tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / mac80211 / work.c
at v2.6.34 1101 lines 28 kB view raw
1/* 2 * mac80211 work implementation 3 * 4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 5 * Copyright 2004, Instant802 Networks, Inc. 6 * Copyright 2005, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * Copyright 2009, Johannes Berg <johannes@sipsolutions.net> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 */ 15 16#include <linux/delay.h> 17#include <linux/if_ether.h> 18#include <linux/skbuff.h> 19#include <linux/if_arp.h> 20#include <linux/etherdevice.h> 21#include <linux/crc32.h> 22#include <linux/slab.h> 23#include <net/mac80211.h> 24#include <asm/unaligned.h> 25 26#include "ieee80211_i.h" 27#include "rate.h" 28 29#define IEEE80211_AUTH_TIMEOUT (HZ / 5) 30#define IEEE80211_AUTH_MAX_TRIES 3 31#define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 32#define IEEE80211_ASSOC_MAX_TRIES 3 33#define IEEE80211_MAX_PROBE_TRIES 5 34 35enum work_action { 36 WORK_ACT_NONE, 37 WORK_ACT_TIMEOUT, 38 WORK_ACT_DONE, 39}; 40 41 42/* utils */ 43static inline void ASSERT_WORK_MTX(struct ieee80211_local *local) 44{ 45 WARN_ON(!mutex_is_locked(&local->work_mtx)); 46} 47 48/* 49 * We can have multiple work items (and connection probing) 50 * scheduling this timer, but we need to take care to only 51 * reschedule it when it should fire _earlier_ than it was 52 * asked for before, or if it's not pending right now. This 53 * function ensures that. Note that it then is required to 54 * run this function for all timeouts after the first one 55 * has happened -- the work that runs from this timer will 56 * do that. 57 */ 58static void run_again(struct ieee80211_local *local, 59 unsigned long timeout) 60{ 61 ASSERT_WORK_MTX(local); 62 63 if (!timer_pending(&local->work_timer) || 64 time_before(timeout, local->work_timer.expires)) 65 mod_timer(&local->work_timer, timeout); 66} 67 68static void work_free_rcu(struct rcu_head *head) 69{ 70 struct ieee80211_work *wk = 71 container_of(head, struct ieee80211_work, rcu_head); 72 73 kfree(wk); 74} 75 76void free_work(struct ieee80211_work *wk) 77{ 78 call_rcu(&wk->rcu_head, work_free_rcu); 79} 80 81static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 82 struct ieee80211_supported_band *sband, 83 u32 *rates) 84{ 85 int i, j, count; 86 *rates = 0; 87 count = 0; 88 for (i = 0; i < supp_rates_len; i++) { 89 int rate = (supp_rates[i] & 0x7F) * 5; 90 91 for (j = 0; j < sband->n_bitrates; j++) 92 if (sband->bitrates[j].bitrate == rate) { 93 *rates |= BIT(j); 94 count++; 95 break; 96 } 97 } 98 99 return count; 100} 101 102/* frame sending functions */ 103 104static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie, 105 struct ieee80211_supported_band *sband, 106 struct ieee80211_channel *channel, 107 enum ieee80211_smps_mode smps) 108{ 109 struct ieee80211_ht_info *ht_info; 110 u8 *pos; 111 u32 flags = channel->flags; 112 u16 cap = sband->ht_cap.cap; 113 __le16 tmp; 114 115 if (!sband->ht_cap.ht_supported) 116 return; 117 118 if (!ht_info_ie) 119 return; 120 121 if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info)) 122 return; 123 124 ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2); 125 126 /* determine capability flags */ 127 128 if (ieee80211_disable_40mhz_24ghz && 129 sband->band == IEEE80211_BAND_2GHZ) { 130 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 131 cap &= ~IEEE80211_HT_CAP_SGI_40; 132 } 133 134 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 135 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 136 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 137 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 138 cap &= ~IEEE80211_HT_CAP_SGI_40; 139 } 140 break; 141 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 142 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 143 