931 bool sae_need_confirm = false;
4932
4933 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4934
4935 if (len < 24 + 6)
4936 return;
4937
4938 if (!ifmgd->auth_data || ifmgd->auth_data->done)
4939 return;
4940
4941 if (!ether_addr_equal(ifmgd->auth_data->ap_addr, mgmt->bssid))
4942 return;
4943
4944 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
4945 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
4946 status_code = le16_to_cpu(mgmt->u.auth.status_code);
4947
4948 info.link_id = ifmgd->auth_data->link_id;
4949
4950 if (auth_alg != ifmgd->auth_data->algorithm ||
4951 (auth_alg != WLAN_AUTH_SAE &&
4952 auth_transaction != ifmgd->auth_data->expected_transaction) ||
4953 (auth_alg == WLAN_AUTH_SAE &&
4954 (auth_transaction < ifmgd->auth_data->expected_transaction ||
4955 auth_transaction > 2))) {
4956 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
4957 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
4958 auth_transaction,
4959 ifmgd->auth_data->expected_transaction);
4960 goto notify_driver;
4961 }
4962
4963 if (status_code != WLAN_STATUS_SUCCESS) {
4964 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
4965
4966 if (auth_alg == WLAN_AUTH_SAE &&
4967 (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED ||
4968 (auth_transaction == 1 &&
4969 (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
4970 status_code == WLAN_STATUS_SAE_PK)))) {
4971 /* waiting for userspace now */
4972 ifmgd->auth_data->waiting = true;
4973 ifmgd->auth_data->timeout =
4974 jiffies + IEEE80211_AUTH_WAIT_SAE_RETRY;
4975 ifmgd->auth_data->timeout_started = true;
4976 run_again(sdata, ifmgd->auth_data->timeout);
4977 if (auth_transaction == 1)
4978 sae_need_confirm = true;
4979 goto notify_driver;
4980 }
4981
4982 sdata_info(sdata, "%pM denied authentication (status %d)\n",
4983 mgmt->sa, status_code);
4984 ieee80211_destroy_auth_data(sdata, false);
4985 event.u.mlme.status = MLME_DENIED;
4986 event.u.mlme.reason = status_code;
4987 drv_event_callback(sdata->local, sdata, &event);
4988 goto notify_driver;
4989 }
4990
4991 switch (ifmgd->auth_data->algorithm) {
4992 case WLAN_AUTH_OPEN:
4993 case WLAN_AUTH_LEAP:
4994 case WLAN_AUTH_FT:
4995 case WLAN_AUTH_SAE:
4996 case WLAN_AUTH_FILS_SK:
4997 case WLAN_AUTH_FILS_SK_PFS:
4998 case WLAN_AUTH_FILS_PK:
4999 case WLAN_AUTH_EPPKE:
5000 break;
5001 case WLAN_AUTH_SHARED_KEY:
5002 if (ifmgd->auth_data->expected_transaction != 4) {
5003 ieee80211_auth_challenge(sdata, mgmt, len);
5004 /* need another frame */
5005 return;
5006 }
5007 break;
5008 default:
5009 WARN_ONCE(1, "invalid auth alg %d",
5010 ifmgd->auth_data->algorithm);
5011 goto notify_driver;
5012 }
5013
5014 event.u.mlme.status = MLME_SUCCESS;
5015 info.success = 1;
5016 drv_event_callback(sdata->local, sdata, &event);
5017 if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE ||
5018 (auth_transaction == 2 &&
5019 ifmgd->auth_data->expected_transaction == 2)) {
5020 if (!ieee80211_mark_sta_auth(sdata))
5021 return; /* ignore frame -- wait for timeout */
5022 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
5023 auth_transaction == 1) {
5024 sae_need_confirm = true;
5025 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
5026 auth_transaction == 2) {
5027 sdata_info(sdata, "SAE peer confirmed\n");
5028 ifmgd->auth_data->peer_confirmed = true;
5029 }
5030
5031 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
5032 notify_driver:
5033 if (!sae_need_confirm)
5034 drv_mgd_complete_tx(sdata->local, sdata, &info);
5035 }
5036
5037 #define case_WLAN(type) \
5038 case WLAN_REASON_##type: return #type
5039
ieee80211_get_reason_code_string(u16 reason_code)5040 const char *ieee80211_get_reason_code_string(u16 reason_code)
5041 {
5042 switch (reason_code) {
5043 case_WLAN(UNSPECIFIED);
5044 case_WLAN(PREV_AUTH_NOT_VALID);
5045 case_WLAN(DEAUTH_LEAVING);
5046 case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
5047 case_WLAN(DISASSOC_AP_BUSY);
5048 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
5049 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
5050 case_WLAN(DISASSOC_STA_HAS_LEFT);
5051 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
5052 case_WLAN(DISASSOC_BAD_POWER);
5053 case_WLAN(DISASSOC_BAD_SUPP_CHAN);
5054 case_WLAN(INVALID_IE);
5055 case_WLAN(MIC_FAILURE);
5056 case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
5057 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
5058 case_WLAN(IE_DIFFERENT);
5059 case_WLAN(INVALID_GROUP_CIPHER);
5060 case_WLAN(INVALID_PAIRWISE_CIPHER);
5061 case_WLAN(INVALID_AKMP);
5062 case_WLAN(UNSUPP_RSN_VERSION);
5063 case_WLAN(INVALID_RSN_IE_CAP);
5064 case_WLAN(IEEE8021X_FAILED);
5065 case_WLAN(CIPHER_SUITE_REJECTED);
5066 case_WLAN(DISASSOC_UNSPECIFIED_QOS);
5067 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
5068 case_WLAN(DISASSOC_LOW_ACK);
5069 case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
5070 case_WLAN(QSTA_LEAVE_QBSS);
5071 case_WLAN(QSTA_NOT_USE);
5072 case_WLAN(QSTA_REQUIRE_SETUP);
5073 case_WLAN(QSTA_TIMEOUT);
5074 case_WLAN(QSTA_CIPHER_NOT_SUPP);
5075 case_WLAN(MESH_PEER_CANCELED);
5076 case_WLAN(MESH_MAX_PEERS);
5077 case_WLAN(MESH_CONFIG);
5078 case_WLAN(MESH_CLOSE);
5079 case_WLAN(MESH_MAX_RETRIES);
5080 case_WLAN(MESH_CONFIRM_TIMEOUT);
5081 case_WLAN(MESH_INVALID_GTK);
5082 case_WLAN(MESH_INCONSISTENT_PARAM);
5083 case_WLAN(MESH_INVALID_SECURITY);
5084 case_WLAN(MESH_PATH_ERROR);
5085 case_WLAN(MESH_PATH_NOFORWARD);
5086 case_WLAN(MESH_PATH_DEST_UNREACHABLE);
5087 case_WLAN(MAC_EXISTS_IN_MBSS);
5088 case_WLAN(MESH_CHAN_REGULATORY);
5089 case_WLAN(MESH_CHAN);
5090 default: return "<unknown>";
5091 }
5092 }
5093
ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)5094 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
5095 struct ieee80211_mgmt *mgmt, size_t len)
5096 {
5097 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5098 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
5099
5100 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5101
5102 if (len < 24 + 2)
5103 return;
5104
5105 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
5106 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
5107 return;
5108 }
5109
5110 if (ifmgd->associated &&
5111 ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)) {
5112 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
5113 sdata->vif.cfg.ap_addr, reason_code,
5114 ieee80211_get_reason_code_string(reason_code));
5115
5116 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
5117
5118 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
5119 reason_code, false);
5120 return;
5121 }
5122
5123 if (ifmgd->assoc_data &&
5124 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->ap_addr)) {
5125 sdata_info(sdata,
5126 "deauthenticated from %pM while associating (Reason: %u=%s)\n",
5127 ifmgd->assoc_data->ap_addr, reason_code,
5128 ieee80211_get_reason_code_string(reason_code));
5129
5130 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
5131
5132 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
5133 return;
5134 }
5135 }
5136
5137
ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)5138 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
5139 struct ieee80211_mgmt *mgmt, size_t len)
5140 {
5141 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5142 u16 reason_code;
5143
5144 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5145
5146 if (len < 24 + 2)
5147 return;
5148
5149 if (!ifmgd->associated ||
5150 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr))
5151 return;
5152
5153 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
5154
5155 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
5156 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
5157 return;
5158 }
5159
5160 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
5161 sdata->vif.cfg.ap_addr, reason_code,
5162 ieee80211_get_reason_code_string(reason_code));
5163
5164 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
5165
5166 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code,
5167 false);
5168 }
5169
ieee80211_twt_req_supported(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct link_sta_info * link_sta,const struct ieee802_11_elems * elems)5170 static bool ieee80211_twt_req_supported(struct ieee80211_sub_if_data *sdata,
5171 struct ieee80211_supported_band *sband,
5172 const struct link_sta_info *link_sta,
5173 const struct ieee802_11_elems *elems)
5174 {
5175 const struct ieee80211_sta_he_cap *own_he_cap =
5176 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
5177
5178 if (elems->ext_capab_len < 10)
5179 return false;
5180
5181 if (!(elems->ext_capab[9] & WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT))
5182 return false;
5183
5184 return link_sta->pub->he_cap.he_cap_elem.mac_cap_info[0] &
5185 IEEE80211_HE_MAC_CAP0_TWT_RES &&
5186 own_he_cap &&
5187 (own_he_cap->he_cap_elem.mac_cap_info[0] &
5188 IEEE80211_HE_MAC_CAP0_TWT_REQ);
5189 }
5190
ieee80211_recalc_twt_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct ieee80211_link_data * link,struct link_sta_info * link_sta,struct ieee802_11_elems * elems)5191 static u64 ieee80211_recalc_twt_req(struct ieee80211_sub_if_data *sdata,
5192 struct ieee80211_supported_band *sband,
5193 struct ieee80211_link_data *link,
5194 struct link_sta_info *link_sta,
5195 struct ieee802_11_elems *elems)
5196 {
5197 bool twt = ieee80211_twt_req_supported(sdata, sband, link_sta, elems);
5198
5199 if (link->conf->twt_requester != twt) {
5200 link->conf->twt_requester = twt;
5201 return BSS_CHANGED_TWT;
5202 }
5203 return 0;
5204 }
5205
ieee80211_twt_bcast_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_bss_conf * bss_conf,struct ieee80211_supported_band * sband,struct link_sta_info * link_sta)5206 static bool ieee80211_twt_bcast_support(struct ieee80211_sub_if_data *sdata,
5207 struct ieee80211_bss_conf *bss_conf,
5208 struct ieee80211_supported_band *sband,
5209 struct link_sta_info *link_sta)
5210 {
5211 const struct ieee80211_sta_he_cap *own_he_cap =
5212 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
5213
5214 return bss_conf->he_support &&
5215 (link_sta->pub->he_cap.he_cap_elem.mac_cap_info[2] &
5216 IEEE80211_HE_MAC_CAP2_BCAST_TWT) &&
5217 own_he_cap &&
5218 (own_he_cap->he_cap_elem.mac_cap_info[2] &
5219 IEEE80211_HE_MAC_CAP2_BCAST_TWT);
5220 }
5221
ieee80211_epcs_changed(struct ieee80211_sub_if_data * sdata,bool enabled)5222 static void ieee80211_epcs_changed(struct ieee80211_sub_if_data *sdata,
5223 bool enabled)
5224 {
5225 /* in any case this is called, dialog token should be reset */
5226 sdata->u.mgd.epcs.dialog_token = 0;
5227
5228 if (sdata->u.mgd.epcs.enabled == enabled)
5229 return;
5230
5231 sdata->u.mgd.epcs.enabled = enabled;
5232 cfg80211_epcs_changed(sdata->dev, enabled);
5233 }
5234
ieee80211_epcs_teardown(struct ieee80211_sub_if_data * sdata)5235 static void ieee80211_epcs_teardown(struct ieee80211_sub_if_data *sdata)
5236 {
5237 struct ieee80211_local *local = sdata->local;
5238 u8 link_id;
5239
5240 if (!sdata->u.mgd.epcs.enabled)
5241 return;
5242
5243 lockdep_assert_wiphy(local->hw.wiphy);
5244
5245 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
5246 struct ieee802_11_elems *elems;
5247 struct ieee80211_link_data *link;
5248 const struct cfg80211_bss_ies *ies;
5249 bool ret;
5250
5251 rcu_read_lock();
5252
5253 link = sdata_dereference(sdata->link[link_id], sdata);
5254 if (!link || !link->conf || !link->conf->bss) {
5255 rcu_read_unlock();
5256 continue;
5257 }
5258
5259 if (link->u.mgd.disable_wmm_tracking) {
5260 rcu_read_unlock();
5261 ieee80211_set_wmm_default(link, false, false);
5262 continue;
5263 }
5264
5265 ies = rcu_dereference(link->conf->bss->beacon_ies);
5266 if (!ies) {
5267 rcu_read_unlock();
5268 ieee80211_set_wmm_default(link, false, false);
5269 continue;
5270 }
5271
5272 elems = ieee802_11_parse_elems(ies->data, ies->len,
5273 IEEE80211_FTYPE_MGMT |
5274 IEEE80211_STYPE_BEACON,
5275 NULL);
5276 if (!elems) {
5277 rcu_read_unlock();
5278 ieee80211_set_wmm_default(link, false, false);
5279 continue;
5280 }
5281
5282 ret = _ieee80211_sta_wmm_params(local, link,
5283 elems->wmm_param,
5284 elems->wmm_param_len,
5285 elems->mu_edca_param_set);
5286
5287 kfree(elems);
5288 rcu_read_unlock();
5289
5290 if (!ret) {
5291 ieee80211_set_wmm_default(link, false, false);
5292 continue;
5293 }
5294
5295 ieee80211_mgd_set_link_qos_params(link);
5296 ieee80211_link_info_change_notify(sdata, link, BSS_CHANGED_QOS);
5297 }
5298 }
5299
ieee80211_assoc_config_link(struct ieee80211_link_data * link,struct link_sta_info * link_sta,struct cfg80211_bss * cbss,struct ieee80211_mgmt * mgmt,const u8 * elem_start,unsigned int elem_len,u64 * changed)5300 static bool ieee80211_assoc_config_link(struct ieee80211_link_data *link,
5301 struct link_sta_info *link_sta,
5302 struct cfg80211_bss *cbss,
5303 struct ieee80211_mgmt *mgmt,
5304 const u8 *elem_start,
5305 unsigned int elem_len,
5306 u64 *changed)
5307 {
5308 struct ieee80211_sub_if_data *sdata = link->sdata;
5309 struct ieee80211_mgd_assoc_data *assoc_data =
5310 sdata->u.mgd.assoc_data ?: sdata->u.mgd.reconf.add_links_data;
5311 struct ieee80211_bss_conf *bss_conf = link->conf;
5312 struct ieee80211_local *local = sdata->local;
5313 unsigned int link_id = link->link_id;
5314 struct ieee80211_elems_parse_params parse_params = {
5315 .mode = link->u.mgd.conn.mode,
5316 .start = elem_start,
5317 .len = elem_len,
5318 .link_id = link_id == assoc_data->assoc_link_id ? -1 : link_id,
5319 .from_ap = true,
5320 .type = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_TYPE,
5321 };
5322 bool is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ;
5323 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
5324 bool is_s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
5325 const struct cfg80211_bss_ies *bss_ies = NULL;
5326 struct ieee80211_supported_band *sband;
5327 struct ieee802_11_elems *elems;
5328 const __le16 prof_bss_param_ch_present =
5329 cpu_to_le16(IEEE80211_MLE_STA_CONTROL_BSS_PARAM_CHANGE_CNT_PRESENT);
5330 u16 capab_info;
5331 bool ret;
5332
5333 elems = ieee802_11_parse_elems_full(&parse_params);
5334 if (!elems)
5335 return false;
5336
5337 if (link_id == assoc_data->assoc_link_id) {
5338 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
5339
5340 /*
5341 * we should not get to this flow unless the association was
5342 * successful, so set the status directly to success
5343 */
5344 assoc_data->link[link_id].status = WLAN_STATUS_SUCCESS;
5345 if (elems->ml_basic) {
5346 int bss_param_ch_cnt =
5347 ieee80211_mle_get_bss_param_ch_cnt((const void *)elems->ml_basic);
5348
5349 if (bss_param_ch_cnt < 0) {
5350 ret = false;
5351 goto out;
5352 }
5353 bss_conf->bss_param_ch_cnt = bss_param_ch_cnt;
5354 bss_conf->bss_param_ch_cnt_link_id = link_id;
5355 }
5356 } else if (elems->parse_error & IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC ||
5357 !elems->prof ||
5358 !(elems->prof->control & prof_bss_param_ch_present)) {
5359 ret = false;
5360 goto out;
5361 } else {
5362 const u8 *ptr = elems->prof->variable +
5363 elems->prof->sta_info_len - 1;
5364 int bss_param_ch_cnt;
5365
5366 /*
5367 * During parsing, we validated that these fields exist,
5368 * otherwise elems->prof would have been set to NULL.
5369 */
5370 capab_info = get_unaligned_le16(ptr);
5371 assoc_data->link[link_id].status = get_unaligned_le16(ptr + 2);
5372 bss_param_ch_cnt =
5373 ieee80211_mle_basic_sta_prof_bss_param_ch_cnt(elems->prof);
5374 bss_conf->bss_param_ch_cnt = bss_param_ch_cnt;
5375 bss_conf->bss_param_ch_cnt_link_id = link_id;
5376
5377 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) {
5378 link_info(link, "association response status code=%u\n",
5379 assoc_data->link[link_id].status);
5380 ret = true;
5381 goto out;
5382 }
5383 }
5384
5385 if (!is_s1g && !elems->supp_rates) {
5386 sdata_info(sdata, "no SuppRates element in AssocResp\n");
5387 ret = false;
5388 goto out;
5389 }
5390
5391 link->u.mgd.tdls_chan_switch_prohibited =
5392 elems->ext_capab && elems->ext_capab_len >= 5 &&
5393 (elems->ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED);
5394
5395 /*
5396 * Some APs are erroneously not including some information in their
5397 * (re)association response frames. Try to recover by using the data
5398 * from the beacon or probe response. This seems to afflict mobile
5399 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
5400 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
5401 */
5402 if (!ieee80211_hw_check(&local->hw, STRICT) && !is_6ghz &&
5403 ((assoc_data->wmm && !elems->wmm_param) ||
5404 (link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT &&
5405 (!elems->ht_cap_elem || !elems->ht_operation)) ||
5406 (is_5ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT &&
5407 (!elems->vht_cap_elem || !elems->vht_operation)))) {
5408 const struct cfg80211_bss_ies *ies;
5409 struct ieee802_11_elems *bss_elems;
5410
5411 rcu_read_lock();
5412 ies = rcu_dereference(cbss->ies);
5413 if (ies)
5414 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
5415 GFP_ATOMIC);
5416 rcu_read_unlock();
5417 if (!bss_ies) {
5418 ret = false;
5419 goto out;
5420 }
5421
5422 parse_params.start = bss_ies->data;
5423 parse_params.len = bss_ies->len;
5424 parse_params.bss = cbss;
5425 parse_params.link_id = -1;
5426 bss_elems = ieee802_11_parse_elems_full(&parse_params);
5427 if (!bss_elems) {
5428 ret = false;
5429 goto out;
5430 }
5431
5432 if (assoc_data->wmm &&
5433 !elems->wmm_param && bss_elems->wmm_param) {
5434 elems->wmm_param = bss_elems->wmm_param;
5435 sdata_info(sdata,
5436 "AP bug: WMM param missing from AssocResp\n");
5437 }
5438
5439 /*
5440 * Also check if we requested HT/VHT, otherwise the AP doesn't
5441 * have to include the IEs in the (re)association response.
5442 */
5443 if (!elems->ht_cap_elem && bss_elems->ht_cap_elem &&
5444 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) {
5445 elems->ht_cap_elem = bss_elems->ht_cap_elem;
5446 sdata_info(sdata,
5447 "AP bug: HT capability missing from AssocResp\n");
5448 }
5449 if (!elems->ht_operation && bss_elems->ht_operation &&
5450 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) {
5451 elems->ht_operation = bss_elems->ht_operation;
5452 sdata_info(sdata,
5453 "AP bug: HT operation missing from AssocResp\n");
5454 }
5455
5456 if (is_5ghz) {
5457 if (!elems->vht_cap_elem && bss_elems->vht_cap_elem &&
5458 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
5459 elems->vht_cap_elem = bss_elems->vht_cap_elem;
5460 sdata_info(sdata,
5461 "AP bug: VHT capa missing from AssocResp\n");
5462 }
5463
5464 if (!elems->vht_operation && bss_elems->vht_operation &&
5465 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
5466 elems->vht_operation = bss_elems->vht_operation;
5467 sdata_info(sdata,
5468 "AP bug: VHT operation missing from AssocResp\n");
5469 }
5470 }
5471 kfree(bss_elems);
5472 }
5473
5474 /*
5475 * We previously checked these in the beacon/probe response, so
5476 * they should be present here. This is just a safety net.
5477 * Note that the ieee80211_config_bw() below would also check
5478 * for this (and more), but this has better error reporting.
5479 */
5480 if (!is_6ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT &&
5481 (!elems->wmm_param || !elems->ht_cap_elem || !elems->ht_operation)) {
5482 sdata_info(sdata,
5483 "HT AP is missing WMM params or HT capability/operation\n");
5484 ret = false;
5485 goto out;
5486 }
5487
5488 if (is_5ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT &&
5489 (!elems->vht_cap_elem || !elems->vht_operation)) {
5490 sdata_info(sdata,
5491 "VHT AP is missing VHT capability/operation\n");
5492 ret = false;
5493 goto out;
5494 }
5495
5496 /* check/update if AP changed anything in assoc response vs. scan */
5497 if (ieee80211_config_bw(link, elems,
5498 link_id == assoc_data->assoc_link_id,
5499 changed,
5500 le16_to_cpu(mgmt->frame_control) &
5501 IEEE80211_FCTL_STYPE)) {
5502 ret = false;
5503 goto out;
5504 }
5505
5506 if (WARN_ON(!link->conf->chanreq.oper.chan)) {
5507 ret = false;
5508 goto out;
5509 }
5510 sband = local->hw.wiphy->bands[link->conf->chanreq.oper.chan->band];
5511
5512 /* Set up internal HT/VHT capabilities */
5513 if (elems->ht_cap_elem && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT)
5514 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
5515 elems->ht_cap_elem,
5516 link_sta);
5517
5518 if (elems->vht_cap_elem &&
5519 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
5520 const struct ieee80211_vht_cap *bss_vht_cap = NULL;
5521 const struct cfg80211_bss_ies *ies;
5522
5523 /*
5524 * Cisco AP module 9115 with FW 17.3 has a bug and sends a
5525 * too large maximum MPDU length in the association response
5526 * (indicating 12k) that it cannot actually process ...
5527 * Work around that.
5528 */
5529 rcu_read_lock();
5530 ies = rcu_dereference(cbss->ies);
5531 if (ies) {
5532 const struct element *elem;
5533
5534 elem = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY,
5535 ies->data, ies->len);
5536 if (elem && elem->datalen >= sizeof(*bss_vht_cap))
5537 bss_vht_cap = (const void *)elem->data;
5538 }
5539
5540 if (ieee80211_hw_check(&local->hw, STRICT) &&
5541 (!bss_vht_cap || memcmp(bss_vht_cap, elems->vht_cap_elem,
5542 sizeof(*bss_vht_cap)))) {
5543 rcu_read_unlock();
5544 ret = false;
5545 link_info(link, "VHT capabilities mismatch\n");
5546 goto out;
5547 }
5548
5549 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
5550 elems->vht_cap_elem,
5551 bss_vht_cap, link_sta);
5552 rcu_read_unlock();
5553 }
5554
5555 if (elems->he_operation &&
5556 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE &&
5557 elems->he_cap) {
5558 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband,
5559 elems->he_cap,
5560 elems->he_cap_len,
5561 elems->he_6ghz_capa,
5562 link_sta);
5563
5564 bss_conf->he_support = link_sta->pub->he_cap.has_he;
5565 if (elems->rsnx && elems->rsnx_len &&
5566 (elems->rsnx[0] & WLAN_RSNX_CAPA_PROTECTED_TWT) &&
5567 wiphy_ext_feature_isset(local->hw.wiphy,
5568 NL80211_EXT_FEATURE_PROTECTED_TWT))
5569 bss_conf->twt_protected = true;
5570 else
5571 bss_conf->twt_protected = false;
5572
5573 *changed |= ieee80211_recalc_twt_req(sdata, sband, link,
5574 link_sta, elems);
5575
5576 if (elems->eht_operation && elems->eht_cap &&
5577 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_EHT) {
5578 ieee80211_eht_cap_ie_to_sta_eht_cap(sdata, sband,
5579 elems->he_cap,
5580 elems->he_cap_len,
5581 elems->eht_cap,
5582 elems->eht_cap_len,
5583 link_sta);
5584
5585 bss_conf->eht_support = link_sta->pub->eht_cap.has_eht;
5586 bss_conf->epcs_support = bss_conf->eht_support &&
5587 !!(elems->eht_cap->fixed.mac_cap_info[0] &
5588 IEEE80211_EHT_MAC_CAP0_EPCS_PRIO_ACCESS);
5589
5590 /* EPCS might be already enabled but a new added link
5591 * does not support EPCS. This should not really happen
5592 * in practice.
5593 */
5594 if (sdata->u.mgd.epcs.enabled &&
5595 !bss_conf->epcs_support)
5596 ieee80211_epcs_teardown(sdata);
5597 } else {
5598 bss_conf->eht_support = false;
5599 bss_conf->epcs_support = false;
5600 }
5601 } else {
5602 bss_conf->he_support = false;
5603 bss_conf->twt_requester = false;
5604 bss_conf->twt_protected = false;
5605 bss_conf->eht_support = false;
5606 bss_conf->epcs_support = false;
5607 }
5608
5609 if (elems->uhr_operation && elems->uhr_cap &&
5610 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_UHR) {
5611 ieee80211_uhr_cap_ie_to_sta_uhr_cap(sdata, sband,
5612 elems->uhr_cap,
5613 elems->uhr_cap_len,
5614 link_sta);
5615
5616 bss_conf->uhr_support = link_sta->pub->uhr_cap.has_uhr;
5617 } else {
5618 bss_conf->uhr_support = false;
5619 }
5620
5621 if (elems->s1g_oper &&
5622 link->u.mgd.conn.mode == IEEE80211_CONN_MODE_S1G &&
5623 elems->s1g_capab)
5624 ieee80211_s1g_cap_to_sta_s1g_cap(sdata, elems->s1g_capab,
5625 link_sta);
5626
5627 bss_conf->twt_broadcast =
5628 ieee80211_twt_bcast_support(sdata, bss_conf, sband, link_sta);
5629
5630 if (bss_conf->he_support) {
5631 bss_conf->he_bss_color.color =
5632 le32_get_bits(elems->he_operation->he_oper_params,
5633 IEEE80211_HE_OPERATION_BSS_COLOR_MASK);
5634 bss_conf->he_bss_color.partial =
5635 le32_get_bits(elems->he_operation->he_oper_params,
5636 IEEE80211_HE_OPERATION_PARTIAL_BSS_COLOR);
5637 bss_conf->he_bss_color.enabled =
5638 !le32_get_bits(elems->he_operation->he_oper_params,
5639 IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED);
5640
5641 if (bss_conf->he_bss_color.enabled)
5642 *changed |= BSS_CHANGED_HE_BSS_COLOR;
5643
5644 bss_conf->htc_trig_based_pkt_ext =
5645 le32_get_bits(elems->he_operation->he_oper_params,
5646 IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK);
5647 bss_conf->frame_time_rts_th =
5648 le32_get_bits(elems->he_operation->he_oper_params,
5649 IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
5650
5651 bss_conf->uora_exists = !!elems->uora_element;
5652 if (elems->uora_element)
5653 bss_conf->uora_ocw_range = elems->uora_element[0];
5654
5655 ieee80211_he_op_ie_to_bss_conf(&sdata->vif, elems->he_operation);
5656 ieee80211_he_spr_ie_to_bss_conf(&sdata->vif, elems->he_spr);
5657 /* TODO: OPEN: what happens if BSS color disable is set? */
5658 }
5659
5660 if (cbss->transmitted_bss) {
5661 bss_conf->nontransmitted = true;
5662 ether_addr_copy(bss_conf->transmitter_bssid,
5663 cbss->transmitted_bss->bssid);
5664 bss_conf->bssid_indicator = cbss->max_bssid_indicator;
5665 bss_conf->bssid_index = cbss->bssid_index;
5666 }
5667
5668 /*
5669 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
5670 * in their association response, so ignore that data for our own
5671 * configuration. If it changed since the last beacon, we'll get the
5672 * next beacon and update then.
5673 */
5674
5675 /*
5676 * If an operating mode notification IE is present, override the
5677 * NSS calculation (that would be done in rate_control_rate_init())
5678 * and use the # of streams from that element.
5679 */
5680 if (elems->opmode_notif &&
5681 !(*elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
5682 u8 nss;
5683
5684 nss = *elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
5685 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
5686 nss += 1;
5687 link_sta->pub->rx_nss = nss;
5688 }
5689
5690 /*
5691 * Always handle WMM once after association regardless
5692 * of the first value the AP uses. Setting -1 here has
5693 * that effect because the AP values is an unsigned
5694 * 4-bit value.
5695 */
5696 link->u.mgd.wmm_last_param_set = -1;
5697 link->u.mgd.mu_edca_last_param_set = -1;
5698
5699 if (link->u.mgd.disable_wmm_tracking) {
5700 ieee80211_set_wmm_default(link, false, false);
5701 } else if (!ieee80211_sta_wmm_params(local, link, elems->wmm_param,
5702 elems->wmm_param_len,
5703 elems->mu_edca_param_set)) {
5704 /* still enable QoS since we might have HT/VHT */
5705 ieee80211_set_wmm_default(link, false, true);
5706 /* disable WMM tracking in this case to disable
5707 * tracking WMM parameter changes in the beacon if
5708 * the parameters weren't actually valid. Doing so
5709 * avoids changing parameters very strangely when
5710 * the AP is going back and forth between valid and
5711 * invalid parameters.
