1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14 #include <linux/delay.h> 15 #include <linux/if_ether.h> 16 #include <linux/skbuff.h> 17 #include <linux/if_arp.h> 18 #include <linux/etherdevice.h> 19 #include <linux/moduleparam.h> 20 #include <linux/rtnetlink.h> 21 #include <linux/pm_qos.h> 22 #include <linux/crc32.h> 23 #include <linux/slab.h> 24 #include <linux/export.h> 25 #include <net/mac80211.h> 26 #include <asm/unaligned.h> 27 28 #include "ieee80211_i.h" 29 #include "driver-ops.h" 30 #include "rate.h" 31 #include "led.h" 32 33 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 34 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 35 #define IEEE80211_AUTH_MAX_TRIES 3 36 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 37 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 38 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 39 #define IEEE80211_ASSOC_MAX_TRIES 3 40 41 static int max_nullfunc_tries = 2; 42 module_param(max_nullfunc_tries, int, 0644); 43 MODULE_PARM_DESC(max_nullfunc_tries, 44 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 45 46 static int max_probe_tries = 5; 47 module_param(max_probe_tries, int, 0644); 48 MODULE_PARM_DESC(max_probe_tries, 49 "Maximum probe tries before disconnecting (reason 4)."); 50 51 /* 52 * Beacon loss timeout is calculated as N frames times the 53 * advertised beacon interval. This may need to be somewhat 54 * higher than what hardware might detect to account for 55 * delays in the host processing frames. But since we also 56 * probe on beacon miss before declaring the connection lost 57 * default to what we want. 58 */ 59 #define IEEE80211_BEACON_LOSS_COUNT 7 60 61 /* 62 * Time the connection can be idle before we probe 63 * it to see if we can still talk to the AP. 64 */ 65 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 66 /* 67 * Time we wait for a probe response after sending 68 * a probe request because of beacon loss or for 69 * checking the connection still works. 70 */ 71 static int probe_wait_ms = 500; 72 module_param(probe_wait_ms, int, 0644); 73 MODULE_PARM_DESC(probe_wait_ms, 74 "Maximum time(ms) to wait for probe response" 75 " before disconnecting (reason 4)."); 76 77 /* 78 * Weight given to the latest Beacon frame when calculating average signal 79 * strength for Beacon frames received in the current BSS. This must be 80 * between 1 and 15. 81 */ 82 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 83 84 /* 85 * How many Beacon frames need to have been used in average signal strength 86 * before starting to indicate signal change events. 87 */ 88 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 89 90 /* 91 * All cfg80211 functions have to be called outside a locked 92 * section so that they can acquire a lock themselves... This 93 * is much simpler than queuing up things in cfg80211, but we 94 * do need some indirection for that here. 95 */ 96 enum rx_mgmt_action { 97 /* no action required */ 98 RX_MGMT_NONE, 99 100 /* caller must call cfg80211_send_deauth() */ 101 RX_MGMT_CFG80211_DEAUTH, 102 103 /* caller must call cfg80211_send_disassoc() */ 104 RX_MGMT_CFG80211_DISASSOC, 105 106 /* caller must call cfg80211_send_rx_auth() */ 107 RX_MGMT_CFG80211_RX_AUTH, 108 109 /* caller must call cfg80211_send_rx_assoc() */ 110 RX_MGMT_CFG80211_RX_ASSOC, 111 112 /* caller must call cfg80211_send_assoc_timeout() */ 113 RX_MGMT_CFG80211_ASSOC_TIMEOUT, 114 115 /* used when a processed beacon causes a deauth */ 116 RX_MGMT_CFG80211_TX_DEAUTH, 117 }; 118 119 /* utils */ 120 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd) 121 { 122 lockdep_assert_held(&ifmgd->mtx); 123 } 124 125 /* 126 * We can have multiple work items (and connection probing) 127 * scheduling this timer, but we need to take care to only 128 * reschedule it when it should fire _earlier_ than it was 129 * asked for before, or if it's not pending right now. This 130 * function ensures that. Note that it then is required to 131 * run this function for all timeouts after the first one 132 * has happened -- the work that runs from this timer will 133 * do that. 134 */ 135 static void run_again(struct ieee80211_if_managed *ifmgd, unsigned long timeout) 136 { 137 ASSERT_MGD_MTX(ifmgd); 138 139 if (!timer_pending(&ifmgd->timer) || 140 time_before(timeout, ifmgd->timer.expires)) 141 mod_timer(&ifmgd->timer, timeout); 142 } 143 144 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 145 { 146 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 147 return; 148 149 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 150 return; 151 152 mod_timer(&sdata->u.mgd.bcn_mon_timer, 153 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 154 } 155 156 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 157 { 158 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 159 160 if (unlikely(!sdata->u.mgd.associated)) 161 return; 162 163 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 164 return; 165 166 mod_timer(&sdata->u.mgd.conn_mon_timer, 167 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 168 169 ifmgd->probe_send_count = 0; 170 } 171 172 static int ecw2cw(int ecw) 173 { 174 return (1 << ecw) - 1; 175 } 176 177 static u32 chandef_downgrade(struct cfg80211_chan_def *c) 178 { 179 u32 ret; 180 int tmp; 181 182 switch (c->width) { 183 case NL80211_CHAN_WIDTH_20: 184 c->width = NL80211_CHAN_WIDTH_20_NOHT; 185 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 186 break; 187 case NL80211_CHAN_WIDTH_40: 188 c->width = NL80211_CHAN_WIDTH_20; 189 c->center_freq1 = c->chan->center_freq; 190 ret = IEEE80211_STA_DISABLE_40MHZ | 191 IEEE80211_STA_DISABLE_VHT; 192 break; 193 case NL80211_CHAN_WIDTH_80: 194 tmp = (30 + c->chan->center_freq - c->center_freq1)/20; 195 /* n_P40 */ 196 tmp /= 2; 197 /* freq_P40 */ 198 c->center_freq1 = c->center_freq1 - 20 + 40 * tmp; 199 c->width = NL80211_CHAN_WIDTH_40; 200 ret = IEEE80211_STA_DISABLE_VHT; 201 break; 202 case NL80211_CHAN_WIDTH_80P80: 203 c->center_freq2 = 0; 204 c->width = NL80211_CHAN_WIDTH_80; 205 ret = IEEE80211_STA_DISABLE_80P80MHZ | 206 IEEE80211_STA_DISABLE_160MHZ; 207 break; 208 case NL80211_CHAN_WIDTH_160: 209 /* n_P20 */ 210 tmp = (70 + c->chan->center_freq - c->center_freq1)/20; 211 /* n_P80 */ 212 tmp /= 4; 213 c->center_freq1 = c->center_freq1 - 40 + 80 * tmp; 214 c->width = NL80211_CHAN_WIDTH_80; 215 ret = IEEE80211_STA_DISABLE_80P80MHZ | 216 IEEE80211_STA_DISABLE_160MHZ; 217 break; 218 default: 219 case NL80211_CHAN_WIDTH_20_NOHT: 220 WARN_ON_ONCE(1); 221 c->width = NL80211_CHAN_WIDTH_20_NOHT; 222 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 223 break; 224 } 225 226 WARN_ON_ONCE(!cfg80211_chandef_valid(c)); 227 228 return ret; 229 } 230 231 static u32 232 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 233 struct ieee80211_supported_band *sband, 234 struct ieee80211_channel *channel, 235 const struct ieee80211_ht_operation *ht_oper, 236 const struct ieee80211_vht_operation *vht_oper, 237 struct cfg80211_chan_def *chandef, bool verbose) 238 { 239 struct cfg80211_chan_def vht_chandef; 240 u32 ht_cfreq, ret; 241 242 chandef->chan = channel; 243 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 244 chandef->center_freq1 = channel->center_freq; 245 chandef->center_freq2 = 0; 246 247 if (!ht_oper || !sband->ht_cap.ht_supported) { 248 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 249 goto out; 250 } 251 252 chandef->width = NL80211_CHAN_WIDTH_20; 253 254 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 255 channel->band); 256 /* check that channel matches the right operating channel */ 257 if (channel->center_freq != ht_cfreq) { 258 /* 259 * It's possible that some APs are confused here; 260 * Netgear WNDR3700 sometimes reports 4 higher than 261 * the actual channel in association responses, but 262 * since we look at probe response/beacon data here 263 * it should be OK. 264 */ 265 if (verbose) 266 sdata_info(sdata, 267 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 268 channel->center_freq, ht_cfreq, 269 ht_oper->primary_chan, channel->band); 270 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 271 goto out; 272 } 273 274 /* check 40 MHz support, if we have it */ 275 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 276 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 277 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 278 chandef->width = NL80211_CHAN_WIDTH_40; 279 chandef->center_freq1 += 10; 280 break; 281 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 282 chandef->width = NL80211_CHAN_WIDTH_40; 283 chandef->center_freq1 -= 10; 284 break; 285 } 286 } else { 287 /* 40 MHz (and 80 MHz) must be supported for VHT */ 288 ret = IEEE80211_STA_DISABLE_VHT; 289 goto out; 290 } 291 292 if (!vht_oper || !sband->vht_cap.vht_supported) { 293 ret = IEEE80211_STA_DISABLE_VHT; 294 goto out; 295 } 296 297 vht_chandef.chan = channel; 298 vht_chandef.center_freq1 = 299 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 300 channel->band); 301 vht_chandef.center_freq2 = 0; 302 303 if (vht_oper->center_freq_seg2_idx) 304 vht_chandef.center_freq2 = 305 ieee80211_channel_to_frequency( 306 vht_oper->center_freq_seg2_idx, 307 channel->band); 308 309 switch (vht_oper->chan_width) { 310 case IEEE80211_VHT_CHANWIDTH_USE_HT: 311 vht_chandef.width = chandef->width; 312 break; 313 case IEEE80211_VHT_CHANWIDTH_80MHZ: 314 vht_chandef.width = NL80211_CHAN_WIDTH_80; 315 break; 316 case IEEE80211_VHT_CHANWIDTH_160MHZ: 317 vht_chandef.width = NL80211_CHAN_WIDTH_160; 318 break; 319 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 320 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 321 break; 322 default: 323 if (verbose) 324 sdata_info(sdata, 325 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 326 vht_oper->chan_width); 327 ret = IEEE80211_STA_DISABLE_VHT; 328 goto out; 329 } 330 331 if (!cfg80211_chandef_valid(&vht_chandef)) { 332 if (verbose) 333 sdata_info(sdata, 334 "AP VHT information is invalid, disable VHT\n"); 335 ret = IEEE80211_STA_DISABLE_VHT; 336 goto out; 337 } 338 339 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 340 ret = 0; 341 goto out; 342 } 343 344 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 345 if (verbose) 346 sdata_info(sdata, 347 "AP VHT information doesn't match HT, disable VHT\n"); 348 ret = IEEE80211_STA_DISABLE_VHT; 349 goto out; 350 } 351 352 *chandef = vht_chandef; 353 354 ret = 0; 355 356 out: 357 /* don't print the message below for VHT mismatch if VHT is disabled */ 358 if (ret & IEEE80211_STA_DISABLE_VHT) 359 vht_chandef = *chandef; 360 361 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 362 IEEE80211_CHAN_DISABLED)) { 363 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 364 ret = IEEE80211_STA_DISABLE_HT | 365 IEEE80211_STA_DISABLE_VHT; 366 goto out; 367 } 368 369 ret |= chandef_downgrade(chandef); 370 } 371 372 if (chandef->width != vht_chandef.width && verbose) 373 sdata_info(sdata, 374 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 375 376 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 377 return ret; 378 } 379 380 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 381 struct sta_info *sta, 382 const struct ieee80211_ht_operation *ht_oper, 383 const struct ieee80211_vht_operation *vht_oper, 384 const u8 *bssid, u32 *changed) 385 { 386 struct ieee80211_local *local = sdata->local; 387 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 388 struct ieee80211_supported_band *sband; 389 struct ieee80211_channel *chan; 390 struct cfg80211_chan_def chandef; 391 u16 ht_opmode; 392 u32 flags; 393 enum ieee80211_sta_rx_bandwidth new_sta_bw; 394 int ret; 395 396 /* if HT was/is disabled, don't track any bandwidth changes */ 397 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 398 return 0; 399 400 /* don't check VHT if we associated as non-VHT station */ 401 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 402 vht_oper = NULL; 403 404 if (WARN_ON_ONCE(!sta)) 405 return -EINVAL; 406 407 chan = sdata->vif.bss_conf.chandef.chan; 408 sband = local->hw.wiphy->bands[chan->band]; 409 410 /* calculate new channel (type) based on HT/VHT operation IEs */ 411 flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper, 412 vht_oper, &chandef, false); 413 414 /* 415 * Downgrade the new channel if we associated with restricted 416 * capabilities. For example, if we associated as a 20 MHz STA 417 * to a 40 MHz AP (due to regulatory, capabilities or config 418 * reasons) then switching to a 40 MHz channel now won't do us 419 * any good -- we couldn't use it with the AP. 420 */ 421 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 422 chandef.width == NL80211_CHAN_WIDTH_80P80) 423 flags |= chandef_downgrade(&chandef); 424 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 425 chandef.width == NL80211_CHAN_WIDTH_160) 426 flags |= chandef_downgrade(&chandef); 427 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 428 chandef.width > NL80211_CHAN_WIDTH_20) 429 flags |= chandef_downgrade(&chandef); 430 431 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 432 return 0; 433 434 sdata_info(sdata, 435 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 436 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 437 chandef.center_freq1, chandef.center_freq2); 438 439 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 440 IEEE80211_STA_DISABLE_VHT | 441 IEEE80211_STA_DISABLE_40MHZ | 442 IEEE80211_STA_DISABLE_80P80MHZ | 443 IEEE80211_STA_DISABLE_160MHZ)) || 444 !cfg80211_chandef_valid(&chandef)) { 445 sdata_info(sdata, 446 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 447 ifmgd->bssid); 448 return -EINVAL; 449 } 450 451 switch (chandef.width) { 452 case NL80211_CHAN_WIDTH_20_NOHT: 453 case NL80211_CHAN_WIDTH_20: 454 new_sta_bw = IEEE80211_STA_RX_BW_20; 455 break; 456 case NL80211_CHAN_WIDTH_40: 457 new_sta_bw = IEEE80211_STA_RX_BW_40; 458 break; 459 case NL80211_CHAN_WIDTH_80: 460 new_sta_bw = IEEE80211_STA_RX_BW_80; 461 break; 462 case NL80211_CHAN_WIDTH_80P80: 463 case NL80211_CHAN_WIDTH_160: 464 new_sta_bw = IEEE80211_STA_RX_BW_160; 465 break; 466 default: 467 return -EINVAL; 468 } 469 470 if (new_sta_bw > sta->cur_max_bandwidth) 471 new_sta_bw = sta->cur_max_bandwidth; 472 473 if (new_sta_bw < sta->sta.bandwidth) { 474 sta->sta.bandwidth = new_sta_bw; 475 rate_control_rate_update(local, sband, sta, 476 IEEE80211_RC_BW_CHANGED); 477 } 478 479 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 480 if (ret) { 481 sdata_info(sdata, 482 "AP %pM changed bandwidth to incompatible one - disconnect\n", 483 ifmgd->bssid); 484 return ret; 485 } 486 487 if (new_sta_bw > sta->sta.bandwidth) { 488 sta->sta.bandwidth = new_sta_bw; 489 rate_control_rate_update(local, sband, sta, 490 IEEE80211_RC_BW_CHANGED); 491 } 492 493 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 494 495 /* if bss configuration changed store the new one */ 496 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 497 *changed |= BSS_CHANGED_HT; 498 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 499 } 500 501 return 0; 502 } 503 504 /* frame sending functions */ 505 506 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 507 struct ieee80211_supported_band *sband, 508 u32 *rates) 509 { 510 int i, j, count; 511 *rates = 0; 512 count = 0; 513 for (i = 0; i < supp_rates_len; i++) { 514 int rate = (supp_rates[i] & 0x7F) * 5; 515 516 for (j = 0; j < sband->n_bitrates; j++) 517 if (sband->bitrates[j].bitrate == rate) { 518 *rates |= BIT(j); 519 count++; 520 break; 521 } 522 } 523 524 return count; 525 } 526 527 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 528 struct sk_buff *skb, u8 ap_ht_param, 529 struct ieee80211_supported_band *sband, 530 struct ieee80211_channel *channel, 531 enum ieee80211_smps_mode smps) 532 { 533 u8 *pos; 534 u32 flags = channel->flags; 535 u16 cap; 536 struct ieee80211_sta_ht_cap ht_cap; 537 538 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 539 540 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 541 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 542 543 /* determine capability flags */ 544 cap = ht_cap.cap; 545 546 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 547 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 548 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 549 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 550 cap &= ~IEEE80211_HT_CAP_SGI_40; 551 } 552 break; 553 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 554 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 555 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 556 cap &= ~IEEE80211_HT_CAP_SGI_40; 557 } 558 break; 559 } 560 561 /* 562 * If 40 MHz was disabled associate as though we weren't 563 * capable of 40 MHz -- some broken APs will never fall 564 * back to trying to transmit in 20 MHz. 565 */ 566 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 567 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 568 cap &= ~IEEE80211_HT_CAP_SGI_40; 569 } 570 571 /* set SM PS mode properly */ 572 cap &= ~IEEE80211_HT_CAP_SM_PS; 573 switch (smps) { 574 case IEEE80211_SMPS_AUTOMATIC: 575 case IEEE80211_SMPS_NUM_MODES: 576 WARN_ON(1); 577 case IEEE80211_SMPS_OFF: 578 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 579 IEEE80211_HT_CAP_SM_PS_SHIFT; 580 break; 581 case IEEE80211_SMPS_STATIC: 582 cap |= WLAN_HT_CAP_SM_PS_STATIC << 583 IEEE80211_HT_CAP_SM_PS_SHIFT; 584 break; 585 case IEEE80211_SMPS_DYNAMIC: 586 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 587 IEEE80211_HT_CAP_SM_PS_SHIFT; 588 break; 589 } 590 591 /* reserve and fill IE */ 592 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 593 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 594 } 595 596 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 597 struct sk_buff *skb, 598 struct ieee80211_supported_band *sband, 599 struct ieee80211_vht_cap *ap_vht_cap) 600 { 601 u8 *pos; 602 u32 cap; 603 struct ieee80211_sta_vht_cap vht_cap; 604 int i; 605 606 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 607 608 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 609 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 610 611 /* determine capability flags */ 612 cap = vht_cap.cap; 613 614 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 615 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; 616 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 617 } 618 619 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 620 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 621 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 622 } 623 624 /* 625 * Some APs apparently get confused if our capabilities are better 626 * than theirs, so restrict what we advertise in the assoc request. 