1/* 2 * BSS client mode implementation 3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright 2004, Instant802 Networks, Inc. 5 * Copyright 2005, Devicescape Software, Inc. 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * Copyright 2013-2014 Intel Mobile Communications GmbH 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License version 2 as 12 * published by the Free Software Foundation. 13 */ 14 15#include <linux/delay.h> 16#include <linux/if_ether.h> 17#include <linux/skbuff.h> 18#include <linux/if_arp.h> 19#include <linux/etherdevice.h> 20#include <linux/moduleparam.h> 21#include <linux/rtnetlink.h> 22#include <linux/pm_qos.h> 23#include <linux/crc32.h> 24#include <linux/slab.h> 25#include <linux/export.h> 26#include <net/mac80211.h> 27#include <asm/unaligned.h> 28 29#include "ieee80211_i.h" 30#include "driver-ops.h" 31#include "rate.h" 32#include "led.h" 33 34#define IEEE80211_AUTH_TIMEOUT (HZ / 5) 35#define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) 36#define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 37#define IEEE80211_AUTH_MAX_TRIES 3 38#define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 39#define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 40#define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 41#define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 42#define IEEE80211_ASSOC_MAX_TRIES 3 43 44static int max_nullfunc_tries = 2; 45module_param(max_nullfunc_tries, int, 0644); 46MODULE_PARM_DESC(max_nullfunc_tries, 47 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 48 49static int max_probe_tries = 5; 50module_param(max_probe_tries, int, 0644); 51MODULE_PARM_DESC(max_probe_tries, 52 "Maximum probe tries before disconnecting (reason 4)."); 53 54/* 55 * Beacon loss timeout is calculated as N frames times the 56 * advertised beacon interval. This may need to be somewhat 57 * higher than what hardware might detect to account for 58 * delays in the host processing frames. But since we also 59 * probe on beacon miss before declaring the connection lost 60 * default to what we want. 61 */ 62static int beacon_loss_count = 7; 63module_param(beacon_loss_count, int, 0644); 64MODULE_PARM_DESC(beacon_loss_count, 65 "Number of beacon intervals before we decide beacon was lost."); 66 67/* 68 * Time the connection can be idle before we probe 69 * it to see if we can still talk to the AP. 70 */ 71#define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 72/* 73 * Time we wait for a probe response after sending 74 * a probe request because of beacon loss or for 75 * checking the connection still works. 76 */ 77static int probe_wait_ms = 500; 78module_param(probe_wait_ms, int, 0644); 79MODULE_PARM_DESC(probe_wait_ms, 80 "Maximum time(ms) to wait for probe response" 81 " before disconnecting (reason 4)."); 82 83/* 84 * Weight given to the latest Beacon frame when calculating average signal 85 * strength for Beacon frames received in the current BSS. This must be 86 * between 1 and 15. 87 */ 88#define IEEE80211_SIGNAL_AVE_WEIGHT 3 89 90/* 91 * How many Beacon frames need to have been used in average signal strength 92 * before starting to indicate signal change events. 93 */ 94#define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 95 96/* 97 * We can have multiple work items (and connection probing) 98 * scheduling this timer, but we need to take care to only 99 * reschedule it when it should fire _earlier_ than it was 100 * asked for before, or if it's not pending right now. This 101 * function ensures that. Note that it then is required to 102 * run this function for all timeouts after the first one 103 * has happened -- the work that runs from this timer will 104 * do that. 105 */ 106static void run_again(struct ieee80211_sub_if_data *sdata, 107 unsigned long timeout) 108{ 109 sdata_assert_lock(sdata); 110 111 if (!timer_pending(&sdata->u.mgd.timer) || 112 time_before(timeout, sdata->u.mgd.timer.expires)) 113 mod_timer(&sdata->u.mgd.timer, timeout); 114} 115 116void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 117{ 118 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 119 return; 120 121 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 122 return; 123 124 mod_timer(&sdata->u.mgd.bcn_mon_timer, 125 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 126} 127 128void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 129{ 130 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 131 132 if (unlikely(!sdata->u.mgd.associated)) 133 return; 134 135 ifmgd->probe_send_count = 0; 136 137 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 138 return; 139 140 mod_timer(&sdata->u.mgd.conn_mon_timer, 141 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 142} 143 144static int ecw2cw(int ecw) 145{ 146 return (1 << ecw) - 1; 147} 148 149static u32 150ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 151 struct ieee80211_supported_band *sband, 152 struct ieee80211_channel *channel, 153 const struct ieee80211_ht_cap *ht_cap, 154 const struct ieee80211_ht_operation *ht_oper, 155 const struct ieee80211_vht_operation *vht_oper, 156 struct cfg80211_chan_def *chandef, bool tracking) 157{ 158 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 159 struct cfg80211_chan_def vht_chandef; 160 struct ieee80211_sta_ht_cap sta_ht_cap; 161 u32 ht_cfreq, ret; 162 163 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap)); 164 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap); 165 166 chandef->chan = channel; 167 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 168 chandef->center_freq1 = channel->center_freq; 169 chandef->center_freq2 = 0; 170 171 if (!ht_cap || !ht_oper || !sta_ht_cap.ht_supported) { 172 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 173 goto out; 174 } 175 176 chandef->width = NL80211_CHAN_WIDTH_20; 177 178 if (!(ht_cap->cap_info & 179 cpu_to_le16(IEEE80211_HT_CAP_SUP_WIDTH_20_40))) { 180 ret = IEEE80211_STA_DISABLE_40MHZ; 181 vht_chandef = *chandef; 182 goto out; 183 } 184 185 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 186 channel->band); 187 /* check that channel matches the right operating channel */ 188 if (!tracking && channel->center_freq != ht_cfreq) { 189 /* 190 * It's possible that some APs are confused here; 191 * Netgear WNDR3700 sometimes reports 4 higher than 192 * the actual channel in association responses, but 193 * since we look at probe response/beacon data here 194 * it should be OK. 195 */ 196 sdata_info(sdata, 197 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 198 channel->center_freq, ht_cfreq, 199 ht_oper->primary_chan, channel->band); 200 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT; 201 goto out; 202 } 203 204 /* check 40 MHz support, if we have it */ 205 if (sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 206 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 207 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 208 chandef->width = NL80211_CHAN_WIDTH_40; 209 chandef->center_freq1 += 10; 210 break; 211 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 212 chandef->width = NL80211_CHAN_WIDTH_40; 213 chandef->center_freq1 -= 10; 214 break; 215 } 216 } else { 217 /* 40 MHz (and 80 MHz) must be supported for VHT */ 218 ret = IEEE80211_STA_DISABLE_VHT; 219 /* also mark 40 MHz disabled */ 220 ret |= IEEE80211_STA_DISABLE_40MHZ; 221 goto out; 222 } 223 224 if (!vht_oper || !sband->vht_cap.vht_supported) { 225 ret = IEEE80211_STA_DISABLE_VHT; 226 goto out; 227 } 228 229 vht_chandef.chan = channel; 230 vht_chandef.center_freq1 = 231 ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 232 channel->band); 233 vht_chandef.center_freq2 = 0; 234 235 switch (vht_oper->chan_width) { 236 case IEEE80211_VHT_CHANWIDTH_USE_HT: 237 vht_chandef.width = chandef->width; 238 vht_chandef.center_freq1 = chandef->center_freq1; 239 break; 240 case IEEE80211_VHT_CHANWIDTH_80MHZ: 241 vht_chandef.width = NL80211_CHAN_WIDTH_80; 242 break; 243 case IEEE80211_VHT_CHANWIDTH_160MHZ: 244 vht_chandef.width = NL80211_CHAN_WIDTH_160; 245 break; 246 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 247 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 248 vht_chandef.center_freq2 = 249 ieee80211_channel_to_frequency( 250 vht_oper->center_freq_seg2_idx, 251 channel->band); 252 break; 253 default: 254 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 255 sdata_info(sdata, 256 "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 257 vht_oper->chan_width); 258 ret = IEEE80211_STA_DISABLE_VHT; 259 goto out; 260 } 261 262 if (!cfg80211_chandef_valid(&vht_chandef)) { 263 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 264 sdata_info(sdata, 265 "AP VHT information is invalid, disable VHT\n"); 266 ret = IEEE80211_STA_DISABLE_VHT; 267 goto out; 268 } 269 270 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 271 ret = 0; 272 goto out; 273 } 274 275 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 276 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 277 sdata_info(sdata, 278 "AP VHT information doesn't match HT, disable VHT\n"); 279 ret = IEEE80211_STA_DISABLE_VHT; 280 goto out; 281 } 282 283 *chandef = vht_chandef; 284 285 ret = 0; 286 287out: 288 /* 289 * When tracking the current AP, don't do any further checks if the 290 * new chandef is identical to the one we're currently using for the 291 * connection. This keeps us from playing ping-pong with regulatory, 292 * without it the following can happen (for example): 293 * - connect to an AP with 80 MHz, world regdom allows 80 MHz 294 * - AP advertises regdom US 295 * - CRDA loads regdom US with 80 MHz prohibited (old database) 296 * - the code below detects an unsupported channel, downgrades, and 297 * we disconnect from the AP in the caller 298 * - disconnect causes CRDA to reload world regdomain and the game 299 * starts anew. 300 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881) 301 * 302 * It seems possible that there are still scenarios with CSA or real 303 * bandwidth changes where a this could happen, but those cases are 304 * less common and wouldn't completely prevent using the AP. 305 */ 306 if (tracking && 307 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef)) 308 return ret; 309 310 /* don't print the message below for VHT mismatch if VHT is disabled */ 311 if (ret & IEEE80211_STA_DISABLE_VHT) 312 vht_chandef = *chandef; 313 314 /* 315 * Ignore the DISABLED flag when we're already connected and only 316 * tracking the APs beacon for bandwidth changes - otherwise we 317 * might get disconnected here if we connect to an AP, update our 318 * regulatory information based on the AP's country IE and the 319 * information we have is wrong/outdated and disables the channel 320 * that we're actually using for the connection to the AP. 321 */ 322 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 323 tracking ? 0 : 324 IEEE80211_CHAN_DISABLED)) { 325 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 326 ret = IEEE80211_STA_DISABLE_HT | 327 IEEE80211_STA_DISABLE_VHT; 328 break; 329 } 330 331 ret |= ieee80211_chandef_downgrade(chandef); 332 } 333 334 if (chandef->width != vht_chandef.width && !tracking) 335 sdata_info(sdata, 336 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 337 338 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 339 return ret; 340} 341 342static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 343 struct sta_info *sta, 344 const struct ieee80211_ht_cap *ht_cap, 345 const struct ieee80211_ht_operation *ht_oper, 346 const struct ieee80211_vht_operation *vht_oper, 347 const u8 *bssid, u32 *changed) 348{ 349 struct ieee80211_local *local = sdata->local; 350 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 351 struct ieee80211_supported_band *sband; 352 struct ieee80211_channel *chan; 353 struct cfg80211_chan_def chandef; 354 u16 ht_opmode; 355 u32 flags; 356 enum ieee80211_sta_rx_bandwidth new_sta_bw; 357 int ret; 358 359 /* if HT was/is disabled, don't track any bandwidth changes */ 360 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 361 return 0; 362 363 /* don't check VHT if we associated as non-VHT station */ 364 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 365 vht_oper = NULL; 366 367 if (WARN_ON_ONCE(!sta)) 368 return -EINVAL; 369 370 /* 371 * if bss configuration changed store the new one - 372 * this may be applicable even if channel is identical 373 */ 374 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 375 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 376 *changed |= BSS_CHANGED_HT; 377 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 378 } 379 380 chan = sdata->vif.bss_conf.chandef.chan; 381 sband = local->hw.wiphy->bands[chan->band]; 382 383 /* calculate new channel (type) based on HT/VHT operation IEs */ 384 flags = ieee80211_determine_chantype(sdata, sband, chan, 385 ht_cap, ht_oper, vht_oper, 386 &chandef, true); 387 388 /* 389 * Downgrade the new channel if we associated with restricted 390 * capabilities. For example, if we associated as a 20 MHz STA 391 * to a 40 MHz AP (due to regulatory, capabilities or config 392 * reasons) then switching to a 40 MHz channel now won't do us 393 * any good -- we couldn't use it with the AP. 394 */ 395 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 396 chandef.width == NL80211_CHAN_WIDTH_80P80) 397 flags |= ieee80211_chandef_downgrade(&chandef); 398 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 399 chandef.width == NL80211_CHAN_WIDTH_160) 400 flags |= ieee80211_chandef_downgrade(&chandef); 401 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 402 chandef.width > NL80211_CHAN_WIDTH_20) 403 flags |= ieee80211_chandef_downgrade(&chandef); 404 405 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 406 return 0; 407 408 sdata_info(sdata, 409 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n", 410 ifmgd->bssid, chandef.chan->center_freq, chandef.width, 411 chandef.center_freq1, chandef.center_freq2); 412 413 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 414 IEEE80211_STA_DISABLE_VHT | 415 IEEE80211_STA_DISABLE_40MHZ | 416 IEEE80211_STA_DISABLE_80P80MHZ | 417 IEEE80211_STA_DISABLE_160MHZ)) || 418 !cfg80211_chandef_valid(&chandef)) { 419 sdata_info(sdata, 420 "AP %pM changed bandwidth in a way we can't support - disconnect\n", 421 ifmgd->bssid); 422 return -EINVAL; 423 } 424 425 switch (chandef.width) { 426 case NL80211_CHAN_WIDTH_20_NOHT: 427 case NL80211_CHAN_WIDTH_20: 428 new_sta_bw = IEEE80211_STA_RX_BW_20; 429 break; 430 case NL80211_CHAN_WIDTH_40: 431 new_sta_bw = IEEE80211_STA_RX_BW_40; 432 break; 433 case NL80211_CHAN_WIDTH_80: 434 new_sta_bw = IEEE80211_STA_RX_BW_80; 435 break; 436 case NL80211_CHAN_WIDTH_80P80: 437 case NL80211_CHAN_WIDTH_160: 438 new_sta_bw = IEEE80211_STA_RX_BW_160; 439 break; 440 default: 441 return -EINVAL; 442 } 443 444 if (new_sta_bw > sta->cur_max_bandwidth) 445 new_sta_bw = sta->cur_max_bandwidth; 446 447 if (new_sta_bw < sta->sta.bandwidth) { 448 sta->sta.bandwidth = new_sta_bw; 449 rate_control_rate_update(local, sband, sta, 450 IEEE80211_RC_BW_CHANGED); 451 } 452 453 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 454 if (ret) { 455 sdata_info(sdata, 456 "AP %pM changed bandwidth to incompatible one - disconnect\n", 457 ifmgd->bssid); 458 return ret; 459 } 460 461 if (new_sta_bw > sta->sta.bandwidth) { 462 sta->sta.bandwidth = new_sta_bw; 463 rate_control_rate_update(local, sband, sta, 464 IEEE80211_RC_BW_CHANGED); 465 } 466 467 return 0; 468} 469 470/* frame sending functions */ 471 472static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 473 struct sk_buff *skb, u8 ap_ht_param, 474 struct ieee80211_supported_band *sband, 475 struct ieee80211_channel *channel, 476 enum ieee80211_smps_mode smps) 477{ 478 u8 *pos; 479 u32 flags = channel->flags; 480 u16 cap; 481 struct ieee80211_sta_ht_cap ht_cap; 482 483 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 484 485 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 486 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 487 488 /* determine capability flags */ 489 cap = ht_cap.cap; 490 491 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 492 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 493 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 494 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 495 cap &= ~IEEE80211_HT_CAP_SGI_40; 496 } 497 break; 498 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 499 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 500 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 501 cap &= ~IEEE80211_HT_CAP_SGI_40; 502 } 503 break; 504 } 505 506 /* 507 * If 40 MHz was disabled associate as though we weren't 508 * capable of 40 MHz -- some broken APs will never fall 509 * back to trying to transmit in 20 MHz. 510 */ 511 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 512 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 513 cap &= ~IEEE80211_HT_CAP_SGI_40; 514 } 515 516 /* set SM PS mode properly */ 517 cap &= ~IEEE80211_HT_CAP_SM_PS; 518 switch (smps) { 519 case IEEE80211_SMPS_AUTOMATIC: 520 case IEEE80211_SMPS_NUM_MODES: 521 WARN_ON(1); 522 case IEEE80211_SMPS_OFF: 523 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 524 IEEE80211_HT_CAP_SM_PS_SHIFT; 525 break; 526 case IEEE80211_SMPS_STATIC: 527 cap |= WLAN_HT_CAP_SM_PS_STATIC << 528 IEEE80211_HT_CAP_SM_PS_SHIFT; 529 break; 530 case IEEE80211_SMPS_DYNAMIC: 531 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 532 IEEE80211_HT_CAP_SM_PS_SHIFT; 533 break; 534 } 535 536 /* reserve and fill IE */ 537 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 538 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 539} 540 541static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 542 struct sk_buff *skb, 543 struct ieee80211_supported_band *sband, 544 struct ieee80211_vht_cap *ap_vht_cap) 545{ 546 u8 *pos; 547 u32 cap; 548 struct ieee80211_sta_vht_cap vht_cap; 549 u32 mask, ap_bf_sts, our_bf_sts; 550 551 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 552 553 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 554 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 555 556 /* determine capability flags */ 557 cap = vht_cap.cap; 558 559 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 560 u32 bw = cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 561 562 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 563 if (bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ || 564 bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ) 565 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 566 } 567 568 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 569 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 570 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 571 } 572 573 /* 574 * Some APs apparently get confused if our capabilities are better 575 * than theirs, so restrict what we advertise in the assoc request. 576 */ 577 if (!(ap_vht_cap->vht_cap_info & 578 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 579 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 580 581 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK; 582 583 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask; 584 our_bf_sts = cap & mask; 585 586 if (ap_bf_sts < our_bf_sts) { 587 cap &= ~mask; 588 cap |= ap_bf_sts; 589 } 590 591 /* reserve and fill IE */ 592 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 593 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 594} 595 596static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 597{ 598 struct ieee80211_local *local = sdata->local; 599 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 600 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 601 struct sk_buff *skb; 602 struct ieee80211_mgmt *mgmt; 603 u8 *pos, qos_info; 604 size_t offset = 0, noffset; 605 int i, count, rates_len, supp_rates_len, shift; 606 u16 capab; 607 struct ieee80211_supported_band *sband; 608 struct ieee80211_chanctx_conf *chanctx_conf; 609 struct ieee80211_channel *chan; 610 u32 rate_flags, rates = 0; 611 612 sdata_assert_lock(sdata); 613 614 rcu_read_lock(); 615 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 616 if (WARN_ON(!chanctx_conf)) { 617 rcu_read_unlock(); 618 return; 619 } 620 chan = chanctx_conf->def.chan; 621 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 622 rcu_read_unlock(); 623 sband = local->hw.wiphy->bands[chan->band]; 624 shift = ieee80211_vif_get_shift(&sdata->vif); 625 626 if (assoc_data->supp_rates_len) { 627 /* 628 * Get all rates supported by the device and the AP as 629 * some APs don't like getting a superset of their rates 630 * in the association request (e.g. D-Link DAP 1353 in 631 * b-only mode)... 