1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/pm_qos.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 35 #define IEEE80211_AUTH_MAX_TRIES 3 36 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 37 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 38 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 39 #define IEEE80211_ASSOC_MAX_TRIES 3 40 41 static int max_nullfunc_tries = 2; 42 module_param(max_nullfunc_tries, int, 0644); 43 MODULE_PARM_DESC(max_nullfunc_tries, 44 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 45 46 static int max_probe_tries = 5; 47 module_param(max_probe_tries, int, 0644); 48 MODULE_PARM_DESC(max_probe_tries, 49 "Maximum probe tries before disconnecting (reason 4)."); 50 51 /* 52 * Beacon loss timeout is calculated as N frames times the 53 * advertised beacon interval. This may need to be somewhat 54 * higher than what hardware might detect to account for 55 * delays in the host processing frames. But since we also 56 * probe on beacon miss before declaring the connection lost 57 * default to what we want. 58 */ 59 static int beacon_loss_count = 7; 60 module_param(beacon_loss_count, int, 0644); 61 MODULE_PARM_DESC(beacon_loss_count, 62 "Number of beacon intervals before we decide beacon was lost."); 63 64 /* 65 * Time the connection can be idle before we probe 66 * it to see if we can still talk to the AP. 67 */ 68 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 69 /* 70 * Time we wait for a probe response after sending 71 * a probe request because of beacon loss or for 72 * checking the connection still works. 73 */ 74 static int probe_wait_ms = 500; 75 module_param(probe_wait_ms, int, 0644); 76 MODULE_PARM_DESC(probe_wait_ms, 77 "Maximum time(ms) to wait for probe response" 78 " before disconnecting (reason 4)."); 79 80 /* 81 * Weight given to the latest Beacon frame when calculating average signal 82 * strength for Beacon frames received in the current BSS. This must be 83 * between 1 and 15. 84 */ 85 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 86 87 /* 88 * How many Beacon frames need to have been used in average signal strength 89 * before starting to indicate signal change events. 90 */ 91 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 92 93 /* 94 * All cfg80211 functions have to be called outside a locked 95 * section so that they can acquire a lock themselves... This 96 * is much simpler than queuing up things in cfg80211, but we 97 * do need some indirection for that here. 98 */ 99 enum rx_mgmt_action { 100 /* no action required */ 101 RX_MGMT_NONE, 102 103 /* caller must call cfg80211_send_deauth() */ 104 RX_MGMT_CFG80211_DEAUTH, 105 106 /* caller must call cfg80211_send_disassoc() */ 107 RX_MGMT_CFG80211_DISASSOC, 108 109 /* caller must call cfg80211_send_rx_auth() */ 110 RX_MGMT_CFG80211_RX_AUTH, 111 112 /* caller must call cfg80211_send_rx_assoc() */ 113 RX_MGMT_CFG80211_RX_ASSOC, 114 115 /* caller must call cfg80211_send_assoc_timeout() */ 116 RX_MGMT_CFG80211_ASSOC_TIMEOUT, 117 118 /* used when a processed beacon causes a deauth */ 119 RX_MGMT_CFG80211_TX_DEAUTH, 120 }; 121 122 /* utils */ 123 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd) 124 { 125 lockdep_assert_held(&ifmgd->mtx); 126 } 127 128 /* 129 * We can have multiple work items (and connection probing) 130 * scheduling this timer, but we need to take care to only 131 * reschedule it when it should fire _earlier_ than it was 132 * asked for before, or if it's not pending right now. This 133 * function ensures that. Note that it then is required to 134 * run this function for all timeouts after the first one 135 * has happened -- the work that runs from this timer will 136 * do that. 137 */ 138 static void run_again(struct ieee80211_if_managed *ifmgd, unsigned long timeout) 139 { 140 ASSERT_MGD_MTX(ifmgd); 141 142 if (!timer_pending(&ifmgd->timer) || 143 time_before(timeout, ifmgd->timer.expires)) 144 mod_timer(&ifmgd->timer, timeout); 145 } 146 147 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 148 { 149 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 150 return; 151 152 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 153 return; 154 155 mod_timer(&sdata->u.mgd.bcn_mon_timer, 156 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 157 } 158 159 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 160 { 161 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 162 163 if (unlikely(!sdata->u.mgd.associated)) 164 return; 165 166 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 167 return; 168 169 mod_timer(&sdata->u.mgd.conn_mon_timer, 170 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 171 172 ifmgd->probe_send_count = 0; 173 } 174 175 static int ecw2cw(int ecw) 176 { 177 return (1 << ecw) - 1; 178 } 179 180 static u32 chandef_downgrade(struct cfg80211_chan_def *c) 181 { 182 u32 ret; 183 int tmp; 184 185 switch (c->width) { 186 case NL80211_CHAN_WIDTH_20: 187 c->width = NL80211_CHAN_WIDTH_20_NOHT; 188 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 189 break; 190 case NL80211_CHAN_WIDTH_40: 191 c->width = NL80211_CHAN_WIDTH_20; 192 c->center_freq1 = c->chan->center_freq; 193 ret = IEEE80211_STA_DISABLE_40MHZ | 194 IEEE80211_STA_DISABLE_VHT; 195 break; 196 case NL80211_CHAN_WIDTH_80: 197 tmp = (30 + c->chan->center_freq - c->center_freq1)/20; 198 /* n_P40 */ 199 tmp /= 2; 200 /* freq_P40 */ 201 c->center_freq1 = c->center_freq1 - 20 + 40 * tmp; 202 c->width = NL80211_CHAN_WIDTH_40; 203 ret = IEEE80211_STA_DISABLE_VHT; 204 break; 205 case NL80211_CHAN_WIDTH_80P80: 206 c->center_freq2 = 0; 207 c->width = NL80211_CHAN_WIDTH_80; 208 ret = IEEE80211_STA_DISABLE_80P80MHZ | 209 IEEE80211_STA_DISABLE_160MHZ; 210 break; 211 case NL80211_CHAN_WIDTH_160: 212 /* n_P20 */ 213 tmp = (70 + c->chan->center_freq - c->center_freq1)/20; 214 /* n_P80 */ 215 tmp /= 4; 216 c->center_freq1 = c->center_freq1 - 40 + 80 * tmp; 217 c->width = NL80211_CHAN_WIDTH_80; 218 ret = IEEE80211_STA_DISABLE_80P80MHZ | 219 IEEE80211_STA_DISABLE_160MHZ; 220 break; 221 default: 222 case NL80211_CHAN_WIDTH_20_NOHT: 223 WARN_ON_ONCE(1); 224 c->width = NL80211_CHAN_WIDTH_20_NOHT; 225 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 226 break; 227 } 228 229 WARN_ON_ONCE(!cfg80211_chandef_valid(c)); 230 231 return ret; 232 } 233 234 static u32 235 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 236 struct ieee80211_supported_band *sband, 237 struct ieee80211_channel *channel, 238 const struct ieee80211_ht_operation *ht_oper, 239 const struct ieee80211_vht_operation *vht_oper, 240 struct cfg80211_chan_def *chandef, bool verbose) 241 { 242 struct cfg80211_chan_def vht_chandef; 243 u32 ht_cfreq, ret; 244 245 chandef->chan = channel; 246 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 247 chandef->center_freq1 = channel->center_freq; 248 chandef->center_freq2 = 0; 249 250 if (!ht_oper || !sband->ht_cap.ht_supported) { 251 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 252 goto out; 253 } 254 255 chandef->width = NL80211_CHAN_WIDTH_20; 256 257 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 258 channel->band); 259 /* check that channel matches the right operating channel */ 260 if (channel->center_freq != ht_cfreq) { 261 /* 262 * It's possible that some APs are confused here; 263 * Netgear WNDR3700 sometimes reports 4 higher than 264 * the actual channel in association responses, but 265 * since we look at probe response/beacon data here 266 * it should be OK. 267 */ 268 if (verbose) 269 sdata_info(sdata, 270 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 271 channel->center_freq, ht_cfreq, 272 ht_oper->primary_chan, channel->band); 273 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 274 goto out; 275 } 276 277 /* check 40 MHz support, if we have it */ 278 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 279 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 280 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 281 chandef->width = NL80211_CHAN_WIDTH_40; 282 chandef->center_freq1 += 10; 283 break; 284 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 285 chandef->width = NL80211_CHAN_WIDTH_40; 286 chandef->center_freq1 -= 10; 287 break; 288 } 289 } else { 290 /* 40 MHz (and 80 MHz) must be supported for VHT */ 291 ret = IEEE80211_STA_DISABLE_VHT; 292 /* also mark 40 MHz disabled */ 293 ret |= IEEE80211_STA_DISABLE_40MHZ; 294 goto out; 295 } 296 297 if (!vht_oper || !sband->vht_cap.vht_supported) { 298 ret = IEEE80211_STA_DISABLE_VHT; 299 goto out; 300 } 301 302 vht_chandef.chan = channel; 303 vht_chandef.center_freq1 = 304 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 305 channel->band); 306 vht_chandef.center_freq2 = 0; 307 308 switch (vht_oper->chan_width) { 309 case IEEE80211_VHT_CHANWIDTH_USE_HT: 310 vht_chandef.width = chandef->width; 311 break; 312 case IEEE80211_VHT_CHANWIDTH_80MHZ: 313 vht_chandef.width = NL80211_CHAN_WIDTH_80; 314 break; 315 case IEEE80211_VHT_CHANWIDTH_160MHZ: 316 vht_chandef.width = NL80211_CHAN_WIDTH_160; 317 break; 318 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 319 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 320 vht_chandef.center_freq2 = 321 ieee80211_channel_to_frequency( 322 vht_oper->center_freq_seg2_idx, 323 channel->band); 324 break; 325 default: 326 if (verbose) 327 sdata_info(sdata, 328 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 329 vht_oper->chan_width); 330 ret = IEEE80211_STA_DISABLE_VHT; 331 goto out; 332 } 333 334 if (!cfg80211_chandef_valid(&vht_chandef)) { 335 if (verbose) 336 sdata_info(sdata, 337 "AP VHT information is invalid, disable VHT\n"); 338 ret = IEEE80211_STA_DISABLE_VHT; 339 goto out; 340 } 341 342 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 343 ret = 0; 344 goto out; 345 } 346 347 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 348 if (verbose) 349 sdata_info(sdata, 350 "AP VHT information doesn't match HT, disable VHT\n"); 351 ret = IEEE80211_STA_DISABLE_VHT; 352 goto out; 353 } 354 355 *chandef = vht_chandef; 356 357 ret = 0; 358 359 out: 360 /* don't print the message below for VHT mismatch if VHT is disabled */ 361 if (ret & IEEE80211_STA_DISABLE_VHT) 362 vht_chandef = *chandef; 363 364 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 365 IEEE80211_CHAN_DISABLED)) { 366 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 367 ret = IEEE80211_STA_DISABLE_HT | 368 IEEE80211_STA_DISABLE_VHT; 369 goto out; 370 } 371 372 ret |= chandef_downgrade(chandef); 373 } 374 375 if (chandef->width != vht_chandef.width && verbose) 376 sdata_info(sdata, 377 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 378 379 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 380 return ret; 381 } 382 383 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 384 struct sta_info *sta, 385 const struct ieee80211_ht_operation *ht_oper, 386 const struct ieee80211_vht_operation *vht_oper, 387 const u8 *bssid, u32 *changed) 388 { 389 struct ieee80211_local *local = sdata->local; 390 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 391 struct ieee80211_supported_band *sband; 392 struct ieee80211_channel *chan; 393 struct cfg80211_chan_def chandef; 394 u16 ht_opmode; 395 u32 flags; 396 enum ieee80211_sta_rx_bandwidth new_sta_bw; 397 int ret; 398 399 /* if HT was/is disabled, don't track any bandwidth changes */ 400 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 401 return 0; 402 403 /* don't check VHT if we associated as non-VHT station */ 404 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 405 vht_oper = NULL; 406 407 if (WARN_ON_ONCE(!sta)) 408 return -EINVAL; 409 410 chan = sdata->vif.bss_conf.chandef.chan; 411 sband = local->hw.wiphy->bands[chan->band]; 412 413 /* calculate new channel (type) based on HT/VHT operation IEs */ 414 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, 415 vht_oper, &chandef, false); 416 417 /* 418 * Downgrade the new channel if we associated with restricted 419 * capabilities. For example, if we associated as a 20 MHz STA 420 * to a 40 MHz AP (due to regulatory, capabilities or config 421 * reasons) then switching to a 40 MHz channel now won't do us 422 * any good -- we couldn't use it with the AP. 423 */ 424 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 425 chandef.width == NL80211_CHAN_WIDTH_80P80) 426 flags |= chandef_downgrade(&chandef); 427 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 428 chandef.width == NL80211_CHAN_WIDTH_160) 429 flags |= chandef_downgrade(&chandef); 430 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 431 chandef.width > NL80211_CHAN_WIDTH_20) 432 flags |= chandef_downgrade(&chandef); 433 434 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 435 return 0; 436 437 sdata_info(sdata, 438 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 439 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 440 chandef.center_freq1, chandef.center_freq2); 441 442 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 443 IEEE80211_STA_DISABLE_VHT | 444 IEEE80211_STA_DISABLE_40MHZ | 445 IEEE80211_STA_DISABLE_80P80MHZ | 446 IEEE80211_STA_DISABLE_160MHZ)) || 447 !cfg80211_chandef_valid(&chandef)) { 448 sdata_info(sdata, 449 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 450 ifmgd->bssid); 451 return -EINVAL; 452 } 453 454 switch (chandef.width) { 455 case NL80211_CHAN_WIDTH_20_NOHT: 456 case NL80211_CHAN_WIDTH_20: 457 new_sta_bw = IEEE80211_STA_RX_BW_20; 458 break; 459 case NL80211_CHAN_WIDTH_40: 460 new_sta_bw = IEEE80211_STA_RX_BW_40; 461 break; 462 case NL80211_CHAN_WIDTH_80: 463 new_sta_bw = IEEE80211_STA_RX_BW_80; 464 break; 465 case NL80211_CHAN_WIDTH_80P80: 466 case NL80211_CHAN_WIDTH_160: 467 new_sta_bw = IEEE80211_STA_RX_BW_160; 468 break; 469 default: 470 return -EINVAL; 471 } 472 473 if (new_sta_bw > sta->cur_max_bandwidth) 474 new_sta_bw = sta->cur_max_bandwidth; 475 476 if (new_sta_bw < sta->sta.bandwidth) { 477 sta->sta.bandwidth = new_sta_bw; 478 rate_control_rate_update(local, sband, sta, 479 IEEE80211_RC_BW_CHANGED); 480 } 481 482 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 483 if (ret) { 484 sdata_info(sdata, 485 "AP %pM changed bandwidth to incompatible one - disconnect\n", 486 ifmgd->bssid); 487 return ret; 488 } 489 490 if (new_sta_bw > sta->sta.bandwidth) { 491 sta->sta.bandwidth = new_sta_bw; 492 rate_control_rate_update(local, sband, sta, 493 IEEE80211_RC_BW_CHANGED); 494 } 495 496 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 497 498 /* if bss configuration changed store the new one */ 499 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 500 *changed |= BSS_CHANGED_HT; 501 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 502 } 503 504 return 0; 505 } 506 507 /* frame sending functions */ 508 509 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 510 struct ieee80211_supported_band *sband, 511 u32 *rates) 512 { 513 int i, j, count; 514 *rates = 0; 515 count = 0; 516 for (i = 0; i < supp_rates_len; i++) { 517 int rate = (supp_rates[i] & 0x7F) * 5; 518 519 for (j = 0; j < sband->n_bitrates; j++) 520 if (sband->bitrates[j].bitrate == rate) { 521 *rates |= BIT(j); 522 count++; 523 break; 524 } 525 } 526 527 return count; 528 } 529 530 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 531 struct sk_buff *skb, u8 ap_ht_param, 532 struct ieee80211_supported_band *sband, 533 struct ieee80211_channel *channel, 534 enum ieee80211_smps_mode smps) 535 { 536 u8 *pos; 537 u32 flags = channel->flags; 538 u16 cap; 539 struct ieee80211_sta_ht_cap ht_cap; 540 541 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 542 543 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 544 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 545 546 /* determine capability flags */ 547 cap = ht_cap.cap; 548 549 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 550 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 551 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 552 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 553 cap &= ~IEEE80211_HT_CAP_SGI_40; 554 } 555 break; 556 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 557 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 558 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 559 cap &= ~IEEE80211_HT_CAP_SGI_40; 560 } 561 break; 562 } 563 564 /* 565 * If 40 MHz was disabled associate as though we weren't 566 * capable of 40 MHz -- some broken APs will never fall 567 * back to trying to transmit in 20 MHz. 568 */ 569 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 570 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 571 cap &= ~IEEE80211_HT_CAP_SGI_40; 572 } 573 574 /* set SM PS mode properly */ 575 cap &= ~IEEE80211_HT_CAP_SM_PS; 576 switch (smps) { 577 case IEEE80211_SMPS_AUTOMATIC: 578 case IEEE80211_SMPS_NUM_MODES: 579 WARN_ON(1); 580 case IEEE80211_SMPS_OFF: 581 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 582 IEEE80211_HT_CAP_SM_PS_SHIFT; 583 break; 584 case IEEE80211_SMPS_STATIC: 585 cap |= WLAN_HT_CAP_SM_PS_STATIC << 586 IEEE80211_HT_CAP_SM_PS_SHIFT; 587 break; 588 case IEEE80211_SMPS_DYNAMIC: 589 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 590 IEEE80211_HT_CAP_SM_PS_SHIFT; 591 break; 592 } 593 594 /* reserve and fill IE */ 595 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 596 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 597 } 598 599 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 600 struct sk_buff *skb, 601 struct ieee80211_supported_band *sband, 602 struct ieee80211_vht_cap *ap_vht_cap) 603 { 604 u8 *pos; 605 u32 cap; 606 struct ieee80211_sta_vht_cap vht_cap; 607 608 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 609 610 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 611 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 612 613 /* determine capability flags */ 614 cap = vht_cap.cap; 615 616 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 617 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; 618 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 619 } 620 621 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 622 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 623 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 624 } 625 626 /* 627 * Some APs apparently get confused if our capabilities are better 628 * than theirs, so restrict what we advertise in the assoc request. 