627 */ 628 if (!(ap_vht_cap->vht_cap_info & 629 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 630 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 631 632 if (!(ap_vht_cap->vht_cap_info & 633 cpu_to_le32(IEEE80211_VHT_CAP_TXSTBC))) 634 cap &= ~(IEEE80211_VHT_CAP_RXSTBC_1 | 635 IEEE80211_VHT_CAP_RXSTBC_3 | 636 IEEE80211_VHT_CAP_RXSTBC_4); 637 638 for (i = 0; i < 8; i++) { 639 int shift = i * 2; 640 u16 mask = IEEE80211_VHT_MCS_NOT_SUPPORTED << shift; 641 u16 ap_mcs, our_mcs; 642 643 ap_mcs = (le16_to_cpu(ap_vht_cap->supp_mcs.tx_mcs_map) & 644 mask) >> shift; 645 our_mcs = (le16_to_cpu(vht_cap.vht_mcs.rx_mcs_map) & 646 mask) >> shift; 647 648 if (our_mcs == IEEE80211_VHT_MCS_NOT_SUPPORTED) 649 continue; 650 651 switch (ap_mcs) { 652 default: 653 if (our_mcs <= ap_mcs) 654 break; 655 /* fall through */ 656 case IEEE80211_VHT_MCS_NOT_SUPPORTED: 657 vht_cap.vht_mcs.rx_mcs_map &= cpu_to_le16(~mask); 658 vht_cap.vht_mcs.rx_mcs_map |= 659 cpu_to_le16(ap_mcs << shift); 660 } 661 } 662 663 /* reserve and fill IE */ 664 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 665 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 666 } 667 668 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 669 { 670 struct ieee80211_local *local = sdata->local; 671 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 672 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 673 struct sk_buff *skb; 674 struct ieee80211_mgmt *mgmt; 675 u8 *pos, qos_info; 676 size_t offset = 0, noffset; 677 int i, count, rates_len, supp_rates_len; 678 u16 capab; 679 struct ieee80211_supported_band *sband; 680 struct ieee80211_chanctx_conf *chanctx_conf; 681 struct ieee80211_channel *chan; 682 u32 rates = 0; 683 684 lockdep_assert_held(&ifmgd->mtx); 685 686 rcu_read_lock(); 687 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 688 if (WARN_ON(!chanctx_conf)) { 689 rcu_read_unlock(); 690 return; 691 } 692 chan = chanctx_conf->def.chan; 693 rcu_read_unlock(); 694 sband = local->hw.wiphy->bands[chan->band]; 695 696 if (assoc_data->supp_rates_len) { 697 /* 698 * Get all rates supported by the device and the AP as 699 * some APs don't like getting a superset of their rates 700 * in the association request (e.g. D-Link DAP 1353 in 701 * b-only mode)... 702 */ 703 rates_len = ieee80211_compatible_rates(assoc_data->supp_rates, 704 assoc_data->supp_rates_len, 705 sband, &rates); 706 } else { 707 /* 708 * In case AP not provide any supported rates information 709 * before association, we send information element(s) with 710 * all rates that we support. 711 */ 712 rates = ~0; 713 rates_len = sband->n_bitrates; 714 } 715 716 skb = alloc_skb(local->hw.extra_tx_headroom + 717 sizeof(*mgmt) + /* bit too much but doesn't matter */ 718 2 + assoc_data->ssid_len + /* SSID */ 719 4 + rates_len + /* (extended) rates */ 720 4 + /* power capability */ 721 2 + 2 * sband->n_channels + /* supported channels */ 722 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 723 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 724 assoc_data->ie_len + /* extra IEs */ 725 9, /* WMM */ 726 GFP_KERNEL); 727 if (!skb) 728 return; 729 730 skb_reserve(skb, local->hw.extra_tx_headroom); 731 732 capab = WLAN_CAPABILITY_ESS; 733 734 if (sband->band == IEEE80211_BAND_2GHZ) { 735 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 736 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 737 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 738 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 739 } 740 741 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 742 capab |= WLAN_CAPABILITY_PRIVACY; 743 744 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 745 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 746 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 747 748 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 749 memset(mgmt, 0, 24); 750 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 751 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 752 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 753 754 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 755 skb_put(skb, 10); 756 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 757 IEEE80211_STYPE_REASSOC_REQ); 758 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 759 mgmt->u.reassoc_req.listen_interval = 760 cpu_to_le16(local->hw.conf.listen_interval); 761 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 762 ETH_ALEN); 763 } else { 764 skb_put(skb, 4); 765 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 766 IEEE80211_STYPE_ASSOC_REQ); 767 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 768 mgmt->u.assoc_req.listen_interval = 769 cpu_to_le16(local->hw.conf.listen_interval); 770 } 771 772 /* SSID */ 773 pos = skb_put(skb, 2 + assoc_data->ssid_len); 774 *pos++ = WLAN_EID_SSID; 775 *pos++ = assoc_data->ssid_len; 776 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 777 778 /* add all rates which were marked to be used above */ 779 supp_rates_len = rates_len; 780 if (supp_rates_len > 8) 781 supp_rates_len = 8; 782 783 pos = skb_put(skb, supp_rates_len + 2); 784 *pos++ = WLAN_EID_SUPP_RATES; 785 *pos++ = supp_rates_len; 786 787 count = 0; 788 for (i = 0; i < sband->n_bitrates; i++) { 789 if (BIT(i) & rates) { 790 int rate = sband->bitrates[i].bitrate; 791 *pos++ = (u8) (rate / 5); 792 if (++count == 8) 793 break; 794 } 795 } 796 797 if (rates_len > count) { 798 pos = skb_put(skb, rates_len - count + 2); 799 *pos++ = WLAN_EID_EXT_SUPP_RATES; 800 *pos++ = rates_len - count; 801 802 for (i++; i < sband->n_bitrates; i++) { 803 if (BIT(i) & rates) { 804 int rate = sband->bitrates[i].bitrate; 805 *pos++ = (u8) (rate / 5); 806 } 807 } 808 } 809 810 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 811 /* 1. power capabilities */ 812 pos = skb_put(skb, 4); 813 *pos++ = WLAN_EID_PWR_CAPABILITY; 814 *pos++ = 2; 815 *pos++ = 0; /* min tx power */ 816 *pos++ = chan->max_power; /* max tx power */ 817 818 /* 2. supported channels */ 819 /* TODO: get this in reg domain format */ 820 pos = skb_put(skb, 2 * sband->n_channels + 2); 821 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 822 *pos++ = 2 * sband->n_channels; 823 for (i = 0; i < sband->n_channels; i++) { 824 *pos++ = ieee80211_frequency_to_channel( 825 sband->channels[i].center_freq); 826 *pos++ = 1; /* one channel in the subband*/ 827 } 828 } 829 830 /* if present, add any custom IEs that go before HT */ 831 if (assoc_data->ie_len && assoc_data->ie) { 832 static const u8 before_ht[] = { 833 WLAN_EID_SSID, 834 WLAN_EID_SUPP_RATES, 835 WLAN_EID_EXT_SUPP_RATES, 836 WLAN_EID_PWR_CAPABILITY, 837 WLAN_EID_SUPPORTED_CHANNELS, 838 WLAN_EID_RSN, 839 WLAN_EID_QOS_CAPA, 840 WLAN_EID_RRM_ENABLED_CAPABILITIES, 841 WLAN_EID_MOBILITY_DOMAIN, 842 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 843 }; 844 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 845 before_ht, ARRAY_SIZE(before_ht), 846 offset); 847 pos = skb_put(skb, noffset - offset); 848 memcpy(pos, assoc_data->ie + offset, noffset - offset); 849 offset = noffset; 850 } 851 852 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 853 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 854 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 855 856 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 857 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 858 sband, chan, sdata->smps_mode); 859 860 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 861 ieee80211_add_vht_ie(sdata, skb, sband, 862 &assoc_data->ap_vht_cap); 863 864 /* if present, add any custom non-vendor IEs that go after HT */ 865 if (assoc_data->ie_len && assoc_data->ie) { 866 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 867 assoc_data->ie_len, 868 offset); 869 pos = skb_put(skb, noffset - offset); 870 memcpy(pos, assoc_data->ie + offset, noffset - offset); 871 offset = noffset; 872 } 873 874 if (assoc_data->wmm) { 875 if (assoc_data->uapsd) { 876 qos_info = ifmgd->uapsd_queues; 877 qos_info |= (ifmgd->uapsd_max_sp_len << 878 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 879 } else { 880 qos_info = 0; 881 } 882 883 pos = skb_put(skb, 9); 884 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 885 *pos++ = 7; /* len */ 886 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 887 *pos++ = 0x50; 888 *pos++ = 0xf2; 889 *pos++ = 2; /* WME */ 890 *pos++ = 0; /* WME info */ 891 *pos++ = 1; /* WME ver */ 892 *pos++ = qos_info; 893 } 894 895 /* add any remaining custom (i.e. vendor specific here) IEs */ 896 if (assoc_data->ie_len && assoc_data->ie) { 897 noffset = assoc_data->ie_len; 898 pos = skb_put(skb, noffset - offset); 899 memcpy(pos, assoc_data->ie + offset, noffset - offset); 900 } 901 902 drv_mgd_prepare_tx(local, sdata); 903 904 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 905 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 906 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 907 IEEE80211_TX_INTFL_MLME_CONN_TX; 908 ieee80211_tx_skb(sdata, skb); 909 } 910 911 void ieee80211_send_pspoll(struct ieee80211_local *local, 912 struct ieee80211_sub_if_data *sdata) 913 { 914 struct ieee80211_pspoll *pspoll; 915 struct sk_buff *skb; 916 917 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 918 if (!skb) 919 return; 920 921 pspoll = (struct ieee80211_pspoll *) skb->data; 922 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 923 924 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 925 ieee80211_tx_skb(sdata, skb); 926 } 927 928 void ieee80211_send_nullfunc(struct ieee80211_local *local, 929 struct ieee80211_sub_if_data *sdata, 930 int powersave) 931 { 932 struct sk_buff *skb; 933 struct ieee80211_hdr_3addr *nullfunc; 934 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 935 936 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 937 if (!skb) 938 return; 939 940 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 941 if (powersave) 942 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 943 944 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 945 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 946 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 947 IEEE80211_STA_CONNECTION_POLL)) 948 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 949 950 ieee80211_tx_skb(sdata, skb); 951 } 952 953 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 954 struct ieee80211_sub_if_data *sdata) 955 { 956 struct sk_buff *skb; 957 struct ieee80211_hdr *nullfunc; 958 __le16 fc; 959 960 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 961 return; 962 963 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 964 if (!skb) 965 return; 966 967 skb_reserve(skb, local->hw.extra_tx_headroom); 968 969 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 970 memset(nullfunc, 0, 30); 971 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 972 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 973 nullfunc->frame_control = fc; 974 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 975 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 976 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 977 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 978 979 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 980 ieee80211_tx_skb(sdata, skb); 981 } 982 983 /* spectrum management related things */ 984 static void ieee80211_chswitch_work(struct work_struct *work) 985 { 986 struct ieee80211_sub_if_data *sdata = 987 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 988 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 989 990 if (!ieee80211_sdata_running(sdata)) 991 return; 992 993 mutex_lock(&ifmgd->mtx); 994 if (!ifmgd->associated) 995 goto out; 996 997 sdata->local->_oper_channel = sdata->local->csa_channel; 998 if (!sdata->local->ops->channel_switch) { 999 /* call "hw_config" only if doing sw channel switch */ 1000 ieee80211_hw_config(sdata->local, 1001 IEEE80211_CONF_CHANGE_CHANNEL); 1002 } else { 1003 /* update the device channel directly */ 1004 sdata->local->hw.conf.channel = sdata->local->_oper_channel; 1005 } 1006 1007 /* XXX: shouldn't really modify cfg80211-owned data! */ 1008 ifmgd->associated->channel = sdata->local->_oper_channel; 1009 1010 /* XXX: wait for a beacon first? */ 1011 ieee80211_wake_queues_by_reason(&sdata->local->hw, 1012 IEEE80211_QUEUE_STOP_REASON_CSA); 1013 out: 1014 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 1015 mutex_unlock(&ifmgd->mtx); 1016 } 1017 1018 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 1019 { 1020 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1021 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1022 1023 trace_api_chswitch_done(sdata, success); 1024 if (!success) { 1025 sdata_info(sdata, 1026 "driver channel switch failed, disconnecting\n"); 1027 ieee80211_queue_work(&sdata->local->hw, 1028 &ifmgd->csa_connection_drop_work); 1029 } else { 1030 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1031 } 1032 } 1033 EXPORT_SYMBOL(ieee80211_chswitch_done); 1034 1035 static void ieee80211_chswitch_timer(unsigned long data) 1036 { 1037 struct ieee80211_sub_if_data *sdata = 1038 (struct ieee80211_sub_if_data *) data; 1039 1040 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 1041 } 1042 1043 void 1044 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1045 const struct ieee80211_channel_sw_ie *sw_elem, 1046 struct ieee80211_bss *bss, u64 timestamp) 1047 { 1048 struct cfg80211_bss *cbss = 1049 container_of((void *)bss, struct cfg80211_bss, priv); 1050 struct ieee80211_channel *new_ch; 1051 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1052 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num, 1053 cbss->channel->band); 1054 struct ieee80211_chanctx *chanctx; 1055 1056 ASSERT_MGD_MTX(ifmgd); 1057 1058 if (!ifmgd->associated) 1059 return; 1060 1061 if (sdata->local->scanning) 1062 return; 1063 1064 /* Disregard subsequent beacons if we are already running a timer 1065 processing a CSA */ 1066 1067 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 1068 return; 1069 1070 new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 1071 if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) { 1072 sdata_info(sdata, 1073 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n", 1074 ifmgd->associated->bssid, new_freq); 