mlme.c (190599B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * BSS client mode implementation 4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 5 * Copyright 2004, Instant802 Networks, Inc. 6 * Copyright 2005, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * Copyright 2013-2014 Intel Mobile Communications GmbH 10 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH 11 * Copyright (C) 2018 - 2021 Intel Corporation 12 */ 13 14#include <linux/delay.h> 15#include <linux/fips.h> 16#include <linux/if_ether.h> 17#include <linux/skbuff.h> 18#include <linux/if_arp.h> 19#include <linux/etherdevice.h> 20#include <linux/moduleparam.h> 21#include <linux/rtnetlink.h> 22#include <linux/crc32.h> 23#include <linux/slab.h> 24#include <linux/export.h> 25#include <net/mac80211.h> 26#include <asm/unaligned.h> 27 28#include "ieee80211_i.h" 29#include "driver-ops.h" 30#include "rate.h" 31#include "led.h" 32#include "fils_aead.h" 33 34#define IEEE80211_AUTH_TIMEOUT (HZ / 5) 35#define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2) 36#define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10) 37#define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2) 38#define IEEE80211_AUTH_MAX_TRIES 3 39#define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 40#define IEEE80211_AUTH_WAIT_SAE_RETRY (HZ * 2) 41#define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 42#define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 43#define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) 44#define IEEE80211_ASSOC_MAX_TRIES 3 45 46static int max_nullfunc_tries = 2; 47module_param(max_nullfunc_tries, int, 0644); 48MODULE_PARM_DESC(max_nullfunc_tries, 49 "Maximum nullfunc tx tries before disconnecting (reason 4)."); 50 51static int max_probe_tries = 5; 52module_param(max_probe_tries, int, 0644); 53MODULE_PARM_DESC(max_probe_tries, 54 "Maximum probe tries before disconnecting (reason 4)."); 55 56/* 57 * Beacon loss timeout is calculated as N frames times the 58 * advertised beacon interval. This may need to be somewhat 59 * higher than what hardware might detect to account for 60 * delays in the host processing frames. But since we also 61 * probe on beacon miss before declaring the connection lost 62 * default to what we want. 63 */ 64static int beacon_loss_count = 7; 65module_param(beacon_loss_count, int, 0644); 66MODULE_PARM_DESC(beacon_loss_count, 67 "Number of beacon intervals before we decide beacon was lost."); 68 69/* 70 * Time the connection can be idle before we probe 71 * it to see if we can still talk to the AP. 72 */ 73#define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ) 74/* 75 * Time we wait for a probe response after sending 76 * a probe request because of beacon loss or for 77 * checking the connection still works. 78 */ 79static int probe_wait_ms = 500; 80module_param(probe_wait_ms, int, 0644); 81MODULE_PARM_DESC(probe_wait_ms, 82 "Maximum time(ms) to wait for probe response" 83 " before disconnecting (reason 4)."); 84 85/* 86 * How many Beacon frames need to have been used in average signal strength 87 * before starting to indicate signal change events. 88 */ 89#define IEEE80211_SIGNAL_AVE_MIN_COUNT 4 90 91/* 92 * We can have multiple work items (and connection probing) 93 * scheduling this timer, but we need to take care to only 94 * reschedule it when it should fire _earlier_ than it was 95 * asked for before, or if it's not pending right now. This 96 * function ensures that. Note that it then is required to 97 * run this function for all timeouts after the first one 98 * has happened -- the work that runs from this timer will 99 * do that. 100 */ 101static void run_again(struct ieee80211_sub_if_data *sdata, 102 unsigned long timeout) 103{ 104 sdata_assert_lock(sdata); 105 106 if (!timer_pending(&sdata->u.mgd.timer) || 107 time_before(timeout, sdata->u.mgd.timer.expires)) 108 mod_timer(&sdata->u.mgd.timer, timeout); 109} 110 111void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 112{ 113 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 114 return; 115 116 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 117 return; 118 119 mod_timer(&sdata->u.mgd.bcn_mon_timer, 120 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout)); 121} 122 123void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata) 124{ 125 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 126 127 if (unlikely(!ifmgd->associated)) 128 return; 129 130 if (ifmgd->probe_send_count) 131 ifmgd->probe_send_count = 0; 132 133 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 134 return; 135 136 mod_timer(&ifmgd->conn_mon_timer, 137 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 138} 139 140static int ecw2cw(int ecw) 141{ 142 return (1 << ecw) - 1; 143} 144 145static u32 146ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, 147 struct ieee80211_supported_band *sband, 148 struct ieee80211_channel *channel, 149 u32 vht_cap_info, 150 const struct ieee80211_ht_operation *ht_oper, 151 const struct ieee80211_vht_operation *vht_oper, 152 const struct ieee80211_he_operation *he_oper, 153 const struct ieee80211_eht_operation *eht_oper, 154 const struct ieee80211_s1g_oper_ie *s1g_oper, 155 struct cfg80211_chan_def *chandef, bool tracking) 156{ 157 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 158 struct cfg80211_chan_def vht_chandef; 159 struct ieee80211_sta_ht_cap sta_ht_cap; 160 u32 ht_cfreq, ret; 161 162 memset(chandef, 0, sizeof(struct cfg80211_chan_def)); 163 chandef->chan = channel; 164 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 165 chandef->center_freq1 = channel->center_freq; 166 chandef->freq1_offset = channel->freq_offset; 167 168 if (channel->band == NL80211_BAND_6GHZ) { 169 if (!ieee80211_chandef_he_6ghz_oper(sdata, he_oper, eht_oper, 170 chandef)) { 171 mlme_dbg(sdata, 172 "bad 6 GHz operation, disabling HT/VHT/HE/EHT\n"); 173 ret = IEEE80211_STA_DISABLE_HT | 174 IEEE80211_STA_DISABLE_VHT | 175 IEEE80211_STA_DISABLE_HE | 176 IEEE80211_STA_DISABLE_EHT; 177 } else { 178 ret = 0; 179 } 180 vht_chandef = *chandef; 181 goto out; 182 } else if (sband->band == NL80211_BAND_S1GHZ) { 183 if (!ieee80211_chandef_s1g_oper(s1g_oper, chandef)) { 184 sdata_info(sdata, 185 "Missing S1G Operation Element? Trying operating == primary\n"); 186 chandef->width = ieee80211_s1g_channel_width(channel); 187 } 188 189 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_40MHZ | 190 IEEE80211_STA_DISABLE_VHT | 191 IEEE80211_STA_DISABLE_80P80MHZ | 192 IEEE80211_STA_DISABLE_160MHZ; 193 goto out; 194 } 195 196 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap)); 197 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap); 198 199 if (!ht_oper || !sta_ht_cap.ht_supported) { 200 mlme_dbg(sdata, "HT operation missing / HT not supported\n"); 201 ret = IEEE80211_STA_DISABLE_HT | 202 IEEE80211_STA_DISABLE_VHT | 203 IEEE80211_STA_DISABLE_HE | 204 IEEE80211_STA_DISABLE_EHT; 205 goto out; 206 } 207 208 chandef->width = NL80211_CHAN_WIDTH_20; 209 210 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan, 211 channel->band); 212 /* check that channel matches the right operating channel */ 213 if (!tracking && channel->center_freq != ht_cfreq) { 214 /* 215 * It's possible that some APs are confused here; 216 * Netgear WNDR3700 sometimes reports 4 higher than 217 * the actual channel in association responses, but 218 * since we look at probe response/beacon data here 219 * it should be OK. 220 */ 221 sdata_info(sdata, 222 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n", 223 channel->center_freq, ht_cfreq, 224 ht_oper->primary_chan, channel->band); 225 ret = IEEE80211_STA_DISABLE_HT | 226 IEEE80211_STA_DISABLE_VHT | 227 IEEE80211_STA_DISABLE_HE | 228 IEEE80211_STA_DISABLE_EHT; 229 goto out; 230 } 231 232 /* check 40 MHz support, if we have it */ 233 if (sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 234 ieee80211_chandef_ht_oper(ht_oper, chandef); 235 } else { 236 mlme_dbg(sdata, "40 MHz not supported\n"); 237 /* 40 MHz (and 80 MHz) must be supported for VHT */ 238 ret = IEEE80211_STA_DISABLE_VHT; 239 /* also mark 40 MHz disabled */ 240 ret |= IEEE80211_STA_DISABLE_40MHZ; 241 goto out; 242 } 243 244 if (!vht_oper || !sband->vht_cap.vht_supported) { 245 mlme_dbg(sdata, "VHT operation missing / VHT not supported\n"); 246 ret = IEEE80211_STA_DISABLE_VHT; 247 goto out; 248 } 249 250 vht_chandef = *chandef; 251 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && he_oper && 252 (le32_to_cpu(he_oper->he_oper_params) & 253 IEEE80211_HE_OPERATION_VHT_OPER_INFO)) { 254 struct ieee80211_vht_operation he_oper_vht_cap; 255 256 /* 257 * Set only first 3 bytes (other 2 aren't used in 258 * ieee80211_chandef_vht_oper() anyway) 259 */ 260 memcpy(&he_oper_vht_cap, he_oper->optional, 3); 261 he_oper_vht_cap.basic_mcs_set = cpu_to_le16(0); 262 263 if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info, 264 &he_oper_vht_cap, ht_oper, 265 &vht_chandef)) { 266 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE)) 267 sdata_info(sdata, 268 "HE AP VHT information is invalid, disabling HE\n"); 269 ret = IEEE80211_STA_DISABLE_HE | IEEE80211_STA_DISABLE_EHT; 270 goto out; 271 } 272 } else if (!ieee80211_chandef_vht_oper(&sdata->local->hw, 273 vht_cap_info, 274 vht_oper, ht_oper, 275 &vht_chandef)) { 276 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 277 sdata_info(sdata, 278 "AP VHT information is invalid, disabling VHT\n"); 279 ret = IEEE80211_STA_DISABLE_VHT; 280 goto out; 281 } 282 283 if (!cfg80211_chandef_valid(&vht_chandef)) { 284 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 285 sdata_info(sdata, 286 "AP VHT information is invalid, disabling VHT\n"); 287 ret = IEEE80211_STA_DISABLE_VHT; 288 goto out; 289 } 290 291 if (cfg80211_chandef_identical(chandef, &vht_chandef)) { 292 ret = 0; 293 goto out; 294 } 295 296 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) { 297 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 298 sdata_info(sdata, 299 "AP VHT information doesn't match HT, disabling VHT\n"); 300 ret = IEEE80211_STA_DISABLE_VHT; 301 goto out; 302 } 303 304 *chandef = vht_chandef; 305 306 ret = 0; 307 308out: 309 /* 310 * When tracking the current AP, don't do any further checks if the 311 * new chandef is identical to the one we're currently using for the 312 * connection. This keeps us from playing ping-pong with regulatory, 313 * without it the following can happen (for example): 314 * - connect to an AP with 80 MHz, world regdom allows 80 MHz 315 * - AP advertises regdom US 316 * - CRDA loads regdom US with 80 MHz prohibited (old database) 317 * - the code below detects an unsupported channel, downgrades, and 318 * we disconnect from the AP in the caller 319 * - disconnect causes CRDA to reload world regdomain and the game 320 * starts anew. 321 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881) 322 * 323 * It seems possible that there are still scenarios with CSA or real 324 * bandwidth changes where a this could happen, but those cases are 325 * less common and wouldn't completely prevent using the AP. 326 */ 327 if (tracking && 328 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef)) 329 return ret; 330 331 /* don't print the message below for VHT mismatch if VHT is disabled */ 332 if (ret & IEEE80211_STA_DISABLE_VHT) 333 vht_chandef = *chandef; 334 335 /* 336 * Ignore the DISABLED flag when we're already connected and only 337 * tracking the APs beacon for bandwidth changes - otherwise we 338 * might get disconnected here if we connect to an AP, update our 339 * regulatory information based on the AP's country IE and the 340 * information we have is wrong/outdated and disables the channel 341 * that we're actually using for the connection to the AP. 342 */ 343 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, 344 tracking ? 0 : 345 IEEE80211_CHAN_DISABLED)) { 346 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { 347 ret = IEEE80211_STA_DISABLE_HT | 348 IEEE80211_STA_DISABLE_VHT | 349 IEEE80211_STA_DISABLE_HE | 350 IEEE80211_STA_DISABLE_EHT; 351 break; 352 } 353 354 ret |= ieee80211_chandef_downgrade(chandef); 355 } 356 357 if (!he_oper || !cfg80211_chandef_usable(sdata->wdev.wiphy, chandef, 358 IEEE80211_CHAN_NO_HE)) 359 ret |= IEEE80211_STA_DISABLE_HE | IEEE80211_STA_DISABLE_EHT; 360 361 if (!eht_oper || !cfg80211_chandef_usable(sdata->wdev.wiphy, chandef, 362 IEEE80211_CHAN_NO_EHT)) 363 ret |= IEEE80211_STA_DISABLE_EHT; 364 365 if (chandef->width != vht_chandef.width && !tracking) 366 sdata_info(sdata, 367 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); 368 369 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); 370 return ret; 371} 372 373static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata, 374 struct sta_info *sta, 375 const struct ieee80211_ht_cap *ht_cap, 376 const struct ieee80211_vht_cap *vht_cap, 377 const struct ieee80211_ht_operation *ht_oper, 378 const struct ieee80211_vht_operation *vht_oper, 379 const struct ieee80211_he_operation *he_oper, 380 const struct ieee80211_eht_operation *eht_oper, 381 const struct ieee80211_s1g_oper_ie *s1g_oper, 382 const u8 *bssid, u32 *changed) 383{ 384 struct ieee80211_local *local = sdata->local; 385 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 386 struct ieee80211_channel *chan = sdata->vif.bss_conf.chandef.chan; 387 struct ieee80211_supported_band *sband = 388 local->hw.wiphy->bands[chan->band]; 389 struct cfg80211_chan_def chandef; 390 u16 ht_opmode; 391 u32 flags; 392 u32 vht_cap_info = 0; 393 int ret; 394 395 /* if HT was/is disabled, don't track any bandwidth changes */ 396 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper) 397 return 0; 398 399 /* don't check VHT if we associated as non-VHT station */ 400 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 401 vht_oper = NULL; 402 403 /* don't check HE if we associated as non-HE station */ 404 if (ifmgd->flags & IEEE80211_STA_DISABLE_HE || 405 !ieee80211_get_he_iftype_cap(sband, 406 ieee80211_vif_type_p2p(&sdata->vif))) { 407 he_oper = NULL; 408 eht_oper = NULL; 409 } 410 411 /* don't check EHT if we associated as non-EHT station */ 412 if (ifmgd->flags & IEEE80211_STA_DISABLE_EHT || 413 !ieee80211_get_eht_iftype_cap(sband, 414 ieee80211_vif_type_p2p(&sdata->vif))) 415 eht_oper = NULL; 416 417 if (WARN_ON_ONCE(!sta)) 418 return -EINVAL; 419 420 /* 421 * if bss configuration changed store the new one - 422 * this may be applicable even if channel is identical 423 */ 424 ht_opmode = le16_to_cpu(ht_oper->operation_mode); 425 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 426 *changed |= BSS_CHANGED_HT; 427 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 428 } 429 430 if (vht_cap) 431 vht_cap_info = le32_to_cpu(vht_cap->vht_cap_info); 432 433 /* calculate new channel (type) based on HT/VHT/HE operation IEs */ 434 flags = ieee80211_determine_chantype(sdata, sband, chan, vht_cap_info, 435 ht_oper, vht_oper, 436 he_oper, eht_oper, 437 s1g_oper, &chandef, true); 438 439 /* 440 * Downgrade the new channel if we associated with restricted 441 * capabilities. For example, if we associated as a 20 MHz STA 442 * to a 40 MHz AP (due to regulatory, capabilities or config 443 * reasons) then switching to a 40 MHz channel now won't do us 444 * any good -- we couldn't use it with the AP. 445 */ 446 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ && 447 chandef.width == NL80211_CHAN_WIDTH_80P80) 448 flags |= ieee80211_chandef_downgrade(&chandef); 449 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ && 450 chandef.width == NL80211_CHAN_WIDTH_160) 451 flags |= ieee80211_chandef_downgrade(&chandef); 452 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ && 453 chandef.width > NL80211_CHAN_WIDTH_20) 454 flags |= ieee80211_chandef_downgrade(&chandef); 455 456 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef)) 457 return 0; 458 459 sdata_info(sdata, 460 "AP %pM changed bandwidth, new config is %d.%03d MHz, " 461 "width %d (%d.%03d/%d MHz)\n", 462 ifmgd->bssid, chandef.chan->center_freq, 463 chandef.chan->freq_offset, chandef.width, 464 chandef.center_freq1, chandef.freq1_offset, 465 chandef.center_freq2); 466 467 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT | 468 IEEE80211_STA_DISABLE_VHT | 469 IEEE80211_STA_DISABLE_HE | 470 IEEE80211_STA_DISABLE_EHT | 471 IEEE80211_STA_DISABLE_40MHZ | 472 IEEE80211_STA_DISABLE_80P80MHZ | 473 IEEE80211_STA_DISABLE_160MHZ | 474 IEEE80211_STA_DISABLE_320MHZ)) || 475 !cfg80211_chandef_valid(&chandef)) { 476 sdata_info(sdata, 477 "AP %pM changed caps/bw in a way we can't support (0x%x/0x%x) - disconnect\n", 478 ifmgd->bssid, flags, ifmgd->flags); 479 return -EINVAL; 480 } 481 482 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed); 483 484 if (ret) { 485 sdata_info(sdata, 486 "AP %pM changed bandwidth to incompatible one - disconnect\n", 487 ifmgd->bssid); 488 return ret; 489 } 490 491 return 0; 492} 493 494/* frame sending functions */ 495 496static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 497 struct sk_buff *skb, u8 ap_ht_param, 498 struct ieee80211_supported_band *sband, 499 struct ieee80211_channel *channel, 500 enum ieee80211_smps_mode smps) 501{ 502 u8 *pos; 503 u32 flags = channel->flags; 504 u16 cap; 505 struct ieee80211_sta_ht_cap ht_cap; 506 507 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 508 509 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 510 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 511 512 /* determine capability flags */ 513 cap = ht_cap.cap; 514 515 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 516 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 517 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 518 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 519 cap &= ~IEEE80211_HT_CAP_SGI_40; 520 } 521 break; 522 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 523 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 524 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 525 cap &= ~IEEE80211_HT_CAP_SGI_40; 526 } 527 break; 528 } 529 530 /* 531 * If 40 MHz was disabled associate as though we weren't 532 * capable of 40 MHz -- some broken APs will never fall 533 * back to trying to transmit in 20 MHz. 534 */ 535 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) { 536 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 537 cap &= ~IEEE80211_HT_CAP_SGI_40; 538 } 539 540 /* set SM PS mode properly */ 541 cap &= ~IEEE80211_HT_CAP_SM_PS; 542 switch (smps) { 543 case IEEE80211_SMPS_AUTOMATIC: 544 case IEEE80211_SMPS_NUM_MODES: 545 WARN_ON(1); 546 fallthrough; 547 case IEEE80211_SMPS_OFF: 548 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 549 IEEE80211_HT_CAP_SM_PS_SHIFT; 550 break; 551 case IEEE80211_SMPS_STATIC: 552 cap |= WLAN_HT_CAP_SM_PS_STATIC << 553 IEEE80211_HT_CAP_SM_PS_SHIFT; 554 break; 555 case IEEE80211_SMPS_DYNAMIC: 556 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 557 IEEE80211_HT_CAP_SM_PS_SHIFT; 558 break; 559 } 560 561 /* reserve and fill IE */ 562 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 563 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 564} 565 566/* This function determines vht capability flags for the association 567 * and builds the IE. 568 * Note - the function may set the owner of the MU-MIMO capability 569 */ 570static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata, 571 struct sk_buff *skb, 572 struct ieee80211_supported_band *sband, 573 struct ieee80211_vht_cap *ap_vht_cap) 574{ 575 struct ieee80211_local *local = sdata->local; 576 u8 *pos; 577 u32 cap; 578 struct ieee80211_sta_vht_cap vht_cap; 579 u32 mask, ap_bf_sts, our_bf_sts; 580 581 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 582 583 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap)); 584 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap); 585 586 /* determine capability flags */ 587 cap = vht_cap.cap; 588 589 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) { 590 u32 bw = cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 591 592 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 593 if (bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ || 594 bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ) 595 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; 596 } 597 598 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) { 599 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160; 600 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK; 601 } 602 603 /* 604 * Some APs apparently get confused if our capabilities are better 605 * than theirs, so restrict what we advertise in the assoc request. 606 */ 607 if (!(ap_vht_cap->vht_cap_info & 608 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 609 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE | 610 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE); 611 else if (!(ap_vht_cap->vht_cap_info & 612 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))) 613 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE; 614 615 /* 616 * If some other vif is using the MU-MIMO capability we cannot associate 617 * using MU-MIMO - this will lead to contradictions in the group-id 618 * mechanism. 619 * Ownership is defined since association request, in order to avoid 620 * simultaneous associations with MU-MIMO. 621 */ 622 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) { 623 bool disable_mu_mimo = false; 624 struct ieee80211_sub_if_data *other; 625 626 list_for_each_entry_rcu(other, &local->interfaces, list) { 627 if (other->vif.mu_mimo_owner) { 628 disable_mu_mimo = true; 629 break; 630 } 631 } 632 if (disable_mu_mimo) 633 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE; 634 else 635 sdata->vif.mu_mimo_owner = true; 636 } 637 638 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK; 639 640 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask; 641 our_bf_sts = cap & mask; 642 643 if (ap_bf_sts < our_bf_sts) { 644 cap &= ~mask; 645 cap |= ap_bf_sts; 646 } 647 648 /* reserve and fill IE */ 649 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 650 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 651} 652 653/* This function determines HE capability flags for the association 654 * and builds the IE. 655 */ 656static void ieee80211_add_he_ie(struct ieee80211_sub_if_data *sdata, 657 struct sk_buff *skb, 658 struct ieee80211_supported_band *sband) 659{ 660 u8 *pos, *pre_he_pos; 661 const struct ieee80211_sta_he_cap *he_cap = NULL; 662 struct ieee80211_chanctx_conf *chanctx_conf; 663 u8 he_cap_size; 664 bool reg_cap = false; 665 666 rcu_read_lock(); 667 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 668 if (!WARN_ON_ONCE(!chanctx_conf)) 669 reg_cap = cfg80211_chandef_usable(sdata->wdev.wiphy, 670 &chanctx_conf->def, 671 IEEE80211_CHAN_NO_HE); 672 673 rcu_read_unlock(); 674 675 he_cap = ieee80211_get_he_iftype_cap(sband, 676 ieee80211_vif_type_p2p(&sdata->vif)); 677 if (!he_cap || !chanctx_conf || !reg_cap) 678 return; 679 680 /* get a max size estimate */ 681 he_cap_size = 682 2 + 1 + sizeof(he_cap->he_cap_elem) + 683 ieee80211_he_mcs_nss_size(&he_cap->he_cap_elem) + 684 ieee80211_he_ppe_size(he_cap->ppe_thres[0], 685 he_cap->he_cap_elem.phy_cap_info); 686 pos = skb_put(skb, he_cap_size); 687 pre_he_pos = pos; 688 pos = ieee80211_ie_build_he_cap(sdata->u.mgd.flags, 689 pos, he_cap, pos + he_cap_size); 690 /* trim excess if any */ 691 skb_trim(skb, skb->len - (pre_he_pos + he_cap_size - pos)); 692 693 ieee80211_ie_build_he_6ghz_cap(sdata, skb); 694} 695 696static void ieee80211_add_eht_ie(struct ieee80211_sub_if_data *sdata, 697 struct sk_buff *skb, 698 struct ieee80211_supported_band *sband) 699{ 700 u8 *pos; 701 const struct ieee80211_sta_he_cap *he_cap; 702 const struct ieee80211_sta_eht_cap *eht_cap; 703 struct ieee80211_chanctx_conf *chanctx_conf; 704 u8 eht_cap_size; 705 bool reg_cap = false; 706 707 rcu_read_lock(); 708 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 709 if (!WARN_ON_ONCE(!chanctx_conf)) 710 reg_cap = cfg80211_chandef_usable(sdata->wdev.wiphy, 711 &chanctx_conf->def, 712 IEEE80211_CHAN_NO_HE | 713 IEEE80211_CHAN_NO_EHT); 714 rcu_read_unlock(); 715 716 he_cap = ieee80211_get_he_iftype_cap(sband, 717 ieee80211_vif_type_p2p(&sdata->vif)); 718 eht_cap = ieee80211_get_eht_iftype_cap(sband, 719 ieee80211_vif_type_p2p(&sdata->vif)); 720 721 /* 722 * EHT capabilities element is only added if the HE capabilities element 723 * was added so assume that 'he_cap' is valid and don't check it. 724 */ 725 if (WARN_ON(!he_cap || !eht_cap || !reg_cap)) 726 return; 727 728 eht_cap_size = 729 2 + 1 + sizeof(eht_cap->eht_cap_elem) + 730 ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem, 731 &eht_cap->eht_cap_elem) + 732 ieee80211_eht_ppe_size(eht_cap->eht_ppe_thres[0], 733 eht_cap->eht_cap_elem.phy_cap_info); 734 pos = skb_put(skb, eht_cap_size); 735 ieee80211_ie_build_eht_cap(pos, he_cap, eht_cap, pos + eht_cap_size); 736} 737 738static int ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 739{ 740 struct ieee80211_local *local = sdata->local; 741 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 742 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 743 struct sk_buff *skb; 744 struct ieee80211_mgmt *mgmt; 745 u8 *pos, qos_info, *ie_start; 746 size_t offset = 0, noffset; 747 int i, count, rates_len, supp_rates_len, shift; 748 u16 capab; 749 struct ieee80211_supported_band *sband; 750 struct ieee80211_chanctx_conf *chanctx_conf; 751 struct ieee80211_channel *chan; 752 u32 rates = 0; 753 __le16 listen_int; 754 struct element *ext_capa = NULL; 755 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif); 756 const struct ieee80211_sband_iftype_data *iftd; 757 struct ieee80211_prep_tx_info info = {}; 758 int ret; 759 760 /* we know it's writable, cast away the const */ 761 if (assoc_data->ie_len) 762 ext_capa = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY, 763 assoc_data->ie, 764 assoc_data->ie_len); 765 766 sdata_assert_lock(sdata); 767 768 rcu_read_lock(); 769 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 770 if (WARN_ON(!chanctx_conf)) { 771 rcu_read_unlock(); 772 return -EINVAL; 773 } 774 chan = chanctx_conf->def.chan; 775 rcu_read_unlock(); 776 sband = local->hw.wiphy->bands[chan->band]; 777 shift = ieee80211_vif_get_shift(&sdata->vif); 778 779 if (assoc_data->supp_rates_len) { 780 /* 781 * Get all rates supported by the device and the AP as 782 * some APs don't like getting a superset of their rates 783 * in the association request (e.g. D-Link DAP 1353 in 784 * b-only mode)... 