1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * Copyright 2013-2014 Intel Mobile Communications GmbH 9 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH 10 * Copyright (C) 2018 - 2023 Intel Corporation 11 */ 12 13 #include <linux/delay.h> 14 #include <linux/fips.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/crc32.h> 22 #include <linux/slab.h> 23 #include <linux/export.h> 24 #include <net/mac80211.h> 25 #include <asm/unaligned.h> 26 27 #include "ieee80211_i.h" 28 #include "driver-ops.h" 29 #include "rate.h" 30 #include "led.h" 31 #include "fils_aead.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) 35 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 36 #define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2) 37 #define IEEE80211_AUTH_MAX_TRIES 3 38 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 39 #define IEEE80211_AUTH_WAIT_SAE_RETRY (HZ * 2) 40 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 41 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 42 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 43 #define IEEE80211_ASSOC_MAX_TRIES 3 44 45 static int max_nullfunc_tries = 2; 46 module_param(max_nullfunc_tries, int, 0644); 47 MODULE_PARM_DESC(max_nullfunc_tries, 48 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 49 50 static int max_probe_tries = 5; 51 module_param(max_probe_tries, int, 0644); 52 MODULE_PARM_DESC(max_probe_tries, 53 "Maximum probe tries before disconnecting (reason 4)."); 54 55 /* 56 * Beacon loss timeout is calculated as N frames times the 57 * advertised beacon interval. This may need to be somewhat 58 * higher than what hardware might detect to account for 59 * delays in the host processing frames. But since we also 60 * probe on beacon miss before declaring the connection lost 61 * default to what we want. 62 */ 63 static int beacon_loss_count = 7; 64 module_param(beacon_loss_count, int, 0644); 65 MODULE_PARM_DESC(beacon_loss_count, 66 "Number of beacon intervals before we decide beacon was lost."); 67 68 /* 69 * Time the connection can be idle before we probe 70 * it to see if we can still talk to the AP. 71 */ 72 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 73 /* 74 * Time we wait for a probe response after sending 75 * a probe request because of beacon loss or for 76 * checking the connection still works. 77 */ 78 static int probe_wait_ms = 500; 79 module_param(probe_wait_ms, int, 0644); 80 MODULE_PARM_DESC(probe_wait_ms, 81 "Maximum time(ms) to wait for probe response" 82 " before disconnecting (reason 4)."); 83 84 /* 85 * How many Beacon frames need to have been used in average signal strength 86 * before starting to indicate signal change events. 87 */ 88 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 89 90 /* 91 * Extract from the given disabled subchannel bitmap (raw format 92 * from the EHT Operation Element) the bits for the subchannel 93 * we're using right now. 94 */ 95 static u16 96 ieee80211_extract_dis_subch_bmap(const struct ieee80211_eht_operation *eht_oper, 97 struct cfg80211_chan_def *chandef, u16 bitmap) 98 { 99 struct ieee80211_eht_operation_info *info = (void *)eht_oper->optional; 100 struct cfg80211_chan_def ap_chandef = *chandef; 101 u32 ap_center_freq, local_center_freq; 102 u32 ap_bw, local_bw; 103 int ap_start_freq, local_start_freq; 104 u16 shift, mask; 105 106 if (!(eht_oper->params & IEEE80211_EHT_OPER_INFO_PRESENT) || 107 !(eht_oper->params & 108 IEEE80211_EHT_OPER_DISABLED_SUBCHANNEL_BITMAP_PRESENT)) 109 return 0; 110 111 /* set 160/320 supported to get the full AP definition */ 112 ieee80211_chandef_eht_oper(eht_oper, true, true, &ap_chandef); 113 ap_center_freq = ap_chandef.center_freq1; 114 ap_bw = 20 * BIT(u8_get_bits(info->control, 115 IEEE80211_EHT_OPER_CHAN_WIDTH)); 116 ap_start_freq = ap_center_freq - ap_bw / 2; 117 local_center_freq = chandef->center_freq1; 118 local_bw = 20 * BIT(ieee80211_chan_width_to_rx_bw(chandef->width)); 119 local_start_freq = local_center_freq - local_bw / 2; 120 shift = (local_start_freq - ap_start_freq) / 20; 121 mask = BIT(local_bw / 20) - 1; 122 123 return (bitmap >> shift) & mask; 124 } 125 126 /* 127 * Handle the puncturing bitmap, possibly downgrading bandwidth to get a 128 * valid bitmap. 129 */ 130 static void 131 ieee80211_handle_puncturing_bitmap(struct ieee80211_link_data *link, 132 const struct ieee80211_eht_operation *eht_oper, 133 u16 bitmap, u64 *changed) 134 { 135 struct cfg80211_chan_def *chandef = &link->conf->chandef; 136 u16 extracted; 137 u64 _changed = 0; 138 139 if (!changed) 140 changed = &_changed; 141 142 while (chandef->width > NL80211_CHAN_WIDTH_40) { 143 extracted = 144 ieee80211_extract_dis_subch_bmap(eht_oper, chandef, 145 bitmap); 146 147 if (cfg80211_valid_disable_subchannel_bitmap(&bitmap, 148 chandef)) 149 break; 150 link->u.mgd.conn_flags |= 151 ieee80211_chandef_downgrade(chandef); 152 *changed |= BSS_CHANGED_BANDWIDTH; 153 } 154 155 if (chandef->width <= NL80211_CHAN_WIDTH_40) 156 extracted = 0; 157 158 if (link->conf->eht_puncturing != extracted) { 159 link->conf->eht_puncturing = extracted; 160 *changed |= BSS_CHANGED_EHT_PUNCTURING; 161 } 162 } 163 164 /* 165 * We can have multiple work items (and connection probing) 166 * scheduling this timer, but we need to take care to only 167 * reschedule it when it should fire _earlier_ than it was 168 * asked for before, or if it's not pending right now. This 169 * function ensures that. Note that it then is required to 170 * run this function for all timeouts after the first one 171 * has happened -- the work that runs from this timer will 172 * do that. 173 */ 174 static void run_again(struct ieee80211_sub_if_data *sdata, 175 unsigned long timeout) 176 { 177 lockdep_assert_wiphy(sdata->local->hw.wiphy); 178 179 if (!timer_pending(&sdata->u.mgd.timer) || 180 time_before(timeout, sdata->u.mgd.timer.expires)) 181 mod_timer(&sdata->u.mgd.timer, timeout); 182 } 183 184 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 185 { 186 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 187 return; 188 189 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 190 return; 191 192 mod_timer(&sdata->u.mgd.bcn_mon_timer, 193 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 194 } 195 196 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 197 { 198 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 199 200 if (unlikely(!ifmgd->associated)) 201 return; 202 203 if (ifmgd->probe_send_count) 204 ifmgd->probe_send_count = 0; 205 206 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 207 return; 208 209 mod_timer(&ifmgd->conn_mon_timer, 210 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 211 } 212 213 static int ecw2cw(int ecw) 214 { 215 return (1 << ecw) - 1; 216 } 217 218 static ieee80211_conn_flags_t 219 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 220 struct ieee80211_link_data *link, 221 ieee80211_conn_flags_t conn_flags, 222 struct ieee80211_supported_band *sband, 223 struct ieee80211_channel *channel, 224 u32 vht_cap_info, 225 const struct ieee80211_ht_operation *ht_oper, 226 const struct ieee80211_vht_operation *vht_oper, 227 const struct ieee80211_he_operation *he_oper, 228 const struct ieee80211_eht_operation *eht_oper, 229 const struct ieee80211_s1g_oper_ie *s1g_oper, 230 struct cfg80211_chan_def *chandef, bool tracking) 231 { 232 struct cfg80211_chan_def vht_chandef; 233 struct ieee80211_sta_ht_cap sta_ht_cap; 234 ieee80211_conn_flags_t ret; 235 u32 ht_cfreq; 236 237 memset(chandef, 0, sizeof(struct cfg80211_chan_def)); 238 chandef->chan = channel; 239 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 240 chandef->center_freq1 = channel->center_freq; 241 chandef->freq1_offset = channel->freq_offset; 242 243 if (channel->band == NL80211_BAND_6GHZ) { 244 if (!ieee80211_chandef_he_6ghz_oper(sdata, he_oper, eht_oper, 245 chandef)) { 246 mlme_dbg(sdata, 247 "bad 6 GHz operation, disabling HT/VHT/HE/EHT\n"); 248 ret = IEEE80211_CONN_DISABLE_HT | 249 IEEE80211_CONN_DISABLE_VHT | 250 IEEE80211_CONN_DISABLE_HE | 251 IEEE80211_CONN_DISABLE_EHT; 252 } else { 253 ret = 0; 254 } 255 vht_chandef = *chandef; 256 goto out; 257 } else if (sband->band == NL80211_BAND_S1GHZ) { 258 if (!ieee80211_chandef_s1g_oper(s1g_oper, chandef)) { 259 sdata_info(sdata, 260 "Missing S1G Operation Element? Trying operating == primary\n"); 261 chandef->width = ieee80211_s1g_channel_width(channel); 262 } 263 264 ret = IEEE80211_CONN_DISABLE_HT | IEEE80211_CONN_DISABLE_40MHZ | 265 IEEE80211_CONN_DISABLE_VHT | 266 IEEE80211_CONN_DISABLE_80P80MHZ | 267 IEEE80211_CONN_DISABLE_160MHZ; 268 goto out; 269 } 270 271 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap)); 272 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap); 273 274 if (!ht_oper || !sta_ht_cap.ht_supported) { 275 mlme_dbg(sdata, "HT operation missing / HT not supported\n"); 276 ret = IEEE80211_CONN_DISABLE_HT | 277 IEEE80211_CONN_DISABLE_VHT | 278 IEEE80211_CONN_DISABLE_HE | 279 IEEE80211_CONN_DISABLE_EHT; 280 goto out; 281 } 282 283 chandef->width = NL80211_CHAN_WIDTH_20; 284 285 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 286 channel->band); 287 /* check that channel matches the right operating channel */ 288 if (!tracking && channel->center_freq != ht_cfreq) { 289 /* 290 * It's possible that some APs are confused here; 291 * Netgear WNDR3700 sometimes reports 4 higher than 292 * the actual channel in association responses, but 293 * since we look at probe response/beacon data here 294 * it should be OK. 295 */ 296 sdata_info(sdata, 297 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 298 channel->center_freq, ht_cfreq, 299 ht_oper->primary_chan, channel->band); 300 ret = IEEE80211_CONN_DISABLE_HT | 301 IEEE80211_CONN_DISABLE_VHT | 302 IEEE80211_CONN_DISABLE_HE | 303 IEEE80211_CONN_DISABLE_EHT; 304 goto out; 305 } 306 307 /* check 40 MHz support, if we have it */ 308 if (sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 309 ieee80211_chandef_ht_oper(ht_oper, chandef); 310 } else { 311 mlme_dbg(sdata, "40 MHz not supported\n"); 312 /* 40 MHz (and 80 MHz) must be supported for VHT */ 313 ret = IEEE80211_CONN_DISABLE_VHT; 314 /* also mark 40 MHz disabled */ 315 ret |= IEEE80211_CONN_DISABLE_40MHZ; 316 goto out; 317 } 318 319 if (!vht_oper || !sband->vht_cap.vht_supported) { 320 mlme_dbg(sdata, "VHT operation missing / VHT not supported\n"); 321 ret = IEEE80211_CONN_DISABLE_VHT; 322 goto out; 323 } 324 325 vht_chandef = *chandef; 326 if (!(conn_flags & IEEE80211_CONN_DISABLE_HE) && 327 he_oper && 328 (le32_to_cpu(he_oper->he_oper_params) & 329 IEEE80211_HE_OPERATION_VHT_OPER_INFO)) { 330 struct ieee80211_vht_operation he_oper_vht_cap; 331 332 /* 333 * Set only first 3 bytes (other 2 aren't used in 334 * ieee80211_chandef_vht_oper() anyway) 335 */ 336 memcpy(&he_oper_vht_cap, he_oper->optional, 3); 337 he_oper_vht_cap.basic_mcs_set = cpu_to_le16(0); 338 339 if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info, 340 &he_oper_vht_cap, ht_oper, 341 &vht_chandef)) { 342 if (!(conn_flags & IEEE80211_CONN_DISABLE_HE)) 343 sdata_info(sdata, 344 "HE AP VHT information is invalid, disabling HE\n"); 345 ret = IEEE80211_CONN_DISABLE_HE | IEEE80211_CONN_DISABLE_EHT; 346 goto out; 347 } 348 } else if (!ieee80211_chandef_vht_oper(&sdata->local->hw, 349 vht_cap_info, 350 vht_oper, ht_oper, 351 &vht_chandef)) { 352 if (!(conn_flags & IEEE80211_CONN_DISABLE_VHT)) 353 sdata_info(sdata, 354 "AP VHT information is invalid, disabling VHT\n"); 355 ret = IEEE80211_CONN_DISABLE_VHT; 356 goto out; 357 } 358 359 if (!cfg80211_chandef_valid(&vht_chandef)) { 360 if (!(conn_flags & IEEE80211_CONN_DISABLE_VHT)) 361 sdata_info(sdata, 362 "AP VHT information is invalid, disabling VHT\n"); 363 ret = IEEE80211_CONN_DISABLE_VHT; 364 goto out; 365 } 366 367 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 368 ret = 0; 369 goto out; 370 } 371 372 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 373 if (!(conn_flags & IEEE80211_CONN_DISABLE_VHT)) 374 sdata_info(sdata, 375 "AP VHT information doesn't match HT, disabling VHT\n"); 376 ret = IEEE80211_CONN_DISABLE_VHT; 377 goto out; 378 } 379 380 *chandef = vht_chandef; 381 382 /* 383 * handle the case that the EHT operation indicates that it holds EHT 384 * operation information (in case that the channel width differs from 385 * the channel width reported in HT/VHT/HE). 386 */ 387 if (eht_oper && (eht_oper->params & IEEE80211_EHT_OPER_INFO_PRESENT)) { 388 struct cfg80211_chan_def eht_chandef = *chandef; 389 390 ieee80211_chandef_eht_oper(eht_oper, 391 eht_chandef.width == 392 NL80211_CHAN_WIDTH_160, 393 false, &eht_chandef); 394 395 if (!cfg80211_chandef_valid(&eht_chandef)) { 396 if (!(conn_flags & IEEE80211_CONN_DISABLE_EHT)) 397 sdata_info(sdata, 398 "AP EHT information is invalid, disabling EHT\n"); 399 ret = IEEE80211_CONN_DISABLE_EHT; 400 goto out; 401 } 402 403 if (!cfg80211_chandef_compatible(chandef, &eht_chandef)) { 404 if (!(conn_flags & IEEE80211_CONN_DISABLE_EHT)) 405 sdata_info(sdata, 406 "AP EHT information is incompatible, disabling EHT\n"); 407 ret = IEEE80211_CONN_DISABLE_EHT; 408 goto out; 409 } 410 411 *chandef = eht_chandef; 412 } 413 414 ret = 0; 415 416 out: 417 /* 418 * When tracking the current AP, don't do any further checks if the 419 * new chandef is identical to the one we're currently using for the 420 * connection. This keeps us from playing ping-pong with regulatory, 421 * without it the following can happen (for example): 422 * - connect to an AP with 80 MHz, world regdom allows 80 MHz 423 * - AP advertises regdom US 424 * - CRDA loads regdom US with 80 MHz prohibited (old database) 425 * - the code below detects an unsupported channel, downgrades, and 426 * we disconnect from the AP in the caller 427 * - disconnect causes CRDA to reload world regdomain and the game 428 * starts anew. 429 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881) 430 * 431 * It seems possible that there are still scenarios with CSA or real 432 * bandwidth changes where a this could happen, but those cases are 433 * less common and wouldn't completely prevent using the AP. 434 */ 435 if (tracking && 436 cfg80211_chandef_identical(chandef, &link->conf->chandef)) 437 return ret; 438 439 /* don't print the message below for VHT mismatch if VHT is disabled */ 440 if (ret & IEEE80211_CONN_DISABLE_VHT) 441 vht_chandef = *chandef; 442 443 /* 444 * Ignore the DISABLED flag when we're already connected and only 445 * tracking the APs beacon for bandwidth changes - otherwise we 446 * might get disconnected here if we connect to an AP, update our 447 * regulatory information based on the AP's country IE and the 448 * information we have is wrong/outdated and disables the channel 449 * that we're actually using for the connection to the AP. 450 */ 451 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 452 tracking ? 0 : 453 IEEE80211_CHAN_DISABLED)) { 454 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 455 ret = IEEE80211_CONN_DISABLE_HT | 456 IEEE80211_CONN_DISABLE_VHT | 457 IEEE80211_CONN_DISABLE_HE | 458 IEEE80211_CONN_DISABLE_EHT; 459 break; 460 } 461 462 ret |= ieee80211_chandef_downgrade(chandef); 463 } 464 465 if (!he_oper || !cfg80211_chandef_usable(sdata->wdev.wiphy, chandef, 466 IEEE80211_CHAN_NO_HE)) 467 ret |= IEEE80211_CONN_DISABLE_HE | IEEE80211_CONN_DISABLE_EHT; 468 469 if (!eht_oper || !cfg80211_chandef_usable(sdata->wdev.wiphy, chandef, 470 IEEE80211_CHAN_NO_EHT)) 471 ret |= IEEE80211_CONN_DISABLE_EHT; 472 473 if (chandef->width != vht_chandef.width && !tracking) 474 sdata_info(sdata, 475 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 476 477 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 478 return ret; 479 } 480 481 static int ieee80211_config_bw(struct ieee80211_link_data *link, 482 const struct ieee80211_ht_cap *ht_cap, 483 const struct ieee80211_vht_cap *vht_cap, 484 const struct ieee80211_ht_operation *ht_oper, 485 const struct ieee80211_vht_operation *vht_oper, 486 const struct ieee80211_he_operation *he_oper, 487 const struct ieee80211_eht_operation *eht_oper, 488 const struct ieee80211_s1g_oper_ie *s1g_oper, 489 const u8 *bssid, u64 *changed) 490 { 491 struct ieee80211_sub_if_data *sdata = link->sdata; 492 struct ieee80211_local *local = sdata->local; 493 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 494 struct ieee80211_channel *chan = link->conf->chandef.chan; 495 struct ieee80211_supported_band *sband = 496 local->hw.wiphy->bands[chan->band]; 497 struct cfg80211_chan_def chandef; 498 u16 ht_opmode; 499 ieee80211_conn_flags_t flags; 500 u32 vht_cap_info = 0; 501 int ret; 502 503 /* if HT was/is disabled, don't track any bandwidth changes */ 504 if (link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HT || !ht_oper) 505 return 0; 506 507 /* don't check VHT if we associated as non-VHT station */ 508 if (link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_VHT) 509 vht_oper = NULL; 510 511 /* don't check HE if we associated as non-HE station */ 512 if (link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HE || 513 !ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif)) { 514 he_oper = NULL; 515 eht_oper = NULL; 516 } 517 518 /* don't check EHT if we associated as non-EHT station */ 519 if (link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_EHT || 520 !ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif)) 521 eht_oper = NULL; 522 523 /* 524 * if bss configuration changed store the new one - 525 * this may be applicable even if channel is identical 526 */ 527 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 528 if (link->conf->ht_operation_mode != ht_opmode) { 529 *changed |= BSS_CHANGED_HT; 530 link->conf->ht_operation_mode = ht_opmode; 531 } 532 533 if (vht_cap) 534 vht_cap_info = le32_to_cpu(vht_cap->vht_cap_info); 535 536 /* calculate new channel (type) based on HT/VHT/HE operation IEs */ 537 flags = ieee80211_determine_chantype(sdata, link, 538 link->u.mgd.conn_flags, 539 sband, chan, vht_cap_info, 540 ht_oper, vht_oper, 541 he_oper, eht_oper, 542 s1g_oper, &chandef, true); 543 544 /* 545 * Downgrade the new channel if we associated with restricted 546 * capabilities. For example, if we associated as a 20 MHz STA 547 * to a 40 MHz AP (due to regulatory, capabilities or config 548 * reasons) then switching to a 40 MHz channel now won't do us 549 * any good -- we couldn't use it with the AP. 550 */ 551 if (link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_80P80MHZ && 552 chandef.width == NL80211_CHAN_WIDTH_80P80) 553 flags |= ieee80211_chandef_downgrade(&chandef); 554 if (link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_160MHZ && 555 chandef.width == NL80211_CHAN_WIDTH_160) 556 flags |= ieee80211_chandef_downgrade(&chandef); 557 if (link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_40MHZ && 558 chandef.width > NL80211_CHAN_WIDTH_20) 559 flags |= ieee80211_chandef_downgrade(&chandef); 560 561 if (cfg80211_chandef_identical(&chandef, &link->conf->chandef)) 562 return 0; 563 564 link_info(link, 565 "AP %pM changed bandwidth, new config is %d.%03d MHz, width %d (%d.%03d/%d MHz)\n", 566 link->u.mgd.bssid, chandef.chan->center_freq, 567 chandef.chan->freq_offset, chandef.width, 568 chandef.center_freq1, chandef.freq1_offset, 569 chandef.center_freq2); 570 571 if (flags != (link->u.mgd.conn_flags & 572 (IEEE80211_CONN_DISABLE_HT | 573 IEEE80211_CONN_DISABLE_VHT | 574 IEEE80211_CONN_DISABLE_HE | 575 IEEE80211_CONN_DISABLE_EHT | 576 IEEE80211_CONN_DISABLE_40MHZ | 577 IEEE80211_CONN_DISABLE_80P80MHZ | 578 IEEE80211_CONN_DISABLE_160MHZ | 579 IEEE80211_CONN_DISABLE_320MHZ)) || 580 !cfg80211_chandef_valid(&chandef)) { 581 sdata_info(sdata, 582 "AP %pM changed caps/bw in a way we can't support (0x%x/0x%x) - disconnect\n", 583 link->u.mgd.bssid, flags, ifmgd->flags); 584 return -EINVAL; 585 } 586 587 ret = ieee80211_link_change_bandwidth(link, &chandef, changed); 588 589 if (ret) { 590 sdata_info(sdata, 591 "AP %pM changed bandwidth to incompatible one - disconnect\n", 592 link->u.mgd.bssid); 593 return ret; 594 } 595 596 return 0; 597 } 598 599 /* frame sending functions */ 600 601 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 602 struct sk_buff *skb, u8 ap_ht_param, 603 struct ieee80211_supported_band *sband, 604 struct ieee80211_channel *channel, 605 enum ieee80211_smps_mode smps, 606 ieee80211_conn_flags_t conn_flags) 607 { 608 u8 *pos; 609 u32 flags = channel->flags; 610 u16 cap; 611 struct ieee80211_sta_ht_cap ht_cap; 612 613 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 614 615 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 616 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 617 618 /* determine capability flags */ 619 cap = ht_cap.cap; 620 621 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 622 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 623 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 624 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 625 cap &= ~IEEE80211_HT_CAP_SGI_40; 626 } 627 break; 628 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 629 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 630 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 631 cap &= ~IEEE80211_HT_CAP_SGI_40; 632 } 633 break; 634 } 635 636 /* 637 * If 40 MHz was disabled associate as though we weren't 638 * capable of 40 MHz -- some broken APs will never fall 639 * back to trying to transmit in 20 MHz. 640 */ 641 if (conn_flags & IEEE80211_CONN_DISABLE_40MHZ) { 642 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 643 cap &= ~IEEE80211_HT_CAP_SGI_40; 644 } 645 646 /* set SM PS mode properly */ 647 cap &= ~IEEE80211_HT_CAP_SM_PS; 648 switch (smps) { 649 case IEEE80211_SMPS_AUTOMATIC: 650 case IEEE80211_SMPS_NUM_MODES: 651 WARN_ON(1); 652 fallthrough; 653 case IEEE80211_SMPS_OFF: 654 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 655 IEEE80211_HT_CAP_SM_PS_SHIFT; 656 break; 657 case IEEE80211_SMPS_STATIC: 658 cap |= WLAN_HT_CAP_SM_PS_STATIC << 659 IEEE80211_HT_CAP_SM_PS_SHIFT; 660 break; 661 case IEEE80211_SMPS_DYNAMIC: 662 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 663 IEEE80211_HT_CAP_SM_PS_SHIFT; 664 break; 665 } 666 667 /* reserve and fill IE */ 668 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 669 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 670 } 671 672 /* This function determines vht capability flags for the association 673 * and builds the IE. 674 * Note - the function returns true to own the MU-MIMO capability 675 */ 676 static bool ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 677 struct sk_buff *skb, 678 struct ieee80211_supported_band *sband, 679 struct ieee80211_vht_cap *ap_vht_cap, 680 ieee80211_conn_flags_t conn_flags) 681 { 682 struct ieee80211_local *local = sdata->local; 683 u8 *pos; 684 u32 cap; 685 struct ieee80211_sta_vht_cap vht_cap; 686 u32 mask, ap_bf_sts, our_bf_sts; 687 bool mu_mimo_owner = false; 688 689 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 690 691 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 692 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 693 694 /* determine capability flags */ 695 cap = vht_cap.cap; 696 697 if (conn_flags & IEEE80211_CONN_DISABLE_80P80MHZ) { 698 u32 bw = cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 699 700 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 701 if (bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ || 702 bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ) 703 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 704 } 705 706 if (conn_flags & IEEE80211_CONN_DISABLE_160MHZ) { 707 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 708 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 709 } 710 711 /* 712 * Some APs apparently get confused if our capabilities are better 713 * than theirs, so restrict what we advertise in the assoc request. 714 */ 715 if (!(ap_vht_cap->vht_cap_info & 716 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 717 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE | 718 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE); 719 else if (!(ap_vht_cap->vht_cap_info & 720 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))) 721 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE; 722 723 /* 724 * If some other vif is using the MU-MIMO capability we cannot associate 725 * using MU-MIMO - this will lead to contradictions in the group-id 726 * mechanism. 727 * Ownership is defined since association request, in order to avoid 728 * simultaneous associations with MU-MIMO. 729 */ 730 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) { 731 bool disable_mu_mimo = false; 732 struct ieee80211_sub_if_data *other; 733 734 list_for_each_entry_rcu(other, &local->interfaces, list) { 735 if (other->vif.bss_conf.mu_mimo_owner) { 736 disable_mu_mimo = true; 737 break; 738 } 739 } 740 if (disable_mu_mimo) 741 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE; 742 else 743 mu_mimo_owner = true; 744 } 745 746 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK; 747 748 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask; 749 our_bf_sts = cap & mask; 750 751 if (ap_bf_sts < our_bf_sts) { 752 cap &= ~mask; 753 cap |= ap_bf_sts; 754 } 755 756 /* reserve and fill IE */ 757 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 758 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 759 760 return mu_mimo_owner; 761 } 762 763 /* This function determines HE capability flags for the association 764 * and builds the IE. 765 */ 766 static void ieee80211_add_he_ie(struct ieee80211_sub_if_data *sdata, 767 struct sk_buff *skb, 768 struct ieee80211_supported_band *sband, 769 enum ieee80211_smps_mode smps_mode, 770 ieee80211_conn_flags_t conn_flags) 771 { 772 u8 *pos, *pre_he_pos; 773 const struct ieee80211_sta_he_cap *he_cap; 774 u8 he_cap_size; 775 776 he_cap = ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif); 777 if (WARN_ON(!he_cap)) 778 return; 779 780 /* get a max size estimate */ 781 he_cap_size = 782 2 + 1 + sizeof(he_cap->he_cap_elem) + 783 ieee80211_he_mcs_nss_size(&he_cap->he_cap_elem) + 784 ieee80211_he_ppe_size(he_cap->ppe_thres[0], 785 he_cap->he_cap_elem.phy_cap_info); 786 pos = skb_put(skb, he_cap_size); 787 pre_he_pos = pos; 788 pos = ieee80211_ie_build_he_cap(conn_flags, 789 pos, he_cap, pos + he_cap_size); 790 /* trim excess if any */ 791 skb_trim(skb, skb->len - (pre_he_pos + he_cap_size - pos)); 792 793 ieee80211_ie_build_he_6ghz_cap(sdata, smps_mode, skb); 794 } 795 796 static void ieee80211_add_eht_ie(struct ieee80211_sub_if_data *sdata, 797 struct sk_buff *skb, 798 struct ieee80211_supported_band *sband) 799 { 800 u8 *pos; 801 const struct ieee80211_sta_he_cap *he_cap; 802 const struct ieee80211_sta_eht_cap *eht_cap; 803 u8 eht_cap_size; 804 805 he_cap = ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif); 806 eht_cap = ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif); 807 808 /* 809 * EHT capabilities element is only added if the HE capabilities element 810 * was added so assume that 'he_cap' is valid and don't check it. 811 */ 812 if (WARN_ON(!he_cap || !eht_cap)) 813 return; 814 815 eht_cap_size = 816 2 + 1 + sizeof(eht_cap->eht_cap_elem) + 817 ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem, 818 &eht_cap->eht_cap_elem, 819 false) + 820 ieee80211_eht_ppe_size(eht_cap->eht_ppe_thres[0], 821 eht_cap->eht_cap_elem.phy_cap_info); 822 pos = skb_put(skb, eht_cap_size); 823 ieee80211_ie_build_eht_cap(pos, he_cap, eht_cap, pos + eht_cap_size, 824 false); 825 } 826 827 static void ieee80211_assoc_add_rates(struct sk_buff *skb, 828 enum nl80211_chan_width width, 829 struct ieee80211_supported_band *sband, 830 struct ieee80211_mgd_assoc_data *assoc_data) 831 { 832 unsigned int shift = ieee80211_chanwidth_get_shift(width); 833 unsigned int rates_len, supp_rates_len; 834 u32 rates = 0; 835 int i, count; 836 u8 *pos; 837 838 if (assoc_data->supp_rates_len) { 839 /* 840 * Get all rates supported by the device and the AP as 841 * some APs don't like getting a superset of their rates 842 * in the association request (e.g. D-Link DAP 1353 in 843 * b-only mode)... 844 */ 845 rates_len = ieee80211_parse_bitrates(width, sband, 846 assoc_data->supp_rates, 847 assoc_data->supp_rates_len, 848 &rates); 849 } else { 850 /* 851 * In case AP not provide any supported rates information 852 * before association, we send information element(s) with 853 * all rates that we support. 