629 */ 630 if (!(ap_vht_cap->vht_cap_info & 631 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 632 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 633 634 /* reserve and fill IE */ 635 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 636 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 637 } 638 639 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 640 { 641 struct ieee80211_local *local = sdata->local; 642 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 643 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 644 struct sk_buff *skb; 645 struct ieee80211_mgmt *mgmt; 646 u8 *pos, qos_info; 647 size_t offset = 0, noffset; 648 int i, count, rates_len, supp_rates_len; 649 u16 capab; 650 struct ieee80211_supported_band *sband; 651 struct ieee80211_chanctx_conf *chanctx_conf; 652 struct ieee80211_channel *chan; 653 u32 rates = 0; 654 655 lockdep_assert_held(&ifmgd->mtx); 656 657 rcu_read_lock(); 658 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 659 if (WARN_ON(!chanctx_conf)) { 660 rcu_read_unlock(); 661 return; 662 } 663 chan = chanctx_conf->def.chan; 664 rcu_read_unlock(); 665 sband = local->hw.wiphy->bands[chan->band]; 666 667 if (assoc_data->supp_rates_len) { 668 /* 669 * Get all rates supported by the device and the AP as 670 * some APs don't like getting a superset of their rates 671 * in the association request (e.g. D-Link DAP 1353 in 672 * b-only mode)... 673 */ 674 rates_len = ieee80211_compatible_rates(assoc_data->supp_rates, 675 assoc_data->supp_rates_len, 676 sband, &rates); 677 } else { 678 /* 679 * In case AP not provide any supported rates information 680 * before association, we send information element(s) with 681 * all rates that we support. 682 */ 683 rates = ~0; 684 rates_len = sband->n_bitrates; 685 } 686 687 skb = alloc_skb(local->hw.extra_tx_headroom + 688 sizeof(*mgmt) + /* bit too much but doesn't matter */ 689 2 + assoc_data->ssid_len + /* SSID */ 690 4 + rates_len + /* (extended) rates */ 691 4 + /* power capability */ 692 2 + 2 * sband->n_channels + /* supported channels */ 693 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 694 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 695 assoc_data->ie_len + /* extra IEs */ 696 9, /* WMM */ 697 GFP_KERNEL); 698 if (!skb) 699 return; 700 701 skb_reserve(skb, local->hw.extra_tx_headroom); 702 703 capab = WLAN_CAPABILITY_ESS; 704 705 if (sband->band == IEEE80211_BAND_2GHZ) { 706 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 707 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 708 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 709 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 710 } 711 712 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 713 capab |= WLAN_CAPABILITY_PRIVACY; 714 715 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 716 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 717 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 718 719 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 720 memset(mgmt, 0, 24); 721 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 722 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 723 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 724 725 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 726 skb_put(skb, 10); 727 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 728 IEEE80211_STYPE_REASSOC_REQ); 729 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 730 mgmt->u.reassoc_req.listen_interval = 731 cpu_to_le16(local->hw.conf.listen_interval); 732 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 733 ETH_ALEN); 734 } else { 735 skb_put(skb, 4); 736 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 737 IEEE80211_STYPE_ASSOC_REQ); 738 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 739 mgmt->u.assoc_req.listen_interval = 740 cpu_to_le16(local->hw.conf.listen_interval); 741 } 742 743 /* SSID */ 744 pos = skb_put(skb, 2 + assoc_data->ssid_len); 745 *pos++ = WLAN_EID_SSID; 746 *pos++ = assoc_data->ssid_len; 747 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 748 749 /* add all rates which were marked to be used above */ 750 supp_rates_len = rates_len; 751 if (supp_rates_len > 8) 752 supp_rates_len = 8; 753 754 pos = skb_put(skb, supp_rates_len + 2); 755 *pos++ = WLAN_EID_SUPP_RATES; 756 *pos++ = supp_rates_len; 757 758 count = 0; 759 for (i = 0; i < sband->n_bitrates; i++) { 760 if (BIT(i) & rates) { 761 int rate = sband->bitrates[i].bitrate; 762 *pos++ = (u8) (rate / 5); 763 if (++count == 8) 764 break; 765 } 766 } 767 768 if (rates_len > count) { 769 pos = skb_put(skb, rates_len - count + 2); 770 *pos++ = WLAN_EID_EXT_SUPP_RATES; 771 *pos++ = rates_len - count; 772 773 for (i++; i < sband->n_bitrates; i++) { 774 if (BIT(i) & rates) { 775 int rate = sband->bitrates[i].bitrate; 776 *pos++ = (u8) (rate / 5); 777 } 778 } 779 } 780 781 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 782 /* 1. power capabilities */ 783 pos = skb_put(skb, 4); 784 *pos++ = WLAN_EID_PWR_CAPABILITY; 785 *pos++ = 2; 786 *pos++ = 0; /* min tx power */ 787 *pos++ = chan->max_power; /* max tx power */ 788 789 /* 2. supported channels */ 790 /* TODO: get this in reg domain format */ 791 pos = skb_put(skb, 2 * sband->n_channels + 2); 792 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 793 *pos++ = 2 * sband->n_channels; 794 for (i = 0; i < sband->n_channels; i++) { 795 *pos++ = ieee80211_frequency_to_channel( 796 sband->channels[i].center_freq); 797 *pos++ = 1; /* one channel in the subband*/ 798 } 799 } 800 801 /* if present, add any custom IEs that go before HT */ 802 if (assoc_data->ie_len && assoc_data->ie) { 803 static const u8 before_ht[] = { 804 WLAN_EID_SSID, 805 WLAN_EID_SUPP_RATES, 806 WLAN_EID_EXT_SUPP_RATES, 807 WLAN_EID_PWR_CAPABILITY, 808 WLAN_EID_SUPPORTED_CHANNELS, 809 WLAN_EID_RSN, 810 WLAN_EID_QOS_CAPA, 811 WLAN_EID_RRM_ENABLED_CAPABILITIES, 812 WLAN_EID_MOBILITY_DOMAIN, 813 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 814 }; 815 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 816 before_ht, ARRAY_SIZE(before_ht), 817 offset); 818 pos = skb_put(skb, noffset - offset); 819 memcpy(pos, assoc_data->ie + offset, noffset - offset); 820 offset = noffset; 821 } 822 823 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 824 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 825 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 826 827 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 828 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 829 sband, chan, sdata->smps_mode); 830 831 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 832 ieee80211_add_vht_ie(sdata, skb, sband, 833 &assoc_data->ap_vht_cap); 834 835 /* if present, add any custom non-vendor IEs that go after HT */ 836 if (assoc_data->ie_len && assoc_data->ie) { 837 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 838 assoc_data->ie_len, 839 offset); 840 pos = skb_put(skb, noffset - offset); 841 memcpy(pos, assoc_data->ie + offset, noffset - offset); 842 offset = noffset; 843 } 844 845 if (assoc_data->wmm) { 846 if (assoc_data->uapsd) { 847 qos_info = ifmgd->uapsd_queues; 848 qos_info |= (ifmgd->uapsd_max_sp_len << 849 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 850 } else { 851 qos_info = 0; 852 } 853 854 pos = skb_put(skb, 9); 855 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 856 *pos++ = 7; /* len */ 857 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 858 *pos++ = 0x50; 859 *pos++ = 0xf2; 860 *pos++ = 2; /* WME */ 861 *pos++ = 0; /* WME info */ 862 *pos++ = 1; /* WME ver */ 863 *pos++ = qos_info; 864 } 865 866 /* add any remaining custom (i.e. vendor specific here) IEs */ 867 if (assoc_data->ie_len && assoc_data->ie) { 868 noffset = assoc_data->ie_len; 869 pos = skb_put(skb, noffset - offset); 870 memcpy(pos, assoc_data->ie + offset, noffset - offset); 871 } 872 873 drv_mgd_prepare_tx(local, sdata); 874 875 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 876 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 877 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 878 IEEE80211_TX_INTFL_MLME_CONN_TX; 879 ieee80211_tx_skb(sdata, skb); 880 } 881 882 void ieee80211_send_pspoll(struct ieee80211_local *local, 883 struct ieee80211_sub_if_data *sdata) 884 { 885 struct ieee80211_pspoll *pspoll; 886 struct sk_buff *skb; 887 888 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 889 if (!skb) 890 return; 891 892 pspoll = (struct ieee80211_pspoll *) skb->data; 893 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 894 895 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 896 ieee80211_tx_skb(sdata, skb); 897 } 898 899 void ieee80211_send_nullfunc(struct ieee80211_local *local, 900 struct ieee80211_sub_if_data *sdata, 901 int powersave) 902 { 903 struct sk_buff *skb; 904 struct ieee80211_hdr_3addr *nullfunc; 905 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 906 907 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 908 if (!skb) 909 return; 910 911 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 912 if (powersave) 913 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 914 915 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 916 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 917 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 918 IEEE80211_STA_CONNECTION_POLL)) 919 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 920 921 ieee80211_tx_skb(sdata, skb); 922 } 923 924 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 925 struct ieee80211_sub_if_data *sdata) 926 { 927 struct sk_buff *skb; 928 struct ieee80211_hdr *nullfunc; 929 __le16 fc; 930 931 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 932 return; 933 934 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 935 if (!skb) 936 return; 937 938 skb_reserve(skb, local->hw.extra_tx_headroom); 939 940 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 941 memset(nullfunc, 0, 30); 942 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 943 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 944 nullfunc->frame_control = fc; 945 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 946 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 947 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 948 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 949 950 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 951 ieee80211_tx_skb(sdata, skb); 952 } 953 954 /* spectrum management related things */ 955 static void ieee80211_chswitch_work(struct work_struct *work) 956 { 957 struct ieee80211_sub_if_data *sdata = 958 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 959 struct ieee80211_local *local = sdata->local; 960 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 961 962 if (!ieee80211_sdata_running(sdata)) 963 return; 964 965 mutex_lock(&ifmgd->mtx); 966 if (!ifmgd->associated) 967 goto out; 968 969 local->_oper_chandef = local->csa_chandef; 970 971 if (!local->ops->channel_switch) { 972 /* call "hw_config" only if doing sw channel switch */ 973 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 974 } else { 975 /* update the device channel directly */ 976 local->hw.conf.chandef = local->_oper_chandef; 977 } 978 979 /* XXX: shouldn't really modify cfg80211-owned data! */ 980 ifmgd->associated->channel = local->_oper_chandef.chan; 981 982 /* XXX: wait for a beacon first? */ 983 ieee80211_wake_queues_by_reason(&local->hw, 984 IEEE80211_MAX_QUEUE_MAP, 985 IEEE80211_QUEUE_STOP_REASON_CSA); 986 out: 987 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 988 mutex_unlock(&ifmgd->mtx); 989 } 990 991 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 992 { 993 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 994 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 995 996 trace_api_chswitch_done(sdata, success); 997 if (!success) { 998 sdata_info(sdata, 999 "driver channel switch failed, disconnecting\n"); 1000 ieee80211_queue_work(&sdata->local->hw, 1001 &ifmgd->csa_connection_drop_work); 1002 } else { 1003 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1004 } 1005 } 1006 EXPORT_SYMBOL(ieee80211_chswitch_done); 1007 1008 static void ieee80211_chswitch_timer(unsigned long data) 1009 { 1010 struct ieee80211_sub_if_data *sdata = 1011 (struct ieee80211_sub_if_data *) data; 1012 1013 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 1014 } 1015 1016 static void 1017 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1018 u64 timestamp, struct ieee802_11_elems *elems) 1019 { 1020 struct ieee80211_local *local = sdata->local; 1021 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1022 struct cfg80211_bss *cbss = ifmgd->associated; 1023 struct ieee80211_bss *bss; 1024 struct ieee80211_chanctx *chanctx; 1025 enum ieee80211_band new_band; 1026 int new_freq; 1027 u8 new_chan_no; 1028 u8 count; 1029 u8 mode; 1030 struct ieee80211_channel *new_chan; 1031 struct cfg80211_chan_def new_chandef = {}; 1032 struct cfg80211_chan_def new_vht_chandef = {}; 1033 const struct ieee80211_sec_chan_offs_ie *sec_chan_offs; 1034 const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie; 1035 int secondary_channel_offset = -1; 1036 1037 ASSERT_MGD_MTX(ifmgd); 1038 1039 if (!cbss) 1040 return; 1041 1042 if (local->scanning) 1043 return; 1044 1045 /* disregard subsequent announcements if we are already processing */ 1046 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 1047 return; 1048 1049 sec_chan_offs = elems->sec_chan_offs; 1050 wide_bw_chansw_ie = elems->wide_bw_chansw_ie; 1051 1052 if (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 1053 IEEE80211_STA_DISABLE_40MHZ)) { 1054 sec_chan_offs = NULL; 1055 wide_bw_chansw_ie = NULL; 1056 } 1057 1058 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 1059 wide_bw_chansw_ie = NULL; 1060 1061 if (elems->ext_chansw_ie) { 1062 if (!ieee80211_operating_class_to_band( 1063 elems->ext_chansw_ie->new_operating_class, 1064 &new_band)) { 1065 sdata_info(sdata, 1066 "cannot understand ECSA IE operating class %d, disconnecting\n", 1067 elems->ext_chansw_ie->new_operating_class); 1068 ieee80211_queue_work(&local->hw, 1069 &ifmgd->csa_connection_drop_work); 1070 } 1071 new_chan_no = elems->ext_chansw_ie->new_ch_num; 1072 count = elems->ext_chansw_ie->count; 1073 mode = elems->ext_chansw_ie->mode; 1074 } else if (elems->ch_switch_ie) { 1075 new_band = cbss->channel->band; 1076 new_chan_no = elems->ch_switch_ie->new_ch_num; 1077 count = elems->ch_switch_ie->count; 1078 mode = elems->ch_switch_ie->mode; 1079 } else { 1080 /* nothing here we understand */ 1081 return; 1082 } 1083 1084 bss = (void *)cbss->priv; 1085 1086 new_freq = ieee80211_channel_to_frequency(new_chan_no, new_band); 1087 new_chan = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 1088 if (!new_chan || new_chan->flags & IEEE80211_CHAN_DISABLED) { 1089 sdata_info(sdata, 1090 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n", 1091 ifmgd->associated->bssid, new_freq); 1092 ieee80211_queue_work(&local->hw, 1093 &ifmgd->csa_connection_drop_work); 1094 return; 1095 } 1096 1097 if (sec_chan_offs) { 1098 secondary_channel_offset = sec_chan_offs->sec_chan_offs; 1099 } else if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 1100 /* if HT is enabled and the IE not present, it's still HT */ 1101 secondary_channel_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE; 1102 } 1103 1104 switch (secondary_channel_offset) { 1105 default: 1106 /* secondary_channel_offset was present but is invalid */ 1107 case IEEE80211_HT_PARAM_CHA_SEC_NONE: 1108 cfg80211_chandef_create(&new_chandef, new_chan, 1109 NL80211_CHAN_HT20); 1110 break; 1111 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 1112 cfg80211_chandef_create(&new_chandef, new_chan, 1113 NL80211_CHAN_HT40PLUS); 1114 break; 