Gitiles
Code Review Sign In
192.168.1.100 / T103 / 1f884588077ad3476b9c91cbb0ee9ee0332bbb68 / . / src / kernel / linux / v4.14 / net / mac80211 / mlme.c
blob: ab26b8b954719652b4af392ae81bb66a533c048c [file] [log] [blame]
rjw1f884582022-01-06 17:20:42 +0800[diff] [blame^]1/*
2 * BSS client mode implementation
3 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
4 * Copyright 2004, Instant802 Networks, Inc.
5 * Copyright 2005, Devicescape Software, Inc.
6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
8 * Copyright 2013-2014 Intel Mobile Communications GmbH
9 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as
13 * published by the Free Software Foundation.
14 */
15
16#include <linux/delay.h>
17#include <linux/if_ether.h>
18#include <linux/skbuff.h>
19#include <linux/if_arp.h>
20#include <linux/etherdevice.h>
21#include <linux/moduleparam.h>
22#include <linux/rtnetlink.h>
23#include <linux/crc32.h>
24#include <linux/slab.h>
25#include <linux/export.h>
26#include <net/mac80211.h>
27#include <asm/unaligned.h>
28
29#include "ieee80211_i.h"
30#include "driver-ops.h"
31#include "rate.h"
32#include "led.h"
33#include "fils_aead.h"
34
35#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
36#define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
37#define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
38#define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2)
39#define IEEE80211_AUTH_MAX_TRIES 3
40#define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
41#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
42#define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
43#define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
44#define IEEE80211_ASSOC_MAX_TRIES 3
45
46static int max_nullfunc_tries = 2;
47module_param(max_nullfunc_tries, int, 0644);
48MODULE_PARM_DESC(max_nullfunc_tries,
49 "Maximum nullfunc tx tries before disconnecting (reason 4).");
50
51static int max_probe_tries = 5;
52module_param(max_probe_tries, int, 0644);
53MODULE_PARM_DESC(max_probe_tries,
54 "Maximum probe tries before disconnecting (reason 4).");
55
56/*
57 * Beacon loss timeout is calculated as N frames times the
58 * advertised beacon interval. This may need to be somewhat
59 * higher than what hardware might detect to account for
60 * delays in the host processing frames. But since we also
61 * probe on beacon miss before declaring the connection lost
62 * default to what we want.
63 */
64static int beacon_loss_count = 7;
65module_param(beacon_loss_count, int, 0644);
66MODULE_PARM_DESC(beacon_loss_count,
67 "Number of beacon intervals before we decide beacon was lost.");
68
69/*
70 * Time the connection can be idle before we probe
71 * it to see if we can still talk to the AP.
72 */
73#define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
74/*
75 * Time we wait for a probe response after sending
76 * a probe request because of beacon loss or for
77 * checking the connection still works.
78 */
79static int probe_wait_ms = 500;
80module_param(probe_wait_ms, int, 0644);
81MODULE_PARM_DESC(probe_wait_ms,
82 "Maximum time(ms) to wait for probe response"
83 " before disconnecting (reason 4).");
84
85/*
86 * How many Beacon frames need to have been used in average signal strength
87 * before starting to indicate signal change events.
88 */
89#define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
90
91/*
92 * We can have multiple work items (and connection probing)
93 * scheduling this timer, but we need to take care to only
94 * reschedule it when it should fire _earlier_ than it was
95 * asked for before, or if it's not pending right now. This
96 * function ensures that. Note that it then is required to
97 * run this function for all timeouts after the first one
98 * has happened -- the work that runs from this timer will
99 * do that.
100 */
101static void run_again(struct ieee80211_sub_if_data *sdata,
102 unsigned long timeout)
103{
104 sdata_assert_lock(sdata);
105
106 if (!timer_pending(&sdata->u.mgd.timer) ||
107 time_before(timeout, sdata->u.mgd.timer.expires))
108 mod_timer(&sdata->u.mgd.timer, timeout);
109}
110
111void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
112{
113 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
114 return;
115
116 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
117 return;
118
119 mod_timer(&sdata->u.mgd.bcn_mon_timer,
120 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
121}
122
123void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
124{
125 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
126
127 if (unlikely(!ifmgd->associated))
128 return;
129
130 if (ifmgd->probe_send_count)
131 ifmgd->probe_send_count = 0;
132
133 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
134 return;
135
136 mod_timer(&ifmgd->conn_mon_timer,
137 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
138}
139
140static int ecw2cw(int ecw)
141{
142 return (1 << ecw) - 1;
143}
144
145static u32
146ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
147 struct ieee80211_supported_band *sband,
148 struct ieee80211_channel *channel,
149 const struct ieee80211_ht_cap *ht_cap,
150 const struct ieee80211_ht_operation *ht_oper,
151 const struct ieee80211_vht_operation *vht_oper,
152 struct cfg80211_chan_def *chandef, bool tracking)
153{
154 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
155 struct cfg80211_chan_def vht_chandef;
156 struct ieee80211_sta_ht_cap sta_ht_cap;
157 u32 ht_cfreq, ret;
158
159 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
160 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
161
162 chandef->chan = channel;
163 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
164 chandef->center_freq1 = channel->center_freq;
165 chandef->center_freq2 = 0;
166
167 if (!ht_cap || !ht_oper || !sta_ht_cap.ht_supported) {
168 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
169 goto out;
170 }
171
172 chandef->width = NL80211_CHAN_WIDTH_20;
173
174 if (!(ht_cap->cap_info &
175 cpu_to_le16(IEEE80211_HT_CAP_SUP_WIDTH_20_40))) {
176 ret = IEEE80211_STA_DISABLE_40MHZ;
177 vht_chandef = *chandef;
178 goto out;
179 }
180
181 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
182 channel->band);
183 /* check that channel matches the right operating channel */
184 if (!tracking && channel->center_freq != ht_cfreq) {
185 /*
186 * It's possible that some APs are confused here;
187 * Netgear WNDR3700 sometimes reports 4 higher than
188 * the actual channel in association responses, but
189 * since we look at probe response/beacon data here
190 * it should be OK.
191 */
192 sdata_info(sdata,
193 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
194 channel->center_freq, ht_cfreq,
195 ht_oper->primary_chan, channel->band);
196 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
197 goto out;
198 }
199
200 /* check 40 MHz support, if we have it */
201 if (sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
202 ieee80211_chandef_ht_oper(ht_oper, chandef);
203 } else {
204 /* 40 MHz (and 80 MHz) must be supported for VHT */
205 ret = IEEE80211_STA_DISABLE_VHT;
206 /* also mark 40 MHz disabled */
207 ret |= IEEE80211_STA_DISABLE_40MHZ;
208 goto out;
209 }
210
211 if (!vht_oper || !sband->vht_cap.vht_supported) {
212 ret = IEEE80211_STA_DISABLE_VHT;
213 goto out;
214 }
215
216 vht_chandef = *chandef;
217 if (!ieee80211_chandef_vht_oper(vht_oper, &vht_chandef)) {
218 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
219 sdata_info(sdata,
220 "AP VHT information is invalid, disable VHT\n");
221 ret = IEEE80211_STA_DISABLE_VHT;
222 goto out;
223 }
224
225 if (!cfg80211_chandef_valid(&vht_chandef)) {
226 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
227 sdata_info(sdata,
228 "AP VHT information is invalid, disable VHT\n");
229 ret = IEEE80211_STA_DISABLE_VHT;
230 goto out;
231 }
232
233 if (cfg80211_chandef_identical(chandef, &vht_chandef)) {
234 ret = 0;
235 goto out;
236 }
237
238 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
239 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
240 sdata_info(sdata,
241 "AP VHT information doesn't match HT, disable VHT\n");
242 ret = IEEE80211_STA_DISABLE_VHT;
243 goto out;
244 }
245
246 *chandef = vht_chandef;
247
248 ret = 0;
249
250out:
251 /*
252 * When tracking the current AP, don't do any further checks if the
253 * new chandef is identical to the one we're currently using for the
254 * connection. This keeps us from playing ping-pong with regulatory,
255 * without it the following can happen (for example):
256 * - connect to an AP with 80 MHz, world regdom allows 80 MHz
257 * - AP advertises regdom US
258 * - CRDA loads regdom US with 80 MHz prohibited (old database)
259 * - the code below detects an unsupported channel, downgrades, and
260 * we disconnect from the AP in the caller
261 * - disconnect causes CRDA to reload world regdomain and the game
262 * starts anew.
263 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
264 *
265 * It seems possible that there are still scenarios with CSA or real
266 * bandwidth changes where a this could happen, but those cases are
267 * less common and wouldn't completely prevent using the AP.
268 */
269 if (tracking &&
270 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef))
271 return ret;
272
273 /* don't print the message below for VHT mismatch if VHT is disabled */
274 if (ret & IEEE80211_STA_DISABLE_VHT)
275 vht_chandef = *chandef;
276
277 /*
278 * Ignore the DISABLED flag when we're already connected and only
279 * tracking the APs beacon for bandwidth changes - otherwise we
280 * might get disconnected here if we connect to an AP, update our
281 * regulatory information based on the AP's country IE and the
282 * information we have is wrong/outdated and disables the channel
283 * that we're actually using for the connection to the AP.
284 */
285 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
286 tracking ? 0 :
287 IEEE80211_CHAN_DISABLED)) {
288 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
289 ret = IEEE80211_STA_DISABLE_HT |
290 IEEE80211_STA_DISABLE_VHT;
291 break;
292 }
293
294 ret |= ieee80211_chandef_downgrade(chandef);
295 }
296
297 if (chandef->width != vht_chandef.width && !tracking)
298 sdata_info(sdata,
299 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
300
301 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef));
302 return ret;
303}
304
305static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
306 struct sta_info *sta,
307 const struct ieee80211_ht_cap *ht_cap,
308 const struct ieee80211_ht_operation *ht_oper,
309 const struct ieee80211_vht_operation *vht_oper,
310 const u8 *bssid, u32 *changed)
311{
312 struct ieee80211_local *local = sdata->local;
313 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
314 struct ieee80211_supported_band *sband;
315 struct ieee80211_channel *chan;
316 struct cfg80211_chan_def chandef;
317 u16 ht_opmode;
318 u32 flags;
319 enum ieee80211_sta_rx_bandwidth new_sta_bw;
320 int ret;
321
322 /* if HT was/is disabled, don't track any bandwidth changes */
323 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper)
324 return 0;
325
326 /* don't check VHT if we associated as non-VHT station */
327 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
328 vht_oper = NULL;
329
330 if (WARN_ON_ONCE(!sta))
331 return -EINVAL;
332
333 /*
334 * if bss configuration changed store the new one -
335 * this may be applicable even if channel is identical
336 */
337 ht_opmode = le16_to_cpu(ht_oper->operation_mode);
338 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
339 *changed |= BSS_CHANGED_HT;
340 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
341 }
342
343 chan = sdata->vif.bss_conf.chandef.chan;
344 sband = local->hw.wiphy->bands[chan->band];
345
346 /* calculate new channel (type) based on HT/VHT operation IEs */
347 flags = ieee80211_determine_chantype(sdata, sband, chan,
348 ht_cap, ht_oper, vht_oper,
349 &chandef, true);
350
351 /*
352 * Downgrade the new channel if we associated with restricted
353 * capabilities. For example, if we associated as a 20 MHz STA
354 * to a 40 MHz AP (due to regulatory, capabilities or config
355 * reasons) then switching to a 40 MHz channel now won't do us
356 * any good -- we couldn't use it with the AP.
357 */
358 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
359 chandef.width == NL80211_CHAN_WIDTH_80P80)
360 flags |= ieee80211_chandef_downgrade(&chandef);
361 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
362 chandef.width == NL80211_CHAN_WIDTH_160)
363 flags |= ieee80211_chandef_downgrade(&chandef);
364 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
365 chandef.width > NL80211_CHAN_WIDTH_20)
366 flags |= ieee80211_chandef_downgrade(&chandef);
367
368 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef))
369 return 0;
370
371 sdata_info(sdata,
372 "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n",
373 ifmgd->bssid, chandef.chan->center_freq, chandef.width,
374 chandef.center_freq1, chandef.center_freq2);
375
376 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
377 IEEE80211_STA_DISABLE_VHT |
378 IEEE80211_STA_DISABLE_40MHZ |
379 IEEE80211_STA_DISABLE_80P80MHZ |
380 IEEE80211_STA_DISABLE_160MHZ)) ||
381 !cfg80211_chandef_valid(&chandef)) {
382 sdata_info(sdata,
383 "AP %pM changed bandwidth in a way we can't support - disconnect\n",
384 ifmgd->bssid);
385 return -EINVAL;
386 }
387
388 switch (chandef.width) {
389 case NL80211_CHAN_WIDTH_20_NOHT:
390 case NL80211_CHAN_WIDTH_20:
391 new_sta_bw = IEEE80211_STA_RX_BW_20;
392 break;
393 case NL80211_CHAN_WIDTH_40:
394 new_sta_bw = IEEE80211_STA_RX_BW_40;
395 break;
396 case NL80211_CHAN_WIDTH_80:
397 new_sta_bw = IEEE80211_STA_RX_BW_80;
398 break;
399 case NL80211_CHAN_WIDTH_80P80:
400 case NL80211_CHAN_WIDTH_160:
401 new_sta_bw = IEEE80211_STA_RX_BW_160;
402 break;
403 default:
404 return -EINVAL;
405 }
406
407 if (new_sta_bw > sta->cur_max_bandwidth)
408 new_sta_bw = sta->cur_max_bandwidth;
409
410 if (new_sta_bw < sta->sta.bandwidth) {
411 sta->sta.bandwidth = new_sta_bw;
412 rate_control_rate_update(local, sband, sta,
413 IEEE80211_RC_BW_CHANGED);
414 }
415
416 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed);
417 if (ret) {
418 sdata_info(sdata,
419 "AP %pM changed bandwidth to incompatible one - disconnect\n",
420 ifmgd->bssid);
421 return ret;
422 }
423
424 if (new_sta_bw > sta->sta.bandwidth) {
425 sta->sta.bandwidth = new_sta_bw;
426 rate_control_rate_update(local, sband, sta,
427 IEEE80211_RC_BW_CHANGED);
428 }
429
430 return 0;
431}
432
433/* frame sending functions */
434
435static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
436 struct sk_buff *skb, u8 ap_ht_param,
437 struct ieee80211_supported_band *sband,
438 struct ieee80211_channel *channel,
439 enum ieee80211_smps_mode smps)
440{
441 u8 *pos;
442 u32 flags = channel->flags;
443 u16 cap;
444 struct ieee80211_sta_ht_cap ht_cap;
445
446 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
447
448 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
449 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
450
451 /* determine capability flags */
452 cap = ht_cap.cap;
453
454 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
455 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
456 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
457 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
458 cap &= ~IEEE80211_HT_CAP_SGI_40;
459 }
460 break;
461 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
462 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
463 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
464 cap &= ~IEEE80211_HT_CAP_SGI_40;
465 }
466 break;
467 }
468
469 /*
470 * If 40 MHz was disabled associate as though we weren't
471 * capable of 40 MHz -- some broken APs will never fall
472 * back to trying to transmit in 20 MHz.
473 */
474 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
475 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
476 cap &= ~IEEE80211_HT_CAP_SGI_40;
477 }
478
479 /* set SM PS mode properly */
480 cap &= ~IEEE80211_HT_CAP_SM_PS;
481 switch (smps) {
482 case IEEE80211_SMPS_AUTOMATIC:
483 case IEEE80211_SMPS_NUM_MODES:
484 WARN_ON(1);
485 case IEEE80211_SMPS_OFF:
486 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
487 IEEE80211_HT_CAP_SM_PS_SHIFT;
488 break;
489 case IEEE80211_SMPS_STATIC:
490 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
491 IEEE80211_HT_CAP_SM_PS_SHIFT;
492 break;
493 case IEEE80211_SMPS_DYNAMIC:
494 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
495 IEEE80211_HT_CAP_SM_PS_SHIFT;
496 break;
497 }
498
499 /* reserve and fill IE */
500 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
501 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
502}
503
504/* This function determines vht capability flags for the association
505 * and builds the IE.
506 * Note - the function may set the owner of the MU-MIMO capability
507 */
508static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
509 struct sk_buff *skb,
510 struct ieee80211_supported_band *sband,
511 struct ieee80211_vht_cap *ap_vht_cap)
512{
513 struct ieee80211_local *local = sdata->local;
514 u8 *pos;
515 u32 cap;
516 struct ieee80211_sta_vht_cap vht_cap;
517 u32 mask, ap_bf_sts, our_bf_sts;
518
519 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
520
521 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
522 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
523
524 /* determine capability flags */
525 cap = vht_cap.cap;
526
527 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
528 u32 bw = cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
529
530 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
531 if (bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ ||
532 bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)
533 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
534 }
535
536 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
537 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
538 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
539 }
540
541 /*
542 * Some APs apparently get confused if our capabilities are better
543 * than theirs, so restrict what we advertise in the assoc request.
544 */
545 if (!(ap_vht_cap->vht_cap_info &
546 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
547 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
548 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
549 else if (!(ap_vht_cap->vht_cap_info &
550 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
551 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
552
553 /*
554 * If some other vif is using the MU-MIMO capablity we cannot associate
555 * using MU-MIMO - this will lead to contradictions in the group-id
556 * mechanism.
557 * Ownership is defined since association request, in order to avoid
558 * simultaneous associations with MU-MIMO.
559 */
560 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) {
561 bool disable_mu_mimo = false;
562 struct ieee80211_sub_if_data *other;
563
564 list_for_each_entry_rcu(other, &local->interfaces, list) {
565 if (other->vif.mu_mimo_owner) {
566 disable_mu_mimo = true;
567 break;
568 }
569 }
570 if (disable_mu_mimo)
571 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
572 else
573 sdata->vif.mu_mimo_owner = true;
574 }
575
576 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
577
578 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
579 our_bf_sts = cap & mask;
580
581 if (ap_bf_sts < our_bf_sts) {
582 cap &= ~mask;
583 cap |= ap_bf_sts;
584 }
585
586 /* reserve and fill IE */
587 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
588 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
589}
590
591static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
592{
593 struct ieee80211_local *local = sdata->local;
594 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
595 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
596 struct sk_buff *skb;
597 struct ieee80211_mgmt *mgmt;
598 u8 *pos, qos_info;
599 size_t offset = 0, noffset;
600 int i, count, rates_len, supp_rates_len, shift;
601 u16 capab;
602 struct ieee80211_supported_band *sband;
603 struct ieee80211_chanctx_conf *chanctx_conf;
604 struct ieee80211_channel *chan;
605 u32 rates = 0;
606
607 sdata_assert_lock(sdata);
608
609 rcu_read_lock();
610 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
611 if (WARN_ON(!chanctx_conf)) {
612 rcu_read_unlock();
613 return;
614 }
615 chan = chanctx_conf->def.chan;
616 rcu_read_unlock();
617 sband = local->hw.wiphy->bands[chan->band];
618 shift = ieee80211_vif_get_shift(&sdata->vif);
619
620 if (assoc_data->supp_rates_len) {
621 /*
622 * Get all rates supported by the device and the AP as
623 * some APs don't like getting a superset of their rates
624 * in the association request (e.g. D-Link DAP 1353 in
625 * b-only mode)...
626 */
627 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband,
628 assoc_data->supp_rates,
629 assoc_data->supp_rates_len,
630 &rates);
631 } else {
632 /*
633 * In case AP not provide any supported rates information
634 * before association, we send information element(s) with
635 * all rates that we support.
