1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * Copyright 2013-2014 Intel Mobile Communications GmbH 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License version 2 as 12 * published by the Free Software Foundation. 13 */ 14 15 #include <linux/delay.h> 16 #include <linux/if_ether.h> 17 #include <linux/skbuff.h> 18 #include <linux/if_arp.h> 19 #include <linux/etherdevice.h> 20 #include <linux/moduleparam.h> 21 #include <linux/rtnetlink.h> 22 #include <linux/pm_qos.h> 23 #include <linux/crc32.h> 24 #include <linux/slab.h> 25 #include <linux/export.h> 26 #include <net/mac80211.h> 27 #include <asm/unaligned.h> 28 29 #include "ieee80211_i.h" 30 #include "driver-ops.h" 31 #include "rate.h" 32 #include "led.h" 33 34 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 35 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) 36 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 37 #define IEEE80211_AUTH_MAX_TRIES 3 38 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 39 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 40 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 41 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 42 #define IEEE80211_ASSOC_MAX_TRIES 3 43 44 static int max_nullfunc_tries = 2; 45 module_param(max_nullfunc_tries, int, 0644); 46 MODULE_PARM_DESC(max_nullfunc_tries, 47 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 48 49 static int max_probe_tries = 5; 50 module_param(max_probe_tries, int, 0644); 51 MODULE_PARM_DESC(max_probe_tries, 52 "Maximum probe tries before disconnecting (reason 4)."); 53 54 /* 55 * Beacon loss timeout is calculated as N frames times the 56 * advertised beacon interval. This may need to be somewhat 57 * higher than what hardware might detect to account for 58 * delays in the host processing frames. But since we also 59 * probe on beacon miss before declaring the connection lost 60 * default to what we want. 61 */ 62 static int beacon_loss_count = 7; 63 module_param(beacon_loss_count, int, 0644); 64 MODULE_PARM_DESC(beacon_loss_count, 65 "Number of beacon intervals before we decide beacon was lost."); 66 67 /* 68 * Time the connection can be idle before we probe 69 * it to see if we can still talk to the AP. 70 */ 71 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 72 /* 73 * Time we wait for a probe response after sending 74 * a probe request because of beacon loss or for 75 * checking the connection still works. 76 */ 77 static int probe_wait_ms = 500; 78 module_param(probe_wait_ms, int, 0644); 79 MODULE_PARM_DESC(probe_wait_ms, 80 "Maximum time(ms) to wait for probe response" 81 " before disconnecting (reason 4)."); 82 83 /* 84 * Weight given to the latest Beacon frame when calculating average signal 85 * strength for Beacon frames received in the current BSS. This must be 86 * between 1 and 15. 87 */ 88 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 89 90 /* 91 * How many Beacon frames need to have been used in average signal strength 92 * before starting to indicate signal change events. 93 */ 94 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 95 96 /* 97 * We can have multiple work items (and connection probing) 98 * scheduling this timer, but we need to take care to only 99 * reschedule it when it should fire _earlier_ than it was 100 * asked for before, or if it's not pending right now. This 101 * function ensures that. Note that it then is required to 102 * run this function for all timeouts after the first one 103 * has happened -- the work that runs from this timer will 104 * do that. 105 */ 106 static void run_again(struct ieee80211_sub_if_data *sdata, 107 unsigned long timeout) 108 { 109 sdata_assert_lock(sdata); 110 111 if (!timer_pending(&sdata->u.mgd.timer) || 112 time_before(timeout, sdata->u.mgd.timer.expires)) 113 mod_timer(&sdata->u.mgd.timer, timeout); 114 } 115 116 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 117 { 118 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 119 return; 120 121 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 122 return; 123 124 mod_timer(&sdata->u.mgd.bcn_mon_timer, 125 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 126 } 127 128 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 129 { 130 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 131 132 if (unlikely(!sdata->u.mgd.associated)) 133 return; 134 135 ifmgd->probe_send_count = 0; 136 137 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 138 return; 139 140 mod_timer(&sdata->u.mgd.conn_mon_timer, 141 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 142 } 143 144 static int ecw2cw(int ecw) 145 { 146 return (1 << ecw) - 1; 147 } 148 149 static u32 150 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 151 struct ieee80211_supported_band *sband, 152 struct ieee80211_channel *channel, 153 const struct ieee80211_ht_cap *ht_cap, 154 const struct ieee80211_ht_operation *ht_oper, 155 const struct ieee80211_vht_operation *vht_oper, 156 struct cfg80211_chan_def *chandef, bool tracking) 157 { 158 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 159 struct cfg80211_chan_def vht_chandef; 160 u32 ht_cfreq, ret; 161 162 chandef->chan = channel; 163 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 164 chandef->center_freq1 = channel->center_freq; 165 chandef->center_freq2 = 0; 166 167 if (!ht_cap || !ht_oper || !sband->ht_cap.ht_supported) { 168 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 169 goto out; 170 } 171 172 chandef->width = NL80211_CHAN_WIDTH_20; 173 174 if (!(ht_cap->cap_info & 175 cpu_to_le16(IEEE80211_HT_CAP_SUP_WIDTH_20_40))) { 176 ret = IEEE80211_STA_DISABLE_40MHZ; 177 vht_chandef = *chandef; 178 goto out; 179 } 180 181 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 182 channel->band); 183 /* check that channel matches the right operating channel */ 184 if (!tracking && channel->center_freq != ht_cfreq) { 185 /* 186 * It's possible that some APs are confused here; 187 * Netgear WNDR3700 sometimes reports 4 higher than 188 * the actual channel in association responses, but 189 * since we look at probe response/beacon data here 190 * it should be OK. 191 */ 192 sdata_info(sdata, 193 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 194 channel->center_freq, ht_cfreq, 195 ht_oper->primary_chan, channel->band); 196 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 197 goto out; 198 } 199 200 /* check 40 MHz support, if we have it */ 201 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 202 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 203 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 204 chandef->width = NL80211_CHAN_WIDTH_40; 205 chandef->center_freq1 += 10; 206 break; 207 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 208 chandef->width = NL80211_CHAN_WIDTH_40; 209 chandef->center_freq1 -= 10; 210 break; 211 } 212 } else { 213 /* 40 MHz (and 80 MHz) must be supported for VHT */ 214 ret = IEEE80211_STA_DISABLE_VHT; 215 /* also mark 40 MHz disabled */ 216 ret |= IEEE80211_STA_DISABLE_40MHZ; 217 goto out; 218 } 219 220 if (!vht_oper || !sband->vht_cap.vht_supported) { 221 ret = IEEE80211_STA_DISABLE_VHT; 222 goto out; 223 } 224 225 vht_chandef.chan = channel; 226 vht_chandef.center_freq1 = 227 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 228 channel->band); 229 vht_chandef.center_freq2 = 0; 230 231 switch (vht_oper->chan_width) { 232 case IEEE80211_VHT_CHANWIDTH_USE_HT: 233 vht_chandef.width = chandef->width; 234 vht_chandef.center_freq1 = chandef->center_freq1; 235 break; 236 case IEEE80211_VHT_CHANWIDTH_80MHZ: 237 vht_chandef.width = NL80211_CHAN_WIDTH_80; 238 break; 239 case IEEE80211_VHT_CHANWIDTH_160MHZ: 240 vht_chandef.width = NL80211_CHAN_WIDTH_160; 241 break; 242 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 243 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 244 vht_chandef.center_freq2 = 245 ieee80211_channel_to_frequency( 246 vht_oper->center_freq_seg2_idx, 247 channel->band); 248 break; 249 default: 250 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 251 sdata_info(sdata, 252 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 253 vht_oper->chan_width); 254 ret = IEEE80211_STA_DISABLE_VHT; 255 goto out; 256 } 257 258 if (!cfg80211_chandef_valid(&vht_chandef)) { 259 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 260 sdata_info(sdata, 261 "AP VHT information is invalid, disable VHT\n"); 262 ret = IEEE80211_STA_DISABLE_VHT; 263 goto out; 264 } 265 266 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 267 ret = 0; 268 goto out; 269 } 270 271 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 272 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 273 sdata_info(sdata, 274 "AP VHT information doesn't match HT, disable VHT\n"); 275 ret = IEEE80211_STA_DISABLE_VHT; 276 goto out; 277 } 278 279 *chandef = vht_chandef; 280 281 ret = 0; 282 283 out: 284 /* 285 * When tracking the current AP, don't do any further checks if the 286 * new chandef is identical to the one we're currently using for the 287 * connection. This keeps us from playing ping-pong with regulatory, 288 * without it the following can happen (for example): 289 * - connect to an AP with 80 MHz, world regdom allows 80 MHz 290 * - AP advertises regdom US 291 * - CRDA loads regdom US with 80 MHz prohibited (old database) 292 * - the code below detects an unsupported channel, downgrades, and 293 * we disconnect from the AP in the caller 294 * - disconnect causes CRDA to reload world regdomain and the game 295 * starts anew. 296 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881) 297 * 298 * It seems possible that there are still scenarios with CSA or real 299 * bandwidth changes where a this could happen, but those cases are 300 * less common and wouldn't completely prevent using the AP. 301 */ 302 if (tracking && 303 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef)) 304 return ret; 305 306 /* don't print the message below for VHT mismatch if VHT is disabled */ 307 if (ret & IEEE80211_STA_DISABLE_VHT) 308 vht_chandef = *chandef; 309 310 /* 311 * Ignore the DISABLED flag when we're already connected and only 312 * tracking the APs beacon for bandwidth changes - otherwise we 313 * might get disconnected here if we connect to an AP, update our 314 * regulatory information based on the AP's country IE and the 315 * information we have is wrong/outdated and disables the channel 316 * that we're actually using for the connection to the AP. 317 */ 318 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 319 tracking ? 0 : 320 IEEE80211_CHAN_DISABLED)) { 321 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 322 ret = IEEE80211_STA_DISABLE_HT | 323 IEEE80211_STA_DISABLE_VHT; 324 break; 325 } 326 327 ret |= ieee80211_chandef_downgrade(chandef); 328 } 329 330 if (chandef->width != vht_chandef.width && !tracking) 331 sdata_info(sdata, 332 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 333 334 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 335 return ret; 336 } 337 338 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 339 struct sta_info *sta, 340 const struct ieee80211_ht_cap *ht_cap, 341 const struct ieee80211_ht_operation *ht_oper, 342 const struct ieee80211_vht_operation *vht_oper, 343 const u8 *bssid, u32 *changed) 344 { 345 struct ieee80211_local *local = sdata->local; 346 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 347 struct ieee80211_supported_band *sband; 348 struct ieee80211_channel *chan; 349 struct cfg80211_chan_def chandef; 350 u16 ht_opmode; 351 u32 flags; 352 enum ieee80211_sta_rx_bandwidth new_sta_bw; 353 int ret; 354 355 /* if HT was/is disabled, don't track any bandwidth changes */ 356 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 357 return 0; 358 359 /* don't check VHT if we associated as non-VHT station */ 360 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 361 vht_oper = NULL; 362 363 if (WARN_ON_ONCE(!sta)) 364 return -EINVAL; 365 366 /* 367 * if bss configuration changed store the new one - 368 * this may be applicable even if channel is identical 369 */ 370 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 371 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 372 *changed |= BSS_CHANGED_HT; 373 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 374 } 375 376 chan = sdata->vif.bss_conf.chandef.chan; 377 sband = local->hw.wiphy->bands[chan->band]; 378 379 /* calculate new channel (type) based on HT/VHT operation IEs */ 380 flags = ieee80211_determine_chantype(sdata, sband, chan, 381 ht_cap, ht_oper, vht_oper, 382 &chandef, true); 383 384 /* 385 * Downgrade the new channel if we associated with restricted 386 * capabilities. For example, if we associated as a 20 MHz STA 387 * to a 40 MHz AP (due to regulatory, capabilities or config 388 * reasons) then switching to a 40 MHz channel now won't do us 389 * any good -- we couldn't use it with the AP. 390 */ 391 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 392 chandef.width == NL80211_CHAN_WIDTH_80P80) 393 flags |= ieee80211_chandef_downgrade(&chandef); 394 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 395 chandef.width == NL80211_CHAN_WIDTH_160) 396 flags |= ieee80211_chandef_downgrade(&chandef); 397 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 398 chandef.width > NL80211_CHAN_WIDTH_20) 399 flags |= ieee80211_chandef_downgrade(&chandef); 400 401 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 402 return 0; 403 404 sdata_info(sdata, 405 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 406 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 407 chandef.center_freq1, chandef.center_freq2); 408 409 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 410 IEEE80211_STA_DISABLE_VHT | 411 IEEE80211_STA_DISABLE_40MHZ | 412 IEEE80211_STA_DISABLE_80P80MHZ | 413 IEEE80211_STA_DISABLE_160MHZ)) || 414 !cfg80211_chandef_valid(&chandef)) { 415 sdata_info(sdata, 416 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 417 ifmgd->bssid); 418 return -EINVAL; 419 } 420 421 switch (chandef.width) { 422 case NL80211_CHAN_WIDTH_20_NOHT: 423 case NL80211_CHAN_WIDTH_20: 424 new_sta_bw = IEEE80211_STA_RX_BW_20; 425 break; 426 case NL80211_CHAN_WIDTH_40: 427 new_sta_bw = IEEE80211_STA_RX_BW_40; 428 break; 429 case NL80211_CHAN_WIDTH_80: 430 new_sta_bw = IEEE80211_STA_RX_BW_80; 431 break; 432 case NL80211_CHAN_WIDTH_80P80: 433 case NL80211_CHAN_WIDTH_160: 434 new_sta_bw = IEEE80211_STA_RX_BW_160; 435 break; 436 default: 437 return -EINVAL; 438 } 439 440 if (new_sta_bw > sta->cur_max_bandwidth) 441 new_sta_bw = sta->cur_max_bandwidth; 442 443 if (new_sta_bw < sta->sta.bandwidth) { 444 sta->sta.bandwidth = new_sta_bw; 445 rate_control_rate_update(local, sband, sta, 446 IEEE80211_RC_BW_CHANGED); 447 } 448 449 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 450 if (ret) { 451 sdata_info(sdata, 452 "AP %pM changed bandwidth to incompatible one - disconnect\n", 453 ifmgd->bssid); 454 return ret; 455 } 456 457 if (new_sta_bw > sta->sta.bandwidth) { 458 sta->sta.bandwidth = new_sta_bw; 459 rate_control_rate_update(local, sband, sta, 460 IEEE80211_RC_BW_CHANGED); 461 } 462 463 return 0; 464 } 465 466 /* frame sending functions */ 467 468 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 469 struct sk_buff *skb, u8 ap_ht_param, 470 struct ieee80211_supported_band *sband, 471 struct ieee80211_channel *channel, 472 enum ieee80211_smps_mode smps) 473 { 474 u8 *pos; 475 u32 flags = channel->flags; 476 u16 cap; 477 struct ieee80211_sta_ht_cap ht_cap; 478 479 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 480 481 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 482 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 483 484 /* determine capability flags */ 485 cap = ht_cap.cap; 486 487 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 488 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 489 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 490 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 491 cap &= ~IEEE80211_HT_CAP_SGI_40; 492 } 493 break; 494 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 495 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 496 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 497 cap &= ~IEEE80211_HT_CAP_SGI_40; 498 } 499 break; 500 } 501 502 /* 503 * If 40 MHz was disabled associate as though we weren't 504 * capable of 40 MHz -- some broken APs will never fall 505 * back to trying to transmit in 20 MHz. 506 */ 507 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 508 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 509 cap &= ~IEEE80211_HT_CAP_SGI_40; 510 } 511 512 /* set SM PS mode properly */ 513 cap &= ~IEEE80211_HT_CAP_SM_PS; 514 switch (smps) { 515 case IEEE80211_SMPS_AUTOMATIC: 516 case IEEE80211_SMPS_NUM_MODES: 517 WARN_ON(1); 518 case IEEE80211_SMPS_OFF: 519 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 520 IEEE80211_HT_CAP_SM_PS_SHIFT; 521 break; 522 case IEEE80211_SMPS_STATIC: 523 cap |= WLAN_HT_CAP_SM_PS_STATIC << 524 IEEE80211_HT_CAP_SM_PS_SHIFT; 525 break; 526 case IEEE80211_SMPS_DYNAMIC: 527 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 528 IEEE80211_HT_CAP_SM_PS_SHIFT; 529 break; 530 } 531 532 /* reserve and fill IE */ 533 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 534 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 535 } 536 537 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 538 struct sk_buff *skb, 539 struct ieee80211_supported_band *sband, 540 struct ieee80211_vht_cap *ap_vht_cap) 541 { 542 u8 *pos; 543 u32 cap; 544 struct ieee80211_sta_vht_cap vht_cap; 545 u32 mask, ap_bf_sts, our_bf_sts; 546 547 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 548 549 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 550 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 551 552 /* determine capability flags */ 553 cap = vht_cap.cap; 554 555 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 556 u32 bw = cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 557 558 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 559 if (bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ || 560 bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ) 561 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 562 } 563 564 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 565 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 566 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 567 } 568 569 /* 570 * Some APs apparently get confused if our capabilities are better 571 * than theirs, so restrict what we advertise in the assoc request. 572 */ 573 if (!