1
2
3
4
5
6
7
8
9
10
11
12
13
14#include <linux/delay.h>
15#include <linux/fips.h>
16#include <linux/if_ether.h>
17#include <linux/skbuff.h>
18#include <linux/if_arp.h>
19#include <linux/etherdevice.h>
20#include <linux/moduleparam.h>
21#include <linux/rtnetlink.h>
22#include <linux/crc32.h>
23#include <linux/slab.h>
24#include <linux/export.h>
25#include <net/mac80211.h>
26#include <asm/unaligned.h>
27
28#include "ieee80211_i.h"
29#include "driver-ops.h"
30#include "rate.h"
31#include "led.h"
32#include "fils_aead.h"
33
34#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
35#define IEEE80211_AUTH_TIMEOUT_LONG (HZ / 2)
36#define IEEE80211_AUTH_TIMEOUT_SHORT (HZ / 10)
37#define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2)
38#define IEEE80211_AUTH_MAX_TRIES 3
39#define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
40#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
41#define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2)
42#define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10)
43#define IEEE80211_ASSOC_MAX_TRIES 3
44
45static int max_nullfunc_tries = 2;
46module_param(max_nullfunc_tries, int, 0644);
47MODULE_PARM_DESC(max_nullfunc_tries,
48 "Maximum nullfunc tx tries before disconnecting (reason 4).");
49
50static int max_probe_tries = 5;
51module_param(max_probe_tries, int, 0644);
52MODULE_PARM_DESC(max_probe_tries,
53 "Maximum probe tries before disconnecting (reason 4).");
54
55
56
57
58
59
60
61
62
63static int beacon_loss_count = 7;
64module_param(beacon_loss_count, int, 0644);
65MODULE_PARM_DESC(beacon_loss_count,
66 "Number of beacon intervals before we decide beacon was lost.");
67
68
69
70
71
72#define IEEE80211_CONNECTION_IDLE_TIME (30 * HZ)
73
74
75
76
77
78static int probe_wait_ms = 500;
79module_param(probe_wait_ms, int, 0644);
80MODULE_PARM_DESC(probe_wait_ms,
81 "Maximum time(ms) to wait for probe response"
82 " before disconnecting (reason 4).");
83
84
85
86
87
88#define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
89
90
91
92
93
94
95
96
97
98
99
100static void run_again(struct ieee80211_sub_if_data *sdata,
101 unsigned long timeout)
102{
103 sdata_assert_lock(sdata);
104
105 if (!timer_pending(&sdata->u.mgd.timer) ||
106 time_before(timeout, sdata->u.mgd.timer.expires))
107 mod_timer(&sdata->u.mgd.timer, timeout);
108}
109
110void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
111{
112 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
113 return;
114
115 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
116 return;
117
118 mod_timer(&sdata->u.mgd.bcn_mon_timer,
119 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
120}
121
122void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
123{
124 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
125
126 if (unlikely(!ifmgd->associated))
127 return;
128
129 if (ifmgd->probe_send_count)
130 ifmgd->probe_send_count = 0;
131
132 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
133 return;
134
135 mod_timer(&ifmgd->conn_mon_timer,
136 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
137}
138
139static int ecw2cw(int ecw)
140{
141 return (1 << ecw) - 1;
142}
143
144static u32
145ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
146 struct ieee80211_supported_band *sband,
147 struct ieee80211_channel *channel,
148 u32 vht_cap_info,
149 const struct ieee80211_ht_operation *ht_oper,
150 const struct ieee80211_vht_operation *vht_oper,
151 const struct ieee80211_he_operation *he_oper,
152 const struct ieee80211_s1g_oper_ie *s1g_oper,
153 struct cfg80211_chan_def *chandef, bool tracking)
154{
155 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
156 struct cfg80211_chan_def vht_chandef;
157 struct ieee80211_sta_ht_cap sta_ht_cap;
158 u32 ht_cfreq, ret;
159
160 memset(chandef, 0, sizeof(struct cfg80211_chan_def));
161 chandef->chan = channel;
162 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
163 chandef->center_freq1 = channel->center_freq;
164 chandef->freq1_offset = channel->freq_offset;
165
166 if (channel->band == NL80211_BAND_6GHZ) {
167 if (!ieee80211_chandef_he_6ghz_oper(sdata, he_oper, chandef))
168 ret = IEEE80211_STA_DISABLE_HT |
169 IEEE80211_STA_DISABLE_VHT |
170 IEEE80211_STA_DISABLE_HE;
171 else
172 ret = 0;
173 vht_chandef = *chandef;
174 goto out;
175 } else if (sband->band == NL80211_BAND_S1GHZ) {
176 if (!ieee80211_chandef_s1g_oper(s1g_oper, chandef)) {
177 sdata_info(sdata,
178 "Missing S1G Operation Element? Trying operating == primary\n");
179 chandef->width = ieee80211_s1g_channel_width(channel);
180 }
181
182 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_40MHZ |
183 IEEE80211_STA_DISABLE_VHT |
184 IEEE80211_STA_DISABLE_80P80MHZ |
185 IEEE80211_STA_DISABLE_160MHZ;
186 goto out;
187 }
188
189 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
190 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
191
192 if (!ht_oper || !sta_ht_cap.ht_supported) {
193 ret = IEEE80211_STA_DISABLE_HT |
194 IEEE80211_STA_DISABLE_VHT |
195 IEEE80211_STA_DISABLE_HE;
196 goto out;
197 }
198
199 chandef->width = NL80211_CHAN_WIDTH_20;
200
201 ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
202 channel->band);
203
204 if (!tracking && channel->center_freq != ht_cfreq) {
205
206
207
208
209
210
211
212 sdata_info(sdata,
213 "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
214 channel->center_freq, ht_cfreq,
215 ht_oper->primary_chan, channel->band);
216 ret = IEEE80211_STA_DISABLE_HT |
217 IEEE80211_STA_DISABLE_VHT |
218 IEEE80211_STA_DISABLE_HE;
219 goto out;
220 }
221
222
223 if (sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
224 ieee80211_chandef_ht_oper(ht_oper, chandef);
225 } else {
226
227 ret = IEEE80211_STA_DISABLE_VHT;
228
229 ret |= IEEE80211_STA_DISABLE_40MHZ;
230 goto out;
231 }
232
233 if (!vht_oper || !sband->vht_cap.vht_supported) {
234 ret = IEEE80211_STA_DISABLE_VHT;
235 goto out;
236 }
237
238 vht_chandef = *chandef;
239 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && he_oper &&
240 (le32_to_cpu(he_oper->he_oper_params) &
241 IEEE80211_HE_OPERATION_VHT_OPER_INFO)) {
242 struct ieee80211_vht_operation he_oper_vht_cap;
243
244
245
246
247
248 memcpy(&he_oper_vht_cap, he_oper->optional, 3);
249 he_oper_vht_cap.basic_mcs_set = cpu_to_le16(0);
250
251 if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info,
252 &he_oper_vht_cap, ht_oper,
253 &vht_chandef)) {
254 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
255 sdata_info(sdata,
256 "HE AP VHT information is invalid, disable HE\n");
257 ret = IEEE80211_STA_DISABLE_HE;
258 goto out;
259 }
260 } else if (!ieee80211_chandef_vht_oper(&sdata->local->hw,
261 vht_cap_info,
262 vht_oper, ht_oper,
263 &vht_chandef)) {
264 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
265 sdata_info(sdata,
266 "AP VHT information is invalid, disable VHT\n");
267 ret = IEEE80211_STA_DISABLE_VHT;
268 goto out;
269 }
270
271 if (!cfg80211_chandef_valid(&vht_chandef)) {
272 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
273 sdata_info(sdata,
274 "AP VHT information is invalid, disable VHT\n");
275 ret = IEEE80211_STA_DISABLE_VHT;
276 goto out;
277 }
278
279 if (cfg80211_chandef_identical(chandef, &vht_chandef)) {
280 ret = 0;
281 goto out;
282 }
283
284 if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
285 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
286 sdata_info(sdata,
287 "AP VHT information doesn't match HT, disable VHT\n");
288 ret = IEEE80211_STA_DISABLE_VHT;
289 goto out;
290 }
291
292 *chandef = vht_chandef;
293
294 ret = 0;
295
296out:
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315 if (tracking &&
316 cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef))
317 return ret;
318
319
320 if (ret & IEEE80211_STA_DISABLE_VHT)
321 vht_chandef = *chandef;
322
323
324
325
326
327
328
329
330
331 while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
332 tracking ? 0 :
333 IEEE80211_CHAN_DISABLED)) {
334 if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
335 ret = IEEE80211_STA_DISABLE_HT |
336 IEEE80211_STA_DISABLE_VHT |
337 IEEE80211_STA_DISABLE_HE;
338 break;
339 }
340
341 ret |= ieee80211_chandef_downgrade(chandef);
342 }
343
344 if (!he_oper || !cfg80211_chandef_usable(sdata->wdev.wiphy, chandef,
345 IEEE80211_CHAN_NO_HE))
346 ret |= IEEE80211_STA_DISABLE_HE;
347
348 if (chandef->width != vht_chandef.width && !tracking)
349 sdata_info(sdata,
350 "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
351
352 WARN_ON_ONCE(!cfg80211_chandef_valid(chandef));
353 return ret;
354}
355
356static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
357 struct sta_info *sta,
358 const struct ieee80211_ht_cap *ht_cap,
359 const struct ieee80211_vht_cap *vht_cap,
360 const struct ieee80211_ht_operation *ht_oper,
361 const struct ieee80211_vht_operation *vht_oper,
362 const struct ieee80211_he_operation *he_oper,
363 const struct ieee80211_s1g_oper_ie *s1g_oper,
364 const u8 *bssid, u32 *changed)
365{
366 struct ieee80211_local *local = sdata->local;
367 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
368 struct ieee80211_channel *chan = sdata->vif.bss_conf.chandef.chan;
369 struct ieee80211_supported_band *sband =
370 local->hw.wiphy->bands[chan->band];
371 struct cfg80211_chan_def chandef;
372 u16 ht_opmode;
373 u32 flags;
374 u32 vht_cap_info = 0;
375 int ret;
376
377
378 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper)
379 return 0;
380
381
382 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
383 vht_oper = NULL;
384
385
386 if (ifmgd->flags & IEEE80211_STA_DISABLE_HE ||
387 !ieee80211_get_he_iftype_cap(sband,
388 ieee80211_vif_type_p2p(&sdata->vif)))
389
390 he_oper = NULL;
391
392 if (WARN_ON_ONCE(!sta))
393 return -EINVAL;
394
395
396
397
398
399 ht_opmode = le16_to_cpu(ht_oper->operation_mode);
400 if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
401 *changed |= BSS_CHANGED_HT;
402 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
403 }
404
405 if (vht_cap)
406 vht_cap_info = le32_to_cpu(vht_cap->vht_cap_info);
407
408
409 flags = ieee80211_determine_chantype(sdata, sband, chan, vht_cap_info,
410 ht_oper, vht_oper, he_oper,
411 s1g_oper, &chandef, true);
412
413
414
415
416
417
418
419
420 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
421 chandef.width == NL80211_CHAN_WIDTH_80P80)
422 flags |= ieee80211_chandef_downgrade(&chandef);
423 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
424 chandef.width == NL80211_CHAN_WIDTH_160)
425 flags |= ieee80211_chandef_downgrade(&chandef);
426 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
427 chandef.width > NL80211_CHAN_WIDTH_20)
428 flags |= ieee80211_chandef_downgrade(&chandef);
429
430 if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef))
431 return 0;
432
433 sdata_info(sdata,
434 "AP %pM changed bandwidth, new config is %d.%03d MHz, "
435 "width %d (%d.%03d/%d MHz)\n",
436 ifmgd->bssid, chandef.chan->center_freq,
437 chandef.chan->freq_offset, chandef.width,
438 chandef.center_freq1, chandef.freq1_offset,
439 chandef.center_freq2);
440
441 if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
442 IEEE80211_STA_DISABLE_VHT |
443 IEEE80211_STA_DISABLE_HE |
444 IEEE80211_STA_DISABLE_40MHZ |
445 IEEE80211_STA_DISABLE_80P80MHZ |
446 IEEE80211_STA_DISABLE_160MHZ)) ||
447 !cfg80211_chandef_valid(&chandef)) {
448 sdata_info(sdata,
449 "AP %pM changed caps/bw in a way we can't support (0x%x/0x%x) - disconnect\n",
450 ifmgd->bssid, flags, ifmgd->flags);
451 return -EINVAL;
452 }
453
454 ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed);
455
456 if (ret) {
457 sdata_info(sdata,
458 "AP %pM changed bandwidth to incompatible one - disconnect\n",
459 ifmgd->bssid);
460 return ret;
461 }
462
463 return 0;
464}
465
466
467
468static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
469 struct sk_buff *skb, u8 ap_ht_param,
470 struct ieee80211_supported_band *sband,
471 struct ieee80211_channel *channel,
472 enum ieee80211_smps_mode smps)
473{
474 u8 *pos;
475 u32 flags = channel->flags;
476 u16 cap;
477 struct ieee80211_sta_ht_cap ht_cap;
478
479 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
480
481 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
482 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
483
484
485 cap = ht_cap.cap;
486
487 switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
488 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
489 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
490 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
491 cap &= ~IEEE80211_HT_CAP_SGI_40;
492 }
493 break;
494 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
495 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
496 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
497 cap &= ~IEEE80211_HT_CAP_SGI_40;
498 }
499 break;
500 }
501
502
503
504
505
506
507 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
508 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
509 cap &= ~IEEE80211_HT_CAP_SGI_40;
510 }
511
512
513 cap &= ~IEEE80211_HT_CAP_SM_PS;
514 switch (smps) {
515 case IEEE80211_SMPS_AUTOMATIC:
516 case IEEE80211_SMPS_NUM_MODES:
517 WARN_ON(1);
518 fallthrough;
519 case IEEE80211_SMPS_OFF:
520 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
521 IEEE80211_HT_CAP_SM_PS_SHIFT;
522 break;
523 case IEEE80211_SMPS_STATIC:
524 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
525 IEEE80211_HT_CAP_SM_PS_SHIFT;
526 break;
527 case IEEE80211_SMPS_DYNAMIC:
528 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
529 IEEE80211_HT_CAP_SM_PS_SHIFT;
530 break;
531 }
532
533
534 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
535 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
536}
537
538
539
540
541
542static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
543 struct sk_buff *skb,
544 struct ieee80211_supported_band *sband,
545 struct ieee80211_vht_cap *ap_vht_cap)
546{
547 struct ieee80211_local *local = sdata->local;
548 u8 *pos;
549 u32 cap;
550 struct ieee80211_sta_vht_cap vht_cap;
551 u32 mask, ap_bf_sts, our_bf_sts;
552
553 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
554
555 memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
556 ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
557
558
559 cap = vht_cap.cap;
560
561 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
562 u32 bw = cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
563
564 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
565 if (bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ ||
566 bw == IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ)
567 cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
568 }
569
570 if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
571 cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
572 cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK;
573 }
574
575
576
577
578
579 if (!(ap_vht_cap->vht_cap_info &
580 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
581 cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
582 IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
583 else if (!(ap_vht_cap->vht_cap_info &
584 cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
585 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
586
587
588
589
590
591
592
593
594 if (cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) {
595 bool disable_mu_mimo = false;
596 struct ieee80211_sub_if_data *other;
597
598 list_for_each_entry_rcu(other, &local->interfaces, list) {
599 if (other->vif.mu_mimo_owner) {
600 disable_mu_mimo = true;
601 break;
602 }
603 }
604 if (disable_mu_mimo)
605 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
606 else
607 sdata->vif.mu_mimo_owner = true;
608 }
609
610 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
611
612 ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
613 our_bf_sts = cap & mask;
614
615 if (ap_bf_sts < our_bf_sts) {
616 cap &= ~mask;
617 cap |= ap_bf_sts;
618 }
619
620
621 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
622 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
623}
624
625
626
627
628static void ieee80211_add_he_ie(struct ieee80211_sub_if_data *sdata,
629 struct sk_buff *skb,
630 struct ieee80211_supported_band *sband)
631{
632 u8 *pos;
633 const struct ieee80211_sta_he_cap *he_cap = NULL;
634 struct ieee80211_chanctx_conf *chanctx_conf;
635 u8 he_cap_size;
636 bool reg_cap = false;
637
638 rcu_read_lock();
639 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
640 if (!WARN_ON_ONCE(!chanctx_conf))
641 reg_cap = cfg80211_chandef_usable(sdata->wdev.wiphy,
642 &chanctx_conf->def,
643 IEEE80211_CHAN_NO_HE);
644
645 rcu_read_unlock();
646
647 he_cap = ieee80211_get_he_iftype_cap(sband,
648 ieee80211_vif_type_p2p(&sdata->vif));
649 if (!he_cap || !reg_cap)
650 return;
651
652
653
654
655
656 he_cap_size =
657 2 + 1 + sizeof(he_cap->he_cap_elem) +
658 ieee80211_he_mcs_nss_size(&he_cap->he_cap_elem) +
659 ieee80211_he_ppe_size(he_cap->ppe_thres[0],
660 he_cap->he_cap_elem.phy_cap_info);
661 pos = skb_put(skb, he_cap_size);
662 ieee80211_ie_build_he_cap(pos, he_cap, pos + he_cap_size);
663
664 ieee80211_ie_build_he_6ghz_cap(sdata, skb);
665}
666
667static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
668{
669 struct ieee80211_local *local = sdata->local;
670 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
671 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
672 struct sk_buff *skb;
673 struct ieee80211_mgmt *mgmt;
674 u8 *pos, qos_info, *ie_start;
675 size_t offset = 0, noffset;
676 int i, count, rates_len, supp_rates_len, shift;
677 u16 capab;
678 struct ieee80211_supported_band *sband;
679 struct ieee80211_chanctx_conf *chanctx_conf;
680 struct ieee80211_channel *chan;
681 u32 rates = 0;
682 __le16 listen_int;
683 struct element *ext_capa = NULL;
684 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif);
685 const struct ieee80211_sband_iftype_data *iftd;
686 struct ieee80211_prep_tx_info info = {};
687
688
689 if (assoc_data->ie_len)
690 ext_capa = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
691 assoc_data->ie,
692 assoc_data->ie_len);
693
694 sdata_assert_lock(sdata);
695
696 rcu_read_lock();
697 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
698 if (WARN_ON(!chanctx_conf)) {
699 rcu_read_unlock();
700 return;
701 }
702 chan = chanctx_conf->def.chan;
703 rcu_read_unlock();
704 sband = local->hw.wiphy->bands[chan->band];
705 shift = ieee80211_vif_get_shift(&sdata->vif);
706
707 if (assoc_data->supp_rates_len) {
708
709
710
711
712
713
714 rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband,
715 assoc_data->supp_rates,
716 assoc_data->supp_rates_len,
717 &rates);
718 } else {
719
720
721
722
723
724 rates_len = 0;
725 for (i = 0; i < sband->n_bitrates; i++) {
726 rates |= BIT(i);
727 rates_len++;
728 }
729 }
730
731 iftd = ieee80211_get_sband_iftype_data(sband, iftype);
732
733 skb = alloc_skb(local->hw.extra_tx_headroom +
734 sizeof(*mgmt) +
735 2 + assoc_data->ssid_len +
736 4 + rates_len +
737 4 +
738 2 + 2 * sband->n_channels +
739 2 + sizeof(struct ieee80211_ht_cap) +
740 2 + sizeof(struct ieee80211_vht_cap) +
741 2 + 1 + sizeof(struct ieee80211_he_cap_elem) +
742 sizeof(struct ieee80211_he_mcs_nss_supp) +
743 IEEE80211_HE_PPE_THRES_MAX_LEN +
744 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa) +
745 assoc_data->ie_len +
746 (assoc_data->fils_kek_len ? 16 : 0) +
747 9 +
748 (iftd ? iftd->vendor_elems.len : 0),
749 GFP_KERNEL);
750 if (!skb)
751 return;
752
753 skb_reserve(skb, local->hw.extra_tx_headroom);
754
755 capab = WLAN_CAPABILITY_ESS;
756
757 if (sband->band == NL80211_BAND_2GHZ) {
758 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
759 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
760 }
761
762 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
763 capab |= WLAN_CAPABILITY_PRIVACY;
764
765 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
766 ieee80211_hw_check(&local->hw, SPECTRUM_MGMT))
767 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
768
769 if (ifmgd->flags & IEEE80211_STA_ENABLE_RRM)
770 capab |= WLAN_CAPABILITY_RADIO_MEASURE;
771
772 mgmt = skb_put_zero(skb, 24);
773 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
774 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
775 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
776
777 listen_int = cpu_to_le16(sband->band == NL80211_BAND_S1GHZ ?