636 */
637 rates_len = 0;
638 for (i = 0; i < sband->n_bitrates; i++) {
639 rates |= BIT(i);
640 rates_len++;
641 }
642 }
643
644 skb = alloc_skb(local->hw.extra_tx_headroom +
645 sizeof(*mgmt) + /* bit too much but doesn't matter */
646 2 + assoc_data->ssid_len + /* SSID */
647 4 + rates_len + /* (extended) rates */
648 4 + /* power capability */
649 2 + 2 * sband->n_channels + /* supported channels */
650 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
651 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */
652 assoc_data->ie_len + /* extra IEs */
653 (assoc_data->fils_kek_len ? 16 /* AES-SIV */ : 0) +
654 9, /* WMM */
655 GFP_KERNEL);
656 if (!skb)
657 return;
658
659 skb_reserve(skb, local->hw.extra_tx_headroom);
660
661 capab = WLAN_CAPABILITY_ESS;
662
663 if (sband->band == NL80211_BAND_2GHZ) {
664 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
665 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
666 }
667
668 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
669 capab |= WLAN_CAPABILITY_PRIVACY;
670
671 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
672 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT))
673 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
674
675 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM)
676 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
677
678 mgmt = skb_put_zero(skb, 24);
679 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
680 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
681 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
682
683 if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
684 skb_put(skb, 10);
685 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
686 IEEE80211_STYPE_REASSOC_REQ);
687 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
688 mgmt->u.reassoc_req.listen_interval =
689 cpu_to_le16(local->hw.conf.listen_interval);
690 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
691 ETH_ALEN);
692 } else {
693 skb_put(skb, 4);
694 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
695 IEEE80211_STYPE_ASSOC_REQ);
696 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
697 mgmt->u.assoc_req.listen_interval =
698 cpu_to_le16(local->hw.conf.listen_interval);
699 }
700
701 /* SSID */
702 pos = skb_put(skb, 2 + assoc_data->ssid_len);
703 *pos++ = WLAN_EID_SSID;
704 *pos++ = assoc_data->ssid_len;
705 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
706
707 /* add all rates which were marked to be used above */
708 supp_rates_len = rates_len;
709 if (supp_rates_len > 8)
710 supp_rates_len = 8;
711
712 pos = skb_put(skb, supp_rates_len + 2);
713 *pos++ = WLAN_EID_SUPP_RATES;
714 *pos++ = supp_rates_len;
715
716 count = 0;
717 for (i = 0; i < sband->n_bitrates; i++) {
718 if (BIT(i) & rates) {
719 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
720 5 * (1 << shift));
721 *pos++ = (u8) rate;
722 if (++count == 8)
723 break;
724 }
725 }
726
727 if (rates_len > count) {
728 pos = skb_put(skb, rates_len - count + 2);
729 *pos++ = WLAN_EID_EXT_SUPP_RATES;
730 *pos++ = rates_len - count;
731
732 for (i++; i < sband->n_bitrates; i++) {
733 if (BIT(i) & rates) {
734 int rate;
735 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
736 5 * (1 << shift));
737 *pos++ = (u8) rate;
738 }
739 }
740 }
741
742 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT ||
743 capab & WLAN_CAPABILITY_RADIO_MEASURE) {
744 pos = skb_put(skb, 4);
745 *pos++ = WLAN_EID_PWR_CAPABILITY;
746 *pos++ = 2;
747 *pos++ = 0; /* min tx power */
748 /* max tx power */
749 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def);
750 }
751
752 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
753 /* TODO: get this in reg domain format */
754 pos = skb_put(skb, 2 * sband->n_channels + 2);
755 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
756 *pos++ = 2 * sband->n_channels;
757 for (i = 0; i < sband->n_channels; i++) {
758 *pos++ = ieee80211_frequency_to_channel(
759 sband->channels[i].center_freq);
760 *pos++ = 1; /* one channel in the subband*/
761 }
762 }
763
764 /* if present, add any custom IEs that go before HT */
765 if (assoc_data->ie_len) {
766 static const u8 before_ht[] = {
767 WLAN_EID_SSID,
768 WLAN_EID_SUPP_RATES,
769 WLAN_EID_EXT_SUPP_RATES,
770 WLAN_EID_PWR_CAPABILITY,
771 WLAN_EID_SUPPORTED_CHANNELS,
772 WLAN_EID_RSN,
773 WLAN_EID_QOS_CAPA,
774 WLAN_EID_RRM_ENABLED_CAPABILITIES,
775 WLAN_EID_MOBILITY_DOMAIN,
776 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */
777 WLAN_EID_RIC_DATA, /* reassoc only */
778 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
779 };
780 static const u8 after_ric[] = {
781 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
782 WLAN_EID_HT_CAPABILITY,
783 WLAN_EID_BSS_COEX_2040,
784 WLAN_EID_EXT_CAPABILITY,
785 WLAN_EID_QOS_TRAFFIC_CAPA,
786 WLAN_EID_TIM_BCAST_REQ,
787 WLAN_EID_INTERWORKING,
788 /* 60GHz doesn't happen right now */
789 WLAN_EID_VHT_CAPABILITY,
790 WLAN_EID_OPMODE_NOTIF,
791 };
792
793 noffset = ieee80211_ie_split_ric(assoc_data->ie,
794 assoc_data->ie_len,
795 before_ht,
796 ARRAY_SIZE(before_ht),
797 after_ric,
798 ARRAY_SIZE(after_ric),
799 offset);
800 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
801 offset = noffset;
802 }
803
804 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
805 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)))
806 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
807
808 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
809 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
810 sband, chan, sdata->smps_mode);
811
812 /* if present, add any custom IEs that go before VHT */
813 if (assoc_data->ie_len) {
814 static const u8 before_vht[] = {
815 WLAN_EID_SSID,
816 WLAN_EID_SUPP_RATES,
817 WLAN_EID_EXT_SUPP_RATES,
818 WLAN_EID_PWR_CAPABILITY,
819 WLAN_EID_SUPPORTED_CHANNELS,
820 WLAN_EID_RSN,
821 WLAN_EID_QOS_CAPA,
822 WLAN_EID_RRM_ENABLED_CAPABILITIES,
823 WLAN_EID_MOBILITY_DOMAIN,
824 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
825 WLAN_EID_HT_CAPABILITY,
826 WLAN_EID_BSS_COEX_2040,
827 WLAN_EID_EXT_CAPABILITY,
828 WLAN_EID_QOS_TRAFFIC_CAPA,
829 WLAN_EID_TIM_BCAST_REQ,
830 WLAN_EID_INTERWORKING,
831 };
832
833 /* RIC already taken above, so no need to handle here anymore */
834 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
835 before_vht, ARRAY_SIZE(before_vht),
836 offset);
837 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
838 offset = noffset;
839 }
840
841 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
842 ieee80211_add_vht_ie(sdata, skb, sband,
843 &assoc_data->ap_vht_cap);
844
845 /* if present, add any custom non-vendor IEs that go after HT */
846 if (assoc_data->ie_len) {
847 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
848 assoc_data->ie_len,
849 offset);
850 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
851 offset = noffset;
852 }
853
854 if (assoc_data->wmm) {
855 if (assoc_data->uapsd) {
856 qos_info = ifmgd->uapsd_queues;
857 qos_info |= (ifmgd->uapsd_max_sp_len <<
858 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
859 } else {
860 qos_info = 0;
861 }
862
863 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
864 }
865
866 /* add any remaining custom (i.e. vendor specific here) IEs */
867 if (assoc_data->ie_len) {
868 noffset = assoc_data->ie_len;
869 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
870 }
871
872 if (assoc_data->fils_kek_len &&
873 fils_encrypt_assoc_req(skb, assoc_data) < 0) {
874 dev_kfree_skb(skb);
875 return;
876 }
877
878 drv_mgd_prepare_tx(local, sdata);
879
880 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
881 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
882 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
883 IEEE80211_TX_INTFL_MLME_CONN_TX;
884 ieee80211_tx_skb(sdata, skb);
885}
886
887void ieee80211_send_pspoll(struct ieee80211_local *local,
888 struct ieee80211_sub_if_data *sdata)
889{
890 struct ieee80211_pspoll *pspoll;
891 struct sk_buff *skb;
892
893 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
894 if (!skb)
895 return;
896
897 pspoll = (struct ieee80211_pspoll *) skb->data;
898 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
899
900 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
901 ieee80211_tx_skb(sdata, skb);
902}
903
904void ieee80211_send_nullfunc(struct ieee80211_local *local,
905 struct ieee80211_sub_if_data *sdata,
906 bool powersave)
907{
908 struct sk_buff *skb;
909 struct ieee80211_hdr_3addr *nullfunc;
910 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
911
912 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif, true);
913 if (!skb)
914 return;
915
916 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
917 if (powersave)
918 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
919
920 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
921 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
922
923 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
924 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
925
926 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
927 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
928
929 ieee80211_tx_skb(sdata, skb);
930}
931
932static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
933 struct ieee80211_sub_if_data *sdata)
934{
935 struct sk_buff *skb;
936 struct ieee80211_hdr *nullfunc;
937 __le16 fc;
938
939 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
940 return;
941
942 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
943 if (!skb)
944 return;
945
946 skb_reserve(skb, local->hw.extra_tx_headroom);
947
948 nullfunc = skb_put_zero(skb, 30);
949 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
950 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
951 nullfunc->frame_control = fc;
952 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
953 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
954 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
955 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
956
957 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
958 ieee80211_tx_skb(sdata, skb);
959}
960
961/* spectrum management related things */
962static void ieee80211_chswitch_work(struct work_struct *work)
963{
964 struct ieee80211_sub_if_data *sdata =
965 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
966 struct ieee80211_local *local = sdata->local;
967 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
968 int ret;
969
970 if (!ieee80211_sdata_running(sdata))
971 return;
972
973 sdata_lock(sdata);
974 mutex_lock(&local->mtx);
975 mutex_lock(&local->chanctx_mtx);
976
977 if (!ifmgd->associated)
978 goto out;
979
980 if (!sdata->vif.csa_active)
981 goto out;
982
983 /*
984 * using reservation isn't immediate as it may be deferred until later
985 * with multi-vif. once reservation is complete it will re-schedule the
986 * work with no reserved_chanctx so verify chandef to check if it
987 * completed successfully
988 */
989
990 if (sdata->reserved_chanctx) {
991 struct ieee80211_supported_band *sband = NULL;
992 struct sta_info *mgd_sta = NULL;
993 enum ieee80211_sta_rx_bandwidth bw = IEEE80211_STA_RX_BW_20;
994
995 /*
996 * with multi-vif csa driver may call ieee80211_csa_finish()
997 * many times while waiting for other interfaces to use their
998 * reservations
999 */
1000 if (sdata->reserved_ready)
1001 goto out;
1002
1003 if (sdata->vif.bss_conf.chandef.width !=
1004 sdata->csa_chandef.width) {
1005 /*
1006 * For managed interface, we need to also update the AP
1007 * station bandwidth and align the rate scale algorithm
1008 * on the bandwidth change. Here we only consider the
1009 * bandwidth of the new channel definition (as channel
1010 * switch flow does not have the full HT/VHT/HE
1011 * information), assuming that if additional changes are
1012 * required they would be done as part of the processing
1013 * of the next beacon from the AP.
1014 */
1015 switch (sdata->csa_chandef.width) {
1016 case NL80211_CHAN_WIDTH_20_NOHT:
1017 case NL80211_CHAN_WIDTH_20:
1018 default:
1019 bw = IEEE80211_STA_RX_BW_20;
1020 break;
1021 case NL80211_CHAN_WIDTH_40:
1022 bw = IEEE80211_STA_RX_BW_40;
1023 break;
1024 case NL80211_CHAN_WIDTH_80:
1025 bw = IEEE80211_STA_RX_BW_80;
1026 break;
1027 case NL80211_CHAN_WIDTH_80P80:
1028 case NL80211_CHAN_WIDTH_160:
1029 bw = IEEE80211_STA_RX_BW_160;
1030 break;
1031 }
1032
1033 mgd_sta = sta_info_get(sdata, ifmgd->bssid);
1034 sband =
1035 local->hw.wiphy->bands[sdata->csa_chandef.chan->band];
1036 }
1037
1038 if (sdata->vif.bss_conf.chandef.width >
1039 sdata->csa_chandef.width) {
1040 mgd_sta->sta.bandwidth = bw;
1041 rate_control_rate_update(local, sband, mgd_sta,
1042 IEEE80211_RC_BW_CHANGED);
1043 }
1044
1045 ret = ieee80211_vif_use_reserved_context(sdata);
1046 if (ret) {
1047 sdata_info(sdata,
1048 "failed to use reserved channel context, disconnecting (err=%d)\n",
1049 ret);
1050 ieee80211_queue_work(&sdata->local->hw,
1051 &ifmgd->csa_connection_drop_work);
1052 goto out;
1053 }
1054
1055 if (sdata->vif.bss_conf.chandef.width <
1056 sdata->csa_chandef.width) {
1057 mgd_sta->sta.bandwidth = bw;
1058 rate_control_rate_update(local, sband, mgd_sta,
1059 IEEE80211_RC_BW_CHANGED);
1060 }
1061
1062 goto out;
1063 }
1064
1065 if (!cfg80211_chandef_identical(&sdata->vif.bss_conf.chandef,
1066 &sdata->csa_chandef)) {
1067 sdata_info(sdata,
1068 "failed to finalize channel switch, disconnecting\n");
1069 ieee80211_queue_work(&sdata->local->hw,
1070 &ifmgd->csa_connection_drop_work);
1071 goto out;
1072 }
1073
1074 ifmgd->csa_waiting_bcn = true;
1075
1076 ieee80211_sta_reset_beacon_monitor(sdata);
1077 ieee80211_sta_reset_conn_monitor(sdata);
1078
1079out:
1080 mutex_unlock(&local->chanctx_mtx);
1081 mutex_unlock(&local->mtx);
1082 sdata_unlock(sdata);
1083}
1084
1085static void ieee80211_chswitch_post_beacon(struct ieee80211_sub_if_data *sdata)
1086{
1087 struct ieee80211_local *local = sdata->local;
1088 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1089 int ret;
1090
1091 sdata_assert_lock(sdata);
1092
1093 WARN_ON(!sdata->vif.csa_active);
1094
1095 if (sdata->csa_block_tx) {
1096 ieee80211_wake_vif_queues(local, sdata,
1097 IEEE80211_QUEUE_STOP_REASON_CSA);
1098 sdata->csa_block_tx = false;
1099 }
1100
1101 sdata->vif.csa_active = false;
1102 ifmgd->csa_waiting_bcn = false;
1103
1104 ret = drv_post_channel_switch(sdata);
1105 if (ret) {
1106 sdata_info(sdata,
1107 "driver post channel switch failed, disconnecting\n");
1108 ieee80211_queue_work(&local->hw,
1109 &ifmgd->csa_connection_drop_work);
1110 return;
1111 }
1112
1113 cfg80211_ch_switch_notify(sdata->dev, &sdata->reserved_chandef);
1114}
1115
1116void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
1117{
1118 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1119 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1120
1121 trace_api_chswitch_done(sdata, success);
1122 if (!success) {
1123 sdata_info(sdata,
1124 "driver channel switch failed, disconnecting\n");
1125 ieee80211_queue_work(&sdata->local->hw,
1126 &ifmgd->csa_connection_drop_work);
1127 } else {
1128 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1129 }
1130}
1131EXPORT_SYMBOL(ieee80211_chswitch_done);
1132
1133static void ieee80211_chswitch_timer(unsigned long data)
1134{
1135 struct ieee80211_sub_if_data *sdata =
1136 (struct ieee80211_sub_if_data *) data;
1137
1138 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
1139}
1140
1141static void
1142ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1143 u64 timestamp, u32 device_timestamp,
1144 struct ieee802_11_elems *elems,
1145 bool beacon)
1146{
1147 struct ieee80211_local *local = sdata->local;
1148 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1149 struct cfg80211_bss *cbss = ifmgd->associated;
1150 struct ieee80211_chanctx_conf *conf;
1151 struct ieee80211_chanctx *chanctx;
1152 enum nl80211_band current_band;
1153 struct ieee80211_csa_ie csa_ie;
1154 struct ieee80211_channel_switch ch_switch;
1155 int res;
1156
1157 sdata_assert_lock(sdata);
1158
1159 if (!cbss)
1160 return;
1161
1162 if (local->scanning)
1163 return;
1164
1165 /* disregard subsequent announcements if we are already processing */
1166 if (sdata->vif.csa_active)
1167 return;
1168
1169 current_band = cbss->channel->band;
1170 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band,
1171 ifmgd->flags,
1172 ifmgd->associated->bssid, &csa_ie);
1173 if (res < 0)
1174 ieee80211_queue_work(&local->hw,
1175 &ifmgd->csa_connection_drop_work);
1176 if (res)
1177 return;
1178
1179 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef,
1180 IEEE80211_CHAN_DISABLED)) {
1181 sdata_info(sdata,
1182 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
1183 ifmgd->associated->bssid,
1184 csa_ie.chandef.chan->center_freq,
1185 csa_ie.chandef.width, csa_ie.chandef.center_freq1,
1186 csa_ie.chandef.center_freq2);
1187 ieee80211_queue_work(&local->hw,
1188 &ifmgd->csa_connection_drop_work);
1189 return;
1190 }
1191
1192 if (cfg80211_chandef_identical(&csa_ie.chandef,
1193 &sdata->vif.bss_conf.chandef)) {
1194 if (ifmgd->csa_ignored_same_chan)
1195 return;
1196 sdata_info(sdata,
1197 "AP %pM tries to chanswitch to same channel, ignore\n",
1198 ifmgd->associated->bssid);
1199 ifmgd->csa_ignored_same_chan = true;
1200 return;
1201 }
1202
1203 /*
1204 * Drop all TDLS peers - either we disconnect or move to a different
1205 * channel from this point on. There's no telling what our peer will do.
1206 * The TDLS WIDER_BW scenario is also problematic, as peers might now
1207 * have an incompatible wider chandef.
1208 */
1209 ieee80211_teardown_tdls_peers(sdata);
1210
1211 mutex_lock(&local->mtx);
1212 mutex_lock(&local->chanctx_mtx);
1213 conf = rcu_dereference_protected(sdata->vif.chanctx_conf,
1214 lockdep_is_held(&local->chanctx_mtx));
1215 if (!conf) {
1216 sdata_info(sdata,
1217 "no channel context assigned to vif?, disconnecting\n");
1218 goto drop_connection;
1219 }
1220
1221 chanctx = container_of(conf, struct ieee80211_chanctx, conf);
1222
1223 if (local->use_chanctx &&
1224 !ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) {
1225 sdata_info(sdata,
1226 "driver doesn't support chan-switch with channel contexts\n");
1227 goto drop_connection;
1228 }
1229
1230 ch_switch.timestamp = timestamp;
1231 ch_switch.device_timestamp = device_timestamp;
1232 ch_switch.block_tx = csa_ie.mode;
1233 ch_switch.chandef = csa_ie.chandef;
1234 ch_switch.count = csa_ie.count;
1235
1236 if (drv_pre_channel_switch(sdata, &ch_switch)) {
1237 sdata_info(sdata,
1238 "preparing for channel switch failed, disconnecting\n");
1239 goto drop_connection;
1240 }
1241
1242 res = ieee80211_vif_reserve_chanctx(sdata, &csa_ie.chandef,
1243 chanctx->mode, false);
1244 if (res) {
1245 sdata_info(sdata,
1246 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n",
1247 res);
1248 goto drop_connection;
1249 }
1250 mutex_unlock(&local->chanctx_mtx);
1251
1252 sdata->vif.csa_active = true;
1253 sdata->csa_chandef = csa_ie.chandef;
1254 sdata->csa_block_tx = csa_ie.mode;
1255 ifmgd->csa_ignored_same_chan = false;
1256
1257 if (sdata->csa_block_tx)
1258 ieee80211_stop_vif_queues(local, sdata,
1259 IEEE80211_QUEUE_STOP_REASON_CSA);
1260 mutex_unlock(&local->mtx);
1261
1262 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chandef,
1263 csa_ie.count);
1264
1265 if (local->ops->channel_switch) {
1266 /* use driver's channel switch callback */
1267 drv_channel_switch(local, sdata, &ch_switch);
1268 return;
1269 }
1270
1271 /* channel switch handled in software */
1272 if (csa_ie.count <= 1)
1273 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work);
1274 else
1275 mod_timer(&ifmgd->chswitch_timer,
1276 TU_TO_EXP_TIME((csa_ie.count - 1) *
1277 cbss->beacon_interval));
1278 return;
1279 drop_connection:
1280 /*
1281 * This is just so that the disconnect flow will know that
1282 * we were trying to switch channel and failed. In case the
1283 * mode is 1 (we are not allowed to Tx), we will know not to
1284 * send a deauthentication frame. Those two fields will be
1285 * reset when the disconnection worker runs.
