1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16#include <linux/delay.h>
17#include <linux/if_ether.h>
18#include <linux/skbuff.h>
19#include <linux/if_arp.h>
20#include <linux/etherdevice.h>
21#include <linux/crc32.h>
22#include <linux/slab.h>
23#include <net/mac80211.h>
24#include <asm/unaligned.h>
25
26#include "ieee80211_i.h"
27#include "rate.h"
28
29#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
30#define IEEE80211_AUTH_MAX_TRIES 3
31#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
32#define IEEE80211_ASSOC_MAX_TRIES 3
33#define IEEE80211_MAX_PROBE_TRIES 5
34
35enum work_action {
36 WORK_ACT_MISMATCH,
37 WORK_ACT_NONE,
38 WORK_ACT_TIMEOUT,
39 WORK_ACT_DONE,
40};
41
42
43
44static inline void ASSERT_WORK_MTX(struct ieee80211_local *local)
45{
46 lockdep_assert_held(&local->mtx);
47}
48
49
50
51
52
53
54
55
56
57
58
59static void run_again(struct ieee80211_local *local,
60 unsigned long timeout)
61{
62 ASSERT_WORK_MTX(local);
63
64 if (!timer_pending(&local->work_timer) ||
65 time_before(timeout, local->work_timer.expires))
66 mod_timer(&local->work_timer, timeout);
67}
68
69static void work_free_rcu(struct rcu_head *head)
70{
71 struct ieee80211_work *wk =
72 container_of(head, struct ieee80211_work, rcu_head);
73
74 kfree(wk);
75}
76
77void free_work(struct ieee80211_work *wk)
78{
79 call_rcu(&wk->rcu_head, work_free_rcu);
80}
81
82static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
83 struct ieee80211_supported_band *sband,
84 u32 *rates)
85{
86 int i, j, count;
87 *rates = 0;
88 count = 0;
89 for (i = 0; i < supp_rates_len; i++) {
90 int rate = (supp_rates[i] & 0x7F) * 5;
91
92 for (j = 0; j < sband->n_bitrates; j++)
93 if (sband->bitrates[j].bitrate == rate) {
94 *rates |= BIT(j);
95 count++;
96 break;
97 }
98 }
99
100 return count;
101}
102
103
104
105static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie,
106 struct ieee80211_supported_band *sband,
107 struct ieee80211_channel *channel,
108 enum ieee80211_smps_mode smps)
109{
110 struct ieee80211_ht_info *ht_info;
111 u8 *pos;
112 u32 flags = channel->flags;
113 u16 cap = sband->ht_cap.cap;
114 __le16 tmp;
115
116 if (!sband->ht_cap.ht_supported)
117 return;
118
119 if (!ht_info_ie)
120 return;
121
122 if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info))
123 return;
124
125 ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2);
126
127
128
129 if (ieee80211_disable_40mhz_24ghz &&
130 sband->band == IEEE80211_BAND_2GHZ) {
131 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
132 cap &= ~IEEE80211_HT_CAP_SGI_40;
133 }
134
135 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
136 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
137 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
138 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
139 cap &= ~IEEE80211_HT_CAP_SGI_40;
140 }
141 break;
142 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
143 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
144 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
145 cap &= ~IEEE80211_HT_CAP_SGI_40;
146 }
147 break;
148 }
149
150
151 cap &= ~IEEE80211_HT_CAP_SM_PS;
152 switch (smps) {
153 case IEEE80211_SMPS_AUTOMATIC:
154 case IEEE80211_SMPS_NUM_MODES:
155 WARN_ON(1);
156 case IEEE80211_SMPS_OFF:
157 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
158 IEEE80211_HT_CAP_SM_PS_SHIFT;
159 break;
160 case IEEE80211_SMPS_STATIC:
161 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
162 IEEE80211_HT_CAP_SM_PS_SHIFT;
163 break;
164 case IEEE80211_SMPS_DYNAMIC:
165 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
166 IEEE80211_HT_CAP_SM_PS_SHIFT;
167 break;
168 }
169
170
171
