1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/pm_qos.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) 35 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 36 #define IEEE80211_AUTH_MAX_TRIES 3 37 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 38 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 39 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 40 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 41 #define IEEE80211_ASSOC_MAX_TRIES 3 42 43 static int max_nullfunc_tries = 2; 44 module_param(max_nullfunc_tries, int, 0644); 45 MODULE_PARM_DESC(max_nullfunc_tries, 46 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 47 48 static int max_probe_tries = 5; 49 module_param(max_probe_tries, int, 0644); 50 MODULE_PARM_DESC(max_probe_tries, 51 "Maximum probe tries before disconnecting (reason 4)."); 52 53 /* 54 * Beacon loss timeout is calculated as N frames times the 55 * advertised beacon interval. This may need to be somewhat 56 * higher than what hardware might detect to account for 57 * delays in the host processing frames. But since we also 58 * probe on beacon miss before declaring the connection lost 59 * default to what we want. 60 */ 61 static int beacon_loss_count = 7; 62 module_param(beacon_loss_count, int, 0644); 63 MODULE_PARM_DESC(beacon_loss_count, 64 "Number of beacon intervals before we decide beacon was lost."); 65 66 /* 67 * Time the connection can be idle before we probe 68 * it to see if we can still talk to the AP. 69 */ 70 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 71 /* 72 * Time we wait for a probe response after sending 73 * a probe request because of beacon loss or for 74 * checking the connection still works. 75 */ 76 static int probe_wait_ms = 500; 77 module_param(probe_wait_ms, int, 0644); 78 MODULE_PARM_DESC(probe_wait_ms, 79 "Maximum time(ms) to wait for probe response" 80 " before disconnecting (reason 4)."); 81 82 /* 83 * Weight given to the latest Beacon frame when calculating average signal 84 * strength for Beacon frames received in the current BSS. This must be 85 * between 1 and 15. 86 */ 87 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 88 89 /* 90 * How many Beacon frames need to have been used in average signal strength 91 * before starting to indicate signal change events. 92 */ 93 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 94 95 /* 96 * We can have multiple work items (and connection probing) 97 * scheduling this timer, but we need to take care to only 98 * reschedule it when it should fire _earlier_ than it was 99 * asked for before, or if it's not pending right now. This 100 * function ensures that. Note that it then is required to 101 * run this function for all timeouts after the first one 102 * has happened -- the work that runs from this timer will 103 * do that. 104 */ 105 static void run_again(struct ieee80211_sub_if_data *sdata, 106 unsigned long timeout) 107 { 108 sdata_assert_lock(sdata); 109 110 if (!timer_pending(&sdata->u.mgd.timer) || 111 time_before(timeout, sdata->u.mgd.timer.expires)) 112 mod_timer(&sdata->u.mgd.timer, timeout); 113 } 114 115 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 116 { 117 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 118 return; 119 120 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 121 return; 122 123 mod_timer(&sdata->u.mgd.bcn_mon_timer, 124 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 125 } 126 127 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 128 { 129 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 130 131 if (unlikely(!sdata->u.mgd.associated)) 132 return; 133 134 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 135 return; 136 137 mod_timer(&sdata->u.mgd.conn_mon_timer, 138 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 139 140 ifmgd->probe_send_count = 0; 141 } 142 143 static int ecw2cw(int ecw) 144 { 145 return (1 << ecw) - 1; 146 } 147 148 static u32 149 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 150 struct ieee80211_supported_band *sband, 151 struct ieee80211_channel *channel, 152 const struct ieee80211_ht_operation *ht_oper, 153 const struct ieee80211_vht_operation *vht_oper, 154 struct cfg80211_chan_def *chandef, bool tracking) 155 { 156 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 157 struct cfg80211_chan_def vht_chandef; 158 u32 ht_cfreq, ret; 159 160 chandef->chan = channel; 161 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 162 chandef->center_freq1 = channel->center_freq; 163 chandef->center_freq2 = 0; 164 165 if (!ht_oper || !sband->ht_cap.ht_supported) { 166 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 167 goto out; 168 } 169 170 chandef->width = NL80211_CHAN_WIDTH_20; 171 172 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 173 channel->band); 174 /* check that channel matches the right operating channel */ 175 if (!tracking && channel->center_freq != ht_cfreq) { 176 /* 177 * It's possible that some APs are confused here; 178 * Netgear WNDR3700 sometimes reports 4 higher than 179 * the actual channel in association responses, but 180 * since we look at probe response/beacon data here 181 * it should be OK. 182 */ 183 sdata_info(sdata, 184 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 185 channel->center_freq, ht_cfreq, 186 ht_oper->primary_chan, channel->band); 187 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 188 goto out; 189 } 190 191 /* check 40 MHz support, if we have it */ 192 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 193 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 194 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 195 chandef->width = NL80211_CHAN_WIDTH_40; 196 chandef->center_freq1 += 10; 197 break; 198 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 199 chandef->width = NL80211_CHAN_WIDTH_40; 200 chandef->center_freq1 -= 10; 201 break; 202 } 203 } else { 204 /* 40 MHz (and 80 MHz) must be supported for VHT */ 205 ret = IEEE80211_STA_DISABLE_VHT; 206 /* also mark 40 MHz disabled */ 207 ret |= IEEE80211_STA_DISABLE_40MHZ; 208 goto out; 209 } 210 211 if (!vht_oper || !sband->vht_cap.vht_supported) { 212 ret = IEEE80211_STA_DISABLE_VHT; 213 goto out; 214 } 215 216 vht_chandef.chan = channel; 217 vht_chandef.center_freq1 = 218 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 219 channel->band); 220 vht_chandef.center_freq2 = 0; 221 222 switch (vht_oper->chan_width) { 223 case IEEE80211_VHT_CHANWIDTH_USE_HT: 224 vht_chandef.width = chandef->width; 225 vht_chandef.center_freq1 = chandef->center_freq1; 226 break; 227 case IEEE80211_VHT_CHANWIDTH_80MHZ: 228 vht_chandef.width = NL80211_CHAN_WIDTH_80; 229 break; 230 case IEEE80211_VHT_CHANWIDTH_160MHZ: 231 vht_chandef.width = NL80211_CHAN_WIDTH_160; 232 break; 233 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 234 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 235 vht_chandef.center_freq2 = 236 ieee80211_channel_to_frequency( 237 vht_oper->center_freq_seg2_idx, 238 channel->band); 239 break; 240 default: 241 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 242 sdata_info(sdata, 243 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 244 vht_oper->chan_width); 245 ret = IEEE80211_STA_DISABLE_VHT; 246 goto out; 247 } 248 249 if (!cfg80211_chandef_valid(&vht_chandef)) { 250 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 251 sdata_info(sdata, 252 "AP VHT information is invalid, disable VHT\n"); 253 ret = IEEE80211_STA_DISABLE_VHT; 254 goto out; 255 } 256 257 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 258 ret = 0; 259 goto out; 260 } 261 262 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 263 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 264 sdata_info(sdata, 265 "AP VHT information doesn't match HT, disable VHT\n"); 266 ret = IEEE80211_STA_DISABLE_VHT; 267 goto out; 268 } 269 270 *chandef = vht_chandef; 271 272 ret = 0; 273 274 out: 275 /* 276 * When tracking the current AP, don't do any further checks if the 277 * new chandef is identical to the one we're currently using for the 278 * connection. This keeps us from playing ping-pong with regulatory, 279 * without it the following can happen (for example): 280 * - connect to an AP with 80 MHz, world regdom allows 80 MHz 281 * - AP advertises regdom US 282 * - CRDA loads regdom US with 80 MHz prohibited (old database) 283 * - the code below detects an unsupported channel, downgrades, and 284 * we disconnect from the AP in the caller 285 * - disconnect causes CRDA to reload world regdomain and the game 286 * starts anew. 287 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881) 288 * 289 * It seems possible that there are still scenarios with CSA or real 290 * bandwidth changes where a this could happen, but those cases are 291 * less common and wouldn't completely prevent using the AP. 292 */ 293 if (tracking && 294 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef)) 295 return ret; 296 297 /* don't print the message below for VHT mismatch if VHT is disabled */ 298 if (ret & IEEE80211_STA_DISABLE_VHT) 299 vht_chandef = *chandef; 300 301 /* 302 * Ignore the DISABLED flag when we're already connected and only 303 * tracking the APs beacon for bandwidth changes - otherwise we 304 * might get disconnected here if we connect to an AP, update our 305 * regulatory information based on the AP's country IE and the 306 * information we have is wrong/outdated and disables the channel 307 * that we're actually using for the connection to the AP. 308 */ 309 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 310 tracking ? 0 : 311 IEEE80211_CHAN_DISABLED)) { 312 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 313 ret = IEEE80211_STA_DISABLE_HT | 314 IEEE80211_STA_DISABLE_VHT; 315 break; 316 } 317 318 ret |= ieee80211_chandef_downgrade(chandef); 319 } 320 321 if (chandef->width != vht_chandef.width && !tracking) 322 sdata_info(sdata, 323 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 324 325 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 326 return ret; 327 } 328 329 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 330 struct sta_info *sta, 331 const struct ieee80211_ht_operation *ht_oper, 332 const struct ieee80211_vht_operation *vht_oper, 333 const u8 *bssid, u32 *changed) 334 { 335 struct ieee80211_local *local = sdata->local; 336 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 337 struct ieee80211_supported_band *sband; 338 struct ieee80211_channel *chan; 339 struct cfg80211_chan_def chandef; 340 u16 ht_opmode; 341 u32 flags; 342 enum ieee80211_sta_rx_bandwidth new_sta_bw; 343 int ret; 344 345 /* if HT was/is disabled, don't track any bandwidth changes */ 346 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 347 return 0; 348 349 /* don't check VHT if we associated as non-VHT station */ 350 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 351 vht_oper = NULL; 352 353 if (WARN_ON_ONCE(!sta)) 354 return -EINVAL; 355 356 /* 357 * if bss configuration changed store the new one - 358 * this may be applicable even if channel is identical 359 */ 360 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 361 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 362 *changed |= BSS_CHANGED_HT; 363 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 364 } 365 366 chan = sdata->vif.bss_conf.chandef.chan; 367 sband = local->hw.wiphy->bands[chan->band]; 368 369 /* calculate new channel (type) based on HT/VHT operation IEs */ 370 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, 371 vht_oper, &chandef, true); 372 373 /* 374 * Downgrade the new channel if we associated with restricted 375 * capabilities. For example, if we associated as a 20 MHz STA 376 * to a 40 MHz AP (due to regulatory, capabilities or config 377 * reasons) then switching to a 40 MHz channel now won't do us 378 * any good -- we couldn't use it with the AP. 379 */ 380 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 381 chandef.width == NL80211_CHAN_WIDTH_80P80) 382 flags |= ieee80211_chandef_downgrade(&chandef); 383 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 384 chandef.width == NL80211_CHAN_WIDTH_160) 385 flags |= ieee80211_chandef_downgrade(&chandef); 386 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 387 chandef.width > NL80211_CHAN_WIDTH_20) 388 flags |= ieee80211_chandef_downgrade(&chandef); 389 390 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 391 return 0; 392 393 sdata_info(sdata, 394 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 395 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 396 chandef.center_freq1, chandef.center_freq2); 397 398 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 399 IEEE80211_STA_DISABLE_VHT | 400 IEEE80211_STA_DISABLE_40MHZ | 401 IEEE80211_STA_DISABLE_80P80MHZ | 402 IEEE80211_STA_DISABLE_160MHZ)) || 403 !cfg80211_chandef_valid(&chandef)) { 404 sdata_info(sdata, 405 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 406 ifmgd->bssid); 407 return -EINVAL; 408 } 409 410 switch (chandef.width) { 411 case NL80211_CHAN_WIDTH_20_NOHT: 412 case NL80211_CHAN_WIDTH_20: 413 new_sta_bw = IEEE80211_STA_RX_BW_20; 414 break; 415 case NL80211_CHAN_WIDTH_40: 416 new_sta_bw = IEEE80211_STA_RX_BW_40; 417 break; 418 case NL80211_CHAN_WIDTH_80: 419 new_sta_bw = IEEE80211_STA_RX_BW_80; 420 break; 421 case NL80211_CHAN_WIDTH_80P80: 422 case NL80211_CHAN_WIDTH_160: 423 new_sta_bw = IEEE80211_STA_RX_BW_160; 424 break; 425 default: 426 return -EINVAL; 427 } 428 429 if (new_sta_bw > sta->cur_max_bandwidth) 430 new_sta_bw = sta->cur_max_bandwidth; 431 432 if (new_sta_bw < sta->sta.bandwidth) { 433 sta->sta.bandwidth = new_sta_bw; 434 rate_control_rate_update(local, sband, sta, 435 IEEE80211_RC_BW_CHANGED); 436 } 437 438 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 439 if (ret) { 440 sdata_info(sdata, 441 "AP %pM changed bandwidth to incompatible one - disconnect\n", 442 ifmgd->bssid); 443 return ret; 444 } 445 446 if (new_sta_bw > sta->sta.bandwidth) { 447 sta->sta.bandwidth = new_sta_bw; 448 rate_control_rate_update(local, sband, sta, 449 IEEE80211_RC_BW_CHANGED); 450 } 451 452 return 0; 453 } 454 455 /* frame sending functions */ 456 457 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 458 struct sk_buff *skb, u8 ap_ht_param, 459 struct ieee80211_supported_band *sband, 460 struct ieee80211_channel *channel, 461 enum ieee80211_smps_mode smps) 462 { 463 u8 *pos; 464 u32 flags = channel->flags; 465 u16 cap; 466 struct ieee80211_sta_ht_cap ht_cap; 467 468 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 469 470 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 471 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 472 473 /* determine capability flags */ 474 cap = ht_cap.cap; 475 476 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 477 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 478 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 479 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 480 cap &= ~IEEE80211_HT_CAP_SGI_40; 481 } 482 break; 483 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 484 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 485 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 486 cap &= ~IEEE80211_HT_CAP_SGI_40; 487 } 488 break; 489 } 490 491 /* 492 * If 40 MHz was disabled associate as though we weren't 493 * capable of 40 MHz -- some broken APs will never fall 494 * back to trying to transmit in 20 MHz. 495 */ 496 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 497 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 498 cap &= ~IEEE80211_HT_CAP_SGI_40; 499 } 500 501 /* set SM PS mode properly */ 502 cap &= ~IEEE80211_HT_CAP_SM_PS; 503 switch (smps) { 504 case IEEE80211_SMPS_AUTOMATIC: 505 case IEEE80211_SMPS_NUM_MODES: 506 WARN_ON(1); 507 case IEEE80211_SMPS_OFF: 508 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 509 IEEE80211_HT_CAP_SM_PS_SHIFT; 510 break; 511 case IEEE80211_SMPS_STATIC: 512 cap |= WLAN_HT_CAP_SM_PS_STATIC << 513 IEEE80211_HT_CAP_SM_PS_SHIFT; 514 break; 515 case IEEE80211_SMPS_DYNAMIC: 516 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 517 IEEE80211_HT_CAP_SM_PS_SHIFT; 518 break; 519 } 520 521 /* reserve and fill IE */ 522 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 523 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 524 } 525 526 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 527 struct sk_buff *skb, 528 struct ieee80211_supported_band *sband, 529 struct ieee80211_vht_cap *ap_vht_cap) 530 { 531 u8 *pos; 532 u32 cap; 533 struct ieee80211_sta_vht_cap vht_cap; 534 535 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 536 537 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 538 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 539 540 /* determine capability flags */ 541 cap = vht_cap.cap; 542 543 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 544 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; 545 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 546 } 547 548 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 549 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 550 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 551 } 552 553 /* 554 * Some APs apparently get confused if our capabilities are better 555 * than theirs, so restrict what we advertise in the assoc request. 