778 ieee80211_encode_usf(local->hw.conf.listen_interval) :
779 local->hw.conf.listen_interval);
780 if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
781 skb_put(skb, 10);
782 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
783 IEEE80211_STYPE_REASSOC_REQ);
784 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
785 mgmt->u.reassoc_req.listen_interval = listen_int;
786 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
787 ETH_ALEN);
788 info.subtype = IEEE80211_STYPE_REASSOC_REQ;
789 } else {
790 skb_put(skb, 4);
791 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
792 IEEE80211_STYPE_ASSOC_REQ);
793 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
794 mgmt->u.assoc_req.listen_interval = listen_int;
795 info.subtype = IEEE80211_STYPE_ASSOC_REQ;
796 }
797
798
799 pos = skb_put(skb, 2 + assoc_data->ssid_len);
800 ie_start = pos;
801 *pos++ = WLAN_EID_SSID;
802 *pos++ = assoc_data->ssid_len;
803 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
804
805 if (sband->band == NL80211_BAND_S1GHZ)
806 goto skip_rates;
807
808
809 supp_rates_len = rates_len;
810 if (supp_rates_len > 8)
811 supp_rates_len = 8;
812
813 pos = skb_put(skb, supp_rates_len + 2);
814 *pos++ = WLAN_EID_SUPP_RATES;
815 *pos++ = supp_rates_len;
816
817 count = 0;
818 for (i = 0; i < sband->n_bitrates; i++) {
819 if (BIT(i) & rates) {
820 int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
821 5 * (1 << shift));
822 *pos++ = (u8) rate;
823 if (++count == 8)
824 break;
825 }
826 }
827
828 if (rates_len > count) {
829 pos = skb_put(skb, rates_len - count + 2);
830 *pos++ = WLAN_EID_EXT_SUPP_RATES;
831 *pos++ = rates_len - count;
832
833 for (i++; i < sband->n_bitrates; i++) {
834 if (BIT(i) & rates) {
835 int rate;
836 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
837 5 * (1 << shift));
838 *pos++ = (u8) rate;
839 }
840 }
841 }
842
843skip_rates:
844 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT ||
845 capab & WLAN_CAPABILITY_RADIO_MEASURE) {
846 pos = skb_put(skb, 4);
847 *pos++ = WLAN_EID_PWR_CAPABILITY;
848 *pos++ = 2;
849 *pos++ = 0;
850
851 *pos++ = ieee80211_chandef_max_power(&chanctx_conf->def);
852 }
853
854
855
856
857
858
859 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT &&
860 (sband->band != NL80211_BAND_6GHZ ||
861 !ext_capa || ext_capa->datalen < 1 ||
862 !(ext_capa->data[0] & WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING))) {
863
864 pos = skb_put(skb, 2 * sband->n_channels + 2);
865 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
866 *pos++ = 2 * sband->n_channels;
867 for (i = 0; i < sband->n_channels; i++) {
868 *pos++ = ieee80211_frequency_to_channel(
869 sband->channels[i].center_freq);
870 *pos++ = 1;
871 }
872 }
873
874
875 if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) &&
876 !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && assoc_data->ie_len &&
877 ext_capa && ext_capa->datalen >= 3)
878 ext_capa->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT;
879
880
881 if (assoc_data->ie_len) {
882 static const u8 before_ht[] = {
883 WLAN_EID_SSID,
884 WLAN_EID_SUPP_RATES,
885 WLAN_EID_EXT_SUPP_RATES,
886 WLAN_EID_PWR_CAPABILITY,
887 WLAN_EID_SUPPORTED_CHANNELS,
888 WLAN_EID_RSN,
889 WLAN_EID_QOS_CAPA,
890 WLAN_EID_RRM_ENABLED_CAPABILITIES,
891 WLAN_EID_MOBILITY_DOMAIN,
892 WLAN_EID_FAST_BSS_TRANSITION,
893 WLAN_EID_RIC_DATA,
894 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
895 };
896 static const u8 after_ric[] = {
897 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
898 WLAN_EID_HT_CAPABILITY,
899 WLAN_EID_BSS_COEX_2040,
900
901 WLAN_EID_EXT_CAPABILITY,
902 WLAN_EID_QOS_TRAFFIC_CAPA,
903 WLAN_EID_TIM_BCAST_REQ,
904 WLAN_EID_INTERWORKING,
905
906 WLAN_EID_VHT_CAPABILITY,
907 WLAN_EID_OPMODE_NOTIF,
908 };
909
910 noffset = ieee80211_ie_split_ric(assoc_data->ie,
911 assoc_data->ie_len,
912 before_ht,
913 ARRAY_SIZE(before_ht),
914 after_ric,
915 ARRAY_SIZE(after_ric),
916 offset);
917 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
918 offset = noffset;
919 }
920
921 if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
922 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)))
923 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
924
925 if (sband->band != NL80211_BAND_6GHZ &&
926 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
927 ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
928 sband, chan, sdata->smps_mode);
929
930
931 if (assoc_data->ie_len) {
932 static const u8 before_vht[] = {
933
934
935
936
937 WLAN_EID_BSS_COEX_2040,
938 WLAN_EID_EXT_CAPABILITY,
939 WLAN_EID_QOS_TRAFFIC_CAPA,
940 WLAN_EID_TIM_BCAST_REQ,
941 WLAN_EID_INTERWORKING,
942
943 };
944
945
946 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
947 before_vht, ARRAY_SIZE(before_vht),
948 offset);
949 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
950 offset = noffset;
951 }
952
953
954 if (assoc_data->ie_len) {
955 static const u8 before_he[] = {
956
957
958
959
960 WLAN_EID_OPMODE_NOTIF,
961 WLAN_EID_EXTENSION, WLAN_EID_EXT_FUTURE_CHAN_GUIDANCE,
962
963 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_SESSION,
964 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_PUBLIC_KEY,
965 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_KEY_CONFIRM,
966 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_HLP_CONTAINER,
967 WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_IP_ADDR_ASSIGN,
968
969 };
970
971
972 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
973 before_he, ARRAY_SIZE(before_he),
974 offset);
975 pos = skb_put(skb, noffset - offset);
976 memcpy(pos, assoc_data->ie + offset, noffset - offset);
977 offset = noffset;
978 }
979
980 if (sband->band != NL80211_BAND_6GHZ &&
981 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
982 ieee80211_add_vht_ie(sdata, skb, sband,
983 &assoc_data->ap_vht_cap);
984
985
986
987
988
989 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT ||
990 (sband->band == NL80211_BAND_5GHZ &&
991 ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
992 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
993
994 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
995 ieee80211_add_he_ie(sdata, skb, sband);
996
997
998 if (assoc_data->ie_len) {
999 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
1000 assoc_data->ie_len,
1001 offset);
1002 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1003 offset = noffset;
1004 }
1005
1006 if (assoc_data->wmm) {
1007 if (assoc_data->uapsd) {
1008 qos_info = ifmgd->uapsd_queues;
1009 qos_info |= (ifmgd->uapsd_max_sp_len <<
1010 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
1011 } else {
1012 qos_info = 0;
1013 }
1014
1015 pos = ieee80211_add_wmm_info_ie(skb_put(skb, 9), qos_info);
1016 }
1017
1018 if (sband->band == NL80211_BAND_S1GHZ) {
1019 ieee80211_add_aid_request_ie(sdata, skb);
1020 ieee80211_add_s1g_capab_ie(sdata, &sband->s1g_cap, skb);
1021 }
1022
1023 if (iftd && iftd->vendor_elems.data && iftd->vendor_elems.len)
1024 skb_put_data(skb, iftd->vendor_elems.data, iftd->vendor_elems.len);
1025
1026
1027 if (assoc_data->ie_len) {
1028 noffset = assoc_data->ie_len;
1029 skb_put_data(skb, assoc_data->ie + offset, noffset - offset);
1030 }
1031
1032 if (assoc_data->fils_kek_len &&
1033 fils_encrypt_assoc_req(skb, assoc_data) < 0) {
1034 dev_kfree_skb(skb);
1035 return;
1036 }
1037
1038 pos = skb_tail_pointer(skb);
1039 kfree(ifmgd->assoc_req_ies);
1040 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC);
1041 ifmgd->assoc_req_ies_len = pos - ie_start;
1042
1043 drv_mgd_prepare_tx(local, sdata, &info);
1044
1045 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1046 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1047 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
1048 IEEE80211_TX_INTFL_MLME_CONN_TX;
1049 ieee80211_tx_skb(sdata, skb);
1050}
1051
1052void ieee80211_send_pspoll(struct ieee80211_local *local,
1053 struct ieee80211_sub_if_data *sdata)
1054{
1055 struct ieee80211_pspoll *pspoll;
1056 struct sk_buff *skb;
1057
1058 skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
1059 if (!skb)
1060 return;
1061
1062 pspoll = (struct ieee80211_pspoll *) skb->data;
1063 pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
1064
1065 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1066 ieee80211_tx_skb(sdata, skb);
1067}
1068
1069void ieee80211_send_nullfunc(struct ieee80211_local *local,
1070 struct ieee80211_sub_if_data *sdata,
1071 bool powersave)
1072{
1073 struct sk_buff *skb;
1074 struct ieee80211_hdr_3addr *nullfunc;
1075 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1076
1077 skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif,
1078 !ieee80211_hw_check(&local->hw, DOESNT_SUPPORT_QOS_NDP));
1079 if (!skb)
1080 return;
1081
1082 nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
1083 if (powersave)
1084 nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
1085
1086 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
1087 IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
1088
1089 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1090 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
1091
1092 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
1093 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
1094
1095 ieee80211_tx_skb(sdata, skb);
1096}
1097
1098void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
1099 struct ieee80211_sub_if_data *sdata)
1100{
1101 struct sk_buff *skb;
1102 struct ieee80211_hdr *nullfunc;
1103 __le16 fc;
1104
1105 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1106 return;
1107
1108 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
1109 if (!skb)
1110 return;
1111
1112 skb_reserve(skb, local->hw.extra_tx_headroom);
1113
1114 nullfunc = skb_put_zero(skb, 30);
1115 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
1116 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1117 nullfunc->frame_control = fc;
1118 memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
1119 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
1120 memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
1121 memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
1122
1123 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1124 ieee80211_tx_skb(sdata, skb);
1125}
1126
1127
1128static void ieee80211_chswitch_work(struct work_struct *work)
1129{
1130 struct ieee80211_sub_if_data *sdata =
1131 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
1132 struct ieee80211_local *local = sdata->local;
1133 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1134 int ret;
1135
1136 if (!ieee80211_sdata_running(sdata))
1137 return;
1138
1139 sdata_lock(sdata);
1140 mutex_lock(&local->mtx);
1141 mutex_lock(&local->chanctx_mtx);
1142
1143 if (!ifmgd->associated)
1144 goto out;
1145
1146 if (!sdata->vif.csa_active)
1147 goto out;
1148
1149
1150
1151
1152
1153
1154
1155
1156 if (sdata->reserved_chanctx) {
1157
1158
1159
1160
1161
1162 if (sdata->reserved_ready)
1163 goto out;
1164
1165 ret = ieee80211_vif_use_reserved_context(sdata);
1166 if (ret) {
1167 sdata_info(sdata,
1168 "failed to use reserved channel context, disconnecting (err=%d)\n",
1169 ret);
1170 ieee80211_queue_work(&sdata->local->hw,
1171 &ifmgd->csa_connection_drop_work);
1172 goto out;
1173 }
1174
1175 goto out;
1176 }
1177
1178 if (!cfg80211_chandef_identical(&sdata->vif.bss_conf.chandef,
1179 &sdata->csa_chandef)) {
1180 sdata_info(sdata,
1181 "failed to finalize channel switch, disconnecting\n");
1182 ieee80211_queue_work(&sdata->local->hw,
1183 &ifmgd->csa_connection_drop_work);
1184 goto out;
1185 }
1186
1187 ifmgd->csa_waiting_bcn = true;
1188
1189 ieee80211_sta_reset_beacon_monitor(sdata);
1190 ieee80211_sta_reset_conn_monitor(sdata);
1191
1192out:
1193 mutex_unlock(&local->chanctx_mtx);
1194 mutex_unlock(&local->mtx);
1195 sdata_unlock(sdata);
1196}
1197
1198static void ieee80211_chswitch_post_beacon(struct ieee80211_sub_if_data *sdata)
1199{
1200 struct ieee80211_local *local = sdata->local;
1201 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1202 int ret;
1203
1204 sdata_assert_lock(sdata);
1205
1206 WARN_ON(!sdata->vif.csa_active);
1207
1208 if (sdata->csa_block_tx) {
1209 ieee80211_wake_vif_queues(local, sdata,
1210 IEEE80211_QUEUE_STOP_REASON_CSA);
1211 sdata->csa_block_tx = false;
1212 }
1213
1214 sdata->vif.csa_active = false;
1215 ifmgd->csa_waiting_bcn = false;
1216
1217
1218
1219
1220 ifmgd->beacon_crc_valid = false;
1221
1222 ret = drv_post_channel_switch(sdata);
1223 if (ret) {
1224 sdata_info(sdata,
1225 "driver post channel switch failed, disconnecting\n");
1226 ieee80211_queue_work(&local->hw,
1227 &ifmgd->csa_connection_drop_work);
1228 return;
1229 }
1230
1231 cfg80211_ch_switch_notify(sdata->dev, &sdata->reserved_chandef);
1232}
1233
1234void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
1235{
1236 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1237 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1238
1239 trace_api_chswitch_done(sdata, success);
1240 if (!success) {
1241 sdata_info(sdata,
1242 "driver channel switch failed, disconnecting\n");
1243 ieee80211_queue_work(&sdata->local->hw,
1244 &ifmgd->csa_connection_drop_work);
1245 } else {
1246 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1247 }
1248}
1249EXPORT_SYMBOL(ieee80211_chswitch_done);
1250
1251static void ieee80211_chswitch_timer(struct timer_list *t)
1252{
1253 struct ieee80211_sub_if_data *sdata =
1254 from_timer(sdata, t, u.mgd.chswitch_timer);
1255
1256 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
1257}
1258
1259static void
1260ieee80211_sta_abort_chanswitch(struct ieee80211_sub_if_data *sdata)
1261{
1262 struct ieee80211_local *local = sdata->local;
1263
1264 if (!local->ops->abort_channel_switch)
1265 return;
1266
1267 mutex_lock(&local->mtx);
1268
1269 mutex_lock(&local->chanctx_mtx);
1270 ieee80211_vif_unreserve_chanctx(sdata);
1271 mutex_unlock(&local->chanctx_mtx);
1272
1273 if (sdata->csa_block_tx)
1274 ieee80211_wake_vif_queues(local, sdata,
1275 IEEE80211_QUEUE_STOP_REASON_CSA);
1276
1277 sdata->csa_block_tx = false;
1278 sdata->vif.csa_active = false;
1279
1280 mutex_unlock(&local->mtx);
1281
1282 drv_abort_channel_switch(sdata);
1283}
1284
1285static void
1286ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1287 u64 timestamp, u32 device_timestamp,
1288 struct ieee802_11_elems *elems,
1289 bool beacon)
1290{
1291 struct ieee80211_local *local = sdata->local;
1292 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1293 struct cfg80211_bss *cbss = ifmgd->associated;
1294 struct ieee80211_chanctx_conf *conf;
1295 struct ieee80211_chanctx *chanctx;
1296 enum nl80211_band current_band;
1297 struct ieee80211_csa_ie csa_ie;
1298 struct ieee80211_channel_switch ch_switch;
1299 struct ieee80211_bss *bss;
1300 int res;
1301
1302 sdata_assert_lock(sdata);
1303
1304 if (!cbss)
1305 return;
1306
1307 if (local->scanning)
1308 return;
1309
1310 current_band = cbss->channel->band;
1311 bss = (void *)cbss->priv;
1312 res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band,
1313 bss->vht_cap_info,
1314 ifmgd->flags,
1315 ifmgd->associated->bssid, &csa_ie);
1316
1317 if (!res) {
1318 ch_switch.timestamp = timestamp;
1319 ch_switch.device_timestamp = device_timestamp;
1320 ch_switch.block_tx = csa_ie.mode;
1321 ch_switch.chandef = csa_ie.chandef;
1322 ch_switch.count = csa_ie.count;
1323 ch_switch.delay = csa_ie.max_switch_time;
1324 }
1325
1326 if (res < 0)
1327 goto lock_and_drop_connection;
1328
1329 if (beacon && sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) {
1330 if (res)
1331 ieee80211_sta_abort_chanswitch(sdata);
1332 else
1333 drv_channel_switch_rx_beacon(sdata, &ch_switch);
1334 return;
1335 } else if (sdata->vif.csa_active || res) {
1336
1337 return;
1338 }
1339
1340 if (sdata->vif.bss_conf.chandef.chan->band !=
1341 csa_ie.chandef.chan->band) {
1342 sdata_info(sdata,
1343 "AP %pM switches to different band (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
1344 ifmgd->associated->bssid,
1345 csa_ie.chandef.chan->center_freq,
1346 csa_ie.chandef.width, csa_ie.chandef.center_freq1,
1347 csa_ie.chandef.center_freq2);
1348 goto lock_and_drop_connection;
1349 }
1350
1351 if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef,
1352 IEEE80211_CHAN_DISABLED)) {
1353 sdata_info(sdata,
1354 "AP %pM switches to unsupported channel "
1355 "(%d.%03d MHz, width:%d, CF1/2: %d.%03d/%d MHz), "
1356 "disconnecting\n",
1357 ifmgd->associated->bssid,
1358 csa_ie.chandef.chan->center_freq,
1359 csa_ie.chandef.chan->freq_offset,
1360 csa_ie.chandef.width, csa_ie.chandef.center_freq1,
1361 csa_ie.chandef.freq1_offset,
1362 csa_ie.chandef.center_freq2);
1363 goto lock_and_drop_connection;
1364 }
1365
1366 if (cfg80211_chandef_identical(&csa_ie.chandef,
1367 &sdata->vif.bss_conf.chandef) &&
1368 (!csa_ie.mode || !beacon)) {
1369 if (ifmgd->csa_ignored_same_chan)
1370 return;
1371 sdata_info(sdata,
1372 "AP %pM tries to chanswitch to same channel, ignore\n",
1373 ifmgd->associated->bssid);
1374 ifmgd->csa_ignored_same_chan = true;
1375 return;
1376 }
1377
1378
1379
1380
1381
1382
1383
1384 ieee80211_teardown_tdls_peers(sdata);
1385
1386 mutex_lock(&local->mtx);
1387 mutex_lock(&local->chanctx_mtx);
1388 conf = rcu_dereference_protected(sdata->vif.chanctx_conf,
1389 lockdep_is_held(&local->chanctx_mtx));
1390 if (!conf) {
1391 sdata_info(sdata,
1392 "no channel context assigned to vif?, disconnecting\n");
1393 goto drop_connection;
1394 }
1395
1396 chanctx = container_of(conf, struct ieee80211_chanctx, conf);
1397
1398 if (local->use_chanctx &&
1399 !ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) {
1400 sdata_info(sdata,
1401 "driver doesn't support chan-switch with channel contexts\n");
1402 goto drop_connection;
1403 }
1404
1405 if (drv_pre_channel_switch(sdata, &ch_switch)) {
1406 sdata_info(sdata,
1407 "preparing for channel switch failed, disconnecting\n");
1408 goto drop_connection;
1409 }
1410
1411 res = ieee80211_vif_reserve_chanctx(sdata, &csa_ie.chandef,
1412 chanctx->mode, false);
1413 if (res) {
1414 sdata_info(sdata,
1415 "failed to reserve channel context for channel switch, disconnecting (err=%d)\n",
1416 res);
1417 goto drop_connection;
1418 }
1419 mutex_unlock(&local->chanctx_mtx);
1420
1421 sdata->vif.csa_active = true;
1422 sdata->csa_chandef = csa_ie.chandef;
1423 sdata->csa_block_tx = csa_ie.mode;
1424 ifmgd->csa_ignored_same_chan = false;
1425 ifmgd->beacon_crc_valid = false;
1426
1427 if (sdata->csa_block_tx)
1428 ieee80211_stop_vif_queues(local, sdata,
1429 IEEE80211_QUEUE_STOP_REASON_CSA);
1430 mutex_unlock(&local->mtx);
1431
1432 cfg80211_ch_switch_started_notify(sdata->dev, &csa_ie.chandef,
1433 csa_ie.count, csa_ie.mode);
1434
1435 if (local->ops->channel_switch) {
1436
1437 drv_channel_switch(local, sdata, &ch_switch);
1438 return;
1439 }
1440
1441
1442 if (csa_ie.count <= 1)
1443 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work);
1444 else
1445 mod_timer(&ifmgd->chswitch_timer,
1446 TU_TO_EXP_TIME((csa_ie.count - 1) *
1447 cbss->beacon_interval));
1448 return;
1449 lock_and_drop_connection:
1450 mutex_lock(&local->mtx);
1451 mutex_lock(&local->chanctx_mtx);
1452 drop_connection:
1453
1454
1455
1456
1457
1458
1459
1460 sdata->vif.csa_active = true;
1461 sdata->csa_block_tx = csa_ie.mode;
1462
1463 ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work);
1464 mutex_unlock(&local->chanctx_mtx);
1465 mutex_unlock(&local->mtx);
1466}
1467
1468static bool
1469ieee80211_find_80211h_pwr_constr(struct ieee80211_sub_if_data *sdata,
1470 struct ieee80211_channel *channel,
1471 const u8 *country_ie, u8 country_ie_len,
1472 const u8 *pwr_constr_elem,
1473 int *chan_pwr, int *pwr_reduction)
1474{
1475 struct ieee80211_country_ie_triplet *triplet;
1476 int chan = ieee80211_frequency_to_channel(channel->center_freq);
1477 int i, chan_increment;
1478 bool have_chan_pwr = false;
1479
1480
1481 if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
1482 return false;
1483
1484 triplet = (void *)(country_ie + 3);
1485 country_ie_len -= 3;
1486
1487 switch (channel->band) {
1488 default:
1489 WARN_ON_ONCE(1);
1490 fallthrough;
1491 case NL80211_BAND_2GHZ:
1492 case NL80211_BAND_60GHZ:
1493 chan_increment = 1;
1494 break;
1495 case NL80211_BAND_5GHZ:
1496 chan_increment = 4;
1497 break;
1498 case NL80211_BAND_6GHZ:
1499
1500
1501
1502
1503
1504
1505
1506 return false;
1507 }
1508
1509
1510 while (country_ie_len >= 3) {
1511 u8 first_channel = triplet->chans.first_channel;
1512
1513 if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
1514 goto next;
1515
1516 for (i = 0; i < triplet->chans.num_channels; i++) {
1517 if (first_channel + i * chan_increment == chan) {
1518 have_chan_pwr = true;
1519 *chan_pwr = triplet->chans.max_power;
1520 break;
1521 }
1522 }
1523 if (have_chan_pwr)
1524 break;
1525
1526 next:
1527 triplet++;
1528 country_ie_len -= 3;
1529 }
1530
1531 if (have_chan_pwr && pwr_constr_elem)
1532 *pwr_reduction = *pwr_constr_elem;
1533 else
1534 *pwr_reduction = 0;
1535
1536 return have_chan_pwr;
1537}
1538