172 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
173 *pos++ = WLAN_EID_HT_CAPABILITY;
174 *pos++ = sizeof(struct ieee80211_ht_cap);
175 memset(pos, 0, sizeof(struct ieee80211_ht_cap));
176
177
178 tmp = cpu_to_le16(cap);
179 memcpy(pos, &tmp, sizeof(u16));
180 pos += sizeof(u16);
181
182
183 *pos++ = sband->ht_cap.ampdu_factor |
184 (sband->ht_cap.ampdu_density <<
185 IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT);
186
187
188 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
189 pos += sizeof(sband->ht_cap.mcs);
190
191
192 pos += sizeof(__le16);
193
194
195 pos += sizeof(__le32);
196
197
198 pos += sizeof(u8);
199}
200
201static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
202 struct ieee80211_work *wk)
203{
204 struct ieee80211_local *local = sdata->local;
205 struct sk_buff *skb;
206 struct ieee80211_mgmt *mgmt;
207 u8 *pos, qos_info;
208 const u8 *ies;
209 size_t offset = 0, noffset;
210 int i, len, count, rates_len, supp_rates_len;
211 u16 capab;
212 struct ieee80211_supported_band *sband;
213 u32 rates = 0;
214
215 sband = local->hw.wiphy->bands[wk->chan->band];
216
217 if (wk->assoc.supp_rates_len) {
218
219
220
221
222
223
224 rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates,
225 wk->assoc.supp_rates_len,
226 sband, &rates);
227 } else {
228
229
230
231
232
233 rates = ~0;
234 rates_len = sband->n_bitrates;
235 }
236
237 skb = alloc_skb(local->hw.extra_tx_headroom +
238 sizeof(*mgmt) +
239 2 + wk->assoc.ssid_len +
240 4 + rates_len +
241 4 +
242 2 + 2 * sband->n_channels +
243 2 + sizeof(struct ieee80211_ht_cap) +
244 wk->ie_len +
245 9,
246 GFP_KERNEL);
247 if (!skb) {
248 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
249 "frame\n", sdata->name);
250 return;
251 }
252 skb_reserve(skb, local->hw.extra_tx_headroom);
253
254 capab = WLAN_CAPABILITY_ESS;
255
256 if (sband->band == IEEE80211_BAND_2GHZ) {
257 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
258 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
259 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
260 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
261 }
262
263 if (wk->assoc.capability & WLAN_CAPABILITY_PRIVACY)
264 capab |= WLAN_CAPABILITY_PRIVACY;
265
266 if ((wk->assoc.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
267 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
268 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
269
270 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
271 memset(mgmt, 0, 24);
272 memcpy(mgmt->da, wk->filter_ta, ETH_ALEN);
273 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
274 memcpy(mgmt->bssid, wk->filter_ta, ETH_ALEN);
275
276 if (!is_zero_ether_addr(wk->assoc.prev_bssid)) {
277 skb_put(skb, 10);
278 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
279 IEEE80211_STYPE_REASSOC_REQ);
280 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
281 mgmt->u.reassoc_req.listen_interval =
282 cpu_to_le16(local->hw.conf.listen_interval);
283 memcpy(mgmt->u.reassoc_req.current_ap, wk->assoc.prev_bssid,
284 ETH_ALEN);
285 } else {
286 skb_put(skb, 4);
287 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
288 IEEE80211_STYPE_ASSOC_REQ);
289 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
290 mgmt->u.assoc_req.listen_interval =
291 cpu_to_le16(local->hw.conf.listen_interval);
292 }
293
294
295 ies = pos = skb_put(skb, 2 + wk->assoc.ssid_len);
296 *pos++ = WLAN_EID_SSID;
297 *pos++ = wk->assoc.ssid_len;
298 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len);
299
300
301 supp_rates_len = rates_len;
302 if (supp_rates_len > 8)
303 supp_rates_len = 8;
304
305 len = sband->n_bitrates;
306 pos = skb_put(skb, supp_rates_len + 2);
307 *pos++ = WLAN_EID_SUPP_RATES;
