1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * BSS client mode implementation
4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2013-2014 Intel Mobile Communications GmbH
10 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
11 * Copyright (C) 2018 - 2026 Intel Corporation
12 */
13
14 #include <linux/delay.h>
15 #include <linux/fips.h>
16 #include <linux/if_ether.h>
17 #include <linux/skbuff.h>
18 #include <linux/if_arp.h>
19 #include <linux/etherdevice.h>
20 #include <linux/moduleparam.h>
21 #include <linux/rtnetlink.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <linux/unaligned.h>
27
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
30 #include "rate.h"
31 #include "led.h"
32 #include "fils_aead.h"
33
34 #include <kunit/static_stub.h>
35
36 #define IEEE80211_AUTH_TIMEOUT (HZ / 5)
37 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
38 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
39 #define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2)
40 #define IEEE80211_AUTH_MAX_TRIES 3
41 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
42 #define IEEE80211_AUTH_WAIT_SAE_RETRY (HZ * 2)
43 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
44 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
45 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
46 #define IEEE80211_ASSOC_MAX_TRIES 3
47
48 #define IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS (100 * USEC_PER_MSEC)
49 #define IEEE80211_ADV_TTLM_ST_UNDERFLOW 0xff00
50
51 #define IEEE80211_NEG_TTLM_REQ_TIMEOUT (HZ / 5)
52
53 static int max_nullfunc_tries = 2;
54 module_param(max_nullfunc_tries, int, 0644);
55 MODULE_PARM_DESC(max_nullfunc_tries,
56 "Maximum nullfunc tx tries before disconnecting (reason 4).");
57
58 static int max_probe_tries = 5;
59 module_param(max_probe_tries, int, 0644);
60 MODULE_PARM_DESC(max_probe_tries,
61 "Maximum probe tries before disconnecting (reason 4).");
62
63 /*
64 * Beacon loss timeout is calculated as N frames times the
65 * advertised beacon interval. This may need to be somewhat
66 * higher than what hardware might detect to account for
67 * delays in the host processing frames. But since we also
68 * probe on beacon miss before declaring the connection lost
69 * default to what we want.
70 */
71 static int beacon_loss_count = 7;
72 module_param(beacon_loss_count, int, 0644);
73 MODULE_PARM_DESC(beacon_loss_count,
74 "Number of beacon intervals before we decide beacon was lost.");
75
76 /*
77 * Time the connection can be idle before we probe
78 * it to see if we can still talk to the AP.
79 */
80 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
81 /*
82 * Time we wait for a probe response after sending
83 * a probe request because of beacon loss or for
84 * checking the connection still works.
85 */
86 static int probe_wait_ms = 500;
87 module_param(probe_wait_ms, int, 0644);
88 MODULE_PARM_DESC(probe_wait_ms,
89 "Maximum time(ms) to wait for probe response"
90 " before disconnecting (reason 4).");
91
92 /*
93 * How many Beacon frames need to have been used in average signal strength
94 * before starting to indicate signal change events.
95 */
96 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
97
98 /*
99 * We can have multiple work items (and connection probing)
100 * scheduling this timer, but we need to take care to only
101 * reschedule it when it should fire _earlier_ than it was
102 * asked for before, or if it's not pending right now. This
103 * function ensures that. Note that it then is required to
104 * run this function for all timeouts after the first one
105 * has happened -- the work that runs from this timer will
106 * do that.
107 */
run_again(struct ieee80211_sub_if_data * sdata,unsigned long timeout)108 static void run_again(struct ieee80211_sub_if_data *sdata,
109 unsigned long timeout)
110 {
111 lockdep_assert_wiphy(sdata->local->hw.wiphy);
112
113 if (!timer_pending(&sdata->u.mgd.timer) ||
114 time_before(timeout, sdata->u.mgd.timer.expires))
115 mod_timer(&sdata->u.mgd.timer, timeout);
116 }
117
ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data * sdata)118 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
119 {
120 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
121 return;
122
123 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
124 return;
125
126 mod_timer(&sdata->u.mgd.bcn_mon_timer,
127 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
128 }
129
ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data * sdata)130 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
131 {
132 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
133
134 if (unlikely(!ifmgd->associated))
135 return;
136
137 if (ifmgd->probe_send_count)
138 ifmgd->probe_send_count = 0;
139
140 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
141 return;
142
143 mod_timer(&ifmgd->conn_mon_timer,
144 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
145 }
146
ecw2cw(int ecw)147 static int ecw2cw(int ecw)
148 {
149 return (1 << ecw) - 1;
150 }
151
152 static enum ieee80211_conn_mode
ieee80211_determine_ap_chan(struct ieee80211_sub_if_data * sdata,struct ieee80211_channel * channel,u32 vht_cap_info,const struct ieee802_11_elems * elems,bool ignore_ht_channel_mismatch,const struct ieee80211_conn_settings * conn,struct cfg80211_chan_def * chandef)153 ieee80211_determine_ap_chan(struct ieee80211_sub_if_data *sdata,
154 struct ieee80211_channel *channel,
155 u32 vht_cap_info,
156 const struct ieee802_11_elems *elems,
157 bool ignore_ht_channel_mismatch,
158 const struct ieee80211_conn_settings *conn,
159 struct cfg80211_chan_def *chandef)
160 {
161 const struct ieee80211_ht_operation *ht_oper = elems->ht_operation;
162 const struct ieee80211_vht_operation *vht_oper = elems->vht_operation;
163 const struct ieee80211_he_operation *he_oper = elems->he_operation;
164 const struct ieee80211_eht_operation *eht_oper = elems->eht_operation;
165 const struct ieee80211_uhr_operation *uhr_oper = elems->uhr_operation;
166 struct ieee80211_supported_band *sband =
167 sdata->local->hw.wiphy->bands[channel->band];
168 struct cfg80211_chan_def vht_chandef;
169 bool no_vht = false;
170 u32 ht_cfreq;
171
172 if (ieee80211_hw_check(&sdata->local->hw, STRICT))
173 ignore_ht_channel_mismatch = false;
174
175 *chandef = (struct cfg80211_chan_def) {
176 .chan = channel,
177 .width = NL80211_CHAN_WIDTH_20_NOHT,
178 .center_freq1 = channel->center_freq,
179 .freq1_offset = channel->freq_offset,
180 };
181
182 /* get special S1G case out of the way */
183 if (sband->band == NL80211_BAND_S1GHZ) {
184 if (!ieee80211_chandef_s1g_oper(sdata->local, elems->s1g_oper,
185 chandef)) {
186 /* Fallback to default 1MHz */
187 chandef->width = NL80211_CHAN_WIDTH_1;
188 chandef->s1g_primary_2mhz = false;
189 }
190
191 return IEEE80211_CONN_MODE_S1G;
192 }
193
194 /* get special 6 GHz case out of the way */
195 if (sband->band == NL80211_BAND_6GHZ) {
196 enum ieee80211_conn_mode mode = IEEE80211_CONN_MODE_HIGHEST;
197
198 /* this is an error */
199 if (conn->mode < IEEE80211_CONN_MODE_HE)
200 return IEEE80211_CONN_MODE_LEGACY;
201
202 if (!elems->he_6ghz_capa || !elems->he_cap) {
203 sdata_info(sdata,
204 "HE 6 GHz AP is missing HE/HE 6 GHz band capability\n");
205 return IEEE80211_CONN_MODE_LEGACY;
206 }
207
208 if (!eht_oper || !elems->eht_cap) {
209 eht_oper = NULL;
210 mode = IEEE80211_CONN_MODE_HE;
211 }
212
213 if (!ieee80211_chandef_he_6ghz_oper(sdata->local, he_oper,
214 eht_oper, chandef)) {
215 sdata_info(sdata, "bad HE/EHT 6 GHz operation\n");
216 return IEEE80211_CONN_MODE_LEGACY;
217 }
218
219 if (eht_oper && ieee80211_hw_check(&sdata->local->hw, STRICT)) {
220 struct cfg80211_chan_def he_chandef = *chandef;
221
222 if (!ieee80211_chandef_he_6ghz_oper(sdata->local,
223 he_oper, NULL,
224 &he_chandef)) {
225 sdata_info(sdata,
226 "bad HE operation in EHT AP\n");
227 return IEEE80211_CONN_MODE_LEGACY;
228 }
229
230 if (!cfg80211_chandef_compatible(chandef,
231 &he_chandef)) {
232 sdata_info(sdata, "HE/EHT incompatible\n");
233 return IEEE80211_CONN_MODE_LEGACY;
234 }
235 }
236
237 if (mode <= IEEE80211_CONN_MODE_EHT)
238 return mode;
239 goto check_uhr;
240 }
241
242 /* now we have the progression HT, VHT, ... */
243 if (conn->mode < IEEE80211_CONN_MODE_HT)
244 return IEEE80211_CONN_MODE_LEGACY;
245
246 if (!ht_oper || !elems->ht_cap_elem)
247 return IEEE80211_CONN_MODE_LEGACY;
248
249 chandef->width = NL80211_CHAN_WIDTH_20;
250
251 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
252 channel->band);
253 /* check that channel matches the right operating channel */
254 if (!ignore_ht_channel_mismatch && channel->center_freq != ht_cfreq) {
255 /*
256 * It's possible that some APs are confused here;
257 * Netgear WNDR3700 sometimes reports 4 higher than
258 * the actual channel in association responses, but
259 * since we look at probe response/beacon data here
260 * it should be OK.
261 */
262 sdata_info(sdata,
263 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
264 channel->center_freq, ht_cfreq,
265 ht_oper->primary_chan, channel->band);
266 return IEEE80211_CONN_MODE_LEGACY;
267 }
268
269 ieee80211_chandef_ht_oper(ht_oper, chandef);
270
271 if (conn->mode < IEEE80211_CONN_MODE_VHT)
272 return IEEE80211_CONN_MODE_HT;
273
274 vht_chandef = *chandef;
275
276 /*
277 * having he_cap/he_oper parsed out implies we're at
278 * least operating as HE STA
279 */
280 if (elems->he_cap && he_oper &&
281 he_oper->he_oper_params & cpu_to_le32(IEEE80211_HE_OPERATION_VHT_OPER_INFO)) {
282 struct ieee80211_vht_operation he_oper_vht_cap;
283
284 /*
285 * Set only first 3 bytes (other 2 aren't used in
286 * ieee80211_chandef_vht_oper() anyway)
287 */
288 memcpy(&he_oper_vht_cap, he_oper->optional, 3);
289 he_oper_vht_cap.basic_mcs_set = cpu_to_le16(0);
290
291 if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info,
292 &he_oper_vht_cap, ht_oper,
293 &vht_chandef)) {
294 sdata_info(sdata,
295 "HE AP VHT information is invalid, disabling HE\n");
296 /* this will cause us to re-parse as VHT STA */
297 return IEEE80211_CONN_MODE_VHT;
298 }
299 } else if (!vht_oper || !elems->vht_cap_elem) {
300 if (sband->band == NL80211_BAND_5GHZ)
301 return IEEE80211_CONN_MODE_HT;
302 no_vht = true;
303 } else if (sband->band == NL80211_BAND_2GHZ) {
304 no_vht = true;
305 } else if (!ieee80211_chandef_vht_oper(&sdata->local->hw,
306 vht_cap_info,
307 vht_oper, ht_oper,
308 &vht_chandef)) {
309 sdata_info(sdata,
310 "AP VHT information is invalid, disabling VHT\n");
311 return IEEE80211_CONN_MODE_HT;
312 }
313
314 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
315 sdata_info(sdata,
316 "AP VHT information doesn't match HT, disabling VHT\n");
317 return IEEE80211_CONN_MODE_HT;
318 }
319
320 *chandef = vht_chandef;
321
322 /* stick to current max mode if we or the AP don't have HE */
323 if (conn->mode < IEEE80211_CONN_MODE_HE ||
324 !elems->he_operation || !elems->he_cap) {
325 if (no_vht)
326 return IEEE80211_CONN_MODE_HT;
327 return IEEE80211_CONN_MODE_VHT;
328 }
329
330 /* stick to HE if we or the AP don't have EHT */
331 if (conn->mode < IEEE80211_CONN_MODE_EHT ||
332 !eht_oper || !elems->eht_cap)
333 return IEEE80211_CONN_MODE_HE;
334
335 /*
336 * handle the case that the EHT operation indicates that it holds EHT
337 * operation information (in case that the channel width differs from
338 * the channel width reported in HT/VHT/HE).
339 */
340 if (eht_oper->params & IEEE80211_EHT_OPER_INFO_PRESENT) {
341 struct cfg80211_chan_def eht_chandef = *chandef;
342
343 ieee80211_chandef_eht_oper((const void *)eht_oper->optional,
344 &eht_chandef);
345
346 eht_chandef.punctured =
347 ieee80211_eht_oper_dis_subchan_bitmap(eht_oper);
348
349 if (!cfg80211_chandef_valid(&eht_chandef)) {
350 sdata_info(sdata,
351 "AP EHT information is invalid, disabling EHT\n");
352 return IEEE80211_CONN_MODE_HE;
353 }
354
355 if (!cfg80211_chandef_compatible(chandef, &eht_chandef)) {
356 sdata_info(sdata,
357 "AP EHT information doesn't match HT/VHT/HE, disabling EHT\n");
358 return IEEE80211_CONN_MODE_HE;
359 }
360
361 *chandef = eht_chandef;
362 }
363
364 check_uhr:
365 if (conn->mode < IEEE80211_CONN_MODE_UHR || !uhr_oper)
366 return IEEE80211_CONN_MODE_EHT;
367
368 /*
369 * In beacons we don't have all the data - but we know the size was OK,
370 * so if the size is valid as a non-beacon case, we have more data and
371 * can validate the NPCA parameters.
372 */
373 if (ieee80211_uhr_oper_size_ok((const void *)uhr_oper,
374 elems->uhr_operation_len,
375 false)) {
376 struct cfg80211_chan_def npca_chandef = *chandef;
377 const struct ieee80211_uhr_npca_info *npca;
378 const __le16 *dis_subch_bmap;
379 u16 punct = chandef->punctured, npca_punct;
380
381 npca = ieee80211_uhr_npca_info(uhr_oper);
382 if (npca) {
383 int width = cfg80211_chandef_get_width(chandef);
384 u8 offs = le32_get_bits(npca->params,
385 IEEE80211_UHR_NPCA_PARAMS_PRIMARY_CHAN_OFFS);
386 u32 cf1 = chandef->center_freq1;
387 bool pri_upper, npca_upper;
388
389 pri_upper = chandef->chan->center_freq > cf1;
390 npca_upper = 20 * offs >= width / 2;
391
392 if (20 * offs >= cfg80211_chandef_get_width(chandef) ||
393 pri_upper == npca_upper) {
394 sdata_info(sdata,
395 "AP UHR NPCA primary channel invalid, disabling UHR\n");
396 return IEEE80211_CONN_MODE_EHT;
397 }
398 }
399
400 dis_subch_bmap = ieee80211_uhr_npca_dis_subch_bitmap(uhr_oper);
401
402 if (dis_subch_bmap) {
403 npca_punct = get_unaligned_le16(dis_subch_bmap);
404 npca_chandef.punctured = npca_punct;
405 }
406
407 /*
408 * must be a valid puncturing pattern for this channel as
409 * well as puncturing all subchannels that are already in
410 * the disabled subchannel bitmap on the primary channel
411 */
412 if (!cfg80211_chandef_valid(&npca_chandef) ||
413 ((punct & npca_punct) != punct)) {
414 sdata_info(sdata,
415 "AP UHR NPCA disabled subchannel bitmap invalid, disabling UHR\n");
416 return IEEE80211_CONN_MODE_EHT;
417 }
418 }
419
420 return IEEE80211_CONN_MODE_UHR;
421 }
422
423 static bool
ieee80211_verify_sta_ht_mcs_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct ieee80211_ht_operation * ht_op)424 ieee80211_verify_sta_ht_mcs_support(struct ieee80211_sub_if_data *sdata,
425 struct ieee80211_supported_band *sband,
426 const struct ieee80211_ht_operation *ht_op)
427 {
428 struct ieee80211_sta_ht_cap sta_ht_cap;
429 int i;
430
431 if (sband->band == NL80211_BAND_6GHZ)
432 return true;
433
434 if (!ht_op)
435 return false;
436
437 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
438 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
439
440 /*
441 * Some Xfinity XB8 firmware advertises >1 spatial stream MCS indexes in
442 * their basic HT-MCS set. On cards with lower spatial streams, the check
443 * would fail, and we'd be stuck with no HT when it in fact work fine with
444 * its own supported rate. So check it only in strict mode.
445 */
446 if (!ieee80211_hw_check(&sdata->local->hw, STRICT))
447 return true;
448
449 /*
450 * P802.11REVme/D7.0 - 6.5.4.2.4
451 * ...
452 * If the MLME of an HT STA receives an MLME-JOIN.request primitive
453 * with the SelectedBSS parameter containing a Basic HT-MCS Set field
454 * in the HT Operation parameter that contains any unsupported MCSs,
455 * the MLME response in the resulting MLME-JOIN.confirm primitive shall
456 * contain a ResultCode parameter that is not set to the value SUCCESS.
457 * ...
458 */
459
460 /* Simply check that all basic rates are in the STA RX mask */
461 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
462 if ((ht_op->basic_set[i] & sta_ht_cap.mcs.rx_mask[i]) !=
463 ht_op->basic_set[i])
464 return false;
465 }
466
467 return true;
468 }
469
470 static bool
ieee80211_verify_sta_vht_mcs_support(struct ieee80211_sub_if_data * sdata,int link_id,struct ieee80211_supported_band * sband,const struct ieee80211_vht_operation * vht_op)471 ieee80211_verify_sta_vht_mcs_support(struct ieee80211_sub_if_data *sdata,
472 int link_id,
473 struct ieee80211_supported_band *sband,
474 const struct ieee80211_vht_operation *vht_op)
475 {
476 struct ieee80211_sta_vht_cap sta_vht_cap;
477 u16 ap_min_req_set, sta_rx_mcs_map, sta_tx_mcs_map;
478 int nss;
479
480 if (sband->band != NL80211_BAND_5GHZ)
481 return true;
482
483 if (!vht_op)
484 return false;
485
486 memcpy(&sta_vht_cap, &sband->vht_cap, sizeof(sta_vht_cap));
487 ieee80211_apply_vhtcap_overrides(sdata, &sta_vht_cap);
488
489 ap_min_req_set = le16_to_cpu(vht_op->basic_mcs_set);
490 sta_rx_mcs_map = le16_to_cpu(sta_vht_cap.vht_mcs.rx_mcs_map);
491 sta_tx_mcs_map = le16_to_cpu(sta_vht_cap.vht_mcs.tx_mcs_map);
492
493 /*
494 * Many APs are incorrectly advertising an all-zero value here,
495 * which really means MCS 0-7 are required for 1-8 streams, but
496 * they don't really mean it that way.
497 * Some other APs are incorrectly advertising 3 spatial streams
498 * with MCS 0-7 are required, but don't really mean it that way
499 * and we'll connect only with HT, rather than even HE.
500 * As a result, unfortunately the VHT basic MCS/NSS set cannot
501 * be used at all, so check it only in strict mode.
502 */
503 if (!ieee80211_hw_check(&sdata->local->hw, STRICT))
504 return true;
505
506 /*
507 * P802.11REVme/D7.0 - 6.5.4.2.4
508 * ...
509 * If the MLME of a VHT STA receives an MLME-JOIN.request primitive
510 * with a SelectedBSS parameter containing a Basic VHT-MCS And NSS Set
511 * field in the VHT Operation parameter that contains any unsupported
512 * <VHT-MCS, NSS> tuple, the MLME response in the resulting
513 * MLME-JOIN.confirm primitive shall contain a ResultCode parameter
514 * that is not set to the value SUCCESS.
515 * ...
516 */
517 for (nss = 8; nss > 0; nss--) {
518 u8 ap_op_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
519 u8 sta_rx_val;
520 u8 sta_tx_val;
521
522 if (ap_op_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
523 continue;
524
525 sta_rx_val = (sta_rx_mcs_map >> (2 * (nss - 1))) & 3;
526 sta_tx_val = (sta_tx_mcs_map >> (2 * (nss - 1))) & 3;
527
528 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
529 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
530 sta_rx_val < ap_op_val || sta_tx_val < ap_op_val) {
531 link_id_info(sdata, link_id,
532 "Missing mandatory rates for %d Nss, rx %d, tx %d oper %d, disable VHT\n",
533 nss, sta_rx_val, sta_tx_val, ap_op_val);
534 return false;
535 }
536 }
537
538 return true;
539 }
540
541 static bool
ieee80211_verify_peer_he_mcs_support(struct ieee80211_sub_if_data * sdata,int link_id,const struct ieee80211_he_cap_elem * he_cap,const struct ieee80211_he_operation * he_op)542 ieee80211_verify_peer_he_mcs_support(struct ieee80211_sub_if_data *sdata,
543 int link_id,
544 const struct ieee80211_he_cap_elem *he_cap,
545 const struct ieee80211_he_operation *he_op)
546 {
547 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp;
548 u16 mcs_80_map_tx, mcs_80_map_rx;
549 u16 ap_min_req_set;
550 int nss;
551
552 if (!he_cap)
553 return false;
554
555 /* mcs_nss is right after he_cap info */
556 he_mcs_nss_supp = (void *)(he_cap + 1);
557
558 mcs_80_map_tx = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80);
559 mcs_80_map_rx = le16_to_cpu(he_mcs_nss_supp->rx_mcs_80);
560
561 /* P802.11-REVme/D0.3
562 * 27.1.1 Introduction to the HE PHY
563 * ...
564 * An HE STA shall support the following features:
565 * ...
566 * Single spatial stream HE-MCSs 0 to 7 (transmit and receive) in all
567 * supported channel widths for HE SU PPDUs
568 */
569 if ((mcs_80_map_tx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED ||
570 (mcs_80_map_rx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED) {
571 link_id_info(sdata, link_id,
572 "Missing mandatory rates for 1 Nss, rx 0x%x, tx 0x%x, disable HE\n",
573 mcs_80_map_tx, mcs_80_map_rx);
574 return false;
575 }
576
577 if (!he_op)
578 return true;
579
580 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
581
582 /*
583 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all
584 * zeroes, which is nonsense, and completely inconsistent with itself
585 * (it doesn't have 8 streams). Accept the settings in this case anyway.
586 */
587 if (!ieee80211_hw_check(&sdata->local->hw, STRICT) && !ap_min_req_set)
588 return true;
589
590 /* make sure the AP is consistent with itself
591 *
592 * P802.11-REVme/D0.3
593 * 26.17.1 Basic HE BSS operation
594 *
595 * A STA that is operating in an HE BSS shall be able to receive and
596 * transmit at each of the <HE-MCS, NSS> tuple values indicated by the
597 * Basic HE-MCS And NSS Set field of the HE Operation parameter of the
598 * MLME-START.request primitive and shall be able to receive at each of
599 * the <HE-MCS, NSS> tuple values indicated by the Supported HE-MCS and
600 * NSS Set field in the HE Capabilities parameter of the MLMESTART.request
601 * primitive
602 */
603 for (nss = 8; nss > 0; nss--) {
604 u8 ap_op_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
605 u8 ap_rx_val;
606 u8 ap_tx_val;
607
608 if (ap_op_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
609 continue;
610
611 ap_rx_val = (mcs_80_map_rx >> (2 * (nss - 1))) & 3;
612 ap_tx_val = (mcs_80_map_tx >> (2 * (nss - 1))) & 3;
613
614 if (ap_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
615 ap_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
616 ap_rx_val < ap_op_val || ap_tx_val < ap_op_val) {
617 link_id_info(sdata, link_id,
618 "Invalid rates for %d Nss, rx %d, tx %d oper %d, disable HE\n",
619 nss, ap_rx_val, ap_tx_val, ap_op_val);
620 return false;
621 }
622 }
623
624 return true;
625 }
626
627 static bool
ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct ieee80211_he_operation * he_op)628 ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data *sdata,
629 struct ieee80211_supported_band *sband,
630 const struct ieee80211_he_operation *he_op)
631 {
632 const struct ieee80211_sta_he_cap *sta_he_cap =
633 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
634 u16 ap_min_req_set;
635 int i;
636
637 if (!sta_he_cap || !he_op)
638 return false;
639
640 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
641
642 /*
643 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all
644 * zeroes, which is nonsense, and completely inconsistent with itself
645 * (it doesn't have 8 streams). Accept the settings in this case anyway.
646 */
647 if (!ieee80211_hw_check(&sdata->local->hw, STRICT) && !ap_min_req_set)
648 return true;
649
650 /* Need to go over for 80MHz, 160MHz and for 80+80 */
651 for (i = 0; i < 3; i++) {
652 const struct ieee80211_he_mcs_nss_supp *sta_mcs_nss_supp =
653 &sta_he_cap->he_mcs_nss_supp;
654 u16 sta_mcs_map_rx =
655 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i]);
656 u16 sta_mcs_map_tx =
657 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i + 1]);
658 u8 nss;
659 bool verified = true;
660
661 /*
662 * For each band there is a maximum of 8 spatial streams
663 * possible. Each of the sta_mcs_map_* is a 16-bit struct built
664 * of 2 bits per NSS (1-8), with the values defined in enum
665 * ieee80211_he_mcs_support. Need to make sure STA TX and RX
666 * capabilities aren't less than the AP's minimum requirements
667 * for this HE BSS per SS.
668 * It is enough to find one such band that meets the reqs.
669 */
670 for (nss = 8; nss > 0; nss--) {
671 u8 sta_rx_val = (sta_mcs_map_rx >> (2 * (nss - 1))) & 3;
672 u8 sta_tx_val = (sta_mcs_map_tx >> (2 * (nss - 1))) & 3;
673 u8 ap_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
674
675 if (ap_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
676 continue;
677
678 /*
679 * Make sure the HE AP doesn't require MCSs that aren't
680 * supported by the client as required by spec
681 *
682 * P802.11-REVme/D0.3
683 * 26.17.1 Basic HE BSS operation
684 *
685 * An HE STA shall not attempt to join * (MLME-JOIN.request primitive)
686 * a BSS, unless it supports (i.e., is able to both transmit and
687 * receive using) all of the <HE-MCS, NSS> tuples in the basic
688 * HE-MCS and NSS set.
689 */
690 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
691 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
692 (ap_val > sta_rx_val) || (ap_val > sta_tx_val)) {
693 verified = false;
694 break;
695 }
696 }
697
698 if (verified)
699 return true;
700 }
701
702 /* If here, STA doesn't meet AP's HE min requirements */
703 return false;
704 }
705
706 static u8
ieee80211_get_eht_cap_mcs_nss(const struct ieee80211_sta_he_cap * sta_he_cap,const struct ieee80211_sta_eht_cap * sta_eht_cap,unsigned int idx,int bw)707 ieee80211_get_eht_cap_mcs_nss(const struct ieee80211_sta_he_cap *sta_he_cap,
708 const struct ieee80211_sta_eht_cap *sta_eht_cap,
709 unsigned int idx, int bw)
710 {
711 u8 he_phy_cap0 = sta_he_cap->he_cap_elem.phy_cap_info[0];
712 u8 eht_phy_cap0 = sta_eht_cap->eht_cap_elem.phy_cap_info[0];
713
714 /* handle us being a 20 MHz-only EHT STA - with four values
715 * for MCS 0-7, 8-9, 10-11, 12-13.
716 */
717 if (!(he_phy_cap0 & IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_MASK_ALL))
718 return sta_eht_cap->eht_mcs_nss_supp.only_20mhz.rx_tx_max_nss[idx];
719
720 /* the others have MCS 0-9 together, rather than separately from 0-7 */
721 if (idx > 0)
722 idx--;
723
724 switch (bw) {
725 case 0:
726 return sta_eht_cap->eht_mcs_nss_supp.bw._80.rx_tx_max_nss[idx];
727 case 1:
728 if (!(he_phy_cap0 &
729 (IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
730 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G)))
731 return 0xff; /* pass check */
732 return sta_eht_cap->eht_mcs_nss_supp.bw._160.rx_tx_max_nss[idx];
733 case 2:
734 if (!(eht_phy_cap0 & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ))
735 return 0xff; /* pass check */
736 return sta_eht_cap->eht_mcs_nss_supp.bw._320.rx_tx_max_nss[idx];
737 }
738
739 WARN_ON(1);
740 return 0;
741 }
742
743 static bool
ieee80211_verify_sta_eht_mcs_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct ieee80211_eht_operation * eht_op)744 ieee80211_verify_sta_eht_mcs_support(struct ieee80211_sub_if_data *sdata,
745 struct ieee80211_supported_band *sband,
746 const struct ieee80211_eht_operation *eht_op)
747 {
748 const struct ieee80211_sta_he_cap *sta_he_cap =
749 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
750 const struct ieee80211_sta_eht_cap *sta_eht_cap =
751 ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif);
752 const struct ieee80211_eht_mcs_nss_supp_20mhz_only *req;
753 unsigned int i;
754
755 if (!sta_he_cap || !sta_eht_cap || !eht_op)
756 return false;
757
758 req = &eht_op->basic_mcs_nss;
759
760 for (i = 0; i < ARRAY_SIZE(req->rx_tx_max_nss); i++) {
761 u8 req_rx_nss, req_tx_nss;
762 unsigned int bw;
763
764 req_rx_nss = u8_get_bits(req->rx_tx_max_nss[i],
765 IEEE80211_EHT_MCS_NSS_RX);
766 req_tx_nss = u8_get_bits(req->rx_tx_max_nss[i],
767 IEEE80211_EHT_MCS_NSS_TX);
768
769 for (bw = 0; bw < 3; bw++) {
770 u8 have, have_rx_nss, have_tx_nss;
771
772 have = ieee80211_get_eht_cap_mcs_nss(sta_he_cap,
773 sta_eht_cap,
774 i, bw);
775 have_rx_nss = u8_get_bits(have,
776 IEEE80211_EHT_MCS_NSS_RX);
777 have_tx_nss = u8_get_bits(have,
778 IEEE80211_EHT_MCS_NSS_TX);
779
780 if (req_rx_nss > have_rx_nss ||
781 req_tx_nss > have_tx_nss)
782 return false;
783 }
784 }
785
786 return true;
787 }
788
ieee80211_get_rates(struct ieee80211_supported_band * sband,const u8 * supp_rates,unsigned int supp_rates_len,const u8 * ext_supp_rates,unsigned int ext_supp_rates_len,u32 * rates,u32 * basic_rates,unsigned long * unknown_rates_selectors,bool * have_higher_than_11mbit,int * min_rate,int * min_rate_index)789 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
790 const u8 *supp_rates,
791 unsigned int supp_rates_len,
792 const u8 *ext_supp_rates,
793 unsigned int ext_supp_rates_len,
794 u32 *rates, u32 *basic_rates,
795 unsigned long *unknown_rates_selectors,
796 bool *have_higher_than_11mbit,
797 int *min_rate, int *min_rate_index)
798 {
799 int i, j;
800
801 for (i = 0; i < supp_rates_len + ext_supp_rates_len; i++) {
802 u8 supp_rate = i < supp_rates_len ?
803 supp_rates[i] :
804 ext_supp_rates[i - supp_rates_len];
805 int rate = supp_rate & 0x7f;
806 bool is_basic = !!(supp_rate & 0x80);
807
808 if ((rate * 5) > 110 && have_higher_than_11mbit)
809 *have_higher_than_11mbit = true;
810
811 /*
812 * Skip membership selectors since they're not rates.
813 *
814 * Note: Even though the membership selector and the basic
815 * rate flag share the same bit, they are not exactly
816 * the same.
817 */
818 if (is_basic && rate >= BSS_MEMBERSHIP_SELECTOR_MIN) {
819 if (unknown_rates_selectors)
820 set_bit(rate, unknown_rates_selectors);
821 continue;
822 }
823
824 for (j = 0; j < sband->n_bitrates; j++) {
825 struct ieee80211_rate *br;
826 int brate;
827
828 br = &sband->bitrates[j];
829
830 brate = DIV_ROUND_UP(br->bitrate, 5);
831 if (brate == rate) {
832 if (rates)
833 *rates |= BIT(j);
834 if (is_basic && basic_rates)
835 *basic_rates |= BIT(j);
836 if (min_rate && (rate * 5) < *min_rate) {
837 *min_rate = rate * 5;
838 if (min_rate_index)
839 *min_rate_index = j;
840 }
841 break;
842 }
843 }
844
845 /* Handle an unknown entry as if it is an unknown selector */
846 if (is_basic && unknown_rates_selectors && j == sband->n_bitrates)
847 set_bit(rate, unknown_rates_selectors);
848 }
849 }
850
ieee80211_chandef_usable(struct ieee80211_sub_if_data * sdata,const struct cfg80211_chan_def * chandef,u32 prohibited_flags)851 static bool ieee80211_chandef_usable(struct ieee80211_sub_if_data *sdata,
852 const struct cfg80211_chan_def *chandef,
853 u32 prohibited_flags)
854 {
855 if (!cfg80211_chandef_usable(sdata->local->hw.wiphy,
856 chandef, prohibited_flags))
857 return false;
858
859 if (chandef->punctured &&
860 ieee80211_hw_check(&sdata->local->hw, DISALLOW_PUNCTURING))
861 return false;
862
863 return true;
864 }
865
ieee80211_chandef_num_subchans(const struct cfg80211_chan_def * c)866 static int ieee80211_chandef_num_subchans(const struct cfg80211_chan_def *c)
867 {
868 if (c->width == NL80211_CHAN_WIDTH_80P80)
869 return 4 + 4;
870
871 return cfg80211_chandef_get_width(c) / 20;
872 }
873
ieee80211_chandef_num_widths(const struct cfg80211_chan_def * c)874 static int ieee80211_chandef_num_widths(const struct cfg80211_chan_def *c)
875 {
876 switch (c->width) {
877 case NL80211_CHAN_WIDTH_20:
878 case NL80211_CHAN_WIDTH_20_NOHT:
879 return 1;
880 case NL80211_CHAN_WIDTH_40:
881 return 2;
882 case NL80211_CHAN_WIDTH_80P80:
883 case NL80211_CHAN_WIDTH_80:
884 return 3;
885 case NL80211_CHAN_WIDTH_160:
886 return 4;
887 case NL80211_CHAN_WIDTH_320:
888 return 5;
889 default:
890 WARN_ON(1);
891 return 0;
892 }
893 }
894
895 VISIBLE_IF_MAC80211_KUNIT int
ieee80211_calc_chandef_subchan_offset(const struct cfg80211_chan_def * ap,u8 n_partial_subchans)896 ieee80211_calc_chandef_subchan_offset(const struct cfg80211_chan_def *ap,
897 u8 n_partial_subchans)
898 {
899 int n = ieee80211_chandef_num_subchans(ap);
900 struct cfg80211_chan_def tmp = *ap;
901 int offset = 0;
902
903 /*
904 * Given a chandef (in this context, it's the AP's) and a number
905 * of subchannels that we want to look at ('n_partial_subchans'),
906 * calculate the offset in number of subchannels between the full
907 * and the subset with the desired width.
908 */
909
910 /* same number of subchannels means no offset, obviously */
911 if (n == n_partial_subchans)
912 return 0;
913
914 /* don't WARN - misconfigured APs could cause this if their N > width */
915 if (n < n_partial_subchans)
916 return 0;
917
918 while (ieee80211_chandef_num_subchans(&tmp) > n_partial_subchans) {
919 u32 prev = tmp.center_freq1;
920
921 ieee80211_chandef_downgrade(&tmp, NULL);
922
923 /*
924 * if center_freq moved up, half the original channels
925 * are gone now but were below, so increase offset
926 */
927 if (prev < tmp.center_freq1)
928 offset += ieee80211_chandef_num_subchans(&tmp);
929 }
930
931 /*
932 * 80+80 with secondary 80 below primary - four subchannels for it
933 * (we cannot downgrade *to* 80+80, so no need to consider 'tmp')
934 */
935 if (ap->width == NL80211_CHAN_WIDTH_80P80 &&
936 ap->center_freq2 < ap->center_freq1)
937 offset += 4;
938
939 return offset;
940 }
941 EXPORT_SYMBOL_IF_MAC80211_KUNIT(ieee80211_calc_chandef_subchan_offset);
942
943 VISIBLE_IF_MAC80211_KUNIT void
ieee80211_rearrange_tpe_psd(struct ieee80211_parsed_tpe_psd * psd,const struct cfg80211_chan_def * ap,const struct cfg80211_chan_def * used)944 ieee80211_rearrange_tpe_psd(struct ieee80211_parsed_tpe_psd *psd,
945 const struct cfg80211_chan_def *ap,
946 const struct cfg80211_chan_def *used)
947 {
948 u8 needed = ieee80211_chandef_num_subchans(used);
949 u8 have = ieee80211_chandef_num_subchans(ap);
950 u8 tmp[IEEE80211_TPE_PSD_ENTRIES_320MHZ];
951 u8 offset;
952
953 if (!psd->valid)
954 return;
955
956 /* if N is zero, all defaults were used, no point in rearranging */
957 if (!psd->n)
958 goto out;
959
960 BUILD_BUG_ON(sizeof(tmp) != sizeof(psd->power));
961
962 /*
963 * This assumes that 'N' is consistent with the HE channel, as
964 * it should be (otherwise the AP is broken).
965 *
966 * In psd->power we have values in the order 0..N, 0..K, where
967 * N+K should cover the entire channel per 'ap', but even if it
968 * doesn't then we've pre-filled 'unlimited' as defaults.
969 *
970 * But this is all the wrong order, we want to have them in the
971 * order of the 'used' channel.
972 *
973 * So for example, we could have a 320 MHz EHT AP, which has the
974 * HE channel as 80 MHz (e.g. due to puncturing, which doesn't
975 * seem to be considered for the TPE), as follows:
976 *
977 * EHT 320: | | | | | | | | | | | | | | | | |
978 * HE 80: | | | | |
979 * used 160: | | | | | | | | |
980 *
981 * N entries: |--|--|--|--|
982 * K entries: |--|--|--|--|--|--|--|--| |--|--|--|--|
983 * power idx: 4 5 6 7 8 9 10 11 0 1 2 3 12 13 14 15
984 * full chan: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
985 * used chan: 0 1 2 3 4 5 6 7
986 *
987 * The idx in the power array ('power idx') is like this since it
988 * comes directly from the element's N and K entries in their
989 * element order, and those are this way for HE compatibility.
990 *
991 * Rearrange them as desired here, first by putting them into the
992 * 'full chan' order, and then selecting the necessary subset for
993 * the 'used chan'.
994 */
995
996 /* first reorder according to AP channel */
997 offset = ieee80211_calc_chandef_subchan_offset(ap, psd->n);
998 for (int i = 0; i < have; i++) {
999 if (i < offset)
1000 tmp[i] = psd->power[i + psd->n];
1001 else if (i < offset + psd->n)
1002 tmp[i] = psd->power[i - offset];
1003 else
1004 tmp[i] = psd->power[i];
1005 }
1006
1007 /*
1008 * and then select the subset for the used channel
1009 * (set everything to defaults first in case a driver is confused)
1010 */
1011 memset(psd->power, IEEE80211_TPE_PSD_NO_LIMIT, sizeof(psd->power));
1012 offset = ieee80211_calc_chandef_subchan_offset(ap, needed);
1013 for (int i = 0; i < needed; i++)
1014 psd->power[i] = tmp[offset + i];
1015
1016 out:
1017 /* limit, but don't lie if there are defaults in the data */
1018 if (needed < psd->count)
1019 psd->count = needed;
1020 }
1021 EXPORT_SYMBOL_IF_MAC80211_KUNIT(ieee80211_rearrange_tpe_psd);
1022
ieee80211_rearrange_tpe(struct ieee80211_parsed_tpe * tpe,const struct cfg80211_chan_def * ap,const struct cfg80211_chan_def * used)1023 static void ieee80211_rearrange_tpe(struct ieee80211_parsed_tpe *tpe,
1024 const struct cfg80211_chan_def *ap,
1025 const struct cfg80211_chan_def *used)
1026 {
1027 /* ignore this completely for narrow/invalid channels */
1028 if (!ieee80211_chandef_num_subchans(ap) ||
1029 !ieee80211_chandef_num_subchans(used)) {
1030 ieee80211_clear_tpe(tpe);
1031 return;
1032 }
1033
1034 for (int i = 0; i < 2; i++) {
1035 int needed_pwr_count;
1036
1037 ieee80211_rearrange_tpe_psd(&tpe->psd_local[i], ap, used);
1038 ieee80211_rearrange_tpe_psd(&tpe->psd_reg_client[i], ap, used);
1039
1040 /* limit this to the widths we actually need */
1041 needed_pwr_count = ieee80211_chandef_num_widths(used);
1042 if (needed_pwr_count < tpe->max_local[i].count)
1043 tpe->max_local[i].count = needed_pwr_count;
1044 if (needed_pwr_count < tpe->max_reg_client[i].count)
1045 tpe->max_reg_client[i].count = needed_pwr_count;
1046 }
1047 }
1048
1049 /*
1050 * The AP part of the channel request is used to distinguish settings
1051 * to the device used for wider bandwidth OFDMA. This is used in the
1052 * channel context code to assign two channel contexts even if they're
1053 * both for the same channel, if the AP bandwidths are incompatible.
1054 * If not EHT (or driver override) then ap.chan == NULL indicates that
1055 * there's no wider BW OFDMA used.
1056 */
ieee80211_set_chanreq_ap(struct ieee80211_sub_if_data * sdata,struct ieee80211_chan_req * chanreq,struct ieee80211_conn_settings * conn,struct cfg80211_chan_def * ap_chandef)1057 static void ieee80211_set_chanreq_ap(struct ieee80211_sub_if_data *sdata,
1058 struct ieee80211_chan_req *chanreq,
1059 struct ieee80211_conn_settings *conn,
1060 struct cfg80211_chan_def *ap_chandef)
1061 {
1062 chanreq->ap.chan = NULL;
1063
1064 if (conn->mode < IEEE80211_CONN_MODE_EHT)
1065 return;
1066 if (sdata->vif.driver_flags & IEEE80211_VIF_IGNORE_OFDMA_WIDER_BW)
1067 return;
1068
1069 chanreq->ap = *ap_chandef;
1070 }
1071
1072 VISIBLE_IF_MAC80211_KUNIT struct ieee802_11_elems *
ieee80211_determine_chan_mode(struct ieee80211_sub_if_data * sdata,struct ieee80211_conn_settings * conn,struct cfg80211_bss * cbss,int link_id,struct ieee80211_chan_req * chanreq,struct cfg80211_chan_def * ap_chandef,unsigned long * userspace_selectors)1073 ieee80211_determine_chan_mode(struct ieee80211_sub_if_data *sdata,
1074 struct ieee80211_conn_settings *conn,
1075 struct cfg80211_bss *cbss, int link_id,
1076 struct ieee80211_chan_req *chanreq,
1077 struct cfg80211_chan_def *ap_chandef,
1078 unsigned long *userspace_selectors)
1079 {
1080 const struct cfg80211_bss_ies *ies = rcu_dereference(cbss->ies);
1081 struct ieee80211_bss *bss = (void *)cbss->priv;
1082 struct ieee80211_channel *channel = cbss->channel;
1083 struct ieee80211_elems_parse_params parse_params = {
1084 .link_id = -1,
1085 .from_ap = true,
1086 .start = ies->data,
1087 .len = ies->len,
1088 .type = ies->from_beacon ?
1089 IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON :
1090 IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_PROBE_RESP,
1091 };
1092 struct ieee802_11_elems *elems;
1093 struct ieee80211_supported_band *sband;
1094 enum ieee80211_conn_mode ap_mode;
1095 unsigned long unknown_rates_selectors[BITS_TO_LONGS(128)] = {};
1096 unsigned long sta_selectors[BITS_TO_LONGS(128)] = {};
1097 int ret;
1098
1099 again:
1100 parse_params.mode = conn->mode;
1101 elems = ieee802_11_parse_elems_full(&parse_params);
1102 if (!elems)
1103 return ERR_PTR(-ENOMEM);
1104
1105 ap_mode = ieee80211_determine_ap_chan(sdata, channel, bss->vht_cap_info,
1106 elems, false, conn, ap_chandef);
1107
1108 /* this should be impossible since parsing depends on our mode */
1109 if (WARN_ON(ap_mode > conn->mode)) {
1110 ret = -EINVAL;
1111 goto free;
1112 }
1113
1114 if (conn->mode != ap_mode) {
1115 conn->mode = ap_mode;
1116 kfree(elems);
1117 goto again;
1118 }
1119
1120 mlme_link_id_dbg(sdata, link_id, "determined AP %pM to be %s\n",
1121 cbss->bssid, ieee80211_conn_mode_str(ap_mode));
1122
1123 sband = sdata->local->hw.wiphy->bands[channel->band];
1124
1125 ieee80211_get_rates(sband, elems->supp_rates, elems->supp_rates_len,
1126 elems->ext_supp_rates, elems->ext_supp_rates_len,
1127 NULL, NULL, unknown_rates_selectors, NULL, NULL,
1128 NULL);
1129
1130 switch (channel->band) {
1131 case NL80211_BAND_S1GHZ:
1132 if (WARN_ON(ap_mode != IEEE80211_CONN_MODE_S1G)) {
1133 ret = -EINVAL;
1134 goto free;
1135 }
1136
1137 chanreq->oper = *ap_chandef;
1138 if (!cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
1139 IEEE80211_CHAN_DISABLED)) {
1140 ret = -EINVAL;
1141 goto free;
1142 }
1143
1144 return elems;
1145 case NL80211_BAND_6GHZ:
1146 if (ap_mode < IEEE80211_CONN_MODE_HE) {
1147 link_id_info(sdata, link_id,
1148 "Rejecting non-HE 6/7 GHz connection");
1149 ret = -EINVAL;
1150 goto free;
1151 }
1152 break;
1153 default:
1154 if (WARN_ON(ap_mode == IEEE80211_CONN_MODE_S1G)) {
1155 ret = -EINVAL;
1156 goto free;
1157 }
1158 }
1159
1160 switch (ap_mode) {
1161 case IEEE80211_CONN_MODE_S1G:
1162 WARN_ON(1);
1163 ret = -EINVAL;
1164 goto free;
1165 case IEEE80211_CONN_MODE_LEGACY:
1166 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
1167 break;
1168 case IEEE80211_CONN_MODE_HT:
1169 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1170 conn->bw_limit,
1171 IEEE80211_CONN_BW_LIMIT_40);
1172 break;
1173 case IEEE80211_CONN_MODE_VHT:
1174 case IEEE80211_CONN_MODE_HE:
1175 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1176 conn->bw_limit,
1177 IEEE80211_CONN_BW_LIMIT_160);
1178 break;
1179 case IEEE80211_CONN_MODE_EHT:
1180 case IEEE80211_CONN_MODE_UHR:
1181 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1182 conn->bw_limit,
1183 IEEE80211_CONN_BW_LIMIT_320);
1184 break;
1185 }
1186
1187 chanreq->oper = *ap_chandef;
1188
1189 bitmap_copy(sta_selectors, userspace_selectors, 128);
1190 if (conn->mode >= IEEE80211_CONN_MODE_HT)
1191 set_bit(BSS_MEMBERSHIP_SELECTOR_HT_PHY, sta_selectors);
1192 if (conn->mode >= IEEE80211_CONN_MODE_VHT)
1193 set_bit(BSS_MEMBERSHIP_SELECTOR_VHT_PHY, sta_selectors);
1194 if (conn->mode >= IEEE80211_CONN_MODE_HE)
1195 set_bit(BSS_MEMBERSHIP_SELECTOR_HE_PHY, sta_selectors);
1196 if (conn->mode >= IEEE80211_CONN_MODE_EHT)
1197 set_bit(BSS_MEMBERSHIP_SELECTOR_EHT_PHY, sta_selectors);
1198 if (conn->mode >= IEEE80211_CONN_MODE_UHR)
1199 set_bit(BSS_MEMBERSHIP_SELECTOR_UHR_PHY, sta_selectors);
1200
1201 /*
1202 * We do not support EPD or GLK so never add them.
1203 * SAE_H2E is handled through userspace_selectors.
1204 */
1205
1206 /* Check if we support all required features */
1207 if (!bitmap_subset(unknown_rates_selectors, sta_selectors, 128)) {
1208 link_id_info(sdata, link_id,
1209 "required basic rate or BSS membership selectors not supported or disabled, rejecting connection\n");
1210 ret = -EINVAL;
1211 goto free;
1212 }
1213
1214 ieee80211_set_chanreq_ap(sdata, chanreq, conn, ap_chandef);
1215
1216 while (!ieee80211_chandef_usable(sdata, &chanreq->oper,
1217 IEEE80211_CHAN_DISABLED)) {
1218 if (chanreq->oper.width == NL80211_CHAN_WIDTH_20_NOHT) {
1219 link_id_info(sdata, link_id,
1220 "unusable channel (%d MHz) for connection\n",
1221 chanreq->oper.chan->center_freq);
1222 ret = -EINVAL;
1223 goto free;
1224 }
1225
1226 ieee80211_chanreq_downgrade(chanreq, conn);
1227 }
1228
1229 if (conn->mode >= IEEE80211_CONN_MODE_HE &&
1230 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
1231 IEEE80211_CHAN_NO_HE)) {
1232 conn->mode = IEEE80211_CONN_MODE_VHT;
1233 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1234 conn->bw_limit,
1235 IEEE80211_CONN_BW_LIMIT_160);
1236 }
1237
1238 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
1239 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
1240 IEEE80211_CHAN_NO_EHT)) {
1241 conn->mode = IEEE80211_CONN_MODE_HE;
1242 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1243 conn->bw_limit,
1244 IEEE80211_CONN_BW_LIMIT_160);
1245 }
1246
1247 if (conn->mode >= IEEE80211_CONN_MODE_UHR &&
1248 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper,
1249 IEEE80211_CHAN_NO_UHR))
1250 conn->mode = IEEE80211_CONN_MODE_EHT;
1251
1252 if (chanreq->oper.width != ap_chandef->width || ap_mode != conn->mode)
1253 link_id_info(sdata, link_id,
1254 "regulatory prevented using AP config, downgraded\n");
1255
1256 if (conn->mode >= IEEE80211_CONN_MODE_HT &&
1257 !ieee80211_verify_sta_ht_mcs_support(sdata, sband,
1258 elems->ht_operation)) {
1259 conn->mode = IEEE80211_CONN_MODE_LEGACY;
1260 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
1261 link_id_info(sdata, link_id,
1262 "required MCSes not supported, disabling HT\n");
1263 }
1264
1265 if (conn->mode >= IEEE80211_CONN_MODE_VHT &&
1266 !ieee80211_verify_sta_vht_mcs_support(sdata, link_id, sband,
1267 elems->vht_operation)) {
1268 conn->mode = IEEE80211_CONN_MODE_HT;
1269 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1270 conn->bw_limit,
1271 IEEE80211_CONN_BW_LIMIT_40);
1272 link_id_info(sdata, link_id,
1273 "required MCSes not supported, disabling VHT\n");
1274 }
1275
1276 if (conn->mode >= IEEE80211_CONN_MODE_HE &&
1277 (!ieee80211_verify_peer_he_mcs_support(sdata, link_id,
1278 (void *)elems->he_cap,
1279 elems->he_operation) ||
1280 !ieee80211_verify_sta_he_mcs_support(sdata, sband,
1281 elems->he_operation))) {
1282 conn->mode = IEEE80211_CONN_MODE_VHT;
1283 link_id_info(sdata, link_id,
1284 "required MCSes not supported, disabling HE\n");
1285 }
1286
1287 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
1288 !ieee80211_verify_sta_eht_mcs_support(sdata, sband,
1289 elems->eht_operation)) {
1290 conn->mode = IEEE80211_CONN_MODE_HE;
1291 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
1292 conn->bw_limit,
1293 IEEE80211_CONN_BW_LIMIT_160);
1294 link_id_info(sdata, link_id,
1295 "required MCSes not supported, disabling EHT\n");
1296 }
1297
1298 if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
1299 channel->band != NL80211_BAND_2GHZ &&
1300 conn->bw_limit == IEEE80211_CONN_BW_LIMIT_40) {
1301 conn->mode = IEEE80211_CONN_MODE_HE;
1302 link_id_info(sdata, link_id,
1303 "required bandwidth not supported, disabling EHT\n");
1304 }
1305
1306 /* the mode can only decrease, so this must terminate */
1307 if (ap_mode != conn->mode) {
1308 kfree(elems);
1309 goto again;
1310 }
1311
1312 mlme_link_id_dbg(sdata, link_id,
1313 "connecting with %s mode, max bandwidth %d MHz\n",
1314 ieee80211_conn_mode_str(conn->mode),
1315 20 * (1 << conn->bw_limit));
1316
1317 if (WARN_ON_ONCE(!cfg80211_chandef_valid(&chanreq->oper))) {
1318 ret = -EINVAL;
1319 goto free;
1320 }
1321
1322 return elems;
1323 free:
1324 kfree(elems);
1325 return ERR_PTR(ret);
1326 }
1327 EXPORT_SYMBOL_IF_MAC80211_KUNIT(ieee80211_determine_chan_mode);
1328
ieee80211_config_bw(struct ieee80211_link_data * link,struct ieee802_11_elems * elems,bool update,u64 * changed,u16 stype)1329 static int ieee80211_config_bw(struct ieee80211_link_data *link,
1330 struct ieee802_11_elems *elems,
1331 bool update, u64 *changed, u16 stype)
1332 {
1333 struct ieee80211_channel *channel = link->conf->chanreq.oper.chan;
1334 struct ieee80211_sub_if_data *sdata = link->sdata;
1335 struct ieee80211_chan_req chanreq = {};
1336 struct cfg80211_chan_def ap_chandef;
1337 enum ieee80211_conn_mode ap_mode;
1338 const char *frame;
1339 u32 vht_cap_info = 0;
1340 u16 ht_opmode;
1341 int ret;
1342
1343 switch (stype) {
1344 case IEEE80211_STYPE_BEACON:
1345 frame = "beacon";
1346 break;
1347 case IEEE80211_STYPE_ASSOC_RESP:
1348 frame = "assoc response";
1349 break;
1350 case IEEE80211_STYPE_REASSOC_RESP:
1351 frame = "reassoc response";
1352 break;
1353 case IEEE80211_STYPE_ACTION:
1354 /* the only action frame that gets here */
1355 frame = "ML reconf response";
1356 break;
1357 default:
1358 return -EINVAL;
1359 }
1360
1361 /* don't track any bandwidth changes in legacy/S1G modes */
1362 if (link->u.mgd.conn.mode == IEEE80211_CONN_MODE_LEGACY ||
1363 link->u.mgd.conn.mode == IEEE80211_CONN_MODE_S1G)
1364 return 0;
1365
1366 if (elems->vht_cap_elem)
1367 vht_cap_info = le32_to_cpu(elems->vht_cap_elem->vht_cap_info);
1368
1369 ap_mode = ieee80211_determine_ap_chan(sdata, channel, vht_cap_info,
1370 elems, true, &link->u.mgd.conn,
1371 &ap_chandef);
1372
1373 if (ap_mode != link->u.mgd.conn.mode) {
1374 link_info(link,
1375 "AP %pM appears to change mode (expected %s, found %s) in %s, disconnect\n",
1376 link->u.mgd.bssid,
1377 ieee80211_conn_mode_str(link->u.mgd.conn.mode),
1378 ieee80211_conn_mode_str(ap_mode), frame);
1379 return -EINVAL;
1380 }
1381
1382 chanreq.oper = ap_chandef;
1383 ieee80211_set_chanreq_ap(sdata, &chanreq, &link->u.mgd.conn,
1384 &ap_chandef);
1385
1386 /*
1387 * if HT operation mode changed store the new one -
1388 * this may be applicable even if channel is identical
1389 */
1390 if (elems->ht_operation) {
1391 ht_opmode = le16_to_cpu(elems->ht_operation->operation_mode);
1392 if (link->conf->ht_operation_mode != ht_opmode) {
1393 *changed |= BSS_CHANGED_HT;
1394 link->conf->ht_operation_mode = ht_opmode;
1395 }
1396 }
1397
1398 /*
1399 * Downgrade the new channel if we associated with restricted
1400 * bandwidth capabilities. For example, if we associated as a
1401 * 20 MHz STA to a 40 MHz AP (due to regulatory, capabilities
1402 * or config reasons) then switching to a 40 MHz channel now
1403 * won't do us any good -- we couldn't use it with the AP.
