scan.c (40409B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Scanning implementation 4 * 5 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> 6 * Copyright 2004, Instant802 Networks, Inc. 7 * Copyright 2005, Devicescape Software, Inc. 8 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 9 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 10 * Copyright 2013-2015 Intel Mobile Communications GmbH 11 * Copyright 2016-2017 Intel Deutschland GmbH 12 * Copyright (C) 2018-2021 Intel Corporation 13 */ 14 15#include <linux/if_arp.h> 16#include <linux/etherdevice.h> 17#include <linux/rtnetlink.h> 18#include <net/sch_generic.h> 19#include <linux/slab.h> 20#include <linux/export.h> 21#include <linux/random.h> 22#include <net/mac80211.h> 23 24#include "ieee80211_i.h" 25#include "driver-ops.h" 26#include "mesh.h" 27 28#define IEEE80211_PROBE_DELAY (HZ / 33) 29#define IEEE80211_CHANNEL_TIME (HZ / 33) 30#define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 9) 31 32void ieee80211_rx_bss_put(struct ieee80211_local *local, 33 struct ieee80211_bss *bss) 34{ 35 if (!bss) 36 return; 37 cfg80211_put_bss(local->hw.wiphy, 38 container_of((void *)bss, struct cfg80211_bss, priv)); 39} 40 41static bool is_uapsd_supported(struct ieee802_11_elems *elems) 42{ 43 u8 qos_info; 44 45 if (elems->wmm_info && elems->wmm_info_len == 7 46 && elems->wmm_info[5] == 1) 47 qos_info = elems->wmm_info[6]; 48 else if (elems->wmm_param && elems->wmm_param_len == 24 49 && elems->wmm_param[5] == 1) 50 qos_info = elems->wmm_param[6]; 51 else 52 /* no valid wmm information or parameter element found */ 53 return false; 54 55 return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD; 56} 57 58static void 59ieee80211_update_bss_from_elems(struct ieee80211_local *local, 60 struct ieee80211_bss *bss, 61 struct ieee802_11_elems *elems, 62 struct ieee80211_rx_status *rx_status, 63 bool beacon) 64{ 65 int clen, srlen; 66 67 if (beacon) 68 bss->device_ts_beacon = rx_status->device_timestamp; 69 else 70 bss->device_ts_presp = rx_status->device_timestamp; 71 72 if (elems->parse_error) { 73 if (beacon) 74 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON; 75 else 76 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_PROBE_RESP; 77 } else { 78 if (beacon) 79 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_BEACON; 80 else 81 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_PROBE_RESP; 82 } 83 84 /* save the ERP value so that it is available at association time */ 85 if (elems->erp_info && (!elems->parse_error || 86 !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) { 87 bss->erp_value = elems->erp_info[0]; 88 bss->has_erp_value = true; 89 if (!elems->parse_error) 90 bss->valid_data |= IEEE80211_BSS_VALID_ERP; 91 } 92 93 /* replace old supported rates if we get new values */ 94 if (!elems->parse_error || 95 !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) { 96 srlen = 0; 97 if (elems->supp_rates) { 98 clen = IEEE80211_MAX_SUPP_RATES; 99 if (clen > elems->supp_rates_len) 100 clen = elems->supp_rates_len; 101 memcpy(bss->supp_rates, elems->supp_rates, clen); 102 srlen += clen; 103 } 104 if (elems->ext_supp_rates) { 105 clen = IEEE80211_MAX_SUPP_RATES - srlen; 106 if (clen > elems->ext_supp_rates_len) 107 clen = elems->ext_supp_rates_len; 108 memcpy(bss->supp_rates + srlen, elems->ext_supp_rates, 109 clen); 110 srlen += clen; 111 } 112 if (srlen) { 113 bss->supp_rates_len = srlen; 114 if (!elems->parse_error) 115 bss->valid_data |= IEEE80211_BSS_VALID_RATES; 116 } 117 } 118 119 if (!elems->parse_error || 120 !(bss->valid_data & IEEE80211_BSS_VALID_WMM)) { 121 bss->wmm_used = elems->wmm_param || elems->wmm_info; 122 bss->uapsd_supported = is_uapsd_supported(elems); 123 if (!elems->parse_error) 124 bss->valid_data |= IEEE80211_BSS_VALID_WMM; 125 } 126 127 if (beacon) { 128 struct ieee80211_supported_band *sband = 129 local->hw.wiphy->bands[rx_status->band]; 130 if (!(rx_status->encoding == RX_ENC_HT) && 131 !(rx_status->encoding == RX_ENC_VHT)) 132 bss->beacon_rate = 133 &sband->bitrates[rx_status->rate_idx]; 134 } 135 136 if (elems->vht_cap_elem) 137 bss->vht_cap_info = 138 le32_to_cpu(elems->vht_cap_elem->vht_cap_info); 139 else 140 bss->vht_cap_info = 0; 141} 142 143struct ieee80211_bss * 144ieee80211_bss_info_update(struct ieee80211_local *local, 145 struct ieee80211_rx_status *rx_status, 146 struct ieee80211_mgmt *mgmt, size_t len, 147 struct ieee80211_channel *channel) 148{ 149 bool beacon = ieee80211_is_beacon(mgmt->frame_control) || 150 ieee80211_is_s1g_beacon(mgmt->frame_control); 151 struct cfg80211_bss *cbss, *non_tx_cbss; 152 struct ieee80211_bss *bss, *non_tx_bss; 153 struct cfg80211_inform_bss bss_meta = { 154 .boottime_ns = rx_status->boottime_ns, 155 }; 156 bool signal_valid; 157 struct ieee80211_sub_if_data *scan_sdata; 158 struct ieee802_11_elems *elems; 159 size_t baselen; 160 u8 *elements; 161 162 if (rx_status->flag & RX_FLAG_NO_SIGNAL_VAL) 163 bss_meta.signal = 0; /* invalid signal indication */ 164 else if (ieee80211_hw_check(&local->hw, SIGNAL_DBM)) 165 bss_meta.signal = rx_status->signal * 100; 166 else if (ieee80211_hw_check(&local->hw, SIGNAL_UNSPEC)) 167 bss_meta.signal = (rx_status->signal * 100) / local->hw.max_signal; 168 169 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_20; 170 if (rx_status->bw == RATE_INFO_BW_5) 171 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_5; 172 else if (rx_status->bw == RATE_INFO_BW_10) 173 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_10; 