1
2
3
4
5
6
7
8
9
10
11
12
13
14#include <linux/delay.h>
15#include <linux/fips.h>
16#include <linux/if_ether.h>
17#include <linux/skbuff.h>
18#include <linux/if_arp.h>
19#include <linux/etherdevice.h>
20#include <linux/moduleparam.h>
21#include <linux/rtnetlink.h>
22#include <linux/crc32.h>
23#include <linux/slab.h>
24#include <linux/export.h>
25#include <net/mac80211.h>
26#include <asm/unaligned.h>
27
28#include "ieee80211_i.h"
29#include "driver-ops.h"
30#include "rate.h"
31#include "led.h"
32#include "fils_aead.h"
33
34#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
35#define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
36#define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
37#define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2)
38#define IEEE80211_AUTH_MAX_TRIES 3
39#define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
40#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
41#define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
42#define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
43#define IEEE80211_ASSOC_MAX_TRIES 3
44
45static int max_nullfunc_tries = 2;
46module_param(max_nullfunc_tries, int, 0644);
47MODULE_PARM_DESC(max_nullfunc_tries,
48 "Maximum nullfunc tx tries before disconnecting (reason 4).");
49
50static int max_probe_tries = 5;
51module_param(max_probe_tries, int, 0644);
52MODULE_PARM_DESC(max_probe_tries,
53 "Maximum probe tries before disconnecting (reason 4).");
54
55
56
57
58
59
60
61
62
63static int beacon_loss_count = 7;
64module_param(beacon_loss_count, int, 0644);
65MODULE_PARM_DESC(beacon_loss_count,
66 "Number of beacon intervals before we decide beacon was lost.");
67
68
69
70
71
72#define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
73
74
75
76
77
78static int probe_wait_ms = 500;
79module_param(probe_wait_ms, int, 0644);
80MODULE_PARM_DESC(probe_wait_ms,
81 "Maximum time(ms) to wait for probe response"
82 " before disconnecting (reason 4).");
83
84
85
86
87
88#define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
89
90
91
92
93
94
95
96
97
98
99
100static void run_again(struct ieee80211_sub_if_data *sdata,
101 unsigned long timeout)
102{
103 sdata_assert_lock(sdata);
104
105 if (!timer_pending(&sdata->u.mgd.timer) ||
106 time_before(timeout, sdata->u.mgd.timer.expires))
107 mod_timer(&sdata->u.mgd.timer, timeout);
108}
109
110void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
111{
112 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
113 return;
114
115 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
116 return;
117
118 mod_timer(&sdata->u.mgd.bcn_mon_timer,
119 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
120}
121
122void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
123{
124 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
125
126 if (unlikely(!ifmgd->associated))
127 return;
128
129 if (ifmgd->probe_send_count)
130 ifmgd->probe_send_count = 0;
131
132 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
133 return;
134
135 mod_timer(&ifmgd->conn_mon_timer,
136 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
137}
138
139static int ecw2cw(int ecw)
140{
141 return (1 << ecw) - 1;
142}
143
144static u32
145ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
146 struct ieee80211_supported_band *sband,
147 struct ieee80211_channel *channel,
148 u32 vht_cap_info,
149 const struct ieee80211_ht_operation *ht_oper,
150 const struct ieee80211_vht_operation *vht_oper,
151 const struct ieee80211_he_operation *he_oper,
152 struct cfg80211_chan_def *chandef, bool tracking)
153{
154 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
155 struct cfg80211_chan_def vht_chandef;
156 struct ieee80211_sta_ht_cap sta_ht_cap;
157 u32 ht_cfreq, ret;
158
159 memset(chandef, 0, sizeof(struct cfg80211_chan_def));
160 chandef->chan = channel;
161 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
162 chandef->center_freq1 = channel->center_freq;
163 chandef->freq1_offset = channel->freq_offset;
164
165 if (channel->band == NL80211_BAND_6GHZ) {
166 if (!ieee80211_chandef_he_6ghz_oper(sdata, he_oper, chandef))
167 ret = IEEE80211_STA_DISABLE_HT |
168 IEEE80211_STA_DISABLE_VHT |
169 IEEE80211_STA_DISABLE_HE;
170 else
171 ret = 0;
172 vht_chandef = *chandef;
173 goto out;
174 }
175
176 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
177 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
178
179 if (!ht_oper || !sta_ht_cap.ht_supported) {
180 ret = IEEE80211_STA_DISABLE_HT |
181 IEEE80211_STA_DISABLE_VHT |
182 IEEE80211_STA_DISABLE_HE;
183 goto out;
184 }
185
186 chandef->width = NL80211_CHAN_WIDTH_20;
187
188 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
189 channel->band);
190
191 if (!tracking && channel->center_freq != ht_cfreq) {
192
193
194
195
196
197
198
199 sdata_info(sdata,
200 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
201 channel->center_freq, ht_cfreq,
202 ht_oper->primary_chan, channel->band);
203 ret = IEEE80211_STA_DISABLE_HT |
204 IEEE80211_STA_DISABLE_VHT |
205 IEEE80211_STA_DISABLE_HE;
206 goto out;
207 }
208
209
210 if (sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
211 ieee80211_chandef_ht_oper(ht_oper, chandef);
212 } else {
213
214 ret = IEEE80211_STA_DISABLE_VHT;
215
216 ret |= IEEE80211_STA_DISABLE_40MHZ;
217 goto out;
218 }
219
220 if (!vht_oper || !sband->vht_cap.vht_supported) {
221 ret = IEEE80211_STA_DISABLE_VHT;
222 goto out;
223 }
224
225 vht_chandef = *chandef;
226 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && he_oper &&
227 (le32_to_cpu(he_oper->he_oper_params) &
228 IEEE80211_HE_OPERATION_VHT_OPER_INFO)) {
229 struct ieee80211_vht_operation he_oper_vht_cap;
230
231
232
233
234
235 memcpy(&he_oper_vht_cap, he_oper->optional, 3);
236 he_oper_vht_cap.basic_mcs_set = cpu_to_le16(0);
237
238 if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info,
239 &he_oper_vht_cap, ht_oper,
240 &vht_chandef)) {
241 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
242 sdata_info(sdata,
243 "HE AP VHT information is invalid, disable HE\n");
244 ret = IEEE80211_STA_DISABLE_HE;
245 goto out;
246 }
247 } else if (!ieee80211_chandef_vht_oper(&sdata->local->hw,
248 vht_cap_info,
249 vht_oper, ht_oper,
250 &vht_chandef)) {
251 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
252 sdata_info(sdata,
253 "AP VHT information is invalid, disable VHT\n");
254 ret = IEEE80211_STA_DISABLE_VHT;
255 goto out;
256 }
257
258 if (!cfg80211_chandef_valid(&vht_chandef)) {
259 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
260 sdata_info(sdata,
261 "AP VHT information is invalid, disable VHT\n");
262 ret = IEEE80211_STA_DISABLE_VHT;
263 goto out;
264 }
265
266 if (cfg80211_chandef_identical(chandef, &vht_chandef)) {
267 ret = 0;
268 goto out;
269 }
270
271 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
272 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
273 sdata_info(sdata,
274 "AP VHT information doesn't match HT, disable VHT\n");
275 ret = IEEE80211_STA_DISABLE_VHT;
276 goto out;
277 }
278
279 *chandef = vht_chandef;
280
281 ret = 0;
282
283out:
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302 if (tracking &&
303 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef))
304 return ret;
305
306
307 if (ret & IEEE80211_STA_DISABLE_VHT)
308 vht_chandef = *chandef;
309
310
311
312
313
314
315
316
317
318 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
319 tracking ? 0 :
320 IEEE80211_CHAN_DISABLED)) {
321 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
322 ret = IEEE80211_STA_DISABLE_HT |
323 IEEE80211_STA_DISABLE_VHT |
324 IEEE80211_STA_DISABLE_HE;
325 break;
326 }
327
328 ret |= ieee80211_chandef_downgrade(chandef);
329 }
330
331 if (!he_oper || !cfg80211_chandef_usable(sdata->wdev.wiphy, chandef,
332 IEEE80211_CHAN_NO_HE))
333 ret |= IEEE80211_STA_DISABLE_HE;
334
335 if (chandef->width != vht_chandef.width && !tracking)
336 sdata_info(sdata,
337 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
338
339 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef));
340 return ret;
341}
342
343static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
344 struct sta_info *sta,
345 const struct ieee80211_ht_cap *ht_cap,
346 const struct ieee80211_vht_cap *vht_cap,
347 const struct ieee80211_ht_operation *ht_oper,
348 const struct ieee80211_vht_operation *vht_oper,
349 const struct ieee80211_he_operation *he_oper,
350 const u8 *bssid, u32 *changed)
351{
352 struct ieee80211_local *local = sdata->local;
353 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
354 struct ieee80211_channel *chan = sdata->vif.bss_conf.chandef.chan;
355 struct ieee80211_supported_band *sband =
356 local->hw.wiphy->bands[chan->band];
357 struct cfg80211_chan_def chandef;
358 u16 ht_opmode;
359 u32 flags;
360 enum ieee80211_sta_rx_bandwidth new_sta_bw;
361 u32 vht_cap_info = 0;
362 int ret;
363
364
365 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper)
366 return 0;
367
368
369 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
370 vht_oper = NULL;
371
372
373 if (ifmgd->flags & IEEE80211_STA_DISABLE_HE ||
374 !ieee80211_get_he_sta_cap(sband))
375 he_oper = NULL;
376
377 if (WARN_ON_ONCE(!sta))
378 return -EINVAL;
379
380
381
382
383
384 ht_opmode = le16_to_cpu(ht_oper->operation_mode);
385 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
386 *changed |= BSS_CHANGED_HT;
387 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
388 }
389
390 if (vht_cap)
391 vht_cap_info = le32_to_cpu(vht_cap->vht_cap_info);
392
393
394 flags = ieee80211_determine_chantype(sdata, sband, chan, vht_cap_info,
395 ht_oper, vht_oper, he_oper,
396 &chandef, true);
397
398
399
400
401
402
403
404
405 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
406 chandef.width == NL80211_CHAN_WIDTH_80P80)
407 flags |= ieee80211_chandef_downgrade(&chandef);
408 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
409 chandef.width == NL80211_CHAN_WIDTH_160)
410 flags |= ieee80211_chandef_downgrade(&chandef);
411 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
412 chandef.width > NL80211_CHAN_WIDTH_20)
413 flags |= ieee80211_chandef_downgrade(&chandef);
414
415 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef))
416 return 0;
417
418 sdata_info(sdata,
419 "AP %pM changed bandwidth, new config is %d.%03d MHz, "
420 "width %d (%d.%03d/%d MHz)\n",
421 ifmgd->bssid, chandef.chan->center_freq,
422 chandef.chan->freq_offset, chandef.width,
423 chandef.center_freq1, chandef.freq1_offset,
424 chandef.center_freq2);
425
426 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
427 IEEE80211_STA_DISABLE_VHT |
428 IEEE80211_STA_DISABLE_HE |
429 IEEE80211_STA_DISABLE_40MHZ |
430 IEEE80211_STA_DISABLE_80P80MHZ |
431 IEEE80211_STA_DISABLE_160MHZ)) ||
432 !cfg80211_chandef_valid(&chandef)) {
433 sdata_info(sdata,
434 "AP %pM changed bandwidth in a way we can't support - disconnect\n",
435 ifmgd->bssid);
436 return -EINVAL;
437 }
438
439 switch (chandef.width) {
440 case NL80211_CHAN_WIDTH_20_NOHT:
441 case NL80211_CHAN_WIDTH_20:
442 new_sta_bw = IEEE80211_STA_RX_BW_20;
443 break;
444 case NL80211_CHAN_WIDTH_40:
445 new_sta_bw = IEEE80211_STA_RX_BW_40;
446 break;
447 case NL80211_CHAN_WIDTH_80:
448 new_sta_bw = IEEE80211_STA_RX_BW_80;
449 break;
450 case NL80211_CHAN_WIDTH_80P80:
451 case NL80211_CHAN_WIDTH_160:
452 new_sta_bw = IEEE80211_STA_RX_BW_160;
453 break;
454 default:
455 return -EINVAL;
456 }
457
458 if (new_sta_bw > sta->cur_max_bandwidth)
459 new_sta_bw = sta->cur_max_bandwidth;
460
461 if (new_sta_bw < sta->sta.bandwidth) {
462 sta->sta.bandwidth = new_sta_bw;
463 rate_control_rate_update(local, sband, sta,
464 IEEE80211_RC_BW_CHANGED);
465 }
466
467 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed);
468 if (ret) {
469 sdata_info(sdata,
470 "AP %pM changed bandwidth to incompatible one - disconnect\n",
471 ifmgd->bssid);
472 return ret;
473 }
474
475 if (new_sta_bw > sta->sta.bandwidth) {
476 sta->sta.bandwidth = new_sta_bw;
477 rate_control_rate_update(local, sband, sta,
478 IEEE80211_RC_BW_CHANGED);
479 }
480
481 return 0;
482}
483
484
485
486static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
487 struct sk_buff *skb, u8 ap_ht_param,
488 struct ieee80211_supported_band *sband,
489 struct ieee80211_channel *channel,
490 enum ieee80211_smps_mode smps)
491{
492 u8 *pos;
493 u32 flags = channel->flags;
494 u16 cap;
495 struct ieee80211_sta_ht_cap ht_cap;
496
497 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
498
499 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
500 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
501
502
503 cap = ht_cap.cap;
504
505 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
506 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
507 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
508 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
509 cap &= ~IEEE80211_HT_CAP_SGI_40;
510 }
511 break;
512 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
513 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
514 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
515 cap &= ~IEEE80211_HT_CAP_SGI_40;
516 }
517 break;
518 }
519
520
521
522
523
524
525 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
526 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
527 cap &= ~IEEE80211_HT_CAP_SGI_40;
528 }
529
530
531 cap &= ~IEEE80211_HT_CAP_SM_PS;
532 switch (smps) {
533 case IEEE80211_SMPS_AUTOMATIC:
534 case IEEE80211_SMPS_NUM_MODES:
535 WARN_ON(1);
536
537 case IEEE80211_SMPS_OFF:
538 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
539 IEEE80211_HT_CAP_SM_PS_SHIFT;
540 break;
541 case IEEE80211_SMPS_STATIC:
542 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
543 IEEE80211_HT_CAP_SM_PS_SHIFT;
544 break;
545 case IEEE80211_SMPS_DYNAMIC:
546 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
547 IEEE80211_HT_CAP_SM_PS_SHIFT;
548 break;
549 }
550
551
552 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
553 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
554}
555
556
557
558
559
560static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
561 struct sk_buff *skb,
562 struct ieee80211_supported_band *sband,
563 struct ieee80211_vht_cap *ap_vht_cap)
564{
565 struct ieee80211_local *local = sdata->local;
566 u8 *pos;
567 u32 cap;
568 struct ieee80211_sta_vht_cap vht_cap;
569 u32 mask, ap_bf_sts, our_bf_sts;
570
571 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
572
573 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
574 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
575
576
577 cap = vht_cap.cap;
578
579 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
580 u32 bw = cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
581
582 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
583 if (bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ ||
584 bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)
585 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
586 }
587
588 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
589 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
590 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
591 }
592
593
594
595
596
597 if (!(ap_vht_cap->vht_cap_info &
598 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
599 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
600 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
601 else if (!(ap_vht_cap->vht_cap_info &
602 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
603 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
604
605
606
607
608
609
610
611
612 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) {
613 bool disable_mu_mimo = false;
614 struct ieee80211_sub_if_data *other;
615
616 list_for_each_entry_rcu(other, &local->interfaces, list) {
617 if (other->vif.mu_mimo_owner) {
618 disable_mu_mimo = true;
619 break;
620 }
621 }
622 if (disable_mu_mimo)
623 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
624 else
625 sdata->vif.mu_mimo_owner = true;
626 }
627
628 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
629
630 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
631 our_bf_sts = cap & mask;
632
633 if (ap_bf_sts < our_bf_sts) {
634 cap &= ~mask;
635 cap |= ap_bf_sts;
636 }
637
638
639 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
640 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
641}
642
643
644
645
646static void ieee80211_add_he_ie(struct ieee80211_sub_if_data *sdata,
647 struct sk_buff *skb,
648 struct ieee80211_supported_band *sband)
649{
650 u8 *pos;
651 const struct ieee80211_sta_he_cap *he_cap = NULL;
652 struct ieee80211_chanctx_conf *chanctx_conf;
653 u8 he_cap_size;
654 bool reg_cap = false;
655
656 rcu_read_lock();
657 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
658 if (!WARN_ON_ONCE(!chanctx_conf))
659 reg_cap = cfg80211_chandef_usable(sdata->wdev.wiphy,
660 &chanctx_conf->def,
661 IEEE80211_CHAN_NO_HE);
662
663 rcu_read_unlock();
664
665 he_cap = ieee80211_get_he_sta_cap(sband);
666 if (!he_cap || !reg_cap)
667 return;
668
669
670
671
672
673 he_cap_size =
674 2 + 1 + sizeof(he_cap->he_cap_elem) +
675 ieee80211_he_mcs_nss_size(&he_cap->he_cap_elem) +
676 ieee80211_he_ppe_size(he_cap->ppe_thres[0],
677 he_cap->he_cap_elem.phy_cap_info);
678 pos = skb_put(skb, he_cap_size);
679 ieee80211_ie_build_he_cap(pos, he_cap, pos + he_cap_size);
680
681 ieee80211_ie_build_he_6ghz_cap(sdata, skb);
682}
683
684static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
685{
686 struct ieee80211_local *local = sdata->local;
687 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
688 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
689 struct sk_buff *skb;
690 struct ieee80211_mgmt *mgmt;
691 u8 *pos, qos_info, *ie_start;
692 size_t offset = 0, noffset;
693 int i, count, rates_len, supp_rates_len, shift;
694 u16 capab;
695 struct ieee80211_supported_band *sband;
696 struct ieee80211_chanctx_conf *chanctx_conf;
697 struct ieee80211_channel *chan;
698 u32 rates = 0;
699 struct element *ext_capa = NULL;
700
701
702 if (assoc_data->ie_len)
703 ext_capa = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
704 assoc_data->ie,
705 assoc_data->ie_len);
706
707 sdata_assert_lock(sdata);
708
709 rcu_read_lock();
710 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
711 if (WARN_ON(!chanctx_conf)) {
712 rcu_read_unlock();
713 return;
714 }
715 chan = chanctx_conf->def.chan;
716 rcu_read_unlock();
717 sband = local->hw.wiphy->bands[chan->band];
718 shift = ieee80211_vif_get_shift(&sdata->vif);
719
720 if (assoc_data->supp_rates_len) {
721
722
723
724
725
726
727 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband,
728 assoc_data->supp_rates,
729 assoc_data->supp_rates_len,
730 &rates);
731 } else {
732
733
734
735
736
737 rates_len = 0;
738 for (i = 0; i < sband->n_bitrates; i++) {
739 rates |= BIT(i);
740 rates_len++;
741 }
742 }
743
744 skb = alloc_skb(local->hw.extra_tx_headroom +
745 sizeof(*mgmt) +
746 2 + assoc_data->ssid_len +
747 4 + rates_len +
748 4 +
749 2 + 2 * sband->n_channels +
750 2 + sizeof(struct ieee80211_ht_cap) +
751 2 + sizeof(struct ieee80211_vht_cap) +
752 2 + 1 + sizeof(struct ieee80211_he_cap_elem) +
753 sizeof(struct ieee80211_he_mcs_nss_supp) +
754 IEEE80211_HE_PPE_THRES_MAX_LEN +
755 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa) +
756 assoc_data->ie_len +
757 (assoc_data->fils_kek_len ? 16 : 0) +
758 9,
759 GFP_KERNEL);
760 if (!skb)
761 return;
762
763 skb_reserve(skb, local->hw.extra_tx_headroom);
764
765 capab = WLAN_CAPABILITY_ESS;
766
767 if (sband->band == NL80211_BAND_2GHZ) {
768 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
769 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
770 }
771
772 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
773 capab |= WLAN_CAPABILITY_PRIVACY;
774
775 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
776 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT))
777 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
778
779 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM)
780 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
781
782 mgmt = skb_put_zero(skb, 24);
783 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
