linux/net/mac80211/scan.c
<<
>>
Prefs 
   1/*
   2 * Scanning implementation
   3 *
   4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
   5 * Copyright 2004, Instant802 Networks, Inc.
   6 * Copyright 2005, Devicescape Software, Inc.
   7 * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
   8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
   9 *
  10 * This program is free software; you can redistribute it and/or modify
  11 * it under the terms of the GNU General Public License version 2 as
  12 * published by the Free Software Foundation.
  13 */
  14
  15#include <linux/if_arp.h>
  16#include <linux/etherdevice.h>
  17#include <linux/rtnetlink.h>
  18#include <linux/pm_qos.h>
  19#include <net/sch_generic.h>
  20#include <linux/slab.h>
  21#include <linux/export.h>
  22#include <net/mac80211.h>
  23
  24#include "ieee80211_i.h"
  25#include "driver-ops.h"
  26#include "mesh.h"
  27
  28#define IEEE80211_PROBE_DELAY (HZ / 33)
  29#define IEEE80211_CHANNEL_TIME (HZ / 33)
  30#define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 8)
  31
  32struct ieee80211_bss *
  33ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq,
  34                     u8 *ssid, u8 ssid_len)
  35{
  36        struct cfg80211_bss *cbss;
  37
  38        cbss = cfg80211_get_bss(local->hw.wiphy,
  39                                ieee80211_get_channel(local->hw.wiphy, freq),
  40                                bssid, ssid, ssid_len, 0, 0);
  41        if (!cbss)
  42                return NULL;
  43        return (void *)cbss->priv;
  44}
  45
  46static void ieee80211_rx_bss_free(struct cfg80211_bss *cbss)
  47{
  48        struct ieee80211_bss *bss = (void *)cbss->priv;
  49
  50        kfree(bss_mesh_id(bss));
  51        kfree(bss_mesh_cfg(bss));
  52}
  53
  54void ieee80211_rx_bss_put(struct ieee80211_local *local,
  55                          struct ieee80211_bss *bss)
  56{
  57        if (!bss)
  58                return;
  59        cfg80211_put_bss(container_of((void *)bss, struct cfg80211_bss, priv));
  60}
  61
  62static bool is_uapsd_supported(struct ieee802_11_elems *elems)
  63{
  64        u8 qos_info;
  65
  66        if (elems->wmm_info && elems->wmm_info_len == 7
  67            && elems->wmm_info[5] == 1)
  68                qos_info = elems->wmm_info[6];
  69        else if (elems->wmm_param && elems->wmm_param_len == 24
  70                 && elems->wmm_param[5] == 1)
  71                qos_info = elems->wmm_param[6];
  72        else
  73                /* no valid wmm information or parameter element found */
  74                return false;
  75
  76        return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD;
  77}
  78
  79struct ieee80211_bss *
  80ieee80211_bss_info_update(struct ieee80211_local *local,
  81                          struct ieee80211_rx_status *rx_status,
  82                          struct ieee80211_mgmt *mgmt,
  83                          size_t len,
  84                          struct ieee802_11_elems *elems,
  85                          struct ieee80211_channel *channel,
  86                          bool beacon)
  87{
  88        struct cfg80211_bss *cbss;
  89        struct ieee80211_bss *bss;
  90        int clen, srlen;
  91        s32 signal = 0;
  92
  93        if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
  94                signal = rx_status->signal * 100;
  95        else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)
  96                signal = (rx_status->signal * 100) / local->hw.max_signal;
  97
  98        cbss = cfg80211_inform_bss_frame(local->hw.wiphy, channel,
  99                                         mgmt, len, signal, GFP_ATOMIC);
 100
 101        if (!cbss)
 102                return NULL;
 103
 104        cbss->free_priv = ieee80211_rx_bss_free;
 105        bss = (void *)cbss->priv;
 106
 107        if (elems->parse_error) {
 108                if (beacon)
 109                        bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON;
 110                else
 111                        bss->corrupt_data |= IEEE80211_BSS_CORRUPT_PROBE_RESP;
 112        } else {
 113                if (beacon)
 114                        bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_BEACON;
 115                else
 116                        bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_PROBE_RESP;
 117        }
 118
 119        /* save the ERP value so that it is available at association time */
 120        if (elems->erp_info && elems->erp_info_len >= 1 &&
 121                        (!elems->parse_error ||
 122                         !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) {
 123                bss->erp_value = elems->erp_info[0];
 124                bss->has_erp_value = true;
