tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / mac80211 / work.c
at v2.6.36 1182 lines 30 kB view raw
1/* 2 * mac80211 work implementation 3 * 4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 5 * Copyright 2004, Instant802 Networks, Inc. 6 * Copyright 2005, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * Copyright 2009, Johannes Berg <johannes@sipsolutions.net> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 */ 15 16#include <linux/delay.h> 17#include <linux/if_ether.h> 18#include <linux/skbuff.h> 19#include <linux/if_arp.h> 20#include <linux/etherdevice.h> 21#include <linux/crc32.h> 22#include <linux/slab.h> 23#include <net/mac80211.h> 24#include <asm/unaligned.h> 25 26#include "ieee80211_i.h" 27#include "rate.h" 28 29#define IEEE80211_AUTH_TIMEOUT (HZ / 5) 30#define IEEE80211_AUTH_MAX_TRIES 3 31#define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 32#define IEEE80211_ASSOC_MAX_TRIES 3 33#define IEEE80211_MAX_PROBE_TRIES 5 34 35enum work_action { 36 WORK_ACT_MISMATCH, 37 WORK_ACT_NONE, 38 WORK_ACT_TIMEOUT, 39 WORK_ACT_DONE, 40}; 41 42 43/* utils */ 44static inline void ASSERT_WORK_MTX(struct ieee80211_local *local) 45{ 46 WARN_ON(!mutex_is_locked(&local->work_mtx)); 47} 48 49/* 50 * We can have multiple work items (and connection probing) 51 * scheduling this timer, but we need to take care to only 52 * reschedule it when it should fire _earlier_ than it was 53 * asked for before, or if it's not pending right now. This 54 * function ensures that. Note that it then is required to 55 * run this function for all timeouts after the first one 56 * has happened -- the work that runs from this timer will 57 * do that. 58 */ 59static void run_again(struct ieee80211_local *local, 60 unsigned long timeout) 61{ 62 ASSERT_WORK_MTX(local); 63 64 if (!timer_pending(&local->work_timer) || 65 time_before(timeout, local->work_timer.expires)) 66 mod_timer(&local->work_timer, timeout); 67} 68 69static void work_free_rcu(struct rcu_head *head) 70{ 71 struct ieee80211_work *wk = 72 container_of(head, struct ieee80211_work, rcu_head); 73 74 kfree(wk); 75} 76 77void free_work(struct ieee80211_work *wk) 78{ 79 call_rcu(&wk->rcu_head, work_free_rcu); 80} 81 82static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 83 struct ieee80211_supported_band *sband, 84 u32 *rates) 85{ 86 int i, j, count; 87 *rates = 0; 88 count = 0; 89 for (i = 0; i < supp_rates_len; i++) { 90 int rate = (supp_rates[i] & 0x7F) * 5; 91 92 for (j = 0; j < sband->n_bitrates; j++) 93 if (sband->bitrates[j].bitrate == rate) { 94 *rates |= BIT(j); 95 count++; 96 break; 97 } 98 } 99 100 return count; 101} 102 103/* frame sending functions */ 104 105static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie, 106 struct ieee80211_supported_band *sband, 107 struct ieee80211_channel *channel, 108 enum ieee80211_smps_mode smps) 109{ 110 struct ieee80211_ht_info *ht_info; 111 u8 *pos; 112 u32 flags = channel->flags; 113 u16 cap = sband->ht_cap.cap; 114 __le16 tmp; 115 116 if (!sband->ht_cap.ht_supported) 117 return; 118 119 if (!ht_info_ie) 120 return; 121 122 if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info)) 123 return; 124 125 ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2); 126 127 /* determine capability flags */ 128 129 if (ieee80211_disable_40mhz_24ghz && 130 sband->band == IEEE80211_BAND_2GHZ) { 131 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 132 cap &= ~IEEE80211_HT_CAP_SGI_40; 133 } 134 135 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 136 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 137 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 138 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 139 cap &= ~IEEE80211_HT_CAP_SGI_40; 140 } 141 break; 142 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 143 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 144 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 145 cap &= ~IEEE80211_HT_CAP_SGI_40; 146 } 147 break; 148 } 149 150 /* set SM PS mode properly */ 151 cap &= ~IEEE80211_HT_CAP_SM_PS; 152 switch (smps) { 153 case IEEE80211_SMPS_AUTOMATIC: 154 case IEEE80211_SMPS_NUM_MODES: 