1404 */
1405 while (link->u.mgd.conn.bw_limit <
1406 ieee80211_min_bw_limit_from_chandef(&chanreq.oper))
1407 ieee80211_chandef_downgrade(&chanreq.oper, NULL);
1408
1409 /* TPE element is not present in (re)assoc/ML reconfig response */
1410 if (stype == IEEE80211_STYPE_BEACON &&
1411 ap_chandef.chan->band == NL80211_BAND_6GHZ &&
1412 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE) {
1413 ieee80211_rearrange_tpe(&elems->tpe, &ap_chandef,
1414 &chanreq.oper);
1415 if (memcmp(&link->conf->tpe, &elems->tpe, sizeof(elems->tpe))) {
1416 link->conf->tpe = elems->tpe;
1417 *changed |= BSS_CHANGED_TPE;
1418 }
1419 }
1420
1421 if (ieee80211_chanreq_identical(&chanreq, &link->conf->chanreq))
1422 return 0;
1423
1424 link_info(link,
1425 "AP %pM changed bandwidth in %s, new used config is %d.%03d MHz, width %d (%d.%03d/%d MHz)\n",
1426 link->u.mgd.bssid, frame, chanreq.oper.chan->center_freq,
1427 chanreq.oper.chan->freq_offset, chanreq.oper.width,
1428 chanreq.oper.center_freq1, chanreq.oper.freq1_offset,
1429 chanreq.oper.center_freq2);
1430
1431 if (!cfg80211_chandef_valid(&chanreq.oper)) {
1432 sdata_info(sdata,
1433 "AP %pM changed caps/bw in %s in a way we can't support - disconnect\n",
1434 link->u.mgd.bssid, frame);
1435 return -EINVAL;
1436 }
1437
1438 if (!update) {
1439 link->conf->chanreq = chanreq;
1440 return 0;
1441 }
1442
1443 /*
1444 * We're tracking the current AP here, so don't do any further checks
1445 * here. This keeps us from playing ping-pong with regulatory, without
1446 * it the following can happen (for example):
1447 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
1448 * - AP advertises regdom US
1449 * - CRDA loads regdom US with 80 MHz prohibited (old database)
1450 * - we detect an unsupported channel and disconnect
1451 * - disconnect causes CRDA to reload world regdomain and the game
1452 * starts anew.
1453 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
1454 *
1455 * It seems possible that there are still scenarios with CSA or real
1456 * bandwidth changes where a this could happen, but those cases are
1457 * less common and wouldn't completely prevent using the AP.
1458 */
1459
1460 ret = ieee80211_link_change_chanreq(link, &chanreq, changed);
1461 if (ret) {
1462 sdata_info(sdata,
1463 "AP %pM changed bandwidth in %s to incompatible one - disconnect\n",
1464 link->u.mgd.bssid, frame);
1465 return ret;
1466 }
1467
1468 cfg80211_schedule_channels_check(&sdata->wdev);
1469 return 0;
1470 }
1471
1472 /* frame sending functions */
1473
ieee80211_add_ht_ie(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,u8 ap_ht_param,struct ieee80211_supported_band * sband,struct ieee80211_channel * channel,enum ieee80211_smps_mode smps,const struct ieee80211_conn_settings * conn)1474 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
1475 struct sk_buff *skb, u8 ap_ht_param,
1476 struct ieee80211_supported_band *sband,
1477 struct ieee80211_channel *channel,
1478 enum ieee80211_smps_mode smps,
1479 const struct ieee80211_conn_settings *conn)
1480 {
1481 u8 *pos;
1482 u32 flags = channel->flags;
1483 u16 cap;
1484 struct ieee80211_sta_ht_cap ht_cap;
1485
1486 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
1487
1488 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
1489 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
1490
1491 /* determine capability flags */
1492 cap = ht_cap.cap;
1493
1494 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
1495 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
1496 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
1497 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
1498 cap &= ~IEEE80211_HT_CAP_SGI_40;
1499 }
1500 break;
1501 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
1502 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
1503 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
1504 cap &= ~IEEE80211_HT_CAP_SGI_40;
1505 }
1506 break;
1507 }
1508
1509 /*
1510 * If 40 MHz was disabled associate as though we weren't
1511 * capable of 40 MHz -- some broken APs will never fall
1512 * back to trying to transmit in 20 MHz.
1513 */
1514 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_20) {
1515 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
1516 cap &= ~IEEE80211_HT_CAP_SGI_40;
1517 }
1518
1519 /* set SM PS mode properly */
1520 cap &= ~IEEE80211_HT_CAP_SM_PS;
1521 switch (smps) {
1522 case IEEE80211_SMPS_AUTOMATIC:
1523 case IEEE80211_SMPS_NUM_MODES:
1524 WARN_ON(1);
1525 fallthrough;
1526 case IEEE80211_SMPS_OFF:
1527 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
1528 IEEE80211_HT_CAP_SM_PS_SHIFT;
1529 break;
1530 case IEEE80211_SMPS_STATIC:
1531 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
1532 IEEE80211_HT_CAP_SM_PS_SHIFT;
1533 break;
1534 case IEEE80211_SMPS_DYNAMIC:
1535 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
1536 IEEE80211_HT_CAP_SM_PS_SHIFT;
1537 break;
1538 }
1539
1540 /* reserve and fill IE */
1541 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
1542 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
1543 }
1544
1545 /* This function determines vht capability flags for the association
1546 * and builds the IE.
1547 * Note - the function returns true to own the MU-MIMO capability
1548 */
ieee80211_add_vht_ie(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,struct ieee80211_supported_band * sband,struct ieee80211_vht_cap * ap_vht_cap,const struct ieee80211_conn_settings * conn)1549 static bool ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
1550 struct sk_buff *skb,
1551 struct ieee80211_supported_band *sband,
1552 struct ieee80211_vht_cap *ap_vht_cap,
1553 const struct ieee80211_conn_settings *conn)
1554 {
1555 struct ieee80211_local *local = sdata->local;
1556 u8 *pos;
1557 u32 cap;
1558 struct ieee80211_sta_vht_cap vht_cap;
1559 u32 mask, ap_bf_sts, our_bf_sts;
1560 bool mu_mimo_owner = false;
1561
1562 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
1563
1564 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
1565 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
1566
1567 /* determine capability flags */
1568 cap = vht_cap.cap;
1569
1570 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_80) {
1571 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
1572 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
1573 }
1574
1575 /*
1576 * Some APs apparently get confused if our capabilities are better
1577 * than theirs, so restrict what we advertise in the assoc request.
1578 */
1579 if (!ieee80211_hw_check(&local->hw, STRICT)) {
1580 if (!(ap_vht_cap->vht_cap_info &
1581 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
1582 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
1583 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1584 else if (!(ap_vht_cap->vht_cap_info &
1585 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
1586 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
1587 }
1588
1589 /*
1590 * If some other vif is using the MU-MIMO capability we cannot associate
1591 * using MU-MIMO - this will lead to contradictions in the group-id
1592 * mechanism.
1593 * Ownership is defined since association request, in order to avoid
1594 * simultaneous associations with MU-MIMO.
1595 */
1596 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) {
1597 bool disable_mu_mimo = false;
1598 struct ieee80211_sub_if_data *other;
1599
1600 list_for_each_entry(other, &local->interfaces, list) {
1601 if (other->vif.bss_conf.mu_mimo_owner) {
1602 disable_mu_mimo = true;
1603 break;
1604 }
1605 }
1606 if (disable_mu_mimo)
1607 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
1608 else
1609 mu_mimo_owner = true;
1610 }
1611
1612 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
1613
1614 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
1615 our_bf_sts = cap & mask;
1616
1617 if (ap_bf_sts < our_bf_sts) {
1618 cap &= ~mask;
1619 cap |= ap_bf_sts;
1620 }
1621
1622 /* reserve and fill IE */
1623 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
1624 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
1625
1626 return mu_mimo_owner;
1627 }
1628
ieee80211_assoc_add_rates(struct ieee80211_local * local,struct sk_buff * skb,enum nl80211_chan_width width,struct ieee80211_supported_band * sband,struct ieee80211_mgd_assoc_data * assoc_data)1629 static void ieee80211_assoc_add_rates(struct ieee80211_local *local,
1630 struct sk_buff *skb,
1631 enum nl80211_chan_width width,
1632 struct ieee80211_supported_band *sband,
1633 struct ieee80211_mgd_assoc_data *assoc_data)
1634 {
1635 u32 rates;
1636
1637 if (assoc_data->supp_rates_len &&
1638 !ieee80211_hw_check(&local->hw, STRICT)) {
1639 /*
1640 * Get all rates supported by the device and the AP as
1641 * some APs don't like getting a superset of their rates
1642 * in the association request (e.g. D-Link DAP 1353 in
1643 * b-only mode)...
1644 */
1645 ieee80211_parse_bitrates(sband,
1646 assoc_data->supp_rates,
1647 assoc_data->supp_rates_len,
1648 &rates);
1649 } else {
1650 /*
1651 * In case AP not provide any supported rates information
1652 * before association, we send information element(s) with
1653 * all rates that we support.
1654 */
1655 rates = ~0;
1656 }
1657
1658 ieee80211_put_srates_elem(skb, sband, 0, ~rates,
1659 WLAN_EID_SUPP_RATES);
1660 ieee80211_put_srates_elem(skb, sband, 0, ~rates,
1661 WLAN_EID_EXT_SUPP_RATES);
1662 }
1663
ieee80211_add_before_ht_elems(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1664 static size_t ieee80211_add_before_ht_elems(struct sk_buff *skb,
1665 const u8 *elems,
1666 size_t elems_len,
1667 size_t offset)
1668 {
1669 size_t noffset;
1670
1671 static const u8 before_ht[] = {
1672 WLAN_EID_SSID,
1673 WLAN_EID_SUPP_RATES,
1674 WLAN_EID_EXT_SUPP_RATES,
1675 WLAN_EID_PWR_CAPABILITY,
1676 WLAN_EID_SUPPORTED_CHANNELS,
1677 WLAN_EID_RSN,
1678 WLAN_EID_QOS_CAPA,
1679 WLAN_EID_RRM_ENABLED_CAPABILITIES,
1680 WLAN_EID_MOBILITY_DOMAIN,
1681 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */
1682 WLAN_EID_RIC_DATA, /* reassoc only */
1683 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1684 };
1685 static const u8 after_ric[] = {
1686 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1687 WLAN_EID_HT_CAPABILITY,
1688 WLAN_EID_BSS_COEX_2040,
1689 /* luckily this is almost always there */
1690 WLAN_EID_EXT_CAPABILITY,
1691 WLAN_EID_QOS_TRAFFIC_CAPA,
1692 WLAN_EID_TIM_BCAST_REQ,
1693 WLAN_EID_INTERWORKING,
1694 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
1695 WLAN_EID_VHT_CAPABILITY,
1696 WLAN_EID_OPMODE_NOTIF,
1697 };
1698
1699 if (!elems_len)
1700 return offset;
1701
1702 noffset = ieee80211_ie_split_ric(elems, elems_len,
1703 before_ht,
1704 ARRAY_SIZE(before_ht),
1705 after_ric,
1706 ARRAY_SIZE(after_ric),
1707 offset);
1708 skb_put_data(skb, elems + offset, noffset - offset);
1709
1710 return noffset;
1711 }
1712
ieee80211_add_before_vht_elems(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1713 static size_t ieee80211_add_before_vht_elems(struct sk_buff *skb,
1714 const u8 *elems,
1715 size_t elems_len,
1716 size_t offset)
1717 {
1718 static const u8 before_vht[] = {
1719 /*
1720 * no need to list the ones split off before HT
1721 * or generated here
1722 */
1723 WLAN_EID_BSS_COEX_2040,
1724 WLAN_EID_EXT_CAPABILITY,
1725 WLAN_EID_QOS_TRAFFIC_CAPA,
1726 WLAN_EID_TIM_BCAST_REQ,
1727 WLAN_EID_INTERWORKING,
1728 /* 60 GHz (Multi-band, DMG, MMS) can't happen */
1729 };
1730 size_t noffset;
1731
1732 if (!elems_len)
1733 return offset;
1734
1735 /* RIC already taken care of in ieee80211_add_before_ht_elems() */
1736 noffset = ieee80211_ie_split(elems, elems_len,
1737 before_vht, ARRAY_SIZE(before_vht),
1738 offset);
1739 skb_put_data(skb, elems + offset, noffset - offset);
1740
1741 return noffset;
1742 }
1743
ieee80211_add_before_he_elems(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1744 static size_t ieee80211_add_before_he_elems(struct sk_buff *skb,
1745 const u8 *elems,
1746 size_t elems_len,
1747 size_t offset)
1748 {
1749 static const u8 before_he[] = {
1750 /*
1751 * no need to list the ones split off before VHT
1752 * or generated here
1753 */
1754 WLAN_EID_OPMODE_NOTIF,
1755 WLAN_EID_EXTENSION, WLAN_EID_EXT_FUTURE_CHAN_GUIDANCE,
1756 /* 11ai elements */
1757 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_SESSION,
1758 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_PUBLIC_KEY,
1759 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_KEY_CONFIRM,
1760 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_HLP_CONTAINER,
1761 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_IP_ADDR_ASSIGN,
1762 /* TODO: add 11ah/11aj/11ak elements */
1763 };
1764 size_t noffset;
1765
1766 if (!elems_len)
1767 return offset;
1768
1769 /* RIC already taken care of in ieee80211_add_before_ht_elems() */
1770 noffset = ieee80211_ie_split(elems, elems_len,
1771 before_he, ARRAY_SIZE(before_he),
1772 offset);
1773 skb_put_data(skb, elems + offset, noffset - offset);
1774
1775 return noffset;
1776 }
1777
ieee80211_add_before_reg_conn(struct sk_buff * skb,const u8 * elems,size_t elems_len,size_t offset)1778 static size_t ieee80211_add_before_reg_conn(struct sk_buff *skb,
1779 const u8 *elems, size_t elems_len,
1780 size_t offset)
1781 {
1782 static const u8 before_reg_conn[] = {
1783 /*
1784 * no need to list the ones split off before HE
1785 * or generated here
1786 */
1787 WLAN_EID_EXTENSION, WLAN_EID_EXT_DH_PARAMETER,
1788 WLAN_EID_EXTENSION, WLAN_EID_EXT_KNOWN_STA_IDENTIFCATION,
1789 };
1790 size_t noffset;
1791
1792 if (!elems_len)
1793 return offset;
1794
1795 noffset = ieee80211_ie_split(elems, elems_len, before_reg_conn,
1796 ARRAY_SIZE(before_reg_conn), offset);
1797 skb_put_data(skb, elems + offset, noffset - offset);
1798
1799 return noffset;
1800 }
1801
1802 #define PRESENT_ELEMS_MAX 8
1803 #define PRESENT_ELEM_EXT_OFFS 0x100
1804
1805 static void
1806 ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
1807 struct sk_buff *skb, u16 capab,
1808 const struct element *ext_capa,
1809 const u16 *present_elems,
1810 struct ieee80211_mgd_assoc_data *assoc_data);
1811
1812 static size_t
ieee80211_add_link_elems(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,u16 * capab,const struct element * ext_capa,const u8 * extra_elems,size_t extra_elems_len,unsigned int link_id,struct ieee80211_link_data * link,u16 * present_elems,struct ieee80211_mgd_assoc_data * assoc_data)1813 ieee80211_add_link_elems(struct ieee80211_sub_if_data *sdata,
1814 struct sk_buff *skb, u16 *capab,
1815 const struct element *ext_capa,
1816 const u8 *extra_elems,
1817 size_t extra_elems_len,
1818 unsigned int link_id,
1819 struct ieee80211_link_data *link,
1820 u16 *present_elems,
1821 struct ieee80211_mgd_assoc_data *assoc_data)
1822 {
1823 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
1824 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
1825 struct ieee80211_channel *chan = cbss->channel;
1826 const struct ieee80211_sband_iftype_data *iftd;
1827 struct ieee80211_local *local = sdata->local;
1828 struct ieee80211_supported_band *sband;
1829 enum nl80211_chan_width width = NL80211_CHAN_WIDTH_20;
1830 struct ieee80211_chanctx_conf *chanctx_conf;
1831 enum ieee80211_smps_mode smps_mode;
1832 u16 orig_capab = *capab;
1833 size_t offset = 0;
1834 int present_elems_len = 0;
1835 u8 *pos;
1836 int i;
1837
1838 #define ADD_PRESENT_ELEM(id) do { \
1839 /* need a last for termination - we use 0 == SSID */ \
1840 if (!WARN_ON(present_elems_len >= PRESENT_ELEMS_MAX - 1)) \
1841 present_elems[present_elems_len++] = (id); \
1842 } while (0)
1843 #define ADD_PRESENT_EXT_ELEM(id) ADD_PRESENT_ELEM(PRESENT_ELEM_EXT_OFFS | (id))
1844
1845 if (link)
1846 smps_mode = link->smps_mode;
1847 else if (sdata->u.mgd.powersave)
1848 smps_mode = IEEE80211_SMPS_DYNAMIC;
1849 else
1850 smps_mode = IEEE80211_SMPS_OFF;
1851
1852 if (link) {
1853 /*
1854 * 5/10 MHz scenarios are only viable without MLO, in which
1855 * case this pointer should be used ... All of this is a bit
1856 * unclear though, not sure this even works at all.
1857 */
1858 rcu_read_lock();
1859 chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
1860 if (chanctx_conf)
1861 width = chanctx_conf->def.width;
1862 rcu_read_unlock();
1863 }
1864
1865 sband = local->hw.wiphy->bands[chan->band];
1866 iftd = ieee80211_get_sband_iftype_data(sband, iftype);
1867
1868 if (sband->band == NL80211_BAND_2GHZ) {
1869 *capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
1870 *capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
1871 }
1872
1873 if ((cbss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
1874 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT))
1875 *capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
1876
1877 if (sband->band != NL80211_BAND_S1GHZ)
1878 ieee80211_assoc_add_rates(local, skb, width, sband, assoc_data);
1879
1880 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT ||
1881 *capab & WLAN_CAPABILITY_RADIO_MEASURE) {
1882 struct cfg80211_chan_def chandef = {
1883 .width = width,
1884 .chan = chan,
1885 };
1886
1887 pos = skb_put(skb, 4);
1888 *pos++ = WLAN_EID_PWR_CAPABILITY;
1889 *pos++ = 2;
1890 *pos++ = 0; /* min tx power */
1891 /* max tx power */
1892 *pos++ = ieee80211_chandef_max_power(&chandef);
1893 ADD_PRESENT_ELEM(WLAN_EID_PWR_CAPABILITY);
1894 }
1895
1896 /*
1897 * Per spec, we shouldn't include the list of channels if we advertise
1898 * support for extended channel switching, but we've always done that;
1899 * (for now?) apply this restriction only on the (new) 6 GHz band.
1900 */
1901 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT &&
1902 (sband->band != NL80211_BAND_6GHZ ||
1903 !ext_capa || ext_capa->datalen < 1 ||
1904 !(ext_capa->data[0] & WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING))) {
1905 /* TODO: get this in reg domain format */
1906 pos = skb_put(skb, 2 * sband->n_channels + 2);
1907 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
1908 *pos++ = 2 * sband->n_channels;
1909 for (i = 0; i < sband->n_channels; i++) {
1910 int cf = sband->channels[i].center_freq;
1911
1912 *pos++ = ieee80211_frequency_to_channel(cf);
1913 *pos++ = 1; /* one channel in the subband*/
1914 }
1915 ADD_PRESENT_ELEM(WLAN_EID_SUPPORTED_CHANNELS);
1916 }
1917
1918 /* if present, add any custom IEs that go before HT */
1919 offset = ieee80211_add_before_ht_elems(skb, extra_elems,
1920 extra_elems_len,
1921 offset);
1922
1923 if (sband->band != NL80211_BAND_6GHZ &&
1924 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HT) {
1925 ieee80211_add_ht_ie(sdata, skb,
1926 assoc_data->link[link_id].ap_ht_param,
1927 sband, chan, smps_mode,
1928 &assoc_data->link[link_id].conn);
1929 ADD_PRESENT_ELEM(WLAN_EID_HT_CAPABILITY);
1930 }
1931
1932 /* if present, add any custom IEs that go before VHT */
1933 offset = ieee80211_add_before_vht_elems(skb, extra_elems,
1934 extra_elems_len,
1935 offset);
1936
1937 if (sband->band != NL80211_BAND_6GHZ &&
1938 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_VHT &&
1939 sband->vht_cap.vht_supported) {
1940 bool mu_mimo_owner =
1941 ieee80211_add_vht_ie(sdata, skb, sband,
1942 &assoc_data->link[link_id].ap_vht_cap,
1943 &assoc_data->link[link_id].conn);
1944
1945 if (link)
1946 link->conf->mu_mimo_owner = mu_mimo_owner;
1947 ADD_PRESENT_ELEM(WLAN_EID_VHT_CAPABILITY);
1948 }
1949
1950 /* if present, add any custom IEs that go before HE */
1951 offset = ieee80211_add_before_he_elems(skb, extra_elems,
1952 extra_elems_len,
1953 offset);
1954
1955 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HE) {
1956 ieee80211_put_he_cap(skb, sdata, sband,
1957 &assoc_data->link[link_id].conn);
1958 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_HE_CAPABILITY);
1959 if (sband->band == NL80211_BAND_6GHZ)
1960 ieee80211_put_he_6ghz_cap(skb, sdata, smps_mode);
1961 }
1962
1963 /*
1964 * if present, add any custom IEs that go before regulatory
1965 * connectivity element
1966 */
1967 offset = ieee80211_add_before_reg_conn(skb, extra_elems,
1968 extra_elems_len, offset);
1969
1970 if (sband->band == NL80211_BAND_6GHZ) {
1971 /*
1972 * as per Section E.2.7 of IEEE 802.11 REVme D7.0, non-AP STA
1973 * capable of operating on the 6 GHz band shall transmit
1974 * regulatory connectivity element.
1975 */
1976 ieee80211_put_reg_conn(skb, chan->flags);
1977 }
1978
1979 /*
1980 * careful - need to know about all the present elems before
1981 * calling ieee80211_assoc_add_ml_elem(), so add these if
1982 * we're going to put them after the ML element
1983 */
1984 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT)
1985 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_EHT_CAPABILITY);
1986 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_UHR)
1987 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_UHR_CAPA);
1988
1989 if (link_id == assoc_data->assoc_link_id)
1990 ieee80211_assoc_add_ml_elem(sdata, skb, orig_capab, ext_capa,
1991 present_elems, assoc_data);
1992
1993 /* crash if somebody gets it wrong */
1994 present_elems = NULL;
1995
1996 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT)
1997 ieee80211_put_eht_cap(skb, sdata, sband,
1998 &assoc_data->link[link_id].conn);
1999
2000 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_UHR)
2001 ieee80211_put_uhr_cap(skb, sdata, sband);
2002
2003 if (sband->band == NL80211_BAND_S1GHZ) {
2004 ieee80211_add_aid_request_ie(sdata, skb);
2005 ieee80211_add_s1g_capab_ie(sdata, &sband->s1g_cap, skb);
2006 }
2007
2008 if (iftd && iftd->vendor_elems.data && iftd->vendor_elems.len)
2009 skb_put_data(skb, iftd->vendor_elems.data, iftd->vendor_elems.len);
2010
2011 return offset;
2012 }
2013
ieee80211_add_non_inheritance_elem(struct sk_buff * skb,const u16 * outer,const u16 * inner)2014 static void ieee80211_add_non_inheritance_elem(struct sk_buff *skb,
2015 const u16 *outer,
2016 const u16 *inner)
2017 {
2018 unsigned int skb_len = skb->len;
2019 bool at_extension = false;
2020 bool added = false;
2021 int i, j;
2022 u8 *len, *list_len = NULL;
2023
2024 skb_put_u8(skb, WLAN_EID_EXTENSION);
2025 len = skb_put(skb, 1);
2026 skb_put_u8(skb, WLAN_EID_EXT_NON_INHERITANCE);
2027
2028 for (i = 0; i < PRESENT_ELEMS_MAX && outer[i]; i++) {
2029 u16 elem = outer[i];
2030 bool have_inner = false;
2031
2032 /* should at least be sorted in the sense of normal -> ext */
2033 WARN_ON(at_extension && elem < PRESENT_ELEM_EXT_OFFS);
2034
2035 /* switch to extension list */
2036 if (!at_extension && elem >= PRESENT_ELEM_EXT_OFFS) {
2037 at_extension = true;
2038 if (!list_len)
2039 skb_put_u8(skb, 0);
2040 list_len = NULL;
2041 }
2042
2043 for (j = 0; j < PRESENT_ELEMS_MAX && inner[j]; j++) {
2044 if (elem == inner[j]) {
2045 have_inner = true;
2046 break;
2047 }
2048 }
2049
2050 if (have_inner)
2051 continue;
2052
2053 if (!list_len) {
2054 list_len = skb_put(skb, 1);
2055 *list_len = 0;
2056 }
2057 *list_len += 1;
2058 skb_put_u8(skb, (u8)elem);
2059 added = true;
2060 }
2061
2062 /* if we added a list but no extension list, make a zero-len one */
2063 if (added && (!at_extension || !list_len))
2064 skb_put_u8(skb, 0);
2065
2066 /* if nothing added remove extension element completely */
2067 if (!added)
2068 skb_trim(skb, skb_len);
2069 else
2070 *len = skb->len - skb_len - 2;
2071 }
2072
2073 static void
ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb,u16 capab,const struct element * ext_capa,const u16 * outer_present_elems,struct ieee80211_mgd_assoc_data * assoc_data)2074 ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
2075 struct sk_buff *skb, u16 capab,
2076 const struct element *ext_capa,
2077 const u16 *outer_present_elems,
2078 struct ieee80211_mgd_assoc_data *assoc_data)
2079 {
2080 struct ieee80211_local *local = sdata->local;
2081 struct ieee80211_multi_link_elem *ml_elem;
2082 struct ieee80211_mle_basic_common_info *common;
2083 const struct wiphy_iftype_ext_capab *ift_ext_capa;
2084 __le16 eml_capa = 0, mld_capa_ops = 0;
2085 unsigned int link_id;
2086 u8 *ml_elem_len;
2087 void *capab_pos;
2088
2089 if (!ieee80211_vif_is_mld(&sdata->vif))
2090 return;
2091
2092 ift_ext_capa = cfg80211_get_iftype_ext_capa(local->hw.wiphy,
2093 ieee80211_vif_type_p2p(&sdata->vif));
2094 if (ift_ext_capa) {
2095 eml_capa = cpu_to_le16(ift_ext_capa->eml_capabilities);
2096 mld_capa_ops = cpu_to_le16(ift_ext_capa->mld_capa_and_ops);
2097 }
2098
2099 skb_put_u8(skb, WLAN_EID_EXTENSION);
2100 ml_elem_len = skb_put(skb, 1);
2101 skb_put_u8(skb, WLAN_EID_EXT_EHT_MULTI_LINK);
2102 ml_elem = skb_put(skb, sizeof(*ml_elem));
2103 ml_elem->control =
2104 cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_BASIC |
2105 IEEE80211_MLC_BASIC_PRES_MLD_CAPA_OP);
2106 common = skb_put(skb, sizeof(*common));
2107 common->len = sizeof(*common) +
2108 2; /* MLD capa/ops */
2109 memcpy(common->mld_mac_addr, sdata->vif.addr, ETH_ALEN);
2110
2111 /* add EML_CAPA only if needed, see Draft P802.11be_D2.1, 35.3.17 */
2112 if (eml_capa &
2113 cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP |
2114 IEEE80211_EML_CAP_EMLMR_SUPPORT))) {
2115 common->len += 2; /* EML capabilities */
2116 ml_elem->control |=
2117 cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EML_CAPA);
2118 skb_put_data(skb, &eml_capa, sizeof(eml_capa));
2119 }
2120 skb_put_data(skb, &mld_capa_ops, sizeof(mld_capa_ops));
2121
2122 if (assoc_data->ext_mld_capa_ops) {
2123 ml_elem->control |=
2124 cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EXT_MLD_CAPA_OP);
2125 common->len += 2;
2126 skb_put_data(skb, &assoc_data->ext_mld_capa_ops,
2127 sizeof(assoc_data->ext_mld_capa_ops));
2128 }
2129
2130 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
2131 u16 link_present_elems[PRESENT_ELEMS_MAX] = {};
2132 const u8 *extra_elems;
2133 size_t extra_elems_len;
2134 size_t extra_used;
2135 u8 *subelem_len = NULL;
2136 __le16 ctrl;
2137
2138 if (!assoc_data->link[link_id].bss ||
2139 link_id == assoc_data->assoc_link_id)
2140 continue;
2141
2142 extra_elems = assoc_data->link[link_id].elems;
2143 extra_elems_len = assoc_data->link[link_id].elems_len;
2144
2145 skb_put_u8(skb, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE);
2146 subelem_len = skb_put(skb, 1);
2147
2148 ctrl = cpu_to_le16(link_id |
2149 IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE |
2150 IEEE80211_MLE_STA_CONTROL_STA_MAC_ADDR_PRESENT);
2151 skb_put_data(skb, &ctrl, sizeof(ctrl));
2152 skb_put_u8(skb, 1 + ETH_ALEN); /* STA Info Length */
2153 skb_put_data(skb, assoc_data->link[link_id].addr,
2154 ETH_ALEN);
2155 /*
2156 * Now add the contents of the (re)association request,
2157 * but the "listen interval" and "current AP address"
2158 * (if applicable) are skipped. So we only have
2159 * the capability field (remember the position and fill
2160 * later), followed by the elements added below by
2161 * calling ieee80211_add_link_elems().
2162 */
2163 capab_pos = skb_put(skb, 2);
2164
2165 extra_used = ieee80211_add_link_elems(sdata, skb, &capab,
2166 ext_capa,
2167 extra_elems,
2168 extra_elems_len,
2169 link_id, NULL,
2170 link_present_elems,
2171 assoc_data);
2172 if (extra_elems)
2173 skb_put_data(skb, extra_elems + extra_used,
2174 extra_elems_len - extra_used);
2175
2176 put_unaligned_le16(capab, capab_pos);
2177
2178 ieee80211_add_non_inheritance_elem(skb, outer_present_elems,
2179 link_present_elems);
2180
2181 ieee80211_fragment_element(skb, subelem_len,
2182 IEEE80211_MLE_SUBELEM_FRAGMENT);
2183 }
2184
2185 ieee80211_fragment_element(skb, ml_elem_len, WLAN_EID_FRAGMENT);
2186 }
2187
2188 static int
ieee80211_link_common_elems_size(struct ieee80211_sub_if_data * sdata,enum nl80211_iftype iftype,struct cfg80211_bss * cbss,size_t elems_len)2189 ieee80211_link_common_elems_size(struct ieee80211_sub_if_data *sdata,
2190 enum nl80211_iftype iftype,
2191 struct cfg80211_bss *cbss,
2192 size_t elems_len)
2193 {
2194 struct ieee80211_local *local = sdata->local;
2195 const struct ieee80211_sband_iftype_data *iftd;
2196 struct ieee80211_supported_band *sband;
2197 size_t size = 0;
2198
2199 if (!cbss)
2200 return size;
2201
2202 sband = local->hw.wiphy->bands[cbss->channel->band];
2203
2204 /* add STA profile elements length */
2205 size += elems_len;
2206
2207 /* and supported rates length */
2208 size += 4 + sband->n_bitrates;
2209
2210 /* supported channels */
2211 size += 2 + 2 * sband->n_channels;
2212
2213 iftd = ieee80211_get_sband_iftype_data(sband, iftype);
2214 if (iftd)
2215 size += iftd->vendor_elems.len;
2216
2217 /* power capability */
2218 size += 4;
2219
2220 /* HT, VHT, HE, EHT */
2221 size += 2 + sizeof(struct ieee80211_ht_cap);
2222 size += 2 + sizeof(struct ieee80211_vht_cap);
2223 size += 2 + 1 + sizeof(struct ieee80211_he_cap_elem) +
2224 sizeof(struct ieee80211_he_mcs_nss_supp) +
2225 IEEE80211_HE_PPE_THRES_MAX_LEN;
2226
2227 if (sband->band == NL80211_BAND_6GHZ) {
2228 size += 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa);
2229 /* reg connection */
2230 size += 4;
2231 }
2232
2233 size += 2 + 1 + sizeof(struct ieee80211_eht_cap_elem) +
2234 sizeof(struct ieee80211_eht_mcs_nss_supp) +
2235 IEEE80211_EHT_PPE_THRES_MAX_LEN;
2236
2237 size += 2 + 1 + sizeof(struct ieee80211_uhr_cap) +
2238 sizeof(struct ieee80211_uhr_cap_phy);
2239
2240 return size;
2241 }
2242
ieee80211_send_assoc(struct ieee80211_sub_if_data * sdata)2243 static int ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
2244 {
2245 struct ieee80211_local *local = sdata->local;
2246 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2247 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2248 struct ieee80211_link_data *link;
2249 struct sk_buff *skb;
2250 struct ieee80211_mgmt *mgmt;
2251 u8 *pos, qos_info, *ie_start;
2252 size_t offset, noffset;
2253 u16 capab = 0, link_capab;
2254 __le16 listen_int;
2255 struct element *ext_capa = NULL;
2256 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
2257 struct ieee80211_prep_tx_info info = {};
2258 unsigned int link_id, n_links = 0;
2259 u16 present_elems[PRESENT_ELEMS_MAX] = {};
2260 struct sta_info *sta;
2261 bool assoc_encrypt;
2262 void *capab_pos;
2263 size_t size;
2264 int ret;
2265
2266 /* we know it's writable, cast away the const */
2267 if (assoc_data->ie_len)
2268 ext_capa = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
2269 assoc_data->ie,
2270 assoc_data->ie_len);
2271
2272 lockdep_assert_wiphy(sdata->local->hw.wiphy);
2273
2274 size = local->hw.extra_tx_headroom +
2275 sizeof(*mgmt) + /* bit too much but doesn't matter */
2276 2 + assoc_data->ssid_len + /* SSID */
2277 assoc_data->ie_len + /* extra IEs */
2278 (assoc_data->fils_kek_len ? 16 /* AES-SIV */ : 0) +
2279 9; /* WMM */
2280
2281 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
2282 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
2283 size_t elems_len = assoc_data->link[link_id].elems_len;
2284
2285 if (!cbss)
2286 continue;
2287
2288 n_links++;
2289
2290 size += ieee80211_link_common_elems_size(sdata, iftype, cbss,
2291 elems_len);
2292
2293 /* non-inheritance element */
2294 size += 2 + 2 + PRESENT_ELEMS_MAX;
2295
2296 /* should be the same across all BSSes */
2297 if (cbss->capability & WLAN_CAPABILITY_PRIVACY)
2298 capab |= WLAN_CAPABILITY_PRIVACY;
2299 }
2300
2301 if (ieee80211_vif_is_mld(&sdata->vif)) {
2302 /* consider the multi-link element with STA profile */
2303 size += sizeof(struct ieee80211_multi_link_elem);
2304 /* max common info field in basic multi-link element */
2305 size += sizeof(struct ieee80211_mle_basic_common_info) +
2306 2 + /* capa & op */
2307 2 + /* ext capa & op */
2308 2; /* EML capa */
2309
2310 /* The capability elements were already considered above */
2311 size += (n_links - 1) *
2312 (1 + 1 + /* subelement ID/length */
2313 2 + /* STA control */
2314 1 + ETH_ALEN + 2 /* STA Info field */);
2315 }
2316
2317 link = sdata_dereference(sdata->link[assoc_data->assoc_link_id], sdata);
2318 if (WARN_ON(!link))
2319 return -EINVAL;
2320
2321 if (WARN_ON(!assoc_data->link[assoc_data->assoc_link_id].bss))
2322 return -EINVAL;
2323
2324 skb = alloc_skb(size, GFP_KERNEL);
2325 if (!skb)
2326 return -ENOMEM;
2327
2328 skb_reserve(skb, local->hw.extra_tx_headroom);
2329
2330 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM)
2331 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
2332
2333 /* Set MBSSID support for HE AP if needed */
2334 if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) &&
2335 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE &&
2336 ext_capa && ext_capa->datalen >= 3)
2337 ext_capa->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT;
2338
2339 mgmt = skb_put_zero(skb, 24);
2340 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
2341 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
2342 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
2343
2344 listen_int = cpu_to_le16(assoc_data->s1g ?
2345 ieee80211_encode_usf(local->hw.conf.listen_interval) :
2346 local->hw.conf.listen_interval);
2347 if (!is_zero_ether_addr(assoc_data->prev_ap_addr)) {
2348 skb_put(skb, 10);
2349 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2350 IEEE80211_STYPE_REASSOC_REQ);
2351 capab_pos = &mgmt->u.reassoc_req.capab_info;
2352 mgmt->u.reassoc_req.listen_interval = listen_int;
2353 memcpy(mgmt->u.reassoc_req.current_ap,
2354 assoc_data->prev_ap_addr, ETH_ALEN);
2355 info.subtype = IEEE80211_STYPE_REASSOC_REQ;
2356 } else {
2357 skb_put(skb, 4);
2358 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2359 IEEE80211_STYPE_ASSOC_REQ);
2360 capab_pos = &mgmt->u.assoc_req.capab_info;
2361 mgmt->u.assoc_req.listen_interval = listen_int;
2362 info.subtype = IEEE80211_STYPE_ASSOC_REQ;
2363 }
2364
2365 /* SSID */
2366 pos = skb_put(skb, 2 + assoc_data->ssid_len);
2367 ie_start = pos;
2368 *pos++ = WLAN_EID_SSID;
2369 *pos++ = assoc_data->ssid_len;
2370 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
2371
2372 /*
2373 * This bit is technically reserved, so it shouldn't matter for either
2374 * the AP or us, but it also means we shouldn't set it. However, we've
2375 * always set it in the past, and apparently some EHT APs check that
2376 * we don't set it. To avoid interoperability issues with old APs that
2377 * for some reason check it and want it to be set, set the bit for all
2378 * pre-EHT connections as we used to do.
2379 */
2380 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_EHT &&
2381 !ieee80211_hw_check(&local->hw, STRICT))
2382 capab |= WLAN_CAPABILITY_ESS;
2383
2384 /* add the elements for the assoc (main) link */
2385 link_capab = capab;
2386 offset = ieee80211_add_link_elems(sdata, skb, &link_capab,
2387 ext_capa,
2388 assoc_data->ie,
2389 assoc_data->ie_len,
2390 assoc_data->assoc_link_id, link,
2391 present_elems, assoc_data);
2392 put_unaligned_le16(link_capab, capab_pos);
2393
2394 /* if present, add any custom non-vendor IEs */
2395 if (assoc_data->ie_len) {
2396 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
2397 assoc_data->ie_len,
2398 offset);
2399 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
2400 offset = noffset;
2401 }
2402
2403 if (assoc_data->wmm) {
2404 if (assoc_data->uapsd) {
2405 qos_info = ifmgd->uapsd_queues;
2406 qos_info |= (ifmgd->uapsd_max_sp_len <<
2407 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
2408 } else {
2409 qos_info = 0;
2410 }
2411
2412 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
2413 }
2414
2415 /* add any remaining custom (i.e. vendor specific here) IEs */
2416 if (assoc_data->ie_len) {
2417 noffset = assoc_data->ie_len;
2418 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
2419 }
2420
2421 if (assoc_data->fils_kek_len) {
2422 ret = fils_encrypt_assoc_req(skb, assoc_data);
2423 if (ret < 0) {
2424 dev_kfree_skb(skb);
2425 return ret;
2426 }
2427 }
2428
2429 pos = skb_tail_pointer(skb);
2430 kfree(ifmgd->assoc_req_ies);
2431 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC);
2432 if (!ifmgd->assoc_req_ies) {
2433 dev_kfree_skb(skb);
2434 return -ENOMEM;
2435 }
2436
2437 ifmgd->assoc_req_ies_len = pos - ie_start;
2438
2439 info.link_id = assoc_data->assoc_link_id;
2440 drv_mgd_prepare_tx(local, sdata, &info);
2441
2442 sta = sta_info_get_bss(sdata, sdata->vif.cfg.ap_addr);
2443
2444 assoc_encrypt = sta && sta->sta.epp_peer &&
2445 wiphy_dereference(sdata->local->hw.wiphy,
2446 sta->ptk[sta->ptk_idx]);
2447
2448 if (!assoc_encrypt)
2449 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2450
2451 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2452 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
2453 IEEE80211_TX_INTFL_MLME_CONN_TX;
2454 ieee80211_tx_skb(sdata, skb);
2455
2456 return 0;
2457 }
2458
ieee80211_send_pspoll(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)2459 void ieee80211_send_pspoll(struct ieee80211_local *local,
2460 struct ieee80211_sub_if_data *sdata)
2461 {
2462 struct ieee80211_pspoll *pspoll;
2463 struct sk_buff *skb;
2464
2465 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
2466 if (!skb)
2467 return;
2468
2469 pspoll = (struct ieee80211_pspoll *) skb->data;
2470 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
2471
2472 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2473 ieee80211_tx_skb(sdata, skb);
2474 }
2475
ieee80211_send_nullfunc(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata,bool powersave)2476 void ieee80211_send_nullfunc(struct ieee80211_local *local,
2477 struct ieee80211_sub_if_data *sdata,
2478 bool powersave)
2479 {
2480 struct sk_buff *skb;
2481 struct ieee80211_hdr_3addr *nullfunc;
2482 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2483
2484 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif, -1,
2485 !ieee80211_hw_check(&local->hw,
2486 DOESNT_SUPPORT_QOS_NDP));
2487 if (!skb)
2488 return;
2489
2490 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
2491 if (powersave)
2492 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
2493
2494 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
2495 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
2496
2497 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2498 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2499
2500 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
2501 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
2502
2503 ieee80211_tx_skb(sdata, skb);
2504 }
2505
ieee80211_send_4addr_nullfunc(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)2506 void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
2507 struct ieee80211_sub_if_data *sdata)
2508 {
2509 struct sk_buff *skb;
2510 struct ieee80211_hdr *nullfunc;
2511 __le16 fc;
2512
2513 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2514 return;
2515
2516 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
2517 if (!skb)
2518 return;
2519
2520 skb_reserve(skb, local->hw.extra_tx_headroom);
2521
2522 nullfunc = skb_put_zero(skb, 30);
2523 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
2524 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
2525 nullfunc->frame_control = fc;
2526 memcpy(nullfunc->addr1, sdata->vif.cfg.ap_addr, ETH_ALEN);
2527 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
2528 memcpy(nullfunc->addr3, sdata->vif.cfg.ap_addr, ETH_ALEN);
2529 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
2530
2531 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
2532 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
2533 ieee80211_tx_skb(sdata, skb);
2534 }
2535
2536 /* spectrum management related things */
ieee80211_csa_switch_work(struct wiphy * wiphy,struct wiphy_work * work)2537 static void ieee80211_csa_switch_work(struct wiphy *wiphy,
2538 struct wiphy_work *work)
2539 {
2540 struct ieee80211_link_data *link =
2541 container_of(work, struct ieee80211_link_data,
2542 u.mgd.csa.switch_work.work);
2543 struct ieee80211_sub_if_data *sdata = link->sdata;
2544 struct ieee80211_local *local = sdata->local;
2545 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2546 int ret;
2547
2548 if (!ieee80211_sdata_running(sdata))
2549 return;
2550
2551 lockdep_assert_wiphy(local->hw.wiphy);
2552
2553 if (!ifmgd->associated)
2554 return;
2555
2556 if (!link->conf->csa_active)
2557 return;
2558
2559 /*
2560 * If the link isn't active (now), we cannot wait for beacons, won't
2561 * have a reserved chanctx, etc. Just switch over the chandef and
2562 * update cfg80211 directly.
2563 */
2564 if (!ieee80211_vif_link_active(&sdata->vif, link->link_id)) {
2565 struct link_sta_info *link_sta;
2566 struct sta_info *ap_sta;
2567
2568 link->conf->chanreq = link->csa.chanreq;
2569 cfg80211_ch_switch_notify(sdata->dev, &link->csa.chanreq.oper,
2570 link->link_id);
2571 link->conf->csa_active = false;
2572
2573 ap_sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
2574 if (WARN_ON(!ap_sta))
2575 return;
2576
2577 link_sta = wiphy_dereference(wiphy,
2578 ap_sta->link[link->link_id]);
2579 if (WARN_ON(!link_sta))
2580 return;
2581
2582 link_sta->pub->bandwidth =
2583 _ieee80211_sta_cur_vht_bw(link_sta,
2584 &link->csa.chanreq.oper);
2585 return;
2586 }
2587
2588 /*
2589 * using reservation isn't immediate as it may be deferred until later
2590 * with multi-vif. once reservation is complete it will re-schedule the
2591 * work with no reserved_chanctx so verify chandef to check if it
2592 * completed successfully
2593 */
2594
2595 if (link->reserved_chanctx) {
2596 /*
2597 * with multi-vif csa driver may call ieee80211_csa_finish()
2598 * many times while waiting for other interfaces to use their
2599 * reservations
2600 */
2601 if (link->reserved_ready)
2602 return;
2603
2604 ret = ieee80211_link_use_reserved_context(link);
2605 if (ret) {
2606 link_info(link,
2607 "failed to use reserved channel context, disconnecting (err=%d)\n",
2608 ret);
2609 wiphy_work_queue(sdata->local->hw.wiphy,
2610 &ifmgd->csa_connection_drop_work);
2611 }
2612 return;
2613 }
2614
2615 if (!ieee80211_chanreq_identical(&link->conf->chanreq,
2616 &link->csa.chanreq)) {
2617 link_info(link,
2618 "failed to finalize channel switch, disconnecting\n");
2619 wiphy_work_queue(sdata->local->hw.wiphy,
2620 &ifmgd->csa_connection_drop_work);
2621 return;
2622 }
2623
2624 link->u.mgd.csa.waiting_bcn = true;
2625
2626 /*
2627 * The next beacon really should always be different, so this should
2628 * have no effect whatsoever. However, some APs (we observed this in
2629 * an Asus AXE11000), the beacon after the CSA might be identical to
2630 * the last beacon on the old channel - in this case we'd ignore it.
2631 * Resetting the CRC will lead us to handle it better (albeit with a
2632 * disconnect, but clearly the AP is broken.)
2633 */
2634 link->u.mgd.beacon_crc_valid = false;
2635
2636 /* apply new TPE restrictions immediately on the new channel */
2637 if (link->u.mgd.csa.ap_chandef.chan->band == NL80211_BAND_6GHZ &&
2638 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE) {
2639 ieee80211_rearrange_tpe(&link->u.mgd.csa.tpe,
2640 &link->u.mgd.csa.ap_chandef,
2641 &link->conf->chanreq.oper);
2642 if (memcmp(&link->conf->tpe, &link->u.mgd.csa.tpe,
2643 sizeof(link->u.mgd.csa.tpe))) {
2644 link->conf->tpe = link->u.mgd.csa.tpe;
2645 ieee80211_link_info_change_notify(sdata, link,
2646 BSS_CHANGED_TPE);
2647 }
2648 }
2649
2650 /*
2651 * It is not necessary to reset these timers if any link does not
2652 * have an active CSA and that link still receives the beacons
2653 * when other links have active CSA.
2654 */
2655 for_each_link_data(sdata, link) {
2656 if (!link->conf->csa_active)
2657 return;
2658 }
2659
2660 /*
2661 * Reset the beacon monitor and connection monitor timers when CSA
2662 * is active for all links in MLO when channel switch occurs in all
2663 * the links.
2664 */
2665 ieee80211_sta_reset_beacon_monitor(sdata);
2666 ieee80211_sta_reset_conn_monitor(sdata);
2667 }
2668
ieee80211_chswitch_post_beacon(struct ieee80211_link_data * link)2669 static void ieee80211_chswitch_post_beacon(struct ieee80211_link_data *link)
2670 {
2671 struct ieee80211_sub_if_data *sdata = link->sdata;
2672 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2673 int ret;
2674
2675 lockdep_assert_wiphy(sdata->local->hw.wiphy);
2676
2677 WARN_ON(!link->conf->csa_active);
2678
2679 ieee80211_vif_unblock_queues_csa(sdata);
2680
2681 link->conf->csa_active = false;
2682 link->u.mgd.csa.blocked_tx = false;
2683 link->u.mgd.csa.waiting_bcn = false;
2684
2685 ret = drv_post_channel_switch(link);
2686 if (ret) {
2687 link_info(link,
2688 "driver post channel switch failed, disconnecting\n");
2689 wiphy_work_queue(sdata->local->hw.wiphy,
2690 &ifmgd->csa_connection_drop_work);
2691 return;
2692 }
2693
2694 cfg80211_ch_switch_notify(sdata->dev, &link->conf->chanreq.oper,
2695 link->link_id);
2696 }
2697
ieee80211_chswitch_done(struct ieee80211_vif * vif,bool success,unsigned int link_id)2698 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success,
2699 unsigned int link_id)
2700 {
2701 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2702
2703 trace_api_chswitch_done(sdata, success, link_id);
2704
2705 rcu_read_lock();
2706
2707 if (!success) {
2708 sdata_info(sdata,
2709 "driver channel switch failed (link %d), disconnecting\n",
2710 link_id);
2711 wiphy_work_queue(sdata->local->hw.wiphy,
2712 &sdata->u.mgd.csa_connection_drop_work);
2713 } else {
2714 struct ieee80211_link_data *link =
2715 rcu_dereference(sdata->link[link_id]);
2716
2717 if (WARN_ON(!link)) {
2718 rcu_read_unlock();
2719 return;
2720 }
2721
2722 wiphy_hrtimer_work_queue(sdata->local->hw.wiphy,
2723 &link->u.mgd.csa.switch_work, 0);
2724 }
2725
2726 rcu_read_unlock();
2727 }
2728 EXPORT_SYMBOL(ieee80211_chswitch_done);
2729
2730 static void
ieee80211_sta_abort_chanswitch(struct ieee80211_link_data * link)2731 ieee80211_sta_abort_chanswitch(struct ieee80211_link_data *link)
2732 {
2733 struct ieee80211_sub_if_data *sdata = link->sdata;
2734 struct ieee80211_local *local = sdata->local;
2735
2736 lockdep_assert_wiphy(local->hw.wiphy);
2737
2738 if (!local->ops->abort_channel_switch)
2739 return;
2740
2741 if (rcu_access_pointer(link->conf->chanctx_conf))
2742 ieee80211_link_unreserve_chanctx(link);
2743
2744 ieee80211_vif_unblock_queues_csa(sdata);
2745
2746 link->conf->csa_active = false;
2747 link->u.mgd.csa.blocked_tx = false;
2748
2749 drv_abort_channel_switch(link);
2750 }
2751
2752 struct sta_csa_rnr_iter_data {
2753 struct ieee80211_link_data *link;
2754 struct ieee80211_channel *chan;
2755 u8 mld_id;
2756 };
2757
2758 static enum cfg80211_rnr_iter_ret
ieee80211_sta_csa_rnr_iter(void * _data,u8 type,const struct ieee80211_neighbor_ap_info * info,const u8 * tbtt_info,u8 tbtt_info_len)2759 ieee80211_sta_csa_rnr_iter(void *_data, u8 type,
2760 const struct ieee80211_neighbor_ap_info *info,
2761 const u8 *tbtt_info, u8 tbtt_info_len)
2762 {
2763 struct sta_csa_rnr_iter_data *data = _data;
2764 struct ieee80211_link_data *link = data->link;
2765 struct ieee80211_sub_if_data *sdata = link->sdata;
2766 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2767 const struct ieee80211_tbtt_info_ge_11 *ti;
2768 enum nl80211_band band;
2769 unsigned int center_freq;
2770 int link_id;
2771
2772 if (type != IEEE80211_TBTT_INFO_TYPE_TBTT)
2773 return RNR_ITER_CONTINUE;
2774
2775 if (tbtt_info_len < sizeof(*ti))
2776 return RNR_ITER_CONTINUE;
2777
2778 ti = (const void *)tbtt_info;
2779
2780 if (ti->mld_params.mld_id != data->mld_id)
2781 return RNR_ITER_CONTINUE;
2782
2783 link_id = le16_get_bits(ti->mld_params.params,
2784 IEEE80211_RNR_MLD_PARAMS_LINK_ID);
2785 if (link_id != data->link->link_id)
2786 return RNR_ITER_CONTINUE;
2787
2788 /* we found the entry for our link! */
2789
2790 /* this AP is confused, it had this right before ... just disconnect */
2791 if (!ieee80211_operating_class_to_band(info->op_class, &band)) {
2792 link_info(link,
2793 "AP now has invalid operating class in RNR, disconnect\n");
2794 wiphy_work_queue(sdata->local->hw.wiphy,
2795 &ifmgd->csa_connection_drop_work);
2796 return RNR_ITER_BREAK;
2797 }
2798
2799 center_freq = ieee80211_channel_to_frequency(info->channel, band);
2800 data->chan = ieee80211_get_channel(sdata->local->hw.wiphy, center_freq);
2801
2802 return RNR_ITER_BREAK;
2803 }
2804
2805 static void
ieee80211_sta_other_link_csa_disappeared(struct ieee80211_link_data * link,struct ieee802_11_elems * elems)2806 ieee80211_sta_other_link_csa_disappeared(struct ieee80211_link_data *link,
2807 struct ieee802_11_elems *elems)
2808 {
2809 struct ieee80211_sub_if_data *sdata = link->sdata;
2810 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2811 struct sta_csa_rnr_iter_data data = {
2812 .link = link,
2813 };
2814
2815 /*
2816 * If we get here, we see a beacon from another link without
2817 * CSA still being reported for it, so now we have to check
2818 * if the CSA was aborted or completed. This may not even be
2819 * perfectly possible if the CSA was only done for changing
2820 * the puncturing, but in that case if the link in inactive
2821 * we don't really care, and if it's an active link (or when
2822 * it's activated later) we'll get a beacon and adjust.
