tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / mac80211 / work.c
at v2.6.39 33 kB view raw
1/* 2 * mac80211 work implementation 3 * 4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 5 * Copyright 2004, Instant802 Networks, Inc. 6 * Copyright 2005, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * Copyright 2009, Johannes Berg <johannes@sipsolutions.net> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 */ 15 16#include <linux/delay.h> 17#include <linux/if_ether.h> 18#include <linux/skbuff.h> 19#include <linux/if_arp.h> 20#include <linux/etherdevice.h> 21#include <linux/crc32.h> 22#include <linux/slab.h> 23#include <net/mac80211.h> 24#include <asm/unaligned.h> 25 26#include "ieee80211_i.h" 27#include "rate.h" 28 29#define IEEE80211_AUTH_TIMEOUT (HZ / 5) 30#define IEEE80211_AUTH_MAX_TRIES 3 31#define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 32#define IEEE80211_ASSOC_MAX_TRIES 3 33 34enum work_action { 35 WORK_ACT_MISMATCH, 36 WORK_ACT_NONE, 37 WORK_ACT_TIMEOUT, 38 WORK_ACT_DONE, 39}; 40 41 42/* utils */ 43static inline void ASSERT_WORK_MTX(struct ieee80211_local *local) 44{ 45 lockdep_assert_held(&local->mtx); 46} 47 48/* 49 * We can have multiple work items (and connection probing) 50 * scheduling this timer, but we need to take care to only 51 * reschedule it when it should fire _earlier_ than it was 52 * asked for before, or if it's not pending right now. This 53 * function ensures that. Note that it then is required to 54 * run this function for all timeouts after the first one 55 * has happened -- the work that runs from this timer will 56 * do that. 57 */ 58static void run_again(struct ieee80211_local *local, 59 unsigned long timeout) 60{ 61 ASSERT_WORK_MTX(local); 62 63 if (!timer_pending(&local->work_timer) || 64 time_before(timeout, local->work_timer.expires)) 65 mod_timer(&local->work_timer, timeout); 66} 67 68static void work_free_rcu(struct rcu_head *head) 69{ 70 struct ieee80211_work *wk = 71 container_of(head, struct ieee80211_work, rcu_head); 72 73 kfree(wk); 74} 75 76void free_work(struct ieee80211_work *wk) 77{ 78 call_rcu(&wk->rcu_head, work_free_rcu); 79} 80 81static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 82 struct ieee80211_supported_band *sband, 83 u32 *rates) 84{ 85 int i, j, count; 86 *rates = 0; 87 count = 0; 88 for (i = 0; i < supp_rates_len; i++) { 89 int rate = (supp_rates[i] & 0x7F) * 5; 90 91 for (j = 0; j < sband->n_bitrates; j++) 92 if (sband->bitrates[j].bitrate == rate) { 93 *rates |= BIT(j); 94 count++; 95 break; 96 } 97 } 98 99 return count; 100} 101 102/* frame sending functions */ 103 104static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie, 105 struct ieee80211_supported_band *sband, 106 struct ieee80211_channel *channel, 107 enum ieee80211_smps_mode smps) 108{ 109 struct ieee80211_ht_info *ht_info; 110 u8 *pos; 111 u32 flags = channel->flags; 112 u16 cap = sband->ht_cap.cap; 113 __le16 tmp; 114 115 if (!sband->ht_cap.ht_supported) 116 return; 117 118 if (!ht_info_ie) 119 return; 120 121 if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info)) 122 return; 123 124 ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2); 125 126 /* determine capability flags */ 127 128 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 129 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 130 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 131 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 132 cap &= ~IEEE80211_HT_CAP_SGI_40; 133 } 134 break; 135 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 136 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 137 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 138 cap &= ~IEEE80211_HT_CAP_SGI_40; 139 } 140 break; 141 } 142 143 /* set SM PS mode properly */ 144 cap &= ~IEEE80211_HT_CAP_SM_PS; 145 switch (smps) { 146 case IEEE80211_SMPS_AUTOMATIC: 147 case IEEE80211_SMPS_NUM_MODES: 148 WARN_ON(1); 149 case IEEE80211_SMPS_OFF: 150 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 151 IEEE80211_HT_CAP_SM_PS_SHIFT; 152 break; 153 case IEEE80211_SMPS_STATIC: 154 cap |= WLAN_HT_CAP_SM_PS_STATIC << 155 IEEE80211_HT_CAP_SM_PS_SHIFT; 156 break; 157 case IEEE80211_SMPS_DYNAMIC: 158 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 159 IEEE80211_HT_CAP_SM_PS_SHIFT; 160 break; 161 } 162 163 /* reserve and fill IE */ 164 165 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 166 *pos++ = WLAN_EID_HT_CAPABILITY; 167 *pos++ = sizeof(struct ieee80211_ht_cap); 168 memset(pos, 0, sizeof(struct