1/* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * Copyright 2013-2014 Intel Mobile Communications GmbH 9 * Copyright (C) 2015 Intel Deutschland GmbH 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 */ 15 16#include <linux/delay.h> 17#include <linux/if_ether.h> 18#include <linux/skbuff.h> 19#include <linux/if_arp.h> 20#include <linux/etherdevice.h> 21#include <linux/moduleparam.h> 22#include <linux/rtnetlink.h> 23#include <linux/crc32.h> 24#include <linux/slab.h> 25#include <linux/export.h> 26#include <net/mac80211.h> 27#include <asm/unaligned.h> 28 29#include "ieee80211_i.h" 30#include "driver-ops.h" 31#include "rate.h" 32#include "led.h" 33 34#define IEEE80211_AUTH_TIMEOUT (HZ / 5) 35#define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) 36#define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 37#define IEEE80211_AUTH_MAX_TRIES 3 38#define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 39#define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 40#define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 41#define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 42#define IEEE80211_ASSOC_MAX_TRIES 3 43 44static int max_nullfunc_tries = 2; 45module_param(max_nullfunc_tries, int, 0644); 46MODULE_PARM_DESC(max_nullfunc_tries, 47 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 48 49static int max_probe_tries = 5; 50module_param(max_probe_tries, int, 0644); 51MODULE_PARM_DESC(max_probe_tries, 52 "Maximum probe tries before disconnecting (reason 4)."); 53 54/* 55 * Beacon loss timeout is calculated as N frames times the 56 * advertised beacon interval. This may need to be somewhat 57 * higher than what hardware might detect to account for 58 * delays in the host processing frames. But since we also 59 * probe on beacon miss before declaring the connection lost 60 * default to what we want. 61 */ 62static int beacon_loss_count = 7; 63module_param(beacon_loss_count, int, 0644); 64MODULE_PARM_DESC(beacon_loss_count, 65 "Number of beacon intervals before we decide beacon was lost."); 66 67/* 68 * Time the connection can be idle before we probe 69 * it to see if we can still talk to the AP. 70 */ 71#define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 72/* 73 * Time we wait for a probe response after sending 74 * a probe request because of beacon loss or for 75 * checking the connection still works. 76 */ 77static int probe_wait_ms = 500; 78module_param(probe_wait_ms, int, 0644); 79MODULE_PARM_DESC(probe_wait_ms, 80 "Maximum time(ms) to wait for probe response" 81 " before disconnecting (reason 4)."); 82 83/* 84 * How many Beacon frames need to have been used in average signal strength 85 * before starting to indicate signal change events. 86 */ 87#define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 88 89/* 90 * We can have multiple work items (and connection probing) 91 * scheduling this timer, but we need to take care to only 92 * reschedule it when it should fire _earlier_ than it was 93 * asked for before, or if it's not pending right now. This 94 * function ensures that. Note that it then is required to 95 * run this function for all timeouts after the first one 96 * has happened -- the work that runs from this timer will 97 * do that. 98 */ 99static void run_again(struct ieee80211_sub_if_data *sdata, 100 unsigned long timeout) 101{ 102 sdata_assert_lock(sdata); 103 104 if (!timer_pending(&sdata->u.mgd.timer) || 105 time_before(timeout, sdata->u.mgd.timer.expires)) 106 mod_timer(&sdata->u.mgd.timer, timeout); 107} 108 109void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 110{ 111 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 112 return; 113 114 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 115 return; 116 117 mod_timer(&sdata->u.mgd.bcn_mon_timer, 118 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 119} 120 121void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 122{ 123 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 124 125 if (unlikely(!sdata->u.mgd.associated)) 126 return; 127 128 ifmgd->probe_send_count = 0; 129 130 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 131 return; 132 133 mod_timer(&sdata->u.mgd.conn_mon_timer, 134 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 135} 136 137static int ecw2cw(int ecw) 138{ 139 return (1 << ecw) - 1; 140} 141 142static u32 143ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 144 struct ieee80211_supported_band *sband, 145 struct ieee80211_channel *channel, 146 const struct ieee80211_ht_cap *ht_cap, 147 const struct ieee80211_ht_operation *ht_oper, 148 const struct ieee80211_vht_operation *vht_oper, 149 struct cfg80211_chan_def *chandef, bool tracking) 150{ 151 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 152 struct cfg80211_chan_def vht_chandef; 153 struct ieee80211_sta_ht_cap sta_ht_cap; 154 u32 ht_cfreq, ret; 155 156 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap)); 157 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap); 158 159 chandef->chan = channel; 160 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 161 chandef->center_freq1 = channel->center_freq; 162 chandef->center_freq2 = 0; 163 164 if (!ht_cap || !ht_oper || !sta_ht_cap.ht_supported) { 165 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 166 goto out; 167 } 168 169 chandef->width = NL80211_CHAN_WIDTH_20; 170 171 if (!(ht_cap->cap_info & 172 cpu_to_le16(IEEE80211_HT_CAP_SUP_WIDTH_20_40))) { 173 ret = IEEE80211_STA_DISABLE_40MHZ; 174 vht_chandef = *chandef; 175 goto out; 176 } 177 178 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 179 channel->band); 180 /* check that channel matches the right operating channel */ 181 if (!tracking && channel->center_freq != ht_cfreq) { 182 /* 183 * It's possible that some APs are confused here; 184 * Netgear WNDR3700 sometimes reports 4 higher than 185 * the actual channel in association responses, but 186 * since we look at probe response/beacon data here 187 * it should be OK. 188 */ 189 sdata_info(sdata, 190 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 191 channel->center_freq, ht_cfreq, 192 ht_oper->primary_chan, channel->band); 193 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 194 goto out; 195 } 196 197 /* check 40 MHz support, if we have it */ 198 if (sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 199 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 200 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 201 chandef->width = NL80211_CHAN_WIDTH_40; 202 chandef->center_freq1 += 10; 203 break; 204 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 205 chandef->width = NL80211_CHAN_WIDTH_40; 206 chandef->center_freq1 -= 10; 207 break; 208 } 209 } else { 210 /* 40 MHz (and 80 MHz) must be supported for VHT */ 211 ret = IEEE80211_STA_DISABLE_VHT; 212 /* also mark 40 MHz disabled */ 213 ret |= IEEE80211_STA_DISABLE_40MHZ; 214 goto out; 215 } 216 217 if (!vht_oper || !sband->vht_cap.vht_supported) { 218 ret = IEEE80211_STA_DISABLE_VHT; 219 goto out; 220 } 221 222 vht_chandef.chan = channel; 223 vht_chandef.center_freq1 = 224 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 225 channel->band); 226 vht_chandef.center_freq2 = 0; 227 228 switch (vht_oper->chan_width) { 229 case IEEE80211_VHT_CHANWIDTH_USE_HT: 230 vht_chandef.width = chandef->width; 231 vht_chandef.center_freq1 = chandef->center_freq1; 232 break; 233 case IEEE80211_VHT_CHANWIDTH_80MHZ: 234 vht_chandef.width = NL80211_CHAN_WIDTH_80; 235 break; 236 case IEEE80211_VHT_CHANWIDTH_160MHZ: 237 vht_chandef.width = NL80211_CHAN_WIDTH_160; 238 break; 239 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 240 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 241 vht_chandef.center_freq2 = 242 ieee80211_channel_to_frequency( 243 vht_oper->center_freq_seg2_idx, 244 channel->band); 245 break; 246 default: 247 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 248 sdata_info(sdata, 249 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 250 vht_oper->chan_width); 251 ret = IEEE80211_STA_DISABLE_VHT; 252 goto out; 253 } 254 255 if (!cfg80211_chandef_valid(&vht_chandef)) { 256 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 257 sdata_info(sdata, 258 "AP VHT information is invalid, disable VHT\n"); 259 ret = IEEE80211_STA_DISABLE_VHT; 260 goto out; 261 } 262 263 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 264 ret = 0; 265 goto out; 266 } 267 268 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 269 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 270 sdata_info(sdata, 271 "AP VHT information doesn't match HT, disable VHT\n"); 272 ret = IEEE80211_STA_DISABLE_VHT; 273 goto out; 274 } 275 276 *chandef = vht_chandef; 277 278 ret = 0; 279 280out: 281 /* 282 * When tracking the current AP, don't do any further checks if the 283 * new chandef is identical to the one we're currently using for the 284 * connection. This keeps us from playing ping-pong with regulatory, 285 * without it the following can happen (for example): 286 * - connect to an AP with 80 MHz, world regdom allows 80 MHz 287 * - AP advertises regdom US 288 * - CRDA loads regdom US with 80 MHz prohibited (old database) 289 * - the code below detects an unsupported channel, downgrades, and 290 * we disconnect from the AP in the caller 291 * - disconnect causes CRDA to reload world regdomain and the game 292 * starts anew. 293 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881) 294 * 295 * It seems possible that there are still scenarios with CSA or real 296 * bandwidth changes where a this could happen, but those cases are 297 * less common and wouldn't completely prevent using the AP. 298 */ 299 if (tracking && 300 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef)) 301 return ret; 302 303 /* don't print the message below for VHT mismatch if VHT is disabled */ 304 if (ret & IEEE80211_STA_DISABLE_VHT) 305 vht_chandef = *chandef; 306 307 /* 308 * Ignore the DISABLED flag when we're already connected and only 309 * tracking the APs beacon for bandwidth changes - otherwise we 310 * might get disconnected here if we connect to an AP, update our 311 * regulatory information based on the AP's country IE and the 312 * information we have is wrong/outdated and disables the channel 313 * that we're actually using for the connection to the AP. 314 */ 315 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 316 tracking ? 0 : 317 IEEE80211_CHAN_DISABLED)) { 318 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 319 ret = IEEE80211_STA_DISABLE_HT | 320 IEEE80211_STA_DISABLE_VHT; 321 break; 322 } 323 324 ret |= ieee80211_chandef_downgrade(chandef); 325 } 326 327 if (chandef->width != vht_chandef.width && !tracking) 328 sdata_info(sdata, 329 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 330 331 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 332 return ret; 333} 334 335static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 336 struct sta_info *sta, 337 const struct ieee80211_ht_cap *ht_cap, 338 const struct ieee80211_ht_operation *ht_oper, 339 const struct ieee80211_vht_operation *vht_oper, 340 const u8 *bssid, u32 *changed) 341{ 342 struct ieee80211_local *local = sdata->local; 343 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 344 struct ieee80211_supported_band *sband; 345 struct ieee80211_channel *chan; 346 struct cfg80211_chan_def chandef; 347 u16 ht_opmode; 348 u32 flags; 349 enum ieee80211_sta_rx_bandwidth new_sta_bw; 350 int ret; 351 352 /* if HT was/is disabled, don't track any bandwidth changes */ 353 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 354 return 0; 355 356 /* don't check VHT if we associated as non-VHT station */ 357 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 358 vht_oper = NULL; 359 360 if (WARN_ON_ONCE(!sta)) 361 return -EINVAL; 362 363 /* 364 * if bss configuration changed store the new one - 365 * this may be applicable even if channel is identical 366 */ 367 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 368 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 369 *changed |= BSS_CHANGED_HT; 370 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 371 } 372 373 chan = sdata->vif.bss_conf.chandef.chan; 374 sband = local->hw.wiphy->bands[chan->band]; 375 376 /* calculate new channel (type) based on HT/VHT operation IEs */ 377 flags = ieee80211_determine_chantype(sdata, sband, chan, 378 ht_cap, ht_oper, vht_oper, 379 &chandef, true); 380 381 /* 382 * Downgrade the new channel if we associated with restricted 383 * capabilities. For example, if we associated as a 20 MHz STA 384 * to a 40 MHz AP (due to regulatory, capabilities or config 385 * reasons) then switching to a 40 MHz channel now won't do us 386 * any good -- we couldn't use it with the AP. 387 */ 388 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 389 chandef.width == NL80211_CHAN_WIDTH_80P80) 390 flags |= ieee80211_chandef_downgrade(&chandef); 391 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 392 chandef.width == NL80211_CHAN_WIDTH_160) 393 flags |= ieee80211_chandef_downgrade(&chandef); 394 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 395 chandef.width > NL80211_CHAN_WIDTH_20) 396 flags |= ieee80211_chandef_downgrade(&chandef); 397 398 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 399 return 0; 400 401 sdata_info(sdata, 402 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 403 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 404 chandef.center_freq1, chandef.center_freq2); 405 406 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 407 IEEE80211_STA_DISABLE_VHT | 408 IEEE80211_STA_DISABLE_40MHZ | 409 IEEE80211_STA_DISABLE_80P80MHZ | 410 IEEE80211_STA_DISABLE_160MHZ)) || 411 !cfg80211_chandef_valid(&chandef)) { 412 sdata_info(sdata, 413 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 414 ifmgd->bssid); 415 return -EINVAL; 416 } 417 418 switch (chandef.width) { 419 case NL80211_CHAN_WIDTH_20_NOHT: 420 case NL80211_CHAN_WIDTH_20: 421 new_sta_bw = IEEE80211_STA_RX_BW_20; 422 break; 423 case NL80211_CHAN_WIDTH_40: 424 new_sta_bw = IEEE80211_STA_RX_BW_40; 425 break; 426 case NL80211_CHAN_WIDTH_80: 427 new_sta_bw = IEEE80211_STA_RX_BW_80; 428 break; 429 case NL80211_CHAN_WIDTH_80P80: 430 case NL80211_CHAN_WIDTH_160: 431 new_sta_bw = IEEE80211_STA_RX_BW_160; 432 break; 433 default: 434 return -EINVAL; 435 } 436 437 if (new_sta_bw > sta->cur_max_bandwidth) 438 new_sta_bw = sta->cur_max_bandwidth; 439 440 if (new_sta_bw < sta->sta.bandwidth) { 441 sta->sta.bandwidth = new_sta_bw; 442 rate_control_rate_update(local, sband, sta, 443 IEEE80211_RC_BW_CHANGED); 444 } 445 446 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 447 if (ret) { 448 sdata_info(sdata, 449 "AP %pM changed bandwidth to incompatible one - disconnect\n", 450 ifmgd->bssid); 451 return ret; 452 } 453 454 if (new_sta_bw > sta->sta.bandwidth) { 455 sta->sta.bandwidth = new_sta_bw; 456 rate_control_rate_update(local, sband, sta, 457 IEEE80211_RC_BW_CHANGED); 458 } 459 460 return 0; 461} 462 463/* frame sending functions */ 464 465static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 466 struct sk_buff *skb, u8 ap_ht_param, 467 struct ieee80211_supported_band *sband, 468 struct ieee80211_channel *channel, 469 enum ieee80211_smps_mode smps) 470{ 471 u8 *pos; 472 u32 flags = channel->flags; 473 u16 cap; 474 struct ieee80211_sta_ht_cap ht_cap; 475 476 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 477 478 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 479 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 480 481 /* determine capability flags */ 482 cap = ht_cap.cap; 483 484 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 485 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 486 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 487 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 488 cap &= ~IEEE80211_HT_CAP_SGI_40; 489 } 490 break; 491 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 492 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 493 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 494 cap &= ~IEEE80211_HT_CAP_SGI_40; 495 } 496 break; 497 } 498 499 /* 500 * If 40 MHz was disabled associate as though we weren't 501 * capable of 40 MHz -- some broken APs will never fall 502 * back to trying to transmit in 20 MHz. 503 */ 504 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 505 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 506 cap &= ~IEEE80211_HT_CAP_SGI_40; 507 } 508 509 /* set SM PS mode properly */ 510 cap &= ~IEEE80211_HT_CAP_SM_PS; 511 switch (smps) { 512 case IEEE80211_SMPS_AUTOMATIC: 513 case IEEE80211_SMPS_NUM_MODES: 514 WARN_ON(1); 515 case IEEE80211_SMPS_OFF: 516 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 517 IEEE80211_HT_CAP_SM_PS_SHIFT; 518 break; 519 case IEEE80211_SMPS_STATIC: 520 cap |= WLAN_HT_CAP_SM_PS_STATIC << 521 IEEE80211_HT_CAP_SM_PS_SHIFT; 522 break; 523 case IEEE80211_SMPS_DYNAMIC: 524 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 525 IEEE80211_HT_CAP_SM_PS_SHIFT; 526 break; 527 } 528 529 /* reserve and fill IE */ 530 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 531 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 532} 533 534/* This function determines vht capability flags for the association 535 * and builds the IE. 536 * Note - the function may set the owner of the MU-MIMO capability 537 */ 538static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 539 struct sk_buff *skb, 540 struct ieee80211_supported_band *sband, 541 struct ieee80211_vht_cap *ap_vht_cap) 542{ 543 struct ieee80211_local *local = sdata->local; 544 u8 *pos; 545 u32 cap; 546 struct ieee80211_sta_vht_cap vht_cap; 547 u32 mask, ap_bf_sts, our_bf_sts; 548 549 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 550 551 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 552 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 553 554 /* determine capability flags */ 555 cap = vht_cap.cap; 556 557 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 558 u32 bw = cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 559 560 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 561 if (bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ || 562 bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ) 563 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 564 } 565 566 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 567 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 568 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 569 } 570 571 /* 572 * Some APs apparently get confused if our capabilities are better 573 * than theirs, so restrict what we advertise in the assoc request. 574 */ 575 if (!(ap_vht_cap->vht_cap_info & 576 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 577 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE | 578 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE); 579 else if (!(ap_vht_cap->vht_cap_info & 580 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))) 581 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE; 582 583 /* 584 * If some other vif is using the MU-MIMO capablity we cannot associate 585 * using MU-MIMO - this will lead to contradictions in the group-id 586 * mechanism. 