1115 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 1116 cfg80211_chandef_create(&new_chandef, new_chan, 1117 NL80211_CHAN_HT40MINUS); 1118 break; 1119 case -1: 1120 cfg80211_chandef_create(&new_chandef, new_chan, 1121 NL80211_CHAN_NO_HT); 1122 break; 1123 } 1124 1125 if (wide_bw_chansw_ie) { 1126 new_vht_chandef.chan = new_chan; 1127 new_vht_chandef.center_freq1 = 1128 ieee80211_channel_to_frequency( 1129 wide_bw_chansw_ie->new_center_freq_seg0, 1130 new_band); 1131 1132 switch (wide_bw_chansw_ie->new_channel_width) { 1133 default: 1134 /* hmmm, ignore VHT and use HT if present */ 1135 case IEEE80211_VHT_CHANWIDTH_USE_HT: 1136 new_vht_chandef.chan = NULL; 1137 break; 1138 case IEEE80211_VHT_CHANWIDTH_80MHZ: 1139 new_vht_chandef.width = NL80211_CHAN_WIDTH_80; 1140 break; 1141 case IEEE80211_VHT_CHANWIDTH_160MHZ: 1142 new_vht_chandef.width = NL80211_CHAN_WIDTH_160; 1143 break; 1144 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 1145 /* field is otherwise reserved */ 1146 new_vht_chandef.center_freq2 = 1147 ieee80211_channel_to_frequency( 1148 wide_bw_chansw_ie->new_center_freq_seg1, 1149 new_band); 1150 new_vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 1151 break; 1152 } 1153 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 1154 new_vht_chandef.width == NL80211_CHAN_WIDTH_80P80) 1155 chandef_downgrade(&new_vht_chandef); 1156 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 1157 new_vht_chandef.width == NL80211_CHAN_WIDTH_160) 1158 chandef_downgrade(&new_vht_chandef); 1159 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 1160 new_vht_chandef.width > NL80211_CHAN_WIDTH_20) 1161 chandef_downgrade(&new_vht_chandef); 1162 } 1163 1164 /* if VHT data is there validate & use it */ 1165 if (new_vht_chandef.chan) { 1166 if (!cfg80211_chandef_compatible(&new_vht_chandef, 1167 &new_chandef)) { 1168 sdata_info(sdata, 1169 "AP %pM CSA has inconsistent channel data, disconnecting\n", 1170 ifmgd->associated->bssid); 1171 ieee80211_queue_work(&local->hw, 1172 &ifmgd->csa_connection_drop_work); 1173 return; 1174 } 1175 new_chandef = new_vht_chandef; 1176 } 1177 1178 if (!cfg80211_chandef_usable(local->hw.wiphy, &new_chandef, 1179 IEEE80211_CHAN_DISABLED)) { 1180 sdata_info(sdata, 1181 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 1182 ifmgd->associated->bssid, new_freq, 1183 new_chandef.width, new_chandef.center_freq1, 1184 new_chandef.center_freq2); 1185 ieee80211_queue_work(&local->hw, 1186 &ifmgd->csa_connection_drop_work); 1187 return; 1188 } 1189 1190 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 1191 1192 if (local->use_chanctx) { 1193 sdata_info(sdata, 1194 "not handling channel switch with channel contexts\n"); 1195 ieee80211_queue_work(&local->hw, 1196 &ifmgd->csa_connection_drop_work); 1197 return; 1198 } 1199 1200 mutex_lock(&local->chanctx_mtx); 1201 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { 1202 mutex_unlock(&local->chanctx_mtx); 1203 return; 1204 } 1205 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), 1206 struct ieee80211_chanctx, conf); 1207 if (chanctx->refcount > 1) { 1208 sdata_info(sdata, 1209 "channel switch with multiple interfaces on the same channel, disconnecting\n"); 1210 ieee80211_queue_work(&local->hw, 1211 &ifmgd->csa_connection_drop_work); 1212 mutex_unlock(&local->chanctx_mtx); 1213 return; 1214 } 1215 mutex_unlock(&local->chanctx_mtx); 1216 1217 local->csa_chandef = new_chandef; 1218 1219 if (mode) 1220 ieee80211_stop_queues_by_reason(&local->hw, 1221 IEEE80211_MAX_QUEUE_MAP, 1222 IEEE80211_QUEUE_STOP_REASON_CSA); 1223 1224 if (local->ops->channel_switch) { 1225 /* use driver's channel switch callback */ 1226 struct ieee80211_channel_switch ch_switch = { 1227 .timestamp = timestamp, 1228 .block_tx = mode, 1229 .chandef = new_chandef, 1230 .count = count, 1231 }; 1232 1233 drv_channel_switch(local, &ch_switch); 1234 return; 1235 } 1236 1237 /* channel switch handled in software */ 1238 if (count <= 1) 1239 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1240 else 1241 mod_timer(&ifmgd->chswitch_timer, 1242 TU_TO_EXP_TIME(count * cbss->beacon_interval)); 1243 } 1244 1245 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1246 struct ieee80211_channel *channel, 1247 const u8 *country_ie, u8 country_ie_len, 1248 const u8 *pwr_constr_elem) 1249 { 1250 struct ieee80211_country_ie_triplet *triplet; 1251 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1252 int i, chan_pwr, chan_increment, new_ap_level; 1253 bool have_chan_pwr = false; 1254 1255 /* Invalid IE */ 1256 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1257 return 0; 1258 1259 triplet = (void *)(country_ie + 3); 1260 country_ie_len -= 3; 1261 1262 switch (channel->band) { 1263 default: 1264 WARN_ON_ONCE(1); 1265 /* fall through */ 1266 case IEEE80211_BAND_2GHZ: 1267 case IEEE80211_BAND_60GHZ: 1268 chan_increment = 1; 1269 break; 1270 case IEEE80211_BAND_5GHZ: 1271 chan_increment = 4; 1272 break; 1273 } 1274 1275 /* find channel */ 1276 while (country_ie_len >= 3) { 1277 u8 first_channel = triplet->chans.first_channel; 1278 1279 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1280 goto next; 1281 1282 for (i = 0; i < triplet->chans.num_channels; i++) { 1283 if (first_channel + i * chan_increment == chan) { 1284 have_chan_pwr = true; 1285 chan_pwr = triplet->chans.max_power; 1286 break; 1287 } 1288 } 1289 if (have_chan_pwr) 1290 break; 1291 1292 next: 1293 triplet++; 1294 country_ie_len -= 3; 1295 } 1296 1297 if (!have_chan_pwr) 1298 return 0; 1299 1300 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem); 1301 1302 if (sdata->ap_power_level == new_ap_level) 1303 return 0; 1304 1305 sdata_info(sdata, 1306 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1307 new_ap_level, chan_pwr, *pwr_constr_elem, 1308 sdata->u.mgd.bssid); 1309 sdata->ap_power_level = new_ap_level; 1310 if (__ieee80211_recalc_txpower(sdata)) 1311 return BSS_CHANGED_TXPOWER; 1312 return 0; 1313 } 1314 1315 /* powersave */ 1316 static void ieee80211_enable_ps(struct ieee80211_local *local, 1317 struct ieee80211_sub_if_data *sdata) 1318 { 1319 struct ieee80211_conf *conf = &local->hw.conf; 1320 1321 /* 1322 * If we are scanning right now then the parameters will 1323 * take effect when scan finishes. 1324 */ 1325 if (local->scanning) 1326 return; 1327 1328 if (conf->dynamic_ps_timeout > 0 && 1329 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1330 mod_timer(&local->dynamic_ps_timer, jiffies + 1331 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1332 } else { 1333 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1334 ieee80211_send_nullfunc(local, sdata, 1); 1335 1336 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1337 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1338 return; 1339 1340 conf->flags |= IEEE80211_CONF_PS; 1341 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1342 } 1343 } 1344 1345 static void ieee80211_change_ps(struct ieee80211_local *local) 1346 { 1347 struct ieee80211_conf *conf = &local->hw.conf; 1348 1349 if (local->ps_sdata) { 1350 ieee80211_enable_ps(local, local->ps_sdata); 1351 } else if (conf->flags & IEEE80211_CONF_PS) { 1352 conf->flags &= ~IEEE80211_CONF_PS; 1353 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1354 del_timer_sync(&local->dynamic_ps_timer); 1355 cancel_work_sync(&local->dynamic_ps_enable_work); 1356 } 1357 } 1358 1359 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1360 { 1361 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1362 struct sta_info *sta = NULL; 1363 bool authorized = false; 1364 1365 if (!mgd->powersave) 1366 return false; 1367 1368 if (mgd->broken_ap) 1369 return false; 1370 1371 if (!mgd->associated) 1372 return false; 1373 1374 if (mgd->flags & (IEEE80211_STA_BEACON_POLL | 1375 IEEE80211_STA_CONNECTION_POLL)) 1376 return false; 1377 1378 rcu_read_lock(); 1379 sta = sta_info_get(sdata, mgd->bssid); 1380 if (sta) 1381 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1382 rcu_read_unlock(); 1383 1384 return authorized; 1385 } 1386 1387 /* need to hold RTNL or interface lock */ 1388 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1389 { 1390 struct ieee80211_sub_if_data *sdata, *found = NULL; 1391 int count = 0; 1392 int timeout; 1393 1394 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1395 local->ps_sdata = NULL; 1396 return; 1397 } 1398 1399 list_for_each_entry(sdata, &local->interfaces, list) { 1400 if (!ieee80211_sdata_running(sdata)) 1401 continue; 1402 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1403 /* If an AP vif is found, then disable PS 1404 * by setting the count to zero thereby setting 1405 * ps_sdata to NULL. 1406 */ 1407 count = 0; 1408 break; 1409 } 1410 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1411 continue; 1412 found = sdata; 1413 count++; 1414 } 1415 1416 if (count == 1 && ieee80211_powersave_allowed(found)) { 1417 s32 beaconint_us; 1418 1419 if (latency < 0) 1420 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1421 1422 beaconint_us = ieee80211_tu_to_usec( 1423 found->vif.bss_conf.beacon_int); 1424 1425 timeout = local->dynamic_ps_forced_timeout; 1426 if (timeout < 0) { 1427 /* 1428 * Go to full PSM if the user configures a very low 1429 * latency requirement. 1430 * The 2000 second value is there for compatibility 1431 * until the PM_QOS_NETWORK_LATENCY is configured 1432 * with real values. 1433 */ 1434 if (latency > (1900 * USEC_PER_MSEC) && 1435 latency != (2000 * USEC_PER_SEC)) 1436 timeout = 0; 1437 else 1438 timeout = 100; 1439 } 1440 local->hw.conf.dynamic_ps_timeout = timeout; 1441 1442 if (beaconint_us > latency) { 1443 local->ps_sdata = NULL; 1444 } else { 1445 int maxslp = 1; 1446 u8 dtimper = found->u.mgd.dtim_period; 1447 1448 /* If the TIM IE is invalid, pretend the value is 1 */ 1449 if (!dtimper) 1450 dtimper = 1; 1451 else if (dtimper > 1) 1452 maxslp = min_t(int, dtimper, 1453 latency / beaconint_us); 1454 1455 local->hw.conf.max_sleep_period = maxslp; 1456 local->hw.conf.ps_dtim_period = dtimper; 1457 local->ps_sdata = found; 1458 } 1459 } else { 1460 local->ps_sdata = NULL; 1461 } 1462 1463 ieee80211_change_ps(local); 1464 } 1465 1466 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1467 { 1468 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1469 1470 if (sdata->vif.bss_conf.ps != ps_allowed) { 1471 sdata->vif.bss_conf.ps = ps_allowed; 1472 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1473 } 1474 } 1475 1476 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1477 { 1478 struct ieee80211_local *local = 1479 container_of(work, struct ieee80211_local, 1480 dynamic_ps_disable_work); 1481 1482 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1483 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1484 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1485 } 1486 1487 ieee80211_wake_queues_by_reason(&local->hw, 1488 IEEE80211_MAX_QUEUE_MAP, 1489 IEEE80211_QUEUE_STOP_REASON_PS); 1490 } 1491 1492 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1493 { 1494 struct ieee80211_local *local = 1495 container_of(work, struct ieee80211_local, 1496 dynamic_ps_enable_work); 1497 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1498 struct ieee80211_if_managed *ifmgd; 1499 unsigned long flags; 1500 int q; 1501 1502 /* can only happen when PS was just disabled anyway */ 1503 if (!sdata) 1504 return; 1505 1506 ifmgd = &sdata->u.mgd; 1507 1508 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1509 return; 1510 1511 if (local->hw.conf.dynamic_ps_timeout > 0) { 1512 /* don't enter PS if TX frames are pending */ 1513 if (drv_tx_frames_pending(local)) { 1514 mod_timer(&local->dynamic_ps_timer, jiffies + 1515 msecs_to_jiffies( 1516 local->hw.conf.dynamic_ps_timeout)); 1517 return; 1518 } 1519 1520 /* 1521 * transmission can be stopped by others which leads to 1522 * dynamic_ps_timer expiry. Postpone the ps timer if it 1523 * is not the actual idle state. 1524 */ 1525 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1526 for (q = 0; q < local->hw.queues; q++) { 1527 if (local->queue_stop_reasons[q]) { 1528 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1529 flags); 1530 mod_timer(&local->dynamic_ps_timer, jiffies + 1531 msecs_to_jiffies( 1532 local->hw.conf.dynamic_ps_timeout)); 1533 return; 1534 } 1535 } 1536 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1537 } 1538 1539 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1540 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1541 if (drv_tx_frames_pending(local)) { 1542 mod_timer(&local->dynamic_ps_timer, jiffies + 1543 msecs_to_jiffies( 1544 local->hw.conf.dynamic_ps_timeout)); 1545 } else { 1546 ieee80211_send_nullfunc(local, sdata, 1); 1547 /* Flush to get the tx status of nullfunc frame */ 1548 ieee80211_flush_queues(local, sdata); 1549 } 1550 } 1551 1552 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1553 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1554 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1555 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1556 local->hw.conf.flags |= IEEE80211_CONF_PS; 1557 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1558 } 1559 } 1560 1561 void ieee80211_dynamic_ps_timer(unsigned long data) 1562 { 1563 struct ieee80211_local *local = (void *) data; 1564 1565 if (local->quiescing || local->suspended) 1566 return; 1567 1568 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1569 } 1570 1571 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1572 { 1573 struct delayed_work *delayed_work = 1574 container_of(work, struct delayed_work, work); 1575 struct ieee80211_sub_if_data *sdata = 1576 container_of(delayed_work, struct ieee80211_sub_if_data, 1577 dfs_cac_timer_work); 1578 1579 ieee80211_vif_release_channel(sdata); 1580 1581 cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL); 1582 } 1583 1584 /* MLME */ 1585 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1586 struct ieee80211_sub_if_data *sdata, 1587 const u8 *wmm_param, size_t wmm_param_len) 1588 { 1589 struct ieee80211_tx_queue_params params; 1590 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1591 size_t left; 1592 int count; 1593 const u8 *pos; 1594 u8 uapsd_queues = 0; 1595 1596 if (!local->ops->conf_tx) 1597 return false; 1598 1599 if (local->hw.queues < IEEE80211_NUM_ACS) 1600 return false; 1601 1602 if (!wmm_param) 1603 return false; 1604 1605 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1606 return false; 1607 1608 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1609 uapsd_queues = ifmgd->uapsd_queues; 1610 1611 count = wmm_param[6] & 0x0f; 1612 if (count == ifmgd->wmm_last_param_set) 1613 return false; 1614 ifmgd->wmm_last_param_set = count; 1615 1616 pos = wmm_param + 8; 1617 left = wmm_param_len - 8; 1618 1619 memset(¶ms, 0, sizeof(params)); 1620 1621 sdata->wmm_acm = 0; 1622 for (; left >= 4; left -= 4, pos += 4) { 1623 int aci = (pos[0] >> 5) & 0x03; 1624 int acm = (pos[0] >> 4) & 0x01; 1625 bool uapsd = false; 1626 int queue; 1627 1628 switch (aci) { 1629 case 1: /* AC_BK */ 1630 queue = 3; 1631 if (acm) 1632 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1633 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1634 uapsd = true; 1635 break; 1636 case 2: /* AC_VI */ 1637 queue = 1; 1638 if (acm) 1639 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1640 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1641 uapsd = true; 1642 break; 1643 case 3: /* AC_VO */ 1644 queue = 0; 1645 if (acm) 1646 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1647 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1648 uapsd = true; 1649 break; 1650 case 0: /* AC_BE */ 1651 default: 1652 queue = 2; 1653 if (acm) 1654 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1655 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1656 uapsd = true; 1657 break; 1658 } 1659 1660 params.aifs = pos[0] & 0x0f; 1661 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1662 params.cw_min = ecw2cw(pos[1] & 0x0f); 1663 params.txop = get_unaligned_le16(pos + 2); 1664 params.acm = acm; 1665 params.uapsd = uapsd; 1666 1667 mlme_dbg(sdata, 1668 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 1669 queue, aci, acm, 1670 params.aifs, params.cw_min, params.cw_max, 1671 params.txop, params.uapsd); 1672 sdata->tx_conf[queue] = params; 1673 if (drv_conf_tx(local, sdata, queue, ¶ms)) 1674 sdata_err(sdata, 1675 "failed to set TX queue parameters for queue %d\n", 1676 queue); 1677 } 1678 1679 /* enable WMM or activate new settings */ 1680 sdata->vif.bss_conf.qos = true; 1681 return true; 1682 } 1683 1684 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1685 { 1686 lockdep_assert_held(&sdata->local->mtx); 1687 1688 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1689 IEEE80211_STA_BEACON_POLL); 1690 ieee80211_run_deferred_scan(sdata->local); 1691 } 1692 1693 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1694 { 1695 mutex_lock(&sdata->local->mtx); 1696 __ieee80211_stop_poll(sdata); 1697 mutex_unlock(&sdata->local->mtx); 1698 } 1699 1700 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1701 