174 175 bss_meta.chan = channel; 176 177 rcu_read_lock(); 178 scan_sdata = rcu_dereference(local->scan_sdata); 179 if (scan_sdata && scan_sdata->vif.type == NL80211_IFTYPE_STATION && 180 scan_sdata->vif.bss_conf.assoc && 181 ieee80211_have_rx_timestamp(rx_status)) { 182 bss_meta.parent_tsf = 183 ieee80211_calculate_rx_timestamp(local, rx_status, 184 len + FCS_LEN, 24); 185 ether_addr_copy(bss_meta.parent_bssid, 186 scan_sdata->vif.bss_conf.bssid); 187 } 188 rcu_read_unlock(); 189 190 cbss = cfg80211_inform_bss_frame_data(local->hw.wiphy, &bss_meta, 191 mgmt, len, GFP_ATOMIC); 192 if (!cbss) 193 return NULL; 194 195 if (ieee80211_is_probe_resp(mgmt->frame_control)) { 196 elements = mgmt->u.probe_resp.variable; 197 baselen = offsetof(struct ieee80211_mgmt, 198 u.probe_resp.variable); 199 } else if (ieee80211_is_s1g_beacon(mgmt->frame_control)) { 200 struct ieee80211_ext *ext = (void *) mgmt; 201 202 baselen = offsetof(struct ieee80211_ext, u.s1g_beacon.variable); 203 elements = ext->u.s1g_beacon.variable; 204 } else { 205 baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable); 206 elements = mgmt->u.beacon.variable; 207 } 208 209 if (baselen > len) 210 return NULL; 211 212 elems = ieee802_11_parse_elems(elements, len - baselen, false, 213 mgmt->bssid, cbss->bssid); 214 if (!elems) 215 return NULL; 216 217 /* In case the signal is invalid update the status */ 218 signal_valid = channel == cbss->channel; 219 if (!signal_valid) 220 rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL; 221 222 bss = (void *)cbss->priv; 223 ieee80211_update_bss_from_elems(local, bss, elems, rx_status, beacon); 224 225 list_for_each_entry(non_tx_cbss, &cbss->nontrans_list, nontrans_list) { 226 non_tx_bss = (void *)non_tx_cbss->priv; 227 228 ieee80211_update_bss_from_elems(local, non_tx_bss, elems, 229 rx_status, beacon); 230 } 231 232 kfree(elems); 233 234 return bss; 235} 236 237static bool ieee80211_scan_accept_presp(struct ieee80211_sub_if_data *sdata, 238 u32 scan_flags, const u8 *da) 239{ 240 if (!sdata) 241 return false; 242 /* accept broadcast for OCE */ 243 if (scan_flags & NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP && 244 is_broadcast_ether_addr(da)) 245 return true; 246 if (scan_flags & NL80211_SCAN_FLAG_RANDOM_ADDR) 247 return true; 248 return ether_addr_equal(da, sdata->vif.addr); 249} 250 251void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb) 252{ 253 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 254 struct ieee80211_sub_if_data *sdata1, *sdata2; 255 struct ieee80211_mgmt *mgmt = (void *)skb->data; 256 struct ieee80211_bss *bss; 257 struct ieee80211_channel *channel; 258 size_t min_hdr_len = offsetof(struct ieee80211_mgmt, 259 u.probe_resp.variable); 260 261 if (!ieee80211_is_probe_resp(mgmt->frame_control) && 262 !ieee80211_is_beacon(mgmt->frame_control) && 263 !ieee80211_is_s1g_beacon(mgmt->frame_control)) 264 return; 265 266 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) { 267 if (ieee80211_is_s1g_short_beacon(mgmt->frame_control)) 268 min_hdr_len = offsetof(struct ieee80211_ext, 269 u.s1g_short_beacon.variable); 270 else 271 min_hdr_len = offsetof(struct ieee80211_ext, 272 u.s1g_beacon); 273 } 274 275 if (skb->len < min_hdr_len) 276 return; 277 278 sdata1 = rcu_dereference(local->scan_sdata); 279 sdata2 = rcu_dereference(local->sched_scan_sdata); 280 281 if (likely(!sdata1 && !sdata2)) 282 return; 283 284 if (test_and_clear_bit(SCAN_BEACON_WAIT, &local->scanning)) { 285 /* 286 * we were passive scanning because of radar/no-IR, but 287 * the beacon/proberesp rx gives us an opportunity to upgrade 288 * to active scan 289 */ 290 set_bit(SCAN_BEACON_DONE, &local->scanning); 291 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0); 292 } 293 294 if (ieee80211_is_probe_resp(mgmt->frame_control)) { 295 struct cfg80211_scan_request *scan_req; 296 struct cfg80211_sched_scan_request *sched_scan_req; 297 u32 scan_req_flags = 0, sched_scan_req_flags = 0; 298 299 scan_req = rcu_dereference(local->scan_req); 300 sched_scan_req = rcu_dereference(local->sched_scan_req); 301 302 if (scan_req) 303 scan_req_flags = scan_req->flags; 304 305 if (sched_scan_req) 306 sched_scan_req_flags = sched_scan_req->flags; 307 308 /* ignore ProbeResp to foreign address or non-bcast (OCE) 309 * unless scanning with randomised address 310 */ 311 if (!ieee80211_scan_accept_presp(sdata1, scan_req_flags, 312 mgmt->da) && 313 !ieee80211_scan_accept_presp(sdata2, sched_scan_req_flags, 314 mgmt->da)) 315 return; 316 } 317 318 channel = ieee80211_get_channel_khz(local->hw.wiphy, 319 ieee80211_rx_status_to_khz(rx_status)); 320 321 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 322 return; 323 324 bss = ieee80211_bss_info_update(local, rx_status, 325 mgmt, skb->len, 326 channel); 327 if (bss) 328 ieee80211_rx_bss_put(local, bss); 329} 330 331static void 332ieee80211_prepare_scan_chandef(struct cfg80211_chan_def *chandef, 333 enum nl80211_bss_scan_width scan_width) 334{ 335 memset(chandef, 0, sizeof(*chandef)); 336 switch (scan_width) { 337 case NL80211_BSS_CHAN_WIDTH_5: 338 chandef->width = NL80211_CHAN_WIDTH_5; 339 break; 340 case NL80211_BSS_CHAN_WIDTH_10: 341 chandef->width = NL80211_CHAN_WIDTH_10; 342 break; 343 default: 344 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 345 break; 346 } 347} 348 349/* return false if no more work */ 350static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata) 351{ 352 struct ieee80211_local *local = sdata->local; 