587 * Ownership is defined since association request, in order to avoid 588 * simultaneous associations with MU-MIMO. 589 */ 590 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) { 591 bool disable_mu_mimo = false; 592 struct ieee80211_sub_if_data *other; 593 594 list_for_each_entry_rcu(other, &local->interfaces, list) { 595 if (other->flags & IEEE80211_SDATA_MU_MIMO_OWNER) { 596 disable_mu_mimo = true; 597 break; 598 } 599 } 600 if (disable_mu_mimo) 601 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE; 602 else 603 sdata->flags |= IEEE80211_SDATA_MU_MIMO_OWNER; 604 } 605 606 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK; 607 608 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask; 609 our_bf_sts = cap & mask; 610 611 if (ap_bf_sts < our_bf_sts) { 612 cap &= ~mask; 613 cap |= ap_bf_sts; 614 } 615 616 /* reserve and fill IE */ 617 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 618 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 619} 620 621static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 622{ 623 struct ieee80211_local *local = sdata->local; 624 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 625 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 626 struct sk_buff *skb; 627 struct ieee80211_mgmt *mgmt; 628 u8 *pos, qos_info; 629 size_t offset = 0, noffset; 630 int i, count, rates_len, supp_rates_len, shift; 631 u16 capab; 632 struct ieee80211_supported_band *sband; 633 struct ieee80211_chanctx_conf *chanctx_conf; 634 struct ieee80211_channel *chan; 635 u32 rate_flags, rates = 0; 636 637 sdata_assert_lock(sdata); 638 639 rcu_read_lock(); 640 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 641 if (WARN_ON(!chanctx_conf)) { 642 rcu_read_unlock(); 643 return; 644 } 645 chan = chanctx_conf->def.chan; 646 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 647 rcu_read_unlock(); 648 sband = local->hw.wiphy->bands[chan->band]; 649 shift = ieee80211_vif_get_shift(&sdata->vif); 650 651 if (assoc_data->supp_rates_len) { 652 /* 653 * Get all rates supported by the device and the AP as 654 * some APs don't like getting a superset of their rates 655 * in the association request (e.g. D-Link DAP 1353 in 656 * b-only mode)... 657 */ 658 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband, 659 assoc_data->supp_rates, 660 assoc_data->supp_rates_len, 661 &rates); 662 } else { 663 /* 664 * In case AP not provide any supported rates information 665 * before association, we send information element(s) with 666 * all rates that we support. 667 */ 668 rates_len = 0; 669 for (i = 0; i < sband->n_bitrates; i++) { 670 if ((rate_flags & sband->bitrates[i].flags) 671 != rate_flags) 672 continue; 673 rates |= BIT(i); 674 rates_len++; 675 } 676 } 677 678 skb = alloc_skb(local->hw.extra_tx_headroom + 679 sizeof(*mgmt) + /* bit too much but doesn't matter */ 680 2 + assoc_data->ssid_len + /* SSID */ 681 4 + rates_len + /* (extended) rates */ 682 4 + /* power capability */ 683 2 + 2 * sband->n_channels + /* supported channels */ 684 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 685 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 686 assoc_data->ie_len + /* extra IEs */ 687 9, /* WMM */ 688 GFP_KERNEL); 689 if (!skb) 690 return; 691 692 skb_reserve(skb, local->hw.extra_tx_headroom); 693 694 capab = WLAN_CAPABILITY_ESS; 695 696 if (sband->band == IEEE80211_BAND_2GHZ) { 697 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 698 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 699 } 700 701 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 702 capab |= WLAN_CAPABILITY_PRIVACY; 703 704 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 705 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT)) 706 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 707 708 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM) 709 capab |= WLAN_CAPABILITY_RADIO_MEASURE; 710 711 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 712 memset(mgmt, 0, 24); 713 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 714 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 715 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 716 717 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 718 skb_put(skb, 10); 719 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 720 IEEE80211_STYPE_REASSOC_REQ); 721 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 722 mgmt->u.reassoc_req.listen_interval = 723 cpu_to_le16(local->hw.conf.listen_interval); 724 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 725 ETH_ALEN); 726 } else { 727 skb_put(skb, 4); 728 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 729 IEEE80211_STYPE_ASSOC_REQ); 730 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 731 mgmt->u.assoc_req.listen_interval = 732 cpu_to_le16(local->hw.conf.listen_interval); 733 } 734 735 /* SSID */ 736 pos = skb_put(skb, 2 + assoc_data->ssid_len); 737 *pos++ = WLAN_EID_SSID; 738 *pos++ = assoc_data->ssid_len; 739 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 740 741 /* add all rates which were marked to be used above */ 742 supp_rates_len = rates_len; 743 if (supp_rates_len > 8) 744 supp_rates_len = 8; 745 746 pos = skb_put(skb, supp_rates_len + 2); 747 *pos++ = WLAN_EID_SUPP_RATES; 748 *pos++ = supp_rates_len; 749 750 count = 0; 751 for (i = 0; i < sband->n_bitrates; i++) { 752 if (BIT(i) & rates) { 753 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 754 5 * (1 << shift)); 755 *pos++ = (u8) rate; 756 if (++count == 8) 757 break; 758 } 759 } 760 761 if (rates_len > count) { 762 pos = skb_put(skb, rates_len - count + 2); 763 *pos++ = WLAN_EID_EXT_SUPP_RATES; 764 *pos++ = rates_len - count; 765 766 for (i++; i < sband->n_bitrates; i++) { 767 if (BIT(i) & rates) { 768 int rate; 769 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 770 5 * (1 << shift)); 771 *pos++ = (u8) rate; 772 } 773 } 774 } 775 776 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT || 777 capab & WLAN_CAPABILITY_RADIO_MEASURE) { 778 pos = skb_put(skb, 4); 779 *pos++ = WLAN_EID_PWR_CAPABILITY; 780 *pos++ = 2; 781 *pos++ = 0; /* min tx power */ 782 /* max tx power */ 783 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def); 784 } 785 786 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 787 /* TODO: get this in reg domain format */ 788 pos = skb_put(skb, 2 * sband->n_channels + 2); 789 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 790 *pos++ = 2 * sband->n_channels; 791 for (i = 0; i < sband->n_channels; i++) { 792 *pos++ = ieee80211_frequency_to_channel( 793 sband->channels[i].center_freq); 794 *pos++ = 1; /* one channel in the subband*/ 795 } 796 } 797 798 /* if present, add any custom IEs that go before HT */ 799 if (assoc_data->ie_len) { 800 static const u8 before_ht[] = { 801 WLAN_EID_SSID, 802 WLAN_EID_SUPP_RATES, 803 WLAN_EID_EXT_SUPP_RATES, 804 WLAN_EID_PWR_CAPABILITY, 805 WLAN_EID_SUPPORTED_CHANNELS, 806 WLAN_EID_RSN, 807 WLAN_EID_QOS_CAPA, 808 WLAN_EID_RRM_ENABLED_CAPABILITIES, 809 WLAN_EID_MOBILITY_DOMAIN, 810 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */ 811 WLAN_EID_RIC_DATA, /* reassoc only */ 812 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 813 }; 814 static const u8 after_ric[] = { 815 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 816 WLAN_EID_HT_CAPABILITY, 817 WLAN_EID_BSS_COEX_2040, 818 WLAN_EID_EXT_CAPABILITY, 819 WLAN_EID_QOS_TRAFFIC_CAPA, 820 WLAN_EID_TIM_BCAST_REQ, 821 WLAN_EID_INTERWORKING, 822 /* 60GHz doesn't happen right now */ 823 WLAN_EID_VHT_CAPABILITY, 824 WLAN_EID_OPMODE_NOTIF, 825 }; 826 827 noffset = ieee80211_ie_split_ric(assoc_data->ie, 828 assoc_data->ie_len, 829 before_ht, 830 ARRAY_SIZE(before_ht), 831 after_ric, 832 ARRAY_SIZE(after_ric), 833 offset); 834 pos = skb_put(skb, noffset - offset); 835 memcpy(pos, assoc_data->ie + offset, noffset - offset); 836 offset = noffset; 837 } 838 839 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 840 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 841 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 842 843 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 844 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 845 sband, chan, sdata->smps_mode); 846 847 /* if present, add any custom IEs that go before VHT */ 848 if (assoc_data->ie_len) { 849 static const u8 before_vht[] = { 850 WLAN_EID_SSID, 851 WLAN_EID_SUPP_RATES, 852 WLAN_EID_EXT_SUPP_RATES, 853 WLAN_EID_PWR_CAPABILITY, 854 WLAN_EID_SUPPORTED_CHANNELS, 855 WLAN_EID_RSN, 856 WLAN_EID_QOS_CAPA, 857 WLAN_EID_RRM_ENABLED_CAPABILITIES, 858 WLAN_EID_MOBILITY_DOMAIN, 859 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 860 WLAN_EID_HT_CAPABILITY, 861 WLAN_EID_BSS_COEX_2040, 862 WLAN_EID_EXT_CAPABILITY, 863 WLAN_EID_QOS_TRAFFIC_CAPA, 864 WLAN_EID_TIM_BCAST_REQ, 865 WLAN_EID_INTERWORKING, 866 }; 867 868 /* RIC already taken above, so no need to handle here anymore */ 869 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 870 before_vht, ARRAY_SIZE(before_vht), 871 offset); 872 pos = skb_put(skb, noffset - offset); 873 memcpy(pos, assoc_data->ie + offset, noffset - offset); 874 offset = noffset; 875 } 876 877 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 878 ieee80211_add_vht_ie(sdata, skb, sband, 879 &assoc_data->ap_vht_cap); 880 881 /* if present, add any custom non-vendor IEs that go after HT */ 882 if (assoc_data->ie_len) { 883 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 884 assoc_data->ie_len, 885 offset); 886 pos = skb_put(skb, noffset - offset); 887 memcpy(pos, assoc_data->ie + offset, noffset - offset); 888 offset = noffset; 889 } 890 891 if (assoc_data->wmm) { 892 if (assoc_data->uapsd) { 893 qos_info = ifmgd->uapsd_queues; 894 qos_info |= (ifmgd->uapsd_max_sp_len << 895 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 896 } else { 897 qos_info = 0; 898 } 899 900 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info); 901 } 902 903 /* add any remaining custom (i.e. vendor specific here) IEs */ 904 if (assoc_data->ie_len) { 905 noffset = assoc_data->ie_len; 906 pos = skb_put(skb, noffset - offset); 907 memcpy(pos, assoc_data->ie + offset, noffset - offset); 908 } 909 910 drv_mgd_prepare_tx(local, sdata); 911 912 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 913 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 914 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 915 IEEE80211_TX_INTFL_MLME_CONN_TX; 916 ieee80211_tx_skb(sdata, skb); 917} 918 919void ieee80211_send_pspoll(struct ieee80211_local *local, 920 struct ieee80211_sub_if_data *sdata) 921{ 922 struct ieee80211_pspoll *pspoll; 923 struct sk_buff *skb; 924 925 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 926 if (!skb) 927 return; 928 929 pspoll = (struct ieee80211_pspoll *) skb->data; 930 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 931 932 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 933 ieee80211_tx_skb(sdata, skb); 934} 935 936void ieee80211_send_nullfunc(struct ieee80211_local *local, 937 struct ieee80211_sub_if_data *sdata, 938 bool powersave) 939{ 940 struct sk_buff *skb; 941 struct ieee80211_hdr_3addr *nullfunc; 942 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 943 944 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 945 if (!skb) 946 return; 947 948 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 949 if (powersave) 950 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 951 952 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 953 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 954 955 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 956 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 957 958 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 959 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 960 961 ieee80211_tx_skb(sdata, skb); 962} 963 964static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 965 struct ieee80211_sub_if_data *sdata) 966{ 967 struct sk_buff *skb; 968 struct ieee80211_hdr *nullfunc; 969 __le16 fc; 970 971 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 972 return; 973 974 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 975 if (!skb) 976 return; 977 978 skb_reserve(skb, local->hw.extra_tx_headroom); 979 980 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 981 memset(nullfunc, 0, 30); 982 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 983 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 984 nullfunc->frame_control = fc; 985 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 986 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 987 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 988 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 989 990 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 991 ieee80211_tx_skb(sdata, skb); 992} 993 994/* spectrum management related things */ 995static void ieee80211_chswitch_work(struct work_struct *work) 996{ 997 struct ieee80211_sub_if_data *sdata = 998 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 999 struct ieee80211_local *local = sdata->local; 1000 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1001 int ret; 1002 1003 if (!ieee80211_sdata_running(sdata)) 1004 return; 1005 1006 sdata_lock(sdata); 1007 mutex_lock(&local->mtx); 1008 mutex_lock(&local->chanctx_mtx); 1009 1010 if (!ifmgd->associated) 1011 goto out; 1012 1013 if (!sdata->vif.csa_active) 1014 goto out; 1015 1016 /* 1017 * using reservation isn't immediate as it may be deferred until later 1018 * with multi-vif. once reservation is complete it will re-schedule the 1019 * work with no reserved_chanctx so verify chandef to check if it 1020 * completed successfully 1021 */ 1022 1023 if (sdata->reserved_chanctx) { 1024 /* 1025 * with multi-vif csa driver may call ieee80211_csa_finish() 1026 * many times while waiting for other interfaces to use their 1027 * reservations 1028 */ 1029 if (sdata->reserved_ready) 1030 goto out; 1031 1032 ret = ieee80211_vif_use_reserved_context(sdata); 1033 if (ret) { 1034 sdata_info(sdata, 1035 "failed to use reserved channel context, disconnecting (err=%d)\n", 1036 ret); 1037 ieee80211_queue_work(&sdata->local->hw, 1038 &ifmgd->csa_connection_drop_work); 1039 goto out; 1040 } 1041 1042 goto out; 1043 } 1044 1045 if (!cfg80211_chandef_identical(&sdata->vif.bss_conf.chandef, 1046 &sdata->csa_chandef)) { 1047 sdata_info(sdata, 1048 "failed to finalize channel switch, disconnecting\n"); 1049 ieee80211_queue_work(&sdata->local->hw, 1050 &ifmgd->csa_connection_drop_work); 1051 goto out; 1052 } 1053 1054 /* XXX: shouldn't really modify cfg80211-owned data! */ 1055 ifmgd->associated->channel = sdata->csa_chandef.chan; 1056 1057 ifmgd->csa_waiting_bcn = true; 1058 1059 ieee80211_sta_reset_beacon_monitor(sdata); 1060 ieee80211_sta_reset_conn_monitor(sdata); 1061 1062out: 1063 mutex_unlock(&local->chanctx_mtx); 1064 mutex_unlock(&local->mtx); 1065 sdata_unlock(sdata); 1066} 1067 1068static void ieee80211_chswitch_post_beacon(struct ieee80211_sub_if_data *sdata) 1069{ 1070 struct ieee80211_local *local = sdata->local; 1071 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1072 int ret; 1073 1074 sdata_assert_lock(sdata); 1075 1076 WARN_ON(!sdata->vif.csa_active); 1077 1078 if (sdata->csa_block_tx) { 1079 ieee80211_wake_vif_queues(local, sdata, 1080 IEEE80211_QUEUE_STOP_REASON_CSA); 1081 sdata->csa_block_tx = false; 1082 } 1083 1084 sdata->vif.csa_active = false; 1085 ifmgd->csa_waiting_bcn = false; 1086 1087 ret = drv_post_channel_switch(sdata); 1088 if (ret) { 1089 sdata_info(sdata, 1090 "driver post channel switch failed, disconnecting\n"); 1091 ieee80211_queue_work(&local->hw, 1092 &ifmgd->csa_connection_drop_work); 1093 return; 1094 } 1095 1096 cfg80211_ch_switch_notify(sdata->dev, &sdata->reserved_chandef); 1097} 1098 1099void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 1100{ 1101 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1102 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1103 1104 trace_api_chswitch_done(sdata, success); 1105 if (!success) { 1106 sdata_info(sdata, 1107 "driver channel switch failed, disconnecting\n"); 1108 ieee80211_queue_work(&sdata->local->hw, 1109 &ifmgd->csa_connection_drop_work); 1110 } else { 1111 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1112 } 1113} 1114EXPORT_SYMBOL(ieee80211_chswitch_done); 1115 1116static void ieee80211_chswitch_timer(unsigned long data) 1117{ 1118 struct ieee80211_sub_if_data *sdata = 1119 (struct ieee80211_sub_if_data *) data; 1120 1121 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 1122} 1123 1124static void 1125ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1126 u64 timestamp, u32 device_timestamp, 1127 struct ieee802_11_elems *elems, 1128 bool beacon) 1129{ 1130 struct ieee80211_local *local = sdata->local; 1131 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1132 struct cfg80211_bss *cbss = ifmgd->associated; 1133 struct ieee80211_chanctx_conf *conf; 1134 struct ieee80211_chanctx *chanctx; 1135 enum ieee80211_band current_band; 1136 struct ieee80211_csa_ie csa_ie; 1137 struct ieee80211_channel_switch ch_switch; 1138 int res; 1139 1140 sdata_assert_lock(sdata); 1141 1142 if (!cbss) 1143 return; 1144 1145 if (local->scanning) 1146 return; 1147 1148 /* disregard subsequent announcements if we are already processing */ 1149 if (sdata->vif.csa_active) 1150 return; 1151 1152 current_band = cbss->channel->band; 1153 memset(&csa_ie, 0, sizeof(csa_ie)); 1154 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band, 1155 ifmgd->flags, 1156 ifmgd->associated->bssid, &csa_ie); 1157 if (res < 0) 1158 ieee80211_queue_work(&local->hw, 1159 &ifmgd->csa_connection_drop_work); 1160 if (res) 1161 return; 1162 1163 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef, 1164 IEEE80211_CHAN_DISABLED)) { 1165 sdata_info(sdata, 1166 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 1167 ifmgd->associated->bssid, 1168 csa_ie.chandef.chan->center_freq, 1169 csa_ie.chandef.width, csa_ie.chandef.center_freq1, 1170 csa_ie.chandef.center_freq2); 1171 ieee80211_queue_work(&local->hw, 1172 &ifmgd->csa_connection_drop_work); 1173 return; 1174 } 1175 1176 if (cfg80211_chandef_identical(&csa_ie.chandef, 1177 &sdata->vif.bss_conf.chandef)) { 1178 if (ifmgd->csa_ignored_same_chan) 1179 return; 1180 sdata_info(sdata, 1181 "AP %pM tries to chanswitch to same channel, ignore\n", 1182 ifmgd->associated->bssid); 1183 ifmgd->csa_ignored_same_chan = true; 1184 return; 1185 } 1186 1187 /* 1188 * Drop all TDLS peers - either we disconnect or move to a different 1189 * channel from this point on. There's no telling what our peer will do. 1190 * The TDLS WIDER_BW scenario is also problematic, as peers might now 1191 * have an incompatible wider chandef. 1192 */ 1193 ieee80211_teardown_tdls_peers(sdata); 1194 1195 mutex_lock(&local->mtx); 1196 mutex_lock(&local->chanctx_mtx); 1197 conf = rcu_dereference_protected(sdata->vif.chanctx_conf, 1198 lockdep_is_held(&local->chanctx_mtx)); 1199 if (!conf) { 1200 sdata_info(sdata, 1201 "no channel context assigned to vif?, disconnecting\n"); 1202 goto drop_connection; 1203 } 1204 1205 chanctx = container_of(conf, struct ieee80211_chanctx, conf); 1206 1207 if (local->use_chanctx && 1208 !ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) { 1209 sdata_info(sdata, 1210 "driver doesn't support chan-switch with channel contexts\n"); 1211 goto drop_connection; 1212 } 1213 1214 ch_switch.timestamp = timestamp; 1215 ch_switch.device_timestamp = device_timestamp; 1216 ch_switch.block_tx = csa_ie.mode; 1217 ch_switch.chandef = csa_ie.chandef; 1218 ch_switch.count = csa_ie.count; 1219 1220 if (drv_pre_channel_switch(sdata, &ch_switch)) { 1221 sdata_info(sdata, 1222 "preparing for channel switch failed, disconnecting\n"); 1223 goto drop_connection; 1224 } 1225 1226 res = ieee80211_vif_reserve_chanctx(sdata, &csa_ie.chandef, 1227 chanctx->mode, false); 1228 if (res) { 1229 sdata_info(sdata, 1230 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n", 1231 res); 1232 goto drop_connection; 1233 } 1234 mutex_unlock(&local->chanctx_mtx); 1235 1236 sdata->vif.csa_active = true; 1237 sdata->csa_chandef = csa_ie.chandef; 1238 sdata->csa_block_tx = csa_ie.mode; 1239 ifmgd->csa_ignored_same_chan = false; 1240 1241 if (sdata->csa_block_tx) 1242 ieee80211_stop_vif_queues(local, sdata, 1243 IEEE80211_QUEUE_STOP_REASON_CSA); 1244 mutex_unlock(&local->mtx); 1245 1246 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chandef, 1247 csa_ie.count); 1248 1249 if (local->ops->channel_switch) { 1250 /* use driver's channel switch callback */ 1251 drv_channel_switch(local, sdata, &ch_switch); 1252 return; 1253 } 1254 1255 /* channel switch handled in software */ 1256 if (csa_ie.count <= 1) 1257 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1258 else 1259 mod_timer(&ifmgd->chswitch_timer, 1260 TU_TO_EXP_TIME((csa_ie.count - 1) * 1261 cbss->beacon_interval)); 1262 return; 1263 drop_connection: 1264 ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work); 1265 mutex_unlock(&local->chanctx_mtx); 1266 mutex_unlock(&local->mtx); 1267} 1268 1269static bool 1270ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata, 1271 struct ieee80211_channel *channel, 1272 const u8 *country_ie, u8 country_ie_len, 1273 const u8 *pwr_constr_elem, 1274 int *chan_pwr, int *pwr_reduction) 1275{ 1276 struct ieee80211_country_ie_triplet *triplet; 1277 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1278 int i, chan_increment; 1279 bool have_chan_pwr = false; 1280 1281 /* Invalid IE */ 1282 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1283 return false; 1284 1285 triplet = (void *)(country_ie + 3); 1286 country_ie_len -= 3; 1287 1288 switch (channel->band) { 1289 default: 1290 WARN_ON_ONCE(1); 1291 /* fall through */ 1292 case IEEE80211_BAND_2GHZ: 1293 case IEEE80211_BAND_60GHZ: 1294 chan_increment = 1; 1295 break; 1296 case IEEE80211_BAND_5GHZ: 1297 chan_increment = 4; 1298 break; 1299 } 1300 1301 /* find channel */ 1302 while (country_ie_len >= 3) { 1303 u8 first_channel = triplet->chans.first_channel; 1304 1305 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1306 goto next; 1307 1308 for (i = 0; i < triplet->chans.num_channels; i++) { 1309 if (first_channel + i * chan_increment == chan) { 1310 have_chan_pwr = true; 1311 *chan_pwr = triplet->chans.max_power; 1312 break; 1313 } 1314 } 1315 if (have_chan_pwr) 1316 break; 1317 1318 next: 1319 triplet++; 1320 country_ie_len -= 3; 1321 } 1322 1323 if (have_chan_pwr && pwr_constr_elem) 1324 *pwr_reduction = *pwr_constr_elem; 1325 else 1326 *pwr_reduction = 0; 1327 1328 return have_chan_pwr; 1329} 1330 1331static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata, 1332 struct ieee80211_channel *channel, 1333 const u8 *cisco_dtpc_ie, 1334 int *pwr_level) 1335{ 1336 /* From practical testing, the first data byte of the DTPC element 1337 * seems to contain the requested dBm level, and the CLI on Cisco 1338 * APs clearly state the range is -127 to 127 dBm, which indicates 1339 * a signed byte, although it seemingly never actually goes negative. 1340 * The other byte seems to always be zero. 1341 */ 1342 *pwr_level = (__s8)cisco_dtpc_ie[4]; 1343} 1344 1345static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1346 struct ieee80211_channel *channel, 1347 struct ieee80211_mgmt *mgmt, 1348 const u8 *country_ie, u8 country_ie_len, 1349 const u8 *pwr_constr_ie, 1350 const u8 *cisco_dtpc_ie) 1351{ 1352 bool has_80211h_pwr = false, has_cisco_pwr = false; 1353 int chan_pwr = 0, pwr_reduction_80211h = 0; 1354 int pwr_level_cisco, pwr_level_80211h; 1355 int new_ap_level; 1356 __le16 capab = mgmt->u.probe_resp.capab_info; 1357 1358 if (country_ie && 1359 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) || 1360 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) { 1361 has_80211h_pwr = ieee80211_find_80211h_pwr_constr( 1362 sdata, channel, country_ie, country_ie_len, 1363 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h); 1364 pwr_level_80211h = 1365 max_t(int, 0, chan_pwr - pwr_reduction_80211h); 1366 } 1367 1368 if (cisco_dtpc_ie) { 1369 ieee80211_find_cisco_dtpc( 1370 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco); 1371 has_cisco_pwr = true; 1372 } 1373 1374 if (!has_80211h_pwr && !has_cisco_pwr) 1375 return 0; 1376 1377 /* If we have both 802.11h and Cisco DTPC, apply both limits 1378 * by picking the smallest of the two power levels advertised. 1379 */ 1380 if (has_80211h_pwr && 1381 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) { 1382 new_ap_level = pwr_level_80211h; 1383 1384 if (sdata->ap_power_level == new_ap_level) 1385 return 0; 1386 1387 sdata_dbg(sdata, 1388 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1389 pwr_level_80211h, chan_pwr, pwr_reduction_80211h, 1390 sdata->u.mgd.bssid); 1391 } else { /* has_cisco_pwr is always true here. */ 1392 new_ap_level = pwr_level_cisco; 1393 1394 if (sdata->ap_power_level == new_ap_level) 1395 return 0; 1396 1397 sdata_dbg(sdata, 1398 "Limiting TX power to %d dBm as advertised by %pM\n", 1399 pwr_level_cisco, sdata->u.mgd.bssid); 1400 } 1401 1402 sdata->ap_power_level = new_ap_level; 1403 if (__ieee80211_recalc_txpower(sdata)) 1404 return BSS_CHANGED_TXPOWER; 1405 return 0; 1406} 1407 1408/* powersave */ 1409static void ieee80211_enable_ps(struct ieee80211_local *local, 1410 struct ieee80211_sub_if_data *sdata) 1411{ 1412 struct ieee80211_conf *conf = &local->hw.conf; 1413 1414 /* 1415 * If we are scanning right now then the parameters will 1416 * take effect when scan finishes. 1417 */ 1418 if (local->scanning) 1419 return; 1420 1421 if (conf->dynamic_ps_timeout > 0 && 1422 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) { 1423 mod_timer(&local->dynamic_ps_timer, jiffies + 1424 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1425 } else { 1426 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) 1427 ieee80211_send_nullfunc(local, sdata, true); 1428 1429 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) && 1430 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 1431 return; 1432 1433 conf->flags |= IEEE80211_CONF_PS; 1434 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1435 } 1436} 1437 1438static void ieee80211_change_ps(struct ieee80211_local *local) 1439{ 1440 struct ieee80211_conf *conf = &local->hw.conf; 1441 1442 if (local->ps_sdata) { 1443 ieee80211_enable_ps(local, local->ps_sdata); 1444 } else if (conf->flags & IEEE80211_CONF_PS) { 1445 conf->flags &= ~IEEE80211_CONF_PS; 1446 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1447 del_timer_sync(&local->dynamic_ps_timer); 1448 cancel_work_sync(&local->dynamic_ps_enable_work); 1449 } 1450} 1451 1452static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1453{ 1454 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1455 struct sta_info *sta = NULL; 1456 bool authorized = false; 1457 1458 if (!mgd->powersave) 1459 return false; 1460 1461 if (mgd->broken_ap) 1462 return false; 1463 1464 if (!mgd->associated) 1465 return false; 1466 1467 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL) 1468 return false; 1469 1470 if (!mgd->have_beacon) 1471 return false; 1472 1473 rcu_read_lock(); 1474 sta = sta_info_get(sdata, mgd->bssid); 1475 if (sta) 1476 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1477 rcu_read_unlock(); 1478 1479 return authorized; 1480} 1481 1482/* need to hold RTNL or interface lock */ 1483void ieee80211_recalc_ps(struct ieee80211_local *local) 1484{ 1485 struct ieee80211_sub_if_data *sdata, *found = NULL; 1486 int count = 0; 1487 int timeout; 1488 1489 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS)) { 1490 local->ps_sdata = NULL; 1491 return; 1492 } 1493 1494 list_for_each_entry(sdata, &local->interfaces, list) { 1495 if (!ieee80211_sdata_running(sdata)) 1496 continue; 1497 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1498 /* If an AP vif is found, then disable PS 1499 * by setting the count to zero thereby setting 1500 * ps_sdata to NULL. 1501 */ 1502 count = 0; 1503 break; 1504 } 1505 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1506 continue; 1507 found = sdata; 1508 count++; 1509 } 1510 1511 if (count == 1 && ieee80211_powersave_allowed(found)) { 1512 u8 dtimper = found->u.mgd.dtim_period; 1513 s32 beaconint_us; 1514 1515 beaconint_us = ieee80211_tu_to_usec( 1516 found->vif.bss_conf.beacon_int); 1517 1518 timeout = local->dynamic_ps_forced_timeout; 1519 if (timeout < 0) 1520 timeout = 100; 1521 local->hw.conf.dynamic_ps_timeout = timeout; 1522 1523 /* If the TIM IE is invalid, pretend the value is 1 */ 1524 if (!dtimper) 1525 dtimper = 1; 1526 1527 local->hw.conf.ps_dtim_period = dtimper; 1528 local->ps_sdata = found; 1529 } else { 1530 local->ps_sdata = NULL; 1531 } 1532 1533 ieee80211_change_ps(local); 1534} 1535 1536void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1537{ 1538 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1539 1540 if (sdata->vif.bss_conf.ps != ps_allowed) { 1541 sdata->vif.bss_conf.ps = ps_allowed; 1542 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1543 } 1544} 1545 1546void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1547{ 1548 struct ieee80211_local *local = 1549 container_of(work, struct ieee80211_local, 1550 dynamic_ps_disable_work); 1551 1552 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1553 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1554 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1555 } 1556 1557 ieee80211_wake_queues_by_reason(&local->hw, 1558 IEEE80211_MAX_QUEUE_MAP, 1559 IEEE80211_QUEUE_STOP_REASON_PS, 1560 false); 1561} 1562 1563void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1564{ 1565 struct ieee80211_local *local = 1566 container_of(work, struct ieee80211_local, 1567 dynamic_ps_enable_work); 1568 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1569 struct ieee80211_if_managed *ifmgd; 1570 unsigned long flags; 1571 int q; 1572 1573 /* can only happen when PS was just disabled anyway */ 1574 if (!sdata) 1575 return; 1576 1577 ifmgd = &sdata->u.mgd; 1578 1579 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1580 return; 1581 1582 if (local->hw.conf.dynamic_ps_timeout > 0) { 1583 /* don't enter PS if TX frames are pending */ 1584 if (drv_tx_frames_pending(local)) { 1585 mod_timer(&local->dynamic_ps_timer, jiffies + 1586 msecs_to_jiffies( 1587 local->hw.conf.dynamic_ps_timeout)); 1588 return; 1589 } 1590 1591 /* 1592 * transmission can be stopped by others which leads to 1593 * dynamic_ps_timer expiry. Postpone the ps timer if it 1594 * is not the actual idle state. 1595 */ 1596 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1597 for (q = 0; q < local->hw.queues; q++) { 1598 if (local->queue_stop_reasons[q]) { 1599 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1600 flags); 1601 mod_timer(&local->dynamic_ps_timer, jiffies + 1602 msecs_to_jiffies( 1603 local->hw.conf.dynamic_ps_timeout)); 1604 return; 1605 } 1606 } 1607 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1608 } 1609 1610 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) && 1611 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1612 if (drv_tx_frames_pending(local)) { 1613 mod_timer(&local->dynamic_ps_timer, jiffies + 1614 msecs_to_jiffies( 1615 local->hw.conf.dynamic_ps_timeout)); 1616 } else { 1617 ieee80211_send_nullfunc(local, sdata, true); 1618 /* Flush to get the tx status of nullfunc frame */ 1619 ieee80211_flush_queues(local, sdata, false); 1620 } 1621 } 1622 1623 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) && 1624 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) || 1625 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1626 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1627 local->hw.conf.flags |= IEEE80211_CONF_PS; 1628 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1629 } 1630} 1631 1632void ieee80211_dynamic_ps_timer(unsigned long data) 1633{ 1634 struct ieee80211_local *local = (void *) data; 1635 1636 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1637} 1638 1639void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1640{ 1641 struct delayed_work *delayed_work = 1642 container_of(work, struct delayed_work, work); 1643 struct ieee80211_sub_if_data *sdata = 1644 container_of(delayed_work, struct ieee80211_sub_if_data, 1645 dfs_cac_timer_work); 1646 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef; 1647 1648 mutex_lock(&sdata->local->mtx); 1649 if (sdata->wdev.cac_started) { 1650 ieee80211_vif_release_channel(sdata); 1651 cfg80211_cac_event(sdata->dev, &chandef, 1652 NL80211_RADAR_CAC_FINISHED, 1653 GFP_KERNEL); 1654 } 1655 mutex_unlock(&sdata->local->mtx); 1656} 1657 1658static bool 1659__ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 1660{ 1661 struct ieee80211_local *local = sdata->local; 1662 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1663 bool ret = false; 1664 int ac; 1665 1666 if (local->hw.queues < IEEE80211_NUM_ACS) 1667 return false; 1668 1669 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 1670 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac]; 1671 int non_acm_ac; 1672 unsigned long now = jiffies; 1673 1674 if (tx_tspec->action == TX_TSPEC_ACTION_NONE && 1675 tx_tspec->admitted_time && 1676 time_after(now, tx_tspec->time_slice_start + HZ)) { 1677 tx_tspec->consumed_tx_time = 0; 1678 tx_tspec->time_slice_start = now; 1679 1680 if (tx_tspec->downgraded) 1681 tx_tspec->action = 1682 TX_TSPEC_ACTION_STOP_DOWNGRADE; 1683 } 1684 1685 switch (tx_tspec->action) { 1686 case TX_TSPEC_ACTION_STOP_DOWNGRADE: 1687 /* take the original parameters */ 1688 if (drv_conf_tx(local, sdata, ac, &sdata->tx_conf[ac])) 1689 sdata_err(sdata, 1690 "failed to set TX queue parameters for queue %d\n", 1691 ac); 1692 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1693 tx_tspec->downgraded = false; 1694 ret = true; 1695 break; 1696 case TX_TSPEC_ACTION_DOWNGRADE: 1697 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 1698 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1699 ret = true; 1700 break; 1701 } 1702 /* downgrade next lower non-ACM AC */ 1703 for (non_acm_ac = ac + 1; 1704 non_acm_ac < IEEE80211_NUM_ACS; 1705 non_acm_ac++) 1706 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac))) 1707 break; 1708 /* The loop will result in using BK even if it requires 1709 * admission control, such configuration makes no sense 1710 * and we have to transmit somehow - the AC selection 1711 * does the same thing. 1712 */ 1713 if (drv_conf_tx(local, sdata, ac, 1714 &sdata->tx_conf[non_acm_ac])) 1715 sdata_err(sdata, 1716 "failed to set TX queue parameters for queue %d\n", 1717 ac); 1718 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1719 ret = true; 1720 schedule_delayed_work(&ifmgd->tx_tspec_wk, 1721 tx_tspec->time_slice_start + HZ - now + 1); 1722 break; 1723 case TX_TSPEC_ACTION_NONE: 1724 /* nothing now */ 1725 break; 1726 } 1727 } 1728 1729 return ret; 1730} 1731 1732void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 1733{ 1734 if (__ieee80211_sta_handle_tspec_ac_params(sdata)) 1735 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS); 1736} 1737 1738static void ieee80211_sta_handle_tspec_ac_params_wk(struct work_struct *work) 1739{ 1740 struct ieee80211_sub_if_data *sdata; 1741 1742 sdata = container_of(work, struct ieee80211_sub_if_data, 1743 u.mgd.tx_tspec_wk.work); 1744 ieee80211_sta_handle_tspec_ac_params(sdata); 1745} 1746 1747/* MLME */ 1748static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1749 struct ieee80211_sub_if_data *sdata, 1750 const u8 *wmm_param, size_t wmm_param_len) 1751{ 1752 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS]; 1753 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1754 size_t left; 1755 int count, ac; 1756 const u8 *pos; 1757 u8 uapsd_queues = 0; 1758 1759 if (!local->ops->conf_tx) 1760 return false; 1761 1762 if (local->hw.queues < IEEE80211_NUM_ACS) 1763 return false; 1764 1765 if (!wmm_param) 1766 return false; 1767 1768 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1769 return false; 1770 1771 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1772 uapsd_queues = ifmgd->uapsd_queues; 1773 1774 count = wmm_param[6] & 0x0f; 1775 if (count == ifmgd->wmm_last_param_set) 1776 return false; 1777 ifmgd->wmm_last_param_set = count; 1778 1779 pos = wmm_param + 8; 1780 left = wmm_param_len - 8; 1781 1782 memset(¶ms, 0, sizeof(params)); 1783 1784 sdata->wmm_acm = 0; 1785 for (; left >= 4; left -= 4, pos += 4) { 1786 int aci = (pos[0] >> 5) & 0x03; 1787 int acm = (pos[0] >> 4) & 0x01; 1788 bool uapsd = false; 1789 1790 switch (aci) { 1791 case 1: /* AC_BK */ 1792 ac = IEEE80211_AC_BK; 1793 if (acm) 1794 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1795 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1796 uapsd = true; 1797 break; 1798 case 2: /* AC_VI */ 1799 ac = IEEE80211_AC_VI; 1800 if (acm) 1801 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1802 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1803 uapsd = true; 1804 break; 1805 case 3: /* AC_VO */ 1806 ac = IEEE80211_AC_VO; 1807 if (acm) 1808 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1809 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1810 uapsd = true; 1811 break; 1812 case 0: /* AC_BE */ 1813 default: 1814 ac = IEEE80211_AC_BE; 1815 if (acm) 1816 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1817 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1818 uapsd = true; 1819 break; 1820 } 1821 1822 params[ac].aifs = pos[0] & 0x0f; 1823 1824 if (params[ac].aifs < 2) { 1825 sdata_info(sdata, 1826 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n", 1827 params[ac].aifs, aci); 1828 params[ac].aifs = 2; 1829 } 1830 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1831 params[ac].cw_min = ecw2cw(pos[1] & 0x0f); 1832 params[ac].txop = get_unaligned_le16(pos + 2); 1833 params[ac].acm = acm; 1834 params[ac].uapsd = uapsd; 1835 1836 if (params[ac].cw_min > params[ac].cw_max) { 1837 sdata_info(sdata, 1838 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n", 1839 params[ac].cw_min, params[ac].cw_max, aci); 1840 return false; 1841 } 1842 } 1843 1844 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 1845 mlme_dbg(sdata, 1846 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n", 1847 ac, params[ac].acm, 1848 params[ac].aifs, params[ac].cw_min, params[ac].cw_max, 1849 params[ac].txop, params[ac].uapsd, 1850 ifmgd->tx_tspec[ac].downgraded); 1851 sdata->tx_conf[ac] = params[ac]; 1852 if (!ifmgd->tx_tspec[ac].downgraded && 1853 drv_conf_tx(local, sdata, ac, ¶ms[ac])) 1854 sdata_err(sdata, 1855 "failed to set TX queue parameters for AC %d\n", 1856 ac); 1857 } 1858 1859 /* enable WMM or activate new settings */ 1860 sdata->vif.bss_conf.qos = true; 1861 return true; 1862} 1863 1864static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1865{ 1866 lockdep_assert_held(&sdata->local->mtx); 1867 1868 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL; 1869 ieee80211_run_deferred_scan(sdata->local); 1870} 1871 1872static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1873{ 1874 mutex_lock(&sdata->local->mtx); 1875 __ieee80211_stop_poll(sdata); 1876 mutex_unlock(&sdata->local->mtx); 1877} 1878 1879static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1880 u16 capab, bool erp_valid, u8 erp) 1881{ 1882 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1883 u32 changed = 0; 1884 bool use_protection; 1885 bool use_short_preamble; 1886 bool use_short_slot; 1887 1888 if (erp_valid) { 1889 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1890 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1891 } else { 1892 use_protection = false; 1893 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1894 } 1895 1896 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1897 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1898 use_short_slot = true; 1899 1900 if (use_protection != bss_conf->use_cts_prot) { 1901 bss_conf->use_cts_prot = use_protection; 1902 changed |= BSS_CHANGED_ERP_CTS_PROT; 1903 } 1904 1905 if (use_short_preamble != bss_conf->use_short_preamble) { 1906 bss_conf->use_short_preamble = use_short_preamble; 1907 changed |= BSS_CHANGED_ERP_PREAMBLE; 1908 } 1909 1910 if (use_short_slot != bss_conf->use_short_slot) { 1911 bss_conf->use_short_slot = use_short_slot; 1912 changed |= BSS_CHANGED_ERP_SLOT; 1913 } 1914 1915 return changed; 1916} 1917 1918static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1919 struct cfg80211_bss *cbss, 1920 u32 bss_info_changed) 1921{ 1922 struct ieee80211_bss *bss = (void *)cbss->priv; 1923 struct ieee80211_local *local = sdata->local; 1924 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1925 1926 bss_info_changed |= BSS_CHANGED_ASSOC; 1927 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1928 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1929 1930 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1931 beacon_loss_count * bss_conf->beacon_int)); 1932 1933 sdata->u.mgd.associated = cbss; 1934 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1935 1936 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1937 1938 if (sdata->vif.p2p) { 1939 const struct cfg80211_bss_ies *ies; 1940 1941 rcu_read_lock(); 1942 ies = rcu_dereference(cbss->ies); 1943 if (ies) { 1944 int ret; 1945 1946 ret = cfg80211_get_p2p_attr( 1947 ies->data, ies->len, 1948 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1949 (u8 *) &bss_conf->p2p_noa_attr, 1950 sizeof(bss_conf->p2p_noa_attr)); 1951 if (ret >= 2) { 1952 sdata->u.mgd.p2p_noa_index = 1953 bss_conf->p2p_noa_attr.index; 1954 bss_info_changed |= BSS_CHANGED_P2P_PS; 1955 } 1956 } 1957 rcu_read_unlock(); 1958 } 1959 1960 /* just to be sure */ 1961 ieee80211_stop_poll(sdata); 1962 1963 ieee80211_led_assoc(local, 1); 1964 1965 if (sdata->u.mgd.have_beacon) { 1966 /* 1967 * If the AP is buggy we may get here with no DTIM period 1968 * known, so assume it's 1 which is the only safe assumption 1969 * in that case, although if the TIM IE is broken powersave 1970 * probably just won't work at all. 1971 */ 1972 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1973 bss_conf->beacon_rate = bss->beacon_rate; 1974 bss_info_changed |= BSS_CHANGED_BEACON_INFO; 1975 } else { 1976 bss_conf->beacon_rate = NULL; 1977 bss_conf->dtim_period = 0; 1978 } 1979 1980 bss_conf->assoc = 1; 1981 1982 /* Tell the driver to monitor connection quality (if supported) */ 1983 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1984 bss_conf->cqm_rssi_thold) 1985 bss_info_changed |= BSS_CHANGED_CQM; 1986 1987 /* Enable ARP filtering */ 1988 if (bss_conf->arp_addr_cnt) 1989 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1990 1991 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1992 1993 mutex_lock(&local->iflist_mtx); 1994 ieee80211_recalc_ps(local); 1995 mutex_unlock(&local->iflist_mtx); 1996 1997 ieee80211_recalc_smps(sdata); 1998 ieee80211_recalc_ps_vif(sdata); 1999 2000 netif_carrier_on(sdata->dev); 2001} 2002 2003static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 2004 u16 stype, u16 reason, bool tx, 2005 u8 *frame_buf) 2006{ 2007 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2008 struct ieee80211_local *local = sdata->local; 2009 u32 changed = 0; 2010 2011 sdata_assert_lock(sdata); 2012 2013 if (WARN_ON_ONCE(tx && !frame_buf)) 2014 return; 2015 2016 if (WARN_ON(!ifmgd->associated)) 2017 return; 2018 2019 ieee80211_stop_poll(sdata); 2020 2021 ifmgd->associated = NULL; 2022 netif_carrier_off(sdata->dev); 2023 2024 /* 2025 * if we want to get out of ps before disassoc (why?) we have 2026 * to do it before sending disassoc, as otherwise the null-packet 2027 * won't be valid. 2028 */ 2029 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 2030 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 2031 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2032 } 2033 local->ps_sdata = NULL; 2034 2035 /* disable per-vif ps */ 2036 ieee80211_recalc_ps_vif(sdata); 2037 2038 /* make sure ongoing transmission finishes */ 2039 synchronize_net(); 2040 2041 /* 2042 * drop any frame before deauth/disassoc, this can be data or 2043 * management frame. Since we are disconnecting, we should not 2044 * insist sending these frames which can take time and delay 2045 * the disconnection and possible the roaming. 2046 */ 2047 if (tx) 2048 ieee80211_flush_queues(local, sdata, true); 2049 2050 /* deauthenticate/disassociate now */ 2051 if (tx || frame_buf) 2052 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 2053 reason, tx, frame_buf); 2054 2055 /* flush out frame - make sure the deauth was actually sent */ 2056 if (tx) 2057 ieee80211_flush_queues(local, sdata, false); 2058 2059 /* clear bssid only after building the needed mgmt frames */ 2060 eth_zero_addr(ifmgd->bssid); 2061 2062 /* remove AP and TDLS peers */ 2063 sta_info_flush(sdata); 2064 2065 /* finally reset all BSS / config parameters */ 2066 changed |= ieee80211_reset_erp_info(sdata); 2067 2068 ieee80211_led_assoc(local, 0); 2069 changed |= BSS_CHANGED_ASSOC; 2070 sdata->vif.bss_conf.assoc = false; 2071 2072 ifmgd->p2p_noa_index = -1; 2073 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 2074 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 2075 2076 /* on the next assoc, re-program HT/VHT parameters */ 2077 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 2078 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 2079 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 2080 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 2081 sdata->flags &= ~IEEE80211_SDATA_MU_MIMO_OWNER; 2082 2083 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 2084 2085 del_timer_sync(&local->dynamic_ps_timer); 2086 cancel_work_sync(&local->dynamic_ps_enable_work); 2087 2088 /* Disable ARP filtering */ 2089 if (sdata->vif.bss_conf.arp_addr_cnt) 2090 changed |= BSS_CHANGED_ARP_FILTER; 2091 2092 sdata->vif.bss_conf.qos = false; 2093 changed |= BSS_CHANGED_QOS; 2094 2095 /* The BSSID (not really interesting) and HT changed */ 2096 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 2097 ieee80211_bss_info_change_notify(sdata, changed); 2098 2099 /* disassociated - set to defaults now */ 2100 ieee80211_set_wmm_default(sdata, false, false); 2101 2102 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 2103 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 2104 del_timer_sync(&sdata->u.mgd.timer); 2105 del_timer_sync(&sdata->u.mgd.chswitch_timer); 2106 2107 sdata->vif.bss_conf.dtim_period = 0; 2108 sdata->vif.bss_conf.beacon_rate = NULL; 2109 2110 ifmgd->have_beacon = false; 2111 2112 ifmgd->flags = 0; 2113 mutex_lock(&local->mtx); 2114 ieee80211_vif_release_channel(sdata); 2115 2116 sdata->vif.csa_active = false; 2117 ifmgd->csa_waiting_bcn = false; 2118 ifmgd->csa_ignored_same_chan = false; 2119 if (sdata->csa_block_tx) { 2120 ieee80211_wake_vif_queues(local, sdata, 2121 IEEE80211_QUEUE_STOP_REASON_CSA); 2122 sdata->csa_block_tx = false; 2123 } 2124 mutex_unlock(&local->mtx); 2125 2126 /* existing TX TSPEC sessions no longer exist */ 2127 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec)); 2128 cancel_delayed_work_sync(&ifmgd->tx_tspec_wk); 2129 2130 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM; 2131} 2132 2133void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 2134 struct ieee80211_hdr *hdr) 2135{ 2136 /* 2137 * We can postpone the mgd.timer whenever receiving unicast frames 2138 * from AP because we know that the connection is working both ways 2139 * at that time. But multicast frames (and hence also beacons) must 2140 * be ignored here, because we need to trigger the timer during 2141 * data idle periods for sending the periodic probe request to the 2142 * AP we're connected to. 2143 */ 2144 if (is_multicast_ether_addr(hdr->addr1)) 2145 return; 2146 2147 ieee80211_sta_reset_conn_monitor(sdata); 2148} 2149 2150static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 2151{ 2152 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2153 struct ieee80211_local *local = sdata->local; 2154 2155 mutex_lock(&local->mtx); 2156 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)) 2157 goto out; 2158 2159 __ieee80211_stop_poll(sdata); 2160 2161 mutex_lock(&local->iflist_mtx); 2162 ieee80211_recalc_ps(local); 2163 mutex_unlock(&local->iflist_mtx); 2164 2165 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 2166 goto out; 2167 2168 /* 2169 * We've received a probe response, but are not sure whether 2170 * we have or will be receiving any beacons or data, so let's 2171 * schedule the timers again, just in case. 2172 */ 2173 ieee80211_sta_reset_beacon_monitor(sdata); 2174 2175 mod_timer(&ifmgd->conn_mon_timer, 2176 round_jiffies_up(jiffies + 2177 IEEE80211_CONNECTION_IDLE_TIME)); 2178out: 2179 mutex_unlock(&local->mtx); 2180} 2181 2182static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata, 2183 struct ieee80211_hdr *hdr, 2184 u16 tx_time) 2185{ 2186 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2187 u16 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK; 2188 int ac = ieee80211_ac_from_tid(tid); 2189 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac]; 2190 unsigned long now = jiffies; 2191 2192 if (likely(!tx_tspec->admitted_time)) 2193 return; 2194 2195 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 2196 tx_tspec->consumed_tx_time = 0; 2197 tx_tspec->time_slice_start = now; 2198 2199 if (tx_tspec->downgraded) { 2200 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE; 2201 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0); 2202 } 2203 } 2204 2205 if (tx_tspec->downgraded) 2206 return; 2207 2208 tx_tspec->consumed_tx_time += tx_time; 2209 2210 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) { 2211 tx_tspec->downgraded = true; 2212 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE; 2213 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0); 2214 } 2215} 2216 2217void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 2218 struct ieee80211_hdr *hdr, bool ack, u16 tx_time) 2219{ 2220 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time); 2221 2222 if (!ieee80211_is_data(hdr->frame_control)) 2223 return; 2224 2225 if (ieee80211_is_nullfunc(hdr->frame_control) && 2226 sdata->u.mgd.probe_send_count > 0) { 2227 if (ack) 2228 ieee80211_sta_reset_conn_monitor(sdata); 2229 else 2230 sdata->u.mgd.nullfunc_failed = true; 2231 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 2232 return; 2233 } 2234 2235 if (ack) 2236 ieee80211_sta_reset_conn_monitor(sdata); 2237} 2238 2239static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 2240{ 2241 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2242 const u8 *ssid; 2243 u8 *dst = ifmgd->associated->bssid; 2244 u8 unicast_limit = max(1, max_probe_tries - 3); 2245 2246 /* 2247 * Try sending broadcast probe requests for the last three 2248 * probe requests after the first ones failed since some 2249 * buggy APs only support broadcast probe requests. 2250 */ 2251 if (ifmgd->probe_send_count >= unicast_limit) 2252 dst = NULL; 2253 2254 /* 2255 * When the hardware reports an accurate Tx ACK status, it's 2256 * better to send a nullfunc frame instead of a probe request, 2257 * as it will kick us off the AP quickly if we aren't associated 2258 * anymore. The timeout will be reset if the frame is ACKed by 2259 * the AP. 2260 */ 2261 ifmgd->probe_send_count++; 2262 2263 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) { 2264 ifmgd->nullfunc_failed = false; 2265 ieee80211_send_nullfunc(sdata->local, sdata, false); 2266 } else { 2267 int ssid_len; 2268 2269 rcu_read_lock(); 2270 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 2271 if (WARN_ON_ONCE(ssid == NULL)) 2272 ssid_len = 0; 2273 else 2274 ssid_len = ssid[1]; 2275 2276 ieee80211_send_probe_req(sdata, sdata->vif.addr, dst, 2277 ssid + 2, ssid_len, NULL, 2278 0, (u32) -1, true, 0, 2279 ifmgd->associated->channel, false); 2280 rcu_read_unlock(); 2281 } 2282 2283 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 2284 run_again(sdata, ifmgd->probe_timeout); 2285} 2286 2287static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 2288 bool beacon) 2289{ 2290 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2291 bool already = false; 2292 2293 if (!ieee80211_sdata_running(sdata)) 2294 return; 2295 2296 sdata_lock(sdata); 2297 2298 if (!ifmgd->associated) 2299 goto out; 2300 2301 mutex_lock(&sdata->local->mtx); 2302 2303 if (sdata->local->tmp_channel || sdata->local->scanning) { 2304 mutex_unlock(&sdata->local->mtx); 2305 goto out; 2306 } 2307 2308 if (beacon) { 2309 mlme_dbg_ratelimited(sdata, 2310 "detected beacon loss from AP (missed %d beacons) - probing\n", 2311 beacon_loss_count); 2312 2313 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL); 2314 } 2315 2316 /* 2317 * The driver/our work has already reported this event or the 2318 * connection monitoring has kicked in and we have already sent 2319 * a probe request. Or maybe the AP died and the driver keeps 2320 * reporting until we disassociate... 2321 * 2322 * In either case we have to ignore the current call to this 2323 * function (except for setting the correct probe reason bit) 2324 * because otherwise we would reset the timer every time and 2325 * never check whether we received a probe response! 2326 */ 2327 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 2328 already = true; 2329 2330 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 2331 2332 mutex_unlock(&sdata->local->mtx); 2333 2334 if (already) 2335 goto out; 2336 2337 mutex_lock(&sdata->local->iflist_mtx); 2338 ieee80211_recalc_ps(sdata->local); 2339 mutex_unlock(&sdata->local->iflist_mtx); 2340 2341 ifmgd->probe_send_count = 0; 2342 ieee80211_mgd_probe_ap_send(sdata); 2343 out: 2344 sdata_unlock(sdata); 2345} 2346 2347struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 2348 struct ieee80211_vif *vif) 2349{ 2350 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2351 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2352 struct cfg80211_bss *cbss; 2353 struct sk_buff *skb; 2354 const u8 *ssid; 2355 int ssid_len; 2356 2357 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2358 return NULL; 2359 2360 sdata_assert_lock(sdata); 2361 2362 if (ifmgd->associated) 2363 cbss = ifmgd->associated; 2364 else if (ifmgd->auth_data) 2365 cbss = ifmgd->auth_data->bss; 2366 else if (ifmgd->assoc_data) 2367 cbss = ifmgd->assoc_data->bss; 2368 else 2369 return NULL; 2370 2371 rcu_read_lock(); 2372 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 2373 if (WARN_ON_ONCE(ssid == NULL)) 2374 ssid_len = 0; 2375 else 2376 ssid_len = ssid[1]; 2377 2378 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid, 2379 (u32) -1, cbss->channel, 2380 ssid + 2, ssid_len, 2381 NULL, 0, true); 2382 rcu_read_unlock(); 2383 2384 return skb; 2385} 2386EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2387 2388static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata, 2389 const u8 *buf, size_t len, bool tx, 2390 u16 reason) 2391{ 2392 struct ieee80211_event event = { 2393 .type = MLME_EVENT, 2394 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT, 2395 .u.mlme.reason = reason, 2396 }; 2397 2398 if (tx) 2399 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len); 2400 else 2401 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len); 2402 2403 drv_event_callback(sdata->local, sdata, &event); 2404} 2405 2406static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2407{ 2408 struct ieee80211_local *local = sdata->local; 2409 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2410 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2411 2412 sdata_lock(sdata); 2413 if (!ifmgd->associated) { 2414 sdata_unlock(sdata); 2415 return; 2416 } 2417 2418 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2419 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2420 true, frame_buf); 2421 mutex_lock(&local->mtx); 2422 sdata->vif.csa_active = false; 2423 ifmgd->csa_waiting_bcn = false; 2424 if (sdata->csa_block_tx) { 2425 ieee80211_wake_vif_queues(local, sdata, 2426 IEEE80211_QUEUE_STOP_REASON_CSA); 2427 sdata->csa_block_tx = false; 2428 } 2429 mutex_unlock(&local->mtx); 2430 2431 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true, 2432 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); 2433 2434 sdata_unlock(sdata); 2435} 2436 2437static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2438{ 2439 struct ieee80211_sub_if_data *sdata = 2440 container_of(work, struct ieee80211_sub_if_data, 2441 u.mgd.beacon_connection_loss_work); 2442 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2443 2444 if (ifmgd->associated) 2445 ifmgd->beacon_loss_count++; 2446 2447 if (ifmgd->connection_loss) { 2448 sdata_info(sdata, "Connection to AP %pM lost\n", 2449 ifmgd->bssid); 2450 __ieee80211_disconnect(sdata); 2451 } else { 2452 ieee80211_mgd_probe_ap(sdata, true); 2453 } 2454} 2455 2456static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2457{ 2458 struct ieee80211_sub_if_data *sdata = 2459 container_of(work, struct ieee80211_sub_if_data, 2460 u.mgd.csa_connection_drop_work); 2461 2462 __ieee80211_disconnect(sdata); 2463} 2464 2465void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2466{ 2467 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2468 struct ieee80211_hw *hw = &sdata->local->hw; 2469 2470 trace_api_beacon_loss(sdata); 2471 2472 sdata->u.mgd.connection_loss = false; 2473 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2474} 2475EXPORT_SYMBOL(ieee80211_beacon_loss); 2476 2477void ieee80211_connection_loss(struct ieee80211_vif *vif) 2478{ 2479 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2480 struct ieee80211_hw *hw = &sdata->local->hw; 2481 2482 trace_api_connection_loss(sdata); 2483 2484 sdata->u.mgd.connection_loss = true; 2485 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2486} 2487EXPORT_SYMBOL(ieee80211_connection_loss); 2488 2489 2490static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2491 bool assoc) 2492{ 2493 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2494 2495 sdata_assert_lock(sdata); 2496 2497 if (!assoc) { 2498 /* 2499 * we are not authenticated yet, the only timer that could be 2500 * running is the timeout for the authentication response which 2501 * which is not relevant anymore. 2502 */ 2503 del_timer_sync(&sdata->u.mgd.timer); 2504 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2505 2506 eth_zero_addr(sdata->u.mgd.bssid); 2507 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2508 sdata->u.mgd.flags = 0; 2509 mutex_lock(&sdata->local->mtx); 2510 ieee80211_vif_release_channel(sdata); 2511 mutex_unlock(&sdata->local->mtx); 2512 } 2513 2514 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2515 kfree(auth_data); 2516 sdata->u.mgd.auth_data = NULL; 2517} 2518 2519static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2520 bool assoc) 2521{ 2522 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2523 2524 sdata_assert_lock(sdata); 2525 2526 if (!assoc) { 2527 /* 2528 * we are not associated yet, the only timer that could be 2529 * running is the timeout for the association response which 2530 * which is not relevant anymore. 