155 WARN_ON(1); 156 case IEEE80211_SMPS_OFF: 157 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 158 IEEE80211_HT_CAP_SM_PS_SHIFT; 159 break; 160 case IEEE80211_SMPS_STATIC: 161 cap |= WLAN_HT_CAP_SM_PS_STATIC << 162 IEEE80211_HT_CAP_SM_PS_SHIFT; 163 break; 164 case IEEE80211_SMPS_DYNAMIC: 165 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 166 IEEE80211_HT_CAP_SM_PS_SHIFT; 167 break; 168 } 169 170 /* reserve and fill IE */ 171 172 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 173 *pos++ = WLAN_EID_HT_CAPABILITY; 174 *pos++ = sizeof(struct ieee80211_ht_cap); 175 memset(pos, 0, sizeof(struct ieee80211_ht_cap)); 176 177 /* capability flags */ 178 tmp = cpu_to_le16(cap); 179 memcpy(pos, &tmp, sizeof(u16)); 180 pos += sizeof(u16); 181 182 /* AMPDU parameters */ 183 *pos++ = sband->ht_cap.ampdu_factor | 184 (sband->ht_cap.ampdu_density << 185 IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT); 186 187 /* MCS set */ 188 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs)); 189 pos += sizeof(sband->ht_cap.mcs); 190 191 /* extended capabilities */ 192 pos += sizeof(__le16); 193 194 /* BF capabilities */ 195 pos += sizeof(__le32); 196 197 /* antenna selection */ 198 pos += sizeof(u8); 199} 200 201static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata, 202 struct ieee80211_work *wk) 203{ 204 struct ieee80211_local *local = sdata->local; 205 struct sk_buff *skb; 206 struct ieee80211_mgmt *mgmt; 207 u8 *pos, qos_info; 208 const u8 *ies; 209 size_t offset = 0, noffset; 210 int i, len, count, rates_len, supp_rates_len; 211 u16 capab; 212 struct ieee80211_supported_band *sband; 213 u32 rates = 0; 214 215 sband = local->hw.wiphy->bands[wk->chan->band]; 216 217 if (wk->assoc.supp_rates_len) { 218 /* 219 * Get all rates supported by the device and the AP as 220 * some APs don't like getting a superset of their rates 221 * in the association request (e.g. D-Link DAP 1353 in 222 * b-only mode)... 223 */ 224 rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates, 225 wk->assoc.supp_rates_len, 226 sband, &rates); 227 } else { 228 /* 229 * In case AP not provide any supported rates information 230 * before association, we send information element(s) with 231 * all rates that we support. 232 */ 233 rates = ~0; 234 rates_len = sband->n_bitrates; 235 } 236 237 skb = alloc_skb(local->hw.extra_tx_headroom + 238 sizeof(*mgmt) + /* bit too much but doesn't matter */ 239 2 + wk->assoc.ssid_len + /* SSID */ 240 4 + rates_len + /* (extended) rates */ 241 4 + /* power capability */ 242 2 + 2 * sband->n_channels + /* supported channels */ 243 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 244 wk->ie_len + /* extra IEs */ 245 9, /* WMM */ 246 GFP_KERNEL); 247 if (!skb) { 248 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc " 249 "frame\n", sdata->name); 250 return; 251 } 252 skb_reserve(skb, local->hw.extra_tx_headroom); 253 254 capab = WLAN_CAPABILITY_ESS; 255 256 if (sband->band == IEEE80211_BAND_2GHZ) { 257 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 258 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 259 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 260 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 261 } 262 263 if (wk->assoc.capability & WLAN_CAPABILITY_PRIVACY) 264 capab |= WLAN_CAPABILITY_PRIVACY; 265 266 if ((wk->assoc.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 267 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 268 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 269 270 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 271 memset(mgmt, 0, 24); 272 memcpy(mgmt->da, wk->filter_ta, ETH_ALEN); 273 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 274 memcpy(mgmt->bssid, wk->filter_ta, ETH_ALEN); 275 276 if (!is_zero_ether_addr(wk->assoc.prev_bssid)) { 277 skb_put(skb, 10); 278 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 279 IEEE80211_STYPE_REASSOC_REQ); 280 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 281 mgmt->u.reassoc_req.listen_interval = 282 cpu_to_le16(local->hw.conf.listen_interval); 283 memcpy(mgmt->u.reassoc_req.current_ap, wk->assoc.prev_bssid, 