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 144 cap &= ~IEEE80211_HT_CAP_SGI_40; 145 } 146 break; 147 } 148 149 /* set SM PS mode properly */ 150 cap &= ~IEEE80211_HT_CAP_SM_PS; 151 switch (smps) { 152 case IEEE80211_SMPS_AUTOMATIC: 153 case IEEE80211_SMPS_NUM_MODES: 154 WARN_ON(1); 155 case IEEE80211_SMPS_OFF: 156 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 157 IEEE80211_HT_CAP_SM_PS_SHIFT; 158 break; 159 case IEEE80211_SMPS_STATIC: 160 cap |= WLAN_HT_CAP_SM_PS_STATIC << 161 IEEE80211_HT_CAP_SM_PS_SHIFT; 162 break; 163 case IEEE80211_SMPS_DYNAMIC: 164 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 165 IEEE80211_HT_CAP_SM_PS_SHIFT; 166 break; 167 } 168 169 /* reserve and fill IE */ 170 171 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 172 *pos++ = WLAN_EID_HT_CAPABILITY; 173 *pos++ = sizeof(struct ieee80211_ht_cap); 174 memset(pos, 0, sizeof(struct ieee80211_ht_cap)); 175 176 /* capability flags */ 177 tmp = cpu_to_le16(cap); 178 memcpy(pos, &tmp, sizeof(u16)); 179 pos += sizeof(u16); 180 181 /* AMPDU parameters */ 182 *pos++ = sband->ht_cap.ampdu_factor | 183 (sband->ht_cap.ampdu_density << 184 IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT); 185 186 /* MCS set */ 187 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs)); 188 pos += sizeof(sband->ht_cap.mcs); 189 190 /* extended capabilities */ 191 pos += sizeof(__le16); 192 193 /* BF capabilities */ 194 pos += sizeof(__le32); 195 196 /* antenna selection */ 197 pos += sizeof(u8); 198} 199 200static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata, 201 struct ieee80211_work *wk) 202{ 203 struct ieee80211_local *local = sdata->local; 204 struct sk_buff *skb; 205 struct ieee80211_mgmt *mgmt; 206 u8 *pos, qos_info; 207 const u8 *ies; 208 size_t offset = 0, noffset; 209 int i, len, count, rates_len, supp_rates_len; 210 u16 capab; 211 struct ieee80211_supported_band *sband; 212 u32 rates = 0; 213 214 sband = local->hw.wiphy->bands[wk->chan->band]; 215 216 /* 217 * Get all rates supported by the device and the AP as 218 * some APs don't like getting a superset of their rates 219 * in the association request (e.g. D-Link DAP 1353 in 220 * b-only mode)... 221 */ 222 rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates, 223 wk->assoc.supp_rates_len, 224 sband, &rates); 225 226 skb = alloc_skb(local->hw.extra_tx_headroom + 227 sizeof(*mgmt) + /* bit too much but doesn't matter */ 228 2 + wk->assoc.ssid_len + /* SSID */ 229 4 + rates_len + /* (extended) rates */ 230 4 + /* power capability */ 231 2 + 2 * sband->n_channels + /* supported channels */ 232 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 233 wk->ie_len + /* extra IEs */ 234 9, /* WMM */ 235 GFP_KERNEL); 236 if (!skb) { 237 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc " 238 "frame\n", sdata->name); 239 return; 240 } 241 skb_reserve(skb, local->hw.extra_tx_headroom); 242 243 capab = WLAN_CAPABILITY_ESS; 244 245 if (sband->band == IEEE80211_BAND_2GHZ) { 246 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 247 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 248 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 249 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 250 } 251 252 if (wk->assoc.capability & WLAN_CAPABILITY_PRIVACY) 253 capab |= WLAN_CAPABILITY_PRIVACY; 254 255 if ((wk->assoc.