1539static void ieee80211_find_cisco_dtpc(struct ieee80211_sub_if_data *sdata,
1540 struct ieee80211_channel *channel,
1541 const u8 *cisco_dtpc_ie,
1542 int *pwr_level)
1543{
1544
1545
1546
1547
1548
1549
1550 *pwr_level = (__s8)cisco_dtpc_ie[4];
1551}
1552
1553static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
1554 struct ieee80211_channel *channel,
1555 struct ieee80211_mgmt *mgmt,
1556 const u8 *country_ie, u8 country_ie_len,
1557 const u8 *pwr_constr_ie,
1558 const u8 *cisco_dtpc_ie)
1559{
1560 bool has_80211h_pwr = false, has_cisco_pwr = false;
1561 int chan_pwr = 0, pwr_reduction_80211h = 0;
1562 int pwr_level_cisco, pwr_level_80211h;
1563 int new_ap_level;
1564 __le16 capab = mgmt->u.probe_resp.capab_info;
1565
1566 if (ieee80211_is_s1g_beacon(mgmt->frame_control))
1567 return 0;
1568
1569 if (country_ie &&
1570 (capab & cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT) ||
1571 capab & cpu_to_le16(WLAN_CAPABILITY_RADIO_MEASURE))) {
1572 has_80211h_pwr = ieee80211_find_80211h_pwr_constr(
1573 sdata, channel, country_ie, country_ie_len,
1574 pwr_constr_ie, &chan_pwr, &pwr_reduction_80211h);
1575 pwr_level_80211h =
1576 max_t(int, 0, chan_pwr - pwr_reduction_80211h);
1577 }
1578
1579 if (cisco_dtpc_ie) {
1580 ieee80211_find_cisco_dtpc(
1581 sdata, channel, cisco_dtpc_ie, &pwr_level_cisco);
1582 has_cisco_pwr = true;
1583 }
1584
1585 if (!has_80211h_pwr && !has_cisco_pwr)
1586 return 0;
1587
1588
1589
1590
1591 if (has_80211h_pwr &&
1592 (!has_cisco_pwr || pwr_level_80211h <= pwr_level_cisco)) {
1593 new_ap_level = pwr_level_80211h;
1594
1595 if (sdata->ap_power_level == new_ap_level)
1596 return 0;
1597
1598 sdata_dbg(sdata,
1599 "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1600 pwr_level_80211h, chan_pwr, pwr_reduction_80211h,
1601 sdata->u.mgd.bssid);
1602 } else {
1603 new_ap_level = pwr_level_cisco;
1604
1605 if (sdata->ap_power_level == new_ap_level)
1606 return 0;
1607
1608 sdata_dbg(sdata,
1609 "Limiting TX power to %d dBm as advertised by %pM\n",
1610 pwr_level_cisco, sdata->u.mgd.bssid);
1611 }
1612
1613 sdata->ap_power_level = new_ap_level;
1614 if (__ieee80211_recalc_txpower(sdata))
1615 return BSS_CHANGED_TXPOWER;
1616 return 0;
1617}
1618
1619
1620static void ieee80211_enable_ps(struct ieee80211_local *local,
1621 struct ieee80211_sub_if_data *sdata)
1622{
1623 struct ieee80211_conf *conf = &local->hw.conf;
1624
1625
1626
1627
1628
1629 if (local->scanning)
1630 return;
1631
1632 if (conf->dynamic_ps_timeout > 0 &&
1633 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS)) {
1634 mod_timer(&local->dynamic_ps_timer, jiffies +
1635 msecs_to_jiffies(conf->dynamic_ps_timeout));
1636 } else {
1637 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
1638 ieee80211_send_nullfunc(local, sdata, true);
1639
1640 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
1641 ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
1642 return;
1643
1644 conf->flags |= IEEE80211_CONF_PS;
1645 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1646 }
1647}
1648
1649static void ieee80211_change_ps(struct ieee80211_local *local)
1650{
1651 struct ieee80211_conf *conf = &local->hw.conf;
1652
1653 if (local->ps_sdata) {
1654 ieee80211_enable_ps(local, local->ps_sdata);
1655 } else if (conf->flags & IEEE80211_CONF_PS) {
1656 conf->flags &= ~IEEE80211_CONF_PS;
1657 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1658 del_timer_sync(&local->dynamic_ps_timer);
1659 cancel_work_sync(&local->dynamic_ps_enable_work);
1660 }
1661}
1662
1663static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
1664{
1665 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
1666 struct sta_info *sta = NULL;
1667 bool authorized = false;
1668
1669 if (!mgd->powersave)
1670 return false;
1671
1672 if (mgd->broken_ap)
1673 return false;
1674
1675 if (!mgd->associated)
1676 return false;
1677
1678 if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
1679 return false;
1680
1681 if (!mgd->have_beacon)
1682 return false;
1683
1684 rcu_read_lock();
1685 sta = sta_info_get(sdata, mgd->bssid);
1686 if (sta)
1687 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1688 rcu_read_unlock();
1689
1690 return authorized;
1691}
1692
1693
1694void ieee80211_recalc_ps(struct ieee80211_local *local)
1695{
1696 struct ieee80211_sub_if_data *sdata, *found = NULL;
1697 int count = 0;
1698 int timeout;
1699
1700 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS)) {
1701 local->ps_sdata = NULL;
1702 return;
1703 }
1704
1705 list_for_each_entry(sdata, &local->interfaces, list) {
1706 if (!ieee80211_sdata_running(sdata))
1707 continue;
1708 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1709
1710
1711
1712
1713 count = 0;
1714 break;
1715 }
1716 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1717 continue;
1718 found = sdata;
1719 count++;
1720 }
1721
1722 if (count == 1 && ieee80211_powersave_allowed(found)) {
1723 u8 dtimper = found->u.mgd.dtim_period;
1724
1725 timeout = local->dynamic_ps_forced_timeout;
1726 if (timeout < 0)
1727 timeout = 100;
1728 local->hw.conf.dynamic_ps_timeout = timeout;
1729
1730
1731 if (!dtimper)
1732 dtimper = 1;
1733
1734 local->hw.conf.ps_dtim_period = dtimper;
1735 local->ps_sdata = found;
1736 } else {
1737 local->ps_sdata = NULL;
1738 }
1739
1740 ieee80211_change_ps(local);
1741}
1742
1743void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1744{
1745 bool ps_allowed = ieee80211_powersave_allowed(sdata);
1746
1747 if (sdata->vif.bss_conf.ps != ps_allowed) {
1748 sdata->vif.bss_conf.ps = ps_allowed;
1749 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1750 }
1751}
1752
1753void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1754{
1755 struct ieee80211_local *local =
1756 container_of(work, struct ieee80211_local,
1757 dynamic_ps_disable_work);
1758
1759 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1760 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1761 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1762 }
1763
1764 ieee80211_wake_queues_by_reason(&local->hw,
1765 IEEE80211_MAX_QUEUE_MAP,
1766 IEEE80211_QUEUE_STOP_REASON_PS,
1767 false);
1768}
1769
1770void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1771{
1772 struct ieee80211_local *local =
1773 container_of(work, struct ieee80211_local,
1774 dynamic_ps_enable_work);
1775 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1776 struct ieee80211_if_managed *ifmgd;
1777 unsigned long flags;
1778 int q;
1779
1780
1781 if (!sdata)
1782 return;
1783
1784 ifmgd = &sdata->u.mgd;
1785
1786 if (local->hw.conf.flags & IEEE80211_CONF_PS)
1787 return;
1788
1789 if (local->hw.conf.dynamic_ps_timeout > 0) {
1790
1791 if (drv_tx_frames_pending(local)) {
1792 mod_timer(&local->dynamic_ps_timer, jiffies +
1793 msecs_to_jiffies(
1794 local->hw.conf.dynamic_ps_timeout));
1795 return;
1796 }
1797
1798
1799
1800
1801
1802
1803 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1804 for (q = 0; q < local->hw.queues; q++) {
1805 if (local->queue_stop_reasons[q]) {
1806 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1807 flags);
1808 mod_timer(&local->dynamic_ps_timer, jiffies +
1809 msecs_to_jiffies(
1810 local->hw.conf.dynamic_ps_timeout));
1811 return;
1812 }
1813 }
1814 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1815 }
1816
1817 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
1818 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1819 if (drv_tx_frames_pending(local)) {
1820 mod_timer(&local->dynamic_ps_timer, jiffies +
1821 msecs_to_jiffies(
1822 local->hw.conf.dynamic_ps_timeout));
1823 } else {
1824 ieee80211_send_nullfunc(local, sdata, true);
1825
1826 ieee80211_flush_queues(local, sdata, false);
1827 }
1828 }
1829
1830 if (!(ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
1831 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) ||
1832 (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1833 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1834 local->hw.conf.flags |= IEEE80211_CONF_PS;
1835 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1836 }
1837}
1838
1839void ieee80211_dynamic_ps_timer(struct timer_list *t)
1840{
1841 struct ieee80211_local *local = from_timer(local, t, dynamic_ps_timer);
1842
1843 ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1844}
1845
1846void ieee80211_dfs_cac_timer_work(struct work_struct *work)
1847{
1848 struct delayed_work *delayed_work = to_delayed_work(work);
1849 struct ieee80211_sub_if_data *sdata =
1850 container_of(delayed_work, struct ieee80211_sub_if_data,
1851 dfs_cac_timer_work);
1852 struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef;
1853
1854 mutex_lock(&sdata->local->mtx);
1855 if (sdata->wdev.cac_started) {
1856 ieee80211_vif_release_channel(sdata);
1857 cfg80211_cac_event(sdata->dev, &chandef,
1858 NL80211_RADAR_CAC_FINISHED,
1859 GFP_KERNEL);
1860 }
1861 mutex_unlock(&sdata->local->mtx);
1862}
1863
1864static bool
1865__ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
1866{
1867 struct ieee80211_local *local = sdata->local;
1868 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1869 bool ret = false;
1870 int ac;
1871
1872 if (local->hw.queues < IEEE80211_NUM_ACS)
1873 return false;
1874
1875 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1876 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
1877 int non_acm_ac;
1878 unsigned long now = jiffies;
1879
1880 if (tx_tspec->action == TX_TSPEC_ACTION_NONE &&
1881 tx_tspec->admitted_time &&
1882 time_after(now, tx_tspec->time_slice_start + HZ)) {
1883 tx_tspec->consumed_tx_time = 0;
1884 tx_tspec->time_slice_start = now;
1885
1886 if (tx_tspec->downgraded)
1887 tx_tspec->action =
1888 TX_TSPEC_ACTION_STOP_DOWNGRADE;
1889 }
1890
1891 switch (tx_tspec->action) {
1892 case TX_TSPEC_ACTION_STOP_DOWNGRADE:
1893
1894 if (drv_conf_tx(local, sdata, ac, &sdata->tx_conf[ac]))
1895 sdata_err(sdata,
1896 "failed to set TX queue parameters for queue %d\n",
1897 ac);
1898 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1899 tx_tspec->downgraded = false;
1900 ret = true;
1901 break;
1902 case TX_TSPEC_ACTION_DOWNGRADE:
1903 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
1904 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1905 ret = true;
1906 break;
1907 }
1908
1909 for (non_acm_ac = ac + 1;
1910 non_acm_ac < IEEE80211_NUM_ACS;
1911 non_acm_ac++)
1912 if (!(sdata->wmm_acm & BIT(7 - 2 * non_acm_ac)))
1913 break;
1914
1915
1916
1917
1918
1919
1920
1921 if (non_acm_ac >= IEEE80211_NUM_ACS)
1922 non_acm_ac = IEEE80211_AC_BK;
1923 if (drv_conf_tx(local, sdata, ac,
1924 &sdata->tx_conf[non_acm_ac]))
1925 sdata_err(sdata,
1926 "failed to set TX queue parameters for queue %d\n",
1927 ac);
1928 tx_tspec->action = TX_TSPEC_ACTION_NONE;
1929 ret = true;
1930 schedule_delayed_work(&ifmgd->tx_tspec_wk,
1931 tx_tspec->time_slice_start + HZ - now + 1);
1932 break;
1933 case TX_TSPEC_ACTION_NONE:
1934
1935 break;
1936 }
1937 }
1938
1939 return ret;
1940}
1941
1942void ieee80211_sta_handle_tspec_ac_params(struct ieee80211_sub_if_data *sdata)
1943{
1944 if (__ieee80211_sta_handle_tspec_ac_params(sdata))
1945 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS);
1946}
1947
1948static void ieee80211_sta_handle_tspec_ac_params_wk(struct work_struct *work)
1949{
1950 struct ieee80211_sub_if_data *sdata;
1951
1952 sdata = container_of(work, struct ieee80211_sub_if_data,
1953 u.mgd.tx_tspec_wk.work);
1954 ieee80211_sta_handle_tspec_ac_params(sdata);
1955}
1956
1957
1958static bool
1959ieee80211_sta_wmm_params(struct ieee80211_local *local,
1960 struct ieee80211_sub_if_data *sdata,
1961 const u8 *wmm_param, size_t wmm_param_len,
1962 const struct ieee80211_mu_edca_param_set *mu_edca)
1963{
1964 struct ieee80211_tx_queue_params params[IEEE80211_NUM_ACS];
1965 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1966 size_t left;
1967 int count, mu_edca_count, ac;
1968 const u8 *pos;
1969 u8 uapsd_queues = 0;
1970
1971 if (!local->ops->conf_tx)
1972 return false;
1973
1974 if (local->hw.queues < IEEE80211_NUM_ACS)
1975 return false;
1976
1977 if (!wmm_param)
1978 return false;
1979
1980 if (wmm_param_len < 8 || wmm_param[5] != 1)
1981 return false;
1982
1983 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
1984 uapsd_queues = ifmgd->uapsd_queues;
1985
1986 count = wmm_param[6] & 0x0f;
1987
1988
1989
1990
1991 mu_edca_count = mu_edca ? mu_edca->mu_qos_info & 0x0f : -1;
1992 if (count == ifmgd->wmm_last_param_set &&
1993 mu_edca_count == ifmgd->mu_edca_last_param_set)
1994 return false;
1995 ifmgd->wmm_last_param_set = count;
1996 ifmgd->mu_edca_last_param_set = mu_edca_count;
1997
1998 pos = wmm_param + 8;
1999 left = wmm_param_len - 8;
2000
2001 memset(¶ms, 0, sizeof(params));
2002
2003 sdata->wmm_acm = 0;
2004 for (; left >= 4; left -= 4, pos += 4) {
2005 int aci = (pos[0] >> 5) & 0x03;
2006 int acm = (pos[0] >> 4) & 0x01;
2007 bool uapsd = false;
2008
2009 switch (aci) {
2010 case 1:
2011 ac = IEEE80211_AC_BK;
2012 if (acm)
2013 sdata->wmm_acm |= BIT(1) | BIT(2);
2014 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2015 uapsd = true;
2016 params[ac].mu_edca = !!mu_edca;
2017 if (mu_edca)
2018 params[ac].mu_edca_param_rec = mu_edca->ac_bk;
2019 break;
2020 case 2:
2021 ac = IEEE80211_AC_VI;
2022 if (acm)
2023 sdata->wmm_acm |= BIT(4) | BIT(5);
2024 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2025 uapsd = true;
2026 params[ac].mu_edca = !!mu_edca;
2027 if (mu_edca)
2028 params[ac].mu_edca_param_rec = mu_edca->ac_vi;
2029 break;
2030 case 3:
2031 ac = IEEE80211_AC_VO;
2032 if (acm)
2033 sdata->wmm_acm |= BIT(6) | BIT(7);
2034 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2035 uapsd = true;
2036 params[ac].mu_edca = !!mu_edca;
2037 if (mu_edca)
2038 params[ac].mu_edca_param_rec = mu_edca->ac_vo;
2039 break;
2040 case 0:
2041 default:
2042 ac = IEEE80211_AC_BE;
2043 if (acm)
2044 sdata->wmm_acm |= BIT(0) | BIT(3);
2045 if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2046 uapsd = true;
2047 params[ac].mu_edca = !!mu_edca;
2048 if (mu_edca)
2049 params[ac].mu_edca_param_rec = mu_edca->ac_be;
2050 break;
2051 }
2052
2053 params[ac].aifs = pos[0] & 0x0f;
2054
2055 if (params[ac].aifs < 2) {
2056 sdata_info(sdata,
2057 "AP has invalid WMM params (AIFSN=%d for ACI %d), will use 2\n",
2058 params[ac].aifs, aci);
2059 params[ac].aifs = 2;
2060 }
2061 params[ac].cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
2062 params[ac].cw_min = ecw2cw(pos[1] & 0x0f);
2063 params[ac].txop = get_unaligned_le16(pos + 2);
2064 params[ac].acm = acm;
2065 params[ac].uapsd = uapsd;
2066
2067 if (params[ac].cw_min == 0 ||
2068 params[ac].cw_min > params[ac].cw_max) {
2069 sdata_info(sdata,
2070 "AP has invalid WMM params (CWmin/max=%d/%d for ACI %d), using defaults\n",
2071 params[ac].cw_min, params[ac].cw_max, aci);
2072 return false;
2073 }
2074 ieee80211_regulatory_limit_wmm_params(sdata, ¶ms[ac], ac);
2075 }
2076
2077
2078 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2079 if (params[ac].cw_min == 0) {
2080 sdata_info(sdata,
2081 "AP has invalid WMM params (missing AC %d), using defaults\n",
2082 ac);
2083 return false;
2084 }
2085 }
2086
2087 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2088 mlme_dbg(sdata,
2089 "WMM AC=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d, downgraded=%d\n",
2090 ac, params[ac].acm,
2091 params[ac].aifs, params[ac].cw_min, params[ac].cw_max,
2092 params[ac].txop, params[ac].uapsd,
2093 ifmgd->tx_tspec[ac].downgraded);
2094 sdata->tx_conf[ac] = params[ac];
2095 if (!ifmgd->tx_tspec[ac].downgraded &&
2096 drv_conf_tx(local, sdata, ac, ¶ms[ac]))
2097 sdata_err(sdata,
2098 "failed to set TX queue parameters for AC %d\n",
2099 ac);
2100 }
2101
2102
2103 sdata->vif.bss_conf.qos = true;
2104 return true;
2105}
2106
2107static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
2108{
2109 lockdep_assert_held(&sdata->local->mtx);
2110
2111 sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
2112 ieee80211_run_deferred_scan(sdata->local);
2113}
2114
2115static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
2116{
2117 mutex_lock(&sdata->local->mtx);
2118 __ieee80211_stop_poll(sdata);
2119 mutex_unlock(&sdata->local->mtx);
2120}
2121
2122static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
2123 u16 capab, bool erp_valid, u8 erp)
2124{
2125 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2126 struct ieee80211_supported_band *sband;
2127 u32 changed = 0;
2128 bool use_protection;
2129 bool use_short_preamble;
2130 bool use_short_slot;
2131
2132 sband = ieee80211_get_sband(sdata);
2133 if (!sband)
2134 return changed;
2135
2136 if (erp_valid) {
2137 use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
2138 use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
2139 } else {
2140 use_protection = false;
2141 use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
2142 }
2143
2144 use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
2145 if (sband->band == NL80211_BAND_5GHZ ||
2146 sband->band == NL80211_BAND_6GHZ)
2147 use_short_slot = true;
2148
2149 if (use_protection != bss_conf->use_cts_prot) {
2150 bss_conf->use_cts_prot = use_protection;
2151 changed |= BSS_CHANGED_ERP_CTS_PROT;
2152 }
2153
2154 if (use_short_preamble != bss_conf->use_short_preamble) {
2155 bss_conf->use_short_preamble = use_short_preamble;
2156 changed |= BSS_CHANGED_ERP_PREAMBLE;
2157 }
2158
2159 if (use_short_slot != bss_conf->use_short_slot) {
2160 bss_conf->use_short_slot = use_short_slot;
2161 changed |= BSS_CHANGED_ERP_SLOT;
2162 }
2163
2164 return changed;
2165}
2166
2167static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
2168 struct cfg80211_bss *cbss,
2169 u32 bss_info_changed)
2170{
2171 struct ieee80211_bss *bss = (void *)cbss->priv;
2172 struct ieee80211_local *local = sdata->local;
2173 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2174
2175 bss_info_changed |= BSS_CHANGED_ASSOC;
2176 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
2177 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
2178
2179 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
2180 beacon_loss_count * bss_conf->beacon_int));
2181
2182 sdata->u.mgd.associated = cbss;
2183 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
2184
2185 ieee80211_check_rate_mask(sdata);
2186
2187 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
2188
2189 if (sdata->vif.p2p ||
2190 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
2191 const struct cfg80211_bss_ies *ies;
2192
2193 rcu_read_lock();
2194 ies = rcu_dereference(cbss->ies);
2195 if (ies) {
2196 int ret;
2197
2198 ret = cfg80211_get_p2p_attr(
2199 ies->data, ies->len,
2200 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
2201 (u8 *) &bss_conf->p2p_noa_attr,
2202 sizeof(bss_conf->p2p_noa_attr));
2203 if (ret >= 2) {
2204 sdata->u.mgd.p2p_noa_index =
2205 bss_conf->p2p_noa_attr.index;
2206 bss_info_changed |= BSS_CHANGED_P2P_PS;
2207 }
2208 }
2209 rcu_read_unlock();
2210 }
2211
2212
2213 ieee80211_stop_poll(sdata);
2214
2215 ieee80211_led_assoc(local, 1);
2216
2217 if (sdata->u.mgd.have_beacon) {
2218
2219
2220
2221
2222
2223
2224 bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
2225 bss_conf->beacon_rate = bss->beacon_rate;
2226 bss_info_changed |= BSS_CHANGED_BEACON_INFO;
2227 } else {
2228 bss_conf->beacon_rate = NULL;
2229 bss_conf->dtim_period = 0;
2230 }
2231
2232 bss_conf->assoc = 1;
2233
2234
2235 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
2236 bss_conf->cqm_rssi_thold)
2237 bss_info_changed |= BSS_CHANGED_CQM;
2238
2239
2240 if (bss_conf->arp_addr_cnt)
2241 bss_info_changed |= BSS_CHANGED_ARP_FILTER;
2242
2243 ieee80211_bss_info_change_notify(sdata, bss_info_changed);
2244
2245 mutex_lock(&local->iflist_mtx);
2246 ieee80211_recalc_ps(local);
2247 mutex_unlock(&local->iflist_mtx);
2248
2249 ieee80211_recalc_smps(sdata);
2250 ieee80211_recalc_ps_vif(sdata);
2251
2252 netif_carrier_on(sdata->dev);
2253}
2254
2255static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
2256 u16 stype, u16 reason, bool tx,
2257 u8 *frame_buf)
2258{
2259 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2260 struct ieee80211_local *local = sdata->local;
2261 u32 changed = 0;
2262 struct ieee80211_prep_tx_info info = {
2263 .subtype = stype,
2264 };
2265
2266 sdata_assert_lock(sdata);
2267
2268 if (WARN_ON_ONCE(tx && !frame_buf))
2269 return;
2270
2271 if (WARN_ON(!ifmgd->associated))
2272 return;
2273
2274 ieee80211_stop_poll(sdata);
2275
2276 ifmgd->associated = NULL;
2277 netif_carrier_off(sdata->dev);
2278
2279
2280
2281
2282
2283
2284 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2285 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2286 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2287 }
2288 local->ps_sdata = NULL;
2289
2290
2291 ieee80211_recalc_ps_vif(sdata);
2292
2293
2294 synchronize_net();
2295
2296
2297
2298
2299
2300
2301
2302 if (tx)
2303 ieee80211_flush_queues(local, sdata, true);
2304
2305
2306 if (tx || frame_buf) {
2307
2308
2309
2310
2311
2312
2313 if (ieee80211_hw_check(&local->hw, DEAUTH_NEED_MGD_TX_PREP) &&