1286 */
1287 sdata->vif.csa_active = true;
1288 sdata->csa_block_tx = csa_ie.mode;
1289
1290 ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work);
1291 mutex_unlock(&local->chanctx_mtx);
1292 mutex_unlock(&local->mtx);
1293}
1294
1295static bool
1296ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata,
1297 struct ieee80211_channel *channel,
1298 const u8 *country_ie, u8 country_ie_len,
1299 const u8 *pwr_constr_elem,
1300 int *chan_pwr, int *pwr_reduction)
1301{
1302 struct ieee80211_country_ie_triplet *triplet;
1303 int chan = ieee80211_frequency_to_channel(channel->center_freq);
1304 int i, chan_increment;
1305 bool have_chan_pwr = false;
1306
1307 /* Invalid IE */
1308 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
1309 return false;
1310
1311 triplet = (void *)(country_ie + 3);
1312 country_ie_len -= 3;
1313
1314 switch (channel->band) {
1315 default:
1316 WARN_ON_ONCE(1);
1317 /* fall through */
1318 case NL80211_BAND_2GHZ:
1319 case NL80211_BAND_60GHZ:
1320 chan_increment = 1;
1321 break;
1322 case NL80211_BAND_5GHZ:
1323 chan_increment = 4;
1324 break;
1325 }
1326
1327 /* find channel */
1328 while (country_ie_len >= 3) {
1329 u8 first_channel = triplet->chans.first_channel;
1330
1331 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
1332 goto next;
1333
1334 for (i = 0; i < triplet->chans.num_channels; i++) {
1335 if (first_channel + i * chan_increment == chan) {
1336 have_chan_pwr = true;
1337 *chan_pwr = triplet->chans.max_power;
1338 break;
1339 }
1340 }
1341 if (have_chan_pwr)
1342 break;
1343
1344 next:
1345 triplet++;
1346 country_ie_len -= 3;
1347 }
1348
1349 if (have_chan_pwr && pwr_constr_elem)
1350 *pwr_reduction = *pwr_constr_elem;
1351 else
1352 *pwr_reduction = 0;
1353
1354 return have_chan_pwr;
1355}
1356
1357static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata,
1358 struct ieee80211_channel *channel,
1359 const u8 *cisco_dtpc_ie,
1360 int *pwr_level)
1361{
1362 /* From practical testing, the first data byte of the DTPC element
1363 * seems to contain the requested dBm level, and the CLI on Cisco
1364 * APs clearly state the range is -127 to 127 dBm, which indicates
1365 * a signed byte, although it seemingly never actually goes negative.
1366 * The other byte seems to always be zero.
1367 */
1368 *pwr_level = (__s8)cisco_dtpc_ie[4];
1369}
1370
1371static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
1372 struct ieee80211_channel *channel,
1373 struct ieee80211_mgmt *mgmt,
1374 const u8 *country_ie, u8 country_ie_len,
1375 const u8 *pwr_constr_ie,
1376 const u8 *cisco_dtpc_ie)
1377{
1378 bool has_80211h_pwr = false, has_cisco_pwr = false;
1379 int chan_pwr = 0, pwr_reduction_80211h = 0;
1380 int pwr_level_cisco, pwr_level_80211h;
1381 int new_ap_level;
1382 __le16 capab = mgmt->u.probe_resp.capab_info;
1383
1384 if (country_ie &&
1385 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) ||
1386 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) {
1387 has_80211h_pwr = ieee80211_find_80211h_pwr_constr(
1388 sdata, channel, country_ie, country_ie_len,
1389 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h);
1390 pwr_level_80211h =
1391 max_t(int, 0, chan_pwr - pwr_reduction_80211h);
1392 }
1393
1394 if (cisco_dtpc_ie) {
1395 ieee80211_find_cisco_dtpc(
1396 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco);
1397 has_cisco_pwr = true;
1398 }
1399
1400 if (!has_80211h_pwr && !has_cisco_pwr)
1401 return 0;
1402
1403 /* If we have both 802.11h and Cisco DTPC, apply both limits
1404 * by picking the smallest of the two power levels advertised.
1405 */
1406 if (has_80211h_pwr &&
1407 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) {
1408 new_ap_level = pwr_level_80211h;
1409
1410 if (sdata->ap_power_level == new_ap_level)
1411 return 0;
1412
1413 sdata_dbg(sdata,
1414 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1415 pwr_level_80211h, chan_pwr, pwr_reduction_80211h,
1416 sdata->u.mgd.bssid);
1417 } else { /* has_cisco_pwr is always true here. */
1418 new_ap_level = pwr_level_cisco;
1419
1420 if (sdata->ap_power_level == new_ap_level)
1421 return 0;
1422
1423 sdata_dbg(sdata,
1424 "Limiting TX power to %d dBm as advertised by %pM\n",
1425 pwr_level_cisco, sdata->u.mgd.bssid);
1426 }
1427
1428 sdata->ap_power_level = new_ap_level;
1429 if (__ieee80211_recalc_txpower(sdata))
1430 return BSS_CHANGED_TXPOWER;
1431 return 0;
1432}
1433
1434/* powersave */
1435static void ieee80211_enable_ps(struct ieee80211_local *local,
1436 struct ieee80211_sub_if_data *sdata)
1437{
1438 struct ieee80211_conf *conf = &local->hw.conf;
1439
1440 /*
1441 * If we are scanning right now then the parameters will
1442 * take effect when scan finishes.
1443 */
1444 if (local->scanning)
1445 return;
1446
1447 if (conf->dynamic_ps_timeout > 0 &&
1448 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
1449 mod_timer(&local->dynamic_ps_timer, jiffies +
1450 msecs_to_jiffies(conf->dynamic_ps_timeout));
1451 } else {
1452 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
1453 ieee80211_send_nullfunc(local, sdata, true);
1454
1455 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
1456 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1457 return;
1458
1459 conf->flags |= IEEE80211_CONF_PS;
1460 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1461 }
1462}
1463
1464static void ieee80211_change_ps(struct ieee80211_local *local)
1465{
1466 struct ieee80211_conf *conf = &local->hw.conf;
1467
1468 if (local->ps_sdata) {
1469 ieee80211_enable_ps(local, local->ps_sdata);
1470 } else if (conf->flags & IEEE80211_CONF_PS) {
1471 conf->flags &= ~IEEE80211_CONF_PS;
1472 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1473 del_timer_sync(&local->dynamic_ps_timer);
1474 cancel_work_sync(&local->dynamic_ps_enable_work);
1475 }
1476}
1477
1478static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
1479{
1480 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
1481 struct sta_info *sta = NULL;
1482 bool authorized = false;
1483
1484 if (!mgd->powersave)
1485 return false;
1486
1487 if (mgd->broken_ap)
1488 return false;
1489
1490 if (!mgd->associated)
1491 return false;
1492
1493 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
1494 return false;
1495
1496 if (!mgd->have_beacon)
1497 return false;
1498
1499 rcu_read_lock();
1500 sta = sta_info_get(sdata, mgd->bssid);
1501 if (sta)
1502 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1503 rcu_read_unlock();
1504
1505 return authorized;
1506}
1507
1508/* need to hold RTNL or interface lock */
1509void ieee80211_recalc_ps(struct ieee80211_local *local)
1510{
1511 struct ieee80211_sub_if_data *sdata, *found = NULL;
1512 int count = 0;
1513 int timeout;
1514
1515 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS)) {
1516 local->ps_sdata = NULL;
1517 return;
1518 }
1519
1520 list_for_each_entry(sdata, &local->interfaces, list) {
1521 if (!ieee80211_sdata_running(sdata))
1522 continue;
1523 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1524 /* If an AP vif is found, then disable PS
1525 * by setting the count to zero thereby setting
1526 * ps_sdata to NULL.
1527 */
1528 count = 0;
1529 break;
1530 }
1531 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1532 continue;
1533 found = sdata;
1534 count++;
1535 }
1536
1537 if (count == 1 && ieee80211_powersave_allowed(found)) {
1538 u8 dtimper = found->u.mgd.dtim_period;
1539
1540 timeout = local->dynamic_ps_forced_timeout;
1541 if (timeout < 0)
1542 timeout = 100;
1543 local->hw.conf.dynamic_ps_timeout = timeout;
1544
1545 /* If the TIM IE is invalid, pretend the value is 1 */
1546 if (!dtimper)
1547 dtimper = 1;
1548
1549 local->hw.conf.ps_dtim_period = dtimper;
1550 local->ps_sdata = found;
1551 } else {
1552 local->ps_sdata = NULL;
1553 }
1554
1555 ieee80211_change_ps(local);
1556}
1557
1558void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1559{
1560 bool ps_allowed = ieee80211_powersave_allowed(sdata);
1561
1562 if (sdata->vif.bss_conf.ps != ps_allowed) {
1563 sdata->vif.bss_conf.ps = ps_allowed;
1564 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1565 }
1566}
1567
1568void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1569{
1570 struct ieee80211_local *local =
1571 container_of(work, struct ieee80211_local,
1572 dynamic_ps_disable_work);
1573
1574 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1575 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1576 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1577 }
1578
1579 ieee80211_wake_queues_by_reason(&local->hw,
1580 IEEE80211_MAX_QUEUE_MAP,
1581 IEEE80211_QUEUE_STOP_REASON_PS,
1582 false);
1583}
1584
1585void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1586{
1587 struct ieee80211_local *local =
1588 container_of(work, struct ieee80211_local,
1589 dynamic_ps_enable_work);
1590 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1591 struct ieee80211_if_managed *ifmgd;
1592 unsigned long flags;
1593 int q;
1594
1595 /* can only happen when PS was just disabled anyway */
1596 if (!sdata)
1597 return;
1598
1599 ifmgd = &sdata->u.mgd;
1600
1601 if (local->hw.conf.flags & IEEE80211_CONF_PS)
1602 return;
1603
1604 if (local->hw.conf.dynamic_ps_timeout > 0) {
1605 /* don't enter PS if TX frames are pending */
1606 if (drv_tx_frames_pending(local)) {
1607 mod_timer(&local->dynamic_ps_timer, jiffies +
1608 msecs_to_jiffies(
1609 local->hw.conf.dynamic_ps_timeout));
1610 return;
1611 }
1612
1613 /*
1614 * transmission can be stopped by others which leads to
1615 * dynamic_ps_timer expiry. Postpone the ps timer if it
1616 * is not the actual idle state.
1617 */
1618 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1619 for (q = 0; q < local->hw.queues; q++) {
1620 if (local->queue_stop_reasons[q]) {
1621 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1622 flags);
1623 mod_timer(&local->dynamic_ps_timer, jiffies +
1624 msecs_to_jiffies(
1625 local->hw.conf.dynamic_ps_timeout));
1626 return;
1627 }
1628 }
1629 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1630 }
1631
1632 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
1633 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1634 if (drv_tx_frames_pending(local)) {
1635 mod_timer(&local->dynamic_ps_timer, jiffies +
1636 msecs_to_jiffies(
1637 local->hw.conf.dynamic_ps_timeout));
1638 } else {
1639 ieee80211_send_nullfunc(local, sdata, true);
1640 /* Flush to get the tx status of nullfunc frame */
1641 ieee80211_flush_queues(local, sdata, false);
1642 }
1643 }
1644
1645 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
1646 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) ||
1647 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1648 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1649 local->hw.conf.flags |= IEEE80211_CONF_PS;
1650 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1651 }
1652}
1653
1654void ieee80211_dynamic_ps_timer(unsigned long data)
1655{
1656 struct ieee80211_local *local = (void *) data;
1657
1658 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1659}
1660
1661void ieee80211_dfs_cac_timer_work(struct work_struct *work)
1662{
1663 struct delayed_work *delayed_work = to_delayed_work(work);
1664 struct ieee80211_sub_if_data *sdata =
1665 container_of(delayed_work, struct ieee80211_sub_if_data,
1666 dfs_cac_timer_work);
1667 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef;
1668
1669 mutex_lock(&sdata->local->mtx);
1670 if (sdata->wdev.cac_started) {
1671 ieee80211_vif_release_channel(sdata);
1672 cfg80211_cac_event(sdata->dev, &chandef,
1673 NL80211_RADAR_CAC_FINISHED,
1674 GFP_KERNEL);
1675 }
1676 mutex_unlock(&sdata->local->mtx);
1677}
1678
1679static bool
1680__ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
1681{
1682 struct ieee80211_local *local = sdata->local;
1683 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1684 bool ret = false;
1685 int ac;
1686
1687 if (local->hw.queues < IEEE80211_NUM_ACS)
1688 return false;
1689
1690 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1691 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
1692 int non_acm_ac;
1693 unsigned long now = jiffies;
1694
1695 if (tx_tspec->action == TX_TSPEC_ACTION_NONE &&
1696 tx_tspec->admitted_time &&
1697 time_after(now, tx_tspec->time_slice_start + HZ)) {
1698 tx_tspec->consumed_tx_time = 0;
1699 tx_tspec->time_slice_start = now;
1700
1701 if (tx_tspec->downgraded)
1702 tx_tspec->action =
1703 TX_TSPEC_ACTION_STOP_DOWNGRADE;
1704 }
1705
1706 switch (tx_tspec->action) {
1707 case TX_TSPEC_ACTION_STOP_DOWNGRADE:
1708 /* take the original parameters */
1709 if (drv_conf_tx(local, sdata, ac, &sdata->tx_conf[ac]))
1710 sdata_err(sdata,
1711 "failed to set TX queue parameters for queue %d\n",
1712 ac);
1713 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1714 tx_tspec->downgraded = false;
1715 ret = true;
1716 break;
1717 case TX_TSPEC_ACTION_DOWNGRADE:
1718 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
1719 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1720 ret = true;
1721 break;
1722 }
1723 /* downgrade next lower non-ACM AC */
1724 for (non_acm_ac = ac + 1;
1725 non_acm_ac < IEEE80211_NUM_ACS;
1726 non_acm_ac++)
1727 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac)))
1728 break;
1729 /* Usually the loop will result in using BK even if it
1730 * requires admission control, but such a configuration
1731 * makes no sense and we have to transmit somehow - the
1732 * AC selection does the same thing.
1733 * If we started out trying to downgrade from BK, then
1734 * the extra condition here might be needed.
1735 */
1736 if (non_acm_ac >= IEEE80211_NUM_ACS)
1737 non_acm_ac = IEEE80211_AC_BK;
1738 if (drv_conf_tx(local, sdata, ac,
1739 &sdata->tx_conf[non_acm_ac]))
1740 sdata_err(sdata,
1741 "failed to set TX queue parameters for queue %d\n",
1742 ac);
1743 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1744 ret = true;
1745 schedule_delayed_work(&ifmgd->tx_tspec_wk,
1746 tx_tspec->time_slice_start + HZ - now + 1);
1747 break;
1748 case TX_TSPEC_ACTION_NONE:
1749 /* nothing now */
1750 break;
1751 }
1752 }
1753
1754 return ret;
1755}
1756
1757void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
1758{
1759 if (__ieee80211_sta_handle_tspec_ac_params(sdata))
1760 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS);
1761}
1762
1763static void ieee80211_sta_handle_tspec_ac_params_wk(struct work_struct *work)
1764{
1765 struct ieee80211_sub_if_data *sdata;
1766
1767 sdata = container_of(work, struct ieee80211_sub_if_data,
1768 u.mgd.tx_tspec_wk.work);
1769 ieee80211_sta_handle_tspec_ac_params(sdata);
1770}
1771
1772/* MLME */
1773static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
1774 struct ieee80211_sub_if_data *sdata,
1775 const u8 *wmm_param, size_t wmm_param_len)
1776{
1777 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS];
1778 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1779 size_t left;
1780 int count, ac;
1781 const u8 *pos;
1782 u8 uapsd_queues = 0;
1783
1784 if (!local->ops->conf_tx)
1785 return false;
1786
1787 if (local->hw.queues < IEEE80211_NUM_ACS)
1788 return false;
1789
1790 if (!wmm_param)
1791 return false;
1792
1793 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
1794 return false;
1795
1796 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
1797 uapsd_queues = ifmgd->uapsd_queues;
1798
1799 count = wmm_param[6] & 0x0f;
1800 if (count == ifmgd->wmm_last_param_set)
1801 return false;
1802 ifmgd->wmm_last_param_set = count;
1803
1804 pos = wmm_param + 8;
1805 left = wmm_param_len - 8;
1806
1807 memset(&params, 0, sizeof(params));
1808
1809 sdata->wmm_acm = 0;
1810 for (; left >= 4; left -= 4, pos += 4) {
1811 int aci = (pos[0] >> 5) & 0x03;
1812 int acm = (pos[0] >> 4) & 0x01;
1813 bool uapsd = false;
1814
1815 switch (aci) {
1816 case 1: /* AC_BK */
1817 ac = IEEE80211_AC_BK;
1818 if (acm)
1819 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
1820 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
1821 uapsd = true;
1822 break;
1823 case 2: /* AC_VI */
1824 ac = IEEE80211_AC_VI;
1825 if (acm)
1826 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
1827 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
1828 uapsd = true;
1829 break;
1830 case 3: /* AC_VO */
1831 ac = IEEE80211_AC_VO;
1832 if (acm)
1833 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
1834 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
1835 uapsd = true;
1836 break;
1837 case 0: /* AC_BE */
1838 default:
1839 ac = IEEE80211_AC_BE;
1840 if (acm)
1841 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
1842 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
1843 uapsd = true;
1844 break;
1845 }
1846
1847 params[ac].aifs = pos[0] & 0x0f;
1848
1849 if (params[ac].aifs < 2) {
1850 sdata_info(sdata,
1851 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n",
1852 params[ac].aifs, aci);
1853 params[ac].aifs = 2;
1854 }
1855 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
1856 params[ac].cw_min = ecw2cw(pos[1] & 0x0f);
1857 params[ac].txop = get_unaligned_le16(pos + 2);
1858 params[ac].acm = acm;
1859 params[ac].uapsd = uapsd;
1860
1861 if (params[ac].cw_min == 0 ||
1862 params[ac].cw_min > params[ac].cw_max) {
1863 sdata_info(sdata,
1864 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n",
1865 params[ac].cw_min, params[ac].cw_max, aci);
1866 return false;
1867 }
1868 }
1869
1870 /* WMM specification requires all 4 ACIs. */
1871 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1872 if (params[ac].cw_min == 0) {
1873 sdata_info(sdata,
1874 "AP has invalid WMM params (missing AC %d), using defaults\n",
1875 ac);
1876 return false;
1877 }
1878 }
1879
1880 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1881 mlme_dbg(sdata,
1882 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n",
1883 ac, params[ac].acm,
1884 params[ac].aifs, params[ac].cw_min, params[ac].cw_max,
1885 params[ac].txop, params[ac].uapsd,
1886 ifmgd->tx_tspec[ac].downgraded);
1887 sdata->tx_conf[ac] = params[ac];
1888 if (!ifmgd->tx_tspec[ac].downgraded &&
1889 drv_conf_tx(local, sdata, ac, &params[ac]))
1890 sdata_err(sdata,
1891 "failed to set TX queue parameters for AC %d\n",
1892 ac);
1893 }
1894
1895 /* enable WMM or activate new settings */
1896 sdata->vif.bss_conf.qos = true;
1897 return true;
1898}
1899
1900static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1901{
1902 lockdep_assert_held(&sdata->local->mtx);
1903
1904 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
1905 ieee80211_run_deferred_scan(sdata->local);
1906}
1907
1908static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1909{
1910 mutex_lock(&sdata->local->mtx);
1911 __ieee80211_stop_poll(sdata);
1912 mutex_unlock(&sdata->local->mtx);
1913}
1914
1915static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
1916 u16 capab, bool erp_valid, u8 erp)
1917{
1918 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1919 struct ieee80211_supported_band *sband;
1920 u32 changed = 0;
1921 bool use_protection;
1922 bool use_short_preamble;
1923 bool use_short_slot;
1924
1925 sband = ieee80211_get_sband(sdata);
1926 if (!sband)
1927 return changed;
1928
1929 if (erp_valid) {
1930 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
1931 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
1932 } else {
1933 use_protection = false;
1934 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
1935 }
1936
1937 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
1938 if (sband->band == NL80211_BAND_5GHZ)
1939 use_short_slot = true;
1940
1941 if (use_protection != bss_conf->use_cts_prot) {
1942 bss_conf->use_cts_prot = use_protection;
1943 changed |= BSS_CHANGED_ERP_CTS_PROT;
1944 }
1945
1946 if (use_short_preamble != bss_conf->use_short_preamble) {
1947 bss_conf->use_short_preamble = use_short_preamble;
1948 changed |= BSS_CHANGED_ERP_PREAMBLE;
1949 }
1950
1951 if (use_short_slot != bss_conf->use_short_slot) {
1952 bss_conf->use_short_slot = use_short_slot;
1953 changed |= BSS_CHANGED_ERP_SLOT;
1954 }
1955
1956 return changed;
1957}
1958
1959static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1960 struct cfg80211_bss *cbss,
1961 u32 bss_info_changed)
1962{
1963 struct ieee80211_bss *bss = (void *)cbss->priv;
1964 struct ieee80211_local *local = sdata->local;
1965 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1966
1967 bss_info_changed |= BSS_CHANGED_ASSOC;
1968 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
1969 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
1970
1971 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
1972 beacon_loss_count * bss_conf->beacon_int));
1973
1974 sdata->u.mgd.associated = cbss;
1975 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
1976
1977 ieee80211_check_rate_mask(sdata);
1978
1979 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
1980
1981 if (sdata->vif.p2p ||
1982 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
1983 const struct cfg80211_bss_ies *ies;
1984
1985 rcu_read_lock();
1986 ies = rcu_dereference(cbss->ies);
1987 if (ies) {
1988 int ret;
1989
1990 ret = cfg80211_get_p2p_attr(
1991 ies->data, ies->len,
1992 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
1993 (u8 *) &bss_conf->p2p_noa_attr,
1994 sizeof(bss_conf->p2p_noa_attr));
1995 if (ret >= 2) {
1996 sdata->u.mgd.p2p_noa_index =
1997 bss_conf->p2p_noa_attr.index;
1998 bss_info_changed |= BSS_CHANGED_P2P_PS;
1999 }
2000 }
2001 rcu_read_unlock();
2002 }
2003
2004 /* just to be sure */
2005 ieee80211_stop_poll(sdata);
2006
2007 ieee80211_led_assoc(local, 1);
2008
2009 if (sdata->u.mgd.have_beacon) {
2010 /*
2011 * If the AP is buggy we may get here with no DTIM period
2012 * known, so assume it's 1 which is the only safe assumption
2013 * in that case, although if the TIM IE is broken powersave
2014 * probably just won't work at all.