 125                if (!elems->parse_error)
 126                        bss->valid_data |= IEEE80211_BSS_VALID_ERP;
 127        }
 128
 129        if (elems->tim && (!elems->parse_error ||
 130                           !(bss->valid_data & IEEE80211_BSS_VALID_DTIM))) {
 131                struct ieee80211_tim_ie *tim_ie =
 132                        (struct ieee80211_tim_ie *)elems->tim;
 133                bss->dtim_period = tim_ie->dtim_period;
 134                if (!elems->parse_error)
 135                                bss->valid_data |= IEEE80211_BSS_VALID_DTIM;
 136        }
 137
 138        /* If the beacon had no TIM IE, or it was invalid, use 1 */
 139        if (beacon && !bss->dtim_period)
 140                bss->dtim_period = 1;
 141
 142        /* replace old supported rates if we get new values */
 143        if (!elems->parse_error ||
 144            !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) {
 145                srlen = 0;
 146                if (elems->supp_rates) {
 147                        clen = IEEE80211_MAX_SUPP_RATES;
 148                        if (clen > elems->supp_rates_len)
 149                                clen = elems->supp_rates_len;
 150                        memcpy(bss->supp_rates, elems->supp_rates, clen);
 151                        srlen += clen;
 152                }
 153                if (elems->ext_supp_rates) {
 154                        clen = IEEE80211_MAX_SUPP_RATES - srlen;
 155                        if (clen > elems->ext_supp_rates_len)
 156                                clen = elems->ext_supp_rates_len;
 157                        memcpy(bss->supp_rates + srlen, elems->ext_supp_rates,
 158                               clen);
 159                        srlen += clen;
 160                }
 161                if (srlen) {
 162                        bss->supp_rates_len = srlen;
 163                        if (!elems->parse_error)
 164                                bss->valid_data |= IEEE80211_BSS_VALID_RATES;
 165                }
 166        }
 167
 168        if (!elems->parse_error ||
 169            !(bss->valid_data & IEEE80211_BSS_VALID_WMM)) {
 170                bss->wmm_used = elems->wmm_param || elems->wmm_info;
 171                bss->uapsd_supported = is_uapsd_supported(elems);
 172                if (!elems->parse_error)
 173                        bss->valid_data |= IEEE80211_BSS_VALID_WMM;
 174        }
 175
 176        if (!beacon)
 177                bss->last_probe_resp = jiffies;
 178
 179        return bss;
 180}
 181
 182ieee80211_rx_result
 183ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
 184{
 185        struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
 186        struct ieee80211_mgmt *mgmt;
 187        struct ieee80211_bss *bss;
 188        u8 *elements;
 189        struct ieee80211_channel *channel;
 190        size_t baselen;
 191        int freq;
 192        __le16 fc;
 193        bool presp, beacon = false;
 194        struct ieee802_11_elems elems;
 195
 196        if (skb->len < 2)
 197                return RX_DROP_UNUSABLE;
 198
 199        mgmt = (struct ieee80211_mgmt *) skb->data;
 200        fc = mgmt->frame_control;
 201
 202        if (ieee80211_is_ctl(fc))
 203                return RX_CONTINUE;
 204
 205        if (skb->len < 24)
 206                return RX_CONTINUE;
 207
 208        presp = ieee80211_is_probe_resp(fc);
 209        if (presp) {
 210                /* ignore ProbeResp to foreign address */
 211                if (compare_ether_addr(mgmt->da, sdata->vif.addr))
 212                        return RX_DROP_MONITOR;
 213
 214                presp = true;
 215                elements = mgmt->u.probe_resp.variable;
 216                baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
 217        } else {
 218                beacon = ieee80211_is_beacon(fc);
 219                baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable);
 220                elements = mgmt->u.beacon.variable;
 221        }
 222
 223        if (!presp && !beacon)
 224                return RX_CONTINUE;
 225
 226        if (baselen > skb->len)
 227                return RX_DROP_MONITOR;
 228
 229        ieee802_11_parse_elems(elements, skb->len - baselen, &elems);
 230
 231        if (elems.ds_params && elems.ds_params_len == 1)
 232                freq = ieee80211_channel_to_frequency(elems.ds_params[0],
 233                                                      rx_status->band);
 234        else
 235                freq = rx_status->freq;
 236
 237        channel = ieee80211_get_channel(sdata->local->hw.wiphy, freq);
 238
 239        if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
 240                return RX_DROP_MONITOR;
 241