784 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
785 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
786
787 if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
788 skb_put(skb, 10);
789 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
790 IEEE80211_STYPE_REASSOC_REQ);
791 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
792 mgmt->u.reassoc_req.listen_interval =
793 cpu_to_le16(local->hw.conf.listen_interval);
794 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
795 ETH_ALEN);
796 } else {
797 skb_put(skb, 4);
798 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
799 IEEE80211_STYPE_ASSOC_REQ);
800 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
801 mgmt->u.assoc_req.listen_interval =
802 cpu_to_le16(local->hw.conf.listen_interval);
803 }
804
805
806 pos = skb_put(skb, 2 + assoc_data->ssid_len);
807 ie_start = pos;
808 *pos++ = WLAN_EID_SSID;
809 *pos++ = assoc_data->ssid_len;
810 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
811
812
813 supp_rates_len = rates_len;
814 if (supp_rates_len > 8)
815 supp_rates_len = 8;
816
817 pos = skb_put(skb, supp_rates_len + 2);
818 *pos++ = WLAN_EID_SUPP_RATES;
819 *pos++ = supp_rates_len;
820
821 count = 0;
822 for (i = 0; i < sband->n_bitrates; i++) {
823 if (BIT(i) & rates) {
824 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
825 5 * (1 << shift));
826 *pos++ = (u8) rate;
827 if (++count == 8)
828 break;
829 }
830 }
831
832 if (rates_len > count) {
833 pos = skb_put(skb, rates_len - count + 2);
834 *pos++ = WLAN_EID_EXT_SUPP_RATES;
835 *pos++ = rates_len - count;
836
837 for (i++; i < sband->n_bitrates; i++) {
838 if (BIT(i) & rates) {
839 int rate;
840 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
841 5 * (1 << shift));
842 *pos++ = (u8) rate;
843 }
844 }
845 }
846
847 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT ||
848 capab & WLAN_CAPABILITY_RADIO_MEASURE) {
849 pos = skb_put(skb, 4);
850 *pos++ = WLAN_EID_PWR_CAPABILITY;
851 *pos++ = 2;
852 *pos++ = 0;
853
854 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def);
855 }
856
857
858
859
860
861
862 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT &&
863 (sband->band != NL80211_BAND_6GHZ ||
864 !ext_capa || ext_capa->datalen < 1 ||
865 !(ext_capa->data[0] & WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING))) {
866
867 pos = skb_put(skb, 2 * sband->n_channels + 2);
868 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
869 *pos++ = 2 * sband->n_channels;
870 for (i = 0; i < sband->n_channels; i++) {
871 *pos++ = ieee80211_frequency_to_channel(
872 sband->channels[i].center_freq);
873 *pos++ = 1;
874 }
875 }
876
877
878 if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) &&
879 !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && assoc_data->ie_len &&
880 ext_capa && ext_capa->datalen >= 3)
881 ext_capa->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT;
882
883
884 if (assoc_data->ie_len) {
885 static const u8 before_ht[] = {
886 WLAN_EID_SSID,
887 WLAN_EID_SUPP_RATES,
888 WLAN_EID_EXT_SUPP_RATES,
889 WLAN_EID_PWR_CAPABILITY,
890 WLAN_EID_SUPPORTED_CHANNELS,
891 WLAN_EID_RSN,
892 WLAN_EID_QOS_CAPA,
893 WLAN_EID_RRM_ENABLED_CAPABILITIES,
894 WLAN_EID_MOBILITY_DOMAIN,
895 WLAN_EID_FAST_BSS_TRANSITION,
896 WLAN_EID_RIC_DATA,
897 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
898 };
899 static const u8 after_ric[] = {
900 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
901 WLAN_EID_HT_CAPABILITY,
902 WLAN_EID_BSS_COEX_2040,
903
904 WLAN_EID_EXT_CAPABILITY,
905 WLAN_EID_QOS_TRAFFIC_CAPA,
906 WLAN_EID_TIM_BCAST_REQ,
907 WLAN_EID_INTERWORKING,
908
909 WLAN_EID_VHT_CAPABILITY,
910 WLAN_EID_OPMODE_NOTIF,
911 };
912
913 noffset = ieee80211_ie_split_ric(assoc_data->ie,
914 assoc_data->ie_len,
915 before_ht,
916 ARRAY_SIZE(before_ht),
917 after_ric,
918 ARRAY_SIZE(after_ric),
919 offset);
920 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
921 offset = noffset;
922 }
923
924 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
925 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)))
926 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
927
928 if (sband->band != NL80211_BAND_6GHZ &&
929 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
930 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
931 sband, chan, sdata->smps_mode);
932
933
934 if (assoc_data->ie_len) {
935 static const u8 before_vht[] = {
936
937
938
939
940 WLAN_EID_BSS_COEX_2040,
941 WLAN_EID_EXT_CAPABILITY,
942 WLAN_EID_QOS_TRAFFIC_CAPA,
943 WLAN_EID_TIM_BCAST_REQ,
944 WLAN_EID_INTERWORKING,
945
946 };
947
948
949 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
950 before_vht, ARRAY_SIZE(before_vht),
951 offset);
952 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
953 offset = noffset;
954 }
955
956
957 if (assoc_data->ie_len) {
958 static const u8 before_he[] = {
959
960
961
962
963 WLAN_EID_OPMODE_NOTIF,
964 WLAN_EID_EXTENSION, WLAN_EID_EXT_FUTURE_CHAN_GUIDANCE,
965
966 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_SESSION,
967 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_PUBLIC_KEY,
968 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_KEY_CONFIRM,
969 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_HLP_CONTAINER,
970 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_IP_ADDR_ASSIGN,
971
972 };
973
974
975 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
976 before_he, ARRAY_SIZE(before_he),
977 offset);
978 pos = skb_put(skb, noffset - offset);
979 memcpy(pos, assoc_data->ie + offset, noffset - offset);
980 offset = noffset;
981 }
982
983 if (sband->band != NL80211_BAND_6GHZ &&
984 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
985 ieee80211_add_vht_ie(sdata, skb, sband,
986 &assoc_data->ap_vht_cap);
987
988
989
990
991
992 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT ||
993 (sband->band == NL80211_BAND_5GHZ &&
994 ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
995 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
996
997 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
998 ieee80211_add_he_ie(sdata, skb, sband);
999
1000
1001 if (assoc_data->ie_len) {
1002 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
1003 assoc_data->ie_len,
1004 offset);
1005 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1006 offset = noffset;
1007 }
1008
1009 if (assoc_data->wmm) {
1010 if (assoc_data->uapsd) {
1011 qos_info = ifmgd->uapsd_queues;
1012 qos_info |= (ifmgd->uapsd_max_sp_len <<
1013 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
1014 } else {
1015 qos_info = 0;
1016 }
1017
1018 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
1019 }
1020
1021
1022 if (assoc_data->ie_len) {
1023 noffset = assoc_data->ie_len;
1024 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1025 }
1026
1027 if (assoc_data->fils_kek_len &&
1028 fils_encrypt_assoc_req(skb, assoc_data) < 0) {
1029 dev_kfree_skb(skb);
1030 return;
1031 }
1032
1033 pos = skb_tail_pointer(skb);
1034 kfree(ifmgd->assoc_req_ies);
1035 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC);
1036 ifmgd->assoc_req_ies_len = pos - ie_start;
1037
1038 drv_mgd_prepare_tx(local, sdata, 0);
1039
1040 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1041 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1042 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
1043 IEEE80211_TX_INTFL_MLME_CONN_TX;
1044 ieee80211_tx_skb(sdata, skb);
1045}
1046
1047void ieee80211_send_pspoll(struct ieee80211_local *local,
1048 struct ieee80211_sub_if_data *sdata)
1049{
1050 struct ieee80211_pspoll *pspoll;
1051 struct sk_buff *skb;
1052
1053 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
1054 if (!skb)
1055 return;
1056
1057 pspoll = (struct ieee80211_pspoll *) skb->data;
1058 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
1059
1060 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1061 ieee80211_tx_skb(sdata, skb);
1062}
1063
1064void ieee80211_send_nullfunc(struct ieee80211_local *local,
1065 struct ieee80211_sub_if_data *sdata,
1066 bool powersave)
1067{
1068 struct sk_buff *skb;
1069 struct ieee80211_hdr_3addr *nullfunc;
1070 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1071
1072
1073 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
1074 !(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
1075 return;
1076
1077 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif,
1078 !ieee80211_hw_check(&local->hw, DOESNT_SUPPORT_QOS_NDP));
1079 if (!skb)
1080 return;
1081
1082 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
1083 if (powersave)
1084 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
1085
1086 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
1087 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
1088
1089 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1090 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
1091
1092 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
1093 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
1094
1095 ieee80211_tx_skb(sdata, skb);
1096}
1097
1098static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
1099 struct ieee80211_sub_if_data *sdata)
1100{
1101 struct sk_buff *skb;
1102 struct ieee80211_hdr *nullfunc;
1103 __le16 fc;
1104
1105 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1106 return;
1107
1108
1109 if (!(sdata->u.mgd.flags & IEEE80211_STA_DISABLE_HE))
1110 return;
1111
1112 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
1113 if (!skb)
1114 return;
1115
1116 skb_reserve(skb, local->hw.extra_tx_headroom);
1117
1118 nullfunc = skb_put_zero(skb, 30);
1119 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
1120 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1121 nullfunc->frame_control = fc;
1122 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
1123 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
1124 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
1125 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
1126
1127 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1128 ieee80211_tx_skb(sdata, skb);
1129}
1130
1131
1132static void ieee80211_chswitch_work(struct work_struct *work)
1133{
1134 struct ieee80211_sub_if_data *sdata =
1135 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
1136 struct ieee80211_local *local = sdata->local;
1137 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1138 int ret;
1139
1140 if (!ieee80211_sdata_running(sdata))
1141 return;
1142
1143 sdata_lock(sdata);
1144 mutex_lock(&local->mtx);
1145 mutex_lock(&local->chanctx_mtx);
1146
1147 if (!ifmgd->associated)
1148 goto out;
1149
1150 if (!sdata->vif.csa_active)
1151 goto out;
1152
1153
1154
1155
1156
1157
1158
1159
1160 if (sdata->reserved_chanctx) {
1161 struct ieee80211_supported_band *sband = NULL;
1162 struct sta_info *mgd_sta = NULL;
1163 enum ieee80211_sta_rx_bandwidth bw = IEEE80211_STA_RX_BW_20;
1164
1165
1166
1167
1168
1169
1170 if (sdata->reserved_ready)
1171 goto out;
1172
1173 if (sdata->vif.bss_conf.chandef.width !=
1174 sdata->csa_chandef.width) {
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185 switch (sdata->csa_chandef.width) {
1186 case NL80211_CHAN_WIDTH_20_NOHT:
1187 case NL80211_CHAN_WIDTH_20:
1188 default:
1189 bw = IEEE80211_STA_RX_BW_20;
1190 break;
1191 case NL80211_CHAN_WIDTH_40:
1192 bw = IEEE80211_STA_RX_BW_40;
1193 break;
1194 case NL80211_CHAN_WIDTH_80:
1195 bw = IEEE80211_STA_RX_BW_80;
1196 break;
1197 case NL80211_CHAN_WIDTH_80P80:
1198 case NL80211_CHAN_WIDTH_160:
1199 bw = IEEE80211_STA_RX_BW_160;
1200 break;
1201 }
1202
1203 mgd_sta = sta_info_get(sdata, ifmgd->bssid);
1204 sband =
1205 local->hw.wiphy->bands[sdata->csa_chandef.chan->band];
1206 }
1207
1208 if (sdata->vif.bss_conf.chandef.width >
1209 sdata->csa_chandef.width) {
1210 mgd_sta->sta.bandwidth = bw;
1211 rate_control_rate_update(local, sband, mgd_sta,
1212 IEEE80211_RC_BW_CHANGED);
1213 }
1214
1215 ret = ieee80211_vif_use_reserved_context(sdata);
1216 if (ret) {
1217 sdata_info(sdata,
1218 "failed to use reserved channel context, disconnecting (err=%d)\n",
1219 ret);
1220 ieee80211_queue_work(&sdata->local->hw,
1221 &ifmgd->csa_connection_drop_work);
1222 goto out;
1223 }
1224
1225 if (sdata->vif.bss_conf.chandef.width <
1226 sdata->csa_chandef.width) {
1227 mgd_sta->sta.bandwidth = bw;
1228 rate_control_rate_update(local, sband, mgd_sta,
1229 IEEE80211_RC_BW_CHANGED);
1230 }
1231
1232 goto out;
1233 }
1234
1235 if (!cfg80211_chandef_identical(&sdata->vif.bss_conf.chandef,
1236 &sdata->csa_chandef)) {
1237 sdata_info(sdata,
1238 "failed to finalize channel switch, disconnecting\n");
1239 ieee80211_queue_work(&sdata->local->hw,
1240 &ifmgd->csa_connection_drop_work);
1241 goto out;
1242 }
1243
1244 ifmgd->csa_waiting_bcn = true;
1245
1246 ieee80211_sta_reset_beacon_monitor(sdata);
1247 ieee80211_sta_reset_conn_monitor(sdata);
1248
1249out:
1250 mutex_unlock(&local->chanctx_mtx);
1251 mutex_unlock(&local->mtx);
1252 sdata_unlock(sdata);
1253}
1254
1255static void ieee80211_chswitch_post_beacon(struct ieee80211_sub_if_data *sdata)
1256{
1257 struct ieee80211_local *local = sdata->local;
1258 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1259 int ret;
1260
1261 sdata_assert_lock(sdata);
1262
1263 WARN_ON(!sdata->vif.csa_active);
1264
1265 if (sdata->csa_block_tx) {
1266 ieee80211_wake_vif_queues(local, sdata,
1267 IEEE80211_QUEUE_STOP_REASON_CSA);
1268 sdata->csa_block_tx = false;
1269 }
1270
1271 sdata->vif.csa_active = false;
1272 ifmgd->csa_waiting_bcn = false;
1273
1274 ret = drv_post_channel_switch(sdata);
1275 if (ret) {
1276 sdata_info(sdata,
1277 "driver post channel switch failed, disconnecting\n");
1278 ieee80211_queue_work(&local->hw,
1279 &ifmgd->csa_connection_drop_work);
1280 return;
1281 }
1282
1283 cfg80211_ch_switch_notify(sdata->dev, &sdata->reserved_chandef);
1284}
1285
1286void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
1287{
1288 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1289 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1290
1291 trace_api_chswitch_done(sdata, success);
1292 if (!success) {
1293 sdata_info(sdata,
1294 "driver channel switch failed, disconnecting\n");
1295 ieee80211_queue_work(&sdata->local->hw,
1296 &ifmgd->csa_connection_drop_work);
1297 } else {
1298 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1299 }
1300}
1301EXPORT_SYMBOL(ieee80211_chswitch_done);
1302
1303static void ieee80211_chswitch_timer(struct timer_list *t)
1304{
1305 struct ieee80211_sub_if_data *sdata =
1306 from_timer(sdata, t, u.mgd.chswitch_timer);
1307
1308 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
1309}
1310
1311static void
1312ieee80211_sta_abort_chanswitch(struct ieee80211_sub_if_data *sdata)
1313{
1314 struct ieee80211_local *local = sdata->local;
1315
1316 if (!local->ops->abort_channel_switch)
1317 return;
1318
1319 mutex_lock(&local->mtx);
1320
1321 mutex_lock(&local->chanctx_mtx);
1322 ieee80211_vif_unreserve_chanctx(sdata);
1323 mutex_unlock(&local->chanctx_mtx);
1324
1325 if (sdata->csa_block_tx)
1326 ieee80211_wake_vif_queues(local, sdata,
1327 IEEE80211_QUEUE_STOP_REASON_CSA);
1328
1329 sdata->csa_block_tx = false;
1330 sdata->vif.csa_active = false;
1331
1332 mutex_unlock(&local->mtx);
1333
1334 drv_abort_channel_switch(sdata);
1335}
1336
1337static void
1338ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1339 u64 timestamp, u32 device_timestamp,
1340 struct ieee802_11_elems *elems,
1341 bool beacon)
1342{
1343 struct ieee80211_local *local = sdata->local;
1344 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1345 struct cfg80211_bss *cbss = ifmgd->associated;
1346 struct ieee80211_chanctx_conf *conf;
1347 struct ieee80211_chanctx *chanctx;
1348 enum nl80211_band current_band;
1349 struct ieee80211_csa_ie csa_ie;
1350 struct ieee80211_channel_switch ch_switch;
1351 struct ieee80211_bss *bss;
1352 int res;
1353
1354 sdata_assert_lock(sdata);
1355
1356 if (!cbss)
1357 return;
1358
1359 if (local->scanning)
1360 return;
1361
1362 current_band = cbss->channel->band;
1363 bss = (void *)cbss->priv;
1364 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band,
1365 bss->vht_cap_info,
1366 ifmgd->flags,
1367 ifmgd->associated->bssid, &csa_ie);
1368
1369 if (!res) {
1370 ch_switch.timestamp = timestamp;
1371 ch_switch.device_timestamp = device_timestamp;
1372 ch_switch.block_tx = csa_ie.mode;
1373 ch_switch.chandef = csa_ie.chandef;
1374 ch_switch.count = csa_ie.count;
1375 ch_switch.delay = csa_ie.max_switch_time;
1376 }
1377
1378 if (res < 0) {
1379 ieee80211_queue_work(&local->hw,
1380 &ifmgd->csa_connection_drop_work);
1381 return;
1382 }
1383
1384 if (beacon && sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) {
1385 if (res)
1386 ieee80211_sta_abort_chanswitch(sdata);
1387 else
1388 drv_channel_switch_rx_beacon(sdata, &ch_switch);
1389 return;
1390 } else if (sdata->vif.csa_active || res) {
1391
1392 return;
1393 }
1394
1395 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef,
1396 IEEE80211_CHAN_DISABLED)) {
1397 sdata_info(sdata,
1398 "AP %pM switches to unsupported channel "
1399 "(%d.%03d MHz, width:%d, CF1/2: %d.%03d/%d MHz), "
1400 "disconnecting\n",
1401 ifmgd->associated->bssid,
1402 csa_ie.chandef.chan->center_freq,
1403 csa_ie.chandef.chan->freq_offset,
1404 csa_ie.chandef.width, csa_ie.chandef.center_freq1,
1405 csa_ie.chandef.freq1_offset,
1406 csa_ie.chandef.center_freq2);
1407 ieee80211_queue_work(&local->hw,
1408 &ifmgd->csa_connection_drop_work);
1409 return;
1410 }
1411
1412 if (cfg80211_chandef_identical(&csa_ie.chandef,
1413 &sdata->vif.bss_conf.chandef) &&
1414 (!csa_ie.mode || !beacon)) {
1415 if (ifmgd->csa_ignored_same_chan)
1416 return;
1417 sdata_info(sdata,
1418 "AP %pM tries to chanswitch to same channel, ignore\n",
1419 ifmgd->associated->bssid);
1420 ifmgd->csa_ignored_same_chan = true;
1421 return;
1422 }
1423
1424
1425
1426
1427
1428
1429
1430 ieee80211_teardown_tdls_peers(sdata);
1431
1432 mutex_lock(&local->mtx);
1433 mutex_lock(&local->chanctx_mtx);
1434 conf = rcu_dereference_protected(sdata->vif.chanctx_conf,
1435 lockdep_is_held(&local->chanctx_mtx));
1436 if (!conf) {
1437 sdata_info(sdata,
1438 "no channel context assigned to vif?, disconnecting\n");
1439 goto drop_connection;
1440 }
1441
1442 chanctx = container_of(conf, struct ieee80211_chanctx, conf);
1443
1444 if (local->use_chanctx &&
1445 !ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) {
1446 sdata_info(sdata,
1447 "driver doesn't support chan-switch with channel contexts\n");
1448 goto drop_connection;
1449 }
1450
1451 if (drv_pre_channel_switch(sdata, &ch_switch)) {
1452 sdata_info(sdata,
1453 "preparing for channel switch failed, disconnecting\n");
1454 goto drop_connection;
1455 }
1456
1457 res = ieee80211_vif_reserve_chanctx(sdata, &csa_ie.chandef,
1458 chanctx->mode, false);
1459 if (res) {
1460 sdata_info(sdata,
1461 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n",
1462 res);
1463 goto drop_connection;
1464 }
1465 mutex_unlock(&local->chanctx_mtx);
1466
1467 sdata->vif.csa_active = true;
1468 sdata->csa_chandef = csa_ie.chandef;
1469 sdata->csa_block_tx = csa_ie.mode;
1470 ifmgd->csa_ignored_same_chan = false;
1471
1472 if (sdata->csa_block_tx)
1473 ieee80211_stop_vif_queues(local, sdata,
1474 IEEE80211_QUEUE_STOP_REASON_CSA);
1475 mutex_unlock(&local->mtx);
1476
1477 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chandef,
1478 csa_ie.count);
1479
1480 if (local->ops->channel_switch) {
1481
1482 drv_channel_switch(local, sdata, &ch_switch);
1483 return;
1484 }
1485
1486
1487 if (csa_ie.count <= 1)
1488 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work);
1489 else
1490 mod_timer(&ifmgd->chswitch_timer,
1491 TU_TO_EXP_TIME((csa_ie.count - 1) *
1492 cbss->beacon_interval));
1493 return;
1494 drop_connection:
1495
1496
1497
1498
1499
1500
1501
1502 sdata->vif.csa_active = true;
1503 sdata->csa_block_tx = csa_ie.mode;
1504
1505 ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work);
1506 mutex_unlock(&local->chanctx_mtx);
1507 mutex_unlock(&local->mtx);
1508}
1509
1510static bool
1511ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata,
1512 struct ieee80211_channel *channel,
1513 const u8 *country_ie, u8 country_ie_len,