2314 !ifmgd->have_beacon) {
2315 drv_mgd_prepare_tx(sdata->local, sdata, &info);
2316 }
2317
2318 ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid,
2319 ifmgd->bssid, stype, reason,
2320 tx, frame_buf);
2321 }
2322
2323
2324 if (tx)
2325 ieee80211_flush_queues(local, sdata, false);
2326
2327 drv_mgd_complete_tx(sdata->local, sdata, &info);
2328
2329
2330 eth_zero_addr(ifmgd->bssid);
2331
2332 sdata->vif.bss_conf.ssid_len = 0;
2333
2334
2335 sta_info_flush(sdata);
2336
2337
2338 changed |= ieee80211_reset_erp_info(sdata);
2339
2340 ieee80211_led_assoc(local, 0);
2341 changed |= BSS_CHANGED_ASSOC;
2342 sdata->vif.bss_conf.assoc = false;
2343
2344 ifmgd->p2p_noa_index = -1;
2345 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
2346 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
2347
2348
2349 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
2350 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
2351 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
2352 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
2353
2354
2355 memset(sdata->vif.bss_conf.mu_group.membership, 0,
2356 sizeof(sdata->vif.bss_conf.mu_group.membership));
2357 memset(sdata->vif.bss_conf.mu_group.position, 0,
2358 sizeof(sdata->vif.bss_conf.mu_group.position));
2359 changed |= BSS_CHANGED_MU_GROUPS;
2360 sdata->vif.mu_mimo_owner = false;
2361
2362 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
2363
2364 del_timer_sync(&local->dynamic_ps_timer);
2365 cancel_work_sync(&local->dynamic_ps_enable_work);
2366
2367
2368 if (sdata->vif.bss_conf.arp_addr_cnt)
2369 changed |= BSS_CHANGED_ARP_FILTER;
2370
2371 sdata->vif.bss_conf.qos = false;
2372 changed |= BSS_CHANGED_QOS;
2373
2374
2375 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
2376 ieee80211_bss_info_change_notify(sdata, changed);
2377
2378
2379 ieee80211_set_wmm_default(sdata, false, false);
2380
2381 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
2382 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
2383 del_timer_sync(&sdata->u.mgd.timer);
2384 del_timer_sync(&sdata->u.mgd.chswitch_timer);
2385
2386 sdata->vif.bss_conf.dtim_period = 0;
2387 sdata->vif.bss_conf.beacon_rate = NULL;
2388
2389 ifmgd->have_beacon = false;
2390
2391 ifmgd->flags = 0;
2392 mutex_lock(&local->mtx);
2393 ieee80211_vif_release_channel(sdata);
2394
2395 sdata->vif.csa_active = false;
2396 ifmgd->csa_waiting_bcn = false;
2397 ifmgd->csa_ignored_same_chan = false;
2398 if (sdata->csa_block_tx) {
2399 ieee80211_wake_vif_queues(local, sdata,
2400 IEEE80211_QUEUE_STOP_REASON_CSA);
2401 sdata->csa_block_tx = false;
2402 }
2403 mutex_unlock(&local->mtx);
2404
2405
2406 memset(ifmgd->tx_tspec, 0, sizeof(ifmgd->tx_tspec));
2407 cancel_delayed_work_sync(&ifmgd->tx_tspec_wk);
2408
2409 sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
2410}
2411
2412static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
2413{
2414 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2415 struct ieee80211_local *local = sdata->local;
2416
2417 mutex_lock(&local->mtx);
2418 if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
2419 goto out;
2420
2421 __ieee80211_stop_poll(sdata);
2422
2423 mutex_lock(&local->iflist_mtx);
2424 ieee80211_recalc_ps(local);
2425 mutex_unlock(&local->iflist_mtx);
2426
2427 if (ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
2428 goto out;
2429
2430
2431
2432
2433
2434
2435 ieee80211_sta_reset_beacon_monitor(sdata);
2436
2437 mod_timer(&ifmgd->conn_mon_timer,
2438 round_jiffies_up(jiffies +
2439 IEEE80211_CONNECTION_IDLE_TIME));
2440out:
2441 mutex_unlock(&local->mtx);
2442}
2443
2444static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata,
2445 struct ieee80211_hdr *hdr,
2446 u16 tx_time)
2447{
2448 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2449 u16 tid = ieee80211_get_tid(hdr);
2450 int ac = ieee80211_ac_from_tid(tid);
2451 struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
2452 unsigned long now = jiffies;
2453
2454 if (likely(!tx_tspec->admitted_time))
2455 return;
2456
2457 if (time_after(now, tx_tspec->time_slice_start + HZ)) {
2458 tx_tspec->consumed_tx_time = 0;
2459 tx_tspec->time_slice_start = now;
2460
2461 if (tx_tspec->downgraded) {
2462 tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
2463 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0);
2464 }
2465 }
2466
2467 if (tx_tspec->downgraded)
2468 return;
2469
2470 tx_tspec->consumed_tx_time += tx_time;
2471
2472 if (tx_tspec->consumed_tx_time >= tx_tspec->admitted_time) {
2473 tx_tspec->downgraded = true;
2474 tx_tspec->action = TX_TSPEC_ACTION_DOWNGRADE;
2475 schedule_delayed_work(&ifmgd->tx_tspec_wk, 0);
2476 }
2477}
2478
2479void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
2480 struct ieee80211_hdr *hdr, bool ack, u16 tx_time)
2481{
2482 ieee80211_sta_tx_wmm_ac_notify(sdata, hdr, tx_time);
2483
2484 if (!ieee80211_is_any_nullfunc(hdr->frame_control) ||
2485 !sdata->u.mgd.probe_send_count)
2486 return;
2487
2488 if (ack)
2489 sdata->u.mgd.probe_send_count = 0;
2490 else
2491 sdata->u.mgd.nullfunc_failed = true;
2492 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
2493}
2494
2495static void ieee80211_mlme_send_probe_req(struct ieee80211_sub_if_data *sdata,
2496 const u8 *src, const u8 *dst,
2497 const u8 *ssid, size_t ssid_len,
2498 struct ieee80211_channel *channel)
2499{
2500 struct sk_buff *skb;
2501
2502 skb = ieee80211_build_probe_req(sdata, src, dst, (u32)-1, channel,
2503 ssid, ssid_len, NULL, 0,
2504 IEEE80211_PROBE_FLAG_DIRECTED);
2505 if (skb)
2506 ieee80211_tx_skb(sdata, skb);
2507}
2508
2509static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
2510{
2511 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2512 const u8 *ssid;
2513 u8 *dst = ifmgd->associated->bssid;
2514 u8 unicast_limit = max(1, max_probe_tries - 3);
2515 struct sta_info *sta;
2516
2517
2518
2519
2520
2521
2522 if (ifmgd->probe_send_count >= unicast_limit)
2523 dst = NULL;
2524
2525
2526
2527
2528
2529
2530
2531
2532 ifmgd->probe_send_count++;
2533
2534 if (dst) {
2535 mutex_lock(&sdata->local->sta_mtx);
2536 sta = sta_info_get(sdata, dst);
2537 if (!WARN_ON(!sta))
2538 ieee80211_check_fast_rx(sta);
2539 mutex_unlock(&sdata->local->sta_mtx);
2540 }
2541
2542 if (ieee80211_hw_check(&sdata->local->hw, REPORTS_TX_ACK_STATUS)) {
2543 ifmgd->nullfunc_failed = false;
2544 ieee80211_send_nullfunc(sdata->local, sdata, false);
2545 } else {
2546 int ssid_len;
2547
2548 rcu_read_lock();
2549 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
2550 if (WARN_ON_ONCE(ssid == NULL))
2551 ssid_len = 0;
2552 else
2553 ssid_len = ssid[1];
2554
2555 ieee80211_mlme_send_probe_req(sdata, sdata->vif.addr, dst,
2556 ssid + 2, ssid_len,
2557 ifmgd->associated->channel);
2558 rcu_read_unlock();
2559 }
2560
2561 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
2562 run_again(sdata, ifmgd->probe_timeout);
2563}
2564
2565static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
2566 bool beacon)
2567{
2568 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2569 bool already = false;
2570
2571 if (!ieee80211_sdata_running(sdata))
2572 return;
2573
2574 sdata_lock(sdata);
2575
2576 if (!ifmgd->associated)
2577 goto out;
2578
2579 mutex_lock(&sdata->local->mtx);
2580
2581 if (sdata->local->tmp_channel || sdata->local->scanning) {
2582 mutex_unlock(&sdata->local->mtx);
2583 goto out;
2584 }
2585
2586 if (beacon) {
2587 mlme_dbg_ratelimited(sdata,
2588 "detected beacon loss from AP (missed %d beacons) - probing\n",
2589 beacon_loss_count);
2590
2591 ieee80211_cqm_beacon_loss_notify(&sdata->vif, GFP_KERNEL);
2592 }
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
2606 already = true;
2607
2608 ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
2609
2610 mutex_unlock(&sdata->local->mtx);
2611
2612 if (already)
2613 goto out;
2614
2615 mutex_lock(&sdata->local->iflist_mtx);
2616 ieee80211_recalc_ps(sdata->local);
2617 mutex_unlock(&sdata->local->iflist_mtx);
2618
2619 ifmgd->probe_send_count = 0;
2620 ieee80211_mgd_probe_ap_send(sdata);
2621 out:
2622 sdata_unlock(sdata);
2623}
2624
2625struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
2626 struct ieee80211_vif *vif)
2627{
2628 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2629 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2630 struct cfg80211_bss *cbss;
2631 struct sk_buff *skb;
2632 const u8 *ssid;
2633 int ssid_len;
2634
2635 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2636 return NULL;
2637
2638 sdata_assert_lock(sdata);
2639
2640 if (ifmgd->associated)
2641 cbss = ifmgd->associated;
2642 else if (ifmgd->auth_data)
2643 cbss = ifmgd->auth_data->bss;
2644 else if (ifmgd->assoc_data)
2645 cbss = ifmgd->assoc_data->bss;
2646 else
2647 return NULL;
2648
2649 rcu_read_lock();
2650 ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
2651 if (WARN_ONCE(!ssid || ssid[1] > IEEE80211_MAX_SSID_LEN,
2652 "invalid SSID element (len=%d)", ssid ? ssid[1] : -1))
2653 ssid_len = 0;
2654 else
2655 ssid_len = ssid[1];
2656
2657 skb = ieee80211_build_probe_req(sdata, sdata->vif.addr, cbss->bssid,
2658 (u32) -1, cbss->channel,
2659 ssid + 2, ssid_len,
2660 NULL, 0, IEEE80211_PROBE_FLAG_DIRECTED);
2661 rcu_read_unlock();
2662
2663 return skb;
2664}
2665EXPORT_SYMBOL(ieee80211_ap_probereq_get);
2666
2667static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
2668 const u8 *buf, size_t len, bool tx,
2669 u16 reason, bool reconnect)
2670{
2671 struct ieee80211_event event = {
2672 .type = MLME_EVENT,
2673 .u.mlme.data = tx ? DEAUTH_TX_EVENT : DEAUTH_RX_EVENT,
2674 .u.mlme.reason = reason,
2675 };
2676
2677 if (tx)
2678 cfg80211_tx_mlme_mgmt(sdata->dev, buf, len, reconnect);
2679 else
2680 cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
2681
2682 drv_event_callback(sdata->local, sdata, &event);
2683}
2684
2685static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
2686{
2687 struct ieee80211_local *local = sdata->local;
2688 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2689 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
2690 bool tx;
2691
2692 sdata_lock(sdata);
2693 if (!ifmgd->associated) {
2694 sdata_unlock(sdata);
2695 return;
2696 }
2697
2698 tx = !sdata->csa_block_tx;
2699
2700 if (!ifmgd->driver_disconnect) {
2701
2702
2703
2704
2705 cfg80211_unlink_bss(local->hw.wiphy, ifmgd->associated);
2706 }
2707
2708 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
2709 ifmgd->driver_disconnect ?
2710 WLAN_REASON_DEAUTH_LEAVING :
2711 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2712 tx, frame_buf);
2713 mutex_lock(&local->mtx);
2714 sdata->vif.csa_active = false;
2715 ifmgd->csa_waiting_bcn = false;
2716 if (sdata->csa_block_tx) {
2717 ieee80211_wake_vif_queues(local, sdata,
2718 IEEE80211_QUEUE_STOP_REASON_CSA);
2719 sdata->csa_block_tx = false;
2720 }
2721 mutex_unlock(&local->mtx);
2722
2723 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
2724 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2725 ifmgd->reconnect);
2726 ifmgd->reconnect = false;
2727
2728 sdata_unlock(sdata);
2729}
2730
2731static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
2732{
2733 struct ieee80211_sub_if_data *sdata =
2734 container_of(work, struct ieee80211_sub_if_data,
2735 u.mgd.beacon_connection_loss_work);
2736 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2737
2738 if (ifmgd->associated)
2739 ifmgd->beacon_loss_count++;
2740
2741 if (ifmgd->connection_loss) {
2742 sdata_info(sdata, "Connection to AP %pM lost\n",
2743 ifmgd->bssid);
2744 __ieee80211_disconnect(sdata);
2745 ifmgd->connection_loss = false;
2746 } else if (ifmgd->driver_disconnect) {
2747 sdata_info(sdata,
2748 "Driver requested disconnection from AP %pM\n",
2749 ifmgd->bssid);
2750 __ieee80211_disconnect(sdata);
2751 ifmgd->driver_disconnect = false;
2752 } else {
2753 ieee80211_mgd_probe_ap(sdata, true);
2754 }
2755}
2756
2757static void ieee80211_csa_connection_drop_work(struct work_struct *work)
2758{
2759 struct ieee80211_sub_if_data *sdata =
2760 container_of(work, struct ieee80211_sub_if_data,
2761 u.mgd.csa_connection_drop_work);
2762
2763 __ieee80211_disconnect(sdata);
2764}
2765
2766void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2767{
2768 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2769 struct ieee80211_hw *hw = &sdata->local->hw;
2770
2771 trace_api_beacon_loss(sdata);
2772
2773 sdata->u.mgd.connection_loss = false;
2774 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2775}
2776EXPORT_SYMBOL(ieee80211_beacon_loss);
2777
2778void ieee80211_connection_loss(struct ieee80211_vif *vif)
2779{
2780 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2781 struct ieee80211_hw *hw = &sdata->local->hw;
2782
2783 trace_api_connection_loss(sdata);
2784
2785 sdata->u.mgd.connection_loss = true;
2786 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2787}
2788EXPORT_SYMBOL(ieee80211_connection_loss);
2789
2790void ieee80211_disconnect(struct ieee80211_vif *vif, bool reconnect)
2791{
2792 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2793 struct ieee80211_hw *hw = &sdata->local->hw;
2794
2795 trace_api_disconnect(sdata, reconnect);
2796
2797 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2798 return;
2799
2800 sdata->u.mgd.driver_disconnect = true;
2801 sdata->u.mgd.reconnect = reconnect;
2802 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2803}
2804EXPORT_SYMBOL(ieee80211_disconnect);
2805
2806static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
2807 bool assoc)
2808{
2809 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2810
2811 sdata_assert_lock(sdata);
2812
2813 if (!assoc) {
2814
2815
2816
2817
2818
2819 del_timer_sync(&sdata->u.mgd.timer);
2820 sta_info_destroy_addr(sdata, auth_data->bss->bssid);
2821
2822 eth_zero_addr(sdata->u.mgd.bssid);
2823 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2824 sdata->u.mgd.flags = 0;
2825 mutex_lock(&sdata->local->mtx);
2826 ieee80211_vif_release_channel(sdata);
2827 mutex_unlock(&sdata->local->mtx);
2828 }
2829
2830 cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
2831 kfree(auth_data);
2832 sdata->u.mgd.auth_data = NULL;
2833}
2834
2835static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2836 bool assoc, bool abandon)
2837{
2838 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2839
2840 sdata_assert_lock(sdata);
2841
2842 if (!assoc) {
2843
2844
2845
2846
2847
2848 del_timer_sync(&sdata->u.mgd.timer);
2849 sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2850
2851 eth_zero_addr(sdata->u.mgd.bssid);
2852 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2853 sdata->u.mgd.flags = 0;
2854 sdata->vif.mu_mimo_owner = false;
2855
2856 mutex_lock(&sdata->local->mtx);
2857 ieee80211_vif_release_channel(sdata);
2858 mutex_unlock(&sdata->local->mtx);
2859
2860 if (abandon)
2861 cfg80211_abandon_assoc(sdata->dev, assoc_data->bss);
2862 }
2863
2864 kfree(assoc_data);
2865 sdata->u.mgd.assoc_data = NULL;
2866}
2867
2868static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2869 struct ieee80211_mgmt *mgmt, size_t len)
2870{
2871 struct ieee80211_local *local = sdata->local;
2872 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2873 u8 *pos;
2874 struct ieee802_11_elems elems;
2875 u32 tx_flags = 0;
2876 struct ieee80211_prep_tx_info info = {
2877 .subtype = IEEE80211_STYPE_AUTH,
2878 };
2879
2880 pos = mgmt->u.auth.variable;
2881 ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems,
2882 mgmt->bssid, auth_data->bss->bssid);
2883 if (!elems.challenge)
2884 return;
2885 auth_data->expected_transaction = 4;
2886 drv_mgd_prepare_tx(sdata->local, sdata, &info);
2887 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
2888 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2889 IEEE80211_TX_INTFL_MLME_CONN_TX;
2890 ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
2891 elems.challenge - 2, elems.challenge_len + 2,
2892 auth_data->bss->bssid, auth_data->bss->bssid,
2893 auth_data->key, auth_data->key_len,
2894 auth_data->key_idx, tx_flags);
2895}
2896
2897static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata,
2898 const u8 *bssid)
2899{
2900 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2901 struct sta_info *sta;
2902 bool result = true;
2903
2904 sdata_info(sdata, "authenticated\n");
2905 ifmgd->auth_data->done = true;
2906 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
2907 ifmgd->auth_data->timeout_started = true;
2908 run_again(sdata, ifmgd->auth_data->timeout);
2909
2910
2911 mutex_lock(&sdata->local->sta_mtx);
2912 sta = sta_info_get(sdata, bssid);
2913 if (!sta) {
2914 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
2915 result = false;
2916 goto out;
2917 }
2918 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
2919 sdata_info(sdata, "failed moving %pM to auth\n", bssid);
2920 result = false;
2921 goto out;
2922 }
2923
2924out:
2925 mutex_unlock(&sdata->local->sta_mtx);
2926 return result;
2927}
2928
2929static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2930 struct ieee80211_mgmt *mgmt, size_t len)
2931{
2932 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2933 u8 bssid[ETH_ALEN];
2934 u16 auth_alg, auth_transaction, status_code;
2935 struct ieee80211_event event = {
2936 .type = MLME_EVENT,
2937 .u.mlme.data = AUTH_EVENT,
2938 };
2939 struct ieee80211_prep_tx_info info = {
2940 .subtype = IEEE80211_STYPE_AUTH,
2941 };
2942
2943 sdata_assert_lock(sdata);
2944
2945 if (len < 24 + 6)
2946 return;
2947
2948 if (!ifmgd->auth_data || ifmgd->auth_data->done)
2949 return;
2950
2951 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2952
2953 if (!ether_addr_equal(bssid, mgmt->bssid))
2954 return;
2955
2956 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
2957 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
2958 status_code = le16_to_cpu(mgmt->u.auth.status_code);
2959
2960 if (auth_alg != ifmgd->auth_data->algorithm ||
2961 (auth_alg != WLAN_AUTH_SAE &&
2962 auth_transaction != ifmgd->auth_data->expected_transaction) ||
2963 (auth_alg == WLAN_AUTH_SAE &&
2964 (auth_transaction < ifmgd->auth_data->expected_transaction ||
2965 auth_transaction > 2))) {
2966 sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2967 mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
2968 auth_transaction,
2969 ifmgd->auth_data->expected_transaction);
2970 goto notify_driver;
2971 }
2972
2973 if (status_code != WLAN_STATUS_SUCCESS) {
2974 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2975
2976 if (auth_alg == WLAN_AUTH_SAE &&
2977 (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED ||
2978 (auth_transaction == 1 &&
2979 (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
2980 status_code == WLAN_STATUS_SAE_PK))))
2981 goto notify_driver;
2982
2983 sdata_info(sdata, "%pM denied authentication (status %d)\n",
2984 mgmt->sa, status_code);
2985 ieee80211_destroy_auth_data(sdata, false);
2986 event.u.mlme.status = MLME_DENIED;
2987 event.u.mlme.reason = status_code;
2988 drv_event_callback(sdata->local, sdata, &event);
2989 goto notify_driver;
2990 }
2991
2992 switch (ifmgd->auth_data->algorithm) {
2993 case WLAN_AUTH_OPEN:
2994 case WLAN_AUTH_LEAP:
2995 case WLAN_AUTH_FT:
2996 case WLAN_AUTH_SAE:
2997 case WLAN_AUTH_FILS_SK:
2998 case WLAN_AUTH_FILS_SK_PFS:
2999 case WLAN_AUTH_FILS_PK:
3000 break;
3001 case WLAN_AUTH_SHARED_KEY:
3002 if (ifmgd->auth_data->expected_transaction != 4) {
3003 ieee80211_auth_challenge(sdata, mgmt, len);
3004
3005 return;
3006 }
3007 break;
3008 default:
3009 WARN_ONCE(1, "invalid auth alg %d",
3010 ifmgd->auth_data->algorithm);
3011 goto notify_driver;
3012 }
3013
3014 event.u.mlme.status = MLME_SUCCESS;
3015 info.success = 1;
3016 drv_event_callback(sdata->local, sdata, &event);
3017 if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE ||
3018 (auth_transaction == 2 &&
3019 ifmgd->auth_data->expected_transaction == 2)) {
3020 if (!ieee80211_mark_sta_auth(sdata, bssid))
3021 return;
3022 } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
3023 auth_transaction == 2) {
3024 sdata_info(sdata, "SAE peer confirmed\n");
3025 ifmgd->auth_data->peer_confirmed = true;
3026 }
3027
3028 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
3029notify_driver:
3030 drv_mgd_complete_tx(sdata->local, sdata, &info);
3031}
3032
3033#define case_WLAN(type) \
3034 case WLAN_REASON_##type: return #type
3035
3036const char *ieee80211_get_reason_code_string(u16 reason_code)
3037{
3038 switch (reason_code) {
3039 case_WLAN(UNSPECIFIED);
3040 case_WLAN(PREV_AUTH_NOT_VALID);
3041 case_WLAN(DEAUTH_LEAVING);
3042 case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
3043 case_WLAN(DISASSOC_AP_BUSY);
3044 case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
3045 case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
3046 case_WLAN(DISASSOC_STA_HAS_LEFT);
3047 case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
3048 case_WLAN(DISASSOC_BAD_POWER);
3049 case_WLAN(DISASSOC_BAD_SUPP_CHAN);
3050 case_WLAN(INVALID_IE);
3051 case_WLAN(MIC_FAILURE);
3052 case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