308 *pos++ = supp_rates_len;
309
310 count = 0;
311 for (i = 0; i < sband->n_bitrates; i++) {
312 if (BIT(i) & rates) {
313 int rate = sband->bitrates[i].bitrate;
314 *pos++ = (u8) (rate / 5);
315 if (++count == 8)
316 break;
317 }
318 }
319
320 if (rates_len > count) {
321 pos = skb_put(skb, rates_len - count + 2);
322 *pos++ = WLAN_EID_EXT_SUPP_RATES;
323 *pos++ = rates_len - count;
324
325 for (i++; i < sband->n_bitrates; i++) {
326 if (BIT(i) & rates) {
327 int rate = sband->bitrates[i].bitrate;
328 *pos++ = (u8) (rate / 5);
329 }
330 }
331 }
332
333 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
334
335 pos = skb_put(skb, 4);
336 *pos++ = WLAN_EID_PWR_CAPABILITY;
337 *pos++ = 2;
338 *pos++ = 0;
339 *pos++ = wk->chan->max_power;
340
341
342
343 pos = skb_put(skb, 2 * sband->n_channels + 2);
344 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
345 *pos++ = 2 * sband->n_channels;
346 for (i = 0; i < sband->n_channels; i++) {
347 *pos++ = ieee80211_frequency_to_channel(
348 sband->channels[i].center_freq);
349 *pos++ = 1;
350 }
351 }
352
353
354 if (wk->ie_len && wk->ie) {
355 static const u8 before_ht[] = {
356 WLAN_EID_SSID,
357 WLAN_EID_SUPP_RATES,
358 WLAN_EID_EXT_SUPP_RATES,
359 WLAN_EID_PWR_CAPABILITY,
360 WLAN_EID_SUPPORTED_CHANNELS,
361 WLAN_EID_RSN,
362 WLAN_EID_QOS_CAPA,
363 WLAN_EID_RRM_ENABLED_CAPABILITIES,
364 WLAN_EID_MOBILITY_DOMAIN,
365 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
366 };
367 noffset = ieee80211_ie_split(wk->ie, wk->ie_len,
368 before_ht, ARRAY_SIZE(before_ht),
369 offset);
370 pos = skb_put(skb, noffset - offset);
371 memcpy(pos, wk->ie + offset, noffset - offset);
372 offset = noffset;
373 }
374
375 if (wk->assoc.use_11n && wk->assoc.wmm_used &&
376 local->hw.queues >= 4)
377 ieee80211_add_ht_ie(skb, wk->assoc.ht_information_ie,
378 sband, wk->chan, wk->assoc.smps);
379
380
381 if (wk->ie_len && wk->ie) {
382 noffset = ieee80211_ie_split_vendor(wk->ie, wk->ie_len,
383 offset);
384 pos = skb_put(skb, noffset - offset);
385 memcpy(pos, wk->ie + offset, noffset - offset);
386 offset = noffset;
387 }
388
389 if (wk->assoc.wmm_used && local->hw.queues >= 4) {
390 if (wk->assoc.uapsd_used) {
391 qos_info = local->uapsd_queues;
392 qos_info |= (local->uapsd_max_sp_len <<
393 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
394 } else {
395 qos_info = 0;
396 }
397
398 pos = skb_put(skb, 9);
399 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
400 *pos++ = 7;
401 *pos++ = 0x00;
402 *pos++ = 0x50;
403 *pos++ = 0xf2;
404 *pos++ = 2;
405 *pos++ = 0;
406 *pos++ = 1;
407 *pos++ = qos_info;
408 }
409
410
411 if (wk->ie_len && wk->ie) {
412 noffset = wk->ie_len;
413 pos = skb_put(skb, noffset - offset);
414 memcpy(pos, wk->ie + offset, noffset - offset);
415 }
416
417 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
418 ieee80211_tx_skb(sdata, skb);
419}
420
421static void ieee80211_remove_auth_bss(struct ieee80211_local *local,
422 struct ieee80211_work *wk)
423{
424 struct cfg80211_bss *cbss;
425 u16 capa_val = WLAN_CAPABILITY_ESS;
426
427 if (wk->probe_auth.privacy)
428 capa_val |= WLAN_CAPABILITY_PRIVACY;
429
430 cbss = cfg80211_get_bss(local->hw.wiphy, wk->chan, wk->filter_ta,
431 wk->probe_auth.ssid, wk->probe_auth.ssid_len,
432 WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY,
433 capa_val);
434 if (!cbss)
435 return;
436
437 cfg80211_unlink_bss(local->hw.wiphy, cbss);
438 cfg80211_put_bss(cbss);
439}
440
441static enum work_action __must_check
442ieee80211_direct_probe(struct ieee80211_work *wk)
443{
444 struct ieee80211_sub_if_data *sdata = wk->sdata;
445 struct ieee80211_local *local = sdata->local;
446
447 wk->probe_auth.tries++;