1075 ieee80211_queue_work(&sdata->local->hw, 1076 &ifmgd->csa_connection_drop_work); 1077 return; 1078 } 1079 1080 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 1081 1082 if (sdata->local->use_chanctx) { 1083 sdata_info(sdata, 1084 "not handling channel switch with channel contexts\n"); 1085 ieee80211_queue_work(&sdata->local->hw, 1086 &ifmgd->csa_connection_drop_work); 1087 return; 1088 } 1089 1090 mutex_lock(&sdata->local->chanctx_mtx); 1091 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { 1092 mutex_unlock(&sdata->local->chanctx_mtx); 1093 return; 1094 } 1095 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), 1096 struct ieee80211_chanctx, conf); 1097 if (chanctx->refcount > 1) { 1098 sdata_info(sdata, 1099 "channel switch with multiple interfaces on the same channel, disconnecting\n"); 1100 ieee80211_queue_work(&sdata->local->hw, 1101 &ifmgd->csa_connection_drop_work); 1102 mutex_unlock(&sdata->local->chanctx_mtx); 1103 return; 1104 } 1105 mutex_unlock(&sdata->local->chanctx_mtx); 1106 1107 sdata->local->csa_channel = new_ch; 1108 1109 if (sw_elem->mode) 1110 ieee80211_stop_queues_by_reason(&sdata->local->hw, 1111 IEEE80211_QUEUE_STOP_REASON_CSA); 1112 1113 if (sdata->local->ops->channel_switch) { 1114 /* use driver's channel switch callback */ 1115 struct ieee80211_channel_switch ch_switch = { 1116 .timestamp = timestamp, 1117 .block_tx = sw_elem->mode, 1118 .channel = new_ch, 1119 .count = sw_elem->count, 1120 }; 1121 1122 drv_channel_switch(sdata->local, &ch_switch); 1123 return; 1124 } 1125 1126 /* channel switch handled in software */ 1127 if (sw_elem->count <= 1) 1128 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1129 else 1130 mod_timer(&ifmgd->chswitch_timer, 1131 TU_TO_EXP_TIME(sw_elem->count * 1132 cbss->beacon_interval)); 1133 } 1134 1135 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1136 struct ieee80211_channel *channel, 1137 const u8 *country_ie, u8 country_ie_len, 1138 const u8 *pwr_constr_elem) 1139 { 1140 struct ieee80211_country_ie_triplet *triplet; 1141 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1142 int i, chan_pwr, chan_increment, new_ap_level; 1143 bool have_chan_pwr = false; 1144 1145 /* Invalid IE */ 1146 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1147 return 0; 1148 1149 triplet = (void *)(country_ie + 3); 1150 country_ie_len -= 3; 1151 1152 switch (channel->band) { 1153 default: 1154 WARN_ON_ONCE(1); 1155 /* fall through */ 1156 case IEEE80211_BAND_2GHZ: 1157 case IEEE80211_BAND_60GHZ: 1158 chan_increment = 1; 1159 break; 1160 case IEEE80211_BAND_5GHZ: 1161 chan_increment = 4; 1162 break; 1163 } 1164 1165 /* find channel */ 1166 while (country_ie_len >= 3) { 1167 u8 first_channel = triplet->chans.first_channel; 1168 1169 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1170 goto next; 1171 1172 for (i = 0; i < triplet->chans.num_channels; i++) { 1173 if (first_channel + i * chan_increment == chan) { 1174 have_chan_pwr = true; 1175 chan_pwr = triplet->chans.max_power; 1176 break; 1177 } 1178 } 1179 if (have_chan_pwr) 1180 break; 1181 1182 next: 1183 triplet++; 1184 country_ie_len -= 3; 1185 } 1186 1187 if (!have_chan_pwr) 1188 return 0; 1189 1190 new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem); 1191 1192 if (sdata->ap_power_level == new_ap_level) 1193 return 0; 1194 1195 sdata_info(sdata, 1196 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1197 new_ap_level, chan_pwr, *pwr_constr_elem, 1198 sdata->u.mgd.bssid); 1199 sdata->ap_power_level = new_ap_level; 1200 if (__ieee80211_recalc_txpower(sdata)) 1201 return BSS_CHANGED_TXPOWER; 1202 return 0; 1203 } 1204 1205 /* powersave */ 1206 static void ieee80211_enable_ps(struct ieee80211_local *local, 1207 struct ieee80211_sub_if_data *sdata) 1208 { 1209 struct ieee80211_conf *conf = &local->hw.conf; 1210 1211 /* 1212 * If we are scanning right now then the parameters will 1213 * take effect when scan finishes. 1214 */ 1215 if (local->scanning) 1216 return; 1217 1218 if (conf->dynamic_ps_timeout > 0 && 1219 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1220 mod_timer(&local->dynamic_ps_timer, jiffies + 1221 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1222 } else { 1223 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1224 ieee80211_send_nullfunc(local, sdata, 1); 1225 1226 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1227 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1228 return; 1229 1230 conf->flags |= IEEE80211_CONF_PS; 1231 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1232 } 1233 } 1234 1235 static void ieee80211_change_ps(struct ieee80211_local *local) 1236 { 1237 struct ieee80211_conf *conf = &local->hw.conf; 1238 1239 if (local->ps_sdata) { 1240 ieee80211_enable_ps(local, local->ps_sdata); 1241 } else if (conf->flags & IEEE80211_CONF_PS) { 1242 conf->flags &= ~IEEE80211_CONF_PS; 1243 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1244 del_timer_sync(&local->dynamic_ps_timer); 1245 cancel_work_sync(&local->dynamic_ps_enable_work); 1246 } 1247 } 1248 1249 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1250 { 1251 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1252 struct sta_info *sta = NULL; 1253 bool authorized = false; 1254 1255 if (!mgd->powersave) 1256 return false; 1257 1258 if (mgd->broken_ap) 1259 return false; 1260 1261 if (!mgd->associated) 1262 return false; 1263 1264 if (mgd->flags & (IEEE80211_STA_BEACON_POLL | 1265 IEEE80211_STA_CONNECTION_POLL)) 1266 return false; 1267 1268 rcu_read_lock(); 1269 sta = sta_info_get(sdata, mgd->bssid); 1270 if (sta) 1271 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1272 rcu_read_unlock(); 1273 1274 return authorized; 1275 } 1276 1277 /* need to hold RTNL or interface lock */ 1278 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1279 { 1280 struct ieee80211_sub_if_data *sdata, *found = NULL; 1281 int count = 0; 1282 int timeout; 1283 1284 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1285 local->ps_sdata = NULL; 1286 return; 1287 } 1288 1289 list_for_each_entry(sdata, &local->interfaces, list) { 1290 if (!ieee80211_sdata_running(sdata)) 1291 continue; 1292 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1293 /* If an AP vif is found, then disable PS 1294 * by setting the count to zero thereby setting 1295 * ps_sdata to NULL. 1296 */ 1297 count = 0; 1298 break; 1299 } 1300 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1301 continue; 1302 found = sdata; 1303 count++; 1304 } 1305 1306 if (count == 1 && ieee80211_powersave_allowed(found)) { 1307 s32 beaconint_us; 1308 1309 if (latency < 0) 1310 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1311 1312 beaconint_us = ieee80211_tu_to_usec( 1313 found->vif.bss_conf.beacon_int); 1314 1315 timeout = local->dynamic_ps_forced_timeout; 1316 if (timeout < 0) { 1317 /* 1318 * Go to full PSM if the user configures a very low 1319 * latency requirement. 1320 * The 2000 second value is there for compatibility 1321 * until the PM_QOS_NETWORK_LATENCY is configured 1322 * with real values. 1323 */ 1324 if (latency > (1900 * USEC_PER_MSEC) && 1325 latency != (2000 * USEC_PER_SEC)) 1326 timeout = 0; 1327 else 1328 timeout = 100; 1329 } 1330 local->hw.conf.dynamic_ps_timeout = timeout; 1331 1332 if (beaconint_us > latency) { 1333 local->ps_sdata = NULL; 1334 } else { 1335 int maxslp = 1; 1336 u8 dtimper = found->u.mgd.dtim_period; 1337 1338 /* If the TIM IE is invalid, pretend the value is 1 */ 1339 if (!dtimper) 1340 dtimper = 1; 1341 else if (dtimper > 1) 1342 maxslp = min_t(int, dtimper, 1343 latency / beaconint_us); 1344 1345 local->hw.conf.max_sleep_period = maxslp; 1346 local->hw.conf.ps_dtim_period = dtimper; 1347 local->ps_sdata = found; 1348 } 1349 } else { 1350 local->ps_sdata = NULL; 1351 } 1352 1353 ieee80211_change_ps(local); 1354 } 1355 1356 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1357 { 1358 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1359 1360 if (sdata->vif.bss_conf.ps != ps_allowed) { 1361 sdata->vif.bss_conf.ps = ps_allowed; 1362 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1363 } 1364 } 1365 1366 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1367 { 1368 struct ieee80211_local *local = 1369 container_of(work, struct ieee80211_local, 1370 dynamic_ps_disable_work); 1371 1372 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1373 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1374 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1375 } 1376 1377 ieee80211_wake_queues_by_reason(&local->hw, 1378 IEEE80211_QUEUE_STOP_REASON_PS); 1379 } 1380 1381 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1382 { 1383 struct ieee80211_local *local = 1384 container_of(work, struct ieee80211_local, 1385 dynamic_ps_enable_work); 1386 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1387 struct ieee80211_if_managed *ifmgd; 1388 unsigned long flags; 1389 int q; 1390 1391 /* can only happen when PS was just disabled anyway */ 1392 if (!sdata) 1393 return; 1394 1395 ifmgd = &sdata->u.mgd; 1396 1397 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1398 return; 1399 1400 if (local->hw.conf.dynamic_ps_timeout > 0) { 1401 /* don't enter PS if TX frames are pending */ 1402 if (drv_tx_frames_pending(local)) { 1403 mod_timer(&local->dynamic_ps_timer, jiffies + 1404 msecs_to_jiffies( 1405 local->hw.conf.dynamic_ps_timeout)); 1406 return; 1407 } 1408 1409 /* 1410 * transmission can be stopped by others which leads to 1411 * dynamic_ps_timer expiry. Postpone the ps timer if it 1412 * is not the actual idle state. 1413 */ 1414 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1415 for (q = 0; q < local->hw.queues; q++) { 1416 if (local->queue_stop_reasons[q]) { 1417 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1418 flags); 1419 mod_timer(&local->dynamic_ps_timer, jiffies + 1420 msecs_to_jiffies( 1421 local->hw.conf.dynamic_ps_timeout)); 1422 return; 1423 } 1424 } 1425 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1426 } 1427 1428 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1429 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1430 netif_tx_stop_all_queues(sdata->dev); 1431 1432 if (drv_tx_frames_pending(local)) 1433 mod_timer(&local->dynamic_ps_timer, jiffies + 1434 msecs_to_jiffies( 1435 local->hw.conf.dynamic_ps_timeout)); 1436 else { 1437 ieee80211_send_nullfunc(local, sdata, 1); 1438 /* Flush to get the tx status of nullfunc frame */ 1439 drv_flush(local, false); 1440 } 1441 } 1442 1443 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1444 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1445 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1446 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1447 local->hw.conf.flags |= IEEE80211_CONF_PS; 1448 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1449 } 1450 1451 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1452 netif_tx_wake_all_queues(sdata->dev); 1453 } 1454 1455 void ieee80211_dynamic_ps_timer(unsigned long data) 1456 { 1457 struct ieee80211_local *local = (void *) data; 1458 1459 if (local->quiescing || local->suspended) 1460 return; 1461 1462 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1463 } 1464 1465 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1466 { 1467 struct delayed_work *delayed_work = 1468 container_of(work, struct delayed_work, work); 1469 struct ieee80211_sub_if_data *sdata = 1470 container_of(delayed_work, struct ieee80211_sub_if_data, 1471 dfs_cac_timer_work); 1472 1473 ieee80211_vif_release_channel(sdata); 1474 1475 cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL); 1476 } 1477 1478 /* MLME */ 1479 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1480 struct ieee80211_sub_if_data *sdata, 1481 const u8 *wmm_param, size_t wmm_param_len) 1482 { 1483 struct ieee80211_tx_queue_params params; 1484 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1485 size_t left; 1486 int count; 1487 const u8 *pos; 1488 u8 uapsd_queues = 0; 1489 1490 if (!local->ops->conf_tx) 1491 return false; 1492 1493 if (local->hw.queues < IEEE80211_NUM_ACS) 1494 return false; 1495 1496 if (!wmm_param) 1497 return false; 1498 1499 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1500 return false; 1501 1502 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1503 uapsd_queues = ifmgd->uapsd_queues; 1504 1505 count = wmm_param[6] & 0x0f; 1506 if (count == ifmgd->wmm_last_param_set) 1507 return false; 1508 ifmgd->wmm_last_param_set = count; 1509 1510 pos = wmm_param + 8; 1511 left = wmm_param_len - 8; 1512 1513 memset(¶ms, 0, sizeof(params)); 1514 1515 sdata->wmm_acm = 0; 1516 for (; left >= 4; left -= 4, pos += 4) { 1517 int aci = (pos[0] >> 5) & 0x03; 1518 int acm = (pos[0] >> 4) & 0x01; 1519 bool uapsd = false; 1520 int queue; 1521 1522 switch (aci) { 1523 case 1: /* AC_BK */ 1524 queue = 3; 1525 if (acm) 1526 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1527 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1528 uapsd = true; 1529 break; 1530 case 2: /* AC_VI */ 1531 queue = 1; 1532 if (acm) 1533 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1534 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1535 uapsd = true; 1536 break; 1537 case 3: /* AC_VO */ 1538 queue = 0; 1539 if (acm) 1540 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1541 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1542 uapsd = true; 1543 break; 1544 case 0: /* AC_BE */ 1545 default: 1546 queue = 2; 1547 if (acm) 1548 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1549 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1550 uapsd = true; 1551 break; 1552 } 1553 1554 params.aifs = pos[0] & 0x0f; 1555 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1556 params.cw_min = ecw2cw(pos[1] & 0x0f); 1557 params.txop = get_unaligned_le16(pos + 2); 1558 params.uapsd = uapsd; 1559 1560 mlme_dbg(sdata, 1561 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 1562 queue, aci, acm, 1563 params.aifs, params.cw_min, params.cw_max, 1564 params.txop, params.uapsd); 1565 sdata->tx_conf[queue] = params; 1566 if (drv_conf_tx(local, sdata, queue, ¶ms)) 1567 sdata_err(sdata, 1568 "failed to set TX queue parameters for queue %d\n", 1569 queue); 1570 } 1571 1572 /* enable WMM or activate new settings */ 1573 sdata->vif.bss_conf.qos = true; 1574 return true; 1575 } 1576 1577 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1578 { 1579 lockdep_assert_held(&sdata->local->mtx); 1580 1581 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 1582 IEEE80211_STA_BEACON_POLL); 1583 ieee80211_run_deferred_scan(sdata->local); 1584 } 1585 1586 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1587 { 1588 mutex_lock(&sdata->local->mtx); 1589 __ieee80211_stop_poll(sdata); 1590 mutex_unlock(&sdata->local->mtx); 1591 } 1592 1593 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1594 u16 capab, bool erp_valid, u8 erp) 1595 { 1596 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1597 u32 changed = 0; 1598 bool use_protection; 1599 bool use_short_preamble; 1600 bool use_short_slot; 1601 1602 if (erp_valid) { 1603 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1604 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1605 } else { 1606 use_protection = false; 1607 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1608 } 1609 1610 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1611 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1612 use_short_slot = true; 1613 1614 if (use_protection != bss_conf->use_cts_prot) { 1615 bss_conf->use_cts_prot = use_protection; 1616 changed |= BSS_CHANGED_ERP_CTS_PROT; 1617 } 1618 1619 if (use_short_preamble != bss_conf->use_short_preamble) { 1620 bss_conf->use_short_preamble = use_short_preamble; 1621 changed |= BSS_CHANGED_ERP_PREAMBLE; 1622 } 1623 1624 if (use_short_slot != bss_conf->use_short_slot) { 1625 bss_conf->use_short_slot = use_short_slot; 1626 changed |= BSS_CHANGED_ERP_SLOT; 1627 } 1628 1629 return changed; 1630 } 1631 1632 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1633 struct cfg80211_bss *cbss, 1634 u32 bss_info_changed) 1635 { 1636 struct ieee80211_bss *bss = (void *)cbss->priv; 1637 struct ieee80211_local *local = sdata->local; 1638 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1639 1640 bss_info_changed |= BSS_CHANGED_ASSOC; 1641 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1642 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1643 1644 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1645 