2015 */
2016 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
2017 bss_conf->beacon_rate = bss->beacon_rate;
2018 bss_info_changed |= BSS_CHANGED_BEACON_INFO;
2019 } else {
2020 bss_conf->beacon_rate = NULL;
2021 bss_conf->dtim_period = 0;
2022 }
2023
2024 bss_conf->assoc = 1;
2025
2026 /* Tell the driver to monitor connection quality (if supported) */
2027 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
2028 bss_conf->cqm_rssi_thold)
2029 bss_info_changed |= BSS_CHANGED_CQM;
2030
2031 /* Enable ARP filtering */
2032 if (bss_conf->arp_addr_cnt)
2033 bss_info_changed |= BSS_CHANGED_ARP_FILTER;
2034
2035 ieee80211_bss_info_change_notify(sdata, bss_info_changed);
2036
2037 mutex_lock(&local->iflist_mtx);
2038 ieee80211_recalc_ps(local);
2039 mutex_unlock(&local->iflist_mtx);
2040
2041 ieee80211_recalc_smps(sdata);
2042 ieee80211_recalc_ps_vif(sdata);
2043
2044 netif_carrier_on(sdata->dev);
2045}
2046
2047static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
2048 u16 stype, u16 reason, bool tx,
2049 u8 *frame_buf)
2050{
2051 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2052 struct ieee80211_local *local = sdata->local;
2053 u32 changed = 0;
2054
2055 sdata_assert_lock(sdata);
2056
2057 if (WARN_ON_ONCE(tx && !frame_buf))
2058 return;
2059
2060 if (WARN_ON(!ifmgd->associated))
2061 return;
2062
2063 ieee80211_stop_poll(sdata);
2064
2065 ifmgd->associated = NULL;
2066 netif_carrier_off(sdata->dev);
2067
2068 /*
2069 * if we want to get out of ps before disassoc (why?) we have
2070 * to do it before sending disassoc, as otherwise the null-packet
2071 * won't be valid.
2072 */
2073 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2074 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2075 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2076 }
2077 local->ps_sdata = NULL;
2078
2079 /* disable per-vif ps */
2080 ieee80211_recalc_ps_vif(sdata);
2081
2082 /* make sure ongoing transmission finishes */
2083 synchronize_net();
2084
2085 /*
2086 * drop any frame before deauth/disassoc, this can be data or
2087 * management frame. Since we are disconnecting, we should not
2088 * insist sending these frames which can take time and delay
2089 * the disconnection and possible the roaming.
2090 */
2091 if (tx)
2092 ieee80211_flush_queues(local, sdata, true);
2093
2094 /* deauthenticate/disassociate now */
2095 if (tx || frame_buf)
2096 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
2097 reason, tx, frame_buf);
2098
2099 /* flush out frame - make sure the deauth was actually sent */
2100 if (tx)
2101 ieee80211_flush_queues(local, sdata, false);
2102
2103 /* clear bssid only after building the needed mgmt frames */
2104 eth_zero_addr(ifmgd->bssid);
2105
2106 /* remove AP and TDLS peers */
2107 sta_info_flush(sdata);
2108
2109 /* finally reset all BSS / config parameters */
2110 changed |= ieee80211_reset_erp_info(sdata);
2111
2112 ieee80211_led_assoc(local, 0);
2113 changed |= BSS_CHANGED_ASSOC;
2114 sdata->vif.bss_conf.assoc = false;
2115
2116 ifmgd->p2p_noa_index = -1;
2117 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
2118 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
2119
2120 /* on the next assoc, re-program HT/VHT parameters */
2121 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
2122 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
2123 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
2124 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
2125
2126 /* reset MU-MIMO ownership and group data */
2127 memset(sdata->vif.bss_conf.mu_group.membership, 0,
2128 sizeof(sdata->vif.bss_conf.mu_group.membership));
2129 memset(sdata->vif.bss_conf.mu_group.position, 0,
2130 sizeof(sdata->vif.bss_conf.mu_group.position));
2131 changed |= BSS_CHANGED_MU_GROUPS;
2132 sdata->vif.mu_mimo_owner = false;
2133
2134 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
2135
2136 del_timer_sync(&local->dynamic_ps_timer);
2137 cancel_work_sync(&local->dynamic_ps_enable_work);
2138
2139 /* Disable ARP filtering */
2140 if (sdata->vif.bss_conf.arp_addr_cnt)
2141 changed |= BSS_CHANGED_ARP_FILTER;
2142
2143 sdata->vif.bss_conf.qos = false;
2144 changed |= BSS_CHANGED_QOS;
2145
2146 /* The BSSID (not really interesting) and HT changed */
2147 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
2148 ieee80211_bss_info_change_notify(sdata, changed);
2149
2150 /* disassociated - set to defaults now */
2151 ieee80211_set_wmm_default(sdata, false, false);
2152
2153 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
2154 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
2155 del_timer_sync(&sdata->u.mgd.timer);
2156 del_timer_sync(&sdata->u.mgd.chswitch_timer);
2157
2158 sdata->vif.bss_conf.dtim_period = 0;
2159 sdata->vif.bss_conf.beacon_rate = NULL;
2160
2161 ifmgd->have_beacon = false;
2162
2163 ifmgd->flags = 0;
2164 mutex_lock(&local->mtx);
2165 ieee80211_vif_release_channel(sdata);
2166
2167 sdata->vif.csa_active = false;
2168 ifmgd->csa_waiting_bcn = false;
2169 ifmgd->csa_ignored_same_chan = false;
2170 if (sdata->csa_block_tx) {
2171 ieee80211_wake_vif_queues(local, sdata,
2172 IEEE80211_QUEUE_STOP_REASON_CSA);
2173 sdata->csa_block_tx = false;
2174 }
2175 mutex_unlock(&local->mtx);
2176
2177 /* existing TX TSPEC sessions no longer exist */
2178 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec));
2179 cancel_delayed_work_sync(&ifmgd->tx_tspec_wk);
2180
2181 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
2182}
2183
2184void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
2185 struct ieee80211_hdr *hdr)
2186{
2187 /*
2188 * We can postpone the mgd.timer whenever receiving unicast frames
2189 * from AP because we know that the connection is working both ways
2190 * at that time. But multicast frames (and hence also beacons) must
2191 * be ignored here, because we need to trigger the timer during
2192 * data idle periods for sending the periodic probe request to the
2193 * AP we're connected to.
2194 */
2195 if (is_multicast_ether_addr(hdr->addr1))
2196 return;
2197
2198 ieee80211_sta_reset_conn_monitor(sdata);
2199}
2200
2201static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
2202{
2203 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2204 struct ieee80211_local *local = sdata->local;
2205
2206 mutex_lock(&local->mtx);
2207 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
2208 goto out;
2209
2210 __ieee80211_stop_poll(sdata);
2211
2212 mutex_lock(&local->iflist_mtx);
2213 ieee80211_recalc_ps(local);
2214 mutex_unlock(&local->iflist_mtx);
2215
2216 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
2217 goto out;
2218
2219 /*
2220 * We've received a probe response, but are not sure whether
2221 * we have or will be receiving any beacons or data, so let's
2222 * schedule the timers again, just in case.
2223 */
2224 ieee80211_sta_reset_beacon_monitor(sdata);
2225
2226 mod_timer(&ifmgd->conn_mon_timer,
2227 round_jiffies_up(jiffies +
2228 IEEE80211_CONNECTION_IDLE_TIME));
2229out:
2230 mutex_unlock(&local->mtx);
2231}
2232
2233static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata,
2234 struct ieee80211_hdr *hdr,
2235 u16 tx_time)
2236{
2237 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2238 u16 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
2239 int ac = ieee80211_ac_from_tid(tid);
2240 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
2241 unsigned long now = jiffies;
2242
2243 if (likely(!tx_tspec->admitted_time))
2244 return;
2245
2246 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
2247 tx_tspec->consumed_tx_time = 0;
2248 tx_tspec->time_slice_start = now;
2249
2250 if (tx_tspec->downgraded) {
2251 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
2252 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0);
2253 }
2254 }
2255
2256 if (tx_tspec->downgraded)
2257 return;
2258
2259 tx_tspec->consumed_tx_time += tx_time;
2260
2261 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) {
2262 tx_tspec->downgraded = true;
2263 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE;
2264 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0);
2265 }
2266}
2267
2268void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
2269 struct ieee80211_hdr *hdr, bool ack, u16 tx_time)
2270{
2271 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time);
2272
2273 if (!ieee80211_is_data(hdr->frame_control))
2274 return;
2275
2276 if (ieee80211_is_any_nullfunc(hdr->frame_control) &&
2277 sdata->u.mgd.probe_send_count > 0) {
2278 if (ack)
2279 ieee80211_sta_reset_conn_monitor(sdata);
2280 else
2281 sdata->u.mgd.nullfunc_failed = true;
2282 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
2283 return;
2284 }
2285
2286 if (ack)
2287 ieee80211_sta_reset_conn_monitor(sdata);
2288}
2289
2290static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
2291{
2292 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2293 const u8 *ssid;
2294 u8 *dst = ifmgd->associated->bssid;
2295 u8 unicast_limit = max(1, max_probe_tries - 3);
2296 struct sta_info *sta;
2297
2298 /*
2299 * Try sending broadcast probe requests for the last three
2300 * probe requests after the first ones failed since some
2301 * buggy APs only support broadcast probe requests.
2302 */
2303 if (ifmgd->probe_send_count >= unicast_limit)
2304 dst = NULL;
2305
2306 /*
2307 * When the hardware reports an accurate Tx ACK status, it's
2308 * better to send a nullfunc frame instead of a probe request,
2309 * as it will kick us off the AP quickly if we aren't associated
2310 * anymore. The timeout will be reset if the frame is ACKed by
2311 * the AP.
2312 */
2313 ifmgd->probe_send_count++;
2314
2315 if (dst) {
2316 mutex_lock(&sdata->local->sta_mtx);
2317 sta = sta_info_get(sdata, dst);
2318 if (!WARN_ON(!sta))
2319 ieee80211_check_fast_rx(sta);
2320 mutex_unlock(&sdata->local->sta_mtx);
2321 }
2322
2323 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
2324 ifmgd->nullfunc_failed = false;
2325 ieee80211_send_nullfunc(sdata->local, sdata, false);
2326 } else {
2327 int ssid_len;
2328
2329 rcu_read_lock();
2330 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
2331 if (WARN_ON_ONCE(ssid == NULL))
2332 ssid_len = 0;
2333 else
2334 ssid_len = ssid[1];
2335
2336 ieee80211_send_probe_req(sdata, sdata->vif.addr, dst,
2337 ssid + 2, ssid_len, NULL,
2338 0, (u32) -1, true, 0,
2339 ifmgd->associated->channel, false);
2340 rcu_read_unlock();
2341 }
2342
2343 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
2344 run_again(sdata, ifmgd->probe_timeout);
2345}
2346
2347static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
2348 bool beacon)
2349{
2350 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2351 bool already = false;
2352
2353 if (!ieee80211_sdata_running(sdata))
2354 return;
2355
2356 sdata_lock(sdata);
2357
2358 if (!ifmgd->associated)
2359 goto out;
2360
2361 mutex_lock(&sdata->local->mtx);
2362
2363 if (sdata->local->tmp_channel || sdata->local->scanning) {
2364 mutex_unlock(&sdata->local->mtx);
2365 goto out;
2366 }
2367
2368 if (beacon) {
2369 mlme_dbg_ratelimited(sdata,
2370 "detected beacon loss from AP (missed %d beacons) - probing\n",
2371 beacon_loss_count);
2372
2373 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL);
2374 }
2375
2376 /*
2377 * The driver/our work has already reported this event or the
2378 * connection monitoring has kicked in and we have already sent
2379 * a probe request. Or maybe the AP died and the driver keeps
2380 * reporting until we disassociate...
2381 *
2382 * In either case we have to ignore the current call to this
2383 * function (except for setting the correct probe reason bit)
2384 * because otherwise we would reset the timer every time and
2385 * never check whether we received a probe response!
2386 */
2387 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
2388 already = true;
2389
2390 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
2391
2392 mutex_unlock(&sdata->local->mtx);
2393
2394 if (already)
2395 goto out;
2396
2397 mutex_lock(&sdata->local->iflist_mtx);
2398 ieee80211_recalc_ps(sdata->local);
2399 mutex_unlock(&sdata->local->iflist_mtx);
2400
2401 ifmgd->probe_send_count = 0;
2402 ieee80211_mgd_probe_ap_send(sdata);
2403 out:
2404 sdata_unlock(sdata);
2405}
2406
2407struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
2408 struct ieee80211_vif *vif)
2409{
2410 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2411 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2412 struct cfg80211_bss *cbss;
2413 struct sk_buff *skb;
2414 const u8 *ssid;
2415 int ssid_len;
2416
2417 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2418 return NULL;
2419
2420 sdata_assert_lock(sdata);
2421
2422 if (ifmgd->associated)
2423 cbss = ifmgd->associated;
2424 else if (ifmgd->auth_data)
2425 cbss = ifmgd->auth_data->bss;
2426 else if (ifmgd->assoc_data)
2427 cbss = ifmgd->assoc_data->bss;
2428 else
2429 return NULL;
2430
2431 rcu_read_lock();
2432 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
2433 if (WARN_ONCE(!ssid || ssid[1] > IEEE80211_MAX_SSID_LEN,
2434 "invalid SSID element (len=%d)", ssid ? ssid[1] : -1))
2435 ssid_len = 0;
2436 else
2437 ssid_len = ssid[1];
2438
2439 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid,
2440 (u32) -1, cbss->channel,
2441 ssid + 2, ssid_len,
2442 NULL, 0, true);
2443 rcu_read_unlock();
2444
2445 return skb;
2446}
2447EXPORT_SYMBOL(ieee80211_ap_probereq_get);
2448
2449static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
2450 const u8 *buf, size_t len, bool tx,
2451 u16 reason)
2452{
2453 struct ieee80211_event event = {
2454 .type = MLME_EVENT,
2455 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT,
2456 .u.mlme.reason = reason,
2457 };
2458
2459 if (tx)
2460 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len);
2461 else
2462 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
2463
2464 drv_event_callback(sdata->local, sdata, &event);
2465}
2466
2467static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
2468{
2469 struct ieee80211_local *local = sdata->local;
2470 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2471 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
2472 bool tx;
2473
2474 sdata_lock(sdata);
2475 if (!ifmgd->associated) {
2476 sdata_unlock(sdata);
2477 return;
2478 }
2479
2480 tx = !sdata->csa_block_tx;
2481
2482 /* AP is probably out of range (or not reachable for another reason) so
2483 * remove the bss struct for that AP.
2484 */
2485 cfg80211_unlink_bss(local->hw.wiphy, ifmgd->associated);
2486
2487 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
2488 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2489 tx, frame_buf);
2490 mutex_lock(&local->mtx);
2491 sdata->vif.csa_active = false;
2492 ifmgd->csa_waiting_bcn = false;
2493 if (sdata->csa_block_tx) {
2494 ieee80211_wake_vif_queues(local, sdata,
2495 IEEE80211_QUEUE_STOP_REASON_CSA);
2496 sdata->csa_block_tx = false;
2497 }
2498 mutex_unlock(&local->mtx);
2499
2500 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
2501 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
2502
2503 sdata_unlock(sdata);
2504}
2505
2506static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
2507{
2508 struct ieee80211_sub_if_data *sdata =
2509 container_of(work, struct ieee80211_sub_if_data,
2510 u.mgd.beacon_connection_loss_work);
2511 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2512
2513 if (ifmgd->associated)
2514 ifmgd->beacon_loss_count++;
2515
2516 if (ifmgd->connection_loss) {
2517 sdata_info(sdata, "Connection to AP %pM lost\n",
2518 ifmgd->bssid);
2519 __ieee80211_disconnect(sdata);
2520 } else {
2521 ieee80211_mgd_probe_ap(sdata, true);
2522 }
2523}
2524
2525static void ieee80211_csa_connection_drop_work(struct work_struct *work)
2526{
2527 struct ieee80211_sub_if_data *sdata =
2528 container_of(work, struct ieee80211_sub_if_data,
2529 u.mgd.csa_connection_drop_work);
2530
2531 __ieee80211_disconnect(sdata);
2532}
2533
2534void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2535{
2536 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2537 struct ieee80211_hw *hw = &sdata->local->hw;
2538
2539 trace_api_beacon_loss(sdata);
2540
2541 sdata->u.mgd.connection_loss = false;
2542 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2543}
2544EXPORT_SYMBOL(ieee80211_beacon_loss);
2545
2546void ieee80211_connection_loss(struct ieee80211_vif *vif)
2547{
2548 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2549 struct ieee80211_hw *hw = &sdata->local->hw;
2550
2551 trace_api_connection_loss(sdata);
2552
2553 sdata->u.mgd.connection_loss = true;
2554 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2555}
2556EXPORT_SYMBOL(ieee80211_connection_loss);
2557
2558
2559static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
2560 bool assoc)
2561{
2562 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2563
2564 sdata_assert_lock(sdata);
2565
2566 if (!assoc) {
2567 /*
2568 * we are not authenticated yet, the only timer that could be
2569 * running is the timeout for the authentication response which
2570 * which is not relevant anymore.
2571 */
2572 del_timer_sync(&sdata->u.mgd.timer);
2573 sta_info_destroy_addr(sdata, auth_data->bss->bssid);
2574
2575 eth_zero_addr(sdata->u.mgd.bssid);
2576 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2577 sdata->u.mgd.flags = 0;
2578 mutex_lock(&sdata->local->mtx);
2579 ieee80211_vif_release_channel(sdata);
2580 mutex_unlock(&sdata->local->mtx);
2581 }
2582
2583 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
2584 kfree(auth_data);
2585 sdata->u.mgd.auth_data = NULL;
2586}
2587
2588static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2589 bool assoc, bool abandon)
2590{
2591 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2592
2593 sdata_assert_lock(sdata);
2594
2595 if (!assoc) {
2596 /*
2597 * we are not associated yet, the only timer that could be
2598 * running is the timeout for the association response which
2599 * which is not relevant anymore.