(ap_vht_cap->vht_cap_info & 574 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 575 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 576 577 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK; 578 579 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask; 580 our_bf_sts = cap & mask; 581 582 if (ap_bf_sts < our_bf_sts) { 583 cap &= ~mask; 584 cap |= ap_bf_sts; 585 } 586 587 /* reserve and fill IE */ 588 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 589 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 590 } 591 592 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 593 { 594 struct ieee80211_local *local = sdata->local; 595 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 596 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 597 struct sk_buff *skb; 598 struct ieee80211_mgmt *mgmt; 599 u8 *pos, qos_info; 600 size_t offset = 0, noffset; 601 int i, count, rates_len, supp_rates_len, shift; 602 u16 capab; 603 struct ieee80211_supported_band *sband; 604 struct ieee80211_chanctx_conf *chanctx_conf; 605 struct ieee80211_channel *chan; 606 u32 rate_flags, rates = 0; 607 608 sdata_assert_lock(sdata); 609 610 rcu_read_lock(); 611 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 612 if (WARN_ON(!chanctx_conf)) { 613 rcu_read_unlock(); 614 return; 615 } 616 chan = chanctx_conf->def.chan; 617 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 618 rcu_read_unlock(); 619 sband = local->hw.wiphy->bands[chan->band]; 620 shift = ieee80211_vif_get_shift(&sdata->vif); 621 622 if (assoc_data->supp_rates_len) { 623 /* 624 * Get all rates supported by the device and the AP as 625 * some APs don't like getting a superset of their rates 626 * in the association request (e.g. D-Link DAP 1353 in 627 * b-only mode)... 628 */ 629 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband, 630 assoc_data->supp_rates, 631 assoc_data->supp_rates_len, 632 &rates); 633 } else { 634 /* 635 * In case AP not provide any supported rates information 636 * before association, we send information element(s) with 637 * all rates that we support. 638 */ 639 rates_len = 0; 640 for (i = 0; i < sband->n_bitrates; i++) { 641 if ((rate_flags & sband->bitrates[i].flags) 642 != rate_flags) 643 continue; 644 rates |= BIT(i); 645 rates_len++; 646 } 647 } 648 649 skb = alloc_skb(local->hw.extra_tx_headroom + 650 sizeof(*mgmt) + /* bit too much but doesn't matter */ 651 2 + assoc_data->ssid_len + /* SSID */ 652 4 + rates_len + /* (extended) rates */ 653 4 + /* power capability */ 654 2 + 2 * sband->n_channels + /* supported channels */ 655 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 656 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 657 assoc_data->ie_len + /* extra IEs */ 658 9, /* WMM */ 659 GFP_KERNEL); 660 if (!skb) 661 return; 662 663 skb_reserve(skb, local->hw.extra_tx_headroom); 664 665 capab = WLAN_CAPABILITY_ESS; 666 667 if (sband->band == IEEE80211_BAND_2GHZ) { 668 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 669 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 670 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 671 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 672 } 673 674 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 675 capab |= WLAN_CAPABILITY_PRIVACY; 676 677 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 678 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 679 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 680 681 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM) 682 capab |= WLAN_CAPABILITY_RADIO_MEASURE; 683 684 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 685 memset(mgmt, 0, 24); 686 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 687 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 688 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 689 690 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 691 skb_put(skb, 10); 692 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 693 IEEE80211_STYPE_REASSOC_REQ); 694 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 695 mgmt->u.reassoc_req.listen_interval = 696 cpu_to_le16(local->hw.conf.listen_interval); 697 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 698 ETH_ALEN); 699 } else { 700 skb_put(skb, 4); 701 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 702 IEEE80211_STYPE_ASSOC_REQ); 703 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 704 mgmt->u.assoc_req.listen_interval = 705 cpu_to_le16(local->hw.conf.listen_interval); 706 } 707 708 /* SSID */ 709 pos = skb_put(skb, 2 + assoc_data->ssid_len); 710 *pos++ = WLAN_EID_SSID; 711 *pos++ = assoc_data->ssid_len; 712 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 713 714 /* add all rates which were marked to be used above */ 715 supp_rates_len = rates_len; 716 if (supp_rates_len > 8) 717 supp_rates_len = 8; 718 719 pos = skb_put(skb, supp_rates_len + 2); 720 *pos++ = WLAN_EID_SUPP_RATES; 721 *pos++ = supp_rates_len; 722 723 count = 0; 724 for (i = 0; i < sband->n_bitrates; i++) { 725 if (BIT(i) & rates) { 726 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 727 5 * (1 << shift)); 728 *pos++ = (u8) rate; 729 if (++count == 8) 730 break; 731 } 732 } 733 734 if (rates_len > count) { 735 pos = skb_put(skb, rates_len - count + 2); 736 *pos++ = WLAN_EID_EXT_SUPP_RATES; 737 *pos++ = rates_len - count; 738 739 for (i++; i < sband->n_bitrates; i++) { 740 if (BIT(i) & rates) { 741 int rate; 742 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 743 5 * (1 << shift)); 744 *pos++ = (u8) rate; 745 } 746 } 747 } 748 749 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT || 750 capab & WLAN_CAPABILITY_RADIO_MEASURE) { 751 pos = skb_put(skb, 4); 752 *pos++ = WLAN_EID_PWR_CAPABILITY; 753 *pos++ = 2; 754 *pos++ = 0; /* min tx power */ 755 /* max tx power */ 756 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def); 757 } 758 759 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 760 /* TODO: get this in reg domain format */ 761 pos = skb_put(skb, 2 * sband->n_channels + 2); 762 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 763 *pos++ = 2 * sband->n_channels; 764 for (i = 0; i < sband->n_channels; i++) { 765 *pos++ = ieee80211_frequency_to_channel( 766 sband->channels[i].center_freq); 767 *pos++ = 1; /* one channel in the subband*/ 768 } 769 } 770 771 /* if present, add any custom IEs that go before HT */ 772 if (assoc_data->ie_len) { 773 static const u8 before_ht[] = { 774 WLAN_EID_SSID, 775 WLAN_EID_SUPP_RATES, 776 WLAN_EID_EXT_SUPP_RATES, 777 WLAN_EID_PWR_CAPABILITY, 778 WLAN_EID_SUPPORTED_CHANNELS, 779 WLAN_EID_RSN, 780 WLAN_EID_QOS_CAPA, 781 WLAN_EID_RRM_ENABLED_CAPABILITIES, 782 WLAN_EID_MOBILITY_DOMAIN, 783 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */ 784 WLAN_EID_RIC_DATA, /* reassoc only */ 785 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 786 }; 787 static const u8 after_ric[] = { 788 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 789 WLAN_EID_HT_CAPABILITY, 790 WLAN_EID_BSS_COEX_2040, 791 WLAN_EID_EXT_CAPABILITY, 792 WLAN_EID_QOS_TRAFFIC_CAPA, 793 WLAN_EID_TIM_BCAST_REQ, 794 WLAN_EID_INTERWORKING, 795 /* 60GHz doesn't happen right now */ 796 WLAN_EID_VHT_CAPABILITY, 797 WLAN_EID_OPMODE_NOTIF, 798 }; 799 800 noffset = ieee80211_ie_split_ric(assoc_data->ie, 801 assoc_data->ie_len, 802 before_ht, 803 ARRAY_SIZE(before_ht), 804 after_ric, 805 ARRAY_SIZE(after_ric), 806 offset); 807 pos = skb_put(skb, noffset - offset); 808 memcpy(pos, assoc_data->ie + offset, noffset - offset); 809 offset = noffset; 810 } 811 812 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 813 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 814 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 815 816 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 817 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 818 sband, chan, sdata->smps_mode); 819 820 /* if present, add any custom IEs that go before VHT */ 821 if (assoc_data->ie_len) { 822 static const u8 before_vht[] = { 823 WLAN_EID_SSID, 824 WLAN_EID_SUPP_RATES, 825 WLAN_EID_EXT_SUPP_RATES, 826 WLAN_EID_PWR_CAPABILITY, 827 WLAN_EID_SUPPORTED_CHANNELS, 828 WLAN_EID_RSN, 829 WLAN_EID_QOS_CAPA, 830 WLAN_EID_RRM_ENABLED_CAPABILITIES, 831 WLAN_EID_MOBILITY_DOMAIN, 832 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 833 WLAN_EID_HT_CAPABILITY, 834 WLAN_EID_BSS_COEX_2040, 835 WLAN_EID_EXT_CAPABILITY, 836 WLAN_EID_QOS_TRAFFIC_CAPA, 837 WLAN_EID_TIM_BCAST_REQ, 838 WLAN_EID_INTERWORKING, 839 }; 840 841 /* RIC already taken above, so no need to handle here anymore */ 842 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 843 before_vht, ARRAY_SIZE(before_vht), 844 offset); 845 pos = skb_put(skb, noffset - offset); 846 memcpy(pos, assoc_data->ie + offset, noffset - offset); 847 offset = noffset; 848 } 849 850 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 851 ieee80211_add_vht_ie(sdata, skb, sband, 852 &assoc_data->ap_vht_cap); 853 854 /* if present, add any custom non-vendor IEs that go after HT */ 855 if (assoc_data->ie_len) { 856 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 857 assoc_data->ie_len, 858 offset); 859 pos = skb_put(skb, noffset - offset); 860 memcpy(pos, assoc_data->ie + offset, noffset - offset); 861 offset = noffset; 862 } 863 864 if (assoc_data->wmm) { 865 if (assoc_data->uapsd) { 866 qos_info = ifmgd->uapsd_queues; 867 qos_info |= (ifmgd->uapsd_max_sp_len << 868 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 869 } else { 870 qos_info = 0; 871 } 872 873 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info); 874 } 875 876 /* add any remaining custom (i.e. vendor specific here) IEs */ 877 if (assoc_data->ie_len) { 878 noffset = assoc_data->ie_len; 879 pos = skb_put(skb, noffset - offset); 880 memcpy(pos, assoc_data->ie + offset, noffset - offset); 881 } 882 883 drv_mgd_prepare_tx(local, sdata); 884 885 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 886 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 887 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 888 IEEE80211_TX_INTFL_MLME_CONN_TX; 889 ieee80211_tx_skb(sdata, skb); 890 } 891 892 void ieee80211_send_pspoll(struct ieee80211_local *local, 893 struct ieee80211_sub_if_data *sdata) 894 { 895 struct ieee80211_pspoll *pspoll; 896 struct sk_buff *skb; 897 898 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 899 if (!skb) 900 return; 901 902 pspoll = (struct ieee80211_pspoll *) skb->data; 903 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 904 905 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 906 ieee80211_tx_skb(sdata, skb); 907 } 908 909 void ieee80211_send_nullfunc(struct ieee80211_local *local, 910 struct ieee80211_sub_if_data *sdata, 911 int powersave) 912 { 913 struct sk_buff *skb; 914 struct ieee80211_hdr_3addr *nullfunc; 915 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 916 917 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 918 if (!skb) 919 return; 920 921 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 922 if (powersave) 923 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 924 925 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 926 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 927 928 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 929 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 930 931 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 932 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 933 934 ieee80211_tx_skb(sdata, skb); 935 } 936 937 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 938 struct ieee80211_sub_if_data *sdata) 939 { 940 struct sk_buff *skb; 941 struct ieee80211_hdr *nullfunc; 942 __le16 fc; 943 944 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 945 return; 946 947 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 948 if (!skb) 949 return; 950 951 skb_reserve(skb, local->hw.extra_tx_headroom); 952 953 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 954 memset(nullfunc, 0, 30); 955 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 956 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 957 nullfunc->frame_control = fc; 958 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 959 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 960 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 961 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 962 963 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 964 ieee80211_tx_skb(sdata, skb); 965 } 966 967 /* spectrum management related things */ 968 static void ieee80211_chswitch_work(struct work_struct *work) 969 { 970 struct ieee80211_sub_if_data *sdata = 971 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 972 struct ieee80211_local *local = sdata->local; 973 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 974 int ret; 975 976 if (!ieee80211_sdata_running(sdata)) 977 return; 978 979 sdata_lock(sdata); 980 mutex_lock(&local->mtx); 981 mutex_lock(&local->chanctx_mtx); 982 983 if (!ifmgd->associated) 984 goto out; 985 986 if (!sdata->vif.csa_active) 987 goto out; 988 989 /* 990 * using reservation isn't immediate as it may be deferred until later 991 * with multi-vif. once reservation is complete it will re-schedule the 992 * work with no reserved_chanctx so verify chandef to check if it 993 * completed successfully 994 */ 995 996 if (sdata->reserved_chanctx) { 997 /* 998 * with multi-vif csa driver may call ieee80211_csa_finish() 999 * many times while waiting for other interfaces to use their 1000 * reservations 1001 */ 1002 if (sdata->reserved_ready) 1003 goto out; 1004 1005 ret = ieee80211_vif_use_reserved_context(sdata); 1006 if (ret) { 1007 sdata_info(sdata, 1008 "failed to use reserved channel context, disconnecting (err=%d)\n", 1009 ret); 1010 ieee80211_queue_work(&sdata->local->hw, 1011 &ifmgd->csa_connection_drop_work); 1012 goto out; 1013 } 1014 1015 goto out; 1016 } 1017 1018 if (!cfg80211_chandef_identical(&sdata->vif.bss_conf.chandef, 1019 &sdata->csa_chandef)) { 1020 sdata_info(sdata, 1021 "failed to finalize channel switch, disconnecting\n"); 1022 ieee80211_queue_work(&sdata->local->hw, 1023 &ifmgd->csa_connection_drop_work); 1024 goto out; 1025 } 1026 1027 /* XXX: shouldn't really modify cfg80211-owned data! */ 1028 ifmgd->associated->channel = sdata->csa_chandef.chan; 1029 1030 ifmgd->csa_waiting_bcn = true; 1031 1032 ieee80211_sta_reset_beacon_monitor(sdata); 1033 ieee80211_sta_reset_conn_monitor(sdata); 1034 1035 out: 1036 mutex_unlock(&local->chanctx_mtx); 1037 mutex_unlock(&local->mtx); 1038 sdata_unlock(sdata); 1039 } 1040 1041 static void ieee80211_chswitch_post_beacon(struct ieee80211_sub_if_data *sdata) 1042 { 1043 struct ieee80211_local *local = sdata->local; 1044 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1045 int ret; 1046 1047 sdata_assert_lock(sdata); 1048 1049 WARN_ON(!sdata->vif.csa_active); 1050 1051 if (sdata->csa_block_tx) { 1052 ieee80211_wake_vif_queues(local, sdata, 1053 IEEE80211_QUEUE_STOP_REASON_CSA); 1054 sdata->csa_block_tx = false; 1055 } 1056 1057 cfg80211_ch_switch_notify(sdata->dev, &sdata->reserved_chandef); 1058 1059 sdata->vif.csa_active = false; 1060 ifmgd->csa_waiting_bcn = false; 1061 1062 ret = drv_post_channel_switch(sdata); 1063 if (ret) { 1064 sdata_info(sdata, 1065 "driver post channel switch failed, disconnecting\n"); 1066 ieee80211_queue_work(&local->hw, 1067 &ifmgd->csa_connection_drop_work); 1068 return; 1069 } 1070 } 1071 1072 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 1073 { 1074 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1075 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1076 1077 trace_api_chswitch_done(sdata, success); 1078 if (!success) { 1079 sdata_info(sdata, 1080 "driver channel switch failed, disconnecting\n"); 1081 ieee80211_queue_work(&sdata->local->hw, 1082 &ifmgd->csa_connection_drop_work); 1083 } else { 1084 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1085 } 1086 } 1087 EXPORT_SYMBOL(ieee80211_chswitch_done); 1088 1089 static void ieee80211_chswitch_timer(unsigned long data) 1090 { 1091 struct ieee80211_sub_if_data *sdata = 1092 (struct ieee80211_sub_if_data *) data; 1093 1094 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 1095 } 1096 1097 static void 1098 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1099 u64 timestamp, u32 device_timestamp, 1100 struct ieee802_11_elems *elems, 1101 bool beacon) 1102 { 1103 struct ieee80211_local *local = sdata->local; 1104 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1105 struct cfg80211_bss *cbss = ifmgd->associated; 1106 struct ieee80211_chanctx_conf *conf; 1107 struct ieee80211_chanctx *chanctx; 1108 enum ieee80211_band current_band; 1109 struct ieee80211_csa_ie csa_ie; 1110 struct ieee80211_channel_switch ch_switch; 1111 int res; 1112 1113 sdata_assert_lock(sdata); 1114 1115 if (!cbss) 1116 return; 1117 1118 if (local->scanning) 1119 return; 1120 1121 /* disregard subsequent announcements if we are already processing */ 1122 if (sdata->vif.csa_active) 1123 return; 1124 1125 current_band = cbss->channel->band; 1126 memset(&csa_ie, 0, sizeof(csa_ie)); 1127 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band, 1128 ifmgd->flags, 1129 ifmgd->associated->bssid, &csa_ie); 1130 if (res < 0) 1131 ieee80211_queue_work(&local->hw, 1132 &ifmgd->csa_connection_drop_work); 1133 if (res) 1134 return; 1135 1136 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef, 1137 IEEE80211_CHAN_DISABLED)) { 1138 sdata_info(sdata, 1139 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 1140 ifmgd->associated->bssid, 1141 csa_ie.chandef.chan->center_freq, 1142 csa_ie.chandef.width, csa_ie.chandef.center_freq1, 1143 csa_ie.chandef.center_freq2); 1144 ieee80211_queue_work(&local->hw, 1145 &ifmgd->csa_connection_drop_work); 1146 return; 1147 } 1148 1149 mutex_lock(&local->mtx); 1150 mutex_lock(&local->chanctx_mtx); 1151 conf = rcu_dereference_protected(sdata->vif.chanctx_conf, 1152 lockdep_is_held(&local->chanctx_mtx)); 1153 if (!conf) { 1154 sdata_info(sdata, 1155 "no channel context assigned to vif?, disconnecting\n"); 1156 ieee80211_queue_work(&local->hw, 1157 &ifmgd->csa_connection_drop_work); 1158 mutex_unlock(&local->chanctx_mtx); 1159 mutex_unlock(&local->mtx); 1160 return; 1161 } 1162 1163 chanctx = container_of(conf, struct ieee80211_chanctx, conf); 1164 1165 if (local->use_chanctx && 1166 !