 242        bss = ieee80211_bss_info_update(sdata->local, rx_status,
 243                                        mgmt, skb->len, &elems,
 244                                        channel, beacon);
 245        if (bss)
 246                ieee80211_rx_bss_put(sdata->local, bss);
 247
 248        if (channel == sdata->local->oper_channel)
 249                return RX_CONTINUE;
 250
 251        dev_kfree_skb(skb);
 252        return RX_QUEUED;
 253}
 254
 255/* return false if no more work */
 256static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
 257{
 258        struct cfg80211_scan_request *req = local->scan_req;
 259        enum ieee80211_band band;
 260        int i, ielen, n_chans;
 261
 262        do {
 263                if (local->hw_scan_band == IEEE80211_NUM_BANDS)
 264                        return false;
 265
 266                band = local->hw_scan_band;
 267                n_chans = 0;
 268                for (i = 0; i < req->n_channels; i++) {
 269                        if (req->channels[i]->band == band) {
 270                                local->hw_scan_req->channels[n_chans] =
 271                                                        req->channels[i];
 272                                n_chans++;
 273                        }
 274                }
 275
 276                local->hw_scan_band++;
 277        } while (!n_chans);
 278
 279        local->hw_scan_req->n_channels = n_chans;
 280
 281        ielen = ieee80211_build_preq_ies(local, (u8 *)local->hw_scan_req->ie,
 282                                         req->ie, req->ie_len, band,
 283                                         req->rates[band], 0);
 284        local->hw_scan_req->ie_len = ielen;
 285        local->hw_scan_req->no_cck = req->no_cck;
 286
 287        return true;
 288}
 289
 290static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted,
 291                                       bool was_hw_scan)
 292{
 293        struct ieee80211_local *local = hw_to_local(hw);
 294
 295        lockdep_assert_held(&local->mtx);
 296
 297        /*
 298         * It's ok to abort a not-yet-running scan (that
 299         * we have one at all will be verified by checking
 300         * local->scan_req next), but not to complete it
 301         * successfully.
 302         */
 303        if (WARN_ON(!local->scanning && !aborted))
 304                aborted = true;
 305
 306        if (WARN_ON(!local->scan_req))
 307                return;
 308
 309        if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) {
 310                int rc = drv_hw_scan(local, local->scan_sdata, local->hw_scan_req);
 311                if (rc == 0)
 312                        return;
 313        }
 314
 315        kfree(local->hw_scan_req);
 316        local->hw_scan_req = NULL;
 317
 318        if (local->scan_req != local->int_scan_req)
 319                cfg80211_scan_done(local->scan_req, aborted);
 320        local->scan_req = NULL;
 321        local->scan_sdata = NULL;
 322
 323        local->scanning = 0;
 324        local->scan_channel = NULL;
 325
 326        /* Set power back to normal operating levels. */
 327        ieee80211_hw_config(local, 0);
 328
 329        if (!was_hw_scan) {
 330                ieee80211_configure_filter(local);
 331                drv_sw_scan_complete(local);
 332                ieee80211_offchannel_return(local, true);
 333        }
 334
 335        ieee80211_recalc_idle(local);
 336
 337        ieee80211_mlme_notify_scan_completed(local);
 338        ieee80211_ibss_notify_scan_completed(local);
 339        ieee80211_mesh_notify_scan_completed(local);
 340        ieee80211_queue_work(&local->hw, &local->work_work);
 341}
 342
 343void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
 344{
 345        struct ieee80211_local *local = hw_to_local(hw);
 346
 347        trace_api_scan_completed(local, aborted);
 348
 349        set_bit(SCAN_COMPLETED, &local->scanning);
 350        if (aborted)
 351                set_bit(SCAN_ABORTED, &local->scanning);
 352        ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0);
 353}
 354EXPORT_SYMBOL(ieee80211_scan_completed);
 355
 356static int ieee80211_start_sw_scan(struct ieee80211_local *local)
 357{
 358        /*
 359         * Hardware/driver doesn't support hw_scan, so use software
 360         * scanning instead. First send a nullfunc frame with power save
 361         * bit on so that AP will buffer the frames for us while we are not
 362         * listening, then send probe requests to each channel and wait for
 363         * the responses. After all channels are scanned, tune back to the
 364         * original channel and send a nullfunc frame with power save bit
 365         * off to trigger the AP to send us all the buffered frames.