353 struct cfg80211_scan_request *req; 354 struct cfg80211_chan_def chandef; 355 u8 bands_used = 0; 356 int i, ielen, n_chans; 357 u32 flags = 0; 358 359 req = rcu_dereference_protected(local->scan_req, 360 lockdep_is_held(&local->mtx)); 361 362 if (test_bit(SCAN_HW_CANCELLED, &local->scanning)) 363 return false; 364 365 if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { 366 for (i = 0; i < req->n_channels; i++) { 367 local->hw_scan_req->req.channels[i] = req->channels[i]; 368 bands_used |= BIT(req->channels[i]->band); 369 } 370 371 n_chans = req->n_channels; 372 } else { 373 do { 374 if (local->hw_scan_band == NUM_NL80211_BANDS) 375 return false; 376 377 n_chans = 0; 378 379 for (i = 0; i < req->n_channels; i++) { 380 if (req->channels[i]->band != 381 local->hw_scan_band) 382 continue; 383 local->hw_scan_req->req.channels[n_chans] = 384 req->channels[i]; 385 n_chans++; 386 bands_used |= BIT(req->channels[i]->band); 387 } 388 389 local->hw_scan_band++; 390 } while (!n_chans); 391 } 392 393 local->hw_scan_req->req.n_channels = n_chans; 394 ieee80211_prepare_scan_chandef(&chandef, req->scan_width); 395 396 if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) 397 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; 398 399 ielen = ieee80211_build_preq_ies(sdata, 400 (u8 *)local->hw_scan_req->req.ie, 401 local->hw_scan_ies_bufsize, 402 &local->hw_scan_req->ies, 403 req->ie, req->ie_len, 404 bands_used, req->rates, &chandef, 405 flags); 406 local->hw_scan_req->req.ie_len = ielen; 407 local->hw_scan_req->req.no_cck = req->no_cck; 408 ether_addr_copy(local->hw_scan_req->req.mac_addr, req->mac_addr); 409 ether_addr_copy(local->hw_scan_req->req.mac_addr_mask, 410 req->mac_addr_mask); 411 ether_addr_copy(local->hw_scan_req->req.bssid, req->bssid); 412 413 return true; 414} 415 416static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) 417{ 418 struct ieee80211_local *local = hw_to_local(hw); 419 bool hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning); 420 bool was_scanning = local->scanning; 421 struct cfg80211_scan_request *scan_req; 422 struct ieee80211_sub_if_data *scan_sdata; 423 struct ieee80211_sub_if_data *sdata; 424 425 lockdep_assert_held(&local->mtx); 426 427 /* 428 * It's ok to abort a not-yet-running scan (that 429 * we have one at all will be verified by checking 430 * local->scan_req next), but not to complete it 431 * successfully. 432 */ 433 if (WARN_ON(!local->scanning && !aborted)) 434 aborted = true; 435 436 if (WARN_ON(!local->scan_req)) 437 return; 438 439 scan_sdata = rcu_dereference_protected(local->scan_sdata, 440 lockdep_is_held(&local->mtx)); 441 442 if (hw_scan && !aborted && 443 !ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS) && 444 ieee80211_prep_hw_scan(scan_sdata)) { 445 int rc; 446 447 rc = drv_hw_scan(local, 448 rcu_dereference_protected(local->scan_sdata, 449 lockdep_is_held(&local->mtx)), 450 local->hw_scan_req); 451 452 if (rc == 0) 453 return; 454 455 /* HW scan failed and is going to be reported as aborted, 456 * so clear old scan info. 457 */ 458 memset(&local->scan_info, 0, sizeof(local->scan_info)); 459 aborted = true; 460 } 461 462 kfree(local->hw_scan_req); 463 local->hw_scan_req = NULL; 464 465 scan_req = rcu_dereference_protected(local->scan_req, 466 lockdep_is_held(&local->mtx)); 467 468 if (scan_req != local->int_scan_req) { 469 local->scan_info.aborted = aborted; 470 cfg80211_scan_done(scan_req, &local->scan_info); 471 } 472 RCU_INIT_POINTER(local->scan_req, NULL); 473 RCU_INIT_POINTER(local->scan_sdata, NULL); 474 475 local->scanning = 0; 476 local->scan_chandef.chan = NULL; 477 478 /* Set power back to normal operating levels. */ 479 ieee80211_hw_config(local, 0); 480 481 if (!hw_scan) { 482 ieee80211_configure_filter(local); 483 drv_sw_scan_complete(local, scan_sdata); 484 ieee80211_offchannel_return(local); 485 } 486 487 ieee80211_recalc_idle(local); 488 489 ieee80211_mlme_notify_scan_completed(local); 490 ieee80211_ibss_notify_scan_completed(local); 491 492 /* Requeue all the work that might have been ignored while 493 * the scan was in progress; if there was none this will 494 * just be a no-op for the particular interface. 495 */ 496 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 497 if (ieee80211_sdata_running(sdata)) 498 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 499 } 500 501 if (was_scanning) 502 ieee80211_start_next_roc(local); 503} 504 505void ieee80211_scan_completed(struct ieee80211_hw *hw, 506 struct cfg80211_scan_info *info) 507{ 508 struct ieee80211_local *local = hw_to_local(hw); 509 510 trace_api_scan_completed(local, info->aborted); 511 512 set_bit(SCAN_COMPLETED, &local->scanning); 513 if (info->aborted) 514 set_bit(SCAN_ABORTED, &local->scanning); 515 516 memcpy(&local->scan_info, info, sizeof(*info)); 517 518 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0); 519} 520EXPORT_SYMBOL(ieee80211_scan_completed); 521 522static int ieee80211_start_sw_scan(struct ieee80211_local *local, 523 struct ieee80211_sub_if_data *sdata) 524{ 525 /* Software scan is not supported in multi-channel cases */ 526 if (local->use_chanctx) 527 return -EOPNOTSUPP; 528 529 /* 530 * Hardware/driver doesn't support hw_scan, so use software 531 * scanning instead. First send a nullfunc frame with power save 532 * bit on so that AP will buffer the frames for us while we are not 533 * listening, then send probe requests to each channel and wait for 534 * the responses. After all channels are scanned, tune back to the 535 * original channel and send a nullfunc frame with power save bit 536 * off to trigger the AP to send us all the buffered frames. 