(local->hw.flags & IEEE80211_HW_CHANCTX_STA_CSA)) { 1167 sdata_info(sdata, 1168 "driver doesn't support chan-switch with channel contexts\n"); 1169 ieee80211_queue_work(&local->hw, 1170 &ifmgd->csa_connection_drop_work); 1171 mutex_unlock(&local->chanctx_mtx); 1172 mutex_unlock(&local->mtx); 1173 return; 1174 } 1175 1176 ch_switch.timestamp = timestamp; 1177 ch_switch.device_timestamp = device_timestamp; 1178 ch_switch.block_tx = csa_ie.mode; 1179 ch_switch.chandef = csa_ie.chandef; 1180 ch_switch.count = csa_ie.count; 1181 1182 if (drv_pre_channel_switch(sdata, &ch_switch)) { 1183 sdata_info(sdata, 1184 "preparing for channel switch failed, disconnecting\n"); 1185 ieee80211_queue_work(&local->hw, 1186 &ifmgd->csa_connection_drop_work); 1187 mutex_unlock(&local->chanctx_mtx); 1188 mutex_unlock(&local->mtx); 1189 return; 1190 } 1191 1192 res = ieee80211_vif_reserve_chanctx(sdata, &csa_ie.chandef, 1193 chanctx->mode, false); 1194 if (res) { 1195 sdata_info(sdata, 1196 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n", 1197 res); 1198 ieee80211_queue_work(&local->hw, 1199 &ifmgd->csa_connection_drop_work); 1200 mutex_unlock(&local->chanctx_mtx); 1201 mutex_unlock(&local->mtx); 1202 return; 1203 } 1204 mutex_unlock(&local->chanctx_mtx); 1205 1206 sdata->vif.csa_active = true; 1207 sdata->csa_chandef = csa_ie.chandef; 1208 sdata->csa_block_tx = csa_ie.mode; 1209 1210 if (sdata->csa_block_tx) 1211 ieee80211_stop_vif_queues(local, sdata, 1212 IEEE80211_QUEUE_STOP_REASON_CSA); 1213 mutex_unlock(&local->mtx); 1214 1215 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chandef, 1216 csa_ie.count); 1217 1218 if (local->ops->channel_switch) { 1219 /* use driver's channel switch callback */ 1220 drv_channel_switch(local, sdata, &ch_switch); 1221 return; 1222 } 1223 1224 /* channel switch handled in software */ 1225 if (csa_ie.count <= 1) 1226 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1227 else 1228 mod_timer(&ifmgd->chswitch_timer, 1229 TU_TO_EXP_TIME((csa_ie.count - 1) * 1230 cbss->beacon_interval)); 1231 } 1232 1233 static bool 1234 ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata, 1235 struct ieee80211_channel *channel, 1236 const u8 *country_ie, u8 country_ie_len, 1237 const u8 *pwr_constr_elem, 1238 int *chan_pwr, int *pwr_reduction) 1239 { 1240 struct ieee80211_country_ie_triplet *triplet; 1241 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1242 int i, chan_increment; 1243 bool have_chan_pwr = false; 1244 1245 /* Invalid IE */ 1246 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1247 return false; 1248 1249 triplet = (void *)(country_ie + 3); 1250 country_ie_len -= 3; 1251 1252 switch (channel->band) { 1253 default: 1254 WARN_ON_ONCE(1); 1255 /* fall through */ 1256 case IEEE80211_BAND_2GHZ: 1257 case IEEE80211_BAND_60GHZ: 1258 chan_increment = 1; 1259 break; 1260 case IEEE80211_BAND_5GHZ: 1261 chan_increment = 4; 1262 break; 1263 } 1264 1265 /* find channel */ 1266 while (country_ie_len >= 3) { 1267 u8 first_channel = triplet->chans.first_channel; 1268 1269 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1270 goto next; 1271 1272 for (i = 0; i < triplet->chans.num_channels; i++) { 1273 if (first_channel + i * chan_increment == chan) { 1274 have_chan_pwr = true; 1275 *chan_pwr = triplet->chans.max_power; 1276 break; 1277 } 1278 } 1279 if (have_chan_pwr) 1280 break; 1281 1282 next: 1283 triplet++; 1284 country_ie_len -= 3; 1285 } 1286 1287 if (have_chan_pwr) 1288 *pwr_reduction = *pwr_constr_elem; 1289 return have_chan_pwr; 1290 } 1291 1292 static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata, 1293 struct ieee80211_channel *channel, 1294 const u8 *cisco_dtpc_ie, 1295 int *pwr_level) 1296 { 1297 /* From practical testing, the first data byte of the DTPC element 1298 * seems to contain the requested dBm level, and the CLI on Cisco 1299 * APs clearly state the range is -127 to 127 dBm, which indicates 1300 * a signed byte, although it seemingly never actually goes negative. 1301 * The other byte seems to always be zero. 1302 */ 1303 *pwr_level = (__s8)cisco_dtpc_ie[4]; 1304 } 1305 1306 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1307 struct ieee80211_channel *channel, 1308 struct ieee80211_mgmt *mgmt, 1309 const u8 *country_ie, u8 country_ie_len, 1310 const u8 *pwr_constr_ie, 1311 const u8 *cisco_dtpc_ie) 1312 { 1313 bool has_80211h_pwr = false, has_cisco_pwr = false; 1314 int chan_pwr = 0, pwr_reduction_80211h = 0; 1315 int pwr_level_cisco, pwr_level_80211h; 1316 int new_ap_level; 1317 1318 if (country_ie && pwr_constr_ie && 1319 mgmt->u.probe_resp.capab_info & 1320 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) { 1321 has_80211h_pwr = ieee80211_find_80211h_pwr_constr( 1322 sdata, channel, country_ie, country_ie_len, 1323 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h); 1324 pwr_level_80211h = 1325 max_t(int, 0, chan_pwr - pwr_reduction_80211h); 1326 } 1327 1328 if (cisco_dtpc_ie) { 1329 ieee80211_find_cisco_dtpc( 1330 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco); 1331 has_cisco_pwr = true; 1332 } 1333 1334 if (!has_80211h_pwr && !has_cisco_pwr) 1335 return 0; 1336 1337 /* If we have both 802.11h and Cisco DTPC, apply both limits 1338 * by picking the smallest of the two power levels advertised. 1339 */ 1340 if (has_80211h_pwr && 1341 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) { 1342 sdata_info(sdata, 1343 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1344 pwr_level_80211h, chan_pwr, pwr_reduction_80211h, 1345 sdata->u.mgd.bssid); 1346 new_ap_level = pwr_level_80211h; 1347 } else { /* has_cisco_pwr is always true here. */ 1348 sdata_info(sdata, 1349 "Limiting TX power to %d dBm as advertised by %pM\n", 1350 pwr_level_cisco, sdata->u.mgd.bssid); 1351 new_ap_level = pwr_level_cisco; 1352 } 1353 1354 if (sdata->ap_power_level == new_ap_level) 1355 return 0; 1356 1357 sdata->ap_power_level = new_ap_level; 1358 if (__ieee80211_recalc_txpower(sdata)) 1359 return BSS_CHANGED_TXPOWER; 1360 return 0; 1361 } 1362 1363 /* powersave */ 1364 static void ieee80211_enable_ps(struct ieee80211_local *local, 1365 struct ieee80211_sub_if_data *sdata) 1366 { 1367 struct ieee80211_conf *conf = &local->hw.conf; 1368 1369 /* 1370 * If we are scanning right now then the parameters will 1371 * take effect when scan finishes. 1372 */ 1373 if (local->scanning) 1374 return; 1375 1376 if (conf->dynamic_ps_timeout > 0 && 1377 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1378 mod_timer(&local->dynamic_ps_timer, jiffies + 1379 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1380 } else { 1381 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1382 ieee80211_send_nullfunc(local, sdata, 1); 1383 1384 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1385 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1386 return; 1387 1388 conf->flags |= IEEE80211_CONF_PS; 1389 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1390 } 1391 } 1392 1393 static void ieee80211_change_ps(struct ieee80211_local *local) 1394 { 1395 struct ieee80211_conf *conf = &local->hw.conf; 1396 1397 if (local->ps_sdata) { 1398 ieee80211_enable_ps(local, local->ps_sdata); 1399 } else if (conf->flags & IEEE80211_CONF_PS) { 1400 conf->flags &= ~IEEE80211_CONF_PS; 1401 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1402 del_timer_sync(&local->dynamic_ps_timer); 1403 cancel_work_sync(&local->dynamic_ps_enable_work); 1404 } 1405 } 1406 1407 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1408 { 1409 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1410 struct sta_info *sta = NULL; 1411 bool authorized = false; 1412 1413 if (!mgd->powersave) 1414 return false; 1415 1416 if (mgd->broken_ap) 1417 return false; 1418 1419 if (!mgd->associated) 1420 return false; 1421 1422 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL) 1423 return false; 1424 1425 if (!mgd->have_beacon) 1426 return false; 1427 1428 rcu_read_lock(); 1429 sta = sta_info_get(sdata, mgd->bssid); 1430 if (sta) 1431 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1432 rcu_read_unlock(); 1433 1434 return authorized; 1435 } 1436 1437 /* need to hold RTNL or interface lock */ 1438 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1439 { 1440 struct ieee80211_sub_if_data *sdata, *found = NULL; 1441 int count = 0; 1442 int timeout; 1443 1444 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1445 local->ps_sdata = NULL; 1446 return; 1447 } 1448 1449 list_for_each_entry(sdata, &local->interfaces, list) { 1450 if (!ieee80211_sdata_running(sdata)) 1451 continue; 1452 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1453 /* If an AP vif is found, then disable PS 1454 * by setting the count to zero thereby setting 1455 * ps_sdata to NULL. 1456 */ 1457 count = 0; 1458 break; 1459 } 1460 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1461 continue; 1462 found = sdata; 1463 count++; 1464 } 1465 1466 if (count == 1 && ieee80211_powersave_allowed(found)) { 1467 s32 beaconint_us; 1468 1469 if (latency < 0) 1470 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1471 1472 beaconint_us = ieee80211_tu_to_usec( 1473 found->vif.bss_conf.beacon_int); 1474 1475 timeout = local->dynamic_ps_forced_timeout; 1476 if (timeout < 0) { 1477 /* 1478 * Go to full PSM if the user configures a very low 1479 * latency requirement. 1480 * The 2000 second value is there for compatibility 1481 * until the PM_QOS_NETWORK_LATENCY is configured 1482 * with real values. 1483 */ 1484 if (latency > (1900 * USEC_PER_MSEC) && 1485 latency != (2000 * USEC_PER_SEC)) 1486 timeout = 0; 1487 else 1488 timeout = 100; 1489 } 1490 local->hw.conf.dynamic_ps_timeout = timeout; 1491 1492 if (beaconint_us > latency) { 1493 local->ps_sdata = NULL; 1494 } else { 1495 int maxslp = 1; 1496 u8 dtimper = found->u.mgd.dtim_period; 1497 1498 /* If the TIM IE is invalid, pretend the value is 1 */ 1499 if (!dtimper) 1500 dtimper = 1; 1501 else if (dtimper > 1) 1502 maxslp = min_t(int, dtimper, 1503 latency / beaconint_us); 1504 1505 local->hw.conf.max_sleep_period = maxslp; 1506 local->hw.conf.ps_dtim_period = dtimper; 1507 local->ps_sdata = found; 1508 } 1509 } else { 1510 local->ps_sdata = NULL; 1511 } 1512 1513 ieee80211_change_ps(local); 1514 } 1515 1516 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1517 { 1518 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1519 1520 if (sdata->vif.bss_conf.ps != ps_allowed) { 1521 sdata->vif.bss_conf.ps = ps_allowed; 1522 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1523 } 1524 } 1525 1526 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1527 { 1528 struct ieee80211_local *local = 1529 container_of(work, struct ieee80211_local, 1530 dynamic_ps_disable_work); 1531 1532 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1533 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1534 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1535 } 1536 1537 ieee80211_wake_queues_by_reason(&local->hw, 1538 IEEE80211_MAX_QUEUE_MAP, 1539 IEEE80211_QUEUE_STOP_REASON_PS, 1540 false); 1541 } 1542 1543 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1544 { 1545 struct ieee80211_local *local = 1546 container_of(work, struct ieee80211_local, 1547 dynamic_ps_enable_work); 1548 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1549 struct ieee80211_if_managed *ifmgd; 1550 unsigned long flags; 1551 int q; 1552 1553 /* can only happen when PS was just disabled anyway */ 1554 if (!sdata) 1555 return; 1556 1557 ifmgd = &sdata->u.mgd; 1558 1559 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1560 return; 1561 1562 if (local->hw.conf.dynamic_ps_timeout > 0) { 1563 /* don't enter PS if TX frames are pending */ 1564 if (drv_tx_frames_pending(local)) { 1565 mod_timer(&local->dynamic_ps_timer, jiffies + 1566 msecs_to_jiffies( 1567 local->hw.conf.dynamic_ps_timeout)); 1568 return; 1569 } 1570 1571 /* 1572 * transmission can be stopped by others which leads to 1573 * dynamic_ps_timer expiry. Postpone the ps timer if it 1574 * is not the actual idle state. 1575 */ 1576 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1577 for (q = 0; q < local->hw.queues; q++) { 1578 if (local->queue_stop_reasons[q]) { 1579 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1580 flags); 1581 mod_timer(&local->dynamic_ps_timer, jiffies + 1582 msecs_to_jiffies( 1583 local->hw.conf.dynamic_ps_timeout)); 1584 return; 1585 } 1586 } 1587 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1588 } 1589 1590 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1591 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1592 if (drv_tx_frames_pending(local)) { 1593 mod_timer(&local->dynamic_ps_timer, jiffies + 1594 msecs_to_jiffies( 1595 local->hw.conf.dynamic_ps_timeout)); 1596 } else { 1597 ieee80211_send_nullfunc(local, sdata, 1); 1598 /* Flush to get the tx status of nullfunc frame */ 1599 ieee80211_flush_queues(local, sdata); 1600 } 1601 } 1602 1603 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1604 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1605 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1606 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1607 local->hw.conf.flags |= IEEE80211_CONF_PS; 1608 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1609 } 1610 } 1611 1612 void ieee80211_dynamic_ps_timer(unsigned long data) 1613 { 1614 struct ieee80211_local *local = (void *) data; 1615 1616 if (local->quiescing || local->suspended) 1617 return; 1618 1619 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1620 } 1621 1622 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1623 { 1624 struct delayed_work *delayed_work = 1625 container_of(work, struct delayed_work, work); 1626 struct ieee80211_sub_if_data *sdata = 1627 container_of(delayed_work, struct ieee80211_sub_if_data, 1628 dfs_cac_timer_work); 1629 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef; 1630 1631 mutex_lock(&sdata->local->mtx); 1632 if (sdata->wdev.cac_started) { 1633 ieee80211_vif_release_channel(sdata); 1634 cfg80211_cac_event(sdata->dev, &chandef, 1635 NL80211_RADAR_CAC_FINISHED, 1636 GFP_KERNEL); 1637 } 1638 mutex_unlock(&sdata->local->mtx); 1639 } 1640 1641 static bool 1642 __ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 1643 { 1644 struct ieee80211_local *local = sdata->local; 1645 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1646 bool ret; 1647 int ac; 1648 1649 if (local->hw.queues < IEEE80211_NUM_ACS) 1650 return false; 1651 1652 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 1653 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac]; 1654 int non_acm_ac; 1655 unsigned long now = jiffies; 1656 1657 if (tx_tspec->action == TX_TSPEC_ACTION_NONE && 1658 tx_tspec->admitted_time && 1659 time_after(now, tx_tspec->time_slice_start + HZ)) { 1660 tx_tspec->consumed_tx_time = 0; 1661 tx_tspec->time_slice_start = now; 1662 1663 if (tx_tspec->downgraded) 1664 tx_tspec->action = 1665 TX_TSPEC_ACTION_STOP_DOWNGRADE; 1666 } 1667 1668 switch (tx_tspec->action) { 1669 case TX_TSPEC_ACTION_STOP_DOWNGRADE: 1670 /* take the original parameters */ 1671 if (drv_conf_tx(local, sdata, ac, &sdata->tx_conf[ac])) 1672 sdata_err(sdata, 1673 "failed to set TX queue parameters for queue %d\n", 1674 ac); 1675 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1676 tx_tspec->downgraded = false; 1677 ret = true; 1678 break; 1679 case TX_TSPEC_ACTION_DOWNGRADE: 1680 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 1681 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1682 ret = true; 1683 break; 1684 } 1685 /* downgrade next lower non-ACM AC */ 1686 for (non_acm_ac = ac + 1; 1687 non_acm_ac < IEEE80211_NUM_ACS; 1688 non_acm_ac++) 1689 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac))) 1690 break; 1691 /* The loop will result in using BK even if it requires 1692 * admission control, such configuration makes no sense 1693 * and we have to transmit somehow - the AC selection 1694 * does the same thing. 1695 */ 1696 if (drv_conf_tx(local, sdata, ac, 1697 &sdata->tx_conf[non_acm_ac])) 1698 sdata_err(sdata, 1699 "failed to set TX queue parameters for queue %d\n", 1700 ac); 1701 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1702 ret = true; 1703 schedule_delayed_work(&ifmgd->tx_tspec_wk, 1704 tx_tspec->time_slice_start + HZ - now + 1); 1705 break; 1706 case TX_TSPEC_ACTION_NONE: 1707 /* nothing now */ 1708 break; 1709 } 1710 } 1711 1712 return ret; 1713 } 1714 1715 void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 1716 { 1717 if (__ieee80211_sta_handle_tspec_ac_params(sdata)) 1718 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS); 1719 } 1720 1721 static void ieee80211_sta_handle_tspec_ac_params_wk(struct work_struct *work) 1722 { 1723 struct ieee80211_sub_if_data *sdata; 1724 1725 sdata = container_of(work, struct ieee80211_sub_if_data, 1726 u.mgd.tx_tspec_wk.work); 1727 ieee80211_sta_handle_tspec_ac_params(sdata); 1728 } 1729 1730 /* MLME */ 1731 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1732 struct ieee80211_sub_if_data *sdata, 1733 const u8 *wmm_param, size_t wmm_param_len) 1734 { 1735 struct ieee80211_tx_queue_params params; 1736 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1737 size_t left; 1738 int count; 1739 const u8 *pos; 1740 u8 uapsd_queues = 0; 1741 1742 if (!local->ops->conf_tx) 1743 return false; 1744 1745 if (local->hw.queues < IEEE80211_NUM_ACS) 1746 return false; 1747 1748 if (!wmm_param) 1749 return false; 1750 1751 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1752 return false; 1753 1754 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1755 uapsd_queues = ifmgd->uapsd_queues; 1756 1757 count = wmm_param[6] & 0x0f; 1758 if (count == ifmgd->wmm_last_param_set) 1759 return false; 1760 ifmgd->wmm_last_param_set = count; 1761 1762 pos = wmm_param + 8; 1763 left = wmm_param_len - 8; 1764 1765 memset(¶ms, 0, sizeof(params)); 1766 1767 sdata->wmm_acm = 0; 1768 for (; left >= 4; left -= 4, pos += 4) { 1769 int aci = (pos[0] >> 5) & 0x03; 1770 int acm = (pos[0] >> 4) & 0x01; 1771 bool uapsd = false; 1772 int queue; 1773 1774 switch (aci) { 1775 case 1: /* AC_BK */ 1776 queue = 3; 1777 if (acm) 1778 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1779 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1780 uapsd = true; 1781 break; 1782 case 2: /* AC_VI */ 1783 queue = 1; 1784 if (acm) 1785 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1786 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1787 uapsd = true; 1788 break; 1789 case 3: /* AC_VO */ 1790 queue = 0; 1791 if (acm) 1792 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1793 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1794 uapsd = true; 1795 break; 1796 case 0: /* AC_BE */ 1797 default: 1798 queue = 2; 1799 if (acm) 1800 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1801 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1802 uapsd = true; 1803 break; 1804 } 1805 1806 params.aifs = pos[0] & 0x0f; 1807 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1808 params.cw_min = ecw2cw(pos[1] & 0x0f); 1809 params.txop = get_unaligned_le16(pos + 2); 1810 params.acm = acm; 1811 params.uapsd = uapsd; 1812 1813 mlme_dbg(sdata, 1814 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n", 1815 queue, aci, acm, 1816 params.aifs, params.cw_min, params.cw_max, 1817 params.txop, params.uapsd, 1818 ifmgd->tx_tspec[queue].downgraded); 1819 sdata->tx_conf[queue] = params; 1820 if (!ifmgd->tx_tspec[queue].downgraded && 1821 drv_conf_tx(local, sdata, queue, ¶ms)) 1822 sdata_err(sdata, 1823 "failed to set TX queue parameters for queue %d\n", 1824 queue); 1825 } 1826 1827 /* enable WMM or activate new settings */ 1828 sdata->vif.bss_conf.qos = true; 1829 return true; 1830 } 1831 1832 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1833 { 1834 lockdep_assert_held(&sdata->local->mtx); 1835 1836 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL; 1837 ieee80211_run_deferred_scan(sdata->local); 1838 } 1839 1840 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1841 { 1842 mutex_lock(&sdata->local->mtx); 1843 __ieee80211_stop_poll(sdata); 1844 mutex_unlock(&sdata->local->mtx); 1845 } 1846 1847 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1848 u16 capab, bool erp_valid, u8 erp) 1849 { 1850 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1851 u32 changed = 0; 1852 bool use_protection; 1853 bool use_short_preamble; 1854 bool use_short_slot; 1855 1856 if (erp_valid) { 1857 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1858 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1859 } else { 1860 use_protection = false; 1861 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1862 } 1863 1864 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1865 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1866 use_short_slot = true; 1867 1868 if (use_protection != bss_conf->use_cts_prot) { 1869 bss_conf->use_cts_prot = use_protection; 1870 changed |= BSS_CHANGED_ERP_CTS_PROT; 1871 } 1872 1873 if (use_short_preamble != bss_conf->use_short_preamble) { 1874 bss_conf->use_short_preamble = use_short_preamble; 1875 changed |= BSS_CHANGED_ERP_PREAMBLE; 1876 } 1877 1878 if (use_short_slot != bss_conf->use_short_slot) { 1879 bss_conf->use_short_slot = use_short_slot; 1880 changed |= BSS_CHANGED_ERP_SLOT; 1881 } 1882 1883 return changed; 1884 } 1885 1886 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1887 struct cfg80211_bss *cbss, 1888 u32 bss_info_changed) 1889 { 1890 struct ieee80211_bss *bss = (void *)cbss->priv; 1891 struct ieee80211_local *local = sdata->local; 1892 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1893 1894 bss_info_changed |= BSS_CHANGED_ASSOC; 1895 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1896 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1897 1898 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1899 beacon_loss_count * bss_conf->beacon_int)); 1900 1901 sdata->u.mgd.associated = cbss; 1902 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1903 1904 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1905 1906 if (sdata->vif.p2p) { 1907 const struct cfg80211_bss_ies *ies; 1908 1909 rcu_read_lock(); 1910 ies = rcu_dereference(cbss->ies); 1911 if (ies) { 1912 int ret; 1913 1914 ret = cfg80211_get_p2p_attr( 1915 ies->data, ies->len, 1916 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1917 (u8 *) &bss_conf->p2p_noa_attr, 1918 sizeof(bss_conf->p2p_noa_attr)); 1919 if (ret >= 2) { 1920 sdata->u.mgd.p2p_noa_index = 1921 bss_conf->p2p_noa_attr.index; 1922 bss_info_changed |= BSS_CHANGED_P2P_PS; 1923 } 1924 } 1925 rcu_read_unlock(); 1926 } 1927 1928 /* just to be sure */ 1929 ieee80211_stop_poll(sdata); 1930 1931 ieee80211_led_assoc(local, 1); 1932 1933 if (sdata->u.mgd.have_beacon) { 1934 /* 1935 * If the AP is buggy we may get here with no DTIM period 1936 * known, so assume it's 1 which is the only safe assumption 1937 * in that case, although if the TIM IE is broken powersave 1938 * probably just won't work at all. 1939 */ 1940 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1941 bss_conf->beacon_rate = bss->beacon_rate; 1942 bss_info_changed |= BSS_CHANGED_BEACON_INFO; 1943 } else { 1944 bss_conf->beacon_rate = NULL; 1945 bss_conf->dtim_period = 0; 1946 } 1947 1948 bss_conf->assoc = 1; 1949 1950 /* Tell the driver to monitor connection quality (if supported) */ 1951 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1952 bss_conf->cqm_rssi_thold) 1953 bss_info_changed |= BSS_CHANGED_CQM; 1954 1955 /* Enable ARP filtering */ 1956 if (bss_conf->arp_addr_cnt) 1957 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1958 1959 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1960 1961 mutex_lock(&local->iflist_mtx); 1962 ieee80211_recalc_ps(local, -1); 1963 mutex_unlock(&local->iflist_mtx); 1964 1965 ieee80211_recalc_smps(sdata); 1966 ieee80211_recalc_ps_vif(sdata); 1967 1968 netif_carrier_on(sdata->dev); 1969 } 1970 1971 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1972 u16 stype, u16 reason, bool tx, 1973 u8 *frame_buf) 1974 { 1975 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1976 struct ieee80211_local *local = sdata->local; 1977 u32 changed = 0; 1978 1979 sdata_assert_lock(sdata); 1980 1981 if (WARN_ON_ONCE(tx && !frame_buf)) 1982 return; 1983 1984 if (WARN_ON(!ifmgd->associated)) 1985 return; 1986 1987 ieee80211_stop_poll(sdata); 1988 1989 ifmgd->associated = NULL; 1990 netif_carrier_off(sdata->dev); 1991 1992 /* 1993 * if we want to get out of ps before disassoc (why?) we have 1994 * to do it before sending disassoc, as otherwise the null-packet 1995 * won't be valid. 1996 */ 1997 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1998 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1999 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2000 } 2001 local->ps_sdata = NULL; 2002 2003 /* disable per-vif ps */ 2004 ieee80211_recalc_ps_vif(sdata); 2005 2006 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 2007 if (tx) 2008 ieee80211_flush_queues(local, sdata); 2009 2010 /* deauthenticate/disassociate now */ 2011 if (tx || frame_buf) 2012 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 2013 reason, tx, frame_buf); 2014 2015 /* flush out frame */ 2016 if (tx) 2017 ieee80211_flush_queues(local, sdata); 2018 2019 /* clear bssid only after building the needed mgmt frames */ 2020 memset(ifmgd->bssid, 0, ETH_ALEN); 2021 2022 /* remove AP and TDLS peers */ 2023 sta_info_flush(sdata); 2024 2025 /* finally reset all BSS / config parameters */ 2026 changed |= ieee80211_reset_erp_info(sdata); 2027 2028 ieee80211_led_assoc(local, 0); 2029 changed |= BSS_CHANGED_ASSOC; 2030 sdata->vif.bss_conf.assoc = false; 2031 2032 ifmgd->p2p_noa_index = -1; 2033 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 2034 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 2035 2036 /* on the next assoc, re-program HT/VHT parameters */ 2037 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 2038 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 2039 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 2040 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 2041 2042 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 2043 2044 del_timer_sync(&local->dynamic_ps_timer); 2045 cancel_work_sync(&local->dynamic_ps_enable_work); 2046 2047 /* Disable ARP filtering */ 2048 if (sdata->vif.bss_conf.arp_addr_cnt) 2049 changed |= BSS_CHANGED_ARP_FILTER; 2050 2051 sdata->vif.bss_conf.qos = false; 2052 changed |= BSS_CHANGED_QOS; 2053 2054 /* The BSSID (not really interesting) and HT changed */ 2055 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 2056 ieee80211_bss_info_change_notify(sdata, changed); 2057 2058 /* disassociated - set to defaults now */ 2059 ieee80211_set_wmm_default(sdata, false); 2060 2061 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 2062 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 2063 del_timer_sync(&sdata->u.mgd.timer); 2064 del_timer_sync(&sdata->u.mgd.chswitch_timer); 2065 2066 sdata->vif.bss_conf.dtim_period = 0; 2067 sdata->vif.bss_conf.beacon_rate = NULL; 2068 2069 ifmgd->have_beacon = false; 2070 2071 ifmgd->flags = 0; 2072 mutex_lock(&local->mtx); 2073 ieee80211_vif_release_channel(sdata); 2074 2075 sdata->vif.csa_active = false; 2076 ifmgd->csa_waiting_bcn = false; 2077 if (sdata->csa_block_tx) { 2078 ieee80211_wake_vif_queues(local, sdata, 2079 IEEE80211_QUEUE_STOP_REASON_CSA); 2080 sdata->csa_block_tx = false; 2081 } 2082 mutex_unlock(&local->mtx); 2083 2084 /* existing TX TSPEC sessions no longer exist */ 2085 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec)); 2086 cancel_delayed_work_sync(&ifmgd->tx_tspec_wk); 2087 2088 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM; 2089 } 2090 2091 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 2092 struct ieee80211_hdr *hdr) 2093 { 2094 /* 2095 * We can postpone the mgd.timer whenever receiving unicast frames 2096 * from AP because we know that the connection is working both ways 2097 * at that time. But multicast frames (and hence also beacons) must 2098 * be ignored here, because we need to trigger the timer during 2099 * data idle periods for sending the periodic probe request to the 2100 * AP we're connected to. 2101 */ 2102 if (is_multicast_ether_addr(hdr->addr1)) 2103 return; 2104 2105 ieee80211_sta_reset_conn_monitor(sdata); 2106 } 2107 2108 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 2109 { 2110 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2111 struct ieee80211_local *local = sdata->local; 2112 2113 mutex_lock(&local->mtx); 2114 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)) 2115 goto out; 2116 2117 __ieee80211_stop_poll(sdata); 2118 2119 mutex_lock(&local->iflist_mtx); 2120 ieee80211_recalc_ps(local, -1); 2121 mutex_unlock(&local->iflist_mtx); 2122 2123 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 2124 goto out; 2125 2126 /* 2127 * We've received a probe response, but are not sure whether 2128 * we have or will be receiving any beacons or data, so let's 2129 * schedule the timers again, just in case. 2130 */ 2131 ieee80211_sta_reset_beacon_monitor(sdata); 2132 2133 mod_timer(&ifmgd->conn_mon_timer, 2134 round_jiffies_up(jiffies + 2135 IEEE80211_CONNECTION_IDLE_TIME)); 2136 out: 2137 mutex_unlock(&local->mtx); 2138 } 2139 2140 static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata, 2141 struct ieee80211_hdr *hdr, 2142 u16 tx_time) 2143 { 2144 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2145 u16 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK; 2146 int ac = ieee80211_ac_from_tid(tid); 2147 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac]; 2148 unsigned long now = jiffies; 2149 2150 if (likely(!tx_tspec->admitted_time)) 2151 return; 2152 2153 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 2154 tx_tspec->consumed_tx_time = 0; 2155 tx_tspec->time_slice_start = now; 2156 2157 if (tx_tspec->downgraded) { 2158 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE; 2159 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0); 2160 } 2161 } 2162 2163 if (tx_tspec->downgraded) 2164 return; 2165 2166 tx_tspec->consumed_tx_time += tx_time; 2167 2168 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) { 2169 tx_tspec->downgraded = true; 2170 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE; 2171 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0); 2172 } 2173 } 2174 2175 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 2176 struct ieee80211_hdr *hdr, bool ack, u16 tx_time) 2177 { 2178 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time); 2179 2180 if (!ieee80211_is_data(hdr->frame_control)) 2181 return; 2182 2183 if (ieee80211_is_nullfunc(hdr->frame_control) && 2184 sdata->u.mgd.probe_send_count > 0) { 2185 if (ack) 2186 ieee80211_sta_reset_conn_monitor(sdata); 2187 else 2188 sdata->u.mgd.nullfunc_failed = true; 2189 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 2190 return; 2191 } 2192 2193 if (ack) 2194 ieee80211_sta_reset_conn_monitor(sdata); 2195 } 2196 2197 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 2198 { 2199 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2200 const u8 *ssid; 2201 u8 *dst = ifmgd->associated->bssid; 2202 u8 unicast_limit = max(1, max_probe_tries - 3); 2203 2204 /* 2205 * Try sending broadcast probe requests for the last three 2206 * probe requests after the first ones failed since some 2207 * buggy APs only support broadcast probe requests. 2208 */ 2209 if (ifmgd->probe_send_count >= unicast_limit) 2210 dst = NULL; 2211 2212 /* 2213 * When the hardware reports an accurate Tx ACK status, it's 2214 * better to send a nullfunc frame instead of a probe request, 2215 * as it will kick us off the AP quickly if we aren't associated 2216 * anymore. The timeout will be reset if the frame is ACKed by 2217 * the AP. 2218 */ 2219 ifmgd->probe_send_count++; 2220 2221 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 2222 ifmgd->nullfunc_failed = false; 2223 ieee80211_send_nullfunc(sdata->local, sdata, 0); 2224 } else { 2225 int ssid_len; 2226 2227 rcu_read_lock(); 2228 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 2229 if (WARN_ON_ONCE(ssid == NULL)) 2230 ssid_len = 0; 2231 else 2232 ssid_len = ssid[1]; 2233 2234 ieee80211_send_probe_req(sdata, sdata->vif.addr, NULL, 2235 ssid + 2, ssid_len, NULL, 2236 0, (u32) -1, true, 0, 2237 ifmgd->associated->channel, false); 2238 rcu_read_unlock(); 2239 } 2240 2241 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 2242 run_again(sdata, ifmgd->probe_timeout); 2243 } 2244 2245 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 2246 bool beacon) 2247 { 2248 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2249 bool already = false; 2250 2251 if (!ieee80211_sdata_running(sdata)) 2252 return; 2253 2254 sdata_lock(sdata); 2255 2256 if (!ifmgd->associated) 2257 goto out; 2258 2259 mutex_lock(&sdata->local->mtx); 2260 2261 if (sdata->local->tmp_channel || sdata->local->scanning) { 2262 mutex_unlock(&sdata->local->mtx); 2263 goto out; 2264 } 2265 2266 if (beacon) { 2267 mlme_dbg_ratelimited(sdata, 2268 "detected beacon loss from AP (missed %d beacons) - probing\n", 2269 beacon_loss_count); 2270 2271 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL); 2272 } 2273 2274 /* 2275 * The driver/our work has already reported this event or the 2276 * connection monitoring has kicked in and we have already sent 2277 * a probe request. Or maybe the AP died and the driver keeps 2278 * reporting until we disassociate... 2279 * 2280 * In either case we have to ignore the current call to this 2281 * function (except for setting the correct probe reason bit) 2282 * because otherwise we would reset the timer every time and 2283 * never check whether we received a probe response! 2284 */ 2285 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 2286 already = true; 2287 2288 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 2289 2290 mutex_unlock(&sdata->local->mtx); 2291 2292 if (already) 2293 goto out; 2294 2295 mutex_lock(&sdata->local->iflist_mtx); 2296 ieee80211_recalc_ps(sdata->local, -1); 2297 mutex_unlock(&sdata->local->iflist_mtx); 2298 2299 ifmgd->probe_send_count = 0; 2300 ieee80211_mgd_probe_ap_send(sdata); 2301 out: 2302 sdata_unlock(sdata); 2303 } 2304 2305 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 2306 struct ieee80211_vif *vif) 2307 { 2308 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2309 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2310 struct cfg80211_bss *cbss; 2311 struct sk_buff *skb; 2312 const u8 *ssid; 2313 int ssid_len; 2314 2315 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2316 return NULL; 2317 2318 sdata_assert_lock(sdata); 2319 2320 if (ifmgd->associated) 2321 cbss = ifmgd->associated; 2322 else if (ifmgd->auth_data) 2323 cbss = ifmgd->auth_data->bss; 2324 else if (ifmgd->assoc_data) 2325 cbss = ifmgd->assoc_data->bss; 2326 else 2327 return NULL; 2328 2329 rcu_read_lock(); 2330 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 2331 if (WARN_ON_ONCE(ssid == NULL)) 2332 ssid_len = 0; 2333 else 2334 ssid_len = ssid[1]; 2335 2336 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid, 2337 (u32) -1, cbss->channel, 2338 ssid + 2, ssid_len, 2339 NULL, 0, true); 2340 rcu_read_unlock(); 2341 2342 return skb; 2343 } 2344 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2345 2346 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2347 { 2348 struct ieee80211_local *local = sdata->local; 2349 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2350 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2351 2352 sdata_lock(sdata); 2353 if (!ifmgd->associated) { 2354 sdata_unlock(sdata); 2355 return; 2356 } 2357 2358 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2359 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2360 true, frame_buf); 2361 mutex_lock(&local->mtx); 2362 sdata->vif.csa_active = false; 2363 ifmgd->csa_waiting_bcn = false; 2364 if (sdata->csa_block_tx) { 2365 ieee80211_wake_vif_queues(local, sdata, 2366 IEEE80211_QUEUE_STOP_REASON_CSA); 2367 sdata->csa_block_tx = false; 2368 } 2369 mutex_unlock(&local->mtx); 2370 2371 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 2372 IEEE80211_DEAUTH_FRAME_LEN); 2373 sdata_unlock(sdata); 2374 } 2375 2376 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2377 { 2378 struct ieee80211_sub_if_data *sdata = 2379 container_of(work, struct ieee80211_sub_if_data, 2380 u.mgd.beacon_connection_loss_work); 2381 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2382 struct sta_info *sta; 2383 2384 if (ifmgd->associated) { 2385 rcu_read_lock(); 2386 sta = sta_info_get(sdata, ifmgd->bssid); 2387 if (sta) 2388 sta->beacon_loss_count++; 2389 rcu_read_unlock(); 2390 } 2391 2392 if (ifmgd->connection_loss) { 2393 sdata_info(sdata, "Connection to AP %pM lost\n", 2394 ifmgd->bssid); 2395 __ieee80211_disconnect(sdata); 2396 } else { 2397 ieee80211_mgd_probe_ap(sdata, true); 2398 } 2399 } 2400 2401 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2402 { 2403 struct ieee80211_sub_if_data *sdata = 2404 container_of(work, struct ieee80211_sub_if_data, 2405 u.mgd.csa_connection_drop_work); 2406 2407 __ieee80211_disconnect(sdata); 2408 } 2409 2410 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2411 { 2412 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2413 struct ieee80211_hw *hw = &sdata->local->hw; 2414 2415 trace_api_beacon_loss(sdata); 2416 2417 sdata->u.mgd.connection_loss = false; 2418 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2419 } 2420 EXPORT_SYMBOL(ieee80211_beacon_loss); 2421 2422 void ieee80211_connection_loss(struct ieee80211_vif *vif) 2423 { 2424 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2425 struct ieee80211_hw *hw = &sdata->local->hw; 2426 2427 trace_api_connection_loss(sdata); 2428 2429 sdata->u.mgd.connection_loss = true; 2430 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2431 } 2432 EXPORT_SYMBOL(ieee80211_connection_loss); 2433 2434 2435 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2436 bool assoc) 2437 { 2438 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2439 2440 sdata_assert_lock(sdata); 2441 2442 if (!assoc) { 2443 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2444 2445 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2446 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2447 sdata->u.mgd.flags = 0; 2448 mutex_lock(&sdata->local->mtx); 2449 ieee80211_vif_release_channel(sdata); 2450 mutex_unlock(&sdata->local->mtx); 2451 } 2452 2453 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2454 kfree(auth_data); 2455 sdata->u.mgd.auth_data = NULL; 2456 } 2457 2458 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2459 struct ieee80211_mgmt *mgmt, size_t len) 2460 { 2461 struct ieee80211_local *local = sdata->local; 2462 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2463 u8 *pos; 2464 struct ieee802_11_elems elems; 2465 u32 tx_flags = 0; 2466 2467 pos = mgmt->u.auth.variable; 2468 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2469 if (!elems.challenge) 2470 return; 2471 auth_data->expected_transaction = 4; 2472 drv_mgd_prepare_tx(sdata->local, sdata); 2473 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2474 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2475 IEEE80211_TX_INTFL_MLME_CONN_TX; 2476 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2477 elems.challenge - 2, elems.challenge_len + 2, 2478 auth_data->bss->bssid, auth_data->bss->bssid, 2479 auth_data->key, auth_data->key_len, 2480 auth_data->key_idx, tx_flags); 2481 } 2482 2483 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2484 struct ieee80211_mgmt *mgmt, size_t len) 2485 { 2486 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2487 u8 bssid[ETH_ALEN]; 2488 u16 auth_alg, auth_transaction, status_code; 2489 struct sta_info *sta; 2490 2491 sdata_assert_lock(sdata); 2492 2493 if (len < 24 + 6) 2494 return; 2495 2496 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2497 return; 2498 2499 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2500 2501 if (!ether_addr_equal(bssid, mgmt->bssid)) 2502 return; 2503 2504 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2505 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2506 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2507 2508 if (auth_alg != ifmgd->auth_data->algorithm || 2509 auth_transaction != ifmgd->auth_data->expected_transaction) { 2510 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2511 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2512 auth_transaction, 2513 ifmgd->auth_data->expected_transaction); 2514 return; 2515 } 2516 2517 if (status_code != WLAN_STATUS_SUCCESS) { 2518 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2519 mgmt->sa, status_code); 2520 ieee80211_destroy_auth_data(sdata, false); 2521 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2522 return; 2523 } 2524 2525 switch (ifmgd->auth_data->algorithm) { 2526 case WLAN_AUTH_OPEN: 2527 case WLAN_AUTH_LEAP: 2528 case WLAN_AUTH_FT: 2529 case WLAN_AUTH_SAE: 2530 break; 2531 case WLAN_AUTH_SHARED_KEY: 2532 if (ifmgd->auth_data->expected_transaction != 4) { 2533 ieee80211_auth_challenge(sdata, mgmt, len); 2534 /* need another frame */ 2535 return; 2536 } 2537 break; 2538 default: 2539 WARN_ONCE(1, "invalid auth alg %d", 2540 ifmgd->auth_data->algorithm); 2541 return; 2542 } 2543 2544 sdata_info(sdata, "authenticated\n"); 2545 ifmgd->auth_data->done = true; 2546 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2547 ifmgd->auth_data->timeout_started = true; 2548 run_again(sdata, ifmgd->auth_data->timeout); 2549 2550 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2551 ifmgd->auth_data->expected_transaction != 2) { 2552 /* 2553 * Report auth frame to user space for processing since another 2554 * round of Authentication frames is still needed. 