2531 */ 2532 del_timer_sync(&sdata->u.mgd.timer); 2533 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2534 2535 eth_zero_addr(sdata->u.mgd.bssid); 2536 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2537 sdata->u.mgd.flags = 0; 2538 sdata->flags &= ~IEEE80211_SDATA_MU_MIMO_OWNER; 2539 mutex_lock(&sdata->local->mtx); 2540 ieee80211_vif_release_channel(sdata); 2541 mutex_unlock(&sdata->local->mtx); 2542 } 2543 2544 kfree(assoc_data); 2545 sdata->u.mgd.assoc_data = NULL; 2546} 2547 2548static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2549 struct ieee80211_mgmt *mgmt, size_t len) 2550{ 2551 struct ieee80211_local *local = sdata->local; 2552 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2553 u8 *pos; 2554 struct ieee802_11_elems elems; 2555 u32 tx_flags = 0; 2556 2557 pos = mgmt->u.auth.variable; 2558 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2559 if (!elems.challenge) 2560 return; 2561 auth_data->expected_transaction = 4; 2562 drv_mgd_prepare_tx(sdata->local, sdata); 2563 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 2564 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2565 IEEE80211_TX_INTFL_MLME_CONN_TX; 2566 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2567 elems.challenge - 2, elems.challenge_len + 2, 2568 auth_data->bss->bssid, auth_data->bss->bssid, 2569 auth_data->key, auth_data->key_len, 2570 auth_data->key_idx, tx_flags); 2571} 2572 2573static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2574 struct ieee80211_mgmt *mgmt, size_t len) 2575{ 2576 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2577 u8 bssid[ETH_ALEN]; 2578 u16 auth_alg, auth_transaction, status_code; 2579 struct sta_info *sta; 2580 struct ieee80211_event event = { 2581 .type = MLME_EVENT, 2582 .u.mlme.data = AUTH_EVENT, 2583 }; 2584 2585 sdata_assert_lock(sdata); 2586 2587 if (len < 24 + 6) 2588 return; 2589 2590 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2591 return; 2592 2593 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2594 2595 if (!ether_addr_equal(bssid, mgmt->bssid)) 2596 return; 2597 2598 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2599 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2600 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2601 2602 if (auth_alg != ifmgd->auth_data->algorithm || 2603 auth_transaction != ifmgd->auth_data->expected_transaction) { 2604 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2605 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2606 auth_transaction, 2607 ifmgd->auth_data->expected_transaction); 2608 return; 2609 } 2610 2611 if (status_code != WLAN_STATUS_SUCCESS) { 2612 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2613 mgmt->sa, status_code); 2614 ieee80211_destroy_auth_data(sdata, false); 2615 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2616 event.u.mlme.status = MLME_DENIED; 2617 event.u.mlme.reason = status_code; 2618 drv_event_callback(sdata->local, sdata, &event); 2619 return; 2620 } 2621 2622 switch (ifmgd->auth_data->algorithm) { 2623 case WLAN_AUTH_OPEN: 2624 case WLAN_AUTH_LEAP: 2625 case WLAN_AUTH_FT: 2626 case WLAN_AUTH_SAE: 2627 break; 2628 case WLAN_AUTH_SHARED_KEY: 2629 if (ifmgd->auth_data->expected_transaction != 4) { 2630 ieee80211_auth_challenge(sdata, mgmt, len); 2631 /* need another frame */ 2632 return; 2633 } 2634 break; 2635 default: 2636 WARN_ONCE(1, "invalid auth alg %d", 2637 ifmgd->auth_data->algorithm); 2638 return; 2639 } 2640 2641 event.u.mlme.status = MLME_SUCCESS; 2642 drv_event_callback(sdata->local, sdata, &event); 2643 sdata_info(sdata, "authenticated\n"); 2644 ifmgd->auth_data->done = true; 2645 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2646 ifmgd->auth_data->timeout_started = true; 2647 run_again(sdata, ifmgd->auth_data->timeout); 2648 2649 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2650 ifmgd->auth_data->expected_transaction != 2) { 2651 /* 2652 * Report auth frame to user space for processing since another 2653 * round of Authentication frames is still needed. 2654 */ 2655 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2656 return; 2657 } 2658 2659 /* move station state to auth */ 2660 mutex_lock(&sdata->local->sta_mtx); 2661 sta = sta_info_get(sdata, bssid); 2662 if (!sta) { 2663 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2664 goto out_err; 2665 } 2666 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2667 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2668 goto out_err; 2669 } 2670 mutex_unlock(&sdata->local->sta_mtx); 2671 2672 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2673 return; 2674 out_err: 2675 mutex_unlock(&sdata->local->sta_mtx); 2676 /* ignore frame -- wait for timeout */ 2677} 2678 2679#define case_WLAN(type) \ 2680 case WLAN_REASON_##type: return #type 2681 2682static const char *ieee80211_get_reason_code_string(u16 reason_code) 2683{ 2684 switch (reason_code) { 2685 case_WLAN(UNSPECIFIED); 2686 case_WLAN(PREV_AUTH_NOT_VALID); 2687 case_WLAN(DEAUTH_LEAVING); 2688 case_WLAN(DISASSOC_DUE_TO_INACTIVITY); 2689 case_WLAN(DISASSOC_AP_BUSY); 2690 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA); 2691 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA); 2692 case_WLAN(DISASSOC_STA_HAS_LEFT); 2693 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH); 2694 case_WLAN(DISASSOC_BAD_POWER); 2695 case_WLAN(DISASSOC_BAD_SUPP_CHAN); 2696 case_WLAN(INVALID_IE); 2697 case_WLAN(MIC_FAILURE); 2698 case_WLAN(4WAY_HANDSHAKE_TIMEOUT); 2699 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT); 2700 case_WLAN(IE_DIFFERENT); 2701 case_WLAN(INVALID_GROUP_CIPHER); 2702 case_WLAN(INVALID_PAIRWISE_CIPHER); 2703 case_WLAN(INVALID_AKMP); 2704 case_WLAN(UNSUPP_RSN_VERSION); 2705 case_WLAN(INVALID_RSN_IE_CAP); 2706 case_WLAN(IEEE8021X_FAILED); 2707 case_WLAN(CIPHER_SUITE_REJECTED); 2708 case_WLAN(DISASSOC_UNSPECIFIED_QOS); 2709 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH); 2710 case_WLAN(DISASSOC_LOW_ACK); 2711 case_WLAN(DISASSOC_QAP_EXCEED_TXOP); 2712 case_WLAN(QSTA_LEAVE_QBSS); 2713 case_WLAN(QSTA_NOT_USE); 2714 case_WLAN(QSTA_REQUIRE_SETUP); 2715 case_WLAN(QSTA_TIMEOUT); 2716 case_WLAN(QSTA_CIPHER_NOT_SUPP); 2717 case_WLAN(MESH_PEER_CANCELED); 2718 case_WLAN(MESH_MAX_PEERS); 2719 case_WLAN(MESH_CONFIG); 2720 case_WLAN(MESH_CLOSE); 2721 case_WLAN(MESH_MAX_RETRIES); 2722 case_WLAN(MESH_CONFIRM_TIMEOUT); 2723 case_WLAN(MESH_INVALID_GTK); 2724 case_WLAN(MESH_INCONSISTENT_PARAM); 2725 case_WLAN(MESH_INVALID_SECURITY); 2726 case_WLAN(MESH_PATH_ERROR); 2727 case_WLAN(MESH_PATH_NOFORWARD); 2728 case_WLAN(MESH_PATH_DEST_UNREACHABLE); 2729 case_WLAN(MAC_EXISTS_IN_MBSS); 2730 case_WLAN(MESH_CHAN_REGULATORY); 2731 case_WLAN(MESH_CHAN); 2732 default: return "<unknown>"; 2733 } 2734} 2735 2736static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2737 struct ieee80211_mgmt *mgmt, size_t len) 2738{ 2739 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2740 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2741 2742 sdata_assert_lock(sdata); 2743 2744 if (len < 24 + 2) 2745 return; 2746 2747 if (ifmgd->associated && 2748 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) { 2749 const u8 *bssid = ifmgd->associated->bssid; 2750 2751 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n", 2752 bssid, reason_code, 2753 ieee80211_get_reason_code_string(reason_code)); 2754 2755 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2756 2757 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, 2758 reason_code); 2759 return; 2760 } 2761 2762 if (ifmgd->assoc_data && 2763 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2764 const u8 *bssid = ifmgd->assoc_data->bss->bssid; 2765 2766 sdata_info(sdata, 2767 "deauthenticated from %pM while associating (Reason: %u=%s)\n", 2768 bssid, reason_code, 2769 ieee80211_get_reason_code_string(reason_code)); 2770 2771 ieee80211_destroy_assoc_data(sdata, false); 2772 2773 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2774 return; 2775 } 2776} 2777 2778 2779static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2780 struct ieee80211_mgmt *mgmt, size_t len) 2781{ 2782 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2783 u16 reason_code; 2784 2785 sdata_assert_lock(sdata); 2786 2787 if (len < 24 + 2) 2788 return; 2789 2790 if (!ifmgd->associated || 2791 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2792 return; 2793 2794 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2795 2796 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2797 mgmt->sa, reason_code); 2798 2799 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2800 2801 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code); 2802} 2803 2804static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2805 u8 *supp_rates, unsigned int supp_rates_len, 2806 u32 *rates, u32 *basic_rates, 2807 bool *have_higher_than_11mbit, 2808 int *min_rate, int *min_rate_index, 2809 int shift, u32 rate_flags) 2810{ 2811 int i, j; 2812 2813 for (i = 0; i < supp_rates_len; i++) { 2814 int rate = supp_rates[i] & 0x7f; 2815 bool is_basic = !!(supp_rates[i] & 0x80); 2816 2817 if ((rate * 5 * (1 << shift)) > 110) 2818 *have_higher_than_11mbit = true; 2819 2820 /* 2821 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2822 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2823 * 2824 * Note: Even through the membership selector and the basic 2825 * rate flag share the same bit, they are not exactly 2826 * the same. 2827 */ 2828 if (!!(supp_rates[i] & 0x80) && 2829 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2830 continue; 2831 2832 for (j = 0; j < sband->n_bitrates; j++) { 2833 struct ieee80211_rate *br; 2834 int brate; 2835 2836 br = &sband->bitrates[j]; 2837 if ((rate_flags & br->flags) != rate_flags) 2838 continue; 2839 2840 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5); 2841 if (brate == rate) { 2842 *rates |= BIT(j); 2843 if (is_basic) 2844 *basic_rates |= BIT(j); 2845 if ((rate * 5) < *min_rate) { 2846 *min_rate = rate * 5; 2847 *min_rate_index = j; 2848 } 2849 break; 2850 } 2851 } 2852 } 2853} 2854 2855static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2856 struct cfg80211_bss *cbss, 2857 struct ieee80211_mgmt *mgmt, size_t len) 2858{ 2859 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2860 struct ieee80211_local *local = sdata->local; 2861 struct ieee80211_supported_band *sband; 2862 struct sta_info *sta; 2863 u8 *pos; 2864 u16 capab_info, aid; 2865 struct ieee802_11_elems elems; 2866 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2867 const struct cfg80211_bss_ies *bss_ies = NULL; 2868 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2869 u32 changed = 0; 2870 int err; 2871 bool ret; 2872 2873 /* AssocResp and ReassocResp have identical structure */ 2874 2875 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2876 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2877 2878 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2879 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2880 aid); 2881 aid &= ~(BIT(15) | BIT(14)); 2882 2883 ifmgd->broken_ap = false; 2884 2885 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2886 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2887 aid); 2888 aid = 0; 2889 ifmgd->broken_ap = true; 2890 } 2891 2892 pos = mgmt->u.assoc_resp.variable; 2893 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2894 2895 if (!elems.supp_rates) { 2896 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2897 return false; 2898 } 2899 2900 ifmgd->aid = aid; 2901 ifmgd->tdls_chan_switch_prohibited = 2902 elems.ext_capab && elems.ext_capab_len >= 5 && 2903 (elems.ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED); 2904 2905 /* 2906 * Some APs are erroneously not including some information in their 2907 * (re)association response frames. Try to recover by using the data 2908 * from the beacon or probe response. This seems to afflict mobile 2909 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 2910 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 2911 */ 2912 if ((assoc_data->wmm && !elems.wmm_param) || 2913 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2914 (!elems.ht_cap_elem || !elems.ht_operation)) || 2915 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2916 (!elems.vht_cap_elem || !elems.vht_operation))) { 2917 const struct cfg80211_bss_ies *ies; 2918 struct ieee802_11_elems bss_elems; 2919 2920 rcu_read_lock(); 2921 ies = rcu_dereference(cbss->ies); 2922 if (ies) 2923 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 2924 GFP_ATOMIC); 2925 rcu_read_unlock(); 2926 if (!bss_ies) 2927 return false; 2928 2929 ieee802_11_parse_elems(bss_ies->data, bss_ies->len, 2930 false, &bss_elems); 2931 if (assoc_data->wmm && 2932 !elems.wmm_param && bss_elems.wmm_param) { 2933 elems.wmm_param = bss_elems.wmm_param; 2934 sdata_info(sdata, 2935 "AP bug: WMM param missing from AssocResp\n"); 2936 } 2937 2938 /* 2939 * Also check if we requested HT/VHT, otherwise the AP doesn't 2940 * have to include the IEs in the (re)association response. 2941 */ 2942 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem && 2943 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2944 elems.ht_cap_elem = bss_elems.ht_cap_elem; 2945 sdata_info(sdata, 2946 "AP bug: HT capability missing from AssocResp\n"); 2947 } 2948 if (!elems.ht_operation && bss_elems.ht_operation && 2949 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2950 elems.ht_operation = bss_elems.ht_operation; 2951 sdata_info(sdata, 2952 "AP bug: HT operation missing from AssocResp\n"); 2953 } 2954 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem && 2955 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2956 elems.vht_cap_elem = bss_elems.vht_cap_elem; 2957 sdata_info(sdata, 2958 "AP bug: VHT capa missing from AssocResp\n"); 2959 } 2960 if (!elems.vht_operation && bss_elems.vht_operation && 2961 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2962 elems.vht_operation = bss_elems.vht_operation; 2963 sdata_info(sdata, 2964 "AP bug: VHT operation missing from AssocResp\n"); 2965 } 2966 } 2967 2968 /* 2969 * We previously checked these in the beacon/probe response, so 2970 * they should be present here. This is just a safety net. 2971 */ 2972 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2973 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2974 sdata_info(sdata, 2975 "HT AP is missing WMM params or HT capability/operation\n"); 2976 ret = false; 2977 goto out; 2978 } 2979 2980 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2981 (!elems.vht_cap_elem || !elems.vht_operation)) { 2982 sdata_info(sdata, 2983 "VHT AP is missing VHT capability/operation\n"); 2984 ret = false; 2985 goto out; 2986 } 2987 2988 mutex_lock(&sdata->local->sta_mtx); 2989 /* 2990 * station info was already allocated and inserted before 2991 * the association and should be available to us 2992 */ 2993 sta = sta_info_get(sdata, cbss->bssid); 2994 if (WARN_ON(!sta)) { 2995 mutex_unlock(&sdata->local->sta_mtx); 2996 ret = false; 2997 goto out; 2998 } 2999 3000 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 3001 3002 /* Set up internal HT/VHT capabilities */ 3003 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 3004 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 3005 elems.ht_cap_elem, sta); 3006 3007 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 3008 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 3009 elems.vht_cap_elem, sta); 3010 3011 /* 3012 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 3013 * in their association response, so ignore that data for our own 3014 * configuration. If it changed since the last beacon, we'll get the 3015 * next beacon and update then. 3016 */ 3017 3018 /* 3019 * If an operating mode notification IE is present, override the 3020 * NSS calculation (that would be done in rate_control_rate_init()) 3021 * and use the # of streams from that element. 3022 */ 3023 if (elems.opmode_notif && 3024 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 3025 u8 nss; 3026 3027 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 3028 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 3029 nss += 1; 3030 sta->sta.rx_nss = nss; 3031 } 3032 3033 rate_control_rate_init(sta); 3034 3035 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) { 3036 set_sta_flag(sta, WLAN_STA_MFP); 3037 sta->sta.mfp = true; 3038 } else { 3039 sta->sta.mfp = false; 3040 } 3041 3042 sta->sta.wme = elems.wmm_param && local->hw.queues >= IEEE80211_NUM_ACS; 3043 3044 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 3045 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 3046 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 3047 if (err) { 3048 sdata_info(sdata, 3049 "failed to move station %pM to desired state\n", 3050 sta->sta.addr); 3051 WARN_ON(__sta_info_destroy(sta)); 3052 mutex_unlock(&sdata->local->sta_mtx); 3053 ret = false; 3054 goto out; 3055 } 3056 3057 mutex_unlock(&sdata->local->sta_mtx); 3058 3059 /* 3060 * Always handle WMM once after association regardless 3061 * of the first value the AP uses. Setting -1 here has 3062 * that effect because the AP values is an unsigned 3063 * 4-bit value. 3064 */ 3065 ifmgd->wmm_last_param_set = -1; 3066 3067 if (ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 3068 ieee80211_set_wmm_default(sdata, false, false); 3069 } else if (!ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 3070 elems.wmm_param_len)) { 3071 /* still enable QoS since we might have HT/VHT */ 3072 ieee80211_set_wmm_default(sdata, false, true); 3073 /* set the disable-WMM flag in this case to disable 3074 * tracking WMM parameter changes in the beacon if 3075 * the parameters weren't actually valid. Doing so 3076 * avoids changing parameters very strangely when 3077 * the AP is going back and forth between valid and 3078 * invalid parameters. 3079 */ 3080 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM; 3081 } 3082 changed |= BSS_CHANGED_QOS; 3083 3084 /* set AID and assoc capability, 3085 * ieee80211_set_associated() will tell the driver */ 3086 bss_conf->aid = aid; 3087 bss_conf->assoc_capability = capab_info; 3088 ieee80211_set_associated(sdata, cbss, changed); 3089 3090 /* 3091 * If we're using 4-addr mode, let the AP know that we're 3092 * doing so, so that it can create the STA VLAN on its side 3093 */ 3094 if (ifmgd->use_4addr) 3095 ieee80211_send_4addr_nullfunc(local, sdata); 3096 3097 /* 3098 * Start timer to probe the connection to the AP now. 3099 * Also start the timer that will detect beacon loss. 3100 */ 3101 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 3102 ieee80211_sta_reset_beacon_monitor(sdata); 3103 3104 ret = true; 3105 out: 3106 kfree(bss_ies); 3107 return ret; 3108} 3109 3110static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 3111 struct ieee80211_mgmt *mgmt, 3112 size_t len) 3113{ 3114 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3115 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 3116 u16 capab_info, status_code, aid; 3117 struct ieee802_11_elems elems; 3118 int ac, uapsd_queues = -1; 3119 u8 *pos; 3120 bool reassoc; 3121 struct cfg80211_bss *bss; 3122 struct ieee80211_event event = { 3123 .type = MLME_EVENT, 3124 .u.mlme.data = ASSOC_EVENT, 3125 }; 3126 3127 sdata_assert_lock(sdata); 3128 3129 if (!assoc_data) 3130 return; 3131 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 3132 return; 3133 3134 /* 3135 * AssocResp and ReassocResp have identical structure, so process both 3136 * of them in this function. 