linux/net/mac80211/scan.c
<<
>>
Prefs 
   1/*
   2 * Scanning implementation
   3 *
   4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
   5 * Copyright 2004, Instant802 Networks, Inc.
   6 * Copyright 2005, Devicescape Software, Inc.
   7 * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
   8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
   9 *
  10 * This program is free software; you can redistribute it and/or modify
  11 * it under the terms of the GNU General Public License version 2 as
  12 * published by the Free Software Foundation.
  13 */
  14
  15#include <linux/if_arp.h>
  16#include <linux/etherdevice.h>
  17#include <linux/rtnetlink.h>
  18#include <linux/pm_qos.h>
  19#include <net/sch_generic.h>
  20#include <linux/slab.h>
  21#include <linux/export.h>
  22#include <net/mac80211.h>
  23
  24#include "ieee80211_i.h"
  25#include "driver-ops.h"
  26#include "mesh.h"
  27
  28#define IEEE80211_PROBE_DELAY (HZ / 33)
  29#define IEEE80211_CHANNEL_TIME (HZ / 33)
  30#define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 9)
  31
  32void ieee80211_rx_bss_put(struct ieee80211_local *local,
  33                          struct ieee80211_bss *bss)
  34{
  35        if (!bss)
  36                return;
  37        cfg80211_put_bss(local->hw.wiphy,
  38                         container_of((void *)bss, struct cfg80211_bss, priv));
  39}
  40
  41static bool is_uapsd_supported(struct ieee802_11_elems *elems)
  42{
  43        u8 qos_info;
  44
  45        if (elems->wmm_info && elems->wmm_info_len == 7
  46            && elems->wmm_info[5] == 1)
  47                qos_info = elems->wmm_info[6];
  48        else if (elems->wmm_param && elems->wmm_param_len == 24
  49                 && elems->wmm_param[5] == 1)
  50                qos_info = elems->wmm_param[6];
  51        else
  52                /* no valid wmm information or parameter element found */
  53                return false;
  54
  55        return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD;
  56}
  57
  58struct ieee80211_bss *
  59ieee80211_bss_info_update(struct ieee80211_local *local,
  60                          struct ieee80211_rx_status *rx_status,
  61                          struct ieee80211_mgmt *mgmt, size_t len,
  62                          struct ieee802_11_elems *elems,
  63                          struct ieee80211_channel *channel)
  64{
  65        bool beacon = ieee80211_is_beacon(mgmt->frame_control);
  66        struct cfg80211_bss *cbss;
  67        struct ieee80211_bss *bss;
  68        int clen, srlen;
  69        s32 signal = 0;
  70
  71        if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
  72                signal = rx_status->signal * 100;
  73        else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)
  74                signal = (rx_status->signal * 100) / local->hw.max_signal;
  75
  76        cbss = cfg80211_inform_bss_frame(local->hw.wiphy, channel,
  77                                         mgmt, len, signal, GFP_ATOMIC);
  78        if (!cbss)
  79                return NULL;
  80
  81        bss = (void *)cbss->priv;
  82
  83        if (beacon)
  84                bss->device_ts_beacon = rx_status->device_timestamp;
  85        else
  86                bss->device_ts_presp = rx_status->device_timestamp;
  87
  88        if (elems->parse_error) {
  89                if (beacon)
  90                        bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON;
  91                else
  92                        bss->corrupt_data |= IEEE80211_BSS_CORRUPT_PROBE_RESP;
  93        } else {
  94                if (beacon)
  95                        bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_BEACON;
  96                else
  97                        bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_PROBE_RESP;
  98        }
  99
 100        /* save the ERP value so that it is available at association time */
 101        if (elems->erp_info && (!elems->parse_error ||
 102                                !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) {
 103                bss->erp_value = elems->erp_info[0];
 104                bss->has_erp_value = true;
 105                if (!elems->parse_error)
 106                        bss->valid_data |= IEEE80211_BSS_VALID_ERP;
 107        }
 108
 109        /* replace old supported rates if we get new values */
 110        if (!elems->parse_error ||
 111            !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) {
 112                srlen = 0;
 113                if (elems->supp_rates) {
 114                        clen = IEEE80211_MAX_SUPP_RATES;
 115                        if (clen > elems->supp_rates_len)
 116                                clen = elems->supp_rates_len;
 117                        memcpy(bss->supp_rates, elems->supp_rates, clen);
 118                        srlen += clen;
 119                }
 120                if (elems->ext_supp_rates) {
 121                        clen = IEEE80211_MAX_SUPP_RATES - srlen;