556 */ 557 if (!(ap_vht_cap->vht_cap_info & 558 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 559 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 560 561 /* reserve and fill IE */ 562 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 563 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 564 } 565 566 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 567 { 568 struct ieee80211_local *local = sdata->local; 569 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 570 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 571 struct sk_buff *skb; 572 struct ieee80211_mgmt *mgmt; 573 u8 *pos, qos_info; 574 size_t offset = 0, noffset; 575 int i, count, rates_len, supp_rates_len, shift; 576 u16 capab; 577 struct ieee80211_supported_band *sband; 578 struct ieee80211_chanctx_conf *chanctx_conf; 579 struct ieee80211_channel *chan; 580 u32 rate_flags, rates = 0; 581 582 sdata_assert_lock(sdata); 583 584 rcu_read_lock(); 585 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 586 if (WARN_ON(!chanctx_conf)) { 587 rcu_read_unlock(); 588 return; 589 } 590 chan = chanctx_conf->def.chan; 591 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 592 rcu_read_unlock(); 593 sband = local->hw.wiphy->bands[chan->band]; 594 shift = ieee80211_vif_get_shift(&sdata->vif); 595 596 if (assoc_data->supp_rates_len) { 597 /* 598 * Get all rates supported by the device and the AP as 599 * some APs don't like getting a superset of their rates 600 * in the association request (e.g. D-Link DAP 1353 in 601 * b-only mode)... 602 */ 603 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband, 604 assoc_data->supp_rates, 605 assoc_data->supp_rates_len, 606 &rates); 607 } else { 608 /* 609 * In case AP not provide any supported rates information 610 * before association, we send information element(s) with 611 * all rates that we support. 612 */ 613 rates_len = 0; 614 for (i = 0; i < sband->n_bitrates; i++) { 615 if ((rate_flags & sband->bitrates[i].flags) 616 != rate_flags) 617 continue; 618 rates |= BIT(i); 619 rates_len++; 620 } 621 } 622 623 skb = alloc_skb(local->hw.extra_tx_headroom + 624 sizeof(*mgmt) + /* bit too much but doesn't matter */ 625 2 + assoc_data->ssid_len + /* SSID */ 626 4 + rates_len + /* (extended) rates */ 627 4 + /* power capability */ 628 2 + 2 * sband->n_channels + /* supported channels */ 629 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 630 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 631 assoc_data->ie_len + /* extra IEs */ 632 9, /* WMM */ 633 GFP_KERNEL); 634 if (!skb) 635 return; 636 637 skb_reserve(skb, local->hw.extra_tx_headroom); 638 639 capab = WLAN_CAPABILITY_ESS; 640 641 if (sband->band == IEEE80211_BAND_2GHZ) { 642 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 643 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 644 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 645 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 646 } 647 648 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 649 capab |= WLAN_CAPABILITY_PRIVACY; 650 651 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 652 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 653 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 654 655 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 656 memset(mgmt, 0, 24); 657 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 658 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 659 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 660 661 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 662 skb_put(skb, 10); 663 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 664 IEEE80211_STYPE_REASSOC_REQ); 665 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 666 mgmt->u.reassoc_req.listen_interval = 667 cpu_to_le16(local->hw.conf.listen_interval); 668 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 669 ETH_ALEN); 670 } else { 671 skb_put(skb, 4); 672 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 673 IEEE80211_STYPE_ASSOC_REQ); 674 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 675 mgmt->u.assoc_req.listen_interval = 676 cpu_to_le16(local->hw.conf.listen_interval); 677 } 678 679 /* SSID */ 680 pos = skb_put(skb, 2 + assoc_data->ssid_len); 681 *pos++ = WLAN_EID_SSID; 682 *pos++ = assoc_data->ssid_len; 683 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 684 685 /* add all rates which were marked to be used above */ 686 supp_rates_len = rates_len; 687 if (supp_rates_len > 8) 688 supp_rates_len = 8; 689 690 pos = skb_put(skb, supp_rates_len + 2); 691 *pos++ = WLAN_EID_SUPP_RATES; 692 *pos++ = supp_rates_len; 693 694 count = 0; 695 for (i = 0; i < sband->n_bitrates; i++) { 696 if (BIT(i) & rates) { 697 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 698 5 * (1 << shift)); 699 *pos++ = (u8) rate; 700 if (++count == 8) 701 break; 702 } 703 } 704 705 if (rates_len > count) { 706 pos = skb_put(skb, rates_len - count + 2); 707 *pos++ = WLAN_EID_EXT_SUPP_RATES; 708 *pos++ = rates_len - count; 709 710 for (i++; i < sband->n_bitrates; i++) { 711 if (BIT(i) & rates) { 712 int rate; 713 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 714 5 * (1 << shift)); 715 *pos++ = (u8) rate; 716 } 717 } 718 } 719 720 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 721 /* 1. power capabilities */ 722 pos = skb_put(skb, 4); 723 *pos++ = WLAN_EID_PWR_CAPABILITY; 724 *pos++ = 2; 725 *pos++ = 0; /* min tx power */ 726 /* max tx power */ 727 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def); 728 729 /* 2. supported channels */ 730 /* TODO: get this in reg domain format */ 731 pos = skb_put(skb, 2 * sband->n_channels + 2); 732 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 733 *pos++ = 2 * sband->n_channels; 734 for (i = 0; i < sband->n_channels; i++) { 735 *pos++ = ieee80211_frequency_to_channel( 736 sband->channels[i].center_freq); 737 *pos++ = 1; /* one channel in the subband*/ 738 } 739 } 740 741 /* if present, add any custom IEs that go before HT */ 742 if (assoc_data->ie_len) { 743 static const u8 before_ht[] = { 744 WLAN_EID_SSID, 745 WLAN_EID_SUPP_RATES, 746 WLAN_EID_EXT_SUPP_RATES, 747 WLAN_EID_PWR_CAPABILITY, 748 WLAN_EID_SUPPORTED_CHANNELS, 749 WLAN_EID_RSN, 750 WLAN_EID_QOS_CAPA, 751 WLAN_EID_RRM_ENABLED_CAPABILITIES, 752 WLAN_EID_MOBILITY_DOMAIN, 753 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 754 }; 755 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 756 before_ht, ARRAY_SIZE(before_ht), 757 offset); 758 pos = skb_put(skb, noffset - offset); 759 memcpy(pos, assoc_data->ie + offset, noffset - offset); 760 offset = noffset; 761 } 762 763 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 764 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 765 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 766 767 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 768 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 769 sband, chan, sdata->smps_mode); 770 771 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 772 ieee80211_add_vht_ie(sdata, skb, sband, 773 &assoc_data->ap_vht_cap); 774 775 /* if present, add any custom non-vendor IEs that go after HT */ 776 if (assoc_data->ie_len) { 777 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 778 assoc_data->ie_len, 779 offset); 780 pos = skb_put(skb, noffset - offset); 781 memcpy(pos, assoc_data->ie + offset, noffset - offset); 782 offset = noffset; 783 } 784 785 if (assoc_data->wmm) { 786 if (assoc_data->uapsd) { 787 qos_info = ifmgd->uapsd_queues; 788 qos_info |= (ifmgd->uapsd_max_sp_len << 789 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 790 } else { 791 qos_info = 0; 792 } 793 794 pos = skb_put(skb, 9); 795 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 796 *pos++ = 7; /* len */ 797 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 798 *pos++ = 0x50; 799 *pos++ = 0xf2; 800 *pos++ = 2; /* WME */ 801 *pos++ = 0; /* WME info */ 802 *pos++ = 1; /* WME ver */ 803 *pos++ = qos_info; 804 } 805 806 /* add any remaining custom (i.e. vendor specific here) IEs */ 807 if (assoc_data->ie_len) { 808 noffset = assoc_data->ie_len; 809 pos = skb_put(skb, noffset - offset); 810 memcpy(pos, assoc_data->ie + offset, noffset - offset); 811 } 812 813 drv_mgd_prepare_tx(local, sdata); 814 815 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 816 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 817 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 818 IEEE80211_TX_INTFL_MLME_CONN_TX; 819 ieee80211_tx_skb(sdata, skb); 820 } 821 822 void ieee80211_send_pspoll(struct ieee80211_local *local, 823 struct ieee80211_sub_if_data *sdata) 824 { 825 struct ieee80211_pspoll *pspoll; 826 struct sk_buff *skb; 827 828 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 829 if (!skb) 830 return; 831 832 pspoll = (struct ieee80211_pspoll *) skb->data; 833 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 834 835 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 836 ieee80211_tx_skb(sdata, skb); 837 } 838 839 void ieee80211_send_nullfunc(struct ieee80211_local *local, 840 struct ieee80211_sub_if_data *sdata, 841 int powersave) 842 { 843 struct sk_buff *skb; 844 struct ieee80211_hdr_3addr *nullfunc; 845 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 846 847 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 848 if (!skb) 849 return; 850 851 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 852 if (powersave) 853 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 854 855 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 856 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 857 858 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 859 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 860 861 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 862 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 863 864 ieee80211_tx_skb(sdata, skb); 865 } 866 867 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 868 struct ieee80211_sub_if_data *sdata) 869 { 870 struct sk_buff *skb; 871 struct ieee80211_hdr *nullfunc; 872 __le16 fc; 873 874 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 875 return; 876 877 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 878 if (!skb) 879 return; 880 881 skb_reserve(skb, local->hw.extra_tx_headroom); 882 883 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 884 memset(nullfunc, 0, 30); 885 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 886 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 887 nullfunc->frame_control = fc; 888 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 889 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 890 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 891 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 892 893 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 894 ieee80211_tx_skb(sdata, skb); 895 } 896 897 /* spectrum management related things */ 898 static void ieee80211_chswitch_work(struct work_struct *work) 899 { 900 struct ieee80211_sub_if_data *sdata = 901 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 902 struct ieee80211_local *local = sdata->local; 903 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 904 u32 changed = 0; 905 int ret; 906 907 if (!ieee80211_sdata_running(sdata)) 908 return; 909 910 sdata_lock(sdata); 911 if (!ifmgd->associated) 912 goto out; 913 914 mutex_lock(&local->mtx); 915 ret = ieee80211_vif_change_channel(sdata, &changed); 916 mutex_unlock(&local->mtx); 917 if (ret) { 918 sdata_info(sdata, 919 "vif channel switch failed, disconnecting\n"); 920 ieee80211_queue_work(&sdata->local->hw, 921 &ifmgd->csa_connection_drop_work); 922 goto out; 923 } 924 925 if (!local->use_chanctx) { 926 local->_oper_chandef = sdata->csa_chandef; 927 /* Call "hw_config" only if doing sw channel switch. 928 * Otherwise update the channel directly 929 */ 930 if (!local->ops->channel_switch) 931 ieee80211_hw_config(local, 0); 932 else 933 local->hw.conf.chandef = local->_oper_chandef; 934 } 935 936 /* XXX: shouldn't really modify cfg80211-owned data! */ 937 ifmgd->associated->channel = sdata->csa_chandef.chan; 938 939 /* XXX: wait for a beacon first? */ 940 ieee80211_wake_queues_by_reason(&local->hw, 941 IEEE80211_MAX_QUEUE_MAP, 942 IEEE80211_QUEUE_STOP_REASON_CSA); 943 944 ieee80211_bss_info_change_notify(sdata, changed); 945 946 out: 947 sdata->vif.csa_active = false; 948 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 949 sdata_unlock(sdata); 950 } 951 952 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 953 { 954 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 955 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 956 957 trace_api_chswitch_done(sdata, success); 958 if (!success) { 959 sdata_info(sdata, 960 "driver channel switch failed, disconnecting\n"); 961 ieee80211_queue_work(&sdata->local->hw, 962 &ifmgd->csa_connection_drop_work); 963 } else { 964 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 965 } 966 } 967 EXPORT_SYMBOL(ieee80211_chswitch_done); 968 969 static void ieee80211_chswitch_timer(unsigned long data) 970 { 971 struct ieee80211_sub_if_data *sdata = 972 (struct ieee80211_sub_if_data *) data; 973 974 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 975 } 976 977 static void 978 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 979 u64 timestamp, struct ieee802_11_elems *elems, 980 bool beacon) 981 { 982 struct ieee80211_local *local = sdata->local; 983 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 984 struct cfg80211_bss *cbss = ifmgd->associated; 985 struct ieee80211_chanctx *chanctx; 986 enum ieee80211_band current_band; 987 struct ieee80211_csa_ie csa_ie; 988 int res; 989 990 sdata_assert_lock(sdata); 991 992 if (!cbss) 993 return; 994 995 if (local->scanning) 996 return; 997 998 /* disregard subsequent announcements if we are already processing */ 999 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 1000 return; 1001 1002 current_band = cbss->channel->band; 1003 memset(&csa_ie, 0, sizeof(csa_ie)); 1004 res = ieee80211_parse_ch_switch_ie(sdata, elems, beacon, current_band, 1005 ifmgd->flags, 1006 ifmgd->associated->bssid, &csa_ie); 1007 if (res < 0) 1008 ieee80211_queue_work(&local->hw, 1009 &ifmgd->csa_connection_drop_work); 1010 if (res) 1011 return; 1012 1013 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef, 1014 IEEE80211_CHAN_DISABLED)) { 1015 sdata_info(sdata, 1016 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 1017 ifmgd->associated->bssid, 1018 csa_ie.chandef.chan->center_freq, 1019 csa_ie.chandef.width, csa_ie.chandef.center_freq1, 1020 csa_ie.chandef.center_freq2); 1021 ieee80211_queue_work(&local->hw, 1022 &ifmgd->csa_connection_drop_work); 1023 return; 1024 } 1025 1026 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 1027 sdata->vif.csa_active = true; 1028 1029 mutex_lock(&local->chanctx_mtx); 1030 if (local->use_chanctx) { 1031 u32 num_chanctx = 0; 1032 list_for_each_entry(chanctx, &local->chanctx_list, list) 1033 num_chanctx++; 1034 1035 if (num_chanctx > 1 || 1036 !