u16 capab, bool erp_valid, u8 erp) 1702 { 1703 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1704 u32 changed = 0; 1705 bool use_protection; 1706 bool use_short_preamble; 1707 bool use_short_slot; 1708 1709 if (erp_valid) { 1710 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1711 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1712 } else { 1713 use_protection = false; 1714 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1715 } 1716 1717 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1718 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1719 use_short_slot = true; 1720 1721 if (use_protection != bss_conf->use_cts_prot) { 1722 bss_conf->use_cts_prot = use_protection; 1723 changed |= BSS_CHANGED_ERP_CTS_PROT; 1724 } 1725 1726 if (use_short_preamble != bss_conf->use_short_preamble) { 1727 bss_conf->use_short_preamble = use_short_preamble; 1728 changed |= BSS_CHANGED_ERP_PREAMBLE; 1729 } 1730 1731 if (use_short_slot != bss_conf->use_short_slot) { 1732 bss_conf->use_short_slot = use_short_slot; 1733 changed |= BSS_CHANGED_ERP_SLOT; 1734 } 1735 1736 return changed; 1737 } 1738 1739 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1740 struct cfg80211_bss *cbss, 1741 u32 bss_info_changed) 1742 { 1743 struct ieee80211_bss *bss = (void *)cbss->priv; 1744 struct ieee80211_local *local = sdata->local; 1745 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1746 1747 bss_info_changed |= BSS_CHANGED_ASSOC; 1748 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1749 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1750 1751 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1752 beacon_loss_count * bss_conf->beacon_int)); 1753 1754 sdata->u.mgd.associated = cbss; 1755 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1756 1757 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1758 1759 if (sdata->vif.p2p) { 1760 const struct cfg80211_bss_ies *ies; 1761 1762 rcu_read_lock(); 1763 ies = rcu_dereference(cbss->ies); 1764 if (ies) { 1765 int ret; 1766 1767 ret = cfg80211_get_p2p_attr( 1768 ies->data, ies->len, 1769 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1770 (u8 *) &bss_conf->p2p_noa_attr, 1771 sizeof(bss_conf->p2p_noa_attr)); 1772 if (ret >= 2) { 1773 sdata->u.mgd.p2p_noa_index = 1774 bss_conf->p2p_noa_attr.index; 1775 bss_info_changed |= BSS_CHANGED_P2P_PS; 1776 } 1777 } 1778 rcu_read_unlock(); 1779 } 1780 1781 /* just to be sure */ 1782 ieee80211_stop_poll(sdata); 1783 1784 ieee80211_led_assoc(local, 1); 1785 1786 if (sdata->u.mgd.assoc_data->have_beacon) { 1787 /* 1788 * If the AP is buggy we may get here with no DTIM period 1789 * known, so assume it's 1 which is the only safe assumption 1790 * in that case, although if the TIM IE is broken powersave 1791 * probably just won't work at all. 1792 */ 1793 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1794 bss_info_changed |= BSS_CHANGED_DTIM_PERIOD; 1795 } else { 1796 bss_conf->dtim_period = 0; 1797 } 1798 1799 bss_conf->assoc = 1; 1800 1801 /* Tell the driver to monitor connection quality (if supported) */ 1802 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1803 bss_conf->cqm_rssi_thold) 1804 bss_info_changed |= BSS_CHANGED_CQM; 1805 1806 /* Enable ARP filtering */ 1807 if (bss_conf->arp_addr_cnt) 1808 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1809 1810 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1811 1812 mutex_lock(&local->iflist_mtx); 1813 ieee80211_recalc_ps(local, -1); 1814 mutex_unlock(&local->iflist_mtx); 1815 1816 ieee80211_recalc_smps(sdata); 1817 ieee80211_recalc_ps_vif(sdata); 1818 1819 netif_carrier_on(sdata->dev); 1820 } 1821 1822 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1823 u16 stype, u16 reason, bool tx, 1824 u8 *frame_buf) 1825 { 1826 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1827 struct ieee80211_local *local = sdata->local; 1828 u32 changed = 0; 1829 1830 ASSERT_MGD_MTX(ifmgd); 1831 1832 if (WARN_ON_ONCE(tx && !frame_buf)) 1833 return; 1834 1835 if (WARN_ON(!ifmgd->associated)) 1836 return; 1837 1838 ieee80211_stop_poll(sdata); 1839 1840 ifmgd->associated = NULL; 1841 netif_carrier_off(sdata->dev); 1842 1843 /* 1844 * if we want to get out of ps before disassoc (why?) we have 1845 * to do it before sending disassoc, as otherwise the null-packet 1846 * won't be valid. 1847 */ 1848 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1849 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1850 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1851 } 1852 local->ps_sdata = NULL; 1853 1854 /* disable per-vif ps */ 1855 ieee80211_recalc_ps_vif(sdata); 1856 1857 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1858 if (tx) 1859 ieee80211_flush_queues(local, sdata); 1860 1861 /* deauthenticate/disassociate now */ 1862 if (tx || frame_buf) 1863 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1864 reason, tx, frame_buf); 1865 1866 /* flush out frame */ 1867 if (tx) 1868 ieee80211_flush_queues(local, sdata); 1869 1870 /* clear bssid only after building the needed mgmt frames */ 1871 memset(ifmgd->bssid, 0, ETH_ALEN); 1872 1873 /* remove AP and TDLS peers */ 1874 sta_info_flush_defer(sdata); 1875 1876 /* finally reset all BSS / config parameters */ 1877 changed |= ieee80211_reset_erp_info(sdata); 1878 1879 ieee80211_led_assoc(local, 0); 1880 changed |= BSS_CHANGED_ASSOC; 1881 sdata->vif.bss_conf.assoc = false; 1882 1883 ifmgd->p2p_noa_index = -1; 1884 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 1885 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 1886 1887 /* on the next assoc, re-program HT/VHT parameters */ 1888 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1889 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 1890 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 1891 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 1892 1893 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 1894 1895 del_timer_sync(&local->dynamic_ps_timer); 1896 cancel_work_sync(&local->dynamic_ps_enable_work); 1897 1898 /* Disable ARP filtering */ 1899 if (sdata->vif.bss_conf.arp_addr_cnt) 1900 changed |= BSS_CHANGED_ARP_FILTER; 1901 1902 sdata->vif.bss_conf.qos = false; 1903 changed |= BSS_CHANGED_QOS; 1904 1905 /* The BSSID (not really interesting) and HT changed */ 1906 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1907 ieee80211_bss_info_change_notify(sdata, changed); 1908 1909 /* disassociated - set to defaults now */ 1910 ieee80211_set_wmm_default(sdata, false); 1911 1912 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1913 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1914 del_timer_sync(&sdata->u.mgd.timer); 1915 del_timer_sync(&sdata->u.mgd.chswitch_timer); 1916 1917 sdata->vif.bss_conf.dtim_period = 0; 1918 1919 ifmgd->flags = 0; 1920 ieee80211_vif_release_channel(sdata); 1921 } 1922 1923 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1924 struct ieee80211_hdr *hdr) 1925 { 1926 /* 1927 * We can postpone the mgd.timer whenever receiving unicast frames 1928 * from AP because we know that the connection is working both ways 1929 * at that time. But multicast frames (and hence also beacons) must 1930 * be ignored here, because we need to trigger the timer during 1931 * data idle periods for sending the periodic probe request to the 1932 * AP we're connected to. 1933 */ 1934 if (is_multicast_ether_addr(hdr->addr1)) 1935 return; 1936 1937 ieee80211_sta_reset_conn_monitor(sdata); 1938 } 1939 1940 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 1941 { 1942 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1943 struct ieee80211_local *local = sdata->local; 1944 1945 mutex_lock(&local->mtx); 1946 if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1947 IEEE80211_STA_CONNECTION_POLL))) { 1948 mutex_unlock(&local->mtx); 1949 return; 1950 } 1951 1952 __ieee80211_stop_poll(sdata); 1953 1954 mutex_lock(&local->iflist_mtx); 1955 ieee80211_recalc_ps(local, -1); 1956 mutex_unlock(&local->iflist_mtx); 1957 1958 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1959 goto out; 1960 1961 /* 1962 * We've received a probe response, but are not sure whether 1963 * we have or will be receiving any beacons or data, so let's 1964 * schedule the timers again, just in case. 1965 */ 1966 ieee80211_sta_reset_beacon_monitor(sdata); 1967 1968 mod_timer(&ifmgd->conn_mon_timer, 1969 round_jiffies_up(jiffies + 1970 IEEE80211_CONNECTION_IDLE_TIME)); 1971 out: 1972 mutex_unlock(&local->mtx); 1973 } 1974 1975 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1976 struct ieee80211_hdr *hdr, bool ack) 1977 { 1978 if (!ieee80211_is_data(hdr->frame_control)) 1979 return; 1980 1981 if (ieee80211_is_nullfunc(hdr->frame_control) && 1982 sdata->u.mgd.probe_send_count > 0) { 1983 if (ack) 1984 ieee80211_sta_reset_conn_monitor(sdata); 1985 else 1986 sdata->u.mgd.nullfunc_failed = true; 1987 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 1988 return; 1989 } 1990 1991 if (ack) 1992 ieee80211_sta_reset_conn_monitor(sdata); 1993 } 1994 1995 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 1996 { 1997 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1998 const u8 *ssid; 1999 u8 *dst = ifmgd->associated->bssid; 2000 u8 unicast_limit = max(1, max_probe_tries - 3); 2001 2002 /* 2003 * Try sending broadcast probe requests for the last three 2004 * probe requests after the first ones failed since some 2005 * buggy APs only support broadcast probe requests. 2006 */ 2007 if (ifmgd->probe_send_count >= unicast_limit) 2008 dst = NULL; 2009 2010 /* 2011 * When the hardware reports an accurate Tx ACK status, it's 2012 * better to send a nullfunc frame instead of a probe request, 2013 * as it will kick us off the AP quickly if we aren't associated 2014 * anymore. The timeout will be reset if the frame is ACKed by 2015 * the AP. 2016 */ 2017 ifmgd->probe_send_count++; 2018 2019 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 2020 ifmgd->nullfunc_failed = false; 2021 ieee80211_send_nullfunc(sdata->local, sdata, 0); 2022 } else { 2023 int ssid_len; 2024 2025 rcu_read_lock(); 2026 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 2027 if (WARN_ON_ONCE(ssid == NULL)) 2028 ssid_len = 0; 2029 else 2030 ssid_len = ssid[1]; 2031 2032 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 2033 0, (u32) -1, true, 0, 2034 ifmgd->associated->channel, false); 2035 rcu_read_unlock(); 2036 } 2037 2038 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 2039 run_again(ifmgd, ifmgd->probe_timeout); 2040 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2041 ieee80211_flush_queues(sdata->local, sdata); 2042 } 2043 2044 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 2045 bool beacon) 2046 { 2047 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2048 bool already = false; 2049 2050 if (!ieee80211_sdata_running(sdata)) 2051 return; 2052 2053 mutex_lock(&ifmgd->mtx); 2054 2055 if (!ifmgd->associated) 2056 goto out; 2057 2058 mutex_lock(&sdata->local->mtx); 2059 2060 if (sdata->local->tmp_channel || sdata->local->scanning) { 2061 mutex_unlock(&sdata->local->mtx); 2062 goto out; 2063 } 2064 2065 if (beacon) { 2066 mlme_dbg_ratelimited(sdata, 2067 "detected beacon loss from AP (missed %d beacons) - probing\n", 2068 beacon_loss_count); 2069 2070 ieee80211_cqm_rssi_notify(&sdata->vif, 2071 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, 2072 GFP_KERNEL); 2073 } 2074 2075 /* 2076 * The driver/our work has already reported this event or the 2077 * connection monitoring has kicked in and we have already sent 2078 * a probe request. Or maybe the AP died and the driver keeps 2079 * reporting until we disassociate... 2080 * 2081 * In either case we have to ignore the current call to this 2082 * function (except for setting the correct probe reason bit) 2083 * because otherwise we would reset the timer every time and 2084 * never check whether we received a probe response! 2085 */ 2086 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 2087 IEEE80211_STA_CONNECTION_POLL)) 2088 already = true; 2089 2090 if (beacon) 2091 ifmgd->flags |= IEEE80211_STA_BEACON_POLL; 2092 else 2093 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 2094 2095 mutex_unlock(&sdata->local->mtx); 2096 2097 if (already) 2098 goto out; 2099 2100 mutex_lock(&sdata->local->iflist_mtx); 2101 ieee80211_recalc_ps(sdata->local, -1); 2102 mutex_unlock(&sdata->local->iflist_mtx); 2103 2104 ifmgd->probe_send_count = 0; 2105 ieee80211_mgd_probe_ap_send(sdata); 2106 out: 2107 mutex_unlock(&ifmgd->mtx); 2108 } 2109 2110 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 2111 struct ieee80211_vif *vif) 2112 { 2113 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2114 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2115 struct cfg80211_bss *cbss; 2116 struct sk_buff *skb; 2117 const u8 *ssid; 2118 int ssid_len; 2119 2120 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2121 return NULL; 2122 2123 ASSERT_MGD_MTX(ifmgd); 2124 2125 if (ifmgd->associated) 2126 cbss = ifmgd->associated; 2127 else if (ifmgd->auth_data) 2128 cbss = ifmgd->auth_data->bss; 2129 else if (ifmgd->assoc_data) 2130 cbss = ifmgd->assoc_data->bss; 2131 else 2132 return NULL; 2133 2134 rcu_read_lock(); 2135 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 2136 if (WARN_ON_ONCE(ssid == NULL)) 2137 ssid_len = 0; 2138 else 2139 ssid_len = ssid[1]; 2140 2141 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 2142 (u32) -1, cbss->channel, 2143 ssid + 2, ssid_len, 2144 NULL, 0, true); 2145 rcu_read_unlock(); 2146 2147 return skb; 2148 } 2149 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2150 2151 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2152 { 2153 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2154 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2155 2156 mutex_lock(&ifmgd->mtx); 2157 if (!ifmgd->associated) { 2158 mutex_unlock(&ifmgd->mtx); 2159 return; 2160 } 2161 2162 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2163 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2164 true, frame_buf); 2165 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 2166 ieee80211_wake_queues_by_reason(&sdata->local->hw, 2167 IEEE80211_MAX_QUEUE_MAP, 2168 IEEE80211_QUEUE_STOP_REASON_CSA); 2169 mutex_unlock(&ifmgd->mtx); 2170 2171 /* 2172 * must be outside lock due to cfg80211, 2173 * but that's not a problem. 2174 */ 2175 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN); 2176 } 2177 2178 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2179 { 2180 struct ieee80211_sub_if_data *sdata = 2181 container_of(work, struct ieee80211_sub_if_data, 2182 u.mgd.beacon_connection_loss_work); 2183 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2184 struct sta_info *sta; 2185 2186 if (ifmgd->associated) { 2187 rcu_read_lock(); 2188 sta = sta_info_get(sdata, ifmgd->bssid); 2189 if (sta) 2190 sta->beacon_loss_count++; 2191 rcu_read_unlock(); 2192 } 2193 2194 if (ifmgd->connection_loss) { 2195 sdata_info(sdata, "Connection to AP %pM lost\n", 2196 ifmgd->bssid); 2197 __ieee80211_disconnect(sdata); 2198 } else { 2199 ieee80211_mgd_probe_ap(sdata, true); 2200 } 2201 } 2202 2203 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2204 { 2205 struct ieee80211_sub_if_data *sdata = 2206 container_of(work, struct ieee80211_sub_if_data, 2207 u.mgd.csa_connection_drop_work); 2208 2209 __ieee80211_disconnect(sdata); 2210 } 2211 2212 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2213 { 2214 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2215 struct ieee80211_hw *hw = &sdata->local->hw; 2216 2217 trace_api_beacon_loss(sdata); 2218 2219 sdata->u.mgd.connection_loss = false; 2220 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2221 } 2222 EXPORT_SYMBOL(ieee80211_beacon_loss); 2223 2224 void ieee80211_connection_loss(struct ieee80211_vif *vif) 2225 { 2226 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2227 struct ieee80211_hw *hw = &sdata->local->hw; 2228 2229 trace_api_connection_loss(sdata); 2230 2231 sdata->u.mgd.connection_loss = true; 2232 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2233 } 2234 EXPORT_SYMBOL(ieee80211_connection_loss); 2235 2236 2237 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2238 bool assoc) 2239 { 2240 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2241 2242 lockdep_assert_held(&sdata->u.mgd.mtx); 2243 2244 if (!assoc) { 2245 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2246 2247 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2248 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2249 sdata->u.mgd.flags = 0; 2250 ieee80211_vif_release_channel(sdata); 2251 } 2252 2253 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2254 kfree(auth_data); 2255 sdata->u.mgd.auth_data = NULL; 2256 } 2257 2258 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2259 struct ieee80211_mgmt *mgmt, size_t len) 2260 { 2261 struct ieee80211_local *local = sdata->local; 2262 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2263 u8 *pos; 2264 struct ieee802_11_elems elems; 2265 u32 