tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / mac80211 / work.c
at v2.6.35 1139 lines 29 kB view raw
1/* 2 * mac80211 work implementation 3 * 4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 5 * Copyright 2004, Instant802 Networks, Inc. 6 * Copyright 2005, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * Copyright 2009, Johannes Berg <johannes@sipsolutions.net> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 */ 15 16#include <linux/delay.h> 17#include <linux/if_ether.h> 18#include <linux/skbuff.h> 19#include <linux/if_arp.h> 20#include <linux/etherdevice.h> 21#include <linux/crc32.h> 22#include <linux/slab.h> 23#include <net/mac80211.h> 24#include <asm/unaligned.h> 25 26#include "ieee80211_i.h" 27#include "rate.h" 28 29#define IEEE80211_AUTH_TIMEOUT (HZ / 5) 30#define IEEE80211_AUTH_MAX_TRIES 3 31#define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 32#define IEEE80211_ASSOC_MAX_TRIES 3 33#define IEEE80211_MAX_PROBE_TRIES 5 34 35enum work_action { 36 WORK_ACT_MISMATCH, 37 WORK_ACT_NONE, 38 WORK_ACT_TIMEOUT, 39 WORK_ACT_DONE, 40}; 41 42 43/* utils */ 44static inline void ASSERT_WORK_MTX(struct ieee80211_local *local) 45{ 46 WARN_ON(!mutex_is_locked(&local->work_mtx)); 47} 48 49/* 50 * We can have multiple work items (and connection probing) 51 * scheduling this timer, but we need to take care to only 52 * reschedule it when it should fire _earlier_ than it was 53 * asked for before, or if it's not pending right now. This 54 * function ensures that. Note that it then is required to 55 * run this function for all timeouts after the first one 56 * has happened -- the work that runs from this timer will 57 * do that. 58 */ 59static void run_again(struct ieee80211_local *local, 60 unsigned long timeout) 61{ 62 ASSERT_WORK_MTX(local); 63 64 if (!timer_pending(&local->work_timer) || 65 time_before(timeout, local->work_timer.expires)) 66 mod_timer(&local->work_timer, timeout); 67} 68 69static void work_free_rcu(struct rcu_head *head) 70{ 71 struct ieee80211_work *wk = 72 container_of(head, struct ieee80211_work, rcu_head); 73 74 kfree(wk); 75} 76 77void free_work(struct ieee80211_work *wk) 78{ 79 call_rcu(&wk->rcu_head, work_free_rcu); 80} 81 82static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 83 struct ieee80211_supported_band *sband, 84 u32 *rates) 85{ 86 int i, j, count; 87 *rates = 0; 88 count = 0; 89 for (i = 0; i < supp_rates_len; i++) { 90 int rate = (supp_rates[i] & 0x7F) * 5; 91 92 for (j = 0; j < sband->n_bitrates; j++) 93 if (sband->bitrates[j].bitrate == rate) { 94 *rates |= BIT(j); 95 count++; 96 break; 97 } 98 } 99 100 return count; 101} 102 103/* frame sending functions */ 104 105static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie, 106 struct ieee80211_supported_band *sband, 107 struct ieee80211_channel *channel, 108 enum ieee80211_smps_mode smps) 109{ 110 struct ieee80211_ht_info *ht_info; 111 u8 *pos; 112 u32 flags = channel->flags; 113 u16 cap = sband->ht_cap.cap; 114 __le16 tmp; 115 116 if (!sband->ht_cap.ht_supported) 117 return; 118 119 if (!ht_info_ie) 120 return; 121 122 if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info)) 123 return; 124 125 ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2); 126 127 /* determine capability flags */ 128 129 if (ieee80211_disable_40mhz_24ghz && 130 sband->band == IEEE80211_BAND_2GHZ) { 131 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 132 cap &= ~IEEE80211_HT_CAP_SGI_40; 133 } 134 135 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 136 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 137 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 138 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 139 cap &= ~IEEE80211_HT_CAP_SGI_40; 140 } 141 break; 142 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 143 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 144 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 145 cap &= ~IEEE80211_HT_CAP_SGI_40; 146 } 147 break; 