854 */ 855 rates_len = sband->n_bitrates; 856 for (i = 0; i < sband->n_bitrates; i++) 857 rates |= BIT(i); 858 } 859 860 supp_rates_len = rates_len; 861 if (supp_rates_len > 8) 862 supp_rates_len = 8; 863 864 pos = skb_put(skb, supp_rates_len + 2); 865 *pos++ = WLAN_EID_SUPP_RATES; 866 *pos++ = supp_rates_len; 867 868 count = 0; 869 for (i = 0; i < sband->n_bitrates; i++) { 870 if (BIT(i) & rates) { 871 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 872 5 * (1 << shift)); 873 *pos++ = (u8)rate; 874 if (++count == 8) 875 break; 876 } 877 } 878 879 if (rates_len > count) { 880 pos = skb_put(skb, rates_len - count + 2); 881 *pos++ = WLAN_EID_EXT_SUPP_RATES; 882 *pos++ = rates_len - count; 883 884 for (i++; i < sband->n_bitrates; i++) { 885 if (BIT(i) & rates) { 886 int rate; 887 888 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 889 5 * (1 << shift)); 890 *pos++ = (u8)rate; 891 } 892 } 893 } 894 } 895 896 static size_t ieee80211_add_before_ht_elems(struct sk_buff *skb, 897 const u8 *elems, 898 size_t elems_len, 899 size_t offset) 900 { 901 size_t noffset; 902 903 static const u8 before_ht[] = { 904 WLAN_EID_SSID, 905 WLAN_EID_SUPP_RATES, 906 WLAN_EID_EXT_SUPP_RATES, 907 WLAN_EID_PWR_CAPABILITY, 908 WLAN_EID_SUPPORTED_CHANNELS, 909 WLAN_EID_RSN, 910 WLAN_EID_QOS_CAPA, 911 WLAN_EID_RRM_ENABLED_CAPABILITIES, 912 WLAN_EID_MOBILITY_DOMAIN, 913 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */ 914 WLAN_EID_RIC_DATA, /* reassoc only */ 915 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 916 }; 917 static const u8 after_ric[] = { 918 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 919 WLAN_EID_HT_CAPABILITY, 920 WLAN_EID_BSS_COEX_2040, 921 /* luckily this is almost always there */ 922 WLAN_EID_EXT_CAPABILITY, 923 WLAN_EID_QOS_TRAFFIC_CAPA, 924 WLAN_EID_TIM_BCAST_REQ, 925 WLAN_EID_INTERWORKING, 926 /* 60 GHz (Multi-band, DMG, MMS) can't happen */ 927 WLAN_EID_VHT_CAPABILITY, 928 WLAN_EID_OPMODE_NOTIF, 929 }; 930 931 if (!elems_len) 932 return offset; 933 934 noffset = ieee80211_ie_split_ric(elems, elems_len, 935 before_ht, 936 ARRAY_SIZE(before_ht), 937 after_ric, 938 ARRAY_SIZE(after_ric), 939 offset); 940 skb_put_data(skb, elems + offset, noffset - offset); 941 942 return noffset; 943 } 944 945 static size_t ieee80211_add_before_vht_elems(struct sk_buff *skb, 946 const u8 *elems, 947 size_t elems_len, 948 size_t offset) 949 { 950 static const u8 before_vht[] = { 951 /* 952 * no need to list the ones split off before HT 953 * or generated here 954 */ 955 WLAN_EID_BSS_COEX_2040, 956 WLAN_EID_EXT_CAPABILITY, 957 WLAN_EID_QOS_TRAFFIC_CAPA, 958 WLAN_EID_TIM_BCAST_REQ, 959 WLAN_EID_INTERWORKING, 960 /* 60 GHz (Multi-band, DMG, MMS) can't happen */ 961 }; 962 size_t noffset; 963 964 if (!elems_len) 965 return offset; 966 967 /* RIC already taken care of in ieee80211_add_before_ht_elems() */ 968 noffset = ieee80211_ie_split(elems, elems_len, 969 before_vht, ARRAY_SIZE(before_vht), 970 offset); 971 skb_put_data(skb, elems + offset, noffset - offset); 972 973 return noffset; 974 } 975 976 static size_t ieee80211_add_before_he_elems(struct sk_buff *skb, 977 const u8 *elems, 978 size_t elems_len, 979 size_t offset) 980 { 981 static const u8 before_he[] = { 982 /* 983 * no need to list the ones split off before VHT 984 * or generated here 985 */ 986 WLAN_EID_OPMODE_NOTIF, 987 WLAN_EID_EXTENSION, WLAN_EID_EXT_FUTURE_CHAN_GUIDANCE, 988 /* 11ai elements */ 989 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_SESSION, 990 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_PUBLIC_KEY, 991 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_KEY_CONFIRM, 992 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_HLP_CONTAINER, 993 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_IP_ADDR_ASSIGN, 994 /* TODO: add 11ah/11aj/11ak elements */ 995 }; 996 size_t noffset; 997 998 if (!elems_len) 999 return offset; 1000 1001 /* RIC already taken care of in ieee80211_add_before_ht_elems() */ 1002 noffset = ieee80211_ie_split(elems, elems_len, 1003 before_he, ARRAY_SIZE(before_he), 1004 offset); 1005 skb_put_data(skb, elems + offset, noffset - offset); 1006 1007 return noffset; 1008 } 1009 1010 #define PRESENT_ELEMS_MAX 8 1011 #define PRESENT_ELEM_EXT_OFFS 0x100 1012 1013 static void ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata, 1014 struct sk_buff *skb, u16 capab, 1015 const struct element *ext_capa, 1016 const u16 *present_elems); 1017 1018 static size_t ieee80211_assoc_link_elems(struct ieee80211_sub_if_data *sdata, 1019 struct sk_buff *skb, u16 *capab, 1020 const struct element *ext_capa, 1021 const u8 *extra_elems, 1022 size_t extra_elems_len, 1023 unsigned int link_id, 1024 struct ieee80211_link_data *link, 1025 u16 *present_elems) 1026 { 1027 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif); 1028 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1029 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 1030 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss; 1031 struct ieee80211_channel *chan = cbss->channel; 1032 const struct ieee80211_sband_iftype_data *iftd; 1033 struct ieee80211_local *local = sdata->local; 1034 struct ieee80211_supported_band *sband; 1035 enum nl80211_chan_width width = NL80211_CHAN_WIDTH_20; 1036 struct ieee80211_chanctx_conf *chanctx_conf; 1037 enum ieee80211_smps_mode smps_mode; 1038 u16 orig_capab = *capab; 1039 size_t offset = 0; 1040 int present_elems_len = 0; 1041 u8 *pos; 1042 int i; 1043 1044 #define ADD_PRESENT_ELEM(id) do { \ 1045 /* need a last for termination - we use 0 == SSID */ \ 1046 if (!WARN_ON(present_elems_len >= PRESENT_ELEMS_MAX - 1)) \ 1047 present_elems[present_elems_len++] = (id); \ 1048 } while (0) 1049 #define ADD_PRESENT_EXT_ELEM(id) ADD_PRESENT_ELEM(PRESENT_ELEM_EXT_OFFS | (id)) 1050 1051 if (link) 1052 smps_mode = link->smps_mode; 1053 else if (sdata->u.mgd.powersave) 1054 smps_mode = IEEE80211_SMPS_DYNAMIC; 1055 else 1056 smps_mode = IEEE80211_SMPS_OFF; 1057 1058 if (link) { 1059 /* 1060 * 5/10 MHz scenarios are only viable without MLO, in which 1061 * case this pointer should be used ... All of this is a bit 1062 * unclear though, not sure this even works at all. 1063 */ 1064 rcu_read_lock(); 1065 chanctx_conf = rcu_dereference(link->conf->chanctx_conf); 1066 if (chanctx_conf) 1067 width = chanctx_conf->def.width; 1068 rcu_read_unlock(); 1069 } 1070 1071 sband = local->hw.wiphy->bands[chan->band]; 1072 iftd = ieee80211_get_sband_iftype_data(sband, iftype); 1073 1074 if (sband->band == NL80211_BAND_2GHZ) { 1075 *capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 1076 *capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 1077 } 1078 1079 if ((cbss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 1080 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT)) 1081 *capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 1082 1083 if (sband->band != NL80211_BAND_S1GHZ) 1084 ieee80211_assoc_add_rates(skb, width, sband, assoc_data); 1085 1086 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT || 1087 *capab & WLAN_CAPABILITY_RADIO_MEASURE) { 1088 struct cfg80211_chan_def chandef = { 1089 .width = width, 1090 .chan = chan, 1091 }; 1092 1093 pos = skb_put(skb, 4); 1094 *pos++ = WLAN_EID_PWR_CAPABILITY; 1095 *pos++ = 2; 1096 *pos++ = 0; /* min tx power */ 1097 /* max tx power */ 1098 *pos++ = ieee80211_chandef_max_power(&chandef); 1099 ADD_PRESENT_ELEM(WLAN_EID_PWR_CAPABILITY); 1100 } 1101 1102 /* 1103 * Per spec, we shouldn't include the list of channels if we advertise 1104 * support for extended channel switching, but we've always done that; 1105 * (for now?) apply this restriction only on the (new) 6 GHz band. 1106 */ 1107 if (*capab & WLAN_CAPABILITY_SPECTRUM_MGMT && 1108 (sband->band != NL80211_BAND_6GHZ || 1109 !ext_capa || ext_capa->datalen < 1 || 1110 !(ext_capa->data[0] & WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING))) { 1111 /* TODO: get this in reg domain format */ 1112 pos = skb_put(skb, 2 * sband->n_channels + 2); 1113 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 1114 *pos++ = 2 * sband->n_channels; 1115 for (i = 0; i < sband->n_channels; i++) { 1116 int cf = sband->channels[i].center_freq; 1117 1118 *pos++ = ieee80211_frequency_to_channel(cf); 1119 *pos++ = 1; /* one channel in the subband*/ 1120 } 1121 ADD_PRESENT_ELEM(WLAN_EID_SUPPORTED_CHANNELS); 1122 } 1123 1124 /* if present, add any custom IEs that go before HT */ 1125 offset = ieee80211_add_before_ht_elems(skb, extra_elems, 1126 extra_elems_len, 1127 offset); 1128 1129 if (sband->band != NL80211_BAND_6GHZ && 1130 !(assoc_data->link[link_id].conn_flags & IEEE80211_CONN_DISABLE_HT)) { 1131 ieee80211_add_ht_ie(sdata, skb, 1132 assoc_data->link[link_id].ap_ht_param, 1133 sband, chan, smps_mode, 1134 assoc_data->link[link_id].conn_flags); 1135 ADD_PRESENT_ELEM(WLAN_EID_HT_CAPABILITY); 1136 } 1137 1138 /* if present, add any custom IEs that go before VHT */ 1139 offset = ieee80211_add_before_vht_elems(skb, extra_elems, 1140 extra_elems_len, 1141 offset); 1142 1143 if (sband->band != NL80211_BAND_6GHZ && 1144 !(assoc_data->link[link_id].conn_flags & IEEE80211_CONN_DISABLE_VHT)) { 1145 bool mu_mimo_owner = 1146 ieee80211_add_vht_ie(sdata, skb, sband, 1147 &assoc_data->link[link_id].ap_vht_cap, 1148 assoc_data->link[link_id].conn_flags); 1149 1150 if (link) 1151 link->conf->mu_mimo_owner = mu_mimo_owner; 1152 ADD_PRESENT_ELEM(WLAN_EID_VHT_CAPABILITY); 1153 } 1154 1155 /* 1156 * If AP doesn't support HT, mark HE and EHT as disabled. 1157 * If on the 5GHz band, make sure it supports VHT. 1158 */ 1159 if (assoc_data->link[link_id].conn_flags & IEEE80211_CONN_DISABLE_HT || 1160 (sband->band == NL80211_BAND_5GHZ && 1161 assoc_data->link[link_id].conn_flags & IEEE80211_CONN_DISABLE_VHT)) 1162 assoc_data->link[link_id].conn_flags |= 1163 IEEE80211_CONN_DISABLE_HE | 1164 IEEE80211_CONN_DISABLE_EHT; 1165 1166 /* if present, add any custom IEs that go before HE */ 1167 offset = ieee80211_add_before_he_elems(skb, extra_elems, 1168 extra_elems_len, 1169 offset); 1170 1171 if (!(assoc_data->link[link_id].conn_flags & IEEE80211_CONN_DISABLE_HE)) { 1172 ieee80211_add_he_ie(sdata, skb, sband, smps_mode, 1173 assoc_data->link[link_id].conn_flags); 1174 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_HE_CAPABILITY); 1175 } 1176 1177 /* 1178 * careful - need to know about all the present elems before 1179 * calling ieee80211_assoc_add_ml_elem(), so add this one if 1180 * we're going to put it after the ML element 1181 */ 1182 if (!(assoc_data->link[link_id].conn_flags & IEEE80211_CONN_DISABLE_EHT)) 1183 ADD_PRESENT_EXT_ELEM(WLAN_EID_EXT_EHT_CAPABILITY); 1184 1185 if (link_id == assoc_data->assoc_link_id) 1186 ieee80211_assoc_add_ml_elem(sdata, skb, orig_capab, ext_capa, 1187 present_elems); 1188 1189 /* crash if somebody gets it wrong */ 1190 present_elems = NULL; 1191 1192 if (!(assoc_data->link[link_id].conn_flags & IEEE80211_CONN_DISABLE_EHT)) 1193 ieee80211_add_eht_ie(sdata, skb, sband); 1194 1195 if (sband->band == NL80211_BAND_S1GHZ) { 1196 ieee80211_add_aid_request_ie(sdata, skb); 1197 ieee80211_add_s1g_capab_ie(sdata, &sband->s1g_cap, skb); 1198 } 1199 1200 if (iftd && iftd->vendor_elems.data && iftd->vendor_elems.len) 1201 skb_put_data(skb, iftd->vendor_elems.data, iftd->vendor_elems.len); 1202 1203 if (link) 1204 link->u.mgd.conn_flags = assoc_data->link[link_id].conn_flags; 1205 1206 return offset; 1207 } 1208 1209 static void ieee80211_add_non_inheritance_elem(struct sk_buff *skb, 1210 const u16 *outer, 1211 const u16 *inner) 1212 { 1213 unsigned int skb_len = skb->len; 1214 bool at_extension = false; 1215 bool added = false; 1216 int i, j; 1217 u8 *len, *list_len = NULL; 1218 1219 skb_put_u8(skb, WLAN_EID_EXTENSION); 1220 len = skb_put(skb, 1); 1221 skb_put_u8(skb, WLAN_EID_EXT_NON_INHERITANCE); 1222 1223 for (i = 0; i < PRESENT_ELEMS_MAX && outer[i]; i++) { 1224 u16 elem = outer[i]; 1225 bool have_inner = false; 1226 1227 /* should at least be sorted in the sense of normal -> ext */ 1228 WARN_ON(at_extension && elem < PRESENT_ELEM_EXT_OFFS); 1229 1230 /* switch to extension list */ 1231 if (!at_extension && elem >= PRESENT_ELEM_EXT_OFFS) { 1232 at_extension = true; 1233 if (!list_len) 1234 skb_put_u8(skb, 0); 1235 list_len = NULL; 1236 } 1237 1238 for (j = 0; j < PRESENT_ELEMS_MAX && inner[j]; j++) { 1239 if (elem == inner[j]) { 1240 have_inner = true; 1241 break; 1242 } 1243 } 1244 1245 if (have_inner) 1246 continue; 1247 1248 if (!list_len) { 1249 list_len = skb_put(skb, 1); 1250 *list_len = 0; 1251 } 1252 *list_len += 1; 1253 skb_put_u8(skb, (u8)elem); 1254 added = true; 1255 } 1256 1257 /* if we added a list but no extension list, make a zero-len one */ 1258 if (added && (!at_extension || !list_len)) 1259 skb_put_u8(skb, 0); 1260 1261 /* if nothing added remove extension element completely */ 1262 if (!added) 1263 skb_trim(skb, skb_len); 1264 else 1265 *len = skb->len - skb_len - 2; 1266 } 1267 1268 static void ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata, 1269 struct sk_buff *skb, u16 capab, 1270 const struct element *ext_capa, 1271 const u16 *outer_present_elems) 1272 { 1273 struct ieee80211_local *local = sdata->local; 1274 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1275 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 1276 struct ieee80211_multi_link_elem *ml_elem; 1277 struct ieee80211_mle_basic_common_info *common; 1278 const struct wiphy_iftype_ext_capab *ift_ext_capa; 1279 __le16 eml_capa = 0, mld_capa_ops = 0; 1280 unsigned int link_id; 1281 u8 *ml_elem_len; 1282 void *capab_pos; 1283 1284 if (!ieee80211_vif_is_mld(&sdata->vif)) 1285 return; 1286 1287 ift_ext_capa = cfg80211_get_iftype_ext_capa(local->hw.wiphy, 1288 ieee80211_vif_type_p2p(&sdata->vif)); 1289 if (ift_ext_capa) { 1290 eml_capa = cpu_to_le16(ift_ext_capa->eml_capabilities); 1291 mld_capa_ops = cpu_to_le16(ift_ext_capa->mld_capa_and_ops); 1292 } 1293 1294 skb_put_u8(skb, WLAN_EID_EXTENSION); 1295 ml_elem_len = skb_put(skb, 1); 1296 skb_put_u8(skb, WLAN_EID_EXT_EHT_MULTI_LINK); 1297 ml_elem = skb_put(skb, sizeof(*ml_elem)); 1298 ml_elem->control = 1299 cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_BASIC | 1300 IEEE80211_MLC_BASIC_PRES_MLD_CAPA_OP); 1301 common = skb_put(skb, sizeof(*common)); 1302 common->len = sizeof(*common) + 1303 2; /* MLD capa/ops */ 1304 memcpy(common->mld_mac_addr, sdata->vif.addr, ETH_ALEN); 1305 1306 /* add EML_CAPA only if needed, see Draft P802.11be_D2.1, 35.3.17 */ 1307 if (eml_capa & 1308 cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP | 1309 IEEE80211_EML_CAP_EMLMR_SUPPORT))) { 1310 common->len += 2; /* EML capabilities */ 1311 ml_elem->control |= 1312 cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EML_CAPA); 1313 skb_put_data(skb, &eml_capa, sizeof(eml_capa)); 1314 } 1315 /* need indication from userspace to support this */ 1316 mld_capa_ops &= ~cpu_to_le16(IEEE80211_MLD_CAP_OP_TID_TO_LINK_MAP_NEG_SUPP); 1317 skb_put_data(skb, &mld_capa_ops, sizeof(mld_capa_ops)); 1318 1319 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 1320 u16 link_present_elems[PRESENT_ELEMS_MAX] = {}; 1321 const u8 *extra_elems; 1322 size_t extra_elems_len; 1323 size_t extra_used; 1324 u8 *subelem_len = NULL; 1325 __le16 ctrl; 1326 1327 if (!assoc_data->link[link_id].bss || 1328 link_id == assoc_data->assoc_link_id) 1329 continue; 1330 1331 extra_elems = assoc_data->link[link_id].elems; 1332 extra_elems_len = assoc_data->link[link_id].elems_len; 1333 1334 skb_put_u8(skb, IEEE80211_MLE_SUBELEM_PER_STA_PROFILE); 1335 subelem_len = skb_put(skb, 1); 1336 1337 ctrl = cpu_to_le16(link_id | 1338 IEEE80211_MLE_STA_CONTROL_COMPLETE_PROFILE | 1339 IEEE80211_MLE_STA_CONTROL_STA_MAC_ADDR_PRESENT); 1340 skb_put_data(skb, &ctrl, sizeof(ctrl)); 1341 skb_put_u8(skb, 1 + ETH_ALEN); /* STA Info Length */ 1342 skb_put_data(skb, assoc_data->link[link_id].addr, 1343 ETH_ALEN); 1344 /* 1345 * Now add the contents of the (re)association request, 1346 * but the "listen interval" and "current AP address" 1347 * (if applicable) are skipped. So we only have 1348 * the capability field (remember the position and fill 1349 * later), followed by the elements added below by 1350 * calling ieee80211_assoc_link_elems(). 1351 */ 1352 capab_pos = skb_put(skb, 2); 1353 1354 extra_used = ieee80211_assoc_link_elems(sdata, skb, &capab, 1355 ext_capa, 1356 extra_elems, 1357 extra_elems_len, 1358 link_id, NULL, 1359 link_present_elems); 1360 if (extra_elems) 1361 skb_put_data(skb, extra_elems + extra_used, 1362 extra_elems_len - extra_used); 1363 1364 put_unaligned_le16(capab, capab_pos); 1365 1366 ieee80211_add_non_inheritance_elem(skb, outer_present_elems, 1367 link_present_elems); 1368 1369 ieee80211_fragment_element(skb, subelem_len, 1370 IEEE80211_MLE_SUBELEM_FRAGMENT); 1371 } 1372 1373 ieee80211_fragment_element(skb, ml_elem_len, WLAN_EID_FRAGMENT); 1374 } 1375 1376 static int ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 1377 { 1378 struct ieee80211_local *local = sdata->local; 1379 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1380 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 1381 struct ieee80211_link_data *link; 1382 struct sk_buff *skb; 1383 struct ieee80211_mgmt *mgmt; 1384 u8 *pos, qos_info, *ie_start; 1385 size_t offset, noffset; 1386 u16 capab = WLAN_CAPABILITY_ESS, link_capab; 1387 __le16 listen_int; 1388 struct element *ext_capa = NULL; 1389 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif); 1390 struct ieee80211_prep_tx_info info = {}; 1391 unsigned int link_id, n_links = 0; 1392 u16 present_elems[PRESENT_ELEMS_MAX] = {}; 1393 void *capab_pos; 1394 size_t size; 1395 int ret; 1396 1397 /* we know it's writable, cast away the const */ 1398 if (assoc_data->ie_len) 1399 ext_capa = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY, 1400 assoc_data->ie, 1401 assoc_data->ie_len); 1402 1403 lockdep_assert_wiphy(sdata->local->hw.wiphy); 1404 1405 size = local->hw.extra_tx_headroom + 1406 sizeof(*mgmt) + /* bit too much but doesn't matter */ 1407 2 + assoc_data->ssid_len + /* SSID */ 1408 assoc_data->ie_len + /* extra IEs */ 1409 (assoc_data->fils_kek_len ? 16 /* AES-SIV */ : 0) + 1410 9; /* WMM */ 1411 1412 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 1413 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss; 1414 const struct ieee80211_sband_iftype_data *iftd; 1415 struct ieee80211_supported_band *sband; 1416 1417 if (!cbss) 1418 continue; 1419 1420 sband = local->hw.wiphy->bands[cbss->channel->band]; 1421 1422 n_links++; 1423 /* add STA profile elements length */ 1424 size += assoc_data->link[link_id].elems_len; 1425 /* and supported rates length */ 1426 size += 4 + sband->n_bitrates; 1427 /* supported channels */ 1428 size += 2 + 2 * sband->n_channels; 1429 1430 iftd = ieee80211_get_sband_iftype_data(sband, iftype); 1431 if (iftd) 1432 size += iftd->vendor_elems.len; 1433 1434 /* power capability */ 1435 size += 4; 1436 1437 /* HT, VHT, HE, EHT */ 1438 size += 2 + sizeof(struct ieee80211_ht_cap); 1439 size += 2 + sizeof(struct ieee80211_vht_cap); 1440 size += 2 + 1 + sizeof(struct ieee80211_he_cap_elem) + 1441 sizeof(struct ieee80211_he_mcs_nss_supp) + 1442 IEEE80211_HE_PPE_THRES_MAX_LEN; 1443 1444 if (sband->band == NL80211_BAND_6GHZ) 1445 size += 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa); 1446 1447 size += 2 + 1 + sizeof(struct ieee80211_eht_cap_elem) + 1448 sizeof(struct ieee80211_eht_mcs_nss_supp) + 1449 IEEE80211_EHT_PPE_THRES_MAX_LEN; 1450 1451 /* non-inheritance element */ 1452 size += 2 + 2 + PRESENT_ELEMS_MAX; 1453 1454 /* should be the same across all BSSes */ 1455 if (cbss->capability & WLAN_CAPABILITY_PRIVACY) 1456 capab |= WLAN_CAPABILITY_PRIVACY; 1457 } 1458 1459 if (ieee80211_vif_is_mld(&sdata->vif)) { 1460 /* consider the multi-link element with STA profile */ 1461 size += sizeof(struct ieee80211_multi_link_elem); 1462 /* max common info field in basic multi-link element */ 1463 size += sizeof(struct ieee80211_mle_basic_common_info) + 1464 2 + /* capa & op */ 1465 2; /* EML capa */ 1466 1467 /* 1468 * The capability elements were already considered above; 1469 * note this over-estimates a bit because there's no 1470 * STA profile for the assoc link. 1471 */ 1472 size += (n_links - 1) * 1473 (1 + 1 + /* subelement ID/length */ 1474 2 + /* STA control */ 1475 1 + ETH_ALEN + 2 /* STA Info field */); 1476 } 1477 1478 link = sdata_dereference(sdata->link[assoc_data->assoc_link_id], sdata); 1479 if (WARN_ON(!link)) 1480 return -EINVAL; 1481 1482 if (WARN_ON(!assoc_data->link[assoc_data->assoc_link_id].bss)) 1483 return -EINVAL; 1484 1485 skb = alloc_skb(size, GFP_KERNEL); 1486 if (!skb) 1487 return -ENOMEM; 1488 1489 skb_reserve(skb, local->hw.extra_tx_headroom); 1490 1491 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM) 1492 capab |= WLAN_CAPABILITY_RADIO_MEASURE; 1493 1494 /* Set MBSSID support for HE AP if needed */ 1495 if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) && 1496 !(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HE) && 1497 ext_capa && ext_capa->datalen >= 3) 1498 ext_capa->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT; 1499 1500 mgmt = skb_put_zero(skb, 24); 1501 memcpy(mgmt->da, sdata->vif.cfg.ap_addr, ETH_ALEN); 1502 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 1503 memcpy(mgmt->bssid, sdata->vif.cfg.ap_addr, ETH_ALEN); 1504 1505 listen_int = cpu_to_le16(assoc_data->s1g ? 1506 ieee80211_encode_usf(local->hw.conf.listen_interval) : 1507 local->hw.conf.listen_interval); 1508 if (!is_zero_ether_addr(assoc_data->prev_ap_addr)) { 1509 skb_put(skb, 10); 1510 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 1511 IEEE80211_STYPE_REASSOC_REQ); 1512 capab_pos = &mgmt->u.reassoc_req.capab_info; 1513 mgmt->u.reassoc_req.listen_interval = listen_int; 1514 memcpy(mgmt->u.reassoc_req.current_ap, 1515 assoc_data->prev_ap_addr, ETH_ALEN); 1516 info.subtype = IEEE80211_STYPE_REASSOC_REQ; 1517 } else { 1518 skb_put(skb, 4); 1519 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 1520 IEEE80211_STYPE_ASSOC_REQ); 1521 capab_pos = &mgmt->u.assoc_req.capab_info; 1522 mgmt->u.assoc_req.listen_interval = listen_int; 1523 info.subtype = IEEE80211_STYPE_ASSOC_REQ; 1524 } 1525 1526 /* SSID */ 1527 pos = skb_put(skb, 2 + assoc_data->ssid_len); 1528 ie_start = pos; 1529 *pos++ = WLAN_EID_SSID; 1530 *pos++ = assoc_data->ssid_len; 1531 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 1532 1533 /* add the elements for the assoc (main) link */ 1534 link_capab = capab; 1535 offset = ieee80211_assoc_link_elems(sdata, skb, &link_capab, 1536 ext_capa, 1537 assoc_data->ie, 1538 assoc_data->ie_len, 1539 assoc_data->assoc_link_id, link, 1540 present_elems); 1541 put_unaligned_le16(link_capab, capab_pos); 1542 1543 /* if present, add any custom non-vendor IEs */ 1544 if (assoc_data->ie_len) { 1545 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 1546 assoc_data->ie_len, 1547 offset); 1548 skb_put_data(skb, assoc_data->ie + offset, noffset - offset); 1549 offset = noffset; 1550 } 1551 1552 if (assoc_data->wmm) { 1553 if (assoc_data->uapsd) { 1554 qos_info = ifmgd->uapsd_queues; 1555 qos_info |= (ifmgd->uapsd_max_sp_len << 1556 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 1557 } else { 1558 qos_info = 0; 1559 } 1560 1561 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info); 1562 } 1563 1564 /* add any remaining custom (i.e. vendor specific here) IEs */ 1565 if (assoc_data->ie_len) { 1566 noffset = assoc_data->ie_len; 1567 skb_put_data(skb, assoc_data->ie + offset, noffset - offset); 1568 } 1569 1570 if (assoc_data->fils_kek_len) { 1571 ret = fils_encrypt_assoc_req(skb, assoc_data); 1572 if (ret < 0) { 1573 dev_kfree_skb(skb); 1574 return ret; 1575 } 1576 } 1577 1578 pos = skb_tail_pointer(skb); 1579 kfree(ifmgd->assoc_req_ies); 1580 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC); 1581 if (!ifmgd->assoc_req_ies) { 1582 dev_kfree_skb(skb); 1583 return -ENOMEM; 1584 } 1585 1586 ifmgd->assoc_req_ies_len = pos - ie_start; 1587 1588 drv_mgd_prepare_tx(local, sdata, &info); 1589 1590 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 1591 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 1592 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 1593 IEEE80211_TX_INTFL_MLME_CONN_TX; 1594 ieee80211_tx_skb(sdata, skb); 1595 1596 return 0; 1597 } 1598 1599 void ieee80211_send_pspoll(struct ieee80211_local *local, 1600 struct ieee80211_sub_if_data *sdata) 1601 { 1602 struct ieee80211_pspoll *pspoll; 1603 struct sk_buff *skb; 1604 1605 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 1606 if (!skb) 1607 return; 1608 1609 pspoll = (struct ieee80211_pspoll *) skb->data; 1610 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 1611 1612 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 1613 ieee80211_tx_skb(sdata, skb); 1614 } 1615 1616 void ieee80211_send_nullfunc(struct ieee80211_local *local, 1617 struct ieee80211_sub_if_data *sdata, 1618 bool powersave) 1619 { 1620 struct sk_buff *skb; 1621 struct ieee80211_hdr_3addr *nullfunc; 1622 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1623 1624 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif, -1, 1625 !ieee80211_hw_check(&local->hw, 1626 DOESNT_SUPPORT_QOS_NDP)); 1627 if (!skb) 1628 return; 1629 1630 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 1631 if (powersave) 1632 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 1633 1634 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 1635 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 1636 1637 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 1638 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 1639 1640 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 1641 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 1642 1643 ieee80211_tx_skb(sdata, skb); 1644 } 1645 1646 void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 1647 struct ieee80211_sub_if_data *sdata) 1648 { 1649 struct sk_buff *skb; 1650 struct ieee80211_hdr *nullfunc; 1651 __le16 fc; 1652 1653 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 1654 return; 1655 1656 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 1657 if (!skb) 1658 return; 1659 1660 skb_reserve(skb, local->hw.extra_tx_headroom); 1661 1662 nullfunc = skb_put_zero(skb, 30); 1663 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 1664 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 1665 nullfunc->frame_control = fc; 1666 memcpy(nullfunc->addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN); 1667 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 1668 memcpy(nullfunc->addr3, sdata->deflink.u.mgd.bssid, ETH_ALEN); 1669 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 1670 1671 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 1672 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 1673 ieee80211_tx_skb(sdata, skb); 1674 } 1675 1676 /* spectrum management related things */ 1677 static void ieee80211_chswitch_work(struct wiphy *wiphy, 1678 struct wiphy_work *work) 1679 { 1680 struct ieee80211_link_data *link = 1681 container_of(work, struct ieee80211_link_data, 1682 u.mgd.chswitch_work.work); 1683 struct ieee80211_sub_if_data *sdata = link->sdata; 1684 struct ieee80211_local *local = sdata->local; 1685 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1686 int ret; 1687 1688 if (!ieee80211_sdata_running(sdata)) 1689 return; 1690 1691 lockdep_assert_wiphy(local->hw.wiphy); 1692 1693 if (!ifmgd->associated) 1694 return; 1695 1696 if (!link->conf->csa_active) 1697 return; 1698 1699 /* 1700 * using reservation isn't immediate as it may be deferred until later 1701 * with multi-vif. once reservation is complete it will re-schedule the 1702 * work with no reserved_chanctx so verify chandef to check if it 1703 * completed successfully 1704 */ 1705 1706 if (link->reserved_chanctx) { 1707 /* 1708 * with multi-vif csa driver may call ieee80211_csa_finish() 1709 * many times while waiting for other interfaces to use their 1710 * reservations 1711 */ 1712 if (link->reserved_ready) 1713 return; 1714 1715 ret = ieee80211_link_use_reserved_context(link); 1716 if (ret) { 1717 sdata_info(sdata, 1718 "failed to use reserved channel context, disconnecting (err=%d)\n", 1719 ret); 1720 wiphy_work_queue(sdata->local->hw.wiphy, 1721 &ifmgd->csa_connection_drop_work); 1722 } 1723 return; 1724 } 1725 1726 if (!cfg80211_chandef_identical(&link->conf->chandef, 1727 &link->csa_chandef)) { 1728 sdata_info(sdata, 1729 "failed to finalize channel switch, disconnecting\n"); 1730 wiphy_work_queue(sdata->local->hw.wiphy, 1731 &ifmgd->csa_connection_drop_work); 1732 return; 1733 } 1734 1735 link->u.mgd.csa_waiting_bcn = true; 1736 1737 ieee80211_sta_reset_beacon_monitor(sdata); 1738 ieee80211_sta_reset_conn_monitor(sdata); 1739 } 1740 1741 static void ieee80211_chswitch_post_beacon(struct ieee80211_link_data *link) 1742 { 1743 struct ieee80211_sub_if_data *sdata = link->sdata; 1744 struct ieee80211_local *local = sdata->local; 1745 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1746 int ret; 1747 1748 lockdep_assert_wiphy(sdata->local->hw.wiphy); 1749 1750 WARN_ON(!link->conf->csa_active); 1751 1752 if (link->csa_block_tx) { 1753 ieee80211_wake_vif_queues(local, sdata, 1754 IEEE80211_QUEUE_STOP_REASON_CSA); 1755 link->csa_block_tx = false; 1756 } 1757 1758 link->conf->csa_active = false; 1759 link->u.mgd.csa_waiting_bcn = false; 1760 /* 1761 * If the CSA IE is still present on the beacon after the switch, 1762 * we need to consider it as a new CSA (possibly to self). 1763 */ 1764 link->u.mgd.beacon_crc_valid = false; 1765 1766 ret = drv_post_channel_switch(link); 1767 if (ret) { 1768 sdata_info(sdata, 1769 "driver post channel switch failed, disconnecting\n"); 1770 wiphy_work_queue(sdata->local->hw.wiphy, 1771 &ifmgd->csa_connection_drop_work); 1772 return; 1773 } 1774 1775 cfg80211_ch_switch_notify(sdata->dev, &link->reserved_chandef, 0, 0); 1776 } 1777 1778 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success, 1779 unsigned int link_id) 1780 { 1781 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1782 1783 trace_api_chswitch_done(sdata, success, link_id); 1784 1785 rcu_read_lock(); 1786 1787 if (!success) { 1788 sdata_info(sdata, 1789 "driver channel switch failed, disconnecting\n"); 1790 wiphy_work_queue(sdata->local->hw.wiphy, 1791 &sdata->u.mgd.csa_connection_drop_work); 1792 } else { 1793 struct ieee80211_link_data *link = 1794 rcu_dereference(sdata->link[link_id]); 1795 1796 if (WARN_ON(!link)) { 1797 rcu_read_unlock(); 1798 return; 1799 } 1800 1801 wiphy_delayed_work_queue(sdata->local->hw.wiphy, 1802 &link->u.mgd.chswitch_work, 0); 1803 } 1804 1805 rcu_read_unlock(); 1806 } 1807 EXPORT_SYMBOL(ieee80211_chswitch_done); 1808 1809 static void 1810 ieee80211_sta_abort_chanswitch(struct ieee80211_link_data *link) 1811 { 1812 struct ieee80211_sub_if_data *sdata = link->sdata; 1813 struct ieee80211_local *local = sdata->local; 1814 1815 lockdep_assert_wiphy(local->hw.wiphy); 1816 1817 if (!local->ops->abort_channel_switch) 1818 return; 1819 1820 ieee80211_link_unreserve_chanctx(link); 1821 1822 if (link->csa_block_tx) 1823 ieee80211_wake_vif_queues(local, sdata, 1824 IEEE80211_QUEUE_STOP_REASON_CSA); 1825 1826 link->csa_block_tx = false; 1827 link->conf->csa_active = false; 1828 1829 drv_abort_channel_switch(sdata); 1830 } 1831 1832 static void 1833 ieee80211_sta_process_chanswitch(struct ieee80211_link_data *link, 1834 u64 timestamp, u32 device_timestamp, 1835 struct ieee802_11_elems *elems, 1836 bool beacon) 1837 { 1838 struct ieee80211_sub_if_data *sdata = link->sdata; 1839 struct ieee80211_local *local = sdata->local; 1840 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1841 struct cfg80211_bss *cbss = link->u.mgd.bss; 1842 struct ieee80211_chanctx_conf *conf; 1843 struct ieee80211_chanctx *chanctx; 1844 enum nl80211_band current_band; 1845 struct ieee80211_csa_ie csa_ie; 1846 struct ieee80211_channel_switch ch_switch; 1847 struct ieee80211_bss *bss; 1848 unsigned long timeout; 1849 int res; 1850 1851 lockdep_assert_wiphy(local->hw.wiphy); 1852 1853 if (!cbss) 1854 return; 1855 1856 current_band = cbss->channel->band; 1857 bss = (void *)cbss->priv; 1858 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band, 1859 bss->vht_cap_info, 1860 link->u.mgd.conn_flags, 1861 link->u.mgd.bssid, &csa_ie); 1862 1863 if (!res) { 1864 ch_switch.timestamp = timestamp; 1865 ch_switch.device_timestamp = device_timestamp; 1866 ch_switch.block_tx = csa_ie.mode; 1867 ch_switch.chandef = csa_ie.chandef; 1868 ch_switch.count = csa_ie.count; 1869 ch_switch.delay = csa_ie.max_switch_time; 1870 } 1871 1872 if (res < 0) 1873 goto drop_connection; 1874 1875 if (beacon && link->conf->csa_active && 1876 !link->u.mgd.csa_waiting_bcn) { 1877 if (res) 1878 ieee80211_sta_abort_chanswitch(link); 1879 else 1880 drv_channel_switch_rx_beacon(sdata, &ch_switch); 1881 return; 1882 } else if (link->conf->csa_active || res) { 1883 /* disregard subsequent announcements if already processing */ 1884 return; 1885 } 1886 1887 if (link->conf->chandef.chan->band != 1888 csa_ie.chandef.chan->band) { 1889 sdata_info(sdata, 1890 "AP %pM switches to different band (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 1891 link->u.mgd.bssid, 1892 csa_ie.chandef.chan->center_freq, 1893 csa_ie.chandef.width, csa_ie.chandef.center_freq1, 1894 csa_ie.chandef.center_freq2); 1895 goto drop_connection; 1896 } 1897 1898 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef, 1899 IEEE80211_CHAN_DISABLED)) { 1900 sdata_info(sdata, 1901 "AP %pM switches to unsupported channel " 1902 "(%d.%03d MHz, width:%d, CF1/2: %d.%03d/%d MHz), " 1903 "disconnecting\n", 1904 link->u.mgd.bssid, 1905 csa_ie.chandef.chan->center_freq, 1906 csa_ie.chandef.chan->freq_offset, 1907 csa_ie.chandef.width, csa_ie.chandef.center_freq1, 1908 csa_ie.chandef.freq1_offset, 1909 csa_ie.chandef.center_freq2); 1910 goto drop_connection; 1911 } 1912 1913 if (cfg80211_chandef_identical(&csa_ie.chandef, 1914 &link->conf->chandef) && 1915 (!csa_ie.mode || !beacon)) { 1916 if (link->u.mgd.csa_ignored_same_chan) 1917 return; 1918 sdata_info(sdata, 1919 "AP %pM tries to chanswitch to same channel, ignore\n", 1920 link->u.mgd.bssid); 1921 link->u.mgd.csa_ignored_same_chan = true; 1922 return; 1923 } 1924 1925 /* 1926 * Drop all TDLS peers - either we disconnect or move to a different 1927 * channel from this point on. There's no telling what our peer will do. 1928 * The TDLS WIDER_BW scenario is also problematic, as peers might now 1929 * have an incompatible wider chandef. 1930 */ 1931 ieee80211_teardown_tdls_peers(sdata); 1932 1933 conf = rcu_dereference_protected(link->conf->chanctx_conf, 1934 lockdep_is_held(&local->hw.wiphy->mtx)); 1935 if (!conf) { 1936 sdata_info(sdata, 1937 "no channel context assigned to vif?, disconnecting\n"); 1938 goto drop_connection; 1939 } 1940 1941 chanctx = container_of(conf, struct ieee80211_chanctx, conf); 1942 1943 if (local->use_chanctx && 1944 !ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) { 1945 sdata_info(sdata, 1946 "driver doesn't support chan-switch with channel contexts\n"); 1947 goto drop_connection; 1948 } 1949 1950 if (drv_pre_channel_switch(sdata, &ch_switch)) { 1951 sdata_info(sdata, 1952 "preparing for channel switch failed, disconnecting\n"); 1953 goto drop_connection; 1954 } 1955 1956 res = ieee80211_link_reserve_chanctx(link, &csa_ie.chandef, 1957 chanctx->mode, false); 1958 if (res) { 1959 sdata_info(sdata, 1960 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n", 1961 res); 1962 goto drop_connection; 1963 } 1964 1965 link->conf->csa_active = true; 1966 link->csa_chandef = csa_ie.chandef; 1967 link->csa_block_tx = csa_ie.mode; 1968 link->u.mgd.csa_ignored_same_chan = false; 1969 link->u.mgd.beacon_crc_valid = false; 1970 1971 if (link->csa_block_tx) 1972 ieee80211_stop_vif_queues(local, sdata, 1973 IEEE80211_QUEUE_STOP_REASON_CSA); 1974 1975 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chandef, 1976 link->link_id, csa_ie.count, 1977 csa_ie.mode, 0); 1978 1979 if (local->ops->channel_switch) { 1980 /* use driver's channel switch callback */ 1981 drv_channel_switch(local, sdata, &ch_switch); 1982 return; 1983 } 1984 1985 /* channel switch handled in software */ 1986 timeout = TU_TO_JIFFIES((max_t(int, csa_ie.count, 1) - 1) * 1987 cbss->beacon_interval); 1988 wiphy_delayed_work_queue(local->hw.wiphy, 1989 &link->u.mgd.chswitch_work, 1990 timeout); 1991 return; 1992 drop_connection: 1993 /* 1994 * This is just so that the disconnect flow will know that 1995 * we were trying to switch channel and failed. In case the 1996 * mode is 1 (we are not allowed to Tx), we will know not to 1997 * send a deauthentication frame. Those two fields will be 1998 * reset when the disconnection worker runs. 1999 */ 2000 link->conf->csa_active = true; 2001 link->csa_block_tx = csa_ie.mode; 2002 2003 wiphy_work_queue(sdata->local->hw.wiphy, 2004 &ifmgd->csa_connection_drop_work); 2005 } 2006 2007 static bool 2008 ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata, 2009 struct ieee80211_channel *channel, 2010 const u8 *country_ie, u8 country_ie_len, 2011 const u8 *pwr_constr_elem, 2012 int *chan_pwr, int *pwr_reduction) 2013 { 2014 struct ieee80211_country_ie_triplet *triplet; 2015 int chan = ieee80211_frequency_to_channel(channel->center_freq); 2016 int i, chan_increment; 2017 bool have_chan_pwr = false; 2018 2019 /* Invalid IE */ 2020 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 2021 return false; 2022 2023 triplet = (void *)(country_ie + 3); 2024 country_ie_len -= 3; 2025 2026 switch (channel->band) { 2027 default: 2028 WARN_ON_ONCE(1); 2029 fallthrough; 2030 case NL80211_BAND_2GHZ: 2031 case NL80211_BAND_60GHZ: 2032 case NL80211_BAND_LC: 2033 chan_increment = 1; 2034 break; 2035 case NL80211_BAND_5GHZ: 2036 chan_increment = 4; 2037 break; 2038 case NL80211_BAND_6GHZ: 2039 /* 2040 * In the 6 GHz band, the "maximum transmit power level" 2041 * field in the triplets is reserved, and thus will be 2042 * zero and we shouldn't use it to control TX power. 2043 * The actual TX power will be given in the transmit 2044 * power envelope element instead. 2045 */ 2046 return false; 2047 } 2048 2049 /* find channel */ 2050 while (country_ie_len >= 3) { 2051 u8 first_channel = triplet->chans.first_channel; 2052 2053 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 2054 goto next; 2055 2056 for (i = 0; i < triplet->chans.num_channels; i++) { 2057 if (first_channel + i * chan_increment == chan) { 2058 have_chan_pwr = true; 2059 *chan_pwr = triplet->chans.max_power; 2060 break; 2061 } 2062 } 2063 if (have_chan_pwr) 2064 break; 2065 2066 next: 2067 triplet++; 2068 country_ie_len -= 3; 2069 } 2070 2071 if (have_chan_pwr && pwr_constr_elem) 2072 *pwr_reduction = *pwr_constr_elem; 2073 else 2074 *pwr_reduction = 0; 2075 2076 return have_chan_pwr; 2077 } 2078 2079 static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata, 2080 struct ieee80211_channel *channel, 2081 const u8 *cisco_dtpc_ie, 2082 int *pwr_level) 2083 { 2084 /* From practical testing, the first data byte of the DTPC element 2085 * seems to contain the requested dBm level, and the CLI on Cisco 2086 * APs clearly state the range is -127 to 127 dBm, which indicates 2087 * a signed byte, although it seemingly never actually goes negative. 2088 * The other byte seems to always be zero. 2089 */ 2090 *pwr_level = (__s8)cisco_dtpc_ie[4]; 2091 } 2092 2093 static u64 ieee80211_handle_pwr_constr(struct ieee80211_link_data *link, 2094 struct ieee80211_channel *channel, 2095 struct ieee80211_mgmt *mgmt, 2096 const u8 *country_ie, u8 country_ie_len, 2097 const u8 *pwr_constr_ie, 2098 const u8 *cisco_dtpc_ie) 2099 { 2100 struct ieee80211_sub_if_data *sdata = link->sdata; 2101 bool has_80211h_pwr = false, has_cisco_pwr = false; 2102 int chan_pwr = 0, pwr_reduction_80211h = 0; 2103 int pwr_level_cisco, pwr_level_80211h; 2104 int new_ap_level; 2105 __le16 capab = mgmt->u.probe_resp.capab_info; 2106 2107 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) 2108 return 0; /* TODO */ 2109 2110 if (country_ie && 2111 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) || 2112 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) { 2113 has_80211h_pwr = ieee80211_find_80211h_pwr_constr( 2114 sdata, channel, country_ie, country_ie_len, 2115 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h); 2116 pwr_level_80211h = 2117 max_t(int, 0, chan_pwr - pwr_reduction_80211h); 2118 } 2119 2120 if (cisco_dtpc_ie) { 2121 ieee80211_find_cisco_dtpc( 2122 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco); 2123 has_cisco_pwr = true; 2124 } 2125 2126 if (!has_80211h_pwr && !has_cisco_pwr) 2127 return 0; 2128 2129 /* If we have both 802.11h and Cisco DTPC, apply both limits 2130 * by picking the smallest of the two power levels advertised. 2131 */ 2132 if (has_80211h_pwr && 2133 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) { 2134 new_ap_level = pwr_level_80211h; 2135 2136 if (link->ap_power_level == new_ap_level) 2137 return 0; 2138 2139 sdata_dbg(sdata, 2140 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 2141 pwr_level_80211h, chan_pwr, pwr_reduction_80211h, 2142 link->u.mgd.bssid); 2143 } else { /* has_cisco_pwr is always true here. */ 2144 new_ap_level = pwr_level_cisco; 2145 2146 if (link->ap_power_level == new_ap_level) 2147 return 0; 2148 2149 sdata_dbg(sdata, 2150 "Limiting TX power to %d dBm as advertised by %pM\n", 2151 pwr_level_cisco, link->u.mgd.bssid); 2152 } 2153 2154 link->ap_power_level = new_ap_level; 2155 if (__ieee80211_recalc_txpower(sdata)) 2156 return BSS_CHANGED_TXPOWER; 2157 return 0; 2158 } 2159 2160 /* powersave */ 2161 static void ieee80211_enable_ps(struct ieee80211_local *local, 2162 struct ieee80211_sub_if_data *sdata) 2163 { 2164 struct ieee80211_conf *conf = &local->hw.conf; 2165 2166 /* 2167 * If we are scanning right now then the parameters will 2168 * take effect when scan finishes. 2169 */ 2170 if (local->scanning) 2171 return; 2172 2173 if (conf->dynamic_ps_timeout > 0 && 2174 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) { 2175 mod_timer(&local->dynamic_ps_timer, jiffies + 2176 msecs_to_jiffies(conf->dynamic_ps_timeout)); 2177 } else { 2178 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) 2179 ieee80211_send_nullfunc(local, sdata, true); 2180 2181 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) && 2182 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 2183 return; 2184 2185 conf->flags |= IEEE80211_CONF_PS; 2186 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2187 } 2188 } 2189 2190 static void ieee80211_change_ps(struct ieee80211_local *local) 2191 { 2192 struct ieee80211_conf *conf = &local->hw.conf; 2193 2194 if (local->ps_sdata) { 2195 ieee80211_enable_ps(local, local->ps_sdata); 2196 } else if (conf->flags & IEEE80211_CONF_PS) { 2197 conf->flags &= ~IEEE80211_CONF_PS; 2198 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2199 del_timer_sync(&local->dynamic_ps_timer); 2200 wiphy_work_cancel(local->hw.wiphy, 2201 &local->dynamic_ps_enable_work); 2202 } 2203 } 2204 2205 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 2206 { 2207 struct ieee80211_local *local = sdata->local; 2208 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 2209 struct sta_info *sta = NULL; 2210 bool authorized = false; 2211 2212 if (!mgd->powersave) 2213 return false; 2214 2215 if (mgd->broken_ap) 2216 return false; 2217 2218 if (!mgd->associated) 2219 return false; 2220 2221 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL) 2222 return false; 2223 2224 if (!(local->hw.wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO) && 2225 !sdata->deflink.u.mgd.have_beacon) 2226 return false; 2227 2228 rcu_read_lock(); 2229 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr); 2230 if (sta) 2231 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 2232 rcu_read_unlock(); 2233 2234 return authorized; 2235 } 2236 2237 /* need to hold RTNL or interface lock */ 2238 void ieee80211_recalc_ps(struct ieee80211_local *local) 2239 { 2240 struct ieee80211_sub_if_data *sdata, *found = NULL; 2241 int count = 0; 2242 int timeout; 2243 2244 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS) || 2245 ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) { 2246 local->ps_sdata = NULL; 2247 return; 2248 } 2249 2250 list_for_each_entry(sdata, &local->interfaces, list) { 2251 if (!ieee80211_sdata_running(sdata)) 2252 continue; 2253 if (sdata->vif.type == NL80211_IFTYPE_AP) { 2254 /* If an AP vif is found, then disable PS 2255 * by setting the count to zero thereby setting 2256 * ps_sdata to NULL. 2257 */ 2258 count = 0; 2259 break; 2260 } 2261 if (sdata->vif.type != NL80211_IFTYPE_STATION) 2262 continue; 2263 found = sdata; 2264 count++; 2265 } 2266 2267 if (count == 1 && ieee80211_powersave_allowed(found)) { 2268 u8 dtimper = found->deflink.u.mgd.dtim_period; 2269 2270 timeout = local->dynamic_ps_forced_timeout; 2271 if (timeout < 0) 2272 timeout = 100; 2273 local->hw.conf.dynamic_ps_timeout = timeout; 2274 2275 /* If the TIM IE is invalid, pretend the value is 1 */ 2276 if (!dtimper) 2277 dtimper = 1; 2278 2279 local->hw.conf.ps_dtim_period = dtimper; 2280 local->ps_sdata = found; 2281 } else { 2282 local->ps_sdata = NULL; 2283 } 2284 2285 ieee80211_change_ps(local); 2286 } 2287 2288 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 2289 { 2290 bool ps_allowed = ieee80211_powersave_allowed(sdata); 2291 2292 if (sdata->vif.cfg.ps != ps_allowed) { 2293 sdata->vif.cfg.ps = ps_allowed; 2294 ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_PS); 2295 } 2296 } 2297 2298 void ieee80211_dynamic_ps_disable_work(struct wiphy *wiphy, 2299 struct wiphy_work *work) 2300 { 2301 struct ieee80211_local *local = 2302 container_of(work, struct ieee80211_local, 2303 dynamic_ps_disable_work); 2304 2305 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 2306 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 2307 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2308 } 2309 2310 ieee80211_wake_queues_by_reason(&local->hw, 2311 IEEE80211_MAX_QUEUE_MAP, 2312 IEEE80211_QUEUE_STOP_REASON_PS, 2313 false); 2314 } 2315 2316 void ieee80211_dynamic_ps_enable_work(struct wiphy *wiphy, 2317 struct wiphy_work *work) 2318 { 2319 struct ieee80211_local *local = 2320 container_of(work, struct ieee80211_local, 2321 dynamic_ps_enable_work); 2322 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 2323 struct ieee80211_if_managed *ifmgd; 2324 unsigned long flags; 2325 int q; 2326 2327 /* can only happen when PS was just disabled anyway */ 2328 if (!sdata) 2329 return; 2330 2331 ifmgd = &sdata->u.mgd; 2332 2333 if (local->hw.conf.flags & IEEE80211_CONF_PS) 2334 return; 2335 2336 if (local->hw.conf.dynamic_ps_timeout > 0) { 2337 /* don't enter PS if TX frames are pending */ 2338 if (drv_tx_frames_pending(local)) { 2339 mod_timer(&local->dynamic_ps_timer, jiffies + 2340 msecs_to_jiffies( 2341 local->hw.conf.dynamic_ps_timeout)); 2342 return; 2343 } 2344 2345 /* 2346 * transmission can be stopped by others which leads to 2347 * dynamic_ps_timer expiry. Postpone the ps timer if it 2348 * is not the actual idle state. 2349 */ 2350 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 2351 for (q = 0; q < local->hw.queues; q++) { 2352 if (local->queue_stop_reasons[q]) { 2353 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 2354 flags); 2355 mod_timer(&local->dynamic_ps_timer, jiffies + 2356 msecs_to_jiffies( 2357 local->hw.conf.dynamic_ps_timeout)); 2358 return; 2359 } 2360 } 2361 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 2362 } 2363 2364 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) && 2365 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 2366 if (drv_tx_frames_pending(local)) { 2367 mod_timer(&local->dynamic_ps_timer, jiffies + 2368 msecs_to_jiffies( 2369 local->hw.conf.dynamic_ps_timeout)); 2370 } else { 2371 ieee80211_send_nullfunc(local, sdata, true); 2372 /* Flush to get the tx status of nullfunc frame */ 2373 ieee80211_flush_queues(local, sdata, false); 2374 } 2375 } 2376 2377 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) && 2378 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) || 2379 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 2380 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 2381 local->hw.conf.flags |= IEEE80211_CONF_PS; 2382 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2383 } 2384 } 2385 2386 void ieee80211_dynamic_ps_timer(struct timer_list *t) 2387 { 2388 struct ieee80211_local *local = from_timer(local, t, dynamic_ps_timer); 2389 2390 wiphy_work_queue(local->hw.wiphy, &local->dynamic_ps_enable_work); 2391 } 2392 2393 void ieee80211_dfs_cac_timer_work(struct wiphy *wiphy, struct wiphy_work *work) 2394 { 2395 struct ieee80211_link_data *link = 2396 container_of(work, struct ieee80211_link_data, 2397 dfs_cac_timer_work.work); 2398 struct cfg80211_chan_def chandef = link->conf->chandef; 2399 struct ieee80211_sub_if_data *sdata = link->sdata; 2400 2401 lockdep_assert_wiphy(sdata->local->hw.wiphy); 2402 2403 if (sdata->wdev.cac_started) { 2404 ieee80211_link_release_channel(link); 2405 cfg80211_cac_event(sdata->dev, &chandef, 2406 NL80211_RADAR_CAC_FINISHED, 2407 GFP_KERNEL); 2408 } 2409 } 2410 2411 static bool 2412 __ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 2413 { 2414 struct ieee80211_local *local = sdata->local; 2415 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2416 bool ret = false; 2417 int ac; 2418 2419 if (local->hw.queues < IEEE80211_NUM_ACS) 2420 return false; 2421 2422 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 2423 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac]; 2424 int non_acm_ac; 2425 unsigned long now = jiffies; 2426 2427 if (tx_tspec->action == TX_TSPEC_ACTION_NONE && 2428 tx_tspec->admitted_time && 2429 time_after(now, tx_tspec->time_slice_start + HZ)) { 2430 tx_tspec->consumed_tx_time = 0; 2431 tx_tspec->time_slice_start = now; 2432 2433 if (tx_tspec->downgraded) 2434 tx_tspec->action = 2435 TX_TSPEC_ACTION_STOP_DOWNGRADE; 2436 } 2437 2438 switch (tx_tspec->action) { 2439 case TX_TSPEC_ACTION_STOP_DOWNGRADE: 2440 /* take the original parameters */ 2441 if (drv_conf_tx(local, &sdata->deflink, ac, 2442 &sdata->deflink.tx_conf[ac])) 2443 link_err(&sdata->deflink, 2444 "failed to set TX queue parameters for queue %d\n", 2445 ac); 2446 tx_tspec->action = TX_TSPEC_ACTION_NONE; 2447 tx_tspec->downgraded = false; 2448 ret = true; 2449 break; 2450 case TX_TSPEC_ACTION_DOWNGRADE: 2451 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 2452 tx_tspec->action = TX_TSPEC_ACTION_NONE; 2453 ret = true; 2454 break; 2455 } 2456 /* downgrade next lower non-ACM AC */ 2457 for (non_acm_ac = ac + 1; 2458 non_acm_ac < IEEE80211_NUM_ACS; 2459 non_acm_ac++) 2460 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac))) 2461 break; 2462 /* Usually the loop will result in using BK even if it 2463 * requires admission control, but such a configuration 2464 * makes no sense and we have to transmit somehow - the 2465 * AC selection does the same thing. 2466 * If we started out trying to downgrade from BK, then 2467 * the extra condition here might be needed. 2468 */ 2469 if (non_acm_ac >= IEEE80211_NUM_ACS) 2470 non_acm_ac = IEEE80211_AC_BK; 2471 if (drv_conf_tx(local, &sdata->deflink, ac, 2472 &sdata->deflink.tx_conf[non_acm_ac])) 2473 link_err(&sdata->deflink, 2474 "failed to set TX queue parameters for queue %d\n", 2475 ac); 2476 tx_tspec->action = TX_TSPEC_ACTION_NONE; 2477 ret = true; 2478 wiphy_delayed_work_queue(local->hw.wiphy, 2479 &ifmgd->tx_tspec_wk, 2480 tx_tspec->time_slice_start + 2481 HZ - now + 1); 2482 break; 2483 case TX_TSPEC_ACTION_NONE: 2484 /* nothing now */ 2485 break; 2486 } 2487 } 2488 2489 return ret; 2490 } 2491 2492 void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 2493 { 2494 if (__ieee80211_sta_handle_tspec_ac_params(sdata)) 2495 ieee80211_link_info_change_notify(sdata, &sdata->deflink, 2496 BSS_CHANGED_QOS); 2497 } 2498 2499 static void ieee80211_sta_handle_tspec_ac_params_wk(struct wiphy *wiphy, 2500 struct wiphy_work *work) 2501 { 2502 struct ieee80211_sub_if_data *sdata; 2503 2504 sdata = container_of(work, struct ieee80211_sub_if_data, 2505 u.mgd.tx_tspec_wk.work); 2506 ieee80211_sta_handle_tspec_ac_params(sdata); 2507 } 2508 2509 void ieee80211_mgd_set_link_qos_params(struct ieee80211_link_data *link) 2510 { 2511 struct ieee80211_sub_if_data *sdata = link->sdata; 2512 struct ieee80211_local *local = sdata->local; 2513 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2514 struct ieee80211_tx_queue_params *params = link->tx_conf; 2515 u8 ac; 2516 2517 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 2518 mlme_dbg(sdata, 2519 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n", 2520 ac, params[ac].acm, 2521 params[ac].aifs, params[ac].cw_min, params[ac].cw_max, 2522 params[ac].txop, params[ac].uapsd, 2523 ifmgd->tx_tspec[ac].downgraded); 2524 if (!ifmgd->tx_tspec[ac].downgraded && 2525 drv_conf_tx(local, link, ac, ¶ms[ac])) 2526 link_err(link, 2527 "failed to set TX queue parameters for AC %d\n", 2528 ac); 2529 } 2530 } 2531 2532 /* MLME */ 2533 static bool 2534 ieee80211_sta_wmm_params(struct ieee80211_local *local, 2535 struct ieee80211_link_data *link, 2536 const u8 *wmm_param, size_t wmm_param_len, 2537 const struct ieee80211_mu_edca_param_set *mu_edca) 2538 { 2539 struct ieee80211_sub_if_data *sdata = link->sdata; 2540 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS]; 2541 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2542 size_t left; 2543 int count, mu_edca_count, ac; 2544 const u8 *pos; 2545 u8 uapsd_queues = 0; 2546 2547 if (!local->ops->conf_tx) 2548 return false; 2549 2550 if (local->hw.queues < IEEE80211_NUM_ACS) 2551 return false; 2552 2553 if (!wmm_param) 2554 return false; 2555 2556 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 2557 return false; 2558 2559 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 2560 uapsd_queues = ifmgd->uapsd_queues; 2561 2562 count = wmm_param[6] & 0x0f; 2563 /* -1 is the initial value of ifmgd->mu_edca_last_param_set. 2564 * if mu_edca was preset before and now it disappeared tell 2565 * the driver about it. 2566 */ 2567 mu_edca_count = mu_edca ? mu_edca->mu_qos_info & 0x0f : -1; 2568 if (count == link->u.mgd.wmm_last_param_set && 2569 mu_edca_count == link->u.mgd.mu_edca_last_param_set) 2570 return false; 2571 link->u.mgd.wmm_last_param_set = count; 2572 link->u.mgd.mu_edca_last_param_set = mu_edca_count; 2573 2574 pos = wmm_param + 8; 2575 left = wmm_param_len - 8; 2576 2577 memset(¶ms, 0, sizeof(params)); 2578 2579 sdata->wmm_acm = 0; 2580 for (; left >= 4; left -= 4, pos += 4) { 2581 int aci = (pos[0] >> 5) & 0x03; 2582 int acm = (pos[0] >> 4) & 0x01; 2583 bool uapsd = false; 2584 2585 switch (aci) { 2586 case 1: /* AC_BK */ 2587 ac = IEEE80211_AC_BK; 2588 if (acm) 2589 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 2590 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 2591 uapsd = true; 2592 params[ac].mu_edca = !!mu_edca; 2593 if (mu_edca) 2594 params[ac].mu_edca_param_rec = mu_edca->ac_bk; 2595 break; 2596 case 2: /* AC_VI */ 2597 ac = IEEE80211_AC_VI; 2598 if (acm) 2599 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 2600 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 2601 uapsd = true; 2602 params[ac].mu_edca = !!mu_edca; 2603 if (mu_edca) 2604 params[ac].mu_edca_param_rec = mu_edca->ac_vi; 2605 break; 2606 case 3: /* AC_VO */ 2607 ac = IEEE80211_AC_VO; 2608 if (acm) 2609 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 2610 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 2611 uapsd = true; 2612 params[ac].mu_edca = !!mu_edca; 2613 if (mu_edca) 2614 params[ac].mu_edca_param_rec = mu_edca->ac_vo; 2615 break; 2616 case 0: /* AC_BE */ 2617 default: 2618 ac = IEEE80211_AC_BE; 2619 if (acm) 2620 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 2621 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 2622 uapsd = true; 2623 params[ac].mu_edca = !!mu_edca; 2624 if (mu_edca) 2625 params[ac].mu_edca_param_rec = mu_edca->ac_be; 2626 break; 2627 } 2628 2629 params[ac].aifs = pos[0] & 0x0f; 2630 2631 if (params[ac].aifs < 2) { 2632 link_info(link, 2633 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n", 2634 params[ac].aifs, aci); 2635 params[ac].aifs = 2; 2636 } 2637 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 2638 params[ac].cw_min = ecw2cw(pos[1] & 0x0f); 2639 params[ac].txop = get_unaligned_le16(pos + 2); 2640 params[ac].acm = acm; 2641 params[ac].uapsd = uapsd; 2642 2643 if (params[ac].cw_min == 0 || 2644 params[ac].cw_min > params[ac].cw_max) { 2645 link_info(link, 2646 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n", 2647 params[ac].cw_min, params[ac].cw_max, aci); 2648 return false; 2649 } 2650 ieee80211_regulatory_limit_wmm_params(sdata, ¶ms[ac], ac); 2651 } 2652 2653 /* WMM specification requires all 4 ACIs. */ 2654 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 2655 if (params[ac].cw_min == 0) { 2656 link_info(link, 2657 "AP has invalid WMM params (missing AC %d), using defaults\n", 2658 ac); 2659 return false; 2660 } 2661 } 2662 2663 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) 2664 link->tx_conf[ac] = params[ac]; 2665 2666 ieee80211_mgd_set_link_qos_params(link); 2667 2668 /* enable WMM or activate new settings */ 2669 link->conf->qos = true; 2670 return true; 2671 } 2672 2673 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 2674 { 2675 lockdep_assert_wiphy(sdata->local->hw.wiphy); 2676 2677 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL; 2678 ieee80211_run_deferred_scan(sdata->local); 2679 } 2680 2681 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 2682 { 2683 lockdep_assert_wiphy(sdata->local->hw.wiphy); 2684 2685 __ieee80211_stop_poll(sdata); 2686 } 2687 2688 static u64 ieee80211_handle_bss_capability(struct ieee80211_link_data *link, 2689 u16 capab, bool erp_valid, u8 erp) 2690 { 2691 struct ieee80211_bss_conf *bss_conf = link->conf; 2692 struct ieee80211_supported_band *sband; 2693 u64 changed = 0; 2694 bool use_protection; 2695 bool use_short_preamble; 2696 bool use_short_slot; 2697 2698 sband = ieee80211_get_link_sband(link); 2699 if (!sband) 2700 return changed; 2701 2702 if (erp_valid) { 2703 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 2704 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 2705 } else { 2706 use_protection = false; 2707 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 2708 } 2709 2710 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 2711 if (sband->band == NL80211_BAND_5GHZ || 2712 sband->band == NL80211_BAND_6GHZ) 2713 use_short_slot = true; 2714 2715 if (use_protection != bss_conf->use_cts_prot) { 2716 bss_conf->use_cts_prot = use_protection; 2717 changed |= BSS_CHANGED_ERP_CTS_PROT; 2718 } 2719 2720 if (use_short_preamble != bss_conf->use_short_preamble) { 2721 bss_conf->use_short_preamble = use_short_preamble; 2722 changed |= BSS_CHANGED_ERP_PREAMBLE; 2723 } 2724 2725 if (use_short_slot != bss_conf->use_short_slot) { 2726 bss_conf->use_short_slot = use_short_slot; 2727 changed |= BSS_CHANGED_ERP_SLOT; 2728 } 2729 2730 return changed; 2731 } 2732 2733 static u64 ieee80211_link_set_associated(struct ieee80211_link_data *link, 2734 struct cfg80211_bss *cbss) 2735 { 2736 struct ieee80211_sub_if_data *sdata = link->sdata; 2737 struct ieee80211_bss_conf *bss_conf = link->conf; 2738 struct ieee80211_bss *bss = (void *)cbss->priv; 2739 u64 changed = BSS_CHANGED_QOS; 2740 2741 /* not really used in MLO */ 2742 sdata->u.mgd.beacon_timeout = 2743 usecs_to_jiffies(ieee80211_tu_to_usec(beacon_loss_count * 2744 bss_conf->beacon_int)); 2745 2746 changed |= ieee80211_handle_bss_capability(link, 2747 bss_conf->assoc_capability, 2748 bss->has_erp_value, 2749 bss->erp_value); 2750 2751 ieee80211_check_rate_mask(link); 2752 2753 link->u.mgd.bss = cbss; 2754 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN); 2755 2756 if (sdata->vif.p2p || 2757 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) { 2758 const struct cfg80211_bss_ies *ies; 2759 2760 rcu_read_lock(); 2761 ies = rcu_dereference(cbss->ies); 2762 if (ies) { 2763 int ret; 2764 2765 ret = cfg80211_get_p2p_attr( 2766 ies->data, ies->len, 2767 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 2768 (u8 *) &bss_conf->p2p_noa_attr, 2769 sizeof(bss_conf->p2p_noa_attr)); 2770 if (ret >= 2) { 2771 link->u.mgd.p2p_noa_index = 2772 bss_conf->p2p_noa_attr.index; 2773 changed |= BSS_CHANGED_P2P_PS; 2774 } 2775 } 2776 rcu_read_unlock(); 2777 } 2778 2779 if (link->u.mgd.have_beacon) { 2780 bss_conf->beacon_rate = bss->beacon_rate; 2781 changed |= BSS_CHANGED_BEACON_INFO; 2782 } else { 2783 bss_conf->beacon_rate = NULL; 2784 } 2785 2786 /* Tell the driver to monitor connection quality (if supported) */ 2787 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 2788 bss_conf->cqm_rssi_thold) 2789 changed |= BSS_CHANGED_CQM; 2790 2791 return changed; 2792 } 2793 2794 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 2795 struct ieee80211_mgd_assoc_data *assoc_data, 2796 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS]) 2797 { 2798 struct ieee80211_local *local = sdata->local; 2799 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg; 2800 u64 vif_changed = BSS_CHANGED_ASSOC; 2801 unsigned int link_id; 2802 2803 lockdep_assert_wiphy(local->hw.wiphy); 2804 2805 sdata->u.mgd.associated = true; 2806 2807 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 2808 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss; 2809 struct ieee80211_link_data *link; 2810 2811 if (!cbss || 2812 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) 2813 continue; 2814 2815 if (ieee80211_vif_is_mld(&sdata->vif) && 2816 !(ieee80211_vif_usable_links(&sdata->vif) & BIT(link_id))) 2817 continue; 2818 2819 link = sdata_dereference(sdata->link[link_id], sdata); 2820 if (WARN_ON(!link)) 2821 return; 2822 2823 changed[link_id] |= ieee80211_link_set_associated(link, cbss); 2824 } 2825 2826 /* just to be sure */ 2827 ieee80211_stop_poll(sdata); 2828 2829 ieee80211_led_assoc(local, 1); 2830 2831 vif_cfg->assoc = 1; 2832 2833 /* Enable ARP filtering */ 2834 if (vif_cfg->arp_addr_cnt) 2835 vif_changed |= BSS_CHANGED_ARP_FILTER; 2836 2837 if (ieee80211_vif_is_mld(&sdata->vif)) { 2838 for (link_id = 0; 2839 link_id < IEEE80211_MLD_MAX_NUM_LINKS; 2840 link_id++) { 2841 struct ieee80211_link_data *link; 2842 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss; 2843 2844 if (!cbss || 2845 !(BIT(link_id) & 2846 ieee80211_vif_usable_links(&sdata->vif)) || 2847 assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) 2848 continue; 2849 2850 link = sdata_dereference(sdata->link[link_id], sdata); 2851 if (WARN_ON(!link)) 2852 return; 2853 2854 ieee80211_link_info_change_notify(sdata, link, 2855 changed[link_id]); 2856 2857 ieee80211_recalc_smps(sdata, link); 2858 } 2859 2860 ieee80211_vif_cfg_change_notify(sdata, vif_changed); 2861 } else { 2862 ieee80211_bss_info_change_notify(sdata, 2863 vif_changed | changed[0]); 2864 } 2865 2866 ieee80211_recalc_ps(local); 2867 2868 /* leave this here to not change ordering in non-MLO cases */ 2869 if (!ieee80211_vif_is_mld(&sdata->vif)) 2870 ieee80211_recalc_smps(sdata, &sdata->deflink); 2871 ieee80211_recalc_ps_vif(sdata); 2872 2873 netif_carrier_on(sdata->dev); 2874 } 2875 2876 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 2877 u16 stype, u16 reason, bool tx, 2878 u8 *frame_buf) 2879 { 2880 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2881 struct ieee80211_local *local = sdata->local; 2882 unsigned int link_id; 2883 u64 changed = 0; 2884 struct ieee80211_prep_tx_info info = { 2885 .subtype = stype, 2886 }; 2887 2888 lockdep_assert_wiphy(local->hw.wiphy); 2889 2890 if (WARN_ON_ONCE(tx && !frame_buf)) 2891 return; 2892 2893 if (WARN_ON(!ifmgd->associated)) 2894 return; 2895 2896 ieee80211_stop_poll(sdata); 2897 2898 ifmgd->associated = false; 2899 2900 /* other links will be destroyed */ 2901 sdata->deflink.u.mgd.bss = NULL; 2902 2903 netif_carrier_off(sdata->dev); 2904 2905 /* 2906 * if we want to get out of ps before disassoc (why?) we have 2907 * to do it before sending disassoc, as otherwise the null-packet 2908 * won't be valid. 2909 */ 2910 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 2911 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 2912 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2913 } 2914 local->ps_sdata = NULL; 2915 2916 /* disable per-vif ps */ 2917 ieee80211_recalc_ps_vif(sdata); 2918 2919 /* make sure ongoing transmission finishes */ 2920 synchronize_net(); 2921 2922 /* 2923 * drop any frame before deauth/disassoc, this can be data or 2924 * management frame. Since we are disconnecting, we should not 2925 * insist sending these frames which can take time and delay 2926 * the disconnection and possible the roaming. 2927 */ 2928 if (tx) 2929 ieee80211_flush_queues(local, sdata, true); 2930 2931 /* deauthenticate/disassociate now */ 2932 if (tx || frame_buf) { 2933 /* 2934 * In multi channel scenarios guarantee that the virtual 2935 * interface is granted immediate airtime to transmit the 2936 * deauthentication frame by calling mgd_prepare_tx, if the 2937 * driver requested so. 2938 */ 2939 if (ieee80211_hw_check(&local->hw, DEAUTH_NEED_MGD_TX_PREP) && 2940 !sdata->deflink.u.mgd.have_beacon) { 2941 drv_mgd_prepare_tx(sdata->local, sdata, &info); 2942 } 2943 2944 ieee80211_send_deauth_disassoc(sdata, sdata->vif.cfg.ap_addr, 2945 sdata->vif.cfg.ap_addr, stype, 2946 reason, tx, frame_buf); 2947 } 2948 2949 /* flush out frame - make sure the deauth was actually sent */ 2950 if (tx) 2951 ieee80211_flush_queues(local, sdata, false); 2952 2953 drv_mgd_complete_tx(sdata->local, sdata, &info); 2954 2955 /* clear AP addr only after building the needed mgmt frames */ 2956 eth_zero_addr(sdata->deflink.u.mgd.bssid); 2957 eth_zero_addr(sdata->vif.cfg.ap_addr); 2958 2959 sdata->vif.cfg.ssid_len = 0; 2960 2961 /* remove AP and TDLS peers */ 2962 sta_info_flush(sdata); 2963 2964 /* finally reset all BSS / config parameters */ 2965 if (!ieee80211_vif_is_mld(&sdata->vif)) 2966 changed |= ieee80211_reset_erp_info(sdata); 2967 2968 ieee80211_led_assoc(local, 0); 2969 changed |= BSS_CHANGED_ASSOC; 2970 sdata->vif.cfg.assoc = false; 2971 2972 sdata->deflink.u.mgd.p2p_noa_index = -1; 2973 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 2974 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 2975 2976 /* on the next assoc, re-program HT/VHT parameters */ 2977 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 2978 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 2979 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 2980 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 2981 2982 /* 2983 * reset MU-MIMO ownership and group data in default link, 2984 * if used, other links are destroyed 2985 */ 2986 memset(sdata->vif.bss_conf.mu_group.membership, 0, 2987 sizeof(sdata->vif.bss_conf.mu_group.membership)); 2988 memset(sdata->vif.bss_conf.mu_group.position, 0, 2989 sizeof(sdata->vif.bss_conf.mu_group.position)); 2990 if (!ieee80211_vif_is_mld(&sdata->vif)) 2991 changed |= BSS_CHANGED_MU_GROUPS; 2992 sdata->vif.bss_conf.mu_mimo_owner = false; 2993 2994 sdata->deflink.ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 2995 2996 del_timer_sync(&local->dynamic_ps_timer); 2997 wiphy_work_cancel(local->hw.wiphy, &local->dynamic_ps_enable_work); 2998 2999 /* Disable ARP filtering */ 3000 if (sdata->vif.cfg.arp_addr_cnt) 3001 changed |= BSS_CHANGED_ARP_FILTER; 3002 3003 sdata->vif.bss_conf.qos = false; 3004 if (!ieee80211_vif_is_mld(&sdata->vif)) { 3005 changed |= BSS_CHANGED_QOS; 3006 /* The BSSID (not really interesting) and HT changed */ 3007 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 3008 ieee80211_bss_info_change_notify(sdata, changed); 3009 } else { 3010 ieee80211_vif_cfg_change_notify(sdata, changed); 3011 } 3012 3013 /* disassociated - set to defaults now */ 3014 ieee80211_set_wmm_default(&sdata->deflink, false, false); 3015 3016 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 3017 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 3018 del_timer_sync(&sdata->u.mgd.timer); 3019 3020 sdata->vif.bss_conf.dtim_period = 0; 3021 sdata->vif.bss_conf.beacon_rate = NULL; 3022 3023 sdata->deflink.u.mgd.have_beacon = false; 3024 sdata->deflink.u.mgd.tracking_signal_avg = false; 3025 sdata->deflink.u.mgd.disable_wmm_tracking = false; 3026 3027 ifmgd->flags = 0; 3028 sdata->deflink.u.mgd.conn_flags = 0; 3029 3030 for (link_id = 0; link_id < ARRAY_SIZE(sdata->link); link_id++) { 3031 struct ieee80211_link_data *link; 3032 3033 link = sdata_dereference(sdata->link[link_id], sdata); 3034 if (!link) 3035 continue; 3036 ieee80211_link_release_channel(link); 3037 } 3038 3039 sdata->vif.bss_conf.csa_active = false; 3040 sdata->deflink.u.mgd.csa_waiting_bcn = false; 3041 sdata->deflink.u.mgd.csa_ignored_same_chan = false; 3042 if (sdata->deflink.csa_block_tx) { 3043 ieee80211_wake_vif_queues(local, sdata, 3044 IEEE80211_QUEUE_STOP_REASON_CSA); 3045 sdata->deflink.csa_block_tx = false; 3046 } 3047 3048 /* existing TX TSPEC sessions no longer exist */ 3049 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec)); 3050 wiphy_delayed_work_cancel(local->hw.wiphy, &ifmgd->tx_tspec_wk); 3051 3052 sdata->vif.bss_conf.pwr_reduction = 0; 3053 sdata->vif.bss_conf.tx_pwr_env_num = 0; 3054 memset(sdata->vif.bss_conf.tx_pwr_env, 0, 3055 sizeof(sdata->vif.bss_conf.tx_pwr_env)); 3056 3057 ieee80211_vif_set_links(sdata, 0, 0); 3058 } 3059 3060 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 3061 { 3062 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3063 struct ieee80211_local *local = sdata->local; 3064 3065 lockdep_assert_wiphy(local->hw.wiphy); 3066 3067 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)) 3068 return; 3069 3070 __ieee80211_stop_poll(sdata); 3071 3072 ieee80211_recalc_ps(local); 3073 3074 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 3075 return; 3076 3077 /* 3078 * We've received a probe response, but are not sure whether 3079 * we have or will be receiving any beacons or data, so let's 3080 * schedule the timers again, just in case. 3081 */ 3082 ieee80211_sta_reset_beacon_monitor(sdata); 3083 3084 mod_timer(&ifmgd->conn_mon_timer, 3085 round_jiffies_up(jiffies + 3086 IEEE80211_CONNECTION_IDLE_TIME)); 3087 } 3088 3089 static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata, 3090 struct ieee80211_hdr *hdr, 3091 u16 tx_time) 3092 { 3093 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3094 u16 tid; 3095 int ac; 3096 struct ieee80211_sta_tx_tspec *tx_tspec; 3097 unsigned long now = jiffies; 3098 3099 if (!ieee80211_is_data_qos(hdr->frame_control)) 3100 return; 3101 3102 tid = ieee80211_get_tid(hdr); 3103 ac = ieee80211_ac_from_tid(tid); 3104 tx_tspec = &ifmgd->tx_tspec[ac]; 3105 3106 if (likely(!tx_tspec->admitted_time)) 3107 return; 3108 3109 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 3110 tx_tspec->consumed_tx_time = 0; 3111 tx_tspec->time_slice_start = now; 3112 3113 if (tx_tspec->downgraded) { 3114 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE; 3115 wiphy_delayed_work_queue(sdata->local->hw.wiphy, 3116 &ifmgd->tx_tspec_wk, 0); 3117 } 3118 } 3119 3120 if (tx_tspec->downgraded) 3121 return; 3122 3123 tx_tspec->consumed_tx_time += tx_time; 3124 3125 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) { 3126 tx_tspec->downgraded = true; 3127 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE; 3128 wiphy_delayed_work_queue(sdata->local->hw.wiphy, 3129 &ifmgd->tx_tspec_wk, 0); 3130 } 3131 } 3132 3133 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 3134 struct ieee80211_hdr *hdr, bool ack, u16 tx_time) 3135 { 3136 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time); 3137 3138 if (!ieee80211_is_any_nullfunc(hdr->frame_control) || 3139 !sdata->u.mgd.probe_send_count) 3140 return; 3141 3142 if (ack) 3143 sdata->u.mgd.probe_send_count = 0; 3144 else 3145 sdata->u.mgd.nullfunc_failed = true; 3146 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work); 3147 } 3148 3149 static void ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data *sdata, 3150 const u8 *src, const u8 *dst, 3151 const u8 *ssid, size_t ssid_len, 3152 struct ieee80211_channel *channel) 3153 { 3154 struct sk_buff *skb; 3155 3156 skb = ieee80211_build_probe_req(sdata, src, dst, (u32)-1, channel, 3157 ssid, ssid_len, NULL, 0, 3158 IEEE80211_PROBE_FLAG_DIRECTED); 3159 if (skb) 3160 ieee80211_tx_skb(sdata, skb); 3161 } 3162 3163 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 3164 { 3165 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3166 u8 *dst = sdata->vif.cfg.ap_addr; 3167 u8 unicast_limit = max(1, max_probe_tries - 3); 3168 struct sta_info *sta; 3169 3170 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3171 3172 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif))) 3173 return; 3174 3175 /* 3176 * Try sending broadcast probe requests for the last three 3177 * probe requests after the first ones failed since some 3178 * buggy APs only support broadcast probe requests. 3179 */ 3180 if (ifmgd->probe_send_count >= unicast_limit) 3181 dst = NULL; 3182 3183 /* 3184 * When the hardware reports an accurate Tx ACK status, it's 3185 * better to send a nullfunc frame instead of a probe request, 3186 * as it will kick us off the AP quickly if we aren't associated 3187 * anymore. The timeout will be reset if the frame is ACKed by 3188 * the AP. 3189 */ 3190 ifmgd->probe_send_count++; 3191 3192 if (dst) { 3193 sta = sta_info_get(sdata, dst); 3194 if (!WARN_ON(!sta)) 3195 ieee80211_check_fast_rx(sta); 3196 } 3197 3198 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) { 3199 ifmgd->nullfunc_failed = false; 3200 ieee80211_send_nullfunc(sdata->local, sdata, false); 3201 } else { 3202 ieee80211_mlme_send_probe_req(sdata, sdata->vif.addr, dst, 3203 sdata->vif.cfg.ssid, 3204 sdata->vif.cfg.ssid_len, 3205 sdata->deflink.u.mgd.bss->channel); 3206 } 3207 3208 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 3209 run_again(sdata, ifmgd->probe_timeout); 3210 } 3211 3212 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 3213 bool beacon) 3214 { 3215 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3216 bool already = false; 3217 3218 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3219 3220 if (WARN_ON_ONCE(ieee80211_vif_is_mld(&sdata->vif))) 3221 return; 3222 3223 if (!ieee80211_sdata_running(sdata)) 3224 return; 3225 3226 if (!ifmgd->associated) 3227 return; 3228 3229 if (sdata->local->tmp_channel || sdata->local->scanning) 3230 return; 3231 3232 if (sdata->local->suspending) { 3233 /* reschedule after resume */ 3234 ieee80211_reset_ap_probe(sdata); 3235 return; 3236 } 3237 3238 if (beacon) { 3239 mlme_dbg_ratelimited(sdata, 3240 "detected beacon loss from AP (missed %d beacons) - probing\n", 3241 beacon_loss_count); 3242 3243 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL); 3244 } 3245 3246 /* 3247 * The driver/our work has already reported this event or the 3248 * connection monitoring has kicked in and we have already sent 3249 * a probe request. Or maybe the AP died and the driver keeps 3250 * reporting until we disassociate... 3251 * 3252 * In either case we have to ignore the current call to this 3253 * function (except for setting the correct probe reason bit) 3254 * because otherwise we would reset the timer every time and 3255 * never check whether we received a probe response! 3256 */ 3257 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 3258 already = true; 3259 3260 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 3261 3262 if (already) 3263 return; 3264 3265 ieee80211_recalc_ps(sdata->local); 3266 3267 ifmgd->probe_send_count = 0; 3268 ieee80211_mgd_probe_ap_send(sdata); 3269 } 3270 3271 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 3272 struct ieee80211_vif *vif) 3273 { 3274 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 3275 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3276 struct cfg80211_bss *cbss; 3277 struct sk_buff *skb; 3278 const struct element *ssid; 3279 int ssid_len; 3280 3281 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3282 3283 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION || 3284 ieee80211_vif_is_mld(&sdata->vif))) 3285 return NULL; 3286 3287 if (ifmgd->associated) 3288 cbss = sdata->deflink.u.mgd.bss; 3289 else if (ifmgd->auth_data) 3290 cbss = ifmgd->auth_data->bss; 3291 else if (ifmgd->assoc_data && ifmgd->assoc_data->link[0].bss) 3292 cbss = ifmgd->assoc_data->link[0].bss; 3293 else 3294 return NULL; 3295 3296 rcu_read_lock(); 3297 ssid = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID); 3298 if (WARN_ONCE(!ssid || ssid->datalen > IEEE80211_MAX_SSID_LEN, 3299 "invalid SSID element (len=%d)", 3300 ssid ? ssid->datalen : -1)) 3301 ssid_len = 0; 3302 else 3303 ssid_len = ssid->datalen; 3304 3305 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid, 3306 (u32) -1, cbss->channel, 3307 ssid->data, ssid_len, 3308 NULL, 0, IEEE80211_PROBE_FLAG_DIRECTED); 3309 rcu_read_unlock(); 3310 3311 return skb; 3312 } 3313 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 3314 3315 static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata, 3316 const u8 *buf, size_t len, bool tx, 3317 u16 reason, bool reconnect) 3318 { 3319 struct ieee80211_event event = { 3320 .type = MLME_EVENT, 3321 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT, 3322 .u.mlme.reason = reason, 3323 }; 3324 3325 if (tx) 3326 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len, reconnect); 3327 else 3328 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len); 3329 3330 drv_event_callback(sdata->local, sdata, &event); 3331 } 3332 3333 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 3334 { 3335 struct ieee80211_local *local = sdata->local; 3336 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3337 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3338 bool tx; 3339 3340 lockdep_assert_wiphy(local->hw.wiphy); 3341 3342 if (!ifmgd->associated) 3343 return; 3344 3345 /* in MLO assume we have a link where we can TX the frame */ 3346 tx = ieee80211_vif_is_mld(&sdata->vif) || 3347 !sdata->deflink.csa_block_tx; 3348 3349 if (!ifmgd->driver_disconnect) { 3350 unsigned int link_id; 3351 3352 /* 3353 * AP is probably out of range (or not reachable for another 3354 * reason) so remove the bss structs for that AP. In the case 3355 * of multi-link, it's not clear that all of them really are 3356 * out of range, but if they weren't the driver likely would 3357 * have switched to just have a single link active? 3358 */ 3359 for (link_id = 0; 3360 link_id < ARRAY_SIZE(sdata->link); 3361 link_id++) { 3362 struct ieee80211_link_data *link; 3363 3364 link = sdata_dereference(sdata->link[link_id], sdata); 3365 if (!link) 3366 continue; 3367 cfg80211_unlink_bss(local->hw.wiphy, link->u.mgd.bss); 3368 link->u.mgd.bss = NULL; 3369 } 3370 } 3371 3372 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3373 ifmgd->driver_disconnect ? 3374 WLAN_REASON_DEAUTH_LEAVING : 3375 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3376 tx, frame_buf); 3377 /* the other links will be destroyed */ 3378 sdata->vif.bss_conf.csa_active = false; 3379 sdata->deflink.u.mgd.csa_waiting_bcn = false; 3380 if (sdata->deflink.csa_block_tx) { 3381 ieee80211_wake_vif_queues(local, sdata, 3382 IEEE80211_QUEUE_STOP_REASON_CSA); 3383 sdata->deflink.csa_block_tx = false; 3384 } 3385 3386 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx, 3387 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3388 ifmgd->reconnect); 3389 ifmgd->reconnect = false; 3390 } 3391 3392 static void ieee80211_beacon_connection_loss_work(struct wiphy *wiphy, 3393 struct wiphy_work *work) 3394 { 3395 struct ieee80211_sub_if_data *sdata = 3396 container_of(work, struct ieee80211_sub_if_data, 3397 u.mgd.beacon_connection_loss_work); 3398 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3399 3400 if (ifmgd->connection_loss) { 3401 sdata_info(sdata, "Connection to AP %pM lost\n", 3402 sdata->vif.cfg.ap_addr); 3403 __ieee80211_disconnect(sdata); 3404 ifmgd->connection_loss = false; 3405 } else if (ifmgd->driver_disconnect) { 3406 sdata_info(sdata, 3407 "Driver requested disconnection from AP %pM\n", 3408 sdata->vif.cfg.ap_addr); 3409 __ieee80211_disconnect(sdata); 3410 ifmgd->driver_disconnect = false; 3411 } else { 3412 if (ifmgd->associated) 3413 sdata->deflink.u.mgd.beacon_loss_count++; 3414 ieee80211_mgd_probe_ap(sdata, true); 3415 } 3416 } 3417 3418 static void ieee80211_csa_connection_drop_work(struct wiphy *wiphy, 3419 struct wiphy_work *work) 3420 { 3421 struct ieee80211_sub_if_data *sdata = 3422 container_of(work, struct ieee80211_sub_if_data, 3423 u.mgd.csa_connection_drop_work); 3424 3425 __ieee80211_disconnect(sdata); 3426 } 3427 3428 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 3429 { 3430 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 3431 struct ieee80211_hw *hw = &sdata->local->hw; 3432 3433 trace_api_beacon_loss(sdata); 3434 3435 sdata->u.mgd.connection_loss = false; 3436 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work); 3437 } 3438 EXPORT_SYMBOL(ieee80211_beacon_loss); 3439 3440 void ieee80211_connection_loss(struct ieee80211_vif *vif) 3441 { 3442 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 3443 struct ieee80211_hw *hw = &sdata->local->hw; 3444 3445 trace_api_connection_loss(sdata); 3446 3447 sdata->u.mgd.connection_loss = true; 3448 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work); 3449 } 3450 EXPORT_SYMBOL(ieee80211_connection_loss); 3451 3452 void ieee80211_disconnect(struct ieee80211_vif *vif, bool reconnect) 3453 { 3454 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 3455 struct ieee80211_hw *hw = &sdata->local->hw; 3456 3457 trace_api_disconnect(sdata, reconnect); 3458 3459 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 3460 return; 3461 3462 sdata->u.mgd.driver_disconnect = true; 3463 sdata->u.mgd.reconnect = reconnect; 3464 wiphy_work_queue(hw->wiphy, &sdata->u.mgd.beacon_connection_loss_work); 3465 } 3466 EXPORT_SYMBOL(ieee80211_disconnect); 3467 3468 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 3469 bool assoc) 3470 { 3471 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 3472 3473 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3474 3475 if (!assoc) { 3476 /* 3477 * we are not authenticated yet, the only timer that could be 3478 * running is the timeout for the authentication response which 3479 * which is not relevant anymore. 3480 */ 3481 del_timer_sync(&sdata->u.mgd.timer); 3482 sta_info_destroy_addr(sdata, auth_data->ap_addr); 3483 3484 /* other links are destroyed */ 3485 sdata->deflink.u.mgd.conn_flags = 0; 3486 eth_zero_addr(sdata->deflink.u.mgd.bssid); 3487 ieee80211_link_info_change_notify(sdata, &sdata->deflink, 3488 BSS_CHANGED_BSSID); 3489 sdata->u.mgd.flags = 0; 3490 3491 ieee80211_link_release_channel(&sdata->deflink); 3492 ieee80211_vif_set_links(sdata, 0, 0); 3493 } 3494 3495 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 3496 kfree(auth_data); 3497 sdata->u.mgd.auth_data = NULL; 3498 } 3499 3500 enum assoc_status { 3501 ASSOC_SUCCESS, 3502 ASSOC_REJECTED, 3503 ASSOC_TIMEOUT, 3504 ASSOC_ABANDON, 3505 }; 3506 3507 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 3508 enum assoc_status status) 3509 { 3510 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3511 3512 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3513 3514 if (status != ASSOC_SUCCESS) { 3515 /* 3516 * we are not associated yet, the only timer that could be 3517 * running is the timeout for the association response which 3518 * which is not relevant anymore. 3519 */ 3520 del_timer_sync(&sdata->u.mgd.timer); 3521 sta_info_destroy_addr(sdata, assoc_data->ap_addr); 3522 3523 sdata->deflink.u.mgd.conn_flags = 0; 3524 eth_zero_addr(sdata->deflink.u.mgd.bssid); 3525 ieee80211_link_info_change_notify(sdata, &sdata->deflink, 3526 BSS_CHANGED_BSSID); 3527 sdata->u.mgd.flags = 0; 3528 sdata->vif.bss_conf.mu_mimo_owner = false; 3529 3530 if (status != ASSOC_REJECTED) { 3531 struct cfg80211_assoc_failure data = { 3532 .timeout = status == ASSOC_TIMEOUT, 3533 }; 3534 int i; 3535 3536 BUILD_BUG_ON(ARRAY_SIZE(data.bss) != 3537 ARRAY_SIZE(assoc_data->link)); 3538 3539 for (i = 0; i < ARRAY_SIZE(data.bss); i++) 3540 data.bss[i] = assoc_data->link[i].bss; 3541 3542 if (ieee80211_vif_is_mld(&sdata->vif)) 3543 data.ap_mld_addr = assoc_data->ap_addr; 3544 3545 cfg80211_assoc_failure(sdata->dev, &data); 3546 } 3547 3548 ieee80211_link_release_channel(&sdata->deflink); 3549 ieee80211_vif_set_links(sdata, 0, 0); 3550 } 3551 3552 kfree(assoc_data); 3553 sdata->u.mgd.assoc_data = NULL; 3554 } 3555 3556 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 3557 struct ieee80211_mgmt *mgmt, size_t len) 3558 { 3559 struct ieee80211_local *local = sdata->local; 3560 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 3561 const struct element *challenge; 3562 u8 *pos; 3563 u32 tx_flags = 0; 3564 struct ieee80211_prep_tx_info info = { 3565 .subtype = IEEE80211_STYPE_AUTH, 3566 }; 3567 3568 pos = mgmt->u.auth.variable; 3569 challenge = cfg80211_find_elem(WLAN_EID_CHALLENGE, pos, 3570 len - (pos - (u8 *)mgmt)); 3571 if (!challenge) 3572 return; 3573 auth_data->expected_transaction = 4; 3574 drv_mgd_prepare_tx(sdata->local, sdata, &info); 3575 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 3576 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3577 IEEE80211_TX_INTFL_MLME_CONN_TX; 3578 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 3579 (void *)challenge, 3580 challenge->datalen + sizeof(*challenge), 3581 auth_data->ap_addr, auth_data->ap_addr, 3582 auth_data->key, auth_data->key_len, 3583 auth_data->key_idx, tx_flags); 3584 } 3585 3586 static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata) 3587 { 3588 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3589 const u8 *ap_addr = ifmgd->auth_data->ap_addr; 3590 struct sta_info *sta; 3591 3592 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3593 3594 sdata_info(sdata, "authenticated\n"); 3595 ifmgd->auth_data->done = true; 3596 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 3597 ifmgd->auth_data->timeout_started = true; 3598 run_again(sdata, ifmgd->auth_data->timeout); 3599 3600 /* move station state to auth */ 3601 sta = sta_info_get(sdata, ap_addr); 3602 if (!sta) { 3603 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, ap_addr); 3604 return false; 3605 } 3606 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 3607 sdata_info(sdata, "failed moving %pM to auth\n", ap_addr); 3608 return false; 3609 } 3610 3611 return true; 3612 } 3613 3614 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 3615 struct ieee80211_mgmt *mgmt, size_t len) 3616 { 3617 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3618 u16 auth_alg, auth_transaction, status_code; 3619 struct ieee80211_event event = { 3620 .type = MLME_EVENT, 3621 .u.mlme.data = AUTH_EVENT, 3622 }; 3623 struct ieee80211_prep_tx_info info = { 3624 .subtype = IEEE80211_STYPE_AUTH, 3625 }; 3626 3627 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3628 3629 if (len < 24 + 6) 3630 return; 3631 3632 if (!ifmgd->auth_data || ifmgd->auth_data->done) 3633 return; 3634 3635 if (!ether_addr_equal(ifmgd->auth_data->ap_addr, mgmt->bssid)) 3636 return; 3637 3638 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 3639 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 3640 status_code = le16_to_cpu(mgmt->u.auth.status_code); 3641 3642 if (auth_alg != ifmgd->auth_data->algorithm || 3643 (auth_alg != WLAN_AUTH_SAE && 3644 auth_transaction != ifmgd->auth_data->expected_transaction) || 3645 (auth_alg == WLAN_AUTH_SAE && 3646 (auth_transaction < ifmgd->auth_data->expected_transaction || 3647 auth_transaction > 2))) { 3648 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 3649 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 3650 auth_transaction, 3651 ifmgd->auth_data->expected_transaction); 3652 goto notify_driver; 3653 } 3654 3655 if (status_code != WLAN_STATUS_SUCCESS) { 3656 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 3657 3658 if (auth_alg == WLAN_AUTH_SAE && 3659 (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED || 3660 (auth_transaction == 1 && 3661 (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT || 3662 status_code == WLAN_STATUS_SAE_PK)))) { 3663 /* waiting for userspace now */ 3664 ifmgd->auth_data->waiting = true; 3665 ifmgd->auth_data->timeout = 3666 jiffies + IEEE80211_AUTH_WAIT_SAE_RETRY; 3667 ifmgd->auth_data->timeout_started = true; 3668 run_again(sdata, ifmgd->auth_data->timeout); 3669 goto notify_driver; 3670 } 3671 3672 sdata_info(sdata, "%pM denied authentication (status %d)\n", 3673 mgmt->sa, status_code); 3674 ieee80211_destroy_auth_data(sdata, false); 3675 event.u.mlme.status = MLME_DENIED; 3676 event.u.mlme.reason = status_code; 3677 drv_event_callback(sdata->local, sdata, &event); 3678 goto notify_driver; 3679 } 3680 3681 switch (ifmgd->auth_data->algorithm) { 3682 case WLAN_AUTH_OPEN: 3683 case WLAN_AUTH_LEAP: 3684 case WLAN_AUTH_FT: 3685 case WLAN_AUTH_SAE: 3686 case WLAN_AUTH_FILS_SK: 3687 case WLAN_AUTH_FILS_SK_PFS: 3688 case WLAN_AUTH_FILS_PK: 3689 break; 3690 case WLAN_AUTH_SHARED_KEY: 3691 if (ifmgd->auth_data->expected_transaction != 4) { 3692 ieee80211_auth_challenge(sdata, mgmt, len); 3693 /* need another frame */ 3694 return; 3695 } 3696 break; 3697 default: 3698 WARN_ONCE(1, "invalid auth alg %d", 3699 ifmgd->auth_data->algorithm); 3700 goto notify_driver; 3701 } 3702 3703 event.u.mlme.status = MLME_SUCCESS; 3704 info.success = 1; 3705 drv_event_callback(sdata->local, sdata, &event); 3706 if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE || 3707 (auth_transaction == 2 && 3708 ifmgd->auth_data->expected_transaction == 2)) { 3709 if (!ieee80211_mark_sta_auth(sdata)) 3710 return; /* ignore frame -- wait for timeout */ 3711 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 3712 auth_transaction == 2) { 3713 sdata_info(sdata, "SAE peer confirmed\n"); 3714 ifmgd->auth_data->peer_confirmed = true; 3715 } 3716 3717 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 3718 notify_driver: 3719 drv_mgd_complete_tx(sdata->local, sdata, &info); 3720 } 3721 3722 #define case_WLAN(type) \ 3723 case WLAN_REASON_##type: return #type 3724 3725 const char *ieee80211_get_reason_code_string(u16 reason_code) 3726 { 3727 switch (reason_code) { 3728 case_WLAN(UNSPECIFIED); 3729 case_WLAN(PREV_AUTH_NOT_VALID); 3730 case_WLAN(DEAUTH_LEAVING); 3731 case_WLAN(DISASSOC_DUE_TO_INACTIVITY); 3732 case_WLAN(DISASSOC_AP_BUSY); 3733 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA); 3734 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA); 3735 case_WLAN(DISASSOC_STA_HAS_LEFT); 3736 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH); 3737 case_WLAN(DISASSOC_BAD_POWER); 3738 case_WLAN(DISASSOC_BAD_SUPP_CHAN); 3739 case_WLAN(INVALID_IE); 3740 case_WLAN(MIC_FAILURE); 3741 case_WLAN(4WAY_HANDSHAKE_TIMEOUT); 3742 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT); 3743 case_WLAN(IE_DIFFERENT); 3744 case_WLAN(INVALID_GROUP_CIPHER); 3745 case_WLAN(INVALID_PAIRWISE_CIPHER); 3746 case_WLAN(INVALID_AKMP); 3747 case_WLAN(UNSUPP_RSN_VERSION); 3748 case_WLAN(INVALID_RSN_IE_CAP); 3749 case_WLAN(IEEE8021X_FAILED); 3750 case_WLAN(CIPHER_SUITE_REJECTED); 3751 case_WLAN(DISASSOC_UNSPECIFIED_QOS); 3752 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH); 3753 case_WLAN(DISASSOC_LOW_ACK); 3754 case_WLAN(DISASSOC_QAP_EXCEED_TXOP); 3755 case_WLAN(QSTA_LEAVE_QBSS); 3756 case_WLAN(QSTA_NOT_USE); 3757 case_WLAN(QSTA_REQUIRE_SETUP); 3758 case_WLAN(QSTA_TIMEOUT); 3759 case_WLAN(QSTA_CIPHER_NOT_SUPP); 3760 case_WLAN(MESH_PEER_CANCELED); 3761 case_WLAN(MESH_MAX_PEERS); 3762 case_WLAN(MESH_CONFIG); 3763 case_WLAN(MESH_CLOSE); 3764 case_WLAN(MESH_MAX_RETRIES); 3765 case_WLAN(MESH_CONFIRM_TIMEOUT); 3766 case_WLAN(MESH_INVALID_GTK); 3767 case_WLAN(MESH_INCONSISTENT_PARAM); 3768 case_WLAN(MESH_INVALID_SECURITY); 3769 case_WLAN(MESH_PATH_ERROR); 3770 case_WLAN(MESH_PATH_NOFORWARD); 3771 case_WLAN(MESH_PATH_DEST_UNREACHABLE); 3772 case_WLAN(MAC_EXISTS_IN_MBSS); 3773 case_WLAN(MESH_CHAN_REGULATORY); 3774 case_WLAN(MESH_CHAN); 3775 default: return "<unknown>"; 3776 } 3777 } 3778 3779 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 3780 struct ieee80211_mgmt *mgmt, size_t len) 3781 { 3782 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3783 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 3784 3785 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3786 3787 if (len < 24 + 2) 3788 return; 3789 3790 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) { 3791 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code); 3792 return; 3793 } 3794 3795 if (ifmgd->associated && 3796 ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)) { 3797 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n", 3798 sdata->vif.cfg.ap_addr, reason_code, 3799 ieee80211_get_reason_code_string(reason_code)); 3800 3801 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 3802 3803 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, 3804 reason_code, false); 3805 return; 3806 } 3807 3808 if (ifmgd->assoc_data && 3809 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->ap_addr)) { 3810 sdata_info(sdata, 3811 "deauthenticated from %pM while associating (Reason: %u=%s)\n", 3812 ifmgd->assoc_data->ap_addr, reason_code, 3813 ieee80211_get_reason_code_string(reason_code)); 3814 3815 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON); 3816 3817 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 3818 return; 3819 } 3820 } 3821 3822 3823 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 3824 struct ieee80211_mgmt *mgmt, size_t len) 3825 { 3826 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3827 u16 reason_code; 3828 3829 lockdep_assert_wiphy(sdata->local->hw.wiphy); 3830 3831 if (len < 24 + 2) 3832 return; 3833 3834 if (!ifmgd->associated || 3835 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)) 3836 return; 3837 3838 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 3839 3840 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) { 3841 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code); 3842 return; 3843 } 3844 3845 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n", 3846 sdata->vif.cfg.ap_addr, reason_code, 3847 ieee80211_get_reason_code_string(reason_code)); 3848 3849 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 3850 3851 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code, 3852 false); 3853 } 3854 3855 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 3856 u8 *supp_rates, unsigned int supp_rates_len, 3857 u32 *rates, u32 *basic_rates, 3858 bool *have_higher_than_11mbit, 3859 int *min_rate, int *min_rate_index, 3860 int shift) 3861 { 3862 int i, j; 3863 3864 for (i = 0; i < supp_rates_len; i++) { 3865 int rate = supp_rates[i] & 0x7f; 3866 bool is_basic = !!(supp_rates[i] & 0x80); 3867 3868 if ((rate * 5 * (1 << shift)) > 110) 3869 *have_higher_than_11mbit = true; 3870 3871 /* 3872 * Skip HT, VHT, HE, EHT and SAE H2E only BSS membership 3873 * selectors since they're not rates. 3874 * 3875 * Note: Even though the membership selector and the basic 3876 * rate flag share the same bit, they are not exactly 3877 * the same. 3878 */ 3879 if (supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY) || 3880 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY) || 3881 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HE_PHY) || 3882 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_EHT_PHY) || 3883 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E)) 3884 continue; 3885 3886 for (j = 0; j < sband->n_bitrates; j++) { 3887 struct ieee80211_rate *br; 3888 int brate; 3889 3890 br = &sband->bitrates[j]; 3891 3892 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5); 3893 if (brate == rate) { 3894 *rates |= BIT(j); 3895 if (is_basic) 3896 *basic_rates |= BIT(j); 3897 if ((rate * 5) < *min_rate) { 3898 *min_rate = rate * 5; 3899 *min_rate_index = j; 3900 } 3901 break; 3902 } 3903 } 3904 } 3905 } 3906 3907 static bool ieee80211_twt_req_supported(struct ieee80211_sub_if_data *sdata, 3908 struct ieee80211_supported_band *sband, 3909 const struct link_sta_info *link_sta, 3910 const struct ieee802_11_elems *elems) 3911 { 3912 const struct ieee80211_sta_he_cap *own_he_cap = 3913 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif); 3914 3915 if (elems->ext_capab_len < 10) 3916 return false; 3917 3918 if (!(elems->ext_capab[9] & WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT)) 3919 return false; 3920 3921 return link_sta->pub->he_cap.he_cap_elem.mac_cap_info[0] & 3922 IEEE80211_HE_MAC_CAP0_TWT_RES && 3923 own_he_cap && 3924 (own_he_cap->he_cap_elem.mac_cap_info[0] & 3925 IEEE80211_HE_MAC_CAP0_TWT_REQ); 3926 } 3927 3928 static u64 ieee80211_recalc_twt_req(struct ieee80211_sub_if_data *sdata, 3929 struct ieee80211_supported_band *sband, 3930 struct ieee80211_link_data *link, 3931 struct link_sta_info *link_sta, 3932 struct ieee802_11_elems *elems) 3933 { 3934 bool twt = ieee80211_twt_req_supported(sdata, sband, link_sta, elems); 3935 3936 if (link->conf->twt_requester != twt) { 3937 link->conf->twt_requester = twt; 3938 return BSS_CHANGED_TWT; 3939 } 3940 return 0; 3941 } 3942 3943 static bool ieee80211_twt_bcast_support(struct ieee80211_sub_if_data *sdata, 3944 struct ieee80211_bss_conf *bss_conf, 3945 struct ieee80211_supported_band *sband, 3946 struct link_sta_info *link_sta) 3947 { 3948 const struct ieee80211_sta_he_cap *own_he_cap = 3949 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif); 3950 3951 return bss_conf->he_support && 3952 (link_sta->pub->he_cap.he_cap_elem.mac_cap_info[2] & 3953 IEEE80211_HE_MAC_CAP2_BCAST_TWT) && 3954 own_he_cap && 3955 (own_he_cap->he_cap_elem.mac_cap_info[2] & 3956 IEEE80211_HE_MAC_CAP2_BCAST_TWT); 3957 } 3958 3959 static bool ieee80211_assoc_config_link(struct ieee80211_link_data *link, 3960 struct link_sta_info *link_sta, 3961 struct cfg80211_bss *cbss, 3962 struct ieee80211_mgmt *mgmt, 3963 const u8 *elem_start, 3964 unsigned int elem_len, 3965 u64 *changed) 3966 { 3967 struct ieee80211_sub_if_data *sdata = link->sdata; 3968 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3969 struct ieee80211_bss_conf *bss_conf = link->conf; 3970 struct ieee80211_local *local = sdata->local; 3971 unsigned int link_id = link->link_id; 3972 struct ieee80211_elems_parse_params parse_params = { 3973 .start = elem_start, 3974 .len = elem_len, 3975 .link_id = link_id == assoc_data->assoc_link_id ? -1 : link_id, 3976 .from_ap = true, 3977 }; 3978 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ; 3979 bool is_s1g = cbss->channel->band == NL80211_BAND_S1GHZ; 3980 const struct cfg80211_bss_ies *bss_ies = NULL; 3981 struct ieee80211_supported_band *sband; 3982 struct ieee802_11_elems *elems; 3983 const __le16 prof_bss_param_ch_present = 3984 cpu_to_le16(IEEE80211_MLE_STA_CONTROL_BSS_PARAM_CHANGE_CNT_PRESENT); 3985 u16 capab_info; 3986 bool ret; 3987 3988 elems = ieee802_11_parse_elems_full(&parse_params); 3989 if (!elems) 3990 return false; 3991 3992 if (link_id == assoc_data->assoc_link_id) { 3993 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 3994 3995 /* 3996 * we should not get to this flow unless the association was 3997 * successful, so set the status directly to success 3998 */ 3999 assoc_data->link[link_id].status = WLAN_STATUS_SUCCESS; 4000 if (elems->ml_basic) { 4001 if (!