1514 const u8 *pwr_constr_elem,
1515 int *chan_pwr, int *pwr_reduction)
1516{
1517 struct ieee80211_country_ie_triplet *triplet;
1518 int chan = ieee80211_frequency_to_channel(channel->center_freq);
1519 int i, chan_increment;
1520 bool have_chan_pwr = false;
1521
1522
1523 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
1524 return false;
1525
1526 triplet = (void *)(country_ie + 3);
1527 country_ie_len -= 3;
1528
1529 switch (channel->band) {
1530 default:
1531 WARN_ON_ONCE(1);
1532
1533 case NL80211_BAND_2GHZ:
1534 case NL80211_BAND_60GHZ:
1535 chan_increment = 1;
1536 break;
1537 case NL80211_BAND_5GHZ:
1538 case NL80211_BAND_6GHZ:
1539 chan_increment = 4;
1540 break;
1541 }
1542
1543
1544 while (country_ie_len >= 3) {
1545 u8 first_channel = triplet->chans.first_channel;
1546
1547 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
1548 goto next;
1549
1550 for (i = 0; i < triplet->chans.num_channels; i++) {
1551 if (first_channel + i * chan_increment == chan) {
1552 have_chan_pwr = true;
1553 *chan_pwr = triplet->chans.max_power;
1554 break;
1555 }
1556 }
1557 if (have_chan_pwr)
1558 break;
1559
1560 next:
1561 triplet++;
1562 country_ie_len -= 3;
1563 }
1564
1565 if (have_chan_pwr && pwr_constr_elem)
1566 *pwr_reduction = *pwr_constr_elem;
1567 else
1568 *pwr_reduction = 0;
1569
1570 return have_chan_pwr;
1571}
1572
1573static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata,
1574 struct ieee80211_channel *channel,
1575 const u8 *cisco_dtpc_ie,
1576 int *pwr_level)
1577{
1578
1579
1580
1581
1582
1583
1584 *pwr_level = (__s8)cisco_dtpc_ie[4];
1585}
1586
1587static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
1588 struct ieee80211_channel *channel,
1589 struct ieee80211_mgmt *mgmt,
1590 const u8 *country_ie, u8 country_ie_len,
1591 const u8 *pwr_constr_ie,
1592 const u8 *cisco_dtpc_ie)
1593{
1594 bool has_80211h_pwr = false, has_cisco_pwr = false;
1595 int chan_pwr = 0, pwr_reduction_80211h = 0;
1596 int pwr_level_cisco, pwr_level_80211h;
1597 int new_ap_level;
1598 __le16 capab = mgmt->u.probe_resp.capab_info;
1599
1600 if (country_ie &&
1601 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) ||
1602 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) {
1603 has_80211h_pwr = ieee80211_find_80211h_pwr_constr(
1604 sdata, channel, country_ie, country_ie_len,
1605 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h);
1606 pwr_level_80211h =
1607 max_t(int, 0, chan_pwr - pwr_reduction_80211h);
1608 }
1609
1610 if (cisco_dtpc_ie) {
1611 ieee80211_find_cisco_dtpc(
1612 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco);
1613 has_cisco_pwr = true;
1614 }
1615
1616 if (!has_80211h_pwr && !has_cisco_pwr)
1617 return 0;
1618
1619
1620
1621
1622 if (has_80211h_pwr &&
1623 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) {
1624 new_ap_level = pwr_level_80211h;
1625
1626 if (sdata->ap_power_level == new_ap_level)
1627 return 0;
1628
1629 sdata_dbg(sdata,
1630 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1631 pwr_level_80211h, chan_pwr, pwr_reduction_80211h,
1632 sdata->u.mgd.bssid);
1633 } else {
1634 new_ap_level = pwr_level_cisco;
1635
1636 if (sdata->ap_power_level == new_ap_level)
1637 return 0;
1638
1639 sdata_dbg(sdata,
1640 "Limiting TX power to %d dBm as advertised by %pM\n",
1641 pwr_level_cisco, sdata->u.mgd.bssid);
1642 }
1643
1644 sdata->ap_power_level = new_ap_level;
1645 if (__ieee80211_recalc_txpower(sdata))
1646 return BSS_CHANGED_TXPOWER;
1647 return 0;
1648}
1649
1650
1651static void ieee80211_enable_ps(struct ieee80211_local *local,
1652 struct ieee80211_sub_if_data *sdata)
1653{
1654 struct ieee80211_conf *conf = &local->hw.conf;
1655
1656
1657
1658
1659
1660 if (local->scanning)
1661 return;
1662
1663 if (conf->dynamic_ps_timeout > 0 &&
1664 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
1665 mod_timer(&local->dynamic_ps_timer, jiffies +
1666 msecs_to_jiffies(conf->dynamic_ps_timeout));
1667 } else {
1668 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
1669 ieee80211_send_nullfunc(local, sdata, true);
1670
1671 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
1672 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1673 return;
1674
1675 conf->flags |= IEEE80211_CONF_PS;
1676 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1677 }
1678}
1679
1680static void ieee80211_change_ps(struct ieee80211_local *local)
1681{
1682 struct ieee80211_conf *conf = &local->hw.conf;
1683
1684 if (local->ps_sdata) {
1685 ieee80211_enable_ps(local, local->ps_sdata);
1686 } else if (conf->flags & IEEE80211_CONF_PS) {
1687 conf->flags &= ~IEEE80211_CONF_PS;
1688 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1689 del_timer_sync(&local->dynamic_ps_timer);
1690 cancel_work_sync(&local->dynamic_ps_enable_work);
1691 }
1692}
1693
1694static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
1695{
1696 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
1697 struct sta_info *sta = NULL;
1698 bool authorized = false;
1699
1700 if (!mgd->powersave)
1701 return false;
1702
1703 if (mgd->broken_ap)
1704 return false;
1705
1706 if (!mgd->associated)
1707 return false;
1708
1709 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
1710 return false;
1711
1712 if (!mgd->have_beacon)
1713 return false;
1714
1715 rcu_read_lock();
1716 sta = sta_info_get(sdata, mgd->bssid);
1717 if (sta)
1718 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1719 rcu_read_unlock();
1720
1721 return authorized;
1722}
1723
1724
1725void ieee80211_recalc_ps(struct ieee80211_local *local)
1726{
1727 struct ieee80211_sub_if_data *sdata, *found = NULL;
1728 int count = 0;
1729 int timeout;
1730
1731 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS)) {
1732 local->ps_sdata = NULL;
1733 return;
1734 }
1735
1736 list_for_each_entry(sdata, &local->interfaces, list) {
1737 if (!ieee80211_sdata_running(sdata))
1738 continue;
1739 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1740
1741
1742
1743
1744 count = 0;
1745 break;
1746 }
1747 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1748 continue;
1749 found = sdata;
1750 count++;
1751 }
1752
1753 if (count == 1 && ieee80211_powersave_allowed(found)) {
1754 u8 dtimper = found->u.mgd.dtim_period;
1755
1756 timeout = local->dynamic_ps_forced_timeout;
1757 if (timeout < 0)
1758 timeout = 100;
1759 local->hw.conf.dynamic_ps_timeout = timeout;
1760
1761
1762 if (!dtimper)
1763 dtimper = 1;
1764
1765 local->hw.conf.ps_dtim_period = dtimper;
1766 local->ps_sdata = found;
1767 } else {
1768 local->ps_sdata = NULL;
1769 }
1770
1771 ieee80211_change_ps(local);
1772}
1773
1774void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1775{
1776 bool ps_allowed = ieee80211_powersave_allowed(sdata);
1777
1778 if (sdata->vif.bss_conf.ps != ps_allowed) {
1779 sdata->vif.bss_conf.ps = ps_allowed;
1780 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1781 }
1782}
1783
1784void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1785{
1786 struct ieee80211_local *local =
1787 container_of(work, struct ieee80211_local,
1788 dynamic_ps_disable_work);
1789
1790 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1791 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1792 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1793 }
1794
1795 ieee80211_wake_queues_by_reason(&local->hw,
1796 IEEE80211_MAX_QUEUE_MAP,
1797 IEEE80211_QUEUE_STOP_REASON_PS,
1798 false);
1799}
1800
1801void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1802{
1803 struct ieee80211_local *local =
1804 container_of(work, struct ieee80211_local,
1805 dynamic_ps_enable_work);
1806 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1807 struct ieee80211_if_managed *ifmgd;
1808 unsigned long flags;
1809 int q;
1810
1811
1812 if (!sdata)
1813 return;
1814
1815 ifmgd = &sdata->u.mgd;
1816
1817 if (local->hw.conf.flags & IEEE80211_CONF_PS)
1818 return;
1819
1820 if (local->hw.conf.dynamic_ps_timeout > 0) {
1821
1822 if (drv_tx_frames_pending(local)) {
1823 mod_timer(&local->dynamic_ps_timer, jiffies +
1824 msecs_to_jiffies(
1825 local->hw.conf.dynamic_ps_timeout));
1826 return;
1827 }
1828
1829
1830
1831
1832
1833
1834 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1835 for (q = 0; q < local->hw.queues; q++) {
1836 if (local->queue_stop_reasons[q]) {
1837 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1838 flags);
1839 mod_timer(&local->dynamic_ps_timer, jiffies +
1840 msecs_to_jiffies(
1841 local->hw.conf.dynamic_ps_timeout));
1842 return;
1843 }
1844 }
1845 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1846 }
1847
1848 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
1849 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1850 if (drv_tx_frames_pending(local)) {
1851 mod_timer(&local->dynamic_ps_timer, jiffies +
1852 msecs_to_jiffies(
1853 local->hw.conf.dynamic_ps_timeout));
1854 } else {
1855 ieee80211_send_nullfunc(local, sdata, true);
1856
1857 ieee80211_flush_queues(local, sdata, false);
1858 }
1859 }
1860
1861 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
1862 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) ||
1863 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1864 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1865 local->hw.conf.flags |= IEEE80211_CONF_PS;
1866 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1867 }
1868}
1869
1870void ieee80211_dynamic_ps_timer(struct timer_list *t)
1871{
1872 struct ieee80211_local *local = from_timer(local, t, dynamic_ps_timer);
1873
1874 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1875}
1876
1877void ieee80211_dfs_cac_timer_work(struct work_struct *work)
1878{
1879 struct delayed_work *delayed_work = to_delayed_work(work);
1880 struct ieee80211_sub_if_data *sdata =
1881 container_of(delayed_work, struct ieee80211_sub_if_data,
1882 dfs_cac_timer_work);
1883 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef;
1884
1885 mutex_lock(&sdata->local->mtx);
1886 if (sdata->wdev.cac_started) {
1887 ieee80211_vif_release_channel(sdata);
1888 cfg80211_cac_event(sdata->dev, &chandef,
1889 NL80211_RADAR_CAC_FINISHED,
1890 GFP_KERNEL);
1891 }
1892 mutex_unlock(&sdata->local->mtx);
1893}
1894
1895static bool
1896__ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
1897{
1898 struct ieee80211_local *local = sdata->local;
1899 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1900 bool ret = false;
1901 int ac;
1902
1903 if (local->hw.queues < IEEE80211_NUM_ACS)
1904 return false;
1905
1906 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1907 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
1908 int non_acm_ac;
1909 unsigned long now = jiffies;
1910
1911 if (tx_tspec->action == TX_TSPEC_ACTION_NONE &&
1912 tx_tspec->admitted_time &&
1913 time_after(now, tx_tspec->time_slice_start + HZ)) {
1914 tx_tspec->consumed_tx_time = 0;
1915 tx_tspec->time_slice_start = now;
1916
1917 if (tx_tspec->downgraded)
1918 tx_tspec->action =
1919 TX_TSPEC_ACTION_STOP_DOWNGRADE;
1920 }
1921
1922 switch (tx_tspec->action) {
1923 case TX_TSPEC_ACTION_STOP_DOWNGRADE:
1924
1925 if (drv_conf_tx(local, sdata, ac, &sdata->tx_conf[ac]))
1926 sdata_err(sdata,
1927 "failed to set TX queue parameters for queue %d\n",
1928 ac);
1929 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1930 tx_tspec->downgraded = false;
1931 ret = true;
1932 break;
1933 case TX_TSPEC_ACTION_DOWNGRADE:
1934 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
1935 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1936 ret = true;
1937 break;
1938 }
1939
1940 for (non_acm_ac = ac + 1;
1941 non_acm_ac < IEEE80211_NUM_ACS;
1942 non_acm_ac++)
1943 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac)))
1944 break;
1945
1946
1947
1948
1949
1950
1951
1952 if (non_acm_ac >= IEEE80211_NUM_ACS)
1953 non_acm_ac = IEEE80211_AC_BK;
1954 if (drv_conf_tx(local, sdata, ac,
1955 &sdata->tx_conf[non_acm_ac]))
1956 sdata_err(sdata,
1957 "failed to set TX queue parameters for queue %d\n",
1958 ac);
1959 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1960 ret = true;
1961 schedule_delayed_work(&ifmgd->tx_tspec_wk,
1962 tx_tspec->time_slice_start + HZ - now + 1);
1963 break;
1964 case TX_TSPEC_ACTION_NONE:
1965
1966 break;
1967 }
1968 }
1969
1970 return ret;
1971}
1972
1973void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
1974{
1975 if (__ieee80211_sta_handle_tspec_ac_params(sdata))
1976 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS);
1977}
1978
1979static void ieee80211_sta_handle_tspec_ac_params_wk(struct work_struct *work)
1980{
1981 struct ieee80211_sub_if_data *sdata;
1982
1983 sdata = container_of(work, struct ieee80211_sub_if_data,
1984 u.mgd.tx_tspec_wk.work);
1985 ieee80211_sta_handle_tspec_ac_params(sdata);
1986}
1987
1988
1989static bool
1990ieee80211_sta_wmm_params(struct ieee80211_local *local,
1991 struct ieee80211_sub_if_data *sdata,
1992 const u8 *wmm_param, size_t wmm_param_len,
1993 const struct ieee80211_mu_edca_param_set *mu_edca)
1994{
1995 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS];
1996 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1997 size_t left;
1998 int count, mu_edca_count, ac;
1999 const u8 *pos;
2000 u8 uapsd_queues = 0;
2001
2002 if (!local->ops->conf_tx)
2003 return false;
2004
2005 if (local->hw.queues < IEEE80211_NUM_ACS)
2006 return false;
2007
2008 if (!wmm_param)
2009 return false;
2010
2011 if (wmm_param_len < 8 || wmm_param[5] != 1)
2012 return false;
2013
2014 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
2015 uapsd_queues = ifmgd->uapsd_queues;
2016
2017 count = wmm_param[6] & 0x0f;
2018
2019
2020
2021
2022 mu_edca_count = mu_edca ? mu_edca->mu_qos_info & 0x0f : -1;
2023 if (count == ifmgd->wmm_last_param_set &&
2024 mu_edca_count == ifmgd->mu_edca_last_param_set)
2025 return false;
2026 ifmgd->wmm_last_param_set = count;
2027 ifmgd->mu_edca_last_param_set = mu_edca_count;
2028
2029 pos = wmm_param + 8;
2030 left = wmm_param_len - 8;
2031
2032 memset(¶ms, 0, sizeof(params));
2033
2034 sdata->wmm_acm = 0;
2035 for (; left >= 4; left -= 4, pos += 4) {
2036 int aci = (pos[0] >> 5) & 0x03;
2037 int acm = (pos[0] >> 4) & 0x01;
2038 bool uapsd = false;
2039
2040 switch (aci) {
2041 case 1:
2042 ac = IEEE80211_AC_BK;
2043 if (acm)
2044 sdata->wmm_acm |= BIT(1) | BIT(2);
2045 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2046 uapsd = true;
2047 params[ac].mu_edca = !!mu_edca;
2048 if (mu_edca)
2049 params[ac].mu_edca_param_rec = mu_edca->ac_bk;
2050 break;
2051 case 2:
2052 ac = IEEE80211_AC_VI;
2053 if (acm)
2054 sdata->wmm_acm |= BIT(4) | BIT(5);
2055 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2056 uapsd = true;
2057 params[ac].mu_edca = !!mu_edca;
2058 if (mu_edca)
2059 params[ac].mu_edca_param_rec = mu_edca->ac_vi;
2060 break;
2061 case 3:
2062 ac = IEEE80211_AC_VO;
2063 if (acm)
2064 sdata->wmm_acm |= BIT(6) | BIT(7);
2065 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2066 uapsd = true;
2067 params[ac].mu_edca = !!mu_edca;
2068 if (mu_edca)
2069 params[ac].mu_edca_param_rec = mu_edca->ac_vo;
2070 break;
2071 case 0:
2072 default:
2073 ac = IEEE80211_AC_BE;
2074 if (acm)
2075 sdata->wmm_acm |= BIT(0) | BIT(3);
2076 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2077 uapsd = true;
2078 params[ac].mu_edca = !!mu_edca;
2079 if (mu_edca)
2080 params[ac].mu_edca_param_rec = mu_edca->ac_be;
2081 break;
2082 }
2083
2084 params[ac].aifs = pos[0] & 0x0f;
2085
2086 if (params[ac].aifs < 2) {
2087 sdata_info(sdata,
2088 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n",
2089 params[ac].aifs, aci);
2090 params[ac].aifs = 2;
2091 }
2092 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
2093 params[ac].cw_min = ecw2cw(pos[1] & 0x0f);
2094 params[ac].txop = get_unaligned_le16(pos + 2);
2095 params[ac].acm = acm;
2096 params[ac].uapsd = uapsd;
2097
2098 if (params[ac].cw_min == 0 ||
2099 params[ac].cw_min > params[ac].cw_max) {
2100 sdata_info(sdata,
2101 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n",
2102 params[ac].cw_min, params[ac].cw_max, aci);
2103 return false;
2104 }
2105 ieee80211_regulatory_limit_wmm_params(sdata, ¶ms[ac], ac);
2106 }
2107
2108
2109 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2110 if (params[ac].cw_min == 0) {
2111 sdata_info(sdata,
2112 "AP has invalid WMM params (missing AC %d), using defaults\n",
2113 ac);
2114 return false;
2115 }
2116 }
2117
2118 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2119 mlme_dbg(sdata,
2120 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n",
2121 ac, params[ac].acm,
2122 params[ac].aifs, params[ac].cw_min, params[ac].cw_max,
2123 params[ac].txop, params[ac].uapsd,
2124 ifmgd->tx_tspec[ac].downgraded);
2125 sdata->tx_conf[ac] = params[ac];
2126 if (!ifmgd->tx_tspec[ac].downgraded &&
2127 drv_conf_tx(local, sdata, ac, ¶ms[ac]))
2128 sdata_err(sdata,
2129 "failed to set TX queue parameters for AC %d\n",
2130 ac);
2131 }
2132
2133
2134 sdata->vif.bss_conf.qos = true;
2135 return true;
2136}
2137
2138static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
2139{
2140 lockdep_assert_held(&sdata->local->mtx);
2141
2142 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
2143 ieee80211_run_deferred_scan(sdata->local);
2144}
2145
2146static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
2147{
2148 mutex_lock(&sdata->local->mtx);
2149 __ieee80211_stop_poll(sdata);
2150 mutex_unlock(&sdata->local->mtx);
2151}
2152
2153static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
2154 u16 capab, bool erp_valid, u8 erp)
2155{
2156 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2157 struct ieee80211_supported_band *sband;
2158 u32 changed = 0;
2159 bool use_protection;
2160 bool use_short_preamble;
2161 bool use_short_slot;
2162
2163 sband = ieee80211_get_sband(sdata);
2164 if (!sband)
2165 return changed;
2166
2167 if (erp_valid) {
2168 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
2169 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
2170 } else {
2171 use_protection = false;
2172 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
2173 }
2174
2175 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
2176 if (sband->band == NL80211_BAND_5GHZ ||
2177 sband->band == NL80211_BAND_6GHZ)
2178 use_short_slot = true;
2179
2180 if (use_protection != bss_conf->use_cts_prot) {
2181 bss_conf->use_cts_prot = use_protection;
2182 changed |= BSS_CHANGED_ERP_CTS_PROT;
2183 }
2184
2185 if (use_short_preamble != bss_conf->use_short_preamble) {
2186 bss_conf->use_short_preamble = use_short_preamble;
2187 changed |= BSS_CHANGED_ERP_PREAMBLE;
2188 }
2189
2190 if (use_short_slot != bss_conf->use_short_slot) {
2191 bss_conf->use_short_slot = use_short_slot;
2192 changed |= BSS_CHANGED_ERP_SLOT;
2193 }
2194
2195 return changed;
2196}
2197
2198static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
2199 struct cfg80211_bss *cbss,
2200 u32 bss_info_changed)
2201{
2202 struct ieee80211_bss *bss = (void *)cbss->priv;
2203 struct ieee80211_local *local = sdata->local;
2204 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2205
2206 bss_info_changed |= BSS_CHANGED_ASSOC;
2207 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
2208 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
2209
2210 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
2211 beacon_loss_count * bss_conf->beacon_int));
2212
2213 sdata->u.mgd.associated = cbss;
2214 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
2215
2216 ieee80211_check_rate_mask(sdata);
2217
2218 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
2219
2220 if (sdata->vif.p2p ||
2221 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
2222 const struct cfg80211_bss_ies *ies;
2223
2224 rcu_read_lock();
2225 ies = rcu_dereference(cbss->ies);
2226 if (ies) {
2227 int ret;
2228
2229 ret = cfg80211_get_p2p_attr(
2230 ies->data, ies->len,
2231 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
2232 (u8 *) &bss_conf->p2p_noa_attr,
2233 sizeof(bss_conf->p2p_noa_attr));
2234 if (ret >= 2) {
2235 sdata->u.mgd.p2p_noa_index =
2236 bss_conf->p2p_noa_attr.index;
2237 bss_info_changed |= BSS_CHANGED_P2P_PS;
2238 }
2239 }
2240 rcu_read_unlock();
2241 }
2242
2243
2244 ieee80211_stop_poll(sdata);
2245
2246 ieee80211_led_assoc(local, 1);
2247