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 256 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 257 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 258 259 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 260 memset(mgmt, 0, 24); 261 memcpy(mgmt->da, wk->filter_ta, ETH_ALEN); 262 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 263 memcpy(mgmt->bssid, wk->filter_ta, ETH_ALEN); 264 265 if (!is_zero_ether_addr(wk->assoc.prev_bssid)) { 266 skb_put(skb, 10); 267 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 268 IEEE80211_STYPE_REASSOC_REQ); 269 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 270 mgmt->u.reassoc_req.listen_interval = 271 cpu_to_le16(local->hw.conf.listen_interval); 272 memcpy(mgmt->u.reassoc_req.current_ap, wk->assoc.prev_bssid, 273 ETH_ALEN); 274 } else { 275 skb_put(skb, 4); 276 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 277 IEEE80211_STYPE_ASSOC_REQ); 278 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 279 mgmt->u.assoc_req.listen_interval = 280 cpu_to_le16(local->hw.conf.listen_interval); 281 } 282 283 /* SSID */ 284 ies = pos = skb_put(skb, 2 + wk->assoc.ssid_len); 285 *pos++ = WLAN_EID_SSID; 286 *pos++ = wk->assoc.ssid_len; 287 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len); 288 289 /* add all rates which were marked to be used above */ 290 supp_rates_len = rates_len; 291 if (supp_rates_len > 8) 292 supp_rates_len = 8; 293 294 len = sband->n_bitrates; 295 pos = skb_put(skb, supp_rates_len + 2); 296 *pos++ = WLAN_EID_SUPP_RATES; 297 *pos++ = supp_rates_len; 298 299 count = 0; 300 for (i = 0; i < sband->n_bitrates; i++) { 301 if (BIT(i) & rates) { 302 int rate = sband->bitrates[i].bitrate; 303 *pos++ = (u8) (rate / 5); 304 if (++count == 8) 305 break; 306 } 307 } 308 309 if (rates_len > count) { 310 pos = skb_put(skb, rates_len - count + 2); 311 *pos++ = WLAN_EID_EXT_SUPP_RATES; 312 *pos++ = rates_len - count; 313 314 for (i++; i < sband->n_bitrates; i++) { 315 if (BIT(i) & rates) { 316 int rate = sband->bitrates[i].bitrate; 317 *pos++ = (u8) (rate / 5); 318 } 319 } 320 } 321 322 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 323 /* 1. power capabilities */ 324 pos = skb_put(skb, 4); 325 *pos++ = WLAN_EID_PWR_CAPABILITY; 326 *pos++ = 2; 327 *pos++ = 0; /* min tx power */ 328 *pos++ = wk->chan->max_power; /* max tx power */ 329 330 /* 2. supported channels */ 331 /* TODO: get this in reg domain format */ 332 pos = skb_put(skb, 2 * sband->n_channels + 2); 333 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 334 *pos++ = 2 * sband->n_channels; 335 for (i = 0; i < sband->n_channels; i++) { 336 *pos++ = ieee80211_frequency_to_channel( 337 sband->channels[i].center_freq); 338 *pos++ = 1; /* one channel in the subband*/ 339 } 340 } 341 342 /* if present, add any custom IEs that go before HT */ 343 if (wk->ie_len && wk->ie) { 344 static const u8 before_ht[] = { 345 WLAN_EID_SSID, 346 WLAN_EID_SUPP_RATES, 347 WLAN_EID_EXT_SUPP_RATES, 348 WLAN_EID_PWR_CAPABILITY, 349 WLAN_EID_SUPPORTED_CHANNELS, 350 WLAN_EID_RSN, 351 WLAN_EID_QOS_CAPA, 352 WLAN_EID_RRM_ENABLED_CAPABILITIES, 353 WLAN_EID_MOBILITY_DOMAIN, 354 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 355 }; 356 noffset = ieee80211_ie_split(wk->ie, wk->ie_len, 357 before_ht, ARRAY_SIZE(before_ht), 358 offset); 359 pos = skb_put(skb, noffset - offset); 360 memcpy(pos, wk->ie + offset, noffset - offset); 361 offset = noffset; 362 } 363 364 if (wk->assoc.use_11n && wk->assoc.wmm_used && 365 local->hw.queues >= 4) 366 ieee80211_add_ht_ie(skb, wk->assoc.ht_information_ie, 367 sband, wk->chan, wk->assoc.smps); 368 369 /* if present, add any custom non-vendor IEs that go after HT */ 370 if (wk->ie_len && wk->ie) { 371 noffset = ieee80211_ie_split_vendor(wk->ie, wk->ie_len, 372 offset); 373 pos = skb_put(skb, noffset - offset); 374 memcpy(pos, wk->ie + offset, noffset - offset); 375 offset = noffset; 376 } 377 378 if (wk->assoc.wmm_used && local->hw.queues >= 4) { 379 if (wk->assoc.uapsd_used) { 380 qos_info = local->uapsd_queues; 381 qos_info |= (local->uapsd_max_sp_len << 382 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 383 } else { 384 qos_info = 0; 385 } 386 387 pos = skb_put(skb, 9); 388 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 389 *pos++ = 7; /* len */ 390 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 391 *pos++ = 0x50; 392 *pos++ = 0xf2; 393 *pos++ = 2; /* WME */ 394 *pos++ = 0; /* WME info */ 395 *pos++ = 1; /* WME ver */ 396 *pos++ = qos_info; 397 } 398 399 /* add any remaining custom (i.e. vendor specific here) IEs */ 400 if (wk->ie_len && wk->ie) { 401 noffset = wk->ie_len; 402 pos = skb_put(skb, noffset - offset); 403 memcpy(pos, wk->ie + offset, noffset - offset); 404 } 405 406 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 407 ieee80211_tx_skb(sdata, skb); 408} 409 410static void ieee80211_remove_auth_bss(struct ieee80211_local *local, 411 struct ieee80211_work *wk) 412{ 413 struct cfg80211_bss *cbss; 414 u16 capa_val = WLAN_CAPABILITY_ESS; 415 416 if (wk->probe_auth.privacy) 417 capa_val |= WLAN_CAPABILITY_PRIVACY; 418 419 cbss = cfg80211_get_bss(local->hw.wiphy, wk->chan, wk->filter_ta, 420 wk->probe_auth.ssid, wk->probe_auth.ssid_len, 421 WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY, 422 capa_val); 423 if (!cbss) 424 return; 425 426 cfg80211_unlink_bss(local->hw.wiphy, cbss); 427 cfg80211_put_bss(cbss); 428} 429 430static enum work_action __must_check 431ieee80211_direct_probe(struct ieee80211_work *wk) 432{ 433 struct ieee80211_sub_if_data *sdata = wk->sdata; 434 struct ieee80211_local *local = sdata->local; 435 436 wk->probe_auth.tries++; 437 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) { 438 printk(KERN_DEBUG "%s: direct probe to %pM timed out\n", 439 sdata->name, wk->filter_ta); 440 441 /* 442 * Most likely AP is not in the range so remove the 443 * bss struct for that AP. 444 */ 445 ieee80211_remove_auth_bss(local, wk); 446 447 return WORK_ACT_TIMEOUT; 448 } 449 450 printk(KERN_DEBUG "%s: direct probe to %pM (try %d)\n", 451 sdata->name, wk->filter_ta, wk->probe_auth.tries); 452 453 /* 454 * Direct probe is sent to broadcast address as some APs 455 * will not answer to direct packet in unassociated state. 456 */ 457 ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid, 458 wk->probe_auth.ssid_len, NULL, 0); 459 460 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 461 run_again(local, wk->timeout); 462 463 return WORK_ACT_NONE; 464} 465 466 467static enum work_action __must_check 468ieee80211_authenticate(struct ieee80211_work *wk) 469{ 470 struct ieee80211_sub_if_data *sdata = wk->sdata; 471 struct ieee80211_local *local = sdata->local; 472 473 wk->probe_auth.tries++; 474 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) { 475 printk(KERN_DEBUG "%s: authentication with %pM" 476 " timed out\n", sdata->name, wk->filter_ta); 477 478 /* 479 * Most likely AP is not in the range so remove the 480 * bss struct for that AP. 481 */ 482 ieee80211_remove_auth_bss(local, wk); 483 484 return WORK_ACT_TIMEOUT; 485 } 486 487 printk(KERN_DEBUG "%s: authenticate with %pM (try %d)\n", 488 sdata->name, wk->filter_ta, wk->probe_auth.tries); 489 490 ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie, 491 wk->ie_len, wk->filter_ta, NULL, 0, 0); 492 wk->probe_auth.transaction = 2; 493 494 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 495 run_again(local, wk->timeout); 496 497 return WORK_ACT_NONE; 498} 499 500static enum work_action __must_check 501ieee80211_associate(struct ieee80211_work *wk) 502{ 503 struct ieee80211_sub_if_data *sdata = wk->sdata; 504 struct ieee80211_local *local = sdata->local; 505 506 wk->assoc.tries++; 507 if (wk->assoc.tries > IEEE80211_ASSOC_MAX_TRIES) { 508 printk(KERN_DEBUG "%s: association with %pM" 509 " timed out\n", 510 sdata->name, wk->filter_ta); 511 512 /* 513 * Most likely AP is not in the range so remove the 514 * bss struct for that AP. 515 */ 516 if (wk->assoc.bss) 517 cfg80211_unlink_bss(local->hw.wiphy, wk->assoc.bss); 518 519 return WORK_ACT_TIMEOUT; 520 } 521 522 printk(KERN_DEBUG "%s: associate with %pM (try %d)\n", 523 sdata->name, wk->filter_ta, wk->assoc.tries); 524 ieee80211_send_assoc(sdata, wk); 525 526 wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 527 run_again(local, wk->timeout); 528 529 return WORK_ACT_NONE; 530} 531 532static enum work_action __must_check 533ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk) 534{ 535 /* 536 * First time we run, do nothing -- the generic code will 537 * have switched to the right channel etc. 538 */ 539 if (!wk->started) { 540 wk->timeout = jiffies + msecs_to_jiffies(wk->remain.duration); 541 542 cfg80211_ready_on_channel(wk->sdata->dev, (unsigned long) wk, 543 wk->chan, wk->chan_type, 544 wk->remain.duration, GFP_KERNEL); 545 546 return WORK_ACT_NONE; 547 } 548 549 return WORK_ACT_TIMEOUT; 550} 551 552static void ieee80211_auth_challenge(struct ieee80211_work *wk, 553 struct ieee80211_mgmt *mgmt, 554 size_t len) 555{ 556 struct ieee80211_sub_if_data *sdata = wk->sdata; 557 u8 *pos; 558 struct ieee802_11_elems elems; 559 560 pos = mgmt->u.auth.variable; 561 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 562 if (!elems.challenge) 563 return; 564 ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm, 565 elems.challenge - 2, elems.challenge_len + 2, 566 wk->filter_ta, wk->probe_auth.key, 567 wk->probe_auth.key_len, wk->probe_auth.key_idx); 568 wk->probe_auth.transaction = 4; 569} 570 571static enum work_action __must_check 572ieee80211_rx_mgmt_auth(struct ieee80211_work *wk, 573 struct ieee80211_mgmt *mgmt, size_t len) 574{ 575 u16 auth_alg, auth_transaction, status_code; 576 577 if (wk->type != IEEE80211_WORK_AUTH) 578 return WORK_ACT_NONE; 579 580 if (len < 24 + 6) 581 return WORK_ACT_NONE; 582 583 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 584 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 585 status_code = le16_to_cpu(mgmt->u.auth.status_code); 586 587 if (auth_alg != wk->probe_auth.algorithm || 588 auth_transaction != wk->probe_auth.transaction) 589 return WORK_ACT_NONE; 590 591 if (status_code != WLAN_STATUS_SUCCESS) { 592 printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n", 593 wk->sdata->name, mgmt->sa, status_code); 594 return WORK_ACT_DONE; 595 } 596 597 switch (wk->probe_auth.algorithm) { 598 case WLAN_AUTH_OPEN: 599 case WLAN_AUTH_LEAP: 600 case WLAN_AUTH_FT: 601 break; 602 case WLAN_AUTH_SHARED_KEY: 603 if (wk->probe_auth.transaction != 4) { 604 ieee80211_auth_challenge(wk, mgmt, len); 605 /* need another frame */ 606 return WORK_ACT_NONE; 607 } 608 break; 609 default: 610 WARN_ON(1); 611 return WORK_ACT_NONE; 612 } 613 614 printk(KERN_DEBUG "%s: authenticated\n", wk->sdata->name); 615 return WORK_ACT_DONE; 616} 617 618static enum work_action __must_check 619ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk, 620 struct ieee80211_mgmt *mgmt, size_t len, 621 bool reassoc) 622{ 623 struct ieee80211_sub_if_data *sdata = wk->sdata; 624 struct ieee80211_local *local = sdata->local; 625 u16 capab_info, status_code, aid; 626 struct ieee802_11_elems elems; 627 u8 *pos; 628 629 /* 630 * AssocResp and ReassocResp have identical structure, so process both 631 * of them in this function. 632 */ 633 634 if (len < 24 + 6) 635 return WORK_ACT_NONE; 636 637 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 638 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 639 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 640 641 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x " 642 "status=%d aid=%d)\n", 643 sdata->name, reassoc ? "Rea" : "A", mgmt->sa, 644 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 645 646 pos = mgmt->u.assoc_resp.variable; 647 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 648 649 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 650 elems.timeout_int && elems.timeout_int_len == 5 && 651 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 652 u32 tu, ms; 653 tu = get_unaligned_le32(elems.timeout_int + 1); 654 ms = tu * 1024 / 1000; 655 printk(KERN_DEBUG "%s: %pM rejected association temporarily; " 656 "comeback duration %u TU (%u ms)\n", 657 sdata->name, mgmt->sa, tu, ms); 658 wk->timeout = jiffies + msecs_to_jiffies(ms); 659 if (ms > IEEE80211_ASSOC_TIMEOUT) 660 run_again(local, wk->timeout); 661 return WORK_ACT_NONE; 662 } 663 664 if (status_code != WLAN_STATUS_SUCCESS) 665 printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n", 666 sdata->name, mgmt->sa, status_code); 667 else 668 printk(KERN_DEBUG "%s: associated\n", sdata->name); 669 670 return WORK_ACT_DONE; 671} 672 673static enum work_action __must_check 674ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk, 675 struct ieee80211_mgmt *mgmt, size_t len, 676 struct ieee80211_rx_status *rx_status) 677{ 678 struct ieee80211_sub_if_data *sdata = wk->sdata; 679 struct ieee80211_local *local = sdata->local; 680 size_t baselen; 681 682 ASSERT_WORK_MTX(local); 683 684 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 685 if (baselen > len) 686 return WORK_ACT_NONE; 687 688 printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name); 689 return WORK_ACT_DONE; 690} 691 692static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local, 693 struct sk_buff *skb) 694{ 695 struct ieee80211_rx_status *rx_status; 696 struct ieee80211_mgmt *mgmt; 697 struct ieee80211_work *wk; 698 enum work_action rma = WORK_ACT_NONE; 699 u16 fc; 700 701 rx_status = (struct ieee80211_rx_status *) skb->cb; 702 mgmt = (struct ieee80211_mgmt *) skb->data; 703 fc = le16_to_cpu(mgmt->frame_control); 704 705 mutex_lock(&local->work_mtx); 706 707 list_for_each_entry(wk, &local->work_list, list) { 708 const u8 *bssid = NULL; 709 710 switch (wk->type) { 711 case IEEE80211_WORK_DIRECT_PROBE: 712 case IEEE80211_WORK_AUTH: 713 case IEEE80211_WORK_ASSOC: 714 bssid = wk->filter_ta; 715 break; 716 default: 717 continue; 718 } 719 720 /* 721 * Before queuing, we already verified mgmt->sa, 722 * so this is needed just for matching. 723 */ 724 if (compare_ether_addr(bssid, mgmt->bssid)) 725 continue; 726 727 switch (fc & IEEE80211_FCTL_STYPE) { 728 case IEEE80211_STYPE_PROBE_RESP: 729 rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len, 730 rx_status); 731 break; 732 case IEEE80211_STYPE_AUTH: 733 rma = ieee80211_rx_mgmt_auth(wk, mgmt, skb->len); 734 break; 735 case IEEE80211_STYPE_ASSOC_RESP: 736 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt, 737 skb->len, false); 738 break; 739 case IEEE80211_STYPE_REASSOC_RESP: 740 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt, 741 skb->len, true); 742 break; 743 default: 744 WARN_ON(1); 745 } 746 /* 747 * We've processed this frame for that work, so it can't 748 * belong to another work struct. 749 * NB: this is also required for correctness for 'rma'! 750 */ 751 break; 752 } 753 754 switch (rma) { 755 case WORK_ACT_NONE: 756 break; 757 case WORK_ACT_DONE: 758 list_del_rcu(&wk->list); 759 break; 760 default: 761 WARN(1, "unexpected: %d", rma); 762 } 763 764 mutex_unlock(&local->work_mtx); 765 766 if (rma != WORK_ACT_DONE) 767 goto out; 768 769 switch (wk->done(wk, skb)) { 770 case WORK_DONE_DESTROY: 771 free_work(wk); 772 break; 773 case WORK_DONE_REQUEUE: 774 synchronize_rcu(); 775 wk->started = false; /* restart */ 776 mutex_lock(&local->work_mtx); 777 list_add_tail(&wk->list, &local->work_list); 778 mutex_unlock(&local->work_mtx); 779 } 780 781 out: 782 kfree_skb(skb); 783} 784 785static void ieee80211_work_timer(unsigned long data) 786{ 787 struct ieee80211_local *local = (void *) data; 788 789 if (local->quiescing) 790 return; 791 792 ieee80211_queue_work(&local->hw, &local->work_work); 793} 794 795static void ieee80211_work_work(struct work_struct *work) 796{ 797 struct ieee80211_local *local = 798 container_of(work, struct ieee80211_local, work_work); 799 struct sk_buff *skb; 800 struct ieee80211_work *wk, *tmp; 801 LIST_HEAD(free_work); 802 