tx_flags = 0; 2266 2267 pos = mgmt->u.auth.variable; 2268 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2269 if (!elems.challenge) 2270 return; 2271 auth_data->expected_transaction = 4; 2272 drv_mgd_prepare_tx(sdata->local, sdata); 2273 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2274 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2275 IEEE80211_TX_INTFL_MLME_CONN_TX; 2276 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2277 elems.challenge - 2, elems.challenge_len + 2, 2278 auth_data->bss->bssid, auth_data->bss->bssid, 2279 auth_data->key, auth_data->key_len, 2280 auth_data->key_idx, tx_flags); 2281 } 2282 2283 static enum rx_mgmt_action __must_check 2284 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2285 struct ieee80211_mgmt *mgmt, size_t len) 2286 { 2287 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2288 u8 bssid[ETH_ALEN]; 2289 u16 auth_alg, auth_transaction, status_code; 2290 struct sta_info *sta; 2291 2292 lockdep_assert_held(&ifmgd->mtx); 2293 2294 if (len < 24 + 6) 2295 return RX_MGMT_NONE; 2296 2297 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2298 return RX_MGMT_NONE; 2299 2300 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2301 2302 if (!ether_addr_equal(bssid, mgmt->bssid)) 2303 return RX_MGMT_NONE; 2304 2305 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2306 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2307 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2308 2309 if (auth_alg != ifmgd->auth_data->algorithm || 2310 auth_transaction != ifmgd->auth_data->expected_transaction) { 2311 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2312 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2313 auth_transaction, 2314 ifmgd->auth_data->expected_transaction); 2315 return RX_MGMT_NONE; 2316 } 2317 2318 if (status_code != WLAN_STATUS_SUCCESS) { 2319 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2320 mgmt->sa, status_code); 2321 ieee80211_destroy_auth_data(sdata, false); 2322 return RX_MGMT_CFG80211_RX_AUTH; 2323 } 2324 2325 switch (ifmgd->auth_data->algorithm) { 2326 case WLAN_AUTH_OPEN: 2327 case WLAN_AUTH_LEAP: 2328 case WLAN_AUTH_FT: 2329 case WLAN_AUTH_SAE: 2330 break; 2331 case WLAN_AUTH_SHARED_KEY: 2332 if (ifmgd->auth_data->expected_transaction != 4) { 2333 ieee80211_auth_challenge(sdata, mgmt, len); 2334 /* need another frame */ 2335 return RX_MGMT_NONE; 2336 } 2337 break; 2338 default: 2339 WARN_ONCE(1, "invalid auth alg %d", 2340 ifmgd->auth_data->algorithm); 2341 return RX_MGMT_NONE; 2342 } 2343 2344 sdata_info(sdata, "authenticated\n"); 2345 ifmgd->auth_data->done = true; 2346 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2347 ifmgd->auth_data->timeout_started = true; 2348 run_again(ifmgd, ifmgd->auth_data->timeout); 2349 2350 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2351 ifmgd->auth_data->expected_transaction != 2) { 2352 /* 2353 * Report auth frame to user space for processing since another 2354 * round of Authentication frames is still needed. 2355 */ 2356 return RX_MGMT_CFG80211_RX_AUTH; 2357 } 2358 2359 /* move station state to auth */ 2360 mutex_lock(&sdata->local->sta_mtx); 2361 sta = sta_info_get(sdata, bssid); 2362 if (!sta) { 2363 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2364 goto out_err; 2365 } 2366 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2367 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2368 goto out_err; 2369 } 2370 mutex_unlock(&sdata->local->sta_mtx); 2371 2372 return RX_MGMT_CFG80211_RX_AUTH; 2373 out_err: 2374 mutex_unlock(&sdata->local->sta_mtx); 2375 /* ignore frame -- wait for timeout */ 2376 return RX_MGMT_NONE; 2377 } 2378 2379 2380 static enum rx_mgmt_action __must_check 2381 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2382 struct ieee80211_mgmt *mgmt, size_t len) 2383 { 2384 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2385 const u8 *bssid = NULL; 2386 u16 reason_code; 2387 2388 lockdep_assert_held(&ifmgd->mtx); 2389 2390 if (len < 24 + 2) 2391 return RX_MGMT_NONE; 2392 2393 if (!ifmgd->associated || 2394 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2395 return RX_MGMT_NONE; 2396 2397 bssid = ifmgd->associated->bssid; 2398 2399 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2400 2401 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n", 2402 bssid, reason_code); 2403 2404 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2405 2406 return RX_MGMT_CFG80211_DEAUTH; 2407 } 2408 2409 2410 static enum rx_mgmt_action __must_check 2411 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2412 struct ieee80211_mgmt *mgmt, size_t len) 2413 { 2414 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2415 u16 reason_code; 2416 2417 lockdep_assert_held(&ifmgd->mtx); 2418 2419 if (len < 24 + 2) 2420 return RX_MGMT_NONE; 2421 2422 if (!ifmgd->associated || 2423 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2424 return RX_MGMT_NONE; 2425 2426 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2427 2428 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2429 mgmt->sa, reason_code); 2430 2431 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2432 2433 return RX_MGMT_CFG80211_DISASSOC; 2434 } 2435 2436 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2437 u8 *supp_rates, unsigned int supp_rates_len, 2438 u32 *rates, u32 *basic_rates, 2439 bool *have_higher_than_11mbit, 2440 int *min_rate, int *min_rate_index) 2441 { 2442 int i, j; 2443 2444 for (i = 0; i < supp_rates_len; i++) { 2445 int rate = (supp_rates[i] & 0x7f) * 5; 2446 bool is_basic = !!(supp_rates[i] & 0x80); 2447 2448 if (rate > 110) 2449 *have_higher_than_11mbit = true; 2450 2451 /* 2452 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2453 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2454 * 2455 * Note: Even through the membership selector and the basic 2456 * rate flag share the same bit, they are not exactly 2457 * the same. 2458 */ 2459 if (!!(supp_rates[i] & 0x80) && 2460 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2461 continue; 2462 2463 for (j = 0; j < sband->n_bitrates; j++) { 2464 if (sband->bitrates[j].bitrate == rate) { 2465 *rates |= BIT(j); 2466 if (is_basic) 2467 *basic_rates |= BIT(j); 2468 if (rate < *min_rate) { 2469 *min_rate = rate; 2470 *min_rate_index = j; 2471 } 2472 break; 2473 } 2474 } 2475 } 2476 } 2477 2478 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2479 bool assoc) 2480 { 2481 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2482 2483 lockdep_assert_held(&sdata->u.mgd.mtx); 2484 2485 if (!assoc) { 2486 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2487 2488 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2489 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2490 sdata->u.mgd.flags = 0; 2491 ieee80211_vif_release_channel(sdata); 2492 } 2493 2494 kfree(assoc_data); 2495 sdata->u.mgd.assoc_data = NULL; 2496 } 2497 2498 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2499 struct cfg80211_bss *cbss, 2500 struct ieee80211_mgmt *mgmt, size_t len) 2501 { 2502 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2503 struct ieee80211_local *local = sdata->local; 2504 struct ieee80211_supported_band *sband; 2505 struct sta_info *sta; 2506 u8 *pos; 2507 u16 capab_info, aid; 2508 struct ieee802_11_elems elems; 2509 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2510 u32 changed = 0; 2511 int err; 2512 2513 /* AssocResp and ReassocResp have identical structure */ 2514 2515 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2516 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2517 2518 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2519 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2520 aid); 2521 aid &= ~(BIT(15) | BIT(14)); 2522 2523 ifmgd->broken_ap = false; 2524 2525 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2526 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2527 aid); 2528 aid = 0; 2529 ifmgd->broken_ap = true; 2530 } 2531 2532 pos = mgmt->u.assoc_resp.variable; 2533 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2534 2535 if (!elems.supp_rates) { 2536 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2537 return false; 2538 } 2539 2540 ifmgd->aid = aid; 2541 2542 /* 2543 * We previously checked these in the beacon/probe response, so 2544 * they should be present here. This is just a safety net. 2545 */ 2546 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2547 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2548 sdata_info(sdata, 2549 "HT AP is missing WMM params or HT capability/operation in AssocResp\n"); 2550 return false; 2551 } 2552 2553 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2554 (!elems.vht_cap_elem || !elems.vht_operation)) { 2555 sdata_info(sdata, 2556 "VHT AP is missing VHT capability/operation in AssocResp\n"); 2557 return false; 2558 } 2559 2560 mutex_lock(&sdata->local->sta_mtx); 2561 /* 2562 * station info was already allocated and inserted before 2563 * the association and should be available to us 2564 */ 2565 sta = sta_info_get(sdata, cbss->bssid); 2566 if (WARN_ON(!sta)) { 2567 mutex_unlock(&sdata->local->sta_mtx); 2568 return false; 2569 } 2570 2571 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2572 2573 /* Set up internal HT/VHT capabilities */ 2574 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2575 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2576 elems.ht_cap_elem, sta); 2577 2578 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2579 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2580 elems.vht_cap_elem, sta); 2581 2582 /* 2583 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2584 * in their association response, so ignore that data for our own 2585 * configuration. If it changed since the last beacon, we'll get the 2586 * next beacon and update then. 2587 */ 2588 2589 /* 2590 * If an operating mode notification IE is present, override the 2591 * NSS calculation (that would be done in rate_control_rate_init()) 2592 * and use the # of streams from that element. 2593 */ 2594 if (elems.opmode_notif && 2595 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2596 u8 nss; 2597 2598 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2599 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2600 nss += 1; 2601 sta->sta.rx_nss = nss; 2602 } 2603 2604 rate_control_rate_init(sta); 2605 2606 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2607 set_sta_flag(sta, WLAN_STA_MFP); 2608 2609 if (elems.wmm_param) 2610 set_sta_flag(sta, WLAN_STA_WME); 2611 2612 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2613 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2614 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2615 if (err) { 2616 sdata_info(sdata, 2617 "failed to move station %pM to desired state\n", 2618 sta->sta.addr); 2619 WARN_ON(__sta_info_destroy(sta)); 2620 mutex_unlock(&sdata->local->sta_mtx); 2621 return false; 2622 } 2623 2624 mutex_unlock(&sdata->local->sta_mtx); 2625 2626 /* 2627 * Always handle WMM once after association regardless 2628 * of the first value the AP uses. Setting -1 here has 2629 * that effect because the AP values is an unsigned 2630 * 4-bit value. 2631 */ 2632 ifmgd->wmm_last_param_set = -1; 2633 2634 if (elems.wmm_param) 2635 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2636 elems.wmm_param_len); 2637 else 2638 ieee80211_set_wmm_default(sdata, false); 2639 changed |= BSS_CHANGED_QOS; 2640 2641 /* set AID and assoc capability, 2642 * ieee80211_set_associated() will tell the driver */ 2643 bss_conf->aid = aid; 2644 bss_conf->assoc_capability = capab_info; 2645 ieee80211_set_associated(sdata, cbss, changed); 2646 2647 /* 2648 * If we're using 4-addr mode, let the AP know that we're 2649 * doing so, so that it can create the STA VLAN on its side 2650 */ 2651 if (ifmgd->use_4addr) 2652 ieee80211_send_4addr_nullfunc(local, sdata); 2653 2654 /* 2655 * Start timer to probe the connection to the AP now. 2656 * Also start the timer that will detect beacon loss. 2657 */ 2658 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2659 ieee80211_sta_reset_beacon_monitor(sdata); 2660 2661 return true; 2662 } 2663 2664 static enum rx_mgmt_action __must_check 2665 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 2666 struct ieee80211_mgmt *mgmt, size_t len, 2667 struct cfg80211_bss **bss) 2668 { 2669 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2670 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2671 u16 capab_info, status_code, aid; 2672 struct ieee802_11_elems elems; 2673 u8 *pos; 2674 bool reassoc; 2675 2676 lockdep_assert_held(&ifmgd->mtx); 2677 2678 if (!assoc_data) 2679 return RX_MGMT_NONE; 2680 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 2681 return RX_MGMT_NONE; 2682 2683 /* 2684 * AssocResp and ReassocResp have identical structure, so process both 2685 * of them in this function. 2686 */ 2687 2688 if (len < 24 + 6) 2689 return RX_MGMT_NONE; 2690 2691 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 2692 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2693 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2694 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2695 2696 sdata_info(sdata, 2697 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 2698 reassoc ? "Rea" : "A", mgmt->sa, 2699 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2700 2701 pos = mgmt->u.assoc_resp.variable; 2702 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2703 2704 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2705 elems.timeout_int && 2706 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2707 u32 tu, ms; 2708 tu = le32_to_cpu(elems.timeout_int->value); 2709 ms = tu * 1024 / 1000; 2710 sdata_info(sdata, 2711 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2712 mgmt->sa, tu, ms); 2713 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 2714 assoc_data->timeout_started = true; 2715 if (ms > IEEE80211_ASSOC_TIMEOUT) 2716 run_again(ifmgd, assoc_data->timeout); 2717 return RX_MGMT_NONE; 2718 } 2719 2720 *bss = assoc_data->bss; 2721 2722 if (status_code != WLAN_STATUS_SUCCESS) { 2723 sdata_info(sdata, "%pM denied association (code=%d)\n", 2724 mgmt->sa, status_code); 2725 ieee80211_destroy_assoc_data(sdata, false); 2726 } else { 2727 if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) { 2728 /* oops -- internal error -- send timeout for now */ 2729 ieee80211_destroy_assoc_data(sdata, false); 2730 cfg80211_put_bss(sdata->local->hw.wiphy, *bss); 2731 return RX_MGMT_CFG80211_ASSOC_TIMEOUT; 2732 } 2733 sdata_info(sdata, "associated\n"); 2734 2735 /* 2736 * destroy assoc_data afterwards, as otherwise an idle 2737 * recalc after assoc_data is NULL but before associated 2738 * is set can cause the interface to go idle 2739 */ 2740 ieee80211_destroy_assoc_data(sdata, true); 2741 } 2742 2743 return RX_MGMT_CFG80211_RX_ASSOC; 2744 } 2745 2746 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2747 struct ieee80211_mgmt *mgmt, size_t len, 2748 struct ieee80211_rx_status *rx_status, 2749 struct ieee802_11_elems *elems) 2750 { 2751 struct ieee80211_local *local = sdata->local; 2752 int freq; 2753 struct ieee80211_bss *bss; 2754 struct ieee80211_channel *channel; 2755 bool need_ps = false; 2756 2757 lockdep_assert_held(&sdata->u.mgd.mtx); 2758 2759 if ((sdata->u.mgd.associated && 2760 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) || 2761 (sdata->u.mgd.assoc_data && 2762 ether_addr_equal(mgmt->bssid, 2763 sdata->u.mgd.assoc_data->bss->bssid))) { 2764 /* not previously set so we may need to recalc */ 2765 need_ps = sdata->u.mgd.associated && !sdata->u.mgd.dtim_period; 2766 2767 if (elems->tim && !elems->parse_error) { 2768 const struct ieee80211_tim_ie *tim_ie = elems->tim; 2769 sdata->u.mgd.dtim_period = tim_ie->dtim_period; 2770 } 2771 } 2772 2773 if (elems->ds_params) 2774 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2775 rx_status->band); 2776 else 2777 freq = rx_status->freq; 2778 2779 channel = ieee80211_get_channel(local->hw.wiphy, freq); 2780 2781 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 2782 return; 2783 2784 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 2785 channel); 2786 if (bss) 2787 ieee80211_rx_bss_put(local, bss); 2788 2789 if (!sdata->u.mgd.associated || 2790 !ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) 2791 return; 2792 2793 if (need_ps) { 2794 mutex_lock(&local->iflist_mtx); 2795 ieee80211_recalc_ps(local, -1); 2796 mutex_unlock(&local->iflist_mtx); 2797 } 2798 2799 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, elems); 2800 2801 } 2802 2803 2804 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 2805 struct sk_buff *skb) 2806 { 2807 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2808 struct ieee80211_if_managed *ifmgd; 2809 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 2810 size_t baselen, len = skb->len; 2811 struct ieee802_11_elems elems; 2812 2813 ifmgd = &sdata->u.mgd; 2814 2815 ASSERT_MGD_MTX(ifmgd); 2816 2817 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 2818 return; /* ignore ProbeResp to foreign address */ 2819 2820 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2821 if (baselen > len) 2822 return; 2823 2824 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2825 false, &elems); 2826 2827 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2828 2829 if (ifmgd->associated && 2830 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2831 ieee80211_reset_ap_probe(sdata); 2832 2833 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 2834 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 2835 /* got probe response, continue with auth */ 2836 sdata_info(sdata, "direct probe responded\n"); 2837 ifmgd->auth_data->tries = 0; 2838 ifmgd->auth_data->timeout = jiffies; 2839 ifmgd->auth_data->timeout_started = true; 2840 run_again(ifmgd, ifmgd->auth_data->timeout); 2841 } 2842 } 2843 2844 /* 2845 * This is the canonical list of information elements we care about, 2846 * the filter code also gives us all changes to the Microsoft OUI 2847 * (00:50:F2) vendor IE which is used for WMM which we need to track. 2848 * 2849 * We implement beacon filtering in software since that means we can 2850 * avoid processing the frame here and in cfg80211, and userspace 2851 * will not be able to tell whether the hardware supports it or not. 2852 * 2853 * XXX: This list needs to be dynamic -- userspace needs to be able to 2854 * add items it requires. It also needs to be able to tell us to 2855 * look out for other vendor IEs. 2856 */ 2857 static const u64 care_about_ies = 2858 (1ULL << WLAN_EID_COUNTRY) | 2859 (1ULL << WLAN_EID_ERP_INFO) | 2860 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 2861 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 2862 (1ULL << WLAN_EID_HT_CAPABILITY) | 2863 (1ULL << WLAN_EID_HT_OPERATION); 2864 2865 static enum rx_mgmt_action 2866 ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 2867 struct ieee80211_mgmt *mgmt, size_t len, 2868 u8 *deauth_buf, struct ieee80211_rx_status *rx_status) 2869 { 2870 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2871 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2872 size_t baselen; 2873 struct ieee802_11_elems elems; 2874 struct ieee80211_local *local = sdata->local; 2875 struct ieee80211_chanctx_conf *chanctx_conf; 2876 struct ieee80211_channel *chan; 2877 struct sta_info *sta; 2878 u32 changed = 0; 2879 bool erp_valid; 2880 u8 erp_value = 0; 2881 u32 ncrc; 2882 u8 *bssid; 2883 2884 lockdep_assert_held(&ifmgd->mtx); 2885 2886 /* Process beacon from the current BSS */ 2887 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2888 if (baselen > len) 2889 return RX_MGMT_NONE; 2890 2891 rcu_read_lock(); 2892 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 2893 if (!chanctx_conf) { 2894 rcu_read_unlock(); 2895 return RX_MGMT_NONE; 2896 } 2897 2898 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 2899 rcu_read_unlock(); 2900 return RX_MGMT_NONE; 2901 } 2902 chan = chanctx_conf->def.chan; 2903 rcu_read_unlock(); 2904 2905 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 2906 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2907 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2908 len - baselen, false, &elems); 2909 2910 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2911 ifmgd->assoc_data->have_beacon = true; 2912 ifmgd->assoc_data->need_beacon = false; 2913 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2914 sdata->vif.bss_conf.sync_tsf = 2915 le64_to_cpu(mgmt->u.beacon.timestamp); 2916 sdata->vif.bss_conf.sync_device_ts = 2917 rx_status->device_timestamp; 2918 if (elems.tim) 2919 sdata->vif.bss_conf.sync_dtim_count = 2920 elems.tim->dtim_count; 2921 else 2922 sdata->vif.bss_conf.sync_dtim_count = 0; 2923 } 2924 /* continue assoc process */ 2925 ifmgd->assoc_data->timeout = jiffies; 2926 ifmgd->assoc_data->timeout_started = true; 2927 run_again(ifmgd, ifmgd->assoc_data->timeout); 2928 return RX_MGMT_NONE; 2929 } 2930 2931 if (!ifmgd->associated || 2932 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2933 return RX_MGMT_NONE; 2934 bssid = ifmgd->associated->bssid; 2935 2936 /* Track average RSSI from the Beacon frames of the current AP */ 2937 ifmgd->last_beacon_signal = rx_status->signal; 2938 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 2939 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 2940 ifmgd->ave_beacon_signal = rx_status->signal * 16; 2941 ifmgd->last_cqm_event_signal = 0; 2942 ifmgd->count_beacon_signal = 1; 2943 ifmgd->last_ave_beacon_signal = 0; 2944 } else { 2945 ifmgd->ave_beacon_signal = 2946 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 2947 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 2948 ifmgd->ave_beacon_signal) / 16; 2949 ifmgd->count_beacon_signal++; 2950 } 2951 2952 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 2953 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 2954 int sig = ifmgd->ave_beacon_signal; 2955 int last_sig = ifmgd->last_ave_beacon_signal; 2956 2957 /* 2958 * if signal crosses either of the boundaries, invoke callback 2959 * with appropriate parameters 2960 */ 2961 if (sig > ifmgd->rssi_max_thold && 2962 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 2963 ifmgd->last_ave_beacon_signal = sig; 2964 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH); 2965 } else if (sig < ifmgd->rssi_min_thold && 2966 (last_sig >= ifmgd->rssi_max_thold || 2967 last_sig == 0)) { 2968 ifmgd->last_ave_beacon_signal = sig; 2969 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW); 2970 } 2971 } 2972 2973 if (bss_conf->cqm_rssi_thold && 2974 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 2975 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 2976 int sig = ifmgd->ave_beacon_signal / 16; 2977 int last_event = ifmgd->last_cqm_event_signal; 2978 int thold = bss_conf->cqm_rssi_thold; 2979 int hyst = bss_conf->cqm_rssi_hyst; 2980 if (sig < thold && 2981 (last_event == 0 || sig < last_event - hyst)) { 2982 ifmgd->last_cqm_event_signal = sig; 2983 ieee80211_cqm_rssi_notify( 2984 &sdata->vif, 2985 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 2986 GFP_KERNEL); 2987 } else if (sig > thold && 2988 (last_event == 0 || sig > last_event + hyst)) { 2989 ifmgd->last_cqm_event_signal = sig; 2990 ieee80211_cqm_rssi_notify( 2991 &sdata->vif, 2992 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 2993 GFP_KERNEL); 2994 } 2995 } 2996 2997 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) { 2998 mlme_dbg_ratelimited(sdata, 2999 "cancelling AP probe due to a received beacon\n"); 3000 mutex_lock(&local->mtx); 3001 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL; 3002 ieee80211_run_deferred_scan(local); 3003 mutex_unlock(&local->mtx); 3004 3005 mutex_lock(&local->iflist_mtx); 3006 ieee80211_recalc_ps(local, -1); 3007 mutex_unlock(&local->iflist_mtx); 3008 } 3009 3010 /* 3011 * Push the beacon loss detection into the future since 3012 * we are processing a beacon from the AP just now. 3013 */ 3014 ieee80211_sta_reset_beacon_monitor(sdata); 3015 3016 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 3017 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 3018 len - baselen, false, &elems, 3019 care_about_ies, ncrc); 3020 3021 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 3022 bool directed_tim = ieee80211_check_tim(elems.tim, 3023 elems.tim_len, 3024 ifmgd->aid); 3025 if (directed_tim) { 3026 if (local->hw.conf.dynamic_ps_timeout > 0) { 3027 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 3028 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 3029 ieee80211_hw_config(local, 3030 IEEE80211_CONF_CHANGE_PS); 3031 } 3032 ieee80211_send_nullfunc(local, sdata, 0); 3033 } else if (!local->pspolling && sdata->u.mgd.powersave) { 3034 local->pspolling = true; 3035 3036 /* 3037 * Here is assumed that the driver will be 3038 * able to send ps-poll frame and receive a 3039 * response even though power save mode is 3040 * enabled, but some drivers might require 3041 * to disable power save here. This needs 3042 * to be investigated. 3043 */ 3044 ieee80211_send_pspoll(local, sdata); 3045 } 3046 } 3047 } 3048 3049 if (sdata->vif.p2p) { 3050 struct ieee80211_p2p_noa_attr noa = {}; 3051 int ret; 3052 3053 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 3054 len - baselen, 3055 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 3056 (u8 *) &noa, sizeof(noa)); 3057 if (ret >= 2) { 3058 if (sdata->u.mgd.p2p_noa_index != noa.index) { 3059 /* valid noa_attr and index changed */ 3060 sdata->u.mgd.p2p_noa_index = noa.index; 3061 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 3062 changed |= BSS_CHANGED_P2P_PS; 3063 /* 3064 * make sure we update all information, the CRC 3065 * mechanism doesn't look at P2P attributes. 3066 */ 3067 ifmgd->beacon_crc_valid = false; 3068 } 3069 } else if (sdata->u.mgd.p2p_noa_index != -1) { 3070 /* noa_attr not found and we had valid noa_attr before */ 3071 sdata->u.mgd.p2p_noa_index = -1; 3072 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 3073 changed |= BSS_CHANGED_P2P_PS; 3074 ifmgd->beacon_crc_valid = false; 3075 } 3076 } 3077 3078 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 3079 return RX_MGMT_NONE; 3080 ifmgd->beacon_crc = ncrc; 3081 ifmgd->beacon_crc_valid = true; 3082 3083 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3084 3085 if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 3086 elems.wmm_param_len)) 3087 changed |= BSS_CHANGED_QOS; 3088 3089 /* 3090 * If we haven't had a beacon before, tell the driver about the 3091 * DTIM period (and beacon timing if desired) now. 3092 */ 3093 if (!bss_conf->dtim_period) { 3094 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 3095 if (elems.tim) 3096 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 3097 else 3098 bss_conf->dtim_period = 1; 3099 3100 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3101 sdata->vif.bss_conf.sync_tsf = 3102 le64_to_cpu(mgmt->u.beacon.timestamp); 3103 sdata->vif.bss_conf.sync_device_ts = 3104 rx_status->device_timestamp; 3105 if (elems.tim) 3106 sdata->vif.bss_conf.sync_dtim_count = 3107 elems.tim->dtim_count; 3108 else 3109 sdata->vif.bss_conf.sync_dtim_count = 0; 3110 } 3111 3112 changed |= BSS_CHANGED_DTIM_PERIOD; 3113 } 3114 3115 if (elems.erp_info) { 3116 erp_valid = true; 3117 erp_value = elems.erp_info[0]; 3118 } else { 3119 erp_valid = false; 3120 } 3121 changed |= ieee80211_handle_bss_capability(sdata, 3122 le16_to_cpu(mgmt->u.beacon.capab_info), 3123 erp_valid, erp_value); 3124 3125 mutex_lock(&local->sta_mtx); 3126 sta = sta_info_get(sdata, bssid); 3127 3128 if (ieee80211_config_bw(sdata, sta, elems.ht_operation, 3129 elems.vht_operation, bssid, &changed)) { 3130 mutex_unlock(&local->sta_mtx); 3131 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3132 WLAN_REASON_DEAUTH_LEAVING, 3133 true, deauth_buf); 3134 return RX_MGMT_CFG80211_TX_DEAUTH; 3135 } 3136 3137 if (sta && elems.opmode_notif) 3138 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3139 rx_status->band, true); 3140 mutex_unlock(&local->sta_mtx); 3141 3142 if (elems.country_elem && elems.pwr_constr_elem && 3143 mgmt->u.probe_resp.capab_info & 3144 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) 3145 changed |= ieee80211_handle_pwr_constr(sdata, chan, 3146 elems.country_elem, 3147 elems.country_elem_len, 3148 elems.pwr_constr_elem); 3149 3150 ieee80211_bss_info_change_notify(sdata, changed); 3151 3152 return RX_MGMT_NONE; 3153 } 3154 3155 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3156 struct sk_buff *skb) 3157 { 3158 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3159 struct ieee80211_rx_status *rx_status; 3160 struct ieee80211_mgmt *mgmt; 3161 struct cfg80211_bss *bss = NULL; 3162 enum rx_mgmt_action rma = RX_MGMT_NONE; 3163 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3164 u16 fc; 3165 struct ieee802_11_elems elems; 3166 int ies_len; 3167 3168 rx_status = (struct ieee80211_rx_status *) skb->cb; 3169 mgmt = (struct ieee80211_mgmt *) skb->data; 3170 fc = le16_to_cpu(mgmt->frame_control); 3171 3172 mutex_lock(&ifmgd->mtx); 3173 3174 switch (fc & IEEE80211_FCTL_STYPE) { 3175 case IEEE80211_STYPE_BEACON: 3176 rma = ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, 3177 deauth_buf, rx_status); 3178 break; 3179 case IEEE80211_STYPE_PROBE_RESP: 3180 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3181 break; 3182 case IEEE80211_STYPE_AUTH: 3183 rma = ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3184 break; 3185 case IEEE80211_STYPE_DEAUTH: 3186 rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3187 break; 3188 case IEEE80211_STYPE_DISASSOC: 3189 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3190 break; 3191 case IEEE80211_STYPE_ASSOC_RESP: 3192 case IEEE80211_STYPE_REASSOC_RESP: 3193 rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss); 3194 break; 3195 case IEEE80211_STYPE_ACTION: 3196 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 3197 ies_len = skb->len - 3198 offsetof(struct ieee80211_mgmt, 3199 u.action.u.chan_switch.variable); 3200 3201 if (ies_len < 0) 3202 break; 3203 3204 ieee802_11_parse_elems( 3205 mgmt->u.action.u.chan_switch.variable, 3206 ies_len, true, &elems); 3207 3208 if (elems.parse_error) 3209 break; 3210 3211 ieee80211_sta_process_chanswitch(sdata, 3212 rx_status->mactime, 3213 &elems); 3214 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3215 ies_len = skb->len - 3216 offsetof(struct ieee80211_mgmt, 3217 u.action.u.ext_chan_switch.variable); 3218 3219 if (ies_len < 0) 3220 break; 3221 3222 ieee802_11_parse_elems( 3223 mgmt->u.action.u.ext_chan_switch.variable, 3224 ies_len, true, &elems); 3225 3226 if (elems.parse_error) 3227 break; 3228 3229 /* for the handling code pretend this was also an IE */ 3230 elems.ext_chansw_ie = 3231 &mgmt->u.action.u.ext_chan_switch.data; 3232 3233 ieee80211_sta_process_chanswitch(sdata, 3234 rx_status->mactime, 3235 &elems); 3236 } 3237 break; 3238 } 3239 mutex_unlock(&ifmgd->mtx); 3240 3241 switch (rma) { 3242 case RX_MGMT_NONE: 3243 /* no action */ 3244 break; 3245 case RX_MGMT_CFG80211_DEAUTH: 3246 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 3247 break; 3248 case RX_MGMT_CFG80211_DISASSOC: 3249 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 3250 break; 3251 case RX_MGMT_CFG80211_RX_AUTH: 3252 cfg80211_send_rx_auth(sdata->dev, (u8 *)mgmt, skb->len); 3253 break; 3254 case RX_MGMT_CFG80211_RX_ASSOC: 3255 cfg80211_send_rx_assoc(sdata->dev, bss, (u8 *)mgmt, skb->len); 3256 break; 3257 case RX_MGMT_CFG80211_ASSOC_TIMEOUT: 3258 cfg80211_send_assoc_timeout(sdata->dev, mgmt->bssid); 3259 break; 3260 case RX_MGMT_CFG80211_TX_DEAUTH: 3261 cfg80211_send_deauth(sdata->dev, deauth_buf, 3262 sizeof(deauth_buf)); 3263 break; 3264 default: 3265 WARN(1, "unexpected: %d", rma); 3266 } 3267 } 3268 3269 static void ieee80211_sta_timer(unsigned long data) 3270 { 3271 struct ieee80211_sub_if_data *sdata = 3272 (struct ieee80211_sub_if_data *) data; 3273 3274 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3275 } 3276 3277 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3278 u8 *bssid, u8 reason, bool tx) 3279 { 3280 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3281 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3282 3283 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3284 tx, frame_buf); 3285 mutex_unlock(&ifmgd->mtx); 3286 3287 /* 3288 * must be outside lock due to cfg80211, 3289 * but that's not a problem. 3290 */ 3291 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN); 3292 3293 mutex_lock(&ifmgd->mtx); 3294 } 3295 3296 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3297 { 3298 struct ieee80211_local *local = sdata->local; 3299 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3300 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3301 u32 tx_flags = 0; 3302 3303 lockdep_assert_held(&ifmgd->mtx); 3304 3305 if (WARN_ON_ONCE(!auth_data)) 3306 return -EINVAL; 3307 3308 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3309 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3310 IEEE80211_TX_INTFL_MLME_CONN_TX; 3311 3312 auth_data->tries++; 3313 3314 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3315 sdata_info(sdata, "authentication with %pM timed out\n", 3316 auth_data->bss->bssid); 3317 3318 /* 3319 * Most likely AP is not in the range so remove the 3320 * bss struct for that AP. 3321 */ 3322 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3323 3324 return -ETIMEDOUT; 3325 } 3326 3327 drv_mgd_prepare_tx(local, sdata); 3328 3329 if (auth_data->bss->proberesp_ies) { 3330 u16 trans = 1; 3331 u16 status = 0; 3332 3333 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3334 auth_data->bss->bssid, auth_data->tries, 3335 IEEE80211_AUTH_MAX_TRIES); 3336 3337 auth_data->expected_transaction = 2; 3338 3339 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3340 trans = auth_data->sae_trans; 3341 status = auth_data->sae_status; 3342 auth_data->expected_transaction = trans; 3343 } 3344 3345 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3346 auth_data->data, auth_data->data_len, 3347 auth_data->bss->bssid, 3348 auth_data->bss->bssid, NULL, 0, 0, 3349 tx_flags); 3350 } else { 3351 const u8 *ssidie; 3352 3353 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3354 auth_data->bss->bssid, auth_data->tries, 3355 IEEE80211_AUTH_MAX_TRIES); 3356 3357 rcu_read_lock(); 3358 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3359 if (!ssidie) { 3360 rcu_read_unlock(); 3361 return -EINVAL; 3362 } 3363 /* 3364 * Direct probe is sent to broadcast address as some APs 3365 * will not answer to direct packet in unassociated state. 