2555 */ 2556 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2557 return; 2558 } 2559 2560 /* move station state to auth */ 2561 mutex_lock(&sdata->local->sta_mtx); 2562 sta = sta_info_get(sdata, bssid); 2563 if (!sta) { 2564 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2565 goto out_err; 2566 } 2567 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2568 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2569 goto out_err; 2570 } 2571 mutex_unlock(&sdata->local->sta_mtx); 2572 2573 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2574 return; 2575 out_err: 2576 mutex_unlock(&sdata->local->sta_mtx); 2577 /* ignore frame -- wait for timeout */ 2578 } 2579 2580 #define case_WLAN(type) \ 2581 case WLAN_REASON_##type: return #type 2582 2583 static const char *ieee80211_get_reason_code_string(u16 reason_code) 2584 { 2585 switch (reason_code) { 2586 case_WLAN(UNSPECIFIED); 2587 case_WLAN(PREV_AUTH_NOT_VALID); 2588 case_WLAN(DEAUTH_LEAVING); 2589 case_WLAN(DISASSOC_DUE_TO_INACTIVITY); 2590 case_WLAN(DISASSOC_AP_BUSY); 2591 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA); 2592 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA); 2593 case_WLAN(DISASSOC_STA_HAS_LEFT); 2594 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH); 2595 case_WLAN(DISASSOC_BAD_POWER); 2596 case_WLAN(DISASSOC_BAD_SUPP_CHAN); 2597 case_WLAN(INVALID_IE); 2598 case_WLAN(MIC_FAILURE); 2599 case_WLAN(4WAY_HANDSHAKE_TIMEOUT); 2600 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT); 2601 case_WLAN(IE_DIFFERENT); 2602 case_WLAN(INVALID_GROUP_CIPHER); 2603 case_WLAN(INVALID_PAIRWISE_CIPHER); 2604 case_WLAN(INVALID_AKMP); 2605 case_WLAN(UNSUPP_RSN_VERSION); 2606 case_WLAN(INVALID_RSN_IE_CAP); 2607 case_WLAN(IEEE8021X_FAILED); 2608 case_WLAN(CIPHER_SUITE_REJECTED); 2609 case_WLAN(DISASSOC_UNSPECIFIED_QOS); 2610 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH); 2611 case_WLAN(DISASSOC_LOW_ACK); 2612 case_WLAN(DISASSOC_QAP_EXCEED_TXOP); 2613 case_WLAN(QSTA_LEAVE_QBSS); 2614 case_WLAN(QSTA_NOT_USE); 2615 case_WLAN(QSTA_REQUIRE_SETUP); 2616 case_WLAN(QSTA_TIMEOUT); 2617 case_WLAN(QSTA_CIPHER_NOT_SUPP); 2618 case_WLAN(MESH_PEER_CANCELED); 2619 case_WLAN(MESH_MAX_PEERS); 2620 case_WLAN(MESH_CONFIG); 2621 case_WLAN(MESH_CLOSE); 2622 case_WLAN(MESH_MAX_RETRIES); 2623 case_WLAN(MESH_CONFIRM_TIMEOUT); 2624 case_WLAN(MESH_INVALID_GTK); 2625 case_WLAN(MESH_INCONSISTENT_PARAM); 2626 case_WLAN(MESH_INVALID_SECURITY); 2627 case_WLAN(MESH_PATH_ERROR); 2628 case_WLAN(MESH_PATH_NOFORWARD); 2629 case_WLAN(MESH_PATH_DEST_UNREACHABLE); 2630 case_WLAN(MAC_EXISTS_IN_MBSS); 2631 case_WLAN(MESH_CHAN_REGULATORY); 2632 case_WLAN(MESH_CHAN); 2633 default: return "<unknown>"; 2634 } 2635 } 2636 2637 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2638 struct ieee80211_mgmt *mgmt, size_t len) 2639 { 2640 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2641 const u8 *bssid = NULL; 2642 u16 reason_code; 2643 2644 sdata_assert_lock(sdata); 2645 2646 if (len < 24 + 2) 2647 return; 2648 2649 if (!ifmgd->associated || 2650 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2651 return; 2652 2653 bssid = ifmgd->associated->bssid; 2654 2655 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2656 2657 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n", 2658 bssid, reason_code, ieee80211_get_reason_code_string(reason_code)); 2659 2660 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2661 2662 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2663 } 2664 2665 2666 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2667 struct ieee80211_mgmt *mgmt, size_t len) 2668 { 2669 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2670 u16 reason_code; 2671 2672 sdata_assert_lock(sdata); 2673 2674 if (len < 24 + 2) 2675 return; 2676 2677 if (!ifmgd->associated || 2678 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2679 return; 2680 2681 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2682 2683 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2684 mgmt->sa, reason_code); 2685 2686 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2687 2688 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2689 } 2690 2691 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2692 u8 *supp_rates, unsigned int supp_rates_len, 2693 u32 *rates, u32 *basic_rates, 2694 bool *have_higher_than_11mbit, 2695 int *min_rate, int *min_rate_index, 2696 int shift, u32 rate_flags) 2697 { 2698 int i, j; 2699 2700 for (i = 0; i < supp_rates_len; i++) { 2701 int rate = supp_rates[i] & 0x7f; 2702 bool is_basic = !!(supp_rates[i] & 0x80); 2703 2704 if ((rate * 5 * (1 << shift)) > 110) 2705 *have_higher_than_11mbit = true; 2706 2707 /* 2708 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2709 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2710 * 2711 * Note: Even through the membership selector and the basic 2712 * rate flag share the same bit, they are not exactly 2713 * the same. 2714 */ 2715 if (!!(supp_rates[i] & 0x80) && 2716 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2717 continue; 2718 2719 for (j = 0; j < sband->n_bitrates; j++) { 2720 struct ieee80211_rate *br; 2721 int brate; 2722 2723 br = &sband->bitrates[j]; 2724 if ((rate_flags & br->flags) != rate_flags) 2725 continue; 2726 2727 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5); 2728 if (brate == rate) { 2729 *rates |= BIT(j); 2730 if (is_basic) 2731 *basic_rates |= BIT(j); 2732 if ((rate * 5) < *min_rate) { 2733 *min_rate = rate * 5; 2734 *min_rate_index = j; 2735 } 2736 break; 2737 } 2738 } 2739 } 2740 } 2741 2742 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2743 bool assoc) 2744 { 2745 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2746 2747 sdata_assert_lock(sdata); 2748 2749 if (!assoc) { 2750 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2751 2752 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2753 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2754 sdata->u.mgd.flags = 0; 2755 mutex_lock(&sdata->local->mtx); 2756 ieee80211_vif_release_channel(sdata); 2757 mutex_unlock(&sdata->local->mtx); 2758 } 2759 2760 kfree(assoc_data); 2761 sdata->u.mgd.assoc_data = NULL; 2762 } 2763 2764 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2765 struct cfg80211_bss *cbss, 2766 struct ieee80211_mgmt *mgmt, size_t len) 2767 { 2768 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2769 struct ieee80211_local *local = sdata->local; 2770 struct ieee80211_supported_band *sband; 2771 struct sta_info *sta; 2772 u8 *pos; 2773 u16 capab_info, aid; 2774 struct ieee802_11_elems elems; 2775 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2776 const struct cfg80211_bss_ies *bss_ies = NULL; 2777 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2778 u32 changed = 0; 2779 int err; 2780 bool ret; 2781 2782 /* AssocResp and ReassocResp have identical structure */ 2783 2784 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2785 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2786 2787 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2788 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2789 aid); 2790 aid &= ~(BIT(15) | BIT(14)); 2791 2792 ifmgd->broken_ap = false; 2793 2794 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2795 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2796 aid); 2797 aid = 0; 2798 ifmgd->broken_ap = true; 2799 } 2800 2801 pos = mgmt->u.assoc_resp.variable; 2802 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2803 2804 if (!elems.supp_rates) { 2805 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2806 return false; 2807 } 2808 2809 ifmgd->aid = aid; 2810 ifmgd->tdls_chan_switch_prohibited = 2811 elems.ext_capab && elems.ext_capab_len >= 5 && 2812 (elems.ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED); 2813 2814 /* 2815 * Some APs are erroneously not including some information in their 2816 * (re)association response frames. Try to recover by using the data 2817 * from the beacon or probe response. This seems to afflict mobile 2818 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 2819 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 2820 */ 2821 if ((assoc_data->wmm && !elems.wmm_param) || 2822 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2823 (!elems.ht_cap_elem || !elems.ht_operation)) || 2824 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2825 (!elems.vht_cap_elem || !elems.vht_operation))) { 2826 const struct cfg80211_bss_ies *ies; 2827 struct ieee802_11_elems bss_elems; 2828 2829 rcu_read_lock(); 2830 ies = rcu_dereference(cbss->ies); 2831 if (ies) 2832 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 2833 GFP_ATOMIC); 2834 rcu_read_unlock(); 2835 if (!bss_ies) 2836 return false; 2837 2838 ieee802_11_parse_elems(bss_ies->data, bss_ies->len, 2839 false, &bss_elems); 2840 if (assoc_data->wmm && 2841 !elems.wmm_param && bss_elems.wmm_param) { 2842 elems.wmm_param = bss_elems.wmm_param; 2843 sdata_info(sdata, 2844 "AP bug: WMM param missing from AssocResp\n"); 2845 } 2846 2847 /* 2848 * Also check if we requested HT/VHT, otherwise the AP doesn't 2849 * have to include the IEs in the (re)association response. 2850 */ 2851 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem && 2852 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2853 elems.ht_cap_elem = bss_elems.ht_cap_elem; 2854 sdata_info(sdata, 2855 "AP bug: HT capability missing from AssocResp\n"); 2856 } 2857 if (!elems.ht_operation && bss_elems.ht_operation && 2858 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2859 elems.ht_operation = bss_elems.ht_operation; 2860 sdata_info(sdata, 2861 "AP bug: HT operation missing from AssocResp\n"); 2862 } 2863 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem && 2864 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2865 elems.vht_cap_elem = bss_elems.vht_cap_elem; 2866 sdata_info(sdata, 2867 "AP bug: VHT capa missing from AssocResp\n"); 2868 } 2869 if (!elems.vht_operation && bss_elems.vht_operation && 2870 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2871 elems.vht_operation = bss_elems.vht_operation; 2872 sdata_info(sdata, 2873 "AP bug: VHT operation missing from AssocResp\n"); 2874 } 2875 } 2876 2877 /* 2878 * We previously checked these in the beacon/probe response, so 2879 * they should be present here. This is just a safety net. 2880 */ 2881 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2882 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2883 sdata_info(sdata, 2884 "HT AP is missing WMM params or HT capability/operation\n"); 2885 ret = false; 2886 goto out; 2887 } 2888 2889 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2890 (!elems.vht_cap_elem || !elems.vht_operation)) { 2891 sdata_info(sdata, 2892 "VHT AP is missing VHT capability/operation\n"); 2893 ret = false; 2894 goto out; 2895 } 2896 2897 mutex_lock(&sdata->local->sta_mtx); 2898 /* 2899 * station info was already allocated and inserted before 2900 * the association and should be available to us 2901 */ 2902 sta = sta_info_get(sdata, cbss->bssid); 2903 if (WARN_ON(!sta)) { 2904 mutex_unlock(&sdata->local->sta_mtx); 2905 ret = false; 2906 goto out; 2907 } 2908 2909 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2910 2911 /* Set up internal HT/VHT capabilities */ 2912 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2913 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2914 elems.ht_cap_elem, sta); 2915 2916 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2917 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2918 elems.vht_cap_elem, sta); 2919 2920 /* 2921 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2922 * in their association response, so ignore that data for our own 2923 * configuration. If it changed since the last beacon, we'll get the 2924 * next beacon and update then. 2925 */ 2926 2927 /* 2928 * If an operating mode notification IE is present, override the 2929 * NSS calculation (that would be done in rate_control_rate_init()) 2930 * and use the # of streams from that element. 2931 */ 2932 if (elems.opmode_notif && 2933 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2934 u8 nss; 2935 2936 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2937 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2938 nss += 1; 2939 sta->sta.rx_nss = nss; 2940 } 2941 2942 rate_control_rate_init(sta); 2943 2944 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2945 set_sta_flag(sta, WLAN_STA_MFP); 2946 2947 sta->sta.wme = elems.wmm_param; 2948 2949 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2950 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2951 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2952 if (err) { 2953 sdata_info(sdata, 2954 "failed to move station %pM to desired state\n", 2955 sta->sta.addr); 2956 WARN_ON(__sta_info_destroy(sta)); 2957 mutex_unlock(&sdata->local->sta_mtx); 2958 ret = false; 2959 goto out; 2960 } 2961 2962 mutex_unlock(&sdata->local->sta_mtx); 2963 2964 /* 2965 * Always handle WMM once after association regardless 2966 * of the first value the AP uses. Setting -1 here has 2967 * that effect because the AP values is an unsigned 2968 * 4-bit value. 2969 */ 2970 ifmgd->wmm_last_param_set = -1; 2971 2972 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && elems.wmm_param) 2973 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2974 elems.wmm_param_len); 2975 else 2976 ieee80211_set_wmm_default(sdata, false); 2977 changed |= BSS_CHANGED_QOS; 2978 2979 /* set AID and assoc capability, 2980 * ieee80211_set_associated() will tell the driver */ 2981 bss_conf->aid = aid; 2982 bss_conf->assoc_capability = capab_info; 2983 ieee80211_set_associated(sdata, cbss, changed); 2984 2985 /* 2986 * If we're using 4-addr mode, let the AP know that we're 2987 * doing so, so that it can create the STA VLAN on its side 2988 */ 2989 if (ifmgd->use_4addr) 2990 ieee80211_send_4addr_nullfunc(local, sdata); 2991 2992 /* 2993 * Start timer to probe the connection to the AP now. 2994 * Also start the timer that will detect beacon loss. 2995 */ 2996 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2997 ieee80211_sta_reset_beacon_monitor(sdata); 2998 2999 ret = true; 3000 out: 3001 kfree(bss_ies); 3002 return ret; 3003 } 3004 3005 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 3006 struct ieee80211_mgmt *mgmt, 3007 size_t len) 3008 { 3009 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3010 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 3011 u16 capab_info, status_code, aid; 3012 struct ieee802_11_elems elems; 3013 int ac, uapsd_queues = -1; 3014 u8 *pos; 3015 bool reassoc; 3016 struct cfg80211_bss *bss; 3017 3018 sdata_assert_lock(sdata); 3019 3020 if (!assoc_data) 3021 return; 3022 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 3023 return; 3024 3025 /* 3026 * AssocResp and ReassocResp have identical structure, so process both 3027 * of them in this function. 