1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * BSS client mode implementation 4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 5 * Copyright 2004, Instant802 Networks, Inc. 6 * Copyright 2005, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * Copyright 2013-2014 Intel Mobile Communications GmbH 10 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH 11 * Copyright (C) 2018 - 2024 Intel Corporation 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/fips.h> 16 #include <linux/if_ether.h> 17 #include <linux/skbuff.h> 18 #include <linux/if_arp.h> 19 #include <linux/etherdevice.h> 20 #include <linux/moduleparam.h> 21 #include <linux/rtnetlink.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 #include "fils_aead.h" 33 34 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 35 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) 36 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 37 #define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2) 38 #define IEEE80211_AUTH_MAX_TRIES 3 39 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 40 #define IEEE80211_AUTH_WAIT_SAE_RETRY (HZ * 2) 41 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 42 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 43 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 44 #define IEEE80211_ASSOC_MAX_TRIES 3 45 46 #define IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS msecs_to_jiffies(100) 47 #define IEEE80211_ADV_TTLM_ST_UNDERFLOW 0xff00 48 49 #define IEEE80211_NEG_TTLM_REQ_TIMEOUT (HZ / 5) 50 51 static int max_nullfunc_tries = 2; 52 module_param(max_nullfunc_tries, int, 0644); 53 MODULE_PARM_DESC(max_nullfunc_tries, 54 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 55 56 static int max_probe_tries = 5; 57 module_param(max_probe_tries, int, 0644); 58 MODULE_PARM_DESC(max_probe_tries, 59 "Maximum probe tries before disconnecting (reason 4)."); 60 61 /* 62 * Beacon loss timeout is calculated as N frames times the 63 * advertised beacon interval. This may need to be somewhat 64 * higher than what hardware might detect to account for 65 * delays in the host processing frames. But since we also 66 * probe on beacon miss before declaring the connection lost 67 * default to what we want. 68 */ 69 static int beacon_loss_count = 7; 70 module_param(beacon_loss_count, int, 0644); 71 MODULE_PARM_DESC(beacon_loss_count, 72 "Number of beacon intervals before we decide beacon was lost."); 73 74 /* 75 * Time the connection can be idle before we probe 76 * it to see if we can still talk to the AP. 77 */ 78 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 79 /* 80 * Time we wait for a probe response after sending 81 * a probe request because of beacon loss or for 82 * checking the connection still works. 83 */ 84 static int probe_wait_ms = 500; 85 module_param(probe_wait_ms, int, 0644); 86 MODULE_PARM_DESC(probe_wait_ms, 87 "Maximum time(ms) to wait for probe response" 88 " before disconnecting (reason 4)."); 89 90 /* 91 * How many Beacon frames need to have been used in average signal strength 92 * before starting to indicate signal change events. 93 */ 94 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 95 96 /* 97 * We can have multiple work items (and connection probing) 98 * scheduling this timer, but we need to take care to only 99 * reschedule it when it should fire _earlier_ than it was 100 * asked for before, or if it's not pending right now. This 101 * function ensures that. Note that it then is required to 102 * run this function for all timeouts after the first one 103 * has happened -- the work that runs from this timer will 104 * do that. 105 */ 106 static void run_again(struct ieee80211_sub_if_data *sdata, 107 unsigned long timeout) 108 { 109 lockdep_assert_wiphy(sdata->local->hw.wiphy); 110 111 if (!timer_pending(&sdata->u.mgd.timer) || 112 time_before(timeout, sdata->u.mgd.timer.expires)) 113 mod_timer(&sdata->u.mgd.timer, timeout); 114 } 115 116 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 117 { 118 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 119 return; 120 121 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 122 return; 123 124 mod_timer(&sdata->u.mgd.bcn_mon_timer, 125 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 126 } 127 128 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 129 { 130 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 131 132 if (unlikely(!ifmgd->associated)) 133 return; 134 135 if (ifmgd->probe_send_count) 136 ifmgd->probe_send_count = 0; 137 138 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 139 return; 140 141 mod_timer(&ifmgd->conn_mon_timer, 142 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 143 } 144 145 static int ecw2cw(int ecw) 146 { 147 return (1 << ecw) - 1; 148 } 149 150 static enum ieee80211_conn_mode 151 ieee80211_determine_ap_chan(struct ieee80211_sub_if_data *sdata, 152 struct ieee80211_channel *channel, 153 u32 vht_cap_info, 154 const struct ieee802_11_elems *elems, 155 bool ignore_ht_channel_mismatch, 156 const struct ieee80211_conn_settings *conn, 157 struct cfg80211_chan_def *chandef) 158 { 159 const struct ieee80211_ht_operation *ht_oper = elems->ht_operation; 160 const struct ieee80211_vht_operation *vht_oper = elems->vht_operation; 161 const struct ieee80211_he_operation *he_oper = elems->he_operation; 162 const struct ieee80211_eht_operation *eht_oper = elems->eht_operation; 163 struct ieee80211_supported_band *sband = 164 sdata->local->hw.wiphy->bands[channel->band]; 165 struct cfg80211_chan_def vht_chandef; 166 bool no_vht = false; 167 u32 ht_cfreq; 168 169 *chandef = (struct cfg80211_chan_def) { 170 .chan = channel, 171 .width = NL80211_CHAN_WIDTH_20_NOHT, 172 .center_freq1 = channel->center_freq, 173 .freq1_offset = channel->freq_offset, 174 }; 175 176 /* get special S1G case out of the way */ 177 if (sband->band == NL80211_BAND_S1GHZ) { 178 if (!ieee80211_chandef_s1g_oper(elems->s1g_oper, chandef)) { 179 sdata_info(sdata, 180 "Missing S1G Operation Element? Trying operating == primary\n"); 181 chandef->width = ieee80211_s1g_channel_width(channel); 182 } 183 184 return IEEE80211_CONN_MODE_S1G; 185 } 186 187 /* get special 6 GHz case out of the way */ 188 if (sband->band == NL80211_BAND_6GHZ) { 189 enum ieee80211_conn_mode mode = IEEE80211_CONN_MODE_EHT; 190 191 /* this is an error */ 192 if (conn->mode < IEEE80211_CONN_MODE_HE) 193 return IEEE80211_CONN_MODE_LEGACY; 194 195 if (!elems->he_6ghz_capa || !elems->he_cap) { 196 sdata_info(sdata, 197 "HE 6 GHz AP is missing HE/HE 6 GHz band capability\n"); 198 return IEEE80211_CONN_MODE_LEGACY; 199 } 200 201 if (!eht_oper || !elems->eht_cap) { 202 eht_oper = NULL; 203 mode = IEEE80211_CONN_MODE_HE; 204 } 205 206 if (!ieee80211_chandef_he_6ghz_oper(sdata->local, he_oper, 207 eht_oper, chandef)) { 208 sdata_info(sdata, "bad HE/EHT 6 GHz operation\n"); 209 return IEEE80211_CONN_MODE_LEGACY; 210 } 211 212 return mode; 213 } 214 215 /* now we have the progression HT, VHT, ... */ 216 if (conn->mode < IEEE80211_CONN_MODE_HT) 217 return IEEE80211_CONN_MODE_LEGACY; 218 219 if (!ht_oper || !elems->ht_cap_elem) 220 return IEEE80211_CONN_MODE_LEGACY; 221 222 chandef->width = NL80211_CHAN_WIDTH_20; 223 224 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 225 channel->band); 226 /* check that channel matches the right operating channel */ 227 if (!ignore_ht_channel_mismatch && channel->center_freq != ht_cfreq) { 228 /* 229 * It's possible that some APs are confused here; 230 * Netgear WNDR3700 sometimes reports 4 higher than 231 * the actual channel in association responses, but 232 * since we look at probe response/beacon data here 233 * it should be OK. 234 */ 235 sdata_info(sdata, 236 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 237 channel->center_freq, ht_cfreq, 238 ht_oper->primary_chan, channel->band); 239 return IEEE80211_CONN_MODE_LEGACY; 240 } 241 242 ieee80211_chandef_ht_oper(ht_oper, chandef); 243 244 if (conn->mode < IEEE80211_CONN_MODE_VHT) 245 return IEEE80211_CONN_MODE_HT; 246 247 vht_chandef = *chandef; 248 249 /* 250 * having he_cap/he_oper parsed out implies we're at 251 * least operating as HE STA 252 */ 253 if (elems->he_cap && he_oper && 254 he_oper->he_oper_params & cpu_to_le32(IEEE80211_HE_OPERATION_VHT_OPER_INFO)) { 255 struct ieee80211_vht_operation he_oper_vht_cap; 256 257 /* 258 * Set only first 3 bytes (other 2 aren't used in 259 * ieee80211_chandef_vht_oper() anyway) 260 */ 261 memcpy(&he_oper_vht_cap, he_oper->optional, 3); 262 he_oper_vht_cap.basic_mcs_set = cpu_to_le16(0); 263 264 if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info, 265 &he_oper_vht_cap, ht_oper, 266 &vht_chandef)) { 267 sdata_info(sdata, 268 "HE AP VHT information is invalid, disabling HE\n"); 269 /* this will cause us to re-parse as VHT STA */ 270 return IEEE80211_CONN_MODE_VHT; 271 } 272 } else if (!vht_oper || !elems->vht_cap_elem) { 273 if (sband->band == NL80211_BAND_5GHZ) { 274 sdata_info(sdata, 275 "VHT information is missing, disabling VHT\n"); 276 return IEEE80211_CONN_MODE_HT; 277 } 278 no_vht = true; 279 } else if (sband->band == NL80211_BAND_2GHZ) { 280 no_vht = true; 281 } else if (!ieee80211_chandef_vht_oper(&sdata->local->hw, 282 vht_cap_info, 283 vht_oper, ht_oper, 284 &vht_chandef)) { 285 sdata_info(sdata, 286 "AP VHT information is invalid, disabling VHT\n"); 287 return IEEE80211_CONN_MODE_HT; 288 } 289 290 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 291 sdata_info(sdata, 292 "AP VHT information doesn't match HT, disabling VHT\n"); 293 return IEEE80211_CONN_MODE_HT; 294 } 295 296 *chandef = vht_chandef; 297 298 /* stick to current max mode if we or the AP don't have HE */ 299 if (conn->mode < IEEE80211_CONN_MODE_HE || 300 !elems->he_operation || !elems->he_cap) { 301 if (no_vht) 302 return IEEE80211_CONN_MODE_HT; 303 return IEEE80211_CONN_MODE_VHT; 304 } 305 306 /* stick to HE if we or the AP don't have EHT */ 307 if (conn->mode < IEEE80211_CONN_MODE_EHT || 308 !eht_oper || !elems->eht_cap) 309 return IEEE80211_CONN_MODE_HE; 310 311 /* 312 * handle the case that the EHT operation indicates that it holds EHT 313 * operation information (in case that the channel width differs from 314 * the channel width reported in HT/VHT/HE). 315 */ 316 if (eht_oper->params & IEEE80211_EHT_OPER_INFO_PRESENT) { 317 struct cfg80211_chan_def eht_chandef = *chandef; 318 319 ieee80211_chandef_eht_oper((const void *)eht_oper->optional, 320 &eht_chandef); 321 322 eht_chandef.punctured = 323 ieee80211_eht_oper_dis_subchan_bitmap(eht_oper); 324 325 if (!cfg80211_chandef_valid(&eht_chandef)) { 326 sdata_info(sdata, 327 "AP EHT information is invalid, disabling EHT\n"); 328 return IEEE80211_CONN_MODE_HE; 329 } 330 331 if (!cfg80211_chandef_compatible(chandef, &eht_chandef)) { 332 sdata_info(sdata, 333 "AP EHT information doesn't match HT/VHT/HE, disabling EHT\n"); 334 return IEEE80211_CONN_MODE_HE; 335 } 336 337 *chandef = eht_chandef; 338 } 339 340 return IEEE80211_CONN_MODE_EHT; 341 } 342 343 static bool 344 ieee80211_verify_peer_he_mcs_support(struct ieee80211_sub_if_data *sdata, 345 const struct ieee80211_he_cap_elem *he_cap, 346 const struct ieee80211_he_operation *he_op) 347 { 348 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp; 349 u16 mcs_80_map_tx, mcs_80_map_rx; 350 u16 ap_min_req_set; 351 int nss; 352 353 if (!he_cap) 354 return false; 355 356 /* mcs_nss is right after he_cap info */ 357 he_mcs_nss_supp = (void *)(he_cap + 1); 358 359 mcs_80_map_tx = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80); 360 mcs_80_map_rx = le16_to_cpu(he_mcs_nss_supp->rx_mcs_80); 361 362 /* P802.11-REVme/D0.3 363 * 27.1.1 Introduction to the HE PHY 364 * ... 365 * An HE STA shall support the following features: 366 * ... 367 * Single spatial stream HE-MCSs 0 to 7 (transmit and receive) in all 368 * supported channel widths for HE SU PPDUs 369 */ 370 if ((mcs_80_map_tx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED || 371 (mcs_80_map_rx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED) { 372 sdata_info(sdata, 373 "Missing mandatory rates for 1 Nss, rx 0x%x, tx 0x%x, disable HE\n", 374 mcs_80_map_tx, mcs_80_map_rx); 375 return false; 376 } 377 378 if (!he_op) 379 return true; 380 381 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set); 382 383 /* 384 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all 385 * zeroes, which is nonsense, and completely inconsistent with itself 386 * (it doesn't have 8 streams). Accept the settings in this case anyway. 387 */ 388 if (!ap_min_req_set) 389 return true; 390 391 /* make sure the AP is consistent with itself 392 * 393 * P802.11-REVme/D0.3 394 * 26.17.1 Basic HE BSS operation 395 * 396 * A STA that is operating in an HE BSS shall be able to receive and 397 * transmit at each of the <HE-MCS, NSS> tuple values indicated by the 398 * Basic HE-MCS And NSS Set field of the HE Operation parameter of the 399 * MLME-START.request primitive and shall be able to receive at each of 400 * the <HE-MCS, NSS> tuple values indicated by the Supported HE-MCS and 401 * NSS Set field in the HE Capabilities parameter of the MLMESTART.request 402 * primitive 403 */ 404 for (nss = 8; nss > 0; nss--) { 405 u8 ap_op_val = (ap_min_req_set >> (2 * (nss - 1))) & 3; 406 u8 ap_rx_val; 407 u8 ap_tx_val; 408 409 if (ap_op_val == IEEE80211_HE_MCS_NOT_SUPPORTED) 410 continue; 411 412 ap_rx_val = (mcs_80_map_rx >> (2 * (nss - 1))) & 3; 413 ap_tx_val = (mcs_80_map_tx >> (2 * (nss - 1))) & 3; 414 415 if (ap_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED || 416 ap_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED || 417 ap_rx_val < ap_op_val || ap_tx_val < ap_op_val) { 418 sdata_info(sdata, 419 "Invalid rates for %d Nss, rx %d, tx %d oper %d, disable HE\n", 420 nss, ap_rx_val, ap_rx_val, ap_op_val); 421 return false; 422 } 423 } 424 425 return true; 426 } 427 428 static bool 429 ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data *sdata, 430 struct ieee80211_supported_band *sband, 431 const struct ieee80211_he_operation *he_op) 432 { 433 const struct ieee80211_sta_he_cap *sta_he_cap = 434 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif); 435 u16 ap_min_req_set; 436 int i; 437 438 if (!sta_he_cap || !he_op) 439 return false; 440 441 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set); 442 443 /* 444 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all 445 * zeroes, which is nonsense, and completely inconsistent with itself 446 * (it doesn't have 8 streams). Accept the settings in this case anyway. 447 */ 448 if (!ap_min_req_set) 449 return true; 450 451 /* Need to go over for 80MHz, 160MHz and for 80+80 */ 452 for (i = 0; i < 3; i++) { 453 const struct ieee80211_he_mcs_nss_supp *sta_mcs_nss_supp = 454 &sta_he_cap->he_mcs_nss_supp; 455 u16 sta_mcs_map_rx = 456 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i]); 457 u16 sta_mcs_map_tx = 458 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i + 1]); 459 u8 nss; 460 bool verified = true; 461 462 /* 463 * For each band there is a maximum of 8 spatial streams 464 * possible. Each of the sta_mcs_map_* is a 16-bit struct built 465 * of 2 bits per NSS (1-8), with the values defined in enum 466 * ieee80211_he_mcs_support. Need to make sure STA TX and RX 467 * capabilities aren't less than the AP's minimum requirements 468 * for this HE BSS per SS. 469 * It is enough to find one such band that meets the reqs. 470 */ 471 for (nss = 8; nss > 0; nss--) { 472 u8 sta_rx_val = (sta_mcs_map_rx >> (2 * (nss - 1))) & 3; 473 u8 sta_tx_val = (sta_mcs_map_tx >> (2 * (nss - 1))) & 3; 474 u8 ap_val = (ap_min_req_set >> (2 * (nss - 1))) & 3; 475 476 if (ap_val == IEEE80211_HE_MCS_NOT_SUPPORTED) 477 continue; 478 479 /* 480 * Make sure the HE AP doesn't require MCSs that aren't 481 * supported by the client as required by spec 482 * 483 * P802.11-REVme/D0.3 484 * 26.17.1 Basic HE BSS operation 485 * 486 * An HE STA shall not attempt to join * (MLME-JOIN.request primitive) 487 * a BSS, unless it supports (i.e., is able to both transmit and 488 * receive using) all of the <HE-MCS, NSS> tuples in the basic 489 * HE-MCS and NSS set. 490 */ 491 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED || 492 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED || 493 (ap_val > sta_rx_val) || (ap_val > sta_tx_val)) { 494 verified = false; 495 break; 496 } 497 } 498 499 if (verified) 500 return true; 501 } 502 503 /* If here, STA doesn't meet AP's HE min requirements */ 504 return false; 505 } 506 507 static u8 508 ieee80211_get_eht_cap_mcs_nss(const struct ieee80211_sta_he_cap *sta_he_cap, 509 const struct ieee80211_sta_eht_cap *sta_eht_cap, 510 unsigned int idx, int bw) 511 { 512 u8 he_phy_cap0 = sta_he_cap->he_cap_elem.phy_cap_info[0]; 513 u8 eht_phy_cap0 = sta_eht_cap->eht_cap_elem.phy_cap_info[0]; 514 515 /* handle us being a 20 MHz-only EHT STA - with four values 516 * for MCS 0-7, 8-9, 10-11, 12-13. 517 */ 518 if (!(he_phy_cap0 & IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_MASK_ALL)) 519 return sta_eht_cap->eht_mcs_nss_supp.only_20mhz.rx_tx_max_nss[idx]; 520 521 /* the others have MCS 0-9 together, rather than separately from 0-7 */ 522 if (idx > 0) 523 idx--; 524 525 switch (bw) { 526 case 0: 527 return sta_eht_cap->eht_mcs_nss_supp.bw._80.rx_tx_max_nss[idx]; 528 case 1: 529 if (!(he_phy_cap0 & 530 (IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G | 531 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G))) 532 return 0xff; /* pass check */ 533 return sta_eht_cap->eht_mcs_nss_supp.bw._160.rx_tx_max_nss[idx]; 534 case 2: 535 if (!(eht_phy_cap0 & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ)) 536 return 0xff; /* pass check */ 537 return sta_eht_cap->eht_mcs_nss_supp.bw._320.rx_tx_max_nss[idx]; 538 } 539 540 WARN_ON(1); 541 return 0; 542 } 543 544 static bool 545 ieee80211_verify_sta_eht_mcs_support(struct ieee80211_sub_if_data *sdata, 546 struct ieee80211_supported_band *sband, 547 const struct ieee80211_eht_operation *eht_op) 548 { 549 const struct ieee80211_sta_he_cap *sta_he_cap = 550 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif); 551 const struct ieee80211_sta_eht_cap *sta_eht_cap = 552 ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif); 553 const struct ieee80211_eht_mcs_nss_supp_20mhz_only *req; 554 unsigned int i; 555 556 if (!sta_he_cap || !sta_eht_cap || !eht_op) 557 return false; 558 559 req = &eht_op->basic_mcs_nss; 560 561 for (i = 0; i < ARRAY_SIZE(req->rx_tx_max_nss); i++) { 562 u8 req_rx_nss, req_tx_nss; 563 unsigned int bw; 564 565 req_rx_nss = u8_get_bits(req->rx_tx_max_nss[i], 566 IEEE80211_EHT_MCS_NSS_RX); 567 req_tx_nss = u8_get_bits(req->rx_tx_max_nss[i], 568 IEEE80211_EHT_MCS_NSS_TX); 569 570 for (bw = 0; bw < 3; bw++) { 571 u8 have, have_rx_nss, have_tx_nss; 572 573 have = ieee80211_get_eht_cap_mcs_nss(sta_he_cap, 574 sta_eht_cap, 575 i, bw); 576 have_rx_nss = u8_get_bits(have, 577 IEEE80211_EHT_MCS_NSS_RX); 578 have_tx_nss = u8_get_bits(have, 579 IEEE80211_EHT_MCS_NSS_TX); 580 581 if (req_rx_nss > have_rx_nss || 582 req_tx_nss > have_tx_nss) 583 return false; 584 } 585 } 586 587 return true; 588 } 589 590 static bool ieee80211_chandef_usable(struct ieee80211_sub_if_data *sdata, 591 const struct cfg80211_chan_def *chandef, 592 u32 prohibited_flags) 593 { 594 if (!cfg80211_chandef_usable(sdata->local->hw.wiphy, 595 chandef, prohibited_flags)) 596 return false; 597 598 if (chandef->punctured && 599 ieee80211_hw_check(&sdata->local->hw, DISALLOW_PUNCTURING)) 600 return false; 601 602 if (chandef->punctured && chandef->chan->band == NL80211_BAND_5GHZ && 603 ieee80211_hw_check(&sdata->local->hw, DISALLOW_PUNCTURING_5GHZ)) 604 return false; 605 606 return true; 607 } 608 609 static int ieee80211_chandef_num_subchans(const struct cfg80211_chan_def *c) 610 { 611 if (c->width == NL80211_CHAN_WIDTH_80P80) 612 return 4 + 4; 613 614 return nl80211_chan_width_to_mhz(c->width) / 20; 615 } 616 617 static int ieee80211_chandef_num_widths(const struct cfg80211_chan_def *c) 618 { 619 switch (c->width) { 620 case NL80211_CHAN_WIDTH_20: 621 case NL80211_CHAN_WIDTH_20_NOHT: 622 return 1; 623 case NL80211_CHAN_WIDTH_40: 624 return 2; 625 case NL80211_CHAN_WIDTH_80P80: 626 case NL80211_CHAN_WIDTH_80: 627 return 3; 628 case NL80211_CHAN_WIDTH_160: 629 return 4; 630 case NL80211_CHAN_WIDTH_320: 631 return 5; 632 default: 633 WARN_ON(1); 634 return 0; 635 } 636 } 637 638 VISIBLE_IF_MAC80211_KUNIT int 639 ieee80211_calc_chandef_subchan_offset(const struct cfg80211_chan_def *ap, 640 u8 n_partial_subchans) 641 { 642 int n = ieee80211_chandef_num_subchans(ap); 643 struct cfg80211_chan_def tmp = *ap; 644 int offset = 0; 645 646 /* 647 * Given a chandef (in this context, it's the AP's) and a number 648 * of subchannels that we want to look at ('n_partial_subchans'), 649 * calculate the offset in number of subchannels between the full 650 * and the subset with the desired width. 651 */ 652 653 /* same number of subchannels means no offset, obviously */ 654 if (n == n_partial_subchans) 655 return 0; 656 657 /* don't WARN - misconfigured APs could cause this if their N > width */ 658 if (n < n_partial_subchans) 659 return 0; 660 661 while (ieee80211_chandef_num_subchans(&tmp) > n_partial_subchans) { 662 u32 prev = tmp.center_freq1; 663 664 ieee80211_chandef_downgrade(&tmp, NULL); 665 666 /* 667 * if center_freq moved up, half the original channels 668 * are gone now but were below, so increase offset 669 */ 670 if (prev < tmp.center_freq1) 671 offset += ieee80211_chandef_num_subchans(&tmp); 672 } 673 674 /* 675 * 80+80 with secondary 80 below primary - four subchannels for it 676 * (we cannot downgrade *to* 80+80, so no need to consider 'tmp') 677 */ 678 if (ap->width == NL80211_CHAN_WIDTH_80P80 && 679 ap->center_freq2 < ap->center_freq1) 680 offset += 4; 681 682 return offset; 683 } 684 EXPORT_SYMBOL_IF_MAC80211_KUNIT(ieee80211_calc_chandef_subchan_offset); 685 686 VISIBLE_IF_MAC80211_KUNIT void 687 ieee80211_rearrange_tpe_psd(struct ieee80211_parsed_tpe_psd *psd, 688 const struct cfg80211_chan_def *ap, 689 const struct cfg80211_chan_def *used) 690 { 691 u8 needed = ieee80211_chandef_num_subchans(used); 692 u8 have = ieee80211_chandef_num_subchans(ap); 693 u8 tmp[IEEE80211_TPE_PSD_ENTRIES_320MHZ]; 694 u8 offset; 695 696 if (!psd->valid) 697 return; 698 699 /* if N is zero, all defaults were used, no point in rearranging */ 700 if (!psd->n) 701 goto out; 702 703 BUILD_BUG_ON(sizeof(tmp) != sizeof(psd->power)); 704 705 /* 706 * This assumes that 'N' is consistent with the HE channel, as 707 * it should be (otherwise the AP is broken). 708 * 709 * In psd->power we have values in the order 0..N, 0..K, where 710 * N+K should cover the entire channel per 'ap', but even if it 711 * doesn't then we've pre-filled 'unlimited' as defaults. 712 * 713 * But this is all the wrong order, we want to have them in the 714 * order of the 'used' channel. 715 * 716 * So for example, we could have a 320 MHz EHT AP, which has the 717 * HE channel as 80 MHz (e.g. due to puncturing, which doesn't 718 * seem to be considered for the TPE), as follows: 719 * 720 * EHT 320: | | | | | | | | | | | | | | | | | 721 * HE 80: | | | | | 722 * used 160: | | | | | | | | | 723 * 724 * N entries: |--|--|--|--| 725 * K entries: |--|--|--|--|--|--|--|--| |--|--|--|--| 726 * power idx: 4 5 6 7 8 9 10 11 0 1 2 3 12 13 14 15 727 * full chan: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 728 * used chan: 0 1 2 3 4 5 6 7 729 * 730 * The idx in the power array ('power idx') is like this since it 731 * comes directly from the element's N and K entries in their 732 * element order, and those are this way for HE compatibility. 733 * 734 * Rearrange them as desired here, first by putting them into the 735 * 'full chan' order, and then selecting the necessary subset for 736 * the 'used chan'. 737 */ 738 739 /* first reorder according to AP channel */ 740 offset = ieee80211_calc_chandef_subchan_offset(ap, psd->n); 741 for (int i = 0; i < have; i++) { 742 if (i < offset) 743 tmp[i] = psd->power[i + psd->n]; 744 else if (i < offset + psd->n) 745 tmp[i] = psd->power[i - offset]; 746 else 747 tmp[i] = psd->power[i]; 748 } 749 750 /* 751 * and then select the subset for the used channel 752 * (set everything to defaults first in case a driver is confused) 753 */ 754 memset(psd->power, IEEE80211_TPE_PSD_NO_LIMIT, sizeof(psd->power)); 755 offset = ieee80211_calc_chandef_subchan_offset(ap, needed); 756 for (int i = 0; i < needed; i++) 757 psd->power[i] = tmp[offset + i]; 758 759 out: 760 /* limit, but don't lie if there are defaults in the data */ 761 if (needed < psd->count) 762 psd->count = needed; 763 } 764 EXPORT_SYMBOL_IF_MAC80211_KUNIT(ieee80211_rearrange_tpe_psd); 765 766 static void ieee80211_rearrange_tpe(struct ieee80211_parsed_tpe *tpe, 767 const struct cfg80211_chan_def *ap, 768 const struct cfg80211_chan_def *used) 769 { 770 /* ignore this completely for narrow/invalid channels */ 771 if (!ieee80211_chandef_num_subchans(ap) || 772 !ieee80211_chandef_num_subchans(used)) { 773 ieee80211_clear_tpe(tpe); 774 return; 775 } 776 777 for (int i = 0; i < 2; i++) { 778 int needed_pwr_count; 779 780 ieee80211_rearrange_tpe_psd(&tpe->psd_local[i], ap, used); 781 ieee80211_rearrange_tpe_psd(&tpe->psd_reg_client[i], ap, used); 782 783 /* limit this to the widths we actually need */ 784 needed_pwr_count = ieee80211_chandef_num_widths(used); 785 if (needed_pwr_count < tpe->max_local[i].count) 786 tpe->max_local[i].count = needed_pwr_count; 787 if (needed_pwr_count < tpe->max_reg_client[i].count) 788 tpe->max_reg_client[i].count = needed_pwr_count; 789 } 790 } 791 792 static struct ieee802_11_elems * 793 ieee80211_determine_chan_mode(struct ieee80211_sub_if_data *sdata, 794 struct ieee80211_conn_settings *conn, 795 struct cfg80211_bss *cbss, int link_id, 796 struct ieee80211_chan_req *chanreq, 797 struct cfg80211_chan_def *ap_chandef) 798 { 799 const struct cfg80211_bss_ies *ies = rcu_dereference(cbss->ies); 800 struct ieee80211_bss *bss = (void *)cbss->priv; 801 struct ieee80211_channel *channel = cbss->channel; 802 struct ieee80211_elems_parse_params parse_params = { 803 .link_id = -1, 804 .from_ap = true, 805 .start = ies->data, 806 .len = ies->len, 807 }; 808 struct ieee802_11_elems *elems; 809 struct ieee80211_supported_band *sband; 810 enum ieee80211_conn_mode ap_mode; 811 int ret; 812 813 again: 814 parse_params.mode = conn->mode; 815 elems = ieee802_11_parse_elems_full(&parse_params); 816 if (!elems) 817 return ERR_PTR(-ENOMEM); 818 819 ap_mode = ieee80211_determine_ap_chan(sdata, channel, bss->vht_cap_info, 820 elems, false, conn, ap_chandef); 821 822 /* this should be impossible since parsing depends on our mode */ 823 if (WARN_ON(ap_mode > conn->mode)) { 824 ret = -EINVAL; 825 goto free; 826 } 827 828 if (conn->mode != ap_mode) { 829 conn->mode = ap_mode; 830 kfree(elems); 831 goto again; 832 } 833 834 mlme_link_id_dbg(sdata, link_id, "determined AP %pM to be %s\n", 835 cbss->bssid, ieee80211_conn_mode_str(ap_mode)); 836 837 sband = sdata->local->hw.wiphy->bands[channel->band]; 838 839 switch (channel->band) { 840 case NL80211_BAND_S1GHZ: 841 if (WARN_ON(ap_mode != IEEE80211_CONN_MODE_S1G)) { 842 ret = -EINVAL; 843 goto free; 844 } 845 return elems; 846 case NL80211_BAND_6GHZ: 847 if (ap_mode < IEEE80211_CONN_MODE_HE) { 848 sdata_info(sdata, 849 "Rejecting non-HE 6/7 GHz connection"); 850 ret = -EINVAL; 851 goto free; 852 } 853 break; 854 default: 855 if (WARN_ON(ap_mode == IEEE80211_CONN_MODE_S1G)) { 856 ret = -EINVAL; 857 goto free; 858 } 859 } 860 861 switch (ap_mode) { 862 case IEEE80211_CONN_MODE_S1G: 863 WARN_ON(1); 864 ret = -EINVAL; 865 goto free; 866 case IEEE80211_CONN_MODE_LEGACY: 867 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20; 868 break; 869 case IEEE80211_CONN_MODE_HT: 870 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit, 871 conn->bw_limit, 872 IEEE80211_CONN_BW_LIMIT_40); 873 break; 874 case IEEE80211_CONN_MODE_VHT: 875 case IEEE80211_CONN_MODE_HE: 876 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit, 877 conn->bw_limit, 878 IEEE80211_CONN_BW_LIMIT_160); 879 break; 880 case IEEE80211_CONN_MODE_EHT: 881 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit, 882 conn->bw_limit, 883 IEEE80211_CONN_BW_LIMIT_320); 884 break; 885 } 886 887 chanreq->oper = *ap_chandef; 888 889 /* wider-bandwidth OFDMA is only done in EHT */ 890 if (conn->mode >= IEEE80211_CONN_MODE_EHT && 891 !(sdata->vif.driver_flags & IEEE80211_VIF_IGNORE_OFDMA_WIDER_BW)) 892 chanreq->ap = *ap_chandef; 893 else 894 chanreq->ap.chan = NULL; 895 896 while (!ieee80211_chandef_usable(sdata, &chanreq->oper, 897 IEEE80211_CHAN_DISABLED)) { 898 if (WARN_ON(chanreq->oper.width == NL80211_CHAN_WIDTH_20_NOHT)) { 899 ret = -EINVAL; 900 goto free; 901 } 902 903 ieee80211_chanreq_downgrade(chanreq, conn); 904 } 905 906 if (conn->mode >= IEEE80211_CONN_MODE_HE && 907 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper, 908 IEEE80211_CHAN_NO_HE)) { 909 conn->mode = IEEE80211_CONN_MODE_VHT; 910 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit, 911 conn->bw_limit, 912 IEEE80211_CONN_BW_LIMIT_160); 913 } 914 915 if (conn->mode >= IEEE80211_CONN_MODE_EHT && 916 !cfg80211_chandef_usable(sdata->wdev.wiphy, &chanreq->oper, 917 IEEE80211_CHAN_NO_EHT)) { 918 conn->mode = IEEE80211_CONN_MODE_HE; 919 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit, 920 conn->bw_limit, 921 IEEE80211_CONN_BW_LIMIT_160); 922 } 923 924 if (chanreq->oper.width != ap_chandef->width || ap_mode != conn->mode) 925 sdata_info(sdata, 926 "regulatory prevented using AP config, downgraded\n"); 927 928 if (conn->mode >= IEEE80211_CONN_MODE_HE && 929 (!ieee80211_verify_peer_he_mcs_support(sdata, (void *)elems->he_cap, 930 elems->he_operation) || 931 !ieee80211_verify_sta_he_mcs_support(sdata, sband, 932 elems->he_operation))) { 933 conn->mode = IEEE80211_CONN_MODE_VHT; 934 sdata_info(sdata, "required MCSes not supported, disabling HE\n"); 935 } 936 937 if (conn->mode >= IEEE80211_CONN_MODE_EHT && 938 !ieee80211_verify_sta_eht_mcs_support(sdata, sband, 939 elems->eht_operation)) { 940 conn->mode = IEEE80211_CONN_MODE_HE; 941 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit, 942 conn->bw_limit, 943 IEEE80211_CONN_BW_LIMIT_160); 944 sdata_info(sdata, "required MCSes not supported, disabling EHT\n"); 945 } 946 947 /* the mode can only decrease, so this must terminate */ 948 if (ap_mode != conn->mode) { 949 kfree(elems); 950 goto again; 951 } 952 953 mlme_link_id_dbg(sdata, link_id, 954 "connecting with %s mode, max bandwidth %d MHz\n", 955 ieee80211_conn_mode_str(conn->mode), 956 20 * (1 << conn->bw_limit)); 957 958 if (WARN_ON_ONCE(!cfg80211_chandef_valid(&chanreq->oper))) { 959 ret = -EINVAL; 960 goto free; 961 } 962 963 return elems; 964 free: 965 kfree(elems); 966 return ERR_PTR(ret); 967 } 968 969 static int ieee80211_config_bw(struct ieee80211_link_data *link, 970 struct ieee802_11_elems *elems, 971 bool update, u64 *changed) 972 { 973 struct ieee80211_channel *channel = link->conf->chanreq.oper.chan; 974 struct ieee80211_sub_if_data *sdata = link->sdata; 975 struct ieee80211_chan_req chanreq = {}; 976 enum ieee80211_conn_mode ap_mode; 977 u32 vht_cap_info = 0; 978 u16 ht_opmode; 979 int ret; 980 981 /* don't track any bandwidth changes in legacy/S1G modes */ 982 if (link->u.mgd.conn.mode == IEEE80211_CONN_MODE_LEGACY || 983 link->u.mgd.conn.mode == IEEE80211_CONN_MODE_S1G) 984 return 0; 985 986 if (elems->vht_cap_elem) 987 vht_cap_info = le32_to_cpu(elems->vht_cap_elem->vht_cap_info); 988 989 ap_mode = ieee80211_determine_ap_chan(sdata, channel, vht_cap_info, 990 elems, true, &link->u.mgd.conn, 991 &chanreq.ap); 992 993 if (ap_mode != link->u.mgd.conn.mode) { 994 link_info(link, 995 "AP appears to change mode (expected %s, found %s), disconnect\n", 996 ieee80211_conn_mode_str(link->u.mgd.conn.mode), 997 ieee80211_conn_mode_str(ap_mode)); 998 return -EINVAL; 999 } 1000 1001 chanreq.oper = chanreq.ap; 1002 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_EHT || 1003 sdata->vif.driver_flags & IEEE80211_VIF_IGNORE_OFDMA_WIDER_BW) 1004 chanreq.ap.chan = NULL; 1005 1006 /* 1007 * if HT operation mode changed store the new one - 1008 * this may be applicable even if channel is identical 1009 */ 1010 if (elems->ht_operation) { 1011 ht_opmode = le16_to_cpu(elems->ht_operation->operation_mode); 1012 if (link->conf->ht_operation_mode != ht_opmode) { 1013 *changed |= BSS_CHANGED_HT; 1014 link->conf->ht_operation_mode = ht_opmode; 1015 } 1016 } 1017 1018 /* 1019 * Downgrade the new channel if we associated with restricted 1020 * bandwidth capabilities. For example, if we associated as a 1021 * 20 MHz STA to a 40 MHz AP (due to regulatory, capabilities 1022 * or config reasons) then switching to a 40 MHz channel now 1023 * won't do us any good -- we couldn't use it with the AP. 1024 */ 1025 while (link->u.mgd.conn.bw_limit < 1026 ieee80211_min_bw_limit_from_chandef(&chanreq.oper)) 1027 ieee80211_chandef_downgrade(&chanreq.oper, NULL); 1028 1029 if (ieee80211_chanreq_identical(&chanreq, &link->conf->chanreq)) 1030 return 0; 1031 1032 link_info(link, 1033 "AP %pM changed bandwidth, new used config is %d.%03d MHz, width %d (%d.