(elems->ml_basic->control & 4002 cpu_to_le16(IEEE80211_MLC_BASIC_PRES_BSS_PARAM_CH_CNT))) { 4003 ret = false; 4004 goto out; 4005 } 4006 link->u.mgd.bss_param_ch_cnt = 4007 ieee80211_mle_get_bss_param_ch_cnt(elems->ml_basic); 4008 } 4009 } else if (!elems->prof || 4010 !(elems->prof->control & prof_bss_param_ch_present)) { 4011 ret = false; 4012 goto out; 4013 } else { 4014 const u8 *ptr = elems->prof->variable + 4015 elems->prof->sta_info_len - 1; 4016 4017 /* 4018 * During parsing, we validated that these fields exist, 4019 * otherwise elems->prof would have been set to NULL. 4020 */ 4021 capab_info = get_unaligned_le16(ptr); 4022 assoc_data->link[link_id].status = get_unaligned_le16(ptr + 2); 4023 link->u.mgd.bss_param_ch_cnt = 4024 ieee80211_mle_basic_sta_prof_bss_param_ch_cnt(elems->prof); 4025 4026 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) { 4027 link_info(link, "association response status code=%u\n", 4028 assoc_data->link[link_id].status); 4029 ret = true; 4030 goto out; 4031 } 4032 } 4033 4034 if (!is_s1g && !elems->supp_rates) { 4035 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 4036 ret = false; 4037 goto out; 4038 } 4039 4040 link->u.mgd.tdls_chan_switch_prohibited = 4041 elems->ext_capab && elems->ext_capab_len >= 5 && 4042 (elems->ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED); 4043 4044 /* 4045 * Some APs are erroneously not including some information in their 4046 * (re)association response frames. Try to recover by using the data 4047 * from the beacon or probe response. This seems to afflict mobile 4048 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 4049 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 4050 */ 4051 if (!is_6ghz && 4052 ((assoc_data->wmm && !elems->wmm_param) || 4053 (!(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HT) && 4054 (!elems->ht_cap_elem || !elems->ht_operation)) || 4055 (!(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_VHT) && 4056 (!elems->vht_cap_elem || !elems->vht_operation)))) { 4057 const struct cfg80211_bss_ies *ies; 4058 struct ieee802_11_elems *bss_elems; 4059 4060 rcu_read_lock(); 4061 ies = rcu_dereference(cbss->ies); 4062 if (ies) 4063 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 4064 GFP_ATOMIC); 4065 rcu_read_unlock(); 4066 if (!bss_ies) { 4067 ret = false; 4068 goto out; 4069 } 4070 4071 parse_params.start = bss_ies->data; 4072 parse_params.len = bss_ies->len; 4073 parse_params.bss = cbss; 4074 bss_elems = ieee802_11_parse_elems_full(&parse_params); 4075 if (!bss_elems) { 4076 ret = false; 4077 goto out; 4078 } 4079 4080 if (assoc_data->wmm && 4081 !elems->wmm_param && bss_elems->wmm_param) { 4082 elems->wmm_param = bss_elems->wmm_param; 4083 sdata_info(sdata, 4084 "AP bug: WMM param missing from AssocResp\n"); 4085 } 4086 4087 /* 4088 * Also check if we requested HT/VHT, otherwise the AP doesn't 4089 * have to include the IEs in the (re)association response. 4090 */ 4091 if (!elems->ht_cap_elem && bss_elems->ht_cap_elem && 4092 !(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HT)) { 4093 elems->ht_cap_elem = bss_elems->ht_cap_elem; 4094 sdata_info(sdata, 4095 "AP bug: HT capability missing from AssocResp\n"); 4096 } 4097 if (!elems->ht_operation && bss_elems->ht_operation && 4098 !(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HT)) { 4099 elems->ht_operation = bss_elems->ht_operation; 4100 sdata_info(sdata, 4101 "AP bug: HT operation missing from AssocResp\n"); 4102 } 4103 if (!elems->vht_cap_elem && bss_elems->vht_cap_elem && 4104 !(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_VHT)) { 4105 elems->vht_cap_elem = bss_elems->vht_cap_elem; 4106 sdata_info(sdata, 4107 "AP bug: VHT capa missing from AssocResp\n"); 4108 } 4109 if (!elems->vht_operation && bss_elems->vht_operation && 4110 !(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_VHT)) { 4111 elems->vht_operation = bss_elems->vht_operation; 4112 sdata_info(sdata, 4113 "AP bug: VHT operation missing from AssocResp\n"); 4114 } 4115 4116 kfree(bss_elems); 4117 } 4118 4119 /* 4120 * We previously checked these in the beacon/probe response, so 4121 * they should be present here. This is just a safety net. 4122 */ 4123 if (!is_6ghz && !(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HT) && 4124 (!elems->wmm_param || !elems->ht_cap_elem || !elems->ht_operation)) { 4125 sdata_info(sdata, 4126 "HT AP is missing WMM params or HT capability/operation\n"); 4127 ret = false; 4128 goto out; 4129 } 4130 4131 if (!is_6ghz && !(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_VHT) && 4132 (!elems->vht_cap_elem || !elems->vht_operation)) { 4133 sdata_info(sdata, 4134 "VHT AP is missing VHT capability/operation\n"); 4135 ret = false; 4136 goto out; 4137 } 4138 4139 if (is_6ghz && !(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HE) && 4140 !elems->he_6ghz_capa) { 4141 sdata_info(sdata, 4142 "HE 6 GHz AP is missing HE 6 GHz band capability\n"); 4143 ret = false; 4144 goto out; 4145 } 4146 4147 if (WARN_ON(!link->conf->chandef.chan)) { 4148 ret = false; 4149 goto out; 4150 } 4151 sband = local->hw.wiphy->bands[link->conf->chandef.chan->band]; 4152 4153 if (!(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HE) && 4154 (!elems->he_cap || !elems->he_operation)) { 4155 sdata_info(sdata, 4156 "HE AP is missing HE capability/operation\n"); 4157 ret = false; 4158 goto out; 4159 } 4160 4161 /* Set up internal HT/VHT capabilities */ 4162 if (elems->ht_cap_elem && !(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HT)) 4163 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 4164 elems->ht_cap_elem, 4165 link_sta); 4166 4167 if (elems->vht_cap_elem && !(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_VHT)) 4168 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 4169 elems->vht_cap_elem, 4170 link_sta); 4171 4172 if (elems->he_operation && !(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HE) && 4173 elems->he_cap) { 4174 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband, 4175 elems->he_cap, 4176 elems->he_cap_len, 4177 elems->he_6ghz_capa, 4178 link_sta); 4179 4180 bss_conf->he_support = link_sta->pub->he_cap.has_he; 4181 if (elems->rsnx && elems->rsnx_len && 4182 (elems->rsnx[0] & WLAN_RSNX_CAPA_PROTECTED_TWT) && 4183 wiphy_ext_feature_isset(local->hw.wiphy, 4184 NL80211_EXT_FEATURE_PROTECTED_TWT)) 4185 bss_conf->twt_protected = true; 4186 else 4187 bss_conf->twt_protected = false; 4188 4189 *changed |= ieee80211_recalc_twt_req(sdata, sband, link, 4190 link_sta, elems); 4191 4192 if (elems->eht_operation && elems->eht_cap && 4193 !(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_EHT)) { 4194 ieee80211_eht_cap_ie_to_sta_eht_cap(sdata, sband, 4195 elems->he_cap, 4196 elems->he_cap_len, 4197 elems->eht_cap, 4198 elems->eht_cap_len, 4199 link_sta); 4200 4201 bss_conf->eht_support = link_sta->pub->eht_cap.has_eht; 4202 *changed |= BSS_CHANGED_EHT_PUNCTURING; 4203 } else { 4204 bss_conf->eht_support = false; 4205 } 4206 } else { 4207 bss_conf->he_support = false; 4208 bss_conf->twt_requester = false; 4209 bss_conf->twt_protected = false; 4210 bss_conf->eht_support = false; 4211 } 4212 4213 bss_conf->twt_broadcast = 4214 ieee80211_twt_bcast_support(sdata, bss_conf, sband, link_sta); 4215 4216 if (bss_conf->he_support) { 4217 bss_conf->he_bss_color.color = 4218 le32_get_bits(elems->he_operation->he_oper_params, 4219 IEEE80211_HE_OPERATION_BSS_COLOR_MASK); 4220 bss_conf->he_bss_color.partial = 4221 le32_get_bits(elems->he_operation->he_oper_params, 4222 IEEE80211_HE_OPERATION_PARTIAL_BSS_COLOR); 4223 bss_conf->he_bss_color.enabled = 4224 !le32_get_bits(elems->he_operation->he_oper_params, 4225 IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED); 4226 4227 if (bss_conf->he_bss_color.enabled) 4228 *changed |= BSS_CHANGED_HE_BSS_COLOR; 4229 4230 bss_conf->htc_trig_based_pkt_ext = 4231 le32_get_bits(elems->he_operation->he_oper_params, 4232 IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK); 4233 bss_conf->frame_time_rts_th = 4234 le32_get_bits(elems->he_operation->he_oper_params, 4235 IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK); 4236 4237 bss_conf->uora_exists = !!elems->uora_element; 4238 if (elems->uora_element) 4239 bss_conf->uora_ocw_range = elems->uora_element[0]; 4240 4241 ieee80211_he_op_ie_to_bss_conf(&sdata->vif, elems->he_operation); 4242 ieee80211_he_spr_ie_to_bss_conf(&sdata->vif, elems->he_spr); 4243 /* TODO: OPEN: what happens if BSS color disable is set? */ 4244 } 4245 4246 if (cbss->transmitted_bss) { 4247 bss_conf->nontransmitted = true; 4248 ether_addr_copy(bss_conf->transmitter_bssid, 4249 cbss->transmitted_bss->bssid); 4250 bss_conf->bssid_indicator = cbss->max_bssid_indicator; 4251 bss_conf->bssid_index = cbss->bssid_index; 4252 } 4253 4254 /* 4255 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 4256 * in their association response, so ignore that data for our own 4257 * configuration. If it changed since the last beacon, we'll get the 4258 * next beacon and update then. 4259 */ 4260 4261 /* 4262 * If an operating mode notification IE is present, override the 4263 * NSS calculation (that would be done in rate_control_rate_init()) 4264 * and use the # of streams from that element. 4265 */ 4266 if (elems->opmode_notif && 4267 !(*elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 4268 u8 nss; 4269 4270 nss = *elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 4271 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 4272 nss += 1; 4273 link_sta->pub->rx_nss = nss; 4274 } 4275 4276 /* 4277 * Always handle WMM once after association regardless 4278 * of the first value the AP uses. Setting -1 here has 4279 * that effect because the AP values is an unsigned 4280 * 4-bit value. 4281 */ 4282 link->u.mgd.wmm_last_param_set = -1; 4283 link->u.mgd.mu_edca_last_param_set = -1; 4284 4285 if (link->u.mgd.disable_wmm_tracking) { 4286 ieee80211_set_wmm_default(link, false, false); 4287 } else if (!ieee80211_sta_wmm_params(local, link, elems->wmm_param, 4288 elems->wmm_param_len, 4289 elems->mu_edca_param_set)) { 4290 /* still enable QoS since we might have HT/VHT */ 4291 ieee80211_set_wmm_default(link, false, true); 4292 /* disable WMM tracking in this case to disable 4293 * tracking WMM parameter changes in the beacon if 4294 * the parameters weren't actually valid. Doing so 4295 * avoids changing parameters very strangely when 4296 * the AP is going back and forth between valid and 4297 * invalid parameters. 4298 */ 4299 link->u.mgd.disable_wmm_tracking = true; 4300 } 4301 4302 if (elems->max_idle_period_ie) { 4303 bss_conf->max_idle_period = 4304 le16_to_cpu(elems->max_idle_period_ie->max_idle_period); 4305 bss_conf->protected_keep_alive = 4306 !!(elems->max_idle_period_ie->idle_options & 4307 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE); 4308 *changed |= BSS_CHANGED_KEEP_ALIVE; 4309 } else { 4310 bss_conf->max_idle_period = 0; 4311 bss_conf->protected_keep_alive = false; 4312 } 4313 4314 /* set assoc capability (AID was already set earlier), 4315 * ieee80211_set_associated() will tell the driver */ 4316 bss_conf->assoc_capability = capab_info; 4317 4318 ret = true; 4319 out: 4320 kfree(elems); 4321 kfree(bss_ies); 4322 return ret; 4323 } 4324 4325 static int ieee80211_mgd_setup_link_sta(struct ieee80211_link_data *link, 4326 struct sta_info *sta, 4327 struct link_sta_info *link_sta, 4328 struct cfg80211_bss *cbss) 4329 { 4330 struct ieee80211_sub_if_data *sdata = link->sdata; 4331 struct ieee80211_local *local = sdata->local; 4332 struct ieee80211_bss *bss = (void *)cbss->priv; 4333 u32 rates = 0, basic_rates = 0; 4334 bool have_higher_than_11mbit = false; 4335 int min_rate = INT_MAX, min_rate_index = -1; 4336 /* this is clearly wrong for MLO but we'll just remove it later */ 4337 int shift = ieee80211_vif_get_shift(&sdata->vif); 4338 struct ieee80211_supported_band *sband; 4339 4340 memcpy(link_sta->addr, cbss->bssid, ETH_ALEN); 4341 memcpy(link_sta->pub->addr, cbss->bssid, ETH_ALEN); 4342 4343 /* TODO: S1G Basic Rate Set is expressed elsewhere */ 4344 if (cbss->channel->band == NL80211_BAND_S1GHZ) { 4345 ieee80211_s1g_sta_rate_init(sta); 4346 return 0; 4347 } 4348 4349 sband = local->hw.wiphy->bands[cbss->channel->band]; 4350 4351 ieee80211_get_rates(sband, bss->supp_rates, bss->supp_rates_len, 4352 &rates, &basic_rates, &have_higher_than_11mbit, 4353 &min_rate, &min_rate_index, shift); 4354 4355 /* 4356 * This used to be a workaround for basic rates missing 4357 * in the association response frame. Now that we no 4358 * longer use the basic rates from there, it probably 4359 * doesn't happen any more, but keep the workaround so 4360 * in case some *other* APs are buggy in different ways 4361 * we can connect -- with a warning. 4362 * Allow this workaround only in case the AP provided at least 4363 * one rate. 4364 */ 4365 if (min_rate_index < 0) { 4366 link_info(link, "No legacy rates in association response\n"); 4367 return -EINVAL; 4368 } else if (!basic_rates) { 4369 link_info(link, "No basic rates, using min rate instead\n"); 4370 basic_rates = BIT(min_rate_index); 4371 } 4372 4373 if (rates) 4374 link_sta->pub->supp_rates[cbss->channel->band] = rates; 4375 else 4376 link_info(link, "No rates found, keeping mandatory only\n"); 4377 4378 link->conf->basic_rates = basic_rates; 4379 4380 /* cf. IEEE 802.11 9.2.12 */ 4381 link->operating_11g_mode = sband->band == NL80211_BAND_2GHZ && 4382 have_higher_than_11mbit; 4383 4384 return 0; 4385 } 4386 4387 static u8 ieee80211_max_rx_chains(struct ieee80211_link_data *link, 4388 struct cfg80211_bss *cbss) 4389 { 4390 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp; 4391 const struct element *ht_cap_elem, *vht_cap_elem; 4392 const struct cfg80211_bss_ies *ies; 4393 const struct ieee80211_ht_cap *ht_cap; 4394 const struct ieee80211_vht_cap *vht_cap; 4395 const struct ieee80211_he_cap_elem *he_cap; 4396 const struct element *he_cap_elem; 4397 u16 mcs_80_map, mcs_160_map; 4398 int i, mcs_nss_size; 4399 bool support_160; 4400 u8 chains = 1; 4401 4402 if (link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HT) 4403 return chains; 4404 4405 ht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_CAPABILITY); 4406 if (ht_cap_elem && ht_cap_elem->datalen >= sizeof(*ht_cap)) { 4407 ht_cap = (void *)ht_cap_elem->data; 4408 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 4409 /* 4410 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 4411 * "Tx Unequal Modulation Supported" fields. 4412 */ 4413 } 4414 4415 if (link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_VHT) 4416 return chains; 4417 4418 vht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY); 4419 if (vht_cap_elem && vht_cap_elem->datalen >= sizeof(*vht_cap)) { 4420 u8 nss; 4421 u16 tx_mcs_map; 4422 4423 vht_cap = (void *)vht_cap_elem->data; 4424 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 4425 for (nss = 8; nss > 0; nss--) { 4426 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 4427 IEEE80211_VHT_MCS_NOT_SUPPORTED) 4428 break; 4429 } 4430 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 4431 chains = max(chains, nss); 4432 } 4433 4434 if (link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_HE) 4435 return chains; 4436 4437 ies = rcu_dereference(cbss->ies); 4438 he_cap_elem = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, 4439 ies->data, ies->len); 4440 4441 if (!he_cap_elem || he_cap_elem->datalen < sizeof(*he_cap)) 4442 return chains; 4443 4444 /* skip one byte ext_tag_id */ 4445 he_cap = (void *)(he_cap_elem->data + 1); 4446 mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap); 4447 4448 /* invalid HE IE */ 4449 if (he_cap_elem->datalen < 1 + mcs_nss_size + sizeof(*he_cap)) 4450 return chains; 4451 4452 /* mcs_nss is right after he_cap info */ 4453 he_mcs_nss_supp = (void *)(he_cap + 1); 4454 4455 mcs_80_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80); 4456 4457 for (i = 7; i >= 0; i--) { 4458 u8 mcs_80 = mcs_80_map >> (2 * i) & 3; 4459 4460 if (mcs_80 != IEEE80211_VHT_MCS_NOT_SUPPORTED) { 4461 chains = max_t(u8, chains, i + 1); 4462 break; 4463 } 4464 } 4465 4466 support_160 = he_cap->phy_cap_info[0] & 4467 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G; 4468 4469 if (!support_160) 4470 return chains; 4471 4472 mcs_160_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_160); 4473 for (i = 7; i >= 0; i--) { 4474 u8 mcs_160 = mcs_160_map >> (2 * i) & 3; 4475 4476 if (mcs_160 != IEEE80211_VHT_MCS_NOT_SUPPORTED) { 4477 chains = max_t(u8, chains, i + 1); 4478 break; 4479 } 4480 } 4481 4482 return chains; 4483 } 4484 4485 static bool 4486 ieee80211_verify_peer_he_mcs_support(struct ieee80211_sub_if_data *sdata, 4487 const struct cfg80211_bss_ies *ies, 4488 const struct ieee80211_he_operation *he_op) 4489 { 4490 const struct element *he_cap_elem; 4491 const struct ieee80211_he_cap_elem *he_cap; 4492 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp; 4493 u16 mcs_80_map_tx, mcs_80_map_rx; 4494 u16 ap_min_req_set; 4495 int mcs_nss_size; 4496 int nss; 4497 4498 he_cap_elem = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, 4499 ies->data, ies->len); 4500 4501 if (!he_cap_elem) 4502 return false; 4503 4504 /* invalid HE IE */ 4505 if (he_cap_elem->datalen < 1 + sizeof(*he_cap)) { 4506 sdata_info(sdata, 4507 "Invalid HE elem, Disable HE\n"); 4508 return false; 4509 } 4510 4511 /* skip one byte ext_tag_id */ 4512 he_cap = (void *)(he_cap_elem->data + 1); 4513 mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap); 4514 4515 /* invalid HE IE */ 4516 if (he_cap_elem->datalen < 1 + sizeof(*he_cap) + mcs_nss_size) { 4517 sdata_info(sdata, 4518 "Invalid HE elem with nss size, Disable HE\n"); 4519 return false; 4520 } 4521 4522 /* mcs_nss is right after he_cap info */ 4523 he_mcs_nss_supp = (void *)(he_cap + 1); 4524 4525 mcs_80_map_tx = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80); 4526 mcs_80_map_rx = le16_to_cpu(he_mcs_nss_supp->rx_mcs_80); 4527 4528 /* P802.11-REVme/D0.3 4529 * 27.1.1 Introduction to the HE PHY 4530 * ... 4531 * An HE STA shall support the following features: 4532 * ... 4533 * Single spatial stream HE-MCSs 0 to 7 (transmit and receive) in all 4534 * supported channel widths for HE SU PPDUs 4535 */ 4536 if ((mcs_80_map_tx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED || 4537 (mcs_80_map_rx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED) { 4538 sdata_info(sdata, 4539 "Missing mandatory rates for 1 Nss, rx 0x%x, tx 0x%x, disable HE\n", 4540 mcs_80_map_tx, mcs_80_map_rx); 4541 return false; 4542 } 4543 4544 if (!he_op) 4545 return true; 4546 4547 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set); 4548 4549 /* 4550 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all 4551 * zeroes, which is nonsense, and completely inconsistent with itself 4552 * (it doesn't have 8 streams). Accept the settings in this case anyway. 4553 */ 4554 if (!ap_min_req_set) 4555 return true; 4556 4557 /* make sure the AP is consistent with itself 4558 * 4559 * P802.11-REVme/D0.3 4560 * 26.17.1 Basic HE BSS operation 4561 * 4562 * A STA that is operating in an HE BSS shall be able to receive and 4563 * transmit at each of the <HE-MCS, NSS> tuple values indicated by the 4564 * Basic HE-MCS And NSS Set field of the HE Operation parameter of the 4565 * MLME-START.request primitive and shall be able to receive at each of 4566 * the <HE-MCS, NSS> tuple values indicated by the Supported HE-MCS and 4567 * NSS Set field in the HE Capabilities parameter of the MLMESTART.request 4568 * primitive 4569 */ 4570 for (nss = 8; nss > 0; nss--) { 4571 u8 ap_op_val = (ap_min_req_set >> (2 * (nss - 1))) & 3; 4572 u8 ap_rx_val; 4573 u8 ap_tx_val; 4574 4575 if (ap_op_val == IEEE80211_HE_MCS_NOT_SUPPORTED) 4576 continue; 4577 4578 ap_rx_val = (mcs_80_map_rx >> (2 * (nss - 1))) & 3; 4579 ap_tx_val = (mcs_80_map_tx >> (2 * (nss - 1))) & 3; 4580 4581 if (ap_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED || 4582 ap_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED || 4583 ap_rx_val < ap_op_val || ap_tx_val < ap_op_val) { 4584 sdata_info(sdata, 4585 "Invalid rates for %d Nss, rx %d, tx %d oper %d, disable HE\n", 4586 nss, ap_rx_val, ap_rx_val, ap_op_val); 4587 return false; 4588 } 4589 } 4590 4591 return true; 4592 } 4593 4594 static bool 4595 ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data *sdata, 4596 struct ieee80211_supported_band *sband, 4597 const struct ieee80211_he_operation *he_op) 4598 { 4599 const struct ieee80211_sta_he_cap *sta_he_cap = 4600 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif); 4601 u16 ap_min_req_set; 4602 int i; 4603 4604 if (!sta_he_cap || !he_op) 4605 return false; 4606 4607 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set); 4608 4609 /* 4610 * Apparently iPhone 13 (at least iOS version 15.3.1) sets this to all 4611 * zeroes, which is nonsense, and completely inconsistent with itself 4612 * (it doesn't have 8 streams). Accept the settings in this case anyway. 4613 */ 4614 if (!ap_min_req_set) 4615 return true; 4616 4617 /* Need to go over for 80MHz, 160MHz and for 80+80 */ 4618 for (i = 0; i < 3; i++) { 4619 const struct ieee80211_he_mcs_nss_supp *sta_mcs_nss_supp = 4620 &sta_he_cap->he_mcs_nss_supp; 4621 u16 sta_mcs_map_rx = 4622 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i]); 4623 u16 sta_mcs_map_tx = 4624 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i + 1]); 4625 u8 nss; 4626 bool verified = true; 4627 4628 /* 4629 * For each band there is a maximum of 8 spatial streams 4630 * possible. Each of the sta_mcs_map_* is a 16-bit struct built 4631 * of 2 bits per NSS (1-8), with the values defined in enum 4632 * ieee80211_he_mcs_support. Need to make sure STA TX and RX 4633 * capabilities aren't less than the AP's minimum requirements 4634 * for this HE BSS per SS. 4635 * It is enough to find one such band that meets the reqs. 4636 */ 4637 for (nss = 8; nss > 0; nss--) { 4638 u8 sta_rx_val = (sta_mcs_map_rx >> (2 * (nss - 1))) & 3; 4639 u8 sta_tx_val = (sta_mcs_map_tx >> (2 * (nss - 1))) & 3; 4640 u8 ap_val = (ap_min_req_set >> (2 * (nss - 1))) & 3; 4641 4642 if (ap_val == IEEE80211_HE_MCS_NOT_SUPPORTED) 4643 continue; 4644 4645 /* 4646 * Make sure the HE AP doesn't require MCSs that aren't 4647 * supported by the client as required by spec 4648 * 4649 * P802.11-REVme/D0.3 4650 * 26.17.1 Basic HE BSS operation 4651 * 4652 * An HE STA shall not attempt to join * (MLME-JOIN.request primitive) 4653 * a BSS, unless it supports (i.e., is able to both transmit and 4654 * receive using) all of the <HE-MCS, NSS> tuples in the basic 4655 * HE-MCS and NSS set. 4656 */ 4657 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED || 4658 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED || 4659 (ap_val > sta_rx_val) || (ap_val > sta_tx_val)) { 4660 verified = false; 4661 break; 4662 } 4663 } 4664 4665 if (verified) 4666 return true; 4667 } 4668 4669 /* If here, STA doesn't meet AP's HE min requirements */ 4670 return false; 4671 } 4672 4673 static u8 4674 ieee80211_get_eht_cap_mcs_nss(const struct ieee80211_sta_he_cap *sta_he_cap, 4675 const struct ieee80211_sta_eht_cap *sta_eht_cap, 4676 unsigned int idx, int bw) 4677 { 4678 u8 he_phy_cap0 = sta_he_cap->he_cap_elem.phy_cap_info[0]; 4679 u8 eht_phy_cap0 = sta_eht_cap->eht_cap_elem.phy_cap_info[0]; 4680 4681 /* handle us being a 20 MHz-only EHT STA - with four values 4682 * for MCS 0-7, 8-9, 10-11, 12-13. 4683 */ 4684 if (!(he_phy_cap0 & IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_MASK_ALL)) 4685 return sta_eht_cap->eht_mcs_nss_supp.only_20mhz.rx_tx_max_nss[idx]; 4686 4687 /* the others have MCS 0-9 together, rather than separately from 0-7 */ 4688 if (idx > 0) 4689 idx--; 4690 4691 switch (bw) { 4692 case 0: 4693 return sta_eht_cap->eht_mcs_nss_supp.bw._80.rx_tx_max_nss[idx]; 4694 case 1: 4695 if (!(he_phy_cap0 & 4696 (IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G | 4697 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G))) 4698 return 0xff; /* pass check */ 4699 return sta_eht_cap->eht_mcs_nss_supp.bw._160.rx_tx_max_nss[idx]; 4700 case 2: 4701 if (!(eht_phy_cap0 & IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ)) 4702 return 0xff; /* pass check */ 4703 return sta_eht_cap->eht_mcs_nss_supp.bw._320.rx_tx_max_nss[idx]; 4704 } 4705 4706 WARN_ON(1); 4707 return 0; 4708 } 4709 4710 static bool 4711 ieee80211_verify_sta_eht_mcs_support(struct ieee80211_sub_if_data *sdata, 4712 struct ieee80211_supported_band *sband, 4713 const struct ieee80211_eht_operation *eht_op) 4714 { 4715 const struct ieee80211_sta_he_cap *sta_he_cap = 4716 ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif); 4717 const struct ieee80211_sta_eht_cap *sta_eht_cap = 4718 ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif); 4719 const struct ieee80211_eht_mcs_nss_supp_20mhz_only *req; 4720 unsigned int i; 4721 4722 if (!sta_he_cap || !sta_eht_cap || !eht_op) 4723 return false; 4724 4725 req = &eht_op->basic_mcs_nss; 4726 4727 for (i = 0; i < ARRAY_SIZE(req->rx_tx_max_nss); i++) { 4728 u8 req_rx_nss, req_tx_nss; 4729 unsigned int bw; 4730 4731 req_rx_nss = u8_get_bits(req->rx_tx_max_nss[i], 4732 IEEE80211_EHT_MCS_NSS_RX); 4733 req_tx_nss = u8_get_bits(req->rx_tx_max_nss[i], 4734 IEEE80211_EHT_MCS_NSS_TX); 4735 4736 for (bw = 0; bw < 3; bw++) { 4737 u8 have, have_rx_nss, have_tx_nss; 4738 4739 have = ieee80211_get_eht_cap_mcs_nss(sta_he_cap, 4740 sta_eht_cap, 4741 i, bw); 4742 have_rx_nss = u8_get_bits(have, 4743 IEEE80211_EHT_MCS_NSS_RX); 4744 have_tx_nss = u8_get_bits(have, 4745 IEEE80211_EHT_MCS_NSS_TX); 4746 4747 if (req_rx_nss > have_rx_nss || 4748 req_tx_nss > have_tx_nss) 4749 return false; 4750 } 4751 } 4752 4753 return true; 4754 } 4755 4756 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 4757 struct ieee80211_link_data *link, 4758 struct cfg80211_bss *cbss, 4759 ieee80211_conn_flags_t *conn_flags) 4760 { 4761 struct ieee80211_local *local = sdata->local; 4762 const struct ieee80211_ht_cap *ht_cap = NULL; 4763 const struct ieee80211_ht_operation *ht_oper = NULL; 4764 const struct ieee80211_vht_operation *vht_oper = NULL; 4765 const struct ieee80211_he_operation *he_oper = NULL; 4766 const struct ieee80211_eht_operation *eht_oper = NULL; 4767 const struct ieee80211_s1g_oper_ie *s1g_oper = NULL; 4768 struct ieee80211_supported_band *sband; 4769 struct cfg80211_chan_def chandef; 4770 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ; 4771 bool is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ; 4772 struct ieee80211_bss *bss = (void *)cbss->priv; 4773 struct ieee80211_elems_parse_params parse_params = { 4774 .link_id = -1, 4775 .from_ap = true, 4776 }; 4777 struct ieee802_11_elems *elems; 4778 const struct cfg80211_bss_ies *ies; 4779 int ret; 4780 u32 i; 4781 bool have_80mhz; 4782 4783 lockdep_assert_wiphy(local->hw.wiphy); 4784 4785 rcu_read_lock(); 4786 4787 ies = rcu_dereference(cbss->ies); 4788 parse_params.start = ies->data; 4789 parse_params.len = ies->len; 4790 elems = ieee802_11_parse_elems_full(&parse_params); 4791 if (!elems) { 4792 rcu_read_unlock(); 4793 return -ENOMEM; 4794 } 4795 4796 sband = local->hw.wiphy->bands[cbss->channel->band]; 4797 4798 *conn_flags &= ~(IEEE80211_CONN_DISABLE_40MHZ | 4799 IEEE80211_CONN_DISABLE_80P80MHZ | 4800 IEEE80211_CONN_DISABLE_160MHZ); 4801 4802 /* disable HT/VHT/HE if we don't support them */ 4803 if (!sband->ht_cap.ht_supported && !is_6ghz) { 4804 mlme_dbg(sdata, "HT not supported, disabling HT/VHT/HE/EHT\n"); 4805 *conn_flags |= IEEE80211_CONN_DISABLE_HT; 4806 *conn_flags |= IEEE80211_CONN_DISABLE_VHT; 4807 *conn_flags |= IEEE80211_CONN_DISABLE_HE; 4808 *conn_flags |= IEEE80211_CONN_DISABLE_EHT; 4809 } 4810 4811 if (!sband->vht_cap.vht_supported && is_5ghz) { 4812 mlme_dbg(sdata, "VHT not supported, disabling VHT/HE/EHT\n"); 4813 *conn_flags |= IEEE80211_CONN_DISABLE_VHT; 4814 *conn_flags |= IEEE80211_CONN_DISABLE_HE; 4815 *conn_flags |= IEEE80211_CONN_DISABLE_EHT; 4816 } 4817 4818 if (!ieee80211_get_he_iftype_cap_vif(sband, &sdata->vif)) { 4819 mlme_dbg(sdata, "HE not supported, disabling HE and EHT\n"); 4820 *conn_flags |= IEEE80211_CONN_DISABLE_HE; 4821 *conn_flags |= IEEE80211_CONN_DISABLE_EHT; 4822 } 4823 4824 if (!ieee80211_get_eht_iftype_cap_vif(sband, &sdata->vif)) { 4825 mlme_dbg(sdata, "EHT not supported, disabling EHT\n"); 4826 *conn_flags |= IEEE80211_CONN_DISABLE_EHT; 4827 } 4828 4829 if (!(*conn_flags & IEEE80211_CONN_DISABLE_HT) && !is_6ghz) { 4830 ht_oper = elems->ht_operation; 4831 ht_cap = elems->ht_cap_elem; 4832 4833 if (!ht_cap) { 4834 *conn_flags |= IEEE80211_CONN_DISABLE_HT; 4835 ht_oper = NULL; 4836 } 4837 } 4838 4839 if (!(*conn_flags & IEEE80211_CONN_DISABLE_VHT) && !is_6ghz) { 4840 vht_oper = elems->vht_operation; 4841 if (vht_oper && !ht_oper) { 4842 vht_oper = NULL; 4843 sdata_info(sdata, 4844 "AP advertised VHT without HT, disabling HT/VHT/HE\n"); 4845 *conn_flags |= IEEE80211_CONN_DISABLE_HT; 4846 *conn_flags |= IEEE80211_CONN_DISABLE_VHT; 4847 *conn_flags |= IEEE80211_CONN_DISABLE_HE; 4848 *conn_flags |= IEEE80211_CONN_DISABLE_EHT; 4849 } 4850 4851 if (!elems->vht_cap_elem) { 4852 *conn_flags |= IEEE80211_CONN_DISABLE_VHT; 4853 vht_oper = NULL; 4854 } 4855 } 4856 4857 if (!(*conn_flags & IEEE80211_CONN_DISABLE_HE)) { 4858 he_oper = elems->he_operation; 4859 4860 if (link && is_6ghz) { 4861 struct ieee80211_bss_conf *bss_conf; 4862 u8 j = 0; 4863 4864 bss_conf = link->conf; 4865 4866 if (elems->pwr_constr_elem) 4867 bss_conf->pwr_reduction = *elems->pwr_constr_elem; 4868 4869 BUILD_BUG_ON(ARRAY_SIZE(bss_conf->tx_pwr_env) != 4870 ARRAY_SIZE(elems->tx_pwr_env)); 4871 4872 for (i = 0; i < elems->tx_pwr_env_num; i++) { 4873 if (elems->tx_pwr_env_len[i] > 4874 sizeof(bss_conf->tx_pwr_env[j])) 4875 continue; 4876 4877 bss_conf->tx_pwr_env_num++; 4878 memcpy(&bss_conf->tx_pwr_env[j], elems->tx_pwr_env[i], 4879 elems->tx_pwr_env_len[i]); 4880 j++; 4881 } 4882 } 4883 4884 if (!ieee80211_verify_peer_he_mcs_support(sdata, ies, he_oper) || 4885 !ieee80211_verify_sta_he_mcs_support(sdata, sband, he_oper)) 4886 *conn_flags |= IEEE80211_CONN_DISABLE_HE | 4887 IEEE80211_CONN_DISABLE_EHT; 4888 } 4889 4890 /* 4891 * EHT requires HE to be supported as well. Specifically for 6 GHz 4892 * channels, the operation channel information can only be deduced from 4893 * both the 6 GHz operation information (from the HE operation IE) and 4894 * EHT operation. 4895 */ 4896 if (!