537 * 538 * Note that while local->sw_scanning is true everything else but 539 * nullfunc frames and probe requests will be dropped in 540 * ieee80211_tx_h_check_assoc(). 541 */ 542 drv_sw_scan_start(local, sdata, local->scan_addr); 543 544 local->leave_oper_channel_time = jiffies; 545 local->next_scan_state = SCAN_DECISION; 546 local->scan_channel_idx = 0; 547 548 ieee80211_offchannel_stop_vifs(local); 549 550 /* ensure nullfunc is transmitted before leaving operating channel */ 551 ieee80211_flush_queues(local, NULL, false); 552 553 ieee80211_configure_filter(local); 554 555 /* We need to set power level at maximum rate for scanning. */ 556 ieee80211_hw_config(local, 0); 557 558 ieee80211_queue_delayed_work(&local->hw, 559 &local->scan_work, 0); 560 561 return 0; 562} 563 564static bool __ieee80211_can_leave_ch(struct ieee80211_sub_if_data *sdata) 565{ 566 struct ieee80211_local *local = sdata->local; 567 struct ieee80211_sub_if_data *sdata_iter; 568 569 if (!ieee80211_is_radar_required(local)) 570 return true; 571 572 if (!regulatory_pre_cac_allowed(local->hw.wiphy)) 573 return false; 574 575 mutex_lock(&local->iflist_mtx); 576 list_for_each_entry(sdata_iter, &local->interfaces, list) { 577 if (sdata_iter->wdev.cac_started) { 578 mutex_unlock(&local->iflist_mtx); 579 return false; 580 } 581 } 582 mutex_unlock(&local->iflist_mtx); 583 584 return true; 585} 586 587static bool ieee80211_can_scan(struct ieee80211_local *local, 588 struct ieee80211_sub_if_data *sdata) 589{ 590 if (!__ieee80211_can_leave_ch(sdata)) 591 return false; 592 593 if (!list_empty(&local->roc_list)) 594 return false; 595 596 if (sdata->vif.type == NL80211_IFTYPE_STATION && 597 sdata->u.mgd.flags & IEEE80211_STA_CONNECTION_POLL) 598 return false; 599 600 return true; 601} 602 603void ieee80211_run_deferred_scan(struct ieee80211_local *local) 604{ 605 lockdep_assert_held(&local->mtx); 606 607 if (!local->scan_req || local->scanning) 608 return; 609 610 if (!ieee80211_can_scan(local, 611 rcu_dereference_protected( 612 local->scan_sdata, 613 lockdep_is_held(&local->mtx)))) 614 return; 615 616 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 617 round_jiffies_relative(0)); 618} 619 620static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata, 621 const u8 *src, const u8 *dst, 622 const u8 *ssid, size_t ssid_len, 623 const u8 *ie, size_t ie_len, 624 u32 ratemask, u32 flags, u32 tx_flags, 625 struct ieee80211_channel *channel) 626{ 627 struct sk_buff *skb; 628 629 skb = ieee80211_build_probe_req(sdata, src, dst, ratemask, channel, 630 ssid, ssid_len, 631 ie, ie_len, flags); 632 633 if (skb) { 634 if (flags & IEEE80211_PROBE_FLAG_RANDOM_SN) { 635 struct ieee80211_hdr *hdr = (void *)skb->data; 636 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 637 u16 sn = get_random_u32(); 638 639 info->control.flags |= IEEE80211_TX_CTRL_NO_SEQNO; 640 hdr->seq_ctrl = 641 cpu_to_le16(IEEE80211_SN_TO_SEQ(sn)); 642 } 643 IEEE80211_SKB_CB(skb)->flags |= tx_flags; 644 ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band); 645 } 646} 647 648static void ieee80211_scan_state_send_probe(struct ieee80211_local *local, 649 unsigned long *next_delay) 650{ 651 int i; 652 struct ieee80211_sub_if_data *sdata; 653 struct cfg80211_scan_request *scan_req; 654 enum nl80211_band band = local->hw.conf.chandef.chan->band; 655 u32 flags = 0, tx_flags; 656 657 scan_req = rcu_dereference_protected(local->scan_req, 658 lockdep_is_held(&local->mtx)); 659 660 tx_flags = IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 661 if (scan_req->no_cck) 662 tx_flags |= IEEE80211_TX_CTL_NO_CCK_RATE; 663 if (scan_req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) 664 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; 665 if (scan_req->flags & NL80211_SCAN_FLAG_RANDOM_SN) 666 flags |= IEEE80211_PROBE_FLAG_RANDOM_SN; 667 668 sdata = rcu_dereference_protected(local->scan_sdata, 669 lockdep_is_held(&local->mtx)); 670 671 for (i = 0; i < scan_req->n_ssids; i++) 672 ieee80211_send_scan_probe_req( 673 sdata, local->scan_addr, scan_req->bssid, 674 scan_req->ssids[i].ssid, scan_req->ssids[i].ssid_len, 675 scan_req->ie, scan_req->ie_len, 676 scan_req->rates[band], flags, 677 tx_flags, local->hw.conf.chandef.chan); 678 679 /* 680 * After sending probe requests, wait for probe responses 681 * on the channel. 682 */ 683 *next_delay = IEEE80211_CHANNEL_TIME; 684 local->next_scan_state = SCAN_DECISION; 685} 686 687static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata, 688 struct cfg80211_scan_request *req) 689{ 690 struct ieee80211_local *local = sdata->local; 691 bool hw_scan = local->ops->hw_scan; 692 int rc; 693 694 lockdep_assert_held(&local->mtx); 695 696 if (local->scan_req) 697 return -EBUSY; 698 699 if (!