3137 */ 3138 3139 if (len < 24 + 6) 3140 return; 3141 3142 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 3143 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 3144 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 3145 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 3146 3147 sdata_info(sdata, 3148 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 3149 reassoc ? "Rea" : "A", mgmt->sa, 3150 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 3151 3152 pos = mgmt->u.assoc_resp.variable; 3153 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 3154 3155 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 3156 elems.timeout_int && 3157 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 3158 u32 tu, ms; 3159 tu = le32_to_cpu(elems.timeout_int->value); 3160 ms = tu * 1024 / 1000; 3161 sdata_info(sdata, 3162 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 3163 mgmt->sa, tu, ms); 3164 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 3165 assoc_data->timeout_started = true; 3166 if (ms > IEEE80211_ASSOC_TIMEOUT) 3167 run_again(sdata, assoc_data->timeout); 3168 return; 3169 } 3170 3171 bss = assoc_data->bss; 3172 3173 if (status_code != WLAN_STATUS_SUCCESS) { 3174 sdata_info(sdata, "%pM denied association (code=%d)\n", 3175 mgmt->sa, status_code); 3176 ieee80211_destroy_assoc_data(sdata, false); 3177 event.u.mlme.status = MLME_DENIED; 3178 event.u.mlme.reason = status_code; 3179 drv_event_callback(sdata->local, sdata, &event); 3180 } else { 3181 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) { 3182 /* oops -- internal error -- send timeout for now */ 3183 ieee80211_destroy_assoc_data(sdata, false); 3184 cfg80211_assoc_timeout(sdata->dev, bss); 3185 return; 3186 } 3187 event.u.mlme.status = MLME_SUCCESS; 3188 drv_event_callback(sdata->local, sdata, &event); 3189 sdata_info(sdata, "associated\n"); 3190 3191 /* 3192 * destroy assoc_data afterwards, as otherwise an idle 3193 * recalc after assoc_data is NULL but before associated 3194 * is set can cause the interface to go idle 3195 */ 3196 ieee80211_destroy_assoc_data(sdata, true); 3197 3198 /* get uapsd queues configuration */ 3199 uapsd_queues = 0; 3200 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) 3201 if (sdata->tx_conf[ac].uapsd) 3202 uapsd_queues |= BIT(ac); 3203 } 3204 3205 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len, uapsd_queues); 3206} 3207 3208static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 3209 struct ieee80211_mgmt *mgmt, size_t len, 3210 struct ieee80211_rx_status *rx_status, 3211 struct ieee802_11_elems *elems) 3212{ 3213 struct ieee80211_local *local = sdata->local; 3214 struct ieee80211_bss *bss; 3215 struct ieee80211_channel *channel; 3216 3217 sdata_assert_lock(sdata); 3218 3219 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq); 3220 if (!channel) 3221 return; 3222 3223 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 3224 channel); 3225 if (bss) { 3226 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; 3227 ieee80211_rx_bss_put(local, bss); 3228 } 3229} 3230 3231 3232static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 3233 struct sk_buff *skb) 3234{ 3235 struct ieee80211_mgmt *mgmt = (void *)skb->data; 3236 struct ieee80211_if_managed *ifmgd; 3237 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 3238 size_t baselen, len = skb->len; 3239 struct ieee802_11_elems elems; 3240 3241 ifmgd = &sdata->u.mgd; 3242 3243 sdata_assert_lock(sdata); 3244 3245 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 3246 return; /* ignore ProbeResp to foreign address */ 3247 3248 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 3249 if (baselen > len) 3250 return; 3251 3252 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 3253 false, &elems); 3254 3255 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3256 3257 if (ifmgd->associated && 3258 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 3259 ieee80211_reset_ap_probe(sdata); 3260} 3261 3262/* 3263 * This is the canonical list of information elements we care about, 3264 * the filter code also gives us all changes to the Microsoft OUI 3265 * (00:50:F2) vendor IE which is used for WMM which we need to track, 3266 * as well as the DTPC IE (part of the Cisco OUI) used for signaling 3267 * changes to requested client power. 3268 * 3269 * We implement beacon filtering in software since that means we can 3270 * avoid processing the frame here and in cfg80211, and userspace 3271 * will not be able to tell whether the hardware supports it or not. 3272 * 3273 * XXX: This list needs to be dynamic -- userspace needs to be able to 3274 * add items it requires. It also needs to be able to tell us to 3275 * look out for other vendor IEs. 3276 */ 3277static const u64 care_about_ies = 3278 (1ULL << WLAN_EID_COUNTRY) | 3279 (1ULL << WLAN_EID_ERP_INFO) | 3280 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 3281 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 3282 (1ULL << WLAN_EID_HT_CAPABILITY) | 3283 (1ULL << WLAN_EID_HT_OPERATION) | 3284 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN); 3285 3286static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 3287 struct ieee80211_mgmt *mgmt, size_t len, 3288 struct ieee80211_rx_status *rx_status) 3289{ 3290 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3291 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 3292 size_t baselen; 3293 struct ieee802_11_elems elems; 3294 struct ieee80211_local *local = sdata->local; 3295 struct ieee80211_chanctx_conf *chanctx_conf; 3296 struct ieee80211_channel *chan; 3297 struct sta_info *sta; 3298 u32 changed = 0; 3299 bool erp_valid; 3300 u8 erp_value = 0; 3301 u32 ncrc; 3302 u8 *bssid; 3303 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3304 3305 sdata_assert_lock(sdata); 3306 3307 /* Process beacon from the current BSS */ 3308 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 3309 if (baselen > len) 3310 return; 3311 3312 rcu_read_lock(); 3313 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 3314 if (!chanctx_conf) { 3315 rcu_read_unlock(); 3316 return; 3317 } 3318 3319 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 3320 rcu_read_unlock(); 3321 return; 3322 } 3323 chan = chanctx_conf->def.chan; 3324 rcu_read_unlock(); 3325 3326 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 3327 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 3328 ieee802_11_parse_elems(mgmt->u.beacon.variable, 3329 len - baselen, false, &elems); 3330 3331 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3332 if (elems.tim && !elems.parse_error) { 3333 const struct ieee80211_tim_ie *tim_ie = elems.tim; 3334 ifmgd->dtim_period = tim_ie->dtim_period; 3335 } 3336 ifmgd->have_beacon = true; 3337 ifmgd->assoc_data->need_beacon = false; 3338 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) { 3339 sdata->vif.bss_conf.sync_tsf = 3340 le64_to_cpu(mgmt->u.beacon.timestamp); 3341 sdata->vif.bss_conf.sync_device_ts = 3342 rx_status->device_timestamp; 3343 if (elems.tim) 3344 sdata->vif.bss_conf.sync_dtim_count = 3345 elems.tim->dtim_count; 3346 else 3347 sdata->vif.bss_conf.sync_dtim_count = 0; 3348 } 3349 /* continue assoc process */ 3350 ifmgd->assoc_data->timeout = jiffies; 3351 ifmgd->assoc_data->timeout_started = true; 3352 run_again(sdata, ifmgd->assoc_data->timeout); 3353 return; 3354 } 3355 3356 if (!ifmgd->associated || 3357 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 3358 return; 3359 bssid = ifmgd->associated->bssid; 3360 3361 /* Track average RSSI from the Beacon frames of the current AP */ 3362 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 3363 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 3364 ewma_beacon_signal_init(&ifmgd->ave_beacon_signal); 3365 ifmgd->last_cqm_event_signal = 0; 3366 ifmgd->count_beacon_signal = 1; 3367 ifmgd->last_ave_beacon_signal = 0; 3368 } else { 3369 ifmgd->count_beacon_signal++; 3370 } 3371 3372 ewma_beacon_signal_add(&ifmgd->ave_beacon_signal, -rx_status->signal); 3373 3374 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 3375 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 3376 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal); 3377 int last_sig = ifmgd->last_ave_beacon_signal; 3378 struct ieee80211_event event = { 3379 .type = RSSI_EVENT, 3380 }; 3381 3382 /* 3383 * if signal crosses either of the boundaries, invoke callback 3384 * with appropriate parameters 3385 */ 3386 if (sig > ifmgd->rssi_max_thold && 3387 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 3388 ifmgd->last_ave_beacon_signal = sig; 3389 event.u.rssi.data = RSSI_EVENT_HIGH; 3390 drv_event_callback(local, sdata, &event); 3391 } else if (sig < ifmgd->rssi_min_thold && 3392 (last_sig >= ifmgd->rssi_max_thold || 3393 last_sig == 0)) { 3394 ifmgd->last_ave_beacon_signal = sig; 3395 event.u.rssi.data = RSSI_EVENT_LOW; 3396 drv_event_callback(local, sdata, &event); 3397 } 3398 } 3399 3400 if (bss_conf->cqm_rssi_thold && 3401 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 3402 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 3403 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal); 3404 int last_event = ifmgd->last_cqm_event_signal; 3405 int thold = bss_conf->cqm_rssi_thold; 3406 int hyst = bss_conf->cqm_rssi_hyst; 3407 3408 if (sig < thold && 3409 (last_event == 0 || sig < last_event - hyst)) { 3410 ifmgd->last_cqm_event_signal = sig; 3411 ieee80211_cqm_rssi_notify( 3412 &sdata->vif, 3413 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 3414 GFP_KERNEL); 3415 } else if (sig > thold && 3416 (last_event == 0 || sig > last_event + hyst)) { 3417 ifmgd->last_cqm_event_signal = sig; 3418 ieee80211_cqm_rssi_notify( 3419 &sdata->vif, 3420 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 3421 GFP_KERNEL); 3422 } 3423 } 3424 3425 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) { 3426 mlme_dbg_ratelimited(sdata, 3427 "cancelling AP probe due to a received beacon\n"); 3428 ieee80211_reset_ap_probe(sdata); 3429 } 3430 3431 /* 3432 * Push the beacon loss detection into the future since 3433 * we are processing a beacon from the AP just now. 3434 */ 3435 ieee80211_sta_reset_beacon_monitor(sdata); 3436 3437 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 3438 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 3439 len - baselen, false, &elems, 3440 care_about_ies, ncrc); 3441 3442 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) && 3443 ieee80211_check_tim(elems.tim, elems.tim_len, ifmgd->aid)) { 3444 if (local->hw.conf.dynamic_ps_timeout > 0) { 3445 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 3446 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 3447 ieee80211_hw_config(local, 3448 IEEE80211_CONF_CHANGE_PS); 3449 } 3450 ieee80211_send_nullfunc(local, sdata, false); 3451 } else if (!local->pspolling && sdata->u.mgd.powersave) { 3452 local->pspolling = true; 3453 3454 /* 3455 * Here is assumed that the driver will be 3456 * able to send ps-poll frame and receive a 3457 * response even though power save mode is 3458 * enabled, but some drivers might require 3459 * to disable power save here. This needs 3460 * to be investigated. 3461 */ 3462 ieee80211_send_pspoll(local, sdata); 3463 } 3464 } 3465 3466 if (sdata->vif.p2p) { 3467 struct ieee80211_p2p_noa_attr noa = {}; 3468 int ret; 3469 3470 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 3471 len - baselen, 3472 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 3473 (u8 *) &noa, sizeof(noa)); 3474 if (ret >= 2) { 3475 if (sdata->u.mgd.p2p_noa_index != noa.index) { 3476 /* valid noa_attr and index changed */ 3477 sdata->u.mgd.p2p_noa_index = noa.index; 3478 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 3479 changed |= BSS_CHANGED_P2P_PS; 3480 /* 3481 * make sure we update all information, the CRC 3482 * mechanism doesn't look at P2P attributes. 3483 */ 3484 ifmgd->beacon_crc_valid = false; 3485 } 3486 } else if (sdata->u.mgd.p2p_noa_index != -1) { 3487 /* noa_attr not found and we had valid noa_attr before */ 3488 sdata->u.mgd.p2p_noa_index = -1; 3489 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 3490 changed |= BSS_CHANGED_P2P_PS; 3491 ifmgd->beacon_crc_valid = false; 3492 } 3493 } 3494 3495 if (ifmgd->csa_waiting_bcn) 3496 ieee80211_chswitch_post_beacon(sdata); 3497 3498 /* 3499 * Update beacon timing and dtim count on every beacon appearance. This 3500 * will allow the driver to use the most updated values. Do it before 3501 * comparing this one with last received beacon. 3502 * IMPORTANT: These parameters would possibly be out of sync by the time 3503 * the driver will use them. The synchronized view is currently 3504 * guaranteed only in certain callbacks. 3505 */ 3506 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) { 3507 sdata->vif.bss_conf.sync_tsf = 3508 le64_to_cpu(mgmt->u.beacon.timestamp); 3509 sdata->vif.bss_conf.sync_device_ts = 3510 rx_status->device_timestamp; 3511 if (elems.tim) 3512 sdata->vif.bss_conf.sync_dtim_count = 3513 elems.tim->dtim_count; 3514 else 3515 sdata->vif.bss_conf.sync_dtim_count = 0; 3516 } 3517 3518 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 3519 return; 3520 ifmgd->beacon_crc = ncrc; 3521 ifmgd->beacon_crc_valid = true; 3522 3523 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3524 3525 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 3526 rx_status->device_timestamp, 3527 &elems, true); 3528 3529 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && 3530 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 3531 elems.wmm_param_len)) 3532 changed |= BSS_CHANGED_QOS; 3533 3534 /* 3535 * If we haven't had a beacon before, tell the driver about the 3536 * DTIM period (and beacon timing if desired) now. 3537 */ 3538 if (!ifmgd->have_beacon) { 3539 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 3540 if (elems.tim) 3541 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 3542 else 3543 bss_conf->dtim_period = 1; 3544 3545 changed |= BSS_CHANGED_BEACON_INFO; 3546 ifmgd->have_beacon = true; 3547 3548 mutex_lock(&local->iflist_mtx); 3549 ieee80211_recalc_ps(local); 3550 mutex_unlock(&local->iflist_mtx); 3551 3552 ieee80211_recalc_ps_vif(sdata); 3553 } 3554 3555 if (elems.erp_info) { 3556 erp_valid = true; 3557 erp_value = elems.erp_info[0]; 3558 } else { 3559 erp_valid = false; 3560 } 3561 changed |= ieee80211_handle_bss_capability(sdata, 3562 le16_to_cpu(mgmt->u.beacon.capab_info), 3563 erp_valid, erp_value); 3564 3565 mutex_lock(&local->sta_mtx); 3566 sta = sta_info_get(sdata, bssid); 3567 3568 if (ieee80211_config_bw(sdata, sta, 3569 elems.ht_cap_elem, elems.ht_operation, 3570 elems.vht_operation, bssid, &changed)) { 3571 mutex_unlock(&local->sta_mtx); 3572 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3573 WLAN_REASON_DEAUTH_LEAVING, 3574 true, deauth_buf); 3575 ieee80211_report_disconnect(sdata, deauth_buf, 3576 sizeof(deauth_buf), true, 3577 WLAN_REASON_DEAUTH_LEAVING); 3578 return; 3579 } 3580 3581 if (sta && elems.opmode_notif) 3582 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3583 rx_status->band); 3584 mutex_unlock(&local->sta_mtx); 3585 3586 changed |= ieee80211_handle_pwr_constr(sdata, chan, mgmt, 3587 elems.country_elem, 3588 elems.country_elem_len, 3589 elems.pwr_constr_elem, 3590 elems.cisco_dtpc_elem); 3591 3592 ieee80211_bss_info_change_notify(sdata, changed); 3593} 3594 3595void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3596 struct sk_buff *skb) 3597{ 3598 struct ieee80211_rx_status *rx_status; 3599 struct ieee80211_mgmt *mgmt; 3600 u16 fc; 3601 struct ieee802_11_elems elems; 3602 int ies_len; 3603 3604 rx_status = (struct ieee80211_rx_status *) skb->cb; 3605 mgmt = (struct ieee80211_mgmt *) skb->data; 3606 fc = le16_to_cpu(mgmt->frame_control); 3607 3608 sdata_lock(sdata); 3609 3610 switch (fc & IEEE80211_FCTL_STYPE) { 3611 case IEEE80211_STYPE_BEACON: 3612 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status); 3613 break; 3614 case IEEE80211_STYPE_PROBE_RESP: 3615 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3616 break; 3617 case IEEE80211_STYPE_AUTH: 3618 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3619 break; 3620 case IEEE80211_STYPE_DEAUTH: 3621 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3622 break; 3623 case IEEE80211_STYPE_DISASSOC: 3624 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3625 break; 3626 case IEEE80211_STYPE_ASSOC_RESP: 3627 case IEEE80211_STYPE_REASSOC_RESP: 3628 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 3629 break; 3630 case IEEE80211_STYPE_ACTION: 3631 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 3632 ies_len = skb->len - 3633 offsetof(struct ieee80211_mgmt, 3634 u.action.u.chan_switch.variable); 3635 3636 if (ies_len < 0) 3637 break; 3638 3639 ieee802_11_parse_elems( 3640 mgmt->u.action.u.chan_switch.variable, 3641 ies_len, true, &elems); 3642 3643 if (elems.parse_error) 3644 break; 3645 3646 ieee80211_sta_process_chanswitch(sdata, 3647 rx_status->mactime, 3648 rx_status->device_timestamp, 3649 &elems, false); 3650 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3651 ies_len = skb->len - 3652 offsetof(struct ieee80211_mgmt, 3653 u.action.u.ext_chan_switch.variable); 3654 3655 if (ies_len < 0) 3656 break; 3657 3658 ieee802_11_parse_elems( 3659 mgmt->u.action.u.ext_chan_switch.variable, 3660 ies_len, true, &elems); 3661 3662 if (elems.parse_error) 3663 break; 3664 3665 /* for the handling code pretend this was also an IE */ 3666 elems.ext_chansw_ie = 3667 &mgmt->u.action.u.ext_chan_switch.data; 3668 3669 ieee80211_sta_process_chanswitch(sdata, 3670 rx_status->mactime, 3671 rx_status->device_timestamp, 3672 &elems, false); 3673 } 3674 break; 3675 } 3676 sdata_unlock(sdata); 3677} 3678 3679static void ieee80211_sta_timer(unsigned long data) 3680{ 3681 struct ieee80211_sub_if_data *sdata = 3682 (struct ieee80211_sub_if_data *) data; 3683 3684 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3685} 3686 3687static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3688 u8 *bssid, u8 reason, bool tx) 3689{ 3690 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3691 3692 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3693 tx, frame_buf); 3694 3695 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true, 3696 reason); 3697} 3698 3699static int ieee80211_auth(struct ieee80211_sub_if_data *sdata) 3700{ 3701 struct ieee80211_local *local = sdata->local; 3702 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3703 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3704 u32 tx_flags = 0; 3705 u16 trans = 1; 3706 u16 status = 0; 3707 3708 sdata_assert_lock(sdata); 3709 3710 if (WARN_ON_ONCE(!auth_data)) 3711 return -EINVAL; 3712 3713 auth_data->tries++; 3714 3715 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3716 sdata_info(sdata, "authentication with %pM timed out\n", 3717 auth_data->bss->bssid); 3718 3719 /* 3720 * Most likely AP is not in the range so remove the 3721 * bss struct for that AP. 3722 */ 3723 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3724 3725 return -ETIMEDOUT; 3726 } 3727 3728 drv_mgd_prepare_tx(local, sdata); 3729 3730 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3731 auth_data->bss->bssid, auth_data->tries, 3732 IEEE80211_AUTH_MAX_TRIES); 3733 3734 auth_data->expected_transaction = 2; 3735 3736 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3737 trans = auth_data->sae_trans; 3738 status = auth_data->sae_status; 3739 auth_data->expected_transaction = trans; 3740 } 3741 3742 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 3743 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3744 IEEE80211_TX_INTFL_MLME_CONN_TX; 3745 3746 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3747 auth_data->data, auth_data->data_len, 3748 auth_data->bss->bssid, 3749 auth_data->bss->bssid, NULL, 0, 0, 3750 tx_flags); 3751 3752 if (tx_flags == 0) { 3753 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3754 auth_data->timeout_started = true; 3755 run_again(sdata, auth_data->timeout); 3756 } else { 3757 auth_data->timeout = 3758 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); 3759 auth_data->timeout_started = true; 3760 run_again(sdata, auth_data->timeout); 3761 } 3762 3763 return 0; 3764} 3765 3766static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3767{ 3768 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3769 struct ieee80211_local *local = sdata->local; 3770 3771 sdata_assert_lock(sdata); 3772 3773 assoc_data->tries++; 3774 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3775 sdata_info(sdata, "association with %pM timed out\n", 3776 assoc_data->bss->bssid); 3777 3778 /* 3779 * Most likely AP is not in the range so remove the 3780 * bss struct for that AP. 3781 */ 3782 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3783 3784 return -ETIMEDOUT; 3785 } 3786 3787 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3788 assoc_data->bss->bssid, assoc_data->tries, 3789 IEEE80211_ASSOC_MAX_TRIES); 3790 ieee80211_send_assoc(sdata); 3791 3792 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) { 3793 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3794 assoc_data->timeout_started = true; 3795 