148 } 149 150 /* set SM PS mode properly */ 151 cap &= ~IEEE80211_HT_CAP_SM_PS; 152 switch (smps) { 153 case IEEE80211_SMPS_AUTOMATIC: 154 case IEEE80211_SMPS_NUM_MODES: 155 WARN_ON(1); 156 case IEEE80211_SMPS_OFF: 157 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 158 IEEE80211_HT_CAP_SM_PS_SHIFT; 159 break; 160 case IEEE80211_SMPS_STATIC: 161 cap |= WLAN_HT_CAP_SM_PS_STATIC << 162 IEEE80211_HT_CAP_SM_PS_SHIFT; 163 break; 164 case IEEE80211_SMPS_DYNAMIC: 165 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 166 IEEE80211_HT_CAP_SM_PS_SHIFT; 167 break; 168 } 169 170 /* reserve and fill IE */ 171 172 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 173 *pos++ = WLAN_EID_HT_CAPABILITY; 174 *pos++ = sizeof(struct ieee80211_ht_cap); 175 memset(pos, 0, sizeof(struct ieee80211_ht_cap)); 176 177 /* capability flags */ 178 tmp = cpu_to_le16(cap); 179 memcpy(pos, &tmp, sizeof(u16)); 180 pos += sizeof(u16); 181 182 /* AMPDU parameters */ 183 *pos++ = sband->ht_cap.ampdu_factor | 184 (sband->ht_cap.ampdu_density << 185 IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT); 186 187 /* MCS set */ 188 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs)); 189 pos += sizeof(sband->ht_cap.mcs); 190 191 /* extended capabilities */ 192 pos += sizeof(__le16); 193 194 /* BF capabilities */ 195 pos += sizeof(__le32); 196 197 /* antenna selection */ 198 pos += sizeof(u8); 199} 200 201static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata, 202 struct ieee80211_work *wk) 203{ 204 struct ieee80211_local *local = sdata->local; 205 struct sk_buff *skb; 206 struct ieee80211_mgmt *mgmt; 207 u8 *pos, qos_info; 208 const u8 *ies; 209 size_t offset = 0, noffset; 210 int i, len, count, rates_len, supp_rates_len; 211 u16 capab; 212 struct ieee80211_supported_band *sband; 213 u32 rates = 0; 214 215 sband = local->hw.wiphy->bands[wk->chan->band]; 216 217 if (wk->assoc.supp_rates_len) { 218 /* 219 * Get all rates supported by the device and the AP as 220 * some APs don't like getting a superset of their rates 221 * in the association request (e.g. D-Link DAP 1353 in 222 * b-only mode)... 223 */ 224 rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates, 225 wk->assoc.supp_rates_len, 226 sband, &rates); 227 } else { 228 /* 229 * In case AP not provide any supported rates information 230 * before association, we send information element(s) with 231 * all rates that we support. 232 */ 233 rates = ~0; 234 rates_len = sband->n_bitrates; 235 } 236 237 skb = alloc_skb(local->hw.extra_tx_headroom + 238 sizeof(*mgmt) + /* bit too much but doesn't matter */ 239 2 + wk->assoc.ssid_len + /* SSID */ 240 4 + rates_len + /* (extended) rates */ 241 4 + /* power capability */ 242 2 + 2 * sband->n_channels + /* supported channels */ 243 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 244 wk->ie_len + /* extra IEs */ 245 9, /* WMM */ 246 GFP_KERNEL); 247 if (!skb) { 248 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc " 249 "frame\n", sdata->name); 250 return; 251 } 252 skb_reserve(skb, local->hw.extra_tx_headroom); 253 254 capab = WLAN_CAPABILITY_ESS; 255 256 if (sband->band == IEEE80211_BAND_2GHZ) { 257 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 258 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 259 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 260 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 261 } 262 263 if (wk->assoc.capability & WLAN_CAPABILITY_PRIVACY) 264 capab |= WLAN_CAPABILITY_PRIVACY; 265 266 if ((wk->assoc.