 122                        if (clen > elems->ext_supp_rates_len)
 123                                clen = elems->ext_supp_rates_len;
 124                        memcpy(bss->supp_rates + srlen, elems->ext_supp_rates,
 125                               clen);
 126                        srlen += clen;
 127                }
 128                if (srlen) {
 129                        bss->supp_rates_len = srlen;
 130                        if (!elems->parse_error)
 131                                bss->valid_data |= IEEE80211_BSS_VALID_RATES;
 132                }
 133        }
 134
 135        if (!elems->parse_error ||
 136            !(bss->valid_data & IEEE80211_BSS_VALID_WMM)) {
 137                bss->wmm_used = elems->wmm_param || elems->wmm_info;
 138                bss->uapsd_supported = is_uapsd_supported(elems);
 139                if (!elems->parse_error)
 140                        bss->valid_data |= IEEE80211_BSS_VALID_WMM;
 141        }
 142
 143        return bss;
 144}
 145
 146void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb)
 147{
 148        struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
 149        struct ieee80211_sub_if_data *sdata1, *sdata2;
 150        struct ieee80211_mgmt *mgmt = (void *)skb->data;
 151        struct ieee80211_bss *bss;
 152        u8 *elements;
 153        struct ieee80211_channel *channel;
 154        size_t baselen;
 155        struct ieee802_11_elems elems;
 156
 157        if (skb->len < 24 ||
 158            (!ieee80211_is_probe_resp(mgmt->frame_control) &&
 159             !ieee80211_is_beacon(mgmt->frame_control)))
 160                return;
 161
 162        sdata1 = rcu_dereference(local->scan_sdata);
 163        sdata2 = rcu_dereference(local->sched_scan_sdata);
 164
 165        if (likely(!sdata1 && !sdata2))
 166                return;
 167
 168        if (ieee80211_is_probe_resp(mgmt->frame_control)) {
 169                /* ignore ProbeResp to foreign address */
 170                if ((!sdata1 || !ether_addr_equal(mgmt->da, sdata1->vif.addr)) &&
 171                    (!sdata2 || !ether_addr_equal(mgmt->da, sdata2->vif.addr)))
 172                        return;
 173
 174                elements = mgmt->u.probe_resp.variable;
 175                baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
 176        } else {
 177                baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable);
 178                elements = mgmt->u.beacon.variable;
 179        }
 180
 181        if (baselen > skb->len)
 182                return;
 183
 184        ieee802_11_parse_elems(elements, skb->len - baselen, false, &elems);
 185
 186        channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq);
 187
 188        if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
 189                return;
 190
 191        bss = ieee80211_bss_info_update(local, rx_status,
 192                                        mgmt, skb->len, &elems,
 193                                        channel);
 194        if (bss)
 195                ieee80211_rx_bss_put(local, bss);
 196}
 197
 198/* return false if no more work */
 199static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
 200{
 201        struct cfg80211_scan_request *req = local->scan_req;
 202        enum ieee80211_band band;
 203        int i, ielen, n_chans;
 204
 205        do {
 206                if (local->hw_scan_band == IEEE80211_NUM_BANDS)
 207                        return false;
 208
 209                band = local->hw_scan_band;
 210                n_chans = 0;
 211                for (i = 0; i < req->n_channels; i++) {
 212                        if (req->channels[i]->band == band) {
 213                                local->hw_scan_req->channels[n_chans] =
 214                                                        req->channels[i];
 215                                n_chans++;
 216                        }
 217                }
 218
 219                local->hw_scan_band++;
 220        } while (!n_chans);
 221
 222        local->hw_scan_req->n_channels = n_chans;
 223
 224        ielen = ieee80211_build_preq_ies(local, (u8 *)local->hw_scan_req->ie,
 225                                         local->hw_scan_ies_bufsize,
 226                                         req->ie, req->ie_len, band,
 227                                         req->rates[band], 0);
 228        local->hw_scan_req->ie_len = ielen;
 229        local->hw_scan_req->no_cck = req->no_cck;
 230
 231        return true;
 232}
 233
 234static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted,
 235                                       bool was_hw_scan)
 236{
 237        struct ieee80211_local *local = hw_to_local(hw);
 238
 239        lockdep_assert_held(&local->mtx);
 240
 241        /*
 242         * It's ok to abort a not-yet-running scan (that
 243         * we have one at all will be verified by checking
 244         * local->scan_req next), but not to complete it
 245         * successfully.