IEEE80211_BEACON_LOSS_COUNT * bss_conf->beacon_int)); 1646 1647 sdata->u.mgd.associated = cbss; 1648 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1649 1650 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1651 1652 if (sdata->vif.p2p) { 1653 const struct cfg80211_bss_ies *ies; 1654 1655 rcu_read_lock(); 1656 ies = rcu_dereference(cbss->ies); 1657 if (ies) { 1658 u8 noa[2]; 1659 int ret; 1660 1661 ret = cfg80211_get_p2p_attr( 1662 ies->data, ies->len, 1663 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1664 noa, sizeof(noa)); 1665 if (ret >= 2) { 1666 bss_conf->p2p_oppps = noa[1] & 0x80; 1667 bss_conf->p2p_ctwindow = noa[1] & 0x7f; 1668 bss_info_changed |= BSS_CHANGED_P2P_PS; 1669 sdata->u.mgd.p2p_noa_index = noa[0]; 1670 } 1671 } 1672 rcu_read_unlock(); 1673 } 1674 1675 /* just to be sure */ 1676 ieee80211_stop_poll(sdata); 1677 1678 ieee80211_led_assoc(local, 1); 1679 1680 if (sdata->u.mgd.assoc_data->have_beacon) { 1681 /* 1682 * If the AP is buggy we may get here with no DTIM period 1683 * known, so assume it's 1 which is the only safe assumption 1684 * in that case, although if the TIM IE is broken powersave 1685 * probably just won't work at all. 1686 */ 1687 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1688 bss_info_changed |= BSS_CHANGED_DTIM_PERIOD; 1689 } else { 1690 bss_conf->dtim_period = 0; 1691 } 1692 1693 bss_conf->assoc = 1; 1694 1695 /* Tell the driver to monitor connection quality (if supported) */ 1696 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1697 bss_conf->cqm_rssi_thold) 1698 bss_info_changed |= BSS_CHANGED_CQM; 1699 1700 /* Enable ARP filtering */ 1701 if (bss_conf->arp_addr_cnt) 1702 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1703 1704 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1705 1706 mutex_lock(&local->iflist_mtx); 1707 ieee80211_recalc_ps(local, -1); 1708 mutex_unlock(&local->iflist_mtx); 1709 1710 ieee80211_recalc_smps(sdata); 1711 ieee80211_recalc_ps_vif(sdata); 1712 1713 netif_tx_start_all_queues(sdata->dev); 1714 netif_carrier_on(sdata->dev); 1715 } 1716 1717 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1718 u16 stype, u16 reason, bool tx, 1719 u8 *frame_buf) 1720 { 1721 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1722 struct ieee80211_local *local = sdata->local; 1723 u32 changed = 0; 1724 1725 ASSERT_MGD_MTX(ifmgd); 1726 1727 if (WARN_ON_ONCE(tx && !frame_buf)) 1728 return; 1729 1730 if (WARN_ON(!ifmgd->associated)) 1731 return; 1732 1733 ieee80211_stop_poll(sdata); 1734 1735 ifmgd->associated = NULL; 1736 1737 /* 1738 * we need to commit the associated = NULL change because the 1739 * scan code uses that to determine whether this iface should 1740 * go to/wake up from powersave or not -- and could otherwise 1741 * wake the queues erroneously. 1742 */ 1743 smp_mb(); 1744 1745 /* 1746 * Thus, we can only afterwards stop the queues -- to account 1747 * for the case where another CPU is finishing a scan at this 1748 * time -- we don't want the scan code to enable queues. 1749 */ 1750 1751 netif_tx_stop_all_queues(sdata->dev); 1752 netif_carrier_off(sdata->dev); 1753 1754 /* 1755 * if we want to get out of ps before disassoc (why?) we have 1756 * to do it before sending disassoc, as otherwise the null-packet 1757 * won't be valid. 1758 */ 1759 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1760 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1761 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1762 } 1763 local->ps_sdata = NULL; 1764 1765 /* disable per-vif ps */ 1766 ieee80211_recalc_ps_vif(sdata); 1767 1768 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 1769 if (tx) 1770 drv_flush(local, false); 1771 1772 /* deauthenticate/disassociate now */ 1773 if (tx || frame_buf) 1774 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 1775 reason, tx, frame_buf); 1776 1777 /* flush out frame */ 1778 if (tx) 1779 drv_flush(local, false); 1780 1781 /* clear bssid only after building the needed mgmt frames */ 1782 memset(ifmgd->bssid, 0, ETH_ALEN); 1783 1784 /* remove AP and TDLS peers */ 1785 sta_info_flush_defer(sdata); 1786 1787 /* finally reset all BSS / config parameters */ 1788 changed |= ieee80211_reset_erp_info(sdata); 1789 1790 ieee80211_led_assoc(local, 0); 1791 changed |= BSS_CHANGED_ASSOC; 1792 sdata->vif.bss_conf.assoc = false; 1793 1794 sdata->vif.bss_conf.p2p_ctwindow = 0; 1795 sdata->vif.bss_conf.p2p_oppps = false; 1796 1797 /* on the next assoc, re-program HT/VHT parameters */ 1798 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1799 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 1800 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 1801 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 1802 1803 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 1804 1805 del_timer_sync(&local->dynamic_ps_timer); 1806 cancel_work_sync(&local->dynamic_ps_enable_work); 1807 1808 /* Disable ARP filtering */ 1809 if (sdata->vif.bss_conf.arp_addr_cnt) 1810 changed |= BSS_CHANGED_ARP_FILTER; 1811 1812 sdata->vif.bss_conf.qos = false; 1813 changed |= BSS_CHANGED_QOS; 1814 1815 /* The BSSID (not really interesting) and HT changed */ 1816 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1817 ieee80211_bss_info_change_notify(sdata, changed); 1818 1819 /* disassociated - set to defaults now */ 1820 ieee80211_set_wmm_default(sdata, false); 1821 1822 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1823 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1824 del_timer_sync(&sdata->u.mgd.timer); 1825 del_timer_sync(&sdata->u.mgd.chswitch_timer); 1826 1827 sdata->vif.bss_conf.dtim_period = 0; 1828 1829 ifmgd->flags = 0; 1830 ieee80211_vif_release_channel(sdata); 1831 } 1832 1833 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1834 struct ieee80211_hdr *hdr) 1835 { 1836 /* 1837 * We can postpone the mgd.timer whenever receiving unicast frames 1838 * from AP because we know that the connection is working both ways 1839 * at that time. But multicast frames (and hence also beacons) must 1840 * be ignored here, because we need to trigger the timer during 1841 * data idle periods for sending the periodic probe request to the 1842 * AP we're connected to. 1843 */ 1844 if (is_multicast_ether_addr(hdr->addr1)) 1845 return; 1846 1847 ieee80211_sta_reset_conn_monitor(sdata); 1848 } 1849 1850 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 1851 { 1852 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1853 struct ieee80211_local *local = sdata->local; 1854 1855 mutex_lock(&local->mtx); 1856 if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1857 IEEE80211_STA_CONNECTION_POLL))) { 1858 mutex_unlock(&local->mtx); 1859 return; 1860 } 1861 1862 __ieee80211_stop_poll(sdata); 1863 1864 mutex_lock(&local->iflist_mtx); 1865 ieee80211_recalc_ps(local, -1); 1866 mutex_unlock(&local->iflist_mtx); 1867 1868 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1869 goto out; 1870 1871 /* 1872 * We've received a probe response, but are not sure whether 1873 * we have or will be receiving any beacons or data, so let's 1874 * schedule the timers again, just in case. 1875 */ 1876 ieee80211_sta_reset_beacon_monitor(sdata); 1877 1878 mod_timer(&ifmgd->conn_mon_timer, 1879 round_jiffies_up(jiffies + 1880 IEEE80211_CONNECTION_IDLE_TIME)); 1881 out: 1882 mutex_unlock(&local->mtx); 1883 } 1884 1885 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 1886 struct ieee80211_hdr *hdr, bool ack) 1887 { 1888 if (!ieee80211_is_data(hdr->frame_control)) 1889 return; 1890 1891 if (ieee80211_is_nullfunc(hdr->frame_control) && 1892 sdata->u.mgd.probe_send_count > 0) { 1893 if (ack) 1894 ieee80211_sta_reset_conn_monitor(sdata); 1895 else 1896 sdata->u.mgd.nullfunc_failed = true; 1897 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 1898 return; 1899 } 1900 1901 if (ack) 1902 ieee80211_sta_reset_conn_monitor(sdata); 1903 } 1904 1905 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 1906 { 1907 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1908 const u8 *ssid; 1909 u8 *dst = ifmgd->associated->bssid; 1910 u8 unicast_limit = max(1, max_probe_tries - 3); 1911 1912 /* 1913 * Try sending broadcast probe requests for the last three 1914 * probe requests after the first ones failed since some 1915 * buggy APs only support broadcast probe requests. 1916 */ 1917 if (ifmgd->probe_send_count >= unicast_limit) 1918 dst = NULL; 1919 1920 /* 1921 * When the hardware reports an accurate Tx ACK status, it's 1922 * better to send a nullfunc frame instead of a probe request, 1923 * as it will kick us off the AP quickly if we aren't associated 1924 * anymore. The timeout will be reset if the frame is ACKed by 1925 * the AP. 1926 */ 1927 ifmgd->probe_send_count++; 1928 1929 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 1930 ifmgd->nullfunc_failed = false; 1931 ieee80211_send_nullfunc(sdata->local, sdata, 0); 1932 } else { 1933 int ssid_len; 1934 1935 rcu_read_lock(); 1936 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 1937 if (WARN_ON_ONCE(ssid == NULL)) 1938 ssid_len = 0; 1939 else 1940 ssid_len = ssid[1]; 1941 1942 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL, 1943 0, (u32) -1, true, 0, 1944 ifmgd->associated->channel, false); 1945 rcu_read_unlock(); 1946 } 1947 1948 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 1949 run_again(ifmgd, ifmgd->probe_timeout); 1950 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 1951 drv_flush(sdata->local, false); 1952 } 1953 1954 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 1955 bool beacon) 1956 { 1957 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1958 bool already = false; 1959 1960 if (!ieee80211_sdata_running(sdata)) 1961 return; 1962 1963 mutex_lock(&ifmgd->mtx); 1964 1965 if (!ifmgd->associated) 1966 goto out; 1967 1968 mutex_lock(&sdata->local->mtx); 1969 1970 if (sdata->local->tmp_channel || sdata->local->scanning) { 1971 mutex_unlock(&sdata->local->mtx); 1972 goto out; 1973 } 1974 1975 if (beacon) 1976 mlme_dbg_ratelimited(sdata, 1977 "detected beacon loss from AP - probing\n"); 1978 1979 ieee80211_cqm_rssi_notify(&sdata->vif, 1980 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, GFP_KERNEL); 1981 1982 /* 1983 * The driver/our work has already reported this event or the 1984 * connection monitoring has kicked in and we have already sent 1985 * a probe request. Or maybe the AP died and the driver keeps 1986 * reporting until we disassociate... 1987 * 1988 * In either case we have to ignore the current call to this 1989 * function (except for setting the correct probe reason bit) 1990 * because otherwise we would reset the timer every time and 1991 * never check whether we received a probe response! 1992 */ 1993 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1994 IEEE80211_STA_CONNECTION_POLL)) 1995 already = true; 1996 1997 if (beacon) 1998 ifmgd->flags |= IEEE80211_STA_BEACON_POLL; 1999 else 2000 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 2001 2002 mutex_unlock(&sdata->local->mtx); 2003 2004 if (already) 2005 goto out; 2006 2007 mutex_lock(&sdata->local->iflist_mtx); 2008 ieee80211_recalc_ps(sdata->local, -1); 2009 mutex_unlock(&sdata->local->iflist_mtx); 2010 2011 ifmgd->probe_send_count = 0; 2012 ieee80211_mgd_probe_ap_send(sdata); 2013 out: 2014 mutex_unlock(&ifmgd->mtx); 2015 } 2016 2017 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 2018 struct ieee80211_vif *vif) 2019 { 2020 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2021 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2022 struct cfg80211_bss *cbss; 2023 struct sk_buff *skb; 2024 const u8 *ssid; 2025 int ssid_len; 2026 2027 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2028 return NULL; 2029 2030 ASSERT_MGD_MTX(ifmgd); 2031 2032 if (ifmgd->associated) 2033 cbss = ifmgd->associated; 2034 else if (ifmgd->auth_data) 2035 cbss = ifmgd->auth_data->bss; 2036 else if (ifmgd->assoc_data) 2037 cbss = ifmgd->assoc_data->bss; 2038 else 2039 return NULL; 2040 2041 rcu_read_lock(); 2042 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 2043 if (WARN_ON_ONCE(ssid == NULL)) 2044 ssid_len = 0; 2045 else 2046 ssid_len = ssid[1]; 2047 2048 skb = ieee80211_build_probe_req(sdata, cbss->bssid, 2049 (u32) -1, cbss->channel, 2050 ssid + 2, ssid_len, 2051 NULL, 0, true); 2052 rcu_read_unlock(); 2053 2054 return skb; 2055 } 2056 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2057 2058 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2059 { 2060 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2061 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2062 2063 mutex_lock(&ifmgd->mtx); 2064 if (!ifmgd->associated) { 2065 mutex_unlock(&ifmgd->mtx); 2066 return; 2067 } 2068 2069 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2070 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2071 true, frame_buf); 2072 ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED; 2073 ieee80211_wake_queues_by_reason(&sdata->local->hw, 2074 IEEE80211_QUEUE_STOP_REASON_CSA); 2075 mutex_unlock(&ifmgd->mtx); 2076 2077 /* 2078 * must be outside lock due to cfg80211, 2079 * but that's not a problem. 2080 */ 2081 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN); 2082 } 2083 2084 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2085 { 2086 struct ieee80211_sub_if_data *sdata = 2087 container_of(work, struct ieee80211_sub_if_data, 2088 u.mgd.beacon_connection_loss_work); 2089 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2090 struct sta_info *sta; 2091 2092 if (ifmgd->associated) { 2093 rcu_read_lock(); 2094 sta = sta_info_get(sdata, ifmgd->bssid); 2095 if (sta) 2096 sta->beacon_loss_count++; 2097 rcu_read_unlock(); 2098 } 2099 2100 if (ifmgd->connection_loss) { 2101 sdata_info(sdata, "Connection to AP %pM lost\n", 2102 ifmgd->bssid); 2103 __ieee80211_disconnect(sdata); 2104 } else { 2105 ieee80211_mgd_probe_ap(sdata, true); 2106 } 2107 } 2108 2109 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2110 { 2111 struct ieee80211_sub_if_data *sdata = 2112 container_of(work, struct ieee80211_sub_if_data, 2113 u.mgd.csa_connection_drop_work); 2114 2115 __ieee80211_disconnect(sdata); 2116 } 2117 2118 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2119 { 2120 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2121 struct ieee80211_hw *hw = &sdata->local->hw; 2122 2123 trace_api_beacon_loss(sdata); 2124 2125 WARN_ON(hw->flags & IEEE80211_HW_CONNECTION_MONITOR); 2126 sdata->u.mgd.connection_loss = false; 2127 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2128 } 2129 EXPORT_SYMBOL(ieee80211_beacon_loss); 2130 2131 void ieee80211_connection_loss(struct ieee80211_vif *vif) 2132 { 2133 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2134 struct ieee80211_hw *hw = &sdata->local->hw; 2135 2136 trace_api_connection_loss(sdata); 2137 2138 sdata->u.mgd.connection_loss = true; 2139 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2140 } 2141 EXPORT_SYMBOL(ieee80211_connection_loss); 2142 2143 2144 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2145 bool assoc) 2146 { 2147 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2148 2149 lockdep_assert_held(&sdata->u.mgd.mtx); 2150 2151 if (!assoc) { 2152 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2153 2154 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2155 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2156 sdata->u.mgd.flags = 0; 2157 ieee80211_vif_release_channel(sdata); 2158 } 2159 2160 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2161 kfree(auth_data); 2162 sdata->u.mgd.auth_data = NULL; 2163 } 2164 2165 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2166 struct ieee80211_mgmt *mgmt, size_t len) 2167 { 2168 struct ieee80211_local *local = sdata->local; 2169 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2170 u8 *pos; 2171 struct ieee802_11_elems elems; 2172 u32 tx_flags = 0; 2173 2174 pos = mgmt->u.auth.variable; 2175 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2176 if (!elems.challenge) 2177 return; 2178 auth_data->expected_transaction = 4; 2179 drv_mgd_prepare_tx(sdata->local, sdata); 2180 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2181 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2182 IEEE80211_TX_INTFL_MLME_CONN_TX; 2183 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2184 elems.challenge - 2, elems.challenge_len + 2, 2185 auth_data->bss->bssid, auth_data->bss->bssid, 2186 auth_data->key, auth_data->key_len, 2187 auth_data->key_idx, tx_flags); 2188 } 2189 2190 static enum rx_mgmt_action __must_check 2191 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2192 struct ieee80211_mgmt *mgmt, size_t len) 2193 { 2194 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2195 u8 bssid[ETH_ALEN]; 2196 u16 auth_alg, auth_transaction, status_code; 2197 struct sta_info *sta; 2198 2199 lockdep_assert_held(&ifmgd->mtx); 2200 2201 if (len < 24 + 6) 2202 return RX_MGMT_NONE; 2203 2204 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2205 return RX_MGMT_NONE; 2206 2207 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2208 2209 if (!ether_addr_equal(bssid, mgmt->bssid)) 2210 return RX_MGMT_NONE; 2211 2212 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2213 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2214 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2215 2216 if (auth_alg != ifmgd->auth_data->algorithm || 2217 auth_transaction != ifmgd->auth_data->expected_transaction) { 2218 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2219 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2220 auth_transaction, 2221 ifmgd->auth_data->expected_transaction); 2222 return RX_MGMT_NONE; 2223 } 2224 2225 if (status_code != WLAN_STATUS_SUCCESS) { 2226 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2227 mgmt->sa, status_code); 2228 ieee80211_destroy_auth_data(sdata, false); 2229 return RX_MGMT_CFG80211_RX_AUTH; 2230 } 2231 2232 switch (ifmgd->auth_data->algorithm) { 2233 case WLAN_AUTH_OPEN: 2234 case WLAN_AUTH_LEAP: 2235 case WLAN_AUTH_FT: 2236 case WLAN_AUTH_SAE: 2237 break; 2238 case WLAN_AUTH_SHARED_KEY: 2239 if (ifmgd->auth_data->expected_transaction != 4) { 2240 ieee80211_auth_challenge(sdata, mgmt, len); 2241 /* need another frame */ 2242 return RX_MGMT_NONE; 2243 } 2244 break; 2245 default: 2246 WARN_ONCE(1, "invalid auth alg %d", 2247 ifmgd->auth_data->algorithm); 2248 return RX_MGMT_NONE; 2249 } 2250 2251 sdata_info(sdata, "authenticated\n"); 2252 ifmgd->auth_data->done = true; 2253 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2254 ifmgd->auth_data->timeout_started = true; 2255 run_again(ifmgd, ifmgd->auth_data->timeout); 2256 2257 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2258 ifmgd->auth_data->expected_transaction != 2) { 2259 /* 2260 * Report auth frame to user space for processing since another 2261 * round of Authentication frames is still needed. 