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 267 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 268 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 269 270 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 271 memset(mgmt, 0, 24); 272 memcpy(mgmt->da, wk->filter_ta, ETH_ALEN); 273 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 274 memcpy(mgmt->bssid, wk->filter_ta, ETH_ALEN); 275 276 if (!is_zero_ether_addr(wk->assoc.prev_bssid)) { 277 skb_put(skb, 10); 278 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 279 IEEE80211_STYPE_REASSOC_REQ); 280 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 281 mgmt->u.reassoc_req.listen_interval = 282 cpu_to_le16(local->hw.conf.listen_interval); 283 memcpy(mgmt->u.reassoc_req.current_ap, wk->assoc.prev_bssid, 284 ETH_ALEN); 285 } else { 286 skb_put(skb, 4); 287 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 288 IEEE80211_STYPE_ASSOC_REQ); 289 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 290 mgmt->u.assoc_req.listen_interval = 291 cpu_to_le16(local->hw.conf.listen_interval); 292 } 293 294 /* SSID */ 295 ies = pos = skb_put(skb, 2 + wk->assoc.ssid_len); 296 *pos++ = WLAN_EID_SSID; 297 *pos++ = wk->assoc.ssid_len; 298 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len); 299 300 /* add all rates which were marked to be used above */ 301 supp_rates_len = rates_len; 302 if (supp_rates_len > 8) 303 supp_rates_len = 8; 304 305 len = sband->n_bitrates; 306 pos = skb_put(skb, supp_rates_len + 2); 307 *pos++ = WLAN_EID_SUPP_RATES; 308 *pos++ = supp_rates_len; 309 310 count = 0; 311 for (i = 0; i < sband->n_bitrates; i++) { 312 if (BIT(i) & rates) { 313 int rate = sband->bitrates[i].bitrate; 314 *pos++ = (u8) (rate / 5); 315 if (++count == 8) 316 break; 317 } 318 } 319 320 if (rates_len > count) { 321 pos = skb_put(skb, rates_len - count + 2); 322 *pos++ = WLAN_EID_EXT_SUPP_RATES; 323 *pos++ = rates_len - count; 324 325 for (i++; i < sband->n_bitrates; i++) { 326 if (BIT(i) & rates) { 327 int rate = sband->bitrates[i].bitrate; 328 *pos++ = (u8) (rate / 5); 329 } 330 } 331 } 332 333 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 334 /* 1. power capabilities */ 335 pos = skb_put(skb, 4); 336 *pos++ = WLAN_EID_PWR_CAPABILITY; 337 *pos++ = 2; 338 *pos++ = 0; /* min tx power */ 339 *pos++ = wk->chan->max_power; /* max tx power */ 340 341 /* 2. supported channels */ 342 /* TODO: get this in reg domain format */ 343 pos = skb_put(skb, 2 * sband->n_channels + 2); 344 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 345 *pos++ = 2 * sband->n_channels; 346 for (i = 0; i < sband->n_channels; i++) { 347 *pos++ = ieee80211_frequency_to_channel( 348 sband->channels[i].center_freq); 349 *pos++ = 1; /* one channel in the subband*/ 350 } 351 } 352 353 /* if present, add any custom IEs that go before HT */ 354 if (wk->ie_len && wk->ie) { 355 static const u8 before_ht[] = { 356 WLAN_EID_SSID, 357 WLAN_EID_SUPP_RATES, 358 WLAN_EID_EXT_SUPP_RATES, 359 WLAN_EID_PWR_CAPABILITY, 360 WLAN_EID_SUPPORTED_CHANNELS, 361 WLAN_EID_RSN, 362 WLAN_EID_QOS_CAPA, 363 WLAN_EID_RRM_ENABLED_CAPABILITIES, 364 WLAN_EID_MOBILITY_DOMAIN, 365 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 366 }; 367 noffset = ieee80211_ie_split(wk->ie, wk->ie_len, 368 before_ht, ARRAY_SIZE(before_ht), 369 offset); 370 pos = skb_put(skb, noffset - offset); 371 memcpy(pos, wk->ie + offset, noffset - offset); 372 offset = noffset; 373 } 374 375 if (wk->assoc.use_11n && wk->assoc.wmm_used && 376 local->hw.queues >= 4) 377 ieee80211_add_ht_ie(skb, wk->assoc.ht_information_ie, 378 sband, wk->chan, wk->assoc.smps); 379 380 /* if present, add any custom non-vendor IEs that go after HT */ 381 if (wk->ie_len && wk->ie) { 382 noffset = ieee80211_ie_split_vendor(wk->ie, wk->ie_len, 383 offset); 384 pos = skb_put(skb, noffset - offset); 385 memcpy(pos, wk->ie + offset, noffset - offset); 386 offset = noffset; 387 } 388 389 if (wk->assoc.wmm_used && local->hw.queues >= 4) { 390 if (wk->assoc.uapsd_used) { 391 qos_info = local->uapsd_queues; 392 qos_info |= (local->uapsd_max_sp_len << 393 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 394 } else { 395 qos_info = 0; 396 } 397 398 pos = skb_put(skb, 9); 399 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 400 *pos++ = 7; /* len */ 401 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 402 *pos++ = 0x50; 403 *pos++ = 0xf2; 404 *pos++ = 2; /* WME */ 405 *pos++ = 0; /* WME