632 */ 633 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband, 634 assoc_data->supp_rates, 635 assoc_data->supp_rates_len, 636 &rates); 637 } else { 638 /* 639 * In case AP not provide any supported rates information 640 * before association, we send information element(s) with 641 * all rates that we support. 642 */ 643 rates_len = 0; 644 for (i = 0; i < sband->n_bitrates; i++) { 645 if ((rate_flags & sband->bitrates[i].flags) 646 != rate_flags) 647 continue; 648 rates |= BIT(i); 649 rates_len++; 650 } 651 } 652 653 skb = alloc_skb(local->hw.extra_tx_headroom + 654 sizeof(*mgmt) + /* bit too much but doesn't matter */ 655 2 + assoc_data->ssid_len + /* SSID */ 656 4 + rates_len + /* (extended) rates */ 657 4 + /* power capability */ 658 2 + 2 * sband->n_channels + /* supported channels */ 659 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 660 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 661 assoc_data->ie_len + /* extra IEs */ 662 9, /* WMM */ 663 GFP_KERNEL); 664 if (!skb) 665 return; 666 667 skb_reserve(skb, local->hw.extra_tx_headroom); 668 669 capab = WLAN_CAPABILITY_ESS; 670 671 if (sband->band == IEEE80211_BAND_2GHZ) { 672 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 673 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 674 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 675 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 676 } 677 678 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 679 capab |= WLAN_CAPABILITY_PRIVACY; 680 681 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 682 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 683 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 684 685 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM) 686 capab |= WLAN_CAPABILITY_RADIO_MEASURE; 687 688 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 689 memset(mgmt, 0, 24); 690 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 691 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 692 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 693 694 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 695 skb_put(skb, 10); 696 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 697 IEEE80211_STYPE_REASSOC_REQ); 698 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 699 mgmt->u.reassoc_req.listen_interval = 700 cpu_to_le16(local->hw.conf.listen_interval); 701 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 702 ETH_ALEN); 703 } else { 704 skb_put(skb, 4); 705 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 706 IEEE80211_STYPE_ASSOC_REQ); 707 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 708 mgmt->u.assoc_req.listen_interval = 709 cpu_to_le16(local->hw.conf.listen_interval); 710 } 711 712 /* SSID */ 713 pos = skb_put(skb, 2 + assoc_data->ssid_len); 714 *pos++ = WLAN_EID_SSID; 715 *pos++ = assoc_data->ssid_len; 716 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 717 718 /* add all rates which were marked to be used above */ 719 supp_rates_len = rates_len; 720 if (supp_rates_len > 8) 721 supp_rates_len = 8; 722 723 pos = skb_put(skb, supp_rates_len + 2); 724 *pos++ = WLAN_EID_SUPP_RATES; 725 *pos++ = supp_rates_len; 726 727 count = 0; 728 for (i = 0; i < sband->n_bitrates; i++) { 729 if (BIT(i) & rates) { 730 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 731 5 * (1 << shift)); 732 *pos++ = (u8) rate; 733 if (++count == 8) 734 break; 735 } 736 } 737 738 if (rates_len > count) { 739 pos = skb_put(skb, rates_len - count + 2); 740 *pos++ = WLAN_EID_EXT_SUPP_RATES; 741 *pos++ = rates_len - count; 742 743 for (i++; i < sband->n_bitrates; i++) { 744 if (BIT(i) & rates) { 745 int rate; 746 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 747 5 * (1 << shift)); 748 *pos++ = (u8) rate; 749 } 750 } 751 } 752 753 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT || 754 capab & WLAN_CAPABILITY_RADIO_MEASURE) { 755 pos = skb_put(skb, 4); 756 *pos++ = WLAN_EID_PWR_CAPABILITY; 757 *pos++ = 2; 758 *pos++ = 0; /* min tx power */ 759 /* max tx power */ 760 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def); 761 } 762 763 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 764 /* TODO: get this in reg domain format */ 765 pos = skb_put(skb, 2 * sband->n_channels + 2); 766 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 767 *pos++ = 2 * sband->n_channels; 768 for (i = 0; i < sband->n_channels; i++) { 769 *pos++ = ieee80211_frequency_to_channel( 770 sband->channels[i].center_freq); 771 *pos++ = 1; /* one channel in the subband*/ 772 } 773 } 774 775 /* if present, add any custom IEs that go before HT */ 776 if (assoc_data->ie_len) { 777 static const u8 before_ht[] = { 778 WLAN_EID_SSID, 779 WLAN_EID_SUPP_RATES, 780 WLAN_EID_EXT_SUPP_RATES, 781 WLAN_EID_PWR_CAPABILITY, 782 WLAN_EID_SUPPORTED_CHANNELS, 783 WLAN_EID_RSN, 784 WLAN_EID_QOS_CAPA, 785 WLAN_EID_RRM_ENABLED_CAPABILITIES, 786 WLAN_EID_MOBILITY_DOMAIN, 787 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */ 788 WLAN_EID_RIC_DATA, /* reassoc only */ 789 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 790 }; 791 static const u8 after_ric[] = { 792 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 793 WLAN_EID_HT_CAPABILITY, 794 WLAN_EID_BSS_COEX_2040, 795 WLAN_EID_EXT_CAPABILITY, 796 WLAN_EID_QOS_TRAFFIC_CAPA, 797 WLAN_EID_TIM_BCAST_REQ, 798 WLAN_EID_INTERWORKING, 799 /* 60GHz doesn't happen right now */ 800 WLAN_EID_VHT_CAPABILITY, 801 WLAN_EID_OPMODE_NOTIF, 802 }; 803 804 noffset = ieee80211_ie_split_ric(assoc_data->ie, 805 assoc_data->ie_len, 806 before_ht, 807 ARRAY_SIZE(before_ht), 808 after_ric, 809 ARRAY_SIZE(after_ric), 810 offset); 811 pos = skb_put(skb, noffset - offset); 812 memcpy(pos, assoc_data->ie + offset, noffset - offset); 813 offset = noffset; 814 } 815 816 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 817 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 818 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 819 820 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 821 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 822 sband, chan, sdata->smps_mode); 823 824 /* if present, add any custom IEs that go before VHT */ 825 if (assoc_data->ie_len) { 826 static const u8 before_vht[] = { 827 WLAN_EID_SSID, 828 WLAN_EID_SUPP_RATES, 829 WLAN_EID_EXT_SUPP_RATES, 830 WLAN_EID_PWR_CAPABILITY, 831 WLAN_EID_SUPPORTED_CHANNELS, 832 WLAN_EID_RSN, 833 WLAN_EID_QOS_CAPA, 834 WLAN_EID_RRM_ENABLED_CAPABILITIES, 835 WLAN_EID_MOBILITY_DOMAIN, 836 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 837 WLAN_EID_HT_CAPABILITY, 838 WLAN_EID_BSS_COEX_2040, 839 WLAN_EID_EXT_CAPABILITY, 840 WLAN_EID_QOS_TRAFFIC_CAPA, 841 WLAN_EID_TIM_BCAST_REQ, 842 WLAN_EID_INTERWORKING, 843 }; 844 845 /* RIC already taken above, so no need to handle here anymore */ 846 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 847 before_vht, ARRAY_SIZE(before_vht), 848 offset); 849 pos = skb_put(skb, noffset - offset); 850 memcpy(pos, assoc_data->ie + offset, noffset - offset); 851 offset = noffset; 852 } 853 854 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 855 ieee80211_add_vht_ie(sdata, skb, sband, 856 &assoc_data->ap_vht_cap); 857 858 /* if present, add any custom non-vendor IEs that go after HT */ 859 if (assoc_data->ie_len) { 860 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 861 assoc_data->ie_len, 862 offset); 863 pos = skb_put(skb, noffset - offset); 864 memcpy(pos, assoc_data->ie + offset, noffset - offset); 865 offset = noffset; 866 } 867 868 if (assoc_data->wmm) { 869 if (assoc_data->uapsd) { 870 qos_info = ifmgd->uapsd_queues; 871 qos_info |= (ifmgd->uapsd_max_sp_len << 872 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 873 } else { 874 qos_info = 0; 875 } 876 877 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info); 878 } 879 880 /* add any remaining custom (i.e. vendor specific here) IEs */ 881 if (assoc_data->ie_len) { 882 noffset = assoc_data->ie_len; 883 pos = skb_put(skb, noffset - offset); 884 memcpy(pos, assoc_data->ie + offset, noffset - offset); 885 } 886 887 drv_mgd_prepare_tx(local, sdata); 888 889 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 890 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 891 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 892 IEEE80211_TX_INTFL_MLME_CONN_TX; 893 ieee80211_tx_skb(sdata, skb); 894} 895 896void ieee80211_send_pspoll(struct ieee80211_local *local, 897 struct ieee80211_sub_if_data *sdata) 898{ 899 struct ieee80211_pspoll *pspoll; 900 struct sk_buff *skb; 901 902 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 903 if (!skb) 904 return; 905 906 pspoll = (struct ieee80211_pspoll *) skb->data; 907 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 908 909 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 910 ieee80211_tx_skb(sdata, skb); 911} 912 913void ieee80211_send_nullfunc(struct ieee80211_local *local, 914 struct ieee80211_sub_if_data *sdata, 915 int powersave) 916{ 917 struct sk_buff *skb; 918 struct ieee80211_hdr_3addr *nullfunc; 919 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 920 921 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif); 922 if (!skb) 923 return; 924 925 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 926 if (powersave) 927 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 928 929 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 930 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 931 932 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 933 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 934 935 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 936 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 937 938 ieee80211_tx_skb(sdata, skb); 939} 940 941static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 942 struct ieee80211_sub_if_data *sdata) 943{ 944 struct sk_buff *skb; 945 struct ieee80211_hdr *nullfunc; 946 __le16 fc; 947 948 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 949 return; 950 951 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 952 if (!skb) 953 return; 954 955 skb_reserve(skb, local->hw.extra_tx_headroom); 956 957 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30); 958 memset(nullfunc, 0, 30); 959 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 960 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 961 nullfunc->frame_control = fc; 962 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 963 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 964 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 965 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 966 967 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 968 ieee80211_tx_skb(sdata, skb); 969} 970 971/* spectrum management related things */ 972static void ieee80211_chswitch_work(struct work_struct *work) 973{ 974 struct ieee80211_sub_if_data *sdata = 975 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 976 struct ieee80211_local *local = sdata->local; 977 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 978 int ret; 979 980 if (!ieee80211_sdata_running(sdata)) 981 return; 982 983 sdata_lock(sdata); 984 mutex_lock(&local->mtx); 985 mutex_lock(&local->chanctx_mtx); 986 987 if (!ifmgd->associated) 988 goto out; 989 990 if (!sdata->vif.csa_active) 991 goto out; 992 993 /* 994 * using reservation isn't immediate as it may be deferred until later 995 * with multi-vif. once reservation is complete it will re-schedule the 996 * work with no reserved_chanctx so verify chandef to check if it 997 * completed successfully 998 */ 999 1000 if (sdata->reserved_chanctx) { 1001 /* 1002 * with multi-vif csa driver may call ieee80211_csa_finish() 1003 * many times while waiting for other interfaces to use their 1004 * reservations 1005 */ 1006 if (sdata->reserved_ready) 1007 goto out; 1008 1009 ret = ieee80211_vif_use_reserved_context(sdata); 1010 if (ret) { 1011 sdata_info(sdata, 1012 "failed to use reserved channel context, disconnecting (err=%d)\n", 1013 ret); 1014 ieee80211_queue_work(&sdata->local->hw, 1015 &ifmgd->csa_connection_drop_work); 1016 goto out; 1017 } 1018 1019 goto out; 1020 } 1021 1022 if (!cfg80211_chandef_identical(&sdata->vif.bss_conf.chandef, 1023 &sdata->csa_chandef)) { 1024 sdata_info(sdata, 1025 "failed to finalize channel switch, disconnecting\n"); 1026 ieee80211_queue_work(&sdata->local->hw, 1027 &ifmgd->csa_connection_drop_work); 1028 goto out; 1029 } 1030 1031 /* XXX: shouldn't really modify cfg80211-owned data! */ 1032 ifmgd->associated->channel = sdata->csa_chandef.chan; 1033 1034 ifmgd->csa_waiting_bcn = true; 1035 1036 ieee80211_sta_reset_beacon_monitor(sdata); 1037 ieee80211_sta_reset_conn_monitor(sdata); 1038 1039out: 1040 mutex_unlock(&local->chanctx_mtx); 1041 mutex_unlock(&local->mtx); 1042 sdata_unlock(sdata); 1043} 1044 1045static void ieee80211_chswitch_post_beacon(struct ieee80211_sub_if_data *sdata) 1046{ 1047 struct ieee80211_local *local = sdata->local; 1048 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1049 int ret; 1050 1051 sdata_assert_lock(sdata); 1052 1053 WARN_ON(!sdata->vif.csa_active); 1054 1055 if (sdata->csa_block_tx) { 1056 ieee80211_wake_vif_queues(local, sdata, 1057 IEEE80211_QUEUE_STOP_REASON_CSA); 1058 sdata->csa_block_tx = false; 1059 } 1060 1061 sdata->vif.csa_active = false; 1062 ifmgd->csa_waiting_bcn = false; 1063 1064 ret = drv_post_channel_switch(sdata); 1065 if (ret) { 1066 sdata_info(sdata, 1067 "driver post channel switch failed, disconnecting\n"); 1068 ieee80211_queue_work(&local->hw, 1069 &ifmgd->csa_connection_drop_work); 1070 return; 1071 } 1072 1073 cfg80211_ch_switch_notify(sdata->dev, &sdata->reserved_chandef); 1074} 1075 1076void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 1077{ 1078 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1079 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1080 1081 trace_api_chswitch_done(sdata, success); 1082 if (!success) { 1083 sdata_info(sdata, 1084 "driver channel switch failed, disconnecting\n"); 1085 ieee80211_queue_work(&sdata->local->hw, 1086 &ifmgd->csa_connection_drop_work); 1087 } else { 1088 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1089 } 1090} 1091EXPORT_SYMBOL(ieee80211_chswitch_done); 1092 1093static void ieee80211_chswitch_timer(unsigned long data) 1094{ 1095 struct ieee80211_sub_if_data *sdata = 1096 (struct ieee80211_sub_if_data *) data; 1097 1098 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 1099} 1100 1101static void 1102ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1103 u64 timestamp, u32 device_timestamp, 1104 struct ieee802_11_elems *elems, 1105 bool beacon) 1106{ 1107 struct ieee80211_local *local = sdata->local; 1108 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1109 struct cfg80211_bss *cbss = ifmgd->associated; 1110 struct ieee80211_chanctx_conf *conf; 1111 struct ieee80211_chanctx *chanctx; 1112 enum ieee80211_band current_band; 1113 struct ieee80211_csa_ie csa_ie; 1114 struct ieee80211_channel_switch ch_switch; 1115 int res; 1116 1117 sdata_assert_lock(sdata); 1118 1119 if (!cbss) 1120 return; 1121 1122 if (local->scanning) 1123 return; 1124 1125 /* disregard subsequent announcements if we are already processing */ 1126 if (sdata->vif.csa_active) 1127 return; 1128 1129 current_band = cbss->channel->band; 1130 memset(&csa_ie, 0, sizeof(csa_ie)); 1131 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band, 1132 ifmgd->flags, 1133 ifmgd->associated->bssid, &csa_ie); 1134 if (res < 0) 1135 ieee80211_queue_work(&local->hw, 1136 &ifmgd->csa_connection_drop_work); 1137 if (res) 1138 return; 1139 1140 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef, 1141 IEEE80211_CHAN_DISABLED)) { 1142 sdata_info(sdata, 1143 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 1144 ifmgd->associated->bssid, 1145 csa_ie.chandef.chan->center_freq, 1146 csa_ie.chandef.width, csa_ie.chandef.center_freq1, 1147 csa_ie.chandef.center_freq2); 1148 ieee80211_queue_work(&local->hw, 1149 &ifmgd->csa_connection_drop_work); 1150 return; 1151 } 1152 1153 if (cfg80211_chandef_identical(&csa_ie.chandef, 1154 &sdata->vif.bss_conf.chandef)) { 1155 if (ifmgd->csa_ignored_same_chan) 1156 return; 1157 sdata_info(sdata, 1158 "AP %pM tries to chanswitch to same channel, ignore\n", 1159 ifmgd->associated->bssid); 1160 ifmgd->csa_ignored_same_chan = true; 1161 return; 1162 } 1163 1164 mutex_lock(&local->mtx); 1165 mutex_lock(&local->chanctx_mtx); 1166 conf = rcu_dereference_protected(sdata->vif.chanctx_conf, 1167 lockdep_is_held(&local->chanctx_mtx)); 1168 if (!conf) { 1169 sdata_info(sdata, 1170 "no channel context assigned to vif?, disconnecting\n"); 1171 goto drop_connection; 1172 } 1173 1174 chanctx = container_of(conf, struct ieee80211_chanctx, conf); 1175 1176 if (local->use_chanctx && 1177 !(local->hw.flags & IEEE80211_HW_CHANCTX_STA_CSA)) { 1178 sdata_info(sdata, 1179 "driver doesn't support chan-switch with channel contexts\n"); 1180 goto drop_connection; 1181 } 1182 1183 ch_switch.timestamp = timestamp; 1184 ch_switch.device_timestamp = device_timestamp; 1185 ch_switch.block_tx = csa_ie.mode; 1186 ch_switch.chandef = csa_ie.chandef; 1187 ch_switch.count = csa_ie.count; 1188 1189 if (drv_pre_channel_switch(sdata, &ch_switch)) { 1190 sdata_info(sdata, 1191 "preparing for channel switch failed, disconnecting\n"); 1192 goto drop_connection; 1193 } 1194 1195 res = ieee80211_vif_reserve_chanctx(sdata, &csa_ie.chandef, 1196 chanctx->mode, false); 1197 if (res) { 1198 sdata_info(sdata, 1199 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n", 1200 res); 1201 goto drop_connection; 1202 } 1203 mutex_unlock(&local->chanctx_mtx); 1204 1205 sdata->vif.csa_active = true; 1206 sdata->csa_chandef = csa_ie.chandef; 1207 sdata->csa_block_tx = csa_ie.mode; 1208 ifmgd->csa_ignored_same_chan = false; 1209 1210 if (sdata->csa_block_tx) 1211 ieee80211_stop_vif_queues(local, sdata, 1212 IEEE80211_QUEUE_STOP_REASON_CSA); 1213 mutex_unlock(&local->mtx); 1214 1215 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chandef, 1216 csa_ie.count); 1217 1218 if (local->ops->channel_switch) { 1219 /* use driver's channel switch callback */ 1220 drv_channel_switch(local, sdata, &ch_switch); 1221 return; 1222 } 1223 1224 /* channel switch handled in software */ 1225 if (csa_ie.count <= 1) 1226 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1227 else 1228 mod_timer(&ifmgd->chswitch_timer, 1229 TU_TO_EXP_TIME((csa_ie.count - 1) * 1230 cbss->beacon_interval)); 1231 return; 1232 drop_connection: 1233 ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work); 1234 mutex_unlock(&local->chanctx_mtx); 1235 mutex_unlock(&local->mtx); 1236} 1237 1238static bool 1239ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata, 1240 struct ieee80211_channel *channel, 1241 const u8 *country_ie, u8 country_ie_len, 1242 const u8 *pwr_constr_elem, 1243 int *chan_pwr, int *pwr_reduction) 1244{ 1245 struct ieee80211_country_ie_triplet *triplet; 1246 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1247 int i, chan_increment; 1248 bool have_chan_pwr = false; 1249 1250 /* Invalid IE */ 1251 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1252 return false; 1253 1254 triplet = (void *)(country_ie + 3); 1255 country_ie_len -= 3; 1256 1257 switch (channel->band) { 1258 default: 1259 WARN_ON_ONCE(1); 1260 /* fall through */ 1261 case IEEE80211_BAND_2GHZ: 1262 case IEEE80211_BAND_60GHZ: 1263 chan_increment = 1; 1264 break; 1265 case IEEE80211_BAND_5GHZ: 1266 chan_increment = 4; 1267 break; 1268 } 1269 1270 /* find channel */ 1271 while (country_ie_len >= 3) { 1272 u8 first_channel = triplet->chans.first_channel; 1273 1274 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1275 goto next; 1276 1277 for (i = 0; i < triplet->chans.num_channels; i++) { 1278 if (first_channel + i * chan_increment == chan) { 1279 have_chan_pwr = true; 1280 *chan_pwr = triplet->chans.max_power; 1281 break; 1282 } 1283 } 1284 if (have_chan_pwr) 1285 break; 1286 1287 next: 1288 triplet++; 1289 country_ie_len -= 3; 1290 } 1291 1292 if (have_chan_pwr && pwr_constr_elem) 1293 *pwr_reduction = *pwr_constr_elem; 1294 else 1295 *pwr_reduction = 0; 1296 1297 return have_chan_pwr; 1298} 1299 1300static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata, 1301 struct ieee80211_channel *channel, 1302 const u8 *cisco_dtpc_ie, 1303 int *pwr_level) 1304{ 1305 /* From practical testing, the first data byte of the DTPC element 1306 * seems to contain the requested dBm level, and the CLI on Cisco 1307 * APs clearly state the range is -127 to 127 dBm, which indicates 1308 * a signed byte, although it seemingly never actually goes negative. 