ieee80211_ht_cap)); 169 170 /* capability flags */ 171 tmp = cpu_to_le16(cap); 172 memcpy(pos, &tmp, sizeof(u16)); 173 pos += sizeof(u16); 174 175 /* AMPDU parameters */ 176 *pos++ = sband->ht_cap.ampdu_factor | 177 (sband->ht_cap.ampdu_density << 178 IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT); 179 180 /* MCS set */ 181 memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs)); 182 pos += sizeof(sband->ht_cap.mcs); 183 184 /* extended capabilities */ 185 pos += sizeof(__le16); 186 187 /* BF capabilities */ 188 pos += sizeof(__le32); 189 190 /* antenna selection */ 191 pos += sizeof(u8); 192} 193 194static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata, 195 struct ieee80211_work *wk) 196{ 197 struct ieee80211_local *local = sdata->local; 198 struct sk_buff *skb; 199 struct ieee80211_mgmt *mgmt; 200 u8 *pos, qos_info; 201 const u8 *ies; 202 size_t offset = 0, noffset; 203 int i, len, count, rates_len, supp_rates_len; 204 u16 capab; 205 struct ieee80211_supported_band *sband; 206 u32 rates = 0; 207 208 sband = local->hw.wiphy->bands[wk->chan->band]; 209 210 if (wk->assoc.supp_rates_len) { 211 /* 212 * Get all rates supported by the device and the AP as 213 * some APs don't like getting a superset of their rates 214 * in the association request (e.g. D-Link DAP 1353 in 215 * b-only mode)... 216 */ 217 rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates, 218 wk->assoc.supp_rates_len, 219 sband, &rates); 220 } else { 221 /* 222 * In case AP not provide any supported rates information 223 * before association, we send information element(s) with 224 * all rates that we support. 225 */ 226 rates = ~0; 227 rates_len = sband->n_bitrates; 228 } 229 230 skb = alloc_skb(local->hw.extra_tx_headroom + 231 sizeof(*mgmt) + /* bit too much but doesn't matter */ 232 2 + wk->assoc.ssid_len + /* SSID */ 233 4 + rates_len + /* (extended) rates */ 234 4 + /* power capability */ 235 2 + 2 * sband->n_channels + /* supported channels */ 236 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 237 wk->ie_len + /* extra IEs */ 238 9, /* WMM */ 239 GFP_KERNEL); 240 if (!skb) { 241 printk(KERN_DEBUG "%s: failed to allocate buffer for assoc " 242 "frame\n", sdata->name); 243 return; 244 } 245 skb_reserve(skb, local->hw.extra_tx_headroom); 246 247 capab = WLAN_CAPABILITY_ESS; 248 249 if (sband->band == IEEE80211_BAND_2GHZ) { 250 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 251 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 252 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 253 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 254 } 255 256 if (wk->assoc.capability & WLAN_CAPABILITY_PRIVACY) 257 capab |= WLAN_CAPABILITY_PRIVACY; 258 259 if ((wk->assoc.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 260 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 261 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 262 263 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 264 memset(mgmt, 0, 24); 265 memcpy(mgmt->da, wk->filter_ta, ETH_ALEN); 266 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 267 memcpy(mgmt->bssid, wk->filter_ta, ETH_ALEN); 268 269 if (!is_zero_ether_addr(wk->assoc.prev_bssid)) { 270 skb_put(skb, 10); 271 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 272 IEEE80211_STYPE_REASSOC_REQ); 273 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 274 mgmt->u.reassoc_req.listen_interval = 275 cpu_to_le16(local->hw.conf.listen_interval); 276 memcpy(mgmt->u.reassoc_req.current_ap, wk->assoc.prev_bssid, 277 ETH_ALEN); 278 } else { 279 skb_put(skb, 4); 280 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 281 IEEE80211_STYPE_ASSOC_REQ); 282 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 283 mgmt->u.assoc_req.listen_interval = 284 cpu_to_le16(local->hw.conf.listen_interval); 285 } 286 287 /* SSID */ 288 ies = pos = skb_put(skb, 2 + wk->assoc.ssid_len); 289 *pos++ = WLAN_EID_SSID; 290 *pos++ = wk->assoc.ssid_len; 291 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len); 292 293 /* add all rates which were marked to be used above */ 294 supp_rates_len = rates_len; 295 if (supp_rates_len > 8) 296 supp_rates_len = 8; 297 298 len = sband->n_bitrates; 299 pos = skb_put(skb, supp_rates_len + 2); 300 *pos++ = WLAN_EID_SUPP_RATES; 301 *pos++ = supp_rates_len; 302 303 count = 0; 304 for (i = 0; i < sband->n_bitrates; i++) { 305 if (BIT(i) & rates) { 306 int rate = sband->bitrates[i].bitrate; 307 *pos++ = (u8) (rate / 5); 308 if (++count == 8) 309 break; 310 } 311 } 312 313 if (rates_len > count) { 314 pos = skb_put(skb, rates_len - count + 2); 315 *pos++ = WLAN_EID_EXT_SUPP_RATES; 316 *pos++ = rates_len - count; 317 318 for (i++; i < sband->n_bitrates; i++) { 319 if (BIT(i) & rates) { 320 int rate = sband->bitrates[i].bitrate; 321 *pos++ = (u8) (rate / 5); 322 } 323 } 324 } 325 326 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 327 /* 1. power capabilities */ 328 pos = skb_put(skb, 4); 329 *pos++ = WLAN_EID_PWR_CAPABILITY; 330 *pos++ = 2; 331 *pos++ = 0; /* min tx power */ 332 *pos++ = wk->chan->max_power; /* max tx power */ 333 334 /* 2. supported channels */ 335 /* TODO: get this in reg domain format */ 336 pos = skb_put(skb, 2 * sband->n_channels + 2); 337 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 338 *pos++ = 2 * sband->n_channels; 339 for (i = 0; i < sband->n_channels; i++) { 340 *pos++ = ieee80211_frequency_to_channel( 341 sband->channels[i].center_freq); 342 *pos++ = 1; /* one channel in the subband*/ 343 } 344 } 345 346 /* if present, add any custom IEs that go before HT */ 347 if (wk->ie_len && wk->ie) { 348 static const u8 before_ht[] = { 349 WLAN_EID_SSID, 350 WLAN_EID_SUPP_RATES, 351 WLAN_EID_EXT_SUPP_RATES, 352 WLAN_EID_PWR_CAPABILITY, 353 WLAN_EID_SUPPORTED_CHANNELS, 354 WLAN_EID_RSN, 355 WLAN_EID_QOS_CAPA, 356 WLAN_EID_RRM_ENABLED_CAPABILITIES, 357 WLAN_EID_MOBILITY_DOMAIN, 358 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 359 }; 360 noffset = ieee80211_ie_split(wk->ie, wk->ie_len, 361 before_ht, ARRAY_SIZE(before_ht), 362 offset); 363 pos = skb_put(skb, noffset - offset); 364 memcpy(pos, wk->ie + offset, noffset - offset); 365 offset = noffset; 366 } 367 368 if (wk->assoc.use_11n && wk->assoc.wmm_used && 369 local->hw.queues >= 4) 370 ieee80211_add_ht_ie(skb, wk->assoc.ht_information_ie, 371 sband, wk->chan, wk->assoc.smps); 372 373 /* if present, add any custom non-vendor IEs that go after HT */ 374 if (wk->ie_len && wk->ie) { 375 noffset = ieee80211_ie_split_vendor(wk->ie, wk->ie_len, 376 offset); 377 pos = skb_put(skb, noffset - offset); 378 memcpy(pos, wk->ie + offset, noffset - offset); 379 offset = noffset; 380 } 381 382 if (wk->assoc.wmm_used && local->hw.queues >= 4) { 383 if (wk->assoc.uapsd_used) { 384 qos_info = local->uapsd_queues; 385 qos_info |= (local->uapsd_max_sp_len << 386 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 387 } else { 388 qos_info = 0; 389 } 390 391 pos = skb_put(skb, 9); 392 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 393 *pos++ = 7; /* len */ 394 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 395 *pos++ = 0x50; 396 *pos++ = 0xf2; 397 *pos++ = 2; /* WME */ 398 *pos++ = 0; /* WME info */ 399 *pos++ = 1; /* WME ver */ 400 *pos++ = qos_info; 401 } 402 403 /* add any remaining custom (i.e. vendor specific here) IEs */ 404 if (wk->ie_len && wk->ie) { 405 noffset = wk->ie_len; 406 pos = skb_put(skb, noffset - offset); 407 memcpy(pos, wk->ie + offset, noffset - offset); 408 } 409 410 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 411 ieee80211_tx_skb(sdata, skb); 412} 413 414static void ieee80211_remove_auth_bss(struct ieee80211_local *local, 415 struct ieee80211_work *wk) 416{ 417 struct cfg80211_bss *cbss; 418 u16 capa_val = WLAN_CAPABILITY_ESS; 419 420 if (wk->probe_auth.privacy) 421 capa_val |= WLAN_CAPABILITY_PRIVACY; 422 423 cbss = cfg80211_get_bss(local->hw.wiphy, wk->chan, wk->filter_ta, 424 wk->probe_auth.ssid, wk->probe_auth.ssid_len, 425 WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY, 426 capa_val); 427 if (!cbss) 428 return; 429 430 cfg80211_unlink_bss(local->hw.wiphy, cbss); 431 cfg80211_put_bss(cbss); 432} 433 434static enum work_action __must_check 435ieee80211_direct_probe(struct ieee80211_work *wk) 436{ 437 struct ieee80211_sub_if_data *sdata = wk->sdata; 438 struct ieee80211_local *local = sdata->local; 439 440 wk->probe_auth.tries++; 441 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) { 442 printk(KERN_DEBUG "%s: direct probe to %pM timed out\n", 443 sdata->name, wk->filter_ta); 444 445 /* 446 * Most likely AP is not in the range so remove the 447 * bss struct for that AP. 448 */ 449 ieee80211_remove_auth_bss(local, wk); 450 451 return WORK_ACT_TIMEOUT; 452 } 453 454 printk(KERN_DEBUG "%s: direct probe to %pM (try %d/%i)\n", 455 sdata->name, wk->filter_ta, wk->probe_auth.tries, 456 IEEE80211_AUTH_MAX_TRIES); 457 458 /* 459 * Direct probe is sent to broadcast address as some APs 460 * will not answer to direct packet in unassociated state. 