3053 case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
3054 case_WLAN(IE_DIFFERENT);
3055 case_WLAN(INVALID_GROUP_CIPHER);
3056 case_WLAN(INVALID_PAIRWISE_CIPHER);
3057 case_WLAN(INVALID_AKMP);
3058 case_WLAN(UNSUPP_RSN_VERSION);
3059 case_WLAN(INVALID_RSN_IE_CAP);
3060 case_WLAN(IEEE8021X_FAILED);
3061 case_WLAN(CIPHER_SUITE_REJECTED);
3062 case_WLAN(DISASSOC_UNSPECIFIED_QOS);
3063 case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
3064 case_WLAN(DISASSOC_LOW_ACK);
3065 case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
3066 case_WLAN(QSTA_LEAVE_QBSS);
3067 case_WLAN(QSTA_NOT_USE);
3068 case_WLAN(QSTA_REQUIRE_SETUP);
3069 case_WLAN(QSTA_TIMEOUT);
3070 case_WLAN(QSTA_CIPHER_NOT_SUPP);
3071 case_WLAN(MESH_PEER_CANCELED);
3072 case_WLAN(MESH_MAX_PEERS);
3073 case_WLAN(MESH_CONFIG);
3074 case_WLAN(MESH_CLOSE);
3075 case_WLAN(MESH_MAX_RETRIES);
3076 case_WLAN(MESH_CONFIRM_TIMEOUT);
3077 case_WLAN(MESH_INVALID_GTK);
3078 case_WLAN(MESH_INCONSISTENT_PARAM);
3079 case_WLAN(MESH_INVALID_SECURITY);
3080 case_WLAN(MESH_PATH_ERROR);
3081 case_WLAN(MESH_PATH_NOFORWARD);
3082 case_WLAN(MESH_PATH_DEST_UNREACHABLE);
3083 case_WLAN(MAC_EXISTS_IN_MBSS);
3084 case_WLAN(MESH_CHAN_REGULATORY);
3085 case_WLAN(MESH_CHAN);
3086 default: return "<unknown>";
3087 }
3088}
3089
3090static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
3091 struct ieee80211_mgmt *mgmt, size_t len)
3092{
3093 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3094 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
3095
3096 sdata_assert_lock(sdata);
3097
3098 if (len < 24 + 2)
3099 return;
3100
3101 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
3102 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
3103 return;
3104 }
3105
3106 if (ifmgd->associated &&
3107 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) {
3108 const u8 *bssid = ifmgd->associated->bssid;
3109
3110 sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
3111 bssid, reason_code,
3112 ieee80211_get_reason_code_string(reason_code));
3113
3114 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3115
3116 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
3117 reason_code, false);
3118 return;
3119 }
3120
3121 if (ifmgd->assoc_data &&
3122 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
3123 const u8 *bssid = ifmgd->assoc_data->bss->bssid;
3124
3125 sdata_info(sdata,
3126 "deauthenticated from %pM while associating (Reason: %u=%s)\n",
3127 bssid, reason_code,
3128 ieee80211_get_reason_code_string(reason_code));
3129
3130 ieee80211_destroy_assoc_data(sdata, false, true);
3131
3132 cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
3133 return;
3134 }
3135}
3136
3137
3138static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
3139 struct ieee80211_mgmt *mgmt, size_t len)
3140{
3141 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3142 u16 reason_code;
3143
3144 sdata_assert_lock(sdata);
3145
3146 if (len < 24 + 2)
3147 return;
3148
3149 if (!ifmgd->associated ||
3150 !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
3151 return;
3152
3153 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
3154
3155 if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
3156 ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
3157 return;
3158 }
3159
3160 sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
3161 mgmt->sa, reason_code,
3162 ieee80211_get_reason_code_string(reason_code));
3163
3164 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3165
3166 ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code,
3167 false);
3168}
3169
3170static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
3171 u8 *supp_rates, unsigned int supp_rates_len,
3172 u32 *rates, u32 *basic_rates,
3173 bool *have_higher_than_11mbit,
3174 int *min_rate, int *min_rate_index,
3175 int shift)
3176{
3177 int i, j;
3178
3179 for (i = 0; i < supp_rates_len; i++) {
3180 int rate = supp_rates[i] & 0x7f;
3181 bool is_basic = !!(supp_rates[i] & 0x80);
3182
3183 if ((rate * 5 * (1 << shift)) > 110)
3184 *have_higher_than_11mbit = true;
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194 if (supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY) ||
3195 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY) ||
3196 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_HE_PHY) ||
3197 supp_rates[i] == (0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E))
3198 continue;
3199
3200 for (j = 0; j < sband->n_bitrates; j++) {
3201 struct ieee80211_rate *br;
3202 int brate;
3203
3204 br = &sband->bitrates[j];
3205
3206 brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5);
3207 if (brate == rate) {
3208 *rates |= BIT(j);
3209 if (is_basic)
3210 *basic_rates |= BIT(j);
3211 if ((rate * 5) < *min_rate) {
3212 *min_rate = rate * 5;
3213 *min_rate_index = j;
3214 }
3215 break;
3216 }
3217 }
3218 }
3219}
3220
3221static bool ieee80211_twt_req_supported(const struct sta_info *sta,
3222 const struct ieee802_11_elems *elems)
3223{
3224 if (elems->ext_capab_len < 10)
3225 return false;
3226
3227 if (!(elems->ext_capab[9] & WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT))
3228 return false;
3229
3230 return sta->sta.he_cap.he_cap_elem.mac_cap_info[0] &
3231 IEEE80211_HE_MAC_CAP0_TWT_RES;
3232}
3233
3234static int ieee80211_recalc_twt_req(struct ieee80211_sub_if_data *sdata,
3235 struct sta_info *sta,
3236 struct ieee802_11_elems *elems)
3237{
3238 bool twt = ieee80211_twt_req_supported(sta, elems);
3239
3240 if (sdata->vif.bss_conf.twt_requester != twt) {
3241 sdata->vif.bss_conf.twt_requester = twt;
3242 return BSS_CHANGED_TWT;
3243 }
3244 return 0;
3245}
3246
3247static bool ieee80211_twt_bcast_support(struct ieee80211_sub_if_data *sdata,
3248 struct ieee80211_bss_conf *bss_conf,
3249 struct ieee80211_supported_band *sband,
3250 struct sta_info *sta)
3251{
3252 const struct ieee80211_sta_he_cap *own_he_cap =
3253 ieee80211_get_he_iftype_cap(sband,
3254 ieee80211_vif_type_p2p(&sdata->vif));
3255
3256 return bss_conf->he_support &&
3257 (sta->sta.he_cap.he_cap_elem.mac_cap_info[2] &
3258 IEEE80211_HE_MAC_CAP2_BCAST_TWT) &&
3259 own_he_cap &&
3260 (own_he_cap->he_cap_elem.mac_cap_info[2] &
3261 IEEE80211_HE_MAC_CAP2_BCAST_TWT);
3262}
3263
3264static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
3265 struct cfg80211_bss *cbss,
3266 struct ieee80211_mgmt *mgmt, size_t len,
3267 struct ieee802_11_elems *elems)
3268{
3269 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3270 struct ieee80211_local *local = sdata->local;
3271 struct ieee80211_supported_band *sband;
3272 struct sta_info *sta;
3273 u16 capab_info, aid;
3274 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
3275 const struct cfg80211_bss_ies *bss_ies = NULL;
3276 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
3277 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
3278 bool is_s1g = cbss->channel->band == NL80211_BAND_S1GHZ;
3279 u32 changed = 0;
3280 u8 *pos;
3281 int err;
3282 bool ret;
3283
3284
3285
3286 pos = mgmt->u.assoc_resp.variable;
3287 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
3288 if (is_s1g) {
3289 pos = (u8 *) mgmt->u.s1g_assoc_resp.variable;
3290 aid = 0;
3291 }
3292 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
3293 ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, elems,
3294 mgmt->bssid, assoc_data->bss->bssid);
3295
3296 if (elems->aid_resp)
3297 aid = le16_to_cpu(elems->aid_resp->aid);
3298
3299
3300
3301
3302
3303 aid &= 0x7ff;
3304
3305 ifmgd->broken_ap = false;
3306
3307 if (aid == 0 || aid > IEEE80211_MAX_AID) {
3308 sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
3309 aid);
3310 aid = 0;
3311 ifmgd->broken_ap = true;
3312 }
3313
3314 if (!is_s1g && !elems->supp_rates) {
3315 sdata_info(sdata, "no SuppRates element in AssocResp\n");
3316 return false;
3317 }
3318
3319 sdata->vif.bss_conf.aid = aid;
3320 ifmgd->tdls_chan_switch_prohibited =
3321 elems->ext_capab && elems->ext_capab_len >= 5 &&
3322 (elems->ext_capab[4] & WLAN_EXT_CAPA5_TDLS_CH_SW_PROHIBITED);
3323
3324
3325
3326
3327
3328
3329
3330
3331 if (!is_6ghz &&
3332 ((assoc_data->wmm && !elems->wmm_param) ||
3333 (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3334 (!elems->ht_cap_elem || !elems->ht_operation)) ||
3335 (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3336 (!elems->vht_cap_elem || !elems->vht_operation)))) {
3337 const struct cfg80211_bss_ies *ies;
3338 struct ieee802_11_elems bss_elems;
3339
3340 rcu_read_lock();
3341 ies = rcu_dereference(cbss->ies);
3342 if (ies)
3343 bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
3344 GFP_ATOMIC);
3345 rcu_read_unlock();
3346 if (!bss_ies)
3347 return false;
3348
3349 ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
3350 false, &bss_elems,
3351 mgmt->bssid,
3352 assoc_data->bss->bssid);
3353 if (assoc_data->wmm &&
3354 !elems->wmm_param && bss_elems.wmm_param) {
3355 elems->wmm_param = bss_elems.wmm_param;
3356 sdata_info(sdata,
3357 "AP bug: WMM param missing from AssocResp\n");
3358 }
3359
3360
3361
3362
3363
3364 if (!elems->ht_cap_elem && bss_elems.ht_cap_elem &&
3365 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
3366 elems->ht_cap_elem = bss_elems.ht_cap_elem;
3367 sdata_info(sdata,
3368 "AP bug: HT capability missing from AssocResp\n");
3369 }
3370 if (!elems->ht_operation && bss_elems.ht_operation &&
3371 !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
3372 elems->ht_operation = bss_elems.ht_operation;
3373 sdata_info(sdata,
3374 "AP bug: HT operation missing from AssocResp\n");
3375 }
3376 if (!elems->vht_cap_elem && bss_elems.vht_cap_elem &&
3377 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
3378 elems->vht_cap_elem = bss_elems.vht_cap_elem;
3379 sdata_info(sdata,
3380 "AP bug: VHT capa missing from AssocResp\n");
3381 }
3382 if (!elems->vht_operation && bss_elems.vht_operation &&
3383 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
3384 elems->vht_operation = bss_elems.vht_operation;
3385 sdata_info(sdata,
3386 "AP bug: VHT operation missing from AssocResp\n");
3387 }
3388 }
3389
3390
3391
3392
3393
3394 if (!is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3395 (!elems->wmm_param || !elems->ht_cap_elem || !elems->ht_operation)) {
3396 sdata_info(sdata,
3397 "HT AP is missing WMM params or HT capability/operation\n");
3398 ret = false;
3399 goto out;
3400 }
3401
3402 if (!is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3403 (!elems->vht_cap_elem || !elems->vht_operation)) {
3404 sdata_info(sdata,
3405 "VHT AP is missing VHT capability/operation\n");
3406 ret = false;
3407 goto out;
3408 }
3409
3410 if (is_6ghz && !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) &&
3411 !elems->he_6ghz_capa) {
3412 sdata_info(sdata,
3413 "HE 6 GHz AP is missing HE 6 GHz band capability\n");
3414 ret = false;
3415 goto out;
3416 }
3417
3418 mutex_lock(&sdata->local->sta_mtx);
3419
3420
3421
3422
3423 sta = sta_info_get(sdata, cbss->bssid);
3424 if (WARN_ON(!sta)) {
3425 mutex_unlock(&sdata->local->sta_mtx);
3426 ret = false;
3427 goto out;
3428 }
3429
3430 sband = ieee80211_get_sband(sdata);
3431 if (!sband) {
3432 mutex_unlock(&sdata->local->sta_mtx);
3433 ret = false;
3434 goto out;
3435 }
3436
3437 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE) &&
3438 (!elems->he_cap || !elems->he_operation)) {
3439 mutex_unlock(&sdata->local->sta_mtx);
3440 sdata_info(sdata,
3441 "HE AP is missing HE capability/operation\n");
3442 ret = false;
3443 goto out;
3444 }
3445
3446
3447 if (elems->ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
3448 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
3449 elems->ht_cap_elem, sta);
3450
3451 if (elems->vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
3452 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
3453 elems->vht_cap_elem, sta);
3454
3455 if (elems->he_operation && !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) &&
3456 elems->he_cap) {
3457 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband,
3458 elems->he_cap,
3459 elems->he_cap_len,
3460 elems->he_6ghz_capa,
3461 sta);
3462
3463 bss_conf->he_support = sta->sta.he_cap.has_he;
3464 if (elems->rsnx && elems->rsnx_len &&
3465 (elems->rsnx[0] & WLAN_RSNX_CAPA_PROTECTED_TWT) &&
3466 wiphy_ext_feature_isset(local->hw.wiphy,
3467 NL80211_EXT_FEATURE_PROTECTED_TWT))
3468 bss_conf->twt_protected = true;
3469 else
3470 bss_conf->twt_protected = false;
3471
3472 changed |= ieee80211_recalc_twt_req(sdata, sta, elems);
3473 } else {
3474 bss_conf->he_support = false;
3475 bss_conf->twt_requester = false;
3476 bss_conf->twt_protected = false;
3477 }
3478
3479 bss_conf->twt_broadcast =
3480 ieee80211_twt_bcast_support(sdata, bss_conf, sband, sta);
3481
3482 if (bss_conf->he_support) {
3483 bss_conf->he_bss_color.color =
3484 le32_get_bits(elems->he_operation->he_oper_params,
3485 IEEE80211_HE_OPERATION_BSS_COLOR_MASK);
3486 bss_conf->he_bss_color.partial =
3487 le32_get_bits(elems->he_operation->he_oper_params,
3488 IEEE80211_HE_OPERATION_PARTIAL_BSS_COLOR);
3489 bss_conf->he_bss_color.enabled =
3490 !le32_get_bits(elems->he_operation->he_oper_params,
3491 IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED);
3492
3493 if (bss_conf->he_bss_color.enabled)
3494 changed |= BSS_CHANGED_HE_BSS_COLOR;
3495
3496 bss_conf->htc_trig_based_pkt_ext =
3497 le32_get_bits(elems->he_operation->he_oper_params,
3498 IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK);
3499 bss_conf->frame_time_rts_th =
3500 le32_get_bits(elems->he_operation->he_oper_params,
3501 IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
3502
3503 bss_conf->uora_exists = !!elems->uora_element;
3504 if (elems->uora_element)
3505 bss_conf->uora_ocw_range = elems->uora_element[0];
3506
3507 ieee80211_he_op_ie_to_bss_conf(&sdata->vif, elems->he_operation);
3508 ieee80211_he_spr_ie_to_bss_conf(&sdata->vif, elems->he_spr);
3509
3510 }
3511
3512 if (cbss->transmitted_bss) {
3513 bss_conf->nontransmitted = true;
3514 ether_addr_copy(bss_conf->transmitter_bssid,
3515 cbss->transmitted_bss->bssid);
3516 bss_conf->bssid_indicator = cbss->max_bssid_indicator;
3517 bss_conf->bssid_index = cbss->bssid_index;
3518 }
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532 if (elems->opmode_notif &&
3533 !(*elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
3534 u8 nss;
3535
3536 nss = *elems->opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
3537 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
3538 nss += 1;
3539 sta->sta.rx_nss = nss;
3540 }
3541
3542 rate_control_rate_init(sta);
3543
3544 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) {
3545 set_sta_flag(sta, WLAN_STA_MFP);
3546 sta->sta.mfp = true;
3547 } else {
3548 sta->sta.mfp = false;
3549 }
3550
3551 sta->sta.wme = (elems->wmm_param || elems->s1g_capab) &&
3552 local->hw.queues >= IEEE80211_NUM_ACS;
3553
3554 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
3555 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
3556 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
3557 if (err) {
3558 sdata_info(sdata,
3559 "failed to move station %pM to desired state\n",
3560 sta->sta.addr);
3561 WARN_ON(__sta_info_destroy(sta));
3562 mutex_unlock(&sdata->local->sta_mtx);
3563 ret = false;
3564 goto out;
3565 }
3566
3567 if (sdata->wdev.use_4addr)
3568 drv_sta_set_4addr(local, sdata, &sta->sta, true);
3569
3570 mutex_unlock(&sdata->local->sta_mtx);
3571
3572
3573
3574
3575
3576
3577
3578 ifmgd->wmm_last_param_set = -1;
3579 ifmgd->mu_edca_last_param_set = -1;
3580
3581 if (ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
3582 ieee80211_set_wmm_default(sdata, false, false);
3583 } else if (!ieee80211_sta_wmm_params(local, sdata, elems->wmm_param,
3584 elems->wmm_param_len,
3585 elems->mu_edca_param_set)) {
3586
3587 ieee80211_set_wmm_default(sdata, false, true);
3588
3589
3590
3591
3592
3593
3594
3595 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM;
3596 }
3597 changed |= BSS_CHANGED_QOS;
3598
3599 if (elems->max_idle_period_ie) {
3600 bss_conf->max_idle_period =
3601 le16_to_cpu(elems->max_idle_period_ie->max_idle_period);
3602 bss_conf->protected_keep_alive =
3603 !!(elems->max_idle_period_ie->idle_options &
3604 WLAN_IDLE_OPTIONS_PROTECTED_KEEP_ALIVE);
3605 changed |= BSS_CHANGED_KEEP_ALIVE;
3606 } else {
3607 bss_conf->max_idle_period = 0;
3608 bss_conf->protected_keep_alive = false;
3609 }
3610
3611
3612
3613 bss_conf->assoc_capability = capab_info;
3614 ieee80211_set_associated(sdata, cbss, changed);
3615
3616
3617
3618
3619
3620 if (ifmgd->use_4addr)
3621 ieee80211_send_4addr_nullfunc(local, sdata);
3622
3623
3624
3625
3626
3627 ieee80211_sta_reset_beacon_monitor(sdata);
3628 ieee80211_sta_reset_conn_monitor(sdata);
3629
3630 ret = true;
3631 out:
3632 kfree(bss_ies);
3633 return ret;
3634}
3635
3636static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
3637 struct ieee80211_mgmt *mgmt,
3638 size_t len)
3639{
3640 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3641 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
3642 u16 capab_info, status_code, aid;
3643 struct ieee802_11_elems elems;
3644 int ac, uapsd_queues = -1;
3645 u8 *pos;
3646 bool reassoc;
3647 struct cfg80211_bss *cbss;
3648 struct ieee80211_event event = {
3649 .type = MLME_EVENT,
3650 .u.mlme.data = ASSOC_EVENT,
3651 };
3652 struct ieee80211_prep_tx_info info = {};
3653
3654 sdata_assert_lock(sdata);
3655
3656 if (!assoc_data)
3657 return;
3658
3659 if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
3660 return;
3661
3662 cbss = assoc_data->bss;
3663
3664
3665
3666
3667
3668
3669 if (len < 24 + 6)
3670 return;
3671
3672 reassoc = ieee80211_is_reassoc_resp(mgmt->frame_control);
3673 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
3674 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
3675 pos = mgmt->u.assoc_resp.variable;
3676 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
3677 if (cbss->channel->band == NL80211_BAND_S1GHZ) {
3678 pos = (u8 *) mgmt->u.s1g_assoc_resp.variable;
3679 aid = 0;
3680 }
3681
3682
3683
3684
3685
3686
3687
3688 info.subtype = reassoc ? IEEE80211_STYPE_REASSOC_REQ :
3689 IEEE80211_STYPE_ASSOC_REQ;
3690
3691 sdata_info(sdata,
3692 "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
3693 reassoc ? "Rea" : "A", mgmt->sa,
3694 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
3695
3696 if (assoc_data->fils_kek_len &&
3697 fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0)
3698 return;
3699
3700 ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems,
3701 mgmt->bssid, assoc_data->bss->bssid);
3702
3703 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
3704 elems.timeout_int &&
3705 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
3706 u32 tu, ms;
3707 tu = le32_to_cpu(elems.timeout_int->value);
3708 ms = tu * 1024 / 1000;
3709 sdata_info(sdata,
3710 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
3711 mgmt->sa, tu, ms);
3712 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
3713 assoc_data->timeout_started = true;
3714 if (ms > IEEE80211_ASSOC_TIMEOUT)
3715 run_again(sdata, assoc_data->timeout);
3716 goto notify_driver;
3717 }
3718
3719 if (status_code != WLAN_STATUS_SUCCESS) {
3720 sdata_info(sdata, "%pM denied association (code=%d)\n",
3721 mgmt->sa, status_code);
3722 ieee80211_destroy_assoc_data(sdata, false, false);
3723 event.u.mlme.status = MLME_DENIED;
3724 event.u.mlme.reason = status_code;
3725 drv_event_callback(sdata->local, sdata, &event);
3726 } else {
3727 if (!ieee80211_assoc_success(sdata, cbss, mgmt, len, &elems)) {
3728
3729 ieee80211_destroy_assoc_data(sdata, false, false);
3730 cfg80211_assoc_timeout(sdata->dev, cbss);
3731 goto notify_driver;
3732 }
3733 event.u.mlme.status = MLME_SUCCESS;
3734 drv_event_callback(sdata->local, sdata, &event);
3735 sdata_info(sdata, "associated\n");
3736
3737
3738
3739
3740
3741
3742 ieee80211_destroy_assoc_data(sdata, true, false);
3743
3744
3745 uapsd_queues = 0;
3746 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
3747 if (sdata->tx_conf[ac].uapsd)
3748 uapsd_queues |= ieee80211_ac_to_qos_mask[ac];
3749
3750 info.success = 1;
3751 }
3752
3753 cfg80211_rx_assoc_resp(sdata->dev, cbss, (u8 *)mgmt, len, uapsd_queues,
3754 ifmgd->assoc_req_ies, ifmgd->assoc_req_ies_len);
3755notify_driver:
3756 drv_mgd_complete_tx(sdata->local, sdata, &info);
3757}
3758
3759static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
3760 struct ieee80211_mgmt *mgmt, size_t len,
3761 struct ieee80211_rx_status *rx_status)
3762{
3763 struct ieee80211_local *local = sdata->local;
3764 struct ieee80211_bss *bss;
3765 struct ieee80211_channel *channel;
3766
3767 sdata_assert_lock(sdata);
3768
3769 channel = ieee80211_get_channel_khz(local->hw.wiphy,
3770 ieee80211_rx_status_to_khz(rx_status));
3771 if (!channel)
3772 return;
3773
3774 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel);
3775 if (bss) {
3776 sdata->vif.bss_conf.beacon_rate = bss->beacon_rate;
3777 ieee80211_rx_bss_put(local, bss);
3778 }
3779}
3780
3781
3782static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
3783 struct sk_buff *skb)
3784{