785 */ 786 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband, 787 assoc_data->supp_rates, 788 assoc_data->supp_rates_len, 789 &rates); 790 } else { 791 /* 792 * In case AP not provide any supported rates information 793 * before association, we send information element(s) with 794 * all rates that we support. 795 */ 796 rates_len = 0; 797 for (i = 0; i < sband->n_bitrates; i++) { 798 rates |= BIT(i); 799 rates_len++; 800 } 801 } 802 803 iftd = ieee80211_get_sband_iftype_data(sband, iftype); 804 805 skb = alloc_skb(local->hw.extra_tx_headroom + 806 sizeof(*mgmt) + /* bit too much but doesn't matter */ 807 2 + assoc_data->ssid_len + /* SSID */ 808 4 + rates_len + /* (extended) rates */ 809 4 + /* power capability */ 810 2 + 2 * sband->n_channels + /* supported channels */ 811 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 812 2 + sizeof(struct ieee80211_vht_cap) + /* VHT */ 813 2 + 1 + sizeof(struct ieee80211_he_cap_elem) + /* HE */ 814 sizeof(struct ieee80211_he_mcs_nss_supp) + 815 IEEE80211_HE_PPE_THRES_MAX_LEN + 816 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa) + 817 assoc_data->ie_len + /* extra IEs */ 818 (assoc_data->fils_kek_len ? 16 /* AES-SIV */ : 0) + 819 9 + /* WMM */ 820 (iftd ? iftd->vendor_elems.len : 0), 821 GFP_KERNEL); 822 if (!skb) 823 return -ENOMEM; 824 825 skb_reserve(skb, local->hw.extra_tx_headroom); 826 827 capab = WLAN_CAPABILITY_ESS; 828 829 if (sband->band == NL80211_BAND_2GHZ) { 830 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 831 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 832 } 833 834 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY) 835 capab |= WLAN_CAPABILITY_PRIVACY; 836 837 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 838 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT)) 839 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 840 841 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM) 842 capab |= WLAN_CAPABILITY_RADIO_MEASURE; 843 844 mgmt = skb_put_zero(skb, 24); 845 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN); 846 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 847 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN); 848 849 listen_int = cpu_to_le16(sband->band == NL80211_BAND_S1GHZ ? 850 ieee80211_encode_usf(local->hw.conf.listen_interval) : 851 local->hw.conf.listen_interval); 852 if (!is_zero_ether_addr(assoc_data->prev_bssid)) { 853 skb_put(skb, 10); 854 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 855 IEEE80211_STYPE_REASSOC_REQ); 856 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 857 mgmt->u.reassoc_req.listen_interval = listen_int; 858 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid, 859 ETH_ALEN); 860 info.subtype = IEEE80211_STYPE_REASSOC_REQ; 861 } else { 862 skb_put(skb, 4); 863 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 864 IEEE80211_STYPE_ASSOC_REQ); 865 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 866 mgmt->u.assoc_req.listen_interval = listen_int; 867 info.subtype = IEEE80211_STYPE_ASSOC_REQ; 868 } 869 870 /* SSID */ 871 pos = skb_put(skb, 2 + assoc_data->ssid_len); 872 ie_start = pos; 873 *pos++ = WLAN_EID_SSID; 874 *pos++ = assoc_data->ssid_len; 875 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); 876 877 if (sband->band == NL80211_BAND_S1GHZ) 878 goto skip_rates; 879 880 /* add all rates which were marked to be used above */ 881 supp_rates_len = rates_len; 882 if (supp_rates_len > 8) 883 supp_rates_len = 8; 884 885 pos = skb_put(skb, supp_rates_len + 2); 886 *pos++ = WLAN_EID_SUPP_RATES; 887 *pos++ = supp_rates_len; 888 889 count = 0; 890 for (i = 0; i < sband->n_bitrates; i++) { 891 if (BIT(i) & rates) { 892 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 893 5 * (1 << shift)); 894 *pos++ = (u8) rate; 895 if (++count == 8) 896 break; 897 } 898 } 899 900 if (rates_len > count) { 901 pos = skb_put(skb, rates_len - count + 2); 902 *pos++ = WLAN_EID_EXT_SUPP_RATES; 903 *pos++ = rates_len - count; 904 905 for (i++; i < sband->n_bitrates; i++) { 906 if (BIT(i) & rates) { 907 int rate; 908 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 909 5 * (1 << shift)); 910 *pos++ = (u8) rate; 911 } 912 } 913 } 914 915skip_rates: 916 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT || 917 capab & WLAN_CAPABILITY_RADIO_MEASURE) { 918 pos = skb_put(skb, 4); 919 *pos++ = WLAN_EID_PWR_CAPABILITY; 920 *pos++ = 2; 921 *pos++ = 0; /* min tx power */ 922 /* max tx power */ 923 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def); 924 } 925 926 /* 927 * Per spec, we shouldn't include the list of channels if we advertise 928 * support for extended channel switching, but we've always done that; 929 * (for now?) apply this restriction only on the (new) 6 GHz band. 930 */ 931 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT && 932 (sband->band != NL80211_BAND_6GHZ || 933 !ext_capa || ext_capa->datalen < 1 || 934 !(ext_capa->data[0] & WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING))) { 935 /* TODO: get this in reg domain format */ 936 pos = skb_put(skb, 2 * sband->n_channels + 2); 937 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 938 *pos++ = 2 * sband->n_channels; 939 for (i = 0; i < sband->n_channels; i++) { 940 *pos++ = ieee80211_frequency_to_channel( 941 sband->channels[i].center_freq); 942 *pos++ = 1; /* one channel in the subband*/ 943 } 944 } 945 946 /* Set MBSSID support for HE AP if needed */ 947 if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) && 948 !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && assoc_data->ie_len && 949 ext_capa && ext_capa->datalen >= 3) 950 ext_capa->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT; 951 952 /* if present, add any custom IEs that go before HT */ 953 if (assoc_data->ie_len) { 954 static const u8 before_ht[] = { 955 WLAN_EID_SSID, 956 WLAN_EID_SUPP_RATES, 957 WLAN_EID_EXT_SUPP_RATES, 958 WLAN_EID_PWR_CAPABILITY, 959 WLAN_EID_SUPPORTED_CHANNELS, 960 WLAN_EID_RSN, 961 WLAN_EID_QOS_CAPA, 962 WLAN_EID_RRM_ENABLED_CAPABILITIES, 963 WLAN_EID_MOBILITY_DOMAIN, 964 WLAN_EID_FAST_BSS_TRANSITION, /* reassoc only */ 965 WLAN_EID_RIC_DATA, /* reassoc only */ 966 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 967 }; 968 static const u8 after_ric[] = { 969 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 970 WLAN_EID_HT_CAPABILITY, 971 WLAN_EID_BSS_COEX_2040, 972 /* luckily this is almost always there */ 973 WLAN_EID_EXT_CAPABILITY, 974 WLAN_EID_QOS_TRAFFIC_CAPA, 975 WLAN_EID_TIM_BCAST_REQ, 976 WLAN_EID_INTERWORKING, 977 /* 60 GHz (Multi-band, DMG, MMS) can't happen */ 978 WLAN_EID_VHT_CAPABILITY, 979 WLAN_EID_OPMODE_NOTIF, 980 }; 981 982 noffset = ieee80211_ie_split_ric(assoc_data->ie, 983 assoc_data->ie_len, 984 before_ht, 985 ARRAY_SIZE(before_ht), 986 after_ric, 987 ARRAY_SIZE(after_ric), 988 offset); 989 skb_put_data(skb, assoc_data->ie + offset, noffset - offset); 990 offset = noffset; 991 } 992 993 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 994 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))) 995 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 996 997 if (sband->band != NL80211_BAND_6GHZ && 998 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 999 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param, 1000 sband, chan, sdata->smps_mode); 1001 1002 /* if present, add any custom IEs that go before VHT */ 1003 if (assoc_data->ie_len) { 1004 static const u8 before_vht[] = { 1005 /* 1006 * no need to list the ones split off before HT 1007 * or generated here 1008 */ 1009 WLAN_EID_BSS_COEX_2040, 1010 WLAN_EID_EXT_CAPABILITY, 1011 WLAN_EID_QOS_TRAFFIC_CAPA, 1012 WLAN_EID_TIM_BCAST_REQ, 1013 WLAN_EID_INTERWORKING, 1014 /* 60 GHz (Multi-band, DMG, MMS) can't happen */ 1015 }; 1016 1017 /* RIC already taken above, so no need to handle here anymore */ 1018 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 1019 before_vht, ARRAY_SIZE(before_vht), 1020 offset); 1021 skb_put_data(skb, assoc_data->ie + offset, noffset - offset); 1022 offset = noffset; 1023 } 1024 1025 /* if present, add any custom IEs that go before HE */ 1026 if (assoc_data->ie_len) { 1027 static const u8 before_he[] = { 1028 /* 1029 * no need to list the ones split off before VHT 1030 * or generated here 1031 */ 1032 WLAN_EID_OPMODE_NOTIF, 1033 WLAN_EID_EXTENSION, WLAN_EID_EXT_FUTURE_CHAN_GUIDANCE, 1034 /* 11ai elements */ 1035 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_SESSION, 1036 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_PUBLIC_KEY, 1037 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_KEY_CONFIRM, 1038 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_HLP_CONTAINER, 1039 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_IP_ADDR_ASSIGN, 1040 /* TODO: add 11ah/11aj/11ak elements */ 1041 }; 1042 1043 /* RIC already taken above, so no need to handle here anymore */ 1044 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len, 1045 before_he, ARRAY_SIZE(before_he), 1046 offset); 1047 pos = skb_put(skb, noffset - offset); 1048 memcpy(pos, assoc_data->ie + offset, noffset - offset); 1049 offset = noffset; 1050 } 1051 1052 if (sband->band != NL80211_BAND_6GHZ && 1053 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 1054 ieee80211_add_vht_ie(sdata, skb, sband, 1055 &assoc_data->ap_vht_cap); 1056 1057 /* 1058 * If AP doesn't support HT, mark HE and EHT as disabled. 1059 * If on the 5GHz band, make sure it supports VHT. 1060 */ 1061 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || 1062 (sband->band == NL80211_BAND_5GHZ && 1063 ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 1064 ifmgd->flags |= IEEE80211_STA_DISABLE_HE | 1065 IEEE80211_STA_DISABLE_EHT; 1066 1067 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE)) { 1068 ieee80211_add_he_ie(sdata, skb, sband); 1069 1070 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_EHT)) 1071 ieee80211_add_eht_ie(sdata, skb, sband); 1072 } 1073 1074 /* if present, add any custom non-vendor IEs that go after HE */ 1075 if (assoc_data->ie_len) { 1076 noffset = ieee80211_ie_split_vendor(assoc_data->ie, 1077 assoc_data->ie_len, 1078 offset); 1079 skb_put_data(skb, assoc_data->ie + offset, noffset - offset); 1080 offset = noffset; 1081 } 1082 1083 if (assoc_data->wmm) { 1084 if (assoc_data->uapsd) { 1085 qos_info = ifmgd->uapsd_queues; 1086 qos_info |= (ifmgd->uapsd_max_sp_len << 1087 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 1088 } else { 1089 qos_info = 0; 1090 } 1091 1092 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info); 1093 } 1094 1095 if (sband->band == NL80211_BAND_S1GHZ) { 1096 ieee80211_add_aid_request_ie(sdata, skb); 1097 ieee80211_add_s1g_capab_ie(sdata, &sband->s1g_cap, skb); 1098 } 1099 1100 if (iftd && iftd->vendor_elems.data && iftd->vendor_elems.len) 1101 skb_put_data(skb, iftd->vendor_elems.data, iftd->vendor_elems.len); 1102 1103 /* add any remaining custom (i.e. vendor specific here) IEs */ 1104 if (assoc_data->ie_len) { 1105 noffset = assoc_data->ie_len; 1106 skb_put_data(skb, assoc_data->ie + offset, noffset - offset); 1107 } 1108 1109 if (assoc_data->fils_kek_len) { 1110 ret = fils_encrypt_assoc_req(skb, assoc_data); 1111 if (ret < 0) { 1112 dev_kfree_skb(skb); 1113 return ret; 1114 } 1115 } 1116 1117 pos = skb_tail_pointer(skb); 1118 kfree(ifmgd->assoc_req_ies); 1119 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC); 1120 if (!ifmgd->assoc_req_ies) { 1121 dev_kfree_skb(skb); 1122 return -ENOMEM; 1123 } 1124 1125 ifmgd->assoc_req_ies_len = pos - ie_start; 1126 1127 drv_mgd_prepare_tx(local, sdata, &info); 1128 1129 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 1130 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 1131 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 1132 IEEE80211_TX_INTFL_MLME_CONN_TX; 1133 ieee80211_tx_skb(sdata, skb); 1134 1135 return 0; 1136} 1137 1138void ieee80211_send_pspoll(struct ieee80211_local *local, 1139 struct ieee80211_sub_if_data *sdata) 1140{ 1141 struct ieee80211_pspoll *pspoll; 1142 struct sk_buff *skb; 1143 1144 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif); 1145 if (!skb) 1146 return; 1147 1148 pspoll = (struct ieee80211_pspoll *) skb->data; 1149 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 1150 1151 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 1152 ieee80211_tx_skb(sdata, skb); 1153} 1154 1155void ieee80211_send_nullfunc(struct ieee80211_local *local, 1156 struct ieee80211_sub_if_data *sdata, 1157 bool powersave) 1158{ 1159 struct sk_buff *skb; 1160 struct ieee80211_hdr_3addr *nullfunc; 1161 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1162 1163 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif, 1164 !ieee80211_hw_check(&local->hw, DOESNT_SUPPORT_QOS_NDP)); 1165 if (!skb) 1166 return; 1167 1168 nullfunc = (struct ieee80211_hdr_3addr *) skb->data; 1169 if (powersave) 1170 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); 1171 1172 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 1173 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 1174 1175 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 1176 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS; 1177 1178 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 1179 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE; 1180 1181 ieee80211_tx_skb(sdata, skb); 1182} 1183 1184void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local, 1185 struct ieee80211_sub_if_data *sdata) 1186{ 1187 struct sk_buff *skb; 1188 struct ieee80211_hdr *nullfunc; 1189 __le16 fc; 1190 1191 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 1192 return; 1193 1194 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30); 1195 if (!skb) 1196 return; 1197 1198 skb_reserve(skb, local->hw.extra_tx_headroom); 1199 1200 nullfunc = skb_put_zero(skb, 30); 1201 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 1202 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 1203 nullfunc->frame_control = fc; 1204 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN); 1205 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 1206 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN); 1207 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN); 1208 1209 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 1210 ieee80211_tx_skb(sdata, skb); 1211} 1212 1213/* spectrum management related things */ 1214static void ieee80211_chswitch_work(struct work_struct *work) 1215{ 1216 struct ieee80211_sub_if_data *sdata = 1217 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 1218 struct ieee80211_local *local = sdata->local; 1219 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1220 int ret; 1221 1222 if (!ieee80211_sdata_running(sdata)) 1223 return; 1224 1225 sdata_lock(sdata); 1226 mutex_lock(&local->mtx); 1227 mutex_lock(&local->chanctx_mtx); 1228 1229 if (!ifmgd->associated) 1230 goto out; 1231 1232 if (!sdata->vif.csa_active) 1233 goto out; 1234 1235 /* 1236 * using reservation isn't immediate as it may be deferred until later 1237 * with multi-vif. once reservation is complete it will re-schedule the 1238 * work with no reserved_chanctx so verify chandef to check if it 1239 * completed successfully 1240 */ 1241 1242 if (sdata->reserved_chanctx) { 1243 /* 1244 * with multi-vif csa driver may call ieee80211_csa_finish() 1245 * many times while waiting for other interfaces to use their 1246 * reservations 1247 */ 1248 if (sdata->reserved_ready) 1249 goto out; 1250 1251 ret = ieee80211_vif_use_reserved_context(sdata); 1252 if (ret) { 1253 sdata_info(sdata, 1254 "failed to use reserved channel context, disconnecting (err=%d)\n", 1255 ret); 1256 ieee80211_queue_work(&sdata->local->hw, 1257 &ifmgd->csa_connection_drop_work); 1258 goto out; 1259 } 1260 1261 goto out; 1262 } 1263 1264 if (!cfg80211_chandef_identical(&sdata->vif.bss_conf.chandef, 1265 &sdata->csa_chandef)) { 1266 sdata_info(sdata, 1267 "failed to finalize channel switch, disconnecting\n"); 1268 ieee80211_queue_work(&sdata->local->hw, 1269 &ifmgd->csa_connection_drop_work); 1270 goto out; 1271 } 1272 1273 ifmgd->csa_waiting_bcn = true; 1274 1275 ieee80211_sta_reset_beacon_monitor(sdata); 1276 ieee80211_sta_reset_conn_monitor(sdata); 1277 1278out: 1279 mutex_unlock(&local->chanctx_mtx); 1280 mutex_unlock(&local->mtx); 1281 sdata_unlock(sdata); 1282} 1283 1284static void ieee80211_chswitch_post_beacon(struct ieee80211_sub_if_data *sdata) 1285{ 1286 struct ieee80211_local *local = sdata->local; 1287 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1288 int ret; 1289 1290 sdata_assert_lock(sdata); 1291 1292 WARN_ON(!sdata->vif.csa_active); 1293 1294 if (sdata->csa_block_tx) { 1295 ieee80211_wake_vif_queues(local, sdata, 1296 IEEE80211_QUEUE_STOP_REASON_CSA); 1297 sdata->csa_block_tx = false; 1298 } 1299 1300 sdata->vif.csa_active = false; 1301 ifmgd->csa_waiting_bcn = false; 1302 /* 1303 * If the CSA IE is still present on the beacon after the switch, 1304 * we need to consider it as a new CSA (possibly to self). 1305 */ 1306 ifmgd->beacon_crc_valid = false; 1307 1308 ret = drv_post_channel_switch(sdata); 1309 if (ret) { 1310 sdata_info(sdata, 1311 "driver post channel switch failed, disconnecting\n"); 1312 ieee80211_queue_work(&local->hw, 1313 &ifmgd->csa_connection_drop_work); 1314 return; 1315 } 1316 1317 cfg80211_ch_switch_notify(sdata->dev, &sdata->reserved_chandef); 1318} 1319 1320void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success) 1321{ 1322 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1323 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1324 1325 trace_api_chswitch_done(sdata, success); 1326 if (!success) { 1327 sdata_info(sdata, 1328 "driver channel switch failed, disconnecting\n"); 1329 ieee80211_queue_work(&sdata->local->hw, 1330 &ifmgd->csa_connection_drop_work); 1331 } else { 1332 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1333 } 1334} 1335EXPORT_SYMBOL(ieee80211_chswitch_done); 1336 1337static void ieee80211_chswitch_timer(struct timer_list *t) 1338{ 1339 struct ieee80211_sub_if_data *sdata = 1340 from_timer(sdata, t, u.mgd.chswitch_timer); 1341 1342 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 1343} 1344 1345static void 1346ieee80211_sta_abort_chanswitch(struct ieee80211_sub_if_data *sdata) 1347{ 1348 struct ieee80211_local *local = sdata->local; 1349 1350 if (!local->ops->abort_channel_switch) 1351 return; 1352 1353 mutex_lock(&local->mtx); 1354 1355 mutex_lock(&local->chanctx_mtx); 1356 ieee80211_vif_unreserve_chanctx(sdata); 1357 mutex_unlock(&local->chanctx_mtx); 1358 1359 if (sdata->csa_block_tx) 1360 ieee80211_wake_vif_queues(local, sdata, 1361 IEEE80211_QUEUE_STOP_REASON_CSA); 1362 1363 sdata->csa_block_tx = false; 1364 sdata->vif.csa_active = false; 1365 1366 mutex_unlock(&local->mtx); 1367 1368 drv_abort_channel_switch(sdata); 1369} 1370 1371static void 1372ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1373 u64 timestamp, u32 device_timestamp, 1374 struct ieee802_11_elems *elems, 1375 bool beacon) 1376{ 1377 struct ieee80211_local *local = sdata->local; 1378 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1379 struct cfg80211_bss *cbss = ifmgd->assoc_bss; 1380 struct ieee80211_chanctx_conf *conf; 1381 struct ieee80211_chanctx *chanctx; 1382 enum nl80211_band current_band; 1383 struct ieee80211_csa_ie csa_ie; 1384 struct ieee80211_channel_switch ch_switch; 1385 struct ieee80211_bss *bss; 1386 int res; 1387 1388 sdata_assert_lock(sdata); 1389 1390 if (!cbss) 1391 return; 1392 1393 if (local->scanning) 1394 return; 1395 1396 current_band = cbss->channel->band; 1397 bss = (void *)cbss->priv; 1398 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band, 1399 bss->vht_cap_info, 1400 ifmgd->flags, 1401 ifmgd->bssid, &csa_ie); 1402 1403 if (!res) { 1404 ch_switch.timestamp = timestamp; 1405 ch_switch.device_timestamp = device_timestamp; 1406 ch_switch.block_tx = csa_ie.mode; 1407 ch_switch.chandef = csa_ie.chandef; 1408 ch_switch.count = csa_ie.count; 1409 ch_switch.delay = csa_ie.max_switch_time; 1410 } 1411 1412 if (res < 0) 1413 goto lock_and_drop_connection; 1414 1415 if (beacon && sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) { 1416 if (res) 1417 ieee80211_sta_abort_chanswitch(sdata); 1418 else 1419 drv_channel_switch_rx_beacon(sdata, &ch_switch); 1420 return; 1421 } else if (sdata->vif.csa_active || res) { 1422 /* disregard subsequent announcements if already processing */ 1423 return; 1424 } 1425 1426 if (sdata->vif.bss_conf.chandef.chan->band != 1427 csa_ie.chandef.chan->band) { 1428 sdata_info(sdata, 1429 "AP %pM switches to different band (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n", 1430 ifmgd->bssid, 1431 csa_ie.chandef.chan->center_freq, 1432 csa_ie.chandef.width, csa_ie.chandef.center_freq1, 1433 csa_ie.chandef.center_freq2); 1434 goto lock_and_drop_connection; 1435 } 1436 1437 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef, 1438 IEEE80211_CHAN_DISABLED)) { 1439 sdata_info(sdata, 1440 "AP %pM switches to unsupported channel " 1441 "(%d.%03d MHz, width:%d, CF1/2: %d.%03d/%d MHz), " 1442 "disconnecting\n", 1443 ifmgd->bssid, 1444 csa_ie.chandef.chan->center_freq, 1445 csa_ie.chandef.chan->freq_offset, 1446 csa_ie.chandef.width, csa_ie.chandef.center_freq1, 1447 csa_ie.chandef.freq1_offset, 1448 csa_ie.chandef.center_freq2); 1449 goto lock_and_drop_connection; 1450 } 1451 1452 if (cfg80211_chandef_identical(&csa_ie.chandef, 1453 &sdata->vif.bss_conf.chandef) && 1454 (!csa_ie.mode || !beacon)) { 1455 if (ifmgd->csa_ignored_same_chan) 1456 return; 1457 sdata_info(sdata, 1458 "AP %pM tries to chanswitch to same channel, ignore\n", 1459 ifmgd->bssid); 1460 ifmgd->csa_ignored_same_chan = true; 1461 return; 1462 } 1463 1464 /* 1465 * Drop all TDLS peers - either we disconnect or move to a different 1466 * channel from this point on. There's no telling what our peer will do. 1467 * The TDLS WIDER_BW scenario is also problematic, as peers might now 1468 * have an incompatible wider chandef. 1469 */ 1470 ieee80211_teardown_tdls_peers(sdata); 1471 1472 mutex_lock(&local->mtx); 1473 mutex_lock(&local->chanctx_mtx); 1474 conf = rcu_dereference_protected(sdata->vif.chanctx_conf, 1475 lockdep_is_held(&local->chanctx_mtx)); 1476 if (!conf) { 1477 sdata_info(sdata, 1478 "no channel context assigned to vif?, disconnecting\n"); 1479 goto drop_connection; 1480 } 1481 1482 chanctx = container_of(conf, struct ieee80211_chanctx, conf); 1483 1484 if (local->use_chanctx && 1485 !ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) { 1486 sdata_info(sdata, 1487 "driver doesn't support chan-switch with channel contexts\n"); 1488 goto drop_connection; 1489 } 1490 1491 if (drv_pre_channel_switch(sdata, &ch_switch)) { 1492 sdata_info(sdata, 1493 "preparing for channel switch failed, disconnecting\n"); 1494 goto drop_connection; 1495 } 1496 1497 res = ieee80211_vif_reserve_chanctx(sdata, &csa_ie.chandef, 1498 chanctx->mode, false); 1499 if (res) { 1500 sdata_info(sdata, 1501 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n", 1502 res); 1503 goto drop_connection; 1504 } 1505 mutex_unlock(&local->chanctx_mtx); 1506 1507 sdata->vif.csa_active = true; 1508 sdata->csa_chandef = csa_ie.chandef; 1509 sdata->csa_block_tx = csa_ie.mode; 1510 ifmgd->csa_ignored_same_chan = false; 1511 ifmgd->beacon_crc_valid = false; 1512 1513 if (sdata->csa_block_tx) 1514 ieee80211_stop_vif_queues(local, sdata, 1515 IEEE80211_QUEUE_STOP_REASON_CSA); 1516 mutex_unlock(&local->mtx); 1517 1518 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chandef, 1519 csa_ie.count, csa_ie.mode); 1520 1521 if (local->ops->channel_switch) { 1522 /* use driver's channel switch callback */ 1523 drv_channel_switch(local, sdata, &ch_switch); 1524 return; 1525 } 1526 1527 /* channel switch handled in software */ 1528 if (csa_ie.count <= 1) 1529 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work); 1530 else 1531 mod_timer(&ifmgd->chswitch_timer, 1532 TU_TO_EXP_TIME((csa_ie.count - 1) * 1533 cbss->beacon_interval)); 1534 return; 1535 lock_and_drop_connection: 1536 mutex_lock(&local->mtx); 1537 mutex_lock(&local->chanctx_mtx); 1538 drop_connection: 1539 /* 1540 * This is just so that the disconnect flow will know that 1541 * we were trying to switch channel and failed. In case the 1542 * mode is 1 (we are not allowed to Tx), we will know not to 1543 * send a deauthentication frame. Those two fields will be 1544 * reset when the disconnection worker runs. 1545 */ 1546 sdata->vif.csa_active = true; 1547 sdata->csa_block_tx = csa_ie.mode; 1548 1549 ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work); 1550 mutex_unlock(&local->chanctx_mtx); 1551 mutex_unlock(&local->mtx); 1552} 1553 1554static bool 1555ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata, 1556 struct ieee80211_channel *channel, 1557 const u8 *country_ie, u8 country_ie_len, 1558 const u8 *pwr_constr_elem, 1559 int *chan_pwr, int *pwr_reduction) 1560{ 1561 struct ieee80211_country_ie_triplet *triplet; 1562 int chan = ieee80211_frequency_to_channel(channel->center_freq); 1563 int i, chan_increment; 1564 bool have_chan_pwr = false; 1565 1566 /* Invalid IE */ 1567 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN) 1568 return false; 1569 1570 triplet = (void *)(country_ie + 3); 1571 country_ie_len -= 3; 1572 1573 switch (channel->band) { 1574 default: 1575 WARN_ON_ONCE(1); 1576 fallthrough; 1577 case NL80211_BAND_2GHZ: 1578 case NL80211_BAND_60GHZ: 1579 case NL80211_BAND_LC: 1580 chan_increment = 1; 1581 break; 1582 case NL80211_BAND_5GHZ: 1583 chan_increment = 4; 1584 break; 1585 case NL80211_BAND_6GHZ: 1586 /* 1587 * In the 6 GHz band, the "maximum transmit power level" 1588 * field in the triplets is reserved, and thus will be 1589 * zero and we shouldn't use it to control TX power. 