(*conn_flags & 4897 (IEEE80211_CONN_DISABLE_HE | 4898 IEEE80211_CONN_DISABLE_EHT)) && 4899 he_oper) { 4900 const struct cfg80211_bss_ies *cbss_ies; 4901 const struct element *eht_ml_elem; 4902 const u8 *eht_oper_ie; 4903 4904 cbss_ies = rcu_dereference(cbss->ies); 4905 eht_oper_ie = cfg80211_find_ext_ie(WLAN_EID_EXT_EHT_OPERATION, 4906 cbss_ies->data, cbss_ies->len); 4907 if (eht_oper_ie && eht_oper_ie[1] >= 4908 1 + sizeof(struct ieee80211_eht_operation)) 4909 eht_oper = (void *)(eht_oper_ie + 3); 4910 else 4911 eht_oper = NULL; 4912 4913 if (!ieee80211_verify_sta_eht_mcs_support(sdata, sband, eht_oper)) 4914 *conn_flags |= IEEE80211_CONN_DISABLE_EHT; 4915 4916 eht_ml_elem = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_MULTI_LINK, 4917 cbss_ies->data, cbss_ies->len); 4918 4919 /* data + 1 / datalen - 1 since it's an extended element */ 4920 if (!(*conn_flags & IEEE80211_CONN_DISABLE_EHT) && 4921 eht_ml_elem && 4922 ieee80211_mle_type_ok(eht_ml_elem->data + 1, 4923 IEEE80211_ML_CONTROL_TYPE_BASIC, 4924 eht_ml_elem->datalen - 1)) { 4925 sdata->vif.cfg.eml_cap = 4926 ieee80211_mle_get_eml_cap(eht_ml_elem->data + 1); 4927 sdata->vif.cfg.eml_med_sync_delay = 4928 ieee80211_mle_get_eml_med_sync_delay(eht_ml_elem->data + 1); 4929 } 4930 } 4931 4932 /* Allow VHT if at least one channel on the sband supports 80 MHz */ 4933 have_80mhz = false; 4934 for (i = 0; i < sband->n_channels; i++) { 4935 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED | 4936 IEEE80211_CHAN_NO_80MHZ)) 4937 continue; 4938 4939 have_80mhz = true; 4940 break; 4941 } 4942 4943 if (!have_80mhz) { 4944 sdata_info(sdata, "80 MHz not supported, disabling VHT\n"); 4945 *conn_flags |= IEEE80211_CONN_DISABLE_VHT; 4946 } 4947 4948 if (sband->band == NL80211_BAND_S1GHZ) { 4949 s1g_oper = elems->s1g_oper; 4950 if (!s1g_oper) 4951 sdata_info(sdata, 4952 "AP missing S1G operation element?\n"); 4953 } 4954 4955 *conn_flags |= 4956 ieee80211_determine_chantype(sdata, link, *conn_flags, 4957 sband, 4958 cbss->channel, 4959 bss->vht_cap_info, 4960 ht_oper, vht_oper, 4961 he_oper, eht_oper, 4962 s1g_oper, 4963 &chandef, false); 4964 4965 if (link) 4966 link->needed_rx_chains = 4967 min(ieee80211_max_rx_chains(link, cbss), 4968 local->rx_chains); 4969 4970 rcu_read_unlock(); 4971 /* the element data was RCU protected so no longer valid anyway */ 4972 kfree(elems); 4973 elems = NULL; 4974 4975 if (*conn_flags & IEEE80211_CONN_DISABLE_HE && is_6ghz) { 4976 sdata_info(sdata, "Rejecting non-HE 6/7 GHz connection"); 4977 return -EINVAL; 4978 } 4979 4980 if (!link) 4981 return 0; 4982 4983 /* will change later if needed */ 4984 link->smps_mode = IEEE80211_SMPS_OFF; 4985 4986 /* 4987 * If this fails (possibly due to channel context sharing 4988 * on incompatible channels, e.g. 80+80 and 160 sharing the 4989 * same control channel) try to use a smaller bandwidth. 4990 */ 4991 ret = ieee80211_link_use_channel(link, &chandef, 4992 IEEE80211_CHANCTX_SHARED); 4993 4994 /* don't downgrade for 5 and 10 MHz channels, though. */ 4995 if (chandef.width == NL80211_CHAN_WIDTH_5 || 4996 chandef.width == NL80211_CHAN_WIDTH_10) 4997 goto out; 4998 4999 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 5000 *conn_flags |= 5001 ieee80211_chandef_downgrade(&chandef); 5002 ret = ieee80211_link_use_channel(link, &chandef, 5003 IEEE80211_CHANCTX_SHARED); 5004 } 5005 out: 5006 return ret; 5007 } 5008 5009 static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies, 5010 u8 *dtim_count, u8 *dtim_period) 5011 { 5012 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len); 5013 const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data, 5014 ies->len); 5015 const struct ieee80211_tim_ie *tim = NULL; 5016 const struct ieee80211_bssid_index *idx; 5017 bool valid = tim_ie && tim_ie[1] >= 2; 5018 5019 if (valid) 5020 tim = (void *)(tim_ie + 2); 5021 5022 if (dtim_count) 5023 *dtim_count = valid ? tim->dtim_count : 0; 5024 5025 if (dtim_period) 5026 *dtim_period = valid ? tim->dtim_period : 0; 5027 5028 /* Check if value is overridden by non-transmitted profile */ 5029 if (!idx_ie || idx_ie[1] < 3) 5030 return valid; 5031 5032 idx = (void *)(idx_ie + 2); 5033 5034 if (dtim_count) 5035 *dtim_count = idx->dtim_count; 5036 5037 if (dtim_period) 5038 *dtim_period = idx->dtim_period; 5039 5040 return true; 5041 } 5042 5043 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 5044 struct ieee80211_mgmt *mgmt, 5045 struct ieee802_11_elems *elems, 5046 const u8 *elem_start, unsigned int elem_len) 5047 { 5048 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 5049 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 5050 struct ieee80211_local *local = sdata->local; 5051 unsigned int link_id; 5052 struct sta_info *sta; 5053 u64 changed[IEEE80211_MLD_MAX_NUM_LINKS] = {}; 5054 u16 valid_links = 0, dormant_links = 0; 5055 int err; 5056 5057 lockdep_assert_wiphy(sdata->local->hw.wiphy); 5058 /* 5059 * station info was already allocated and inserted before 5060 * the association and should be available to us 5061 */ 5062 sta = sta_info_get(sdata, assoc_data->ap_addr); 5063 if (WARN_ON(!sta)) 5064 goto out_err; 5065 5066 if (ieee80211_vif_is_mld(&sdata->vif)) { 5067 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 5068 if (!assoc_data->link[link_id].bss) 5069 continue; 5070 5071 valid_links |= BIT(link_id); 5072 if (assoc_data->link[link_id].disabled) { 5073 dormant_links |= BIT(link_id); 5074 } else if (link_id != assoc_data->assoc_link_id) { 5075 err = ieee80211_sta_allocate_link(sta, link_id); 5076 if (err) 5077 goto out_err; 5078 } 5079 } 5080 5081 ieee80211_vif_set_links(sdata, valid_links, dormant_links); 5082 } 5083 5084 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 5085 struct cfg80211_bss *cbss = assoc_data->link[link_id].bss; 5086 struct ieee80211_link_data *link; 5087 struct link_sta_info *link_sta; 5088 5089 if (!cbss || assoc_data->link[link_id].disabled) 5090 continue; 5091 5092 link = sdata_dereference(sdata->link[link_id], sdata); 5093 if (WARN_ON(!link)) 5094 goto out_err; 5095 5096 if (ieee80211_vif_is_mld(&sdata->vif)) 5097 link_info(link, 5098 "local address %pM, AP link address %pM%s\n", 5099 link->conf->addr, 5100 assoc_data->link[link_id].bss->bssid, 5101 link_id == assoc_data->assoc_link_id ? 5102 " (assoc)" : ""); 5103 5104 link_sta = rcu_dereference_protected(sta->link[link_id], 5105 lockdep_is_held(&local->hw.wiphy->mtx)); 5106 if (WARN_ON(!link_sta)) 5107 goto out_err; 5108 5109 if (!link->u.mgd.have_beacon) { 5110 const struct cfg80211_bss_ies *ies; 5111 5112 rcu_read_lock(); 5113 ies = rcu_dereference(cbss->beacon_ies); 5114 if (ies) 5115 link->u.mgd.have_beacon = true; 5116 else 5117 ies = rcu_dereference(cbss->ies); 5118 ieee80211_get_dtim(ies, 5119 &link->conf->sync_dtim_count, 5120 &link->u.mgd.dtim_period); 5121 link->conf->beacon_int = cbss->beacon_interval; 5122 rcu_read_unlock(); 5123 } 5124 5125 link->conf->dtim_period = link->u.mgd.dtim_period ?: 1; 5126 5127 if (link_id != assoc_data->assoc_link_id) { 5128 err = ieee80211_prep_channel(sdata, link, cbss, 5129 &link->u.mgd.conn_flags); 5130 if (err) { 5131 link_info(link, "prep_channel failed\n"); 5132 goto out_err; 5133 } 5134 } 5135 5136 err = ieee80211_mgd_setup_link_sta(link, sta, link_sta, 5137 assoc_data->link[link_id].bss); 5138 if (err) 5139 goto out_err; 5140 5141 if (!ieee80211_assoc_config_link(link, link_sta, 5142 assoc_data->link[link_id].bss, 5143 mgmt, elem_start, elem_len, 5144 &changed[link_id])) 5145 goto out_err; 5146 5147 if (assoc_data->link[link_id].status != WLAN_STATUS_SUCCESS) { 5148 valid_links &= ~BIT(link_id); 5149 ieee80211_sta_remove_link(sta, link_id); 5150 continue; 5151 } 5152 5153 if (link_id != assoc_data->assoc_link_id) { 5154 err = ieee80211_sta_activate_link(sta, link_id); 5155 if (err) 5156 goto out_err; 5157 } 5158 } 5159 5160 /* links might have changed due to rejected ones, set them again */ 5161 ieee80211_vif_set_links(sdata, valid_links, dormant_links); 5162 5163 rate_control_rate_init(sta); 5164 5165 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) { 5166 set_sta_flag(sta, WLAN_STA_MFP); 5167 sta->sta.mfp = true; 5168 } else { 5169 sta->sta.mfp = false; 5170 } 5171 5172 ieee80211_sta_set_max_amsdu_subframes(sta, elems->ext_capab, 5173 elems->ext_capab_len); 5174 5175 sta->sta.wme = (elems->wmm_param || elems->s1g_capab) && 5176 local->hw.queues >= IEEE80211_NUM_ACS; 5177 5178 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 5179 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 5180 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 5181 if (err) { 5182 sdata_info(sdata, 5183 "failed to move station %pM to desired state\n", 5184 sta->sta.addr); 5185 WARN_ON(__sta_info_destroy(sta)); 5186 goto out_err; 5187 } 5188 5189 if (sdata->wdev.use_4addr) 5190 drv_sta_set_4addr(local, sdata, &sta->sta, true); 5191 5192 ieee80211_set_associated(sdata, assoc_data, changed); 5193 5194 /* 5195 * If we're using 4-addr mode, let the AP know that we're 5196 * doing so, so that it can create the STA VLAN on its side 5197 */ 5198 if (ifmgd->use_4addr) 5199 ieee80211_send_4addr_nullfunc(local, sdata); 5200 5201 /* 5202 * Start timer to probe the connection to the AP now. 5203 * Also start the timer that will detect beacon loss. 5204 */ 5205 ieee80211_sta_reset_beacon_monitor(sdata); 5206 ieee80211_sta_reset_conn_monitor(sdata); 5207 5208 return true; 5209 out_err: 5210 eth_zero_addr(sdata->vif.cfg.ap_addr); 5211 return false; 5212 } 5213 5214 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 5215 struct ieee80211_mgmt *mgmt, 5216 size_t len) 5217 { 5218 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 5219 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 5220 u16 capab_info, status_code, aid; 5221 struct ieee80211_elems_parse_params parse_params = { 5222 .bss = NULL, 5223 .link_id = -1, 5224 .from_ap = true, 5225 }; 5226 struct ieee802_11_elems *elems; 5227 int ac; 5228 const u8 *elem_start; 5229 unsigned int elem_len; 5230 bool reassoc; 5231 struct ieee80211_event event = { 5232 .type = MLME_EVENT, 5233 .u.mlme.data = ASSOC_EVENT, 5234 }; 5235 struct ieee80211_prep_tx_info info = {}; 5236 struct cfg80211_rx_assoc_resp resp = { 5237 .uapsd_queues = -1, 5238 }; 5239 u8 ap_mld_addr[ETH_ALEN] __aligned(2); 5240 unsigned int link_id; 5241 5242 lockdep_assert_wiphy(sdata->local->hw.wiphy); 5243 5244 if (!assoc_data) 5245 return; 5246 5247 if (!ether_addr_equal(assoc_data->ap_addr, mgmt->bssid) || 5248 !ether_addr_equal(assoc_data->ap_addr, mgmt->sa)) 5249 return; 5250 5251 /* 5252 * AssocResp and ReassocResp have identical structure, so process both 5253 * of them in this function. 5254 */ 5255 5256 if (len < 24 + 6) 5257 return; 5258 5259 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control); 5260 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 5261 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 5262 if (assoc_data->s1g) 5263 elem_start = mgmt->u.s1g_assoc_resp.variable; 5264 else 5265 elem_start = mgmt->u.assoc_resp.variable; 5266 5267 /* 5268 * Note: this may not be perfect, AP might misbehave - if 5269 * anyone needs to rely on perfect complete notification 5270 * with the exact right subtype, then we need to track what 5271 * we actually transmitted. 5272 */ 5273 info.subtype = reassoc ? IEEE80211_STYPE_REASSOC_REQ : 5274 IEEE80211_STYPE_ASSOC_REQ; 5275 5276 if (assoc_data->fils_kek_len && 5277 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0) 5278 return; 5279 5280 elem_len = len - (elem_start - (u8 *)mgmt); 5281 parse_params.start = elem_start; 5282 parse_params.len = elem_len; 5283 elems = ieee802_11_parse_elems_full(&parse_params); 5284 if (!elems) 5285 goto notify_driver; 5286 5287 if (elems->aid_resp) 5288 aid = le16_to_cpu(elems->aid_resp->aid); 5289 else if (assoc_data->s1g) 5290 aid = 0; /* TODO */ 5291 else 5292 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 5293 5294 /* 5295 * The 5 MSB of the AID field are reserved 5296 * (802.11-2016 9.4.1.8 AID field) 5297 */ 5298 aid &= 0x7ff; 5299 5300 sdata_info(sdata, 5301 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 5302 reassoc ? "Rea" : "A", assoc_data->ap_addr, 5303 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 5304 5305 ifmgd->broken_ap = false; 5306 5307 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 5308 elems->timeout_int && 5309 elems->timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 5310 u32 tu, ms; 5311 5312 cfg80211_assoc_comeback(sdata->dev, assoc_data->ap_addr, 5313 le32_to_cpu(elems->timeout_int->value)); 5314 5315 tu = le32_to_cpu(elems->timeout_int->value); 5316 ms = tu * 1024 / 1000; 5317 sdata_info(sdata, 5318 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 5319 assoc_data->ap_addr, tu, ms); 5320 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 5321 assoc_data->timeout_started = true; 5322 if (ms > IEEE80211_ASSOC_TIMEOUT) 5323 run_again(sdata, assoc_data->timeout); 5324 goto notify_driver; 5325 } 5326 5327 if (status_code != WLAN_STATUS_SUCCESS) { 5328 sdata_info(sdata, "%pM denied association (code=%d)\n", 5329 assoc_data->ap_addr, status_code); 5330 event.u.mlme.status = MLME_DENIED; 5331 event.u.mlme.reason = status_code; 5332 drv_event_callback(sdata->local, sdata, &event); 5333 } else { 5334 if (aid == 0 || aid > IEEE80211_MAX_AID) { 5335 sdata_info(sdata, 5336 "invalid AID value %d (out of range), turn off PS\n", 5337 aid); 5338 aid = 0; 5339 ifmgd->broken_ap = true; 5340 } 5341 5342 if (ieee80211_vif_is_mld(&sdata->vif)) { 5343 if (!elems->ml_basic) { 5344 sdata_info(sdata, 5345 "MLO association with %pM but no multi-link element in response!\n", 5346 assoc_data->ap_addr); 5347 goto abandon_assoc; 5348 } 5349 5350 if (le16_get_bits(elems->ml_basic->control, 5351 IEEE80211_ML_CONTROL_TYPE) != 5352 IEEE80211_ML_CONTROL_TYPE_BASIC) { 5353 sdata_info(sdata, 5354 "bad multi-link element (control=0x%x)\n", 5355 le16_to_cpu(elems->ml_basic->control)); 5356 goto abandon_assoc; 5357 } else { 5358 struct ieee80211_mle_basic_common_info *common; 5359 5360 common = (void *)elems->ml_basic->variable; 5361 5362 if (memcmp(assoc_data->ap_addr, 5363 common->mld_mac_addr, ETH_ALEN)) { 5364 sdata_info(sdata, 5365 "AP MLD MAC address mismatch: got %pM expected %pM\n", 5366 common->mld_mac_addr, 5367 assoc_data->ap_addr); 5368 goto abandon_assoc; 5369 } 5370 } 5371 } 5372 5373 sdata->vif.cfg.aid = aid; 5374 5375 if (!ieee80211_assoc_success(sdata, mgmt, elems, 5376 elem_start, elem_len)) { 5377 /* oops -- internal error -- send timeout for now */ 5378 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT); 5379 goto notify_driver; 5380 } 5381 event.u.mlme.status = MLME_SUCCESS; 5382 drv_event_callback(sdata->local, sdata, &event); 5383 sdata_info(sdata, "associated\n"); 5384 5385 info.success = 1; 5386 } 5387 5388 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 5389 struct ieee80211_link_data *link; 5390 5391 link = sdata_dereference(sdata->link[link_id], sdata); 5392 if (!link) 5393 continue; 5394 5395 if (!assoc_data->link[link_id].bss) 5396 continue; 5397 5398 resp.links[link_id].bss = assoc_data->link[link_id].bss; 5399 resp.links[link_id].addr = link->conf->addr; 5400 resp.links[link_id].status = assoc_data->link[link_id].status; 5401 5402 /* get uapsd queues configuration - same for all links */ 5403 resp.uapsd_queues = 0; 5404 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) 5405 if (link->tx_conf[ac].uapsd) 5406 resp.uapsd_queues |= ieee80211_ac_to_qos_mask[ac]; 5407 } 5408 5409 if (ieee80211_vif_is_mld(&sdata->vif)) { 5410 ether_addr_copy(ap_mld_addr, sdata->vif.cfg.ap_addr); 5411 resp.ap_mld_addr = ap_mld_addr; 5412 } 5413 5414 ieee80211_destroy_assoc_data(sdata, 5415 status_code == WLAN_STATUS_SUCCESS ? 5416 ASSOC_SUCCESS : 5417 ASSOC_REJECTED); 5418 5419 resp.buf = (u8 *)mgmt; 5420 resp.len = len; 5421 resp.req_ies = ifmgd->assoc_req_ies; 5422 resp.req_ies_len = ifmgd->assoc_req_ies_len; 5423 cfg80211_rx_assoc_resp(sdata->dev, &resp); 5424 notify_driver: 5425 drv_mgd_complete_tx(sdata->local, sdata, &info); 5426 kfree(elems); 5427 return; 5428 abandon_assoc: 5429 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON); 5430 goto notify_driver; 5431 } 5432 5433 static void ieee80211_rx_bss_info(struct ieee80211_link_data *link, 5434 struct ieee80211_mgmt *mgmt, size_t len, 5435 struct ieee80211_rx_status *rx_status) 5436 { 5437 struct ieee80211_sub_if_data *sdata = link->sdata; 5438 struct ieee80211_local *local = sdata->local; 5439 struct ieee80211_bss *bss; 5440 struct ieee80211_channel *channel; 5441 5442 lockdep_assert_wiphy(sdata->local->hw.wiphy); 5443 5444 channel = ieee80211_get_channel_khz(local->hw.wiphy, 5445 ieee80211_rx_status_to_khz(rx_status)); 5446 if (!channel) 5447 return; 5448 5449 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel); 5450 if (bss) { 5451 link->conf->beacon_rate = bss->beacon_rate; 5452 ieee80211_rx_bss_put(local, bss); 5453 } 5454 } 5455 5456 5457 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_link_data *link, 5458 struct sk_buff *skb) 5459 { 5460 struct ieee80211_sub_if_data *sdata = link->sdata; 5461 struct ieee80211_mgmt *mgmt = (void *)skb->data; 5462 struct ieee80211_if_managed *ifmgd; 5463 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 5464 struct ieee80211_channel *channel; 5465 size_t baselen, len = skb->len; 5466 5467 ifmgd = &sdata->u.mgd; 5468 5469 lockdep_assert_wiphy(sdata->local->hw.wiphy); 5470 5471 /* 5472 * According to Draft P802.11ax D6.0 clause 26.17.2.3.2: 5473 * "If a 6 GHz AP receives a Probe Request frame and responds with 5474 * a Probe Response frame [..], the Address 1 field of the Probe 5475 * Response frame shall be set to the broadcast address [..]" 5476 * So, on 6GHz band we should also accept broadcast responses. 5477 */ 5478 channel = ieee80211_get_channel(sdata->local->hw.wiphy, 5479 rx_status->freq); 5480 if (!channel) 5481 return; 5482 5483 if (!ether_addr_equal(mgmt->da, sdata->vif.addr) && 5484 (channel->band != NL80211_BAND_6GHZ || 5485 !is_broadcast_ether_addr(mgmt->da))) 5486 return; /* ignore ProbeResp to foreign address */ 5487 5488 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 5489 if (baselen > len) 5490 return; 5491 5492 ieee80211_rx_bss_info(link, mgmt, len, rx_status); 5493 5494 if (ifmgd->associated && 5495 ether_addr_equal(mgmt->bssid, link->u.mgd.bssid)) 5496 ieee80211_reset_ap_probe(sdata); 5497 } 5498 5499 /* 5500 * This is the canonical list of information elements we care about, 5501 * the filter code also gives us all changes to the Microsoft OUI 5502 * (00:50:F2) vendor IE which is used for WMM which we need to track, 5503 * as well as the DTPC IE (part of the Cisco OUI) used for signaling 5504 * changes to requested client power. 5505 * 5506 * We implement beacon filtering in software since that means we can 5507 * avoid processing the frame here and in cfg80211, and userspace 5508 * will not be able to tell whether the hardware supports it or not. 5509 * 5510 * XXX: This list needs to be dynamic -- userspace needs to be able to 5511 * add items it requires. It also needs to be able to tell us to 5512 * look out for other vendor IEs. 5513 */ 5514 static const u64 care_about_ies = 5515 (1ULL << WLAN_EID_COUNTRY) | 5516 (1ULL << WLAN_EID_ERP_INFO) | 5517 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 5518 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 5519 (1ULL << WLAN_EID_HT_CAPABILITY) | 5520 (1ULL << WLAN_EID_HT_OPERATION) | 5521 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN); 5522 5523 static void ieee80211_handle_beacon_sig(struct ieee80211_link_data *link, 5524 struct ieee80211_if_managed *ifmgd, 5525 struct ieee80211_bss_conf *bss_conf, 5526 struct ieee80211_local *local, 5527 struct ieee80211_rx_status *rx_status) 5528 { 5529 struct ieee80211_sub_if_data *sdata = link->sdata; 5530 5531 /* Track average RSSI from the Beacon frames of the current AP */ 5532 5533 if (!link->u.mgd.tracking_signal_avg) { 5534 link->u.mgd.tracking_signal_avg = true; 5535 ewma_beacon_signal_init(&link->u.mgd.ave_beacon_signal); 5536 link->u.mgd.last_cqm_event_signal = 0; 5537 link->u.mgd.count_beacon_signal = 1; 5538 link->u.mgd.last_ave_beacon_signal = 0; 5539 } else { 5540 link->u.mgd.count_beacon_signal++; 5541 } 5542 5543 ewma_beacon_signal_add(&link->u.mgd.ave_beacon_signal, 5544 -rx_status->signal); 5545 5546 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 5547 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 5548 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal); 5549 int last_sig = link->u.mgd.last_ave_beacon_signal; 5550 struct ieee80211_event event = { 5551 .type = RSSI_EVENT, 5552 }; 5553 5554 /* 5555 * if signal crosses either of the boundaries, invoke callback 5556 * with appropriate parameters 5557 */ 5558 if (sig > ifmgd->rssi_max_thold && 5559 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 5560 link->u.mgd.last_ave_beacon_signal = sig; 5561 event.u.rssi.data = RSSI_EVENT_HIGH; 5562 drv_event_callback(local, sdata, &event); 5563 } else if (sig < ifmgd->rssi_min_thold && 5564 (last_sig >= ifmgd->rssi_max_thold || 5565 last_sig == 0)) { 5566 link->u.mgd.last_ave_beacon_signal = sig; 5567 event.u.rssi.data = RSSI_EVENT_LOW; 5568 drv_event_callback(local, sdata, &event); 5569 } 5570 } 5571 5572 if (bss_conf->cqm_rssi_thold && 5573 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 5574 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 5575 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal); 5576 int last_event = link->u.mgd.last_cqm_event_signal; 5577 int thold = bss_conf->cqm_rssi_thold; 5578 int hyst = bss_conf->cqm_rssi_hyst; 5579 5580 if (sig < thold && 5581 (last_event == 0 || sig < last_event - hyst)) { 5582 link->u.mgd.last_cqm_event_signal = sig; 5583 ieee80211_cqm_rssi_notify( 5584 &sdata->vif, 5585 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 5586 sig, GFP_KERNEL); 5587 } else if (sig > thold && 5588 (last_event == 0 || sig > last_event + hyst)) { 5589 link->u.mgd.last_cqm_event_signal = sig; 5590 ieee80211_cqm_rssi_notify( 5591 &sdata->vif, 5592 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 5593 sig, GFP_KERNEL); 5594 } 5595 } 5596 5597 if (bss_conf->cqm_rssi_low && 5598 link->u.mgd.count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 5599 int sig = -ewma_beacon_signal_read(&link->u.mgd.ave_beacon_signal); 5600 int last_event = link->u.mgd.last_cqm_event_signal; 5601 int low = bss_conf->cqm_rssi_low; 5602 int high = bss_conf->cqm_rssi_high; 5603 5604 if (sig < low && 5605 (last_event == 0 || last_event >= low)) { 5606 link->u.mgd.last_cqm_event_signal = sig; 5607 ieee80211_cqm_rssi_notify( 5608 &sdata->vif, 5609 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 5610 sig, GFP_KERNEL); 5611 } else if (sig > high && 5612 (last_event == 0 || last_event <= high)) { 5613 link->u.mgd.last_cqm_event_signal = sig; 5614 ieee80211_cqm_rssi_notify( 5615 &sdata->vif, 5616 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 5617 sig, GFP_KERNEL); 5618 } 5619 } 5620 } 5621 5622 static bool ieee80211_rx_our_beacon(const u8 *tx_bssid, 5623 struct cfg80211_bss *bss) 5624 { 5625 if (ether_addr_equal(tx_bssid, bss->bssid)) 5626 return true; 5627 if (!bss->transmitted_bss) 5628 return false; 5629 return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid); 5630 } 5631 5632 static bool ieee80211_config_puncturing(struct ieee80211_link_data *link, 5633 const struct ieee80211_eht_operation *eht_oper, 5634 u64 *changed) 5635 { 5636 u16 bitmap = 0, extracted; 5637 5638 if ((eht_oper->params & IEEE80211_EHT_OPER_INFO_PRESENT) && 5639 (eht_oper->params & 5640 IEEE80211_EHT_OPER_DISABLED_SUBCHANNEL_BITMAP_PRESENT)) { 5641 const struct ieee80211_eht_operation_info *info = 5642 (void *)eht_oper->optional; 5643 const u8 *disable_subchannel_bitmap = info->optional; 5644 5645 bitmap = get_unaligned_le16(disable_subchannel_bitmap); 5646 } 5647 5648 extracted = ieee80211_extract_dis_subch_bmap(eht_oper, 5649 &link->conf->chandef, 5650 bitmap); 5651 5652 /* accept if there are no changes */ 5653 if (!(*changed & BSS_CHANGED_BANDWIDTH) && 5654 extracted == link->conf->eht_puncturing) 5655 return true; 5656 5657 if (!cfg80211_valid_disable_subchannel_bitmap(&bitmap, 5658 &link->conf->chandef)) { 5659 link_info(link, 5660 "Got an invalid disable subchannel bitmap from AP %pM: bitmap = 0x%x, bw = 0x%x. disconnect\n", 5661 link->u.mgd.bssid, 5662 bitmap, 5663 link->conf->chandef.width); 5664 return false; 5665 } 5666 5667 ieee80211_handle_puncturing_bitmap(link, eht_oper, bitmap, changed); 5668 return true; 5669 } 5670 5671 static void ieee80211_ml_reconf_work(struct wiphy *wiphy, 5672 struct wiphy_work *work) 5673 { 5674 struct ieee80211_sub_if_data *sdata = 5675 container_of(work, struct ieee80211_sub_if_data, 5676 u.mgd.ml_reconf_work.work); 5677 u16 new_valid_links, new_active_links, new_dormant_links; 5678 int ret; 5679 5680 if (!sdata->u.mgd.removed_links) 5681 return; 5682 5683 sdata_info(sdata, 5684 "MLO Reconfiguration: work: valid=0x%x, removed=0x%x\n", 5685 sdata->vif.valid_links, sdata->u.mgd.removed_links); 5686 5687 new_valid_links = sdata->vif.valid_links & ~sdata->u.mgd.removed_links; 5688 if (new_valid_links == sdata->vif.valid_links) 5689 return; 5690 5691 if (!new_valid_links || 5692 !(new_valid_links & ~sdata->vif.dormant_links)) { 5693 sdata_info(sdata, "No valid links after reconfiguration\n"); 5694 ret = -EINVAL; 5695 goto out; 5696 } 5697 5698 new_active_links = sdata->vif.active_links & ~sdata->u.mgd.removed_links; 5699 if (new_active_links != sdata->vif.active_links) { 5700 if (!new_active_links) 5701 new_active_links = 5702 BIT(ffs(new_valid_links & 5703 ~sdata->vif.dormant_links) - 1); 5704 5705 ret = ieee80211_set_active_links(&sdata->vif, new_active_links); 5706 if (ret) { 5707 sdata_info(sdata, 5708 "Failed setting active links\n"); 5709 goto out; 5710 } 5711 } 5712 5713 new_dormant_links = sdata->vif.dormant_links & ~sdata->u.mgd.removed_links; 5714 5715 ret = ieee80211_vif_set_links(sdata, new_valid_links, 5716 new_dormant_links); 5717 if (ret) 5718 sdata_info(sdata, "Failed setting valid links\n"); 5719 5720 out: 5721 if (!ret) 5722 cfg80211_links_removed(sdata->dev, sdata->u.mgd.removed_links); 5723 else 5724 __ieee80211_disconnect(sdata); 5725 5726 sdata->u.mgd.removed_links = 0; 5727 } 5728 5729 static void ieee80211_ml_reconfiguration(struct ieee80211_sub_if_data *sdata, 5730 struct ieee802_11_elems *elems) 5731 { 5732 const struct ieee80211_multi_link_elem *ml; 5733 const struct element *sub; 5734 size_t ml_len; 5735 unsigned long removed_links = 0; 5736 u16 link_removal_timeout[IEEE80211_MLD_MAX_NUM_LINKS] = {}; 5737 u8 link_id; 5738 u32 delay; 5739 5740 if (!ieee80211_vif_is_mld(&sdata->vif) || !elems->ml_reconf) 5741 return; 5742 5743 ml_len = cfg80211_defragment_element(elems->ml_reconf_elem, 5744 elems->ie_start, 5745 elems->total_len, 5746 elems->scratch_pos, 5747 elems->scratch + elems->scratch_len - 5748 elems->scratch_pos, 5749 WLAN_EID_FRAGMENT); 5750 5751 elems->ml_reconf = (const void *)elems->scratch_pos; 5752 elems->ml_reconf_len = ml_len; 5753 ml = elems->ml_reconf; 5754 5755 /* Directly parse the sub elements as the common information doesn't 5756 * hold any useful information. 5757 */ 5758 for_each_mle_subelement(sub, (u8 *)ml, ml_len) { 5759 struct ieee80211_mle_per_sta_profile *prof = (void *)sub->data; 5760 u8 *pos = prof->variable; 5761 u16 control; 5762 5763 if (sub->id != IEEE80211_MLE_SUBELEM_PER_STA_PROFILE) 5764 continue; 5765 5766 if (!ieee80211_mle_reconf_sta_prof_size_ok(sub->data, 5767 sub->datalen)) 5768 return; 5769 5770 control = le16_to_cpu(prof->control); 5771 link_id = control & IEEE80211_MLE_STA_RECONF_CONTROL_LINK_ID; 5772 5773 removed_links |= BIT(link_id); 5774 5775 /* the MAC address should not be included, but handle it */ 5776 if (control & 5777 IEEE80211_MLE_STA_RECONF_CONTROL_STA_MAC_ADDR_PRESENT) 5778 pos += 6; 5779 5780 /* According to Draft P802.11be_D3.0, the control should 5781 * include the AP Removal Timer present. If the AP Removal Timer 5782 * is not present assume immediate removal. 5783 */ 5784 if (control & 5785 IEEE80211_MLE_STA_RECONF_CONTROL_AP_REM_TIMER_PRESENT) 5786 link_removal_timeout[link_id] = le16_to_cpu(*(__le16 *)pos); 5787 } 5788 5789 removed_links &= sdata->vif.valid_links; 5790 if (!removed_links) { 5791 /* In case the removal was cancelled, abort it */ 5792 if (sdata->u.mgd.removed_links) { 5793 sdata->u.mgd.removed_links = 0; 5794 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, 5795 &sdata->u.mgd.ml_reconf_work); 5796 } 5797 return; 5798 } 5799 5800 delay = 0; 5801 for_each_set_bit(link_id, &removed_links, IEEE80211_MLD_MAX_NUM_LINKS) { 5802 struct ieee80211_bss_conf *link_conf = 5803 sdata_dereference(sdata->vif.link_conf[link_id], sdata); 5804 u32 link_delay; 5805 5806 if (!link_conf) { 5807 removed_links &= ~BIT(link_id); 5808 continue; 5809 } 5810 5811 link_delay = link_conf->beacon_int * 5812 link_removal_timeout[link_id]; 5813 5814 if (!delay) 5815 delay = link_delay; 5816 else 5817 delay = min(delay, link_delay); 5818 } 5819 5820 sdata->u.mgd.removed_links = removed_links; 5821 wiphy_delayed_work_queue(sdata->local->hw.wiphy, 5822 &sdata->u.mgd.ml_reconf_work, 5823 TU_TO_JIFFIES(delay)); 5824 } 5825 5826 static void ieee80211_rx_mgmt_beacon(struct ieee80211_link_data *link, 5827 struct ieee80211_hdr *hdr, size_t len, 5828 struct ieee80211_rx_status *rx_status) 5829 { 5830 struct ieee80211_sub_if_data *sdata = link->sdata; 5831 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 5832 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 5833 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg; 5834 struct ieee80211_mgmt *mgmt = (void *) hdr; 5835 size_t baselen; 5836 struct ieee802_11_elems *elems; 5837 struct ieee80211_local *local = sdata->local; 5838 struct ieee80211_chanctx_conf *chanctx_conf; 5839 struct ieee80211_supported_band *sband; 5840 struct ieee80211_channel *chan; 5841 struct link_sta_info *link_sta; 5842 struct sta_info *sta; 5843 u64 changed = 0; 5844 bool erp_valid; 5845 u8 erp_value = 0; 5846 u32 ncrc = 0; 5847 u8 *bssid, *variable = mgmt->u.beacon.variable; 5848 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 5849 struct ieee80211_elems_parse_params parse_params = { 5850 .link_id = -1, 5851 .from_ap = true, 5852 }; 5853 5854 lockdep_assert_wiphy(local->hw.wiphy); 5855 5856 /* Process beacon from the current BSS */ 5857 bssid = ieee80211_get_bssid(hdr, len, sdata->vif.type); 5858 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) { 5859 struct ieee80211_ext *ext = (void *) mgmt; 5860 5861 if (ieee80211_is_s1g_short_beacon(ext->frame_control)) 5862 variable = ext->u.s1g_short_beacon.variable; 5863 else 5864 variable = ext->u.s1g_beacon.variable; 5865 } 5866 5867 baselen = (u8 *) variable - (u8 *) mgmt; 5868 if (baselen > len) 5869 return; 5870 5871 parse_params.start = variable; 5872 parse_params.len = len - baselen; 5873 5874 rcu_read_lock(); 5875 chanctx_conf = rcu_dereference(link->conf->chanctx_conf); 5876 if (!chanctx_conf) { 5877 rcu_read_unlock(); 5878 return; 5879 } 5880 5881 if (ieee80211_rx_status_to_khz(rx_status) != 5882 ieee80211_channel_to_khz(chanctx_conf->def.chan)) { 5883 rcu_read_unlock(); 5884 return; 5885 } 5886 chan = chanctx_conf->def.chan; 5887 rcu_read_unlock(); 5888 5889 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 5890 !WARN_ON(ieee80211_vif_is_mld(&sdata->vif)) && 5891 ieee80211_rx_our_beacon(bssid, ifmgd->assoc_data->link[0].bss)) { 5892 parse_params.bss = ifmgd->assoc_data->link[0].bss; 5893 elems = ieee802_11_parse_elems_full(&parse_params); 5894 if (!elems) 5895 return; 5896 5897 ieee80211_rx_bss_info(link, mgmt, len, rx_status); 5898 5899 if (elems->dtim_period) 5900 link->u.mgd.dtim_period = elems->dtim_period; 5901 link->u.mgd.have_beacon = true; 5902 ifmgd->assoc_data->need_beacon = false; 5903 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) { 5904 link->conf->sync_tsf = 5905 le64_to_cpu(mgmt->u.beacon.timestamp); 5906 link->conf->sync_device_ts = 5907 rx_status->device_timestamp; 5908 link->conf->sync_dtim_count = elems->dtim_count; 5909 } 5910 5911 if (elems->mbssid_config_ie) 5912 bss_conf->profile_periodicity = 5913 elems->mbssid_config_ie->profile_periodicity; 5914 else 5915 bss_conf->profile_periodicity = 0; 5916 5917 if (elems->ext_capab_len >= 11 && 5918 (elems->ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT)) 5919 bss_conf->ema_ap = true; 5920 else 5921 bss_conf->ema_ap = false; 5922 5923 /* continue assoc process */ 5924 ifmgd->assoc_data->timeout = jiffies; 5925 ifmgd->assoc_data->timeout_started = true; 5926 run_again(sdata, ifmgd->assoc_data->timeout); 5927 kfree(elems); 5928 return; 5929 } 5930 5931 if (!ifmgd->associated || 5932 !ieee80211_rx_our_beacon(bssid, link->u.mgd.bss)) 5933 return; 5934 bssid = link->u.mgd.bssid; 5935 5936 if (!