1 /* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * Copyright 2013-2014 Intel Mobile Communications GmbH 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License version 2 as 12 * published by the Free Software Foundation. 13 */ 14 15 #include <linux/delay.h> 16 #include <linux/if_ether.h> 17 #include <linux/skbuff.h> 18 #include <linux/if_arp.h> 19 #include <linux/etherdevice.h> 20 #include <linux/moduleparam.h> 21 #include <linux/rtnetlink.h> 22 #include <linux/pm_qos.h> 23 #include <linux/crc32.h> 24 #include <linux/slab.h> 25 #include <linux/export.h> 26 #include <net/mac80211.h> 27 #include <asm/unaligned.h> 28 29 #include "ieee80211_i.h" 30 #include "driver-ops.h" 31 #include "rate.h" 32 #include "led.h" 33 34 #define IEEE80211_AUTH_TIMEOUT (HZ / 5) 35 #define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) 36 #define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 37 #define IEEE80211_AUTH_MAX_TRIES 3 38 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 39 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 40 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 41 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 42 #define IEEE80211_ASSOC_MAX_TRIES 3 43 44 static int max_nullfunc_tries = 2; 45 module_param(max_nullfunc_tries, int, 0644); 46 MODULE_PARM_DESC(max_nullfunc_tries, 47 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 48 49 static int max_probe_tries = 5; 50 module_param(max_probe_tries, int, 0644); 51 MODULE_PARM_DESC(max_probe_tries, 52 "Maximum probe tries before disconnecting (reason 4)."); 53 54 /* 55 * Beacon loss timeout is calculated as N frames times the 56 * advertised beacon interval. This may need to be somewhat 57 * higher than what hardware might detect to account for 58 * delays in the host processing frames. But since we also 59 * probe on beacon miss before declaring the connection lost 60 * default to what we want. 61 */ 62 static int beacon_loss_count = 7; 63 module_param(beacon_loss_count, int, 0644); 64 MODULE_PARM_DESC(beacon_loss_count, 65 "Number of beacon intervals before we decide beacon was lost."); 66 67 /* 68 * Time the connection can be idle before we probe 69 * it to see if we can still talk to the AP. 70 */ 71 #define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 72 /* 73 * Time we wait for a probe response after sending 74 * a probe request because of beacon loss or for 75 * checking the connection still works. 76 */ 77 static int probe_wait_ms = 500; 78 module_param(probe_wait_ms, int, 0644); 79 MODULE_PARM_DESC(probe_wait_ms, 80 "Maximum time(ms) to wait for probe response" 81 " before disconnecting (reason 4)."); 82 83 /* 84 * Weight given to the latest Beacon frame when calculating average signal 85 * strength for Beacon frames received in the current BSS. This must be 86 * between 1 and 15. 87 */ 88 #define IEEE80211_SIGNAL_AVE_WEIGHT 3 89 90 /* 91 * How many Beacon frames need to have been used in average signal strength 92 * before starting to indicate signal change events. 93 */ 94 #define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 95 96 /* 97 * We can have multiple work items (and connection probing) 98 * scheduling this timer, but we need to take care to only 99 * reschedule it when it should fire _earlier_ than it was 100 * asked for before, or if it's not pending right now. This 101 * function ensures that. Note that it then is required to 102 * run this function for all timeouts after the first one 103 * has happened -- the work that runs from this timer will 104 * do that. 105 */ 106 static void run_again(struct ieee80211_sub_if_data *sdata, 107 unsigned long timeout) 108 { 109 sdata_assert_lock(sdata); 110 111 if (!timer_pending(&sdata->u.mgd.timer) || 112 time_before(timeout, sdata->u.mgd.timer.expires)) 113 mod_timer(&sdata->u.mgd.timer, timeout); 114 } 115 116 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 117 { 118 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 119 return; 120 121 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 122 return; 123 124 mod_timer(&sdata->u.mgd.bcn_mon_timer, 125 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 126 } 127 128 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 129 { 130 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 131 132 if (unlikely(!sdata->u.mgd.associated)) 133 return; 134 135 ifmgd->probe_send_count = 0; 136 137 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 138 return; 139 140 mod_timer(&sdata->u.mgd.conn_mon_timer, 141 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 142 } 143 144 static int ecw2cw(int ecw) 145 { 146 return (1 << ecw) - 1; 147 } 148 149 static u32 150 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 151 struct ieee80211_supported_band *sband, 152 struct ieee80211_channel *channel, 153 const struct ieee80211_ht_cap *ht_cap, 154 const struct ieee80211_ht_operation *ht_oper, 155 const struct ieee80211_vht_operation *vht_oper, 156 struct cfg80211_chan_def *chandef, bool tracking) 157 { 158 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 159 struct cfg80211_chan_def vht_chandef; 160 u32 ht_cfreq, ret; 161 162 chandef->chan = channel; 163 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 164 chandef->center_freq1 = channel->center_freq; 165 chandef->center_freq2 = 0; 166 167 if (!ht_cap || !ht_oper || !sband->ht_cap.ht_supported) { 168 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 169 goto out; 170 } 171 172 chandef->width = NL80211_CHAN_WIDTH_20; 173 174 if (!(ht_cap->cap_info & 175 cpu_to_le16(IEEE80211_HT_CAP_SUP_WIDTH_20_40))) { 176 ret = IEEE80211_STA_DISABLE_40MHZ; 177 goto out; 178 } 179 180 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 181 channel->band); 182 /* check that channel matches the right operating channel */ 183 if (!tracking && channel->center_freq != ht_cfreq) { 184 /* 185 * It's possible that some APs are confused here; 186 * Netgear WNDR3700 sometimes reports 4 higher than 187 * the actual channel in association responses, but 188 * since we look at probe response/beacon data here 189 * it should be OK. 190 */ 191 sdata_info(sdata, 192 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 193 channel->center_freq, ht_cfreq, 194 ht_oper->primary_chan, channel->band); 195 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 196 goto out; 197 } 198 199 /* check 40 MHz support, if we have it */ 200 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 201 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 202 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 203 chandef->width = NL80211_CHAN_WIDTH_40; 204 chandef->center_freq1 += 10; 205 break; 206 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 207 chandef->width = NL80211_CHAN_WIDTH_40; 208 chandef->center_freq1 -= 10; 209 break; 210 } 211 } else { 212 /* 40 MHz (and 80 MHz) must be supported for VHT */ 213 ret = IEEE80211_STA_DISABLE_VHT; 214 /* also mark 40 MHz disabled */ 215 ret |= IEEE80211_STA_DISABLE_40MHZ; 216 goto out; 217 } 218 219 if (!vht_oper || !sband->vht_cap.vht_supported) { 220 ret = IEEE80211_STA_DISABLE_VHT; 221 goto out; 222 } 223 224 vht_chandef.chan = channel; 225 vht_chandef.center_freq1 = 226 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 227 channel->band); 228 vht_chandef.center_freq2 = 0; 229 230 switch (vht_oper->chan_width) { 231 case IEEE80211_VHT_CHANWIDTH_USE_HT: 232 vht_chandef.width = chandef->width; 233 vht_chandef.center_freq1 = chandef->center_freq1; 234 break; 235 case IEEE80211_VHT_CHANWIDTH_80MHZ: 236 vht_chandef.width = NL80211_CHAN_WIDTH_80; 237 break; 238 case IEEE80211_VHT_CHANWIDTH_160MHZ: 239 vht_chandef.width = NL80211_CHAN_WIDTH_160; 240 break; 241 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 242 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 243 vht_chandef.center_freq2 = 244 ieee80211_channel_to_frequency( 245 vht_oper->center_freq_seg2_idx, 246 channel->band); 247 break; 248 default: 249 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 250 sdata_info(sdata, 251 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 252 vht_oper->chan_width); 253 ret = IEEE80211_STA_DISABLE_VHT; 254 goto out; 255 } 256 257 if (!cfg80211_chandef_valid(&vht_chandef)) { 258 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 259 sdata_info(sdata, 260 "AP VHT information is invalid, disable VHT\n"); 261 ret = IEEE80211_STA_DISABLE_VHT; 262 goto out; 263 } 264 265 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 266 ret = 0; 267 goto out; 268 } 269 270 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 271 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 272 sdata_info(sdata, 273 "AP VHT information doesn't match HT, disable VHT\n"); 274 ret = IEEE80211_STA_DISABLE_VHT; 275 goto out; 276 } 277 278 *chandef = vht_chandef; 279 280 ret = 0; 281 282 out: 283 /* 284 * When tracking the current AP, don't do any further checks if the 285 * new chandef is identical to the one we're currently using for the 286 * connection. This keeps us from playing ping-pong with regulatory, 287 * without it the following can happen (for example): 288 * - connect to an AP with 80 MHz, world regdom allows 80 MHz 289 * - AP advertises regdom US 290 * - CRDA loads regdom US with 80 MHz prohibited (old database) 291 * - the code below detects an unsupported channel, downgrades, and 292 * we disconnect from the AP in the caller 293 * - disconnect causes CRDA to reload world regdomain and the game 294 * starts anew. 295 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881) 296 * 297 * It seems possible that there are still scenarios with CSA or real 298 * bandwidth changes where a this could happen, but those cases are 299 * less common and wouldn't completely prevent using the AP. 300 */ 301 if (tracking && 302 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef)) 303 return ret; 304 305 /* don't print the message below for VHT mismatch if VHT is disabled */ 306 if (ret & IEEE80211_STA_DISABLE_VHT) 307 vht_chandef = *chandef; 308 309 /* 310 * Ignore the DISABLED flag when we're already connected and only 311 * tracking the APs beacon for bandwidth changes - otherwise we 312 * might get disconnected here if we connect to an AP, update our 313 * regulatory information based on the AP's country IE and the 314 * information we have is wrong/outdated and disables the channel 315 * that we're actually using for the connection to the AP. 316 */ 317 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 318 tracking ? 0 : 319 IEEE80211_CHAN_DISABLED)) { 320 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 321 ret = IEEE80211_STA_DISABLE_HT | 322 IEEE80211_STA_DISABLE_VHT; 323 break; 324 } 325 326 ret |= ieee80211_chandef_downgrade(chandef); 327 } 328 329 if (chandef->width != vht_chandef.width && !tracking) 330 sdata_info(sdata, 331 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 332 333 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 334 return ret; 335 } 336 337 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 338 struct sta_info *sta, 339 const struct ieee80211_ht_cap *ht_cap, 340 const struct ieee80211_ht_operation *ht_oper, 341 const struct ieee80211_vht_operation *vht_oper, 342 const u8 *bssid, u32 *changed) 343 { 344 struct ieee80211_local *local = sdata->local; 345 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 346 struct ieee80211_supported_band *sband; 347 struct ieee80211_channel *chan; 348 struct cfg80211_chan_def chandef; 349 u16 ht_opmode; 350 u32 flags; 351 enum ieee80211_sta_rx_bandwidth new_sta_bw; 352 int ret; 353 354 /* if HT was/is disabled, don't track any bandwidth changes */ 355 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 356 return 0; 357 358 /* don't check VHT if we associated as non-VHT station */ 359 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 360 vht_oper = NULL; 361 362 if (WARN_ON_ONCE(!sta)) 363 return -EINVAL; 364 365 /* 366 * if bss configuration changed store the new one - 367 * this may be applicable even if channel is identical 368 */ 369 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 370 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 371 *changed |= BSS_CHANGED_HT; 372 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 373 } 374 375 chan = sdata->vif.bss_conf.chandef.chan; 376 sband = local->hw.wiphy->bands[chan->band]; 377 378 /* calculate new channel (type) based on HT/VHT operation IEs */ 379 flags = ieee80211_determine_chantype(sdata, sband, chan, 380 ht_cap, ht_oper, vht_oper, 381 &chandef, true); 382 383 /* 384 * Downgrade the new channel if we associated with restricted 385 * capabilities. For example, if we associated as a 20 MHz STA 386 * to a 40 MHz AP (due to regulatory, capabilities or config 387 * reasons) then switching to a 40 MHz channel now won't do us 388 * any good -- we couldn't use it with the AP. 389 */ 390 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 391 chandef.width == NL80211_CHAN_WIDTH_80P80) 392 flags |= ieee80211_chandef_downgrade(&chandef); 393 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 394 chandef.width == NL80211_CHAN_WIDTH_160) 395 flags |= ieee80211_chandef_downgrade(&chandef); 396 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 397 chandef.width > NL80211_CHAN_WIDTH_20) 398 flags |= ieee80211_chandef_downgrade(&chandef); 399 400 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 401 return 0; 402 403 sdata_info(sdata, 404 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 405 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 406 chandef.center_freq1, chandef.center_freq2); 407 408 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 409 IEEE80211_STA_DISABLE_VHT | 410 IEEE80211_STA_DISABLE_40MHZ | 411 IEEE80211_STA_DISABLE_80P80MHZ | 412 IEEE80211_STA_DISABLE_160MHZ)) || 413 !cfg80211_chandef_valid(&chandef)) { 414 sdata_info(sdata, 415 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 416 ifmgd->bssid); 417 return -EINVAL; 418 } 419 420 switch (chandef.width) { 421 case NL80211_CHAN_WIDTH_20_NOHT: 422 case NL80211_CHAN_WIDTH_20: 423 new_sta_bw = IEEE80211_STA_RX_BW_20; 424 break; 425 case NL80211_CHAN_WIDTH_40: 426 new_sta_bw = IEEE80211_STA_RX_BW_40; 427 break; 428 case NL80211_CHAN_WIDTH_80: 429 new_sta_bw = IEEE80211_STA_RX_BW_80; 430 break; 431 case NL80211_CHAN_WIDTH_80P80: 432 case NL80211_CHAN_WIDTH_160: 433 new_sta_bw = IEEE80211_STA_RX_BW_160; 434 break; 435 default: 436 return -EINVAL; 437 } 438 439 if (new_sta_bw > sta->cur_max_bandwidth) 440 new_sta_bw = sta->cur_max_bandwidth; 441 442 if (new_sta_bw < sta->sta.bandwidth) { 443 sta->sta.bandwidth = new_sta_bw; 444 rate_control_rate_update(local, sband, sta, 445 IEEE80211_RC_BW_CHANGED); 446 } 447 448 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 449 if (ret) { 450 sdata_info(sdata, 451 "AP %pM changed bandwidth to incompatible one - disconnect\n", 452 ifmgd->bssid); 453 return ret; 454 } 455 456 if (new_sta_bw > sta->sta.bandwidth) { 457 sta->sta.bandwidth = new_sta_bw; 458 rate_control_rate_update(local, sband, sta, 459 IEEE80211_RC_BW_CHANGED); 460 } 461 462 return 0; 463 } 464 465 /* frame sending functions */ 466 467 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 468 struct sk_buff *skb, u8 ap_ht_param, 469 struct ieee80211_supported_band *sband, 470 struct ieee80211_channel *channel, 471 enum ieee80211_smps_mode smps) 472 { 473 u8 *pos; 474 u32 flags = channel->flags; 475 u16 cap; 476 struct ieee80211_sta_ht_cap ht_cap; 477 478 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 479 480 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 481 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 482 483 /* determine capability flags */ 484 cap = ht_cap.cap; 485 486 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 487 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 488 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 489 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 490 cap &= ~IEEE80211_HT_CAP_SGI_40; 491 } 492 break; 493 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 494 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 495 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 496 cap &= ~IEEE80211_HT_CAP_SGI_40; 497 } 498 break; 499 } 500 501 /* 502 * If 40 MHz was disabled associate as though we weren't 503 * capable of 40 MHz -- some broken APs will never fall 504 * back to trying to transmit in 20 MHz. 505 */ 506 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 507 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 508 cap &= ~IEEE80211_HT_CAP_SGI_40; 509 } 510 511 /* set SM PS mode properly */ 512 cap &= ~IEEE80211_HT_CAP_SM_PS; 513 switch (smps) { 514 case IEEE80211_SMPS_AUTOMATIC: 515 case IEEE80211_SMPS_NUM_MODES: 516 WARN_ON(1); 517 case IEEE80211_SMPS_OFF: 518 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 519 IEEE80211_HT_CAP_SM_PS_SHIFT; 520 break; 521 case IEEE80211_SMPS_STATIC: 522 cap |= WLAN_HT_CAP_SM_PS_STATIC << 523 IEEE80211_HT_CAP_SM_PS_SHIFT; 524 break; 525 case IEEE80211_SMPS_DYNAMIC: 526 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 527 IEEE80211_HT_CAP_SM_PS_SHIFT; 528 break; 529 } 530 531 /* reserve and fill IE */ 532 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 533 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 534 } 535 536 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 537 struct sk_buff *skb, 538 struct ieee80211_supported_band *sband, 539 struct ieee80211_vht_cap *ap_vht_cap) 540 { 541 u8 *pos; 542 u32 cap; 543 struct ieee80211_sta_vht_cap vht_cap; 544 u32 mask, ap_bf_sts, our_bf_sts; 545 546 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 547 548 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 549 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 550 551 /* determine capability flags */ 552 cap = vht_cap.cap; 553 554 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 555 u32 bw = cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 556 557 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 558 if (bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ || 559 bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ) 560 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 561 } 562 563 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 564 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 565 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 566 } 567 568 /* 569 * Some APs apparently get confused if our capabilities are better 570 * than theirs, so restrict what we advertise in the assoc request. 571 */ 572 if (!