2600 */
2601 del_timer_sync(&sdata->u.mgd.timer);
2602 sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2603
2604 eth_zero_addr(sdata->u.mgd.bssid);
2605 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2606 sdata->u.mgd.flags = 0;
2607 sdata->vif.mu_mimo_owner = false;
2608
2609 mutex_lock(&sdata->local->mtx);
2610 ieee80211_vif_release_channel(sdata);
2611 mutex_unlock(&sdata->local->mtx);
2612
2613 if (abandon)
2614 cfg80211_abandon_assoc(sdata->dev, assoc_data->bss);
2615 }
2616
2617 kfree(assoc_data);
2618 sdata->u.mgd.assoc_data = NULL;
2619}
2620
2621static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2622 struct ieee80211_mgmt *mgmt, size_t len)
2623{
2624 struct ieee80211_local *local = sdata->local;
2625 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2626 u8 *pos;
2627 struct ieee802_11_elems elems;
2628 u32 tx_flags = 0;
2629
2630 pos = mgmt->u.auth.variable;
2631 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2632 if (!elems.challenge)
2633 return;
2634 auth_data->expected_transaction = 4;
2635 drv_mgd_prepare_tx(sdata->local, sdata);
2636 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2637 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2638 IEEE80211_TX_INTFL_MLME_CONN_TX;
2639 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
2640 elems.challenge - 2, elems.challenge_len + 2,
2641 auth_data->bss->bssid, auth_data->bss->bssid,
2642 auth_data->key, auth_data->key_len,
2643 auth_data->key_idx, tx_flags);
2644}
2645
2646static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2647 struct ieee80211_mgmt *mgmt, size_t len)
2648{
2649 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2650 u8 bssid[ETH_ALEN];
2651 u16 auth_alg, auth_transaction, status_code;
2652 struct sta_info *sta;
2653 struct ieee80211_event event = {
2654 .type = MLME_EVENT,
2655 .u.mlme.data = AUTH_EVENT,
2656 };
2657
2658 sdata_assert_lock(sdata);
2659
2660 if (len < 24 + 6)
2661 return;
2662
2663 if (!ifmgd->auth_data || ifmgd->auth_data->done)
2664 return;
2665
2666 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2667
2668 if (!ether_addr_equal(bssid, mgmt->bssid))
2669 return;
2670
2671 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
2672 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
2673 status_code = le16_to_cpu(mgmt->u.auth.status_code);
2674
2675 if (auth_alg != ifmgd->auth_data->algorithm ||
2676 auth_transaction != ifmgd->auth_data->expected_transaction) {
2677 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2678 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
2679 auth_transaction,
2680 ifmgd->auth_data->expected_transaction);
2681 return;
2682 }
2683
2684 if (status_code != WLAN_STATUS_SUCCESS) {
2685 sdata_info(sdata, "%pM denied authentication (status %d)\n",
2686 mgmt->sa, status_code);
2687 ieee80211_destroy_auth_data(sdata, false);
2688 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2689 event.u.mlme.status = MLME_DENIED;
2690 event.u.mlme.reason = status_code;
2691 drv_event_callback(sdata->local, sdata, &event);
2692 return;
2693 }
2694
2695 switch (ifmgd->auth_data->algorithm) {
2696 case WLAN_AUTH_OPEN:
2697 case WLAN_AUTH_LEAP:
2698 case WLAN_AUTH_FT:
2699 case WLAN_AUTH_SAE:
2700 case WLAN_AUTH_FILS_SK:
2701 case WLAN_AUTH_FILS_SK_PFS:
2702 case WLAN_AUTH_FILS_PK:
2703 break;
2704 case WLAN_AUTH_SHARED_KEY:
2705 if (ifmgd->auth_data->expected_transaction != 4) {
2706 ieee80211_auth_challenge(sdata, mgmt, len);
2707 /* need another frame */
2708 return;
2709 }
2710 break;
2711 default:
2712 WARN_ONCE(1, "invalid auth alg %d",
2713 ifmgd->auth_data->algorithm);
2714 return;
2715 }
2716
2717 event.u.mlme.status = MLME_SUCCESS;
2718 drv_event_callback(sdata->local, sdata, &event);
2719 sdata_info(sdata, "authenticated\n");
2720 ifmgd->auth_data->done = true;
2721 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
2722 ifmgd->auth_data->timeout_started = true;
2723 run_again(sdata, ifmgd->auth_data->timeout);
2724
2725 if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
2726 ifmgd->auth_data->expected_transaction != 2) {
2727 /*
2728 * Report auth frame to user space for processing since another
2729 * round of Authentication frames is still needed.
2730 */
2731 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2732 return;
2733 }
2734
2735 /* move station state to auth */
2736 mutex_lock(&sdata->local->sta_mtx);
2737 sta = sta_info_get(sdata, bssid);
2738 if (!sta) {
2739 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
2740 goto out_err;
2741 }
2742 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
2743 sdata_info(sdata, "failed moving %pM to auth\n", bssid);
2744 goto out_err;
2745 }
2746 mutex_unlock(&sdata->local->sta_mtx);
2747
2748 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2749 return;
2750 out_err:
2751 mutex_unlock(&sdata->local->sta_mtx);
2752 /* ignore frame -- wait for timeout */
2753}
2754
2755#define case_WLAN(type) \
2756 case WLAN_REASON_##type: return #type
2757
2758const char *ieee80211_get_reason_code_string(u16 reason_code)
2759{
2760 switch (reason_code) {
2761 case_WLAN(UNSPECIFIED);
2762 case_WLAN(PREV_AUTH_NOT_VALID);
2763 case_WLAN(DEAUTH_LEAVING);
2764 case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
2765 case_WLAN(DISASSOC_AP_BUSY);
2766 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
2767 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
2768 case_WLAN(DISASSOC_STA_HAS_LEFT);
2769 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
2770 case_WLAN(DISASSOC_BAD_POWER);
2771 case_WLAN(DISASSOC_BAD_SUPP_CHAN);
2772 case_WLAN(INVALID_IE);
2773 case_WLAN(MIC_FAILURE);
2774 case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
2775 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
2776 case_WLAN(IE_DIFFERENT);
2777 case_WLAN(INVALID_GROUP_CIPHER);
2778 case_WLAN(INVALID_PAIRWISE_CIPHER);
2779 case_WLAN(INVALID_AKMP);
2780 case_WLAN(UNSUPP_RSN_VERSION);
2781 case_WLAN(INVALID_RSN_IE_CAP);
2782 case_WLAN(IEEE8021X_FAILED);
2783 case_WLAN(CIPHER_SUITE_REJECTED);
2784 case_WLAN(DISASSOC_UNSPECIFIED_QOS);
2785 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
2786 case_WLAN(DISASSOC_LOW_ACK);
2787 case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
2788 case_WLAN(QSTA_LEAVE_QBSS);
2789 case_WLAN(QSTA_NOT_USE);
2790 case_WLAN(QSTA_REQUIRE_SETUP);
2791 case_WLAN(QSTA_TIMEOUT);
2792 case_WLAN(QSTA_CIPHER_NOT_SUPP);
2793 case_WLAN(MESH_PEER_CANCELED);
2794 case_WLAN(MESH_MAX_PEERS);
2795 case_WLAN(MESH_CONFIG);
2796 case_WLAN(MESH_CLOSE);
2797 case_WLAN(MESH_MAX_RETRIES);
2798 case_WLAN(MESH_CONFIRM_TIMEOUT);
2799 case_WLAN(MESH_INVALID_GTK);
2800 case_WLAN(MESH_INCONSISTENT_PARAM);
2801 case_WLAN(MESH_INVALID_SECURITY);
2802 case_WLAN(MESH_PATH_ERROR);
2803 case_WLAN(MESH_PATH_NOFORWARD);
2804 case_WLAN(MESH_PATH_DEST_UNREACHABLE);
2805 case_WLAN(MAC_EXISTS_IN_MBSS);
2806 case_WLAN(MESH_CHAN_REGULATORY);
2807 case_WLAN(MESH_CHAN);
2808 default: return "<unknown>";
2809 }
2810}
2811
2812static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
2813 struct ieee80211_mgmt *mgmt, size_t len)
2814{
2815 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2816 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
2817
2818 sdata_assert_lock(sdata);
2819
2820 if (len < 24 + 2)
2821 return;
2822
2823 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
2824 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
2825 return;
2826 }
2827
2828 if (ifmgd->associated &&
2829 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) {
2830 const u8 *bssid = ifmgd->associated->bssid;
2831
2832 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
2833 bssid, reason_code,
2834 ieee80211_get_reason_code_string(reason_code));
2835
2836 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2837
2838 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
2839 reason_code);
2840 return;
2841 }
2842
2843 if (ifmgd->assoc_data &&
2844 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
2845 const u8 *bssid = ifmgd->assoc_data->bss->bssid;
2846
2847 sdata_info(sdata,
2848 "deauthenticated from %pM while associating (Reason: %u=%s)\n",
2849 bssid, reason_code,
2850 ieee80211_get_reason_code_string(reason_code));
2851
2852 ieee80211_destroy_assoc_data(sdata, false, true);
2853
2854 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2855 return;
2856 }
2857}
2858
2859
2860static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
2861 struct ieee80211_mgmt *mgmt, size_t len)
2862{
2863 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2864 u16 reason_code;
2865
2866 sdata_assert_lock(sdata);
2867
2868 if (len < 24 + 2)
2869 return;
2870
2871 if (!ifmgd->associated ||
2872 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2873 return;
2874
2875 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
2876
2877 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
2878 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
2879 return;
2880 }
2881
2882 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
2883 mgmt->sa, reason_code,
2884 ieee80211_get_reason_code_string(reason_code));
2885
2886 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2887
2888 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code);
2889}
2890
2891static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
2892 u8 *supp_rates, unsigned int supp_rates_len,
2893 u32 *rates, u32 *basic_rates,
2894 bool *have_higher_than_11mbit,
2895 int *min_rate, int *min_rate_index,
2896 int shift)
2897{
2898 int i, j;
2899
2900 for (i = 0; i < supp_rates_len; i++) {
2901 int rate = supp_rates[i] & 0x7f;
2902 bool is_basic = !!(supp_rates[i] & 0x80);
2903
2904 if ((rate * 5 * (1 << shift)) > 110)
2905 *have_higher_than_11mbit = true;
2906
2907 /*
2908 * Skip HT and VHT BSS membership selectors since they're not
2909 * rates.
2910 *
2911 * Note: Even though the membership selector and the basic
2912 * rate flag share the same bit, they are not exactly
2913 * the same.
2914 */
2915 if (supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY) ||
2916 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY))
2917 continue;
2918
2919 for (j = 0; j < sband->n_bitrates; j++) {
2920 struct ieee80211_rate *br;
2921 int brate;
2922
2923 br = &sband->bitrates[j];
2924
2925 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5);
2926 if (brate == rate) {
2927 *rates |= BIT(j);
2928 if (is_basic)
2929 *basic_rates |= BIT(j);
2930 if ((rate * 5) < *min_rate) {
2931 *min_rate = rate * 5;
2932 *min_rate_index = j;
2933 }
2934 break;
2935 }
2936 }
2937 }
2938}
2939
2940static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
2941 struct cfg80211_bss *cbss,
2942 struct ieee80211_mgmt *mgmt, size_t len)
2943{
2944 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2945 struct ieee80211_local *local = sdata->local;
2946 struct ieee80211_supported_band *sband;
2947 struct sta_info *sta;
2948 u8 *pos;
2949 u16 capab_info, aid;
2950 struct ieee802_11_elems elems;
2951 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2952 const struct cfg80211_bss_ies *bss_ies = NULL;
2953 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2954 u32 changed = 0;
2955 int err;
2956 bool ret;
2957
2958 /* AssocResp and ReassocResp have identical structure */
2959
2960 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2961 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2962
2963 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
2964 sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n",
2965 aid);
2966 aid &= ~(BIT(15) | BIT(14));
2967
2968 ifmgd->broken_ap = false;
2969
2970 if (aid == 0 || aid > IEEE80211_MAX_AID) {
2971 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
2972 aid);
2973 aid = 0;
2974 ifmgd->broken_ap = true;
2975 }
2976
2977 pos = mgmt->u.assoc_resp.variable;
2978 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2979
2980 if (!elems.supp_rates) {
2981 sdata_info(sdata, "no SuppRates element in AssocResp\n");
2982 return false;
2983 }
2984
2985 ifmgd->aid = aid;
2986 ifmgd->tdls_chan_switch_prohibited =
2987 elems.ext_capab && elems.ext_capab_len >= 5 &&
2988 (elems.ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED);
2989
2990 /*
2991 * Some APs are erroneously not including some information in their
2992 * (re)association response frames. Try to recover by using the data
2993 * from the beacon or probe response. This seems to afflict mobile
2994 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
2995 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
2996 */
2997 if ((assoc_data->wmm && !elems.wmm_param) ||
2998 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
2999 (!elems.ht_cap_elem || !elems.ht_operation)) ||
3000 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3001 (!elems.vht_cap_elem || !elems.vht_operation))) {
3002 const struct cfg80211_bss_ies *ies;
3003 struct ieee802_11_elems bss_elems;
3004
3005 rcu_read_lock();
3006 ies = rcu_dereference(cbss->ies);
3007 if (ies)
3008 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
3009 GFP_ATOMIC);
3010 rcu_read_unlock();
3011 if (!bss_ies)
3012 return false;
3013
3014 ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
3015 false, &bss_elems);
3016 if (assoc_data->wmm &&
3017 !elems.wmm_param && bss_elems.wmm_param) {
3018 elems.wmm_param = bss_elems.wmm_param;
3019 sdata_info(sdata,
3020 "AP bug: WMM param missing from AssocResp\n");
3021 }
3022
3023 /*
3024 * Also check if we requested HT/VHT, otherwise the AP doesn't
3025 * have to include the IEs in the (re)association response.
3026 */
3027 if (!elems.ht_cap_elem && bss_elems.ht_cap_elem &&
3028 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
3029 elems.ht_cap_elem = bss_elems.ht_cap_elem;
3030 sdata_info(sdata,
3031 "AP bug: HT capability missing from AssocResp\n");
3032 }
3033 if (!elems.ht_operation && bss_elems.ht_operation &&
3034 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
3035 elems.ht_operation = bss_elems.ht_operation;
3036 sdata_info(sdata,
3037 "AP bug: HT operation missing from AssocResp\n");
3038 }
3039 if (!elems.vht_cap_elem && bss_elems.vht_cap_elem &&
3040 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
3041 elems.vht_cap_elem = bss_elems.vht_cap_elem;
3042 sdata_info(sdata,
3043 "AP bug: VHT capa missing from AssocResp\n");
3044 }
3045 if (!elems.vht_operation && bss_elems.vht_operation &&
3046 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
3047 elems.vht_operation = bss_elems.vht_operation;
3048 sdata_info(sdata,
3049 "AP bug: VHT operation missing from AssocResp\n");
3050 }
3051 }
3052
3053 /*
3054 * We previously checked these in the beacon/probe response, so
3055 * they should be present here. This is just a safety net.
3056 */
3057 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3058 (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) {
3059 sdata_info(sdata,
3060 "HT AP is missing WMM params or HT capability/operation\n");
3061 ret = false;
3062 goto out;
3063 }
3064
3065 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3066 (!elems.vht_cap_elem || !elems.vht_operation)) {
3067 sdata_info(sdata,
3068 "VHT AP is missing VHT capability/operation\n");
3069 ret = false;
3070 goto out;
3071 }
3072
3073 mutex_lock(&sdata->local->sta_mtx);
3074 /*
3075 * station info was already allocated and inserted before
3076 * the association and should be available to us
3077 */
3078 sta = sta_info_get(sdata, cbss->bssid);
3079 if (WARN_ON(!sta)) {
3080 mutex_unlock(&sdata->local->sta_mtx);
3081 ret = false;
3082 goto out;
3083 }
3084
3085 sband = ieee80211_get_sband(sdata);
3086 if (!sband) {
3087 mutex_unlock(&sdata->local->sta_mtx);
3088 ret = false;
3089 goto out;
3090 }
3091
3092 /* Set up internal HT/VHT capabilities */
3093 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
3094 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
3095 elems.ht_cap_elem, sta);
3096
3097 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
3098 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
3099 elems.vht_cap_elem, sta);
3100
3101 /*
3102 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
3103 * in their association response, so ignore that data for our own
3104 * configuration. If it changed since the last beacon, we'll get the
3105 * next beacon and update then.
3106 */
3107
3108 /*
3109 * If an operating mode notification IE is present, override the
3110 * NSS calculation (that would be done in rate_control_rate_init())
3111 * and use the # of streams from that element.
3112 */
3113 if (elems.opmode_notif &&
3114 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
3115 u8 nss;
3116
3117 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
3118 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
3119 nss += 1;
3120 sta->sta.rx_nss = nss;
3121 }
3122
3123 rate_control_rate_init(sta);
3124
3125 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) {
3126 set_sta_flag(sta, WLAN_STA_MFP);
3127 sta->sta.mfp = true;
3128 } else {
3129 sta->sta.mfp = false;
3130 }
3131
3132 sta->sta.wme = elems.wmm_param && local->hw.queues >= IEEE80211_NUM_ACS;
3133
3134 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
3135 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
3136 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
3137 if (err) {
3138 sdata_info(sdata,
3139 "failed to move station %pM to desired state\n",
3140 sta->sta.addr);
3141 WARN_ON(__sta_info_destroy(sta));
3142 mutex_unlock(&sdata->local->sta_mtx);
3143 ret = false;
3144 goto out;
3145 }
3146
3147 mutex_unlock(&sdata->local->sta_mtx);
3148
3149 /*
3150 * Always handle WMM once after association regardless
3151 * of the first value the AP uses. Setting -1 here has
3152 * that effect because the AP values is an unsigned
3153 * 4-bit value.
3154 */
3155 ifmgd->wmm_last_param_set = -1;
3156
3157 if (ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
3158 ieee80211_set_wmm_default(sdata, false, false);
3159 } else if (!ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
3160 elems.wmm_param_len)) {
3161 /* still enable QoS since we might have HT/VHT */
3162 ieee80211_set_wmm_default(sdata, false, true);
3163 /* set the disable-WMM flag in this case to disable
3164 * tracking WMM parameter changes in the beacon if
3165 * the parameters weren't actually valid. Doing so
3166 * avoids changing parameters very strangely when
3167 * the AP is going back and forth between valid and
3168 * invalid parameters.
3169 */
3170 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM;
3171 }
3172 changed |= BSS_CHANGED_QOS;
3173
3174 if (elems.max_idle_period_ie) {
3175 bss_conf->max_idle_period =
3176 le16_to_cpu(elems.max_idle_period_ie->max_idle_period);
3177 bss_conf->protected_keep_alive =
3178 !!(elems.max_idle_period_ie->idle_options &
3179 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE);
3180 changed |= BSS_CHANGED_KEEP_ALIVE;
3181 } else {
3182 bss_conf->max_idle_period = 0;
3183 bss_conf->protected_keep_alive = false;
3184 }
3185
3186 /* set AID and assoc capability,
3187 * ieee80211_set_associated() will tell the driver */
3188 bss_conf->aid = aid;
3189 bss_conf->assoc_capability = capab_info;
3190 ieee80211_set_associated(sdata, cbss, changed);
3191
3192 /*
3193 * If we're using 4-addr mode, let the AP know that we're
3194 * doing so, so that it can create the STA VLAN on its side
3195 */
3196 if (ifmgd->use_4addr)
3197 ieee80211_send_4addr_nullfunc(local, sdata);
3198
3199 /*
3200 * Start timer to probe the connection to the AP now.
3201 * Also start the timer that will detect beacon loss.
3202 */
3203 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
3204 ieee80211_sta_reset_beacon_monitor(sdata);
3205
3206 ret = true;
3207 out:
3208 kfree(bss_ies);
3209 return ret;
3210}
3211
3212static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
3213 struct ieee80211_mgmt *mgmt,
3214 size_t len)
3215{
3216 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3217 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
3218 u16 capab_info, status_code, aid;
3219 struct ieee802_11_elems elems;
3220 int ac, uapsd_queues = -1;
3221 u8 *pos;
3222 bool reassoc;
3223 struct cfg80211_bss *bss;
3224 struct ieee80211_event event = {
3225 .type = MLME_EVENT,
3226 .u.mlme.data = ASSOC_EVENT,
3227 };
3228
3229 sdata_assert_lock(sdata);
3230
3231 if (!assoc_data)
3232 return;
3233 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
3234 return;
3235
3236 /*
3237 * AssocResp and ReassocResp have identical structure, so process both
3238 * of them in this function.