info */ 406 *pos++ = 1; /* WME ver */ 407 *pos++ = qos_info; 408 } 409 410 /* add any remaining custom (i.e. vendor specific here) IEs */ 411 if (wk->ie_len && wk->ie) { 412 noffset = wk->ie_len; 413 pos = skb_put(skb, noffset - offset); 414 memcpy(pos, wk->ie + offset, noffset - offset); 415 } 416 417 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 418 ieee80211_tx_skb(sdata, skb); 419} 420 421static void ieee80211_remove_auth_bss(struct ieee80211_local *local, 422 struct ieee80211_work *wk) 423{ 424 struct cfg80211_bss *cbss; 425 u16 capa_val = WLAN_CAPABILITY_ESS; 426 427 if (wk->probe_auth.privacy) 428 capa_val |= WLAN_CAPABILITY_PRIVACY; 429 430 cbss = cfg80211_get_bss(local->hw.wiphy, wk->chan, wk->filter_ta, 431 wk->probe_auth.ssid, wk->probe_auth.ssid_len, 432 WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY, 433 capa_val); 434 if (!cbss) 435 return; 436 437 cfg80211_unlink_bss(local->hw.wiphy, cbss); 438 cfg80211_put_bss(cbss); 439} 440 441static enum work_action __must_check 442ieee80211_direct_probe(struct ieee80211_work *wk) 443{ 444 struct ieee80211_sub_if_data *sdata = wk->sdata; 445 struct ieee80211_local *local = sdata->local; 446 447 wk->probe_auth.tries++; 448 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) { 449 printk(KERN_DEBUG "%s: direct probe to %pM timed out\n", 450 sdata->name, wk->filter_ta); 451 452 /* 453 * Most likely AP is not in the range so remove the 454 * bss struct for that AP. 455 */ 456 ieee80211_remove_auth_bss(local, wk); 457 458 return WORK_ACT_TIMEOUT; 459 } 460 461 printk(KERN_DEBUG "%s: direct probe to %pM (try %d)\n", 462 sdata->name, wk->filter_ta, wk->probe_auth.tries); 463 464 /* 465 * Direct probe is sent to broadcast address as some APs 466 * will not answer to direct packet in unassociated state. 467 */ 468 ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid, 469 wk->probe_auth.ssid_len, NULL, 0); 470 471 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 472 run_again(local, wk->timeout); 473 474 return WORK_ACT_NONE; 475} 476 477 478static enum work_action __must_check 479ieee80211_authenticate(struct ieee80211_work *wk) 480{ 481 struct ieee80211_sub_if_data *sdata = wk->sdata; 482 struct ieee80211_local *local = sdata->local; 483 484 wk->probe_auth.tries++; 485 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) { 486 printk(KERN_DEBUG "%s: authentication with %pM" 487 " timed out\n", sdata->name, wk->filter_ta); 488 489 /* 490 * Most likely AP is not in the range so remove the 491 * bss struct for that AP. 492 */ 493 ieee80211_remove_auth_bss(local, wk); 494 495 return WORK_ACT_TIMEOUT; 496 } 497 498 printk(KERN_DEBUG "%s: authenticate with %pM (try %d)\n", 499 sdata->name, wk->filter_ta, wk->probe_auth.tries); 500 501 ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie, 502 wk->ie_len, wk->filter_ta, NULL, 0, 0); 503 wk->probe_auth.transaction = 2; 504 505 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 506 run_again(local, wk->timeout); 507 508 return WORK_ACT_NONE; 509} 510 511static enum work_action __must_check 512ieee80211_associate(struct ieee80211_work *wk) 513{ 514 struct ieee80211_sub_if_data *sdata = wk->sdata; 515 struct ieee80211_local *local = sdata->local; 516 517 wk->assoc.tries++; 518 if (wk->assoc.tries > IEEE80211_ASSOC_MAX_TRIES) { 519 printk(KERN_DEBUG "%s: association with %pM" 520 " timed out\n", 521 sdata->name, wk->filter_ta); 522 523 /* 524 * Most likely AP is not in the range so remove the 525 * bss struct for that AP. 526 */ 527 if (wk->assoc.bss) 528 cfg80211_unlink_bss(local->hw.wiphy, wk->assoc.bss); 529 530 return WORK_ACT_TIMEOUT; 531 } 532 533 printk(KERN_DEBUG "%s: associate with %pM (try %d)\n", 534 sdata->name, wk->filter_ta, wk->assoc.tries); 535 ieee80211_send_assoc(sdata, wk); 536 537 wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 538 run_again(local, wk->timeout); 539 540 return WORK_ACT_NONE; 541} 542 543static enum work_action __must_check 544ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk) 545{ 546 /* 547 * First time we run, do nothing -- the generic code will 548 * have switched to the right channel etc. 549 */ 550 if (!wk->started) { 551 wk->timeout = jiffies + msecs_to_jiffies(wk->remain.duration); 552 553 cfg80211_ready_on_channel(wk->sdata->dev, (unsigned long) wk, 554 wk->chan, wk->chan_type, 555 wk->remain.duration, GFP_KERNEL); 556 557 return WORK_ACT_NONE; 558 } 559 560 return WORK_ACT_TIMEOUT; 561} 562 563static void ieee80211_auth_challenge(struct ieee80211_work *wk, 564 struct ieee80211_mgmt *mgmt, 565 size_t len) 566{ 567 struct ieee80211_sub_if_data *sdata = wk->sdata; 568 u8 *pos; 569 struct ieee802_11_elems elems; 570 571 pos = mgmt->u.auth.variable; 572 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 573 if (!elems.challenge) 574 return; 575 ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm, 576 elems.challenge - 2, elems.challenge_len + 2, 577 wk->filter_ta, wk->probe_auth.key, 578 wk->probe_auth.key_len, wk->probe_auth.key_idx); 579 wk->probe_auth.transaction = 4; 580} 581 582static enum work_action __must_check 583ieee80211_rx_mgmt_auth(struct ieee80211_work *wk, 584 struct ieee80211_mgmt *mgmt, size_t len) 585{ 586 u16 auth_alg, auth_transaction, status_code; 587 588 if (wk->type != IEEE80211_WORK_AUTH) 589 return WORK_ACT_MISMATCH; 590 591 if (len < 24 + 6) 592 return WORK_ACT_NONE; 593 594 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 595 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 596 status_code = le16_to_cpu(mgmt->u.auth.status_code); 597 598 if (auth_alg != wk->probe_auth.algorithm || 599 auth_transaction != wk->probe_auth.transaction) 600 return WORK_ACT_NONE; 601 602 if (status_code != WLAN_STATUS_SUCCESS) { 603 printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n", 604 wk->sdata->name, mgmt->sa, status_code); 605 return WORK_ACT_DONE; 606 } 607 608 switch (wk->probe_auth.algorithm) { 609 case WLAN_AUTH_OPEN: 610 case WLAN_AUTH_LEAP: 611 case WLAN_AUTH_FT: 612 break; 613 case WLAN_AUTH_SHARED_KEY: 614 if (wk->probe_auth.transaction != 4) { 615 ieee80211_auth_challenge(wk, mgmt, len); 616 /* need another frame */ 617 return WORK_ACT_NONE; 618 } 619 break; 620 default: 621 WARN_ON(1); 622 return WORK_ACT_NONE; 623 } 624 625 printk(KERN_DEBUG "%s: authenticated\n", wk->sdata->name); 626 return WORK_ACT_DONE; 627} 628 629static enum work_action __must_check 630ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk, 631 struct ieee80211_mgmt *mgmt, size_t len, 632 bool reassoc) 633{ 634 struct ieee80211_sub_if_data *sdata = wk->sdata; 635 struct ieee80211_local *local = sdata->local; 636 u16 capab_info, status_code, aid; 637 struct ieee802_11_elems elems; 638 u8 *pos; 639 640 if (wk->type != IEEE80211_WORK_ASSOC) 641 return WORK_ACT_MISMATCH; 642 643 /* 644 * AssocResp and ReassocResp have identical structure, so process both 645 * of them in this function. 646 */ 647 648 if (len < 24 + 6) 649 return WORK_ACT_NONE; 650 651 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 652 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 653 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 654 655 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x " 656 "status=%d aid=%d)\n", 657 sdata->name, reassoc ? "Rea" : "A", mgmt->sa, 658 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 659 660 pos = mgmt->u.assoc_resp.variable; 661 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 662 663 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 664 elems.timeout_int && elems.timeout_int_len == 5 && 665 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 666 u32 tu, ms; 667 tu = get_unaligned_le32(elems.timeout_int + 1); 668 ms = tu * 1024 / 1000; 669 printk(KERN_DEBUG "%s: %pM rejected association temporarily; " 670 "comeback duration %u TU (%u ms)\n", 671 sdata->name, mgmt->sa, tu, ms); 672 wk->timeout = jiffies + msecs_to_jiffies(ms); 673 if (ms > IEEE80211_ASSOC_TIMEOUT) 674 