1590 * The actual TX power will be given in the transmit 1591 * power envelope element instead. 1592 */ 1593 return false; 1594 } 1595 1596 /* find channel */ 1597 while (country_ie_len >= 3) { 1598 u8 first_channel = triplet->chans.first_channel; 1599 1600 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID) 1601 goto next; 1602 1603 for (i = 0; i < triplet->chans.num_channels; i++) { 1604 if (first_channel + i * chan_increment == chan) { 1605 have_chan_pwr = true; 1606 *chan_pwr = triplet->chans.max_power; 1607 break; 1608 } 1609 } 1610 if (have_chan_pwr) 1611 break; 1612 1613 next: 1614 triplet++; 1615 country_ie_len -= 3; 1616 } 1617 1618 if (have_chan_pwr && pwr_constr_elem) 1619 *pwr_reduction = *pwr_constr_elem; 1620 else 1621 *pwr_reduction = 0; 1622 1623 return have_chan_pwr; 1624} 1625 1626static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata, 1627 struct ieee80211_channel *channel, 1628 const u8 *cisco_dtpc_ie, 1629 int *pwr_level) 1630{ 1631 /* From practical testing, the first data byte of the DTPC element 1632 * seems to contain the requested dBm level, and the CLI on Cisco 1633 * APs clearly state the range is -127 to 127 dBm, which indicates 1634 * a signed byte, although it seemingly never actually goes negative. 1635 * The other byte seems to always be zero. 1636 */ 1637 *pwr_level = (__s8)cisco_dtpc_ie[4]; 1638} 1639 1640static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1641 struct ieee80211_channel *channel, 1642 struct ieee80211_mgmt *mgmt, 1643 const u8 *country_ie, u8 country_ie_len, 1644 const u8 *pwr_constr_ie, 1645 const u8 *cisco_dtpc_ie) 1646{ 1647 bool has_80211h_pwr = false, has_cisco_pwr = false; 1648 int chan_pwr = 0, pwr_reduction_80211h = 0; 1649 int pwr_level_cisco, pwr_level_80211h; 1650 int new_ap_level; 1651 __le16 capab = mgmt->u.probe_resp.capab_info; 1652 1653 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) 1654 return 0; /* TODO */ 1655 1656 if (country_ie && 1657 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) || 1658 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) { 1659 has_80211h_pwr = ieee80211_find_80211h_pwr_constr( 1660 sdata, channel, country_ie, country_ie_len, 1661 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h); 1662 pwr_level_80211h = 1663 max_t(int, 0, chan_pwr - pwr_reduction_80211h); 1664 } 1665 1666 if (cisco_dtpc_ie) { 1667 ieee80211_find_cisco_dtpc( 1668 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco); 1669 has_cisco_pwr = true; 1670 } 1671 1672 if (!has_80211h_pwr && !has_cisco_pwr) 1673 return 0; 1674 1675 /* If we have both 802.11h and Cisco DTPC, apply both limits 1676 * by picking the smallest of the two power levels advertised. 1677 */ 1678 if (has_80211h_pwr && 1679 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) { 1680 new_ap_level = pwr_level_80211h; 1681 1682 if (sdata->ap_power_level == new_ap_level) 1683 return 0; 1684 1685 sdata_dbg(sdata, 1686 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n", 1687 pwr_level_80211h, chan_pwr, pwr_reduction_80211h, 1688 sdata->u.mgd.bssid); 1689 } else { /* has_cisco_pwr is always true here. */ 1690 new_ap_level = pwr_level_cisco; 1691 1692 if (sdata->ap_power_level == new_ap_level) 1693 return 0; 1694 1695 sdata_dbg(sdata, 1696 "Limiting TX power to %d dBm as advertised by %pM\n", 1697 pwr_level_cisco, sdata->u.mgd.bssid); 1698 } 1699 1700 sdata->ap_power_level = new_ap_level; 1701 if (__ieee80211_recalc_txpower(sdata)) 1702 return BSS_CHANGED_TXPOWER; 1703 return 0; 1704} 1705 1706/* powersave */ 1707static void ieee80211_enable_ps(struct ieee80211_local *local, 1708 struct ieee80211_sub_if_data *sdata) 1709{ 1710 struct ieee80211_conf *conf = &local->hw.conf; 1711 1712 /* 1713 * If we are scanning right now then the parameters will 1714 * take effect when scan finishes. 1715 */ 1716 if (local->scanning) 1717 return; 1718 1719 if (conf->dynamic_ps_timeout > 0 && 1720 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) { 1721 mod_timer(&local->dynamic_ps_timer, jiffies + 1722 msecs_to_jiffies(conf->dynamic_ps_timeout)); 1723 } else { 1724 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) 1725 ieee80211_send_nullfunc(local, sdata, true); 1726 1727 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) && 1728 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 1729 return; 1730 1731 conf->flags |= IEEE80211_CONF_PS; 1732 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1733 } 1734} 1735 1736static void ieee80211_change_ps(struct ieee80211_local *local) 1737{ 1738 struct ieee80211_conf *conf = &local->hw.conf; 1739 1740 if (local->ps_sdata) { 1741 ieee80211_enable_ps(local, local->ps_sdata); 1742 } else if (conf->flags & IEEE80211_CONF_PS) { 1743 conf->flags &= ~IEEE80211_CONF_PS; 1744 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1745 del_timer_sync(&local->dynamic_ps_timer); 1746 cancel_work_sync(&local->dynamic_ps_enable_work); 1747 } 1748} 1749 1750static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata) 1751{ 1752 struct ieee80211_if_managed *mgd = &sdata->u.mgd; 1753 struct sta_info *sta = NULL; 1754 bool authorized = false; 1755 1756 if (!mgd->powersave) 1757 return false; 1758 1759 if (mgd->broken_ap) 1760 return false; 1761 1762 if (!mgd->associated) 1763 return false; 1764 1765 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL) 1766 return false; 1767 1768 if (!mgd->have_beacon) 1769 return false; 1770 1771 rcu_read_lock(); 1772 sta = sta_info_get(sdata, mgd->bssid); 1773 if (sta) 1774 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED); 1775 rcu_read_unlock(); 1776 1777 return authorized; 1778} 1779 1780/* need to hold RTNL or interface lock */ 1781void ieee80211_recalc_ps(struct ieee80211_local *local) 1782{ 1783 struct ieee80211_sub_if_data *sdata, *found = NULL; 1784 int count = 0; 1785 int timeout; 1786 1787 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS)) { 1788 local->ps_sdata = NULL; 1789 return; 1790 } 1791 1792 list_for_each_entry(sdata, &local->interfaces, list) { 1793 if (!ieee80211_sdata_running(sdata)) 1794 continue; 1795 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1796 /* If an AP vif is found, then disable PS 1797 * by setting the count to zero thereby setting 1798 * ps_sdata to NULL. 1799 */ 1800 count = 0; 1801 break; 1802 } 1803 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1804 continue; 1805 found = sdata; 1806 count++; 1807 } 1808 1809 if (count == 1 && ieee80211_powersave_allowed(found)) { 1810 u8 dtimper = found->u.mgd.dtim_period; 1811 1812 timeout = local->dynamic_ps_forced_timeout; 1813 if (timeout < 0) 1814 timeout = 100; 1815 local->hw.conf.dynamic_ps_timeout = timeout; 1816 1817 /* If the TIM IE is invalid, pretend the value is 1 */ 1818 if (!dtimper) 1819 dtimper = 1; 1820 1821 local->hw.conf.ps_dtim_period = dtimper; 1822 local->ps_sdata = found; 1823 } else { 1824 local->ps_sdata = NULL; 1825 } 1826 1827 ieee80211_change_ps(local); 1828} 1829 1830void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata) 1831{ 1832 bool ps_allowed = ieee80211_powersave_allowed(sdata); 1833 1834 if (sdata->vif.bss_conf.ps != ps_allowed) { 1835 sdata->vif.bss_conf.ps = ps_allowed; 1836 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS); 1837 } 1838} 1839 1840void ieee80211_dynamic_ps_disable_work(struct work_struct *work) 1841{ 1842 struct ieee80211_local *local = 1843 container_of(work, struct ieee80211_local, 1844 dynamic_ps_disable_work); 1845 1846 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1847 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1848 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1849 } 1850 1851 ieee80211_wake_queues_by_reason(&local->hw, 1852 IEEE80211_MAX_QUEUE_MAP, 1853 IEEE80211_QUEUE_STOP_REASON_PS, 1854 false); 1855} 1856 1857void ieee80211_dynamic_ps_enable_work(struct work_struct *work) 1858{ 1859 struct ieee80211_local *local = 1860 container_of(work, struct ieee80211_local, 1861 dynamic_ps_enable_work); 1862 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 1863 struct ieee80211_if_managed *ifmgd; 1864 unsigned long flags; 1865 int q; 1866 1867 /* can only happen when PS was just disabled anyway */ 1868 if (!sdata) 1869 return; 1870 1871 ifmgd = &sdata->u.mgd; 1872 1873 if (local->hw.conf.flags & IEEE80211_CONF_PS) 1874 return; 1875 1876 if (local->hw.conf.dynamic_ps_timeout > 0) { 1877 /* don't enter PS if TX frames are pending */ 1878 if (drv_tx_frames_pending(local)) { 1879 mod_timer(&local->dynamic_ps_timer, jiffies + 1880 msecs_to_jiffies( 1881 local->hw.conf.dynamic_ps_timeout)); 1882 return; 1883 } 1884 1885 /* 1886 * transmission can be stopped by others which leads to 1887 * dynamic_ps_timer expiry. Postpone the ps timer if it 1888 * is not the actual idle state. 1889 */ 1890 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1891 for (q = 0; q < local->hw.queues; q++) { 1892 if (local->queue_stop_reasons[q]) { 1893 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 1894 flags); 1895 mod_timer(&local->dynamic_ps_timer, jiffies + 1896 msecs_to_jiffies( 1897 local->hw.conf.dynamic_ps_timeout)); 1898 return; 1899 } 1900 } 1901 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1902 } 1903 1904 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) && 1905 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1906 if (drv_tx_frames_pending(local)) { 1907 mod_timer(&local->dynamic_ps_timer, jiffies + 1908 msecs_to_jiffies( 1909 local->hw.conf.dynamic_ps_timeout)); 1910 } else { 1911 ieee80211_send_nullfunc(local, sdata, true); 1912 /* Flush to get the tx status of nullfunc frame */ 1913 ieee80211_flush_queues(local, sdata, false); 1914 } 1915 } 1916 1917 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) && 1918 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) || 1919 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1920 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 1921 local->hw.conf.flags |= IEEE80211_CONF_PS; 1922 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1923 } 1924} 1925 1926void ieee80211_dynamic_ps_timer(struct timer_list *t) 1927{ 1928 struct ieee80211_local *local = from_timer(local, t, dynamic_ps_timer); 1929 1930 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work); 1931} 1932 1933void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1934{ 1935 struct delayed_work *delayed_work = to_delayed_work(work); 1936 struct ieee80211_sub_if_data *sdata = 1937 container_of(delayed_work, struct ieee80211_sub_if_data, 1938 dfs_cac_timer_work); 1939 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef; 1940 1941 mutex_lock(&sdata->local->mtx); 1942 if (sdata->wdev.cac_started) { 1943 ieee80211_vif_release_channel(sdata); 1944 cfg80211_cac_event(sdata->dev, &chandef, 1945 NL80211_RADAR_CAC_FINISHED, 1946 GFP_KERNEL); 1947 } 1948 mutex_unlock(&sdata->local->mtx); 1949} 1950 1951static bool 1952__ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 1953{ 1954 struct ieee80211_local *local = sdata->local; 1955 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1956 bool ret = false; 1957 int ac; 1958 1959 if (local->hw.queues < IEEE80211_NUM_ACS) 1960 return false; 1961 1962 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 1963 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac]; 1964 int non_acm_ac; 1965 unsigned long now = jiffies; 1966 1967 if (tx_tspec->action == TX_TSPEC_ACTION_NONE && 1968 tx_tspec->admitted_time && 1969 time_after(now, tx_tspec->time_slice_start + HZ)) { 1970 tx_tspec->consumed_tx_time = 0; 1971 tx_tspec->time_slice_start = now; 1972 1973 if (tx_tspec->downgraded) 1974 tx_tspec->action = 1975 TX_TSPEC_ACTION_STOP_DOWNGRADE; 1976 } 1977 1978 switch (tx_tspec->action) { 1979 case TX_TSPEC_ACTION_STOP_DOWNGRADE: 1980 /* take the original parameters */ 1981 if (drv_conf_tx(local, sdata, ac, &sdata->tx_conf[ac])) 1982 sdata_err(sdata, 1983 "failed to set TX queue parameters for queue %d\n", 1984 ac); 1985 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1986 tx_tspec->downgraded = false; 1987 ret = true; 1988 break; 1989 case TX_TSPEC_ACTION_DOWNGRADE: 1990 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 1991 tx_tspec->action = TX_TSPEC_ACTION_NONE; 1992 ret = true; 1993 break; 1994 } 1995 /* downgrade next lower non-ACM AC */ 1996 for (non_acm_ac = ac + 1; 1997 non_acm_ac < IEEE80211_NUM_ACS; 1998 non_acm_ac++) 1999 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac))) 2000 break; 2001 /* Usually the loop will result in using BK even if it 2002 * requires admission control, but such a configuration 2003 * makes no sense and we have to transmit somehow - the 2004 * AC selection does the same thing. 2005 * If we started out trying to downgrade from BK, then 2006 * the extra condition here might be needed. 2007 */ 2008 if (non_acm_ac >= IEEE80211_NUM_ACS) 2009 non_acm_ac = IEEE80211_AC_BK; 2010 if (drv_conf_tx(local, sdata, ac, 2011 &sdata->tx_conf[non_acm_ac])) 2012 sdata_err(sdata, 2013 "failed to set TX queue parameters for queue %d\n", 2014 ac); 2015 tx_tspec->action = TX_TSPEC_ACTION_NONE; 2016 ret = true; 2017 schedule_delayed_work(&ifmgd->tx_tspec_wk, 2018 tx_tspec->time_slice_start + HZ - now + 1); 2019 break; 2020 case TX_TSPEC_ACTION_NONE: 2021 /* nothing now */ 2022 break; 2023 } 2024 } 2025 2026 return ret; 2027} 2028 2029void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata) 2030{ 2031 if (__ieee80211_sta_handle_tspec_ac_params(sdata)) 2032 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS); 2033} 2034 2035static void ieee80211_sta_handle_tspec_ac_params_wk(struct work_struct *work) 2036{ 2037 struct ieee80211_sub_if_data *sdata; 2038 2039 sdata = container_of(work, struct ieee80211_sub_if_data, 2040 u.mgd.tx_tspec_wk.work); 2041 ieee80211_sta_handle_tspec_ac_params(sdata); 2042} 2043 2044/* MLME */ 2045static bool 2046ieee80211_sta_wmm_params(struct ieee80211_local *local, 2047 struct ieee80211_sub_if_data *sdata, 2048 const u8 *wmm_param, size_t wmm_param_len, 2049 const struct ieee80211_mu_edca_param_set *mu_edca) 2050{ 2051 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS]; 2052 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2053 size_t left; 2054 int count, mu_edca_count, ac; 2055 const u8 *pos; 2056 u8 uapsd_queues = 0; 2057 2058 if (!local->ops->conf_tx) 2059 return false; 2060 2061 if (local->hw.queues < IEEE80211_NUM_ACS) 2062 return false; 2063 2064 if (!wmm_param) 2065 return false; 2066 2067 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 2068 return false; 2069 2070 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 2071 uapsd_queues = ifmgd->uapsd_queues; 2072 2073 count = wmm_param[6] & 0x0f; 2074 /* -1 is the initial value of ifmgd->mu_edca_last_param_set. 2075 * if mu_edca was preset before and now it disappeared tell 2076 * the driver about it. 2077 */ 2078 mu_edca_count = mu_edca ? mu_edca->mu_qos_info & 0x0f : -1; 2079 if (count == ifmgd->wmm_last_param_set && 2080 mu_edca_count == ifmgd->mu_edca_last_param_set) 2081 return false; 2082 ifmgd->wmm_last_param_set = count; 2083 ifmgd->mu_edca_last_param_set = mu_edca_count; 2084 2085 pos = wmm_param + 8; 2086 left = wmm_param_len - 8; 2087 2088 memset(¶ms, 0, sizeof(params)); 2089 2090 sdata->wmm_acm = 0; 2091 for (; left >= 4; left -= 4, pos += 4) { 2092 int aci = (pos[0] >> 5) & 0x03; 2093 int acm = (pos[0] >> 4) & 0x01; 2094 bool uapsd = false; 2095 2096 switch (aci) { 2097 case 1: /* AC_BK */ 2098 ac = IEEE80211_AC_BK; 2099 if (acm) 2100 sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 2101 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) 2102 uapsd = true; 2103 params[ac].mu_edca = !!mu_edca; 2104 if (mu_edca) 2105 params[ac].mu_edca_param_rec = mu_edca->ac_bk; 2106 break; 2107 case 2: /* AC_VI */ 2108 ac = IEEE80211_AC_VI; 2109 if (acm) 2110 sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 2111 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) 2112 uapsd = true; 2113 params[ac].mu_edca = !!mu_edca; 2114 if (mu_edca) 2115 params[ac].mu_edca_param_rec = mu_edca->ac_vi; 2116 break; 2117 case 3: /* AC_VO */ 2118 ac = IEEE80211_AC_VO; 2119 if (acm) 2120 sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 2121 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 2122 uapsd = true; 2123 params[ac].mu_edca = !!mu_edca; 2124 if (mu_edca) 2125 params[ac].mu_edca_param_rec = mu_edca->ac_vo; 2126 break; 2127 case 0: /* AC_BE */ 2128 default: 2129 ac = IEEE80211_AC_BE; 2130 if (acm) 2131 sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 2132 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) 2133 uapsd = true; 2134 params[ac].mu_edca = !!mu_edca; 2135 if (mu_edca) 2136 params[ac].mu_edca_param_rec = mu_edca->ac_be; 2137 break; 2138 } 2139 2140 params[ac].aifs = pos[0] & 0x0f; 2141 2142 if (params[ac].aifs < 2) { 2143 sdata_info(sdata, 2144 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n", 2145 params[ac].aifs, aci); 2146 params[ac].aifs = 2; 2147 } 2148 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 2149 params[ac].cw_min = ecw2cw(pos[1] & 0x0f); 2150 params[ac].txop = get_unaligned_le16(pos + 2); 2151 params[ac].acm = acm; 2152 params[ac].uapsd = uapsd; 2153 2154 if (params[ac].cw_min == 0 || 2155 params[ac].cw_min > params[ac].cw_max) { 2156 sdata_info(sdata, 2157 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n", 2158 params[ac].cw_min, params[ac].cw_max, aci); 2159 return false; 2160 } 2161 ieee80211_regulatory_limit_wmm_params(sdata, ¶ms[ac], ac); 2162 } 2163 2164 /* WMM specification requires all 4 ACIs. */ 2165 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 2166 if (params[ac].cw_min == 0) { 2167 sdata_info(sdata, 2168 "AP has invalid WMM params (missing AC %d), using defaults\n", 2169 ac); 2170 return false; 2171 } 2172 } 2173 2174 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 2175 mlme_dbg(sdata, 2176 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n", 2177 ac, params[ac].acm, 2178 params[ac].aifs, params[ac].cw_min, params[ac].cw_max, 2179 params[ac].txop, params[ac].uapsd, 2180 ifmgd->tx_tspec[ac].downgraded); 2181 sdata->tx_conf[ac] = params[ac]; 2182 if (!ifmgd->tx_tspec[ac].downgraded && 2183 drv_conf_tx(local, sdata, ac, ¶ms[ac])) 2184 sdata_err(sdata, 2185 "failed to set TX queue parameters for AC %d\n", 2186 ac); 2187 } 2188 2189 /* enable WMM or activate new settings */ 2190 sdata->vif.bss_conf.qos = true; 2191 return true; 2192} 2193 2194static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 2195{ 2196 lockdep_assert_held(&sdata->local->mtx); 2197 2198 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL; 2199 ieee80211_run_deferred_scan(sdata->local); 2200} 2201 2202static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata) 2203{ 2204 mutex_lock(&sdata->local->mtx); 2205 __ieee80211_stop_poll(sdata); 2206 mutex_unlock(&sdata->local->mtx); 2207} 2208 2209static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 2210 u16 capab, bool erp_valid, u8 erp) 2211{ 2212 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2213 struct ieee80211_supported_band *sband; 2214 u32 changed = 0; 2215 bool use_protection; 2216 bool use_short_preamble; 2217 bool use_short_slot; 2218 2219 sband = ieee80211_get_sband(sdata); 2220 if (!sband) 2221 return changed; 2222 2223 if (erp_valid) { 2224 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0; 2225 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0; 2226 } else { 2227 use_protection = false; 2228 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE); 2229 } 2230 2231 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME); 2232 if (sband->band == NL80211_BAND_5GHZ || 2233 sband->band == NL80211_BAND_6GHZ) 2234 use_short_slot = true; 2235 2236 if (use_protection != bss_conf->use_cts_prot) { 2237 bss_conf->use_cts_prot = use_protection; 2238 changed |= BSS_CHANGED_ERP_CTS_PROT; 2239 } 2240 2241 if (use_short_preamble != bss_conf->use_short_preamble) { 2242 bss_conf->use_short_preamble = use_short_preamble; 2243 changed |= BSS_CHANGED_ERP_PREAMBLE; 2244 } 2245 2246 if (use_short_slot != bss_conf->use_short_slot) { 2247 bss_conf->use_short_slot = use_short_slot; 2248 changed |= BSS_CHANGED_ERP_SLOT; 2249 } 2250 2251 return changed; 2252} 2253 2254static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata, 2255 struct cfg80211_bss *cbss, 2256 u32 bss_info_changed) 2257{ 2258 struct ieee80211_bss *bss = (void *)cbss->priv; 2259 struct ieee80211_local *local = sdata->local; 2260 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2261 2262 bss_info_changed |= BSS_CHANGED_ASSOC; 2263 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 2264 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 2265 2266 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 2267 beacon_loss_count * bss_conf->beacon_int)); 2268 2269 sdata->u.mgd.associated = true; 2270 sdata->u.mgd.assoc_bss = cbss; 2271 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 2272 2273 ieee80211_check_rate_mask(sdata); 2274 2275 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE; 2276 2277 if (sdata->vif.p2p || 2278 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) { 2279 const struct cfg80211_bss_ies *ies; 2280 2281 rcu_read_lock(); 2282 ies = rcu_dereference(cbss->ies); 2283 if (ies) { 2284 int ret; 2285 2286 ret = cfg80211_get_p2p_attr( 2287 ies->data, ies->len, 2288 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 2289 (u8 *) &bss_conf->p2p_noa_attr, 2290 sizeof(bss_conf->p2p_noa_attr)); 2291 if (ret >= 2) { 2292 sdata->u.mgd.p2p_noa_index = 2293 bss_conf->p2p_noa_attr.index; 2294 bss_info_changed |= BSS_CHANGED_P2P_PS; 2295 } 2296 } 2297 rcu_read_unlock(); 2298 } 2299 2300 /* just to be sure */ 2301 ieee80211_stop_poll(sdata); 2302 2303 ieee80211_led_assoc(local, 1); 2304 2305 if (sdata->u.mgd.have_beacon) { 2306 /* 2307 * If the AP is buggy we may get here with no DTIM period 2308 * known, so assume it's 1 which is the only safe assumption 2309 * in that case, although if the TIM IE is broken powersave 2310 * probably just won't work at all. 2311 */ 2312 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1; 2313 bss_conf->beacon_rate = bss->beacon_rate; 2314 bss_info_changed |= BSS_CHANGED_BEACON_INFO; 2315 } else { 2316 bss_conf->beacon_rate = NULL; 2317 bss_conf->dtim_period = 0; 2318 } 2319 2320 bss_conf->assoc = 1; 2321 2322 /* Tell the driver to monitor connection quality (if supported) */ 2323 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI && 2324 bss_conf->cqm_rssi_thold) 2325 bss_info_changed |= BSS_CHANGED_CQM; 2326 2327 /* Enable ARP filtering */ 2328 if (bss_conf->arp_addr_cnt) 2329 bss_info_changed |= BSS_CHANGED_ARP_FILTER; 2330 2331 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 2332 2333 mutex_lock(&local->iflist_mtx); 2334 ieee80211_recalc_ps(local); 2335 mutex_unlock(&local->iflist_mtx); 2336 2337 ieee80211_recalc_smps(sdata); 2338 ieee80211_recalc_ps_vif(sdata); 2339 2340 netif_carrier_on(sdata->dev); 2341} 2342 2343static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 2344 u16 stype, u16 reason, bool tx, 2345 u8 *frame_buf) 2346{ 2347 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2348 struct ieee80211_local *local = sdata->local; 2349 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2350 u32 changed = 0; 2351 struct ieee80211_prep_tx_info info = { 2352 .subtype = stype, 2353 }; 2354 2355 sdata_assert_lock(sdata); 2356 2357 if (WARN_ON_ONCE(tx && !frame_buf)) 2358 return; 2359 2360 if (WARN_ON(!ifmgd->associated)) 2361 return; 2362 2363 ieee80211_stop_poll(sdata); 2364 2365 ifmgd->associated = false; 2366 ifmgd->assoc_bss = NULL; 2367 netif_carrier_off(sdata->dev); 2368 2369 /* 2370 * if we want to get out of ps before disassoc (why?) we have 2371 * to do it before sending disassoc, as otherwise the null-packet 2372 * won't be valid. 2373 */ 2374 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 2375 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 2376 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 2377 } 2378 local->ps_sdata = NULL; 2379 2380 /* disable per-vif ps */ 2381 ieee80211_recalc_ps_vif(sdata); 2382 2383 /* make sure ongoing transmission finishes */ 2384 synchronize_net(); 2385 2386 /* 2387 * drop any frame before deauth/disassoc, this can be data or 2388 * management frame. Since we are disconnecting, we should not 2389 * insist sending these frames which can take time and delay 2390 * the disconnection and possible the roaming. 