5712 */
5713 link->u.mgd.disable_wmm_tracking = true;
5714 }
5715
5716 if (elems->max_idle_period_ie) {
5717 bss_conf->max_idle_period =
5718 le16_to_cpu(elems->max_idle_period_ie->max_idle_period);
5719 bss_conf->protected_keep_alive =
5720 !!(elems->max_idle_period_ie->idle_options &
5721 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE);
5722 *changed |= BSS_CHANGED_KEEP_ALIVE;
5723 } else {
5724 bss_conf->max_idle_period = 0;
5725 bss_conf->protected_keep_alive = false;
5726 }
5727
5728 /* set assoc capability (AID was already set earlier),
5729 * ieee80211_set_associated() will tell the driver */
5730 bss_conf->assoc_capability = capab_info;
5731
5732 ret = true;
5733 out:
5734 kfree(elems);
5735 kfree(bss_ies);
5736 return ret;
5737 }
5738
ieee80211_mgd_setup_link_sta(struct ieee80211_link_data * link,struct sta_info * sta,struct link_sta_info * link_sta,struct cfg80211_bss * cbss)5739 static int ieee80211_mgd_setup_link_sta(struct ieee80211_link_data *link,
5740 struct sta_info *sta,
5741 struct link_sta_info *link_sta,
5742 struct cfg80211_bss *cbss)
5743 {
5744 struct ieee80211_sub_if_data *sdata = link->sdata;
5745 struct ieee80211_local *local = sdata->local;
5746 struct ieee80211_bss *bss = (void *)cbss->priv;
5747 u32 rates = 0, basic_rates = 0;
5748 bool have_higher_than_11mbit = false;
5749 int min_rate = INT_MAX, min_rate_index = -1;
5750 struct ieee80211_supported_band *sband;
5751
5752 memcpy(link_sta->addr, cbss->bssid, ETH_ALEN);
5753 memcpy(link_sta->pub->addr, cbss->bssid, ETH_ALEN);
5754
5755 /* TODO: S1G Basic Rate Set is expressed elsewhere */
5756 if (cbss->channel->band == NL80211_BAND_S1GHZ) {
5757 ieee80211_s1g_sta_rate_init(sta);
5758 return 0;
5759 }
5760
5761 sband = local->hw.wiphy->bands[cbss->channel->band];
5762
5763 ieee80211_get_rates(sband, bss->supp_rates, bss->supp_rates_len,
5764 NULL, 0,
5765 &rates, &basic_rates, NULL,
5766 &have_higher_than_11mbit,
5767 &min_rate, &min_rate_index);
5768
5769 /*
5770 * This used to be a workaround for basic rates missing
5771 * in the association response frame. Now that we no
5772 * longer use the basic rates from there, it probably
5773 * doesn't happen any more, but keep the workaround so
5774 * in case some *other* APs are buggy in different ways
5775 * we can connect -- with a warning.
5776 * Allow this workaround only in case the AP provided at least
5777 * one rate.
5778 */
5779 if (min_rate_index < 0) {
5780 link_info(link, "No legacy rates in association response\n");
5781 return -EINVAL;
5782 } else if (!basic_rates) {
5783 link_info(link, "No basic rates, using min rate instead\n");
5784 basic_rates = BIT(min_rate_index);
5785 }
5786
5787 if (rates)
5788 link_sta->pub->supp_rates[cbss->channel->band] = rates;
5789 else
5790 link_info(link, "No rates found, keeping mandatory only\n");
5791
5792 link->conf->basic_rates = basic_rates;
5793
5794 /* cf. IEEE 802.11 9.2.12 */
5795 link->operating_11g_mode = sband->band == NL80211_BAND_2GHZ &&
5796 have_higher_than_11mbit;
5797
5798 return 0;
5799 }
5800
ieee80211_max_rx_chains(struct ieee80211_link_data * link,struct cfg80211_bss * cbss)5801 static u8 ieee80211_max_rx_chains(struct ieee80211_link_data *link,
5802 struct cfg80211_bss *cbss)
5803 {
5804 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp;
5805 const struct element *ht_cap_elem, *vht_cap_elem;
5806 const struct cfg80211_bss_ies *ies;
5807 const struct ieee80211_ht_cap *ht_cap;
5808 const struct ieee80211_vht_cap *vht_cap;
5809 const struct ieee80211_he_cap_elem *he_cap;
5810 const struct element *he_cap_elem;
5811 u16 mcs_80_map, mcs_160_map;
5812 int i, mcs_nss_size;
5813 bool support_160;
5814 u8 chains = 1;
5815
5816 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HT)
5817 return chains;
5818
5819 ht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_CAPABILITY);
5820 if (ht_cap_elem && ht_cap_elem->datalen >= sizeof(*ht_cap)) {
5821 ht_cap = (void *)ht_cap_elem->data;
5822 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
5823 /*
5824 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
5825 * "Tx Unequal Modulation Supported" fields.
5826 */
5827 }
5828
5829 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_VHT)
5830 return chains;
5831
5832 vht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY);
5833 if (vht_cap_elem && vht_cap_elem->datalen >= sizeof(*vht_cap)) {
5834 u8 nss;
5835 u16 tx_mcs_map;
5836
5837 vht_cap = (void *)vht_cap_elem->data;
5838 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
5839 for (nss = 8; nss > 0; nss--) {
5840 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
5841 IEEE80211_VHT_MCS_NOT_SUPPORTED)
5842 break;
5843 }
5844 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
5845 chains = max(chains, nss);
5846 }
5847
5848 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HE)
5849 return chains;
5850
5851 ies = rcu_dereference(cbss->ies);
5852 he_cap_elem = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY,
5853 ies->data, ies->len);
5854
5855 if (!he_cap_elem || he_cap_elem->datalen < sizeof(*he_cap) + 1)
5856 return chains;
5857
5858 /* skip one byte ext_tag_id */
5859 he_cap = (void *)(he_cap_elem->data + 1);
5860 mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap);
5861
5862 /* invalid HE IE */
5863 if (he_cap_elem->datalen < 1 + mcs_nss_size + sizeof(*he_cap))
5864 return chains;
5865
5866 /* mcs_nss is right after he_cap info */
5867 he_mcs_nss_supp = (void *)(he_cap + 1);
5868
5869 mcs_80_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80);
5870
5871 for (i = 7; i >= 0; i--) {
5872 u8 mcs_80 = mcs_80_map >> (2 * i) & 3;
5873
5874 if (mcs_80 != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
5875 chains = max_t(u8, chains, i + 1);
5876 break;
5877 }
5878 }
5879
5880 support_160 = he_cap->phy_cap_info[0] &
5881 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
5882
5883 if (!support_160)
5884 return chains;
5885
5886 mcs_160_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_160);
5887 for (i = 7; i >= 0; i--) {
5888 u8 mcs_160 = mcs_160_map >> (2 * i) & 3;
5889
5890 if (mcs_160 != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
5891 chains = max_t(u8, chains, i + 1);
5892 break;
5893 }
5894 }
5895
5896 return chains;
5897 }
5898
5899 static void
ieee80211_determine_our_sta_mode(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct cfg80211_assoc_request * req,bool wmm_used,int link_id,struct ieee80211_conn_settings * conn)5900 ieee80211_determine_our_sta_mode(struct ieee80211_sub_if_data *sdata,
5901 struct ieee80211_supported_band *sband,
5902 struct cfg80211_assoc_request *req,
5903 bool wmm_used, int link_id,
5904 struct ieee80211_conn_settings *conn)
5905 {
5906 struct ieee80211_sta_ht_cap sta_ht_cap = sband->ht_cap;
5907 bool is_5ghz = sband->band == NL80211_BAND_5GHZ;
5908 bool is_6ghz = sband->band == NL80211_BAND_6GHZ;
5909 const struct ieee80211_sta_he_cap *he_cap;
5910 const struct ieee80211_sta_eht_cap *eht_cap;
5911 const struct ieee80211_sta_uhr_cap *uhr_cap;
5912 struct ieee80211_sta_vht_cap vht_cap;
5913
5914 if (sband->band == NL80211_BAND_S1GHZ) {
5915 conn->mode = IEEE80211_CONN_MODE_S1G;
5916 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
5917 mlme_dbg(sdata, "operating as S1G STA\n");
5918 return;
5919 }
5920
5921 conn->mode = IEEE80211_CONN_MODE_LEGACY;
5922 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
5923
5924 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
5925
5926 if (req && req->flags & ASSOC_REQ_DISABLE_HT) {
5927 mlme_link_id_dbg(sdata, link_id,
5928 "HT disabled by flag, limiting to legacy\n");
5929 goto out;
5930 }
5931
5932 if (!wmm_used) {
5933 mlme_link_id_dbg(sdata, link_id,
5934 "WMM/QoS not supported, limiting to legacy\n");
5935 goto out;
5936 }
5937
5938 if (req) {
5939 unsigned int i;
5940
5941 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
5942 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
5943 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
5944 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
5945 netdev_info(sdata->dev,
5946 "WEP/TKIP use, limiting to legacy\n");
5947 goto out;
5948 }
5949 }
5950 }
5951
5952 if (!sta_ht_cap.ht_supported && !is_6ghz) {
5953 mlme_link_id_dbg(sdata, link_id,
5954 "HT not supported (and not on 6 GHz), limiting to legacy\n");
5955 goto out;
5956 }
5957
5958 /* HT is fine */
5959 conn->mode = IEEE80211_CONN_MODE_HT;
5960 conn->bw_limit = sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 ?
5961 IEEE80211_CONN_BW_LIMIT_40 :
5962 IEEE80211_CONN_BW_LIMIT_20;
5963
5964 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
5965 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
5966
5967 if (req && req->flags & ASSOC_REQ_DISABLE_VHT) {
5968 mlme_link_id_dbg(sdata, link_id,
5969 "VHT disabled by flag, limiting to HT\n");
5970 goto out;
5971 }
5972
5973 if (vht_cap.vht_supported && is_5ghz) {
5974 bool have_80mhz = false;
5975 unsigned int i;
5976
5977 if (conn->bw_limit == IEEE80211_CONN_BW_LIMIT_20) {
5978 mlme_link_id_dbg(sdata, link_id,
5979 "no 40 MHz support on 5 GHz, limiting to HT\n");
5980 goto out;
5981 }
5982
5983 /* Allow VHT if at least one channel on the sband supports 80 MHz */
5984 for (i = 0; i < sband->n_channels; i++) {
5985 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED |
5986 IEEE80211_CHAN_NO_80MHZ))
5987 continue;
5988
5989 have_80mhz = true;
5990 break;
5991 }
5992
5993 if (!have_80mhz) {
5994 mlme_link_id_dbg(sdata, link_id,
5995 "no 80 MHz channel support on 5 GHz, limiting to HT\n");
5996 goto out;
5997 }
5998 } else if (is_5ghz) { /* !vht_supported but on 5 GHz */
5999 mlme_link_id_dbg(sdata, link_id,
6000 "no VHT support on 5 GHz, limiting to HT\n");
6001 goto out;
6002 }
6003
6004 /* VHT - if we have - is fine, including 80 MHz, check 160 below again */
6005 if (sband->band != NL80211_BAND_2GHZ) {
6006 conn->mode = IEEE80211_CONN_MODE_VHT;
6007 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_160;
6008 }
6009
6010 if (is_5ghz &&
6011 !(vht_cap.cap & (IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
6012 IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))) {
6013 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_80;
6014 mlme_link_id_dbg(sdata, link_id,
6015 "no VHT 160 MHz capability on 5 GHz, limiting to 80 MHz");
6016 }
6017
6018 if (req && req->flags & ASSOC_REQ_DISABLE_HE) {
6019 mlme_link_id_dbg(sdata, link_id,
6020 "HE disabled by flag, limiting to HT/VHT\n");
6021 goto out;
6022 }
6023
6024 he_cap = ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
6025 if (!he_cap) {
6026 WARN_ON(is_6ghz);
6027 mlme_link_id_dbg(sdata, link_id,
6028 "no HE support, limiting to HT/VHT\n");
6029 goto out;
6030 }
6031
6032 /* so we have HE */
6033 conn->mode = IEEE80211_CONN_MODE_HE;
6034
6035 /* check bandwidth */
6036 switch (sband->band) {
6037 default:
6038 case NL80211_BAND_2GHZ:
6039 if (he_cap->he_cap_elem.phy_cap_info[0] &
6040 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G)
6041 break;
6042 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
6043 mlme_link_id_dbg(sdata, link_id,
6044 "no 40 MHz HE cap in 2.4 GHz, limiting to 20 MHz\n");
6045 break;
6046 case NL80211_BAND_5GHZ:
6047 if (!(he_cap->he_cap_elem.phy_cap_info[0] &
6048 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) {
6049 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
6050 mlme_link_id_dbg(sdata, link_id,
6051 "no 40/80 MHz HE cap in 5 GHz, limiting to 20 MHz\n");
6052 break;
6053 }
6054 if (!(he_cap->he_cap_elem.phy_cap_info[0] &
6055 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G)) {
6056 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
6057 conn->bw_limit,
6058 IEEE80211_CONN_BW_LIMIT_80);
6059 mlme_link_id_dbg(sdata, link_id,
6060 "no 160 MHz HE cap in 5 GHz, limiting to 80 MHz\n");
6061 }
6062 break;
6063 case NL80211_BAND_6GHZ:
6064 if (he_cap->he_cap_elem.phy_cap_info[0] &
6065 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G)
6066 break;
6067 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
6068 conn->bw_limit,
6069 IEEE80211_CONN_BW_LIMIT_80);
6070 mlme_link_id_dbg(sdata, link_id,
6071 "no 160 MHz HE cap in 6 GHz, limiting to 80 MHz\n");
6072 break;
6073 }
6074
6075 if (req && req->flags & ASSOC_REQ_DISABLE_EHT) {
6076 mlme_link_id_dbg(sdata, link_id,
6077 "EHT disabled by flag, limiting to HE\n");
6078 goto out;
6079 }
6080
6081 eht_cap = ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif);
6082 if (!eht_cap) {
6083 mlme_link_id_dbg(sdata, link_id,
6084 "no EHT support, limiting to HE\n");
6085 goto out;
6086 }
6087 conn->mode = IEEE80211_CONN_MODE_EHT;
6088
6089 /* check bandwidth */
6090 if (is_6ghz &&
6091 eht_cap->eht_cap_elem.phy_cap_info[0] & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ)
6092 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_320;
6093 else if (is_6ghz)
6094 mlme_link_id_dbg(sdata, link_id,
6095 "no EHT 320 MHz cap in 6 GHz, limiting to 160 MHz\n");
6096
6097 if (req && req->flags & ASSOC_REQ_DISABLE_UHR) {
6098 mlme_link_id_dbg(sdata, link_id,
6099 "UHR disabled by flag, limiting to EHT\n");
6100 goto out;
6101 }
6102
6103 uhr_cap = ieee80211_get_uhr_iftype_cap_vif(sband, &sdata->vif);
6104 if (!uhr_cap) {
6105 mlme_link_id_dbg(sdata, link_id,
6106 "no UHR support, limiting to EHT\n");
6107 goto out;
6108 }
6109 conn->mode = IEEE80211_CONN_MODE_UHR;
6110
6111 out:
6112 mlme_link_id_dbg(sdata, link_id,
6113 "determined local STA to be %s, BW limited to %d MHz\n",
6114 ieee80211_conn_mode_str(conn->mode),
6115 20 * (1 << conn->bw_limit));
6116 }
6117
6118 static void
ieee80211_determine_our_sta_mode_auth(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct cfg80211_auth_request * req,bool wmm_used,struct ieee80211_conn_settings * conn)6119 ieee80211_determine_our_sta_mode_auth(struct ieee80211_sub_if_data *sdata,
6120 struct ieee80211_supported_band *sband,
6121 struct cfg80211_auth_request *req,
6122 bool wmm_used,
6123 struct ieee80211_conn_settings *conn)
6124 {
6125 ieee80211_determine_our_sta_mode(sdata, sband, NULL, wmm_used,
6126 req->link_id > 0 ? req->link_id : 0,
6127 conn);
6128 }
6129
6130 static void
ieee80211_determine_our_sta_mode_assoc(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct cfg80211_assoc_request * req,bool wmm_used,int link_id,struct ieee80211_conn_settings * conn)6131 ieee80211_determine_our_sta_mode_assoc(struct ieee80211_sub_if_data *sdata,
6132 struct ieee80211_supported_band *sband,
6133 struct cfg80211_assoc_request *req,
6134 bool wmm_used, int link_id,
6135 struct ieee80211_conn_settings *conn)
6136 {
6137 struct ieee80211_conn_settings tmp;
6138
6139 WARN_ON(!req);
6140
6141 ieee80211_determine_our_sta_mode(sdata, sband, req, wmm_used, link_id,
6142 &tmp);
6143
6144 conn->mode = min_t(enum ieee80211_conn_mode,
6145 conn->mode, tmp.mode);
6146 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
6147 conn->bw_limit, tmp.bw_limit);
6148 }
6149
ieee80211_prep_channel(struct ieee80211_sub_if_data * sdata,struct ieee80211_link_data * link,int link_id,struct cfg80211_bss * cbss,bool mlo,struct ieee80211_conn_settings * conn,unsigned long * userspace_selectors)6150 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
6151 struct ieee80211_link_data *link,
6152 int link_id,
6153 struct cfg80211_bss *cbss, bool mlo,
6154 struct ieee80211_conn_settings *conn,
6155 unsigned long *userspace_selectors)
6156 {
6157 struct ieee80211_local *local = sdata->local;
6158 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
6159 struct ieee80211_chan_req chanreq = {};
6160 struct cfg80211_chan_def ap_chandef;
6161 struct ieee802_11_elems *elems;
6162 int ret;
6163
6164 lockdep_assert_wiphy(local->hw.wiphy);
6165
6166 rcu_read_lock();
6167 elems = ieee80211_determine_chan_mode(sdata, conn, cbss, link_id,
6168 &chanreq, &ap_chandef,
6169 userspace_selectors);
6170
6171 if (IS_ERR(elems)) {
6172 rcu_read_unlock();
6173 return PTR_ERR(elems);
6174 }
6175
6176 if (mlo && !elems->ml_basic) {
6177 sdata_info(sdata, "Rejecting MLO as it is not supported by AP\n");
6178 rcu_read_unlock();
6179 kfree(elems);
6180 return -EINVAL;
6181 }
6182
6183 if (link && is_6ghz && conn->mode >= IEEE80211_CONN_MODE_HE) {
6184 const struct ieee80211_he_6ghz_oper *he_6ghz_oper;
6185
6186 if (elems->pwr_constr_elem)
6187 link->conf->pwr_reduction = *elems->pwr_constr_elem;
6188
6189 he_6ghz_oper = ieee80211_he_6ghz_oper(elems->he_operation);
6190 if (he_6ghz_oper)
6191 link->conf->power_type =
6192 cfg80211_6ghz_power_type(he_6ghz_oper->control,
6193 cbss->channel->flags);
6194 else
6195 link_info(link,
6196 "HE 6 GHz operation missing (on %d MHz), expect issues\n",
6197 cbss->channel->center_freq);
6198
6199 link->conf->tpe = elems->tpe;
6200 ieee80211_rearrange_tpe(&link->conf->tpe, &ap_chandef,
6201 &chanreq.oper);
6202 }
6203 rcu_read_unlock();
6204 /* the element data was RCU protected so no longer valid anyway */
6205 kfree(elems);
6206 elems = NULL;
6207
6208 if (!link)
6209 return 0;
6210
6211 rcu_read_lock();
6212 link->needed_rx_chains = min(ieee80211_max_rx_chains(link, cbss),
6213 local->rx_chains);
6214 rcu_read_unlock();
6215
6216 /*
6217 * If this fails (possibly due to channel context sharing
6218 * on incompatible channels, e.g. 80+80 and 160 sharing the
6219 * same control channel) try to use a smaller bandwidth.
6220 */
6221 ret = ieee80211_link_use_channel(link, &chanreq,
6222 IEEE80211_CHANCTX_SHARED);
6223
6224 /* don't downgrade for 5/10/S1G MHz channels, though. */
6225 if (chanreq.oper.width == NL80211_CHAN_WIDTH_5 ||
6226 chanreq.oper.width == NL80211_CHAN_WIDTH_10 ||
6227 cfg80211_chandef_is_s1g(&chanreq.oper))
6228 return ret;
6229
6230 while (ret && chanreq.oper.width != NL80211_CHAN_WIDTH_20_NOHT) {
6231 ieee80211_chanreq_downgrade(&chanreq, conn);
6232
6233 ret = ieee80211_link_use_channel(link, &chanreq,
6234 IEEE80211_CHANCTX_SHARED);
6235 }
6236
6237 return ret;
6238 }
6239
ieee80211_get_dtim(const struct cfg80211_bss_ies * ies,u8 * dtim_count,u8 * dtim_period)6240 static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies,
6241 u8 *dtim_count, u8 *dtim_period)
6242 {
6243 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len);
6244 const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data,
6245 ies->len);
6246 const struct ieee80211_tim_ie *tim = NULL;
6247 const struct ieee80211_bssid_index *idx;
6248 bool valid = tim_ie && tim_ie[1] >= 2;
6249
6250 if (valid)
6251 tim = (void *)(tim_ie + 2);
6252
6253 if (dtim_count)
6254 *dtim_count = valid ? tim->dtim_count : 0;
6255
6256 if (dtim_period)
6257 *dtim_period = valid ? tim->dtim_period : 0;
6258
6259 /* Check if value is overridden by non-transmitted profile */
6260 if (!idx_ie || idx_ie[1] < 3)
6261 return valid;
6262
6263 idx = (void *)(idx_ie + 2);
6264
6265 if (dtim_count)
6266 *dtim_count = idx->dtim_count;
6267
6268 if (dtim_period)
6269 *dtim_period = idx->dtim_period;
6270
6271 return true;
6272 }
6273
ieee80211_get_ttlm(u8 bm_size,u8 * data)6274 static u16 ieee80211_get_ttlm(u8 bm_size, u8 *data)
6275 {
6276 if (bm_size == 1)
6277 return *data;
6278
6279 return get_unaligned_le16(data);
6280 }
6281
6282 static int
ieee80211_parse_adv_t2l(struct ieee80211_sub_if_data * sdata,const struct ieee80211_ttlm_elem * ttlm,struct ieee80211_adv_ttlm_info * ttlm_info)6283 ieee80211_parse_adv_t2l(struct ieee80211_sub_if_data *sdata,
6284 const struct ieee80211_ttlm_elem *ttlm,
6285 struct ieee80211_adv_ttlm_info *ttlm_info)
6286 {
6287 /* The element size was already validated in
6288 * ieee80211_tid_to_link_map_size_ok()
6289 */
6290 u8 control, link_map_presence, map_size, tid;
6291 u8 *pos;
6292
6293 memset(ttlm_info, 0, sizeof(*ttlm_info));
6294 pos = (void *)ttlm->optional;
6295 control = ttlm->control;
6296
6297 if ((control & IEEE80211_TTLM_CONTROL_DIRECTION) !=
6298 IEEE80211_TTLM_DIRECTION_BOTH) {
6299 sdata_info(sdata, "Invalid advertised T2L map direction\n");
6300 return -EINVAL;
6301 }
6302
6303 if (!(control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP)) {
6304 link_map_presence = *pos;
6305 pos++;
6306 }
6307
6308 if (control & IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT) {
6309 ttlm_info->switch_time = get_unaligned_le16(pos);
6310
6311 /* Since ttlm_info->switch_time == 0 means no switch time, bump
6312 * it by 1.
6313 */
6314 if (!ttlm_info->switch_time)
6315 ttlm_info->switch_time = 1;
6316
6317 pos += 2;
6318 }
6319
6320 if (control & IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT) {
6321 ttlm_info->duration = pos[0] | pos[1] << 8 | pos[2] << 16;
6322 pos += 3;
6323 }
6324
6325 if (control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) {
6326 ttlm_info->map = 0xffff;
6327 return 0;
6328 }
6329
6330 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE)
6331 map_size = 1;
6332 else
6333 map_size = 2;
6334
6335 /* According to Draft P802.11be_D3.0 clause 35.3.7.1.7, an AP MLD shall
6336 * not advertise a TID-to-link mapping that does not map all TIDs to the
6337 * same link set, reject frame if not all links have mapping
6338 */
6339 if (link_map_presence != 0xff) {
6340 sdata_info(sdata,
6341 "Invalid advertised T2L mapping presence indicator\n");
6342 return -EINVAL;
6343 }
6344
6345 ttlm_info->map = ieee80211_get_ttlm(map_size, pos);
6346 if (!ttlm_info->map) {
6347 sdata_info(sdata,
6348 "Invalid advertised T2L map for TID 0\n");
6349 return -EINVAL;
6350 }
6351
6352 pos += map_size;
6353
6354 for (tid = 1; tid < 8; tid++) {
6355 u16 map = ieee80211_get_ttlm(map_size, pos);
6356
6357 if (map != ttlm_info->map) {
6358 sdata_info(sdata, "Invalid advertised T2L map for tid %d\n",
6359 tid);
6360 return -EINVAL;
6361 }
6362
6363 pos += map_size;
6364 }
6365 return 0;
6366 }
6367
ieee80211_assoc_success(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,struct ieee802_11_elems * elems,const u8 * elem_start,unsigned int elem_len)6368 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
6369 struct ieee80211_mgmt *mgmt,
6370 struct ieee802_11_elems *elems,
6371 const u8 *elem_start, unsigned int elem_len)
6372 {
6373 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
6374 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
6375 struct ieee80211_local *local = sdata->local;
6376 unsigned int link_id;
6377 struct sta_info *sta;
6378 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS] = {};
6379 u16 valid_links = 0, dormant_links = 0;
6380 int err;
6381
6382 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6383 /*
6384 * station info was already allocated and inserted before
6385 * the association and should be available to us
6386 */
6387 sta = sta_info_get(sdata, assoc_data->ap_addr);
6388 if (WARN_ON(!sta))
6389 goto out_err;
6390
6391 sta->sta.spp_amsdu = assoc_data->spp_amsdu;
6392
6393 if (ieee80211_vif_is_mld(&sdata->vif)) {
6394 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
6395 if (!assoc_data->link[link_id].bss)
6396 continue;
6397
6398 valid_links |= BIT(link_id);
6399
6400 if (link_id != assoc_data->assoc_link_id) {
6401 err = ieee80211_sta_allocate_link(sta, link_id);
6402 if (err)
6403 goto out_err;
6404 }
6405 }
6406
6407 /*
6408 * We do not support setting a negotiated TTLM during
6409 * association. As such, we can assume that if there is a TTLM,
6410 * then it is the currently active advertised TTLM.
6411 * In that case, there must be exactly one TTLM that does not
6412 * have a switch time set. This mapping should also leave us
6413 * with at least one usable link.
6414 */
6415 if (elems->ttlm_num > 1) {
6416 sdata_info(sdata,
6417 "More than one advertised TTLM in association response\n");
6418 goto out_err;
6419 } else if (elems->ttlm_num == 1) {
6420 if (ieee80211_parse_adv_t2l(sdata, elems->ttlm[0],
6421 &sdata->u.mgd.ttlm_info) ||
6422 sdata->u.mgd.ttlm_info.switch_time != 0 ||
6423 !(valid_links & sdata->u.mgd.ttlm_info.map)) {
6424 sdata_info(sdata,
6425 "Invalid advertised TTLM in association response\n");
6426 goto out_err;
6427 }
6428
6429 sdata->u.mgd.ttlm_info.active = true;
6430 dormant_links =
6431 valid_links & ~sdata->u.mgd.ttlm_info.map;
6432 }
6433
6434 ieee80211_vif_set_links(sdata, valid_links, dormant_links);
6435 }
6436
6437 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
6438 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
6439 struct ieee80211_link_data *link;
6440 struct link_sta_info *link_sta;
6441
6442 if (!cbss)
6443 continue;
6444
6445 link = sdata_dereference(sdata->link[link_id], sdata);
6446 if (WARN_ON(!link))
6447 goto out_err;
6448
6449 if (ieee80211_vif_is_mld(&sdata->vif))
6450 link_info(link,
6451 "local address %pM, AP link address %pM%s\n",
6452 link->conf->addr,
6453 assoc_data->link[link_id].bss->bssid,
6454 link_id == assoc_data->assoc_link_id ?
6455 " (assoc)" : "");
6456
6457 link_sta = rcu_dereference_protected(sta->link[link_id],
6458 lockdep_is_held(&local->hw.wiphy->mtx));
6459 if (WARN_ON(!link_sta))
6460 goto out_err;
6461
6462 if (!link->u.mgd.have_beacon) {
6463 const struct cfg80211_bss_ies *ies;
6464
6465 rcu_read_lock();
6466 ies = rcu_dereference(cbss->beacon_ies);
6467 if (ies)
6468 link->u.mgd.have_beacon = true;
6469 else
6470 ies = rcu_dereference(cbss->ies);
6471 ieee80211_get_dtim(ies,
6472 &link->conf->sync_dtim_count,
6473 &link->u.mgd.dtim_period);
6474 link->conf->beacon_int = cbss->beacon_interval;
6475 rcu_read_unlock();
6476 }
6477
6478 link->conf->dtim_period = link->u.mgd.dtim_period ?: 1;
6479
6480 if (link_id != assoc_data->assoc_link_id) {
6481 link->u.mgd.conn = assoc_data->link[link_id].conn;
6482
6483 err = ieee80211_prep_channel(sdata, link, link_id, cbss,
6484 true, &link->u.mgd.conn,
6485 sdata->u.mgd.userspace_selectors);
6486 if (err) {
6487 link_info(link, "prep_channel failed\n");
6488 goto out_err;
6489 }
6490 }
6491
6492 err = ieee80211_mgd_setup_link_sta(link, sta, link_sta,
6493 assoc_data->link[link_id].bss);
6494 if (err)
6495 goto out_err;
6496
6497 if (!ieee80211_assoc_config_link(link, link_sta,
6498 assoc_data->link[link_id].bss,
6499 mgmt, elem_start, elem_len,
6500 &changed[link_id]))
6501 goto out_err;
6502
6503 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) {
6504 valid_links &= ~BIT(link_id);
6505 ieee80211_sta_remove_link(sta, link_id);
6506 continue;
6507 }
6508
6509 if (link_id != assoc_data->assoc_link_id) {
6510 err = ieee80211_sta_activate_link(sta, link_id);
6511 if (err)
6512 goto out_err;
6513 }
6514 }
6515
6516 /* links might have changed due to rejected ones, set them again */
6517 ieee80211_vif_set_links(sdata, valid_links, dormant_links);
6518
6519 rate_control_rate_init_all_links(sta);
6520
6521 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) {
6522 set_sta_flag(sta, WLAN_STA_MFP);
6523 sta->sta.mfp = true;
6524 } else {
6525 sta->sta.mfp = false;
6526 }
6527
6528 ieee80211_sta_set_max_amsdu_subframes(sta, elems->ext_capab,
6529 elems->ext_capab_len);
6530
6531 sta->sta.wme = (elems->wmm_param || elems->s1g_capab) &&
6532 local->hw.queues >= IEEE80211_NUM_ACS;
6533
6534 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
6535 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
6536 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
6537 if (err) {
6538 sdata_info(sdata,
6539 "failed to move station %pM to desired state\n",
6540 sta->sta.addr);
6541 WARN_ON(__sta_info_destroy(sta));
6542 goto out_err;
6543 }
6544
6545 if (sdata->wdev.use_4addr)
6546 drv_sta_set_4addr(local, sdata, &sta->sta, true);
6547
6548 ieee80211_set_associated(sdata, assoc_data, changed);
6549
6550 /*
6551 * If we're using 4-addr mode, let the AP know that we're
6552 * doing so, so that it can create the STA VLAN on its side
6553 */
6554 if (ifmgd->use_4addr)
6555 ieee80211_send_4addr_nullfunc(local, sdata);
6556
6557 /*
6558 * Start timer to probe the connection to the AP now.