(local->hw.flags & IEEE80211_HW_CHANCTX_STA_CSA)) { 1037 sdata_info(sdata, 1038 "not handling chan-switch with channel contexts\n"); 1039 ieee80211_queue_work(&local->hw, 1040 &ifmgd->csa_connection_drop_work); 1041 mutex_unlock(&local->chanctx_mtx); 1042 return; 1043 } 1044 } 1045 1046 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { 1047 ieee80211_queue_work(&local->hw, 1048 &ifmgd->csa_connection_drop_work); 1049 mutex_unlock(&local->chanctx_mtx); 1050 return; 1051 } 1052 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), 1053 struct ieee80211_chanctx, conf); 1054 if (chanctx->refcount > 1) { 1055 sdata_info(sdata, 1056 "channel switch with multiple interfaces on the same channel, disconnecting\n"); 1057 ieee80211_queue_work(&local->hw, 1058 &ifmgd->csa_connection_drop_work); 1059 mutex_unlock(&local->chanctx_mtx); 1060 return; 1061 } 1062 mutex_unlock(&local->chanctx_mtx); 1063 1064 sdata->csa_chandef = csa_ie.chandef; 1065 1066 if (csa_ie.mode) 1067 ieee80211_stop_queues_by_reason(&local->hw, 1068 IEEE80211_MAX_QUEUE_MAP, 1069 IEEE80211_QUEUE_STOP_REASON_CSA); 1070 1071 if (local->ops->channel_switch) { 1072 /* use driver's channel switch callback */ 1073 struct ieee80211_channel_switch ch_switch = { 1074 .timestamp = timestamp, 1075 .block_tx = csa_ie.mode, 1076 .chandef = csa_ie.chandef, 1077 .count = csa_ie.count, 1078 }; 1079 1080 drv_channel_switch(local, &ch_switch); 1081 return; 1082 } 1083 1084 /* channel switch handled in software */ 1085 if (csa_ie.count <= 1) 1086 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1087 else 1088 mod_timer(&ifmgd->chswitch_timer, 1089 TU_TO_EXP_TIME(csa_ie.count * cbss->beacon_interval)); 1090 } 1091 1092 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1093 struct ieee80211_channel *channel, 1094 const u8 *country_ie, u8 country_ie_len, 1095 const u8 *pwr_constr_elem) 1096 { 1097 struct ieee80211_country_ie_triplet *triplet; 1098 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1099 int i, chan_pwr, chan_increment, new_ap_level; 1100 bool have_chan_pwr = false; 1101 1102 /* Invalid IE */ 1103 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1104 return 0; 1105 1106 triplet = (void *)(country_ie + 3); 1107 country_ie_len -= 3; 1108 1109 switch (channel->band) { 1110 default: 1111 WARN_ON_ONCE(1); 1112 /* fall through */ 1113 case IEEE80211_BAND_2GHZ: 1114 case IEEE80211_BAND_60GHZ: 1115 chan_increment = 1; 1116 break; 1117 case IEEE80211_BAND_5GHZ: 1118 chan_increment = 4; 1119 break; 1120 } 1121 1122 /* find channel */ 1123 while (country_ie_len >= 3) { 1124 u8 first_channel = triplet->chans.first_channel; 1125 1126 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1127 goto next; 1128 1129 for (i = 0; i < triplet->chans.num_channels; i++) { 1130 if (first_channel + i * chan_increment == chan) { 1131 have_chan_pwr = true; 1132 chan_pwr = triplet->chans.max_power; 1133 break; 1134 } 1135 } 1136 if (have_chan_pwr) 1137 break; 1138 1139 next: 1140 triplet++; 1141 country_ie_len -= 3; 1142 } 1143 1144 if (!have_chan_pwr) 1145 return 0; 1146 1147 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem); 1148 1149 if (sdata->ap_power_level == new_ap_level) 1150 return 0; 1151 1152 sdata_info(sdata, 1153 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1154 new_ap_level, chan_pwr, *pwr_constr_elem, 1155 sdata->u.mgd.bssid); 1156 sdata->ap_power_level = new_ap_level; 1157 if (__ieee80211_recalc_txpower(sdata)) 1158 return BSS_CHANGED_TXPOWER; 1159 return 0; 1160 } 1161 1162 /* powersave */ 1163 static void ieee80211_enable_ps(struct ieee80211_local *local, 1164 struct ieee80211_sub_if_data *sdata) 1165 { 1166 struct ieee80211_conf *conf = &local->hw.conf; 1167 1168 /* 1169 * If we are scanning right now then the parameters will 1170 * take effect when scan finishes. 1171 */ 1172 if (local->scanning) 1173 return; 1174 1175 if (conf->dynamic_ps_timeout > 0 && 1176 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1177 mod_timer(&local->dynamic_ps_timer, jiffies + 1178 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1179 } else { 1180 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1181 ieee80211_send_nullfunc(local, sdata, 1); 1182 1183 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1184 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1185 return; 1186 1187 conf->flags |= IEEE80211_CONF_PS; 1188 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1189 } 1190 } 1191 1192 static void ieee80211_change_ps(struct ieee80211_local *local) 1193 { 1194 struct ieee80211_conf *conf = &local->hw.conf; 1195 1196 if (local->ps_sdata) { 1197 ieee80211_enable_ps(local, local->ps_sdata); 1198 } else if (conf->flags & IEEE80211_CONF_PS) { 1199 conf->flags &= ~IEEE80211_CONF_PS; 1200 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1201 del_timer_sync(&local->dynamic_ps_timer); 1202 cancel_work_sync(&local->dynamic_ps_enable_work); 1203 } 1204 } 1205 1206 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1207 { 1208 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1209 struct sta_info *sta = NULL; 1210 bool authorized = false; 1211 1212 if (!mgd->powersave) 1213 return false; 1214 1215 if (mgd->broken_ap) 1216 return false; 1217 1218 if (!mgd->associated) 1219 return false; 1220 1221 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL) 1222 return false; 1223 1224 if (!mgd->have_beacon) 1225 return false; 1226 1227 rcu_read_lock(); 1228 sta = sta_info_get(sdata, mgd->bssid); 1229 if (sta) 1230 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1231 rcu_read_unlock(); 1232 1233 return authorized; 1234 } 1235 1236 /* need to hold RTNL or interface lock */ 1237 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1238 { 1239 struct ieee80211_sub_if_data *sdata, *found = NULL; 1240 int count = 0; 1241 int timeout; 1242 1243 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1244 local->ps_sdata = NULL; 1245 return; 1246 } 1247 1248 list_for_each_entry(sdata, &local->interfaces, list) { 1249 if (!ieee80211_sdata_running(sdata)) 1250 continue; 1251 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1252 /* If an AP vif is found, then disable PS 1253 * by setting the count to zero thereby setting 1254 * ps_sdata to NULL. 1255 */ 1256 count = 0; 1257 break; 1258 } 1259 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1260 continue; 1261 found = sdata; 1262 count++; 1263 } 1264 1265 if (count == 1 && ieee80211_powersave_allowed(found)) { 1266 s32 beaconint_us; 1267 1268 if (latency < 0) 1269 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1270 1271 beaconint_us = ieee80211_tu_to_usec( 1272 found->vif.bss_conf.beacon_int); 1273 1274 timeout = local->dynamic_ps_forced_timeout; 1275 if (timeout < 0) { 1276 /* 1277 * Go to full PSM if the user configures a very low 1278 * latency requirement. 1279 * The 2000 second value is there for compatibility 1280 * until the PM_QOS_NETWORK_LATENCY is configured 1281 * with real values. 1282 */ 1283 if (latency > (1900 * USEC_PER_MSEC) && 1284 latency != (2000 * USEC_PER_SEC)) 1285 timeout = 0; 1286 else 1287 timeout = 100; 1288 } 1289 local->hw.conf.dynamic_ps_timeout = timeout; 1290 1291 if (beaconint_us > latency) { 1292 local->ps_sdata = NULL; 1293 } else { 1294 int maxslp = 1; 1295 u8 dtimper = found->u.mgd.dtim_period; 1296 1297 /* If the TIM IE is invalid, pretend the value is 1 */ 1298 if (!dtimper) 1299 dtimper = 1; 1300 else if (dtimper > 1) 1301 maxslp = min_t(int, dtimper, 1302 latency / beaconint_us); 1303 1304 local->hw.conf.max_sleep_period = maxslp; 1305 local->hw.conf.ps_dtim_period = dtimper; 1306 local->ps_sdata = found; 1307 } 1308 } else { 1309 local->ps_sdata = NULL; 1310 } 1311 1312 ieee80211_change_ps(local); 1313 } 1314 1315 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1316 { 1317 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1318 1319 if (sdata->vif.bss_conf.ps != ps_allowed) { 1320 sdata->vif.bss_conf.ps = ps_allowed; 1321 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1322 } 1323 } 1324 1325 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1326 { 1327 struct ieee80211_local *local = 1328 container_of(work, struct ieee80211_local, 1329 dynamic_ps_disable_work); 1330 1331 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1332 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1333 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1334 } 1335 1336 ieee80211_wake_queues_by_reason(&local->hw, 1337 IEEE80211_MAX_QUEUE_MAP, 1338 IEEE80211_QUEUE_STOP_REASON_PS); 1339 } 1340 1341 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1342 { 1343 struct ieee80211_local *local = 1344 container_of(work, struct ieee80211_local, 1345 dynamic_ps_enable_work); 1346 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1347 struct ieee80211_if_managed *ifmgd; 1348 unsigned long flags; 1349 int q; 1350 1351 /* can only happen when PS was just disabled anyway */ 1352 if (!sdata) 1353 return; 1354 1355 ifmgd = &sdata->u.mgd; 1356 1357 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1358 return; 1359 1360 if (local->hw.conf.dynamic_ps_timeout > 0) { 1361 /* don't enter PS if TX frames are pending */ 1362 if (drv_tx_frames_pending(local)) { 1363 mod_timer(&local->dynamic_ps_timer, jiffies + 1364 msecs_to_jiffies( 1365 local->hw.conf.dynamic_ps_timeout)); 1366 return; 1367 } 1368 1369 /* 1370 * transmission can be stopped by others which leads to 1371 * dynamic_ps_timer expiry. Postpone the ps timer if it 1372 * is not the actual idle state. 1373 */ 1374 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1375 for (q = 0; q < local->hw.queues; q++) { 1376 if (local->queue_stop_reasons[q]) { 1377 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1378 flags); 1379 mod_timer(&local->dynamic_ps_timer, jiffies + 1380 msecs_to_jiffies( 1381 local->hw.conf.dynamic_ps_timeout)); 1382 return; 1383 } 1384 } 1385 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1386 } 1387 1388 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1389 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1390 if (drv_tx_frames_pending(local)) { 1391 mod_timer(&local->dynamic_ps_timer, jiffies + 1392 msecs_to_jiffies( 1393 local->hw.conf.dynamic_ps_timeout)); 1394 } else { 1395 ieee80211_send_nullfunc(local, sdata, 1); 1396 /* Flush to get the tx status of nullfunc frame */ 1397 ieee80211_flush_queues(local, sdata); 1398 } 1399 } 1400 1401 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1402 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1403 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1404 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1405 local->hw.conf.flags |= IEEE80211_CONF_PS; 1406 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1407 } 1408 } 1409 1410 void ieee80211_dynamic_ps_timer(unsigned long data) 1411 { 1412 struct ieee80211_local *local = (void *) data; 1413 1414 if (local->quiescing || local->suspended) 1415 return; 1416 1417 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1418 } 1419 1420 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1421 { 1422 struct delayed_work *delayed_work = 1423 container_of(work, struct delayed_work, work); 1424 struct ieee80211_sub_if_data *sdata = 1425 container_of(delayed_work, struct ieee80211_sub_if_data, 1426 dfs_cac_timer_work); 1427 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef; 1428 1429 mutex_lock(&sdata->local->mtx); 1430 if (sdata->wdev.cac_started) { 1431 ieee80211_vif_release_channel(sdata); 1432 cfg80211_cac_event(sdata->dev, &chandef, 1433 NL80211_RADAR_CAC_FINISHED, 1434 GFP_KERNEL); 1435 } 1436 mutex_unlock(&sdata->local->mtx); 1437 } 1438 1439 /* MLME */ 1440 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1441 struct ieee80211_sub_if_data *sdata, 1442 const u8 *wmm_param, size_t wmm_param_len) 1443 { 1444 struct ieee80211_tx_queue_params params; 1445 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1446 size_t left; 1447 int count; 1448 const u8 *pos; 1449 u8 uapsd_queues = 0; 1450 1451 if (!local->ops->conf_tx) 1452 return false; 1453 1454 if (local->hw.queues < IEEE80211_NUM_ACS) 1455 return false; 1456 1457 if (!wmm_param) 1458 return false; 1459 1460 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1461 return false; 1462 1463 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1464 uapsd_queues = ifmgd->uapsd_queues; 1465 1466 count = wmm_param[6] & 0x0f; 1467 if (count == ifmgd->wmm_last_param_set) 1468 return false; 1469 ifmgd->wmm_last_param_set = count; 1470 1471 pos = wmm_param + 8; 1472 left = wmm_param_len - 8; 1473 1474 memset(¶ms, 0, sizeof(params)); 1475 1476 sdata->wmm_acm = 0; 1477 for (; left >= 4; left -= 4, pos += 4) { 1478 int aci = (pos[0] >> 5) & 0x03; 1479 int acm = (pos[0] >> 4) & 0x01; 1480 bool uapsd = false; 1481 int queue; 1482 1483 switch (aci) { 1484 case 1: /* AC_BK */ 1485 queue = 3; 1486 if (acm) 1487 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1488 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1489 uapsd = true; 1490 break; 1491 case 2: /* AC_VI */ 1492 queue = 1; 1493 if (acm) 1494 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1495 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1496 uapsd = true; 1497 break; 1498 case 3: /* AC_VO */ 1499 queue = 0; 1500 if (acm) 1501 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1502 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1503 uapsd = true; 1504 break; 1505 case 0: /* AC_BE */ 1506 default: 1507 queue = 2; 1508 if (acm) 1509 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1510 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1511 uapsd = true; 1512 break; 1513 } 1514 1515 params.aifs = pos[0] & 0x0f; 1516 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1517 params.cw_min = ecw2cw(pos[1] & 0x0f); 1518 params.txop = get_unaligned_le16(pos + 2); 1519 params.acm = acm; 1520 params.uapsd = uapsd; 1521 1522 mlme_dbg(sdata, 1523 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 1524 queue, aci, acm, 1525 params.aifs, params.cw_min, params.cw_max, 1526 params.txop, params.uapsd); 1527 sdata->tx_conf[queue] = params; 1528 if (drv_conf_tx(local, sdata, queue, ¶ms)) 1529 sdata_err(sdata, 1530 "failed to set TX queue parameters for queue %d\n", 1531 queue); 1532 } 1533 1534 /* enable WMM or activate new settings */ 1535 sdata->vif.bss_conf.qos = true; 1536 return true; 1537 } 1538 1539 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1540 { 1541 lockdep_assert_held(&sdata->local->mtx); 1542 1543 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL; 1544 ieee80211_run_deferred_scan(sdata->local); 1545 } 1546 1547 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1548 { 1549 mutex_lock(&sdata->local->mtx); 1550 __ieee80211_stop_poll(sdata); 1551 mutex_unlock(&sdata->local->mtx); 1552 } 1553 1554 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1555 u16 capab, bool erp_valid, u8 erp) 1556 { 1557 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1558 u32 changed = 0; 1559 bool use_protection; 1560 bool use_short_preamble; 1561 bool use_short_slot; 1562 1563 if (erp_valid) { 1564 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1565 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1566 } else { 1567 use_protection = false; 1568 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1569 } 1570 1571 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1572 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1573 use_short_slot = true; 1574 1575 if (use_protection != bss_conf->use_cts_prot) { 1576 bss_conf->use_cts_prot = use_protection; 1577 changed |= BSS_CHANGED_ERP_CTS_PROT; 1578 } 1579 1580 if (use_short_preamble != bss_conf->use_short_preamble) { 1581 bss_conf->use_short_preamble = use_short_preamble; 1582 changed |= BSS_CHANGED_ERP_PREAMBLE; 1583 } 1584 1585 if (use_short_slot != bss_conf->use_short_slot) { 1586 bss_conf->use_short_slot = use_short_slot; 1587 changed |= BSS_CHANGED_ERP_SLOT; 1588 } 1589 1590 return changed; 1591 } 1592 1593 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1594 struct cfg80211_bss *cbss, 1595 u32 bss_info_changed) 1596 { 1597 struct ieee80211_bss *bss = (void *)cbss->priv; 1598 struct ieee80211_local *local = sdata->local; 1599 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1600 1601 bss_info_changed |= BSS_CHANGED_ASSOC; 1602 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1603 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1604 1605 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1606 beacon_loss_count * bss_conf->beacon_int)); 1607 1608 sdata->u.mgd.associated = cbss; 1609 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1610 1611 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1612 1613 if (sdata->vif.p2p) { 1614 const struct cfg80211_bss_ies *ies; 1615 1616 rcu_read_lock(); 1617 ies = rcu_dereference(cbss->ies); 1618 if (ies) { 1619 int ret; 1620 1621 ret = cfg80211_get_p2p_attr( 1622 ies->data, ies->len, 1623 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1624 (u8 *) &bss_conf->p2p_noa_attr, 1625 sizeof(bss_conf->p2p_noa_attr)); 1626 if (ret >= 2) { 1627 sdata->u.mgd.p2p_noa_index = 1628 bss_conf->p2p_noa_attr.index; 1629 bss_info_changed |= BSS_CHANGED_P2P_PS; 1630 } 1631 } 1632 rcu_read_unlock(); 1633 } 1634 1635 /* just to be sure */ 1636 ieee80211_stop_poll(sdata); 1637 1638 ieee80211_led_assoc(local, 1); 1639 1640 if (sdata->u.mgd.have_beacon) { 1641 /* 1642 * If the AP is buggy we may get here with no DTIM period 1643 * known, so assume it's 1 which is the only safe assumption 1644 * in that case, although if the TIM IE is broken powersave 1645 * probably just won't work at all. 1646 */ 1647 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1648 bss_conf->beacon_rate = bss->beacon_rate; 1649 bss_info_changed |= BSS_CHANGED_BEACON_INFO; 1650 } else { 1651 bss_conf->beacon_rate = NULL; 1652 bss_conf->dtim_period = 0; 1653 } 1654 1655 bss_conf->assoc = 1; 1656 1657 /* Tell the driver to monitor connection quality (if supported) */ 1658 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1659 bss_conf->cqm_rssi_thold) 1660 bss_info_changed |= BSS_CHANGED_CQM; 1661 1662 /* Enable ARP filtering */ 1663 if (bss_conf->arp_addr_cnt) 1664 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1665 1666 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1667 1668 mutex_lock(&local->iflist_mtx); 1669 ieee80211_recalc_ps(local, -1); 1670 mutex_unlock(&local->iflist_mtx); 1671 1672 ieee80211_recalc_smps(sdata); 1673 ieee80211_recalc_ps_vif(sdata); 1674 1675 netif_carrier_on(sdata->dev); 1676 } 1677 1678 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1679 u16 stype, u16 reason, bool tx, 1680 u8 *frame_buf) 1681 { 1682 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1683 struct ieee80211_local *local = sdata->local; 1684 u32 changed = 0; 1685 1686 sdata_assert_lock(sdata); 1687 1688 if (WARN_ON_ONCE(tx && !frame_buf)) 1689 return; 1690 1691 if (WARN_ON(!ifmgd->associated)) 1692 return; 1693 1694 ieee80211_stop_poll(sdata); 1695 1696 ifmgd->associated = NULL; 1697 netif_carrier_off(sdata->dev); 1698 1699 /* 1700 * if we want to get out of ps before disassoc (why?) we have 1701 * to do it before sending disassoc, as otherwise the null-packet 1702 * won't be valid. 