2391 */ 2392 if (tx) 2393 ieee80211_flush_queues(local, sdata, true); 2394 2395 /* deauthenticate/disassociate now */ 2396 if (tx || frame_buf) { 2397 /* 2398 * In multi channel scenarios guarantee that the virtual 2399 * interface is granted immediate airtime to transmit the 2400 * deauthentication frame by calling mgd_prepare_tx, if the 2401 * driver requested so. 2402 */ 2403 if (ieee80211_hw_check(&local->hw, DEAUTH_NEED_MGD_TX_PREP) && 2404 !ifmgd->have_beacon) { 2405 drv_mgd_prepare_tx(sdata->local, sdata, &info); 2406 } 2407 2408 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, 2409 ifmgd->bssid, stype, reason, 2410 tx, frame_buf); 2411 } 2412 2413 /* flush out frame - make sure the deauth was actually sent */ 2414 if (tx) 2415 ieee80211_flush_queues(local, sdata, false); 2416 2417 drv_mgd_complete_tx(sdata->local, sdata, &info); 2418 2419 /* clear bssid only after building the needed mgmt frames */ 2420 eth_zero_addr(ifmgd->bssid); 2421 2422 sdata->vif.bss_conf.ssid_len = 0; 2423 2424 /* remove AP and TDLS peers */ 2425 sta_info_flush(sdata); 2426 2427 /* finally reset all BSS / config parameters */ 2428 changed |= ieee80211_reset_erp_info(sdata); 2429 2430 ieee80211_led_assoc(local, 0); 2431 changed |= BSS_CHANGED_ASSOC; 2432 sdata->vif.bss_conf.assoc = false; 2433 2434 ifmgd->p2p_noa_index = -1; 2435 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0, 2436 sizeof(sdata->vif.bss_conf.p2p_noa_attr)); 2437 2438 /* on the next assoc, re-program HT/VHT parameters */ 2439 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 2440 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 2441 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 2442 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 2443 2444 /* reset MU-MIMO ownership and group data */ 2445 memset(sdata->vif.bss_conf.mu_group.membership, 0, 2446 sizeof(sdata->vif.bss_conf.mu_group.membership)); 2447 memset(sdata->vif.bss_conf.mu_group.position, 0, 2448 sizeof(sdata->vif.bss_conf.mu_group.position)); 2449 changed |= BSS_CHANGED_MU_GROUPS; 2450 sdata->vif.mu_mimo_owner = false; 2451 2452 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 2453 2454 del_timer_sync(&local->dynamic_ps_timer); 2455 cancel_work_sync(&local->dynamic_ps_enable_work); 2456 2457 /* Disable ARP filtering */ 2458 if (sdata->vif.bss_conf.arp_addr_cnt) 2459 changed |= BSS_CHANGED_ARP_FILTER; 2460 2461 sdata->vif.bss_conf.qos = false; 2462 changed |= BSS_CHANGED_QOS; 2463 2464 /* The BSSID (not really interesting) and HT changed */ 2465 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 2466 ieee80211_bss_info_change_notify(sdata, changed); 2467 2468 /* disassociated - set to defaults now */ 2469 ieee80211_set_wmm_default(sdata, false, false); 2470 2471 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 2472 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 2473 del_timer_sync(&sdata->u.mgd.timer); 2474 del_timer_sync(&sdata->u.mgd.chswitch_timer); 2475 2476 sdata->vif.bss_conf.dtim_period = 0; 2477 sdata->vif.bss_conf.beacon_rate = NULL; 2478 2479 ifmgd->have_beacon = false; 2480 2481 ifmgd->flags = 0; 2482 mutex_lock(&local->mtx); 2483 ieee80211_vif_release_channel(sdata); 2484 2485 sdata->vif.csa_active = false; 2486 ifmgd->csa_waiting_bcn = false; 2487 ifmgd->csa_ignored_same_chan = false; 2488 if (sdata->csa_block_tx) { 2489 ieee80211_wake_vif_queues(local, sdata, 2490 IEEE80211_QUEUE_STOP_REASON_CSA); 2491 sdata->csa_block_tx = false; 2492 } 2493 mutex_unlock(&local->mtx); 2494 2495 /* existing TX TSPEC sessions no longer exist */ 2496 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec)); 2497 cancel_delayed_work_sync(&ifmgd->tx_tspec_wk); 2498 2499 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM; 2500 2501 bss_conf->pwr_reduction = 0; 2502 bss_conf->tx_pwr_env_num = 0; 2503 memset(bss_conf->tx_pwr_env, 0, sizeof(bss_conf->tx_pwr_env)); 2504} 2505 2506static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata) 2507{ 2508 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2509 struct ieee80211_local *local = sdata->local; 2510 2511 mutex_lock(&local->mtx); 2512 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)) 2513 goto out; 2514 2515 __ieee80211_stop_poll(sdata); 2516 2517 mutex_lock(&local->iflist_mtx); 2518 ieee80211_recalc_ps(local); 2519 mutex_unlock(&local->iflist_mtx); 2520 2521 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 2522 goto out; 2523 2524 /* 2525 * We've received a probe response, but are not sure whether 2526 * we have or will be receiving any beacons or data, so let's 2527 * schedule the timers again, just in case. 2528 */ 2529 ieee80211_sta_reset_beacon_monitor(sdata); 2530 2531 mod_timer(&ifmgd->conn_mon_timer, 2532 round_jiffies_up(jiffies + 2533 IEEE80211_CONNECTION_IDLE_TIME)); 2534out: 2535 mutex_unlock(&local->mtx); 2536} 2537 2538static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata, 2539 struct ieee80211_hdr *hdr, 2540 u16 tx_time) 2541{ 2542 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2543 u16 tid; 2544 int ac; 2545 struct ieee80211_sta_tx_tspec *tx_tspec; 2546 unsigned long now = jiffies; 2547 2548 if (!ieee80211_is_data_qos(hdr->frame_control)) 2549 return; 2550 2551 tid = ieee80211_get_tid(hdr); 2552 ac = ieee80211_ac_from_tid(tid); 2553 tx_tspec = &ifmgd->tx_tspec[ac]; 2554 2555 if (likely(!tx_tspec->admitted_time)) 2556 return; 2557 2558 if (time_after(now, tx_tspec->time_slice_start + HZ)) { 2559 tx_tspec->consumed_tx_time = 0; 2560 tx_tspec->time_slice_start = now; 2561 2562 if (tx_tspec->downgraded) { 2563 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE; 2564 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0); 2565 } 2566 } 2567 2568 if (tx_tspec->downgraded) 2569 return; 2570 2571 tx_tspec->consumed_tx_time += tx_time; 2572 2573 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) { 2574 tx_tspec->downgraded = true; 2575 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE; 2576 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0); 2577 } 2578} 2579 2580void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata, 2581 struct ieee80211_hdr *hdr, bool ack, u16 tx_time) 2582{ 2583 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time); 2584 2585 if (!ieee80211_is_any_nullfunc(hdr->frame_control) || 2586 !sdata->u.mgd.probe_send_count) 2587 return; 2588 2589 if (ack) 2590 sdata->u.mgd.probe_send_count = 0; 2591 else 2592 sdata->u.mgd.nullfunc_failed = true; 2593 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 2594} 2595 2596static void ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data *sdata, 2597 const u8 *src, const u8 *dst, 2598 const u8 *ssid, size_t ssid_len, 2599 struct ieee80211_channel *channel) 2600{ 2601 struct sk_buff *skb; 2602 2603 skb = ieee80211_build_probe_req(sdata, src, dst, (u32)-1, channel, 2604 ssid, ssid_len, NULL, 0, 2605 IEEE80211_PROBE_FLAG_DIRECTED); 2606 if (skb) 2607 ieee80211_tx_skb(sdata, skb); 2608} 2609 2610static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 2611{ 2612 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2613 u8 *dst = ifmgd->bssid; 2614 u8 unicast_limit = max(1, max_probe_tries - 3); 2615 struct sta_info *sta; 2616 2617 /* 2618 * Try sending broadcast probe requests for the last three 2619 * probe requests after the first ones failed since some 2620 * buggy APs only support broadcast probe requests. 2621 */ 2622 if (ifmgd->probe_send_count >= unicast_limit) 2623 dst = NULL; 2624 2625 /* 2626 * When the hardware reports an accurate Tx ACK status, it's 2627 * better to send a nullfunc frame instead of a probe request, 2628 * as it will kick us off the AP quickly if we aren't associated 2629 * anymore. The timeout will be reset if the frame is ACKed by 2630 * the AP. 2631 */ 2632 ifmgd->probe_send_count++; 2633 2634 if (dst) { 2635 mutex_lock(&sdata->local->sta_mtx); 2636 sta = sta_info_get(sdata, dst); 2637 if (!WARN_ON(!sta)) 2638 ieee80211_check_fast_rx(sta); 2639 mutex_unlock(&sdata->local->sta_mtx); 2640 } 2641 2642 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) { 2643 ifmgd->nullfunc_failed = false; 2644 ieee80211_send_nullfunc(sdata->local, sdata, false); 2645 } else { 2646 ieee80211_mlme_send_probe_req(sdata, sdata->vif.addr, dst, 2647 sdata->vif.bss_conf.ssid, 2648 sdata->vif.bss_conf.ssid_len, 2649 ifmgd->assoc_bss->channel); 2650 } 2651 2652 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms); 2653 run_again(sdata, ifmgd->probe_timeout); 2654} 2655 2656static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata, 2657 bool beacon) 2658{ 2659 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2660 bool already = false; 2661 2662 if (!ieee80211_sdata_running(sdata)) 2663 return; 2664 2665 sdata_lock(sdata); 2666 2667 if (!ifmgd->associated) 2668 goto out; 2669 2670 mutex_lock(&sdata->local->mtx); 2671 2672 if (sdata->local->tmp_channel || sdata->local->scanning) { 2673 mutex_unlock(&sdata->local->mtx); 2674 goto out; 2675 } 2676 2677 if (sdata->local->suspending) { 2678 /* reschedule after resume */ 2679 mutex_unlock(&sdata->local->mtx); 2680 ieee80211_reset_ap_probe(sdata); 2681 goto out; 2682 } 2683 2684 if (beacon) { 2685 mlme_dbg_ratelimited(sdata, 2686 "detected beacon loss from AP (missed %d beacons) - probing\n", 2687 beacon_loss_count); 2688 2689 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL); 2690 } 2691 2692 /* 2693 * The driver/our work has already reported this event or the 2694 * connection monitoring has kicked in and we have already sent 2695 * a probe request. Or maybe the AP died and the driver keeps 2696 * reporting until we disassociate... 2697 * 2698 * In either case we have to ignore the current call to this 2699 * function (except for setting the correct probe reason bit) 2700 * because otherwise we would reset the timer every time and 2701 * never check whether we received a probe response! 2702 */ 2703 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) 2704 already = true; 2705 2706 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL; 2707 2708 mutex_unlock(&sdata->local->mtx); 2709 2710 if (already) 2711 goto out; 2712 2713 mutex_lock(&sdata->local->iflist_mtx); 2714 ieee80211_recalc_ps(sdata->local); 2715 mutex_unlock(&sdata->local->iflist_mtx); 2716 2717 ifmgd->probe_send_count = 0; 2718 ieee80211_mgd_probe_ap_send(sdata); 2719 out: 2720 sdata_unlock(sdata); 2721} 2722 2723struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, 2724 struct ieee80211_vif *vif) 2725{ 2726 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2727 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2728 struct cfg80211_bss *cbss; 2729 struct sk_buff *skb; 2730 const struct element *ssid; 2731 int ssid_len; 2732 2733 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2734 return NULL; 2735 2736 sdata_assert_lock(sdata); 2737 2738 if (ifmgd->associated) 2739 cbss = ifmgd->assoc_bss; 2740 else if (ifmgd->auth_data) 2741 cbss = ifmgd->auth_data->bss; 2742 else if (ifmgd->assoc_data) 2743 cbss = ifmgd->assoc_data->bss; 2744 else 2745 return NULL; 2746 2747 rcu_read_lock(); 2748 ssid = ieee80211_bss_get_elem(cbss, WLAN_EID_SSID); 2749 if (WARN_ONCE(!ssid || ssid->datalen > IEEE80211_MAX_SSID_LEN, 2750 "invalid SSID element (len=%d)", 2751 ssid ? ssid->datalen : -1)) 2752 ssid_len = 0; 2753 else 2754 ssid_len = ssid->datalen; 2755 2756 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid, 2757 (u32) -1, cbss->channel, 2758 ssid->data, ssid_len, 2759 NULL, 0, IEEE80211_PROBE_FLAG_DIRECTED); 2760 rcu_read_unlock(); 2761 2762 return skb; 2763} 2764EXPORT_SYMBOL(ieee80211_ap_probereq_get); 2765 2766static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata, 2767 const u8 *buf, size_t len, bool tx, 2768 u16 reason, bool reconnect) 2769{ 2770 struct ieee80211_event event = { 2771 .type = MLME_EVENT, 2772 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT, 2773 .u.mlme.reason = reason, 2774 }; 2775 2776 if (tx) 2777 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len, reconnect); 2778 else 2779 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len); 2780 2781 drv_event_callback(sdata->local, sdata, &event); 2782} 2783 2784static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata) 2785{ 2786 struct ieee80211_local *local = sdata->local; 2787 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2788 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 2789 bool tx; 2790 2791 sdata_lock(sdata); 2792 if (!ifmgd->associated) { 2793 sdata_unlock(sdata); 2794 return; 2795 } 2796 2797 tx = !sdata->csa_block_tx; 2798 2799 if (!ifmgd->driver_disconnect) { 2800 /* 2801 * AP is probably out of range (or not reachable for another 2802 * reason) so remove the bss struct for that AP. 2803 */ 2804 cfg80211_unlink_bss(local->hw.wiphy, ifmgd->assoc_bss); 2805 } 2806 2807 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 2808 ifmgd->driver_disconnect ? 2809 WLAN_REASON_DEAUTH_LEAVING : 2810 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2811 tx, frame_buf); 2812 mutex_lock(&local->mtx); 2813 sdata->vif.csa_active = false; 2814 ifmgd->csa_waiting_bcn = false; 2815 if (sdata->csa_block_tx) { 2816 ieee80211_wake_vif_queues(local, sdata, 2817 IEEE80211_QUEUE_STOP_REASON_CSA); 2818 sdata->csa_block_tx = false; 2819 } 2820 mutex_unlock(&local->mtx); 2821 2822 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx, 2823 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 2824 ifmgd->reconnect); 2825 ifmgd->reconnect = false; 2826 2827 sdata_unlock(sdata); 2828} 2829 2830static void ieee80211_beacon_connection_loss_work(struct work_struct *work) 2831{ 2832 struct ieee80211_sub_if_data *sdata = 2833 container_of(work, struct ieee80211_sub_if_data, 2834 u.mgd.beacon_connection_loss_work); 2835 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2836 2837 if (ifmgd->associated) 2838 ifmgd->beacon_loss_count++; 2839 2840 if (ifmgd->connection_loss) { 2841 sdata_info(sdata, "Connection to AP %pM lost\n", 2842 ifmgd->bssid); 2843 __ieee80211_disconnect(sdata); 2844 ifmgd->connection_loss = false; 2845 } else if (ifmgd->driver_disconnect) { 2846 sdata_info(sdata, 2847 "Driver requested disconnection from AP %pM\n", 2848 ifmgd->bssid); 2849 __ieee80211_disconnect(sdata); 2850 ifmgd->driver_disconnect = false; 2851 } else { 2852 ieee80211_mgd_probe_ap(sdata, true); 2853 } 2854} 2855 2856static void ieee80211_csa_connection_drop_work(struct work_struct *work) 2857{ 2858 struct ieee80211_sub_if_data *sdata = 2859 container_of(work, struct ieee80211_sub_if_data, 2860 u.mgd.csa_connection_drop_work); 2861 2862 __ieee80211_disconnect(sdata); 2863} 2864 2865void ieee80211_beacon_loss(struct ieee80211_vif *vif) 2866{ 2867 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2868 struct ieee80211_hw *hw = &sdata->local->hw; 2869 2870 trace_api_beacon_loss(sdata); 2871 2872 sdata->u.mgd.connection_loss = false; 2873 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2874} 2875EXPORT_SYMBOL(ieee80211_beacon_loss); 2876 2877void ieee80211_connection_loss(struct ieee80211_vif *vif) 2878{ 2879 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2880 struct ieee80211_hw *hw = &sdata->local->hw; 2881 2882 trace_api_connection_loss(sdata); 2883 2884 sdata->u.mgd.connection_loss = true; 2885 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2886} 2887EXPORT_SYMBOL(ieee80211_connection_loss); 2888 2889void ieee80211_disconnect(struct ieee80211_vif *vif, bool reconnect) 2890{ 2891 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 2892 struct ieee80211_hw *hw = &sdata->local->hw; 2893 2894 trace_api_disconnect(sdata, reconnect); 2895 2896 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 2897 return; 2898 2899 sdata->u.mgd.driver_disconnect = true; 2900 sdata->u.mgd.reconnect = reconnect; 2901 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2902} 2903EXPORT_SYMBOL(ieee80211_disconnect); 2904 2905static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata, 2906 bool assoc) 2907{ 2908 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2909 2910 sdata_assert_lock(sdata); 2911 2912 if (!assoc) { 2913 /* 2914 * we are not authenticated yet, the only timer that could be 2915 * running is the timeout for the authentication response which 2916 * which is not relevant anymore. 2917 */ 2918 del_timer_sync(&sdata->u.mgd.timer); 2919 sta_info_destroy_addr(sdata, auth_data->bss->bssid); 2920 2921 eth_zero_addr(sdata->u.mgd.bssid); 2922 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2923 sdata->u.mgd.flags = 0; 2924 mutex_lock(&sdata->local->mtx); 2925 ieee80211_vif_release_channel(sdata); 2926 mutex_unlock(&sdata->local->mtx); 2927 } 2928 2929 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss); 2930 kfree(auth_data); 2931 sdata->u.mgd.auth_data = NULL; 2932} 2933 2934static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata, 2935 bool assoc, bool abandon) 2936{ 2937 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 2938 2939 sdata_assert_lock(sdata); 2940 2941 if (!assoc) { 2942 /* 2943 * we are not associated yet, the only timer that could be 2944 * running is the timeout for the association response which 2945 * which is not relevant anymore. 2946 */ 2947 del_timer_sync(&sdata->u.mgd.timer); 2948 sta_info_destroy_addr(sdata, assoc_data->bss->bssid); 2949 2950 eth_zero_addr(sdata->u.mgd.bssid); 2951 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2952 sdata->u.mgd.flags = 0; 2953 sdata->vif.mu_mimo_owner = false; 2954 2955 mutex_lock(&sdata->local->mtx); 2956 ieee80211_vif_release_channel(sdata); 2957 mutex_unlock(&sdata->local->mtx); 2958 2959 if (abandon) 2960 cfg80211_abandon_assoc(sdata->dev, assoc_data->bss); 2961 } 2962 2963 kfree(assoc_data); 2964 sdata->u.mgd.assoc_data = NULL; 2965} 2966 2967static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 2968 struct ieee80211_mgmt *mgmt, size_t len) 2969{ 2970 struct ieee80211_local *local = sdata->local; 2971 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data; 2972 const struct element *challenge; 2973 u8 *pos; 2974 u32 tx_flags = 0; 2975 struct ieee80211_prep_tx_info info = { 2976 .subtype = IEEE80211_STYPE_AUTH, 2977 }; 2978 2979 pos = mgmt->u.auth.variable; 2980 challenge = cfg80211_find_elem(WLAN_EID_CHALLENGE, pos, 2981 len - (pos - (u8 *)mgmt)); 2982 if (!challenge) 2983 return; 2984 auth_data->expected_transaction = 4; 2985 drv_mgd_prepare_tx(sdata->local, sdata, &info); 2986 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 2987 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 2988 IEEE80211_TX_INTFL_MLME_CONN_TX; 2989 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0, 2990 (void *)challenge, 2991 challenge->datalen + sizeof(*challenge), 2992 auth_data->bss->bssid, auth_data->bss->bssid, 2993 auth_data->key, auth_data->key_len, 2994 auth_data->key_idx, tx_flags); 2995} 2996 2997static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata, 2998 const u8 *bssid) 2999{ 3000 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3001 struct sta_info *sta; 3002 bool result = true; 3003 3004 sdata_info(sdata, "authenticated\n"); 3005 ifmgd->auth_data->done = true; 3006 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; 3007 ifmgd->auth_data->timeout_started = true; 3008 run_again(sdata, ifmgd->auth_data->timeout); 3009 3010 /* move station state to auth */ 3011 mutex_lock(&sdata->local->sta_mtx); 3012 sta = sta_info_get(sdata, bssid); 3013 if (!sta) { 3014 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); 3015 result = false; 3016 goto out; 3017 } 3018 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { 3019 sdata_info(sdata, "failed moving %pM to auth\n", bssid); 3020 result = false; 3021 goto out; 3022 } 3023 3024out: 3025 mutex_unlock(&sdata->local->sta_mtx); 3026 return result; 3027} 3028 3029static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, 3030 struct ieee80211_mgmt *mgmt, size_t len) 3031{ 3032 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3033 u8 bssid[ETH_ALEN]; 3034 u16 auth_alg, auth_transaction, status_code; 3035 struct ieee80211_event event = { 3036 .type = MLME_EVENT, 3037 .u.mlme.data = AUTH_EVENT, 3038 }; 3039 struct ieee80211_prep_tx_info info = { 3040 .subtype = IEEE80211_STYPE_AUTH, 3041 }; 3042 3043 sdata_assert_lock(sdata); 3044 3045 if (len < 24 + 6) 3046 return; 3047 3048 if (!ifmgd->auth_data || ifmgd->auth_data->done) 3049 return; 3050 3051 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 3052 3053 if (!ether_addr_equal(bssid, mgmt->bssid)) 3054 return; 3055 3056 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 3057 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 3058 status_code = le16_to_cpu(mgmt->u.auth.status_code); 3059 3060 if (auth_alg != ifmgd->auth_data->algorithm || 3061 (auth_alg != WLAN_AUTH_SAE && 3062 auth_transaction != ifmgd->auth_data->expected_transaction) || 3063 (auth_alg == WLAN_AUTH_SAE && 3064 (auth_transaction < ifmgd->auth_data->expected_transaction || 3065 auth_transaction > 2))) { 3066 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", 3067 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, 3068 auth_transaction, 3069 ifmgd->auth_data->expected_transaction); 3070 goto notify_driver; 3071 } 3072 3073 if (status_code != WLAN_STATUS_SUCCESS) { 3074 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 3075 3076 if (auth_alg == WLAN_AUTH_SAE && 3077 (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED || 3078 (auth_transaction == 1 && 3079 (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT || 3080 status_code == WLAN_STATUS_SAE_PK)))) { 3081 /* waiting for userspace now */ 3082 ifmgd->auth_data->waiting = true; 3083 ifmgd->auth_data->timeout = 3084 jiffies + IEEE80211_AUTH_WAIT_SAE_RETRY; 3085 ifmgd->auth_data->timeout_started = true; 3086 run_again(sdata, ifmgd->auth_data->timeout); 3087 goto notify_driver; 3088 } 3089 3090 sdata_info(sdata, "%pM denied authentication (status %d)\n", 3091 mgmt->sa, status_code); 3092 ieee80211_destroy_auth_data(sdata, false); 3093 event.u.mlme.status = MLME_DENIED; 3094 event.u.mlme.reason = status_code; 3095 drv_event_callback(sdata->local, sdata, &event); 3096 goto notify_driver; 3097 } 3098 3099 switch (ifmgd->auth_data->algorithm) { 3100 case WLAN_AUTH_OPEN: 3101 case WLAN_AUTH_LEAP: 3102 case WLAN_AUTH_FT: 3103 case WLAN_AUTH_SAE: 3104 case WLAN_AUTH_FILS_SK: 3105 case WLAN_AUTH_FILS_SK_PFS: 3106 case WLAN_AUTH_FILS_PK: 3107 break; 3108 case WLAN_AUTH_SHARED_KEY: 3109 if (ifmgd->auth_data->expected_transaction != 4) { 3110 ieee80211_auth_challenge(sdata, mgmt, len); 3111 /* need another frame */ 3112 return; 3113 } 3114 break; 3115 default: 3116 WARN_ONCE(1, "invalid auth alg %d", 3117 ifmgd->auth_data->algorithm); 3118 goto notify_driver; 3119 } 3120 3121 event.u.mlme.status = MLME_SUCCESS; 3122 info.success = 1; 3123 drv_event_callback(sdata->local, sdata, &event); 3124 if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE || 3125 (auth_transaction == 2 && 3126 ifmgd->auth_data->expected_transaction == 2)) { 3127 if (!ieee80211_mark_sta_auth(sdata, bssid)) 3128 return; /* ignore frame -- wait for timeout */ 3129 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && 3130 auth_transaction == 2) { 3131 sdata_info(sdata, "SAE peer confirmed\n"); 3132 ifmgd->auth_data->peer_confirmed = true; 3133 } 3134 3135 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 3136notify_driver: 3137 drv_mgd_complete_tx(sdata->local, sdata, &info); 3138} 3139 3140#define case_WLAN(type) \ 3141 case WLAN_REASON_##type: return #type 3142 3143const char *ieee80211_get_reason_code_string(u16 reason_code) 3144{ 3145 switch (reason_code) { 3146 case_WLAN(UNSPECIFIED); 3147 case_WLAN(PREV_AUTH_NOT_VALID); 3148 case_WLAN(DEAUTH_LEAVING); 3149 case_WLAN(DISASSOC_DUE_TO_INACTIVITY); 3150 case_WLAN(DISASSOC_AP_BUSY); 3151 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA); 3152 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA); 3153 case_WLAN(DISASSOC_STA_HAS_LEFT); 3154 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH); 3155 case_WLAN(DISASSOC_BAD_POWER); 3156 case_WLAN(DISASSOC_BAD_SUPP_CHAN); 3157 case_WLAN(INVALID_IE); 3158 case_WLAN(MIC_FAILURE); 3159 case_WLAN(4WAY_HANDSHAKE_TIMEOUT); 3160 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT); 3161 case_WLAN(IE_DIFFERENT); 3162 case_WLAN(INVALID_GROUP_CIPHER); 3163 case_WLAN(INVALID_PAIRWISE_CIPHER); 3164 case_WLAN(INVALID_AKMP); 3165 case_WLAN(UNSUPP_RSN_VERSION); 3166 case_WLAN(INVALID_RSN_IE_CAP); 3167 case_WLAN(IEEE8021X_FAILED); 3168 case_WLAN(CIPHER_SUITE_REJECTED); 3169 case_WLAN(DISASSOC_UNSPECIFIED_QOS); 3170 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH); 3171 case_WLAN(DISASSOC_LOW_ACK); 3172 case_WLAN(DISASSOC_QAP_EXCEED_TXOP); 3173 case_WLAN(QSTA_LEAVE_QBSS); 3174 case_WLAN(QSTA_NOT_USE); 3175 case_WLAN(QSTA_REQUIRE_SETUP); 3176 case_WLAN(QSTA_TIMEOUT); 3177 case_WLAN(QSTA_CIPHER_NOT_SUPP); 3178 case_WLAN(MESH_PEER_CANCELED); 3179 case_WLAN(MESH_MAX_PEERS); 3180 case_WLAN(MESH_CONFIG); 3181 case_WLAN(MESH_CLOSE); 3182 case_WLAN(MESH_MAX_RETRIES); 3183 case_WLAN(MESH_CONFIRM_TIMEOUT); 3184 case_WLAN(MESH_INVALID_GTK); 3185 case_WLAN(MESH_INCONSISTENT_PARAM); 3186 case_WLAN(MESH_INVALID_SECURITY); 3187 case_WLAN(MESH_PATH_ERROR); 3188 case_WLAN(MESH_PATH_NOFORWARD); 3189 case_WLAN(MESH_PATH_DEST_UNREACHABLE); 3190 case_WLAN(MAC_EXISTS_IN_MBSS); 3191 case_WLAN(MESH_CHAN_REGULATORY); 3192 case_WLAN(MESH_CHAN); 3193 default: return "<unknown>"; 3194 } 3195} 3196 3197static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 3198 struct ieee80211_mgmt *mgmt, size_t len) 3199{ 3200 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3201 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 3202 3203 sdata_assert_lock(sdata); 3204 3205 if (len < 24 + 2) 3206 return; 3207 3208 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) { 3209 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code); 3210 return; 3211 } 3212 3213 if (ifmgd->associated && 3214 ether_addr_equal(mgmt->bssid, ifmgd->bssid)) { 3215 const u8 *bssid = ifmgd->bssid; 3216 3217 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n", 3218 bssid, reason_code, 3219 ieee80211_get_reason_code_string(reason_code)); 3220 3221 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 3222 3223 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, 3224 reason_code, false); 3225 return; 3226 } 3227 3228 if (ifmgd->assoc_data && 3229 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 3230 const u8 *bssid = ifmgd->assoc_data->bss->bssid; 3231 3232 sdata_info(sdata, 3233 "deauthenticated from %pM while associating (Reason: %u=%s)\n", 3234 bssid, reason_code, 3235 ieee80211_get_reason_code_string(reason_code)); 3236 3237 ieee80211_destroy_assoc_data(sdata, false, true); 3238 3239 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); 3240 return; 3241 } 3242} 3243 3244 3245static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, 3246 struct ieee80211_mgmt *mgmt, size_t len) 3247{ 3248 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3249 u16 reason_code; 3250 3251 sdata_assert_lock(sdata); 3252 3253 if (len < 24 + 2) 3254 return; 3255 3256 if (!ifmgd->associated || 3257 !ether_addr_equal(mgmt->bssid, ifmgd->bssid)) 3258 return; 3259 3260 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 3261 3262 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) { 3263 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code); 3264 return; 3265 } 3266 3267 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n", 3268 mgmt->sa, reason_code, 3269 ieee80211_get_reason_code_string(reason_code)); 3270 3271 ieee80211_set_disassoc(sdata, 0, 0, false, NULL); 3272 3273 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code, 3274 false); 3275} 3276 3277static void ieee80211_get_rates(struct ieee80211_supported_band *sband, 3278 u8 *supp_rates, unsigned int supp_rates_len, 3279 u32 *rates, u32 *basic_rates, 3280 bool *have_higher_than_11mbit, 3281 int *min_rate, int *min_rate_index, 3282 int shift) 3283{ 3284 int i, j; 3285 3286 for (i = 0; i < supp_rates_len; i++) { 3287 int rate = supp_rates[i] & 0x7f; 3288 bool is_basic = !!