3785 struct ieee80211_mgmt *mgmt = (void *)skb->data;
3786 struct ieee80211_if_managed *ifmgd;
3787 struct ieee80211_rx_status *rx_status = (void *) skb->cb;
3788 struct ieee80211_channel *channel;
3789 size_t baselen, len = skb->len;
3790
3791 ifmgd = &sdata->u.mgd;
3792
3793 sdata_assert_lock(sdata);
3794
3795
3796
3797
3798
3799
3800
3801
3802 channel = ieee80211_get_channel(sdata->local->hw.wiphy,
3803 rx_status->freq);
3804 if (!channel)
3805 return;
3806
3807 if (!ether_addr_equal(mgmt->da, sdata->vif.addr) &&
3808 (channel->band != NL80211_BAND_6GHZ ||
3809 !is_broadcast_ether_addr(mgmt->da)))
3810 return;
3811
3812 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
3813 if (baselen > len)
3814 return;
3815
3816 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status);
3817
3818 if (ifmgd->associated &&
3819 ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
3820 ieee80211_reset_ap_probe(sdata);
3821}
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838static const u64 care_about_ies =
3839 (1ULL << WLAN_EID_COUNTRY) |
3840 (1ULL << WLAN_EID_ERP_INFO) |
3841 (1ULL << WLAN_EID_CHANNEL_SWITCH) |
3842 (1ULL << WLAN_EID_PWR_CONSTRAINT) |
3843 (1ULL << WLAN_EID_HT_CAPABILITY) |
3844 (1ULL << WLAN_EID_HT_OPERATION) |
3845 (1ULL << WLAN_EID_EXT_CHANSWITCH_ANN);
3846
3847static void ieee80211_handle_beacon_sig(struct ieee80211_sub_if_data *sdata,
3848 struct ieee80211_if_managed *ifmgd,
3849 struct ieee80211_bss_conf *bss_conf,
3850 struct ieee80211_local *local,
3851 struct ieee80211_rx_status *rx_status)
3852{
3853
3854
3855 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
3856 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
3857 ewma_beacon_signal_init(&ifmgd->ave_beacon_signal);
3858 ifmgd->last_cqm_event_signal = 0;
3859 ifmgd->count_beacon_signal = 1;
3860 ifmgd->last_ave_beacon_signal = 0;
3861 } else {
3862 ifmgd->count_beacon_signal++;
3863 }
3864
3865 ewma_beacon_signal_add(&ifmgd->ave_beacon_signal, -rx_status->signal);
3866
3867 if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
3868 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
3869 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3870 int last_sig = ifmgd->last_ave_beacon_signal;
3871 struct ieee80211_event event = {
3872 .type = RSSI_EVENT,
3873 };
3874
3875
3876
3877
3878
3879 if (sig > ifmgd->rssi_max_thold &&
3880 (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
3881 ifmgd->last_ave_beacon_signal = sig;
3882 event.u.rssi.data = RSSI_EVENT_HIGH;
3883 drv_event_callback(local, sdata, &event);
3884 } else if (sig < ifmgd->rssi_min_thold &&
3885 (last_sig >= ifmgd->rssi_max_thold ||
3886 last_sig == 0)) {
3887 ifmgd->last_ave_beacon_signal = sig;
3888 event.u.rssi.data = RSSI_EVENT_LOW;
3889 drv_event_callback(local, sdata, &event);
3890 }
3891 }
3892
3893 if (bss_conf->cqm_rssi_thold &&
3894 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
3895 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
3896 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3897 int last_event = ifmgd->last_cqm_event_signal;
3898 int thold = bss_conf->cqm_rssi_thold;
3899 int hyst = bss_conf->cqm_rssi_hyst;
3900
3901 if (sig < thold &&
3902 (last_event == 0 || sig < last_event - hyst)) {
3903 ifmgd->last_cqm_event_signal = sig;
3904 ieee80211_cqm_rssi_notify(
3905 &sdata->vif,
3906 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3907 sig, GFP_KERNEL);
3908 } else if (sig > thold &&
3909 (last_event == 0 || sig > last_event + hyst)) {
3910 ifmgd->last_cqm_event_signal = sig;
3911 ieee80211_cqm_rssi_notify(
3912 &sdata->vif,
3913 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3914 sig, GFP_KERNEL);
3915 }
3916 }
3917
3918 if (bss_conf->cqm_rssi_low &&
3919 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
3920 int sig = -ewma_beacon_signal_read(&ifmgd->ave_beacon_signal);
3921 int last_event = ifmgd->last_cqm_event_signal;
3922 int low = bss_conf->cqm_rssi_low;
3923 int high = bss_conf->cqm_rssi_high;
3924
3925 if (sig < low &&
3926 (last_event == 0 || last_event >= low)) {
3927 ifmgd->last_cqm_event_signal = sig;
3928 ieee80211_cqm_rssi_notify(
3929 &sdata->vif,
3930 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3931 sig, GFP_KERNEL);
3932 } else if (sig > high &&
3933 (last_event == 0 || last_event <= high)) {
3934 ifmgd->last_cqm_event_signal = sig;
3935 ieee80211_cqm_rssi_notify(
3936 &sdata->vif,
3937 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3938 sig, GFP_KERNEL);
3939 }
3940 }
3941}
3942
3943static bool ieee80211_rx_our_beacon(const u8 *tx_bssid,
3944 struct cfg80211_bss *bss)
3945{
3946 if (ether_addr_equal(tx_bssid, bss->bssid))
3947 return true;
3948 if (!bss->transmitted_bss)
3949 return false;
3950 return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid);
3951}
3952
3953static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
3954 struct ieee80211_hdr *hdr, size_t len,
3955 struct ieee80211_rx_status *rx_status)
3956{
3957 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3958 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
3959 struct ieee80211_mgmt *mgmt = (void *) hdr;
3960 size_t baselen;
3961 struct ieee802_11_elems elems;
3962 struct ieee80211_local *local = sdata->local;
3963 struct ieee80211_chanctx_conf *chanctx_conf;
3964 struct ieee80211_channel *chan;
3965 struct sta_info *sta;
3966 u32 changed = 0;
3967 bool erp_valid;
3968 u8 erp_value = 0;
3969 u32 ncrc = 0;
3970 u8 *bssid, *variable = mgmt->u.beacon.variable;
3971 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
3972
3973 sdata_assert_lock(sdata);
3974
3975
3976 bssid = ieee80211_get_bssid(hdr, len, sdata->vif.type);
3977 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) {
3978 struct ieee80211_ext *ext = (void *) mgmt;
3979
3980 if (ieee80211_is_s1g_short_beacon(ext->frame_control))
3981 variable = ext->u.s1g_short_beacon.variable;
3982 else
3983 variable = ext->u.s1g_beacon.variable;
3984 }
3985
3986 baselen = (u8 *) variable - (u8 *) mgmt;
3987 if (baselen > len)
3988 return;
3989
3990 rcu_read_lock();
3991 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3992 if (!chanctx_conf) {
3993 rcu_read_unlock();
3994 return;
3995 }
3996
3997 if (ieee80211_rx_status_to_khz(rx_status) !=
3998 ieee80211_channel_to_khz(chanctx_conf->def.chan)) {
3999 rcu_read_unlock();
4000 return;
4001 }
4002 chan = chanctx_conf->def.chan;
4003 rcu_read_unlock();
4004
4005 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
4006 ieee80211_rx_our_beacon(bssid, ifmgd->assoc_data->bss)) {
4007 ieee802_11_parse_elems(variable,
4008 len - baselen, false, &elems,
4009 bssid,
4010 ifmgd->assoc_data->bss->bssid);
4011
4012 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status);
4013
4014 if (elems.dtim_period)
4015 ifmgd->dtim_period = elems.dtim_period;
4016 ifmgd->have_beacon = true;
4017 ifmgd->assoc_data->need_beacon = false;
4018 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
4019 sdata->vif.bss_conf.sync_tsf =
4020 le64_to_cpu(mgmt->u.beacon.timestamp);
4021 sdata->vif.bss_conf.sync_device_ts =
4022 rx_status->device_timestamp;
4023 sdata->vif.bss_conf.sync_dtim_count = elems.dtim_count;
4024 }
4025
4026 if (elems.mbssid_config_ie)
4027 bss_conf->profile_periodicity =
4028 elems.mbssid_config_ie->profile_periodicity;
4029 else
4030 bss_conf->profile_periodicity = 0;
4031
4032 if (elems.ext_capab_len >= 11 &&
4033 (elems.ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
4034 bss_conf->ema_ap = true;
4035 else
4036 bss_conf->ema_ap = false;
4037
4038
4039 ifmgd->assoc_data->timeout = jiffies;
4040 ifmgd->assoc_data->timeout_started = true;
4041 run_again(sdata, ifmgd->assoc_data->timeout);
4042 return;
4043 }
4044
4045 if (!ifmgd->associated ||
4046 !ieee80211_rx_our_beacon(bssid, ifmgd->associated))
4047 return;
4048 bssid = ifmgd->associated->bssid;
4049
4050 if (!(rx_status->flag & RX_FLAG_NO_SIGNAL_VAL))
4051 ieee80211_handle_beacon_sig(sdata, ifmgd, bss_conf,
4052 local, rx_status);
4053
4054 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
4055 mlme_dbg_ratelimited(sdata,
4056 "cancelling AP probe due to a received beacon\n");
4057 ieee80211_reset_ap_probe(sdata);
4058 }
4059
4060
4061
4062
4063
4064 ieee80211_sta_reset_beacon_monitor(sdata);
4065
4066
4067
4068
4069
4070
4071 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
4072 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
4073 ncrc = ieee802_11_parse_elems_crc(variable,
4074 len - baselen, false, &elems,
4075 care_about_ies, ncrc,
4076 mgmt->bssid, bssid);
4077
4078 if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
4079 ieee80211_check_tim(elems.tim, elems.tim_len, bss_conf->aid)) {
4080 if (local->hw.conf.dynamic_ps_timeout > 0) {
4081 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
4082 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
4083 ieee80211_hw_config(local,
4084 IEEE80211_CONF_CHANGE_PS);
4085 }
4086 ieee80211_send_nullfunc(local, sdata, false);
4087 } else if (!local->pspolling && sdata->u.mgd.powersave) {
4088 local->pspolling = true;
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098 ieee80211_send_pspoll(local, sdata);
4099 }
4100 }
4101
4102 if (sdata->vif.p2p ||
4103 sdata->vif.driver_flags & IEEE80211_VIF_GET_NOA_UPDATE) {
4104 struct ieee80211_p2p_noa_attr noa = {};
4105 int ret;
4106
4107 ret = cfg80211_get_p2p_attr(variable,
4108 len - baselen,
4109 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
4110 (u8 *) &noa, sizeof(noa));
4111 if (ret >= 2) {
4112 if (sdata->u.mgd.p2p_noa_index != noa.index) {
4113
4114 sdata->u.mgd.p2p_noa_index = noa.index;
4115 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
4116 changed |= BSS_CHANGED_P2P_PS;
4117
4118
4119
4120
4121 ifmgd->beacon_crc_valid = false;
4122 }
4123 } else if (sdata->u.mgd.p2p_noa_index != -1) {
4124
4125 sdata->u.mgd.p2p_noa_index = -1;
4126 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
4127 changed |= BSS_CHANGED_P2P_PS;
4128 ifmgd->beacon_crc_valid = false;
4129 }
4130 }
4131
4132 if (ifmgd->csa_waiting_bcn)
4133 ieee80211_chswitch_post_beacon(sdata);
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY) &&
4144 !ieee80211_is_s1g_beacon(hdr->frame_control)) {
4145 sdata->vif.bss_conf.sync_tsf =
4146 le64_to_cpu(mgmt->u.beacon.timestamp);
4147 sdata->vif.bss_conf.sync_device_ts =
4148 rx_status->device_timestamp;
4149 sdata->vif.bss_conf.sync_dtim_count = elems.dtim_count;
4150 }
4151
4152 if ((ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) ||
4153 ieee80211_is_s1g_short_beacon(mgmt->frame_control))
4154 return;
4155 ifmgd->beacon_crc = ncrc;
4156 ifmgd->beacon_crc_valid = true;
4157
4158 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status);
4159
4160 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
4161 rx_status->device_timestamp,
4162 &elems, true);
4163
4164 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) &&
4165 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
4166 elems.wmm_param_len,
4167 elems.mu_edca_param_set))
4168 changed |= BSS_CHANGED_QOS;
4169
4170
4171
4172
4173
4174 if (!ifmgd->have_beacon) {
4175
4176 bss_conf->dtim_period = elems.dtim_period ?: 1;
4177
4178 changed |= BSS_CHANGED_BEACON_INFO;
4179 ifmgd->have_beacon = true;
4180
4181 mutex_lock(&local->iflist_mtx);
4182 ieee80211_recalc_ps(local);
4183 mutex_unlock(&local->iflist_mtx);
4184
4185 ieee80211_recalc_ps_vif(sdata);
4186 }
4187
4188 if (elems.erp_info) {
4189 erp_valid = true;
4190 erp_value = elems.erp_info[0];
4191 } else {
4192 erp_valid = false;
4193 }
4194
4195 if (!ieee80211_is_s1g_beacon(hdr->frame_control))
4196 changed |= ieee80211_handle_bss_capability(sdata,
4197 le16_to_cpu(mgmt->u.beacon.capab_info),
4198 erp_valid, erp_value);
4199
4200 mutex_lock(&local->sta_mtx);
4201 sta = sta_info_get(sdata, bssid);
4202
4203 changed |= ieee80211_recalc_twt_req(sdata, sta, &elems);
4204
4205 if (ieee80211_config_bw(sdata, sta, elems.ht_cap_elem,
4206 elems.vht_cap_elem, elems.ht_operation,
4207 elems.vht_operation, elems.he_operation,
4208 elems.s1g_oper, bssid, &changed)) {
4209 mutex_unlock(&local->sta_mtx);
4210 sdata_info(sdata,
4211 "failed to follow AP %pM bandwidth change, disconnect\n",
4212 bssid);
4213 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4214 WLAN_REASON_DEAUTH_LEAVING,
4215 true, deauth_buf);
4216 ieee80211_report_disconnect(sdata, deauth_buf,
4217 sizeof(deauth_buf), true,
4218 WLAN_REASON_DEAUTH_LEAVING,
4219 false);
4220 return;
4221 }
4222
4223 if (sta && elems.opmode_notif)
4224 ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
4225 rx_status->band);
4226 mutex_unlock(&local->sta_mtx);
4227
4228 changed |= ieee80211_handle_pwr_constr(sdata, chan, mgmt,
4229 elems.country_elem,
4230 elems.country_elem_len,
4231 elems.pwr_constr_elem,
4232 elems.cisco_dtpc_elem);
4233
4234 ieee80211_bss_info_change_notify(sdata, changed);
4235}
4236
4237void ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data *sdata,
4238 struct sk_buff *skb)
4239{
4240 struct ieee80211_rx_status *rx_status;
4241 struct ieee80211_hdr *hdr;
4242 u16 fc;
4243
4244 rx_status = (struct ieee80211_rx_status *) skb->cb;
4245 hdr = (struct ieee80211_hdr *) skb->data;
4246 fc = le16_to_cpu(hdr->frame_control);
4247
4248 sdata_lock(sdata);
4249 switch (fc & IEEE80211_FCTL_STYPE) {
4250 case IEEE80211_STYPE_S1G_BEACON:
4251 ieee80211_rx_mgmt_beacon(sdata, hdr, skb->len, rx_status);
4252 break;
4253 }
4254 sdata_unlock(sdata);
4255}
4256
4257void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
4258 struct sk_buff *skb)
4259{
4260 struct ieee80211_rx_status *rx_status;
4261 struct ieee80211_mgmt *mgmt;
4262 u16 fc;
4263 struct ieee802_11_elems elems;
4264 int ies_len;
4265
4266 rx_status = (struct ieee80211_rx_status *) skb->cb;
4267 mgmt = (struct ieee80211_mgmt *) skb->data;
4268 fc = le16_to_cpu(mgmt->frame_control);
4269
4270 sdata_lock(sdata);
4271
4272 switch (fc & IEEE80211_FCTL_STYPE) {
4273 case IEEE80211_STYPE_BEACON:
4274 ieee80211_rx_mgmt_beacon(sdata, (void *)mgmt,
4275 skb->len, rx_status);
4276 break;
4277 case IEEE80211_STYPE_PROBE_RESP:
4278 ieee80211_rx_mgmt_probe_resp(sdata, skb);
4279 break;
4280 case IEEE80211_STYPE_AUTH:
4281 ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
4282 break;
4283 case IEEE80211_STYPE_DEAUTH:
4284 ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
4285 break;
4286 case IEEE80211_STYPE_DISASSOC:
4287 ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
4288 break;
4289 case IEEE80211_STYPE_ASSOC_RESP:
4290 case IEEE80211_STYPE_REASSOC_RESP:
4291 ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
4292 break;
4293 case IEEE80211_STYPE_ACTION:
4294 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
4295 ies_len = skb->len -
4296 offsetof(struct ieee80211_mgmt,
4297 u.action.u.chan_switch.variable);
4298
4299 if (ies_len < 0)
4300 break;
4301
4302
4303 ieee802_11_parse_elems(
4304 mgmt->u.action.u.chan_switch.variable,
4305 ies_len, true, &elems, mgmt->bssid, NULL);
4306
4307 if (elems.parse_error)
4308 break;
4309
4310 ieee80211_sta_process_chanswitch(sdata,
4311 rx_status->mactime,
4312 rx_status->device_timestamp,
4313 &elems, false);
4314 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
4315 ies_len = skb->len -
4316 offsetof(struct ieee80211_mgmt,
4317 u.action.u.ext_chan_switch.variable);
4318
4319 if (ies_len < 0)
4320 break;
4321
4322
4323
4324
4325
4326 ieee802_11_parse_elems(
4327 mgmt->u.action.u.ext_chan_switch.variable,
4328 ies_len, true, &elems, mgmt->bssid, NULL);
4329
4330 if (elems.parse_error)
4331 break;
4332
4333
4334 elems.ext_chansw_ie =
4335 &mgmt->u.action.u.ext_chan_switch.data;
4336
4337 ieee80211_sta_process_chanswitch(sdata,
4338 rx_status->mactime,
4339 rx_status->device_timestamp,
4340 &elems, false);
4341 }
4342 break;
4343 }
4344 sdata_unlock(sdata);
4345}
4346
4347static void ieee80211_sta_timer(struct timer_list *t)
4348{
4349 struct ieee80211_sub_if_data *sdata =
4350 from_timer(sdata, t, u.mgd.timer);
4351
4352 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
4353}
4354
4355void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
4356 u8 *bssid, u8 reason, bool tx)
4357{
4358 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4359
4360 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
4361 tx, frame_buf);
4362
4363 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
4364 reason, false);
4365}
4366
4367static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
4368{
4369 struct ieee80211_local *local = sdata->local;
4370 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4371 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
4372 u32 tx_flags = 0;
4373 u16 trans = 1;
4374 u16 status = 0;
4375 struct ieee80211_prep_tx_info info = {
4376 .subtype = IEEE80211_STYPE_AUTH,
4377 };
4378
4379 sdata_assert_lock(sdata);
4380
4381 if (WARN_ON_ONCE(!auth_data))
4382 return -EINVAL;
4383
4384 auth_data->tries++;
4385
4386 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
4387 sdata_info(sdata, "authentication with %pM timed out\n",
4388 auth_data->bss->bssid);
4389
4390
4391
4392
4393
4394 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
4395
4396 return -ETIMEDOUT;
4397 }
4398
4399 if (auth_data->algorithm == WLAN_AUTH_SAE)
4400 info.duration = jiffies_to_msecs(IEEE80211_AUTH_TIMEOUT_SAE);
4401
4402 drv_mgd_prepare_tx(local, sdata, &info);
4403
4404 sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
4405 auth_data->bss->bssid, auth_data->tries,
4406 IEEE80211_AUTH_MAX_TRIES);
4407
4408 auth_data->expected_transaction = 2;
4409
4410 if (auth_data->algorithm == WLAN_AUTH_SAE) {
4411 trans = auth_data->sae_trans;
4412 status = auth_data->sae_status;
4413 auth_data->expected_transaction = trans;
4414 }
4415
4416 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4417 tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
4418 IEEE80211_TX_INTFL_MLME_CONN_TX;
4419
4420 ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
4421 auth_data->data, auth_data->data_len,
4422 auth_data->bss->bssid,
4423 auth_data->bss->bssid, NULL, 0, 0,
4424 tx_flags);
4425
4426 if (tx_flags == 0) {
4427 if (auth_data->algorithm == WLAN_AUTH_SAE)
4428 auth_data->timeout = jiffies +
4429 IEEE80211_AUTH_TIMEOUT_SAE;
4430 else
4431 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
4432 } else {
4433 auth_data->timeout =
4434 round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
4435 }
4436
4437 auth_data->timeout_started = true;
4438 run_again(sdata, auth_data->timeout);
4439
4440 return 0;
4441}
4442
4443static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
4444{
4445 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
4446 struct ieee80211_local *local = sdata->local;
4447
4448 sdata_assert_lock(sdata);
4449
4450 assoc_data->tries++;
4451 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
4452 sdata_info(sdata, "association with %pM timed out\n",
4453 assoc_data->bss->bssid);
4454
4455
4456
4457
4458
4459 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
4460
4461 return -ETIMEDOUT;
4462 }
4463
4464 sdata_info(sdata, "associate with %pM (try %d/%d)\n",
4465 assoc_data->bss->bssid, assoc_data->tries,
4466 IEEE80211_ASSOC_MAX_TRIES);
4467 ieee80211_send_assoc(sdata);
4468
4469 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
4470 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
4471 assoc_data->timeout_started = true;
4472 run_again(sdata, assoc_data->timeout);
4473 } else {
4474 assoc_data->timeout =
4475 round_jiffies_up(jiffies +
4476 IEEE80211_ASSOC_TIMEOUT_LONG);
4477 assoc_data->timeout_started = true;
4478 run_again(sdata, assoc_data->timeout);
4479 }
4480
4481 return 0;
4482}
4483
4484void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
4485 __le16 fc, bool acked)
4486{
4487 struct ieee80211_local *local = sdata->local;
4488
4489 sdata->u.mgd.status_fc = fc;
4490 sdata->u.mgd.status_acked = acked;
4491 sdata->u.mgd.status_received = true;
4492
4493 ieee80211_queue_work(&local->hw, &sdata->work);
4494}
4495
4496void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
4497{
4498 struct ieee80211_local *local = sdata->local;
4499 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4500
4501 sdata_lock(sdata);
4502
4503 if (ifmgd->status_received) {
4504 __le16 fc = ifmgd->status_fc;
4505 bool status_acked = ifmgd->status_acked;
4506
4507 ifmgd->status_received = false;
4508 if (ifmgd->auth_data && ieee80211_is_auth(fc)) {
4509 if (status_acked) {
4510 if (ifmgd->auth_data->algorithm ==
4511 WLAN_AUTH_SAE)
4512 ifmgd->auth_data->timeout =
4513 jiffies +
4514 IEEE80211_AUTH_TIMEOUT_SAE;
4515 else
4516 ifmgd->auth_data->timeout =
4517 jiffies +
4518 IEEE80211_AUTH_TIMEOUT_SHORT;
4519 run_again(sdata, ifmgd->auth_data->timeout);
4520 } else {
4521 ifmgd->auth_data->timeout = jiffies - 1;
4522 }
4523 ifmgd->auth_data->timeout_started = true;
4524 } else if (ifmgd->assoc_data &&
4525 (ieee80211_is_assoc_req(fc) ||
4526 ieee80211_is_reassoc_req(fc))) {
4527 if (status_acked) {
4528 ifmgd->assoc_data->timeout =
4529 jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