448 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
449 printk(KERN_DEBUG "%s: direct probe to %pM timed out\n",
450 sdata->name, wk->filter_ta);
451
452
453
454
455
456 ieee80211_remove_auth_bss(local, wk);
457
458 return WORK_ACT_TIMEOUT;
459 }
460
461 printk(KERN_DEBUG "%s: direct probe to %pM (try %d/%i)\n",
462 sdata->name, wk->filter_ta, wk->probe_auth.tries,
463 IEEE80211_AUTH_MAX_TRIES);
464
465
466
467
468
469 ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid,
470 wk->probe_auth.ssid_len, NULL, 0);
471
472 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
473 run_again(local, wk->timeout);
474
475 return WORK_ACT_NONE;
476}
477
478
479static enum work_action __must_check
480ieee80211_authenticate(struct ieee80211_work *wk)
481{
482 struct ieee80211_sub_if_data *sdata = wk->sdata;
483 struct ieee80211_local *local = sdata->local;
484
485 wk->probe_auth.tries++;
486 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
487 printk(KERN_DEBUG "%s: authentication with %pM"
488 " timed out\n", sdata->name, wk->filter_ta);
489
490
491
492
493
494 ieee80211_remove_auth_bss(local, wk);
495
496 return WORK_ACT_TIMEOUT;
497 }
498
499 printk(KERN_DEBUG "%s: authenticate with %pM (try %d)\n",
500 sdata->name, wk->filter_ta, wk->probe_auth.tries);
501
502 ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie,
503 wk->ie_len, wk->filter_ta, NULL, 0, 0);
504 wk->probe_auth.transaction = 2;
505
506 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
507 run_again(local, wk->timeout);
508
509 return WORK_ACT_NONE;
510}
511
512static enum work_action __must_check
513ieee80211_associate(struct ieee80211_work *wk)
514{
515 struct ieee80211_sub_if_data *sdata = wk->sdata;
516 struct ieee80211_local *local = sdata->local;
517
518 wk->assoc.tries++;
519 if (wk->assoc.tries > IEEE80211_ASSOC_MAX_TRIES) {
520 printk(KERN_DEBUG "%s: association with %pM"
521 " timed out\n",
522 sdata->name, wk->filter_ta);
523
524
525
526
527
528 if (wk->assoc.bss)
529 cfg80211_unlink_bss(local->hw.wiphy, wk->assoc.bss);
530
531 return WORK_ACT_TIMEOUT;
532 }
533
534 printk(KERN_DEBUG "%s: associate with %pM (try %d)\n",
535 sdata->name, wk->filter_ta, wk->assoc.tries);
536 ieee80211_send_assoc(sdata, wk);
537
538 wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
539 run_again(local, wk->timeout);
540
541 return WORK_ACT_NONE;
542}
543
544static enum work_action __must_check
545ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk)
546{
547
548
549
550
551 if (!wk->started) {
552 wk->timeout = jiffies + msecs_to_jiffies(wk->remain.duration);
553
554 cfg80211_ready_on_channel(wk->sdata->dev, (unsigned long) wk,
555 wk->chan, wk->chan_type,
556 wk->remain.duration, GFP_KERNEL);
557
558 return WORK_ACT_NONE;
559 }
560
561 return WORK_ACT_TIMEOUT;
562}
563
564static enum work_action __must_check
565ieee80211_offchannel_tx(struct ieee80211_work *wk)
566{
567 if (!wk->started) {
568 wk->timeout = jiffies + msecs_to_jiffies(wk->offchan_tx.wait);
569
570
571
572
573
574
575 ieee80211_tx_skb(wk->sdata, wk->offchan_tx.frame);
576
577 return WORK_ACT_NONE;
578 }
579
580 return WORK_ACT_TIMEOUT;
581}
582
583static enum work_action __must_check
584ieee80211_assoc_beacon_wait(struct ieee80211_work *wk)
585{
586 if (wk->started)
587 return WORK_ACT_TIMEOUT;
588
589
590
591
592
593 printk(KERN_DEBUG "%s: waiting for beacon from %pM\n",
594 wk->sdata->name, wk->filter_ta);
595 wk->timeout = TU_TO_EXP_TIME(wk->assoc.bss->beacon_interval);
596 return WORK_ACT_NONE;
597}
598
599static void ieee80211_auth_challenge(struct ieee80211_work *wk,
600 struct ieee80211_mgmt *mgmt,
601 size_t len)
602{
603 struct ieee80211_sub_if_data *sdata = wk->sdata;
604 u8 *pos;