3366 */ 3367 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 3368 NULL, 0, (u32) -1, true, tx_flags, 3369 auth_data->bss->channel, false); 3370 rcu_read_unlock(); 3371 } 3372 3373 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3374 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3375 ifmgd->auth_data->timeout_started = true; 3376 run_again(ifmgd, auth_data->timeout); 3377 } else { 3378 auth_data->timeout_started = false; 3379 } 3380 3381 return 0; 3382 } 3383 3384 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3385 { 3386 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3387 struct ieee80211_local *local = sdata->local; 3388 3389 lockdep_assert_held(&sdata->u.mgd.mtx); 3390 3391 assoc_data->tries++; 3392 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3393 sdata_info(sdata, "association with %pM timed out\n", 3394 assoc_data->bss->bssid); 3395 3396 /* 3397 * Most likely AP is not in the range so remove the 3398 * bss struct for that AP. 3399 */ 3400 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3401 3402 return -ETIMEDOUT; 3403 } 3404 3405 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3406 assoc_data->bss->bssid, assoc_data->tries, 3407 IEEE80211_ASSOC_MAX_TRIES); 3408 ieee80211_send_assoc(sdata); 3409 3410 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3411 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3412 assoc_data->timeout_started = true; 3413 run_again(&sdata->u.mgd, assoc_data->timeout); 3414 } else { 3415 assoc_data->timeout_started = false; 3416 } 3417 3418 return 0; 3419 } 3420 3421 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3422 __le16 fc, bool acked) 3423 { 3424 struct ieee80211_local *local = sdata->local; 3425 3426 sdata->u.mgd.status_fc = fc; 3427 sdata->u.mgd.status_acked = acked; 3428 sdata->u.mgd.status_received = true; 3429 3430 ieee80211_queue_work(&local->hw, &sdata->work); 3431 } 3432 3433 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3434 { 3435 struct ieee80211_local *local = sdata->local; 3436 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3437 3438 mutex_lock(&ifmgd->mtx); 3439 3440 if (ifmgd->status_received) { 3441 __le16 fc = ifmgd->status_fc; 3442 bool status_acked = ifmgd->status_acked; 3443 3444 ifmgd->status_received = false; 3445 if (ifmgd->auth_data && 3446 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3447 if (status_acked) { 3448 ifmgd->auth_data->timeout = 3449 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3450 run_again(ifmgd, ifmgd->auth_data->timeout); 3451 } else { 3452 ifmgd->auth_data->timeout = jiffies - 1; 3453 } 3454 ifmgd->auth_data->timeout_started = true; 3455 } else if (ifmgd->assoc_data && 3456 (ieee80211_is_assoc_req(fc) || 3457 ieee80211_is_reassoc_req(fc))) { 3458 if (status_acked) { 3459 ifmgd->assoc_data->timeout = 3460 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3461 run_again(ifmgd, ifmgd->assoc_data->timeout); 3462 } else { 3463 ifmgd->assoc_data->timeout = jiffies - 1; 3464 } 3465 ifmgd->assoc_data->timeout_started = true; 3466 } 3467 } 3468 3469 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3470 time_after(jiffies, ifmgd->auth_data->timeout)) { 3471 if (ifmgd->auth_data->done) { 3472 /* 3473 * ok ... we waited for assoc but userspace didn't, 3474 * so let's just kill the auth data 3475 */ 3476 ieee80211_destroy_auth_data(sdata, false); 3477 } else if (ieee80211_probe_auth(sdata)) { 3478 u8 bssid[ETH_ALEN]; 3479 3480 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3481 3482 ieee80211_destroy_auth_data(sdata, false); 3483 3484 mutex_unlock(&ifmgd->mtx); 3485 cfg80211_send_auth_timeout(sdata->dev, bssid); 3486 mutex_lock(&ifmgd->mtx); 3487 } 3488 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3489 run_again(ifmgd, ifmgd->auth_data->timeout); 3490 3491 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3492 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3493 if ((ifmgd->assoc_data->need_beacon && 3494 !ifmgd->assoc_data->have_beacon) || 3495 ieee80211_do_assoc(sdata)) { 3496 u8 bssid[ETH_ALEN]; 3497 3498 memcpy(bssid, ifmgd->assoc_data->bss->bssid, ETH_ALEN); 3499 3500 ieee80211_destroy_assoc_data(sdata, false); 3501 3502 mutex_unlock(&ifmgd->mtx); 3503 cfg80211_send_assoc_timeout(sdata->dev, bssid); 3504 mutex_lock(&ifmgd->mtx); 3505 } 3506 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3507 run_again(ifmgd, ifmgd->assoc_data->timeout); 3508 3509 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 3510 IEEE80211_STA_CONNECTION_POLL) && 3511 ifmgd->associated) { 3512 u8 bssid[ETH_ALEN]; 3513 int max_tries; 3514 3515 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3516 3517 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3518 max_tries = max_nullfunc_tries; 3519 else 3520 max_tries = max_probe_tries; 3521 3522 /* ACK received for nullfunc probing frame */ 3523 if (!ifmgd->probe_send_count) 3524 ieee80211_reset_ap_probe(sdata); 3525 else if (ifmgd->nullfunc_failed) { 3526 if (ifmgd->probe_send_count < max_tries) { 3527 mlme_dbg(sdata, 3528 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3529 bssid, ifmgd->probe_send_count, 3530 max_tries); 3531 ieee80211_mgd_probe_ap_send(sdata); 3532 } else { 3533 mlme_dbg(sdata, 3534 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3535 bssid); 3536 ieee80211_sta_connection_lost(sdata, bssid, 3537 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3538 false); 3539 } 3540 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3541 run_again(ifmgd, ifmgd->probe_timeout); 3542 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3543 mlme_dbg(sdata, 3544 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3545 bssid, probe_wait_ms); 3546 ieee80211_sta_connection_lost(sdata, bssid, 3547 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3548 } else if (ifmgd->probe_send_count < max_tries) { 3549 mlme_dbg(sdata, 3550 "No probe response from AP %pM after %dms, try %d/%i\n", 3551 bssid, probe_wait_ms, 3552 ifmgd->probe_send_count, max_tries); 3553 ieee80211_mgd_probe_ap_send(sdata); 3554 } else { 3555 /* 3556 * We actually lost the connection ... or did we? 3557 * Let's make sure! 3558 */ 3559 wiphy_debug(local->hw.wiphy, 3560 "%s: No probe response from AP %pM" 3561 " after %dms, disconnecting.\n", 3562 sdata->name, 3563 bssid, probe_wait_ms); 3564 3565 ieee80211_sta_connection_lost(sdata, bssid, 3566 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3567 } 3568 } 3569 3570 mutex_unlock(&ifmgd->mtx); 3571 } 3572 3573 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3574 { 3575 struct ieee80211_sub_if_data *sdata = 3576 (struct ieee80211_sub_if_data *) data; 3577 struct ieee80211_local *local = sdata->local; 3578 3579 if (local->quiescing) 3580 return; 3581 3582 sdata->u.mgd.connection_loss = false; 3583 ieee80211_queue_work(&sdata->local->hw, 3584 &sdata->u.mgd.beacon_connection_loss_work); 3585 } 3586 3587 static void ieee80211_sta_conn_mon_timer(unsigned long data) 3588 { 3589 struct ieee80211_sub_if_data *sdata = 3590 (struct ieee80211_sub_if_data *) data; 3591 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3592 struct ieee80211_local *local = sdata->local; 3593 3594 if (local->quiescing) 3595 return; 3596 3597 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3598 } 3599 3600 static void ieee80211_sta_monitor_work(struct work_struct *work) 3601 { 3602 struct ieee80211_sub_if_data *sdata = 3603 container_of(work, struct ieee80211_sub_if_data, 3604 u.mgd.monitor_work); 3605 3606 ieee80211_mgd_probe_ap(sdata, false); 3607 } 3608 3609 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3610 { 3611 u32 flags; 3612 3613 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3614 __ieee80211_stop_poll(sdata); 3615 3616 /* let's probe the connection once */ 3617 flags = sdata->local->hw.flags; 3618 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 3619 ieee80211_queue_work(&sdata->local->hw, 3620 &sdata->u.mgd.monitor_work); 3621 /* and do all the other regular work too */ 3622 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3623 } 3624 } 3625 3626 /* interface setup */ 3627 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3628 { 3629 struct ieee80211_if_managed *ifmgd; 3630 3631 ifmgd = &sdata->u.mgd; 3632 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3633 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3634 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3635 ieee80211_beacon_connection_loss_work); 3636 INIT_WORK(&ifmgd->csa_connection_drop_work, 3637 ieee80211_csa_connection_drop_work); 3638 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work); 3639 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3640 (unsigned long) sdata); 3641 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3642 (unsigned long) sdata); 3643 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3644 (unsigned long) sdata); 3645 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 3646 (unsigned long) sdata); 3647 3648 ifmgd->flags = 0; 3649 ifmgd->powersave = sdata->wdev.ps; 3650 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 3651 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 3652 ifmgd->p2p_noa_index = -1; 3653 3654 mutex_init(&ifmgd->mtx); 3655 3656 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 3657 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 3658 else 3659 ifmgd->req_smps = IEEE80211_SMPS_OFF; 3660 } 3661 3662 /* scan finished notification */ 3663 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 3664 { 3665 struct ieee80211_sub_if_data *sdata; 3666 3667 /* Restart STA timers */ 3668 rcu_read_lock(); 3669 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 3670 if (ieee80211_sdata_running(sdata)) 3671 ieee80211_restart_sta_timer(sdata); 3672 } 3673 rcu_read_unlock(); 3674 } 3675 3676 int ieee80211_max_network_latency(struct notifier_block *nb, 3677 unsigned long data, void *dummy) 3678 { 3679 s32 latency_usec = (s32) data; 3680 struct ieee80211_local *local = 3681 container_of(nb, struct ieee80211_local, 3682 network_latency_notifier); 3683 3684 mutex_lock(&local->iflist_mtx); 3685 ieee80211_recalc_ps(local, latency_usec); 3686 mutex_unlock(&local->iflist_mtx); 3687 3688 return 0; 3689 } 3690 3691 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 3692 struct cfg80211_bss *cbss) 3693 { 3694 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3695 const u8 *ht_cap_ie, *vht_cap_ie; 3696 const struct ieee80211_ht_cap *ht_cap; 3697 const struct ieee80211_vht_cap *vht_cap; 3698 u8 chains = 1; 3699 3700 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 3701 return chains; 3702 3703 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3704 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 3705 ht_cap = (void *)(ht_cap_ie + 2); 3706 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 3707 /* 3708 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 3709 * "Tx Unequal Modulation Supported" fields. 3710 */ 3711 } 3712 3713 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 3714 return chains; 3715 3716 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3717 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 3718 u8 nss; 3719 u16 tx_mcs_map; 3720 3721 vht_cap = (void *)(vht_cap_ie + 2); 3722 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 3723 for (nss = 8; nss > 0; nss--) { 3724 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 3725 IEEE80211_VHT_MCS_NOT_SUPPORTED) 3726 break; 3727 } 3728 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 3729 chains = max(chains, nss); 3730 } 3731 3732 return chains; 3733 } 3734 3735 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 3736 struct cfg80211_bss *cbss) 3737 { 3738 struct ieee80211_local *local = sdata->local; 3739 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3740 const struct ieee80211_ht_operation *ht_oper = NULL; 3741 const struct ieee80211_vht_operation *vht_oper = NULL; 3742 struct ieee80211_supported_band *sband; 3743 struct cfg80211_chan_def chandef; 3744 int ret; 3745 3746 sband = local->hw.wiphy->bands[cbss->channel->band]; 3747 3748 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 3749 IEEE80211_STA_DISABLE_80P80MHZ | 3750 IEEE80211_STA_DISABLE_160MHZ); 3751 3752 rcu_read_lock(); 3753 3754 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 3755 sband->ht_cap.ht_supported) { 3756 const u8 *ht_oper_ie, *ht_cap; 3757 3758 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 3759 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 3760 ht_oper = (void *)(ht_oper_ie + 2); 3761 3762 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3763 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) { 3764 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3765 ht_oper = NULL; 3766 } 3767 } 3768 3769 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 3770 sband->vht_cap.vht_supported) { 3771 const u8 *vht_oper_ie, *vht_cap; 3772 3773 vht_oper_ie = ieee80211_bss_get_ie(cbss, 3774 WLAN_EID_VHT_OPERATION); 3775 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 3776 vht_oper = (void *)(vht_oper_ie + 2); 3777 if (vht_oper && !ht_oper) { 3778 vht_oper = NULL; 3779 sdata_info(sdata, 3780 "AP advertised VHT without HT, disabling both\n"); 3781 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3782 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3783 } 3784 3785 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3786 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 3787 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3788 vht_oper = NULL; 3789 } 3790 } 3791 3792 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 3793 cbss->channel, 3794 ht_oper, vht_oper, 3795 &chandef, true); 3796 3797 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 3798 local->rx_chains); 3799 3800 rcu_read_unlock(); 3801 3802 /* will change later if needed */ 3803 sdata->smps_mode = IEEE80211_SMPS_OFF; 3804 3805 /* 3806 * If this fails (possibly due to channel context sharing 3807 * on incompatible channels, e.g. 80+80 and 160 sharing the 3808 * same control channel) try to use a smaller bandwidth. 3809 */ 3810 ret = ieee80211_vif_use_channel(sdata, &chandef, 3811 IEEE80211_CHANCTX_SHARED); 3812 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 3813 ifmgd->flags |= chandef_downgrade(&chandef); 3814 ret = ieee80211_vif_use_channel(sdata, &chandef, 3815 IEEE80211_CHANCTX_SHARED); 3816 } 3817 return ret; 3818 } 3819 3820 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3821 struct cfg80211_bss *cbss, bool assoc) 3822 { 3823 struct ieee80211_local *local = sdata->local; 3824 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3825 struct ieee80211_bss *bss = (void *)cbss->priv; 3826 struct sta_info *new_sta = NULL; 3827 bool have_sta = false; 3828 int err; 3829 3830 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 3831 return -EINVAL; 3832 3833 if (assoc) { 3834 rcu_read_lock(); 3835 have_sta = sta_info_get(sdata, cbss->bssid); 3836 rcu_read_unlock(); 3837 } 3838 3839 if (!have_sta) { 3840 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 3841 if (!new_sta) 3842 return -ENOMEM; 3843 } 3844 3845 if (new_sta) { 3846 u32 rates = 0, basic_rates = 0; 3847 bool have_higher_than_11mbit; 3848 int min_rate = INT_MAX, min_rate_index = -1; 3849 struct ieee80211_supported_band *sband; 3850 const struct cfg80211_bss_ies *ies; 3851 3852 sband = local->hw.wiphy->bands[cbss->channel->band]; 3853 3854 err = ieee80211_prep_channel(sdata, cbss); 3855 if (err) { 3856 sta_info_free(local, new_sta); 3857 return err; 3858 } 3859 3860 ieee80211_get_rates(sband, bss->supp_rates, 3861 bss->supp_rates_len, 3862 &rates, &basic_rates, 3863 &have_higher_than_11mbit, 3864 &min_rate, &min_rate_index); 3865 3866 /* 3867 * This used to be a workaround for basic rates missing 3868 * in the association response frame. Now that we no 3869 * longer use the basic rates from there, it probably 3870 * doesn't happen any more, but keep the workaround so 3871 * in case some *other* APs are buggy in different ways 3872 * we can connect -- with a warning. 3873 */ 3874 if (!basic_rates && min_rate_index >= 0) { 3875 sdata_info(sdata, 3876 "No basic rates, using min rate instead\n"); 3877 basic_rates = BIT(min_rate_index); 3878 } 3879 3880 new_sta->sta.supp_rates[cbss->channel->band] = rates; 3881 sdata->vif.bss_conf.basic_rates = basic_rates; 3882 3883 /* cf. IEEE 802.11 9.2.12 */ 3884 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 3885 have_higher_than_11mbit) 3886 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 3887 else 3888 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 3889 3890 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3891 3892 /* set timing information */ 3893 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 3894 rcu_read_lock(); 3895 ies = rcu_dereference(cbss->beacon_ies); 3896 if (ies) { 3897 const u8 *tim_ie; 3898 3899 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3900 sdata->vif.bss_conf.sync_device_ts = 3901 bss->device_ts_beacon; 3902 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 3903 ies->data, ies->len); 3904 if (tim_ie && tim_ie[1] >= 2) 3905 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 3906 else 3907 sdata->vif.bss_conf.sync_dtim_count = 0; 3908 } else if (!(local->hw.flags & 3909 IEEE80211_HW_TIMING_BEACON_ONLY)) { 3910 ies = rcu_dereference(cbss->proberesp_ies); 3911 /* must be non-NULL since beacon IEs were NULL */ 3912 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3913 sdata->vif.bss_conf.sync_device_ts = 3914 bss->device_ts_presp; 3915 sdata->vif.bss_conf.sync_dtim_count = 0; 3916 } else { 3917 sdata->vif.bss_conf.sync_tsf = 0; 3918 sdata->vif.bss_conf.sync_device_ts = 0; 3919 sdata->vif.bss_conf.sync_dtim_count = 0; 3920 } 3921 rcu_read_unlock(); 3922 3923 /* tell driver about BSSID, basic rates and timing */ 3924 ieee80211_bss_info_change_notify(sdata, 3925 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 3926 BSS_CHANGED_BEACON_INT); 3927 3928 if (assoc) 3929 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 3930 3931 err = sta_info_insert(new_sta); 3932 new_sta = NULL; 3933 if (err) { 3934 sdata_info(sdata, 3935 "failed to insert STA entry for the AP (error %d)\n", 3936 err); 3937 return err; 3938 } 3939 } else 3940 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 3941 3942 return 0; 3943 } 3944 3945 /* config hooks */ 3946 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 3947 struct cfg80211_auth_request *req) 3948 { 3949 struct ieee80211_local *local = sdata->local; 3950 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3951 struct ieee80211_mgd_auth_data *auth_data; 3952 u16 auth_alg; 3953 int err; 3954 3955 /* prepare auth data structure */ 3956 3957 switch (req->auth_type) { 3958 case NL80211_AUTHTYPE_OPEN_SYSTEM: 3959 auth_alg = WLAN_AUTH_OPEN; 3960 break; 3961 case NL80211_AUTHTYPE_SHARED_KEY: 3962 if (IS_ERR(local->wep_tx_tfm)) 3963 return -EOPNOTSUPP; 3964 auth_alg = WLAN_AUTH_SHARED_KEY; 3965 break; 3966 case NL80211_AUTHTYPE_FT: 3967 auth_alg = WLAN_AUTH_FT; 3968 break; 3969 case NL80211_AUTHTYPE_NETWORK_EAP: 3970 auth_alg = WLAN_AUTH_LEAP; 3971 break; 3972 case NL80211_AUTHTYPE_SAE: 3973 auth_alg = WLAN_AUTH_SAE; 3974 break; 3975 default: 3976 return -EOPNOTSUPP; 3977 } 3978 3979 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 3980 req->ie_len, GFP_KERNEL); 3981 if (!auth_data) 3982 return -ENOMEM; 3983 3984 auth_data->bss = req->bss; 3985 3986 if (req->sae_data_len >= 4) { 3987 __le16 *pos = (__le16 *) req->sae_data; 3988 auth_data->sae_trans = le16_to_cpu(pos[0]); 3989 auth_data->sae_status = le16_to_cpu(pos[1]); 3990 memcpy(auth_data->data, req->sae_data + 4, 3991 req->sae_data_len - 4); 3992 auth_data->data_len += req->sae_data_len - 4; 3993 } 3994 3995 if (req->ie && req->ie_len) { 3996 memcpy(&auth_data->data[auth_data->data_len], 3997 req->ie, req->ie_len); 3998 auth_data->data_len += req->ie_len; 3999 } 4000 4001 if (req->key && req->key_len) { 4002 auth_data->key_len = req->key_len; 4003 auth_data->key_idx = req->key_idx; 4004 memcpy(auth_data->key, req->key, req->key_len); 4005 } 4006 4007 auth_data->algorithm = auth_alg; 4008 4009 /* try to authenticate/probe */ 4010 4011 mutex_lock(&ifmgd->mtx); 4012 4013 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 4014 ifmgd->assoc_data) { 4015 err = -EBUSY; 4016 goto err_free; 4017 } 4018 4019 if (ifmgd->auth_data) 4020 ieee80211_destroy_auth_data(sdata, false); 4021 4022 /* prep auth_data so we don't go into idle on disassoc */ 4023 ifmgd->auth_data = auth_data; 4024 4025 if (ifmgd->associated) { 4026 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4027 4028 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4029 WLAN_REASON_UNSPECIFIED, 4030 false, frame_buf); 4031 4032 __cfg80211_send_deauth(sdata->dev, frame_buf, 4033 sizeof(frame_buf)); 4034 } 4035 4036 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 4037 4038 err = ieee80211_prep_connection(sdata, req->bss, false); 4039 if (err) 4040 goto err_clear; 4041 4042 err = ieee80211_probe_auth(sdata); 4043 if (err) { 4044 sta_info_destroy_addr(sdata, req->bss->bssid); 4045 goto err_clear; 4046 } 4047 4048 /* hold our own reference */ 4049 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 4050 err = 0; 4051 goto out_unlock; 4052 4053 err_clear: 4054 memset(ifmgd->bssid, 0, ETH_ALEN); 4055 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4056 ifmgd->auth_data = NULL; 4057 err_free: 4058 kfree(auth_data); 4059 out_unlock: 4060 mutex_unlock(&ifmgd->mtx); 4061 4062 return err; 4063 } 4064 4065 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 4066 struct cfg80211_assoc_request *req) 4067 { 4068 struct ieee80211_local *local = sdata->local; 4069 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4070 struct ieee80211_bss *bss = (void *)req->bss->priv; 4071 struct ieee80211_mgd_assoc_data *assoc_data; 4072 const struct cfg80211_bss_ies *beacon_ies; 4073 struct ieee80211_supported_band *sband; 4074 const u8 *ssidie, *ht_ie, *vht_ie; 4075 int i, err; 4076 4077 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 4078 if (!assoc_data) 4079 return -ENOMEM; 4080 4081 rcu_read_lock(); 4082 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 4083 if (!ssidie) { 4084 rcu_read_unlock(); 4085 kfree(assoc_data); 4086 return -EINVAL; 4087 } 4088 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4089 assoc_data->ssid_len = ssidie[1]; 4090 rcu_read_unlock(); 4091 4092 mutex_lock(&ifmgd->mtx); 4093 4094 if (ifmgd->associated) { 4095 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4096 4097 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4098 WLAN_REASON_UNSPECIFIED, 4099 false, frame_buf); 4100 4101 __cfg80211_send_deauth(sdata->dev, frame_buf, 4102 sizeof(frame_buf)); 4103 } 4104 4105 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4106 err = -EBUSY; 4107 goto err_free; 4108 } 4109 4110 if (ifmgd->assoc_data) { 4111 err = -EBUSY; 4112 goto err_free; 4113 } 4114 4115 if (ifmgd->auth_data) { 4116 bool match; 4117 4118 /* keep sta info, bssid if matching */ 4119 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4120 ieee80211_destroy_auth_data(sdata, match); 4121 } 4122 4123 /* prepare assoc data */ 4124 4125 ifmgd->beacon_crc_valid = false; 4126 4127 /* 4128 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4129 * We still associate in non-HT mode (11a/b/g) if any one of these 4130 * ciphers is configured as pairwise. 4131 * We can set this to true for non-11n hardware, that'll be checked 4132 * separately along with the peer capabilities. 4133 */ 4134 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4135 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4136 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4137 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4138 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4139 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4140 netdev_info(sdata->dev, 4141 "disabling HT/VHT due to WEP/TKIP use\n"); 4142 } 4143 } 4144 4145 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4146 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4147 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4148 } 4149 4150 if (req->flags & ASSOC_REQ_DISABLE_VHT) 4151 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4152 4153 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4154 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4155 if (!sband->ht_cap.ht_supported || 4156 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4157 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4158 if (!bss->wmm_used) 4159 netdev_info(sdata->dev, 4160 "disabling HT as WMM/QoS is not supported by the AP\n"); 4161 } 4162 4163 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4164 if (!sband->vht_cap.vht_supported || 4165 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4166 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4167 if (!bss->wmm_used) 4168 netdev_info(sdata->dev, 4169 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4170 } 4171 4172 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4173 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4174 sizeof(ifmgd->ht_capa_mask)); 4175 4176 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4177 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4178 sizeof(ifmgd->vht_capa_mask)); 4179 4180 if (req->ie && req->ie_len) { 4181 memcpy(assoc_data->ie, req->ie, req->ie_len); 4182 assoc_data->ie_len = req->ie_len; 4183 } 4184 4185 assoc_data->bss = req->bss; 4186 4187 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4188 if (ifmgd->powersave) 4189 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4190 else 4191 sdata->smps_mode = IEEE80211_SMPS_OFF; 4192 } else 4193 sdata->smps_mode = ifmgd->req_smps; 4194 4195 assoc_data->capability = req->bss->capability; 4196 assoc_data->wmm = bss->wmm_used && 4197 (local->hw.queues >= IEEE80211_NUM_ACS); 4198 assoc_data->supp_rates = bss->supp_rates; 4199 assoc_data->supp_rates_len = bss->supp_rates_len; 4200 4201 rcu_read_lock(); 4202 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4203 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4204 assoc_data->ap_ht_param = 4205 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4206 else 4207 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4208 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4209 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4210 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4211 sizeof(struct ieee80211_vht_cap)); 4212 else 4213 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4214 rcu_read_unlock(); 4215 4216 if (bss->wmm_used && bss->uapsd_supported && 4217 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) && 4218 sdata->wmm_acm != 0xff) { 4219 assoc_data->uapsd = true; 4220 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4221 } else { 4222 assoc_data->uapsd = false; 4223 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4224 } 4225 4226 if (req->prev_bssid) 4227 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4228 4229 if (req->use_mfp) { 4230 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4231 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4232 } else { 4233 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4234 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4235 } 4236 4237 if (req->crypto.control_port) 4238 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4239 else 4240 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4241 4242 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4243 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4244 4245 /* kick off associate process */ 4246 4247 ifmgd->assoc_data = assoc_data; 4248 ifmgd->dtim_period = 0; 4249 4250 err = ieee80211_prep_connection(sdata, req->bss, true); 4251 if (err) 4252 goto err_clear; 4253 4254 rcu_read_lock(); 4255 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4256 4257 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4258 !beacon_ies) { 4259 /* 4260 * Wait up to one beacon interval ... 4261 * should this be more if we miss one? 4262 */ 4263 sdata_info(sdata, "waiting for beacon from %pM\n", 4264 ifmgd->bssid); 4265 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4266 assoc_data->timeout_started = true; 4267 assoc_data->need_beacon = true; 4268 } else if (beacon_ies) { 4269 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4270 beacon_ies->data, 4271 beacon_ies->len); 4272 u8 dtim_count = 0; 4273 4274 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4275 const struct ieee80211_tim_ie *tim; 4276 tim = (void *)(tim_ie + 2); 4277 ifmgd->dtim_period = tim->dtim_period; 4278 dtim_count = tim->dtim_count; 4279 } 4280 assoc_data->have_beacon = true; 4281 assoc_data->timeout = jiffies; 4282 assoc_data->timeout_started = true; 4283 4284 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4285 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4286 sdata->vif.bss_conf.sync_device_ts = 4287 bss->device_ts_beacon; 4288 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4289 } 4290 } else { 4291 assoc_data->timeout = jiffies; 4292 assoc_data->timeout_started = true; 4293 } 4294 rcu_read_unlock(); 4295 4296 run_again(ifmgd, assoc_data->timeout); 4297 4298 if (bss->corrupt_data) { 4299 char *corrupt_type = "data"; 4300 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4301 if (bss->corrupt_data & 4302 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4303 corrupt_type = "beacon and probe response"; 4304 else 4305 corrupt_type = "beacon"; 4306 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4307 corrupt_type = "probe response"; 4308 sdata_info(sdata, "associating with AP with corrupt %s\n", 4309 corrupt_type); 4310 } 4311 4312 err = 0; 4313 goto out; 4314 err_clear: 4315 memset(ifmgd->bssid, 0, ETH_ALEN); 4316 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4317 ifmgd->assoc_data = NULL; 4318 err_free: 4319 kfree(assoc_data); 4320 out: 4321 mutex_unlock(&ifmgd->mtx); 4322 4323 return err; 4324 } 4325 4326 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4327 struct cfg80211_deauth_request *req) 4328 { 4329 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4330 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4331 bool tx = !req->local_state_change; 4332 bool sent_frame = false; 4333 4334 mutex_lock(&ifmgd->mtx); 4335 4336 sdata_info(sdata, 4337 "deauthenticating from %pM by local choice (reason=%d)\n", 4338 req->bssid, req->reason_code); 4339 4340 if (ifmgd->auth_data) { 4341 drv_mgd_prepare_tx(sdata->local, sdata); 4342 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4343 IEEE80211_STYPE_DEAUTH, 4344 req->reason_code, tx, 4345 frame_buf); 4346 ieee80211_destroy_auth_data(sdata, false); 4347 mutex_unlock(&ifmgd->mtx); 4348 4349 sent_frame = tx; 4350 goto out; 4351 } 4352 4353 if (ifmgd->associated && 4354 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4355 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4356 req->reason_code, tx, frame_buf); 4357 sent_frame = tx; 4358 } 4359 mutex_unlock(&ifmgd->mtx); 4360 4361 out: 4362 if (sent_frame) 4363 __cfg80211_send_deauth(sdata->dev, frame_buf, 4364 IEEE80211_DEAUTH_FRAME_LEN); 4365 4366 return 0; 4367 } 4368 4369 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4370 struct cfg80211_disassoc_request *req) 4371 { 4372 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4373 u8 bssid[ETH_ALEN]; 4374 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4375 4376 mutex_lock(&ifmgd->mtx); 4377 4378 /* 4379 * cfg80211 should catch this ... but it's racy since 4380 * we can receive a disassoc frame, process it, hand it 4381 * to cfg80211 while that's in a locked section already 4382 * trying to tell us that the user wants to disconnect. 4383 */ 4384 if (ifmgd->associated != req->bss) { 4385 mutex_unlock(&ifmgd->mtx); 4386 return -ENOLINK; 4387 } 4388 4389 sdata_info(sdata, 4390 "disassociating from %pM by local choice (reason=%d)\n", 4391 req->bss->bssid, req->reason_code); 4392 4393 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4394 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4395 req->reason_code, !req->local_state_change, 4396 frame_buf); 4397 mutex_unlock(&ifmgd->mtx); 4398 4399 __cfg80211_send_disassoc(sdata->dev, frame_buf, 4400 IEEE80211_DEAUTH_FRAME_LEN); 4401 4402 return 0; 4403 } 4404 4405 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4406 { 4407 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4408 4409 /* 4410 * Make sure some work items will not run after this, 4411 * they will not do anything but might not have been 4412 * cancelled when disconnecting. 4413 */ 4414 cancel_work_sync(&ifmgd->monitor_work); 4415 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4416 cancel_work_sync(&ifmgd->request_smps_work); 4417 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4418 cancel_work_sync(&ifmgd->chswitch_work); 4419 4420 mutex_lock(&ifmgd->mtx); 4421 if (ifmgd->assoc_data) 4422 ieee80211_destroy_assoc_data(sdata, false); 4423 if (ifmgd->auth_data) 4424 ieee80211_destroy_auth_data(sdata, false); 4425 del_timer_sync(&ifmgd->timer); 4426 mutex_unlock(&ifmgd->mtx); 4427 } 4428 4429 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 4430 enum nl80211_cqm_rssi_threshold_event rssi_event, 4431 gfp_t gfp) 4432 { 4433 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4434 4435 trace_api_cqm_rssi_notify(sdata, rssi_event); 4436 4437 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4438 } 4439 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4440