6559 * Also start the timer that will detect beacon loss.
6560 */
6561 ieee80211_sta_reset_beacon_monitor(sdata);
6562 ieee80211_sta_reset_conn_monitor(sdata);
6563
6564 return true;
6565 out_err:
6566 eth_zero_addr(sdata->vif.cfg.ap_addr);
6567 return false;
6568 }
6569
ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)6570 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
6571 struct ieee80211_mgmt *mgmt,
6572 size_t len)
6573 {
6574 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
6575 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
6576 u16 capab_info, status_code, aid;
6577 struct ieee80211_elems_parse_params parse_params = {
6578 .bss = NULL,
6579 .link_id = -1,
6580 .from_ap = true,
6581 .type = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_TYPE,
6582 };
6583 struct ieee802_11_elems *elems;
6584 int ac;
6585 const u8 *elem_start;
6586 unsigned int elem_len;
6587 bool reassoc;
6588 struct ieee80211_event event = {
6589 .type = MLME_EVENT,
6590 .u.mlme.data = ASSOC_EVENT,
6591 };
6592 struct ieee80211_prep_tx_info info = {};
6593 struct cfg80211_rx_assoc_resp_data resp = {
6594 .uapsd_queues = -1,
6595 };
6596 u8 ap_mld_addr[ETH_ALEN] __aligned(2);
6597 unsigned int link_id;
6598 u16 max_aid = IEEE80211_MAX_AID;
6599
6600 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6601
6602 if (!assoc_data)
6603 return;
6604
6605 info.link_id = assoc_data->assoc_link_id;
6606
6607 parse_params.mode =
6608 assoc_data->link[assoc_data->assoc_link_id].conn.mode;
6609
6610 if (!ether_addr_equal(assoc_data->ap_addr, mgmt->bssid) ||
6611 !ether_addr_equal(assoc_data->ap_addr, mgmt->sa))
6612 return;
6613
6614 /*
6615 * AssocResp and ReassocResp have identical structure, so process both
6616 * of them in this function.
6617 */
6618
6619 if (len < 24 + 6)
6620 return;
6621
6622 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control);
6623 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
6624 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
6625 if (assoc_data->s1g) {
6626 elem_start = mgmt->u.s1g_assoc_resp.variable;
6627 max_aid = IEEE80211_MAX_SUPPORTED_S1G_AID;
6628 } else {
6629 elem_start = mgmt->u.assoc_resp.variable;
6630 }
6631
6632 /*
6633 * Note: this may not be perfect, AP might misbehave - if
6634 * anyone needs to rely on perfect complete notification
6635 * with the exact right subtype, then we need to track what
6636 * we actually transmitted.
6637 */
6638 info.subtype = reassoc ? IEEE80211_STYPE_REASSOC_REQ :
6639 IEEE80211_STYPE_ASSOC_REQ;
6640
6641 if (assoc_data->fils_kek_len &&
6642 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0)
6643 return;
6644
6645 elem_len = len - (elem_start - (u8 *)mgmt);
6646 parse_params.start = elem_start;
6647 parse_params.len = elem_len;
6648 elems = ieee802_11_parse_elems_full(&parse_params);
6649 if (!elems)
6650 goto notify_driver;
6651
6652 if (elems->aid_resp)
6653 aid = le16_to_cpu(elems->aid_resp->aid);
6654 else
6655 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
6656
6657 /*
6658 * The 5 MSB of the AID field are reserved for a non-S1G STA. For
6659 * an S1G STA the 3 MSBs are reserved.
6660 * (802.11-2016 9.4.1.8 AID field).
6661 */
6662 aid &= assoc_data->s1g ? 0x1fff : 0x7ff;
6663
6664 sdata_info(sdata,
6665 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
6666 reassoc ? "Rea" : "A", assoc_data->ap_addr,
6667 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
6668
6669 ifmgd->broken_ap = false;
6670
6671 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
6672 elems->timeout_int &&
6673 elems->timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
6674 u32 tu, ms;
6675
6676 cfg80211_assoc_comeback(sdata->dev, assoc_data->ap_addr,
6677 le32_to_cpu(elems->timeout_int->value));
6678
6679 tu = le32_to_cpu(elems->timeout_int->value);
6680 ms = tu * 1024 / 1000;
6681 sdata_info(sdata,
6682 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
6683 assoc_data->ap_addr, tu, ms);
6684 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
6685 assoc_data->timeout_started = true;
6686 assoc_data->comeback = true;
6687 if (ms > IEEE80211_ASSOC_TIMEOUT)
6688 run_again(sdata, assoc_data->timeout);
6689 goto notify_driver;
6690 }
6691
6692 if (status_code != WLAN_STATUS_SUCCESS) {
6693 sdata_info(sdata, "%pM denied association (code=%d)\n",
6694 assoc_data->ap_addr, status_code);
6695 event.u.mlme.status = MLME_DENIED;
6696 event.u.mlme.reason = status_code;
6697 drv_event_callback(sdata->local, sdata, &event);
6698 } else {
6699 if (aid == 0 || aid > max_aid) {
6700 sdata_info(sdata,
6701 "invalid AID value %d (out of range), turn off PS\n",
6702 aid);
6703 aid = 0;
6704 ifmgd->broken_ap = true;
6705 }
6706
6707 if (ieee80211_vif_is_mld(&sdata->vif)) {
6708 struct ieee80211_mle_basic_common_info *common;
6709
6710 if (!elems->ml_basic) {
6711 sdata_info(sdata,
6712 "MLO association with %pM but no (basic) multi-link element in response!\n",
6713 assoc_data->ap_addr);
6714 goto abandon_assoc;
6715 }
6716
6717 common = (void *)elems->ml_basic->variable;
6718
6719 if (memcmp(assoc_data->ap_addr,
6720 common->mld_mac_addr, ETH_ALEN)) {
6721 sdata_info(sdata,
6722 "AP MLD MAC address mismatch: got %pM expected %pM\n",
6723 common->mld_mac_addr,
6724 assoc_data->ap_addr);
6725 goto abandon_assoc;
6726 }
6727
6728 sdata->vif.cfg.eml_cap =
6729 ieee80211_mle_get_eml_cap((const void *)elems->ml_basic);
6730 sdata->vif.cfg.eml_med_sync_delay =
6731 ieee80211_mle_get_eml_med_sync_delay((const void *)elems->ml_basic);
6732 sdata->vif.cfg.mld_capa_op =
6733 ieee80211_mle_get_mld_capa_op((const void *)elems->ml_basic);
6734 }
6735
6736 sdata->vif.cfg.aid = aid;
6737 sdata->vif.cfg.s1g = assoc_data->s1g;
6738
6739 if (!ieee80211_assoc_success(sdata, mgmt, elems,
6740 elem_start, elem_len)) {
6741 /* oops -- internal error -- send timeout for now */
6742 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
6743 goto notify_driver;
6744 }
6745 event.u.mlme.status = MLME_SUCCESS;
6746 drv_event_callback(sdata->local, sdata, &event);
6747 sdata_info(sdata, "associated\n");
6748
6749 info.success = 1;
6750 }
6751
6752 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
6753 struct ieee80211_link_data *link;
6754
6755 if (!assoc_data->link[link_id].bss)
6756 continue;
6757
6758 resp.links[link_id].bss = assoc_data->link[link_id].bss;
6759 ether_addr_copy(resp.links[link_id].addr,
6760 assoc_data->link[link_id].addr);
6761 resp.links[link_id].status = assoc_data->link[link_id].status;
6762
6763 link = sdata_dereference(sdata->link[link_id], sdata);
6764 if (!link)
6765 continue;
6766
6767 /* get uapsd queues configuration - same for all links */
6768 resp.uapsd_queues = 0;
6769 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
6770 if (link->tx_conf[ac].uapsd)
6771 resp.uapsd_queues |= ieee80211_ac_to_qos_mask[ac];
6772 }
6773
6774 if (ieee80211_vif_is_mld(&sdata->vif)) {
6775 ether_addr_copy(ap_mld_addr, sdata->vif.cfg.ap_addr);
6776 resp.ap_mld_addr = ap_mld_addr;
6777 }
6778
6779 ieee80211_destroy_assoc_data(sdata,
6780 status_code == WLAN_STATUS_SUCCESS ?
6781 ASSOC_SUCCESS :
6782 ASSOC_REJECTED);
6783
6784 resp.buf = (u8 *)mgmt;
6785 resp.len = len;
6786 resp.req_ies = ifmgd->assoc_req_ies;
6787 resp.req_ies_len = ifmgd->assoc_req_ies_len;
6788 cfg80211_rx_assoc_resp(sdata->dev, &resp);
6789 notify_driver:
6790 drv_mgd_complete_tx(sdata->local, sdata, &info);
6791 kfree(elems);
6792 return;
6793 abandon_assoc:
6794 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
6795 goto notify_driver;
6796 }
6797
ieee80211_rx_bss_info(struct ieee80211_link_data * link,struct ieee80211_mgmt * mgmt,size_t len,struct ieee80211_rx_status * rx_status)6798 static void ieee80211_rx_bss_info(struct ieee80211_link_data *link,
6799 struct ieee80211_mgmt *mgmt, size_t len,
6800 struct ieee80211_rx_status *rx_status)
6801 {
6802 struct ieee80211_sub_if_data *sdata = link->sdata;
6803 struct ieee80211_local *local = sdata->local;
6804 struct ieee80211_bss *bss;
6805 struct ieee80211_channel *channel;
6806
6807 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6808
6809 channel = ieee80211_get_channel_khz(local->hw.wiphy,
6810 ieee80211_rx_status_to_khz(rx_status));
6811 if (!channel)
6812 return;
6813
6814 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel);
6815 if (bss) {
6816 link->conf->beacon_rate = bss->beacon_rate;
6817 ieee80211_rx_bss_put(local, bss);
6818 }
6819 }
6820
6821
ieee80211_rx_mgmt_probe_resp(struct ieee80211_link_data * link,struct sk_buff * skb)6822 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_link_data *link,
6823 struct sk_buff *skb)
6824 {
6825 struct ieee80211_sub_if_data *sdata = link->sdata;
6826 struct ieee80211_mgmt *mgmt = (void *)skb->data;
6827 struct ieee80211_if_managed *ifmgd;
6828 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
6829 struct ieee80211_channel *channel;
6830 size_t baselen, len = skb->len;
6831
6832 ifmgd = &sdata->u.mgd;
6833
6834 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6835
6836 /*
6837 * According to Draft P802.11ax D6.0 clause 26.17.2.3.2:
6838 * "If a 6 GHz AP receives a Probe Request frame and responds with
6839 * a Probe Response frame [..], the Address 1 field of the Probe
6840 * Response frame shall be set to the broadcast address [..]"
6841 * So, on 6GHz band we should also accept broadcast responses.
6842 */
6843 channel = ieee80211_get_channel_khz(sdata->local->hw.wiphy,
6844 ieee80211_rx_status_to_khz(rx_status));
6845 if (!channel)
6846 return;
6847
6848 if (!ether_addr_equal(mgmt->da, sdata->vif.addr) &&
6849 (channel->band != NL80211_BAND_6GHZ ||
6850 !is_broadcast_ether_addr(mgmt->da)))
6851 return; /* ignore ProbeResp to foreign address */
6852
6853 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
6854 if (baselen > len)
6855 return;
6856
6857 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
6858
6859 if (ifmgd->associated &&
6860 ether_addr_equal(mgmt->bssid, link->u.mgd.bssid))
6861 ieee80211_reset_ap_probe(sdata);
6862 }
6863
6864 /*
6865 * This is the canonical list of information elements we care about,
6866 * the filter code also gives us all changes to the Microsoft OUI
6867 * (00:50:F2) vendor IE which is used for WMM which we need to track,
6868 * as well as the DTPC IE (part of the Cisco OUI) used for signaling
6869 * changes to requested client power.
6870 *
6871 * We implement beacon filtering in software since that means we can
6872 * avoid processing the frame here and in cfg80211, and userspace
6873 * will not be able to tell whether the hardware supports it or not.
6874 *
6875 * XXX: This list needs to be dynamic -- userspace needs to be able to
6876 * add items it requires. It also needs to be able to tell us to
6877 * look out for other vendor IEs.
6878 */
6879 static const u64 care_about_ies =
6880 (1ULL << WLAN_EID_COUNTRY) |
6881 (1ULL << WLAN_EID_ERP_INFO) |
6882 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
6883 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
6884 (1ULL << WLAN_EID_HT_CAPABILITY) |
6885 (1ULL << WLAN_EID_HT_OPERATION) |
6886 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN);
6887
ieee80211_handle_beacon_sig(struct ieee80211_link_data * link,struct ieee80211_if_managed * ifmgd,struct ieee80211_bss_conf * bss_conf,struct ieee80211_local * local,struct ieee80211_rx_status * rx_status)6888 static void ieee80211_handle_beacon_sig(struct ieee80211_link_data *link,
6889 struct ieee80211_if_managed *ifmgd,
6890 struct ieee80211_bss_conf *bss_conf,
6891 struct ieee80211_local *local,
6892 struct ieee80211_rx_status *rx_status)
6893 {
6894 struct ieee80211_sub_if_data *sdata = link->sdata;
6895
6896 /* Track average RSSI from the Beacon frames of the current AP */
6897
6898 if (!link->u.mgd.tracking_signal_avg) {
6899 link->u.mgd.tracking_signal_avg = true;
6900 ewma_beacon_signal_init(&link->u.mgd.ave_beacon_signal);
6901 link->u.mgd.last_cqm_event_signal = 0;
6902 link->u.mgd.count_beacon_signal = 1;
6903 link->u.mgd.last_ave_beacon_signal = 0;
6904 } else {
6905 link->u.mgd.count_beacon_signal++;
6906 }
6907
6908 ewma_beacon_signal_add(&link->u.mgd.ave_beacon_signal,
6909 -rx_status->signal);
6910
6911 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
6912 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
6913 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
6914 int last_sig = link->u.mgd.last_ave_beacon_signal;
6915 struct ieee80211_event event = {
6916 .type = RSSI_EVENT,
6917 };
6918
6919 /*
6920 * if signal crosses either of the boundaries, invoke callback
6921 * with appropriate parameters
6922 */
6923 if (sig > ifmgd->rssi_max_thold &&
6924 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
6925 link->u.mgd.last_ave_beacon_signal = sig;
6926 event.u.rssi.data = RSSI_EVENT_HIGH;
6927 drv_event_callback(local, sdata, &event);
6928 } else if (sig < ifmgd->rssi_min_thold &&
6929 (last_sig >= ifmgd->rssi_max_thold ||
6930 last_sig == 0)) {
6931 link->u.mgd.last_ave_beacon_signal = sig;
6932 event.u.rssi.data = RSSI_EVENT_LOW;
6933 drv_event_callback(local, sdata, &event);
6934 }
6935 }
6936
6937 if (bss_conf->cqm_rssi_thold &&
6938 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
6939 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
6940 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
6941 int last_event = link->u.mgd.last_cqm_event_signal;
6942 int thold = bss_conf->cqm_rssi_thold;
6943 int hyst = bss_conf->cqm_rssi_hyst;
6944
6945 if (sig < thold &&
6946 (last_event == 0 || sig < last_event - hyst)) {
6947 link->u.mgd.last_cqm_event_signal = sig;
6948 ieee80211_cqm_rssi_notify(
6949 &sdata->vif,
6950 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
6951 sig, GFP_KERNEL);
6952 } else if (sig > thold &&
6953 (last_event == 0 || sig > last_event + hyst)) {
6954 link->u.mgd.last_cqm_event_signal = sig;
6955 ieee80211_cqm_rssi_notify(
6956 &sdata->vif,
6957 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
6958 sig, GFP_KERNEL);
6959 }
6960 }
6961
6962 if (bss_conf->cqm_rssi_low &&
6963 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
6964 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
6965 int last_event = link->u.mgd.last_cqm_event_signal;
6966 int low = bss_conf->cqm_rssi_low;
6967 int high = bss_conf->cqm_rssi_high;
6968
6969 if (sig < low &&
6970 (last_event == 0 || last_event >= low)) {
6971 link->u.mgd.last_cqm_event_signal = sig;
6972 ieee80211_cqm_rssi_notify(
6973 &sdata->vif,
6974 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
6975 sig, GFP_KERNEL);
6976 } else if (sig > high &&
6977 (last_event == 0 || last_event <= high)) {
6978 link->u.mgd.last_cqm_event_signal = sig;
6979 ieee80211_cqm_rssi_notify(
6980 &sdata->vif,
6981 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
6982 sig, GFP_KERNEL);
6983 }
6984 }
6985 }
6986
ieee80211_rx_our_beacon(const u8 * tx_bssid,struct cfg80211_bss * bss)6987 static bool ieee80211_rx_our_beacon(const u8 *tx_bssid,
6988 struct cfg80211_bss *bss)
6989 {
6990 if (ether_addr_equal(tx_bssid, bss->bssid))
6991 return true;
6992 if (!bss->transmitted_bss)
6993 return false;
6994 return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid);
6995 }
6996
ieee80211_ml_reconf_work(struct wiphy * wiphy,struct wiphy_work * work)6997 static void ieee80211_ml_reconf_work(struct wiphy *wiphy,
6998 struct wiphy_work *work)
6999 {
7000 struct ieee80211_sub_if_data *sdata =
7001 container_of(work, struct ieee80211_sub_if_data,
7002 u.mgd.ml_reconf_work.work);
7003 u16 new_valid_links, new_active_links, new_dormant_links;
7004 int ret;
7005
7006 if (!sdata->u.mgd.removed_links)
7007 return;
7008
7009 sdata_info(sdata,
7010 "MLO Reconfiguration: work: valid=0x%x, removed=0x%x\n",
7011 sdata->vif.valid_links, sdata->u.mgd.removed_links);
7012
7013 new_valid_links = sdata->vif.valid_links & ~sdata->u.mgd.removed_links;
7014 if (new_valid_links == sdata->vif.valid_links)
7015 return;
7016
7017 if (!new_valid_links ||
7018 !(new_valid_links & ~sdata->vif.dormant_links)) {
7019 sdata_info(sdata, "No valid links after reconfiguration\n");
7020 ret = -EINVAL;
7021 goto out;
7022 }
7023
7024 new_active_links = sdata->vif.active_links & ~sdata->u.mgd.removed_links;
7025 if (new_active_links != sdata->vif.active_links) {
7026 if (!new_active_links)
7027 new_active_links =
7028 BIT(ffs(new_valid_links &
7029 ~sdata->vif.dormant_links) - 1);
7030
7031 ret = ieee80211_set_active_links(&sdata->vif, new_active_links);
7032 if (ret) {
7033 sdata_info(sdata,
7034 "Failed setting active links\n");
7035 goto out;
7036 }
7037 }
7038
7039 new_dormant_links = sdata->vif.dormant_links & ~sdata->u.mgd.removed_links;
7040
7041 ret = ieee80211_vif_set_links(sdata, new_valid_links,
7042 new_dormant_links);
7043 if (ret)
7044 sdata_info(sdata, "Failed setting valid links\n");
7045
7046 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_VALID_LINKS);
7047
7048 out:
7049 if (!ret)
7050 cfg80211_links_removed(sdata->dev, sdata->u.mgd.removed_links);
7051 else
7052 __ieee80211_disconnect(sdata);
7053
7054 sdata->u.mgd.removed_links = 0;
7055 }
7056
ieee80211_ml_reconfiguration(struct ieee80211_sub_if_data * sdata,struct ieee802_11_elems * elems)7057 static void ieee80211_ml_reconfiguration(struct ieee80211_sub_if_data *sdata,
7058 struct ieee802_11_elems *elems)
7059 {
7060 const struct element *sub;
7061 unsigned long removed_links = 0;
7062 u16 link_removal_timeout[IEEE80211_MLD_MAX_NUM_LINKS] = {};
7063 u8 link_id;
7064 u32 delay;
7065
7066 if (!ieee80211_vif_is_mld(&sdata->vif) || !elems->ml_reconf)
7067 return;
7068
7069 /* Directly parse the sub elements as the common information doesn't
7070 * hold any useful information.
7071 */
7072 for_each_mle_subelement(sub, (const u8 *)elems->ml_reconf,
7073 elems->ml_reconf_len) {
7074 struct ieee80211_mle_per_sta_profile *prof = (void *)sub->data;
7075 u8 *pos = prof->variable;
7076 u16 control;
7077
7078 if (sub->id != IEEE80211_MLE_SUBELEM_PER_STA_PROFILE)
7079 continue;
7080
7081 if (!ieee80211_mle_reconf_sta_prof_size_ok(sub->data,
7082 sub->datalen))
7083 return;
7084
7085 control = le16_to_cpu(prof->control);
7086 link_id = control & IEEE80211_MLE_STA_RECONF_CONTROL_LINK_ID;
7087
7088 removed_links |= BIT(link_id);
7089
7090 /* the MAC address should not be included, but handle it */
7091 if (control &
7092 IEEE80211_MLE_STA_RECONF_CONTROL_STA_MAC_ADDR_PRESENT)
7093 pos += 6;
7094
7095 /* According to Draft P802.11be_D3.0, the control should
7096 * include the AP Removal Timer present. If the AP Removal Timer
7097 * is not present assume immediate removal.
7098 */
7099 if (control &
7100 IEEE80211_MLE_STA_RECONF_CONTROL_AP_REM_TIMER_PRESENT)
7101 link_removal_timeout[link_id] = get_unaligned_le16(pos);
7102 }
7103
7104 removed_links &= sdata->vif.valid_links;
7105 if (!removed_links) {
7106 /* In case the removal was cancelled, abort it */
7107 if (sdata->u.mgd.removed_links) {
7108 sdata->u.mgd.removed_links = 0;
7109 wiphy_hrtimer_work_cancel(sdata->local->hw.wiphy,
7110 &sdata->u.mgd.ml_reconf_work);
7111 }
7112 return;
7113 }
7114
7115 delay = 0;
7116 for_each_set_bit(link_id, &removed_links, IEEE80211_MLD_MAX_NUM_LINKS) {
7117 struct ieee80211_bss_conf *link_conf =
7118 sdata_dereference(sdata->vif.link_conf[link_id], sdata);
7119 u32 link_delay;
7120
7121 if (!link_conf) {
7122 removed_links &= ~BIT(link_id);
7123 continue;
7124 }
7125
7126 if (link_removal_timeout[link_id] < 1)
7127 link_delay = 0;
7128 else
7129 link_delay = link_conf->beacon_int *
7130 (link_removal_timeout[link_id] - 1);
7131
7132 if (!delay)
7133 delay = link_delay;
7134 else
7135 delay = min(delay, link_delay);
7136 }
7137
7138 sdata->u.mgd.removed_links = removed_links;
7139 wiphy_hrtimer_work_queue(sdata->local->hw.wiphy,
7140 &sdata->u.mgd.ml_reconf_work,
7141 us_to_ktime(ieee80211_tu_to_usec(delay)));
7142 }
7143
ieee80211_ttlm_set_links(struct ieee80211_sub_if_data * sdata,u16 active_links,u16 dormant_links,u16 suspended_links)7144 static int ieee80211_ttlm_set_links(struct ieee80211_sub_if_data *sdata,
7145 u16 active_links, u16 dormant_links,
7146 u16 suspended_links)
7147 {
7148 u64 changed = 0;
7149 int ret;
7150
7151 if (!active_links) {
7152 ret = -EINVAL;
7153 goto out;
7154 }
7155
7156 /* If there is an active negotiated TTLM, it should be discarded by
7157 * the new negotiated/advertised TTLM.
7158 */
7159 if (sdata->vif.neg_ttlm.valid) {
7160 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
7161 sdata->vif.suspended_links = 0;
7162 changed = BSS_CHANGED_MLD_TTLM;
7163 }
7164
7165 if (sdata->vif.active_links != active_links) {
7166 /* usable links are affected when active_links are changed,
7167 * so notify the driver about the status change
7168 */
7169 changed |= BSS_CHANGED_MLD_VALID_LINKS;
7170 active_links &= sdata->vif.active_links;
7171 if (!active_links)
7172 active_links =
7173 BIT(__ffs(sdata->vif.valid_links &
7174 ~dormant_links));
7175 ret = ieee80211_set_active_links(&sdata->vif, active_links);
7176 if (ret) {
7177 sdata_info(sdata, "Failed to set TTLM active links\n");
7178 goto out;
7179 }
7180 }
7181
7182 ret = ieee80211_vif_set_links(sdata, sdata->vif.valid_links,
7183 dormant_links);
7184 if (ret) {
7185 sdata_info(sdata, "Failed to set TTLM dormant links\n");
7186 goto out;
7187 }
7188
7189 sdata->vif.suspended_links = suspended_links;
7190 if (sdata->vif.suspended_links)
7191 changed |= BSS_CHANGED_MLD_TTLM;
7192
7193 ieee80211_vif_cfg_change_notify(sdata, changed);
7194
7195 out:
7196 if (ret)
7197 ieee80211_disconnect(&sdata->vif, false);
7198
7199 return ret;
7200 }
7201
ieee80211_tid_to_link_map_work(struct wiphy * wiphy,struct wiphy_work * work)7202 static void ieee80211_tid_to_link_map_work(struct wiphy *wiphy,
7203 struct wiphy_work *work)
7204 {
7205 u16 new_active_links, new_dormant_links;
7206 struct ieee80211_sub_if_data *sdata =
7207 container_of(work, struct ieee80211_sub_if_data,
7208 u.mgd.ttlm_work.work);
7209
7210 new_active_links = sdata->u.mgd.ttlm_info.map &
7211 sdata->vif.valid_links;
7212 new_dormant_links = ~sdata->u.mgd.ttlm_info.map &
7213 sdata->vif.valid_links;
7214
7215 ieee80211_vif_set_links(sdata, sdata->vif.valid_links, 0);
7216 if (ieee80211_ttlm_set_links(sdata, new_active_links, new_dormant_links,
7217 0))
7218 return;
7219
7220 sdata->u.mgd.ttlm_info.active = true;
7221 sdata->u.mgd.ttlm_info.switch_time = 0;
7222 }
7223
ieee80211_process_adv_ttlm(struct ieee80211_sub_if_data * sdata,struct ieee802_11_elems * elems,u64 beacon_ts)7224 static void ieee80211_process_adv_ttlm(struct ieee80211_sub_if_data *sdata,
7225 struct ieee802_11_elems *elems,
7226 u64 beacon_ts)
7227 {
7228 u8 i;
7229 int ret;
7230
7231 if (!ieee80211_vif_is_mld(&sdata->vif))
7232 return;
7233
7234 if (!elems->ttlm_num) {
7235 if (sdata->u.mgd.ttlm_info.switch_time) {
7236 /* if a planned TID-to-link mapping was cancelled -
7237 * abort it
7238 */
7239 wiphy_hrtimer_work_cancel(sdata->local->hw.wiphy,
7240 &sdata->u.mgd.ttlm_work);
7241 } else if (sdata->u.mgd.ttlm_info.active) {
7242 /* if no TID-to-link element, set to default mapping in
7243 * which all TIDs are mapped to all setup links
7244 */
7245 ret = ieee80211_vif_set_links(sdata,
7246 sdata->vif.valid_links,
7247 0);
7248 if (ret) {
7249 sdata_info(sdata, "Failed setting valid/dormant links\n");
7250 return;
7251 }
7252 ieee80211_vif_cfg_change_notify(sdata,
7253 BSS_CHANGED_MLD_VALID_LINKS);
7254 }
7255 memset(&sdata->u.mgd.ttlm_info, 0,
7256 sizeof(sdata->u.mgd.ttlm_info));
7257 return;
7258 }
7259
7260 for (i = 0; i < elems->ttlm_num; i++) {
7261 struct ieee80211_adv_ttlm_info ttlm_info;
7262 u32 res;
7263
7264 res = ieee80211_parse_adv_t2l(sdata, elems->ttlm[i],
7265 &ttlm_info);
7266
7267 if (res) {
7268 __ieee80211_disconnect(sdata);
7269 return;
7270 }
7271
7272 if (ttlm_info.switch_time) {
7273 u16 beacon_ts_tu, st_tu, delay;
7274 u64 delay_usec;
7275 u64 mask;
7276
7277 /* The t2l map switch time is indicated with a partial
7278 * TSF value (bits 10 to 25), get the partial beacon TS
7279 * as well, and calc the delay to the start time.
7280 */
7281 mask = GENMASK_ULL(25, 10);
7282 beacon_ts_tu = (beacon_ts & mask) >> 10;
7283 st_tu = ttlm_info.switch_time;
7284 delay = st_tu - beacon_ts_tu;
7285
7286 /*
7287 * If the switch time is far in the future, then it
7288 * could also be the previous switch still being
7289 * announced.
7290 * We can simply ignore it for now, if it is a future
7291 * switch the AP will continue to announce it anyway.