__ieee80211_can_leave_ch(sdata)) 700 return -EBUSY; 701 702 if (!ieee80211_can_scan(local, sdata)) { 703 /* wait for the work to finish/time out */ 704 rcu_assign_pointer(local->scan_req, req); 705 rcu_assign_pointer(local->scan_sdata, sdata); 706 return 0; 707 } 708 709 again: 710 if (hw_scan) { 711 u8 *ies; 712 713 local->hw_scan_ies_bufsize = local->scan_ies_len + req->ie_len; 714 715 if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { 716 int i, n_bands = 0; 717 u8 bands_counted = 0; 718 719 for (i = 0; i < req->n_channels; i++) { 720 if (bands_counted & BIT(req->channels[i]->band)) 721 continue; 722 bands_counted |= BIT(req->channels[i]->band); 723 n_bands++; 724 } 725 726 local->hw_scan_ies_bufsize *= n_bands; 727 } 728 729 local->hw_scan_req = kmalloc( 730 sizeof(*local->hw_scan_req) + 731 req->n_channels * sizeof(req->channels[0]) + 732 local->hw_scan_ies_bufsize, GFP_KERNEL); 733 if (!local->hw_scan_req) 734 return -ENOMEM; 735 736 local->hw_scan_req->req.ssids = req->ssids; 737 local->hw_scan_req->req.n_ssids = req->n_ssids; 738 ies = (u8 *)local->hw_scan_req + 739 sizeof(*local->hw_scan_req) + 740 req->n_channels * sizeof(req->channels[0]); 741 local->hw_scan_req->req.ie = ies; 742 local->hw_scan_req->req.flags = req->flags; 743 eth_broadcast_addr(local->hw_scan_req->req.bssid); 744 local->hw_scan_req->req.duration = req->duration; 745 local->hw_scan_req->req.duration_mandatory = 746 req->duration_mandatory; 747 748 local->hw_scan_band = 0; 749 local->hw_scan_req->req.n_6ghz_params = req->n_6ghz_params; 750 local->hw_scan_req->req.scan_6ghz_params = 751 req->scan_6ghz_params; 752 local->hw_scan_req->req.scan_6ghz = req->scan_6ghz; 753 754 /* 755 * After allocating local->hw_scan_req, we must 756 * go through until ieee80211_prep_hw_scan(), so 757 * anything that might be changed here and leave 758 * this function early must not go after this 759 * allocation. 760 */ 761 } 762 763 rcu_assign_pointer(local->scan_req, req); 764 rcu_assign_pointer(local->scan_sdata, sdata); 765 766 if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) 767 get_random_mask_addr(local->scan_addr, 768 req->mac_addr, 769 req->mac_addr_mask); 770 else 771 memcpy(local->scan_addr, sdata->vif.addr, ETH_ALEN); 772 773 if (hw_scan) { 774 __set_bit(SCAN_HW_SCANNING, &local->scanning); 775 } else if ((req->n_channels == 1) && 776 (req->channels[0] == local->_oper_chandef.chan)) { 777 /* 778 * If we are scanning only on the operating channel 779 * then we do not need to stop normal activities 780 */ 781 unsigned long next_delay; 782 783 __set_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning); 784 785 ieee80211_recalc_idle(local); 786 787 /* Notify driver scan is starting, keep order of operations 788 * same as normal software scan, in case that matters. */ 789 drv_sw_scan_start(local, sdata, local->scan_addr); 790 791 ieee80211_configure_filter(local); /* accept probe-responses */ 792 793 /* We need to ensure power level is at max for scanning. */ 794 ieee80211_hw_config(local, 0); 795 796 if ((req->channels[0]->flags & (IEEE80211_CHAN_NO_IR | 797 IEEE80211_CHAN_RADAR)) || 798 !req->n_ssids) { 799 next_delay = IEEE80211_PASSIVE_CHANNEL_TIME; 800 if (req->n_ssids) 801 set_bit(SCAN_BEACON_WAIT, &local->scanning); 802 } else { 803 ieee80211_scan_state_send_probe(local, &next_delay); 804 next_delay = IEEE80211_CHANNEL_TIME; 805 } 806 807 /* Now, just wait a bit and we are all done! */ 808 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 809 next_delay); 810 return 0; 811 } else { 812 /* Do normal software scan */ 813 __set_bit(SCAN_SW_SCANNING, &local->scanning); 814 } 815 816 ieee80211_recalc_idle(local); 817 818 if (hw_scan) { 819 WARN_ON(!ieee80211_prep_hw_scan(sdata)); 820 rc = drv_hw_scan(local, sdata, local->hw_scan_req); 821 } else { 822 rc = ieee80211_start_sw_scan(local, sdata); 823 } 824 825 if (rc) { 826 kfree(local->hw_scan_req); 827 local->hw_scan_req = NULL; 828 local->scanning = 0; 829 830 ieee80211_recalc_idle(local); 831 832 local->scan_req = NULL; 833 RCU_INIT_POINTER(local->scan_sdata, NULL); 834 } 835 836 if (hw_scan && rc == 1) { 837 /* 838 * we can't fall back to software for P2P-GO 839 * as it must update NoA etc. 840 */ 841 if (ieee80211_vif_type_p2p(&sdata->vif) == 842 NL80211_IFTYPE_P2P_GO) 843 return -EOPNOTSUPP; 844 hw_scan = false; 845 goto again; 846 } 847 848 return rc; 849} 850 851static unsigned long 852ieee80211_scan_get_channel_time(struct ieee80211_channel *chan) 853{ 854 /* 855 * TODO: channel switching also consumes quite some time, 856 * add that delay as well to get a better estimation 857 */ 858 if (chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) 859 return IEEE80211_PASSIVE_CHANNEL_TIME; 860 return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME; 861} 862 863static void ieee80211_scan_state_decision(struct ieee80211_local *local, 864 unsigned long *next_delay) 865{ 866 bool associated = false; 867 bool tx_empty = true; 868 bool bad_latency; 869 struct ieee80211_sub_if_data *sdata; 870 struct ieee80211_channel *next_chan; 871 enum mac80211_scan_state next_scan_state; 872 struct cfg80211_scan_request *scan_req; 873 874 /* 875 * check if at least one STA interface is associated, 876 * check if at least one STA interface has pending tx frames 877 * and grab the lowest used beacon interval 878 */ 879 mutex_lock(&local->iflist_mtx); 880 list_for_each_entry(sdata, &local->interfaces, list) { 881 if (!ieee80211_sdata_running(sdata)) 882 continue; 883 884 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 885 if (sdata->u.mgd.associated) { 886 associated = true; 887 888 if (!qdisc_all_tx_empty(sdata->dev)) { 889 tx_empty = false; 890 break; 891 } 892 } 893 } 894 } 895 mutex_unlock(&local->iflist_mtx); 896 897 scan_req = rcu_dereference_protected(local->scan_req, 898 lockdep_is_held(&local->mtx)); 899 900 next_chan = scan_req->channels[local->scan_channel_idx]; 901 902 /* 903 * we're currently scanning a different channel, let's 904 * see if we can scan another channel without interfering 905 * with the current traffic situation. 