3028 */ 3029 3030 if (len < 24 + 6) 3031 return; 3032 3033 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 3034 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 3035 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 3036 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 3037 3038 sdata_info(sdata, 3039 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 3040 reassoc ? "Rea" : "A", mgmt->sa, 3041 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 3042 3043 pos = mgmt->u.assoc_resp.variable; 3044 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 3045 3046 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 3047 elems.timeout_int && 3048 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 3049 u32 tu, ms; 3050 tu = le32_to_cpu(elems.timeout_int->value); 3051 ms = tu * 1024 / 1000; 3052 sdata_info(sdata, 3053 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 3054 mgmt->sa, tu, ms); 3055 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 3056 assoc_data->timeout_started = true; 3057 if (ms > IEEE80211_ASSOC_TIMEOUT) 3058 run_again(sdata, assoc_data->timeout); 3059 return; 3060 } 3061 3062 bss = assoc_data->bss; 3063 3064 if (status_code != WLAN_STATUS_SUCCESS) { 3065 sdata_info(sdata, "%pM denied association (code=%d)\n", 3066 mgmt->sa, status_code); 3067 ieee80211_destroy_assoc_data(sdata, false); 3068 } else { 3069 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) { 3070 /* oops -- internal error -- send timeout for now */ 3071 ieee80211_destroy_assoc_data(sdata, false); 3072 cfg80211_assoc_timeout(sdata->dev, bss); 3073 return; 3074 } 3075 sdata_info(sdata, "associated\n"); 3076 3077 /* 3078 * destroy assoc_data afterwards, as otherwise an idle 3079 * recalc after assoc_data is NULL but before associated 3080 * is set can cause the interface to go idle 3081 */ 3082 ieee80211_destroy_assoc_data(sdata, true); 3083 3084 /* get uapsd queues configuration */ 3085 uapsd_queues = 0; 3086 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) 3087 if (sdata->tx_conf[ac].uapsd) 3088 uapsd_queues |= BIT(ac); 3089 } 3090 3091 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len, uapsd_queues); 3092 } 3093 3094 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 3095 struct ieee80211_mgmt *mgmt, size_t len, 3096 struct ieee80211_rx_status *rx_status, 3097 struct ieee802_11_elems *elems) 3098 { 3099 struct ieee80211_local *local = sdata->local; 3100 struct ieee80211_bss *bss; 3101 struct ieee80211_channel *channel; 3102 3103 sdata_assert_lock(sdata); 3104 3105 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq); 3106 if (!channel) 3107 return; 3108 3109 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 3110 channel); 3111 if (bss) { 3112 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; 3113 ieee80211_rx_bss_put(local, bss); 3114 } 3115 } 3116 3117 3118 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 3119 struct sk_buff *skb) 3120 { 3121 struct ieee80211_mgmt *mgmt = (void *)skb->data; 3122 struct ieee80211_if_managed *ifmgd; 3123 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 3124 size_t baselen, len = skb->len; 3125 struct ieee802_11_elems elems; 3126 3127 ifmgd = &sdata->u.mgd; 3128 3129 sdata_assert_lock(sdata); 3130 3131 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 3132 return; /* ignore ProbeResp to foreign address */ 3133 3134 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 3135 if (baselen > len) 3136 return; 3137 3138 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 3139 false, &elems); 3140 3141 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3142 3143 if (ifmgd->associated && 3144 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 3145 ieee80211_reset_ap_probe(sdata); 3146 3147 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 3148 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 3149 /* got probe response, continue with auth */ 3150 sdata_info(sdata, "direct probe responded\n"); 3151 ifmgd->auth_data->tries = 0; 3152 ifmgd->auth_data->timeout = jiffies; 3153 ifmgd->auth_data->timeout_started = true; 3154 run_again(sdata, ifmgd->auth_data->timeout); 3155 } 3156 } 3157 3158 /* 3159 * This is the canonical list of information elements we care about, 3160 * the filter code also gives us all changes to the Microsoft OUI 3161 * (00:50:F2) vendor IE which is used for WMM which we need to track, 3162 * as well as the DTPC IE (part of the Cisco OUI) used for signaling 3163 * changes to requested client power. 3164 * 3165 * We implement beacon filtering in software since that means we can 3166 * avoid processing the frame here and in cfg80211, and userspace 3167 * will not be able to tell whether the hardware supports it or not. 3168 * 3169 * XXX: This list needs to be dynamic -- userspace needs to be able to 3170 * add items it requires. It also needs to be able to tell us to 3171 * look out for other vendor IEs. 3172 */ 3173 static const u64 care_about_ies = 3174 (1ULL << WLAN_EID_COUNTRY) | 3175 (1ULL << WLAN_EID_ERP_INFO) | 3176 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 3177 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 3178 (1ULL << WLAN_EID_HT_CAPABILITY) | 3179 (1ULL << WLAN_EID_HT_OPERATION); 3180 3181 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 3182 struct ieee80211_mgmt *mgmt, size_t len, 3183 struct ieee80211_rx_status *rx_status) 3184 { 3185 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3186 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 3187 size_t baselen; 3188 struct ieee802_11_elems elems; 3189 struct ieee80211_local *local = sdata->local; 3190 struct ieee80211_chanctx_conf *chanctx_conf; 3191 struct ieee80211_channel *chan; 3192 struct sta_info *sta; 3193 u32 changed = 0; 3194 bool erp_valid; 3195 u8 erp_value = 0; 3196 u32 ncrc; 3197 u8 *bssid; 3198 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3199 3200 sdata_assert_lock(sdata); 3201 3202 /* Process beacon from the current BSS */ 3203 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 3204 if (baselen > len) 3205 return; 3206 3207 rcu_read_lock(); 3208 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 3209 if (!chanctx_conf) { 3210 rcu_read_unlock(); 3211 return; 3212 } 3213 3214 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 3215 rcu_read_unlock(); 3216 return; 3217 } 3218 chan = chanctx_conf->def.chan; 3219 rcu_read_unlock(); 3220 3221 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 3222 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 3223 ieee802_11_parse_elems(mgmt->u.beacon.variable, 3224 len - baselen, false, &elems); 3225 3226 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3227 if (elems.tim && !elems.parse_error) { 3228 const struct ieee80211_tim_ie *tim_ie = elems.tim; 3229 ifmgd->dtim_period = tim_ie->dtim_period; 3230 } 3231 ifmgd->have_beacon = true; 3232 ifmgd->assoc_data->need_beacon = false; 3233 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3234 sdata->vif.bss_conf.sync_tsf = 3235 le64_to_cpu(mgmt->u.beacon.timestamp); 3236 sdata->vif.bss_conf.sync_device_ts = 3237 rx_status->device_timestamp; 3238 if (elems.tim) 3239 sdata->vif.bss_conf.sync_dtim_count = 3240 elems.tim->dtim_count; 3241 else 3242 sdata->vif.bss_conf.sync_dtim_count = 0; 3243 } 3244 /* continue assoc process */ 3245 ifmgd->assoc_data->timeout = jiffies; 3246 ifmgd->assoc_data->timeout_started = true; 3247 run_again(sdata, ifmgd->assoc_data->timeout); 3248 return; 3249 } 3250 3251 if (!ifmgd->associated || 3252 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 3253 return; 3254 bssid = ifmgd->associated->bssid; 3255 3256 /* Track average RSSI from the Beacon frames of the current AP */ 3257 ifmgd->last_beacon_signal = rx_status->signal; 3258 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 3259 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 3260 ifmgd->ave_beacon_signal = rx_status->signal * 16; 3261 ifmgd->last_cqm_event_signal = 0; 3262 ifmgd->count_beacon_signal = 1; 3263 ifmgd->last_ave_beacon_signal = 0; 3264 } else { 3265 ifmgd->ave_beacon_signal = 3266 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 3267 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 3268 ifmgd->ave_beacon_signal) / 16; 3269 ifmgd->count_beacon_signal++; 3270 } 3271 3272 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 3273 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 3274 int sig = ifmgd->ave_beacon_signal; 3275 int last_sig = ifmgd->last_ave_beacon_signal; 3276 3277 /* 3278 * if signal crosses either of the boundaries, invoke callback 3279 * with appropriate parameters 3280 */ 3281 if (sig > ifmgd->rssi_max_thold && 3282 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 3283 ifmgd->last_ave_beacon_signal = sig; 3284 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH); 3285 } else if (sig < ifmgd->rssi_min_thold && 3286 (last_sig >= ifmgd->rssi_max_thold || 3287 last_sig == 0)) { 3288 ifmgd->last_ave_beacon_signal = sig; 3289 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW); 3290 } 3291 } 3292 3293 if (bss_conf->cqm_rssi_thold && 3294 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 3295 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 3296 int sig = ifmgd->ave_beacon_signal / 16; 3297 int last_event = ifmgd->last_cqm_event_signal; 3298 int thold = bss_conf->cqm_rssi_thold; 3299 int hyst = bss_conf->cqm_rssi_hyst; 3300 if (sig < thold && 3301 (last_event == 0 || sig < last_event - hyst)) { 3302 ifmgd->last_cqm_event_signal = sig; 3303 ieee80211_cqm_rssi_notify( 3304 &sdata->vif, 3305 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 3306 GFP_KERNEL); 3307 } else if (sig > thold && 3308 (last_event == 0 || sig > last_event + hyst)) { 3309 ifmgd->last_cqm_event_signal = sig; 3310 ieee80211_cqm_rssi_notify( 3311 &sdata->vif, 3312 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 3313 GFP_KERNEL); 3314 } 3315 } 3316 3317 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) { 3318 mlme_dbg_ratelimited(sdata, 3319 "cancelling AP probe due to a received beacon\n"); 3320 ieee80211_reset_ap_probe(sdata); 3321 } 3322 3323 /* 3324 * Push the beacon loss detection into the future since 3325 * we are processing a beacon from the AP just now. 3326 */ 3327 ieee80211_sta_reset_beacon_monitor(sdata); 3328 3329 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 3330 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 3331 len - baselen, false, &elems, 3332 care_about_ies, ncrc); 3333 3334 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 3335 bool directed_tim = ieee80211_check_tim(elems.tim, 3336 elems.tim_len, 3337 ifmgd->aid); 3338 if (directed_tim) { 3339 if (local->hw.conf.dynamic_ps_timeout > 0) { 3340 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 3341 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 3342 ieee80211_hw_config(local, 3343 IEEE80211_CONF_CHANGE_PS); 3344 } 3345 ieee80211_send_nullfunc(local, sdata, 0); 3346 } else if (!local->pspolling && sdata->u.mgd.powersave) { 3347 local->pspolling = true; 3348 3349 /* 3350 * Here is assumed that the driver will be 3351 * able to send ps-poll frame and receive a 3352 * response even though power save mode is 3353 * enabled, but some drivers might require 3354 * to disable power save here. This needs 3355 * to be investigated. 3356 */ 3357 ieee80211_send_pspoll(local, sdata); 3358 } 3359 } 3360 } 3361 3362 if (sdata->vif.p2p) { 3363 struct ieee80211_p2p_noa_attr noa = {}; 3364 int ret; 3365 3366 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 3367 len - baselen, 3368 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 3369 (u8 *) &noa, sizeof(noa)); 3370 if (ret >= 2) { 3371 if (sdata->u.mgd.p2p_noa_index != noa.index) { 3372 /* valid noa_attr and index changed */ 3373 sdata->u.mgd.p2p_noa_index = noa.index; 3374 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 3375 changed |= BSS_CHANGED_P2P_PS; 3376 /* 3377 * make sure we update all information, the CRC 3378 * mechanism doesn't look at P2P attributes. 3379 */ 3380 ifmgd->beacon_crc_valid = false; 3381 } 3382 } else if (sdata->u.mgd.p2p_noa_index != -1) { 3383 /* noa_attr not found and we had valid noa_attr before */ 3384 sdata->u.mgd.p2p_noa_index = -1; 3385 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 3386 changed |= BSS_CHANGED_P2P_PS; 3387 ifmgd->beacon_crc_valid = false; 3388 } 3389 } 3390 3391 if (ifmgd->csa_waiting_bcn) 3392 ieee80211_chswitch_post_beacon(sdata); 3393 3394 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 3395 return; 3396 ifmgd->beacon_crc = ncrc; 3397 ifmgd->beacon_crc_valid = true; 3398 3399 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3400 3401 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 3402 rx_status->device_timestamp, 3403 &elems, true); 3404 3405 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && 3406 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 3407 elems.wmm_param_len)) 3408 changed |= BSS_CHANGED_QOS; 3409 3410 /* 3411 * If we haven't had a beacon before, tell the driver about the 3412 * DTIM period (and beacon timing if desired) now. 3413 */ 3414 if (!ifmgd->have_beacon) { 3415 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 3416 if (elems.tim) 3417 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 3418 else 3419 bss_conf->dtim_period = 1; 3420 3421 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3422 sdata->vif.bss_conf.sync_tsf = 3423 le64_to_cpu(mgmt->u.beacon.timestamp); 3424 sdata->vif.bss_conf.sync_device_ts = 3425 rx_status->device_timestamp; 3426 if (elems.tim) 3427 sdata->vif.bss_conf.sync_dtim_count = 3428 elems.tim->dtim_count; 3429 else 3430 sdata->vif.bss_conf.sync_dtim_count = 0; 3431 } 3432 3433 changed |= BSS_CHANGED_BEACON_INFO; 3434 ifmgd->have_beacon = true; 3435 3436 mutex_lock(&local->iflist_mtx); 3437 ieee80211_recalc_ps(local, -1); 3438 mutex_unlock(&local->iflist_mtx); 3439 3440 ieee80211_recalc_ps_vif(sdata); 3441 } 3442 3443 if (elems.erp_info) { 3444 erp_valid = true; 3445 erp_value = elems.erp_info[0]; 3446 } else { 3447 erp_valid = false; 3448 } 3449 changed |= ieee80211_handle_bss_capability(sdata, 3450 le16_to_cpu(mgmt->u.beacon.capab_info), 3451 erp_valid, erp_value); 3452 3453 mutex_lock(&local->sta_mtx); 3454 sta = sta_info_get(sdata, bssid); 3455 3456 if (ieee80211_config_bw(sdata, sta, 3457 elems.ht_cap_elem, elems.ht_operation, 3458 elems.vht_operation, bssid, &changed)) { 3459 mutex_unlock(&local->sta_mtx); 3460 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3461 WLAN_REASON_DEAUTH_LEAVING, 3462 true, deauth_buf); 3463 cfg80211_tx_mlme_mgmt(sdata->dev, deauth_buf, 3464 sizeof(deauth_buf)); 3465 return; 3466 } 3467 3468 if (sta && elems.opmode_notif) 3469 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3470 rx_status->band, true); 3471 mutex_unlock(&local->sta_mtx); 3472 3473 changed |= ieee80211_handle_pwr_constr(sdata, chan, mgmt, 3474 elems.country_elem, 3475 elems.country_elem_len, 3476 elems.pwr_constr_elem, 3477 elems.cisco_dtpc_elem); 3478 3479 ieee80211_bss_info_change_notify(sdata, changed); 3480 } 3481 3482 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3483 struct sk_buff *skb) 3484 { 3485 struct ieee80211_rx_status *rx_status; 3486 struct ieee80211_mgmt *mgmt; 3487 u16 fc; 3488 struct ieee802_11_elems elems; 3489 int ies_len; 3490 3491 rx_status = (struct ieee80211_rx_status *) skb->cb; 3492 mgmt = (struct ieee80211_mgmt *) skb->data; 3493 fc = le16_to_cpu(mgmt->frame_control); 3494 3495 sdata_lock(sdata); 3496 3497 switch (fc & IEEE80211_FCTL_STYPE) { 3498 case IEEE80211_STYPE_BEACON: 3499 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status); 3500 break; 3501 case IEEE80211_STYPE_PROBE_RESP: 3502 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3503 break; 3504 case IEEE80211_STYPE_AUTH: 3505 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3506 break; 3507 case IEEE80211_STYPE_DEAUTH: 3508 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3509 break; 3510 case IEEE80211_STYPE_DISASSOC: 3511 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3512 break; 3513 case IEEE80211_STYPE_ASSOC_RESP: 3514 case IEEE80211_STYPE_REASSOC_RESP: 3515 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 3516 break; 3517 case IEEE80211_STYPE_ACTION: 3518 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 3519 ies_len = skb->len - 3520 offsetof(struct ieee80211_mgmt, 3521 u.action.u.chan_switch.variable); 3522 3523 if (ies_len < 0) 3524 break; 3525 3526 ieee802_11_parse_elems( 3527 mgmt->u.action.u.chan_switch.variable, 3528 ies_len, true, &elems); 3529 3530 if (elems.parse_error) 3531 break; 3532 3533 ieee80211_sta_process_chanswitch(sdata, 3534 rx_status->mactime, 3535 rx_status->device_timestamp, 3536 &elems, false); 3537 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3538 ies_len = skb->len - 3539 offsetof(struct ieee80211_mgmt, 3540 u.action.u.ext_chan_switch.variable); 3541 3542 if (ies_len < 0) 3543 break; 3544 3545 ieee802_11_parse_elems( 3546 mgmt->u.action.u.ext_chan_switch.variable, 3547 ies_len, true, &elems); 3548 3549 if (elems.parse_error) 3550 break; 3551 3552 /* for the handling code pretend this was also an IE */ 3553 elems.ext_chansw_ie = 3554 &mgmt->u.action.u.ext_chan_switch.data; 3555 3556 ieee80211_sta_process_chanswitch(sdata, 3557 rx_status->mactime, 3558 rx_status->device_timestamp, 3559 &elems, false); 3560 } 3561 break; 3562 } 3563 sdata_unlock(sdata); 3564 } 3565 3566 static void ieee80211_sta_timer(unsigned long data) 3567 { 3568 struct ieee80211_sub_if_data *sdata = 3569 (struct ieee80211_sub_if_data *) data; 3570 3571 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3572 } 3573 3574 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3575 u8 *bssid, u8 reason, bool tx) 3576 { 3577 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3578 3579 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3580 tx, frame_buf); 3581 3582 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3583 IEEE80211_DEAUTH_FRAME_LEN); 3584 } 3585 3586 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3587 { 3588 struct ieee80211_local *local = sdata->local; 3589 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3590 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3591 u32 tx_flags = 0; 3592 3593 sdata_assert_lock(sdata); 3594 3595 if (WARN_ON_ONCE(!auth_data)) 3596 return -EINVAL; 3597 3598 auth_data->tries++; 3599 3600 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3601 sdata_info(sdata, "authentication with %pM timed out\n", 3602 auth_data->bss->bssid); 3603 3604 /* 3605 * Most likely AP is not in the range so remove the 3606 * bss struct for that AP. 3607 */ 3608 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3609 3610 return -ETIMEDOUT; 3611 } 3612 3613 drv_mgd_prepare_tx(local, sdata); 3614 3615 if (auth_data->bss->proberesp_ies) { 3616 u16 trans = 1; 3617 u16 status = 0; 3618 3619 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3620 auth_data->bss->bssid, auth_data->tries, 3621 IEEE80211_AUTH_MAX_TRIES); 3622 3623 auth_data->expected_transaction = 2; 3624 3625 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3626 trans = auth_data->sae_trans; 3627 status = auth_data->sae_status; 3628 auth_data->expected_transaction = trans; 3629 } 3630 3631 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3632 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3633 IEEE80211_TX_INTFL_MLME_CONN_TX; 3634 3635 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3636 auth_data->data, auth_data->data_len, 3637 auth_data->bss->bssid, 3638 auth_data->bss->bssid, NULL, 0, 0, 3639 tx_flags); 3640 } else { 3641 const u8 *ssidie; 3642 3643 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3644 auth_data->bss->bssid, auth_data->tries, 3645 IEEE80211_AUTH_MAX_TRIES); 3646 3647 rcu_read_lock(); 3648 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3649 if (!ssidie) { 3650 rcu_read_unlock(); 3651 return -EINVAL; 3652 } 3653 /* 3654 * Direct probe is sent to broadcast address as some APs 3655 * will not answer to direct packet in unassociated state. 