run_again(local, wk->timeout); 675 return WORK_ACT_NONE; 676 } 677 678 if (status_code != WLAN_STATUS_SUCCESS) 679 printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n", 680 sdata->name, mgmt->sa, status_code); 681 else 682 printk(KERN_DEBUG "%s: associated\n", sdata->name); 683 684 return WORK_ACT_DONE; 685} 686 687static enum work_action __must_check 688ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk, 689 struct ieee80211_mgmt *mgmt, size_t len, 690 struct ieee80211_rx_status *rx_status) 691{ 692 struct ieee80211_sub_if_data *sdata = wk->sdata; 693 struct ieee80211_local *local = sdata->local; 694 size_t baselen; 695 696 ASSERT_WORK_MTX(local); 697 698 if (wk->type != IEEE80211_WORK_DIRECT_PROBE) 699 return WORK_ACT_MISMATCH; 700 701 if (len < 24 + 12) 702 return WORK_ACT_NONE; 703 704 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 705 if (baselen > len) 706 return WORK_ACT_NONE; 707 708 printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name); 709 return WORK_ACT_DONE; 710} 711 712static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local, 713 struct sk_buff *skb) 714{ 715 struct ieee80211_rx_status *rx_status; 716 struct ieee80211_mgmt *mgmt; 717 struct ieee80211_work *wk; 718 enum work_action rma = WORK_ACT_NONE; 719 u16 fc; 720 721 rx_status = (struct ieee80211_rx_status *) skb->cb; 722 mgmt = (struct ieee80211_mgmt *) skb->data; 723 fc = le16_to_cpu(mgmt->frame_control); 724 725 mutex_lock(&local->work_mtx); 726 727 list_for_each_entry(wk, &local->work_list, list) { 728 const u8 *bssid = NULL; 729 730 switch (wk->type) { 731 case IEEE80211_WORK_DIRECT_PROBE: 732 case IEEE80211_WORK_AUTH: 733 case IEEE80211_WORK_ASSOC: 734 bssid = wk->filter_ta; 735 break; 736 default: 737 continue; 738 } 739 740 /* 741 * Before queuing, we already verified mgmt->sa, 742 * so this is needed just for matching. 743 */ 744 if (compare_ether_addr(bssid, mgmt->bssid)) 745 continue; 746 747 switch (fc & IEEE80211_FCTL_STYPE) { 748 case IEEE80211_STYPE_PROBE_RESP: 749 rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len, 750 rx_status); 751 break; 752 case IEEE80211_STYPE_AUTH: 753 rma = ieee80211_rx_mgmt_auth(wk, mgmt, skb->len); 754 break; 755 case IEEE80211_STYPE_ASSOC_RESP: 756 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt, 757 skb->len, false); 758 break; 759 case IEEE80211_STYPE_REASSOC_RESP: 760 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt, 761 skb->len, true); 762 break; 763 default: 764 WARN_ON(1); 765 rma = WORK_ACT_NONE; 766 } 767 768 /* 769 * We've either received an unexpected frame, or we have 770 * multiple work items and need to match the frame to the 771 * right one. 772 */ 773 if (rma == WORK_ACT_MISMATCH) 774 continue; 775 776 /* 777 * We've processed this frame for that work, so it can't 778 * belong to another work struct. 779 * NB: this is also required for correctness for 'rma'! 780 */ 781 break; 782 } 783 784 switch (rma) { 785 case WORK_ACT_MISMATCH: 786 /* ignore this unmatched frame */ 787 break; 788 case WORK_ACT_NONE: 789 break; 790 case WORK_ACT_DONE: 791 list_del_rcu(&wk->list); 792 break; 793 default: 794 WARN(1, "unexpected: %d", rma); 795 } 796 797 mutex_unlock(&local->work_mtx); 798 799 if (rma != WORK_ACT_DONE) 800 goto out; 801 802 switch (wk->done(wk, skb)) { 803 case WORK_DONE_DESTROY: 804 free_work(wk); 805 break; 806 case WORK_DONE_REQUEUE: 807 synchronize_rcu(); 808 wk->started = false; /* restart */ 809 mutex_lock(&local->work_mtx); 810 list_add_tail(&wk->list, &local->work_list); 811 mutex_unlock(&local->work_mtx); 812 } 813 814 out: 815 kfree_skb(skb); 816} 817 818static void ieee80211_work_timer(unsigned long data) 819{ 820 struct ieee80211_local *local = (void *) data; 821 822 if (local->quiescing) 823 return; 824 825 ieee80211_queue_work(&local->hw, &local->work_work); 826} 827 828static void ieee80211_work_work(struct work_struct *work) 829{ 830 struct ieee80211_local *local = 831 container_of(work, struct ieee80211_local, work_work); 