enum work_action rma; 803 bool remain_off_channel = false; 804 805 if (local->scanning) 806 return; 807 808 /* 809 * ieee80211_queue_work() should have picked up most cases, 810 * here we'll pick the the rest. 811 */ 812 if (WARN(local->suspended, "work scheduled while going to suspend\n")) 813 return; 814 815 /* first process frames to avoid timing out while a frame is pending */ 816 while ((skb = skb_dequeue(&local->work_skb_queue))) 817 ieee80211_work_rx_queued_mgmt(local, skb); 818 819 ieee80211_recalc_idle(local); 820 821 mutex_lock(&local->work_mtx); 822 823 list_for_each_entry_safe(wk, tmp, &local->work_list, list) { 824 bool started = wk->started; 825 826 /* mark work as started if it's on the current off-channel */ 827 if (!started && local->tmp_channel && 828 wk->chan == local->tmp_channel && 829 wk->chan_type == local->tmp_channel_type) { 830 started = true; 831 wk->timeout = jiffies; 832 } 833 834 if (!started && !local->tmp_channel) { 835 /* 836 * TODO: could optimize this by leaving the 837 * station vifs in awake mode if they 838 * happen to be on the same channel as 839 * the requested channel 840 */ 841 ieee80211_offchannel_stop_beaconing(local); 842 ieee80211_offchannel_stop_station(local); 843 844 local->tmp_channel = wk->chan; 845 local->tmp_channel_type = wk->chan_type; 846 ieee80211_hw_config(local, 0); 847 started = true; 848 wk->timeout = jiffies; 849 } 850 851 /* don't try to work with items that aren't started */ 852 if (!started) 853 continue; 854 855 if (time_is_after_jiffies(wk->timeout)) { 856 /* 857 * This work item isn't supposed to be worked on 858 * right now, but take care to adjust the timer 859 * properly. 860 */ 861 run_again(local, wk->timeout); 862 continue; 863 } 864 865 switch (wk->type) { 866 default: 867 WARN_ON(1); 868 /* nothing */ 869 rma = WORK_ACT_NONE; 870 break; 871 case IEEE80211_WORK_ABORT: 872 rma = WORK_ACT_TIMEOUT; 873 break; 874 case IEEE80211_WORK_DIRECT_PROBE: 875 rma = ieee80211_direct_probe(wk); 876 break; 877 case IEEE80211_WORK_AUTH: 878 rma = ieee80211_authenticate(wk); 879 break; 880 case IEEE80211_WORK_ASSOC: 881 rma = ieee80211_associate(wk); 882 break; 883 case IEEE80211_WORK_REMAIN_ON_CHANNEL: 884 rma = ieee80211_remain_on_channel_timeout(wk); 885 break; 886 } 887 888 wk->started = started; 889 890 switch (rma) { 891 case WORK_ACT_NONE: 892 /* might have changed the timeout */ 893 run_again(local, wk->timeout); 894 break; 895 case WORK_ACT_TIMEOUT: 896 list_del_rcu(&wk->list); 897 synchronize_rcu(); 898 list_add(&wk->list, &free_work); 899 break; 900 default: 901 WARN(1, "unexpected: %d", rma); 902 } 903 } 904 905 list_for_each_entry(wk, &local->work_list, list) { 906 if (!wk->started) 907 continue; 908 if (wk->chan != local->tmp_channel) 909 continue; 910 if (wk->chan_type != local->tmp_channel_type) 911 continue; 912 remain_off_channel = true; 913 } 914 915 if (!remain_off_channel && local->tmp_channel) { 916 local->tmp_channel = NULL; 917 ieee80211_hw_config(local, 0); 918 ieee80211_offchannel_return(local, true); 919 /* give connection some time to breathe */ 920 run_again(local, jiffies + HZ/2); 921 } 922 923 if (list_empty(&local->work_list) && local->scan_req) 924 ieee80211_queue_delayed_work(&local->hw, 925 &local->scan_work, 926 round_jiffies_relative(0)); 927 928 mutex_unlock(&local->work_mtx); 929 930 ieee80211_recalc_idle(local); 931 932 list_for_each_entry_safe(wk, tmp, &free_work, list) { 933 wk->done(wk, NULL); 934 list_del(&wk->list); 935 kfree(wk); 936 } 937} 938 939void ieee80211_add_work(struct ieee80211_work *wk) 940{ 941 struct ieee80211_local *local; 942 943 if (WARN_ON(!wk->chan)) 944 return; 945 946 if (WARN_ON(!wk->sdata)) 947 return; 948 949 if (WARN_ON(!wk->done)) 950 return; 951 952 if (WARN_ON(!ieee80211_sdata_running(wk->sdata))) 953 return; 954 955 wk->started = false; 956 957 local = wk->sdata->local; 958 mutex_lock(&local->work_mtx); 959 list_add_tail(&wk->list, &local->work_list); 960 mutex_unlock(&local->work_mtx); 961 962 ieee80211_queue_work(&local->hw, &local->work_work); 963} 964 965void ieee80211_work_init(struct ieee80211_local *local) 966{ 967 mutex_init(&local->work_mtx); 968 INIT_LIST_HEAD(&local->work_list); 969 setup_timer(&local->work_timer, ieee80211_work_timer, 970 (unsigned long)local); 971 INIT_WORK(&local->work_work, ieee80211_work_work); 972 skb_queue_head_init(&local->work_skb_queue); 973} 974 975void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata) 976{ 977 struct ieee80211_local *local = sdata->local; 978 struct ieee80211_work *wk; 979 980 mutex_lock(&local->work_mtx); 981 list_for_each_entry(wk, &local->work_list, list) { 982 if (wk->sdata != sdata) 983 continue; 984 wk->type = IEEE80211_WORK_ABORT; 985 wk->started = true; 986 wk->timeout = jiffies; 987 } 988 mutex_unlock(&local->work_mtx); 989 990 /* run cleanups etc. */ 991 ieee80211_work_work(&local->work_work); 992 993 mutex_lock(&local->work_mtx); 994 list_for_each_entry(wk, &local->work_list, list) { 995 if (wk->sdata != sdata) 996 continue; 997 WARN_ON(1); 998 break; 999 } 1000 mutex_unlock(&local->work_mtx); 1001} 1002 1003ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata, 1004 struct sk_buff *skb) 1005{ 1006 struct ieee80211_local *local = sdata->local; 1007 struct ieee80211_mgmt *mgmt; 1008 struct ieee80211_work *wk; 1009 u16 fc; 1010 1011 if (skb->len < 24) 1012 return RX_DROP_MONITOR; 1013 1014 mgmt = (struct ieee80211_mgmt *) skb->data; 1015 fc = le16_to_cpu(mgmt->frame_control); 1016 1017 list_for_each_entry_rcu(wk, &local->work_list, list) { 1018 if (sdata != wk->sdata) 1019 continue; 1020 if (compare_ether_addr(wk->filter_ta, mgmt->sa)) 1021 continue; 1022 if (compare_ether_addr(wk->filter_ta, mgmt->bssid)) 1023 continue; 1024 1025 switch (fc & IEEE80211_FCTL_STYPE) { 1026 case IEEE80211_STYPE_AUTH: 1027 case IEEE80211_STYPE_PROBE_RESP: 1028 case IEEE80211_STYPE_ASSOC_RESP: 1029 case IEEE80211_STYPE_REASSOC_RESP: 1030 skb_queue_tail(&local->work_skb_queue, skb); 1031 ieee80211_queue_work(&local->hw, &local->work_work); 1032 return RX_QUEUED; 1033 } 1034 } 1035 1036 return RX_CONTINUE; 1037} 1038 1039static enum work_done_result ieee80211_remain_done(struct ieee80211_work *wk, 1040 struct sk_buff *skb) 1041{ 1042 /* 1043 * We are done serving the remain-on-channel command. 1044 */ 1045 cfg80211_remain_on_channel_expired(wk->sdata->dev, (unsigned long) wk, 1046 wk->chan, wk->chan_type, 1047 GFP_KERNEL); 1048 1049 return WORK_DONE_DESTROY; 1050} 1051 1052int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata, 1053 struct ieee80211_channel *chan, 1054 enum nl80211_channel_type channel_type, 1055 unsigned int duration, u64 *cookie) 1056{ 1057 struct ieee80211_work *wk; 1058 1059 wk = kzalloc(sizeof(*wk), GFP_KERNEL); 1060 if (!wk) 1061 return -ENOMEM; 1062 1063 wk->type = IEEE80211_WORK_REMAIN_ON_CHANNEL; 1064 wk->chan = chan; 1065 wk->chan_type = channel_type; 1066 wk->sdata = sdata; 1067 wk->done = ieee80211_remain_done; 1068 1069 wk->remain.duration = duration; 1070 1071 *cookie = (unsigned long) wk; 1072 1073 ieee80211_add_work(wk); 1074 1075 return 0; 1076} 1077 1078int ieee80211_wk_cancel_remain_on_channel(struct ieee80211_sub_if_data *sdata, 1079 u64 cookie) 1080{ 1081 struct ieee80211_local *local = sdata->local; 1082 struct ieee80211_work *wk, *tmp; 1083 bool found = false; 1084 1085 mutex_lock(&local->work_mtx); 1086 list_for_each_entry_safe(wk, tmp, &local->work_list, list) { 1087 if ((unsigned long) wk == cookie) { 1088 wk->timeout = jiffies; 1089 found = true; 1090 break; 1091 } 1092 } 1093 mutex_unlock(&local->work_mtx); 1094 1095 if (!found) 1096 return -ENOENT; 1097 1098 ieee80211_queue_work(&local->hw, &local->work_work); 1099 1100 return 0; 1101}