LXR linux/net/mac80211/scan.c

   1/*
   2 * Scanning implementation
   3 *
   4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
   5 * Copyright 2004, Instant802 Networks, Inc.
   6 * Copyright 2005, Devicescape Software, Inc.
   7 * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
   8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
   9 *
  10 * This program is free software; you can redistribute it and/or modify
  11 * it under the terms of the GNU General Public License version 2 as
  12 * published by the Free Software Foundation.
  13 */
  14
  15/* TODO: figure out how to avoid that the "current BSS" expires */
  16
  17#include <linux/wireless.h>
  18#include <linux/if_arp.h>
  19#include <linux/rtnetlink.h>
  20#include <net/mac80211.h>
  21
  22#include "ieee80211_i.h"
  23#include "driver-ops.h"
  24#include "mesh.h"
  25
  26#define IEEE80211_PROBE_DELAY (HZ / 33)
  27#define IEEE80211_CHANNEL_TIME (HZ / 33)
  28#define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 8)
  29
  30struct ieee80211_bss *
  31ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq,
  32                     u8 *ssid, u8 ssid_len)
  33{
  34        return (void *)cfg80211_get_bss(local->hw.wiphy,
  35                                        ieee80211_get_channel(local->hw.wiphy,
  36                                                              freq),
  37                                        bssid, ssid, ssid_len,
  38                                        0, 0);
  39}
  40
  41static void ieee80211_rx_bss_free(struct cfg80211_bss *cbss)
  42{
  43        struct ieee80211_bss *bss = (void *)cbss;
  44
  45        kfree(bss_mesh_id(bss));
  46        kfree(bss_mesh_cfg(bss));
  47}
  48
  49void ieee80211_rx_bss_put(struct ieee80211_local *local,
  50                          struct ieee80211_bss *bss)
  51{
  52        cfg80211_put_bss((struct cfg80211_bss *)bss);
  53}
  54
  55struct ieee80211_bss *
  56ieee80211_bss_info_update(struct ieee80211_local *local,
  57                          struct ieee80211_rx_status *rx_status,
  58                          struct ieee80211_mgmt *mgmt,
  59                          size_t len,
  60                          struct ieee802_11_elems *elems,
  61                          struct ieee80211_channel *channel,
  62                          bool beacon)
  63{
  64        struct ieee80211_bss *bss;
  65        int clen;
  66        s32 signal = 0;
  67
  68        if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
  69                signal = rx_status->signal * 100;
  70        else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)
  71                signal = (rx_status->signal * 100) / local->hw.max_signal;
  72
  73        bss = (void *)cfg80211_inform_bss_frame(local->hw.wiphy, channel,
  74                                                mgmt, len, signal, GFP_ATOMIC);
  75
  76        if (!bss)
  77                return NULL;
  78
  79        bss->cbss.free_priv = ieee80211_rx_bss_free;
  80
  81        /* save the ERP value so that it is available at association time */
  82        if (elems->erp_info && elems->erp_info_len >= 1) {
  83                bss->erp_value = elems->erp_info[0];
  84                bss->has_erp_value = 1;
  85        }
  86
  87        if (elems->tim) {
  88                struct ieee80211_tim_ie *tim_ie =
  89                        (struct ieee80211_tim_ie *)elems->tim;
  90                bss->dtim_period = tim_ie->dtim_period;
  91        }
  92
  93        /* set default value for buggy AP/no TIM element */
  94        if (bss->dtim_period == 0)
  95                bss->dtim_period = 1;
  96
  97        bss->supp_rates_len = 0;
  98        if (elems->supp_rates) {
  99                clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
 100                if (clen > elems->supp_rates_len)
 101                        clen = elems->supp_rates_len;
 102                memcpy(&bss->supp_rates[bss->supp_rates_len], elems->supp_rates,
 103                       clen);
 104                bss->supp_rates_len += clen;
 105        }
 106        if (elems->ext_supp_rates) {
 107                clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
 108                if (clen > elems->ext_supp_rates_len)
 109                        clen = elems->ext_supp_rates_len;
 110                memcpy(&bss->supp_rates[bss->supp_rates_len],
 111                       elems->ext_supp_rates, clen);
 112                bss->supp_rates_len += clen;
 113        }
 114
 115        bss->wmm_used = elems->wmm_param || elems->wmm_info;
 116
 117        if (!beacon)
 118                bss->last_probe_resp = jiffies;
 119
 120        return bss;
 121}
 122
 123ieee80211_rx_result
 124ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
 125{
 126        struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
 127        struct ieee80211_mgmt *mgmt;
 128        struct ieee80211_bss *bss;
 129        u8 *elements;
 130        struct ieee80211_channel *channel;
 131        size_t baselen;
 132        int freq;
 133        __le16 fc;
 134        bool presp, beacon = false;
 135        struct ieee802_11_elems elems;
 136
 137        if (skb->len < 2)
 138                return RX_DROP_UNUSABLE;
 139
 140        mgmt = (struct ieee80211_mgmt *) skb->data;
 141        fc = mgmt->frame_control;
 142
 143        if (ieee80211_is_ctl(fc))
 144                return RX_CONTINUE;
 145
 146        if (skb->len < 24)
 147                return RX_DROP_MONITOR;
 148
 149        presp = ieee80211_is_probe_resp(fc);
 150        if (presp) {
 151                /* ignore ProbeResp to foreign address */
 152                if (memcmp(mgmt->da, sdata->dev->dev_addr, ETH_ALEN))
 153                        return RX_DROP_MONITOR;
 154
 155                presp = true;
 156                elements = mgmt->u.probe_resp.variable;
 157                baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
 158        } else {
 159                beacon = ieee80211_is_beacon(fc);
 160                baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable);
 161                elements = mgmt->u.beacon.variable;
 162        }
 163
 164        if (!presp && !beacon)
 165                return RX_CONTINUE;
 166
 167        if (baselen > skb->len)
 168                return RX_DROP_MONITOR;
 169
 170        ieee802_11_parse_elems(elements, skb->len - baselen, &elems);
 171
 172        if (elems.ds_params && elems.ds_params_len == 1)
 173                freq = ieee80211_channel_to_frequency(elems.ds_params[0]);
 174        else
 175                freq = rx_status->freq;
 176
 177        channel = ieee80211_get_channel(sdata->local->hw.wiphy, freq);
 178
 179        if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
 180                return RX_DROP_MONITOR;
 181
 182        bss = ieee80211_bss_info_update(sdata->local, rx_status,
 183                                        mgmt, skb->len, &elems,
 184                                        channel, beacon);
 185        if (bss)
 186                ieee80211_rx_bss_put(sdata->local, bss);
 187
 188        dev_kfree_skb(skb);
 189        return RX_QUEUED;
 190}
 191
 192/*
 193 * inform AP that we will go to sleep so that it will buffer the frames
 194 * while we scan
 195 */
 196static void ieee80211_scan_ps_enable(struct ieee80211_sub_if_data *sdata)
 197{
 198        struct ieee80211_local *local = sdata->local;
 199        bool ps = false;
 200
 201        /* FIXME: what to do when local->pspolling is true? */
 202
 203        del_timer_sync(&local->dynamic_ps_timer);
 204        cancel_work_sync(&local->dynamic_ps_enable_work);
 205
 206        if (local->hw.conf.flags & IEEE80211_CONF_PS) {
 207                ps = true;
 208                local->hw.conf.flags &= ~IEEE80211_CONF_PS;
 209                ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
 210        }
 211
 212        if (!ps || !(local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK))
 213                /*
 214                 * If power save was enabled, no need to send a nullfunc
 215                 * frame because AP knows that we are sleeping. But if the
 216                 * hardware is creating the nullfunc frame for power save
 217                 * status (ie. IEEE80211_HW_PS_NULLFUNC_STACK is not
 218                 * enabled) and power save was enabled, the firmware just
 219                 * sent a null frame with power save disabled. So we need
 220                 * to send a new nullfunc frame to inform the AP that we
 221                 * are again sleeping.
 222                 */
 223                ieee80211_send_nullfunc(local, sdata, 1);
 224}
 225
 226/* inform AP that we are awake again, unless power save is enabled */
 227static void ieee80211_scan_ps_disable(struct ieee80211_sub_if_data *sdata)
 228{
 229        struct ieee80211_local *local = sdata->local;
 230
 231        if (!local->ps_sdata)
 232                ieee80211_send_nullfunc(local, sdata, 0);
 233        else {
 234                /*
 235                 * In !IEEE80211_HW_PS_NULLFUNC_STACK case the hardware
 236                 * will send a nullfunc frame with the powersave bit set
 237                 * even though the AP already knows that we are sleeping.
 238                 * This could be avoided by sending a null frame with power
 239                 * save bit disabled before enabling the power save, but
 240                 * this doesn't gain anything.
 241                 *
 242                 * When IEEE80211_HW_PS_NULLFUNC_STACK is enabled, no need
 243                 * to send a nullfunc frame because AP already knows that
 244                 * we are sleeping, let's just enable power save mode in
 245                 * hardware.
 246                 */
 247                local->hw.conf.flags |= IEEE80211_CONF_PS;
 248                ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
 249        }
 250}
 251
 252static void ieee80211_restore_scan_ies(struct ieee80211_local *local)
 253{
 254        kfree(local->scan_req->ie);
 255        local->scan_req->ie = local->orig_ies;
 256        local->scan_req->ie_len = local->orig_ies_len;
 257}
 258
 259void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
 260{
 261        struct ieee80211_local *local = hw_to_local(hw);
 262        struct ieee80211_sub_if_data *sdata;
 263        bool was_hw_scan;
 264
 265        mutex_lock(&local->scan_mtx);
 266
 267        if (WARN_ON(!local->scanning)) {
 268                mutex_unlock(&local->scan_mtx);
 269                return;
 270        }
 271
 272        if (WARN_ON(!local->scan_req)) {
 273                mutex_unlock(&local->scan_mtx);
 274                return;
 275        }
 276
 277        if (test_bit(SCAN_HW_SCANNING, &local->scanning))
 278                ieee80211_restore_scan_ies(local);
 279
 280        if (local->scan_req != local->int_scan_req)
 281                cfg80211_scan_done(local->scan_req, aborted);
 282        local->scan_req = NULL;
 283        local->scan_sdata = NULL;
 284
 285        was_hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
 286        local->scanning = 0;
 287        local->scan_channel = NULL;
 288
 289        /* we only have to protect scan_req and hw/sw scan */
 290        mutex_unlock(&local->scan_mtx);
 291
 292        ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
 293        if (was_hw_scan)
 294                goto done;
 295
 296        ieee80211_configure_filter(local);
 297
 298        drv_sw_scan_complete(local);
 299
 300        mutex_lock(&local->iflist_mtx);
 301        list_for_each_entry(sdata, &local->interfaces, list) {
 302                if (!netif_running(sdata->dev))
 303                        continue;
 304
 305                /* Tell AP we're back */
 306                if (sdata->vif.type == NL80211_IFTYPE_STATION) {
 307                        if (sdata->u.mgd.associated) {
 308                                ieee80211_scan_ps_disable(sdata);
 309                                netif_tx_wake_all_queues(sdata->dev);
 310                        }
 311                } else
 312                        netif_tx_wake_all_queues(sdata->dev);
 313
 314                /* re-enable beaconing */
 315                if (sdata->vif.type == NL80211_IFTYPE_AP ||
 316                    sdata->vif.type == NL80211_IFTYPE_ADHOC ||
 317                    sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
 318                        ieee80211_bss_info_change_notify(
 319                                sdata, BSS_CHANGED_BEACON_ENABLED);
 320        }
 321        mutex_unlock(&local->iflist_mtx);
 322
 323 done:
 324        ieee80211_recalc_idle(local);
 325        ieee80211_mlme_notify_scan_completed(local);
 326        ieee80211_ibss_notify_scan_completed(local);
 327        ieee80211_mesh_notify_scan_completed(local);
 328}
 329EXPORT_SYMBOL(ieee80211_scan_completed);
 330
 331static int ieee80211_start_sw_scan(struct ieee80211_local *local)
 332{
 333        struct ieee80211_sub_if_data *sdata;
 334
 335        /*
 336         * Hardware/driver doesn't support hw_scan, so use software
 337         * scanning instead. First send a nullfunc frame with power save
 338         * bit on so that AP will buffer the frames for us while we are not
 339         * listening, then send probe requests to each channel and wait for
 340         * the responses. After all channels are scanned, tune back to the
 341         * original channel and send a nullfunc frame with power save bit
 342         * off to trigger the AP to send us all the buffered frames.