1309 * The other byte seems to always be zero. 1310 */ 1311 *pwr_level = (__s8)cisco_dtpc_ie[4]; 1312} 1313 1314static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1315 struct ieee80211_channel *channel, 1316 struct ieee80211_mgmt *mgmt, 1317 const u8 *country_ie, u8 country_ie_len, 1318 const u8 *pwr_constr_ie, 1319 const u8 *cisco_dtpc_ie) 1320{ 1321 bool has_80211h_pwr = false, has_cisco_pwr = false; 1322 int chan_pwr = 0, pwr_reduction_80211h = 0; 1323 int pwr_level_cisco, pwr_level_80211h; 1324 int new_ap_level; 1325 __le16 capab = mgmt->u.probe_resp.capab_info; 1326 1327 if (country_ie && 1328 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) || 1329 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) { 1330 has_80211h_pwr = ieee80211_find_80211h_pwr_constr( 1331 sdata, channel, country_ie, country_ie_len, 1332 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h); 1333 pwr_level_80211h = 1334 max_t(int, 0, chan_pwr - pwr_reduction_80211h); 1335 } 1336 1337 if (cisco_dtpc_ie) { 1338 ieee80211_find_cisco_dtpc( 1339 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco); 1340 has_cisco_pwr = true; 1341 } 1342 1343 if (!has_80211h_pwr && !has_cisco_pwr) 1344 return 0; 1345 1346 /* If we have both 802.11h and Cisco DTPC, apply both limits 1347 * by picking the smallest of the two power levels advertised. 1348 */ 1349 if (has_80211h_pwr && 1350 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) { 1351 sdata_dbg(sdata, 1352 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1353 pwr_level_80211h, chan_pwr, pwr_reduction_80211h, 1354 sdata->u.mgd.bssid); 1355 new_ap_level = pwr_level_80211h; 1356 } else { /* has_cisco_pwr is always true here. */ 1357 sdata_dbg(sdata, 1358 "Limiting TX power to %d dBm as advertised by %pM\n", 1359 pwr_level_cisco, sdata->u.mgd.bssid); 1360 new_ap_level = pwr_level_cisco; 1361 } 1362 1363 if (sdata->ap_power_level == new_ap_level) 1364 return 0; 1365 1366 sdata->ap_power_level = new_ap_level; 1367 if (__ieee80211_recalc_txpower(sdata)) 1368 return BSS_CHANGED_TXPOWER; 1369 return 0; 1370} 1371 1372/* powersave */ 1373static void ieee80211_enable_ps(struct ieee80211_local *local, 1374 struct ieee80211_sub_if_data *sdata) 1375{ 1376 struct ieee80211_conf *conf = &local->hw.conf; 1377 1378 /* 1379 * If we are scanning right now then the parameters will 1380 * take effect when scan finishes. 1381 */ 1382 if (local->scanning) 1383 return; 1384 1385 if (conf->dynamic_ps_timeout > 0 && 1386 !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) { 1387 mod_timer(&local->dynamic_ps_timer, jiffies + 1388 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1389 } else { 1390 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) 1391 ieee80211_send_nullfunc(local, sdata, 1); 1392 1393 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1394 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) 1395 return; 1396 1397 conf->flags |= IEEE80211_CONF_PS; 1398 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1399 } 1400} 1401 1402static void ieee80211_change_ps(struct ieee80211_local *local) 1403{ 1404 struct ieee80211_conf *conf = &local->hw.conf; 1405 1406 if (local->ps_sdata) { 1407 ieee80211_enable_ps(local, local->ps_sdata); 1408 } else if (conf->flags & IEEE80211_CONF_PS) { 1409 conf->flags &= ~IEEE80211_CONF_PS; 1410 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1411 del_timer_sync(&local->dynamic_ps_timer); 1412 cancel_work_sync(&local->dynamic_ps_enable_work); 1413 } 1414} 1415 1416static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1417{ 1418 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1419 struct sta_info *sta = NULL; 1420 bool authorized = false; 1421 1422 if (!mgd->powersave) 1423 return false; 1424 1425 if (mgd->broken_ap) 1426 return false; 1427 1428 if (!mgd->associated) 1429 return false; 1430 1431 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL) 1432 return false; 1433 1434 if (!mgd->have_beacon) 1435 return false; 1436 1437 rcu_read_lock(); 1438 sta = sta_info_get(sdata, mgd->bssid); 1439 if (sta) 1440 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1441 rcu_read_unlock(); 1442 1443 return authorized; 1444} 1445 1446/* need to hold RTNL or interface lock */ 1447void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 1448{ 1449 struct ieee80211_sub_if_data *sdata, *found = NULL; 1450 int count = 0; 1451 int timeout; 1452 1453 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 1454 local->ps_sdata = NULL; 1455 return; 1456 } 1457 1458 list_for_each_entry(sdata, &local->interfaces, list) { 1459 if (!ieee80211_sdata_running(sdata)) 1460 continue; 1461 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1462 /* If an AP vif is found, then disable PS 1463 * by setting the count to zero thereby setting 1464 * ps_sdata to NULL. 1465 */ 1466 count = 0; 1467 break; 1468 } 1469 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1470 continue; 1471 found = sdata; 1472 count++; 1473 } 1474 1475 if (count == 1 && ieee80211_powersave_allowed(found)) { 1476 s32 beaconint_us; 1477 1478 if (latency < 0) 1479 latency = pm_qos_request(PM_QOS_NETWORK_LATENCY); 1480 1481 beaconint_us = ieee80211_tu_to_usec( 1482 found->vif.bss_conf.beacon_int); 1483 1484 timeout = local->dynamic_ps_forced_timeout; 1485 if (timeout < 0) { 1486 /* 1487 * Go to full PSM if the user configures a very low 1488 * latency requirement. 1489 * The 2000 second value is there for compatibility 1490 * until the PM_QOS_NETWORK_LATENCY is configured 1491 * with real values. 1492 */ 1493 if (latency > (1900 * USEC_PER_MSEC) && 1494 latency != (2000 * USEC_PER_SEC)) 1495 timeout = 0; 1496 else 1497 timeout = 100; 1498 } 1499 local->hw.conf.dynamic_ps_timeout = timeout; 1500 1501 if (beaconint_us > latency) { 1502 local->ps_sdata = NULL; 1503 } else { 1504 int maxslp = 1; 1505 u8 dtimper = found->u.mgd.dtim_period; 1506 1507 /* If the TIM IE is invalid, pretend the value is 1 */ 1508 if (!dtimper) 1509 dtimper = 1; 1510 else if (dtimper > 1) 1511 maxslp = min_t(int, dtimper, 1512 latency / beaconint_us); 1513 1514 local->hw.conf.max_sleep_period = maxslp; 1515 local->hw.conf.ps_dtim_period = dtimper; 1516 local->ps_sdata = found; 1517 } 1518 } else { 1519 local->ps_sdata = NULL; 1520 } 1521 1522 ieee80211_change_ps(local); 1523} 1524 1525void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1526{ 1527 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1528 1529 if (sdata->vif.bss_conf.ps != ps_allowed) { 1530 sdata->vif.bss_conf.ps = ps_allowed; 1531 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1532 } 1533} 1534 1535void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1536{ 1537 struct ieee80211_local *local = 1538 container_of(work, struct ieee80211_local, 1539 dynamic_ps_disable_work); 1540 1541 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1542 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1543 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1544 } 1545 1546 ieee80211_wake_queues_by_reason(&local->hw, 1547 IEEE80211_MAX_QUEUE_MAP, 1548 IEEE80211_QUEUE_STOP_REASON_PS, 1549 false); 1550} 1551 1552void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1553{ 1554 struct ieee80211_local *local = 1555 container_of(work, struct ieee80211_local, 1556 dynamic_ps_enable_work); 1557 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1558 struct ieee80211_if_managed *ifmgd; 1559 unsigned long flags; 1560 int q; 1561 1562 /* can only happen when PS was just disabled anyway */ 1563 if (!sdata) 1564 return; 1565 1566 ifmgd = &sdata->u.mgd; 1567 1568 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1569 return; 1570 1571 if (local->hw.conf.dynamic_ps_timeout > 0) { 1572 /* don't enter PS if TX frames are pending */ 1573 if (drv_tx_frames_pending(local)) { 1574 mod_timer(&local->dynamic_ps_timer, jiffies + 1575 msecs_to_jiffies( 1576 local->hw.conf.dynamic_ps_timeout)); 1577 return; 1578 } 1579 1580 /* 1581 * transmission can be stopped by others which leads to 1582 * dynamic_ps_timer expiry. Postpone the ps timer if it 1583 * is not the actual idle state. 1584 */ 1585 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1586 for (q = 0; q < local->hw.queues; q++) { 1587 if (local->queue_stop_reasons[q]) { 1588 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1589 flags); 1590 mod_timer(&local->dynamic_ps_timer, jiffies + 1591 msecs_to_jiffies( 1592 local->hw.conf.dynamic_ps_timeout)); 1593 return; 1594 } 1595 } 1596 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1597 } 1598 1599 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1600 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1601 if (drv_tx_frames_pending(local)) { 1602 mod_timer(&local->dynamic_ps_timer, jiffies + 1603 msecs_to_jiffies( 1604 local->hw.conf.dynamic_ps_timeout)); 1605 } else { 1606 ieee80211_send_nullfunc(local, sdata, 1); 1607 /* Flush to get the tx status of nullfunc frame */ 1608 ieee80211_flush_queues(local, sdata, false); 1609 } 1610 } 1611 1612 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 1613 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 1614 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1615 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1616 local->hw.conf.flags |= IEEE80211_CONF_PS; 1617 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1618 } 1619} 1620 1621void ieee80211_dynamic_ps_timer(unsigned long data) 1622{ 1623 struct ieee80211_local *local = (void *) data; 1624 1625 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1626} 1627 1628void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1629{ 1630 struct delayed_work *delayed_work = 1631 container_of(work, struct delayed_work, work); 1632 struct ieee80211_sub_if_data *sdata = 1633 container_of(delayed_work, struct ieee80211_sub_if_data, 1634 dfs_cac_timer_work); 1635 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef; 1636 1637 mutex_lock(&sdata->local->mtx); 1638 if (sdata->wdev.cac_started) { 1639 ieee80211_vif_release_channel(sdata); 1640 cfg80211_cac_event(sdata->dev, &chandef, 1641 NL80211_RADAR_CAC_FINISHED, 1642 GFP_KERNEL); 1643 } 1644 mutex_unlock(&sdata->local->mtx); 1645} 1646 1647static bool 1648__ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 1649{ 1650 struct ieee80211_local *local = sdata->local; 1651 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1652 bool ret = false; 1653 int ac; 1654 1655 if (local->hw.queues < IEEE80211_NUM_ACS) 1656 return false; 1657 1658 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 1659 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac]; 1660 int non_acm_ac; 1661 unsigned long now = jiffies; 1662 1663 if (tx_tspec->action == TX_TSPEC_ACTION_NONE && 1664 tx_tspec->admitted_time && 1665 time_after(now, tx_tspec->time_slice_start + HZ)) { 1666 tx_tspec->consumed_tx_time = 0; 1667 tx_tspec->time_slice_start = now; 1668 1669 if (tx_tspec->downgraded) 1670 tx_tspec->action = 1671 TX_TSPEC_ACTION_STOP_DOWNGRADE; 1672 } 1673 1674 switch (tx_tspec->action) { 1675 case TX_TSPEC_ACTION_STOP_DOWNGRADE: 1676 /* take the original parameters */ 1677 if (drv_conf_tx(local, sdata, ac, &sdata->tx_conf[ac])) 1678 sdata_err(sdata, 1679 "failed to set TX queue parameters for queue %d\n", 1680 ac); 1681 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1682 tx_tspec->downgraded = false; 1683 ret = true; 1684 break; 1685 case TX_TSPEC_ACTION_DOWNGRADE: 1686 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 1687 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1688 ret = true; 1689 break; 1690 } 1691 /* downgrade next lower non-ACM AC */ 1692 for (non_acm_ac = ac + 1; 1693 non_acm_ac < IEEE80211_NUM_ACS; 1694 non_acm_ac++) 1695 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac))) 1696 break; 1697 /* The loop will result in using BK even if it requires 1698 * admission control, such configuration makes no sense 1699 * and we have to transmit somehow - the AC selection 1700 * does the same thing. 1701 */ 1702 if (drv_conf_tx(local, sdata, ac, 1703 &sdata->tx_conf[non_acm_ac])) 1704 sdata_err(sdata, 1705 "failed to set TX queue parameters for queue %d\n", 1706 ac); 1707 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1708 ret = true; 1709 schedule_delayed_work(&ifmgd->tx_tspec_wk, 1710 tx_tspec->time_slice_start + HZ - now + 1); 1711 break; 1712 case TX_TSPEC_ACTION_NONE: 1713 /* nothing now */ 1714 break; 1715 } 1716 } 1717 1718 return ret; 1719} 1720 1721void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 1722{ 1723 if (__ieee80211_sta_handle_tspec_ac_params(sdata)) 1724 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS); 1725} 1726 1727static void ieee80211_sta_handle_tspec_ac_params_wk(struct work_struct *work) 1728{ 1729 struct ieee80211_sub_if_data *sdata; 1730 1731 sdata = container_of(work, struct ieee80211_sub_if_data, 1732 u.mgd.tx_tspec_wk.work); 1733 ieee80211_sta_handle_tspec_ac_params(sdata); 1734} 1735 1736/* MLME */ 1737static bool ieee80211_sta_wmm_params(struct ieee80211_local *local, 1738 struct ieee80211_sub_if_data *sdata, 1739 const u8 *wmm_param, size_t wmm_param_len) 1740{ 1741 struct ieee80211_tx_queue_params params; 1742 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1743 size_t left; 1744 int count; 1745 const u8 *pos; 1746 u8 uapsd_queues = 0; 1747 1748 if (!local->ops->conf_tx) 1749 return false; 1750 1751 if (local->hw.queues < IEEE80211_NUM_ACS) 1752 return false; 1753 1754 if (!wmm_param) 1755 return false; 1756 1757 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 1758 return false; 1759 1760 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1761 uapsd_queues = ifmgd->uapsd_queues; 1762 1763 count = wmm_param[6] & 0x0f; 1764 if (count == ifmgd->wmm_last_param_set) 1765 return false; 1766 ifmgd->wmm_last_param_set = count; 1767 1768 pos = wmm_param + 8; 1769 left = wmm_param_len - 8; 1770 1771 memset(¶ms, 0, sizeof(params)); 1772 1773 sdata->wmm_acm = 0; 1774 for (; left >= 4; left -= 4, pos += 4) { 1775 int aci = (pos[0] >> 5) & 0x03; 1776 int acm = (pos[0] >> 4) & 0x01; 1777 bool uapsd = false; 1778 int queue; 1779 1780 switch (aci) { 1781 case 1: /* AC_BK */ 1782 queue = 3; 1783 if (acm) 1784 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 1785 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 1786 uapsd = true; 1787 break; 1788 case 2: /* AC_VI */ 1789 queue = 1; 1790 if (acm) 1791 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 1792 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 1793 uapsd = true; 1794 break; 1795 case 3: /* AC_VO */ 1796 queue = 0; 1797 if (acm) 1798 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 1799 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 1800 uapsd = true; 1801 break; 1802 case 0: /* AC_BE */ 1803 default: 1804 queue = 2; 1805 if (acm) 1806 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 1807 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 1808 uapsd = true; 1809 break; 1810 } 1811 1812 params.aifs = pos[0] & 0x0f; 1813 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1814 params.cw_min = ecw2cw(pos[1] & 0x0f); 1815 params.txop = get_unaligned_le16(pos + 2); 1816 params.acm = acm; 1817 params.uapsd = uapsd; 1818 1819 mlme_dbg(sdata, 1820 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n", 1821 queue, aci, acm, 1822 params.aifs, params.cw_min, params.cw_max, 1823 params.txop, params.uapsd, 1824 ifmgd->tx_tspec[queue].downgraded); 1825 sdata->tx_conf[queue] = params; 1826 if (!ifmgd->tx_tspec[queue].downgraded && 1827 drv_conf_tx(local, sdata, queue, ¶ms)) 1828 sdata_err(sdata, 1829 "failed to set TX queue parameters for queue %d\n", 1830 queue); 1831 } 1832 1833 /* enable WMM or activate new settings */ 1834 sdata->vif.bss_conf.qos = true; 1835 return true; 1836} 1837 1838static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1839{ 1840 lockdep_assert_held(&sdata->local->mtx); 1841 1842 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL; 1843 ieee80211_run_deferred_scan(sdata->local); 1844} 1845 1846static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 1847{ 1848 mutex_lock(&sdata->local->mtx); 1849 __ieee80211_stop_poll(sdata); 1850 mutex_unlock(&sdata->local->mtx); 1851} 1852 1853static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1854 u16 capab, bool erp_valid, u8 erp) 1855{ 1856 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1857 u32 changed = 0; 1858 bool use_protection; 1859 bool use_short_preamble; 1860 bool use_short_slot; 1861 1862 if (erp_valid) { 1863 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 1864 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 1865 } else { 1866 use_protection = false; 1867 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 1868 } 1869 1870 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 1871 if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ) 1872 use_short_slot = true; 1873 1874 if (use_protection != bss_conf->use_cts_prot) { 1875 bss_conf->use_cts_prot = use_protection; 1876 changed |= BSS_CHANGED_ERP_CTS_PROT; 1877 } 1878 1879 if (use_short_preamble != bss_conf->use_short_preamble) { 1880 bss_conf->use_short_preamble = use_short_preamble; 1881 changed |= BSS_CHANGED_ERP_PREAMBLE; 1882 } 1883 1884 if (use_short_slot != bss_conf->use_short_slot) { 1885 bss_conf->use_short_slot = use_short_slot; 1886 changed |= BSS_CHANGED_ERP_SLOT; 1887 } 1888 1889 return changed; 1890} 1891 1892static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 1893 struct cfg80211_bss *cbss, 1894 u32 bss_info_changed) 1895{ 1896 struct ieee80211_bss *bss = (void *)cbss->priv; 1897 struct ieee80211_local *local = sdata->local; 1898 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 1899 1900 bss_info_changed |= BSS_CHANGED_ASSOC; 1901 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1902 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1903 1904 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1905 beacon_loss_count * bss_conf->beacon_int)); 1906 1907 sdata->u.mgd.associated = cbss; 1908 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1909 1910 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 1911 1912 if (sdata->vif.p2p) { 1913 const struct cfg80211_bss_ies *ies; 1914 1915 rcu_read_lock(); 1916 ies = rcu_dereference(cbss->ies); 1917 if (ies) { 1918 int ret; 1919 1920 ret = cfg80211_get_p2p_attr( 1921 ies->data, ies->len, 1922 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1923 (u8 *) &bss_conf->p2p_noa_attr, 1924 sizeof(bss_conf->p2p_noa_attr)); 1925 if (ret >= 2) { 1926 sdata->u.mgd.p2p_noa_index = 1927 bss_conf->p2p_noa_attr.index; 1928 bss_info_changed |= BSS_CHANGED_P2P_PS; 1929 } 1930 } 1931 rcu_read_unlock(); 1932 } 1933 1934 /* just to be sure */ 1935 ieee80211_stop_poll(sdata); 1936 1937 ieee80211_led_assoc(local, 1); 1938 1939 if (sdata->u.mgd.have_beacon) { 1940 /* 1941 * If the AP is buggy we may get here with no DTIM period 1942 * known, so assume it's 1 which is the only safe assumption 1943 * in that case, although if the TIM IE is broken powersave 1944 * probably just won't work at all. 1945 */ 1946 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 1947 bss_conf->beacon_rate = bss->beacon_rate; 1948 bss_info_changed |= BSS_CHANGED_BEACON_INFO; 1949 } else { 1950 bss_conf->beacon_rate = NULL; 1951 bss_conf->dtim_period = 0; 1952 } 1953 1954 bss_conf->assoc = 1; 1955 1956 /* Tell the driver to monitor connection quality (if supported) */ 1957 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 1958 bss_conf->cqm_rssi_thold) 1959 bss_info_changed |= BSS_CHANGED_CQM; 1960 1961 /* Enable ARP filtering */ 1962 if (bss_conf->arp_addr_cnt) 1963 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 1964 1965 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 1966 1967 mutex_lock(&local->iflist_mtx); 1968 ieee80211_recalc_ps(local, -1); 1969 mutex_unlock(&local->iflist_mtx); 1970 1971 ieee80211_recalc_smps(sdata); 1972 ieee80211_recalc_ps_vif(sdata); 1973 1974 netif_carrier_on(sdata->dev); 1975} 1976 1977static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1978 u16 stype, u16 reason, bool tx, 1979 u8 *frame_buf) 1980{ 1981 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1982 struct ieee80211_local *local = sdata->local; 1983 u32 changed = 0; 1984 1985 sdata_assert_lock(sdata); 1986 1987 if (WARN_ON_ONCE(tx && !frame_buf)) 1988 return; 1989 1990 if (WARN_ON(!ifmgd->associated)) 1991 return; 1992 1993 ieee80211_stop_poll(sdata); 1994 1995 ifmgd->associated = NULL; 1996 netif_carrier_off(sdata->dev); 1997 1998 /* 1999 * if we want to get out of ps before disassoc (why?) we have 2000 * to do it before sending disassoc, as otherwise the null-packet 2001 * won't be valid. 