2262 */ 2263 return RX_MGMT_CFG80211_RX_AUTH; 2264 } 2265 2266 /* move station state to auth */ 2267 mutex_lock(&sdata->local->sta_mtx); 2268 sta = sta_info_get(sdata, bssid); 2269 if (!sta) { 2270 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2271 goto out_err; 2272 } 2273 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2274 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2275 goto out_err; 2276 } 2277 mutex_unlock(&sdata->local->sta_mtx); 2278 2279 return RX_MGMT_CFG80211_RX_AUTH; 2280 out_err: 2281 mutex_unlock(&sdata->local->sta_mtx); 2282 /* ignore frame -- wait for timeout */ 2283 return RX_MGMT_NONE; 2284 } 2285 2286 2287 static enum rx_mgmt_action __must_check 2288 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2289 struct ieee80211_mgmt *mgmt, size_t len) 2290 { 2291 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2292 const u8 *bssid = NULL; 2293 u16 reason_code; 2294 2295 lockdep_assert_held(&ifmgd->mtx); 2296 2297 if (len < 24 + 2) 2298 return RX_MGMT_NONE; 2299 2300 if (!ifmgd->associated || 2301 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2302 return RX_MGMT_NONE; 2303 2304 bssid = ifmgd->associated->bssid; 2305 2306 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2307 2308 sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n", 2309 bssid, reason_code); 2310 2311 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2312 2313 return RX_MGMT_CFG80211_DEAUTH; 2314 } 2315 2316 2317 static enum rx_mgmt_action __must_check 2318 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2319 struct ieee80211_mgmt *mgmt, size_t len) 2320 { 2321 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2322 u16 reason_code; 2323 2324 lockdep_assert_held(&ifmgd->mtx); 2325 2326 if (len < 24 + 2) 2327 return RX_MGMT_NONE; 2328 2329 if (!ifmgd->associated || 2330 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2331 return RX_MGMT_NONE; 2332 2333 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2334 2335 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2336 mgmt->sa, reason_code); 2337 2338 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2339 2340 return RX_MGMT_CFG80211_DISASSOC; 2341 } 2342 2343 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2344 u8 *supp_rates, unsigned int supp_rates_len, 2345 u32 *rates, u32 *basic_rates, 2346 bool *have_higher_than_11mbit, 2347 int *min_rate, int *min_rate_index) 2348 { 2349 int i, j; 2350 2351 for (i = 0; i < supp_rates_len; i++) { 2352 int rate = (supp_rates[i] & 0x7f) * 5; 2353 bool is_basic = !!(supp_rates[i] & 0x80); 2354 2355 if (rate > 110) 2356 *have_higher_than_11mbit = true; 2357 2358 /* 2359 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2360 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2361 * 2362 * Note: Even through the membership selector and the basic 2363 * rate flag share the same bit, they are not exactly 2364 * the same. 2365 */ 2366 if (!!(supp_rates[i] & 0x80) && 2367 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2368 continue; 2369 2370 for (j = 0; j < sband->n_bitrates; j++) { 2371 if (sband->bitrates[j].bitrate == rate) { 2372 *rates |= BIT(j); 2373 if (is_basic) 2374 *basic_rates |= BIT(j); 2375 if (rate < *min_rate) { 2376 *min_rate = rate; 2377 *min_rate_index = j; 2378 } 2379 break; 2380 } 2381 } 2382 } 2383 } 2384 2385 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2386 bool assoc) 2387 { 2388 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2389 2390 lockdep_assert_held(&sdata->u.mgd.mtx); 2391 2392 if (!assoc) { 2393 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2394 2395 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2396 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2397 sdata->u.mgd.flags = 0; 2398 ieee80211_vif_release_channel(sdata); 2399 } 2400 2401 kfree(assoc_data); 2402 sdata->u.mgd.assoc_data = NULL; 2403 } 2404 2405 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2406 struct cfg80211_bss *cbss, 2407 struct ieee80211_mgmt *mgmt, size_t len) 2408 { 2409 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2410 struct ieee80211_local *local = sdata->local; 2411 struct ieee80211_supported_band *sband; 2412 struct sta_info *sta; 2413 u8 *pos; 2414 u16 capab_info, aid; 2415 struct ieee802_11_elems elems; 2416 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2417 u32 changed = 0; 2418 int err; 2419 2420 /* AssocResp and ReassocResp have identical structure */ 2421 2422 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2423 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2424 2425 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2426 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2427 aid); 2428 aid &= ~(BIT(15) | BIT(14)); 2429 2430 ifmgd->broken_ap = false; 2431 2432 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2433 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2434 aid); 2435 aid = 0; 2436 ifmgd->broken_ap = true; 2437 } 2438 2439 pos = mgmt->u.assoc_resp.variable; 2440 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2441 2442 if (!elems.supp_rates) { 2443 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2444 return false; 2445 } 2446 2447 ifmgd->aid = aid; 2448 2449 /* 2450 * We previously checked these in the beacon/probe response, so 2451 * they should be present here. This is just a safety net. 2452 */ 2453 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2454 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2455 sdata_info(sdata, 2456 "HT AP is missing WMM params or HT capability/operation in AssocResp\n"); 2457 return false; 2458 } 2459 2460 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2461 (!elems.vht_cap_elem || !elems.vht_operation)) { 2462 sdata_info(sdata, 2463 "VHT AP is missing VHT capability/operation in AssocResp\n"); 2464 return false; 2465 } 2466 2467 mutex_lock(&sdata->local->sta_mtx); 2468 /* 2469 * station info was already allocated and inserted before 2470 * the association and should be available to us 2471 */ 2472 sta = sta_info_get(sdata, cbss->bssid); 2473 if (WARN_ON(!sta)) { 2474 mutex_unlock(&sdata->local->sta_mtx); 2475 return false; 2476 } 2477 2478 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2479 2480 /* Set up internal HT/VHT capabilities */ 2481 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2482 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2483 elems.ht_cap_elem, sta); 2484 2485 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2486 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2487 elems.vht_cap_elem, sta); 2488 2489 /* 2490 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2491 * in their association response, so ignore that data for our own 2492 * configuration. If it changed since the last beacon, we'll get the 2493 * next beacon and update then. 2494 */ 2495 2496 /* 2497 * If an operating mode notification IE is present, override the 2498 * NSS calculation (that would be done in rate_control_rate_init()) 2499 * and use the # of streams from that element. 2500 */ 2501 if (elems.opmode_notif && 2502 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2503 u8 nss; 2504 2505 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2506 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2507 nss += 1; 2508 sta->sta.rx_nss = nss; 2509 } 2510 2511 rate_control_rate_init(sta); 2512 2513 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2514 set_sta_flag(sta, WLAN_STA_MFP); 2515 2516 if (elems.wmm_param) 2517 set_sta_flag(sta, WLAN_STA_WME); 2518 2519 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2520 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2521 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2522 if (err) { 2523 sdata_info(sdata, 2524 "failed to move station %pM to desired state\n", 2525 sta->sta.addr); 2526 WARN_ON(__sta_info_destroy(sta)); 2527 mutex_unlock(&sdata->local->sta_mtx); 2528 return false; 2529 } 2530 2531 mutex_unlock(&sdata->local->sta_mtx); 2532 2533 /* 2534 * Always handle WMM once after association regardless 2535 * of the first value the AP uses. Setting -1 here has 2536 * that effect because the AP values is an unsigned 2537 * 4-bit value. 2538 */ 2539 ifmgd->wmm_last_param_set = -1; 2540 2541 if (elems.wmm_param) 2542 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2543 elems.wmm_param_len); 2544 else 2545 ieee80211_set_wmm_default(sdata, false); 2546 changed |= BSS_CHANGED_QOS; 2547 2548 /* set AID and assoc capability, 2549 * ieee80211_set_associated() will tell the driver */ 2550 bss_conf->aid = aid; 2551 bss_conf->assoc_capability = capab_info; 2552 ieee80211_set_associated(sdata, cbss, changed); 2553 2554 /* 2555 * If we're using 4-addr mode, let the AP know that we're 2556 * doing so, so that it can create the STA VLAN on its side 2557 */ 2558 if (ifmgd->use_4addr) 2559 ieee80211_send_4addr_nullfunc(local, sdata); 2560 2561 /* 2562 * Start timer to probe the connection to the AP now. 2563 * Also start the timer that will detect beacon loss. 2564 */ 2565 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2566 ieee80211_sta_reset_beacon_monitor(sdata); 2567 2568 return true; 2569 } 2570 2571 static enum rx_mgmt_action __must_check 2572 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 2573 struct ieee80211_mgmt *mgmt, size_t len, 2574 struct cfg80211_bss **bss) 2575 { 2576 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2577 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2578 u16 capab_info, status_code, aid; 2579 struct ieee802_11_elems elems; 2580 u8 *pos; 2581 bool reassoc; 2582 2583 lockdep_assert_held(&ifmgd->mtx); 2584 2585 if (!assoc_data) 2586 return RX_MGMT_NONE; 2587 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 2588 return RX_MGMT_NONE; 2589 2590 /* 2591 * AssocResp and ReassocResp have identical structure, so process both 2592 * of them in this function. 2593 */ 2594 2595 if (len < 24 + 6) 2596 return RX_MGMT_NONE; 2597 2598 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 2599 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2600 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2601 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2602 2603 sdata_info(sdata, 2604 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 2605 reassoc ? "Rea" : "A", mgmt->sa, 2606 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2607 2608 pos = mgmt->u.assoc_resp.variable; 2609 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2610 2611 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2612 elems.timeout_int && elems.timeout_int_len == 5 && 2613 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2614 u32 tu, ms; 2615 tu = get_unaligned_le32(elems.timeout_int + 1); 2616 ms = tu * 1024 / 1000; 2617 sdata_info(sdata, 2618 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2619 mgmt->sa, tu, ms); 2620 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 2621 assoc_data->timeout_started = true; 2622 if (ms > IEEE80211_ASSOC_TIMEOUT) 2623 run_again(ifmgd, assoc_data->timeout); 2624 return RX_MGMT_NONE; 2625 } 2626 2627 *bss = assoc_data->bss; 2628 2629 if (status_code != WLAN_STATUS_SUCCESS) { 2630 sdata_info(sdata, "%pM denied association (code=%d)\n", 2631 mgmt->sa, status_code); 2632 ieee80211_destroy_assoc_data(sdata, false); 2633 } else { 2634 if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) { 2635 /* oops -- internal error -- send timeout for now */ 2636 ieee80211_destroy_assoc_data(sdata, false); 2637 cfg80211_put_bss(sdata->local->hw.wiphy, *bss); 2638 return RX_MGMT_CFG80211_ASSOC_TIMEOUT; 2639 } 2640 sdata_info(sdata, "associated\n"); 2641 2642 /* 2643 * destroy assoc_data afterwards, as otherwise an idle 2644 * recalc after assoc_data is NULL but before associated 2645 * is set can cause the interface to go idle 2646 */ 2647 ieee80211_destroy_assoc_data(sdata, true); 2648 } 2649 2650 return RX_MGMT_CFG80211_RX_ASSOC; 2651 } 2652 2653 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2654 struct ieee80211_mgmt *mgmt, size_t len, 2655 struct ieee80211_rx_status *rx_status, 2656 struct ieee802_11_elems *elems) 2657 { 2658 struct ieee80211_local *local = sdata->local; 2659 int freq; 2660 struct ieee80211_bss *bss; 2661 struct ieee80211_channel *channel; 2662 bool need_ps = false; 2663 2664 if ((sdata->u.mgd.associated && 2665 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) || 2666 (sdata->u.mgd.assoc_data && 2667 ether_addr_equal(mgmt->bssid, 2668 sdata->u.mgd.assoc_data->bss->bssid))) { 2669 /* not previously set so we may need to recalc */ 2670 need_ps = sdata->u.mgd.associated && !sdata->u.mgd.dtim_period; 2671 2672 if (elems->tim && !elems->parse_error) { 2673 const struct ieee80211_tim_ie *tim_ie = elems->tim; 2674 sdata->u.mgd.dtim_period = tim_ie->dtim_period; 2675 } 2676 } 2677 2678 if (elems->ds_params && elems->ds_params_len == 1) 2679 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2680 rx_status->band); 2681 else 2682 freq = rx_status->freq; 2683 2684 channel = ieee80211_get_channel(local->hw.wiphy, freq); 2685 2686 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 2687 return; 2688 2689 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 2690 channel); 2691 if (bss) 2692 ieee80211_rx_bss_put(local, bss); 2693 2694 if (!sdata->u.mgd.associated) 2695 return; 2696 2697 if (need_ps) { 2698 mutex_lock(&local->iflist_mtx); 2699 ieee80211_recalc_ps(local, -1); 2700 mutex_unlock(&local->iflist_mtx); 2701 } 2702 2703 if (elems->ch_switch_ie && 2704 memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, ETH_ALEN) == 0) 2705 ieee80211_sta_process_chanswitch(sdata, elems->ch_switch_ie, 2706 bss, rx_status->mactime); 2707 } 2708 2709 2710 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 2711 struct sk_buff *skb) 2712 { 2713 struct ieee80211_mgmt *mgmt = (void *)skb->data; 2714 struct ieee80211_if_managed *ifmgd; 2715 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 2716 size_t baselen, len = skb->len; 2717 struct ieee802_11_elems elems; 2718 2719 ifmgd = &sdata->u.mgd; 2720 2721 ASSERT_MGD_MTX(ifmgd); 2722 2723 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 2724 return; /* ignore ProbeResp to foreign address */ 2725 2726 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2727 if (baselen > len) 2728 return; 2729 2730 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2731 &elems); 2732 2733 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2734 2735 if (ifmgd->associated && 2736 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2737 ieee80211_reset_ap_probe(sdata); 2738 2739 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 2740 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 2741 /* got probe response, continue with auth */ 2742 sdata_info(sdata, "direct probe responded\n"); 2743 ifmgd->auth_data->tries = 0; 2744 ifmgd->auth_data->timeout = jiffies; 2745 ifmgd->auth_data->timeout_started = true; 2746 run_again(ifmgd, ifmgd->auth_data->timeout); 2747 } 2748 } 2749 2750 /* 2751 * This is the canonical list of information elements we care about, 2752 * the filter code also gives us all changes to the Microsoft OUI 2753 * (00:50:F2) vendor IE which is used for WMM which we need to track. 