2248 if (sdata->u.mgd.have_beacon) {
2249
2250
2251
2252
2253
2254
2255 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
2256 bss_conf->beacon_rate = bss->beacon_rate;
2257 bss_info_changed |= BSS_CHANGED_BEACON_INFO;
2258 } else {
2259 bss_conf->beacon_rate = NULL;
2260 bss_conf->dtim_period = 0;
2261 }
2262
2263 bss_conf->assoc = 1;
2264
2265
2266 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
2267 bss_conf->cqm_rssi_thold)
2268 bss_info_changed |= BSS_CHANGED_CQM;
2269
2270
2271 if (bss_conf->arp_addr_cnt)
2272 bss_info_changed |= BSS_CHANGED_ARP_FILTER;
2273
2274 ieee80211_bss_info_change_notify(sdata, bss_info_changed);
2275
2276 mutex_lock(&local->iflist_mtx);
2277 ieee80211_recalc_ps(local);
2278 mutex_unlock(&local->iflist_mtx);
2279
2280 ieee80211_recalc_smps(sdata);
2281 ieee80211_recalc_ps_vif(sdata);
2282
2283 netif_carrier_on(sdata->dev);
2284}
2285
2286static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
2287 u16 stype, u16 reason, bool tx,
2288 u8 *frame_buf)
2289{
2290 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2291 struct ieee80211_local *local = sdata->local;
2292 u32 changed = 0;
2293
2294 sdata_assert_lock(sdata);
2295
2296 if (WARN_ON_ONCE(tx && !frame_buf))
2297 return;
2298
2299 if (WARN_ON(!ifmgd->associated))
2300 return;
2301
2302 ieee80211_stop_poll(sdata);
2303
2304 ifmgd->associated = NULL;
2305 netif_carrier_off(sdata->dev);
2306
2307
2308
2309
2310
2311
2312 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2313 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2314 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2315 }
2316 local->ps_sdata = NULL;
2317
2318
2319 ieee80211_recalc_ps_vif(sdata);
2320
2321
2322 synchronize_net();
2323
2324
2325
2326
2327
2328
2329
2330 if (tx)
2331 ieee80211_flush_queues(local, sdata, true);
2332
2333
2334 if (tx || frame_buf) {
2335
2336
2337
2338
2339
2340
2341 if (ieee80211_hw_check(&local->hw, DEAUTH_NEED_MGD_TX_PREP) &&
2342 !ifmgd->have_beacon)
2343 drv_mgd_prepare_tx(sdata->local, sdata, 0);
2344
2345 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid,
2346 ifmgd->bssid, stype, reason,
2347 tx, frame_buf);
2348 }
2349
2350
2351 if (tx)
2352 ieee80211_flush_queues(local, sdata, false);
2353
2354
2355 eth_zero_addr(ifmgd->bssid);
2356
2357
2358 sta_info_flush(sdata);
2359
2360
2361 changed |= ieee80211_reset_erp_info(sdata);
2362
2363 ieee80211_led_assoc(local, 0);
2364 changed |= BSS_CHANGED_ASSOC;
2365 sdata->vif.bss_conf.assoc = false;
2366
2367 ifmgd->p2p_noa_index = -1;
2368 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
2369 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
2370
2371
2372 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
2373 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
2374 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
2375 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
2376
2377
2378 memset(sdata->vif.bss_conf.mu_group.membership, 0,
2379 sizeof(sdata->vif.bss_conf.mu_group.membership));
2380 memset(sdata->vif.bss_conf.mu_group.position, 0,
2381 sizeof(sdata->vif.bss_conf.mu_group.position));
2382 changed |= BSS_CHANGED_MU_GROUPS;
2383 sdata->vif.mu_mimo_owner = false;
2384
2385 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
2386
2387 del_timer_sync(&local->dynamic_ps_timer);
2388 cancel_work_sync(&local->dynamic_ps_enable_work);
2389
2390
2391 if (sdata->vif.bss_conf.arp_addr_cnt)
2392 changed |= BSS_CHANGED_ARP_FILTER;
2393
2394 sdata->vif.bss_conf.qos = false;
2395 changed |= BSS_CHANGED_QOS;
2396
2397
2398 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
2399 ieee80211_bss_info_change_notify(sdata, changed);
2400
2401
2402 ieee80211_set_wmm_default(sdata, false, false);
2403
2404 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
2405 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
2406 del_timer_sync(&sdata->u.mgd.timer);
2407 del_timer_sync(&sdata->u.mgd.chswitch_timer);
2408
2409 sdata->vif.bss_conf.dtim_period = 0;
2410 sdata->vif.bss_conf.beacon_rate = NULL;
2411
2412 ifmgd->have_beacon = false;
2413
2414 ifmgd->flags = 0;
2415 mutex_lock(&local->mtx);
2416 ieee80211_vif_release_channel(sdata);
2417
2418 sdata->vif.csa_active = false;
2419 ifmgd->csa_waiting_bcn = false;
2420 ifmgd->csa_ignored_same_chan = false;
2421 if (sdata->csa_block_tx) {
2422 ieee80211_wake_vif_queues(local, sdata,
2423 IEEE80211_QUEUE_STOP_REASON_CSA);
2424 sdata->csa_block_tx = false;
2425 }
2426 mutex_unlock(&local->mtx);
2427
2428
2429 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec));
2430 cancel_delayed_work_sync(&ifmgd->tx_tspec_wk);
2431
2432 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
2433}
2434
2435void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
2436 struct ieee80211_hdr *hdr)
2437{
2438
2439
2440
2441
2442
2443
2444
2445
2446 if (is_multicast_ether_addr(hdr->addr1))
2447 return;
2448
2449 ieee80211_sta_reset_conn_monitor(sdata);
2450}
2451
2452static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
2453{
2454 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2455 struct ieee80211_local *local = sdata->local;
2456
2457 mutex_lock(&local->mtx);
2458 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
2459 goto out;
2460
2461 __ieee80211_stop_poll(sdata);
2462
2463 mutex_lock(&local->iflist_mtx);
2464 ieee80211_recalc_ps(local);
2465 mutex_unlock(&local->iflist_mtx);
2466
2467 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
2468 goto out;
2469
2470
2471
2472
2473
2474
2475 ieee80211_sta_reset_beacon_monitor(sdata);
2476
2477 mod_timer(&ifmgd->conn_mon_timer,
2478 round_jiffies_up(jiffies +
2479 IEEE80211_CONNECTION_IDLE_TIME));
2480out:
2481 mutex_unlock(&local->mtx);
2482}
2483
2484static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata,
2485 struct ieee80211_hdr *hdr,
2486 u16 tx_time)
2487{
2488 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2489 u16 tid = ieee80211_get_tid(hdr);
2490 int ac = ieee80211_ac_from_tid(tid);
2491 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
2492 unsigned long now = jiffies;
2493
2494 if (likely(!tx_tspec->admitted_time))
2495 return;
2496
2497 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
2498 tx_tspec->consumed_tx_time = 0;
2499 tx_tspec->time_slice_start = now;
2500
2501 if (tx_tspec->downgraded) {
2502 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
2503 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0);
2504 }
2505 }
2506
2507 if (tx_tspec->downgraded)
2508 return;
2509
2510 tx_tspec->consumed_tx_time += tx_time;
2511
2512 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) {
2513 tx_tspec->downgraded = true;
2514 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE;
2515 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0);
2516 }
2517}
2518
2519void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
2520 struct ieee80211_hdr *hdr, bool ack, u16 tx_time)
2521{
2522 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time);
2523
2524 if (!ieee80211_is_data(hdr->frame_control))
2525 return;
2526
2527 if (ieee80211_is_any_nullfunc(hdr->frame_control) &&
2528 sdata->u.mgd.probe_send_count > 0) {
2529 if (ack)
2530 ieee80211_sta_reset_conn_monitor(sdata);
2531 else
2532 sdata->u.mgd.nullfunc_failed = true;
2533 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
2534 return;
2535 }
2536
2537 if (ack)
2538 ieee80211_sta_reset_conn_monitor(sdata);
2539}
2540
2541static void ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data *sdata,
2542 const u8 *src, const u8 *dst,
2543 const u8 *ssid, size_t ssid_len,
2544 struct ieee80211_channel *channel)
2545{
2546 struct sk_buff *skb;
2547
2548 skb = ieee80211_build_probe_req(sdata, src, dst, (u32)-1, channel,
2549 ssid, ssid_len, NULL, 0,
2550 IEEE80211_PROBE_FLAG_DIRECTED);
2551 if (skb)
2552 ieee80211_tx_skb(sdata, skb);
2553}
2554
2555static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
2556{
2557 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2558 const u8 *ssid;
2559 u8 *dst = ifmgd->associated->bssid;
2560 u8 unicast_limit = max(1, max_probe_tries - 3);
2561 struct sta_info *sta;
2562
2563
2564
2565
2566
2567
2568 if (ifmgd->probe_send_count >= unicast_limit)
2569 dst = NULL;
2570
2571
2572
2573
2574
2575
2576
2577
2578 ifmgd->probe_send_count++;
2579
2580 if (dst) {
2581 mutex_lock(&sdata->local->sta_mtx);
2582 sta = sta_info_get(sdata, dst);
2583 if (!WARN_ON(!sta))
2584 ieee80211_check_fast_rx(sta);
2585 mutex_unlock(&sdata->local->sta_mtx);
2586 }
2587
2588 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
2589 ifmgd->nullfunc_failed = false;
2590 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
2591 ifmgd->probe_send_count--;
2592 else
2593 ieee80211_send_nullfunc(sdata->local, sdata, false);
2594 } else {
2595 int ssid_len;
2596
2597 rcu_read_lock();
2598 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
2599 if (WARN_ON_ONCE(ssid == NULL))
2600 ssid_len = 0;
2601 else
2602 ssid_len = ssid[1];
2603
2604 ieee80211_mlme_send_probe_req(sdata, sdata->vif.addr, dst,
2605 ssid + 2, ssid_len,
2606 ifmgd->associated->channel);
2607 rcu_read_unlock();
2608 }
2609
2610 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
2611 run_again(sdata, ifmgd->probe_timeout);
2612}
2613
2614static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
2615 bool beacon)
2616{
2617 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2618 bool already = false;
2619
2620 if (!ieee80211_sdata_running(sdata))
2621 return;
2622
2623 sdata_lock(sdata);
2624
2625 if (!ifmgd->associated)
2626 goto out;
2627
2628 mutex_lock(&sdata->local->mtx);
2629
2630 if (sdata->local->tmp_channel || sdata->local->scanning) {
2631 mutex_unlock(&sdata->local->mtx);
2632 goto out;
2633 }
2634
2635 if (beacon) {
2636 mlme_dbg_ratelimited(sdata,
2637 "detected beacon loss from AP (missed %d beacons) - probing\n",
2638 beacon_loss_count);
2639
2640 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL);
2641 }
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
2655 already = true;
2656
2657 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
2658
2659 mutex_unlock(&sdata->local->mtx);
2660
2661 if (already)
2662 goto out;
2663
2664 mutex_lock(&sdata->local->iflist_mtx);
2665 ieee80211_recalc_ps(sdata->local);
2666 mutex_unlock(&sdata->local->iflist_mtx);
2667
2668 ifmgd->probe_send_count = 0;
2669 ieee80211_mgd_probe_ap_send(sdata);
2670 out:
2671 sdata_unlock(sdata);
2672}
2673
2674struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
2675 struct ieee80211_vif *vif)
2676{
2677 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2678 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2679 struct cfg80211_bss *cbss;
2680 struct sk_buff *skb;
2681 const u8 *ssid;
2682 int ssid_len;
2683
2684 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2685 return NULL;
2686
2687 sdata_assert_lock(sdata);
2688
2689 if (ifmgd->associated)
2690 cbss = ifmgd->associated;
2691 else if (ifmgd->auth_data)
2692 cbss = ifmgd->auth_data->bss;
2693 else if (ifmgd->assoc_data)
2694 cbss = ifmgd->assoc_data->bss;
2695 else
2696 return NULL;
2697
2698 rcu_read_lock();
2699 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
2700 if (WARN_ONCE(!ssid || ssid[1] > IEEE80211_MAX_SSID_LEN,
2701 "invalid SSID element (len=%d)", ssid ? ssid[1] : -1))
2702 ssid_len = 0;
2703 else
2704 ssid_len = ssid[1];
2705
2706 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid,
2707 (u32) -1, cbss->channel,
2708 ssid + 2, ssid_len,
2709 NULL, 0, IEEE80211_PROBE_FLAG_DIRECTED);
2710 rcu_read_unlock();
2711
2712 return skb;
2713}
2714EXPORT_SYMBOL(ieee80211_ap_probereq_get);
2715
2716static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
2717 const u8 *buf, size_t len, bool tx,
2718 u16 reason)
2719{
2720 struct ieee80211_event event = {
2721 .type = MLME_EVENT,
2722 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT,
2723 .u.mlme.reason = reason,
2724 };
2725
2726 if (tx)
2727 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len);
2728 else
2729 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
2730
2731 drv_event_callback(sdata->local, sdata, &event);
2732}
2733
2734static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
2735{
2736 struct ieee80211_local *local = sdata->local;
2737 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2738 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
2739 bool tx;
2740
2741 sdata_lock(sdata);
2742 if (!ifmgd->associated) {
2743 sdata_unlock(sdata);
2744 return;
2745 }
2746
2747 tx = !sdata->csa_block_tx;
2748
2749
2750
2751
2752 cfg80211_unlink_bss(local->hw.wiphy, ifmgd->associated);
2753
2754 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
2755 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2756 tx, frame_buf);
2757 mutex_lock(&local->mtx);
2758 sdata->vif.csa_active = false;
2759 ifmgd->csa_waiting_bcn = false;
2760 if (sdata->csa_block_tx) {
2761 ieee80211_wake_vif_queues(local, sdata,
2762 IEEE80211_QUEUE_STOP_REASON_CSA);
2763 sdata->csa_block_tx = false;
2764 }
2765 mutex_unlock(&local->mtx);
2766
2767 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
2768 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
2769
2770 sdata_unlock(sdata);
2771}
2772
2773static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
2774{
2775 struct ieee80211_sub_if_data *sdata =
2776 container_of(work, struct ieee80211_sub_if_data,
2777 u.mgd.beacon_connection_loss_work);
2778 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2779
2780 if (ifmgd->associated)
2781 ifmgd->beacon_loss_count++;
2782
2783 if (ifmgd->connection_loss) {
2784 sdata_info(sdata, "Connection to AP %pM lost\n",
2785 ifmgd->bssid);
2786 __ieee80211_disconnect(sdata);
2787 } else {
2788 ieee80211_mgd_probe_ap(sdata, true);
2789 }
2790}
2791
2792static void ieee80211_csa_connection_drop_work(struct work_struct *work)
2793{
2794 struct ieee80211_sub_if_data *sdata =
2795 container_of(work, struct ieee80211_sub_if_data,
2796 u.mgd.csa_connection_drop_work);
2797
2798 __ieee80211_disconnect(sdata);
2799}
2800
2801void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2802{
2803 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2804 struct ieee80211_hw *hw = &sdata->local->hw;
2805
2806 trace_api_beacon_loss(sdata);
2807
2808 sdata->u.mgd.connection_loss = false;
2809 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2810}
2811EXPORT_SYMBOL(ieee80211_beacon_loss);
2812
2813void ieee80211_connection_loss(struct ieee80211_vif *vif)
2814{
2815 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2816 struct ieee80211_hw *hw = &sdata->local->hw;
2817
2818 trace_api_connection_loss(sdata);
2819
2820 sdata->u.mgd.connection_loss = true;
2821 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2822}
2823EXPORT_SYMBOL(ieee80211_connection_loss);
2824
2825
2826static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
2827 bool assoc)
2828{
2829 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2830
2831 sdata_assert_lock(sdata);
2832
2833 if (!assoc) {
2834
2835
2836
2837
2838
2839 del_timer_sync(&sdata->u.mgd.timer);
2840 sta_info_destroy_addr(sdata, auth_data->bss->bssid);
2841
2842 eth_zero_addr(sdata->u.mgd.bssid);
2843 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2844 sdata->u.mgd.flags = 0;
2845 mutex_lock(&sdata->local->mtx);
2846 ieee80211_vif_release_channel(sdata);
2847 mutex_unlock(&sdata->local->mtx);
2848 }
2849
2850 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
2851 kfree(auth_data);
2852 sdata->u.mgd.auth_data = NULL;
2853}
2854
2855static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2856 bool assoc, bool abandon)
2857{
2858 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2859
2860 sdata_assert_lock(sdata);
2861
2862 if (!assoc) {
2863
2864
2865
2866
2867
2868 del_timer_sync(&sdata->u.mgd.timer);
2869 sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2870
2871 eth_zero_addr(sdata->u.mgd.bssid);
2872 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2873 sdata->u.mgd.flags = 0;
2874 sdata->vif.mu_mimo_owner = false;
2875
2876 mutex_lock(&sdata->local->mtx);
2877 ieee80211_vif_release_channel(sdata);
2878 mutex_unlock(&sdata->local->mtx);
2879
2880 if (abandon)
2881 cfg80211_abandon_assoc(sdata->dev, assoc_data->bss);
2882 }
2883
2884 kfree(assoc_data);
2885 sdata->u.mgd.assoc_data = NULL;
2886}
2887
2888static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2889 struct ieee80211_mgmt *mgmt, size_t len)
2890{
2891 struct ieee80211_local *local = sdata->local;
2892 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2893 u8 *pos;
2894 struct ieee802_11_elems elems;
2895 u32 tx_flags = 0;
2896
2897 pos = mgmt->u.auth.variable;
2898 ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems,
2899 mgmt->bssid, auth_data->bss->bssid);
2900 if (!elems.challenge)
2901 return;
2902 auth_data->expected_transaction = 4;
2903 drv_mgd_prepare_tx(sdata->local, sdata, 0);
2904 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2905 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2906 IEEE80211_TX_INTFL_MLME_CONN_TX;
2907 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
2908 elems.challenge - 2, elems.challenge_len + 2,
2909 auth_data->bss->bssid, auth_data->bss->bssid,
2910 auth_data->key, auth_data->key_len,
2911 auth_data->key_idx, tx_flags);
2912}
2913
2914static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata,
2915 const u8 *bssid)
2916{
2917 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2918 struct sta_info *sta;
2919 bool result = true;
2920
2921 sdata_info(sdata, "authenticated\n");
2922 ifmgd->auth_data->done = true;
2923 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
2924 ifmgd->auth_data->timeout_started = true;
2925 run_again(sdata, ifmgd->auth_data->timeout);
2926
2927
2928 mutex_lock(&sdata->local->sta_mtx);
2929 sta = sta_info_get(sdata, bssid);
2930 if (!sta) {
2931 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
2932 result = false;
2933 goto out;
2934 }
2935 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
2936 sdata_info(sdata, "failed moving %pM to auth\n", bssid);
2937 result = false;
2938 goto out;
2939 }
2940
2941out:
2942 mutex_unlock(&sdata->local->sta_mtx);
2943 return result;
2944}
2945
2946static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2947 struct ieee80211_mgmt *mgmt, size_t len)
2948{
2949 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2950 u8 bssid[ETH_ALEN];
2951 u16 auth_alg, auth_transaction, status_code;
2952 struct ieee80211_event event = {
2953 .type = MLME_EVENT,
2954 .u.mlme.data = AUTH_EVENT,
2955 };
2956
2957 sdata_assert_lock(sdata);
2958
2959 if (len < 24 + 6)
2960 return;
2961
2962 if (!ifmgd->auth_data || ifmgd->auth_data->done)
2963 return;
2964
2965 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2966
2967 if (!ether_addr_equal(bssid, mgmt->bssid))
2968 return;
2969
2970 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
2971 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
2972 status_code = le16_to_cpu(mgmt->u.auth.status_code);
2973
2974 if (auth_alg != ifmgd->auth_data->algorithm ||
2975 (auth_alg != WLAN_AUTH_SAE &&
2976 auth_transaction != ifmgd->auth_data->expected_transaction) ||
2977 (auth_alg == WLAN_AUTH_SAE &&
2978 (auth_transaction < ifmgd->auth_data->expected_transaction ||
2979 auth_transaction > 2))) {
2980 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2981 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
2982 auth_transaction,
2983 ifmgd->auth_data->expected_transaction);
2984 return;
2985 }
2986
2987 if (status_code != WLAN_STATUS_SUCCESS) {
2988 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2989
2990 if (auth_alg == WLAN_AUTH_SAE &&
2991 status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED)
2992 return;
2993
2994 sdata_info(sdata, "%pM denied authentication (status %d)\n",
2995 mgmt->sa, status_code);
2996 ieee80211_destroy_auth_data(sdata, false);
2997 event.u.mlme.status = MLME_DENIED;
2998 event.u.mlme.reason = status_code;
2999 drv_event_callback(sdata->local, sdata, &event);
3000 return;
3001 }
3002
3003 switch (ifmgd->auth_data->algorithm) {
3004 case WLAN_AUTH_OPEN:
3005 case WLAN_AUTH_LEAP:
3006 case WLAN_AUTH_FT:
3007 case WLAN_AUTH_SAE:
3008 case WLAN_AUTH_FILS_SK:
3009 case WLAN_AUTH_FILS_SK_PFS:
3010 case WLAN_AUTH_FILS_PK:
3011 break;
3012 case WLAN_AUTH_SHARED_KEY:
3013 if (ifmgd->auth_data->expected_transaction != 4) {
3014 ieee80211_auth_challenge(sdata, mgmt, len);
3015
3016 return;
3017 }
3018 break;
3019 default:
3020 WARN_ONCE(1, "invalid auth alg %d",
3021 ifmgd->auth_data->algorithm);
3022 return;
3023 }
3024
3025 event.u.mlme.status = MLME_SUCCESS;
3026 drv_event_callback(sdata->local, sdata, &event);
3027 if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE ||
3028 (auth_transaction == 2 &&
3029 ifmgd->auth_data->expected_transaction == 2)) {
3030 if (!ieee80211_mark_sta_auth(sdata, bssid))
3031 return;
3032 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
3033 auth_transaction == 2) {
3034 sdata_info(sdata, "SAE peer confirmed\n");
3035 ifmgd->auth_data->peer_confirmed = true;
3036 }
3037
3038 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
3039}
3040
3041#define case_WLAN(type) \
3042 case WLAN_REASON_##type: return #type
3043
3044const char *ieee80211_get_reason_code_string(u16 reason_code)
3045{
3046 switch (reason_code) {
3047 case_WLAN(UNSPECIFIED);
3048 case_WLAN(PREV_AUTH_NOT_VALID);
3049 case_WLAN(DEAUTH_LEAVING);
3050 case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
3051 case_WLAN(DISASSOC_AP_BUSY);
3052 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
3053 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
3054 case_WLAN(DISASSOC_STA_HAS_LEFT);
3055 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
3056 case_WLAN(DISASSOC_BAD_POWER);
3057 case_WLAN(DISASSOC_BAD_SUPP_CHAN);
3058 case_WLAN(INVALID_IE);
3059 case_WLAN(MIC_FAILURE);
3060 case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
3061 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
3062 case_WLAN(IE_DIFFERENT);
3063 case_WLAN(INVALID_GROUP_CIPHER);
3064 case_WLAN(INVALID_PAIRWISE_CIPHER);
3065 case_WLAN(INVALID_AKMP);
3066 case_WLAN(UNSUPP_RSN_VERSION);
3067 case_WLAN(INVALID_RSN_IE_CAP);
3068 case_WLAN(IEEE8021X_FAILED);
3069 case_WLAN(CIPHER_SUITE_REJECTED);
3070 case_WLAN(DISASSOC_UNSPECIFIED_QOS);
3071 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
3072 case_WLAN(DISASSOC_LOW_ACK);
3073 case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
3074 case_WLAN(QSTA_LEAVE_QBSS);
3075 case_WLAN(QSTA_NOT_USE);
3076 case_WLAN(QSTA_REQUIRE_SETUP);
3077 case_WLAN(QSTA_TIMEOUT);
3078 case_WLAN(QSTA_CIPHER_NOT_SUPP);
3079 case_WLAN(MESH_PEER_CANCELED);
3080 case_WLAN(MESH_MAX_PEERS);
3081 case_WLAN(MESH_CONFIG);
3082 case_WLAN(MESH_CLOSE);
3083 case_WLAN(MESH_MAX_RETRIES);
3084 case_WLAN(MESH_CONFIRM_TIMEOUT);
3085 case_WLAN(MESH_INVALID_GTK);
3086 case_WLAN(MESH_INCONSISTENT_PARAM);
3087 case_WLAN(MESH_INVALID_SECURITY);
3088 case_WLAN(MESH_PATH_ERROR);
3089 case_WLAN(MESH_PATH_NOFORWARD);
3090 case_WLAN(MESH_PATH_DEST_UNREACHABLE);
3091 case_WLAN(MAC_EXISTS_IN_MBSS);
3092 case_WLAN(MESH_CHAN_REGULATORY);
3093 case_WLAN(MESH_CHAN);
3094 default: return "<unknown>";
3095 }
3096}
3097
3098static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
3099 struct ieee80211_mgmt *mgmt, size_t len)
3100{
3101 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3102 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
3103
3104 sdata_assert_lock(sdata);
3105
3106 if (len < 24 + 2)
3107 return;
3108
3109 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
3110 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
3111 return;
3112 }
3113
3114 if (ifmgd->associated &&
3115 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) {
3116 const u8 *bssid = ifmgd->associated->bssid;
3117
3118 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
3119 bssid, reason_code,
3120 ieee80211_get_reason_code_string(reason_code));
3121
3122 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3123
3124 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
3125 reason_code);
3126 return;
3127 }
3128
3129 if (ifmgd->assoc_data &&
3130 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
3131 const u8 *bssid = ifmgd->assoc_data->bss->bssid;
3132
3133 sdata_info(sdata,
3134 "deauthenticated from %pM while associating (Reason: %u=%s)\n",
3135 bssid, reason_code,
3136 ieee80211_get_reason_code_string(reason_code));
3137
3138 ieee80211_destroy_assoc_data(sdata, false, true);
3139
3140 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
3141 return;
3142 }
3143}
3144
3145
3146static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
3147 struct ieee80211_mgmt *mgmt, size_t len)
3148{
3149 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3150 u16 reason_code;
3151
3152 sdata_assert_lock(sdata);
3153
3154 if (len < 24 + 2)
3155 return;
3156
3157 if (!ifmgd->associated ||
3158 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
3159 return;
3160
3161 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
3162
3163 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
3164 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
3165 return;
3166 }
3167
3168 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
3169 mgmt->sa, reason_code,
3170 ieee80211_get_reason_code_string(reason_code));
3171
3172 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3173
3174 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code);
3175}
3176
3177static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
3178 u8 *supp_rates, unsigned int supp_rates_len,
3179 u32 *rates, u32 *basic_rates,
3180 bool *have_higher_than_11mbit,
3181 int *min_rate, int *min_rate_index,
3182 int shift)
3183{
3184 int i, j;
3185
3186 for (i = 0; i < supp_rates_len; i++) {
3187 int rate = supp_rates[i] & 0x7f;
3188 bool is_basic = !!(supp_rates[i] & 0x80);
3189
3190 if ((rate * 5 * (1 << shift)) > 110)
3191 *have_higher_than_11mbit = true;
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201 if (supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY) ||
3202 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY) ||
3203 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HE_PHY))
3204 continue;
3205
3206 for (j = 0; j < sband->n_bitrates; j++) {
3207 struct ieee80211_rate *br;
3208 int brate;
3209
3210 br = &sband->bitrates[j];
3211
3212 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5);
3213 if (brate == rate) {
3214 *rates |= BIT(j);
3215 if (is_basic)
3216 *basic_rates |= BIT(j);
3217 if ((rate * 5) < *min_rate) {
3218 *min_rate = rate * 5;
3219 *min_rate_index = j;
3220 }
3221 break;
3222 }
3223 }
3224 }
3225}
3226
3227static bool ieee80211_twt_req_supported(const struct sta_info *sta,
3228 const struct ieee802_11_elems *elems)
3229{
3230 if (elems->ext_capab_len < 10)
3231 return false;
3232
3233 if (!(elems->ext_capab[9] & WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT))
3234 return false;
3235
3236 return sta->sta.he_cap.he_cap_elem.mac_cap_info[0] &
3237 IEEE80211_HE_MAC_CAP0_TWT_RES;
3238}
3239
3240static int ieee80211_recalc_twt_req(struct ieee80211_sub_if_data *sdata,
3241 struct sta_info *sta,
3242 struct ieee802_11_elems *elems)
3243{
3244 bool twt = ieee80211_twt_req_supported(sta, elems);
3245
3246 if (sdata->vif.bss_conf.twt_requester != twt) {
3247 sdata->vif.bss_conf.twt_requester = twt;
3248 return BSS_CHANGED_TWT;
3249 }
3250 return 0;
3251}
3252
3253static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
3254 struct cfg80211_bss *cbss,
3255 struct ieee80211_mgmt *mgmt, size_t len,
3256 struct ieee802_11_elems *elems)
3257{
3258 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3259 struct ieee80211_local *local = sdata->local;
3260 struct ieee80211_supported_band *sband;
3261 struct sta_info *sta;
3262 u16 capab_info, aid;
3263 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
3264 const struct cfg80211_bss_ies *bss_ies = NULL;
3265 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
3266 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
3267 u32 changed = 0;
3268 int err;
3269 bool ret;
3270
3271
3272
3273 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
3274 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
3275
3276
3277
3278
3279
3280 aid &= 0x7ff;
3281
3282 ifmgd->broken_ap = false;
3283
3284 if (aid == 0 || aid > IEEE80211_MAX_AID) {
3285 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
3286 aid);
3287 aid = 0;
3288 ifmgd->broken_ap = true;
3289 }
3290
3291 if (!elems->supp_rates) {
3292 sdata_info(sdata, "no SuppRates element in AssocResp\n");
3293 return false;
3294 }
3295
3296 sdata->vif.bss_conf.aid = aid;
3297 ifmgd->tdls_chan_switch_prohibited =
3298 elems->ext_capab && elems->ext_capab_len >= 5 &&
3299 (elems->ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED);
3300
3301
3302
3303
3304
3305
3306
3307
3308 if (!is_6ghz &&
3309 ((assoc_data->wmm && !elems->wmm_param) ||
3310 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3311 (!elems->ht_cap_elem || !elems->ht_operation)) ||
3312 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3313 (!elems->vht_cap_elem || !elems->vht_operation)))) {
3314 const struct cfg80211_bss_ies *ies;
3315 struct ieee802_11_elems bss_elems;
3316
3317 rcu_read_lock();
3318 ies = rcu_dereference(cbss->ies);
3319 if (ies)
3320 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
3321 GFP_ATOMIC);
3322 rcu_read_unlock();
3323 if (!bss_ies)
3324 return false;
3325
3326 ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
3327 false, &bss_elems,
3328 mgmt->bssid,
3329 assoc_data->bss->bssid);
3330 if (assoc_data->wmm &&
3331 !elems->wmm_param && bss_elems.wmm_param) {
3332 elems->wmm_param = bss_elems.wmm_param;
3333 sdata_info(sdata,
3334 "AP bug: WMM param missing from AssocResp\n");
3335 }
3336
3337
3338
3339
3340
3341 if (!elems->ht_cap_elem && bss_elems.ht_cap_elem &&
3342 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
3343 elems->ht_cap_elem = bss_elems.ht_cap_elem;
3344 sdata_info(sdata,
3345 "AP bug: HT capability missing from AssocResp\n");
3346 }
3347 if (!elems->ht_operation && bss_elems.ht_operation &&
3348 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
3349 elems->ht_operation = bss_elems.ht_operation;
3350 sdata_info(sdata,
3351 "AP bug: HT operation missing from AssocResp\n");
3352 }
3353 if (!elems->vht_cap_elem && bss_elems.vht_cap_elem &&
3354 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
3355 elems->vht_cap_elem = bss_elems.vht_cap_elem;
3356 sdata_info(sdata,
3357 "AP bug: VHT capa missing from AssocResp\n");
3358 }
3359 if (!elems->vht_operation && bss_elems.vht_operation &&
3360 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
3361 elems->vht_operation = bss_elems.vht_operation;
3362 sdata_info(sdata,
3363 "AP bug: VHT operation missing from AssocResp\n");
3364 }
3365 }
3366
3367
3368
3369
3370
3371 if (!is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3372 (!elems->wmm_param || !elems->ht_cap_elem || !elems->ht_operation)) {
3373 sdata_info(sdata,
3374 "HT AP is missing WMM params or HT capability/operation\n");
3375 ret = false;
3376 goto out;
3377 }
3378
3379 if (!is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3380 (!elems->vht_cap_elem || !elems->vht_operation)) {
3381 sdata_info(sdata,
3382 "VHT AP is missing VHT capability/operation\n");
3383 ret = false;
3384 goto out;
3385 }
3386
3387 if (is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) &&
3388 !elems->he_6ghz_capa) {
3389 sdata_info(sdata,
3390 "HE 6 GHz AP is missing HE 6 GHz band capability\n");
3391 ret = false;
3392 goto out;
3393 }
3394
3395 mutex_lock(&sdata->local->sta_mtx);
3396
3397
3398
3399
3400 sta = sta_info_get(sdata, cbss->bssid);
3401 if (WARN_ON(!sta)) {
3402 mutex_unlock(&sdata->local->sta_mtx);
3403 ret = false;
3404 goto out;
3405 }
3406
3407 sband = ieee80211_get_sband(sdata);
3408 if (!sband) {
3409 mutex_unlock(&sdata->local->sta_mtx);
3410 ret = false;
3411 goto out;
3412 }
3413
3414 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE) &&
3415 (!elems->he_cap || !elems->he_operation)) {
3416 mutex_unlock(&sdata->local->sta_mtx);
3417 sdata_info(sdata,
3418 "HE AP is missing HE capability/operation\n");
3419 ret = false;
3420 goto out;
3421 }
3422
3423
3424 if (elems->ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
3425 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
3426 elems->ht_cap_elem, sta);
3427
3428 if (elems->vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
3429 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
3430 elems->vht_cap_elem, sta);
3431
3432 if (elems->he_operation && !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) &&
3433 elems->he_cap) {
3434 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband,
3435 elems->he_cap,
3436 elems->he_cap_len,
3437 elems->he_6ghz_capa,
3438 sta);
3439
3440 bss_conf->he_support = sta->sta.he_cap.has_he;
3441 if (elems->rsnx && elems->rsnx_len &&
3442 (elems->rsnx[0] & WLAN_RSNX_CAPA_PROTECTED_TWT) &&
3443 wiphy_ext_feature_isset(local->hw.wiphy,
3444 NL80211_EXT_FEATURE_PROTECTED_TWT))
3445 bss_conf->twt_protected = true;
3446 else
3447 bss_conf->twt_protected = false;
3448
3449 changed |= ieee80211_recalc_twt_req(sdata, sta, elems);
3450 } else {
3451 bss_conf->he_support = false;
3452 bss_conf->twt_requester = false;
3453 bss_conf->twt_protected = false;
3454 }
3455
3456 if (bss_conf->he_support) {
3457 bss_conf->he_bss_color.color =
3458 le32_get_bits(elems->he_operation->he_oper_params,
3459 IEEE80211_HE_OPERATION_BSS_COLOR_MASK);
3460 bss_conf->he_bss_color.partial =
3461 le32_get_bits(elems->he_operation->he_oper_params,
3462 IEEE80211_HE_OPERATION_PARTIAL_BSS_COLOR);
3463 bss_conf->he_bss_color.disabled =
3464 le32_get_bits(elems->he_operation->he_oper_params,
3465 IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED);
3466 changed |= BSS_CHANGED_HE_BSS_COLOR;
3467
3468 bss_conf->htc_trig_based_pkt_ext =
3469 le32_get_bits(elems->he_operation->he_oper_params,
3470 IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK);
3471 bss_conf->frame_time_rts_th =
3472 le32_get_bits(elems->he_operation->he_oper_params,
3473 IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
3474
3475 bss_conf->multi_sta_back_32bit =
3476 sta->sta.he_cap.he_cap_elem.mac_cap_info[2] &
3477 IEEE80211_HE_MAC_CAP2_32BIT_BA_BITMAP;
3478
3479 bss_conf->ack_enabled =
3480 sta->sta.he_cap.he_cap_elem.mac_cap_info[2] &
3481 IEEE80211_HE_MAC_CAP2_ACK_EN;
3482
3483 bss_conf->uora_exists = !!elems->uora_element;
3484 if (elems->uora_element)
3485 bss_conf->uora_ocw_range = elems->uora_element[0];
3486
3487 ieee80211_he_op_ie_to_bss_conf(&sdata->vif, elems->he_operation);
3488 ieee80211_he_spr_ie_to_bss_conf(&sdata->vif, elems->he_spr);
3489
3490 }
3491
3492 if (cbss->transmitted_bss) {
3493 bss_conf->nontransmitted = true;
3494 ether_addr_copy(bss_conf->transmitter_bssid,
3495 cbss->transmitted_bss->bssid);
3496 bss_conf->bssid_indicator = cbss->max_bssid_indicator;
3497 bss_conf->bssid_index = cbss->bssid_index;
3498 }
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512 if (elems->opmode_notif &&
3513 !(*elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
3514 u8 nss;
3515
3516 nss = *elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
3517 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
3518 nss += 1;
3519 sta->sta.rx_nss = nss;
3520 }
3521
3522 rate_control_rate_init(sta);
3523
3524 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) {
3525 set_sta_flag(sta, WLAN_STA_MFP);
3526 sta->sta.mfp = true;
3527 } else {
3528 sta->sta.mfp = false;
3529 }
3530
3531 sta->sta.wme = elems->wmm_param && local->hw.queues >= IEEE80211_NUM_ACS;
3532
3533 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
3534 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
3535 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
3536 if (err) {
3537 sdata_info(sdata,
3538 "failed to move station %pM to desired state\n",
3539 sta->sta.addr);
3540 WARN_ON(__sta_info_destroy(sta));
3541 mutex_unlock(&sdata->local->sta_mtx);
3542 ret = false;
3543 goto out;
3544 }
3545
3546 mutex_unlock(&sdata->local->sta_mtx);
3547
3548
3549
3550
3551
3552
3553
3554 ifmgd->wmm_last_param_set = -1;
3555 ifmgd->mu_edca_last_param_set = -1;
3556
3557 if (ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
3558 ieee80211_set_wmm_default(sdata, false, false);
3559 } else if (!ieee80211_sta_wmm_params(local, sdata, elems->wmm_param,
3560 elems->wmm_param_len,
3561 elems->mu_edca_param_set)) {
3562
3563 ieee80211_set_wmm_default(sdata, false, true);
3564
3565
3566
3567
3568
3569
3570
3571 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM;
3572 }
3573 changed |= BSS_CHANGED_QOS;
3574
3575 if (elems->max_idle_period_ie) {
3576 bss_conf->max_idle_period =
3577 le16_to_cpu(elems->max_idle_period_ie->max_idle_period);
3578 bss_conf->protected_keep_alive =
3579 !!(elems->max_idle_period_ie->idle_options &
3580 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE);
3581 changed |= BSS_CHANGED_KEEP_ALIVE;
3582 } else {
3583 bss_conf->max_idle_period = 0;
3584 bss_conf->protected_keep_alive = false;
3585 }
3586
3587
3588
3589 bss_conf->assoc_capability = capab_info;
3590 ieee80211_set_associated(sdata, cbss, changed);
3591
3592
3593
3594
3595
3596 if (ifmgd->use_4addr)
3597 ieee80211_send_4addr_nullfunc(local, sdata);
3598
3599
3600
3601
3602
3603 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
3604 ieee80211_sta_reset_beacon_monitor(sdata);
3605
3606 ret = true;
3607 out:
3608 kfree(bss_ies);
3609 return ret;
3610}
3611
3612static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
3613 struct ieee80211_mgmt *mgmt,
3614 size_t len)
3615{
3616 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3617 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
3618 u16 capab_info, status_code, aid;
3619 struct ieee802_11_elems elems;
3620 int ac, uapsd_queues = -1;
3621 u8 *pos;
3622 bool reassoc;
3623 struct cfg80211_bss *bss;
3624 struct ieee80211_event event = {
3625 .type = MLME_EVENT,
3626 .u.mlme.data = ASSOC_EVENT,
3627 };
3628
3629 sdata_assert_lock(sdata);
3630
3631 if (!assoc_data)
3632 return;
3633 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
3634 return;
3635
3636
3637
3638
3639
3640
3641 if (len < 24 + 6)
3642 return;
3643
3644 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control);
3645 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
3646 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
3647 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
3648
3649 sdata_info(sdata,
3650 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
3651 reassoc ? "Rea" : "A", mgmt->sa,
3652 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
3653
3654 if (assoc_data->fils_kek_len &&
3655 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0)
3656 return;
3657
3658 pos = mgmt->u.assoc_resp.variable;
3659 ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems,
3660 mgmt->bssid, assoc_data->bss->bssid);
3661
3662 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
3663 elems.timeout_int &&
3664 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
3665 u32 tu, ms;
3666 tu = le32_to_cpu(elems.timeout_int->value);
3667 ms = tu * 1024 / 1000;
3668 sdata_info(sdata,
3669 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
3670 mgmt->sa, tu, ms);
3671 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
3672 assoc_data->timeout_started = true;
3673 if (ms > IEEE80211_ASSOC_TIMEOUT)
3674 run_again(sdata, assoc_data->timeout);
3675 return;
3676 }
3677
3678 bss = assoc_data->bss;
3679
3680 if (status_code != WLAN_STATUS_SUCCESS) {
3681 sdata_info(sdata, "%pM denied association (code=%d)\n",
3682 mgmt->sa, status_code);
3683 ieee80211_destroy_assoc_data(sdata, false, false);
3684 event.u.mlme.status = MLME_DENIED;
3685 event.u.mlme.reason = status_code;
3686 drv_event_callback(sdata->local, sdata, &event);
3687 } else {
3688 if (!ieee80211_assoc_success(sdata, bss, mgmt, len, &elems)) {
3689
3690 ieee80211_destroy_assoc_data(sdata, false, false);
3691 cfg80211_assoc_timeout(sdata->dev, bss);
3692 return;
3693 }
3694 event.u.mlme.status = MLME_SUCCESS;
3695 drv_event_callback(sdata->local, sdata, &event);
3696 sdata_info(sdata, "associated\n");
3697
3698
3699
3700
3701
3702
3703 ieee80211_destroy_assoc_data(sdata, true, false);
3704