2002 */ 2003 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 2004 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 2005 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2006 } 2007 local->ps_sdata = NULL; 2008 2009 /* disable per-vif ps */ 2010 ieee80211_recalc_ps_vif(sdata); 2011 2012 /* make sure ongoing transmission finishes */ 2013 synchronize_net(); 2014 2015 /* 2016 * drop any frame before deauth/disassoc, this can be data or 2017 * management frame. Since we are disconnecting, we should not 2018 * insist sending these frames which can take time and delay 2019 * the disconnection and possible the roaming. 2020 */ 2021 if (tx) 2022 ieee80211_flush_queues(local, sdata, true); 2023 2024 /* deauthenticate/disassociate now */ 2025 if (tx || frame_buf) 2026 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype, 2027 reason, tx, frame_buf); 2028 2029 /* flush out frame - make sure the deauth was actually sent */ 2030 if (tx) 2031 ieee80211_flush_queues(local, sdata, false); 2032 2033 /* clear bssid only after building the needed mgmt frames */ 2034 eth_zero_addr(ifmgd->bssid); 2035 2036 /* remove AP and TDLS peers */ 2037 sta_info_flush(sdata); 2038 2039 /* finally reset all BSS / config parameters */ 2040 changed |= ieee80211_reset_erp_info(sdata); 2041 2042 ieee80211_led_assoc(local, 0); 2043 changed |= BSS_CHANGED_ASSOC; 2044 sdata->vif.bss_conf.assoc = false; 2045 2046 ifmgd->p2p_noa_index = -1; 2047 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 2048 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 2049 2050 /* on the next assoc, re-program HT/VHT parameters */ 2051 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 2052 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 2053 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 2054 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 2055 2056 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 2057 2058 del_timer_sync(&local->dynamic_ps_timer); 2059 cancel_work_sync(&local->dynamic_ps_enable_work); 2060 2061 /* Disable ARP filtering */ 2062 if (sdata->vif.bss_conf.arp_addr_cnt) 2063 changed |= BSS_CHANGED_ARP_FILTER; 2064 2065 sdata->vif.bss_conf.qos = false; 2066 changed |= BSS_CHANGED_QOS; 2067 2068 /* The BSSID (not really interesting) and HT changed */ 2069 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 2070 ieee80211_bss_info_change_notify(sdata, changed); 2071 2072 /* disassociated - set to defaults now */ 2073 ieee80211_set_wmm_default(sdata, false); 2074 2075 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 2076 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 2077 del_timer_sync(&sdata->u.mgd.timer); 2078 del_timer_sync(&sdata->u.mgd.chswitch_timer); 2079 2080 sdata->vif.bss_conf.dtim_period = 0; 2081 sdata->vif.bss_conf.beacon_rate = NULL; 2082 2083 ifmgd->have_beacon = false; 2084 2085 ifmgd->flags = 0; 2086 mutex_lock(&local->mtx); 2087 ieee80211_vif_release_channel(sdata); 2088 2089 sdata->vif.csa_active = false; 2090 ifmgd->csa_waiting_bcn = false; 2091 ifmgd->csa_ignored_same_chan = false; 2092 if (sdata->csa_block_tx) { 2093 ieee80211_wake_vif_queues(local, sdata, 2094 IEEE80211_QUEUE_STOP_REASON_CSA); 2095 sdata->csa_block_tx = false; 2096 } 2097 mutex_unlock(&local->mtx); 2098 2099 /* existing TX TSPEC sessions no longer exist */ 2100 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec)); 2101 cancel_delayed_work_sync(&ifmgd->tx_tspec_wk); 2102 2103 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM; 2104} 2105 2106void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 2107 struct ieee80211_hdr *hdr) 2108{ 2109 /* 2110 * We can postpone the mgd.timer whenever receiving unicast frames 2111 * from AP because we know that the connection is working both ways 2112 * at that time. But multicast frames (and hence also beacons) must 2113 * be ignored here, because we need to trigger the timer during 2114 * data idle periods for sending the periodic probe request to the 2115 * AP we're connected to. 2116 */ 2117 if (is_multicast_ether_addr(hdr->addr1)) 2118 return; 2119 2120 ieee80211_sta_reset_conn_monitor(sdata); 2121} 2122 2123static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 2124{ 2125 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2126 struct ieee80211_local *local = sdata->local; 2127 2128 mutex_lock(&local->mtx); 2129 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)) 2130 goto out; 2131 2132 __ieee80211_stop_poll(sdata); 2133 2134 mutex_lock(&local->iflist_mtx); 2135 ieee80211_recalc_ps(local, -1); 2136 mutex_unlock(&local->iflist_mtx); 2137 2138 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 2139 goto out; 2140 2141 /* 2142 * We've received a probe response, but are not sure whether 2143 * we have or will be receiving any beacons or data, so let's 2144 * schedule the timers again, just in case. 2145 */ 2146 ieee80211_sta_reset_beacon_monitor(sdata); 2147 2148 mod_timer(&ifmgd->conn_mon_timer, 2149 round_jiffies_up(jiffies + 2150 IEEE80211_CONNECTION_IDLE_TIME)); 2151out: 2152 mutex_unlock(&local->mtx); 2153} 2154 2155static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata, 2156 struct ieee80211_hdr *hdr, 2157 u16 tx_time) 2158{ 2159 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2160 u16 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK; 2161 int ac = ieee80211_ac_from_tid(tid); 2162 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac]; 2163 unsigned long now = jiffies; 2164 2165 if (likely(!tx_tspec->admitted_time)) 2166 return; 2167 2168 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 2169 tx_tspec->consumed_tx_time = 0; 2170 tx_tspec->time_slice_start = now; 2171 2172 if (tx_tspec->downgraded) { 2173 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE; 2174 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0); 2175 } 2176 } 2177 2178 if (tx_tspec->downgraded) 2179 return; 2180 2181 tx_tspec->consumed_tx_time += tx_time; 2182 2183 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) { 2184 tx_tspec->downgraded = true; 2185 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE; 2186 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0); 2187 } 2188} 2189 2190void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 2191 struct ieee80211_hdr *hdr, bool ack, u16 tx_time) 2192{ 2193 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time); 2194 2195 if (!ieee80211_is_data(hdr->frame_control)) 2196 return; 2197 2198 if (ieee80211_is_nullfunc(hdr->frame_control) && 2199 sdata->u.mgd.probe_send_count > 0) { 2200 if (ack) 2201 ieee80211_sta_reset_conn_monitor(sdata); 2202 else 2203 sdata->u.mgd.nullfunc_failed = true; 2204 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 2205 return; 2206 } 2207 2208 if (ack) 2209 ieee80211_sta_reset_conn_monitor(sdata); 2210} 2211 2212static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 2213{ 2214 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2215 const u8 *ssid; 2216 u8 *dst = ifmgd->associated->bssid; 2217 u8 unicast_limit = max(1, max_probe_tries - 3); 2218 2219 /* 2220 * Try sending broadcast probe requests for the last three 2221 * probe requests after the first ones failed since some 2222 * buggy APs only support broadcast probe requests. 2223 */ 2224 if (ifmgd->probe_send_count >= unicast_limit) 2225 dst = NULL; 2226 2227 /* 2228 * When the hardware reports an accurate Tx ACK status, it's 2229 * better to send a nullfunc frame instead of a probe request, 2230 * as it will kick us off the AP quickly if we aren't associated 2231 * anymore. The timeout will be reset if the frame is ACKed by 2232 * the AP. 2233 */ 2234 ifmgd->probe_send_count++; 2235 2236 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 2237 ifmgd->nullfunc_failed = false; 2238 ieee80211_send_nullfunc(sdata->local, sdata, 0); 2239 } else { 2240 int ssid_len; 2241 2242 rcu_read_lock(); 2243 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 2244 if (WARN_ON_ONCE(ssid == NULL)) 2245 ssid_len = 0; 2246 else 2247 ssid_len = ssid[1]; 2248 2249 ieee80211_send_probe_req(sdata, sdata->vif.addr, dst, 2250 ssid + 2, ssid_len, NULL, 2251 0, (u32) -1, true, 0, 2252 ifmgd->associated->channel, false); 2253 rcu_read_unlock(); 2254 } 2255 2256 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 2257 run_again(sdata, ifmgd->probe_timeout); 2258} 2259 2260static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 2261 bool beacon) 2262{ 2263 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2264 bool already = false; 2265 2266 if (!ieee80211_sdata_running(sdata)) 2267 return; 2268 2269 sdata_lock(sdata); 2270 2271 if (!ifmgd->associated) 2272 goto out; 2273 2274 mutex_lock(&sdata->local->mtx); 2275 2276 if (sdata->local->tmp_channel || sdata->local->scanning) { 2277 mutex_unlock(&sdata->local->mtx); 2278 goto out; 2279 } 2280 2281 if (beacon) { 2282 mlme_dbg_ratelimited(sdata, 2283 "detected beacon loss from AP (missed %d beacons) - probing\n", 2284 beacon_loss_count); 2285 2286 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL); 2287 } 2288 2289 /* 2290 * The driver/our work has already reported this event or the 2291 * connection monitoring has kicked in and we have already sent 2292 * a probe request. Or maybe the AP died and the driver keeps 2293 * reporting until we disassociate... 2294 * 2295 * In either case we have to ignore the current call to this 2296 * function (except for setting the correct probe reason bit) 2297 * because otherwise we would reset the timer every time and 2298 * never check whether we received a probe response! 2299 */ 2300 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 2301 already = true; 2302 2303 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 2304 2305 mutex_unlock(&sdata->local->mtx); 2306 2307 if (already) 2308 goto out; 2309 2310 mutex_lock(&sdata->local->iflist_mtx); 2311 ieee80211_recalc_ps(sdata->local, -1); 2312 mutex_unlock(&sdata->local->iflist_mtx); 2313 2314 ifmgd->probe_send_count = 0; 2315 ieee80211_mgd_probe_ap_send(sdata); 2316 out: 2317 sdata_unlock(sdata); 2318} 2319 2320struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 2321 struct ieee80211_vif *vif) 2322{ 2323 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2324 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2325 struct cfg80211_bss *cbss; 2326 struct sk_buff *skb; 2327 const u8 *ssid; 2328 int ssid_len; 2329 2330 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2331 return NULL; 2332 2333 sdata_assert_lock(sdata); 2334 2335 if (ifmgd->associated) 2336 cbss = ifmgd->associated; 2337 else if (ifmgd->auth_data) 2338 cbss = ifmgd->auth_data->bss; 2339 else if (ifmgd->assoc_data) 2340 cbss = ifmgd->assoc_data->bss; 2341 else 2342 return NULL; 2343 2344 rcu_read_lock(); 2345 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID); 2346 if (WARN_ON_ONCE(ssid == NULL)) 2347 ssid_len = 0; 2348 else 2349 ssid_len = ssid[1]; 2350 2351 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid, 2352 (u32) -1, cbss->channel, 2353 ssid + 2, ssid_len, 2354 NULL, 0, true); 2355 rcu_read_unlock(); 2356 2357 return skb; 2358} 2359EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2360 2361static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata, 2362 const u8 *buf, size_t len, bool tx, 2363 u16 reason) 2364{ 2365 struct ieee80211_event event = { 2366 .type = MLME_EVENT, 2367 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT, 2368 .u.mlme.reason = reason, 2369 }; 2370 2371 if (tx) 2372 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len); 2373 else 2374 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len); 2375 2376 drv_event_callback(sdata->local, sdata, &event); 2377} 2378 2379static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2380{ 2381 struct ieee80211_local *local = sdata->local; 2382 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2383 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2384 2385 sdata_lock(sdata); 2386 if (!ifmgd->associated) { 2387 sdata_unlock(sdata); 2388 return; 2389 } 2390 2391 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2392 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2393 true, frame_buf); 2394 mutex_lock(&local->mtx); 2395 sdata->vif.csa_active = false; 2396 ifmgd->csa_waiting_bcn = false; 2397 if (sdata->csa_block_tx) { 2398 ieee80211_wake_vif_queues(local, sdata, 2399 IEEE80211_QUEUE_STOP_REASON_CSA); 2400 sdata->csa_block_tx = false; 2401 } 2402 mutex_unlock(&local->mtx); 2403 2404 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true, 2405 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); 2406 2407 sdata_unlock(sdata); 2408} 2409 2410static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2411{ 2412 struct ieee80211_sub_if_data *sdata = 2413 container_of(work, struct ieee80211_sub_if_data, 2414 u.mgd.beacon_connection_loss_work); 2415 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2416 struct sta_info *sta; 2417 2418 if (ifmgd->associated) { 2419 rcu_read_lock(); 2420 sta = sta_info_get(sdata, ifmgd->bssid); 2421 if (sta) 2422 sta->beacon_loss_count++; 2423 rcu_read_unlock(); 2424 } 2425 2426 if (ifmgd->connection_loss) { 2427 sdata_info(sdata, "Connection to AP %pM lost\n", 2428 ifmgd->bssid); 2429 __ieee80211_disconnect(sdata); 2430 } else { 2431 ieee80211_mgd_probe_ap(sdata, true); 2432 } 2433} 2434 2435static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2436{ 2437 struct ieee80211_sub_if_data *sdata = 2438 container_of(work, struct ieee80211_sub_if_data, 2439 u.mgd.csa_connection_drop_work); 2440 2441 __ieee80211_disconnect(sdata); 2442} 2443 2444void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2445{ 2446 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2447 struct ieee80211_hw *hw = &sdata->local->hw; 2448 2449 trace_api_beacon_loss(sdata); 2450 2451 sdata->u.mgd.connection_loss = false; 2452 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2453} 2454EXPORT_SYMBOL(ieee80211_beacon_loss); 2455 2456void ieee80211_connection_loss(struct ieee80211_vif *vif) 2457{ 2458 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2459 struct ieee80211_hw *hw = &sdata->local->hw; 2460 2461 trace_api_connection_loss(sdata); 2462 2463 sdata->u.mgd.connection_loss = true; 2464 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2465} 2466EXPORT_SYMBOL(ieee80211_connection_loss); 2467 2468 2469static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2470 bool assoc) 2471{ 2472 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2473 2474 sdata_assert_lock(sdata); 2475 2476 if (!assoc) { 2477 /* 2478 * we are not authenticated yet, the only timer that could be 2479 * running is the timeout for the authentication response which 2480 * which is not relevant anymore. 2481 */ 2482 del_timer_sync(&sdata->u.mgd.timer); 2483 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2484 2485 eth_zero_addr(sdata->u.mgd.bssid); 2486 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2487 sdata->u.mgd.flags = 0; 2488 mutex_lock(&sdata->local->mtx); 2489 ieee80211_vif_release_channel(sdata); 2490 mutex_unlock(&sdata->local->mtx); 2491 } 2492 2493 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2494 kfree(auth_data); 2495 sdata->u.mgd.auth_data = NULL; 2496} 2497 2498static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2499 struct ieee80211_mgmt *mgmt, size_t len) 2500{ 2501 struct ieee80211_local *local = sdata->local; 2502 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2503 u8 *pos; 2504 struct ieee802_11_elems elems; 2505 u32 tx_flags = 0; 2506 2507 pos = mgmt->u.auth.variable; 2508 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2509 if (!elems.challenge) 2510 return; 2511 auth_data->expected_transaction = 4; 2512 drv_mgd_prepare_tx(sdata->local, sdata); 2513 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 2514 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2515 IEEE80211_TX_INTFL_MLME_CONN_TX; 2516 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2517 elems.challenge - 2, elems.challenge_len + 2, 2518 auth_data->bss->bssid, auth_data->bss->bssid, 2519 auth_data->key, auth_data->key_len, 2520 auth_data->key_idx, tx_flags); 2521} 2522 2523static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 2524 struct ieee80211_mgmt *mgmt, size_t len) 2525{ 2526 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2527 u8 bssid[ETH_ALEN]; 2528 u16 auth_alg, auth_transaction, status_code; 2529 struct sta_info *sta; 2530 struct ieee80211_event event = { 2531 .type = MLME_EVENT, 2532 .u.mlme.data = AUTH_EVENT, 2533 }; 2534 2535 sdata_assert_lock(sdata); 2536 2537 if (len < 24 + 6) 2538 return; 2539 2540 if (!ifmgd->auth_data || ifmgd->auth_data->done) 2541 return; 2542 2543 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 2544 2545 if (!ether_addr_equal(bssid, mgmt->bssid)) 2546 return; 2547 2548 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 2549 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 2550 status_code = le16_to_cpu(mgmt->u.auth.status_code); 2551 2552 if (auth_alg != ifmgd->auth_data->algorithm || 2553 auth_transaction != ifmgd->auth_data->expected_transaction) { 2554 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 2555 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 2556 auth_transaction, 2557 ifmgd->auth_data->expected_transaction); 2558 return; 2559 } 2560 2561 if (status_code != WLAN_STATUS_SUCCESS) { 2562 sdata_info(sdata, "%pM denied authentication (status %d)\n", 2563 mgmt->sa, status_code); 2564 ieee80211_destroy_auth_data(sdata, false); 2565 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2566 event.u.mlme.status = MLME_DENIED; 2567 event.u.mlme.reason = status_code; 2568 drv_event_callback(sdata->local, sdata, &event); 2569 return; 2570 } 2571 2572 switch (ifmgd->auth_data->algorithm) { 2573 case WLAN_AUTH_OPEN: 2574 case WLAN_AUTH_LEAP: 2575 case WLAN_AUTH_FT: 2576 case WLAN_AUTH_SAE: 2577 break; 2578 case WLAN_AUTH_SHARED_KEY: 2579 if (ifmgd->auth_data->expected_transaction != 4) { 2580 ieee80211_auth_challenge(sdata, mgmt, len); 2581 /* need another frame */ 2582 return; 2583 } 2584 break; 2585 default: 2586 WARN_ONCE(1, "invalid auth alg %d", 2587 ifmgd->auth_data->algorithm); 2588 return; 2589 } 2590 2591 event.u.mlme.status = MLME_SUCCESS; 2592 drv_event_callback(sdata->local, sdata, &event); 2593 sdata_info(sdata, "authenticated\n"); 2594 ifmgd->auth_data->done = true; 2595 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 2596 ifmgd->auth_data->timeout_started = true; 2597 run_again(sdata, ifmgd->auth_data->timeout); 2598 2599 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 2600 ifmgd->auth_data->expected_transaction != 2) { 2601 /* 2602 * Report auth frame to user space for processing since another 2603 * round of Authentication frames is still needed. 