2754 * 2755 * We implement beacon filtering in software since that means we can 2756 * avoid processing the frame here and in cfg80211, and userspace 2757 * will not be able to tell whether the hardware supports it or not. 2758 * 2759 * XXX: This list needs to be dynamic -- userspace needs to be able to 2760 * add items it requires. It also needs to be able to tell us to 2761 * look out for other vendor IEs. 2762 */ 2763 static const u64 care_about_ies = 2764 (1ULL << WLAN_EID_COUNTRY) | 2765 (1ULL << WLAN_EID_ERP_INFO) | 2766 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 2767 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 2768 (1ULL << WLAN_EID_HT_CAPABILITY) | 2769 (1ULL << WLAN_EID_HT_OPERATION); 2770 2771 static enum rx_mgmt_action 2772 ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 2773 struct ieee80211_mgmt *mgmt, size_t len, 2774 u8 *deauth_buf, struct ieee80211_rx_status *rx_status) 2775 { 2776 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2777 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2778 size_t baselen; 2779 struct ieee802_11_elems elems; 2780 struct ieee80211_local *local = sdata->local; 2781 struct ieee80211_chanctx_conf *chanctx_conf; 2782 struct ieee80211_channel *chan; 2783 struct sta_info *sta; 2784 u32 changed = 0; 2785 bool erp_valid; 2786 u8 erp_value = 0; 2787 u32 ncrc; 2788 u8 *bssid; 2789 2790 lockdep_assert_held(&ifmgd->mtx); 2791 2792 /* Process beacon from the current BSS */ 2793 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2794 if (baselen > len) 2795 return RX_MGMT_NONE; 2796 2797 rcu_read_lock(); 2798 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 2799 if (!chanctx_conf) { 2800 rcu_read_unlock(); 2801 return RX_MGMT_NONE; 2802 } 2803 2804 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 2805 rcu_read_unlock(); 2806 return RX_MGMT_NONE; 2807 } 2808 chan = chanctx_conf->def.chan; 2809 rcu_read_unlock(); 2810 2811 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 2812 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2813 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2814 len - baselen, &elems); 2815 2816 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2817 ifmgd->assoc_data->have_beacon = true; 2818 ifmgd->assoc_data->need_beacon = false; 2819 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2820 sdata->vif.bss_conf.sync_tsf = 2821 le64_to_cpu(mgmt->u.beacon.timestamp); 2822 sdata->vif.bss_conf.sync_device_ts = 2823 rx_status->device_timestamp; 2824 if (elems.tim) 2825 sdata->vif.bss_conf.sync_dtim_count = 2826 elems.tim->dtim_count; 2827 else 2828 sdata->vif.bss_conf.sync_dtim_count = 0; 2829 } 2830 /* continue assoc process */ 2831 ifmgd->assoc_data->timeout = jiffies; 2832 ifmgd->assoc_data->timeout_started = true; 2833 run_again(ifmgd, ifmgd->assoc_data->timeout); 2834 return RX_MGMT_NONE; 2835 } 2836 2837 if (!ifmgd->associated || 2838 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2839 return RX_MGMT_NONE; 2840 bssid = ifmgd->associated->bssid; 2841 2842 /* Track average RSSI from the Beacon frames of the current AP */ 2843 ifmgd->last_beacon_signal = rx_status->signal; 2844 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 2845 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 2846 ifmgd->ave_beacon_signal = rx_status->signal * 16; 2847 ifmgd->last_cqm_event_signal = 0; 2848 ifmgd->count_beacon_signal = 1; 2849 ifmgd->last_ave_beacon_signal = 0; 2850 } else { 2851 ifmgd->ave_beacon_signal = 2852 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 2853 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 2854 ifmgd->ave_beacon_signal) / 16; 2855 ifmgd->count_beacon_signal++; 2856 } 2857 2858 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 2859 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 2860 int sig = ifmgd->ave_beacon_signal; 2861 int last_sig = ifmgd->last_ave_beacon_signal; 2862 2863 /* 2864 * if signal crosses either of the boundaries, invoke callback 2865 * with appropriate parameters 2866 */ 2867 if (sig > ifmgd->rssi_max_thold && 2868 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 2869 ifmgd->last_ave_beacon_signal = sig; 2870 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH); 2871 } else if (sig < ifmgd->rssi_min_thold && 2872 (last_sig >= ifmgd->rssi_max_thold || 2873 last_sig == 0)) { 2874 ifmgd->last_ave_beacon_signal = sig; 2875 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW); 2876 } 2877 } 2878 2879 if (bss_conf->cqm_rssi_thold && 2880 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 2881 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 2882 int sig = ifmgd->ave_beacon_signal / 16; 2883 int last_event = ifmgd->last_cqm_event_signal; 2884 int thold = bss_conf->cqm_rssi_thold; 2885 int hyst = bss_conf->cqm_rssi_hyst; 2886 if (sig < thold && 2887 (last_event == 0 || sig < last_event - hyst)) { 2888 ifmgd->last_cqm_event_signal = sig; 2889 ieee80211_cqm_rssi_notify( 2890 &sdata->vif, 2891 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 2892 GFP_KERNEL); 2893 } else if (sig > thold && 2894 (last_event == 0 || sig > last_event + hyst)) { 2895 ifmgd->last_cqm_event_signal = sig; 2896 ieee80211_cqm_rssi_notify( 2897 &sdata->vif, 2898 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 2899 GFP_KERNEL); 2900 } 2901 } 2902 2903 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) { 2904 mlme_dbg_ratelimited(sdata, 2905 "cancelling AP probe due to a received beacon\n"); 2906 mutex_lock(&local->mtx); 2907 ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL; 2908 ieee80211_run_deferred_scan(local); 2909 mutex_unlock(&local->mtx); 2910 2911 mutex_lock(&local->iflist_mtx); 2912 ieee80211_recalc_ps(local, -1); 2913 mutex_unlock(&local->iflist_mtx); 2914 } 2915 2916 /* 2917 * Push the beacon loss detection into the future since 2918 * we are processing a beacon from the AP just now. 2919 */ 2920 ieee80211_sta_reset_beacon_monitor(sdata); 2921 2922 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 2923 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 2924 len - baselen, &elems, 2925 care_about_ies, ncrc); 2926 2927 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 2928 bool directed_tim = ieee80211_check_tim(elems.tim, 2929 elems.tim_len, 2930 ifmgd->aid); 2931 if (directed_tim) { 2932 if (local->hw.conf.dynamic_ps_timeout > 0) { 2933 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 2934 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 2935 ieee80211_hw_config(local, 2936 IEEE80211_CONF_CHANGE_PS); 2937 } 2938 ieee80211_send_nullfunc(local, sdata, 0); 2939 } else if (!local->pspolling && sdata->u.mgd.powersave) { 2940 local->pspolling = true; 2941 2942 /* 2943 * Here is assumed that the driver will be 2944 * able to send ps-poll frame and receive a 2945 * response even though power save mode is 2946 * enabled, but some drivers might require 2947 * to disable power save here. This needs 2948 * to be investigated. 2949 */ 2950 ieee80211_send_pspoll(local, sdata); 2951 } 2952 } 2953 } 2954 2955 if (sdata->vif.p2p) { 2956 u8 noa[2]; 2957 int ret; 2958 2959 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 2960 len - baselen, 2961 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 2962 noa, sizeof(noa)); 2963 if (ret >= 2 && sdata->u.mgd.p2p_noa_index != noa[0]) { 2964 bss_conf->p2p_oppps = noa[1] & 0x80; 2965 bss_conf->p2p_ctwindow = noa[1] & 0x7f; 2966 changed |= BSS_CHANGED_P2P_PS; 2967 sdata->u.mgd.p2p_noa_index = noa[0]; 2968 /* 2969 * make sure we update all information, the CRC 2970 * mechanism doesn't look at P2P attributes. 2971 */ 2972 ifmgd->beacon_crc_valid = false; 2973 } 2974 } 2975 2976 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 2977 return RX_MGMT_NONE; 2978 ifmgd->beacon_crc = ncrc; 2979 ifmgd->beacon_crc_valid = true; 2980 2981 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2982 2983 if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2984 elems.wmm_param_len)) 2985 changed |= BSS_CHANGED_QOS; 2986 2987 /* 2988 * If we haven't had a beacon before, tell the driver about the 2989 * DTIM period (and beacon timing if desired) now. 2990 */ 2991 if (!bss_conf->dtim_period) { 2992 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 2993 if (elems.tim) 2994 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 2995 else 2996 bss_conf->dtim_period = 1; 2997 2998 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 2999 sdata->vif.bss_conf.sync_tsf = 3000 le64_to_cpu(mgmt->u.beacon.timestamp); 3001 sdata->vif.bss_conf.sync_device_ts = 3002 rx_status->device_timestamp; 3003 if (elems.tim) 3004 sdata->vif.bss_conf.sync_dtim_count = 3005 elems.tim->dtim_count; 3006 else 3007 sdata->vif.bss_conf.sync_dtim_count = 0; 3008 } 3009 3010 changed |= BSS_CHANGED_DTIM_PERIOD; 3011 } 3012 3013 if (elems.erp_info && elems.erp_info_len >= 1) { 3014 erp_valid = true; 3015 erp_value = elems.erp_info[0]; 3016 } else { 3017 erp_valid = false; 3018 } 3019 changed |= ieee80211_handle_bss_capability(sdata, 3020 le16_to_cpu(mgmt->u.beacon.capab_info), 3021 erp_valid, erp_value); 3022 3023 mutex_lock(&local->sta_mtx); 3024 sta = sta_info_get(sdata, bssid); 3025 3026 if (ieee80211_config_bw(sdata, sta, elems.ht_operation, 3027 elems.vht_operation, bssid, &changed)) { 3028 mutex_unlock(&local->sta_mtx); 3029 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3030 WLAN_REASON_DEAUTH_LEAVING, 3031 true, deauth_buf); 3032 return RX_MGMT_CFG80211_TX_DEAUTH; 3033 } 3034 3035 if (sta && elems.opmode_notif) 3036 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3037 rx_status->band, true); 3038 mutex_unlock(&local->sta_mtx); 3039 3040 if (elems.country_elem && elems.pwr_constr_elem && 3041 mgmt->u.probe_resp.capab_info & 3042 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) 3043 changed |= ieee80211_handle_pwr_constr(sdata, chan, 3044 elems.country_elem, 3045 elems.country_elem_len, 3046 elems.pwr_constr_elem); 3047 3048 ieee80211_bss_info_change_notify(sdata, changed); 3049 3050 return RX_MGMT_NONE; 3051 } 3052 3053 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3054 struct sk_buff *skb) 3055 { 3056 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3057 struct ieee80211_rx_status *rx_status; 3058 struct ieee80211_mgmt *mgmt; 3059 struct cfg80211_bss *bss = NULL; 3060 enum rx_mgmt_action rma = RX_MGMT_NONE; 3061 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3062 u16 fc; 3063 3064 rx_status = (struct ieee80211_rx_status *) skb->cb; 3065 mgmt = (struct ieee80211_mgmt *) skb->data; 3066 fc = le16_to_cpu(mgmt->frame_control); 3067 3068 mutex_lock(&ifmgd->mtx); 3069 3070 switch (fc & IEEE80211_FCTL_STYPE) { 3071 case IEEE80211_STYPE_BEACON: 3072 rma = ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, 3073 deauth_buf, rx_status); 3074 break; 3075 case IEEE80211_STYPE_PROBE_RESP: 3076 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3077 break; 3078 case IEEE80211_STYPE_AUTH: 3079 rma = ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3080 break; 3081 case IEEE80211_STYPE_DEAUTH: 3082 rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3083 break; 3084 case IEEE80211_STYPE_DISASSOC: 3085 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3086 break; 3087 case IEEE80211_STYPE_ASSOC_RESP: 3088 case IEEE80211_STYPE_REASSOC_RESP: 3089 rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss); 3090 break; 3091 case IEEE80211_STYPE_ACTION: 3092 switch (mgmt->u.action.category) { 3093 case WLAN_CATEGORY_SPECTRUM_MGMT: 3094 ieee80211_sta_process_chanswitch(sdata, 3095 &mgmt->u.action.u.chan_switch.sw_elem, 3096 (void *)ifmgd->associated->priv, 3097 rx_status->mactime); 3098 break; 3099 } 3100 } 3101 mutex_unlock(&ifmgd->mtx); 3102 3103 switch (rma) { 3104 case RX_MGMT_NONE: 3105 /* no action */ 3106 break; 3107 case RX_MGMT_CFG80211_DEAUTH: 3108 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 3109 break; 3110 case RX_MGMT_CFG80211_DISASSOC: 3111 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 3112 break; 3113 case RX_MGMT_CFG80211_RX_AUTH: 3114 cfg80211_send_rx_auth(sdata->dev, (u8 *)mgmt, skb->len); 3115 break; 3116 case RX_MGMT_CFG80211_RX_ASSOC: 3117 cfg80211_send_rx_assoc(sdata->dev, bss, (u8 *)mgmt, skb->len); 3118 break; 3119 case RX_MGMT_CFG80211_ASSOC_TIMEOUT: 3120 cfg80211_send_assoc_timeout(sdata->dev, mgmt->bssid); 3121 break; 3122 case RX_MGMT_CFG80211_TX_DEAUTH: 3123 cfg80211_send_deauth(sdata->dev, deauth_buf, 3124 sizeof(deauth_buf)); 3125 break; 3126 default: 3127 WARN(1, "unexpected: %d", rma); 3128 } 3129 } 3130 3131 static void ieee80211_sta_timer(unsigned long data) 3132 { 3133 struct ieee80211_sub_if_data *sdata = 3134 (struct ieee80211_sub_if_data *) data; 3135 3136 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3137 } 3138 3139 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3140 u8 *bssid, u8 reason, bool tx) 3141 { 3142 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3143 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3144 3145 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3146 tx, frame_buf); 3147 mutex_unlock(&ifmgd->mtx); 3148 3149 /* 3150 * must be outside lock due to cfg80211, 3151 * but that's not a problem. 3152 */ 3153 cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN); 3154 3155 mutex_lock(&ifmgd->mtx); 3156 } 3157 3158 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3159 { 3160 struct ieee80211_local *local = sdata->local; 3161 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3162 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3163 u32 tx_flags = 0; 3164 3165 lockdep_assert_held(&ifmgd->mtx); 3166 3167 if (WARN_ON_ONCE(!auth_data)) 3168 return -EINVAL; 3169 3170 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3171 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3172 IEEE80211_TX_INTFL_MLME_CONN_TX; 3173 3174 auth_data->tries++; 3175 3176 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3177 sdata_info(sdata, "authentication with %pM timed out\n", 3178 auth_data->bss->bssid); 3179 3180 /* 3181 * Most likely AP is not in the range so remove the 3182 * bss struct for that AP. 3183 */ 3184 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3185 3186 return -ETIMEDOUT; 3187 } 3188 3189 drv_mgd_prepare_tx(local, sdata); 3190 3191 if (auth_data->bss->proberesp_ies) { 3192 u16 trans = 1; 3193 u16 status = 0; 3194 3195 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3196 auth_data->bss->bssid, auth_data->tries, 3197 IEEE80211_AUTH_MAX_TRIES); 3198 3199 auth_data->expected_transaction = 2; 3200 3201 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3202 trans = auth_data->sae_trans; 3203 status = auth_data->sae_status; 3204 auth_data->expected_transaction = trans; 3205 } 3206 3207 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3208 auth_data->data, auth_data->data_len, 3209 auth_data->bss->bssid, 3210 auth_data->bss->bssid, NULL, 0, 0, 3211 tx_flags); 3212 } else { 3213 const u8 *ssidie; 3214 3215 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3216 auth_data->bss->bssid, auth_data->tries, 3217 IEEE80211_AUTH_MAX_TRIES); 3218 3219 rcu_read_lock(); 3220 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3221 if (!ssidie) { 3222 rcu_read_unlock(); 3223 return -EINVAL; 3224 } 3225 /* 3226 * Direct probe is sent to broadcast address as some APs 3227 * will not answer to direct packet in unassociated state. 