 246         */
 247        if (WARN_ON(!local->scanning && !aborted))
 248                aborted = true;
 249
 250        if (WARN_ON(!local->scan_req))
 251                return;
 252
 253        if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) {
 254                int rc;
 255
 256                rc = drv_hw_scan(local,
 257                        rcu_dereference_protected(local->scan_sdata,
 258                                                  lockdep_is_held(&local->mtx)),
 259                        local->hw_scan_req);
 260
 261                if (rc == 0)
 262                        return;
 263        }
 264
 265        kfree(local->hw_scan_req);
 266        local->hw_scan_req = NULL;
 267
 268        if (local->scan_req != local->int_scan_req)
 269                cfg80211_scan_done(local->scan_req, aborted);
 270        local->scan_req = NULL;
 271        rcu_assign_pointer(local->scan_sdata, NULL);
 272
 273        local->scanning = 0;
 274        local->scan_channel = NULL;
 275
 276        /* Set power back to normal operating levels. */
 277        ieee80211_hw_config(local, 0);
 278
 279        if (!was_hw_scan) {
 280                ieee80211_configure_filter(local);
 281                drv_sw_scan_complete(local);
 282                ieee80211_offchannel_return(local);
 283        }
 284
 285        ieee80211_recalc_idle(local);
 286
 287        ieee80211_mlme_notify_scan_completed(local);
 288        ieee80211_ibss_notify_scan_completed(local);
 289        ieee80211_mesh_notify_scan_completed(local);
 290        ieee80211_start_next_roc(local);
 291}
 292
 293void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
 294{
 295        struct ieee80211_local *local = hw_to_local(hw);
 296
 297        trace_api_scan_completed(local, aborted);
 298
 299        set_bit(SCAN_COMPLETED, &local->scanning);
 300        if (aborted)
 301                set_bit(SCAN_ABORTED, &local->scanning);
 302        ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0);
 303}
 304EXPORT_SYMBOL(ieee80211_scan_completed);
 305
 306static int ieee80211_start_sw_scan(struct ieee80211_local *local)
 307{
 308        /* Software scan is not supported in multi-channel cases */
 309        if (local->use_chanctx)
 310                return -EOPNOTSUPP;
 311
 312        /*
 313         * Hardware/driver doesn't support hw_scan, so use software
 314         * scanning instead. First send a nullfunc frame with power save
 315         * bit on so that AP will buffer the frames for us while we are not
 316         * listening, then send probe requests to each channel and wait for
 317         * the responses. After all channels are scanned, tune back to the
 318         * original channel and send a nullfunc frame with power save bit
 319         * off to trigger the AP to send us all the buffered frames.
 320         *
 321         * Note that while local->sw_scanning is true everything else but
 322         * nullfunc frames and probe requests will be dropped in
 323         * ieee80211_tx_h_check_assoc().
 324         */
 325        drv_sw_scan_start(local);
 326
 327        local->leave_oper_channel_time = jiffies;
 328        local->next_scan_state = SCAN_DECISION;
 329        local->scan_channel_idx = 0;
 330
 331        ieee80211_offchannel_stop_vifs(local);
 332
 333        /* ensure nullfunc is transmitted before leaving operating channel */
 334        ieee80211_flush_queues(local, NULL);
 335
 336        ieee80211_configure_filter(local);
 337
 338        /* We need to set power level at maximum rate for scanning. */
 339        ieee80211_hw_config(local, 0);
 340
 341        ieee80211_queue_delayed_work(&local->hw,
 342                                     &local->scan_work, 0);
 343
 344        return 0;
 345}
 346
 347static bool ieee80211_can_scan(struct ieee80211_local *local,
 348                               struct ieee80211_sub_if_data *sdata)
 349{
 350        if (local->radar_detect_enabled)
 351                return false;
 352
 353        if (!list_empty(&local->roc_list))
 354                return false;
 355
 356        if (sdata->vif.type == NL80211_IFTYPE_STATION &&
 357            sdata->u.mgd.flags & (IEEE80211_STA_BEACON_POLL |
 358                                  IEEE80211_STA_CONNECTION_POLL))
 359                return false;
 360
 361        return true;
 362}
 363
 364void ieee80211_run_deferred_scan(struct ieee80211_local *local)
 365{
 366        lockdep_assert_held(&local->mtx);
 367
 368        if (!local->scan_req || local->scanning)
 369                return;
 370
 371        if (!ieee80211_can_scan(local,
 372                                rcu_dereference_protected(
 373                                        local->scan_sdata,
 374                                        lockdep_is_held(&local->mtx))))
 375                return;
 376
 377        ieee80211_queue_delayed_work(&local->hw, &local->scan_work,
 378                                     round_jiffies_relative(0));
 379}
 380
 381static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
 382                                            unsigned long *next_delay)
 383{
 384        int i;
 385        struct ieee80211_sub_if_data *sdata;
 386        enum ieee80211_band band = local->hw.conf.chandef.chan->band;
 387        u32 tx_flags;
 388
 389        tx_flags = IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
 390        if (local->scan_req->no_cck)
 391                tx_flags |= IEEE80211_TX_CTL_NO_CCK_RATE;
 392
 393        sdata = rcu_dereference_protected(local->scan_sdata,
 394                                          lockdep_is_held(&local->mtx));
 395
 396        for (i = 0; i < local->scan_req->n_ssids; i++)
 397                ieee80211_send_probe_req(
 398                        sdata, NULL,
 399                        local->scan_req->ssids[i].ssid,
 400                        local->scan_req->ssids[i].ssid_len,
 401                        local->scan_req->ie, local->scan_req->ie_len,
 402                        local->scan_req->rates[band], false,
 403                        tx_flags, local->hw.conf.chandef.chan, true);
 404
 405        /*
 406         * After sending probe requests, wait for probe responses
 407         * on the channel.