4530 run_again(sdata, ifmgd->assoc_data->timeout);
4531 } else {
4532 ifmgd->assoc_data->timeout = jiffies - 1;
4533 }
4534 ifmgd->assoc_data->timeout_started = true;
4535 }
4536 }
4537
4538 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
4539 time_after(jiffies, ifmgd->auth_data->timeout)) {
4540 if (ifmgd->auth_data->done) {
4541
4542
4543
4544
4545 ieee80211_destroy_auth_data(sdata, false);
4546 } else if (ieee80211_auth(sdata)) {
4547 u8 bssid[ETH_ALEN];
4548 struct ieee80211_event event = {
4549 .type = MLME_EVENT,
4550 .u.mlme.data = AUTH_EVENT,
4551 .u.mlme.status = MLME_TIMEOUT,
4552 };
4553
4554 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
4555
4556 ieee80211_destroy_auth_data(sdata, false);
4557
4558 cfg80211_auth_timeout(sdata->dev, bssid);
4559 drv_event_callback(sdata->local, sdata, &event);
4560 }
4561 } else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
4562 run_again(sdata, ifmgd->auth_data->timeout);
4563
4564 if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
4565 time_after(jiffies, ifmgd->assoc_data->timeout)) {
4566 if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) ||
4567 ieee80211_do_assoc(sdata)) {
4568 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
4569 struct ieee80211_event event = {
4570 .type = MLME_EVENT,
4571 .u.mlme.data = ASSOC_EVENT,
4572 .u.mlme.status = MLME_TIMEOUT,
4573 };
4574
4575 ieee80211_destroy_assoc_data(sdata, false, false);
4576 cfg80211_assoc_timeout(sdata->dev, bss);
4577 drv_event_callback(sdata->local, sdata, &event);
4578 }
4579 } else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
4580 run_again(sdata, ifmgd->assoc_data->timeout);
4581
4582 if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
4583 ifmgd->associated) {
4584 u8 bssid[ETH_ALEN];
4585 int max_tries;
4586
4587 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
4588
4589 if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
4590 max_tries = max_nullfunc_tries;
4591 else
4592 max_tries = max_probe_tries;
4593
4594
4595 if (!ifmgd->probe_send_count)
4596 ieee80211_reset_ap_probe(sdata);
4597 else if (ifmgd->nullfunc_failed) {
4598 if (ifmgd->probe_send_count < max_tries) {
4599 mlme_dbg(sdata,
4600 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
4601 bssid, ifmgd->probe_send_count,
4602 max_tries);
4603 ieee80211_mgd_probe_ap_send(sdata);
4604 } else {
4605 mlme_dbg(sdata,
4606 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
4607 bssid);
4608 ieee80211_sta_connection_lost(sdata, bssid,
4609 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
4610 false);
4611 }
4612 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
4613 run_again(sdata, ifmgd->probe_timeout);
4614 else if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
4615 mlme_dbg(sdata,
4616 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
4617 bssid, probe_wait_ms);
4618 ieee80211_sta_connection_lost(sdata, bssid,
4619 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
4620 } else if (ifmgd->probe_send_count < max_tries) {
4621 mlme_dbg(sdata,
4622 "No probe response from AP %pM after %dms, try %d/%i\n",
4623 bssid, probe_wait_ms,
4624 ifmgd->probe_send_count, max_tries);
4625 ieee80211_mgd_probe_ap_send(sdata);
4626 } else {
4627
4628
4629
4630
4631 mlme_dbg(sdata,
4632 "No probe response from AP %pM after %dms, disconnecting.\n",
4633 bssid, probe_wait_ms);
4634
4635 ieee80211_sta_connection_lost(sdata, bssid,
4636 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
4637 }
4638 }
4639
4640 sdata_unlock(sdata);
4641}
4642
4643static void ieee80211_sta_bcn_mon_timer(struct timer_list *t)
4644{
4645 struct ieee80211_sub_if_data *sdata =
4646 from_timer(sdata, t, u.mgd.bcn_mon_timer);
4647 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4648
4649 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn)
4650 return;
4651
4652 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
4653 return;
4654
4655 sdata->u.mgd.connection_loss = false;
4656 ieee80211_queue_work(&sdata->local->hw,
4657 &sdata->u.mgd.beacon_connection_loss_work);
4658}
4659
4660static void ieee80211_sta_conn_mon_timer(struct timer_list *t)
4661{
4662 struct ieee80211_sub_if_data *sdata =
4663 from_timer(sdata, t, u.mgd.conn_mon_timer);
4664 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4665 struct ieee80211_local *local = sdata->local;
4666 struct sta_info *sta;
4667 unsigned long timeout;
4668
4669 if (sdata->vif.csa_active && !ifmgd->csa_waiting_bcn)
4670 return;
4671
4672 sta = sta_info_get(sdata, ifmgd->bssid);
4673 if (!sta)
4674 return;
4675
4676 timeout = sta->status_stats.last_ack;
4677 if (time_before(sta->status_stats.last_ack, sta->rx_stats.last_rx))
4678 timeout = sta->rx_stats.last_rx;
4679 timeout += IEEE80211_CONNECTION_IDLE_TIME;
4680
4681
4682
4683
4684 if (time_is_after_jiffies(timeout)) {
4685 mod_timer(&ifmgd->conn_mon_timer, round_jiffies_up(timeout));
4686 return;
4687 }
4688
4689 ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
4690}
4691
4692static void ieee80211_sta_monitor_work(struct work_struct *work)
4693{
4694 struct ieee80211_sub_if_data *sdata =
4695 container_of(work, struct ieee80211_sub_if_data,
4696 u.mgd.monitor_work);
4697
4698 ieee80211_mgd_probe_ap(sdata, false);
4699}
4700
4701static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
4702{
4703 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
4704 __ieee80211_stop_poll(sdata);
4705
4706
4707 if (!ieee80211_hw_check(&sdata->local->hw, CONNECTION_MONITOR))
4708 ieee80211_queue_work(&sdata->local->hw,
4709 &sdata->u.mgd.monitor_work);
4710 }
4711}
4712
4713#ifdef CONFIG_PM
4714void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
4715{
4716 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4717 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4718
4719 sdata_lock(sdata);
4720
4721 if (ifmgd->auth_data || ifmgd->assoc_data) {
4722 const u8 *bssid = ifmgd->auth_data ?
4723 ifmgd->auth_data->bss->bssid :
4724 ifmgd->assoc_data->bss->bssid;
4725
4726
4727
4728
4729
4730
4731 ieee80211_send_deauth_disassoc(sdata, bssid, bssid,
4732 IEEE80211_STYPE_DEAUTH,
4733 WLAN_REASON_DEAUTH_LEAVING,
4734 false, frame_buf);
4735 if (ifmgd->assoc_data)
4736 ieee80211_destroy_assoc_data(sdata, false, true);
4737 if (ifmgd->auth_data)
4738 ieee80211_destroy_auth_data(sdata, false);
4739 cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4740 IEEE80211_DEAUTH_FRAME_LEN,
4741 false);
4742 }
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761 if (ifmgd->associated && !sdata->local->wowlan) {
4762 u8 bssid[ETH_ALEN];
4763 struct cfg80211_deauth_request req = {
4764 .reason_code = WLAN_REASON_DEAUTH_LEAVING,
4765 .bssid = bssid,
4766 };
4767
4768 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
4769 ieee80211_mgd_deauth(sdata, &req);
4770 }
4771
4772 sdata_unlock(sdata);
4773}
4774
4775void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
4776{
4777 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4778
4779 sdata_lock(sdata);
4780 if (!ifmgd->associated) {
4781 sdata_unlock(sdata);
4782 return;
4783 }
4784
4785 if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
4786 sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
4787 mlme_dbg(sdata, "driver requested disconnect after resume\n");
4788 ieee80211_sta_connection_lost(sdata,
4789 ifmgd->associated->bssid,
4790 WLAN_REASON_UNSPECIFIED,
4791 true);
4792 sdata_unlock(sdata);
4793 return;
4794 }
4795 sdata_unlock(sdata);
4796}
4797#endif
4798
4799
4800void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
4801{
4802 struct ieee80211_if_managed *ifmgd;
4803
4804 ifmgd = &sdata->u.mgd;
4805 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
4806 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
4807 INIT_WORK(&ifmgd->beacon_connection_loss_work,
4808 ieee80211_beacon_connection_loss_work);
4809 INIT_WORK(&ifmgd->csa_connection_drop_work,
4810 ieee80211_csa_connection_drop_work);
4811 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work);
4812 INIT_DELAYED_WORK(&ifmgd->tdls_peer_del_work,
4813 ieee80211_tdls_peer_del_work);
4814 timer_setup(&ifmgd->timer, ieee80211_sta_timer, 0);
4815 timer_setup(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 0);
4816 timer_setup(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer, 0);
4817 timer_setup(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 0);
4818 INIT_DELAYED_WORK(&ifmgd->tx_tspec_wk,
4819 ieee80211_sta_handle_tspec_ac_params_wk);
4820
4821 ifmgd->flags = 0;
4822 ifmgd->powersave = sdata->wdev.ps;
4823 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
4824 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
4825 ifmgd->p2p_noa_index = -1;
4826
4827 if (sdata->local->hw.wiphy->features & NL80211_FEATURE_DYNAMIC_SMPS)
4828 ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
4829 else
4830 ifmgd->req_smps = IEEE80211_SMPS_OFF;
4831
4832
4833 spin_lock_init(&ifmgd->teardown_lock);
4834 ifmgd->teardown_skb = NULL;
4835 ifmgd->orig_teardown_skb = NULL;
4836}
4837
4838
4839void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
4840{
4841 struct ieee80211_sub_if_data *sdata;
4842
4843
4844 rcu_read_lock();
4845 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
4846 if (ieee80211_sdata_running(sdata))
4847 ieee80211_restart_sta_timer(sdata);
4848 }
4849 rcu_read_unlock();
4850}
4851
4852static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata,
4853 struct cfg80211_bss *cbss)
4854{
4855 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4856 const u8 *ht_cap_ie, *vht_cap_ie;
4857 const struct ieee80211_ht_cap *ht_cap;
4858 const struct ieee80211_vht_cap *vht_cap;
4859 u8 chains = 1;
4860
4861 if (ifmgd->flags & IEEE80211_STA_DISABLE_HT)
4862 return chains;
4863
4864 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
4865 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) {
4866 ht_cap = (void *)(ht_cap_ie + 2);
4867 chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
4868
4869
4870
4871
4872 }
4873
4874 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
4875 return chains;
4876
4877 vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
4878 if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) {
4879 u8 nss;
4880 u16 tx_mcs_map;
4881
4882 vht_cap = (void *)(vht_cap_ie + 2);
4883 tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
4884 for (nss = 8; nss > 0; nss--) {
4885 if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
4886 IEEE80211_VHT_MCS_NOT_SUPPORTED)
4887 break;
4888 }
4889
4890 chains = max(chains, nss);
4891 }
4892
4893 return chains;
4894}
4895
4896static bool
4897ieee80211_verify_sta_he_mcs_support(struct ieee80211_sub_if_data *sdata,
4898 struct ieee80211_supported_band *sband,
4899 const struct ieee80211_he_operation *he_op)
4900{
4901 const struct ieee80211_sta_he_cap *sta_he_cap =
4902 ieee80211_get_he_iftype_cap(sband,
4903 ieee80211_vif_type_p2p(&sdata->vif));
4904 u16 ap_min_req_set;
4905 int i;
4906
4907 if (!sta_he_cap || !he_op)
4908 return false;
4909
4910 ap_min_req_set = le16_to_cpu(he_op->he_mcs_nss_set);
4911
4912
4913 for (i = 0; i < 3; i++) {
4914 const struct ieee80211_he_mcs_nss_supp *sta_mcs_nss_supp =
4915 &sta_he_cap->he_mcs_nss_supp;
4916 u16 sta_mcs_map_rx =
4917 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i]);
4918 u16 sta_mcs_map_tx =
4919 le16_to_cpu(((__le16 *)sta_mcs_nss_supp)[2 * i + 1]);
4920 u8 nss;
4921 bool verified = true;
4922
4923
4924
4925
4926
4927
4928
4929
4930
4931
4932 for (nss = 8; nss > 0; nss--) {
4933 u8 sta_rx_val = (sta_mcs_map_rx >> (2 * (nss - 1))) & 3;
4934 u8 sta_tx_val = (sta_mcs_map_tx >> (2 * (nss - 1))) & 3;
4935 u8 ap_val = (ap_min_req_set >> (2 * (nss - 1))) & 3;
4936
4937 if (ap_val == IEEE80211_HE_MCS_NOT_SUPPORTED)
4938 continue;
4939
4940
4941
4942
4943
4944 if (sta_rx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
4945 sta_tx_val == IEEE80211_HE_MCS_NOT_SUPPORTED ||
4946 (ap_val > sta_rx_val) || (ap_val > sta_tx_val)) {
4947 verified = false;
4948 break;
4949 }
4950 }
4951
4952 if (verified)
4953 return true;
4954 }
4955
4956
4957 return false;
4958}
4959
4960static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
4961 struct cfg80211_bss *cbss)
4962{
4963 struct ieee80211_local *local = sdata->local;
4964 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4965 const struct ieee80211_ht_cap *ht_cap = NULL;
4966 const struct ieee80211_ht_operation *ht_oper = NULL;
4967 const struct ieee80211_vht_operation *vht_oper = NULL;
4968 const struct ieee80211_he_operation *he_oper = NULL;
4969 const struct ieee80211_s1g_oper_ie *s1g_oper = NULL;
4970 struct ieee80211_supported_band *sband;
4971 struct cfg80211_chan_def chandef;
4972 bool is_6ghz = cbss->channel->band == NL80211_BAND_6GHZ;
4973 bool is_5ghz = cbss->channel->band == NL80211_BAND_5GHZ;
4974 struct ieee80211_bss *bss = (void *)cbss->priv;
4975 int ret;
4976 u32 i;
4977 bool have_80mhz;
4978
4979 sband = local->hw.wiphy->bands[cbss->channel->band];
4980
4981 ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
4982 IEEE80211_STA_DISABLE_80P80MHZ |
4983 IEEE80211_STA_DISABLE_160MHZ);
4984
4985
4986 if (!sband->ht_cap.ht_supported && !is_6ghz) {
4987 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4988 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4989 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4990 }
4991
4992 if (!sband->vht_cap.vht_supported && is_5ghz) {
4993 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4994 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
4995 }
4996
4997 if (!ieee80211_get_he_iftype_cap(sband,
4998 ieee80211_vif_type_p2p(&sdata->vif)))
4999 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5000
5001 rcu_read_lock();
5002
5003 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) && !is_6ghz) {
5004 const u8 *ht_oper_ie, *ht_cap_ie;
5005
5006 ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
5007 if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
5008 ht_oper = (void *)(ht_oper_ie + 2);
5009
5010 ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
5011 if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap))
5012 ht_cap = (void *)(ht_cap_ie + 2);
5013
5014 if (!ht_cap) {
5015 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5016 ht_oper = NULL;
5017 }
5018 }
5019
5020 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) && !is_6ghz) {
5021 const u8 *vht_oper_ie, *vht_cap;
5022
5023 vht_oper_ie = ieee80211_bss_get_ie(cbss,
5024 WLAN_EID_VHT_OPERATION);
5025 if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
5026 vht_oper = (void *)(vht_oper_ie + 2);
5027 if (vht_oper && !ht_oper) {
5028 vht_oper = NULL;
5029 sdata_info(sdata,
5030 "AP advertised VHT without HT, disabling HT/VHT/HE\n");
5031 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5032 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5033 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5034 }
5035
5036 vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
5037 if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
5038 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5039 vht_oper = NULL;
5040 }
5041 }
5042
5043 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HE)) {
5044 const struct cfg80211_bss_ies *ies;
5045 const u8 *he_oper_ie;
5046
5047 ies = rcu_dereference(cbss->ies);
5048 he_oper_ie = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_OPERATION,
5049 ies->data, ies->len);
5050 if (he_oper_ie &&
5051 he_oper_ie[1] >= ieee80211_he_oper_size(&he_oper_ie[3]))
5052 he_oper = (void *)(he_oper_ie + 3);
5053 else
5054 he_oper = NULL;
5055
5056 if (!ieee80211_verify_sta_he_mcs_support(sdata, sband, he_oper))
5057 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5058 }
5059
5060
5061 have_80mhz = false;
5062 for (i = 0; i < sband->n_channels; i++) {
5063 if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED |
5064 IEEE80211_CHAN_NO_80MHZ))
5065 continue;
5066
5067 have_80mhz = true;
5068 break;
5069 }
5070
5071 if (!have_80mhz)
5072 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5073
5074 if (sband->band == NL80211_BAND_S1GHZ) {
5075 const u8 *s1g_oper_ie;
5076
5077 s1g_oper_ie = ieee80211_bss_get_ie(cbss,
5078 WLAN_EID_S1G_OPERATION);
5079 if (s1g_oper_ie && s1g_oper_ie[1] >= sizeof(*s1g_oper))
5080 s1g_oper = (void *)(s1g_oper_ie + 2);
5081 else
5082 sdata_info(sdata,
5083 "AP missing S1G operation element?\n");
5084 }
5085
5086 ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
5087 cbss->channel,
5088 bss->vht_cap_info,
5089 ht_oper, vht_oper, he_oper,
5090 s1g_oper,
5091 &chandef, false);
5092
5093 sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
5094 local->rx_chains);
5095
5096 rcu_read_unlock();
5097
5098 if (ifmgd->flags & IEEE80211_STA_DISABLE_HE && is_6ghz) {
5099 sdata_info(sdata, "Rejecting non-HE 6/7 GHz connection");
5100 return -EINVAL;
5101 }
5102
5103
5104 sdata->smps_mode = IEEE80211_SMPS_OFF;
5105
5106 mutex_lock(&local->mtx);
5107
5108
5109
5110
5111
5112 ret = ieee80211_vif_use_channel(sdata, &chandef,
5113 IEEE80211_CHANCTX_SHARED);
5114
5115
5116 if (chandef.width == NL80211_CHAN_WIDTH_5 ||
5117 chandef.width == NL80211_CHAN_WIDTH_10)
5118 goto out;
5119
5120 while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
5121 ifmgd->flags |= ieee80211_chandef_downgrade(&chandef);
5122 ret = ieee80211_vif_use_channel(sdata, &chandef,
5123 IEEE80211_CHANCTX_SHARED);
5124 }
5125 out:
5126 mutex_unlock(&local->mtx);
5127 return ret;
5128}
5129
5130static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies,
5131 u8 *dtim_count, u8 *dtim_period)
5132{
5133 const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len);
5134 const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data,
5135 ies->len);
5136 const struct ieee80211_tim_ie *tim = NULL;
5137 const struct ieee80211_bssid_index *idx;
5138 bool valid = tim_ie && tim_ie[1] >= 2;
5139
5140 if (valid)
5141 tim = (void *)(tim_ie + 2);
5142
5143 if (dtim_count)
5144 *dtim_count = valid ? tim->dtim_count : 0;
5145
5146 if (dtim_period)
5147 *dtim_period = valid ? tim->dtim_period : 0;
5148
5149
5150 if (!idx_ie || idx_ie[1] < 3)
5151 return valid;
5152
5153 idx = (void *)(idx_ie + 2);
5154
5155 if (dtim_count)
5156 *dtim_count = idx->dtim_count;
5157
5158 if (dtim_period)
5159 *dtim_period = idx->dtim_period;
5160
5161 return true;
5162}
5163
5164static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
5165 struct cfg80211_bss *cbss, bool assoc,
5166 bool override)
5167{
5168 struct ieee80211_local *local = sdata->local;
5169 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5170 struct ieee80211_bss *bss = (void *)cbss->priv;
5171 struct sta_info *new_sta = NULL;
5172 struct ieee80211_supported_band *sband;
5173 bool have_sta = false;
5174 int err;
5175
5176 sband = local->hw.wiphy->bands[cbss->channel->band];
5177
5178 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
5179 return -EINVAL;
5180
5181
5182 if (local->in_reconfig)
5183 return -EBUSY;
5184
5185 if (assoc) {
5186 rcu_read_lock();
5187 have_sta = sta_info_get(sdata, cbss->bssid);
5188 rcu_read_unlock();
5189 }
5190
5191 if (!have_sta) {
5192 new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
5193 if (!new_sta)
5194 return -ENOMEM;
5195 }
5196
5197
5198
5199
5200
5201
5202
5203
5204
5205
5206
5207
5208
5209
5210 if (new_sta) {
5211 u32 rates = 0, basic_rates = 0;
5212 bool have_higher_than_11mbit;
5213 int min_rate = INT_MAX, min_rate_index = -1;
5214 const struct cfg80211_bss_ies *ies;
5215 int shift = ieee80211_vif_get_shift(&sdata->vif);
5216
5217
5218 if (cbss->channel->band == NL80211_BAND_S1GHZ) {
5219 ieee80211_s1g_sta_rate_init(new_sta);
5220 goto skip_rates;
5221 }
5222
5223 ieee80211_get_rates(sband, bss->supp_rates,
5224 bss->supp_rates_len,
5225 &rates, &basic_rates,
5226 &have_higher_than_11mbit,
5227 &min_rate, &min_rate_index,
5228 shift);
5229
5230
5231
5232
5233
5234
5235
5236
5237
5238
5239
5240 if (min_rate_index < 0) {
5241 sdata_info(sdata,
5242 "No legacy rates in association response\n");
5243
5244 sta_info_free(local, new_sta);
5245 return -EINVAL;
5246 } else if (!basic_rates) {
5247 sdata_info(sdata,
5248 "No basic rates, using min rate instead\n");
5249 basic_rates = BIT(min_rate_index);
5250 }
5251
5252 if (rates)
5253 new_sta->sta.supp_rates[cbss->channel->band] = rates;
5254 else
5255 sdata_info(sdata,
5256 "No rates found, keeping mandatory only\n");
5257
5258 sdata->vif.bss_conf.basic_rates = basic_rates;
5259
5260
5261 if (cbss->channel->band == NL80211_BAND_2GHZ &&
5262 have_higher_than_11mbit)
5263 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
5264 else
5265 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
5266
5267skip_rates:
5268 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
5269
5270
5271 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
5272 rcu_read_lock();
5273 ies = rcu_dereference(cbss->beacon_ies);
5274 if (ies) {
5275 sdata->vif.bss_conf.sync_tsf = ies->tsf;
5276 sdata->vif.bss_conf.sync_device_ts =
5277 bss->device_ts_beacon;
5278
5279 ieee80211_get_dtim(ies,
5280 &sdata->vif.bss_conf.sync_dtim_count,
5281 NULL);