3228 */ 3229 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1], 3230 NULL, 0, (u32) -1, true, tx_flags, 3231 auth_data->bss->channel, false); 3232 rcu_read_unlock(); 3233 } 3234 3235 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3236 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3237 ifmgd->auth_data->timeout_started = true; 3238 run_again(ifmgd, auth_data->timeout); 3239 } else { 3240 auth_data->timeout_started = false; 3241 } 3242 3243 return 0; 3244 } 3245 3246 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3247 { 3248 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3249 struct ieee80211_local *local = sdata->local; 3250 3251 lockdep_assert_held(&sdata->u.mgd.mtx); 3252 3253 assoc_data->tries++; 3254 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3255 sdata_info(sdata, "association with %pM timed out\n", 3256 assoc_data->bss->bssid); 3257 3258 /* 3259 * Most likely AP is not in the range so remove the 3260 * bss struct for that AP. 3261 */ 3262 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3263 3264 return -ETIMEDOUT; 3265 } 3266 3267 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3268 assoc_data->bss->bssid, assoc_data->tries, 3269 IEEE80211_ASSOC_MAX_TRIES); 3270 ieee80211_send_assoc(sdata); 3271 3272 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3273 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3274 assoc_data->timeout_started = true; 3275 run_again(&sdata->u.mgd, assoc_data->timeout); 3276 } else { 3277 assoc_data->timeout_started = false; 3278 } 3279 3280 return 0; 3281 } 3282 3283 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3284 __le16 fc, bool acked) 3285 { 3286 struct ieee80211_local *local = sdata->local; 3287 3288 sdata->u.mgd.status_fc = fc; 3289 sdata->u.mgd.status_acked = acked; 3290 sdata->u.mgd.status_received = true; 3291 3292 ieee80211_queue_work(&local->hw, &sdata->work); 3293 } 3294 3295 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3296 { 3297 struct ieee80211_local *local = sdata->local; 3298 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3299 3300 mutex_lock(&ifmgd->mtx); 3301 3302 if (ifmgd->status_received) { 3303 __le16 fc = ifmgd->status_fc; 3304 bool status_acked = ifmgd->status_acked; 3305 3306 ifmgd->status_received = false; 3307 if (ifmgd->auth_data && 3308 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3309 if (status_acked) { 3310 ifmgd->auth_data->timeout = 3311 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3312 run_again(ifmgd, ifmgd->auth_data->timeout); 3313 } else { 3314 ifmgd->auth_data->timeout = jiffies - 1; 3315 } 3316 ifmgd->auth_data->timeout_started = true; 3317 } else if (ifmgd->assoc_data && 3318 (ieee80211_is_assoc_req(fc) || 3319 ieee80211_is_reassoc_req(fc))) { 3320 if (status_acked) { 3321 ifmgd->assoc_data->timeout = 3322 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3323 run_again(ifmgd, ifmgd->assoc_data->timeout); 3324 } else { 3325 ifmgd->assoc_data->timeout = jiffies - 1; 3326 } 3327 ifmgd->assoc_data->timeout_started = true; 3328 } 3329 } 3330 3331 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3332 time_after(jiffies, ifmgd->auth_data->timeout)) { 3333 if (ifmgd->auth_data->done) { 3334 /* 3335 * ok ... we waited for assoc but userspace didn't, 3336 * so let's just kill the auth data 3337 */ 3338 ieee80211_destroy_auth_data(sdata, false); 3339 } else if (ieee80211_probe_auth(sdata)) { 3340 u8 bssid[ETH_ALEN]; 3341 3342 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3343 3344 ieee80211_destroy_auth_data(sdata, false); 3345 3346 mutex_unlock(&ifmgd->mtx); 3347 cfg80211_send_auth_timeout(sdata->dev, bssid); 3348 mutex_lock(&ifmgd->mtx); 3349 } 3350 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3351 run_again(ifmgd, ifmgd->auth_data->timeout); 3352 3353 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3354 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3355 if ((ifmgd->assoc_data->need_beacon && 3356 !ifmgd->assoc_data->have_beacon) || 3357 ieee80211_do_assoc(sdata)) { 3358 u8 bssid[ETH_ALEN]; 3359 3360 memcpy(bssid, ifmgd->assoc_data->bss->bssid, ETH_ALEN); 3361 3362 ieee80211_destroy_assoc_data(sdata, false); 3363 3364 mutex_unlock(&ifmgd->mtx); 3365 cfg80211_send_assoc_timeout(sdata->dev, bssid); 3366 mutex_lock(&ifmgd->mtx); 3367 } 3368 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3369 run_again(ifmgd, ifmgd->assoc_data->timeout); 3370 3371 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 3372 IEEE80211_STA_CONNECTION_POLL) && 3373 ifmgd->associated) { 3374 u8 bssid[ETH_ALEN]; 3375 int max_tries; 3376 3377 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3378 3379 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3380 max_tries = max_nullfunc_tries; 3381 else 3382 max_tries = max_probe_tries; 3383 3384 /* ACK received for nullfunc probing frame */ 3385 if (!ifmgd->probe_send_count) 3386 ieee80211_reset_ap_probe(sdata); 3387 else if (ifmgd->nullfunc_failed) { 3388 if (ifmgd->probe_send_count < max_tries) { 3389 mlme_dbg(sdata, 3390 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3391 bssid, ifmgd->probe_send_count, 3392 max_tries); 3393 ieee80211_mgd_probe_ap_send(sdata); 3394 } else { 3395 mlme_dbg(sdata, 3396 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3397 bssid); 3398 ieee80211_sta_connection_lost(sdata, bssid, 3399 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3400 false); 3401 } 3402 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3403 run_again(ifmgd, ifmgd->probe_timeout); 3404 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3405 mlme_dbg(sdata, 3406 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3407 bssid, probe_wait_ms); 3408 ieee80211_sta_connection_lost(sdata, bssid, 3409 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3410 } else if (ifmgd->probe_send_count < max_tries) { 3411 mlme_dbg(sdata, 3412 "No probe response from AP %pM after %dms, try %d/%i\n", 3413 bssid, probe_wait_ms, 3414 ifmgd->probe_send_count, max_tries); 3415 ieee80211_mgd_probe_ap_send(sdata); 3416 } else { 3417 /* 3418 * We actually lost the connection ... or did we? 3419 * Let's make sure! 3420 */ 3421 wiphy_debug(local->hw.wiphy, 3422 "%s: No probe response from AP %pM" 3423 " after %dms, disconnecting.\n", 3424 sdata->name, 3425 bssid, probe_wait_ms); 3426 3427 ieee80211_sta_connection_lost(sdata, bssid, 3428 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3429 } 3430 } 3431 3432 mutex_unlock(&ifmgd->mtx); 3433 } 3434 3435 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3436 { 3437 struct ieee80211_sub_if_data *sdata = 3438 (struct ieee80211_sub_if_data *) data; 3439 struct ieee80211_local *local = sdata->local; 3440 3441 if (local->quiescing) 3442 return; 3443 3444 sdata->u.mgd.connection_loss = false; 3445 ieee80211_queue_work(&sdata->local->hw, 3446 &sdata->u.mgd.beacon_connection_loss_work); 3447 } 3448 3449 static void ieee80211_sta_conn_mon_timer(unsigned long data) 3450 { 3451 struct ieee80211_sub_if_data *sdata = 3452 (struct ieee80211_sub_if_data *) data; 3453 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3454 struct ieee80211_local *local = sdata->local; 3455 3456 if (local->quiescing) 3457 return; 3458 3459 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3460 } 3461 3462 static void ieee80211_sta_monitor_work(struct work_struct *work) 3463 { 3464 struct ieee80211_sub_if_data *sdata = 3465 container_of(work, struct ieee80211_sub_if_data, 3466 u.mgd.monitor_work); 3467 3468 ieee80211_mgd_probe_ap(sdata, false); 3469 } 3470 3471 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3472 { 3473 u32 flags; 3474 3475 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3476 __ieee80211_stop_poll(sdata); 3477 3478 /* let's probe the connection once */ 3479 flags = sdata->local->hw.flags; 3480 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 3481 ieee80211_queue_work(&sdata->local->hw, 3482 &sdata->u.mgd.monitor_work); 3483 /* and do all the other regular work too */ 3484 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3485 } 3486 } 3487 3488 /* interface setup */ 3489 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3490 { 3491 struct ieee80211_if_managed *ifmgd; 3492 3493 ifmgd = &sdata->u.mgd; 3494 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3495 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3496 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3497 ieee80211_beacon_connection_loss_work); 3498 INIT_WORK(&ifmgd->csa_connection_drop_work, 3499 ieee80211_csa_connection_drop_work); 3500 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work); 3501 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3502 (unsigned long) sdata); 3503 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3504 (unsigned long) sdata); 3505 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3506 (unsigned long) sdata); 3507 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 3508 (unsigned long) sdata); 3509 3510 ifmgd->flags = 0; 3511 ifmgd->powersave = sdata->wdev.ps; 3512 ifmgd->uapsd_queues = IEEE80211_DEFAULT_UAPSD_QUEUES; 3513 ifmgd->uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN; 3514 3515 mutex_init(&ifmgd->mtx); 3516 3517 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 3518 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 3519 else 3520 ifmgd->req_smps = IEEE80211_SMPS_OFF; 3521 } 3522 3523 /* scan finished notification */ 3524 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 3525 { 3526 struct ieee80211_sub_if_data *sdata; 3527 3528 /* Restart STA timers */ 3529 rcu_read_lock(); 3530 list_for_each_entry_rcu(sdata, &local->interfaces, list) 3531 ieee80211_restart_sta_timer(sdata); 3532 rcu_read_unlock(); 3533 } 3534 3535 int ieee80211_max_network_latency(struct notifier_block *nb, 3536 unsigned long data, void *dummy) 3537 { 3538 s32 latency_usec = (s32) data; 3539 struct ieee80211_local *local = 3540 container_of(nb, struct ieee80211_local, 3541 network_latency_notifier); 3542 3543 mutex_lock(&local->iflist_mtx); 3544 ieee80211_recalc_ps(local, latency_usec); 3545 mutex_unlock(&local->iflist_mtx); 3546 3547 return 0; 3548 } 3549 3550 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 3551 struct cfg80211_bss *cbss) 3552 { 3553 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3554 const u8 *ht_cap_ie, *vht_cap_ie; 3555 const struct ieee80211_ht_cap *ht_cap; 3556 const struct ieee80211_vht_cap *vht_cap; 3557 u8 chains = 1; 3558 3559 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 3560 return chains; 3561 3562 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3563 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 3564 ht_cap = (void *)(ht_cap_ie + 2); 3565 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 3566 /* 3567 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 3568 * "Tx Unequal Modulation Supported" fields. 3569 */ 3570 } 3571 3572 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 3573 return chains; 3574 3575 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3576 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 3577 u8 nss; 3578 u16 tx_mcs_map; 3579 3580 vht_cap = (void *)(vht_cap_ie + 2); 3581 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 3582 for (nss = 8; nss > 0; nss--) { 3583 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 3584 IEEE80211_VHT_MCS_NOT_SUPPORTED) 3585 break; 3586 } 3587 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 3588 chains = max(chains, nss); 3589 } 3590 3591 return chains; 3592 } 3593 3594 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 3595 struct cfg80211_bss *cbss) 3596 { 3597 struct ieee80211_local *local = sdata->local; 3598 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3599 const struct ieee80211_ht_operation *ht_oper = NULL; 3600 const struct ieee80211_vht_operation *vht_oper = NULL; 3601 struct ieee80211_supported_band *sband; 3602 struct cfg80211_chan_def chandef; 3603 int ret; 3604 3605 sband = local->hw.wiphy->bands[cbss->channel->band]; 3606 3607 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 3608 IEEE80211_STA_DISABLE_80P80MHZ | 3609 IEEE80211_STA_DISABLE_160MHZ); 3610 3611 rcu_read_lock(); 3612 3613 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 3614 sband->ht_cap.ht_supported) { 3615 const u8 *ht_oper_ie, *ht_cap; 3616 3617 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 3618 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 3619 ht_oper = (void *)(ht_oper_ie + 2); 3620 3621 ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 3622 if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) { 3623 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3624 ht_oper = NULL; 3625 } 3626 } 3627 3628 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 3629 sband->vht_cap.vht_supported) { 3630 const u8 *vht_oper_ie, *vht_cap; 3631 3632 vht_oper_ie = ieee80211_bss_get_ie(cbss, 3633 WLAN_EID_VHT_OPERATION); 3634 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 3635 vht_oper = (void *)(vht_oper_ie + 2); 3636 if (vht_oper && !ht_oper) { 3637 vht_oper = NULL; 3638 sdata_info(sdata, 3639 "AP advertised VHT without HT, disabling both\n"); 3640 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3641 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3642 } 3643 3644 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 3645 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 3646 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3647 vht_oper = NULL; 3648 } 3649 } 3650 3651 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 3652 cbss->channel, 3653 ht_oper, vht_oper, 3654 &chandef, true); 3655 3656 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 3657 local->rx_chains); 3658 3659 rcu_read_unlock(); 3660 3661 /* will change later if needed */ 3662 sdata->smps_mode = IEEE80211_SMPS_OFF; 3663 3664 /* 3665 * If this fails (possibly due to channel context sharing 3666 * on incompatible channels, e.g. 80+80 and 160 sharing the 3667 * same control channel) try to use a smaller bandwidth. 3668 */ 3669 ret = ieee80211_vif_use_channel(sdata, &chandef, 3670 IEEE80211_CHANCTX_SHARED); 3671 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 3672 ifmgd->flags |= chandef_downgrade(&chandef); 3673 ret = ieee80211_vif_use_channel(sdata, &chandef, 3674 IEEE80211_CHANCTX_SHARED); 3675 } 3676 return ret; 3677 } 3678 3679 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 3680 struct cfg80211_bss *cbss, bool assoc) 3681 { 3682 struct ieee80211_local *local = sdata->local; 3683 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3684 struct ieee80211_bss *bss = (void *)cbss->priv; 3685 struct sta_info *new_sta = NULL; 3686 bool have_sta = false; 3687 int err; 3688 3689 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 3690 return -EINVAL; 3691 3692 if (assoc) { 3693 rcu_read_lock(); 3694 have_sta = sta_info_get(sdata, cbss->bssid); 3695 rcu_read_unlock(); 3696 } 3697 3698 if (!have_sta) { 3699 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 3700 if (!new_sta) 3701 return -ENOMEM; 3702 } 3703 3704 if (new_sta) { 3705 u32 rates = 0, basic_rates = 0; 3706 bool have_higher_than_11mbit; 3707 int min_rate = INT_MAX, min_rate_index = -1; 3708 struct ieee80211_supported_band *sband; 3709 const struct cfg80211_bss_ies *ies; 3710 3711 sband = local->hw.wiphy->bands[cbss->channel->band]; 3712 3713 err = ieee80211_prep_channel(sdata, cbss); 3714 if (err) { 3715 sta_info_free(local, new_sta); 3716 return err; 3717 } 3718 3719 ieee80211_get_rates(sband, bss->supp_rates, 3720 bss->supp_rates_len, 3721 &rates, &basic_rates, 3722 &have_higher_than_11mbit, 3723 &min_rate, &min_rate_index); 3724 3725 /* 3726 * This used to be a workaround for basic rates missing 3727 * in the association response frame. Now that we no 3728 * longer use the basic rates from there, it probably 3729 * doesn't happen any more, but keep the workaround so 3730 * in case some *other* APs are buggy in different ways 3731 * we can connect -- with a warning. 3732 */ 3733 if (!basic_rates && min_rate_index >= 0) { 3734 sdata_info(sdata, 3735 "No basic rates, using min rate instead\n"); 3736 basic_rates = BIT(min_rate_index); 3737 } 3738 3739 new_sta->sta.supp_rates[cbss->channel->band] = rates; 3740 sdata->vif.bss_conf.basic_rates = basic_rates; 3741 3742 /* cf. IEEE 802.11 9.2.12 */ 3743 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 3744 have_higher_than_11mbit) 3745 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 3746 else 3747 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 3748 3749 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 3750 3751 /* set timing information */ 3752 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 3753 rcu_read_lock(); 3754 ies = rcu_dereference(cbss->beacon_ies); 3755 if (ies) { 3756 const u8 *tim_ie; 3757 3758 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3759 sdata->vif.bss_conf.sync_device_ts = 3760 bss->device_ts_beacon; 3761 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 3762 ies->data, ies->len); 3763 if (tim_ie && tim_ie[1] >= 2) 3764 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 3765 else 3766 sdata->vif.bss_conf.sync_dtim_count = 0; 3767 } else if (!(local->hw.flags & 3768 IEEE80211_HW_TIMING_BEACON_ONLY)) { 3769 ies = rcu_dereference(cbss->proberesp_ies); 3770 /* must be non-NULL since beacon IEs were NULL */ 3771 sdata->vif.bss_conf.sync_tsf = ies->tsf; 3772 sdata->vif.bss_conf.sync_device_ts = 3773 bss->device_ts_presp; 3774 sdata->vif.bss_conf.sync_dtim_count = 0; 3775 } else { 3776 sdata->vif.bss_conf.sync_tsf = 0; 3777 sdata->vif.bss_conf.sync_device_ts = 0; 3778 sdata->vif.bss_conf.sync_dtim_count = 0; 3779 } 3780 rcu_read_unlock(); 3781 3782 /* tell driver about BSSID, basic rates and timing */ 3783 ieee80211_bss_info_change_notify(sdata, 3784 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 3785 BSS_CHANGED_BEACON_INT); 3786 3787 if (assoc) 3788 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 3789 3790 err = sta_info_insert(new_sta); 3791 new_sta = NULL; 3792 if (err) { 3793 sdata_info(sdata, 3794 "failed to insert STA entry for the AP (error %d)\n", 3795 err); 3796 return err; 3797 } 3798 } else 3799 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 3800 3801 return 0; 3802 } 3803 3804 /* config hooks */ 3805 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 3806 struct cfg80211_auth_request *req) 3807 { 3808 struct ieee80211_local *local = sdata->local; 3809 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3810 struct ieee80211_mgd_auth_data *auth_data; 3811 u16 auth_alg; 3812 int err; 3813 3814 /* prepare auth data structure */ 3815 3816 switch (req->auth_type) { 3817 case NL80211_AUTHTYPE_OPEN_SYSTEM: 3818 auth_alg = WLAN_AUTH_OPEN; 3819 break; 3820 case NL80211_AUTHTYPE_SHARED_KEY: 3821 if (IS_ERR(local->wep_tx_tfm)) 3822 return -EOPNOTSUPP; 3823 auth_alg = WLAN_AUTH_SHARED_KEY; 3824 break; 3825 case NL80211_AUTHTYPE_FT: 3826 auth_alg = WLAN_AUTH_FT; 3827 break; 3828 case NL80211_AUTHTYPE_NETWORK_EAP: 3829 auth_alg = WLAN_AUTH_LEAP; 3830 break; 3831 case NL80211_AUTHTYPE_SAE: 3832 auth_alg = WLAN_AUTH_SAE; 3833 break; 3834 default: 3835 return -EOPNOTSUPP; 3836 } 3837 3838 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 3839 req->ie_len, GFP_KERNEL); 3840 if (!auth_data) 3841 return -ENOMEM; 3842 3843 auth_data->bss = req->bss; 3844 3845 if (req->sae_data_len >= 4) { 3846 __le16 *pos = (__le16 *) req->sae_data; 3847 auth_data->sae_trans = le16_to_cpu(pos[0]); 3848 auth_data->sae_status = le16_to_cpu(pos[1]); 3849 memcpy(auth_data->data, req->sae_data + 4, 3850 req->sae_data_len - 4); 3851 auth_data->data_len += req->sae_data_len - 4; 3852 } 3853 3854 if (req->ie && req->ie_len) { 3855 memcpy(&auth_data->data[auth_data->data_len], 3856 req->ie, req->ie_len); 3857 auth_data->data_len += req->ie_len; 3858 } 3859 3860 if (req->key && req->key_len) { 3861 auth_data->key_len = req->key_len; 3862 auth_data->key_idx = req->key_idx; 3863 memcpy(auth_data->key, req->key, req->key_len); 3864 } 3865 3866 auth_data->algorithm = auth_alg; 3867 3868 /* try to authenticate/probe */ 3869 3870 mutex_lock(&ifmgd->mtx); 3871 3872 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 3873 ifmgd->assoc_data) { 3874 err = -EBUSY; 3875 goto err_free; 3876 } 3877 3878 if (ifmgd->auth_data) 3879 ieee80211_destroy_auth_data(sdata, false); 3880 3881 /* prep auth_data so we don't go into idle on disassoc */ 3882 ifmgd->auth_data = auth_data; 3883 3884 if (ifmgd->associated) 3885 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 3886 3887 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 3888 3889 err = ieee80211_prep_connection(sdata, req->bss, false); 3890 if (err) 3891 goto err_clear; 3892 3893 err = ieee80211_probe_auth(sdata); 3894 if (err) { 3895 sta_info_destroy_addr(sdata, req->bss->bssid); 3896 goto err_clear; 3897 } 3898 3899 /* hold our own reference */ 3900 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 3901 err = 0; 3902 goto out_unlock; 3903 3904 err_clear: 3905 memset(ifmgd->bssid, 0, ETH_ALEN); 3906 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 3907 ifmgd->auth_data = NULL; 3908 err_free: 3909 kfree(auth_data); 3910 out_unlock: 3911 mutex_unlock(&ifmgd->mtx); 3912 3913 return err; 3914 } 3915 3916 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 3917 struct cfg80211_assoc_request *req) 3918 { 3919 struct ieee80211_local *local = sdata->local; 3920 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3921 struct ieee80211_bss *bss = (void *)req->bss->priv; 3922 struct ieee80211_mgd_assoc_data *assoc_data; 3923 const struct cfg80211_bss_ies *beacon_ies; 3924 struct ieee80211_supported_band *sband; 3925 const u8 *ssidie, *ht_ie, *vht_ie; 3926 int i, err; 3927 3928 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 3929 if (!assoc_data) 3930 return -ENOMEM; 3931 3932 rcu_read_lock(); 3933 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 3934 if (!ssidie) { 3935 rcu_read_unlock(); 3936 kfree(assoc_data); 3937 return -EINVAL; 3938 } 3939 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 3940 assoc_data->ssid_len = ssidie[1]; 3941 rcu_read_unlock(); 3942 3943 mutex_lock(&ifmgd->mtx); 3944 3945 if (ifmgd->associated) 3946 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 3947 3948 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 3949 err = -EBUSY; 3950 goto err_free; 3951 } 3952 3953 if (ifmgd->assoc_data) { 3954 err = -EBUSY; 3955 goto err_free; 3956 } 3957 3958 if (ifmgd->auth_data) { 3959 bool match; 3960 3961 /* keep sta info, bssid if matching */ 3962 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 3963 ieee80211_destroy_auth_data(sdata, match); 3964 } 3965 3966 /* prepare assoc data */ 3967 3968 ifmgd->beacon_crc_valid = false; 3969 3970 /* 3971 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 3972 * We still associate in non-HT mode (11a/b/g) if any one of these 3973 * ciphers is configured as pairwise. 3974 * We can set this to true for non-11n hardware, that'll be checked 3975 * separately along with the peer capabilities. 3976 */ 3977 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 3978 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 3979 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 3980 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 3981 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3982 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3983 netdev_info(sdata->dev, 3984 "disabling HT/VHT due to WEP/TKIP use\n"); 3985 } 3986 } 3987 3988 if (req->flags & ASSOC_REQ_DISABLE_HT) { 3989 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 3990 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3991 } 3992 3993 if (req->flags & ASSOC_REQ_DISABLE_VHT) 3994 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 3995 3996 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 3997 sband = local->hw.wiphy->bands[req->bss->channel->band]; 3998 if (!sband->ht_cap.ht_supported || 3999 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4000 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4001 if (!bss->wmm_used) 4002 netdev_info(sdata->dev, 4003 "disabling HT as WMM/QoS is not supported by the AP\n"); 4004 } 4005 4006 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4007 if (!sband->vht_cap.vht_supported || 4008 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4009 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4010 if (!bss->wmm_used) 4011 netdev_info(sdata->dev, 4012 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4013 } 4014 4015 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4016 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4017 sizeof(ifmgd->ht_capa_mask)); 4018 4019 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4020 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4021 sizeof(ifmgd->vht_capa_mask)); 4022 4023 if (req->ie && req->ie_len) { 4024 memcpy(assoc_data->ie, req->ie, req->ie_len); 4025 assoc_data->ie_len = req->ie_len; 4026 } 4027 4028 assoc_data->bss = req->bss; 4029 4030 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4031 if (ifmgd->powersave) 4032 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4033 else 4034 sdata->smps_mode = IEEE80211_SMPS_OFF; 4035 } else 4036 sdata->smps_mode = ifmgd->req_smps; 4037 4038 assoc_data->capability = req->bss->capability; 4039 assoc_data->wmm = bss->wmm_used && 4040 (local->hw.queues >= IEEE80211_NUM_ACS); 4041 assoc_data->supp_rates = bss->supp_rates; 4042 assoc_data->supp_rates_len = bss->supp_rates_len; 4043 4044 rcu_read_lock(); 4045 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4046 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4047 assoc_data->ap_ht_param = 4048 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4049 else 4050 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4051 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4052 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4053 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4054 sizeof(struct ieee80211_vht_cap)); 4055 else 4056 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4057 rcu_read_unlock(); 4058 4059 if (bss->wmm_used && bss->uapsd_supported && 4060 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) { 4061 assoc_data->uapsd = true; 4062 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4063 } else { 4064 assoc_data->uapsd = false; 4065 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4066 } 4067 4068 if (req->prev_bssid) 4069 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4070 4071 if (req->use_mfp) { 4072 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4073 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4074 } else { 4075 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4076 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4077 } 4078 4079 if (req->crypto.control_port) 4080 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4081 else 4082 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4083 4084 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4085 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4086 4087 /* kick off associate process */ 4088 4089 ifmgd->assoc_data = assoc_data; 4090 ifmgd->dtim_period = 0; 4091 4092 err = ieee80211_prep_connection(sdata, req->bss, true); 4093 if (err) 4094 goto err_clear; 4095 4096 rcu_read_lock(); 4097 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4098 4099 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4100 !beacon_ies) { 4101 /* 4102 * Wait up to one beacon interval ... 4103 * should this be more if we miss one? 4104 */ 4105 sdata_info(sdata, "waiting for beacon from %pM\n", 4106 ifmgd->bssid); 4107 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4108 assoc_data->timeout_started = true; 4109 assoc_data->need_beacon = true; 4110 } else if (beacon_ies) { 4111 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4112 beacon_ies->data, 4113 beacon_ies->len); 4114 u8 dtim_count = 0; 4115 4116 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4117 const struct ieee80211_tim_ie *tim; 4118 tim = (void *)(tim_ie + 2); 4119 ifmgd->dtim_period = tim->dtim_period; 4120 dtim_count = tim->dtim_count; 4121 } 4122 assoc_data->have_beacon = true; 4123 assoc_data->timeout = jiffies; 4124 assoc_data->timeout_started = true; 4125 4126 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4127 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4128 sdata->vif.bss_conf.sync_device_ts = 4129 bss->device_ts_beacon; 4130 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4131 } 4132 } else { 4133 assoc_data->timeout = jiffies; 4134 assoc_data->timeout_started = true; 4135 } 4136 rcu_read_unlock(); 4137 4138 run_again(ifmgd, assoc_data->timeout); 4139 4140 if (bss->corrupt_data) { 4141 char *corrupt_type = "data"; 4142 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4143 if (bss->corrupt_data & 4144 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4145 corrupt_type = "beacon and probe response"; 4146 else 4147 corrupt_type = "beacon"; 4148 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4149 corrupt_type = "probe response"; 4150 sdata_info(sdata, "associating with AP with corrupt %s\n", 4151 corrupt_type); 4152 } 4153 4154 err = 0; 4155 goto out; 4156 err_clear: 4157 memset(ifmgd->bssid, 0, ETH_ALEN); 4158 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4159 ifmgd->assoc_data = NULL; 4160 err_free: 4161 kfree(assoc_data); 4162 out: 4163 mutex_unlock(&ifmgd->mtx); 4164 4165 return err; 4166 } 4167 4168 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4169 struct cfg80211_deauth_request *req) 4170 { 4171 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4172 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4173 bool tx = !req->local_state_change; 4174 bool sent_frame = false; 4175 4176 mutex_lock(&ifmgd->mtx); 4177 4178 sdata_info(sdata, 4179 "deauthenticating from %pM by local choice (reason=%d)\n", 4180 req->bssid, req->reason_code); 4181 4182 if (ifmgd->auth_data) { 4183 drv_mgd_prepare_tx(sdata->local, sdata); 4184 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4185 IEEE80211_STYPE_DEAUTH, 4186 req->reason_code, tx, 4187 frame_buf); 4188 ieee80211_destroy_auth_data(sdata, false); 4189 mutex_unlock(&ifmgd->mtx); 4190 4191 sent_frame = tx; 4192 goto out; 4193 } 4194 4195 if (ifmgd->associated && 4196 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4197 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4198 req->reason_code, tx, frame_buf); 4199 sent_frame = tx; 4200 } 4201 mutex_unlock(&ifmgd->mtx); 4202 4203 out: 4204 if (sent_frame) 4205 __cfg80211_send_deauth(sdata->dev, frame_buf, 4206 IEEE80211_DEAUTH_FRAME_LEN); 4207 4208 return 0; 4209 } 4210 4211 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4212 struct cfg80211_disassoc_request *req) 4213 { 4214 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4215 u8 bssid[ETH_ALEN]; 4216 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4217 4218 mutex_lock(&ifmgd->mtx); 4219 4220 /* 4221 * cfg80211 should catch this ... but it's racy since 4222 * we can receive a disassoc frame, process it, hand it 4223 * to cfg80211 while that's in a locked section already 4224 * trying to tell us that the user wants to disconnect. 4225 */ 4226 if (ifmgd->associated != req->bss) { 4227 mutex_unlock(&ifmgd->mtx); 4228 return -ENOLINK; 4229 } 4230 4231 sdata_info(sdata, 4232 "disassociating from %pM by local choice (reason=%d)\n", 4233 req->bss->bssid, req->reason_code); 4234 4235 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4236 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4237 req->reason_code, !req->local_state_change, 4238 frame_buf); 4239 mutex_unlock(&ifmgd->mtx); 4240 4241 __cfg80211_send_disassoc(sdata->dev, frame_buf, 4242 IEEE80211_DEAUTH_FRAME_LEN); 4243 4244 return 0; 4245 } 4246 4247 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4248 { 4249 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4250 4251 /* 4252 * Make sure some work items will not run after this, 4253 * they will not do anything but might not have been 4254 * cancelled when disconnecting. 4255 */ 4256 cancel_work_sync(&ifmgd->monitor_work); 4257 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4258 cancel_work_sync(&ifmgd->request_smps_work); 4259 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4260 cancel_work_sync(&ifmgd->chswitch_work); 4261 4262 mutex_lock(&ifmgd->mtx); 4263 if (ifmgd->assoc_data) 4264 ieee80211_destroy_assoc_data(sdata, false); 4265 if (ifmgd->auth_data) 4266 ieee80211_destroy_auth_data(sdata, false); 4267 del_timer_sync(&ifmgd->timer); 4268 mutex_unlock(&ifmgd->mtx); 4269 } 4270 4271 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 4272 enum nl80211_cqm_rssi_threshold_event rssi_event, 4273 gfp_t gfp) 4274 { 4275 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4276 4277 trace_api_cqm_rssi_notify(sdata, rssi_event); 4278 4279 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4280 } 4281 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4282