 408         */
 409        *next_delay = IEEE80211_CHANNEL_TIME;
 410        local->next_scan_state = SCAN_DECISION;
 411}
 412
 413static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
 414                                  struct cfg80211_scan_request *req)
 415{
 416        struct ieee80211_local *local = sdata->local;
 417        int rc;
 418
 419        lockdep_assert_held(&local->mtx);
 420
 421        if (local->scan_req)
 422                return -EBUSY;
 423
 424        if (!ieee80211_can_scan(local, sdata)) {
 425                /* wait for the work to finish/time out */
 426                local->scan_req = req;
 427                rcu_assign_pointer(local->scan_sdata, sdata);
 428                return 0;
 429        }
 430
 431        if (local->ops->hw_scan) {
 432                u8 *ies;
 433
 434                local->hw_scan_ies_bufsize = 2 + IEEE80211_MAX_SSID_LEN +
 435                                             local->scan_ies_len +
 436                                             req->ie_len;
 437                local->hw_scan_req = kmalloc(
 438                                sizeof(*local->hw_scan_req) +
 439                                req->n_channels * sizeof(req->channels[0]) +
 440                                local->hw_scan_ies_bufsize, GFP_KERNEL);
 441                if (!local->hw_scan_req)
 442                        return -ENOMEM;
 443
 444                local->hw_scan_req->ssids = req->ssids;
 445                local->hw_scan_req->n_ssids = req->n_ssids;
 446                ies = (u8 *)local->hw_scan_req +
 447                        sizeof(*local->hw_scan_req) +
 448                        req->n_channels * sizeof(req->channels[0]);
 449                local->hw_scan_req->ie = ies;
 450                local->hw_scan_req->flags = req->flags;
 451
 452                local->hw_scan_band = 0;
 453
 454                /*
 455                 * After allocating local->hw_scan_req, we must
 456                 * go through until ieee80211_prep_hw_scan(), so
 457                 * anything that might be changed here and leave
 458                 * this function early must not go after this
 459                 * allocation.