run_again(sdata, assoc_data->timeout); 3796 } else { 3797 assoc_data->timeout = 3798 round_jiffies_up(jiffies + 3799 IEEE80211_ASSOC_TIMEOUT_LONG); 3800 assoc_data->timeout_started = true; 3801 run_again(sdata, assoc_data->timeout); 3802 } 3803 3804 return 0; 3805} 3806 3807void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3808 __le16 fc, bool acked) 3809{ 3810 struct ieee80211_local *local = sdata->local; 3811 3812 sdata->u.mgd.status_fc = fc; 3813 sdata->u.mgd.status_acked = acked; 3814 sdata->u.mgd.status_received = true; 3815 3816 ieee80211_queue_work(&local->hw, &sdata->work); 3817} 3818 3819void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3820{ 3821 struct ieee80211_local *local = sdata->local; 3822 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3823 3824 sdata_lock(sdata); 3825 3826 if (ifmgd->status_received) { 3827 __le16 fc = ifmgd->status_fc; 3828 bool status_acked = ifmgd->status_acked; 3829 3830 ifmgd->status_received = false; 3831 if (ifmgd->auth_data && ieee80211_is_auth(fc)) { 3832 if (status_acked) { 3833 ifmgd->auth_data->timeout = 3834 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3835 run_again(sdata, ifmgd->auth_data->timeout); 3836 } else { 3837 ifmgd->auth_data->timeout = jiffies - 1; 3838 } 3839 ifmgd->auth_data->timeout_started = true; 3840 } else if (ifmgd->assoc_data && 3841 (ieee80211_is_assoc_req(fc) || 3842 ieee80211_is_reassoc_req(fc))) { 3843 if (status_acked) { 3844 ifmgd->assoc_data->timeout = 3845 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3846 run_again(sdata, ifmgd->assoc_data->timeout); 3847 } else { 3848 ifmgd->assoc_data->timeout = jiffies - 1; 3849 } 3850 ifmgd->assoc_data->timeout_started = true; 3851 } 3852 } 3853 3854 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3855 time_after(jiffies, ifmgd->auth_data->timeout)) { 3856 if (ifmgd->auth_data->done) { 3857 /* 3858 * ok ... we waited for assoc but userspace didn't, 3859 * so let's just kill the auth data 3860 */ 3861 ieee80211_destroy_auth_data(sdata, false); 3862 } else if (ieee80211_auth(sdata)) { 3863 u8 bssid[ETH_ALEN]; 3864 struct ieee80211_event event = { 3865 .type = MLME_EVENT, 3866 .u.mlme.data = AUTH_EVENT, 3867 .u.mlme.status = MLME_TIMEOUT, 3868 }; 3869 3870 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3871 3872 ieee80211_destroy_auth_data(sdata, false); 3873 3874 cfg80211_auth_timeout(sdata->dev, bssid); 3875 drv_event_callback(sdata->local, sdata, &event); 3876 } 3877 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3878 run_again(sdata, ifmgd->auth_data->timeout); 3879 3880 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3881 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3882 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) || 3883 ieee80211_do_assoc(sdata)) { 3884 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 3885 struct ieee80211_event event = { 3886 .type = MLME_EVENT, 3887 .u.mlme.data = ASSOC_EVENT, 3888 .u.mlme.status = MLME_TIMEOUT, 3889 }; 3890 3891 ieee80211_destroy_assoc_data(sdata, false); 3892 cfg80211_assoc_timeout(sdata->dev, bss); 3893 drv_event_callback(sdata->local, sdata, &event); 3894 } 3895 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3896 run_again(sdata, ifmgd->assoc_data->timeout); 3897 3898 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL && 3899 ifmgd->associated) { 3900 u8 bssid[ETH_ALEN]; 3901 int max_tries; 3902 3903 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3904 3905 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 3906 max_tries = max_nullfunc_tries; 3907 else 3908 max_tries = max_probe_tries; 3909 3910 /* ACK received for nullfunc probing frame */ 3911 if (!ifmgd->probe_send_count) 3912 ieee80211_reset_ap_probe(sdata); 3913 else if (ifmgd->nullfunc_failed) { 3914 if (ifmgd->probe_send_count < max_tries) { 3915 mlme_dbg(sdata, 3916 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3917 bssid, ifmgd->probe_send_count, 3918 max_tries); 3919 ieee80211_mgd_probe_ap_send(sdata); 3920 } else { 3921 mlme_dbg(sdata, 3922 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3923 bssid); 3924 ieee80211_sta_connection_lost(sdata, bssid, 3925 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3926 false); 3927 } 3928 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3929 run_again(sdata, ifmgd->probe_timeout); 3930 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) { 3931 mlme_dbg(sdata, 3932 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3933 bssid, probe_wait_ms); 3934 ieee80211_sta_connection_lost(sdata, bssid, 3935 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3936 } else if (ifmgd->probe_send_count < max_tries) { 3937 mlme_dbg(sdata, 3938 "No probe response from AP %pM after %dms, try %d/%i\n", 3939 bssid, probe_wait_ms, 3940 ifmgd->probe_send_count, max_tries); 3941 ieee80211_mgd_probe_ap_send(sdata); 3942 } else { 3943 /* 3944 * We actually lost the connection ... or did we? 3945 * Let's make sure! 3946 */ 3947 wiphy_debug(local->hw.wiphy, 3948 "%s: No probe response from AP %pM" 3949 " after %dms, disconnecting.\n", 3950 sdata->name, 3951 bssid, probe_wait_ms); 3952 3953 ieee80211_sta_connection_lost(sdata, bssid, 3954 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3955 } 3956 } 3957 3958 sdata_unlock(sdata); 3959} 3960 3961static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3962{ 3963 struct ieee80211_sub_if_data *sdata = 3964 (struct ieee80211_sub_if_data *) data; 3965 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3966 3967 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) 3968 return; 3969 3970 sdata->u.mgd.connection_loss = false; 3971 ieee80211_queue_work(&sdata->local->hw, 3972 &sdata->u.mgd.beacon_connection_loss_work); 3973} 3974 3975static void ieee80211_sta_conn_mon_timer(unsigned long data) 3976{ 3977 struct ieee80211_sub_if_data *sdata = 3978 (struct ieee80211_sub_if_data *) data; 3979 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3980 struct ieee80211_local *local = sdata->local; 3981 3982 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) 3983 return; 3984 3985 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3986} 3987 3988static void ieee80211_sta_monitor_work(struct work_struct *work) 3989{ 3990 struct ieee80211_sub_if_data *sdata = 3991 container_of(work, struct ieee80211_sub_if_data, 3992 u.mgd.monitor_work); 3993 3994 ieee80211_mgd_probe_ap(sdata, false); 3995} 3996 3997static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3998{ 3999 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 4000 __ieee80211_stop_poll(sdata); 4001 4002 /* let's probe the connection once */ 4003 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 4004 ieee80211_queue_work(&sdata->local->hw, 4005 &sdata->u.mgd.monitor_work); 4006 } 4007} 4008 4009#ifdef CONFIG_PM 4010void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata) 4011{ 4012 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4013 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4014 4015 sdata_lock(sdata); 4016 4017 if (ifmgd->auth_data || ifmgd->assoc_data) { 4018 const u8 *bssid = ifmgd->auth_data ? 4019 ifmgd->auth_data->bss->bssid : 4020 ifmgd->assoc_data->bss->bssid; 4021 4022 /* 4023 * If we are trying to authenticate / associate while suspending, 4024 * cfg80211 won't know and won't actually abort those attempts, 4025 * thus we need to do that ourselves. 4026 */ 4027 ieee80211_send_deauth_disassoc(sdata, bssid, 4028 IEEE80211_STYPE_DEAUTH, 4029 WLAN_REASON_DEAUTH_LEAVING, 4030 false, frame_buf); 4031 if (ifmgd->assoc_data) 4032 ieee80211_destroy_assoc_data(sdata, false); 4033 if (ifmgd->auth_data) 4034 ieee80211_destroy_auth_data(sdata, false); 4035 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4036 IEEE80211_DEAUTH_FRAME_LEN); 4037 } 4038 4039 /* This is a bit of a hack - we should find a better and more generic 4040 * solution to this. Normally when suspending, cfg80211 will in fact 4041 * deauthenticate. However, it doesn't (and cannot) stop an ongoing 4042 * auth (not so important) or assoc (this is the problem) process. 4043 * 4044 * As a consequence, it can happen that we are in the process of both 4045 * associating and suspending, and receive an association response 4046 * after cfg80211 has checked if it needs to disconnect, but before 4047 * we actually set the flag to drop incoming frames. This will then 4048 * cause the workqueue flush to process the association response in 4049 * the suspend, resulting in a successful association just before it 4050 * tries to remove the interface from the driver, which now though 4051 * has a channel context assigned ... this results in issues. 4052 * 4053 * To work around this (for now) simply deauth here again if we're 4054 * now connected. 4055 */ 4056 if (ifmgd->associated && !sdata->local->wowlan) { 4057 u8 bssid[ETH_ALEN]; 4058 struct cfg80211_deauth_request req = { 4059 .reason_code = WLAN_REASON_DEAUTH_LEAVING, 4060 .bssid = bssid, 4061 }; 4062 4063 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 4064 ieee80211_mgd_deauth(sdata, &req); 4065 } 4066 4067 sdata_unlock(sdata); 4068} 4069 4070void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 4071{ 4072 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4073 4074 sdata_lock(sdata); 4075 if (!ifmgd->associated) { 4076 sdata_unlock(sdata); 4077 return; 4078 } 4079 4080 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 4081 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 4082 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 4083 ieee80211_sta_connection_lost(sdata, 4084 ifmgd->associated->bssid, 4085 WLAN_REASON_UNSPECIFIED, 4086 true); 4087 sdata_unlock(sdata); 4088 return; 4089 } 4090 sdata_unlock(sdata); 4091} 4092#endif 4093 4094/* interface setup */ 4095void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 4096{ 4097 struct ieee80211_if_managed *ifmgd; 4098 4099 ifmgd = &sdata->u.mgd; 4100 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 4101 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 4102 INIT_WORK(&ifmgd->beacon_connection_loss_work, 4103 ieee80211_beacon_connection_loss_work); 4104 INIT_WORK(&ifmgd->csa_connection_drop_work, 4105 ieee80211_csa_connection_drop_work); 4106 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work); 4107 INIT_DELAYED_WORK(&ifmgd->tdls_peer_del_work, 4108 ieee80211_tdls_peer_del_work); 4109 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 4110 (unsigned long) sdata); 4111 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 4112 (unsigned long) sdata); 4113 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 4114 (unsigned long) sdata); 4115 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 4116 (unsigned long) sdata); 4117 INIT_DELAYED_WORK(&ifmgd->tx_tspec_wk, 4118 ieee80211_sta_handle_tspec_ac_params_wk); 4119 4120 ifmgd->flags = 0; 4121 ifmgd->powersave = sdata->wdev.ps; 4122 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 4123 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 4124 ifmgd->p2p_noa_index = -1; 4125 4126 if (sdata->local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS) 4127 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 4128 else 4129 ifmgd->req_smps = IEEE80211_SMPS_OFF; 4130 4131 /* Setup TDLS data */ 4132 spin_lock_init(&ifmgd->teardown_lock); 4133 ifmgd->teardown_skb = NULL; 4134 ifmgd->orig_teardown_skb = NULL; 4135} 4136 4137/* scan finished notification */ 4138void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 4139{ 4140 struct ieee80211_sub_if_data *sdata; 4141 4142 /* Restart STA timers */ 4143 rcu_read_lock(); 4144 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 4145 if (ieee80211_sdata_running(sdata)) 4146 ieee80211_restart_sta_timer(sdata); 4147 } 4148 rcu_read_unlock(); 4149} 4150 4151static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 4152 struct cfg80211_bss *cbss) 4153{ 4154 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4155 const u8 *ht_cap_ie, *vht_cap_ie; 4156 const struct ieee80211_ht_cap *ht_cap; 4157 const struct ieee80211_vht_cap *vht_cap; 4158 u8 chains = 1; 4159 4160 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 4161 return chains; 4162 4163 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 4164 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 4165 ht_cap = (void *)(ht_cap_ie + 2); 4166 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 4167 /* 4168 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 4169 * "Tx Unequal Modulation Supported" fields. 4170 */ 4171 } 4172 4173 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 4174 return chains; 4175 4176 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 4177 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 4178 u8 nss; 4179 u16 tx_mcs_map; 4180 4181 vht_cap = (void *)(vht_cap_ie + 2); 4182 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 4183 for (nss = 8; nss > 0; nss--) { 4184 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 4185 IEEE80211_VHT_MCS_NOT_SUPPORTED) 4186 break; 4187 } 4188 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 4189 chains = max(chains, nss); 4190 } 4191 4192 return chains; 4193} 4194 4195static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 4196 struct cfg80211_bss *cbss) 4197{ 4198 struct ieee80211_local *local = sdata->local; 4199 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4200 const struct ieee80211_ht_cap *ht_cap = NULL; 4201 const struct ieee80211_ht_operation *ht_oper = NULL; 4202 const struct ieee80211_vht_operation *vht_oper = NULL; 4203 struct ieee80211_supported_band *sband; 4204 struct cfg80211_chan_def chandef; 4205 int ret; 4206 u32 i; 4207 bool have_80mhz; 4208 4209 sband = local->hw.wiphy->bands[cbss->channel->band]; 4210 4211 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 4212 IEEE80211_STA_DISABLE_80P80MHZ | 4213 IEEE80211_STA_DISABLE_160MHZ); 4214 4215 rcu_read_lock(); 4216 4217 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 4218 sband->ht_cap.ht_supported) { 4219 const u8 *ht_oper_ie, *ht_cap_ie; 4220 4221 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 4222 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 4223 ht_oper = (void *)(ht_oper_ie + 2); 4224 4225 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 4226 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) 4227 ht_cap = (void *)(ht_cap_ie + 2); 4228 4229 if (!ht_cap) { 4230 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4231 ht_oper = NULL; 4232 } 4233 } 4234 4235 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 4236 sband->vht_cap.vht_supported) { 4237 const u8 *vht_oper_ie, *vht_cap; 4238 4239 vht_oper_ie = ieee80211_bss_get_ie(cbss, 4240 WLAN_EID_VHT_OPERATION); 4241 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 4242 vht_oper = (void *)(vht_oper_ie + 2); 4243 if (vht_oper && !ht_oper) { 4244 vht_oper = NULL; 4245 sdata_info(sdata, 4246 "AP advertised VHT without HT, disabling both\n"); 4247 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4248 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4249 } 4250 4251 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 4252 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 4253 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4254 vht_oper = NULL; 4255 } 4256 } 4257 4258 /* Allow VHT if at least one channel on the sband supports 80 MHz */ 4259 have_80mhz = false; 4260 for (i = 0; i < sband->n_channels; i++) { 4261 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED | 4262 IEEE80211_CHAN_NO_80MHZ)) 4263 continue; 4264 4265 have_80mhz = true; 4266 break; 4267 } 4268 4269 if (!have_80mhz) 4270 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4271 4272 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 4273 cbss->channel, 4274 ht_cap, ht_oper, vht_oper, 4275 &chandef, false); 4276 4277 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 4278 local->rx_chains); 4279 4280 rcu_read_unlock(); 4281 4282 /* will change later if needed */ 4283 sdata->smps_mode = IEEE80211_SMPS_OFF; 4284 4285 mutex_lock(&local->mtx); 4286 /* 4287 * If this fails (possibly due to channel context sharing 4288 * on incompatible channels, e.g. 80+80 and 160 sharing the 4289 * same control channel) try to use a smaller bandwidth. 4290 */ 4291 ret = ieee80211_vif_use_channel(sdata, &chandef, 4292 IEEE80211_CHANCTX_SHARED); 4293 4294 /* don't downgrade for 5 and 10 MHz channels, though. */ 4295 if (chandef.width == NL80211_CHAN_WIDTH_5 || 4296 chandef.width == NL80211_CHAN_WIDTH_10) 4297 goto out; 4298 4299 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 4300 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef); 4301 ret = ieee80211_vif_use_channel(sdata, &chandef, 4302 IEEE80211_CHANCTX_SHARED); 4303 } 4304 out: 4305 mutex_unlock(&local->mtx); 4306 return ret; 4307} 4308 4309static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 4310 struct cfg80211_bss *cbss, bool assoc, 4311 bool override) 4312{ 4313 struct ieee80211_local *local = sdata->local; 4314 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4315 struct ieee80211_bss *bss = (void *)cbss->priv; 4316 struct sta_info *new_sta = NULL; 4317 struct ieee80211_supported_band *sband; 4318 bool have_sta = false; 4319 int err; 4320 4321 sband = local->hw.wiphy->bands[cbss->channel->band]; 4322 4323 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 4324 return -EINVAL; 4325 4326 if (assoc) { 4327 rcu_read_lock(); 4328 have_sta = sta_info_get(sdata, cbss->bssid); 4329 rcu_read_unlock(); 4330 } 4331 4332 if (!have_sta) { 4333 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 4334 if (!new_sta) 4335 return -ENOMEM; 4336 } 4337 4338 if (new_sta || override) { 4339 err = ieee80211_prep_channel(sdata, cbss); 4340 if (err) { 4341 if (new_sta) 4342 sta_info_free(local, new_sta); 4343 return -EINVAL; 4344 } 4345 } 4346 4347 if (new_sta) { 4348 u32 rates = 0, basic_rates = 0; 4349 bool have_higher_than_11mbit; 4350 int min_rate = INT_MAX, min_rate_index = -1; 4351 struct ieee80211_chanctx_conf *chanctx_conf; 4352 const struct cfg80211_bss_ies *ies; 4353 int shift = ieee80211_vif_get_shift(&sdata->vif); 4354 u32 rate_flags; 4355 4356 rcu_read_lock(); 4357 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 4358 if (WARN_ON(!chanctx_conf)) { 4359 rcu_read_unlock(); 4360 sta_info_free(local, new_sta); 4361 return -EINVAL; 4362 } 4363 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 4364 rcu_read_unlock(); 4365 4366 ieee80211_get_rates(sband, bss->supp_rates, 4367 bss->supp_rates_len, 4368 &rates, &basic_rates, 4369 &have_higher_than_11mbit, 4370 &min_rate, &min_rate_index, 4371 shift, rate_flags); 4372 4373 /* 4374 * This used to be a workaround for basic rates missing 4375 * in the association response frame. Now that we no 4376 * longer use the basic rates from there, it probably 4377 * doesn't happen any more, but keep the workaround so 4378 * in case some *other* APs are buggy in different ways 4379 * we can connect -- with a warning. 