605 struct ieee802_11_elems elems;
606
607 pos = mgmt->u.auth.variable;
608 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
609 if (!elems.challenge)
610 return;
611 ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm,
612 elems.challenge - 2, elems.challenge_len + 2,
613 wk->filter_ta, wk->probe_auth.key,
614 wk->probe_auth.key_len, wk->probe_auth.key_idx);
615 wk->probe_auth.transaction = 4;
616}
617
618static enum work_action __must_check
619ieee80211_rx_mgmt_auth(struct ieee80211_work *wk,
620 struct ieee80211_mgmt *mgmt, size_t len)
621{
622 u16 auth_alg, auth_transaction, status_code;
623
624 if (wk->type != IEEE80211_WORK_AUTH)
625 return WORK_ACT_MISMATCH;
626
627 if (len < 24 + 6)
628 return WORK_ACT_NONE;
629
630 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
631 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
632 status_code = le16_to_cpu(mgmt->u.auth.status_code);
633
634 if (auth_alg != wk->probe_auth.algorithm ||
635 auth_transaction != wk->probe_auth.transaction)
636 return WORK_ACT_NONE;
637
638 if (status_code != WLAN_STATUS_SUCCESS) {
639 printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n",
640 wk->sdata->name, mgmt->sa, status_code);
641 return WORK_ACT_DONE;
642 }
643
644 switch (wk->probe_auth.algorithm) {
645 case WLAN_AUTH_OPEN:
646 case WLAN_AUTH_LEAP:
647 case WLAN_AUTH_FT:
648 break;
649 case WLAN_AUTH_SHARED_KEY:
650 if (wk->probe_auth.transaction != 4) {
651 ieee80211_auth_challenge(wk, mgmt, len);
652
653 return WORK_ACT_NONE;
654 }
655 break;
656 default:
657 WARN_ON(1);
658 return WORK_ACT_NONE;
659 }
660
661 printk(KERN_DEBUG "%s: authenticated\n", wk->sdata->name);
662 return WORK_ACT_DONE;
663}
664
665static enum work_action __must_check
666ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk,
667 struct ieee80211_mgmt *mgmt, size_t len,
668 bool reassoc)
669{
670 struct ieee80211_sub_if_data *sdata = wk->sdata;
671 struct ieee80211_local *local = sdata->local;
672 u16 capab_info, status_code, aid;
673 struct ieee802_11_elems elems;
674 u8 *pos;
675
676 if (wk->type != IEEE80211_WORK_ASSOC)
677 return WORK_ACT_MISMATCH;
678
679
680
681
682
683
684 if (len < 24 + 6)
685 return WORK_ACT_NONE;
686
687 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
688 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
689 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
690
691 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x "
692 "status=%d aid=%d)\n",
693 sdata->name, reassoc ? "Rea" : "A", mgmt->sa,
694 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
695
696 pos = mgmt->u.assoc_resp.variable;
697 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
698
699 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
700 elems.timeout_int && elems.timeout_int_len == 5 &&
701 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
702 u32 tu, ms;
703 tu = get_unaligned_le32(elems.timeout_int + 1);
704 ms = tu * 1024 / 1000;
705 printk(KERN_DEBUG "%s: %pM rejected association temporarily; "
706 "comeback duration %u TU (%u ms)\n",
707 sdata->name, mgmt->sa, tu, ms);
708 wk->timeout = jiffies + msecs_to_jiffies(ms);
709 if (ms > IEEE80211_ASSOC_TIMEOUT)
710 run_again(local, wk->timeout);
711 return WORK_ACT_NONE;
712 }
713
714 if (status_code != WLAN_STATUS_SUCCESS)
715 printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n",
716 sdata->name, mgmt->sa, status_code);
717 else
718 printk(KERN_DEBUG "%s: associated\n", sdata->name);
719
720 return WORK_ACT_DONE;
721}
722
723static enum work_action __must_check
724ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk,
725 struct ieee80211_mgmt *mgmt, size_t len,
726 struct ieee80211_rx_status *rx_status)
727{