 460                 */
 461        }
 462
 463        local->scan_req = req;
 464        rcu_assign_pointer(local->scan_sdata, sdata);
 465
 466        if (local->ops->hw_scan) {
 467                __set_bit(SCAN_HW_SCANNING, &local->scanning);
 468        } else if ((req->n_channels == 1) &&
 469                   (req->channels[0] == local->_oper_chandef.chan)) {
 470                /*
 471                 * If we are scanning only on the operating channel
 472                 * then we do not need to stop normal activities
 473                 */
 474                unsigned long next_delay;
 475
 476                __set_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning);
 477
 478                ieee80211_recalc_idle(local);
 479
 480                /* Notify driver scan is starting, keep order of operations
 481                 * same as normal software scan, in case that matters. */
 482                drv_sw_scan_start(local);
 483
 484                ieee80211_configure_filter(local); /* accept probe-responses */
 485
 486                /* We need to ensure power level is at max for scanning. */
 487                ieee80211_hw_config(local, 0);
 488
 489                if ((req->channels[0]->flags &
 490                     IEEE80211_CHAN_PASSIVE_SCAN) ||
 491                    !local->scan_req->n_ssids) {
 492                        next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
 493                } else {
 494                        ieee80211_scan_state_send_probe(local, &next_delay);
 495                        next_delay = IEEE80211_CHANNEL_TIME;
 496                }
 497
 498                /* Now, just wait a bit and we are all done! */
 499                ieee80211_queue_delayed_work(&local->hw, &local->scan_work,
 500                                             next_delay);
 501                return 0;
 502        } else {
 503                /* Do normal software scan */
 504                __set_bit(SCAN_SW_SCANNING, &local->scanning);
 505        }
 506
 507        ieee80211_recalc_idle(local);
 508
 509        if (local->ops->hw_scan) {
 510                WARN_ON(!ieee80211_prep_hw_scan(local));
 511                rc = drv_hw_scan(local, sdata, local->hw_scan_req);
 512        } else
 513                rc = ieee80211_start_sw_scan(local);
 514
 515        if (rc) {
 516                kfree(local->hw_scan_req);
 517                local->hw_scan_req = NULL;
 518                local->scanning = 0;
 519
 520                ieee80211_recalc_idle(local);
 521
 522                local->scan_req = NULL;
 523                rcu_assign_pointer(local->scan_sdata, NULL);
 524        }
 525
 526        return rc;
 527}
 528
 529static unsigned long
 530ieee80211_scan_get_channel_time(struct ieee80211_channel *chan)
 531{
 532        /*
 533         * TODO: channel switching also consumes quite some time,
 534         * add that delay as well to get a better estimation
 535         */
 536        if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
 537                return IEEE80211_PASSIVE_CHANNEL_TIME;
 538        return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME;
 539}
 540
 541static void ieee80211_scan_state_decision(struct ieee80211_local *local,
 542                                          unsigned long *next_delay)
 543{
 544        bool associated = false;
 545        bool tx_empty = true;
 546        bool bad_latency;
 547        struct ieee80211_sub_if_data *sdata;
 548        struct ieee80211_channel *next_chan;
 549        enum mac80211_scan_state next_scan_state;
 550
 551        /*
 552         * check if at least one STA interface is associated,
 553         * check if at least one STA interface has pending tx frames
 554         * and grab the lowest used beacon interval
 555         */
 556        mutex_lock(&local->iflist_mtx);
 557        list_for_each_entry(sdata, &local->interfaces, list) {
 558                if (!ieee80211_sdata_running(sdata))
 559                        continue;
 560
 561                if (sdata->vif.type == NL80211_IFTYPE_STATION) {
 562                        if (sdata->u.mgd.associated) {
 563                                associated = true;
 564
 565                                if (!qdisc_all_tx_empty(sdata->dev)) {
 566                                        tx_empty = false;
 567                                        break;
 568                                }
 569                        }
 570                }
 571        }
 572        mutex_unlock(&local->iflist_mtx);
 573
 574        next_chan = local->scan_req->channels[local->scan_channel_idx];
 575
 576        /*
 577         * we're currently scanning a different channel, let's
 578         * see if we can scan another channel without interfering
 579         * with the current traffic situation.
 580         *
 581         * Keep good latency, do not stay off-channel more than 125 ms.
 582         */
 583
 584        bad_latency = time_after(jiffies +
 585                                 ieee80211_scan_get_channel_time(next_chan),
 586                                 local->leave_oper_channel_time + HZ / 8);
 587
 588        if (associated && !tx_empty) {
 589                if (local->scan_req->flags & NL80211_SCAN_FLAG_LOW_PRIORITY)
 590                        next_scan_state = SCAN_ABORT;
 591                else
 592                        next_scan_state = SCAN_SUSPEND;
 593        } else if (associated && bad_latency) {
 594                next_scan_state = SCAN_SUSPEND;
 595        } else {
 596                next_scan_state = SCAN_SET_CHANNEL;
 597        }
 598
 599        local->next_scan_state = next_scan_state;
 600
 601        *next_delay = 0;
 602}
 603
 604static void ieee80211_scan_state_set_channel(struct ieee80211_local *local,
 605                                             unsigned long *next_delay)
 606{
 607        int skip;
 608        struct ieee80211_channel *chan;
 609
 610        skip = 0;
 611        chan = local->scan_req->channels[local->scan_channel_idx];
 612
 613        local->scan_channel = chan;
 614
 615        if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL))
 616                skip = 1;
 617
 618        /* advance state machine to next channel/band */
 619        local->scan_channel_idx++;
 620
 621        if (skip) {
 622                /* if we skip this channel return to the decision state */
 623                local->next_scan_state = SCAN_DECISION;
 624                return;
 625        }
 626
 627        /*
 628         * Probe delay is used to update the NAV, cf. 11.1.3.2.2
 629         * (which unfortunately doesn't say _why_ step a) is done,
 630         * but it waits for the probe delay or until a frame is
 631         * received - and the received frame would update the NAV).