%03d/%d MHz)\n", 1034 link->u.mgd.bssid, chanreq.oper.chan->center_freq, 1035 chanreq.oper.chan->freq_offset, chanreq.oper.width, 1036 chanreq.oper.center_freq1, chanreq.oper.freq1_offset, 1037 chanreq.oper.center_freq2); 1038 1039 if (!cfg80211_chandef_valid(&chanreq.oper)) { 1040 sdata_info(sdata, 1041 "AP %pM changed caps/bw in a way we can't support - disconnect\n", 1042 link->u.mgd.bssid); 1043 return -EINVAL; 1044 } 1045 1046 if (!update) { 1047 link->conf->chanreq = chanreq; 1048 return 0; 1049 } 1050 1051 /* 1052 * We're tracking the current AP here, so don't do any further checks 1053 * here. This keeps us from playing ping-pong with regulatory, without 1054 * it the following can happen (for example): 1055 * - connect to an AP with 80 MHz, world regdom allows 80 MHz 1056 * - AP advertises regdom US 1057 * - CRDA loads regdom US with 80 MHz prohibited (old database) 1058 * - we detect an unsupported channel and disconnect 1059 * - disconnect causes CRDA to reload world regdomain and the game 1060 * starts anew. 1061 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881) 1062 * 1063 * It seems possible that there are still scenarios with CSA or real 1064 * bandwidth changes where a this could happen, but those cases are 1065 * less common and wouldn't completely prevent using the AP. 1066 */ 1067 1068 ret = ieee80211_link_change_chanreq(link, &chanreq, changed); 1069 if (ret) { 1070 sdata_info(sdata, 1071 "AP %pM changed bandwidth to incompatible one - disconnect\n", 1072 link->u.mgd.bssid); 1073 return ret; 1074 } 1075 1076 cfg80211_schedule_channels_check(&sdata->wdev); 1077 return 0; 1078 } 1079 1080 /* frame sending functions */ 1081 1082 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 1083 struct sk_buff *skb, u8 ap_ht_param, 1084 struct ieee80211_supported_band *sband, 1085 struct ieee80211_channel *channel, 1086 enum ieee80211_smps_mode smps, 1087 const struct ieee80211_conn_settings *conn) 1088 { 1089 u8 *pos; 1090 u32 flags = channel->flags; 1091 u16 cap; 1092 struct ieee80211_sta_ht_cap ht_cap; 1093 1094 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 1095 1096 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 1097 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 1098 1099 /* determine capability flags */ 1100 cap = ht_cap.cap; 1101 1102 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 1103 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 1104 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 1105 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 1106 cap &= ~IEEE80211_HT_CAP_SGI_40; 1107 } 1108 break; 1109 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 1110 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 1111 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 1112 cap &= ~IEEE80211_HT_CAP_SGI_40; 1113 } 1114 break; 1115 } 1116 1117 /* 1118 * If 40 MHz was disabled associate as though we weren't 1119 * capable of 40 MHz -- some broken APs will never fall 1120 * back to trying to transmit in 20 MHz. 1121 */ 1122 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_20) { 1123 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 1124 cap &= ~IEEE80211_HT_CAP_SGI_40; 1125 } 1126 1127 /* set SM PS mode properly */ 1128 cap &= ~IEEE80211_HT_CAP_SM_PS; 1129 switch (smps) { 1130 case IEEE80211_SMPS_AUTOMATIC: 1131 case IEEE80211_SMPS_NUM_MODES: 1132 WARN_ON(1); 1133 fallthrough; 1134 case IEEE80211_SMPS_OFF: 1135 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 1136 IEEE80211_HT_CAP_SM_PS_SHIFT; 1137 break; 1138 case IEEE80211_SMPS_STATIC: 1139 cap |= WLAN_HT_CAP_SM_PS_STATIC << 1140 IEEE80211_HT_CAP_SM_PS_SHIFT; 1141 break; 1142 case IEEE80211_SMPS_DYNAMIC: 1143 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 1144 IEEE80211_HT_CAP_SM_PS_SHIFT; 1145 break; 1146 } 1147 1148 /* reserve and fill IE */ 1149 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 1150 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 1151 } 1152 1153 /* This function determines vht capability flags for the association 1154 * and builds the IE. 1155 * Note - the function returns true to own the MU-MIMO capability 1156 */ 1157 static bool ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 1158 struct sk_buff *skb, 1159 struct ieee80211_supported_band *sband, 1160 struct ieee80211_vht_cap *ap_vht_cap, 1161 const struct ieee80211_conn_settings *conn) 1162 { 1163 struct ieee80211_local *local = sdata->local; 1164 u8 *pos; 1165 u32 cap; 1166 struct ieee80211_sta_vht_cap vht_cap; 1167 u32 mask, ap_bf_sts, our_bf_sts; 1168 bool mu_mimo_owner = false; 1169 1170 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 1171 1172 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 1173 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 1174 1175 /* determine capability flags */ 1176 cap = vht_cap.cap; 1177 1178 if (conn->bw_limit <= IEEE80211_CONN_BW_LIMIT_80) { 1179 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 1180 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 1181 } 1182 1183 /* 1184 * Some APs apparently get confused if our capabilities are better 1185 * than theirs, so restrict what we advertise in the assoc request. 1186 */ 1187 if (!(ap_vht_cap->vht_cap_info & 1188 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 1189 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE | 1190 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE); 1191 else if (!(ap_vht_cap->vht_cap_info & 1192 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))) 1193 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE; 1194 1195 /* 1196 * If some other vif is using the MU-MIMO capability we cannot associate 1197 * using MU-MIMO - this will lead to contradictions in the group-id 1198 * mechanism. 1199 * Ownership is defined since association request, in order to avoid 1200 * simultaneous associations with MU-MIMO. 1201 */ 1202 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) { 1203 bool disable_mu_mimo = false; 1204 struct ieee80211_sub_if_data *other; 1205 1206 list_for_each_entry_rcu(other, &local->interfaces, list) { 1207 if (other->vif.bss_conf.mu_mimo_owner) { 1208 disable_mu_mimo = true; 1209 break; 1210 } 1211 } 1212 if (disable_mu_mimo) 1213 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE; 1214 else 1215 mu_mimo_owner = true; 1216 } 1217 1218 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK; 1219 1220 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask; 1221 our_bf_sts = cap & mask; 1222 1223 if (ap_bf_sts < our_bf_sts) { 1224 cap &= ~mask; 1225 cap |= ap_bf_sts; 1226 } 1227 1228 /* reserve and fill IE */ 1229 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 1230 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 1231 1232 return mu_mimo_owner; 1233 } 1234 1235 static void ieee80211_assoc_add_rates(struct sk_buff *skb, 1236 enum nl80211_chan_width width, 1237 struct ieee80211_supported_band *sband, 1238 struct ieee80211_mgd_assoc_data *assoc_data) 1239 { 1240 u32 rates; 1241 1242 if (assoc_data->supp_rates_len) { 1243 /* 1244 * Get all rates supported by the device and the AP as 1245 * some APs don't like getting a superset of their rates 1246 * in the association request (e.g. D-Link DAP 1353 in 1247 * b-only mode)... 1248 */ 1249 ieee80211_parse_bitrates(width, sband, 1250 assoc_data->supp_rates, 1251 assoc_data->supp_rates_len, 1252 &rates); 1253 } else { 1254 /* 1255 * In case AP not provide any supported rates information 1256 * before association, we send information element(s) with 1257 * all rates that we support. 1258 */ 1259 rates = ~0; 1260 } 1261 1262 ieee80211_put_srates_elem(skb, sband, 0, 0, ~rates, 1263 WLAN_EID_SUPP_RATES); 1264 ieee80211_put_srates_elem(skb, sband, 0, 0, ~rates, 1265 WLAN_EID_EXT_SUPP_RATES); 1266 } 1267 1268 static size_t ieee80211_add_before_ht_elems(struct sk_buff *skb, 1269 const u8 *elems, 1270 size_t elems_len, 1271 size_t offset) 1272 { 1273 size_t noffset; 1274 1275 static const u8 before_ht[] = { 1276 WLAN_EID_SSID, 1277 WLAN_EID_SUPP_RATES, 1278 WLAN_EID_EXT_SUPP_RATES, 1279 WLAN_EID_PWR_CAPABILITY, 1280 WLAN_EID_SUPPORTED_CHANNELS, 1281 WLAN_EID_RSN, 1282 WLAN_EID_QOS_CAPA, 1283 WLAN_EID_RRM_ENABLED_CAPABILITIES, 1284 WLAN_EID_MOBILITY_DOMAIN, 1285 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */ 1286 WLAN_EID_RIC_DATA, /* reassoc only */ 1287 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 1288 }; 1289 static const u8 after_ric[] = { 1290 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 1291 WLAN_EID_HT_CAPABILITY, 1292 WLAN_EID_BSS_COEX_2040, 1293 /* luckily this is almost always there */ 1294 WLAN_EID_EXT_CAPABILITY, 1295 WLAN_EID_QOS_TRAFFIC_CAPA, 1296 WLAN_EID_TIM_BCAST_REQ, 1297 WLAN_EID_INTERWORKING, 1298 /* 60 GHz (Multi-band, DMG, MMS) can't happen */ 1299 WLAN_EID_VHT_CAPABILITY, 1300 WLAN_EID_OPMODE_NOTIF, 1301 }; 1302 1303 if (!elems_len) 1304 return offset; 1305 1306 noffset = ieee80211_ie_split_ric(elems, elems_len, 1307 before_ht, 1308 ARRAY_SIZE(before_ht), 1309 after_ric, 1310 ARRAY_SIZE(after_ric), 1311 offset); 1312 skb_put_data(skb, elems + offset, noffset - offset); 1313 1314 return noffset; 1315 } 1316 1317 static size_t ieee80211_add_before_vht_elems(struct sk_buff *skb, 1318 const u8 *elems, 1319 size_t elems_len, 1320 size_t offset) 1321 { 1322 static const u8 before_vht[] = { 1323 /* 1324 * no need to list the ones split off before HT 1325 * or generated here 1326 */ 1327 WLAN_EID_BSS_COEX_2040, 1328 WLAN_EID_EXT_CAPABILITY, 1329 WLAN_EID_QOS_TRAFFIC_CAPA, 1330 WLAN_EID_TIM_BCAST_REQ, 1331 WLAN_EID_INTERWORKING, 1332 /* 60 GHz (Multi-band, DMG, MMS) can't happen */ 1333 }; 1334 size_t noffset; 1335 1336 if (!elems_len) 1337 return offset; 1338 1339 /* RIC already taken care of in ieee80211_add_before_ht_elems() */ 1340 noffset = ieee80211_ie_split(elems, elems_len, 1341 before_vht, ARRAY_SIZE(before_vht), 1342 offset); 1343 skb_put_data(skb, elems + offset, noffset - offset); 1344 1345 return noffset; 1346 } 1347 1348 static size_t ieee80211_add_before_he_elems(struct sk_buff *skb, 1349 const u8 *elems, 1350 size_t elems_len, 1351 size_t offset) 1352 { 1353 static const u8 before_he[] = { 1354 /* 1355 * no need to list the ones split off before VHT 1356 * or generated here 1357 */ 1358 WLAN_EID_OPMODE_NOTIF, 1359 WLAN_EID_EXTENSION, WLAN_EID_EXT_FUTURE_CHAN_GUIDANCE, 1360 /* 11ai elements */ 1361 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_SESSION, 1362 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_PUBLIC_KEY, 1363 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_KEY_CONFIRM, 1364 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_HLP_CONTAINER, 1365 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_IP_ADDR_ASSIGN, 1366 /* TODO: add 11ah/11aj/11ak elements */ 1367 }; 1368 size_t noffset; 1369 1370 if (!elems_len) 1371 return offset; 1372 1373 /* RIC already taken care of in ieee80211_add_before_ht_elems() */ 1374 noffset = ieee80211_ie_split(elems, elems_len, 1375 before_he, ARRAY_SIZE(before_he), 1376 offset); 1377 skb_put_data(skb, elems + offset, noffset - offset); 1378 1379 return noffset; 1380 } 1381 1382 #define PRESENT_ELEMS_MAX 8 1383 #define PRESENT_ELEM_EXT_OFFS 0x100 1384 1385 static void ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata, 1386 struct sk_buff *skb, u16 capab, 1387 const struct element *ext_capa, 1388 const u16 *present_elems); 1389 1390 static size_t ieee80211_assoc_link_elems(struct ieee80211_sub_if_data *sdata, 1391 struct sk_buff *skb, u16 *capab, 1392 const struct element *ext_capa, 1393 const u8 *extra_elems, 1394 size_t extra_elems_len, 1395 unsigned int link_id, 1396 struct ieee80211_link_data *link, 1397 u16 *present_elems) 1398 { 1399 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif); 1400 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1401 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 1402 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss; 1403 struct ieee80211_channel *chan = cbss->channel; 1404 const struct ieee80211_sband_iftype_data *iftd; 1405 struct ieee80211_local *local = sdata->local; 1406 struct ieee80211_supported_band *sband; 1407 enum nl80211_chan_width width = NL80211_CHAN_WIDTH_20; 1408 struct ieee80211_chanctx_conf *chanctx_conf; 1409 enum ieee80211_smps_mode smps_mode; 1410 u16 orig_capab = *capab; 1411 size_t offset = 0; 1412 int present_elems_len = 0; 1413 u8 *pos; 1414 int i; 1415 1416 #define ADD_PRESENT_ELEM(id) do { \ 1417 /* need a last for termination - we use 0 == SSID */ \ 1418 if (!WARN_ON(present_elems_len >= PRESENT_ELEMS_MAX - 1)) \ 1419 present_elems[present_elems_len++] = (id); \ 1420 } while (0) 1421 #define ADD_PRESENT_EXT_ELEM(id) ADD_PRESENT_ELEM(PRESENT_ELEM_EXT_OFFS | (id)) 1422 1423 if (link) 1424 smps_mode = link->smps_mode; 1425 else if (sdata->u.mgd.powersave) 1426 smps_mode = IEEE80211_SMPS_DYNAMIC; 1427 else 1428 smps_mode = IEEE80211_SMPS_OFF; 1429 1430 if (link) { 1431 /* 1432 * 5/10 MHz scenarios are only viable without MLO, in which 1433 * case this pointer should be used ... All of this is a bit 1434 * unclear though, not sure this even works at all. 1435 */ 1436 rcu_read_lock(); 1437 chanctx_conf = rcu_dereference(link->conf->chanctx_conf); 1438 if (chanctx_conf) 1439 width = chanctx_conf->def.width; 1440 rcu_read_unlock(); 1441 } 1442 1443 sband = local->hw.wiphy->bands[chan->band]; 1444 iftd = ieee80211_get_sband_iftype_data(sband, iftype); 1445 1446 if (sband->band == NL80211_BAND_2GHZ) { 1447 *capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 1448 *capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 1449 } 1450 1451 if ((cbss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 1452 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT)) 1453 *capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 1454 1455 if (sband->band != NL80211_BAND_S1GHZ) 1456 ieee80211_assoc_add_rates(skb, width, sband, assoc_data); 1457 1458 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT || 1459 *capab & WLAN_CAPABILITY_RADIO_MEASURE) { 1460 struct cfg80211_chan_def chandef = { 1461 .width = width, 1462 .chan = chan, 1463 }; 1464 1465 pos = skb_put(skb, 4); 1466 *pos++ = WLAN_EID_PWR_CAPABILITY; 1467 *pos++ = 2; 1468 *pos++ = 0; /* min tx power */ 1469 /* max tx power */ 1470 *pos++ = ieee80211_chandef_max_power(&chandef); 1471 ADD_PRESENT_ELEM(WLAN_EID_PWR_CAPABILITY); 1472 } 1473 1474 /* 1475 * Per spec, we shouldn't include the list of channels if we advertise 1476 * support for extended channel switching, but we've always done that; 1477 * (for now?) apply this restriction only on the (new) 6 GHz band. 1478 */ 1479 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT && 1480 (sband->band != NL80211_BAND_6GHZ || 1481 !ext_capa || ext_capa->datalen < 1 || 1482 !(ext_capa->data[0] & WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING))) { 1483 /* TODO: get this in reg domain format */ 1484 pos = skb_put(skb, 2 * sband->n_channels + 2); 1485 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 1486 *pos++ = 2 * sband->n_channels; 1487 for (i = 0; i < sband->n_channels; i++) { 1488 int cf = sband->channels[i].center_freq; 1489 1490 *pos++ = ieee80211_frequency_to_channel(cf); 1491 *pos++ = 1; /* one channel in the subband*/ 1492 } 1493 ADD_PRESENT_ELEM(WLAN_EID_SUPPORTED_CHANNELS); 1494 } 1495 1496 /* if present, add any custom IEs that go before HT */ 1497 offset = ieee80211_add_before_ht_elems(skb, extra_elems, 1498 extra_elems_len, 1499 offset); 1500 1501 if (sband->band != NL80211_BAND_6GHZ && 1502 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HT) { 1503 ieee80211_add_ht_ie(sdata, skb, 1504 assoc_data->link[link_id].ap_ht_param, 1505 sband, chan, smps_mode, 1506 &assoc_data->link[link_id].conn); 1507 ADD_PRESENT_ELEM(WLAN_EID_HT_CAPABILITY); 1508 } 1509 1510 /* if present, add any custom IEs that go before VHT */ 1511 offset = ieee80211_add_before_vht_elems(skb, extra_elems, 1512 extra_elems_len, 1513 offset); 1514 1515 if (sband->band != NL80211_BAND_6GHZ && 1516 assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_VHT && 1517 sband->vht_cap.vht_supported) { 1518 bool mu_mimo_owner = 1519 ieee80211_add_vht_ie(sdata, skb, sband, 1520 &assoc_data->link[link_id].ap_vht_cap, 1521 &assoc_data->link[link_id].conn); 1522 1523 if (link) 1524 link->conf->mu_mimo_owner = mu_mimo_owner; 1525 ADD_PRESENT_ELEM(WLAN_EID_VHT_CAPABILITY); 1526 } 1527 1528 /* if present, add any custom IEs that go before HE */ 1529 offset = ieee80211_add_before_he_elems(skb, extra_elems, 1530 extra_elems_len, 1531 offset); 1532 1533 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_HE) { 1534 ieee80211_put_he_cap(skb, sdata, sband, 1535 &assoc_data->link[link_id].conn); 1536 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_HE_CAPABILITY); 1537 ieee80211_put_he_6ghz_cap(skb, sdata, smps_mode); 1538 } 1539 1540 /* 1541 * careful - need to know about all the present elems before 1542 * calling ieee80211_assoc_add_ml_elem(), so add this one if 1543 * we're going to put it after the ML element 1544 */ 1545 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT) 1546 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_EHT_CAPABILITY); 1547 1548 if (link_id == assoc_data->assoc_link_id) 1549 ieee80211_assoc_add_ml_elem(sdata, skb, orig_capab, ext_capa, 1550 present_elems); 1551 1552 /* crash if somebody gets it wrong */ 1553 present_elems = NULL; 1554 1555 if (assoc_data->link[link_id].conn.mode >= IEEE80211_CONN_MODE_EHT) 1556 ieee80211_put_eht_cap(skb, sdata, sband, 1557 &assoc_data->link[link_id].conn); 1558 1559 if (sband->band == NL80211_BAND_S1GHZ) { 1560 ieee80211_add_aid_request_ie(sdata, skb); 1561 ieee80211_add_s1g_capab_ie(sdata, &sband->s1g_cap, skb); 1562 } 1563 1564 if (iftd && iftd->vendor_elems.data && iftd->vendor_elems.len) 1565 skb_put_data(skb, iftd->vendor_elems.data, iftd->vendor_elems.len); 1566 1567 return offset; 1568 } 1569 1570 static void ieee80211_add_non_inheritance_elem(struct sk_buff *skb, 1571 const u16 *outer, 1572 const u16 *inner) 1573 { 1574 unsigned int skb_len = skb->len; 1575 bool at_extension = false; 1576 bool added = false; 1577 int i, j; 1578 u8 *len, *list_len = NULL; 1579 1580 skb_put_u8(skb, WLAN_EID_EXTENSION); 1581 len = skb_put(skb, 1); 1582 skb_put_u8(skb, WLAN_EID_EXT_NON_INHERITANCE); 1583 1584 for (i = 0; i < PRESENT_ELEMS_MAX && outer[i]; i++) { 1585 u16 elem = outer[i]; 1586 bool have_inner = false; 1587 1588 /* should at least be sorted in the sense of normal -> ext */ 1589 WARN_ON(at_extension && elem < PRESENT_ELEM_EXT_OFFS); 1590 1591 /* switch to extension list */ 1592 if (!at_extension && elem >= PRESENT_ELEM_EXT_OFFS) { 1593 at_extension = true; 1594 if (!list_len) 1595 skb_put_u8(skb, 0); 1596 list_len = NULL; 1597 } 1598 1599 for (j = 0; j < PRESENT_ELEMS_MAX && inner[j]; j++) { 1600 if (elem == inner[j]) { 1601 have_inner = true; 1602 break; 1603 } 1604 } 1605 1606 if (have_inner) 1607 continue; 1608 1609 if (!list_len) { 1610 list_len = skb_put(skb, 1); 1611 *list_len = 0; 1612 } 1613 *list_len += 1; 1614 skb_put_u8(skb, (u8)elem); 1615 added = true; 1616 } 1617 1618 /* if we added a list but no extension list, make a zero-len one */ 1619 if (added && (!at_extension || !list_len)) 1620 skb_put_u8(skb, 0); 1621 1622 /* if nothing added remove extension element completely */ 1623 if (!added) 1624 skb_trim(skb, skb_len); 1625 else 1626 *len = skb->len - skb_len - 2; 1627 } 1628 1629 static void ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata, 1630 struct sk_buff *skb, u16 capab, 1631 const struct element *ext_capa, 1632 const u16 *outer_present_elems) 1633 { 1634 struct ieee80211_local *local = sdata->local; 1635 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1636 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 1637 struct ieee80211_multi_link_elem *ml_elem; 1638 struct ieee80211_mle_basic_common_info *common; 1639 const struct wiphy_iftype_ext_capab *ift_ext_capa; 1640 __le16 eml_capa = 0, mld_capa_ops = 0; 1641 unsigned int link_id; 1642 u8 *ml_elem_len; 1643 void *capab_pos; 1644 1645 if (!ieee80211_vif_is_mld(&sdata->vif)) 1646 return; 1647 1648 ift_ext_capa = cfg80211_get_iftype_ext_capa(local->hw.wiphy, 1649 ieee80211_vif_type_p2p(&sdata->vif)); 1650 if (ift_ext_capa) { 1651 eml_capa = cpu_to_le16(ift_ext_capa->eml_capabilities); 1652 mld_capa_ops = cpu_to_le16(ift_ext_capa->mld_capa_and_ops); 1653 } 1654 1655 skb_put_u8(skb, WLAN_EID_EXTENSION); 1656 ml_elem_len = skb_put(skb, 1); 1657 skb_put_u8(skb, WLAN_EID_EXT_EHT_MULTI_LINK); 1658 ml_elem = skb_put(skb, sizeof(*ml_elem)); 1659 ml_elem->control = 1660 cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_BASIC | 1661 IEEE80211_MLC_BASIC_PRES_MLD_CAPA_OP); 1662 common = skb_put(skb, sizeof(*common)); 1663 common->len = sizeof(*common) + 1664 2; /* MLD capa/ops */ 1665 memcpy(common->mld_mac_addr, sdata->vif.addr, ETH_ALEN); 1666 1667 /* add EML_CAPA only if needed, see Draft P802.11be_D2.1, 35.3.17 */ 1668 if (eml_capa & 1669 cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP | 1670 IEEE80211_EML_CAP_EMLMR_SUPPORT))) { 1671 common->len += 2; /* EML capabilities */ 1672 ml_elem->control |= 1673 cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EML_CAPA); 1674 skb_put_data(skb, &eml_capa, sizeof(eml_capa)); 1675 } 1676 skb_put_data(skb, &mld_capa_ops, sizeof(mld_capa_ops)); 1677 1678 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 1679 u16 link_present_elems[PRESENT_ELEMS_MAX] = {}; 1680 const u8 *extra_elems; 1681 size_t extra_elems_len; 1682 size_t extra_used; 1683 u8 *subelem_len = NULL; 1684 __le16 ctrl; 1685 1686 if (!assoc_data->link[link_id].bss || 1687 link_id == assoc_data->assoc_link_id) 1688 continue; 1689 1690 extra_elems = assoc_data->link[link_id].elems; 1691 extra_elems_len = assoc_data->link[link_id].elems_len; 1692 1693 skb_put_u8(skb, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE); 1694 subelem_len = skb_put(skb, 1); 1695 1696 ctrl = cpu_to_le16(link_id | 1697 IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE | 1698 IEEE80211_MLE_STA_CONTROL_STA_MAC_ADDR_PRESENT); 1699 skb_put_data(skb, &ctrl, sizeof(ctrl)); 1700 skb_put_u8(skb, 1 + ETH_ALEN); /* STA Info Length */ 1701 skb_put_data(skb, assoc_data->link[link_id].addr, 1702 ETH_ALEN); 1703 /* 1704 * Now add the contents of the (re)association request, 1705 * but the "listen interval" and "current AP address" 1706 * (if applicable) are skipped. So we only have 1707 * the capability field (remember the position and fill 1708 * later), followed by the elements added below by 1709 * calling ieee80211_assoc_link_elems(). 1710 */ 1711 capab_pos = skb_put(skb, 2); 1712 1713 extra_used = ieee80211_assoc_link_elems(sdata, skb, &capab, 1714 ext_capa, 1715 extra_elems, 1716 extra_elems_len, 1717 link_id, NULL, 1718 link_present_elems); 1719 if (extra_elems) 1720 skb_put_data(skb, extra_elems + extra_used, 1721 extra_elems_len - extra_used); 1722 1723 put_unaligned_le16(capab, capab_pos); 1724 1725 ieee80211_add_non_inheritance_elem(skb, outer_present_elems, 1726 link_present_elems); 1727 1728 ieee80211_fragment_element(skb, subelem_len, 1729 IEEE80211_MLE_SUBELEM_FRAGMENT); 1730 } 1731 1732 ieee80211_fragment_element(skb, ml_elem_len, WLAN_EID_FRAGMENT); 1733 } 1734 1735 static int ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 1736 { 1737 struct ieee80211_local *local = sdata->local; 1738 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1739 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 1740 struct ieee80211_link_data *link; 1741 struct sk_buff *skb; 1742 struct ieee80211_mgmt *mgmt; 1743 u8 *pos, qos_info, *ie_start; 1744 size_t offset, noffset; 1745 u16 capab = 0, link_capab; 1746 __le16 listen_int; 1747 struct element *ext_capa = NULL; 1748 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif); 1749 struct ieee80211_prep_tx_info info = {}; 1750 unsigned int link_id, n_links = 0; 1751 u16 present_elems[PRESENT_ELEMS_MAX] = {}; 1752 void *capab_pos; 1753 size_t size; 1754 int ret; 1755 1756 /* we know it's writable, cast away the const */ 1757 if (assoc_data->ie_len) 1758 ext_capa = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY, 1759 assoc_data->ie, 1760 assoc_data->ie_len); 1761 1762 lockdep_assert_wiphy(sdata->local->hw.wiphy); 1763 1764 size = local->hw.extra_tx_headroom + 1765 sizeof(*mgmt) + /* bit too much but doesn't matter */ 1766 2 + assoc_data->ssid_len + /* SSID */ 1767 assoc_data->ie_len + /* extra IEs */ 1768 (assoc_data->fils_kek_len ? 16 /* AES-SIV */ : 0) + 1769 9; /* WMM */ 1770 1771 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 1772 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss; 1773 const struct ieee80211_sband_iftype_data *iftd; 1774 struct ieee80211_supported_band *sband; 1775 1776 if (!cbss) 1777 continue; 1778 1779 sband = local->hw.wiphy->bands[cbss->channel->band]; 1780 1781 n_links++; 1782 /* add STA profile elements length */ 1783 size += assoc_data->link[link_id].elems_len; 1784 /* and supported rates length */ 1785 size += 4 + sband->n_bitrates; 1786 /* supported channels */ 1787 size += 2 + 2 * sband->n_channels; 1788 1789 iftd = ieee80211_get_sband_iftype_data(sband, iftype); 1790 if (iftd) 1791 size += iftd->vendor_elems.len; 1792 1793 /* power capability */ 1794 size += 4; 1795 1796 /* HT, VHT, HE, EHT */ 1797 size += 2 + sizeof(struct ieee80211_ht_cap); 1798 size += 2 + sizeof(struct ieee80211_vht_cap); 1799 size += 2 + 1 + sizeof(struct ieee80211_he_cap_elem) + 1800 sizeof(struct ieee80211_he_mcs_nss_supp) + 1801 IEEE80211_HE_PPE_THRES_MAX_LEN; 1802 1803 if (sband->band == NL80211_BAND_6GHZ) 1804 size += 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa); 1805 1806 size += 2 + 1 + sizeof(struct ieee80211_eht_cap_elem) + 1807 sizeof(struct ieee80211_eht_mcs_nss_supp) + 1808 IEEE80211_EHT_PPE_THRES_MAX_LEN; 1809 1810 /* non-inheritance element */ 1811 size += 2 + 2 + PRESENT_ELEMS_MAX; 1812 1813 /* should be the same across all BSSes */ 1814 if (cbss->capability & WLAN_CAPABILITY_PRIVACY) 1815 capab |= WLAN_CAPABILITY_PRIVACY; 1816 } 1817 1818 if (ieee80211_vif_is_mld(&sdata->vif)) { 1819 /* consider the multi-link element with STA profile */ 1820 size += sizeof(struct ieee80211_multi_link_elem); 1821 /* max common info field in basic multi-link element */ 1822 size += sizeof(struct ieee80211_mle_basic_common_info) + 1823 2 + /* capa & op */ 1824 2; /* EML capa */ 1825 1826 /* 1827 * The capability elements were already considered above; 1828 * note this over-estimates a bit because there's no 1829 * STA profile for the assoc link. 1830 */ 1831 size += (n_links - 1) * 1832 (1 + 1 + /* subelement ID/length */ 1833 2 + /* STA control */ 1834 1 + ETH_ALEN + 2 /* STA Info field */); 1835 } 1836 1837 link = sdata_dereference(sdata->link[assoc_data->assoc_link_id], sdata); 1838 if (WARN_ON(!link)) 1839 return -EINVAL; 1840 1841 if (WARN_ON(!assoc_data->link[assoc_data->assoc_link_id].bss)) 1842 return -EINVAL; 1843 1844 skb = alloc_skb(size, GFP_KERNEL); 1845 if (!skb) 1846 return -ENOMEM; 1847 1848 skb_reserve(skb, local->hw.extra_tx_headroom); 1849 1850 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM) 1851 capab |= WLAN_CAPABILITY_RADIO_MEASURE; 1852 1853 /* Set MBSSID support for HE AP if needed */ 1854 if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) && 1855 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE && 1856 ext_capa && ext_capa->datalen >= 3) 1857 ext_capa->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT; 1858 1859 mgmt = skb_put_zero(skb, 24); 1860 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN); 1861 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 1862 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN); 1863 1864 listen_int = cpu_to_le16(assoc_data->s1g ? 1865 ieee80211_encode_usf(local->hw.conf.listen_interval) : 1866 local->hw.conf.listen_interval); 1867 if (!is_zero_ether_addr(assoc_data->prev_ap_addr)) { 1868 skb_put(skb, 10); 1869 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 1870 IEEE80211_STYPE_REASSOC_REQ); 1871 capab_pos = &mgmt->u.reassoc_req.capab_info; 1872 mgmt->u.reassoc_req.listen_interval = listen_int; 1873 memcpy(mgmt->u.reassoc_req.current_ap, 1874 assoc_data->prev_ap_addr, ETH_ALEN); 1875 info.subtype = IEEE80211_STYPE_REASSOC_REQ; 1876 } else { 1877 skb_put(skb, 4); 1878 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 1879 IEEE80211_STYPE_ASSOC_REQ); 1880 capab_pos = &mgmt->u.assoc_req.capab_info; 1881 mgmt->u.assoc_req.listen_interval = listen_int; 1882 info.subtype = IEEE80211_STYPE_ASSOC_REQ; 1883 } 1884 1885 /* SSID */ 1886 pos = skb_put(skb, 2 + assoc_data->ssid_len); 1887 ie_start = pos; 1888 *pos++ = WLAN_EID_SSID; 1889 *pos++ = assoc_data->ssid_len; 1890 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 1891 1892 /* 1893 * This bit is technically reserved, so it shouldn't matter for either 1894 * the AP or us, but it also means we shouldn't set it. However, we've 1895 * always set it in the past, and apparently some EHT APs check that 1896 * we don't set it. To avoid interoperability issues with old APs that 1897 * for some reason check it and want it to be set, set the bit for all 1898 * pre-EHT connections as we used to do. 1899 */ 1900 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_EHT) 1901 capab |= WLAN_CAPABILITY_ESS; 1902 1903 /* add the elements for the assoc (main) link */ 1904 link_capab = capab; 1905 offset = ieee80211_assoc_link_elems(sdata, skb, &link_capab, 1906 ext_capa, 1907 assoc_data->ie, 1908 assoc_data->ie_len, 1909 assoc_data->assoc_link_id, link, 1910 present_elems); 1911 put_unaligned_le16(link_capab, capab_pos); 1912 1913 /* if present, add any custom non-vendor IEs */ 1914 if (assoc_data->ie_len) { 1915 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 1916 assoc_data->ie_len, 1917 offset); 1918 skb_put_data(skb, assoc_data->ie + offset, noffset - offset); 1919 offset = noffset; 1920 } 1921 1922 if (assoc_data->wmm) { 1923 if (assoc_data->uapsd) { 1924 qos_info = ifmgd->uapsd_queues; 1925 qos_info |= (ifmgd->uapsd_max_sp_len << 1926 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 1927 } else { 1928 qos_info = 0; 1929 } 1930 1931 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info); 1932 } 1933 1934 /* add any remaining custom (i.e. vendor specific here) IEs */ 1935 if (assoc_data->ie_len) { 1936 noffset = assoc_data->ie_len; 1937 skb_put_data(skb, assoc_data->ie + offset, noffset - offset); 1938 } 1939 1940 if (assoc_data->fils_kek_len) { 1941 ret = fils_encrypt_assoc_req(skb, assoc_data); 1942 if (ret < 0) { 1943 dev_kfree_skb(skb); 1944 return ret; 1945 } 1946 } 1947 1948 pos = skb_tail_pointer(skb); 1949 kfree(ifmgd->assoc_req_ies); 1950 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC); 1951 if (!ifmgd->assoc_req_ies) { 1952 dev_kfree_skb(skb); 1953 return -ENOMEM; 1954 } 1955 1956 ifmgd->assoc_req_ies_len = pos - ie_start; 1957 1958 info.link_id = assoc_data->assoc_link_id; 1959 drv_mgd_prepare_tx(local, sdata, &info); 1960 1961 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 1962 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 1963 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 1964 IEEE80211_TX_INTFL_MLME_CONN_TX; 1965 ieee80211_tx_skb(sdata, skb); 1966 1967 return 0; 1968 } 1969 1970 void ieee80211_send_pspoll(struct ieee80211_local *local, 1971 struct ieee80211_sub_if_data *sdata) 1972 { 1973 struct ieee80211_pspoll *pspoll; 1974 struct sk_buff *skb; 1975 1976 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 1977 if (!skb) 1978 return; 1979 1980 pspoll = (struct ieee80211_pspoll *) skb->data; 1981 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 1982 1983 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 1984 ieee80211_tx_skb(sdata, skb); 1985 } 1986 1987 void ieee80211_send_nullfunc(struct ieee80211_local *local, 1988 struct ieee80211_sub_if_data *sdata, 1989 bool powersave) 1990 { 1991 struct sk_buff *skb; 1992 struct ieee80211_hdr_3addr *nullfunc; 1993 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1994 1995 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif, -1, 1996 !ieee80211_hw_check(&local->hw, 1997 DOESNT_SUPPORT_QOS_NDP)); 1998 if (!skb) 1999 return; 2000 2001 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 2002 if (powersave) 2003 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 2004 2005 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 2006 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 2007 2008 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 2009 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 2010 2011 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 2012 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 2013 2014 ieee80211_tx_skb(sdata, skb); 2015 } 2016 2017 void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 2018 struct ieee80211_sub_if_data *sdata) 2019 { 2020 struct sk_buff *skb; 2021 struct ieee80211_hdr *nullfunc; 2022 __le16 fc; 2023 2024 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2025 return; 2026 2027 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 2028 if (!skb) 2029 return; 2030 2031 skb_reserve(skb, local->hw.extra_tx_headroom); 2032 2033 nullfunc = skb_put_zero(skb, 30); 2034 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 2035 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 2036 nullfunc->frame_control = fc; 2037 memcpy(nullfunc->addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN); 2038 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 2039 memcpy(nullfunc->addr3, sdata->deflink.u.mgd.bssid, ETH_ALEN); 2040 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 2041 2042 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 2043 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 2044 ieee80211_tx_skb(sdata, skb); 2045 } 2046 2047 /* spectrum management related things */ 2048 static void ieee80211_chswitch_work(struct wiphy *wiphy, 2049 struct wiphy_work *work) 2050 { 2051 struct ieee80211_link_data *link = 2052 container_of(work, struct ieee80211_link_data, 2053 u.mgd.chswitch_work.work); 2054 struct ieee80211_sub_if_data *sdata = link->sdata; 2055 struct ieee80211_local *local = sdata->local; 2056 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2057 int ret; 2058 2059 if (!ieee80211_sdata_running(sdata)) 2060 return; 2061 2062 lockdep_assert_wiphy(local->hw.wiphy); 2063 2064 if (!ifmgd->associated) 2065 return; 2066 2067 if (!link->conf->csa_active) 2068 return; 2069 2070 /* 2071 * using reservation isn't immediate as it may be deferred until later 2072 * with multi-vif. once reservation is complete it will re-schedule the 2073 * work with no reserved_chanctx so verify chandef to check if it 2074 * completed successfully 2075 */ 2076 2077 if (link->reserved_chanctx) { 2078 /* 2079 * with multi-vif csa driver may call ieee80211_csa_finish() 2080 * many times while waiting for other interfaces to use their 2081 * reservations 2082 */ 2083 if (link->reserved_ready) 2084 return; 2085 2086 ret = ieee80211_link_use_reserved_context(link); 2087 if (ret) { 2088 sdata_info(sdata, 2089 "failed to use reserved channel context, disconnecting (err=%d)\n", 2090 ret); 2091 wiphy_work_queue(sdata->local->hw.wiphy, 2092 &ifmgd->csa_connection_drop_work); 2093 } 2094 return; 2095 } 2096 2097 if (!ieee80211_chanreq_identical(&link->conf->chanreq, 2098 &link->csa_chanreq)) { 2099 sdata_info(sdata, 2100 "failed to finalize channel switch, disconnecting\n"); 2101 wiphy_work_queue(sdata->local->hw.wiphy, 2102 &ifmgd->csa_connection_drop_work); 2103 return; 2104 } 2105 2106 link->u.mgd.csa_waiting_bcn = true; 2107 2108 ieee80211_sta_reset_beacon_monitor(sdata); 2109 ieee80211_sta_reset_conn_monitor(sdata); 2110 } 2111 2112 static void ieee80211_chswitch_post_beacon(struct ieee80211_link_data *link) 2113 { 2114 struct ieee80211_sub_if_data *sdata = link->sdata; 2115 struct ieee80211_local *local = sdata->local; 2116 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2117 int ret; 2118 2119 lockdep_assert_wiphy(sdata->local->hw.wiphy); 2120 2121 WARN_ON(!link->conf->csa_active); 2122 2123 if (sdata->csa_blocked_queues) { 2124 ieee80211_wake_vif_queues(local, sdata, 2125 IEEE80211_QUEUE_STOP_REASON_CSA); 2126 sdata->csa_blocked_queues = false; 2127 } 2128 2129 link->conf->csa_active = false; 2130 link->u.mgd.csa_blocked_tx = false; 2131 link->u.mgd.csa_waiting_bcn = false; 2132 2133 ret = drv_post_channel_switch(link); 2134 if (ret) { 2135 sdata_info(sdata, 2136 "driver post channel switch failed, disconnecting\n"); 2137 wiphy_work_queue(sdata->local->hw.wiphy, 2138 &ifmgd->csa_connection_drop_work); 2139 return; 2140 } 2141 2142 cfg80211_ch_switch_notify(sdata->dev, &link->reserved.oper, 2143 link->link_id); 2144 } 2145 2146 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success, 2147 unsigned int link_id) 2148 { 2149 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2150 2151 trace_api_chswitch_done(sdata, success, link_id); 2152 2153 rcu_read_lock(); 2154 2155 if (!success) { 2156 sdata_info(sdata, 2157 "driver channel switch failed, disconnecting\n"); 2158 wiphy_work_queue(sdata->local->hw.wiphy, 2159 &sdata->u.mgd.csa_connection_drop_work); 2160 } else { 2161 struct ieee80211_link_data *link = 2162 rcu_dereference(sdata->link[link_id]); 2163 2164 if (WARN_ON(!link)) { 2165 rcu_read_unlock(); 2166 return; 2167 } 2168 2169 wiphy_delayed_work_queue(sdata->local->hw.wiphy, 2170 &link->u.mgd.chswitch_work, 0); 2171 } 2172 2173 rcu_read_unlock(); 2174 } 2175 EXPORT_SYMBOL(ieee80211_chswitch_done); 2176 2177 static void 2178 ieee80211_sta_abort_chanswitch(struct ieee80211_link_data *link) 2179 { 2180 struct ieee80211_sub_if_data *sdata = link->sdata; 2181 struct ieee80211_local *local = sdata->local; 2182 2183 lockdep_assert_wiphy(local->hw.wiphy); 2184 2185 if (!local->ops->abort_channel_switch) 2186 return; 2187 2188 ieee80211_link_unreserve_chanctx(link); 2189 2190 if (sdata->csa_blocked_queues) { 2191 ieee80211_wake_vif_queues(local, sdata, 2192 IEEE80211_QUEUE_STOP_REASON_CSA); 2193 sdata->csa_blocked_queues = false; 2194 } 2195 2196 link->conf->csa_active = false; 2197 link->u.mgd.csa_blocked_tx = false; 2198 2199 drv_abort_channel_switch(link); 2200 } 2201 2202 static void 2203 ieee80211_sta_process_chanswitch(struct ieee80211_link_data *link, 2204 u64 timestamp, u32 device_timestamp, 2205 struct ieee802_11_elems *elems, 2206 bool beacon) 2207 { 2208 struct ieee80211_sub_if_data *sdata = link->sdata; 2209 struct ieee80211_local *local = sdata->local; 2210 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2211 struct cfg80211_bss *cbss = link->conf->bss; 2212 struct ieee80211_chanctx_conf *conf; 2213 struct ieee80211_chanctx *chanctx; 2214 enum nl80211_band current_band; 2215 struct ieee80211_csa_ie csa_ie; 2216 struct ieee80211_channel_switch ch_switch = { 2217 .link_id = link->link_id, 2218 }; 2219 struct ieee80211_bss *bss; 2220 unsigned long timeout; 2221 int res; 2222 2223 lockdep_assert_wiphy(local->hw.wiphy); 2224 2225 if (!cbss) 2226 return; 2227 2228 current_band = cbss->channel->band; 2229 bss = (void *)cbss->priv; 2230 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band, 2231 bss->vht_cap_info, 2232 &link->u.mgd.conn, 2233 link->u.mgd.bssid, &csa_ie); 2234 2235 if (!res) { 2236 ch_switch.timestamp = timestamp; 2237 ch_switch.device_timestamp = device_timestamp; 2238 ch_switch.block_tx = csa_ie.mode; 2239 ch_switch.chandef = csa_ie.chanreq.oper; 2240 ch_switch.count = csa_ie.count; 2241 ch_switch.delay = csa_ie.max_switch_time; 2242 } 2243 2244 if (res < 0) 2245 goto drop_connection; 2246 2247 if (link->conf->csa_active) { 2248 /* already processing - disregard action frames */ 2249 if (!beacon) 2250 return; 2251 2252 if (link->u.mgd.csa_waiting_bcn) { 2253 ieee80211_chswitch_post_beacon(link); 2254 /* 2255 * If the CSA IE is still present in the beacon after 2256 * the switch, we need to consider it as a new CSA 2257 * (possibly to self) - this happens by not returning 2258 * here so we'll get to the check below. 