3656 */ 3657 ieee80211_send_probe_req(sdata, sdata->vif.addr, NULL, 3658 ssidie + 2, ssidie[1], 3659 NULL, 0, (u32) -1, true, 0, 3660 auth_data->bss->channel, false); 3661 rcu_read_unlock(); 3662 } 3663 3664 if (tx_flags == 0) { 3665 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3666 auth_data->timeout_started = true; 3667 run_again(sdata, auth_data->timeout); 3668 } else { 3669 auth_data->timeout = 3670 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); 3671 auth_data->timeout_started = true; 3672 run_again(sdata, auth_data->timeout); 3673 } 3674 3675 return 0; 3676 } 3677 3678 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3679 { 3680 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3681 struct ieee80211_local *local = sdata->local; 3682 3683 sdata_assert_lock(sdata); 3684 3685 assoc_data->tries++; 3686 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3687 sdata_info(sdata, "association with %pM timed out\n", 3688 assoc_data->bss->bssid); 3689 3690 /* 3691 * Most likely AP is not in the range so remove the 3692 * bss struct for that AP. 3693 */ 3694 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3695 3696 return -ETIMEDOUT; 3697 } 3698 3699 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3700 assoc_data->bss->bssid, assoc_data->tries, 3701 IEEE80211_ASSOC_MAX_TRIES); 3702 ieee80211_send_assoc(sdata); 3703 3704 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3705 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3706 assoc_data->timeout_started = true; 3707 run_again(sdata, assoc_data->timeout); 3708 } else { 3709 assoc_data->timeout = 3710 round_jiffies_up(jiffies + 3711 IEEE80211_ASSOC_TIMEOUT_LONG); 3712 assoc_data->timeout_started = true; 3713 run_again(sdata, assoc_data->timeout); 3714 } 3715 3716 return 0; 3717 } 3718 3719 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3720 __le16 fc, bool acked) 3721 { 3722 struct ieee80211_local *local = sdata->local; 3723 3724 sdata->u.mgd.status_fc = fc; 3725 sdata->u.mgd.status_acked = acked; 3726 sdata->u.mgd.status_received = true; 3727 3728 ieee80211_queue_work(&local->hw, &sdata->work); 3729 } 3730 3731 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3732 { 3733 struct ieee80211_local *local = sdata->local; 3734 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3735 3736 sdata_lock(sdata); 3737 3738 if (ifmgd->status_received) { 3739 __le16 fc = ifmgd->status_fc; 3740 bool status_acked = ifmgd->status_acked; 3741 3742 ifmgd->status_received = false; 3743 if (ifmgd->auth_data && 3744 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3745 if (status_acked) { 3746 ifmgd->auth_data->timeout = 3747 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3748 run_again(sdata, ifmgd->auth_data->timeout); 3749 } else { 3750 ifmgd->auth_data->timeout = jiffies - 1; 3751 } 3752 ifmgd->auth_data->timeout_started = true; 3753 } else if (ifmgd->assoc_data && 3754 (ieee80211_is_assoc_req(fc) || 3755 ieee80211_is_reassoc_req(fc))) { 3756 if (status_acked) { 3757 ifmgd->assoc_data->timeout = 3758 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3759 run_again(sdata, ifmgd->assoc_data->timeout); 3760 } else { 3761 ifmgd->assoc_data->timeout = jiffies - 1; 3762 } 3763 ifmgd->assoc_data->timeout_started = true; 3764 } 3765 } 3766 3767 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3768 time_after(jiffies, ifmgd->auth_data->timeout)) { 3769 if (ifmgd->auth_data->done) { 3770 /* 3771 * ok ... we waited for assoc but userspace didn't, 3772 * so let's just kill the auth data 3773 */ 3774 ieee80211_destroy_auth_data(sdata, false); 3775 } else if (ieee80211_probe_auth(sdata)) { 3776 u8 bssid[ETH_ALEN]; 3777 3778 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3779 3780 ieee80211_destroy_auth_data(sdata, false); 3781 3782 cfg80211_auth_timeout(sdata->dev, bssid); 3783 } 3784 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3785 run_again(sdata, ifmgd->auth_data->timeout); 3786 3787 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3788 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3789 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) || 3790 ieee80211_do_assoc(sdata)) { 3791 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 3792 3793 ieee80211_destroy_assoc_data(sdata, false); 3794 cfg80211_assoc_timeout(sdata->dev, bss); 3795 } 3796 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3797 run_again(sdata, ifmgd->assoc_data->timeout); 3798 3799 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL && 3800 ifmgd->associated) { 3801 u8 bssid[ETH_ALEN]; 3802 int max_tries; 3803 3804 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3805 3806 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3807 max_tries = max_nullfunc_tries; 3808 else 3809 max_tries = max_probe_tries; 3810 3811 /* ACK received for nullfunc probing frame */ 3812 if (!ifmgd->probe_send_count) 3813 ieee80211_reset_ap_probe(sdata); 3814 else if (ifmgd->nullfunc_failed) { 3815 if (ifmgd->probe_send_count < max_tries) { 3816 mlme_dbg(sdata, 3817 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3818 bssid, ifmgd->probe_send_count, 3819 max_tries); 3820 ieee80211_mgd_probe_ap_send(sdata); 3821 } else { 3822 mlme_dbg(sdata, 3823 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3824 bssid); 3825 ieee80211_sta_connection_lost(sdata, bssid, 3826 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3827 false); 3828 } 3829 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3830 run_again(sdata, ifmgd->probe_timeout); 3831 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3832 mlme_dbg(sdata, 3833 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3834 bssid, probe_wait_ms); 3835 ieee80211_sta_connection_lost(sdata, bssid, 3836 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3837 } else if (ifmgd->probe_send_count < max_tries) { 3838 mlme_dbg(sdata, 3839 "No probe response from AP %pM after %dms, try %d/%i\n", 3840 bssid, probe_wait_ms, 3841 ifmgd->probe_send_count, max_tries); 3842 ieee80211_mgd_probe_ap_send(sdata); 3843 } else { 3844 /* 3845 * We actually lost the connection ... or did we? 3846 * Let's make sure! 3847 */ 3848 wiphy_debug(local->hw.wiphy, 3849 "%s: No probe response from AP %pM" 3850 " after %dms, disconnecting.\n", 3851 sdata->name, 3852 bssid, probe_wait_ms); 3853 3854 ieee80211_sta_connection_lost(sdata, bssid, 3855 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3856 } 3857 } 3858 3859 sdata_unlock(sdata); 3860 } 3861 3862 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3863 { 3864 struct ieee80211_sub_if_data *sdata = 3865 (struct ieee80211_sub_if_data *) data; 3866 struct ieee80211_local *local = sdata->local; 3867 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3868 3869 if (local->quiescing) 3870 return; 3871 3872 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) 3873 return; 3874 3875 sdata->u.mgd.connection_loss = false; 3876 ieee80211_queue_work(&sdata->local->hw, 3877 &sdata->u.mgd.beacon_connection_loss_work); 3878 } 3879 3880 static void ieee80211_sta_conn_mon_timer(unsigned long data) 3881 { 3882 struct ieee80211_sub_if_data *sdata = 3883 (struct ieee80211_sub_if_data *) data; 3884 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3885 struct ieee80211_local *local = sdata->local; 3886 3887 if (local->quiescing) 3888 return; 3889 3890 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) 3891 return; 3892 3893 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3894 } 3895 3896 static void ieee80211_sta_monitor_work(struct work_struct *work) 3897 { 3898 struct ieee80211_sub_if_data *sdata = 3899 container_of(work, struct ieee80211_sub_if_data, 3900 u.mgd.monitor_work); 3901 3902 ieee80211_mgd_probe_ap(sdata, false); 3903 } 3904 3905 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3906 { 3907 u32 flags; 3908 3909 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3910 __ieee80211_stop_poll(sdata); 3911 3912 /* let's probe the connection once */ 3913 flags = sdata->local->hw.flags; 3914 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 3915 ieee80211_queue_work(&sdata->local->hw, 3916 &sdata->u.mgd.monitor_work); 3917 /* and do all the other regular work too */ 3918 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3919 } 3920 } 3921 3922 #ifdef CONFIG_PM 3923 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata) 3924 { 3925 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3926 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3927 3928 sdata_lock(sdata); 3929 3930 if (ifmgd->auth_data || ifmgd->assoc_data) { 3931 const u8 *bssid = ifmgd->auth_data ? 3932 ifmgd->auth_data->bss->bssid : 3933 ifmgd->assoc_data->bss->bssid; 3934 3935 /* 3936 * If we are trying to authenticate / associate while suspending, 3937 * cfg80211 won't know and won't actually abort those attempts, 3938 * thus we need to do that ourselves. 3939 */ 3940 ieee80211_send_deauth_disassoc(sdata, bssid, 3941 IEEE80211_STYPE_DEAUTH, 3942 WLAN_REASON_DEAUTH_LEAVING, 3943 false, frame_buf); 3944 if (ifmgd->assoc_data) 3945 ieee80211_destroy_assoc_data(sdata, false); 3946 if (ifmgd->auth_data) 3947 ieee80211_destroy_auth_data(sdata, false); 3948 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3949 IEEE80211_DEAUTH_FRAME_LEN); 3950 } 3951 3952 sdata_unlock(sdata); 3953 } 3954 3955 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 3956 { 3957 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3958 3959 sdata_lock(sdata); 3960 if (!ifmgd->associated) { 3961 sdata_unlock(sdata); 3962 return; 3963 } 3964 3965 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 3966 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 3967 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 3968 ieee80211_sta_connection_lost(sdata, 3969 ifmgd->associated->bssid, 3970 WLAN_REASON_UNSPECIFIED, 3971 true); 3972 sdata_unlock(sdata); 3973 return; 3974 } 3975 sdata_unlock(sdata); 3976 } 3977 #endif 3978 3979 /* interface setup */ 3980 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3981 { 3982 struct ieee80211_if_managed *ifmgd; 3983 3984 ifmgd = &sdata->u.mgd; 3985 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3986 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3987 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3988 ieee80211_beacon_connection_loss_work); 3989 INIT_WORK(&ifmgd->csa_connection_drop_work, 3990 ieee80211_csa_connection_drop_work); 3991 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work); 3992 INIT_DELAYED_WORK(&ifmgd->tdls_peer_del_work, 3993 ieee80211_tdls_peer_del_work); 3994 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3995 (unsigned long) sdata); 3996 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3997 (unsigned long) sdata); 3998 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3999 (unsigned long) sdata); 4000 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 4001 (unsigned long) sdata); 4002 INIT_DELAYED_WORK(&ifmgd->tx_tspec_wk, 4003 ieee80211_sta_handle_tspec_ac_params_wk); 4004 4005 ifmgd->flags = 0; 4006 ifmgd->powersave = sdata->wdev.ps; 4007 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 4008 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 4009 ifmgd->p2p_noa_index = -1; 4010 4011 if (sdata->local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS) 4012 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 4013 else 4014 ifmgd->req_smps = IEEE80211_SMPS_OFF; 4015 4016 /* Setup TDLS data */ 4017 spin_lock_init(&ifmgd->teardown_lock); 4018 ifmgd->teardown_skb = NULL; 4019 ifmgd->orig_teardown_skb = NULL; 4020 } 4021 4022 /* scan finished notification */ 4023 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 4024 { 4025 struct ieee80211_sub_if_data *sdata; 4026 4027 /* Restart STA timers */ 4028 rcu_read_lock(); 4029 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 4030 if (ieee80211_sdata_running(sdata)) 4031 ieee80211_restart_sta_timer(sdata); 4032 } 4033 rcu_read_unlock(); 4034 } 4035 4036 int ieee80211_max_network_latency(struct notifier_block *nb, 4037 unsigned long data, void *dummy) 4038 { 4039 s32 latency_usec = (s32) data; 4040 struct ieee80211_local *local = 4041 container_of(nb, struct ieee80211_local, 4042 network_latency_notifier); 4043 4044 mutex_lock(&local->iflist_mtx); 4045 ieee80211_recalc_ps(local, latency_usec); 4046 mutex_unlock(&local->iflist_mtx); 4047 4048 return NOTIFY_OK; 4049 } 4050 4051 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 4052 struct cfg80211_bss *cbss) 4053 { 4054 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4055 const u8 *ht_cap_ie, *vht_cap_ie; 4056 const struct ieee80211_ht_cap *ht_cap; 4057 const struct ieee80211_vht_cap *vht_cap; 4058 u8 chains = 1; 4059 4060 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 4061 return chains; 4062 4063 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 4064 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 4065 ht_cap = (void *)(ht_cap_ie + 2); 4066 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 4067 /* 4068 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 4069 * "Tx Unequal Modulation Supported" fields. 4070 */ 4071 } 4072 4073 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 4074 return chains; 4075 4076 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 4077 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 4078 u8 nss; 4079 u16 tx_mcs_map; 4080 4081 vht_cap = (void *)(vht_cap_ie + 2); 4082 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 4083 for (nss = 8; nss > 0; nss--) { 4084 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 4085 IEEE80211_VHT_MCS_NOT_SUPPORTED) 4086 break; 4087 } 4088 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 4089 chains = max(chains, nss); 4090 } 4091 4092 return chains; 4093 } 4094 4095 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 4096 struct cfg80211_bss *cbss) 4097 { 4098 struct ieee80211_local *local = sdata->local; 4099 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4100 const struct ieee80211_ht_cap *ht_cap = NULL; 4101 const struct ieee80211_ht_operation *ht_oper = NULL; 4102 const struct ieee80211_vht_operation *vht_oper = NULL; 4103 struct ieee80211_supported_band *sband; 4104 struct cfg80211_chan_def chandef; 4105 int ret; 4106 4107 sband = local->hw.wiphy->bands[cbss->channel->band]; 4108 4109 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 4110 IEEE80211_STA_DISABLE_80P80MHZ | 4111 IEEE80211_STA_DISABLE_160MHZ); 4112 4113 rcu_read_lock(); 4114 4115 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 4116 sband->ht_cap.ht_supported) { 4117 const u8 *ht_oper_ie, *ht_cap_ie; 4118 4119 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 4120 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 4121 ht_oper = (void *)(ht_oper_ie + 2); 4122 4123 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 4124 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) 4125 ht_cap = (void *)(ht_cap_ie + 2); 4126 4127 if (!ht_cap) { 4128 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4129 ht_oper = NULL; 4130 } 4131 } 4132 4133 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 4134 sband->vht_cap.vht_supported) { 4135 const u8 *vht_oper_ie, *vht_cap; 4136 4137 vht_oper_ie = ieee80211_bss_get_ie(cbss, 4138 WLAN_EID_VHT_OPERATION); 4139 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 4140 vht_oper = (void *)(vht_oper_ie + 2); 4141 if (vht_oper && !ht_oper) { 4142 vht_oper = NULL; 4143 sdata_info(sdata, 4144 "AP advertised VHT without HT, disabling both\n"); 4145 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4146 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4147 } 4148 4149 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 4150 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 4151 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4152 vht_oper = NULL; 4153 } 4154 } 4155 4156 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 4157 cbss->channel, 4158 ht_cap, ht_oper, vht_oper, 4159 &chandef, false); 4160 4161 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 4162 local->rx_chains); 4163 4164 rcu_read_unlock(); 4165 4166 /* will change later if needed */ 4167 sdata->smps_mode = IEEE80211_SMPS_OFF; 4168 4169 mutex_lock(&local->mtx); 4170 /* 4171 * If this fails (possibly due to channel context sharing 4172 * on incompatible channels, e.g. 80+80 and 160 sharing the 4173 * same control channel) try to use a smaller bandwidth. 4174 */ 4175 ret = ieee80211_vif_use_channel(sdata, &chandef, 4176 IEEE80211_CHANCTX_SHARED); 4177 4178 /* don't downgrade for 5 and 10 MHz channels, though. */ 4179 if (chandef.width == NL80211_CHAN_WIDTH_5 || 4180 chandef.width == NL80211_CHAN_WIDTH_10) 4181 goto out; 4182 4183 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 4184 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef); 4185 ret = ieee80211_vif_use_channel(sdata, &chandef, 4186 IEEE80211_CHANCTX_SHARED); 4187 } 4188 out: 4189 mutex_unlock(&local->mtx); 4190 return ret; 4191 } 4192 4193 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 4194 struct cfg80211_bss *cbss, bool assoc) 4195 { 4196 struct ieee80211_local *local = sdata->local; 4197 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4198 struct ieee80211_bss *bss = (void *)cbss->priv; 4199 struct sta_info *new_sta = NULL; 4200 bool have_sta = false; 4201 int err; 4202 4203 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 4204 return -EINVAL; 4205 4206 if (assoc) { 4207 rcu_read_lock(); 4208 have_sta = sta_info_get(sdata, cbss->bssid); 4209 rcu_read_unlock(); 4210 } 4211 4212 if (!have_sta) { 4213 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 4214 if (!new_sta) 4215 return -ENOMEM; 4216 } 4217 if (new_sta) { 4218 u32 rates = 0, basic_rates = 0; 4219 bool have_higher_than_11mbit; 4220 int min_rate = INT_MAX, min_rate_index = -1; 4221 struct ieee80211_chanctx_conf *chanctx_conf; 4222 struct ieee80211_supported_band *sband; 4223 const struct cfg80211_bss_ies *ies; 4224 int shift; 4225 u32 rate_flags; 4226 4227 sband = local->hw.wiphy->bands[cbss->channel->band]; 4228 4229 err = ieee80211_prep_channel(sdata, cbss); 4230 if (err) { 4231 sta_info_free(local, new_sta); 4232 return -EINVAL; 4233 } 4234 shift = ieee80211_vif_get_shift(&sdata->vif); 4235 4236 rcu_read_lock(); 4237 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 4238 if (WARN_ON(!chanctx_conf)) { 4239 rcu_read_unlock(); 4240 sta_info_free(local, new_sta); 4241 return -EINVAL; 4242 } 4243 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 4244 rcu_read_unlock(); 4245 4246 ieee80211_get_rates(sband, bss->supp_rates, 4247 bss->supp_rates_len, 4248 &rates, &basic_rates, 4249 &have_higher_than_11mbit, 4250 &min_rate, &min_rate_index, 4251 shift, rate_flags); 4252 4253 /* 4254 * This used to be a workaround for basic rates missing 4255 * in the association response frame. Now that we no 4256 * longer use the basic rates from there, it probably 4257 * doesn't happen any more, but keep the workaround so 4258 * in case some *other* APs are buggy in different ways 4259 * we can connect -- with a warning. 4260 */ 4261 if (!basic_rates && min_rate_index >= 0) { 4262 sdata_info(sdata, 4263 "No basic rates, using min rate instead\n"); 4264 basic_rates = BIT(min_rate_index); 4265 } 4266 4267 new_sta->sta.supp_rates[cbss->channel->band] = rates; 4268 sdata->vif.bss_conf.basic_rates = basic_rates; 4269 4270 /* cf. IEEE 802.11 9.2.12 */ 4271 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 4272 have_higher_than_11mbit) 4273 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 4274 else 4275 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 4276 4277 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 4278 4279 /* set timing information */ 4280 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 4281 rcu_read_lock(); 4282 ies = rcu_dereference(cbss->beacon_ies); 4283 if (ies) { 4284 const u8 *tim_ie; 4285 4286 sdata->vif.bss_conf.sync_tsf = ies->tsf; 4287 sdata->vif.bss_conf.sync_device_ts = 4288 bss->device_ts_beacon; 4289 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4290 ies->data, ies->len); 4291 if (tim_ie && tim_ie[1] >= 2) 4292 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 4293 else 4294 sdata->vif.bss_conf.sync_dtim_count = 0; 4295 } else if (!