 632         * For now, we do not support waiting until a frame is
 633         * received.
 634         *
 635         * In any case, it is not necessary for a passive scan.
 636         */
 637        if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN ||
 638            !local->scan_req->n_ssids) {
 639                *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
 640                local->next_scan_state = SCAN_DECISION;
 641                return;
 642        }
 643
 644        /* active scan, send probes */
 645        *next_delay = IEEE80211_PROBE_DELAY;
 646        local->next_scan_state = SCAN_SEND_PROBE;
 647}
 648
 649static void ieee80211_scan_state_suspend(struct ieee80211_local *local,
 650                                         unsigned long *next_delay)
 651{
 652        /* switch back to the operating channel */
 653        local->scan_channel = NULL;
 654        ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
 655
 656        /* disable PS */
 657        ieee80211_offchannel_return(local);
 658
 659        *next_delay = HZ / 5;
 660        /* afterwards, resume scan & go to next channel */
 661        local->next_scan_state = SCAN_RESUME;
 662}
 663
 664static void ieee80211_scan_state_resume(struct ieee80211_local *local,
 665                                        unsigned long *next_delay)
 666{
 667        ieee80211_offchannel_stop_vifs(local);
 668
 669        if (local->ops->flush) {
 670                ieee80211_flush_queues(local, NULL);
 671                *next_delay = 0;
 672        } else
 673                *next_delay = HZ / 10;
 674
 675        /* remember when we left the operating channel */
 676        local->leave_oper_channel_time = jiffies;
 677
 678        /* advance to the next channel to be scanned */
 679        local->next_scan_state = SCAN_SET_CHANNEL;
 680}
 681
 682void ieee80211_scan_work(struct work_struct *work)
 683{
 684        struct ieee80211_local *local =
 685                container_of(work, struct ieee80211_local, scan_work.work);
 686        struct ieee80211_sub_if_data *sdata;
 687        unsigned long next_delay = 0;
 688        bool aborted, hw_scan;
 689
 690        mutex_lock(&local->mtx);
 691
 692        sdata = rcu_dereference_protected(local->scan_sdata,
 693                                          lockdep_is_held(&local->mtx));
 694
 695        /* When scanning on-channel, the first-callback means completed. */
 696        if (test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning)) {
 697                aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning);
 698                goto out_complete;
 699        }
 700
 701        if (test_and_clear_bit(SCAN_COMPLETED, &local->scanning)) {
 702                aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning);
 703                goto out_complete;
 704        }
 705
 706        if (!sdata || !local->scan_req)
 707                goto out;
 708
 709        if (local->scan_req && !local->scanning) {
 710                struct cfg80211_scan_request *req = local->scan_req;
 711                int rc;
 712
 713                local->scan_req = NULL;
 714                rcu_assign_pointer(local->scan_sdata, NULL);
 715
 716                rc = __ieee80211_start_scan(sdata, req);
 717                if (rc) {
 718                        /* need to complete scan in cfg80211 */
 719                        local->scan_req = req;
 720                        aborted = true;
 721                        goto out_complete;
 722                } else
 723                        goto out;
 724        }
 725
 726        /*
 727         * Avoid re-scheduling when the sdata is going away.