(ap_vht_cap->vht_cap_info & 573 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 574 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 575 576 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK; 577 578 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask; 579 our_bf_sts = cap & mask; 580 581 if (ap_bf_sts < our_bf_sts) { 582 cap &= ~mask; 583 cap |= ap_bf_sts; 584 } 585 586 /* reserve and fill IE */ 587 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 588 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 589 } 590 591 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 592 { 593 struct ieee80211_local *local = sdata->local; 594 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 595 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 596 struct sk_buff *skb; 597 struct ieee80211_mgmt *mgmt; 598 u8 *pos, qos_info; 599 size_t offset = 0, noffset; 600 int i, count, rates_len, supp_rates_len, shift; 601 u16 capab; 602 struct ieee80211_supported_band *sband; 603 struct ieee80211_chanctx_conf *chanctx_conf; 604 struct ieee80211_channel *chan; 605 u32 rate_flags, rates = 0; 606 607 sdata_assert_lock(sdata); 608 609 rcu_read_lock(); 610 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 611 if (WARN_ON(!chanctx_conf)) { 612 rcu_read_unlock(); 613 return; 614 } 615 chan = chanctx_conf->def.chan; 616 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 617 rcu_read_unlock(); 618 sband = local->hw.wiphy->bands[chan->band]; 619 shift = ieee80211_vif_get_shift(&sdata->vif); 620 621 if (assoc_data->supp_rates_len) { 622 /* 623 * Get all rates supported by the device and the AP as 624 * some APs don't like getting a superset of their rates 625 * in the association request (e.g. D-Link DAP 1353 in 626 * b-only mode)... 627 */ 628 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband, 629 assoc_data->supp_rates, 630 assoc_data->supp_rates_len, 631 &rates); 632 } else { 633 /* 634 * In case AP not provide any supported rates information 635 * before association, we send information element(s) with 636 * all rates that we support. 637 */ 638 rates_len = 0; 639 for (i = 0; i < sband->n_bitrates; i++) { 640 if ((rate_flags & sband->bitrates[i].flags) 641 != rate_flags) 642 continue; 643 rates |= BIT(i); 644 rates_len++; 645 } 646 } 647 648 skb = alloc_skb(local->hw.extra_tx_headroom + 649 sizeof(*mgmt) + /* bit too much but doesn't matter */ 650 2 + assoc_data->ssid_len + /* SSID */ 651 4 + rates_len + /* (extended) rates */ 652 4 + /* power capability */ 653 2 + 2 * sband->n_channels + /* supported channels */ 654 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 655 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 656 assoc_data->ie_len + /* extra IEs */ 657 9, /* WMM */ 658 GFP_KERNEL); 659 if (!skb) 660 return; 661 662 skb_reserve(skb, local->hw.extra_tx_headroom); 663 664 capab = WLAN_CAPABILITY_ESS; 665 666 if (sband->band == IEEE80211_BAND_2GHZ) { 667 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 668 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 669 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 670 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 671 } 672 673 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 674 capab |= WLAN_CAPABILITY_PRIVACY; 675 676 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 677 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 678 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 679 680 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM) 681 capab |= WLAN_CAPABILITY_RADIO_MEASURE; 682 683 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 684 memset(mgmt, 0, 24); 685 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 686 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 687 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 688 689 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 690 skb_put(skb, 10); 691 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 692 IEEE80211_STYPE_REASSOC_REQ); 693 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 694 mgmt->u.reassoc_req.listen_interval = 695 cpu_to_le16(local->hw.conf.listen_interval); 696 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 697 ETH_ALEN); 698 } else { 699 skb_put(skb, 4); 700 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 701 IEEE80211_STYPE_ASSOC_REQ); 702 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 703 mgmt->u.assoc_req.listen_interval = 704 cpu_to_le16(local->hw.conf.listen_interval); 705 } 706 707 /* SSID */ 708 pos = skb_put(skb, 2 + assoc_data->ssid_len); 709 *pos++ = WLAN_EID_SSID; 710 *pos++ = assoc_data->ssid_len; 711 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 712 713 /* add all rates which were marked to be used above */ 714 supp_rates_len = rates_len; 715 if (supp_rates_len > 8) 716 supp_rates_len = 8; 717 718 pos = skb_put(skb, supp_rates_len + 2); 719 *pos++ = WLAN_EID_SUPP_RATES; 720 *pos++ = supp_rates_len; 721 722 count = 0; 723 for (i = 0; i < sband->n_bitrates; i++) { 724 if (BIT(i) & rates) { 725 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 726 5 * (1 << shift)); 727 *pos++ = (u8) rate; 728 if (++count == 8) 729 break; 730 } 731 } 732 733 if (rates_len > count) { 734 pos = skb_put(skb, rates_len - count + 2); 735 *pos++ = WLAN_EID_EXT_SUPP_RATES; 736 *pos++ = rates_len - count; 737 738 for (i++; i < sband->n_bitrates; i++) { 739 if (BIT(i) & rates) { 740 int rate; 741 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 742 5 * (1 << shift)); 743 *pos++ = (u8) rate; 744 } 745 } 746 } 747 748 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT || 749 capab & WLAN_CAPABILITY_RADIO_MEASURE) { 750 pos = skb_put(skb, 4); 751 *pos++ = WLAN_EID_PWR_CAPABILITY; 752 *pos++ = 2; 753 *pos++ = 0; /* min tx power */ 754 /* max tx power */ 755 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def); 756 } 757 758 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 759 /* TODO: get this in reg domain format */ 760 pos = skb_put(skb, 2 * sband->n_channels + 2); 761 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 762 *pos++ = 2 * sband->n_channels; 763 for (i = 0; i < sband->n_channels; i++) { 764 *pos++ = ieee80211_frequency_to_channel( 765 sband->channels[i].center_freq); 766 *pos++ = 1; /* one channel in the subband*/ 767 } 768 } 769 770 /* if present, add any custom IEs that go before HT */ 771 if (assoc_data->ie_len) { 772 static const u8 before_ht[] = { 773 WLAN_EID_SSID, 774 WLAN_EID_SUPP_RATES, 775 WLAN_EID_EXT_SUPP_RATES, 776 WLAN_EID_PWR_CAPABILITY, 777 WLAN_EID_SUPPORTED_CHANNELS, 778 WLAN_EID_RSN, 779 WLAN_EID_QOS_CAPA, 780 WLAN_EID_RRM_ENABLED_CAPABILITIES, 781 WLAN_EID_MOBILITY_DOMAIN, 782 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */ 783 WLAN_EID_RIC_DATA, /* reassoc only */ 784 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 785 }; 786 static const u8 after_ric[] = { 787 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 788 WLAN_EID_HT_CAPABILITY, 789 WLAN_EID_BSS_COEX_2040, 790 WLAN_EID_EXT_CAPABILITY, 791 WLAN_EID_QOS_TRAFFIC_CAPA, 792 WLAN_EID_TIM_BCAST_REQ, 793 WLAN_EID_INTERWORKING, 794 /* 60GHz doesn't happen right now */ 795 WLAN_EID_VHT_CAPABILITY, 796 WLAN_EID_OPMODE_NOTIF, 797 }; 798 799 noffset = ieee80211_ie_split_ric(assoc_data->ie, 800 assoc_data->ie_len, 801 before_ht, 802 ARRAY_SIZE(before_ht), 803 after_ric, 804 ARRAY_SIZE(after_ric), 805 offset); 806 pos = skb_put(skb, noffset - offset); 807 memcpy(pos, assoc_data->ie + offset, noffset - offset); 808 offset = noffset; 809 } 810 811 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 812 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 813 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 814 815 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 816 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 817 sband, chan, sdata->smps_mode); 818 819 /* if present, add any custom IEs that go before VHT */ 820 if (assoc_data->ie_len) { 821 static const u8 before_vht[] = { 822 WLAN_EID_SSID, 823 WLAN_EID_SUPP_RATES, 824 WLAN_EID_EXT_SUPP_RATES, 825 WLAN_EID_PWR_CAPABILITY, 826 WLAN_EID_SUPPORTED_CHANNELS, 827 WLAN_EID_RSN, 828 WLAN_EID_QOS_CAPA, 829 WLAN_EID_RRM_ENABLED_CAPABILITIES, 830 WLAN_EID_MOBILITY_DOMAIN, 831 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 832 WLAN_EID_HT_CAPABILITY, 833 WLAN_EID_BSS_COEX_2040, 834 WLAN_EID_EXT_CAPABILITY, 835 WLAN_EID_QOS_TRAFFIC_CAPA, 836 WLAN_EID_TIM_BCAST_REQ, 837 WLAN_EID_INTERWORKING, 838 }; 839 840 /* RIC already taken above, so no need to handle here anymore */ 841 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 842 before_vht, ARRAY_SIZE(before_vht), 843 offset); 844 pos = skb_put(skb, noffset - offset); 845 memcpy(pos, assoc_data->ie + offset, noffset - offset); 846 offset = noffset; 847 } 848 849 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 850 ieee80211_add_vht_ie(sdata, skb, sband, 851 &assoc_data->ap_vht_cap); 852 853 /* if present, add any custom non-vendor IEs that go after HT */ 854 if (assoc_data->ie_len) { 855 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 856 assoc_data->ie_len, 857 offset); 858 pos = skb_put(skb, noffset - offset); 859 memcpy(pos, assoc_data->ie + offset, noffset - offset); 860 offset = noffset; 861 } 862 863 if (assoc_data->wmm) { 864 if (assoc_data->uapsd) { 865 qos_info = ifmgd->uapsd_queues; 866 qos_info |= (ifmgd->uapsd_max_sp_len << 867 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 868 } else { 869 qos_info = 0; 870 } 871 872 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info); 873 } 874 875 /* add any remaining custom (i.e. vendor specific here) IEs */ 876 if (assoc_data->ie_len) { 877 noffset = assoc_data->ie_len; 878 pos = skb_put(skb, noffset - offset); 879 memcpy(pos, assoc_data->ie + offset, noffset - offset); 880 } 881 882 drv_mgd_prepare_tx(local, sdata); 883 884 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 885 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 886 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 887 IEEE80211_TX_INTFL_MLME_CONN_TX; 888 ieee80211_tx_skb(sdata, skb); 889 } 890 891 void ieee80211_send_pspoll(struct ieee80211_local *local, 892 struct ieee80211_sub_if_data *sdata) 893 { 894 struct ieee80211_pspoll *pspoll; 895 struct sk_buff *skb; 896 897 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 898 if (!skb) 899 return; 900 901 pspoll = (struct ieee80211_pspoll *) skb->data; 902 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 903 904 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 905 ieee80211_tx_skb(sdata, skb); 906 } 907 908 void ieee80211_send_nullfunc(struct ieee80211_local *local, 909 struct ieee80211_sub_if_data *sdata, 910 int powersave) 911 { 912 struct sk_buff *skb; 913 struct ieee80211_hdr_3addr *nullfunc; 914 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 915 916 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 917 if (!skb) 918 return; 919 920 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 921 if (powersave) 922 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 923 924 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 925 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 926 927 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 928 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 929 930 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 931 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 932 933 ieee80211_tx_skb(sdata, skb); 934 } 935 936 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 937 struct ieee80211_sub_if_data *sdata) 938 { 939 struct sk_buff *skb; 940 struct ieee80211_hdr *nullfunc; 941 __le16 fc; 942 943 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 944 return; 945 946 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 947 if (!skb) 948 return; 949 950 skb_reserve(skb, local->hw.extra_tx_headroom); 951 952 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 953 memset(nullfunc, 0, 30); 954 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 955 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 956 nullfunc->frame_control = fc; 957 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 958 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 959 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 960 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 961 962 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 963 ieee80211_tx_skb(sdata, skb); 964 } 965 966 /* spectrum management related things */ 967 static void ieee80211_chswitch_work(struct work_struct *work) 968 { 969 struct ieee80211_sub_if_data *sdata = 970 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 971 struct ieee80211_local *local = sdata->local; 972 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 973 int ret; 974 975 if (!ieee80211_sdata_running(sdata)) 976 return; 977 978 sdata_lock(sdata); 979 mutex_lock(&local->mtx); 980 mutex_lock(&local->chanctx_mtx); 981 982 if (!ifmgd->associated) 983 goto out; 984 985 if (!sdata->vif.csa_active) 986 goto out; 987 988 /* 989 * using reservation isn't immediate as it may be deferred until later 990 * with multi-vif. once reservation is complete it will re-schedule the 991 * work with no reserved_chanctx so verify chandef to check if it 992 * completed successfully 993 */ 994 995 if (sdata->reserved_chanctx) { 996 /* 997 * with multi-vif csa driver may call ieee80211_csa_finish() 998 * many times while waiting for other interfaces to use their 999 * reservations 1000 */ 1001 if (sdata->reserved_ready) 1002 goto out; 1003 1004 ret = ieee80211_vif_use_reserved_context(sdata); 1005 if (ret) { 1006 sdata_info(sdata, 1007 "failed to use reserved channel context, disconnecting (err=%d)\n", 1008 ret); 1009 ieee80211_queue_work(&sdata->local->hw, 1010 &ifmgd->csa_connection_drop_work); 1011 goto out; 1012 } 1013 1014 goto out; 1015 } 1016 1017 if (!cfg80211_chandef_identical(&sdata->vif.bss_conf.chandef, 1018 &sdata->csa_chandef)) { 1019 sdata_info(sdata, 1020 "failed to finalize channel switch, disconnecting\n"); 1021 ieee80211_queue_work(&sdata->local->hw, 1022 &ifmgd->csa_connection_drop_work); 1023 goto out; 1024 } 1025 1026 /* XXX: shouldn't really modify cfg80211-owned data! */ 1027 ifmgd->associated->channel = sdata->csa_chandef.chan; 1028 1029 ifmgd->csa_waiting_bcn = true; 1030 1031 ieee80211_sta_reset_beacon_monitor(sdata); 1032 ieee80211_sta_reset_conn_monitor(sdata); 1033 1034 out: 1035 mutex_unlock(&local->chanctx_mtx); 1036 mutex_unlock(&local->mtx); 1037 sdata_unlock(sdata); 1038 } 1039 1040 static void ieee80211_chswitch_post_beacon(struct ieee80211_sub_if_data *sdata) 1041 { 1042 struct ieee80211_local *local = sdata->local; 1043 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1044 int ret; 1045 1046 sdata_assert_lock(sdata); 1047 1048 WARN_ON(!sdata->vif.csa_active); 1049 1050 if (sdata->csa_block_tx) { 1051 ieee80211_wake_vif_queues(local, sdata, 1052 IEEE80211_QUEUE_STOP_REASON_CSA); 1053 sdata->csa_block_tx = false; 1054 } 1055 1056 cfg80211_ch_switch_notify(sdata->dev, &sdata->reserved_chandef); 1057 1058 sdata->vif.csa_active = false; 1059 ifmgd->csa_waiting_bcn = false; 1060 1061 ret = drv_post_channel_switch(sdata); 1062 if (ret) { 1063 sdata_info(sdata, 1064 "driver post channel switch failed, disconnecting\n"); 1065 ieee80211_queue_work(&local->hw, 1066 &ifmgd->csa_connection_drop_work); 1067 return; 1068 } 1069 } 1070 1071 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 1072 { 1073 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1074 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1075 1076 trace_api_chswitch_done(sdata, success); 1077 if (!success) { 1078 sdata_info(sdata, 1079 "driver channel switch failed, disconnecting\n"); 1080 ieee80211_queue_work(&sdata->local->hw, 1081 &ifmgd->csa_connection_drop_work); 1082 } else { 1083 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1084 } 1085 } 1086 EXPORT_SYMBOL(ieee80211_chswitch_done); 1087 1088 static void ieee80211_chswitch_timer(unsigned long data) 1089 { 1090 struct ieee80211_sub_if_data *sdata = 1091 (struct ieee80211_sub_if_data *) data; 1092 1093 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 1094 } 1095 1096 static void 1097 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1098 u64 timestamp, u32 device_timestamp, 1099 struct ieee802_11_elems *elems, 1100 bool beacon) 1101 { 1102 struct ieee80211_local *local = sdata->local; 1103 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1104 struct cfg80211_bss *cbss = ifmgd->associated; 1105 struct ieee80211_chanctx_conf *conf; 1106 struct ieee80211_chanctx *chanctx; 1107 enum ieee80211_band current_band; 1108 struct ieee80211_csa_ie csa_ie; 1109 struct ieee80211_channel_switch ch_switch; 1110 int res; 1111 1112 sdata_assert_lock(sdata); 1113 1114 if (!cbss) 1115 return; 1116 1117 if (local->scanning) 1118 return; 1119 1120 /* disregard subsequent announcements if we are already processing */ 1121 if (sdata->vif.csa_active) 1122 return; 1123 1124 current_band = cbss->channel->band; 1125 memset(&csa_ie, 0, sizeof(csa_ie)); 1126 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band, 1127 ifmgd->flags, 1128 ifmgd->associated->bssid, &csa_ie); 1129 if (res < 0) 1130 ieee80211_queue_work(&local->hw, 1131 &ifmgd->csa_connection_drop_work); 1132 if (res) 1133 return; 1134 1135 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef, 1136 IEEE80211_CHAN_DISABLED)) { 1137 sdata_info(sdata, 1138 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 1139 ifmgd->associated->bssid, 1140 csa_ie.chandef.chan->center_freq, 1141 csa_ie.chandef.width, csa_ie.chandef.center_freq1, 1142 csa_ie.chandef.center_freq2); 1143 ieee80211_queue_work(&local->hw, 1144 &ifmgd->csa_connection_drop_work); 1145 return; 1146 } 1147 1148 mutex_lock(&local->mtx); 1149 mutex_lock(&local->chanctx_mtx); 1150 conf = rcu_dereference_protected(sdata->vif.chanctx_conf, 1151 lockdep_is_held(&local->chanctx_mtx)); 1152 if (!conf) { 1153 sdata_info(sdata, 1154 "no channel context assigned to vif?, disconnecting\n"); 1155 ieee80211_queue_work(&local->hw, 1156 &ifmgd->csa_connection_drop_work); 1157 mutex_unlock(&local->chanctx_mtx); 1158 mutex_unlock(&local->mtx); 1159 return; 1160 } 1161 1162 chanctx = container_of(conf, struct ieee80211_chanctx, conf); 1163 1164 if (local->use_chanctx && 1165 !