3239 */
3240
3241 if (len < 24 + 6)
3242 return;
3243
3244 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control);
3245 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
3246 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
3247 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
3248
3249 sdata_info(sdata,
3250 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
3251 reassoc ? "Rea" : "A", mgmt->sa,
3252 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
3253
3254 if (assoc_data->fils_kek_len &&
3255 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0)
3256 return;
3257
3258 pos = mgmt->u.assoc_resp.variable;
3259 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
3260
3261 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
3262 elems.timeout_int &&
3263 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
3264 u32 tu, ms;
3265 tu = le32_to_cpu(elems.timeout_int->value);
3266 ms = tu * 1024 / 1000;
3267 sdata_info(sdata,
3268 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
3269 mgmt->sa, tu, ms);
3270 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
3271 assoc_data->timeout_started = true;
3272 if (ms > IEEE80211_ASSOC_TIMEOUT)
3273 run_again(sdata, assoc_data->timeout);
3274 return;
3275 }
3276
3277 bss = assoc_data->bss;
3278
3279 if (status_code != WLAN_STATUS_SUCCESS) {
3280 sdata_info(sdata, "%pM denied association (code=%d)\n",
3281 mgmt->sa, status_code);
3282 ieee80211_destroy_assoc_data(sdata, false, false);
3283 event.u.mlme.status = MLME_DENIED;
3284 event.u.mlme.reason = status_code;
3285 drv_event_callback(sdata->local, sdata, &event);
3286 } else {
3287 if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) {
3288 /* oops -- internal error -- send timeout for now */
3289 ieee80211_destroy_assoc_data(sdata, false, false);
3290 cfg80211_assoc_timeout(sdata->dev, bss);
3291 return;
3292 }
3293 event.u.mlme.status = MLME_SUCCESS;
3294 drv_event_callback(sdata->local, sdata, &event);
3295 sdata_info(sdata, "associated\n");
3296
3297 /*
3298 * destroy assoc_data afterwards, as otherwise an idle
3299 * recalc after assoc_data is NULL but before associated
3300 * is set can cause the interface to go idle
3301 */
3302 ieee80211_destroy_assoc_data(sdata, true, false);
3303
3304 /* get uapsd queues configuration */
3305 uapsd_queues = 0;
3306 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
3307 if (sdata->tx_conf[ac].uapsd)
3308 uapsd_queues |= ieee80211_ac_to_qos_mask[ac];
3309 }
3310
3311 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len, uapsd_queues);
3312}
3313
3314static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
3315 struct ieee80211_mgmt *mgmt, size_t len,
3316 struct ieee80211_rx_status *rx_status,
3317 struct ieee802_11_elems *elems)
3318{
3319 struct ieee80211_local *local = sdata->local;
3320 struct ieee80211_bss *bss;
3321 struct ieee80211_channel *channel;
3322
3323 sdata_assert_lock(sdata);
3324
3325 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq);
3326 if (!channel)
3327 return;
3328
3329 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
3330 channel);
3331 if (bss) {
3332 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate;
3333 ieee80211_rx_bss_put(local, bss);
3334 }
3335}
3336
3337
3338static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
3339 struct sk_buff *skb)
3340{
3341 struct ieee80211_mgmt *mgmt = (void *)skb->data;
3342 struct ieee80211_if_managed *ifmgd;
3343 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
3344 size_t baselen, len = skb->len;
3345 struct ieee802_11_elems elems;
3346
3347 ifmgd = &sdata->u.mgd;
3348
3349 sdata_assert_lock(sdata);
3350
3351 if (!ether_addr_equal(mgmt->da, sdata->vif.addr))
3352 return; /* ignore ProbeResp to foreign address */
3353
3354 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
3355 if (baselen > len)
3356 return;
3357
3358 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
3359 false, &elems);
3360
3361 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
3362
3363 if (ifmgd->associated &&
3364 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
3365 ieee80211_reset_ap_probe(sdata);
3366}
3367
3368/*
3369 * This is the canonical list of information elements we care about,
3370 * the filter code also gives us all changes to the Microsoft OUI
3371 * (00:50:F2) vendor IE which is used for WMM which we need to track,
3372 * as well as the DTPC IE (part of the Cisco OUI) used for signaling
3373 * changes to requested client power.
3374 *
3375 * We implement beacon filtering in software since that means we can
3376 * avoid processing the frame here and in cfg80211, and userspace
3377 * will not be able to tell whether the hardware supports it or not.
3378 *
3379 * XXX: This list needs to be dynamic -- userspace needs to be able to
3380 * add items it requires. It also needs to be able to tell us to
3381 * look out for other vendor IEs.
3382 */
3383static const u64 care_about_ies =
3384 (1ULL << WLAN_EID_COUNTRY) |
3385 (1ULL << WLAN_EID_ERP_INFO) |
3386 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
3387 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
3388 (1ULL << WLAN_EID_HT_CAPABILITY) |
3389 (1ULL << WLAN_EID_HT_OPERATION) |
3390 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN);
3391
3392static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
3393 struct ieee80211_mgmt *mgmt, size_t len,
3394 struct ieee80211_rx_status *rx_status)
3395{
3396 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3397 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
3398 size_t baselen;
3399 struct ieee802_11_elems elems;
3400 struct ieee80211_local *local = sdata->local;
3401 struct ieee80211_chanctx_conf *chanctx_conf;
3402 struct ieee80211_channel *chan;
3403 struct sta_info *sta;
3404 u32 changed = 0;
3405 bool erp_valid;
3406 u8 erp_value = 0;
3407 u32 ncrc;
3408 u8 *bssid;
3409 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
3410
3411 sdata_assert_lock(sdata);
3412
3413 /* Process beacon from the current BSS */
3414 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
3415 if (baselen > len)
3416 return;
3417
3418 rcu_read_lock();
3419 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3420 if (!chanctx_conf) {
3421 rcu_read_unlock();
3422 return;
3423 }
3424
3425 if (rx_status->freq != chanctx_conf->def.chan->center_freq) {
3426 rcu_read_unlock();
3427 return;
3428 }
3429 chan = chanctx_conf->def.chan;
3430 rcu_read_unlock();
3431
3432 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
3433 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
3434 ieee802_11_parse_elems(mgmt->u.beacon.variable,
3435 len - baselen, false, &elems);
3436
3437 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
3438 if (elems.tim && !elems.parse_error) {
3439 const struct ieee80211_tim_ie *tim_ie = elems.tim;
3440 ifmgd->dtim_period = tim_ie->dtim_period;
3441 }
3442 ifmgd->have_beacon = true;
3443 ifmgd->assoc_data->need_beacon = false;
3444 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
3445 sdata->vif.bss_conf.sync_tsf =
3446 le64_to_cpu(mgmt->u.beacon.timestamp);
3447 sdata->vif.bss_conf.sync_device_ts =
3448 rx_status->device_timestamp;
3449 if (elems.tim)
3450 sdata->vif.bss_conf.sync_dtim_count =
3451 elems.tim->dtim_count;
3452 else
3453 sdata->vif.bss_conf.sync_dtim_count = 0;
3454 }
3455 /* continue assoc process */
3456 ifmgd->assoc_data->timeout = jiffies;
3457 ifmgd->assoc_data->timeout_started = true;
3458 run_again(sdata, ifmgd->assoc_data->timeout);
3459 return;
3460 }
3461
3462 if (!ifmgd->associated ||
3463 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
3464 return;
3465 bssid = ifmgd->associated->bssid;
3466
3467 /* Track average RSSI from the Beacon frames of the current AP */
3468 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
3469 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
3470 ewma_beacon_signal_init(&ifmgd->ave_beacon_signal);
3471 ifmgd->last_cqm_event_signal = 0;
3472 ifmgd->count_beacon_signal = 1;
3473 ifmgd->last_ave_beacon_signal = 0;
3474 } else {
3475 ifmgd->count_beacon_signal++;
3476 }
3477
3478 ewma_beacon_signal_add(&ifmgd->ave_beacon_signal, -rx_status->signal);
3479
3480 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
3481 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
3482 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3483 int last_sig = ifmgd->last_ave_beacon_signal;
3484 struct ieee80211_event event = {
3485 .type = RSSI_EVENT,
3486 };
3487
3488 /*
3489 * if signal crosses either of the boundaries, invoke callback
3490 * with appropriate parameters
3491 */
3492 if (sig > ifmgd->rssi_max_thold &&
3493 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
3494 ifmgd->last_ave_beacon_signal = sig;
3495 event.u.rssi.data = RSSI_EVENT_HIGH;
3496 drv_event_callback(local, sdata, &event);
3497 } else if (sig < ifmgd->rssi_min_thold &&
3498 (last_sig >= ifmgd->rssi_max_thold ||
3499 last_sig == 0)) {
3500 ifmgd->last_ave_beacon_signal = sig;
3501 event.u.rssi.data = RSSI_EVENT_LOW;
3502 drv_event_callback(local, sdata, &event);
3503 }
3504 }
3505
3506 if (bss_conf->cqm_rssi_thold &&
3507 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
3508 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
3509 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3510 int last_event = ifmgd->last_cqm_event_signal;
3511 int thold = bss_conf->cqm_rssi_thold;
3512 int hyst = bss_conf->cqm_rssi_hyst;
3513
3514 if (sig < thold &&
3515 (last_event == 0 || sig < last_event - hyst)) {
3516 ifmgd->last_cqm_event_signal = sig;
3517 ieee80211_cqm_rssi_notify(
3518 &sdata->vif,
3519 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3520 sig, GFP_KERNEL);
3521 } else if (sig > thold &&
3522 (last_event == 0 || sig > last_event + hyst)) {
3523 ifmgd->last_cqm_event_signal = sig;
3524 ieee80211_cqm_rssi_notify(
3525 &sdata->vif,
3526 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3527 sig, GFP_KERNEL);
3528 }
3529 }
3530
3531 if (bss_conf->cqm_rssi_low &&
3532 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
3533 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3534 int last_event = ifmgd->last_cqm_event_signal;
3535 int low = bss_conf->cqm_rssi_low;
3536 int high = bss_conf->cqm_rssi_high;
3537
3538 if (sig < low &&
3539 (last_event == 0 || last_event >= low)) {
3540 ifmgd->last_cqm_event_signal = sig;
3541 ieee80211_cqm_rssi_notify(
3542 &sdata->vif,
3543 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3544 sig, GFP_KERNEL);
3545 } else if (sig > high &&
3546 (last_event == 0 || last_event <= high)) {
3547 ifmgd->last_cqm_event_signal = sig;
3548 ieee80211_cqm_rssi_notify(
3549 &sdata->vif,
3550 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3551 sig, GFP_KERNEL);
3552 }
3553 }
3554
3555 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
3556 mlme_dbg_ratelimited(sdata,
3557 "cancelling AP probe due to a received beacon\n");
3558 ieee80211_reset_ap_probe(sdata);
3559 }
3560
3561 /*
3562 * Push the beacon loss detection into the future since
3563 * we are processing a beacon from the AP just now.
3564 */
3565 ieee80211_sta_reset_beacon_monitor(sdata);
3566
3567 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
3568 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
3569 len - baselen, false, &elems,
3570 care_about_ies, ncrc);
3571
3572 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
3573 ieee80211_check_tim(elems.tim, elems.tim_len, ifmgd->aid)) {
3574 if (local->hw.conf.dynamic_ps_timeout > 0) {
3575 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
3576 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
3577 ieee80211_hw_config(local,
3578 IEEE80211_CONF_CHANGE_PS);
3579 }
3580 ieee80211_send_nullfunc(local, sdata, false);
3581 } else if (!local->pspolling && sdata->u.mgd.powersave) {
3582 local->pspolling = true;
3583
3584 /*
3585 * Here is assumed that the driver will be
3586 * able to send ps-poll frame and receive a
3587 * response even though power save mode is
3588 * enabled, but some drivers might require
3589 * to disable power save here. This needs
3590 * to be investigated.
3591 */
3592 ieee80211_send_pspoll(local, sdata);
3593 }
3594 }
3595
3596 if (sdata->vif.p2p ||
3597 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
3598 struct ieee80211_p2p_noa_attr noa = {};
3599 int ret;
3600
3601 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
3602 len - baselen,
3603 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
3604 (u8 *) &noa, sizeof(noa));
3605 if (ret >= 2) {
3606 if (sdata->u.mgd.p2p_noa_index != noa.index) {
3607 /* valid noa_attr and index changed */
3608 sdata->u.mgd.p2p_noa_index = noa.index;
3609 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
3610 changed |= BSS_CHANGED_P2P_PS;
3611 /*
3612 * make sure we update all information, the CRC
3613 * mechanism doesn't look at P2P attributes.
3614 */
3615 ifmgd->beacon_crc_valid = false;
3616 }
3617 } else if (sdata->u.mgd.p2p_noa_index != -1) {
3618 /* noa_attr not found and we had valid noa_attr before */
3619 sdata->u.mgd.p2p_noa_index = -1;
3620 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
3621 changed |= BSS_CHANGED_P2P_PS;
3622 ifmgd->beacon_crc_valid = false;
3623 }
3624 }
3625
3626 if (ifmgd->csa_waiting_bcn)
3627 ieee80211_chswitch_post_beacon(sdata);
3628
3629 /*
3630 * Update beacon timing and dtim count on every beacon appearance. This
3631 * will allow the driver to use the most updated values. Do it before
3632 * comparing this one with last received beacon.
3633 * IMPORTANT: These parameters would possibly be out of sync by the time
3634 * the driver will use them. The synchronized view is currently
3635 * guaranteed only in certain callbacks.
3636 */
3637 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
3638 sdata->vif.bss_conf.sync_tsf =
3639 le64_to_cpu(mgmt->u.beacon.timestamp);
3640 sdata->vif.bss_conf.sync_device_ts =
3641 rx_status->device_timestamp;
3642 if (elems.tim)
3643 sdata->vif.bss_conf.sync_dtim_count =
3644 elems.tim->dtim_count;
3645 else
3646 sdata->vif.bss_conf.sync_dtim_count = 0;
3647 }
3648
3649 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
3650 return;
3651 ifmgd->beacon_crc = ncrc;
3652 ifmgd->beacon_crc_valid = true;
3653
3654 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
3655
3656 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
3657 rx_status->device_timestamp,
3658 &elems, true);
3659
3660 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) &&
3661 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
3662 elems.wmm_param_len))
3663 changed |= BSS_CHANGED_QOS;
3664
3665 /*
3666 * If we haven't had a beacon before, tell the driver about the
3667 * DTIM period (and beacon timing if desired) now.
3668 */
3669 if (!ifmgd->have_beacon) {
3670 /* a few bogus AP send dtim_period = 0 or no TIM IE */
3671 if (elems.tim)
3672 bss_conf->dtim_period = elems.tim->dtim_period ?: 1;
3673 else
3674 bss_conf->dtim_period = 1;
3675
3676 changed |= BSS_CHANGED_BEACON_INFO;
3677 ifmgd->have_beacon = true;
3678
3679 mutex_lock(&local->iflist_mtx);
3680 ieee80211_recalc_ps(local);
3681 mutex_unlock(&local->iflist_mtx);
3682
3683 ieee80211_recalc_ps_vif(sdata);
3684 }
3685
3686 if (elems.erp_info) {
3687 erp_valid = true;
3688 erp_value = elems.erp_info[0];
3689 } else {
3690 erp_valid = false;
3691 }
3692 changed |= ieee80211_handle_bss_capability(sdata,
3693 le16_to_cpu(mgmt->u.beacon.capab_info),
3694 erp_valid, erp_value);
3695
3696 mutex_lock(&local->sta_mtx);
3697 sta = sta_info_get(sdata, bssid);
3698
3699 if (ieee80211_config_bw(sdata, sta,
3700 elems.ht_cap_elem, elems.ht_operation,
3701 elems.vht_operation, bssid, &changed)) {
3702 mutex_unlock(&local->sta_mtx);
3703 sdata_info(sdata,
3704 "failed to follow AP %pM bandwidth change, disconnect\n",
3705 bssid);
3706 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3707 WLAN_REASON_DEAUTH_LEAVING,
3708 true, deauth_buf);
3709 ieee80211_report_disconnect(sdata, deauth_buf,
3710 sizeof(deauth_buf), true,
3711 WLAN_REASON_DEAUTH_LEAVING);
3712 return;
3713 }
3714
3715 if (sta && elems.opmode_notif)
3716 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
3717 rx_status->band);
3718 mutex_unlock(&local->sta_mtx);
3719
3720 changed |= ieee80211_handle_pwr_constr(sdata, chan, mgmt,
3721 elems.country_elem,
3722 elems.country_elem_len,
3723 elems.pwr_constr_elem,
3724 elems.cisco_dtpc_elem);
3725
3726 ieee80211_bss_info_change_notify(sdata, changed);
3727}
3728
3729void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3730 struct sk_buff *skb)
3731{
3732 struct ieee80211_rx_status *rx_status;
3733 struct ieee80211_mgmt *mgmt;
3734 u16 fc;
3735 struct ieee802_11_elems elems;
3736 int ies_len;
3737
3738 rx_status = (struct ieee80211_rx_status *) skb->cb;
3739 mgmt = (struct ieee80211_mgmt *) skb->data;
3740 fc = le16_to_cpu(mgmt->frame_control);
3741
3742 sdata_lock(sdata);
3743
3744 switch (fc & IEEE80211_FCTL_STYPE) {
3745 case IEEE80211_STYPE_BEACON:
3746 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
3747 break;
3748 case IEEE80211_STYPE_PROBE_RESP:
3749 ieee80211_rx_mgmt_probe_resp(sdata, skb);
3750 break;
3751 case IEEE80211_STYPE_AUTH:
3752 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
3753 break;
3754 case IEEE80211_STYPE_DEAUTH:
3755 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
3756 break;
3757 case IEEE80211_STYPE_DISASSOC:
3758 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
3759 break;
3760 case IEEE80211_STYPE_ASSOC_RESP:
3761 case IEEE80211_STYPE_REASSOC_RESP:
3762 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
3763 break;
3764 case IEEE80211_STYPE_ACTION:
3765 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
3766 ies_len = skb->len -
3767 offsetof(struct ieee80211_mgmt,
3768 u.action.u.chan_switch.variable);
3769
3770 if (ies_len < 0)
3771 break;
3772
3773 ieee802_11_parse_elems(
3774 mgmt->u.action.u.chan_switch.variable,
3775 ies_len, true, &elems);
3776
3777 if (elems.parse_error)
3778 break;
3779
3780 ieee80211_sta_process_chanswitch(sdata,
3781 rx_status->mactime,
3782 rx_status->device_timestamp,
3783 &elems, false);
3784 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
3785 ies_len = skb->len -
3786 offsetof(struct ieee80211_mgmt,
3787 u.action.u.ext_chan_switch.variable);
3788
3789 if (ies_len < 0)
3790 break;
3791
3792 ieee802_11_parse_elems(
3793 mgmt->u.action.u.ext_chan_switch.variable,
3794 ies_len, true, &elems);
3795
3796 if (elems.parse_error)
3797 break;
3798
3799 /* for the handling code pretend this was also an IE */
3800 elems.ext_chansw_ie =
3801 &mgmt->u.action.u.ext_chan_switch.data;
3802
3803 ieee80211_sta_process_chanswitch(sdata,
3804 rx_status->mactime,
3805 rx_status->device_timestamp,
3806 &elems, false);
3807 }
3808 break;
3809 }
3810 sdata_unlock(sdata);
3811}
3812
3813static void ieee80211_sta_timer(unsigned long data)
3814{
3815 struct ieee80211_sub_if_data *sdata =
3816 (struct ieee80211_sub_if_data *) data;
3817
3818 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3819}
3820
3821static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
3822 u8 *bssid, u8 reason, bool tx)
3823{
3824 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3825
3826 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
3827 tx, frame_buf);
3828
3829 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
3830 reason);
3831}
3832
3833static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
3834{
3835 struct ieee80211_local *local = sdata->local;
3836 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3837 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
3838 u32 tx_flags = 0;
3839 u16 trans = 1;
3840 u16 status = 0;
3841
3842 sdata_assert_lock(sdata);
3843
3844 if (WARN_ON_ONCE(!auth_data))
3845 return -EINVAL;
3846
3847 auth_data->tries++;
3848
3849 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
3850 sdata_info(sdata, "authentication with %pM timed out\n",
3851 auth_data->bss->bssid);
3852
3853 /*
3854 * Most likely AP is not in the range so remove the
3855 * bss struct for that AP.
3856 */
3857 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
3858
3859 return -ETIMEDOUT;
3860 }
3861
3862 drv_mgd_prepare_tx(local, sdata);
3863
3864 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
3865 auth_data->bss->bssid, auth_data->tries,
3866 IEEE80211_AUTH_MAX_TRIES);
3867
3868 auth_data->expected_transaction = 2;
3869
3870 if (auth_data->algorithm == WLAN_AUTH_SAE) {
3871 trans = auth_data->sae_trans;
3872 status = auth_data->sae_status;
3873 auth_data->expected_transaction = trans;
3874 }
3875
3876 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
3877 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
3878 IEEE80211_TX_INTFL_MLME_CONN_TX;
3879
3880 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
3881 auth_data->data, auth_data->data_len,
3882 auth_data->bss->bssid,
3883 auth_data->bss->bssid, NULL, 0, 0,
3884 tx_flags);
3885
3886 if (tx_flags == 0) {
3887 if (auth_data->algorithm == WLAN_AUTH_SAE)
3888 auth_data->timeout = jiffies +
3889 IEEE80211_AUTH_TIMEOUT_SAE;
3890 else
3891 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
3892 } else {
3893 auth_data->timeout =
3894 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
3895 }
3896
3897 auth_data->timeout_started = true;
3898 run_again(sdata, auth_data->timeout);
3899
3900 return 0;
3901}
3902
3903static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
3904{
3905 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
3906 struct ieee80211_local *local = sdata->local;
3907
3908 sdata_assert_lock(sdata);
3909
3910 assoc_data->tries++;
3911 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
3912 sdata_info(sdata, "association with %pM timed out\n",
3913 assoc_data->bss->bssid);
3914
3915 /*
3916 * Most likely AP is not in the range so remove the
3917 * bss struct for that AP.