284 ETH_ALEN); 285 } else { 286 skb_put(skb, 4); 287 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 288 IEEE80211_STYPE_ASSOC_REQ); 289 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 290 mgmt->u.assoc_req.listen_interval = 291 cpu_to_le16(local->hw.conf.listen_interval); 292 } 293 294 /* SSID */ 295 ies = pos = skb_put(skb, 2 + wk->assoc.ssid_len); 296 *pos++ = WLAN_EID_SSID; 297 *pos++ = wk->assoc.ssid_len; 298 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len); 299 300 /* add all rates which were marked to be used above */ 301 supp_rates_len = rates_len; 302 if (supp_rates_len > 8) 303 supp_rates_len = 8; 304 305 len = sband->n_bitrates; 306 pos = skb_put(skb, supp_rates_len + 2); 307 *pos++ = WLAN_EID_SUPP_RATES; 308 *pos++ = supp_rates_len; 309 310 count = 0; 311 for (i = 0; i < sband->n_bitrates; i++) { 312 if (BIT(i) & rates) { 313 int rate = sband->bitrates[i].bitrate; 314 *pos++ = (u8) (rate / 5); 315 if (++count == 8) 316 break; 317 } 318 } 319 320 if (rates_len > count) { 321 pos = skb_put(skb, rates_len - count + 2); 322 *pos++ = WLAN_EID_EXT_SUPP_RATES; 323 *pos++ = rates_len - count; 324 325 for (i++; i < sband->n_bitrates; i++) { 326 if (BIT(i) & rates) { 327 int rate = sband->bitrates[i].bitrate; 328 *pos++ = (u8) (rate / 5); 329 } 330 } 331 } 332 333 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 334 /* 1. power capabilities */ 335 pos = skb_put(skb, 4); 336 *pos++ = WLAN_EID_PWR_CAPABILITY; 337 *pos++ = 2; 338 *pos++ = 0; /* min tx power */ 339 *pos++ = wk->chan->max_power; /* max tx power */ 340 341 /* 2. supported channels */ 342 /* TODO: get this in reg domain format */ 343 pos = skb_put(skb, 2 * sband->n_channels + 2); 344 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 345 *pos++ = 2 * sband->n_channels; 346 for (i = 0; i < sband->n_channels; i++) { 347 *pos++ = ieee80211_frequency_to_channel( 348 sband->channels[i].center_freq); 349 *pos++ = 1; /* one channel in the subband*/ 350 } 351 } 352 353 /* if present, add any custom IEs that go before HT */ 354 if (wk->ie_len && wk->ie) { 355 static const u8 before_ht[] = { 356 WLAN_EID_SSID, 357 WLAN_EID_SUPP_RATES, 358 WLAN_EID_EXT_SUPP_RATES, 359 WLAN_EID_PWR_CAPABILITY, 360 WLAN_EID_SUPPORTED_CHANNELS, 361 WLAN_EID_RSN, 362 WLAN_EID_QOS_CAPA, 363 WLAN_EID_RRM_ENABLED_CAPABILITIES, 364 WLAN_EID_MOBILITY_DOMAIN, 365 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 366 }; 367 noffset = ieee80211_ie_split(wk->ie, wk->ie_len, 368 before_ht, ARRAY_SIZE(before_ht), 369 offset); 370 pos = skb_put(skb, noffset - offset); 371 memcpy(pos, wk->ie + offset, noffset - offset); 372 offset = noffset; 373 } 374 375 if (wk->assoc.use_11n && wk->assoc.wmm_used && 376 local->hw.queues >= 4) 377 ieee80211_add_ht_ie(skb, wk->assoc.ht_information_ie, 378 sband, wk->chan, wk->assoc.smps); 379 380 /* if present, add any custom non-vendor IEs that go after HT */ 381 if (wk->ie_len && wk->ie) { 382 noffset = ieee80211_ie_split_vendor(wk->ie, wk->ie_len, 383 offset); 384 pos = skb_put(skb, noffset - offset); 385 memcpy(pos, wk->ie + offset, noffset - offset); 386 offset = noffset; 387 } 388 389 if (wk->assoc.wmm_used && local->hw.queues >= 4) { 390 if (wk->assoc.uapsd_used) { 391 qos_info = local->uapsd_queues; 392 qos_info |= (local->uapsd_max_sp_len << 393 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 394 } else { 395 qos_info = 0; 396 } 397 398 pos = skb_put(skb, 9); 399 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 400 *pos++ = 7; /* len */ 401 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 402 *pos++ = 0x50; 403 *pos++ = 0xf2; 404 *pos++ = 2; /* WME */ 405 *pos++ = 0; /* WME info */ 406 *pos++ = 1; /* WME ver */ 407 *pos++ = qos_info; 408 } 409 410 /* add any remaining custom (i.e. vendor specific here) IEs */ 411 if (wk->ie_len && wk->ie) { 412 noffset = wk->ie_len; 413 pos = skb_put(skb, noffset - offset); 414 memcpy(pos, wk->ie + offset, noffset - offset); 415 } 416 417 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 418 ieee80211_tx_skb(sdata, skb); 419} 420 421static void ieee80211_remove_auth_bss(struct ieee80211_local *local, 422 struct