 343         *
 344         * Note that while local->sw_scanning is true everything else but
 345         * nullfunc frames and probe requests will be dropped in
 346         * ieee80211_tx_h_check_assoc().
 347         */
 348        drv_sw_scan_start(local);
 349
 350        mutex_lock(&local->iflist_mtx);
 351        list_for_each_entry(sdata, &local->interfaces, list) {
 352                if (!netif_running(sdata->dev))
 353                        continue;
 354
 355                /* disable beaconing */
 356                if (sdata->vif.type == NL80211_IFTYPE_AP ||
 357                    sdata->vif.type == NL80211_IFTYPE_ADHOC ||
 358                    sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
 359                        ieee80211_bss_info_change_notify(
 360                                sdata, BSS_CHANGED_BEACON_ENABLED);
 361
 362                /*
 363                 * only handle non-STA interfaces here, STA interfaces
 364                 * are handled in the scan state machine
 365                 */
 366                if (sdata->vif.type != NL80211_IFTYPE_STATION)
 367                        netif_tx_stop_all_queues(sdata->dev);
 368        }
 369        mutex_unlock(&local->iflist_mtx);
 370
 371        local->next_scan_state = SCAN_DECISION;
 372        local->scan_channel_idx = 0;
 373
 374        ieee80211_configure_filter(local);
 375
 376        /* TODO: start scan as soon as all nullfunc frames are ACKed */
 377        ieee80211_queue_delayed_work(&local->hw,
 378                                     &local->scan_work,
 379                                     IEEE80211_CHANNEL_TIME);
 380
 381        return 0;
 382}
 383
 384
 385static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
 386                                  struct cfg80211_scan_request *req)
 387{
 388        struct ieee80211_local *local = sdata->local;
 389        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 390        int rc;
 391
 392        if (local->scan_req)
 393                return -EBUSY;
 394
 395        if (local->ops->hw_scan) {
 396                u8 *ies;
 397                int ielen;
 398
 399                ies = kmalloc(2 + IEEE80211_MAX_SSID_LEN +
 400                              local->scan_ies_len + req->ie_len, GFP_KERNEL);
 401                if (!ies)
 402                        return -ENOMEM;
 403
 404                ielen = ieee80211_build_preq_ies(local, ies,
 405                                                 req->ie, req->ie_len);
 406                local->orig_ies = req->ie;
 407                local->orig_ies_len = req->ie_len;
 408                req->ie = ies;
 409                req->ie_len = ielen;
 410        }
 411
 412        local->scan_req = req;
 413        local->scan_sdata = sdata;
 414
 415        if (req != local->int_scan_req &&
 416            sdata->vif.type == NL80211_IFTYPE_STATION &&
 417            !list_empty(&ifmgd->work_list)) {
 418                /* actually wait for the work it's doing to finish/time out */
 419                set_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request);
 420                return 0;
 421        }
 422
 423        if (local->ops->hw_scan)
 424                __set_bit(SCAN_HW_SCANNING, &local->scanning);
 425        else
 426                __set_bit(SCAN_SW_SCANNING, &local->scanning);
 427        /*
 428         * Kicking off the scan need not be protected,
 429         * only the scan variable stuff, since now
 430         * local->scan_req is assigned and other callers
 431         * will abort their scan attempts.
 432         *
 433         * This avoids getting a scan_mtx -> iflist_mtx
 434         * dependency, so that the scan completed calls
 435         * have more locking freedom.
 436         */
 437
 438        ieee80211_recalc_idle(local);
 439        mutex_unlock(&local->scan_mtx);
 440
 441        if (local->ops->hw_scan)
 442                rc = drv_hw_scan(local, local->scan_req);
 443        else
 444                rc = ieee80211_start_sw_scan(local);
 445
 446        mutex_lock(&local->scan_mtx);
 447
 448        if (rc) {
 449                if (local->ops->hw_scan)
 450                        ieee80211_restore_scan_ies(local);
 451                local->scanning = 0;
 452
 453                ieee80211_recalc_idle(local);
 454
 455                local->scan_req = NULL;
 456                local->scan_sdata = NULL;
 457        }
 458
 459        return rc;
 460}
 461
 462static int ieee80211_scan_state_decision(struct ieee80211_local *local,
 463                                         unsigned long *next_delay)
 464{
 465        bool associated = false;
 466        struct ieee80211_sub_if_data *sdata;
 467
 468        /* if no more bands/channels left, complete scan and advance to the idle state */
 469        if (local->scan_channel_idx >= local->scan_req->n_channels) {
 470                ieee80211_scan_completed(&local->hw, false);
 471                return 1;
 472        }
 473
 474        /* check if at least one STA interface is associated */
 475        mutex_lock(&local->iflist_mtx);
 476        list_for_each_entry(sdata, &local->interfaces, list) {
 477                if (!netif_running(sdata->dev))
 478                        continue;
 479
 480                if (sdata->vif.type == NL80211_IFTYPE_STATION) {
 481                        if (sdata->u.mgd.associated) {
 482                                associated = true;
 483                                break;
 484                        }
 485                }
 486        }
 487        mutex_unlock(&local->iflist_mtx);
 488
 489        if (local->scan_channel) {
 490                /*
 491                 * we're currently scanning a different channel, let's
 492                 * switch back to the operating channel now if at least
 493                 * one interface is associated. Otherwise just scan the
 494                 * next channel
 495                 */
 496                if (associated)
 497                        local->next_scan_state = SCAN_ENTER_OPER_CHANNEL;
 498                else
 499                        local->next_scan_state = SCAN_SET_CHANNEL;
 500        } else {
 501                /*
 502                 * we're on the operating channel currently, let's
 503                 * leave that channel now to scan another one
 504                 */
 505                local->next_scan_state = SCAN_LEAVE_OPER_CHANNEL;
 506        }
 507
 508        *next_delay = 0;
 509        return 0;
 510}
 511
 512static void ieee80211_scan_state_leave_oper_channel(struct ieee80211_local *local,
 513                                                    unsigned long *next_delay)
 514{
 515        struct ieee80211_sub_if_data *sdata;
 516
 517        /*
 518         * notify the AP about us leaving the channel and stop all STA interfaces
 519         */
 520        mutex_lock(&local->iflist_mtx);
 521        list_for_each_entry(sdata, &local->interfaces, list) {
 522                if (!netif_running(sdata->dev))
 523                        continue;
 524
 525                if (sdata->vif.type == NL80211_IFTYPE_STATION) {
 526                        netif_tx_stop_all_queues(sdata->dev);
 527                        if (sdata->u.mgd.associated)
 528                                ieee80211_scan_ps_enable(sdata);
 529                }
 530        }
 531        mutex_unlock(&local->iflist_mtx);
 532
 533        __set_bit(SCAN_OFF_CHANNEL, &local->scanning);
 534
 535        /* advance to the next channel to be scanned */
 536        *next_delay = HZ / 10;
 537        local->next_scan_state = SCAN_SET_CHANNEL;
 538}
 539
 540static void ieee80211_scan_state_enter_oper_channel(struct ieee80211_local *local,
 541                                                    unsigned long *next_delay)
 542{
 543        struct ieee80211_sub_if_data *sdata = local->scan_sdata;
 544
 545        /* switch back to the operating channel */
 546        local->scan_channel = NULL;
 547        ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
 548
 549        /*
 550         * notify the AP about us being back and restart all STA interfaces
 551         */
 552        mutex_lock(&local->iflist_mtx);
 553        list_for_each_entry(sdata, &local->interfaces, list) {
 554                if (!netif_running(sdata->dev))
 555                        continue;
 556
 557                /* Tell AP we're back */
 558                if (sdata->vif.type == NL80211_IFTYPE_STATION) {
 559                        if (sdata->u.mgd.associated)
 560                                ieee80211_scan_ps_disable(sdata);
 561                        netif_tx_wake_all_queues(sdata->dev);
 562                }
 563        }
 564        mutex_unlock(&local->iflist_mtx);
 565
 566        __clear_bit(SCAN_OFF_CHANNEL, &local->scanning);
 567
 568        *next_delay = HZ / 5;
 569        local->next_scan_state = SCAN_DECISION;
 570}
 571
 572static void ieee80211_scan_state_set_channel(struct ieee80211_local *local,
 573                                             unsigned long *next_delay)
 574{
 575        int skip;
 576        struct ieee80211_channel *chan;
 577        struct ieee80211_sub_if_data *sdata = local->scan_sdata;
 578
 579        skip = 0;
 580        chan = local->scan_req->channels[local->scan_channel_idx];
 581
 582        if (chan->flags & IEEE80211_CHAN_DISABLED ||
 583            (sdata->vif.type == NL80211_IFTYPE_ADHOC &&
 584             chan->flags & IEEE80211_CHAN_NO_IBSS))
 585                skip = 1;
 586
 587        if (!skip) {
 588                local->scan_channel = chan;
 589                if (ieee80211_hw_config(local,
 590                                        IEEE80211_CONF_CHANGE_CHANNEL))
 591                        skip = 1;
 592        }
 593
 594        /* advance state machine to next channel/band */
 595        local->scan_channel_idx++;
 596
 597        if (skip) {
 598                /* if we skip this channel return to the decision state */
 599                local->next_scan_state = SCAN_DECISION;
 600                return;
 601        }
 602
 603        /*
 604         * Probe delay is used to update the NAV, cf. 11.1.3.2.2
 605         * (which unfortunately doesn't say _why_ step a) is done,
 606         * but it waits for the probe delay or until a frame is
 607         * received - and the received frame would update the NAV).
 608         * For now, we do not support waiting until a frame is
 609         * received.
 610         *
 611         * In any case, it is not necessary for a passive scan.
 612         */
 613        if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN ||
 614            !local->scan_req->n_ssids) {
 615                *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
 616                local->next_scan_state = SCAN_DECISION;
 617                return;
 618        }
 619
 620        /* active scan, send probes */
 621        *next_delay = IEEE80211_PROBE_DELAY;
 622        local->next_scan_state = SCAN_SEND_PROBE;
 623}
 624
 625static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
 626                                            unsigned long *next_delay)
 627{
 628        int i;
 629        struct ieee80211_sub_if_data *sdata = local->scan_sdata;
 630
 631        for (i = 0; i < local->scan_req->n_ssids; i++)
 632                ieee80211_send_probe_req(
 633                        sdata, NULL,
 634                        local->scan_req->ssids[i].ssid,
 635                        local->scan_req->ssids[i].ssid_len,
 636                        local->scan_req->ie, local->scan_req->ie_len);
 637
 638        /*
 639         * After sending probe requests, wait for probe responses
 640         * on the channel.