(supp_rates[i] & 0x80); 3289 3290 if ((rate * 5 * (1 << shift)) > 110) 3291 *have_higher_than_11mbit = true; 3292 3293 /* 3294 * Skip HT, VHT, HE and SAE H2E only BSS membership selectors 3295 * since they're not rates. 3296 * 3297 * Note: Even though the membership selector and the basic 3298 * rate flag share the same bit, they are not exactly 3299 * the same. 3300 */ 3301 if (supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY) || 3302 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY) || 3303 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HE_PHY) || 3304 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E)) 3305 continue; 3306 3307 for (j = 0; j < sband->n_bitrates; j++) { 3308 struct ieee80211_rate *br; 3309 int brate; 3310 3311 br = &sband->bitrates[j]; 3312 3313 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5); 3314 if (brate == rate) { 3315 *rates |= BIT(j); 3316 if (is_basic) 3317 *basic_rates |= BIT(j); 3318 if ((rate * 5) < *min_rate) { 3319 *min_rate = rate * 5; 3320 *min_rate_index = j; 3321 } 3322 break; 3323 } 3324 } 3325 } 3326} 3327 3328static bool ieee80211_twt_req_supported(const struct sta_info *sta, 3329 const struct ieee802_11_elems *elems) 3330{ 3331 if (elems->ext_capab_len < 10) 3332 return false; 3333 3334 if (!(elems->ext_capab[9] & WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT)) 3335 return false; 3336 3337 return sta->sta.deflink.he_cap.he_cap_elem.mac_cap_info[0] & 3338 IEEE80211_HE_MAC_CAP0_TWT_RES; 3339} 3340 3341static int ieee80211_recalc_twt_req(struct ieee80211_sub_if_data *sdata, 3342 struct sta_info *sta, 3343 struct ieee802_11_elems *elems) 3344{ 3345 bool twt = ieee80211_twt_req_supported(sta, elems); 3346 3347 if (sdata->vif.bss_conf.twt_requester != twt) { 3348 sdata->vif.bss_conf.twt_requester = twt; 3349 return BSS_CHANGED_TWT; 3350 } 3351 return 0; 3352} 3353 3354static bool ieee80211_twt_bcast_support(struct ieee80211_sub_if_data *sdata, 3355 struct ieee80211_bss_conf *bss_conf, 3356 struct ieee80211_supported_band *sband, 3357 struct sta_info *sta) 3358{ 3359 const struct ieee80211_sta_he_cap *own_he_cap = 3360 ieee80211_get_he_iftype_cap(sband, 3361 ieee80211_vif_type_p2p(&sdata->vif)); 3362 3363 return bss_conf->he_support && 3364 (sta->sta.deflink.he_cap.he_cap_elem.mac_cap_info[2] & 3365 IEEE80211_HE_MAC_CAP2_BCAST_TWT) && 3366 own_he_cap && 3367 (own_he_cap->he_cap_elem.mac_cap_info[2] & 3368 IEEE80211_HE_MAC_CAP2_BCAST_TWT); 3369} 3370 3371static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, 3372 struct cfg80211_bss *cbss, 3373 struct ieee80211_mgmt *mgmt, size_t len, 3374 struct ieee802_11_elems *elems) 3375{ 3376 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3377 struct ieee80211_local *local = sdata->local; 3378 struct ieee80211_supported_band *sband; 3379 struct sta_info *sta; 3380 u16 capab_info, aid; 3381 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 3382 const struct cfg80211_bss_ies *bss_ies = NULL; 3383 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 3384 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ; 3385 bool is_s1g = cbss->channel->band == NL80211_BAND_S1GHZ; 3386 u32 changed = 0; 3387 u8 *pos; 3388 int err; 3389 bool ret; 3390 3391 /* AssocResp and ReassocResp have identical structure */ 3392 3393 pos = mgmt->u.assoc_resp.variable; 3394 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 3395 if (is_s1g) { 3396 pos = (u8 *) mgmt->u.s1g_assoc_resp.variable; 3397 aid = 0; /* TODO */ 3398 } 3399 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 3400 elems = ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, 3401 mgmt->bssid, assoc_data->bss->bssid); 3402 3403 if (!elems) 3404 return false; 3405 3406 if (elems->aid_resp) 3407 aid = le16_to_cpu(elems->aid_resp->aid); 3408 3409 /* 3410 * The 5 MSB of the AID field are reserved 3411 * (802.11-2016 9.4.1.8 AID field) 3412 */ 3413 aid &= 0x7ff; 3414 3415 ifmgd->broken_ap = false; 3416 3417 if (aid == 0 || aid > IEEE80211_MAX_AID) { 3418 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n", 3419 aid); 3420 aid = 0; 3421 ifmgd->broken_ap = true; 3422 } 3423 3424 if (!is_s1g && !elems->supp_rates) { 3425 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 3426 ret = false; 3427 goto out; 3428 } 3429 3430 sdata->vif.bss_conf.aid = aid; 3431 ifmgd->tdls_chan_switch_prohibited = 3432 elems->ext_capab && elems->ext_capab_len >= 5 && 3433 (elems->ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED); 3434 3435 /* 3436 * Some APs are erroneously not including some information in their 3437 * (re)association response frames. Try to recover by using the data 3438 * from the beacon or probe response. This seems to afflict mobile 3439 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T", 3440 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device. 3441 */ 3442 if (!is_6ghz && 3443 ((assoc_data->wmm && !elems->wmm_param) || 3444 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 3445 (!elems->ht_cap_elem || !elems->ht_operation)) || 3446 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 3447 (!elems->vht_cap_elem || !elems->vht_operation)))) { 3448 const struct cfg80211_bss_ies *ies; 3449 struct ieee802_11_elems *bss_elems; 3450 3451 rcu_read_lock(); 3452 ies = rcu_dereference(cbss->ies); 3453 if (ies) 3454 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len, 3455 GFP_ATOMIC); 3456 rcu_read_unlock(); 3457 if (!bss_ies) { 3458 ret = false; 3459 goto out; 3460 } 3461 3462 bss_elems = ieee802_11_parse_elems(bss_ies->data, bss_ies->len, 3463 false, mgmt->bssid, 3464 assoc_data->bss->bssid); 3465 if (!bss_elems) { 3466 ret = false; 3467 goto out; 3468 } 3469 3470 if (assoc_data->wmm && 3471 !elems->wmm_param && bss_elems->wmm_param) { 3472 elems->wmm_param = bss_elems->wmm_param; 3473 sdata_info(sdata, 3474 "AP bug: WMM param missing from AssocResp\n"); 3475 } 3476 3477 /* 3478 * Also check if we requested HT/VHT, otherwise the AP doesn't 3479 * have to include the IEs in the (re)association response. 3480 */ 3481 if (!elems->ht_cap_elem && bss_elems->ht_cap_elem && 3482 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 3483 elems->ht_cap_elem = bss_elems->ht_cap_elem; 3484 sdata_info(sdata, 3485 "AP bug: HT capability missing from AssocResp\n"); 3486 } 3487 if (!elems->ht_operation && bss_elems->ht_operation && 3488 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 3489 elems->ht_operation = bss_elems->ht_operation; 3490 sdata_info(sdata, 3491 "AP bug: HT operation missing from AssocResp\n"); 3492 } 3493 if (!elems->vht_cap_elem && bss_elems->vht_cap_elem && 3494 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 3495 elems->vht_cap_elem = bss_elems->vht_cap_elem; 3496 sdata_info(sdata, 3497 "AP bug: VHT capa missing from AssocResp\n"); 3498 } 3499 if (!elems->vht_operation && bss_elems->vht_operation && 3500 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) { 3501 elems->vht_operation = bss_elems->vht_operation; 3502 sdata_info(sdata, 3503 "AP bug: VHT operation missing from AssocResp\n"); 3504 } 3505 3506 kfree(bss_elems); 3507 } 3508 3509 /* 3510 * We previously checked these in the beacon/probe response, so 3511 * they should be present here. This is just a safety net. 3512 */ 3513 if (!is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && 3514 (!elems->wmm_param || !elems->ht_cap_elem || !elems->ht_operation)) { 3515 sdata_info(sdata, 3516 "HT AP is missing WMM params or HT capability/operation\n"); 3517 ret = false; 3518 goto out; 3519 } 3520 3521 if (!is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 3522 (!elems->vht_cap_elem || !elems->vht_operation)) { 3523 sdata_info(sdata, 3524 "VHT AP is missing VHT capability/operation\n"); 3525 ret = false; 3526 goto out; 3527 } 3528 3529 if (is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && 3530 !elems->he_6ghz_capa) { 3531 sdata_info(sdata, 3532 "HE 6 GHz AP is missing HE 6 GHz band capability\n"); 3533 ret = false; 3534 goto out; 3535 } 3536 3537 mutex_lock(&sdata->local->sta_mtx); 3538 /* 3539 * station info was already allocated and inserted before 3540 * the association and should be available to us 3541 */ 3542 sta = sta_info_get(sdata, cbss->bssid); 3543 if (WARN_ON(!sta)) { 3544 mutex_unlock(&sdata->local->sta_mtx); 3545 ret = false; 3546 goto out; 3547 } 3548 3549 sband = ieee80211_get_sband(sdata); 3550 if (!sband) { 3551 mutex_unlock(&sdata->local->sta_mtx); 3552 ret = false; 3553 goto out; 3554 } 3555 3556 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && 3557 (!elems->he_cap || !elems->he_operation)) { 3558 mutex_unlock(&sdata->local->sta_mtx); 3559 sdata_info(sdata, 3560 "HE AP is missing HE capability/operation\n"); 3561 ret = false; 3562 goto out; 3563 } 3564 3565 /* Set up internal HT/VHT capabilities */ 3566 if (elems->ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) 3567 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 3568 elems->ht_cap_elem, sta); 3569 3570 if (elems->vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 3571 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 3572 elems->vht_cap_elem, sta); 3573 3574 if (elems->he_operation && !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && 3575 elems->he_cap) { 3576 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband, 3577 elems->he_cap, 3578 elems->he_cap_len, 3579 elems->he_6ghz_capa, 3580 sta); 3581 3582 bss_conf->he_support = sta->sta.deflink.he_cap.has_he; 3583 if (elems->rsnx && elems->rsnx_len && 3584 (elems->rsnx[0] & WLAN_RSNX_CAPA_PROTECTED_TWT) && 3585 wiphy_ext_feature_isset(local->hw.wiphy, 3586 NL80211_EXT_FEATURE_PROTECTED_TWT)) 3587 bss_conf->twt_protected = true; 3588 else 3589 bss_conf->twt_protected = false; 3590 3591 changed |= ieee80211_recalc_twt_req(sdata, sta, elems); 3592 3593 if (elems->eht_operation && elems->eht_cap && 3594 !(ifmgd->flags & IEEE80211_STA_DISABLE_EHT)) { 3595 ieee80211_eht_cap_ie_to_sta_eht_cap(sdata, sband, 3596 elems->he_cap, 3597 elems->he_cap_len, 3598 elems->eht_cap, 3599 elems->eht_cap_len, 3600 sta); 3601 3602 bss_conf->eht_support = sta->sta.deflink.eht_cap.has_eht; 3603 } else { 3604 bss_conf->eht_support = false; 3605 } 3606 } else { 3607 bss_conf->he_support = false; 3608 bss_conf->twt_requester = false; 3609 bss_conf->twt_protected = false; 3610 bss_conf->eht_support = false; 3611 } 3612 3613 bss_conf->twt_broadcast = 3614 ieee80211_twt_bcast_support(sdata, bss_conf, sband, sta); 3615 3616 if (bss_conf->he_support) { 3617 bss_conf->he_bss_color.color = 3618 le32_get_bits(elems->he_operation->he_oper_params, 3619 IEEE80211_HE_OPERATION_BSS_COLOR_MASK); 3620 bss_conf->he_bss_color.partial = 3621 le32_get_bits(elems->he_operation->he_oper_params, 3622 IEEE80211_HE_OPERATION_PARTIAL_BSS_COLOR); 3623 bss_conf->he_bss_color.enabled = 3624 !le32_get_bits(elems->he_operation->he_oper_params, 3625 IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED); 3626 3627 if (bss_conf->he_bss_color.enabled) 3628 changed |= BSS_CHANGED_HE_BSS_COLOR; 3629 3630 bss_conf->htc_trig_based_pkt_ext = 3631 le32_get_bits(elems->he_operation->he_oper_params, 3632 IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK); 3633 bss_conf->frame_time_rts_th = 3634 le32_get_bits(elems->he_operation->he_oper_params, 3635 IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK); 3636 3637 bss_conf->uora_exists = !!elems->uora_element; 3638 if (elems->uora_element) 3639 bss_conf->uora_ocw_range = elems->uora_element[0]; 3640 3641 ieee80211_he_op_ie_to_bss_conf(&sdata->vif, elems->he_operation); 3642 ieee80211_he_spr_ie_to_bss_conf(&sdata->vif, elems->he_spr); 3643 /* TODO: OPEN: what happens if BSS color disable is set? */ 3644 } 3645 3646 if (cbss->transmitted_bss) { 3647 bss_conf->nontransmitted = true; 3648 ether_addr_copy(bss_conf->transmitter_bssid, 3649 cbss->transmitted_bss->bssid); 3650 bss_conf->bssid_indicator = cbss->max_bssid_indicator; 3651 bss_conf->bssid_index = cbss->bssid_index; 3652 } else { 3653 bss_conf->nontransmitted = false; 3654 memset(bss_conf->transmitter_bssid, 0, 3655 sizeof(bss_conf->transmitter_bssid)); 3656 bss_conf->bssid_indicator = 0; 3657 bss_conf->bssid_index = 0; 3658 } 3659 3660 /* 3661 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data 3662 * in their association response, so ignore that data for our own 3663 * configuration. If it changed since the last beacon, we'll get the 3664 * next beacon and update then. 3665 */ 3666 3667 /* 3668 * If an operating mode notification IE is present, override the 3669 * NSS calculation (that would be done in rate_control_rate_init()) 3670 * and use the # of streams from that element. 3671 */ 3672 if (elems->opmode_notif && 3673 !(*elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) { 3674 u8 nss; 3675 3676 nss = *elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK; 3677 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT; 3678 nss += 1; 3679 sta->sta.deflink.rx_nss = nss; 3680 } 3681 3682 rate_control_rate_init(sta); 3683 3684 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) { 3685 set_sta_flag(sta, WLAN_STA_MFP); 3686 sta->sta.mfp = true; 3687 } else { 3688 sta->sta.mfp = false; 3689 } 3690 3691 sta->sta.wme = (elems->wmm_param || elems->s1g_capab) && 3692 local->hw.queues >= IEEE80211_NUM_ACS; 3693 3694 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC); 3695 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT)) 3696 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 3697 if (err) { 3698 sdata_info(sdata, 3699 "failed to move station %pM to desired state\n", 3700 sta->sta.addr); 3701 WARN_ON(__sta_info_destroy(sta)); 3702 mutex_unlock(&sdata->local->sta_mtx); 3703 ret = false; 3704 goto out; 3705 } 3706 3707 if (sdata->wdev.use_4addr) 3708 drv_sta_set_4addr(local, sdata, &sta->sta, true); 3709 3710 mutex_unlock(&sdata->local->sta_mtx); 3711 3712 /* 3713 * Always handle WMM once after association regardless 3714 * of the first value the AP uses. Setting -1 here has 3715 * that effect because the AP values is an unsigned 3716 * 4-bit value. 3717 */ 3718 ifmgd->wmm_last_param_set = -1; 3719 ifmgd->mu_edca_last_param_set = -1; 3720 3721 if (ifmgd->flags & IEEE80211_STA_DISABLE_WMM) { 3722 ieee80211_set_wmm_default(sdata, false, false); 3723 } else if (!ieee80211_sta_wmm_params(local, sdata, elems->wmm_param, 3724 elems->wmm_param_len, 3725 elems->mu_edca_param_set)) { 3726 /* still enable QoS since we might have HT/VHT */ 3727 ieee80211_set_wmm_default(sdata, false, true); 3728 /* set the disable-WMM flag in this case to disable 3729 * tracking WMM parameter changes in the beacon if 3730 * the parameters weren't actually valid. Doing so 3731 * avoids changing parameters very strangely when 3732 * the AP is going back and forth between valid and 3733 * invalid parameters. 3734 */ 3735 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM; 3736 } 3737 changed |= BSS_CHANGED_QOS; 3738 3739 if (elems->max_idle_period_ie) { 3740 bss_conf->max_idle_period = 3741 le16_to_cpu(elems->max_idle_period_ie->max_idle_period); 3742 bss_conf->protected_keep_alive = 3743 !!(elems->max_idle_period_ie->idle_options & 3744 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE); 3745 changed |= BSS_CHANGED_KEEP_ALIVE; 3746 } else { 3747 bss_conf->max_idle_period = 0; 3748 bss_conf->protected_keep_alive = false; 3749 } 3750 3751 /* set assoc capability (AID was already set earlier), 3752 * ieee80211_set_associated() will tell the driver */ 3753 bss_conf->assoc_capability = capab_info; 3754 ieee80211_set_associated(sdata, cbss, changed); 3755 3756 /* 3757 * If we're using 4-addr mode, let the AP know that we're 3758 * doing so, so that it can create the STA VLAN on its side 3759 */ 3760 if (ifmgd->use_4addr) 3761 ieee80211_send_4addr_nullfunc(local, sdata); 3762 3763 /* 3764 * Start timer to probe the connection to the AP now. 3765 * Also start the timer that will detect beacon loss. 3766 */ 3767 ieee80211_sta_reset_beacon_monitor(sdata); 3768 ieee80211_sta_reset_conn_monitor(sdata); 3769 3770 ret = true; 3771 out: 3772 kfree(elems); 3773 kfree(bss_ies); 3774 return ret; 3775} 3776 3777static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, 3778 struct ieee80211_mgmt *mgmt, 3779 size_t len) 3780{ 3781 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3782 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; 3783 u16 capab_info, status_code, aid; 3784 struct ieee802_11_elems *elems; 3785 int ac, uapsd_queues = -1; 3786 u8 *pos; 3787 bool reassoc; 3788 struct cfg80211_bss *cbss; 3789 struct ieee80211_event event = { 3790 .type = MLME_EVENT, 3791 .u.mlme.data = ASSOC_EVENT, 3792 }; 3793 struct ieee80211_prep_tx_info info = {}; 3794 3795 sdata_assert_lock(sdata); 3796 3797 if (!assoc_data) 3798 return; 3799 3800 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid)) 3801 return; 3802 3803 cbss = assoc_data->bss; 3804 3805 /* 3806 * AssocResp and ReassocResp have identical structure, so process both 3807 * of them in this function. 3808 */ 3809 3810 if (len < 24 + 6) 3811 return; 3812 3813 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control); 3814 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 3815 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 3816 pos = mgmt->u.assoc_resp.variable; 3817 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 3818 if (cbss->channel->band == NL80211_BAND_S1GHZ) { 3819 pos = (u8 *) mgmt->u.s1g_assoc_resp.variable; 3820 aid = 0; /* TODO */ 3821 } 3822 3823 /* 3824 * Note: this may not be perfect, AP might misbehave - if 3825 * anyone needs to rely on perfect complete notification 3826 * with the exact right subtype, then we need to track what 3827 * we actually transmitted. 3828 */ 3829 info.subtype = reassoc ? IEEE80211_STYPE_REASSOC_REQ : 3830 IEEE80211_STYPE_ASSOC_REQ; 3831 3832 sdata_info(sdata, 3833 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n", 3834 reassoc ? "Rea" : "A", mgmt->sa, 3835 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 3836 3837 if (assoc_data->fils_kek_len && 3838 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0) 3839 return; 3840 3841 elems = ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, 3842 mgmt->bssid, assoc_data->bss->bssid); 3843 if (!elems) 3844 goto notify_driver; 3845 3846 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 3847 elems->timeout_int && 3848 elems->timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) { 3849 u32 tu, ms; 3850 3851 cfg80211_assoc_comeback(sdata->dev, assoc_data->bss, 3852 le32_to_cpu(elems->timeout_int->value)); 3853 3854 tu = le32_to_cpu(elems->timeout_int->value); 3855 ms = tu * 1024 / 1000; 3856 sdata_info(sdata, 3857 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 3858 mgmt->sa, tu, ms); 3859 assoc_data->timeout = jiffies + msecs_to_jiffies(ms); 3860 assoc_data->timeout_started = true; 3861 if (ms > IEEE80211_ASSOC_TIMEOUT) 3862 run_again(sdata, assoc_data->timeout); 3863 goto notify_driver; 3864 } 3865 3866 if (status_code != WLAN_STATUS_SUCCESS) { 3867 sdata_info(sdata, "%pM denied association (code=%d)\n", 3868 mgmt->sa, status_code); 3869 ieee80211_destroy_assoc_data(sdata, false, false); 3870 event.u.mlme.status = MLME_DENIED; 3871 event.u.mlme.reason = status_code; 3872 drv_event_callback(sdata->local, sdata, &event); 3873 } else { 3874 if (!ieee80211_assoc_success(sdata, cbss, mgmt, len, elems)) { 3875 /* oops -- internal error -- send timeout for now */ 3876 ieee80211_destroy_assoc_data(sdata, false, false); 3877 cfg80211_assoc_timeout(sdata->dev, cbss); 3878 goto notify_driver; 3879 } 3880 event.u.mlme.status = MLME_SUCCESS; 3881 drv_event_callback(sdata->local, sdata, &event); 3882 sdata_info(sdata, "associated\n"); 3883 3884 /* 3885 * destroy assoc_data afterwards, as otherwise an idle 3886 * recalc after assoc_data is NULL but before associated 3887 * is set can cause the interface to go idle 3888 */ 3889 ieee80211_destroy_assoc_data(sdata, true, false); 3890 3891 /* get uapsd queues configuration */ 3892 uapsd_queues = 0; 3893 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) 3894 if (sdata->tx_conf[ac].uapsd) 3895 uapsd_queues |= ieee80211_ac_to_qos_mask[ac]; 3896 3897 info.success = 1; 3898 } 3899 3900 cfg80211_rx_assoc_resp(sdata->dev, cbss, (u8 *)mgmt, len, uapsd_queues, 3901 ifmgd->assoc_req_ies, ifmgd->assoc_req_ies_len); 3902notify_driver: 3903 drv_mgd_complete_tx(sdata->local, sdata, &info); 3904 kfree(elems); 3905} 3906 3907static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 3908 struct ieee80211_mgmt *mgmt, size_t len, 3909 struct ieee80211_rx_status *rx_status) 3910{ 3911 struct ieee80211_local *local = sdata->local; 3912 struct ieee80211_bss *bss; 3913 struct ieee80211_channel *channel; 3914 3915 sdata_assert_lock(sdata); 3916 3917 channel = ieee80211_get_channel_khz(local->hw.wiphy, 3918 ieee80211_rx_status_to_khz(rx_status)); 3919 if (!channel) 3920 return; 3921 3922 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel); 3923 if (bss) { 3924 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; 3925 ieee80211_rx_bss_put(local, bss); 3926 } 3927} 3928 3929 3930static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, 3931 struct sk_buff *skb) 3932{ 3933 struct ieee80211_mgmt *mgmt = (void *)skb->data; 3934 struct ieee80211_if_managed *ifmgd; 3935 struct ieee80211_rx_status *rx_status = (void *) skb->cb; 3936 struct ieee80211_channel *channel; 3937 size_t baselen, len = skb->len; 3938 3939 ifmgd = &sdata->u.mgd; 3940 3941 sdata_assert_lock(sdata); 3942 3943 /* 3944 * According to Draft P802.11ax D6.0 clause 26.17.2.3.2: 3945 * "If a 6 GHz AP receives a Probe Request frame and responds with 3946 * a Probe Response frame [..], the Address 1 field of the Probe 3947 * Response frame shall be set to the broadcast address [..]" 3948 * So, on 6GHz band we should also accept broadcast responses. 3949 */ 3950 channel = ieee80211_get_channel(sdata->local->hw.wiphy, 3951 rx_status->freq); 3952 if (!channel) 3953 return; 3954 3955 if (!ether_addr_equal(mgmt->da, sdata->vif.addr) && 3956 (channel->band != NL80211_BAND_6GHZ || 3957 !is_broadcast_ether_addr(mgmt->da))) 3958 return; /* ignore ProbeResp to foreign address */ 3959 3960 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 3961 if (baselen > len) 3962 return; 3963 3964 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status); 3965 3966 if (ifmgd->associated && 3967 ether_addr_equal(mgmt->bssid, ifmgd->bssid)) 3968 ieee80211_reset_ap_probe(sdata); 3969} 3970 3971/* 3972 * This is the canonical list of information elements we care about, 3973 * the filter code also gives us all changes to the Microsoft OUI 3974 * (00:50:F2) vendor IE which is used for WMM which we need to track, 3975 * as well as the DTPC IE (part of the Cisco OUI) used for signaling 3976 * changes to requested client power. 