ieee80211_work *wk) 423{ 424 struct cfg80211_bss *cbss; 425 u16 capa_val = WLAN_CAPABILITY_ESS; 426 427 if (wk->probe_auth.privacy) 428 capa_val |= WLAN_CAPABILITY_PRIVACY; 429 430 cbss = cfg80211_get_bss(local->hw.wiphy, wk->chan, wk->filter_ta, 431 wk->probe_auth.ssid, wk->probe_auth.ssid_len, 432 WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY, 433 capa_val); 434 if (!cbss) 435 return; 436 437 cfg80211_unlink_bss(local->hw.wiphy, cbss); 438 cfg80211_put_bss(cbss); 439} 440 441static enum work_action __must_check 442ieee80211_direct_probe(struct ieee80211_work *wk) 443{ 444 struct ieee80211_sub_if_data *sdata = wk->sdata; 445 struct ieee80211_local *local = sdata->local; 446 447 wk->probe_auth.tries++; 448 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) { 449 printk(KERN_DEBUG "%s: direct probe to %pM timed out\n", 450 sdata->name, wk->filter_ta); 451 452 /* 453 * Most likely AP is not in the range so remove the 454 * bss struct for that AP. 455 */ 456 ieee80211_remove_auth_bss(local, wk); 457 458 return WORK_ACT_TIMEOUT; 459 } 460 461 printk(KERN_DEBUG "%s: direct probe to %pM (try %d)\n", 462 sdata->name, wk->filter_ta, wk->probe_auth.tries); 463 464 /* 465 * Direct probe is sent to broadcast address as some APs 466 * will not answer to direct packet in unassociated state. 467 */ 468 ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid, 469 wk->probe_auth.ssid_len, NULL, 0); 470 471 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 472 run_again(local, wk->timeout); 473 474 return WORK_ACT_NONE; 475} 476 477 478static enum work_action __must_check 479ieee80211_authenticate(struct ieee80211_work *wk) 480{ 481 struct ieee80211_sub_if_data *sdata = wk->sdata; 482 struct ieee80211_local *local = sdata->local; 483 484 wk->probe_auth.tries++; 485 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) { 486 printk(KERN_DEBUG "%s: authentication with %pM" 487 " timed out\n", sdata->name, wk->filter_ta); 488 489 /* 490 * Most likely AP is not in the range so remove the 491 * bss struct for that AP. 492 */ 493 ieee80211_remove_auth_bss(local, wk); 494 495 return WORK_ACT_TIMEOUT; 496 } 497 498 printk(KERN_DEBUG "%s: authenticate with %pM (try %d)\n", 499 sdata->name, wk->filter_ta, wk->probe_auth.tries); 500 501 ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie, 502 wk->ie_len, wk->filter_ta, NULL, 0, 0); 503 wk->probe_auth.transaction = 2; 504 505 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 506 run_again(local, wk->timeout); 507 508 return WORK_ACT_NONE; 509} 510 511static enum work_action __must_check 512ieee80211_associate(struct ieee80211_work *wk) 513{ 514 struct ieee80211_sub_if_data *sdata = wk->sdata; 515 struct ieee80211_local *local = sdata->local; 516 517 wk->assoc.tries++; 518 if (wk->assoc.tries > IEEE80211_ASSOC_MAX_TRIES) { 519 printk(KERN_DEBUG "%s: association with %pM" 520 " timed out\n", 521 sdata->name, wk->filter_ta); 522 523 /* 524 * Most likely AP is not in the range so remove the 525 * bss struct for that AP. 526 */ 527 if (wk->assoc.bss) 528 cfg80211_unlink_bss(local->hw.wiphy, wk->assoc.bss); 529 530 return WORK_ACT_TIMEOUT; 531 } 532 533 printk(KERN_DEBUG "%s: associate with %pM (try %d)\n", 534 sdata->name, wk->filter_ta, wk->assoc.tries); 535 ieee80211_send_assoc(sdata, wk); 536 537 wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 538 run_again(local, wk->timeout); 539 540 return WORK_ACT_NONE; 541} 542 543static enum work_action __must_check 544ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk) 545{ 546 /* 547 * First time we run, do nothing -- the generic code will 548 * have switched to the right channel etc. 549 */ 550 if (!wk->started) { 551 wk->timeout = jiffies + msecs_to_jiffies(wk->remain.duration); 552 553 cfg80211_ready_on_channel(wk->sdata->dev, (unsigned long) wk, 554 wk->chan, wk->chan_type, 555 wk->remain.duration, GFP_KERNEL); 556 557 return WORK_ACT_NONE; 558 } 559 560 return WORK_ACT_TIMEOUT; 561} 562 563static enum work_action __must_check 564ieee80211_assoc_beacon_wait(struct ieee80211_work *wk) 565{ 566 if (wk->started) 567 return WORK_ACT_TIMEOUT; 568 569 /* 570 * Wait up to one beacon interval ... 