7292 */
7293 if (delay > IEEE80211_ADV_TTLM_ST_UNDERFLOW)
7294 return;
7295
7296 delay_usec = ieee80211_tu_to_usec(delay);
7297
7298 /* Link switching can take time, so schedule it
7299 * 100ms before to be ready on time
7300 */
7301 if (delay_usec > IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS)
7302 delay_usec -=
7303 IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS;
7304 else
7305 delay_usec = 0;
7306
7307 sdata->u.mgd.ttlm_info = ttlm_info;
7308 wiphy_hrtimer_work_cancel(sdata->local->hw.wiphy,
7309 &sdata->u.mgd.ttlm_work);
7310 wiphy_hrtimer_work_queue(sdata->local->hw.wiphy,
7311 &sdata->u.mgd.ttlm_work,
7312 us_to_ktime(delay_usec));
7313 return;
7314 }
7315 }
7316 }
7317
7318 static void
ieee80211_mgd_check_cross_link_csa(struct ieee80211_sub_if_data * sdata,int reporting_link_id,struct ieee802_11_elems * elems)7319 ieee80211_mgd_check_cross_link_csa(struct ieee80211_sub_if_data *sdata,
7320 int reporting_link_id,
7321 struct ieee802_11_elems *elems)
7322 {
7323 const struct element *sta_profiles[IEEE80211_MLD_MAX_NUM_LINKS] = {};
7324 ssize_t sta_profiles_len[IEEE80211_MLD_MAX_NUM_LINKS] = {};
7325 const struct element *sub;
7326 const u8 *subelems;
7327 size_t subelems_len;
7328 u8 common_size;
7329 int link_id;
7330
7331 if (!ieee80211_mle_size_ok((u8 *)elems->ml_basic, elems->ml_basic_len))
7332 return;
7333
7334 common_size = ieee80211_mle_common_size((u8 *)elems->ml_basic);
7335 subelems = (u8 *)elems->ml_basic + common_size;
7336 subelems_len = elems->ml_basic_len - common_size;
7337
7338 for_each_element_id(sub, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE,
7339 subelems, subelems_len) {
7340 struct ieee80211_mle_per_sta_profile *prof = (void *)sub->data;
7341 struct ieee80211_link_data *link;
7342 ssize_t len;
7343
7344 if (!ieee80211_mle_basic_sta_prof_size_ok(sub->data,
7345 sub->datalen))
7346 continue;
7347
7348 link_id = le16_get_bits(prof->control,
7349 IEEE80211_MLE_STA_CONTROL_LINK_ID);
7350 /* need a valid link ID, but also not our own, both AP bugs */
7351 if (link_id == reporting_link_id ||
7352 link_id >= IEEE80211_MLD_MAX_NUM_LINKS)
7353 continue;
7354
7355 link = sdata_dereference(sdata->link[link_id], sdata);
7356 if (!link)
7357 continue;
7358
7359 len = cfg80211_defragment_element(sub, subelems, subelems_len,
7360 NULL, 0,
7361 IEEE80211_MLE_SUBELEM_FRAGMENT);
7362 if (WARN_ON(len < 0))
7363 continue;
7364
7365 sta_profiles[link_id] = sub;
7366 sta_profiles_len[link_id] = len;
7367 }
7368
7369 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
7370 struct ieee80211_mle_per_sta_profile *prof;
7371 struct ieee802_11_elems *prof_elems;
7372 struct ieee80211_link_data *link;
7373 ssize_t len;
7374
7375 if (link_id == reporting_link_id)
7376 continue;
7377
7378 link = sdata_dereference(sdata->link[link_id], sdata);
7379 if (!link)
7380 continue;
7381
7382 if (!sta_profiles[link_id]) {
7383 prof_elems = NULL;
7384 goto handle;
7385 }
7386
7387 /* we can defragment in-place, won't use the buffer again */
7388 len = cfg80211_defragment_element(sta_profiles[link_id],
7389 subelems, subelems_len,
7390 (void *)sta_profiles[link_id],
7391 sta_profiles_len[link_id],
7392 IEEE80211_MLE_SUBELEM_FRAGMENT);
7393 if (WARN_ON(len != sta_profiles_len[link_id]))
7394 continue;
7395
7396 prof = (void *)sta_profiles[link_id];
7397 prof_elems = ieee802_11_parse_elems(prof->variable +
7398 (prof->sta_info_len - 1),
7399 len -
7400 (prof->sta_info_len - 1),
7401 IEEE80211_FTYPE_MGMT |
7402 IEEE80211_STYPE_BEACON,
7403 NULL);
7404
7405 /* memory allocation failed - let's hope that's transient */
7406 if (!prof_elems)
7407 continue;
7408
7409 handle:
7410 /*
7411 * FIXME: the timings here are obviously incorrect,
7412 * but only older Intel drivers seem to care, and
7413 * those don't have MLO. If you really need this,
7414 * the problem is having to calculate it with the
7415 * TSF offset etc. The device_timestamp is still
7416 * correct, of course.
7417 */
7418 ieee80211_sta_process_chanswitch(link, 0, 0, elems, prof_elems,
7419 IEEE80211_CSA_SOURCE_OTHER_LINK);
7420 kfree(prof_elems);
7421 }
7422 }
7423
ieee80211_mgd_ssid_mismatch(struct ieee80211_sub_if_data * sdata,const struct ieee802_11_elems * elems)7424 static bool ieee80211_mgd_ssid_mismatch(struct ieee80211_sub_if_data *sdata,
7425 const struct ieee802_11_elems *elems)
7426 {
7427 struct ieee80211_vif_cfg *cfg = &sdata->vif.cfg;
7428 static u8 zero_ssid[IEEE80211_MAX_SSID_LEN];
7429
7430 if (!elems->ssid)
7431 return false;
7432
7433 /* hidden SSID: zero length */
7434 if (elems->ssid_len == 0)
7435 return false;
7436
7437 if (elems->ssid_len != cfg->ssid_len)
7438 return true;
7439
7440 /* hidden SSID: zeroed out */
7441 if (!memcmp(elems->ssid, zero_ssid, elems->ssid_len))
7442 return false;
7443
7444 return memcmp(elems->ssid, cfg->ssid, cfg->ssid_len);
7445 }
7446
7447 static bool
ieee80211_rx_beacon_freq_valid(struct ieee80211_local * local,struct ieee80211_mgmt * mgmt,struct ieee80211_rx_status * rx_status,struct ieee80211_chanctx_conf * chanctx)7448 ieee80211_rx_beacon_freq_valid(struct ieee80211_local *local,
7449 struct ieee80211_mgmt *mgmt,
7450 struct ieee80211_rx_status *rx_status,
7451 struct ieee80211_chanctx_conf *chanctx)
7452 {
7453 u32 pri_2mhz_khz;
7454 struct ieee80211_channel *s1g_sibling_1mhz;
7455 u32 pri_khz = ieee80211_channel_to_khz(chanctx->def.chan);
7456 u32 rx_khz = ieee80211_rx_status_to_khz(rx_status);
7457
7458 if (rx_khz == pri_khz)
7459 return true;
7460
7461 if (!chanctx->def.s1g_primary_2mhz)
7462 return false;
7463
7464 /*
7465 * If we have an S1G interface with a 2MHz primary, beacons are
7466 * sent on the center frequency of the 2MHz primary. Find the sibling
7467 * 1MHz channel and calculate the 2MHz primary center frequency.
7468 */
7469 s1g_sibling_1mhz = cfg80211_s1g_get_primary_sibling(local->hw.wiphy,
7470 &chanctx->def);
7471 if (!s1g_sibling_1mhz)
7472 return false;
7473
7474 pri_2mhz_khz =
7475 (pri_khz + ieee80211_channel_to_khz(s1g_sibling_1mhz)) / 2;
7476 return rx_khz == pri_2mhz_khz;
7477 }
7478
ieee80211_rx_mgmt_beacon(struct ieee80211_link_data * link,struct ieee80211_hdr * hdr,size_t len,struct ieee80211_rx_status * rx_status)7479 static void ieee80211_rx_mgmt_beacon(struct ieee80211_link_data *link,
7480 struct ieee80211_hdr *hdr, size_t len,
7481 struct ieee80211_rx_status *rx_status)
7482 {
7483 struct ieee80211_sub_if_data *sdata = link->sdata;
7484 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7485 struct ieee80211_bss_conf *bss_conf = link->conf;
7486 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
7487 struct ieee80211_mgmt *mgmt = (void *) hdr;
7488 struct ieee80211_ext *ext = NULL;
7489 size_t baselen;
7490 struct ieee802_11_elems *elems;
7491 struct ieee80211_local *local = sdata->local;
7492 struct ieee80211_chanctx_conf *chanctx_conf;
7493 struct ieee80211_supported_band *sband;
7494 struct ieee80211_channel *chan;
7495 struct link_sta_info *link_sta;
7496 struct sta_info *sta;
7497 u64 changed = 0;
7498 bool erp_valid;
7499 u8 erp_value = 0;
7500 u32 ncrc = 0;
7501 u8 *bssid, *variable = mgmt->u.beacon.variable;
7502 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
7503 struct ieee80211_elems_parse_params parse_params = {
7504 .mode = link->u.mgd.conn.mode,
7505 .link_id = -1,
7506 .from_ap = true,
7507 .type = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_TYPE,
7508 };
7509
7510 lockdep_assert_wiphy(local->hw.wiphy);
7511
7512 /* Process beacon from the current BSS */
7513 bssid = ieee80211_get_bssid(hdr, len, sdata->vif.type);
7514 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) {
7515 ext = (void *)mgmt;
7516 variable = ext->u.s1g_beacon.variable +
7517 ieee80211_s1g_optional_len(ext->frame_control);
7518 }
7519
7520 baselen = (u8 *) variable - (u8 *) mgmt;
7521 if (baselen > len)
7522 return;
7523
7524 parse_params.start = variable;
7525 parse_params.len = len - baselen;
7526
7527 rcu_read_lock();
7528 chanctx_conf = rcu_dereference(bss_conf->chanctx_conf);
7529 if (!chanctx_conf) {
7530 rcu_read_unlock();
7531 return;
7532 }
7533
7534 if (!ieee80211_rx_beacon_freq_valid(local, mgmt, rx_status,
7535 chanctx_conf)) {
7536 rcu_read_unlock();
7537 return;
7538 }
7539 chan = chanctx_conf->def.chan;
7540 rcu_read_unlock();
7541
7542 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
7543 !WARN_ON(ieee80211_vif_is_mld(&sdata->vif)) &&
7544 ieee80211_rx_our_beacon(bssid, ifmgd->assoc_data->link[0].bss)) {
7545 parse_params.bss = ifmgd->assoc_data->link[0].bss;
7546 elems = ieee802_11_parse_elems_full(&parse_params);
7547 if (!elems)
7548 return;
7549
7550 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
7551
7552 if (elems->dtim_period)
7553 link->u.mgd.dtim_period = elems->dtim_period;
7554 link->u.mgd.have_beacon = true;
7555 ifmgd->assoc_data->need_beacon = false;
7556 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) &&
7557 !ieee80211_is_s1g_beacon(hdr->frame_control)) {
7558 bss_conf->sync_tsf =
7559 le64_to_cpu(mgmt->u.beacon.timestamp);
7560 bss_conf->sync_device_ts =
7561 rx_status->device_timestamp;
7562 bss_conf->sync_dtim_count = elems->dtim_count;
7563 }
7564
7565 if (elems->mbssid_config_ie)
7566 bss_conf->profile_periodicity =
7567 elems->mbssid_config_ie->profile_periodicity;
7568 else
7569 bss_conf->profile_periodicity = 0;
7570
7571 if (elems->ext_capab_len >= 11 &&
7572 (elems->ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
7573 bss_conf->ema_ap = true;
7574 else
7575 bss_conf->ema_ap = false;
7576
7577 /* continue assoc process */
7578 ifmgd->assoc_data->timeout = jiffies;
7579 ifmgd->assoc_data->timeout_started = true;
7580 run_again(sdata, ifmgd->assoc_data->timeout);
7581 kfree(elems);
7582 return;
7583 }
7584
7585 if (!ifmgd->associated ||
7586 !ieee80211_rx_our_beacon(bssid, bss_conf->bss))
7587 return;
7588 bssid = link->u.mgd.bssid;
7589
7590 if (!(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL))
7591 ieee80211_handle_beacon_sig(link, ifmgd, bss_conf,
7592 local, rx_status);
7593
7594 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
7595 mlme_dbg_ratelimited(sdata,
7596 "cancelling AP probe due to a received beacon\n");
7597 ieee80211_reset_ap_probe(sdata);
7598 }
7599
7600 /*
7601 * Push the beacon loss detection into the future since
7602 * we are processing a beacon from the AP just now.
7603 */
7604 ieee80211_sta_reset_beacon_monitor(sdata);
7605
7606 /* TODO: CRC urrently not calculated on S1G Beacon Compatibility
7607 * element (which carries the beacon interval). Don't forget to add a
7608 * bit to care_about_ies[] above if mac80211 is interested in a
7609 * changing S1G element.
7610 */
7611 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
7612 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
7613 parse_params.bss = bss_conf->bss;
7614 parse_params.filter = care_about_ies;
7615 parse_params.crc = ncrc;
7616 elems = ieee802_11_parse_elems_full(&parse_params);
7617 if (!elems)
7618 return;
7619
7620 if (rx_status->flag & RX_FLAG_DECRYPTED &&
7621 ieee80211_mgd_ssid_mismatch(sdata, elems)) {
7622 sdata_info(sdata, "SSID mismatch for AP %pM, disconnect\n",
7623 sdata->vif.cfg.ap_addr);
7624 __ieee80211_disconnect(sdata);
7625 return;
7626 }
7627
7628 ncrc = elems->crc;
7629
7630 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
7631 ieee80211_check_tim(elems->tim, elems->tim_len, vif_cfg->aid,
7632 vif_cfg->s1g)) {
7633 if (local->hw.conf.dynamic_ps_timeout > 0) {
7634 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
7635 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
7636 ieee80211_hw_config(local, -1,
7637 IEEE80211_CONF_CHANGE_PS);
7638 }
7639 ieee80211_send_nullfunc(local, sdata, false);
7640 } else if (!local->pspolling && sdata->u.mgd.powersave) {
7641 local->pspolling = true;
7642
7643 /*
7644 * Here is assumed that the driver will be
7645 * able to send ps-poll frame and receive a
7646 * response even though power save mode is
7647 * enabled, but some drivers might require
7648 * to disable power save here. This needs
7649 * to be investigated.
7650 */
7651 ieee80211_send_pspoll(local, sdata);
7652 }
7653 }
7654
7655 if (sdata->vif.p2p ||
7656 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
7657 struct ieee80211_p2p_noa_attr noa = {};
7658 int ret;
7659
7660 ret = cfg80211_get_p2p_attr(variable,
7661 len - baselen,
7662 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
7663 (u8 *) &noa, sizeof(noa));
7664 if (ret >= 2) {
7665 if (link->u.mgd.p2p_noa_index != noa.index) {
7666 /* valid noa_attr and index changed */
7667 link->u.mgd.p2p_noa_index = noa.index;
7668 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
7669 changed |= BSS_CHANGED_P2P_PS;
7670 /*
7671 * make sure we update all information, the CRC
7672 * mechanism doesn't look at P2P attributes.
7673 */
7674 link->u.mgd.beacon_crc_valid = false;
7675 }
7676 } else if (link->u.mgd.p2p_noa_index != -1) {
7677 /* noa_attr not found and we had valid noa_attr before */
7678 link->u.mgd.p2p_noa_index = -1;
7679 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
7680 changed |= BSS_CHANGED_P2P_PS;
7681 link->u.mgd.beacon_crc_valid = false;
7682 }
7683 }
7684
7685 /*
7686 * Update beacon timing and dtim count on every beacon appearance. This
7687 * will allow the driver to use the most updated values. Do it before
7688 * comparing this one with last received beacon.
7689 * IMPORTANT: These parameters would possibly be out of sync by the time
7690 * the driver will use them. The synchronized view is currently
7691 * guaranteed only in certain callbacks.
7692 */
7693 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) &&
7694 !ieee80211_is_s1g_beacon(hdr->frame_control)) {
7695 bss_conf->sync_tsf =
7696 le64_to_cpu(mgmt->u.beacon.timestamp);
7697 bss_conf->sync_device_ts =
7698 rx_status->device_timestamp;
7699 bss_conf->sync_dtim_count = elems->dtim_count;
7700 }
7701
7702 if ((ncrc == link->u.mgd.beacon_crc && link->u.mgd.beacon_crc_valid) ||
7703 (ext && ieee80211_is_s1g_short_beacon(ext->frame_control,
7704 parse_params.start,
7705 parse_params.len)))
7706 goto free;
7707 link->u.mgd.beacon_crc = ncrc;
7708 link->u.mgd.beacon_crc_valid = true;
7709
7710 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
7711
7712 ieee80211_sta_process_chanswitch(link, rx_status->mactime,
7713 rx_status->device_timestamp,
7714 elems, elems,
7715 IEEE80211_CSA_SOURCE_BEACON);
7716
7717 /* note that after this elems->ml_basic can no longer be used fully */
7718 ieee80211_mgd_check_cross_link_csa(sdata, rx_status->link_id, elems);
7719
7720 ieee80211_mgd_update_bss_param_ch_cnt(sdata, bss_conf, elems);
7721
7722 if (!sdata->u.mgd.epcs.enabled &&
7723 !link->u.mgd.disable_wmm_tracking &&
7724 ieee80211_sta_wmm_params(local, link, elems->wmm_param,
7725 elems->wmm_param_len,
7726 elems->mu_edca_param_set))
7727 changed |= BSS_CHANGED_QOS;
7728
7729 /*
7730 * If we haven't had a beacon before, tell the driver about the
7731 * DTIM period (and beacon timing if desired) now.
7732 */
7733 if (!link->u.mgd.have_beacon) {
7734 /* a few bogus AP send dtim_period = 0 or no TIM IE */
7735 bss_conf->dtim_period = elems->dtim_period ?: 1;
7736
7737 changed |= BSS_CHANGED_BEACON_INFO;
7738 link->u.mgd.have_beacon = true;
7739
7740 ieee80211_recalc_ps(local);
7741
7742 ieee80211_recalc_ps_vif(sdata);
7743 }
7744
7745 if (elems->erp_info) {
7746 erp_valid = true;
7747 erp_value = elems->erp_info[0];
7748 } else {
7749 erp_valid = false;
7750 }
7751
7752 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
7753 changed |= ieee80211_handle_bss_capability(link,
7754 le16_to_cpu(mgmt->u.beacon.capab_info),
7755 erp_valid, erp_value);
7756
7757 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
7758 if (WARN_ON(!sta)) {
7759 goto free;
7760 }
7761 link_sta = rcu_dereference_protected(sta->link[link->link_id],
7762 lockdep_is_held(&local->hw.wiphy->mtx));
7763 if (WARN_ON(!link_sta)) {
7764 goto free;
7765 }
7766
7767 if (WARN_ON(!bss_conf->chanreq.oper.chan))
7768 goto free;
7769
7770 sband = local->hw.wiphy->bands[bss_conf->chanreq.oper.chan->band];
7771
7772 changed |= ieee80211_recalc_twt_req(sdata, sband, link, link_sta, elems);
7773
7774 if (ieee80211_config_bw(link, elems, true, &changed,
7775 IEEE80211_STYPE_BEACON)) {
7776 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
7777 WLAN_REASON_DEAUTH_LEAVING,
7778 true, deauth_buf);
7779 ieee80211_report_disconnect(sdata, deauth_buf,
7780 sizeof(deauth_buf), true,
7781 WLAN_REASON_DEAUTH_LEAVING,
7782 false);
7783 goto free;
7784 }
7785
7786 if (elems->opmode_notif)
7787 ieee80211_vht_handle_opmode(sdata, link_sta,
7788 *elems->opmode_notif,
7789 rx_status->band);
7790
7791 changed |= ieee80211_handle_pwr_constr(link, chan, mgmt,
7792 elems->country_elem,
7793 elems->country_elem_len,
7794 elems->pwr_constr_elem,
7795 elems->cisco_dtpc_elem);
7796
7797 ieee80211_ml_reconfiguration(sdata, elems);
7798 ieee80211_process_adv_ttlm(sdata, elems,
7799 le64_to_cpu(mgmt->u.beacon.timestamp));
7800
7801 ieee80211_link_info_change_notify(sdata, link, changed);
7802 free:
7803 kfree(elems);
7804 }
7805
ieee80211_apply_neg_ttlm(struct ieee80211_sub_if_data * sdata,struct ieee80211_neg_ttlm neg_ttlm)7806 static void ieee80211_apply_neg_ttlm(struct ieee80211_sub_if_data *sdata,
7807 struct ieee80211_neg_ttlm neg_ttlm)
7808 {
7809 u16 new_active_links, new_dormant_links, new_suspended_links, map = 0;
7810 u8 i;
7811
7812 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++)
7813 map |= neg_ttlm.downlink[i] | neg_ttlm.uplink[i];
7814
7815 /* If there is an active TTLM, unset previously suspended links */
7816 if (sdata->vif.neg_ttlm.valid)
7817 sdata->vif.dormant_links &= ~sdata->vif.suspended_links;
7818
7819 /* exclude links that are already disabled by advertised TTLM */
7820 new_active_links =
7821 map & sdata->vif.valid_links & ~sdata->vif.dormant_links;
7822 new_suspended_links =
7823 (~map & sdata->vif.valid_links) & ~sdata->vif.dormant_links;
7824 new_dormant_links = sdata->vif.dormant_links | new_suspended_links;
7825 if (ieee80211_ttlm_set_links(sdata, new_active_links,
7826 new_dormant_links, new_suspended_links))
7827 return;
7828
7829 sdata->vif.neg_ttlm = neg_ttlm;
7830 sdata->vif.neg_ttlm.valid = true;
7831 }
7832
ieee80211_neg_ttlm_timeout_work(struct wiphy * wiphy,struct wiphy_work * work)7833 static void ieee80211_neg_ttlm_timeout_work(struct wiphy *wiphy,
7834 struct wiphy_work *work)
7835 {
7836 struct ieee80211_sub_if_data *sdata =
7837 container_of(work, struct ieee80211_sub_if_data,
7838 u.mgd.neg_ttlm_timeout_work.work);
7839
7840 sdata_info(sdata,
7841 "No negotiated TTLM response from AP, disconnecting.\n");
7842
7843 __ieee80211_disconnect(sdata);
7844 }
7845
7846 static void
ieee80211_neg_ttlm_add_suggested_map(struct sk_buff * skb,struct ieee80211_neg_ttlm * neg_ttlm)7847 ieee80211_neg_ttlm_add_suggested_map(struct sk_buff *skb,
7848 struct ieee80211_neg_ttlm *neg_ttlm)
7849 {
7850 u8 i, direction[IEEE80211_TTLM_MAX_CNT];
7851
7852 if (memcmp(neg_ttlm->downlink, neg_ttlm->uplink,
7853 sizeof(neg_ttlm->downlink))) {
7854 direction[0] = IEEE80211_TTLM_DIRECTION_DOWN;
7855 direction[1] = IEEE80211_TTLM_DIRECTION_UP;
7856 } else {
7857 direction[0] = IEEE80211_TTLM_DIRECTION_BOTH;
7858 }
7859
7860 for (i = 0; i < ARRAY_SIZE(direction); i++) {
7861 u8 tid, len, map_ind = 0, *len_pos, *map_ind_pos, *pos;
7862 __le16 map;
7863
7864 len = sizeof(struct ieee80211_ttlm_elem) + 1 + 1;
7865
7866 pos = skb_put(skb, len + 2);
7867 *pos++ = WLAN_EID_EXTENSION;
7868 len_pos = pos++;
7869 *pos++ = WLAN_EID_EXT_TID_TO_LINK_MAPPING;
7870 *pos++ = direction[i];
7871 map_ind_pos = pos++;
7872 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
7873 map = direction[i] == IEEE80211_TTLM_DIRECTION_UP ?
7874 cpu_to_le16(neg_ttlm->uplink[tid]) :
7875 cpu_to_le16(neg_ttlm->downlink[tid]);
7876 if (!map)
7877 continue;
7878
7879 len += 2;
7880 map_ind |= BIT(tid);
7881 skb_put_data(skb, &map, sizeof(map));
7882 }
7883
7884 *map_ind_pos = map_ind;
7885 *len_pos = len;
7886
7887 if (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH)
7888 break;
7889 }
7890 }
7891
7892 static void
ieee80211_send_neg_ttlm_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_neg_ttlm * neg_ttlm,u8 dialog_token)7893 ieee80211_send_neg_ttlm_req(struct ieee80211_sub_if_data *sdata,
7894 struct ieee80211_neg_ttlm *neg_ttlm,
7895 u8 dialog_token)
7896 {
7897 struct ieee80211_local *local = sdata->local;
7898 struct ieee80211_mgmt *mgmt;
7899 struct sk_buff *skb;
7900 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.ttlm_req);
7901 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 +
7902 2 * 2 * IEEE80211_TTLM_NUM_TIDS;
7903
7904 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len);
7905 if (!skb)
7906 return;
7907
7908 skb_reserve(skb, local->tx_headroom);
7909 mgmt = skb_put_zero(skb, hdr_len);
7910 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
7911 IEEE80211_STYPE_ACTION);
7912 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
7913 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
7914 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
7915
7916 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
7917 mgmt->u.action.u.ttlm_req.action_code =
7918 WLAN_PROTECTED_EHT_ACTION_TTLM_REQ;
7919 mgmt->u.action.u.ttlm_req.dialog_token = dialog_token;
7920 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm);
7921 ieee80211_tx_skb(sdata, skb);
7922 }
7923
ieee80211_req_neg_ttlm(struct ieee80211_sub_if_data * sdata,struct cfg80211_ttlm_params * params)7924 int ieee80211_req_neg_ttlm(struct ieee80211_sub_if_data *sdata,
7925 struct cfg80211_ttlm_params *params)
7926 {
7927 struct ieee80211_neg_ttlm neg_ttlm = {};
7928 u8 i;
7929
7930 if (!ieee80211_vif_is_mld(&sdata->vif) ||
7931 !(sdata->vif.cfg.mld_capa_op &
7932 IEEE80211_MLD_CAP_OP_TID_TO_LINK_MAP_NEG_SUPP))
7933 return -EINVAL;
7934
7935 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) {
7936 if ((params->dlink[i] & ~sdata->vif.valid_links) ||
7937 (params->ulink[i] & ~sdata->vif.valid_links))
7938 return -EINVAL;
7939
7940 neg_ttlm.downlink[i] = params->dlink[i];
7941 neg_ttlm.uplink[i] = params->ulink[i];
7942 }
7943
7944 if (drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm) !=
7945 NEG_TTLM_RES_ACCEPT)
7946 return -EINVAL;
7947
7948 ieee80211_apply_neg_ttlm(sdata, neg_ttlm);
7949 sdata->u.mgd.dialog_token_alloc++;
7950 ieee80211_send_neg_ttlm_req(sdata, &sdata->vif.neg_ttlm,
7951 sdata->u.mgd.dialog_token_alloc);
7952 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
7953 &sdata->u.mgd.neg_ttlm_timeout_work);
7954 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
7955 &sdata->u.mgd.neg_ttlm_timeout_work,
7956 IEEE80211_NEG_TTLM_REQ_TIMEOUT);
7957 return 0;
7958 }
7959
7960 static void
ieee80211_send_neg_ttlm_res(struct ieee80211_sub_if_data * sdata,enum ieee80211_neg_ttlm_res ttlm_res,u8 dialog_token,struct ieee80211_neg_ttlm * neg_ttlm)7961 ieee80211_send_neg_ttlm_res(struct ieee80211_sub_if_data *sdata,
7962 enum ieee80211_neg_ttlm_res ttlm_res,
7963 u8 dialog_token,
7964 struct ieee80211_neg_ttlm *neg_ttlm)
7965 {
7966 struct ieee80211_local *local = sdata->local;
7967 struct ieee80211_mgmt *mgmt;
7968 struct sk_buff *skb;
7969 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.ttlm_res);
7970 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 +
7971 2 * 2 * IEEE80211_TTLM_NUM_TIDS;
7972 u16 status_code;
7973
7974 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len);
7975 if (!skb)
7976 return;
7977
7978 skb_reserve(skb, local->tx_headroom);
7979 mgmt = skb_put_zero(skb, hdr_len);
7980 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
7981 IEEE80211_STYPE_ACTION);
7982 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
7983 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
7984 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
7985
7986 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
7987 mgmt->u.action.u.ttlm_res.action_code =
7988 WLAN_PROTECTED_EHT_ACTION_TTLM_RES;
7989 mgmt->u.action.u.ttlm_res.dialog_token = dialog_token;
7990 switch (ttlm_res) {
7991 default:
7992 WARN_ON(1);
7993 fallthrough;
7994 case NEG_TTLM_RES_REJECT:
7995 status_code = WLAN_STATUS_DENIED_TID_TO_LINK_MAPPING;
7996 break;
7997 case NEG_TTLM_RES_ACCEPT:
7998 status_code = WLAN_STATUS_SUCCESS;
7999 break;
8000 case NEG_TTLM_RES_SUGGEST_PREFERRED:
8001 status_code = WLAN_STATUS_PREF_TID_TO_LINK_MAPPING_SUGGESTED;
8002 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm);
8003 break;
8004 }
8005
8006 mgmt->u.action.u.ttlm_res.status_code = cpu_to_le16(status_code);
8007 ieee80211_tx_skb(sdata, skb);
8008 }
8009
8010 static int
ieee80211_parse_neg_ttlm(struct ieee80211_sub_if_data * sdata,const struct ieee80211_ttlm_elem * ttlm,struct ieee80211_neg_ttlm * neg_ttlm,u8 * direction)8011 ieee80211_parse_neg_ttlm(struct ieee80211_sub_if_data *sdata,
8012 const struct ieee80211_ttlm_elem *ttlm,
8013 struct ieee80211_neg_ttlm *neg_ttlm,
8014 u8 *direction)
8015 {
8016 u8 control, link_map_presence, map_size, tid;
8017 u8 *pos;
8018
8019 /* The element size was already validated in
8020 * ieee80211_tid_to_link_map_size_ok()
8021 */
8022 pos = (void *)ttlm->optional;
8023
8024 control = ttlm->control;
8025
8026 /* mapping switch time and expected duration fields are not expected
8027 * in case of negotiated TTLM
8028 */
8029 if (control & (IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT |
8030 IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT)) {
8031 mlme_dbg(sdata,
8032 "Invalid TTLM element in negotiated TTLM request\n");
8033 return -EINVAL;
8034 }
8035
8036 if (control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) {
8037 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
8038 neg_ttlm->downlink[tid] = sdata->vif.valid_links;
8039 neg_ttlm->uplink[tid] = sdata->vif.valid_links;
8040 }
8041 *direction = IEEE80211_TTLM_DIRECTION_BOTH;
8042 return 0;
8043 }
8044
8045 *direction = u8_get_bits(control, IEEE80211_TTLM_CONTROL_DIRECTION);
8046 if (*direction != IEEE80211_TTLM_DIRECTION_DOWN &&
8047 *direction != IEEE80211_TTLM_DIRECTION_UP &&
8048 *direction != IEEE80211_TTLM_DIRECTION_BOTH)
8049 return -EINVAL;
8050
8051 link_map_presence = *pos;
8052 pos++;
8053
8054 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE)
8055 map_size = 1;
8056 else
8057 map_size = 2;
8058
8059 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
8060 u16 map;
8061
8062 if (link_map_presence & BIT(tid)) {
8063 map = ieee80211_get_ttlm(map_size, pos);
8064 if (!map) {
8065 mlme_dbg(sdata,
8066 "No active links for TID %d", tid);
8067 return -EINVAL;
8068 }
8069 } else {
8070 map = 0;
8071 }
8072
8073 switch (*direction) {
8074 case IEEE80211_TTLM_DIRECTION_BOTH:
8075 neg_ttlm->downlink[tid] = map;
8076 neg_ttlm->uplink[tid] = map;
8077 break;
8078 case IEEE80211_TTLM_DIRECTION_DOWN:
8079 neg_ttlm->downlink[tid] = map;
8080 break;
8081 case IEEE80211_TTLM_DIRECTION_UP:
8082 neg_ttlm->uplink[tid] = map;
8083 break;
8084 default:
8085 return -EINVAL;
8086 }
8087 pos += map_size;
8088 }
8089 return 0;
8090 }
8091
ieee80211_process_neg_ttlm_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)8092 void ieee80211_process_neg_ttlm_req(struct ieee80211_sub_if_data *sdata,
8093 struct ieee80211_mgmt *mgmt, size_t len)
8094 {
8095 u8 dialog_token, direction[IEEE80211_TTLM_MAX_CNT] = {}, i;
8096 size_t ies_len;
8097 enum ieee80211_neg_ttlm_res ttlm_res = NEG_TTLM_RES_ACCEPT;
8098 struct ieee802_11_elems *elems = NULL;
8099 struct ieee80211_neg_ttlm neg_ttlm = {};
8100
8101 BUILD_BUG_ON(ARRAY_SIZE(direction) != ARRAY_SIZE(elems->ttlm));
8102
8103 if (!ieee80211_vif_is_mld(&sdata->vif))
8104 return;
8105
8106 dialog_token = mgmt->u.action.u.ttlm_req.dialog_token;
8107 ies_len = len - offsetof(struct ieee80211_mgmt,
8108 u.action.u.ttlm_req.variable);
8109 elems = ieee802_11_parse_elems(mgmt->u.action.u.ttlm_req.variable,
8110 ies_len,
8111 IEEE80211_FTYPE_MGMT |
8112 IEEE80211_STYPE_ACTION,
8113 NULL);
8114 if (!elems) {
8115 ttlm_res = NEG_TTLM_RES_REJECT;
8116 goto out;
8117 }
8118
8119 for (i = 0; i < elems->ttlm_num; i++) {
8120 if (ieee80211_parse_neg_ttlm(sdata, elems->ttlm[i],
8121 &neg_ttlm, &direction[i]) ||
8122 (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH &&
8123 elems->ttlm_num != 1)) {
8124 ttlm_res = NEG_TTLM_RES_REJECT;
8125 goto out;
8126 }
8127 }
8128
8129 if (!elems->ttlm_num ||
8130 (elems->ttlm_num == 2 && direction[0] == direction[1])) {
8131 ttlm_res = NEG_TTLM_RES_REJECT;
8132 goto out;
8133 }
8134
8135 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) {
8136 if ((neg_ttlm.downlink[i] &&
8137 (neg_ttlm.downlink[i] & ~sdata->vif.valid_links)) ||
8138 (neg_ttlm.uplink[i] &&
8139 (neg_ttlm.uplink[i] & ~sdata->vif.valid_links))) {
8140 ttlm_res = NEG_TTLM_RES_REJECT;
8141 goto out;
8142 }
8143 }
8144
8145 ttlm_res = drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm);
8146
8147 if (ttlm_res != NEG_TTLM_RES_ACCEPT)
8148 goto out;
8149
8150 ieee80211_apply_neg_ttlm(sdata, neg_ttlm);
8151 out:
8152 kfree(elems);
8153 ieee80211_send_neg_ttlm_res(sdata, ttlm_res, dialog_token, &neg_ttlm);
8154 }
8155
ieee80211_process_neg_ttlm_res(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)8156 void ieee80211_process_neg_ttlm_res(struct ieee80211_sub_if_data *sdata,
8157 struct ieee80211_mgmt *mgmt, size_t len)
8158 {
8159 if (!ieee80211_vif_is_mld(&sdata->vif) ||
8160 mgmt->u.action.u.ttlm_req.dialog_token !=
8161 sdata->u.mgd.dialog_token_alloc)
8162 return;
8163
8164 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
8165 &sdata->u.mgd.neg_ttlm_timeout_work);
8166
8167 /* MLD station sends a TID to link mapping request, mainly to handle
8168 * BTM (BSS transition management) request, in which case it needs to
8169 * restrict the active links set.
8170 * In this case it's not expected that the MLD AP will reject the
8171 * negotiated TTLM request.
8172 * This can be better implemented in the future, to handle request
8173 * rejections.
8174 */
8175 if (le16_to_cpu(mgmt->u.action.u.ttlm_res.status_code) != WLAN_STATUS_SUCCESS)
8176 __ieee80211_disconnect(sdata);
8177 }
8178
ieee80211_process_ttlm_teardown(struct ieee80211_sub_if_data * sdata)8179 void ieee80211_process_ttlm_teardown(struct ieee80211_sub_if_data *sdata)
8180 {
8181 u16 new_dormant_links;
8182
8183 if (!sdata->vif.neg_ttlm.valid)
8184 return;
8185
8186 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
8187 new_dormant_links =
8188 sdata->vif.dormant_links & ~sdata->vif.suspended_links;
8189 sdata->vif.suspended_links = 0;
8190 ieee80211_vif_set_links(sdata, sdata->vif.valid_links,
8191 new_dormant_links);
8192 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_TTLM |
8193 BSS_CHANGED_MLD_VALID_LINKS);
8194 }
8195
ieee80211_teardown_ttlm_work(struct wiphy * wiphy,struct wiphy_work * work)8196 static void ieee80211_teardown_ttlm_work(struct wiphy *wiphy,
8197 struct wiphy_work *work)
8198 {
8199 struct ieee80211_sub_if_data *sdata =
8200 container_of(work, struct ieee80211_sub_if_data,
8201 u.mgd.teardown_ttlm_work);
8202
8203 ieee80211_process_ttlm_teardown(sdata);
8204 }
8205
ieee80211_send_teardown_neg_ttlm(struct ieee80211_vif * vif)8206 void ieee80211_send_teardown_neg_ttlm(struct ieee80211_vif *vif)
8207 {
8208 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
8209 struct ieee80211_local *local = sdata->local;
8210 struct ieee80211_mgmt *mgmt;
8211 struct sk_buff *skb;
8212 int frame_len = offsetofend(struct ieee80211_mgmt,
8213 u.action.u.ttlm_tear_down);
8214 struct ieee80211_tx_info *info;
8215
8216 skb = dev_alloc_skb(local->hw.extra_tx_headroom + frame_len);
8217 if (!skb)
8218 return;
8219
8220 skb_reserve(skb, local->hw.extra_tx_headroom);
8221 mgmt = skb_put_zero(skb, frame_len);
8222 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
8223 IEEE80211_STYPE_ACTION);
8224 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
8225 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
8226 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
8227
8228 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
8229 mgmt->u.action.u.ttlm_tear_down.action_code =
8230 WLAN_PROTECTED_EHT_ACTION_TTLM_TEARDOWN;
8231
8232 info = IEEE80211_SKB_CB(skb);
8233 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
8234 info->status_data = IEEE80211_STATUS_TYPE_NEG_TTLM;
8235 ieee80211_tx_skb(sdata, skb);
8236 }
8237 EXPORT_SYMBOL(ieee80211_send_teardown_neg_ttlm);
8238
ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb)8239 void ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data *sdata,
8240 struct sk_buff *skb)
8241 {
8242 struct ieee80211_link_data *link = &sdata->deflink;
8243 struct ieee80211_rx_status *rx_status;
8244 struct ieee80211_hdr *hdr;
8245 u16 fc;
8246
8247 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8248
8249 rx_status = (struct ieee80211_rx_status *) skb->cb;
8250 hdr = (struct ieee80211_hdr *) skb->data;
8251 fc = le16_to_cpu(hdr->frame_control);
8252
8253 switch (fc & IEEE80211_FCTL_STYPE) {
8254 case IEEE80211_STYPE_S1G_BEACON:
8255 ieee80211_rx_mgmt_beacon(link, hdr, skb->len, rx_status);
8256 break;
8257 }
8258 }
8259
ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb)8260 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
8261 struct sk_buff *skb)
8262 {
8263 struct ieee80211_link_data *link = &sdata->deflink;
8264 struct ieee80211_rx_status *rx_status;
8265 struct ieee802_11_elems *elems;
8266 struct ieee80211_mgmt *mgmt;
8267 u16 fc;
8268 int ies_len;
8269
8270 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8271
8272 rx_status = (struct ieee80211_rx_status *) skb->cb;
8273 mgmt = (struct ieee80211_mgmt *) skb->data;
8274 fc = le16_to_cpu(mgmt->frame_control);
8275
8276 if (rx_status->link_valid) {
8277 link = sdata_dereference(sdata->link[rx_status->link_id],
8278 sdata);
8279 if (!link)
8280 return;
8281 }
8282
8283 switch (fc & IEEE80211_FCTL_STYPE) {
8284 case IEEE80211_STYPE_BEACON:
8285 ieee80211_rx_mgmt_beacon(link, (void *)mgmt,
8286 skb->len, rx_status);
8287 break;
8288 case IEEE80211_STYPE_PROBE_RESP:
8289 ieee80211_rx_mgmt_probe_resp(link, skb);
8290 break;
8291 case IEEE80211_STYPE_AUTH:
8292 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
8293 break;
8294 case IEEE80211_STYPE_DEAUTH:
8295 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
8296 break;
8297 case IEEE80211_STYPE_DISASSOC:
8298 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
8299 break;
8300 case IEEE80211_STYPE_ASSOC_RESP:
8301 case IEEE80211_STYPE_REASSOC_RESP:
8302 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
8303 break;
8304 case IEEE80211_STYPE_ACTION:
8305 if (!sdata->u.mgd.associated ||
8306 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr))
8307 break;
8308
8309 switch (mgmt->u.action.category) {
8310 case WLAN_CATEGORY_SPECTRUM_MGMT:
8311 ies_len = skb->len -
8312 offsetof(struct ieee80211_mgmt,
8313 u.action.u.chan_switch.variable);
8314
8315 if (ies_len < 0)
8316 break;
8317
8318 /* CSA IE cannot be overridden, no need for BSSID */
8319 elems = ieee802_11_parse_elems(mgmt->u.action.u.chan_switch.variable,
8320 ies_len,
8321 IEEE80211_FTYPE_MGMT |
8322 IEEE80211_STYPE_ACTION,
8323 NULL);
8324
8325 if (elems && !elems->parse_error) {
8326 enum ieee80211_csa_source src =
8327 IEEE80211_CSA_SOURCE_PROT_ACTION;
8328
8329 ieee80211_sta_process_chanswitch(link,
8330 rx_status->mactime,
8331 rx_status->device_timestamp,
8332 elems, elems,
8333 src);
8334 }
8335 kfree(elems);
8336 break;
8337 case WLAN_CATEGORY_PUBLIC:
8338 case WLAN_CATEGORY_PROTECTED_DUAL_OF_ACTION:
8339 ies_len = skb->len -
8340 offsetof(struct ieee80211_mgmt,
8341 u.action.u.ext_chan_switch.variable);
8342
8343 if (ies_len < 0)
8344 break;
8345
8346 /*
8347 * extended CSA IE can't be overridden, no need for
8348 * BSSID
8349 */
8350 elems = ieee802_11_parse_elems(mgmt->u.action.u.ext_chan_switch.variable,
8351 ies_len,
8352 IEEE80211_FTYPE_MGMT |
8353 IEEE80211_STYPE_ACTION,
8354 NULL);
8355
8356 if (elems && !elems->parse_error) {
8357 enum ieee80211_csa_source src;
8358
8359 if (mgmt->u.action.category ==
8360 WLAN_CATEGORY_PROTECTED_DUAL_OF_ACTION)
8361 src = IEEE80211_CSA_SOURCE_PROT_ACTION;
8362 else
8363 src = IEEE80211_CSA_SOURCE_UNPROT_ACTION;
8364
8365 /* for the handling code pretend it was an IE */
8366 elems->ext_chansw_ie =
8367 &mgmt->u.action.u.ext_chan_switch.data;
8368
8369 ieee80211_sta_process_chanswitch(link,
8370 rx_status->mactime,
8371 rx_status->device_timestamp,
8372 elems, elems,
8373 src);
8374 }
8375
8376 kfree(elems);
8377 break;
8378 }
8379 break;
8380 }
8381 }
8382
ieee80211_sta_timer(struct timer_list * t)8383 static void ieee80211_sta_timer(struct timer_list *t)
8384 {
8385 struct ieee80211_sub_if_data *sdata =
8386 timer_container_of(sdata, t, u.mgd.timer);
8387
8388 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
8389 }
8390
ieee80211_sta_connection_lost(struct ieee80211_sub_if_data * sdata,u8 reason,bool tx)8391 void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
8392 u8 reason, bool tx)
8393 {
8394 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8395
8396 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
8397 tx, frame_buf);
8398
8399 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
8400 reason, false);
8401 }
8402
ieee80211_auth(struct ieee80211_sub_if_data * sdata)8403 static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
8404 {
8405 struct ieee80211_local *local = sdata->local;
8406 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8407 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
8408 u32 tx_flags = 0;
8409 u16 trans = 1;
8410 u16 status = 0;
8411 struct ieee80211_prep_tx_info info = {
8412 .subtype = IEEE80211_STYPE_AUTH,
8413 };
8414
8415 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8416
8417 if (WARN_ON_ONCE(!auth_data))
8418 return -EINVAL;
8419
8420 if (auth_data->algorithm == WLAN_AUTH_EPPKE &&
8421 ieee80211_vif_is_mld(&sdata->vif) &&
8422 !cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_MULTI_LINK,
8423 auth_data->data, auth_data->data_len))
8424 return -EINVAL;
8425
8426 auth_data->tries++;
8427
8428 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
8429 sdata_info(sdata, "authentication with %pM timed out\n",
8430 auth_data->ap_addr);
8431
8432 /*
8433 * Most likely AP is not in the range so remove the
8434 * bss struct for that AP.
8435 */
8436 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
8437
8438 return -ETIMEDOUT;
8439 }
8440
8441 if (auth_data->algorithm == WLAN_AUTH_SAE)
8442 info.duration = jiffies_to_msecs(IEEE80211_AUTH_TIMEOUT_SAE);
8443
8444 info.link_id = auth_data->link_id;
8445 drv_mgd_prepare_tx(local, sdata, &info);
8446
8447 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
8448 auth_data->ap_addr, auth_data->tries,
8449 IEEE80211_AUTH_MAX_TRIES);
8450
8451 auth_data->expected_transaction = 2;
8452
8453 if (auth_data->algorithm == WLAN_AUTH_SAE) {
8454 trans = auth_data->trans;
8455 status = auth_data->status;
8456 auth_data->expected_transaction = trans;
8457 } else if (auth_data->algorithm == WLAN_AUTH_EPPKE) {
8458 trans = auth_data->trans;
8459 status = auth_data->status;
8460 }
8461
8462 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
8463 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
8464 IEEE80211_TX_INTFL_MLME_CONN_TX;
8465
8466 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
8467 auth_data->data, auth_data->data_len,
8468 auth_data->ap_addr, auth_data->ap_addr,
8469 NULL, 0, 0, tx_flags);
8470
8471 if (tx_flags == 0) {
8472 if (auth_data->algorithm == WLAN_AUTH_SAE)
8473 auth_data->timeout = jiffies +
8474 IEEE80211_AUTH_TIMEOUT_SAE;
8475 else
8476 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
8477 } else {
8478 auth_data->timeout =
8479 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
8480 }
8481
8482 auth_data->timeout_started = true;
8483 run_again(sdata, auth_data->timeout);
8484
8485 return 0;
8486 }
8487
ieee80211_do_assoc(struct ieee80211_sub_if_data * sdata)8488 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
8489 {
8490 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
8491 struct ieee80211_local *local = sdata->local;
8492 int ret;
8493
8494 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8495
8496 assoc_data->tries++;
8497 assoc_data->comeback = false;
8498 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
8499 sdata_info(sdata, "association with %pM timed out\n",
8500 assoc_data->ap_addr);
8501
8502 /*
8503 * Most likely AP is not in the range so remove the
8504 * bss struct for that AP.
8505 */
8506 cfg80211_unlink_bss(local->hw.wiphy,
8507 assoc_data->link[assoc_data->assoc_link_id].bss);
8508
8509 return -ETIMEDOUT;
8510 }
8511
8512 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
8513 assoc_data->ap_addr, assoc_data->tries,
8514 IEEE80211_ASSOC_MAX_TRIES);
8515 ret = ieee80211_send_assoc(sdata);
8516 if (ret)
8517 return ret;
8518
8519 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
8520 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
8521 assoc_data->timeout_started = true;
8522 run_again(sdata, assoc_data->timeout);
8523 } else {
8524 assoc_data->timeout =
8525 round_jiffies_up(jiffies +
8526 IEEE80211_ASSOC_TIMEOUT_LONG);
8527 assoc_data->timeout_started = true;
8528 run_again(sdata, assoc_data->timeout);
8529 }
8530
8531 return 0;
8532 }
8533
ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data * sdata,__le16 fc,bool acked)8534 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
8535 __le16 fc, bool acked)
8536 {
8537 struct ieee80211_local *local = sdata->local;
8538
8539 sdata->u.mgd.status_fc = fc;
8540 sdata->u.mgd.status_acked = acked;
8541 sdata->u.mgd.status_received = true;
8542
8543 wiphy_work_queue(local->hw.wiphy, &sdata->work);
8544 }
8545
ieee80211_sta_work(struct ieee80211_sub_if_data * sdata)8546 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
8547 {
8548 struct ieee80211_local *local = sdata->local;
8549 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8550
8551 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8552
8553 if (ifmgd->status_received) {
8554 __le16 fc = ifmgd->status_fc;
8555 bool status_acked = ifmgd->status_acked;
8556
8557 ifmgd->status_received = false;
8558 if (ifmgd->auth_data && ieee80211_is_auth(fc)) {
8559 if (status_acked) {
8560 if (ifmgd->auth_data->algorithm ==
8561 WLAN_AUTH_SAE)
8562 ifmgd->auth_data->timeout =
8563 jiffies +
8564 IEEE80211_AUTH_TIMEOUT_SAE;
8565 else
8566 ifmgd->auth_data->timeout =
8567 jiffies +
8568 IEEE80211_AUTH_TIMEOUT_SHORT;
8569 run_again(sdata, ifmgd->auth_data->timeout);
8570 } else {
8571 ifmgd->auth_data->timeout = jiffies - 1;
8572 }
8573 ifmgd->auth_data->timeout_started = true;
8574 } else if (ifmgd->assoc_data &&
8575 !ifmgd->assoc_data->comeback &&
8576 (ieee80211_is_assoc_req(fc) ||
8577 ieee80211_is_reassoc_req(fc))) {
8578 /*
8579 * Update association timeout based on the TX status
8580 * for the (Re)Association Request frame. Skip this if
8581 * we have already processed a (Re)Association Response
8582 * frame that indicated need for association comeback
8583 * at a specific time in the future. This could happen
8584 * if the TX status information is delayed enough for
8585 * the response to be received and processed first.
8586 */
8587 if (status_acked) {
8588 ifmgd->assoc_data->timeout =
8589 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
8590 run_again(sdata, ifmgd->assoc_data->timeout);
8591 } else {
8592 ifmgd->assoc_data->timeout = jiffies - 1;
8593 }
8594 ifmgd->assoc_data->timeout_started = true;
8595 }
8596 }
8597
8598 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
8599 time_after(jiffies, ifmgd->auth_data->timeout)) {
8600 if (ifmgd->auth_data->done || ifmgd->auth_data->waiting) {
8601 /*
8602 * ok ... we waited for assoc or continuation but
8603 * userspace didn't do it, so kill the auth data
8604 */
8605 ieee80211_destroy_auth_data(sdata, false);
8606 } else if (ieee80211_auth(sdata)) {
8607 u8 ap_addr[ETH_ALEN];
8608 struct ieee80211_event event = {
8609 .type = MLME_EVENT,
8610 .u.mlme.data = AUTH_EVENT,
8611 .u.mlme.status = MLME_TIMEOUT,
8612 };
8613
8614 memcpy(ap_addr, ifmgd->auth_data->ap_addr, ETH_ALEN);
8615
8616 ieee80211_destroy_auth_data(sdata, false);
8617
8618 cfg80211_auth_timeout(sdata->dev, ap_addr);
8619 drv_event_callback(sdata->local, sdata, &event);
8620 }
8621 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
8622 run_again(sdata, ifmgd->auth_data->timeout);
8623
8624 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
8625 time_after(jiffies, ifmgd->assoc_data->timeout)) {
8626 if ((ifmgd->assoc_data->need_beacon &&
8627 !sdata->deflink.u.mgd.have_beacon) ||
8628 ieee80211_do_assoc(sdata)) {
8629 struct ieee80211_event event = {
8630 .type = MLME_EVENT,
8631 .u.mlme.data = ASSOC_EVENT,
8632 .u.mlme.status = MLME_TIMEOUT,
8633 };
8634
8635 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
8636 drv_event_callback(sdata->local, sdata, &event);
8637 }
8638 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
8639 run_again(sdata, ifmgd->assoc_data->timeout);
8640
8641 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
8642 ifmgd->associated) {
8643 u8 *bssid = sdata->deflink.u.mgd.bssid;
8644 int max_tries;
8645
8646 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
8647 max_tries = max_nullfunc_tries;
8648 else
8649 max_tries = max_probe_tries;
8650
8651 /* ACK received for nullfunc probing frame */
8652 if (!ifmgd->probe_send_count)
8653 ieee80211_reset_ap_probe(sdata);
8654 else if (ifmgd->nullfunc_failed) {
8655 if (ifmgd->probe_send_count < max_tries) {
8656 mlme_dbg(sdata,
8657 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
8658 bssid, ifmgd->probe_send_count,
8659 max_tries);
8660 ieee80211_mgd_probe_ap_send(sdata);
8661 } else {
8662 mlme_dbg(sdata,
8663 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
8664 bssid);
8665 ieee80211_sta_connection_lost(sdata,
8666 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
8667 false);
8668 }
8669 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
8670 run_again(sdata, ifmgd->probe_timeout);
8671 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
8672 mlme_dbg(sdata,
8673 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
8674 bssid, probe_wait_ms);
8675 ieee80211_sta_connection_lost(sdata,
8676 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
8677 } else if (ifmgd->probe_send_count < max_tries) {
8678 mlme_dbg(sdata,
8679 "No probe response from AP %pM after %dms, try %d/%i\n",
8680 bssid, probe_wait_ms,
8681 ifmgd->probe_send_count, max_tries);
8682 ieee80211_mgd_probe_ap_send(sdata);
8683 } else {
8684 /*
8685 * We actually lost the connection ... or did we?
8686 * Let's make sure!
8687 */
8688 mlme_dbg(sdata,
8689 "No probe response from AP %pM after %dms, disconnecting.\n",
8690 bssid, probe_wait_ms);
8691
8692 ieee80211_sta_connection_lost(sdata,
8693 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
8694 }
8695 }
8696 }
8697
8698 static bool
ieee80211_is_csa_in_progress(struct ieee80211_sub_if_data * sdata)8699 ieee80211_is_csa_in_progress(struct ieee80211_sub_if_data *sdata)
8700 {
8701 /*
8702 * In MLO, check the CSA flags 'active' and 'waiting_bcn' for all
8703 * the links.
8704 */
8705 struct ieee80211_link_data *link;
8706
8707 guard(rcu)();
8708
8709 for_each_link_data_rcu(sdata, link) {
8710 if (!(link->conf->csa_active &&
8711 !link->u.mgd.csa.waiting_bcn))
8712 return false;
8713 }
8714
8715 return true;
8716 }
8717
ieee80211_sta_bcn_mon_timer(struct timer_list * t)8718 static void ieee80211_sta_bcn_mon_timer(struct timer_list *t)
8719 {
8720 struct ieee80211_sub_if_data *sdata =
8721 timer_container_of(sdata, t, u.mgd.bcn_mon_timer);
8722
8723 if (ieee80211_is_csa_in_progress(sdata))
8724 return;
8725
8726 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
8727 return;
8728
8729 sdata->u.mgd.connection_loss = false;
8730 wiphy_work_queue(sdata->local->hw.wiphy,
8731 &sdata->u.mgd.beacon_connection_loss_work);
8732 }
8733
8734 static unsigned long
ieee80211_latest_active_link_conn_timeout(struct ieee80211_sub_if_data * sdata)8735 ieee80211_latest_active_link_conn_timeout(struct ieee80211_sub_if_data *sdata)
8736 {
8737 unsigned long latest_timeout = jiffies;
8738 unsigned int link_id;
8739 struct sta_info *sta;
8740
8741 guard(rcu)();
8742
8743 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
8744 if (!sta)
8745 return 0;
8746
8747 for (link_id = 0; link_id < ARRAY_SIZE(sta->link);
8748 link_id++) {
8749 struct link_sta_info *link_sta;
8750 unsigned long timeout;
8751
8752 link_sta = rcu_dereference(sta->link[link_id]);
8753 if (!link_sta)
8754 continue;
8755
8756 timeout = link_sta->status_stats.last_ack;
8757 if (time_before(timeout, link_sta->rx_stats.last_rx))
8758 timeout = link_sta->rx_stats.last_rx;
8759
8760 timeout += IEEE80211_CONNECTION_IDLE_TIME;
8761
8762 /*
8763 * latest_timeout holds the timeout of the link
8764 * that will expire last among all links in an
8765 * non-AP MLD STA. This ensures that the connection
8766 * monitor timer is only reset if at least one link
8767 * is still active, and it is scheduled to fire at
8768 * the latest possible timeout.
8769 */
8770 if (time_after(timeout, latest_timeout))
8771 latest_timeout = timeout;
8772 }
8773
8774 return latest_timeout;
8775 }
8776
ieee80211_sta_conn_mon_timer(struct timer_list * t)8777 static void ieee80211_sta_conn_mon_timer(struct timer_list *t)
8778 {
8779 struct ieee80211_sub_if_data *sdata =
8780 timer_container_of(sdata, t, u.mgd.conn_mon_timer);
8781 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8782 struct ieee80211_local *local = sdata->local;
8783 unsigned long latest_timeout;
8784
8785 if (ieee80211_is_csa_in_progress(sdata))
8786 return;
8787
8788 latest_timeout = ieee80211_latest_active_link_conn_timeout(sdata);
8789
8790 /*
8791 * If latest timeout is after now, then update timer to fire at
8792 * the later date, but do not actually probe at this time.
8793 */
8794 if (time_is_after_jiffies(latest_timeout)) {
8795 mod_timer(&ifmgd->conn_mon_timer,
8796 round_jiffies_up(latest_timeout));
8797 return;
8798 }
8799
8800 wiphy_work_queue(local->hw.wiphy, &sdata->u.mgd.monitor_work);
8801 }
8802
ieee80211_sta_monitor_work(struct wiphy * wiphy,struct wiphy_work * work)8803 static void ieee80211_sta_monitor_work(struct wiphy *wiphy,
8804 struct wiphy_work *work)
8805 {
8806 struct ieee80211_sub_if_data *sdata =
8807 container_of(work, struct ieee80211_sub_if_data,
8808 u.mgd.monitor_work);
8809
8810 ieee80211_mgd_probe_ap(sdata, false);
8811 }
8812
ieee80211_restart_sta_timer(struct ieee80211_sub_if_data * sdata)8813 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
8814 {
8815 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
8816 __ieee80211_stop_poll(sdata);
8817
8818 /* let's probe the connection once */
8819 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
8820 wiphy_work_queue(sdata->local->hw.wiphy,
8821 &sdata->u.mgd.monitor_work);
8822 }
8823 }
8824
8825 #ifdef CONFIG_PM
ieee80211_mgd_quiesce(struct ieee80211_sub_if_data * sdata)8826 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
8827 {
8828 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8829 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8830
8831 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8832
8833 if (ifmgd->auth_data || ifmgd->assoc_data) {
8834 const u8 *ap_addr = ifmgd->auth_data ?
8835 ifmgd->auth_data->ap_addr :
8836 ifmgd->assoc_data->ap_addr;
8837
8838 /*
8839 * If we are trying to authenticate / associate while suspending,
8840 * cfg80211 won't know and won't actually abort those attempts,
8841 * thus we need to do that ourselves.
8842 */
8843 ieee80211_send_deauth_disassoc(sdata, ap_addr, ap_addr,
8844 IEEE80211_STYPE_DEAUTH,
8845 WLAN_REASON_DEAUTH_LEAVING,
8846 false, frame_buf);
8847 if (ifmgd->assoc_data)
8848 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
8849 if (ifmgd->auth_data)
8850 ieee80211_destroy_auth_data(sdata, false);
8851 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
8852 IEEE80211_DEAUTH_FRAME_LEN,
8853 false);
8854 }
8855
8856 /* This is a bit of a hack - we should find a better and more generic
8857 * solution to this. Normally when suspending, cfg80211 will in fact
8858 * deauthenticate. However, it doesn't (and cannot) stop an ongoing
8859 * auth (not so important) or assoc (this is the problem) process.