 366         *
 367         * Note that while local->sw_scanning is true everything else but
 368         * nullfunc frames and probe requests will be dropped in
 369         * ieee80211_tx_h_check_assoc().
 370         */
 371        drv_sw_scan_start(local);
 372
 373        local->leave_oper_channel_time = jiffies;
 374        local->next_scan_state = SCAN_DECISION;
 375        local->scan_channel_idx = 0;
 376
 377        ieee80211_offchannel_stop_vifs(local, true);
 378
 379        ieee80211_configure_filter(local);
 380
 381        /* We need to set power level at maximum rate for scanning. */
 382        ieee80211_hw_config(local, 0);
 383
 384        ieee80211_queue_delayed_work(&local->hw,
 385                                     &local->scan_work, 0);
 386
 387        return 0;
 388}
 389
 390
 391static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
 392                                  struct cfg80211_scan_request *req)
 393{
 394        struct ieee80211_local *local = sdata->local;
 395        int rc;
 396
 397        lockdep_assert_held(&local->mtx);
 398
 399        if (local->scan_req)
 400                return -EBUSY;
 401
 402        if (!list_empty(&local->work_list)) {
 403                /* wait for the work to finish/time out */
 404                local->scan_req = req;
 405                local->scan_sdata = sdata;
 406                return 0;
 407        }
 408
 409        if (local->ops->hw_scan) {
 410                u8 *ies;
 411
 412                local->hw_scan_req = kmalloc(
 413                                sizeof(*local->hw_scan_req) +
 414                                req->n_channels * sizeof(req->channels[0]) +
 415                                2 + IEEE80211_MAX_SSID_LEN + local->scan_ies_len +
 416                                req->ie_len, GFP_KERNEL);
 417                if (!local->hw_scan_req)
 418                        return -ENOMEM;
 419
 420                local->hw_scan_req->ssids = req->ssids;
 421                local->hw_scan_req->n_ssids = req->n_ssids;
 422                ies = (u8 *)local->hw_scan_req +
 423                        sizeof(*local->hw_scan_req) +
 424                        req->n_channels * sizeof(req->channels[0]);
 425                local->hw_scan_req->ie = ies;
 426
 427                local->hw_scan_band = 0;
 428
 429                /*
 430                 * After allocating local->hw_scan_req, we must
 431                 * go through until ieee80211_prep_hw_scan(), so
 432                 * anything that might be changed here and leave
 433                 * this function early must not go after this
 434                 * allocation.
 435                 */
 436        }
 437
 438        local->scan_req = req;
 439        local->scan_sdata = sdata;
 440
 441        if (local->ops->hw_scan)
 442                __set_bit(SCAN_HW_SCANNING, &local->scanning);
 443        else
 444                __set_bit(SCAN_SW_SCANNING, &local->scanning);
 445
 446        ieee80211_recalc_idle(local);
 447
 448        if (local->ops->hw_scan) {
 449                WARN_ON(!ieee80211_prep_hw_scan(local));
 450                rc = drv_hw_scan(local, sdata, local->hw_scan_req);
 451        } else
 452                rc = ieee80211_start_sw_scan(local);
 453
 454        if (rc) {
 455                kfree(local->hw_scan_req);
 456                local->hw_scan_req = NULL;
 457                local->scanning = 0;
 458
 459                ieee80211_recalc_idle(local);
 460
 461                local->scan_req = NULL;
 462                local->scan_sdata = NULL;
 463        }
 464
 465        return rc;
 466}
 467
 468static unsigned long
 469ieee80211_scan_get_channel_time(struct ieee80211_channel *chan)
 470{
 471        /*
 472         * TODO: channel switching also consumes quite some time,
 473         * add that delay as well to get a better estimation
 474         */
 475        if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
 476                return IEEE80211_PASSIVE_CHANNEL_TIME;
 477        return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME;
 478}
 479
 480static void ieee80211_scan_state_decision(struct ieee80211_local *local,
 481                                          unsigned long *next_delay)
 482{
 483        bool associated = false;
 484        bool tx_empty = true;
 485        bool bad_latency;
 486        bool listen_int_exceeded;