906 * 907 * Keep good latency, do not stay off-channel more than 125 ms. 908 */ 909 910 bad_latency = time_after(jiffies + 911 ieee80211_scan_get_channel_time(next_chan), 912 local->leave_oper_channel_time + HZ / 8); 913 914 if (associated && !tx_empty) { 915 if (scan_req->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) 916 next_scan_state = SCAN_ABORT; 917 else 918 next_scan_state = SCAN_SUSPEND; 919 } else if (associated && bad_latency) { 920 next_scan_state = SCAN_SUSPEND; 921 } else { 922 next_scan_state = SCAN_SET_CHANNEL; 923 } 924 925 local->next_scan_state = next_scan_state; 926 927 *next_delay = 0; 928} 929 930static void ieee80211_scan_state_set_channel(struct ieee80211_local *local, 931 unsigned long *next_delay) 932{ 933 int skip; 934 struct ieee80211_channel *chan; 935 enum nl80211_bss_scan_width oper_scan_width; 936 struct cfg80211_scan_request *scan_req; 937 938 scan_req = rcu_dereference_protected(local->scan_req, 939 lockdep_is_held(&local->mtx)); 940 941 skip = 0; 942 chan = scan_req->channels[local->scan_channel_idx]; 943 944 local->scan_chandef.chan = chan; 945 local->scan_chandef.center_freq1 = chan->center_freq; 946 local->scan_chandef.freq1_offset = chan->freq_offset; 947 local->scan_chandef.center_freq2 = 0; 948 949 /* For scanning on the S1G band, ignore scan_width (which is constant 950 * across all channels) for now since channel width is specific to each 951 * channel. Detect the required channel width here and likely revisit 952 * later. Maybe scan_width could be used to build the channel scan list? 953 */ 954 if (chan->band == NL80211_BAND_S1GHZ) { 955 local->scan_chandef.width = ieee80211_s1g_channel_width(chan); 956 goto set_channel; 957 } 958 959 switch (scan_req->scan_width) { 960 case NL80211_BSS_CHAN_WIDTH_5: 961 local->scan_chandef.width = NL80211_CHAN_WIDTH_5; 962 break; 963 case NL80211_BSS_CHAN_WIDTH_10: 964 local->scan_chandef.width = NL80211_CHAN_WIDTH_10; 965 break; 966 default: 967 case NL80211_BSS_CHAN_WIDTH_20: 968 /* If scanning on oper channel, use whatever channel-type 969 * is currently in use. 970 */ 971 oper_scan_width = cfg80211_chandef_to_scan_width( 972 &local->_oper_chandef); 973 if (chan == local->_oper_chandef.chan && 974 oper_scan_width == scan_req->scan_width) 975 local->scan_chandef = local->_oper_chandef; 976 else 977 local->scan_chandef.width = NL80211_CHAN_WIDTH_20_NOHT; 978 break; 979 case NL80211_BSS_CHAN_WIDTH_1: 980 case NL80211_BSS_CHAN_WIDTH_2: 981 /* shouldn't get here, S1G handled above */ 982 WARN_ON(1); 983 break; 984 } 985 986set_channel: 987 if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL)) 988 skip = 1; 989 990 /* advance state machine to next channel/band */ 991 local->scan_channel_idx++; 992 993 if (skip) { 994 /* if we skip this channel return to the decision state */ 995 local->next_scan_state = SCAN_DECISION; 996 return; 997 } 998 999 /* 1000 * Probe delay is used to update the NAV, cf. 11.1.3.2.2 1001 * (which unfortunately doesn't say _why_ step a) is done, 1002 * but it waits for the probe delay or until a frame is 1003 * received - and the received frame would update the NAV). 1004 * For now, we do not support waiting until a frame is 1005 * received. 1006 * 1007 * In any case, it is not necessary for a passive scan. 1008 */ 1009 if ((chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) || 1010 !scan_req->n_ssids) { 1011 *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME; 1012 local->next_scan_state = SCAN_DECISION; 1013 if (scan_req->n_ssids) 1014 set_bit(SCAN_BEACON_WAIT, &local->scanning); 1015 return; 1016 } 1017 1018 /* active scan, send probes */ 1019 *next_delay = IEEE80211_PROBE_DELAY; 1020 local->next_scan_state = SCAN_SEND_PROBE; 1021} 1022 1023static void ieee80211_scan_state_suspend(struct ieee80211_local *local, 1024 unsigned long *next_delay) 1025{ 1026 /* switch back to the operating channel */ 1027 local->scan_chandef.chan = NULL; 1028 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 1029 1030 /* disable PS */ 1031 ieee80211_offchannel_return(local); 1032 1033 *next_delay = HZ / 5; 1034 /* afterwards, resume scan & go to next channel */ 1035 local->next_scan_state = SCAN_RESUME; 1036} 1037 1038static void ieee80211_scan_state_resume(struct ieee80211_local *local, 1039 unsigned long *next_delay) 1040{ 1041 ieee80211_offchannel_stop_vifs(local); 1042 1043 if (local->ops->flush) { 1044 ieee80211_flush_queues(local, NULL, false); 1045 *next_delay = 0; 1046 } else 1047 *next_delay = HZ / 10; 1048 1049 /* remember when we left the operating channel */ 1050 local->leave_oper_channel_time = jiffies; 1051 1052 /* advance to the next channel to be scanned */ 1053 local->next_scan_state = SCAN_SET_CHANNEL; 1054} 1055 1056void ieee80211_scan_work(struct work_struct *work) 1057{ 1058 struct ieee80211_local *local = 1059 container_of(work, struct ieee80211_local, scan_work.work); 1060 struct ieee80211_sub_if_data *sdata; 1061 struct cfg80211_scan_request *scan_req; 1062 unsigned long next_delay = 0; 1063 bool aborted; 1064 1065 mutex_lock(&local->mtx); 1066 1067 if (!ieee80211_can_run_worker(local)) { 1068 aborted = true; 1069 goto out_complete; 1070 } 1071 1072 sdata = rcu_dereference_protected(local->scan_sdata, 1073 lockdep_is_held(&local->mtx)); 1074 scan_req = rcu_dereference_protected(local->scan_req, 1075 lockdep_is_held(&local->mtx)); 1076 1077 /* When scanning on-channel, the first-callback means completed. */ 1078 if (test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning)) { 