8860 *
8861 * As a consequence, it can happen that we are in the process of both
8862 * associating and suspending, and receive an association response
8863 * after cfg80211 has checked if it needs to disconnect, but before
8864 * we actually set the flag to drop incoming frames. This will then
8865 * cause the workqueue flush to process the association response in
8866 * the suspend, resulting in a successful association just before it
8867 * tries to remove the interface from the driver, which now though
8868 * has a channel context assigned ... this results in issues.
8869 *
8870 * To work around this (for now) simply deauth here again if we're
8871 * now connected.
8872 */
8873 if (ifmgd->associated && !sdata->local->wowlan) {
8874 u8 bssid[ETH_ALEN];
8875 struct cfg80211_deauth_request req = {
8876 .reason_code = WLAN_REASON_DEAUTH_LEAVING,
8877 .bssid = bssid,
8878 };
8879
8880 memcpy(bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
8881 ieee80211_mgd_deauth(sdata, &req);
8882 }
8883 }
8884 #endif
8885
ieee80211_sta_restart(struct ieee80211_sub_if_data * sdata)8886 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
8887 {
8888 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8889
8890 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8891
8892 if (!ifmgd->associated)
8893 return;
8894
8895 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
8896 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
8897 mlme_dbg(sdata, "driver requested disconnect after resume\n");
8898 ieee80211_sta_connection_lost(sdata,
8899 WLAN_REASON_UNSPECIFIED,
8900 true);
8901 return;
8902 }
8903
8904 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_HW_RESTART) {
8905 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_HW_RESTART;
8906 mlme_dbg(sdata, "driver requested disconnect after hardware restart\n");
8907 ieee80211_sta_connection_lost(sdata,
8908 WLAN_REASON_UNSPECIFIED,
8909 true);
8910 return;
8911 }
8912 }
8913
ieee80211_request_smps_mgd_work(struct wiphy * wiphy,struct wiphy_work * work)8914 static void ieee80211_request_smps_mgd_work(struct wiphy *wiphy,
8915 struct wiphy_work *work)
8916 {
8917 struct ieee80211_link_data *link =
8918 container_of(work, struct ieee80211_link_data,
8919 u.mgd.request_smps_work);
8920
8921 __ieee80211_request_smps_mgd(link->sdata, link,
8922 link->u.mgd.driver_smps_mode);
8923 }
8924
ieee80211_ml_sta_reconf_timeout(struct wiphy * wiphy,struct wiphy_work * work)8925 static void ieee80211_ml_sta_reconf_timeout(struct wiphy *wiphy,
8926 struct wiphy_work *work)
8927 {
8928 struct ieee80211_sub_if_data *sdata =
8929 container_of(work, struct ieee80211_sub_if_data,
8930 u.mgd.reconf.wk.work);
8931
8932 if (!sdata->u.mgd.reconf.added_links &&
8933 !sdata->u.mgd.reconf.removed_links)
8934 return;
8935
8936 sdata_info(sdata,
8937 "mlo: reconf: timeout: added=0x%x, removed=0x%x\n",
8938 sdata->u.mgd.reconf.added_links,
8939 sdata->u.mgd.reconf.removed_links);
8940
8941 __ieee80211_disconnect(sdata);
8942 }
8943
8944 /* interface setup */
ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data * sdata)8945 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
8946 {
8947 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8948
8949 wiphy_work_init(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
8950 wiphy_work_init(&ifmgd->beacon_connection_loss_work,
8951 ieee80211_beacon_connection_loss_work);
8952 wiphy_work_init(&ifmgd->csa_connection_drop_work,
8953 ieee80211_csa_connection_drop_work);
8954 wiphy_delayed_work_init(&ifmgd->tdls_peer_del_work,
8955 ieee80211_tdls_peer_del_work);
8956 wiphy_hrtimer_work_init(&ifmgd->ml_reconf_work,
8957 ieee80211_ml_reconf_work);
8958 wiphy_delayed_work_init(&ifmgd->reconf.wk,
8959 ieee80211_ml_sta_reconf_timeout);
8960 timer_setup(&ifmgd->timer, ieee80211_sta_timer, 0);
8961 timer_setup(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 0);
8962 timer_setup(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 0);
8963 wiphy_delayed_work_init(&ifmgd->tx_tspec_wk,
8964 ieee80211_sta_handle_tspec_ac_params_wk);
8965 wiphy_hrtimer_work_init(&ifmgd->ttlm_work,
8966 ieee80211_tid_to_link_map_work);
8967 wiphy_delayed_work_init(&ifmgd->neg_ttlm_timeout_work,
8968 ieee80211_neg_ttlm_timeout_work);
8969 wiphy_work_init(&ifmgd->teardown_ttlm_work,
8970 ieee80211_teardown_ttlm_work);
8971
8972 ifmgd->flags = 0;
8973 ifmgd->powersave = sdata->wdev.ps;
8974 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
8975 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
8976 /* Setup TDLS data */
8977 spin_lock_init(&ifmgd->teardown_lock);
8978 ifmgd->teardown_skb = NULL;
8979 ifmgd->orig_teardown_skb = NULL;
8980 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO;
8981 }
8982
ieee80211_recalc_smps_work(struct wiphy * wiphy,struct wiphy_work * work)8983 static void ieee80211_recalc_smps_work(struct wiphy *wiphy,
8984 struct wiphy_work *work)
8985 {
8986 struct ieee80211_link_data *link =
8987 container_of(work, struct ieee80211_link_data,
8988 u.mgd.recalc_smps);
8989
8990 ieee80211_recalc_smps(link->sdata, link);
8991 }
8992
ieee80211_mgd_setup_link(struct ieee80211_link_data * link)8993 void ieee80211_mgd_setup_link(struct ieee80211_link_data *link)
8994 {
8995 struct ieee80211_sub_if_data *sdata = link->sdata;
8996 struct ieee80211_local *local = sdata->local;
8997 unsigned int link_id = link->link_id;
8998
8999 link->u.mgd.p2p_noa_index = -1;
9000 link->conf->bssid = link->u.mgd.bssid;
9001 link->smps_mode = IEEE80211_SMPS_OFF;
9002
9003 wiphy_work_init(&link->u.mgd.request_smps_work,
9004 ieee80211_request_smps_mgd_work);
9005 wiphy_work_init(&link->u.mgd.recalc_smps,
9006 ieee80211_recalc_smps_work);
9007 if (local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS)
9008 link->u.mgd.req_smps = IEEE80211_SMPS_AUTOMATIC;
9009 else
9010 link->u.mgd.req_smps = IEEE80211_SMPS_OFF;
9011
9012 wiphy_hrtimer_work_init(&link->u.mgd.csa.switch_work,
9013 ieee80211_csa_switch_work);
9014
9015 ieee80211_clear_tpe(&link->conf->tpe);
9016
9017 if (sdata->u.mgd.assoc_data)
9018 ether_addr_copy(link->conf->addr,
9019 sdata->u.mgd.assoc_data->link[link_id].addr);
9020 else if (sdata->u.mgd.reconf.add_links_data)
9021 ether_addr_copy(link->conf->addr,
9022 sdata->u.mgd.reconf.add_links_data->link[link_id].addr);
9023 else if (!is_valid_ether_addr(link->conf->addr))
9024 eth_random_addr(link->conf->addr);
9025 }
9026
9027 /* scan finished notification */
ieee80211_mlme_notify_scan_completed(struct ieee80211_local * local)9028 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
9029 {
9030 struct ieee80211_sub_if_data *sdata;
9031
9032 /* Restart STA timers */
9033 rcu_read_lock();
9034 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
9035 if (ieee80211_sdata_running(sdata))
9036 ieee80211_restart_sta_timer(sdata);
9037 }
9038 rcu_read_unlock();
9039 }
9040
ieee80211_prep_connection(struct ieee80211_sub_if_data * sdata,struct cfg80211_bss * cbss,s8 link_id,const u8 * ap_mld_addr,bool assoc,struct ieee80211_conn_settings * conn,bool override,unsigned long * userspace_selectors)9041 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
9042 struct cfg80211_bss *cbss, s8 link_id,
9043 const u8 *ap_mld_addr, bool assoc,
9044 struct ieee80211_conn_settings *conn,
9045 bool override,
9046 unsigned long *userspace_selectors)
9047 {
9048 struct ieee80211_local *local = sdata->local;
9049 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
9050 struct ieee80211_bss *bss = (void *)cbss->priv;
9051 struct sta_info *new_sta = NULL;
9052 struct ieee80211_link_data *link;
9053 bool have_sta = false;
9054 bool mlo;
9055 int err;
9056 u16 new_links;
9057
9058 if (link_id >= 0) {
9059 mlo = true;
9060 if (WARN_ON(!ap_mld_addr))
9061 return -EINVAL;
9062 new_links = BIT(link_id);
9063 } else {
9064 if (WARN_ON(ap_mld_addr))
9065 return -EINVAL;
9066 ap_mld_addr = cbss->bssid;
9067 new_links = 0;
9068 link_id = 0;
9069 mlo = false;
9070 }
9071
9072 if (assoc) {
9073 rcu_read_lock();
9074 have_sta = sta_info_get(sdata, ap_mld_addr);
9075 rcu_read_unlock();
9076 }
9077
9078 if (mlo && !have_sta &&
9079 WARN_ON(sdata->vif.valid_links || sdata->vif.active_links))
9080 return -EINVAL;
9081
9082 err = ieee80211_vif_set_links(sdata, new_links, 0);
9083 if (err)
9084 return err;
9085
9086 link = sdata_dereference(sdata->link[link_id], sdata);
9087 if (WARN_ON(!link)) {
9088 err = -ENOLINK;
9089 goto out_err;
9090 }
9091
9092 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) {
9093 err = -EINVAL;
9094 goto out_err;
9095 }
9096
9097 /* If a reconfig is happening, bail out */
9098 if (local->in_reconfig) {
9099 err = -EBUSY;
9100 goto out_err;
9101 }
9102
9103 if (!have_sta) {
9104 if (mlo)
9105 new_sta = sta_info_alloc_with_link(sdata, ap_mld_addr,
9106 link_id, cbss->bssid,
9107 GFP_KERNEL);
9108 else
9109 new_sta = sta_info_alloc(sdata, ap_mld_addr, GFP_KERNEL);
9110
9111 if (!new_sta) {
9112 err = -ENOMEM;
9113 goto out_err;
9114 }
9115
9116 if (ifmgd->auth_data &&
9117 ifmgd->auth_data->algorithm == WLAN_AUTH_EPPKE)
9118 new_sta->sta.epp_peer = true;
9119
9120 new_sta->sta.mlo = mlo;
9121 }
9122
9123 /*
9124 * Set up the information for the new channel before setting the
9125 * new channel. We can't - completely race-free - change the basic
9126 * rates bitmap and the channel (sband) that it refers to, but if
9127 * we set it up before we at least avoid calling into the driver's
9128 * bss_info_changed() method with invalid information (since we do
9129 * call that from changing the channel - only for IDLE and perhaps
9130 * some others, but ...).
9131 *
9132 * So to avoid that, just set up all the new information before the
9133 * channel, but tell the driver to apply it only afterwards, since
9134 * it might need the new channel for that.
9135 */
9136 if (new_sta) {
9137 const struct cfg80211_bss_ies *ies;
9138 struct link_sta_info *link_sta;
9139
9140 rcu_read_lock();
9141 link_sta = rcu_dereference(new_sta->link[link_id]);
9142 if (WARN_ON(!link_sta)) {
9143 rcu_read_unlock();
9144 sta_info_free(local, new_sta);
9145 err = -EINVAL;
9146 goto out_err;
9147 }
9148
9149 err = ieee80211_mgd_setup_link_sta(link, new_sta,
9150 link_sta, cbss);
9151 if (err) {
9152 rcu_read_unlock();
9153 sta_info_free(local, new_sta);
9154 goto out_err;
9155 }
9156
9157 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN);
9158
9159 /* set timing information */
9160 link->conf->beacon_int = cbss->beacon_interval;
9161 ies = rcu_dereference(cbss->beacon_ies);
9162 if (ies) {
9163 link->conf->sync_tsf = ies->tsf;
9164 link->conf->sync_device_ts =
9165 bss->device_ts_beacon;
9166
9167 ieee80211_get_dtim(ies,
9168 &link->conf->sync_dtim_count,
9169 NULL);
9170 } else if (!ieee80211_hw_check(&sdata->local->hw,
9171 TIMING_BEACON_ONLY)) {
9172 ies = rcu_dereference(cbss->proberesp_ies);
9173 /* must be non-NULL since beacon IEs were NULL */
9174 link->conf->sync_tsf = ies->tsf;
9175 link->conf->sync_device_ts =
9176 bss->device_ts_presp;
9177 link->conf->sync_dtim_count = 0;
9178 } else {
9179 link->conf->sync_tsf = 0;
9180 link->conf->sync_device_ts = 0;
9181 link->conf->sync_dtim_count = 0;
9182 }
9183 rcu_read_unlock();
9184 }
9185
9186 if (new_sta || override) {
9187 /*
9188 * Only set this if we're also going to calculate the AP
9189 * settings etc., otherwise this was set before in a
9190 * previous call. Note override is set to %true in assoc
9191 * if the settings were changed.
9192 */
9193 link->u.mgd.conn = *conn;
9194 err = ieee80211_prep_channel(sdata, link, link->link_id, cbss,
9195 mlo, &link->u.mgd.conn,
9196 userspace_selectors);
9197 if (err) {
9198 if (new_sta)
9199 sta_info_free(local, new_sta);
9200 goto out_err;
9201 }
9202 /* pass out for use in assoc */
9203 *conn = link->u.mgd.conn;
9204 }
9205
9206 if (new_sta) {
9207 /*
9208 * tell driver about BSSID, basic rates and timing
9209 * this was set up above, before setting the channel
9210 */
9211 ieee80211_link_info_change_notify(sdata, link,
9212 BSS_CHANGED_BSSID |
9213 BSS_CHANGED_BASIC_RATES |
9214 BSS_CHANGED_BEACON_INT);
9215
9216 if (assoc)
9217 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
9218
9219 err = sta_info_insert(new_sta);
9220 new_sta = NULL;
9221 if (err) {
9222 sdata_info(sdata,
9223 "failed to insert STA entry for the AP (error %d)\n",
9224 err);
9225 goto out_release_chan;
9226 }
9227 } else
9228 WARN_ON_ONCE(!ether_addr_equal(link->u.mgd.bssid, cbss->bssid));
9229
9230 /* Cancel scan to ensure that nothing interferes with connection */
9231 if (local->scanning)
9232 ieee80211_scan_cancel(local);
9233
9234 return 0;
9235
9236 out_release_chan:
9237 ieee80211_link_release_channel(link);
9238 out_err:
9239 ieee80211_vif_set_links(sdata, 0, 0);
9240 return err;
9241 }
9242
ieee80211_mgd_csa_present(struct ieee80211_sub_if_data * sdata,const struct cfg80211_bss_ies * ies,u8 cur_channel,bool ignore_ecsa)9243 static bool ieee80211_mgd_csa_present(struct ieee80211_sub_if_data *sdata,
9244 const struct cfg80211_bss_ies *ies,
9245 u8 cur_channel, bool ignore_ecsa)
9246 {
9247 const struct element *csa_elem, *ecsa_elem;
9248 struct ieee80211_channel_sw_ie *csa = NULL;
9249 struct ieee80211_ext_chansw_ie *ecsa = NULL;
9250
9251 if (!ies)
9252 return false;
9253
9254 csa_elem = cfg80211_find_elem(WLAN_EID_CHANNEL_SWITCH,
9255 ies->data, ies->len);
9256 if (csa_elem && csa_elem->datalen == sizeof(*csa))
9257 csa = (void *)csa_elem->data;
9258
9259 ecsa_elem = cfg80211_find_elem(WLAN_EID_EXT_CHANSWITCH_ANN,
9260 ies->data, ies->len);
9261 if (ecsa_elem && ecsa_elem->datalen == sizeof(*ecsa))
9262 ecsa = (void *)ecsa_elem->data;
9263
9264 if (csa && csa->count == 0)
9265 csa = NULL;
9266 if (csa && !csa->mode && csa->new_ch_num == cur_channel)
9267 csa = NULL;
9268
9269 if (ecsa && ecsa->count == 0)
9270 ecsa = NULL;
9271 if (ecsa && !ecsa->mode && ecsa->new_ch_num == cur_channel)
9272 ecsa = NULL;
9273
9274 if (ignore_ecsa && ecsa) {
9275 sdata_info(sdata,
9276 "Ignoring ECSA in probe response - was considered stuck!\n");
9277 return csa;
9278 }
9279
9280 return csa || ecsa;
9281 }
9282
ieee80211_mgd_csa_in_process(struct ieee80211_sub_if_data * sdata,struct cfg80211_bss * bss)9283 static bool ieee80211_mgd_csa_in_process(struct ieee80211_sub_if_data *sdata,
9284 struct cfg80211_bss *bss)
9285 {
9286 u8 cur_channel;
9287 bool ret;
9288
9289 cur_channel = ieee80211_frequency_to_channel(bss->channel->center_freq);
9290
9291 rcu_read_lock();
9292 if (ieee80211_mgd_csa_present(sdata,
9293 rcu_dereference(bss->beacon_ies),
9294 cur_channel, false)) {
9295 ret = true;
9296 goto out;
9297 }
9298
9299 if (ieee80211_mgd_csa_present(sdata,
9300 rcu_dereference(bss->proberesp_ies),
9301 cur_channel, bss->proberesp_ecsa_stuck)) {
9302 ret = true;
9303 goto out;
9304 }
9305
9306 ret = false;
9307 out:
9308 rcu_read_unlock();
9309 return ret;
9310 }
9311
ieee80211_parse_cfg_selectors(unsigned long * userspace_selectors,const u8 * supported_selectors,u8 supported_selectors_len)9312 static void ieee80211_parse_cfg_selectors(unsigned long *userspace_selectors,
9313 const u8 *supported_selectors,
9314 u8 supported_selectors_len)
9315 {
9316 if (supported_selectors) {
9317 for (int i = 0; i < supported_selectors_len; i++) {
9318 set_bit(supported_selectors[i],
9319 userspace_selectors);
9320 }
9321 } else {
9322 /* Assume SAE_H2E support for backward compatibility. */
9323 set_bit(BSS_MEMBERSHIP_SELECTOR_SAE_H2E,
9324 userspace_selectors);
9325 }
9326 }
9327
9328 /* config hooks */
ieee80211_mgd_auth(struct ieee80211_sub_if_data * sdata,struct cfg80211_auth_request * req)9329 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
9330 struct cfg80211_auth_request *req)
9331 {
9332 struct ieee80211_local *local = sdata->local;
9333 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
9334 struct ieee80211_mgd_auth_data *auth_data;
9335 struct ieee80211_conn_settings conn;
9336 struct ieee80211_link_data *link;
9337 struct ieee80211_supported_band *sband;
9338 struct ieee80211_bss *bss;
9339 u16 auth_alg;
9340 int err;
9341 bool cont_auth, wmm_used;
9342
9343 lockdep_assert_wiphy(sdata->local->hw.wiphy);
9344
9345 /* prepare auth data structure */
9346
9347 switch (req->auth_type) {
9348 case NL80211_AUTHTYPE_OPEN_SYSTEM:
9349 auth_alg = WLAN_AUTH_OPEN;
9350 break;
9351 case NL80211_AUTHTYPE_SHARED_KEY:
9352 if (fips_enabled)
9353 return -EOPNOTSUPP;
9354 auth_alg = WLAN_AUTH_SHARED_KEY;
9355 break;
9356 case NL80211_AUTHTYPE_FT:
9357 auth_alg = WLAN_AUTH_FT;
9358 break;
9359 case NL80211_AUTHTYPE_NETWORK_EAP:
9360 auth_alg = WLAN_AUTH_LEAP;
9361 break;
9362 case NL80211_AUTHTYPE_SAE:
9363 auth_alg = WLAN_AUTH_SAE;
9364 break;
9365 case NL80211_AUTHTYPE_FILS_SK:
9366 auth_alg = WLAN_AUTH_FILS_SK;
9367 break;
9368 case NL80211_AUTHTYPE_FILS_SK_PFS:
9369 auth_alg = WLAN_AUTH_FILS_SK_PFS;
9370 break;
9371 case NL80211_AUTHTYPE_FILS_PK:
9372 auth_alg = WLAN_AUTH_FILS_PK;
9373 break;
9374 case NL80211_AUTHTYPE_EPPKE:
9375 auth_alg = WLAN_AUTH_EPPKE;
9376 break;
9377 default:
9378 return -EOPNOTSUPP;
9379 }
9380
9381 if (ifmgd->assoc_data)
9382 return -EBUSY;
9383
9384 if (ieee80211_mgd_csa_in_process(sdata, req->bss)) {
9385 sdata_info(sdata, "AP is in CSA process, reject auth\n");
9386 return -EINVAL;
9387 }
9388
9389 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len +
9390 req->ie_len, GFP_KERNEL);
9391 if (!auth_data)
9392 return -ENOMEM;
9393
9394 memcpy(auth_data->ap_addr,
9395 req->ap_mld_addr ?: req->bss->bssid,
9396 ETH_ALEN);
9397 auth_data->bss = req->bss;
9398 auth_data->link_id = req->link_id;
9399
9400 if (req->auth_data_len >= 4) {
9401 if (req->auth_type == NL80211_AUTHTYPE_SAE ||
9402 req->auth_type == NL80211_AUTHTYPE_EPPKE) {
9403 __le16 *pos = (__le16 *) req->auth_data;
9404
9405 auth_data->trans = le16_to_cpu(pos[0]);
9406 auth_data->status = le16_to_cpu(pos[1]);
9407 }
9408
9409 memcpy(auth_data->data, req->auth_data + 4,
9410 req->auth_data_len - 4);
9411 auth_data->data_len += req->auth_data_len - 4;
9412 }
9413
9414 /* Check if continuing authentication or trying to authenticate with the
9415 * same BSS that we were in the process of authenticating with and avoid
9416 * removal and re-addition of the STA entry in
9417 * ieee80211_prep_connection().
9418 */
9419 cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss &&
9420 ifmgd->auth_data->link_id == req->link_id;
9421
9422 if (req->ie && req->ie_len) {
9423 memcpy(&auth_data->data[auth_data->data_len],
9424 req->ie, req->ie_len);
9425 auth_data->data_len += req->ie_len;
9426 }
9427
9428 if (req->key && req->key_len) {
9429 auth_data->key_len = req->key_len;
9430 auth_data->key_idx = req->key_idx;
9431 memcpy(auth_data->key, req->key, req->key_len);
9432 }
9433
9434 ieee80211_parse_cfg_selectors(auth_data->userspace_selectors,
9435 req->supported_selectors,
9436 req->supported_selectors_len);
9437
9438 auth_data->algorithm = auth_alg;
9439
9440 /* try to authenticate/probe */
9441
9442 if (ifmgd->auth_data) {
9443 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) {
9444 auth_data->peer_confirmed =
9445 ifmgd->auth_data->peer_confirmed;
9446 }
9447 ieee80211_destroy_auth_data(sdata, cont_auth);
9448 }
9449
9450 /* prep auth_data so we don't go into idle on disassoc */
9451 ifmgd->auth_data = auth_data;
9452
9453 /* If this is continuation of an ongoing SAE authentication exchange
9454 * (i.e., request to send SAE Confirm) and the peer has already
9455 * confirmed, mark authentication completed since we are about to send
9456 * out SAE Confirm.
9457 */
9458 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE &&
9459 auth_data->peer_confirmed && auth_data->trans == 2)
9460 ieee80211_mark_sta_auth(sdata);
9461
9462 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_EPPKE &&
9463 auth_data->trans == 3)
9464 ieee80211_mark_sta_auth(sdata);
9465
9466 if (ifmgd->associated) {
9467 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
9468
9469 sdata_info(sdata,
9470 "disconnect from AP %pM for new auth to %pM\n",
9471 sdata->vif.cfg.ap_addr, auth_data->ap_addr);
9472 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
9473 WLAN_REASON_UNSPECIFIED,
9474 false, frame_buf);
9475
9476 ieee80211_report_disconnect(sdata, frame_buf,
9477 sizeof(frame_buf), true,
9478 WLAN_REASON_UNSPECIFIED,
9479 false);
9480 }
9481
9482 /* needed for transmitting the auth frame(s) properly */
9483 memcpy(sdata->vif.cfg.ap_addr, auth_data->ap_addr, ETH_ALEN);
9484
9485 bss = (void *)req->bss->priv;
9486 wmm_used = bss->wmm_used && (local->hw.queues >= IEEE80211_NUM_ACS);
9487
9488 sband = local->hw.wiphy->bands[req->bss->channel->band];
9489
9490 ieee80211_determine_our_sta_mode_auth(sdata, sband, req, wmm_used,
9491 &conn);
9492
9493 err = ieee80211_prep_connection(sdata, req->bss, req->link_id,
9494 req->ap_mld_addr, cont_auth,
9495 &conn, false,
9496 auth_data->userspace_selectors);
9497 if (err)
9498 goto err_clear;
9499
9500 if (req->link_id >= 0)
9501 link = sdata_dereference(sdata->link[req->link_id], sdata);
9502 else
9503 link = &sdata->deflink;
9504
9505 if (WARN_ON(!link)) {
9506 err = -ENOLINK;
9507 goto err_clear;
9508 }
9509
9510 sdata_info(sdata, "authenticate with %pM (local address=%pM)\n",
9511 auth_data->ap_addr, link->conf->addr);
9512
9513 err = ieee80211_auth(sdata);
9514 if (err) {
9515 sta_info_destroy_addr(sdata, auth_data->ap_addr);
9516 goto err_clear;
9517 }
9518
9519 /* hold our own reference */
9520 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
9521 return 0;
9522
9523 err_clear:
9524 if (!ieee80211_vif_is_mld(&sdata->vif)) {
9525 eth_zero_addr(sdata->deflink.u.mgd.bssid);
9526 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
9527 BSS_CHANGED_BSSID);
9528 ieee80211_link_release_channel(&sdata->deflink);
9529 }
9530 ifmgd->auth_data = NULL;
9531 kfree(auth_data);
9532 return err;
9533 }
9534
9535 static void
ieee80211_setup_assoc_link(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * assoc_data,struct cfg80211_assoc_request * req,struct ieee80211_conn_settings * conn,unsigned int link_id)9536 ieee80211_setup_assoc_link(struct ieee80211_sub_if_data *sdata,
9537 struct ieee80211_mgd_assoc_data *assoc_data,
9538 struct cfg80211_assoc_request *req,
9539 struct ieee80211_conn_settings *conn,
9540 unsigned int link_id)
9541 {
9542 struct ieee80211_local *local = sdata->local;
9543 const struct cfg80211_bss_ies *bss_ies;
9544 struct ieee80211_supported_band *sband;
9545 struct ieee80211_link_data *link;
9546 struct cfg80211_bss *cbss;
9547 struct ieee80211_bss *bss;
9548
9549 cbss = assoc_data->link[link_id].bss;
9550 if (WARN_ON(!cbss))
9551 return;
9552
9553 bss = (void *)cbss->priv;
9554
9555 sband = local->hw.wiphy->bands[cbss->channel->band];
9556 if (WARN_ON(!sband))
9557 return;
9558
9559 link = sdata_dereference(sdata->link[link_id], sdata);
9560 if (WARN_ON(!link))
9561 return;
9562
9563 /* for MLO connections assume advertising all rates is OK */
9564 if (!req->ap_mld_addr) {
9565 assoc_data->supp_rates = bss->supp_rates;
9566 assoc_data->supp_rates_len = bss->supp_rates_len;
9567 }
9568
9569 /* copy and link elems for the STA profile */
9570 if (req->links[link_id].elems_len) {
9571 memcpy(assoc_data->ie_pos, req->links[link_id].elems,
9572 req->links[link_id].elems_len);
9573 assoc_data->link[link_id].elems = assoc_data->ie_pos;
9574 assoc_data->link[link_id].elems_len = req->links[link_id].elems_len;
9575 assoc_data->ie_pos += req->links[link_id].elems_len;
9576 }
9577
9578 link->u.mgd.beacon_crc_valid = false;
9579 link->u.mgd.dtim_period = 0;
9580 link->u.mgd.have_beacon = false;
9581
9582 /* override HT configuration only if the AP and we support it */
9583 if (conn->mode >= IEEE80211_CONN_MODE_HT) {
9584 struct ieee80211_sta_ht_cap sta_ht_cap;
9585
9586 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
9587 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
9588 }
9589
9590 rcu_read_lock();
9591 bss_ies = rcu_dereference(cbss->beacon_ies);
9592 if (bss_ies) {
9593 u8 dtim_count = 0;
9594
9595 ieee80211_get_dtim(bss_ies, &dtim_count,
9596 &link->u.mgd.dtim_period);
9597
9598 sdata->deflink.u.mgd.have_beacon = true;
9599
9600 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
9601 link->conf->sync_tsf = bss_ies->tsf;
9602 link->conf->sync_device_ts = bss->device_ts_beacon;
9603 link->conf->sync_dtim_count = dtim_count;
9604 }
9605 } else {
9606 bss_ies = rcu_dereference(cbss->ies);
9607 }
9608
9609 if (bss_ies) {
9610 const struct element *elem;
9611
9612 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION,
9613 bss_ies->data, bss_ies->len);
9614 if (elem && elem->datalen >= 3)
9615 link->conf->profile_periodicity = elem->data[2];
9616 else
9617 link->conf->profile_periodicity = 0;
9618
9619 elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
9620 bss_ies->data, bss_ies->len);
9621 if (elem && elem->datalen >= 11 &&
9622 (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
9623 link->conf->ema_ap = true;
9624 else
9625 link->conf->ema_ap = false;
9626 }
9627 rcu_read_unlock();
9628
9629 if (bss->corrupt_data) {
9630 char *corrupt_type = "data";
9631
9632 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
9633 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
9634 corrupt_type = "beacon and probe response";
9635 else
9636 corrupt_type = "beacon";
9637 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) {
9638 corrupt_type = "probe response";
9639 }
9640 sdata_info(sdata, "associating to AP %pM with corrupt %s\n",
9641 cbss->bssid, corrupt_type);
9642 }
9643
9644 if (link->u.mgd.req_smps == IEEE80211_SMPS_AUTOMATIC) {
9645 if (sdata->u.mgd.powersave)
9646 link->smps_mode = IEEE80211_SMPS_DYNAMIC;
9647 else
9648 link->smps_mode = IEEE80211_SMPS_OFF;
9649 } else {
9650 link->smps_mode = link->u.mgd.req_smps;
9651 }
9652 }
9653
9654 static int
ieee80211_mgd_get_ap_ht_vht_capa(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * assoc_data,int link_id)9655 ieee80211_mgd_get_ap_ht_vht_capa(struct ieee80211_sub_if_data *sdata,
9656 struct ieee80211_mgd_assoc_data *assoc_data,
9657 int link_id)
9658 {
9659 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
9660 enum nl80211_band band = cbss->channel->band;
9661 struct ieee80211_supported_band *sband;
9662 const struct element *elem;
9663 int err;
9664
9665 /* neither HT nor VHT elements used on 6 GHz */
9666 if (band == NL80211_BAND_6GHZ)
9667 return 0;
9668
9669 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_HT)
9670 return 0;
9671
9672 rcu_read_lock();
9673 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_OPERATION);
9674 if (!elem || elem->datalen < sizeof(struct ieee80211_ht_operation)) {
9675 mlme_link_id_dbg(sdata, link_id, "no HT operation on BSS %pM\n",
9676 cbss->bssid);
9677 err = -EINVAL;
9678 goto out_rcu;
9679 }
9680 assoc_data->link[link_id].ap_ht_param =
9681 ((struct ieee80211_ht_operation *)(elem->data))->ht_param;
9682 rcu_read_unlock();
9683
9684 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_VHT)
9685 return 0;
9686
9687 /* some drivers want to support VHT on 2.4 GHz even */
9688 sband = sdata->local->hw.wiphy->bands[band];
9689 if (!sband->vht_cap.vht_supported)
9690 return 0;
9691
9692 rcu_read_lock();
9693 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY);
9694 /* but even then accept it not being present on the AP */
9695 if (!elem && band == NL80211_BAND_2GHZ) {
9696 err = 0;
9697 goto out_rcu;
9698 }
9699 if (!elem || elem->datalen < sizeof(struct ieee80211_vht_cap)) {
9700 mlme_link_id_dbg(sdata, link_id, "no VHT capa on BSS %pM\n",
9701 cbss->bssid);
9702 err = -EINVAL;
9703 goto out_rcu;
9704 }
9705 memcpy(&assoc_data->link[link_id].ap_vht_cap, elem->data,
9706 sizeof(struct ieee80211_vht_cap));
9707 rcu_read_unlock();
9708
9709 return 0;
9710 out_rcu:
9711 rcu_read_unlock();
9712 return err;
9713 }
9714
9715 static bool
ieee80211_mgd_assoc_bss_has_mld_ext_capa_ops(struct cfg80211_assoc_request * req)9716 ieee80211_mgd_assoc_bss_has_mld_ext_capa_ops(struct cfg80211_assoc_request *req)
9717 {
9718 const struct cfg80211_bss_ies *ies;
9719 struct cfg80211_bss *bss;
9720 const struct element *ml;
9721
9722 /* not an MLO connection if link_id < 0, so irrelevant */
9723 if (req->link_id < 0)
9724 return false;
9725
9726 bss = req->links[req->link_id].bss;
9727
9728 guard(rcu)();
9729 ies = rcu_dereference(bss->ies);
9730 for_each_element_extid(ml, WLAN_EID_EXT_EHT_MULTI_LINK,
9731 ies->data, ies->len) {
9732 const struct ieee80211_multi_link_elem *mle;
9733
9734 if (!ieee80211_mle_type_ok(ml->data + 1,
9735 IEEE80211_ML_CONTROL_TYPE_BASIC,
9736 ml->datalen - 1))
9737 continue;
9738
9739 mle = (void *)(ml->data + 1);
9740 if (mle->control & cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EXT_MLD_CAPA_OP))
9741 return true;
9742 }
9743
9744 return false;
9745
9746 }
9747
ieee80211_mgd_assoc(struct ieee80211_sub_if_data * sdata,struct cfg80211_assoc_request * req)9748 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
9749 struct cfg80211_assoc_request *req)
9750 {
9751 unsigned int assoc_link_id = req->link_id < 0 ? 0 : req->link_id;
9752 struct ieee80211_local *local = sdata->local;
9753 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
9754 struct ieee80211_mgd_assoc_data *assoc_data;
9755 const struct element *ssid_elem;
9756 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
9757 struct ieee80211_link_data *link;
9758 struct cfg80211_bss *cbss;
9759 bool override, uapsd_supported;
9760 bool match_auth;
9761 int i, err;
9762 size_t size = sizeof(*assoc_data) + req->ie_len;
9763
9764 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++)
9765 size += req->links[i].elems_len;
9766
9767 /* FIXME: no support for 4-addr MLO yet */
9768 if (sdata->u.mgd.use_4addr && req->link_id >= 0)
9769 return -EOPNOTSUPP;
9770
9771 assoc_data = kzalloc(size, GFP_KERNEL);
9772 if (!assoc_data)
9773 return -ENOMEM;
9774
9775 cbss = req->link_id < 0 ? req->bss : req->links[req->link_id].bss;
9776
9777 if (ieee80211_mgd_csa_in_process(sdata, cbss)) {
9778 sdata_info(sdata, "AP is in CSA process, reject assoc\n");
9779 err = -EINVAL;
9780 goto err_free;
9781 }
9782
9783 rcu_read_lock();
9784 ssid_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID);
9785 if (!ssid_elem || ssid_elem->datalen > sizeof(assoc_data->ssid)) {
9786 rcu_read_unlock();
9787 err = -EINVAL;
9788 goto err_free;
9789 }
9790
9791 memcpy(assoc_data->ssid, ssid_elem->data, ssid_elem->datalen);
9792 assoc_data->ssid_len = ssid_elem->datalen;
9793 rcu_read_unlock();
9794
9795 if (req->ap_mld_addr)
9796 memcpy(assoc_data->ap_addr, req->ap_mld_addr, ETH_ALEN);
9797 else
9798 memcpy(assoc_data->ap_addr, cbss->bssid, ETH_ALEN);
9799
9800 /*
9801 * Many APs have broken parsing of the extended MLD capa/ops field,
9802 * dropping (re-)association request frames or replying with association
9803 * response with a failure status if it's present.