 487        unsigned long min_beacon_int = 0;
 488        struct ieee80211_sub_if_data *sdata;
 489        struct ieee80211_channel *next_chan;
 490
 491        /*
 492         * check if at least one STA interface is associated,
 493         * check if at least one STA interface has pending tx frames
 494         * and grab the lowest used beacon interval
 495         */
 496        mutex_lock(&local->iflist_mtx);
 497        list_for_each_entry(sdata, &local->interfaces, list) {
 498                if (!ieee80211_sdata_running(sdata))
 499                        continue;
 500
 501                if (sdata->vif.type == NL80211_IFTYPE_STATION) {
 502                        if (sdata->u.mgd.associated) {
 503                                associated = true;
 504
 505                                if (sdata->vif.bss_conf.beacon_int <
 506                                    min_beacon_int || min_beacon_int == 0)
 507                                        min_beacon_int =
 508                                                sdata->vif.bss_conf.beacon_int;
 509
 510                                if (!qdisc_all_tx_empty(sdata->dev)) {
 511                                        tx_empty = false;
 512                                        break;
 513                                }
 514                        }
 515                }
 516        }
 517        mutex_unlock(&local->iflist_mtx);
 518
 519        next_chan = local->scan_req->channels[local->scan_channel_idx];
 520
 521        /*
 522         * we're currently scanning a different channel, let's
 523         * see if we can scan another channel without interfering
 524         * with the current traffic situation.
 525         *
 526         * Since we don't know if the AP has pending frames for us
 527         * we can only check for our tx queues and use the current
 528         * pm_qos requirements for rx. Hence, if no tx traffic occurs
 529         * at all we will scan as many channels in a row as the pm_qos
 530         * latency allows us to. Additionally we also check for the
 531         * currently negotiated listen interval to prevent losing
 532         * frames unnecessarily.
 533         *
 534         * Otherwise switch back to the operating channel.
 535         */
 536
 537        bad_latency = time_after(jiffies +
 538                        ieee80211_scan_get_channel_time(next_chan),
 539                        local->leave_oper_channel_time +
 540                        usecs_to_jiffies(pm_qos_request(PM_QOS_NETWORK_LATENCY)));
 541
 542        listen_int_exceeded = time_after(jiffies +
 543                        ieee80211_scan_get_channel_time(next_chan),
 544                        local->leave_oper_channel_time +
 545                        usecs_to_jiffies(min_beacon_int * 1024) *
 546                        local->hw.conf.listen_interval);
 547
 548        if (associated && (!tx_empty || bad_latency || listen_int_exceeded))
 549                local->next_scan_state = SCAN_SUSPEND;
 550        else
 551                local->next_scan_state = SCAN_SET_CHANNEL;
 552
 553        *next_delay = 0;
 554}
 555
 556static void ieee80211_scan_state_set_channel(struct ieee80211_local *local,
 557                                             unsigned long *next_delay)
 558{
 559        int skip;
 560        struct ieee80211_channel *chan;
 561
 562        skip = 0;
 563        chan = local->scan_req->channels[local->scan_channel_idx];
 564
 565        local->scan_channel = chan;
 566
 567        if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL))
 568                skip = 1;
 569
 570        /* advance state machine to next channel/band */
 571        local->scan_channel_idx++;
 572
 573        if (skip) {
 574                /* if we skip this channel return to the decision state */
 575                local->next_scan_state = SCAN_DECISION;
 576                return;
 577        }
 578
 579        /*
 580         * Probe delay is used to update the NAV, cf. 11.1.3.2.2
 581         * (which unfortunately doesn't say _why_ step a) is done,
 582         * but it waits for the probe delay or until a frame is
 583         * received - and the received frame would update the NAV).
 584         * For now, we do not support waiting until a frame is
 585         * received.
 586         *
 587         * In any case, it is not necessary for a passive scan.