1079 aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning); 1080 goto out_complete; 1081 } 1082 1083 if (test_and_clear_bit(SCAN_COMPLETED, &local->scanning)) { 1084 aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning); 1085 goto out_complete; 1086 } 1087 1088 if (!sdata || !scan_req) 1089 goto out; 1090 1091 if (!local->scanning) { 1092 int rc; 1093 1094 RCU_INIT_POINTER(local->scan_req, NULL); 1095 RCU_INIT_POINTER(local->scan_sdata, NULL); 1096 1097 rc = __ieee80211_start_scan(sdata, scan_req); 1098 if (rc) { 1099 /* need to complete scan in cfg80211 */ 1100 rcu_assign_pointer(local->scan_req, scan_req); 1101 aborted = true; 1102 goto out_complete; 1103 } else 1104 goto out; 1105 } 1106 1107 clear_bit(SCAN_BEACON_WAIT, &local->scanning); 1108 1109 /* 1110 * as long as no delay is required advance immediately 1111 * without scheduling a new work 1112 */ 1113 do { 1114 if (!ieee80211_sdata_running(sdata)) { 1115 aborted = true; 1116 goto out_complete; 1117 } 1118 1119 if (test_and_clear_bit(SCAN_BEACON_DONE, &local->scanning) && 1120 local->next_scan_state == SCAN_DECISION) 1121 local->next_scan_state = SCAN_SEND_PROBE; 1122 1123 switch (local->next_scan_state) { 1124 case SCAN_DECISION: 1125 /* if no more bands/channels left, complete scan */ 1126 if (local->scan_channel_idx >= scan_req->n_channels) { 1127 aborted = false; 1128 goto out_complete; 1129 } 1130 ieee80211_scan_state_decision(local, &next_delay); 1131 break; 1132 case SCAN_SET_CHANNEL: 1133 ieee80211_scan_state_set_channel(local, &next_delay); 1134 break; 1135 case SCAN_SEND_PROBE: 1136 ieee80211_scan_state_send_probe(local, &next_delay); 1137 break; 1138 case SCAN_SUSPEND: 1139 ieee80211_scan_state_suspend(local, &next_delay); 1140 break; 1141 case SCAN_RESUME: 1142 ieee80211_scan_state_resume(local, &next_delay); 1143 break; 1144 case SCAN_ABORT: 1145 aborted = true; 1146 goto out_complete; 1147 } 1148 } while (next_delay == 0); 1149 1150 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay); 1151 goto out; 1152 1153out_complete: 1154 __ieee80211_scan_completed(&local->hw, aborted); 1155out: 1156 mutex_unlock(&local->mtx); 1157} 1158 1159int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata, 1160 struct cfg80211_scan_request *req) 1161{ 1162 int res; 1163 1164 mutex_lock(&sdata->local->mtx); 1165 res = __ieee80211_start_scan(sdata, req); 1166 mutex_unlock(&sdata->local->mtx); 1167 1168 return res; 1169} 1170 1171int ieee80211_request_ibss_scan(struct ieee80211_sub_if_data *sdata, 1172 const u8 *ssid, u8 ssid_len, 1173 struct ieee80211_channel **channels, 1174 unsigned int n_channels, 1175 enum nl80211_bss_scan_width scan_width) 1176{ 1177 struct ieee80211_local *local = sdata->local; 1178 int ret = -EBUSY, i, n_ch = 0; 1179 enum nl80211_band band; 1180 1181 mutex_lock(&local->mtx); 1182 1183 /* busy scanning */ 1184 if (local->scan_req) 1185 goto unlock; 1186 1187 /* fill internal scan request */ 1188 if (!channels) { 1189 int max_n; 1190 1191 for (band = 0; band < NUM_NL80211_BANDS; band++) { 1192 if (!local->hw.wiphy->bands[band] || 1193 band == NL80211_BAND_6GHZ) 1194 continue; 1195 1196 max_n = local->hw.wiphy->bands[band]->n_channels; 1197 for (i = 0; i < max_n; i++) { 1198 struct ieee80211_channel *tmp_ch = 1199 &local->hw.wiphy->bands[band]->channels[i]; 1200 1201 if (tmp_ch->flags & (IEEE80211_CHAN_NO_IR | 1202 IEEE80211_CHAN_DISABLED)) 1203 continue; 1204 1205 local->int_scan_req->channels[n_ch] = tmp_ch; 1206 n_ch++; 1207 } 1208 } 1209 1210 if (WARN_ON_ONCE(n_ch == 0)) 1211 goto unlock; 1212 1213 local->int_scan_req->n_channels = n_ch; 1214 } else { 1215 for (i = 0; i < n_channels; i++) { 1216 if (channels[i]->flags & (IEEE80211_CHAN_NO_IR | 1217 IEEE80211_CHAN_DISABLED)) 1218 continue; 1219 1220 local->int_scan_req->channels[n_ch] = channels[i]; 1221 n_ch++; 1222 } 1223 1224 if (WARN_ON_ONCE(n_ch == 0)) 1225 goto unlock; 1226 1227 local->int_scan_req->n_channels = n_ch; 1228 } 1229 1230 local->int_scan_req->ssids = &local->scan_ssid; 1231 local->int_scan_req->n_ssids = 1; 1232 local->int_scan_req->scan_width = scan_width; 1233 memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN); 1234 local->int_scan_req->ssids[0].ssid_len = ssid_len; 1235 1236 ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req); 1237 unlock: 1238 mutex_unlock(&local->mtx); 1239 return ret; 1240} 1241 1242/* 1243 * Only call this function when a scan can't be queued -- under RTNL. 1244 */ 1245void ieee80211_scan_cancel(struct ieee80211_local *local) 1246{ 1247 /* 1248 * We are canceling software scan, or deferred scan that was not 1249 * yet really started (see __ieee80211_start_scan ). 1250 * 1251 * Regarding hardware scan: 1252 * - we can not call __ieee80211_scan_completed() as when 1253 * SCAN_HW_SCANNING bit is set this function change 1254 * local->hw_scan_req to operate on 5G band, what race with 1255 * driver which can use local->hw_scan_req 1256 * 1257 * - we can not cancel scan_work since driver can schedule it 1258 * by ieee80211_scan_completed(..., true) to finish scan 1259 * 1260 * Hence we only call the cancel_hw_scan() callback, but the low-level 1261 * driver is still responsible for calling ieee80211_scan_completed() 1262 * after the scan was completed/aborted. 1263 */ 1264 1265 mutex_lock(&local->mtx); 1266 if (!local->scan_req) 1267 goto out; 1268 1269 /* 1270 * We have a scan running and the driver already reported completion, 1271 * but the worker hasn't run yet or is stuck on the mutex - mark it as 1272 * cancelled. 