3977 * 3978 * We implement beacon filtering in software since that means we can 3979 * avoid processing the frame here and in cfg80211, and userspace 3980 * will not be able to tell whether the hardware supports it or not. 3981 * 3982 * XXX: This list needs to be dynamic -- userspace needs to be able to 3983 * add items it requires. It also needs to be able to tell us to 3984 * look out for other vendor IEs. 3985 */ 3986static const u64 care_about_ies = 3987 (1ULL << WLAN_EID_COUNTRY) | 3988 (1ULL << WLAN_EID_ERP_INFO) | 3989 (1ULL << WLAN_EID_CHANNEL_SWITCH) | 3990 (1ULL << WLAN_EID_PWR_CONSTRAINT) | 3991 (1ULL << WLAN_EID_HT_CAPABILITY) | 3992 (1ULL << WLAN_EID_HT_OPERATION) | 3993 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN); 3994 3995static void ieee80211_handle_beacon_sig(struct ieee80211_sub_if_data *sdata, 3996 struct ieee80211_if_managed *ifmgd, 3997 struct ieee80211_bss_conf *bss_conf, 3998 struct ieee80211_local *local, 3999 struct ieee80211_rx_status *rx_status) 4000{ 4001 /* Track average RSSI from the Beacon frames of the current AP */ 4002 4003 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 4004 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 4005 ewma_beacon_signal_init(&ifmgd->ave_beacon_signal); 4006 ifmgd->last_cqm_event_signal = 0; 4007 ifmgd->count_beacon_signal = 1; 4008 ifmgd->last_ave_beacon_signal = 0; 4009 } else { 4010 ifmgd->count_beacon_signal++; 4011 } 4012 4013 ewma_beacon_signal_add(&ifmgd->ave_beacon_signal, -rx_status->signal); 4014 4015 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && 4016 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 4017 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal); 4018 int last_sig = ifmgd->last_ave_beacon_signal; 4019 struct ieee80211_event event = { 4020 .type = RSSI_EVENT, 4021 }; 4022 4023 /* 4024 * if signal crosses either of the boundaries, invoke callback 4025 * with appropriate parameters 4026 */ 4027 if (sig > ifmgd->rssi_max_thold && 4028 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) { 4029 ifmgd->last_ave_beacon_signal = sig; 4030 event.u.rssi.data = RSSI_EVENT_HIGH; 4031 drv_event_callback(local, sdata, &event); 4032 } else if (sig < ifmgd->rssi_min_thold && 4033 (last_sig >= ifmgd->rssi_max_thold || 4034 last_sig == 0)) { 4035 ifmgd->last_ave_beacon_signal = sig; 4036 event.u.rssi.data = RSSI_EVENT_LOW; 4037 drv_event_callback(local, sdata, &event); 4038 } 4039 } 4040 4041 if (bss_conf->cqm_rssi_thold && 4042 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 4043 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) { 4044 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal); 4045 int last_event = ifmgd->last_cqm_event_signal; 4046 int thold = bss_conf->cqm_rssi_thold; 4047 int hyst = bss_conf->cqm_rssi_hyst; 4048 4049 if (sig < thold && 4050 (last_event == 0 || sig < last_event - hyst)) { 4051 ifmgd->last_cqm_event_signal = sig; 4052 ieee80211_cqm_rssi_notify( 4053 &sdata->vif, 4054 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 4055 sig, GFP_KERNEL); 4056 } else if (sig > thold && 4057 (last_event == 0 || sig > last_event + hyst)) { 4058 ifmgd->last_cqm_event_signal = sig; 4059 ieee80211_cqm_rssi_notify( 4060 &sdata->vif, 4061 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 4062 sig, GFP_KERNEL); 4063 } 4064 } 4065 4066 if (bss_conf->cqm_rssi_low && 4067 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { 4068 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal); 4069 int last_event = ifmgd->last_cqm_event_signal; 4070 int low = bss_conf->cqm_rssi_low; 4071 int high = bss_conf->cqm_rssi_high; 4072 4073 if (sig < low && 4074 (last_event == 0 || last_event >= low)) { 4075 ifmgd->last_cqm_event_signal = sig; 4076 ieee80211_cqm_rssi_notify( 4077 &sdata->vif, 4078 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW, 4079 sig, GFP_KERNEL); 4080 } else if (sig > high && 4081 (last_event == 0 || last_event <= high)) { 4082 ifmgd->last_cqm_event_signal = sig; 4083 ieee80211_cqm_rssi_notify( 4084 &sdata->vif, 4085 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH, 4086 sig, GFP_KERNEL); 4087 } 4088 } 4089} 4090 4091static bool ieee80211_rx_our_beacon(const u8 *tx_bssid, 4092 struct cfg80211_bss *bss) 4093{ 4094 if (ether_addr_equal(tx_bssid, bss->bssid)) 4095 return true; 4096 if (!bss->transmitted_bss) 4097 return false; 4098 return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid); 4099} 4100 4101static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, 4102 struct ieee80211_hdr *hdr, size_t len, 4103 struct ieee80211_rx_status *rx_status) 4104{ 4105 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4106 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 4107 struct ieee80211_mgmt *mgmt = (void *) hdr; 4108 size_t baselen; 4109 struct ieee802_11_elems *elems; 4110 struct ieee80211_local *local = sdata->local; 4111 struct ieee80211_chanctx_conf *chanctx_conf; 4112 struct ieee80211_channel *chan; 4113 struct sta_info *sta; 4114 u32 changed = 0; 4115 bool erp_valid; 4116 u8 erp_value = 0; 4117 u32 ncrc = 0; 4118 u8 *bssid, *variable = mgmt->u.beacon.variable; 4119 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4120 4121 sdata_assert_lock(sdata); 4122 4123 /* Process beacon from the current BSS */ 4124 bssid = ieee80211_get_bssid(hdr, len, sdata->vif.type); 4125 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) { 4126 struct ieee80211_ext *ext = (void *) mgmt; 4127 4128 if (ieee80211_is_s1g_short_beacon(ext->frame_control)) 4129 variable = ext->u.s1g_short_beacon.variable; 4130 else 4131 variable = ext->u.s1g_beacon.variable; 4132 } 4133 4134 baselen = (u8 *) variable - (u8 *) mgmt; 4135 if (baselen > len) 4136 return; 4137 4138 rcu_read_lock(); 4139 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 4140 if (!chanctx_conf) { 4141 rcu_read_unlock(); 4142 return; 4143 } 4144 4145 if (ieee80211_rx_status_to_khz(rx_status) != 4146 ieee80211_channel_to_khz(chanctx_conf->def.chan)) { 4147 rcu_read_unlock(); 4148 return; 4149 } 4150 chan = chanctx_conf->def.chan; 4151 rcu_read_unlock(); 4152 4153 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 4154 ieee80211_rx_our_beacon(bssid, ifmgd->assoc_data->bss)) { 4155 elems = ieee802_11_parse_elems(variable, len - baselen, false, 4156 bssid, 4157 ifmgd->assoc_data->bss->bssid); 4158 if (!elems) 4159 return; 4160 4161 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status); 4162 4163 if (elems->dtim_period) 4164 ifmgd->dtim_period = elems->dtim_period; 4165 ifmgd->have_beacon = true; 4166 ifmgd->assoc_data->need_beacon = false; 4167 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) { 4168 sdata->vif.bss_conf.sync_tsf = 4169 le64_to_cpu(mgmt->u.beacon.timestamp); 4170 sdata->vif.bss_conf.sync_device_ts = 4171 rx_status->device_timestamp; 4172 sdata->vif.bss_conf.sync_dtim_count = elems->dtim_count; 4173 } 4174 4175 if (elems->mbssid_config_ie) 4176 bss_conf->profile_periodicity = 4177 elems->mbssid_config_ie->profile_periodicity; 4178 else 4179 bss_conf->profile_periodicity = 0; 4180 4181 if (elems->ext_capab_len >= 11 && 4182 (elems->ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT)) 4183 bss_conf->ema_ap = true; 4184 else 4185 bss_conf->ema_ap = false; 4186 4187 /* continue assoc process */ 4188 ifmgd->assoc_data->timeout = jiffies; 4189 ifmgd->assoc_data->timeout_started = true; 4190 run_again(sdata, ifmgd->assoc_data->timeout); 4191 kfree(elems); 4192 return; 4193 } 4194 4195 if (!ifmgd->associated || 4196 !ieee80211_rx_our_beacon(bssid, ifmgd->assoc_bss)) 4197 return; 4198 bssid = ifmgd->bssid; 4199 4200 if (!(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL)) 4201 ieee80211_handle_beacon_sig(sdata, ifmgd, bss_conf, 4202 local, rx_status); 4203 4204 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) { 4205 mlme_dbg_ratelimited(sdata, 4206 "cancelling AP probe due to a received beacon\n"); 4207 ieee80211_reset_ap_probe(sdata); 4208 } 4209 4210 /* 4211 * Push the beacon loss detection into the future since 4212 * we are processing a beacon from the AP just now. 4213 */ 4214 ieee80211_sta_reset_beacon_monitor(sdata); 4215 4216 /* TODO: CRC urrently not calculated on S1G Beacon Compatibility 4217 * element (which carries the beacon interval). Don't forget to add a 4218 * bit to care_about_ies[] above if mac80211 is interested in a 4219 * changing S1G element. 4220 */ 4221 if (!ieee80211_is_s1g_beacon(hdr->frame_control)) 4222 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 4223 elems = ieee802_11_parse_elems_crc(variable, len - baselen, 4224 false, care_about_ies, ncrc, 4225 mgmt->bssid, bssid); 4226 if (!elems) 4227 return; 4228 ncrc = elems->crc; 4229 4230 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) && 4231 ieee80211_check_tim(elems->tim, elems->tim_len, bss_conf->aid)) { 4232 if (local->hw.conf.dynamic_ps_timeout > 0) { 4233 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 4234 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 4235 ieee80211_hw_config(local, 4236 IEEE80211_CONF_CHANGE_PS); 4237 } 4238 ieee80211_send_nullfunc(local, sdata, false); 4239 } else if (!local->pspolling && sdata->u.mgd.powersave) { 4240 local->pspolling = true; 4241 4242 /* 4243 * Here is assumed that the driver will be 4244 * able to send ps-poll frame and receive a 4245 * response even though power save mode is 4246 * enabled, but some drivers might require 4247 * to disable power save here. This needs 4248 * to be investigated. 4249 */ 4250 ieee80211_send_pspoll(local, sdata); 4251 } 4252 } 4253 4254 if (sdata->vif.p2p || 4255 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) { 4256 struct ieee80211_p2p_noa_attr noa = {}; 4257 int ret; 4258 4259 ret = cfg80211_get_p2p_attr(variable, 4260 len - baselen, 4261 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 4262 (u8 *) &noa, sizeof(noa)); 4263 if (ret >= 2) { 4264 if (sdata->u.mgd.p2p_noa_index != noa.index) { 4265 /* valid noa_attr and index changed */ 4266 sdata->u.mgd.p2p_noa_index = noa.index; 4267 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa)); 4268 changed |= BSS_CHANGED_P2P_PS; 4269 /* 4270 * make sure we update all information, the CRC 4271 * mechanism doesn't look at P2P attributes. 4272 */ 4273 ifmgd->beacon_crc_valid = false; 4274 } 4275 } else if (sdata->u.mgd.p2p_noa_index != -1) { 4276 /* noa_attr not found and we had valid noa_attr before */ 4277 sdata->u.mgd.p2p_noa_index = -1; 4278 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr)); 4279 changed |= BSS_CHANGED_P2P_PS; 4280 ifmgd->beacon_crc_valid = false; 4281 } 4282 } 4283 4284 if (ifmgd->csa_waiting_bcn) 4285 ieee80211_chswitch_post_beacon(sdata); 4286 4287 /* 4288 * Update beacon timing and dtim count on every beacon appearance. This 4289 * will allow the driver to use the most updated values. Do it before 4290 * comparing this one with last received beacon. 4291 * IMPORTANT: These parameters would possibly be out of sync by the time 4292 * the driver will use them. The synchronized view is currently 4293 * guaranteed only in certain callbacks. 4294 */ 4295 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) && 4296 !ieee80211_is_s1g_beacon(hdr->frame_control)) { 4297 sdata->vif.bss_conf.sync_tsf = 4298 le64_to_cpu(mgmt->u.beacon.timestamp); 4299 sdata->vif.bss_conf.sync_device_ts = 4300 rx_status->device_timestamp; 4301 sdata->vif.bss_conf.sync_dtim_count = elems->dtim_count; 4302 } 4303 4304 if ((ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) || 4305 ieee80211_is_s1g_short_beacon(mgmt->frame_control)) 4306 goto free; 4307 ifmgd->beacon_crc = ncrc; 4308 ifmgd->beacon_crc_valid = true; 4309 4310 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status); 4311 4312 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 4313 rx_status->device_timestamp, 4314 elems, true); 4315 4316 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && 4317 ieee80211_sta_wmm_params(local, sdata, elems->wmm_param, 4318 elems->wmm_param_len, 4319 elems->mu_edca_param_set)) 4320 changed |= BSS_CHANGED_QOS; 4321 4322 /* 4323 * If we haven't had a beacon before, tell the driver about the 4324 * DTIM period (and beacon timing if desired) now. 4325 */ 4326 if (!ifmgd->have_beacon) { 4327 /* a few bogus AP send dtim_period = 0 or no TIM IE */ 4328 bss_conf->dtim_period = elems->dtim_period ?: 1; 4329 4330 changed |= BSS_CHANGED_BEACON_INFO; 4331 ifmgd->have_beacon = true; 4332 4333 mutex_lock(&local->iflist_mtx); 4334 ieee80211_recalc_ps(local); 4335 mutex_unlock(&local->iflist_mtx); 4336 4337 ieee80211_recalc_ps_vif(sdata); 4338 } 4339 4340 if (elems->erp_info) { 4341 erp_valid = true; 4342 erp_value = elems->erp_info[0]; 4343 } else { 4344 erp_valid = false; 4345 } 4346 4347 if (!ieee80211_is_s1g_beacon(hdr->frame_control)) 4348 changed |= ieee80211_handle_bss_capability(sdata, 4349 le16_to_cpu(mgmt->u.beacon.capab_info), 4350 erp_valid, erp_value); 4351 4352 mutex_lock(&local->sta_mtx); 4353 sta = sta_info_get(sdata, bssid); 4354 4355 changed |= ieee80211_recalc_twt_req(sdata, sta, elems); 4356 4357 if (ieee80211_config_bw(sdata, sta, elems->ht_cap_elem, 4358 elems->vht_cap_elem, elems->ht_operation, 4359 elems->vht_operation, elems->he_operation, 4360 elems->eht_operation, 4361 elems->s1g_oper, bssid, &changed)) { 4362 mutex_unlock(&local->sta_mtx); 4363 sdata_info(sdata, 4364 "failed to follow AP %pM bandwidth change, disconnect\n", 4365 bssid); 4366 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4367 WLAN_REASON_DEAUTH_LEAVING, 4368 true, deauth_buf); 4369 ieee80211_report_disconnect(sdata, deauth_buf, 4370 sizeof(deauth_buf), true, 4371 WLAN_REASON_DEAUTH_LEAVING, 4372 false); 4373 goto free; 4374 } 4375 4376 if (sta && elems->opmode_notif) 4377 ieee80211_vht_handle_opmode(sdata, sta, *elems->opmode_notif, 4378 rx_status->band); 4379 mutex_unlock(&local->sta_mtx); 4380 4381 changed |= ieee80211_handle_pwr_constr(sdata, chan, mgmt, 4382 elems->country_elem, 4383 elems->country_elem_len, 4384 elems->pwr_constr_elem, 4385 elems->cisco_dtpc_elem); 4386 4387 ieee80211_bss_info_change_notify(sdata, changed); 4388free: 4389 kfree(elems); 4390} 4391 4392void ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data *sdata, 4393 struct sk_buff *skb) 4394{ 4395 struct ieee80211_rx_status *rx_status; 4396 struct ieee80211_hdr *hdr; 4397 u16 fc; 4398 4399 rx_status = (struct ieee80211_rx_status *) skb->cb; 4400 hdr = (struct ieee80211_hdr *) skb->data; 4401 fc = le16_to_cpu(hdr->frame_control); 4402 4403 sdata_lock(sdata); 4404 switch (fc & IEEE80211_FCTL_STYPE) { 4405 case IEEE80211_STYPE_S1G_BEACON: 4406 ieee80211_rx_mgmt_beacon(sdata, hdr, skb->len, rx_status); 4407 break; 4408 } 4409 sdata_unlock(sdata); 4410} 4411 4412void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 4413 struct sk_buff *skb) 4414{ 4415 struct ieee80211_rx_status *rx_status; 4416 struct ieee80211_mgmt *mgmt; 4417 u16 fc; 4418 int ies_len; 4419 4420 rx_status = (struct ieee80211_rx_status *) skb->cb; 4421 mgmt = (struct ieee80211_mgmt *) skb->data; 4422 fc = le16_to_cpu(mgmt->frame_control); 4423 4424 sdata_lock(sdata); 4425 4426 switch (fc & IEEE80211_FCTL_STYPE) { 4427 case IEEE80211_STYPE_BEACON: 4428 ieee80211_rx_mgmt_beacon(sdata, (void *)mgmt, 4429 skb->len, rx_status); 4430 break; 4431 case IEEE80211_STYPE_PROBE_RESP: 4432 ieee80211_rx_mgmt_probe_resp(sdata, skb); 4433 break; 4434 case IEEE80211_STYPE_AUTH: 4435 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len); 4436 break; 4437 case IEEE80211_STYPE_DEAUTH: 4438 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 4439 break; 4440 case IEEE80211_STYPE_DISASSOC: 4441 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 4442 break; 4443 case IEEE80211_STYPE_ASSOC_RESP: 4444 case IEEE80211_STYPE_REASSOC_RESP: 4445 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len); 4446 break; 4447 case IEEE80211_STYPE_ACTION: 4448 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 4449 struct ieee802_11_elems *elems; 4450 4451 ies_len = skb->len - 4452 offsetof(struct ieee80211_mgmt, 4453 u.action.u.chan_switch.variable); 4454 4455 if (ies_len < 0) 4456 break; 4457 4458 /* CSA IE cannot be overridden, no need for BSSID */ 4459 elems = ieee802_11_parse_elems( 4460 mgmt->u.action.u.chan_switch.variable, 4461 ies_len, true, mgmt->bssid, NULL); 4462 4463 if (elems && !elems->parse_error) 4464 ieee80211_sta_process_chanswitch(sdata, 4465 rx_status->mactime, 4466 rx_status->device_timestamp, 4467 elems, false); 4468 kfree(elems); 4469 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) { 4470 struct ieee802_11_elems *elems; 4471 4472 ies_len = skb->len - 4473 offsetof(struct ieee80211_mgmt, 4474 u.action.u.ext_chan_switch.variable); 4475 4476 if (ies_len < 0) 4477 break; 4478 4479 /* 4480 * extended CSA IE can't be overridden, no need for 4481 * BSSID 4482 */ 4483 elems = ieee802_11_parse_elems( 4484 mgmt->u.action.u.ext_chan_switch.variable, 4485 ies_len, true, mgmt->bssid, NULL); 4486 4487 if (elems && !elems->parse_error) { 4488 /* for the handling code pretend it was an IE */ 4489 elems->ext_chansw_ie = 4490 &mgmt->u.action.u.ext_chan_switch.data; 4491 4492 ieee80211_sta_process_chanswitch(sdata, 4493 rx_status->mactime, 4494 rx_status->device_timestamp, 4495 elems, false); 4496 } 4497 4498 kfree(elems); 4499 } 4500 break; 4501 } 4502 sdata_unlock(sdata); 4503} 4504 4505static void ieee80211_sta_timer(struct timer_list *t) 4506{ 4507 struct ieee80211_sub_if_data *sdata = 4508 from_timer(sdata, t, u.mgd.timer); 4509 4510 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 4511} 4512 4513void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata, 4514 u8 reason, bool tx) 4515{ 4516 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4517 4518 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason, 4519 tx, frame_buf); 4520 4521 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true, 4522 reason, false); 4523} 4524 4525static int ieee80211_auth(struct ieee80211_sub_if_data *sdata) 4526{ 4527 struct ieee80211_local *local = sdata->local; 4528 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4529 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data; 4530 u32 tx_flags = 0; 4531 u16 trans = 1; 4532 u16 status = 0; 4533 struct ieee80211_prep_tx_info info = { 4534 .subtype = IEEE80211_STYPE_AUTH, 4535 }; 4536 4537 sdata_assert_lock(sdata); 4538 4539 if (WARN_ON_ONCE(!auth_data)) 4540 return -EINVAL; 4541 4542 auth_data->tries++; 4543 4544 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) { 4545 sdata_info(sdata, "authentication with %pM timed out\n", 4546 auth_data->bss->bssid); 4547 4548 /* 4549 * Most likely AP is not in the range so remove the 4550 * bss struct for that AP. 4551 */ 4552 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss); 4553 4554 return -ETIMEDOUT; 4555 } 4556 4557 if (auth_data->algorithm == WLAN_AUTH_SAE) 4558 info.duration = jiffies_to_msecs(IEEE80211_AUTH_TIMEOUT_SAE); 4559 4560 drv_mgd_prepare_tx(local, sdata, &info); 4561 4562 sdata_info(sdata, "send auth to %pM (try %d/%d)\n", 4563 auth_data->bss->bssid, auth_data->tries, 4564 IEEE80211_AUTH_MAX_TRIES); 4565 4566 auth_data->expected_transaction = 2; 4567 4568 if (auth_data->algorithm == WLAN_AUTH_SAE) { 4569 trans = auth_data->sae_trans; 4570 status = auth_data->sae_status; 4571 auth_data->expected_transaction = trans; 4572 } 4573 4574 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 4575 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 4576 IEEE80211_TX_INTFL_MLME_CONN_TX; 4577 4578 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status, 4579 auth_data->data, auth_data->data_len, 4580 auth_data->bss->bssid, 4581 auth_data->bss->bssid, NULL, 0, 0, 4582 tx_flags); 4583 4584 if (tx_flags == 0) { 4585 if (auth_data->algorithm == WLAN_AUTH_SAE) 4586 auth_data->timeout = jiffies + 4587 IEEE80211_AUTH_TIMEOUT_SAE; 4588 else 4589 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 4590 } else { 4591 auth_data->timeout = 4592 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG); 4593 } 4594 4595 auth_data->timeout_started = true; 4596 run_again(sdata, auth_data->timeout); 4597 4598 return 0; 4599} 4600 4601static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata) 4602{ 4603 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 4604 struct ieee80211_local *local = sdata->local; 4605 int ret; 4606 4607 sdata_assert_lock(sdata); 4608 4609 assoc_data->tries++; 4610 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) { 4611 sdata_info(sdata, "association with %pM timed out\n", 4612 assoc_data->bss->bssid); 4613 4614 /* 4615 * Most likely AP is not in the range so remove the 4616 * bss struct for that AP. 4617 */ 4618 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss); 4619 4620 return -ETIMEDOUT; 4621 } 4622 4623 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 4624 assoc_data->bss->bssid, assoc_data->tries, 4625 IEEE80211_ASSOC_MAX_TRIES); 4626 ret = ieee80211_send_assoc(sdata); 4627 if (ret) 4628 return ret; 4629 4630 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) { 4631 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 4632 assoc_data->timeout_started = true; 4633 run_again(sdata, assoc_data->timeout); 4634 } else { 4635 assoc_data->timeout = 4636 round_jiffies_up(jiffies + 4637 IEEE80211_ASSOC_TIMEOUT_LONG); 4638 assoc_data->timeout_started = true; 4639 run_again(sdata, assoc_data->timeout); 4640 } 4641 4642 return 0; 4643} 4644 4645void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata, 4646 __le16 fc, bool acked) 4647{ 4648 struct ieee80211_local *local = sdata->local; 4649 4650 sdata->u.mgd.status_fc = fc; 4651 sdata->u.mgd.status_acked = acked; 4652 sdata->u.mgd.status_received = true; 4653 4654 ieee80211_queue_work(&local->hw, &sdata->work); 4655} 4656 4657void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 4658{ 4659 struct ieee80211_local *local = sdata->local; 4660 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4661 4662 sdata_lock(sdata); 4663 4664 if (ifmgd->status_received) { 4665 __le16 fc = ifmgd->status_fc; 4666 bool status_acked = ifmgd->status_acked; 4667 4668 ifmgd->status_received = false; 4669 if (ifmgd->auth_data && ieee80211_is_auth(fc)) { 4670 if (status_acked) { 4671 if (ifmgd->auth_data->algorithm == 4672 WLAN_AUTH_SAE) 4673 ifmgd->auth_data->timeout = 4674 jiffies + 4675 IEEE80211_AUTH_TIMEOUT_SAE; 4676 else 4677 ifmgd->auth_data->timeout = 4678 jiffies + 4679 IEEE80211_AUTH_TIMEOUT_SHORT; 4680 run_again(sdata, ifmgd->auth_data->timeout); 4681 } else { 4682 ifmgd->auth_data->timeout = jiffies - 1; 4683 } 4684 ifmgd->auth_data->timeout_started = true; 4685 } else if (ifmgd->assoc_data && 4686 (ieee80211_is_assoc_req(fc) || 4687 ieee80211_is_reassoc_req(fc))) { 4688 if (status_acked) { 4689 ifmgd->assoc_data->timeout = 4690 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT; 4691 run_again(sdata, ifmgd->assoc_data->timeout); 4692 } else { 4693 ifmgd->assoc_data->timeout = jiffies - 1; 4694 } 4695 ifmgd->assoc_data->timeout_started = true; 4696 } 4697 } 4698 4699 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 4700 time_after(jiffies, ifmgd->auth_data->timeout)) { 4701 if (ifmgd->auth_data->done || ifmgd->auth_data->waiting) { 4702 /* 4703 * ok ... we waited for assoc or continuation but 4704 * userspace didn't do it, so kill the auth data 4705 */ 4706 ieee80211_destroy_auth_data(sdata, false); 4707 } else if (ieee80211_auth(sdata)) { 4708 u8 bssid[ETH_ALEN]; 4709 struct ieee80211_event event = { 4710 .type = MLME_EVENT, 4711 .u.mlme.data = AUTH_EVENT, 4712 .u.mlme.status = MLME_TIMEOUT, 4713 }; 4714 4715 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN); 4716 4717 ieee80211_destroy_auth_data(sdata, false); 4718 4719 cfg80211_auth_timeout(sdata->dev, bssid); 4720 drv_event_callback(sdata->local, sdata, &event); 4721 } 4722 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started) 4723 run_again(sdata, ifmgd->auth_data->timeout); 4724 4725 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started && 4726 time_after(jiffies, ifmgd->assoc_data->timeout)) { 4727 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) || 4728 ieee80211_do_assoc(sdata)) { 4729 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 4730 struct ieee80211_event event = { 4731 .type = MLME_EVENT, 4732 .u.mlme.data = ASSOC_EVENT, 4733 .u.mlme.status = MLME_TIMEOUT, 4734 }; 4735 4736 ieee80211_destroy_assoc_data(sdata, false, false); 4737 cfg80211_assoc_timeout(sdata->dev, bss); 4738 drv_event_callback(sdata->local, sdata, &event); 4739 } 4740 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started) 4741 run_again(sdata, ifmgd->assoc_data->timeout); 4742 4743 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL && 4744 ifmgd->associated) { 4745 u8 *bssid = ifmgd->bssid; 4746 int max_tries; 4747 4748 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) 4749 max_tries = max_nullfunc_tries; 4750 else 4751 max_tries = max_probe_tries; 4752 4753 /* ACK received for nullfunc probing frame */ 4754 if (!ifmgd->probe_send_count) 4755 ieee80211_reset_ap_probe(sdata); 4756 else if (ifmgd->nullfunc_failed) { 4757 if (ifmgd->probe_send_count < max_tries) { 4758 mlme_dbg(sdata, 4759 "No ack for nullfunc frame to AP %pM, try %d/%i\n", 4760 bssid, ifmgd->probe_send_count, 4761 max_tries); 4762 ieee80211_mgd_probe_ap_send(sdata); 4763 } else { 4764 mlme_dbg(sdata, 4765 "No ack for nullfunc frame to AP %pM, disconnecting.\n", 4766 bssid); 4767 ieee80211_sta_connection_lost(sdata, 4768 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 4769 false); 4770 } 4771 } else if (time_is_after_jiffies(ifmgd->probe_timeout)) 4772 run_again(sdata, ifmgd->probe_timeout); 4773 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) { 4774 mlme_dbg(sdata, 4775 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n", 4776 bssid, probe_wait_ms); 4777 ieee80211_sta_connection_lost(sdata, 4778 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 4779 } else if (ifmgd->probe_send_count < max_tries) { 4780 mlme_dbg(sdata, 4781 "No probe response from AP %pM after %dms, try %d/%i\n", 4782 bssid, probe_wait_ms, 4783 ifmgd->probe_send_count, max_tries); 4784 ieee80211_mgd_probe_ap_send(sdata); 4785 } else { 4786 /* 4787 * We actually lost the connection ... or did we? 4788 * Let's make sure! 4789 */ 4790 mlme_dbg(sdata, 4791 "No probe response from AP %pM after %dms, disconnecting.\n", 4792 bssid, probe_wait_ms); 4793 4794 ieee80211_sta_connection_lost(sdata, 4795 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); 4796 } 4797 } 4798 4799 sdata_unlock(sdata); 4800} 4801 4802static void ieee80211_sta_bcn_mon_timer(struct timer_list *t) 4803{ 4804 struct ieee80211_sub_if_data *sdata = 4805 from_timer(sdata, t, u.mgd.bcn_mon_timer); 4806 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4807 4808 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) 4809 return; 4810 4811 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER) 4812 return; 4813 4814 sdata->u.mgd.connection_loss = false; 4815 ieee80211_queue_work(&sdata->local->hw, 4816 &sdata->u.mgd.beacon_connection_loss_work); 4817} 4818 4819static void ieee80211_sta_conn_mon_timer(struct timer_list *t) 4820{ 4821 struct ieee80211_sub_if_data *sdata = 4822 from_timer(sdata, t, u.mgd.conn_mon_timer); 4823 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4824 struct ieee80211_local *local = sdata->local; 4825 struct sta_info *sta; 4826 unsigned long timeout; 4827 4828 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) 4829 return; 4830 4831 sta = sta_info_get(sdata, ifmgd->bssid); 4832 if (!sta) 4833 return; 4834 4835 timeout = sta->deflink.status_stats.last_ack; 4836 if (time_before(sta->deflink.status_stats.last_ack, sta->deflink.rx_stats.last_rx)) 4837 timeout = sta->deflink.rx_stats.last_rx; 4838 timeout += IEEE80211_CONNECTION_IDLE_TIME; 4839 4840 /* If timeout is after now, then update timer to fire at 4841 * the later date, but do not actually probe at this time. 4842 */ 4843 if (time_is_after_jiffies(timeout)) { 4844 mod_timer(&ifmgd->conn_mon_timer, round_jiffies_up(timeout)); 4845 return; 4846 } 4847 4848 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work); 4849} 4850 4851static void ieee80211_sta_monitor_work(struct work_struct *work) 4852{ 4853 struct ieee80211_sub_if_data *sdata = 4854 container_of(work, struct ieee80211_sub_if_data, 4855 u.mgd.monitor_work); 4856 4857 ieee80211_mgd_probe_ap(sdata, false); 4858} 4859 4860static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 4861{ 4862 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 4863 __ieee80211_stop_poll(sdata); 4864 4865 /* let's probe the connection once */ 4866 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR)) 4867 ieee80211_queue_work(&sdata->local->hw, 4868 &sdata->u.mgd.monitor_work); 4869 } 4870} 4871 4872#ifdef CONFIG_PM 4873void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata) 4874{ 4875 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4876 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4877 4878 sdata_lock(sdata); 4879 4880 if (ifmgd->auth_data || ifmgd->assoc_data) { 4881 const u8 *bssid = ifmgd->auth_data ? 4882 ifmgd->auth_data->bss->bssid : 4883 ifmgd->assoc_data->bss->bssid; 4884 4885 /* 4886 * If we are trying to authenticate / associate while suspending, 4887 * cfg80211 won't know and won't actually abort those attempts, 4888 * thus we need to do that ourselves. 4889 */ 4890 ieee80211_send_deauth_disassoc(sdata, bssid, bssid, 4891 IEEE80211_STYPE_DEAUTH, 4892 WLAN_REASON_DEAUTH_LEAVING, 4893 false, frame_buf); 4894 if (ifmgd->assoc_data) 4895 ieee80211_destroy_assoc_data(sdata, false, true); 4896 if (ifmgd->auth_data) 4897 ieee80211_destroy_auth_data(sdata, false); 4898 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf, 4899 IEEE80211_DEAUTH_FRAME_LEN, 4900 false); 4901 } 4902 4903 /* This is a bit of a hack - we should find a better and more generic 4904 * solution to this. Normally when suspending, cfg80211 will in fact 4905 * deauthenticate. However, it doesn't (and cannot) stop an ongoing 4906 * auth (not so important) or assoc (this is the problem) process. 4907 * 4908 * As a consequence, it can happen that we are in the process of both 4909 * associating and suspending, and receive an association response 4910 * after cfg80211 has checked if it needs to disconnect, but before 4911 * we actually set the flag to drop incoming frames. This will then 4912 * cause the workqueue flush to process the association response in 4913 * the suspend, resulting in a successful association just before it 4914 * tries to remove the interface from the driver, which now though 4915 * has a channel context assigned ... this results in issues. 4916 * 4917 * To work around this (for now) simply deauth here again if we're 4918 * now connected. 4919 */ 4920 if (ifmgd->associated && !sdata->local->wowlan) { 4921 u8 bssid[ETH_ALEN]; 4922 struct cfg80211_deauth_request req = { 4923 .reason_code = WLAN_REASON_DEAUTH_LEAVING, 4924 .bssid = bssid, 4925 }; 4926 4927 memcpy(bssid, ifmgd->bssid, ETH_ALEN); 4928 ieee80211_mgd_deauth(sdata, &req); 4929 } 4930 4931 sdata_unlock(sdata); 4932} 4933#endif 4934 4935void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) 4936{ 4937 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 4938 4939 sdata_lock(sdata); 4940 if (!ifmgd->associated) { 4941 sdata_unlock(sdata); 4942 return; 4943 } 4944 4945 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) { 4946 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME; 4947 mlme_dbg(sdata, "driver requested disconnect after resume\n"); 4948 ieee80211_sta_connection_lost(sdata, 4949 WLAN_REASON_UNSPECIFIED, 4950 true); 4951 sdata_unlock(sdata); 4952 return; 4953 } 4954 4955 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_HW_RESTART) { 4956 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_HW_RESTART; 4957 mlme_dbg(sdata, "driver requested disconnect after hardware restart\n"); 4958 ieee80211_sta_connection_lost(sdata, 4959 WLAN_REASON_UNSPECIFIED, 4960 true); 4961 sdata_unlock(sdata); 4962 return; 4963 } 4964 4965 sdata_unlock(sdata); 4966} 4967 4968/* interface setup */ 4969void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata) 4970{ 4971 struct ieee80211_if_managed *ifmgd; 4972 4973 ifmgd = &sdata->u.mgd; 4974 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 4975 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 4976 INIT_WORK(&ifmgd->beacon_connection_loss_work, 4977 ieee80211_beacon_connection_loss_work); 4978 INIT_WORK(&ifmgd->csa_connection_drop_work, 4979 ieee80211_csa_connection_drop_work); 4980 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work); 4981 INIT_DELAYED_WORK(&ifmgd->tdls_peer_del_work, 4982 ieee80211_tdls_peer_del_work); 4983 timer_setup(&ifmgd->timer, ieee80211_sta_timer, 0); 4984 timer_setup(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 0); 4985 timer_setup(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 0); 4986 timer_setup(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 0); 4987 INIT_DELAYED_WORK(&ifmgd->tx_tspec_wk, 4988 ieee80211_sta_handle_tspec_ac_params_wk); 4989 4990 ifmgd->flags = 0; 4991 ifmgd->powersave = sdata->wdev.ps; 4992 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues; 4993 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len; 4994 ifmgd->p2p_noa_index = -1; 4995 4996 if (sdata->local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS) 4997 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC; 4998 else 4999 ifmgd->req_smps = IEEE80211_SMPS_OFF; 5000 5001 /* Setup TDLS data */ 5002 spin_lock_init(&ifmgd->teardown_lock); 5003 ifmgd->teardown_skb = NULL; 5004 ifmgd->orig_teardown_skb = NULL; 5005} 5006 5007/* scan finished notification */ 5008void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local) 5009{ 5010 struct ieee80211_sub_if_data *sdata; 5011 5012 /* Restart STA timers */ 5013 rcu_read_lock(); 5014 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 5015 if (ieee80211_sdata_running(sdata)) 5016 ieee80211_restart_sta_timer(sdata); 5017 } 5018 rcu_read_unlock(); 5019} 5020 5021static u8 ieee80211_max_rx_chains(struct ieee80211_sub_if_data *sdata, 5022 struct cfg80211_bss *cbss) 5023{ 5024 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp; 5025 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 5026 const struct element *ht_cap_elem, *vht_cap_elem; 5027 const struct cfg80211_bss_ies *ies; 5028 const struct ieee80211_ht_cap *ht_cap; 5029 const struct ieee80211_vht_cap *vht_cap; 5030 const struct ieee80211_he_cap_elem *he_cap; 5031 const struct element *he_cap_elem; 5032 u16 mcs_80_map, mcs_160_map; 5033 int i, mcs_nss_size; 5034 bool support_160; 5035 u8 chains = 1; 5036 5037 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT) 5038 return chains; 5039 5040 ht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_HT_CAPABILITY); 5041 if (ht_cap_elem && ht_cap_elem->datalen >= sizeof(*ht_cap)) { 5042 ht_cap = (void *)ht_cap_elem->data; 5043 chains = ieee80211_mcs_to_chains(&ht_cap->mcs); 5044 /* 5045 * TODO: use "Tx Maximum Number Spatial Streams Supported" and 5046 * "Tx Unequal Modulation Supported" fields. 5047 */ 5048 } 5049 5050 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT) 5051 return chains; 5052 5053 vht_cap_elem = ieee80211_bss_get_elem(cbss, WLAN_EID_VHT_CAPABILITY); 5054 if (vht_cap_elem && vht_cap_elem->datalen >= sizeof(*vht_cap)) { 5055 u8 nss; 5056 u16 tx_mcs_map; 5057 5058 vht_cap = (void *)vht_cap_elem->data; 5059 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map); 5060 for (nss = 8; nss > 0; nss--) { 5061 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) != 5062 IEEE80211_VHT_MCS_NOT_SUPPORTED) 5063 break; 5064 } 5065 /* TODO: use "Tx Highest Supported Long GI Data Rate" field? */ 5066 chains = max(chains, nss); 5067 } 5068 5069 if (ifmgd->flags & IEEE80211_STA_DISABLE_HE) 5070 return chains; 5071 5072 ies = rcu_dereference(cbss->ies); 5073 he_cap_elem = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, 5074 ies->data, ies->len); 5075 5076 if (!he_cap_elem || he_cap_elem->datalen < sizeof(*he_cap)) 5077 return chains; 5078 5079 /* skip one byte ext_tag_id */ 5080 he_cap = (void *)(he_cap_elem->data + 1); 5081 mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap); 5082 5083 /* invalid HE IE */ 5084 if (he_cap_elem->datalen < 1 + mcs_nss_size + sizeof(*he_cap)) 5085 return chains; 5086 5087 /* mcs_nss is right after he_cap info */ 5088 he_mcs_nss_supp = (void *)(he_cap + 1); 5089 5090 mcs_80_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80); 5091 5092 for (i = 7; i >= 0; i--) { 5093 u8 mcs_80 = mcs_80_map >> (2 * i) & 3; 5094 5095 if (mcs_80 != IEEE80211_VHT_MCS_NOT_SUPPORTED) { 5096 chains = max_t(u8, chains, i + 1); 5097 break; 5098 } 5099 } 5100 5101 support_160 = he_cap->phy_cap_info[0] & 5102 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G; 5103 5104 if (!support_160) 5105 return chains; 5106 5107 mcs_160_map = le16_to_cpu(he_mcs_nss_supp->tx_mcs_160); 5108 for (i = 7; i >= 0; i--) { 5109 u8 mcs_160 = mcs_160_map >> (2 * i) & 3; 5110 5111 if (mcs_160 != IEEE80211_VHT_MCS_NOT_SUPPORTED) { 5112 chains = max_t(u8, chains, i + 1); 5113 break; 5114 } 5115 } 5116 5117 return chains; 5118} 5119 5120static bool 5121ieee80211_verify_peer_he_mcs_support(struct ieee80211_sub_if_data *sdata, 5122 const struct cfg80211_bss_ies *ies, 5123 const struct ieee80211_he_operation *he_op) 5124{ 5125 const struct element *he_cap_elem; 5126 const struct ieee80211_he_cap_elem *he_cap; 5127 struct ieee80211_he_mcs_nss_supp *he_mcs_nss_supp; 5128 u16 mcs_80_map_tx, mcs_80_map_rx; 5129 u16 ap_min_req_set; 5130 int mcs_nss_size; 5131 int nss; 5132 5133 he_cap_elem = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, 5134 ies->data, ies->len); 5135 5136 /* invalid HE IE */ 5137 if (!he_cap_elem || he_cap_elem->datalen < 1 + sizeof(*he_cap)) { 5138 sdata_info(sdata, 5139 "Invalid HE elem, Disable HE\n"); 5140 return false; 5141 } 5142 5143 /* skip one byte ext_tag_id */ 5144 he_cap = (void *)(he_cap_elem->data + 1); 5145 mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap); 5146 5147 /* invalid HE IE */ 5148 if (he_cap_elem->datalen < 1 + sizeof(*he_cap) + mcs_nss_size) { 5149 sdata_info(sdata, 5150 "Invalid HE elem with nss size, Disable HE\n"); 5151 return false; 5152 } 5153 5154 /* mcs_nss is right after he_cap info */ 5155 he_mcs_nss_supp = (void *)(he_cap + 1); 5156 5157 mcs_80_map_tx = le16_to_cpu(he_mcs_nss_supp->tx_mcs_80); 5158 mcs_80_map_rx = le16_to_cpu(he_mcs_nss_supp->rx_mcs_80); 5159 5160 /* P802.11-REVme/D0.3 5161 * 27.1.1 Introduction to the HE PHY 5162 * ... 5163 * An HE STA shall support the following features: 5164 * ... 5165 * Single spatial stream HE-MCSs 0 to 7 (transmit and receive) in all 5166 * supported channel widths for HE SU PPDUs 5167 */ 5168 if ((mcs_80_map_tx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED || 5169 (mcs_80_map_rx & 0x3) == IEEE80211_HE_MCS_NOT_SUPPORTED) { 5170 sdata_info(sdata, 5171 "Missing mandatory rates for 1 Nss, rx 0x%x, tx 0x%x, disable HE\n", 5172 mcs_80_map_tx, mcs_80_map_rx); 5173 return false; 5174 } 5175 5176 if (!he_op) 5177 return true; 5178 5179 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set); 5180 5181 /* make sure the AP is consistent with itself 5182 * 5183 * P802.11-REVme/D0.3 5184 * 26.17.1 Basic HE BSS operation 5185 * 5186 * A STA that is operating in an HE BSS shall be able to receive and 5187 * transmit at each of the <HE-MCS, NSS> tuple values indicated by the 5188 * Basic HE-MCS And NSS Set field of the HE Operation parameter of the 5189 * MLME-START.request primitive and shall be able to receive at each of 5190 * the <HE-MCS, NSS> tuple values indicated by the Supported HE-MCS and 5191 * NSS Set field in the HE Capabilities parameter of the MLMESTART.request 5192 * primitive 5193 */ 5194 for (nss = 8; nss > 0; nss--) { 5195 u8 ap_op_val = (ap_min_req_set >> (2 * (nss - 1))) & 3; 5196 u8 ap_rx_val; 5197 u8 ap_tx_val; 5198 5199 if (ap_op_val == IEEE80211_HE_MCS_NOT_SUPPORTED) 5200 continue; 5201 5202 ap_rx_val = (mcs_80_map_rx >> (2 * (nss - 1))) & 3; 5203 ap_tx_val = (mcs_80_map_tx >> (2 * (nss - 1))) & 3; 5204 5205 if (ap_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED || 5206 ap_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED || 5207 ap_rx_val < ap_op_val || ap_tx_val < ap_op_val) { 5208 sdata_info(sdata, 5209 "Invalid rates for %d Nss, rx %d, tx %d oper %d, disable HE\n", 5210 nss, ap_rx_val, ap_rx_val, ap_op_val); 5211 return false; 5212 } 5213 } 5214 5215 return true; 5216} 5217 5218static bool 5219ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data *sdata, 5220 struct ieee80211_supported_band *sband, 5221 const struct ieee80211_he_operation *he_op) 5222{ 5223 const struct ieee80211_sta_he_cap *sta_he_cap = 5224 ieee80211_get_he_iftype_cap(sband, 5225 ieee80211_vif_type_p2p(&sdata->vif)); 5226 u16 ap_min_req_set; 5227 int i; 5228 5229 if (!sta_he_cap || !he_op) 5230 return false; 5231 5232 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set); 5233 5234 /* Need to go over for 80MHz, 160MHz and for 80+80 */ 5235 for (i = 0; i < 3; i++) { 5236 const struct ieee80211_he_mcs_nss_supp *sta_mcs_nss_supp = 5237 &sta_he_cap->he_mcs_nss_supp; 5238 u16 sta_mcs_map_rx = 5239 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i]); 5240 u16 sta_mcs_map_tx = 5241 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i + 1]); 5242 u8 nss; 5243 bool verified = true; 5244 5245 /* 5246 * For each band there is a maximum of 8 spatial streams 5247 * possible. Each of the sta_mcs_map_* is a 16-bit struct built 5248 * of 2 bits per NSS (1-8), with the values defined in enum 5249 * ieee80211_he_mcs_support. Need to make sure STA TX and RX 5250 * capabilities aren't less than the AP's minimum requirements 5251 * for this HE BSS per SS. 5252 * It is enough to find one such band that meets the reqs. 5253 */ 5254 for (nss = 8; nss > 0; nss--) { 5255 u8 sta_rx_val = (sta_mcs_map_rx >> (2 * (nss - 1))) & 3; 5256 u8 sta_tx_val = (sta_mcs_map_tx >> (2 * (nss - 1))) & 3; 5257 u8 ap_val = (ap_min_req_set >> (2 * (nss - 1))) & 3; 5258 5259 if (ap_val == IEEE80211_HE_MCS_NOT_SUPPORTED) 5260 continue; 5261 5262 /* 5263 * Make sure the HE AP doesn't require MCSs that aren't 5264 * supported by the client as required by spec 5265 * 5266 * P802.11-REVme/D0.3 5267 * 26.17.1 Basic HE BSS operation 5268 * 5269 * An HE STA shall not attempt to join * (MLME-JOIN.request primitive) 5270 * a BSS, unless it supports (i.e., is able to both transmit and 5271 * receive using) all of the <HE-MCS, NSS> tuples in the basic 5272 * HE-MCS and NSS set. 5273 */ 5274 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED || 5275 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED || 5276 (ap_val > sta_rx_val) || (ap_val > sta_tx_val)) { 5277 verified = false; 5278 break; 5279 } 5280 } 5281 5282 if (verified) 5283 return true; 5284 } 5285 5286 /* If here, STA doesn't meet AP's HE min requirements */ 5287 return false; 5288} 5289 5290static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, 5291 struct cfg80211_bss *cbss) 5292{ 5293 struct ieee80211_local *local = sdata->local; 5294 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 5295 const struct ieee80211_ht_cap *ht_cap = NULL; 5296 const struct ieee80211_ht_operation *ht_oper = NULL; 5297 const struct ieee80211_vht_operation *vht_oper = NULL; 5298 const struct ieee80211_he_operation *he_oper = NULL; 5299 const struct ieee80211_eht_operation *eht_oper = NULL; 5300 const struct ieee80211_s1g_oper_ie *s1g_oper = NULL; 5301 struct ieee80211_supported_band *sband; 5302 struct cfg80211_chan_def chandef; 5303 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ; 5304 bool is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ; 5305 struct ieee80211_bss *bss = (void *)cbss->priv; 5306 struct ieee802_11_elems *elems; 5307 const struct cfg80211_bss_ies *ies; 5308 int ret; 5309 u32 i; 5310 bool have_80mhz; 5311 5312 rcu_read_lock(); 5313 5314 ies = rcu_dereference(cbss->ies); 5315 elems = ieee802_11_parse_elems(ies->data, ies->len, false, 5316 NULL, NULL); 5317 if (!elems) { 5318 rcu_read_unlock(); 5319 return -ENOMEM; 5320 } 5321 5322 sband = local->hw.wiphy->bands[cbss->channel->band]; 5323 5324 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ | 5325 IEEE80211_STA_DISABLE_80P80MHZ | 5326 IEEE80211_STA_DISABLE_160MHZ); 5327 5328 /* disable HT/VHT/HE if we don't support them */ 5329 if (!sband->ht_cap.ht_supported && !is_6ghz) { 5330 mlme_dbg(sdata, "HT not supported, disabling HT/VHT/HE/EHT\n"); 5331 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 5332 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 5333 ifmgd->flags |= IEEE80211_STA_DISABLE_HE; 5334 ifmgd->flags |= IEEE80211_STA_DISABLE_EHT; 5335 } 5336 5337 if (!sband->vht_cap.vht_supported && is_5ghz) { 5338 mlme_dbg(sdata, "VHT not supported, disabling VHT/HE/EHT\n"); 5339 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 5340 ifmgd->flags |= IEEE80211_STA_DISABLE_HE; 5341 ifmgd->flags |= IEEE80211_STA_DISABLE_EHT; 5342 } 5343 5344 if (!ieee80211_get_he_iftype_cap(sband, 5345 ieee80211_vif_type_p2p(&sdata->vif))) { 5346 mlme_dbg(sdata, "HE not supported, disabling HE and EHT\n"); 5347 ifmgd->flags |= IEEE80211_STA_DISABLE_HE; 5348 ifmgd->flags |= IEEE80211_STA_DISABLE_EHT; 5349 } 5350 5351 if (!ieee80211_get_eht_iftype_cap(sband, 5352 ieee80211_vif_type_p2p(&sdata->vif))) { 5353 mlme_dbg(sdata, "EHT not supported, disabling EHT\n"); 5354 ifmgd->flags |= IEEE80211_STA_DISABLE_EHT; 5355 } 5356 5357 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && !is_6ghz) { 5358 ht_oper = elems->ht_operation; 5359 ht_cap = elems->ht_cap_elem; 5360 5361 if (!ht_cap) { 5362 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 5363 ht_oper = NULL; 5364 } 5365 } 5366 5367 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && !is_6ghz) { 5368 vht_oper = elems->vht_operation; 5369 if (vht_oper && !ht_oper) { 5370 vht_oper = NULL; 5371 sdata_info(sdata, 5372 "AP advertised VHT without HT, disabling HT/VHT/HE\n"); 5373 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 5374 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 5375 ifmgd->flags |= IEEE80211_STA_DISABLE_HE; 5376 ifmgd->flags |= IEEE80211_STA_DISABLE_EHT; 5377 } 5378 5379 if (!elems->vht_cap_elem) { 5380 sdata_info(sdata, 5381 "bad VHT capabilities, disabling VHT\n"); 5382 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 5383 vht_oper = NULL; 5384 } 5385 } 5386 5387 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE)) { 5388 he_oper = elems->he_operation; 5389 5390 if (is_6ghz) { 5391 struct ieee80211_bss_conf *bss_conf; 5392 u8 i, j = 0; 5393 5394 bss_conf = &sdata->vif.bss_conf; 5395 5396 if (elems->pwr_constr_elem) 5397 bss_conf->pwr_reduction = *elems->pwr_constr_elem; 5398 5399 BUILD_BUG_ON(ARRAY_SIZE(bss_conf->tx_pwr_env) != 5400 ARRAY_SIZE(elems->tx_pwr_env)); 5401 5402 for (i = 0; i < elems->tx_pwr_env_num; i++) { 5403 if (elems->tx_pwr_env_len[i] > 5404 sizeof(bss_conf->tx_pwr_env[j])) 5405 continue; 5406 5407 bss_conf->tx_pwr_env_num++; 5408 memcpy(&bss_conf->tx_pwr_env[j], elems->tx_pwr_env[i], 5409 elems->tx_pwr_env_len[i]); 5410 j++; 5411 } 5412 } 5413 5414 if (!ieee80211_verify_peer_he_mcs_support(sdata, ies, he_oper) || 5415 !ieee80211_verify_sta_he_mcs_support(sdata, sband, he_oper)) 5416 ifmgd->flags |= IEEE80211_STA_DISABLE_HE | 5417 IEEE80211_STA_DISABLE_EHT; 5418 } 5419 5420 /* 5421 * EHT requires HE to be supported as well. Specifically for 6 GHz 5422 * channels, the operation channel information can only be deduced from 5423 * both the 6 GHz operation information (from the HE operation IE) and 5424 * EHT operation. 5425 */ 5426 if (!(ifmgd->flags & (IEEE80211_STA_DISABLE_HE | 5427 IEEE80211_STA_DISABLE_EHT)) && he_oper) { 5428 const struct cfg80211_bss_ies *ies; 5429 const u8 *eht_oper_ie; 5430 5431 ies = rcu_dereference(cbss->ies); 5432 eht_oper_ie = cfg80211_find_ext_ie(WLAN_EID_EXT_EHT_OPERATION, 5433 ies->data, ies->len); 5434 if (eht_oper_ie && eht_oper_ie[1] >= 5435 1 + sizeof(struct ieee80211_eht_operation)) 5436 eht_oper = (void *)(eht_oper_ie + 3); 5437 else 5438 eht_oper = NULL; 5439 } 5440 5441 /* Allow VHT if at least one channel on the sband supports 80 MHz */ 5442 have_80mhz = false; 5443 for (i = 0; i < sband->n_channels; i++) { 5444 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED | 5445 IEEE80211_CHAN_NO_80MHZ)) 5446 continue; 5447 5448 have_80mhz = true; 5449 break; 5450 } 5451 5452 if (!have_80mhz) { 5453 sdata_info(sdata, "80 MHz not supported, disabling VHT\n"); 5454 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 5455 } 5456 5457 if (sband->band == NL80211_BAND_S1GHZ) { 5458 s1g_oper = elems->s1g_oper; 5459 if (!s1g_oper) 5460 sdata_info(sdata, 5461 "AP missing S1G operation element?\n"); 5462 } 5463 5464 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband, 5465 cbss->channel, 5466 bss->vht_cap_info, 5467 ht_oper, vht_oper, 5468 he_oper, eht_oper, 5469 s1g_oper, 5470 &chandef, false); 5471 5472 sdata->needed_rx_chains = min(ieee80211_max_rx_chains(sdata, cbss), 5473 local->rx_chains); 5474 5475 rcu_read_unlock(); 5476 /* the element data was RCU protected so no longer valid anyway */ 5477 kfree(elems); 5478 elems = NULL; 5479 5480 if (ifmgd->flags & IEEE80211_STA_DISABLE_HE && is_6ghz) { 5481 sdata_info(sdata, "Rejecting non-HE 6/7 GHz connection"); 5482 return -EINVAL; 5483 } 5484 5485 /* will change later if needed */ 5486 sdata->smps_mode = IEEE80211_SMPS_OFF; 5487 5488 mutex_lock(&local->mtx); 5489 /* 5490 * If this fails (possibly due to channel context sharing 5491 * on incompatible channels, e.g. 80+80 and 160 sharing the 5492 * same control channel) try to use a smaller bandwidth. 5493 */ 5494 ret = ieee80211_vif_use_channel(sdata, &chandef, 5495 IEEE80211_CHANCTX_SHARED); 5496 5497 /* don't downgrade for 5 and 10 MHz channels, though. */ 5498 if (chandef.width == NL80211_CHAN_WIDTH_5 || 5499 chandef.width == NL80211_CHAN_WIDTH_10) 5500 goto out; 5501 5502 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { 5503 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef); 5504 ret = ieee80211_vif_use_channel(sdata, &chandef, 5505 IEEE80211_CHANCTX_SHARED); 5506 } 5507 out: 5508 mutex_unlock(&local->mtx); 5509 return ret; 5510} 5511 5512static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies, 5513 u8 *dtim_count, u8 *dtim_period) 5514{ 5515 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len); 5516 const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data, 5517 ies->len); 5518 const struct ieee80211_tim_ie *tim = NULL; 5519 const struct ieee80211_bssid_index *idx; 5520 bool valid = tim_ie && tim_ie[1] >= 2; 5521 5522 if (valid) 5523 tim = (void *)(tim_ie + 2); 5524 5525 if (dtim_count) 5526 *dtim_count = valid ? tim->dtim_count : 0; 5527 5528 if (dtim_period) 5529 *dtim_period = valid ? tim->dtim_period : 0; 5530 5531 /* Check if value is overridden by non-transmitted profile */ 5532 if (!idx_ie || idx_ie[1] < 3) 5533 return valid; 5534 5535 idx = (void *)(idx_ie + 2); 5536 5537 if (dtim_count) 5538 *dtim_count = idx->dtim_count; 5539 5540 if (dtim_period) 5541 *dtim_period = idx->dtim_period; 5542 5543 return true; 5544} 5545 5546static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, 5547 struct cfg80211_bss *cbss, bool assoc, 5548 bool override) 5549{ 5550 struct ieee80211_local *local = sdata->local; 5551 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 5552 struct ieee80211_bss *bss = (void *)cbss->priv; 5553 struct sta_info *new_sta = NULL; 5554 struct ieee80211_supported_band *sband; 5555 bool have_sta = false; 5556 int err; 5557 5558 sband = local->hw.wiphy->bands[cbss->channel->band]; 5559 5560 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) 5561 return -EINVAL; 5562 5563 /* If a reconfig is happening, bail out */ 5564 if (local->in_reconfig) 5565 return -EBUSY; 5566 5567 if (assoc) { 5568 rcu_read_lock(); 5569 have_sta = sta_info_get(sdata, cbss->bssid); 5570 rcu_read_unlock(); 5571 } 5572 5573 if (!have_sta) { 5574 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL); 5575 if (!new_sta) 5576 return -ENOMEM; 5577 } 5578 5579 /* 5580 * Set up the information for the new channel before setting the 5581 * new channel. We can't - completely race-free - change the basic 5582 * rates bitmap and the channel (sband) that it refers to, but if 5583 * we set it up before we at least avoid calling into the driver's 5584 * bss_info_changed() method with invalid information (since we do 5585 * call that from changing the channel - only for IDLE and perhaps 5586 * some others, but ...). 5587 * 5588 * So to avoid that, just set up all the new information before the 5589 * channel, but tell the driver to apply it only afterwards, since 5590 * it might need the new channel for that. 5591 */ 5592 if (new_sta) { 5593 u32 rates = 0, basic_rates = 0; 5594 bool have_higher_than_11mbit = false; 5595 int min_rate = INT_MAX, min_rate_index = -1; 5596 const struct cfg80211_bss_ies *ies; 5597 int shift = ieee80211_vif_get_shift(&sdata->vif); 5598 5599 /* TODO: S1G Basic Rate Set is expressed elsewhere */ 5600 if (cbss->channel->band == NL80211_BAND_S1GHZ) { 5601 ieee80211_s1g_sta_rate_init(new_sta); 5602 goto skip_rates; 5603 } 5604 5605 ieee80211_get_rates(sband, bss->supp_rates, 5606 bss->supp_rates_len, 5607 &rates, &basic_rates, 5608 &have_higher_than_11mbit, 5609 &min_rate, &min_rate_index, 5610 shift); 5611 5612 /* 5613 * This used to be a workaround for basic rates missing 5614 * in the association response frame. Now that we no 5615 * longer use the basic rates from there, it probably 5616 * doesn't happen any more, but keep the workaround so 5617 * in case some *other* APs are buggy in different ways 5618 * we can connect -- with a warning. 