 588         */
 589        if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN ||
 590            !local->scan_req->n_ssids) {
 591                *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
 592                local->next_scan_state = SCAN_DECISION;
 593                return;
 594        }
 595
 596        /* active scan, send probes */
 597        *next_delay = IEEE80211_PROBE_DELAY;
 598        local->next_scan_state = SCAN_SEND_PROBE;
 599}
 600
 601static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
 602                                            unsigned long *next_delay)
 603{
 604        int i;
 605        struct ieee80211_sub_if_data *sdata = local->scan_sdata;
 606        enum ieee80211_band band = local->hw.conf.channel->band;
 607
 608        for (i = 0; i < local->scan_req->n_ssids; i++)
 609                ieee80211_send_probe_req(
 610                        sdata, NULL,
 611                        local->scan_req->ssids[i].ssid,
 612                        local->scan_req->ssids[i].ssid_len,
 613                        local->scan_req->ie, local->scan_req->ie_len,
 614                        local->scan_req->rates[band], false,
 615                        local->scan_req->no_cck);
 616
 617        /*
 618         * After sending probe requests, wait for probe responses
 619         * on the channel.
 620         */
 621        *next_delay = IEEE80211_CHANNEL_TIME;
 622        local->next_scan_state = SCAN_DECISION;
 623}
 624
 625static void ieee80211_scan_state_suspend(struct ieee80211_local *local,
 626                                         unsigned long *next_delay)
 627{
 628        /* switch back to the operating channel */
 629        local->scan_channel = NULL;
 630        ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
 631
 632        /*
 633         * Re-enable vifs and beaconing.  Leave PS
 634         * in off-channel state..will put that back
 635         * on-channel at the end of scanning.
 636         */
 637        ieee80211_offchannel_return(local, false);
 638
 639        *next_delay = HZ / 5;
 640        /* afterwards, resume scan & go to next channel */
 641        local->next_scan_state = SCAN_RESUME;
 642}
 643
 644static void ieee80211_scan_state_resume(struct ieee80211_local *local,
 645                                        unsigned long *next_delay)
 646{
 647        /* PS already is in off-channel mode */
 648        ieee80211_offchannel_stop_vifs(local, false);
 649
 650        if (local->ops->flush) {
 651                drv_flush(local, false);
 652                *next_delay = 0;
 653        } else
 654                *next_delay = HZ / 10;
 655
 656        /* remember when we left the operating channel */
 657        local->leave_oper_channel_time = jiffies;
 658
 659        /* advance to the next channel to be scanned */
 660        local->next_scan_state = SCAN_SET_CHANNEL;
 661}
 662
 663void ieee80211_scan_work(struct work_struct *work)
 664{
 665        struct ieee80211_local *local =
 666                container_of(work, struct ieee80211_local, scan_work.work);
 667        struct ieee80211_sub_if_data *sdata;
 668        unsigned long next_delay = 0;
 669        bool aborted, hw_scan;
 670
 671        mutex_lock(&local->mtx);
 672
 673        sdata = local->scan_sdata;
 674
 675        if (test_and_clear_bit(SCAN_COMPLETED, &local->scanning)) {
 676                aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning);
 677                goto out_complete;
 678        }
 679
 680        if (!sdata || !local->scan_req)
 681                goto out;
 682
 683        if (local->scan_req && !local->scanning) {
 684                struct cfg80211_scan_request *req = local->scan_req;
 685                int rc;
 686
 687                local->scan_req = NULL;
 688                local->scan_sdata = NULL;
 689
 690                rc = __ieee80211_start_scan(sdata, req);
 691                if (rc) {
 692                        /* need to complete scan in cfg80211 */
 693                        local->scan_req = req;
 694                        aborted = true;
 695                        goto out_complete;
 696                } else
 697                        goto out;
 698        }
 699
 700        /*
 701         * Avoid re-scheduling when the sdata is going away.