461 */ 462 ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid, 463 wk->probe_auth.ssid_len, NULL, 0); 464 465 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 466 run_again(local, wk->timeout); 467 468 return WORK_ACT_NONE; 469} 470 471 472static enum work_action __must_check 473ieee80211_authenticate(struct ieee80211_work *wk) 474{ 475 struct ieee80211_sub_if_data *sdata = wk->sdata; 476 struct ieee80211_local *local = sdata->local; 477 478 wk->probe_auth.tries++; 479 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) { 480 printk(KERN_DEBUG "%s: authentication with %pM" 481 " timed out\n", sdata->name, wk->filter_ta); 482 483 /* 484 * Most likely AP is not in the range so remove the 485 * bss struct for that AP. 486 */ 487 ieee80211_remove_auth_bss(local, wk); 488 489 return WORK_ACT_TIMEOUT; 490 } 491 492 printk(KERN_DEBUG "%s: authenticate with %pM (try %d)\n", 493 sdata->name, wk->filter_ta, wk->probe_auth.tries); 494 495 ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie, 496 wk->ie_len, wk->filter_ta, NULL, 0, 0); 497 wk->probe_auth.transaction = 2; 498 499 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 500 run_again(local, wk->timeout); 501 502 return WORK_ACT_NONE; 503} 504 505static enum work_action __must_check 506ieee80211_associate(struct ieee80211_work *wk) 507{ 508 struct ieee80211_sub_if_data *sdata = wk->sdata; 509 struct ieee80211_local *local = sdata->local; 510 511 wk->assoc.tries++; 512 if (wk->assoc.tries > IEEE80211_ASSOC_MAX_TRIES) { 513 printk(KERN_DEBUG "%s: association with %pM" 514 " timed out\n", 515 sdata->name, wk->filter_ta); 516 517 /* 518 * Most likely AP is not in the range so remove the 519 * bss struct for that AP. 520 */ 521 if (wk->assoc.bss) 522 cfg80211_unlink_bss(local->hw.wiphy, wk->assoc.bss); 523 524 return WORK_ACT_TIMEOUT; 525 } 526 527 printk(KERN_DEBUG "%s: associate with %pM (try %d)\n", 528 sdata->name, wk->filter_ta, wk->assoc.tries); 529 ieee80211_send_assoc(sdata, wk); 530 531 wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 532 run_again(local, wk->timeout); 533 534 return WORK_ACT_NONE; 535} 536 537static enum work_action __must_check 538ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk) 539{ 540 /* 541 * First time we run, do nothing -- the generic code will 542 * have switched to the right channel etc. 543 */ 544 if (!wk->started) { 545 wk->timeout = jiffies + msecs_to_jiffies(wk->remain.duration); 546 547 cfg80211_ready_on_channel(wk->sdata->dev, (unsigned long) wk, 548 wk->chan, wk->chan_type, 549 wk->remain.duration, GFP_KERNEL); 550 551 return WORK_ACT_NONE; 552 } 553 554 return WORK_ACT_TIMEOUT; 555} 556 557static enum work_action __must_check 558ieee80211_offchannel_tx(struct ieee80211_work *wk) 559{ 560 if (!wk->started) { 561 wk->timeout = jiffies + msecs_to_jiffies(wk->offchan_tx.wait); 562 563 /* 564 * After this, offchan_tx.frame remains but now is no 565 * longer a valid pointer -- we still need it as the 566 * cookie for canceling this work. 567 */ 568 ieee80211_tx_skb(wk->sdata, wk->offchan_tx.frame); 569 570 return WORK_ACT_NONE; 571 } 572 573 return WORK_ACT_TIMEOUT; 574} 575 576static enum work_action __must_check 577ieee80211_assoc_beacon_wait(struct ieee80211_work *wk) 578{ 579 if (wk->started) 580 return WORK_ACT_TIMEOUT; 581 582 /* 583 * Wait up to one beacon interval ... 584 * should this be more if we miss one? 585 */ 586 printk(KERN_DEBUG "%s: waiting for beacon from %pM\n", 587 wk->sdata->name, wk->filter_ta); 588 wk->timeout = TU_TO_EXP_TIME(wk->assoc.bss->beacon_interval); 589 return WORK_ACT_NONE; 590} 591 592static void ieee80211_auth_challenge(struct ieee80211_work *wk, 593 struct ieee80211_mgmt *mgmt, 594 size_t len) 595{ 596 struct ieee80211_sub_if_data *sdata = wk->sdata; 597 u8 *pos; 598 struct ieee802_11_elems elems; 599 600 pos = mgmt->u.auth.variable; 601 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 602 if (!elems.challenge) 603 return; 604 ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm, 605 elems.challenge - 2, elems.challenge_len + 2, 606 wk->filter_ta, wk->probe_auth.key, 607 wk->probe_auth.key_len, wk->probe_auth.key_idx); 608 wk->probe_auth.transaction = 4; 609} 610 611static enum work_action __must_check 612ieee80211_rx_mgmt_auth(struct ieee80211_work *wk, 613 struct ieee80211_mgmt *mgmt, size_t len) 614{ 615 u16 auth_alg, auth_transaction, status_code; 616 617 if (wk->type != IEEE80211_WORK_AUTH) 618 return WORK_ACT_MISMATCH; 619 620 if (len < 24 + 6) 621 return WORK_ACT_NONE; 622 623 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 624 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 625 status_code = le16_to_cpu(mgmt->u.auth.status_code); 626 627 if (auth_alg != wk->probe_auth.algorithm || 628 auth_transaction != wk->probe_auth.transaction) 629 return WORK_ACT_NONE; 630 631 if (status_code != WLAN_STATUS_SUCCESS) { 632 printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n", 633 wk->sdata->name, mgmt->sa, status_code); 634 return WORK_ACT_DONE; 635 } 636 637 switch (wk->probe_auth.algorithm) { 638 case WLAN_AUTH_OPEN: 639 case WLAN_AUTH_LEAP: 640 case WLAN_AUTH_FT: 641 break; 642 case WLAN_AUTH_SHARED_KEY: 643 if (wk->probe_auth.transaction != 4) { 644 ieee80211_auth_challenge(wk, mgmt, len); 645 /* need another frame */ 646 return WORK_ACT_NONE; 647 } 648 break; 649 default: 650 WARN_ON(1); 651 return WORK_ACT_NONE; 652 } 653 654 printk(KERN_DEBUG "%s: authenticated\n", wk->sdata->name); 655 return WORK_ACT_DONE; 656} 657 658static enum work_action __must_check 659ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk, 660 struct ieee80211_mgmt *mgmt, size_t len, 661 bool reassoc) 662{ 663 struct ieee80211_sub_if_data *sdata = wk->sdata; 664 struct ieee80211_local *local = sdata->local; 665 u16 capab_info, status_code, aid; 666 struct ieee802_11_elems elems; 667 u8 *pos; 668 669 if (wk->type != IEEE80211_WORK_ASSOC) 670 return WORK_ACT_MISMATCH; 671 672 /* 673 * AssocResp and ReassocResp have identical structure, so process both 674 * of them in this function. 675 */ 676 677 if (len < 24 + 6) 678 return WORK_ACT_NONE; 679 680 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 681 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 682 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 683 684 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x " 685 "status=%d aid=%d)\n", 686 sdata->name, reassoc ? "Rea" : "A", mgmt->sa, 687 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 688 689 pos = mgmt->u.assoc_resp.variable; 690 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 691 692 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 693 elems.timeout_int && elems.timeout_int_len == 5 && 694 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 695 u32 tu, ms; 696 tu = get_unaligned_le32(elems.timeout_int + 1); 697 ms = tu * 1024 / 1000; 698 printk(KERN_DEBUG "%s: %pM rejected association temporarily; " 699 "comeback duration %u TU (%u ms)\n", 700 sdata->name, mgmt->sa, tu, ms); 701 wk->timeout = jiffies + msecs_to_jiffies(ms); 702 if (ms > IEEE80211_ASSOC_TIMEOUT) 703 run_again(local, wk->timeout); 704 return WORK_ACT_NONE; 705 } 706 707 if (status_code != WLAN_STATUS_SUCCESS) 708 printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n", 709 sdata->name, mgmt->sa, status_code); 710 else 711 printk(KERN_DEBUG "%s: associated\n", sdata->name); 712 713 return WORK_ACT_DONE; 714} 715 716static enum work_action __must_check 717ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk, 718 struct ieee80211_mgmt *mgmt, size_t len, 719 struct ieee80211_rx_status *rx_status) 720{ 721 struct ieee80211_sub_if_data *sdata = wk->sdata; 722 struct ieee80211_local *local = sdata->local; 723 size_t baselen; 724 725 ASSERT_WORK_MTX(local); 726 727 if (wk->type != IEEE80211_WORK_DIRECT_PROBE) 728 return WORK_ACT_MISMATCH; 729 730 if (len < 24 + 12) 731 return WORK_ACT_NONE; 732 733 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 734 if (baselen > len) 735 return WORK_ACT_NONE; 736 737 printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name); 738 return WORK_ACT_DONE; 739} 740 741static enum work_action __must_check 742ieee80211_rx_mgmt_beacon(struct ieee80211_work *wk, 743 struct ieee80211_mgmt *mgmt, size_t len) 744{ 745 struct ieee80211_sub_if_data *sdata = wk->sdata; 746 struct ieee80211_local *local = sdata->local; 747 748 ASSERT_WORK_MTX(local); 749 750 if (wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT) 751 return WORK_ACT_MISMATCH; 752 753 if (len < 24 + 12) 754 return WORK_ACT_NONE; 755 756 printk(KERN_DEBUG "%s: beacon received\n", sdata->name); 757 return WORK_ACT_DONE; 758} 759 760static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local, 761 struct sk_buff *skb) 762{ 763 struct ieee80211_rx_status *rx_status; 764 struct ieee80211_mgmt *mgmt; 765 struct ieee80211_work *wk; 766 enum work_action rma = WORK_ACT_NONE; 767 u16 fc; 768 769 rx_status = (struct ieee80211_rx_status *) skb->cb; 770 mgmt = (struct ieee80211_mgmt *) skb->data; 771 fc = le16_to_cpu(mgmt->frame_control); 772 773 mutex_lock(&local->mtx); 774 775 list_for_each_entry(wk, &local->work_list, list) { 776 const u8 *bssid = NULL; 777 778 switch (wk->type) { 779 case IEEE80211_WORK_DIRECT_PROBE: 780 case IEEE80211_WORK_AUTH: 781 case IEEE80211_WORK_ASSOC: 782 case IEEE80211_WORK_ASSOC_BEACON_WAIT: 783 bssid = wk->filter_ta; 784 break; 785 default: 786 continue; 787 } 788 789 /* 790 * Before queuing, we already verified mgmt->sa, 791 * so this is needed just for matching. 792 */ 793 if (compare_ether_addr(bssid, mgmt->bssid)) 794 continue; 795 796 switch (fc & IEEE80211_FCTL_STYPE) { 797 case IEEE80211_STYPE_BEACON: 798 rma = ieee80211_rx_mgmt_beacon(wk, mgmt, skb->len); 799 break; 800 case IEEE80211_STYPE_PROBE_RESP: 801 rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len, 802 rx_status); 803 break; 804 case IEEE80211_STYPE_AUTH: 805 rma = ieee80211_rx_mgmt_auth(wk, mgmt, skb->len); 806 break; 807 case IEEE80211_STYPE_ASSOC_RESP: 808 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt, 809 skb->len, false); 810 break; 811 case IEEE80211_STYPE_REASSOC_RESP: 812 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt, 813 skb->len, true); 814 break; 815 default: 816 WARN_ON(1); 817 rma = WORK_ACT_NONE; 818 } 819 820 /* 821 * We've either received an unexpected frame, or we have 822 * multiple work items and need to match the frame to the 823 * right one. 824 */ 825 if (rma == WORK_ACT_MISMATCH) 826 continue; 827 828 /* 829 * We've processed this frame for that work, so it can't 830 * belong to another work struct. 831 * NB: this is also required for correctness for 'rma'! 832 */ 833 break; 834 } 835 836 switch (rma) { 837 case WORK_ACT_MISMATCH: 838 /* ignore this unmatched frame */ 839 break; 840 case WORK_ACT_NONE: 841 break; 842 case WORK_ACT_DONE: 843 list_del_rcu(&wk->list); 844 break; 845 default: 846 WARN(1, "unexpected: %d", rma); 847 } 848 849 mutex_unlock(&local->mtx); 850 851 if (rma != WORK_ACT_DONE) 852 goto out; 853 854 switch (wk->done(wk, skb)) { 855 case WORK_DONE_DESTROY: 856 free_work(wk); 857 break; 858 case WORK_DONE_REQUEUE: 859 synchronize_rcu(); 860 wk->started = false; /* restart */ 861 mutex_lock(&local->mtx); 862 list_add_tail(&wk->list, &local->work_list); 863 mutex_unlock(&local->mtx); 864 } 865 866 out: 867 kfree_skb(skb); 868} 869 870static bool ieee80211_work_ct_coexists(enum nl80211_channel_type wk_ct, 871 enum nl80211_channel_type oper_ct) 872{ 873 switch (wk_ct) { 874 case NL80211_CHAN_NO_HT: 875 return true; 876 case NL80211_CHAN_HT20: 877 if (oper_ct != NL80211_CHAN_NO_HT) 878 return true; 879 return false; 880 case NL80211_CHAN_HT40MINUS: 881 case NL80211_CHAN_HT40PLUS: 882 return (wk_ct == oper_ct); 883 } 884 WARN_ON(1); /* shouldn't get here */ 885 return false; 886} 887 888static enum nl80211_channel_type 889ieee80211_calc_ct(enum nl80211_channel_type wk_ct, 890 enum nl80211_channel_type oper_ct) 891{ 892 switch (wk_ct) { 893 case NL80211_CHAN_NO_HT: 894 return oper_ct; 895 case NL80211_CHAN_HT20: 896 if (oper_ct != NL80211_CHAN_NO_HT) 897 return oper_ct; 898 return wk_ct; 899 case NL80211_CHAN_HT40MINUS: 900 case NL80211_CHAN_HT40PLUS: 901 return wk_ct; 902 } 903 WARN_ON(1); /* shouldn't get here */ 904 return wk_ct; 905} 906 907 908static void ieee80211_work_timer(unsigned long data) 909{ 910 struct ieee80211_local *local = (void *) data; 911 912 if (local->quiescing) 913 return; 914 915 ieee80211_queue_work(&local->hw, &local->work_work); 916} 917 918static void ieee80211_work_work(struct work_struct *work) 919{ 920 struct ieee80211_local *local = 921 container_of(work, struct ieee80211_local, work_work); 922 struct sk_buff *skb; 923 struct ieee80211_work *wk, *tmp; 924 LIST_HEAD(free_work); 925 enum work_action rma; 926 bool remain_off_channel = false; 927 928 if (local->scanning) 929 return; 930 931 /* 932 * ieee80211_queue_work() should have picked up most cases, 933 * here we'll pick the rest. 934 */ 935 if (WARN(local->suspended, "work scheduled while going to suspend\n")) 936 return; 937 938 /* first process frames to avoid timing out while a frame is pending */ 939 while ((skb = skb_dequeue(&local->work_skb_queue))) 940 ieee80211_work_rx_queued_mgmt(local, skb); 941 942 mutex_lock(&local->mtx); 943 944 ieee80211_recalc_idle(local); 945 946 list_for_each_entry_safe(wk, tmp, &local->work_list, list) { 947 bool started = wk->started; 948 949 /* mark work as started if it's on the current off-channel */ 950 if (!started && local->tmp_channel && 951 wk->chan == local->tmp_channel && 952 wk->chan_type == local->tmp_channel_type) { 953 started = true; 954 wk->timeout = jiffies; 955 } 956 957 if (!started && !local->tmp_channel) { 958 bool on_oper_chan; 959 bool tmp_chan_changed = false; 960 bool on_oper_chan2; 961 enum nl80211_channel_type wk_ct; 962 on_oper_chan = ieee80211_cfg_on_oper_channel(local); 963 964 /* Work with existing channel type if possible. */ 965 wk_ct = wk->chan_type; 966 if (wk->chan == local->hw.conf.channel) 967 wk_ct = ieee80211_calc_ct(wk->chan_type, 968 local->hw.conf.channel_type); 969 970 if (local->tmp_channel) 971 if ((local->tmp_channel != wk->chan) || 972 (local->tmp_channel_type != wk_ct)) 973 tmp_chan_changed = true; 974 975 local->tmp_channel = wk->chan; 976 local->tmp_channel_type = wk_ct; 977 /* 978 * Leave the station vifs in awake mode if they 979 * happen to be on the same channel as 980 * the requested channel. 981 */ 982 on_oper_chan2 = ieee80211_cfg_on_oper_channel(local); 983 if (on_oper_chan != on_oper_chan2) { 984 if (on_oper_chan2) { 985 /* going off oper channel, PS too */ 986 ieee80211_offchannel_stop_vifs(local, 987 true); 988 ieee80211_hw_config(local, 0); 989 } else { 990 /* going on channel, but leave PS 991 * off-channel. */ 992 ieee80211_hw_config(local, 0); 993 ieee80211_offchannel_return(local, 994 true, 995 false); 996 } 997 } else if (tmp_chan_changed) 998 /* Still off-channel, but on some other 999 * channel, so update hardware. 1000 * PS should already be off-channel. 1001 */ 1002 ieee80211_hw_config(local, 0); 1003 1004 started = true; 1005 wk->timeout = jiffies; 1006 } 1007 1008 /* don't try to work with items that aren't started */ 1009 if (!started) 1010 continue; 1011 1012 if (time_is_after_jiffies(wk->timeout)) { 1013 /* 1014 * This work item isn't supposed to be worked on 1015 * right now, but take care to adjust the timer 1016 * properly. 1017 */ 1018 run_again(local, wk->timeout); 1019 continue; 1020 } 1021 1022 switch (wk->type) { 1023 default: 1024 WARN_ON(1); 1025 /* nothing */ 1026 rma = WORK_ACT_NONE; 1027 break; 1028 case IEEE80211_WORK_ABORT: 1029 rma = WORK_ACT_TIMEOUT; 1030 break; 1031 case IEEE80211_WORK_DIRECT_PROBE: 1032 rma = ieee80211_direct_probe(wk); 1033 break; 1034 case IEEE80211_WORK_AUTH: 1035 rma = ieee80211_authenticate(wk); 1036 break; 1037 case IEEE80211_WORK_ASSOC: 1038 rma = ieee80211_associate(wk); 1039 break; 1040 case IEEE80211_WORK_REMAIN_ON_CHANNEL: 1041 rma = ieee80211_remain_on_channel_timeout(wk); 1042 break; 1043 case IEEE80211_WORK_OFFCHANNEL_TX: 1044 rma = ieee80211_offchannel_tx(wk); 1045 break; 1046 case IEEE80211_WORK_ASSOC_BEACON_WAIT: 1047 rma = ieee80211_assoc_beacon_wait(wk); 1048 break; 1049 } 1050 1051 wk->started = started; 1052 1053 switch (rma) { 1054 case WORK_ACT_NONE: 1055 /* might have changed the timeout */ 1056 run_again(local, wk->timeout); 1057 break; 1058 case WORK_ACT_TIMEOUT: 1059 list_del_rcu(&wk->list); 1060 synchronize_rcu(); 1061 list_add(&wk->list, &free_work); 1062 break; 1063 default: 1064 WARN(1, "unexpected: %d", rma); 1065 } 1066 } 1067 1068 list_for_each_entry(wk, &local->work_list, list) { 1069 if (!wk->started) 1070 continue; 1071 if (wk->chan != local->tmp_channel) 1072 continue; 1073 if (ieee80211_work_ct_coexists(wk->chan_type, 1074 local->tmp_channel_type)) 1075 continue; 1076 remain_off_channel = true; 1077 } 1078 1079 if (!remain_off_channel && local->tmp_channel) { 1080 bool on_oper_chan = ieee80211_cfg_on_oper_channel(local); 1081 local->tmp_channel = NULL; 1082 /* If tmp_channel wasn't operating channel, then 1083 * we need to go back on-channel. 1084 * NOTE: If we can ever be here while scannning, 1085 * or if the hw_config() channel config logic changes, 1086 * then we may need to do a more thorough check to see if 1087 * we still need to do a hardware config. Currently, 1088 * we cannot be here while scanning, however. 1089 */ 1090 if (ieee80211_cfg_on_oper_channel(local) && !on_oper_chan) 1091 ieee80211_hw_config(local, 0); 1092 1093 /* At the least, we need to disable offchannel_ps, 1094 * so just go ahead and run the entire offchannel 1095 * return logic here. We *could* skip enabling 1096 * beaconing if we were already on-oper-channel 1097 * as a future optimization. 