(local->hw.flags & IEEE80211_HW_CHANCTX_STA_CSA)) { 1166 sdata_info(sdata, 1167 "driver doesn't support chan-switch with channel contexts\n"); 1168 ieee80211_queue_work(&local->hw, 1169 &ifmgd->csa_connection_drop_work); 1170 mutex_unlock(&local->chanctx_mtx); 1171 mutex_unlock(&local->mtx); 1172 return; 1173 } 1174 1175 ch_switch.timestamp = timestamp; 1176 ch_switch.device_timestamp = device_timestamp; 1177 ch_switch.block_tx = csa_ie.mode; 1178 ch_switch.chandef = csa_ie.chandef; 1179 ch_switch.count = csa_ie.count; 1180 1181 if (drv_pre_channel_switch(sdata, &ch_switch)) { 1182 sdata_info(sdata, 1183 "preparing for channel switch failed, disconnecting\n"); 1184 ieee80211_queue_work(&local->hw, 1185 &ifmgd->csa_connection_drop_work); 1186 mutex_unlock(&local->chanctx_mtx); 1187 mutex_unlock(&local->mtx); 1188 return; 1189 } 1190 1191 res = ieee80211_vif_reserve_chanctx(sdata, &csa_ie.chandef, 1192 chanctx->mode, false); 1193 if (res) { 1194 sdata_info(sdata, 1195 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n", 1196 res); 1197 ieee80211_queue_work(&local->hw, 1198 &ifmgd->csa_connection_drop_work); 1199 mutex_unlock(&local->chanctx_mtx); 1200 mutex_unlock(&local->mtx); 1201 return; 1202 } 1203 mutex_unlock(&local->chanctx_mtx); 1204 1205 sdata->vif.csa_active = true; 1206 sdata->csa_chandef = csa_ie.chandef; 1207 sdata->csa_block_tx = csa_ie.mode; 1208 1209 if (sdata->csa_block_tx) 1210 ieee80211_stop_vif_queues(local, sdata, 1211 IEEE80211_QUEUE_STOP_REASON_CSA); 1212 mutex_unlock(&local->mtx); 1213 1214 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chandef, 1215 csa_ie.count); 1216 1217 if (local->ops->channel_switch) { 1218 /* use driver's channel switch callback */ 1219 drv_channel_switch(local, sdata, &ch_switch); 1220 return; 1221 } 1222 1223 /* channel switch handled in software */ 1224 if (csa_ie.count <= 1) 1225 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1226 else 1227 mod_timer(&ifmgd->chswitch_timer, 1228 TU_TO_EXP_TIME((csa_ie.count - 1) * 1229 cbss->beacon_interval)); 1230 } 1231 1232 static bool 1233 ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata, 1234 struct ieee80211_channel *channel, 1235 const u8 *country_ie, u8 country_ie_len, 1236 const u8 *pwr_constr_elem, 1237 int *chan_pwr, int *pwr_reduction) 1238 { 1239 struct ieee80211_country_ie_triplet *triplet; 1240 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1241 int i, chan_increment; 1242 bool have_chan_pwr = false; 1243 1244 /* Invalid IE */ 1245 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1246 return false; 1247 1248 triplet = (void *)(country_ie + 3); 1249 country_ie_len -= 3; 1250 1251 switch (channel->band) { 1252 default: 1253 WARN_ON_ONCE(1); 1254 /* fall through */ 1255 case IEEE80211_BAND_2GHZ: 1256 case IEEE80211_BAND_60GHZ: 1257 chan_increment = 1; 1258 break; 1259 case IEEE80211_BAND_5GHZ: 1260 chan_increment = 4; 1261 break; 1262 } 1263 1264 /* find channel */ 1265 while (country_ie_len >= 3) { 1266 u8 first_channel = triplet->chans.first_channel; 1267 1268 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1269 goto next; 1270 1271 for (i = 0; i < triplet->chans.num_channels; i++) { 1272 if (first_channel + i * chan_increment == chan) { 1273 have_chan_pwr = true; 1274 *chan_pwr = triplet->chans.max_power; 1275 break; 1276 } 1277 } 1278 if (have_chan_pwr) 1279 break; 1280 1281 next: 1282 triplet++; 1283 country_ie_len -= 3; 1284 } 1285 1286 if (have_chan_pwr) 1287 *pwr_reduction = *pwr_constr_elem; 1288 return have_chan_pwr; 1289 } 1290 1291 static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata, 1292 struct ieee80211_channel *channel, 1293 const u8 *cisco_dtpc_ie, 1294 int *pwr_level) 1295 { 1296 /* From practical testing, the first data byte of the DTPC element 1297 * seems to contain the requested dBm level, and the CLI on Cisco 1298 * APs clearly state the range is -127 to 127 dBm, which indicates 1299 * a signed byte, although it seemingly never actually goes negative. 1300 * The other byte seems to always be zero. 1301 */ 1302 *pwr_level = (__s8)cisco_dtpc_ie[4]; 1303 } 1304 1305 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1306 struct ieee80211_channel *channel, 1307 struct ieee80211_mgmt *mgmt, 1308 const u8 *country_ie, u8 country_ie_len, 1309 const u8 *pwr_constr_ie, 1310 const u8 *cisco_dtpc_ie) 1311 { 1312 bool has_80211h_pwr = false, has_cisco_pwr = false; 1313 int chan_pwr = 0, pwr_reduction_80211h = 0; 1314 int pwr_level_cisco, pwr_level_80211h; 1315 int new_ap_level; 1316 1317 if (country_ie && pwr_constr_ie && 1318 mgmt->u.probe_resp.capab_info & 1319 cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT)) { 1320 has_80211h_pwr = ieee80211_find_80211h_pwr_constr( 1321 sdata, channel, country_ie, country_ie_len, 1322 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h); 1323 pwr_level_80211h = 1324 max_t(int, 0, chan_pwr - pwr_reduction_80211h); 1325 } 1326 1327 if (cisco_dtpc_ie) { 1328 ieee80211_find_cisco_dtpc( 1329 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco); 1330 has_cisco_pwr = true; 1331 } 1332 1333 if (!has_80211h_pwr && !has_cisco_pwr) 1334 return 0; 1335 1336 /* If we have both 802.11h and Cisco DTPC, apply both limits 1337 * by picking the smallest of the two power levels advertised. 1338 */ 1339 if (has_80211h_pwr && 1340 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) { 1341 sdata_info(sdata, 1342 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1343 pwr_level_80211h, chan_pwr, pwr_reduction_80211h, 1344 sdata->u.mgd.bssid); 1345 new_ap_level = pwr_level_80211h; 1346 } else { /* has_cisco_pwr is always true here. */ 1347 sdata_info(sdata, 1348 "Limiting TX power to %d dBm as advertised by %pM\n", 1349 pwr_level_cisco, sdata->u.mgd.bssid); 1350 new_ap_level = pwr_level_cisco; 1351 } 1352 1353 if (sdata->ap_power_level == new_ap_level) 1354 return 0; 1355 1356 sdata->ap_power_level = new_ap_level; 1357 if (__ieee80211_recalc_txpower(sdata)) 1358 return BSS_CHANGED_TXPOWER; 1359 return 0; 1360 } 1361 1362 /* powersave */ 1363 static void ieee80211_enable_ps(struct ieee80211_local *local, 1364 struct ieee80211_sub_if_data *sdata) 1365 { 1366 struct ieee80211_conf *conf = &local->hw.conf; 1367 1368 /* 1369 * If we are scanning right now then the parameters will 1370 * take effect when scan finishes. 1371 */ 1372 if (local->scanning) 1373 return; 1374 1375 if (conf->dynamic_ps_timeout > 0 && 1376 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1377 mod_timer(&local->dynamic_ps_timer, jiffies + 1378 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1379 } else { 1380 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1381 ieee80211_send_nullfunc(local, sdata, 1); 1382 1383 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1384 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1385 return; 1386 1387 conf->flags |= IEEE80211_CONF_PS; 1388 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1389 } 1390 } 1391 1392 static void ieee80211_change_ps(struct ieee80211_local *local) 1393 { 1394 struct ieee80211_conf *conf = &local->hw.conf; 1395 1396 if (local->ps_sdata) { 1397 ieee80211_enable_ps(local, local->ps_sdata); 1398 } else if (conf->flags & IEEE80211_CONF_PS) { 1399 conf->flags &= ~IEEE80211_CONF_PS; 1400 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1401 del_timer_sync(&local->dynamic_ps_timer); 1402 cancel_work_sync(&local->dynamic_ps_enable_work); 1403 } 1404 } 1405 1406 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1407 { 1408 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1409 struct sta_info *sta = NULL; 1410 bool authorized = false; 1411 1412 if (!mgd->powersave) 1413 return false; 1414 1415 if (mgd->broken_ap) 1416 return false; 1417 1418 if (!mgd->associated) 1419 return false; 1420 1421 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL) 1422 return false; 1423 1424 if (!mgd->have_beacon) 1425 return false; 1426 1427 rcu_read_lock(); 1428 sta = sta_info_get(sdata, mgd->bssid); 1429 if (sta) 1430 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1431 rcu_read_unlock(); 1432 1433 return authorized; 1434 } 1435 1436 /* need to hold RTNL or interface lock */ 1437 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1438 { 1439 struct ieee80211_sub_if_data *sdata, *found = NULL; 1440 int count = 0; 1441 int timeout; 1442 1443 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1444 local->ps_sdata = NULL; 1445 return; 1446 } 1447 1448 list_for_each_entry(sdata, &local->interfaces, list) { 1449 if (!ieee80211_sdata_running(sdata)) 1450 continue; 1451 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1452 /* If an AP vif is found, then disable PS 1453 * by setting the count to zero thereby setting 1454 * ps_sdata to NULL. 1455 */ 1456 count = 0; 1457 break; 1458 } 1459 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1460 continue; 1461 found = sdata; 1462 count++; 1463 } 1464 1465 if (count == 1 && ieee80211_powersave_allowed(found)) { 1466 s32 beaconint_us; 1467 1468 if (latency < 0) 1469 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1470 1471 beaconint_us = ieee80211_tu_to_usec( 1472 found->vif.bss_conf.beacon_int); 1473 1474 timeout = local->dynamic_ps_forced_timeout; 1475 if (timeout < 0) { 1476 /* 1477 * Go to full PSM if the user configures a very low 1478 * latency requirement. 1479 * The 2000 second value is there for compatibility 1480 * until the PM_QOS_NETWORK_LATENCY is configured 1481 * with real values. 1482 */ 1483 if (latency > (1900 * USEC_PER_MSEC) && 1484 latency != (2000 * USEC_PER_SEC)) 1485 timeout = 0; 1486 else 1487 timeout = 100; 1488 } 1489 local->hw.conf.dynamic_ps_timeout = timeout; 1490 1491 if (beaconint_us > latency) { 1492 local->ps_sdata = NULL; 1493 } else { 1494 int maxslp = 1; 1495 u8 dtimper = found->u.mgd.dtim_period; 1496 1497 /* If the TIM IE is invalid, pretend the value is 1 */ 1498 if (!dtimper) 1499 dtimper = 1; 1500 else if (dtimper > 1) 1501 maxslp = min_t(int, dtimper, 1502 latency / beaconint_us); 1503 1504 local->hw.conf.max_sleep_period = maxslp; 1505 local->hw.conf.ps_dtim_period = dtimper; 1506 local->ps_sdata = found; 1507 } 1508 } else { 1509 local->ps_sdata = NULL; 1510 } 1511 1512 ieee80211_change_ps(local); 1513 } 1514 1515 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1516 { 1517 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1518 1519 if (sdata->vif.bss_conf.ps != ps_allowed) { 1520 sdata->vif.bss_conf.ps = ps_allowed; 1521 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1522 } 1523 } 1524 1525 void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1526 { 1527 struct ieee80211_local *local = 1528 container_of(work, struct ieee80211_local, 1529 dynamic_ps_disable_work); 1530 1531 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1532 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1533 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1534 } 1535 1536 ieee80211_wake_queues_by_reason(&local->hw, 1537 IEEE80211_MAX_QUEUE_MAP, 1538 IEEE80211_QUEUE_STOP_REASON_PS, 1539 false); 1540 } 1541 1542 void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1543 { 1544 struct ieee80211_local *local = 1545 container_of(work, struct ieee80211_local, 1546 dynamic_ps_enable_work); 1547 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1548 struct ieee80211_if_managed *ifmgd; 1549 unsigned long flags; 1550 int q; 1551 1552 /* can only happen when PS was just disabled anyway */ 1553 if (!sdata) 1554 return; 1555 1556 ifmgd = &sdata->u.mgd; 1557 1558 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1559 return; 1560 1561 if (local->hw.conf.dynamic_ps_timeout > 0) { 1562 /* don't enter PS if TX frames are pending */ 1563 if (drv_tx_frames_pending(local)) { 1564 mod_timer(&local->dynamic_ps_timer, jiffies + 1565 msecs_to_jiffies( 1566 local->hw.conf.dynamic_ps_timeout)); 1567 return; 1568 } 1569 1570 /* 1571 * transmission can be stopped by others which leads to 1572 * dynamic_ps_timer expiry. Postpone the ps timer if it 1573 * is not the actual idle state. 1574 */ 1575 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1576 for (q = 0; q < local->hw.queues; q++) { 1577 if (local->queue_stop_reasons[q]) { 1578 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1579 flags); 1580 mod_timer(&local->dynamic_ps_timer, jiffies + 1581 msecs_to_jiffies( 1582 local->hw.conf.dynamic_ps_timeout)); 1583 return; 1584 } 1585 } 1586 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1587 } 1588 1589 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1590 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1591 if (drv_tx_frames_pending(local)) { 1592 mod_timer(&local->dynamic_ps_timer, jiffies + 1593 msecs_to_jiffies( 1594 local->hw.conf.dynamic_ps_timeout)); 1595 } else { 1596 ieee80211_send_nullfunc(local, sdata, 1); 1597 /* Flush to get the tx status of nullfunc frame */ 1598 ieee80211_flush_queues(local, sdata); 1599 } 1600 } 1601 1602 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1603 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1604 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1605 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1606 local->hw.conf.flags |= IEEE80211_CONF_PS; 1607 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1608 } 1609 } 1610 1611 void ieee80211_dynamic_ps_timer(unsigned long data) 1612 { 1613 struct ieee80211_local *local = (void *) data; 1614 1615 if (local->quiescing || local->suspended) 1616 return; 1617 1618 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1619 } 1620 1621 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1622 { 1623 struct delayed_work *delayed_work = 1624 container_of(work, struct delayed_work, work); 1625 struct ieee80211_sub_if_data *sdata = 1626 container_of(delayed_work, struct ieee80211_sub_if_data, 1627 dfs_cac_timer_work); 1628 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef; 1629 1630 mutex_lock(&sdata->local->mtx); 1631 if (sdata->wdev.cac_started) { 1632 ieee80211_vif_release_channel(sdata); 1633 cfg80211_cac_event(sdata->dev, &chandef, 1634 NL80211_RADAR_CAC_FINISHED, 1635 GFP_KERNEL); 1636 } 1637 mutex_unlock(&sdata->local->mtx); 1638 } 1639 1640 static bool 1641 __ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 1642 { 1643 struct ieee80211_local *local = sdata->local; 1644 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1645 bool ret; 1646 int ac; 1647 1648 if (local->hw.queues < IEEE80211_NUM_ACS) 1649 return false; 1650 1651 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 1652 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac]; 1653 int non_acm_ac; 1654 unsigned long now = jiffies; 1655 1656 if (tx_tspec->action == TX_TSPEC_ACTION_NONE && 1657 tx_tspec->admitted_time && 1658 time_after(now, tx_tspec->time_slice_start + HZ)) { 1659 tx_tspec->consumed_tx_time = 0; 1660 tx_tspec->time_slice_start = now; 1661 1662 if (tx_tspec->downgraded) 1663 tx_tspec->action = 1664 TX_TSPEC_ACTION_STOP_DOWNGRADE; 1665 } 1666 1667 switch (tx_tspec->action) { 1668 case TX_TSPEC_ACTION_STOP_DOWNGRADE: 1669 /* take the original parameters */ 1670 if (drv_conf_tx(local, sdata, ac, &sdata->tx_conf[ac])) 1671 sdata_err(sdata, 1672 "failed to set TX queue parameters for queue %d\n", 1673 ac); 1674 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1675 tx_tspec->downgraded = false; 1676 ret = true; 1677 break; 1678 case TX_TSPEC_ACTION_DOWNGRADE: 1679 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 1680 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1681 ret = true; 1682 break; 1683 } 1684 /* downgrade next lower non-ACM AC */ 1685 for (non_acm_ac = ac + 1; 1686 non_acm_ac < IEEE80211_NUM_ACS; 1687 non_acm_ac++) 1688 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac))) 1689 break; 1690 /* The loop will result in using BK even if it requires 1691 * admission control, such configuration makes no sense 1692 * and we have to transmit somehow - the AC selection 1693 * does the same thing. 1694 */ 1695 if (drv_conf_tx(local, sdata, ac, 1696 &sdata->tx_conf[non_acm_ac])) 1697 sdata_err(sdata, 1698 "failed to set TX queue parameters for queue %d\n", 1699 ac); 1700 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1701 ret = true; 1702 schedule_delayed_work(&ifmgd->tx_tspec_wk, 1703 tx_tspec->time_slice_start + HZ - now + 1); 1704 break; 1705 case TX_TSPEC_ACTION_NONE: 1706 /* nothing now */ 1707 break; 1708 } 1709 } 1710 1711 return ret; 1712 } 1713 1714 void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 1715 { 1716 if (__ieee80211_sta_handle_tspec_ac_params(sdata)) 1717 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS); 1718 } 1719 1720 static void ieee80211_sta_handle_tspec_ac_params_wk(struct work_struct *work) 1721 { 1722 struct ieee80211_sub_if_data *sdata; 1723 1724 sdata = container_of(work, struct ieee80211_sub_if_data, 1725 u.mgd.tx_tspec_wk.work); 1726 ieee80211_sta_handle_tspec_ac_params(sdata); 1727 } 1728 1729 /* MLME */ 1730 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1731 struct ieee80211_sub_if_data *sdata, 1732 const u8 *wmm_param, size_t wmm_param_len) 1733 { 1734 struct ieee80211_tx_queue_params params; 1735 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1736 size_t left; 1737 int count; 1738 const u8 *pos; 1739 u8 uapsd_queues = 0; 1740 1741 if (!local->ops->conf_tx) 1742 return false; 1743 1744 if (local->hw.queues < IEEE80211_NUM_ACS) 1745 return false; 1746 1747 if (!wmm_param) 1748 return false; 1749 1750 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1751 return false; 1752 1753 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1754 uapsd_queues = ifmgd->uapsd_queues; 1755 1756 count = wmm_param[6] & 0x0f; 1757 if (count == ifmgd->wmm_last_param_set) 1758 return false; 1759 ifmgd->wmm_last_param_set = count; 1760 1761 pos = wmm_param + 8; 1762 left = wmm_param_len - 8; 1763 1764 memset(¶ms, 0, sizeof(params)); 1765 1766 sdata->wmm_acm = 0; 1767 for (; left >= 4; left -= 4, pos += 4) { 1768 int aci = (pos[0] >> 5) & 0x03; 1769 int acm = (pos[0] >> 4) & 0x01; 1770 bool uapsd = false; 1771 int queue; 1772 1773 switch (aci) { 1774 case 1: /* AC_BK */ 1775 queue = 3; 1776 if (acm) 1777 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1778 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1779 uapsd = true; 1780 break; 1781 case 2: /* AC_VI */ 1782 queue = 1; 1783 if (acm) 1784 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1785 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1786 uapsd = true; 1787 break; 1788 case 3: /* AC_VO */ 1789 queue = 0; 1790 if (acm) 1791 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1792 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1793 uapsd = true; 1794 break; 1795 case 0: /* AC_BE */ 1796 default: 1797 queue = 2; 1798 if (acm) 1799 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1800 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1801 uapsd = true; 1802 break; 1803 } 1804 1805 params.aifs = pos[0] & 0x0f; 1806 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1807 params.cw_min = ecw2cw(pos[1] & 0x0f); 1808 params.txop = get_unaligned_le16(pos + 2); 1809 params.acm = acm; 1810 params.uapsd = uapsd; 1811 1812 mlme_dbg(sdata, 1813 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n", 1814 queue, aci, acm, 1815 params.aifs, params.cw_min, params.cw_max, 1816 params.txop, params.uapsd, 1817 ifmgd->tx_tspec[queue].downgraded); 1818 sdata->tx_conf[queue] = params; 1819 if (!ifmgd->tx_tspec[queue].downgraded && 1820 drv_conf_tx(local, sdata, queue, ¶ms)) 1821 sdata_err(sdata, 1822 "failed to set TX queue parameters for queue %d\n", 1823 queue); 1824 } 1825 1826 /* enable WMM or activate new settings */ 1827 sdata->vif.bss_conf.qos = true; 1828 return true; 1829 } 1830 1831 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1832 { 1833 lockdep_assert_held(&sdata->local->mtx); 1834 1835 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL; 1836 ieee80211_run_deferred_scan(sdata->local); 1837 } 1838 1839 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1840 { 1841 mutex_lock(&sdata->local->mtx); 1842 __ieee80211_stop_poll(sdata); 1843 mutex_unlock(&sdata->local->mtx); 1844 } 1845 1846 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1847 u16 capab, bool erp_valid, u8 erp) 1848 { 1849 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1850 u32 changed = 0; 1851 bool use_protection; 1852 bool use_short_preamble; 1853 bool use_short_slot; 1854 1855 if (erp_valid) { 1856 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1857 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1858 } else { 1859 use_protection = false; 1860 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1861 } 1862 1863 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1864 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1865 use_short_slot = true; 1866 1867 if (use_protection != bss_conf->use_cts_prot) { 1868 bss_conf->use_cts_prot = use_protection; 1869 changed |= BSS_CHANGED_ERP_CTS_PROT; 1870 } 1871 1872 if (use_short_preamble != bss_conf->use_short_preamble) { 1873 bss_conf->use_short_preamble = use_short_preamble; 1874 changed |= BSS_CHANGED_ERP_PREAMBLE; 1875 } 1876 1877 if (use_short_slot != bss_conf->use_short_slot) { 1878 bss_conf->use_short_slot = use_short_slot; 1879 changed |= BSS_CHANGED_ERP_SLOT; 1880 } 1881 1882 return changed; 1883 } 1884 1885 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1886 struct cfg80211_bss *cbss, 1887 u32 bss_info_changed) 1888 { 1889 struct ieee80211_bss *bss = (void *)cbss->priv; 1890 struct ieee80211_local *local = sdata->local; 1891 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1892 1893 bss_info_changed |= BSS_CHANGED_ASSOC; 1894 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1895 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1896 1897 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1898 beacon_loss_count * bss_conf->beacon_int)); 1899 1900 sdata->u.mgd.associated = cbss; 1901 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1902 1903 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1904 1905 if (sdata->vif.p2p) { 1906 const struct cfg80211_bss_ies *ies; 1907 1908 rcu_read_lock(); 1909 ies = rcu_dereference(cbss->ies); 1910 if (ies) { 1911 int ret; 1912 1913 ret = cfg80211_get_p2p_attr( 1914 ies->data, ies->len, 1915 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1916 (u8 *) &bss_conf->p2p_noa_attr, 1917 sizeof(bss_conf->p2p_noa_attr)); 1918 if (ret >= 2) { 1919 sdata->u.mgd.p2p_noa_index = 1920 bss_conf->p2p_noa_attr.index; 1921 bss_info_changed |= BSS_CHANGED_P2P_PS; 1922 } 1923 } 1924 rcu_read_unlock(); 1925 } 1926 1927 /* just to be sure */ 1928 ieee80211_stop_poll(sdata); 1929 1930 ieee80211_led_assoc(local, 1); 1931 1932 if (sdata->u.mgd.have_beacon) { 1933 /* 1934 * If the AP is buggy we may get here with no DTIM period 1935 * known, so assume it's 1 which is the only safe assumption 1936 * in that case, although if the TIM IE is broken powersave 1937 * probably just won't work at all. 1938 */ 1939 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1940 bss_conf->beacon_rate = bss->beacon_rate; 1941 bss_info_changed |= BSS_CHANGED_BEACON_INFO; 1942 } else { 1943 bss_conf->beacon_rate = NULL; 1944 bss_conf->dtim_period = 0; 1945 } 1946 1947 bss_conf->assoc = 1; 1948 1949 /* Tell the driver to monitor connection quality (if supported) */ 1950 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1951 bss_conf->cqm_rssi_thold) 1952 bss_info_changed |= BSS_CHANGED_CQM; 1953 1954 /* Enable ARP filtering */ 1955 if (bss_conf->arp_addr_cnt) 1956 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1957 1958 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1959 1960 mutex_lock(&local->iflist_mtx); 1961 ieee80211_recalc_ps(local, -1); 1962 mutex_unlock(&local->iflist_mtx); 1963 1964 ieee80211_recalc_smps(sdata); 1965 ieee80211_recalc_ps_vif(sdata); 1966 1967 netif_carrier_on(sdata->dev); 1968 } 1969 1970 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1971 u16 stype, u16 reason, bool tx, 1972 u8 *frame_buf) 1973 { 1974 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1975 struct ieee80211_local *local = sdata->local; 1976 u32 changed = 0; 1977 1978 sdata_assert_lock(sdata); 1979 1980 if (WARN_ON_ONCE(tx && !frame_buf)) 1981 return; 1982 1983 if (WARN_ON(!ifmgd->associated)) 1984 return; 1985 1986 ieee80211_stop_poll(sdata); 1987 1988 ifmgd->associated = NULL; 1989 netif_carrier_off(sdata->dev); 1990 1991 /* 1992 * if we want to get out of ps before disassoc (why?) we have 1993 * to do it before sending disassoc, as otherwise the null-packet 1994 * won't be valid. 1995 */ 1996 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1997 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1998 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1999 } 2000 local->ps_sdata = NULL; 2001 2002 /* disable per-vif ps */ 2003 ieee80211_recalc_ps_vif(sdata); 2004 2005 /* flush out any pending frame (e.g. DELBA) before deauth/disassoc */ 2006 if (tx) 2007 ieee80211_flush_queues(local, sdata); 2008 2009 /* deauthenticate/disassociate now */ 2010 if (tx || frame_buf) 2011 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 2012 reason, tx, frame_buf); 2013 2014 /* flush out frame */ 2015 if (tx) 2016 ieee80211_flush_queues(local, sdata); 2017 2018 /* clear bssid only after building the needed mgmt frames */ 2019 memset(ifmgd->bssid, 0, ETH_ALEN); 2020 2021 /* remove AP and TDLS peers */ 2022 sta_info_flush(sdata); 2023 2024 /* finally reset all BSS / config parameters */ 2025 changed |= ieee80211_reset_erp_info(sdata); 2026 2027 ieee80211_led_assoc(local, 0); 2028 changed |= BSS_CHANGED_ASSOC; 2029 sdata->vif.bss_conf.assoc = false; 2030 2031 ifmgd->p2p_noa_index = -1; 2032 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 2033 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 2034 2035 /* on the next assoc, re-program HT/VHT parameters */ 2036 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 2037 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 2038 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 2039 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 2040 2041 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 2042 2043 del_timer_sync(&local->dynamic_ps_timer); 2044 cancel_work_sync(&local->dynamic_ps_enable_work); 2045 2046 /* Disable ARP filtering */ 2047 if (sdata->vif.bss_conf.arp_addr_cnt) 2048 changed |= BSS_CHANGED_ARP_FILTER; 2049 2050 sdata->vif.bss_conf.qos = false; 2051 changed |= BSS_CHANGED_QOS; 2052 2053 /* The BSSID (not really interesting) and HT changed */ 2054 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 2055 ieee80211_bss_info_change_notify(sdata, changed); 2056 2057 /* disassociated - set to defaults now */ 2058 ieee80211_set_wmm_default(sdata, false); 2059 2060 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 2061 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 2062 del_timer_sync(&sdata->u.mgd.timer); 2063 del_timer_sync(&sdata->u.mgd.chswitch_timer); 2064 2065 sdata->vif.bss_conf.dtim_period = 0; 2066 sdata->vif.bss_conf.beacon_rate = NULL; 2067 2068 ifmgd->have_beacon = false; 2069 2070 ifmgd->flags = 0; 2071 mutex_lock(&local->mtx); 2072 ieee80211_vif_release_channel(sdata); 2073 2074 sdata->vif.csa_active = false; 2075 ifmgd->csa_waiting_bcn = false; 2076 if (sdata->csa_block_tx) { 2077 ieee80211_wake_vif_queues(local, sdata, 2078 IEEE80211_QUEUE_STOP_REASON_CSA); 2079 sdata->csa_block_tx = false; 2080 } 2081 mutex_unlock(&local->mtx); 2082 2083 /* existing TX TSPEC sessions no longer exist */ 2084 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec)); 2085 cancel_delayed_work_sync(&ifmgd->tx_tspec_wk); 2086 2087 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM; 2088 } 2089 2090 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 2091 struct ieee80211_hdr *hdr) 2092 { 2093 /* 2094 * We can postpone the mgd.timer whenever receiving unicast frames 2095 * from AP because we know that the connection is working both ways 2096 * at that time. But multicast frames (and hence also beacons) must 2097 * be ignored here, because we need to trigger the timer during 2098 * data idle periods for sending the periodic probe request to the 2099 * AP we're connected to. 2100 */ 2101 if (is_multicast_ether_addr(hdr->addr1)) 2102 return; 2103 2104 ieee80211_sta_reset_conn_monitor(sdata); 2105 } 2106 2107 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 2108 { 2109 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2110 struct ieee80211_local *local = sdata->local; 2111 2112 mutex_lock(&local->mtx); 2113 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)) 2114 goto out; 2115 2116 __ieee80211_stop_poll(sdata); 2117 2118 mutex_lock(&local->iflist_mtx); 2119 ieee80211_recalc_ps(local, -1); 2120 mutex_unlock(&local->iflist_mtx); 2121 2122 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 2123 goto out; 2124 2125 /* 2126 * We've received a probe response, but are not sure whether 2127 * we have or will be receiving any beacons or data, so let's 2128 * schedule the timers again, just in case. 2129 */ 2130 ieee80211_sta_reset_beacon_monitor(sdata); 2131 2132 mod_timer(&ifmgd->conn_mon_timer, 2133 round_jiffies_up(jiffies + 2134 IEEE80211_CONNECTION_IDLE_TIME)); 2135 out: 2136 mutex_unlock(&local->mtx); 2137 } 2138 2139 static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata, 2140 struct ieee80211_hdr *hdr, 2141 u16 tx_time) 2142 { 2143 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2144 u16 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK; 2145 int ac = ieee80211_ac_from_tid(tid); 2146 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac]; 2147 unsigned long now = jiffies; 2148 2149 if (likely(!tx_tspec->admitted_time)) 2150 return; 2151 2152 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 2153 tx_tspec->consumed_tx_time = 0; 2154 tx_tspec->time_slice_start = now; 2155 2156 if (tx_tspec->downgraded) { 2157 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE; 2158 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0); 2159 } 2160 } 2161 2162 if (tx_tspec->downgraded) 2163 return; 2164 2165 tx_tspec->consumed_tx_time += tx_time; 2166 2167 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) { 2168 tx_tspec->downgraded = true; 2169 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE; 2170 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0); 2171 } 2172 } 2173 2174 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 2175 struct ieee80211_hdr *hdr, bool ack, u16 tx_time) 2176 { 2177 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time); 2178 2179 if (!ieee80211_is_data(hdr->frame_control)) 2180 return; 2181 2182 if (ieee80211_is_nullfunc(hdr->frame_control) && 2183 sdata->u.mgd.probe_send_count > 0) { 2184 if (ack) 2185 ieee80211_sta_reset_conn_monitor(sdata); 2186 else 2187 sdata->u.mgd.nullfunc_failed = true; 2188 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 2189 return; 2190 } 2191 2192 if (ack) 2193 ieee80211_sta_reset_conn_monitor(sdata); 2194 } 2195 2196 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 2197 { 2198 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2199 const u8 *ssid; 2200 u8 *dst = ifmgd->associated->bssid; 2201 u8 unicast_limit = max(1, max_probe_tries - 3); 2202 2203 /* 2204 * Try sending broadcast probe requests for the last three 2205 * probe requests after the first ones failed since some 2206 * buggy APs only support broadcast probe requests. 2207 */ 2208 if (ifmgd->probe_send_count >= unicast_limit) 2209 dst = NULL; 2210 2211 /* 2212 * When the hardware reports an accurate Tx ACK status, it's 2213 * better to send a nullfunc frame instead of a probe request, 2214 * as it will kick us off the AP quickly if we aren't associated 2215 * anymore. The timeout will be reset if the frame is ACKed by 2216 * the AP. 2217 */ 2218 ifmgd->probe_send_count++; 2219 2220 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 2221 ifmgd->nullfunc_failed = false; 2222 ieee80211_send_nullfunc(sdata->local, sdata, 0); 2223 } else { 2224 int ssid_len; 2225 2226 rcu_read_lock(); 2227 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 2228 if (WARN_ON_ONCE(ssid == NULL)) 2229 ssid_len = 0; 2230 else 2231 ssid_len = ssid[1]; 2232 2233 ieee80211_send_probe_req(sdata, sdata->vif.addr, NULL, 2234 ssid + 2, ssid_len, NULL, 2235 0, (u32) -1, true, 0, 2236 ifmgd->associated->channel, false); 2237 rcu_read_unlock(); 2238 } 2239 2240 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 2241 run_again(sdata, ifmgd->probe_timeout); 2242 } 2243 2244 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 2245 bool beacon) 2246 { 2247 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2248 bool already = false; 2249 2250 if (!ieee80211_sdata_running(sdata)) 2251 return; 2252 2253 sdata_lock(sdata); 2254 2255 if (!ifmgd->associated) 2256 goto out; 2257 2258 mutex_lock(&sdata->local->mtx); 2259 2260 if (sdata->local->tmp_channel || sdata->local->scanning) { 2261 mutex_unlock(&sdata->local->mtx); 2262 goto out; 2263 } 2264 2265 if (beacon) { 2266 mlme_dbg_ratelimited(sdata, 2267 "detected beacon loss from AP (missed %d beacons) - probing\n", 2268 beacon_loss_count); 2269 2270 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL); 2271 } 2272 2273 /* 2274 * The driver/our work has already reported this event or the 2275 * connection monitoring has kicked in and we have already sent 2276 * a probe request. Or maybe the AP died and the driver keeps 2277 * reporting until we disassociate... 2278 * 2279 * In either case we have to ignore the current call to this 2280 * function (except for setting the correct probe reason bit) 2281 * because otherwise we would reset the timer every time and 2282 * never check whether we received a probe response! 2283 */ 2284 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 2285 already = true; 2286 2287 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 2288 2289 mutex_unlock(&sdata->local->mtx); 2290 2291 if (already) 2292 goto out; 2293 2294 mutex_lock(&sdata->local->iflist_mtx); 2295 ieee80211_recalc_ps(sdata->local, -1); 2296 mutex_unlock(&sdata->local->iflist_mtx); 2297 2298 ifmgd->probe_send_count = 0; 2299 ieee80211_mgd_probe_ap_send(sdata); 2300 out: 2301 sdata_unlock(sdata); 2302 } 2303 2304 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 2305 struct ieee80211_vif *vif) 2306 { 2307 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2308 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2309 struct cfg80211_bss *cbss; 2310 struct sk_buff *skb; 2311 const u8 *ssid; 2312 int ssid_len; 2313 2314 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2315 return NULL; 2316 2317 sdata_assert_lock(sdata); 2318 2319 if (ifmgd->associated) 2320 cbss = ifmgd->associated; 2321 else if (ifmgd->auth_data) 2322 cbss = ifmgd->auth_data->bss; 2323 else if (ifmgd->assoc_data) 2324 cbss = ifmgd->assoc_data->bss; 2325 else 2326 return NULL; 2327 2328 rcu_read_lock(); 2329 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 2330 if (WARN_ON_ONCE(ssid == NULL)) 2331 ssid_len = 0; 2332 else 2333 ssid_len = ssid[1]; 2334 2335 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid, 2336 (u32) -1, cbss->channel, 2337 ssid + 2, ssid_len, 2338 NULL, 0, true); 2339 rcu_read_unlock(); 2340 2341 return skb; 2342 } 2343 EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2344 2345 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2346 { 2347 struct ieee80211_local *local = sdata->local; 2348 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2349 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2350 2351 sdata_lock(sdata); 2352 if (!ifmgd->associated) { 2353 sdata_unlock(sdata); 2354 return; 2355 } 2356 2357 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2358 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2359 true, frame_buf); 2360 mutex_lock(&local->mtx); 2361 sdata->vif.csa_active = false; 2362 ifmgd->csa_waiting_bcn = false; 2363 if (sdata->csa_block_tx) { 2364 ieee80211_wake_vif_queues(local, sdata, 2365 IEEE80211_QUEUE_STOP_REASON_CSA); 2366 sdata->csa_block_tx = false; 2367 } 2368 mutex_unlock(&local->mtx); 2369 2370 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 2371 IEEE80211_DEAUTH_FRAME_LEN); 2372 sdata_unlock(sdata); 2373 } 2374 2375 static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2376 { 2377 struct ieee80211_sub_if_data *sdata = 2378 container_of(work, struct ieee80211_sub_if_data, 2379 u.mgd.beacon_connection_loss_work); 2380 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2381 struct sta_info *sta; 2382 2383 if (ifmgd->associated) { 2384 rcu_read_lock(); 2385 sta = sta_info_get(sdata, ifmgd->bssid); 2386 if (sta) 2387 sta->beacon_loss_count++; 2388 rcu_read_unlock(); 2389 } 2390 2391 if (ifmgd->connection_loss) { 2392 sdata_info(sdata, "Connection to AP %pM lost\n", 2393 ifmgd->bssid); 2394 __ieee80211_disconnect(sdata); 2395 } else { 2396 ieee80211_mgd_probe_ap(sdata, true); 2397 } 2398 } 2399 2400 static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2401 { 2402 struct ieee80211_sub_if_data *sdata = 2403 container_of(work, struct ieee80211_sub_if_data, 2404 u.mgd.csa_connection_drop_work); 2405 2406 __ieee80211_disconnect(sdata); 2407 } 2408 2409 void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2410 { 2411 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2412 struct ieee80211_hw *hw = &sdata->local->hw; 2413 2414 trace_api_beacon_loss(sdata); 2415 2416 sdata->u.mgd.connection_loss = false; 2417 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2418 } 2419 EXPORT_SYMBOL(ieee80211_beacon_loss); 2420 2421 void ieee80211_connection_loss(struct ieee80211_vif *vif) 2422 { 2423 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2424 struct ieee80211_hw *hw = &sdata->local->hw; 2425 2426 trace_api_connection_loss(sdata); 2427 2428 sdata->u.mgd.connection_loss = true; 2429 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2430 } 2431 EXPORT_SYMBOL(ieee80211_connection_loss); 2432 2433 2434 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2435 bool assoc) 2436 { 2437 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2438 2439 sdata_assert_lock(sdata); 2440 2441 if (!assoc) { 2442 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2443 2444 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2445 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2446 sdata->u.mgd.flags = 0; 2447 mutex_lock(&sdata->local->mtx); 2448 ieee80211_vif_release_channel(sdata); 2449 mutex_unlock(&sdata->local->mtx); 2450 } 2451 2452 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2453 kfree(auth_data); 2454 sdata->u.mgd.auth_data = NULL; 2455 } 2456 2457 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2458 struct ieee80211_mgmt *mgmt, size_t len) 2459 { 2460 struct ieee80211_local *local = sdata->local; 2461 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2462 u8 *pos; 2463 struct ieee802_11_elems elems; 2464 u32 tx_flags = 0; 2465 2466 pos = mgmt->u.auth.variable; 2467 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2468 if (!elems.challenge) 2469 return; 2470 auth_data->expected_transaction = 4; 2471 drv_mgd_prepare_tx(sdata->local, sdata); 2472 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2473 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2474 IEEE80211_TX_INTFL_MLME_CONN_TX; 2475 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2476 elems.challenge - 2, elems.challenge_len + 2, 2477 auth_data->bss->bssid, auth_data->bss->bssid, 2478 auth_data->key, auth_data->key_len, 2479 auth_data->key_idx, tx_flags); 2480 } 2481 2482 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2483 struct ieee80211_mgmt *mgmt, size_t len) 2484 { 2485 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2486 u8 bssid[ETH_ALEN]; 2487 u16 auth_alg, auth_transaction, status_code; 2488 struct sta_info *sta; 2489 2490 sdata_assert_lock(sdata); 2491 2492 if (len < 24 + 6) 2493 return; 2494 2495 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2496 return; 2497 2498 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2499 2500 if (!ether_addr_equal(bssid, mgmt->bssid)) 2501 return; 2502 2503 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2504 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2505 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2506 2507 if (auth_alg != ifmgd->auth_data->algorithm || 2508 auth_transaction != ifmgd->auth_data->expected_transaction) { 2509 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2510 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2511 auth_transaction, 2512 ifmgd->auth_data->expected_transaction); 2513 return; 2514 } 2515 2516 if (status_code != WLAN_STATUS_SUCCESS) { 2517 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2518 mgmt->sa, status_code); 2519 ieee80211_destroy_auth_data(sdata, false); 2520 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2521 return; 2522 } 2523 2524 switch (ifmgd->auth_data->algorithm) { 2525 case WLAN_AUTH_OPEN: 2526 case WLAN_AUTH_LEAP: 2527 case WLAN_AUTH_FT: 2528 case WLAN_AUTH_SAE: 2529 break; 2530 case WLAN_AUTH_SHARED_KEY: 2531 if (ifmgd->auth_data->expected_transaction != 4) { 2532 ieee80211_auth_challenge(sdata, mgmt, len); 2533 /* need another frame */ 2534 return; 2535 } 2536 break; 2537 default: 2538 WARN_ONCE(1, "invalid auth alg %d", 2539 ifmgd->auth_data->algorithm); 2540 return; 2541 } 2542 2543 sdata_info(sdata, "authenticated\n"); 2544 ifmgd->auth_data->done = true; 2545 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2546 ifmgd->auth_data->timeout_started = true; 2547 run_again(sdata, ifmgd->auth_data->timeout); 2548 2549 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2550 ifmgd->auth_data->expected_transaction != 2) { 2551 /* 2552 * Report auth frame to user space for processing since another 2553 * round of Authentication frames is still needed. 2554 */ 2555 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2556 return; 2557 } 2558 2559 /* move station state to auth */ 2560 mutex_lock(&sdata->local->sta_mtx); 2561 sta = sta_info_get(sdata, bssid); 2562 if (!sta) { 2563 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2564 goto out_err; 2565 } 2566 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2567 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2568 goto out_err; 2569 } 2570 mutex_unlock(&sdata->local->sta_mtx); 2571 2572 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2573 return; 2574 out_err: 2575 mutex_unlock(&sdata->local->sta_mtx); 2576 /* ignore frame -- wait for timeout */ 2577 } 2578 2579 #define case_WLAN(type) \ 2580 case WLAN_REASON_##type: return #type 2581 2582 static const char *ieee80211_get_reason_code_string(u16 reason_code) 2583 { 2584 switch (reason_code) { 2585 case_WLAN(UNSPECIFIED); 2586 case_WLAN(PREV_AUTH_NOT_VALID); 2587 case_WLAN(DEAUTH_LEAVING); 2588 case_WLAN(DISASSOC_DUE_TO_INACTIVITY); 2589 case_WLAN(DISASSOC_AP_BUSY); 2590 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA); 2591 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA); 2592 case_WLAN(DISASSOC_STA_HAS_LEFT); 2593 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH); 2594 case_WLAN(DISASSOC_BAD_POWER); 2595 case_WLAN(DISASSOC_BAD_SUPP_CHAN); 2596 case_WLAN(INVALID_IE); 2597 case_WLAN(MIC_FAILURE); 2598 case_WLAN(4WAY_HANDSHAKE_TIMEOUT); 2599 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT); 2600 case_WLAN(IE_DIFFERENT); 2601 case_WLAN(INVALID_GROUP_CIPHER); 2602 case_WLAN(INVALID_PAIRWISE_CIPHER); 2603 case_WLAN(INVALID_AKMP); 2604 case_WLAN(UNSUPP_RSN_VERSION); 2605 case_WLAN(INVALID_RSN_IE_CAP); 2606 case_WLAN(IEEE8021X_FAILED); 2607 case_WLAN(CIPHER_SUITE_REJECTED); 2608 case_WLAN(DISASSOC_UNSPECIFIED_QOS); 2609 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH); 2610 case_WLAN(DISASSOC_LOW_ACK); 2611 case_WLAN(DISASSOC_QAP_EXCEED_TXOP); 2612 case_WLAN(QSTA_LEAVE_QBSS); 2613 case_WLAN(QSTA_NOT_USE); 2614 case_WLAN(QSTA_REQUIRE_SETUP); 2615 case_WLAN(QSTA_TIMEOUT); 2616 case_WLAN(QSTA_CIPHER_NOT_SUPP); 2617 case_WLAN(MESH_PEER_CANCELED); 2618 case_WLAN(MESH_MAX_PEERS); 2619 case_WLAN(MESH_CONFIG); 2620 case_WLAN(MESH_CLOSE); 2621 case_WLAN(MESH_MAX_RETRIES); 2622 case_WLAN(MESH_CONFIRM_TIMEOUT); 2623 case_WLAN(MESH_INVALID_GTK); 2624 case_WLAN(MESH_INCONSISTENT_PARAM); 2625 case_WLAN(MESH_INVALID_SECURITY); 2626 case_WLAN(MESH_PATH_ERROR); 2627 case_WLAN(MESH_PATH_NOFORWARD); 2628 case_WLAN(MESH_PATH_DEST_UNREACHABLE); 2629 case_WLAN(MAC_EXISTS_IN_MBSS); 2630 case_WLAN(MESH_CHAN_REGULATORY); 2631 case_WLAN(MESH_CHAN); 2632 default: return "<unknown>"; 2633 } 2634 } 2635 2636 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2637 struct ieee80211_mgmt *mgmt, size_t len) 2638 { 2639 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2640 const u8 *bssid = NULL; 2641 u16 reason_code; 2642 2643 sdata_assert_lock(sdata); 2644 2645 if (len < 24 + 2) 2646 return; 2647 2648 if (!ifmgd->associated || 2649 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2650 return; 2651 2652 bssid = ifmgd->associated->bssid; 2653 2654 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2655 2656 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n", 2657 bssid, reason_code, ieee80211_get_reason_code_string(reason_code)); 2658 2659 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2660 2661 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2662 } 2663 2664 2665 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2666 struct ieee80211_mgmt *mgmt, size_t len) 2667 { 2668 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2669 u16 reason_code; 2670 2671 sdata_assert_lock(sdata); 2672 2673 if (len < 24 + 2) 2674 return; 2675 2676 if (!ifmgd->associated || 2677 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2678 return; 2679 2680 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2681 2682 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2683 mgmt->sa, reason_code); 2684 2685 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2686 2687 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2688 } 2689 2690 static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2691 u8 *supp_rates, unsigned int supp_rates_len, 2692 u32 *rates, u32 *basic_rates, 2693 bool *have_higher_than_11mbit, 2694 int *min_rate, int *min_rate_index, 2695 int shift, u32 rate_flags) 2696 { 2697 int i, j; 2698 2699 for (i = 0; i < supp_rates_len; i++) { 2700 int rate = supp_rates[i] & 0x7f; 2701 bool is_basic = !!(supp_rates[i] & 0x80); 2702 2703 if ((rate * 5 * (1 << shift)) > 110) 2704 *have_higher_than_11mbit = true; 2705 2706 /* 2707 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2708 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2709 * 2710 * Note: Even through the membership selector and the basic 2711 * rate flag share the same bit, they are not exactly 2712 * the same. 2713 */ 2714 if (!!(supp_rates[i] & 0x80) && 2715 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2716 continue; 2717 2718 for (j = 0; j < sband->n_bitrates; j++) { 2719 struct ieee80211_rate *br; 2720 int brate; 2721 2722 br = &sband->bitrates[j]; 2723 if ((rate_flags & br->flags) != rate_flags) 2724 continue; 2725 2726 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5); 2727 if (brate == rate) { 2728 *rates |= BIT(j); 2729 if (is_basic) 2730 *basic_rates |= BIT(j); 2731 if ((rate * 5) < *min_rate) { 2732 *min_rate = rate * 5; 2733 *min_rate_index = j; 2734 } 2735 break; 2736 } 2737 } 2738 } 2739 } 2740 2741 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2742 bool assoc) 2743 { 2744 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2745 2746 sdata_assert_lock(sdata); 2747 2748 if (!assoc) { 2749 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2750 2751 memset(sdata->u.mgd.bssid, 0, ETH_ALEN); 2752 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2753 sdata->u.mgd.flags = 0; 2754 mutex_lock(&sdata->local->mtx); 2755 ieee80211_vif_release_channel(sdata); 2756 mutex_unlock(&sdata->local->mtx); 2757 } 2758 2759 kfree(assoc_data); 2760 sdata->u.mgd.assoc_data = NULL; 2761 } 2762 2763 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2764 struct cfg80211_bss *cbss, 2765 struct ieee80211_mgmt *mgmt, size_t len) 2766 { 2767 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2768 struct ieee80211_local *local = sdata->local; 2769 struct ieee80211_supported_band *sband; 2770 struct sta_info *sta; 2771 u8 *pos; 2772 u16 capab_info, aid; 2773 struct ieee802_11_elems elems; 2774 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2775 const struct cfg80211_bss_ies *bss_ies = NULL; 2776 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2777 u32 changed = 0; 2778 int err; 2779 bool ret; 2780 2781 /* AssocResp and ReassocResp have identical structure */ 2782 2783 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2784 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2785 2786 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2787 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2788 aid); 2789 aid &= ~(BIT(15) | BIT(14)); 2790 2791 ifmgd->broken_ap = false; 2792 2793 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2794 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2795 aid); 2796 aid = 0; 2797 ifmgd->broken_ap = true; 2798 } 2799 2800 pos = mgmt->u.assoc_resp.variable; 2801 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2802 2803 if (!elems.supp_rates) { 2804 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2805 return false; 2806 } 2807 2808 ifmgd->aid = aid; 2809 ifmgd->tdls_chan_switch_prohibited = 2810 elems.ext_capab && elems.ext_capab_len >= 5 && 2811 (elems.ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED); 2812 2813 /* 2814 * Some APs are erroneously not including some information in their 2815 * (re)association response frames. Try to recover by using the data 2816 * from the beacon or probe response. This seems to afflict mobile 2817 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 2818 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 2819 */ 2820 if ((assoc_data->wmm && !elems.wmm_param) || 2821 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2822 (!elems.ht_cap_elem || !elems.ht_operation)) || 2823 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2824 (!elems.vht_cap_elem || !elems.vht_operation))) { 2825 const struct cfg80211_bss_ies *ies; 2826 struct ieee802_11_elems bss_elems; 2827 2828 rcu_read_lock(); 2829 ies = rcu_dereference(cbss->ies); 2830 if (ies) 2831 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 2832 GFP_ATOMIC); 2833 rcu_read_unlock(); 2834 if (!bss_ies) 2835 return false; 2836 2837 ieee802_11_parse_elems(bss_ies->data, bss_ies->len, 2838 false, &bss_elems); 2839 if (assoc_data->wmm && 2840 !elems.wmm_param && bss_elems.wmm_param) { 2841 elems.wmm_param = bss_elems.wmm_param; 2842 sdata_info(sdata, 2843 "AP bug: WMM param missing from AssocResp\n"); 2844 } 2845 2846 /* 2847 * Also check if we requested HT/VHT, otherwise the AP doesn't 2848 * have to include the IEs in the (re)association response. 2849 */ 2850 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem && 2851 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2852 elems.ht_cap_elem = bss_elems.ht_cap_elem; 2853 sdata_info(sdata, 2854 "AP bug: HT capability missing from AssocResp\n"); 2855 } 2856 if (!elems.ht_operation && bss_elems.ht_operation && 2857 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2858 elems.ht_operation = bss_elems.ht_operation; 2859 sdata_info(sdata, 2860 "AP bug: HT operation missing from AssocResp\n"); 2861 } 2862 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem && 2863 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2864 elems.vht_cap_elem = bss_elems.vht_cap_elem; 2865 sdata_info(sdata, 2866 "AP bug: VHT capa missing from AssocResp\n"); 2867 } 2868 if (!elems.vht_operation && bss_elems.vht_operation && 2869 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2870 elems.vht_operation = bss_elems.vht_operation; 2871 sdata_info(sdata, 2872 "AP bug: VHT operation missing from AssocResp\n"); 2873 } 2874 } 2875 2876 /* 2877 * We previously checked these in the beacon/probe response, so 2878 * they should be present here. This is just a safety net. 2879 */ 2880 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2881 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2882 sdata_info(sdata, 2883 "HT AP is missing WMM params or HT capability/operation\n"); 2884 ret = false; 2885 goto out; 2886 } 2887 2888 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2889 (!elems.vht_cap_elem || !elems.vht_operation)) { 2890 sdata_info(sdata, 2891 "VHT AP is missing VHT capability/operation\n"); 2892 ret = false; 2893 goto out; 2894 } 2895 2896 mutex_lock(&sdata->local->sta_mtx); 2897 /* 2898 * station info was already allocated and inserted before 2899 * the association and should be available to us 2900 */ 2901 sta = sta_info_get(sdata, cbss->bssid); 2902 if (WARN_ON(!sta)) { 2903 mutex_unlock(&sdata->local->sta_mtx); 2904 ret = false; 2905 goto out; 2906 } 2907 2908 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2909 2910 /* Set up internal HT/VHT capabilities */ 2911 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2912 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2913 elems.ht_cap_elem, sta); 2914 2915 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2916 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2917 elems.vht_cap_elem, sta); 2918 2919 /* 2920 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2921 * in their association response, so ignore that data for our own 2922 * configuration. If it changed since the last beacon, we'll get the 2923 * next beacon and update then. 2924 */ 2925 2926 /* 2927 * If an operating mode notification IE is present, override the 2928 * NSS calculation (that would be done in rate_control_rate_init()) 2929 * and use the # of streams from that element. 2930 */ 2931 if (elems.opmode_notif && 2932 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2933 u8 nss; 2934 2935 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2936 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2937 nss += 1; 2938 sta->sta.rx_nss = nss; 2939 } 2940 2941 rate_control_rate_init(sta); 2942 2943 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) 2944 set_sta_flag(sta, WLAN_STA_MFP); 2945 2946 sta->sta.wme = elems.wmm_param; 2947 2948 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 2949 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 2950 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 2951 if (err) { 2952 sdata_info(sdata, 2953 "failed to move station %pM to desired state\n", 2954 sta->sta.addr); 2955 WARN_ON(__sta_info_destroy(sta)); 2956 mutex_unlock(&sdata->local->sta_mtx); 2957 ret = false; 2958 goto out; 2959 } 2960 2961 mutex_unlock(&sdata->local->sta_mtx); 2962 2963 /* 2964 * Always handle WMM once after association regardless 2965 * of the first value the AP uses. Setting -1 here has 2966 * that effect because the AP values is an unsigned 2967 * 4-bit value. 2968 */ 2969 ifmgd->wmm_last_param_set = -1; 2970 2971 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && elems.wmm_param) 2972 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2973 elems.wmm_param_len); 2974 else 2975 ieee80211_set_wmm_default(sdata, false); 2976 changed |= BSS_CHANGED_QOS; 2977 2978 /* set AID and assoc capability, 2979 * ieee80211_set_associated() will tell the driver */ 2980 bss_conf->aid = aid; 2981 bss_conf->assoc_capability = capab_info; 2982 ieee80211_set_associated(sdata, cbss, changed); 2983 2984 /* 2985 * If we're using 4-addr mode, let the AP know that we're 2986 * doing so, so that it can create the STA VLAN on its side 2987 */ 2988 if (ifmgd->use_4addr) 2989 ieee80211_send_4addr_nullfunc(local, sdata); 2990 2991 /* 2992 * Start timer to probe the connection to the AP now. 2993 * Also start the timer that will detect beacon loss. 2994 */ 2995 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 2996 ieee80211_sta_reset_beacon_monitor(sdata); 2997 2998 ret = true; 2999 out: 3000 kfree(bss_ies); 3001 return ret; 3002 } 3003 3004 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 3005 struct ieee80211_mgmt *mgmt, 3006 size_t len) 3007 { 3008 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3009 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 3010 u16 capab_info, status_code, aid; 3011 struct ieee802_11_elems elems; 3012 int ac, uapsd_queues = -1; 3013 u8 *pos; 3014 bool reassoc; 3015 struct cfg80211_bss *bss; 3016 3017 sdata_assert_lock(sdata); 3018 3019 if (!assoc_data) 3020 return; 3021 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 3022 return; 3023 3024 /* 3025 * AssocResp and ReassocResp have identical structure, so process both 3026 * of them in this function. 3027 */ 3028 3029 if (len < 24 + 6) 3030 return; 3031 3032 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 3033 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 3034 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 3035 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 3036 3037 sdata_info(sdata, 3038 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 3039 reassoc ? "Rea" : "A", mgmt->sa, 3040 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 3041 3042 pos = mgmt->u.assoc_resp.variable; 3043 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 3044 3045 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 3046 elems.timeout_int && 3047 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 3048 u32 tu, ms; 3049 tu = le32_to_cpu(elems.timeout_int->value); 3050 ms = tu * 1024 / 1000; 3051 sdata_info(sdata, 3052 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 3053 mgmt->sa, tu, ms); 3054 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 3055 assoc_data->timeout_started = true; 3056 if (ms > IEEE80211_ASSOC_TIMEOUT) 3057 run_again(sdata, assoc_data->timeout); 3058 return; 3059 } 3060 3061 bss = assoc_data->bss; 3062 3063 if (status_code != WLAN_STATUS_SUCCESS) { 3064 sdata_info(sdata, "%pM denied association (code=%d)\n", 3065 mgmt->sa, status_code); 3066 ieee80211_destroy_assoc_data(sdata, false); 3067 } else { 3068 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) { 3069 /* oops -- internal error -- send timeout for now */ 3070 ieee80211_destroy_assoc_data(sdata, false); 3071 cfg80211_assoc_timeout(sdata->dev, bss); 3072 return; 3073 } 3074 sdata_info(sdata, "associated\n"); 3075 3076 /* 3077 * destroy assoc_data afterwards, as otherwise an idle 3078 * recalc after assoc_data is NULL but before associated 3079 * is set can cause the interface to go idle 3080 */ 3081 ieee80211_destroy_assoc_data(sdata, true); 3082 3083 /* get uapsd queues configuration */ 3084 uapsd_queues = 0; 3085 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) 3086 if (sdata->tx_conf[ac].uapsd) 3087 uapsd_queues |= BIT(ac); 3088 } 3089 3090 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len, uapsd_queues); 3091 } 3092 3093 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 3094 struct ieee80211_mgmt *mgmt, size_t len, 3095 struct ieee80211_rx_status *rx_status, 3096 struct ieee802_11_elems *elems) 3097 { 3098 struct ieee80211_local *local = sdata->local; 3099 struct ieee80211_bss *bss; 3100 struct ieee80211_channel *channel; 3101 3102 sdata_assert_lock(sdata); 3103 3104 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq); 3105 if (!channel) 3106 return; 3107 3108 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 3109 channel); 3110 if (bss) { 3111 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; 3112 ieee80211_rx_bss_put(local, bss); 3113 } 3114 } 3115 3116 3117 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 3118 struct sk_buff *skb) 3119 { 3120 struct ieee80211_mgmt *mgmt = (void *)skb->data; 3121 struct ieee80211_if_managed *ifmgd; 3122 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 3123 size_t baselen, len = skb->len; 3124 struct ieee802_11_elems elems; 3125 3126 ifmgd = &sdata->u.mgd; 3127 3128 sdata_assert_lock(sdata); 3129 3130 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 3131 return; /* ignore ProbeResp to foreign address */ 3132 3133 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 3134 if (baselen > len) 3135 return; 3136 3137 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 3138 false, &elems); 3139 3140 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3141 3142 if (ifmgd->associated && 3143 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 3144 ieee80211_reset_ap_probe(sdata); 3145 3146 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 3147 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 3148 /* got probe response, continue with auth */ 3149 sdata_info(sdata, "direct probe responded\n"); 3150 ifmgd->auth_data->tries = 0; 3151 ifmgd->auth_data->timeout = jiffies; 3152 ifmgd->auth_data->timeout_started = true; 3153 run_again(sdata, ifmgd->auth_data->timeout); 3154 } 3155 } 3156 3157 /* 3158 * This is the canonical list of information elements we care about, 3159 * the filter code also gives us all changes to the Microsoft OUI 3160 * (00:50:F2) vendor IE which is used for WMM which we need to track, 3161 * as well as the DTPC IE (part of the Cisco OUI) used for signaling 3162 * changes to requested client power. 3163 * 3164 * We implement beacon filtering in software since that means we can 3165 * avoid processing the frame here and in cfg80211, and userspace 3166 * will not be able to tell whether the hardware supports it or not. 3167 * 3168 * XXX: This list needs to be dynamic -- userspace needs to be able to 3169 * add items it requires. It also needs to be able to tell us to 3170 * look out for other vendor IEs. 3171 */ 3172 static const u64 care_about_ies = 3173 (1ULL << WLAN_EID_COUNTRY) | 3174 (1ULL << WLAN_EID_ERP_INFO) | 3175 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 3176 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 3177 (1ULL << WLAN_EID_HT_CAPABILITY) | 3178 (1ULL << WLAN_EID_HT_OPERATION); 3179 3180 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 3181 struct ieee80211_mgmt *mgmt, size_t len, 3182 struct ieee80211_rx_status *rx_status) 3183 { 3184 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3185 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 3186 size_t baselen; 3187 struct ieee802_11_elems elems; 3188 struct ieee80211_local *local = sdata->local; 3189 struct ieee80211_chanctx_conf *chanctx_conf; 3190 struct ieee80211_channel *chan; 3191 struct sta_info *sta; 3192 u32 changed = 0; 3193 bool erp_valid; 3194 u8 erp_value = 0; 3195 u32 ncrc; 3196 u8 *bssid; 3197 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3198 3199 sdata_assert_lock(sdata); 3200 3201 /* Process beacon from the current BSS */ 3202 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 3203 if (baselen > len) 3204 return; 3205 3206 rcu_read_lock(); 3207 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 3208 if (!chanctx_conf) { 3209 rcu_read_unlock(); 3210 return; 3211 } 3212 3213 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 3214 rcu_read_unlock(); 3215 return; 3216 } 3217 chan = chanctx_conf->def.chan; 3218 rcu_read_unlock(); 3219 3220 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 3221 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 3222 ieee802_11_parse_elems(mgmt->u.beacon.variable, 3223 len - baselen, false, &elems); 3224 3225 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3226 if (elems.tim && !elems.parse_error) { 3227 const struct ieee80211_tim_ie *tim_ie = elems.tim; 3228 ifmgd->dtim_period = tim_ie->dtim_period; 3229 } 3230 ifmgd->have_beacon = true; 3231 ifmgd->assoc_data->need_beacon = false; 3232 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3233 sdata->vif.bss_conf.sync_tsf = 3234 le64_to_cpu(mgmt->u.beacon.timestamp); 3235 sdata->vif.bss_conf.sync_device_ts = 3236 rx_status->device_timestamp; 3237 if (elems.tim) 3238 sdata->vif.bss_conf.sync_dtim_count = 3239 elems.tim->dtim_count; 3240 else 3241 sdata->vif.bss_conf.sync_dtim_count = 0; 3242 } 3243 /* continue assoc process */ 3244 ifmgd->assoc_data->timeout = jiffies; 3245 ifmgd->assoc_data->timeout_started = true; 3246 run_again(sdata, ifmgd->assoc_data->timeout); 3247 return; 3248 } 3249 3250 if (!ifmgd->associated || 3251 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 3252 return; 3253 bssid = ifmgd->associated->bssid; 3254 3255 /* Track average RSSI from the Beacon frames of the current AP */ 3256 ifmgd->last_beacon_signal = rx_status->signal; 3257 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 3258 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 3259 ifmgd->ave_beacon_signal = rx_status->signal * 16; 3260 ifmgd->last_cqm_event_signal = 0; 3261 ifmgd->count_beacon_signal = 1; 3262 ifmgd->last_ave_beacon_signal = 0; 3263 } else { 3264 ifmgd->ave_beacon_signal = 3265 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 3266 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 3267 ifmgd->ave_beacon_signal) / 16; 3268 ifmgd->count_beacon_signal++; 3269 } 3270 3271 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 3272 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 3273 int sig = ifmgd->ave_beacon_signal; 3274 int last_sig = ifmgd->last_ave_beacon_signal; 3275 3276 /* 3277 * if signal crosses either of the boundaries, invoke callback 3278 * with appropriate parameters 3279 */ 3280 if (sig > ifmgd->rssi_max_thold && 3281 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 3282 ifmgd->last_ave_beacon_signal = sig; 3283 drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH); 3284 } else if (sig < ifmgd->rssi_min_thold && 3285 (last_sig >= ifmgd->rssi_max_thold || 3286 last_sig == 0)) { 3287 ifmgd->last_ave_beacon_signal = sig; 3288 drv_rssi_callback(local, sdata, RSSI_EVENT_LOW); 3289 } 3290 } 3291 3292 if (bss_conf->cqm_rssi_thold && 3293 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 3294 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 3295 int sig = ifmgd->ave_beacon_signal / 16; 3296 int last_event = ifmgd->last_cqm_event_signal; 3297 int thold = bss_conf->cqm_rssi_thold; 3298 int hyst = bss_conf->cqm_rssi_hyst; 3299 if (sig < thold && 3300 (last_event == 0 || sig < last_event - hyst)) { 3301 ifmgd->last_cqm_event_signal = sig; 3302 ieee80211_cqm_rssi_notify( 3303 &sdata->vif, 3304 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 3305 GFP_KERNEL); 3306 } else if (sig > thold && 3307 (last_event == 0 || sig > last_event + hyst)) { 3308 ifmgd->last_cqm_event_signal = sig; 3309 ieee80211_cqm_rssi_notify( 3310 &sdata->vif, 3311 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 3312 GFP_KERNEL); 3313 } 3314 } 3315 3316 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) { 3317 mlme_dbg_ratelimited(sdata, 3318 "cancelling AP probe due to a received beacon\n"); 3319 ieee80211_reset_ap_probe(sdata); 3320 } 3321 3322 /* 3323 * Push the beacon loss detection into the future since 3324 * we are processing a beacon from the AP just now. 3325 */ 3326 ieee80211_sta_reset_beacon_monitor(sdata); 3327 3328 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 3329 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 3330 len - baselen, false, &elems, 3331 care_about_ies, ncrc); 3332 3333 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 3334 bool directed_tim = ieee80211_check_tim(elems.tim, 3335 elems.tim_len, 3336 ifmgd->aid); 3337 if (directed_tim) { 3338 if (local->hw.conf.dynamic_ps_timeout > 0) { 3339 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 3340 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 3341 ieee80211_hw_config(local, 3342 IEEE80211_CONF_CHANGE_PS); 3343 } 3344 ieee80211_send_nullfunc(local, sdata, 0); 3345 } else if (!local->pspolling && sdata->u.mgd.powersave) { 3346 local->pspolling = true; 3347 3348 /* 3349 * Here is assumed that the driver will be 3350 * able to send ps-poll frame and receive a 3351 * response even though power save mode is 3352 * enabled, but some drivers might require 3353 * to disable power save here. This needs 3354 * to be investigated. 3355 */ 3356 ieee80211_send_pspoll(local, sdata); 3357 } 3358 } 3359 } 3360 3361 if (sdata->vif.p2p) { 3362 struct ieee80211_p2p_noa_attr noa = {}; 3363 int ret; 3364 3365 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 3366 len - baselen, 3367 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 3368 (u8 *) &noa, sizeof(noa)); 3369 if (ret >= 2) { 3370 if (sdata->u.mgd.p2p_noa_index != noa.index) { 3371 /* valid noa_attr and index changed */ 3372 sdata->u.mgd.p2p_noa_index = noa.index; 3373 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 3374 changed |= BSS_CHANGED_P2P_PS; 3375 /* 3376 * make sure we update all information, the CRC 3377 * mechanism doesn't look at P2P attributes. 3378 */ 3379 ifmgd->beacon_crc_valid = false; 3380 } 3381 } else if (sdata->u.mgd.p2p_noa_index != -1) { 3382 /* noa_attr not found and we had valid noa_attr before */ 3383 sdata->u.mgd.p2p_noa_index = -1; 3384 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 3385 changed |= BSS_CHANGED_P2P_PS; 3386 ifmgd->beacon_crc_valid = false; 3387 } 3388 } 3389 3390 if (ifmgd->csa_waiting_bcn) 3391 ieee80211_chswitch_post_beacon(sdata); 3392 3393 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 3394 return; 3395 ifmgd->beacon_crc = ncrc; 3396 ifmgd->beacon_crc_valid = true; 3397 3398 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3399 3400 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 3401 rx_status->device_timestamp, 3402 &elems, true); 3403 3404 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && 3405 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 3406 elems.wmm_param_len)) 3407 changed |= BSS_CHANGED_QOS; 3408 3409 /* 3410 * If we haven't had a beacon before, tell the driver about the 3411 * DTIM period (and beacon timing if desired) now. 3412 */ 3413 if (!ifmgd->have_beacon) { 3414 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 3415 if (elems.tim) 3416 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 3417 else 3418 bss_conf->dtim_period = 1; 3419 3420 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3421 sdata->vif.bss_conf.sync_tsf = 3422 le64_to_cpu(mgmt->u.beacon.timestamp); 3423 sdata->vif.bss_conf.sync_device_ts = 3424 rx_status->device_timestamp; 3425 if (elems.tim) 3426 sdata->vif.bss_conf.sync_dtim_count = 3427 elems.tim->dtim_count; 3428 else 3429 sdata->vif.bss_conf.sync_dtim_count = 0; 3430 } 3431 3432 changed |= BSS_CHANGED_BEACON_INFO; 3433 ifmgd->have_beacon = true; 3434 3435 mutex_lock(&local->iflist_mtx); 3436 ieee80211_recalc_ps(local, -1); 3437 mutex_unlock(&local->iflist_mtx); 3438 3439 ieee80211_recalc_ps_vif(sdata); 3440 } 3441 3442 if (elems.erp_info) { 3443 erp_valid = true; 3444 erp_value = elems.erp_info[0]; 3445 } else { 3446 erp_valid = false; 3447 } 3448 changed |= ieee80211_handle_bss_capability(sdata, 3449 le16_to_cpu(mgmt->u.beacon.capab_info), 3450 erp_valid, erp_value); 3451 3452 mutex_lock(&local->sta_mtx); 3453 sta = sta_info_get(sdata, bssid); 3454 3455 if (ieee80211_config_bw(sdata, sta, 3456 elems.ht_cap_elem, elems.ht_operation, 3457 elems.vht_operation, bssid, &changed)) { 3458 mutex_unlock(&local->sta_mtx); 3459 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3460 WLAN_REASON_DEAUTH_LEAVING, 3461 true, deauth_buf); 3462 cfg80211_tx_mlme_mgmt(sdata->dev, deauth_buf, 3463 sizeof(deauth_buf)); 3464 return; 3465 } 3466 3467 if (sta && elems.opmode_notif) 3468 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3469 rx_status->band, true); 3470 mutex_unlock(&local->sta_mtx); 3471 3472 changed |= ieee80211_handle_pwr_constr(sdata, chan, mgmt, 3473 elems.country_elem, 3474 elems.country_elem_len, 3475 elems.pwr_constr_elem, 3476 elems.cisco_dtpc_elem); 3477 3478 ieee80211_bss_info_change_notify(sdata, changed); 3479 } 3480 3481 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3482 struct sk_buff *skb) 3483 { 3484 struct ieee80211_rx_status *rx_status; 3485 struct ieee80211_mgmt *mgmt; 3486 u16 fc; 3487 struct ieee802_11_elems elems; 3488 int ies_len; 3489 3490 rx_status = (struct ieee80211_rx_status *) skb->cb; 3491 mgmt = (struct ieee80211_mgmt *) skb->data; 3492 fc = le16_to_cpu(mgmt->frame_control); 3493 3494 sdata_lock(sdata); 3495 3496 switch (fc & IEEE80211_FCTL_STYPE) { 3497 case IEEE80211_STYPE_BEACON: 3498 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status); 3499 break; 3500 case IEEE80211_STYPE_PROBE_RESP: 3501 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3502 break; 3503 case IEEE80211_STYPE_AUTH: 3504 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3505 break; 3506 case IEEE80211_STYPE_DEAUTH: 3507 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3508 break; 3509 case IEEE80211_STYPE_DISASSOC: 3510 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3511 break; 3512 case IEEE80211_STYPE_ASSOC_RESP: 3513 case IEEE80211_STYPE_REASSOC_RESP: 3514 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 3515 break; 3516 case IEEE80211_STYPE_ACTION: 3517 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 3518 ies_len = skb->len - 3519 offsetof(struct ieee80211_mgmt, 3520 u.action.u.chan_switch.variable); 3521 3522 if (ies_len < 0) 3523 break; 3524 3525 ieee802_11_parse_elems( 3526 mgmt->u.action.u.chan_switch.variable, 3527 ies_len, true, &elems); 3528 3529 if (elems.parse_error) 3530 break; 3531 3532 ieee80211_sta_process_chanswitch(sdata, 3533 rx_status->mactime, 3534 rx_status->device_timestamp, 3535 &elems, false); 3536 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3537 ies_len = skb->len - 3538 offsetof(struct ieee80211_mgmt, 3539 u.action.u.ext_chan_switch.variable); 3540 3541 if (ies_len < 0) 3542 break; 3543 3544 ieee802_11_parse_elems( 3545 mgmt->u.action.u.ext_chan_switch.variable, 3546 ies_len, true, &elems); 3547 3548 if (elems.parse_error) 3549 break; 3550 3551 /* for the handling code pretend this was also an IE */ 3552 elems.ext_chansw_ie = 3553 &mgmt->u.action.u.ext_chan_switch.data; 3554 3555 ieee80211_sta_process_chanswitch(sdata, 3556 rx_status->mactime, 3557 rx_status->device_timestamp, 3558 &elems, false); 3559 } 3560 break; 3561 } 3562 sdata_unlock(sdata); 3563 } 3564 3565 static void ieee80211_sta_timer(unsigned long data) 3566 { 3567 struct ieee80211_sub_if_data *sdata = 3568 (struct ieee80211_sub_if_data *) data; 3569 3570 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3571 } 3572 3573 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3574 u8 *bssid, u8 reason, bool tx) 3575 { 3576 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3577 3578 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3579 tx, frame_buf); 3580 3581 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3582 IEEE80211_DEAUTH_FRAME_LEN); 3583 } 3584 3585 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3586 { 3587 struct ieee80211_local *local = sdata->local; 3588 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3589 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3590 u32 tx_flags = 0; 3591 3592 sdata_assert_lock(sdata); 3593 3594 if (WARN_ON_ONCE(!auth_data)) 3595 return -EINVAL; 3596 3597 auth_data->tries++; 3598 3599 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3600 sdata_info(sdata, "authentication with %pM timed out\n", 3601 auth_data->bss->bssid); 3602 3603 /* 3604 * Most likely AP is not in the range so remove the 3605 * bss struct for that AP. 3606 */ 3607 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3608 3609 return -ETIMEDOUT; 3610 } 3611 3612 drv_mgd_prepare_tx(local, sdata); 3613 3614 if (auth_data->bss->proberesp_ies) { 3615 u16 trans = 1; 3616 u16 status = 0; 3617 3618 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3619 auth_data->bss->bssid, auth_data->tries, 3620 IEEE80211_AUTH_MAX_TRIES); 3621 3622 auth_data->expected_transaction = 2; 3623 3624 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3625 trans = auth_data->sae_trans; 3626 status = auth_data->sae_status; 3627 auth_data->expected_transaction = trans; 3628 } 3629 3630 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3631 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3632 IEEE80211_TX_INTFL_MLME_CONN_TX; 3633 3634 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3635 auth_data->data, auth_data->data_len, 3636 auth_data->bss->bssid, 3637 auth_data->bss->bssid, NULL, 0, 0, 3638 tx_flags); 3639 } else { 3640 const u8 *ssidie; 3641 3642 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3643 auth_data->bss->bssid, auth_data->tries, 3644 IEEE80211_AUTH_MAX_TRIES); 3645 3646 rcu_read_lock(); 3647 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3648 if (!ssidie) { 3649 rcu_read_unlock(); 3650 return -EINVAL; 3651 } 3652 /* 3653 * Direct probe is sent to broadcast address as some APs 3654 * will not answer to direct packet in unassociated state. 3655 */ 3656 ieee80211_send_probe_req(sdata, sdata->vif.addr, NULL, 3657 ssidie + 2, ssidie[1], 3658 NULL, 0, (u32) -1, true, 0, 3659 auth_data->bss->channel, false); 3660 rcu_read_unlock(); 3661 } 3662 3663 if (tx_flags == 0) { 3664 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3665 auth_data->timeout_started = true; 3666 run_again(sdata, auth_data->timeout); 3667 } else { 3668 auth_data->timeout = 3669 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); 3670 auth_data->timeout_started = true; 3671 run_again(sdata, auth_data->timeout); 3672 } 3673 3674 return 0; 3675 } 3676 3677 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3678 { 3679 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3680 struct ieee80211_local *local = sdata->local; 3681 3682 sdata_assert_lock(sdata); 3683 3684 assoc_data->tries++; 3685 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3686 sdata_info(sdata, "association with %pM timed out\n", 3687 assoc_data->bss->bssid); 3688 3689 /* 3690 * Most likely AP is not in the range so remove the 3691 * bss struct for that AP. 3692 */ 3693 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3694 3695 return -ETIMEDOUT; 3696 } 3697 3698 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3699 assoc_data->bss->bssid, assoc_data->tries, 3700 IEEE80211_ASSOC_MAX_TRIES); 3701 ieee80211_send_assoc(sdata); 3702 3703 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3704 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3705 assoc_data->timeout_started = true; 3706 run_again(sdata, assoc_data->timeout); 3707 } else { 3708 assoc_data->timeout = 3709 round_jiffies_up(jiffies + 3710 IEEE80211_ASSOC_TIMEOUT_LONG); 3711 assoc_data->timeout_started = true; 3712 run_again(sdata, assoc_data->timeout); 3713 } 3714 3715 return 0; 3716 } 3717 3718 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3719 __le16 fc, bool acked) 3720 { 3721 struct ieee80211_local *local = sdata->local; 3722 3723 sdata->u.mgd.status_fc = fc; 3724 sdata->u.mgd.status_acked = acked; 3725 sdata->u.mgd.status_received = true; 3726 3727 ieee80211_queue_work(&local->hw, &sdata->work); 3728 } 3729 3730 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3731 { 3732 struct ieee80211_local *local = sdata->local; 3733 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3734 3735 sdata_lock(sdata); 3736 3737 if (ifmgd->status_received) { 3738 __le16 fc = ifmgd->status_fc; 3739 bool status_acked = ifmgd->status_acked; 3740 3741 ifmgd->status_received = false; 3742 if (ifmgd->auth_data && 3743 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3744 if (status_acked) { 3745 ifmgd->auth_data->timeout = 3746 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3747 run_again(sdata, ifmgd->auth_data->timeout); 3748 } else { 3749 ifmgd->auth_data->timeout = jiffies - 1; 3750 } 3751 ifmgd->auth_data->timeout_started = true; 3752 } else if (ifmgd->assoc_data && 3753 (ieee80211_is_assoc_req(fc) || 3754 ieee80211_is_reassoc_req(fc))) { 3755 if (status_acked) { 3756 ifmgd->assoc_data->timeout = 3757 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3758 run_again(sdata, ifmgd->assoc_data->timeout); 3759 } else { 3760 ifmgd->assoc_data->timeout = jiffies - 1; 3761 } 3762 ifmgd->assoc_data->timeout_started = true; 3763 } 3764 } 3765 3766 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3767 time_after(jiffies, ifmgd->auth_data->timeout)) { 3768 if (ifmgd->auth_data->done) { 3769 /* 3770 * ok ... we waited for assoc but userspace didn't, 3771 * so let's just kill the auth data 3772 */ 3773 ieee80211_destroy_auth_data(sdata, false); 3774 } else if (ieee80211_probe_auth(sdata)) { 3775 u8 bssid[ETH_ALEN]; 3776 3777 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3778 3779 ieee80211_destroy_auth_data(sdata, false); 3780 3781 cfg80211_auth_timeout(sdata->dev, bssid); 3782 } 3783 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3784 run_again(sdata, ifmgd->auth_data->timeout); 3785 3786 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3787 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3788 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) || 3789 ieee80211_do_assoc(sdata)) { 3790 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 3791 3792 ieee80211_destroy_assoc_data(sdata, false); 3793 cfg80211_assoc_timeout(sdata->dev, bss); 3794 } 3795 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3796 run_again(sdata, ifmgd->assoc_data->timeout); 3797 3798 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL && 3799 ifmgd->associated) { 3800 u8 bssid[ETH_ALEN]; 3801 int max_tries; 3802 3803 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3804 3805 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3806 max_tries = max_nullfunc_tries; 3807 else 3808 max_tries = max_probe_tries; 3809 3810 /* ACK received for nullfunc probing frame */ 3811 if (!ifmgd->probe_send_count) 3812 ieee80211_reset_ap_probe(sdata); 3813 else if (ifmgd->nullfunc_failed) { 3814 if (ifmgd->probe_send_count < max_tries) { 3815 mlme_dbg(sdata, 3816 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3817 bssid, ifmgd->probe_send_count, 3818 max_tries); 3819 ieee80211_mgd_probe_ap_send(sdata); 3820 } else { 3821 mlme_dbg(sdata, 3822 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3823 bssid); 3824 ieee80211_sta_connection_lost(sdata, bssid, 3825 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3826 false); 3827 } 3828 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3829 run_again(sdata, ifmgd->probe_timeout); 3830 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3831 mlme_dbg(sdata, 3832 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3833 bssid, probe_wait_ms); 3834 ieee80211_sta_connection_lost(sdata, bssid, 3835 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3836 } else if (ifmgd->probe_send_count < max_tries) { 3837 mlme_dbg(sdata, 3838 "No probe response from AP %pM after %dms, try %d/%i\n", 3839 bssid, probe_wait_ms, 3840 ifmgd->probe_send_count, max_tries); 3841 ieee80211_mgd_probe_ap_send(sdata); 3842 } else { 3843 /* 3844 * We actually lost the connection ... or did we? 3845 * Let's make sure! 3846 */ 3847 wiphy_debug(local->hw.wiphy, 3848 "%s: No probe response from AP %pM" 3849 " after %dms, disconnecting.\n", 3850 sdata->name, 3851 bssid, probe_wait_ms); 3852 3853 ieee80211_sta_connection_lost(sdata, bssid, 3854 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3855 } 3856 } 3857 3858 sdata_unlock(sdata); 3859 } 3860 3861 static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3862 { 3863 struct ieee80211_sub_if_data *sdata = 3864 (struct ieee80211_sub_if_data *) data; 3865 struct ieee80211_local *local = sdata->local; 3866 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3867 3868 if (local->quiescing) 3869 return; 3870 3871 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) 3872 return; 3873 3874 sdata->u.mgd.connection_loss = false; 3875 ieee80211_queue_work(&sdata->local->hw, 3876 &sdata->u.mgd.beacon_connection_loss_work); 3877 } 3878 3879 static void ieee80211_sta_conn_mon_timer(unsigned long data) 3880 { 3881 struct ieee80211_sub_if_data *sdata = 3882 (struct ieee80211_sub_if_data *) data; 3883 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3884 struct ieee80211_local *local = sdata->local; 3885 3886 if (local->quiescing) 3887 return; 3888 3889 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) 3890 return; 3891 3892 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3893 } 3894 3895 static void ieee80211_sta_monitor_work(struct work_struct *work) 3896 { 3897 struct ieee80211_sub_if_data *sdata = 3898 container_of(work, struct ieee80211_sub_if_data, 3899 u.mgd.monitor_work); 3900 3901 ieee80211_mgd_probe_ap(sdata, false); 3902 } 3903 3904 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3905 { 3906 u32 flags; 3907 3908 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3909 __ieee80211_stop_poll(sdata); 3910 3911 /* let's probe the connection once */ 3912 flags = sdata->local->hw.flags; 3913 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 3914 ieee80211_queue_work(&sdata->local->hw, 3915 &sdata->u.mgd.monitor_work); 3916 /* and do all the other regular work too */ 3917 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3918 } 3919 } 3920 3921 #ifdef CONFIG_PM 3922 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata) 3923 { 3924 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3925 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3926 3927 sdata_lock(sdata); 3928 3929 if (ifmgd->auth_data || ifmgd->assoc_data) { 3930 const u8 *bssid = ifmgd->auth_data ? 3931 ifmgd->auth_data->bss->bssid : 3932 ifmgd->assoc_data->bss->bssid; 3933 3934 /* 3935 * If we are trying to authenticate / associate while suspending, 3936 * cfg80211 won't know and won't actually abort those attempts, 3937 * thus we need to do that ourselves. 3938 */ 3939 ieee80211_send_deauth_disassoc(sdata, bssid, 3940 IEEE80211_STYPE_DEAUTH, 3941 WLAN_REASON_DEAUTH_LEAVING, 3942 false, frame_buf); 3943 if (ifmgd->assoc_data) 3944 ieee80211_destroy_assoc_data(sdata, false); 3945 if (ifmgd->auth_data) 3946 ieee80211_destroy_auth_data(sdata, false); 3947 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 3948 IEEE80211_DEAUTH_FRAME_LEN); 3949 } 3950 3951 sdata_unlock(sdata); 3952 } 3953 3954 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 3955 { 3956 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3957 3958 sdata_lock(sdata); 3959 if (!ifmgd->associated) { 3960 sdata_unlock(sdata); 3961 return; 3962 } 3963 3964 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 3965 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 3966 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 3967 ieee80211_sta_connection_lost(sdata, 3968 ifmgd->associated->bssid, 3969 WLAN_REASON_UNSPECIFIED, 3970 true); 3971 sdata_unlock(sdata); 3972 return; 3973 } 3974 sdata_unlock(sdata); 3975 } 3976 #endif 3977 3978 /* interface setup */ 3979 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 3980 { 3981 struct ieee80211_if_managed *ifmgd; 3982 3983 ifmgd = &sdata->u.mgd; 3984 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 3985 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 3986 INIT_WORK(&ifmgd->beacon_connection_loss_work, 3987 ieee80211_beacon_connection_loss_work); 3988 INIT_WORK(&ifmgd->csa_connection_drop_work, 3989 ieee80211_csa_connection_drop_work); 3990 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work); 3991 INIT_DELAYED_WORK(&ifmgd->tdls_peer_del_work, 3992 ieee80211_tdls_peer_del_work); 3993 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 3994 (unsigned long) sdata); 3995 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 3996 (unsigned long) sdata); 3997 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 3998 (unsigned long) sdata); 3999 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 4000 (unsigned long) sdata); 4001 INIT_DELAYED_WORK(&ifmgd->tx_tspec_wk, 4002 ieee80211_sta_handle_tspec_ac_params_wk); 4003 4004 ifmgd->flags = 0; 4005 ifmgd->powersave = sdata->wdev.ps; 4006 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 4007 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 4008 ifmgd->p2p_noa_index = -1; 4009 4010 if (sdata->local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS) 4011 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 4012 else 4013 ifmgd->req_smps = IEEE80211_SMPS_OFF; 4014 4015 /* Setup TDLS data */ 4016 spin_lock_init(&ifmgd->teardown_lock); 4017 ifmgd->teardown_skb = NULL; 4018 ifmgd->orig_teardown_skb = NULL; 4019 } 4020 4021 /* scan finished notification */ 4022 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 4023 { 4024 struct ieee80211_sub_if_data *sdata; 4025 4026 /* Restart STA timers */ 4027 rcu_read_lock(); 4028 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 4029 if (ieee80211_sdata_running(sdata)) 4030 ieee80211_restart_sta_timer(sdata); 4031 } 4032 rcu_read_unlock(); 4033 } 4034 4035 int ieee80211_max_network_latency(struct notifier_block *nb, 4036 unsigned long data, void *dummy) 4037 { 4038 s32 latency_usec = (s32) data; 4039 struct ieee80211_local *local = 4040 container_of(nb, struct ieee80211_local, 4041 network_latency_notifier); 4042 4043 mutex_lock(&local->iflist_mtx); 4044 ieee80211_recalc_ps(local, latency_usec); 4045 mutex_unlock(&local->iflist_mtx); 4046 4047 return NOTIFY_OK; 4048 } 4049 4050 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 4051 struct cfg80211_bss *cbss) 4052 { 4053 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4054 const u8 *ht_cap_ie, *vht_cap_ie; 4055 const struct ieee80211_ht_cap *ht_cap; 4056 const struct ieee80211_vht_cap *vht_cap; 4057 u8 chains = 1; 4058 4059 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 4060 return chains; 4061 4062 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 4063 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 4064 ht_cap = (void *)(ht_cap_ie + 2); 4065 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 4066 /* 4067 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 4068 * "Tx Unequal Modulation Supported" fields. 4069 */ 4070 } 4071 4072 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 4073 return chains; 4074 4075 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 4076 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 4077 u8 nss; 4078 u16 tx_mcs_map; 4079 4080 vht_cap = (void *)(vht_cap_ie + 2); 4081 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 4082 for (nss = 8; nss > 0; nss--) { 4083 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 4084 IEEE80211_VHT_MCS_NOT_SUPPORTED) 4085 break; 4086 } 4087 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 4088 chains = max(chains, nss); 4089 } 4090 4091 return chains; 4092 } 4093 4094 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 4095 struct cfg80211_bss *cbss) 4096 { 4097 struct ieee80211_local *local = sdata->local; 4098 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4099 const struct ieee80211_ht_cap *ht_cap = NULL; 4100 const struct ieee80211_ht_operation *ht_oper = NULL; 4101 const struct ieee80211_vht_operation *vht_oper = NULL; 4102 struct ieee80211_supported_band *sband; 4103 struct cfg80211_chan_def chandef; 4104 int ret; 4105 4106 sband = local->hw.wiphy->bands[cbss->channel->band]; 4107 4108 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 4109 IEEE80211_STA_DISABLE_80P80MHZ | 4110 IEEE80211_STA_DISABLE_160MHZ); 4111 4112 rcu_read_lock(); 4113 4114 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 4115 sband->ht_cap.ht_supported) { 4116 const u8 *ht_oper_ie, *ht_cap_ie; 4117 4118 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 4119 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 4120 ht_oper = (void *)(ht_oper_ie + 2); 4121 4122 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 4123 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) 4124 ht_cap = (void *)(ht_cap_ie + 2); 4125 4126 if (!ht_cap) { 4127 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4128 ht_oper = NULL; 4129 } 4130 } 4131 4132 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 4133 sband->vht_cap.vht_supported) { 4134 const u8 *vht_oper_ie, *vht_cap; 4135 4136 vht_oper_ie = ieee80211_bss_get_ie(cbss, 4137 WLAN_EID_VHT_OPERATION); 4138 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 4139 vht_oper = (void *)(vht_oper_ie + 2); 4140 if (vht_oper && !ht_oper) { 4141 vht_oper = NULL; 4142 sdata_info(sdata, 4143 "AP advertised VHT without HT, disabling both\n"); 4144 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4145 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4146 } 4147 4148 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 4149 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 4150 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4151 vht_oper = NULL; 4152 } 4153 } 4154 4155 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 4156 cbss->channel, 4157 ht_cap, ht_oper, vht_oper, 4158 &chandef, false); 4159 4160 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 4161 local->rx_chains); 4162 4163 rcu_read_unlock(); 4164 4165 /* will change later if needed */ 4166 sdata->smps_mode = IEEE80211_SMPS_OFF; 4167 4168 mutex_lock(&local->mtx); 4169 /* 4170 * If this fails (possibly due to channel context sharing 4171 * on incompatible channels, e.g. 80+80 and 160 sharing the 4172 * same control channel) try to use a smaller bandwidth. 4173 */ 4174 ret = ieee80211_vif_use_channel(sdata, &chandef, 4175 IEEE80211_CHANCTX_SHARED); 4176 4177 /* don't downgrade for 5 and 10 MHz channels, though. */ 4178 if (chandef.width == NL80211_CHAN_WIDTH_5 || 4179 chandef.width == NL80211_CHAN_WIDTH_10) 4180 goto out; 4181 4182 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 4183 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef); 4184 ret = ieee80211_vif_use_channel(sdata, &chandef, 4185 IEEE80211_CHANCTX_SHARED); 4186 } 4187 out: 4188 mutex_unlock(&local->mtx); 4189 return ret; 4190 } 4191 4192 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 4193 struct cfg80211_bss *cbss, bool assoc) 4194 { 4195 struct ieee80211_local *local = sdata->local; 4196 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4197 struct ieee80211_bss *bss = (void *)cbss->priv; 4198 struct sta_info *new_sta = NULL; 4199 bool have_sta = false; 4200 int err; 4201 4202 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 4203 return -EINVAL; 4204 4205 if (assoc) { 4206 rcu_read_lock(); 4207 have_sta = sta_info_get(sdata, cbss->bssid); 4208 rcu_read_unlock(); 4209 } 4210 4211 if (!have_sta) { 4212 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 4213 if (!new_sta) 4214 return -ENOMEM; 4215 } 4216 if (new_sta) { 4217 u32 rates = 0, basic_rates = 0; 4218 bool have_higher_than_11mbit; 4219 int min_rate = INT_MAX, min_rate_index = -1; 4220 struct ieee80211_chanctx_conf *chanctx_conf; 4221 struct ieee80211_supported_band *sband; 4222 const struct cfg80211_bss_ies *ies; 4223 int shift; 4224 u32 rate_flags; 4225 4226 sband = local->hw.wiphy->bands[cbss->channel->band]; 4227 4228 err = ieee80211_prep_channel(sdata, cbss); 4229 if (err) { 4230 sta_info_free(local, new_sta); 4231 return -EINVAL; 4232 } 4233 shift = ieee80211_vif_get_shift(&sdata->vif); 4234 4235 rcu_read_lock(); 4236 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 4237 if (WARN_ON(!chanctx_conf)) { 4238 rcu_read_unlock(); 4239 sta_info_free(local, new_sta); 4240 return -EINVAL; 4241 } 4242 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 4243 rcu_read_unlock(); 4244 4245 ieee80211_get_rates(sband, bss->supp_rates, 4246 bss->supp_rates_len, 4247 &rates, &basic_rates, 4248 &have_higher_than_11mbit, 4249 &min_rate, &min_rate_index, 4250 shift, rate_flags); 4251 4252 /* 4253 * This used to be a workaround for basic rates missing 4254 * in the association response frame. Now that we no 4255 * longer use the basic rates from there, it probably 4256 * doesn't happen any more, but keep the workaround so 4257 * in case some *other* APs are buggy in different ways 4258 * we can connect -- with a warning. 4259 */ 4260 if (!basic_rates && min_rate_index >= 0) { 4261 sdata_info(sdata, 4262 "No basic rates, using min rate instead\n"); 4263 basic_rates = BIT(min_rate_index); 4264 } 4265 4266 new_sta->sta.supp_rates[cbss->channel->band] = rates; 4267 sdata->vif.bss_conf.basic_rates = basic_rates; 4268 4269 /* cf. IEEE 802.11 9.2.12 */ 4270 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 4271 have_higher_than_11mbit) 4272 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 4273 else 4274 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 4275 4276 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 4277 4278 /* set timing information */ 4279 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 4280 rcu_read_lock(); 4281 ies = rcu_dereference(cbss->beacon_ies); 4282 if (ies) { 4283 const u8 *tim_ie; 4284 4285 sdata->vif.bss_conf.sync_tsf = ies->tsf; 4286 sdata->vif.bss_conf.sync_device_ts = 4287 bss->device_ts_beacon; 4288 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4289 ies->data, ies->len); 4290 if (tim_ie && tim_ie[1] >= 2) 4291 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 4292 else 4293 sdata->vif.bss_conf.sync_dtim_count = 0; 4294 } else if (!