9804 * Set our value from the userspace request only in strict mode or if
9805 * the AP also had that field present.
9806 */
9807 if (ieee80211_hw_check(&local->hw, STRICT) ||
9808 ieee80211_mgd_assoc_bss_has_mld_ext_capa_ops(req))
9809 assoc_data->ext_mld_capa_ops =
9810 cpu_to_le16(req->ext_mld_capa_ops);
9811
9812 if (ifmgd->associated) {
9813 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
9814
9815 sdata_info(sdata,
9816 "disconnect from AP %pM for new assoc to %pM\n",
9817 sdata->vif.cfg.ap_addr, assoc_data->ap_addr);
9818 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
9819 WLAN_REASON_UNSPECIFIED,
9820 false, frame_buf);
9821
9822 ieee80211_report_disconnect(sdata, frame_buf,
9823 sizeof(frame_buf), true,
9824 WLAN_REASON_UNSPECIFIED,
9825 false);
9826 }
9827
9828 memset(sdata->u.mgd.userspace_selectors, 0,
9829 sizeof(sdata->u.mgd.userspace_selectors));
9830 ieee80211_parse_cfg_selectors(sdata->u.mgd.userspace_selectors,
9831 req->supported_selectors,
9832 req->supported_selectors_len);
9833
9834 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
9835 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
9836 sizeof(ifmgd->ht_capa_mask));
9837
9838 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
9839 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
9840 sizeof(ifmgd->vht_capa_mask));
9841
9842 memcpy(&ifmgd->s1g_capa, &req->s1g_capa, sizeof(ifmgd->s1g_capa));
9843 memcpy(&ifmgd->s1g_capa_mask, &req->s1g_capa_mask,
9844 sizeof(ifmgd->s1g_capa_mask));
9845
9846 /* keep some setup (AP STA, channel, ...) if matching */
9847 match_auth = ifmgd->auth_data &&
9848 ether_addr_equal(ifmgd->auth_data->ap_addr,
9849 assoc_data->ap_addr) &&
9850 ifmgd->auth_data->link_id == req->link_id;
9851
9852 if (req->ap_mld_addr) {
9853 uapsd_supported = true;
9854
9855 if (req->flags & (ASSOC_REQ_DISABLE_HT |
9856 ASSOC_REQ_DISABLE_VHT |
9857 ASSOC_REQ_DISABLE_HE |
9858 ASSOC_REQ_DISABLE_EHT)) {
9859 err = -EINVAL;
9860 goto err_free;
9861 }
9862
9863 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
9864 struct ieee80211_supported_band *sband;
9865 struct cfg80211_bss *link_cbss = req->links[i].bss;
9866 struct ieee80211_bss *bss;
9867
9868 if (!link_cbss)
9869 continue;
9870
9871 bss = (void *)link_cbss->priv;
9872
9873 if (!bss->wmm_used) {
9874 err = -EINVAL;
9875 req->links[i].error = err;
9876 goto err_free;
9877 }
9878
9879 if (link_cbss->channel->band == NL80211_BAND_S1GHZ) {
9880 err = -EINVAL;
9881 req->links[i].error = err;
9882 goto err_free;
9883 }
9884
9885 link = sdata_dereference(sdata->link[i], sdata);
9886 if (link)
9887 ether_addr_copy(assoc_data->link[i].addr,
9888 link->conf->addr);
9889 else
9890 eth_random_addr(assoc_data->link[i].addr);
9891 sband = local->hw.wiphy->bands[link_cbss->channel->band];
9892
9893 if (match_auth && i == assoc_link_id && link)
9894 assoc_data->link[i].conn = link->u.mgd.conn;
9895 else
9896 assoc_data->link[i].conn =
9897 ieee80211_conn_settings_unlimited;
9898 ieee80211_determine_our_sta_mode_assoc(sdata, sband,
9899 req, true, i,
9900 &assoc_data->link[i].conn);
9901 assoc_data->link[i].bss = link_cbss;
9902
9903 if (!bss->uapsd_supported)
9904 uapsd_supported = false;
9905
9906 if (assoc_data->link[i].conn.mode < IEEE80211_CONN_MODE_EHT) {
9907 err = -EINVAL;
9908 req->links[i].error = err;
9909 goto err_free;
9910 }
9911
9912 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata,
9913 assoc_data, i);
9914 if (err) {
9915 err = -EINVAL;
9916 req->links[i].error = err;
9917 goto err_free;
9918 }
9919 }
9920
9921 assoc_data->wmm = true;
9922 } else {
9923 struct ieee80211_supported_band *sband;
9924 struct ieee80211_bss *bss = (void *)cbss->priv;
9925
9926 memcpy(assoc_data->link[0].addr, sdata->vif.addr, ETH_ALEN);
9927 assoc_data->s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
9928
9929 assoc_data->wmm = bss->wmm_used &&
9930 (local->hw.queues >= IEEE80211_NUM_ACS);
9931
9932 if (cbss->channel->band == NL80211_BAND_6GHZ &&
9933 req->flags & (ASSOC_REQ_DISABLE_HT |
9934 ASSOC_REQ_DISABLE_VHT |
9935 ASSOC_REQ_DISABLE_HE)) {
9936 err = -EINVAL;
9937 goto err_free;
9938 }
9939
9940 sband = local->hw.wiphy->bands[cbss->channel->band];
9941
9942 assoc_data->link[0].bss = cbss;
9943
9944 if (match_auth)
9945 assoc_data->link[0].conn = sdata->deflink.u.mgd.conn;
9946 else
9947 assoc_data->link[0].conn =
9948 ieee80211_conn_settings_unlimited;
9949 ieee80211_determine_our_sta_mode_assoc(sdata, sband, req,
9950 assoc_data->wmm, 0,
9951 &assoc_data->link[0].conn);
9952
9953 uapsd_supported = bss->uapsd_supported;
9954
9955 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata, assoc_data, 0);
9956 if (err)
9957 goto err_free;
9958 }
9959
9960 assoc_data->spp_amsdu = req->flags & ASSOC_REQ_SPP_AMSDU;
9961
9962 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
9963 err = -EBUSY;
9964 goto err_free;
9965 }
9966
9967 if (ifmgd->assoc_data) {
9968 err = -EBUSY;
9969 goto err_free;
9970 }
9971
9972 /* Cleanup is delayed if auth_data matches */
9973 if (ifmgd->auth_data && !match_auth)
9974 ieee80211_destroy_auth_data(sdata, false);
9975
9976 if (req->ie && req->ie_len) {
9977 memcpy(assoc_data->ie, req->ie, req->ie_len);
9978 assoc_data->ie_len = req->ie_len;
9979 assoc_data->ie_pos = assoc_data->ie + assoc_data->ie_len;
9980 } else {
9981 assoc_data->ie_pos = assoc_data->ie;
9982 }
9983
9984 if (req->fils_kek) {
9985 /* should already be checked in cfg80211 - so warn */
9986 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) {
9987 err = -EINVAL;
9988 goto err_free;
9989 }
9990 memcpy(assoc_data->fils_kek, req->fils_kek,
9991 req->fils_kek_len);
9992 assoc_data->fils_kek_len = req->fils_kek_len;
9993 }
9994
9995 if (req->fils_nonces)
9996 memcpy(assoc_data->fils_nonces, req->fils_nonces,
9997 2 * FILS_NONCE_LEN);
9998
9999 /* default timeout */
10000 assoc_data->timeout = jiffies;
10001 assoc_data->timeout_started = true;
10002
10003 assoc_data->assoc_link_id = assoc_link_id;
10004
10005 if (req->ap_mld_addr) {
10006 /* if there was no authentication, set up the link */
10007 err = ieee80211_vif_set_links(sdata, BIT(assoc_link_id), 0);
10008 if (err)
10009 goto err_clear;
10010 }
10011
10012 link = sdata_dereference(sdata->link[assoc_link_id], sdata);
10013 if (WARN_ON(!link)) {
10014 err = -EINVAL;
10015 goto err_clear;
10016 }
10017
10018 override = link->u.mgd.conn.mode !=
10019 assoc_data->link[assoc_link_id].conn.mode ||
10020 link->u.mgd.conn.bw_limit !=
10021 assoc_data->link[assoc_link_id].conn.bw_limit;
10022 link->u.mgd.conn = assoc_data->link[assoc_link_id].conn;
10023
10024 ieee80211_setup_assoc_link(sdata, assoc_data, req, &link->u.mgd.conn,
10025 assoc_link_id);
10026
10027 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) &&
10028 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK),
10029 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n"))
10030 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD;
10031
10032 if (assoc_data->wmm && uapsd_supported &&
10033 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) {
10034 assoc_data->uapsd = true;
10035 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
10036 } else {
10037 assoc_data->uapsd = false;
10038 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
10039 }
10040
10041 if (req->prev_bssid)
10042 memcpy(assoc_data->prev_ap_addr, req->prev_bssid, ETH_ALEN);
10043
10044 if (req->use_mfp) {
10045 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
10046 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
10047 } else {
10048 ifmgd->mfp = IEEE80211_MFP_DISABLED;
10049 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
10050 }
10051
10052 if (req->flags & ASSOC_REQ_USE_RRM)
10053 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM;
10054 else
10055 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM;
10056
10057 if (req->crypto.control_port)
10058 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
10059 else
10060 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
10061
10062 sdata->control_port_protocol = req->crypto.control_port_ethertype;
10063 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
10064 sdata->control_port_over_nl80211 =
10065 req->crypto.control_port_over_nl80211;
10066 sdata->control_port_no_preauth = req->crypto.control_port_no_preauth;
10067
10068 /* kick off associate process */
10069 ifmgd->assoc_data = assoc_data;
10070
10071 for (i = 0; i < ARRAY_SIZE(assoc_data->link); i++) {
10072 if (!assoc_data->link[i].bss)
10073 continue;
10074 if (i == assoc_data->assoc_link_id)
10075 continue;
10076 /* only calculate the mode, hence link == NULL */
10077 err = ieee80211_prep_channel(sdata, NULL, i,
10078 assoc_data->link[i].bss, true,
10079 &assoc_data->link[i].conn,
10080 sdata->u.mgd.userspace_selectors);
10081 if (err) {
10082 req->links[i].error = err;
10083 goto err_clear;
10084 }
10085 }
10086
10087 memcpy(vif_cfg->ssid, assoc_data->ssid, assoc_data->ssid_len);
10088 vif_cfg->ssid_len = assoc_data->ssid_len;
10089
10090 /* needed for transmitting the assoc frames properly */
10091 memcpy(sdata->vif.cfg.ap_addr, assoc_data->ap_addr, ETH_ALEN);
10092
10093 err = ieee80211_prep_connection(sdata, cbss, req->link_id,
10094 req->ap_mld_addr, true,
10095 &assoc_data->link[assoc_link_id].conn,
10096 override,
10097 sdata->u.mgd.userspace_selectors);
10098 if (err)
10099 goto err_clear;
10100
10101 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC)) {
10102 const struct cfg80211_bss_ies *beacon_ies;
10103
10104 rcu_read_lock();
10105 beacon_ies = rcu_dereference(req->bss->beacon_ies);
10106 if (!beacon_ies) {
10107 /*
10108 * Wait up to one beacon interval ...
10109 * should this be more if we miss one?
10110 */
10111 sdata_info(sdata, "waiting for beacon from %pM\n",
10112 link->u.mgd.bssid);
10113 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
10114 assoc_data->timeout_started = true;
10115 assoc_data->need_beacon = true;
10116 }
10117 rcu_read_unlock();
10118 }
10119
10120 run_again(sdata, assoc_data->timeout);
10121
10122 /* We are associating, clean up auth_data */
10123 if (ifmgd->auth_data)
10124 ieee80211_destroy_auth_data(sdata, true);
10125
10126 return 0;
10127 err_clear:
10128 if (!ifmgd->auth_data) {
10129 eth_zero_addr(sdata->deflink.u.mgd.bssid);
10130 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
10131 BSS_CHANGED_BSSID);
10132 }
10133 ifmgd->assoc_data = NULL;
10134 err_free:
10135 kfree(assoc_data);
10136 return err;
10137 }
10138
ieee80211_mgd_deauth(struct ieee80211_sub_if_data * sdata,struct cfg80211_deauth_request * req)10139 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
10140 struct cfg80211_deauth_request *req)
10141 {
10142 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
10143 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
10144 bool tx = !req->local_state_change;
10145 struct ieee80211_prep_tx_info info = {
10146 .subtype = IEEE80211_STYPE_DEAUTH,
10147 };
10148
10149 if (ifmgd->auth_data &&
10150 ether_addr_equal(ifmgd->auth_data->ap_addr, req->bssid)) {
10151 sdata_info(sdata,
10152 "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
10153 req->bssid, req->reason_code,
10154 ieee80211_get_reason_code_string(req->reason_code));
10155
10156 info.link_id = ifmgd->auth_data->link_id;
10157 drv_mgd_prepare_tx(sdata->local, sdata, &info);
10158 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
10159 IEEE80211_STYPE_DEAUTH,
10160 req->reason_code, tx,
10161 frame_buf);
10162 ieee80211_destroy_auth_data(sdata, false);
10163 ieee80211_report_disconnect(sdata, frame_buf,
10164 sizeof(frame_buf), true,
10165 req->reason_code, false);
10166 drv_mgd_complete_tx(sdata->local, sdata, &info);
10167 return 0;
10168 }
10169
10170 if (ifmgd->assoc_data &&
10171 ether_addr_equal(ifmgd->assoc_data->ap_addr, req->bssid)) {
10172 sdata_info(sdata,
10173 "aborting association with %pM by local choice (Reason: %u=%s)\n",
10174 req->bssid, req->reason_code,
10175 ieee80211_get_reason_code_string(req->reason_code));
10176
10177 info.link_id = ifmgd->assoc_data->assoc_link_id;
10178 drv_mgd_prepare_tx(sdata->local, sdata, &info);
10179 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
10180 IEEE80211_STYPE_DEAUTH,
10181 req->reason_code, tx,
10182 frame_buf);
10183 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
10184 ieee80211_report_disconnect(sdata, frame_buf,
10185 sizeof(frame_buf), true,
10186 req->reason_code, false);
10187 drv_mgd_complete_tx(sdata->local, sdata, &info);
10188 return 0;
10189 }
10190
10191 if (ifmgd->associated &&
10192 ether_addr_equal(sdata->vif.cfg.ap_addr, req->bssid)) {
10193 sdata_info(sdata,
10194 "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
10195 req->bssid, req->reason_code,
10196 ieee80211_get_reason_code_string(req->reason_code));
10197
10198 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
10199 req->reason_code, tx, frame_buf);
10200 ieee80211_report_disconnect(sdata, frame_buf,
10201 sizeof(frame_buf), true,
10202 req->reason_code, false);
10203 return 0;
10204 }
10205
10206 return -ENOTCONN;
10207 }
10208
ieee80211_mgd_disassoc(struct ieee80211_sub_if_data * sdata,struct cfg80211_disassoc_request * req)10209 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
10210 struct cfg80211_disassoc_request *req)
10211 {
10212 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
10213
10214 if (!sdata->u.mgd.associated ||
10215 memcmp(sdata->vif.cfg.ap_addr, req->ap_addr, ETH_ALEN))
10216 return -ENOTCONN;
10217
10218 sdata_info(sdata,
10219 "disassociating from %pM by local choice (Reason: %u=%s)\n",
10220 req->ap_addr, req->reason_code,
10221 ieee80211_get_reason_code_string(req->reason_code));
10222
10223 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
10224 req->reason_code, !req->local_state_change,
10225 frame_buf);
10226
10227 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
10228 req->reason_code, false);
10229
10230 return 0;
10231 }
10232
ieee80211_mgd_stop_link(struct ieee80211_link_data * link)10233 void ieee80211_mgd_stop_link(struct ieee80211_link_data *link)
10234 {
10235 wiphy_work_cancel(link->sdata->local->hw.wiphy,
10236 &link->u.mgd.request_smps_work);
10237 wiphy_work_cancel(link->sdata->local->hw.wiphy,
10238 &link->u.mgd.recalc_smps);
10239 wiphy_hrtimer_work_cancel(link->sdata->local->hw.wiphy,
10240 &link->u.mgd.csa.switch_work);
10241 }
10242
ieee80211_mgd_stop(struct ieee80211_sub_if_data * sdata)10243 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
10244 {
10245 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
10246
10247 /*
10248 * Make sure some work items will not run after this,
10249 * they will not do anything but might not have been
10250 * cancelled when disconnecting.
10251 */
10252 wiphy_work_cancel(sdata->local->hw.wiphy,
10253 &ifmgd->monitor_work);
10254 wiphy_work_cancel(sdata->local->hw.wiphy,
10255 &ifmgd->beacon_connection_loss_work);
10256 wiphy_work_cancel(sdata->local->hw.wiphy,
10257 &ifmgd->csa_connection_drop_work);
10258 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
10259 &ifmgd->tdls_peer_del_work);
10260
10261 if (ifmgd->assoc_data)
10262 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
10263 if (ifmgd->auth_data)
10264 ieee80211_destroy_auth_data(sdata, false);
10265 spin_lock_bh(&ifmgd->teardown_lock);
10266 if (ifmgd->teardown_skb) {
10267 kfree_skb(ifmgd->teardown_skb);
10268 ifmgd->teardown_skb = NULL;
10269 ifmgd->orig_teardown_skb = NULL;
10270 }
10271 kfree(ifmgd->assoc_req_ies);
10272 ifmgd->assoc_req_ies = NULL;
10273 ifmgd->assoc_req_ies_len = 0;
10274 spin_unlock_bh(&ifmgd->teardown_lock);
10275 timer_delete_sync(&ifmgd->timer);
10276 }
10277
ieee80211_cqm_rssi_notify(struct ieee80211_vif * vif,enum nl80211_cqm_rssi_threshold_event rssi_event,s32 rssi_level,gfp_t gfp)10278 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
10279 enum nl80211_cqm_rssi_threshold_event rssi_event,
10280 s32 rssi_level,
10281 gfp_t gfp)
10282 {
10283 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
10284
10285 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level);
10286
10287 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp);
10288 }
10289 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
10290
ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif * vif,gfp_t gfp)10291 void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp)
10292 {
10293 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
10294
10295 trace_api_cqm_beacon_loss_notify(sdata->local, sdata);
10296
10297 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp);
10298 }
10299 EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify);
10300
_ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data * sdata,int rssi_min_thold,int rssi_max_thold)10301 static void _ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data *sdata,
10302 int rssi_min_thold,
10303 int rssi_max_thold)
10304 {
10305 trace_api_enable_rssi_reports(sdata, rssi_min_thold, rssi_max_thold);
10306
10307 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
10308 return;
10309
10310 /*
10311 * Scale up threshold values before storing it, as the RSSI averaging
10312 * algorithm uses a scaled up value as well. Change this scaling
10313 * factor if the RSSI averaging algorithm changes.
10314 */
10315 sdata->u.mgd.rssi_min_thold = rssi_min_thold*16;
10316 sdata->u.mgd.rssi_max_thold = rssi_max_thold*16;
10317 }
10318
ieee80211_enable_rssi_reports(struct ieee80211_vif * vif,int rssi_min_thold,int rssi_max_thold)10319 void ieee80211_enable_rssi_reports(struct ieee80211_vif *vif,
10320 int rssi_min_thold,
10321 int rssi_max_thold)
10322 {
10323 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
10324
10325 WARN_ON(rssi_min_thold == rssi_max_thold ||
10326 rssi_min_thold > rssi_max_thold);
10327
10328 _ieee80211_enable_rssi_reports(sdata, rssi_min_thold,
10329 rssi_max_thold);
10330 }
10331 EXPORT_SYMBOL(ieee80211_enable_rssi_reports);
10332
ieee80211_disable_rssi_reports(struct ieee80211_vif * vif)10333 void ieee80211_disable_rssi_reports(struct ieee80211_vif *vif)
10334 {
10335 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
10336
10337 _ieee80211_enable_rssi_reports(sdata, 0, 0);
10338 }
10339 EXPORT_SYMBOL(ieee80211_disable_rssi_reports);
10340
ieee80211_process_ml_reconf_resp(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)10341 void ieee80211_process_ml_reconf_resp(struct ieee80211_sub_if_data *sdata,
10342 struct ieee80211_mgmt *mgmt, size_t len)
10343 {
10344 struct ieee80211_local *local = sdata->local;
10345 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
10346 struct ieee80211_mgd_assoc_data *add_links_data =
10347 ifmgd->reconf.add_links_data;
10348 struct sta_info *sta;
10349 struct cfg80211_mlo_reconf_done_data done_data = {};
10350 u16 sta_changed_links = sdata->u.mgd.reconf.added_links |
10351 sdata->u.mgd.reconf.removed_links;
10352 u16 link_mask, valid_links;
10353 unsigned int link_id;
10354 size_t orig_len = len;
10355 u8 i, group_key_data_len;
10356 u8 *pos;
10357
10358 if (!ieee80211_vif_is_mld(&sdata->vif) ||
10359 len < offsetofend(typeof(*mgmt), u.action.u.ml_reconf_resp) ||
10360 mgmt->u.action.u.ml_reconf_resp.dialog_token !=
10361 sdata->u.mgd.reconf.dialog_token ||
10362 !sta_changed_links)
10363 return;
10364
10365 pos = mgmt->u.action.u.ml_reconf_resp.variable;
10366 len -= offsetofend(typeof(*mgmt), u.action.u.ml_reconf_resp);
10367
10368 /* each status duple is 3 octets */
10369 if (len < mgmt->u.action.u.ml_reconf_resp.count * 3) {
10370 sdata_info(sdata,
10371 "mlo: reconf: unexpected len=%zu, count=%u\n",
10372 len, mgmt->u.action.u.ml_reconf_resp.count);
10373 goto disconnect;
10374 }
10375
10376 link_mask = sta_changed_links;
10377 for (i = 0; i < mgmt->u.action.u.ml_reconf_resp.count; i++) {
10378 u16 status = get_unaligned_le16(pos + 1);
10379
10380 link_id = *pos;
10381
10382 if (!(link_mask & BIT(link_id))) {
10383 sdata_info(sdata,
10384 "mlo: reconf: unexpected link: %u, changed=0x%x\n",
10385 link_id, sta_changed_links);
10386 goto disconnect;
10387 }
10388
10389 /* clear the corresponding link, to detect the case that
10390 * the same link was included more than one time
10391 */
10392 link_mask &= ~BIT(link_id);
10393
10394 /* Handle failure to remove links here. Failure to remove added
10395 * links will be done later in the flow.
10396 */
10397 if (status != WLAN_STATUS_SUCCESS) {
10398 sdata_info(sdata,
10399 "mlo: reconf: failed on link=%u, status=%u\n",
10400 link_id, status);
10401
10402 /* The AP MLD failed to remove a link that was already
10403 * removed locally. As this is not expected behavior,
10404 * disconnect
10405 */
10406 if (sdata->u.mgd.reconf.removed_links & BIT(link_id))
10407 goto disconnect;
10408
10409 /* The AP MLD failed to add a link. Remove it from the
10410 * added links.
10411 */
10412 sdata->u.mgd.reconf.added_links &= ~BIT(link_id);
10413 }
10414
10415 pos += 3;
10416 len -= 3;
10417 }
10418
10419 if (link_mask) {
10420 sdata_info(sdata,
10421 "mlo: reconf: no response for links=0x%x\n",
10422 link_mask);
10423 goto disconnect;
10424 }
10425
10426 if (!sdata->u.mgd.reconf.added_links)
10427 goto out;
10428
10429 if (len < 1 || len < 1 + *pos) {
10430 sdata_info(sdata,
10431 "mlo: reconf: invalid group key data length");
10432 goto disconnect;
10433 }
10434
10435 /* The Group Key Data field must be present when links are added. This
10436 * field should be processed by userland.