1703 */ 1704 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1705 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1706 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1707 } 1708 local->ps_sdata = NULL; 1709 1710 /* disable per-vif ps */ 1711 ieee80211_recalc_ps_vif(sdata); 1712 1713 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1714 if (tx) 1715 ieee80211_flush_queues(local, sdata); 1716 1717 /* deauthenticate/disassociate now */ 1718 if (tx || frame_buf) 1719 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1720 reason, tx, frame_buf); 1721 1722 /* flush out frame */ 1723 if (tx) 1724 ieee80211_flush_queues(local, sdata); 1725 1726 /* clear bssid only after building the needed mgmt frames */ 1727 memset(ifmgd->bssid, 0, ETH_ALEN); 1728 1729 /* remove AP and TDLS peers */ 1730 sta_info_flush(sdata); 1731 1732 /* finally reset all BSS / config parameters */ 1733 changed |= ieee80211_reset_erp_info(sdata); 1734 1735 ieee80211_led_assoc(local, 0); 1736 changed |= BSS_CHANGED_ASSOC; 1737 sdata->vif.bss_conf.assoc = false; 1738 1739 ifmgd->p2p_noa_index = -1; 1740 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 1741 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 1742 1743 /* on the next assoc, re-program HT/VHT parameters */ 1744 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1745 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 1746 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 1747 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 1748 1749 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 1750 1751 del_timer_sync(&local->dynamic_ps_timer); 1752 cancel_work_sync(&local->dynamic_ps_enable_work); 1753 1754 /* Disable ARP filtering */ 1755 if (sdata->vif.bss_conf.arp_addr_cnt) 1756 changed |= BSS_CHANGED_ARP_FILTER; 1757 1758 sdata->vif.bss_conf.qos = false; 1759 changed |= BSS_CHANGED_QOS; 1760 1761 /* The BSSID (not really interesting) and HT changed */ 1762 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1763 ieee80211_bss_info_change_notify(sdata, changed); 1764 1765 /* disassociated - set to defaults now */ 1766 ieee80211_set_wmm_default(sdata, false); 1767 1768 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1769 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1770 del_timer_sync(&sdata->u.mgd.timer); 1771 del_timer_sync(&sdata->u.mgd.chswitch_timer); 1772 1773 sdata->vif.bss_conf.dtim_period = 0; 1774 sdata->vif.bss_conf.beacon_rate = NULL; 1775 1776 ifmgd->have_beacon = false; 1777 1778 ifmgd->flags = 0; 1779 mutex_lock(&local->mtx); 1780 ieee80211_vif_release_channel(sdata); 1781 mutex_unlock(&local->mtx); 1782 1783 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM; 1784 } 1785 1786 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1787 struct ieee80211_hdr *hdr) 1788 { 1789 /* 1790 * We can postpone the mgd.timer whenever receiving unicast frames 1791 * from AP because we know that the connection is working both ways 1792 * at that time. But multicast frames (and hence also beacons) must 1793 * be ignored here, because we need to trigger the timer during 1794 * data idle periods for sending the periodic probe request to the 1795 * AP we're connected to. 1796 */ 1797 if (is_multicast_ether_addr(hdr->addr1)) 1798 return; 1799 1800 ieee80211_sta_reset_conn_monitor(sdata); 1801 } 1802 1803 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 1804 { 1805 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1806 struct ieee80211_local *local = sdata->local; 1807 1808 mutex_lock(&local->mtx); 1809 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)) 1810 goto out; 1811 1812 __ieee80211_stop_poll(sdata); 1813 1814 mutex_lock(&local->iflist_mtx); 1815 ieee80211_recalc_ps(local, -1); 1816 mutex_unlock(&local->iflist_mtx); 1817 1818 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1819 goto out; 1820 1821 /* 1822 * We've received a probe response, but are not sure whether 1823 * we have or will be receiving any beacons or data, so let's 1824 * schedule the timers again, just in case. 1825 */ 1826 ieee80211_sta_reset_beacon_monitor(sdata); 1827 1828 mod_timer(&ifmgd->conn_mon_timer, 1829 round_jiffies_up(jiffies + 1830 IEEE80211_CONNECTION_IDLE_TIME)); 1831 out: 1832 mutex_unlock(&local->mtx); 1833 } 1834 1835 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1836 struct ieee80211_hdr *hdr, bool ack) 1837 { 1838 if (!ieee80211_is_data(hdr->frame_control)) 1839 return; 1840 1841 if (ieee80211_is_nullfunc(hdr->frame_control) && 1842 sdata->u.mgd.probe_send_count > 0) { 1843 if (ack) 1844 ieee80211_sta_reset_conn_monitor(sdata); 1845 else 1846 sdata->u.mgd.nullfunc_failed = true; 1847 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 1848 return; 1849 } 1850 1851 if (ack) 1852 ieee80211_sta_reset_conn_monitor(sdata); 1853 } 1854 1855 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 1856 { 1857 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1858 const u8 *ssid; 1859 u8 *dst = ifmgd->associated->bssid; 1860 u8 unicast_limit = max(1, max_probe_tries - 3); 1861 1862 /* 1863 * Try sending broadcast probe requests for the last three 1864 * probe requests after the first ones failed since some 1865 * buggy APs only support broadcast probe requests. 1866 */ 1867 if (ifmgd->probe_send_count >= unicast_limit) 1868 dst = NULL; 1869 1870 /* 1871 * When the hardware reports an accurate Tx ACK status, it's 1872 * better to send a nullfunc frame instead of a probe request, 1873 * as it will kick us off the AP quickly if we aren't associated 1874 * anymore. The timeout will be reset if the frame is ACKed by 1875 * the AP. 1876 */ 1877 ifmgd->probe_send_count++; 1878 1879 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 1880 ifmgd->nullfunc_failed = false; 1881 ieee80211_send_nullfunc(sdata->local, sdata, 0); 1882 } else { 1883 int ssid_len; 1884 1885 rcu_read_lock(); 1886 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 1887 if (WARN_ON_ONCE(ssid == NULL)) 1888 ssid_len = 0; 1889 else 1890 ssid_len = ssid[1]; 1891 1892 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 1893 0, (u32) -1, true, 0, 1894 ifmgd->associated->channel, false); 1895 rcu_read_unlock(); 1896 } 1897 1898 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 1899 run_again(sdata, ifmgd->probe_timeout); 1900 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 1901 ieee80211_flush_queues(sdata->local, sdata); 1902 } 1903 1904 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 1905 bool beacon) 1906 { 1907 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1908 bool already = false; 1909 1910 if (!ieee80211_sdata_running(sdata)) 1911 return; 1912 1913 sdata_lock(sdata); 1914 1915 if (!ifmgd->associated) 1916 goto out; 1917 1918 mutex_lock(&sdata->local->mtx); 1919 1920 if (sdata->local->tmp_channel || sdata->local->scanning) { 1921 mutex_unlock(&sdata->local->mtx); 1922 goto out; 1923 } 1924 1925 if (beacon) { 1926 mlme_dbg_ratelimited(sdata, 1927 "detected beacon loss from AP (missed %d beacons) - probing\n", 1928 beacon_loss_count); 1929 1930 ieee80211_cqm_rssi_notify(&sdata->vif, 1931 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, 1932 GFP_KERNEL); 1933 } 1934 1935 /* 1936 * The driver/our work has already reported this event or the 1937 * connection monitoring has kicked in and we have already sent 1938 * a probe request. Or maybe the AP died and the driver keeps 1939 * reporting until we disassociate... 1940 * 1941 * In either case we have to ignore the current call to this 1942 * function (except for setting the correct probe reason bit) 1943 * because otherwise we would reset the timer every time and 1944 * never check whether we received a probe response! 1945 */ 1946 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 1947 already = true; 1948 1949 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 1950 1951 mutex_unlock(&sdata->local->mtx); 1952 1953 if (already) 1954 goto out; 1955 1956 mutex_lock(&sdata->local->iflist_mtx); 1957 ieee80211_recalc_ps(sdata->local, -1); 1958 mutex_unlock(&sdata->local->iflist_mtx); 1959 1960 ifmgd->probe_send_count = 0; 1961 ieee80211_mgd_probe_ap_send(sdata); 1962 out: 1963 sdata_unlock(sdata); 1964 } 1965 1966 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 1967 struct ieee80211_vif *vif) 1968 { 1969 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1970 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1971 struct cfg80211_bss *cbss; 1972 struct sk_buff *skb; 1973 const u8 *ssid; 1974 int ssid_len; 1975 1976 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 1977 return NULL; 1978 1979 sdata_assert_lock(sdata); 1980 1981 if (ifmgd->associated) 1982 cbss = ifmgd->associated; 1983 else if (ifmgd->auth_data) 1984 cbss = ifmgd->auth_data->bss; 1985 else if (ifmgd->assoc_data) 1986 cbss = ifmgd->assoc_data->bss; 1987 else 1988 return NULL; 1989 1990 rcu_read_lock(); 1991 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 1992 if (WARN_ON_ONCE(ssid == NULL)) 1993 ssid_len = 0; 1994 else 1995 ssid_len = ssid[1]; 1996 1997 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 1998 (u32) -1, cbss->channel, 1999 ssid + 2, ssid_len, 2000 NULL, 0, true); 2001 rcu_read_unlock(); 2002 2003 return skb; 2004 } 2005 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2006 2007 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2008 { 2009 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2010 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2011 2012 sdata_lock(sdata); 2013 if (!ifmgd->associated) { 2014 sdata_unlock(sdata); 2015 return; 2016 } 2017 2018 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2019 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2020 true, frame_buf); 2021 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 2022 sdata->vif.csa_active = false; 2023 ieee80211_wake_queues_by_reason(&sdata->local->hw, 2024 IEEE80211_MAX_QUEUE_MAP, 2025 IEEE80211_QUEUE_STOP_REASON_CSA); 2026 2027 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 2028 IEEE80211_DEAUTH_FRAME_LEN); 2029 sdata_unlock(sdata); 2030 } 2031 2032 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2033 { 2034 struct ieee80211_sub_if_data *sdata = 2035 container_of(work, struct ieee80211_sub_if_data, 2036 u.mgd.beacon_connection_loss_work); 2037 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2038 struct sta_info *sta; 2039 2040 if (ifmgd->associated) { 2041 rcu_read_lock(); 2042 sta = sta_info_get(sdata, ifmgd->bssid); 2043 if (sta) 2044 sta->beacon_loss_count++; 2045 rcu_read_unlock(); 2046 } 2047 2048 if (ifmgd->connection_loss) { 2049 sdata_info(sdata, "Connection to AP %pM lost\n", 2050 ifmgd->bssid); 2051 __ieee80211_disconnect(sdata); 2052 } else { 2053 ieee80211_mgd_probe_ap(sdata, true); 2054 } 2055 } 2056 2057 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2058 { 2059 struct ieee80211_sub_if_data *sdata = 2060 container_of(work, struct ieee80211_sub_if_data, 2061 u.mgd.csa_connection_drop_work); 2062 2063 __ieee80211_disconnect(sdata); 2064 } 2065 2066 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2067 { 2068 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2069 struct ieee80211_hw *hw = &sdata->local->hw; 2070 2071 trace_api_beacon_loss(sdata); 2072 2073 sdata->u.mgd.connection_loss = false; 2074 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2075 } 2076 EXPORT_SYMBOL(ieee80211_beacon_loss); 2077 2078 void ieee80211_connection_loss(struct ieee80211_vif *vif) 2079 { 2080 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2081 struct ieee80211_hw *hw = &sdata->local->hw; 2082 2083 trace_api_connection_loss(sdata); 2084 2085 sdata->u.mgd.connection_loss = true; 2086 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2087 } 2088 EXPORT_SYMBOL(ieee80211_connection_loss); 2089 2090 2091 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2092 bool assoc) 2093 { 2094 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2095 2096 sdata_assert_lock(sdata); 2097 2098 if (!assoc) { 2099 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2100 2101 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2102 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2103 sdata->u.mgd.flags = 0; 2104 mutex_lock(&sdata->local->mtx); 2105 ieee80211_vif_release_channel(sdata); 2106 mutex_unlock(&sdata->local->mtx); 2107 } 2108 2109 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2110 kfree(auth_data); 2111 sdata->u.mgd.auth_data = NULL; 2112 } 2113 2114 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2115 struct ieee80211_mgmt *mgmt, size_t len) 2116 { 2117 struct ieee80211_local *local = sdata->local; 2118 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2119 u8 *pos; 2120 struct ieee802_11_elems elems; 2121 u32 tx_flags = 0; 2122 2123 pos = mgmt->u.auth.variable; 2124 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2125 if (!elems.challenge) 2126 return; 2127 auth_data->expected_transaction = 4; 2128 drv_mgd_prepare_tx(sdata->local, sdata); 2129 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2130 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2131 IEEE80211_TX_INTFL_MLME_CONN_TX; 2132 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2133 elems.challenge - 2, elems.challenge_len + 2, 2134 auth_data->bss->bssid, auth_data->bss->bssid, 2135 auth_data->key, auth_data->key_len, 2136 auth_data->key_idx, tx_flags); 2137 } 2138 2139 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2140 struct ieee80211_mgmt *mgmt, size_t len) 2141 { 2142 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2143 u8 bssid[ETH_ALEN]; 2144 u16 auth_alg, auth_transaction, status_code; 2145 struct sta_info *sta; 2146 2147 sdata_assert_lock(sdata); 2148 2149 if (len < 24 + 6) 2150 return; 2151 2152 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2153 return; 2154 2155 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2156 2157 if (!ether_addr_equal(bssid, mgmt->bssid)) 2158 return; 2159 2160 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2161 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2162 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2163 2164 if (auth_alg != ifmgd->auth_data->algorithm || 2165 auth_transaction != ifmgd->auth_data->expected_transaction) { 2166 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2167 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2168 auth_transaction, 2169 ifmgd->auth_data->expected_transaction); 2170 return; 2171 } 2172 2173 if (status_code != WLAN_STATUS_SUCCESS) { 2174 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2175 mgmt->sa, status_code); 2176 ieee80211_destroy_auth_data(sdata, false); 2177 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2178 return; 2179 } 2180 2181 switch (ifmgd->auth_data->algorithm) { 2182 case WLAN_AUTH_OPEN: 2183 case WLAN_AUTH_LEAP: 2184 case WLAN_AUTH_FT: 2185 case WLAN_AUTH_SAE: 2186 break; 2187 case WLAN_AUTH_SHARED_KEY: 2188 if (ifmgd->auth_data->expected_transaction != 4) { 2189 ieee80211_auth_challenge(sdata, mgmt, len); 2190 /* need another frame */ 2191 return; 2192 } 2193 break; 2194 default: 2195 WARN_ONCE(1, "invalid auth alg %d", 2196 ifmgd->auth_data->algorithm); 2197 return; 2198 } 2199 2200 sdata_info(sdata, "authenticated\n"); 2201 ifmgd->auth_data->done = true; 2202 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2203 ifmgd->auth_data->timeout_started = true; 2204 run_again(sdata, ifmgd->auth_data->timeout); 2205 2206 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2207 ifmgd->auth_data->expected_transaction != 2) { 2208 /* 2209 * Report auth frame to user space for processing since another 2210 * round of Authentication frames is still needed. 2211 */ 2212 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2213 return; 2214 } 2215 2216 /* move station state to auth */ 2217 mutex_lock(&sdata->local->sta_mtx); 2218 sta = sta_info_get(sdata, bssid); 2219 if (!sta) { 2220 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2221 goto out_err; 2222 } 2223 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2224 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2225 goto out_err; 2226 } 2227 mutex_unlock(&sdata->local->sta_mtx); 2228 2229 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2230 return; 2231 out_err: 2232 mutex_unlock(&sdata->local->sta_mtx); 2233 /* ignore frame -- wait for timeout */ 2234 } 2235 2236 2237 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2238 struct ieee80211_mgmt *mgmt, size_t len) 2239 { 2240 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2241 const u8 *bssid = NULL; 2242 u16 reason_code; 2243 2244 sdata_assert_lock(sdata); 2245 2246 if (len < 24 + 2) 2247 return; 2248 2249 if (!ifmgd->associated || 2250 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2251 return; 2252 2253 bssid = ifmgd->associated->bssid; 2254 2255 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2256 2257 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n", 2258 bssid, reason_code); 2259 2260 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2261 2262 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2263 } 2264 2265 2266 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2267 struct ieee80211_mgmt *mgmt, size_t len) 2268 { 2269 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2270 u16 reason_code; 2271 2272 sdata_assert_lock(sdata); 2273 2274 if (len < 24 + 2) 2275 return; 2276 2277 if (!ifmgd->associated || 2278 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2279 return; 2280 2281 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2282 2283 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2284 mgmt->sa, reason_code); 2285 2286 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2287 2288 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2289 } 2290 2291 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2292 u8 *supp_rates, unsigned int supp_rates_len, 2293 u32 *rates, u32 *basic_rates, 2294 bool *have_higher_than_11mbit, 2295 int *min_rate, int *min_rate_index, 2296 int shift, u32 rate_flags) 2297 { 2298 int i, j; 2299 2300 for (i = 0; i < supp_rates_len; i++) { 2301 int rate = supp_rates[i] & 0x7f; 2302 bool is_basic = !!(supp_rates[i] & 0x80); 2303 2304 if ((rate * 5 * (1 << shift)) > 110) 2305 *have_higher_than_11mbit = true; 2306 2307 /* 2308 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2309 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2310 * 2311 * Note: Even through the membership selector and the basic 2312 * rate flag share the same bit, they are not exactly 2313 * the same. 2314 */ 2315 if (!!(supp_rates[i] & 0x80) && 2316 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2317 continue; 2318 2319 for (j = 0; j < sband->n_bitrates; j++) { 2320 struct ieee80211_rate *br; 2321 int brate; 2322 2323 br = &sband->bitrates[j]; 2324 if ((rate_flags & br->flags) != rate_flags) 2325 continue; 2326 2327 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5); 2328 if (brate == rate) { 2329 *rates |= BIT(j); 2330 if (is_basic) 2331 *basic_rates |= BIT(j); 2332 if ((rate * 5) < *min_rate) { 2333 *min_rate = rate * 5; 2334 *min_rate_index = j; 2335 } 2336 break; 2337 } 2338 } 2339 } 2340 } 2341 2342 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2343 bool assoc) 2344 { 2345 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2346 2347 sdata_assert_lock(sdata); 2348 2349 if (!assoc) { 2350 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2351 2352 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2353 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2354 sdata->u.mgd.flags = 0; 2355 mutex_lock(&sdata->local->mtx); 2356 ieee80211_vif_release_channel(sdata); 2357 mutex_unlock(&sdata->local->mtx); 2358 } 2359 2360 kfree(assoc_data); 2361 sdata->u.mgd.assoc_data = NULL; 2362 } 2363 2364 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2365 struct cfg80211_bss *cbss, 2366 struct ieee80211_mgmt *mgmt, size_t len) 2367 { 2368 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2369 struct ieee80211_local *local = sdata->local; 2370 struct ieee80211_supported_band *sband; 2371 struct sta_info *sta; 2372 u8 *pos; 2373 u16 capab_info, aid; 2374 struct ieee802_11_elems elems; 2375 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2376 const struct cfg80211_bss_ies *bss_ies = NULL; 2377 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2378 u32 changed = 0; 2379 int err; 2380 bool ret; 2381 2382 /* AssocResp and ReassocResp have identical structure */ 2383 2384 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2385 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2386 2387 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2388 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2389 aid); 2390 aid &= ~(BIT(15) | BIT(14)); 2391 2392 ifmgd->broken_ap = false; 2393 2394 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2395 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2396 aid); 2397 aid = 0; 2398 ifmgd->broken_ap = true; 2399 } 2400 2401 pos = mgmt->u.assoc_resp.variable; 2402 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2403 2404 if (!elems.supp_rates) { 2405 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2406 return false; 2407 } 2408 2409 ifmgd->aid = aid; 2410 2411 /* 2412 * Some APs are erroneously not including some information in their 2413 * (re)association response frames. Try to recover by using the data 2414 * from the beacon or probe response. This seems to afflict mobile 2415 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 2416 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 2417 */ 2418 if ((assoc_data->wmm && !elems.wmm_param) || 2419 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2420 (!elems.ht_cap_elem || !elems.ht_operation)) || 2421 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2422 (!elems.vht_cap_elem || !elems.vht_operation))) { 2423 const struct cfg80211_bss_ies *ies; 2424 struct ieee802_11_elems bss_elems; 2425 2426 rcu_read_lock(); 2427 ies = rcu_dereference(cbss->ies); 2428 if (ies) 2429 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 2430 GFP_ATOMIC); 2431 rcu_read_unlock(); 2432 if (!bss_ies) 2433 return false; 2434 2435 ieee802_11_parse_elems(bss_ies->data, bss_ies->len, 2436 false, &bss_elems); 2437 if (assoc_data->wmm && 2438 !elems.wmm_param && bss_elems.wmm_param) { 2439 elems.wmm_param = bss_elems.wmm_param; 2440 sdata_info(sdata, 2441 "AP bug: WMM param missing from AssocResp\n"); 2442 } 2443 2444 /* 2445 * Also check if we requested HT/VHT, otherwise the AP doesn't 2446 * have to include the IEs in the (re)association response. 2447 */ 2448 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem && 2449 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2450 elems.ht_cap_elem = bss_elems.ht_cap_elem; 2451 sdata_info(sdata, 2452 "AP bug: HT capability missing from AssocResp\n"); 2453 } 2454 if (!elems.ht_operation && bss_elems.ht_operation && 2455 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2456 elems.ht_operation = bss_elems.ht_operation; 2457 sdata_info(sdata, 2458 "AP bug: HT operation missing from AssocResp\n"); 2459 } 2460 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem && 2461 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2462 elems.vht_cap_elem = bss_elems.vht_cap_elem; 2463 sdata_info(sdata, 2464 "AP bug: VHT capa missing from AssocResp\n"); 2465 } 2466 if (!elems.vht_operation && bss_elems.vht_operation && 2467 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2468 elems.vht_operation = bss_elems.vht_operation; 2469 sdata_info(sdata, 2470 "AP bug: VHT operation missing from AssocResp\n"); 2471 } 2472 } 2473 2474 /* 2475 * We previously checked these in the beacon/probe response, so 2476 * they should be present here. This is just a safety net. 2477 */ 2478 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2479 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2480 sdata_info(sdata, 2481 "HT AP is missing WMM params or HT capability/operation\n"); 2482 ret = false; 2483 goto out; 2484 } 2485 2486 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2487 (!elems.vht_cap_elem || !elems.vht_operation)) { 2488 sdata_info(sdata, 2489 "VHT AP is missing VHT capability/operation\n"); 2490 ret = false; 2491 goto out; 2492 } 2493 2494 mutex_lock(&sdata->local->sta_mtx); 2495 /* 2496 * station info was already allocated and inserted before 2497 * the association and should be available to us 2498 */ 2499 sta = sta_info_get(sdata, cbss->bssid); 2500 if (WARN_ON(!sta)) { 2501 mutex_unlock(&sdata->local->sta_mtx); 2502 ret = false; 2503 goto out; 2504 } 2505 2506 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2507 2508 /* Set up internal HT/VHT capabilities */ 2509 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2510 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2511 elems.ht_cap_elem, sta); 2512 2513 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2514 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2515 elems.vht_cap_elem, sta); 2516 2517 /* 2518 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2519 * in their association response, so ignore that data for our own 2520 * configuration. If it changed since the last beacon, we'll get the 2521 * next beacon and update then. 2522 */ 2523 2524 /* 2525 * If an operating mode notification IE is present, override the 2526 * NSS calculation (that would be done in rate_control_rate_init()) 2527 * and use the # of streams from that element. 2528 */ 2529 if (elems.opmode_notif && 2530 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2531 u8 nss; 2532 2533 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2534 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2535 nss += 1; 2536 sta->sta.rx_nss = nss; 2537 } 2538 2539 rate_control_rate_init(sta); 2540 2541 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2542 set_sta_flag(sta, WLAN_STA_MFP); 2543 2544 if (elems.wmm_param) 2545 set_sta_flag(sta, WLAN_STA_WME); 2546 2547 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2548 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2549 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2550 if (err) { 2551 sdata_info(sdata, 2552 "failed to move station %pM to desired state\n", 2553 sta->sta.addr); 2554 WARN_ON(__sta_info_destroy(sta)); 2555 mutex_unlock(&sdata->local->sta_mtx); 2556 ret = false; 2557 goto out; 2558 } 2559 2560 mutex_unlock(&sdata->local->sta_mtx); 2561 2562 /* 2563 * Always handle WMM once after association regardless 2564 * of the first value the AP uses. Setting -1 here has 2565 * that effect because the AP values is an unsigned 2566 * 4-bit value. 2567 */ 2568 ifmgd->wmm_last_param_set = -1; 2569 2570 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && elems.wmm_param) 2571 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2572 elems.wmm_param_len); 2573 else 2574 ieee80211_set_wmm_default(sdata, false); 2575 changed |= BSS_CHANGED_QOS; 2576 2577 /* set AID and assoc capability, 2578 * ieee80211_set_associated() will tell the driver */ 2579 bss_conf->aid = aid; 2580 bss_conf->assoc_capability = capab_info; 2581 ieee80211_set_associated(sdata, cbss, changed); 2582 2583 /* 2584 * If we're using 4-addr mode, let the AP know that we're 2585 * doing so, so that it can create the STA VLAN on its side 2586 */ 2587 if (ifmgd->use_4addr) 2588 ieee80211_send_4addr_nullfunc(local, sdata); 2589 2590 /* 2591 * Start timer to probe the connection to the AP now. 2592 * Also start the timer that will detect beacon loss. 2593 */ 2594 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2595 ieee80211_sta_reset_beacon_monitor(sdata); 2596 2597 ret = true; 2598 out: 2599 kfree(bss_ies); 2600 return ret; 2601 } 2602 2603 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 2604 struct ieee80211_mgmt *mgmt, 2605 size_t len) 2606 { 2607 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2608 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2609 u16 capab_info, status_code, aid; 2610 struct ieee802_11_elems elems; 2611 u8 *pos; 2612 bool reassoc; 2613 struct cfg80211_bss *bss; 2614 2615 sdata_assert_lock(sdata); 2616 2617 if (!assoc_data) 2618 return; 2619 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 2620 return; 2621 2622 /* 2623 * AssocResp and ReassocResp have identical structure, so process both 2624 * of them in this function. 2625 */ 2626 2627 if (len < 24 + 6) 2628 return; 2629 2630 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 2631 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2632 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2633 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2634 2635 sdata_info(sdata, 2636 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 2637 reassoc ? "Rea" : "A", mgmt->sa, 2638 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2639 2640 pos = mgmt->u.assoc_resp.variable; 2641 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2642 2643 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2644 elems.timeout_int && 2645 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2646 u32 tu, ms; 2647 tu = le32_to_cpu(elems.timeout_int->value); 2648 ms = tu * 1024 / 1000; 2649 sdata_info(sdata, 2650 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2651 mgmt->sa, tu, ms); 2652 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 2653 assoc_data->timeout_started = true; 2654 if (ms > IEEE80211_ASSOC_TIMEOUT) 2655 run_again(sdata, assoc_data->timeout); 2656 return; 2657 } 2658 2659 bss = assoc_data->bss; 2660 2661 if (status_code != WLAN_STATUS_SUCCESS) { 2662 sdata_info(sdata, "%pM denied association (code=%d)\n", 2663 mgmt->sa, status_code); 2664 ieee80211_destroy_assoc_data(sdata, false); 2665 } else { 2666 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) { 2667 /* oops -- internal error -- send timeout for now */ 2668 ieee80211_destroy_assoc_data(sdata, false); 2669 cfg80211_assoc_timeout(sdata->dev, bss); 2670 return; 2671 } 2672 sdata_info(sdata, "associated\n"); 2673 2674 /* 2675 * destroy assoc_data afterwards, as otherwise an idle 2676 * recalc after assoc_data is NULL but before associated 2677 * is set can cause the interface to go idle 2678 */ 2679 ieee80211_destroy_assoc_data(sdata, true); 2680 } 2681 2682 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len); 2683 } 2684 2685 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2686 struct ieee80211_mgmt *mgmt, size_t len, 2687 struct ieee80211_rx_status *rx_status, 2688 struct ieee802_11_elems *elems) 2689 { 2690 struct ieee80211_local *local = sdata->local; 2691 int freq; 2692 struct ieee80211_bss *bss; 2693 struct ieee80211_channel *channel; 2694 2695 sdata_assert_lock(sdata); 2696 2697 if (elems->ds_params) 2698 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2699 rx_status->band); 2700 else 2701 freq = rx_status->freq; 2702 2703 channel = ieee80211_get_channel(local->hw.wiphy, freq); 2704 2705 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 2706 return; 2707 2708 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 2709 channel); 2710 if (bss) { 2711 ieee80211_rx_bss_put(local, bss); 2712 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; 2713 } 2714 } 2715 2716 2717 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 2718 struct sk_buff *skb) 2719 { 2720 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2721 struct ieee80211_if_managed *ifmgd; 2722 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 2723 size_t baselen, len = skb->len; 2724 struct ieee802_11_elems elems; 2725 2726 ifmgd = &sdata->u.mgd; 2727 2728 sdata_assert_lock(sdata); 2729 2730 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 2731 return; /* ignore ProbeResp to foreign address */ 2732 2733 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2734 if (baselen > len) 2735 return; 2736 2737 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2738 false, &elems); 2739 2740 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2741 2742 if (ifmgd->associated && 2743 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2744 ieee80211_reset_ap_probe(sdata); 2745 2746 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 2747 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 2748 /* got probe response, continue with auth */ 2749 sdata_info(sdata, "direct probe responded\n"); 2750 ifmgd->auth_data->tries = 0; 2751 ifmgd->auth_data->timeout = jiffies; 2752 ifmgd->auth_data->timeout_started = true; 2753 run_again(sdata, ifmgd->auth_data->timeout); 2754 } 2755 } 2756 2757 /* 2758 * This is the canonical list of information elements we care about, 2759 * the filter code also gives us all changes to the Microsoft OUI 2760 * (00:50:F2) vendor IE which is used for WMM which we need to track. 2761 * 2762 * We implement beacon filtering in software since that means we can 2763 * avoid processing the frame here and in cfg80211, and userspace 2764 * will not be able to tell whether the hardware supports it or not. 2765 * 2766 * XXX: This list needs to be dynamic -- userspace needs to be able to 2767 * add items it requires. It also needs to be able to tell us to 2768 * look out for other vendor IEs. 2769 */ 2770 static const u64 care_about_ies = 2771 (1ULL << WLAN_EID_COUNTRY) | 2772 (1ULL << WLAN_EID_ERP_INFO) | 2773 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 2774 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 2775 (1ULL << WLAN_EID_HT_CAPABILITY) | 2776 (1ULL << WLAN_EID_HT_OPERATION); 2777 2778 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 2779 struct ieee80211_mgmt *mgmt, size_t len, 2780 struct ieee80211_rx_status *rx_status) 2781 { 2782 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2783 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2784 size_t baselen; 2785 struct ieee802_11_elems elems; 2786 struct ieee80211_local *local = sdata->local; 2787 struct ieee80211_chanctx_conf *chanctx_conf; 2788 struct ieee80211_channel *chan; 2789 struct sta_info *sta; 2790 u32 changed = 0; 2791 bool erp_valid; 2792 u8 erp_value = 0; 2793 u32 ncrc; 2794 u8 *bssid; 2795 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2796 2797 sdata_assert_lock(sdata); 2798 2799 /* Process beacon from the current BSS */ 2800 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2801 if (baselen > len) 2802 return; 2803 2804 rcu_read_lock(); 2805 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 2806 if (!chanctx_conf) { 2807 rcu_read_unlock(); 2808 return; 2809 } 2810 2811 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 2812 rcu_read_unlock(); 2813 return; 2814 } 2815 chan = chanctx_conf->def.chan; 2816 rcu_read_unlock(); 2817 2818 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 2819 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2820 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2821 len - baselen, false, &elems); 2822 2823 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2824 if (elems.tim && !elems.parse_error) { 2825 const struct ieee80211_tim_ie *tim_ie = elems.tim; 2826 ifmgd->dtim_period = tim_ie->dtim_period; 2827 } 2828 ifmgd->have_beacon = true; 2829 ifmgd->assoc_data->need_beacon = false; 2830 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2831 sdata->vif.bss_conf.sync_tsf = 2832 le64_to_cpu(mgmt->u.beacon.timestamp); 2833 sdata->vif.bss_conf.sync_device_ts = 2834 rx_status->device_timestamp; 2835 if (elems.tim) 2836 sdata->vif.bss_conf.sync_dtim_count = 2837 elems.tim->dtim_count; 2838 else 2839 sdata->vif.bss_conf.sync_dtim_count = 0; 2840 } 2841 /* continue assoc process */ 2842 ifmgd->assoc_data->timeout = jiffies; 2843 ifmgd->assoc_data->timeout_started = true; 2844 run_again(sdata, ifmgd->assoc_data->timeout); 2845 return; 2846 } 2847 2848 if (!ifmgd->associated || 2849 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2850 return; 2851 bssid = ifmgd->associated->bssid; 2852 2853 /* Track average RSSI from the Beacon frames of the current AP */ 2854 ifmgd->last_beacon_signal = rx_status->signal; 2855 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 2856 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 2857 ifmgd->ave_beacon_signal = rx_status->signal * 16; 2858 ifmgd->last_cqm_event_signal = 0; 2859 ifmgd->count_beacon_signal = 1; 2860 ifmgd->last_ave_beacon_signal = 0; 2861 } else { 2862 ifmgd->ave_beacon_signal = 2863 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 2864 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 2865 ifmgd->ave_beacon_signal) / 16; 2866 ifmgd->count_beacon_signal++; 2867 } 2868 2869 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 2870 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 2871 int sig = ifmgd->ave_beacon_signal; 2872 int last_sig = ifmgd->last_ave_beacon_signal; 2873 2874 /* 2875 * if signal crosses either of the boundaries, invoke callback 2876 * with appropriate parameters 2877 */ 2878 if (sig > ifmgd->rssi_max_thold && 2879 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 2880 ifmgd->last_ave_beacon_signal = sig; 2881 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH); 2882 } else if (sig < ifmgd->rssi_min_thold && 2883 (last_sig >= ifmgd->rssi_max_thold || 2884 last_sig == 0)) { 2885 ifmgd->last_ave_beacon_signal = sig; 2886 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW); 2887 } 2888 } 2889 2890 if (bss_conf->cqm_rssi_thold && 2891 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 2892 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 2893 int sig = ifmgd->ave_beacon_signal / 16; 2894 int last_event = ifmgd->last_cqm_event_signal; 2895 int thold = bss_conf->cqm_rssi_thold; 2896 int hyst = bss_conf->cqm_rssi_hyst; 2897 if (sig < thold && 2898 (last_event == 0 || sig < last_event - hyst)) { 2899 ifmgd->last_cqm_event_signal = sig; 2900 ieee80211_cqm_rssi_notify( 2901 &sdata->vif, 2902 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 2903 GFP_KERNEL); 2904 } else if (sig > thold && 2905 (last_event == 0 || sig > last_event + hyst)) { 2906 ifmgd->last_cqm_event_signal = sig; 2907 ieee80211_cqm_rssi_notify( 2908 &sdata->vif, 2909 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 2910 GFP_KERNEL); 2911 } 2912 } 2913 2914 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) { 2915 mlme_dbg_ratelimited(sdata, 2916 "cancelling AP probe due to a received beacon\n"); 2917 ieee80211_reset_ap_probe(sdata); 2918 } 2919 2920 /* 2921 * Push the beacon loss detection into the future since 2922 * we are processing a beacon from the AP just now. 2923 */ 2924 ieee80211_sta_reset_beacon_monitor(sdata); 2925 2926 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 2927 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 2928 len - baselen, false, &elems, 2929 care_about_ies, ncrc); 2930 2931 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 2932 bool directed_tim = ieee80211_check_tim(elems.tim, 2933 elems.tim_len, 2934 ifmgd->aid); 2935 if (directed_tim) { 2936 if (local->hw.conf.dynamic_ps_timeout > 0) { 2937 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 2938 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 2939 ieee80211_hw_config(local, 2940 IEEE80211_CONF_CHANGE_PS); 2941 } 2942 ieee80211_send_nullfunc(local, sdata, 0); 2943 } else if (!local->pspolling && sdata->u.mgd.powersave) { 2944 local->pspolling = true; 2945 2946 /* 2947 * Here is assumed that the driver will be 2948 * able to send ps-poll frame and receive a 2949 * response even though power save mode is 2950 * enabled, but some drivers might require 2951 * to disable power save here. This needs 2952 * to be investigated. 2953 */ 2954 ieee80211_send_pspoll(local, sdata); 2955 } 2956 } 2957 } 2958 2959 if (sdata->vif.p2p) { 2960 struct ieee80211_p2p_noa_attr noa = {}; 2961 int ret; 2962 2963 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 2964 len - baselen, 2965 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 2966 (u8 *) &noa, sizeof(noa)); 2967 if (ret >= 2) { 2968 if (sdata->u.mgd.p2p_noa_index != noa.index) { 2969 /* valid noa_attr and index changed */ 2970 sdata->u.mgd.p2p_noa_index = noa.index; 2971 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 2972 changed |= BSS_CHANGED_P2P_PS; 2973 /* 2974 * make sure we update all information, the CRC 2975 * mechanism doesn't look at P2P attributes. 2976 */ 2977 ifmgd->beacon_crc_valid = false; 2978 } 2979 } else if (sdata->u.mgd.p2p_noa_index != -1) { 2980 /* noa_attr not found and we had valid noa_attr before */ 2981 sdata->u.mgd.p2p_noa_index = -1; 2982 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 2983 changed |= BSS_CHANGED_P2P_PS; 2984 ifmgd->beacon_crc_valid = false; 2985 } 2986 } 2987 2988 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 2989 return; 2990 ifmgd->beacon_crc = ncrc; 2991 ifmgd->beacon_crc_valid = true; 2992 2993 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2994 2995 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 2996 &elems, true); 2997 2998 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && 2999 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 3000 elems.wmm_param_len)) 3001 changed |= BSS_CHANGED_QOS; 3002 3003 /* 3004 * If we haven't had a beacon before, tell the driver about the 3005 * DTIM period (and beacon timing if desired) now. 3006 */ 3007 if (!ifmgd->have_beacon) { 3008 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 3009 if (elems.tim) 3010 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 3011 else 3012 bss_conf->dtim_period = 1; 3013 3014 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3015 sdata->vif.bss_conf.sync_tsf = 3016 le64_to_cpu(mgmt->u.beacon.timestamp); 3017 sdata->vif.bss_conf.sync_device_ts = 3018 rx_status->device_timestamp; 3019 if (elems.tim) 3020 sdata->vif.bss_conf.sync_dtim_count = 3021 elems.tim->dtim_count; 3022 else 3023 sdata->vif.bss_conf.sync_dtim_count = 0; 3024 } 3025 3026 changed |= BSS_CHANGED_BEACON_INFO; 3027 ifmgd->have_beacon = true; 3028 3029 mutex_lock(&local->iflist_mtx); 3030 ieee80211_recalc_ps(local, -1); 3031 mutex_unlock(&local->iflist_mtx); 3032 3033 ieee80211_recalc_ps_vif(sdata); 3034 } 3035 3036 if (elems.erp_info) { 3037 erp_valid = true; 3038 erp_value = elems.erp_info[0]; 3039 } else { 3040 erp_valid = false; 3041 } 3042 changed |= ieee80211_handle_bss_capability(sdata, 3043 le16_to_cpu(mgmt->u.beacon.capab_info), 3044 erp_valid, erp_value); 3045 3046 mutex_lock(&local->sta_mtx); 3047 sta = sta_info_get(sdata, bssid); 3048 3049 if (ieee80211_config_bw(sdata, sta, elems.ht_operation, 3050 elems.vht_operation, bssid, &changed)) { 3051 mutex_unlock(&local->sta_mtx); 3052 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3053 WLAN_REASON_DEAUTH_LEAVING, 3054 true, deauth_buf); 3055 cfg80211_tx_mlme_mgmt(sdata->dev, deauth_buf, 3056 sizeof(deauth_buf)); 3057 return; 3058 } 3059 3060 if (sta && elems.opmode_notif) 3061 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3062 rx_status->band, true); 3063 mutex_unlock(&local->sta_mtx); 3064 3065 if (elems.country_elem && elems.pwr_constr_elem && 3066 mgmt->u.probe_resp.capab_info & 3067 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) 3068 changed |= ieee80211_handle_pwr_constr(sdata, chan, 3069 elems.country_elem, 3070 elems.country_elem_len, 3071 elems.pwr_constr_elem); 3072 3073 ieee80211_bss_info_change_notify(sdata, changed); 3074 } 3075 3076 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3077 struct sk_buff *skb) 3078 { 3079 struct ieee80211_rx_status *rx_status; 3080 struct ieee80211_mgmt *mgmt; 3081 u16 fc; 3082 struct ieee802_11_elems elems; 3083 int ies_len; 3084 3085 rx_status = (struct ieee80211_rx_status *) skb->cb; 3086 mgmt = (struct ieee80211_mgmt *) skb->data; 3087 fc = le16_to_cpu(mgmt->frame_control); 3088 3089 sdata_lock(sdata); 3090 3091 switch (fc & IEEE80211_FCTL_STYPE) { 3092 case IEEE80211_STYPE_BEACON: 3093 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status); 3094 break; 3095 case IEEE80211_STYPE_PROBE_RESP: 3096 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3097 break; 3098 case IEEE80211_STYPE_AUTH: 3099 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3100 break; 3101 case IEEE80211_STYPE_DEAUTH: 3102 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3103 break; 3104 case IEEE80211_STYPE_DISASSOC: 3105 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3106 break; 3107 case IEEE80211_STYPE_ASSOC_RESP: 3108 case IEEE80211_STYPE_REASSOC_RESP: 3109 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 3110 break; 3111 case IEEE80211_STYPE_ACTION: 3112 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 3113 ies_len = skb->len - 3114 offsetof(struct ieee80211_mgmt, 3115 u.action.u.chan_switch.variable); 3116 3117 if (ies_len < 0) 3118 break; 3119 3120 ieee802_11_parse_elems( 3121 mgmt->u.action.u.chan_switch.variable, 3122 ies_len, true, &elems); 3123 3124 if (elems.parse_error) 3125 break; 3126 3127 ieee80211_sta_process_chanswitch(sdata, 3128 rx_status->mactime, 3129 &elems, false); 3130 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3131 ies_len = skb->len - 3132 offsetof(struct ieee80211_mgmt, 3133 u.action.u.ext_chan_switch.variable); 3134 3135 if (ies_len < 0) 3136 break; 3137 3138 ieee802_11_parse_elems( 3139 mgmt->u.action.u.ext_chan_switch.variable, 3140 ies_len, true, &elems); 3141 3142 if (elems.parse_error) 3143 break; 3144 3145 /* for the handling code pretend this was also an IE */ 3146 elems.ext_chansw_ie = 3147 &mgmt->u.action.u.ext_chan_switch.data; 3148 3149 ieee80211_sta_process_chanswitch(sdata, 3150 rx_status->mactime, 3151 &elems, false); 3152 } 3153 break; 3154 } 3155 sdata_unlock(sdata); 3156 } 3157 3158 static void ieee80211_sta_timer(unsigned long data) 3159 { 3160 struct ieee80211_sub_if_data *sdata = 3161 (struct ieee80211_sub_if_data *) data; 3162 3163 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3164 } 3165 3166 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3167 u8 *bssid, u8 reason, bool tx) 3168 { 3169 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3170 3171 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3172 tx, frame_buf); 3173 3174 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3175 IEEE80211_DEAUTH_FRAME_LEN); 3176 } 3177 3178 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3179 { 3180 struct ieee80211_local *local = sdata->local; 3181 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3182 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3183 u32 tx_flags = 0; 3184 3185 sdata_assert_lock(sdata); 3186 3187 if (WARN_ON_ONCE(!auth_data)) 3188 return -EINVAL; 3189 3190 auth_data->tries++; 3191 3192 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3193 sdata_info(sdata, "authentication with %pM timed out\n", 3194 auth_data->bss->bssid); 3195 3196 /* 3197 * Most likely AP is not in the range so remove the 3198 * bss struct for that AP. 3199 */ 3200 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3201 3202 return -ETIMEDOUT; 3203 } 3204 3205 drv_mgd_prepare_tx(local, sdata); 3206 3207 if (auth_data->bss->proberesp_ies) { 3208 u16 trans = 1; 3209 u16 status = 0; 3210 3211 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3212 auth_data->bss->bssid, auth_data->tries, 3213 IEEE80211_AUTH_MAX_TRIES); 3214 3215 auth_data->expected_transaction = 2; 3216 3217 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3218 trans = auth_data->sae_trans; 3219 status = auth_data->sae_status; 3220 auth_data->expected_transaction = trans; 3221 } 3222 3223 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3224 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3225 IEEE80211_TX_INTFL_MLME_CONN_TX; 3226 3227 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3228 auth_data->data, auth_data->data_len, 3229 auth_data->bss->bssid, 3230 auth_data->bss->bssid, NULL, 0, 0, 3231 tx_flags); 3232 } else { 3233 const u8 *ssidie; 3234 3235 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3236 auth_data->bss->bssid, auth_data->tries, 3237 IEEE80211_AUTH_MAX_TRIES); 3238 3239 rcu_read_lock(); 3240 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3241 if (!ssidie) { 3242 rcu_read_unlock(); 3243 return -EINVAL; 3244 } 3245 /* 3246 * Direct probe is sent to broadcast address as some APs 3247 * will not answer to direct packet in unassociated state. 3248 */ 3249 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 3250 NULL, 0, (u32) -1, true, 0, 3251 auth_data->bss->channel, false); 3252 rcu_read_unlock(); 3253 } 3254 3255 if (tx_flags == 0) { 3256 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3257 auth_data->timeout_started = true; 3258 run_again(sdata, auth_data->timeout); 3259 } else { 3260 auth_data->timeout = 3261 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); 3262 auth_data->timeout_started = true; 3263 run_again(sdata, auth_data->timeout); 3264 } 3265 3266 return 0; 3267 } 3268 3269 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3270 { 3271 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3272 struct ieee80211_local *local = sdata->local; 3273 3274 sdata_assert_lock(sdata); 3275 3276 assoc_data->tries++; 3277 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3278 sdata_info(sdata, "association with %pM timed out\n", 3279 assoc_data->bss->bssid); 3280 3281 /* 3282 * Most likely AP is not in the range so remove the 3283 * bss struct for that AP. 3284 */ 3285 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3286 3287 return -ETIMEDOUT; 3288 } 3289 3290 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3291 assoc_data->bss->bssid, assoc_data->tries, 3292 IEEE80211_ASSOC_MAX_TRIES); 3293 ieee80211_send_assoc(sdata); 3294 3295 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3296 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3297 assoc_data->timeout_started = true; 3298 run_again(sdata, assoc_data->timeout); 3299 } else { 3300 assoc_data->timeout = 3301 round_jiffies_up(jiffies + 3302 IEEE80211_ASSOC_TIMEOUT_LONG); 3303 assoc_data->timeout_started = true; 3304 run_again(sdata, assoc_data->timeout); 3305 } 3306 3307 return 0; 3308 } 3309 3310 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3311 __le16 fc, bool acked) 3312 { 3313 struct ieee80211_local *local = sdata->local; 3314 3315 sdata->u.mgd.status_fc = fc; 3316 sdata->u.mgd.status_acked = acked; 3317 sdata->u.mgd.status_received = true; 3318 3319 ieee80211_queue_work(&local->hw, &sdata->work); 3320 } 3321 3322 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3323 { 3324 struct ieee80211_local *local = sdata->local; 3325 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3326 3327 sdata_lock(sdata); 3328 3329 if (ifmgd->status_received) { 3330 __le16 fc = ifmgd->status_fc; 3331 bool status_acked = ifmgd->status_acked; 3332 3333 ifmgd->status_received = false; 3334 if (ifmgd->auth_data && 3335 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3336 if (status_acked) { 3337 ifmgd->auth_data->timeout = 3338 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3339 run_again(sdata, ifmgd->auth_data->timeout); 3340 } else { 3341 ifmgd->auth_data->timeout = jiffies - 1; 3342 } 3343 ifmgd->auth_data->timeout_started = true; 3344 } else if (ifmgd->assoc_data && 3345 (ieee80211_is_assoc_req(fc) || 3346 ieee80211_is_reassoc_req(fc))) { 3347 if (status_acked) { 3348 ifmgd->assoc_data->timeout = 3349 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3350 run_again(sdata, ifmgd->assoc_data->timeout); 3351 } else { 3352 ifmgd->assoc_data->timeout = jiffies - 1; 3353 } 3354 ifmgd->assoc_data->timeout_started = true; 3355 } 3356 } 3357 3358 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3359 time_after(jiffies, ifmgd->auth_data->timeout)) { 3360 if (ifmgd->auth_data->done) { 3361 /* 3362 * ok ... we waited for assoc but userspace didn't, 3363 * so let's just kill the auth data 3364 */ 3365 ieee80211_destroy_auth_data(sdata, false); 3366 } else if (ieee80211_probe_auth(sdata)) { 3367 u8 bssid[ETH_ALEN]; 3368 3369 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3370 3371 ieee80211_destroy_auth_data(sdata, false); 3372 3373 cfg80211_auth_timeout(sdata->dev, bssid); 3374 } 3375 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3376 run_again(sdata, ifmgd->auth_data->timeout); 3377 3378 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3379 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3380 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) || 3381 ieee80211_do_assoc(sdata)) { 3382 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 3383 3384 ieee80211_destroy_assoc_data(sdata, false); 3385 cfg80211_assoc_timeout(sdata->dev, bss); 3386 } 3387 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3388 run_again(sdata, ifmgd->assoc_data->timeout); 3389 3390 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL && 3391 ifmgd->associated) { 3392 u8 bssid[ETH_ALEN]; 3393 int max_tries; 3394 3395 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3396 3397 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3398 max_tries = max_nullfunc_tries; 3399 else 3400 max_tries = max_probe_tries; 3401 3402 /* ACK received for nullfunc probing frame */ 3403 if (!ifmgd->probe_send_count) 3404 ieee80211_reset_ap_probe(sdata); 3405 else if (ifmgd->nullfunc_failed) { 3406 if (ifmgd->probe_send_count < max_tries) { 3407 mlme_dbg(sdata, 3408 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3409 bssid, ifmgd->probe_send_count, 3410 max_tries); 3411 ieee80211_mgd_probe_ap_send(sdata); 3412 } else { 3413 mlme_dbg(sdata, 3414 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3415 bssid); 3416 ieee80211_sta_connection_lost(sdata, bssid, 3417 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3418 false); 3419 } 3420 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3421 run_again(sdata, ifmgd->probe_timeout); 3422 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3423 mlme_dbg(sdata, 3424 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3425 bssid, probe_wait_ms); 3426 ieee80211_sta_connection_lost(sdata, bssid, 3427 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3428 } else if (ifmgd->probe_send_count < max_tries) { 3429 mlme_dbg(sdata, 3430 "No probe response from AP %pM after %dms, try %d/%i\n", 3431 bssid, probe_wait_ms, 3432 ifmgd->probe_send_count, max_tries); 3433 ieee80211_mgd_probe_ap_send(sdata); 3434 } else { 3435 /* 3436 * We actually lost the connection ... or did we? 3437 * Let's make sure! 3438 */ 3439 wiphy_debug(local->hw.wiphy, 3440 "%s: No probe response from AP %pM" 3441 " after %dms, disconnecting.\n", 3442 sdata->name, 3443 bssid, probe_wait_ms); 3444 3445 ieee80211_sta_connection_lost(sdata, bssid, 3446 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3447 } 3448 } 3449 3450 sdata_unlock(sdata); 3451 } 3452 3453 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3454 { 3455 struct ieee80211_sub_if_data *sdata = 3456 (struct ieee80211_sub_if_data *) data; 3457 struct ieee80211_local *local = sdata->local; 3458 3459 if (local->quiescing) 3460 return; 3461 3462 sdata->u.mgd.connection_loss = false; 3463 ieee80211_queue_work(&sdata->local->hw, 3464 &sdata->u.mgd.beacon_connection_loss_work); 3465 } 3466 3467 static void ieee80211_sta_conn_mon_timer(unsigned long data) 3468 { 3469 struct ieee80211_sub_if_data *sdata = 3470 (struct ieee80211_sub_if_data *) data; 3471 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3472 struct ieee80211_local *local = sdata->local; 3473 3474 if (local->quiescing) 3475 return; 3476 3477 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3478 } 3479 3480 static void ieee80211_sta_monitor_work(struct work_struct *work) 3481 { 3482 struct ieee80211_sub_if_data *sdata = 3483 container_of(work, struct ieee80211_sub_if_data, 3484 u.mgd.monitor_work); 3485 3486 ieee80211_mgd_probe_ap(sdata, false); 3487 } 3488 3489 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3490 { 3491 u32 flags; 3492 3493 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3494 __ieee80211_stop_poll(sdata); 3495 3496 /* let's probe the connection once */ 3497 flags = sdata->local->hw.flags; 3498 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 3499 ieee80211_queue_work(&sdata->local->hw, 3500 &sdata->u.mgd.monitor_work); 3501 /* and do all the other regular work too */ 3502 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3503 } 3504 } 3505 3506 #ifdef CONFIG_PM 3507 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 3508 { 3509 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3510 3511 sdata_lock(sdata); 3512 if (!ifmgd->associated) { 3513 sdata_unlock(sdata); 3514 return; 3515 } 3516 3517 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 3518 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 3519 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 3520 ieee80211_sta_connection_lost(sdata, 3521 ifmgd->associated->bssid, 3522 WLAN_REASON_UNSPECIFIED, 3523 true); 3524 sdata_unlock(sdata); 3525 return; 3526 } 3527 sdata_unlock(sdata); 3528 } 3529 #endif 3530 3531 /* interface setup */ 3532 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3533 { 3534 struct ieee80211_if_managed *ifmgd; 3535 3536 ifmgd = &sdata->u.mgd; 3537 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3538 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3539 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3540 ieee80211_beacon_connection_loss_work); 3541 INIT_WORK(&ifmgd->csa_connection_drop_work, 3542 ieee80211_csa_connection_drop_work); 3543 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work); 3544 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3545 (unsigned long) sdata); 3546 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3547 (unsigned long) sdata); 3548 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3549 (unsigned long) sdata); 3550 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 3551 (unsigned long) sdata); 3552 3553 ifmgd->flags = 0; 3554 ifmgd->powersave = sdata->wdev.ps; 3555 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 3556 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 3557 ifmgd->p2p_noa_index = -1; 3558 3559 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 3560 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 3561 else 3562 ifmgd->req_smps = IEEE80211_SMPS_OFF; 3563 } 3564 3565 /* scan finished notification */ 3566 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 3567 { 3568 struct ieee80211_sub_if_data *sdata; 3569 3570 /* Restart STA timers */ 3571 rcu_read_lock(); 3572 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 3573 if (ieee80211_sdata_running(sdata)) 3574 ieee80211_restart_sta_timer(sdata); 3575 } 3576 rcu_read_unlock(); 3577 } 3578 3579 int ieee80211_max_network_latency(struct notifier_block *nb, 3580 unsigned long data, void *dummy) 3581 { 3582 s32 latency_usec = (s32) data; 3583 struct ieee80211_local *local = 3584 container_of(nb, struct ieee80211_local, 3585 network_latency_notifier); 3586 3587 mutex_lock(&local->iflist_mtx); 3588 ieee80211_recalc_ps(local, latency_usec); 3589 mutex_unlock(&local->iflist_mtx); 3590 3591 return 0; 3592 } 3593 3594 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 3595 struct cfg80211_bss *cbss) 3596 { 3597 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3598 const u8 *ht_cap_ie, *vht_cap_ie; 3599 const struct ieee80211_ht_cap *ht_cap; 3600 const struct ieee80211_vht_cap *vht_cap; 3601 u8 chains = 1; 3602 3603 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 3604 return chains; 3605 3606 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3607 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 3608 ht_cap = (void *)(ht_cap_ie + 2); 3609 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 3610 /* 3611 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 3612 * "Tx Unequal Modulation Supported" fields. 3613 */ 3614 } 3615 3616 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 3617 return chains; 3618 3619 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3620 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 3621 u8 nss; 3622 u16 tx_mcs_map; 3623 3624 vht_cap = (void *)(vht_cap_ie + 2); 3625 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 3626 for (nss = 8; nss > 0; nss--) { 3627 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 3628 IEEE80211_VHT_MCS_NOT_SUPPORTED) 3629 break; 3630 } 3631 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 3632 chains = max(chains, nss); 3633 } 3634 3635 return chains; 3636 } 3637 3638 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 3639 struct cfg80211_bss *cbss) 3640 { 3641 struct ieee80211_local *local = sdata->local; 3642 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3643 const struct ieee80211_ht_operation *ht_oper = NULL; 3644 const struct ieee80211_vht_operation *vht_oper = NULL; 3645 struct ieee80211_supported_band *sband; 3646 struct cfg80211_chan_def chandef; 3647 int ret; 3648 3649 sband = local->hw.wiphy->bands[cbss->channel->band]; 3650 3651 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 3652 IEEE80211_STA_DISABLE_80P80MHZ | 3653 IEEE80211_STA_DISABLE_160MHZ); 3654 3655 rcu_read_lock(); 3656 3657 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 3658 sband->ht_cap.ht_supported) { 3659 const u8 *ht_oper_ie, *ht_cap; 3660 3661 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 3662 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 3663 ht_oper = (void *)(ht_oper_ie + 2); 3664 3665 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3666 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) { 3667 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3668 ht_oper = NULL; 3669 } 3670 } 3671 3672 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 3673 sband->vht_cap.vht_supported) { 3674 const u8 *vht_oper_ie, *vht_cap; 3675 3676 vht_oper_ie = ieee80211_bss_get_ie(cbss, 3677 WLAN_EID_VHT_OPERATION); 3678 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 3679 vht_oper = (void *)(vht_oper_ie + 2); 3680 if (vht_oper && !ht_oper) { 3681 vht_oper = NULL; 3682 sdata_info(sdata, 3683 "AP advertised VHT without HT, disabling both\n"); 3684 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3685 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3686 } 3687 3688 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3689 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 3690 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3691 vht_oper = NULL; 3692 } 3693 } 3694 3695 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 3696 cbss->channel, 3697 ht_oper, vht_oper, 3698 &chandef, false); 3699 3700 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 3701 local->rx_chains); 3702 3703 rcu_read_unlock(); 3704 3705 /* will change later if needed */ 3706 sdata->smps_mode = IEEE80211_SMPS_OFF; 3707 3708 mutex_lock(&local->mtx); 3709 /* 3710 * If this fails (possibly due to channel context sharing 3711 * on incompatible channels, e.g. 80+80 and 160 sharing the 3712 * same control channel) try to use a smaller bandwidth. 3713 */ 3714 ret = ieee80211_vif_use_channel(sdata, &chandef, 3715 IEEE80211_CHANCTX_SHARED); 3716 3717 /* don't downgrade for 5 and 10 MHz channels, though. */ 3718 if (chandef.width == NL80211_CHAN_WIDTH_5 || 3719 chandef.width == NL80211_CHAN_WIDTH_10) 3720 goto out; 3721 3722 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 3723 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef); 3724 ret = ieee80211_vif_use_channel(sdata, &chandef, 3725 IEEE80211_CHANCTX_SHARED); 3726 } 3727 out: 3728 mutex_unlock(&local->mtx); 3729 return ret; 3730 } 3731 3732 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3733 struct cfg80211_bss *cbss, bool assoc) 3734 { 3735 struct ieee80211_local *local = sdata->local; 3736 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3737 struct ieee80211_bss *bss = (void *)cbss->priv; 3738 struct sta_info *new_sta = NULL; 3739 bool have_sta = false; 3740 int err; 3741 3742 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 3743 return -EINVAL; 3744 3745 if (assoc) { 3746 rcu_read_lock(); 3747 have_sta = sta_info_get(sdata, cbss->bssid); 3748 rcu_read_unlock(); 3749 } 3750 3751 if (!have_sta) { 3752 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 3753 if (!new_sta) 3754 return -ENOMEM; 3755 } 3756 if (new_sta) { 3757 u32 rates = 0, basic_rates = 0; 3758 bool have_higher_than_11mbit; 3759 int min_rate = INT_MAX, min_rate_index = -1; 3760 struct ieee80211_chanctx_conf *chanctx_conf; 3761 struct ieee80211_supported_band *sband; 3762 const struct cfg80211_bss_ies *ies; 3763 int shift; 3764 u32 rate_flags; 3765 3766 sband = local->hw.wiphy->bands[cbss->channel->band]; 3767 3768 err = ieee80211_prep_channel(sdata, cbss); 3769 if (err) { 3770 sta_info_free(local, new_sta); 3771 return -EINVAL; 3772 } 3773 shift = ieee80211_vif_get_shift(&sdata->vif); 3774 3775 rcu_read_lock(); 3776 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 3777 if (WARN_ON(!chanctx_conf)) { 3778 rcu_read_unlock(); 3779 sta_info_free(local, new_sta); 3780 return -EINVAL; 3781 } 3782 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 3783 rcu_read_unlock(); 3784 3785 ieee80211_get_rates(sband, bss->supp_rates, 3786 bss->supp_rates_len, 3787 &rates, &basic_rates, 3788 &have_higher_than_11mbit, 3789 &min_rate, &min_rate_index, 3790 shift, rate_flags); 3791 3792 /* 3793 * This used to be a workaround for basic rates missing 3794 * in the association response frame. Now that we no 3795 * longer use the basic rates from there, it probably 3796 * doesn't happen any more, but keep the workaround so 3797 * in case some *other* APs are buggy in different ways 3798 * we can connect -- with a warning. 3799 */ 3800 if (!basic_rates && min_rate_index >= 0) { 3801 sdata_info(sdata, 3802 "No basic rates, using min rate instead\n"); 3803 basic_rates = BIT(min_rate_index); 3804 } 3805 3806 new_sta->sta.supp_rates[cbss->channel->band] = rates; 3807 sdata->vif.bss_conf.basic_rates = basic_rates; 3808 3809 /* cf. IEEE 802.11 9.2.12 */ 3810 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 3811 have_higher_than_11mbit) 3812 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 3813 else 3814 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 3815 3816 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3817 3818 /* set timing information */ 3819 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 3820 rcu_read_lock(); 3821 ies = rcu_dereference(cbss->beacon_ies); 3822 if (ies) { 3823 const u8 *tim_ie; 3824 3825 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3826 sdata->vif.bss_conf.sync_device_ts = 3827 bss->device_ts_beacon; 3828 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 3829 ies->data, ies->len); 3830 if (tim_ie && tim_ie[1] >= 2) 3831 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 3832 else 3833 sdata->vif.bss_conf.sync_dtim_count = 0; 3834 } else if (!