3918 */
3919 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
3920
3921 return -ETIMEDOUT;
3922 }
3923
3924 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
3925 assoc_data->bss->bssid, assoc_data->tries,
3926 IEEE80211_ASSOC_MAX_TRIES);
3927 ieee80211_send_assoc(sdata);
3928
3929 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
3930 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
3931 assoc_data->timeout_started = true;
3932 run_again(sdata, assoc_data->timeout);
3933 } else {
3934 assoc_data->timeout =
3935 round_jiffies_up(jiffies +
3936 IEEE80211_ASSOC_TIMEOUT_LONG);
3937 assoc_data->timeout_started = true;
3938 run_again(sdata, assoc_data->timeout);
3939 }
3940
3941 return 0;
3942}
3943
3944void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
3945 __le16 fc, bool acked)
3946{
3947 struct ieee80211_local *local = sdata->local;
3948
3949 sdata->u.mgd.status_fc = fc;
3950 sdata->u.mgd.status_acked = acked;
3951 sdata->u.mgd.status_received = true;
3952
3953 ieee80211_queue_work(&local->hw, &sdata->work);
3954}
3955
3956void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
3957{
3958 struct ieee80211_local *local = sdata->local;
3959 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3960
3961 sdata_lock(sdata);
3962
3963 if (ifmgd->status_received) {
3964 __le16 fc = ifmgd->status_fc;
3965 bool status_acked = ifmgd->status_acked;
3966
3967 ifmgd->status_received = false;
3968 if (ifmgd->auth_data && ieee80211_is_auth(fc)) {
3969 if (status_acked) {
3970 if (ifmgd->auth_data->algorithm ==
3971 WLAN_AUTH_SAE)
3972 ifmgd->auth_data->timeout =
3973 jiffies +
3974 IEEE80211_AUTH_TIMEOUT_SAE;
3975 else
3976 ifmgd->auth_data->timeout =
3977 jiffies +
3978 IEEE80211_AUTH_TIMEOUT_SHORT;
3979 run_again(sdata, ifmgd->auth_data->timeout);
3980 } else {
3981 ifmgd->auth_data->timeout = jiffies - 1;
3982 }
3983 ifmgd->auth_data->timeout_started = true;
3984 } else if (ifmgd->assoc_data &&
3985 (ieee80211_is_assoc_req(fc) ||
3986 ieee80211_is_reassoc_req(fc))) {
3987 if (status_acked) {
3988 ifmgd->assoc_data->timeout =
3989 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
3990 run_again(sdata, ifmgd->assoc_data->timeout);
3991 } else {
3992 ifmgd->assoc_data->timeout = jiffies - 1;
3993 }
3994 ifmgd->assoc_data->timeout_started = true;
3995 }
3996 }
3997
3998 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
3999 time_after(jiffies, ifmgd->auth_data->timeout)) {
4000 if (ifmgd->auth_data->done) {
4001 /*
4002 * ok ... we waited for assoc but userspace didn't,
4003 * so let's just kill the auth data
4004 */
4005 ieee80211_destroy_auth_data(sdata, false);
4006 } else if (ieee80211_auth(sdata)) {
4007 u8 bssid[ETH_ALEN];
4008 struct ieee80211_event event = {
4009 .type = MLME_EVENT,
4010 .u.mlme.data = AUTH_EVENT,
4011 .u.mlme.status = MLME_TIMEOUT,
4012 };
4013
4014 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
4015
4016 ieee80211_destroy_auth_data(sdata, false);
4017
4018 cfg80211_auth_timeout(sdata->dev, bssid);
4019 drv_event_callback(sdata->local, sdata, &event);
4020 }
4021 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
4022 run_again(sdata, ifmgd->auth_data->timeout);
4023
4024 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
4025 time_after(jiffies, ifmgd->assoc_data->timeout)) {
4026 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) ||
4027 ieee80211_do_assoc(sdata)) {
4028 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
4029 struct ieee80211_event event = {
4030 .type = MLME_EVENT,
4031 .u.mlme.data = ASSOC_EVENT,
4032 .u.mlme.status = MLME_TIMEOUT,
4033 };
4034
4035 ieee80211_destroy_assoc_data(sdata, false, false);
4036 cfg80211_assoc_timeout(sdata->dev, bss);
4037 drv_event_callback(sdata->local, sdata, &event);
4038 }
4039 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
4040 run_again(sdata, ifmgd->assoc_data->timeout);
4041
4042 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
4043 ifmgd->associated) {
4044 u8 bssid[ETH_ALEN];
4045 int max_tries;
4046
4047 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
4048
4049 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4050 max_tries = max_nullfunc_tries;
4051 else
4052 max_tries = max_probe_tries;
4053
4054 /* ACK received for nullfunc probing frame */
4055 if (!ifmgd->probe_send_count)
4056 ieee80211_reset_ap_probe(sdata);
4057 else if (ifmgd->nullfunc_failed) {
4058 if (ifmgd->probe_send_count < max_tries) {
4059 mlme_dbg(sdata,
4060 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
4061 bssid, ifmgd->probe_send_count,
4062 max_tries);
4063 ieee80211_mgd_probe_ap_send(sdata);
4064 } else {
4065 mlme_dbg(sdata,
4066 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
4067 bssid);
4068 ieee80211_sta_connection_lost(sdata, bssid,
4069 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4070 false);
4071 }
4072 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
4073 run_again(sdata, ifmgd->probe_timeout);
4074 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
4075 mlme_dbg(sdata,
4076 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
4077 bssid, probe_wait_ms);
4078 ieee80211_sta_connection_lost(sdata, bssid,
4079 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
4080 } else if (ifmgd->probe_send_count < max_tries) {
4081 mlme_dbg(sdata,
4082 "No probe response from AP %pM after %dms, try %d/%i\n",
4083 bssid, probe_wait_ms,
4084 ifmgd->probe_send_count, max_tries);
4085 ieee80211_mgd_probe_ap_send(sdata);
4086 } else {
4087 /*
4088 * We actually lost the connection ... or did we?
4089 * Let's make sure!
4090 */
4091 mlme_dbg(sdata,
4092 "No probe response from AP %pM after %dms, disconnecting.\n",
4093 bssid, probe_wait_ms);
4094
4095 ieee80211_sta_connection_lost(sdata, bssid,
4096 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
4097 }
4098 }
4099
4100 sdata_unlock(sdata);
4101}
4102
4103static void ieee80211_sta_bcn_mon_timer(unsigned long data)
4104{
4105 struct ieee80211_sub_if_data *sdata =
4106 (struct ieee80211_sub_if_data *) data;
4107 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4108
4109 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn)
4110 return;
4111
4112 sdata->u.mgd.connection_loss = false;
4113 ieee80211_queue_work(&sdata->local->hw,
4114 &sdata->u.mgd.beacon_connection_loss_work);
4115}
4116
4117static void ieee80211_sta_conn_mon_timer(unsigned long data)
4118{
4119 struct ieee80211_sub_if_data *sdata =
4120 (struct ieee80211_sub_if_data *) data;
4121 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4122 struct ieee80211_local *local = sdata->local;
4123
4124 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn)
4125 return;
4126
4127 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
4128}
4129
4130static void ieee80211_sta_monitor_work(struct work_struct *work)
4131{
4132 struct ieee80211_sub_if_data *sdata =
4133 container_of(work, struct ieee80211_sub_if_data,
4134 u.mgd.monitor_work);
4135
4136 ieee80211_mgd_probe_ap(sdata, false);
4137}
4138
4139static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
4140{
4141 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
4142 __ieee80211_stop_poll(sdata);
4143
4144 /* let's probe the connection once */
4145 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
4146 ieee80211_queue_work(&sdata->local->hw,
4147 &sdata->u.mgd.monitor_work);
4148 }
4149}
4150
4151#ifdef CONFIG_PM
4152void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
4153{
4154 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4155 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4156
4157 sdata_lock(sdata);
4158
4159 if (ifmgd->auth_data || ifmgd->assoc_data) {
4160 const u8 *bssid = ifmgd->auth_data ?
4161 ifmgd->auth_data->bss->bssid :
4162 ifmgd->assoc_data->bss->bssid;
4163
4164 /*
4165 * If we are trying to authenticate / associate while suspending,
4166 * cfg80211 won't know and won't actually abort those attempts,
4167 * thus we need to do that ourselves.
4168 */
4169 ieee80211_send_deauth_disassoc(sdata, bssid,
4170 IEEE80211_STYPE_DEAUTH,
4171 WLAN_REASON_DEAUTH_LEAVING,
4172 false, frame_buf);
4173 if (ifmgd->assoc_data)
4174 ieee80211_destroy_assoc_data(sdata, false, true);
4175 if (ifmgd->auth_data)
4176 ieee80211_destroy_auth_data(sdata, false);
4177 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4178 IEEE80211_DEAUTH_FRAME_LEN);
4179 }
4180
4181 /* This is a bit of a hack - we should find a better and more generic
4182 * solution to this. Normally when suspending, cfg80211 will in fact
4183 * deauthenticate. However, it doesn't (and cannot) stop an ongoing
4184 * auth (not so important) or assoc (this is the problem) process.
4185 *
4186 * As a consequence, it can happen that we are in the process of both
4187 * associating and suspending, and receive an association response
4188 * after cfg80211 has checked if it needs to disconnect, but before
4189 * we actually set the flag to drop incoming frames. This will then
4190 * cause the workqueue flush to process the association response in
4191 * the suspend, resulting in a successful association just before it
4192 * tries to remove the interface from the driver, which now though
4193 * has a channel context assigned ... this results in issues.
4194 *
4195 * To work around this (for now) simply deauth here again if we're
4196 * now connected.
4197 */
4198 if (ifmgd->associated && !sdata->local->wowlan) {
4199 u8 bssid[ETH_ALEN];
4200 struct cfg80211_deauth_request req = {
4201 .reason_code = WLAN_REASON_DEAUTH_LEAVING,
4202 .bssid = bssid,
4203 };
4204
4205 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
4206 ieee80211_mgd_deauth(sdata, &req);
4207 }
4208
4209 sdata_unlock(sdata);
4210}
4211
4212void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
4213{
4214 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4215
4216 sdata_lock(sdata);
4217 if (!ifmgd->associated) {
4218 sdata_unlock(sdata);
4219 return;
4220 }
4221
4222 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
4223 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
4224 mlme_dbg(sdata, "driver requested disconnect after resume\n");
4225 ieee80211_sta_connection_lost(sdata,
4226 ifmgd->associated->bssid,
4227 WLAN_REASON_UNSPECIFIED,
4228 true);
4229 sdata_unlock(sdata);
4230 return;
4231 }
4232 sdata_unlock(sdata);
4233}
4234#endif
4235
4236/* interface setup */
4237void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
4238{
4239 struct ieee80211_if_managed *ifmgd;
4240
4241 ifmgd = &sdata->u.mgd;
4242 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
4243 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
4244 INIT_WORK(&ifmgd->beacon_connection_loss_work,
4245 ieee80211_beacon_connection_loss_work);
4246 INIT_WORK(&ifmgd->csa_connection_drop_work,
4247 ieee80211_csa_connection_drop_work);
4248 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work);
4249 INIT_DELAYED_WORK(&ifmgd->tdls_peer_del_work,
4250 ieee80211_tdls_peer_del_work);
4251 setup_timer(&ifmgd->timer, ieee80211_sta_timer,
4252 (unsigned long) sdata);
4253 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
4254 (unsigned long) sdata);
4255 setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer,
4256 (unsigned long) sdata);
4257 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
4258 (unsigned long) sdata);
4259 INIT_DELAYED_WORK(&ifmgd->tx_tspec_wk,
4260 ieee80211_sta_handle_tspec_ac_params_wk);
4261
4262 ifmgd->flags = 0;
4263 ifmgd->powersave = sdata->wdev.ps;
4264 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
4265 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
4266 ifmgd->p2p_noa_index = -1;
4267
4268 if (sdata->local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS)
4269 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
4270 else
4271 ifmgd->req_smps = IEEE80211_SMPS_OFF;
4272
4273 /* Setup TDLS data */
4274 spin_lock_init(&ifmgd->teardown_lock);
4275 ifmgd->teardown_skb = NULL;
4276 ifmgd->orig_teardown_skb = NULL;
4277}
4278
4279/* scan finished notification */
4280void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
4281{
4282 struct ieee80211_sub_if_data *sdata;
4283
4284 /* Restart STA timers */
4285 rcu_read_lock();
4286 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
4287 if (ieee80211_sdata_running(sdata))
4288 ieee80211_restart_sta_timer(sdata);
4289 }
4290 rcu_read_unlock();
4291}
4292
4293static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata,
4294 struct cfg80211_bss *cbss)
4295{
4296 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4297 const u8 *ht_cap_ie, *vht_cap_ie;
4298 const struct ieee80211_ht_cap *ht_cap;
4299 const struct ieee80211_vht_cap *vht_cap;
4300 u8 chains = 1;
4301
4302 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT)
4303 return chains;
4304
4305 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
4306 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) {
4307 ht_cap = (void *)(ht_cap_ie + 2);
4308 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
4309 /*
4310 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
4311 * "Tx Unequal Modulation Supported" fields.
4312 */
4313 }
4314
4315 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
4316 return chains;
4317
4318 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
4319 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) {
4320 u8 nss;
4321 u16 tx_mcs_map;
4322
4323 vht_cap = (void *)(vht_cap_ie + 2);
4324 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
4325 for (nss = 8; nss > 0; nss--) {
4326 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
4327 IEEE80211_VHT_MCS_NOT_SUPPORTED)
4328 break;
4329 }
4330 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
4331 chains = max(chains, nss);
4332 }
4333
4334 return chains;
4335}
4336
4337static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
4338 struct cfg80211_bss *cbss)
4339{
4340 struct ieee80211_local *local = sdata->local;
4341 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4342 const struct ieee80211_ht_cap *ht_cap = NULL;
4343 const struct ieee80211_ht_operation *ht_oper = NULL;
4344 const struct ieee80211_vht_operation *vht_oper = NULL;
4345 struct ieee80211_supported_band *sband;
4346 struct cfg80211_chan_def chandef;
4347 int ret;
4348 u32 i;
4349 bool have_80mhz;
4350
4351 sband = local->hw.wiphy->bands[cbss->channel->band];
4352
4353 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
4354 IEEE80211_STA_DISABLE_80P80MHZ |
4355 IEEE80211_STA_DISABLE_160MHZ);
4356
4357 rcu_read_lock();
4358
4359 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
4360 sband->ht_cap.ht_supported) {
4361 const u8 *ht_oper_ie, *ht_cap_ie;
4362
4363 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
4364 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
4365 ht_oper = (void *)(ht_oper_ie + 2);
4366
4367 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
4368 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap))
4369 ht_cap = (void *)(ht_cap_ie + 2);
4370
4371 if (!ht_cap) {
4372 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4373 ht_oper = NULL;
4374 }
4375 }
4376
4377 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
4378 sband->vht_cap.vht_supported) {
4379 const u8 *vht_oper_ie, *vht_cap;
4380
4381 vht_oper_ie = ieee80211_bss_get_ie(cbss,
4382 WLAN_EID_VHT_OPERATION);
4383 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
4384 vht_oper = (void *)(vht_oper_ie + 2);
4385 if (vht_oper && !ht_oper) {
4386 vht_oper = NULL;
4387 sdata_info(sdata,
4388 "AP advertised VHT without HT, disabling both\n");
4389 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4390 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4391 }
4392
4393 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
4394 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
4395 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4396 vht_oper = NULL;
4397 }
4398 }
4399
4400 /* Allow VHT if at least one channel on the sband supports 80 MHz */
4401 have_80mhz = false;
4402 for (i = 0; i < sband->n_channels; i++) {
4403 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED |
4404 IEEE80211_CHAN_NO_80MHZ))
4405 continue;
4406
4407 have_80mhz = true;
4408 break;
4409 }
4410
4411 if (!have_80mhz)
4412 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4413
4414 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
4415 cbss->channel,
4416 ht_cap, ht_oper, vht_oper,
4417 &chandef, false);
4418
4419 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
4420 local->rx_chains);
4421
4422 rcu_read_unlock();
4423
4424 /* will change later if needed */
4425 sdata->smps_mode = IEEE80211_SMPS_OFF;
4426
4427 mutex_lock(&local->mtx);
4428 /*
4429 * If this fails (possibly due to channel context sharing
4430 * on incompatible channels, e.g. 80+80 and 160 sharing the
4431 * same control channel) try to use a smaller bandwidth.
4432 */
4433 ret = ieee80211_vif_use_channel(sdata, &chandef,
4434 IEEE80211_CHANCTX_SHARED);
4435
4436 /* don't downgrade for 5 and 10 MHz channels, though. */
4437 if (chandef.width == NL80211_CHAN_WIDTH_5 ||
4438 chandef.width == NL80211_CHAN_WIDTH_10)
4439 goto out;
4440
4441 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
4442 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef);
4443 ret = ieee80211_vif_use_channel(sdata, &chandef,
4444 IEEE80211_CHANCTX_SHARED);
4445 }
4446 out:
4447 mutex_unlock(&local->mtx);
4448 return ret;
4449}
4450
4451static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
4452 struct cfg80211_bss *cbss, bool assoc,
4453 bool override)
4454{
4455 struct ieee80211_local *local = sdata->local;
4456 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4457 struct ieee80211_bss *bss = (void *)cbss->priv;
4458 struct sta_info *new_sta = NULL;
4459 struct ieee80211_supported_band *sband;
4460 bool have_sta = false;
4461 int err;
4462
4463 sband = local->hw.wiphy->bands[cbss->channel->band];
4464
4465 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
4466 return -EINVAL;
4467
4468 /* If a reconfig is happening, bail out */
4469 if (local->in_reconfig)
4470 return -EBUSY;
4471
4472 if (assoc) {
4473 rcu_read_lock();
4474 have_sta = sta_info_get(sdata, cbss->bssid);
4475 rcu_read_unlock();
4476 }
4477
4478 if (!have_sta) {
4479 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
4480 if (!new_sta)
4481 return -ENOMEM;
4482 }
4483
4484 /*
4485 * Set up the information for the new channel before setting the
4486 * new channel. We can't - completely race-free - change the basic
4487 * rates bitmap and the channel (sband) that it refers to, but if
4488 * we set it up before we at least avoid calling into the driver's
4489 * bss_info_changed() method with invalid information (since we do
4490 * call that from changing the channel - only for IDLE and perhaps
4491 * some others, but ...).
4492 *
4493 * So to avoid that, just set up all the new information before the
4494 * channel, but tell the driver to apply it only afterwards, since
4495 * it might need the new channel for that.
4496 */
4497 if (new_sta) {
4498 u32 rates = 0, basic_rates = 0;
4499 bool have_higher_than_11mbit;
4500 int min_rate = INT_MAX, min_rate_index = -1;
4501 const struct cfg80211_bss_ies *ies;
4502 int shift = ieee80211_vif_get_shift(&sdata->vif);
4503
4504 ieee80211_get_rates(sband, bss->supp_rates,
4505 bss->supp_rates_len,
4506 &rates, &basic_rates,
4507 &have_higher_than_11mbit,
4508 &min_rate, &min_rate_index,
4509 shift);
4510
4511 /*
4512 * This used to be a workaround for basic rates missing
4513 * in the association response frame. Now that we no
4514 * longer use the basic rates from there, it probably
4515 * doesn't happen any more, but keep the workaround so
4516 * in case some *other* APs are buggy in different ways
4517 * we can connect -- with a warning.