(local->hw.flags & 4295 IEEE80211_HW_TIMING_BEACON_ONLY)) { 4296 ies = rcu_dereference(cbss->proberesp_ies); 4297 /* must be non-NULL since beacon IEs were NULL */ 4298 sdata->vif.bss_conf.sync_tsf = ies->tsf; 4299 sdata->vif.bss_conf.sync_device_ts = 4300 bss->device_ts_presp; 4301 sdata->vif.bss_conf.sync_dtim_count = 0; 4302 } else { 4303 sdata->vif.bss_conf.sync_tsf = 0; 4304 sdata->vif.bss_conf.sync_device_ts = 0; 4305 sdata->vif.bss_conf.sync_dtim_count = 0; 4306 } 4307 rcu_read_unlock(); 4308 4309 /* tell driver about BSSID, basic rates and timing */ 4310 ieee80211_bss_info_change_notify(sdata, 4311 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 4312 BSS_CHANGED_BEACON_INT); 4313 4314 if (assoc) 4315 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 4316 4317 err = sta_info_insert(new_sta); 4318 new_sta = NULL; 4319 if (err) { 4320 sdata_info(sdata, 4321 "failed to insert STA entry for the AP (error %d)\n", 4322 err); 4323 return err; 4324 } 4325 } else 4326 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 4327 4328 return 0; 4329 } 4330 4331 /* config hooks */ 4332 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 4333 struct cfg80211_auth_request *req) 4334 { 4335 struct ieee80211_local *local = sdata->local; 4336 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4337 struct ieee80211_mgd_auth_data *auth_data; 4338 u16 auth_alg; 4339 int err; 4340 4341 /* prepare auth data structure */ 4342 4343 switch (req->auth_type) { 4344 case NL80211_AUTHTYPE_OPEN_SYSTEM: 4345 auth_alg = WLAN_AUTH_OPEN; 4346 break; 4347 case NL80211_AUTHTYPE_SHARED_KEY: 4348 if (IS_ERR(local->wep_tx_tfm)) 4349 return -EOPNOTSUPP; 4350 auth_alg = WLAN_AUTH_SHARED_KEY; 4351 break; 4352 case NL80211_AUTHTYPE_FT: 4353 auth_alg = WLAN_AUTH_FT; 4354 break; 4355 case NL80211_AUTHTYPE_NETWORK_EAP: 4356 auth_alg = WLAN_AUTH_LEAP; 4357 break; 4358 case NL80211_AUTHTYPE_SAE: 4359 auth_alg = WLAN_AUTH_SAE; 4360 break; 4361 default: 4362 return -EOPNOTSUPP; 4363 } 4364 4365 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 4366 req->ie_len, GFP_KERNEL); 4367 if (!auth_data) 4368 return -ENOMEM; 4369 4370 auth_data->bss = req->bss; 4371 4372 if (req->sae_data_len >= 4) { 4373 __le16 *pos = (__le16 *) req->sae_data; 4374 auth_data->sae_trans = le16_to_cpu(pos[0]); 4375 auth_data->sae_status = le16_to_cpu(pos[1]); 4376 memcpy(auth_data->data, req->sae_data + 4, 4377 req->sae_data_len - 4); 4378 auth_data->data_len += req->sae_data_len - 4; 4379 } 4380 4381 if (req->ie && req->ie_len) { 4382 memcpy(&auth_data->data[auth_data->data_len], 4383 req->ie, req->ie_len); 4384 auth_data->data_len += req->ie_len; 4385 } 4386 4387 if (req->key && req->key_len) { 4388 auth_data->key_len = req->key_len; 4389 auth_data->key_idx = req->key_idx; 4390 memcpy(auth_data->key, req->key, req->key_len); 4391 } 4392 4393 auth_data->algorithm = auth_alg; 4394 4395 /* try to authenticate/probe */ 4396 4397 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 4398 ifmgd->assoc_data) { 4399 err = -EBUSY; 4400 goto err_free; 4401 } 4402 4403 if (ifmgd->auth_data) 4404 ieee80211_destroy_auth_data(sdata, false); 4405 4406 /* prep auth_data so we don't go into idle on disassoc */ 4407 ifmgd->auth_data = auth_data; 4408 4409 if (ifmgd->associated) { 4410 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4411 4412 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4413 WLAN_REASON_UNSPECIFIED, 4414 false, frame_buf); 4415 4416 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4417 sizeof(frame_buf)); 4418 } 4419 4420 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 4421 4422 err = ieee80211_prep_connection(sdata, req->bss, false); 4423 if (err) 4424 goto err_clear; 4425 4426 err = ieee80211_probe_auth(sdata); 4427 if (err) { 4428 sta_info_destroy_addr(sdata, req->bss->bssid); 4429 goto err_clear; 4430 } 4431 4432 /* hold our own reference */ 4433 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 4434 return 0; 4435 4436 err_clear: 4437 memset(ifmgd->bssid, 0, ETH_ALEN); 4438 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4439 ifmgd->auth_data = NULL; 4440 err_free: 4441 kfree(auth_data); 4442 return err; 4443 } 4444 4445 static bool ieee80211_usable_wmm_params(struct ieee80211_sub_if_data *sdata, 4446 const u8 *wmm_param, int len) 4447 { 4448 const u8 *pos; 4449 size_t left; 4450 4451 if (len < 8) 4452 return false; 4453 4454 if (wmm_param[5] != 1 /* version */) 4455 return false; 4456 4457 pos = wmm_param + 8; 4458 left = len - 8; 4459 4460 for (; left >= 4; left -= 4, pos += 4) { 4461 u8 aifsn = pos[0] & 0x0f; 4462 u8 ecwmin = pos[1] & 0x0f; 4463 u8 ecwmax = (pos[1] & 0xf0) >> 4; 4464 int aci = (pos[0] >> 5) & 0x03; 4465 4466 if (aifsn < 2) { 4467 sdata_info(sdata, 4468 "AP has invalid WMM params (AIFSN=%d for ACI %d), disabling WMM\n", 4469 aifsn, aci); 4470 return false; 4471 } 4472 if (ecwmin > ecwmax) { 4473 sdata_info(sdata, 4474 "AP has invalid WMM params (ECWmin/max=%d/%d for ACI %d), disabling WMM\n", 4475 ecwmin, ecwmax, aci); 4476 return false; 4477 } 4478 } 4479 4480 return true; 4481 } 4482 4483 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 4484 struct cfg80211_assoc_request *req) 4485 { 4486 struct ieee80211_local *local = sdata->local; 4487 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4488 struct ieee80211_bss *bss = (void *)req->bss->priv; 4489 struct ieee80211_mgd_assoc_data *assoc_data; 4490 const struct cfg80211_bss_ies *beacon_ies; 4491 struct ieee80211_supported_band *sband; 4492 const u8 *ssidie, *ht_ie, *vht_ie; 4493 int i, err; 4494 4495 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 4496 if (!assoc_data) 4497 return -ENOMEM; 4498 4499 rcu_read_lock(); 4500 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 4501 if (!ssidie) { 4502 rcu_read_unlock(); 4503 kfree(assoc_data); 4504 return -EINVAL; 4505 } 4506 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4507 assoc_data->ssid_len = ssidie[1]; 4508 rcu_read_unlock(); 4509 4510 if (ifmgd->associated) { 4511 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4512 4513 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4514 WLAN_REASON_UNSPECIFIED, 4515 false, frame_buf); 4516 4517 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4518 sizeof(frame_buf)); 4519 } 4520 4521 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4522 err = -EBUSY; 4523 goto err_free; 4524 } 4525 4526 if (ifmgd->assoc_data) { 4527 err = -EBUSY; 4528 goto err_free; 4529 } 4530 4531 if (ifmgd->auth_data) { 4532 bool match; 4533 4534 /* keep sta info, bssid if matching */ 4535 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4536 ieee80211_destroy_auth_data(sdata, match); 4537 } 4538 4539 /* prepare assoc data */ 4540 4541 ifmgd->beacon_crc_valid = false; 4542 4543 assoc_data->wmm = bss->wmm_used && 4544 (local->hw.queues >= IEEE80211_NUM_ACS); 4545 if (assoc_data->wmm) { 4546 /* try to check validity of WMM params IE */ 4547 const struct cfg80211_bss_ies *ies; 4548 const u8 *wp, *start, *end; 4549 4550 rcu_read_lock(); 4551 ies = rcu_dereference(req->bss->ies); 4552 start = ies->data; 4553 end = start + ies->len; 4554 4555 while (true) { 4556 wp = cfg80211_find_vendor_ie( 4557 WLAN_OUI_MICROSOFT, 4558 WLAN_OUI_TYPE_MICROSOFT_WMM, 4559 start, end - start); 4560 if (!wp) 4561 break; 4562 start = wp + wp[1] + 2; 4563 /* if this IE is too short, try the next */ 4564 if (wp[1] <= 4) 4565 continue; 4566 /* if this IE is WMM params, we found what we wanted */ 4567 if (wp[6] == 1) 4568 break; 4569 } 4570 4571 if (!wp || !ieee80211_usable_wmm_params(sdata, wp + 2, 4572 wp[1] - 2)) { 4573 assoc_data->wmm = false; 4574 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM; 4575 } 4576 rcu_read_unlock(); 4577 } 4578 4579 /* 4580 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4581 * We still associate in non-HT mode (11a/b/g) if any one of these 4582 * ciphers is configured as pairwise. 4583 * We can set this to true for non-11n hardware, that'll be checked 4584 * separately along with the peer capabilities. 4585 */ 4586 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4587 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4588 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4589 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4590 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4591 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4592 netdev_info(sdata->dev, 4593 "disabling HT/VHT due to WEP/TKIP use\n"); 4594 } 4595 } 4596 4597 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4598 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4599 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4600 } 4601 4602 if (req->flags & ASSOC_REQ_DISABLE_VHT) 4603 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4604 4605 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4606 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4607 if (!sband->ht_cap.ht_supported || 4608 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4609 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4610 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4611 if (!bss->wmm_used && 4612 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4613 netdev_info(sdata->dev, 4614 "disabling HT as WMM/QoS is not supported by the AP\n"); 4615 } 4616 4617 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4618 if (!sband->vht_cap.vht_supported || 4619 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4620 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4621 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4622 if (!bss->wmm_used && 4623 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4624 netdev_info(sdata->dev, 4625 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4626 } 4627 4628 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4629 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4630 sizeof(ifmgd->ht_capa_mask)); 4631 4632 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4633 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4634 sizeof(ifmgd->vht_capa_mask)); 4635 4636 if (req->ie && req->ie_len) { 4637 memcpy(assoc_data->ie, req->ie, req->ie_len); 4638 assoc_data->ie_len = req->ie_len; 4639 } 4640 4641 assoc_data->bss = req->bss; 4642 4643 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4644 if (ifmgd->powersave) 4645 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4646 else 4647 sdata->smps_mode = IEEE80211_SMPS_OFF; 4648 } else 4649 sdata->smps_mode = ifmgd->req_smps; 4650 4651 assoc_data->capability = req->bss->capability; 4652 assoc_data->supp_rates = bss->supp_rates; 4653 assoc_data->supp_rates_len = bss->supp_rates_len; 4654 4655 rcu_read_lock(); 4656 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4657 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4658 assoc_data->ap_ht_param = 4659 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4660 else 4661 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4662 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4663 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4664 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4665 sizeof(struct ieee80211_vht_cap)); 4666 else 4667 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4668 rcu_read_unlock(); 4669 4670 if (bss->wmm_used && bss->uapsd_supported && 4671 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) { 4672 assoc_data->uapsd = true; 4673 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4674 } else { 4675 assoc_data->uapsd = false; 4676 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4677 } 4678 4679 if (req->prev_bssid) 4680 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4681 4682 if (req->use_mfp) { 4683 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4684 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4685 } else { 4686 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4687 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4688 } 4689 4690 if (req->flags & ASSOC_REQ_USE_RRM) 4691 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM; 4692 else 4693 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM; 4694 4695 if (req->crypto.control_port) 4696 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4697 else 4698 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4699 4700 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4701 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4702 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto, 4703 sdata->vif.type); 4704 4705 /* kick off associate process */ 4706 4707 ifmgd->assoc_data = assoc_data; 4708 ifmgd->dtim_period = 0; 4709 ifmgd->have_beacon = false; 4710 4711 err = ieee80211_prep_connection(sdata, req->bss, true); 4712 if (err) 4713 goto err_clear; 4714 4715 rcu_read_lock(); 4716 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4717 4718 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4719 !beacon_ies) { 4720 /* 4721 * Wait up to one beacon interval ... 4722 * should this be more if we miss one? 4723 */ 4724 sdata_info(sdata, "waiting for beacon from %pM\n", 4725 ifmgd->bssid); 4726 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4727 assoc_data->timeout_started = true; 4728 assoc_data->need_beacon = true; 4729 } else if (beacon_ies) { 4730 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4731 beacon_ies->data, 4732 beacon_ies->len); 4733 u8 dtim_count = 0; 4734 4735 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4736 const struct ieee80211_tim_ie *tim; 4737 tim = (void *)(tim_ie + 2); 4738 ifmgd->dtim_period = tim->dtim_period; 4739 dtim_count = tim->dtim_count; 4740 } 4741 ifmgd->have_beacon = true; 4742 assoc_data->timeout = jiffies; 4743 assoc_data->timeout_started = true; 4744 4745 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4746 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4747 sdata->vif.bss_conf.sync_device_ts = 4748 bss->device_ts_beacon; 4749 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4750 } 4751 } else { 4752 assoc_data->timeout = jiffies; 4753 assoc_data->timeout_started = true; 4754 } 4755 rcu_read_unlock(); 4756 4757 run_again(sdata, assoc_data->timeout); 4758 4759 if (bss->corrupt_data) { 4760 char *corrupt_type = "data"; 4761 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4762 if (bss->corrupt_data & 4763 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4764 corrupt_type = "beacon and probe response"; 4765 else 4766 corrupt_type = "beacon"; 4767 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4768 corrupt_type = "probe response"; 4769 sdata_info(sdata, "associating with AP with corrupt %s\n", 4770 corrupt_type); 4771 } 4772 4773 return 0; 4774 err_clear: 4775 memset(ifmgd->bssid, 0, ETH_ALEN); 4776 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4777 ifmgd->assoc_data = NULL; 4778 err_free: 4779 kfree(assoc_data); 4780 return err; 4781 } 4782 4783 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4784 struct cfg80211_deauth_request *req) 4785 { 4786 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4787 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4788 bool tx = !req->local_state_change; 4789 4790 if (ifmgd->auth_data && 4791 ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) { 4792 sdata_info(sdata, 4793 "aborting authentication with %pM by local choice (Reason: %u=%s)\n", 4794 req->bssid, req->reason_code, 4795 ieee80211_get_reason_code_string(req->reason_code)); 4796 4797 drv_mgd_prepare_tx(sdata->local, sdata); 4798 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4799 IEEE80211_STYPE_DEAUTH, 4800 req->reason_code, tx, 4801 frame_buf); 4802 ieee80211_destroy_auth_data(sdata, false); 4803 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4804 IEEE80211_DEAUTH_FRAME_LEN); 4805 4806 return 0; 4807 } 4808 4809 if (ifmgd->associated && 4810 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4811 sdata_info(sdata, 4812 "deauthenticating from %pM by local choice (Reason: %u=%s)\n", 4813 req->bssid, req->reason_code, 4814 ieee80211_get_reason_code_string(req->reason_code)); 4815 4816 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4817 req->reason_code, tx, frame_buf); 4818 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4819 IEEE80211_DEAUTH_FRAME_LEN); 4820 return 0; 4821 } 4822 4823 return -ENOTCONN; 4824 } 4825 4826 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4827 struct cfg80211_disassoc_request *req) 4828 { 4829 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4830 u8 bssid[ETH_ALEN]; 4831 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4832 4833 /* 4834 * cfg80211 should catch this ... but it's racy since 4835 * we can receive a disassoc frame, process it, hand it 4836 * to cfg80211 while that's in a locked section already 4837 * trying to tell us that the user wants to disconnect. 4838 */ 4839 if (ifmgd->associated != req->bss) 4840 return -ENOLINK; 4841 4842 sdata_info(sdata, 4843 "disassociating from %pM by local choice (Reason: %u=%s)\n", 4844 req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code)); 4845 4846 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4847 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4848 req->reason_code, !req->local_state_change, 4849 frame_buf); 4850 4851 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4852 IEEE80211_DEAUTH_FRAME_LEN); 4853 4854 return 0; 4855 } 4856 4857 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4858 { 4859 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4860 4861 /* 4862 * Make sure some work items will not run after this, 4863 * they will not do anything but might not have been 4864 * cancelled when disconnecting. 4865 */ 4866 cancel_work_sync(&ifmgd->monitor_work); 4867 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4868 cancel_work_sync(&ifmgd->request_smps_work); 4869 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4870 cancel_work_sync(&ifmgd->chswitch_work); 4871 cancel_delayed_work_sync(&ifmgd->tdls_peer_del_work); 4872 4873 sdata_lock(sdata); 4874 if (ifmgd->assoc_data) { 4875 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 4876 ieee80211_destroy_assoc_data(sdata, false); 4877 cfg80211_assoc_timeout(sdata->dev, bss); 4878 } 4879 if (ifmgd->auth_data) 4880 ieee80211_destroy_auth_data(sdata, false); 4881 spin_lock_bh(&ifmgd->teardown_lock); 4882 if (ifmgd->teardown_skb) { 4883 kfree_skb(ifmgd->teardown_skb); 4884 ifmgd->teardown_skb = NULL; 4885 ifmgd->orig_teardown_skb = NULL; 4886 } 4887 spin_unlock_bh(&ifmgd->teardown_lock); 4888 del_timer_sync(&ifmgd->timer); 4889 sdata_unlock(sdata); 4890 } 4891 4892 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 4893 enum nl80211_cqm_rssi_threshold_event rssi_event, 4894 gfp_t gfp) 4895 { 4896 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4897 4898 trace_api_cqm_rssi_notify(sdata, rssi_event); 4899 4900 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 4901 } 4902 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 4903 4904 void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp) 4905 { 4906 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 4907 4908 trace_api_cqm_beacon_loss_notify(sdata->local, sdata); 4909 4910 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp); 4911 } 4912 EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify); 4913