 702         */
 703        if (!ieee80211_sdata_running(sdata)) {
 704                aborted = true;
 705                goto out_complete;
 706        }
 707
 708        /*
 709         * as long as no delay is required advance immediately
 710         * without scheduling a new work
 711         */
 712        do {
 713                if (!ieee80211_sdata_running(sdata)) {
 714                        aborted = true;
 715                        goto out_complete;
 716                }
 717
 718                switch (local->next_scan_state) {
 719                case SCAN_DECISION:
 720                        /* if no more bands/channels left, complete scan */
 721                        if (local->scan_channel_idx >= local->scan_req->n_channels) {
 722                                aborted = false;
 723                                goto out_complete;
 724                        }
 725                        ieee80211_scan_state_decision(local, &next_delay);
 726                        break;
 727                case SCAN_SET_CHANNEL:
 728                        ieee80211_scan_state_set_channel(local, &next_delay);
 729                        break;
 730                case SCAN_SEND_PROBE:
 731                        ieee80211_scan_state_send_probe(local, &next_delay);
 732                        break;
 733                case SCAN_SUSPEND:
 734                        ieee80211_scan_state_suspend(local, &next_delay);
 735                        break;
 736                case SCAN_RESUME:
 737                        ieee80211_scan_state_resume(local, &next_delay);
 738                        break;
 739                }
 740        } while (next_delay == 0);
 741
 742        ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
 743        goto out;
 744
 745out_complete:
 746        hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
 747        __ieee80211_scan_completed(&local->hw, aborted, hw_scan);
 748out:
 749        mutex_unlock(&local->mtx);
 750}
 751
 752int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
 753                           struct cfg80211_scan_request *req)
 754{
 755        int res;
 756
 757        mutex_lock(&sdata->local->mtx);
 758        res = __ieee80211_start_scan(sdata, req);
 759        mutex_unlock(&sdata->local->mtx);
 760
 761        return res;
 762}
 763
 764int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
 765                                    const u8 *ssid, u8 ssid_len,
 766                                    struct ieee80211_channel *chan)
 767{
 768        struct ieee80211_local *local = sdata->local;
 769        int ret = -EBUSY;
 770        enum ieee80211_band band;
 771
 772        mutex_lock(&local->mtx);
 773
 774        /* busy scanning */
 775        if (local->scan_req)
 776                goto unlock;
 777
 778        /* fill internal scan request */
 779        if (!chan) {
 780                int i, nchan = 0;
 781
 782                for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
 783                        if (!local->hw.wiphy->bands[band])
 784                                continue;
 785                        for (i = 0;
 786                             i < local->hw.wiphy->bands[band]->n_channels;
 787                             i++) {
 788                                local->int_scan_req->channels[nchan] =
 789                                    &local->hw.wiphy->bands[band]->channels[i];
 790                                nchan++;
 791                        }
 792                }
 793
 794                local->int_scan_req->n_channels = nchan;
 795        } else {
 796                local->int_scan_req->channels[0] = chan;
 797                local->int_scan_req->n_channels = 1;
 798        }
 799
 800        local->int_scan_req->ssids = &local->scan_ssid;
 801        local->int_scan_req->n_ssids = 1;
 802        memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN);
 803        local->int_scan_req->ssids[0].ssid_len = ssid_len;
 804
 805        ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req);
 806 unlock:
 807        mutex_unlock(&local->mtx);
 808        return ret;
 809}
 810
 811/*
 812 * Only call this function when a scan can't be queued -- under RTNL.
 813 */
 814void ieee80211_scan_cancel(struct ieee80211_local *local)
 815{
 816        /*
 817         * We are canceling software scan, or deferred scan that was not
 818         * yet really started (see __ieee80211_start_scan ).
 819         *
 820         * Regarding hardware scan:
 821         * - we can not call  __ieee80211_scan_completed() as when
 822         *   SCAN_HW_SCANNING bit is set this function change
 823         *   local->hw_scan_req to operate on 5G band, what race with
 824         *   driver which can use local->hw_scan_req
 825         *
 826         * - we can not cancel scan_work since driver can schedule it
 827         *   by ieee80211_scan_completed(..., true) to finish scan
 828         *
 829         * Hence we only call the cancel_hw_scan() callback, but the low-level
 830         * driver is still responsible for calling ieee80211_scan_completed()
 831         * after the scan was completed/aborted.
 832         */
 833
 834        mutex_lock(&local->mtx);
 835        if (!local->scan_req)
 836                goto out;
 837
 838        if (test_bit(SCAN_HW_SCANNING, &local->scanning)) {
 839                if (local->ops->cancel_hw_scan)
 840                        drv_cancel_hw_scan(local, local->scan_sdata);
 841                goto out;
 842        }
 843
 844        /*
 845         * If the work is currently running, it must be blocked on
 846         * the mutex, but we'll set scan_sdata = NULL and it'll
 847         * simply exit once it acquires the mutex.