832 struct sk_buff *skb; 833 struct ieee80211_work *wk, *tmp; 834 LIST_HEAD(free_work); 835 enum work_action rma; 836 bool remain_off_channel = false; 837 838 if (local->scanning) 839 return; 840 841 /* 842 * ieee80211_queue_work() should have picked up most cases, 843 * here we'll pick the the rest. 844 */ 845 if (WARN(local->suspended, "work scheduled while going to suspend\n")) 846 return; 847 848 /* first process frames to avoid timing out while a frame is pending */ 849 while ((skb = skb_dequeue(&local->work_skb_queue))) 850 ieee80211_work_rx_queued_mgmt(local, skb); 851 852 ieee80211_recalc_idle(local); 853 854 mutex_lock(&local->work_mtx); 855 856 list_for_each_entry_safe(wk, tmp, &local->work_list, list) { 857 bool started = wk->started; 858 859 /* mark work as started if it's on the current off-channel */ 860 if (!started && local->tmp_channel && 861 wk->chan == local->tmp_channel && 862 wk->chan_type == local->tmp_channel_type) { 863 started = true; 864 wk->timeout = jiffies; 865 } 866 867 if (!started && !local->tmp_channel) { 868 /* 869 * TODO: could optimize this by leaving the 870 * station vifs in awake mode if they 871 * happen to be on the same channel as 872 * the requested channel 873 */ 874 ieee80211_offchannel_stop_beaconing(local); 875 ieee80211_offchannel_stop_station(local); 876 877 local->tmp_channel = wk->chan; 878 local->tmp_channel_type = wk->chan_type; 879 ieee80211_hw_config(local, 0); 880 started = true; 881 wk->timeout = jiffies; 882 } 883 884 /* don't try to work with items that aren't started */ 885 if (!started) 886 continue; 887 888 if (time_is_after_jiffies(wk->timeout)) { 889 /* 890 * This work item isn't supposed to be worked on 891 * right now, but take care to adjust the timer 892 * properly. 893 */ 894 run_again(local, wk->timeout); 895 continue; 896 } 897 898 switch (wk->type) { 899 default: 900 WARN_ON(1); 901 /* nothing */ 902 rma = WORK_ACT_NONE; 903 break; 904 case IEEE80211_WORK_ABORT: 905 rma = WORK_ACT_TIMEOUT; 906 break; 907 case IEEE80211_WORK_DIRECT_PROBE: 908 rma = ieee80211_direct_probe(wk); 909 break; 910 case IEEE80211_WORK_AUTH: 911 rma = ieee80211_authenticate(wk); 912 break; 913 case IEEE80211_WORK_ASSOC: 914 rma = ieee80211_associate(wk); 915 break; 916 case IEEE80211_WORK_REMAIN_ON_CHANNEL: 917 rma = ieee80211_remain_on_channel_timeout(wk); 918 break; 919 } 920 921 wk->started = started; 922 923 switch (rma) { 924 case WORK_ACT_NONE: 925 /* might have changed the timeout */ 926 run_again(local, wk->timeout); 927 break; 928 case WORK_ACT_TIMEOUT: 929 list_del_rcu(&wk->list); 930 synchronize_rcu(); 931 list_add(&wk->list, &free_work); 932 break; 933 default: 934 WARN(1, "unexpected: %d", rma); 935 } 936 } 937 938 list_for_each_entry(wk, &local->work_list, list) { 939 if (!wk->started) 940 continue; 941 if (wk->chan != local->tmp_channel) 942 continue; 943 if (wk->chan_type != local->tmp_channel_type) 944 continue; 945 remain_off_channel = true; 946 } 947 948 if (!remain_off_channel && local->tmp_channel) { 949 local->tmp_channel = NULL; 950 ieee80211_hw_config(local, 0); 951 ieee80211_offchannel_return(local, true); 952 /* give connection some time to breathe */ 953 run_again(local, jiffies + HZ/2); 954 } 955 956 mutex_lock(&local->scan_mtx); 957 958 if (list_empty(&local->work_list) && local->scan_req && 959 !local->scanning) 960 ieee80211_queue_delayed_work(&local->hw, 961 &local->scan_work, 962 round_jiffies_relative(0)); 963 964 mutex_unlock(&local->scan_mtx); 965 966 mutex_unlock(&local->work_mtx); 967 968 ieee80211_recalc_idle(local); 969 970 list_for_each_entry_safe(wk, tmp, &free_work, list) { 971 wk->done(wk, NULL); 972 list_del(&wk->list); 973 kfree(wk); 974 } 975} 976 977void ieee80211_add_work(struct ieee80211_work *wk) 978{ 979 struct ieee80211_local *local; 980 981 if (WARN_ON(!wk->chan)) 982 return; 983 984 if (WARN_ON(!wk->sdata)) 985 return; 986 987 if (WARN_ON(!wk->done)) 988 return; 989 990 if (WARN_ON(!ieee80211_sdata_running(wk->sdata))) 