2823 */
2824
2825 if (WARN_ON(!elems->ml_basic))
2826 return;
2827
2828 data.mld_id = ieee80211_mle_get_mld_id((const void *)elems->ml_basic);
2829
2830 /*
2831 * So in order to do this, iterate the RNR element(s) and see
2832 * what channel is reported now.
2833 */
2834 cfg80211_iter_rnr(elems->ie_start, elems->total_len,
2835 ieee80211_sta_csa_rnr_iter, &data);
2836
2837 if (!data.chan) {
2838 link_info(link,
2839 "couldn't find (valid) channel in RNR for CSA, disconnect\n");
2840 wiphy_work_queue(sdata->local->hw.wiphy,
2841 &ifmgd->csa_connection_drop_work);
2842 return;
2843 }
2844
2845 /*
2846 * If it doesn't match the CSA, then assume it aborted. This
2847 * may erroneously detect that it was _not_ aborted when it
2848 * was in fact aborted, but only changed the bandwidth or the
2849 * puncturing configuration, but we don't have enough data to
2850 * detect that.
2851 */
2852 if (data.chan != link->csa.chanreq.oper.chan)
2853 ieee80211_sta_abort_chanswitch(link);
2854 }
2855
2856 enum ieee80211_csa_source {
2857 IEEE80211_CSA_SOURCE_BEACON,
2858 IEEE80211_CSA_SOURCE_OTHER_LINK,
2859 IEEE80211_CSA_SOURCE_PROT_ACTION,
2860 IEEE80211_CSA_SOURCE_UNPROT_ACTION,
2861 };
2862
2863 static void
ieee80211_sta_process_chanswitch(struct ieee80211_link_data * link,u64 timestamp,u32 device_timestamp,struct ieee802_11_elems * full_elems,struct ieee802_11_elems * csa_elems,enum ieee80211_csa_source source)2864 ieee80211_sta_process_chanswitch(struct ieee80211_link_data *link,
2865 u64 timestamp, u32 device_timestamp,
2866 struct ieee802_11_elems *full_elems,
2867 struct ieee802_11_elems *csa_elems,
2868 enum ieee80211_csa_source source)
2869 {
2870 struct ieee80211_sub_if_data *sdata = link->sdata;
2871 struct ieee80211_local *local = sdata->local;
2872 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2873 struct ieee80211_chanctx *chanctx = NULL;
2874 struct ieee80211_chanctx_conf *conf;
2875 struct ieee80211_csa_ie csa_ie = {};
2876 struct ieee80211_channel_switch ch_switch = {
2877 .link_id = link->link_id,
2878 .timestamp = timestamp,
2879 .device_timestamp = device_timestamp,
2880 };
2881 u32 csa_time_tu;
2882 ktime_t now;
2883 int res;
2884
2885 lockdep_assert_wiphy(local->hw.wiphy);
2886
2887 if (csa_elems) {
2888 struct cfg80211_bss *cbss = link->conf->bss;
2889 enum nl80211_band current_band;
2890 struct ieee80211_bss *bss;
2891
2892 if (WARN_ON(!cbss))
2893 return;
2894
2895 current_band = cbss->channel->band;
2896 bss = (void *)cbss->priv;
2897
2898 res = ieee80211_parse_ch_switch_ie(sdata, csa_elems,
2899 current_band,
2900 bss->vht_cap_info,
2901 &link->u.mgd.conn,
2902 link->u.mgd.bssid,
2903 source == IEEE80211_CSA_SOURCE_UNPROT_ACTION,
2904 &csa_ie);
2905 if (res == 0) {
2906 ch_switch.block_tx = csa_ie.mode;
2907 ch_switch.chandef = csa_ie.chanreq.oper;
2908 ch_switch.count = csa_ie.count;
2909 ch_switch.delay = csa_ie.max_switch_time;
2910 }
2911
2912 link->u.mgd.csa.tpe = csa_elems->csa_tpe;
2913 } else {
2914 /*
2915 * If there was no per-STA profile for this link, we
2916 * get called with csa_elems == NULL. This of course means
2917 * there are no CSA elements, so set res=1 indicating
2918 * no more CSA.
2919 */
2920 res = 1;
2921 }
2922
2923 if (res < 0) {
2924 /* ignore this case, not a protected frame */
2925 if (source == IEEE80211_CSA_SOURCE_UNPROT_ACTION)
2926 return;
2927 goto drop_connection;
2928 }
2929
2930 if (link->conf->csa_active) {
2931 switch (source) {
2932 case IEEE80211_CSA_SOURCE_PROT_ACTION:
2933 case IEEE80211_CSA_SOURCE_UNPROT_ACTION:
2934 /* already processing - disregard action frames */
2935 return;
2936 case IEEE80211_CSA_SOURCE_BEACON:
2937 if (link->u.mgd.csa.waiting_bcn) {
2938 ieee80211_chswitch_post_beacon(link);
2939 /*
2940 * If the CSA is still present after the switch
2941 * we need to consider it as a new CSA (possibly
2942 * to self). This happens by not returning here
2943 * so we'll get to the check below.
2944 */
2945 } else if (res) {
2946 ieee80211_sta_abort_chanswitch(link);
2947 return;
2948 } else {
2949 drv_channel_switch_rx_beacon(sdata, &ch_switch);
2950 return;
2951 }
2952 break;
2953 case IEEE80211_CSA_SOURCE_OTHER_LINK:
2954 /* active link: we want to see the beacon to continue */
2955 if (ieee80211_vif_link_active(&sdata->vif,
2956 link->link_id))
2957 return;
2958
2959 /* switch work ran, so just complete the process */
2960 if (link->u.mgd.csa.waiting_bcn) {
2961 ieee80211_chswitch_post_beacon(link);
2962 /*
2963 * If the CSA is still present after the switch
2964 * we need to consider it as a new CSA (possibly
2965 * to self). This happens by not returning here
2966 * so we'll get to the check below.
2967 */
2968 break;
2969 }
2970
2971 /* link still has CSA but we already know, do nothing */
2972 if (!res)
2973 return;
2974
2975 /* check in the RNR if the CSA aborted */
2976 ieee80211_sta_other_link_csa_disappeared(link,
2977 full_elems);
2978 return;
2979 }
2980 }
2981
2982 /* no active CSA nor a new one */
2983 if (res) {
2984 /*
2985 * However, we may have stopped queues when receiving a public
2986 * action frame that couldn't be protected, if it had the quiet
2987 * bit set. This is a trade-off, we want to be quiet as soon as
2988 * possible, but also don't trust the public action frame much,
2989 * as it can't be protected.
2990 */
2991 if (unlikely(link->u.mgd.csa.blocked_tx)) {
2992 link->u.mgd.csa.blocked_tx = false;
2993 ieee80211_vif_unblock_queues_csa(sdata);
2994 }
2995 return;
2996 }
2997
2998 /*
2999 * We don't really trust public action frames, but block queues (go to
3000 * quiet mode) for them anyway, we should get a beacon soon to either
3001 * know what the CSA really is, or figure out the public action frame
3002 * was actually an attack.
3003 */
3004 if (source == IEEE80211_CSA_SOURCE_UNPROT_ACTION) {
3005 if (csa_ie.mode) {
3006 link->u.mgd.csa.blocked_tx = true;
3007 ieee80211_vif_block_queues_csa(sdata);
3008 }
3009 return;
3010 }
3011
3012 if (link->conf->chanreq.oper.chan->band !=
3013 csa_ie.chanreq.oper.chan->band) {
3014 link_info(link,
3015 "AP %pM switches to different band (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
3016 link->u.mgd.bssid,
3017 csa_ie.chanreq.oper.chan->center_freq,
3018 csa_ie.chanreq.oper.width,
3019 csa_ie.chanreq.oper.center_freq1,
3020 csa_ie.chanreq.oper.center_freq2);
3021 goto drop_connection;
3022 }
3023
3024 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chanreq.oper,
3025 IEEE80211_CHAN_DISABLED)) {
3026 link_info(link,
3027 "AP %pM switches to unsupported channel (%d.%03d MHz, width:%d, CF1/2: %d.%03d/%d MHz), disconnecting\n",
3028 link->u.mgd.bssid,
3029 csa_ie.chanreq.oper.chan->center_freq,
3030 csa_ie.chanreq.oper.chan->freq_offset,
3031 csa_ie.chanreq.oper.width,
3032 csa_ie.chanreq.oper.center_freq1,
3033 csa_ie.chanreq.oper.freq1_offset,
3034 csa_ie.chanreq.oper.center_freq2);
3035 goto drop_connection;
3036 }
3037
3038 if (cfg80211_chandef_identical(&csa_ie.chanreq.oper,
3039 &link->conf->chanreq.oper) &&
3040 (!csa_ie.mode || source != IEEE80211_CSA_SOURCE_BEACON)) {
3041 if (link->u.mgd.csa.ignored_same_chan)
3042 return;
3043 link_info(link,
3044 "AP %pM tries to chanswitch to same channel, ignore\n",
3045 link->u.mgd.bssid);
3046 link->u.mgd.csa.ignored_same_chan = true;
3047 return;
3048 }
3049
3050 /*
3051 * Drop all TDLS peers on the affected link - either we disconnect or
3052 * move to a different channel from this point on. There's no telling
3053 * what our peer will do.
3054 * The TDLS WIDER_BW scenario is also problematic, as peers might now
3055 * have an incompatible wider chandef.
3056 */
3057 ieee80211_teardown_tdls_peers(link);
3058
3059 conf = rcu_dereference_protected(link->conf->chanctx_conf,
3060 lockdep_is_held(&local->hw.wiphy->mtx));
3061 if (ieee80211_vif_link_active(&sdata->vif, link->link_id) && !conf) {
3062 link_info(link,
3063 "no channel context assigned to vif?, disconnecting\n");
3064 goto drop_connection;
3065 }
3066
3067 if (conf)
3068 chanctx = container_of(conf, struct ieee80211_chanctx, conf);
3069
3070 if (!ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) {
3071 link_info(link,
3072 "driver doesn't support chan-switch with channel contexts\n");
3073 goto drop_connection;
3074 }
3075
3076 if (drv_pre_channel_switch(sdata, &ch_switch)) {
3077 link_info(link,
3078 "preparing for channel switch failed, disconnecting\n");
3079 goto drop_connection;
3080 }
3081
3082 link->u.mgd.csa.ap_chandef = csa_ie.chanreq.ap;
3083
3084 link->csa.chanreq.oper = csa_ie.chanreq.oper;
3085 ieee80211_set_chanreq_ap(sdata, &link->csa.chanreq, &link->u.mgd.conn,
3086 &csa_ie.chanreq.ap);
3087
3088 if (chanctx) {
3089 res = ieee80211_link_reserve_chanctx(link, &link->csa.chanreq,
3090 chanctx->mode, false);
3091 if (res) {
3092 link_info(link,
3093 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n",
3094 res);
3095 goto drop_connection;
3096 }
3097 }
3098
3099 link->conf->csa_active = true;
3100 link->u.mgd.csa.ignored_same_chan = false;
3101 link->u.mgd.beacon_crc_valid = false;
3102 link->u.mgd.csa.blocked_tx = csa_ie.mode;
3103
3104 if (csa_ie.mode)
3105 ieee80211_vif_block_queues_csa(sdata);
3106
3107 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chanreq.oper,
3108 link->link_id, csa_ie.count,
3109 csa_ie.mode);
3110
3111 /* we may have to handle timeout for deactivated link in software */
3112 now = ktime_get_boottime();
3113 csa_time_tu = (max_t(int, csa_ie.count, 1) - 1) * link->conf->beacon_int;
3114 link->u.mgd.csa.time = now + us_to_ktime(ieee80211_tu_to_usec(csa_time_tu));
3115
3116 if (ieee80211_vif_link_active(&sdata->vif, link->link_id) &&
3117 local->ops->channel_switch) {
3118 /*
3119 * Use driver's channel switch callback, the driver will
3120 * later call ieee80211_chswitch_done(). It may deactivate
3121 * the link as well, we handle that elsewhere and queue
3122 * the csa.switch_work for the calculated time then.
3123 */
3124 drv_channel_switch(local, sdata, &ch_switch);
3125 return;
3126 }
3127
3128 /* channel switch handled in software */
3129 wiphy_hrtimer_work_queue(local->hw.wiphy,
3130 &link->u.mgd.csa.switch_work,
3131 link->u.mgd.csa.time - now);
3132 return;
3133 drop_connection:
3134 /*
3135 * This is just so that the disconnect flow will know that
3136 * we were trying to switch channel and failed. In case the
3137 * mode is 1 (we are not allowed to Tx), we will know not to
3138 * send a deauthentication frame. Those two fields will be
3139 * reset when the disconnection worker runs.
3140 */
3141 link->conf->csa_active = true;
3142 link->u.mgd.csa.blocked_tx = csa_ie.mode;
3143
3144 wiphy_work_queue(sdata->local->hw.wiphy,
3145 &ifmgd->csa_connection_drop_work);
3146 }
3147
3148 struct sta_bss_param_ch_cnt_data {
3149 struct ieee80211_sub_if_data *sdata;
3150 u8 reporting_link_id;
3151 u8 mld_id;
3152 };
3153
3154 static enum cfg80211_rnr_iter_ret
ieee80211_sta_bss_param_ch_cnt_iter(void * _data,u8 type,const struct ieee80211_neighbor_ap_info * info,const u8 * tbtt_info,u8 tbtt_info_len)3155 ieee80211_sta_bss_param_ch_cnt_iter(void *_data, u8 type,
3156 const struct ieee80211_neighbor_ap_info *info,
3157 const u8 *tbtt_info, u8 tbtt_info_len)
3158 {
3159 struct sta_bss_param_ch_cnt_data *data = _data;
3160 struct ieee80211_sub_if_data *sdata = data->sdata;
3161 const struct ieee80211_tbtt_info_ge_11 *ti;
3162 u8 bss_param_ch_cnt;
3163 int link_id;
3164
3165 if (type != IEEE80211_TBTT_INFO_TYPE_TBTT)
3166 return RNR_ITER_CONTINUE;
3167
3168 if (tbtt_info_len < sizeof(*ti))
3169 return RNR_ITER_CONTINUE;
3170
3171 ti = (const void *)tbtt_info;
3172
3173 if (ti->mld_params.mld_id != data->mld_id)
3174 return RNR_ITER_CONTINUE;
3175
3176 link_id = le16_get_bits(ti->mld_params.params,
3177 IEEE80211_RNR_MLD_PARAMS_LINK_ID);
3178 bss_param_ch_cnt =
3179 le16_get_bits(ti->mld_params.params,
3180 IEEE80211_RNR_MLD_PARAMS_BSS_CHANGE_COUNT);
3181
3182 if (bss_param_ch_cnt != 255 &&
3183 link_id < ARRAY_SIZE(sdata->link)) {
3184 struct ieee80211_link_data *link =
3185 sdata_dereference(sdata->link[link_id], sdata);
3186
3187 if (link && link->conf->bss_param_ch_cnt != bss_param_ch_cnt) {
3188 link->conf->bss_param_ch_cnt = bss_param_ch_cnt;
3189 link->conf->bss_param_ch_cnt_link_id =
3190 data->reporting_link_id;
3191 }
3192 }
3193
3194 return RNR_ITER_CONTINUE;
3195 }
3196
3197 static void
ieee80211_mgd_update_bss_param_ch_cnt(struct ieee80211_sub_if_data * sdata,struct ieee80211_bss_conf * bss_conf,struct ieee802_11_elems * elems)3198 ieee80211_mgd_update_bss_param_ch_cnt(struct ieee80211_sub_if_data *sdata,
3199 struct ieee80211_bss_conf *bss_conf,
3200 struct ieee802_11_elems *elems)
3201 {
3202 struct sta_bss_param_ch_cnt_data data = {
3203 .reporting_link_id = bss_conf->link_id,
3204 .sdata = sdata,
3205 };
3206 int bss_param_ch_cnt;
3207
3208 if (!elems->ml_basic)
3209 return;
3210
3211 data.mld_id = ieee80211_mle_get_mld_id((const void *)elems->ml_basic);
3212
3213 cfg80211_iter_rnr(elems->ie_start, elems->total_len,
3214 ieee80211_sta_bss_param_ch_cnt_iter, &data);
3215
3216 bss_param_ch_cnt =
3217 ieee80211_mle_get_bss_param_ch_cnt((const void *)elems->ml_basic);
3218
3219 /*
3220 * Update bss_param_ch_cnt_link_id even if bss_param_ch_cnt
3221 * didn't change to indicate that we got a beacon on our own
3222 * link.
3223 */
3224 if (bss_param_ch_cnt >= 0 && bss_param_ch_cnt != 255) {
3225 bss_conf->bss_param_ch_cnt = bss_param_ch_cnt;
3226 bss_conf->bss_param_ch_cnt_link_id =
3227 bss_conf->link_id;
3228 }
3229 }
3230
3231 static bool
ieee80211_find_80211h_pwr_constr(struct ieee80211_channel * channel,const u8 * country_ie,u8 country_ie_len,const u8 * pwr_constr_elem,int * chan_pwr,int * pwr_reduction)3232 ieee80211_find_80211h_pwr_constr(struct ieee80211_channel *channel,
3233 const u8 *country_ie, u8 country_ie_len,
3234 const u8 *pwr_constr_elem,
3235 int *chan_pwr, int *pwr_reduction)
3236 {
3237 struct ieee80211_country_ie_triplet *triplet;
3238 int chan = ieee80211_frequency_to_channel(channel->center_freq);
3239 int i, chan_increment;
3240 bool have_chan_pwr = false;
3241
3242 /* Invalid IE */
3243 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
3244 return false;
3245
3246 triplet = (void *)(country_ie + 3);
3247 country_ie_len -= 3;
3248
3249 switch (channel->band) {
3250 default:
3251 WARN_ON_ONCE(1);
3252 fallthrough;
3253 case NL80211_BAND_2GHZ:
3254 case NL80211_BAND_60GHZ:
3255 case NL80211_BAND_LC:
3256 chan_increment = 1;
3257 break;
3258 case NL80211_BAND_5GHZ:
3259 chan_increment = 4;
3260 break;
3261 case NL80211_BAND_6GHZ:
3262 /*
3263 * In the 6 GHz band, the "maximum transmit power level"
3264 * field in the triplets is reserved, and thus will be
3265 * zero and we shouldn't use it to control TX power.
3266 * The actual TX power will be given in the transmit
3267 * power envelope element instead.
3268 */
3269 return false;
3270 }
3271
3272 /* find channel */
3273 while (country_ie_len >= 3) {
3274 u8 first_channel = triplet->chans.first_channel;
3275
3276 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
3277 goto next;
3278
3279 for (i = 0; i < triplet->chans.num_channels; i++) {
3280 if (first_channel + i * chan_increment == chan) {
3281 have_chan_pwr = true;
3282 *chan_pwr = triplet->chans.max_power;
3283 break;
3284 }
3285 }
3286 if (have_chan_pwr)
3287 break;
3288
3289 next:
3290 triplet++;
3291 country_ie_len -= 3;
3292 }
3293
3294 if (have_chan_pwr && pwr_constr_elem)
3295 *pwr_reduction = *pwr_constr_elem;
3296 else
3297 *pwr_reduction = 0;
3298
3299 return have_chan_pwr;
3300 }
3301
ieee80211_find_cisco_dtpc(struct ieee80211_channel * channel,const u8 * cisco_dtpc_ie,int * pwr_level)3302 static void ieee80211_find_cisco_dtpc(struct ieee80211_channel *channel,
3303 const u8 *cisco_dtpc_ie,
3304 int *pwr_level)
3305 {
3306 /* From practical testing, the first data byte of the DTPC element
3307 * seems to contain the requested dBm level, and the CLI on Cisco
3308 * APs clearly state the range is -127 to 127 dBm, which indicates
3309 * a signed byte, although it seemingly never actually goes negative.
3310 * The other byte seems to always be zero.
3311 */
3312 *pwr_level = (__s8)cisco_dtpc_ie[4];
3313 }
3314
ieee80211_handle_pwr_constr(struct ieee80211_link_data * link,struct ieee80211_channel * channel,struct ieee80211_mgmt * mgmt,const u8 * country_ie,u8 country_ie_len,const u8 * pwr_constr_ie,const u8 * cisco_dtpc_ie)3315 static u64 ieee80211_handle_pwr_constr(struct ieee80211_link_data *link,
3316 struct ieee80211_channel *channel,
3317 struct ieee80211_mgmt *mgmt,
3318 const u8 *country_ie, u8 country_ie_len,
3319 const u8 *pwr_constr_ie,
3320 const u8 *cisco_dtpc_ie)
3321 {
3322 struct ieee80211_sub_if_data *sdata = link->sdata;
3323 bool has_80211h_pwr = false, has_cisco_pwr = false;
3324 int chan_pwr = 0, pwr_reduction_80211h = 0;
3325 int pwr_level_cisco, pwr_level_80211h;
3326 int new_ap_level;
3327 __le16 capab = mgmt->u.probe_resp.capab_info;
3328
3329 if (ieee80211_is_s1g_beacon(mgmt->frame_control))
3330 return 0; /* TODO */
3331
3332 if (country_ie &&
3333 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) ||
3334 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) {
3335 has_80211h_pwr = ieee80211_find_80211h_pwr_constr(
3336 channel, country_ie, country_ie_len,
3337 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h);
3338 pwr_level_80211h =
3339 max_t(int, 0, chan_pwr - pwr_reduction_80211h);
3340 }
3341
3342 if (cisco_dtpc_ie) {
3343 ieee80211_find_cisco_dtpc(
3344 channel, cisco_dtpc_ie, &pwr_level_cisco);
3345 has_cisco_pwr = true;
3346 }
3347
3348 if (!has_80211h_pwr && !has_cisco_pwr)
3349 return 0;
3350
3351 /* If we have both 802.11h and Cisco DTPC, apply both limits
3352 * by picking the smallest of the two power levels advertised.
3353 */
3354 if (has_80211h_pwr &&
3355 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) {
3356 new_ap_level = pwr_level_80211h;
3357
3358 if (link->ap_power_level == new_ap_level)
3359 return 0;
3360
3361 sdata_dbg(sdata,
3362 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
3363 pwr_level_80211h, chan_pwr, pwr_reduction_80211h,
3364 link->u.mgd.bssid);
3365 } else { /* has_cisco_pwr is always true here. */
3366 new_ap_level = pwr_level_cisco;
3367
3368 if (link->ap_power_level == new_ap_level)
3369 return 0;
3370
3371 sdata_dbg(sdata,
3372 "Limiting TX power to %d dBm as advertised by %pM\n",
3373 pwr_level_cisco, link->u.mgd.bssid);
3374 }
3375
3376 link->ap_power_level = new_ap_level;
3377 if (__ieee80211_recalc_txpower(link))
3378 return BSS_CHANGED_TXPOWER;
3379 return 0;
3380 }
3381
3382 /* powersave */
ieee80211_enable_ps(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)3383 static void ieee80211_enable_ps(struct ieee80211_local *local,
3384 struct ieee80211_sub_if_data *sdata)
3385 {
3386 struct ieee80211_conf *conf = &local->hw.conf;
3387
3388 /*
3389 * If we are scanning right now then the parameters will
3390 * take effect when scan finishes.
3391 */
3392 if (local->scanning)
3393 return;
3394
3395 if (conf->dynamic_ps_timeout > 0 &&
3396 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
3397 mod_timer(&local->dynamic_ps_timer, jiffies +
3398 msecs_to_jiffies(conf->dynamic_ps_timeout));
3399 } else {
3400 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
3401 ieee80211_send_nullfunc(local, sdata, true);
3402
3403 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
3404 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
3405 return;
3406
3407 conf->flags |= IEEE80211_CONF_PS;
3408 ieee80211_hw_config(local, -1, IEEE80211_CONF_CHANGE_PS);
3409 }
3410 }
3411
ieee80211_change_ps(struct ieee80211_local * local)3412 static void ieee80211_change_ps(struct ieee80211_local *local)
3413 {
3414 struct ieee80211_conf *conf = &local->hw.conf;
3415
3416 if (local->ps_sdata) {
3417 ieee80211_enable_ps(local, local->ps_sdata);
3418 } else if (conf->flags & IEEE80211_CONF_PS) {
3419 conf->flags &= ~IEEE80211_CONF_PS;
3420 ieee80211_hw_config(local, -1, IEEE80211_CONF_CHANGE_PS);
3421 timer_delete_sync(&local->dynamic_ps_timer);
3422 wiphy_work_cancel(local->hw.wiphy,
3423 &local->dynamic_ps_enable_work);
3424 }
3425 }
3426
ieee80211_powersave_allowed(struct ieee80211_sub_if_data * sdata)3427 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
3428 {
3429 struct ieee80211_local *local = sdata->local;
3430 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
3431 struct sta_info *sta = NULL;
3432 bool authorized = false;
3433
3434 if (!mgd->powersave)
3435 return false;
3436
3437 if (mgd->broken_ap)
3438 return false;
3439
3440 if (!mgd->associated)
3441 return false;
3442
3443 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
3444 return false;
3445
3446 if (!(local->hw.wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO) &&
3447 !sdata->deflink.u.mgd.have_beacon)
3448 return false;
3449
3450 rcu_read_lock();
3451 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
3452 if (sta)
3453 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
3454 rcu_read_unlock();
3455
3456 return authorized;
3457 }
3458
3459 /* need to hold RTNL or interface lock */
ieee80211_recalc_ps(struct ieee80211_local * local)3460 void ieee80211_recalc_ps(struct ieee80211_local *local)
3461 {
3462 struct ieee80211_sub_if_data *sdata, *found = NULL;
3463 int count = 0;
3464 int timeout;
3465
3466 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS) ||
3467 ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
3468 local->ps_sdata = NULL;
3469 return;
3470 }
3471
3472 list_for_each_entry(sdata, &local->interfaces, list) {
3473 if (!ieee80211_sdata_running(sdata))
3474 continue;
3475 if (sdata->vif.type == NL80211_IFTYPE_AP) {
3476 /* If an AP vif is found, then disable PS
3477 * by setting the count to zero thereby setting
3478 * ps_sdata to NULL.
3479 */
3480 count = 0;
3481 break;
3482 }
3483 if (sdata->vif.type != NL80211_IFTYPE_STATION)
3484 continue;
3485 found = sdata;
3486 count++;
3487 }
3488
3489 if (count == 1 && ieee80211_powersave_allowed(found)) {
3490 u8 dtimper = found->deflink.u.mgd.dtim_period;
3491
3492 timeout = local->dynamic_ps_forced_timeout;
3493 if (timeout < 0)
3494 timeout = 100;
3495 local->hw.conf.dynamic_ps_timeout = timeout;
3496
3497 /* If the TIM IE is invalid, pretend the value is 1 */
3498 if (!dtimper)
3499 dtimper = 1;
3500
3501 local->hw.conf.ps_dtim_period = dtimper;
3502 local->ps_sdata = found;
3503 } else {
3504 local->ps_sdata = NULL;
3505 }
3506
3507 ieee80211_change_ps(local);
3508 }
3509
ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data * sdata)3510 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
3511 {
3512 bool ps_allowed = ieee80211_powersave_allowed(sdata);
3513
3514 if (sdata->vif.cfg.ps != ps_allowed) {
3515 sdata->vif.cfg.ps = ps_allowed;
3516 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_PS);
3517 }
3518 }
3519
ieee80211_dynamic_ps_disable_work(struct wiphy * wiphy,struct wiphy_work * work)3520 void ieee80211_dynamic_ps_disable_work(struct wiphy *wiphy,
3521 struct wiphy_work *work)
3522 {
3523 struct ieee80211_local *local =
3524 container_of(work, struct ieee80211_local,
3525 dynamic_ps_disable_work);
3526
3527 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
3528 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
3529 ieee80211_hw_config(local, -1, IEEE80211_CONF_CHANGE_PS);
3530 }
3531
3532 ieee80211_wake_queues_by_reason(&local->hw,
3533 IEEE80211_MAX_QUEUE_MAP,
3534 IEEE80211_QUEUE_STOP_REASON_PS,
3535 false);
3536 }
3537
ieee80211_dynamic_ps_enable_work(struct wiphy * wiphy,struct wiphy_work * work)3538 void ieee80211_dynamic_ps_enable_work(struct wiphy *wiphy,
3539 struct wiphy_work *work)
3540 {
3541 struct ieee80211_local *local =
3542 container_of(work, struct ieee80211_local,
3543 dynamic_ps_enable_work);
3544 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
3545 struct ieee80211_if_managed *ifmgd;
3546 unsigned long flags;
3547 int q;
3548
3549 /* can only happen when PS was just disabled anyway */
3550 if (!sdata)
3551 return;
3552
3553 ifmgd = &sdata->u.mgd;
3554
3555 if (local->hw.conf.flags & IEEE80211_CONF_PS)
3556 return;
3557
3558 if (local->hw.conf.dynamic_ps_timeout > 0) {
3559 /* don't enter PS if TX frames are pending */
3560 if (drv_tx_frames_pending(local)) {
3561 mod_timer(&local->dynamic_ps_timer, jiffies +
3562 msecs_to_jiffies(
3563 local->hw.conf.dynamic_ps_timeout));
3564 return;
3565 }
3566
3567 /*
3568 * transmission can be stopped by others which leads to
3569 * dynamic_ps_timer expiry. Postpone the ps timer if it
3570 * is not the actual idle state.
3571 */
3572 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
3573 for (q = 0; q < local->hw.queues; q++) {
3574 if (local->queue_stop_reasons[q]) {
3575 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
3576 flags);
3577 mod_timer(&local->dynamic_ps_timer, jiffies +
3578 msecs_to_jiffies(
3579 local->hw.conf.dynamic_ps_timeout));
3580 return;
3581 }
3582 }
3583 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
3584 }
3585
3586 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
3587 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
3588 if (drv_tx_frames_pending(local)) {
3589 mod_timer(&local->dynamic_ps_timer, jiffies +
3590 msecs_to_jiffies(
3591 local->hw.conf.dynamic_ps_timeout));
3592 } else {
3593 ieee80211_send_nullfunc(local, sdata, true);
3594 /* Flush to get the tx status of nullfunc frame */
3595 ieee80211_flush_queues(local, sdata, false);
3596 }
3597 }
3598
3599 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
3600 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) ||
3601 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
3602 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
3603 local->hw.conf.flags |= IEEE80211_CONF_PS;
3604 ieee80211_hw_config(local, -1, IEEE80211_CONF_CHANGE_PS);
3605 }
3606 }
3607
ieee80211_dynamic_ps_timer(struct timer_list * t)3608 void ieee80211_dynamic_ps_timer(struct timer_list *t)
3609 {
3610 struct ieee80211_local *local = timer_container_of(local, t,
3611 dynamic_ps_timer);
3612
3613 wiphy_work_queue(local->hw.wiphy, &local->dynamic_ps_enable_work);
3614 }
3615
ieee80211_dfs_cac_timer_work(struct wiphy * wiphy,struct wiphy_work * work)3616 void ieee80211_dfs_cac_timer_work(struct wiphy *wiphy, struct wiphy_work *work)
3617 {
3618 struct ieee80211_link_data *link =
3619 container_of(work, struct ieee80211_link_data,
3620 dfs_cac_timer_work.work);
3621 struct cfg80211_chan_def chandef = link->conf->chanreq.oper;
3622 struct ieee80211_sub_if_data *sdata = link->sdata;
3623
3624 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3625
3626 if (sdata->wdev.links[link->link_id].cac_started) {
3627 ieee80211_link_release_channel(link);
3628 cfg80211_cac_event(sdata->dev, &chandef,
3629 NL80211_RADAR_CAC_FINISHED,
3630 GFP_KERNEL, link->link_id);
3631 }
3632 }
3633
3634 static bool
__ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data * sdata)3635 __ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
3636 {
3637 struct ieee80211_local *local = sdata->local;
3638 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3639 bool ret = false;
3640 int ac;
3641
3642 if (local->hw.queues < IEEE80211_NUM_ACS)
3643 return false;
3644
3645 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3646 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
3647 int non_acm_ac;
3648 unsigned long now = jiffies;
3649
3650 if (tx_tspec->action == TX_TSPEC_ACTION_NONE &&
3651 tx_tspec->admitted_time &&
3652 time_after(now, tx_tspec->time_slice_start + HZ)) {
3653 tx_tspec->consumed_tx_time = 0;
3654 tx_tspec->time_slice_start = now;
3655
3656 if (tx_tspec->downgraded)
3657 tx_tspec->action =
3658 TX_TSPEC_ACTION_STOP_DOWNGRADE;
3659 }
3660
3661 switch (tx_tspec->action) {
3662 case TX_TSPEC_ACTION_STOP_DOWNGRADE:
3663 /* take the original parameters */
3664 if (drv_conf_tx(local, &sdata->deflink, ac,
3665 &sdata->deflink.tx_conf[ac]))
3666 link_err(&sdata->deflink,
3667 "failed to set TX queue parameters for queue %d\n",
3668 ac);
3669 tx_tspec->action = TX_TSPEC_ACTION_NONE;
3670 tx_tspec->downgraded = false;
3671 ret = true;
3672 break;
3673 case TX_TSPEC_ACTION_DOWNGRADE:
3674 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
3675 tx_tspec->action = TX_TSPEC_ACTION_NONE;
3676 ret = true;
3677 break;
3678 }
3679 /* downgrade next lower non-ACM AC */
3680 for (non_acm_ac = ac + 1;
3681 non_acm_ac < IEEE80211_NUM_ACS;
3682 non_acm_ac++)
3683 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac)))
3684 break;
3685 /* Usually the loop will result in using BK even if it
3686 * requires admission control, but such a configuration
3687 * makes no sense and we have to transmit somehow - the
3688 * AC selection does the same thing.
3689 * If we started out trying to downgrade from BK, then
3690 * the extra condition here might be needed.
3691 */
3692 if (non_acm_ac >= IEEE80211_NUM_ACS)
3693 non_acm_ac = IEEE80211_AC_BK;
3694 if (drv_conf_tx(local, &sdata->deflink, ac,
3695 &sdata->deflink.tx_conf[non_acm_ac]))
3696 link_err(&sdata->deflink,
3697 "failed to set TX queue parameters for queue %d\n",
3698 ac);
3699 tx_tspec->action = TX_TSPEC_ACTION_NONE;
3700 ret = true;
3701 wiphy_delayed_work_queue(local->hw.wiphy,
3702 &ifmgd->tx_tspec_wk,
3703 tx_tspec->time_slice_start +
3704 HZ - now + 1);
3705 break;
3706 case TX_TSPEC_ACTION_NONE:
3707 /* nothing now */
3708 break;
3709 }
3710 }
3711
3712 return ret;
3713 }
3714
ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data * sdata)3715 void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
3716 {
3717 if (__ieee80211_sta_handle_tspec_ac_params(sdata))
3718 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
3719 BSS_CHANGED_QOS);
3720 }
3721
ieee80211_sta_handle_tspec_ac_params_wk(struct wiphy * wiphy,struct wiphy_work * work)3722 static void ieee80211_sta_handle_tspec_ac_params_wk(struct wiphy *wiphy,
3723 struct wiphy_work *work)
3724 {
3725 struct ieee80211_sub_if_data *sdata;
3726
3727 sdata = container_of(work, struct ieee80211_sub_if_data,
3728 u.mgd.tx_tspec_wk.work);
3729 ieee80211_sta_handle_tspec_ac_params(sdata);
3730 }
3731
ieee80211_mgd_set_link_qos_params(struct ieee80211_link_data * link)3732 void ieee80211_mgd_set_link_qos_params(struct ieee80211_link_data *link)
3733 {
3734 struct ieee80211_sub_if_data *sdata = link->sdata;
3735 struct ieee80211_local *local = sdata->local;
3736 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3737 struct ieee80211_tx_queue_params *params = link->tx_conf;
3738 u8 ac;
3739
3740 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3741 mlme_dbg(sdata,
3742 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n",
3743 ac, params[ac].acm,
3744 params[ac].aifs, params[ac].cw_min, params[ac].cw_max,
3745 params[ac].txop, params[ac].uapsd,
3746 ifmgd->tx_tspec[ac].downgraded);
3747 if (!ifmgd->tx_tspec[ac].downgraded &&
3748 drv_conf_tx(local, link, ac, ¶ms[ac]))
3749 link_err(link,
3750 "failed to set TX queue parameters for AC %d\n",
3751 ac);
3752 }
3753 }
3754
3755 /* MLME */
3756 static bool
_ieee80211_sta_wmm_params(struct ieee80211_local * local,struct ieee80211_link_data * link,const u8 * wmm_param,size_t wmm_param_len,const struct ieee80211_mu_edca_param_set * mu_edca)3757 _ieee80211_sta_wmm_params(struct ieee80211_local *local,
3758 struct ieee80211_link_data *link,
3759 const u8 *wmm_param, size_t wmm_param_len,
3760 const struct ieee80211_mu_edca_param_set *mu_edca)
3761 {
3762 struct ieee80211_sub_if_data *sdata = link->sdata;
3763 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS];
3764 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3765 size_t left;
3766 int count, mu_edca_count, ac;
3767 const u8 *pos;
3768 u8 uapsd_queues = 0;
3769
3770 if (!local->ops->conf_tx)
3771 return false;
3772
3773 if (local->hw.queues < IEEE80211_NUM_ACS)
3774 return false;
3775
3776 if (!wmm_param)
3777 return false;
3778
3779 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
3780 return false;
3781
3782 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
3783 uapsd_queues = ifmgd->uapsd_queues;
3784
3785 count = wmm_param[6] & 0x0f;
3786 /* -1 is the initial value of ifmgd->mu_edca_last_param_set.
3787 * if mu_edca was preset before and now it disappeared tell
3788 * the driver about it.
3789 */
3790 mu_edca_count = mu_edca ? mu_edca->mu_qos_info & 0x0f : -1;
3791 if (count == link->u.mgd.wmm_last_param_set &&
3792 mu_edca_count == link->u.mgd.mu_edca_last_param_set)
3793 return false;
3794 link->u.mgd.wmm_last_param_set = count;
3795 link->u.mgd.mu_edca_last_param_set = mu_edca_count;
3796
3797 pos = wmm_param + 8;
3798 left = wmm_param_len - 8;
3799
3800 memset(¶ms, 0, sizeof(params));
3801
3802 sdata->wmm_acm = 0;
3803 for (; left >= 4; left -= 4, pos += 4) {
3804 int aci = (pos[0] >> 5) & 0x03;
3805 int acm = (pos[0] >> 4) & 0x01;
3806 bool uapsd = false;
3807
3808 switch (aci) {
3809 case 1: /* AC_BK */
3810 ac = IEEE80211_AC_BK;
3811 if (acm)
3812 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
3813 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
3814 uapsd = true;
3815 params[ac].mu_edca = !!mu_edca;
3816 if (mu_edca)
3817 params[ac].mu_edca_param_rec = mu_edca->ac_bk;
3818 break;
3819 case 2: /* AC_VI */
3820 ac = IEEE80211_AC_VI;
3821 if (acm)
3822 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
3823 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
3824 uapsd = true;
3825 params[ac].mu_edca = !!mu_edca;
3826 if (mu_edca)
3827 params[ac].mu_edca_param_rec = mu_edca->ac_vi;
3828 break;
3829 case 3: /* AC_VO */
3830 ac = IEEE80211_AC_VO;
3831 if (acm)
3832 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
3833 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
3834 uapsd = true;
3835 params[ac].mu_edca = !!mu_edca;
3836 if (mu_edca)
3837 params[ac].mu_edca_param_rec = mu_edca->ac_vo;
3838 break;
3839 case 0: /* AC_BE */
3840 default:
3841 ac = IEEE80211_AC_BE;
3842 if (acm)
3843 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
3844 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
3845 uapsd = true;
3846 params[ac].mu_edca = !!mu_edca;
3847 if (mu_edca)
3848 params[ac].mu_edca_param_rec = mu_edca->ac_be;
3849 break;
3850 }
3851
3852 params[ac].aifs = pos[0] & 0x0f;
3853
3854 if (params[ac].aifs < 2) {
3855 link_info(link,
3856 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n",
3857 params[ac].aifs, aci);
3858 params[ac].aifs = 2;
3859 }
3860 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
3861 params[ac].cw_min = ecw2cw(pos[1] & 0x0f);
3862 params[ac].txop = get_unaligned_le16(pos + 2);
3863 params[ac].acm = acm;
3864 params[ac].uapsd = uapsd;
3865
3866 if (params[ac].cw_min == 0 ||
3867 params[ac].cw_min > params[ac].cw_max) {
3868 link_info(link,
3869 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n",
3870 params[ac].cw_min, params[ac].cw_max, aci);
3871 return false;
3872 }
3873 ieee80211_regulatory_limit_wmm_params(sdata, ¶ms[ac], ac);
3874 }
3875
3876 /* WMM specification requires all 4 ACIs. */
3877 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3878 if (params[ac].cw_min == 0) {
3879 link_info(link,
3880 "AP has invalid WMM params (missing AC %d), using defaults\n",
3881 ac);
3882 return false;
3883 }
3884 }
3885
3886 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
3887 link->tx_conf[ac] = params[ac];
3888
3889 return true;
3890 }
3891
3892 static bool
ieee80211_sta_wmm_params(struct ieee80211_local * local,struct ieee80211_link_data * link,const u8 * wmm_param,size_t wmm_param_len,const struct ieee80211_mu_edca_param_set * mu_edca)3893 ieee80211_sta_wmm_params(struct ieee80211_local *local,
3894 struct ieee80211_link_data *link,
3895 const u8 *wmm_param, size_t wmm_param_len,
3896 const struct ieee80211_mu_edca_param_set *mu_edca)
3897 {
3898 if (!_ieee80211_sta_wmm_params(local, link, wmm_param, wmm_param_len,
3899 mu_edca))
3900 return false;
3901
3902 ieee80211_mgd_set_link_qos_params(link);
3903
3904 /* enable WMM or activate new settings */
3905 link->conf->qos = true;
3906 return true;
3907 }
3908
__ieee80211_stop_poll(struct ieee80211_sub_if_data * sdata)3909 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
3910 {
3911 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3912
3913 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
3914 ieee80211_run_deferred_scan(sdata->local);
3915 }
3916
ieee80211_stop_poll(struct ieee80211_sub_if_data * sdata)3917 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
3918 {
3919 lockdep_assert_wiphy(sdata->local->hw.wiphy);
3920
3921 __ieee80211_stop_poll(sdata);
3922 }
3923
ieee80211_handle_bss_capability(struct ieee80211_link_data * link,u16 capab,bool erp_valid,u8 erp)3924 static u64 ieee80211_handle_bss_capability(struct ieee80211_link_data *link,
3925 u16 capab, bool erp_valid, u8 erp)
3926 {
3927 struct ieee80211_bss_conf *bss_conf = link->conf;
3928 struct ieee80211_supported_band *sband;
3929 u64 changed = 0;
3930 bool use_protection;
3931 bool use_short_preamble;
3932 bool use_short_slot;
3933
3934 sband = ieee80211_get_link_sband(link);
3935 if (!sband)
3936 return changed;
3937
3938 if (erp_valid) {
3939 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
3940 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
3941 } else {
3942 use_protection = false;
3943 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
3944 }
3945
3946 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
3947 if (sband->band == NL80211_BAND_5GHZ ||
3948 sband->band == NL80211_BAND_6GHZ)
3949 use_short_slot = true;
3950
3951 if (use_protection != bss_conf->use_cts_prot) {
3952 bss_conf->use_cts_prot = use_protection;
3953 changed |= BSS_CHANGED_ERP_CTS_PROT;
3954 }
3955
3956 if (use_short_preamble != bss_conf->use_short_preamble) {
3957 bss_conf->use_short_preamble = use_short_preamble;
3958 changed |= BSS_CHANGED_ERP_PREAMBLE;
3959 }
3960
3961 if (use_short_slot != bss_conf->use_short_slot) {
3962 bss_conf->use_short_slot = use_short_slot;
3963 changed |= BSS_CHANGED_ERP_SLOT;
3964 }
3965
3966 return changed;
3967 }
3968
ieee80211_link_set_associated(struct ieee80211_link_data * link,struct cfg80211_bss * cbss)3969 static u64 ieee80211_link_set_associated(struct ieee80211_link_data *link,
3970 struct cfg80211_bss *cbss)
3971 {
3972 struct ieee80211_sub_if_data *sdata = link->sdata;
3973 struct ieee80211_bss_conf *bss_conf = link->conf;
3974 struct ieee80211_bss *bss = (void *)cbss->priv;
3975 u64 changed = BSS_CHANGED_QOS;
3976
3977 /* not really used in MLO */
3978 sdata->u.mgd.beacon_timeout =
3979 usecs_to_jiffies(ieee80211_tu_to_usec(beacon_loss_count *
3980 bss_conf->beacon_int));
3981
3982 changed |= ieee80211_handle_bss_capability(link,
3983 bss_conf->assoc_capability,
3984 bss->has_erp_value,
3985 bss->erp_value);
3986
3987 ieee80211_check_rate_mask(link);
3988
3989 link->conf->bss = cbss;
3990 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN);
3991
3992 if (sdata->vif.p2p ||
3993 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
3994 const struct cfg80211_bss_ies *ies;
3995
3996 rcu_read_lock();
3997 ies = rcu_dereference(cbss->ies);
3998 if (ies) {
3999 int ret;
4000
4001 ret = cfg80211_get_p2p_attr(
4002 ies->data, ies->len,
4003 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
4004 (u8 *) &bss_conf->p2p_noa_attr,
4005 sizeof(bss_conf->p2p_noa_attr));
4006 if (ret >= 2) {
4007 link->u.mgd.p2p_noa_index =
4008 bss_conf->p2p_noa_attr.index;
4009 changed |= BSS_CHANGED_P2P_PS;
4010 }
4011 }
4012 rcu_read_unlock();
4013 }
4014
4015 if (link->u.mgd.have_beacon) {
4016 bss_conf->beacon_rate = bss->beacon_rate;
4017 changed |= BSS_CHANGED_BEACON_INFO;
4018 } else {
4019 bss_conf->beacon_rate = NULL;
4020 }
4021
4022 /* Tell the driver to monitor connection quality (if supported) */
4023 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
4024 bss_conf->cqm_rssi_thold)
4025 changed |= BSS_CHANGED_CQM;
4026
4027 return changed;
4028 }
4029
ieee80211_set_associated(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * assoc_data,u64 changed[IEEE80211_MLD_MAX_NUM_LINKS])4030 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
4031 struct ieee80211_mgd_assoc_data *assoc_data,
4032 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS])
4033 {
4034 struct ieee80211_local *local = sdata->local;
4035 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
4036 u64 vif_changed = BSS_CHANGED_ASSOC;
4037 unsigned int link_id;
4038
4039 lockdep_assert_wiphy(local->hw.wiphy);
4040
4041 sdata->u.mgd.associated = true;
4042
4043 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
4044 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
4045 struct ieee80211_link_data *link;
4046
4047 if (!cbss ||
4048 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS)
4049 continue;
4050
4051 if (ieee80211_vif_is_mld(&sdata->vif) &&
4052 !(ieee80211_vif_usable_links(&sdata->vif) & BIT(link_id)))
4053 continue;
4054
4055 link = sdata_dereference(sdata->link[link_id], sdata);
4056 if (WARN_ON(!link))
4057 return;
4058
4059 changed[link_id] |= ieee80211_link_set_associated(link, cbss);
4060 }
4061
4062 /* just to be sure */
4063 ieee80211_stop_poll(sdata);
4064
4065 ieee80211_led_assoc(local, 1);
4066
4067 vif_cfg->assoc = 1;
4068
4069 /* Enable ARP filtering */
4070 if (vif_cfg->arp_addr_cnt)
4071 vif_changed |= BSS_CHANGED_ARP_FILTER;
4072
4073 if (ieee80211_vif_is_mld(&sdata->vif)) {
4074 for (link_id = 0;
4075 link_id < IEEE80211_MLD_MAX_NUM_LINKS;
4076 link_id++) {
4077 struct ieee80211_link_data *link;
4078 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
4079
4080 if (!cbss ||
4081 !(BIT(link_id) &
4082 ieee80211_vif_usable_links(&sdata->vif)) ||
4083 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS)
4084 continue;
4085
4086 link = sdata_dereference(sdata->link[link_id], sdata);
4087 if (WARN_ON(!link))
4088 return;
4089
4090 ieee80211_link_info_change_notify(sdata, link,
4091 changed[link_id]);
4092
4093 ieee80211_recalc_smps(sdata, link);
4094 }
4095
4096 ieee80211_vif_cfg_change_notify(sdata, vif_changed);
4097 } else {
4098 ieee80211_bss_info_change_notify(sdata,
4099 vif_changed | changed[0]);
4100 }
4101
4102 ieee80211_recalc_ps(local);
4103
4104 /* leave this here to not change ordering in non-MLO cases */
4105 if (!ieee80211_vif_is_mld(&sdata->vif))
4106 ieee80211_recalc_smps(sdata, &sdata->deflink);
4107 ieee80211_recalc_ps_vif(sdata);
4108
4109 netif_carrier_on(sdata->dev);
4110 }
4111
ieee80211_ml_reconf_reset(struct ieee80211_sub_if_data * sdata)4112 static void ieee80211_ml_reconf_reset(struct ieee80211_sub_if_data *sdata)
4113 {
4114 struct ieee80211_mgd_assoc_data *add_links_data =
4115 sdata->u.mgd.reconf.add_links_data;
4116
4117 if (!ieee80211_vif_is_mld(&sdata->vif) ||
4118 !(sdata->u.mgd.reconf.added_links |
4119 sdata->u.mgd.reconf.removed_links))
4120 return;
4121
4122 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
4123 &sdata->u.mgd.reconf.wk);
4124 sdata->u.mgd.reconf.added_links = 0;
4125 sdata->u.mgd.reconf.removed_links = 0;
4126 sdata->u.mgd.reconf.dialog_token = 0;
4127
4128 if (add_links_data) {
4129 struct cfg80211_mlo_reconf_done_data done_data = {};
4130 u8 link_id;
4131
4132 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
4133 link_id++)
4134 done_data.links[link_id].bss =
4135 add_links_data->link[link_id].bss;
4136
4137 cfg80211_mlo_reconf_add_done(sdata->dev, &done_data);
4138
4139 kfree(sdata->u.mgd.reconf.add_links_data);
4140 sdata->u.mgd.reconf.add_links_data = NULL;
4141 }
4142 }
4143
ieee80211_set_disassoc(struct ieee80211_sub_if_data * sdata,u16 stype,u16 reason,bool tx,u8 * frame_buf)4144 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
4145 u16 stype, u16 reason, bool tx,
4146 u8 *frame_buf)
4147 {
4148 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4149 struct ieee80211_local *local = sdata->local;
4150 struct sta_info *ap_sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
4151 unsigned int link_id;
4152 u64 changed = 0;
4153 struct ieee80211_prep_tx_info info = {
4154 .subtype = stype,
4155 .was_assoc = true,
4156 .link_id = ffs(sdata->vif.active_links) - 1,
4157 };
4158
4159 lockdep_assert_wiphy(local->hw.wiphy);
4160
4161 if (frame_buf)
4162 memset(frame_buf, 0, IEEE80211_DEAUTH_FRAME_LEN);
4163
4164 if (WARN_ON(!ap_sta))
4165 return;
4166
4167 if (WARN_ON_ONCE(tx && !frame_buf))
4168 return;
4169
4170 if (WARN_ON(!ifmgd->associated))
4171 return;
4172
4173 ieee80211_stop_poll(sdata);
4174
4175 ifmgd->associated = false;
4176
4177 if (tx) {
4178 bool tx_link_found = false;
4179
4180 for (link_id = 0;
4181 link_id < ARRAY_SIZE(sdata->link);
4182 link_id++) {
4183 struct ieee80211_link_data *link;
4184
4185 if (!ieee80211_vif_link_active(&sdata->vif, link_id))
4186 continue;
4187
4188 link = sdata_dereference(sdata->link[link_id], sdata);
4189 if (WARN_ON_ONCE(!link))
4190 continue;
4191
4192 if (link->u.mgd.csa.blocked_tx)
4193 continue;
4194
4195 tx_link_found = true;
4196 break;
4197 }
4198
4199 tx = tx_link_found;
4200 }
4201
4202 /* other links will be destroyed */
4203 sdata->deflink.conf->bss = NULL;
4204 sdata->deflink.conf->epcs_support = false;
4205 sdata->deflink.smps_mode = IEEE80211_SMPS_OFF;
4206
4207 netif_carrier_off(sdata->dev);
4208
4209 /*
4210 * if we want to get out of ps before disassoc (why?) we have
4211 * to do it before sending disassoc, as otherwise the null-packet
4212 * won't be valid.
4213 */
4214 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
4215 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
4216 ieee80211_hw_config(local, -1, IEEE80211_CONF_CHANGE_PS);
4217 }
4218 local->ps_sdata = NULL;
4219
4220 /* disable per-vif ps */
4221 ieee80211_recalc_ps_vif(sdata);
4222
4223 /* make sure ongoing transmission finishes */
4224 synchronize_net();
4225
4226 /*
4227 * drop any frame before deauth/disassoc, this can be data or
4228 * management frame. Since we are disconnecting, we should not
4229 * insist sending these frames which can take time and delay
4230 * the disconnection and possible the roaming.
4231 */
4232 ieee80211_flush_queues(local, sdata, true);
4233
4234 if (tx) {
4235 drv_mgd_prepare_tx(sdata->local, sdata, &info);
4236
4237 ieee80211_send_deauth_disassoc(sdata, sdata->vif.cfg.ap_addr,
4238 sdata->vif.cfg.ap_addr, stype,
4239 reason, true, frame_buf);
4240
4241 /* flush out frame - make sure the deauth was actually sent */
4242 ieee80211_flush_queues(local, sdata, false);
4243
4244 drv_mgd_complete_tx(sdata->local, sdata, &info);
4245 } else if (frame_buf) {
4246 ieee80211_send_deauth_disassoc(sdata, sdata->vif.cfg.ap_addr,
4247 sdata->vif.cfg.ap_addr, stype,
4248 reason, false, frame_buf);
4249 }
4250
4251 /* clear AP addr only after building the needed mgmt frames */
4252 eth_zero_addr(sdata->deflink.u.mgd.bssid);
4253 eth_zero_addr(sdata->vif.cfg.ap_addr);
4254
4255 sdata->vif.cfg.ssid_len = 0;
4256
4257 /* Remove TDLS peers */
4258 __sta_info_flush(sdata, false, -1, ap_sta);
4259
4260 if (sdata->vif.driver_flags & IEEE80211_VIF_REMOVE_AP_AFTER_DISASSOC) {
4261 /* Only move the AP state */
4262 sta_info_move_state(ap_sta, IEEE80211_STA_NONE);
4263 } else {
4264 /* Remove AP peer */
4265 sta_info_flush(sdata, -1);
4266 }
4267
4268 /* finally reset all BSS / config parameters */
4269 if (!ieee80211_vif_is_mld(&sdata->vif))
4270 changed |= ieee80211_reset_erp_info(sdata);
4271
4272 ieee80211_led_assoc(local, 0);
4273 changed |= BSS_CHANGED_ASSOC;
4274 sdata->vif.cfg.assoc = false;
4275
4276 sdata->deflink.u.mgd.p2p_noa_index = -1;
4277 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
4278 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
4279
4280 /* on the next assoc, re-program HT/VHT parameters */
4281 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
4282 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
4283 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
4284 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
4285
4286 /*
4287 * reset MU-MIMO ownership and group data in default link,
4288 * if used, other links are destroyed
4289 */
4290 memset(sdata->vif.bss_conf.mu_group.membership, 0,
4291 sizeof(sdata->vif.bss_conf.mu_group.membership));
4292 memset(sdata->vif.bss_conf.mu_group.position, 0,
4293 sizeof(sdata->vif.bss_conf.mu_group.position));
4294 if (!ieee80211_vif_is_mld(&sdata->vif))
4295 changed |= BSS_CHANGED_MU_GROUPS;
4296 sdata->vif.bss_conf.mu_mimo_owner = false;
4297
4298 sdata->deflink.ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
4299
4300 timer_delete_sync(&local->dynamic_ps_timer);
4301 wiphy_work_cancel(local->hw.wiphy, &local->dynamic_ps_enable_work);
4302
4303 /* Disable ARP filtering */
4304 if (sdata->vif.cfg.arp_addr_cnt)
4305 changed |= BSS_CHANGED_ARP_FILTER;
4306
4307 sdata->vif.bss_conf.qos = false;
4308 if (!ieee80211_vif_is_mld(&sdata->vif)) {
4309 changed |= BSS_CHANGED_QOS;
4310 /* The BSSID (not really interesting) and HT changed */
4311 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
4312 ieee80211_bss_info_change_notify(sdata, changed);
4313 } else {
4314 ieee80211_vif_cfg_change_notify(sdata, changed);
4315 }
4316
4317 if (sdata->vif.driver_flags & IEEE80211_VIF_REMOVE_AP_AFTER_DISASSOC) {
4318 /*
4319 * After notifying the driver about the disassoc,
4320 * remove the ap sta.
4321 */
4322 sta_info_flush(sdata, -1);
4323 }
4324
4325 /* disassociated - set to defaults now */
4326 ieee80211_set_wmm_default(&sdata->deflink, false, false);
4327
4328 timer_delete_sync(&sdata->u.mgd.conn_mon_timer);
4329 timer_delete_sync(&sdata->u.mgd.bcn_mon_timer);
4330 timer_delete_sync(&sdata->u.mgd.timer);
4331
4332 sdata->vif.bss_conf.dtim_period = 0;
4333 sdata->vif.bss_conf.beacon_rate = NULL;
4334
4335 sdata->deflink.u.mgd.have_beacon = false;
4336 sdata->deflink.u.mgd.tracking_signal_avg = false;
4337 sdata->deflink.u.mgd.disable_wmm_tracking = false;
4338
4339 ifmgd->flags = 0;
4340
4341 for (link_id = 0; link_id < ARRAY_SIZE(sdata->link); link_id++) {
4342 struct ieee80211_link_data *link;
4343
4344 link = sdata_dereference(sdata->link[link_id], sdata);
4345 if (!link)
4346 continue;
4347 ieee80211_link_release_channel(link);
4348 }
4349
4350 sdata->vif.bss_conf.csa_active = false;
4351 sdata->deflink.u.mgd.csa.blocked_tx = false;
4352 sdata->deflink.u.mgd.csa.waiting_bcn = false;
4353 sdata->deflink.u.mgd.csa.ignored_same_chan = false;
4354 ieee80211_vif_unblock_queues_csa(sdata);
4355
4356 /* existing TX TSPEC sessions no longer exist */
4357 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec));
4358 wiphy_delayed_work_cancel(local->hw.wiphy, &ifmgd->tx_tspec_wk);
4359
4360 sdata->vif.bss_conf.power_type = IEEE80211_REG_UNSET_AP;
4361 sdata->vif.bss_conf.pwr_reduction = 0;
4362 ieee80211_clear_tpe(&sdata->vif.bss_conf.tpe);
4363
4364 sdata->vif.cfg.eml_cap = 0;
4365 sdata->vif.cfg.eml_med_sync_delay = 0;
4366 sdata->vif.cfg.mld_capa_op = 0;
4367
4368 memset(&sdata->u.mgd.ttlm_info, 0,
4369 sizeof(sdata->u.mgd.ttlm_info));
4370 wiphy_hrtimer_work_cancel(sdata->local->hw.wiphy, &ifmgd->ttlm_work);
4371
4372 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
4373 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
4374 &ifmgd->neg_ttlm_timeout_work);
4375
4376 sdata->u.mgd.removed_links = 0;
4377 wiphy_hrtimer_work_cancel(sdata->local->hw.wiphy,
4378 &sdata->u.mgd.ml_reconf_work);
4379
4380 wiphy_work_cancel(sdata->local->hw.wiphy,
4381 &ifmgd->teardown_ttlm_work);
4382
4383 /* if disconnection happens in the middle of the ML reconfiguration
4384 * flow, cfg80211 must called to release the BSS references obtained
4385 * when the flow started.
4386 */
4387 ieee80211_ml_reconf_reset(sdata);
4388
4389 ieee80211_vif_set_links(sdata, 0, 0);
4390
4391 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO;
4392
4393 ifmgd->epcs.enabled = false;
4394 ifmgd->epcs.dialog_token = 0;
4395
4396 memset(ifmgd->userspace_selectors, 0,
4397 sizeof(ifmgd->userspace_selectors));
4398 }
4399
ieee80211_reset_ap_probe(struct ieee80211_sub_if_data * sdata)4400 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
4401 {
4402 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4403 struct ieee80211_local *local = sdata->local;
4404
4405 lockdep_assert_wiphy(local->hw.wiphy);
4406
4407 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
4408 return;
4409
4410 __ieee80211_stop_poll(sdata);
4411
4412 ieee80211_recalc_ps(local);
4413
4414 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
4415 return;
4416
4417 /*
4418 * We've received a probe response, but are not sure whether
4419 * we have or will be receiving any beacons or data, so let's
4420 * schedule the timers again, just in case.
4421 */
4422 ieee80211_sta_reset_beacon_monitor(sdata);
4423
4424 mod_timer(&ifmgd->conn_mon_timer,
4425 round_jiffies_up(jiffies +
4426 IEEE80211_CONNECTION_IDLE_TIME));
4427 }
4428
ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data * sdata,struct ieee80211_hdr * hdr,u16 tx_time)4429 static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata,
4430 struct ieee80211_hdr *hdr,
4431 u16 tx_time)
4432 {
4433 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4434 u16 tid;
4435 int ac;
4436 struct ieee80211_sta_tx_tspec *tx_tspec;
4437 unsigned long now = jiffies;
4438
4439 if (!ieee80211_is_data_qos(hdr->frame_control))
4440 return;
4441
4442 tid = ieee80211_get_tid(hdr);
4443 ac = ieee80211_ac_from_tid(tid);
4444 tx_tspec = &ifmgd->tx_tspec[ac];
4445
4446 if (likely(!tx_tspec->admitted_time))
4447 return;
4448
4449 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
4450 tx_tspec->consumed_tx_time = 0;
4451 tx_tspec->time_slice_start = now;
4452
4453 if (tx_tspec->downgraded) {
4454 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
4455 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
4456 &ifmgd->tx_tspec_wk, 0);
4457 }
4458 }
4459
4460 if (tx_tspec->downgraded)
4461 return;
4462
4463 tx_tspec->consumed_tx_time += tx_time;
4464
4465 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) {
4466 tx_tspec->downgraded = true;
4467 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE;
4468 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
4469 &ifmgd->tx_tspec_wk, 0);
4470 }
4471 }
4472
ieee80211_sta_tx_notify(struct ieee80211_sub_if_data * sdata,struct ieee80211_hdr * hdr,bool ack,u16 tx_time)4473 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
4474 struct ieee80211_hdr *hdr, bool ack, u16 tx_time)
4475 {
4476 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time);
4477
4478 if (!ieee80211_is_any_nullfunc(hdr->frame_control) ||
4479 !sdata->u.mgd.probe_send_count)
4480 return;
4481
4482 if (ack)
4483 sdata->u.mgd.probe_send_count = 0;
4484 else
4485 sdata->u.mgd.nullfunc_failed = true;
4486 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
4487 }
4488
ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data * sdata,const u8 * src,const u8 * dst,const u8 * ssid,size_t ssid_len,struct ieee80211_channel * channel)4489 static void ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data *sdata,
4490 const u8 *src, const u8 *dst,
4491 const u8 *ssid, size_t ssid_len,
4492 struct ieee80211_channel *channel)
4493 {
4494 struct sk_buff *skb;
4495
4496 skb = ieee80211_build_probe_req(sdata, src, dst, (u32)-1, channel,
4497 ssid, ssid_len, NULL, 0,
4498 IEEE80211_PROBE_FLAG_DIRECTED);
4499 if (skb)
4500 ieee80211_tx_skb(sdata, skb);
4501 }
4502
ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data * sdata)4503 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
4504 {
4505 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4506 u8 *dst = sdata->vif.cfg.ap_addr;
4507 u8 unicast_limit = max(1, max_probe_tries - 3);
4508 struct sta_info *sta;
4509
4510 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4511
4512 /*
4513 * Try sending broadcast probe requests for the last three
4514 * probe requests after the first ones failed since some
4515 * buggy APs only support broadcast probe requests.
4516 */
4517 if (ifmgd->probe_send_count >= unicast_limit)
4518 dst = NULL;
4519
4520 /*
4521 * When the hardware reports an accurate Tx ACK status, it's
4522 * better to send a nullfunc frame instead of a probe request,
4523 * as it will kick us off the AP quickly if we aren't associated
4524 * anymore. The timeout will be reset if the frame is ACKed by
4525 * the AP.
4526 */
4527 ifmgd->probe_send_count++;
4528
4529 if (dst) {
4530 sta = sta_info_get(sdata, dst);
4531 if (!WARN_ON(!sta))
4532 ieee80211_check_fast_rx(sta);
4533 }
4534
4535 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
4536 ifmgd->nullfunc_failed = false;
4537 ieee80211_send_nullfunc(sdata->local, sdata, false);
4538 } else {
4539 ieee80211_mlme_send_probe_req(sdata, sdata->vif.addr, dst,
4540 sdata->vif.cfg.ssid,
4541 sdata->vif.cfg.ssid_len,
4542 sdata->deflink.conf->bss->channel);
4543 }
4544
4545 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
4546 run_again(sdata, ifmgd->probe_timeout);
4547 }
4548
ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data * sdata,bool beacon)4549 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
4550 bool beacon)
4551 {
4552 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4553 bool already = false;
4554
4555 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4556
4557 if (!ieee80211_sdata_running(sdata))
4558 return;
4559
4560 if (!ifmgd->associated)
4561 return;
4562
4563 if (sdata->local->tmp_channel || sdata->local->scanning)
4564 return;
4565
4566 if (sdata->local->suspending) {
4567 /* reschedule after resume */
4568 ieee80211_reset_ap_probe(sdata);
4569 return;
4570 }
4571
4572 if (beacon) {
4573 mlme_dbg_ratelimited(sdata,
4574 "detected beacon loss from AP (missed %d beacons) - probing\n",
4575 beacon_loss_count);
4576
4577 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL);
4578 }
4579
4580 /*
4581 * The driver/our work has already reported this event or the
4582 * connection monitoring has kicked in and we have already sent
4583 * a probe request. Or maybe the AP died and the driver keeps
4584 * reporting until we disassociate...
4585 *
4586 * In either case we have to ignore the current call to this
4587 * function (except for setting the correct probe reason bit)
4588 * because otherwise we would reset the timer every time and
4589 * never check whether we received a probe response!
4590 */
4591 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
4592 already = true;
4593
4594 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
4595
4596 if (already)
4597 return;
4598
4599 ieee80211_recalc_ps(sdata->local);
4600
4601 ifmgd->probe_send_count = 0;
4602 ieee80211_mgd_probe_ap_send(sdata);
4603 }
4604
ieee80211_ap_probereq_get(struct ieee80211_hw * hw,struct ieee80211_vif * vif)4605 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
4606 struct ieee80211_vif *vif)
4607 {
4608 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4609 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4610 struct cfg80211_bss *cbss;
4611 struct sk_buff *skb;
4612 const struct element *ssid;
4613 int ssid_len;
4614
4615 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4616
4617 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION ||
4618 ieee80211_vif_is_mld(&sdata->vif)))
4619 return NULL;
4620
4621 if (ifmgd->associated)
4622 cbss = sdata->deflink.conf->bss;
4623 else if (ifmgd->auth_data)
4624 cbss = ifmgd->auth_data->bss;
4625 else if (ifmgd->assoc_data && ifmgd->assoc_data->link[0].bss)
4626 cbss = ifmgd->assoc_data->link[0].bss;
4627 else
4628 return NULL;
4629
4630 rcu_read_lock();
4631 ssid = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID);
4632 if (WARN_ONCE(!ssid || ssid->datalen > IEEE80211_MAX_SSID_LEN,
4633 "invalid SSID element (len=%d)",
4634 ssid ? ssid->datalen : -1))
4635 ssid_len = 0;
4636 else
4637 ssid_len = ssid->datalen;
4638
4639 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid,
4640 (u32) -1, cbss->channel,
4641 ssid->data, ssid_len,
4642 NULL, 0, IEEE80211_PROBE_FLAG_DIRECTED);
4643 rcu_read_unlock();
4644
4645 return skb;
4646 }
4647 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
4648
ieee80211_report_disconnect(struct ieee80211_sub_if_data * sdata,const u8 * buf,size_t len,bool tx,u16 reason,bool reconnect)4649 static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
4650 const u8 *buf, size_t len, bool tx,
4651 u16 reason, bool reconnect)
4652 {
4653 struct ieee80211_event event = {
4654 .type = MLME_EVENT,
4655 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT,
4656 .u.mlme.reason = reason,
4657 };
4658
4659 if (tx)
4660 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len, reconnect);
4661 else
4662 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
4663
4664 drv_event_callback(sdata->local, sdata, &event);
4665 }
4666
__ieee80211_disconnect(struct ieee80211_sub_if_data * sdata)4667 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
4668 {
4669 struct ieee80211_local *local = sdata->local;
4670 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4671 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4672
4673 lockdep_assert_wiphy(local->hw.wiphy);
4674
4675 if (!ifmgd->associated)
4676 return;
4677
4678 if (!ifmgd->driver_disconnect) {
4679 unsigned int link_id;
4680
4681 /*
4682 * AP is probably out of range (or not reachable for another
4683 * reason) so remove the bss structs for that AP. In the case
4684 * of multi-link, it's not clear that all of them really are
4685 * out of range, but if they weren't the driver likely would
4686 * have switched to just have a single link active?
4687 */
4688 for (link_id = 0;
4689 link_id < ARRAY_SIZE(sdata->link);
4690 link_id++) {
4691 struct ieee80211_link_data *link;
4692
4693 link = sdata_dereference(sdata->link[link_id], sdata);
4694 if (!link || !link->conf->bss)
4695 continue;
4696 cfg80211_unlink_bss(local->hw.wiphy, link->conf->bss);
4697 link->conf->bss = NULL;
4698 }
4699 }
4700
4701 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4702 ifmgd->driver_disconnect ?
4703 WLAN_REASON_DEAUTH_LEAVING :
4704 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4705 true, frame_buf);
4706 /* the other links will be destroyed */
4707 sdata->vif.bss_conf.csa_active = false;
4708 sdata->deflink.u.mgd.csa.waiting_bcn = false;
4709 sdata->deflink.u.mgd.csa.blocked_tx = false;
4710 ieee80211_vif_unblock_queues_csa(sdata);
4711
4712 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
4713 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4714 ifmgd->reconnect);
4715 ifmgd->reconnect = false;
4716 }
4717
ieee80211_beacon_connection_loss_work(struct wiphy * wiphy,struct wiphy_work * work)4718 static void ieee80211_beacon_connection_loss_work(struct wiphy *wiphy,
4719 struct wiphy_work *work)
4720 {
4721 struct ieee80211_sub_if_data *sdata =
4722 container_of(work, struct ieee80211_sub_if_data,
4723 u.mgd.beacon_connection_loss_work);
4724 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4725
4726 if (ifmgd->connection_loss) {
4727 sdata_info(sdata, "Connection to AP %pM lost\n",
4728 sdata->vif.cfg.ap_addr);
4729 __ieee80211_disconnect(sdata);
4730 ifmgd->connection_loss = false;
4731 } else if (ifmgd->driver_disconnect) {
4732 sdata_info(sdata,
4733 "Driver requested disconnection from AP %pM\n",
4734 sdata->vif.cfg.ap_addr);
4735 __ieee80211_disconnect(sdata);
4736 ifmgd->driver_disconnect = false;
4737 } else {
4738 if (ifmgd->associated)
4739 sdata->deflink.u.mgd.beacon_loss_count++;
4740 ieee80211_mgd_probe_ap(sdata, true);
4741 }
4742 }
4743
ieee80211_csa_connection_drop_work(struct wiphy * wiphy,struct wiphy_work * work)4744 static void ieee80211_csa_connection_drop_work(struct wiphy *wiphy,
4745 struct wiphy_work *work)
4746 {
4747 struct ieee80211_sub_if_data *sdata =
4748 container_of(work, struct ieee80211_sub_if_data,
4749 u.mgd.csa_connection_drop_work);
4750
4751 __ieee80211_disconnect(sdata);
4752 }
4753
ieee80211_beacon_loss(struct ieee80211_vif * vif)4754 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
4755 {
4756 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4757 struct ieee80211_hw *hw = &sdata->local->hw;
4758
4759 trace_api_beacon_loss(sdata);
4760
4761 sdata->u.mgd.connection_loss = false;
4762 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
4763 }
4764 EXPORT_SYMBOL(ieee80211_beacon_loss);
4765
ieee80211_connection_loss(struct ieee80211_vif * vif)4766 void ieee80211_connection_loss(struct ieee80211_vif *vif)
4767 {
4768 struct ieee80211_sub_if_data *sdata;
4769 struct ieee80211_hw *hw;
4770
4771 KUNIT_STATIC_STUB_REDIRECT(ieee80211_connection_loss, vif);
4772
4773 sdata = vif_to_sdata(vif);
4774 hw = &sdata->local->hw;
4775
4776 trace_api_connection_loss(sdata);
4777
4778 sdata->u.mgd.connection_loss = true;
4779 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
4780 }
4781 EXPORT_SYMBOL(ieee80211_connection_loss);
4782
ieee80211_disconnect(struct ieee80211_vif * vif,bool reconnect)4783 void ieee80211_disconnect(struct ieee80211_vif *vif, bool reconnect)
4784 {
4785 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4786 struct ieee80211_hw *hw = &sdata->local->hw;
4787
4788 trace_api_disconnect(sdata, reconnect);
4789
4790 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
4791 return;
4792
4793 sdata->u.mgd.driver_disconnect = true;
4794 sdata->u.mgd.reconnect = reconnect;
4795 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work);
4796 }
4797 EXPORT_SYMBOL(ieee80211_disconnect);
4798
ieee80211_destroy_auth_data(struct ieee80211_sub_if_data * sdata,bool assoc)4799 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
4800 bool assoc)
4801 {
4802 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
4803
4804 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4805
4806 sdata->u.mgd.auth_data = NULL;
4807
4808 if (!assoc) {
4809 /*
4810 * we are not authenticated yet, the only timer that could be
4811 * running is the timeout for the authentication response which
4812 * which is not relevant anymore.
4813 */
4814 timer_delete_sync(&sdata->u.mgd.timer);
4815 sta_info_destroy_addr(sdata, auth_data->ap_addr);
4816
4817 /* other links are destroyed */
4818 eth_zero_addr(sdata->deflink.u.mgd.bssid);
4819 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
4820 BSS_CHANGED_BSSID);
4821 sdata->u.mgd.flags = 0;
4822
4823 ieee80211_link_release_channel(&sdata->deflink);
4824 ieee80211_vif_set_links(sdata, 0, 0);
4825 }
4826
4827 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
4828 kfree(auth_data);
4829 }
4830
4831 enum assoc_status {
4832 ASSOC_SUCCESS,
4833 ASSOC_REJECTED,
4834 ASSOC_TIMEOUT,
4835 ASSOC_ABANDON,
4836 };
4837
ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data * sdata,enum assoc_status status)4838 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
4839 enum assoc_status status)
4840 {
4841 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
4842
4843 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4844
4845 sdata->u.mgd.assoc_data = NULL;
4846
4847 if (status != ASSOC_SUCCESS) {
4848 /*
4849 * we are not associated yet, the only timer that could be
4850 * running is the timeout for the association response which
4851 * which is not relevant anymore.
4852 */
4853 timer_delete_sync(&sdata->u.mgd.timer);
4854 sta_info_destroy_addr(sdata, assoc_data->ap_addr);
4855
4856 eth_zero_addr(sdata->deflink.u.mgd.bssid);
4857 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
4858 BSS_CHANGED_BSSID);
4859 sdata->u.mgd.flags = 0;
4860 sdata->vif.bss_conf.mu_mimo_owner = false;
4861
4862 if (status != ASSOC_REJECTED) {
4863 struct cfg80211_assoc_failure data = {
4864 .timeout = status == ASSOC_TIMEOUT,
4865 };
4866 int i;
4867
4868 BUILD_BUG_ON(ARRAY_SIZE(data.bss) !=
4869 ARRAY_SIZE(assoc_data->link));
4870
4871 for (i = 0; i < ARRAY_SIZE(data.bss); i++)
4872 data.bss[i] = assoc_data->link[i].bss;
4873
4874 if (ieee80211_vif_is_mld(&sdata->vif))
4875 data.ap_mld_addr = assoc_data->ap_addr;
4876
4877 cfg80211_assoc_failure(sdata->dev, &data);
4878 }
4879
4880 ieee80211_link_release_channel(&sdata->deflink);
4881 ieee80211_vif_set_links(sdata, 0, 0);
4882 }
4883
4884 kfree(assoc_data);
4885 }
4886
ieee80211_auth_challenge(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)4887 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
4888 struct ieee80211_mgmt *mgmt, size_t len)
4889 {
4890 struct ieee80211_local *local = sdata->local;
4891 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
4892 const struct element *challenge;
4893 u8 *pos;
4894 u32 tx_flags = 0;
4895 struct ieee80211_prep_tx_info info = {
4896 .subtype = IEEE80211_STYPE_AUTH,
4897 .link_id = auth_data->link_id,
4898 };
4899
4900 pos = mgmt->u.auth.variable;
4901 challenge = cfg80211_find_elem(WLAN_EID_CHALLENGE, pos,
4902 len - (pos - (u8 *)mgmt));
4903 if (!challenge)
4904 return;
4905 auth_data->expected_transaction = 4;
4906 drv_mgd_prepare_tx(sdata->local, sdata, &info);
4907 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4908 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
4909 IEEE80211_TX_INTFL_MLME_CONN_TX;
4910 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
4911 (void *)challenge,
4912 challenge->datalen + sizeof(*challenge),
4913 auth_data->ap_addr, auth_data->ap_addr,
4914 auth_data->key, auth_data->key_len,
4915 auth_data->key_idx, tx_flags);
4916 }
4917
ieee80211_mark_sta_auth(struct ieee80211_sub_if_data * sdata)4918 static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata)
4919 {
4920 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4921 const u8 *ap_addr = ifmgd->auth_data->ap_addr;
4922 struct sta_info *sta;
4923
4924 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4925
4926 sdata_info(sdata, "authenticated\n");
4927 ifmgd->auth_data->done = true;
4928 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
4929 ifmgd->auth_data->timeout_started = true;
4930 run_again(sdata, ifmgd->auth_data->timeout);
4931
4932 /* move station state to auth */
4933 sta = sta_info_get(sdata, ap_addr);
4934 if (!sta) {
4935 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, ap_addr);
4936 return false;
4937 }
4938 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
4939 sdata_info(sdata, "failed moving %pM to auth\n", ap_addr);
4940 return false;
4941 }
4942
4943 return true;
4944 }
4945
ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)4946 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
4947 struct ieee80211_mgmt *mgmt, size_t len)
4948 {
4949 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4950 u16 auth_alg, auth_transaction, status_code, encap_len;
4951 struct ieee80211_event event = {
4952 .type = MLME_EVENT,
4953 .u.mlme.data = AUTH_EVENT,
4954 };
4955 struct ieee80211_prep_tx_info info = {
4956 .subtype = IEEE80211_STYPE_AUTH,
4957 };
4958 bool sae_need_confirm = false;
4959 bool auth_fail = false;
4960
4961 lockdep_assert_wiphy(sdata->local->hw.wiphy);
4962
4963 if (len < 24 + 6)
4964 return;
4965
4966 if (!ifmgd->auth_data || ifmgd->auth_data->done)
4967 return;
4968
4969 if (!ether_addr_equal(ifmgd->auth_data->ap_addr, mgmt->bssid))
4970 return;
4971
4972 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
4973 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
4974 status_code = le16_to_cpu(mgmt->u.auth.status_code);
4975
4976 /*
4977 * IEEE 802.1X Authentication:
4978 * Header + Authentication Algorithm Number(2 byte) + Authentication
4979 * Transaction Sequence Number(2 byte) + Status Code(2 byte) +
4980 * Encapsulation Length(2 byte).
4981 */
4982 if (auth_alg == WLAN_AUTH_IEEE8021X && len < 24 + 8)
4983 return;
4984
4985 info.link_id = ifmgd->auth_data->link_id;
4986
4987 if (auth_alg != ifmgd->auth_data->algorithm ||
4988 (auth_alg != WLAN_AUTH_SAE &&
4989 auth_transaction != ifmgd->auth_data->expected_transaction) ||
4990 (auth_alg == WLAN_AUTH_SAE &&
4991 (auth_transaction < ifmgd->auth_data->expected_transaction ||
4992 auth_transaction > 2))) {
4993 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
4994 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
4995 auth_transaction,
4996 ifmgd->auth_data->expected_transaction);
4997 goto notify_driver;
4998 }
4999
5000 switch (auth_alg) {
5001 case WLAN_AUTH_IEEE8021X:
5002 if (status_code != WLAN_STATUS_SUCCESS &&
5003 status_code != WLAN_STATUS_8021X_AUTH_SUCCESS)
5004 auth_fail = true;
5005
5006 if (!auth_fail) {
5007 /* Indicates length of encapsulated EAPOL PDU */
5008 encap_len = get_unaligned_le16(mgmt->u.auth.variable);
5009 }
5010 break;
5011 default:
5012 if (status_code != WLAN_STATUS_SUCCESS)
5013 auth_fail = true;
5014 break;
5015 }
5016
5017 if (auth_fail) {
5018 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
5019
5020 if (auth_alg == WLAN_AUTH_SAE &&
5021 (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED ||
5022 (auth_transaction == 1 &&
5023 (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
5024 status_code == WLAN_STATUS_SAE_PK)))) {
5025 /* waiting for userspace now */
5026 ifmgd->auth_data->waiting = true;
5027 ifmgd->auth_data->timeout =
5028 jiffies + IEEE80211_AUTH_WAIT_SAE_RETRY;
5029 ifmgd->auth_data->timeout_started = true;
5030 run_again(sdata, ifmgd->auth_data->timeout);
5031 if (auth_transaction == 1)
5032 sae_need_confirm = true;
5033 goto notify_driver;
5034 }
5035
5036 sdata_info(sdata, "%pM denied authentication (status %d)\n",
5037 mgmt->sa, status_code);
5038 ieee80211_destroy_auth_data(sdata, false);
5039 event.u.mlme.status = MLME_DENIED;
5040 event.u.mlme.reason = status_code;
5041 drv_event_callback(sdata->local, sdata, &event);
5042 goto notify_driver;
5043 }
5044
5045 switch (ifmgd->auth_data->algorithm) {
5046 case WLAN_AUTH_OPEN:
5047 case WLAN_AUTH_LEAP:
5048 case WLAN_AUTH_FT:
5049 case WLAN_AUTH_SAE:
5050 case WLAN_AUTH_FILS_SK:
5051 case WLAN_AUTH_FILS_SK_PFS:
5052 case WLAN_AUTH_FILS_PK:
5053 case WLAN_AUTH_EPPKE:
5054 case WLAN_AUTH_IEEE8021X:
5055 break;
5056 case WLAN_AUTH_SHARED_KEY:
5057 if (ifmgd->auth_data->expected_transaction != 4) {
5058 ieee80211_auth_challenge(sdata, mgmt, len);
5059 /* need another frame */
5060 return;
5061 }
5062 break;
5063 default:
5064 WARN_ONCE(1, "invalid auth alg %d",
5065 ifmgd->auth_data->algorithm);
5066 goto notify_driver;
5067 }
5068
5069 event.u.mlme.status = MLME_SUCCESS;
5070 info.success = 1;
5071 drv_event_callback(sdata->local, sdata, &event);
5072 if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE ||
5073 (auth_transaction == 2 &&
5074 ifmgd->auth_data->expected_transaction == 2)) {
5075 switch (ifmgd->auth_data->algorithm) {
5076 case WLAN_AUTH_IEEE8021X:
5077 /*
5078 * IEEE 802.1X authentication:
5079 * - When the full EAP handshake completes over the
5080 * Authentication process, the responder sets the
5081 * Status Code to WLAN_STATUS_8021X_AUTH_SUCCESS as
5082 * specified in "IEEE P802.11bi/D4.0, 12.16.5".
5083 *
5084 * - In the PMKSA caching case, only two Authentication
5085 * frames are exchanged if the responder (e.g., AP)
5086 * identifies a valid PMKSA, then as specified in
5087 * "IEEE P802.11bi/D4.0, 12.16.8.3", the responder
5088 * shall set the Status Code to SUCCESS in the final
5089 * Authentication frame and must not include an
5090 * encapsulated EAPOL PDU.
5091 *
5092 * Both conditions are treated as successful
5093 * authentication, so mark the state to Authenticated.
5094 */
5095 if (status_code != WLAN_STATUS_8021X_AUTH_SUCCESS &&
5096 !(status_code == WLAN_STATUS_SUCCESS &&
5097 encap_len == 0))
5098 break;
5099 fallthrough;
5100 default:
5101 if (!ieee80211_mark_sta_auth(sdata))
5102 return; /* ignore frame -- wait for timeout */
5103
5104 break;
5105 }
5106 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
5107 auth_transaction == 1) {
5108 sae_need_confirm = true;
5109 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
5110 auth_transaction == 2) {
5111 sdata_info(sdata, "SAE peer confirmed\n");
5112 ifmgd->auth_data->peer_confirmed = true;
5113 }
5114
5115 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
5116 notify_driver:
5117 if (!sae_need_confirm)
5118 drv_mgd_complete_tx(sdata->local, sdata, &info);
5119 }
5120
5121 #define case_WLAN(type) \
5122 case WLAN_REASON_##type: return #type
5123
ieee80211_get_reason_code_string(u16 reason_code)5124 const char *ieee80211_get_reason_code_string(u16 reason_code)
5125 {
5126 switch (reason_code) {
5127 case_WLAN(UNSPECIFIED);
5128 case_WLAN(PREV_AUTH_NOT_VALID);
5129 case_WLAN(DEAUTH_LEAVING);
5130 case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
5131 case_WLAN(DISASSOC_AP_BUSY);
5132 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
5133 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
5134 case_WLAN(DISASSOC_STA_HAS_LEFT);
5135 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
5136 case_WLAN(DISASSOC_BAD_POWER);
5137 case_WLAN(DISASSOC_BAD_SUPP_CHAN);
5138 case_WLAN(INVALID_IE);
5139 case_WLAN(MIC_FAILURE);
5140 case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
5141 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
5142 case_WLAN(IE_DIFFERENT);
5143 case_WLAN(INVALID_GROUP_CIPHER);
5144 case_WLAN(INVALID_PAIRWISE_CIPHER);
5145 case_WLAN(INVALID_AKMP);
5146 case_WLAN(UNSUPP_RSN_VERSION);
5147 case_WLAN(INVALID_RSN_IE_CAP);
5148 case_WLAN(IEEE8021X_FAILED);
5149 case_WLAN(CIPHER_SUITE_REJECTED);
5150 case_WLAN(DISASSOC_UNSPECIFIED_QOS);
5151 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
5152 case_WLAN(DISASSOC_LOW_ACK);
5153 case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
5154 case_WLAN(QSTA_LEAVE_QBSS);
5155 case_WLAN(QSTA_NOT_USE);
5156 case_WLAN(QSTA_REQUIRE_SETUP);
5157 case_WLAN(QSTA_TIMEOUT);
5158 case_WLAN(QSTA_CIPHER_NOT_SUPP);
5159 case_WLAN(MESH_PEER_CANCELED);
5160 case_WLAN(MESH_MAX_PEERS);
5161 case_WLAN(MESH_CONFIG);
5162 case_WLAN(MESH_CLOSE);
5163 case_WLAN(MESH_MAX_RETRIES);
5164 case_WLAN(MESH_CONFIRM_TIMEOUT);
5165 case_WLAN(MESH_INVALID_GTK);
5166 case_WLAN(MESH_INCONSISTENT_PARAM);
5167 case_WLAN(MESH_INVALID_SECURITY);
5168 case_WLAN(MESH_PATH_ERROR);
5169 case_WLAN(MESH_PATH_NOFORWARD);
5170 case_WLAN(MESH_PATH_DEST_UNREACHABLE);
5171 case_WLAN(MAC_EXISTS_IN_MBSS);
5172 case_WLAN(MESH_CHAN_REGULATORY);
5173 case_WLAN(MESH_CHAN);
5174 default: return "<unknown>";
5175 }
5176 }
5177
ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)5178 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
5179 struct ieee80211_mgmt *mgmt, size_t len)
5180 {
5181 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5182 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
5183
5184 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5185
5186 if (len < 24 + 2)
5187 return;
5188
5189 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
5190 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
5191 return;
5192 }
5193
5194 if (ifmgd->associated &&
5195 ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)) {
5196 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
5197 sdata->vif.cfg.ap_addr, reason_code,
5198 ieee80211_get_reason_code_string(reason_code));
5199
5200 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
5201
5202 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
5203 reason_code, false);
5204 return;
5205 }
5206
5207 if (ifmgd->assoc_data &&
5208 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->ap_addr)) {
5209 sdata_info(sdata,
5210 "deauthenticated from %pM while associating (Reason: %u=%s)\n",
5211 ifmgd->assoc_data->ap_addr, reason_code,
5212 ieee80211_get_reason_code_string(reason_code));
5213
5214 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
5215
5216 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
5217 return;
5218 }
5219 }
5220
5221
ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)5222 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
5223 struct ieee80211_mgmt *mgmt, size_t len)
5224 {
5225 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5226 u16 reason_code;
5227
5228 lockdep_assert_wiphy(sdata->local->hw.wiphy);
5229
5230 if (len < 24 + 2)
5231 return;
5232
5233 if (!ifmgd->associated ||
5234 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr))
5235 return;
5236
5237 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
5238
5239 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
5240 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
5241 return;
5242 }
5243
5244 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
5245 sdata->vif.cfg.ap_addr, reason_code,
5246 ieee80211_get_reason_code_string(reason_code));
5247
5248 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
5249
5250 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code,
5251 false);
5252 }
5253
ieee80211_twt_req_supported(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,const struct link_sta_info * link_sta,const struct ieee802_11_elems * elems)5254 static bool ieee80211_twt_req_supported(struct ieee80211_sub_if_data *sdata,
5255 struct ieee80211_supported_band *sband,
5256 const struct link_sta_info *link_sta,
5257 const struct ieee802_11_elems *elems)
5258 {
5259 const struct ieee80211_sta_he_cap *own_he_cap =
5260 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
5261
5262 if (elems->ext_capab_len < 10)
5263 return false;
5264
5265 if (!(elems->ext_capab[9] & WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT))
5266 return false;
5267
5268 return link_sta->pub->he_cap.he_cap_elem.mac_cap_info[0] &
5269 IEEE80211_HE_MAC_CAP0_TWT_RES &&
5270 own_he_cap &&
5271 (own_he_cap->he_cap_elem.mac_cap_info[0] &
5272 IEEE80211_HE_MAC_CAP0_TWT_REQ);
5273 }
5274
ieee80211_recalc_twt_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct ieee80211_link_data * link,struct link_sta_info * link_sta,struct ieee802_11_elems * elems)5275 static u64 ieee80211_recalc_twt_req(struct ieee80211_sub_if_data *sdata,
5276 struct ieee80211_supported_band *sband,
5277 struct ieee80211_link_data *link,
5278 struct link_sta_info *link_sta,
5279 struct ieee802_11_elems *elems)
5280 {
5281 bool twt = ieee80211_twt_req_supported(sdata, sband, link_sta, elems);
5282
5283 if (link->conf->twt_requester != twt) {
5284 link->conf->twt_requester = twt;
5285 return BSS_CHANGED_TWT;
5286 }
5287 return 0;
5288 }
5289
ieee80211_twt_bcast_support(struct ieee80211_sub_if_data * sdata,struct ieee80211_bss_conf * bss_conf,struct ieee80211_supported_band * sband,struct link_sta_info * link_sta)5290 static bool ieee80211_twt_bcast_support(struct ieee80211_sub_if_data *sdata,
5291 struct ieee80211_bss_conf *bss_conf,
5292 struct ieee80211_supported_band *sband,
5293 struct link_sta_info *link_sta)
5294 {
5295 const struct ieee80211_sta_he_cap *own_he_cap =
5296 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
5297
5298 return bss_conf->he_support &&
5299 (link_sta->pub->he_cap.he_cap_elem.mac_cap_info[2] &
5300 IEEE80211_HE_MAC_CAP2_BCAST_TWT) &&
5301 own_he_cap &&
5302 (own_he_cap->he_cap_elem.mac_cap_info[2] &
5303 IEEE80211_HE_MAC_CAP2_BCAST_TWT);
5304 }
5305
ieee80211_epcs_changed(struct ieee80211_sub_if_data * sdata,bool enabled)5306 static void ieee80211_epcs_changed(struct ieee80211_sub_if_data *sdata,
5307 bool enabled)
5308 {
5309 /* in any case this is called, dialog token should be reset */
5310 sdata->u.mgd.epcs.dialog_token = 0;
5311
5312 if (sdata->u.mgd.epcs.enabled == enabled)
5313 return;
5314
5315 sdata->u.mgd.epcs.enabled = enabled;
5316 cfg80211_epcs_changed(sdata->dev, enabled);
5317 }
5318
ieee80211_epcs_teardown(struct ieee80211_sub_if_data * sdata)5319 static void ieee80211_epcs_teardown(struct ieee80211_sub_if_data *sdata)
5320 {
5321 struct ieee80211_local *local = sdata->local;
5322 u8 link_id;
5323
5324 if (!sdata->u.mgd.epcs.enabled)
5325 return;
5326
5327 lockdep_assert_wiphy(local->hw.wiphy);
5328
5329 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
5330 struct ieee802_11_elems *elems;
5331 struct ieee80211_link_data *link;
5332 const struct cfg80211_bss_ies *ies;
5333 bool ret;
5334
5335 rcu_read_lock();
5336
5337 link = sdata_dereference(sdata->link[link_id], sdata);
5338 if (!link || !link->conf || !link->conf->bss) {
5339 rcu_read_unlock();
5340 continue;
5341 }
5342
5343 if (link->u.mgd.disable_wmm_tracking) {
5344 rcu_read_unlock();
5345 ieee80211_set_wmm_default(link, false, false);
5346 continue;
5347 }
5348
5349 ies = rcu_dereference(link->conf->bss->beacon_ies);
5350 if (!ies) {
5351 rcu_read_unlock();
5352 ieee80211_set_wmm_default(link, false, false);
5353 continue;
5354 }
5355
5356 elems = ieee802_11_parse_elems(ies->data, ies->len,
5357 IEEE80211_FTYPE_MGMT |
5358 IEEE80211_STYPE_BEACON,
5359 NULL);
5360 if (!elems) {
5361 rcu_read_unlock();
5362 ieee80211_set_wmm_default(link, false, false);
5363 continue;
5364 }
5365
5366 ret = _ieee80211_sta_wmm_params(local, link,
5367 elems->wmm_param,
5368 elems->wmm_param_len,
5369 elems->mu_edca_param_set);
5370
5371 kfree(elems);
5372 rcu_read_unlock();
5373
5374 if (!ret) {
5375 ieee80211_set_wmm_default(link, false, false);
5376 continue;
5377 }
5378
5379 ieee80211_mgd_set_link_qos_params(link);
5380 ieee80211_link_info_change_notify(sdata, link, BSS_CHANGED_QOS);
5381 }
5382 }
5383
ieee80211_assoc_config_link(struct ieee80211_link_data * link,struct link_sta_info * link_sta,struct cfg80211_bss * cbss,struct ieee80211_mgmt * mgmt,const u8 * elem_start,unsigned int elem_len,u64 * changed)5384 static bool ieee80211_assoc_config_link(struct ieee80211_link_data *link,
5385 struct link_sta_info *link_sta,
5386 struct cfg80211_bss *cbss,
5387 struct ieee80211_mgmt *mgmt,
5388 const u8 *elem_start,
5389 unsigned int elem_len,
5390 u64 *changed)
5391 {
5392 struct ieee80211_sub_if_data *sdata = link->sdata;
5393 struct ieee80211_mgd_assoc_data *assoc_data =
5394 sdata->u.mgd.assoc_data ?: sdata->u.mgd.reconf.add_links_data;
5395 struct ieee80211_bss_conf *bss_conf = link->conf;
5396 struct ieee80211_local *local = sdata->local;
5397 unsigned int link_id = link->link_id;
5398 struct ieee80211_elems_parse_params parse_params = {
5399 .mode = link->u.mgd.conn.mode,
5400 .start = elem_start,
5401 .len = elem_len,
5402 .link_id = link_id == assoc_data->assoc_link_id ? -1 : link_id,
5403 .from_ap = true,
5404 .type = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_TYPE,
5405 };
5406 bool is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ;
5407 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
5408 bool is_s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
5409 const struct cfg80211_bss_ies *bss_ies = NULL;
5410 struct ieee80211_supported_band *sband;
5411 struct ieee802_11_elems *elems;
5412 const __le16 prof_bss_param_ch_present =
5413 cpu_to_le16(IEEE80211_MLE_STA_CONTROL_BSS_PARAM_CHANGE_CNT_PRESENT);
5414 u16 capab_info;
5415 bool ret;
5416
5417 elems = ieee802_11_parse_elems_full(&parse_params);
5418 if (!elems)
5419 return false;
5420
5421 if (link_id == assoc_data->assoc_link_id) {
5422 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
5423
5424 /*
5425 * we should not get to this flow unless the association was
5426 * successful, so set the status directly to success
5427 */
5428 assoc_data->link[link_id].status = WLAN_STATUS_SUCCESS;
5429 if (elems->ml_basic) {
5430 int bss_param_ch_cnt =
5431 ieee80211_mle_get_bss_param_ch_cnt((const void *)elems->ml_basic);
5432
5433 if (bss_param_ch_cnt < 0) {
5434 ret = false;
5435 goto out;
5436 }
5437 bss_conf->bss_param_ch_cnt = bss_param_ch_cnt;
5438 bss_conf->bss_param_ch_cnt_link_id = link_id;
5439 }
5440 } else if (elems->parse_error & IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC ||
5441 !elems->prof ||
5442 !(elems->prof->control & prof_bss_param_ch_present)) {
5443 ret = false;
5444 goto out;
5445 } else {
5446 const u8 *ptr = elems->prof->variable +
5447 elems->prof->sta_info_len - 1;
5448 int bss_param_ch_cnt;
5449
5450 /*
5451 * During parsing, we validated that these fields exist,
5452 * otherwise elems->prof would have been set to NULL.
5453 */
5454 capab_info = get_unaligned_le16(ptr);
5455 assoc_data->link[link_id].status = get_unaligned_le16(ptr + 2);
5456 bss_param_ch_cnt =
5457 ieee80211_mle_basic_sta_prof_bss_param_ch_cnt(elems->prof);
5458 bss_conf->bss_param_ch_cnt = bss_param_ch_cnt;
5459 bss_conf->bss_param_ch_cnt_link_id = link_id;
5460
5461 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) {
5462 link_info(link, "association response status code=%u\n",
5463 assoc_data->link[link_id].status);
5464 ret = true;
5465 goto out;
5466 }
5467 }
5468
5469 if (!is_s1g && !elems->supp_rates) {
5470 sdata_info(sdata, "no SuppRates element in AssocResp\n");
5471 ret = false;
5472 goto out;
5473 }
5474
5475 link->u.mgd.tdls_chan_switch_prohibited =
5476 elems->ext_capab && elems->ext_capab_len >= 5 &&
5477 (elems->ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED);
5478
5479 /*
5480 * Some APs are erroneously not including some information in their
5481 * (re)association response frames. Try to recover by using the data
5482 * from the beacon or probe response. This seems to afflict mobile
5483 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
5484 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
5485 */
5486 if (!ieee80211_hw_check(&local->hw, STRICT) && !is_6ghz &&
5487 ((assoc_data->wmm && !elems->wmm_param) ||
5488 (link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT &&
5489 (!elems->ht_cap_elem || !elems->ht_operation)) ||
5490 (is_5ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT &&
5491 (!elems->vht_cap_elem || !elems->vht_operation)))) {
5492 const struct cfg80211_bss_ies *ies;
5493 struct ieee802_11_elems *bss_elems;
5494
5495 rcu_read_lock();
5496 ies = rcu_dereference(cbss->ies);
5497 if (ies)
5498 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
5499 GFP_ATOMIC);
5500 rcu_read_unlock();
5501 if (!bss_ies) {
5502 ret = false;
5503 goto out;
5504 }
5505
5506 parse_params.start = bss_ies->data;
5507 parse_params.len = bss_ies->len;
5508 parse_params.bss = cbss;
5509 parse_params.link_id = -1;
5510 bss_elems = ieee802_11_parse_elems_full(&parse_params);
5511 if (!bss_elems) {
5512 ret = false;
5513 goto out;
5514 }
5515
5516 if (assoc_data->wmm &&
5517 !elems->wmm_param && bss_elems->wmm_param) {
5518 elems->wmm_param = bss_elems->wmm_param;
5519 sdata_info(sdata,
5520 "AP bug: WMM param missing from AssocResp\n");
5521 }
5522
5523 /*
5524 * Also check if we requested HT/VHT, otherwise the AP doesn't
5525 * have to include the IEs in the (re)association response.
5526 */
5527 if (!elems->ht_cap_elem && bss_elems->ht_cap_elem &&
5528 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) {
5529 elems->ht_cap_elem = bss_elems->ht_cap_elem;
5530 sdata_info(sdata,
5531 "AP bug: HT capability missing from AssocResp\n");
5532 }
5533 if (!elems->ht_operation && bss_elems->ht_operation &&
5534 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) {
5535 elems->ht_operation = bss_elems->ht_operation;
5536 sdata_info(sdata,
5537 "AP bug: HT operation missing from AssocResp\n");
5538 }
5539
5540 if (is_5ghz) {
5541 if (!elems->vht_cap_elem && bss_elems->vht_cap_elem &&
5542 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
5543 elems->vht_cap_elem = bss_elems->vht_cap_elem;
5544 sdata_info(sdata,
5545 "AP bug: VHT capa missing from AssocResp\n");
5546 }
5547
5548 if (!elems->vht_operation && bss_elems->vht_operation &&
5549 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
5550 elems->vht_operation = bss_elems->vht_operation;
5551 sdata_info(sdata,
5552 "AP bug: VHT operation missing from AssocResp\n");
5553 }
5554 }
5555 kfree(bss_elems);
5556 }
5557
5558 /*
5559 * We previously checked these in the beacon/probe response, so
5560 * they should be present here. This is just a safety net.
5561 * Note that the ieee80211_config_bw() below would also check
5562 * for this (and more), but this has better error reporting.
5563 */
5564 if (!is_6ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT &&
5565 (!elems->wmm_param || !elems->ht_cap_elem || !elems->ht_operation)) {
5566 sdata_info(sdata,
5567 "HT AP is missing WMM params or HT capability/operation\n");
5568 ret = false;
5569 goto out;
5570 }
5571
5572 if (is_5ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT &&
5573 (!elems->vht_cap_elem || !elems->vht_operation)) {
5574 sdata_info(sdata,
5575 "VHT AP is missing VHT capability/operation\n");
5576 ret = false;
5577 goto out;
5578 }
5579
5580 /* check/update if AP changed anything in assoc response vs. scan */
5581 if (ieee80211_config_bw(link, elems,
5582 link_id == assoc_data->assoc_link_id,
5583 changed,
5584 le16_to_cpu(mgmt->frame_control) &
5585 IEEE80211_FCTL_STYPE)) {
5586 ret = false;
5587 goto out;
5588 }
5589
5590 if (WARN_ON(!link->conf->chanreq.oper.chan)) {
5591 ret = false;
5592 goto out;
5593 }
5594 sband = local->hw.wiphy->bands[link->conf->chanreq.oper.chan->band];
5595
5596 /* Set up internal HT/VHT capabilities */
5597 if (elems->ht_cap_elem && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT)
5598 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, &sband->ht_cap,
5599 elems->ht_cap_elem,
5600 link_sta);
5601
5602 if (elems->vht_cap_elem &&
5603 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) {
5604 const struct ieee80211_vht_cap *bss_vht_cap = NULL;
5605 const struct cfg80211_bss_ies *ies;
5606
5607 /*
5608 * Cisco AP module 9115 with FW 17.3 has a bug and sends a
5609 * too large maximum MPDU length in the association response
5610 * (indicating 12k) that it cannot actually process ...
5611 * Work around that.
5612 */
5613 rcu_read_lock();
5614 ies = rcu_dereference(cbss->ies);
5615 if (ies) {
5616 const struct element *elem;
5617
5618 elem = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY,
5619 ies->data, ies->len);
5620 if (elem && elem->datalen >= sizeof(*bss_vht_cap))
5621 bss_vht_cap = (const void *)elem->data;
5622 }
5623
5624 if (ieee80211_hw_check(&local->hw, STRICT) &&
5625 (!bss_vht_cap || memcmp(bss_vht_cap, elems->vht_cap_elem,
5626 sizeof(*bss_vht_cap)))) {
5627 rcu_read_unlock();
5628 ret = false;
5629 link_info(link, "VHT capabilities mismatch\n");
5630 goto out;
5631 }
5632
5633 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
5634 &sband->vht_cap,
5635 elems->vht_cap_elem,
5636 bss_vht_cap, link_sta);
5637 rcu_read_unlock();
5638 }
5639
5640 if (elems->he_operation &&
5641 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE &&
5642 elems->he_cap) {
5643 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband,
5644 elems->he_cap,
5645 elems->he_cap_len,
5646 elems->he_6ghz_capa,
5647 link_sta);
5648
5649 bss_conf->he_support = link_sta->pub->he_cap.has_he;
5650 if (elems->rsnx && elems->rsnx_len &&
5651 (elems->rsnx[0] & WLAN_RSNX_CAPA_PROTECTED_TWT) &&
5652 wiphy_ext_feature_isset(local->hw.wiphy,
5653 NL80211_EXT_FEATURE_PROTECTED_TWT))
5654 bss_conf->twt_protected = true;
5655 else
5656 bss_conf->twt_protected = false;
5657
5658 *changed |= ieee80211_recalc_twt_req(sdata, sband, link,
5659 link_sta, elems);
5660
5661 if (elems->eht_operation && elems->eht_cap &&
5662 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_EHT) {
5663 ieee80211_eht_cap_ie_to_sta_eht_cap(sdata, sband,
5664 elems->he_cap,
5665 elems->he_cap_len,
5666 elems->eht_cap,
5667 elems->eht_cap_len,
5668 link_sta);
5669
5670 bss_conf->eht_support = link_sta->pub->eht_cap.has_eht;
5671 bss_conf->epcs_support = bss_conf->eht_support &&
5672 !!(elems->eht_cap->fixed.mac_cap_info[0] &
5673 IEEE80211_EHT_MAC_CAP0_EPCS_PRIO_ACCESS);
5674
5675 /* EPCS might be already enabled but a new added link
5676 * does not support EPCS. This should not really happen
5677 * in practice.
5678 */
5679 if (sdata->u.mgd.epcs.enabled &&
5680 !bss_conf->epcs_support)
5681 ieee80211_epcs_teardown(sdata);
5682 } else {
5683 bss_conf->eht_support = false;
5684 bss_conf->epcs_support = false;
5685 }
5686 } else {
5687 bss_conf->he_support = false;
5688 bss_conf->twt_requester = false;
5689 bss_conf->twt_protected = false;
5690 bss_conf->eht_support = false;
5691 bss_conf->epcs_support = false;
5692 }
5693
5694 if (elems->uhr_operation && elems->uhr_cap &&
5695 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_UHR) {
5696 ieee80211_uhr_cap_ie_to_sta_uhr_cap(sdata, sband,
5697 elems->uhr_cap,
5698 elems->uhr_cap_len,
5699 link_sta);
5700
5701 bss_conf->uhr_support = link_sta->pub->uhr_cap.has_uhr;
5702 } else {
5703 bss_conf->uhr_support = false;
5704 }
5705
5706 if (elems->s1g_oper &&
5707 link->u.mgd.conn.mode == IEEE80211_CONN_MODE_S1G &&
5708 elems->s1g_capab)
5709 ieee80211_s1g_cap_to_sta_s1g_cap(sdata, elems->s1g_capab,
5710 link_sta);
5711
5712 bss_conf->twt_broadcast =
5713 ieee80211_twt_bcast_support(sdata, bss_conf, sband, link_sta);
5714
5715 if (bss_conf->he_support) {
5716 bss_conf->he_bss_color.color =
5717 le32_get_bits(elems->he_operation->he_oper_params,
5718 IEEE80211_HE_OPERATION_BSS_COLOR_MASK);
5719 bss_conf->he_bss_color.partial =
5720 le32_get_bits(elems->he_operation->he_oper_params,
5721 IEEE80211_HE_OPERATION_PARTIAL_BSS_COLOR);
5722 bss_conf->he_bss_color.enabled =
5723 !le32_get_bits(elems->he_operation->he_oper_params,
5724 IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED);
5725
5726 if (bss_conf->he_bss_color.enabled)
5727 *changed |= BSS_CHANGED_HE_BSS_COLOR;
5728
5729 bss_conf->htc_trig_based_pkt_ext =
5730 le32_get_bits(elems->he_operation->he_oper_params,
5731 IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK);
5732 bss_conf->frame_time_rts_th =
5733 le32_get_bits(elems->he_operation->he_oper_params,
5734 IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
5735
5736 bss_conf->uora_exists = !!elems->uora_element;
5737 if (elems->uora_element)
5738 bss_conf->uora_ocw_range = elems->uora_element[0];
5739
5740 ieee80211_he_op_ie_to_bss_conf(&sdata->vif, elems->he_operation);
5741 ieee80211_he_spr_ie_to_bss_conf(&sdata->vif, elems->he_spr);
5742 /* TODO: OPEN: what happens if BSS color disable is set? */
5743 }
5744
5745 if (cbss->transmitted_bss) {
5746 bss_conf->nontransmitted = true;
5747 ether_addr_copy(bss_conf->transmitter_bssid,
5748 cbss->transmitted_bss->bssid);
5749 bss_conf->bssid_indicator = cbss->max_bssid_indicator;
5750 bss_conf->bssid_index = cbss->bssid_index;
5751 }
5752
5753 /*
5754 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
5755 * in their association response, so ignore that data for our own
5756 * configuration. If it changed since the last beacon, we'll get the
5757 * next beacon and update then.
5758 */
5759
5760 /*
5761 * If an operating mode notification IE is present, override the
5762 * NSS calculation (that would be done in rate_control_rate_init())
5763 * and use the # of streams from that element.
5764 */
5765 if (elems->opmode_notif &&
5766 !(*elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
5767 u8 nss;
5768
5769 nss = *elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
5770 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
5771 nss += 1;
5772 link_sta->pub->rx_nss = nss;
5773 }
5774
5775 /*
5776 * Always handle WMM once after association regardless
5777 * of the first value the AP uses. Setting -1 here has
5778 * that effect because the AP values is an unsigned
5779 * 4-bit value.
5780 */
5781 link->u.mgd.wmm_last_param_set = -1;
5782 link->u.mgd.mu_edca_last_param_set = -1;
5783
5784 if (link->u.mgd.disable_wmm_tracking) {
5785 ieee80211_set_wmm_default(link, false, false);
5786 } else if (!ieee80211_sta_wmm_params(local, link, elems->wmm_param,
5787 elems->wmm_param_len,
5788 elems->mu_edca_param_set)) {
5789 /* still enable QoS since we might have HT/VHT */
5790 ieee80211_set_wmm_default(link, false, true);
5791 /* disable WMM tracking in this case to disable
5792 * tracking WMM parameter changes in the beacon if
5793 * the parameters weren't actually valid. Doing so
5794 * avoids changing parameters very strangely when
5795 * the AP is going back and forth between valid and
5796 * invalid parameters.
5797 */
5798 link->u.mgd.disable_wmm_tracking = true;
5799 }
5800
5801 if (elems->max_idle_period_ie) {
5802 bss_conf->max_idle_period =
5803 le16_to_cpu(elems->max_idle_period_ie->max_idle_period);
5804 bss_conf->protected_keep_alive =
5805 !!(elems->max_idle_period_ie->idle_options &
5806 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE);
5807 *changed |= BSS_CHANGED_KEEP_ALIVE;
5808 } else {
5809 bss_conf->max_idle_period = 0;
5810 bss_conf->protected_keep_alive = false;
5811 }
5812
5813 /* set assoc capability (AID was already set earlier),
5814 * ieee80211_set_associated() will tell the driver */
5815 bss_conf->assoc_capability = capab_info;
5816
5817 ret = true;
5818 out:
5819 kfree(elems);
5820 kfree(bss_ies);
5821 return ret;
5822 }
5823
ieee80211_mgd_setup_link_sta(struct ieee80211_link_data * link,struct sta_info * sta,struct link_sta_info * link_sta,struct cfg80211_bss * cbss)5824 static int ieee80211_mgd_setup_link_sta(struct ieee80211_link_data *link,
5825 struct sta_info *sta,
5826 struct link_sta_info *link_sta,
5827 struct cfg80211_bss *cbss)
5828 {
5829 struct ieee80211_sub_if_data *sdata = link->sdata;
5830 struct ieee80211_local *local = sdata->local;
5831 struct ieee80211_bss *bss = (void *)cbss->priv;
5832 u32 rates = 0, basic_rates = 0;
5833 bool have_higher_than_11mbit = false;
5834 int min_rate = INT_MAX, min_rate_index = -1;
5835 struct ieee80211_supported_band *sband;
5836
5837 memcpy(link_sta->addr, cbss->bssid, ETH_ALEN);
5838 memcpy(link_sta->pub->addr, cbss->bssid, ETH_ALEN);
5839
5840 /* TODO: S1G Basic Rate Set is expressed elsewhere */
5841 if (cbss->channel->band == NL80211_BAND_S1GHZ) {
5842 ieee80211_s1g_sta_rate_init(sta);
5843 return 0;
5844 }
5845
5846 sband = local->hw.wiphy->bands[cbss->channel->band];
5847
5848 ieee80211_get_rates(sband, bss->supp_rates, bss->supp_rates_len,
5849 NULL, 0,
5850 &rates, &basic_rates, NULL,
5851 &have_higher_than_11mbit,
5852 &min_rate, &min_rate_index);
5853
5854 /*
5855 * This used to be a workaround for basic rates missing
5856 * in the association response frame. Now that we no
5857 * longer use the basic rates from there, it probably
5858 * doesn't happen any more, but keep the workaround so
5859 * in case some *other* APs are buggy in different ways
5860 * we can connect -- with a warning.
5861 * Allow this workaround only in case the AP provided at least
5862 * one rate.
5863 */
5864 if (min_rate_index < 0) {
5865 link_info(link, "No legacy rates in association response\n");
5866 return -EINVAL;
5867 } else if (!basic_rates) {
5868 link_info(link, "No basic rates, using min rate instead\n");
5869 basic_rates = BIT(min_rate_index);
5870 }
5871
5872 if (rates)
5873 link_sta->pub->supp_rates[cbss->channel->band] = rates;
5874 else
5875 link_info(link, "No rates found, keeping mandatory only\n");
5876
5877 link->conf->basic_rates = basic_rates;
5878
5879 /* cf. IEEE 802.11 9.2.12 */
5880 link->operating_11g_mode = sband->band == NL80211_BAND_2GHZ &&
5881 have_higher_than_11mbit;
5882
5883 return 0;
5884 }
5885
ieee80211_max_rx_chains(struct ieee80211_link_data * link,struct cfg80211_bss * cbss)5886 static u8 ieee80211_max_rx_chains(struct ieee80211_link_data *link,
5887 struct cfg80211_bss *cbss)
5888 {
5889 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp;
5890 const struct element *ht_cap_elem, *vht_cap_elem;
5891 const struct cfg80211_bss_ies *ies;
5892 const struct ieee80211_ht_cap *ht_cap;
5893 const struct ieee80211_vht_cap *vht_cap;
5894 const struct ieee80211_he_cap_elem *he_cap;
5895 const struct element *he_cap_elem;
5896 u16 mcs_80_map, mcs_160_map;
5897 int i, mcs_nss_size;
5898 bool support_160;
5899 u8 chains = 1;
5900
5901 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HT)
5902 return chains;
5903
5904 ht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_CAPABILITY);
5905 if (ht_cap_elem && ht_cap_elem->datalen >= sizeof(*ht_cap)) {
5906 ht_cap = (void *)ht_cap_elem->data;
5907 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
5908 /*
5909 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
5910 * "Tx Unequal Modulation Supported" fields.
5911 */
5912 }
5913
5914 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_VHT)
5915 return chains;
5916
5917 vht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY);
5918 if (vht_cap_elem && vht_cap_elem->datalen >= sizeof(*vht_cap)) {
5919 u8 nss;
5920 u16 tx_mcs_map;
5921
5922 vht_cap = (void *)vht_cap_elem->data;
5923 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
5924 for (nss = 8; nss > 0; nss--) {
5925 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
5926 IEEE80211_VHT_MCS_NOT_SUPPORTED)
5927 break;
5928 }
5929 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
5930 chains = max(chains, nss);
5931 }
5932
5933 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HE)
5934 return chains;
5935
5936 ies = rcu_dereference(cbss->ies);
5937 he_cap_elem = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY,
5938 ies->data, ies->len);
5939
5940 if (!he_cap_elem || he_cap_elem->datalen < sizeof(*he_cap) + 1)
5941 return chains;
5942
5943 /* skip one byte ext_tag_id */
5944 he_cap = (void *)(he_cap_elem->data + 1);
5945 mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap);
5946
5947 /* invalid HE IE */
5948 if (he_cap_elem->datalen < 1 + mcs_nss_size + sizeof(*he_cap))
5949 return chains;
5950
5951 /* mcs_nss is right after he_cap info */
5952 he_mcs_nss_supp = (void *)(he_cap + 1);
5953
5954 mcs_80_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80);
5955
5956 for (i = 7; i >= 0; i--) {
5957 u8 mcs_80 = mcs_80_map >> (2 * i) & 3;
5958
5959 if (mcs_80 != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
5960 chains = max_t(u8, chains, i + 1);
5961 break;
5962 }
5963 }
5964
5965 support_160 = he_cap->phy_cap_info[0] &
5966 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
5967
5968 if (!support_160)
5969 return chains;
5970
5971 mcs_160_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_160);
5972 for (i = 7; i >= 0; i--) {
5973 u8 mcs_160 = mcs_160_map >> (2 * i) & 3;
5974
5975 if (mcs_160 != IEEE80211_VHT_MCS_NOT_SUPPORTED) {
5976 chains = max_t(u8, chains, i + 1);
5977 break;
5978 }
5979 }
5980
5981 return chains;
5982 }
5983
5984 static void
ieee80211_determine_our_sta_mode(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct cfg80211_assoc_request * req,bool wmm_used,int link_id,struct ieee80211_conn_settings * conn)5985 ieee80211_determine_our_sta_mode(struct ieee80211_sub_if_data *sdata,
5986 struct ieee80211_supported_band *sband,
5987 struct cfg80211_assoc_request *req,
5988 bool wmm_used, int link_id,
5989 struct ieee80211_conn_settings *conn)
5990 {
5991 struct ieee80211_sta_ht_cap sta_ht_cap = sband->ht_cap;
5992 bool is_5ghz = sband->band == NL80211_BAND_5GHZ;
5993 bool is_6ghz = sband->band == NL80211_BAND_6GHZ;
5994 const struct ieee80211_sta_he_cap *he_cap;
5995 const struct ieee80211_sta_eht_cap *eht_cap;
5996 const struct ieee80211_sta_uhr_cap *uhr_cap;
5997 struct ieee80211_sta_vht_cap vht_cap;
5998
5999 if (sband->band == NL80211_BAND_S1GHZ) {
6000 conn->mode = IEEE80211_CONN_MODE_S1G;
6001 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
6002 mlme_dbg(sdata, "operating as S1G STA\n");
6003 return;
6004 }
6005
6006 conn->mode = IEEE80211_CONN_MODE_LEGACY;
6007 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
6008
6009 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
6010
6011 if (req && req->flags & ASSOC_REQ_DISABLE_HT) {
6012 mlme_link_id_dbg(sdata, link_id,
6013 "HT disabled by flag, limiting to legacy\n");
6014 goto out;
6015 }
6016
6017 if (!wmm_used) {
6018 mlme_link_id_dbg(sdata, link_id,
6019 "WMM/QoS not supported, limiting to legacy\n");
6020 goto out;
6021 }
6022
6023 if (req) {
6024 unsigned int i;
6025
6026 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
6027 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
6028 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
6029 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
6030 netdev_info(sdata->dev,
6031 "WEP/TKIP use, limiting to legacy\n");
6032 goto out;
6033 }
6034 }
6035 }
6036
6037 if (!sta_ht_cap.ht_supported && !is_6ghz) {
6038 mlme_link_id_dbg(sdata, link_id,
6039 "HT not supported (and not on 6 GHz), limiting to legacy\n");
6040 goto out;
6041 }
6042
6043 /* HT is fine */
6044 conn->mode = IEEE80211_CONN_MODE_HT;
6045 conn->bw_limit = sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 ?
6046 IEEE80211_CONN_BW_LIMIT_40 :
6047 IEEE80211_CONN_BW_LIMIT_20;
6048
6049 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
6050 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
6051
6052 if (req && req->flags & ASSOC_REQ_DISABLE_VHT) {
6053 mlme_link_id_dbg(sdata, link_id,
6054 "VHT disabled by flag, limiting to HT\n");
6055 goto out;
6056 }
6057
6058 if (vht_cap.vht_supported && is_5ghz) {
6059 bool have_80mhz = false;
6060 unsigned int i;
6061
6062 if (conn->bw_limit == IEEE80211_CONN_BW_LIMIT_20) {
6063 mlme_link_id_dbg(sdata, link_id,
6064 "no 40 MHz support on 5 GHz, limiting to HT\n");
6065 goto out;
6066 }
6067
6068 /* Allow VHT if at least one channel on the sband supports 80 MHz */
6069 for (i = 0; i < sband->n_channels; i++) {
6070 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED |
6071 IEEE80211_CHAN_NO_80MHZ))
6072 continue;
6073
6074 have_80mhz = true;
6075 break;
6076 }
6077
6078 if (!have_80mhz) {
6079 mlme_link_id_dbg(sdata, link_id,
6080 "no 80 MHz channel support on 5 GHz, limiting to HT\n");
6081 goto out;
6082 }
6083 } else if (is_5ghz) { /* !vht_supported but on 5 GHz */
6084 mlme_link_id_dbg(sdata, link_id,
6085 "no VHT support on 5 GHz, limiting to HT\n");
6086 goto out;
6087 }
6088
6089 /* VHT - if we have - is fine, including 80 MHz, check 160 below again */
6090 if (sband->band != NL80211_BAND_2GHZ) {
6091 conn->mode = IEEE80211_CONN_MODE_VHT;
6092 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_160;
6093 }
6094
6095 if (is_5ghz &&
6096 !(vht_cap.cap & (IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
6097 IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ |
6098 IEEE80211_VHT_CAP_EXT_NSS_BW_MASK))) {
6099 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_80;
6100 mlme_link_id_dbg(sdata, link_id,
6101 "no VHT 160 MHz capability on 5 GHz, limiting to 80 MHz");
6102 }
6103
6104 if (req && req->flags & ASSOC_REQ_DISABLE_HE) {
6105 mlme_link_id_dbg(sdata, link_id,
6106 "HE disabled by flag, limiting to HT/VHT\n");
6107 goto out;
6108 }
6109
6110 he_cap = ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif);
6111 if (!he_cap) {
6112 WARN_ON(is_6ghz);
6113 mlme_link_id_dbg(sdata, link_id,
6114 "no HE support, limiting to HT/VHT\n");
6115 goto out;
6116 }
6117
6118 /* so we have HE */
6119 conn->mode = IEEE80211_CONN_MODE_HE;
6120
6121 /* check bandwidth */
6122 switch (sband->band) {
6123 default:
6124 case NL80211_BAND_2GHZ:
6125 if (he_cap->he_cap_elem.phy_cap_info[0] &
6126 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G)
6127 break;
6128 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
6129 mlme_link_id_dbg(sdata, link_id,
6130 "no 40 MHz HE cap in 2.4 GHz, limiting to 20 MHz\n");
6131 break;
6132 case NL80211_BAND_5GHZ:
6133 if (!(he_cap->he_cap_elem.phy_cap_info[0] &
6134 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) {
6135 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
6136 mlme_link_id_dbg(sdata, link_id,
6137 "no 40/80 MHz HE cap in 5 GHz, limiting to 20 MHz\n");
6138 break;
6139 }
6140 if (!(he_cap->he_cap_elem.phy_cap_info[0] &
6141 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G)) {
6142 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
6143 conn->bw_limit,
6144 IEEE80211_CONN_BW_LIMIT_80);
6145 mlme_link_id_dbg(sdata, link_id,
6146 "no 160 MHz HE cap in 5 GHz, limiting to 80 MHz\n");
6147 }
6148 break;
6149 case NL80211_BAND_6GHZ:
6150 if (he_cap->he_cap_elem.phy_cap_info[0] &
6151 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G)
6152 break;
6153 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
6154 conn->bw_limit,
6155 IEEE80211_CONN_BW_LIMIT_80);
6156 mlme_link_id_dbg(sdata, link_id,
6157 "no 160 MHz HE cap in 6 GHz, limiting to 80 MHz\n");
6158 break;
6159 }
6160
6161 if (req && req->flags & ASSOC_REQ_DISABLE_EHT) {
6162 mlme_link_id_dbg(sdata, link_id,
6163 "EHT disabled by flag, limiting to HE\n");
6164 goto out;
6165 }
6166
6167 eht_cap = ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif);
6168 if (!eht_cap) {
6169 mlme_link_id_dbg(sdata, link_id,
6170 "no EHT support, limiting to HE\n");
6171 goto out;
6172 }
6173 conn->mode = IEEE80211_CONN_MODE_EHT;
6174
6175 /* check bandwidth */
6176 if (is_6ghz &&
6177 eht_cap->eht_cap_elem.phy_cap_info[0] & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ)
6178 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_320;
6179 else if (is_6ghz)
6180 mlme_link_id_dbg(sdata, link_id,
6181 "no EHT 320 MHz cap in 6 GHz, limiting to 160 MHz\n");
6182
6183 if (req && req->flags & ASSOC_REQ_DISABLE_UHR) {
6184 mlme_link_id_dbg(sdata, link_id,
6185 "UHR disabled by flag, limiting to EHT\n");
6186 goto out;
6187 }
6188
6189 uhr_cap = ieee80211_get_uhr_iftype_cap_vif(sband, &sdata->vif);
6190 if (!uhr_cap) {
6191 mlme_link_id_dbg(sdata, link_id,
6192 "no UHR support, limiting to EHT\n");
6193 goto out;
6194 }
6195 conn->mode = IEEE80211_CONN_MODE_UHR;
6196
6197 out:
6198 mlme_link_id_dbg(sdata, link_id,
6199 "determined local STA to be %s, BW limited to %d MHz\n",
6200 ieee80211_conn_mode_str(conn->mode),
6201 20 * (1 << conn->bw_limit));
6202 }
6203
6204 static void
ieee80211_determine_our_sta_mode_auth(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct cfg80211_auth_request * req,bool wmm_used,struct ieee80211_conn_settings * conn)6205 ieee80211_determine_our_sta_mode_auth(struct ieee80211_sub_if_data *sdata,
6206 struct ieee80211_supported_band *sband,
6207 struct cfg80211_auth_request *req,
6208 bool wmm_used,
6209 struct ieee80211_conn_settings *conn)
6210 {
6211 ieee80211_determine_our_sta_mode(sdata, sband, NULL, wmm_used,
6212 req->link_id > 0 ? req->link_id : 0,
6213 conn);
6214 }
6215
6216 static void
ieee80211_determine_our_sta_mode_assoc(struct ieee80211_sub_if_data * sdata,struct ieee80211_supported_band * sband,struct cfg80211_assoc_request * req,bool wmm_used,int link_id,struct ieee80211_conn_settings * conn)6217 ieee80211_determine_our_sta_mode_assoc(struct ieee80211_sub_if_data *sdata,
6218 struct ieee80211_supported_band *sband,
6219 struct cfg80211_assoc_request *req,
6220 bool wmm_used, int link_id,
6221 struct ieee80211_conn_settings *conn)
6222 {
6223 struct ieee80211_conn_settings tmp;
6224
6225 WARN_ON(!req);
6226
6227 ieee80211_determine_our_sta_mode(sdata, sband, req, wmm_used, link_id,
6228 &tmp);
6229
6230 conn->mode = min_t(enum ieee80211_conn_mode,
6231 conn->mode, tmp.mode);
6232 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit,
6233 conn->bw_limit, tmp.bw_limit);
6234 }
6235
ieee80211_prep_channel(struct ieee80211_sub_if_data * sdata,struct ieee80211_link_data * link,int link_id,struct cfg80211_bss * cbss,bool mlo,struct ieee80211_conn_settings * conn,unsigned long * userspace_selectors)6236 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
6237 struct ieee80211_link_data *link,
6238 int link_id,
6239 struct cfg80211_bss *cbss, bool mlo,
6240 struct ieee80211_conn_settings *conn,
6241 unsigned long *userspace_selectors)
6242 {
6243 struct ieee80211_local *local = sdata->local;
6244 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
6245 struct ieee80211_chan_req chanreq = {};
6246 struct cfg80211_chan_def ap_chandef;
6247 struct ieee802_11_elems *elems;
6248 int ret;
6249
6250 lockdep_assert_wiphy(local->hw.wiphy);
6251
6252 rcu_read_lock();
6253 elems = ieee80211_determine_chan_mode(sdata, conn, cbss, link_id,
6254 &chanreq, &ap_chandef,
6255 userspace_selectors);
6256
6257 if (IS_ERR(elems)) {
6258 rcu_read_unlock();
6259 return PTR_ERR(elems);
6260 }
6261
6262 if (mlo && !elems->ml_basic) {
6263 sdata_info(sdata, "Rejecting MLO as it is not supported by AP\n");
6264 rcu_read_unlock();
6265 kfree(elems);
6266 return -EINVAL;
6267 }
6268
6269 if (link && is_6ghz && conn->mode >= IEEE80211_CONN_MODE_HE) {
6270 const struct ieee80211_he_6ghz_oper *he_6ghz_oper;
6271
6272 if (elems->pwr_constr_elem)
6273 link->conf->pwr_reduction = *elems->pwr_constr_elem;
6274
6275 he_6ghz_oper = ieee80211_he_6ghz_oper(elems->he_operation);
6276 if (he_6ghz_oper)
6277 link->conf->power_type =
6278 cfg80211_6ghz_power_type(he_6ghz_oper->control,
6279 cbss->channel->flags);
6280 else
6281 link_info(link,
6282 "HE 6 GHz operation missing (on %d MHz), expect issues\n",
6283 cbss->channel->center_freq);
6284
6285 link->conf->tpe = elems->tpe;
6286 ieee80211_rearrange_tpe(&link->conf->tpe, &ap_chandef,
6287 &chanreq.oper);
6288 }
6289 rcu_read_unlock();
6290 /* the element data was RCU protected so no longer valid anyway */
6291 kfree(elems);
6292 elems = NULL;
6293
6294 if (!link)
6295 return 0;
6296
6297 rcu_read_lock();
6298 link->needed_rx_chains = min(ieee80211_max_rx_chains(link, cbss),
6299 local->rx_chains);
6300 rcu_read_unlock();
6301
6302 /*
6303 * If this fails (possibly due to channel context sharing
6304 * on incompatible channels, e.g. 80+80 and 160 sharing the
6305 * same control channel) try to use a smaller bandwidth.
6306 */
6307 ret = ieee80211_link_use_channel(link, &chanreq,
6308 IEEE80211_CHANCTX_SHARED);
6309
6310 /* don't downgrade for 5/10/S1G MHz channels, though. */
6311 if (chanreq.oper.width == NL80211_CHAN_WIDTH_5 ||
6312 chanreq.oper.width == NL80211_CHAN_WIDTH_10 ||
6313 cfg80211_chandef_is_s1g(&chanreq.oper))
6314 return ret;
6315
6316 while (ret && chanreq.oper.width != NL80211_CHAN_WIDTH_20_NOHT) {
6317 ieee80211_chanreq_downgrade(&chanreq, conn);
6318
6319 ret = ieee80211_link_use_channel(link, &chanreq,
6320 IEEE80211_CHANCTX_SHARED);
6321 }
6322
6323 return ret;
6324 }
6325
ieee80211_get_dtim(const struct cfg80211_bss_ies * ies,u8 * dtim_count,u8 * dtim_period)6326 static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies,
6327 u8 *dtim_count, u8 *dtim_period)
6328 {
6329 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len);
6330 const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data,
6331 ies->len);
6332 const struct ieee80211_tim_ie *tim = NULL;
6333 const struct ieee80211_bssid_index *idx;
6334 bool valid = tim_ie && tim_ie[1] >= 2;
6335
6336 if (valid)
6337 tim = (void *)(tim_ie + 2);
6338
6339 if (dtim_count)
6340 *dtim_count = valid ? tim->dtim_count : 0;
6341
6342 if (dtim_period)
6343 *dtim_period = valid ? tim->dtim_period : 0;
6344
6345 /* Check if value is overridden by non-transmitted profile */
6346 if (!idx_ie || idx_ie[1] < 3)
6347 return valid;
6348
6349 idx = (void *)(idx_ie + 2);
6350
6351 if (dtim_count)
6352 *dtim_count = idx->dtim_count;
6353
6354 if (dtim_period)
6355 *dtim_period = idx->dtim_period;
6356
6357 return true;
6358 }
6359
ieee80211_get_ttlm(u8 bm_size,u8 * data)6360 static u16 ieee80211_get_ttlm(u8 bm_size, u8 *data)
6361 {
6362 if (bm_size == 1)
6363 return *data;
6364
6365 return get_unaligned_le16(data);
6366 }
6367
6368 static int
ieee80211_parse_adv_t2l(struct ieee80211_sub_if_data * sdata,const struct ieee80211_ttlm_elem * ttlm,struct ieee80211_adv_ttlm_info * ttlm_info)6369 ieee80211_parse_adv_t2l(struct ieee80211_sub_if_data *sdata,
6370 const struct ieee80211_ttlm_elem *ttlm,
6371 struct ieee80211_adv_ttlm_info *ttlm_info)
6372 {
6373 /* The element size was already validated in
6374 * ieee80211_tid_to_link_map_size_ok()
6375 */
6376 u8 control, link_map_presence, map_size, tid;
6377 u8 *pos;
6378
6379 memset(ttlm_info, 0, sizeof(*ttlm_info));
6380 pos = (void *)ttlm->optional;
6381 control = ttlm->control;
6382
6383 if ((control & IEEE80211_TTLM_CONTROL_DIRECTION) !=
6384 IEEE80211_TTLM_DIRECTION_BOTH) {
6385 sdata_info(sdata, "Invalid advertised T2L map direction\n");
6386 return -EINVAL;
6387 }
6388
6389 if (!(control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP)) {
6390 link_map_presence = *pos;
6391 pos++;
6392 }
6393
6394 if (control & IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT) {
6395 ttlm_info->switch_time = get_unaligned_le16(pos);
6396
6397 /* Since ttlm_info->switch_time == 0 means no switch time, bump
6398 * it by 1.
6399 */
6400 if (!ttlm_info->switch_time)
6401 ttlm_info->switch_time = 1;
6402
6403 pos += 2;
6404 }
6405
6406 if (control & IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT) {
6407 ttlm_info->duration = pos[0] | pos[1] << 8 | pos[2] << 16;
6408 pos += 3;
6409 }
6410
6411 if (control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) {
6412 ttlm_info->map = 0xffff;
6413 return 0;
6414 }
6415
6416 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE)
6417 map_size = 1;
6418 else
6419 map_size = 2;
6420
6421 /* According to Draft P802.11be_D3.0 clause 35.3.7.1.7, an AP MLD shall
6422 * not advertise a TID-to-link mapping that does not map all TIDs to the
6423 * same link set, reject frame if not all links have mapping
6424 */
6425 if (link_map_presence != 0xff) {
6426 sdata_info(sdata,
6427 "Invalid advertised T2L mapping presence indicator\n");
6428 return -EINVAL;
6429 }
6430
6431 ttlm_info->map = ieee80211_get_ttlm(map_size, pos);
6432 if (!ttlm_info->map) {
6433 sdata_info(sdata,
6434 "Invalid advertised T2L map for TID 0\n");
6435 return -EINVAL;
6436 }
6437
6438 pos += map_size;
6439
6440 for (tid = 1; tid < 8; tid++) {
6441 u16 map = ieee80211_get_ttlm(map_size, pos);
6442
6443 if (map != ttlm_info->map) {
6444 sdata_info(sdata, "Invalid advertised T2L map for tid %d\n",
6445 tid);
6446 return -EINVAL;
6447 }
6448
6449 pos += map_size;
6450 }
6451 return 0;
6452 }
6453
ieee80211_assoc_success(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,struct ieee802_11_elems * elems,const u8 * elem_start,unsigned int elem_len)6454 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
6455 struct ieee80211_mgmt *mgmt,
6456 struct ieee802_11_elems *elems,
6457 const u8 *elem_start, unsigned int elem_len)
6458 {
6459 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
6460 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
6461 struct ieee80211_local *local = sdata->local;
6462 unsigned int link_id;
6463 struct sta_info *sta;
6464 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS] = {};
6465 u16 valid_links = 0, dormant_links = 0;
6466 int err;
6467
6468 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6469 /*
6470 * station info was already allocated and inserted before
6471 * the association and should be available to us
6472 */
6473 sta = sta_info_get(sdata, assoc_data->ap_addr);
6474 if (WARN_ON(!sta))
6475 goto out_err;
6476
6477 sta->sta.spp_amsdu = assoc_data->spp_amsdu;
6478
6479 if (ieee80211_vif_is_mld(&sdata->vif)) {
6480 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
6481 if (!assoc_data->link[link_id].bss)
6482 continue;
6483
6484 valid_links |= BIT(link_id);
6485
6486 if (link_id != assoc_data->assoc_link_id) {
6487 err = ieee80211_sta_allocate_link(sta, link_id);
6488 if (err)
6489 goto out_err;
6490 }
6491 }
6492
6493 /*
6494 * We do not support setting a negotiated TTLM during
6495 * association. As such, we can assume that if there is a TTLM,
6496 * then it is the currently active advertised TTLM.
6497 * In that case, there must be exactly one TTLM that does not
6498 * have a switch time set. This mapping should also leave us
6499 * with at least one usable link.
6500 */
6501 if (elems->ttlm_num > 1) {
6502 sdata_info(sdata,
6503 "More than one advertised TTLM in association response\n");
6504 goto out_err;
6505 } else if (elems->ttlm_num == 1) {
6506 if (ieee80211_parse_adv_t2l(sdata, elems->ttlm[0],
6507 &sdata->u.mgd.ttlm_info) ||
6508 sdata->u.mgd.ttlm_info.switch_time != 0 ||
6509 !(valid_links & sdata->u.mgd.ttlm_info.map)) {
6510 sdata_info(sdata,
6511 "Invalid advertised TTLM in association response\n");
6512 goto out_err;
6513 }
6514
6515 sdata->u.mgd.ttlm_info.active = true;
6516 dormant_links =
6517 valid_links & ~sdata->u.mgd.ttlm_info.map;
6518 }
6519
6520 ieee80211_vif_set_links(sdata, valid_links, dormant_links);
6521 }
6522
6523 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
6524 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
6525 struct ieee80211_link_data *link;
6526 struct link_sta_info *link_sta;
6527
6528 if (!cbss)
6529 continue;
6530
6531 link = sdata_dereference(sdata->link[link_id], sdata);
6532 if (WARN_ON(!link))
6533 goto out_err;
6534
6535 if (ieee80211_vif_is_mld(&sdata->vif))
6536 link_info(link,
6537 "local address %pM, AP link address %pM%s\n",
6538 link->conf->addr,
6539 assoc_data->link[link_id].bss->bssid,
6540 link_id == assoc_data->assoc_link_id ?
6541 " (assoc)" : "");
6542
6543 link_sta = rcu_dereference_protected(sta->link[link_id],
6544 lockdep_is_held(&local->hw.wiphy->mtx));
6545 if (WARN_ON(!link_sta))
6546 goto out_err;
6547
6548 if (!link->u.mgd.have_beacon) {
6549 const struct cfg80211_bss_ies *ies;
6550
6551 rcu_read_lock();
6552 ies = rcu_dereference(cbss->beacon_ies);
6553 if (ies)
6554 link->u.mgd.have_beacon = true;
6555 else
6556 ies = rcu_dereference(cbss->ies);
6557 ieee80211_get_dtim(ies,
6558 &link->conf->sync_dtim_count,
6559 &link->u.mgd.dtim_period);
6560 link->conf->beacon_int = cbss->beacon_interval;
6561 rcu_read_unlock();
6562 }
6563
6564 link->conf->dtim_period = link->u.mgd.dtim_period ?: 1;
6565
6566 if (link_id != assoc_data->assoc_link_id) {
6567 link->u.mgd.conn = assoc_data->link[link_id].conn;
6568
6569 err = ieee80211_prep_channel(sdata, link, link_id, cbss,
6570 true, &link->u.mgd.conn,
6571 sdata->u.mgd.userspace_selectors);
6572 if (err) {
6573 link_info(link, "prep_channel failed\n");
6574 goto out_err;
6575 }
6576 }
6577
6578 err = ieee80211_mgd_setup_link_sta(link, sta, link_sta,
6579 assoc_data->link[link_id].bss);
6580 if (err)
6581 goto out_err;
6582
6583 if (!ieee80211_assoc_config_link(link, link_sta,
6584 assoc_data->link[link_id].bss,
6585 mgmt, elem_start, elem_len,
6586 &changed[link_id]))
6587 goto out_err;
6588
6589 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) {
6590 valid_links &= ~BIT(link_id);
6591 ieee80211_sta_remove_link(sta, link_id);
6592 continue;
6593 }
6594
6595 if (link_id != assoc_data->assoc_link_id) {
6596 err = ieee80211_sta_activate_link(sta, link_id);
6597 if (err)
6598 goto out_err;
6599 }
6600 }
6601
6602 /* links might have changed due to rejected ones, set them again */
6603 ieee80211_vif_set_links(sdata, valid_links, dormant_links);
6604
6605 rate_control_rate_init_all_links(sta);
6606
6607 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) {
6608 set_sta_flag(sta, WLAN_STA_MFP);
6609 sta->sta.mfp = true;
6610 } else {
6611 sta->sta.mfp = false;
6612 }
6613
6614 ieee80211_sta_set_max_amsdu_subframes(sta, elems->ext_capab,
6615 elems->ext_capab_len);
6616
6617 sta->sta.wme = (elems->wmm_param || elems->s1g_capab) &&
6618 local->hw.queues >= IEEE80211_NUM_ACS;
6619
6620 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
6621 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
6622 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
6623 if (err) {
6624 sdata_info(sdata,
6625 "failed to move station %pM to desired state\n",
6626 sta->sta.addr);
6627 WARN_ON(__sta_info_destroy(sta));
6628 goto out_err;
6629 }
6630
6631 if (sdata->wdev.use_4addr)
6632 drv_sta_set_4addr(local, sdata, &sta->sta, true);
6633
6634 ieee80211_set_associated(sdata, assoc_data, changed);
6635
6636 /*
6637 * If we're using 4-addr mode, let the AP know that we're
6638 * doing so, so that it can create the STA VLAN on its side
6639 */
6640 if (ifmgd->use_4addr)
6641 ieee80211_send_4addr_nullfunc(local, sdata);
6642
6643 /*
6644 * Start timer to probe the connection to the AP now.
6645 * Also start the timer that will detect beacon loss.
6646 */
6647 ieee80211_sta_reset_beacon_monitor(sdata);
6648 ieee80211_sta_reset_conn_monitor(sdata);
6649
6650 return true;
6651 out_err:
6652 eth_zero_addr(sdata->vif.cfg.ap_addr);
6653 return false;
6654 }
6655
ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)6656 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
6657 struct ieee80211_mgmt *mgmt,
6658 size_t len)
6659 {
6660 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
6661 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
6662 u16 capab_info, status_code, aid;
6663 struct ieee80211_elems_parse_params parse_params = {
6664 .bss = NULL,
6665 .link_id = -1,
6666 .from_ap = true,
6667 .type = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_TYPE,
6668 };
6669 struct ieee802_11_elems *elems;
6670 int ac;
6671 const u8 *elem_start;
6672 unsigned int elem_len;
6673 bool reassoc;
6674 struct ieee80211_event event = {
6675 .type = MLME_EVENT,
6676 .u.mlme.data = ASSOC_EVENT,
6677 };
6678 struct ieee80211_prep_tx_info info = {};
6679 struct cfg80211_rx_assoc_resp_data resp = {
6680 .uapsd_queues = -1,
6681 };
6682 u8 ap_mld_addr[ETH_ALEN] __aligned(2);
6683 unsigned int link_id;
6684 u16 max_aid = IEEE80211_MAX_AID;
6685
6686 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6687
6688 if (!assoc_data)
6689 return;
6690
6691 info.link_id = assoc_data->assoc_link_id;
6692
6693 parse_params.mode =
6694 assoc_data->link[assoc_data->assoc_link_id].conn.mode;
6695
6696 if (!ether_addr_equal(assoc_data->ap_addr, mgmt->bssid) ||
6697 !ether_addr_equal(assoc_data->ap_addr, mgmt->sa))
6698 return;
6699
6700 /*
6701 * AssocResp and ReassocResp have identical structure, so process both
6702 * of them in this function.
6703 */
6704
6705 if (len < 24 + 6)
6706 return;
6707
6708 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control);
6709 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
6710 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
6711 if (assoc_data->s1g) {
6712 elem_start = mgmt->u.s1g_assoc_resp.variable;
6713 max_aid = IEEE80211_MAX_SUPPORTED_S1G_AID;
6714 } else {
6715 elem_start = mgmt->u.assoc_resp.variable;
6716 }
6717
6718 /*
6719 * Note: this may not be perfect, AP might misbehave - if
6720 * anyone needs to rely on perfect complete notification
6721 * with the exact right subtype, then we need to track what
6722 * we actually transmitted.
6723 */
6724 info.subtype = reassoc ? IEEE80211_STYPE_REASSOC_REQ :
6725 IEEE80211_STYPE_ASSOC_REQ;
6726
6727 if (assoc_data->fils_kek_len &&
6728 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0)
6729 return;
6730
6731 elem_len = len - (elem_start - (u8 *)mgmt);
6732 parse_params.start = elem_start;
6733 parse_params.len = elem_len;
6734 elems = ieee802_11_parse_elems_full(&parse_params);
6735 if (!elems)
6736 goto notify_driver;
6737
6738 if (elems->aid_resp)
6739 aid = le16_to_cpu(elems->aid_resp->aid);
6740 else
6741 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
6742
6743 /*
6744 * The 5 MSB of the AID field are reserved for a non-S1G STA. For
6745 * an S1G STA the 3 MSBs are reserved.
6746 * (802.11-2016 9.4.1.8 AID field).
6747 */
6748 aid &= assoc_data->s1g ? 0x1fff : 0x7ff;
6749
6750 sdata_info(sdata,
6751 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
6752 reassoc ? "Rea" : "A", assoc_data->ap_addr,
6753 capab_info, status_code, aid);
6754
6755 ifmgd->broken_ap = false;
6756
6757 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
6758 elems->timeout_int &&
6759 elems->timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
6760 u32 tu, ms;
6761
6762 cfg80211_assoc_comeback(sdata->dev, assoc_data->ap_addr,
6763 le32_to_cpu(elems->timeout_int->value));
6764
6765 tu = le32_to_cpu(elems->timeout_int->value);
6766 ms = tu * 1024 / 1000;
6767 sdata_info(sdata,
6768 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
6769 assoc_data->ap_addr, tu, ms);
6770 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
6771 assoc_data->timeout_started = true;
6772 assoc_data->comeback = true;
6773 if (ms > IEEE80211_ASSOC_TIMEOUT)
6774 run_again(sdata, assoc_data->timeout);
6775 goto notify_driver;
6776 }
6777
6778 if (status_code != WLAN_STATUS_SUCCESS) {
6779 sdata_info(sdata, "%pM denied association (code=%d)\n",
6780 assoc_data->ap_addr, status_code);
6781 event.u.mlme.status = MLME_DENIED;
6782 event.u.mlme.reason = status_code;
6783 drv_event_callback(sdata->local, sdata, &event);
6784 } else {
6785 if (aid == 0 || aid > max_aid) {
6786 sdata_info(sdata,
6787 "invalid AID value %d (out of range), turn off PS\n",
6788 aid);
6789 aid = 0;
6790 ifmgd->broken_ap = true;
6791 }
6792
6793 if (ieee80211_vif_is_mld(&sdata->vif)) {
6794 struct ieee80211_mle_basic_common_info *common;
6795
6796 if (!elems->ml_basic) {
6797 sdata_info(sdata,
6798 "MLO association with %pM but no (basic) multi-link element in response!\n",
6799 assoc_data->ap_addr);
6800 goto abandon_assoc;
6801 }
6802
6803 common = (void *)elems->ml_basic->variable;
6804
6805 if (memcmp(assoc_data->ap_addr,
6806 common->mld_mac_addr, ETH_ALEN)) {
6807 sdata_info(sdata,
6808 "AP MLD MAC address mismatch: got %pM expected %pM\n",
6809 common->mld_mac_addr,
6810 assoc_data->ap_addr);
6811 goto abandon_assoc;
6812 }
6813
6814 sdata->vif.cfg.eml_cap =
6815 ieee80211_mle_get_eml_cap((const void *)elems->ml_basic);
6816 sdata->vif.cfg.eml_med_sync_delay =
6817 ieee80211_mle_get_eml_med_sync_delay((const void *)elems->ml_basic);
6818 sdata->vif.cfg.mld_capa_op =
6819 ieee80211_mle_get_mld_capa_op((const void *)elems->ml_basic);
6820 }
6821
6822 sdata->vif.cfg.aid = aid;
6823 sdata->vif.cfg.s1g = assoc_data->s1g;
6824
6825 if (!ieee80211_assoc_success(sdata, mgmt, elems,
6826 elem_start, elem_len)) {
6827 /* oops -- internal error -- send timeout for now */
6828 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
6829 goto notify_driver;
6830 }
6831 event.u.mlme.status = MLME_SUCCESS;
6832 drv_event_callback(sdata->local, sdata, &event);
6833 sdata_info(sdata, "associated\n");
6834
6835 info.success = 1;
6836 }
6837
6838 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
6839 struct ieee80211_link_data *link;
6840
6841 if (!assoc_data->link[link_id].bss)
6842 continue;
6843
6844 resp.links[link_id].bss = assoc_data->link[link_id].bss;
6845 ether_addr_copy(resp.links[link_id].addr,
6846 assoc_data->link[link_id].addr);
6847 resp.links[link_id].status = assoc_data->link[link_id].status;
6848
6849 link = sdata_dereference(sdata->link[link_id], sdata);
6850 if (!link)
6851 continue;
6852
6853 /* get uapsd queues configuration - same for all links */
6854 resp.uapsd_queues = 0;
6855 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
6856 if (link->tx_conf[ac].uapsd)
6857 resp.uapsd_queues |= ieee80211_ac_to_qos_mask[ac];
6858 }
6859
6860 if (ieee80211_vif_is_mld(&sdata->vif)) {
6861 ether_addr_copy(ap_mld_addr, sdata->vif.cfg.ap_addr);
6862 resp.ap_mld_addr = ap_mld_addr;
6863 }
6864
6865 ieee80211_destroy_assoc_data(sdata,
6866 status_code == WLAN_STATUS_SUCCESS ?
6867 ASSOC_SUCCESS :
6868 ASSOC_REJECTED);
6869
6870 resp.buf = (u8 *)mgmt;
6871 resp.len = len;
6872 resp.req_ies = ifmgd->assoc_req_ies;
6873 resp.req_ies_len = ifmgd->assoc_req_ies_len;
6874 cfg80211_rx_assoc_resp(sdata->dev, &resp);
6875 notify_driver:
6876 drv_mgd_complete_tx(sdata->local, sdata, &info);
6877 kfree(elems);
6878 return;
6879 abandon_assoc:
6880 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
6881 goto notify_driver;
6882 }
6883
ieee80211_rx_bss_info(struct ieee80211_link_data * link,struct ieee80211_mgmt * mgmt,size_t len,struct ieee80211_rx_status * rx_status)6884 static void ieee80211_rx_bss_info(struct ieee80211_link_data *link,
6885 struct ieee80211_mgmt *mgmt, size_t len,
6886 struct ieee80211_rx_status *rx_status)
6887 {
6888 struct ieee80211_sub_if_data *sdata = link->sdata;
6889 struct ieee80211_local *local = sdata->local;
6890 struct ieee80211_bss *bss;
6891 struct ieee80211_channel *channel;
6892
6893 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6894
6895 channel = ieee80211_get_channel_khz(local->hw.wiphy,
6896 ieee80211_rx_status_to_khz(rx_status));
6897 if (!channel)
6898 return;
6899
6900 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel);
6901 if (bss) {
6902 link->conf->beacon_rate = bss->beacon_rate;
6903 ieee80211_rx_bss_put(local, bss);
6904 }
6905 }
6906
6907
ieee80211_rx_mgmt_probe_resp(struct ieee80211_link_data * link,struct sk_buff * skb)6908 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_link_data *link,
6909 struct sk_buff *skb)
6910 {
6911 struct ieee80211_sub_if_data *sdata = link->sdata;
6912 struct ieee80211_mgmt *mgmt = (void *)skb->data;
6913 struct ieee80211_if_managed *ifmgd;
6914 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
6915 struct ieee80211_channel *channel;
6916 size_t baselen, len = skb->len;
6917
6918 ifmgd = &sdata->u.mgd;
6919
6920 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6921
6922 /*
6923 * According to Draft P802.11ax D6.0 clause 26.17.2.3.2:
6924 * "If a 6 GHz AP receives a Probe Request frame and responds with
6925 * a Probe Response frame [..], the Address 1 field of the Probe
6926 * Response frame shall be set to the broadcast address [..]"
6927 * So, on 6GHz band we should also accept broadcast responses.
6928 */
6929 channel = ieee80211_get_channel_khz(sdata->local->hw.wiphy,
6930 ieee80211_rx_status_to_khz(rx_status));
6931 if (!channel)
6932 return;
6933
6934 if (!ether_addr_equal(mgmt->da, sdata->vif.addr) &&
6935 (channel->band != NL80211_BAND_6GHZ ||
6936 !is_broadcast_ether_addr(mgmt->da)))
6937 return; /* ignore ProbeResp to foreign address */
6938
6939 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
6940 if (baselen > len)
6941 return;
6942
6943 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
6944
6945 if (ifmgd->associated &&
6946 ether_addr_equal(mgmt->bssid, link->u.mgd.bssid))
6947 ieee80211_reset_ap_probe(sdata);
6948 }
6949
6950 /*
6951 * This is the canonical list of information elements we care about,
6952 * the filter code also gives us all changes to the Microsoft OUI
6953 * (00:50:F2) vendor IE which is used for WMM which we need to track,
6954 * as well as the DTPC IE (part of the Cisco OUI) used for signaling
6955 * changes to requested client power.
6956 *
6957 * We implement beacon filtering in software since that means we can
6958 * avoid processing the frame here and in cfg80211, and userspace
6959 * will not be able to tell whether the hardware supports it or not.
6960 *
6961 * XXX: This list needs to be dynamic -- userspace needs to be able to
6962 * add items it requires. It also needs to be able to tell us to
6963 * look out for other vendor IEs.
6964 */
6965 static const u64 care_about_ies =
6966 (1ULL << WLAN_EID_COUNTRY) |
6967 (1ULL << WLAN_EID_ERP_INFO) |
6968 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
6969 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
6970 (1ULL << WLAN_EID_HT_CAPABILITY) |
6971 (1ULL << WLAN_EID_HT_OPERATION) |
6972 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN);
6973
ieee80211_handle_beacon_sig(struct ieee80211_link_data * link,struct ieee80211_if_managed * ifmgd,struct ieee80211_bss_conf * bss_conf,struct ieee80211_local * local,struct ieee80211_rx_status * rx_status)6974 static void ieee80211_handle_beacon_sig(struct ieee80211_link_data *link,
6975 struct ieee80211_if_managed *ifmgd,
6976 struct ieee80211_bss_conf *bss_conf,
6977 struct ieee80211_local *local,
6978 struct ieee80211_rx_status *rx_status)
6979 {
6980 struct ieee80211_sub_if_data *sdata = link->sdata;
6981
6982 /* Track average RSSI from the Beacon frames of the current AP */
6983
6984 if (!link->u.mgd.tracking_signal_avg) {
6985 link->u.mgd.tracking_signal_avg = true;
6986 ewma_beacon_signal_init(&link->u.mgd.ave_beacon_signal);
6987 link->u.mgd.last_cqm_event_signal = 0;
6988 link->u.mgd.count_beacon_signal = 1;
6989 link->u.mgd.last_ave_beacon_signal = 0;
6990 } else {
6991 link->u.mgd.count_beacon_signal++;
6992 }
6993
6994 ewma_beacon_signal_add(&link->u.mgd.ave_beacon_signal,
6995 -rx_status->signal);
6996
6997 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
6998 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
6999 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
7000 int last_sig = link->u.mgd.last_ave_beacon_signal;
7001 struct ieee80211_event event = {
7002 .type = RSSI_EVENT,
7003 };
7004
7005 /*
7006 * if signal crosses either of the boundaries, invoke callback
7007 * with appropriate parameters
7008 */
7009 if (sig > ifmgd->rssi_max_thold &&
7010 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
7011 link->u.mgd.last_ave_beacon_signal = sig;
7012 event.u.rssi.data = RSSI_EVENT_HIGH;
7013 drv_event_callback(local, sdata, &event);
7014 } else if (sig < ifmgd->rssi_min_thold &&
7015 (last_sig >= ifmgd->rssi_max_thold ||
7016 last_sig == 0)) {
7017 link->u.mgd.last_ave_beacon_signal = sig;
7018 event.u.rssi.data = RSSI_EVENT_LOW;
7019 drv_event_callback(local, sdata, &event);
7020 }
7021 }
7022
7023 if (bss_conf->cqm_rssi_thold &&
7024 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
7025 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
7026 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
7027 int last_event = link->u.mgd.last_cqm_event_signal;
7028 int thold = bss_conf->cqm_rssi_thold;
7029 int hyst = bss_conf->cqm_rssi_hyst;
7030
7031 if (sig < thold &&
7032 (last_event == 0 || sig < last_event - hyst)) {
7033 link->u.mgd.last_cqm_event_signal = sig;
7034 ieee80211_cqm_rssi_notify(
7035 &sdata->vif,
7036 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
7037 sig, GFP_KERNEL);
7038 } else if (sig > thold &&
7039 (last_event == 0 || sig > last_event + hyst)) {
7040 link->u.mgd.last_cqm_event_signal = sig;
7041 ieee80211_cqm_rssi_notify(
7042 &sdata->vif,
7043 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
7044 sig, GFP_KERNEL);
7045 }
7046 }
7047
7048 if (bss_conf->cqm_rssi_low &&
7049 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
7050 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal);
7051 int last_event = link->u.mgd.last_cqm_event_signal;
7052 int low = bss_conf->cqm_rssi_low;
7053 int high = bss_conf->cqm_rssi_high;
7054
7055 if (sig < low &&
7056 (last_event == 0 || last_event >= low)) {
7057 link->u.mgd.last_cqm_event_signal = sig;
7058 ieee80211_cqm_rssi_notify(
7059 &sdata->vif,
7060 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
7061 sig, GFP_KERNEL);
7062 } else if (sig > high &&
7063 (last_event == 0 || last_event <= high)) {
7064 link->u.mgd.last_cqm_event_signal = sig;
7065 ieee80211_cqm_rssi_notify(
7066 &sdata->vif,
7067 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
7068 sig, GFP_KERNEL);
7069 }
7070 }
7071 }
7072
ieee80211_rx_our_beacon(const u8 * tx_bssid,struct cfg80211_bss * bss)7073 static bool ieee80211_rx_our_beacon(const u8 *tx_bssid,
7074 struct cfg80211_bss *bss)
7075 {
7076 if (ether_addr_equal(tx_bssid, bss->bssid))
7077 return true;
7078 if (!bss->transmitted_bss)
7079 return false;
7080 return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid);
7081 }
7082
ieee80211_ml_reconf_work(struct wiphy * wiphy,struct wiphy_work * work)7083 static void ieee80211_ml_reconf_work(struct wiphy *wiphy,
7084 struct wiphy_work *work)
7085 {
7086 struct ieee80211_sub_if_data *sdata =
7087 container_of(work, struct ieee80211_sub_if_data,
7088 u.mgd.ml_reconf_work.work);
7089 u16 new_valid_links, new_active_links, new_dormant_links;
7090 struct sta_info *sta;
7091 int ret;
7092
7093 if (!sdata->u.mgd.removed_links)
7094 return;
7095
7096 sdata_info(sdata,
7097 "MLO Reconfiguration: work: valid=0x%x, removed=0x%x\n",
7098 sdata->vif.valid_links, sdata->u.mgd.removed_links);
7099
7100 new_valid_links = sdata->vif.valid_links & ~sdata->u.mgd.removed_links;
7101 if (new_valid_links == sdata->vif.valid_links)
7102 return;
7103
7104 if (!new_valid_links ||
7105 !(new_valid_links & ~sdata->vif.dormant_links)) {
7106 sdata_info(sdata, "No valid links after reconfiguration\n");
7107 ret = -EINVAL;
7108 goto out;
7109 }
7110
7111 new_active_links = sdata->vif.active_links & ~sdata->u.mgd.removed_links;
7112 if (new_active_links != sdata->vif.active_links) {
7113 if (!new_active_links)
7114 new_active_links =
7115 BIT(ffs(new_valid_links &
7116 ~sdata->vif.dormant_links) - 1);
7117
7118 ret = ieee80211_set_active_links(&sdata->vif, new_active_links);
7119 if (ret) {
7120 sdata_info(sdata,
7121 "Failed setting active links\n");
7122 goto out;
7123 }
7124 }
7125
7126 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
7127 if (sta) {
7128 unsigned long removed_links = sdata->u.mgd.removed_links;
7129 unsigned int link_id;
7130
7131 for_each_set_bit(link_id, &removed_links,
7132 IEEE80211_MLD_MAX_NUM_LINKS)
7133 ieee80211_sta_remove_link(sta, link_id);
7134 }
7135
7136 new_dormant_links = sdata->vif.dormant_links & ~sdata->u.mgd.removed_links;
7137
7138 ret = ieee80211_vif_set_links(sdata, new_valid_links,
7139 new_dormant_links);
7140 if (ret)
7141 sdata_info(sdata, "Failed setting valid links\n");
7142
7143 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_VALID_LINKS);
7144
7145 out:
7146 if (!ret)
7147 cfg80211_links_removed(sdata->dev, sdata->u.mgd.removed_links);
7148 else
7149 __ieee80211_disconnect(sdata);
7150
7151 sdata->u.mgd.removed_links = 0;
7152 }
7153
ieee80211_ml_reconfiguration(struct ieee80211_sub_if_data * sdata,struct ieee802_11_elems * elems)7154 static void ieee80211_ml_reconfiguration(struct ieee80211_sub_if_data *sdata,
7155 struct ieee802_11_elems *elems)
7156 {
7157 const struct element *sub;
7158 unsigned long removed_links = 0;
7159 u16 link_removal_timeout[IEEE80211_MLD_MAX_NUM_LINKS] = {};
7160 u8 link_id;
7161 u32 delay;
7162
7163 if (!ieee80211_vif_is_mld(&sdata->vif) || !elems->ml_reconf)
7164 return;
7165
7166 /* Directly parse the sub elements as the common information doesn't
7167 * hold any useful information.
7168 */
7169 for_each_mle_subelement(sub, (const u8 *)elems->ml_reconf,
7170 elems->ml_reconf_len) {
7171 struct ieee80211_mle_per_sta_profile *prof = (void *)sub->data;
7172 u8 *pos = prof->variable;
7173 u16 control;
7174
7175 if (sub->id != IEEE80211_MLE_SUBELEM_PER_STA_PROFILE)
7176 continue;
7177
7178 if (!ieee80211_mle_reconf_sta_prof_size_ok(sub->data,
7179 sub->datalen))
7180 return;
7181
7182 control = le16_to_cpu(prof->control);
7183 link_id = control & IEEE80211_MLE_STA_RECONF_CONTROL_LINK_ID;
7184
7185 if (link_id >= IEEE80211_MLD_MAX_NUM_LINKS)
7186 continue;
7187
7188 removed_links |= BIT(link_id);
7189
7190 /* the MAC address should not be included, but handle it */
7191 if (control &
7192 IEEE80211_MLE_STA_RECONF_CONTROL_STA_MAC_ADDR_PRESENT)
7193 pos += 6;
7194
7195 /* According to Draft P802.11be_D3.0, the control should
7196 * include the AP Removal Timer present. If the AP Removal Timer
7197 * is not present assume immediate removal.
7198 */
7199 if (control &
7200 IEEE80211_MLE_STA_RECONF_CONTROL_AP_REM_TIMER_PRESENT)
7201 link_removal_timeout[link_id] = get_unaligned_le16(pos);
7202 }
7203
7204 removed_links &= sdata->vif.valid_links;
7205 if (!removed_links) {
7206 /* In case the removal was cancelled, abort it */
7207 if (sdata->u.mgd.removed_links) {
7208 sdata->u.mgd.removed_links = 0;
7209 wiphy_hrtimer_work_cancel(sdata->local->hw.wiphy,
7210 &sdata->u.mgd.ml_reconf_work);
7211 }
7212 return;
7213 }
7214
7215 delay = 0;
7216 for_each_set_bit(link_id, &removed_links, IEEE80211_MLD_MAX_NUM_LINKS) {
7217 struct ieee80211_bss_conf *link_conf =
7218 sdata_dereference(sdata->vif.link_conf[link_id], sdata);
7219 u32 link_delay;
7220
7221 if (!link_conf) {
7222 removed_links &= ~BIT(link_id);
7223 continue;
7224 }
7225
7226 if (link_removal_timeout[link_id] < 1)
7227 link_delay = 0;
7228 else
7229 link_delay = link_conf->beacon_int *
7230 (link_removal_timeout[link_id] - 1);
7231
7232 if (!delay)
7233 delay = link_delay;
7234 else
7235 delay = min(delay, link_delay);
7236 }
7237
7238 sdata->u.mgd.removed_links = removed_links;
7239 wiphy_hrtimer_work_queue(sdata->local->hw.wiphy,
7240 &sdata->u.mgd.ml_reconf_work,
7241 us_to_ktime(ieee80211_tu_to_usec(delay)));
7242 }
7243
ieee80211_ttlm_set_links(struct ieee80211_sub_if_data * sdata,u16 active_links,u16 dormant_links,u16 suspended_links)7244 static int ieee80211_ttlm_set_links(struct ieee80211_sub_if_data *sdata,
7245 u16 active_links, u16 dormant_links,
7246 u16 suspended_links)
7247 {
7248 u64 changed = 0;
7249 int ret;
7250
7251 if (!active_links) {
7252 ret = -EINVAL;
7253 goto out;
7254 }
7255
7256 /* If there is an active negotiated TTLM, it should be discarded by
7257 * the new negotiated/advertised TTLM.
7258 */
7259 if (sdata->vif.neg_ttlm.valid) {
7260 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
7261 sdata->vif.suspended_links = 0;
7262 changed = BSS_CHANGED_MLD_TTLM;
7263 }
7264
7265 if (sdata->vif.active_links != active_links) {
7266 /* usable links are affected when active_links are changed,
7267 * so notify the driver about the status change
7268 */
7269 changed |= BSS_CHANGED_MLD_VALID_LINKS;
7270 active_links &= sdata->vif.active_links;
7271 if (!active_links)
7272 active_links =
7273 BIT(__ffs(sdata->vif.valid_links &
7274 ~dormant_links));
7275 ret = ieee80211_set_active_links(&sdata->vif, active_links);
7276 if (ret) {
7277 sdata_info(sdata, "Failed to set TTLM active links\n");
7278 goto out;
7279 }
7280 }
7281
7282 ret = ieee80211_vif_set_links(sdata, sdata->vif.valid_links,
7283 dormant_links);
7284 if (ret) {
7285 sdata_info(sdata, "Failed to set TTLM dormant links\n");
7286 goto out;
7287 }
7288
7289 sdata->vif.suspended_links = suspended_links;
7290 if (sdata->vif.suspended_links)
7291 changed |= BSS_CHANGED_MLD_TTLM;
7292
7293 ieee80211_vif_cfg_change_notify(sdata, changed);
7294
7295 out:
7296 if (ret)
7297 ieee80211_disconnect(&sdata->vif, false);
7298
7299 return ret;
7300 }
7301
ieee80211_tid_to_link_map_work(struct wiphy * wiphy,struct wiphy_work * work)7302 static void ieee80211_tid_to_link_map_work(struct wiphy *wiphy,
7303 struct wiphy_work *work)
7304 {
7305 u16 new_active_links, new_dormant_links;
7306 struct ieee80211_sub_if_data *sdata =
7307 container_of(work, struct ieee80211_sub_if_data,
7308 u.mgd.ttlm_work.work);
7309
7310 new_active_links = sdata->u.mgd.ttlm_info.map &
7311 sdata->vif.valid_links;
7312 new_dormant_links = ~sdata->u.mgd.ttlm_info.map &
7313 sdata->vif.valid_links;
7314
7315 ieee80211_vif_set_links(sdata, sdata->vif.valid_links, 0);
7316 if (ieee80211_ttlm_set_links(sdata, new_active_links, new_dormant_links,
7317 0))
7318 return;
7319
7320 sdata->u.mgd.ttlm_info.active = true;
7321 sdata->u.mgd.ttlm_info.switch_time = 0;
7322 }
7323
ieee80211_process_adv_ttlm(struct ieee80211_sub_if_data * sdata,struct ieee802_11_elems * elems,u64 beacon_ts)7324 static void ieee80211_process_adv_ttlm(struct ieee80211_sub_if_data *sdata,
7325 struct ieee802_11_elems *elems,
7326 u64 beacon_ts)
7327 {
7328 u8 i;
7329 int ret;
7330
7331 if (!ieee80211_vif_is_mld(&sdata->vif))
7332 return;
7333
7334 if (!elems->ttlm_num) {
7335 if (sdata->u.mgd.ttlm_info.switch_time) {
7336 /* if a planned TID-to-link mapping was cancelled -
7337 * abort it
7338 */
7339 wiphy_hrtimer_work_cancel(sdata->local->hw.wiphy,
7340 &sdata->u.mgd.ttlm_work);
7341 } else if (sdata->u.mgd.ttlm_info.active) {
7342 /* if no TID-to-link element, set to default mapping in
7343 * which all TIDs are mapped to all setup links
7344 */
7345 ret = ieee80211_vif_set_links(sdata,
7346 sdata->vif.valid_links,
7347 0);
7348 if (ret) {
7349 sdata_info(sdata, "Failed setting valid/dormant links\n");
7350 return;
7351 }
7352 ieee80211_vif_cfg_change_notify(sdata,
7353 BSS_CHANGED_MLD_VALID_LINKS);
7354 }
7355 memset(&sdata->u.mgd.ttlm_info, 0,
7356 sizeof(sdata->u.mgd.ttlm_info));
7357 return;
7358 }
7359
7360 for (i = 0; i < elems->ttlm_num; i++) {
7361 struct ieee80211_adv_ttlm_info ttlm_info;
7362 u32 res;
7363
7364 res = ieee80211_parse_adv_t2l(sdata, elems->ttlm[i],
7365 &ttlm_info);
7366
7367 if (res) {
7368 __ieee80211_disconnect(sdata);
7369 return;
7370 }
7371
7372 if (ttlm_info.switch_time) {
7373 u16 beacon_ts_tu, st_tu, delay;
7374 u64 delay_usec;
7375 u64 mask;
7376
7377 /* The t2l map switch time is indicated with a partial
7378 * TSF value (bits 10 to 25), get the partial beacon TS
7379 * as well, and calc the delay to the start time.
7380 */
7381 mask = GENMASK_ULL(25, 10);
7382 beacon_ts_tu = (beacon_ts & mask) >> 10;
7383 st_tu = ttlm_info.switch_time;
7384 delay = st_tu - beacon_ts_tu;
7385
7386 /*
7387 * If the switch time is far in the future, then it
7388 * could also be the previous switch still being
7389 * announced.
7390 * We can simply ignore it for now, if it is a future
7391 * switch the AP will continue to announce it anyway.
7392 */
7393 if (delay > IEEE80211_ADV_TTLM_ST_UNDERFLOW)
7394 return;
7395
7396 delay_usec = ieee80211_tu_to_usec(delay);
7397
7398 /* Link switching can take time, so schedule it
7399 * 100ms before to be ready on time
7400 */
7401 if (delay_usec > IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS)
7402 delay_usec -=
7403 IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS;
7404 else
7405 delay_usec = 0;
7406
7407 sdata->u.mgd.ttlm_info = ttlm_info;
7408 wiphy_hrtimer_work_cancel(sdata->local->hw.wiphy,
7409 &sdata->u.mgd.ttlm_work);
7410 wiphy_hrtimer_work_queue(sdata->local->hw.wiphy,
7411 &sdata->u.mgd.ttlm_work,
7412 us_to_ktime(delay_usec));
7413 return;
7414 }
7415 }
7416 }
7417
7418 static void
ieee80211_mgd_check_cross_link_csa(struct ieee80211_sub_if_data * sdata,int reporting_link_id,struct ieee802_11_elems * elems)7419 ieee80211_mgd_check_cross_link_csa(struct ieee80211_sub_if_data *sdata,
7420 int reporting_link_id,
7421 struct ieee802_11_elems *elems)
7422 {
7423 const struct element *sta_profiles[IEEE80211_MLD_MAX_NUM_LINKS] = {};
7424 ssize_t sta_profiles_len[IEEE80211_MLD_MAX_NUM_LINKS] = {};
7425 const struct element *sub;
7426 const u8 *subelems;
7427 size_t subelems_len;
7428 u8 common_size;
7429 int link_id;
7430
7431 if (!ieee80211_mle_size_ok((u8 *)elems->ml_basic, elems->ml_basic_len))
7432 return;
7433
7434 common_size = ieee80211_mle_common_size((u8 *)elems->ml_basic);
7435 subelems = (u8 *)elems->ml_basic + common_size;
7436 subelems_len = elems->ml_basic_len - common_size;
7437
7438 for_each_element_id(sub, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE,
7439 subelems, subelems_len) {
7440 struct ieee80211_mle_per_sta_profile *prof = (void *)sub->data;
7441 struct ieee80211_link_data *link;
7442 ssize_t len;
7443
7444 if (!ieee80211_mle_basic_sta_prof_size_ok(sub->data,
7445 sub->datalen))
7446 continue;
7447
7448 link_id = le16_get_bits(prof->control,
7449 IEEE80211_MLE_STA_CONTROL_LINK_ID);
7450 /* need a valid link ID, but also not our own, both AP bugs */
7451 if (link_id == reporting_link_id ||
7452 link_id >= IEEE80211_MLD_MAX_NUM_LINKS)
7453 continue;
7454
7455 link = sdata_dereference(sdata->link[link_id], sdata);
7456 if (!link)
7457 continue;
7458
7459 len = cfg80211_defragment_element(sub, subelems, subelems_len,
7460 NULL, 0,
7461 IEEE80211_MLE_SUBELEM_FRAGMENT);
7462 if (WARN_ON(len < 0))
7463 continue;
7464
7465 sta_profiles[link_id] = sub;
7466 sta_profiles_len[link_id] = len;
7467 }
7468
7469 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
7470 struct ieee80211_mle_per_sta_profile *prof;
7471 struct ieee802_11_elems *prof_elems;
7472 struct ieee80211_link_data *link;
7473 ssize_t len;
7474
7475 if (link_id == reporting_link_id)
7476 continue;
7477
7478 link = sdata_dereference(sdata->link[link_id], sdata);
7479 if (!link)
7480 continue;
7481
7482 if (!sta_profiles[link_id]) {
7483 prof_elems = NULL;
7484 goto handle;
7485 }
7486
7487 /* we can defragment in-place, won't use the buffer again */
7488 len = cfg80211_defragment_element(sta_profiles[link_id],
7489 subelems, subelems_len,
7490 (void *)sta_profiles[link_id],
7491 sta_profiles_len[link_id],
7492 IEEE80211_MLE_SUBELEM_FRAGMENT);
7493 if (WARN_ON(len != sta_profiles_len[link_id]))
7494 continue;
7495
7496 prof = (void *)sta_profiles[link_id];
7497 prof_elems = ieee802_11_parse_elems(prof->variable +
7498 (prof->sta_info_len - 1),
7499 len -
7500 (prof->sta_info_len - 1),
7501 IEEE80211_FTYPE_MGMT |
7502 IEEE80211_STYPE_BEACON,
7503 NULL);
7504
7505 /* memory allocation failed - let's hope that's transient */
7506 if (!prof_elems)
7507 continue;
7508
7509 handle:
7510 /*
7511 * FIXME: the timings here are obviously incorrect,
7512 * but only older Intel drivers seem to care, and
7513 * those don't have MLO. If you really need this,
7514 * the problem is having to calculate it with the
7515 * TSF offset etc. The device_timestamp is still
7516 * correct, of course.
7517 */
7518 ieee80211_sta_process_chanswitch(link, 0, 0, elems, prof_elems,
7519 IEEE80211_CSA_SOURCE_OTHER_LINK);
7520 kfree(prof_elems);
7521 }
7522 }
7523
ieee80211_mgd_ssid_mismatch(struct ieee80211_sub_if_data * sdata,const struct ieee802_11_elems * elems)7524 static bool ieee80211_mgd_ssid_mismatch(struct ieee80211_sub_if_data *sdata,
7525 const struct ieee802_11_elems *elems)
7526 {
7527 struct ieee80211_vif_cfg *cfg = &sdata->vif.cfg;
7528 static u8 zero_ssid[IEEE80211_MAX_SSID_LEN];
7529
7530 if (!elems->ssid)
7531 return false;
7532
7533 /* hidden SSID: zero length */
7534 if (elems->ssid_len == 0)
7535 return false;
7536
7537 if (elems->ssid_len != cfg->ssid_len)
7538 return true;
7539
7540 /* hidden SSID: zeroed out */
7541 if (!memcmp(elems->ssid, zero_ssid, elems->ssid_len))
7542 return false;
7543
7544 return memcmp(elems->ssid, cfg->ssid, cfg->ssid_len);
7545 }
7546
7547 static bool
ieee80211_rx_beacon_freq_valid(struct ieee80211_local * local,struct ieee80211_mgmt * mgmt,struct ieee80211_rx_status * rx_status,struct ieee80211_chanctx_conf * chanctx)7548 ieee80211_rx_beacon_freq_valid(struct ieee80211_local *local,
7549 struct ieee80211_mgmt *mgmt,
7550 struct ieee80211_rx_status *rx_status,
7551 struct ieee80211_chanctx_conf *chanctx)
7552 {
7553 u32 pri_2mhz_khz;
7554 struct ieee80211_channel *s1g_sibling_1mhz;
7555 u32 pri_khz = ieee80211_channel_to_khz(chanctx->def.chan);
7556 u32 rx_khz = ieee80211_rx_status_to_khz(rx_status);
7557
7558 if (rx_khz == pri_khz)
7559 return true;
7560
7561 if (!chanctx->def.s1g_primary_2mhz)
7562 return false;
7563
7564 /*
7565 * If we have an S1G interface with a 2MHz primary, beacons are
7566 * sent on the center frequency of the 2MHz primary. Find the sibling
7567 * 1MHz channel and calculate the 2MHz primary center frequency.
7568 */
7569 s1g_sibling_1mhz = cfg80211_s1g_get_primary_sibling(local->hw.wiphy,
7570 &chanctx->def);
7571 if (!s1g_sibling_1mhz)
7572 return false;
7573
7574 pri_2mhz_khz =
7575 (pri_khz + ieee80211_channel_to_khz(s1g_sibling_1mhz)) / 2;
7576 return rx_khz == pri_2mhz_khz;
7577 }
7578
ieee80211_rx_mgmt_beacon(struct ieee80211_link_data * link,struct ieee80211_hdr * hdr,size_t len,struct ieee80211_rx_status * rx_status)7579 static void ieee80211_rx_mgmt_beacon(struct ieee80211_link_data *link,
7580 struct ieee80211_hdr *hdr, size_t len,
7581 struct ieee80211_rx_status *rx_status)
7582 {
7583 struct ieee80211_sub_if_data *sdata = link->sdata;
7584 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
7585 struct ieee80211_bss_conf *bss_conf = link->conf;
7586 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
7587 struct ieee80211_mgmt *mgmt = (void *) hdr;
7588 struct ieee80211_ext *ext = NULL;
7589 size_t baselen;
7590 struct ieee802_11_elems *elems;
7591 struct ieee80211_local *local = sdata->local;
7592 struct ieee80211_chanctx_conf *chanctx_conf;
7593 struct ieee80211_supported_band *sband;
7594 struct ieee80211_channel *chan;
7595 struct link_sta_info *link_sta;
7596 struct sta_info *sta;
7597 u64 changed = 0;
7598 bool erp_valid;
7599 u8 erp_value = 0;
7600 u32 ncrc = 0;
7601 u8 *bssid, *variable = mgmt->u.beacon.variable;
7602 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
7603 struct ieee80211_elems_parse_params parse_params = {
7604 .mode = link->u.mgd.conn.mode,
7605 .link_id = -1,
7606 .from_ap = true,
7607 .type = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_TYPE,
7608 };
7609
7610 lockdep_assert_wiphy(local->hw.wiphy);
7611
7612 /* Process beacon from the current BSS */
7613 bssid = ieee80211_get_bssid(hdr, len, sdata->vif.type);
7614 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) {
7615 ext = (void *)mgmt;
7616 variable = ext->u.s1g_beacon.variable +
7617 ieee80211_s1g_optional_len(ext->frame_control);
7618 }
7619
7620 baselen = (u8 *) variable - (u8 *) mgmt;
7621 if (baselen > len)
7622 return;
7623
7624 parse_params.start = variable;
7625 parse_params.len = len - baselen;
7626
7627 rcu_read_lock();
7628 chanctx_conf = rcu_dereference(bss_conf->chanctx_conf);
7629 if (!chanctx_conf) {
7630 rcu_read_unlock();
7631 return;
7632 }
7633
7634 if (!ieee80211_rx_beacon_freq_valid(local, mgmt, rx_status,
7635 chanctx_conf)) {
7636 rcu_read_unlock();
7637 return;
7638 }
7639 chan = chanctx_conf->def.chan;
7640 rcu_read_unlock();
7641
7642 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
7643 !WARN_ON(ieee80211_vif_is_mld(&sdata->vif)) &&
7644 ieee80211_rx_our_beacon(bssid, ifmgd->assoc_data->link[0].bss)) {
7645 parse_params.bss = ifmgd->assoc_data->link[0].bss;
7646 elems = ieee802_11_parse_elems_full(&parse_params);
7647 if (!elems)
7648 return;
7649
7650 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
7651
7652 if (elems->dtim_period)
7653 link->u.mgd.dtim_period = elems->dtim_period;
7654 link->u.mgd.have_beacon = true;
7655 ifmgd->assoc_data->need_beacon = false;
7656 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) &&
7657 !ieee80211_is_s1g_beacon(hdr->frame_control)) {
7658 bss_conf->sync_tsf =
7659 le64_to_cpu(mgmt->u.beacon.timestamp);
7660 bss_conf->sync_device_ts =
7661 rx_status->device_timestamp;
7662 bss_conf->sync_dtim_count = elems->dtim_count;
7663 }
7664
7665 if (elems->mbssid_config_ie)
7666 bss_conf->profile_periodicity =
7667 elems->mbssid_config_ie->profile_periodicity;
7668 else
7669 bss_conf->profile_periodicity = 0;
7670
7671 if (elems->ext_capab_len >= 11 &&
7672 (elems->ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
7673 bss_conf->ema_ap = true;
7674 else
7675 bss_conf->ema_ap = false;
7676
7677 /* continue assoc process */
7678 ifmgd->assoc_data->timeout = jiffies;
7679 ifmgd->assoc_data->timeout_started = true;
7680 run_again(sdata, ifmgd->assoc_data->timeout);
7681 kfree(elems);
7682 return;
7683 }
7684
7685 if (!ifmgd->associated ||
7686 !ieee80211_rx_our_beacon(bssid, bss_conf->bss))
7687 return;
7688 bssid = link->u.mgd.bssid;
7689
7690 if (!(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL))
7691 ieee80211_handle_beacon_sig(link, ifmgd, bss_conf,
7692 local, rx_status);
7693
7694 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
7695 mlme_dbg_ratelimited(sdata,
7696 "cancelling AP probe due to a received beacon\n");
7697 ieee80211_reset_ap_probe(sdata);
7698 }
7699
7700 /*
7701 * Push the beacon loss detection into the future since
7702 * we are processing a beacon from the AP just now.
7703 */
7704 ieee80211_sta_reset_beacon_monitor(sdata);
7705
7706 /* TODO: CRC urrently not calculated on S1G Beacon Compatibility
7707 * element (which carries the beacon interval). Don't forget to add a
7708 * bit to care_about_ies[] above if mac80211 is interested in a
7709 * changing S1G element.
7710 */
7711 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
7712 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
7713 parse_params.bss = bss_conf->bss;
7714 parse_params.filter = care_about_ies;
7715 parse_params.crc = ncrc;
7716 elems = ieee802_11_parse_elems_full(&parse_params);
7717 if (!elems)
7718 return;
7719
7720 if (rx_status->flag & RX_FLAG_DECRYPTED &&
7721 ieee80211_mgd_ssid_mismatch(sdata, elems)) {
7722 sdata_info(sdata, "SSID mismatch for AP %pM, disconnect\n",
7723 sdata->vif.cfg.ap_addr);
7724 __ieee80211_disconnect(sdata);
7725 return;
7726 }
7727
7728 ncrc = elems->crc;
7729
7730 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
7731 ieee80211_check_tim(elems->tim, elems->tim_len, vif_cfg->aid,
7732 vif_cfg->s1g)) {
7733 if (local->hw.conf.dynamic_ps_timeout > 0) {
7734 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
7735 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
7736 ieee80211_hw_config(local, -1,
7737 IEEE80211_CONF_CHANGE_PS);
7738 }
7739 ieee80211_send_nullfunc(local, sdata, false);
7740 } else if (!local->pspolling && sdata->u.mgd.powersave) {
7741 local->pspolling = true;
7742
7743 /*
7744 * Here is assumed that the driver will be
7745 * able to send ps-poll frame and receive a
7746 * response even though power save mode is
7747 * enabled, but some drivers might require
7748 * to disable power save here. This needs
7749 * to be investigated.
7750 */
7751 ieee80211_send_pspoll(local, sdata);
7752 }
7753 }
7754
7755 if (sdata->vif.p2p ||
7756 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
7757 struct ieee80211_p2p_noa_attr noa = {};
7758 int ret;
7759
7760 ret = cfg80211_get_p2p_attr(variable,
7761 len - baselen,
7762 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
7763 (u8 *) &noa, sizeof(noa));
7764 if (ret >= 2) {
7765 if (link->u.mgd.p2p_noa_index != noa.index) {
7766 /* valid noa_attr and index changed */
7767 link->u.mgd.p2p_noa_index = noa.index;
7768 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
7769 changed |= BSS_CHANGED_P2P_PS;
7770 /*
7771 * make sure we update all information, the CRC
7772 * mechanism doesn't look at P2P attributes.
7773 */
7774 link->u.mgd.beacon_crc_valid = false;
7775 }
7776 } else if (link->u.mgd.p2p_noa_index != -1) {
7777 /* noa_attr not found and we had valid noa_attr before */
7778 link->u.mgd.p2p_noa_index = -1;
7779 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
7780 changed |= BSS_CHANGED_P2P_PS;
7781 link->u.mgd.beacon_crc_valid = false;
7782 }
7783 }
7784
7785 /*
7786 * Update beacon timing and dtim count on every beacon appearance. This
7787 * will allow the driver to use the most updated values. Do it before
7788 * comparing this one with last received beacon.
7789 * IMPORTANT: These parameters would possibly be out of sync by the time
7790 * the driver will use them. The synchronized view is currently
7791 * guaranteed only in certain callbacks.
7792 */
7793 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) &&
7794 !ieee80211_is_s1g_beacon(hdr->frame_control)) {
7795 bss_conf->sync_tsf =
7796 le64_to_cpu(mgmt->u.beacon.timestamp);
7797 bss_conf->sync_device_ts =
7798 rx_status->device_timestamp;
7799 bss_conf->sync_dtim_count = elems->dtim_count;
7800 }
7801
7802 if ((ncrc == link->u.mgd.beacon_crc && link->u.mgd.beacon_crc_valid) ||
7803 (ext && ieee80211_is_s1g_short_beacon(ext->frame_control,
7804 parse_params.start,
7805 parse_params.len)))
7806 goto free;
7807 link->u.mgd.beacon_crc = ncrc;
7808 link->u.mgd.beacon_crc_valid = true;
7809
7810 ieee80211_rx_bss_info(link, mgmt, len, rx_status);
7811
7812 ieee80211_sta_process_chanswitch(link, rx_status->mactime,
7813 rx_status->device_timestamp,
7814 elems, elems,
7815 IEEE80211_CSA_SOURCE_BEACON);
7816
7817 /* note that after this elems->ml_basic can no longer be used fully */
7818 ieee80211_mgd_check_cross_link_csa(sdata, rx_status->link_id, elems);
7819
7820 ieee80211_mgd_update_bss_param_ch_cnt(sdata, bss_conf, elems);
7821
7822 if (!sdata->u.mgd.epcs.enabled &&
7823 !link->u.mgd.disable_wmm_tracking &&
7824 ieee80211_sta_wmm_params(local, link, elems->wmm_param,
7825 elems->wmm_param_len,
7826 elems->mu_edca_param_set))
7827 changed |= BSS_CHANGED_QOS;
7828
7829 /*
7830 * If we haven't had a beacon before, tell the driver about the
7831 * DTIM period (and beacon timing if desired) now.
7832 */
7833 if (!link->u.mgd.have_beacon) {
7834 /* a few bogus AP send dtim_period = 0 or no TIM IE */
7835 bss_conf->dtim_period = elems->dtim_period ?: 1;
7836
7837 changed |= BSS_CHANGED_BEACON_INFO;
7838 link->u.mgd.have_beacon = true;
7839
7840 ieee80211_recalc_ps(local);
7841
7842 ieee80211_recalc_ps_vif(sdata);
7843 }
7844
7845 if (elems->erp_info) {
7846 erp_valid = true;
7847 erp_value = elems->erp_info[0];
7848 } else {
7849 erp_valid = false;
7850 }
7851
7852 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
7853 changed |= ieee80211_handle_bss_capability(link,
7854 le16_to_cpu(mgmt->u.beacon.capab_info),
7855 erp_valid, erp_value);
7856
7857 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
7858 if (WARN_ON(!sta)) {
7859 goto free;
7860 }
7861 link_sta = rcu_dereference_protected(sta->link[link->link_id],
7862 lockdep_is_held(&local->hw.wiphy->mtx));
7863 if (WARN_ON(!link_sta)) {
7864 goto free;
7865 }
7866
7867 if (WARN_ON(!bss_conf->chanreq.oper.chan))
7868 goto free;
7869
7870 sband = local->hw.wiphy->bands[bss_conf->chanreq.oper.chan->band];
7871
7872 changed |= ieee80211_recalc_twt_req(sdata, sband, link, link_sta, elems);
7873
7874 if (ieee80211_config_bw(link, elems, true, &changed,
7875 IEEE80211_STYPE_BEACON)) {
7876 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
7877 WLAN_REASON_DEAUTH_LEAVING,
7878 true, deauth_buf);
7879 ieee80211_report_disconnect(sdata, deauth_buf,
7880 sizeof(deauth_buf), true,
7881 WLAN_REASON_DEAUTH_LEAVING,
7882 false);
7883 goto free;
7884 }
7885
7886 if (elems->opmode_notif)
7887 ieee80211_vht_handle_opmode(sdata, link_sta,
7888 *elems->opmode_notif,
7889 rx_status->band);
7890
7891 changed |= ieee80211_handle_pwr_constr(link, chan, mgmt,
7892 elems->country_elem,
7893 elems->country_elem_len,
7894 elems->pwr_constr_elem,
7895 elems->cisco_dtpc_elem);
7896
7897 ieee80211_ml_reconfiguration(sdata, elems);
7898 ieee80211_process_adv_ttlm(sdata, elems,
7899 le64_to_cpu(mgmt->u.beacon.timestamp));
7900
7901 ieee80211_link_info_change_notify(sdata, link, changed);
7902 free:
7903 kfree(elems);
7904 }
7905
ieee80211_apply_neg_ttlm(struct ieee80211_sub_if_data * sdata,struct ieee80211_neg_ttlm neg_ttlm)7906 static void ieee80211_apply_neg_ttlm(struct ieee80211_sub_if_data *sdata,
7907 struct ieee80211_neg_ttlm neg_ttlm)
7908 {
7909 u16 new_active_links, new_dormant_links, new_suspended_links, map = 0;
7910 u8 i;
7911
7912 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++)
7913 map |= neg_ttlm.downlink[i] | neg_ttlm.uplink[i];
7914
7915 /* If there is an active TTLM, unset previously suspended links */
7916 if (sdata->vif.neg_ttlm.valid)
7917 sdata->vif.dormant_links &= ~sdata->vif.suspended_links;
7918
7919 /* exclude links that are already disabled by advertised TTLM */
7920 new_active_links =
7921 map & sdata->vif.valid_links & ~sdata->vif.dormant_links;
7922 new_suspended_links =
7923 (~map & sdata->vif.valid_links) & ~sdata->vif.dormant_links;
7924 new_dormant_links = sdata->vif.dormant_links | new_suspended_links;
7925 if (ieee80211_ttlm_set_links(sdata, new_active_links,
7926 new_dormant_links, new_suspended_links))
7927 return;
7928
7929 sdata->vif.neg_ttlm = neg_ttlm;
7930 sdata->vif.neg_ttlm.valid = true;
7931 }
7932
ieee80211_neg_ttlm_timeout_work(struct wiphy * wiphy,struct wiphy_work * work)7933 static void ieee80211_neg_ttlm_timeout_work(struct wiphy *wiphy,
7934 struct wiphy_work *work)
7935 {
7936 struct ieee80211_sub_if_data *sdata =
7937 container_of(work, struct ieee80211_sub_if_data,
7938 u.mgd.neg_ttlm_timeout_work.work);
7939
7940 sdata_info(sdata,
7941 "No negotiated TTLM response from AP, disconnecting.\n");
7942
7943 __ieee80211_disconnect(sdata);
7944 }
7945
7946 static void
ieee80211_neg_ttlm_add_suggested_map(struct sk_buff * skb,struct ieee80211_neg_ttlm * neg_ttlm)7947 ieee80211_neg_ttlm_add_suggested_map(struct sk_buff *skb,
7948 struct ieee80211_neg_ttlm *neg_ttlm)
7949 {
7950 u8 i, direction[IEEE80211_TTLM_MAX_CNT];
7951
7952 if (memcmp(neg_ttlm->downlink, neg_ttlm->uplink,
7953 sizeof(neg_ttlm->downlink))) {
7954 direction[0] = IEEE80211_TTLM_DIRECTION_DOWN;
7955 direction[1] = IEEE80211_TTLM_DIRECTION_UP;
7956 } else {
7957 direction[0] = IEEE80211_TTLM_DIRECTION_BOTH;
7958 }
7959
7960 for (i = 0; i < ARRAY_SIZE(direction); i++) {
7961 u8 tid, len, map_ind = 0, *len_pos, *map_ind_pos, *pos;
7962 __le16 map;
7963
7964 len = sizeof(struct ieee80211_ttlm_elem) + 1 + 1;
7965
7966 pos = skb_put(skb, len + 2);
7967 *pos++ = WLAN_EID_EXTENSION;
7968 len_pos = pos++;
7969 *pos++ = WLAN_EID_EXT_TID_TO_LINK_MAPPING;
7970 *pos++ = direction[i];
7971 map_ind_pos = pos++;
7972 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
7973 map = direction[i] == IEEE80211_TTLM_DIRECTION_UP ?
7974 cpu_to_le16(neg_ttlm->uplink[tid]) :
7975 cpu_to_le16(neg_ttlm->downlink[tid]);
7976 if (!map)
7977 continue;
7978
7979 len += 2;
7980 map_ind |= BIT(tid);
7981 skb_put_data(skb, &map, sizeof(map));
7982 }
7983
7984 *map_ind_pos = map_ind;
7985 *len_pos = len;
7986
7987 if (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH)
7988 break;
7989 }
7990 }
7991
7992 static void
ieee80211_send_neg_ttlm_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_neg_ttlm * neg_ttlm,u8 dialog_token)7993 ieee80211_send_neg_ttlm_req(struct ieee80211_sub_if_data *sdata,
7994 struct ieee80211_neg_ttlm *neg_ttlm,
7995 u8 dialog_token)
7996 {
7997 struct ieee80211_local *local = sdata->local;
7998 struct ieee80211_mgmt *mgmt;
7999 struct sk_buff *skb;
8000 int hdr_len = IEEE80211_MIN_ACTION_SIZE(ttlm_req);
8001 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 +
8002 2 * 2 * IEEE80211_TTLM_NUM_TIDS;
8003
8004 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len);
8005 if (!skb)
8006 return;
8007
8008 skb_reserve(skb, local->tx_headroom);
8009 mgmt = skb_put_zero(skb, hdr_len);
8010 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
8011 IEEE80211_STYPE_ACTION);
8012 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
8013 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
8014 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
8015
8016 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
8017 mgmt->u.action.action_code = WLAN_PROTECTED_EHT_ACTION_TTLM_REQ;
8018 mgmt->u.action.ttlm_req.dialog_token = dialog_token;
8019 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm);
8020 ieee80211_tx_skb(sdata, skb);
8021 }
8022
ieee80211_req_neg_ttlm(struct ieee80211_sub_if_data * sdata,struct cfg80211_ttlm_params * params)8023 int ieee80211_req_neg_ttlm(struct ieee80211_sub_if_data *sdata,
8024 struct cfg80211_ttlm_params *params)
8025 {
8026 struct ieee80211_neg_ttlm neg_ttlm = {};
8027 u8 i;
8028
8029 if (!ieee80211_vif_is_mld(&sdata->vif) ||
8030 !(sdata->vif.cfg.mld_capa_op &
8031 IEEE80211_MLD_CAP_OP_TID_TO_LINK_MAP_NEG_SUPP))
8032 return -EINVAL;
8033
8034 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) {
8035 if ((params->dlink[i] & ~sdata->vif.valid_links) ||
8036 (params->ulink[i] & ~sdata->vif.valid_links))
8037 return -EINVAL;
8038
8039 neg_ttlm.downlink[i] = params->dlink[i];
8040 neg_ttlm.uplink[i] = params->ulink[i];
8041 }
8042
8043 if (drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm) !=
8044 NEG_TTLM_RES_ACCEPT)
8045 return -EINVAL;
8046
8047 ieee80211_apply_neg_ttlm(sdata, neg_ttlm);
8048 sdata->u.mgd.dialog_token_alloc++;
8049 ieee80211_send_neg_ttlm_req(sdata, &sdata->vif.neg_ttlm,
8050 sdata->u.mgd.dialog_token_alloc);
8051 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
8052 &sdata->u.mgd.neg_ttlm_timeout_work);
8053 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
8054 &sdata->u.mgd.neg_ttlm_timeout_work,
8055 IEEE80211_NEG_TTLM_REQ_TIMEOUT);
8056 return 0;
8057 }
8058
8059 static void
ieee80211_send_neg_ttlm_res(struct ieee80211_sub_if_data * sdata,enum ieee80211_neg_ttlm_res ttlm_res,u8 dialog_token,struct ieee80211_neg_ttlm * neg_ttlm)8060 ieee80211_send_neg_ttlm_res(struct ieee80211_sub_if_data *sdata,
8061 enum ieee80211_neg_ttlm_res ttlm_res,
8062 u8 dialog_token,
8063 struct ieee80211_neg_ttlm *neg_ttlm)
8064 {
8065 struct ieee80211_local *local = sdata->local;
8066 struct ieee80211_mgmt *mgmt;
8067 struct sk_buff *skb;
8068 int hdr_len = IEEE80211_MIN_ACTION_SIZE(ttlm_res);
8069 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 +
8070 2 * 2 * IEEE80211_TTLM_NUM_TIDS;
8071 u16 status_code;
8072
8073 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len);
8074 if (!skb)
8075 return;
8076
8077 skb_reserve(skb, local->tx_headroom);
8078 mgmt = skb_put_zero(skb, hdr_len);
8079 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
8080 IEEE80211_STYPE_ACTION);
8081 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
8082 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
8083 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
8084
8085 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
8086 mgmt->u.action.action_code = WLAN_PROTECTED_EHT_ACTION_TTLM_RES;
8087 mgmt->u.action.ttlm_res.dialog_token = dialog_token;
8088 switch (ttlm_res) {
8089 default:
8090 WARN_ON(1);
8091 fallthrough;
8092 case NEG_TTLM_RES_REJECT:
8093 status_code = WLAN_STATUS_DENIED_TID_TO_LINK_MAPPING;
8094 break;
8095 case NEG_TTLM_RES_ACCEPT:
8096 status_code = WLAN_STATUS_SUCCESS;
8097 break;
8098 case NEG_TTLM_RES_SUGGEST_PREFERRED:
8099 status_code = WLAN_STATUS_PREF_TID_TO_LINK_MAPPING_SUGGESTED;
8100 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm);
8101 break;
8102 }
8103
8104 mgmt->u.action.ttlm_res.status_code = cpu_to_le16(status_code);
8105 ieee80211_tx_skb(sdata, skb);
8106 }
8107
8108 static int
ieee80211_parse_neg_ttlm(struct ieee80211_sub_if_data * sdata,const struct ieee80211_ttlm_elem * ttlm,struct ieee80211_neg_ttlm * neg_ttlm,u8 * direction)8109 ieee80211_parse_neg_ttlm(struct ieee80211_sub_if_data *sdata,
8110 const struct ieee80211_ttlm_elem *ttlm,
8111 struct ieee80211_neg_ttlm *neg_ttlm,
8112 u8 *direction)
8113 {
8114 u8 control, link_map_presence, map_size, tid;
8115 u8 *pos;
8116
8117 /* The element size was already validated in
8118 * ieee80211_tid_to_link_map_size_ok()
8119 */
8120 pos = (void *)ttlm->optional;
8121
8122 control = ttlm->control;
8123
8124 /* mapping switch time and expected duration fields are not expected
8125 * in case of negotiated TTLM
8126 */
8127 if (control & (IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT |
8128 IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT)) {
8129 mlme_dbg(sdata,
8130 "Invalid TTLM element in negotiated TTLM request\n");
8131 return -EINVAL;
8132 }
8133
8134 if (control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) {
8135 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
8136 neg_ttlm->downlink[tid] = sdata->vif.valid_links;
8137 neg_ttlm->uplink[tid] = sdata->vif.valid_links;
8138 }
8139 *direction = IEEE80211_TTLM_DIRECTION_BOTH;
8140 return 0;
8141 }
8142
8143 *direction = u8_get_bits(control, IEEE80211_TTLM_CONTROL_DIRECTION);
8144 if (*direction != IEEE80211_TTLM_DIRECTION_DOWN &&
8145 *direction != IEEE80211_TTLM_DIRECTION_UP &&
8146 *direction != IEEE80211_TTLM_DIRECTION_BOTH)
8147 return -EINVAL;
8148
8149 link_map_presence = *pos;
8150 pos++;
8151
8152 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE)
8153 map_size = 1;
8154 else
8155 map_size = 2;
8156
8157 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) {
8158 u16 map;
8159
8160 if (link_map_presence & BIT(tid)) {
8161 map = ieee80211_get_ttlm(map_size, pos);
8162 if (!map) {
8163 mlme_dbg(sdata,
8164 "No active links for TID %d", tid);
8165 return -EINVAL;
8166 }
8167 } else {
8168 map = 0;
8169 }
8170
8171 switch (*direction) {
8172 case IEEE80211_TTLM_DIRECTION_BOTH:
8173 neg_ttlm->downlink[tid] = map;
8174 neg_ttlm->uplink[tid] = map;
8175 break;
8176 case IEEE80211_TTLM_DIRECTION_DOWN:
8177 neg_ttlm->downlink[tid] = map;
8178 break;
8179 case IEEE80211_TTLM_DIRECTION_UP:
8180 neg_ttlm->uplink[tid] = map;
8181 break;
8182 default:
8183 return -EINVAL;
8184 }
8185 pos += map_size;
8186 }
8187 return 0;
8188 }
8189
ieee80211_process_neg_ttlm_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)8190 void ieee80211_process_neg_ttlm_req(struct ieee80211_sub_if_data *sdata,
8191 struct ieee80211_mgmt *mgmt, size_t len)
8192 {
8193 u8 dialog_token, direction[IEEE80211_TTLM_MAX_CNT] = {}, i;
8194 size_t ies_len;
8195 enum ieee80211_neg_ttlm_res ttlm_res = NEG_TTLM_RES_ACCEPT;
8196 struct ieee802_11_elems *elems = NULL;
8197 struct ieee80211_neg_ttlm neg_ttlm = {};
8198
8199 BUILD_BUG_ON(ARRAY_SIZE(direction) != ARRAY_SIZE(elems->ttlm));
8200
8201 if (!ieee80211_vif_is_mld(&sdata->vif))
8202 return;
8203
8204 dialog_token = mgmt->u.action.ttlm_req.dialog_token;
8205 ies_len = len - IEEE80211_MIN_ACTION_SIZE(ttlm_req);
8206 elems = ieee802_11_parse_elems(mgmt->u.action.ttlm_req.variable,
8207 ies_len,
8208 IEEE80211_FTYPE_MGMT |
8209 IEEE80211_STYPE_ACTION,
8210 NULL);
8211 if (!elems) {
8212 ttlm_res = NEG_TTLM_RES_REJECT;
8213 goto out;
8214 }
8215
8216 for (i = 0; i < elems->ttlm_num; i++) {
8217 if (ieee80211_parse_neg_ttlm(sdata, elems->ttlm[i],
8218 &neg_ttlm, &direction[i]) ||
8219 (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH &&
8220 elems->ttlm_num != 1)) {
8221 ttlm_res = NEG_TTLM_RES_REJECT;
8222 goto out;
8223 }
8224 }
8225
8226 if (!elems->ttlm_num ||
8227 (elems->ttlm_num == 2 && direction[0] == direction[1])) {
8228 ttlm_res = NEG_TTLM_RES_REJECT;
8229 goto out;
8230 }
8231
8232 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) {
8233 if ((neg_ttlm.downlink[i] &&
8234 (neg_ttlm.downlink[i] & ~sdata->vif.valid_links)) ||
8235 (neg_ttlm.uplink[i] &&
8236 (neg_ttlm.uplink[i] & ~sdata->vif.valid_links))) {
8237 ttlm_res = NEG_TTLM_RES_REJECT;
8238 goto out;
8239 }
8240 }
8241
8242 ttlm_res = drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm);
8243
8244 if (ttlm_res != NEG_TTLM_RES_ACCEPT)
8245 goto out;
8246
8247 ieee80211_apply_neg_ttlm(sdata, neg_ttlm);
8248 out:
8249 kfree(elems);
8250 ieee80211_send_neg_ttlm_res(sdata, ttlm_res, dialog_token, &neg_ttlm);
8251 }
8252
ieee80211_process_neg_ttlm_res(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)8253 void ieee80211_process_neg_ttlm_res(struct ieee80211_sub_if_data *sdata,
8254 struct ieee80211_mgmt *mgmt, size_t len)
8255 {
8256 if (!ieee80211_vif_is_mld(&sdata->vif) ||
8257 mgmt->u.action.ttlm_res.dialog_token != sdata->u.mgd.dialog_token_alloc)
8258 return;
8259
8260 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
8261 &sdata->u.mgd.neg_ttlm_timeout_work);
8262
8263 /* MLD station sends a TID to link mapping request, mainly to handle
8264 * BTM (BSS transition management) request, in which case it needs to
8265 * restrict the active links set.
8266 * In this case it's not expected that the MLD AP will reject the
8267 * negotiated TTLM request.
8268 * This can be better implemented in the future, to handle request
8269 * rejections.
8270 */
8271 if (le16_to_cpu(mgmt->u.action.ttlm_res.status_code) != WLAN_STATUS_SUCCESS)
8272 __ieee80211_disconnect(sdata);
8273 }
8274
ieee80211_process_ttlm_teardown(struct ieee80211_sub_if_data * sdata)8275 void ieee80211_process_ttlm_teardown(struct ieee80211_sub_if_data *sdata)
8276 {
8277 u16 new_dormant_links;
8278
8279 if (!sdata->vif.neg_ttlm.valid)
8280 return;
8281
8282 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm));
8283 new_dormant_links =
8284 sdata->vif.dormant_links & ~sdata->vif.suspended_links;
8285 sdata->vif.suspended_links = 0;
8286 ieee80211_vif_set_links(sdata, sdata->vif.valid_links,
8287 new_dormant_links);
8288 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_TTLM |
8289 BSS_CHANGED_MLD_VALID_LINKS);
8290 }
8291
ieee80211_teardown_ttlm_work(struct wiphy * wiphy,struct wiphy_work * work)8292 static void ieee80211_teardown_ttlm_work(struct wiphy *wiphy,
8293 struct wiphy_work *work)
8294 {
8295 struct ieee80211_sub_if_data *sdata =
8296 container_of(work, struct ieee80211_sub_if_data,
8297 u.mgd.teardown_ttlm_work);
8298
8299 ieee80211_process_ttlm_teardown(sdata);
8300 }
8301
ieee80211_send_teardown_neg_ttlm(struct ieee80211_vif * vif)8302 void ieee80211_send_teardown_neg_ttlm(struct ieee80211_vif *vif)
8303 {
8304 int frame_len = IEEE80211_MIN_ACTION_SIZE(ttlm_tear_down);
8305 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
8306 struct ieee80211_local *local = sdata->local;
8307 struct ieee80211_mgmt *mgmt;
8308 struct sk_buff *skb;
8309 struct ieee80211_tx_info *info;
8310
8311 skb = dev_alloc_skb(local->hw.extra_tx_headroom + frame_len);
8312 if (!skb)
8313 return;
8314
8315 skb_reserve(skb, local->hw.extra_tx_headroom);
8316 mgmt = skb_put_zero(skb, frame_len);
8317 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
8318 IEEE80211_STYPE_ACTION);
8319 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
8320 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
8321 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
8322
8323 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
8324 mgmt->u.action.action_code = WLAN_PROTECTED_EHT_ACTION_TTLM_TEARDOWN;
8325
8326 info = IEEE80211_SKB_CB(skb);
8327 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
8328 info->status_data = IEEE80211_STATUS_TYPE_NEG_TTLM;
8329 ieee80211_tx_skb(sdata, skb);
8330 }
8331 EXPORT_SYMBOL(ieee80211_send_teardown_neg_ttlm);
8332
ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb)8333 void ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data *sdata,
8334 struct sk_buff *skb)
8335 {
8336 struct ieee80211_link_data *link = &sdata->deflink;
8337 struct ieee80211_rx_status *rx_status;
8338 struct ieee80211_hdr *hdr;
8339 u16 fc;
8340
8341 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8342
8343 rx_status = (struct ieee80211_rx_status *) skb->cb;
8344 hdr = (struct ieee80211_hdr *) skb->data;
8345 fc = le16_to_cpu(hdr->frame_control);
8346
8347 switch (fc & IEEE80211_FCTL_STYPE) {
8348 case IEEE80211_STYPE_S1G_BEACON:
8349 ieee80211_rx_mgmt_beacon(link, hdr, skb->len, rx_status);
8350 break;
8351 }
8352 }
8353
ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data * sdata,struct sk_buff * skb)8354 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
8355 struct sk_buff *skb)
8356 {
8357 struct ieee80211_link_data *link = &sdata->deflink;
8358 struct ieee80211_rx_status *rx_status;
8359 struct ieee802_11_elems *elems;
8360 struct ieee80211_mgmt *mgmt;
8361 u16 fc;
8362 int ies_len;
8363
8364 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8365
8366 rx_status = (struct ieee80211_rx_status *) skb->cb;
8367 mgmt = (struct ieee80211_mgmt *) skb->data;
8368 fc = le16_to_cpu(mgmt->frame_control);
8369
8370 if (rx_status->link_valid) {
8371 link = sdata_dereference(sdata->link[rx_status->link_id],
8372 sdata);
8373 if (!link)
8374 return;
8375 }
8376
8377 switch (fc & IEEE80211_FCTL_STYPE) {
8378 case IEEE80211_STYPE_BEACON:
8379 ieee80211_rx_mgmt_beacon(link, (void *)mgmt,
8380 skb->len, rx_status);
8381 break;
8382 case IEEE80211_STYPE_PROBE_RESP:
8383 ieee80211_rx_mgmt_probe_resp(link, skb);
8384 break;
8385 case IEEE80211_STYPE_AUTH:
8386 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
8387 break;
8388 case IEEE80211_STYPE_DEAUTH:
8389 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
8390 break;
8391 case IEEE80211_STYPE_DISASSOC:
8392 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
8393 break;
8394 case IEEE80211_STYPE_ASSOC_RESP:
8395 case IEEE80211_STYPE_REASSOC_RESP:
8396 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
8397 break;
8398 case IEEE80211_STYPE_ACTION:
8399 if (!sdata->u.mgd.associated ||
8400 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr))
8401 break;
8402
8403 switch (mgmt->u.action.category) {
8404 case WLAN_CATEGORY_SPECTRUM_MGMT:
8405 ies_len = skb->len -
8406 offsetof(struct ieee80211_mgmt,
8407 u.action.chan_switch.variable);
8408
8409 if (ies_len < 0)
8410 break;
8411
8412 /* CSA IE cannot be overridden, no need for BSSID */
8413 elems = ieee802_11_parse_elems(mgmt->u.action.chan_switch.variable,
8414 ies_len,
8415 IEEE80211_FTYPE_MGMT |
8416 IEEE80211_STYPE_ACTION,
8417 NULL);
8418
8419 if (elems && !elems->parse_error) {
8420 enum ieee80211_csa_source src =
8421 IEEE80211_CSA_SOURCE_PROT_ACTION;
8422
8423 ieee80211_sta_process_chanswitch(link,
8424 rx_status->mactime,
8425 rx_status->device_timestamp,
8426 elems, elems,
8427 src);
8428 }
8429 kfree(elems);
8430 break;
8431 case WLAN_CATEGORY_PUBLIC:
8432 case WLAN_CATEGORY_PROTECTED_DUAL_OF_ACTION:
8433 ies_len = skb->len -
8434 offsetof(struct ieee80211_mgmt,
8435 u.action.ext_chan_switch.variable);
8436
8437 if (ies_len < 0)
8438 break;
8439
8440 /*
8441 * extended CSA IE can't be overridden, no need for
8442 * BSSID
8443 */
8444 elems = ieee802_11_parse_elems(mgmt->u.action.ext_chan_switch.variable,
8445 ies_len,
8446 IEEE80211_FTYPE_MGMT |
8447 IEEE80211_STYPE_ACTION,
8448 NULL);
8449
8450 if (elems && !elems->parse_error) {
8451 enum ieee80211_csa_source src;
8452
8453 if (mgmt->u.action.category ==
8454 WLAN_CATEGORY_PROTECTED_DUAL_OF_ACTION)
8455 src = IEEE80211_CSA_SOURCE_PROT_ACTION;
8456 else
8457 src = IEEE80211_CSA_SOURCE_UNPROT_ACTION;
8458
8459 /* for the handling code pretend it was an IE */
8460 elems->ext_chansw_ie =
8461 &mgmt->u.action.ext_chan_switch.data;
8462
8463 ieee80211_sta_process_chanswitch(link,
8464 rx_status->mactime,
8465 rx_status->device_timestamp,
8466 elems, elems,
8467 src);
8468 }
8469
8470 kfree(elems);
8471 break;
8472 }
8473 break;
8474 }
8475 }
8476
ieee80211_sta_timer(struct timer_list * t)8477 static void ieee80211_sta_timer(struct timer_list *t)
8478 {
8479 struct ieee80211_sub_if_data *sdata =
8480 timer_container_of(sdata, t, u.mgd.timer);
8481
8482 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work);
8483 }
8484
ieee80211_sta_connection_lost(struct ieee80211_sub_if_data * sdata,u8 reason,bool tx)8485 void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
8486 u8 reason, bool tx)
8487 {
8488 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8489
8490 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
8491 tx, frame_buf);
8492
8493 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
8494 reason, false);
8495 }
8496
ieee80211_auth(struct ieee80211_sub_if_data * sdata)8497 static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
8498 {
8499 struct ieee80211_local *local = sdata->local;
8500 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8501 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
8502 u32 tx_flags = 0;
8503 u16 trans = 1;
8504 u16 status = 0;
8505 struct ieee80211_prep_tx_info info = {
8506 .subtype = IEEE80211_STYPE_AUTH,
8507 };
8508
8509 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8510
8511 if (WARN_ON_ONCE(!auth_data))
8512 return -EINVAL;
8513
8514 if (auth_data->algorithm == WLAN_AUTH_EPPKE &&
8515 ieee80211_vif_is_mld(&sdata->vif) &&
8516 !cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_MULTI_LINK,
8517 auth_data->data, auth_data->data_len))
8518 return -EINVAL;
8519
8520 auth_data->tries++;
8521
8522 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
8523 sdata_info(sdata, "authentication with %pM timed out\n",
8524 auth_data->ap_addr);
8525
8526 /*
8527 * Most likely AP is not in the range so remove the
8528 * bss struct for that AP.
8529 */
8530 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
8531
8532 return -ETIMEDOUT;
8533 }
8534
8535 if (auth_data->algorithm == WLAN_AUTH_SAE ||
8536 auth_data->algorithm == WLAN_AUTH_EPPKE)
8537 info.duration = jiffies_to_msecs(IEEE80211_AUTH_TIMEOUT_SAE);
8538
8539 info.link_id = auth_data->link_id;
8540 drv_mgd_prepare_tx(local, sdata, &info);
8541
8542 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
8543 auth_data->ap_addr, auth_data->tries,
8544 IEEE80211_AUTH_MAX_TRIES);
8545
8546 auth_data->expected_transaction = 2;
8547
8548 if (auth_data->algorithm == WLAN_AUTH_SAE) {
8549 trans = auth_data->trans;
8550 status = auth_data->status;
8551 auth_data->expected_transaction = trans;
8552 } else if (auth_data->algorithm == WLAN_AUTH_EPPKE) {
8553 trans = auth_data->trans;
8554 status = auth_data->status;
8555 } else if (auth_data->algorithm == WLAN_AUTH_IEEE8021X) {
8556 trans = auth_data->trans;
8557 status = auth_data->status;
8558 auth_data->expected_transaction = trans + 1;
8559 }
8560
8561 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
8562 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
8563 IEEE80211_TX_INTFL_MLME_CONN_TX;
8564
8565 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
8566 auth_data->data, auth_data->data_len,
8567 auth_data->ap_addr, auth_data->ap_addr,
8568 NULL, 0, 0, tx_flags);
8569
8570 if (tx_flags == 0) {
8571 if (auth_data->algorithm == WLAN_AUTH_SAE)
8572 auth_data->timeout = jiffies +
8573 IEEE80211_AUTH_TIMEOUT_SAE;
8574 else
8575 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
8576 } else {
8577 auth_data->timeout =
8578 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
8579 }
8580
8581 auth_data->timeout_started = true;
8582 run_again(sdata, auth_data->timeout);
8583
8584 return 0;
8585 }
8586
ieee80211_do_assoc(struct ieee80211_sub_if_data * sdata)8587 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
8588 {
8589 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
8590 struct ieee80211_local *local = sdata->local;
8591 int ret;
8592
8593 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8594
8595 assoc_data->tries++;
8596 assoc_data->comeback = false;
8597 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
8598 sdata_info(sdata, "association with %pM timed out\n",
8599 assoc_data->ap_addr);
8600
8601 /*
8602 * Most likely AP is not in the range so remove the
8603 * bss struct for that AP.
8604 */
8605 cfg80211_unlink_bss(local->hw.wiphy,
8606 assoc_data->link[assoc_data->assoc_link_id].bss);
8607
8608 return -ETIMEDOUT;
8609 }
8610
8611 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
8612 assoc_data->ap_addr, assoc_data->tries,
8613 IEEE80211_ASSOC_MAX_TRIES);
8614 ret = ieee80211_send_assoc(sdata);
8615 if (ret)
8616 return ret;
8617
8618 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
8619 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
8620 assoc_data->timeout_started = true;
8621 run_again(sdata, assoc_data->timeout);
8622 } else {
8623 assoc_data->timeout =
8624 round_jiffies_up(jiffies +
8625 IEEE80211_ASSOC_TIMEOUT_LONG);
8626 assoc_data->timeout_started = true;
8627 run_again(sdata, assoc_data->timeout);
8628 }
8629
8630 return 0;
8631 }
8632
ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data * sdata,__le16 fc,bool acked)8633 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
8634 __le16 fc, bool acked)
8635 {
8636 struct ieee80211_local *local = sdata->local;
8637
8638 sdata->u.mgd.status_fc = fc;
8639 sdata->u.mgd.status_acked = acked;
8640 sdata->u.mgd.status_received = true;
8641
8642 wiphy_work_queue(local->hw.wiphy, &sdata->work);
8643 }
8644
ieee80211_sta_work(struct ieee80211_sub_if_data * sdata)8645 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
8646 {
8647 struct ieee80211_local *local = sdata->local;
8648 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8649
8650 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8651
8652 if (ifmgd->status_received) {
8653 __le16 fc = ifmgd->status_fc;
8654 bool status_acked = ifmgd->status_acked;
8655
8656 ifmgd->status_received = false;
8657 if (ifmgd->auth_data && ieee80211_is_auth(fc)) {
8658 if (status_acked) {
8659 if (ifmgd->auth_data->algorithm ==
8660 WLAN_AUTH_SAE)
8661 ifmgd->auth_data->timeout =
8662 jiffies +
8663 IEEE80211_AUTH_TIMEOUT_SAE;
8664 else
8665 ifmgd->auth_data->timeout =
8666 jiffies +
8667 IEEE80211_AUTH_TIMEOUT_SHORT;
8668 run_again(sdata, ifmgd->auth_data->timeout);
8669 } else {
8670 ifmgd->auth_data->timeout = jiffies - 1;
8671 }
8672 ifmgd->auth_data->timeout_started = true;
8673 } else if (ifmgd->assoc_data &&
8674 !ifmgd->assoc_data->comeback &&
8675 (ieee80211_is_assoc_req(fc) ||
8676 ieee80211_is_reassoc_req(fc))) {
8677 /*
8678 * Update association timeout based on the TX status
8679 * for the (Re)Association Request frame. Skip this if
8680 * we have already processed a (Re)Association Response
8681 * frame that indicated need for association comeback
8682 * at a specific time in the future. This could happen
8683 * if the TX status information is delayed enough for
8684 * the response to be received and processed first.
8685 */
8686 if (status_acked) {
8687 ifmgd->assoc_data->timeout =
8688 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
8689 run_again(sdata, ifmgd->assoc_data->timeout);
8690 } else {
8691 ifmgd->assoc_data->timeout = jiffies - 1;
8692 }
8693 ifmgd->assoc_data->timeout_started = true;
8694 }
8695 }
8696
8697 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
8698 time_after(jiffies, ifmgd->auth_data->timeout)) {
8699 if (ifmgd->auth_data->done || ifmgd->auth_data->waiting) {
8700 /*
8701 * ok ... we waited for assoc or continuation but
8702 * userspace didn't do it, so kill the auth data
8703 */
8704 ieee80211_destroy_auth_data(sdata, false);
8705 } else if (ieee80211_auth(sdata)) {
8706 u8 ap_addr[ETH_ALEN];
8707 struct ieee80211_event event = {
8708 .type = MLME_EVENT,
8709 .u.mlme.data = AUTH_EVENT,
8710 .u.mlme.status = MLME_TIMEOUT,
8711 };
8712
8713 memcpy(ap_addr, ifmgd->auth_data->ap_addr, ETH_ALEN);
8714
8715 ieee80211_destroy_auth_data(sdata, false);
8716
8717 cfg80211_auth_timeout(sdata->dev, ap_addr);
8718 drv_event_callback(sdata->local, sdata, &event);
8719 }
8720 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
8721 run_again(sdata, ifmgd->auth_data->timeout);
8722
8723 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
8724 time_after(jiffies, ifmgd->assoc_data->timeout)) {
8725 if ((ifmgd->assoc_data->need_beacon &&
8726 !sdata->deflink.u.mgd.have_beacon) ||
8727 ieee80211_do_assoc(sdata)) {
8728 struct ieee80211_event event = {
8729 .type = MLME_EVENT,
8730 .u.mlme.data = ASSOC_EVENT,
8731 .u.mlme.status = MLME_TIMEOUT,
8732 };
8733
8734 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
8735 drv_event_callback(sdata->local, sdata, &event);
8736 }
8737 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
8738 run_again(sdata, ifmgd->assoc_data->timeout);
8739
8740 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
8741 ifmgd->associated) {
8742 u8 *bssid = sdata->deflink.u.mgd.bssid;
8743 int max_tries;
8744
8745 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
8746 max_tries = max_nullfunc_tries;
8747 else
8748 max_tries = max_probe_tries;
8749
8750 /* ACK received for nullfunc probing frame */
8751 if (!ifmgd->probe_send_count)
8752 ieee80211_reset_ap_probe(sdata);
8753 else if (ifmgd->nullfunc_failed) {
8754 if (ifmgd->probe_send_count < max_tries) {
8755 mlme_dbg(sdata,
8756 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
8757 bssid, ifmgd->probe_send_count,
8758 max_tries);
8759 ieee80211_mgd_probe_ap_send(sdata);
8760 } else {
8761 mlme_dbg(sdata,
8762 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
8763 bssid);
8764 ieee80211_sta_connection_lost(sdata,
8765 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
8766 false);
8767 }
8768 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
8769 run_again(sdata, ifmgd->probe_timeout);
8770 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
8771 mlme_dbg(sdata,
8772 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
8773 bssid, probe_wait_ms);
8774 ieee80211_sta_connection_lost(sdata,
8775 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
8776 } else if (ifmgd->probe_send_count < max_tries) {
8777 mlme_dbg(sdata,
8778 "No probe response from AP %pM after %dms, try %d/%i\n",
8779 bssid, probe_wait_ms,
8780 ifmgd->probe_send_count, max_tries);
8781 ieee80211_mgd_probe_ap_send(sdata);
8782 } else {
8783 /*
8784 * We actually lost the connection ... or did we?
8785 * Let's make sure!
8786 */
8787 mlme_dbg(sdata,
8788 "No probe response from AP %pM after %dms, disconnecting.\n",
8789 bssid, probe_wait_ms);
8790
8791 ieee80211_sta_connection_lost(sdata,
8792 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
8793 }
8794 }
8795 }
8796
8797 static bool
ieee80211_is_csa_in_progress(struct ieee80211_sub_if_data * sdata)8798 ieee80211_is_csa_in_progress(struct ieee80211_sub_if_data *sdata)
8799 {
8800 /*
8801 * In MLO, check the CSA flags 'active' and 'waiting_bcn' for all
8802 * the links.
8803 */
8804 struct ieee80211_link_data *link;
8805
8806 guard(rcu)();
8807
8808 for_each_link_data_rcu(sdata, link) {
8809 if (!(link->conf->csa_active &&
8810 !link->u.mgd.csa.waiting_bcn))
8811 return false;
8812 }
8813
8814 return true;
8815 }
8816
ieee80211_sta_bcn_mon_timer(struct timer_list * t)8817 static void ieee80211_sta_bcn_mon_timer(struct timer_list *t)
8818 {
8819 struct ieee80211_sub_if_data *sdata =
8820 timer_container_of(sdata, t, u.mgd.bcn_mon_timer);
8821
8822 if (ieee80211_is_csa_in_progress(sdata))
8823 return;
8824
8825 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
8826 return;
8827
8828 sdata->u.mgd.connection_loss = false;
8829 wiphy_work_queue(sdata->local->hw.wiphy,
8830 &sdata->u.mgd.beacon_connection_loss_work);
8831 }
8832
8833 static unsigned long
ieee80211_latest_active_link_conn_timeout(struct ieee80211_sub_if_data * sdata)8834 ieee80211_latest_active_link_conn_timeout(struct ieee80211_sub_if_data *sdata)
8835 {
8836 unsigned long latest_timeout = jiffies;
8837 unsigned int link_id;
8838 struct sta_info *sta;
8839
8840 guard(rcu)();
8841
8842 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
8843 if (!sta)
8844 return 0;
8845
8846 for (link_id = 0; link_id < ARRAY_SIZE(sta->link);
8847 link_id++) {
8848 struct link_sta_info *link_sta;
8849 unsigned long timeout;
8850
8851 link_sta = rcu_dereference(sta->link[link_id]);
8852 if (!link_sta)
8853 continue;
8854
8855 timeout = link_sta->status_stats.last_ack;
8856 if (time_before(timeout, link_sta->rx_stats.last_rx))
8857 timeout = link_sta->rx_stats.last_rx;
8858
8859 timeout += IEEE80211_CONNECTION_IDLE_TIME;
8860
8861 /*
8862 * latest_timeout holds the timeout of the link
8863 * that will expire last among all links in an
8864 * non-AP MLD STA. This ensures that the connection
8865 * monitor timer is only reset if at least one link
8866 * is still active, and it is scheduled to fire at
8867 * the latest possible timeout.
8868 */
8869 if (time_after(timeout, latest_timeout))
8870 latest_timeout = timeout;
8871 }
8872
8873 return latest_timeout;
8874 }
8875
ieee80211_sta_conn_mon_timer(struct timer_list * t)8876 static void ieee80211_sta_conn_mon_timer(struct timer_list *t)
8877 {
8878 struct ieee80211_sub_if_data *sdata =
8879 timer_container_of(sdata, t, u.mgd.conn_mon_timer);
8880 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8881 struct ieee80211_local *local = sdata->local;
8882 unsigned long latest_timeout;
8883
8884 if (ieee80211_is_csa_in_progress(sdata))
8885 return;
8886
8887 latest_timeout = ieee80211_latest_active_link_conn_timeout(sdata);
8888
8889 /*
8890 * If latest timeout is after now, then update timer to fire at
8891 * the later date, but do not actually probe at this time.
8892 */
8893 if (time_is_after_jiffies(latest_timeout)) {
8894 mod_timer(&ifmgd->conn_mon_timer,
8895 round_jiffies_up(latest_timeout));
8896 return;
8897 }
8898
8899 wiphy_work_queue(local->hw.wiphy, &sdata->u.mgd.monitor_work);
8900 }
8901
ieee80211_sta_monitor_work(struct wiphy * wiphy,struct wiphy_work * work)8902 static void ieee80211_sta_monitor_work(struct wiphy *wiphy,
8903 struct wiphy_work *work)
8904 {
8905 struct ieee80211_sub_if_data *sdata =
8906 container_of(work, struct ieee80211_sub_if_data,
8907 u.mgd.monitor_work);
8908
8909 ieee80211_mgd_probe_ap(sdata, false);
8910 }
8911
ieee80211_restart_sta_timer(struct ieee80211_sub_if_data * sdata)8912 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
8913 {
8914 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
8915 __ieee80211_stop_poll(sdata);
8916
8917 /* let's probe the connection once */
8918 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
8919 wiphy_work_queue(sdata->local->hw.wiphy,
8920 &sdata->u.mgd.monitor_work);
8921 }
8922 }
8923
8924 #ifdef CONFIG_PM
ieee80211_mgd_quiesce(struct ieee80211_sub_if_data * sdata)8925 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
8926 {
8927 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8928 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
8929
8930 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8931
8932 if (ifmgd->auth_data || ifmgd->assoc_data) {
8933 const u8 *ap_addr = ifmgd->auth_data ?
8934 ifmgd->auth_data->ap_addr :
8935 ifmgd->assoc_data->ap_addr;
8936
8937 /*
8938 * If we are trying to authenticate / associate while suspending,
8939 * cfg80211 won't know and won't actually abort those attempts,
8940 * thus we need to do that ourselves.
8941 */
8942 ieee80211_send_deauth_disassoc(sdata, ap_addr, ap_addr,
8943 IEEE80211_STYPE_DEAUTH,
8944 WLAN_REASON_DEAUTH_LEAVING,
8945 false, frame_buf);
8946 if (ifmgd->assoc_data)
8947 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
8948 if (ifmgd->auth_data)
8949 ieee80211_destroy_auth_data(sdata, false);
8950 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
8951 IEEE80211_DEAUTH_FRAME_LEN,
8952 false);
8953 }
8954
8955 /* This is a bit of a hack - we should find a better and more generic
8956 * solution to this. Normally when suspending, cfg80211 will in fact
8957 * deauthenticate. However, it doesn't (and cannot) stop an ongoing
8958 * auth (not so important) or assoc (this is the problem) process.
8959 *
8960 * As a consequence, it can happen that we are in the process of both
8961 * associating and suspending, and receive an association response
8962 * after cfg80211 has checked if it needs to disconnect, but before
8963 * we actually set the flag to drop incoming frames. This will then
8964 * cause the workqueue flush to process the association response in
8965 * the suspend, resulting in a successful association just before it
8966 * tries to remove the interface from the driver, which now though
8967 * has a channel context assigned ... this results in issues.
8968 *
8969 * To work around this (for now) simply deauth here again if we're
8970 * now connected.
8971 */
8972 if (ifmgd->associated && !sdata->local->wowlan) {
8973 u8 bssid[ETH_ALEN];
8974 struct cfg80211_deauth_request req = {
8975 .reason_code = WLAN_REASON_DEAUTH_LEAVING,
8976 .bssid = bssid,
8977 };
8978
8979 memcpy(bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
8980 ieee80211_mgd_deauth(sdata, &req);
8981 }
8982 }
8983 #endif
8984
ieee80211_sta_restart(struct ieee80211_sub_if_data * sdata)8985 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
8986 {
8987 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
8988
8989 lockdep_assert_wiphy(sdata->local->hw.wiphy);
8990
8991 if (!ifmgd->associated)
8992 return;
8993
8994 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
8995 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
8996 mlme_dbg(sdata, "driver requested disconnect after resume\n");
8997 ieee80211_sta_connection_lost(sdata,
8998 WLAN_REASON_UNSPECIFIED,
8999 true);
9000 return;
9001 }
9002
9003 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_HW_RESTART) {
9004 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_HW_RESTART;
9005 mlme_dbg(sdata, "driver requested disconnect after hardware restart\n");
9006 ieee80211_sta_connection_lost(sdata,
9007 WLAN_REASON_UNSPECIFIED,
9008 true);
9009 return;
9010 }
9011 }
9012
ieee80211_request_smps_mgd_work(struct wiphy * wiphy,struct wiphy_work * work)9013 static void ieee80211_request_smps_mgd_work(struct wiphy *wiphy,
9014 struct wiphy_work *work)
9015 {
9016 struct ieee80211_link_data *link =
9017 container_of(work, struct ieee80211_link_data,
9018 u.mgd.request_smps_work);
9019
9020 __ieee80211_request_smps_mgd(link->sdata, link,
9021 link->u.mgd.driver_smps_mode);
9022 }
9023
ieee80211_ml_sta_reconf_timeout(struct wiphy * wiphy,struct wiphy_work * work)9024 static void ieee80211_ml_sta_reconf_timeout(struct wiphy *wiphy,
9025 struct wiphy_work *work)
9026 {
9027 struct ieee80211_sub_if_data *sdata =
9028 container_of(work, struct ieee80211_sub_if_data,
9029 u.mgd.reconf.wk.work);
9030
9031 if (!sdata->u.mgd.reconf.added_links &&
9032 !sdata->u.mgd.reconf.removed_links)
9033 return;
9034
9035 sdata_info(sdata,
9036 "mlo: reconf: timeout: added=0x%x, removed=0x%x\n",
9037 sdata->u.mgd.reconf.added_links,
9038 sdata->u.mgd.reconf.removed_links);
9039
9040 __ieee80211_disconnect(sdata);
9041 }
9042
9043 /* interface setup */
ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data * sdata)9044 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
9045 {
9046 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
9047
9048 wiphy_work_init(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
9049 wiphy_work_init(&ifmgd->beacon_connection_loss_work,
9050 ieee80211_beacon_connection_loss_work);
9051 wiphy_work_init(&ifmgd->csa_connection_drop_work,
9052 ieee80211_csa_connection_drop_work);
9053 wiphy_delayed_work_init(&ifmgd->tdls_peer_del_work,
9054 ieee80211_tdls_peer_del_work);
9055 wiphy_hrtimer_work_init(&ifmgd->ml_reconf_work,
9056 ieee80211_ml_reconf_work);
9057 wiphy_delayed_work_init(&ifmgd->reconf.wk,
9058 ieee80211_ml_sta_reconf_timeout);
9059 timer_setup(&ifmgd->timer, ieee80211_sta_timer, 0);
9060 timer_setup(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 0);
9061 timer_setup(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 0);
9062 wiphy_delayed_work_init(&ifmgd->tx_tspec_wk,
9063 ieee80211_sta_handle_tspec_ac_params_wk);
9064 wiphy_hrtimer_work_init(&ifmgd->ttlm_work,
9065 ieee80211_tid_to_link_map_work);
9066 wiphy_delayed_work_init(&ifmgd->neg_ttlm_timeout_work,
9067 ieee80211_neg_ttlm_timeout_work);
9068 wiphy_work_init(&ifmgd->teardown_ttlm_work,
9069 ieee80211_teardown_ttlm_work);
9070
9071 ifmgd->flags = 0;
9072 ifmgd->powersave = sdata->wdev.ps;
9073 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
9074 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
9075 /* Setup TDLS data */
9076 spin_lock_init(&ifmgd->teardown_lock);
9077 ifmgd->teardown_skb = NULL;
9078 ifmgd->orig_teardown_skb = NULL;
9079 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO;
9080 }
9081
ieee80211_recalc_smps_work(struct wiphy * wiphy,struct wiphy_work * work)9082 static void ieee80211_recalc_smps_work(struct wiphy *wiphy,
9083 struct wiphy_work *work)
9084 {
9085 struct ieee80211_link_data *link =
9086 container_of(work, struct ieee80211_link_data,
9087 u.mgd.recalc_smps);
9088
9089 ieee80211_recalc_smps(link->sdata, link);
9090 }
9091
ieee80211_mgd_setup_link(struct ieee80211_link_data * link)9092 void ieee80211_mgd_setup_link(struct ieee80211_link_data *link)
9093 {
9094 struct ieee80211_sub_if_data *sdata = link->sdata;
9095 struct ieee80211_local *local = sdata->local;
9096 unsigned int link_id = link->link_id;
9097
9098 link->u.mgd.p2p_noa_index = -1;
9099 link->conf->bssid = link->u.mgd.bssid;
9100 link->smps_mode = IEEE80211_SMPS_OFF;
9101
9102 wiphy_work_init(&link->u.mgd.request_smps_work,
9103 ieee80211_request_smps_mgd_work);
9104 wiphy_work_init(&link->u.mgd.recalc_smps,
9105 ieee80211_recalc_smps_work);
9106 if (local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS)
9107 link->u.mgd.req_smps = IEEE80211_SMPS_AUTOMATIC;
9108 else
9109 link->u.mgd.req_smps = IEEE80211_SMPS_OFF;
9110
9111 wiphy_hrtimer_work_init(&link->u.mgd.csa.switch_work,
9112 ieee80211_csa_switch_work);
9113
9114 ieee80211_clear_tpe(&link->conf->tpe);
9115
9116 if (sdata->u.mgd.assoc_data)
9117 ether_addr_copy(link->conf->addr,
9118 sdata->u.mgd.assoc_data->link[link_id].addr);
9119 else if (sdata->u.mgd.reconf.add_links_data)
9120 ether_addr_copy(link->conf->addr,
9121 sdata->u.mgd.reconf.add_links_data->link[link_id].addr);
9122 else if (!is_valid_ether_addr(link->conf->addr))
9123 eth_random_addr(link->conf->addr);
9124 }
9125
9126 /* scan finished notification */
ieee80211_mlme_notify_scan_completed(struct ieee80211_local * local)9127 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
9128 {
9129 struct ieee80211_sub_if_data *sdata;
9130
9131 /* Restart STA timers */
9132 rcu_read_lock();
9133 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
9134 if (ieee80211_sdata_running(sdata))
9135 ieee80211_restart_sta_timer(sdata);
9136 }
9137 rcu_read_unlock();
9138 }
9139
ieee80211_prep_connection(struct ieee80211_sub_if_data * sdata,struct cfg80211_bss * cbss,s8 link_id,const u8 * ap_mld_addr,bool assoc,struct ieee80211_conn_settings * conn,bool override,unsigned long * userspace_selectors)9140 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
9141 struct cfg80211_bss *cbss, s8 link_id,
9142 const u8 *ap_mld_addr, bool assoc,
9143 struct ieee80211_conn_settings *conn,
9144 bool override,
9145 unsigned long *userspace_selectors)
9146 {
9147 struct ieee80211_local *local = sdata->local;
9148 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
9149 struct ieee80211_bss *bss = (void *)cbss->priv;
9150 struct sta_info *new_sta = NULL;
9151 struct ieee80211_link_data *link;
9152 struct sta_info *have_sta = NULL;
9153 bool mlo;
9154 int err;
9155 u16 new_links;
9156
9157 if (link_id >= 0) {
9158 mlo = true;
9159 if (WARN_ON(!ap_mld_addr))
9160 return -EINVAL;
9161 new_links = BIT(link_id);
9162 } else {
9163 if (WARN_ON(ap_mld_addr))
9164 return -EINVAL;
9165 ap_mld_addr = cbss->bssid;
9166 new_links = 0;
9167 link_id = 0;
9168 mlo = false;
9169 }
9170
9171 if (assoc)
9172 have_sta = sta_info_get(sdata, ap_mld_addr);
9173
9174 if (mlo && !have_sta &&
9175 WARN_ON(sdata->vif.valid_links || sdata->vif.active_links))
9176 return -EINVAL;
9177
9178 err = ieee80211_vif_set_links(sdata, new_links, 0);
9179 if (err)
9180 return err;
9181
9182 link = sdata_dereference(sdata->link[link_id], sdata);
9183 if (WARN_ON(!link)) {
9184 err = -ENOLINK;
9185 goto out_err;
9186 }
9187
9188 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) {
9189 err = -EINVAL;
9190 goto out_err;
9191 }
9192
9193 /* If a reconfig is happening, bail out */
9194 if (local->in_reconfig) {
9195 err = -EBUSY;
9196 goto out_err;
9197 }
9198
9199 if (!have_sta) {
9200 if (mlo)
9201 new_sta = sta_info_alloc_with_link(sdata, ap_mld_addr,
9202 link_id, cbss->bssid,
9203 GFP_KERNEL);
9204 else
9205 new_sta = sta_info_alloc(sdata, ap_mld_addr, GFP_KERNEL);
9206
9207 if (!new_sta) {
9208 err = -ENOMEM;
9209 goto out_err;
9210 }
9211
9212 if (ifmgd->auth_data &&
9213 (ifmgd->auth_data->algorithm == WLAN_AUTH_EPPKE ||
9214 ifmgd->auth_data->algorithm == WLAN_AUTH_IEEE8021X))
9215 new_sta->sta.epp_peer = true;
9216
9217 new_sta->sta.mlo = mlo;
9218 }
9219
9220 /*
9221 * Set up the information for the new channel before setting the
9222 * new channel. We can't - completely race-free - change the basic
9223 * rates bitmap and the channel (sband) that it refers to, but if
9224 * we set it up before we at least avoid calling into the driver's
9225 * bss_info_changed() method with invalid information (since we do
9226 * call that from changing the channel - only for IDLE and perhaps
9227 * some others, but ...).
9228 *
9229 * So to avoid that, just set up all the new information before the
9230 * channel, but tell the driver to apply it only afterwards, since
9231 * it might need the new channel for that.
9232 */
9233 if (new_sta) {
9234 const struct cfg80211_bss_ies *ies;
9235 struct link_sta_info *link_sta;
9236
9237 rcu_read_lock();
9238 link_sta = rcu_dereference(new_sta->link[link_id]);
9239 if (WARN_ON(!link_sta)) {
9240 rcu_read_unlock();
9241 sta_info_free(local, new_sta);
9242 err = -EINVAL;
9243 goto out_err;
9244 }
9245
9246 err = ieee80211_mgd_setup_link_sta(link, new_sta,
9247 link_sta, cbss);
9248 if (err) {
9249 rcu_read_unlock();
9250 sta_info_free(local, new_sta);
9251 goto out_err;
9252 }
9253
9254 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN);
9255
9256 /* set timing information */
9257 link->conf->beacon_int = cbss->beacon_interval;
9258 ies = rcu_dereference(cbss->beacon_ies);
9259 if (ies) {
9260 link->conf->sync_tsf = ies->tsf;
9261 link->conf->sync_device_ts =
9262 bss->device_ts_beacon;
9263
9264 ieee80211_get_dtim(ies,
9265 &link->conf->sync_dtim_count,
9266 NULL);
9267 } else if (!ieee80211_hw_check(&sdata->local->hw,
9268 TIMING_BEACON_ONLY)) {
9269 ies = rcu_dereference(cbss->proberesp_ies);
9270 /* must be non-NULL since beacon IEs were NULL */
9271 link->conf->sync_tsf = ies->tsf;
9272 link->conf->sync_device_ts =
9273 bss->device_ts_presp;
9274 link->conf->sync_dtim_count = 0;
9275 } else {
9276 link->conf->sync_tsf = 0;
9277 link->conf->sync_device_ts = 0;
9278 link->conf->sync_dtim_count = 0;
9279 }
9280 rcu_read_unlock();
9281 }
9282
9283 if (new_sta || override) {
9284 /*
9285 * Only set this if we're also going to calculate the AP
9286 * settings etc., otherwise this was set before in a
9287 * previous call. Note override is set to %true in assoc
9288 * if the settings were changed.
9289 */
9290 link->u.mgd.conn = *conn;
9291 err = ieee80211_prep_channel(sdata, link, link->link_id, cbss,
9292 mlo, &link->u.mgd.conn,
9293 userspace_selectors);
9294 if (err) {
9295 if (new_sta)
9296 sta_info_free(local, new_sta);
9297 goto out_err;
9298 }
9299 /* pass out for use in assoc */
9300 *conn = link->u.mgd.conn;
9301 }
9302
9303 if (new_sta) {
9304 /*
9305 * tell driver about BSSID, basic rates and timing
9306 * this was set up above, before setting the channel
9307 */
9308 ieee80211_link_info_change_notify(sdata, link,
9309 BSS_CHANGED_BSSID |
9310 BSS_CHANGED_BASIC_RATES |
9311 BSS_CHANGED_BEACON_INT);
9312
9313 if (assoc)
9314 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
9315
9316 err = sta_info_insert(new_sta);
9317 new_sta = NULL;
9318 if (err) {
9319 sdata_info(sdata,
9320 "failed to insert STA entry for the AP (error %d)\n",
9321 err);
9322 goto out_release_chan;
9323 }
9324 } else
9325 WARN_ON_ONCE(!ether_addr_equal(link->u.mgd.bssid, cbss->bssid));
9326
9327 /* Cancel scan to ensure that nothing interferes with connection */
9328 if (local->scanning)
9329 ieee80211_scan_cancel(local);
9330
9331 return 0;
9332
9333 out_release_chan:
9334 ieee80211_link_release_channel(link);
9335 out_err:
9336 if (mlo && have_sta)
9337 WARN_ON(__sta_info_destroy(have_sta));
9338 ieee80211_vif_set_links(sdata, 0, 0);
9339 return err;
9340 }
9341
ieee80211_mgd_csa_present(struct ieee80211_sub_if_data * sdata,const struct cfg80211_bss_ies * ies,u8 cur_channel,bool ignore_ecsa)9342 static bool ieee80211_mgd_csa_present(struct ieee80211_sub_if_data *sdata,
9343 const struct cfg80211_bss_ies *ies,
9344 u8 cur_channel, bool ignore_ecsa)
9345 {
9346 const struct element *csa_elem, *ecsa_elem;
9347 struct ieee80211_channel_sw_ie *csa = NULL;
9348 struct ieee80211_ext_chansw_ie *ecsa = NULL;
9349
9350 if (!ies)
9351 return false;
9352
9353 csa_elem = cfg80211_find_elem(WLAN_EID_CHANNEL_SWITCH,
9354 ies->data, ies->len);
9355 if (csa_elem && csa_elem->datalen == sizeof(*csa))
9356 csa = (void *)csa_elem->data;
9357
9358 ecsa_elem = cfg80211_find_elem(WLAN_EID_EXT_CHANSWITCH_ANN,
9359 ies->data, ies->len);
9360 if (ecsa_elem && ecsa_elem->datalen == sizeof(*ecsa))
9361 ecsa = (void *)ecsa_elem->data;
9362
9363 if (csa && csa->count == 0)
9364 csa = NULL;
9365 if (csa && !csa->mode && csa->new_ch_num == cur_channel)
9366 csa = NULL;
9367
9368 if (ecsa && ecsa->count == 0)
9369 ecsa = NULL;
9370 if (ecsa && !ecsa->mode && ecsa->new_ch_num == cur_channel)
9371 ecsa = NULL;
9372
9373 if (ignore_ecsa && ecsa) {
9374 sdata_info(sdata,
9375 "Ignoring ECSA in probe response - was considered stuck!\n");
9376 return csa;
9377 }
9378
9379 return csa || ecsa;
9380 }
9381
ieee80211_mgd_csa_in_process(struct ieee80211_sub_if_data * sdata,struct cfg80211_bss * bss)9382 static bool ieee80211_mgd_csa_in_process(struct ieee80211_sub_if_data *sdata,
9383 struct cfg80211_bss *bss)
9384 {
9385 u8 cur_channel;
9386 bool ret;
9387
9388 cur_channel = ieee80211_frequency_to_channel(bss->channel->center_freq);
9389
9390 rcu_read_lock();
9391 if (ieee80211_mgd_csa_present(sdata,
9392 rcu_dereference(bss->beacon_ies),
9393 cur_channel, false)) {
9394 ret = true;
9395 goto out;
9396 }
9397
9398 if (ieee80211_mgd_csa_present(sdata,
9399 rcu_dereference(bss->proberesp_ies),
9400 cur_channel, bss->proberesp_ecsa_stuck)) {
9401 ret = true;
9402 goto out;
9403 }
9404
9405 ret = false;
9406 out:
9407 rcu_read_unlock();
9408 return ret;
9409 }
9410
ieee80211_parse_cfg_selectors(unsigned long * userspace_selectors,const u8 * supported_selectors,u8 supported_selectors_len)9411 static void ieee80211_parse_cfg_selectors(unsigned long *userspace_selectors,
9412 const u8 *supported_selectors,
9413 u8 supported_selectors_len)
9414 {
9415 if (supported_selectors) {
9416 for (int i = 0; i < supported_selectors_len; i++) {
9417 set_bit(supported_selectors[i],
9418 userspace_selectors);
9419 }
9420 } else {
9421 /* Assume SAE_H2E support for backward compatibility. */
9422 set_bit(BSS_MEMBERSHIP_SELECTOR_SAE_H2E,
9423 userspace_selectors);
9424 }
9425 }
9426
9427 /* config hooks */
ieee80211_mgd_auth(struct ieee80211_sub_if_data * sdata,struct cfg80211_auth_request * req)9428 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
9429 struct cfg80211_auth_request *req)
9430 {
9431 struct ieee80211_local *local = sdata->local;
9432 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
9433 struct ieee80211_mgd_auth_data *auth_data;
9434 struct ieee80211_conn_settings conn;
9435 struct ieee80211_link_data *link;
9436 struct ieee80211_supported_band *sband;
9437 struct ieee80211_bss *bss;
9438 u16 auth_alg;
9439 int err;
9440 bool cont_auth, wmm_used;
9441
9442 lockdep_assert_wiphy(sdata->local->hw.wiphy);
9443
9444 /* prepare auth data structure */
9445
9446 switch (req->auth_type) {
9447 case NL80211_AUTHTYPE_OPEN_SYSTEM:
9448 auth_alg = WLAN_AUTH_OPEN;
9449 break;
9450 case NL80211_AUTHTYPE_SHARED_KEY:
9451 if (fips_enabled)
9452 return -EOPNOTSUPP;
9453 auth_alg = WLAN_AUTH_SHARED_KEY;
9454 break;
9455 case NL80211_AUTHTYPE_FT:
9456 auth_alg = WLAN_AUTH_FT;
9457 break;
9458 case NL80211_AUTHTYPE_NETWORK_EAP:
9459 auth_alg = WLAN_AUTH_LEAP;
9460 break;
9461 case NL80211_AUTHTYPE_SAE:
9462 auth_alg = WLAN_AUTH_SAE;
9463 break;
9464 case NL80211_AUTHTYPE_FILS_SK:
9465 auth_alg = WLAN_AUTH_FILS_SK;
9466 break;
9467 case NL80211_AUTHTYPE_FILS_SK_PFS:
9468 auth_alg = WLAN_AUTH_FILS_SK_PFS;
9469 break;
9470 case NL80211_AUTHTYPE_FILS_PK:
9471 auth_alg = WLAN_AUTH_FILS_PK;
9472 break;
9473 case NL80211_AUTHTYPE_EPPKE:
9474 auth_alg = WLAN_AUTH_EPPKE;
9475 break;
9476 case NL80211_AUTHTYPE_IEEE8021X:
9477 auth_alg = WLAN_AUTH_IEEE8021X;
9478 break;
9479 default:
9480 return -EOPNOTSUPP;
9481 }
9482
9483 if (ifmgd->assoc_data)
9484 return -EBUSY;
9485
9486 if (ieee80211_mgd_csa_in_process(sdata, req->bss)) {
9487 sdata_info(sdata, "AP is in CSA process, reject auth\n");
9488 return -EINVAL;
9489 }
9490
9491 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len +
9492 req->ie_len, GFP_KERNEL);
9493 if (!auth_data)
9494 return -ENOMEM;
9495
9496 memcpy(auth_data->ap_addr,
9497 req->ap_mld_addr ?: req->bss->bssid,
9498 ETH_ALEN);
9499 auth_data->bss = req->bss;
9500 auth_data->link_id = req->link_id;
9501
9502 if (req->auth_data_len >= 4) {
9503 if (req->auth_type == NL80211_AUTHTYPE_SAE ||
9504 req->auth_type == NL80211_AUTHTYPE_EPPKE ||
9505 req->auth_type == NL80211_AUTHTYPE_IEEE8021X) {
9506 __le16 *pos = (__le16 *) req->auth_data;
9507
9508 auth_data->trans = le16_to_cpu(pos[0]);
9509 auth_data->status = le16_to_cpu(pos[1]);
9510 }
9511
9512 memcpy(auth_data->data, req->auth_data + 4,
9513 req->auth_data_len - 4);
9514 auth_data->data_len += req->auth_data_len - 4;
9515 }
9516
9517 /* Check if continuing authentication or trying to authenticate with the
9518 * same BSS that we were in the process of authenticating with and avoid
9519 * removal and re-addition of the STA entry in
9520 * ieee80211_prep_connection().
9521 */
9522 cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss &&
9523 ifmgd->auth_data->link_id == req->link_id;
9524
9525 if (req->ie && req->ie_len) {
9526 memcpy(&auth_data->data[auth_data->data_len],
9527 req->ie, req->ie_len);
9528 auth_data->data_len += req->ie_len;
9529 }
9530
9531 if (req->key && req->key_len) {
9532 auth_data->key_len = req->key_len;
9533 auth_data->key_idx = req->key_idx;
9534 memcpy(auth_data->key, req->key, req->key_len);
9535 }
9536
9537 ieee80211_parse_cfg_selectors(auth_data->userspace_selectors,
9538 req->supported_selectors,
9539 req->supported_selectors_len);
9540
9541 auth_data->algorithm = auth_alg;
9542
9543 /* try to authenticate/probe */
9544
9545 if (ifmgd->auth_data) {
9546 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) {
9547 auth_data->peer_confirmed =
9548 ifmgd->auth_data->peer_confirmed;
9549 }
9550 ieee80211_destroy_auth_data(sdata, cont_auth);
9551 }
9552
9553 /* prep auth_data so we don't go into idle on disassoc */
9554 ifmgd->auth_data = auth_data;
9555
9556 /* If this is continuation of an ongoing SAE authentication exchange
9557 * (i.e., request to send SAE Confirm) and the peer has already
9558 * confirmed, mark authentication completed since we are about to send
9559 * out SAE Confirm.
9560 */
9561 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE &&
9562 auth_data->peer_confirmed && auth_data->trans == 2)
9563 ieee80211_mark_sta_auth(sdata);
9564
9565 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_EPPKE &&
9566 auth_data->trans == 3)
9567 ieee80211_mark_sta_auth(sdata);
9568
9569 if (ifmgd->associated) {
9570 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
9571
9572 sdata_info(sdata,
9573 "disconnect from AP %pM for new auth to %pM\n",
9574 sdata->vif.cfg.ap_addr, auth_data->ap_addr);
9575 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
9576 WLAN_REASON_UNSPECIFIED,
9577 false, frame_buf);
9578
9579 ieee80211_report_disconnect(sdata, frame_buf,
9580 sizeof(frame_buf), true,
9581 WLAN_REASON_UNSPECIFIED,
9582 false);
9583 }
9584
9585 /* needed for transmitting the auth frame(s) properly */
9586 memcpy(sdata->vif.cfg.ap_addr, auth_data->ap_addr, ETH_ALEN);
9587
9588 bss = (void *)req->bss->priv;
9589 wmm_used = bss->wmm_used && (local->hw.queues >= IEEE80211_NUM_ACS);
9590
9591 sband = local->hw.wiphy->bands[req->bss->channel->band];
9592
9593 ieee80211_determine_our_sta_mode_auth(sdata, sband, req, wmm_used,
9594 &conn);
9595
9596 err = ieee80211_prep_connection(sdata, req->bss, req->link_id,
9597 req->ap_mld_addr, cont_auth,
9598 &conn, false,
9599 auth_data->userspace_selectors);
9600 if (err)
9601 goto err_clear;
9602
9603 if (req->link_id >= 0)
9604 link = sdata_dereference(sdata->link[req->link_id], sdata);
9605 else
9606 link = &sdata->deflink;
9607
9608 if (WARN_ON(!link)) {
9609 err = -ENOLINK;
9610 goto err_clear;
9611 }
9612
9613 sdata_info(sdata, "authenticate with %pM (local address=%pM)\n",
9614 auth_data->ap_addr, link->conf->addr);
9615
9616 err = ieee80211_auth(sdata);
9617 if (err) {
9618 sta_info_destroy_addr(sdata, auth_data->ap_addr);
9619 goto err_clear;
9620 }
9621
9622 /* hold our own reference */
9623 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
9624 return 0;
9625
9626 err_clear:
9627 if (!ieee80211_vif_is_mld(&sdata->vif)) {
9628 eth_zero_addr(sdata->deflink.u.mgd.bssid);
9629 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
9630 BSS_CHANGED_BSSID);
9631 ieee80211_link_release_channel(&sdata->deflink);
9632 }
9633 ifmgd->auth_data = NULL;
9634 kfree(auth_data);
9635 return err;
9636 }
9637
9638 static void
ieee80211_setup_assoc_link(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * assoc_data,struct cfg80211_assoc_request * req,struct ieee80211_conn_settings * conn,unsigned int link_id)9639 ieee80211_setup_assoc_link(struct ieee80211_sub_if_data *sdata,
9640 struct ieee80211_mgd_assoc_data *assoc_data,
9641 struct cfg80211_assoc_request *req,
9642 struct ieee80211_conn_settings *conn,
9643 unsigned int link_id)
9644 {
9645 struct ieee80211_local *local = sdata->local;
9646 const struct cfg80211_bss_ies *bss_ies;
9647 struct ieee80211_supported_band *sband;
9648 struct ieee80211_link_data *link;
9649 struct cfg80211_bss *cbss;
9650 struct ieee80211_bss *bss;
9651
9652 cbss = assoc_data->link[link_id].bss;
9653 if (WARN_ON(!cbss))
9654 return;
9655
9656 bss = (void *)cbss->priv;
9657
9658 sband = local->hw.wiphy->bands[cbss->channel->band];
9659 if (WARN_ON(!sband))
9660 return;
9661
9662 link = sdata_dereference(sdata->link[link_id], sdata);
9663 if (WARN_ON(!link))
9664 return;
9665
9666 /* for MLO connections assume advertising all rates is OK */
9667 if (!req->ap_mld_addr) {
9668 assoc_data->supp_rates = bss->supp_rates;
9669 assoc_data->supp_rates_len = bss->supp_rates_len;
9670 }
9671
9672 /* copy and link elems for the STA profile */
9673 if (req->links[link_id].elems_len) {
9674 memcpy(assoc_data->ie_pos, req->links[link_id].elems,
9675 req->links[link_id].elems_len);
9676 assoc_data->link[link_id].elems = assoc_data->ie_pos;
9677 assoc_data->link[link_id].elems_len = req->links[link_id].elems_len;
9678 assoc_data->ie_pos += req->links[link_id].elems_len;
9679 }
9680
9681 link->u.mgd.beacon_crc_valid = false;
9682 link->u.mgd.dtim_period = 0;
9683 link->u.mgd.have_beacon = false;
9684
9685 /* override HT configuration only if the AP and we support it */
9686 if (conn->mode >= IEEE80211_CONN_MODE_HT) {
9687 struct ieee80211_sta_ht_cap sta_ht_cap;
9688
9689 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
9690 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
9691 }
9692
9693 rcu_read_lock();
9694 bss_ies = rcu_dereference(cbss->beacon_ies);
9695 if (bss_ies) {
9696 u8 dtim_count = 0;
9697
9698 ieee80211_get_dtim(bss_ies, &dtim_count,
9699 &link->u.mgd.dtim_period);
9700
9701 sdata->deflink.u.mgd.have_beacon = true;
9702
9703 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
9704 link->conf->sync_tsf = bss_ies->tsf;
9705 link->conf->sync_device_ts = bss->device_ts_beacon;
9706 link->conf->sync_dtim_count = dtim_count;
9707 }
9708 } else {
9709 bss_ies = rcu_dereference(cbss->ies);
9710 }
9711
9712 if (bss_ies) {
9713 const struct element *elem;
9714
9715 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION,
9716 bss_ies->data, bss_ies->len);
9717 if (elem && elem->datalen >= 3)
9718 link->conf->profile_periodicity = elem->data[2];
9719 else
9720 link->conf->profile_periodicity = 0;
9721
9722 elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
9723 bss_ies->data, bss_ies->len);
9724 if (elem && elem->datalen >= 11 &&
9725 (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
9726 link->conf->ema_ap = true;
9727 else
9728 link->conf->ema_ap = false;
9729 }
9730 rcu_read_unlock();
9731
9732 if (bss->corrupt_data) {
9733 char *corrupt_type = "data";
9734
9735 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
9736 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
9737 corrupt_type = "beacon and probe response";
9738 else
9739 corrupt_type = "beacon";
9740 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) {
9741 corrupt_type = "probe response";
9742 }
9743 sdata_info(sdata, "associating to AP %pM with corrupt %s\n",
9744 cbss->bssid, corrupt_type);
9745 }
9746
9747 if (link->u.mgd.req_smps == IEEE80211_SMPS_AUTOMATIC) {
9748 if (sdata->u.mgd.powersave)
9749 link->smps_mode = IEEE80211_SMPS_DYNAMIC;
9750 else
9751 link->smps_mode = IEEE80211_SMPS_OFF;
9752 } else {
9753 link->smps_mode = link->u.mgd.req_smps;
9754 }
9755 }
9756
9757 static int
ieee80211_mgd_get_ap_ht_vht_capa(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * assoc_data,int link_id)9758 ieee80211_mgd_get_ap_ht_vht_capa(struct ieee80211_sub_if_data *sdata,
9759 struct ieee80211_mgd_assoc_data *assoc_data,
9760 int link_id)
9761 {
9762 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss;
9763 enum nl80211_band band = cbss->channel->band;
9764 struct ieee80211_supported_band *sband;
9765 const struct element *elem;
9766 int err;
9767
9768 /* neither HT nor VHT elements used on 6 GHz */
9769 if (band == NL80211_BAND_6GHZ)
9770 return 0;
9771
9772 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_HT)
9773 return 0;
9774
9775 rcu_read_lock();
9776 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_OPERATION);
9777 if (!elem || elem->datalen < sizeof(struct ieee80211_ht_operation)) {
9778 mlme_link_id_dbg(sdata, link_id, "no HT operation on BSS %pM\n",
9779 cbss->bssid);
9780 err = -EINVAL;
9781 goto out_rcu;
9782 }
9783 assoc_data->link[link_id].ap_ht_param =
9784 ((struct ieee80211_ht_operation *)(elem->data))->ht_param;
9785 rcu_read_unlock();
9786
9787 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_VHT)
9788 return 0;
9789
9790 /* some drivers want to support VHT on 2.4 GHz even */
9791 sband = sdata->local->hw.wiphy->bands[band];
9792 if (!sband->vht_cap.vht_supported)
9793 return 0;
9794
9795 rcu_read_lock();
9796 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY);
9797 /* but even then accept it not being present on the AP */
9798 if (!elem && band == NL80211_BAND_2GHZ) {
9799 err = 0;
9800 goto out_rcu;
9801 }
9802 if (!elem || elem->datalen < sizeof(struct ieee80211_vht_cap)) {
9803 mlme_link_id_dbg(sdata, link_id, "no VHT capa on BSS %pM\n",
9804 cbss->bssid);
9805 err = -EINVAL;
9806 goto out_rcu;
9807 }
9808 memcpy(&assoc_data->link[link_id].ap_vht_cap, elem->data,
9809 sizeof(struct ieee80211_vht_cap));
9810 rcu_read_unlock();
9811
9812 return 0;
9813 out_rcu:
9814 rcu_read_unlock();
9815 return err;
9816 }
9817
9818 static bool
ieee80211_mgd_assoc_bss_has_mld_ext_capa_ops(struct cfg80211_assoc_request * req)9819 ieee80211_mgd_assoc_bss_has_mld_ext_capa_ops(struct cfg80211_assoc_request *req)
9820 {
9821 const struct cfg80211_bss_ies *ies;
9822 struct cfg80211_bss *bss;
9823 const struct element *ml;
9824
9825 /* not an MLO connection if link_id < 0, so irrelevant */
9826 if (req->link_id < 0)
9827 return false;
9828
9829 bss = req->links[req->link_id].bss;
9830
9831 guard(rcu)();
9832 ies = rcu_dereference(bss->ies);
9833 for_each_element_extid(ml, WLAN_EID_EXT_EHT_MULTI_LINK,
9834 ies->data, ies->len) {
9835 const struct ieee80211_multi_link_elem *mle;
9836
9837 if (!ieee80211_mle_type_ok(ml->data + 1,
9838 IEEE80211_ML_CONTROL_TYPE_BASIC,
9839 ml->datalen - 1))
9840 continue;
9841
9842 mle = (void *)(ml->data + 1);
9843 if (mle->control & cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EXT_MLD_CAPA_OP))
9844 return true;
9845 }
9846
9847 return false;
9848
9849 }
9850
ieee80211_mgd_assoc(struct ieee80211_sub_if_data * sdata,struct cfg80211_assoc_request * req)9851 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
9852 struct cfg80211_assoc_request *req)
9853 {
9854 unsigned int assoc_link_id = req->link_id < 0 ? 0 : req->link_id;
9855 struct ieee80211_local *local = sdata->local;
9856 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
9857 struct ieee80211_mgd_assoc_data *assoc_data;
9858 const struct element *ssid_elem;
9859 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg;
9860 struct ieee80211_link_data *link;
9861 struct cfg80211_bss *cbss;
9862 bool override, uapsd_supported;
9863 bool match_auth;
9864 int i, err;
9865 size_t size = sizeof(*assoc_data) + req->ie_len;
9866
9867 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++)
9868 size += req->links[i].elems_len;
9869
9870 assoc_data = kzalloc(size, GFP_KERNEL);
9871 if (!assoc_data)
9872 return -ENOMEM;
9873
9874 cbss = req->link_id < 0 ? req->bss : req->links[req->link_id].bss;
9875
9876 if (ieee80211_mgd_csa_in_process(sdata, cbss)) {
9877 sdata_info(sdata, "AP is in CSA process, reject assoc\n");
9878 err = -EINVAL;
9879 goto err_free;
9880 }
9881
9882 rcu_read_lock();
9883 ssid_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID);
9884 if (!ssid_elem || ssid_elem->datalen > sizeof(assoc_data->ssid)) {
9885 rcu_read_unlock();
9886 err = -EINVAL;
9887 goto err_free;
9888 }
9889
9890 memcpy(assoc_data->ssid, ssid_elem->data, ssid_elem->datalen);
9891 assoc_data->ssid_len = ssid_elem->datalen;
9892 rcu_read_unlock();
9893
9894 if (req->ap_mld_addr)
9895 memcpy(assoc_data->ap_addr, req->ap_mld_addr, ETH_ALEN);
9896 else
9897 memcpy(assoc_data->ap_addr, cbss->bssid, ETH_ALEN);
9898
9899 /*
9900 * Many APs have broken parsing of the extended MLD capa/ops field,
9901 * dropping (re-)association request frames or replying with association
9902 * response with a failure status if it's present.
9903 * Set our value from the userspace request only in strict mode or if
9904 * the AP also had that field present.
9905 */
9906 if (ieee80211_hw_check(&local->hw, STRICT) ||
9907 ieee80211_mgd_assoc_bss_has_mld_ext_capa_ops(req))
9908 assoc_data->ext_mld_capa_ops =
9909 cpu_to_le16(req->ext_mld_capa_ops);
9910
9911 if (ifmgd->associated) {
9912 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
9913
9914 sdata_info(sdata,
9915 "disconnect from AP %pM for new assoc to %pM\n",
9916 sdata->vif.cfg.ap_addr, assoc_data->ap_addr);
9917 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
9918 WLAN_REASON_UNSPECIFIED,
9919 false, frame_buf);
9920
9921 ieee80211_report_disconnect(sdata, frame_buf,
9922 sizeof(frame_buf), true,
9923 WLAN_REASON_UNSPECIFIED,
9924 false);
9925 }
9926
9927 memset(sdata->u.mgd.userspace_selectors, 0,
9928 sizeof(sdata->u.mgd.userspace_selectors));
9929 ieee80211_parse_cfg_selectors(sdata->u.mgd.userspace_selectors,
9930 req->supported_selectors,
9931 req->supported_selectors_len);
9932
9933 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
9934 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
9935 sizeof(ifmgd->ht_capa_mask));
9936
9937 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
9938 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
9939 sizeof(ifmgd->vht_capa_mask));
9940
9941 memcpy(&ifmgd->s1g_capa, &req->s1g_capa, sizeof(ifmgd->s1g_capa));
9942 memcpy(&ifmgd->s1g_capa_mask, &req->s1g_capa_mask,
9943 sizeof(ifmgd->s1g_capa_mask));
9944
9945 /* keep some setup (AP STA, channel, ...) if matching */
9946 match_auth = ifmgd->auth_data &&
9947 ether_addr_equal(ifmgd->auth_data->ap_addr,
9948 assoc_data->ap_addr) &&
9949 ifmgd->auth_data->link_id == req->link_id;
9950
9951 if (req->ap_mld_addr) {
9952 uapsd_supported = true;
9953
9954 if (req->flags & (ASSOC_REQ_DISABLE_HT |
9955 ASSOC_REQ_DISABLE_VHT |
9956 ASSOC_REQ_DISABLE_HE |
9957 ASSOC_REQ_DISABLE_EHT)) {
9958 err = -EINVAL;
9959 goto err_free;
9960 }
9961
9962 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
9963 struct ieee80211_supported_band *sband;
9964 struct cfg80211_bss *link_cbss = req->links[i].bss;
9965 struct ieee80211_bss *bss;
9966
9967 if (!link_cbss)
9968 continue;
9969
9970 bss = (void *)link_cbss->priv;
9971
9972 if (!bss->wmm_used) {
9973 err = -EINVAL;
9974 req->links[i].error = err;
9975 goto err_free;
9976 }
9977
9978 if (link_cbss->channel->band == NL80211_BAND_S1GHZ) {
9979 err = -EINVAL;
9980 req->links[i].error = err;
9981 goto err_free;
9982 }
9983
9984 link = sdata_dereference(sdata->link[i], sdata);
9985 if (link)
9986 ether_addr_copy(assoc_data->link[i].addr,
9987 link->conf->addr);
9988 else
9989 eth_random_addr(assoc_data->link[i].addr);
9990 sband = local->hw.wiphy->bands[link_cbss->channel->band];
9991
9992 if (match_auth && i == assoc_link_id && link)
9993 assoc_data->link[i].conn = link->u.mgd.conn;
9994 else
9995 assoc_data->link[i].conn =
9996 ieee80211_conn_settings_unlimited;
9997 ieee80211_determine_our_sta_mode_assoc(sdata, sband,
9998 req, true, i,
9999 &assoc_data->link[i].conn);
10000 assoc_data->link[i].bss = link_cbss;
10001
10002 if (!bss->uapsd_supported)
10003 uapsd_supported = false;
10004
10005 if (assoc_data->link[i].conn.mode < IEEE80211_CONN_MODE_EHT) {
10006 err = -EINVAL;
10007 req->links[i].error = err;
10008 goto err_free;
10009 }
10010
10011 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata,
10012 assoc_data, i);
10013 if (err) {
10014 err = -EINVAL;
10015 req->links[i].error = err;
10016 goto err_free;
10017 }
10018 }
10019
10020 assoc_data->wmm = true;
10021 } else {
10022 struct ieee80211_supported_band *sband;
10023 struct ieee80211_bss *bss = (void *)cbss->priv;
10024
10025 memcpy(assoc_data->link[0].addr, sdata->vif.addr, ETH_ALEN);
10026 assoc_data->s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
10027
10028 assoc_data->wmm = bss->wmm_used &&
10029 (local->hw.queues >= IEEE80211_NUM_ACS);
10030
10031 if (cbss->channel->band == NL80211_BAND_6GHZ &&
10032 req->flags & (ASSOC_REQ_DISABLE_HT |
10033 ASSOC_REQ_DISABLE_VHT |
10034 ASSOC_REQ_DISABLE_HE)) {
10035 err = -EINVAL;
10036 goto err_free;
10037 }
10038
10039 sband = local->hw.wiphy->bands[cbss->channel->band];
10040
10041 assoc_data->link[0].bss = cbss;
10042
10043 if (match_auth)
10044 assoc_data->link[0].conn = sdata->deflink.u.mgd.conn;
10045 else
10046 assoc_data->link[0].conn =
10047 ieee80211_conn_settings_unlimited;
10048 ieee80211_determine_our_sta_mode_assoc(sdata, sband, req,
10049 assoc_data->wmm, 0,
10050 &assoc_data->link[0].conn);
10051
10052 uapsd_supported = bss->uapsd_supported;
10053
10054 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata, assoc_data, 0);
10055 if (err)
10056 goto err_free;
10057 }
10058
10059 assoc_data->spp_amsdu = req->flags & ASSOC_REQ_SPP_AMSDU;
10060
10061 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
10062 err = -EBUSY;
10063 goto err_free;
10064 }
10065
10066 if (ifmgd->assoc_data) {
10067 err = -EBUSY;
10068 goto err_free;
10069 }
10070
10071 /* Cleanup is delayed if auth_data matches */
10072 if (ifmgd->auth_data && !match_auth)
10073 ieee80211_destroy_auth_data(sdata, false);
10074
10075 if (req->ie && req->ie_len) {
10076 memcpy(assoc_data->ie, req->ie, req->ie_len);
10077 assoc_data->ie_len = req->ie_len;
10078 assoc_data->ie_pos = assoc_data->ie + assoc_data->ie_len;
10079 } else {
10080 assoc_data->ie_pos = assoc_data->ie;
10081 }
10082
10083 if (req->fils_kek) {
10084 /* should already be checked in cfg80211 - so warn */
10085 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) {
10086 err = -EINVAL;
10087 goto err_free;
10088 }
10089 memcpy(assoc_data->fils_kek, req->fils_kek,
10090 req->fils_kek_len);
10091 assoc_data->fils_kek_len = req->fils_kek_len;
10092 }
10093
10094 if (req->fils_nonces)
10095 memcpy(assoc_data->fils_nonces, req->fils_nonces,
10096 2 * FILS_NONCE_LEN);
10097
10098 /* default timeout */
10099 assoc_data->timeout = jiffies;
10100 assoc_data->timeout_started = true;
10101
10102 assoc_data->assoc_link_id = assoc_link_id;
10103
10104 if (req->ap_mld_addr) {
10105 /* if there was no authentication, set up the link */
10106 err = ieee80211_vif_set_links(sdata, BIT(assoc_link_id), 0);
10107 if (err)
10108 goto err_clear;
10109 }
10110
10111 link = sdata_dereference(sdata->link[assoc_link_id], sdata);
10112 if (WARN_ON(!link)) {
10113 err = -EINVAL;
10114 goto err_clear;
10115 }
10116
10117 override = link->u.mgd.conn.mode !=
10118 assoc_data->link[assoc_link_id].conn.mode ||
10119 link->u.mgd.conn.bw_limit !=
10120 assoc_data->link[assoc_link_id].conn.bw_limit;
10121 link->u.mgd.conn = assoc_data->link[assoc_link_id].conn;
10122
10123 ieee80211_setup_assoc_link(sdata, assoc_data, req, &link->u.mgd.conn,
10124 assoc_link_id);
10125
10126 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) &&
10127 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK),
10128 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n"))
10129 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD;
10130
10131 if (assoc_data->wmm && uapsd_supported &&
10132 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) {
10133 assoc_data->uapsd = true;
10134 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
10135 } else {
10136 assoc_data->uapsd = false;
10137 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
10138 }
10139
10140 if (req->prev_bssid)
10141 memcpy(assoc_data->prev_ap_addr, req->prev_bssid, ETH_ALEN);
10142
10143 if (req->use_mfp) {
10144 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
10145 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
10146 } else {
10147 ifmgd->mfp = IEEE80211_MFP_DISABLED;
10148 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
10149 }
10150
10151 if (req->flags & ASSOC_REQ_USE_RRM)
10152 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM;
10153 else
10154 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM;
10155
10156 if (req->crypto.control_port)
10157 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
10158 else
10159 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
10160
10161 sdata->control_port_protocol = req->crypto.control_port_ethertype;
10162 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
10163 sdata->control_port_over_nl80211 =
10164 req->crypto.control_port_over_nl80211;
10165 sdata->control_port_no_preauth = req->crypto.control_port_no_preauth;
10166
10167 /* kick off associate process */
10168 ifmgd->assoc_data = assoc_data;
10169
10170 for (i = 0; i < ARRAY_SIZE(assoc_data->link); i++) {
10171 if (!assoc_data->link[i].bss)
10172 continue;
10173 if (i == assoc_data->assoc_link_id)
10174 continue;
10175 /* only calculate the mode, hence link == NULL */
10176 err = ieee80211_prep_channel(sdata, NULL, i,
10177 assoc_data->link[i].bss, true,
10178 &assoc_data->link[i].conn,
10179 sdata->u.mgd.userspace_selectors);
10180 if (err) {
10181 req->links[i].error = err;
10182 goto err_clear;
10183 }
10184 }
10185
10186 memcpy(vif_cfg->ssid, assoc_data->ssid, assoc_data->ssid_len);
10187 vif_cfg->ssid_len = assoc_data->ssid_len;
10188
10189 /* needed for transmitting the assoc frames properly */
10190 memcpy(sdata->vif.cfg.ap_addr, assoc_data->ap_addr, ETH_ALEN);
10191
10192 err = ieee80211_prep_connection(sdata, cbss, req->link_id,
10193 req->ap_mld_addr, true,
10194 &assoc_data->link[assoc_link_id].conn,
10195 override,
10196 sdata->u.mgd.userspace_selectors);
10197 if (err)
10198 goto err_clear;
10199
10200 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC)) {
10201 const struct cfg80211_bss_ies *beacon_ies;
10202
10203 rcu_read_lock();
10204 beacon_ies = rcu_dereference(req->bss->beacon_ies);
10205 if (!beacon_ies) {
10206 /*
10207 * Wait up to one beacon interval ...
10208 * should this be more if we miss one?
10209 */
10210 sdata_info(sdata, "waiting for beacon from %pM\n",
10211 link->u.mgd.bssid);
10212 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
10213 assoc_data->timeout_started = true;
10214 assoc_data->need_beacon = true;
10215 }
10216 rcu_read_unlock();
10217 }
10218
10219 run_again(sdata, assoc_data->timeout);
10220
10221 /* We are associating, clean up auth_data */
10222 if (ifmgd->auth_data)
10223 ieee80211_destroy_auth_data(sdata, true);
10224
10225 return 0;
10226 err_clear:
10227 if (!ifmgd->auth_data) {
10228 eth_zero_addr(sdata->deflink.u.mgd.bssid);
10229 ieee80211_link_info_change_notify(sdata, &sdata->deflink,
10230 BSS_CHANGED_BSSID);
10231 }
10232 ifmgd->assoc_data = NULL;
10233 err_free:
10234 kfree(assoc_data);
10235 return err;
10236 }
10237
ieee80211_mgd_deauth(struct ieee80211_sub_if_data * sdata,struct cfg80211_deauth_request * req)10238 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
10239 struct cfg80211_deauth_request *req)
10240 {
10241 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
10242 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
10243 bool tx = !req->local_state_change;
10244 struct ieee80211_prep_tx_info info = {
10245 .subtype = IEEE80211_STYPE_DEAUTH,
10246 };
10247
10248 if (ifmgd->auth_data &&
10249 ether_addr_equal(ifmgd->auth_data->ap_addr, req->bssid)) {
10250 sdata_info(sdata,
10251 "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
10252 req->bssid, req->reason_code,
10253 ieee80211_get_reason_code_string(req->reason_code));
10254
10255 info.link_id = ifmgd->auth_data->link_id;
10256 drv_mgd_prepare_tx(sdata->local, sdata, &info);
10257 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
10258 IEEE80211_STYPE_DEAUTH,
10259 req->reason_code, tx,
10260 frame_buf);
10261 ieee80211_destroy_auth_data(sdata, false);
10262 ieee80211_report_disconnect(sdata, frame_buf,
10263 sizeof(frame_buf), true,
10264 req->reason_code, false);
10265 drv_mgd_complete_tx(sdata->local, sdata, &info);
10266 return 0;
10267 }
10268
10269 if (ifmgd->assoc_data &&
10270 ether_addr_equal(ifmgd->assoc_data->ap_addr, req->bssid)) {
10271 sdata_info(sdata,
10272 "aborting association with %pM by local choice (Reason: %u=%s)\n",
10273 req->bssid, req->reason_code,
10274 ieee80211_get_reason_code_string(req->reason_code));
10275
10276 info.link_id = ifmgd->assoc_data->assoc_link_id;
10277 drv_mgd_prepare_tx(sdata->local, sdata, &info);
10278 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
10279 IEEE80211_STYPE_DEAUTH,
10280 req->reason_code, tx,
10281 frame_buf);
10282 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON);
10283 ieee80211_report_disconnect(sdata, frame_buf,
10284 sizeof(frame_buf), true,
10285 req->reason_code, false);
10286 drv_mgd_complete_tx(sdata->local, sdata, &info);
10287 return 0;
10288 }
10289
10290 if (ifmgd->associated &&
10291 ether_addr_equal(sdata->vif.cfg.ap_addr, req->bssid)) {
10292 sdata_info(sdata,
10293 "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
10294 req->bssid, req->reason_code,
10295 ieee80211_get_reason_code_string(req->reason_code));
10296
10297 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
10298 req->reason_code, tx, frame_buf);
10299 ieee80211_report_disconnect(sdata, frame_buf,
10300 sizeof(frame_buf), true,
10301 req->reason_code, false);
10302 return 0;
10303 }
10304
10305 return -ENOTCONN;
10306 }
10307
ieee80211_mgd_disassoc(struct ieee80211_sub_if_data * sdata,struct cfg80211_disassoc_request * req)10308 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
10309 struct cfg80211_disassoc_request *req)
10310 {
10311 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
10312
10313 if (!sdata->u.mgd.associated ||
10314 memcmp(sdata->vif.cfg.ap_addr, req->ap_addr, ETH_ALEN))
10315 return -ENOTCONN;
10316
10317 sdata_info(sdata,
10318 "disassociating from %pM by local choice (Reason: %u=%s)\n",
10319 req->ap_addr, req->reason_code,
10320 ieee80211_get_reason_code_string(req->reason_code));
10321
10322 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
10323 req->reason_code, !req->local_state_change,
10324 frame_buf);
10325
10326 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
10327 req->reason_code, false);
10328
10329 return 0;
10330 }
10331
ieee80211_mgd_stop_link(struct ieee80211_link_data * link)10332 void ieee80211_mgd_stop_link(struct ieee80211_link_data *link)
10333 {
10334 wiphy_work_cancel(link->sdata->local->hw.wiphy,
10335 &link->u.mgd.request_smps_work);
10336 wiphy_work_cancel(link->sdata->local->hw.wiphy,
10337 &link->u.mgd.recalc_smps);
10338 wiphy_hrtimer_work_cancel(link->sdata->local->hw.wiphy,
10339 &link->u.mgd.csa.switch_work);
10340 }
10341
ieee80211_mgd_stop(struct ieee80211_sub_if_data * sdata)10342 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
10343 {
10344 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
10345
10346 /*
10347 * Make sure some work items will not run after this,
10348 * they will not do anything but might not have been
10349 * cancelled when disconnecting.
10350 */
10351 wiphy_work_cancel(sdata->local->hw.wiphy,
10352 &ifmgd->monitor_work);
10353 wiphy_work_cancel(sdata->local->hw.wiphy,
10354 &ifmgd->beacon_connection_loss_work);
10355 wiphy_work_cancel(sdata->local->hw.wiphy,
10356 &ifmgd->csa_connection_drop_work);
10357 wiphy_delayed_work_cancel(sdata->local->hw.wiphy,
10358 &ifmgd->tdls_peer_del_work);
10359
10360 if (ifmgd->assoc_data)
10361 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT);
10362 if (ifmgd->auth_data)
10363 ieee80211_destroy_auth_data(sdata, false);
10364 spin_lock_bh(&ifmgd->teardown_lock);
10365 if (ifmgd->teardown_skb) {
10366 kfree_skb(ifmgd->teardown_skb);
10367 ifmgd->teardown_skb = NULL;
10368 ifmgd->orig_teardown_skb = NULL;
10369 }
10370 kfree(ifmgd->assoc_req_ies);
10371 ifmgd->assoc_req_ies = NULL;
10372 ifmgd->assoc_req_ies_len = 0;
10373 spin_unlock_bh(&ifmgd->teardown_lock);
10374 timer_delete_sync(&ifmgd->timer);
10375 }
10376
ieee80211_cqm_rssi_notify(struct ieee80211_vif * vif,enum nl80211_cqm_rssi_threshold_event rssi_event,s32 rssi_level,gfp_t gfp)10377 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
10378 enum nl80211_cqm_rssi_threshold_event rssi_event,
10379 s32 rssi_level,
10380 gfp_t gfp)
10381 {
10382 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
10383
10384 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level);
10385
10386 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp);
10387 }
10388 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
10389
ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif * vif,gfp_t gfp)10390 void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp)
10391 {
10392 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
10393
10394 trace_api_cqm_beacon_loss_notify(sdata->local, sdata);
10395
10396 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp);
10397 }
10398 EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify);
10399
_ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data * sdata,int rssi_min_thold,int rssi_max_thold)10400 static void _ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data *sdata,
10401 int rssi_min_thold,
10402 int rssi_max_thold)
10403 {
10404 trace_api_enable_rssi_reports(sdata, rssi_min_thold, rssi_max_thold);
10405
10406 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
10407 return;
10408
10409 /*
10410 * Scale up threshold values before storing it, as the RSSI averaging
10411 * algorithm uses a scaled up value as well. Change this scaling
10412 * factor if the RSSI averaging algorithm changes.
10413 */
10414 sdata->u.mgd.rssi_min_thold = rssi_min_thold*16;
10415 sdata->u.mgd.rssi_max_thold = rssi_max_thold*16;
10416 }
10417
ieee80211_enable_rssi_reports(struct ieee80211_vif * vif,int rssi_min_thold,int rssi_max_thold)10418 void ieee80211_enable_rssi_reports(struct ieee80211_vif *vif,
10419 int rssi_min_thold,
10420 int rssi_max_thold)
10421 {
10422 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
10423
10424 WARN_ON(rssi_min_thold == rssi_max_thold ||
10425 rssi_min_thold > rssi_max_thold);
10426
10427 _ieee80211_enable_rssi_reports(sdata, rssi_min_thold,
10428 rssi_max_thold);
10429 }
10430 EXPORT_SYMBOL(ieee80211_enable_rssi_reports);
10431
ieee80211_disable_rssi_reports(struct ieee80211_vif * vif)10432 void ieee80211_disable_rssi_reports(struct ieee80211_vif *vif)
10433 {
10434 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
10435
10436 _ieee80211_enable_rssi_reports(sdata, 0, 0);
10437 }
10438 EXPORT_SYMBOL(ieee80211_disable_rssi_reports);
10439
ieee80211_process_ml_reconf_resp(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)10440 void ieee80211_process_ml_reconf_resp(struct ieee80211_sub_if_data *sdata,
10441 struct ieee80211_mgmt *mgmt, size_t len)
10442 {
10443 struct ieee80211_local *local = sdata->local;
10444 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
10445 struct ieee80211_mgd_assoc_data *add_links_data =
10446 ifmgd->reconf.add_links_data;
10447 struct sta_info *sta;
10448 struct cfg80211_mlo_reconf_done_data done_data = {};
10449 u16 sta_changed_links = sdata->u.mgd.reconf.added_links |
10450 sdata->u.mgd.reconf.removed_links;
10451 u16 link_mask, valid_links;
10452 unsigned int link_id;
10453 size_t orig_len = len;
10454 u8 i, group_key_data_len;
10455 u8 *pos;
10456
10457 if (!ieee80211_vif_is_mld(&sdata->vif) ||
10458 len < IEEE80211_MIN_ACTION_SIZE(ml_reconf_resp) ||
10459 mgmt->u.action.ml_reconf_resp.dialog_token !=
10460 sdata->u.mgd.reconf.dialog_token ||
10461 !sta_changed_links)
10462 return;
10463
10464 pos = mgmt->u.action.ml_reconf_resp.variable;
10465 len -= offsetofend(typeof(*mgmt), u.action.ml_reconf_resp);
10466
10467 if (len < mgmt->u.action.ml_reconf_resp.count *
10468 sizeof(struct ieee80211_ml_reconf_status)) {
10469 sdata_info(sdata,
10470 "mlo: reconf: unexpected len=%zu, count=%u\n",
10471 len, mgmt->u.action.ml_reconf_resp.count);
10472 goto disconnect;
10473 }
10474
10475 link_mask = sta_changed_links;
10476 for (i = 0; i < mgmt->u.action.ml_reconf_resp.count; i++) {
10477 struct ieee80211_ml_reconf_status *reconf_status = (void *)pos;
10478 u16 status = le16_to_cpu(reconf_status->status);
10479
10480 link_id = u8_get_bits(reconf_status->info,
10481 IEEE80211_ML_RECONF_LINK_ID_MASK);
10482
10483 if (!(link_mask & BIT(link_id))) {
10484 sdata_info(sdata,
10485 "mlo: reconf: unexpected link: %u, changed=0x%x\n",
10486 link_id, sta_changed_links);
10487 goto disconnect;
10488 }
10489
10490 /* clear the corresponding link, to detect the case that
10491 * the same link was included more than one time
10492 */
10493 link_mask &= ~BIT(link_id);
10494
10495 /* Handle failure to remove links here. Failure to remove added
10496 * links will be done later in the flow.
10497 */
10498 if (status != WLAN_STATUS_SUCCESS) {
10499 sdata_info(sdata,
10500 "mlo: reconf: failed on link=%u, status=%u\n",
10501 link_id, status);
10502
10503 /* The AP MLD failed to remove a link that was already
10504 * removed locally. As this is not expected behavior,
10505 * disconnect
10506 */
10507 if (sdata->u.mgd.reconf.removed_links & BIT(link_id))
10508 goto disconnect;
10509
10510 /* The AP MLD failed to add a link. Remove it from the
10511 * added links.
10512 */
10513 sdata->u.mgd.reconf.added_links &= ~BIT(link_id);
10514 }
10515
10516 pos += sizeof(*reconf_status);
10517 len -= sizeof(*reconf_status);
10518 }
10519
10520 if (link_mask) {
10521 sdata_info(sdata,
10522 "mlo: reconf: no response for links=0x%x\n",
10523 link_mask);
10524 goto disconnect;
10525 }
10526
10527 if (!sdata->u.mgd.reconf.added_links)
10528 goto out;
10529
10530 if (len < 1 || len < 1 + *pos) {
10531 sdata_info(sdata,
10532 "mlo: reconf: invalid group key data length");
10533 goto disconnect;
10534 }
10535
10536 /* The Group Key Data field must be present when links are added. This
10537 * field should be processed by userland.
10538 */
10539 group_key_data_len = *pos++;
10540
10541 pos += group_key_data_len;
10542 len -= group_key_data_len + 1;
10543
10544 /* Process the information for the added links */
10545 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
10546 if (WARN_ON(!sta))
10547 goto disconnect;
10548
10549 valid_links = sdata->vif.valid_links;
10550 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10551 if (!add_links_data->link[link_id].bss ||
10552 !(sdata->u.mgd.reconf.added_links & BIT(link_id)))
10553 continue;
10554
10555 valid_links |= BIT(link_id);
10556 if (ieee80211_sta_allocate_link(sta, link_id))
10557 goto disconnect;
10558 }
10559
10560 ieee80211_vif_set_links(sdata, valid_links, sdata->vif.dormant_links);
10561 link_mask = 0;
10562 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10563 struct cfg80211_bss *cbss = add_links_data->link[link_id].bss;
10564 struct ieee80211_link_data *link;
10565 struct link_sta_info *link_sta;
10566 u64 changed = 0;
10567
10568 if (!cbss)
10569 continue;
10570
10571 link = sdata_dereference(sdata->link[link_id], sdata);
10572 if (WARN_ON(!link))
10573 goto disconnect;
10574
10575 link_info(link,
10576 "mlo: reconf: local address %pM, AP link address %pM\n",
10577 add_links_data->link[link_id].addr,
10578 add_links_data->link[link_id].bss->bssid);
10579
10580 link_sta = rcu_dereference_protected(sta->link[link_id],
10581 lockdep_is_held(&local->hw.wiphy->mtx));
10582 if (WARN_ON(!link_sta))
10583 goto disconnect;
10584
10585 if (!link->u.mgd.have_beacon) {
10586 const struct cfg80211_bss_ies *ies;
10587
10588 rcu_read_lock();
10589 ies = rcu_dereference(cbss->beacon_ies);
10590 if (ies)
10591 link->u.mgd.have_beacon = true;
10592 else
10593 ies = rcu_dereference(cbss->ies);
10594 ieee80211_get_dtim(ies,
10595 &link->conf->sync_dtim_count,
10596 &link->u.mgd.dtim_period);
10597 link->conf->beacon_int = cbss->beacon_interval;
10598 rcu_read_unlock();
10599 }
10600
10601 link->conf->dtim_period = link->u.mgd.dtim_period ?: 1;
10602
10603 link->u.mgd.conn = add_links_data->link[link_id].conn;
10604 if (ieee80211_prep_channel(sdata, link, link_id, cbss,
10605 true, &link->u.mgd.conn,
10606 sdata->u.mgd.userspace_selectors)) {
10607 link_info(link, "mlo: reconf: prep_channel failed\n");
10608 goto disconnect;
10609 }
10610
10611 if (ieee80211_mgd_setup_link_sta(link, sta, link_sta,
10612 add_links_data->link[link_id].bss))
10613 goto disconnect;
10614
10615 if (!ieee80211_assoc_config_link(link, link_sta,
10616 add_links_data->link[link_id].bss,
10617 mgmt, pos, len,
10618 &changed))
10619 goto disconnect;
10620
10621 /* The AP MLD indicated success for this link, but the station
10622 * profile status indicated otherwise. Since there is an
10623 * inconsistency in the ML reconfiguration response, disconnect
10624 */
10625 if (add_links_data->link[link_id].status != WLAN_STATUS_SUCCESS)
10626 goto disconnect;
10627
10628 ieee80211_sta_init_nss(link_sta);
10629 if (ieee80211_sta_activate_link(sta, link_id))
10630 goto disconnect;
10631
10632 changed |= ieee80211_link_set_associated(link, cbss);
10633 ieee80211_link_info_change_notify(sdata, link, changed);
10634
10635 ieee80211_recalc_smps(sdata, link);
10636 link_mask |= BIT(link_id);
10637 }
10638
10639 sdata_info(sdata,
10640 "mlo: reconf: current valid_links=0x%x, added=0x%x\n",
10641 valid_links, link_mask);
10642
10643 /* links might have changed due to rejected ones, set them again */
10644 ieee80211_vif_set_links(sdata, valid_links, sdata->vif.dormant_links);
10645 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_VALID_LINKS);
10646
10647 ieee80211_recalc_ps(local);
10648 ieee80211_recalc_ps_vif(sdata);
10649
10650 done_data.buf = (const u8 *)mgmt;
10651 done_data.len = orig_len;
10652 done_data.added_links = link_mask;
10653
10654 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10655 done_data.links[link_id].bss = add_links_data->link[link_id].bss;
10656 done_data.links[link_id].addr =
10657 add_links_data->link[link_id].addr;
10658 }
10659
10660 cfg80211_mlo_reconf_add_done(sdata->dev, &done_data);
10661 kfree(sdata->u.mgd.reconf.add_links_data);
10662 sdata->u.mgd.reconf.add_links_data = NULL;
10663 out:
10664 ieee80211_ml_reconf_reset(sdata);
10665 return;
10666
10667 disconnect:
10668 __ieee80211_disconnect(sdata);
10669 }
10670
10671 static struct sk_buff *
ieee80211_build_ml_reconf_req(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgd_assoc_data * add_links_data,u16 removed_links,__le16 ext_mld_capa_ops)10672 ieee80211_build_ml_reconf_req(struct ieee80211_sub_if_data *sdata,
10673 struct ieee80211_mgd_assoc_data *add_links_data,
10674 u16 removed_links, __le16 ext_mld_capa_ops)
10675 {
10676 struct ieee80211_local *local = sdata->local;
10677 struct ieee80211_mgmt *mgmt;
10678 struct ieee80211_multi_link_elem *ml_elem;
10679 struct ieee80211_mle_basic_common_info *common;
10680 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
10681 struct sk_buff *skb;
10682 size_t size;
10683 unsigned int link_id;
10684 __le16 eml_capa = 0, mld_capa_ops = 0;
10685 struct ieee80211_tx_info *info;
10686 u8 common_size, var_common_size;
10687 u8 *ml_elem_len;
10688 u16 capab = 0;
10689
10690 size = local->hw.extra_tx_headroom + sizeof(*mgmt);
10691
10692 /* Consider the maximal length of the reconfiguration ML element */
10693 size += sizeof(struct ieee80211_multi_link_elem);
10694
10695 /* The Basic ML element and the Reconfiguration ML element have the same
10696 * fixed common information fields in the context of ML reconfiguration
10697 * action frame. The AP MLD MAC address must always be present
10698 */
10699 common_size = sizeof(*common);
10700
10701 /* when adding links, the MLD capabilities must be present */
10702 var_common_size = 0;
10703 if (add_links_data) {
10704 const struct wiphy_iftype_ext_capab *ift_ext_capa =
10705 cfg80211_get_iftype_ext_capa(local->hw.wiphy,
10706 ieee80211_vif_type_p2p(&sdata->vif));
10707
10708 if (ift_ext_capa) {
10709 eml_capa = cpu_to_le16(ift_ext_capa->eml_capabilities);
10710 mld_capa_ops =
10711 cpu_to_le16(ift_ext_capa->mld_capa_and_ops);
10712 }
10713
10714 /* MLD capabilities and operation */
10715 var_common_size += 2;
10716
10717 /* EML capabilities */
10718 if (eml_capa & cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP |
10719 IEEE80211_EML_CAP_EMLMR_SUPPORT)))
10720 var_common_size += 2;
10721 }
10722
10723 if (ext_mld_capa_ops)
10724 var_common_size += 2;
10725
10726 /* Add the common information length */
10727 size += common_size + var_common_size;
10728
10729 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10730 struct cfg80211_bss *cbss;
10731 size_t elems_len;
10732
10733 if (removed_links & BIT(link_id)) {
10734 size += sizeof(struct ieee80211_mle_per_sta_profile) +
10735 ETH_ALEN;
10736 continue;
10737 }
10738
10739 if (!add_links_data || !add_links_data->link[link_id].bss)
10740 continue;
10741
10742 elems_len = add_links_data->link[link_id].elems_len;
10743 cbss = add_links_data->link[link_id].bss;
10744
10745 /* should be the same across all BSSes */
10746 if (cbss->capability & WLAN_CAPABILITY_PRIVACY)
10747 capab |= WLAN_CAPABILITY_PRIVACY;
10748
10749 size += 2 + sizeof(struct ieee80211_mle_per_sta_profile) +
10750 ETH_ALEN;
10751
10752 /* WMM */
10753 size += 9;
10754 size += ieee80211_link_common_elems_size(sdata, iftype, cbss,
10755 elems_len);
10756 }
10757
10758 skb = alloc_skb(size, GFP_KERNEL);
10759 if (!skb)
10760 return NULL;
10761
10762 skb_reserve(skb, local->hw.extra_tx_headroom);
10763 mgmt = skb_put_zero(skb, IEEE80211_MIN_ACTION_SIZE(ml_reconf_req));
10764
10765 /* Add the MAC header */
10766 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
10767 IEEE80211_STYPE_ACTION);
10768 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
10769 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
10770 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
10771
10772 /* Add the action frame fixed fields */
10773 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
10774 mgmt->u.action.action_code = WLAN_PROTECTED_EHT_ACTION_LINK_RECONFIG_REQ;
10775
10776 /* allocate a dialog token and store it */
10777 sdata->u.mgd.reconf.dialog_token = ++sdata->u.mgd.dialog_token_alloc;
10778 mgmt->u.action.ml_reconf_req.dialog_token =
10779 sdata->u.mgd.reconf.dialog_token;
10780
10781 /* Add the ML reconfiguration element and the common information */
10782 skb_put_u8(skb, WLAN_EID_EXTENSION);
10783 ml_elem_len = skb_put(skb, 1);
10784 skb_put_u8(skb, WLAN_EID_EXT_EHT_MULTI_LINK);
10785 ml_elem = skb_put(skb, sizeof(*ml_elem));
10786 ml_elem->control =
10787 cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_RECONF |
10788 IEEE80211_MLC_RECONF_PRES_MLD_MAC_ADDR);
10789 common = skb_put(skb, common_size);
10790 common->len = common_size + var_common_size;
10791 memcpy(common->mld_mac_addr, sdata->vif.addr, ETH_ALEN);
10792
10793 if (add_links_data) {
10794 if (eml_capa &
10795 cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP |
10796 IEEE80211_EML_CAP_EMLMR_SUPPORT))) {
10797 ml_elem->control |=
10798 cpu_to_le16(IEEE80211_MLC_RECONF_PRES_EML_CAPA);
10799 skb_put_data(skb, &eml_capa, sizeof(eml_capa));
10800 }
10801
10802 ml_elem->control |=
10803 cpu_to_le16(IEEE80211_MLC_RECONF_PRES_MLD_CAPA_OP);
10804
10805 skb_put_data(skb, &mld_capa_ops, sizeof(mld_capa_ops));
10806 }
10807
10808 if (ext_mld_capa_ops) {
10809 ml_elem->control |=
10810 cpu_to_le16(IEEE80211_MLC_RECONF_PRES_EXT_MLD_CAPA_OP);
10811 skb_put_data(skb, &ext_mld_capa_ops, sizeof(ext_mld_capa_ops));
10812 }
10813
10814 if (sdata->u.mgd.flags & IEEE80211_STA_ENABLE_RRM)
10815 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
10816
10817 /* Add the per station profile */
10818 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10819 u8 *subelem_len = NULL;
10820 u16 ctrl;
10821 const u8 *addr;
10822
10823 /* Skip links that are not changing */
10824 if (!(removed_links & BIT(link_id)) &&
10825 (!add_links_data || !add_links_data->link[link_id].bss))
10826 continue;
10827
10828 ctrl = link_id |
10829 IEEE80211_MLE_STA_RECONF_CONTROL_STA_MAC_ADDR_PRESENT;
10830
10831 if (removed_links & BIT(link_id)) {
10832 struct ieee80211_bss_conf *conf =
10833 sdata_dereference(sdata->vif.link_conf[link_id],
10834 sdata);
10835 if (!conf)
10836 continue;
10837
10838 addr = conf->addr;
10839 ctrl |= u16_encode_bits(IEEE80211_MLE_STA_RECONF_CONTROL_OPERATION_TYPE_DEL_LINK,
10840 IEEE80211_MLE_STA_RECONF_CONTROL_OPERATION_TYPE);
10841 } else {
10842 addr = add_links_data->link[link_id].addr;
10843 ctrl |= IEEE80211_MLE_STA_RECONF_CONTROL_COMPLETE_PROFILE |
10844 u16_encode_bits(IEEE80211_MLE_STA_RECONF_CONTROL_OPERATION_TYPE_ADD_LINK,
10845 IEEE80211_MLE_STA_RECONF_CONTROL_OPERATION_TYPE);
10846 }
10847
10848 skb_put_u8(skb, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE);
10849 subelem_len = skb_put(skb, 1);
10850
10851 put_unaligned_le16(ctrl, skb_put(skb, sizeof(ctrl)));
10852 skb_put_u8(skb, 1 + ETH_ALEN);
10853 skb_put_data(skb, addr, ETH_ALEN);
10854
10855 if (!(removed_links & BIT(link_id))) {
10856 u16 link_present_elems[PRESENT_ELEMS_MAX] = {};
10857 size_t extra_used;
10858 void *capab_pos;
10859 u8 qos_info;
10860
10861 capab_pos = skb_put(skb, 2);
10862
10863 extra_used =
10864 ieee80211_add_link_elems(sdata, skb, &capab, NULL,
10865 add_links_data->link[link_id].elems,
10866 add_links_data->link[link_id].elems_len,
10867 link_id, NULL,
10868 link_present_elems,
10869 add_links_data);
10870
10871 if (add_links_data->link[link_id].elems)
10872 skb_put_data(skb,
10873 add_links_data->link[link_id].elems +
10874 extra_used,
10875 add_links_data->link[link_id].elems_len -
10876 extra_used);
10877 if (sdata->u.mgd.flags & IEEE80211_STA_UAPSD_ENABLED) {
10878 qos_info = sdata->u.mgd.uapsd_queues;
10879 qos_info |= (sdata->u.mgd.uapsd_max_sp_len <<
10880 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
10881 } else {
10882 qos_info = 0;
10883 }
10884
10885 ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
10886 put_unaligned_le16(capab, capab_pos);
10887 }
10888
10889 ieee80211_fragment_element(skb, subelem_len,
10890 IEEE80211_MLE_SUBELEM_FRAGMENT);
10891 }
10892
10893 ieee80211_fragment_element(skb, ml_elem_len, WLAN_EID_FRAGMENT);
10894
10895 info = IEEE80211_SKB_CB(skb);
10896 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
10897
10898 return skb;
10899 }
10900
ieee80211_mgd_assoc_ml_reconf(struct ieee80211_sub_if_data * sdata,struct cfg80211_ml_reconf_req * req)10901 int ieee80211_mgd_assoc_ml_reconf(struct ieee80211_sub_if_data *sdata,
10902 struct cfg80211_ml_reconf_req *req)
10903 {
10904 struct ieee80211_local *local = sdata->local;
10905 struct ieee80211_mgd_assoc_data *data = NULL;
10906 struct sta_info *sta;
10907 struct sk_buff *skb;
10908 u16 added_links, new_valid_links;
10909 int link_id, err;
10910
10911 if (!ieee80211_vif_is_mld(&sdata->vif) ||
10912 !(sdata->vif.cfg.mld_capa_op &
10913 IEEE80211_MLD_CAP_OP_LINK_RECONF_SUPPORT))
10914 return -EINVAL;
10915
10916 /* No support for concurrent ML reconfiguration operation */
10917 if (sdata->u.mgd.reconf.added_links ||
10918 sdata->u.mgd.reconf.removed_links)
10919 return -EBUSY;
10920
10921 added_links = 0;
10922 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
10923 if (!req->add_links[link_id].bss)
10924 continue;
10925
10926 added_links |= BIT(link_id);
10927 }
10928
10929 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr);
10930 if (WARN_ON(!sta))
10931 return -ENOLINK;
10932
10933 /* Adding links to the set of valid link is done only after a successful
10934 * ML reconfiguration frame exchange. Here prepare the data for the ML
10935 * reconfiguration frame construction and allocate the required
10936 * resources
10937 */
10938 if (added_links) {
10939 bool uapsd_supported;
10940
10941 data = kzalloc_obj(*data);
10942 if (!data)
10943 return -ENOMEM;
10944
10945 data->assoc_link_id = -1;
10946 data->wmm = true;
10947
10948 uapsd_supported = true;
10949 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
10950 link_id++) {
10951 struct ieee80211_supported_band *sband;
10952 struct cfg80211_bss *link_cbss =
10953 req->add_links[link_id].bss;
10954 struct ieee80211_bss *bss;
10955
10956 if (!link_cbss)
10957 continue;
10958
10959 bss = (void *)link_cbss->priv;
10960
10961 if (!bss->wmm_used) {
10962 err = -EINVAL;
10963 goto err_free;
10964 }
10965
10966 if (link_cbss->channel->band == NL80211_BAND_S1GHZ) {
10967 err = -EINVAL;
10968 goto err_free;
10969 }
10970
10971 eth_random_addr(data->link[link_id].addr);
10972 data->link[link_id].conn =
10973 ieee80211_conn_settings_unlimited;
10974 sband =
10975 local->hw.wiphy->bands[link_cbss->channel->band];
10976
10977 ieee80211_determine_our_sta_mode(sdata, sband,
10978 NULL, true, link_id,
10979 &data->link[link_id].conn);
10980
10981 data->link[link_id].bss = link_cbss;
10982 data->link[link_id].elems =
10983 (u8 *)req->add_links[link_id].elems;
10984 data->link[link_id].elems_len =
10985 req->add_links[link_id].elems_len;
10986
10987 if (!bss->uapsd_supported)
10988 uapsd_supported = false;
10989
10990 if (data->link[link_id].conn.mode <
10991 IEEE80211_CONN_MODE_EHT) {
10992 err = -EINVAL;
10993 goto err_free;
10994 }
10995
10996 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata, data,
10997 link_id);
10998 if (err) {
10999 err = -EINVAL;
11000 goto err_free;
11001 }
11002 }
11003
11004 /* Require U-APSD support if we enabled it */
11005 if (sdata->u.mgd.flags & IEEE80211_STA_UAPSD_ENABLED &&
11006 !uapsd_supported) {
11007 err = -EINVAL;
11008 sdata_info(sdata, "U-APSD on but not available on (all) new links\n");
11009 goto err_free;
11010 }
11011
11012 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
11013 link_id++) {
11014 if (!data->link[link_id].bss)
11015 continue;
11016
11017 /* only used to verify the mode, nothing is allocated */
11018 err = ieee80211_prep_channel(sdata, NULL, link_id,
11019 data->link[link_id].bss,
11020 true,
11021 &data->link[link_id].conn,
11022 sdata->u.mgd.userspace_selectors);
11023 if (err)
11024 goto err_free;
11025 }
11026 }
11027
11028 /* link removal is done before the ML reconfiguration frame exchange so
11029 * that these links will not be used between their removal by the AP MLD
11030 * and before the station got the ML reconfiguration response. Based on
11031 * Section 35.3.6.4 in Draft P802.11be_D7.0 the AP MLD should accept the
11032 * link removal request.
11033 */
11034 if (req->rem_links) {
11035 u16 new_active_links =
11036 sdata->vif.active_links & ~req->rem_links;
11037
11038 new_valid_links = sdata->vif.valid_links & ~req->rem_links;
11039
11040 /* Should not be left with no valid links to perform the
11041 * ML reconfiguration
11042 */
11043 if (!new_valid_links ||
11044 !(new_valid_links & ~sdata->vif.dormant_links)) {
11045 sdata_info(sdata, "mlo: reconf: no valid links\n");
11046 err = -EINVAL;
11047 goto err_free;
11048 }
11049
11050 if (new_active_links != sdata->vif.active_links) {
11051 if (!new_active_links)
11052 new_active_links =
11053 BIT(__ffs(new_valid_links &
11054 ~sdata->vif.dormant_links));
11055
11056 err = ieee80211_set_active_links(&sdata->vif,
11057 new_active_links);
11058 if (err) {
11059 sdata_info(sdata,
11060 "mlo: reconf: failed set active links\n");
11061 goto err_free;
11062 }
11063 }
11064 }
11065
11066 /* Build the SKB before the link removal as the construction of the
11067 * station info for removed links requires the local address.
11068 * Invalidate the removed links, so that the transmission of the ML
11069 * reconfiguration request frame would not be done using them, as the AP
11070 * is expected to send the ML reconfiguration response frame on the link
11071 * on which the request was received.
11072 */
11073 skb = ieee80211_build_ml_reconf_req(sdata, data, req->rem_links,
11074 cpu_to_le16(req->ext_mld_capa_ops));
11075 if (!skb) {
11076 err = -ENOMEM;
11077 goto err_free;
11078 }
11079
11080 if (req->rem_links) {
11081 u16 new_dormant_links =
11082 sdata->vif.dormant_links & ~req->rem_links;
11083
11084 err = ieee80211_vif_set_links(sdata, new_valid_links,
11085 new_dormant_links);
11086 if (err) {
11087 sdata_info(sdata,
11088 "mlo: reconf: failed set valid links\n");
11089 kfree_skb(skb);
11090 goto err_free;
11091 }
11092
11093 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
11094 link_id++) {
11095 if (!(req->rem_links & BIT(link_id)))
11096 continue;
11097
11098 ieee80211_sta_remove_link(sta, link_id);
11099 }
11100
11101 /* notify the driver and upper layers */
11102 ieee80211_vif_cfg_change_notify(sdata,
11103 BSS_CHANGED_MLD_VALID_LINKS);
11104 cfg80211_links_removed(sdata->dev, req->rem_links);
11105 }
11106
11107 sdata_info(sdata, "mlo: reconf: adding=0x%x, removed=0x%x\n",
11108 added_links, req->rem_links);
11109
11110 ieee80211_tx_skb(sdata, skb);
11111
11112 sdata->u.mgd.reconf.added_links = added_links;
11113 sdata->u.mgd.reconf.add_links_data = data;
11114 sdata->u.mgd.reconf.removed_links = req->rem_links;
11115 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
11116 &sdata->u.mgd.reconf.wk,
11117 IEEE80211_ASSOC_TIMEOUT_SHORT);
11118 return 0;
11119
11120 err_free:
11121 kfree(data);
11122 return err;
11123 }
11124
ieee80211_mgd_epcs_supp(struct ieee80211_sub_if_data * sdata)11125 static bool ieee80211_mgd_epcs_supp(struct ieee80211_sub_if_data *sdata)
11126 {
11127 unsigned long valid_links = sdata->vif.valid_links;
11128 u8 link_id;
11129
11130 lockdep_assert_wiphy(sdata->local->hw.wiphy);
11131
11132 if (!ieee80211_vif_is_mld(&sdata->vif))
11133 return false;
11134
11135 for_each_set_bit(link_id, &valid_links, IEEE80211_MLD_MAX_NUM_LINKS) {
11136 struct ieee80211_bss_conf *bss_conf =
11137 sdata_dereference(sdata->vif.link_conf[link_id], sdata);
11138
11139 if (WARN_ON(!bss_conf) || !bss_conf->epcs_support)
11140 return false;
11141 }
11142
11143 return true;
11144 }
11145
ieee80211_mgd_set_epcs(struct ieee80211_sub_if_data * sdata,bool enable)11146 int ieee80211_mgd_set_epcs(struct ieee80211_sub_if_data *sdata, bool enable)
11147 {
11148 int frame_len = IEEE80211_MIN_ACTION_SIZE(epcs) + (enable ? 1 : 0);
11149 struct ieee80211_local *local = sdata->local;
11150 struct ieee80211_mgmt *mgmt;
11151 struct sk_buff *skb;
11152
11153 if (!ieee80211_mgd_epcs_supp(sdata))
11154 return -EINVAL;
11155
11156 if (sdata->u.mgd.epcs.enabled == enable &&
11157 !sdata->u.mgd.epcs.dialog_token)
11158 return 0;
11159
11160 /* Do not allow enabling EPCS if the AP didn't respond yet.
11161 * However, allow disabling EPCS in such a case.
11162 */
11163 if (sdata->u.mgd.epcs.dialog_token && enable)
11164 return -EALREADY;
11165
11166 skb = dev_alloc_skb(local->hw.extra_tx_headroom + frame_len);
11167 if (!skb)
11168 return -ENOBUFS;
11169
11170 skb_reserve(skb, local->hw.extra_tx_headroom);
11171 mgmt = skb_put_zero(skb, frame_len);
11172 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
11173 IEEE80211_STYPE_ACTION);
11174 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN);
11175 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
11176 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN);
11177
11178 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT;
11179 if (enable) {
11180 u8 *pos = mgmt->u.action.epcs.variable;
11181
11182 mgmt->u.action.action_code =
11183 WLAN_PROTECTED_EHT_ACTION_EPCS_ENABLE_REQ;
11184
11185 *pos = ++sdata->u.mgd.dialog_token_alloc;
11186 sdata->u.mgd.epcs.dialog_token = *pos;
11187 } else {
11188 mgmt->u.action.action_code =
11189 WLAN_PROTECTED_EHT_ACTION_EPCS_ENABLE_TEARDOWN;
11190
11191 ieee80211_epcs_teardown(sdata);
11192 ieee80211_epcs_changed(sdata, false);
11193 }
11194
11195 ieee80211_tx_skb(sdata, skb);
11196 return 0;
11197 }
11198
ieee80211_ml_epcs(struct ieee80211_sub_if_data * sdata,struct ieee802_11_elems * elems)11199 static void ieee80211_ml_epcs(struct ieee80211_sub_if_data *sdata,
11200 struct ieee802_11_elems *elems)
11201 {
11202 const struct element *sub;
11203 size_t scratch_len = elems->ml_epcs_len;
11204 u8 *scratch __free(kfree) = kzalloc(scratch_len, GFP_KERNEL);
11205
11206 lockdep_assert_wiphy(sdata->local->hw.wiphy);
11207
11208 if (!ieee80211_vif_is_mld(&sdata->vif) || !elems->ml_epcs)
11209 return;
11210
11211 if (WARN_ON(!scratch))
11212 return;
11213
11214 /* Directly parse the sub elements as the common information doesn't
11215 * hold any useful information.
11216 */
11217 for_each_mle_subelement(sub, (const u8 *)elems->ml_epcs,
11218 elems->ml_epcs_len) {
11219 struct ieee802_11_elems *link_elems __free(kfree) = NULL;
11220 struct ieee80211_link_data *link;
11221 u8 *pos = (void *)sub->data;
11222 u16 control;
11223 ssize_t len;
11224 u8 link_id;
11225
11226 if (sub->id != IEEE80211_MLE_SUBELEM_PER_STA_PROFILE)
11227 continue;
11228
11229 if (sub->datalen < sizeof(control))
11230 break;
11231
11232 control = get_unaligned_le16(pos);
11233 link_id = control & IEEE80211_MLE_STA_EPCS_CONTROL_LINK_ID;
11234
11235 link = sdata_dereference(sdata->link[link_id], sdata);
11236 if (!link)
11237 continue;
11238
11239 len = cfg80211_defragment_element(sub, (u8 *)elems->ml_epcs,
11240 elems->ml_epcs_len,
11241 scratch, scratch_len,
11242 IEEE80211_MLE_SUBELEM_FRAGMENT);
11243 if (len < (ssize_t)sizeof(control))
11244 continue;
11245
11246 pos = scratch + sizeof(control);
11247 len -= sizeof(control);
11248
11249 link_elems = ieee802_11_parse_elems(pos, len,
11250 IEEE80211_FTYPE_MGMT |
11251 IEEE80211_STYPE_ACTION,
11252 NULL);
11253 if (!link_elems)
11254 continue;
11255
11256 if (ieee80211_sta_wmm_params(sdata->local, link,
11257 link_elems->wmm_param,
11258 link_elems->wmm_param_len,
11259 link_elems->mu_edca_param_set))
11260 ieee80211_link_info_change_notify(sdata, link,
11261 BSS_CHANGED_QOS);
11262 }
11263 }
11264
ieee80211_process_epcs_ena_resp(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)11265 void ieee80211_process_epcs_ena_resp(struct ieee80211_sub_if_data *sdata,
11266 struct ieee80211_mgmt *mgmt, size_t len)
11267 {
11268 struct ieee802_11_elems *elems __free(kfree) = NULL;
11269 size_t ies_len;
11270 u16 status_code;
11271 u8 *pos, dialog_token;
11272
11273 if (!ieee80211_mgd_epcs_supp(sdata))
11274 return;
11275
11276 /* Handle dialog token and status code */
11277 pos = mgmt->u.action.epcs.variable;
11278 dialog_token = *pos;
11279 status_code = get_unaligned_le16(pos + 1);
11280
11281 /* An EPCS enable response with dialog token == 0 is an unsolicited
11282 * notification from the AP MLD. In such a case, EPCS should already be
11283 * enabled and status must be success
11284 */
11285 if (!dialog_token &&
11286 (!sdata->u.mgd.epcs.enabled ||
11287 status_code != WLAN_STATUS_SUCCESS))
11288 return;
11289
11290 if (sdata->u.mgd.epcs.dialog_token != dialog_token)
11291 return;
11292
11293 sdata->u.mgd.epcs.dialog_token = 0;
11294
11295 if (status_code != WLAN_STATUS_SUCCESS)
11296 return;
11297
11298 pos += IEEE80211_EPCS_ENA_RESP_BODY_LEN;
11299 ies_len = len - IEEE80211_MIN_ACTION_SIZE(epcs) -
11300 IEEE80211_EPCS_ENA_RESP_BODY_LEN;
11301
11302 elems = ieee802_11_parse_elems(pos, ies_len,
11303 IEEE80211_FTYPE_MGMT |
11304 IEEE80211_STYPE_ACTION,
11305 NULL);
11306 if (!elems)
11307 return;
11308
11309 ieee80211_ml_epcs(sdata, elems);
11310 ieee80211_epcs_changed(sdata, true);
11311 }
11312
ieee80211_process_epcs_teardown(struct ieee80211_sub_if_data * sdata,struct ieee80211_mgmt * mgmt,size_t len)11313 void ieee80211_process_epcs_teardown(struct ieee80211_sub_if_data *sdata,
11314 struct ieee80211_mgmt *mgmt, size_t len)
11315 {
11316 if (!ieee80211_vif_is_mld(&sdata->vif) ||
11317 !sdata->u.mgd.epcs.enabled)
11318 return;
11319
11320 ieee80211_epcs_teardown(sdata);
11321 ieee80211_epcs_changed(sdata, false);
11322 }
11323