728 struct ieee80211_sub_if_data *sdata = wk->sdata;
729 struct ieee80211_local *local = sdata->local;
730 size_t baselen;
731
732 ASSERT_WORK_MTX(local);
733
734 if (wk->type != IEEE80211_WORK_DIRECT_PROBE)
735 return WORK_ACT_MISMATCH;
736
737 if (len < 24 + 12)
738 return WORK_ACT_NONE;
739
740 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
741 if (baselen > len)
742 return WORK_ACT_NONE;
743
744 printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name);
745 return WORK_ACT_DONE;
746}
747
748static enum work_action __must_check
749ieee80211_rx_mgmt_beacon(struct ieee80211_work *wk,
750 struct ieee80211_mgmt *mgmt, size_t len)
751{
752 struct ieee80211_sub_if_data *sdata = wk->sdata;
753 struct ieee80211_local *local = sdata->local;
754
755 ASSERT_WORK_MTX(local);
756
757 if (wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
758 return WORK_ACT_MISMATCH;
759
760 if (len < 24 + 12)
761 return WORK_ACT_NONE;
762
763 printk(KERN_DEBUG "%s: beacon received\n", sdata->name);
764 return WORK_ACT_DONE;
765}
766
767static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
768 struct sk_buff *skb)
769{
770 struct ieee80211_rx_status *rx_status;
771 struct ieee80211_mgmt *mgmt;
772 struct ieee80211_work *wk;
773 enum work_action rma = WORK_ACT_NONE;
774 u16 fc;
775
776 rx_status = (struct ieee80211_rx_status *) skb->cb;
777 mgmt = (struct ieee80211_mgmt *) skb->data;
778 fc = le16_to_cpu(mgmt->frame_control);
779
780 mutex_lock(&local->mtx);
781
782 list_for_each_entry(wk, &local->work_list, list) {
783 const u8 *bssid = NULL;
784
785 switch (wk->type) {
786 case IEEE80211_WORK_DIRECT_PROBE:
787 case IEEE80211_WORK_AUTH:
788 case IEEE80211_WORK_ASSOC:
789 case IEEE80211_WORK_ASSOC_BEACON_WAIT:
790 bssid = wk->filter_ta;
791 break;
792 default:
793 continue;
794 }
795
796
797
798
799
800 if (compare_ether_addr(bssid, mgmt->bssid))
801 continue;
802
803 switch (fc & IEEE80211_FCTL_STYPE) {
804 case IEEE80211_STYPE_BEACON:
805 rma = ieee80211_rx_mgmt_beacon(wk, mgmt, skb->len);
806 break;
807 case IEEE80211_STYPE_PROBE_RESP:
808 rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len,
809 rx_status);
810 break;
811 case IEEE80211_STYPE_AUTH:
812 rma = ieee80211_rx_mgmt_auth(wk, mgmt, skb->len);
813 break;
814 case IEEE80211_STYPE_ASSOC_RESP:
815 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
816 skb->len, false);
817 break;
818 case IEEE80211_STYPE_REASSOC_RESP:
819 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
820 skb->len, true);
821 break;
822 default:
823 WARN_ON(1);
824 rma = WORK_ACT_NONE;
825 }
826
827
828
829
830
831
832 if (rma == WORK_ACT_MISMATCH)
833 continue;
834
835
836
837
838
839
840 break;
841 }
842
843 switch (rma) {
844 case WORK_ACT_MISMATCH:
845
846 break;
847 case WORK_ACT_NONE:
848 break;
849 case WORK_ACT_DONE:
850 list_del_rcu(&wk->list);
851 break;
852 default:
853 WARN(1, "unexpected: %d", rma);
854 }
855
856 mutex_unlock(&local->mtx);
857
858 if (rma != WORK_ACT_DONE)
859 goto out;
860
861 switch (wk->done(wk, skb)) {
862 case WORK_DONE_DESTROY:
863 free_work(wk);
864 break;
865 case WORK_DONE_REQUEUE:
866 synchronize_rcu();
867 wk->started = false;
868 mutex_lock(&local->mtx);
869 list_add_tail(&wk->list, &local->work_list);
870 mutex_unlock(&local->mtx);
871 }
872
873 out:
874 kfree_skb(skb);
875}
876
877static void ieee80211_work_timer(unsigned long data)
878{
879 struct ieee80211_local *local = (void *) data;
880
881 if (local->quiescing)
882 return;
883
884 ieee80211_queue_work(&local->hw, &local->work_work);
885}
886
887static void ieee80211_work_work(struct work_struct *work)
888{
889 struct ieee80211_local *local =
890 container_of(work, struct ieee80211_local, work_work);