5619 * Allow this workaround only in case the AP provided at least 5620 * one rate. 5621 */ 5622 if (min_rate_index < 0) { 5623 sdata_info(sdata, 5624 "No legacy rates in association response\n"); 5625 5626 sta_info_free(local, new_sta); 5627 return -EINVAL; 5628 } else if (!basic_rates) { 5629 sdata_info(sdata, 5630 "No basic rates, using min rate instead\n"); 5631 basic_rates = BIT(min_rate_index); 5632 } 5633 5634 if (rates) 5635 new_sta->sta.deflink.supp_rates[cbss->channel->band] = rates; 5636 else 5637 sdata_info(sdata, 5638 "No rates found, keeping mandatory only\n"); 5639 5640 sdata->vif.bss_conf.basic_rates = basic_rates; 5641 5642 /* cf. IEEE 802.11 9.2.12 */ 5643 if (cbss->channel->band == NL80211_BAND_2GHZ && 5644 have_higher_than_11mbit) 5645 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 5646 else 5647 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 5648 5649skip_rates: 5650 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN); 5651 5652 /* set timing information */ 5653 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 5654 rcu_read_lock(); 5655 ies = rcu_dereference(cbss->beacon_ies); 5656 if (ies) { 5657 sdata->vif.bss_conf.sync_tsf = ies->tsf; 5658 sdata->vif.bss_conf.sync_device_ts = 5659 bss->device_ts_beacon; 5660 5661 ieee80211_get_dtim(ies, 5662 &sdata->vif.bss_conf.sync_dtim_count, 5663 NULL); 5664 } else if (!ieee80211_hw_check(&sdata->local->hw, 5665 TIMING_BEACON_ONLY)) { 5666 ies = rcu_dereference(cbss->proberesp_ies); 5667 /* must be non-NULL since beacon IEs were NULL */ 5668 sdata->vif.bss_conf.sync_tsf = ies->tsf; 5669 sdata->vif.bss_conf.sync_device_ts = 5670 bss->device_ts_presp; 5671 sdata->vif.bss_conf.sync_dtim_count = 0; 5672 } else { 5673 sdata->vif.bss_conf.sync_tsf = 0; 5674 sdata->vif.bss_conf.sync_device_ts = 0; 5675 sdata->vif.bss_conf.sync_dtim_count = 0; 5676 } 5677 rcu_read_unlock(); 5678 } 5679 5680 if (new_sta || override) { 5681 err = ieee80211_prep_channel(sdata, cbss); 5682 if (err) { 5683 if (new_sta) 5684 sta_info_free(local, new_sta); 5685 return -EINVAL; 5686 } 5687 } 5688 5689 if (new_sta) { 5690 /* 5691 * tell driver about BSSID, basic rates and timing 5692 * this was set up above, before setting the channel 5693 */ 5694 ieee80211_bss_info_change_notify(sdata, 5695 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES | 5696 BSS_CHANGED_BEACON_INT); 5697 5698 if (assoc) 5699 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH); 5700 5701 err = sta_info_insert(new_sta); 5702 new_sta = NULL; 5703 if (err) { 5704 sdata_info(sdata, 5705 "failed to insert STA entry for the AP (error %d)\n", 5706 err); 5707 return err; 5708 } 5709 } else 5710 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid)); 5711 5712 /* Cancel scan to ensure that nothing interferes with connection */ 5713 if (local->scanning) 5714 ieee80211_scan_cancel(local); 5715 5716 return 0; 5717} 5718 5719/* config hooks */ 5720int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 5721 struct cfg80211_auth_request *req) 5722{ 5723 struct ieee80211_local *local = sdata->local; 5724 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 5725 struct ieee80211_mgd_auth_data *auth_data; 5726 u16 auth_alg; 5727 int err; 5728 bool cont_auth; 5729 5730 /* prepare auth data structure */ 5731 5732 switch (req->auth_type) { 5733 case NL80211_AUTHTYPE_OPEN_SYSTEM: 5734 auth_alg = WLAN_AUTH_OPEN; 5735 break; 5736 case NL80211_AUTHTYPE_SHARED_KEY: 5737 if (fips_enabled) 5738 return -EOPNOTSUPP; 5739 auth_alg = WLAN_AUTH_SHARED_KEY; 5740 break; 5741 case NL80211_AUTHTYPE_FT: 5742 auth_alg = WLAN_AUTH_FT; 5743 break; 5744 case NL80211_AUTHTYPE_NETWORK_EAP: 5745 auth_alg = WLAN_AUTH_LEAP; 5746 break; 5747 case NL80211_AUTHTYPE_SAE: 5748 auth_alg = WLAN_AUTH_SAE; 5749 break; 5750 case NL80211_AUTHTYPE_FILS_SK: 5751 auth_alg = WLAN_AUTH_FILS_SK; 5752 break; 5753 case NL80211_AUTHTYPE_FILS_SK_PFS: 5754 auth_alg = WLAN_AUTH_FILS_SK_PFS; 5755 break; 5756 case NL80211_AUTHTYPE_FILS_PK: 5757 auth_alg = WLAN_AUTH_FILS_PK; 5758 break; 5759 default: 5760 return -EOPNOTSUPP; 5761 } 5762 5763 if (ifmgd->assoc_data) 5764 return -EBUSY; 5765 5766 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len + 5767 req->ie_len, GFP_KERNEL); 5768 if (!auth_data) 5769 return -ENOMEM; 5770 5771 auth_data->bss = req->bss; 5772 5773 if (req->auth_data_len >= 4) { 5774 if (req->auth_type == NL80211_AUTHTYPE_SAE) { 5775 __le16 *pos = (__le16 *) req->auth_data; 5776 5777 auth_data->sae_trans = le16_to_cpu(pos[0]); 5778 auth_data->sae_status = le16_to_cpu(pos[1]); 5779 } 5780 memcpy(auth_data->data, req->auth_data + 4, 5781 req->auth_data_len - 4); 5782 auth_data->data_len += req->auth_data_len - 4; 5783 } 5784 5785 /* Check if continuing authentication or trying to authenticate with the 5786 * same BSS that we were in the process of authenticating with and avoid 5787 * removal and re-addition of the STA entry in 5788 * ieee80211_prep_connection(). 5789 */ 5790 cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss; 5791 5792 if (req->ie && req->ie_len) { 5793 memcpy(&auth_data->data[auth_data->data_len], 5794 req->ie, req->ie_len); 5795 auth_data->data_len += req->ie_len; 5796 } 5797 5798 if (req->key && req->key_len) { 5799 auth_data->key_len = req->key_len; 5800 auth_data->key_idx = req->key_idx; 5801 memcpy(auth_data->key, req->key, req->key_len); 5802 } 5803 5804 auth_data->algorithm = auth_alg; 5805 5806 /* try to authenticate/probe */ 5807 5808 if (ifmgd->auth_data) { 5809 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) { 5810 auth_data->peer_confirmed = 5811 ifmgd->auth_data->peer_confirmed; 5812 } 5813 ieee80211_destroy_auth_data(sdata, cont_auth); 5814 } 5815 5816 /* prep auth_data so we don't go into idle on disassoc */ 5817 ifmgd->auth_data = auth_data; 5818 5819 /* If this is continuation of an ongoing SAE authentication exchange 5820 * (i.e., request to send SAE Confirm) and the peer has already 5821 * confirmed, mark authentication completed since we are about to send 5822 * out SAE Confirm. 5823 */ 5824 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE && 5825 auth_data->peer_confirmed && auth_data->sae_trans == 2) 5826 ieee80211_mark_sta_auth(sdata, req->bss->bssid); 5827 5828 if (ifmgd->associated) { 5829 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 5830 5831 sdata_info(sdata, 5832 "disconnect from AP %pM for new auth to %pM\n", 5833 ifmgd->bssid, req->bss->bssid); 5834 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 5835 WLAN_REASON_UNSPECIFIED, 5836 false, frame_buf); 5837 5838 ieee80211_report_disconnect(sdata, frame_buf, 5839 sizeof(frame_buf), true, 5840 WLAN_REASON_UNSPECIFIED, 5841 false); 5842 } 5843 5844 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); 5845 5846 err = ieee80211_prep_connection(sdata, req->bss, cont_auth, false); 5847 if (err) 5848 goto err_clear; 5849 5850 err = ieee80211_auth(sdata); 5851 if (err) { 5852 sta_info_destroy_addr(sdata, req->bss->bssid); 5853 goto err_clear; 5854 } 5855 5856 /* hold our own reference */ 5857 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss); 5858 return 0; 5859 5860 err_clear: 5861 eth_zero_addr(ifmgd->bssid); 5862 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 5863 ifmgd->auth_data = NULL; 5864 mutex_lock(&sdata->local->mtx); 5865 ieee80211_vif_release_channel(sdata); 5866 mutex_unlock(&sdata->local->mtx); 5867 kfree(auth_data); 5868 return err; 5869} 5870 5871int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 5872 struct cfg80211_assoc_request *req) 5873{ 5874 bool is_6ghz = req->bss->channel->band == NL80211_BAND_6GHZ; 5875 bool is_5ghz = req->bss->channel->band == NL80211_BAND_5GHZ; 5876 struct ieee80211_local *local = sdata->local; 5877 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 5878 struct ieee80211_bss *bss = (void *)req->bss->priv; 5879 struct ieee80211_mgd_assoc_data *assoc_data; 5880 const struct cfg80211_bss_ies *beacon_ies; 5881 struct ieee80211_supported_band *sband; 5882 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 5883 const struct element *ssid_elem, *ht_elem, *vht_elem; 5884 int i, err; 5885 bool override = false; 5886 5887 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL); 5888 if (!assoc_data) 5889 return -ENOMEM; 5890 5891 rcu_read_lock(); 5892 ssid_elem = ieee80211_bss_get_elem(req->bss, WLAN_EID_SSID); 5893 if (!ssid_elem || ssid_elem->datalen > sizeof(assoc_data->ssid)) { 5894 rcu_read_unlock(); 5895 kfree(assoc_data); 5896 return -EINVAL; 5897 } 5898 memcpy(assoc_data->ssid, ssid_elem->data, ssid_elem->datalen); 5899 assoc_data->ssid_len = ssid_elem->datalen; 5900 memcpy(bss_conf->ssid, assoc_data->ssid, assoc_data->ssid_len); 5901 bss_conf->ssid_len = assoc_data->ssid_len; 5902 rcu_read_unlock(); 5903 5904 if (ifmgd->associated) { 5905 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 5906 5907 sdata_info(sdata, 5908 "disconnect from AP %pM for new assoc to %pM\n", 5909 ifmgd->bssid, req->bss->bssid); 5910 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 5911 WLAN_REASON_UNSPECIFIED, 5912 false, frame_buf); 5913 5914 ieee80211_report_disconnect(sdata, frame_buf, 5915 sizeof(frame_buf), true, 5916 WLAN_REASON_UNSPECIFIED, 5917 false); 5918 } 5919 5920 if (ifmgd->auth_data && !ifmgd->auth_data->done) { 5921 err = -EBUSY; 5922 goto err_free; 5923 } 5924 5925 if (ifmgd->assoc_data) { 5926 err = -EBUSY; 5927 goto err_free; 5928 } 5929 5930 if (ifmgd->auth_data) { 5931 bool match; 5932 5933 /* keep sta info, bssid if matching */ 5934 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid); 5935 ieee80211_destroy_auth_data(sdata, match); 5936 } 5937 5938 /* prepare assoc data */ 5939 5940 ifmgd->beacon_crc_valid = false; 5941 5942 assoc_data->wmm = bss->wmm_used && 5943 (local->hw.queues >= IEEE80211_NUM_ACS); 5944 5945 /* 5946 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 5947 * We still associate in non-HT mode (11a/b/g) if any one of these 5948 * ciphers is configured as pairwise. 5949 * We can set this to true for non-11n hardware, that'll be checked 5950 * separately along with the peer capabilities. 5951 */ 5952 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) { 5953 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 5954 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 5955 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) { 5956 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 5957 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 5958 ifmgd->flags |= IEEE80211_STA_DISABLE_HE; 5959 ifmgd->flags |= IEEE80211_STA_DISABLE_EHT; 5960 netdev_info(sdata->dev, 5961 "disabling HT/VHT/HE due to WEP/TKIP use\n"); 5962 } 5963 } 5964 5965 sband = local->hw.wiphy->bands[req->bss->channel->band]; 5966 5967 /* also disable HT/VHT/HE/EHT if the AP doesn't use WMM */ 5968 if (!bss->wmm_used) { 5969 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 5970 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 5971 ifmgd->flags |= IEEE80211_STA_DISABLE_HE; 5972 ifmgd->flags |= IEEE80211_STA_DISABLE_EHT; 5973 netdev_info(sdata->dev, 5974 "disabling HT/VHT/HE as WMM/QoS is not supported by the AP\n"); 5975 } 5976 5977 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 5978 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 5979 sizeof(ifmgd->ht_capa_mask)); 5980 5981 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa)); 5982 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask, 5983 sizeof(ifmgd->vht_capa_mask)); 5984 5985 memcpy(&ifmgd->s1g_capa, &req->s1g_capa, sizeof(ifmgd->s1g_capa)); 5986 memcpy(&ifmgd->s1g_capa_mask, &req->s1g_capa_mask, 5987 sizeof(ifmgd->s1g_capa_mask)); 5988 5989 if (req->ie && req->ie_len) { 5990 memcpy(assoc_data->ie, req->ie, req->ie_len); 5991 assoc_data->ie_len = req->ie_len; 5992 } 5993 5994 if (req->fils_kek) { 5995 /* should already be checked in cfg80211 - so warn */ 5996 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) { 5997 err = -EINVAL; 5998 goto err_free; 5999 } 6000 memcpy(assoc_data->fils_kek, req->fils_kek, 6001 req->fils_kek_len); 6002 assoc_data->fils_kek_len = req->fils_kek_len; 6003 } 6004 6005 if (req->fils_nonces) 6006 memcpy(assoc_data->fils_nonces, req->fils_nonces, 6007 2 * FILS_NONCE_LEN); 6008 6009 assoc_data->bss = req->bss; 6010 assoc_data->capability = req->bss->capability; 6011 assoc_data->supp_rates = bss->supp_rates; 6012 assoc_data->supp_rates_len = bss->supp_rates_len; 6013 6014 rcu_read_lock(); 6015 ht_elem = ieee80211_bss_get_elem(req->bss, WLAN_EID_HT_OPERATION); 6016 if (ht_elem && ht_elem->datalen >= sizeof(struct ieee80211_ht_operation)) 6017 assoc_data->ap_ht_param = 6018 ((struct ieee80211_ht_operation *)(ht_elem->data))->ht_param; 6019 else if (!is_6ghz) 6020 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 6021 vht_elem = ieee80211_bss_get_elem(req->bss, WLAN_EID_VHT_CAPABILITY); 6022 if (vht_elem && vht_elem->datalen >= sizeof(struct ieee80211_vht_cap)) { 6023 memcpy(&assoc_data->ap_vht_cap, vht_elem->data, 6024 sizeof(struct ieee80211_vht_cap)); 6025 } else if (is_5ghz) { 6026 sdata_info(sdata, 6027 "VHT capa missing/short, disabling VHT/HE/EHT\n"); 6028 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT | 6029 IEEE80211_STA_DISABLE_HE | 6030 IEEE80211_STA_DISABLE_EHT; 6031 } 6032 rcu_read_unlock(); 6033 6034 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) && 6035 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK), 6036 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n")) 6037 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD; 6038 6039 if (bss->wmm_used && bss->uapsd_supported && 6040 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) { 6041 assoc_data->uapsd = true; 6042 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 6043 } else { 6044 assoc_data->uapsd = false; 6045 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 6046 } 6047 6048 if (req->prev_bssid) 6049 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN); 6050 6051 if (req->use_mfp) { 6052 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 6053 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED; 6054 } else { 6055 ifmgd->mfp = IEEE80211_MFP_DISABLED; 6056 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED; 6057 } 6058 6059 if (req->flags & ASSOC_REQ_USE_RRM) 6060 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM; 6061 else 6062 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM; 6063 6064 if (req->crypto.control_port) 6065 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT; 6066 else 6067 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 6068 6069 sdata->control_port_protocol = req->crypto.control_port_ethertype; 6070 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 6071 sdata->control_port_over_nl80211 = 6072 req->crypto.control_port_over_nl80211; 6073 sdata->control_port_no_preauth = req->crypto.control_port_no_preauth; 6074 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto, 6075 sdata->vif.type); 6076 6077 /* kick off associate process */ 6078 6079 ifmgd->assoc_data = assoc_data; 6080 ifmgd->dtim_period = 0; 6081 ifmgd->have_beacon = false; 6082 6083 /* override HT/VHT configuration only if the AP and we support it */ 6084 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) { 6085 struct ieee80211_sta_ht_cap sta_ht_cap; 6086 6087 if (req->flags & ASSOC_REQ_DISABLE_HT) 6088 override = true; 6089 6090 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap)); 6091 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap); 6092 6093 /* check for 40 MHz disable override */ 6094 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ) && 6095 sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 && 6096 !(sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)) 6097 override = true; 6098 6099 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && 6100 req->flags & ASSOC_REQ_DISABLE_VHT) 6101 override = true; 6102 } 6103 6104 if (req->flags & ASSOC_REQ_DISABLE_HT) { 6105 mlme_dbg(sdata, "HT disabled by flag, disabling HT/VHT/HE\n"); 6106 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 6107 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 6108 ifmgd->flags |= IEEE80211_STA_DISABLE_HE; 6109 ifmgd->flags |= IEEE80211_STA_DISABLE_EHT; 6110 } 6111 6112 if (req->flags & ASSOC_REQ_DISABLE_VHT) { 6113 mlme_dbg(sdata, "VHT disabled by flag, disabling VHT\n"); 6114 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 6115 } 6116 6117 if (req->flags & ASSOC_REQ_DISABLE_HE) { 6118 mlme_dbg(sdata, "HE disabled by flag, disabling HE/EHT\n"); 6119 ifmgd->flags |= IEEE80211_STA_DISABLE_HE; 6120 ifmgd->flags |= IEEE80211_STA_DISABLE_EHT; 6121 } 6122 6123 if (req->flags & ASSOC_REQ_DISABLE_EHT) 6124 ifmgd->flags |= IEEE80211_STA_DISABLE_EHT; 6125 6126 err = ieee80211_prep_connection(sdata, req->bss, true, override); 6127 if (err) 6128 goto err_clear; 6129 6130 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 6131 if (ifmgd->powersave) 6132 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC; 6133 else 6134 sdata->smps_mode = IEEE80211_SMPS_OFF; 6135 } else { 6136 sdata->smps_mode = ifmgd->req_smps; 6137 } 6138 6139 rcu_read_lock(); 6140 beacon_ies = rcu_dereference(req->bss->beacon_ies); 6141 6142 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC) && 6143 !beacon_ies) { 6144 /* 6145 * Wait up to one beacon interval ... 6146 * should this be more if we miss one? 6147 */ 6148 sdata_info(sdata, "waiting for beacon from %pM\n", 6149 ifmgd->bssid); 6150 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval); 6151 assoc_data->timeout_started = true; 6152 assoc_data->need_beacon = true; 6153 } else if (beacon_ies) { 6154 const struct element *elem; 6155 u8 dtim_count = 0; 6156 6157 ieee80211_get_dtim(beacon_ies, &dtim_count, 6158 &ifmgd->dtim_period); 6159 6160 ifmgd->have_beacon = true; 6161 assoc_data->timeout = jiffies; 6162 assoc_data->timeout_started = true; 6163 6164 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) { 6165 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf; 6166 sdata->vif.bss_conf.sync_device_ts = 6167 bss->device_ts_beacon; 6168 sdata->vif.bss_conf.sync_dtim_count = dtim_count; 6169 } 6170 6171 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION, 6172 beacon_ies->data, beacon_ies->len); 6173 if (elem && elem->datalen >= 3) 6174 sdata->vif.bss_conf.profile_periodicity = elem->data[2]; 6175 else 6176 sdata->vif.bss_conf.profile_periodicity = 0; 6177 6178 elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY, 6179 beacon_ies->data, beacon_ies->len); 6180 if (elem && elem->datalen >= 11 && 6181 (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT)) 6182 sdata->vif.bss_conf.ema_ap = true; 6183 else 6184 sdata->vif.bss_conf.ema_ap = false; 6185 } else { 6186 assoc_data->timeout = jiffies; 6187 assoc_data->timeout_started = true; 6188 } 6189 rcu_read_unlock(); 6190 6191 run_again(sdata, assoc_data->timeout); 6192 6193 if (bss->corrupt_data) { 6194 char *corrupt_type = "data"; 6195 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) { 6196 if (bss->corrupt_data & 6197 IEEE80211_BSS_CORRUPT_PROBE_RESP) 6198 corrupt_type = "beacon and probe response"; 6199 else 6200 corrupt_type = "beacon"; 6201 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP) 6202 corrupt_type = "probe response"; 6203 sdata_info(sdata, "associating with AP with corrupt %s\n", 6204 corrupt_type); 6205 } 6206 6207 return 0; 6208 err_clear: 6209 eth_zero_addr(ifmgd->bssid); 6210 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 6211 ifmgd->assoc_data = NULL; 6212 err_free: 6213 kfree(assoc_data); 6214 return err; 6215} 6216 6217int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 6218 struct cfg80211_deauth_request *req) 6219{ 6220 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 6221 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 6222 bool tx = !req->local_state_change; 6223 struct ieee80211_prep_tx_info info = { 6224 .subtype = IEEE80211_STYPE_DEAUTH, 6225 }; 6226 6227 if (ifmgd->auth_data && 6228 ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) { 6229 sdata_info(sdata, 6230 "aborting authentication with %pM by local choice (Reason: %u=%s)\n", 6231 req->bssid, req->reason_code, 6232 ieee80211_get_reason_code_string(req->reason_code)); 6233 6234 drv_mgd_prepare_tx(sdata->local, sdata, &info); 6235 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid, 6236 IEEE80211_STYPE_DEAUTH, 6237 req->reason_code, tx, 6238 frame_buf); 6239 ieee80211_destroy_auth_data(sdata, false); 6240 ieee80211_report_disconnect(sdata, frame_buf, 6241 sizeof(frame_buf), true, 6242 req->reason_code, false); 6243 drv_mgd_complete_tx(sdata->local, sdata, &info); 6244 return 0; 6245 } 6246 6247 if (ifmgd->assoc_data && 6248 ether_addr_equal(ifmgd->assoc_data->bss->bssid, req->bssid)) { 6249 sdata_info(sdata, 6250 "aborting association with %pM by local choice (Reason: %u=%s)\n", 6251 req->bssid, req->reason_code, 6252 ieee80211_get_reason_code_string(req->reason_code)); 6253 6254 drv_mgd_prepare_tx(sdata->local, sdata, &info); 6255 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid, 6256 IEEE80211_STYPE_DEAUTH, 6257 req->reason_code, tx, 6258 frame_buf); 6259 ieee80211_destroy_assoc_data(sdata, false, true); 6260 ieee80211_report_disconnect(sdata, frame_buf, 6261 sizeof(frame_buf), true, 6262 req->reason_code, false); 6263 return 0; 6264 } 6265 6266 if (ifmgd->associated && 6267 ether_addr_equal(ifmgd->bssid, req->bssid)) { 6268 sdata_info(sdata, 6269 "deauthenticating from %pM by local choice (Reason: %u=%s)\n", 6270 req->bssid, req->reason_code, 6271 ieee80211_get_reason_code_string(req->reason_code)); 6272 6273 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 6274 req->reason_code, tx, frame_buf); 6275 ieee80211_report_disconnect(sdata, frame_buf, 6276 sizeof(frame_buf), true, 6277 req->reason_code, false); 6278 drv_mgd_complete_tx(sdata->local, sdata, &info); 6279 return 0; 6280 } 6281 6282 return -ENOTCONN; 6283} 6284 6285int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 6286 struct cfg80211_disassoc_request *req) 6287{ 6288 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 6289 u8 bssid[ETH_ALEN]; 6290 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 6291 6292 /* 6293 * cfg80211 should catch this ... but it's racy since 6294 * we can receive a disassoc frame, process it, hand it 6295 * to cfg80211 while that's in a locked section already 6296 * trying to tell us that the user wants to disconnect. 6297 */ 6298 if (ifmgd->assoc_bss != req->bss) 6299 return -ENOLINK; 6300 6301 sdata_info(sdata, 6302 "disassociating from %pM by local choice (Reason: %u=%s)\n", 6303 req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code)); 6304 6305 memcpy(bssid, req->bss->bssid, ETH_ALEN); 6306 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC, 6307 req->reason_code, !req->local_state_change, 6308 frame_buf); 6309 6310 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true, 6311 req->reason_code, false); 6312 6313 return 0; 6314} 6315 6316void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) 6317{ 6318 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 6319 6320 /* 6321 * Make sure some work items will not run after this, 6322 * they will not do anything but might not have been 6323 * cancelled when disconnecting. 6324 */ 6325 cancel_work_sync(&ifmgd->monitor_work); 6326 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 6327 cancel_work_sync(&ifmgd->request_smps_work); 6328 cancel_work_sync(&ifmgd->csa_connection_drop_work); 6329 cancel_work_sync(&ifmgd->chswitch_work); 6330 cancel_delayed_work_sync(&ifmgd->tdls_peer_del_work); 6331 6332 sdata_lock(sdata); 6333 if (ifmgd->assoc_data) { 6334 struct cfg80211_bss *bss = ifmgd->assoc_data->bss; 6335 ieee80211_destroy_assoc_data(sdata, false, false); 6336 cfg80211_assoc_timeout(sdata->dev, bss); 6337 } 6338 if (ifmgd->auth_data) 6339 ieee80211_destroy_auth_data(sdata, false); 6340 spin_lock_bh(&ifmgd->teardown_lock); 6341 if (ifmgd->teardown_skb) { 6342 kfree_skb(ifmgd->teardown_skb); 6343 ifmgd->teardown_skb = NULL; 6344 ifmgd->orig_teardown_skb = NULL; 6345 } 6346 kfree(ifmgd->assoc_req_ies); 6347 ifmgd->assoc_req_ies = NULL; 6348 ifmgd->assoc_req_ies_len = 0; 6349 spin_unlock_bh(&ifmgd->teardown_lock); 6350 del_timer_sync(&ifmgd->timer); 6351 sdata_unlock(sdata); 6352} 6353 6354void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 6355 enum nl80211_cqm_rssi_threshold_event rssi_event, 6356 s32 rssi_level, 6357 gfp_t gfp) 6358{ 6359 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 6360 6361 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level); 6362 6363 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp); 6364} 6365EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); 6366 6367void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp) 6368{ 6369 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 6370 6371 trace_api_cqm_beacon_loss_notify(sdata->local, sdata); 6372 6373 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp); 6374} 6375EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify); 6376 6377static void _ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data *sdata, 6378 int rssi_min_thold, 6379 int rssi_max_thold) 6380{ 6381 trace_api_enable_rssi_reports(sdata, rssi_min_thold, rssi_max_thold); 6382 6383 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION)) 6384 return; 6385 6386 /* 6387 * Scale up threshold values before storing it, as the RSSI averaging 6388 * algorithm uses a scaled up value as well. Change this scaling 6389 * factor if the RSSI averaging algorithm changes. 6390 */ 6391 sdata->u.mgd.rssi_min_thold = rssi_min_thold*16; 6392 sdata->u.mgd.rssi_max_thold = rssi_max_thold*16; 6393} 6394 6395void ieee80211_enable_rssi_reports(struct ieee80211_vif *vif, 6396 int rssi_min_thold, 6397 int rssi_max_thold) 6398{ 6399 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 6400 6401 WARN_ON(rssi_min_thold == rssi_max_thold || 6402 rssi_min_thold > rssi_max_thold); 6403 6404 _ieee80211_enable_rssi_reports(sdata, rssi_min_thold, 6405 rssi_max_thold); 6406} 6407EXPORT_SYMBOL(ieee80211_enable_rssi_reports); 6408 6409void ieee80211_disable_rssi_reports(struct ieee80211_vif *vif) 6410{ 6411 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 6412 6413 _ieee80211_enable_rssi_reports(sdata, 0, 0); 6414} 6415EXPORT_SYMBOL(ieee80211_disable_rssi_reports);