(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL)) 5937 ieee80211_handle_beacon_sig(link, ifmgd, bss_conf, 5938 local, rx_status); 5939 5940 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) { 5941 mlme_dbg_ratelimited(sdata, 5942 "cancelling AP probe due to a received beacon\n"); 5943 ieee80211_reset_ap_probe(sdata); 5944 } 5945 5946 /* 5947 * Push the beacon loss detection into the future since 5948 * we are processing a beacon from the AP just now. 5949 */ 5950 ieee80211_sta_reset_beacon_monitor(sdata); 5951 5952 /* TODO: CRC urrently not calculated on S1G Beacon Compatibility 5953 * element (which carries the beacon interval). Don't forget to add a 5954 * bit to care_about_ies[] above if mac80211 is interested in a 5955 * changing S1G element. 5956 */ 5957 if (!ieee80211_is_s1g_beacon(hdr->frame_control)) 5958 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 5959 parse_params.bss = link->u.mgd.bss; 5960 parse_params.filter = care_about_ies; 5961 parse_params.crc = ncrc; 5962 elems = ieee802_11_parse_elems_full(&parse_params); 5963 if (!elems) 5964 return; 5965 ncrc = elems->crc; 5966 5967 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) && 5968 ieee80211_check_tim(elems->tim, elems->tim_len, vif_cfg->aid)) { 5969 if (local->hw.conf.dynamic_ps_timeout > 0) { 5970 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 5971 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 5972 ieee80211_hw_config(local, 5973 IEEE80211_CONF_CHANGE_PS); 5974 } 5975 ieee80211_send_nullfunc(local, sdata, false); 5976 } else if (!local->pspolling && sdata->u.mgd.powersave) { 5977 local->pspolling = true; 5978 5979 /* 5980 * Here is assumed that the driver will be 5981 * able to send ps-poll frame and receive a 5982 * response even though power save mode is 5983 * enabled, but some drivers might require 5984 * to disable power save here. This needs 5985 * to be investigated. 5986 */ 5987 ieee80211_send_pspoll(local, sdata); 5988 } 5989 } 5990 5991 if (sdata->vif.p2p || 5992 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) { 5993 struct ieee80211_p2p_noa_attr noa = {}; 5994 int ret; 5995 5996 ret = cfg80211_get_p2p_attr(variable, 5997 len - baselen, 5998 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 5999 (u8 *) &noa, sizeof(noa)); 6000 if (ret >= 2) { 6001 if (link->u.mgd.p2p_noa_index != noa.index) { 6002 /* valid noa_attr and index changed */ 6003 link->u.mgd.p2p_noa_index = noa.index; 6004 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 6005 changed |= BSS_CHANGED_P2P_PS; 6006 /* 6007 * make sure we update all information, the CRC 6008 * mechanism doesn't look at P2P attributes. 6009 */ 6010 link->u.mgd.beacon_crc_valid = false; 6011 } 6012 } else if (link->u.mgd.p2p_noa_index != -1) { 6013 /* noa_attr not found and we had valid noa_attr before */ 6014 link->u.mgd.p2p_noa_index = -1; 6015 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 6016 changed |= BSS_CHANGED_P2P_PS; 6017 link->u.mgd.beacon_crc_valid = false; 6018 } 6019 } 6020 6021 if (link->u.mgd.csa_waiting_bcn) 6022 ieee80211_chswitch_post_beacon(link); 6023 6024 /* 6025 * Update beacon timing and dtim count on every beacon appearance. This 6026 * will allow the driver to use the most updated values. Do it before 6027 * comparing this one with last received beacon. 6028 * IMPORTANT: These parameters would possibly be out of sync by the time 6029 * the driver will use them. The synchronized view is currently 6030 * guaranteed only in certain callbacks. 6031 */ 6032 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) && 6033 !ieee80211_is_s1g_beacon(hdr->frame_control)) { 6034 link->conf->sync_tsf = 6035 le64_to_cpu(mgmt->u.beacon.timestamp); 6036 link->conf->sync_device_ts = 6037 rx_status->device_timestamp; 6038 link->conf->sync_dtim_count = elems->dtim_count; 6039 } 6040 6041 if ((ncrc == link->u.mgd.beacon_crc && link->u.mgd.beacon_crc_valid) || 6042 ieee80211_is_s1g_short_beacon(mgmt->frame_control)) 6043 goto free; 6044 link->u.mgd.beacon_crc = ncrc; 6045 link->u.mgd.beacon_crc_valid = true; 6046 6047 ieee80211_rx_bss_info(link, mgmt, len, rx_status); 6048 6049 ieee80211_sta_process_chanswitch(link, rx_status->mactime, 6050 rx_status->device_timestamp, 6051 elems, true); 6052 6053 if (!link->u.mgd.disable_wmm_tracking && 6054 ieee80211_sta_wmm_params(local, link, elems->wmm_param, 6055 elems->wmm_param_len, 6056 elems->mu_edca_param_set)) 6057 changed |= BSS_CHANGED_QOS; 6058 6059 /* 6060 * If we haven't had a beacon before, tell the driver about the 6061 * DTIM period (and beacon timing if desired) now. 6062 */ 6063 if (!link->u.mgd.have_beacon) { 6064 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 6065 bss_conf->dtim_period = elems->dtim_period ?: 1; 6066 6067 changed |= BSS_CHANGED_BEACON_INFO; 6068 link->u.mgd.have_beacon = true; 6069 6070 ieee80211_recalc_ps(local); 6071 6072 ieee80211_recalc_ps_vif(sdata); 6073 } 6074 6075 if (elems->erp_info) { 6076 erp_valid = true; 6077 erp_value = elems->erp_info[0]; 6078 } else { 6079 erp_valid = false; 6080 } 6081 6082 if (!ieee80211_is_s1g_beacon(hdr->frame_control)) 6083 changed |= ieee80211_handle_bss_capability(link, 6084 le16_to_cpu(mgmt->u.beacon.capab_info), 6085 erp_valid, erp_value); 6086 6087 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr); 6088 if (WARN_ON(!sta)) { 6089 goto free; 6090 } 6091 link_sta = rcu_dereference_protected(sta->link[link->link_id], 6092 lockdep_is_held(&local->hw.wiphy->mtx)); 6093 if (WARN_ON(!link_sta)) { 6094 goto free; 6095 } 6096 6097 if (WARN_ON(!link->conf->chandef.chan)) 6098 goto free; 6099 6100 sband = local->hw.wiphy->bands[link->conf->chandef.chan->band]; 6101 6102 changed |= ieee80211_recalc_twt_req(sdata, sband, link, link_sta, elems); 6103 6104 if (ieee80211_config_bw(link, elems->ht_cap_elem, 6105 elems->vht_cap_elem, elems->ht_operation, 6106 elems->vht_operation, elems->he_operation, 6107 elems->eht_operation, 6108 elems->s1g_oper, bssid, &changed)) { 6109 sdata_info(sdata, 6110 "failed to follow AP %pM bandwidth change, disconnect\n", 6111 bssid); 6112 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 6113 WLAN_REASON_DEAUTH_LEAVING, 6114 true, deauth_buf); 6115 ieee80211_report_disconnect(sdata, deauth_buf, 6116 sizeof(deauth_buf), true, 6117 WLAN_REASON_DEAUTH_LEAVING, 6118 false); 6119 goto free; 6120 } 6121 6122 if (elems->opmode_notif) 6123 ieee80211_vht_handle_opmode(sdata, link_sta, 6124 *elems->opmode_notif, 6125 rx_status->band); 6126 6127 changed |= ieee80211_handle_pwr_constr(link, chan, mgmt, 6128 elems->country_elem, 6129 elems->country_elem_len, 6130 elems->pwr_constr_elem, 6131 elems->cisco_dtpc_elem); 6132 6133 if (elems->eht_operation && 6134 !(link->u.mgd.conn_flags & IEEE80211_CONN_DISABLE_EHT)) { 6135 if (!ieee80211_config_puncturing(link, elems->eht_operation, 6136 &changed)) { 6137 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 6138 WLAN_REASON_DEAUTH_LEAVING, 6139 true, deauth_buf); 6140 ieee80211_report_disconnect(sdata, deauth_buf, 6141 sizeof(deauth_buf), true, 6142 WLAN_REASON_DEAUTH_LEAVING, 6143 false); 6144 goto free; 6145 } 6146 } 6147 6148 ieee80211_ml_reconfiguration(sdata, elems); 6149 6150 ieee80211_link_info_change_notify(sdata, link, changed); 6151 free: 6152 kfree(elems); 6153 } 6154 6155 void ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data *sdata, 6156 struct sk_buff *skb) 6157 { 6158 struct ieee80211_link_data *link = &sdata->deflink; 6159 struct ieee80211_rx_status *rx_status; 6160 struct ieee80211_hdr *hdr; 6161 u16 fc; 6162 6163 lockdep_assert_wiphy(sdata->local->hw.wiphy); 6164 6165 rx_status = (struct ieee80211_rx_status *) skb->cb; 6166 hdr = (struct ieee80211_hdr *) skb->data; 6167 fc = le16_to_cpu(hdr->frame_control); 6168 6169 switch (fc & IEEE80211_FCTL_STYPE) { 6170 case IEEE80211_STYPE_S1G_BEACON: 6171 ieee80211_rx_mgmt_beacon(link, hdr, skb->len, rx_status); 6172 break; 6173 } 6174 } 6175 6176 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 6177 struct sk_buff *skb) 6178 { 6179 struct ieee80211_link_data *link = &sdata->deflink; 6180 struct ieee80211_rx_status *rx_status; 6181 struct ieee80211_mgmt *mgmt; 6182 u16 fc; 6183 int ies_len; 6184 6185 lockdep_assert_wiphy(sdata->local->hw.wiphy); 6186 6187 rx_status = (struct ieee80211_rx_status *) skb->cb; 6188 mgmt = (struct ieee80211_mgmt *) skb->data; 6189 fc = le16_to_cpu(mgmt->frame_control); 6190 6191 if (rx_status->link_valid) { 6192 link = sdata_dereference(sdata->link[rx_status->link_id], 6193 sdata); 6194 if (!link) 6195 return; 6196 } 6197 6198 switch (fc & IEEE80211_FCTL_STYPE) { 6199 case IEEE80211_STYPE_BEACON: 6200 ieee80211_rx_mgmt_beacon(link, (void *)mgmt, 6201 skb->len, rx_status); 6202 break; 6203 case IEEE80211_STYPE_PROBE_RESP: 6204 ieee80211_rx_mgmt_probe_resp(link, skb); 6205 break; 6206 case IEEE80211_STYPE_AUTH: 6207 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 6208 break; 6209 case IEEE80211_STYPE_DEAUTH: 6210 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 6211 break; 6212 case IEEE80211_STYPE_DISASSOC: 6213 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 6214 break; 6215 case IEEE80211_STYPE_ASSOC_RESP: 6216 case IEEE80211_STYPE_REASSOC_RESP: 6217 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 6218 break; 6219 case IEEE80211_STYPE_ACTION: 6220 if (!sdata->u.mgd.associated || 6221 !ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)) 6222 break; 6223 6224 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 6225 struct ieee802_11_elems *elems; 6226 6227 ies_len = skb->len - 6228 offsetof(struct ieee80211_mgmt, 6229 u.action.u.chan_switch.variable); 6230 6231 if (ies_len < 0) 6232 break; 6233 6234 /* CSA IE cannot be overridden, no need for BSSID */ 6235 elems = ieee802_11_parse_elems( 6236 mgmt->u.action.u.chan_switch.variable, 6237 ies_len, true, NULL); 6238 6239 if (elems && !elems->parse_error) 6240 ieee80211_sta_process_chanswitch(link, 6241 rx_status->mactime, 6242 rx_status->device_timestamp, 6243 elems, false); 6244 kfree(elems); 6245 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 6246 struct ieee802_11_elems *elems; 6247 6248 ies_len = skb->len - 6249 offsetof(struct ieee80211_mgmt, 6250 u.action.u.ext_chan_switch.variable); 6251 6252 if (ies_len < 0) 6253 break; 6254 6255 /* 6256 * extended CSA IE can't be overridden, no need for 6257 * BSSID 6258 */ 6259 elems = ieee802_11_parse_elems( 6260 mgmt->u.action.u.ext_chan_switch.variable, 6261 ies_len, true, NULL); 6262 6263 if (elems && !elems->parse_error) { 6264 /* for the handling code pretend it was an IE */ 6265 elems->ext_chansw_ie = 6266 &mgmt->u.action.u.ext_chan_switch.data; 6267 6268 ieee80211_sta_process_chanswitch(link, 6269 rx_status->mactime, 6270 rx_status->device_timestamp, 6271 elems, false); 6272 } 6273 6274 kfree(elems); 6275 } 6276 break; 6277 } 6278 } 6279 6280 static void ieee80211_sta_timer(struct timer_list *t) 6281 { 6282 struct ieee80211_sub_if_data *sdata = 6283 from_timer(sdata, t, u.mgd.timer); 6284 6285 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->work); 6286 } 6287 6288 void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 6289 u8 reason, bool tx) 6290 { 6291 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 6292 6293 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 6294 tx, frame_buf); 6295 6296 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true, 6297 reason, false); 6298 } 6299 6300 static int ieee80211_auth(struct ieee80211_sub_if_data *sdata) 6301 { 6302 struct ieee80211_local *local = sdata->local; 6303 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 6304 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 6305 u32 tx_flags = 0; 6306 u16 trans = 1; 6307 u16 status = 0; 6308 struct ieee80211_prep_tx_info info = { 6309 .subtype = IEEE80211_STYPE_AUTH, 6310 }; 6311 6312 lockdep_assert_wiphy(sdata->local->hw.wiphy); 6313 6314 if (WARN_ON_ONCE(!auth_data)) 6315 return -EINVAL; 6316 6317 auth_data->tries++; 6318 6319 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 6320 sdata_info(sdata, "authentication with %pM timed out\n", 6321 auth_data->ap_addr); 6322 6323 /* 6324 * Most likely AP is not in the range so remove the 6325 * bss struct for that AP. 6326 */ 6327 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 6328 6329 return -ETIMEDOUT; 6330 } 6331 6332 if (auth_data->algorithm == WLAN_AUTH_SAE) 6333 info.duration = jiffies_to_msecs(IEEE80211_AUTH_TIMEOUT_SAE); 6334 6335 drv_mgd_prepare_tx(local, sdata, &info); 6336 6337 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 6338 auth_data->ap_addr, auth_data->tries, 6339 IEEE80211_AUTH_MAX_TRIES); 6340 6341 auth_data->expected_transaction = 2; 6342 6343 if (auth_data->algorithm == WLAN_AUTH_SAE) { 6344 trans = auth_data->sae_trans; 6345 status = auth_data->sae_status; 6346 auth_data->expected_transaction = trans; 6347 } 6348 6349 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 6350 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 6351 IEEE80211_TX_INTFL_MLME_CONN_TX; 6352 6353 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 6354 auth_data->data, auth_data->data_len, 6355 auth_data->ap_addr, auth_data->ap_addr, 6356 NULL, 0, 0, tx_flags); 6357 6358 if (tx_flags == 0) { 6359 if (auth_data->algorithm == WLAN_AUTH_SAE) 6360 auth_data->timeout = jiffies + 6361 IEEE80211_AUTH_TIMEOUT_SAE; 6362 else 6363 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 6364 } else { 6365 auth_data->timeout = 6366 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); 6367 } 6368 6369 auth_data->timeout_started = true; 6370 run_again(sdata, auth_data->timeout); 6371 6372 return 0; 6373 } 6374 6375 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 6376 { 6377 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 6378 struct ieee80211_local *local = sdata->local; 6379 int ret; 6380 6381 lockdep_assert_wiphy(sdata->local->hw.wiphy); 6382 6383 assoc_data->tries++; 6384 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 6385 sdata_info(sdata, "association with %pM timed out\n", 6386 assoc_data->ap_addr); 6387 6388 /* 6389 * Most likely AP is not in the range so remove the 6390 * bss struct for that AP. 6391 */ 6392 cfg80211_unlink_bss(local->hw.wiphy, 6393 assoc_data->link[assoc_data->assoc_link_id].bss); 6394 6395 return -ETIMEDOUT; 6396 } 6397 6398 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 6399 assoc_data->ap_addr, assoc_data->tries, 6400 IEEE80211_ASSOC_MAX_TRIES); 6401 ret = ieee80211_send_assoc(sdata); 6402 if (ret) 6403 return ret; 6404 6405 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) { 6406 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 6407 assoc_data->timeout_started = true; 6408 run_again(sdata, assoc_data->timeout); 6409 } else { 6410 assoc_data->timeout = 6411 round_jiffies_up(jiffies + 6412 IEEE80211_ASSOC_TIMEOUT_LONG); 6413 assoc_data->timeout_started = true; 6414 run_again(sdata, assoc_data->timeout); 6415 } 6416 6417 return 0; 6418 } 6419 6420 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 6421 __le16 fc, bool acked) 6422 { 6423 struct ieee80211_local *local = sdata->local; 6424 6425 sdata->u.mgd.status_fc = fc; 6426 sdata->u.mgd.status_acked = acked; 6427 sdata->u.mgd.status_received = true; 6428 6429 wiphy_work_queue(local->hw.wiphy, &sdata->work); 6430 } 6431 6432 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 6433 { 6434 struct ieee80211_local *local = sdata->local; 6435 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 6436 6437 lockdep_assert_wiphy(sdata->local->hw.wiphy); 6438 6439 if (ifmgd->status_received) { 6440 __le16 fc = ifmgd->status_fc; 6441 bool status_acked = ifmgd->status_acked; 6442 6443 ifmgd->status_received = false; 6444 if (ifmgd->auth_data && ieee80211_is_auth(fc)) { 6445 if (status_acked) { 6446 if (ifmgd->auth_data->algorithm == 6447 WLAN_AUTH_SAE) 6448 ifmgd->auth_data->timeout = 6449 jiffies + 6450 IEEE80211_AUTH_TIMEOUT_SAE; 6451 else 6452 ifmgd->auth_data->timeout = 6453 jiffies + 6454 IEEE80211_AUTH_TIMEOUT_SHORT; 6455 run_again(sdata, ifmgd->auth_data->timeout); 6456 } else { 6457 ifmgd->auth_data->timeout = jiffies - 1; 6458 } 6459 ifmgd->auth_data->timeout_started = true; 6460 } else if (ifmgd->assoc_data && 6461 (ieee80211_is_assoc_req(fc) || 6462 ieee80211_is_reassoc_req(fc))) { 6463 if (status_acked) { 6464 ifmgd->assoc_data->timeout = 6465 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 6466 run_again(sdata, ifmgd->assoc_data->timeout); 6467 } else { 6468 ifmgd->assoc_data->timeout = jiffies - 1; 6469 } 6470 ifmgd->assoc_data->timeout_started = true; 6471 } 6472 } 6473 6474 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 6475 time_after(jiffies, ifmgd->auth_data->timeout)) { 6476 if (ifmgd->auth_data->done || ifmgd->auth_data->waiting) { 6477 /* 6478 * ok ... we waited for assoc or continuation but 6479 * userspace didn't do it, so kill the auth data 6480 */ 6481 ieee80211_destroy_auth_data(sdata, false); 6482 } else if (ieee80211_auth(sdata)) { 6483 u8 ap_addr[ETH_ALEN]; 6484 struct ieee80211_event event = { 6485 .type = MLME_EVENT, 6486 .u.mlme.data = AUTH_EVENT, 6487 .u.mlme.status = MLME_TIMEOUT, 6488 }; 6489 6490 memcpy(ap_addr, ifmgd->auth_data->ap_addr, ETH_ALEN); 6491 6492 ieee80211_destroy_auth_data(sdata, false); 6493 6494 cfg80211_auth_timeout(sdata->dev, ap_addr); 6495 drv_event_callback(sdata->local, sdata, &event); 6496 } 6497 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 6498 run_again(sdata, ifmgd->auth_data->timeout); 6499 6500 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 6501 time_after(jiffies, ifmgd->assoc_data->timeout)) { 6502 if ((ifmgd->assoc_data->need_beacon && 6503 !sdata->deflink.u.mgd.have_beacon) || 6504 ieee80211_do_assoc(sdata)) { 6505 struct ieee80211_event event = { 6506 .type = MLME_EVENT, 6507 .u.mlme.data = ASSOC_EVENT, 6508 .u.mlme.status = MLME_TIMEOUT, 6509 }; 6510 6511 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT); 6512 drv_event_callback(sdata->local, sdata, &event); 6513 } 6514 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 6515 run_again(sdata, ifmgd->assoc_data->timeout); 6516 6517 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL && 6518 ifmgd->associated) { 6519 u8 *bssid = sdata->deflink.u.mgd.bssid; 6520 int max_tries; 6521 6522 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 6523 max_tries = max_nullfunc_tries; 6524 else 6525 max_tries = max_probe_tries; 6526 6527 /* ACK received for nullfunc probing frame */ 6528 if (!ifmgd->probe_send_count) 6529 ieee80211_reset_ap_probe(sdata); 6530 else if (ifmgd->nullfunc_failed) { 6531 if (ifmgd->probe_send_count < max_tries) { 6532 mlme_dbg(sdata, 6533 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 6534 bssid, ifmgd->probe_send_count, 6535 max_tries); 6536 ieee80211_mgd_probe_ap_send(sdata); 6537 } else { 6538 mlme_dbg(sdata, 6539 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 6540 bssid); 6541 ieee80211_sta_connection_lost(sdata, 6542 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 6543 false); 6544 } 6545 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 6546 run_again(sdata, ifmgd->probe_timeout); 6547 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) { 6548 mlme_dbg(sdata, 6549 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 6550 bssid, probe_wait_ms); 6551 ieee80211_sta_connection_lost(sdata, 6552 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 6553 } else if (ifmgd->probe_send_count < max_tries) { 6554 mlme_dbg(sdata, 6555 "No probe response from AP %pM after %dms, try %d/%i\n", 6556 bssid, probe_wait_ms, 6557 ifmgd->probe_send_count, max_tries); 6558 ieee80211_mgd_probe_ap_send(sdata); 6559 } else { 6560 /* 6561 * We actually lost the connection ... or did we? 6562 * Let's make sure! 6563 */ 6564 mlme_dbg(sdata, 6565 "No probe response from AP %pM after %dms, disconnecting.\n", 6566 bssid, probe_wait_ms); 6567 6568 ieee80211_sta_connection_lost(sdata, 6569 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 6570 } 6571 } 6572 } 6573 6574 static void ieee80211_sta_bcn_mon_timer(struct timer_list *t) 6575 { 6576 struct ieee80211_sub_if_data *sdata = 6577 from_timer(sdata, t, u.mgd.bcn_mon_timer); 6578 6579 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif))) 6580 return; 6581 6582 if (sdata->vif.bss_conf.csa_active && 6583 !sdata->deflink.u.mgd.csa_waiting_bcn) 6584 return; 6585 6586 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 6587 return; 6588 6589 sdata->u.mgd.connection_loss = false; 6590 wiphy_work_queue(sdata->local->hw.wiphy, 6591 &sdata->u.mgd.beacon_connection_loss_work); 6592 } 6593 6594 static void ieee80211_sta_conn_mon_timer(struct timer_list *t) 6595 { 6596 struct ieee80211_sub_if_data *sdata = 6597 from_timer(sdata, t, u.mgd.conn_mon_timer); 6598 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 6599 struct ieee80211_local *local = sdata->local; 6600 struct sta_info *sta; 6601 unsigned long timeout; 6602 6603 if (WARN_ON(ieee80211_vif_is_mld(&sdata->vif))) 6604 return; 6605 6606 if (sdata->vif.bss_conf.csa_active && 6607 !sdata->deflink.u.mgd.csa_waiting_bcn) 6608 return; 6609 6610 sta = sta_info_get(sdata, sdata->vif.cfg.ap_addr); 6611 if (!sta) 6612 return; 6613 6614 timeout = sta->deflink.status_stats.last_ack; 6615 if (time_before(sta->deflink.status_stats.last_ack, sta->deflink.rx_stats.last_rx)) 6616 timeout = sta->deflink.rx_stats.last_rx; 6617 timeout += IEEE80211_CONNECTION_IDLE_TIME; 6618 6619 /* If timeout is after now, then update timer to fire at 6620 * the later date, but do not actually probe at this time. 6621 */ 6622 if (time_is_after_jiffies(timeout)) { 6623 mod_timer(&ifmgd->conn_mon_timer, round_jiffies_up(timeout)); 6624 return; 6625 } 6626 6627 wiphy_work_queue(local->hw.wiphy, &sdata->u.mgd.monitor_work); 6628 } 6629 6630 static void ieee80211_sta_monitor_work(struct wiphy *wiphy, 6631 struct wiphy_work *work) 6632 { 6633 struct ieee80211_sub_if_data *sdata = 6634 container_of(work, struct ieee80211_sub_if_data, 6635 u.mgd.monitor_work); 6636 6637 ieee80211_mgd_probe_ap(sdata, false); 6638 } 6639 6640 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 6641 { 6642 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 6643 __ieee80211_stop_poll(sdata); 6644 6645 /* let's probe the connection once */ 6646 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 6647 wiphy_work_queue(sdata->local->hw.wiphy, 6648 &sdata->u.mgd.monitor_work); 6649 } 6650 } 6651 6652 #ifdef CONFIG_PM 6653 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata) 6654 { 6655 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 6656 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 6657 6658 lockdep_assert_wiphy(sdata->local->hw.wiphy); 6659 6660 if (ifmgd->auth_data || ifmgd->assoc_data) { 6661 const u8 *ap_addr = ifmgd->auth_data ? 6662 ifmgd->auth_data->ap_addr : 6663 ifmgd->assoc_data->ap_addr; 6664 6665 /* 6666 * If we are trying to authenticate / associate while suspending, 6667 * cfg80211 won't know and won't actually abort those attempts, 6668 * thus we need to do that ourselves. 6669 */ 6670 ieee80211_send_deauth_disassoc(sdata, ap_addr, ap_addr, 6671 IEEE80211_STYPE_DEAUTH, 6672 WLAN_REASON_DEAUTH_LEAVING, 6673 false, frame_buf); 6674 if (ifmgd->assoc_data) 6675 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON); 6676 if (ifmgd->auth_data) 6677 ieee80211_destroy_auth_data(sdata, false); 6678 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 6679 IEEE80211_DEAUTH_FRAME_LEN, 6680 false); 6681 } 6682 6683 /* This is a bit of a hack - we should find a better and more generic 6684 * solution to this. Normally when suspending, cfg80211 will in fact 6685 * deauthenticate. However, it doesn't (and cannot) stop an ongoing 6686 * auth (not so important) or assoc (this is the problem) process. 6687 * 6688 * As a consequence, it can happen that we are in the process of both 6689 * associating and suspending, and receive an association response 6690 * after cfg80211 has checked if it needs to disconnect, but before 6691 * we actually set the flag to drop incoming frames. This will then 6692 * cause the workqueue flush to process the association response in 6693 * the suspend, resulting in a successful association just before it 6694 * tries to remove the interface from the driver, which now though 6695 * has a channel context assigned ... this results in issues. 6696 * 6697 * To work around this (for now) simply deauth here again if we're 6698 * now connected. 6699 */ 6700 if (ifmgd->associated && !sdata->local->wowlan) { 6701 u8 bssid[ETH_ALEN]; 6702 struct cfg80211_deauth_request req = { 6703 .reason_code = WLAN_REASON_DEAUTH_LEAVING, 6704 .bssid = bssid, 6705 }; 6706 6707 memcpy(bssid, sdata->vif.cfg.ap_addr, ETH_ALEN); 6708 ieee80211_mgd_deauth(sdata, &req); 6709 } 6710 } 6711 #endif 6712 6713 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 6714 { 6715 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 6716 6717 lockdep_assert_wiphy(sdata->local->hw.wiphy); 6718 6719 if (!ifmgd->associated) 6720 return; 6721 6722 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 6723 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 6724 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 6725 ieee80211_sta_connection_lost(sdata, 6726 WLAN_REASON_UNSPECIFIED, 6727 true); 6728 return; 6729 } 6730 6731 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_HW_RESTART) { 6732 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_HW_RESTART; 6733 mlme_dbg(sdata, "driver requested disconnect after hardware restart\n"); 6734 ieee80211_sta_connection_lost(sdata, 6735 WLAN_REASON_UNSPECIFIED, 6736 true); 6737 return; 6738 } 6739 } 6740 6741 static void ieee80211_request_smps_mgd_work(struct wiphy *wiphy, 6742 struct wiphy_work *work) 6743 { 6744 struct ieee80211_link_data *link = 6745 container_of(work, struct ieee80211_link_data, 6746 u.mgd.request_smps_work); 6747 6748 __ieee80211_request_smps_mgd(link->sdata, link, 6749 link->u.mgd.driver_smps_mode); 6750 } 6751 6752 /* interface setup */ 6753 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 6754 { 6755 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 6756 6757 wiphy_work_init(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 6758 wiphy_work_init(&ifmgd->beacon_connection_loss_work, 6759 ieee80211_beacon_connection_loss_work); 6760 wiphy_work_init(&ifmgd->csa_connection_drop_work, 6761 ieee80211_csa_connection_drop_work); 6762 wiphy_delayed_work_init(&ifmgd->tdls_peer_del_work, 6763 ieee80211_tdls_peer_del_work); 6764 wiphy_delayed_work_init(&ifmgd->ml_reconf_work, 6765 ieee80211_ml_reconf_work); 6766 timer_setup(&ifmgd->timer, ieee80211_sta_timer, 0); 6767 timer_setup(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 0); 6768 timer_setup(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 0); 6769 wiphy_delayed_work_init(&ifmgd->tx_tspec_wk, 6770 ieee80211_sta_handle_tspec_ac_params_wk); 6771 6772 ifmgd->flags = 0; 6773 ifmgd->powersave = sdata->wdev.ps; 6774 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 6775 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 6776 /* Setup TDLS data */ 6777 spin_lock_init(&ifmgd->teardown_lock); 6778 ifmgd->teardown_skb = NULL; 6779 ifmgd->orig_teardown_skb = NULL; 6780 } 6781 6782 static void ieee80211_recalc_smps_work(struct wiphy *wiphy, 6783 struct wiphy_work *work) 6784 { 6785 struct ieee80211_link_data *link = 6786 container_of(work, struct ieee80211_link_data, 6787 u.mgd.recalc_smps); 6788 6789 ieee80211_recalc_smps(link->sdata, link); 6790 } 6791 6792 void ieee80211_mgd_setup_link(struct ieee80211_link_data *link) 6793 { 6794 struct ieee80211_sub_if_data *sdata = link->sdata; 6795 struct ieee80211_local *local = sdata->local; 6796 unsigned int link_id = link->link_id; 6797 6798 link->u.mgd.p2p_noa_index = -1; 6799 link->u.mgd.conn_flags = 0; 6800 link->conf->bssid = link->u.mgd.bssid; 6801 6802 wiphy_work_init(&link->u.mgd.request_smps_work, 6803 ieee80211_request_smps_mgd_work); 6804 wiphy_work_init(&link->u.mgd.recalc_smps, 6805 ieee80211_recalc_smps_work); 6806 if (local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS) 6807 link->u.mgd.req_smps = IEEE80211_SMPS_AUTOMATIC; 6808 else 6809 link->u.mgd.req_smps = IEEE80211_SMPS_OFF; 6810 6811 wiphy_delayed_work_init(&link->u.mgd.chswitch_work, 6812 ieee80211_chswitch_work); 6813 6814 if (sdata->u.mgd.assoc_data) 6815 ether_addr_copy(link->conf->addr, 6816 sdata->u.mgd.assoc_data->link[link_id].addr); 6817 else if (!is_valid_ether_addr(link->conf->addr)) 6818 eth_random_addr(link->conf->addr); 6819 } 6820 6821 /* scan finished notification */ 6822 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 6823 { 6824 struct ieee80211_sub_if_data *sdata; 6825 6826 /* Restart STA timers */ 6827 rcu_read_lock(); 6828 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 6829 if (ieee80211_sdata_running(sdata)) 6830 ieee80211_restart_sta_timer(sdata); 6831 } 6832 rcu_read_unlock(); 6833 } 6834 6835 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 6836 struct cfg80211_bss *cbss, s8 link_id, 6837 const u8 *ap_mld_addr, bool assoc, 6838 bool override) 6839 { 6840 struct ieee80211_local *local = sdata->local; 6841 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 6842 struct ieee80211_bss *bss = (void *)cbss->priv; 6843 struct sta_info *new_sta = NULL; 6844 struct ieee80211_link_data *link; 6845 bool have_sta = false; 6846 bool mlo; 6847 int err; 6848 6849 if (link_id >= 0) { 6850 mlo = true; 6851 if (WARN_ON(!ap_mld_addr)) 6852 return -EINVAL; 6853 err = ieee80211_vif_set_links(sdata, BIT(link_id), 0); 6854 } else { 6855 if (WARN_ON(ap_mld_addr)) 6856 return -EINVAL; 6857 ap_mld_addr = cbss->bssid; 6858 err = ieee80211_vif_set_links(sdata, 0, 0); 6859 link_id = 0; 6860 mlo = false; 6861 } 6862 6863 if (err) 6864 return err; 6865 6866 link = sdata_dereference(sdata->link[link_id], sdata); 6867 if (WARN_ON(!link)) { 6868 err = -ENOLINK; 6869 goto out_err; 6870 } 6871 6872 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) { 6873 err = -EINVAL; 6874 goto out_err; 6875 } 6876 6877 /* If a reconfig is happening, bail out */ 6878 if (local->in_reconfig) { 6879 err = -EBUSY; 6880 goto out_err; 6881 } 6882 6883 if (assoc) { 6884 rcu_read_lock(); 6885 have_sta = sta_info_get(sdata, ap_mld_addr); 6886 rcu_read_unlock(); 6887 } 6888 6889 if (!have_sta) { 6890 if (mlo) 6891 new_sta = sta_info_alloc_with_link(sdata, ap_mld_addr, 6892 link_id, cbss->bssid, 6893 GFP_KERNEL); 6894 else 6895 new_sta = sta_info_alloc(sdata, ap_mld_addr, GFP_KERNEL); 6896 6897 if (!new_sta) { 6898 err = -ENOMEM; 6899 goto out_err; 6900 } 6901 6902 new_sta->sta.mlo = mlo; 6903 } 6904 6905 /* 6906 * Set up the information for the new channel before setting the 6907 * new channel. We can't - completely race-free - change the basic 6908 * rates bitmap and the channel (sband) that it refers to, but if 6909 * we set it up before we at least avoid calling into the driver's 6910 * bss_info_changed() method with invalid information (since we do 6911 * call that from changing the channel - only for IDLE and perhaps 6912 * some others, but ...). 