10437 */
10438 group_key_data_len = *pos++;
10439
10440 pos += group_key_data_len;
10441 len -= group_key_data_len + 1;
10442
10443 /* Process the information for the added links */
10444 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
10445 if (WARN_ON(!sta))
10446 goto disconnect;
10447
10448 valid_links = sdata->vif.valid_links;
10449 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10450 if (!add_links_data->link[link_id].bss ||
10451 !(sdata->u.mgd.reconf.added_links & BIT(link_id)))
10452 continue;
10453
10454 valid_links |= BIT(link_id);
10455 if (ieee80211_sta_allocate_link(sta, link_id))
10456 goto disconnect;
10457 }
10458
10459 ieee80211_vif_set_links(sdata, valid_links, sdata->vif.dormant_links);
10460 link_mask = 0;
10461 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10462 struct cfg80211_bss *cbss = add_links_data->link[link_id].bss;
10463 struct ieee80211_link_data *link;
10464 struct link_sta_info *link_sta;
10465 u64 changed = 0;
10466
10467 if (!cbss)
10468 continue;
10469
10470 link = sdata_dereference(sdata->link[link_id], sdata);
10471 if (WARN_ON(!link))
10472 goto disconnect;
10473
10474 link_info(link,
10475 "mlo: reconf: local address %pM, AP link address %pM\n",
10476 add_links_data->link[link_id].addr,
10477 add_links_data->link[link_id].bss->bssid);
10478
10479 link_sta = rcu_dereference_protected(sta->link[link_id],
10480 lockdep_is_held(&local->hw.wiphy->mtx));
10481 if (WARN_ON(!link_sta))
10482 goto disconnect;
10483
10484 if (!link->u.mgd.have_beacon) {
10485 const struct cfg80211_bss_ies *ies;
10486
10487 rcu_read_lock();
10488 ies = rcu_dereference(cbss->beacon_ies);
10489 if (ies)
10490 link->u.mgd.have_beacon = true;
10491 else
10492 ies = rcu_dereference(cbss->ies);
10493 ieee80211_get_dtim(ies,
10494 &link->conf->sync_dtim_count,
10495 &link->u.mgd.dtim_period);
10496 link->conf->beacon_int = cbss->beacon_interval;
10497 rcu_read_unlock();
10498 }
10499
10500 link->conf->dtim_period = link->u.mgd.dtim_period ?: 1;
10501
10502 link->u.mgd.conn = add_links_data->link[link_id].conn;
10503 if (ieee80211_prep_channel(sdata, link, link_id, cbss,
10504 true, &link->u.mgd.conn,
10505 sdata->u.mgd.userspace_selectors)) {
10506 link_info(link, "mlo: reconf: prep_channel failed\n");
10507 goto disconnect;
10508 }
10509
10510 if (ieee80211_mgd_setup_link_sta(link, sta, link_sta,
10511 add_links_data->link[link_id].bss))
10512 goto disconnect;
10513
10514 if (!ieee80211_assoc_config_link(link, link_sta,
10515 add_links_data->link[link_id].bss,
10516 mgmt, pos, len,
10517 &changed))
10518 goto disconnect;
10519
10520 /* The AP MLD indicated success for this link, but the station
10521 * profile status indicated otherwise. Since there is an
10522 * inconsistency in the ML reconfiguration response, disconnect
10523 */
10524 if (add_links_data->link[link_id].status != WLAN_STATUS_SUCCESS)
10525 goto disconnect;
10526
10527 ieee80211_sta_init_nss(link_sta);
10528 if (ieee80211_sta_activate_link(sta, link_id))
10529 goto disconnect;
10530
10531 changed |= ieee80211_link_set_associated(link, cbss);
10532 ieee80211_link_info_change_notify(sdata, link, changed);
10533
10534 ieee80211_recalc_smps(sdata, link);
10535 link_mask |= BIT(link_id);
10536 }
10537
10538 sdata_info(sdata,
10539 "mlo: reconf: current valid_links=0x%x, added=0x%x\n",
10540 valid_links, link_mask);
10541
10542 /* links might have changed due to rejected ones, set them again */
10543 ieee80211_vif_set_links(sdata, valid_links, sdata->vif.dormant_links);
10544 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_VALID_LINKS);
10545
10546 ieee80211_recalc_ps(local);
10547 ieee80211_recalc_ps_vif(sdata);
10548
10549 done_data.buf = (const u8 *)mgmt;
10550 done_data.len = orig_len;
10551 done_data.added_links = link_mask;
10552
10553 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10554 done_data.links[link_id].bss = add_links_data->link[link_id].bss;
10555 done_data.links[link_id].addr =
10556 add_links_data->link[link_id].addr;
10557 }
10558
10559 cfg80211_mlo_reconf_add_done(sdata->dev, &done_data);
10560 kfree(sdata->u.mgd.reconf.add_links_data);
10561 sdata->u.mgd.reconf.add_links_data = NULL;
10562 out:
10563 ieee80211_ml_reconf_reset(sdata);
10564 return;
10565
10566 disconnect:
10567 __ieee80211_disconnect(sdata);
10568 }
10569
10570 static struct sk_buff *
ieee80211_build_ml_reconf_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * add_links_data,u16 removed_links,__le16 ext_mld_capa_ops)10571 ieee80211_build_ml_reconf_req(struct ieee80211_sub_if_data *sdata,
10572 struct ieee80211_mgd_assoc_data *add_links_data,
10573 u16 removed_links, __le16 ext_mld_capa_ops)
10574 {
10575 struct ieee80211_local *local = sdata->local;
10576 struct ieee80211_mgmt *mgmt;
10577 struct ieee80211_multi_link_elem *ml_elem;
10578 struct ieee80211_mle_basic_common_info *common;
10579 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
10580 struct sk_buff *skb;
10581 size_t size;
10582 unsigned int link_id;
10583 __le16 eml_capa = 0, mld_capa_ops = 0;
10584 struct ieee80211_tx_info *info;
10585 u8 common_size, var_common_size;
10586 u8 *ml_elem_len;
10587 u16 capab = 0;
10588
10589 size = local->hw.extra_tx_headroom + sizeof(*mgmt);
10590
10591 /* Consider the maximal length of the reconfiguration ML element */
10592 size += sizeof(struct ieee80211_multi_link_elem);
10593
10594 /* The Basic ML element and the Reconfiguration ML element have the same
10595 * fixed common information fields in the context of ML reconfiguration
10596 * action frame. The AP MLD MAC address must always be present
10597 */
10598 common_size = sizeof(*common);
10599
10600 /* when adding links, the MLD capabilities must be present */
10601 var_common_size = 0;
10602 if (add_links_data) {
10603 const struct wiphy_iftype_ext_capab *ift_ext_capa =
10604 cfg80211_get_iftype_ext_capa(local->hw.wiphy,
10605 ieee80211_vif_type_p2p(&sdata->vif));
10606
10607 if (ift_ext_capa) {
10608 eml_capa = cpu_to_le16(ift_ext_capa->eml_capabilities);
10609 mld_capa_ops =
10610 cpu_to_le16(ift_ext_capa->mld_capa_and_ops);
10611 }
10612
10613 /* MLD capabilities and operation */
10614 var_common_size += 2;
10615
10616 /* EML capabilities */
10617 if (eml_capa & cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP |
10618 IEEE80211_EML_CAP_EMLMR_SUPPORT)))
10619 var_common_size += 2;
10620 }
10621
10622 if (ext_mld_capa_ops)
10623 var_common_size += 2;
10624
10625 /* Add the common information length */
10626 size += common_size + var_common_size;
10627
10628 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10629 struct cfg80211_bss *cbss;
10630 size_t elems_len;
10631
10632 if (removed_links & BIT(link_id)) {
10633 size += sizeof(struct ieee80211_mle_per_sta_profile) +
10634 ETH_ALEN;
10635 continue;
10636 }
10637
10638 if (!add_links_data || !add_links_data->link[link_id].bss)
10639 continue;
10640
10641 elems_len = add_links_data->link[link_id].elems_len;
10642 cbss = add_links_data->link[link_id].bss;
10643
10644 /* should be the same across all BSSes */
10645 if (cbss->capability & WLAN_CAPABILITY_PRIVACY)
10646 capab |= WLAN_CAPABILITY_PRIVACY;
10647
10648 size += 2 + sizeof(struct ieee80211_mle_per_sta_profile) +
10649 ETH_ALEN;
10650
10651 /* WMM */
10652 size += 9;
10653 size += ieee80211_link_common_elems_size(sdata, iftype, cbss,
10654 elems_len);
10655 }
10656
10657 skb = alloc_skb(size, GFP_KERNEL);
10658 if (!skb)
10659 return NULL;
10660
10661 skb_reserve(skb, local->hw.extra_tx_headroom);
10662 mgmt = skb_put_zero(skb, offsetofend(struct ieee80211_mgmt,
10663 u.action.u.ml_reconf_req));
10664
10665 /* Add the MAC header */
10666 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
10667 IEEE80211_STYPE_ACTION);
10668 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
10669 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
10670 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
10671
10672 /* Add the action frame fixed fields */
10673 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
10674 mgmt->u.action.u.ml_reconf_req.action_code =
10675 WLAN_PROTECTED_EHT_ACTION_LINK_RECONFIG_REQ;
10676
10677 /* allocate a dialog token and store it */
10678 sdata->u.mgd.reconf.dialog_token = ++sdata->u.mgd.dialog_token_alloc;
10679 mgmt->u.action.u.ml_reconf_req.dialog_token =
10680 sdata->u.mgd.reconf.dialog_token;
10681
10682 /* Add the ML reconfiguration element and the common information */
10683 skb_put_u8(skb, WLAN_EID_EXTENSION);
10684 ml_elem_len = skb_put(skb, 1);
10685 skb_put_u8(skb, WLAN_EID_EXT_EHT_MULTI_LINK);
10686 ml_elem = skb_put(skb, sizeof(*ml_elem));
10687 ml_elem->control =
10688 cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_RECONF |
10689 IEEE80211_MLC_RECONF_PRES_MLD_MAC_ADDR);
10690 common = skb_put(skb, common_size);
10691 common->len = common_size + var_common_size;
10692 memcpy(common->mld_mac_addr, sdata->vif.addr, ETH_ALEN);
10693
10694 if (add_links_data) {
10695 if (eml_capa &
10696 cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP |
10697 IEEE80211_EML_CAP_EMLMR_SUPPORT))) {
10698 ml_elem->control |=
10699 cpu_to_le16(IEEE80211_MLC_RECONF_PRES_EML_CAPA);
10700 skb_put_data(skb, &eml_capa, sizeof(eml_capa));
10701 }
10702
10703 ml_elem->control |=
10704 cpu_to_le16(IEEE80211_MLC_RECONF_PRES_MLD_CAPA_OP);
10705
10706 skb_put_data(skb, &mld_capa_ops, sizeof(mld_capa_ops));
10707 }
10708
10709 if (ext_mld_capa_ops) {
10710 ml_elem->control |=
10711 cpu_to_le16(IEEE80211_MLC_RECONF_PRES_EXT_MLD_CAPA_OP);
10712 skb_put_data(skb, &ext_mld_capa_ops, sizeof(ext_mld_capa_ops));
10713 }
10714
10715 if (sdata->u.mgd.flags & IEEE80211_STA_ENABLE_RRM)
10716 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
10717
10718 /* Add the per station profile */
10719 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10720 u8 *subelem_len = NULL;
10721 u16 ctrl;
10722 const u8 *addr;
10723
10724 /* Skip links that are not changing */
10725 if (!(removed_links & BIT(link_id)) &&
10726 (!add_links_data || !add_links_data->link[link_id].bss))
10727 continue;
10728
10729 ctrl = link_id |
10730 IEEE80211_MLE_STA_RECONF_CONTROL_STA_MAC_ADDR_PRESENT;
10731
10732 if (removed_links & BIT(link_id)) {
10733 struct ieee80211_bss_conf *conf =
10734 sdata_dereference(sdata->vif.link_conf[link_id],
10735 sdata);
10736 if (!conf)
10737 continue;
10738
10739 addr = conf->addr;
10740 ctrl |= u16_encode_bits(IEEE80211_MLE_STA_RECONF_CONTROL_OPERATION_TYPE_DEL_LINK,
10741 IEEE80211_MLE_STA_RECONF_CONTROL_OPERATION_TYPE);
10742 } else {
10743 addr = add_links_data->link[link_id].addr;
10744 ctrl |= IEEE80211_MLE_STA_RECONF_CONTROL_COMPLETE_PROFILE |
10745 u16_encode_bits(IEEE80211_MLE_STA_RECONF_CONTROL_OPERATION_TYPE_ADD_LINK,
10746 IEEE80211_MLE_STA_RECONF_CONTROL_OPERATION_TYPE);
10747 }
10748
10749 skb_put_u8(skb, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE);
10750 subelem_len = skb_put(skb, 1);
10751
10752 put_unaligned_le16(ctrl, skb_put(skb, sizeof(ctrl)));
10753 skb_put_u8(skb, 1 + ETH_ALEN);
10754 skb_put_data(skb, addr, ETH_ALEN);
10755
10756 if (!(removed_links & BIT(link_id))) {
10757 u16 link_present_elems[PRESENT_ELEMS_MAX] = {};
10758 size_t extra_used;
10759 void *capab_pos;
10760 u8 qos_info;
10761
10762 capab_pos = skb_put(skb, 2);
10763
10764 extra_used =
10765 ieee80211_add_link_elems(sdata, skb, &capab, NULL,
10766 add_links_data->link[link_id].elems,
10767 add_links_data->link[link_id].elems_len,
10768 link_id, NULL,
10769 link_present_elems,
10770 add_links_data);
10771
10772 if (add_links_data->link[link_id].elems)
10773 skb_put_data(skb,
10774 add_links_data->link[link_id].elems +
10775 extra_used,
10776 add_links_data->link[link_id].elems_len -
10777 extra_used);
10778 if (sdata->u.mgd.flags & IEEE80211_STA_UAPSD_ENABLED) {
10779 qos_info = sdata->u.mgd.uapsd_queues;
10780 qos_info |= (sdata->u.mgd.uapsd_max_sp_len <<
10781 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
10782 } else {
10783 qos_info = 0;
10784 }
10785
10786 ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
10787 put_unaligned_le16(capab, capab_pos);
10788 }
10789
10790 ieee80211_fragment_element(skb, subelem_len,
10791 IEEE80211_MLE_SUBELEM_FRAGMENT);
10792 }
10793
10794 ieee80211_fragment_element(skb, ml_elem_len, WLAN_EID_FRAGMENT);
10795
10796 info = IEEE80211_SKB_CB(skb);
10797 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
10798
10799 return skb;
10800 }
10801
ieee80211_mgd_assoc_ml_reconf(struct ieee80211_sub_if_data * sdata,struct cfg80211_ml_reconf_req * req)10802 int ieee80211_mgd_assoc_ml_reconf(struct ieee80211_sub_if_data *sdata,
10803 struct cfg80211_ml_reconf_req *req)
10804 {
10805 struct ieee80211_local *local = sdata->local;
10806 struct ieee80211_mgd_assoc_data *data = NULL;
10807 struct sta_info *sta;
10808 struct sk_buff *skb;
10809 u16 added_links, new_valid_links;
10810 int link_id, err;
10811
10812 if (!ieee80211_vif_is_mld(&sdata->vif) ||
10813 !(sdata->vif.cfg.mld_capa_op &
10814 IEEE80211_MLD_CAP_OP_LINK_RECONF_SUPPORT))
10815 return -EINVAL;
10816
10817 /* No support for concurrent ML reconfiguration operation */
10818 if (sdata->u.mgd.reconf.added_links ||
10819 sdata->u.mgd.reconf.removed_links)
10820 return -EBUSY;
10821
10822 added_links = 0;
10823 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10824 if (!req->add_links[link_id].bss)
10825 continue;
10826
10827 added_links |= BIT(link_id);
10828 }
10829
10830 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
10831 if (WARN_ON(!sta))
10832 return -ENOLINK;
10833
10834 /* Adding links to the set of valid link is done only after a successful
10835 * ML reconfiguration frame exchange. Here prepare the data for the ML
10836 * reconfiguration frame construction and allocate the required
10837 * resources
10838 */
10839 if (added_links) {
10840 bool uapsd_supported;
10841
10842 data = kzalloc_obj(*data, GFP_KERNEL);
10843 if (!data)
10844 return -ENOMEM;
10845
10846 data->assoc_link_id = -1;
10847 data->wmm = true;
10848
10849 uapsd_supported = true;
10850 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
10851 link_id++) {
10852 struct ieee80211_supported_band *sband;
10853 struct cfg80211_bss *link_cbss =
10854 req->add_links[link_id].bss;
10855 struct ieee80211_bss *bss;
10856
10857 if (!link_cbss)
10858 continue;
10859
10860 bss = (void *)link_cbss->priv;
10861
10862 if (!bss->wmm_used) {
10863 err = -EINVAL;
10864 goto err_free;
10865 }
10866
10867 if (link_cbss->channel->band == NL80211_BAND_S1GHZ) {
10868 err = -EINVAL;
10869 goto err_free;
10870 }
10871
10872 eth_random_addr(data->link[link_id].addr);
10873 data->link[link_id].conn =
10874 ieee80211_conn_settings_unlimited;
10875 sband =
10876 local->hw.wiphy->bands[link_cbss->channel->band];
10877
10878 ieee80211_determine_our_sta_mode(sdata, sband,
10879 NULL, true, link_id,
10880 &data->link[link_id].conn);
10881
10882 data->link[link_id].bss = link_cbss;
10883 data->link[link_id].elems =
10884 (u8 *)req->add_links[link_id].elems;
10885 data->link[link_id].elems_len =
10886 req->add_links[link_id].elems_len;
10887
10888 if (!bss->uapsd_supported)
10889 uapsd_supported = false;
10890
10891 if (data->link[link_id].conn.mode <
10892 IEEE80211_CONN_MODE_EHT) {
10893 err = -EINVAL;
10894 goto err_free;
10895 }
10896
10897 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata, data,
10898 link_id);
10899 if (err) {
10900 err = -EINVAL;
10901 goto err_free;
10902 }
10903 }
10904
10905 /* Require U-APSD support if we enabled it */
10906 if (sdata->u.mgd.flags & IEEE80211_STA_UAPSD_ENABLED &&
10907 !uapsd_supported) {
10908 err = -EINVAL;
10909 sdata_info(sdata, "U-APSD on but not available on (all) new links\n");
10910 goto err_free;
10911 }
10912
10913 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
10914 link_id++) {
10915 if (!data->link[link_id].bss)
10916 continue;
10917
10918 /* only used to verify the mode, nothing is allocated */
10919 err = ieee80211_prep_channel(sdata, NULL, link_id,
10920 data->link[link_id].bss,
10921 true,
10922 &data->link[link_id].conn,
10923 sdata->u.mgd.userspace_selectors);
10924 if (err)
10925 goto err_free;
10926 }
10927 }
10928
10929 /* link removal is done before the ML reconfiguration frame exchange so
10930 * that these links will not be used between their removal by the AP MLD
10931 * and before the station got the ML reconfiguration response. Based on
10932 * Section 35.3.6.4 in Draft P802.11be_D7.0 the AP MLD should accept the
10933 * link removal request.
10934 */
10935 if (req->rem_links) {
10936 u16 new_active_links =
10937 sdata->vif.active_links & ~req->rem_links;
10938
10939 new_valid_links = sdata->vif.valid_links & ~req->rem_links;
10940
10941 /* Should not be left with no valid links to perform the
10942 * ML reconfiguration
10943 */
10944 if (!new_valid_links ||
10945 !(new_valid_links & ~sdata->vif.dormant_links)) {
10946 sdata_info(sdata, "mlo: reconf: no valid links\n");
10947 err = -EINVAL;
10948 goto err_free;
10949 }
10950
10951 if (new_active_links != sdata->vif.active_links) {
10952 if (!new_active_links)
10953 new_active_links =
10954 BIT(__ffs(new_valid_links &
10955 ~sdata->vif.dormant_links));
10956
10957 err = ieee80211_set_active_links(&sdata->vif,
10958 new_active_links);
10959 if (err) {
10960 sdata_info(sdata,
10961 "mlo: reconf: failed set active links\n");
10962 goto err_free;
10963 }
10964 }
10965 }
10966
10967 /* Build the SKB before the link removal as the construction of the
10968 * station info for removed links requires the local address.
10969 * Invalidate the removed links, so that the transmission of the ML
10970 * reconfiguration request frame would not be done using them, as the AP
10971 * is expected to send the ML reconfiguration response frame on the link
10972 * on which the request was received.
10973 */
10974 skb = ieee80211_build_ml_reconf_req(sdata, data, req->rem_links,
10975 cpu_to_le16(req->ext_mld_capa_ops));
10976 if (!skb) {
10977 err = -ENOMEM;
10978 goto err_free;
10979 }
10980
10981 if (req->rem_links) {
10982 u16 new_dormant_links =
10983 sdata->vif.dormant_links & ~req->rem_links;
10984
10985 err = ieee80211_vif_set_links(sdata, new_valid_links,
10986 new_dormant_links);
10987 if (err) {
10988 sdata_info(sdata,
10989 "mlo: reconf: failed set valid links\n");
10990 kfree_skb(skb);
10991 goto err_free;
10992 }
10993
10994 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
10995 link_id++) {
10996 if (!(req->rem_links & BIT(link_id)))
10997 continue;
10998
10999 ieee80211_sta_remove_link(sta, link_id);
11000 }
11001
11002 /* notify the driver and upper layers */
11003 ieee80211_vif_cfg_change_notify(sdata,
11004 BSS_CHANGED_MLD_VALID_LINKS);
11005 cfg80211_links_removed(sdata->dev, req->rem_links);
11006 }
11007
11008 sdata_info(sdata, "mlo: reconf: adding=0x%x, removed=0x%x\n",
11009 added_links, req->rem_links);
11010
11011 ieee80211_tx_skb(sdata, skb);
11012
11013 sdata->u.mgd.reconf.added_links = added_links;
11014 sdata->u.mgd.reconf.add_links_data = data;
11015 sdata->u.mgd.reconf.removed_links = req->rem_links;
11016 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
11017 &sdata->u.mgd.reconf.wk,
11018 IEEE80211_ASSOC_TIMEOUT_SHORT);
11019 return 0;
11020
11021 err_free:
11022 kfree(data);
11023 return err;
11024 }
11025
ieee80211_mgd_epcs_supp(struct ieee80211_sub_if_data * sdata)11026 static bool ieee80211_mgd_epcs_supp(struct ieee80211_sub_if_data *sdata)
11027 {
11028 unsigned long valid_links = sdata->vif.valid_links;
11029 u8 link_id;
11030
11031 lockdep_assert_wiphy(sdata->local->hw.wiphy);
11032
11033 if (!ieee80211_vif_is_mld(&sdata->vif))
11034 return false;
11035
11036 for_each_set_bit(link_id, &valid_links, IEEE80211_MLD_MAX_NUM_LINKS) {
11037 struct ieee80211_bss_conf *bss_conf =
11038 sdata_dereference(sdata->vif.link_conf[link_id], sdata);
11039
11040 if (WARN_ON(!bss_conf) || !bss_conf->epcs_support)
11041 return false;
11042 }
11043
11044 return true;
11045 }
11046
ieee80211_mgd_set_epcs(struct ieee80211_sub_if_data * sdata,bool enable)11047 int ieee80211_mgd_set_epcs(struct ieee80211_sub_if_data *sdata, bool enable)
11048 {
11049 struct ieee80211_local *local = sdata->local;
11050 struct ieee80211_mgmt *mgmt;
11051 struct sk_buff *skb;
11052 int frame_len = offsetofend(struct ieee80211_mgmt,
11053 u.action.u.epcs) + (enable ? 1 : 0);
11054
11055 if (!ieee80211_mgd_epcs_supp(sdata))
11056 return -EINVAL;
11057
11058 if (sdata->u.mgd.epcs.enabled == enable &&
11059 !sdata->u.mgd.epcs.dialog_token)
11060 return 0;
11061
11062 /* Do not allow enabling EPCS if the AP didn't respond yet.
11063 * However, allow disabling EPCS in such a case.
11064 */
11065 if (sdata->u.mgd.epcs.dialog_token && enable)
11066 return -EALREADY;
11067
11068 skb = dev_alloc_skb(local->hw.extra_tx_headroom + frame_len);
11069 if (!skb)
11070 return -ENOBUFS;
11071
11072 skb_reserve(skb, local->hw.extra_tx_headroom);
11073 mgmt = skb_put_zero(skb, frame_len);
11074 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
11075 IEEE80211_STYPE_ACTION);
11076 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
11077 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
11078 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
11079
11080 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
11081 if (enable) {
11082 u8 *pos = mgmt->u.action.u.epcs.variable;
11083
11084 mgmt->u.action.u.epcs.action_code =
11085 WLAN_PROTECTED_EHT_ACTION_EPCS_ENABLE_REQ;
11086
11087 *pos = ++sdata->u.mgd.dialog_token_alloc;
11088 sdata->u.mgd.epcs.dialog_token = *pos;
11089 } else {
11090 mgmt->u.action.u.epcs.action_code =
11091 WLAN_PROTECTED_EHT_ACTION_EPCS_ENABLE_TEARDOWN;
11092
11093 ieee80211_epcs_teardown(sdata);
11094 ieee80211_epcs_changed(sdata, false);
11095 }
11096
11097 ieee80211_tx_skb(sdata, skb);
11098 return 0;
11099 }
11100
ieee80211_ml_epcs(struct ieee80211_sub_if_data * sdata,struct ieee802_11_elems * elems)11101 static void ieee80211_ml_epcs(struct ieee80211_sub_if_data *sdata,
11102 struct ieee802_11_elems *elems)
11103 {
11104 const struct element *sub;
11105 size_t scratch_len = elems->ml_epcs_len;
11106 u8 *scratch __free(kfree) = kzalloc(scratch_len, GFP_KERNEL);
11107
11108 lockdep_assert_wiphy(sdata->local->hw.wiphy);
11109
11110 if (!ieee80211_vif_is_mld(&sdata->vif) || !elems->ml_epcs)
11111 return;
11112
11113 if (WARN_ON(!scratch))
11114 return;
11115
11116 /* Directly parse the sub elements as the common information doesn't
11117 * hold any useful information.
11118 */
11119 for_each_mle_subelement(sub, (const u8 *)elems->ml_epcs,
11120 elems->ml_epcs_len) {
11121 struct ieee802_11_elems *link_elems __free(kfree) = NULL;
11122 struct ieee80211_link_data *link;
11123 u8 *pos = (void *)sub->data;
11124 u16 control;
11125 ssize_t len;
11126 u8 link_id;
11127
11128 if (sub->id != IEEE80211_MLE_SUBELEM_PER_STA_PROFILE)
11129 continue;
11130
11131 if (sub->datalen < sizeof(control))
11132 break;
11133
11134 control = get_unaligned_le16(pos);
11135 link_id = control & IEEE80211_MLE_STA_EPCS_CONTROL_LINK_ID;
11136
11137 link = sdata_dereference(sdata->link[link_id], sdata);
11138 if (!link)
11139 continue;
11140
11141 len = cfg80211_defragment_element(sub, (u8 *)elems->ml_epcs,
11142 elems->ml_epcs_len,
11143 scratch, scratch_len,
11144 IEEE80211_MLE_SUBELEM_FRAGMENT);
11145 if (len < (ssize_t)sizeof(control))
11146 continue;
11147
11148 pos = scratch + sizeof(control);
11149 len -= sizeof(control);
11150
11151 link_elems = ieee802_11_parse_elems(pos, len,
11152 IEEE80211_FTYPE_MGMT |
11153 IEEE80211_STYPE_ACTION,
11154 NULL);
11155 if (!link_elems)
11156 continue;
11157
11158 if (ieee80211_sta_wmm_params(sdata->local, link,
11159 link_elems->wmm_param,
11160 link_elems->wmm_param_len,
11161 link_elems->mu_edca_param_set))
11162 ieee80211_link_info_change_notify(sdata, link,
11163 BSS_CHANGED_QOS);
11164 }
11165 }
11166
ieee80211_process_epcs_ena_resp(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)11167 void ieee80211_process_epcs_ena_resp(struct ieee80211_sub_if_data *sdata,
11168 struct ieee80211_mgmt *mgmt, size_t len)
11169 {
11170 struct ieee802_11_elems *elems __free(kfree) = NULL;
11171 size_t ies_len;
11172 u16 status_code;
11173 u8 *pos, dialog_token;
11174
11175 if (!ieee80211_mgd_epcs_supp(sdata))
11176 return;
11177
11178 /* Handle dialog token and status code */
11179 pos = mgmt->u.action.u.epcs.variable;
11180 dialog_token = *pos;
11181 status_code = get_unaligned_le16(pos + 1);
11182
11183 /* An EPCS enable response with dialog token == 0 is an unsolicited
11184 * notification from the AP MLD. In such a case, EPCS should already be
11185 * enabled and status must be success
11186 */
11187 if (!dialog_token &&
11188 (!sdata->u.mgd.epcs.enabled ||
11189 status_code != WLAN_STATUS_SUCCESS))
11190 return;
11191
11192 if (sdata->u.mgd.epcs.dialog_token != dialog_token)
11193 return;
11194
11195 sdata->u.mgd.epcs.dialog_token = 0;
11196
11197 if (status_code != WLAN_STATUS_SUCCESS)
11198 return;
11199
11200 pos += IEEE80211_EPCS_ENA_RESP_BODY_LEN;
11201 ies_len = len - offsetof(struct ieee80211_mgmt,
11202 u.action.u.epcs.variable) -
11203 IEEE80211_EPCS_ENA_RESP_BODY_LEN;
11204
11205 elems = ieee802_11_parse_elems(pos, ies_len,
11206 IEEE80211_FTYPE_MGMT |
11207 IEEE80211_STYPE_ACTION,
11208 NULL);
11209 if (!elems)
11210 return;
11211
11212 ieee80211_ml_epcs(sdata, elems);
11213 ieee80211_epcs_changed(sdata, true);
11214 }
11215
ieee80211_process_epcs_teardown(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)11216 void ieee80211_process_epcs_teardown(struct ieee80211_sub_if_data *sdata,
11217 struct ieee80211_mgmt *mgmt, size_t len)
11218 {
11219 if (!ieee80211_vif_is_mld(&sdata->vif) ||
11220 !sdata->u.mgd.epcs.enabled)
11221 return;
11222
11223 ieee80211_epcs_teardown(sdata);
11224 ieee80211_epcs_changed(sdata, false);
11225 }
11226