891 struct sk_buff *skb;
892 struct ieee80211_work *wk, *tmp;
893 LIST_HEAD(free_work);
894 enum work_action rma;
895 bool remain_off_channel = false;
896
897 if (local->scanning)
898 return;
899
900
901
902
903
904 if (WARN(local->suspended, "work scheduled while going to suspend\n"))
905 return;
906
907
908 while ((skb = skb_dequeue(&local->work_skb_queue)))
909 ieee80211_work_rx_queued_mgmt(local, skb);
910
911 mutex_lock(&local->mtx);
912
913 ieee80211_recalc_idle(local);
914
915 list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
916 bool started = wk->started;
917
918
919 if (!started && local->tmp_channel &&
920 wk->chan == local->tmp_channel &&
921 wk->chan_type == local->tmp_channel_type) {
922 started = true;
923 wk->timeout = jiffies;
924 }
925
926 if (!started && !local->tmp_channel) {
927
928
929
930
931
932
933 ieee80211_offchannel_stop_beaconing(local);
934 ieee80211_offchannel_stop_station(local);
935
936 local->tmp_channel = wk->chan;
937 local->tmp_channel_type = wk->chan_type;
938 ieee80211_hw_config(local, 0);
939 started = true;
940 wk->timeout = jiffies;
941 }
942
943
944 if (!started)
945 continue;
946
947 if (time_is_after_jiffies(wk->timeout)) {
948
949
950
951
952
953 run_again(local, wk->timeout);
954 continue;
955 }
956
957 switch (wk->type) {
958 default:
959 WARN_ON(1);
960
961 rma = WORK_ACT_NONE;
962 break;
963 case IEEE80211_WORK_ABORT:
964 rma = WORK_ACT_TIMEOUT;
965 break;
966 case IEEE80211_WORK_DIRECT_PROBE:
967 rma = ieee80211_direct_probe(wk);
968 break;
969 case IEEE80211_WORK_AUTH:
970 rma = ieee80211_authenticate(wk);
971 break;
972 case IEEE80211_WORK_ASSOC:
973 rma = ieee80211_associate(wk);
974 break;
975 case IEEE80211_WORK_REMAIN_ON_CHANNEL:
976 rma = ieee80211_remain_on_channel_timeout(wk);
977 break;
978 case IEEE80211_WORK_OFFCHANNEL_TX:
979 rma = ieee80211_offchannel_tx(wk);
980 break;
981 case IEEE80211_WORK_ASSOC_BEACON_WAIT:
982 rma = ieee80211_assoc_beacon_wait(wk);
983 break;
984 }
985
986 wk->started = started;
987
988 switch (rma) {
989 case WORK_ACT_NONE:
990
991 run_again(local, wk->timeout);
992 break;
993 case WORK_ACT_TIMEOUT:
994 list_del_rcu(&wk->list);
995 synchronize_rcu();
996 list_add(&wk->list, &free_work);
997 break;
998 default:
999 WARN(1, "unexpected: %d", rma);
1000 }
1001 }
1002
1003 list_for_each_entry(wk, &local->work_list, list) {
1004 if (!wk->started)
1005 continue;
1006 if (wk->chan != local->tmp_channel)
1007 continue;
1008 if (wk->chan_type != local->tmp_channel_type)
1009 continue;
1010 remain_off_channel = true;
1011 }
1012
1013 if (!remain_off_channel && local->tmp_channel) {
1014 local->tmp_channel = NULL;
1015 ieee80211_hw_config(local, 0);
1016 ieee80211_offchannel_return(local, true);
1017
1018 run_again(local, jiffies + HZ/2);
1019 }
1020
1021 if (list_empty(&local->work_list) && local->scan_req &&
1022 !local->scanning)
1023 ieee80211_queue_delayed_work(&local->hw,
1024 &local->scan_work,
1025 round_jiffies_relative(0));
1026
1027 ieee80211_recalc_idle(local);
1028
1029 mutex_unlock(&local->mtx);
1030
1031 list_for_each_entry_safe(wk, tmp, &free_work, list) {
1032 wk->done(wk, NULL);
1033 list_del(&wk->list);
1034 kfree(wk);
1035 }
1036}
1037
1038void ieee80211_add_work(struct ieee80211_work *wk)
1039{
1040 struct ieee80211_local *local;
1041
1042 if (WARN_ON(!wk->chan))
1043 return;
1044
1045 if (WARN_ON(!wk->sdata))
1046 return;
1047
1048 if (WARN_ON(!wk->done))
1049 return;
1050
1051 if (WARN_ON(!ieee80211_sdata_running(wk->sdata)))
1052 return;
1053
1054 wk->started = false;
1055
1056 local = wk->sdata->local;
1057 mutex_lock(&local->mtx);
1058 list_add_tail(&wk->list, &local->work_list);
1059 mutex_unlock(&local->mtx);
1060