2604 */ 2605 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2606 return; 2607 } 2608 2609 /* move station state to auth */ 2610 mutex_lock(&sdata->local->sta_mtx); 2611 sta = sta_info_get(sdata, bssid); 2612 if (!sta) { 2613 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 2614 goto out_err; 2615 } 2616 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 2617 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 2618 goto out_err; 2619 } 2620 mutex_unlock(&sdata->local->sta_mtx); 2621 2622 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 2623 return; 2624 out_err: 2625 mutex_unlock(&sdata->local->sta_mtx); 2626 /* ignore frame -- wait for timeout */ 2627} 2628 2629#define case_WLAN(type) \ 2630 case WLAN_REASON_##type: return #type 2631 2632static const char *ieee80211_get_reason_code_string(u16 reason_code) 2633{ 2634 switch (reason_code) { 2635 case_WLAN(UNSPECIFIED); 2636 case_WLAN(PREV_AUTH_NOT_VALID); 2637 case_WLAN(DEAUTH_LEAVING); 2638 case_WLAN(DISASSOC_DUE_TO_INACTIVITY); 2639 case_WLAN(DISASSOC_AP_BUSY); 2640 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA); 2641 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA); 2642 case_WLAN(DISASSOC_STA_HAS_LEFT); 2643 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH); 2644 case_WLAN(DISASSOC_BAD_POWER); 2645 case_WLAN(DISASSOC_BAD_SUPP_CHAN); 2646 case_WLAN(INVALID_IE); 2647 case_WLAN(MIC_FAILURE); 2648 case_WLAN(4WAY_HANDSHAKE_TIMEOUT); 2649 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT); 2650 case_WLAN(IE_DIFFERENT); 2651 case_WLAN(INVALID_GROUP_CIPHER); 2652 case_WLAN(INVALID_PAIRWISE_CIPHER); 2653 case_WLAN(INVALID_AKMP); 2654 case_WLAN(UNSUPP_RSN_VERSION); 2655 case_WLAN(INVALID_RSN_IE_CAP); 2656 case_WLAN(IEEE8021X_FAILED); 2657 case_WLAN(CIPHER_SUITE_REJECTED); 2658 case_WLAN(DISASSOC_UNSPECIFIED_QOS); 2659 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH); 2660 case_WLAN(DISASSOC_LOW_ACK); 2661 case_WLAN(DISASSOC_QAP_EXCEED_TXOP); 2662 case_WLAN(QSTA_LEAVE_QBSS); 2663 case_WLAN(QSTA_NOT_USE); 2664 case_WLAN(QSTA_REQUIRE_SETUP); 2665 case_WLAN(QSTA_TIMEOUT); 2666 case_WLAN(QSTA_CIPHER_NOT_SUPP); 2667 case_WLAN(MESH_PEER_CANCELED); 2668 case_WLAN(MESH_MAX_PEERS); 2669 case_WLAN(MESH_CONFIG); 2670 case_WLAN(MESH_CLOSE); 2671 case_WLAN(MESH_MAX_RETRIES); 2672 case_WLAN(MESH_CONFIRM_TIMEOUT); 2673 case_WLAN(MESH_INVALID_GTK); 2674 case_WLAN(MESH_INCONSISTENT_PARAM); 2675 case_WLAN(MESH_INVALID_SECURITY); 2676 case_WLAN(MESH_PATH_ERROR); 2677 case_WLAN(MESH_PATH_NOFORWARD); 2678 case_WLAN(MESH_PATH_DEST_UNREACHABLE); 2679 case_WLAN(MAC_EXISTS_IN_MBSS); 2680 case_WLAN(MESH_CHAN_REGULATORY); 2681 case_WLAN(MESH_CHAN); 2682 default: return "<unknown>"; 2683 } 2684} 2685 2686static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 2687 struct ieee80211_mgmt *mgmt, size_t len) 2688{ 2689 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2690 const u8 *bssid = NULL; 2691 u16 reason_code; 2692 2693 sdata_assert_lock(sdata); 2694 2695 if (len < 24 + 2) 2696 return; 2697 2698 if (!ifmgd->associated || 2699 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2700 return; 2701 2702 bssid = ifmgd->associated->bssid; 2703 2704 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 2705 2706 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n", 2707 bssid, reason_code, ieee80211_get_reason_code_string(reason_code)); 2708 2709 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2710 2711 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code); 2712} 2713 2714 2715static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 2716 struct ieee80211_mgmt *mgmt, size_t len) 2717{ 2718 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2719 u16 reason_code; 2720 2721 sdata_assert_lock(sdata); 2722 2723 if (len < 24 + 2) 2724 return; 2725 2726 if (!ifmgd->associated || 2727 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 2728 return; 2729 2730 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 2731 2732 sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", 2733 mgmt->sa, reason_code); 2734 2735 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 2736 2737 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code); 2738} 2739 2740static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 2741 u8 *supp_rates, unsigned int supp_rates_len, 2742 u32 *rates, u32 *basic_rates, 2743 bool *have_higher_than_11mbit, 2744 int *min_rate, int *min_rate_index, 2745 int shift, u32 rate_flags) 2746{ 2747 int i, j; 2748 2749 for (i = 0; i < supp_rates_len; i++) { 2750 int rate = supp_rates[i] & 0x7f; 2751 bool is_basic = !!(supp_rates[i] & 0x80); 2752 2753 if ((rate * 5 * (1 << shift)) > 110) 2754 *have_higher_than_11mbit = true; 2755 2756 /* 2757 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009 2758 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it. 2759 * 2760 * Note: Even through the membership selector and the basic 2761 * rate flag share the same bit, they are not exactly 2762 * the same. 2763 */ 2764 if (!!(supp_rates[i] & 0x80) && 2765 (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 2766 continue; 2767 2768 for (j = 0; j < sband->n_bitrates; j++) { 2769 struct ieee80211_rate *br; 2770 int brate; 2771 2772 br = &sband->bitrates[j]; 2773 if ((rate_flags & br->flags) != rate_flags) 2774 continue; 2775 2776 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5); 2777 if (brate == rate) { 2778 *rates |= BIT(j); 2779 if (is_basic) 2780 *basic_rates |= BIT(j); 2781 if ((rate * 5) < *min_rate) { 2782 *min_rate = rate * 5; 2783 *min_rate_index = j; 2784 } 2785 break; 2786 } 2787 } 2788 } 2789} 2790 2791static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2792 bool assoc) 2793{ 2794 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2795 2796 sdata_assert_lock(sdata); 2797 2798 if (!assoc) { 2799 /* 2800 * we are not associated yet, the only timer that could be 2801 * running is the timeout for the association response which 2802 * which is not relevant anymore. 2803 */ 2804 del_timer_sync(&sdata->u.mgd.timer); 2805 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2806 2807 eth_zero_addr(sdata->u.mgd.bssid); 2808 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2809 sdata->u.mgd.flags = 0; 2810 mutex_lock(&sdata->local->mtx); 2811 ieee80211_vif_release_channel(sdata); 2812 mutex_unlock(&sdata->local->mtx); 2813 } 2814 2815 kfree(assoc_data); 2816 sdata->u.mgd.assoc_data = NULL; 2817} 2818 2819static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 2820 struct cfg80211_bss *cbss, 2821 struct ieee80211_mgmt *mgmt, size_t len) 2822{ 2823 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2824 struct ieee80211_local *local = sdata->local; 2825 struct ieee80211_supported_band *sband; 2826 struct sta_info *sta; 2827 u8 *pos; 2828 u16 capab_info, aid; 2829 struct ieee802_11_elems elems; 2830 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2831 const struct cfg80211_bss_ies *bss_ies = NULL; 2832 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 2833 u32 changed = 0; 2834 int err; 2835 bool ret; 2836 2837 /* AssocResp and ReassocResp have identical structure */ 2838 2839 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 2840 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2841 2842 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 2843 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n", 2844 aid); 2845 aid &= ~(BIT(15) | BIT(14)); 2846 2847 ifmgd->broken_ap = false; 2848 2849 if (aid == 0 || aid > IEEE80211_MAX_AID) { 2850 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 2851 aid); 2852 aid = 0; 2853 ifmgd->broken_ap = true; 2854 } 2855 2856 pos = mgmt->u.assoc_resp.variable; 2857 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 2858 2859 if (!elems.supp_rates) { 2860 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2861 return false; 2862 } 2863 2864 ifmgd->aid = aid; 2865 ifmgd->tdls_chan_switch_prohibited = 2866 elems.ext_capab && elems.ext_capab_len >= 5 && 2867 (elems.ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED); 2868 2869 /* 2870 * Some APs are erroneously not including some information in their 2871 * (re)association response frames. Try to recover by using the data 2872 * from the beacon or probe response. This seems to afflict mobile 2873 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 2874 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 2875 */ 2876 if ((assoc_data->wmm && !elems.wmm_param) || 2877 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2878 (!elems.ht_cap_elem || !elems.ht_operation)) || 2879 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2880 (!elems.vht_cap_elem || !elems.vht_operation))) { 2881 const struct cfg80211_bss_ies *ies; 2882 struct ieee802_11_elems bss_elems; 2883 2884 rcu_read_lock(); 2885 ies = rcu_dereference(cbss->ies); 2886 if (ies) 2887 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 2888 GFP_ATOMIC); 2889 rcu_read_unlock(); 2890 if (!bss_ies) 2891 return false; 2892 2893 ieee802_11_parse_elems(bss_ies->data, bss_ies->len, 2894 false, &bss_elems); 2895 if (assoc_data->wmm && 2896 !elems.wmm_param && bss_elems.wmm_param) { 2897 elems.wmm_param = bss_elems.wmm_param; 2898 sdata_info(sdata, 2899 "AP bug: WMM param missing from AssocResp\n"); 2900 } 2901 2902 /* 2903 * Also check if we requested HT/VHT, otherwise the AP doesn't 2904 * have to include the IEs in the (re)association response. 2905 */ 2906 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem && 2907 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2908 elems.ht_cap_elem = bss_elems.ht_cap_elem; 2909 sdata_info(sdata, 2910 "AP bug: HT capability missing from AssocResp\n"); 2911 } 2912 if (!elems.ht_operation && bss_elems.ht_operation && 2913 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 2914 elems.ht_operation = bss_elems.ht_operation; 2915 sdata_info(sdata, 2916 "AP bug: HT operation missing from AssocResp\n"); 2917 } 2918 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem && 2919 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2920 elems.vht_cap_elem = bss_elems.vht_cap_elem; 2921 sdata_info(sdata, 2922 "AP bug: VHT capa missing from AssocResp\n"); 2923 } 2924 if (!elems.vht_operation && bss_elems.vht_operation && 2925 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 2926 elems.vht_operation = bss_elems.vht_operation; 2927 sdata_info(sdata, 2928 "AP bug: VHT operation missing from AssocResp\n"); 2929 } 2930 } 2931 2932 /* 2933 * We previously checked these in the beacon/probe response, so 2934 * they should be present here. This is just a safety net. 2935 */ 2936 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 2937 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) { 2938 sdata_info(sdata, 2939 "HT AP is missing WMM params or HT capability/operation\n"); 2940 ret = false; 2941 goto out; 2942 } 2943 2944 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 2945 (!elems.vht_cap_elem || !elems.vht_operation)) { 2946 sdata_info(sdata, 2947 "VHT AP is missing VHT capability/operation\n"); 2948 ret = false; 2949 goto out; 2950 } 2951 2952 mutex_lock(&sdata->local->sta_mtx); 2953 /* 2954 * station info was already allocated and inserted before 2955 * the association and should be available to us 2956 */ 2957 sta = sta_info_get(sdata, cbss->bssid); 2958 if (WARN_ON(!sta)) { 2959 mutex_unlock(&sdata->local->sta_mtx); 2960 ret = false; 2961 goto out; 2962 } 2963 2964 sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)]; 2965 2966 /* Set up internal HT/VHT capabilities */ 2967 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 2968 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2969 elems.ht_cap_elem, sta); 2970 2971 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 2972 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 2973 elems.vht_cap_elem, sta); 2974 2975 /* 2976 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 2977 * in their association response, so ignore that data for our own 2978 * configuration. If it changed since the last beacon, we'll get the 2979 * next beacon and update then. 2980 */ 2981 2982 /* 2983 * If an operating mode notification IE is present, override the 2984 * NSS calculation (that would be done in rate_control_rate_init()) 2985 * and use the # of streams from that element. 2986 */ 2987 if (elems.opmode_notif && 2988 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 2989 u8 nss; 2990 2991 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 2992 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 2993 nss += 1; 2994 sta->sta.rx_nss = nss; 2995 } 2996 2997 rate_control_rate_init(sta); 2998 2999 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) { 3000 set_sta_flag(sta, WLAN_STA_MFP); 3001 sta->sta.mfp = true; 3002 } else { 3003 sta->sta.mfp = false; 3004 } 3005 3006 sta->sta.wme = elems.wmm_param && local->hw.queues >= IEEE80211_NUM_ACS; 3007 3008 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 3009 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 3010 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 3011 if (err) { 3012 sdata_info(sdata, 3013 "failed to move station %pM to desired state\n", 3014 sta->sta.addr); 3015 WARN_ON(__sta_info_destroy(sta)); 3016 mutex_unlock(&sdata->local->sta_mtx); 3017 ret = false; 3018 goto out; 3019 } 3020 3021 mutex_unlock(&sdata->local->sta_mtx); 3022 3023 /* 3024 * Always handle WMM once after association regardless 3025 * of the first value the AP uses. Setting -1 here has 3026 * that effect because the AP values is an unsigned 3027 * 4-bit value. 3028 */ 3029 ifmgd->wmm_last_param_set = -1; 3030 3031 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && elems.wmm_param) 3032 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 3033 elems.wmm_param_len); 3034 else 3035 ieee80211_set_wmm_default(sdata, false); 3036 changed |= BSS_CHANGED_QOS; 3037 3038 /* set AID and assoc capability, 3039 * ieee80211_set_associated() will tell the driver */ 3040 bss_conf->aid = aid; 3041 bss_conf->assoc_capability = capab_info; 3042 ieee80211_set_associated(sdata, cbss, changed); 3043 3044 /* 3045 * If we're using 4-addr mode, let the AP know that we're 3046 * doing so, so that it can create the STA VLAN on its side 3047 */ 3048 if (ifmgd->use_4addr) 3049 ieee80211_send_4addr_nullfunc(local, sdata); 3050 3051 /* 3052 * Start timer to probe the connection to the AP now. 3053 * Also start the timer that will detect beacon loss. 3054 */ 3055 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 3056 ieee80211_sta_reset_beacon_monitor(sdata); 3057 3058 ret = true; 3059 out: 3060 kfree(bss_ies); 3061 return ret; 3062} 3063 3064static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 3065 struct ieee80211_mgmt *mgmt, 3066 size_t len) 3067{ 3068 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3069 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 3070 u16 capab_info, status_code, aid; 3071 struct ieee802_11_elems elems; 3072 int ac, uapsd_queues = -1; 3073 u8 *pos; 3074 bool reassoc; 3075 struct cfg80211_bss *bss; 3076 struct ieee80211_event event = { 3077 .type = MLME_EVENT, 3078 .u.mlme.data = ASSOC_EVENT, 3079 }; 3080 3081 sdata_assert_lock(sdata); 3082 3083 if (!assoc_data) 3084 return; 3085 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 3086 return; 3087 3088 /* 3089 * AssocResp and ReassocResp have identical structure, so process both 3090 * of them in this function. 3091 */ 3092 3093 if (len < 24 + 6) 3094 return; 3095 3096 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control); 3097 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 3098 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 3099 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 3100 3101 sdata_info(sdata, 3102 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 3103 reassoc ? "Rea" : "A", mgmt->sa, 3104 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 3105 3106 pos = mgmt->u.assoc_resp.variable; 3107 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); 3108 3109 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 3110 elems.timeout_int && 3111 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 3112 u32 tu, ms; 3113 tu = le32_to_cpu(elems.timeout_int->value); 3114 ms = tu * 1024 / 1000; 3115 sdata_info(sdata, 3116 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 3117 mgmt->sa, tu, ms); 3118 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 3119 assoc_data->timeout_started = true; 3120 if (ms > IEEE80211_ASSOC_TIMEOUT) 3121 run_again(sdata, assoc_data->timeout); 3122 return; 3123 } 3124 3125 bss = assoc_data->bss; 3126 3127 if (status_code != WLAN_STATUS_SUCCESS) { 3128 sdata_info(sdata, "%pM denied association (code=%d)\n", 3129 mgmt->sa, status_code); 3130 ieee80211_destroy_assoc_data(sdata, false); 3131 event.u.mlme.status = MLME_DENIED; 3132 event.u.mlme.reason = status_code; 3133 drv_event_callback(sdata->local, sdata, &event); 3134 } else { 3135 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) { 3136 /* oops -- internal error -- send timeout for now */ 3137 ieee80211_destroy_assoc_data(sdata, false); 3138 cfg80211_assoc_timeout(sdata->dev, bss); 3139 return; 3140 } 3141 event.u.mlme.status = MLME_SUCCESS; 3142 drv_event_callback(sdata->local, sdata, &event); 3143 sdata_info(sdata, "associated\n"); 3144 3145 /* 3146 * destroy assoc_data afterwards, as otherwise an idle 3147 * recalc after assoc_data is NULL but before associated 3148 * is set can cause the interface to go idle 3149 */ 3150 ieee80211_destroy_assoc_data(sdata, true); 3151 3152 /* get uapsd queues configuration */ 3153 uapsd_queues = 0; 3154 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) 3155 if (sdata->tx_conf[ac].uapsd) 3156 uapsd_queues |= BIT(ac); 3157 } 3158 3159 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len, uapsd_queues); 3160} 3161 3162static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 3163 struct ieee80211_mgmt *mgmt, size_t len, 3164 struct ieee80211_rx_status *rx_status, 3165 struct ieee802_11_elems *elems) 3166{ 3167 struct ieee80211_local *local = sdata->local; 3168 struct ieee80211_bss *bss; 3169 struct ieee80211_channel *channel; 3170 3171 sdata_assert_lock(sdata); 3172 3173 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq); 3174 if (!channel) 3175 return; 3176 3177 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 3178 channel); 3179 if (bss) { 3180 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; 3181 ieee80211_rx_bss_put(local, bss); 3182 } 3183} 3184 3185 3186static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 3187 struct sk_buff *skb) 3188{ 3189 struct ieee80211_mgmt *mgmt = (void *)skb->data; 3190 struct ieee80211_if_managed *ifmgd; 3191 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 3192 size_t baselen, len = skb->len; 3193 struct ieee802_11_elems elems; 3194 3195 ifmgd = &sdata->u.mgd; 3196 3197 sdata_assert_lock(sdata); 3198 3199 if (!ether_addr_equal(mgmt->da, sdata->vif.addr)) 3200 return; /* ignore ProbeResp to foreign address */ 3201 3202 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 3203 if (baselen > len) 3204 return; 3205 3206 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 3207 false, &elems); 3208 3209 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3210 3211 if (ifmgd->associated && 3212 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 3213 ieee80211_reset_ap_probe(sdata); 3214 3215 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies && 3216 ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) { 3217 /* got probe response, continue with auth */ 3218 sdata_info(sdata, "direct probe responded\n"); 3219 ifmgd->auth_data->tries = 0; 3220 ifmgd->auth_data->timeout = jiffies; 3221 ifmgd->auth_data->timeout_started = true; 3222 run_again(sdata, ifmgd->auth_data->timeout); 3223 } 3224} 3225 3226/* 3227 * This is the canonical list of information elements we care about, 3228 * the filter code also gives us all changes to the Microsoft OUI 3229 * (00:50:F2) vendor IE which is used for WMM which we need to track, 3230 * as well as the DTPC IE (part of the Cisco OUI) used for signaling 3231 * changes to requested client power. 3232 * 3233 * We implement beacon filtering in software since that means we can 3234 * avoid processing the frame here and in cfg80211, and userspace 3235 * will not be able to tell whether the hardware supports it or not. 3236 * 3237 * XXX: This list needs to be dynamic -- userspace needs to be able to 3238 * add items it requires. It also needs to be able to tell us to 3239 * look out for other vendor IEs. 3240 */ 3241static const u64 care_about_ies = 3242 (1ULL << WLAN_EID_COUNTRY) | 3243 (1ULL << WLAN_EID_ERP_INFO) | 3244 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 3245 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 3246 (1ULL << WLAN_EID_HT_CAPABILITY) | 3247 (1ULL << WLAN_EID_HT_OPERATION) | 3248 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN); 3249 3250static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 3251 struct ieee80211_mgmt *mgmt, size_t len, 3252 struct ieee80211_rx_status *rx_status) 3253{ 3254 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3255 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 3256 size_t baselen; 3257 struct ieee802_11_elems elems; 3258 struct ieee80211_local *local = sdata->local; 3259 struct ieee80211_chanctx_conf *chanctx_conf; 3260 struct ieee80211_channel *chan; 3261 struct sta_info *sta; 3262 u32 changed = 0; 3263 bool erp_valid; 3264 u8 erp_value = 0; 3265 u32 ncrc; 3266 u8 *bssid; 3267 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3268 3269 sdata_assert_lock(sdata); 3270 3271 /* Process beacon from the current BSS */ 3272 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 3273 if (baselen > len) 3274 return; 3275 3276 rcu_read_lock(); 3277 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 3278 if (!chanctx_conf) { 3279 rcu_read_unlock(); 3280 return; 3281 } 3282 3283 if (rx_status->freq != chanctx_conf->def.chan->center_freq) { 3284 rcu_read_unlock(); 3285 return; 3286 } 3287 chan = chanctx_conf->def.chan; 3288 rcu_read_unlock(); 3289 3290 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 3291 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 3292 ieee802_11_parse_elems(mgmt->u.beacon.variable, 3293 len - baselen, false, &elems); 3294 3295 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3296 if (elems.tim && !elems.parse_error) { 3297 const struct ieee80211_tim_ie *tim_ie = elems.tim; 3298 ifmgd->dtim_period = tim_ie->dtim_period; 3299 } 3300 ifmgd->have_beacon = true; 3301 ifmgd->assoc_data->need_beacon = false; 3302 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3303 sdata->vif.bss_conf.sync_tsf = 3304 le64_to_cpu(mgmt->u.beacon.timestamp); 3305 sdata->vif.bss_conf.sync_device_ts = 3306 rx_status->device_timestamp; 3307 if (elems.tim) 3308 sdata->vif.bss_conf.sync_dtim_count = 3309 elems.tim->dtim_count; 3310 else 3311 sdata->vif.bss_conf.sync_dtim_count = 0; 3312 } 3313 /* continue assoc process */ 3314 ifmgd->assoc_data->timeout = jiffies; 3315 ifmgd->assoc_data->timeout_started = true; 3316 run_again(sdata, ifmgd->assoc_data->timeout); 3317 return; 3318 } 3319 3320 if (!ifmgd->associated || 3321 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) 3322 return; 3323 bssid = ifmgd->associated->bssid; 3324 3325 /* Track average RSSI from the Beacon frames of the current AP */ 3326 ifmgd->last_beacon_signal = rx_status->signal; 3327 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 3328 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 3329 ifmgd->ave_beacon_signal = rx_status->signal * 16; 3330 ifmgd->last_cqm_event_signal = 0; 3331 ifmgd->count_beacon_signal = 1; 3332 ifmgd->last_ave_beacon_signal = 0; 3333 } else { 3334 ifmgd->ave_beacon_signal = 3335 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 3336 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 3337 ifmgd->ave_beacon_signal) / 16; 3338 ifmgd->count_beacon_signal++; 3339 } 3340 3341 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 3342 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 3343 int sig = ifmgd->ave_beacon_signal / 16; 3344 int last_sig = ifmgd->last_ave_beacon_signal; 3345 struct ieee80211_event event = { 3346 .type = RSSI_EVENT, 3347 }; 3348 3349 /* 3350 * if signal crosses either of the boundaries, invoke callback 3351 * with appropriate parameters 3352 */ 3353 if (sig > ifmgd->rssi_max_thold && 3354 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 3355 ifmgd->last_ave_beacon_signal = sig; 3356 event.u.rssi.data = RSSI_EVENT_HIGH; 3357 drv_event_callback(local, sdata, &event); 3358 } else if (sig < ifmgd->rssi_min_thold && 3359 (last_sig >= ifmgd->rssi_max_thold || 3360 last_sig == 0)) { 3361 ifmgd->last_ave_beacon_signal = sig; 3362 event.u.rssi.data = RSSI_EVENT_LOW; 3363 drv_event_callback(local, sdata, &event); 3364 } 3365 } 3366 3367 if (bss_conf->cqm_rssi_thold && 3368 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 3369 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 3370 int sig = ifmgd->ave_beacon_signal / 16; 3371 int last_event = ifmgd->last_cqm_event_signal; 3372 int thold = bss_conf->cqm_rssi_thold; 3373 int hyst = bss_conf->cqm_rssi_hyst; 3374 if (sig < thold && 3375 (last_event == 0 || sig < last_event - hyst)) { 3376 ifmgd->last_cqm_event_signal = sig; 3377 ieee80211_cqm_rssi_notify( 3378 &sdata->vif, 3379 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 3380 GFP_KERNEL); 3381 } else if (sig > thold && 3382 (last_event == 0 || sig > last_event + hyst)) { 3383 ifmgd->last_cqm_event_signal = sig; 3384 ieee80211_cqm_rssi_notify( 3385 &sdata->vif, 3386 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 3387 GFP_KERNEL); 3388 } 3389 } 3390 3391 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) { 3392 mlme_dbg_ratelimited(sdata, 3393 "cancelling AP probe due to a received beacon\n"); 3394 ieee80211_reset_ap_probe(sdata); 3395 } 3396 3397 /* 3398 * Push the beacon loss detection into the future since 3399 * we are processing a beacon from the AP just now. 3400 */ 3401 ieee80211_sta_reset_beacon_monitor(sdata); 3402 3403 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 3404 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 3405 len - baselen, false, &elems, 3406 care_about_ies, ncrc); 3407 3408 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 3409 bool directed_tim = ieee80211_check_tim(elems.tim, 3410 elems.tim_len, 3411 ifmgd->aid); 3412 if (directed_tim) { 3413 if (local->hw.conf.dynamic_ps_timeout > 0) { 3414 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 3415 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 3416 ieee80211_hw_config(local, 3417 IEEE80211_CONF_CHANGE_PS); 3418 } 3419 ieee80211_send_nullfunc(local, sdata, 0); 3420 } else if (!local->pspolling && sdata->u.mgd.powersave) { 3421 local->pspolling = true; 3422 3423 /* 3424 * Here is assumed that the driver will be 3425 * able to send ps-poll frame and receive a 3426 * response even though power save mode is 3427 * enabled, but some drivers might require 3428 * to disable power save here. This needs 3429 * to be investigated. 3430 */ 3431 ieee80211_send_pspoll(local, sdata); 3432 } 3433 } 3434 } 3435 3436 if (sdata->vif.p2p) { 3437 struct ieee80211_p2p_noa_attr noa = {}; 3438 int ret; 3439 3440 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 3441 len - baselen, 3442 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 3443 (u8 *) &noa, sizeof(noa)); 3444 if (ret >= 2) { 3445 if (sdata->u.mgd.p2p_noa_index != noa.index) { 3446 /* valid noa_attr and index changed */ 3447 sdata->u.mgd.p2p_noa_index = noa.index; 3448 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 3449 changed |= BSS_CHANGED_P2P_PS; 3450 /* 3451 * make sure we update all information, the CRC 3452 * mechanism doesn't look at P2P attributes. 3453 */ 3454 ifmgd->beacon_crc_valid = false; 3455 } 3456 } else if (sdata->u.mgd.p2p_noa_index != -1) { 3457 /* noa_attr not found and we had valid noa_attr before */ 3458 sdata->u.mgd.p2p_noa_index = -1; 3459 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 3460 changed |= BSS_CHANGED_P2P_PS; 3461 ifmgd->beacon_crc_valid = false; 3462 } 3463 } 3464 3465 if (ifmgd->csa_waiting_bcn) 3466 ieee80211_chswitch_post_beacon(sdata); 3467 3468 /* 3469 * Update beacon timing and dtim count on every beacon appearance. This 3470 * will allow the driver to use the most updated values. Do it before 3471 * comparing this one with last received beacon. 3472 * IMPORTANT: These parameters would possibly be out of sync by the time 3473 * the driver will use them. The synchronized view is currently 3474 * guaranteed only in certain callbacks. 3475 */ 3476 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 3477 sdata->vif.bss_conf.sync_tsf = 3478 le64_to_cpu(mgmt->u.beacon.timestamp); 3479 sdata->vif.bss_conf.sync_device_ts = 3480 rx_status->device_timestamp; 3481 if (elems.tim) 3482 sdata->vif.bss_conf.sync_dtim_count = 3483 elems.tim->dtim_count; 3484 else 3485 sdata->vif.bss_conf.sync_dtim_count = 0; 3486 } 3487 3488 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) 3489 return; 3490 ifmgd->beacon_crc = ncrc; 3491 ifmgd->beacon_crc_valid = true; 3492 3493 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 3494 3495 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 3496 rx_status->device_timestamp, 3497 &elems, true); 3498 3499 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && 3500 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 3501 elems.wmm_param_len)) 3502 changed |= BSS_CHANGED_QOS; 3503 3504 /* 3505 * If we haven't had a beacon before, tell the driver about the 3506 * DTIM period (and beacon timing if desired) now. 3507 */ 3508 if (!ifmgd->have_beacon) { 3509 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 3510 if (elems.tim) 3511 bss_conf->dtim_period = elems.tim->dtim_period ?: 1; 3512 else 3513 bss_conf->dtim_period = 1; 3514 3515 changed |= BSS_CHANGED_BEACON_INFO; 3516 ifmgd->have_beacon = true; 3517 3518 mutex_lock(&local->iflist_mtx); 3519 ieee80211_recalc_ps(local, -1); 3520 mutex_unlock(&local->iflist_mtx); 3521 3522 ieee80211_recalc_ps_vif(sdata); 3523 } 3524 3525 if (elems.erp_info) { 3526 erp_valid = true; 3527 erp_value = elems.erp_info[0]; 3528 } else { 3529 erp_valid = false; 3530 } 3531 changed |= ieee80211_handle_bss_capability(sdata, 3532 le16_to_cpu(mgmt->u.beacon.capab_info), 3533 erp_valid, erp_value); 3534 3535 mutex_lock(&local->sta_mtx); 3536 sta = sta_info_get(sdata, bssid); 3537 3538 if (ieee80211_config_bw(sdata, sta, 3539 elems.ht_cap_elem, elems.ht_operation, 3540 elems.vht_operation, bssid, &changed)) { 3541 mutex_unlock(&local->sta_mtx); 3542 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3543 WLAN_REASON_DEAUTH_LEAVING, 3544 true, deauth_buf); 3545 ieee80211_report_disconnect(sdata, deauth_buf, 3546 sizeof(deauth_buf), true, 3547 WLAN_REASON_DEAUTH_LEAVING); 3548 return; 3549 } 3550 3551 if (sta && elems.opmode_notif) 3552 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif, 3553 rx_status->band, true); 3554 mutex_unlock(&local->sta_mtx); 3555 3556 changed |= ieee80211_handle_pwr_constr(sdata, chan, mgmt, 3557 elems.country_elem, 3558 elems.country_elem_len, 3559 elems.pwr_constr_elem, 3560 elems.cisco_dtpc_elem); 3561 3562 ieee80211_bss_info_change_notify(sdata, changed); 3563} 3564 3565void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 3566 struct sk_buff *skb) 3567{ 3568 struct ieee80211_rx_status *rx_status; 3569 struct ieee80211_mgmt *mgmt; 3570 u16 fc; 3571 struct ieee802_11_elems elems; 3572 int ies_len; 3573 3574 rx_status = (struct ieee80211_rx_status *) skb->cb; 3575 mgmt = (struct ieee80211_mgmt *) skb->data; 3576 fc = le16_to_cpu(mgmt->frame_control); 3577 3578 sdata_lock(sdata); 3579 3580 switch (fc & IEEE80211_FCTL_STYPE) { 3581 case IEEE80211_STYPE_BEACON: 3582 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status); 3583 break; 3584 case IEEE80211_STYPE_PROBE_RESP: 3585 ieee80211_rx_mgmt_probe_resp(sdata, skb); 3586 break; 3587 case IEEE80211_STYPE_AUTH: 3588 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 3589 break; 3590 case IEEE80211_STYPE_DEAUTH: 3591 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 3592 break; 3593 case IEEE80211_STYPE_DISASSOC: 3594 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 3595 break; 3596 case IEEE80211_STYPE_ASSOC_RESP: 3597 case IEEE80211_STYPE_REASSOC_RESP: 3598 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 3599 break; 3600 case IEEE80211_STYPE_ACTION: 3601 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 3602 ies_len = skb->len - 3603 offsetof(struct ieee80211_mgmt, 3604 u.action.u.chan_switch.variable); 3605 3606 if (ies_len < 0) 3607 break; 3608 3609 ieee802_11_parse_elems( 3610 mgmt->u.action.u.chan_switch.variable, 3611 ies_len, true, &elems); 3612 3613 if (elems.parse_error) 3614 break; 3615 3616 ieee80211_sta_process_chanswitch(sdata, 3617 rx_status->mactime, 3618 rx_status->device_timestamp, 3619 &elems, false); 3620 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 3621 ies_len = skb->len - 3622 offsetof(struct ieee80211_mgmt, 3623 u.action.u.ext_chan_switch.variable); 3624 3625 if (ies_len < 0) 3626 break; 3627 3628 ieee802_11_parse_elems( 3629 mgmt->u.action.u.ext_chan_switch.variable, 3630 ies_len, true, &elems); 3631 3632 if (elems.parse_error) 3633 break; 3634 3635 /* for the handling code pretend this was also an IE */ 3636 elems.ext_chansw_ie = 3637 &mgmt->u.action.u.ext_chan_switch.data; 3638 3639 ieee80211_sta_process_chanswitch(sdata, 3640 rx_status->mactime, 3641 rx_status->device_timestamp, 3642 &elems, false); 3643 } 3644 break; 3645 } 3646 sdata_unlock(sdata); 3647} 3648 3649static void ieee80211_sta_timer(unsigned long data) 3650{ 3651 struct ieee80211_sub_if_data *sdata = 3652 (struct ieee80211_sub_if_data *) data; 3653 3654 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 3655} 3656 3657static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 3658 u8 *bssid, u8 reason, bool tx) 3659{ 3660 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3661 3662 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 3663 tx, frame_buf); 3664 3665 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true, 3666 reason); 3667} 3668 3669static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata) 3670{ 3671 struct ieee80211_local *local = sdata->local; 3672 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3673 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 3674 u32 tx_flags = 0; 3675 3676 sdata_assert_lock(sdata); 3677 3678 if (WARN_ON_ONCE(!auth_data)) 3679 return -EINVAL; 3680 3681 auth_data->tries++; 3682 3683 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 3684 sdata_info(sdata, "authentication with %pM timed out\n", 3685 auth_data->bss->bssid); 3686 3687 /* 3688 * Most likely AP is not in the range so remove the 3689 * bss struct for that AP. 3690 */ 3691 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 3692 3693 return -ETIMEDOUT; 3694 } 3695 3696 drv_mgd_prepare_tx(local, sdata); 3697 3698 if (auth_data->bss->proberesp_ies) { 3699 u16 trans = 1; 3700 u16 status = 0; 3701 3702 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 3703 auth_data->bss->bssid, auth_data->tries, 3704 IEEE80211_AUTH_MAX_TRIES); 3705 3706 auth_data->expected_transaction = 2; 3707 3708 if (auth_data->algorithm == WLAN_AUTH_SAE) { 3709 trans = auth_data->sae_trans; 3710 status = auth_data->sae_status; 3711 auth_data->expected_transaction = trans; 3712 } 3713 3714 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3715 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 3716 IEEE80211_TX_INTFL_MLME_CONN_TX; 3717 3718 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 3719 auth_data->data, auth_data->data_len, 3720 auth_data->bss->bssid, 3721 auth_data->bss->bssid, NULL, 0, 0, 3722 tx_flags); 3723 } else { 3724 const u8 *ssidie; 3725 3726 sdata_info(sdata, "direct probe to %pM (try %d/%i)\n", 3727 auth_data->bss->bssid, auth_data->tries, 3728 IEEE80211_AUTH_MAX_TRIES); 3729 3730 rcu_read_lock(); 3731 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID); 3732 if (!ssidie) { 3733 rcu_read_unlock(); 3734 return -EINVAL; 3735 } 3736 /* 3737 * Direct probe is sent to broadcast address as some APs 3738 * will not answer to direct packet in unassociated state. 