 641         */
 642        *next_delay = IEEE80211_CHANNEL_TIME;
 643        local->next_scan_state = SCAN_DECISION;
 644}
 645
 646void ieee80211_scan_work(struct work_struct *work)
 647{
 648        struct ieee80211_local *local =
 649                container_of(work, struct ieee80211_local, scan_work.work);
 650        struct ieee80211_sub_if_data *sdata = local->scan_sdata;
 651        unsigned long next_delay = 0;
 652
 653        mutex_lock(&local->scan_mtx);
 654        if (!sdata || !local->scan_req) {
 655                mutex_unlock(&local->scan_mtx);
 656                return;
 657        }
 658
 659        if (local->scan_req && !local->scanning) {
 660                struct cfg80211_scan_request *req = local->scan_req;
 661                int rc;
 662
 663                local->scan_req = NULL;
 664                local->scan_sdata = NULL;
 665
 666                rc = __ieee80211_start_scan(sdata, req);
 667                mutex_unlock(&local->scan_mtx);
 668
 669                if (rc)
 670                        ieee80211_scan_completed(&local->hw, true);
 671                return;
 672        }
 673
 674        mutex_unlock(&local->scan_mtx);
 675
 676        /*
 677         * Avoid re-scheduling when the sdata is going away.
 678         */
 679        if (!netif_running(sdata->dev)) {
 680                ieee80211_scan_completed(&local->hw, true);
 681                return;
 682        }
 683
 684        /*
 685         * as long as no delay is required advance immediately
 686         * without scheduling a new work
 687         */
 688        do {
 689                switch (local->next_scan_state) {
 690                case SCAN_DECISION:
 691                        if (ieee80211_scan_state_decision(local, &next_delay))
 692                                return;
 693                        break;
 694                case SCAN_SET_CHANNEL:
 695                        ieee80211_scan_state_set_channel(local, &next_delay);
 696                        break;
 697                case SCAN_SEND_PROBE:
 698                        ieee80211_scan_state_send_probe(local, &next_delay);
 699                        break;
 700                case SCAN_LEAVE_OPER_CHANNEL:
 701                        ieee80211_scan_state_leave_oper_channel(local, &next_delay);
 702                        break;
 703                case SCAN_ENTER_OPER_CHANNEL:
 704                        ieee80211_scan_state_enter_oper_channel(local, &next_delay);
 705                        break;
 706                }
 707        } while (next_delay == 0);
 708
 709        ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
 710}
 711
 712int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
 713                           struct cfg80211_scan_request *req)
 714{
 715        int res;
 716
 717        mutex_lock(&sdata->local->scan_mtx);
 718        res = __ieee80211_start_scan(sdata, req);
 719        mutex_unlock(&sdata->local->scan_mtx);
 720
 721        return res;
 722}
 723
 724int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
 725                                    const u8 *ssid, u8 ssid_len)
 726{
 727        struct ieee80211_local *local = sdata->local;
 728        int ret = -EBUSY;
 729
 730        mutex_lock(&local->scan_mtx);
 731
 732        /* busy scanning */
 733        if (local->scan_req)
 734                goto unlock;
 735
 736        memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN);
 737        local->int_scan_req->ssids[0].ssid_len = ssid_len;
 738
 739        ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req);
 740 unlock:
 741        mutex_unlock(&local->scan_mtx);
 742        return ret;
 743}
 744
 745void ieee80211_scan_cancel(struct ieee80211_local *local)
 746{
 747        bool abortscan;
 748
 749        cancel_delayed_work_sync(&local->scan_work);
 750
 751        /*
 752         * Only call this function when a scan can't be
 753         * queued -- mostly at suspend under RTNL.
 754         */
 755        mutex_lock(&local->scan_mtx);
 756        abortscan = test_bit(SCAN_SW_SCANNING, &local->scanning) ||
 757                    (!local->scanning && local->scan_req);
 758        mutex_unlock(&local->scan_mtx);
 759
 760        if (abortscan)
 761                ieee80211_scan_completed(&local->hw, true);
 762}
 763