 848         */
 849        cancel_delayed_work(&local->scan_work);
 850        /* and clean up */
 851        __ieee80211_scan_completed(&local->hw, true, false);
 852out:
 853        mutex_unlock(&local->mtx);
 854}
 855
 856int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
 857                                       struct cfg80211_sched_scan_request *req)
 858{
 859        struct ieee80211_local *local = sdata->local;
 860        int ret, i;
 861
 862        mutex_lock(&sdata->local->mtx);
 863
 864        if (local->sched_scanning) {
 865                ret = -EBUSY;
 866                goto out;
 867        }
 868
 869        if (!local->ops->sched_scan_start) {
 870                ret = -ENOTSUPP;
 871                goto out;
 872        }
 873
 874        for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
 875                local->sched_scan_ies.ie[i] = kzalloc(2 +
 876                                                      IEEE80211_MAX_SSID_LEN +
 877                                                      local->scan_ies_len +
 878                                                      req->ie_len,
 879                                                      GFP_KERNEL);
 880                if (!local->sched_scan_ies.ie[i]) {
 881                        ret = -ENOMEM;
 882                        goto out_free;
 883                }
 884
 885                local->sched_scan_ies.len[i] =
 886                        ieee80211_build_preq_ies(local,
 887                                                 local->sched_scan_ies.ie[i],
 888                                                 req->ie, req->ie_len, i,
 889                                                 (u32) -1, 0);
 890        }
 891
 892        ret = drv_sched_scan_start(local, sdata, req,
 893                                   &local->sched_scan_ies);
 894        if (ret == 0) {
 895                local->sched_scanning = true;
 896                goto out;
 897        }
 898
 899out_free:
 900        while (i > 0)
 901                kfree(local->sched_scan_ies.ie[--i]);
 902out:
 903        mutex_unlock(&sdata->local->mtx);
 904        return ret;
 905}
 906
 907int ieee80211_request_sched_scan_stop(struct ieee80211_sub_if_data *sdata)
 908{
 909        struct ieee80211_local *local = sdata->local;
 910        int ret = 0, i;
 911
 912        mutex_lock(&sdata->local->mtx);
 913
 914        if (!local->ops->sched_scan_stop) {
 915                ret = -ENOTSUPP;
 916                goto out;
 917        }
 918
 919        if (local->sched_scanning) {
 920                for (i = 0; i < IEEE80211_NUM_BANDS; i++)
 921                        kfree(local->sched_scan_ies.ie[i]);
 922
 923                drv_sched_scan_stop(local, sdata);
 924                local->sched_scanning = false;
 925        }
 926out:
 927        mutex_unlock(&sdata->local->mtx);
 928
 929        return ret;
 930}
 931
 932void ieee80211_sched_scan_results(struct ieee80211_hw *hw)
 933{
 934        struct ieee80211_local *local = hw_to_local(hw);
 935
 936        trace_api_sched_scan_results(local);
 937
 938        cfg80211_sched_scan_results(hw->wiphy);
 939}
 940EXPORT_SYMBOL(ieee80211_sched_scan_results);
 941
 942void ieee80211_sched_scan_stopped_work(struct work_struct *work)
 943{
 944        struct ieee80211_local *local =
 945                container_of(work, struct ieee80211_local,
 946                             sched_scan_stopped_work);
 947        int i;
 948
 949        mutex_lock(&local->mtx);
 950
 951        if (!local->sched_scanning) {
 952                mutex_unlock(&local->mtx);
 953                return;
 954        }
 955
 956        for (i = 0; i < IEEE80211_NUM_BANDS; i++)
 957                kfree(local->sched_scan_ies.ie[i]);
 958
 959        local->sched_scanning = false;
 960
 961        mutex_unlock(&local->mtx);
 962
 963        cfg80211_sched_scan_stopped(local->hw.wiphy);
 964}
 965
 966void ieee80211_sched_scan_stopped(struct ieee80211_hw *hw)
 967{
 968        struct ieee80211_local *local = hw_to_local(hw);
 969
 970        trace_api_sched_scan_stopped(local);
 971
 972        ieee80211_queue_work(&local->hw, &local->sched_scan_stopped_work);
 973}
 974EXPORT_SYMBOL(ieee80211_sched_scan_stopped);
 975
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.