6913 * 6914 * So to avoid that, just set up all the new information before the 6915 * channel, but tell the driver to apply it only afterwards, since 6916 * it might need the new channel for that. 6917 */ 6918 if (new_sta) { 6919 const struct cfg80211_bss_ies *ies; 6920 struct link_sta_info *link_sta; 6921 6922 rcu_read_lock(); 6923 link_sta = rcu_dereference(new_sta->link[link_id]); 6924 if (WARN_ON(!link_sta)) { 6925 rcu_read_unlock(); 6926 sta_info_free(local, new_sta); 6927 err = -EINVAL; 6928 goto out_err; 6929 } 6930 6931 err = ieee80211_mgd_setup_link_sta(link, new_sta, 6932 link_sta, cbss); 6933 if (err) { 6934 rcu_read_unlock(); 6935 sta_info_free(local, new_sta); 6936 goto out_err; 6937 } 6938 6939 memcpy(link->u.mgd.bssid, cbss->bssid, ETH_ALEN); 6940 6941 /* set timing information */ 6942 link->conf->beacon_int = cbss->beacon_interval; 6943 ies = rcu_dereference(cbss->beacon_ies); 6944 if (ies) { 6945 link->conf->sync_tsf = ies->tsf; 6946 link->conf->sync_device_ts = 6947 bss->device_ts_beacon; 6948 6949 ieee80211_get_dtim(ies, 6950 &link->conf->sync_dtim_count, 6951 NULL); 6952 } else if (!ieee80211_hw_check(&sdata->local->hw, 6953 TIMING_BEACON_ONLY)) { 6954 ies = rcu_dereference(cbss->proberesp_ies); 6955 /* must be non-NULL since beacon IEs were NULL */ 6956 link->conf->sync_tsf = ies->tsf; 6957 link->conf->sync_device_ts = 6958 bss->device_ts_presp; 6959 link->conf->sync_dtim_count = 0; 6960 } else { 6961 link->conf->sync_tsf = 0; 6962 link->conf->sync_device_ts = 0; 6963 link->conf->sync_dtim_count = 0; 6964 } 6965 rcu_read_unlock(); 6966 } 6967 6968 if (new_sta || override) { 6969 err = ieee80211_prep_channel(sdata, link, cbss, 6970 &link->u.mgd.conn_flags); 6971 if (err) { 6972 if (new_sta) 6973 sta_info_free(local, new_sta); 6974 goto out_err; 6975 } 6976 } 6977 6978 if (new_sta) { 6979 /* 6980 * tell driver about BSSID, basic rates and timing 6981 * this was set up above, before setting the channel 6982 */ 6983 ieee80211_link_info_change_notify(sdata, link, 6984 BSS_CHANGED_BSSID | 6985 BSS_CHANGED_BASIC_RATES | 6986 BSS_CHANGED_BEACON_INT); 6987 6988 if (assoc) 6989 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 6990 6991 err = sta_info_insert(new_sta); 6992 new_sta = NULL; 6993 if (err) { 6994 sdata_info(sdata, 6995 "failed to insert STA entry for the AP (error %d)\n", 6996 err); 6997 goto out_err; 6998 } 6999 } else 7000 WARN_ON_ONCE(!ether_addr_equal(link->u.mgd.bssid, cbss->bssid)); 7001 7002 /* Cancel scan to ensure that nothing interferes with connection */ 7003 if (local->scanning) 7004 ieee80211_scan_cancel(local); 7005 7006 return 0; 7007 7008 out_err: 7009 ieee80211_link_release_channel(&sdata->deflink); 7010 ieee80211_vif_set_links(sdata, 0, 0); 7011 return err; 7012 } 7013 7014 /* config hooks */ 7015 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 7016 struct cfg80211_auth_request *req) 7017 { 7018 struct ieee80211_local *local = sdata->local; 7019 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 7020 struct ieee80211_mgd_auth_data *auth_data; 7021 u16 auth_alg; 7022 int err; 7023 bool cont_auth; 7024 7025 lockdep_assert_wiphy(sdata->local->hw.wiphy); 7026 7027 /* prepare auth data structure */ 7028 7029 switch (req->auth_type) { 7030 case NL80211_AUTHTYPE_OPEN_SYSTEM: 7031 auth_alg = WLAN_AUTH_OPEN; 7032 break; 7033 case NL80211_AUTHTYPE_SHARED_KEY: 7034 if (fips_enabled) 7035 return -EOPNOTSUPP; 7036 auth_alg = WLAN_AUTH_SHARED_KEY; 7037 break; 7038 case NL80211_AUTHTYPE_FT: 7039 auth_alg = WLAN_AUTH_FT; 7040 break; 7041 case NL80211_AUTHTYPE_NETWORK_EAP: 7042 auth_alg = WLAN_AUTH_LEAP; 7043 break; 7044 case NL80211_AUTHTYPE_SAE: 7045 auth_alg = WLAN_AUTH_SAE; 7046 break; 7047 case NL80211_AUTHTYPE_FILS_SK: 7048 auth_alg = WLAN_AUTH_FILS_SK; 7049 break; 7050 case NL80211_AUTHTYPE_FILS_SK_PFS: 7051 auth_alg = WLAN_AUTH_FILS_SK_PFS; 7052 break; 7053 case NL80211_AUTHTYPE_FILS_PK: 7054 auth_alg = WLAN_AUTH_FILS_PK; 7055 break; 7056 default: 7057 return -EOPNOTSUPP; 7058 } 7059 7060 if (ifmgd->assoc_data) 7061 return -EBUSY; 7062 7063 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len + 7064 req->ie_len, GFP_KERNEL); 7065 if (!auth_data) 7066 return -ENOMEM; 7067 7068 memcpy(auth_data->ap_addr, 7069 req->ap_mld_addr ?: req->bss->bssid, 7070 ETH_ALEN); 7071 auth_data->bss = req->bss; 7072 auth_data->link_id = req->link_id; 7073 7074 if (req->auth_data_len >= 4) { 7075 if (req->auth_type == NL80211_AUTHTYPE_SAE) { 7076 __le16 *pos = (__le16 *) req->auth_data; 7077 7078 auth_data->sae_trans = le16_to_cpu(pos[0]); 7079 auth_data->sae_status = le16_to_cpu(pos[1]); 7080 } 7081 memcpy(auth_data->data, req->auth_data + 4, 7082 req->auth_data_len - 4); 7083 auth_data->data_len += req->auth_data_len - 4; 7084 } 7085 7086 /* Check if continuing authentication or trying to authenticate with the 7087 * same BSS that we were in the process of authenticating with and avoid 7088 * removal and re-addition of the STA entry in 7089 * ieee80211_prep_connection(). 7090 */ 7091 cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss && 7092 ifmgd->auth_data->link_id == req->link_id; 7093 7094 if (req->ie && req->ie_len) { 7095 memcpy(&auth_data->data[auth_data->data_len], 7096 req->ie, req->ie_len); 7097 auth_data->data_len += req->ie_len; 7098 } 7099 7100 if (req->key && req->key_len) { 7101 auth_data->key_len = req->key_len; 7102 auth_data->key_idx = req->key_idx; 7103 memcpy(auth_data->key, req->key, req->key_len); 7104 } 7105 7106 auth_data->algorithm = auth_alg; 7107 7108 /* try to authenticate/probe */ 7109 7110 if (ifmgd->auth_data) { 7111 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) { 7112 auth_data->peer_confirmed = 7113 ifmgd->auth_data->peer_confirmed; 7114 } 7115 ieee80211_destroy_auth_data(sdata, cont_auth); 7116 } 7117 7118 /* prep auth_data so we don't go into idle on disassoc */ 7119 ifmgd->auth_data = auth_data; 7120 7121 /* If this is continuation of an ongoing SAE authentication exchange 7122 * (i.e., request to send SAE Confirm) and the peer has already 7123 * confirmed, mark authentication completed since we are about to send 7124 * out SAE Confirm. 7125 */ 7126 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE && 7127 auth_data->peer_confirmed && auth_data->sae_trans == 2) 7128 ieee80211_mark_sta_auth(sdata); 7129 7130 if (ifmgd->associated) { 7131 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 7132 7133 sdata_info(sdata, 7134 "disconnect from AP %pM for new auth to %pM\n", 7135 sdata->vif.cfg.ap_addr, auth_data->ap_addr); 7136 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 7137 WLAN_REASON_UNSPECIFIED, 7138 false, frame_buf); 7139 7140 ieee80211_report_disconnect(sdata, frame_buf, 7141 sizeof(frame_buf), true, 7142 WLAN_REASON_UNSPECIFIED, 7143 false); 7144 } 7145 7146 sdata_info(sdata, "authenticate with %pM\n", auth_data->ap_addr); 7147 7148 /* needed for transmitting the auth frame(s) properly */ 7149 memcpy(sdata->vif.cfg.ap_addr, auth_data->ap_addr, ETH_ALEN); 7150 7151 err = ieee80211_prep_connection(sdata, req->bss, req->link_id, 7152 req->ap_mld_addr, cont_auth, false); 7153 if (err) 7154 goto err_clear; 7155 7156 err = ieee80211_auth(sdata); 7157 if (err) { 7158 sta_info_destroy_addr(sdata, auth_data->ap_addr); 7159 goto err_clear; 7160 } 7161 7162 /* hold our own reference */ 7163 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 7164 return 0; 7165 7166 err_clear: 7167 if (!ieee80211_vif_is_mld(&sdata->vif)) { 7168 eth_zero_addr(sdata->deflink.u.mgd.bssid); 7169 ieee80211_link_info_change_notify(sdata, &sdata->deflink, 7170 BSS_CHANGED_BSSID); 7171 ieee80211_link_release_channel(&sdata->deflink); 7172 } 7173 ifmgd->auth_data = NULL; 7174 kfree(auth_data); 7175 return err; 7176 } 7177 7178 static ieee80211_conn_flags_t 7179 ieee80211_setup_assoc_link(struct ieee80211_sub_if_data *sdata, 7180 struct ieee80211_mgd_assoc_data *assoc_data, 7181 struct cfg80211_assoc_request *req, 7182 ieee80211_conn_flags_t conn_flags, 7183 unsigned int link_id) 7184 { 7185 struct ieee80211_local *local = sdata->local; 7186 const struct cfg80211_bss_ies *beacon_ies; 7187 struct ieee80211_supported_band *sband; 7188 const struct element *ht_elem, *vht_elem; 7189 struct ieee80211_link_data *link; 7190 struct cfg80211_bss *cbss; 7191 struct ieee80211_bss *bss; 7192 bool is_5ghz, is_6ghz; 7193 7194 cbss = assoc_data->link[link_id].bss; 7195 if (WARN_ON(!cbss)) 7196 return 0; 7197 7198 bss = (void *)cbss->priv; 7199 7200 sband = local->hw.wiphy->bands[cbss->channel->band]; 7201 if (WARN_ON(!sband)) 7202 return 0; 7203 7204 link = sdata_dereference(sdata->link[link_id], sdata); 7205 if (WARN_ON(!link)) 7206 return 0; 7207 7208 is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ; 7209 is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ; 7210 7211 /* for MLO connections assume advertising all rates is OK */ 7212 if (!req->ap_mld_addr) { 7213 assoc_data->supp_rates = bss->supp_rates; 7214 assoc_data->supp_rates_len = bss->supp_rates_len; 7215 } 7216 7217 /* copy and link elems for the STA profile */ 7218 if (req->links[link_id].elems_len) { 7219 memcpy(assoc_data->ie_pos, req->links[link_id].elems, 7220 req->links[link_id].elems_len); 7221 assoc_data->link[link_id].elems = assoc_data->ie_pos; 7222 assoc_data->link[link_id].elems_len = req->links[link_id].elems_len; 7223 assoc_data->ie_pos += req->links[link_id].elems_len; 7224 } 7225 7226 rcu_read_lock(); 7227 ht_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_OPERATION); 7228 if (ht_elem && ht_elem->datalen >= sizeof(struct ieee80211_ht_operation)) 7229 assoc_data->link[link_id].ap_ht_param = 7230 ((struct ieee80211_ht_operation *)(ht_elem->data))->ht_param; 7231 else if (!is_6ghz) 7232 conn_flags |= IEEE80211_CONN_DISABLE_HT; 7233 vht_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY); 7234 if (vht_elem && vht_elem->datalen >= sizeof(struct ieee80211_vht_cap)) { 7235 memcpy(&assoc_data->link[link_id].ap_vht_cap, vht_elem->data, 7236 sizeof(struct ieee80211_vht_cap)); 7237 } else if (is_5ghz) { 7238 link_info(link, 7239 "VHT capa missing/short, disabling VHT/HE/EHT\n"); 7240 conn_flags |= IEEE80211_CONN_DISABLE_VHT | 7241 IEEE80211_CONN_DISABLE_HE | 7242 IEEE80211_CONN_DISABLE_EHT; 7243 } 7244 rcu_read_unlock(); 7245 7246 link->u.mgd.beacon_crc_valid = false; 7247 link->u.mgd.dtim_period = 0; 7248 link->u.mgd.have_beacon = false; 7249 7250 /* override HT/VHT configuration only if the AP and we support it */ 7251 if (!(conn_flags & IEEE80211_CONN_DISABLE_HT)) { 7252 struct ieee80211_sta_ht_cap sta_ht_cap; 7253 7254 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap)); 7255 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap); 7256 } 7257 7258 link->conf->eht_puncturing = 0; 7259 7260 rcu_read_lock(); 7261 beacon_ies = rcu_dereference(cbss->beacon_ies); 7262 if (beacon_ies) { 7263 const struct ieee80211_eht_operation *eht_oper; 7264 const struct element *elem; 7265 u8 dtim_count = 0; 7266 7267 ieee80211_get_dtim(beacon_ies, &dtim_count, 7268 &link->u.mgd.dtim_period); 7269 7270 sdata->deflink.u.mgd.have_beacon = true; 7271 7272 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) { 7273 link->conf->sync_tsf = beacon_ies->tsf; 7274 link->conf->sync_device_ts = bss->device_ts_beacon; 7275 link->conf->sync_dtim_count = dtim_count; 7276 } 7277 7278 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION, 7279 beacon_ies->data, beacon_ies->len); 7280 if (elem && elem->datalen >= 3) 7281 link->conf->profile_periodicity = elem->data[2]; 7282 else 7283 link->conf->profile_periodicity = 0; 7284 7285 elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY, 7286 beacon_ies->data, beacon_ies->len); 7287 if (elem && elem->datalen >= 11 && 7288 (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT)) 7289 link->conf->ema_ap = true; 7290 else 7291 link->conf->ema_ap = false; 7292 7293 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_OPERATION, 7294 beacon_ies->data, beacon_ies->len); 7295 eht_oper = (const void *)(elem->data + 1); 7296 7297 if (elem && 7298 ieee80211_eht_oper_size_ok((const void *)(elem->data + 1), 7299 elem->datalen - 1) && 7300 (eht_oper->params & IEEE80211_EHT_OPER_INFO_PRESENT) && 7301 (eht_oper->params & IEEE80211_EHT_OPER_DISABLED_SUBCHANNEL_BITMAP_PRESENT)) { 7302 const struct ieee80211_eht_operation_info *info = 7303 (void *)eht_oper->optional; 7304 const u8 *disable_subchannel_bitmap = info->optional; 7305 u16 bitmap; 7306 7307 bitmap = get_unaligned_le16(disable_subchannel_bitmap); 7308 if (cfg80211_valid_disable_subchannel_bitmap(&bitmap, 7309 &link->conf->chandef)) 7310 ieee80211_handle_puncturing_bitmap(link, 7311 eht_oper, 7312 bitmap, 7313 NULL); 7314 else 7315 conn_flags |= IEEE80211_CONN_DISABLE_EHT; 7316 } 7317 } 7318 rcu_read_unlock(); 7319 7320 if (bss->corrupt_data) { 7321 char *corrupt_type = "data"; 7322 7323 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 7324 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 7325 corrupt_type = "beacon and probe response"; 7326 else 7327 corrupt_type = "beacon"; 7328 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) { 7329 corrupt_type = "probe response"; 7330 } 7331 sdata_info(sdata, "associating to AP %pM with corrupt %s\n", 7332 cbss->bssid, corrupt_type); 7333 } 7334 7335 if (link->u.mgd.req_smps == IEEE80211_SMPS_AUTOMATIC) { 7336 if (sdata->u.mgd.powersave) 7337 link->smps_mode = IEEE80211_SMPS_DYNAMIC; 7338 else 7339 link->smps_mode = IEEE80211_SMPS_OFF; 7340 } else { 7341 link->smps_mode = link->u.mgd.req_smps; 7342 } 7343 7344 return conn_flags; 7345 } 7346 7347 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 7348 struct cfg80211_assoc_request *req) 7349 { 7350 unsigned int assoc_link_id = req->link_id < 0 ? 0 : req->link_id; 7351 struct ieee80211_local *local = sdata->local; 7352 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 7353 struct ieee80211_mgd_assoc_data *assoc_data; 7354 const struct element *ssid_elem; 7355 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg; 7356 ieee80211_conn_flags_t conn_flags = 0; 7357 struct ieee80211_link_data *link; 7358 struct cfg80211_bss *cbss; 7359 struct ieee80211_bss *bss; 7360 bool override; 7361 int i, err; 7362 size_t size = sizeof(*assoc_data) + req->ie_len; 7363 7364 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) 7365 size += req->links[i].elems_len; 7366 7367 /* FIXME: no support for 4-addr MLO yet */ 7368 if (sdata->u.mgd.use_4addr && req->link_id >= 0) 7369 return -EOPNOTSUPP; 7370 7371 assoc_data = kzalloc(size, GFP_KERNEL); 7372 if (!assoc_data) 7373 return -ENOMEM; 7374 7375 cbss = req->link_id < 0 ? req->bss : req->links[req->link_id].bss; 7376 7377 rcu_read_lock(); 7378 ssid_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID); 7379 if (!ssid_elem || ssid_elem->datalen > sizeof(assoc_data->ssid)) { 7380 rcu_read_unlock(); 7381 kfree(assoc_data); 7382 return -EINVAL; 7383 } 7384 memcpy(assoc_data->ssid, ssid_elem->data, ssid_elem->datalen); 7385 assoc_data->ssid_len = ssid_elem->datalen; 7386 memcpy(vif_cfg->ssid, assoc_data->ssid, assoc_data->ssid_len); 7387 vif_cfg->ssid_len = assoc_data->ssid_len; 7388 rcu_read_unlock(); 7389 7390 if (req->ap_mld_addr) { 7391 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) { 7392 if (!req->links[i].bss) 7393 continue; 7394 link = sdata_dereference(sdata->link[i], sdata); 7395 if (link) 7396 ether_addr_copy(assoc_data->link[i].addr, 7397 link->conf->addr); 7398 else 7399 eth_random_addr(assoc_data->link[i].addr); 7400 } 7401 } else { 7402 memcpy(assoc_data->link[0].addr, sdata->vif.addr, ETH_ALEN); 7403 } 7404 7405 assoc_data->s1g = cbss->channel->band == NL80211_BAND_S1GHZ; 7406 7407 memcpy(assoc_data->ap_addr, 7408 req->ap_mld_addr ?: req->bss->bssid, 7409 ETH_ALEN); 7410 7411 if (ifmgd->associated) { 7412 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 7413 7414 sdata_info(sdata, 7415 "disconnect from AP %pM for new assoc to %pM\n", 7416 sdata->vif.cfg.ap_addr, assoc_data->ap_addr); 7417 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 7418 WLAN_REASON_UNSPECIFIED, 7419 false, frame_buf); 7420 7421 ieee80211_report_disconnect(sdata, frame_buf, 7422 sizeof(frame_buf), true, 7423 WLAN_REASON_UNSPECIFIED, 7424 false); 7425 } 7426 7427 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 7428 err = -EBUSY; 7429 goto err_free; 7430 } 7431 7432 if (ifmgd->assoc_data) { 7433 err = -EBUSY; 7434 goto err_free; 7435 } 7436 7437 if (ifmgd->auth_data) { 7438 bool match; 7439 7440 /* keep sta info, bssid if matching */ 7441 match = ether_addr_equal(ifmgd->auth_data->ap_addr, 7442 assoc_data->ap_addr) && 7443 ifmgd->auth_data->link_id == req->link_id; 7444 ieee80211_destroy_auth_data(sdata, match); 7445 } 7446 7447 /* prepare assoc data */ 7448 7449 bss = (void *)cbss->priv; 7450 assoc_data->wmm = bss->wmm_used && 7451 (local->hw.queues >= IEEE80211_NUM_ACS); 7452 7453 /* 7454 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 7455 * We still associate in non-HT mode (11a/b/g) if any one of these 7456 * ciphers is configured as pairwise. 7457 * We can set this to true for non-11n hardware, that'll be checked 7458 * separately along with the peer capabilities. 7459 */ 7460 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 7461 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 7462 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 7463 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 7464 conn_flags |= IEEE80211_CONN_DISABLE_HT; 7465 conn_flags |= IEEE80211_CONN_DISABLE_VHT; 7466 conn_flags |= IEEE80211_CONN_DISABLE_HE; 7467 conn_flags |= IEEE80211_CONN_DISABLE_EHT; 7468 netdev_info(sdata->dev, 7469 "disabling HT/VHT/HE due to WEP/TKIP use\n"); 7470 } 7471 } 7472 7473 /* also disable HT/VHT/HE/EHT if the AP doesn't use WMM */ 7474 if (!bss->wmm_used) { 7475 conn_flags |= IEEE80211_CONN_DISABLE_HT; 7476 conn_flags |= IEEE80211_CONN_DISABLE_VHT; 7477 conn_flags |= IEEE80211_CONN_DISABLE_HE; 7478 conn_flags |= IEEE80211_CONN_DISABLE_EHT; 7479 netdev_info(sdata->dev, 7480 "disabling HT/VHT/HE as WMM/QoS is not supported by the AP\n"); 7481 } 7482 7483 if (req->flags & ASSOC_REQ_DISABLE_HT) { 7484 mlme_dbg(sdata, "HT disabled by flag, disabling HT/VHT/HE\n"); 7485 conn_flags |= IEEE80211_CONN_DISABLE_HT; 7486 conn_flags |= IEEE80211_CONN_DISABLE_VHT; 7487 conn_flags |= IEEE80211_CONN_DISABLE_HE; 7488 conn_flags |= IEEE80211_CONN_DISABLE_EHT; 7489 } 7490 7491 if (req->flags & ASSOC_REQ_DISABLE_VHT) { 7492 mlme_dbg(sdata, "VHT disabled by flag, disabling VHT\n"); 7493 conn_flags |= IEEE80211_CONN_DISABLE_VHT; 7494 } 7495 7496 if (req->flags & ASSOC_REQ_DISABLE_HE) { 7497 mlme_dbg(sdata, "HE disabled by flag, disabling HE/EHT\n"); 7498 conn_flags |= IEEE80211_CONN_DISABLE_HE; 7499 conn_flags |= IEEE80211_CONN_DISABLE_EHT; 7500 } 7501 7502 if (req->flags & ASSOC_REQ_DISABLE_EHT) 7503 conn_flags |= IEEE80211_CONN_DISABLE_EHT; 7504 7505 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 7506 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 7507 sizeof(ifmgd->ht_capa_mask)); 7508 7509 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 7510 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 7511 sizeof(ifmgd->vht_capa_mask)); 7512 7513 memcpy(&ifmgd->s1g_capa, &req->s1g_capa, sizeof(ifmgd->s1g_capa)); 7514 memcpy(&ifmgd->s1g_capa_mask, &req->s1g_capa_mask, 7515 sizeof(ifmgd->s1g_capa_mask)); 7516 7517 if (req->ie && req->ie_len) { 7518 memcpy(assoc_data->ie, req->ie, req->ie_len); 7519 assoc_data->ie_len = req->ie_len; 7520 assoc_data->ie_pos = assoc_data->ie + assoc_data->ie_len; 7521 } else { 7522 assoc_data->ie_pos = assoc_data->ie; 7523 } 7524 7525 if (req->fils_kek) { 7526 /* should already be checked in cfg80211 - so warn */ 7527 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) { 7528 err = -EINVAL; 7529 goto err_free; 7530 } 7531 memcpy(assoc_data->fils_kek, req->fils_kek, 7532 req->fils_kek_len); 7533 assoc_data->fils_kek_len = req->fils_kek_len; 7534 } 7535 7536 if (req->fils_nonces) 7537 memcpy(assoc_data->fils_nonces, req->fils_nonces, 7538 2 * FILS_NONCE_LEN); 7539 7540 /* default timeout */ 7541 assoc_data->timeout = jiffies; 7542 assoc_data->timeout_started = true; 7543 7544 assoc_data->assoc_link_id = assoc_link_id; 7545 7546 if (req->ap_mld_addr) { 7547 for (i = 0; i < ARRAY_SIZE(assoc_data->link); i++) { 7548 assoc_data->link[i].conn_flags = conn_flags; 7549 assoc_data->link[i].bss = req->links[i].bss; 7550 assoc_data->link[i].disabled = req->links[i].disabled; 7551 } 7552 7553 /* if there was no authentication, set up the link */ 7554 err = ieee80211_vif_set_links(sdata, BIT(assoc_link_id), 0); 7555 if (err) 7556 goto err_clear; 7557 } else { 7558 assoc_data->link[0].conn_flags = conn_flags; 7559 assoc_data->link[0].bss = cbss; 7560 } 7561 7562 link = sdata_dereference(sdata->link[assoc_link_id], sdata); 7563 if (WARN_ON(!link)) { 7564 err = -EINVAL; 7565 goto err_clear; 7566 } 7567 7568 /* keep old conn_flags from ieee80211_prep_channel() from auth */ 7569 conn_flags |= link->u.mgd.conn_flags; 7570 conn_flags |= ieee80211_setup_assoc_link(sdata, assoc_data, req, 7571 conn_flags, assoc_link_id); 7572 override = link->u.mgd.conn_flags != conn_flags; 7573 link->u.mgd.conn_flags |= conn_flags; 7574 7575 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) && 7576 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK), 7577 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n")) 7578 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD; 7579 7580 if (bss->wmm_used && bss->uapsd_supported && 7581 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) { 7582 assoc_data->uapsd = true; 7583 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 7584 } else { 7585 assoc_data->uapsd = false; 7586 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 7587 } 7588 7589 if (req->prev_bssid) 7590 memcpy(assoc_data->prev_ap_addr, req->prev_bssid, ETH_ALEN); 7591 7592 if (req->use_mfp) { 7593 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 7594 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 7595 } else { 7596 ifmgd->mfp = IEEE80211_MFP_DISABLED; 7597 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 7598 } 7599 7600 if (req->flags & ASSOC_REQ_USE_RRM) 7601 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM; 7602 else 7603 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM; 7604 7605 if (req->crypto.control_port) 7606 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 7607 else 7608 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 7609 7610 sdata->control_port_protocol = req->crypto.control_port_ethertype; 7611 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 7612 sdata->control_port_over_nl80211 = 7613 req->crypto.control_port_over_nl80211; 7614 sdata->control_port_no_preauth = req->crypto.control_port_no_preauth; 7615 7616 /* kick off associate process */ 7617 ifmgd->assoc_data = assoc_data; 7618 7619 for (i = 0; i < ARRAY_SIZE(assoc_data->link); i++) { 7620 if (!assoc_data->link[i].bss) 7621 continue; 7622 if (i == assoc_data->assoc_link_id) 7623 continue; 7624 /* only calculate the flags, hence link == NULL */ 7625 err = ieee80211_prep_channel(sdata, NULL, assoc_data->link[i].bss, 7626 &assoc_data->link[i].conn_flags); 7627 if (err) 7628 goto err_clear; 7629 } 7630 7631 /* needed for transmitting the assoc frames properly */ 7632 memcpy(sdata->vif.cfg.ap_addr, assoc_data->ap_addr, ETH_ALEN); 7633 7634 err = ieee80211_prep_connection(sdata, cbss, req->link_id, 7635 req->ap_mld_addr, true, override); 7636 if (err) 7637 goto err_clear; 7638 7639 assoc_data->link[assoc_data->assoc_link_id].conn_flags = 7640 link->u.mgd.conn_flags; 7641 7642 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC)) { 7643 const struct cfg80211_bss_ies *beacon_ies; 7644 7645 rcu_read_lock(); 7646 beacon_ies = rcu_dereference(req->bss->beacon_ies); 7647 7648 if (beacon_ies) { 7649 /* 7650 * Wait up to one beacon interval ... 7651 * should this be more if we miss one? 7652 */ 7653 sdata_info(sdata, "waiting for beacon from %pM\n", 7654 link->u.mgd.bssid); 7655 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 7656 assoc_data->timeout_started = true; 7657 assoc_data->need_beacon = true; 7658 } 7659 rcu_read_unlock(); 7660 } 7661 7662 run_again(sdata, assoc_data->timeout); 7663 7664 return 0; 7665 err_clear: 7666 eth_zero_addr(sdata->deflink.u.mgd.bssid); 7667 ieee80211_link_info_change_notify(sdata, &sdata->deflink, 7668 BSS_CHANGED_BSSID); 7669 ifmgd->assoc_data = NULL; 7670 err_free: 7671 kfree(assoc_data); 7672 return err; 7673 } 7674 7675 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 7676 struct cfg80211_deauth_request *req) 7677 { 7678 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 7679 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 7680 bool tx = !req->local_state_change; 7681 struct ieee80211_prep_tx_info info = { 7682 .subtype = IEEE80211_STYPE_DEAUTH, 7683 }; 7684 7685 if (ifmgd->auth_data && 7686 ether_addr_equal(ifmgd->auth_data->ap_addr, req->bssid)) { 7687 sdata_info(sdata, 7688 "aborting authentication with %pM by local choice (Reason: %u=%s)\n", 7689 req->bssid, req->reason_code, 7690 ieee80211_get_reason_code_string(req->reason_code)); 7691 7692 drv_mgd_prepare_tx(sdata->local, sdata, &info); 7693 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid, 7694 IEEE80211_STYPE_DEAUTH, 7695 req->reason_code, tx, 7696 frame_buf); 7697 ieee80211_destroy_auth_data(sdata, false); 7698 ieee80211_report_disconnect(sdata, frame_buf, 7699 sizeof(frame_buf), true, 7700 req->reason_code, false); 7701 drv_mgd_complete_tx(sdata->local, sdata, &info); 7702 return 0; 7703 } 7704 7705 if (ifmgd->assoc_data && 7706 ether_addr_equal(ifmgd->assoc_data->ap_addr, req->bssid)) { 7707 sdata_info(sdata, 7708 "aborting association with %pM by local choice (Reason: %u=%s)\n", 7709 req->bssid, req->reason_code, 7710 ieee80211_get_reason_code_string(req->reason_code)); 7711 7712 drv_mgd_prepare_tx(sdata->local, sdata, &info); 7713 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid, 7714 IEEE80211_STYPE_DEAUTH, 7715 req->reason_code, tx, 7716 frame_buf); 7717 ieee80211_destroy_assoc_data(sdata, ASSOC_ABANDON); 7718 ieee80211_report_disconnect(sdata, frame_buf, 7719 sizeof(frame_buf), true, 7720 req->reason_code, false); 7721 return 0; 7722 } 7723 7724 if (ifmgd->associated && 7725 ether_addr_equal(sdata->vif.cfg.ap_addr, req->bssid)) { 7726 sdata_info(sdata, 7727 "deauthenticating from %pM by local choice (Reason: %u=%s)\n", 7728 req->bssid, req->reason_code, 7729 ieee80211_get_reason_code_string(req->reason_code)); 7730 7731 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 7732 req->reason_code, tx, frame_buf); 7733 ieee80211_report_disconnect(sdata, frame_buf, 7734 sizeof(frame_buf), true, 7735 req->reason_code, false); 7736 drv_mgd_complete_tx(sdata->local, sdata, &info); 7737 return 0; 7738 } 7739 7740 return -ENOTCONN; 7741 } 7742 7743 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 7744 struct cfg80211_disassoc_request *req) 7745 { 7746 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 7747 7748 if (!sdata->u.mgd.associated || 7749 memcmp(sdata->vif.cfg.ap_addr, req->ap_addr, ETH_ALEN)) 7750 return -ENOTCONN; 7751 7752 sdata_info(sdata, 7753 "disassociating from %pM by local choice (Reason: %u=%s)\n", 7754 req->ap_addr, req->reason_code, 7755 ieee80211_get_reason_code_string(req->reason_code)); 7756 7757 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 7758 req->reason_code, !req->local_state_change, 7759 frame_buf); 7760 7761 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true, 7762 req->reason_code, false); 7763 7764 return 0; 7765 } 7766 7767 void ieee80211_mgd_stop_link(struct ieee80211_link_data *link) 7768 { 7769 wiphy_work_cancel(link->sdata->local->hw.wiphy, 7770 &link->u.mgd.request_smps_work); 7771 wiphy_work_cancel(link->sdata->local->hw.wiphy, 7772 &link->u.mgd.recalc_smps); 7773 wiphy_delayed_work_cancel(link->sdata->local->hw.wiphy, 7774 &link->u.mgd.chswitch_work); 7775 } 7776 7777 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 7778 { 7779 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 7780 7781 /* 7782 * Make sure some work items will not run after this, 7783 * they will not do anything but might not have been 7784 * cancelled when disconnecting. 7785 */ 7786 wiphy_work_cancel(sdata->local->hw.wiphy, 7787 &ifmgd->monitor_work); 7788 wiphy_work_cancel(sdata->local->hw.wiphy, 7789 &ifmgd->beacon_connection_loss_work); 7790 wiphy_work_cancel(sdata->local->hw.wiphy, 7791 &ifmgd->csa_connection_drop_work); 7792 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, 7793 &ifmgd->tdls_peer_del_work); 7794 wiphy_delayed_work_cancel(sdata->local->hw.wiphy, 7795 &ifmgd->ml_reconf_work); 7796 7797 if (ifmgd->assoc_data) 7798 ieee80211_destroy_assoc_data(sdata, ASSOC_TIMEOUT); 7799 if (ifmgd->auth_data) 7800 ieee80211_destroy_auth_data(sdata, false); 7801 spin_lock_bh(&ifmgd->teardown_lock); 7802 if (ifmgd->teardown_skb) { 7803 kfree_skb(ifmgd->teardown_skb); 7804 ifmgd->teardown_skb = NULL; 7805 ifmgd->orig_teardown_skb = NULL; 7806 } 7807 kfree(ifmgd->assoc_req_ies); 7808 ifmgd->assoc_req_ies = NULL; 7809 ifmgd->assoc_req_ies_len = 0; 7810 spin_unlock_bh(&ifmgd->teardown_lock); 7811 del_timer_sync(&ifmgd->timer); 7812 } 7813 7814 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 7815 enum nl80211_cqm_rssi_threshold_event rssi_event, 7816 s32 rssi_level, 7817 gfp_t gfp) 7818 { 7819 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 7820 7821 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level); 7822 7823 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp); 7824 } 7825 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 7826 7827 void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp) 7828 { 7829 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 7830 7831 trace_api_cqm_beacon_loss_notify(sdata->local, sdata); 7832 7833 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp); 7834 } 7835 EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify); 7836 7837 static void _ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data *sdata, 7838 int rssi_min_thold, 7839 int rssi_max_thold) 7840 { 7841 trace_api_enable_rssi_reports(sdata, rssi_min_thold, rssi_max_thold); 7842 7843 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 7844 return; 7845 7846 /* 7847 * Scale up threshold values before storing it, as the RSSI averaging 7848 * algorithm uses a scaled up value as well. Change this scaling 7849 * factor if the RSSI averaging algorithm changes. 7850 */ 7851 sdata->u.mgd.rssi_min_thold = rssi_min_thold*16; 7852 sdata->u.mgd.rssi_max_thold = rssi_max_thold*16; 7853 } 7854 7855 void ieee80211_enable_rssi_reports(struct ieee80211_vif *vif, 7856 int rssi_min_thold, 7857 int rssi_max_thold) 7858 { 7859 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 7860 7861 WARN_ON(rssi_min_thold == rssi_max_thold || 7862 rssi_min_thold > rssi_max_thold); 7863 7864 _ieee80211_enable_rssi_reports(sdata, rssi_min_thold, 7865 rssi_max_thold); 7866 } 7867 EXPORT_SYMBOL(ieee80211_enable_rssi_reports); 7868 7869 void ieee80211_disable_rssi_reports(struct ieee80211_vif *vif) 7870 { 7871 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 7872 7873 _ieee80211_enable_rssi_reports(sdata, 0, 0); 7874 } 7875 EXPORT_SYMBOL(ieee80211_disable_rssi_reports); 7876