 728         */
 729        if (!ieee80211_sdata_running(sdata)) {
 730                aborted = true;
 731                goto out_complete;
 732        }
 733
 734        /*
 735         * as long as no delay is required advance immediately
 736         * without scheduling a new work
 737         */
 738        do {
 739                if (!ieee80211_sdata_running(sdata)) {
 740                        aborted = true;
 741                        goto out_complete;
 742                }
 743
 744                switch (local->next_scan_state) {
 745                case SCAN_DECISION:
 746                        /* if no more bands/channels left, complete scan */
 747                        if (local->scan_channel_idx >= local->scan_req->n_channels) {
 748                                aborted = false;
 749                                goto out_complete;
 750                        }
 751                        ieee80211_scan_state_decision(local, &next_delay);
 752                        break;
 753                case SCAN_SET_CHANNEL:
 754                        ieee80211_scan_state_set_channel(local, &next_delay);
 755                        break;
 756                case SCAN_SEND_PROBE:
 757                        ieee80211_scan_state_send_probe(local, &next_delay);
 758                        break;
 759                case SCAN_SUSPEND:
 760                        ieee80211_scan_state_suspend(local, &next_delay);
 761                        break;
 762                case SCAN_RESUME:
 763                        ieee80211_scan_state_resume(local, &next_delay);
 764                        break;
 765                case SCAN_ABORT:
 766                        aborted = true;
 767                        goto out_complete;
 768                }
 769        } while (next_delay == 0);
 770
 771        ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
 772        goto out;
 773
 774out_complete:
 775        hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
 776        __ieee80211_scan_completed(&local->hw, aborted, hw_scan);
 777out:
 778        mutex_unlock(&local->mtx);
 779}
 780
 781int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
 782                           struct cfg80211_scan_request *req)
 783{
 784        int res;
 785
 786        mutex_lock(&sdata->local->mtx);
 787        res = __ieee80211_start_scan(sdata, req);
 788        mutex_unlock(&sdata->local->mtx);
 789
 790        return res;
 791}
 792
 793int ieee80211_request_ibss_scan(struct ieee80211_sub_if_data *sdata,
 794                                const u8 *ssid, u8 ssid_len,
 795                                struct ieee80211_channel *chan)
 796{
 797        struct ieee80211_local *local = sdata->local;
 798        int ret = -EBUSY;
 799        enum ieee80211_band band;
 800
 801        mutex_lock(&local->mtx);
 802
 803        /* busy scanning */
 804        if (local->scan_req)
 805                goto unlock;
 806
 807        /* fill internal scan request */
 808        if (!chan) {
 809                int i, max_n;
 810                int n_ch = 0;
 811
 812                for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
 813                        if (!local->hw.wiphy->bands[band])
 814                                continue;
 815
 816                        max_n = local->hw.wiphy->bands[band]->n_channels;
 817                        for (i = 0; i < max_n; i++) {
 818                                struct ieee80211_channel *tmp_ch =
 819                                    &local->hw.wiphy->bands[band]->channels[i];
 820
 821                                if (tmp_ch->flags & (IEEE80211_CHAN_NO_IBSS |
 822                                                     IEEE80211_CHAN_DISABLED))
 823                                        continue;
 824
 825                                local->int_scan_req->channels[n_ch] = tmp_ch;
 826                                n_ch++;
 827                        }
 828                }
 829
 830                if (WARN_ON_ONCE(n_ch == 0))
 831                        goto unlock;
 832
 833                local->int_scan_req->n_channels = n_ch;
 834        } else {
 835                if (WARN_ON_ONCE(chan->flags & (IEEE80211_CHAN_NO_IBSS |
 836                                                IEEE80211_CHAN_DISABLED)))
 837                        goto unlock;
 838
 839                local->int_scan_req->channels[0] = chan;
 840                local->int_scan_req->n_channels = 1;
 841        }
 842
 843        local->int_scan_req->ssids = &local->scan_ssid;
 844        local->int_scan_req->n_ssids = 1;
 845        memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN);
 846        local->int_scan_req->ssids[0].ssid_len = ssid_len;
 847
 848        ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req);
 849 unlock:
 850        mutex_unlock(&local->mtx);
 851        return ret;
 852}
 853
 854/*
 855 * Only call this function when a scan can't be queued -- under RTNL.
 856 */
 857void ieee80211_scan_cancel(struct ieee80211_local *local)
 858{
 859        /*
 860         * We are canceling software scan, or deferred scan that was not
 861         * yet really started (see __ieee80211_start_scan ).
 862         *
 863         * Regarding hardware scan:
 864         * - we can not call  __ieee80211_scan_completed() as when
 865         *   SCAN_HW_SCANNING bit is set this function change
 866         *   local->hw_scan_req to operate on 5G band, what race with
 867         *   driver which can use local->hw_scan_req
 868         *
 869         * - we can not cancel scan_work since driver can schedule it
 870         *   by ieee80211_scan_completed(..., true) to finish scan
 871         *
 872         * Hence we only call the cancel_hw_scan() callback, but the low-level
 873         * driver is still responsible for calling ieee80211_scan_completed()
 874         * after the scan was completed/aborted.