1061 ieee80211_queue_work(&local->hw, &local->work_work);
1062}
1063
1064void ieee80211_work_init(struct ieee80211_local *local)
1065{
1066 INIT_LIST_HEAD(&local->work_list);
1067 setup_timer(&local->work_timer, ieee80211_work_timer,
1068 (unsigned long)local);
1069 INIT_WORK(&local->work_work, ieee80211_work_work);
1070 skb_queue_head_init(&local->work_skb_queue);
1071}
1072
1073void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata)
1074{
1075 struct ieee80211_local *local = sdata->local;
1076 struct ieee80211_work *wk;
1077 bool cleanup = false;
1078
1079 mutex_lock(&local->mtx);
1080 list_for_each_entry(wk, &local->work_list, list) {
1081 if (wk->sdata != sdata)
1082 continue;
1083 cleanup = true;
1084 wk->type = IEEE80211_WORK_ABORT;
1085 wk->started = true;
1086 wk->timeout = jiffies;
1087 }
1088 mutex_unlock(&local->mtx);
1089
1090
1091 if (cleanup)
1092 ieee80211_work_work(&local->work_work);
1093
1094 mutex_lock(&local->mtx);
1095 list_for_each_entry(wk, &local->work_list, list) {
1096 if (wk->sdata != sdata)
1097 continue;
1098 WARN_ON(1);
1099 break;
1100 }
1101 mutex_unlock(&local->mtx);
1102}
1103
1104ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1105 struct sk_buff *skb)
1106{
1107 struct ieee80211_local *local = sdata->local;
1108 struct ieee80211_mgmt *mgmt;
1109 struct ieee80211_work *wk;
1110 u16 fc;
1111
1112 if (skb->len < 24)
1113 return RX_DROP_MONITOR;
1114
1115 mgmt = (struct ieee80211_mgmt *) skb->data;
1116 fc = le16_to_cpu(mgmt->frame_control);
1117
1118 list_for_each_entry_rcu(wk, &local->work_list, list) {
1119 if (sdata != wk->sdata)
1120 continue;
1121 if (compare_ether_addr(wk->filter_ta, mgmt->sa))
1122 continue;
1123 if (compare_ether_addr(wk->filter_ta, mgmt->bssid))
1124 continue;
1125
1126 switch (fc & IEEE80211_FCTL_STYPE) {
1127 case IEEE80211_STYPE_AUTH:
1128 case IEEE80211_STYPE_PROBE_RESP:
1129 case IEEE80211_STYPE_ASSOC_RESP:
1130 case IEEE80211_STYPE_REASSOC_RESP:
1131 case IEEE80211_STYPE_BEACON:
1132 skb_queue_tail(&local->work_skb_queue, skb);
1133 ieee80211_queue_work(&local->hw, &local->work_work);
1134 return RX_QUEUED;
1135 }
1136 }
1137
1138 return RX_CONTINUE;
1139}
1140
1141static enum work_done_result ieee80211_remain_done(struct ieee80211_work *wk,
1142 struct sk_buff *skb)
1143{
1144
1145
1146
1147 cfg80211_remain_on_channel_expired(wk->sdata->dev, (unsigned long) wk,
1148 wk->chan, wk->chan_type,
1149 GFP_KERNEL);
1150
1151 return WORK_DONE_DESTROY;
1152}
1153
1154int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1155 struct ieee80211_channel *chan,
1156 enum nl80211_channel_type channel_type,
1157 unsigned int duration, u64 *cookie)
1158{
1159 struct ieee80211_work *wk;
1160
1161 wk = kzalloc(sizeof(*wk), GFP_KERNEL);
1162 if (!wk)
1163 return -ENOMEM;
1164
1165 wk->type = IEEE80211_WORK_REMAIN_ON_CHANNEL;
1166 wk->chan = chan;
1167 wk->chan_type = channel_type;
1168 wk->sdata = sdata;
1169 wk->done = ieee80211_remain_done;
1170
1171 wk->remain.duration = duration;
1172
1173 *cookie = (unsigned long) wk;
1174
1175 ieee80211_add_work(wk);
1176
1177 return 0;
1178}
1179
1180int ieee80211_wk_cancel_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1181 u64 cookie)
1182{
1183 struct ieee80211_local *local = sdata->local;
1184 struct ieee80211_work *wk, *tmp;
1185 bool found = false;
1186
1187 mutex_lock(&local->mtx);
1188 list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
1189 if ((unsigned long) wk == cookie) {
1190 wk->timeout = jiffies;
1191 found = true;
1192 break;
1193 }
1194 }
1195 mutex_unlock(&local->mtx);
1196
1197 if (!found)
1198 return -ENOENT;
1199
1200 ieee80211_queue_work(&local->hw, &local->work_work);
1201
1202 return 0;
1203}
1204