4380 */ 4381 if (!basic_rates && min_rate_index >= 0) { 4382 sdata_info(sdata, 4383 "No basic rates, using min rate instead\n"); 4384 basic_rates = BIT(min_rate_index); 4385 } 4386 4387 new_sta->sta.supp_rates[cbss->channel->band] = rates; 4388 sdata->vif.bss_conf.basic_rates = basic_rates; 4389 4390 /* cf. IEEE 802.11 9.2.12 */ 4391 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 4392 have_higher_than_11mbit) 4393 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 4394 else 4395 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 4396 4397 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 4398 4399 /* set timing information */ 4400 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 4401 rcu_read_lock(); 4402 ies = rcu_dereference(cbss->beacon_ies); 4403 if (ies) { 4404 const u8 *tim_ie; 4405 4406 sdata->vif.bss_conf.sync_tsf = ies->tsf; 4407 sdata->vif.bss_conf.sync_device_ts = 4408 bss->device_ts_beacon; 4409 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4410 ies->data, ies->len); 4411 if (tim_ie && tim_ie[1] >= 2) 4412 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 4413 else 4414 sdata->vif.bss_conf.sync_dtim_count = 0; 4415 } else if (!ieee80211_hw_check(&sdata->local->hw, 4416 TIMING_BEACON_ONLY)) { 4417 ies = rcu_dereference(cbss->proberesp_ies); 4418 /* must be non-NULL since beacon IEs were NULL */ 4419 sdata->vif.bss_conf.sync_tsf = ies->tsf; 4420 sdata->vif.bss_conf.sync_device_ts = 4421 bss->device_ts_presp; 4422 sdata->vif.bss_conf.sync_dtim_count = 0; 4423 } else { 4424 sdata->vif.bss_conf.sync_tsf = 0; 4425 sdata->vif.bss_conf.sync_device_ts = 0; 4426 sdata->vif.bss_conf.sync_dtim_count = 0; 4427 } 4428 rcu_read_unlock(); 4429 4430 /* tell driver about BSSID, basic rates and timing */ 4431 ieee80211_bss_info_change_notify(sdata, 4432 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 4433 BSS_CHANGED_BEACON_INT); 4434 4435 if (assoc) 4436 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 4437 4438 err = sta_info_insert(new_sta); 4439 new_sta = NULL; 4440 if (err) { 4441 sdata_info(sdata, 4442 "failed to insert STA entry for the AP (error %d)\n", 4443 err); 4444 return err; 4445 } 4446 } else 4447 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 4448 4449 /* Cancel scan to ensure that nothing interferes with connection */ 4450 if (local->scanning) 4451 ieee80211_scan_cancel(local); 4452 4453 return 0; 4454} 4455 4456/* config hooks */ 4457int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 4458 struct cfg80211_auth_request *req) 4459{ 4460 struct ieee80211_local *local = sdata->local; 4461 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4462 struct ieee80211_mgd_auth_data *auth_data; 4463 u16 auth_alg; 4464 int err; 4465 4466 /* prepare auth data structure */ 4467 4468 switch (req->auth_type) { 4469 case NL80211_AUTHTYPE_OPEN_SYSTEM: 4470 auth_alg = WLAN_AUTH_OPEN; 4471 break; 4472 case NL80211_AUTHTYPE_SHARED_KEY: 4473 if (IS_ERR(local->wep_tx_tfm)) 4474 return -EOPNOTSUPP; 4475 auth_alg = WLAN_AUTH_SHARED_KEY; 4476 break; 4477 case NL80211_AUTHTYPE_FT: 4478 auth_alg = WLAN_AUTH_FT; 4479 break; 4480 case NL80211_AUTHTYPE_NETWORK_EAP: 4481 auth_alg = WLAN_AUTH_LEAP; 4482 break; 4483 case NL80211_AUTHTYPE_SAE: 4484 auth_alg = WLAN_AUTH_SAE; 4485 break; 4486 default: 4487 return -EOPNOTSUPP; 4488 } 4489 4490 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 4491 req->ie_len, GFP_KERNEL); 4492 if (!auth_data) 4493 return -ENOMEM; 4494 4495 auth_data->bss = req->bss; 4496 4497 if (req->sae_data_len >= 4) { 4498 __le16 *pos = (__le16 *) req->sae_data; 4499 auth_data->sae_trans = le16_to_cpu(pos[0]); 4500 auth_data->sae_status = le16_to_cpu(pos[1]); 4501 memcpy(auth_data->data, req->sae_data + 4, 4502 req->sae_data_len - 4); 4503 auth_data->data_len += req->sae_data_len - 4; 4504 } 4505 4506 if (req->ie && req->ie_len) { 4507 memcpy(&auth_data->data[auth_data->data_len], 4508 req->ie, req->ie_len); 4509 auth_data->data_len += req->ie_len; 4510 } 4511 4512 if (req->key && req->key_len) { 4513 auth_data->key_len = req->key_len; 4514 auth_data->key_idx = req->key_idx; 4515 memcpy(auth_data->key, req->key, req->key_len); 4516 } 4517 4518 auth_data->algorithm = auth_alg; 4519 4520 /* try to authenticate/probe */ 4521 4522 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 4523 ifmgd->assoc_data) { 4524 err = -EBUSY; 4525 goto err_free; 4526 } 4527 4528 if (ifmgd->auth_data) 4529 ieee80211_destroy_auth_data(sdata, false); 4530 4531 /* prep auth_data so we don't go into idle on disassoc */ 4532 ifmgd->auth_data = auth_data; 4533 4534 if (ifmgd->associated) { 4535 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4536 4537 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4538 WLAN_REASON_UNSPECIFIED, 4539 false, frame_buf); 4540 4541 ieee80211_report_disconnect(sdata, frame_buf, 4542 sizeof(frame_buf), true, 4543 WLAN_REASON_UNSPECIFIED); 4544 } 4545 4546 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 4547 4548 err = ieee80211_prep_connection(sdata, req->bss, false, false); 4549 if (err) 4550 goto err_clear; 4551 4552 err = ieee80211_auth(sdata); 4553 if (err) { 4554 sta_info_destroy_addr(sdata, req->bss->bssid); 4555 goto err_clear; 4556 } 4557 4558 /* hold our own reference */ 4559 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 4560 return 0; 4561 4562 err_clear: 4563 eth_zero_addr(ifmgd->bssid); 4564 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4565 ifmgd->auth_data = NULL; 4566 mutex_lock(&sdata->local->mtx); 4567 ieee80211_vif_release_channel(sdata); 4568 mutex_unlock(&sdata->local->mtx); 4569 err_free: 4570 kfree(auth_data); 4571 return err; 4572} 4573 4574int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 4575 struct cfg80211_assoc_request *req) 4576{ 4577 struct ieee80211_local *local = sdata->local; 4578 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4579 struct ieee80211_bss *bss = (void *)req->bss->priv; 4580 struct ieee80211_mgd_assoc_data *assoc_data; 4581 const struct cfg80211_bss_ies *beacon_ies; 4582 struct ieee80211_supported_band *sband; 4583 const u8 *ssidie, *ht_ie, *vht_ie; 4584 int i, err; 4585 bool override = false; 4586 4587 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 4588 if (!assoc_data) 4589 return -ENOMEM; 4590 4591 rcu_read_lock(); 4592 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 4593 if (!ssidie) { 4594 rcu_read_unlock(); 4595 kfree(assoc_data); 4596 return -EINVAL; 4597 } 4598 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4599 assoc_data->ssid_len = ssidie[1]; 4600 rcu_read_unlock(); 4601 4602 if (ifmgd->associated) { 4603 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4604 4605 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4606 WLAN_REASON_UNSPECIFIED, 4607 false, frame_buf); 4608 4609 ieee80211_report_disconnect(sdata, frame_buf, 4610 sizeof(frame_buf), true, 4611 WLAN_REASON_UNSPECIFIED); 4612 } 4613 4614 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4615 err = -EBUSY; 4616 goto err_free; 4617 } 4618 4619 if (ifmgd->assoc_data) { 4620 err = -EBUSY; 4621 goto err_free; 4622 } 4623 4624 if (ifmgd->auth_data) { 4625 bool match; 4626 4627 /* keep sta info, bssid if matching */ 4628 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4629 ieee80211_destroy_auth_data(sdata, match); 4630 } 4631 4632 /* prepare assoc data */ 4633 4634 ifmgd->beacon_crc_valid = false; 4635 4636 assoc_data->wmm = bss->wmm_used && 4637 (local->hw.queues >= IEEE80211_NUM_ACS); 4638 4639 /* 4640 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4641 * We still associate in non-HT mode (11a/b/g) if any one of these 4642 * ciphers is configured as pairwise. 4643 * We can set this to true for non-11n hardware, that'll be checked 4644 * separately along with the peer capabilities. 4645 */ 4646 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4647 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4648 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4649 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4650 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4651 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4652 netdev_info(sdata->dev, 4653 "disabling HT/VHT due to WEP/TKIP use\n"); 4654 } 4655 } 4656 4657 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4658 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4659 if (!sband->ht_cap.ht_supported || 4660 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4661 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4662 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4663 if (!bss->wmm_used && 4664 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4665 netdev_info(sdata->dev, 4666 "disabling HT as WMM/QoS is not supported by the AP\n"); 4667 } 4668 4669 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4670 if (!sband->vht_cap.vht_supported || 4671 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4672 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4673 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4674 if (!bss->wmm_used && 4675 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4676 netdev_info(sdata->dev, 4677 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4678 } 4679 4680 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4681 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4682 sizeof(ifmgd->ht_capa_mask)); 4683 4684 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4685 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4686 sizeof(ifmgd->vht_capa_mask)); 4687 4688 if (req->ie && req->ie_len) { 4689 memcpy(assoc_data->ie, req->ie, req->ie_len); 4690 assoc_data->ie_len = req->ie_len; 4691 } 4692 4693 assoc_data->bss = req->bss; 4694 4695 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4696 if (ifmgd->powersave) 4697 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4698 else 4699 sdata->smps_mode = IEEE80211_SMPS_OFF; 4700 } else 4701 sdata->smps_mode = ifmgd->req_smps; 4702 4703 assoc_data->capability = req->bss->capability; 4704 assoc_data->supp_rates = bss->supp_rates; 4705 assoc_data->supp_rates_len = bss->supp_rates_len; 4706 4707 rcu_read_lock(); 4708 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4709 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4710 assoc_data->ap_ht_param = 4711 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4712 else 4713 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4714 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4715 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4716 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4717 sizeof(struct ieee80211_vht_cap)); 4718 else 4719 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4720 rcu_read_unlock(); 4721 4722 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) && 4723 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK), 4724 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n")) 4725 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD; 4726 4727 if (bss->wmm_used && bss->uapsd_supported && 4728 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) { 4729 assoc_data->uapsd = true; 4730 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4731 } else { 4732 assoc_data->uapsd = false; 4733 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4734 } 4735 4736 if (req->prev_bssid) 4737 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4738 4739 if (req->use_mfp) { 4740 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4741 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4742 } else { 4743 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4744 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4745 } 4746 4747 if (req->flags & ASSOC_REQ_USE_RRM) 4748 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM; 4749 else 4750 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM; 4751 4752 if (req->crypto.control_port) 4753 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4754 else 4755 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4756 4757 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4758 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4759 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto, 4760 sdata->vif.type); 4761 4762 /* kick off associate process */ 4763 4764 ifmgd->assoc_data = assoc_data; 4765 ifmgd->dtim_period = 0; 4766 ifmgd->have_beacon = false; 4767 4768 /* override HT/VHT configuration only if the AP and we support it */ 4769 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 4770 struct ieee80211_sta_ht_cap sta_ht_cap; 4771 4772 if (req->flags & ASSOC_REQ_DISABLE_HT) 4773 override = true; 4774 4775 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap)); 4776 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap); 4777 4778 /* check for 40 MHz disable override */ 4779 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ) && 4780 sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 && 4781 !(sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)) 4782 override = true; 4783 4784 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 4785 req->flags & ASSOC_REQ_DISABLE_VHT) 4786 override = true; 4787 } 4788 4789 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4790 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4791 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4792 } 4793 4794 if (req->flags & ASSOC_REQ_DISABLE_VHT) 4795 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4796 4797 err = ieee80211_prep_connection(sdata, req->bss, true, override); 4798 if (err) 4799 goto err_clear; 4800 4801 rcu_read_lock(); 4802 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4803 4804 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC) && 4805 !beacon_ies) { 4806 /* 4807 * Wait up to one beacon interval ... 4808 * should this be more if we miss one? 4809 */ 4810 sdata_info(sdata, "waiting for beacon from %pM\n", 4811 ifmgd->bssid); 4812 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4813 assoc_data->timeout_started = true; 4814 assoc_data->need_beacon = true; 4815 } else if (beacon_ies) { 4816 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4817 beacon_ies->data, 4818 beacon_ies->len); 4819 u8 dtim_count = 0; 4820 4821 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4822 const struct ieee80211_tim_ie *tim; 4823 tim = (void *)(tim_ie + 2); 4824 ifmgd->dtim_period = tim->dtim_period; 4825 dtim_count = tim->dtim_count; 4826 } 4827 ifmgd->have_beacon = true; 4828 assoc_data->timeout = jiffies; 4829 assoc_data->timeout_started = true; 4830 4831 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) { 4832 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4833 sdata->vif.bss_conf.sync_device_ts = 4834 bss->device_ts_beacon; 4835 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4836 } 4837 } else { 4838 assoc_data->timeout = jiffies; 4839 assoc_data->timeout_started = true; 4840 } 4841 rcu_read_unlock(); 4842 4843 run_again(sdata, assoc_data->timeout); 4844 4845 if (bss->corrupt_data) { 4846 char *corrupt_type = "data"; 4847 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4848 if (bss->corrupt_data & 4849 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4850 corrupt_type = "beacon and probe response"; 4851 else 4852 corrupt_type = "beacon"; 4853 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4854 corrupt_type = "probe response"; 4855 sdata_info(sdata, "associating with AP with corrupt %s\n", 4856 corrupt_type); 4857 } 4858 4859 return 0; 4860 err_clear: 4861 eth_zero_addr(ifmgd->bssid); 4862 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4863 ifmgd->assoc_data = NULL; 4864 err_free: 4865 kfree(assoc_data); 4866 return err; 4867} 4868 4869int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4870 struct cfg80211_deauth_request *req) 4871{ 4872 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4873 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4874 bool tx = !req->local_state_change; 4875 4876 if (ifmgd->auth_data && 4877 ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) { 4878 sdata_info(sdata, 4879 "aborting authentication with %pM by local choice (Reason: %u=%s)\n", 4880 req->bssid, req->reason_code, 4881 ieee80211_get_reason_code_string(req->reason_code)); 4882 4883 drv_mgd_prepare_tx(sdata->local, sdata); 4884 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4885 IEEE80211_STYPE_DEAUTH, 4886 req->reason_code, tx, 4887 frame_buf); 4888 ieee80211_destroy_auth_data(sdata, false); 4889 ieee80211_report_disconnect(sdata, frame_buf, 4890 sizeof(frame_buf), true, 4891 req->reason_code); 4892 4893 return 0; 4894 } 4895 4896 if (ifmgd->assoc_data && 4897 ether_addr_equal(ifmgd->assoc_data->bss->bssid, req->bssid)) { 4898 sdata_info(sdata, 4899 "aborting association with %pM by local choice (Reason: %u=%s)\n", 4900 req->bssid, req->reason_code, 4901 ieee80211_get_reason_code_string(req->reason_code)); 4902 4903 drv_mgd_prepare_tx(sdata->local, sdata); 4904 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4905 IEEE80211_STYPE_DEAUTH, 4906 req->reason_code, tx, 4907 frame_buf); 4908 ieee80211_destroy_assoc_data(sdata, false); 4909 ieee80211_report_disconnect(sdata, frame_buf, 4910 sizeof(frame_buf), true, 4911 req->reason_code); 4912 return 0; 4913 } 4914 4915 if (ifmgd->associated && 4916 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4917 sdata_info(sdata, 4918 "deauthenticating from %pM by local choice (Reason: %u=%s)\n", 4919 req->bssid, req->reason_code, 4920 ieee80211_get_reason_code_string(req->reason_code)); 4921 4922 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4923 req->reason_code, tx, frame_buf); 4924 ieee80211_report_disconnect(sdata, frame_buf, 4925 sizeof(frame_buf), true, 4926 req->reason_code); 4927 return 0; 4928 } 4929 4930 return -ENOTCONN; 4931} 4932 4933int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4934 struct cfg80211_disassoc_request *req) 4935{ 4936 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4937 u8 bssid[ETH_ALEN]; 4938 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4939 4940 /* 4941 * cfg80211 should catch this ... but it's racy since 4942 * we can receive a disassoc frame, process it, hand it 4943 * to cfg80211 while that's in a locked section already 4944 * trying to tell us that the user wants to disconnect. 4945 */ 4946 if (ifmgd->associated != req->bss) 4947 return -ENOLINK; 4948 4949 sdata_info(sdata, 4950 "disassociating from %pM by local choice (Reason: %u=%s)\n", 4951 req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code)); 4952 4953 memcpy(bssid, req->bss->bssid, ETH_ALEN); 4954 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 4955 req->reason_code, !req->local_state_change, 4956 frame_buf); 4957 4958 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true, 4959 req->reason_code); 4960 4961 return 0; 4962} 4963 4964void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 4965{ 4966 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4967 4968 /* 4969 * Make sure some work items will not run after this, 4970 * they will not do anything but might not have been 4971 * cancelled when disconnecting. 4972 */ 4973 cancel_work_sync(&ifmgd->monitor_work); 4974 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 4975 cancel_work_sync(&ifmgd->request_smps_work); 4976 cancel_work_sync(&ifmgd->csa_connection_drop_work); 4977 cancel_work_sync(&ifmgd->chswitch_work); 4978 cancel_delayed_work_sync(&ifmgd->tdls_peer_del_work); 4979 4980 sdata_lock(sdata); 4981 if (ifmgd->assoc_data) { 4982 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 4983 ieee80211_destroy_assoc_data(sdata, false); 4984 cfg80211_assoc_timeout(sdata->dev, bss); 4985 } 4986 if (ifmgd->auth_data) 4987 ieee80211_destroy_auth_data(sdata, false); 4988 spin_lock_bh(&ifmgd->teardown_lock); 4989 if (ifmgd->teardown_skb) { 4990 kfree_skb(ifmgd->teardown_skb); 4991 ifmgd->teardown_skb = NULL; 4992 ifmgd->orig_teardown_skb = NULL; 4993 } 4994 spin_unlock_bh(&ifmgd->teardown_lock); 4995 del_timer_sync(&ifmgd->timer); 4996 sdata_unlock(sdata); 4997} 4998 4999void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 5000 enum nl80211_cqm_rssi_threshold_event rssi_event, 5001 gfp_t gfp) 5002{ 5003 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 5004 5005 trace_api_cqm_rssi_notify(sdata, rssi_event); 5006 5007 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 5008} 5009EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 5010 5011void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp) 5012{ 5013 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 5014 5015 trace_api_cqm_beacon_loss_notify(sdata->local, sdata); 5016 5017 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp); 5018} 5019EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify); 5020