3739 */ 3740 ieee80211_send_probe_req(sdata, sdata->vif.addr, NULL, 3741 ssidie + 2, ssidie[1], 3742 NULL, 0, (u32) -1, true, 0, 3743 auth_data->bss->channel, false); 3744 rcu_read_unlock(); 3745 } 3746 3747 if (tx_flags == 0) { 3748 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 3749 auth_data->timeout_started = true; 3750 run_again(sdata, auth_data->timeout); 3751 } else { 3752 auth_data->timeout = 3753 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); 3754 auth_data->timeout_started = true; 3755 run_again(sdata, auth_data->timeout); 3756 } 3757 3758 return 0; 3759} 3760 3761static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 3762{ 3763 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 3764 struct ieee80211_local *local = sdata->local; 3765 3766 sdata_assert_lock(sdata); 3767 3768 assoc_data->tries++; 3769 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 3770 sdata_info(sdata, "association with %pM timed out\n", 3771 assoc_data->bss->bssid); 3772 3773 /* 3774 * Most likely AP is not in the range so remove the 3775 * bss struct for that AP. 3776 */ 3777 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 3778 3779 return -ETIMEDOUT; 3780 } 3781 3782 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 3783 assoc_data->bss->bssid, assoc_data->tries, 3784 IEEE80211_ASSOC_MAX_TRIES); 3785 ieee80211_send_assoc(sdata); 3786 3787 if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) { 3788 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 3789 assoc_data->timeout_started = true; 3790 run_again(sdata, assoc_data->timeout); 3791 } else { 3792 assoc_data->timeout = 3793 round_jiffies_up(jiffies + 3794 IEEE80211_ASSOC_TIMEOUT_LONG); 3795 assoc_data->timeout_started = true; 3796 run_again(sdata, assoc_data->timeout); 3797 } 3798 3799 return 0; 3800} 3801 3802void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 3803 __le16 fc, bool acked) 3804{ 3805 struct ieee80211_local *local = sdata->local; 3806 3807 sdata->u.mgd.status_fc = fc; 3808 sdata->u.mgd.status_acked = acked; 3809 sdata->u.mgd.status_received = true; 3810 3811 ieee80211_queue_work(&local->hw, &sdata->work); 3812} 3813 3814void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 3815{ 3816 struct ieee80211_local *local = sdata->local; 3817 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3818 3819 sdata_lock(sdata); 3820 3821 if (ifmgd->status_received) { 3822 __le16 fc = ifmgd->status_fc; 3823 bool status_acked = ifmgd->status_acked; 3824 3825 ifmgd->status_received = false; 3826 if (ifmgd->auth_data && 3827 (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) { 3828 if (status_acked) { 3829 ifmgd->auth_data->timeout = 3830 jiffies + IEEE80211_AUTH_TIMEOUT_SHORT; 3831 run_again(sdata, ifmgd->auth_data->timeout); 3832 } else { 3833 ifmgd->auth_data->timeout = jiffies - 1; 3834 } 3835 ifmgd->auth_data->timeout_started = true; 3836 } else if (ifmgd->assoc_data && 3837 (ieee80211_is_assoc_req(fc) || 3838 ieee80211_is_reassoc_req(fc))) { 3839 if (status_acked) { 3840 ifmgd->assoc_data->timeout = 3841 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 3842 run_again(sdata, ifmgd->assoc_data->timeout); 3843 } else { 3844 ifmgd->assoc_data->timeout = jiffies - 1; 3845 } 3846 ifmgd->assoc_data->timeout_started = true; 3847 } 3848 } 3849 3850 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 3851 time_after(jiffies, ifmgd->auth_data->timeout)) { 3852 if (ifmgd->auth_data->done) { 3853 /* 3854 * ok ... we waited for assoc but userspace didn't, 3855 * so let's just kill the auth data 3856 */ 3857 ieee80211_destroy_auth_data(sdata, false); 3858 } else if (ieee80211_probe_auth(sdata)) { 3859 u8 bssid[ETH_ALEN]; 3860 struct ieee80211_event event = { 3861 .type = MLME_EVENT, 3862 .u.mlme.data = AUTH_EVENT, 3863 .u.mlme.status = MLME_TIMEOUT, 3864 }; 3865 3866 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3867 3868 ieee80211_destroy_auth_data(sdata, false); 3869 3870 cfg80211_auth_timeout(sdata->dev, bssid); 3871 drv_event_callback(sdata->local, sdata, &event); 3872 } 3873 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 3874 run_again(sdata, ifmgd->auth_data->timeout); 3875 3876 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 3877 time_after(jiffies, ifmgd->assoc_data->timeout)) { 3878 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) || 3879 ieee80211_do_assoc(sdata)) { 3880 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 3881 struct ieee80211_event event = { 3882 .type = MLME_EVENT, 3883 .u.mlme.data = ASSOC_EVENT, 3884 .u.mlme.status = MLME_TIMEOUT, 3885 }; 3886 3887 ieee80211_destroy_assoc_data(sdata, false); 3888 cfg80211_assoc_timeout(sdata->dev, bss); 3889 drv_event_callback(sdata->local, sdata, &event); 3890 } 3891 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 3892 run_again(sdata, ifmgd->assoc_data->timeout); 3893 3894 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL && 3895 ifmgd->associated) { 3896 u8 bssid[ETH_ALEN]; 3897 int max_tries; 3898 3899 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 3900 3901 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) 3902 max_tries = max_nullfunc_tries; 3903 else 3904 max_tries = max_probe_tries; 3905 3906 /* ACK received for nullfunc probing frame */ 3907 if (!ifmgd->probe_send_count) 3908 ieee80211_reset_ap_probe(sdata); 3909 else if (ifmgd->nullfunc_failed) { 3910 if (ifmgd->probe_send_count < max_tries) { 3911 mlme_dbg(sdata, 3912 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 3913 bssid, ifmgd->probe_send_count, 3914 max_tries); 3915 ieee80211_mgd_probe_ap_send(sdata); 3916 } else { 3917 mlme_dbg(sdata, 3918 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 3919 bssid); 3920 ieee80211_sta_connection_lost(sdata, bssid, 3921 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 3922 false); 3923 } 3924 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 3925 run_again(sdata, ifmgd->probe_timeout); 3926 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) { 3927 mlme_dbg(sdata, 3928 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 3929 bssid, probe_wait_ms); 3930 ieee80211_sta_connection_lost(sdata, bssid, 3931 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3932 } else if (ifmgd->probe_send_count < max_tries) { 3933 mlme_dbg(sdata, 3934 "No probe response from AP %pM after %dms, try %d/%i\n", 3935 bssid, probe_wait_ms, 3936 ifmgd->probe_send_count, max_tries); 3937 ieee80211_mgd_probe_ap_send(sdata); 3938 } else { 3939 /* 3940 * We actually lost the connection ... or did we? 3941 * Let's make sure! 3942 */ 3943 wiphy_debug(local->hw.wiphy, 3944 "%s: No probe response from AP %pM" 3945 " after %dms, disconnecting.\n", 3946 sdata->name, 3947 bssid, probe_wait_ms); 3948 3949 ieee80211_sta_connection_lost(sdata, bssid, 3950 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 3951 } 3952 } 3953 3954 sdata_unlock(sdata); 3955} 3956 3957static void ieee80211_sta_bcn_mon_timer(unsigned long data) 3958{ 3959 struct ieee80211_sub_if_data *sdata = 3960 (struct ieee80211_sub_if_data *) data; 3961 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3962 3963 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) 3964 return; 3965 3966 sdata->u.mgd.connection_loss = false; 3967 ieee80211_queue_work(&sdata->local->hw, 3968 &sdata->u.mgd.beacon_connection_loss_work); 3969} 3970 3971static void ieee80211_sta_conn_mon_timer(unsigned long data) 3972{ 3973 struct ieee80211_sub_if_data *sdata = 3974 (struct ieee80211_sub_if_data *) data; 3975 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3976 struct ieee80211_local *local = sdata->local; 3977 3978 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) 3979 return; 3980 3981 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 3982} 3983 3984static void ieee80211_sta_monitor_work(struct work_struct *work) 3985{ 3986 struct ieee80211_sub_if_data *sdata = 3987 container_of(work, struct ieee80211_sub_if_data, 3988 u.mgd.monitor_work); 3989 3990 ieee80211_mgd_probe_ap(sdata, false); 3991} 3992 3993static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 3994{ 3995 u32 flags; 3996 3997 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 3998 __ieee80211_stop_poll(sdata); 3999 4000 /* let's probe the connection once */ 4001 flags = sdata->local->hw.flags; 4002 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR)) 4003 ieee80211_queue_work(&sdata->local->hw, 4004 &sdata->u.mgd.monitor_work); 4005 } 4006} 4007 4008#ifdef CONFIG_PM 4009void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata) 4010{ 4011 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4012 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4013 4014 sdata_lock(sdata); 4015 4016 if (ifmgd->auth_data || ifmgd->assoc_data) { 4017 const u8 *bssid = ifmgd->auth_data ? 4018 ifmgd->auth_data->bss->bssid : 4019 ifmgd->assoc_data->bss->bssid; 4020 4021 /* 4022 * If we are trying to authenticate / associate while suspending, 4023 * cfg80211 won't know and won't actually abort those attempts, 4024 * thus we need to do that ourselves. 4025 */ 4026 ieee80211_send_deauth_disassoc(sdata, bssid, 4027 IEEE80211_STYPE_DEAUTH, 4028 WLAN_REASON_DEAUTH_LEAVING, 4029 false, frame_buf); 4030 if (ifmgd->assoc_data) 4031 ieee80211_destroy_assoc_data(sdata, false); 4032 if (ifmgd->auth_data) 4033 ieee80211_destroy_auth_data(sdata, false); 4034 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4035 IEEE80211_DEAUTH_FRAME_LEN); 4036 } 4037 4038 /* This is a bit of a hack - we should find a better and more generic 4039 * solution to this. Normally when suspending, cfg80211 will in fact 4040 * deauthenticate. However, it doesn't (and cannot) stop an ongoing 4041 * auth (not so important) or assoc (this is the problem) process. 4042 * 4043 * As a consequence, it can happen that we are in the process of both 4044 * associating and suspending, and receive an association response 4045 * after cfg80211 has checked if it needs to disconnect, but before 4046 * we actually set the flag to drop incoming frames. This will then 4047 * cause the workqueue flush to process the association response in 4048 * the suspend, resulting in a successful association just before it 4049 * tries to remove the interface from the driver, which now though 4050 * has a channel context assigned ... this results in issues. 4051 * 4052 * To work around this (for now) simply deauth here again if we're 4053 * now connected. 4054 */ 4055 if (ifmgd->associated && !sdata->local->wowlan) { 4056 u8 bssid[ETH_ALEN]; 4057 struct cfg80211_deauth_request req = { 4058 .reason_code = WLAN_REASON_DEAUTH_LEAVING, 4059 .bssid = bssid, 4060 }; 4061 4062 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 4063 ieee80211_mgd_deauth(sdata, &req); 4064 } 4065 4066 sdata_unlock(sdata); 4067} 4068 4069void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 4070{ 4071 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4072 4073 sdata_lock(sdata); 4074 if (!ifmgd->associated) { 4075 sdata_unlock(sdata); 4076 return; 4077 } 4078 4079 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 4080 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 4081 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 4082 ieee80211_sta_connection_lost(sdata, 4083 ifmgd->associated->bssid, 4084 WLAN_REASON_UNSPECIFIED, 4085 true); 4086 sdata_unlock(sdata); 4087 return; 4088 } 4089 sdata_unlock(sdata); 4090} 4091#endif 4092 4093/* interface setup */ 4094void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 4095{ 4096 struct ieee80211_if_managed *ifmgd; 4097 4098 ifmgd = &sdata->u.mgd; 4099 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 4100 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 4101 INIT_WORK(&ifmgd->beacon_connection_loss_work, 4102 ieee80211_beacon_connection_loss_work); 4103 INIT_WORK(&ifmgd->csa_connection_drop_work, 4104 ieee80211_csa_connection_drop_work); 4105 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work); 4106 INIT_DELAYED_WORK(&ifmgd->tdls_peer_del_work, 4107 ieee80211_tdls_peer_del_work); 4108 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 4109 (unsigned long) sdata); 4110 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 4111 (unsigned long) sdata); 4112 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 4113 (unsigned long) sdata); 4114 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 4115 (unsigned long) sdata); 4116 INIT_DELAYED_WORK(&ifmgd->tx_tspec_wk, 4117 ieee80211_sta_handle_tspec_ac_params_wk); 4118 4119 ifmgd->flags = 0; 4120 ifmgd->powersave = sdata->wdev.ps; 4121 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 4122 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 4123 ifmgd->p2p_noa_index = -1; 4124 4125 if (sdata->local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS) 4126 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 4127 else 4128 ifmgd->req_smps = IEEE80211_SMPS_OFF; 4129 4130 /* Setup TDLS data */ 4131 spin_lock_init(&ifmgd->teardown_lock); 4132 ifmgd->teardown_skb = NULL; 4133 ifmgd->orig_teardown_skb = NULL; 4134} 4135 4136/* scan finished notification */ 4137void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 4138{ 4139 struct ieee80211_sub_if_data *sdata; 4140 4141 /* Restart STA timers */ 4142 rcu_read_lock(); 4143 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 4144 if (ieee80211_sdata_running(sdata)) 4145 ieee80211_restart_sta_timer(sdata); 4146 } 4147 rcu_read_unlock(); 4148} 4149 4150int ieee80211_max_network_latency(struct notifier_block *nb, 4151 unsigned long data, void *dummy) 4152{ 4153 s32 latency_usec = (s32) data; 4154 struct ieee80211_local *local = 4155 container_of(nb, struct ieee80211_local, 4156 network_latency_notifier); 4157 4158 mutex_lock(&local->iflist_mtx); 4159 ieee80211_recalc_ps(local, latency_usec); 4160 mutex_unlock(&local->iflist_mtx); 4161 4162 return NOTIFY_OK; 4163} 4164 4165static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata, 4166 struct cfg80211_bss *cbss) 4167{ 4168 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4169 const u8 *ht_cap_ie, *vht_cap_ie; 4170 const struct ieee80211_ht_cap *ht_cap; 4171 const struct ieee80211_vht_cap *vht_cap; 4172 u8 chains = 1; 4173 4174 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 4175 return chains; 4176 4177 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 4178 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) { 4179 ht_cap = (void *)(ht_cap_ie + 2); 4180 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 4181 /* 4182 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 4183 * "Tx Unequal Modulation Supported" fields. 4184 */ 4185 } 4186 4187 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 4188 return chains; 4189 4190 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 4191 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) { 4192 u8 nss; 4193 u16 tx_mcs_map; 4194 4195 vht_cap = (void *)(vht_cap_ie + 2); 4196 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 4197 for (nss = 8; nss > 0; nss--) { 4198 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 4199 IEEE80211_VHT_MCS_NOT_SUPPORTED) 4200 break; 4201 } 4202 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 4203 chains = max(chains, nss); 4204 } 4205 4206 return chains; 4207} 4208 4209static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 4210 struct cfg80211_bss *cbss) 4211{ 4212 struct ieee80211_local *local = sdata->local; 4213 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4214 const struct ieee80211_ht_cap *ht_cap = NULL; 4215 const struct ieee80211_ht_operation *ht_oper = NULL; 4216 const struct ieee80211_vht_operation *vht_oper = NULL; 4217 struct ieee80211_supported_band *sband; 4218 struct cfg80211_chan_def chandef; 4219 int ret; 4220 4221 sband = local->hw.wiphy->bands[cbss->channel->band]; 4222 4223 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 4224 IEEE80211_STA_DISABLE_80P80MHZ | 4225 IEEE80211_STA_DISABLE_160MHZ); 4226 4227 rcu_read_lock(); 4228 4229 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 4230 sband->ht_cap.ht_supported) { 4231 const u8 *ht_oper_ie, *ht_cap_ie; 4232 4233 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION); 4234 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper)) 4235 ht_oper = (void *)(ht_oper_ie + 2); 4236 4237 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY); 4238 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) 4239 ht_cap = (void *)(ht_cap_ie + 2); 4240 4241 if (!ht_cap) { 4242 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4243 ht_oper = NULL; 4244 } 4245 } 4246 4247 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 4248 sband->vht_cap.vht_supported) { 4249 const u8 *vht_oper_ie, *vht_cap; 4250 4251 vht_oper_ie = ieee80211_bss_get_ie(cbss, 4252 WLAN_EID_VHT_OPERATION); 4253 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper)) 4254 vht_oper = (void *)(vht_oper_ie + 2); 4255 if (vht_oper && !ht_oper) { 4256 vht_oper = NULL; 4257 sdata_info(sdata, 4258 "AP advertised VHT without HT, disabling both\n"); 4259 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4260 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4261 } 4262 4263 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY); 4264 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) { 4265 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4266 vht_oper = NULL; 4267 } 4268 } 4269 4270 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 4271 cbss->channel, 4272 ht_cap, ht_oper, vht_oper, 4273 &chandef, false); 4274 4275 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss), 4276 local->rx_chains); 4277 4278 rcu_read_unlock(); 4279 4280 /* will change later if needed */ 4281 sdata->smps_mode = IEEE80211_SMPS_OFF; 4282 4283 mutex_lock(&local->mtx); 4284 /* 4285 * If this fails (possibly due to channel context sharing 4286 * on incompatible channels, e.g. 80+80 and 160 sharing the 4287 * same control channel) try to use a smaller bandwidth. 4288 */ 4289 ret = ieee80211_vif_use_channel(sdata, &chandef, 4290 IEEE80211_CHANCTX_SHARED); 4291 4292 /* don't downgrade for 5 and 10 MHz channels, though. */ 4293 if (chandef.width == NL80211_CHAN_WIDTH_5 || 4294 chandef.width == NL80211_CHAN_WIDTH_10) 4295 goto out; 4296 4297 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 4298 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef); 4299 ret = ieee80211_vif_use_channel(sdata, &chandef, 4300 IEEE80211_CHANCTX_SHARED); 4301 } 4302 out: 4303 mutex_unlock(&local->mtx); 4304 return ret; 4305} 4306 4307static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 4308 struct cfg80211_bss *cbss, bool assoc) 4309{ 4310 struct ieee80211_local *local = sdata->local; 4311 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4312 struct ieee80211_bss *bss = (void *)cbss->priv; 4313 struct sta_info *new_sta = NULL; 4314 struct ieee80211_supported_band *sband; 4315 struct ieee80211_sta_ht_cap sta_ht_cap; 4316 bool have_sta = false, is_override = false; 4317 int err; 4318 4319 sband = local->hw.wiphy->bands[cbss->channel->band]; 4320 4321 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 4322 return -EINVAL; 4323 4324 if (assoc) { 4325 rcu_read_lock(); 4326 have_sta = sta_info_get(sdata, cbss->bssid); 4327 rcu_read_unlock(); 4328 } 4329 4330 if (!have_sta) { 4331 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 4332 if (!new_sta) 4333 return -ENOMEM; 4334 } 4335 4336 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap)); 4337 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap); 4338 4339 is_override = (sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) != 4340 (sband->ht_cap.cap & 4341 IEEE80211_HT_CAP_SUP_WIDTH_20_40); 4342 4343 if (new_sta || is_override) { 4344 err = ieee80211_prep_channel(sdata, cbss); 4345 if (err) { 4346 if (new_sta) 4347 sta_info_free(local, new_sta); 4348 return -EINVAL; 4349 } 4350 } 4351 4352 if (new_sta) { 4353 u32 rates = 0, basic_rates = 0; 4354 bool have_higher_than_11mbit; 4355 int min_rate = INT_MAX, min_rate_index = -1; 4356 struct ieee80211_chanctx_conf *chanctx_conf; 4357 const struct cfg80211_bss_ies *ies; 4358 int shift = ieee80211_vif_get_shift(&sdata->vif); 4359 u32 rate_flags; 4360 4361 rcu_read_lock(); 4362 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 4363 if (WARN_ON(!chanctx_conf)) { 4364 rcu_read_unlock(); 4365 sta_info_free(local, new_sta); 4366 return -EINVAL; 4367 } 4368 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def); 4369 rcu_read_unlock(); 4370 4371 ieee80211_get_rates(sband, bss->supp_rates, 4372 bss->supp_rates_len, 4373 &rates, &basic_rates, 4374 &have_higher_than_11mbit, 4375 &min_rate, &min_rate_index, 4376 shift, rate_flags); 4377 4378 /* 4379 * This used to be a workaround for basic rates missing 4380 * in the association response frame. Now that we no 4381 * longer use the basic rates from there, it probably 4382 * doesn't happen any more, but keep the workaround so 4383 * in case some *other* APs are buggy in different ways 4384 * we can connect -- with a warning. 4385 */ 4386 if (!basic_rates && min_rate_index >= 0) { 4387 sdata_info(sdata, 4388 "No basic rates, using min rate instead\n"); 4389 basic_rates = BIT(min_rate_index); 4390 } 4391 4392 new_sta->sta.supp_rates[cbss->channel->band] = rates; 4393 sdata->vif.bss_conf.basic_rates = basic_rates; 4394 4395 /* cf. IEEE 802.11 9.2.12 */ 4396 if (cbss->channel->band == IEEE80211_BAND_2GHZ && 4397 have_higher_than_11mbit) 4398 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 4399 else 4400 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 4401 4402 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 4403 4404 /* set timing information */ 4405 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 4406 rcu_read_lock(); 4407 ies = rcu_dereference(cbss->beacon_ies); 4408 if (ies) { 4409 const u8 *tim_ie; 4410 4411 sdata->vif.bss_conf.sync_tsf = ies->tsf; 4412 sdata->vif.bss_conf.sync_device_ts = 4413 bss->device_ts_beacon; 4414 tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4415 ies->data, ies->len); 4416 if (tim_ie && tim_ie[1] >= 2) 4417 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; 4418 else 4419 sdata->vif.bss_conf.sync_dtim_count = 0; 4420 } else if (!