5282 } else if (!ieee80211_hw_check(&sdata->local->hw,
5283 TIMING_BEACON_ONLY)) {
5284 ies = rcu_dereference(cbss->proberesp_ies);
5285
5286 sdata->vif.bss_conf.sync_tsf = ies->tsf;
5287 sdata->vif.bss_conf.sync_device_ts =
5288 bss->device_ts_presp;
5289 sdata->vif.bss_conf.sync_dtim_count = 0;
5290 } else {
5291 sdata->vif.bss_conf.sync_tsf = 0;
5292 sdata->vif.bss_conf.sync_device_ts = 0;
5293 sdata->vif.bss_conf.sync_dtim_count = 0;
5294 }
5295 rcu_read_unlock();
5296 }
5297
5298 if (new_sta || override) {
5299 err = ieee80211_prep_channel(sdata, cbss);
5300 if (err) {
5301 if (new_sta)
5302 sta_info_free(local, new_sta);
5303 return -EINVAL;
5304 }
5305 }
5306
5307 if (new_sta) {
5308
5309
5310
5311
5312 ieee80211_bss_info_change_notify(sdata,
5313 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
5314 BSS_CHANGED_BEACON_INT);
5315
5316 if (assoc)
5317 sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
5318
5319 err = sta_info_insert(new_sta);
5320 new_sta = NULL;
5321 if (err) {
5322 sdata_info(sdata,
5323 "failed to insert STA entry for the AP (error %d)\n",
5324 err);
5325 return err;
5326 }
5327 } else
5328 WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
5329
5330
5331 if (local->scanning)
5332 ieee80211_scan_cancel(local);
5333
5334 return 0;
5335}
5336
5337
5338int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
5339 struct cfg80211_auth_request *req)
5340{
5341 struct ieee80211_local *local = sdata->local;
5342 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5343 struct ieee80211_mgd_auth_data *auth_data;
5344 u16 auth_alg;
5345 int err;
5346 bool cont_auth;
5347
5348
5349
5350 switch (req->auth_type) {
5351 case NL80211_AUTHTYPE_OPEN_SYSTEM:
5352 auth_alg = WLAN_AUTH_OPEN;
5353 break;
5354 case NL80211_AUTHTYPE_SHARED_KEY:
5355 if (fips_enabled)
5356 return -EOPNOTSUPP;
5357 auth_alg = WLAN_AUTH_SHARED_KEY;
5358 break;
5359 case NL80211_AUTHTYPE_FT:
5360 auth_alg = WLAN_AUTH_FT;
5361 break;
5362 case NL80211_AUTHTYPE_NETWORK_EAP:
5363 auth_alg = WLAN_AUTH_LEAP;
5364 break;
5365 case NL80211_AUTHTYPE_SAE:
5366 auth_alg = WLAN_AUTH_SAE;
5367 break;
5368 case NL80211_AUTHTYPE_FILS_SK:
5369 auth_alg = WLAN_AUTH_FILS_SK;
5370 break;
5371 case NL80211_AUTHTYPE_FILS_SK_PFS:
5372 auth_alg = WLAN_AUTH_FILS_SK_PFS;
5373 break;
5374 case NL80211_AUTHTYPE_FILS_PK:
5375 auth_alg = WLAN_AUTH_FILS_PK;
5376 break;
5377 default:
5378 return -EOPNOTSUPP;
5379 }
5380
5381 if (ifmgd->assoc_data)
5382 return -EBUSY;
5383
5384 auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len +
5385 req->ie_len, GFP_KERNEL);
5386 if (!auth_data)
5387 return -ENOMEM;
5388
5389 auth_data->bss = req->bss;
5390
5391 if (req->auth_data_len >= 4) {
5392 if (req->auth_type == NL80211_AUTHTYPE_SAE) {
5393 __le16 *pos = (__le16 *) req->auth_data;
5394
5395 auth_data->sae_trans = le16_to_cpu(pos[0]);
5396 auth_data->sae_status = le16_to_cpu(pos[1]);
5397 }
5398 memcpy(auth_data->data, req->auth_data + 4,
5399 req->auth_data_len - 4);
5400 auth_data->data_len += req->auth_data_len - 4;
5401 }
5402
5403
5404
5405
5406
5407
5408 cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss;
5409
5410 if (req->ie && req->ie_len) {
5411 memcpy(&auth_data->data[auth_data->data_len],
5412 req->ie, req->ie_len);
5413 auth_data->data_len += req->ie_len;
5414 }
5415
5416 if (req->key && req->key_len) {
5417 auth_data->key_len = req->key_len;
5418 auth_data->key_idx = req->key_idx;
5419 memcpy(auth_data->key, req->key, req->key_len);
5420 }
5421
5422 auth_data->algorithm = auth_alg;
5423
5424
5425
5426 if (ifmgd->auth_data) {
5427 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) {
5428 auth_data->peer_confirmed =
5429 ifmgd->auth_data->peer_confirmed;
5430 }
5431 ieee80211_destroy_auth_data(sdata, cont_auth);
5432 }
5433
5434
5435 ifmgd->auth_data = auth_data;
5436
5437
5438
5439
5440
5441
5442 if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE &&
5443 auth_data->peer_confirmed && auth_data->sae_trans == 2)
5444 ieee80211_mark_sta_auth(sdata, req->bss->bssid);
5445
5446 if (ifmgd->associated) {
5447 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5448
5449 sdata_info(sdata,
5450 "disconnect from AP %pM for new auth to %pM\n",
5451 ifmgd->associated->bssid, req->bss->bssid);
5452 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5453 WLAN_REASON_UNSPECIFIED,
5454 false, frame_buf);
5455
5456 ieee80211_report_disconnect(sdata, frame_buf,
5457 sizeof(frame_buf), true,
5458 WLAN_REASON_UNSPECIFIED,
5459 false);
5460 }
5461
5462 sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
5463
5464 err = ieee80211_prep_connection(sdata, req->bss, cont_auth, false);
5465 if (err)
5466 goto err_clear;
5467
5468 err = ieee80211_auth(sdata);
5469 if (err) {
5470 sta_info_destroy_addr(sdata, req->bss->bssid);
5471 goto err_clear;
5472 }
5473
5474
5475 cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
5476 return 0;
5477
5478 err_clear:
5479 eth_zero_addr(ifmgd->bssid);
5480 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
5481 ifmgd->auth_data = NULL;
5482 mutex_lock(&sdata->local->mtx);
5483 ieee80211_vif_release_channel(sdata);
5484 mutex_unlock(&sdata->local->mtx);
5485 kfree(auth_data);
5486 return err;
5487}
5488
5489int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
5490 struct cfg80211_assoc_request *req)
5491{
5492 bool is_6ghz = req->bss->channel->band == NL80211_BAND_6GHZ;
5493 bool is_5ghz = req->bss->channel->band == NL80211_BAND_5GHZ;
5494 struct ieee80211_local *local = sdata->local;
5495 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5496 struct ieee80211_bss *bss = (void *)req->bss->priv;
5497 struct ieee80211_mgd_assoc_data *assoc_data;
5498 const struct cfg80211_bss_ies *beacon_ies;
5499 struct ieee80211_supported_band *sband;
5500 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
5501 const u8 *ssidie, *ht_ie, *vht_ie;
5502 int i, err;
5503 bool override = false;
5504
5505 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
5506 if (!assoc_data)
5507 return -ENOMEM;
5508
5509 rcu_read_lock();
5510 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
5511 if (!ssidie || ssidie[1] > sizeof(assoc_data->ssid)) {
5512 rcu_read_unlock();
5513 kfree(assoc_data);
5514 return -EINVAL;
5515 }
5516 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
5517 assoc_data->ssid_len = ssidie[1];
5518 memcpy(bss_conf->ssid, assoc_data->ssid, assoc_data->ssid_len);
5519 bss_conf->ssid_len = assoc_data->ssid_len;
5520 rcu_read_unlock();
5521
5522 if (ifmgd->associated) {
5523 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5524
5525 sdata_info(sdata,
5526 "disconnect from AP %pM for new assoc to %pM\n",
5527 ifmgd->associated->bssid, req->bss->bssid);
5528 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5529 WLAN_REASON_UNSPECIFIED,
5530 false, frame_buf);
5531
5532 ieee80211_report_disconnect(sdata, frame_buf,
5533 sizeof(frame_buf), true,
5534 WLAN_REASON_UNSPECIFIED,
5535 false);
5536 }
5537
5538 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
5539 err = -EBUSY;
5540 goto err_free;
5541 }
5542
5543 if (ifmgd->assoc_data) {
5544 err = -EBUSY;
5545 goto err_free;
5546 }
5547
5548 if (ifmgd->auth_data) {
5549 bool match;
5550
5551
5552 match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
5553 ieee80211_destroy_auth_data(sdata, match);
5554 }
5555
5556
5557
5558 ifmgd->beacon_crc_valid = false;
5559
5560 assoc_data->wmm = bss->wmm_used &&
5561 (local->hw.queues >= IEEE80211_NUM_ACS);
5562
5563
5564
5565
5566
5567
5568
5569
5570 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
5571 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
5572 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
5573 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
5574 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5575 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5576 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5577 netdev_info(sdata->dev,
5578 "disabling HT/VHT/HE due to WEP/TKIP use\n");
5579 }
5580 }
5581
5582 sband = local->hw.wiphy->bands[req->bss->channel->band];
5583
5584
5585 if (!bss->wmm_used) {
5586 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5587 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5588 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5589 netdev_info(sdata->dev,
5590 "disabling HT/VHT/HE as WMM/QoS is not supported by the AP\n");
5591 }
5592
5593 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
5594 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
5595 sizeof(ifmgd->ht_capa_mask));
5596
5597 memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
5598 memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
5599 sizeof(ifmgd->vht_capa_mask));
5600
5601 memcpy(&ifmgd->s1g_capa, &req->s1g_capa, sizeof(ifmgd->s1g_capa));
5602 memcpy(&ifmgd->s1g_capa_mask, &req->s1g_capa_mask,
5603 sizeof(ifmgd->s1g_capa_mask));
5604
5605 if (req->ie && req->ie_len) {
5606 memcpy(assoc_data->ie, req->ie, req->ie_len);
5607 assoc_data->ie_len = req->ie_len;
5608 }
5609
5610 if (req->fils_kek) {
5611
5612 if (WARN_ON(req->fils_kek_len > FILS_MAX_KEK_LEN)) {
5613 err = -EINVAL;
5614 goto err_free;
5615 }
5616 memcpy(assoc_data->fils_kek, req->fils_kek,
5617 req->fils_kek_len);
5618 assoc_data->fils_kek_len = req->fils_kek_len;
5619 }
5620
5621 if (req->fils_nonces)
5622 memcpy(assoc_data->fils_nonces, req->fils_nonces,
5623 2 * FILS_NONCE_LEN);
5624
5625 assoc_data->bss = req->bss;
5626 assoc_data->capability = req->bss->capability;
5627 assoc_data->supp_rates = bss->supp_rates;
5628 assoc_data->supp_rates_len = bss->supp_rates_len;
5629
5630 rcu_read_lock();
5631 ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
5632 if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
5633 assoc_data->ap_ht_param =
5634 ((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
5635 else if (!is_6ghz)
5636 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5637 vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY);
5638 if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap))
5639 memcpy(&assoc_data->ap_vht_cap, vht_ie + 2,
5640 sizeof(struct ieee80211_vht_cap));
5641 else if (is_5ghz)
5642 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT |
5643 IEEE80211_STA_DISABLE_HE;
5644 rcu_read_unlock();
5645
5646 if (WARN((sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD) &&
5647 ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK),
5648 "U-APSD not supported with HW_PS_NULLFUNC_STACK\n"))
5649 sdata->vif.driver_flags &= ~IEEE80211_VIF_SUPPORTS_UAPSD;
5650
5651 if (bss->wmm_used && bss->uapsd_supported &&
5652 (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_UAPSD)) {
5653 assoc_data->uapsd = true;
5654 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
5655 } else {
5656 assoc_data->uapsd = false;
5657 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
5658 }
5659
5660 if (req->prev_bssid)
5661 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
5662
5663 if (req->use_mfp) {
5664 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
5665 ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
5666 } else {
5667 ifmgd->mfp = IEEE80211_MFP_DISABLED;
5668 ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
5669 }
5670
5671 if (req->flags & ASSOC_REQ_USE_RRM)
5672 ifmgd->flags |= IEEE80211_STA_ENABLE_RRM;
5673 else
5674 ifmgd->flags &= ~IEEE80211_STA_ENABLE_RRM;
5675
5676 if (req->crypto.control_port)
5677 ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
5678 else
5679 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
5680
5681 sdata->control_port_protocol = req->crypto.control_port_ethertype;
5682 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
5683 sdata->control_port_over_nl80211 =
5684 req->crypto.control_port_over_nl80211;
5685 sdata->control_port_no_preauth = req->crypto.control_port_no_preauth;
5686 sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto,
5687 sdata->vif.type);
5688
5689
5690
5691 ifmgd->assoc_data = assoc_data;
5692 ifmgd->dtim_period = 0;
5693 ifmgd->have_beacon = false;
5694
5695
5696 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
5697 struct ieee80211_sta_ht_cap sta_ht_cap;
5698
5699 if (req->flags & ASSOC_REQ_DISABLE_HT)
5700 override = true;
5701
5702 memcpy(&sta_ht_cap, &sband->ht_cap, sizeof(sta_ht_cap));
5703 ieee80211_apply_htcap_overrides(sdata, &sta_ht_cap);
5704
5705
5706 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ) &&
5707 sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 &&
5708 !(sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40))
5709 override = true;
5710
5711 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
5712 req->flags & ASSOC_REQ_DISABLE_VHT)
5713 override = true;
5714 }
5715
5716 if (req->flags & ASSOC_REQ_DISABLE_HT) {
5717 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
5718 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5719 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5720 }
5721
5722 if (req->flags & ASSOC_REQ_DISABLE_VHT)
5723 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
5724
5725 if (req->flags & ASSOC_REQ_DISABLE_HE)
5726 ifmgd->flags |= IEEE80211_STA_DISABLE_HE;
5727
5728 err = ieee80211_prep_connection(sdata, req->bss, true, override);
5729 if (err)
5730 goto err_clear;
5731
5732 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
5733 if (ifmgd->powersave)
5734 sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
5735 else
5736 sdata->smps_mode = IEEE80211_SMPS_OFF;
5737 } else {
5738 sdata->smps_mode = ifmgd->req_smps;
5739 }
5740
5741 rcu_read_lock();
5742 beacon_ies = rcu_dereference(req->bss->beacon_ies);
5743
5744 if (ieee80211_hw_check(&sdata->local->hw, NEED_DTIM_BEFORE_ASSOC) &&
5745 !beacon_ies) {
5746
5747
5748
5749
5750 sdata_info(sdata, "waiting for beacon from %pM\n",
5751 ifmgd->bssid);
5752 assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
5753 assoc_data->timeout_started = true;
5754 assoc_data->need_beacon = true;
5755 } else if (beacon_ies) {
5756 const struct element *elem;
5757 u8 dtim_count = 0;
5758
5759 ieee80211_get_dtim(beacon_ies, &dtim_count,
5760 &ifmgd->dtim_period);
5761
5762 ifmgd->have_beacon = true;
5763 assoc_data->timeout = jiffies;
5764 assoc_data->timeout_started = true;
5765
5766 if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
5767 sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf;
5768 sdata->vif.bss_conf.sync_device_ts =
5769 bss->device_ts_beacon;
5770 sdata->vif.bss_conf.sync_dtim_count = dtim_count;
5771 }
5772
5773 elem = cfg80211_find_ext_elem(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION,
5774 beacon_ies->data, beacon_ies->len);
5775 if (elem && elem->datalen >= 3)
5776 sdata->vif.bss_conf.profile_periodicity = elem->data[2];
5777 else
5778 sdata->vif.bss_conf.profile_periodicity = 0;
5779
5780 elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY,
5781 beacon_ies->data, beacon_ies->len);
5782 if (elem && elem->datalen >= 11 &&
5783 (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
5784 sdata->vif.bss_conf.ema_ap = true;
5785 else
5786 sdata->vif.bss_conf.ema_ap = false;
5787 } else {
5788 assoc_data->timeout = jiffies;
5789 assoc_data->timeout_started = true;
5790 }
5791 rcu_read_unlock();
5792
5793 run_again(sdata, assoc_data->timeout);
5794
5795 if (bss->corrupt_data) {
5796 char *corrupt_type = "data";
5797 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
5798 if (bss->corrupt_data &
5799 IEEE80211_BSS_CORRUPT_PROBE_RESP)
5800 corrupt_type = "beacon and probe response";
5801 else
5802 corrupt_type = "beacon";
5803 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
5804 corrupt_type = "probe response";
5805 sdata_info(sdata, "associating with AP with corrupt %s\n",
5806 corrupt_type);
5807 }
5808
5809 return 0;
5810 err_clear:
5811 eth_zero_addr(ifmgd->bssid);
5812 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
5813 ifmgd->assoc_data = NULL;
5814 err_free:
5815 kfree(assoc_data);
5816 return err;
5817}
5818
5819int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
5820 struct cfg80211_deauth_request *req)
5821{
5822 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5823 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5824 bool tx = !req->local_state_change;
5825 struct ieee80211_prep_tx_info info = {
5826 .subtype = IEEE80211_STYPE_DEAUTH,
5827 };
5828
5829 if (ifmgd->auth_data &&
5830 ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) {
5831 sdata_info(sdata,
5832 "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
5833 req->bssid, req->reason_code,
5834 ieee80211_get_reason_code_string(req->reason_code));
5835
5836 drv_mgd_prepare_tx(sdata->local, sdata, &info);
5837 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
5838 IEEE80211_STYPE_DEAUTH,
5839 req->reason_code, tx,
5840 frame_buf);
5841 ieee80211_destroy_auth_data(sdata, false);
5842 ieee80211_report_disconnect(sdata, frame_buf,
5843 sizeof(frame_buf), true,
5844 req->reason_code, false);
5845 drv_mgd_complete_tx(sdata->local, sdata, &info);
5846 return 0;
5847 }
5848
5849 if (ifmgd->assoc_data &&
5850 ether_addr_equal(ifmgd->assoc_data->bss->bssid, req->bssid)) {
5851 sdata_info(sdata,
5852 "aborting association with %pM by local choice (Reason: %u=%s)\n",
5853 req->bssid, req->reason_code,
5854 ieee80211_get_reason_code_string(req->reason_code));
5855
5856 drv_mgd_prepare_tx(sdata->local, sdata, &info);
5857 ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
5858 IEEE80211_STYPE_DEAUTH,
5859 req->reason_code, tx,
5860 frame_buf);
5861 ieee80211_destroy_assoc_data(sdata, false, true);
5862 ieee80211_report_disconnect(sdata, frame_buf,
5863 sizeof(frame_buf), true,
5864 req->reason_code, false);
5865 return 0;
5866 }
5867
5868 if (ifmgd->associated &&
5869 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
5870 sdata_info(sdata,
5871 "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
5872 req->bssid, req->reason_code,
5873 ieee80211_get_reason_code_string(req->reason_code));
5874
5875 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
5876 req->reason_code, tx, frame_buf);
5877 ieee80211_report_disconnect(sdata, frame_buf,
5878 sizeof(frame_buf), true,
5879 req->reason_code, false);
5880 drv_mgd_complete_tx(sdata->local, sdata, &info);
5881 return 0;
5882 }
5883
5884 return -ENOTCONN;
5885}
5886
5887int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
5888 struct cfg80211_disassoc_request *req)
5889{
5890 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5891 u8 bssid[ETH_ALEN];
5892 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
5893
5894
5895
5896
5897
5898
5899
5900 if (ifmgd->associated != req->bss)
5901 return -ENOLINK;
5902
5903 sdata_info(sdata,
5904 "disassociating from %pM by local choice (Reason: %u=%s)\n",
5905 req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code));
5906
5907 memcpy(bssid, req->bss->bssid, ETH_ALEN);
5908 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
5909 req->reason_code, !req->local_state_change,
5910 frame_buf);
5911
5912 ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
5913 req->reason_code, false);
5914
5915 return 0;
5916}
5917
5918void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
5919{
5920 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
5921
5922
5923
5924
5925
5926
5927 cancel_work_sync(&ifmgd->monitor_work);
5928 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
5929 cancel_work_sync(&ifmgd->request_smps_work);
5930 cancel_work_sync(&ifmgd->csa_connection_drop_work);
5931 cancel_work_sync(&ifmgd->chswitch_work);
5932 cancel_delayed_work_sync(&ifmgd->tdls_peer_del_work);
5933
5934 sdata_lock(sdata);
5935 if (ifmgd->assoc_data) {
5936 struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
5937 ieee80211_destroy_assoc_data(sdata, false, false);
5938 cfg80211_assoc_timeout(sdata->dev, bss);
5939 }
5940 if (ifmgd->auth_data)
5941 ieee80211_destroy_auth_data(sdata, false);
5942 spin_lock_bh(&ifmgd->teardown_lock);
5943 if (ifmgd->teardown_skb) {
5944 kfree_skb(ifmgd->teardown_skb);
5945 ifmgd->teardown_skb = NULL;
5946 ifmgd->orig_teardown_skb = NULL;
5947 }
5948 kfree(ifmgd->assoc_req_ies);
5949 ifmgd->assoc_req_ies = NULL;
5950 ifmgd->assoc_req_ies_len = 0;
5951 spin_unlock_bh(&ifmgd->teardown_lock);
5952 del_timer_sync(&ifmgd->timer);
5953 sdata_unlock(sdata);
5954}
5955
5956void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
5957 enum nl80211_cqm_rssi_threshold_event rssi_event,
5958 s32 rssi_level,
5959 gfp_t gfp)
5960{
5961 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5962
5963 trace_api_cqm_rssi_notify(sdata, rssi_event, rssi_level);
5964
5965 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, rssi_level, gfp);
5966}
5967EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
5968
5969void ieee80211_cqm_beacon_loss_notify(struct ieee80211_vif *vif, gfp_t gfp)
5970{
5971 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5972
5973 trace_api_cqm_beacon_loss_notify(sdata->local, sdata);
5974
5975 cfg80211_cqm_beacon_loss_notify(sdata->dev, gfp);
5976}
5977EXPORT_SYMBOL(ieee80211_cqm_beacon_loss_notify);
5978