3705
3706 uapsd_queues = 0;
3707 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
3708 if (sdata->tx_conf[ac].uapsd)
3709 uapsd_queues |= ieee80211_ac_to_qos_mask[ac];
3710 }
3711
3712 cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len, uapsd_queues,
3713 ifmgd->assoc_req_ies, ifmgd->assoc_req_ies_len);
3714}
3715
3716static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
3717 struct ieee80211_mgmt *mgmt, size_t len,
3718 struct ieee80211_rx_status *rx_status)
3719{
3720 struct ieee80211_local *local = sdata->local;
3721 struct ieee80211_bss *bss;
3722 struct ieee80211_channel *channel;
3723
3724 sdata_assert_lock(sdata);
3725
3726 channel = ieee80211_get_channel_khz(local->hw.wiphy,
3727 ieee80211_rx_status_to_khz(rx_status));
3728 if (!channel)
3729 return;
3730
3731 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel);
3732 if (bss) {
3733 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate;
3734 ieee80211_rx_bss_put(local, bss);
3735 }
3736}
3737
3738
3739static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
3740 struct sk_buff *skb)
3741{
3742 struct ieee80211_mgmt *mgmt = (void *)skb->data;
3743 struct ieee80211_if_managed *ifmgd;
3744 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
3745 struct ieee80211_channel *channel;
3746 size_t baselen, len = skb->len;
3747
3748 ifmgd = &sdata->u.mgd;
3749
3750 sdata_assert_lock(sdata);
3751
3752
3753
3754
3755
3756
3757
3758
3759 channel = ieee80211_get_channel(sdata->local->hw.wiphy,
3760 rx_status->freq);
3761 if (!channel)
3762 return;
3763
3764 if (!ether_addr_equal(mgmt->da, sdata->vif.addr) &&
3765 (channel->band != NL80211_BAND_6GHZ ||
3766 !is_broadcast_ether_addr(mgmt->da)))
3767 return;
3768
3769 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
3770 if (baselen > len)
3771 return;
3772
3773 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status);
3774
3775 if (ifmgd->associated &&
3776 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
3777 ieee80211_reset_ap_probe(sdata);
3778}
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795static const u64 care_about_ies =
3796 (1ULL << WLAN_EID_COUNTRY) |
3797 (1ULL << WLAN_EID_ERP_INFO) |
3798 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
3799 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
3800 (1ULL << WLAN_EID_HT_CAPABILITY) |
3801 (1ULL << WLAN_EID_HT_OPERATION) |
3802 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN);
3803
3804static void ieee80211_handle_beacon_sig(struct ieee80211_sub_if_data *sdata,
3805 struct ieee80211_if_managed *ifmgd,
3806 struct ieee80211_bss_conf *bss_conf,
3807 struct ieee80211_local *local,
3808 struct ieee80211_rx_status *rx_status)
3809{
3810
3811
3812 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
3813 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
3814 ewma_beacon_signal_init(&ifmgd->ave_beacon_signal);
3815 ifmgd->last_cqm_event_signal = 0;
3816 ifmgd->count_beacon_signal = 1;
3817 ifmgd->last_ave_beacon_signal = 0;
3818 } else {
3819 ifmgd->count_beacon_signal++;
3820 }
3821
3822 ewma_beacon_signal_add(&ifmgd->ave_beacon_signal, -rx_status->signal);
3823
3824 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
3825 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
3826 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3827 int last_sig = ifmgd->last_ave_beacon_signal;
3828 struct ieee80211_event event = {
3829 .type = RSSI_EVENT,
3830 };
3831
3832
3833
3834
3835
3836 if (sig > ifmgd->rssi_max_thold &&
3837 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
3838 ifmgd->last_ave_beacon_signal = sig;
3839 event.u.rssi.data = RSSI_EVENT_HIGH;
3840 drv_event_callback(local, sdata, &event);
3841 } else if (sig < ifmgd->rssi_min_thold &&
3842 (last_sig >= ifmgd->rssi_max_thold ||
3843 last_sig == 0)) {
3844 ifmgd->last_ave_beacon_signal = sig;
3845 event.u.rssi.data = RSSI_EVENT_LOW;
3846 drv_event_callback(local, sdata, &event);
3847 }
3848 }
3849
3850 if (bss_conf->cqm_rssi_thold &&
3851 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
3852 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
3853 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3854 int last_event = ifmgd->last_cqm_event_signal;
3855 int thold = bss_conf->cqm_rssi_thold;
3856 int hyst = bss_conf->cqm_rssi_hyst;
3857
3858 if (sig < thold &&
3859 (last_event == 0 || sig < last_event - hyst)) {
3860 ifmgd->last_cqm_event_signal = sig;
3861 ieee80211_cqm_rssi_notify(
3862 &sdata->vif,
3863 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3864 sig, GFP_KERNEL);
3865 } else if (sig > thold &&
3866 (last_event == 0 || sig > last_event + hyst)) {
3867 ifmgd->last_cqm_event_signal = sig;
3868 ieee80211_cqm_rssi_notify(
3869 &sdata->vif,
3870 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3871 sig, GFP_KERNEL);
3872 }
3873 }
3874
3875 if (bss_conf->cqm_rssi_low &&
3876 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
3877 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3878 int last_event = ifmgd->last_cqm_event_signal;
3879 int low = bss_conf->cqm_rssi_low;
3880 int high = bss_conf->cqm_rssi_high;
3881
3882 if (sig < low &&
3883 (last_event == 0 || last_event >= low)) {
3884 ifmgd->last_cqm_event_signal = sig;
3885 ieee80211_cqm_rssi_notify(
3886 &sdata->vif,
3887 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3888 sig, GFP_KERNEL);
3889 } else if (sig > high &&
3890 (last_event == 0 || last_event <= high)) {
3891 ifmgd->last_cqm_event_signal = sig;
3892 ieee80211_cqm_rssi_notify(
3893 &sdata->vif,
3894 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3895 sig, GFP_KERNEL);
3896 }
3897 }
3898}
3899
3900static bool ieee80211_rx_our_beacon(const u8 *tx_bssid,
3901 struct cfg80211_bss *bss)
3902{
3903 if (ether_addr_equal(tx_bssid, bss->bssid))
3904 return true;
3905 if (!bss->transmitted_bss)
3906 return false;
3907 return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid);
3908}
3909
3910static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
3911 struct ieee80211_mgmt *mgmt, size_t len,
3912 struct ieee80211_rx_status *rx_status)
3913{
3914 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3915 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
3916 size_t baselen;
3917 struct ieee802_11_elems elems;
3918 struct ieee80211_local *local = sdata->local;
3919 struct ieee80211_chanctx_conf *chanctx_conf;
3920 struct ieee80211_channel *chan;
3921 struct sta_info *sta;
3922 u32 changed = 0;
3923 bool erp_valid;
3924 u8 erp_value = 0;
3925 u32 ncrc;
3926 u8 *bssid;
3927 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
3928
3929 sdata_assert_lock(sdata);
3930
3931
3932 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
3933 if (baselen > len)
3934 return;
3935
3936 rcu_read_lock();
3937 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3938 if (!chanctx_conf) {
3939 rcu_read_unlock();
3940 return;
3941 }
3942
3943 if (ieee80211_rx_status_to_khz(rx_status) !=
3944 ieee80211_channel_to_khz(chanctx_conf->def.chan)) {
3945 rcu_read_unlock();
3946 return;
3947 }
3948 chan = chanctx_conf->def.chan;
3949 rcu_read_unlock();
3950
3951 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
3952 ieee80211_rx_our_beacon(mgmt->bssid, ifmgd->assoc_data->bss)) {
3953 ieee802_11_parse_elems(mgmt->u.beacon.variable,
3954 len - baselen, false, &elems,
3955 mgmt->bssid,
3956 ifmgd->assoc_data->bss->bssid);
3957
3958 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status);
3959
3960 if (elems.dtim_period)
3961 ifmgd->dtim_period = elems.dtim_period;
3962 ifmgd->have_beacon = true;
3963 ifmgd->assoc_data->need_beacon = false;
3964 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
3965 sdata->vif.bss_conf.sync_tsf =
3966 le64_to_cpu(mgmt->u.beacon.timestamp);
3967 sdata->vif.bss_conf.sync_device_ts =
3968 rx_status->device_timestamp;
3969 sdata->vif.bss_conf.sync_dtim_count = elems.dtim_count;
3970 }
3971
3972 if (elems.mbssid_config_ie)
3973 bss_conf->profile_periodicity =
3974 elems.mbssid_config_ie->profile_periodicity;
3975
3976 if (elems.ext_capab_len >= 11 &&
3977 (elems.ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
3978 bss_conf->ema_ap = true;
3979
3980
3981 ifmgd->assoc_data->timeout = jiffies;
3982 ifmgd->assoc_data->timeout_started = true;
3983 run_again(sdata, ifmgd->assoc_data->timeout);
3984 return;
3985 }
3986
3987 if (!ifmgd->associated ||
3988 !ieee80211_rx_our_beacon(mgmt->bssid, ifmgd->associated))
3989 return;
3990 bssid = ifmgd->associated->bssid;
3991
3992 if (!(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL))
3993 ieee80211_handle_beacon_sig(sdata, ifmgd, bss_conf,
3994 local, rx_status);
3995
3996 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
3997 mlme_dbg_ratelimited(sdata,
3998 "cancelling AP probe due to a received beacon\n");
3999 ieee80211_reset_ap_probe(sdata);
4000 }
4001
4002
4003
4004
4005
4006 ieee80211_sta_reset_beacon_monitor(sdata);
4007
4008 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
4009 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
4010 len - baselen, false, &elems,
4011 care_about_ies, ncrc,
4012 mgmt->bssid, bssid);
4013
4014 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
4015 ieee80211_check_tim(elems.tim, elems.tim_len, bss_conf->aid)) {
4016 if (local->hw.conf.dynamic_ps_timeout > 0) {
4017 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
4018 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
4019 ieee80211_hw_config(local,
4020 IEEE80211_CONF_CHANGE_PS);
4021 }
4022 ieee80211_send_nullfunc(local, sdata, false);
4023 } else if (!local->pspolling && sdata->u.mgd.powersave) {
4024 local->pspolling = true;
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034 ieee80211_send_pspoll(local, sdata);
4035 }
4036 }
4037
4038 if (sdata->vif.p2p ||
4039 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
4040 struct ieee80211_p2p_noa_attr noa = {};
4041 int ret;
4042
4043 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
4044 len - baselen,
4045 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
4046 (u8 *) &noa, sizeof(noa));
4047 if (ret >= 2) {
4048 if (sdata->u.mgd.p2p_noa_index != noa.index) {
4049
4050 sdata->u.mgd.p2p_noa_index = noa.index;
4051 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
4052 changed |= BSS_CHANGED_P2P_PS;
4053
4054
4055
4056
4057 ifmgd->beacon_crc_valid = false;
4058 }
4059 } else if (sdata->u.mgd.p2p_noa_index != -1) {
4060
4061 sdata->u.mgd.p2p_noa_index = -1;
4062 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
4063 changed |= BSS_CHANGED_P2P_PS;
4064 ifmgd->beacon_crc_valid = false;
4065 }
4066 }
4067
4068 if (ifmgd->csa_waiting_bcn)
4069 ieee80211_chswitch_post_beacon(sdata);
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
4080 sdata->vif.bss_conf.sync_tsf =
4081 le64_to_cpu(mgmt->u.beacon.timestamp);
4082 sdata->vif.bss_conf.sync_device_ts =
4083 rx_status->device_timestamp;
4084 sdata->vif.bss_conf.sync_dtim_count = elems.dtim_count;
4085 }
4086
4087 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
4088 return;
4089 ifmgd->beacon_crc = ncrc;
4090 ifmgd->beacon_crc_valid = true;
4091
4092 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status);
4093
4094 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
4095 rx_status->device_timestamp,
4096 &elems, true);
4097
4098 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) &&
4099 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
4100 elems.wmm_param_len,
4101 elems.mu_edca_param_set))
4102 changed |= BSS_CHANGED_QOS;
4103
4104
4105
4106
4107
4108 if (!ifmgd->have_beacon) {
4109
4110 bss_conf->dtim_period = elems.dtim_period ?: 1;
4111
4112 changed |= BSS_CHANGED_BEACON_INFO;
4113 ifmgd->have_beacon = true;
4114
4115 mutex_lock(&local->iflist_mtx);
4116 ieee80211_recalc_ps(local);
4117 mutex_unlock(&local->iflist_mtx);
4118
4119 ieee80211_recalc_ps_vif(sdata);
4120 }
4121
4122 if (elems.erp_info) {
4123 erp_valid = true;
4124 erp_value = elems.erp_info[0];
4125 } else {
4126 erp_valid = false;
4127 }
4128 changed |= ieee80211_handle_bss_capability(sdata,
4129 le16_to_cpu(mgmt->u.beacon.capab_info),
4130 erp_valid, erp_value);
4131
4132 mutex_lock(&local->sta_mtx);
4133 sta = sta_info_get(sdata, bssid);
4134
4135 changed |= ieee80211_recalc_twt_req(sdata, sta, &elems);
4136
4137 if (ieee80211_config_bw(sdata, sta, elems.ht_cap_elem,
4138 elems.vht_cap_elem, elems.ht_operation,
4139 elems.vht_operation, elems.he_operation,
4140 bssid, &changed)) {
4141 mutex_unlock(&local->sta_mtx);
4142 sdata_info(sdata,
4143 "failed to follow AP %pM bandwidth change, disconnect\n",
4144 bssid);
4145 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4146 WLAN_REASON_DEAUTH_LEAVING,
4147 true, deauth_buf);
4148 ieee80211_report_disconnect(sdata, deauth_buf,
4149 sizeof(deauth_buf), true,
4150 WLAN_REASON_DEAUTH_LEAVING);
4151 return;
4152 }
4153
4154 if (sta && elems.opmode_notif)
4155 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
4156 rx_status->band);
4157 mutex_unlock(&local->sta_mtx);
4158
4159 changed |= ieee80211_handle_pwr_constr(sdata, chan, mgmt,
4160 elems.country_elem,
4161 elems.country_elem_len,
4162 elems.pwr_constr_elem,
4163 elems.cisco_dtpc_elem);
4164
4165 ieee80211_bss_info_change_notify(sdata, changed);
4166}
4167
4168void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
4169 struct sk_buff *skb)
4170{
4171 struct ieee80211_rx_status *rx_status;
4172 struct ieee80211_mgmt *mgmt;
4173 u16 fc;
4174 struct ieee802_11_elems elems;
4175 int ies_len;
4176
4177 rx_status = (struct ieee80211_rx_status *) skb->cb;
4178 mgmt = (struct ieee80211_mgmt *) skb->data;
4179 fc = le16_to_cpu(mgmt->frame_control);
4180
4181 sdata_lock(sdata);
4182
4183 switch (fc & IEEE80211_FCTL_STYPE) {
4184 case IEEE80211_STYPE_BEACON:
4185 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
4186 break;
4187 case IEEE80211_STYPE_PROBE_RESP:
4188 ieee80211_rx_mgmt_probe_resp(sdata, skb);
4189 break;
4190 case IEEE80211_STYPE_AUTH:
4191 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
4192 break;
4193 case IEEE80211_STYPE_DEAUTH:
4194 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
4195 break;
4196 case IEEE80211_STYPE_DISASSOC:
4197 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
4198 break;
4199 case IEEE80211_STYPE_ASSOC_RESP:
4200 case IEEE80211_STYPE_REASSOC_RESP:
4201 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
4202 break;
4203 case IEEE80211_STYPE_ACTION:
4204 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
4205 ies_len = skb->len -
4206 offsetof(struct ieee80211_mgmt,
4207 u.action.u.chan_switch.variable);
4208
4209 if (ies_len < 0)
4210 break;
4211
4212
4213 ieee802_11_parse_elems(
4214 mgmt->u.action.u.chan_switch.variable,
4215 ies_len, true, &elems, mgmt->bssid, NULL);
4216
4217 if (elems.parse_error)
4218 break;
4219
4220 ieee80211_sta_process_chanswitch(sdata,
4221 rx_status->mactime,
4222 rx_status->device_timestamp,
4223 &elems, false);
4224 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
4225 ies_len = skb->len -
4226 offsetof(struct ieee80211_mgmt,
4227 u.action.u.ext_chan_switch.variable);
4228
4229 if (ies_len < 0)
4230 break;
4231
4232
4233
4234
4235
4236 ieee802_11_parse_elems(
4237 mgmt->u.action.u.ext_chan_switch.variable,
4238 ies_len, true, &elems, mgmt->bssid, NULL);
4239
4240 if (elems.parse_error)
4241 break;
4242
4243
4244 elems.ext_chansw_ie =
4245 &mgmt->u.action.u.ext_chan_switch.data;
4246
4247 ieee80211_sta_process_chanswitch(sdata,
4248 rx_status->mactime,
4249 rx_status->device_timestamp,
4250 &elems, false);
4251 }
4252 break;
4253 }
4254 sdata_unlock(sdata);
4255}
4256
4257static void ieee80211_sta_timer(struct timer_list *t)
4258{
4259 struct ieee80211_sub_if_data *sdata =
4260 from_timer(sdata, t, u.mgd.timer);
4261
4262 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
4263}
4264
4265static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
4266 u8 *bssid, u8 reason, bool tx)
4267{
4268 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4269
4270 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
4271 tx, frame_buf);
4272
4273 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
4274 reason);
4275}
4276
4277static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
4278{
4279 struct ieee80211_local *local = sdata->local;
4280 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4281 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
4282 u32 tx_flags = 0;
4283 u16 trans = 1;
4284 u16 status = 0;
4285 u16 prepare_tx_duration = 0;
4286
4287 sdata_assert_lock(sdata);
4288
4289 if (WARN_ON_ONCE(!auth_data))
4290 return -EINVAL;
4291
4292 auth_data->tries++;
4293
4294 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
4295 sdata_info(sdata, "authentication with %pM timed out\n",
4296 auth_data->bss->bssid);
4297
4298
4299
4300
4301
4302 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
4303
4304 return -ETIMEDOUT;
4305 }
4306
4307 if (auth_data->algorithm == WLAN_AUTH_SAE)
4308 prepare_tx_duration =
4309 jiffies_to_msecs(IEEE80211_AUTH_TIMEOUT_SAE);
4310
4311 drv_mgd_prepare_tx(local, sdata, prepare_tx_duration);
4312
4313 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
4314 auth_data->bss->bssid, auth_data->tries,
4315 IEEE80211_AUTH_MAX_TRIES);
4316
4317 auth_data->expected_transaction = 2;
4318
4319 if (auth_data->algorithm == WLAN_AUTH_SAE) {
4320 trans = auth_data->sae_trans;
4321 status = auth_data->sae_status;
4322 auth_data->expected_transaction = trans;
4323 }
4324
4325 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4326 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
4327 IEEE80211_TX_INTFL_MLME_CONN_TX;
4328
4329 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
4330 auth_data->data, auth_data->data_len,
4331 auth_data->bss->bssid,
4332 auth_data->bss->bssid, NULL, 0, 0,
4333 tx_flags);
4334
4335 if (tx_flags == 0) {
4336 if (auth_data->algorithm == WLAN_AUTH_SAE)
4337 auth_data->timeout = jiffies +
4338 IEEE80211_AUTH_TIMEOUT_SAE;
4339 else
4340 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
4341 } else {
4342 auth_data->timeout =
4343 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
4344 }
4345
4346 auth_data->timeout_started = true;
4347 run_again(sdata, auth_data->timeout);
4348
4349 return 0;
4350}
4351
4352static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
4353{
4354 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
4355 struct ieee80211_local *local = sdata->local;
4356
4357 sdata_assert_lock(sdata);
4358
4359 assoc_data->tries++;
4360 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
4361 sdata_info(sdata, "association with %pM timed out\n",
4362 assoc_data->bss->bssid);
4363
4364
4365
4366
4367
4368 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
4369
4370 return -ETIMEDOUT;
4371 }
4372
4373 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
4374 assoc_data->bss->bssid, assoc_data->tries,
4375 IEEE80211_ASSOC_MAX_TRIES);
4376 ieee80211_send_assoc(sdata);
4377
4378 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
4379 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
4380 assoc_data->timeout_started = true;
4381 run_again(sdata, assoc_data->timeout);
4382 } else {
4383 assoc_data->timeout =
4384 round_jiffies_up(jiffies +
4385 IEEE80211_ASSOC_TIMEOUT_LONG);
4386 assoc_data->timeout_started = true;
4387 run_again(sdata, assoc_data->timeout);
4388 }
4389
4390 return 0;
4391}
4392
4393void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
4394 __le16 fc, bool acked)
4395{
4396 struct ieee80211_local *local = sdata->local;
4397
4398 sdata->u.mgd.status_fc = fc;
4399 sdata->u.mgd.status_acked = acked;
4400 sdata->u.mgd.status_received = true;
4401
4402 ieee80211_queue_work(&local->hw, &sdata->work);
4403}
4404
4405void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
4406{
4407 struct ieee80211_local *local = sdata->local;
4408 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4409
4410 sdata_lock(sdata);
4411
4412 if (ifmgd->status_received) {
4413 __le16 fc = ifmgd->status_fc;
4414 bool status_acked = ifmgd->status_acked;
4415
4416 ifmgd->status_received = false;
4417 if (ifmgd->auth_data && ieee80211_is_auth(fc)) {
4418 if (status_acked) {
4419 if (ifmgd->auth_data->algorithm ==