(local->hw.flags & 4421 IEEE80211_HW_TIMING_BEACON_ONLY)) { 4422 ies = rcu_dereference(cbss->proberesp_ies); 4423 /* must be non-NULL since beacon IEs were NULL */ 4424 sdata->vif.bss_conf.sync_tsf = ies->tsf; 4425 sdata->vif.bss_conf.sync_device_ts = 4426 bss->device_ts_presp; 4427 sdata->vif.bss_conf.sync_dtim_count = 0; 4428 } else { 4429 sdata->vif.bss_conf.sync_tsf = 0; 4430 sdata->vif.bss_conf.sync_device_ts = 0; 4431 sdata->vif.bss_conf.sync_dtim_count = 0; 4432 } 4433 rcu_read_unlock(); 4434 4435 /* tell driver about BSSID, basic rates and timing */ 4436 ieee80211_bss_info_change_notify(sdata, 4437 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 4438 BSS_CHANGED_BEACON_INT); 4439 4440 if (assoc) 4441 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 4442 4443 err = sta_info_insert(new_sta); 4444 new_sta = NULL; 4445 if (err) { 4446 sdata_info(sdata, 4447 "failed to insert STA entry for the AP (error %d)\n", 4448 err); 4449 return err; 4450 } 4451 } else 4452 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 4453 4454 /* Cancel scan to ensure that nothing interferes with connection */ 4455 if (local->scanning) 4456 ieee80211_scan_cancel(local); 4457 4458 return 0; 4459} 4460 4461/* config hooks */ 4462int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 4463 struct cfg80211_auth_request *req) 4464{ 4465 struct ieee80211_local *local = sdata->local; 4466 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4467 struct ieee80211_mgd_auth_data *auth_data; 4468 u16 auth_alg; 4469 int err; 4470 4471 /* prepare auth data structure */ 4472 4473 switch (req->auth_type) { 4474 case NL80211_AUTHTYPE_OPEN_SYSTEM: 4475 auth_alg = WLAN_AUTH_OPEN; 4476 break; 4477 case NL80211_AUTHTYPE_SHARED_KEY: 4478 if (IS_ERR(local->wep_tx_tfm)) 4479 return -EOPNOTSUPP; 4480 auth_alg = WLAN_AUTH_SHARED_KEY; 4481 break; 4482 case NL80211_AUTHTYPE_FT: 4483 auth_alg = WLAN_AUTH_FT; 4484 break; 4485 case NL80211_AUTHTYPE_NETWORK_EAP: 4486 auth_alg = WLAN_AUTH_LEAP; 4487 break; 4488 case NL80211_AUTHTYPE_SAE: 4489 auth_alg = WLAN_AUTH_SAE; 4490 break; 4491 default: 4492 return -EOPNOTSUPP; 4493 } 4494 4495 auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + 4496 req->ie_len, GFP_KERNEL); 4497 if (!auth_data) 4498 return -ENOMEM; 4499 4500 auth_data->bss = req->bss; 4501 4502 if (req->sae_data_len >= 4) { 4503 __le16 *pos = (__le16 *) req->sae_data; 4504 auth_data->sae_trans = le16_to_cpu(pos[0]); 4505 auth_data->sae_status = le16_to_cpu(pos[1]); 4506 memcpy(auth_data->data, req->sae_data + 4, 4507 req->sae_data_len - 4); 4508 auth_data->data_len += req->sae_data_len - 4; 4509 } 4510 4511 if (req->ie && req->ie_len) { 4512 memcpy(&auth_data->data[auth_data->data_len], 4513 req->ie, req->ie_len); 4514 auth_data->data_len += req->ie_len; 4515 } 4516 4517 if (req->key && req->key_len) { 4518 auth_data->key_len = req->key_len; 4519 auth_data->key_idx = req->key_idx; 4520 memcpy(auth_data->key, req->key, req->key_len); 4521 } 4522 4523 auth_data->algorithm = auth_alg; 4524 4525 /* try to authenticate/probe */ 4526 4527 if ((ifmgd->auth_data && !ifmgd->auth_data->done) || 4528 ifmgd->assoc_data) { 4529 err = -EBUSY; 4530 goto err_free; 4531 } 4532 4533 if (ifmgd->auth_data) 4534 ieee80211_destroy_auth_data(sdata, false); 4535 4536 /* prep auth_data so we don't go into idle on disassoc */ 4537 ifmgd->auth_data = auth_data; 4538 4539 if (ifmgd->associated) { 4540 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4541 4542 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4543 WLAN_REASON_UNSPECIFIED, 4544 false, frame_buf); 4545 4546 ieee80211_report_disconnect(sdata, frame_buf, 4547 sizeof(frame_buf), true, 4548 WLAN_REASON_UNSPECIFIED); 4549 } 4550 4551 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 4552 4553 err = ieee80211_prep_connection(sdata, req->bss, false); 4554 if (err) 4555 goto err_clear; 4556 4557 err = ieee80211_probe_auth(sdata); 4558 if (err) { 4559 sta_info_destroy_addr(sdata, req->bss->bssid); 4560 goto err_clear; 4561 } 4562 4563 /* hold our own reference */ 4564 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 4565 return 0; 4566 4567 err_clear: 4568 eth_zero_addr(ifmgd->bssid); 4569 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4570 ifmgd->auth_data = NULL; 4571 err_free: 4572 kfree(auth_data); 4573 return err; 4574} 4575 4576static bool ieee80211_usable_wmm_params(struct ieee80211_sub_if_data *sdata, 4577 const u8 *wmm_param, int len) 4578{ 4579 const u8 *pos; 4580 size_t left; 4581 4582 if (len < 8) 4583 return false; 4584 4585 if (wmm_param[5] != 1 /* version */) 4586 return false; 4587 4588 pos = wmm_param + 8; 4589 left = len - 8; 4590 4591 for (; left >= 4; left -= 4, pos += 4) { 4592 u8 aifsn = pos[0] & 0x0f; 4593 u8 ecwmin = pos[1] & 0x0f; 4594 u8 ecwmax = (pos[1] & 0xf0) >> 4; 4595 int aci = (pos[0] >> 5) & 0x03; 4596 4597 if (aifsn < 2) { 4598 sdata_info(sdata, 4599 "AP has invalid WMM params (AIFSN=%d for ACI %d), disabling WMM\n", 4600 aifsn, aci); 4601 return false; 4602 } 4603 if (ecwmin > ecwmax) { 4604 sdata_info(sdata, 4605 "AP has invalid WMM params (ECWmin/max=%d/%d for ACI %d), disabling WMM\n", 4606 ecwmin, ecwmax, aci); 4607 return false; 4608 } 4609 } 4610 4611 return true; 4612} 4613 4614int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 4615 struct cfg80211_assoc_request *req) 4616{ 4617 struct ieee80211_local *local = sdata->local; 4618 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4619 struct ieee80211_bss *bss = (void *)req->bss->priv; 4620 struct ieee80211_mgd_assoc_data *assoc_data; 4621 const struct cfg80211_bss_ies *beacon_ies; 4622 struct ieee80211_supported_band *sband; 4623 const u8 *ssidie, *ht_ie, *vht_ie; 4624 int i, err; 4625 4626 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 4627 if (!assoc_data) 4628 return -ENOMEM; 4629 4630 rcu_read_lock(); 4631 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 4632 if (!ssidie) { 4633 rcu_read_unlock(); 4634 kfree(assoc_data); 4635 return -EINVAL; 4636 } 4637 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]); 4638 assoc_data->ssid_len = ssidie[1]; 4639 rcu_read_unlock(); 4640 4641 if (ifmgd->associated) { 4642 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4643 4644 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4645 WLAN_REASON_UNSPECIFIED, 4646 false, frame_buf); 4647 4648 ieee80211_report_disconnect(sdata, frame_buf, 4649 sizeof(frame_buf), true, 4650 WLAN_REASON_UNSPECIFIED); 4651 } 4652 4653 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 4654 err = -EBUSY; 4655 goto err_free; 4656 } 4657 4658 if (ifmgd->assoc_data) { 4659 err = -EBUSY; 4660 goto err_free; 4661 } 4662 4663 if (ifmgd->auth_data) { 4664 bool match; 4665 4666 /* keep sta info, bssid if matching */ 4667 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 4668 ieee80211_destroy_auth_data(sdata, match); 4669 } 4670 4671 /* prepare assoc data */ 4672 4673 ifmgd->beacon_crc_valid = false; 4674 4675 assoc_data->wmm = bss->wmm_used && 4676 (local->hw.queues >= IEEE80211_NUM_ACS); 4677 if (assoc_data->wmm) { 4678 /* try to check validity of WMM params IE */ 4679 const struct cfg80211_bss_ies *ies; 4680 const u8 *wp, *start, *end; 4681 4682 rcu_read_lock(); 4683 ies = rcu_dereference(req->bss->ies); 4684 start = ies->data; 4685 end = start + ies->len; 4686 4687 while (true) { 4688 wp = cfg80211_find_vendor_ie( 4689 WLAN_OUI_MICROSOFT, 4690 WLAN_OUI_TYPE_MICROSOFT_WMM, 4691 start, end - start); 4692 if (!wp) 4693 break; 4694 start = wp + wp[1] + 2; 4695 /* if this IE is too short, try the next */ 4696 if (wp[1] <= 4) 4697 continue; 4698 /* if this IE is WMM params, we found what we wanted */ 4699 if (wp[6] == 1) 4700 break; 4701 } 4702 4703 if (!wp || !ieee80211_usable_wmm_params(sdata, wp + 2, 4704 wp[1] - 2)) { 4705 assoc_data->wmm = false; 4706 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM; 4707 } 4708 rcu_read_unlock(); 4709 } 4710 4711 /* 4712 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4713 * We still associate in non-HT mode (11a/b/g) if any one of these 4714 * ciphers is configured as pairwise. 4715 * We can set this to true for non-11n hardware, that'll be checked 4716 * separately along with the peer capabilities. 4717 */ 4718 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 4719 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 4720 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 4721 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 4722 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4723 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4724 netdev_info(sdata->dev, 4725 "disabling HT/VHT due to WEP/TKIP use\n"); 4726 } 4727 } 4728 4729 if (req->flags & ASSOC_REQ_DISABLE_HT) { 4730 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4731 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4732 } 4733 4734 if (req->flags & ASSOC_REQ_DISABLE_VHT) 4735 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4736 4737 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4738 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4739 if (!sband->ht_cap.ht_supported || 4740 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4741 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4742 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4743 if (!bss->wmm_used && 4744 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4745 netdev_info(sdata->dev, 4746 "disabling HT as WMM/QoS is not supported by the AP\n"); 4747 } 4748 4749 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4750 if (!sband->vht_cap.vht_supported || 4751 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used || 4752 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 4753 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4754 if (!bss->wmm_used && 4755 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM)) 4756 netdev_info(sdata->dev, 4757 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4758 } 4759 4760 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 4761 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 4762 sizeof(ifmgd->ht_capa_mask)); 4763 4764 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 4765 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 4766 sizeof(ifmgd->vht_capa_mask)); 4767 4768 if (req->ie && req->ie_len) { 4769 memcpy(assoc_data->ie, req->ie, req->ie_len); 4770 assoc_data->ie_len = req->ie_len; 4771 } 4772 4773 assoc_data->bss = req->bss; 4774 4775 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 4776 if (ifmgd->powersave) 4777 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 4778 else 4779 sdata->smps_mode = IEEE80211_SMPS_OFF; 4780 } else 4781 sdata->smps_mode = ifmgd->req_smps; 4782 4783 assoc_data->capability = req->bss->capability; 4784 assoc_data->supp_rates = bss->supp_rates; 4785 assoc_data->supp_rates_len = bss->supp_rates_len; 4786 4787 rcu_read_lock(); 4788 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION); 4789 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation)) 4790 assoc_data->ap_ht_param = 4791 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param; 4792 else 4793 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4794 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY); 4795 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap)) 4796 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2, 4797 sizeof(struct ieee80211_vht_cap)); 4798 else 4799 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4800 rcu_read_unlock(); 4801 4802 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) && 4803 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK), 4804 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n")) 4805 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD; 4806 4807 if (bss->wmm_used && bss->uapsd_supported && 4808 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) { 4809 assoc_data->uapsd = true; 4810 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4811 } else { 4812 assoc_data->uapsd = false; 4813 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 4814 } 4815 4816 if (req->prev_bssid) 4817 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 4818 4819 if (req->use_mfp) { 4820 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 4821 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 4822 } else { 4823 ifmgd->mfp = IEEE80211_MFP_DISABLED; 4824 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 4825 } 4826 4827 if (req->flags & ASSOC_REQ_USE_RRM) 4828 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM; 4829 else 4830 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM; 4831 4832 if (req->crypto.control_port) 4833 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 4834 else 4835 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 4836 4837 sdata->control_port_protocol = req->crypto.control_port_ethertype; 4838 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 4839 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto, 4840 sdata->vif.type); 4841 4842 /* kick off associate process */ 4843 4844 ifmgd->assoc_data = assoc_data; 4845 ifmgd->dtim_period = 0; 4846 ifmgd->have_beacon = false; 4847 4848 err = ieee80211_prep_connection(sdata, req->bss, true); 4849 if (err) 4850 goto err_clear; 4851 4852 rcu_read_lock(); 4853 beacon_ies = rcu_dereference(req->bss->beacon_ies); 4854 4855 if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC && 4856 !beacon_ies) { 4857 /* 4858 * Wait up to one beacon interval ... 4859 * should this be more if we miss one? 4860 */ 4861 sdata_info(sdata, "waiting for beacon from %pM\n", 4862 ifmgd->bssid); 4863 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 4864 assoc_data->timeout_started = true; 4865 assoc_data->need_beacon = true; 4866 } else if (beacon_ies) { 4867 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, 4868 beacon_ies->data, 4869 beacon_ies->len); 4870 u8 dtim_count = 0; 4871 4872 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { 4873 const struct ieee80211_tim_ie *tim; 4874 tim = (void *)(tim_ie + 2); 4875 ifmgd->dtim_period = tim->dtim_period; 4876 dtim_count = tim->dtim_count; 4877 } 4878 ifmgd->have_beacon = true; 4879 assoc_data->timeout = jiffies; 4880 assoc_data->timeout_started = true; 4881 4882 if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) { 4883 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 4884 sdata->vif.bss_conf.sync_device_ts = 4885 bss->device_ts_beacon; 4886 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 4887 } 4888 } else { 4889 assoc_data->timeout = jiffies; 4890 assoc_data->timeout_started = true; 4891 } 4892 rcu_read_unlock(); 4893 4894 run_again(sdata, assoc_data->timeout); 4895 4896 if (bss->corrupt_data) { 4897 char *corrupt_type = "data"; 4898 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 4899 if (bss->corrupt_data & 4900 IEEE80211_BSS_CORRUPT_PROBE_RESP) 4901 corrupt_type = "beacon and probe response"; 4902 else 4903 corrupt_type = "beacon"; 4904 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 4905 corrupt_type = "probe response"; 4906 sdata_info(sdata, "associating with AP with corrupt %s\n", 4907 corrupt_type); 4908 } 4909 4910 return 0; 4911 err_clear: 4912 eth_zero_addr(ifmgd->bssid); 4913 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 4914 ifmgd->assoc_data = NULL; 4915 err_free: 4916 kfree(assoc_data); 4917 return err; 4918} 4919 4920int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 4921 struct cfg80211_deauth_request *req) 4922{ 4923 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4924 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4925 bool tx = !req->local_state_change; 4926 4927 if (ifmgd->auth_data && 4928 ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) { 4929 sdata_info(sdata, 4930 "aborting authentication with %pM by local choice (Reason: %u=%s)\n", 4931 req->bssid, req->reason_code, 4932 ieee80211_get_reason_code_string(req->reason_code)); 4933 4934 drv_mgd_prepare_tx(sdata->local, sdata); 4935 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4936 IEEE80211_STYPE_DEAUTH, 4937 req->reason_code, tx, 4938 frame_buf); 4939 ieee80211_destroy_auth_data(sdata, false); 4940 ieee80211_report_disconnect(sdata, frame_buf, 4941 sizeof(frame_buf), true, 4942 req->reason_code); 4943 4944 return 0; 4945 } 4946 4947 if (ifmgd->assoc_data && 4948 ether_addr_equal(ifmgd->assoc_data->bss->bssid, req->bssid)) { 4949 sdata_info(sdata, 4950 "aborting association with %pM by local choice (Reason: %u=%s)\n", 4951 req->bssid, req->reason_code, 4952 ieee80211_get_reason_code_string(req->reason_code)); 4953 4954 drv_mgd_prepare_tx(sdata->local, sdata); 4955 ieee80211_send_deauth_disassoc(sdata, req->bssid, 4956 IEEE80211_STYPE_DEAUTH, 4957 req->reason_code, tx, 4958 frame_buf); 4959 ieee80211_destroy_assoc_data(sdata, false); 4960 ieee80211_report_disconnect(sdata, frame_buf, 4961 sizeof(frame_buf), true, 4962 req->reason_code); 4963 return 0; 4964 } 4965 4966 if (ifmgd->associated && 4967 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 4968 sdata_info(sdata, 4969 "deauthenticating from %pM by local choice (Reason: %u=%s)\n", 4970 req->bssid, req->reason_code, 4971 ieee80211_get_reason_code_string(req->reason_code)); 4972 4973 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4974 req->reason_code, tx, frame_buf); 4975 ieee80211_report_disconnect(sdata, frame_buf, 4976 sizeof(frame_buf), true, 4977 req->reason_code); 4978 return 0; 4979 } 4980 4981 return -ENOTCONN; 4982} 4983 4984int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 4985 struct cfg80211_disassoc_request *req) 4986{ 4987 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4988 u8 bssid[ETH_ALEN]; 4989 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4990 4991 /* 4992 * cfg80211 should catch this ... but it's racy since 4993 * we can receive a disassoc frame, process it, hand it 4994 * to cfg80211 while that's in a locked section already 4995 * trying to tell us that the user wants to disconnect. 4996 */ 4997 if (ifmgd->associated != req->bss) 4998 return -ENOLINK; 4999 5000 sdata_info(sdata, 5001 "disassociating from %pM by local choice (Reason: %u=%s)\n", 5002 req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code)); 5003 5004 memcpy(bssid, req->bss->bssid, ETH_ALEN); 5005 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 5006 req->reason_code, !req->local_state_change, 5007 frame_buf); 5008 5009 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true, 5010 req->reason_code); 5011 5012 return 0; 5013} 5014 5015void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 5016{ 5017 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 5018 5019 /* 5020 * Make sure some work items will not run after this, 5021 * they will not do anything but might not have been 5022 * cancelled when disconnecting. 5023 */ 5024 cancel_work_sync(&ifmgd->monitor_work); 5025 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 5026 cancel_work_sync(&ifmgd->request_smps_work); 5027 cancel_work_sync(&ifmgd->csa_connection_drop_work); 5028 cancel_work_sync(&ifmgd->chswitch_work); 5029 cancel_delayed_work_sync(&ifmgd->tdls_peer_del_work); 5030 5031 sdata_lock(sdata); 5032 if (ifmgd->assoc_data) { 5033 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 5034 ieee80211_destroy_assoc_data(sdata, false); 5035 cfg80211_assoc_timeout(sdata->dev, bss); 5036 } 5037 if (ifmgd->auth_data) 5038 ieee80211_destroy_auth_data(sdata, false); 5039 spin_lock_bh(&ifmgd->teardown_lock); 5040 if (ifmgd->teardown_skb) { 5041 kfree_skb(ifmgd->teardown_skb); 5042 ifmgd->teardown_skb = NULL; 5043 ifmgd->orig_teardown_skb = NULL; 5044 } 5045 spin_unlock_bh(&ifmgd->teardown_lock); 5046 del_timer_sync(&ifmgd->timer); 5047 sdata_unlock(sdata); 5048} 5049 5050void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 5051 enum nl80211_cqm_rssi_threshold_event rssi_event, 5052 gfp_t gfp) 5053{ 5054 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 5055 5056 trace_api_cqm_rssi_notify(sdata, rssi_event); 5057 5058 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); 5059} 5060EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 5061 5062void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp) 5063{ 5064 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 5065 5066 trace_api_cqm_beacon_loss_notify(sdata->local, sdata); 5067 5068 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp); 5069} 5070EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify); 5071