1098 */ 1099 ieee80211_offchannel_return(local, true, true); 1100 1101 /* give connection some time to breathe */ 1102 run_again(local, jiffies + HZ/2); 1103 } 1104 1105 if (list_empty(&local->work_list) && local->scan_req && 1106 !local->scanning) 1107 ieee80211_queue_delayed_work(&local->hw, 1108 &local->scan_work, 1109 round_jiffies_relative(0)); 1110 1111 ieee80211_recalc_idle(local); 1112 1113 mutex_unlock(&local->mtx); 1114 1115 list_for_each_entry_safe(wk, tmp, &free_work, list) { 1116 wk->done(wk, NULL); 1117 list_del(&wk->list); 1118 kfree(wk); 1119 } 1120} 1121 1122void ieee80211_add_work(struct ieee80211_work *wk) 1123{ 1124 struct ieee80211_local *local; 1125 1126 if (WARN_ON(!wk->chan)) 1127 return; 1128 1129 if (WARN_ON(!wk->sdata)) 1130 return; 1131 1132 if (WARN_ON(!wk->done)) 1133 return; 1134 1135 if (WARN_ON(!ieee80211_sdata_running(wk->sdata))) 1136 return; 1137 1138 wk->started = false; 1139 1140 local = wk->sdata->local; 1141 mutex_lock(&local->mtx); 1142 list_add_tail(&wk->list, &local->work_list); 1143 mutex_unlock(&local->mtx); 1144 1145 ieee80211_queue_work(&local->hw, &local->work_work); 1146} 1147 1148void ieee80211_work_init(struct ieee80211_local *local) 1149{ 1150 INIT_LIST_HEAD(&local->work_list); 1151 setup_timer(&local->work_timer, ieee80211_work_timer, 1152 (unsigned long)local); 1153 INIT_WORK(&local->work_work, ieee80211_work_work); 1154 skb_queue_head_init(&local->work_skb_queue); 1155} 1156 1157void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata) 1158{ 1159 struct ieee80211_local *local = sdata->local; 1160 struct ieee80211_work *wk; 1161 bool cleanup = false; 1162 1163 mutex_lock(&local->mtx); 1164 list_for_each_entry(wk, &local->work_list, list) { 1165 if (wk->sdata != sdata) 1166 continue; 1167 cleanup = true; 1168 wk->type = IEEE80211_WORK_ABORT; 1169 wk->started = true; 1170 wk->timeout = jiffies; 1171 } 1172 mutex_unlock(&local->mtx); 1173 1174 /* run cleanups etc. */ 1175 if (cleanup) 1176 ieee80211_work_work(&local->work_work); 1177 1178 mutex_lock(&local->mtx); 1179 list_for_each_entry(wk, &local->work_list, list) { 1180 if (wk->sdata != sdata) 1181 continue; 1182 WARN_ON(1); 1183 break; 1184 } 1185 mutex_unlock(&local->mtx); 1186} 1187 1188ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata, 1189 struct sk_buff *skb) 1190{ 1191 struct ieee80211_local *local = sdata->local; 1192 struct ieee80211_mgmt *mgmt; 1193 struct ieee80211_work *wk; 1194 u16 fc; 1195 1196 if (skb->len < 24) 1197 return RX_DROP_MONITOR; 1198 1199 mgmt = (struct ieee80211_mgmt *) skb->data; 1200 fc = le16_to_cpu(mgmt->frame_control); 1201 1202 list_for_each_entry_rcu(wk, &local->work_list, list) { 1203 if (sdata != wk->sdata) 1204 continue; 1205 if (compare_ether_addr(wk->filter_ta, mgmt->sa)) 1206 continue; 1207 if (compare_ether_addr(wk->filter_ta, mgmt->bssid)) 1208 continue; 1209 1210 switch (fc & IEEE80211_FCTL_STYPE) { 1211 case IEEE80211_STYPE_AUTH: 1212 case IEEE80211_STYPE_PROBE_RESP: 1213 case IEEE80211_STYPE_ASSOC_RESP: 1214 case IEEE80211_STYPE_REASSOC_RESP: 1215 case IEEE80211_STYPE_BEACON: 1216 skb_queue_tail(&local->work_skb_queue, skb); 1217 ieee80211_queue_work(&local->hw, &local->work_work); 1218 return RX_QUEUED; 1219 } 1220 } 1221 1222 return RX_CONTINUE; 1223} 1224 1225static enum work_done_result ieee80211_remain_done(struct ieee80211_work *wk, 1226 struct sk_buff *skb) 1227{ 1228 /* 1229 * We are done serving the remain-on-channel command. 1230 */ 1231 cfg80211_remain_on_channel_expired(wk->sdata->dev, (unsigned long) wk, 1232 wk->chan, wk->chan_type, 1233 GFP_KERNEL); 1234 1235 return WORK_DONE_DESTROY; 1236} 1237 1238int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata, 1239 struct ieee80211_channel *chan, 1240 enum nl80211_channel_type channel_type, 1241 unsigned int duration, u64 *cookie) 1242{ 1243 struct ieee80211_work *wk; 1244 1245 wk = kzalloc(sizeof(*wk), GFP_KERNEL); 1246 if (!wk) 1247 return -ENOMEM; 1248 1249 wk->type = IEEE80211_WORK_REMAIN_ON_CHANNEL; 1250 wk->chan = chan; 1251 wk->chan_type = channel_type; 1252 wk->sdata = sdata; 1253 wk->done = ieee80211_remain_done; 1254 1255 wk->remain.duration = duration; 1256 1257 *cookie = (unsigned long) wk; 1258 1259 ieee80211_add_work(wk); 1260 1261 return 0; 1262} 1263 1264int ieee80211_wk_cancel_remain_on_channel(struct ieee80211_sub_if_data *sdata, 1265 u64 cookie) 1266{ 1267 struct ieee80211_local *local = sdata->local; 1268 struct ieee80211_work *wk, *tmp; 1269 bool found = false; 1270 1271 mutex_lock(&local->mtx); 1272 list_for_each_entry_safe(wk, tmp, &local->work_list, list) { 1273 if ((unsigned long) wk == cookie) { 1274 wk->timeout = jiffies; 1275 found = true; 1276 break; 1277 } 1278 } 1279 mutex_unlock(&local->mtx); 1280 1281 if (!found) 1282 return -ENOENT; 1283 1284 ieee80211_queue_work(&local->hw, &local->work_work); 1285 1286 return 0; 1287}