(local->hw.flags & 4296 IEEE80211_HW_TIMING_BEACON_ONLY)) { 4297 ies = rcu_dereference(cbss->proberesp_ies); 4298 /* must be non-NULL since beacon IEs were NULL */ 4299 sdata->vif.bss_conf.sync_tsf = ies->tsf; 4300 sdata->vif.bss_conf.sync_device_ts = 4301 bss->device_ts_presp; 4302 sdata->vif.bss_conf.sync_dtim_count = 0; 4303 } else { 4304 sdata->vif.bss_conf.sync_tsf = 0; 4305 sdata->vif.bss_conf.sync_device_ts = 0; 4306 sdata->vif.bss_conf.sync_dtim_count = 0; 4307 } 4308 rcu_read_unlock(); 4309 4310 /* tell driver about BSSID, basic rates and timing */ 4311 ieee80211_bss_info_change_notify(sdata, 4312 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 4313 BSS_CHANGED_BEACON_INT); 4314 4315 if (assoc) 4316 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 4317 4318 err = sta_info_insert(new_sta); 4319 new_sta = NULL; 4320 if (err) { 4321 sdata_info(sdata, 4322 "failed to insert STA entry for the AP (error %d)\n", 4323 err); 4324 return err; 4325 } 4326 } else 4327 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 4328 4329 return 0; 4330 } 4331 4332 /* config hooks */ 4333 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 4334 struct cfg80211_auth_request *req) 4335 { 4336 struct ieee80211_local *local = sdata->local; 4337 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4338 struct ieee80211_mgd_auth_data *auth_data; 4339 u16 auth_alg; 4340 int err; 4341 4342 /* prepare auth data structure */ 4343 4344 switch (req->auth_type) { 4345 case NL80211_AUTHTYPE_OPEN_SYSTEM: 4346 auth_alg = WLAN_AUTH_OPEN; 4347 break; 4348 case NL80211_AUTHTYPE_SHARED_KEY: 4349 if (IS_ERR(local->wep_tx_tfm)) 4350 return -EOPNOTSUPP; 4351 auth_alg = WLAN_AUTH_SHARED_KEY; 4352 break; 4353 case NL80211_AUTHTYPE_FT: 4354 auth_alg = WLAN_AUTH_FT; 4355 break; 4356 case NL80211_AUTHTYPE_NETWORK_EAP: 4357 auth_alg = WLAN_AUTH_LEAP; 4358 break; 4359 case NL80211_AUTHTYPE_SAE: 4360 auth_alg = WLAN_AUTH_SAE; 4361 break; 4362 default: 4363 return -EOPNOTSUPP; 4364 } 4365 4366 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 4367 req->ie_len, GFP_KERNEL); 4368 if (!auth_data) 4369 return -ENOMEM; 4370 4371 auth_data->bss = req->bss; 4372 4373 if (req->sae_data_len >= 4) { 4374 __le16 *pos = (__le16 *) req->sae_data; 4375 auth_data->sae_trans = le16_to_cpu(pos[0]); 4376 auth_data->sae_status = le16_to_cpu(pos[1]); 4377 memcpy(auth_data->data, req->sae_data + 4, 4378 req->sae_data_len - 4); 4379 auth_data->data_len += req->sae_data_len - 4; 4380 } 4381 4382 if (req->ie && req->ie_len) { 4383 memcpy(&auth_data->data[auth_data->data_len], 4384 req->ie, req->ie_len); 4385 auth_data->data_len += req->ie_len; 4386 } 4387 4388 if (req->key && req->key_len) { 4389 auth_data->key_len = req->key_len; 4390 auth_data->key_idx = req->key_idx; 4391 memcpy(auth_data->key, req->key, req->key_len); 4392 } 4393 4394 auth_data->algorithm = auth_alg; 4395 4396 /* try to authenticate/probe */ 4397 4398 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 4399 ifmgd->assoc_data) { 4400 err = -EBUSY; 4401 goto err_free; 4402 } 4403 4404 if (ifmgd->auth_data) 4405 ieee80211_destroy_auth_data(sdata, false); 4406 4407 /* prep auth_data so we don't go into idle on disassoc */ 4408 ifmgd->auth_data = auth_data; 4409 4410 if (ifmgd->associated) { 4411 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4412 4413 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4414 WLAN_REASON_UNSPECIFIED, 4415 false, frame_buf); 4416 4417 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4418 sizeof(frame_buf)); 4419 } 4420 4421 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 4422 4423 err = ieee80211_prep_connection(sdata, req->bss, false); 4424 if (err) 4425 goto err_clear; 4426 4427 err = ieee80211_probe_auth(sdata); 4428 if (err) { 4429 sta_info_destroy_addr(sdata, req->bss->bssid); 4430 goto err_clear; 4431 } 4432 4433 /* hold our own reference */ 4434 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 4435 return 0; 4436 4437 err_clear: 4438 memset(ifmgd->bssid, 0, ETH_ALEN); 4439 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4440 ifmgd->auth_data = NULL; 4441 err_free: 4442 kfree(auth_data); 4443 return err; 4444 } 4445 4446 static bool ieee80211_usable_wmm_params(struct ieee80211_sub_if_data *sdata, 4447 const u8 *wmm_param, int len) 4448 { 4449 const u8 *pos; 4450 size_t left; 4451 4452 if (len < 8) 4453 return false; 4454 4455 if (wmm_param[5] != 1 /* version */) 4456 return false; 4457 4458 pos = wmm_param + 8; 4459 left = len - 8; 4460 4461 for (; left >= 4; left -= 4, pos += 4) { 4462 u8 aifsn = pos[0] & 0x0f; 4463 u8 ecwmin = pos[1] & 0x0f; 4464 u8 ecwmax = (pos[1] & 0xf0) >> 4; 4465 int aci = (pos[0] >> 5) & 0x03; 4466 4467 if (aifsn < 2) { 4468 sdata_info(sdata, 4469 "AP has invalid WMM params (AIFSN=%d for ACI %d), disabling WMM\n", 4470 aifsn, aci); 4471 return false; 4472 } 4473 if (ecwmin > ecwmax) { 4474 sdata_info(sdata, 4475 "AP has invalid WMM params (ECWmin/max=%d/%d for ACI %d), disabling WMM\n", 4476 ecwmin, ecwmax, aci); 4477 return false; 4478 } 4479 } 4480 4481 return true; 4482 } 4483 4484 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 4485 struct cfg80211_assoc_request *req) 4486 { 4487 struct ieee80211_local *local = sdata->local; 4488 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4489 struct ieee80211_bss *bss = (void *)req->bss->priv; 4490 struct ieee80211_mgd_assoc_data *assoc_data; 4491 const struct cfg80211_bss_ies *beacon_ies; 4492 struct ieee80211_supported_band *sband; 4493 const u8 *ssidie, *ht_ie, *vht_ie; 4494 int i, err; 4495 4496 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 4497 if (!assoc_data) 4498 return -ENOMEM; 4499 4500 rcu_read_lock(); 4501 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 4502 if (!ssidie) { 4503 rcu_read_unlock(); 4504 kfree(assoc_data); 4505 return -EINVAL; 4506 } 4507 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4508 assoc_data->ssid_len = ssidie[1]; 4509 rcu_read_unlock(); 4510 4511 if (ifmgd->associated) { 4512 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4513 4514 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4515 WLAN_REASON_UNSPECIFIED, 4516 false, frame_buf); 4517 4518 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4519 sizeof(frame_buf)); 4520 } 4521 4522 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4523 err = -EBUSY; 4524 goto err_free; 4525 } 4526 4527 if (ifmgd->assoc_data) { 4528 err = -EBUSY; 4529 goto err_free; 4530 } 4531 4532 if (ifmgd->auth_data) { 4533 bool match; 4534 4535 /* keep sta info, bssid if matching */ 4536 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4537 ieee80211_destroy_auth_data(sdata, match); 4538 } 4539 4540 /* prepare assoc data */ 4541 4542 ifmgd->beacon_crc_valid = false; 4543 4544 assoc_data->wmm = bss->wmm_used && 4545 (local->hw.queues >= IEEE80211_NUM_ACS); 4546 if (assoc_data->wmm) { 4547 /* try to check validity of WMM params IE */ 4548 const struct cfg80211_bss_ies *ies; 4549 const u8 *wp, *start, *end; 4550 4551 rcu_read_lock(); 4552 ies = rcu_dereference(req->bss->ies); 4553 start = ies->data; 4554 end = start + ies->len; 4555 4556 while (true) { 4557 wp = cfg80211_find_vendor_ie( 4558 WLAN_OUI_MICROSOFT, 4559 WLAN_OUI_TYPE_MICROSOFT_WMM, 4560 start, end - start); 4561 if (!wp) 4562 break; 4563 start = wp + wp[1] + 2; 4564 /* if this IE is too short, try the next */ 4565 if (wp[1] <= 4) 4566 continue; 4567 /* if this IE is WMM params, we found what we wanted */ 4568 if (wp[6] == 1) 4569 break; 4570 } 4571 4572 if (!wp || !ieee80211_usable_wmm_params(sdata, wp + 2, 4573 wp[1] - 2)) { 4574 assoc_data->wmm = false; 4575 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM; 4576 } 4577 rcu_read_unlock(); 4578 } 4579 4580 /* 4581 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4582 * We still associate in non-HT mode (11a/b/g) if any one of these 4583 * ciphers is configured as pairwise. 4584 * We can set this to true for non-11n hardware, that'll be checked 4585 * separately along with the peer capabilities. 4586 */ 4587 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4588 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4589 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4590 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4591 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4592 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4593 netdev_info(sdata->dev, 4594 "disabling HT/VHT due to WEP/TKIP use\n"); 4595 } 4596 } 4597 4598 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4599 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4600 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4601 } 4602 4603 if (req->flags & ASSOC_REQ_DISABLE_VHT) 4604 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4605 4606 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4607 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4608 if (!sband->ht_cap.ht_supported || 4609 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4610 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4611 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4612 if (!bss->wmm_used && 4613 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4614 netdev_info(sdata->dev, 4615 "disabling HT as WMM/QoS is not supported by the AP\n"); 4616 } 4617 4618 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4619 if (!sband->vht_cap.vht_supported || 4620 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4621 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4622 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4623 if (!bss->wmm_used && 4624 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4625 netdev_info(sdata->dev, 4626 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4627 } 4628 4629 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4630 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4631 sizeof(ifmgd->ht_capa_mask)); 4632 4633 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4634 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4635 sizeof(ifmgd->vht_capa_mask)); 4636 4637 if (req->ie && req->ie_len) { 4638 memcpy(assoc_data->ie, req->ie, req->ie_len); 4639 assoc_data->ie_len = req->ie_len; 4640 } 4641 4642 assoc_data->bss = req->bss; 4643 4644 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4645 if (ifmgd->powersave) 4646 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4647 else 4648 sdata->smps_mode = IEEE80211_SMPS_OFF; 4649 } else 4650 sdata->smps_mode = ifmgd->req_smps; 4651 4652 assoc_data->capability = req->bss->capability; 4653 assoc_data->supp_rates = bss->supp_rates; 4654 assoc_data->supp_rates_len = bss->supp_rates_len; 4655 4656 rcu_read_lock(); 4657 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4658 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4659 assoc_data->ap_ht_param = 4660 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4661 else 4662 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4663 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4664 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4665 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4666 sizeof(struct ieee80211_vht_cap)); 4667 else 4668 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4669 rcu_read_unlock(); 4670 4671 if (bss->wmm_used && bss->uapsd_supported && 4672 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) { 4673 assoc_data->uapsd = true; 4674 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4675 } else { 4676 assoc_data->uapsd = false; 4677 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4678 } 4679 4680 if (req->prev_bssid) 4681 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4682 4683 if (req->use_mfp) { 4684 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4685 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4686 } else { 4687 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4688 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4689 } 4690 4691 if (req->flags & ASSOC_REQ_USE_RRM) 4692 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM; 4693 else 4694 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM; 4695 4696 if (req->crypto.control_port) 4697 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4698 else 4699 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4700 4701 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4702 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4703 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto, 4704 sdata->vif.type); 4705 4706 /* kick off associate process */ 4707 4708 ifmgd->assoc_data = assoc_data; 4709 ifmgd->dtim_period = 0; 4710 ifmgd->have_beacon = false; 4711 4712 err = ieee80211_prep_connection(sdata, req->bss, true); 4713 if (err) 4714 goto err_clear; 4715 4716 rcu_read_lock(); 4717 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4718 4719 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4720 !beacon_ies) { 4721 /* 4722 * Wait up to one beacon interval ... 4723 * should this be more if we miss one? 4724 */ 4725 sdata_info(sdata, "waiting for beacon from %pM\n", 4726 ifmgd->bssid); 4727 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4728 assoc_data->timeout_started = true; 4729 assoc_data->need_beacon = true; 4730 } else if (beacon_ies) { 4731 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4732 beacon_ies->data, 4733 beacon_ies->len); 4734 u8 dtim_count = 0; 4735 4736 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4737 const struct ieee80211_tim_ie *tim; 4738 tim = (void *)(tim_ie + 2); 4739 ifmgd->dtim_period = tim->dtim_period; 4740 dtim_count = tim->dtim_count; 4741 } 4742 ifmgd->have_beacon = true; 4743 assoc_data->timeout = jiffies; 4744 assoc_data->timeout_started = true; 4745 4746 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4747 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4748 sdata->vif.bss_conf.sync_device_ts = 4749 bss->device_ts_beacon; 4750 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4751 } 4752 } else { 4753 assoc_data->timeout = jiffies; 4754 assoc_data->timeout_started = true; 4755 } 4756 rcu_read_unlock(); 4757 4758 run_again(sdata, assoc_data->timeout); 4759 4760 if (bss->corrupt_data) { 4761 char *corrupt_type = "data"; 4762 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4763 if (bss->corrupt_data & 4764 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4765 corrupt_type = "beacon and probe response"; 4766 else 4767 corrupt_type = "beacon"; 4768 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4769 corrupt_type = "probe response"; 4770 sdata_info(sdata, "associating with AP with corrupt %s\n", 4771 corrupt_type); 4772 } 4773 4774 return 0; 4775 err_clear: 4776 memset(ifmgd->bssid, 0, ETH_ALEN); 4777 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4778 ifmgd->assoc_data = NULL; 4779 err_free: 4780 kfree(assoc_data); 4781 return err; 4782 } 4783 4784 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4785 struct cfg80211_deauth_request *req) 4786 { 4787 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4788 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4789 bool tx = !req->local_state_change; 4790 4791 if (ifmgd->auth_data && 4792 ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) { 4793 sdata_info(sdata, 4794 "aborting authentication with %pM by local choice (Reason: %u=%s)\n", 4795 req->bssid, req->reason_code, 4796 ieee80211_get_reason_code_string(req->reason_code)); 4797 4798 drv_mgd_prepare_tx(sdata->local, sdata); 4799 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4800 IEEE80211_STYPE_DEAUTH, 4801 req->reason_code, tx, 4802 frame_buf); 4803 ieee80211_destroy_auth_data(sdata, false); 4804 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4805 IEEE80211_DEAUTH_FRAME_LEN); 4806 4807 return 0; 4808 } 4809 4810 if (ifmgd->associated && 4811 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4812 sdata_info(sdata, 4813 "deauthenticating from %pM by local choice (Reason: %u=%s)\n", 4814 req->bssid, req->reason_code, 4815 ieee80211_get_reason_code_string(req->reason_code)); 4816 4817 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4818 req->reason_code, tx, frame_buf); 4819 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4820 IEEE80211_DEAUTH_FRAME_LEN); 4821 return 0; 4822 } 4823 4824 return -ENOTCONN; 4825 } 4826 4827 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4828 struct cfg80211_disassoc_request *req) 4829 { 4830 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4831 u8 bssid[ETH_ALEN]; 4832 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4833 4834 /* 4835 * cfg80211 should catch this ... but it's racy since 4836 * we can receive a disassoc frame, process it, hand it 4837 * to cfg80211 while that's in a locked section already 4838 * trying to tell us that the user wants to disconnect. 4839 */ 4840 if (ifmgd->associated != req->bss) 4841 return -ENOLINK; 4842 4843 sdata_info(sdata, 4844 "disassociating from %pM by local choice (Reason: %u=%s)\n", 4845 req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code)); 4846 4847 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4848 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4849 req->reason_code, !req->local_state_change, 4850 frame_buf); 4851 4852 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4853 IEEE80211_DEAUTH_FRAME_LEN); 4854 4855 return 0; 4856 } 4857 4858 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4859 { 4860 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4861 4862 /* 4863 * Make sure some work items will not run after this, 4864 * they will not do anything but might not have been 4865 * cancelled when disconnecting. 4866 */ 4867 cancel_work_sync(&ifmgd->monitor_work); 4868 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4869 cancel_work_sync(&ifmgd->request_smps_work); 4870 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4871 cancel_work_sync(&ifmgd->chswitch_work); 4872 cancel_delayed_work_sync(&ifmgd->tdls_peer_del_work); 4873 4874 sdata_lock(sdata); 4875 if (ifmgd->assoc_data) { 4876 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 4877 ieee80211_destroy_assoc_data(sdata, false); 4878 cfg80211_assoc_timeout(sdata->dev, bss); 4879 } 4880 if (ifmgd->auth_data) 4881 ieee80211_destroy_auth_data(sdata, false); 4882 spin_lock_bh(&ifmgd->teardown_lock); 4883 if (ifmgd->teardown_skb) { 4884 kfree_skb(ifmgd->teardown_skb); 4885 ifmgd->teardown_skb = NULL; 4886 ifmgd->orig_teardown_skb = NULL; 4887 } 4888 spin_unlock_bh(&ifmgd->teardown_lock); 4889 del_timer_sync(&ifmgd->timer); 4890 sdata_unlock(sdata); 4891 } 4892 4893 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 4894 enum nl80211_cqm_rssi_threshold_event rssi_event, 4895 gfp_t gfp) 4896 { 4897 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4898 4899 trace_api_cqm_rssi_notify(sdata, rssi_event); 4900 4901 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4902 } 4903 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4904 4905 void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp) 4906 { 4907 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4908 4909 trace_api_cqm_beacon_loss_notify(sdata->local, sdata); 4910 4911 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp); 4912 } 4913 EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify); 4914