991 return; 992 993 wk->started = false; 994 995 local = wk->sdata->local; 996 mutex_lock(&local->work_mtx); 997 list_add_tail(&wk->list, &local->work_list); 998 mutex_unlock(&local->work_mtx); 999 1000 ieee80211_queue_work(&local->hw, &local->work_work); 1001} 1002 1003void ieee80211_work_init(struct ieee80211_local *local) 1004{ 1005 mutex_init(&local->work_mtx); 1006 INIT_LIST_HEAD(&local->work_list); 1007 setup_timer(&local->work_timer, ieee80211_work_timer, 1008 (unsigned long)local); 1009 INIT_WORK(&local->work_work, ieee80211_work_work); 1010 skb_queue_head_init(&local->work_skb_queue); 1011} 1012 1013void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata) 1014{ 1015 struct ieee80211_local *local = sdata->local; 1016 struct ieee80211_work *wk; 1017 1018 mutex_lock(&local->work_mtx); 1019 list_for_each_entry(wk, &local->work_list, list) { 1020 if (wk->sdata != sdata) 1021 continue; 1022 wk->type = IEEE80211_WORK_ABORT; 1023 wk->started = true; 1024 wk->timeout = jiffies; 1025 } 1026 mutex_unlock(&local->work_mtx); 1027 1028 /* run cleanups etc. */ 1029 ieee80211_work_work(&local->work_work); 1030 1031 mutex_lock(&local->work_mtx); 1032 list_for_each_entry(wk, &local->work_list, list) { 1033 if (wk->sdata != sdata) 1034 continue; 1035 WARN_ON(1); 1036 break; 1037 } 1038 mutex_unlock(&local->work_mtx); 1039} 1040 1041ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata, 1042 struct sk_buff *skb) 1043{ 1044 struct ieee80211_local *local = sdata->local; 1045 struct ieee80211_mgmt *mgmt; 1046 struct ieee80211_work *wk; 1047 u16 fc; 1048 1049 if (skb->len < 24) 1050 return RX_DROP_MONITOR; 1051 1052 mgmt = (struct ieee80211_mgmt *) skb->data; 1053 fc = le16_to_cpu(mgmt->frame_control); 1054 1055 list_for_each_entry_rcu(wk, &local->work_list, list) { 1056 if (sdata != wk->sdata) 1057 continue; 1058 if (compare_ether_addr(wk->filter_ta, mgmt->sa)) 1059 continue; 1060 if (compare_ether_addr(wk->filter_ta, mgmt->bssid)) 1061 continue; 1062 1063 switch (fc & IEEE80211_FCTL_STYPE) { 1064 case IEEE80211_STYPE_AUTH: 1065 case IEEE80211_STYPE_PROBE_RESP: 1066 case IEEE80211_STYPE_ASSOC_RESP: 1067 case IEEE80211_STYPE_REASSOC_RESP: 1068 skb_queue_tail(&local->work_skb_queue, skb); 1069 ieee80211_queue_work(&local->hw, &local->work_work); 1070 return RX_QUEUED; 1071 } 1072 } 1073 1074 return RX_CONTINUE; 1075} 1076 1077static enum work_done_result ieee80211_remain_done(struct ieee80211_work *wk, 1078 struct sk_buff *skb) 1079{ 1080 /* 1081 * We are done serving the remain-on-channel command. 1082 */ 1083 cfg80211_remain_on_channel_expired(wk->sdata->dev, (unsigned long) wk, 1084 wk->chan, wk->chan_type, 1085 GFP_KERNEL); 1086 1087 return WORK_DONE_DESTROY; 1088} 1089 1090int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata, 1091 struct ieee80211_channel *chan, 1092 enum nl80211_channel_type channel_type, 1093 unsigned int duration, u64 *cookie) 1094{ 1095 struct ieee80211_work *wk; 1096 1097 wk = kzalloc(sizeof(*wk), GFP_KERNEL); 1098 if (!wk) 1099 return -ENOMEM; 1100 1101 wk->type = IEEE80211_WORK_REMAIN_ON_CHANNEL; 1102 wk->chan = chan; 1103 wk->chan_type = channel_type; 1104 wk->sdata = sdata; 1105 wk->done = ieee80211_remain_done; 1106 1107 wk->remain.duration = duration; 1108 1109 *cookie = (unsigned long) wk; 1110 1111 ieee80211_add_work(wk); 1112 1113 return 0; 1114} 1115 1116int ieee80211_wk_cancel_remain_on_channel(struct ieee80211_sub_if_data *sdata, 1117 u64 cookie) 1118{ 1119 struct ieee80211_local *local = sdata->local; 1120 struct ieee80211_work *wk, *tmp; 1121 bool found = false; 1122 1123 mutex_lock(&local->work_mtx); 1124 list_for_each_entry_safe(wk, tmp, &local->work_list, list) { 1125 if ((unsigned long) wk == cookie) { 1126 wk->timeout = jiffies; 1127 found = true; 1128 break; 1129 } 1130 } 1131 mutex_unlock(&local->work_mtx); 1132 1133 if (!found) 1134 return -ENOENT; 1135 1136 ieee80211_queue_work(&local->hw, &local->work_work); 1137 1138 return 0; 1139}