4420 WLAN_AUTH_SAE)
4421 ifmgd->auth_data->timeout =
4422 jiffies +
4423 IEEE80211_AUTH_TIMEOUT_SAE;
4424 else
4425 ifmgd->auth_data->timeout =
4426 jiffies +
4427 IEEE80211_AUTH_TIMEOUT_SHORT;
4428 run_again(sdata, ifmgd->auth_data->timeout);
4429 } else {
4430 ifmgd->auth_data->timeout = jiffies - 1;
4431 }
4432 ifmgd->auth_data->timeout_started = true;
4433 } else if (ifmgd->assoc_data &&
4434 (ieee80211_is_assoc_req(fc) ||
4435 ieee80211_is_reassoc_req(fc))) {
4436 if (status_acked) {
4437 ifmgd->assoc_data->timeout =
4438 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
4439 run_again(sdata, ifmgd->assoc_data->timeout);
4440 } else {
4441 ifmgd->assoc_data->timeout = jiffies - 1;
4442 }
4443 ifmgd->assoc_data->timeout_started = true;
4444 }
4445 }
4446
4447 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
4448 time_after(jiffies, ifmgd->auth_data->timeout)) {
4449 if (ifmgd->auth_data->done) {
4450
4451
4452
4453
4454 ieee80211_destroy_auth_data(sdata, false);
4455 } else if (ieee80211_auth(sdata)) {
4456 u8 bssid[ETH_ALEN];
4457 struct ieee80211_event event = {
4458 .type = MLME_EVENT,
4459 .u.mlme.data = AUTH_EVENT,
4460 .u.mlme.status = MLME_TIMEOUT,
4461 };
4462
4463 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
4464
4465 ieee80211_destroy_auth_data(sdata, false);
4466
4467 cfg80211_auth_timeout(sdata->dev, bssid);
4468 drv_event_callback(sdata->local, sdata, &event);
4469 }
4470 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
4471 run_again(sdata, ifmgd->auth_data->timeout);
4472
4473 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
4474 time_after(jiffies, ifmgd->assoc_data->timeout)) {
4475 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) ||
4476 ieee80211_do_assoc(sdata)) {
4477 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
4478 struct ieee80211_event event = {
4479 .type = MLME_EVENT,
4480 .u.mlme.data = ASSOC_EVENT,
4481 .u.mlme.status = MLME_TIMEOUT,
4482 };
4483
4484 ieee80211_destroy_assoc_data(sdata, false, false);
4485 cfg80211_assoc_timeout(sdata->dev, bss);
4486 drv_event_callback(sdata->local, sdata, &event);
4487 }
4488 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
4489 run_again(sdata, ifmgd->assoc_data->timeout);
4490
4491 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
4492 ifmgd->associated) {
4493 u8 bssid[ETH_ALEN];
4494 int max_tries;
4495
4496 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
4497
4498 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4499 max_tries = max_nullfunc_tries;
4500 else
4501 max_tries = max_probe_tries;
4502
4503
4504 if (!ifmgd->probe_send_count)
4505 ieee80211_reset_ap_probe(sdata);
4506 else if (ifmgd->nullfunc_failed) {
4507 if (ifmgd->probe_send_count < max_tries) {
4508 mlme_dbg(sdata,
4509 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
4510 bssid, ifmgd->probe_send_count,
4511 max_tries);
4512 ieee80211_mgd_probe_ap_send(sdata);
4513 } else {
4514 mlme_dbg(sdata,
4515 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
4516 bssid);
4517 ieee80211_sta_connection_lost(sdata, bssid,
4518 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4519 false);
4520 }
4521 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
4522 run_again(sdata, ifmgd->probe_timeout);
4523 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
4524 mlme_dbg(sdata,
4525 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
4526 bssid, probe_wait_ms);
4527 ieee80211_sta_connection_lost(sdata, bssid,
4528 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
4529 } else if (ifmgd->probe_send_count < max_tries) {
4530 mlme_dbg(sdata,
4531 "No probe response from AP %pM after %dms, try %d/%i\n",
4532 bssid, probe_wait_ms,
4533 ifmgd->probe_send_count, max_tries);
4534 ieee80211_mgd_probe_ap_send(sdata);
4535 } else {
4536
4537
4538
4539
4540 mlme_dbg(sdata,
4541 "No probe response from AP %pM after %dms, disconnecting.\n",
4542 bssid, probe_wait_ms);
4543
4544 ieee80211_sta_connection_lost(sdata, bssid,
4545 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
4546 }
4547 }
4548
4549 sdata_unlock(sdata);
4550}
4551
4552static void ieee80211_sta_bcn_mon_timer(struct timer_list *t)
4553{
4554 struct ieee80211_sub_if_data *sdata =
4555 from_timer(sdata, t, u.mgd.bcn_mon_timer);
4556 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4557
4558 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn)
4559 return;
4560
4561 sdata->u.mgd.connection_loss = false;
4562 ieee80211_queue_work(&sdata->local->hw,
4563 &sdata->u.mgd.beacon_connection_loss_work);
4564}
4565
4566static void ieee80211_sta_conn_mon_timer(struct timer_list *t)
4567{
4568 struct ieee80211_sub_if_data *sdata =
4569 from_timer(sdata, t, u.mgd.conn_mon_timer);
4570 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4571 struct ieee80211_local *local = sdata->local;
4572
4573 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn)
4574 return;
4575
4576 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
4577}
4578
4579static void ieee80211_sta_monitor_work(struct work_struct *work)
4580{
4581 struct ieee80211_sub_if_data *sdata =
4582 container_of(work, struct ieee80211_sub_if_data,
4583 u.mgd.monitor_work);
4584
4585 ieee80211_mgd_probe_ap(sdata, false);
4586}
4587
4588static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
4589{
4590 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
4591 __ieee80211_stop_poll(sdata);
4592
4593
4594 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
4595 ieee80211_queue_work(&sdata->local->hw,
4596 &sdata->u.mgd.monitor_work);
4597 }
4598}
4599
4600#ifdef CONFIG_PM
4601void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
4602{
4603 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4604 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4605
4606 sdata_lock(sdata);
4607
4608 if (ifmgd->auth_data || ifmgd->assoc_data) {
4609 const u8 *bssid = ifmgd->auth_data ?
4610 ifmgd->auth_data->bss->bssid :
4611 ifmgd->assoc_data->bss->bssid;
4612
4613
4614
4615
4616
4617
4618 ieee80211_send_deauth_disassoc(sdata, bssid, bssid,
4619 IEEE80211_STYPE_DEAUTH,
4620 WLAN_REASON_DEAUTH_LEAVING,
4621 false, frame_buf);
4622 if (ifmgd->assoc_data)
4623 ieee80211_destroy_assoc_data(sdata, false, true);
4624 if (ifmgd->auth_data)
4625 ieee80211_destroy_auth_data(sdata, false);
4626 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4627 IEEE80211_DEAUTH_FRAME_LEN);
4628 }
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647 if (ifmgd->associated && !sdata->local->wowlan) {
4648 u8 bssid[ETH_ALEN];
4649 struct cfg80211_deauth_request req = {
4650 .reason_code = WLAN_REASON_DEAUTH_LEAVING,
4651 .bssid = bssid,
4652 };
4653
4654 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
4655 ieee80211_mgd_deauth(sdata, &req);
4656 }
4657
4658 sdata_unlock(sdata);
4659}
4660
4661void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
4662{
4663 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4664
4665 sdata_lock(sdata);
4666 if (!ifmgd->associated) {
4667 sdata_unlock(sdata);
4668 return;
4669 }
4670
4671 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
4672 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
4673 mlme_dbg(sdata, "driver requested disconnect after resume\n");
4674 ieee80211_sta_connection_lost(sdata,
4675 ifmgd->associated->bssid,
4676 WLAN_REASON_UNSPECIFIED,
4677 true);
4678 sdata_unlock(sdata);
4679 return;
4680 }
4681 sdata_unlock(sdata);
4682}
4683#endif
4684
4685
4686void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
4687{
4688 struct ieee80211_if_managed *ifmgd;
4689
4690 ifmgd = &sdata->u.mgd;
4691 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
4692 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
4693 INIT_WORK(&ifmgd->beacon_connection_loss_work,
4694 ieee80211_beacon_connection_loss_work);
4695 INIT_WORK(&ifmgd->csa_connection_drop_work,
4696 ieee80211_csa_connection_drop_work);
4697 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work);
4698 INIT_DELAYED_WORK(&ifmgd->tdls_peer_del_work,
4699 ieee80211_tdls_peer_del_work);
4700 timer_setup(&ifmgd->timer, ieee80211_sta_timer, 0);
4701 timer_setup(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 0);
4702 timer_setup(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 0);
4703 timer_setup(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 0);
4704 INIT_DELAYED_WORK(&ifmgd->tx_tspec_wk,
4705 ieee80211_sta_handle_tspec_ac_params_wk);
4706
4707 ifmgd->flags = 0;
4708 ifmgd->powersave = sdata->wdev.ps;
4709 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
4710 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
4711 ifmgd->p2p_noa_index = -1;
4712
4713 if (sdata->local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS)
4714 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
4715 else
4716 ifmgd->req_smps = IEEE80211_SMPS_OFF;
4717
4718
4719 spin_lock_init(&ifmgd->teardown_lock);
4720 ifmgd->teardown_skb = NULL;
4721 ifmgd->orig_teardown_skb = NULL;
4722}
4723
4724
4725void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
4726{
4727 struct ieee80211_sub_if_data *sdata;
4728
4729
4730 rcu_read_lock();
4731 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
4732 if (ieee80211_sdata_running(sdata))
4733 ieee80211_restart_sta_timer(sdata);
4734 }
4735 rcu_read_unlock();
4736}
4737
4738static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata,
4739 struct cfg80211_bss *cbss)
4740{
4741 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4742 const u8 *ht_cap_ie, *vht_cap_ie;
4743 const struct ieee80211_ht_cap *ht_cap;
4744 const struct ieee80211_vht_cap *vht_cap;
4745 u8 chains = 1;
4746
4747 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT)
4748 return chains;
4749
4750 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
4751 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) {
4752 ht_cap = (void *)(ht_cap_ie + 2);
4753 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
4754
4755
4756
4757
4758 }
4759
4760 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
4761 return chains;
4762
4763 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
4764 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) {
4765 u8 nss;
4766 u16 tx_mcs_map;
4767
4768 vht_cap = (void *)(vht_cap_ie + 2);
4769 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
4770 for (nss = 8; nss > 0; nss--) {
4771 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
4772 IEEE80211_VHT_MCS_NOT_SUPPORTED)
4773 break;
4774 }
4775
4776 chains = max(chains, nss);
4777 }
4778
4779 return chains;
4780}
4781
4782static bool
4783ieee80211_verify_sta_he_mcs_support(struct ieee80211_supported_band *sband,
4784 const struct ieee80211_he_operation *he_op)
4785{
4786 const struct ieee80211_sta_he_cap *sta_he_cap =
4787 ieee80211_get_he_sta_cap(sband);
4788 u16 ap_min_req_set;
4789 int i;
4790
4791 if (!sta_he_cap || !he_op)
4792 return false;
4793
4794 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
4795
4796
4797 for (i = 0; i < 3; i++) {
4798 const struct ieee80211_he_mcs_nss_supp *sta_mcs_nss_supp =
4799 &sta_he_cap->he_mcs_nss_supp;
4800 u16 sta_mcs_map_rx =
4801 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i]);
4802 u16 sta_mcs_map_tx =
4803 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i + 1]);
4804 u8 nss;
4805 bool verified = true;
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816 for (nss = 8; nss > 0; nss--) {
4817 u8 sta_rx_val = (sta_mcs_map_rx >> (2 * (nss - 1))) & 3;
4818 u8 sta_tx_val = (sta_mcs_map_tx >> (2 * (nss - 1))) & 3;
4819 u8 ap_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
4820
4821 if (ap_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
4822 continue;
4823
4824
4825
4826
4827
4828 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
4829 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
4830 (ap_val > sta_rx_val) || (ap_val > sta_tx_val)) {
4831 verified = false;
4832 break;
4833 }
4834 }
4835
4836 if (verified)
4837 return true;
4838 }
4839
4840
4841 return false;
4842}
4843
4844static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
4845 struct cfg80211_bss *cbss)
4846{
4847 struct ieee80211_local *local = sdata->local;
4848 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4849 const struct ieee80211_ht_cap *ht_cap = NULL;
4850 const struct ieee80211_ht_operation *ht_oper = NULL;
4851 const struct ieee80211_vht_operation *vht_oper = NULL;
4852 const struct ieee80211_he_operation *he_oper = NULL;
4853 struct ieee80211_supported_band *sband;
4854 struct cfg80211_chan_def chandef;
4855 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
4856 struct ieee80211_bss *bss = (void *)cbss->priv;
4857 int ret;
4858 u32 i;
4859 bool have_80mhz;
4860
4861 sband = local->hw.wiphy->bands[cbss->channel->band];
4862
4863 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
4864 IEEE80211_STA_DISABLE_80P80MHZ |
4865 IEEE80211_STA_DISABLE_160MHZ);
4866
4867
4868 if (!sband->ht_cap.ht_supported && !is_6ghz) {
4869 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4870 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4871 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4872 }
4873
4874 if (!sband->vht_cap.vht_supported && !is_6ghz) {
4875 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4876 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4877 }
4878
4879 if (!ieee80211_get_he_sta_cap(sband))
4880 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4881
4882 rcu_read_lock();
4883
4884 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && !is_6ghz) {
4885 const u8 *ht_oper_ie, *ht_cap_ie;
4886
4887 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
4888 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
4889 ht_oper = (void *)(ht_oper_ie + 2);
4890
4891 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
4892 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap))
4893 ht_cap = (void *)(ht_cap_ie + 2);
4894
4895 if (!ht_cap) {
4896 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4897 ht_oper = NULL;
4898 }
4899 }
4900
4901 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && !is_6ghz) {
4902 const u8 *vht_oper_ie, *vht_cap;
4903
4904 vht_oper_ie = ieee80211_bss_get_ie(cbss,
4905 WLAN_EID_VHT_OPERATION);
4906 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
4907 vht_oper = (void *)(vht_oper_ie + 2);
4908 if (vht_oper && !ht_oper) {
4909 vht_oper = NULL;
4910 sdata_info(sdata,
4911 "AP advertised VHT without HT, disabling HT/VHT/HE\n");
4912 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4913 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4914 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4915 }
4916
4917 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
4918 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
4919 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4920 vht_oper = NULL;
4921 }
4922 }
4923
4924 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE)) {
4925 const struct cfg80211_bss_ies *ies;
4926 const u8 *he_oper_ie;
4927
4928 ies = rcu_dereference(cbss->ies);
4929 he_oper_ie = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_OPERATION,
4930 ies->data, ies->len);
4931 if (he_oper_ie &&
4932 he_oper_ie[1] == ieee80211_he_oper_size(&he_oper_ie[3]))
4933 he_oper = (void *)(he_oper_ie + 3);
4934 else
4935 he_oper = NULL;
4936
4937 if (!ieee80211_verify_sta_he_mcs_support(sband, he_oper))
4938 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4939 }
4940
4941
4942 have_80mhz = false;
4943 for (i = 0; i < sband->n_channels; i++) {
4944 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED |
4945 IEEE80211_CHAN_NO_80MHZ))
4946 continue;
4947
4948 have_80mhz = true;
4949 break;
4950 }
4951
4952 if (!have_80mhz)
4953 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4954
4955 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
4956 cbss->channel,
4957 bss->vht_cap_info,
4958 ht_oper, vht_oper, he_oper,
4959 &chandef, false);
4960
4961 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
4962 local->rx_chains);
4963
4964 rcu_read_unlock();
4965
4966 if (ifmgd->flags & IEEE80211_STA_DISABLE_HE && is_6ghz) {
4967 sdata_info(sdata, "Rejecting non-HE 6/7 GHz connection");
4968 return -EINVAL;
4969 }
4970
4971
4972 sdata->smps_mode = IEEE80211_SMPS_OFF;
4973
4974 mutex_lock(&local->mtx);
4975
4976
4977
4978
4979
4980 ret = ieee80211_vif_use_channel(sdata, &chandef,
4981 IEEE80211_CHANCTX_SHARED);
4982
4983
4984 if (chandef.width == NL80211_CHAN_WIDTH_5 ||
4985 chandef.width == NL80211_CHAN_WIDTH_10)
4986 goto out;
4987
4988 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
4989 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef);
4990 ret = ieee80211_vif_use_channel(sdata, &chandef,
4991 IEEE80211_CHANCTX_SHARED);
4992 }
4993 out:
4994 mutex_unlock(&local->mtx);
4995 return ret;
4996}
4997
4998static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies,
4999 u8 *dtim_count, u8 *dtim_period)
5000{
5001 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len);
5002 const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data,
5003 ies->len);
5004 const struct ieee80211_tim_ie *tim = NULL;
5005 const struct ieee80211_bssid_index *idx;
5006 bool valid = tim_ie && tim_ie[1] >= 2;
5007
5008 if (valid)
5009 tim = (void *)(tim_ie + 2);
5010
5011 if (dtim_count)
5012 *dtim_count = valid ? tim->dtim_count : 0;
5013
5014 if (dtim_period)
5015 *dtim_period = valid ? tim->dtim_period : 0;
5016
5017
5018 if (!idx_ie || idx_ie[1] < 3)
5019 return valid;
5020
5021 idx = (void *)(idx_ie + 2);
5022
5023 if (dtim_count)
5024 *dtim_count = idx->dtim_count;
5025
5026 if (dtim_period)
5027 *dtim_period = idx->dtim_period;
5028
5029 return true;
5030}
5031
5032static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
5033 struct cfg80211_bss *cbss, bool assoc,
5034 bool override)
5035{
5036 struct ieee80211_local *local = sdata->local;
5037 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5038 struct ieee80211_bss *bss = (void *)cbss->priv;
5039 struct sta_info *new_sta = NULL;
5040 struct ieee80211_supported_band *sband;
5041 bool have_sta = false;
5042 int err;
5043
5044 sband = local->hw.wiphy->bands[cbss->channel->band];
5045
5046 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
5047 return -EINVAL;
5048
5049
5050 if (local->in_reconfig)
5051 return -EBUSY;
5052
5053 if (assoc) {
5054 rcu_read_lock();
5055 have_sta = sta_info_get(sdata, cbss->bssid);
5056 rcu_read_unlock();
5057 }
5058
5059 if (!have_sta) {
5060 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
5061 if (!new_sta)
5062 return -ENOMEM;
5063 }
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078 if (new_sta) {
5079 u32 rates = 0, basic_rates = 0;
5080 bool have_higher_than_11mbit;
5081 int min_rate = INT_MAX, min_rate_index = -1;
5082 const struct cfg80211_bss_ies *ies;
5083 int shift = ieee80211_vif_get_shift(&sdata->vif);
5084
5085 ieee80211_get_rates(sband, bss->supp_rates,
5086 bss->supp_rates_len,
5087 &rates, &basic_rates,
5088 &have_higher_than_11mbit,
5089 &min_rate, &min_rate_index,
5090 shift);
5091
5092
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102 if (min_rate_index < 0) {
5103 sdata_info(sdata,
5104 "No legacy rates in association response\n");
5105
5106 sta_info_free(local, new_sta);
5107 return -EINVAL;
5108 } else if (!basic_rates) {
5109 sdata_info(sdata,
5110 "No basic rates, using min rate instead\n");
5111 basic_rates = BIT(min_rate_index);
5112 }
5113
5114 if (rates)
5115 new_sta->sta.supp_rates[cbss->channel->band] = rates;
5116 else
5117 sdata_info(sdata,
5118 "No rates found, keeping mandatory only\n");
5119
5120 sdata->vif.bss_conf.basic_rates = basic_rates;
5121
5122
5123 if (cbss->channel->band == NL80211_BAND_2GHZ &&
5124 have_higher_than_11mbit)
5125 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
5126 else
5127 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
5128
5129 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
5130
5131
5132 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
5133 rcu_read_lock();
5134 ies = rcu_dereference(cbss->beacon_ies);
5135 if (ies) {
5136 sdata->vif.bss_conf.sync_tsf = ies->tsf;
5137 sdata->vif.bss_conf.sync_device_ts =
5138 bss->device_ts_beacon;
5139