(local->hw.flags & 3835 IEEE80211_HW_TIMING_BEACON_ONLY)) { 3836 ies = rcu_dereference(cbss->proberesp_ies); 3837 /* must be non-NULL since beacon IEs were NULL */ 3838 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3839 sdata->vif.bss_conf.sync_device_ts = 3840 bss->device_ts_presp; 3841 sdata->vif.bss_conf.sync_dtim_count = 0; 3842 } else { 3843 sdata->vif.bss_conf.sync_tsf = 0; 3844 sdata->vif.bss_conf.sync_device_ts = 0; 3845 sdata->vif.bss_conf.sync_dtim_count = 0; 3846 } 3847 rcu_read_unlock(); 3848 3849 /* tell driver about BSSID, basic rates and timing */ 3850 ieee80211_bss_info_change_notify(sdata, 3851 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 3852 BSS_CHANGED_BEACON_INT); 3853 3854 if (assoc) 3855 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 3856 3857 err = sta_info_insert(new_sta); 3858 new_sta = NULL; 3859 if (err) { 3860 sdata_info(sdata, 3861 "failed to insert STA entry for the AP (error %d)\n", 3862 err); 3863 return err; 3864 } 3865 } else 3866 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 3867 3868 return 0; 3869 } 3870 3871 /* config hooks */ 3872 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 3873 struct cfg80211_auth_request *req) 3874 { 3875 struct ieee80211_local *local = sdata->local; 3876 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3877 struct ieee80211_mgd_auth_data *auth_data; 3878 u16 auth_alg; 3879 int err; 3880 3881 /* prepare auth data structure */ 3882 3883 switch (req->auth_type) { 3884 case NL80211_AUTHTYPE_OPEN_SYSTEM: 3885 auth_alg = WLAN_AUTH_OPEN; 3886 break; 3887 case NL80211_AUTHTYPE_SHARED_KEY: 3888 if (IS_ERR(local->wep_tx_tfm)) 3889 return -EOPNOTSUPP; 3890 auth_alg = WLAN_AUTH_SHARED_KEY; 3891 break; 3892 case NL80211_AUTHTYPE_FT: 3893 auth_alg = WLAN_AUTH_FT; 3894 break; 3895 case NL80211_AUTHTYPE_NETWORK_EAP: 3896 auth_alg = WLAN_AUTH_LEAP; 3897 break; 3898 case NL80211_AUTHTYPE_SAE: 3899 auth_alg = WLAN_AUTH_SAE; 3900 break; 3901 default: 3902 return -EOPNOTSUPP; 3903 } 3904 3905 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 3906 req->ie_len, GFP_KERNEL); 3907 if (!auth_data) 3908 return -ENOMEM; 3909 3910 auth_data->bss = req->bss; 3911 3912 if (req->sae_data_len >= 4) { 3913 __le16 *pos = (__le16 *) req->sae_data; 3914 auth_data->sae_trans = le16_to_cpu(pos[0]); 3915 auth_data->sae_status = le16_to_cpu(pos[1]); 3916 memcpy(auth_data->data, req->sae_data + 4, 3917 req->sae_data_len - 4); 3918 auth_data->data_len += req->sae_data_len - 4; 3919 } 3920 3921 if (req->ie && req->ie_len) { 3922 memcpy(&auth_data->data[auth_data->data_len], 3923 req->ie, req->ie_len); 3924 auth_data->data_len += req->ie_len; 3925 } 3926 3927 if (req->key && req->key_len) { 3928 auth_data->key_len = req->key_len; 3929 auth_data->key_idx = req->key_idx; 3930 memcpy(auth_data->key, req->key, req->key_len); 3931 } 3932 3933 auth_data->algorithm = auth_alg; 3934 3935 /* try to authenticate/probe */ 3936 3937 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 3938 ifmgd->assoc_data) { 3939 err = -EBUSY; 3940 goto err_free; 3941 } 3942 3943 if (ifmgd->auth_data) 3944 ieee80211_destroy_auth_data(sdata, false); 3945 3946 /* prep auth_data so we don't go into idle on disassoc */ 3947 ifmgd->auth_data = auth_data; 3948 3949 if (ifmgd->associated) { 3950 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3951 3952 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3953 WLAN_REASON_UNSPECIFIED, 3954 false, frame_buf); 3955 3956 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3957 sizeof(frame_buf)); 3958 } 3959 3960 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 3961 3962 err = ieee80211_prep_connection(sdata, req->bss, false); 3963 if (err) 3964 goto err_clear; 3965 3966 err = ieee80211_probe_auth(sdata); 3967 if (err) { 3968 sta_info_destroy_addr(sdata, req->bss->bssid); 3969 goto err_clear; 3970 } 3971 3972 /* hold our own reference */ 3973 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 3974 return 0; 3975 3976 err_clear: 3977 memset(ifmgd->bssid, 0, ETH_ALEN); 3978 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 3979 ifmgd->auth_data = NULL; 3980 err_free: 3981 kfree(auth_data); 3982 return err; 3983 } 3984 3985 static bool ieee80211_usable_wmm_params(struct ieee80211_sub_if_data *sdata, 3986 const u8 *wmm_param, int len) 3987 { 3988 const u8 *pos; 3989 size_t left; 3990 3991 if (len < 8) 3992 return false; 3993 3994 if (wmm_param[5] != 1 /* version */) 3995 return false; 3996 3997 pos = wmm_param + 8; 3998 left = len - 8; 3999 4000 for (; left >= 4; left -= 4, pos += 4) { 4001 u8 aifsn = pos[0] & 0x0f; 4002 u8 ecwmin = pos[1] & 0x0f; 4003 u8 ecwmax = (pos[1] & 0xf0) >> 4; 4004 int aci = (pos[0] >> 5) & 0x03; 4005 4006 if (aifsn < 2) { 4007 sdata_info(sdata, 4008 "AP has invalid WMM params (AIFSN=%d for ACI %d), disabling WMM\n", 4009 aifsn, aci); 4010 return false; 4011 } 4012 if (ecwmin > ecwmax) { 4013 sdata_info(sdata, 4014 "AP has invalid WMM params (ECWmin/max=%d/%d for ACI %d), disabling WMM\n", 4015 ecwmin, ecwmax, aci); 4016 return false; 4017 } 4018 } 4019 4020 return true; 4021 } 4022 4023 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 4024 struct cfg80211_assoc_request *req) 4025 { 4026 struct ieee80211_local *local = sdata->local; 4027 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4028 struct ieee80211_bss *bss = (void *)req->bss->priv; 4029 struct ieee80211_mgd_assoc_data *assoc_data; 4030 const struct cfg80211_bss_ies *beacon_ies; 4031 struct ieee80211_supported_band *sband; 4032 const u8 *ssidie, *ht_ie, *vht_ie; 4033 int i, err; 4034 4035 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 4036 if (!assoc_data) 4037 return -ENOMEM; 4038 4039 rcu_read_lock(); 4040 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 4041 if (!ssidie) { 4042 rcu_read_unlock(); 4043 kfree(assoc_data); 4044 return -EINVAL; 4045 } 4046 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4047 assoc_data->ssid_len = ssidie[1]; 4048 rcu_read_unlock(); 4049 4050 if (ifmgd->associated) { 4051 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4052 4053 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4054 WLAN_REASON_UNSPECIFIED, 4055 false, frame_buf); 4056 4057 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4058 sizeof(frame_buf)); 4059 } 4060 4061 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4062 err = -EBUSY; 4063 goto err_free; 4064 } 4065 4066 if (ifmgd->assoc_data) { 4067 err = -EBUSY; 4068 goto err_free; 4069 } 4070 4071 if (ifmgd->auth_data) { 4072 bool match; 4073 4074 /* keep sta info, bssid if matching */ 4075 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4076 ieee80211_destroy_auth_data(sdata, match); 4077 } 4078 4079 /* prepare assoc data */ 4080 4081 ifmgd->beacon_crc_valid = false; 4082 4083 assoc_data->wmm = bss->wmm_used && 4084 (local->hw.queues >= IEEE80211_NUM_ACS); 4085 if (assoc_data->wmm) { 4086 /* try to check validity of WMM params IE */ 4087 const struct cfg80211_bss_ies *ies; 4088 const u8 *wp, *start, *end; 4089 4090 rcu_read_lock(); 4091 ies = rcu_dereference(req->bss->ies); 4092 start = ies->data; 4093 end = start + ies->len; 4094 4095 while (true) { 4096 wp = cfg80211_find_vendor_ie( 4097 WLAN_OUI_MICROSOFT, 4098 WLAN_OUI_TYPE_MICROSOFT_WMM, 4099 start, end - start); 4100 if (!wp) 4101 break; 4102 start = wp + wp[1] + 2; 4103 /* if this IE is too short, try the next */ 4104 if (wp[1] <= 4) 4105 continue; 4106 /* if this IE is WMM params, we found what we wanted */ 4107 if (wp[6] == 1) 4108 break; 4109 } 4110 4111 if (!wp || !ieee80211_usable_wmm_params(sdata, wp + 2, 4112 wp[1] - 2)) { 4113 assoc_data->wmm = false; 4114 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM; 4115 } 4116 rcu_read_unlock(); 4117 } 4118 4119 /* 4120 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4121 * We still associate in non-HT mode (11a/b/g) if any one of these 4122 * ciphers is configured as pairwise. 4123 * We can set this to true for non-11n hardware, that'll be checked 4124 * separately along with the peer capabilities. 4125 */ 4126 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4127 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4128 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4129 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4130 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4131 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4132 netdev_info(sdata->dev, 4133 "disabling HT/VHT due to WEP/TKIP use\n"); 4134 } 4135 } 4136 4137 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4138 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4139 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4140 } 4141 4142 if (req->flags & ASSOC_REQ_DISABLE_VHT) 4143 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4144 4145 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4146 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4147 if (!sband->ht_cap.ht_supported || 4148 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4149 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4150 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4151 if (!bss->wmm_used && 4152 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4153 netdev_info(sdata->dev, 4154 "disabling HT as WMM/QoS is not supported by the AP\n"); 4155 } 4156 4157 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4158 if (!sband->vht_cap.vht_supported || 4159 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4160 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4161 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4162 if (!bss->wmm_used && 4163 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4164 netdev_info(sdata->dev, 4165 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4166 } 4167 4168 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4169 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4170 sizeof(ifmgd->ht_capa_mask)); 4171 4172 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4173 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4174 sizeof(ifmgd->vht_capa_mask)); 4175 4176 if (req->ie && req->ie_len) { 4177 memcpy(assoc_data->ie, req->ie, req->ie_len); 4178 assoc_data->ie_len = req->ie_len; 4179 } 4180 4181 assoc_data->bss = req->bss; 4182 4183 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4184 if (ifmgd->powersave) 4185 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4186 else 4187 sdata->smps_mode = IEEE80211_SMPS_OFF; 4188 } else 4189 sdata->smps_mode = ifmgd->req_smps; 4190 4191 assoc_data->capability = req->bss->capability; 4192 assoc_data->supp_rates = bss->supp_rates; 4193 assoc_data->supp_rates_len = bss->supp_rates_len; 4194 4195 rcu_read_lock(); 4196 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4197 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4198 assoc_data->ap_ht_param = 4199 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4200 else 4201 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4202 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4203 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4204 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4205 sizeof(struct ieee80211_vht_cap)); 4206 else 4207 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4208 rcu_read_unlock(); 4209 4210 if (bss->wmm_used && bss->uapsd_supported && 4211 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) && 4212 sdata->wmm_acm != 0xff) { 4213 assoc_data->uapsd = true; 4214 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4215 } else { 4216 assoc_data->uapsd = false; 4217 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4218 } 4219 4220 if (req->prev_bssid) 4221 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4222 4223 if (req->use_mfp) { 4224 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4225 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4226 } else { 4227 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4228 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4229 } 4230 4231 if (req->crypto.control_port) 4232 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4233 else 4234 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4235 4236 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4237 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4238 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto, 4239 sdata->vif.type); 4240 4241 /* kick off associate process */ 4242 4243 ifmgd->assoc_data = assoc_data; 4244 ifmgd->dtim_period = 0; 4245 ifmgd->have_beacon = false; 4246 4247 err = ieee80211_prep_connection(sdata, req->bss, true); 4248 if (err) 4249 goto err_clear; 4250 4251 rcu_read_lock(); 4252 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4253 4254 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4255 !beacon_ies) { 4256 /* 4257 * Wait up to one beacon interval ... 4258 * should this be more if we miss one? 4259 */ 4260 sdata_info(sdata, "waiting for beacon from %pM\n", 4261 ifmgd->bssid); 4262 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4263 assoc_data->timeout_started = true; 4264 assoc_data->need_beacon = true; 4265 } else if (beacon_ies) { 4266 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4267 beacon_ies->data, 4268 beacon_ies->len); 4269 u8 dtim_count = 0; 4270 4271 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4272 const struct ieee80211_tim_ie *tim; 4273 tim = (void *)(tim_ie + 2); 4274 ifmgd->dtim_period = tim->dtim_period; 4275 dtim_count = tim->dtim_count; 4276 } 4277 ifmgd->have_beacon = true; 4278 assoc_data->timeout = jiffies; 4279 assoc_data->timeout_started = true; 4280 4281 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4282 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4283 sdata->vif.bss_conf.sync_device_ts = 4284 bss->device_ts_beacon; 4285 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4286 } 4287 } else { 4288 assoc_data->timeout = jiffies; 4289 assoc_data->timeout_started = true; 4290 } 4291 rcu_read_unlock(); 4292 4293 run_again(sdata, assoc_data->timeout); 4294 4295 if (bss->corrupt_data) { 4296 char *corrupt_type = "data"; 4297 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4298 if (bss->corrupt_data & 4299 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4300 corrupt_type = "beacon and probe response"; 4301 else 4302 corrupt_type = "beacon"; 4303 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4304 corrupt_type = "probe response"; 4305 sdata_info(sdata, "associating with AP with corrupt %s\n", 4306 corrupt_type); 4307 } 4308 4309 return 0; 4310 err_clear: 4311 memset(ifmgd->bssid, 0, ETH_ALEN); 4312 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4313 ifmgd->assoc_data = NULL; 4314 err_free: 4315 kfree(assoc_data); 4316 return err; 4317 } 4318 4319 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4320 struct cfg80211_deauth_request *req) 4321 { 4322 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4323 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4324 bool tx = !req->local_state_change; 4325 bool report_frame = false; 4326 4327 sdata_info(sdata, 4328 "deauthenticating from %pM by local choice (reason=%d)\n", 4329 req->bssid, req->reason_code); 4330 4331 if (ifmgd->auth_data) { 4332 drv_mgd_prepare_tx(sdata->local, sdata); 4333 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4334 IEEE80211_STYPE_DEAUTH, 4335 req->reason_code, tx, 4336 frame_buf); 4337 ieee80211_destroy_auth_data(sdata, false); 4338 4339 report_frame = true; 4340 goto out; 4341 } 4342 4343 if (ifmgd->associated && 4344 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4345 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4346 req->reason_code, tx, frame_buf); 4347 report_frame = true; 4348 } 4349 4350 out: 4351 if (report_frame) 4352 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4353 IEEE80211_DEAUTH_FRAME_LEN); 4354 4355 return 0; 4356 } 4357 4358 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4359 struct cfg80211_disassoc_request *req) 4360 { 4361 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4362 u8 bssid[ETH_ALEN]; 4363 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4364 4365 /* 4366 * cfg80211 should catch this ... but it's racy since 4367 * we can receive a disassoc frame, process it, hand it 4368 * to cfg80211 while that's in a locked section already 4369 * trying to tell us that the user wants to disconnect. 4370 */ 4371 if (ifmgd->associated != req->bss) 4372 return -ENOLINK; 4373 4374 sdata_info(sdata, 4375 "disassociating from %pM by local choice (reason=%d)\n", 4376 req->bss->bssid, req->reason_code); 4377 4378 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4379 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4380 req->reason_code, !req->local_state_change, 4381 frame_buf); 4382 4383 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4384 IEEE80211_DEAUTH_FRAME_LEN); 4385 4386 return 0; 4387 } 4388 4389 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4390 { 4391 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4392 4393 /* 4394 * Make sure some work items will not run after this, 4395 * they will not do anything but might not have been 4396 * cancelled when disconnecting. 4397 */ 4398 cancel_work_sync(&ifmgd->monitor_work); 4399 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4400 cancel_work_sync(&ifmgd->request_smps_work); 4401 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4402 cancel_work_sync(&ifmgd->chswitch_work); 4403 4404 sdata_lock(sdata); 4405 if (ifmgd->assoc_data) { 4406 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 4407 ieee80211_destroy_assoc_data(sdata, false); 4408 cfg80211_assoc_timeout(sdata->dev, bss); 4409 } 4410 if (ifmgd->auth_data) 4411 ieee80211_destroy_auth_data(sdata, false); 4412 del_timer_sync(&ifmgd->timer); 4413 sdata_unlock(sdata); 4414 } 4415 4416 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 4417 enum nl80211_cqm_rssi_threshold_event rssi_event, 4418 gfp_t gfp) 4419 { 4420 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4421 4422 trace_api_cqm_rssi_notify(sdata, rssi_event); 4423 4424 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4425 } 4426 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4427