571 * should this be more if we miss one? 572 */ 573 printk(KERN_DEBUG "%s: waiting for beacon from %pM\n", 574 wk->sdata->name, wk->filter_ta); 575 wk->timeout = TU_TO_EXP_TIME(wk->assoc.bss->beacon_interval); 576 return WORK_ACT_NONE; 577} 578 579static void ieee80211_auth_challenge(struct ieee80211_work *wk, 580 struct ieee80211_mgmt *mgmt, 581 size_t len) 582{ 583 struct ieee80211_sub_if_data *sdata = wk->sdata; 584 u8 *pos; 585 struct ieee802_11_elems elems; 586 587 pos = mgmt->u.auth.variable; 588 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 589 if (!elems.challenge) 590 return; 591 ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm, 592 elems.challenge - 2, elems.challenge_len + 2, 593 wk->filter_ta, wk->probe_auth.key, 594 wk->probe_auth.key_len, wk->probe_auth.key_idx); 595 wk->probe_auth.transaction = 4; 596} 597 598static enum work_action __must_check 599ieee80211_rx_mgmt_auth(struct ieee80211_work *wk, 600 struct ieee80211_mgmt *mgmt, size_t len) 601{ 602 u16 auth_alg, auth_transaction, status_code; 603 604 if (wk->type != IEEE80211_WORK_AUTH) 605 return WORK_ACT_MISMATCH; 606 607 if (len < 24 + 6) 608 return WORK_ACT_NONE; 609 610 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 611 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 612 status_code = le16_to_cpu(mgmt->u.auth.status_code); 613 614 if (auth_alg != wk->probe_auth.algorithm || 615 auth_transaction != wk->probe_auth.transaction) 616 return WORK_ACT_NONE; 617 618 if (status_code != WLAN_STATUS_SUCCESS) { 619 printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n", 620 wk->sdata->name, mgmt->sa, status_code); 621 return WORK_ACT_DONE; 622 } 623 624 switch (wk->probe_auth.algorithm) { 625 case WLAN_AUTH_OPEN: 626 case WLAN_AUTH_LEAP: 627 case WLAN_AUTH_FT: 628 break; 629 case WLAN_AUTH_SHARED_KEY: 630 if (wk->probe_auth.transaction != 4) { 631 ieee80211_auth_challenge(wk, mgmt, len); 632 /* need another frame */ 633 return WORK_ACT_NONE; 634 } 635 break; 636 default: 637 WARN_ON(1); 638 return WORK_ACT_NONE; 639 } 640 641 printk(KERN_DEBUG "%s: authenticated\n", wk->sdata->name); 642 return WORK_ACT_DONE; 643} 644 645static enum work_action __must_check 646ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk, 647 struct ieee80211_mgmt *mgmt, size_t len, 648 bool reassoc) 649{ 650 struct ieee80211_sub_if_data *sdata = wk->sdata; 651 struct ieee80211_local *local = sdata->local; 652 u16 capab_info, status_code, aid; 653 struct ieee802_11_elems elems; 654 u8 *pos; 655 656 if (wk->type != IEEE80211_WORK_ASSOC) 657 return WORK_ACT_MISMATCH; 658 659 /* 660 * AssocResp and ReassocResp have identical structure, so process both 661 * of them in this function. 662 */ 663 664 if (len < 24 + 6) 665 return WORK_ACT_NONE; 666 667 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 668 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 669 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 670 671 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x " 672 "status=%d aid=%d)\n", 673 sdata->name, reassoc ? "Rea" : "A", mgmt->sa, 674 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 675 676 pos = mgmt->u.assoc_resp.variable; 677 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 678 679 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 680 elems.timeout_int && elems.timeout_int_len == 5 && 681 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 682 u32 tu, ms; 683 tu = get_unaligned_le32(elems.timeout_int + 1); 684 ms = tu * 1024 / 1000; 685 printk(KERN_DEBUG "%s: %pM rejected association temporarily; " 686 "comeback duration %u TU (%u ms)\n", 687 sdata->name, mgmt->sa, tu, ms); 688 wk->timeout = jiffies + msecs_to_jiffies(ms); 689 if (ms > IEEE80211_ASSOC_TIMEOUT) 690 run_again(local, wk->timeout); 691 return WORK_ACT_NONE; 692 } 693 694 if (status_code != WLAN_STATUS_SUCCESS) 695 printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n", 696 sdata->name, mgmt->sa, status_code); 697 else 698 printk(KERN_DEBUG "%s: associated\n", sdata->name); 699 700 return WORK_ACT_DONE; 701} 702 703static enum work_action __must_check 704ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk, 705 struct ieee80211_mgmt *mgmt, size_t len, 706 struct ieee80211_rx_status *rx_status) 707{ 708 struct ieee80211_sub_if_data *sdata = wk->sdata; 709 struct ieee80211_local *local = sdata->local; 710 size_t baselen; 711 712 ASSERT_WORK_MTX(local); 713 714 if (wk->type != IEEE80211_WORK_DIRECT_PROBE) 715 return WORK_ACT_MISMATCH; 716 717 if (len < 24 + 12) 718 return WORK_ACT_NONE; 719 720 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 721 if (baselen > len) 722 return WORK_ACT_NONE; 723 724 printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name); 725 return WORK_ACT_DONE; 726} 727 728static enum work_action __must_check 729ieee80211_rx_mgmt_beacon(struct ieee80211_work *wk, 730 struct ieee80211_mgmt *mgmt, size_t len) 731{ 732 struct ieee80211_sub_if_data *sdata = wk->sdata; 733 struct ieee80211_local *local = sdata->local; 734 735 ASSERT_WORK_MTX(local); 736 737 if (wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT) 738 return WORK_ACT_MISMATCH; 739 740 if (len < 24 + 12) 741 return WORK_ACT_NONE; 742 743 printk(KERN_DEBUG "%s: beacon received\n", sdata->name); 744 return WORK_ACT_DONE; 745} 746 747static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local, 748 struct sk_buff *skb) 749{ 750 struct ieee80211_rx_status *rx_status; 751 struct ieee80211_mgmt *mgmt; 752 struct ieee80211_work *wk; 753 enum work_action rma = WORK_ACT_NONE; 754 u16 fc; 755 756 rx_status = (struct ieee80211_rx_status *) skb->cb; 757 mgmt = (struct ieee80211_mgmt *) skb->data; 758 fc = le16_to_cpu(mgmt->frame_control); 759 760 mutex_lock(&local->work_mtx); 761 762 list_for_each_entry(wk, &local->work_list, list) { 763 const u8 *bssid = NULL; 764 765 switch (wk->type) { 766 case IEEE80211_WORK_DIRECT_PROBE: 767 case IEEE80211_WORK_AUTH: 768 case IEEE80211_WORK_ASSOC: 769 case IEEE80211_WORK_ASSOC_BEACON_WAIT: 770 bssid = wk->filter_ta; 771 break; 772 default: 773 continue; 774 } 775 776 /* 777 * Before queuing, we already verified mgmt->sa, 778 * so this is needed just for matching. 779 */ 780 if (compare_ether_addr(bssid, mgmt->bssid)) 781 continue; 782 783 switch (fc & IEEE80211_FCTL_STYPE) { 784 case IEEE80211_STYPE_BEACON: 785 rma = ieee80211_rx_mgmt_beacon(wk, mgmt, skb->len); 786 break; 787 case IEEE80211_STYPE_PROBE_RESP: 788 rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len, 789 rx_status); 790 break; 791 case IEEE80211_STYPE_AUTH: 792 rma = ieee80211_rx_mgmt_auth(wk, mgmt, skb->len); 793 break; 794 case IEEE80211_STYPE_ASSOC_RESP: 795 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt, 796 skb->len, false); 797 break; 798 case IEEE80211_STYPE_REASSOC_RESP: 799 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt, 800 skb->len, true); 801 break; 802 default: 803 WARN_ON(1); 804 rma = WORK_ACT_NONE; 805 } 806 807 /* 808 * We've either received an unexpected frame, or we have 809 * multiple work items and need to match the frame to the 810 * right one. 811 */ 812 if (rma == WORK_ACT_MISMATCH) 813 continue; 814 815 /* 816 * We've processed this frame for that work, so it can't 817 * belong to another work struct. 818 * NB: this is also required for correctness for 'rma'! 819 */ 820 break; 821 } 822 823 switch (rma) { 824 case WORK_ACT_MISMATCH: 825 /* ignore this unmatched frame */ 826 break; 827 case WORK_ACT_NONE: 828 break; 829 case WORK_ACT_DONE: 830 list_del_rcu(&wk->list); 831 break; 832 default: 833 WARN(1, "unexpected: %d", rma); 834 } 835 836 mutex_unlock(&local->work_mtx); 837 838 if (rma != WORK_ACT_DONE) 839 goto out; 840 841 switch (wk->done(wk, skb)) { 842 case WORK_DONE_DESTROY: 843 free_work(wk); 844 break; 845 case WORK_DONE_REQUEUE: 846 synchronize_rcu(); 847 wk->started = false; /* restart */ 848 mutex_lock(&local->work_mtx); 849 list_add_tail(&wk->list, &local->work_list); 850 mutex_unlock(&local->work_mtx); 851 } 852 853 out: 854 kfree_skb(skb); 855} 856 857static void ieee80211_work_timer(unsigned long data) 858{ 859 struct ieee80211_local *local = (void *) data; 860 861 if (local->quiescing) 862 return; 863 864 ieee80211_queue_work(&local->hw, &local->work_work); 865} 