5140 ieee80211_get_dtim(ies,
5141 &sdata->vif.bss_conf.sync_dtim_count,
5142 NULL);
5143 } else if (!ieee80211_hw_check(&sdata->local->hw,
5144 TIMING_BEACON_ONLY)) {
5145 ies = rcu_dereference(cbss->proberesp_ies);
5146
5147 sdata->vif.bss_conf.sync_tsf = ies->tsf;
5148 sdata->vif.bss_conf.sync_device_ts =
5149 bss->device_ts_presp;
5150 sdata->vif.bss_conf.sync_dtim_count = 0;
5151 } else {
5152 sdata->vif.bss_conf.sync_tsf = 0;
5153 sdata->vif.bss_conf.sync_device_ts = 0;
5154 sdata->vif.bss_conf.sync_dtim_count = 0;
5155 }
5156 rcu_read_unlock();
5157 }
5158
5159 if (new_sta || override) {
5160 err = ieee80211_prep_channel(sdata, cbss);
5161 if (err) {
5162 if (new_sta)
5163 sta_info_free(local, new_sta);
5164 return -EINVAL;
5165 }
5166 }
5167
5168 if (new_sta) {
5169
5170
5171
5172
5173 ieee80211_bss_info_change_notify(sdata,
5174 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
5175 BSS_CHANGED_BEACON_INT);
5176
5177 if (assoc)
5178 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
5179
5180 err = sta_info_insert(new_sta);
5181 new_sta = NULL;
5182 if (err) {
5183 sdata_info(sdata,
5184 "failed to insert STA entry for the AP (error %d)\n",
5185 err);
5186 return err;
5187 }
5188 } else
5189 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
5190
5191
5192 if (local->scanning)
5193 ieee80211_scan_cancel(local);
5194
5195 return 0;
5196}
5197
5198
5199int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
5200 struct cfg80211_auth_request *req)
5201{
5202 struct ieee80211_local *local = sdata->local;
5203 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5204 struct ieee80211_mgd_auth_data *auth_data;
5205 u16 auth_alg;
5206 int err;
5207 bool cont_auth;
5208
5209
5210
5211 switch (req->auth_type) {
5212 case NL80211_AUTHTYPE_OPEN_SYSTEM:
5213 auth_alg = WLAN_AUTH_OPEN;
5214 break;
5215 case NL80211_AUTHTYPE_SHARED_KEY:
5216 if (fips_enabled)
5217 return -EOPNOTSUPP;
5218 auth_alg = WLAN_AUTH_SHARED_KEY;
5219 break;
5220 case NL80211_AUTHTYPE_FT:
5221 auth_alg = WLAN_AUTH_FT;
5222 break;
5223 case NL80211_AUTHTYPE_NETWORK_EAP:
5224 auth_alg = WLAN_AUTH_LEAP;
5225 break;
5226 case NL80211_AUTHTYPE_SAE:
5227 auth_alg = WLAN_AUTH_SAE;
5228 break;
5229 case NL80211_AUTHTYPE_FILS_SK:
5230 auth_alg = WLAN_AUTH_FILS_SK;
5231 break;
5232 case NL80211_AUTHTYPE_FILS_SK_PFS:
5233 auth_alg = WLAN_AUTH_FILS_SK_PFS;
5234 break;
5235 case NL80211_AUTHTYPE_FILS_PK:
5236 auth_alg = WLAN_AUTH_FILS_PK;
5237 break;
5238 default:
5239 return -EOPNOTSUPP;
5240 }
5241
5242 if (ifmgd->assoc_data)
5243 return -EBUSY;
5244
5245 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len +
5246 req->ie_len, GFP_KERNEL);
5247 if (!auth_data)
5248 return -ENOMEM;
5249
5250 auth_data->bss = req->bss;
5251
5252 if (req->auth_data_len >= 4) {
5253 if (req->auth_type == NL80211_AUTHTYPE_SAE) {
5254 __le16 *pos = (__le16 *) req->auth_data;
5255
5256 auth_data->sae_trans = le16_to_cpu(pos[0]);
5257 auth_data->sae_status = le16_to_cpu(pos[1]);
5258 }
5259 memcpy(auth_data->data, req->auth_data + 4,
5260 req->auth_data_len - 4);
5261 auth_data->data_len += req->auth_data_len - 4;
5262 }
5263
5264
5265
5266
5267
5268
5269 cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss;
5270
5271 if (req->ie && req->ie_len) {
5272 memcpy(&auth_data->data[auth_data->data_len],
5273 req->ie, req->ie_len);
5274 auth_data->data_len += req->ie_len;
5275 }
5276
5277 if (req->key && req->key_len) {
5278 auth_data->key_len = req->key_len;
5279 auth_data->key_idx = req->key_idx;
5280 memcpy(auth_data->key, req->key, req->key_len);
5281 }
5282
5283 auth_data->algorithm = auth_alg;
5284
5285
5286
5287 if (ifmgd->auth_data) {
5288 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) {
5289 auth_data->peer_confirmed =
5290 ifmgd->auth_data->peer_confirmed;
5291 }
5292 ieee80211_destroy_auth_data(sdata, cont_auth);
5293 }
5294
5295
5296 ifmgd->auth_data = auth_data;
5297
5298
5299
5300
5301
5302
5303 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE &&
5304 auth_data->peer_confirmed && auth_data->sae_trans == 2)
5305 ieee80211_mark_sta_auth(sdata, req->bss->bssid);
5306
5307 if (ifmgd->associated) {
5308 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5309
5310 sdata_info(sdata,
5311 "disconnect from AP %pM for new auth to %pM\n",
5312 ifmgd->associated->bssid, req->bss->bssid);
5313 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5314 WLAN_REASON_UNSPECIFIED,
5315 false, frame_buf);
5316
5317 ieee80211_report_disconnect(sdata, frame_buf,
5318 sizeof(frame_buf), true,
5319 WLAN_REASON_UNSPECIFIED);
5320 }
5321
5322 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
5323
5324 err = ieee80211_prep_connection(sdata, req->bss, cont_auth, false);
5325 if (err)
5326 goto err_clear;
5327
5328 err = ieee80211_auth(sdata);
5329 if (err) {
5330 sta_info_destroy_addr(sdata, req->bss->bssid);
5331 goto err_clear;
5332 }
5333
5334
5335 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
5336 return 0;
5337
5338 err_clear:
5339 eth_zero_addr(ifmgd->bssid);
5340 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
5341 ifmgd->auth_data = NULL;
5342 mutex_lock(&sdata->local->mtx);
5343 ieee80211_vif_release_channel(sdata);
5344 mutex_unlock(&sdata->local->mtx);
5345 kfree(auth_data);
5346 return err;
5347}
5348
5349int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
5350 struct cfg80211_assoc_request *req)
5351{
5352 bool is_6ghz = req->bss->channel->band == NL80211_BAND_6GHZ;
5353 struct ieee80211_local *local = sdata->local;
5354 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5355 struct ieee80211_bss *bss = (void *)req->bss->priv;
5356 struct ieee80211_mgd_assoc_data *assoc_data;
5357 const struct cfg80211_bss_ies *beacon_ies;
5358 struct ieee80211_supported_band *sband;
5359 const u8 *ssidie, *ht_ie, *vht_ie;
5360 int i, err;
5361 bool override = false;
5362
5363 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
5364 if (!assoc_data)
5365 return -ENOMEM;
5366
5367 rcu_read_lock();
5368 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
5369 if (!ssidie || ssidie[1] > sizeof(assoc_data->ssid)) {
5370 rcu_read_unlock();
5371 kfree(assoc_data);
5372 return -EINVAL;
5373 }
5374 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
5375 assoc_data->ssid_len = ssidie[1];
5376 rcu_read_unlock();
5377
5378 if (ifmgd->associated) {
5379 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5380
5381 sdata_info(sdata,
5382 "disconnect from AP %pM for new assoc to %pM\n",
5383 ifmgd->associated->bssid, req->bss->bssid);
5384 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5385 WLAN_REASON_UNSPECIFIED,
5386 false, frame_buf);
5387
5388 ieee80211_report_disconnect(sdata, frame_buf,
5389 sizeof(frame_buf), true,
5390 WLAN_REASON_UNSPECIFIED);
5391 }
5392
5393 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
5394 err = -EBUSY;
5395 goto err_free;
5396 }
5397
5398 if (ifmgd->assoc_data) {
5399 err = -EBUSY;
5400 goto err_free;
5401 }
5402
5403 if (ifmgd->auth_data) {
5404 bool match;
5405
5406
5407 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
5408 ieee80211_destroy_auth_data(sdata, match);
5409 }
5410
5411
5412
5413 ifmgd->beacon_crc_valid = false;
5414
5415 assoc_data->wmm = bss->wmm_used &&
5416 (local->hw.queues >= IEEE80211_NUM_ACS);
5417
5418
5419
5420
5421
5422
5423
5424
5425 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
5426 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
5427 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
5428 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
5429 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5430 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5431 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5432 netdev_info(sdata->dev,
5433 "disabling HT/VHT/HE due to WEP/TKIP use\n");
5434 }
5435 }
5436
5437 sband = local->hw.wiphy->bands[req->bss->channel->band];
5438
5439
5440 if (!bss->wmm_used) {
5441 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5442 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5443 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5444 netdev_info(sdata->dev,
5445 "disabling HT/VHT/HE as WMM/QoS is not supported by the AP\n");
5446 }
5447
5448 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
5449 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
5450 sizeof(ifmgd->ht_capa_mask));
5451
5452 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
5453 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
5454 sizeof(ifmgd->vht_capa_mask));
5455
5456 if (req->ie && req->ie_len) {
5457 memcpy(assoc_data->ie, req->ie, req->ie_len);
5458 assoc_data->ie_len = req->ie_len;
5459 }
5460
5461 if (req->fils_kek) {
5462
5463 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) {
5464 err = -EINVAL;
5465 goto err_free;
5466 }
5467 memcpy(assoc_data->fils_kek, req->fils_kek,
5468 req->fils_kek_len);
5469 assoc_data->fils_kek_len = req->fils_kek_len;
5470 }
5471
5472 if (req->fils_nonces)
5473 memcpy(assoc_data->fils_nonces, req->fils_nonces,
5474 2 * FILS_NONCE_LEN);
5475
5476 assoc_data->bss = req->bss;
5477
5478 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
5479 if (ifmgd->powersave)
5480 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
5481 else
5482 sdata->smps_mode = IEEE80211_SMPS_OFF;
5483 } else
5484 sdata->smps_mode = ifmgd->req_smps;
5485
5486 assoc_data->capability = req->bss->capability;
5487 assoc_data->supp_rates = bss->supp_rates;
5488 assoc_data->supp_rates_len = bss->supp_rates_len;
5489
5490 rcu_read_lock();
5491 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
5492 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
5493 assoc_data->ap_ht_param =
5494 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
5495 else if (!is_6ghz)
5496 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5497 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY);
5498 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap))
5499 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2,
5500 sizeof(struct ieee80211_vht_cap));
5501 else if (!is_6ghz)
5502 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT |
5503 IEEE80211_STA_DISABLE_HE;
5504 rcu_read_unlock();
5505
5506 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) &&
5507 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK),
5508 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n"))
5509 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD;
5510
5511 if (bss->wmm_used && bss->uapsd_supported &&
5512 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) {
5513 assoc_data->uapsd = true;
5514 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
5515 } else {
5516 assoc_data->uapsd = false;
5517 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
5518 }
5519
5520 if (req->prev_bssid)
5521 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
5522
5523 if (req->use_mfp) {
5524 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
5525 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
5526 } else {
5527 ifmgd->mfp = IEEE80211_MFP_DISABLED;
5528 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
5529 }
5530
5531 if (req->flags & ASSOC_REQ_USE_RRM)
5532 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM;
5533 else
5534 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM;
5535
5536 if (req->crypto.control_port)
5537 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
5538 else
5539 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
5540
5541 sdata->control_port_protocol = req->crypto.control_port_ethertype;
5542 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
5543 sdata->control_port_over_nl80211 =
5544 req->crypto.control_port_over_nl80211;
5545 sdata->control_port_no_preauth = req->crypto.control_port_no_preauth;
5546 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto,
5547 sdata->vif.type);
5548
5549
5550
5551 ifmgd->assoc_data = assoc_data;
5552 ifmgd->dtim_period = 0;
5553 ifmgd->have_beacon = false;
5554
5555
5556 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
5557 struct ieee80211_sta_ht_cap sta_ht_cap;
5558
5559 if (req->flags & ASSOC_REQ_DISABLE_HT)
5560 override = true;
5561
5562 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
5563 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
5564
5565
5566 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ) &&
5567 sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 &&
5568 !(sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40))
5569 override = true;
5570
5571 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
5572 req->flags & ASSOC_REQ_DISABLE_VHT)
5573 override = true;
5574 }
5575
5576 if (req->flags & ASSOC_REQ_DISABLE_HT) {
5577 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5578 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5579 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5580 }
5581
5582 if (req->flags & ASSOC_REQ_DISABLE_VHT)
5583 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5584
5585 err = ieee80211_prep_connection(sdata, req->bss, true, override);
5586 if (err)
5587 goto err_clear;
5588
5589 rcu_read_lock();
5590 beacon_ies = rcu_dereference(req->bss->beacon_ies);
5591
5592 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC) &&
5593 !beacon_ies) {
5594
5595
5596
5597
5598 sdata_info(sdata, "waiting for beacon from %pM\n",
5599 ifmgd->bssid);
5600 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
5601 assoc_data->timeout_started = true;
5602 assoc_data->need_beacon = true;
5603 } else if (beacon_ies) {
5604 const struct element *elem;
5605 u8 dtim_count = 0;
5606
5607 ieee80211_get_dtim(beacon_ies, &dtim_count,
5608 &ifmgd->dtim_period);
5609
5610 ifmgd->have_beacon = true;
5611 assoc_data->timeout = jiffies;
5612 assoc_data->timeout_started = true;
5613
5614 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
5615 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf;
5616 sdata->vif.bss_conf.sync_device_ts =
5617 bss->device_ts_beacon;
5618 sdata->vif.bss_conf.sync_dtim_count = dtim_count;
5619 }
5620
5621 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION,
5622 beacon_ies->data, beacon_ies->len);
5623 if (elem && elem->datalen >= 3)
5624 sdata->vif.bss_conf.profile_periodicity = elem->data[2];
5625
5626 elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
5627 beacon_ies->data, beacon_ies->len);
5628 if (elem && elem->datalen >= 11 &&
5629 (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
5630 sdata->vif.bss_conf.ema_ap = true;
5631 } else {
5632 assoc_data->timeout = jiffies;
5633 assoc_data->timeout_started = true;
5634 }
5635 rcu_read_unlock();
5636
5637 run_again(sdata, assoc_data->timeout);
5638
5639 if (bss->corrupt_data) {
5640 char *corrupt_type = "data";
5641 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
5642 if (bss->corrupt_data &
5643 IEEE80211_BSS_CORRUPT_PROBE_RESP)
5644 corrupt_type = "beacon and probe response";
5645 else
5646 corrupt_type = "beacon";
5647 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
5648 corrupt_type = "probe response";
5649 sdata_info(sdata, "associating with AP with corrupt %s\n",
5650 corrupt_type);
5651 }
5652
5653 return 0;
5654 err_clear:
5655 eth_zero_addr(ifmgd->bssid);
5656 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
5657 ifmgd->assoc_data = NULL;
5658 err_free:
5659 kfree(assoc_data);
5660 return err;
5661}
5662
5663int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
5664 struct cfg80211_deauth_request *req)
5665{
5666 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5667 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5668 bool tx = !req->local_state_change;
5669
5670 if (ifmgd->auth_data &&
5671 ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) {
5672 sdata_info(sdata,
5673 "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
5674 req->bssid, req->reason_code,
5675 ieee80211_get_reason_code_string(req->reason_code));
5676
5677 drv_mgd_prepare_tx(sdata->local, sdata, 0);
5678 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
5679 IEEE80211_STYPE_DEAUTH,
5680 req->reason_code, tx,
5681 frame_buf);
5682 ieee80211_destroy_auth_data(sdata, false);
5683 ieee80211_report_disconnect(sdata, frame_buf,
5684 sizeof(frame_buf), true,
5685 req->reason_code);
5686
5687 return 0;
5688 }
5689
5690 if (ifmgd->assoc_data &&
5691 ether_addr_equal(ifmgd->assoc_data->bss->bssid, req->bssid)) {
5692 sdata_info(sdata,
5693 "aborting association with %pM by local choice (Reason: %u=%s)\n",
5694 req->bssid, req->reason_code,
5695 ieee80211_get_reason_code_string(req->reason_code));
5696
5697 drv_mgd_prepare_tx(sdata->local, sdata, 0);
5698 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
5699 IEEE80211_STYPE_DEAUTH,
5700 req->reason_code, tx,
5701 frame_buf);
5702 ieee80211_destroy_assoc_data(sdata, false, true);
5703 ieee80211_report_disconnect(sdata, frame_buf,
5704 sizeof(frame_buf), true,
5705 req->reason_code);
5706 return 0;
5707 }
5708
5709 if (ifmgd->associated &&
5710 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
5711 sdata_info(sdata,
5712 "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
5713 req->bssid, req->reason_code,
5714 ieee80211_get_reason_code_string(req->reason_code));
5715
5716 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5717 req->reason_code, tx, frame_buf);
5718 ieee80211_report_disconnect(sdata, frame_buf,
5719 sizeof(frame_buf), true,
5720 req->reason_code);
5721 return 0;
5722 }
5723
5724 return -ENOTCONN;
5725}
5726
5727int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
5728 struct cfg80211_disassoc_request *req)
5729{
5730 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5731 u8 bssid[ETH_ALEN];
5732 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5733
5734
5735
5736
5737
5738
5739
5740 if (ifmgd->associated != req->bss)
5741 return -ENOLINK;
5742
5743 sdata_info(sdata,
5744 "disassociating from %pM by local choice (Reason: %u=%s)\n",
5745 req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code));
5746
5747 memcpy(bssid, req->bss->bssid, ETH_ALEN);
5748 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
5749 req->reason_code, !req->local_state_change,
5750 frame_buf);
5751
5752 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
5753 req->reason_code);
5754
5755 return 0;
5756}
5757
5758void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
5759{
5760 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5761
5762
5763
5764
5765
5766
5767 cancel_work_sync(&ifmgd->monitor_work);
5768 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
5769 cancel_work_sync(&ifmgd->request_smps_work);
5770 cancel_work_sync(&ifmgd->csa_connection_drop_work);
5771 cancel_work_sync(&ifmgd->chswitch_work);
5772 cancel_delayed_work_sync(&ifmgd->tdls_peer_del_work);
5773
5774 sdata_lock(sdata);
5775 if (ifmgd->assoc_data) {
5776 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
5777 ieee80211_destroy_assoc_data(sdata, false, false);
5778 cfg80211_assoc_timeout(sdata->dev, bss);
5779 }
5780 if (ifmgd->auth_data)
5781 ieee80211_destroy_auth_data(sdata, false);
5782 spin_lock_bh(&ifmgd->teardown_lock);
5783 if (ifmgd->teardown_skb) {
5784 kfree_skb(ifmgd->teardown_skb);
5785 ifmgd->teardown_skb = NULL;
5786 ifmgd->orig_teardown_skb = NULL;
5787 }
5788 kfree(ifmgd->assoc_req_ies);
5789 ifmgd->assoc_req_ies = NULL;
5790 ifmgd->assoc_req_ies_len = 0;
5791 spin_unlock_bh(&ifmgd->teardown_lock);
5792 del_timer_sync(&ifmgd->timer);
5793 sdata_unlock(sdata);
5794}
5795
5796void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
5797 enum nl80211_cqm_rssi_threshold_event rssi_event,
5798 s32 rssi_level,
5799 gfp_t gfp)
5800{
5801 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5802
5803 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level);
5804
5805 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp);
5806}
5807EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
5808
5809void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp)
5810{
5811 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5812
5813 trace_api_cqm_beacon_loss_notify(sdata->local, sdata);
5814
5815 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp);
5816}
5817EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify);
5818