1273 */ 1274 if (test_bit(SCAN_HW_SCANNING, &local->scanning) && 1275 test_bit(SCAN_COMPLETED, &local->scanning)) { 1276 set_bit(SCAN_HW_CANCELLED, &local->scanning); 1277 goto out; 1278 } 1279 1280 if (test_bit(SCAN_HW_SCANNING, &local->scanning)) { 1281 /* 1282 * Make sure that __ieee80211_scan_completed doesn't trigger a 1283 * scan on another band. 1284 */ 1285 set_bit(SCAN_HW_CANCELLED, &local->scanning); 1286 if (local->ops->cancel_hw_scan) 1287 drv_cancel_hw_scan(local, 1288 rcu_dereference_protected(local->scan_sdata, 1289 lockdep_is_held(&local->mtx))); 1290 goto out; 1291 } 1292 1293 /* 1294 * If the work is currently running, it must be blocked on 1295 * the mutex, but we'll set scan_sdata = NULL and it'll 1296 * simply exit once it acquires the mutex. 1297 */ 1298 cancel_delayed_work(&local->scan_work); 1299 /* and clean up */ 1300 memset(&local->scan_info, 0, sizeof(local->scan_info)); 1301 __ieee80211_scan_completed(&local->hw, true); 1302out: 1303 mutex_unlock(&local->mtx); 1304} 1305 1306int __ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata, 1307 struct cfg80211_sched_scan_request *req) 1308{ 1309 struct ieee80211_local *local = sdata->local; 1310 struct ieee80211_scan_ies sched_scan_ies = {}; 1311 struct cfg80211_chan_def chandef; 1312 int ret, i, iebufsz, num_bands = 0; 1313 u32 rate_masks[NUM_NL80211_BANDS] = {}; 1314 u8 bands_used = 0; 1315 u8 *ie; 1316 u32 flags = 0; 1317 1318 iebufsz = local->scan_ies_len + req->ie_len; 1319 1320 lockdep_assert_held(&local->mtx); 1321 1322 if (!local->ops->sched_scan_start) 1323 return -ENOTSUPP; 1324 1325 for (i = 0; i < NUM_NL80211_BANDS; i++) { 1326 if (local->hw.wiphy->bands[i]) { 1327 bands_used |= BIT(i); 1328 rate_masks[i] = (u32) -1; 1329 num_bands++; 1330 } 1331 } 1332 1333 if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) 1334 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; 1335 1336 ie = kcalloc(iebufsz, num_bands, GFP_KERNEL); 1337 if (!ie) { 1338 ret = -ENOMEM; 1339 goto out; 1340 } 1341 1342 ieee80211_prepare_scan_chandef(&chandef, req->scan_width); 1343 1344 ieee80211_build_preq_ies(sdata, ie, num_bands * iebufsz, 1345 &sched_scan_ies, req->ie, 1346 req->ie_len, bands_used, rate_masks, &chandef, 1347 flags); 1348 1349 ret = drv_sched_scan_start(local, sdata, req, &sched_scan_ies); 1350 if (ret == 0) { 1351 rcu_assign_pointer(local->sched_scan_sdata, sdata); 1352 rcu_assign_pointer(local->sched_scan_req, req); 1353 } 1354 1355 kfree(ie); 1356 1357out: 1358 if (ret) { 1359 /* Clean in case of failure after HW restart or upon resume. */ 1360 RCU_INIT_POINTER(local->sched_scan_sdata, NULL); 1361 RCU_INIT_POINTER(local->sched_scan_req, NULL); 1362 } 1363 1364 return ret; 1365} 1366 1367int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata, 1368 struct cfg80211_sched_scan_request *req) 1369{ 1370 struct ieee80211_local *local = sdata->local; 1371 int ret; 1372 1373 mutex_lock(&local->mtx); 1374 1375 if (rcu_access_pointer(local->sched_scan_sdata)) { 1376 mutex_unlock(&local->mtx); 1377 return -EBUSY; 1378 } 1379 1380 ret = __ieee80211_request_sched_scan_start(sdata, req); 1381 1382 mutex_unlock(&local->mtx); 1383 return ret; 1384} 1385 1386int ieee80211_request_sched_scan_stop(struct ieee80211_local *local) 1387{ 1388 struct ieee80211_sub_if_data *sched_scan_sdata; 1389 int ret = -ENOENT; 1390 1391 mutex_lock(&local->mtx); 1392 1393 if (!local->ops->sched_scan_stop) { 1394 ret = -ENOTSUPP; 1395 goto out; 1396 } 1397 1398 /* We don't want to restart sched scan anymore. */ 1399 RCU_INIT_POINTER(local->sched_scan_req, NULL); 1400 1401 sched_scan_sdata = rcu_dereference_protected(local->sched_scan_sdata, 1402 lockdep_is_held(&local->mtx)); 1403 if (sched_scan_sdata) { 1404 ret = drv_sched_scan_stop(local, sched_scan_sdata); 1405 if (!ret) 1406 RCU_INIT_POINTER(local->sched_scan_sdata, NULL); 1407 } 1408out: 1409 mutex_unlock(&local->mtx); 1410 1411 return ret; 1412} 1413 1414void ieee80211_sched_scan_results(struct ieee80211_hw *hw) 1415{ 1416 struct ieee80211_local *local = hw_to_local(hw); 1417 1418 trace_api_sched_scan_results(local); 1419 1420 cfg80211_sched_scan_results(hw->wiphy, 0); 1421} 1422EXPORT_SYMBOL(ieee80211_sched_scan_results); 1423 1424void ieee80211_sched_scan_end(struct ieee80211_local *local) 1425{ 1426 mutex_lock(&local->mtx); 1427 1428 if (!rcu_access_pointer(local->sched_scan_sdata)) { 1429 mutex_unlock(&local->mtx); 1430 return; 1431 } 1432 1433 RCU_INIT_POINTER(local->sched_scan_sdata, NULL); 1434 1435 /* If sched scan was aborted by the driver. */ 1436 RCU_INIT_POINTER(local->sched_scan_req, NULL); 1437 1438 mutex_unlock(&local->mtx); 1439 1440 cfg80211_sched_scan_stopped(local->hw.wiphy, 0); 1441} 1442 1443void ieee80211_sched_scan_stopped_work(struct work_struct *work) 1444{ 1445 struct ieee80211_local *local = 1446 container_of(work, struct ieee80211_local, 1447 sched_scan_stopped_work); 1448 1449 ieee80211_sched_scan_end(local); 1450} 1451 1452void ieee80211_sched_scan_stopped(struct ieee80211_hw *hw) 1453{ 1454 struct ieee80211_local *local = hw_to_local(hw); 1455 1456 trace_api_sched_scan_stopped(local); 1457 1458 /* 1459 * this shouldn't really happen, so for simplicity 1460 * simply ignore it, and let mac80211 reconfigure 1461 * the sched scan later on. 1462 */ 1463 if (local->in_reconfig) 1464 return; 1465 1466 schedule_work(&local->sched_scan_stopped_work); 1467} 1468EXPORT_SYMBOL(ieee80211_sched_scan_stopped);