2259 */ 2260 } else if (res) { 2261 ieee80211_sta_abort_chanswitch(link); 2262 return; 2263 } else { 2264 drv_channel_switch_rx_beacon(sdata, &ch_switch); 2265 return; 2266 } 2267 } 2268 2269 /* nothing to do at all - no active CSA nor a new one */ 2270 if (res) 2271 return; 2272 2273 if (link->conf->chanreq.oper.chan->band != 2274 csa_ie.chanreq.oper.chan->band) { 2275 sdata_info(sdata, 2276 "AP %pM switches to different band (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 2277 link->u.mgd.bssid, 2278 csa_ie.chanreq.oper.chan->center_freq, 2279 csa_ie.chanreq.oper.width, 2280 csa_ie.chanreq.oper.center_freq1, 2281 csa_ie.chanreq.oper.center_freq2); 2282 goto drop_connection; 2283 } 2284 2285 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chanreq.oper, 2286 IEEE80211_CHAN_DISABLED)) { 2287 sdata_info(sdata, 2288 "AP %pM switches to unsupported channel " 2289 "(%d.%03d MHz, width:%d, CF1/2: %d.%03d/%d MHz), " 2290 "disconnecting\n", 2291 link->u.mgd.bssid, 2292 csa_ie.chanreq.oper.chan->center_freq, 2293 csa_ie.chanreq.oper.chan->freq_offset, 2294 csa_ie.chanreq.oper.width, 2295 csa_ie.chanreq.oper.center_freq1, 2296 csa_ie.chanreq.oper.freq1_offset, 2297 csa_ie.chanreq.oper.center_freq2); 2298 goto drop_connection; 2299 } 2300 2301 if (cfg80211_chandef_identical(&csa_ie.chanreq.oper, 2302 &link->conf->chanreq.oper) && 2303 (!csa_ie.mode || !beacon)) { 2304 if (link->u.mgd.csa_ignored_same_chan) 2305 return; 2306 sdata_info(sdata, 2307 "AP %pM tries to chanswitch to same channel, ignore\n", 2308 link->u.mgd.bssid); 2309 link->u.mgd.csa_ignored_same_chan = true; 2310 return; 2311 } 2312 2313 /* 2314 * Drop all TDLS peers on the affected link - either we disconnect or 2315 * move to a different channel from this point on. There's no telling 2316 * what our peer will do. 2317 * The TDLS WIDER_BW scenario is also problematic, as peers might now 2318 * have an incompatible wider chandef. 2319 */ 2320 ieee80211_teardown_tdls_peers(link); 2321 2322 conf = rcu_dereference_protected(link->conf->chanctx_conf, 2323 lockdep_is_held(&local->hw.wiphy->mtx)); 2324 if (!conf) { 2325 sdata_info(sdata, 2326 "no channel context assigned to vif?, disconnecting\n"); 2327 goto drop_connection; 2328 } 2329 2330 chanctx = container_of(conf, struct ieee80211_chanctx, conf); 2331 2332 if (!ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) { 2333 sdata_info(sdata, 2334 "driver doesn't support chan-switch with channel contexts\n"); 2335 goto drop_connection; 2336 } 2337 2338 if (drv_pre_channel_switch(sdata, &ch_switch)) { 2339 sdata_info(sdata, 2340 "preparing for channel switch failed, disconnecting\n"); 2341 goto drop_connection; 2342 } 2343 2344 res = ieee80211_link_reserve_chanctx(link, &csa_ie.chanreq, 2345 chanctx->mode, false); 2346 if (res) { 2347 sdata_info(sdata, 2348 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n", 2349 res); 2350 goto drop_connection; 2351 } 2352 2353 link->conf->csa_active = true; 2354 link->csa_chanreq = csa_ie.chanreq; 2355 link->u.mgd.csa_ignored_same_chan = false; 2356 link->u.mgd.beacon_crc_valid = false; 2357 link->u.mgd.csa_blocked_tx = csa_ie.mode; 2358 2359 if (csa_ie.mode && 2360 !ieee80211_hw_check(&local->hw, HANDLES_QUIET_CSA)) { 2361 ieee80211_stop_vif_queues(local, sdata, 2362 IEEE80211_QUEUE_STOP_REASON_CSA); 2363 sdata->csa_blocked_queues = true; 2364 } 2365 2366 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chanreq.oper, 2367 link->link_id, csa_ie.count, 2368 csa_ie.mode); 2369 2370 if (local->ops->channel_switch) { 2371 /* use driver's channel switch callback */ 2372 drv_channel_switch(local, sdata, &ch_switch); 2373 return; 2374 } 2375 2376 /* channel switch handled in software */ 2377 timeout = TU_TO_JIFFIES((max_t(int, csa_ie.count, 1) - 1) * 2378 cbss->beacon_interval); 2379 wiphy_delayed_work_queue(local->hw.wiphy, 2380 &link->u.mgd.chswitch_work, 2381 timeout); 2382 return; 2383 drop_connection: 2384 /* 2385 * This is just so that the disconnect flow will know that 2386 * we were trying to switch channel and failed. In case the 2387 * mode is 1 (we are not allowed to Tx), we will know not to 2388 * send a deauthentication frame. Those two fields will be 2389 * reset when the disconnection worker runs. 2390 */ 2391 link->conf->csa_active = true; 2392 link->u.mgd.csa_blocked_tx = csa_ie.mode; 2393 sdata->csa_blocked_queues = 2394 csa_ie.mode && !ieee80211_hw_check(&local->hw, HANDLES_QUIET_CSA); 2395 2396 wiphy_work_queue(sdata->local->hw.wiphy, 2397 &ifmgd->csa_connection_drop_work); 2398 } 2399 2400 static bool 2401 ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata, 2402 struct ieee80211_channel *channel, 2403 const u8 *country_ie, u8 country_ie_len, 2404 const u8 *pwr_constr_elem, 2405 int *chan_pwr, int *pwr_reduction) 2406 { 2407 struct ieee80211_country_ie_triplet *triplet; 2408 int chan = ieee80211_frequency_to_channel(channel->center_freq); 2409 int i, chan_increment; 2410 bool have_chan_pwr = false; 2411 2412 /* Invalid IE */ 2413 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 2414 return false; 2415 2416 triplet = (void *)(country_ie + 3); 2417 country_ie_len -= 3; 2418 2419 switch (channel->band) { 2420 default: 2421 WARN_ON_ONCE(1); 2422 fallthrough; 2423 case NL80211_BAND_2GHZ: 2424 case NL80211_BAND_60GHZ: 2425 case NL80211_BAND_LC: 2426 chan_increment = 1; 2427 break; 2428 case NL80211_BAND_5GHZ: 2429 chan_increment = 4; 2430 break; 2431 case NL80211_BAND_6GHZ: 2432 /* 2433 * In the 6 GHz band, the "maximum transmit power level" 2434 * field in the triplets is reserved, and thus will be 2435 * zero and we shouldn't use it to control TX power. 2436 * The actual TX power will be given in the transmit 2437 * power envelope element instead. 2438 */ 2439 return false; 2440 } 2441 2442 /* find channel */ 2443 while (country_ie_len >= 3) { 2444 u8 first_channel = triplet->chans.first_channel; 2445 2446 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 2447 goto next; 2448 2449 for (i = 0; i < triplet->chans.num_channels; i++) { 2450 if (first_channel + i * chan_increment == chan) { 2451 have_chan_pwr = true; 2452 *chan_pwr = triplet->chans.max_power; 2453 break; 2454 } 2455 } 2456 if (have_chan_pwr) 2457 break; 2458 2459 next: 2460 triplet++; 2461 country_ie_len -= 3; 2462 } 2463 2464 if (have_chan_pwr && pwr_constr_elem) 2465 *pwr_reduction = *pwr_constr_elem; 2466 else 2467 *pwr_reduction = 0; 2468 2469 return have_chan_pwr; 2470 } 2471 2472 static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata, 2473 struct ieee80211_channel *channel, 2474 const u8 *cisco_dtpc_ie, 2475 int *pwr_level) 2476 { 2477 /* From practical testing, the first data byte of the DTPC element 2478 * seems to contain the requested dBm level, and the CLI on Cisco 2479 * APs clearly state the range is -127 to 127 dBm, which indicates 2480 * a signed byte, although it seemingly never actually goes negative. 2481 * The other byte seems to always be zero. 2482 */ 2483 *pwr_level = (__s8)cisco_dtpc_ie[4]; 2484 } 2485 2486 static u64 ieee80211_handle_pwr_constr(struct ieee80211_link_data *link, 2487 struct ieee80211_channel *channel, 2488 struct ieee80211_mgmt *mgmt, 2489 const u8 *country_ie, u8 country_ie_len, 2490 const u8 *pwr_constr_ie, 2491 const u8 *cisco_dtpc_ie) 2492 { 2493 struct ieee80211_sub_if_data *sdata = link->sdata; 2494 bool has_80211h_pwr = false, has_cisco_pwr = false; 2495 int chan_pwr = 0, pwr_reduction_80211h = 0; 2496 int pwr_level_cisco, pwr_level_80211h; 2497 int new_ap_level; 2498 __le16 capab = mgmt->u.probe_resp.capab_info; 2499 2500 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) 2501 return 0; /* TODO */ 2502 2503 if (country_ie && 2504 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) || 2505 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) { 2506 has_80211h_pwr = ieee80211_find_80211h_pwr_constr( 2507 sdata, channel, country_ie, country_ie_len, 2508 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h); 2509 pwr_level_80211h = 2510 max_t(int, 0, chan_pwr - pwr_reduction_80211h); 2511 } 2512 2513 if (cisco_dtpc_ie) { 2514 ieee80211_find_cisco_dtpc( 2515 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco); 2516 has_cisco_pwr = true; 2517 } 2518 2519 if (!has_80211h_pwr && !has_cisco_pwr) 2520 return 0; 2521 2522 /* If we have both 802.11h and Cisco DTPC, apply both limits 2523 * by picking the smallest of the two power levels advertised. 2524 */ 2525 if (has_80211h_pwr && 2526 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) { 2527 new_ap_level = pwr_level_80211h; 2528 2529 if (link->ap_power_level == new_ap_level) 2530 return 0; 2531 2532 sdata_dbg(sdata, 2533 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 2534 pwr_level_80211h, chan_pwr, pwr_reduction_80211h, 2535 link->u.mgd.bssid); 2536 } else { /* has_cisco_pwr is always true here. */ 2537 new_ap_level = pwr_level_cisco; 2538 2539 if (link->ap_power_level == new_ap_level) 2540 return 0; 2541 2542 sdata_dbg(sdata, 2543 "Limiting TX power to %d dBm as advertised by %pM\n", 2544 pwr_level_cisco, link->u.mgd.bssid); 2545 } 2546 2547 link->ap_power_level = new_ap_level; 2548 if (__ieee80211_recalc_txpower(sdata)) 2549 return BSS_CHANGED_TXPOWER; 2550 return 0; 2551 } 2552 2553 /* powersave */ 2554 static void ieee80211_enable_ps(struct ieee80211_local *local, 2555 struct ieee80211_sub_if_data *sdata) 2556 { 2557 struct ieee80211_conf *conf = &local->hw.conf; 2558 2559 /* 2560 * If we are scanning right now then the parameters will 2561 * take effect when scan finishes. 2562 */ 2563 if (local->scanning) 2564 return; 2565 2566 if (conf->dynamic_ps_timeout > 0 && 2567 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) { 2568 mod_timer(&local->dynamic_ps_timer, jiffies + 2569 msecs_to_jiffies(conf->dynamic_ps_timeout)); 2570 } else { 2571 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) 2572 ieee80211_send_nullfunc(local, sdata, true); 2573 2574 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) && 2575 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 2576 return; 2577 2578 conf->flags |= IEEE80211_CONF_PS; 2579 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2580 } 2581 } 2582 2583 static void ieee80211_change_ps(struct ieee80211_local *local) 2584 { 2585 struct ieee80211_conf *conf = &local->hw.conf; 2586 2587 if (local->ps_sdata) { 2588 ieee80211_enable_ps(local, local->ps_sdata); 2589 } else if (conf->flags & IEEE80211_CONF_PS) { 2590 conf->flags &= ~IEEE80211_CONF_PS; 2591 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2592 del_timer_sync(&local->dynamic_ps_timer); 2593 wiphy_work_cancel(local->hw.wiphy, 2594 &local->dynamic_ps_enable_work); 2595 } 2596 } 2597 2598 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 2599 { 2600 struct ieee80211_local *local = sdata->local; 2601 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 2602 struct sta_info *sta = NULL; 2603 bool authorized = false; 2604 2605 if (!mgd->powersave) 2606 return false; 2607 2608 if (mgd->broken_ap) 2609 return false; 2610 2611 if (!mgd->associated) 2612 return false; 2613 2614 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL) 2615 return false; 2616 2617 if (!(local->hw.wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO) && 2618 !sdata->deflink.u.mgd.have_beacon) 2619 return false; 2620 2621 rcu_read_lock(); 2622 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr); 2623 if (sta) 2624 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 2625 rcu_read_unlock(); 2626 2627 return authorized; 2628 } 2629 2630 /* need to hold RTNL or interface lock */ 2631 void ieee80211_recalc_ps(struct ieee80211_local *local) 2632 { 2633 struct ieee80211_sub_if_data *sdata, *found = NULL; 2634 int count = 0; 2635 int timeout; 2636 2637 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS) || 2638 ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) { 2639 local->ps_sdata = NULL; 2640 return; 2641 } 2642 2643 list_for_each_entry(sdata, &local->interfaces, list) { 2644 if (!ieee80211_sdata_running(sdata)) 2645 continue; 2646 if (sdata->vif.type == NL80211_IFTYPE_AP) { 2647 /* If an AP vif is found, then disable PS 2648 * by setting the count to zero thereby setting 2649 * ps_sdata to NULL. 2650 */ 2651 count = 0; 2652 break; 2653 } 2654 if (sdata->vif.type != NL80211_IFTYPE_STATION) 2655 continue; 2656 found = sdata; 2657 count++; 2658 } 2659 2660 if (count == 1 && ieee80211_powersave_allowed(found)) { 2661 u8 dtimper = found->deflink.u.mgd.dtim_period; 2662 2663 timeout = local->dynamic_ps_forced_timeout; 2664 if (timeout < 0) 2665 timeout = 100; 2666 local->hw.conf.dynamic_ps_timeout = timeout; 2667 2668 /* If the TIM IE is invalid, pretend the value is 1 */ 2669 if (!dtimper) 2670 dtimper = 1; 2671 2672 local->hw.conf.ps_dtim_period = dtimper; 2673 local->ps_sdata = found; 2674 } else { 2675 local->ps_sdata = NULL; 2676 } 2677 2678 ieee80211_change_ps(local); 2679 } 2680 2681 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 2682 { 2683 bool ps_allowed = ieee80211_powersave_allowed(sdata); 2684 2685 if (sdata->vif.cfg.ps != ps_allowed) { 2686 sdata->vif.cfg.ps = ps_allowed; 2687 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_PS); 2688 } 2689 } 2690 2691 void ieee80211_dynamic_ps_disable_work(struct wiphy *wiphy, 2692 struct wiphy_work *work) 2693 { 2694 struct ieee80211_local *local = 2695 container_of(work, struct ieee80211_local, 2696 dynamic_ps_disable_work); 2697 2698 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 2699 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 2700 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2701 } 2702 2703 ieee80211_wake_queues_by_reason(&local->hw, 2704 IEEE80211_MAX_QUEUE_MAP, 2705 IEEE80211_QUEUE_STOP_REASON_PS, 2706 false); 2707 } 2708 2709 void ieee80211_dynamic_ps_enable_work(struct wiphy *wiphy, 2710 struct wiphy_work *work) 2711 { 2712 struct ieee80211_local *local = 2713 container_of(work, struct ieee80211_local, 2714 dynamic_ps_enable_work); 2715 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 2716 struct ieee80211_if_managed *ifmgd; 2717 unsigned long flags; 2718 int q; 2719 2720 /* can only happen when PS was just disabled anyway */ 2721 if (!sdata) 2722 return; 2723 2724 ifmgd = &sdata->u.mgd; 2725 2726 if (local->hw.conf.flags & IEEE80211_CONF_PS) 2727 return; 2728 2729 if (local->hw.conf.dynamic_ps_timeout > 0) { 2730 /* don't enter PS if TX frames are pending */ 2731 if (drv_tx_frames_pending(local)) { 2732 mod_timer(&local->dynamic_ps_timer, jiffies + 2733 msecs_to_jiffies( 2734 local->hw.conf.dynamic_ps_timeout)); 2735 return; 2736 } 2737 2738 /* 2739 * transmission can be stopped by others which leads to 2740 * dynamic_ps_timer expiry. Postpone the ps timer if it 2741 * is not the actual idle state. 2742 */ 2743 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 2744 for (q = 0; q < local->hw.queues; q++) { 2745 if (local->queue_stop_reasons[q]) { 2746 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 2747 flags); 2748 mod_timer(&local->dynamic_ps_timer, jiffies + 2749 msecs_to_jiffies( 2750 local->hw.conf.dynamic_ps_timeout)); 2751 return; 2752 } 2753 } 2754 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 2755 } 2756 2757 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) && 2758 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 2759 if (drv_tx_frames_pending(local)) { 2760 mod_timer(&local->dynamic_ps_timer, jiffies + 2761 msecs_to_jiffies( 2762 local->hw.conf.dynamic_ps_timeout)); 2763 } else { 2764 ieee80211_send_nullfunc(local, sdata, true); 2765 /* Flush to get the tx status of nullfunc frame */ 2766 ieee80211_flush_queues(local, sdata, false); 2767 } 2768 } 2769 2770 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) && 2771 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) || 2772 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 2773 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 2774 local->hw.conf.flags |= IEEE80211_CONF_PS; 2775 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2776 } 2777 } 2778 2779 void ieee80211_dynamic_ps_timer(struct timer_list *t) 2780 { 2781 struct ieee80211_local *local = from_timer(local, t, dynamic_ps_timer); 2782 2783 wiphy_work_queue(local->hw.wiphy, &local->dynamic_ps_enable_work); 2784 } 2785 2786 void ieee80211_dfs_cac_timer_work(struct wiphy *wiphy, struct wiphy_work *work) 2787 { 2788 struct ieee80211_link_data *link = 2789 container_of(work, struct ieee80211_link_data, 2790 dfs_cac_timer_work.work); 2791 struct cfg80211_chan_def chandef = link->conf->chanreq.oper; 2792 struct ieee80211_sub_if_data *sdata = link->sdata; 2793 2794 lockdep_assert_wiphy(sdata->local->hw.wiphy); 2795 2796 if (sdata->wdev.cac_started) { 2797 ieee80211_link_release_channel(link); 2798 cfg80211_cac_event(sdata->dev, &chandef, 2799 NL80211_RADAR_CAC_FINISHED, 2800 GFP_KERNEL); 2801 } 2802 } 2803 2804 static bool 2805 __ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 2806 { 2807 struct ieee80211_local *local = sdata->local; 2808 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2809 bool ret = false; 2810 int ac; 2811 2812 if (local->hw.queues < IEEE80211_NUM_ACS) 2813 return false; 2814 2815 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 2816 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac]; 2817 int non_acm_ac; 2818 unsigned long now = jiffies; 2819 2820 if (tx_tspec->action == TX_TSPEC_ACTION_NONE && 2821 tx_tspec->admitted_time && 2822 time_after(now, tx_tspec->time_slice_start + HZ)) { 2823 tx_tspec->consumed_tx_time = 0; 2824 tx_tspec->time_slice_start = now; 2825 2826 if (tx_tspec->downgraded) 2827 tx_tspec->action = 2828 TX_TSPEC_ACTION_STOP_DOWNGRADE; 2829 } 2830 2831 switch (tx_tspec->action) { 2832 case TX_TSPEC_ACTION_STOP_DOWNGRADE: 2833 /* take the original parameters */ 2834 if (drv_conf_tx(local, &sdata->deflink, ac, 2835 &sdata->deflink.tx_conf[ac])) 2836 link_err(&sdata->deflink, 2837 "failed to set TX queue parameters for queue %d\n", 2838 ac); 2839 tx_tspec->action = TX_TSPEC_ACTION_NONE; 2840 tx_tspec->downgraded = false; 2841 ret = true; 2842 break; 2843 case TX_TSPEC_ACTION_DOWNGRADE: 2844 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 2845 tx_tspec->action = TX_TSPEC_ACTION_NONE; 2846 ret = true; 2847 break; 2848 } 2849 /* downgrade next lower non-ACM AC */ 2850 for (non_acm_ac = ac + 1; 2851 non_acm_ac < IEEE80211_NUM_ACS; 2852 non_acm_ac++) 2853 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac))) 2854 break; 2855 /* Usually the loop will result in using BK even if it 2856 * requires admission control, but such a configuration 2857 * makes no sense and we have to transmit somehow - the 2858 * AC selection does the same thing. 2859 * If we started out trying to downgrade from BK, then 2860 * the extra condition here might be needed. 2861 */ 2862 if (non_acm_ac >= IEEE80211_NUM_ACS) 2863 non_acm_ac = IEEE80211_AC_BK; 2864 if (drv_conf_tx(local, &sdata->deflink, ac, 2865 &sdata->deflink.tx_conf[non_acm_ac])) 2866 link_err(&sdata->deflink, 2867 "failed to set TX queue parameters for queue %d\n", 2868 ac); 2869 tx_tspec->action = TX_TSPEC_ACTION_NONE; 2870 ret = true; 2871 wiphy_delayed_work_queue(local->hw.wiphy, 2872 &ifmgd->tx_tspec_wk, 2873 tx_tspec->time_slice_start + 2874 HZ - now + 1); 2875 break; 2876 case TX_TSPEC_ACTION_NONE: 2877 /* nothing now */ 2878 break; 2879 } 2880 } 2881 2882 return ret; 2883 } 2884 2885 void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 2886 { 2887 if (__ieee80211_sta_handle_tspec_ac_params(sdata)) 2888 ieee80211_link_info_change_notify(sdata, &sdata->deflink, 2889 BSS_CHANGED_QOS); 2890 } 2891 2892 static void ieee80211_sta_handle_tspec_ac_params_wk(struct wiphy *wiphy, 2893 struct wiphy_work *work) 2894 { 2895 struct ieee80211_sub_if_data *sdata; 2896 2897 sdata = container_of(work, struct ieee80211_sub_if_data, 2898 u.mgd.tx_tspec_wk.work); 2899 ieee80211_sta_handle_tspec_ac_params(sdata); 2900 } 2901 2902 void ieee80211_mgd_set_link_qos_params(struct ieee80211_link_data *link) 2903 { 2904 struct ieee80211_sub_if_data *sdata = link->sdata; 2905 struct ieee80211_local *local = sdata->local; 2906 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2907 struct ieee80211_tx_queue_params *params = link->tx_conf; 2908 u8 ac; 2909 2910 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 2911 mlme_dbg(sdata, 2912 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n", 2913 ac, params[ac].acm, 2914 params[ac].aifs, params[ac].cw_min, params[ac].cw_max, 2915 params[ac].txop, params[ac].uapsd, 2916 ifmgd->tx_tspec[ac].downgraded); 2917 if (!ifmgd->tx_tspec[ac].downgraded && 2918 drv_conf_tx(local, link, ac, ¶ms[ac])) 2919 link_err(link, 2920 "failed to set TX queue parameters for AC %d\n", 2921 ac); 2922 } 2923 } 2924 2925 /* MLME */ 2926 static bool 2927 ieee80211_sta_wmm_params(struct ieee80211_local *local, 2928 struct ieee80211_link_data *link, 2929 const u8 *wmm_param, size_t wmm_param_len, 2930 const struct ieee80211_mu_edca_param_set *mu_edca) 2931 { 2932 struct ieee80211_sub_if_data *sdata = link->sdata; 2933 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS]; 2934 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2935 size_t left; 2936 int count, mu_edca_count, ac; 2937 const u8 *pos; 2938 u8 uapsd_queues = 0; 2939 2940 if (!local->ops->conf_tx) 2941 return false; 2942 2943 if (local->hw.queues < IEEE80211_NUM_ACS) 2944 return false; 2945 2946 if (!wmm_param) 2947 return false; 2948 2949 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 2950 return false; 2951 2952 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 2953 uapsd_queues = ifmgd->uapsd_queues; 2954 2955 count = wmm_param[6] & 0x0f; 2956 /* -1 is the initial value of ifmgd->mu_edca_last_param_set. 2957 * if mu_edca was preset before and now it disappeared tell 2958 * the driver about it. 2959 */ 2960 mu_edca_count = mu_edca ? mu_edca->mu_qos_info & 0x0f : -1; 2961 if (count == link->u.mgd.wmm_last_param_set && 2962 mu_edca_count == link->u.mgd.mu_edca_last_param_set) 2963 return false; 2964 link->u.mgd.wmm_last_param_set = count; 2965 link->u.mgd.mu_edca_last_param_set = mu_edca_count; 2966 2967 pos = wmm_param + 8; 2968 left = wmm_param_len - 8; 2969 2970 memset(¶ms, 0, sizeof(params)); 2971 2972 sdata->wmm_acm = 0; 2973 for (; left >= 4; left -= 4, pos += 4) { 2974 int aci = (pos[0] >> 5) & 0x03; 2975 int acm = (pos[0] >> 4) & 0x01; 2976 bool uapsd = false; 2977 2978 switch (aci) { 2979 case 1: /* AC_BK */ 2980 ac = IEEE80211_AC_BK; 2981 if (acm) 2982 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 2983 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 2984 uapsd = true; 2985 params[ac].mu_edca = !!mu_edca; 2986 if (mu_edca) 2987 params[ac].mu_edca_param_rec = mu_edca->ac_bk; 2988 break; 2989 case 2: /* AC_VI */ 2990 ac = IEEE80211_AC_VI; 2991 if (acm) 2992 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 2993 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 2994 uapsd = true; 2995 params[ac].mu_edca = !!mu_edca; 2996 if (mu_edca) 2997 params[ac].mu_edca_param_rec = mu_edca->ac_vi; 2998 break; 2999 case 3: /* AC_VO */ 3000 ac = IEEE80211_AC_VO; 3001 if (acm) 3002 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 3003 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 3004 uapsd = true; 3005 params[ac].mu_edca = !!mu_edca; 3006 if (mu_edca) 3007 params[ac].mu_edca_param_rec = mu_edca->ac_vo; 3008 break; 3009 case 0: /* AC_BE */ 3010 default: 3011 ac = IEEE80211_AC_BE; 3012 if (acm) 3013 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 3014 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 3015 uapsd = true; 3016 params[ac].mu_edca = !!mu_edca; 3017 if (mu_edca) 3018 params[ac].mu_edca_param_rec = mu_edca->ac_be; 3019 break; 3020 } 3021 3022 params[ac].aifs = pos[0] & 0x0f; 3023 3024 if (params[ac].aifs < 2) { 3025 link_info(link, 3026 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n", 3027 params[ac].aifs, aci); 3028 params[ac].aifs = 2; 3029 } 3030 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 3031 params[ac].cw_min = ecw2cw(pos[1] & 0x0f); 3032 params[ac].txop = get_unaligned_le16(pos + 2); 3033 params[ac].acm = acm; 3034 params[ac].uapsd = uapsd; 3035 3036 if (params[ac].cw_min == 0 || 3037 params[ac].cw_min > params[ac].cw_max) { 3038 link_info(link, 3039 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n", 3040 params[ac].cw_min, params[ac].cw_max, aci); 3041 return false; 3042 } 3043 ieee80211_regulatory_limit_wmm_params(sdata, ¶ms[ac], ac); 3044 } 3045 3046 /* WMM specification requires all 4 ACIs. */ 3047 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 3048 if (params[ac].cw_min == 0) { 3049 link_info(link, 3050 "AP has invalid WMM params (missing AC %d), using defaults\n", 3051 ac); 3052 return false; 3053 } 3054 } 3055 3056 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) 3057 link->tx_conf[ac] = params[ac]; 3058 3059 ieee80211_mgd_set_link_qos_params(link); 3060 3061 /* enable WMM or activate new settings */ 3062 link->conf->qos = true; 3063 return true; 3064 } 3065 3066 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 3067 { 3068 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3069 3070 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL; 3071 ieee80211_run_deferred_scan(sdata->local); 3072 } 3073 3074 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 3075 { 3076 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3077 3078 __ieee80211_stop_poll(sdata); 3079 } 3080 3081 static u64 ieee80211_handle_bss_capability(struct ieee80211_link_data *link, 3082 u16 capab, bool erp_valid, u8 erp) 3083 { 3084 struct ieee80211_bss_conf *bss_conf = link->conf; 3085 struct ieee80211_supported_band *sband; 3086 u64 changed = 0; 3087 bool use_protection; 3088 bool use_short_preamble; 3089 bool use_short_slot; 3090 3091 sband = ieee80211_get_link_sband(link); 3092 if (!sband) 3093 return changed; 3094 3095 if (erp_valid) { 3096 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 3097 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 3098 } else { 3099 use_protection = false; 3100 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 3101 } 3102 3103 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 3104 if (sband->band == NL80211_BAND_5GHZ || 3105 sband->band == NL80211_BAND_6GHZ) 3106 use_short_slot = true; 3107 3108 if (use_protection != bss_conf->use_cts_prot) { 3109 bss_conf->use_cts_prot = use_protection; 3110 changed |= BSS_CHANGED_ERP_CTS_PROT; 3111 } 3112 3113 if (use_short_preamble != bss_conf->use_short_preamble) { 3114 bss_conf->use_short_preamble = use_short_preamble; 3115 changed |= BSS_CHANGED_ERP_PREAMBLE; 3116 } 3117 3118 if (use_short_slot != bss_conf->use_short_slot) { 3119 bss_conf->use_short_slot = use_short_slot; 3120 changed |= BSS_CHANGED_ERP_SLOT; 3121 } 3122 3123 return changed; 3124 } 3125 3126 static u64 ieee80211_link_set_associated(struct ieee80211_link_data *link, 3127 struct cfg80211_bss *cbss) 3128 { 3129 struct ieee80211_sub_if_data *sdata = link->sdata; 3130 struct ieee80211_bss_conf *bss_conf = link->conf; 3131 struct ieee80211_bss *bss = (void *)cbss->priv; 3132 u64 changed = BSS_CHANGED_QOS; 3133 3134 /* not really used in MLO */ 3135 sdata->u.mgd.beacon_timeout = 3136 usecs_to_jiffies(ieee80211_tu_to_usec(beacon_loss_count * 3137 bss_conf->beacon_int)); 3138 3139 changed |= ieee80211_handle_bss_capability(link, 3140 bss_conf->assoc_capability, 3141 bss->has_erp_value, 3142 bss->erp_value); 3143 3144 ieee80211_check_rate_mask(link); 3145 3146 link->conf->bss = cbss; 3147 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN); 3148 3149 if (sdata->vif.p2p || 3150 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) { 3151 const struct cfg80211_bss_ies *ies; 3152 3153 rcu_read_lock(); 3154 ies = rcu_dereference(cbss->ies); 3155 if (ies) { 3156 int ret; 3157 3158 ret = cfg80211_get_p2p_attr( 3159 ies->data, ies->len, 3160 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 3161 (u8 *) &bss_conf->p2p_noa_attr, 3162 sizeof(bss_conf->p2p_noa_attr)); 3163 if (ret >= 2) { 3164 link->u.mgd.p2p_noa_index = 3165 bss_conf->p2p_noa_attr.index; 3166 changed |= BSS_CHANGED_P2P_PS; 3167 } 3168 } 3169 rcu_read_unlock(); 3170 } 3171 3172 if (link->u.mgd.have_beacon) { 3173 bss_conf->beacon_rate = bss->beacon_rate; 3174 changed |= BSS_CHANGED_BEACON_INFO; 3175 } else { 3176 bss_conf->beacon_rate = NULL; 3177 } 3178 3179 /* Tell the driver to monitor connection quality (if supported) */ 3180 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 3181 bss_conf->cqm_rssi_thold) 3182 changed |= BSS_CHANGED_CQM; 3183 3184 return changed; 3185 } 3186 3187 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 3188 struct ieee80211_mgd_assoc_data *assoc_data, 3189 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS]) 3190 { 3191 struct ieee80211_local *local = sdata->local; 3192 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg; 3193 u64 vif_changed = BSS_CHANGED_ASSOC; 3194 unsigned int link_id; 3195 3196 lockdep_assert_wiphy(local->hw.wiphy); 3197 3198 sdata->u.mgd.associated = true; 3199 3200 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 3201 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss; 3202 struct ieee80211_link_data *link; 3203 3204 if (!cbss || 3205 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) 3206 continue; 3207 3208 if (ieee80211_vif_is_mld(&sdata->vif) && 3209 !(ieee80211_vif_usable_links(&sdata->vif) & BIT(link_id))) 3210 continue; 3211 3212 link = sdata_dereference(sdata->link[link_id], sdata); 3213 if (WARN_ON(!link)) 3214 return; 3215 3216 changed[link_id] |= ieee80211_link_set_associated(link, cbss); 3217 } 3218 3219 /* just to be sure */ 3220 ieee80211_stop_poll(sdata); 3221 3222 ieee80211_led_assoc(local, 1); 3223 3224 vif_cfg->assoc = 1; 3225 3226 /* Enable ARP filtering */ 3227 if (vif_cfg->arp_addr_cnt) 3228 vif_changed |= BSS_CHANGED_ARP_FILTER; 3229 3230 if (ieee80211_vif_is_mld(&sdata->vif)) { 3231 for (link_id = 0; 3232 link_id < IEEE80211_MLD_MAX_NUM_LINKS; 3233 link_id++) { 3234 struct ieee80211_link_data *link; 3235 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss; 3236 3237 if (!cbss || 3238 !(BIT(link_id) & 3239 ieee80211_vif_usable_links(&sdata->vif)) || 3240 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) 3241 continue; 3242 3243 link = sdata_dereference(sdata->link[link_id], sdata); 3244 if (WARN_ON(!link)) 3245 return; 3246 3247 ieee80211_link_info_change_notify(sdata, link, 3248 changed[link_id]); 3249 3250 ieee80211_recalc_smps(sdata, link); 3251 } 3252 3253 ieee80211_vif_cfg_change_notify(sdata, vif_changed); 3254 } else { 3255 ieee80211_bss_info_change_notify(sdata, 3256 vif_changed | changed[0]); 3257 } 3258 3259 ieee80211_recalc_ps(local); 3260 3261 /* leave this here to not change ordering in non-MLO cases */ 3262 if (!ieee80211_vif_is_mld(&sdata->vif)) 3263 ieee80211_recalc_smps(sdata, &sdata->deflink); 3264 ieee80211_recalc_ps_vif(sdata); 3265 3266 netif_carrier_on(sdata->dev); 3267 } 3268 3269 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 3270 u16 stype, u16 reason, bool tx, 3271 u8 *frame_buf) 3272 { 3273 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3274 struct ieee80211_local *local = sdata->local; 3275 unsigned int link_id; 3276 u64 changed = 0; 3277 struct ieee80211_prep_tx_info info = { 3278 .subtype = stype, 3279 }; 3280 3281 lockdep_assert_wiphy(local->hw.wiphy); 3282 3283 if (WARN_ON_ONCE(tx && !frame_buf)) 3284 return; 3285 3286 if (WARN_ON(!ifmgd->associated)) 3287 return; 3288 3289 ieee80211_stop_poll(sdata); 3290 3291 ifmgd->associated = false; 3292 3293 /* other links will be destroyed */ 3294 sdata->deflink.conf->bss = NULL; 3295 sdata->deflink.smps_mode = IEEE80211_SMPS_OFF; 3296 3297 netif_carrier_off(sdata->dev); 3298 3299 /* 3300 * if we want to get out of ps before disassoc (why?) we have 3301 * to do it before sending disassoc, as otherwise the null-packet 3302 * won't be valid. 3303 */ 3304 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 3305 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 3306 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 3307 } 3308 local->ps_sdata = NULL; 3309 3310 /* disable per-vif ps */ 3311 ieee80211_recalc_ps_vif(sdata); 3312 3313 /* make sure ongoing transmission finishes */ 3314 synchronize_net(); 3315 3316 /* 3317 * drop any frame before deauth/disassoc, this can be data or 3318 * management frame. Since we are disconnecting, we should not 3319 * insist sending these frames which can take time and delay 3320 * the disconnection and possible the roaming. 3321 */ 3322 if (tx) 3323 ieee80211_flush_queues(local, sdata, true); 3324 3325 /* deauthenticate/disassociate now */ 3326 if (tx || frame_buf) { 3327 /* 3328 * In multi channel scenarios guarantee that the virtual 3329 * interface is granted immediate airtime to transmit the 3330 * deauthentication frame by calling mgd_prepare_tx, if the 3331 * driver requested so. 3332 */ 3333 if (ieee80211_hw_check(&local->hw, DEAUTH_NEED_MGD_TX_PREP)) { 3334 for (link_id = 0; link_id < ARRAY_SIZE(sdata->link); 3335 link_id++) { 3336 struct ieee80211_link_data *link; 3337 3338 link = sdata_dereference(sdata->link[link_id], 3339 sdata); 3340 if (!link) 3341 continue; 3342 if (link->u.mgd.have_beacon) 3343 break; 3344 } 3345 if (link_id == IEEE80211_MLD_MAX_NUM_LINKS) { 3346 info.link_id = ffs(sdata->vif.active_links) - 1; 3347 drv_mgd_prepare_tx(sdata->local, sdata, &info); 3348 } 3349 } 3350 3351 ieee80211_send_deauth_disassoc(sdata, sdata->vif.cfg.ap_addr, 3352 sdata->vif.cfg.ap_addr, stype, 3353 reason, tx, frame_buf); 3354 } 3355 3356 /* flush out frame - make sure the deauth was actually sent */ 3357 if (tx) 3358 ieee80211_flush_queues(local, sdata, false); 3359 3360 drv_mgd_complete_tx(sdata->local, sdata, &info); 3361 3362 /* clear AP addr only after building the needed mgmt frames */ 3363 eth_zero_addr(sdata->deflink.u.mgd.bssid); 3364 eth_zero_addr(sdata->vif.cfg.ap_addr); 3365 3366 sdata->vif.cfg.ssid_len = 0; 3367 3368 /* remove AP and TDLS peers */ 3369 sta_info_flush(sdata, -1); 3370 3371 /* finally reset all BSS / config parameters */ 3372 if (!ieee80211_vif_is_mld(&sdata->vif)) 3373 changed |= ieee80211_reset_erp_info(sdata); 3374 3375 ieee80211_led_assoc(local, 0); 3376 changed |= BSS_CHANGED_ASSOC; 3377 sdata->vif.cfg.assoc = false; 3378 3379 sdata->deflink.u.mgd.p2p_noa_index = -1; 3380 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 3381 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 3382 3383 /* on the next assoc, re-program HT/VHT parameters */ 3384 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 3385 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 3386 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 3387 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 3388 3389 /* 3390 * reset MU-MIMO ownership and group data in default link, 3391 * if used, other links are destroyed 3392 */ 3393 memset(sdata->vif.bss_conf.mu_group.membership, 0, 3394 sizeof(sdata->vif.bss_conf.mu_group.membership)); 3395 memset(sdata->vif.bss_conf.mu_group.position, 0, 3396 sizeof(sdata->vif.bss_conf.mu_group.position)); 3397 if (!ieee80211_vif_is_mld(&sdata->vif)) 3398 changed |= BSS_CHANGED_MU_GROUPS; 3399 sdata->vif.bss_conf.mu_mimo_owner = false; 3400 3401 sdata->deflink.ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 3402 3403 del_timer_sync(&local->dynamic_ps_timer); 3404 wiphy_work_cancel(local->hw.wiphy, &local->dynamic_ps_enable_work); 3405 3406 /* Disable ARP filtering */ 3407 if (sdata->vif.cfg.arp_addr_cnt) 3408 changed |= BSS_CHANGED_ARP_FILTER; 3409 3410 sdata->vif.bss_conf.qos = false; 3411 if (!ieee80211_vif_is_mld(&sdata->vif)) { 3412 changed |= BSS_CHANGED_QOS; 3413 /* The BSSID (not really interesting) and HT changed */ 3414 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 3415 ieee80211_bss_info_change_notify(sdata, changed); 3416 } else { 3417 ieee80211_vif_cfg_change_notify(sdata, changed); 3418 } 3419 3420 /* disassociated - set to defaults now */ 3421 ieee80211_set_wmm_default(&sdata->deflink, false, false); 3422 3423 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 3424 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 3425 del_timer_sync(&sdata->u.mgd.timer); 3426 3427 sdata->vif.bss_conf.dtim_period = 0; 3428 sdata->vif.bss_conf.beacon_rate = NULL; 3429 3430 sdata->deflink.u.mgd.have_beacon = false; 3431 sdata->deflink.u.mgd.tracking_signal_avg = false; 3432 sdata->deflink.u.mgd.disable_wmm_tracking = false; 3433 3434 ifmgd->flags = 0; 3435 3436 for (link_id = 0; link_id < ARRAY_SIZE(sdata->link); link_id++) { 3437 struct ieee80211_link_data *link; 3438 3439 link = sdata_dereference(sdata->link[link_id], sdata); 3440 if (!link) 3441 continue; 3442 ieee80211_link_release_channel(link); 3443 } 3444 3445 sdata->vif.bss_conf.csa_active = false; 3446 sdata->deflink.u.mgd.csa_blocked_tx = false; 3447 sdata->deflink.u.mgd.csa_waiting_bcn = false; 3448 sdata->deflink.u.mgd.csa_ignored_same_chan = false; 3449 if (sdata->csa_blocked_queues) { 3450 ieee80211_wake_vif_queues(local, sdata, 3451 IEEE80211_QUEUE_STOP_REASON_CSA); 3452 sdata->csa_blocked_queues = false; 3453 } 3454 3455 /* existing TX TSPEC sessions no longer exist */ 3456 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec)); 3457 wiphy_delayed_work_cancel(local->hw.wiphy, &ifmgd->tx_tspec_wk); 3458 3459 sdata->vif.bss_conf.power_type = IEEE80211_REG_UNSET_AP; 3460 sdata->vif.bss_conf.pwr_reduction = 0; 3461 ieee80211_clear_tpe(&sdata->vif.bss_conf.tpe); 3462 3463 sdata->vif.cfg.eml_cap = 0; 3464 sdata->vif.cfg.eml_med_sync_delay = 0; 3465 sdata->vif.cfg.mld_capa_op = 0; 3466 3467 memset(&sdata->u.mgd.ttlm_info, 0, 3468 sizeof(sdata->u.mgd.ttlm_info)); 3469 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, &ifmgd->ttlm_work); 3470 3471 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, 3472 &ifmgd->neg_ttlm_timeout_work); 3473 ieee80211_vif_set_links(sdata, 0, 0); 3474 3475 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO; 3476 } 3477 3478 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 3479 { 3480 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3481 struct ieee80211_local *local = sdata->local; 3482 3483 lockdep_assert_wiphy(local->hw.wiphy); 3484 3485 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)) 3486 return; 3487 3488 __ieee80211_stop_poll(sdata); 3489 3490 ieee80211_recalc_ps(local); 3491 3492 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 3493 return; 3494 3495 /* 3496 * We've received a probe response, but are not sure whether 3497 * we have or will be receiving any beacons or data, so let's 3498 * schedule the timers again, just in case. 3499 */ 3500 ieee80211_sta_reset_beacon_monitor(sdata); 3501 3502 mod_timer(&ifmgd->conn_mon_timer, 3503 round_jiffies_up(jiffies + 3504 IEEE80211_CONNECTION_IDLE_TIME)); 3505 } 3506 3507 static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata, 3508 struct ieee80211_hdr *hdr, 3509 u16 tx_time) 3510 { 3511 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3512 u16 tid; 3513 int ac; 3514 struct ieee80211_sta_tx_tspec *tx_tspec; 3515 unsigned long now = jiffies; 3516 3517 if (!ieee80211_is_data_qos(hdr->frame_control)) 3518 return; 3519 3520 tid = ieee80211_get_tid(hdr); 3521 ac = ieee80211_ac_from_tid(tid); 3522 tx_tspec = &ifmgd->tx_tspec[ac]; 3523 3524 if (likely(!tx_tspec->admitted_time)) 3525 return; 3526 3527 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 3528 tx_tspec->consumed_tx_time = 0; 3529 tx_tspec->time_slice_start = now; 3530 3531 if (tx_tspec->downgraded) { 3532 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE; 3533 wiphy_delayed_work_queue(sdata->local->hw.wiphy, 3534 &ifmgd->tx_tspec_wk, 0); 3535 } 3536 } 3537 3538 if (tx_tspec->downgraded) 3539 return; 3540 3541 tx_tspec->consumed_tx_time += tx_time; 3542 3543 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) { 3544 tx_tspec->downgraded = true; 3545 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE; 3546 wiphy_delayed_work_queue(sdata->local->hw.wiphy, 3547 &ifmgd->tx_tspec_wk, 0); 3548 } 3549 } 3550 3551 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 3552 struct ieee80211_hdr *hdr, bool ack, u16 tx_time) 3553 { 3554 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time); 3555 3556 if (!ieee80211_is_any_nullfunc(hdr->frame_control) || 3557 !sdata->u.mgd.probe_send_count) 3558 return; 3559 3560 if (ack) 3561 sdata->u.mgd.probe_send_count = 0; 3562 else 3563 sdata->u.mgd.nullfunc_failed = true; 3564 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work); 3565 } 3566 3567 static void ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data *sdata, 3568 const u8 *src, const u8 *dst, 3569 const u8 *ssid, size_t ssid_len, 3570 struct ieee80211_channel *channel) 3571 { 3572 struct sk_buff *skb; 3573 3574 skb = ieee80211_build_probe_req(sdata, src, dst, (u32)-1, channel, 3575 ssid, ssid_len, NULL, 0, 3576 IEEE80211_PROBE_FLAG_DIRECTED); 3577 if (skb) 3578 ieee80211_tx_skb(sdata, skb); 3579 } 3580 3581 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 3582 { 3583 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3584 u8 *dst = sdata->vif.cfg.ap_addr; 3585 u8 unicast_limit = max(1, max_probe_tries - 3); 3586 struct sta_info *sta; 3587 3588 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3589 3590 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif))) 3591 return; 3592 3593 /* 3594 * Try sending broadcast probe requests for the last three 3595 * probe requests after the first ones failed since some 3596 * buggy APs only support broadcast probe requests. 3597 */ 3598 if (ifmgd->probe_send_count >= unicast_limit) 3599 dst = NULL; 3600 3601 /* 3602 * When the hardware reports an accurate Tx ACK status, it's 3603 * better to send a nullfunc frame instead of a probe request, 3604 * as it will kick us off the AP quickly if we aren't associated 3605 * anymore. The timeout will be reset if the frame is ACKed by 3606 * the AP. 3607 */ 3608 ifmgd->probe_send_count++; 3609 3610 if (dst) { 3611 sta = sta_info_get(sdata, dst); 3612 if (!WARN_ON(!sta)) 3613 ieee80211_check_fast_rx(sta); 3614 } 3615 3616 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) { 3617 ifmgd->nullfunc_failed = false; 3618 ieee80211_send_nullfunc(sdata->local, sdata, false); 3619 } else { 3620 ieee80211_mlme_send_probe_req(sdata, sdata->vif.addr, dst, 3621 sdata->vif.cfg.ssid, 3622 sdata->vif.cfg.ssid_len, 3623 sdata->deflink.conf->bss->channel); 3624 } 3625 3626 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 3627 run_again(sdata, ifmgd->probe_timeout); 3628 } 3629 3630 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 3631 bool beacon) 3632 { 3633 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3634 bool already = false; 3635 3636 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3637 3638 if (WARN_ON_ONCE(ieee80211_vif_is_mld(&sdata->vif))) 3639 return; 3640 3641 if (!ieee80211_sdata_running(sdata)) 3642 return; 3643 3644 if (!ifmgd->associated) 3645 return; 3646 3647 if (sdata->local->tmp_channel || sdata->local->scanning) 3648 return; 3649 3650 if (sdata->local->suspending) { 3651 /* reschedule after resume */ 3652 ieee80211_reset_ap_probe(sdata); 3653 return; 3654 } 3655 3656 if (beacon) { 3657 mlme_dbg_ratelimited(sdata, 3658 "detected beacon loss from AP (missed %d beacons) - probing\n", 3659 beacon_loss_count); 3660 3661 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL); 3662 } 3663 3664 /* 3665 * The driver/our work has already reported this event or the 3666 * connection monitoring has kicked in and we have already sent 3667 * a probe request. Or maybe the AP died and the driver keeps 3668 * reporting until we disassociate... 3669 * 3670 * In either case we have to ignore the current call to this 3671 * function (except for setting the correct probe reason bit) 3672 * because otherwise we would reset the timer every time and 3673 * never check whether we received a probe response! 3674 */ 3675 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 3676 already = true; 3677 3678 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 3679 3680 if (already) 3681 return; 3682 3683 ieee80211_recalc_ps(sdata->local); 3684 3685 ifmgd->probe_send_count = 0; 3686 ieee80211_mgd_probe_ap_send(sdata); 3687 } 3688 3689 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 3690 struct ieee80211_vif *vif) 3691 { 3692 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 3693 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3694 struct cfg80211_bss *cbss; 3695 struct sk_buff *skb; 3696 const struct element *ssid; 3697 int ssid_len; 3698 3699 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3700 3701 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION || 3702 ieee80211_vif_is_mld(&sdata->vif))) 3703 return NULL; 3704 3705 if (ifmgd->associated) 3706 cbss = sdata->deflink.conf->bss; 3707 else if (ifmgd->auth_data) 3708 cbss = ifmgd->auth_data->bss; 3709 else if (ifmgd->assoc_data && ifmgd->assoc_data->link[0].bss) 3710 cbss = ifmgd->assoc_data->link[0].bss; 3711 else 3712 return NULL; 3713 3714 rcu_read_lock(); 3715 ssid = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID); 3716 if (WARN_ONCE(!ssid || ssid->datalen > IEEE80211_MAX_SSID_LEN, 3717 "invalid SSID element (len=%d)", 3718 ssid ? ssid->datalen : -1)) 3719 ssid_len = 0; 3720 else 3721 ssid_len = ssid->datalen; 3722 3723 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid, 3724 (u32) -1, cbss->channel, 3725 ssid->data, ssid_len, 3726 NULL, 0, IEEE80211_PROBE_FLAG_DIRECTED); 3727 rcu_read_unlock(); 3728 3729 return skb; 3730 } 3731 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 3732 3733 static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata, 3734 const u8 *buf, size_t len, bool tx, 3735 u16 reason, bool reconnect) 3736 { 3737 struct ieee80211_event event = { 3738 .type = MLME_EVENT, 3739 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT, 3740 .u.mlme.reason = reason, 3741 }; 3742 3743 if (tx) 3744 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len, reconnect); 3745 else 3746 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len); 3747 3748 drv_event_callback(sdata->local, sdata, &event); 3749 } 3750 3751 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 3752 { 3753 struct ieee80211_local *local = sdata->local; 3754 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3755 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3756 bool tx = false; 3757 3758 lockdep_assert_wiphy(local->hw.wiphy); 3759 3760 if (!ifmgd->associated) 3761 return; 3762 3763 /* only transmit if we have a link that makes that worthwhile */ 3764 for (unsigned int link_id = 0; 3765 link_id < ARRAY_SIZE(sdata->link); 3766 link_id++) { 3767 struct ieee80211_link_data *link; 3768 3769 if (!ieee80211_vif_link_active(&sdata->vif, link_id)) 3770 continue; 3771 3772 link = sdata_dereference(sdata->link[link_id], sdata); 3773 if (WARN_ON_ONCE(!link)) 3774 continue; 3775 3776 if (link->u.mgd.csa_blocked_tx) 3777 continue; 3778 3779 tx = true; 3780 break; 3781 } 3782 3783 if (!ifmgd->driver_disconnect) { 3784 unsigned int link_id; 3785 3786 /* 3787 * AP is probably out of range (or not reachable for another 3788 * reason) so remove the bss structs for that AP. In the case 3789 * of multi-link, it's not clear that all of them really are 3790 * out of range, but if they weren't the driver likely would 3791 * have switched to just have a single link active? 3792 */ 3793 for (link_id = 0; 3794 link_id < ARRAY_SIZE(sdata->link); 3795 link_id++) { 3796 struct ieee80211_link_data *link; 3797 3798 link = sdata_dereference(sdata->link[link_id], sdata); 3799 if (!link) 3800 continue; 3801 cfg80211_unlink_bss(local->hw.wiphy, link->conf->bss); 3802 link->conf->bss = NULL; 3803 } 3804 } 3805 3806 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3807 ifmgd->driver_disconnect ? 3808 WLAN_REASON_DEAUTH_LEAVING : 3809 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3810 tx, frame_buf); 3811 /* the other links will be destroyed */ 3812 sdata->vif.bss_conf.csa_active = false; 3813 sdata->deflink.u.mgd.csa_waiting_bcn = false; 3814 sdata->deflink.u.mgd.csa_blocked_tx = false; 3815 if (sdata->csa_blocked_queues) { 3816 ieee80211_wake_vif_queues(local, sdata, 3817 IEEE80211_QUEUE_STOP_REASON_CSA); 3818 sdata->csa_blocked_queues = false; 3819 } 3820 3821 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx, 3822 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3823 ifmgd->reconnect); 3824 ifmgd->reconnect = false; 3825 } 3826 3827 static void ieee80211_beacon_connection_loss_work(struct wiphy *wiphy, 3828 struct wiphy_work *work) 3829 { 3830 struct ieee80211_sub_if_data *sdata = 3831 container_of(work, struct ieee80211_sub_if_data, 3832 u.mgd.beacon_connection_loss_work); 3833 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3834 3835 if (ifmgd->connection_loss) { 3836 sdata_info(sdata, "Connection to AP %pM lost\n", 3837 sdata->vif.cfg.ap_addr); 3838 __ieee80211_disconnect(sdata); 3839 ifmgd->connection_loss = false; 3840 } else if (ifmgd->driver_disconnect) { 3841 sdata_info(sdata, 3842 "Driver requested disconnection from AP %pM\n", 3843 sdata->vif.cfg.ap_addr); 3844 __ieee80211_disconnect(sdata); 3845 ifmgd->driver_disconnect = false; 3846 } else { 3847 if (ifmgd->associated) 3848 sdata->deflink.u.mgd.beacon_loss_count++; 3849 ieee80211_mgd_probe_ap(sdata, true); 3850 } 3851 } 3852 3853 static void ieee80211_csa_connection_drop_work(struct wiphy *wiphy, 3854 struct wiphy_work *work) 3855 { 3856 struct ieee80211_sub_if_data *sdata = 3857 container_of(work, struct ieee80211_sub_if_data, 3858 u.mgd.csa_connection_drop_work); 3859 3860 __ieee80211_disconnect(sdata); 3861 } 3862 3863 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 3864 { 3865 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 3866 struct ieee80211_hw *hw = &sdata->local->hw; 3867 3868 trace_api_beacon_loss(sdata); 3869 3870 sdata->u.mgd.connection_loss = false; 3871 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work); 3872 } 3873 EXPORT_SYMBOL(ieee80211_beacon_loss); 3874 3875 void ieee80211_connection_loss(struct ieee80211_vif *vif) 3876 { 3877 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 3878 struct ieee80211_hw *hw = &sdata->local->hw; 3879 3880 trace_api_connection_loss(sdata); 3881 3882 sdata->u.mgd.connection_loss = true; 3883 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work); 3884 } 3885 EXPORT_SYMBOL(ieee80211_connection_loss); 3886 3887 void ieee80211_disconnect(struct ieee80211_vif *vif, bool reconnect) 3888 { 3889 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 3890 struct ieee80211_hw *hw = &sdata->local->hw; 3891 3892 trace_api_disconnect(sdata, reconnect); 3893 3894 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 3895 return; 3896 3897 sdata->u.mgd.driver_disconnect = true; 3898 sdata->u.mgd.reconnect = reconnect; 3899 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work); 3900 } 3901 EXPORT_SYMBOL(ieee80211_disconnect); 3902 3903 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 3904 bool assoc) 3905 { 3906 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 3907 3908 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3909 3910 if (!assoc) { 3911 /* 3912 * we are not authenticated yet, the only timer that could be 3913 * running is the timeout for the authentication response which 3914 * which is not relevant anymore. 3915 */ 3916 del_timer_sync(&sdata->u.mgd.timer); 3917 sta_info_destroy_addr(sdata, auth_data->ap_addr); 3918 3919 /* other links are destroyed */ 3920 eth_zero_addr(sdata->deflink.u.mgd.bssid); 3921 ieee80211_link_info_change_notify(sdata, &sdata->deflink, 3922 BSS_CHANGED_BSSID); 3923 sdata->u.mgd.flags = 0; 3924 3925 ieee80211_link_release_channel(&sdata->deflink); 3926 ieee80211_vif_set_links(sdata, 0, 0); 3927 } 3928 3929 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 3930 kfree(auth_data); 3931 sdata->u.mgd.auth_data = NULL; 3932 } 3933 3934 enum assoc_status { 3935 ASSOC_SUCCESS, 3936 ASSOC_REJECTED, 3937 ASSOC_TIMEOUT, 3938 ASSOC_ABANDON, 3939 }; 3940 3941 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 3942 enum assoc_status status) 3943 { 3944 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3945 3946 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3947 3948 if (status != ASSOC_SUCCESS) { 3949 /* 3950 * we are not associated yet, the only timer that could be 3951 * running is the timeout for the association response which 3952 * which is not relevant anymore. 3953 */ 3954 del_timer_sync(&sdata->u.mgd.timer); 3955 sta_info_destroy_addr(sdata, assoc_data->ap_addr); 3956 3957 eth_zero_addr(sdata->deflink.u.mgd.bssid); 3958 ieee80211_link_info_change_notify(sdata, &sdata->deflink, 3959 BSS_CHANGED_BSSID); 3960 sdata->u.mgd.flags = 0; 3961 sdata->vif.bss_conf.mu_mimo_owner = false; 3962 3963 if (status != ASSOC_REJECTED) { 3964 struct cfg80211_assoc_failure data = { 3965 .timeout = status == ASSOC_TIMEOUT, 3966 }; 3967 int i; 3968 3969 BUILD_BUG_ON(ARRAY_SIZE(data.bss) != 3970 ARRAY_SIZE(assoc_data->link)); 3971 3972 for (i = 0; i < ARRAY_SIZE(data.bss); i++) 3973 data.bss[i] = assoc_data->link[i].bss; 3974 3975 if (ieee80211_vif_is_mld(&sdata->vif)) 3976 data.ap_mld_addr = assoc_data->ap_addr; 3977 3978 cfg80211_assoc_failure(sdata->dev, &data); 3979 } 3980 3981 ieee80211_link_release_channel(&sdata->deflink); 3982 ieee80211_vif_set_links(sdata, 0, 0); 3983 } 3984 3985 kfree(assoc_data); 3986 sdata->u.mgd.assoc_data = NULL; 3987 } 3988 3989 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 3990 struct ieee80211_mgmt *mgmt, size_t len) 3991 { 3992 struct ieee80211_local *local = sdata->local; 3993 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 3994 const struct element *challenge; 3995 u8 *pos; 3996 u32 tx_flags = 0; 3997 struct ieee80211_prep_tx_info info = { 3998 .subtype = IEEE80211_STYPE_AUTH, 3999 .link_id = auth_data->link_id, 4000 }; 4001 4002 pos = mgmt->u.auth.variable; 4003 challenge = cfg80211_find_elem(WLAN_EID_CHALLENGE, pos, 4004 len - (pos - (u8 *)mgmt)); 4005 if (!challenge) 4006 return; 4007 auth_data->expected_transaction = 4; 4008 drv_mgd_prepare_tx(sdata->local, sdata, &info); 4009 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 4010 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 4011 IEEE80211_TX_INTFL_MLME_CONN_TX; 4012 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 4013 (void *)challenge, 4014 challenge->datalen + sizeof(*challenge), 4015 auth_data->ap_addr, auth_data->ap_addr, 4016 auth_data->key, auth_data->key_len, 4017 auth_data->key_idx, tx_flags); 4018 } 4019 4020 static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata) 4021 { 4022 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4023 const u8 *ap_addr = ifmgd->auth_data->ap_addr; 4024 struct sta_info *sta; 4025 4026 lockdep_assert_wiphy(sdata->local->hw.wiphy); 4027 4028 sdata_info(sdata, "authenticated\n"); 4029 ifmgd->auth_data->done = true; 4030 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 4031 ifmgd->auth_data->timeout_started = true; 4032 run_again(sdata, ifmgd->auth_data->timeout); 4033 4034 /* move station state to auth */ 4035 sta = sta_info_get(sdata, ap_addr); 4036 if (!sta) { 4037 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, ap_addr); 4038 return false; 4039 } 4040 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 4041 sdata_info(sdata, "failed moving %pM to auth\n", ap_addr); 4042 return false; 4043 } 4044 4045 return true; 4046 } 4047 4048 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 4049 struct ieee80211_mgmt *mgmt, size_t len) 4050 { 4051 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4052 u16 auth_alg, auth_transaction, status_code; 4053 struct ieee80211_event event = { 4054 .type = MLME_EVENT, 4055 .u.mlme.data = AUTH_EVENT, 4056 }; 4057 struct ieee80211_prep_tx_info info = { 4058 .subtype = IEEE80211_STYPE_AUTH, 4059 }; 4060 4061 lockdep_assert_wiphy(sdata->local->hw.wiphy); 4062 4063 if (len < 24 + 6) 4064 return; 4065 4066 if (!ifmgd->auth_data || ifmgd->auth_data->done) 4067 return; 4068 4069 if (!ether_addr_equal(ifmgd->auth_data->ap_addr, mgmt->bssid)) 4070 return; 4071 4072 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 4073 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 4074 status_code = le16_to_cpu(mgmt->u.auth.status_code); 4075 4076 if (auth_alg != ifmgd->auth_data->algorithm || 4077 (auth_alg != WLAN_AUTH_SAE && 4078 auth_transaction != ifmgd->auth_data->expected_transaction) || 4079 (auth_alg == WLAN_AUTH_SAE && 4080 (auth_transaction < ifmgd->auth_data->expected_transaction || 4081 auth_transaction > 2))) { 4082 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 4083 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 4084 auth_transaction, 4085 ifmgd->auth_data->expected_transaction); 4086 goto notify_driver; 4087 } 4088 4089 if (status_code != WLAN_STATUS_SUCCESS) { 4090 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 4091 4092 if (auth_alg == WLAN_AUTH_SAE && 4093 (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED || 4094 (auth_transaction == 1 && 4095 (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT || 4096 status_code == WLAN_STATUS_SAE_PK)))) { 4097 /* waiting for userspace now */ 4098 ifmgd->auth_data->waiting = true; 4099 ifmgd->auth_data->timeout = 4100 jiffies + IEEE80211_AUTH_WAIT_SAE_RETRY; 4101 ifmgd->auth_data->timeout_started = true; 4102 run_again(sdata, ifmgd->auth_data->timeout); 4103 goto notify_driver; 4104 } 4105 4106 sdata_info(sdata, "%pM denied authentication (status %d)\n", 4107 mgmt->sa, status_code); 4108 ieee80211_destroy_auth_data(sdata, false); 4109 event.u.mlme.status = MLME_DENIED; 4110 event.u.mlme.reason = status_code; 4111 drv_event_callback(sdata->local, sdata, &event); 4112 goto notify_driver; 4113 } 4114 4115 switch (ifmgd->auth_data->algorithm) { 4116 case WLAN_AUTH_OPEN: 4117 case WLAN_AUTH_LEAP: 4118 case WLAN_AUTH_FT: 4119 case WLAN_AUTH_SAE: 4120 case WLAN_AUTH_FILS_SK: 4121 case WLAN_AUTH_FILS_SK_PFS: 4122 case WLAN_AUTH_FILS_PK: 4123 break; 4124 case WLAN_AUTH_SHARED_KEY: 4125 if (ifmgd->auth_data->expected_transaction != 4) { 4126 ieee80211_auth_challenge(sdata, mgmt, len); 4127 /* need another frame */ 4128 return; 4129 } 4130 break; 4131 default: 4132 WARN_ONCE(1, "invalid auth alg %d", 4133 ifmgd->auth_data->algorithm); 4134 goto notify_driver; 4135 } 4136 4137 event.u.mlme.status = MLME_SUCCESS; 4138 info.success = 1; 4139 drv_event_callback(sdata->local, sdata, &event); 4140 if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE || 4141 (auth_transaction == 2 && 4142 ifmgd->auth_data->expected_transaction == 2)) { 4143 if (!ieee80211_mark_sta_auth(sdata)) 4144 return; /* ignore frame -- wait for timeout */ 4145 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 4146 auth_transaction == 2) { 4147 sdata_info(sdata, "SAE peer confirmed\n"); 4148 ifmgd->auth_data->peer_confirmed = true; 4149 } 4150 4151 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 4152 notify_driver: 4153 drv_mgd_complete_tx(sdata->local, sdata, &info); 4154 } 4155 4156 #define case_WLAN(type) \ 4157 case WLAN_REASON_##type: return #type 4158 4159 const char *ieee80211_get_reason_code_string(u16 reason_code) 4160 { 4161 switch (reason_code) { 4162 case_WLAN(UNSPECIFIED); 4163 case_WLAN(PREV_AUTH_NOT_VALID); 4164 case_WLAN(DEAUTH_LEAVING); 4165 case_WLAN(DISASSOC_DUE_TO_INACTIVITY); 4166 case_WLAN(DISASSOC_AP_BUSY); 4167 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA); 4168 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA); 4169 case_WLAN(DISASSOC_STA_HAS_LEFT); 4170 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH); 4171 case_WLAN(DISASSOC_BAD_POWER); 4172 case_WLAN(DISASSOC_BAD_SUPP_CHAN); 4173 case_WLAN(INVALID_IE); 4174 case_WLAN(MIC_FAILURE); 4175 case_WLAN(4WAY_HANDSHAKE_TIMEOUT); 4176 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT); 4177 case_WLAN(IE_DIFFERENT); 4178 case_WLAN(INVALID_GROUP_CIPHER); 4179 case_WLAN(INVALID_PAIRWISE_CIPHER); 4180 case_WLAN(INVALID_AKMP); 4181 case_WLAN(UNSUPP_RSN_VERSION); 4182 case_WLAN(INVALID_RSN_IE_CAP); 4183 case_WLAN(IEEE8021X_FAILED); 4184 case_WLAN(CIPHER_SUITE_REJECTED); 4185 case_WLAN(DISASSOC_UNSPECIFIED_QOS); 4186 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH); 4187 case_WLAN(DISASSOC_LOW_ACK); 4188 case_WLAN(DISASSOC_QAP_EXCEED_TXOP); 4189 case_WLAN(QSTA_LEAVE_QBSS); 4190 case_WLAN(QSTA_NOT_USE); 4191 case_WLAN(QSTA_REQUIRE_SETUP); 4192 case_WLAN(QSTA_TIMEOUT); 4193 case_WLAN(QSTA_CIPHER_NOT_SUPP); 4194 case_WLAN(MESH_PEER_CANCELED); 4195 case_WLAN(MESH_MAX_PEERS); 4196 case_WLAN(MESH_CONFIG); 4197 case_WLAN(MESH_CLOSE); 4198 case_WLAN(MESH_MAX_RETRIES); 4199 case_WLAN(MESH_CONFIRM_TIMEOUT); 4200 case_WLAN(MESH_INVALID_GTK); 4201 case_WLAN(MESH_INCONSISTENT_PARAM); 4202 case_WLAN(MESH_INVALID_SECURITY); 4203 case_WLAN(MESH_PATH_ERROR); 4204 case_WLAN(MESH_PATH_NOFORWARD); 4205 case_WLAN(MESH_PATH_DEST_UNREACHABLE); 4206 case_WLAN(MAC_EXISTS_IN_MBSS); 4207 case_WLAN(MESH_CHAN_REGULATORY); 4208 case_WLAN(MESH_CHAN); 4209 default: return "<unknown>"; 4210 } 4211 } 4212 4213 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 4214 struct ieee80211_mgmt *mgmt, size_t len) 4215 { 4216 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4217 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 4218 4219 lockdep_assert_wiphy(sdata->local->hw.wiphy); 4220 4221 if (len < 24 + 2) 4222 return; 4223 4224 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) { 4225 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code); 4226 return; 4227 } 4228 4229 if (ifmgd->associated && 4230 ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)) { 4231 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n", 4232 sdata->vif.cfg.ap_addr, reason_code, 4233 ieee80211_get_reason_code_string(reason_code)); 4234 4235 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 4236 4237 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, 4238 reason_code, false); 4239 return; 4240 } 4241 4242 if (ifmgd->assoc_data && 4243 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->ap_addr)) { 4244 sdata_info(sdata, 4245 "deauthenticated from %pM while associating (Reason: %u=%s)\n", 4246 ifmgd->assoc_data->ap_addr, reason_code, 4247 ieee80211_get_reason_code_string(reason_code)); 4248 4249 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON); 4250 4251 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 4252 return; 4253 } 4254 } 4255 4256 4257 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 4258 struct ieee80211_mgmt *mgmt, size_t len) 4259 { 4260 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4261 u16 reason_code; 4262 4263 lockdep_assert_wiphy(sdata->local->hw.wiphy); 4264 4265 if (len < 24 + 2) 4266 return; 4267 4268 if (!ifmgd->associated || 4269 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)) 4270 return; 4271 4272 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 4273 4274 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) { 4275 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code); 4276 return; 4277 } 4278 4279 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n", 4280 sdata->vif.cfg.ap_addr, reason_code, 4281 ieee80211_get_reason_code_string(reason_code)); 4282 4283 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 4284 4285 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code, 4286 false); 4287 } 4288 4289 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 4290 u8 *supp_rates, unsigned int supp_rates_len, 4291 u32 *rates, u32 *basic_rates, 4292 bool *have_higher_than_11mbit, 4293 int *min_rate, int *min_rate_index) 4294 { 4295 int i, j; 4296 4297 for (i = 0; i < supp_rates_len; i++) { 4298 int rate = supp_rates[i] & 0x7f; 4299 bool is_basic = !!(supp_rates[i] & 0x80); 4300 4301 if ((rate * 5) > 110) 4302 *have_higher_than_11mbit = true; 4303 4304 /* 4305 * Skip HT, VHT, HE, EHT and SAE H2E only BSS membership 4306 * selectors since they're not rates. 4307 * 4308 * Note: Even though the membership selector and the basic 4309 * rate flag share the same bit, they are not exactly 4310 * the same. 4311 */ 4312 if (supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY) || 4313 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY) || 4314 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HE_PHY) || 4315 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_EHT_PHY) || 4316 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E)) 4317 continue; 4318 4319 for (j = 0; j < sband->n_bitrates; j++) { 4320 struct ieee80211_rate *br; 4321 int brate; 4322 4323 br = &sband->bitrates[j]; 4324 4325 brate = DIV_ROUND_UP(br->bitrate, 5); 4326 if (brate == rate) { 4327 *rates |= BIT(j); 4328 if (is_basic) 4329 *basic_rates |= BIT(j); 4330 if ((rate * 5) < *min_rate) { 4331 *min_rate = rate * 5; 4332 *min_rate_index = j; 4333 } 4334 break; 4335 } 4336 } 4337 } 4338 } 4339 4340 static bool ieee80211_twt_req_supported(struct ieee80211_sub_if_data *sdata, 4341 struct ieee80211_supported_band *sband, 4342 const struct link_sta_info *link_sta, 4343 const struct ieee802_11_elems *elems) 4344 { 4345 const struct ieee80211_sta_he_cap *own_he_cap = 4346 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif); 4347 4348 if (elems->ext_capab_len < 10) 4349 return false; 4350 4351 if (!(elems->ext_capab[9] & WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT)) 4352 return false; 4353 4354 return link_sta->pub->he_cap.he_cap_elem.mac_cap_info[0] & 4355 IEEE80211_HE_MAC_CAP0_TWT_RES && 4356 own_he_cap && 4357 (own_he_cap->he_cap_elem.mac_cap_info[0] & 4358 IEEE80211_HE_MAC_CAP0_TWT_REQ); 4359 } 4360 4361 static u64 ieee80211_recalc_twt_req(struct ieee80211_sub_if_data *sdata, 4362 struct ieee80211_supported_band *sband, 4363 struct ieee80211_link_data *link, 4364 struct link_sta_info *link_sta, 4365 struct ieee802_11_elems *elems) 4366 { 4367 bool twt = ieee80211_twt_req_supported(sdata, sband, link_sta, elems); 4368 4369 if (link->conf->twt_requester != twt) { 4370 link->conf->twt_requester = twt; 4371 return BSS_CHANGED_TWT; 4372 } 4373 return 0; 4374 } 4375 4376 static bool ieee80211_twt_bcast_support(struct ieee80211_sub_if_data *sdata, 4377 struct ieee80211_bss_conf *bss_conf, 4378 struct ieee80211_supported_band *sband, 4379 struct link_sta_info *link_sta) 4380 { 4381 const struct ieee80211_sta_he_cap *own_he_cap = 4382 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif); 4383 4384 return bss_conf->he_support && 4385 (link_sta->pub->he_cap.he_cap_elem.mac_cap_info[2] & 4386 IEEE80211_HE_MAC_CAP2_BCAST_TWT) && 4387 own_he_cap && 4388 (own_he_cap->he_cap_elem.mac_cap_info[2] & 4389 IEEE80211_HE_MAC_CAP2_BCAST_TWT); 4390 } 4391 4392 static bool ieee80211_assoc_config_link(struct ieee80211_link_data *link, 4393 struct link_sta_info *link_sta, 4394 struct cfg80211_bss *cbss, 4395 struct ieee80211_mgmt *mgmt, 4396 const u8 *elem_start, 4397 unsigned int elem_len, 4398 u64 *changed) 4399 { 4400 struct ieee80211_sub_if_data *sdata = link->sdata; 4401 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 4402 struct ieee80211_bss_conf *bss_conf = link->conf; 4403 struct ieee80211_local *local = sdata->local; 4404 unsigned int link_id = link->link_id; 4405 struct ieee80211_elems_parse_params parse_params = { 4406 .mode = link->u.mgd.conn.mode, 4407 .start = elem_start, 4408 .len = elem_len, 4409 .link_id = link_id == assoc_data->assoc_link_id ? -1 : link_id, 4410 .from_ap = true, 4411 }; 4412 bool is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ; 4413 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ; 4414 bool is_s1g = cbss->channel->band == NL80211_BAND_S1GHZ; 4415 const struct cfg80211_bss_ies *bss_ies = NULL; 4416 struct ieee80211_supported_band *sband; 4417 struct ieee802_11_elems *elems; 4418 const __le16 prof_bss_param_ch_present = 4419 cpu_to_le16(IEEE80211_MLE_STA_CONTROL_BSS_PARAM_CHANGE_CNT_PRESENT); 4420 u16 capab_info; 4421 bool ret; 4422 4423 elems = ieee802_11_parse_elems_full(&parse_params); 4424 if (!elems) 4425 return false; 4426 4427 if (link_id == assoc_data->assoc_link_id) { 4428 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 4429 4430 /* 4431 * we should not get to this flow unless the association was 4432 * successful, so set the status directly to success 4433 */ 4434 assoc_data->link[link_id].status = WLAN_STATUS_SUCCESS; 4435 if (elems->ml_basic) { 4436 int bss_param_ch_cnt = 4437 ieee80211_mle_get_bss_param_ch_cnt((const void *)elems->ml_basic); 4438 4439 if (bss_param_ch_cnt < 0) { 4440 ret = false; 4441 goto out; 4442 } 4443 link->u.mgd.bss_param_ch_cnt = bss_param_ch_cnt; 4444 } 4445 } else if (elems->parse_error & IEEE80211_PARSE_ERR_DUP_NEST_ML_BASIC || 4446 !elems->prof || 4447 !(elems->prof->control & prof_bss_param_ch_present)) { 4448 ret = false; 4449 goto out; 4450 } else { 4451 const u8 *ptr = elems->prof->variable + 4452 elems->prof->sta_info_len - 1; 4453 4454 /* 4455 * During parsing, we validated that these fields exist, 4456 * otherwise elems->prof would have been set to NULL. 4457 */ 4458 capab_info = get_unaligned_le16(ptr); 4459 assoc_data->link[link_id].status = get_unaligned_le16(ptr + 2); 4460 link->u.mgd.bss_param_ch_cnt = 4461 ieee80211_mle_basic_sta_prof_bss_param_ch_cnt(elems->prof); 4462 4463 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) { 4464 link_info(link, "association response status code=%u\n", 4465 assoc_data->link[link_id].status); 4466 ret = true; 4467 goto out; 4468 } 4469 } 4470 4471 if (!is_s1g && !elems->supp_rates) { 4472 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 4473 ret = false; 4474 goto out; 4475 } 4476 4477 link->u.mgd.tdls_chan_switch_prohibited = 4478 elems->ext_capab && elems->ext_capab_len >= 5 && 4479 (elems->ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED); 4480 4481 /* 4482 * Some APs are erroneously not including some information in their 4483 * (re)association response frames. Try to recover by using the data 4484 * from the beacon or probe response. This seems to afflict mobile 4485 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 4486 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 4487 */ 4488 if (!is_6ghz && 4489 ((assoc_data->wmm && !elems->wmm_param) || 4490 (link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT && 4491 (!elems->ht_cap_elem || !elems->ht_operation)) || 4492 (link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT && 4493 (!elems->vht_cap_elem || !elems->vht_operation)))) { 4494 const struct cfg80211_bss_ies *ies; 4495 struct ieee802_11_elems *bss_elems; 4496 4497 rcu_read_lock(); 4498 ies = rcu_dereference(cbss->ies); 4499 if (ies) 4500 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 4501 GFP_ATOMIC); 4502 rcu_read_unlock(); 4503 if (!bss_ies) { 4504 ret = false; 4505 goto out; 4506 } 4507 4508 parse_params.start = bss_ies->data; 4509 parse_params.len = bss_ies->len; 4510 parse_params.bss = cbss; 4511 bss_elems = ieee802_11_parse_elems_full(&parse_params); 4512 if (!bss_elems) { 4513 ret = false; 4514 goto out; 4515 } 4516 4517 if (assoc_data->wmm && 4518 !elems->wmm_param && bss_elems->wmm_param) { 4519 elems->wmm_param = bss_elems->wmm_param; 4520 sdata_info(sdata, 4521 "AP bug: WMM param missing from AssocResp\n"); 4522 } 4523 4524 /* 4525 * Also check if we requested HT/VHT, otherwise the AP doesn't 4526 * have to include the IEs in the (re)association response. 4527 */ 4528 if (!elems->ht_cap_elem && bss_elems->ht_cap_elem && 4529 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) { 4530 elems->ht_cap_elem = bss_elems->ht_cap_elem; 4531 sdata_info(sdata, 4532 "AP bug: HT capability missing from AssocResp\n"); 4533 } 4534 if (!elems->ht_operation && bss_elems->ht_operation && 4535 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) { 4536 elems->ht_operation = bss_elems->ht_operation; 4537 sdata_info(sdata, 4538 "AP bug: HT operation missing from AssocResp\n"); 4539 } 4540 if (!elems->vht_cap_elem && bss_elems->vht_cap_elem && 4541 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) { 4542 elems->vht_cap_elem = bss_elems->vht_cap_elem; 4543 sdata_info(sdata, 4544 "AP bug: VHT capa missing from AssocResp\n"); 4545 } 4546 if (!elems->vht_operation && bss_elems->vht_operation && 4547 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) { 4548 elems->vht_operation = bss_elems->vht_operation; 4549 sdata_info(sdata, 4550 "AP bug: VHT operation missing from AssocResp\n"); 4551 } 4552 4553 kfree(bss_elems); 4554 } 4555 4556 /* 4557 * We previously checked these in the beacon/probe response, so 4558 * they should be present here. This is just a safety net. 4559 * Note that the ieee80211_config_bw() below would also check 4560 * for this (and more), but this has better error reporting. 4561 */ 4562 if (!is_6ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT && 4563 (!elems->wmm_param || !elems->ht_cap_elem || !elems->ht_operation)) { 4564 sdata_info(sdata, 4565 "HT AP is missing WMM params or HT capability/operation\n"); 4566 ret = false; 4567 goto out; 4568 } 4569 4570 if (is_5ghz && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT && 4571 (!elems->vht_cap_elem || !elems->vht_operation)) { 4572 sdata_info(sdata, 4573 "VHT AP is missing VHT capability/operation\n"); 4574 ret = false; 4575 goto out; 4576 } 4577 4578 /* check/update if AP changed anything in assoc response vs. scan */ 4579 if (ieee80211_config_bw(link, elems, 4580 link_id == assoc_data->assoc_link_id, 4581 changed)) { 4582 ret = false; 4583 goto out; 4584 } 4585 4586 if (WARN_ON(!link->conf->chanreq.oper.chan)) { 4587 ret = false; 4588 goto out; 4589 } 4590 sband = local->hw.wiphy->bands[link->conf->chanreq.oper.chan->band]; 4591 4592 /* Set up internal HT/VHT capabilities */ 4593 if (elems->ht_cap_elem && link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HT) 4594 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 4595 elems->ht_cap_elem, 4596 link_sta); 4597 4598 if (elems->vht_cap_elem && 4599 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_VHT) { 4600 const struct ieee80211_vht_cap *bss_vht_cap = NULL; 4601 const struct cfg80211_bss_ies *ies; 4602 4603 /* 4604 * Cisco AP module 9115 with FW 17.3 has a bug and sends a 4605 * too large maximum MPDU length in the association response 4606 * (indicating 12k) that it cannot actually process ... 4607 * Work around that. 4608 */ 4609 rcu_read_lock(); 4610 ies = rcu_dereference(cbss->ies); 4611 if (ies) { 4612 const struct element *elem; 4613 4614 elem = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY, 4615 ies->data, ies->len); 4616 if (elem && elem->datalen >= sizeof(*bss_vht_cap)) 4617 bss_vht_cap = (const void *)elem->data; 4618 } 4619 4620 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 4621 elems->vht_cap_elem, 4622 bss_vht_cap, link_sta); 4623 rcu_read_unlock(); 4624 } 4625 4626 if (elems->he_operation && 4627 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_HE && 4628 elems->he_cap) { 4629 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband, 4630 elems->he_cap, 4631 elems->he_cap_len, 4632 elems->he_6ghz_capa, 4633 link_sta); 4634 4635 bss_conf->he_support = link_sta->pub->he_cap.has_he; 4636 if (elems->rsnx && elems->rsnx_len && 4637 (elems->rsnx[0] & WLAN_RSNX_CAPA_PROTECTED_TWT) && 4638 wiphy_ext_feature_isset(local->hw.wiphy, 4639 NL80211_EXT_FEATURE_PROTECTED_TWT)) 4640 bss_conf->twt_protected = true; 4641 else 4642 bss_conf->twt_protected = false; 4643 4644 *changed |= ieee80211_recalc_twt_req(sdata, sband, link, 4645 link_sta, elems); 4646 4647 if (elems->eht_operation && elems->eht_cap && 4648 link->u.mgd.conn.mode >= IEEE80211_CONN_MODE_EHT) { 4649 ieee80211_eht_cap_ie_to_sta_eht_cap(sdata, sband, 4650 elems->he_cap, 4651 elems->he_cap_len, 4652 elems->eht_cap, 4653 elems->eht_cap_len, 4654 link_sta); 4655 4656 bss_conf->eht_support = link_sta->pub->eht_cap.has_eht; 4657 } else { 4658 bss_conf->eht_support = false; 4659 } 4660 } else { 4661 bss_conf->he_support = false; 4662 bss_conf->twt_requester = false; 4663 bss_conf->twt_protected = false; 4664 bss_conf->eht_support = false; 4665 } 4666 4667 bss_conf->twt_broadcast = 4668 ieee80211_twt_bcast_support(sdata, bss_conf, sband, link_sta); 4669 4670 if (bss_conf->he_support) { 4671 bss_conf->he_bss_color.color = 4672 le32_get_bits(elems->he_operation->he_oper_params, 4673 IEEE80211_HE_OPERATION_BSS_COLOR_MASK); 4674 bss_conf->he_bss_color.partial = 4675 le32_get_bits(elems->he_operation->he_oper_params, 4676 IEEE80211_HE_OPERATION_PARTIAL_BSS_COLOR); 4677 bss_conf->he_bss_color.enabled = 4678 !le32_get_bits(elems->he_operation->he_oper_params, 4679 IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED); 4680 4681 if (bss_conf->he_bss_color.enabled) 4682 *changed |= BSS_CHANGED_HE_BSS_COLOR; 4683 4684 bss_conf->htc_trig_based_pkt_ext = 4685 le32_get_bits(elems->he_operation->he_oper_params, 4686 IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK); 4687 bss_conf->frame_time_rts_th = 4688 le32_get_bits(elems->he_operation->he_oper_params, 4689 IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK); 4690 4691 bss_conf->uora_exists = !!elems->uora_element; 4692 if (elems->uora_element) 4693 bss_conf->uora_ocw_range = elems->uora_element[0]; 4694 4695 ieee80211_he_op_ie_to_bss_conf(&sdata->vif, elems->he_operation); 4696 ieee80211_he_spr_ie_to_bss_conf(&sdata->vif, elems->he_spr); 4697 /* TODO: OPEN: what happens if BSS color disable is set? */ 4698 } 4699 4700 if (cbss->transmitted_bss) { 4701 bss_conf->nontransmitted = true; 4702 ether_addr_copy(bss_conf->transmitter_bssid, 4703 cbss->transmitted_bss->bssid); 4704 bss_conf->bssid_indicator = cbss->max_bssid_indicator; 4705 bss_conf->bssid_index = cbss->bssid_index; 4706 } 4707 4708 /* 4709 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 4710 * in their association response, so ignore that data for our own 4711 * configuration. If it changed since the last beacon, we'll get the 4712 * next beacon and update then. 4713 */ 4714 4715 /* 4716 * If an operating mode notification IE is present, override the 4717 * NSS calculation (that would be done in rate_control_rate_init()) 4718 * and use the # of streams from that element. 4719 */ 4720 if (elems->opmode_notif && 4721 !(*elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 4722 u8 nss; 4723 4724 nss = *elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 4725 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 4726 nss += 1; 4727 link_sta->pub->rx_nss = nss; 4728 } 4729 4730 /* 4731 * Always handle WMM once after association regardless 4732 * of the first value the AP uses. Setting -1 here has 4733 * that effect because the AP values is an unsigned 4734 * 4-bit value. 4735 */ 4736 link->u.mgd.wmm_last_param_set = -1; 4737 link->u.mgd.mu_edca_last_param_set = -1; 4738 4739 if (link->u.mgd.disable_wmm_tracking) { 4740 ieee80211_set_wmm_default(link, false, false); 4741 } else if (!ieee80211_sta_wmm_params(local, link, elems->wmm_param, 4742 elems->wmm_param_len, 4743 elems->mu_edca_param_set)) { 4744 /* still enable QoS since we might have HT/VHT */ 4745 ieee80211_set_wmm_default(link, false, true); 4746 /* disable WMM tracking in this case to disable 4747 * tracking WMM parameter changes in the beacon if 4748 * the parameters weren't actually valid. Doing so 4749 * avoids changing parameters very strangely when 4750 * the AP is going back and forth between valid and 4751 * invalid parameters. 4752 */ 4753 link->u.mgd.disable_wmm_tracking = true; 4754 } 4755 4756 if (elems->max_idle_period_ie) { 4757 bss_conf->max_idle_period = 4758 le16_to_cpu(elems->max_idle_period_ie->max_idle_period); 4759 bss_conf->protected_keep_alive = 4760 !!(elems->max_idle_period_ie->idle_options & 4761 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE); 4762 *changed |= BSS_CHANGED_KEEP_ALIVE; 4763 } else { 4764 bss_conf->max_idle_period = 0; 4765 bss_conf->protected_keep_alive = false; 4766 } 4767 4768 /* set assoc capability (AID was already set earlier), 4769 * ieee80211_set_associated() will tell the driver */ 4770 bss_conf->assoc_capability = capab_info; 4771 4772 ret = true; 4773 out: 4774 kfree(elems); 4775 kfree(bss_ies); 4776 return ret; 4777 } 4778 4779 static int ieee80211_mgd_setup_link_sta(struct ieee80211_link_data *link, 4780 struct sta_info *sta, 4781 struct link_sta_info *link_sta, 4782 struct cfg80211_bss *cbss) 4783 { 4784 struct ieee80211_sub_if_data *sdata = link->sdata; 4785 struct ieee80211_local *local = sdata->local; 4786 struct ieee80211_bss *bss = (void *)cbss->priv; 4787 u32 rates = 0, basic_rates = 0; 4788 bool have_higher_than_11mbit = false; 4789 int min_rate = INT_MAX, min_rate_index = -1; 4790 struct ieee80211_supported_band *sband; 4791 4792 memcpy(link_sta->addr, cbss->bssid, ETH_ALEN); 4793 memcpy(link_sta->pub->addr, cbss->bssid, ETH_ALEN); 4794 4795 /* TODO: S1G Basic Rate Set is expressed elsewhere */ 4796 if (cbss->channel->band == NL80211_BAND_S1GHZ) { 4797 ieee80211_s1g_sta_rate_init(sta); 4798 return 0; 4799 } 4800 4801 sband = local->hw.wiphy->bands[cbss->channel->band]; 4802 4803 ieee80211_get_rates(sband, bss->supp_rates, bss->supp_rates_len, 4804 &rates, &basic_rates, &have_higher_than_11mbit, 4805 &min_rate, &min_rate_index); 4806 4807 /* 4808 * This used to be a workaround for basic rates missing 4809 * in the association response frame. Now that we no 4810 * longer use the basic rates from there, it probably 4811 * doesn't happen any more, but keep the workaround so 4812 * in case some *other* APs are buggy in different ways 4813 * we can connect -- with a warning. 4814 * Allow this workaround only in case the AP provided at least 4815 * one rate. 4816 */ 4817 if (min_rate_index < 0) { 4818 link_info(link, "No legacy rates in association response\n"); 4819 return -EINVAL; 4820 } else if (!basic_rates) { 4821 link_info(link, "No basic rates, using min rate instead\n"); 4822 basic_rates = BIT(min_rate_index); 4823 } 4824 4825 if (rates) 4826 link_sta->pub->supp_rates[cbss->channel->band] = rates; 4827 else 4828 link_info(link, "No rates found, keeping mandatory only\n"); 4829 4830 link->conf->basic_rates = basic_rates; 4831 4832 /* cf. IEEE 802.11 9.2.12 */ 4833 link->operating_11g_mode = sband->band == NL80211_BAND_2GHZ && 4834 have_higher_than_11mbit; 4835 4836 return 0; 4837 } 4838 4839 static u8 ieee80211_max_rx_chains(struct ieee80211_link_data *link, 4840 struct cfg80211_bss *cbss) 4841 { 4842 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp; 4843 const struct element *ht_cap_elem, *vht_cap_elem; 4844 const struct cfg80211_bss_ies *ies; 4845 const struct ieee80211_ht_cap *ht_cap; 4846 const struct ieee80211_vht_cap *vht_cap; 4847 const struct ieee80211_he_cap_elem *he_cap; 4848 const struct element *he_cap_elem; 4849 u16 mcs_80_map, mcs_160_map; 4850 int i, mcs_nss_size; 4851 bool support_160; 4852 u8 chains = 1; 4853 4854 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HT) 4855 return chains; 4856 4857 ht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_CAPABILITY); 4858 if (ht_cap_elem && ht_cap_elem->datalen >= sizeof(*ht_cap)) { 4859 ht_cap = (void *)ht_cap_elem->data; 4860 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 4861 /* 4862 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 4863 * "Tx Unequal Modulation Supported" fields. 4864 */ 4865 } 4866 4867 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_VHT) 4868 return chains; 4869 4870 vht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY); 4871 if (vht_cap_elem && vht_cap_elem->datalen >= sizeof(*vht_cap)) { 4872 u8 nss; 4873 u16 tx_mcs_map; 4874 4875 vht_cap = (void *)vht_cap_elem->data; 4876 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 4877 for (nss = 8; nss > 0; nss--) { 4878 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 4879 IEEE80211_VHT_MCS_NOT_SUPPORTED) 4880 break; 4881 } 4882 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 4883 chains = max(chains, nss); 4884 } 4885 4886 if (link->u.mgd.conn.mode < IEEE80211_CONN_MODE_HE) 4887 return chains; 4888 4889 ies = rcu_dereference(cbss->ies); 4890 he_cap_elem = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, 4891 ies->data, ies->len); 4892 4893 if (!he_cap_elem || he_cap_elem->datalen < sizeof(*he_cap)) 4894 return chains; 4895 4896 /* skip one byte ext_tag_id */ 4897 he_cap = (void *)(he_cap_elem->data + 1); 4898 mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap); 4899 4900 /* invalid HE IE */ 4901 if (he_cap_elem->datalen < 1 + mcs_nss_size + sizeof(*he_cap)) 4902 return chains; 4903 4904 /* mcs_nss is right after he_cap info */ 4905 he_mcs_nss_supp = (void *)(he_cap + 1); 4906 4907 mcs_80_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80); 4908 4909 for (i = 7; i >= 0; i--) { 4910 u8 mcs_80 = mcs_80_map >> (2 * i) & 3; 4911 4912 if (mcs_80 != IEEE80211_VHT_MCS_NOT_SUPPORTED) { 4913 chains = max_t(u8, chains, i + 1); 4914 break; 4915 } 4916 } 4917 4918 support_160 = he_cap->phy_cap_info[0] & 4919 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G; 4920 4921 if (!support_160) 4922 return chains; 4923 4924 mcs_160_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_160); 4925 for (i = 7; i >= 0; i--) { 4926 u8 mcs_160 = mcs_160_map >> (2 * i) & 3; 4927 4928 if (mcs_160 != IEEE80211_VHT_MCS_NOT_SUPPORTED) { 4929 chains = max_t(u8, chains, i + 1); 4930 break; 4931 } 4932 } 4933 4934 return chains; 4935 } 4936 4937 static void 4938 ieee80211_determine_our_sta_mode(struct ieee80211_sub_if_data *sdata, 4939 struct ieee80211_supported_band *sband, 4940 struct cfg80211_assoc_request *req, 4941 bool wmm_used, int link_id, 4942 struct ieee80211_conn_settings *conn) 4943 { 4944 struct ieee80211_sta_ht_cap sta_ht_cap = sband->ht_cap; 4945 bool is_5ghz = sband->band == NL80211_BAND_5GHZ; 4946 bool is_6ghz = sband->band == NL80211_BAND_6GHZ; 4947 const struct ieee80211_sta_he_cap *he_cap; 4948 const struct ieee80211_sta_eht_cap *eht_cap; 4949 struct ieee80211_sta_vht_cap vht_cap; 4950 4951 if (sband->band == NL80211_BAND_S1GHZ) { 4952 conn->mode = IEEE80211_CONN_MODE_S1G; 4953 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20; 4954 mlme_dbg(sdata, "operating as S1G STA\n"); 4955 return; 4956 } 4957 4958 conn->mode = IEEE80211_CONN_MODE_LEGACY; 4959 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20; 4960 4961 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap); 4962 4963 if (req && req->flags & ASSOC_REQ_DISABLE_HT) { 4964 mlme_link_id_dbg(sdata, link_id, 4965 "HT disabled by flag, limiting to legacy\n"); 4966 goto out; 4967 } 4968 4969 if (!wmm_used) { 4970 mlme_link_id_dbg(sdata, link_id, 4971 "WMM/QoS not supported, limiting to legacy\n"); 4972 goto out; 4973 } 4974 4975 if (req) { 4976 unsigned int i; 4977 4978 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4979 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4980 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4981 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4982 netdev_info(sdata->dev, 4983 "WEP/TKIP use, limiting to legacy\n"); 4984 goto out; 4985 } 4986 } 4987 } 4988 4989 if (!sta_ht_cap.ht_supported && !is_6ghz) { 4990 mlme_link_id_dbg(sdata, link_id, 4991 "HT not supported (and not on 6 GHz), limiting to legacy\n"); 4992 goto out; 4993 } 4994 4995 /* HT is fine */ 4996 conn->mode = IEEE80211_CONN_MODE_HT; 4997 conn->bw_limit = sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 ? 4998 IEEE80211_CONN_BW_LIMIT_40 : 4999 IEEE80211_CONN_BW_LIMIT_20; 5000 5001 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 5002 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 5003 5004 if (req && req->flags & ASSOC_REQ_DISABLE_VHT) { 5005 mlme_link_id_dbg(sdata, link_id, 5006 "VHT disabled by flag, limiting to HT\n"); 5007 goto out; 5008 } 5009 5010 if (vht_cap.vht_supported && is_5ghz) { 5011 bool have_80mhz = false; 5012 unsigned int i; 5013 5014 if (conn->bw_limit == IEEE80211_CONN_BW_LIMIT_20) { 5015 mlme_link_id_dbg(sdata, link_id, 5016 "no 40 MHz support on 5 GHz, limiting to HT\n"); 5017 goto out; 5018 } 5019 5020 /* Allow VHT if at least one channel on the sband supports 80 MHz */ 5021 for (i = 0; i < sband->n_channels; i++) { 5022 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED | 5023 IEEE80211_CHAN_NO_80MHZ)) 5024 continue; 5025 5026 have_80mhz = true; 5027 break; 5028 } 5029 5030 if (!have_80mhz) { 5031 mlme_link_id_dbg(sdata, link_id, 5032 "no 80 MHz channel support on 5 GHz, limiting to HT\n"); 5033 goto out; 5034 } 5035 } else if (is_5ghz) { /* !vht_supported but on 5 GHz */ 5036 mlme_link_id_dbg(sdata, link_id, 5037 "no VHT support on 5 GHz, limiting to HT\n"); 5038 goto out; 5039 } 5040 5041 /* VHT - if we have - is fine, including 80 MHz, check 160 below again */ 5042 if (sband->band != NL80211_BAND_2GHZ) { 5043 conn->mode = IEEE80211_CONN_MODE_VHT; 5044 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_160; 5045 } 5046 5047 if (is_5ghz && 5048 !(vht_cap.cap & (IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ | 5049 IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))) { 5050 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_80; 5051 mlme_link_id_dbg(sdata, link_id, 5052 "no VHT 160 MHz capability on 5 GHz, limiting to 80 MHz"); 5053 } 5054 5055 if (req && req->flags & ASSOC_REQ_DISABLE_HE) { 5056 mlme_link_id_dbg(sdata, link_id, 5057 "HE disabled by flag, limiting to HT/VHT\n"); 5058 goto out; 5059 } 5060 5061 he_cap = ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif); 5062 if (!he_cap) { 5063 WARN_ON(is_6ghz); 5064 mlme_link_id_dbg(sdata, link_id, 5065 "no HE support, limiting to HT/VHT\n"); 5066 goto out; 5067 } 5068 5069 /* so we have HE */ 5070 conn->mode = IEEE80211_CONN_MODE_HE; 5071 5072 /* check bandwidth */ 5073 switch (sband->band) { 5074 default: 5075 case NL80211_BAND_2GHZ: 5076 if (he_cap->he_cap_elem.phy_cap_info[0] & 5077 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G) 5078 break; 5079 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20; 5080 mlme_link_id_dbg(sdata, link_id, 5081 "no 40 MHz HE cap in 2.4 GHz, limiting to 20 MHz\n"); 5082 break; 5083 case NL80211_BAND_5GHZ: 5084 if (!(he_cap->he_cap_elem.phy_cap_info[0] & 5085 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) { 5086 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20; 5087 mlme_link_id_dbg(sdata, link_id, 5088 "no 40/80 MHz HE cap in 5 GHz, limiting to 20 MHz\n"); 5089 break; 5090 } 5091 if (!(he_cap->he_cap_elem.phy_cap_info[0] & 5092 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G)) { 5093 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit, 5094 conn->bw_limit, 5095 IEEE80211_CONN_BW_LIMIT_80); 5096 mlme_link_id_dbg(sdata, link_id, 5097 "no 160 MHz HE cap in 5 GHz, limiting to 80 MHz\n"); 5098 } 5099 break; 5100 case NL80211_BAND_6GHZ: 5101 if (he_cap->he_cap_elem.phy_cap_info[0] & 5102 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G) 5103 break; 5104 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit, 5105 conn->bw_limit, 5106 IEEE80211_CONN_BW_LIMIT_80); 5107 mlme_link_id_dbg(sdata, link_id, 5108 "no 160 MHz HE cap in 6 GHz, limiting to 80 MHz\n"); 5109 break; 5110 } 5111 5112 if (req && req->flags & ASSOC_REQ_DISABLE_EHT) { 5113 mlme_link_id_dbg(sdata, link_id, 5114 "EHT disabled by flag, limiting to HE\n"); 5115 goto out; 5116 } 5117 5118 eht_cap = ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif); 5119 if (!eht_cap) { 5120 mlme_link_id_dbg(sdata, link_id, 5121 "no EHT support, limiting to HE\n"); 5122 goto out; 5123 } 5124 5125 /* we have EHT */ 5126 5127 conn->mode = IEEE80211_CONN_MODE_EHT; 5128 5129 /* check bandwidth */ 5130 if (is_6ghz && 5131 eht_cap->eht_cap_elem.phy_cap_info[0] & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ) 5132 conn->bw_limit = IEEE80211_CONN_BW_LIMIT_320; 5133 else if (is_6ghz) 5134 mlme_link_id_dbg(sdata, link_id, 5135 "no EHT 320 MHz cap in 6 GHz, limiting to 160 MHz\n"); 5136 5137 out: 5138 mlme_link_id_dbg(sdata, link_id, 5139 "determined local STA to be %s, BW limited to %d MHz\n", 5140 ieee80211_conn_mode_str(conn->mode), 5141 20 * (1 << conn->bw_limit)); 5142 } 5143 5144 static void 5145 ieee80211_determine_our_sta_mode_auth(struct ieee80211_sub_if_data *sdata, 5146 struct ieee80211_supported_band *sband, 5147 struct cfg80211_auth_request *req, 5148 bool wmm_used, 5149 struct ieee80211_conn_settings *conn) 5150 { 5151 ieee80211_determine_our_sta_mode(sdata, sband, NULL, wmm_used, 5152 req->link_id > 0 ? req->link_id : 0, 5153 conn); 5154 } 5155 5156 static void 5157 ieee80211_determine_our_sta_mode_assoc(struct ieee80211_sub_if_data *sdata, 5158 struct ieee80211_supported_band *sband, 5159 struct cfg80211_assoc_request *req, 5160 bool wmm_used, int link_id, 5161 struct ieee80211_conn_settings *conn) 5162 { 5163 struct ieee80211_conn_settings tmp; 5164 5165 WARN_ON(!req); 5166 5167 ieee80211_determine_our_sta_mode(sdata, sband, req, wmm_used, link_id, 5168 &tmp); 5169 5170 conn->mode = min_t(enum ieee80211_conn_mode, 5171 conn->mode, tmp.mode); 5172 conn->bw_limit = min_t(enum ieee80211_conn_bw_limit, 5173 conn->bw_limit, tmp.bw_limit); 5174 } 5175 5176 static enum ieee80211_ap_reg_power 5177 ieee80211_ap_power_type(u8 control) 5178 { 5179 switch (u8_get_bits(control, IEEE80211_HE_6GHZ_OPER_CTRL_REG_INFO)) { 5180 case IEEE80211_6GHZ_CTRL_REG_LPI_AP: 5181 case IEEE80211_6GHZ_CTRL_REG_INDOOR_LPI_AP: 5182 return IEEE80211_REG_LPI_AP; 5183 case IEEE80211_6GHZ_CTRL_REG_SP_AP: 5184 case IEEE80211_6GHZ_CTRL_REG_INDOOR_SP_AP: 5185 return IEEE80211_REG_SP_AP; 5186 case IEEE80211_6GHZ_CTRL_REG_VLP_AP: 5187 return IEEE80211_REG_VLP_AP; 5188 default: 5189 return IEEE80211_REG_UNSET_AP; 5190 } 5191 } 5192 5193 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 5194 struct ieee80211_link_data *link, 5195 int link_id, 5196 struct cfg80211_bss *cbss, bool mlo, 5197 struct ieee80211_conn_settings *conn) 5198 { 5199 struct ieee80211_local *local = sdata->local; 5200 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ; 5201 struct ieee80211_chan_req chanreq = {}; 5202 struct cfg80211_chan_def ap_chandef; 5203 struct ieee802_11_elems *elems; 5204 int ret; 5205 5206 lockdep_assert_wiphy(local->hw.wiphy); 5207 5208 rcu_read_lock(); 5209 elems = ieee80211_determine_chan_mode(sdata, conn, cbss, link_id, 5210 &chanreq, &ap_chandef); 5211 5212 if (IS_ERR(elems)) { 5213 rcu_read_unlock(); 5214 return PTR_ERR(elems); 5215 } 5216 5217 if (mlo && !elems->ml_basic) { 5218 sdata_info(sdata, "Rejecting MLO as it is not supported by AP\n"); 5219 rcu_read_unlock(); 5220 kfree(elems); 5221 return -EINVAL; 5222 } 5223 5224 if (link && is_6ghz && conn->mode >= IEEE80211_CONN_MODE_HE) { 5225 const struct ieee80211_he_6ghz_oper *he_6ghz_oper; 5226 5227 if (elems->pwr_constr_elem) 5228 link->conf->pwr_reduction = *elems->pwr_constr_elem; 5229 5230 he_6ghz_oper = ieee80211_he_6ghz_oper(elems->he_operation); 5231 if (he_6ghz_oper) 5232 link->conf->power_type = 5233 ieee80211_ap_power_type(he_6ghz_oper->control); 5234 else 5235 link_info(link, 5236 "HE 6 GHz operation missing (on %d MHz), expect issues\n", 5237 cbss->channel->center_freq); 5238 5239 link->conf->tpe = elems->tpe; 5240 ieee80211_rearrange_tpe(&link->conf->tpe, &ap_chandef, 5241 &chanreq.oper); 5242 } 5243 rcu_read_unlock(); 5244 /* the element data was RCU protected so no longer valid anyway */ 5245 kfree(elems); 5246 elems = NULL; 5247 5248 if (!link) 5249 return 0; 5250 5251 rcu_read_lock(); 5252 link->needed_rx_chains = min(ieee80211_max_rx_chains(link, cbss), 5253 local->rx_chains); 5254 rcu_read_unlock(); 5255 5256 /* 5257 * If this fails (possibly due to channel context sharing 5258 * on incompatible channels, e.g. 80+80 and 160 sharing the 5259 * same control channel) try to use a smaller bandwidth. 5260 */ 5261 ret = ieee80211_link_use_channel(link, &chanreq, 5262 IEEE80211_CHANCTX_SHARED); 5263 5264 /* don't downgrade for 5 and 10 MHz channels, though. */ 5265 if (chanreq.oper.width == NL80211_CHAN_WIDTH_5 || 5266 chanreq.oper.width == NL80211_CHAN_WIDTH_10) 5267 return ret; 5268 5269 while (ret && chanreq.oper.width != NL80211_CHAN_WIDTH_20_NOHT) { 5270 ieee80211_chanreq_downgrade(&chanreq, conn); 5271 5272 ret = ieee80211_link_use_channel(link, &chanreq, 5273 IEEE80211_CHANCTX_SHARED); 5274 } 5275 5276 return ret; 5277 } 5278 5279 static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies, 5280 u8 *dtim_count, u8 *dtim_period) 5281 { 5282 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len); 5283 const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data, 5284 ies->len); 5285 const struct ieee80211_tim_ie *tim = NULL; 5286 const struct ieee80211_bssid_index *idx; 5287 bool valid = tim_ie && tim_ie[1] >= 2; 5288 5289 if (valid) 5290 tim = (void *)(tim_ie + 2); 5291 5292 if (dtim_count) 5293 *dtim_count = valid ? tim->dtim_count : 0; 5294 5295 if (dtim_period) 5296 *dtim_period = valid ? tim->dtim_period : 0; 5297 5298 /* Check if value is overridden by non-transmitted profile */ 5299 if (!idx_ie || idx_ie[1] < 3) 5300 return valid; 5301 5302 idx = (void *)(idx_ie + 2); 5303 5304 if (dtim_count) 5305 *dtim_count = idx->dtim_count; 5306 5307 if (dtim_period) 5308 *dtim_period = idx->dtim_period; 5309 5310 return true; 5311 } 5312 5313 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 5314 struct ieee80211_mgmt *mgmt, 5315 struct ieee802_11_elems *elems, 5316 const u8 *elem_start, unsigned int elem_len) 5317 { 5318 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 5319 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 5320 struct ieee80211_local *local = sdata->local; 5321 unsigned int link_id; 5322 struct sta_info *sta; 5323 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS] = {}; 5324 u16 valid_links = 0, dormant_links = 0; 5325 int err; 5326 5327 lockdep_assert_wiphy(sdata->local->hw.wiphy); 5328 /* 5329 * station info was already allocated and inserted before 5330 * the association and should be available to us 5331 */ 5332 sta = sta_info_get(sdata, assoc_data->ap_addr); 5333 if (WARN_ON(!sta)) 5334 goto out_err; 5335 5336 sta->sta.spp_amsdu = assoc_data->spp_amsdu; 5337 5338 if (ieee80211_vif_is_mld(&sdata->vif)) { 5339 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 5340 if (!assoc_data->link[link_id].bss) 5341 continue; 5342 5343 valid_links |= BIT(link_id); 5344 if (assoc_data->link[link_id].disabled) 5345 dormant_links |= BIT(link_id); 5346 5347 if (link_id != assoc_data->assoc_link_id) { 5348 err = ieee80211_sta_allocate_link(sta, link_id); 5349 if (err) 5350 goto out_err; 5351 } 5352 } 5353 5354 ieee80211_vif_set_links(sdata, valid_links, dormant_links); 5355 } 5356 5357 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 5358 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss; 5359 struct ieee80211_link_data *link; 5360 struct link_sta_info *link_sta; 5361 5362 if (!cbss) 5363 continue; 5364 5365 link = sdata_dereference(sdata->link[link_id], sdata); 5366 if (WARN_ON(!link)) 5367 goto out_err; 5368 5369 if (ieee80211_vif_is_mld(&sdata->vif)) 5370 link_info(link, 5371 "local address %pM, AP link address %pM%s\n", 5372 link->conf->addr, 5373 assoc_data->link[link_id].bss->bssid, 5374 link_id == assoc_data->assoc_link_id ? 5375 " (assoc)" : ""); 5376 5377 link_sta = rcu_dereference_protected(sta->link[link_id], 5378 lockdep_is_held(&local->hw.wiphy->mtx)); 5379 if (WARN_ON(!link_sta)) 5380 goto out_err; 5381 5382 if (!link->u.mgd.have_beacon) { 5383 const struct cfg80211_bss_ies *ies; 5384 5385 rcu_read_lock(); 5386 ies = rcu_dereference(cbss->beacon_ies); 5387 if (ies) 5388 link->u.mgd.have_beacon = true; 5389 else 5390 ies = rcu_dereference(cbss->ies); 5391 ieee80211_get_dtim(ies, 5392 &link->conf->sync_dtim_count, 5393 &link->u.mgd.dtim_period); 5394 link->conf->beacon_int = cbss->beacon_interval; 5395 rcu_read_unlock(); 5396 } 5397 5398 link->conf->dtim_period = link->u.mgd.dtim_period ?: 1; 5399 5400 if (link_id != assoc_data->assoc_link_id) { 5401 link->u.mgd.conn = assoc_data->link[link_id].conn; 5402 5403 err = ieee80211_prep_channel(sdata, link, link_id, cbss, 5404 true, &link->u.mgd.conn); 5405 if (err) { 5406 link_info(link, "prep_channel failed\n"); 5407 goto out_err; 5408 } 5409 } 5410 5411 err = ieee80211_mgd_setup_link_sta(link, sta, link_sta, 5412 assoc_data->link[link_id].bss); 5413 if (err) 5414 goto out_err; 5415 5416 if (!ieee80211_assoc_config_link(link, link_sta, 5417 assoc_data->link[link_id].bss, 5418 mgmt, elem_start, elem_len, 5419 &changed[link_id])) 5420 goto out_err; 5421 5422 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) { 5423 valid_links &= ~BIT(link_id); 5424 ieee80211_sta_remove_link(sta, link_id); 5425 continue; 5426 } 5427 5428 if (link_id != assoc_data->assoc_link_id) { 5429 err = ieee80211_sta_activate_link(sta, link_id); 5430 if (err) 5431 goto out_err; 5432 } 5433 } 5434 5435 /* links might have changed due to rejected ones, set them again */ 5436 ieee80211_vif_set_links(sdata, valid_links, dormant_links); 5437 5438 rate_control_rate_init(sta); 5439 5440 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) { 5441 set_sta_flag(sta, WLAN_STA_MFP); 5442 sta->sta.mfp = true; 5443 } else { 5444 sta->sta.mfp = false; 5445 } 5446 5447 ieee80211_sta_set_max_amsdu_subframes(sta, elems->ext_capab, 5448 elems->ext_capab_len); 5449 5450 sta->sta.wme = (elems->wmm_param || elems->s1g_capab) && 5451 local->hw.queues >= IEEE80211_NUM_ACS; 5452 5453 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 5454 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 5455 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 5456 if (err) { 5457 sdata_info(sdata, 5458 "failed to move station %pM to desired state\n", 5459 sta->sta.addr); 5460 WARN_ON(__sta_info_destroy(sta)); 5461 goto out_err; 5462 } 5463 5464 if (sdata->wdev.use_4addr) 5465 drv_sta_set_4addr(local, sdata, &sta->sta, true); 5466 5467 ieee80211_set_associated(sdata, assoc_data, changed); 5468 5469 /* 5470 * If we're using 4-addr mode, let the AP know that we're 5471 * doing so, so that it can create the STA VLAN on its side 5472 */ 5473 if (ifmgd->use_4addr) 5474 ieee80211_send_4addr_nullfunc(local, sdata); 5475 5476 /* 5477 * Start timer to probe the connection to the AP now. 5478 * Also start the timer that will detect beacon loss. 5479 */ 5480 ieee80211_sta_reset_beacon_monitor(sdata); 5481 ieee80211_sta_reset_conn_monitor(sdata); 5482 5483 return true; 5484 out_err: 5485 eth_zero_addr(sdata->vif.cfg.ap_addr); 5486 return false; 5487 } 5488 5489 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 5490 struct ieee80211_mgmt *mgmt, 5491 size_t len) 5492 { 5493 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 5494 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 5495 u16 capab_info, status_code, aid; 5496 struct ieee80211_elems_parse_params parse_params = { 5497 .bss = NULL, 5498 .link_id = -1, 5499 .from_ap = true, 5500 }; 5501 struct ieee802_11_elems *elems; 5502 int ac; 5503 const u8 *elem_start; 5504 unsigned int elem_len; 5505 bool reassoc; 5506 struct ieee80211_event event = { 5507 .type = MLME_EVENT, 5508 .u.mlme.data = ASSOC_EVENT, 5509 }; 5510 struct ieee80211_prep_tx_info info = {}; 5511 struct cfg80211_rx_assoc_resp_data resp = { 5512 .uapsd_queues = -1, 5513 }; 5514 u8 ap_mld_addr[ETH_ALEN] __aligned(2); 5515 unsigned int link_id; 5516 5517 lockdep_assert_wiphy(sdata->local->hw.wiphy); 5518 5519 if (!assoc_data) 5520 return; 5521 5522 parse_params.mode = 5523 assoc_data->link[assoc_data->assoc_link_id].conn.mode; 5524 5525 if (!ether_addr_equal(assoc_data->ap_addr, mgmt->bssid) || 5526 !ether_addr_equal(assoc_data->ap_addr, mgmt->sa)) 5527 return; 5528 5529 /* 5530 * AssocResp and ReassocResp have identical structure, so process both 5531 * of them in this function. 5532 */ 5533 5534 if (len < 24 + 6) 5535 return; 5536 5537 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control); 5538 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 5539 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 5540 if (assoc_data->s1g) 5541 elem_start = mgmt->u.s1g_assoc_resp.variable; 5542 else 5543 elem_start = mgmt->u.assoc_resp.variable; 5544 5545 /* 5546 * Note: this may not be perfect, AP might misbehave - if 5547 * anyone needs to rely on perfect complete notification 5548 * with the exact right subtype, then we need to track what 5549 * we actually transmitted. 5550 */ 5551 info.subtype = reassoc ? IEEE80211_STYPE_REASSOC_REQ : 5552 IEEE80211_STYPE_ASSOC_REQ; 5553 5554 if (assoc_data->fils_kek_len && 5555 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0) 5556 return; 5557 5558 elem_len = len - (elem_start - (u8 *)mgmt); 5559 parse_params.start = elem_start; 5560 parse_params.len = elem_len; 5561 elems = ieee802_11_parse_elems_full(&parse_params); 5562 if (!elems) 5563 goto notify_driver; 5564 5565 if (elems->aid_resp) 5566 aid = le16_to_cpu(elems->aid_resp->aid); 5567 else if (assoc_data->s1g) 5568 aid = 0; /* TODO */ 5569 else 5570 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 5571 5572 /* 5573 * The 5 MSB of the AID field are reserved 5574 * (802.11-2016 9.4.1.8 AID field) 5575 */ 5576 aid &= 0x7ff; 5577 5578 sdata_info(sdata, 5579 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 5580 reassoc ? "Rea" : "A", assoc_data->ap_addr, 5581 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 5582 5583 ifmgd->broken_ap = false; 5584 5585 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 5586 elems->timeout_int && 5587 elems->timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 5588 u32 tu, ms; 5589 5590 cfg80211_assoc_comeback(sdata->dev, assoc_data->ap_addr, 5591 le32_to_cpu(elems->timeout_int->value)); 5592 5593 tu = le32_to_cpu(elems->timeout_int->value); 5594 ms = tu * 1024 / 1000; 5595 sdata_info(sdata, 5596 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 5597 assoc_data->ap_addr, tu, ms); 5598 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 5599 assoc_data->timeout_started = true; 5600 assoc_data->comeback = true; 5601 if (ms > IEEE80211_ASSOC_TIMEOUT) 5602 run_again(sdata, assoc_data->timeout); 5603 goto notify_driver; 5604 } 5605 5606 if (status_code != WLAN_STATUS_SUCCESS) { 5607 sdata_info(sdata, "%pM denied association (code=%d)\n", 5608 assoc_data->ap_addr, status_code); 5609 event.u.mlme.status = MLME_DENIED; 5610 event.u.mlme.reason = status_code; 5611 drv_event_callback(sdata->local, sdata, &event); 5612 } else { 5613 if (aid == 0 || aid > IEEE80211_MAX_AID) { 5614 sdata_info(sdata, 5615 "invalid AID value %d (out of range), turn off PS\n", 5616 aid); 5617 aid = 0; 5618 ifmgd->broken_ap = true; 5619 } 5620 5621 if (ieee80211_vif_is_mld(&sdata->vif)) { 5622 struct ieee80211_mle_basic_common_info *common; 5623 5624 if (!elems->ml_basic) { 5625 sdata_info(sdata, 5626 "MLO association with %pM but no (basic) multi-link element in response!\n", 5627 assoc_data->ap_addr); 5628 goto abandon_assoc; 5629 } 5630 5631 common = (void *)elems->ml_basic->variable; 5632 5633 if (memcmp(assoc_data->ap_addr, 5634 common->mld_mac_addr, ETH_ALEN)) { 5635 sdata_info(sdata, 5636 "AP MLD MAC address mismatch: got %pM expected %pM\n", 5637 common->mld_mac_addr, 5638 assoc_data->ap_addr); 5639 goto abandon_assoc; 5640 } 5641 5642 sdata->vif.cfg.eml_cap = 5643 ieee80211_mle_get_eml_cap((const void *)elems->ml_basic); 5644 sdata->vif.cfg.eml_med_sync_delay = 5645 ieee80211_mle_get_eml_med_sync_delay((const void *)elems->ml_basic); 5646 sdata->vif.cfg.mld_capa_op = 5647 ieee80211_mle_get_mld_capa_op((const void *)elems->ml_basic); 5648 } 5649 5650 sdata->vif.cfg.aid = aid; 5651 5652 if (!ieee80211_assoc_success(sdata, mgmt, elems, 5653 elem_start, elem_len)) { 5654 /* oops -- internal error -- send timeout for now */ 5655 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT); 5656 goto notify_driver; 5657 } 5658 event.u.mlme.status = MLME_SUCCESS; 5659 drv_event_callback(sdata->local, sdata, &event); 5660 sdata_info(sdata, "associated\n"); 5661 5662 info.success = 1; 5663 } 5664 5665 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 5666 struct ieee80211_link_data *link; 5667 5668 if (!assoc_data->link[link_id].bss) 5669 continue; 5670 5671 resp.links[link_id].bss = assoc_data->link[link_id].bss; 5672 ether_addr_copy(resp.links[link_id].addr, 5673 assoc_data->link[link_id].addr); 5674 resp.links[link_id].status = assoc_data->link[link_id].status; 5675 5676 link = sdata_dereference(sdata->link[link_id], sdata); 5677 if (!link) 5678 continue; 5679 5680 /* get uapsd queues configuration - same for all links */ 5681 resp.uapsd_queues = 0; 5682 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) 5683 if (link->tx_conf[ac].uapsd) 5684 resp.uapsd_queues |= ieee80211_ac_to_qos_mask[ac]; 5685 } 5686 5687 if (ieee80211_vif_is_mld(&sdata->vif)) { 5688 ether_addr_copy(ap_mld_addr, sdata->vif.cfg.ap_addr); 5689 resp.ap_mld_addr = ap_mld_addr; 5690 } 5691 5692 ieee80211_destroy_assoc_data(sdata, 5693 status_code == WLAN_STATUS_SUCCESS ? 5694 ASSOC_SUCCESS : 5695 ASSOC_REJECTED); 5696 5697 resp.buf = (u8 *)mgmt; 5698 resp.len = len; 5699 resp.req_ies = ifmgd->assoc_req_ies; 5700 resp.req_ies_len = ifmgd->assoc_req_ies_len; 5701 cfg80211_rx_assoc_resp(sdata->dev, &resp); 5702 notify_driver: 5703 drv_mgd_complete_tx(sdata->local, sdata, &info); 5704 kfree(elems); 5705 return; 5706 abandon_assoc: 5707 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON); 5708 goto notify_driver; 5709 } 5710 5711 static void ieee80211_rx_bss_info(struct ieee80211_link_data *link, 5712 struct ieee80211_mgmt *mgmt, size_t len, 5713 struct ieee80211_rx_status *rx_status) 5714 { 5715 struct ieee80211_sub_if_data *sdata = link->sdata; 5716 struct ieee80211_local *local = sdata->local; 5717 struct ieee80211_bss *bss; 5718 struct ieee80211_channel *channel; 5719 5720 lockdep_assert_wiphy(sdata->local->hw.wiphy); 5721 5722 channel = ieee80211_get_channel_khz(local->hw.wiphy, 5723 ieee80211_rx_status_to_khz(rx_status)); 5724 if (!channel) 5725 return; 5726 5727 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel); 5728 if (bss) { 5729 link->conf->beacon_rate = bss->beacon_rate; 5730 ieee80211_rx_bss_put(local, bss); 5731 } 5732 } 5733 5734 5735 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_link_data *link, 5736 struct sk_buff *skb) 5737 { 5738 struct ieee80211_sub_if_data *sdata = link->sdata; 5739 struct ieee80211_mgmt *mgmt = (void *)skb->data; 5740 struct ieee80211_if_managed *ifmgd; 5741 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 5742 struct ieee80211_channel *channel; 5743 size_t baselen, len = skb->len; 5744 5745 ifmgd = &sdata->u.mgd; 5746 5747 lockdep_assert_wiphy(sdata->local->hw.wiphy); 5748 5749 /* 5750 * According to Draft P802.11ax D6.0 clause 26.17.2.3.2: 5751 * "If a 6 GHz AP receives a Probe Request frame and responds with 5752 * a Probe Response frame [..], the Address 1 field of the Probe 5753 * Response frame shall be set to the broadcast address [..]" 5754 * So, on 6GHz band we should also accept broadcast responses. 5755 */ 5756 channel = ieee80211_get_channel(sdata->local->hw.wiphy, 5757 rx_status->freq); 5758 if (!channel) 5759 return; 5760 5761 if (!ether_addr_equal(mgmt->da, sdata->vif.addr) && 5762 (channel->band != NL80211_BAND_6GHZ || 5763 !is_broadcast_ether_addr(mgmt->da))) 5764 return; /* ignore ProbeResp to foreign address */ 5765 5766 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 5767 if (baselen > len) 5768 return; 5769 5770 ieee80211_rx_bss_info(link, mgmt, len, rx_status); 5771 5772 if (ifmgd->associated && 5773 ether_addr_equal(mgmt->bssid, link->u.mgd.bssid)) 5774 ieee80211_reset_ap_probe(sdata); 5775 } 5776 5777 /* 5778 * This is the canonical list of information elements we care about, 5779 * the filter code also gives us all changes to the Microsoft OUI 5780 * (00:50:F2) vendor IE which is used for WMM which we need to track, 5781 * as well as the DTPC IE (part of the Cisco OUI) used for signaling 5782 * changes to requested client power. 5783 * 5784 * We implement beacon filtering in software since that means we can 5785 * avoid processing the frame here and in cfg80211, and userspace 5786 * will not be able to tell whether the hardware supports it or not. 5787 * 5788 * XXX: This list needs to be dynamic -- userspace needs to be able to 5789 * add items it requires. It also needs to be able to tell us to 5790 * look out for other vendor IEs. 5791 */ 5792 static const u64 care_about_ies = 5793 (1ULL << WLAN_EID_COUNTRY) | 5794 (1ULL << WLAN_EID_ERP_INFO) | 5795 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 5796 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 5797 (1ULL << WLAN_EID_HT_CAPABILITY) | 5798 (1ULL << WLAN_EID_HT_OPERATION) | 5799 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN); 5800 5801 static void ieee80211_handle_beacon_sig(struct ieee80211_link_data *link, 5802 struct ieee80211_if_managed *ifmgd, 5803 struct ieee80211_bss_conf *bss_conf, 5804 struct ieee80211_local *local, 5805 struct ieee80211_rx_status *rx_status) 5806 { 5807 struct ieee80211_sub_if_data *sdata = link->sdata; 5808 5809 /* Track average RSSI from the Beacon frames of the current AP */ 5810 5811 if (!link->u.mgd.tracking_signal_avg) { 5812 link->u.mgd.tracking_signal_avg = true; 5813 ewma_beacon_signal_init(&link->u.mgd.ave_beacon_signal); 5814 link->u.mgd.last_cqm_event_signal = 0; 5815 link->u.mgd.count_beacon_signal = 1; 5816 link->u.mgd.last_ave_beacon_signal = 0; 5817 } else { 5818 link->u.mgd.count_beacon_signal++; 5819 } 5820 5821 ewma_beacon_signal_add(&link->u.mgd.ave_beacon_signal, 5822 -rx_status->signal); 5823 5824 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 5825 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 5826 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal); 5827 int last_sig = link->u.mgd.last_ave_beacon_signal; 5828 struct ieee80211_event event = { 5829 .type = RSSI_EVENT, 5830 }; 5831 5832 /* 5833 * if signal crosses either of the boundaries, invoke callback 5834 * with appropriate parameters 5835 */ 5836 if (sig > ifmgd->rssi_max_thold && 5837 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 5838 link->u.mgd.last_ave_beacon_signal = sig; 5839 event.u.rssi.data = RSSI_EVENT_HIGH; 5840 drv_event_callback(local, sdata, &event); 5841 } else if (sig < ifmgd->rssi_min_thold && 5842 (last_sig >= ifmgd->rssi_max_thold || 5843 last_sig == 0)) { 5844 link->u.mgd.last_ave_beacon_signal = sig; 5845 event.u.rssi.data = RSSI_EVENT_LOW; 5846 drv_event_callback(local, sdata, &event); 5847 } 5848 } 5849 5850 if (bss_conf->cqm_rssi_thold && 5851 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 5852 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 5853 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal); 5854 int last_event = link->u.mgd.last_cqm_event_signal; 5855 int thold = bss_conf->cqm_rssi_thold; 5856 int hyst = bss_conf->cqm_rssi_hyst; 5857 5858 if (sig < thold && 5859 (last_event == 0 || sig < last_event - hyst)) { 5860 link->u.mgd.last_cqm_event_signal = sig; 5861 ieee80211_cqm_rssi_notify( 5862 &sdata->vif, 5863 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 5864 sig, GFP_KERNEL); 5865 } else if (sig > thold && 5866 (last_event == 0 || sig > last_event + hyst)) { 5867 link->u.mgd.last_cqm_event_signal = sig; 5868 ieee80211_cqm_rssi_notify( 5869 &sdata->vif, 5870 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 5871 sig, GFP_KERNEL); 5872 } 5873 } 5874 5875 if (bss_conf->cqm_rssi_low && 5876 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 5877 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal); 5878 int last_event = link->u.mgd.last_cqm_event_signal; 5879 int low = bss_conf->cqm_rssi_low; 5880 int high = bss_conf->cqm_rssi_high; 5881 5882 if (sig < low && 5883 (last_event == 0 || last_event >= low)) { 5884 link->u.mgd.last_cqm_event_signal = sig; 5885 ieee80211_cqm_rssi_notify( 5886 &sdata->vif, 5887 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 5888 sig, GFP_KERNEL); 5889 } else if (sig > high && 5890 (last_event == 0 || last_event <= high)) { 5891 link->u.mgd.last_cqm_event_signal = sig; 5892 ieee80211_cqm_rssi_notify( 5893 &sdata->vif, 5894 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 5895 sig, GFP_KERNEL); 5896 } 5897 } 5898 } 5899 5900 static bool ieee80211_rx_our_beacon(const u8 *tx_bssid, 5901 struct cfg80211_bss *bss) 5902 { 5903 if (ether_addr_equal(tx_bssid, bss->bssid)) 5904 return true; 5905 if (!bss->transmitted_bss) 5906 return false; 5907 return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid); 5908 } 5909 5910 static void ieee80211_ml_reconf_work(struct wiphy *wiphy, 5911 struct wiphy_work *work) 5912 { 5913 struct ieee80211_sub_if_data *sdata = 5914 container_of(work, struct ieee80211_sub_if_data, 5915 u.mgd.ml_reconf_work.work); 5916 u16 new_valid_links, new_active_links, new_dormant_links; 5917 int ret; 5918 5919 if (!sdata->u.mgd.removed_links) 5920 return; 5921 5922 sdata_info(sdata, 5923 "MLO Reconfiguration: work: valid=0x%x, removed=0x%x\n", 5924 sdata->vif.valid_links, sdata->u.mgd.removed_links); 5925 5926 new_valid_links = sdata->vif.valid_links & ~sdata->u.mgd.removed_links; 5927 if (new_valid_links == sdata->vif.valid_links) 5928 return; 5929 5930 if (!new_valid_links || 5931 !(new_valid_links & ~sdata->vif.dormant_links)) { 5932 sdata_info(sdata, "No valid links after reconfiguration\n"); 5933 ret = -EINVAL; 5934 goto out; 5935 } 5936 5937 new_active_links = sdata->vif.active_links & ~sdata->u.mgd.removed_links; 5938 if (new_active_links != sdata->vif.active_links) { 5939 if (!new_active_links) 5940 new_active_links = 5941 BIT(ffs(new_valid_links & 5942 ~sdata->vif.dormant_links) - 1); 5943 5944 ret = ieee80211_set_active_links(&sdata->vif, new_active_links); 5945 if (ret) { 5946 sdata_info(sdata, 5947 "Failed setting active links\n"); 5948 goto out; 5949 } 5950 } 5951 5952 new_dormant_links = sdata->vif.dormant_links & ~sdata->u.mgd.removed_links; 5953 5954 ret = ieee80211_vif_set_links(sdata, new_valid_links, 5955 new_dormant_links); 5956 if (ret) 5957 sdata_info(sdata, "Failed setting valid links\n"); 5958 5959 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_VALID_LINKS); 5960 5961 out: 5962 if (!ret) 5963 cfg80211_links_removed(sdata->dev, sdata->u.mgd.removed_links); 5964 else 5965 __ieee80211_disconnect(sdata); 5966 5967 sdata->u.mgd.removed_links = 0; 5968 } 5969 5970 static void ieee80211_ml_reconfiguration(struct ieee80211_sub_if_data *sdata, 5971 struct ieee802_11_elems *elems) 5972 { 5973 const struct element *sub; 5974 unsigned long removed_links = 0; 5975 u16 link_removal_timeout[IEEE80211_MLD_MAX_NUM_LINKS] = {}; 5976 u8 link_id; 5977 u32 delay; 5978 5979 if (!ieee80211_vif_is_mld(&sdata->vif) || !elems->ml_reconf) 5980 return; 5981 5982 /* Directly parse the sub elements as the common information doesn't 5983 * hold any useful information. 5984 */ 5985 for_each_mle_subelement(sub, (const u8 *)elems->ml_reconf, 5986 elems->ml_reconf_len) { 5987 struct ieee80211_mle_per_sta_profile *prof = (void *)sub->data; 5988 u8 *pos = prof->variable; 5989 u16 control; 5990 5991 if (sub->id != IEEE80211_MLE_SUBELEM_PER_STA_PROFILE) 5992 continue; 5993 5994 if (!ieee80211_mle_reconf_sta_prof_size_ok(sub->data, 5995 sub->datalen)) 5996 return; 5997 5998 control = le16_to_cpu(prof->control); 5999 link_id = control & IEEE80211_MLE_STA_RECONF_CONTROL_LINK_ID; 6000 6001 removed_links |= BIT(link_id); 6002 6003 /* the MAC address should not be included, but handle it */ 6004 if (control & 6005 IEEE80211_MLE_STA_RECONF_CONTROL_STA_MAC_ADDR_PRESENT) 6006 pos += 6; 6007 6008 /* According to Draft P802.11be_D3.0, the control should 6009 * include the AP Removal Timer present. If the AP Removal Timer 6010 * is not present assume immediate removal. 6011 */ 6012 if (control & 6013 IEEE80211_MLE_STA_RECONF_CONTROL_AP_REM_TIMER_PRESENT) 6014 link_removal_timeout[link_id] = get_unaligned_le16(pos); 6015 } 6016 6017 removed_links &= sdata->vif.valid_links; 6018 if (!removed_links) { 6019 /* In case the removal was cancelled, abort it */ 6020 if (sdata->u.mgd.removed_links) { 6021 sdata->u.mgd.removed_links = 0; 6022 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, 6023 &sdata->u.mgd.ml_reconf_work); 6024 } 6025 return; 6026 } 6027 6028 delay = 0; 6029 for_each_set_bit(link_id, &removed_links, IEEE80211_MLD_MAX_NUM_LINKS) { 6030 struct ieee80211_bss_conf *link_conf = 6031 sdata_dereference(sdata->vif.link_conf[link_id], sdata); 6032 u32 link_delay; 6033 6034 if (!link_conf) { 6035 removed_links &= ~BIT(link_id); 6036 continue; 6037 } 6038 6039 if (link_removal_timeout[link_id] < 1) 6040 link_delay = 0; 6041 else 6042 link_delay = link_conf->beacon_int * 6043 (link_removal_timeout[link_id] - 1); 6044 6045 if (!delay) 6046 delay = link_delay; 6047 else 6048 delay = min(delay, link_delay); 6049 } 6050 6051 sdata->u.mgd.removed_links = removed_links; 6052 wiphy_delayed_work_queue(sdata->local->hw.wiphy, 6053 &sdata->u.mgd.ml_reconf_work, 6054 TU_TO_JIFFIES(delay)); 6055 } 6056 6057 static int ieee80211_ttlm_set_links(struct ieee80211_sub_if_data *sdata, 6058 u16 active_links, u16 dormant_links, 6059 u16 suspended_links) 6060 { 6061 u64 changed = 0; 6062 int ret; 6063 6064 if (!active_links) { 6065 ret = -EINVAL; 6066 goto out; 6067 } 6068 6069 /* If there is an active negotiated TTLM, it should be discarded by 6070 * the new negotiated/advertised TTLM. 6071 */ 6072 if (sdata->vif.neg_ttlm.valid) { 6073 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm)); 6074 sdata->vif.suspended_links = 0; 6075 changed = BSS_CHANGED_MLD_TTLM; 6076 } 6077 6078 if (sdata->vif.active_links != active_links) { 6079 /* usable links are affected when active_links are changed, 6080 * so notify the driver about the status change 6081 */ 6082 changed |= BSS_CHANGED_MLD_VALID_LINKS; 6083 active_links &= sdata->vif.active_links; 6084 if (!active_links) 6085 active_links = 6086 BIT(__ffs(sdata->vif.valid_links & 6087 ~dormant_links)); 6088 ret = ieee80211_set_active_links(&sdata->vif, active_links); 6089 if (ret) { 6090 sdata_info(sdata, "Failed to set TTLM active links\n"); 6091 goto out; 6092 } 6093 } 6094 6095 ret = ieee80211_vif_set_links(sdata, sdata->vif.valid_links, 6096 dormant_links); 6097 if (ret) { 6098 sdata_info(sdata, "Failed to set TTLM dormant links\n"); 6099 goto out; 6100 } 6101 6102 sdata->vif.suspended_links = suspended_links; 6103 if (sdata->vif.suspended_links) 6104 changed |= BSS_CHANGED_MLD_TTLM; 6105 6106 ieee80211_vif_cfg_change_notify(sdata, changed); 6107 6108 out: 6109 if (ret) 6110 ieee80211_disconnect(&sdata->vif, false); 6111 6112 return ret; 6113 } 6114 6115 static void ieee80211_tid_to_link_map_work(struct wiphy *wiphy, 6116 struct wiphy_work *work) 6117 { 6118 u16 new_active_links, new_dormant_links; 6119 struct ieee80211_sub_if_data *sdata = 6120 container_of(work, struct ieee80211_sub_if_data, 6121 u.mgd.ttlm_work.work); 6122 6123 new_active_links = sdata->u.mgd.ttlm_info.map & 6124 sdata->vif.valid_links; 6125 new_dormant_links = ~sdata->u.mgd.ttlm_info.map & 6126 sdata->vif.valid_links; 6127 6128 ieee80211_vif_set_links(sdata, sdata->vif.valid_links, 0); 6129 if (ieee80211_ttlm_set_links(sdata, new_active_links, new_dormant_links, 6130 0)) 6131 return; 6132 6133 sdata->u.mgd.ttlm_info.active = true; 6134 sdata->u.mgd.ttlm_info.switch_time = 0; 6135 } 6136 6137 static u16 ieee80211_get_ttlm(u8 bm_size, u8 *data) 6138 { 6139 if (bm_size == 1) 6140 return *data; 6141 else 6142 return get_unaligned_le16(data); 6143 } 6144 6145 static int 6146 ieee80211_parse_adv_t2l(struct ieee80211_sub_if_data *sdata, 6147 const struct ieee80211_ttlm_elem *ttlm, 6148 struct ieee80211_adv_ttlm_info *ttlm_info) 6149 { 6150 /* The element size was already validated in 6151 * ieee80211_tid_to_link_map_size_ok() 6152 */ 6153 u8 control, link_map_presence, map_size, tid; 6154 u8 *pos; 6155 6156 memset(ttlm_info, 0, sizeof(*ttlm_info)); 6157 pos = (void *)ttlm->optional; 6158 control = ttlm->control; 6159 6160 if ((control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) || 6161 !(control & IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT)) 6162 return 0; 6163 6164 if ((control & IEEE80211_TTLM_CONTROL_DIRECTION) != 6165 IEEE80211_TTLM_DIRECTION_BOTH) { 6166 sdata_info(sdata, "Invalid advertised T2L map direction\n"); 6167 return -EINVAL; 6168 } 6169 6170 link_map_presence = *pos; 6171 pos++; 6172 6173 ttlm_info->switch_time = get_unaligned_le16(pos); 6174 6175 /* Since ttlm_info->switch_time == 0 means no switch time, bump it 6176 * by 1. 6177 */ 6178 if (!ttlm_info->switch_time) 6179 ttlm_info->switch_time = 1; 6180 6181 pos += 2; 6182 6183 if (control & IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT) { 6184 ttlm_info->duration = pos[0] | pos[1] << 8 | pos[2] << 16; 6185 pos += 3; 6186 } 6187 6188 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE) 6189 map_size = 1; 6190 else 6191 map_size = 2; 6192 6193 /* According to Draft P802.11be_D3.0 clause 35.3.7.1.7, an AP MLD shall 6194 * not advertise a TID-to-link mapping that does not map all TIDs to the 6195 * same link set, reject frame if not all links have mapping 6196 */ 6197 if (link_map_presence != 0xff) { 6198 sdata_info(sdata, 6199 "Invalid advertised T2L mapping presence indicator\n"); 6200 return -EINVAL; 6201 } 6202 6203 ttlm_info->map = ieee80211_get_ttlm(map_size, pos); 6204 if (!ttlm_info->map) { 6205 sdata_info(sdata, 6206 "Invalid advertised T2L map for TID 0\n"); 6207 return -EINVAL; 6208 } 6209 6210 pos += map_size; 6211 6212 for (tid = 1; tid < 8; tid++) { 6213 u16 map = ieee80211_get_ttlm(map_size, pos); 6214 6215 if (map != ttlm_info->map) { 6216 sdata_info(sdata, "Invalid advertised T2L map for tid %d\n", 6217 tid); 6218 return -EINVAL; 6219 } 6220 6221 pos += map_size; 6222 } 6223 return 0; 6224 } 6225 6226 static void ieee80211_process_adv_ttlm(struct ieee80211_sub_if_data *sdata, 6227 struct ieee802_11_elems *elems, 6228 u64 beacon_ts) 6229 { 6230 u8 i; 6231 int ret; 6232 6233 if (!ieee80211_vif_is_mld(&sdata->vif)) 6234 return; 6235 6236 if (!elems->ttlm_num) { 6237 if (sdata->u.mgd.ttlm_info.switch_time) { 6238 /* if a planned TID-to-link mapping was cancelled - 6239 * abort it 6240 */ 6241 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, 6242 &sdata->u.mgd.ttlm_work); 6243 } else if (sdata->u.mgd.ttlm_info.active) { 6244 /* if no TID-to-link element, set to default mapping in 6245 * which all TIDs are mapped to all setup links 6246 */ 6247 ret = ieee80211_vif_set_links(sdata, 6248 sdata->vif.valid_links, 6249 0); 6250 if (ret) { 6251 sdata_info(sdata, "Failed setting valid/dormant links\n"); 6252 return; 6253 } 6254 ieee80211_vif_cfg_change_notify(sdata, 6255 BSS_CHANGED_MLD_VALID_LINKS); 6256 } 6257 memset(&sdata->u.mgd.ttlm_info, 0, 6258 sizeof(sdata->u.mgd.ttlm_info)); 6259 return; 6260 } 6261 6262 for (i = 0; i < elems->ttlm_num; i++) { 6263 struct ieee80211_adv_ttlm_info ttlm_info; 6264 u32 res; 6265 6266 res = ieee80211_parse_adv_t2l(sdata, elems->ttlm[i], 6267 &ttlm_info); 6268 6269 if (res) { 6270 __ieee80211_disconnect(sdata); 6271 return; 6272 } 6273 6274 if (ttlm_info.switch_time) { 6275 u16 beacon_ts_tu, st_tu, delay; 6276 u32 delay_jiffies; 6277 u64 mask; 6278 6279 /* The t2l map switch time is indicated with a partial 6280 * TSF value (bits 10 to 25), get the partial beacon TS 6281 * as well, and calc the delay to the start time. 6282 */ 6283 mask = GENMASK_ULL(25, 10); 6284 beacon_ts_tu = (beacon_ts & mask) >> 10; 6285 st_tu = ttlm_info.switch_time; 6286 delay = st_tu - beacon_ts_tu; 6287 6288 /* 6289 * If the switch time is far in the future, then it 6290 * could also be the previous switch still being 6291 * announced. 6292 * We can simply ignore it for now, if it is a future 6293 * switch the AP will continue to announce it anyway. 6294 */ 6295 if (delay > IEEE80211_ADV_TTLM_ST_UNDERFLOW) 6296 return; 6297 6298 delay_jiffies = TU_TO_JIFFIES(delay); 6299 6300 /* Link switching can take time, so schedule it 6301 * 100ms before to be ready on time 6302 */ 6303 if (delay_jiffies > IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS) 6304 delay_jiffies -= 6305 IEEE80211_ADV_TTLM_SAFETY_BUFFER_MS; 6306 else 6307 delay_jiffies = 0; 6308 6309 sdata->u.mgd.ttlm_info = ttlm_info; 6310 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, 6311 &sdata->u.mgd.ttlm_work); 6312 wiphy_delayed_work_queue(sdata->local->hw.wiphy, 6313 &sdata->u.mgd.ttlm_work, 6314 delay_jiffies); 6315 return; 6316 } 6317 } 6318 } 6319 6320 static void ieee80211_rx_mgmt_beacon(struct ieee80211_link_data *link, 6321 struct ieee80211_hdr *hdr, size_t len, 6322 struct ieee80211_rx_status *rx_status) 6323 { 6324 struct ieee80211_sub_if_data *sdata = link->sdata; 6325 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 6326 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 6327 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg; 6328 struct ieee80211_mgmt *mgmt = (void *) hdr; 6329 size_t baselen; 6330 struct ieee802_11_elems *elems; 6331 struct ieee80211_local *local = sdata->local; 6332 struct ieee80211_chanctx_conf *chanctx_conf; 6333 struct ieee80211_supported_band *sband; 6334 struct ieee80211_channel *chan; 6335 struct link_sta_info *link_sta; 6336 struct sta_info *sta; 6337 u64 changed = 0; 6338 bool erp_valid; 6339 u8 erp_value = 0; 6340 u32 ncrc = 0; 6341 u8 *bssid, *variable = mgmt->u.beacon.variable; 6342 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 6343 struct ieee80211_elems_parse_params parse_params = { 6344 .mode = link->u.mgd.conn.mode, 6345 .link_id = -1, 6346 .from_ap = true, 6347 }; 6348 6349 lockdep_assert_wiphy(local->hw.wiphy); 6350 6351 /* Process beacon from the current BSS */ 6352 bssid = ieee80211_get_bssid(hdr, len, sdata->vif.type); 6353 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) { 6354 struct ieee80211_ext *ext = (void *) mgmt; 6355 6356 if (ieee80211_is_s1g_short_beacon(ext->frame_control)) 6357 variable = ext->u.s1g_short_beacon.variable; 6358 else 6359 variable = ext->u.s1g_beacon.variable; 6360 } 6361 6362 baselen = (u8 *) variable - (u8 *) mgmt; 6363 if (baselen > len) 6364 return; 6365 6366 parse_params.start = variable; 6367 parse_params.len = len - baselen; 6368 6369 rcu_read_lock(); 6370 chanctx_conf = rcu_dereference(link->conf->chanctx_conf); 6371 if (!chanctx_conf) { 6372 rcu_read_unlock(); 6373 return; 6374 } 6375 6376 if (ieee80211_rx_status_to_khz(rx_status) != 6377 ieee80211_channel_to_khz(chanctx_conf->def.chan)) { 6378 rcu_read_unlock(); 6379 return; 6380 } 6381 chan = chanctx_conf->def.chan; 6382 rcu_read_unlock(); 6383 6384 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 6385 !WARN_ON(ieee80211_vif_is_mld(&sdata->vif)) && 6386 ieee80211_rx_our_beacon(bssid, ifmgd->assoc_data->link[0].bss)) { 6387 parse_params.bss = ifmgd->assoc_data->link[0].bss; 6388 elems = ieee802_11_parse_elems_full(&parse_params); 6389 if (!elems) 6390 return; 6391 6392 ieee80211_rx_bss_info(link, mgmt, len, rx_status); 6393 6394 if (elems->dtim_period) 6395 link->u.mgd.dtim_period = elems->dtim_period; 6396 link->u.mgd.have_beacon = true; 6397 ifmgd->assoc_data->need_beacon = false; 6398 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) && 6399 !ieee80211_is_s1g_beacon(hdr->frame_control)) { 6400 link->conf->sync_tsf = 6401 le64_to_cpu(mgmt->u.beacon.timestamp); 6402 link->conf->sync_device_ts = 6403 rx_status->device_timestamp; 6404 link->conf->sync_dtim_count = elems->dtim_count; 6405 } 6406 6407 if (elems->mbssid_config_ie) 6408 bss_conf->profile_periodicity = 6409 elems->mbssid_config_ie->profile_periodicity; 6410 else 6411 bss_conf->profile_periodicity = 0; 6412 6413 if (elems->ext_capab_len >= 11 && 6414 (elems->ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT)) 6415 bss_conf->ema_ap = true; 6416 else 6417 bss_conf->ema_ap = false; 6418 6419 /* continue assoc process */ 6420 ifmgd->assoc_data->timeout = jiffies; 6421 ifmgd->assoc_data->timeout_started = true; 6422 run_again(sdata, ifmgd->assoc_data->timeout); 6423 kfree(elems); 6424 return; 6425 } 6426 6427 if (!ifmgd->associated || 6428 !ieee80211_rx_our_beacon(bssid, link->conf->bss)) 6429 return; 6430 bssid = link->u.mgd.bssid; 6431 6432 if (!(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL)) 6433 ieee80211_handle_beacon_sig(link, ifmgd, bss_conf, 6434 local, rx_status); 6435 6436 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) { 6437 mlme_dbg_ratelimited(sdata, 6438 "cancelling AP probe due to a received beacon\n"); 6439 ieee80211_reset_ap_probe(sdata); 6440 } 6441 6442 /* 6443 * Push the beacon loss detection into the future since 6444 * we are processing a beacon from the AP just now. 6445 */ 6446 ieee80211_sta_reset_beacon_monitor(sdata); 6447 6448 /* TODO: CRC urrently not calculated on S1G Beacon Compatibility 6449 * element (which carries the beacon interval). Don't forget to add a 6450 * bit to care_about_ies[] above if mac80211 is interested in a 6451 * changing S1G element. 6452 */ 6453 if (!ieee80211_is_s1g_beacon(hdr->frame_control)) 6454 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 6455 parse_params.bss = link->conf->bss; 6456 parse_params.filter = care_about_ies; 6457 parse_params.crc = ncrc; 6458 elems = ieee802_11_parse_elems_full(&parse_params); 6459 if (!elems) 6460 return; 6461 ncrc = elems->crc; 6462 6463 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) && 6464 ieee80211_check_tim(elems->tim, elems->tim_len, vif_cfg->aid)) { 6465 if (local->hw.conf.dynamic_ps_timeout > 0) { 6466 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 6467 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 6468 ieee80211_hw_config(local, 6469 IEEE80211_CONF_CHANGE_PS); 6470 } 6471 ieee80211_send_nullfunc(local, sdata, false); 6472 } else if (!local->pspolling && sdata->u.mgd.powersave) { 6473 local->pspolling = true; 6474 6475 /* 6476 * Here is assumed that the driver will be 6477 * able to send ps-poll frame and receive a 6478 * response even though power save mode is 6479 * enabled, but some drivers might require 6480 * to disable power save here. This needs 6481 * to be investigated. 6482 */ 6483 ieee80211_send_pspoll(local, sdata); 6484 } 6485 } 6486 6487 if (sdata->vif.p2p || 6488 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) { 6489 struct ieee80211_p2p_noa_attr noa = {}; 6490 int ret; 6491 6492 ret = cfg80211_get_p2p_attr(variable, 6493 len - baselen, 6494 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 6495 (u8 *) &noa, sizeof(noa)); 6496 if (ret >= 2) { 6497 if (link->u.mgd.p2p_noa_index != noa.index) { 6498 /* valid noa_attr and index changed */ 6499 link->u.mgd.p2p_noa_index = noa.index; 6500 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 6501 changed |= BSS_CHANGED_P2P_PS; 6502 /* 6503 * make sure we update all information, the CRC 6504 * mechanism doesn't look at P2P attributes. 6505 */ 6506 link->u.mgd.beacon_crc_valid = false; 6507 } 6508 } else if (link->u.mgd.p2p_noa_index != -1) { 6509 /* noa_attr not found and we had valid noa_attr before */ 6510 link->u.mgd.p2p_noa_index = -1; 6511 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 6512 changed |= BSS_CHANGED_P2P_PS; 6513 link->u.mgd.beacon_crc_valid = false; 6514 } 6515 } 6516 6517 /* 6518 * Update beacon timing and dtim count on every beacon appearance. This 6519 * will allow the driver to use the most updated values. Do it before 6520 * comparing this one with last received beacon. 6521 * IMPORTANT: These parameters would possibly be out of sync by the time 6522 * the driver will use them. The synchronized view is currently 6523 * guaranteed only in certain callbacks. 6524 */ 6525 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) && 6526 !ieee80211_is_s1g_beacon(hdr->frame_control)) { 6527 link->conf->sync_tsf = 6528 le64_to_cpu(mgmt->u.beacon.timestamp); 6529 link->conf->sync_device_ts = 6530 rx_status->device_timestamp; 6531 link->conf->sync_dtim_count = elems->dtim_count; 6532 } 6533 6534 if ((ncrc == link->u.mgd.beacon_crc && link->u.mgd.beacon_crc_valid) || 6535 ieee80211_is_s1g_short_beacon(mgmt->frame_control)) 6536 goto free; 6537 link->u.mgd.beacon_crc = ncrc; 6538 link->u.mgd.beacon_crc_valid = true; 6539 6540 ieee80211_rx_bss_info(link, mgmt, len, rx_status); 6541 6542 ieee80211_sta_process_chanswitch(link, rx_status->mactime, 6543 rx_status->device_timestamp, 6544 elems, true); 6545 6546 if (!link->u.mgd.disable_wmm_tracking && 6547 ieee80211_sta_wmm_params(local, link, elems->wmm_param, 6548 elems->wmm_param_len, 6549 elems->mu_edca_param_set)) 6550 changed |= BSS_CHANGED_QOS; 6551 6552 /* 6553 * If we haven't had a beacon before, tell the driver about the 6554 * DTIM period (and beacon timing if desired) now. 6555 */ 6556 if (!link->u.mgd.have_beacon) { 6557 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 6558 bss_conf->dtim_period = elems->dtim_period ?: 1; 6559 6560 changed |= BSS_CHANGED_BEACON_INFO; 6561 link->u.mgd.have_beacon = true; 6562 6563 ieee80211_recalc_ps(local); 6564 6565 ieee80211_recalc_ps_vif(sdata); 6566 } 6567 6568 if (elems->erp_info) { 6569 erp_valid = true; 6570 erp_value = elems->erp_info[0]; 6571 } else { 6572 erp_valid = false; 6573 } 6574 6575 if (!ieee80211_is_s1g_beacon(hdr->frame_control)) 6576 changed |= ieee80211_handle_bss_capability(link, 6577 le16_to_cpu(mgmt->u.beacon.capab_info), 6578 erp_valid, erp_value); 6579 6580 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr); 6581 if (WARN_ON(!sta)) { 6582 goto free; 6583 } 6584 link_sta = rcu_dereference_protected(sta->link[link->link_id], 6585 lockdep_is_held(&local->hw.wiphy->mtx)); 6586 if (WARN_ON(!link_sta)) { 6587 goto free; 6588 } 6589 6590 if (WARN_ON(!link->conf->chanreq.oper.chan)) 6591 goto free; 6592 6593 sband = local->hw.wiphy->bands[link->conf->chanreq.oper.chan->band]; 6594 6595 changed |= ieee80211_recalc_twt_req(sdata, sband, link, link_sta, elems); 6596 6597 if (ieee80211_config_bw(link, elems, true, &changed)) { 6598 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 6599 WLAN_REASON_DEAUTH_LEAVING, 6600 true, deauth_buf); 6601 ieee80211_report_disconnect(sdata, deauth_buf, 6602 sizeof(deauth_buf), true, 6603 WLAN_REASON_DEAUTH_LEAVING, 6604 false); 6605 goto free; 6606 } 6607 6608 if (elems->opmode_notif) 6609 ieee80211_vht_handle_opmode(sdata, link_sta, 6610 *elems->opmode_notif, 6611 rx_status->band); 6612 6613 changed |= ieee80211_handle_pwr_constr(link, chan, mgmt, 6614 elems->country_elem, 6615 elems->country_elem_len, 6616 elems->pwr_constr_elem, 6617 elems->cisco_dtpc_elem); 6618 6619 ieee80211_ml_reconfiguration(sdata, elems); 6620 ieee80211_process_adv_ttlm(sdata, elems, 6621 le64_to_cpu(mgmt->u.beacon.timestamp)); 6622 6623 ieee80211_link_info_change_notify(sdata, link, changed); 6624 free: 6625 kfree(elems); 6626 } 6627 6628 static void ieee80211_apply_neg_ttlm(struct ieee80211_sub_if_data *sdata, 6629 struct ieee80211_neg_ttlm neg_ttlm) 6630 { 6631 u16 new_active_links, new_dormant_links, new_suspended_links, map = 0; 6632 u8 i; 6633 6634 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) 6635 map |= neg_ttlm.downlink[i] | neg_ttlm.uplink[i]; 6636 6637 /* If there is an active TTLM, unset previously suspended links */ 6638 if (sdata->vif.neg_ttlm.valid) 6639 sdata->vif.dormant_links &= ~sdata->vif.suspended_links; 6640 6641 /* exclude links that are already disabled by advertised TTLM */ 6642 new_active_links = 6643 map & sdata->vif.valid_links & ~sdata->vif.dormant_links; 6644 new_suspended_links = 6645 (~map & sdata->vif.valid_links) & ~sdata->vif.dormant_links; 6646 new_dormant_links = sdata->vif.dormant_links | new_suspended_links; 6647 if (ieee80211_ttlm_set_links(sdata, new_active_links, 6648 new_dormant_links, new_suspended_links)) 6649 return; 6650 6651 sdata->vif.neg_ttlm = neg_ttlm; 6652 sdata->vif.neg_ttlm.valid = true; 6653 } 6654 6655 static void ieee80211_neg_ttlm_timeout_work(struct wiphy *wiphy, 6656 struct wiphy_work *work) 6657 { 6658 struct ieee80211_sub_if_data *sdata = 6659 container_of(work, struct ieee80211_sub_if_data, 6660 u.mgd.neg_ttlm_timeout_work.work); 6661 6662 sdata_info(sdata, 6663 "No negotiated TTLM response from AP, disconnecting.\n"); 6664 6665 __ieee80211_disconnect(sdata); 6666 } 6667 6668 static void 6669 ieee80211_neg_ttlm_add_suggested_map(struct sk_buff *skb, 6670 struct ieee80211_neg_ttlm *neg_ttlm) 6671 { 6672 u8 i, direction[IEEE80211_TTLM_MAX_CNT]; 6673 6674 if (memcmp(neg_ttlm->downlink, neg_ttlm->uplink, 6675 sizeof(neg_ttlm->downlink))) { 6676 direction[0] = IEEE80211_TTLM_DIRECTION_DOWN; 6677 direction[1] = IEEE80211_TTLM_DIRECTION_UP; 6678 } else { 6679 direction[0] = IEEE80211_TTLM_DIRECTION_BOTH; 6680 } 6681 6682 for (i = 0; i < ARRAY_SIZE(direction); i++) { 6683 u8 tid, len, map_ind = 0, *len_pos, *map_ind_pos, *pos; 6684 __le16 map; 6685 6686 len = sizeof(struct ieee80211_ttlm_elem) + 1 + 1; 6687 6688 pos = skb_put(skb, len + 2); 6689 *pos++ = WLAN_EID_EXTENSION; 6690 len_pos = pos++; 6691 *pos++ = WLAN_EID_EXT_TID_TO_LINK_MAPPING; 6692 *pos++ = direction[i]; 6693 map_ind_pos = pos++; 6694 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) { 6695 map = direction[i] == IEEE80211_TTLM_DIRECTION_UP ? 6696 cpu_to_le16(neg_ttlm->uplink[tid]) : 6697 cpu_to_le16(neg_ttlm->downlink[tid]); 6698 if (!map) 6699 continue; 6700 6701 len += 2; 6702 map_ind |= BIT(tid); 6703 skb_put_data(skb, &map, sizeof(map)); 6704 } 6705 6706 *map_ind_pos = map_ind; 6707 *len_pos = len; 6708 6709 if (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH) 6710 break; 6711 } 6712 } 6713 6714 static void 6715 ieee80211_send_neg_ttlm_req(struct ieee80211_sub_if_data *sdata, 6716 struct ieee80211_neg_ttlm *neg_ttlm, 6717 u8 dialog_token) 6718 { 6719 struct ieee80211_local *local = sdata->local; 6720 struct ieee80211_mgmt *mgmt; 6721 struct sk_buff *skb; 6722 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.ttlm_req); 6723 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 + 6724 2 * 2 * IEEE80211_TTLM_NUM_TIDS; 6725 6726 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len); 6727 if (!skb) 6728 return; 6729 6730 skb_reserve(skb, local->tx_headroom); 6731 mgmt = skb_put_zero(skb, hdr_len); 6732 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 6733 IEEE80211_STYPE_ACTION); 6734 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN); 6735 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 6736 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN); 6737 6738 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT; 6739 mgmt->u.action.u.ttlm_req.action_code = 6740 WLAN_PROTECTED_EHT_ACTION_TTLM_REQ; 6741 mgmt->u.action.u.ttlm_req.dialog_token = dialog_token; 6742 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm); 6743 ieee80211_tx_skb(sdata, skb); 6744 } 6745 6746 int ieee80211_req_neg_ttlm(struct ieee80211_sub_if_data *sdata, 6747 struct cfg80211_ttlm_params *params) 6748 { 6749 struct ieee80211_neg_ttlm neg_ttlm = {}; 6750 u8 i; 6751 6752 if (!ieee80211_vif_is_mld(&sdata->vif) || 6753 !(sdata->vif.cfg.mld_capa_op & 6754 IEEE80211_MLD_CAP_OP_TID_TO_LINK_MAP_NEG_SUPP)) 6755 return -EINVAL; 6756 6757 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) { 6758 if ((params->dlink[i] & ~sdata->vif.valid_links) || 6759 (params->ulink[i] & ~sdata->vif.valid_links)) 6760 return -EINVAL; 6761 6762 neg_ttlm.downlink[i] = params->dlink[i]; 6763 neg_ttlm.uplink[i] = params->ulink[i]; 6764 } 6765 6766 if (drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm) != 6767 NEG_TTLM_RES_ACCEPT) 6768 return -EINVAL; 6769 6770 ieee80211_apply_neg_ttlm(sdata, neg_ttlm); 6771 sdata->u.mgd.dialog_token_alloc++; 6772 ieee80211_send_neg_ttlm_req(sdata, &sdata->vif.neg_ttlm, 6773 sdata->u.mgd.dialog_token_alloc); 6774 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, 6775 &sdata->u.mgd.neg_ttlm_timeout_work); 6776 wiphy_delayed_work_queue(sdata->local->hw.wiphy, 6777 &sdata->u.mgd.neg_ttlm_timeout_work, 6778 IEEE80211_NEG_TTLM_REQ_TIMEOUT); 6779 return 0; 6780 } 6781 6782 static void 6783 ieee80211_send_neg_ttlm_res(struct ieee80211_sub_if_data *sdata, 6784 enum ieee80211_neg_ttlm_res ttlm_res, 6785 u8 dialog_token, 6786 struct ieee80211_neg_ttlm *neg_ttlm) 6787 { 6788 struct ieee80211_local *local = sdata->local; 6789 struct ieee80211_mgmt *mgmt; 6790 struct sk_buff *skb; 6791 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.ttlm_res); 6792 int ttlm_max_len = 2 + 1 + sizeof(struct ieee80211_ttlm_elem) + 1 + 6793 2 * 2 * IEEE80211_TTLM_NUM_TIDS; 6794 6795 skb = dev_alloc_skb(local->tx_headroom + hdr_len + ttlm_max_len); 6796 if (!skb) 6797 return; 6798 6799 skb_reserve(skb, local->tx_headroom); 6800 mgmt = skb_put_zero(skb, hdr_len); 6801 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 6802 IEEE80211_STYPE_ACTION); 6803 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN); 6804 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 6805 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN); 6806 6807 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT; 6808 mgmt->u.action.u.ttlm_res.action_code = 6809 WLAN_PROTECTED_EHT_ACTION_TTLM_RES; 6810 mgmt->u.action.u.ttlm_res.dialog_token = dialog_token; 6811 switch (ttlm_res) { 6812 default: 6813 WARN_ON(1); 6814 fallthrough; 6815 case NEG_TTLM_RES_REJECT: 6816 mgmt->u.action.u.ttlm_res.status_code = 6817 WLAN_STATUS_DENIED_TID_TO_LINK_MAPPING; 6818 break; 6819 case NEG_TTLM_RES_ACCEPT: 6820 mgmt->u.action.u.ttlm_res.status_code = WLAN_STATUS_SUCCESS; 6821 break; 6822 case NEG_TTLM_RES_SUGGEST_PREFERRED: 6823 mgmt->u.action.u.ttlm_res.status_code = 6824 WLAN_STATUS_PREF_TID_TO_LINK_MAPPING_SUGGESTED; 6825 ieee80211_neg_ttlm_add_suggested_map(skb, neg_ttlm); 6826 break; 6827 } 6828 6829 ieee80211_tx_skb(sdata, skb); 6830 } 6831 6832 static int 6833 ieee80211_parse_neg_ttlm(struct ieee80211_sub_if_data *sdata, 6834 const struct ieee80211_ttlm_elem *ttlm, 6835 struct ieee80211_neg_ttlm *neg_ttlm, 6836 u8 *direction) 6837 { 6838 u8 control, link_map_presence, map_size, tid; 6839 u8 *pos; 6840 6841 /* The element size was already validated in 6842 * ieee80211_tid_to_link_map_size_ok() 6843 */ 6844 pos = (void *)ttlm->optional; 6845 6846 control = ttlm->control; 6847 6848 /* mapping switch time and expected duration fields are not expected 6849 * in case of negotiated TTLM 6850 */ 6851 if (control & (IEEE80211_TTLM_CONTROL_SWITCH_TIME_PRESENT | 6852 IEEE80211_TTLM_CONTROL_EXPECTED_DUR_PRESENT)) { 6853 mlme_dbg(sdata, 6854 "Invalid TTLM element in negotiated TTLM request\n"); 6855 return -EINVAL; 6856 } 6857 6858 if (control & IEEE80211_TTLM_CONTROL_DEF_LINK_MAP) { 6859 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) { 6860 neg_ttlm->downlink[tid] = sdata->vif.valid_links; 6861 neg_ttlm->uplink[tid] = sdata->vif.valid_links; 6862 } 6863 *direction = IEEE80211_TTLM_DIRECTION_BOTH; 6864 return 0; 6865 } 6866 6867 *direction = u8_get_bits(control, IEEE80211_TTLM_CONTROL_DIRECTION); 6868 if (*direction != IEEE80211_TTLM_DIRECTION_DOWN && 6869 *direction != IEEE80211_TTLM_DIRECTION_UP && 6870 *direction != IEEE80211_TTLM_DIRECTION_BOTH) 6871 return -EINVAL; 6872 6873 link_map_presence = *pos; 6874 pos++; 6875 6876 if (control & IEEE80211_TTLM_CONTROL_LINK_MAP_SIZE) 6877 map_size = 1; 6878 else 6879 map_size = 2; 6880 6881 for (tid = 0; tid < IEEE80211_TTLM_NUM_TIDS; tid++) { 6882 u16 map; 6883 6884 if (link_map_presence & BIT(tid)) { 6885 map = ieee80211_get_ttlm(map_size, pos); 6886 if (!map) { 6887 mlme_dbg(sdata, 6888 "No active links for TID %d", tid); 6889 return -EINVAL; 6890 } 6891 } else { 6892 map = 0; 6893 } 6894 6895 switch (*direction) { 6896 case IEEE80211_TTLM_DIRECTION_BOTH: 6897 neg_ttlm->downlink[tid] = map; 6898 neg_ttlm->uplink[tid] = map; 6899 break; 6900 case IEEE80211_TTLM_DIRECTION_DOWN: 6901 neg_ttlm->downlink[tid] = map; 6902 break; 6903 case IEEE80211_TTLM_DIRECTION_UP: 6904 neg_ttlm->uplink[tid] = map; 6905 break; 6906 default: 6907 return -EINVAL; 6908 } 6909 pos += map_size; 6910 } 6911 return 0; 6912 } 6913 6914 void ieee80211_process_neg_ttlm_req(struct ieee80211_sub_if_data *sdata, 6915 struct ieee80211_mgmt *mgmt, size_t len) 6916 { 6917 u8 dialog_token, direction[IEEE80211_TTLM_MAX_CNT] = {}, i; 6918 size_t ies_len; 6919 enum ieee80211_neg_ttlm_res ttlm_res = NEG_TTLM_RES_ACCEPT; 6920 struct ieee802_11_elems *elems = NULL; 6921 struct ieee80211_neg_ttlm neg_ttlm = {}; 6922 6923 BUILD_BUG_ON(ARRAY_SIZE(direction) != ARRAY_SIZE(elems->ttlm)); 6924 6925 if (!ieee80211_vif_is_mld(&sdata->vif)) 6926 return; 6927 6928 dialog_token = mgmt->u.action.u.ttlm_req.dialog_token; 6929 ies_len = len - offsetof(struct ieee80211_mgmt, 6930 u.action.u.ttlm_req.variable); 6931 elems = ieee802_11_parse_elems(mgmt->u.action.u.ttlm_req.variable, 6932 ies_len, true, NULL); 6933 if (!elems) { 6934 ttlm_res = NEG_TTLM_RES_REJECT; 6935 goto out; 6936 } 6937 6938 for (i = 0; i < elems->ttlm_num; i++) { 6939 if (ieee80211_parse_neg_ttlm(sdata, elems->ttlm[i], 6940 &neg_ttlm, &direction[i]) || 6941 (direction[i] == IEEE80211_TTLM_DIRECTION_BOTH && 6942 elems->ttlm_num != 1)) { 6943 ttlm_res = NEG_TTLM_RES_REJECT; 6944 goto out; 6945 } 6946 } 6947 6948 if (!elems->ttlm_num || 6949 (elems->ttlm_num == 2 && direction[0] == direction[1])) { 6950 ttlm_res = NEG_TTLM_RES_REJECT; 6951 goto out; 6952 } 6953 6954 for (i = 0; i < IEEE80211_TTLM_NUM_TIDS; i++) { 6955 if ((neg_ttlm.downlink[i] && 6956 (neg_ttlm.downlink[i] & ~sdata->vif.valid_links)) || 6957 (neg_ttlm.uplink[i] && 6958 (neg_ttlm.uplink[i] & ~sdata->vif.valid_links))) { 6959 ttlm_res = NEG_TTLM_RES_REJECT; 6960 goto out; 6961 } 6962 } 6963 6964 ttlm_res = drv_can_neg_ttlm(sdata->local, sdata, &neg_ttlm); 6965 6966 if (ttlm_res != NEG_TTLM_RES_ACCEPT) 6967 goto out; 6968 6969 ieee80211_apply_neg_ttlm(sdata, neg_ttlm); 6970 out: 6971 kfree(elems); 6972 ieee80211_send_neg_ttlm_res(sdata, ttlm_res, dialog_token, &neg_ttlm); 6973 } 6974 6975 void ieee80211_process_neg_ttlm_res(struct ieee80211_sub_if_data *sdata, 6976 struct ieee80211_mgmt *mgmt, size_t len) 6977 { 6978 if (!ieee80211_vif_is_mld(&sdata->vif) || 6979 mgmt->u.action.u.ttlm_req.dialog_token != 6980 sdata->u.mgd.dialog_token_alloc) 6981 return; 6982 6983 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, 6984 &sdata->u.mgd.neg_ttlm_timeout_work); 6985 6986 /* MLD station sends a TID to link mapping request, mainly to handle 6987 * BTM (BSS transition management) request, in which case it needs to 6988 * restrict the active links set. 6989 * In this case it's not expected that the MLD AP will reject the 6990 * negotiated TTLM request. 6991 * This can be better implemented in the future, to handle request 6992 * rejections. 6993 */ 6994 if (mgmt->u.action.u.ttlm_res.status_code != WLAN_STATUS_SUCCESS) 6995 __ieee80211_disconnect(sdata); 6996 } 6997 6998 static void ieee80211_teardown_ttlm_work(struct wiphy *wiphy, 6999 struct wiphy_work *work) 7000 { 7001 u16 new_dormant_links; 7002 struct ieee80211_sub_if_data *sdata = 7003 container_of(work, struct ieee80211_sub_if_data, 7004 u.mgd.neg_ttlm_timeout_work.work); 7005 7006 if (!sdata->vif.neg_ttlm.valid) 7007 return; 7008 7009 memset(&sdata->vif.neg_ttlm, 0, sizeof(sdata->vif.neg_ttlm)); 7010 new_dormant_links = 7011 sdata->vif.dormant_links & ~sdata->vif.suspended_links; 7012 sdata->vif.suspended_links = 0; 7013 ieee80211_vif_set_links(sdata, sdata->vif.valid_links, 7014 new_dormant_links); 7015 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_MLD_TTLM | 7016 BSS_CHANGED_MLD_VALID_LINKS); 7017 } 7018 7019 void ieee80211_send_teardown_neg_ttlm(struct ieee80211_vif *vif) 7020 { 7021 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 7022 struct ieee80211_local *local = sdata->local; 7023 struct ieee80211_mgmt *mgmt; 7024 struct sk_buff *skb; 7025 int frame_len = offsetofend(struct ieee80211_mgmt, 7026 u.action.u.ttlm_tear_down); 7027 struct ieee80211_tx_info *info; 7028 7029 skb = dev_alloc_skb(local->hw.extra_tx_headroom + frame_len); 7030 if (!skb) 7031 return; 7032 7033 skb_reserve(skb, local->hw.extra_tx_headroom); 7034 mgmt = skb_put_zero(skb, frame_len); 7035 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 7036 IEEE80211_STYPE_ACTION); 7037 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN); 7038 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 7039 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN); 7040 7041 mgmt->u.action.category = WLAN_CATEGORY_PROTECTED_EHT; 7042 mgmt->u.action.u.ttlm_tear_down.action_code = 7043 WLAN_PROTECTED_EHT_ACTION_TTLM_TEARDOWN; 7044 7045 info = IEEE80211_SKB_CB(skb); 7046 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 7047 info->status_data = IEEE80211_STATUS_TYPE_NEG_TTLM; 7048 ieee80211_tx_skb(sdata, skb); 7049 } 7050 EXPORT_SYMBOL(ieee80211_send_teardown_neg_ttlm); 7051 7052 void ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data *sdata, 7053 struct sk_buff *skb) 7054 { 7055 struct ieee80211_link_data *link = &sdata->deflink; 7056 struct ieee80211_rx_status *rx_status; 7057 struct ieee80211_hdr *hdr; 7058 u16 fc; 7059 7060 lockdep_assert_wiphy(sdata->local->hw.wiphy); 7061 7062 rx_status = (struct ieee80211_rx_status *) skb->cb; 7063 hdr = (struct ieee80211_hdr *) skb->data; 7064 fc = le16_to_cpu(hdr->frame_control); 7065 7066 switch (fc & IEEE80211_FCTL_STYPE) { 7067 case IEEE80211_STYPE_S1G_BEACON: 7068 ieee80211_rx_mgmt_beacon(link, hdr, skb->len, rx_status); 7069 break; 7070 } 7071 } 7072 7073 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 7074 struct sk_buff *skb) 7075 { 7076 struct ieee80211_link_data *link = &sdata->deflink; 7077 struct ieee80211_rx_status *rx_status; 7078 struct ieee80211_mgmt *mgmt; 7079 u16 fc; 7080 int ies_len; 7081 7082 lockdep_assert_wiphy(sdata->local->hw.wiphy); 7083 7084 rx_status = (struct ieee80211_rx_status *) skb->cb; 7085 mgmt = (struct ieee80211_mgmt *) skb->data; 7086 fc = le16_to_cpu(mgmt->frame_control); 7087 7088 if (rx_status->link_valid) { 7089 link = sdata_dereference(sdata->link[rx_status->link_id], 7090 sdata); 7091 if (!link) 7092 return; 7093 } 7094 7095 switch (fc & IEEE80211_FCTL_STYPE) { 7096 case IEEE80211_STYPE_BEACON: 7097 ieee80211_rx_mgmt_beacon(link, (void *)mgmt, 7098 skb->len, rx_status); 7099 break; 7100 case IEEE80211_STYPE_PROBE_RESP: 7101 ieee80211_rx_mgmt_probe_resp(link, skb); 7102 break; 7103 case IEEE80211_STYPE_AUTH: 7104 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 7105 break; 7106 case IEEE80211_STYPE_DEAUTH: 7107 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 7108 break; 7109 case IEEE80211_STYPE_DISASSOC: 7110 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 7111 break; 7112 case IEEE80211_STYPE_ASSOC_RESP: 7113 case IEEE80211_STYPE_REASSOC_RESP: 7114 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 7115 break; 7116 case IEEE80211_STYPE_ACTION: 7117 if (!sdata->u.mgd.associated || 7118 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)) 7119 break; 7120 7121 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 7122 struct ieee802_11_elems *elems; 7123 7124 ies_len = skb->len - 7125 offsetof(struct ieee80211_mgmt, 7126 u.action.u.chan_switch.variable); 7127 7128 if (ies_len < 0) 7129 break; 7130 7131 /* CSA IE cannot be overridden, no need for BSSID */ 7132 elems = ieee802_11_parse_elems( 7133 mgmt->u.action.u.chan_switch.variable, 7134 ies_len, true, NULL); 7135 7136 if (elems && !elems->parse_error) 7137 ieee80211_sta_process_chanswitch(link, 7138 rx_status->mactime, 7139 rx_status->device_timestamp, 7140 elems, false); 7141 kfree(elems); 7142 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 7143 struct ieee802_11_elems *elems; 7144 7145 ies_len = skb->len - 7146 offsetof(struct ieee80211_mgmt, 7147 u.action.u.ext_chan_switch.variable); 7148 7149 if (ies_len < 0) 7150 break; 7151 7152 /* 7153 * extended CSA IE can't be overridden, no need for 7154 * BSSID 7155 */ 7156 elems = ieee802_11_parse_elems( 7157 mgmt->u.action.u.ext_chan_switch.variable, 7158 ies_len, true, NULL); 7159 7160 if (elems && !elems->parse_error) { 7161 /* for the handling code pretend it was an IE */ 7162 elems->ext_chansw_ie = 7163 &mgmt->u.action.u.ext_chan_switch.data; 7164 7165 ieee80211_sta_process_chanswitch(link, 7166 rx_status->mactime, 7167 rx_status->device_timestamp, 7168 elems, false); 7169 } 7170 7171 kfree(elems); 7172 } 7173 break; 7174 } 7175 } 7176 7177 static void ieee80211_sta_timer(struct timer_list *t) 7178 { 7179 struct ieee80211_sub_if_data *sdata = 7180 from_timer(sdata, t, u.mgd.timer); 7181 7182 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work); 7183 } 7184 7185 void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 7186 u8 reason, bool tx) 7187 { 7188 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 7189 7190 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 7191 tx, frame_buf); 7192 7193 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true, 7194 reason, false); 7195 } 7196 7197 static int ieee80211_auth(struct ieee80211_sub_if_data *sdata) 7198 { 7199 struct ieee80211_local *local = sdata->local; 7200 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 7201 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 7202 u32 tx_flags = 0; 7203 u16 trans = 1; 7204 u16 status = 0; 7205 struct ieee80211_prep_tx_info info = { 7206 .subtype = IEEE80211_STYPE_AUTH, 7207 }; 7208 7209 lockdep_assert_wiphy(sdata->local->hw.wiphy); 7210 7211 if (WARN_ON_ONCE(!auth_data)) 7212 return -EINVAL; 7213 7214 auth_data->tries++; 7215 7216 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 7217 sdata_info(sdata, "authentication with %pM timed out\n", 7218 auth_data->ap_addr); 7219 7220 /* 7221 * Most likely AP is not in the range so remove the 7222 * bss struct for that AP. 7223 */ 7224 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 7225 7226 return -ETIMEDOUT; 7227 } 7228 7229 if (auth_data->algorithm == WLAN_AUTH_SAE) 7230 info.duration = jiffies_to_msecs(IEEE80211_AUTH_TIMEOUT_SAE); 7231 7232 info.link_id = auth_data->link_id; 7233 drv_mgd_prepare_tx(local, sdata, &info); 7234 7235 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 7236 auth_data->ap_addr, auth_data->tries, 7237 IEEE80211_AUTH_MAX_TRIES); 7238 7239 auth_data->expected_transaction = 2; 7240 7241 if (auth_data->algorithm == WLAN_AUTH_SAE) { 7242 trans = auth_data->sae_trans; 7243 status = auth_data->sae_status; 7244 auth_data->expected_transaction = trans; 7245 } 7246 7247 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 7248 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 7249 IEEE80211_TX_INTFL_MLME_CONN_TX; 7250 7251 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 7252 auth_data->data, auth_data->data_len, 7253 auth_data->ap_addr, auth_data->ap_addr, 7254 NULL, 0, 0, tx_flags); 7255 7256 if (tx_flags == 0) { 7257 if (auth_data->algorithm == WLAN_AUTH_SAE) 7258 auth_data->timeout = jiffies + 7259 IEEE80211_AUTH_TIMEOUT_SAE; 7260 else 7261 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 7262 } else { 7263 auth_data->timeout = 7264 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); 7265 } 7266 7267 auth_data->timeout_started = true; 7268 run_again(sdata, auth_data->timeout); 7269 7270 return 0; 7271 } 7272 7273 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 7274 { 7275 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 7276 struct ieee80211_local *local = sdata->local; 7277 int ret; 7278 7279 lockdep_assert_wiphy(sdata->local->hw.wiphy); 7280 7281 assoc_data->tries++; 7282 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 7283 sdata_info(sdata, "association with %pM timed out\n", 7284 assoc_data->ap_addr); 7285 7286 /* 7287 * Most likely AP is not in the range so remove the 7288 * bss struct for that AP. 7289 */ 7290 cfg80211_unlink_bss(local->hw.wiphy, 7291 assoc_data->link[assoc_data->assoc_link_id].bss); 7292 7293 return -ETIMEDOUT; 7294 } 7295 7296 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 7297 assoc_data->ap_addr, assoc_data->tries, 7298 IEEE80211_ASSOC_MAX_TRIES); 7299 ret = ieee80211_send_assoc(sdata); 7300 if (ret) 7301 return ret; 7302 7303 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) { 7304 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 7305 assoc_data->timeout_started = true; 7306 run_again(sdata, assoc_data->timeout); 7307 } else { 7308 assoc_data->timeout = 7309 round_jiffies_up(jiffies + 7310 IEEE80211_ASSOC_TIMEOUT_LONG); 7311 assoc_data->timeout_started = true; 7312 run_again(sdata, assoc_data->timeout); 7313 } 7314 7315 return 0; 7316 } 7317 7318 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 7319 __le16 fc, bool acked) 7320 { 7321 struct ieee80211_local *local = sdata->local; 7322 7323 sdata->u.mgd.status_fc = fc; 7324 sdata->u.mgd.status_acked = acked; 7325 sdata->u.mgd.status_received = true; 7326 7327 wiphy_work_queue(local->hw.wiphy, &sdata->work); 7328 } 7329 7330 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 7331 { 7332 struct ieee80211_local *local = sdata->local; 7333 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 7334 7335 lockdep_assert_wiphy(sdata->local->hw.wiphy); 7336 7337 if (ifmgd->status_received) { 7338 __le16 fc = ifmgd->status_fc; 7339 bool status_acked = ifmgd->status_acked; 7340 7341 ifmgd->status_received = false; 7342 if (ifmgd->auth_data && ieee80211_is_auth(fc)) { 7343 if (status_acked) { 7344 if (ifmgd->auth_data->algorithm == 7345 WLAN_AUTH_SAE) 7346 ifmgd->auth_data->timeout = 7347 jiffies + 7348 IEEE80211_AUTH_TIMEOUT_SAE; 7349 else 7350 ifmgd->auth_data->timeout = 7351 jiffies + 7352 IEEE80211_AUTH_TIMEOUT_SHORT; 7353 run_again(sdata, ifmgd->auth_data->timeout); 7354 } else { 7355 ifmgd->auth_data->timeout = jiffies - 1; 7356 } 7357 ifmgd->auth_data->timeout_started = true; 7358 } else if (ifmgd->assoc_data && 7359 !ifmgd->assoc_data->comeback && 7360 (ieee80211_is_assoc_req(fc) || 7361 ieee80211_is_reassoc_req(fc))) { 7362 /* 7363 * Update association timeout based on the TX status 7364 * for the (Re)Association Request frame. Skip this if 7365 * we have already processed a (Re)Association Response 7366 * frame that indicated need for association comeback 7367 * at a specific time in the future. This could happen 7368 * if the TX status information is delayed enough for 7369 * the response to be received and processed first. 7370 */ 7371 if (status_acked) { 7372 ifmgd->assoc_data->timeout = 7373 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 7374 run_again(sdata, ifmgd->assoc_data->timeout); 7375 } else { 7376 ifmgd->assoc_data->timeout = jiffies - 1; 7377 } 7378 ifmgd->assoc_data->timeout_started = true; 7379 } 7380 } 7381 7382 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 7383 time_after(jiffies, ifmgd->auth_data->timeout)) { 7384 if (ifmgd->auth_data->done || ifmgd->auth_data->waiting) { 7385 /* 7386 * ok ... we waited for assoc or continuation but 7387 * userspace didn't do it, so kill the auth data 7388 */ 7389 ieee80211_destroy_auth_data(sdata, false); 7390 } else if (ieee80211_auth(sdata)) { 7391 u8 ap_addr[ETH_ALEN]; 7392 struct ieee80211_event event = { 7393 .type = MLME_EVENT, 7394 .u.mlme.data = AUTH_EVENT, 7395 .u.mlme.status = MLME_TIMEOUT, 7396 }; 7397 7398 memcpy(ap_addr, ifmgd->auth_data->ap_addr, ETH_ALEN); 7399 7400 ieee80211_destroy_auth_data(sdata, false); 7401 7402 cfg80211_auth_timeout(sdata->dev, ap_addr); 7403 drv_event_callback(sdata->local, sdata, &event); 7404 } 7405 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 7406 run_again(sdata, ifmgd->auth_data->timeout); 7407 7408 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 7409 time_after(jiffies, ifmgd->assoc_data->timeout)) { 7410 if ((ifmgd->assoc_data->need_beacon && 7411 !sdata->deflink.u.mgd.have_beacon) || 7412 ieee80211_do_assoc(sdata)) { 7413 struct ieee80211_event event = { 7414 .type = MLME_EVENT, 7415 .u.mlme.data = ASSOC_EVENT, 7416 .u.mlme.status = MLME_TIMEOUT, 7417 }; 7418 7419 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT); 7420 drv_event_callback(sdata->local, sdata, &event); 7421 } 7422 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 7423 run_again(sdata, ifmgd->assoc_data->timeout); 7424 7425 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL && 7426 ifmgd->associated) { 7427 u8 *bssid = sdata->deflink.u.mgd.bssid; 7428 int max_tries; 7429 7430 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 7431 max_tries = max_nullfunc_tries; 7432 else 7433 max_tries = max_probe_tries; 7434 7435 /* ACK received for nullfunc probing frame */ 7436 if (!ifmgd->probe_send_count) 7437 ieee80211_reset_ap_probe(sdata); 7438 else if (ifmgd->nullfunc_failed) { 7439 if (ifmgd->probe_send_count < max_tries) { 7440 mlme_dbg(sdata, 7441 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 7442 bssid, ifmgd->probe_send_count, 7443 max_tries); 7444 ieee80211_mgd_probe_ap_send(sdata); 7445 } else { 7446 mlme_dbg(sdata, 7447 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 7448 bssid); 7449 ieee80211_sta_connection_lost(sdata, 7450 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 7451 false); 7452 } 7453 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 7454 run_again(sdata, ifmgd->probe_timeout); 7455 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) { 7456 mlme_dbg(sdata, 7457 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 7458 bssid, probe_wait_ms); 7459 ieee80211_sta_connection_lost(sdata, 7460 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 7461 } else if (ifmgd->probe_send_count < max_tries) { 7462 mlme_dbg(sdata, 7463 "No probe response from AP %pM after %dms, try %d/%i\n", 7464 bssid, probe_wait_ms, 7465 ifmgd->probe_send_count, max_tries); 7466 ieee80211_mgd_probe_ap_send(sdata); 7467 } else { 7468 /* 7469 * We actually lost the connection ... or did we? 7470 * Let's make sure! 7471 */ 7472 mlme_dbg(sdata, 7473 "No probe response from AP %pM after %dms, disconnecting.\n", 7474 bssid, probe_wait_ms); 7475 7476 ieee80211_sta_connection_lost(sdata, 7477 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 7478 } 7479 } 7480 } 7481 7482 static void ieee80211_sta_bcn_mon_timer(struct timer_list *t) 7483 { 7484 struct ieee80211_sub_if_data *sdata = 7485 from_timer(sdata, t, u.mgd.bcn_mon_timer); 7486 7487 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif))) 7488 return; 7489 7490 if (sdata->vif.bss_conf.csa_active && 7491 !sdata->deflink.u.mgd.csa_waiting_bcn) 7492 return; 7493 7494 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 7495 return; 7496 7497 sdata->u.mgd.connection_loss = false; 7498 wiphy_work_queue(sdata->local->hw.wiphy, 7499 &sdata->u.mgd.beacon_connection_loss_work); 7500 } 7501 7502 static void ieee80211_sta_conn_mon_timer(struct timer_list *t) 7503 { 7504 struct ieee80211_sub_if_data *sdata = 7505 from_timer(sdata, t, u.mgd.conn_mon_timer); 7506 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 7507 struct ieee80211_local *local = sdata->local; 7508 struct sta_info *sta; 7509 unsigned long timeout; 7510 7511 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif))) 7512 return; 7513 7514 if (sdata->vif.bss_conf.csa_active && 7515 !sdata->deflink.u.mgd.csa_waiting_bcn) 7516 return; 7517 7518 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr); 7519 if (!sta) 7520 return; 7521 7522 timeout = sta->deflink.status_stats.last_ack; 7523 if (time_before(sta->deflink.status_stats.last_ack, sta->deflink.rx_stats.last_rx)) 7524 timeout = sta->deflink.rx_stats.last_rx; 7525 timeout += IEEE80211_CONNECTION_IDLE_TIME; 7526 7527 /* If timeout is after now, then update timer to fire at 7528 * the later date, but do not actually probe at this time. 7529 */ 7530 if (time_is_after_jiffies(timeout)) { 7531 mod_timer(&ifmgd->conn_mon_timer, round_jiffies_up(timeout)); 7532 return; 7533 } 7534 7535 wiphy_work_queue(local->hw.wiphy, &sdata->u.mgd.monitor_work); 7536 } 7537 7538 static void ieee80211_sta_monitor_work(struct wiphy *wiphy, 7539 struct wiphy_work *work) 7540 { 7541 struct ieee80211_sub_if_data *sdata = 7542 container_of(work, struct ieee80211_sub_if_data, 7543 u.mgd.monitor_work); 7544 7545 ieee80211_mgd_probe_ap(sdata, false); 7546 } 7547 7548 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 7549 { 7550 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 7551 __ieee80211_stop_poll(sdata); 7552 7553 /* let's probe the connection once */ 7554 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 7555 wiphy_work_queue(sdata->local->hw.wiphy, 7556 &sdata->u.mgd.monitor_work); 7557 } 7558 } 7559 7560 #ifdef CONFIG_PM 7561 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata) 7562 { 7563 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 7564 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 7565 7566 lockdep_assert_wiphy(sdata->local->hw.wiphy); 7567 7568 if (ifmgd->auth_data || ifmgd->assoc_data) { 7569 const u8 *ap_addr = ifmgd->auth_data ? 7570 ifmgd->auth_data->ap_addr : 7571 ifmgd->assoc_data->ap_addr; 7572 7573 /* 7574 * If we are trying to authenticate / associate while suspending, 7575 * cfg80211 won't know and won't actually abort those attempts, 7576 * thus we need to do that ourselves. 7577 */ 7578 ieee80211_send_deauth_disassoc(sdata, ap_addr, ap_addr, 7579 IEEE80211_STYPE_DEAUTH, 7580 WLAN_REASON_DEAUTH_LEAVING, 7581 false, frame_buf); 7582 if (ifmgd->assoc_data) 7583 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON); 7584 if (ifmgd->auth_data) 7585 ieee80211_destroy_auth_data(sdata, false); 7586 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 7587 IEEE80211_DEAUTH_FRAME_LEN, 7588 false); 7589 } 7590 7591 /* This is a bit of a hack - we should find a better and more generic 7592 * solution to this. Normally when suspending, cfg80211 will in fact 7593 * deauthenticate. However, it doesn't (and cannot) stop an ongoing 7594 * auth (not so important) or assoc (this is the problem) process. 7595 * 7596 * As a consequence, it can happen that we are in the process of both 7597 * associating and suspending, and receive an association response 7598 * after cfg80211 has checked if it needs to disconnect, but before 7599 * we actually set the flag to drop incoming frames. This will then 7600 * cause the workqueue flush to process the association response in 7601 * the suspend, resulting in a successful association just before it 7602 * tries to remove the interface from the driver, which now though 7603 * has a channel context assigned ... this results in issues. 7604 * 7605 * To work around this (for now) simply deauth here again if we're 7606 * now connected. 7607 */ 7608 if (ifmgd->associated && !sdata->local->wowlan) { 7609 u8 bssid[ETH_ALEN]; 7610 struct cfg80211_deauth_request req = { 7611 .reason_code = WLAN_REASON_DEAUTH_LEAVING, 7612 .bssid = bssid, 7613 }; 7614 7615 memcpy(bssid, sdata->vif.cfg.ap_addr, ETH_ALEN); 7616 ieee80211_mgd_deauth(sdata, &req); 7617 } 7618 } 7619 #endif 7620 7621 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 7622 { 7623 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 7624 7625 lockdep_assert_wiphy(sdata->local->hw.wiphy); 7626 7627 if (!ifmgd->associated) 7628 return; 7629 7630 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 7631 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 7632 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 7633 ieee80211_sta_connection_lost(sdata, 7634 WLAN_REASON_UNSPECIFIED, 7635 true); 7636 return; 7637 } 7638 7639 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_HW_RESTART) { 7640 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_HW_RESTART; 7641 mlme_dbg(sdata, "driver requested disconnect after hardware restart\n"); 7642 ieee80211_sta_connection_lost(sdata, 7643 WLAN_REASON_UNSPECIFIED, 7644 true); 7645 return; 7646 } 7647 } 7648 7649 static void ieee80211_request_smps_mgd_work(struct wiphy *wiphy, 7650 struct wiphy_work *work) 7651 { 7652 struct ieee80211_link_data *link = 7653 container_of(work, struct ieee80211_link_data, 7654 u.mgd.request_smps_work); 7655 7656 __ieee80211_request_smps_mgd(link->sdata, link, 7657 link->u.mgd.driver_smps_mode); 7658 } 7659 7660 /* interface setup */ 7661 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 7662 { 7663 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 7664 7665 wiphy_work_init(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 7666 wiphy_work_init(&ifmgd->beacon_connection_loss_work, 7667 ieee80211_beacon_connection_loss_work); 7668 wiphy_work_init(&ifmgd->csa_connection_drop_work, 7669 ieee80211_csa_connection_drop_work); 7670 wiphy_delayed_work_init(&ifmgd->tdls_peer_del_work, 7671 ieee80211_tdls_peer_del_work); 7672 wiphy_delayed_work_init(&ifmgd->ml_reconf_work, 7673 ieee80211_ml_reconf_work); 7674 timer_setup(&ifmgd->timer, ieee80211_sta_timer, 0); 7675 timer_setup(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 0); 7676 timer_setup(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 0); 7677 wiphy_delayed_work_init(&ifmgd->tx_tspec_wk, 7678 ieee80211_sta_handle_tspec_ac_params_wk); 7679 wiphy_delayed_work_init(&ifmgd->ttlm_work, 7680 ieee80211_tid_to_link_map_work); 7681 wiphy_delayed_work_init(&ifmgd->neg_ttlm_timeout_work, 7682 ieee80211_neg_ttlm_timeout_work); 7683 wiphy_work_init(&ifmgd->teardown_ttlm_work, 7684 ieee80211_teardown_ttlm_work); 7685 7686 ifmgd->flags = 0; 7687 ifmgd->powersave = sdata->wdev.ps; 7688 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 7689 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 7690 /* Setup TDLS data */ 7691 spin_lock_init(&ifmgd->teardown_lock); 7692 ifmgd->teardown_skb = NULL; 7693 ifmgd->orig_teardown_skb = NULL; 7694 ifmgd->mcast_seq_last = IEEE80211_SN_MODULO; 7695 } 7696 7697 static void ieee80211_recalc_smps_work(struct wiphy *wiphy, 7698 struct wiphy_work *work) 7699 { 7700 struct ieee80211_link_data *link = 7701 container_of(work, struct ieee80211_link_data, 7702 u.mgd.recalc_smps); 7703 7704 ieee80211_recalc_smps(link->sdata, link); 7705 } 7706 7707 void ieee80211_mgd_setup_link(struct ieee80211_link_data *link) 7708 { 7709 struct ieee80211_sub_if_data *sdata = link->sdata; 7710 struct ieee80211_local *local = sdata->local; 7711 unsigned int link_id = link->link_id; 7712 7713 link->u.mgd.p2p_noa_index = -1; 7714 link->conf->bssid = link->u.mgd.bssid; 7715 link->smps_mode = IEEE80211_SMPS_OFF; 7716 7717 wiphy_work_init(&link->u.mgd.request_smps_work, 7718 ieee80211_request_smps_mgd_work); 7719 wiphy_work_init(&link->u.mgd.recalc_smps, 7720 ieee80211_recalc_smps_work); 7721 if (local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS) 7722 link->u.mgd.req_smps = IEEE80211_SMPS_AUTOMATIC; 7723 else 7724 link->u.mgd.req_smps = IEEE80211_SMPS_OFF; 7725 7726 wiphy_delayed_work_init(&link->u.mgd.chswitch_work, 7727 ieee80211_chswitch_work); 7728 7729 ieee80211_clear_tpe(&link->conf->tpe); 7730 7731 if (sdata->u.mgd.assoc_data) 7732 ether_addr_copy(link->conf->addr, 7733 sdata->u.mgd.assoc_data->link[link_id].addr); 7734 else if (!is_valid_ether_addr(link->conf->addr)) 7735 eth_random_addr(link->conf->addr); 7736 } 7737 7738 /* scan finished notification */ 7739 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 7740 { 7741 struct ieee80211_sub_if_data *sdata; 7742 7743 /* Restart STA timers */ 7744 rcu_read_lock(); 7745 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 7746 if (ieee80211_sdata_running(sdata)) 7747 ieee80211_restart_sta_timer(sdata); 7748 } 7749 rcu_read_unlock(); 7750 } 7751 7752 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 7753 struct cfg80211_bss *cbss, s8 link_id, 7754 const u8 *ap_mld_addr, bool assoc, 7755 struct ieee80211_conn_settings *conn, 7756 bool override) 7757 { 7758 struct ieee80211_local *local = sdata->local; 7759 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 7760 struct ieee80211_bss *bss = (void *)cbss->priv; 7761 struct sta_info *new_sta = NULL; 7762 struct ieee80211_link_data *link; 7763 bool have_sta = false; 7764 bool mlo; 7765 int err; 7766 7767 if (link_id >= 0) { 7768 mlo = true; 7769 if (WARN_ON(!ap_mld_addr)) 7770 return -EINVAL; 7771 err = ieee80211_vif_set_links(sdata, BIT(link_id), 0); 7772 } else { 7773 if (WARN_ON(ap_mld_addr)) 7774 return -EINVAL; 7775 ap_mld_addr = cbss->bssid; 7776 err = ieee80211_vif_set_links(sdata, 0, 0); 7777 link_id = 0; 7778 mlo = false; 7779 } 7780 7781 if (err) 7782 return err; 7783 7784 link = sdata_dereference(sdata->link[link_id], sdata); 7785 if (WARN_ON(!link)) { 7786 err = -ENOLINK; 7787 goto out_err; 7788 } 7789 7790 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) { 7791 err = -EINVAL; 7792 goto out_err; 7793 } 7794 7795 /* If a reconfig is happening, bail out */ 7796 if (local->in_reconfig) { 7797 err = -EBUSY; 7798 goto out_err; 7799 } 7800 7801 if (assoc) { 7802 rcu_read_lock(); 7803 have_sta = sta_info_get(sdata, ap_mld_addr); 7804 rcu_read_unlock(); 7805 } 7806 7807 if (!have_sta) { 7808 if (mlo) 7809 new_sta = sta_info_alloc_with_link(sdata, ap_mld_addr, 7810 link_id, cbss->bssid, 7811 GFP_KERNEL); 7812 else 7813 new_sta = sta_info_alloc(sdata, ap_mld_addr, GFP_KERNEL); 7814 7815 if (!new_sta) { 7816 err = -ENOMEM; 7817 goto out_err; 7818 } 7819 7820 new_sta->sta.mlo = mlo; 7821 } 7822 7823 /* 7824 * Set up the information for the new channel before setting the 7825 * new channel. We can't - completely race-free - change the basic 7826 * rates bitmap and the channel (sband) that it refers to, but if 7827 * we set it up before we at least avoid calling into the driver's 7828 * bss_info_changed() method with invalid information (since we do 7829 * call that from changing the channel - only for IDLE and perhaps 7830 * some others, but ...). 7831 * 7832 * So to avoid that, just set up all the new information before the 7833 * channel, but tell the driver to apply it only afterwards, since 7834 * it might need the new channel for that. 7835 */ 7836 if (new_sta) { 7837 const struct cfg80211_bss_ies *ies; 7838 struct link_sta_info *link_sta; 7839 7840 rcu_read_lock(); 7841 link_sta = rcu_dereference(new_sta->link[link_id]); 7842 if (WARN_ON(!link_sta)) { 7843 rcu_read_unlock(); 7844 sta_info_free(local, new_sta); 7845 err = -EINVAL; 7846 goto out_err; 7847 } 7848 7849 err = ieee80211_mgd_setup_link_sta(link, new_sta, 7850 link_sta, cbss); 7851 if (err) { 7852 rcu_read_unlock(); 7853 sta_info_free(local, new_sta); 7854 goto out_err; 7855 } 7856 7857 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN); 7858 7859 /* set timing information */ 7860 link->conf->beacon_int = cbss->beacon_interval; 7861 ies = rcu_dereference(cbss->beacon_ies); 7862 if (ies) { 7863 link->conf->sync_tsf = ies->tsf; 7864 link->conf->sync_device_ts = 7865 bss->device_ts_beacon; 7866 7867 ieee80211_get_dtim(ies, 7868 &link->conf->sync_dtim_count, 7869 NULL); 7870 } else if (!ieee80211_hw_check(&sdata->local->hw, 7871 TIMING_BEACON_ONLY)) { 7872 ies = rcu_dereference(cbss->proberesp_ies); 7873 /* must be non-NULL since beacon IEs were NULL */ 7874 link->conf->sync_tsf = ies->tsf; 7875 link->conf->sync_device_ts = 7876 bss->device_ts_presp; 7877 link->conf->sync_dtim_count = 0; 7878 } else { 7879 link->conf->sync_tsf = 0; 7880 link->conf->sync_device_ts = 0; 7881 link->conf->sync_dtim_count = 0; 7882 } 7883 rcu_read_unlock(); 7884 } 7885 7886 if (new_sta || override) { 7887 /* 7888 * Only set this if we're also going to calculate the AP 7889 * settings etc., otherwise this was set before in a 7890 * previous call. Note override is set to %true in assoc 7891 * if the settings were changed. 7892 */ 7893 link->u.mgd.conn = *conn; 7894 err = ieee80211_prep_channel(sdata, link, link->link_id, cbss, 7895 mlo, &link->u.mgd.conn); 7896 if (err) { 7897 if (new_sta) 7898 sta_info_free(local, new_sta); 7899 goto out_err; 7900 } 7901 /* pass out for use in assoc */ 7902 *conn = link->u.mgd.conn; 7903 } 7904 7905 if (new_sta) { 7906 /* 7907 * tell driver about BSSID, basic rates and timing 7908 * this was set up above, before setting the channel 7909 */ 7910 ieee80211_link_info_change_notify(sdata, link, 7911 BSS_CHANGED_BSSID | 7912 BSS_CHANGED_BASIC_RATES | 7913 BSS_CHANGED_BEACON_INT); 7914 7915 if (assoc) 7916 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 7917 7918 err = sta_info_insert(new_sta); 7919 new_sta = NULL; 7920 if (err) { 7921 sdata_info(sdata, 7922 "failed to insert STA entry for the AP (error %d)\n", 7923 err); 7924 goto out_release_chan; 7925 } 7926 } else 7927 WARN_ON_ONCE(!ether_addr_equal(link->u.mgd.bssid, cbss->bssid)); 7928 7929 /* Cancel scan to ensure that nothing interferes with connection */ 7930 if (local->scanning) 7931 ieee80211_scan_cancel(local); 7932 7933 return 0; 7934 7935 out_release_chan: 7936 ieee80211_link_release_channel(link); 7937 out_err: 7938 ieee80211_vif_set_links(sdata, 0, 0); 7939 return err; 7940 } 7941 7942 static bool ieee80211_mgd_csa_present(struct ieee80211_sub_if_data *sdata, 7943 const struct cfg80211_bss_ies *ies, 7944 u8 cur_channel, bool ignore_ecsa) 7945 { 7946 const struct element *csa_elem, *ecsa_elem; 7947 struct ieee80211_channel_sw_ie *csa = NULL; 7948 struct ieee80211_ext_chansw_ie *ecsa = NULL; 7949 7950 if (!ies) 7951 return false; 7952 7953 csa_elem = cfg80211_find_elem(WLAN_EID_CHANNEL_SWITCH, 7954 ies->data, ies->len); 7955 if (csa_elem && csa_elem->datalen == sizeof(*csa)) 7956 csa = (void *)csa_elem->data; 7957 7958 ecsa_elem = cfg80211_find_elem(WLAN_EID_EXT_CHANSWITCH_ANN, 7959 ies->data, ies->len); 7960 if (ecsa_elem && ecsa_elem->datalen == sizeof(*ecsa)) 7961 ecsa = (void *)ecsa_elem->data; 7962 7963 if (csa && csa->count == 0) 7964 csa = NULL; 7965 if (csa && !csa->mode && csa->new_ch_num == cur_channel) 7966 csa = NULL; 7967 7968 if (ecsa && ecsa->count == 0) 7969 ecsa = NULL; 7970 if (ecsa && !ecsa->mode && ecsa->new_ch_num == cur_channel) 7971 ecsa = NULL; 7972 7973 if (ignore_ecsa && ecsa) { 7974 sdata_info(sdata, 7975 "Ignoring ECSA in probe response - was considered stuck!\n"); 7976 return csa; 7977 } 7978 7979 return csa || ecsa; 7980 } 7981 7982 static bool ieee80211_mgd_csa_in_process(struct ieee80211_sub_if_data *sdata, 7983 struct cfg80211_bss *bss) 7984 { 7985 u8 cur_channel; 7986 bool ret; 7987 7988 cur_channel = ieee80211_frequency_to_channel(bss->channel->center_freq); 7989 7990 rcu_read_lock(); 7991 if (ieee80211_mgd_csa_present(sdata, 7992 rcu_dereference(bss->beacon_ies), 7993 cur_channel, false)) { 7994 ret = true; 7995 goto out; 7996 } 7997 7998 if (ieee80211_mgd_csa_present(sdata, 7999 rcu_dereference(bss->proberesp_ies), 8000 cur_channel, bss->proberesp_ecsa_stuck)) { 8001 ret = true; 8002 goto out; 8003 } 8004 8005 ret = false; 8006 out: 8007 rcu_read_unlock(); 8008 return ret; 8009 } 8010 8011 /* config hooks */ 8012 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 8013 struct cfg80211_auth_request *req) 8014 { 8015 struct ieee80211_local *local = sdata->local; 8016 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 8017 struct ieee80211_mgd_auth_data *auth_data; 8018 struct ieee80211_conn_settings conn; 8019 struct ieee80211_link_data *link; 8020 struct ieee80211_supported_band *sband; 8021 struct ieee80211_bss *bss; 8022 u16 auth_alg; 8023 int err; 8024 bool cont_auth, wmm_used; 8025 8026 lockdep_assert_wiphy(sdata->local->hw.wiphy); 8027 8028 /* prepare auth data structure */ 8029 8030 switch (req->auth_type) { 8031 case NL80211_AUTHTYPE_OPEN_SYSTEM: 8032 auth_alg = WLAN_AUTH_OPEN; 8033 break; 8034 case NL80211_AUTHTYPE_SHARED_KEY: 8035 if (fips_enabled) 8036 return -EOPNOTSUPP; 8037 auth_alg = WLAN_AUTH_SHARED_KEY; 8038 break; 8039 case NL80211_AUTHTYPE_FT: 8040 auth_alg = WLAN_AUTH_FT; 8041 break; 8042 case NL80211_AUTHTYPE_NETWORK_EAP: 8043 auth_alg = WLAN_AUTH_LEAP; 8044 break; 8045 case NL80211_AUTHTYPE_SAE: 8046 auth_alg = WLAN_AUTH_SAE; 8047 break; 8048 case NL80211_AUTHTYPE_FILS_SK: 8049 auth_alg = WLAN_AUTH_FILS_SK; 8050 break; 8051 case NL80211_AUTHTYPE_FILS_SK_PFS: 8052 auth_alg = WLAN_AUTH_FILS_SK_PFS; 8053 break; 8054 case NL80211_AUTHTYPE_FILS_PK: 8055 auth_alg = WLAN_AUTH_FILS_PK; 8056 break; 8057 default: 8058 return -EOPNOTSUPP; 8059 } 8060 8061 if (ifmgd->assoc_data) 8062 return -EBUSY; 8063 8064 if (ieee80211_mgd_csa_in_process(sdata, req->bss)) { 8065 sdata_info(sdata, "AP is in CSA process, reject auth\n"); 8066 return -EINVAL; 8067 } 8068 8069 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len + 8070 req->ie_len, GFP_KERNEL); 8071 if (!auth_data) 8072 return -ENOMEM; 8073 8074 memcpy(auth_data->ap_addr, 8075 req->ap_mld_addr ?: req->bss->bssid, 8076 ETH_ALEN); 8077 auth_data->bss = req->bss; 8078 auth_data->link_id = req->link_id; 8079 8080 if (req->auth_data_len >= 4) { 8081 if (req->auth_type == NL80211_AUTHTYPE_SAE) { 8082 __le16 *pos = (__le16 *) req->auth_data; 8083 8084 auth_data->sae_trans = le16_to_cpu(pos[0]); 8085 auth_data->sae_status = le16_to_cpu(pos[1]); 8086 } 8087 memcpy(auth_data->data, req->auth_data + 4, 8088 req->auth_data_len - 4); 8089 auth_data->data_len += req->auth_data_len - 4; 8090 } 8091 8092 /* Check if continuing authentication or trying to authenticate with the 8093 * same BSS that we were in the process of authenticating with and avoid 8094 * removal and re-addition of the STA entry in 8095 * ieee80211_prep_connection(). 8096 */ 8097 cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss && 8098 ifmgd->auth_data->link_id == req->link_id; 8099 8100 if (req->ie && req->ie_len) { 8101 memcpy(&auth_data->data[auth_data->data_len], 8102 req->ie, req->ie_len); 8103 auth_data->data_len += req->ie_len; 8104 } 8105 8106 if (req->key && req->key_len) { 8107 auth_data->key_len = req->key_len; 8108 auth_data->key_idx = req->key_idx; 8109 memcpy(auth_data->key, req->key, req->key_len); 8110 } 8111 8112 auth_data->algorithm = auth_alg; 8113 8114 /* try to authenticate/probe */ 8115 8116 if (ifmgd->auth_data) { 8117 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) { 8118 auth_data->peer_confirmed = 8119 ifmgd->auth_data->peer_confirmed; 8120 } 8121 ieee80211_destroy_auth_data(sdata, cont_auth); 8122 } 8123 8124 /* prep auth_data so we don't go into idle on disassoc */ 8125 ifmgd->auth_data = auth_data; 8126 8127 /* If this is continuation of an ongoing SAE authentication exchange 8128 * (i.e., request to send SAE Confirm) and the peer has already 8129 * confirmed, mark authentication completed since we are about to send 8130 * out SAE Confirm. 8131 */ 8132 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE && 8133 auth_data->peer_confirmed && auth_data->sae_trans == 2) 8134 ieee80211_mark_sta_auth(sdata); 8135 8136 if (ifmgd->associated) { 8137 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 8138 8139 sdata_info(sdata, 8140 "disconnect from AP %pM for new auth to %pM\n", 8141 sdata->vif.cfg.ap_addr, auth_data->ap_addr); 8142 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 8143 WLAN_REASON_UNSPECIFIED, 8144 false, frame_buf); 8145 8146 ieee80211_report_disconnect(sdata, frame_buf, 8147 sizeof(frame_buf), true, 8148 WLAN_REASON_UNSPECIFIED, 8149 false); 8150 } 8151 8152 /* needed for transmitting the auth frame(s) properly */ 8153 memcpy(sdata->vif.cfg.ap_addr, auth_data->ap_addr, ETH_ALEN); 8154 8155 bss = (void *)req->bss->priv; 8156 wmm_used = bss->wmm_used && (local->hw.queues >= IEEE80211_NUM_ACS); 8157 8158 sband = local->hw.wiphy->bands[req->bss->channel->band]; 8159 8160 ieee80211_determine_our_sta_mode_auth(sdata, sband, req, wmm_used, 8161 &conn); 8162 8163 err = ieee80211_prep_connection(sdata, req->bss, req->link_id, 8164 req->ap_mld_addr, cont_auth, 8165 &conn, false); 8166 if (err) 8167 goto err_clear; 8168 8169 if (req->link_id >= 0) 8170 link = sdata_dereference(sdata->link[req->link_id], sdata); 8171 else 8172 link = &sdata->deflink; 8173 8174 if (WARN_ON(!link)) { 8175 err = -ENOLINK; 8176 goto err_clear; 8177 } 8178 8179 sdata_info(sdata, "authenticate with %pM (local address=%pM)\n", 8180 auth_data->ap_addr, link->conf->addr); 8181 8182 err = ieee80211_auth(sdata); 8183 if (err) { 8184 sta_info_destroy_addr(sdata, auth_data->ap_addr); 8185 goto err_clear; 8186 } 8187 8188 /* hold our own reference */ 8189 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 8190 return 0; 8191 8192 err_clear: 8193 if (!ieee80211_vif_is_mld(&sdata->vif)) { 8194 eth_zero_addr(sdata->deflink.u.mgd.bssid); 8195 ieee80211_link_info_change_notify(sdata, &sdata->deflink, 8196 BSS_CHANGED_BSSID); 8197 ieee80211_link_release_channel(&sdata->deflink); 8198 } 8199 ifmgd->auth_data = NULL; 8200 kfree(auth_data); 8201 return err; 8202 } 8203 8204 static void 8205 ieee80211_setup_assoc_link(struct ieee80211_sub_if_data *sdata, 8206 struct ieee80211_mgd_assoc_data *assoc_data, 8207 struct cfg80211_assoc_request *req, 8208 struct ieee80211_conn_settings *conn, 8209 unsigned int link_id) 8210 { 8211 struct ieee80211_local *local = sdata->local; 8212 const struct cfg80211_bss_ies *bss_ies; 8213 struct ieee80211_supported_band *sband; 8214 struct ieee80211_link_data *link; 8215 struct cfg80211_bss *cbss; 8216 struct ieee80211_bss *bss; 8217 8218 cbss = assoc_data->link[link_id].bss; 8219 if (WARN_ON(!cbss)) 8220 return; 8221 8222 bss = (void *)cbss->priv; 8223 8224 sband = local->hw.wiphy->bands[cbss->channel->band]; 8225 if (WARN_ON(!sband)) 8226 return; 8227 8228 link = sdata_dereference(sdata->link[link_id], sdata); 8229 if (WARN_ON(!link)) 8230 return; 8231 8232 /* for MLO connections assume advertising all rates is OK */ 8233 if (!req->ap_mld_addr) { 8234 assoc_data->supp_rates = bss->supp_rates; 8235 assoc_data->supp_rates_len = bss->supp_rates_len; 8236 } 8237 8238 /* copy and link elems for the STA profile */ 8239 if (req->links[link_id].elems_len) { 8240 memcpy(assoc_data->ie_pos, req->links[link_id].elems, 8241 req->links[link_id].elems_len); 8242 assoc_data->link[link_id].elems = assoc_data->ie_pos; 8243 assoc_data->link[link_id].elems_len = req->links[link_id].elems_len; 8244 assoc_data->ie_pos += req->links[link_id].elems_len; 8245 } 8246 8247 link->u.mgd.beacon_crc_valid = false; 8248 link->u.mgd.dtim_period = 0; 8249 link->u.mgd.have_beacon = false; 8250 8251 /* override HT configuration only if the AP and we support it */ 8252 if (conn->mode >= IEEE80211_CONN_MODE_HT) { 8253 struct ieee80211_sta_ht_cap sta_ht_cap; 8254 8255 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap)); 8256 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap); 8257 } 8258 8259 rcu_read_lock(); 8260 bss_ies = rcu_dereference(cbss->beacon_ies); 8261 if (bss_ies) { 8262 u8 dtim_count = 0; 8263 8264 ieee80211_get_dtim(bss_ies, &dtim_count, 8265 &link->u.mgd.dtim_period); 8266 8267 sdata->deflink.u.mgd.have_beacon = true; 8268 8269 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) { 8270 link->conf->sync_tsf = bss_ies->tsf; 8271 link->conf->sync_device_ts = bss->device_ts_beacon; 8272 link->conf->sync_dtim_count = dtim_count; 8273 } 8274 } else { 8275 bss_ies = rcu_dereference(cbss->ies); 8276 } 8277 8278 if (bss_ies) { 8279 const struct element *elem; 8280 8281 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION, 8282 bss_ies->data, bss_ies->len); 8283 if (elem && elem->datalen >= 3) 8284 link->conf->profile_periodicity = elem->data[2]; 8285 else 8286 link->conf->profile_periodicity = 0; 8287 8288 elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY, 8289 bss_ies->data, bss_ies->len); 8290 if (elem && elem->datalen >= 11 && 8291 (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT)) 8292 link->conf->ema_ap = true; 8293 else 8294 link->conf->ema_ap = false; 8295 } 8296 rcu_read_unlock(); 8297 8298 if (bss->corrupt_data) { 8299 char *corrupt_type = "data"; 8300 8301 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 8302 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 8303 corrupt_type = "beacon and probe response"; 8304 else 8305 corrupt_type = "beacon"; 8306 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) { 8307 corrupt_type = "probe response"; 8308 } 8309 sdata_info(sdata, "associating to AP %pM with corrupt %s\n", 8310 cbss->bssid, corrupt_type); 8311 } 8312 8313 if (link->u.mgd.req_smps == IEEE80211_SMPS_AUTOMATIC) { 8314 if (sdata->u.mgd.powersave) 8315 link->smps_mode = IEEE80211_SMPS_DYNAMIC; 8316 else 8317 link->smps_mode = IEEE80211_SMPS_OFF; 8318 } else { 8319 link->smps_mode = link->u.mgd.req_smps; 8320 } 8321 } 8322 8323 static int 8324 ieee80211_mgd_get_ap_ht_vht_capa(struct ieee80211_sub_if_data *sdata, 8325 struct ieee80211_mgd_assoc_data *assoc_data, 8326 int link_id) 8327 { 8328 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss; 8329 enum nl80211_band band = cbss->channel->band; 8330 struct ieee80211_supported_band *sband; 8331 const struct element *elem; 8332 int err; 8333 8334 /* neither HT nor VHT elements used on 6 GHz */ 8335 if (band == NL80211_BAND_6GHZ) 8336 return 0; 8337 8338 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_HT) 8339 return 0; 8340 8341 rcu_read_lock(); 8342 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_OPERATION); 8343 if (!elem || elem->datalen < sizeof(struct ieee80211_ht_operation)) { 8344 mlme_link_id_dbg(sdata, link_id, "no HT operation on BSS %pM\n", 8345 cbss->bssid); 8346 err = -EINVAL; 8347 goto out_rcu; 8348 } 8349 assoc_data->link[link_id].ap_ht_param = 8350 ((struct ieee80211_ht_operation *)(elem->data))->ht_param; 8351 rcu_read_unlock(); 8352 8353 if (assoc_data->link[link_id].conn.mode < IEEE80211_CONN_MODE_VHT) 8354 return 0; 8355 8356 /* some drivers want to support VHT on 2.4 GHz even */ 8357 sband = sdata->local->hw.wiphy->bands[band]; 8358 if (!sband->vht_cap.vht_supported) 8359 return 0; 8360 8361 rcu_read_lock(); 8362 elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY); 8363 /* but even then accept it not being present on the AP */ 8364 if (!elem && band == NL80211_BAND_2GHZ) { 8365 err = 0; 8366 goto out_rcu; 8367 } 8368 if (!elem || elem->datalen < sizeof(struct ieee80211_vht_cap)) { 8369 mlme_link_id_dbg(sdata, link_id, "no VHT capa on BSS %pM\n", 8370 cbss->bssid); 8371 err = -EINVAL; 8372 goto out_rcu; 8373 } 8374 memcpy(&assoc_data->link[link_id].ap_vht_cap, elem->data, 8375 sizeof(struct ieee80211_vht_cap)); 8376 rcu_read_unlock(); 8377 8378 return 0; 8379 out_rcu: 8380 rcu_read_unlock(); 8381 return err; 8382 } 8383 8384 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 8385 struct cfg80211_assoc_request *req) 8386 { 8387 unsigned int assoc_link_id = req->link_id < 0 ? 0 : req->link_id; 8388 struct ieee80211_local *local = sdata->local; 8389 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 8390 struct ieee80211_mgd_assoc_data *assoc_data; 8391 const struct element *ssid_elem; 8392 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg; 8393 struct ieee80211_link_data *link; 8394 struct cfg80211_bss *cbss; 8395 bool override, uapsd_supported; 8396 bool match_auth; 8397 int i, err; 8398 size_t size = sizeof(*assoc_data) + req->ie_len; 8399 8400 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) 8401 size += req->links[i].elems_len; 8402 8403 /* FIXME: no support for 4-addr MLO yet */ 8404 if (sdata->u.mgd.use_4addr && req->link_id >= 0) 8405 return -EOPNOTSUPP; 8406 8407 assoc_data = kzalloc(size, GFP_KERNEL); 8408 if (!assoc_data) 8409 return -ENOMEM; 8410 8411 cbss = req->link_id < 0 ? req->bss : req->links[req->link_id].bss; 8412 8413 if (ieee80211_mgd_csa_in_process(sdata, cbss)) { 8414 sdata_info(sdata, "AP is in CSA process, reject assoc\n"); 8415 err = -EINVAL; 8416 goto err_free; 8417 } 8418 8419 rcu_read_lock(); 8420 ssid_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID); 8421 if (!ssid_elem || ssid_elem->datalen > sizeof(assoc_data->ssid)) { 8422 rcu_read_unlock(); 8423 err = -EINVAL; 8424 goto err_free; 8425 } 8426 8427 memcpy(assoc_data->ssid, ssid_elem->data, ssid_elem->datalen); 8428 assoc_data->ssid_len = ssid_elem->datalen; 8429 rcu_read_unlock(); 8430 8431 if (req->ap_mld_addr) 8432 memcpy(assoc_data->ap_addr, req->ap_mld_addr, ETH_ALEN); 8433 else 8434 memcpy(assoc_data->ap_addr, cbss->bssid, ETH_ALEN); 8435 8436 if (ifmgd->associated) { 8437 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 8438 8439 sdata_info(sdata, 8440 "disconnect from AP %pM for new assoc to %pM\n", 8441 sdata->vif.cfg.ap_addr, assoc_data->ap_addr); 8442 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 8443 WLAN_REASON_UNSPECIFIED, 8444 false, frame_buf); 8445 8446 ieee80211_report_disconnect(sdata, frame_buf, 8447 sizeof(frame_buf), true, 8448 WLAN_REASON_UNSPECIFIED, 8449 false); 8450 } 8451 8452 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 8453 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 8454 sizeof(ifmgd->ht_capa_mask)); 8455 8456 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 8457 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 8458 sizeof(ifmgd->vht_capa_mask)); 8459 8460 memcpy(&ifmgd->s1g_capa, &req->s1g_capa, sizeof(ifmgd->s1g_capa)); 8461 memcpy(&ifmgd->s1g_capa_mask, &req->s1g_capa_mask, 8462 sizeof(ifmgd->s1g_capa_mask)); 8463 8464 /* keep some setup (AP STA, channel, ...) if matching */ 8465 match_auth = ifmgd->auth_data && 8466 ether_addr_equal(ifmgd->auth_data->ap_addr, 8467 assoc_data->ap_addr) && 8468 ifmgd->auth_data->link_id == req->link_id; 8469 8470 if (req->ap_mld_addr) { 8471 uapsd_supported = true; 8472 8473 if (req->flags & (ASSOC_REQ_DISABLE_HT | 8474 ASSOC_REQ_DISABLE_VHT | 8475 ASSOC_REQ_DISABLE_HE | 8476 ASSOC_REQ_DISABLE_EHT)) { 8477 err = -EINVAL; 8478 goto err_free; 8479 } 8480 8481 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) { 8482 struct ieee80211_supported_band *sband; 8483 struct cfg80211_bss *link_cbss = req->links[i].bss; 8484 struct ieee80211_bss *bss; 8485 8486 if (!link_cbss) 8487 continue; 8488 8489 bss = (void *)link_cbss->priv; 8490 8491 if (!bss->wmm_used) { 8492 err = -EINVAL; 8493 req->links[i].error = err; 8494 goto err_free; 8495 } 8496 8497 if (link_cbss->channel->band == NL80211_BAND_S1GHZ) { 8498 err = -EINVAL; 8499 req->links[i].error = err; 8500 goto err_free; 8501 } 8502 8503 link = sdata_dereference(sdata->link[i], sdata); 8504 if (link) 8505 ether_addr_copy(assoc_data->link[i].addr, 8506 link->conf->addr); 8507 else 8508 eth_random_addr(assoc_data->link[i].addr); 8509 sband = local->hw.wiphy->bands[link_cbss->channel->band]; 8510 8511 if (match_auth && i == assoc_link_id && link) 8512 assoc_data->link[i].conn = link->u.mgd.conn; 8513 else 8514 assoc_data->link[i].conn = 8515 ieee80211_conn_settings_unlimited; 8516 ieee80211_determine_our_sta_mode_assoc(sdata, sband, 8517 req, true, i, 8518 &assoc_data->link[i].conn); 8519 assoc_data->link[i].bss = link_cbss; 8520 assoc_data->link[i].disabled = req->links[i].disabled; 8521 8522 if (!bss->uapsd_supported) 8523 uapsd_supported = false; 8524 8525 if (assoc_data->link[i].conn.mode < IEEE80211_CONN_MODE_EHT) { 8526 err = -EINVAL; 8527 req->links[i].error = err; 8528 goto err_free; 8529 } 8530 8531 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata, 8532 assoc_data, i); 8533 if (err) { 8534 err = -EINVAL; 8535 req->links[i].error = err; 8536 goto err_free; 8537 } 8538 } 8539 8540 assoc_data->wmm = true; 8541 } else { 8542 struct ieee80211_supported_band *sband; 8543 struct ieee80211_bss *bss = (void *)cbss->priv; 8544 8545 memcpy(assoc_data->link[0].addr, sdata->vif.addr, ETH_ALEN); 8546 assoc_data->s1g = cbss->channel->band == NL80211_BAND_S1GHZ; 8547 8548 assoc_data->wmm = bss->wmm_used && 8549 (local->hw.queues >= IEEE80211_NUM_ACS); 8550 8551 if (cbss->channel->band == NL80211_BAND_6GHZ && 8552 req->flags & (ASSOC_REQ_DISABLE_HT | 8553 ASSOC_REQ_DISABLE_VHT | 8554 ASSOC_REQ_DISABLE_HE)) { 8555 err = -EINVAL; 8556 goto err_free; 8557 } 8558 8559 sband = local->hw.wiphy->bands[cbss->channel->band]; 8560 8561 assoc_data->link[0].bss = cbss; 8562 8563 if (match_auth) 8564 assoc_data->link[0].conn = sdata->deflink.u.mgd.conn; 8565 else 8566 assoc_data->link[0].conn = 8567 ieee80211_conn_settings_unlimited; 8568 ieee80211_determine_our_sta_mode_assoc(sdata, sband, req, 8569 assoc_data->wmm, 0, 8570 &assoc_data->link[0].conn); 8571 8572 uapsd_supported = bss->uapsd_supported; 8573 8574 err = ieee80211_mgd_get_ap_ht_vht_capa(sdata, assoc_data, 0); 8575 if (err) 8576 goto err_free; 8577 } 8578 8579 assoc_data->spp_amsdu = req->flags & ASSOC_REQ_SPP_AMSDU; 8580 8581 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 8582 err = -EBUSY; 8583 goto err_free; 8584 } 8585 8586 if (ifmgd->assoc_data) { 8587 err = -EBUSY; 8588 goto err_free; 8589 } 8590 8591 /* Cleanup is delayed if auth_data matches */ 8592 if (ifmgd->auth_data && !match_auth) 8593 ieee80211_destroy_auth_data(sdata, false); 8594 8595 if (req->ie && req->ie_len) { 8596 memcpy(assoc_data->ie, req->ie, req->ie_len); 8597 assoc_data->ie_len = req->ie_len; 8598 assoc_data->ie_pos = assoc_data->ie + assoc_data->ie_len; 8599 } else { 8600 assoc_data->ie_pos = assoc_data->ie; 8601 } 8602 8603 if (req->fils_kek) { 8604 /* should already be checked in cfg80211 - so warn */ 8605 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) { 8606 err = -EINVAL; 8607 goto err_free; 8608 } 8609 memcpy(assoc_data->fils_kek, req->fils_kek, 8610 req->fils_kek_len); 8611 assoc_data->fils_kek_len = req->fils_kek_len; 8612 } 8613 8614 if (req->fils_nonces) 8615 memcpy(assoc_data->fils_nonces, req->fils_nonces, 8616 2 * FILS_NONCE_LEN); 8617 8618 /* default timeout */ 8619 assoc_data->timeout = jiffies; 8620 assoc_data->timeout_started = true; 8621 8622 assoc_data->assoc_link_id = assoc_link_id; 8623 8624 if (req->ap_mld_addr) { 8625 /* if there was no authentication, set up the link */ 8626 err = ieee80211_vif_set_links(sdata, BIT(assoc_link_id), 0); 8627 if (err) 8628 goto err_clear; 8629 } 8630 8631 link = sdata_dereference(sdata->link[assoc_link_id], sdata); 8632 if (WARN_ON(!link)) { 8633 err = -EINVAL; 8634 goto err_clear; 8635 } 8636 8637 override = link->u.mgd.conn.mode != 8638 assoc_data->link[assoc_link_id].conn.mode || 8639 link->u.mgd.conn.bw_limit != 8640 assoc_data->link[assoc_link_id].conn.bw_limit; 8641 link->u.mgd.conn = assoc_data->link[assoc_link_id].conn; 8642 8643 ieee80211_setup_assoc_link(sdata, assoc_data, req, &link->u.mgd.conn, 8644 assoc_link_id); 8645 8646 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) && 8647 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK), 8648 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n")) 8649 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD; 8650 8651 if (assoc_data->wmm && uapsd_supported && 8652 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) { 8653 assoc_data->uapsd = true; 8654 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 8655 } else { 8656 assoc_data->uapsd = false; 8657 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 8658 } 8659 8660 if (req->prev_bssid) 8661 memcpy(assoc_data->prev_ap_addr, req->prev_bssid, ETH_ALEN); 8662 8663 if (req->use_mfp) { 8664 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 8665 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 8666 } else { 8667 ifmgd->mfp = IEEE80211_MFP_DISABLED; 8668 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 8669 } 8670 8671 if (req->flags & ASSOC_REQ_USE_RRM) 8672 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM; 8673 else 8674 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM; 8675 8676 if (req->crypto.control_port) 8677 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 8678 else 8679 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 8680 8681 sdata->control_port_protocol = req->crypto.control_port_ethertype; 8682 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 8683 sdata->control_port_over_nl80211 = 8684 req->crypto.control_port_over_nl80211; 8685 sdata->control_port_no_preauth = req->crypto.control_port_no_preauth; 8686 8687 /* kick off associate process */ 8688 ifmgd->assoc_data = assoc_data; 8689 8690 for (i = 0; i < ARRAY_SIZE(assoc_data->link); i++) { 8691 if (!assoc_data->link[i].bss) 8692 continue; 8693 if (i == assoc_data->assoc_link_id) 8694 continue; 8695 /* only calculate the mode, hence link == NULL */ 8696 err = ieee80211_prep_channel(sdata, NULL, i, 8697 assoc_data->link[i].bss, true, 8698 &assoc_data->link[i].conn); 8699 if (err) { 8700 req->links[i].error = err; 8701 goto err_clear; 8702 } 8703 } 8704 8705 memcpy(vif_cfg->ssid, assoc_data->ssid, assoc_data->ssid_len); 8706 vif_cfg->ssid_len = assoc_data->ssid_len; 8707 8708 /* needed for transmitting the assoc frames properly */ 8709 memcpy(sdata->vif.cfg.ap_addr, assoc_data->ap_addr, ETH_ALEN); 8710 8711 err = ieee80211_prep_connection(sdata, cbss, req->link_id, 8712 req->ap_mld_addr, true, 8713 &assoc_data->link[assoc_link_id].conn, 8714 override); 8715 if (err) 8716 goto err_clear; 8717 8718 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC)) { 8719 const struct cfg80211_bss_ies *beacon_ies; 8720 8721 rcu_read_lock(); 8722 beacon_ies = rcu_dereference(req->bss->beacon_ies); 8723 if (!beacon_ies) { 8724 /* 8725 * Wait up to one beacon interval ... 8726 * should this be more if we miss one? 8727 */ 8728 sdata_info(sdata, "waiting for beacon from %pM\n", 8729 link->u.mgd.bssid); 8730 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 8731 assoc_data->timeout_started = true; 8732 assoc_data->need_beacon = true; 8733 } 8734 rcu_read_unlock(); 8735 } 8736 8737 run_again(sdata, assoc_data->timeout); 8738 8739 /* We are associating, clean up auth_data */ 8740 if (ifmgd->auth_data) 8741 ieee80211_destroy_auth_data(sdata, true); 8742 8743 return 0; 8744 err_clear: 8745 if (!ifmgd->auth_data) { 8746 eth_zero_addr(sdata->deflink.u.mgd.bssid); 8747 ieee80211_link_info_change_notify(sdata, &sdata->deflink, 8748 BSS_CHANGED_BSSID); 8749 } 8750 ifmgd->assoc_data = NULL; 8751 err_free: 8752 kfree(assoc_data); 8753 return err; 8754 } 8755 8756 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 8757 struct cfg80211_deauth_request *req) 8758 { 8759 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 8760 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 8761 bool tx = !req->local_state_change; 8762 struct ieee80211_prep_tx_info info = { 8763 .subtype = IEEE80211_STYPE_DEAUTH, 8764 }; 8765 8766 if (ifmgd->auth_data && 8767 ether_addr_equal(ifmgd->auth_data->ap_addr, req->bssid)) { 8768 sdata_info(sdata, 8769 "aborting authentication with %pM by local choice (Reason: %u=%s)\n", 8770 req->bssid, req->reason_code, 8771 ieee80211_get_reason_code_string(req->reason_code)); 8772 8773 info.link_id = ifmgd->auth_data->link_id; 8774 drv_mgd_prepare_tx(sdata->local, sdata, &info); 8775 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid, 8776 IEEE80211_STYPE_DEAUTH, 8777 req->reason_code, tx, 8778 frame_buf); 8779 ieee80211_destroy_auth_data(sdata, false); 8780 ieee80211_report_disconnect(sdata, frame_buf, 8781 sizeof(frame_buf), true, 8782 req->reason_code, false); 8783 drv_mgd_complete_tx(sdata->local, sdata, &info); 8784 return 0; 8785 } 8786 8787 if (ifmgd->assoc_data && 8788 ether_addr_equal(ifmgd->assoc_data->ap_addr, req->bssid)) { 8789 sdata_info(sdata, 8790 "aborting association with %pM by local choice (Reason: %u=%s)\n", 8791 req->bssid, req->reason_code, 8792 ieee80211_get_reason_code_string(req->reason_code)); 8793 8794 info.link_id = ifmgd->assoc_data->assoc_link_id; 8795 drv_mgd_prepare_tx(sdata->local, sdata, &info); 8796 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid, 8797 IEEE80211_STYPE_DEAUTH, 8798 req->reason_code, tx, 8799 frame_buf); 8800 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON); 8801 ieee80211_report_disconnect(sdata, frame_buf, 8802 sizeof(frame_buf), true, 8803 req->reason_code, false); 8804 drv_mgd_complete_tx(sdata->local, sdata, &info); 8805 return 0; 8806 } 8807 8808 if (ifmgd->associated && 8809 ether_addr_equal(sdata->vif.cfg.ap_addr, req->bssid)) { 8810 sdata_info(sdata, 8811 "deauthenticating from %pM by local choice (Reason: %u=%s)\n", 8812 req->bssid, req->reason_code, 8813 ieee80211_get_reason_code_string(req->reason_code)); 8814 8815 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 8816 req->reason_code, tx, frame_buf); 8817 ieee80211_report_disconnect(sdata, frame_buf, 8818 sizeof(frame_buf), true, 8819 req->reason_code, false); 8820 drv_mgd_complete_tx(sdata->local, sdata, &info); 8821 return 0; 8822 } 8823 8824 return -ENOTCONN; 8825 } 8826 8827 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 8828 struct cfg80211_disassoc_request *req) 8829 { 8830 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 8831 8832 if (!sdata->u.mgd.associated || 8833 memcmp(sdata->vif.cfg.ap_addr, req->ap_addr, ETH_ALEN)) 8834 return -ENOTCONN; 8835 8836 sdata_info(sdata, 8837 "disassociating from %pM by local choice (Reason: %u=%s)\n", 8838 req->ap_addr, req->reason_code, 8839 ieee80211_get_reason_code_string(req->reason_code)); 8840 8841 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 8842 req->reason_code, !req->local_state_change, 8843 frame_buf); 8844 8845 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true, 8846 req->reason_code, false); 8847 8848 return 0; 8849 } 8850 8851 void ieee80211_mgd_stop_link(struct ieee80211_link_data *link) 8852 { 8853 wiphy_work_cancel(link->sdata->local->hw.wiphy, 8854 &link->u.mgd.request_smps_work); 8855 wiphy_work_cancel(link->sdata->local->hw.wiphy, 8856 &link->u.mgd.recalc_smps); 8857 wiphy_delayed_work_cancel(link->sdata->local->hw.wiphy, 8858 &link->u.mgd.chswitch_work); 8859 } 8860 8861 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 8862 { 8863 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 8864 8865 /* 8866 * Make sure some work items will not run after this, 8867 * they will not do anything but might not have been 8868 * cancelled when disconnecting. 8869 */ 8870 wiphy_work_cancel(sdata->local->hw.wiphy, 8871 &ifmgd->monitor_work); 8872 wiphy_work_cancel(sdata->local->hw.wiphy, 8873 &ifmgd->beacon_connection_loss_work); 8874 wiphy_work_cancel(sdata->local->hw.wiphy, 8875 &ifmgd->csa_connection_drop_work); 8876 wiphy_work_cancel(sdata->local->hw.wiphy, 8877 &ifmgd->teardown_ttlm_work); 8878 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, 8879 &ifmgd->tdls_peer_del_work); 8880 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, 8881 &ifmgd->ml_reconf_work); 8882 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, &ifmgd->ttlm_work); 8883 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, 8884 &ifmgd->neg_ttlm_timeout_work); 8885 8886 if (ifmgd->assoc_data) 8887 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT); 8888 if (ifmgd->auth_data) 8889 ieee80211_destroy_auth_data(sdata, false); 8890 spin_lock_bh(&ifmgd->teardown_lock); 8891 if (ifmgd->teardown_skb) { 8892 kfree_skb(ifmgd->teardown_skb); 8893 ifmgd->teardown_skb = NULL; 8894 ifmgd->orig_teardown_skb = NULL; 8895 } 8896 kfree(ifmgd->assoc_req_ies); 8897 ifmgd->assoc_req_ies = NULL; 8898 ifmgd->assoc_req_ies_len = 0; 8899 spin_unlock_bh(&ifmgd->teardown_lock); 8900 del_timer_sync(&ifmgd->timer); 8901 } 8902 8903 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 8904 enum nl80211_cqm_rssi_threshold_event rssi_event, 8905 s32 rssi_level, 8906 gfp_t gfp) 8907 { 8908 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 8909 8910 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level); 8911 8912 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp); 8913 } 8914 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 8915 8916 void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp) 8917 { 8918 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 8919 8920 trace_api_cqm_beacon_loss_notify(sdata->local, sdata); 8921 8922 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp); 8923 } 8924 EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify); 8925 8926 static void _ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data *sdata, 8927 int rssi_min_thold, 8928 int rssi_max_thold) 8929 { 8930 trace_api_enable_rssi_reports(sdata, rssi_min_thold, rssi_max_thold); 8931 8932 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 8933 return; 8934 8935 /* 8936 * Scale up threshold values before storing it, as the RSSI averaging 8937 * algorithm uses a scaled up value as well. Change this scaling 8938 * factor if the RSSI averaging algorithm changes. 8939 */ 8940 sdata->u.mgd.rssi_min_thold = rssi_min_thold*16; 8941 sdata->u.mgd.rssi_max_thold = rssi_max_thold*16; 8942 } 8943 8944 void ieee80211_enable_rssi_reports(struct ieee80211_vif *vif, 8945 int rssi_min_thold, 8946 int rssi_max_thold) 8947 { 8948 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 8949 8950 WARN_ON(rssi_min_thold == rssi_max_thold || 8951 rssi_min_thold > rssi_max_thold); 8952 8953 _ieee80211_enable_rssi_reports(sdata, rssi_min_thold, 8954 rssi_max_thold); 8955 } 8956 EXPORT_SYMBOL(ieee80211_enable_rssi_reports); 8957 8958 void ieee80211_disable_rssi_reports(struct ieee80211_vif *vif) 8959 { 8960 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 8961 8962 _ieee80211_enable_rssi_reports(sdata, 0, 0); 8963 } 8964 EXPORT_SYMBOL(ieee80211_disable_rssi_reports); 8965