866 867static void ieee80211_work_work(struct work_struct *work) 868{ 869 struct ieee80211_local *local = 870 container_of(work, struct ieee80211_local, work_work); 871 struct sk_buff *skb; 872 struct ieee80211_work *wk, *tmp; 873 LIST_HEAD(free_work); 874 enum work_action rma; 875 bool remain_off_channel = false; 876 877 if (local->scanning) 878 return; 879 880 /* 881 * ieee80211_queue_work() should have picked up most cases, 882 * here we'll pick the rest. 883 */ 884 if (WARN(local->suspended, "work scheduled while going to suspend\n")) 885 return; 886 887 /* first process frames to avoid timing out while a frame is pending */ 888 while ((skb = skb_dequeue(&local->work_skb_queue))) 889 ieee80211_work_rx_queued_mgmt(local, skb); 890 891 ieee80211_recalc_idle(local); 892 893 mutex_lock(&local->work_mtx); 894 895 list_for_each_entry_safe(wk, tmp, &local->work_list, list) { 896 bool started = wk->started; 897 898 /* mark work as started if it's on the current off-channel */ 899 if (!started && local->tmp_channel && 900 wk->chan == local->tmp_channel && 901 wk->chan_type == local->tmp_channel_type) { 902 started = true; 903 wk->timeout = jiffies; 904 } 905 906 if (!started && !local->tmp_channel) { 907 /* 908 * TODO: could optimize this by leaving the 909 * station vifs in awake mode if they 910 * happen to be on the same channel as 911 * the requested channel 912 */ 913 ieee80211_offchannel_stop_beaconing(local); 914 ieee80211_offchannel_stop_station(local); 915 916 local->tmp_channel = wk->chan; 917 local->tmp_channel_type = wk->chan_type; 918 ieee80211_hw_config(local, 0); 919 started = true; 920 wk->timeout = jiffies; 921 } 922 923 /* don't try to work with items that aren't started */ 924 if (!started) 925 continue; 926 927 if (time_is_after_jiffies(wk->timeout)) { 928 /* 929 * This work item isn't supposed to be worked on 930 * right now, but take care to adjust the timer 931 * properly. 932 */ 933 run_again(local, wk->timeout); 934 continue; 935 } 936 937 switch (wk->type) { 938 default: 939 WARN_ON(1); 940 /* nothing */ 941 rma = WORK_ACT_NONE; 942 break; 943 case IEEE80211_WORK_ABORT: 944 rma = WORK_ACT_TIMEOUT; 945 break; 946 case IEEE80211_WORK_DIRECT_PROBE: 947 rma = ieee80211_direct_probe(wk); 948 break; 949 case IEEE80211_WORK_AUTH: 950 rma = ieee80211_authenticate(wk); 951 break; 952 case IEEE80211_WORK_ASSOC: 953 rma = ieee80211_associate(wk); 954 break; 955 case IEEE80211_WORK_REMAIN_ON_CHANNEL: 956 rma = ieee80211_remain_on_channel_timeout(wk); 957 break; 958 case IEEE80211_WORK_ASSOC_BEACON_WAIT: 959 rma = ieee80211_assoc_beacon_wait(wk); 960 break; 961 } 962 963 wk->started = started; 964 965 switch (rma) { 966 case WORK_ACT_NONE: 967 /* might have changed the timeout */ 968 run_again(local, wk->timeout); 969 break; 970 case WORK_ACT_TIMEOUT: 971 list_del_rcu(&wk->list); 972 synchronize_rcu(); 973 list_add(&wk->list, &free_work); 974 break; 975 default: 976 WARN(1, "unexpected: %d", rma); 977 } 978 } 979 980 list_for_each_entry(wk, &local->work_list, list) { 981 if (!wk->started) 982 continue; 983 if (wk->chan != local->tmp_channel) 984 continue; 985 if (wk->chan_type != local->tmp_channel_type) 986 continue; 987 remain_off_channel = true; 988 } 989 990 if (!remain_off_channel && local->tmp_channel) { 991 local->tmp_channel = NULL; 992 ieee80211_hw_config(local, 0); 993 ieee80211_offchannel_return(local, true); 994 /* give connection some time to breathe */ 995 run_again(local, jiffies + HZ/2); 996 } 997 998 mutex_lock(&local->scan_mtx); 999 1000 if (list_empty(&local->work_list) && local->scan_req && 1001 !local->scanning) 1002 ieee80211_queue_delayed_work(&local->hw, 1003 &local->scan_work, 1004 round_jiffies_relative(0)); 1005 1006 mutex_unlock(&local->scan_mtx); 1007 1008 mutex_unlock(&local->work_mtx); 1009 1010 ieee80211_recalc_idle(local); 1011 1012 list_for_each_entry_safe(wk, tmp, &free_work, list) { 1013 wk->done(wk, NULL); 1014 list_del(&wk->list); 1015 kfree(wk); 1016 } 1017} 1018 1019void ieee80211_add_work(struct ieee80211_work *wk) 1020{ 1021 struct ieee80211_local *local; 1022 1023 if (WARN_ON(!wk->chan)) 1024 return; 1025 1026 if (WARN_ON(!wk->sdata)) 1027 return; 1028 1029 if (WARN_ON(!wk->done)) 1030 return; 1031 1032 if (WARN_ON(!ieee80211_sdata_running(wk->sdata))) 1033 return; 1034 1035 wk->started = false; 1036 1037 local = wk->sdata->local; 1038 mutex_lock(&local->work_mtx); 1039 list_add_tail(&wk->list, &local->work_list); 1040 mutex_unlock(&local->work_mtx); 1041 1042 ieee80211_queue_work(&local->hw, &local->work_work); 1043} 1044 1045void ieee80211_work_init(struct ieee80211_local *local) 1046{ 1047 mutex_init(&local->work_mtx); 1048 INIT_LIST_HEAD(&local->work_list); 1049 setup_timer(&local->work_timer, ieee80211_work_timer, 1050 (unsigned long)local); 1051 INIT_WORK(&local->work_work, ieee80211_work_work); 1052 skb_queue_head_init(&local->work_skb_queue); 1053} 1054 1055void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata) 1056{ 1057 struct ieee80211_local *local = sdata->local; 1058 struct ieee80211_work *wk; 1059 1060 mutex_lock(&local->work_mtx); 1061 list_for_each_entry(wk, &local->work_list, list) { 1062 if (wk->sdata != sdata) 1063 continue; 1064 wk->type = IEEE80211_WORK_ABORT; 1065 wk->started = true; 1066 wk->timeout = jiffies; 1067 } 1068 mutex_unlock(&local->work_mtx); 1069 1070 /* run cleanups etc. */ 1071 ieee80211_work_work(&local->work_work); 1072 1073 mutex_lock(&local->work_mtx); 1074 list_for_each_entry(wk, &local->work_list, list) { 1075 if (wk->sdata != sdata) 1076 continue; 1077 WARN_ON(1); 1078 break; 1079 } 1080 mutex_unlock(&local->work_mtx); 1081} 1082 1083ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata, 1084 struct sk_buff *skb) 1085{ 1086 struct ieee80211_local *local = sdata->local; 1087 struct ieee80211_mgmt *mgmt; 1088 struct ieee80211_work *wk; 1089 u16 fc; 1090 1091 if (skb->len < 24) 1092 return RX_DROP_MONITOR; 1093 1094 mgmt = (struct ieee80211_mgmt *) skb->data; 1095 fc = le16_to_cpu(mgmt->frame_control); 1096 1097 list_for_each_entry_rcu(wk, &local->work_list, list) { 1098 if (sdata != wk->sdata) 1099 continue; 1100 if (compare_ether_addr(wk->filter_ta, mgmt->sa)) 1101 continue; 1102 if (compare_ether_addr(wk->filter_ta, mgmt->bssid)) 1103 continue; 1104 1105 switch (fc & IEEE80211_FCTL_STYPE) { 1106 case IEEE80211_STYPE_AUTH: 1107 case IEEE80211_STYPE_PROBE_RESP: 1108 case IEEE80211_STYPE_ASSOC_RESP: 1109 case IEEE80211_STYPE_REASSOC_RESP: 1110 case IEEE80211_STYPE_BEACON: 1111 skb_queue_tail(&local->work_skb_queue, skb); 1112 ieee80211_queue_work(&local->hw, &local->work_work); 1113 return RX_QUEUED; 1114 } 1115 } 1116 1117 return RX_CONTINUE; 1118} 1119 1120static enum work_done_result ieee80211_remain_done(struct ieee80211_work *wk, 1121 struct sk_buff *skb) 1122{ 1123 /* 1124 * We are done serving the remain-on-channel command. 1125 */ 1126 cfg80211_remain_on_channel_expired(wk->sdata->dev, (unsigned long) wk, 1127 wk->chan, wk->chan_type, 1128 GFP_KERNEL); 1129 1130 return WORK_DONE_DESTROY; 1131} 1132 1133int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata, 1134 struct ieee80211_channel *chan, 1135 enum nl80211_channel_type channel_type, 1136 unsigned int duration, u64 *cookie) 1137{ 1138 struct ieee80211_work *wk; 1139 1140 wk = kzalloc(sizeof(*wk), GFP_KERNEL); 1141 if (!wk) 1142 return -ENOMEM; 1143 1144 wk->type = IEEE80211_WORK_REMAIN_ON_CHANNEL; 1145 wk->chan = chan; 1146 wk->chan_type = channel_type; 1147 wk->sdata = sdata; 1148 wk->done = ieee80211_remain_done; 1149 1150 wk->remain.duration = duration; 1151 1152 *cookie = (unsigned long) wk; 1153 1154 ieee80211_add_work(wk); 1155 1156 return 0; 1157} 1158 1159int ieee80211_wk_cancel_remain_on_channel(struct ieee80211_sub_if_data *sdata, 1160 u64 cookie) 1161{ 1162 struct ieee80211_local *local = sdata->local; 1163 struct ieee80211_work *wk, *tmp; 1164 bool found = false; 1165 1166 mutex_lock(&local->work_mtx); 1167 list_for_each_entry_safe(wk, tmp, &local->work_list, list) { 1168 if ((unsigned long) wk == cookie) { 1169 wk->timeout = jiffies; 1170 found = true; 1171 break; 1172 } 1173 } 1174 mutex_unlock(&local->work_mtx); 1175 1176 if (!found) 1177 return -ENOENT; 1178 1179 ieee80211_queue_work(&local->hw, &local->work_work); 1180 1181 return 0; 1182}