 875         */
 876
 877        mutex_lock(&local->mtx);
 878        if (!local->scan_req)
 879                goto out;
 880
 881        if (test_bit(SCAN_HW_SCANNING, &local->scanning)) {
 882                if (local->ops->cancel_hw_scan)
 883                        drv_cancel_hw_scan(local,
 884                                rcu_dereference_protected(local->scan_sdata,
 885                                                lockdep_is_held(&local->mtx)));
 886                goto out;
 887        }
 888
 889        /*
 890         * If the work is currently running, it must be blocked on
 891         * the mutex, but we'll set scan_sdata = NULL and it'll
 892         * simply exit once it acquires the mutex.
 893         */
 894        cancel_delayed_work(&local->scan_work);
 895        /* and clean up */
 896        __ieee80211_scan_completed(&local->hw, true, false);
 897out:
 898        mutex_unlock(&local->mtx);
 899}
 900
 901int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
 902                                       struct cfg80211_sched_scan_request *req)
 903{
 904        struct ieee80211_local *local = sdata->local;
 905        struct ieee80211_sched_scan_ies sched_scan_ies = {};
 906        int ret, i, iebufsz;
 907
 908        iebufsz = 2 + IEEE80211_MAX_SSID_LEN +
 909                  local->scan_ies_len + req->ie_len;
 910
 911        mutex_lock(&local->mtx);
 912
 913        if (rcu_access_pointer(local->sched_scan_sdata)) {
 914                ret = -EBUSY;
 915                goto out;
 916        }
 917
 918        if (!local->ops->sched_scan_start) {
 919                ret = -ENOTSUPP;
 920                goto out;
 921        }
 922
 923        for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
 924                if (!local->hw.wiphy->bands[i])
 925                        continue;
 926
 927                sched_scan_ies.ie[i] = kzalloc(iebufsz, GFP_KERNEL);
 928                if (!sched_scan_ies.ie[i]) {
 929                        ret = -ENOMEM;
 930                        goto out_free;
 931                }
 932
 933                sched_scan_ies.len[i] =
 934                        ieee80211_build_preq_ies(local, sched_scan_ies.ie[i],
 935                                                 iebufsz, req->ie, req->ie_len,
 936                                                 i, (u32) -1, 0);
 937        }
 938
 939        ret = drv_sched_scan_start(local, sdata, req, &sched_scan_ies);
 940        if (ret == 0)
 941                rcu_assign_pointer(local->sched_scan_sdata, sdata);
 942
 943out_free:
 944        while (i > 0)
 945                kfree(sched_scan_ies.ie[--i]);
 946out:
 947        mutex_unlock(&local->mtx);
 948        return ret;
 949}
 950
 951int ieee80211_request_sched_scan_stop(struct ieee80211_sub_if_data *sdata)
 952{
 953        struct ieee80211_local *local = sdata->local;
 954        int ret = 0;
 955
 956        mutex_lock(&local->mtx);
 957
 958        if (!local->ops->sched_scan_stop) {
 959                ret = -ENOTSUPP;
 960                goto out;
 961        }
 962
 963        if (rcu_access_pointer(local->sched_scan_sdata))
 964                drv_sched_scan_stop(local, sdata);
 965
 966out:
 967        mutex_unlock(&local->mtx);
 968
 969        return ret;
 970}
 971
 972void ieee80211_sched_scan_results(struct ieee80211_hw *hw)
 973{
 974        struct ieee80211_local *local = hw_to_local(hw);
 975
 976        trace_api_sched_scan_results(local);
 977
 978        cfg80211_sched_scan_results(hw->wiphy);
 979}
 980EXPORT_SYMBOL(ieee80211_sched_scan_results);
 981
 982void ieee80211_sched_scan_stopped_work(struct work_struct *work)
 983{
 984        struct ieee80211_local *local =
 985                container_of(work, struct ieee80211_local,
 986                             sched_scan_stopped_work);
 987
 988        mutex_lock(&local->mtx);
 989
 990        if (!rcu_access_pointer(local->sched_scan_sdata)) {
 991                mutex_unlock(&local->mtx);
 992                return;
 993        }
 994
 995        rcu_assign_pointer(local->sched_scan_sdata, NULL);
 996
 997        mutex_unlock(&local->mtx);
 998
 999        cfg80211_sched_scan_stopped(local->hw.wiphy);
1000}

1001
1002void ieee80211_sched_scan_stopped(struct ieee80211_hw *hw)
1003{
1004        struct ieee80211_local *local = hw_to_local(hw);
1005
1006        trace_api_sched_scan_stopped(local);
1007
1008        ieee80211_queue_work(&local->hw, &local->sched_scan_stopped_work);
1009}
1010EXPORT_SYMBOL(ieee80211_sched_scan_stopped);
1011
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.