4518 */
4519 if (!basic_rates && min_rate_index >= 0) {
4520 sdata_info(sdata,
4521 "No basic rates, using min rate instead\n");
4522 basic_rates = BIT(min_rate_index);
4523 }
4524
4525 new_sta->sta.supp_rates[cbss->channel->band] = rates;
4526 sdata->vif.bss_conf.basic_rates = basic_rates;
4527
4528 /* cf. IEEE 802.11 9.2.12 */
4529 if (cbss->channel->band == NL80211_BAND_2GHZ &&
4530 have_higher_than_11mbit)
4531 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
4532 else
4533 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
4534
4535 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
4536
4537 /* set timing information */
4538 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
4539 rcu_read_lock();
4540 ies = rcu_dereference(cbss->beacon_ies);
4541 if (ies) {
4542 const u8 *tim_ie;
4543
4544 sdata->vif.bss_conf.sync_tsf = ies->tsf;
4545 sdata->vif.bss_conf.sync_device_ts =
4546 bss->device_ts_beacon;
4547 tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
4548 ies->data, ies->len);
4549 if (tim_ie && tim_ie[1] >= 2)
4550 sdata->vif.bss_conf.sync_dtim_count = tim_ie[2];
4551 else
4552 sdata->vif.bss_conf.sync_dtim_count = 0;
4553 } else if (!ieee80211_hw_check(&sdata->local->hw,
4554 TIMING_BEACON_ONLY)) {
4555 ies = rcu_dereference(cbss->proberesp_ies);
4556 /* must be non-NULL since beacon IEs were NULL */
4557 sdata->vif.bss_conf.sync_tsf = ies->tsf;
4558 sdata->vif.bss_conf.sync_device_ts =
4559 bss->device_ts_presp;
4560 sdata->vif.bss_conf.sync_dtim_count = 0;
4561 } else {
4562 sdata->vif.bss_conf.sync_tsf = 0;
4563 sdata->vif.bss_conf.sync_device_ts = 0;
4564 sdata->vif.bss_conf.sync_dtim_count = 0;
4565 }
4566 rcu_read_unlock();
4567 }
4568
4569 if (new_sta || override) {
4570 err = ieee80211_prep_channel(sdata, cbss);
4571 if (err) {
4572 if (new_sta)
4573 sta_info_free(local, new_sta);
4574 return -EINVAL;
4575 }
4576 }
4577
4578 if (new_sta) {
4579 /*
4580 * tell driver about BSSID, basic rates and timing
4581 * this was set up above, before setting the channel
4582 */
4583 ieee80211_bss_info_change_notify(sdata,
4584 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
4585 BSS_CHANGED_BEACON_INT);
4586
4587 if (assoc)
4588 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
4589
4590 err = sta_info_insert(new_sta);
4591 new_sta = NULL;
4592 if (err) {
4593 sdata_info(sdata,
4594 "failed to insert STA entry for the AP (error %d)\n",
4595 err);
4596 return err;
4597 }
4598 } else
4599 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
4600
4601 /* Cancel scan to ensure that nothing interferes with connection */
4602 if (local->scanning)
4603 ieee80211_scan_cancel(local);
4604
4605 return 0;
4606}
4607
4608/* config hooks */
4609int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
4610 struct cfg80211_auth_request *req)
4611{
4612 struct ieee80211_local *local = sdata->local;
4613 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4614 struct ieee80211_mgd_auth_data *auth_data;
4615 u16 auth_alg;
4616 int err;
4617
4618 /* prepare auth data structure */
4619
4620 switch (req->auth_type) {
4621 case NL80211_AUTHTYPE_OPEN_SYSTEM:
4622 auth_alg = WLAN_AUTH_OPEN;
4623 break;
4624 case NL80211_AUTHTYPE_SHARED_KEY:
4625 if (IS_ERR(local->wep_tx_tfm))
4626 return -EOPNOTSUPP;
4627 auth_alg = WLAN_AUTH_SHARED_KEY;
4628 break;
4629 case NL80211_AUTHTYPE_FT:
4630 auth_alg = WLAN_AUTH_FT;
4631 break;
4632 case NL80211_AUTHTYPE_NETWORK_EAP:
4633 auth_alg = WLAN_AUTH_LEAP;
4634 break;
4635 case NL80211_AUTHTYPE_SAE:
4636 auth_alg = WLAN_AUTH_SAE;
4637 break;
4638 case NL80211_AUTHTYPE_FILS_SK:
4639 auth_alg = WLAN_AUTH_FILS_SK;
4640 break;
4641 case NL80211_AUTHTYPE_FILS_SK_PFS:
4642 auth_alg = WLAN_AUTH_FILS_SK_PFS;
4643 break;
4644 case NL80211_AUTHTYPE_FILS_PK:
4645 auth_alg = WLAN_AUTH_FILS_PK;
4646 break;
4647 default:
4648 return -EOPNOTSUPP;
4649 }
4650
4651 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len +
4652 req->ie_len, GFP_KERNEL);
4653 if (!auth_data)
4654 return -ENOMEM;
4655
4656 auth_data->bss = req->bss;
4657
4658 if (req->auth_data_len >= 4) {
4659 if (req->auth_type == NL80211_AUTHTYPE_SAE) {
4660 __le16 *pos = (__le16 *) req->auth_data;
4661
4662 auth_data->sae_trans = le16_to_cpu(pos[0]);
4663 auth_data->sae_status = le16_to_cpu(pos[1]);
4664 }
4665 memcpy(auth_data->data, req->auth_data + 4,
4666 req->auth_data_len - 4);
4667 auth_data->data_len += req->auth_data_len - 4;
4668 }
4669
4670 if (req->ie && req->ie_len) {
4671 memcpy(&auth_data->data[auth_data->data_len],
4672 req->ie, req->ie_len);
4673 auth_data->data_len += req->ie_len;
4674 }
4675
4676 if (req->key && req->key_len) {
4677 auth_data->key_len = req->key_len;
4678 auth_data->key_idx = req->key_idx;
4679 memcpy(auth_data->key, req->key, req->key_len);
4680 }
4681
4682 auth_data->algorithm = auth_alg;
4683
4684 /* try to authenticate/probe */
4685
4686 if ((ifmgd->auth_data && !ifmgd->auth_data->done) ||
4687 ifmgd->assoc_data) {
4688 err = -EBUSY;
4689 goto err_free;
4690 }
4691
4692 if (ifmgd->auth_data)
4693 ieee80211_destroy_auth_data(sdata, false);
4694
4695 /* prep auth_data so we don't go into idle on disassoc */
4696 ifmgd->auth_data = auth_data;
4697
4698 if (ifmgd->associated) {
4699 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4700
4701 sdata_info(sdata,
4702 "disconnect from AP %pM for new auth to %pM\n",
4703 ifmgd->associated->bssid, req->bss->bssid);
4704 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4705 WLAN_REASON_UNSPECIFIED,
4706 false, frame_buf);
4707
4708 ieee80211_report_disconnect(sdata, frame_buf,
4709 sizeof(frame_buf), true,
4710 WLAN_REASON_UNSPECIFIED);
4711 }
4712
4713 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
4714
4715 err = ieee80211_prep_connection(sdata, req->bss, false, false);
4716 if (err)
4717 goto err_clear;
4718
4719 err = ieee80211_auth(sdata);
4720 if (err) {
4721 sta_info_destroy_addr(sdata, req->bss->bssid);
4722 goto err_clear;
4723 }
4724
4725 /* hold our own reference */
4726 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
4727 return 0;
4728
4729 err_clear:
4730 eth_zero_addr(ifmgd->bssid);
4731 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
4732 ifmgd->auth_data = NULL;
4733 mutex_lock(&sdata->local->mtx);
4734 ieee80211_vif_release_channel(sdata);
4735 mutex_unlock(&sdata->local->mtx);
4736 err_free:
4737 kfree(auth_data);
4738 return err;
4739}
4740
4741int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
4742 struct cfg80211_assoc_request *req)
4743{
4744 struct ieee80211_local *local = sdata->local;
4745 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4746 struct ieee80211_bss *bss = (void *)req->bss->priv;
4747 struct ieee80211_mgd_assoc_data *assoc_data;
4748 const struct cfg80211_bss_ies *beacon_ies;
4749 struct ieee80211_supported_band *sband;
4750 const u8 *ssidie, *ht_ie, *vht_ie;
4751 int i, err;
4752 bool override = false;
4753
4754 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
4755 if (!assoc_data)
4756 return -ENOMEM;
4757
4758 rcu_read_lock();
4759 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
4760 if (!ssidie || ssidie[1] > sizeof(assoc_data->ssid)) {
4761 rcu_read_unlock();
4762 kfree(assoc_data);
4763 return -EINVAL;
4764 }
4765 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
4766 assoc_data->ssid_len = ssidie[1];
4767 rcu_read_unlock();
4768
4769 if (ifmgd->associated) {
4770 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4771
4772 sdata_info(sdata,
4773 "disconnect from AP %pM for new assoc to %pM\n",
4774 ifmgd->associated->bssid, req->bss->bssid);
4775 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4776 WLAN_REASON_UNSPECIFIED,
4777 false, frame_buf);
4778
4779 ieee80211_report_disconnect(sdata, frame_buf,
4780 sizeof(frame_buf), true,
4781 WLAN_REASON_UNSPECIFIED);
4782 }
4783
4784 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
4785 err = -EBUSY;
4786 goto err_free;
4787 }
4788
4789 if (ifmgd->assoc_data) {
4790 err = -EBUSY;
4791 goto err_free;
4792 }
4793
4794 if (ifmgd->auth_data) {
4795 bool match;
4796
4797 /* keep sta info, bssid if matching */
4798 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
4799 ieee80211_destroy_auth_data(sdata, match);
4800 }
4801
4802 /* prepare assoc data */
4803
4804 ifmgd->beacon_crc_valid = false;
4805
4806 assoc_data->wmm = bss->wmm_used &&
4807 (local->hw.queues >= IEEE80211_NUM_ACS);
4808
4809 /*
4810 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
4811 * We still associate in non-HT mode (11a/b/g) if any one of these
4812 * ciphers is configured as pairwise.
4813 * We can set this to true for non-11n hardware, that'll be checked
4814 * separately along with the peer capabilities.
4815 */
4816 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
4817 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
4818 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
4819 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
4820 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4821 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4822 netdev_info(sdata->dev,
4823 "disabling HT/VHT due to WEP/TKIP use\n");
4824 }
4825 }
4826
4827 /* Also disable HT if we don't support it or the AP doesn't use WMM */
4828 sband = local->hw.wiphy->bands[req->bss->channel->band];
4829 if (!sband->ht_cap.ht_supported ||
4830 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used ||
4831 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
4832 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4833 if (!bss->wmm_used &&
4834 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM))
4835 netdev_info(sdata->dev,
4836 "disabling HT as WMM/QoS is not supported by the AP\n");
4837 }
4838
4839 /* disable VHT if we don't support it or the AP doesn't use WMM */
4840 if (!sband->vht_cap.vht_supported ||
4841 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used ||
4842 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
4843 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4844 if (!bss->wmm_used &&
4845 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM))
4846 netdev_info(sdata->dev,
4847 "disabling VHT as WMM/QoS is not supported by the AP\n");
4848 }
4849
4850 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
4851 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
4852 sizeof(ifmgd->ht_capa_mask));
4853
4854 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
4855 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
4856 sizeof(ifmgd->vht_capa_mask));
4857
4858 if (req->ie && req->ie_len) {
4859 memcpy(assoc_data->ie, req->ie, req->ie_len);
4860 assoc_data->ie_len = req->ie_len;
4861 }
4862
4863 if (req->fils_kek) {
4864 /* should already be checked in cfg80211 - so warn */
4865 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) {
4866 err = -EINVAL;
4867 goto err_free;
4868 }
4869 memcpy(assoc_data->fils_kek, req->fils_kek,
4870 req->fils_kek_len);
4871 assoc_data->fils_kek_len = req->fils_kek_len;
4872 }
4873
4874 if (req->fils_nonces)
4875 memcpy(assoc_data->fils_nonces, req->fils_nonces,
4876 2 * FILS_NONCE_LEN);
4877
4878 assoc_data->bss = req->bss;
4879
4880 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
4881 if (ifmgd->powersave)
4882 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
4883 else
4884 sdata->smps_mode = IEEE80211_SMPS_OFF;
4885 } else
4886 sdata->smps_mode = ifmgd->req_smps;
4887
4888 assoc_data->capability = req->bss->capability;
4889 assoc_data->supp_rates = bss->supp_rates;
4890 assoc_data->supp_rates_len = bss->supp_rates_len;
4891
4892 rcu_read_lock();
4893 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
4894 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
4895 assoc_data->ap_ht_param =
4896 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
4897 else
4898 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4899 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY);
4900 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap))
4901 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2,
4902 sizeof(struct ieee80211_vht_cap));
4903 else
4904 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4905 rcu_read_unlock();
4906
4907 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) &&
4908 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK),
4909 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n"))
4910 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD;
4911
4912 if (bss->wmm_used && bss->uapsd_supported &&
4913 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) {
4914 assoc_data->uapsd = true;
4915 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
4916 } else {
4917 assoc_data->uapsd = false;
4918 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
4919 }
4920
4921 if (req->prev_bssid)
4922 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
4923
4924 if (req->use_mfp) {
4925 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
4926 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
4927 } else {
4928 ifmgd->mfp = IEEE80211_MFP_DISABLED;
4929 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
4930 }
4931
4932 if (req->flags & ASSOC_REQ_USE_RRM)
4933 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM;
4934 else
4935 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM;
4936
4937 if (req->crypto.control_port)
4938 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
4939 else
4940 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
4941
4942 sdata->control_port_protocol = req->crypto.control_port_ethertype;
4943 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
4944 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto,
4945 sdata->vif.type);
4946
4947 /* kick off associate process */
4948
4949 ifmgd->assoc_data = assoc_data;
4950 ifmgd->dtim_period = 0;
4951 ifmgd->have_beacon = false;
4952
4953 /* override HT/VHT configuration only if the AP and we support it */
4954 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
4955 struct ieee80211_sta_ht_cap sta_ht_cap;
4956
4957 if (req->flags & ASSOC_REQ_DISABLE_HT)
4958 override = true;
4959
4960 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
4961 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
4962
4963 /* check for 40 MHz disable override */
4964 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ) &&
4965 sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 &&
4966 !(sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40))
4967 override = true;
4968
4969 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
4970 req->flags & ASSOC_REQ_DISABLE_VHT)
4971 override = true;
4972 }
4973
4974 if (req->flags & ASSOC_REQ_DISABLE_HT) {
4975 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4976 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4977 }
4978
4979 if (req->flags & ASSOC_REQ_DISABLE_VHT)
4980 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4981
4982 err = ieee80211_prep_connection(sdata, req->bss, true, override);
4983 if (err)
4984 goto err_clear;
4985
4986 rcu_read_lock();
4987 beacon_ies = rcu_dereference(req->bss->beacon_ies);
4988
4989 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC) &&
4990 !beacon_ies) {
4991 /*
4992 * Wait up to one beacon interval ...
4993 * should this be more if we miss one?
4994 */
4995 sdata_info(sdata, "waiting for beacon from %pM\n",
4996 ifmgd->bssid);
4997 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
4998 assoc_data->timeout_started = true;
4999 assoc_data->need_beacon = true;
5000 } else if (beacon_ies) {
5001 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
5002 beacon_ies->data,
5003 beacon_ies->len);
5004 u8 dtim_count = 0;
5005
5006 if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) {
5007 const struct ieee80211_tim_ie *tim;
5008 tim = (void *)(tim_ie + 2);
5009 ifmgd->dtim_period = tim->dtim_period;
5010 dtim_count = tim->dtim_count;
5011 }
5012 ifmgd->have_beacon = true;
5013 assoc_data->timeout = jiffies;
5014 assoc_data->timeout_started = true;
5015
5016 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
5017 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf;
5018 sdata->vif.bss_conf.sync_device_ts =
5019 bss->device_ts_beacon;
5020 sdata->vif.bss_conf.sync_dtim_count = dtim_count;
5021 }
5022 } else {
5023 assoc_data->timeout = jiffies;
5024 assoc_data->timeout_started = true;
5025 }
5026 rcu_read_unlock();
5027
5028 run_again(sdata, assoc_data->timeout);
5029
5030 if (bss->corrupt_data) {
5031 char *corrupt_type = "data";
5032 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
5033 if (bss->corrupt_data &
5034 IEEE80211_BSS_CORRUPT_PROBE_RESP)
5035 corrupt_type = "beacon and probe response";
5036 else
5037 corrupt_type = "beacon";
5038 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
5039 corrupt_type = "probe response";
5040 sdata_info(sdata, "associating with AP with corrupt %s\n",
5041 corrupt_type);
5042 }
5043
5044 return 0;
5045 err_clear:
5046 eth_zero_addr(ifmgd->bssid);
5047 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
5048 ifmgd->assoc_data = NULL;
5049 err_free:
5050 kfree(assoc_data);
5051 return err;
5052}
5053
5054int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
5055 struct cfg80211_deauth_request *req)
5056{
5057 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5058 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5059 bool tx = !req->local_state_change;
5060
5061 if (ifmgd->auth_data &&
5062 ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) {
5063 sdata_info(sdata,
5064 "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
5065 req->bssid, req->reason_code,
5066 ieee80211_get_reason_code_string(req->reason_code));
5067
5068 drv_mgd_prepare_tx(sdata->local, sdata);
5069 ieee80211_send_deauth_disassoc(sdata, req->bssid,
5070 IEEE80211_STYPE_DEAUTH,
5071 req->reason_code, tx,
5072 frame_buf);
5073 ieee80211_destroy_auth_data(sdata, false);
5074 ieee80211_report_disconnect(sdata, frame_buf,
5075 sizeof(frame_buf), true,
5076 req->reason_code);
5077
5078 return 0;
5079 }
5080
5081 if (ifmgd->assoc_data &&
5082 ether_addr_equal(ifmgd->assoc_data->bss->bssid, req->bssid)) {
5083 sdata_info(sdata,
5084 "aborting association with %pM by local choice (Reason: %u=%s)\n",
5085 req->bssid, req->reason_code,
5086 ieee80211_get_reason_code_string(req->reason_code));
5087
5088 drv_mgd_prepare_tx(sdata->local, sdata);
5089 ieee80211_send_deauth_disassoc(sdata, req->bssid,
5090 IEEE80211_STYPE_DEAUTH,
5091 req->reason_code, tx,
5092 frame_buf);
5093 ieee80211_destroy_assoc_data(sdata, false, true);
5094 ieee80211_report_disconnect(sdata, frame_buf,
5095 sizeof(frame_buf), true,
5096 req->reason_code);
5097 return 0;
5098 }
5099
5100 if (ifmgd->associated &&
5101 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
5102 sdata_info(sdata,
5103 "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
5104 req->bssid, req->reason_code,
5105 ieee80211_get_reason_code_string(req->reason_code));
5106
5107 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5108 req->reason_code, tx, frame_buf);
5109 ieee80211_report_disconnect(sdata, frame_buf,
5110 sizeof(frame_buf), true,
5111 req->reason_code);
5112 return 0;
5113 }
5114
5115 return -ENOTCONN;
5116}
5117
5118int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
5119 struct cfg80211_disassoc_request *req)
5120{
5121 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5122 u8 bssid[ETH_ALEN];
5123 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5124
5125 /*
5126 * cfg80211 should catch this ... but it's racy since
5127 * we can receive a disassoc frame, process it, hand it
5128 * to cfg80211 while that's in a locked section already
5129 * trying to tell us that the user wants to disconnect.
5130 */
5131 if (ifmgd->associated != req->bss)
5132 return -ENOLINK;
5133
5134 sdata_info(sdata,
5135 "disassociating from %pM by local choice (Reason: %u=%s)\n",
5136 req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code));
5137
5138 memcpy(bssid, req->bss->bssid, ETH_ALEN);
5139 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
5140 req->reason_code, !req->local_state_change,
5141 frame_buf);
5142
5143 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
5144 req->reason_code);
5145
5146 return 0;
5147}
5148
5149void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
5150{
5151 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5152
5153 /*
5154 * Make sure some work items will not run after this,
5155 * they will not do anything but might not have been
5156 * cancelled when disconnecting.
5157 */
5158 cancel_work_sync(&ifmgd->monitor_work);
5159 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
5160 cancel_work_sync(&ifmgd->request_smps_work);
5161 cancel_work_sync(&ifmgd->csa_connection_drop_work);
5162 cancel_work_sync(&ifmgd->chswitch_work);
5163 cancel_delayed_work_sync(&ifmgd->tdls_peer_del_work);
5164
5165 sdata_lock(sdata);
5166 if (ifmgd->assoc_data) {
5167 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
5168 ieee80211_destroy_assoc_data(sdata, false, false);
5169 cfg80211_assoc_timeout(sdata->dev, bss);
5170 }
5171 if (ifmgd->auth_data)
5172 ieee80211_destroy_auth_data(sdata, false);
5173 spin_lock_bh(&ifmgd->teardown_lock);
5174 if (ifmgd->teardown_skb) {
5175 kfree_skb(ifmgd->teardown_skb);
5176 ifmgd->teardown_skb = NULL;
5177 ifmgd->orig_teardown_skb = NULL;
5178 }
5179 spin_unlock_bh(&ifmgd->teardown_lock);
5180 del_timer_sync(&ifmgd->timer);
5181 sdata_unlock(sdata);
5182}
5183
5184void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
5185 enum nl80211_cqm_rssi_threshold_event rssi_event,
5186 s32 rssi_level,
5187 gfp_t gfp)
5188{
5189 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5190
5191 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level);
5192
5193 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp);
5194}
5195EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
5196
5197void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp)
5198{
5199 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5200
5201 trace_api_cqm_beacon_loss_notify(sdata->local, sdata);
5202
5203 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp);
5204}
5205EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify);