tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / mac80211 / work.c
at v3.3-rc2 1187 lines 30 kB view raw
1/* 2 * mac80211 work implementation 3 * 4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi> 5 * Copyright 2004, Instant802 Networks, Inc. 6 * Copyright 2005, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * Copyright 2009, Johannes Berg <johannes@sipsolutions.net> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 */ 15 16#include <linux/delay.h> 17#include <linux/if_ether.h> 18#include <linux/skbuff.h> 19#include <linux/if_arp.h> 20#include <linux/etherdevice.h> 21#include <linux/crc32.h> 22#include <linux/slab.h> 23#include <net/mac80211.h> 24#include <asm/unaligned.h> 25 26#include "ieee80211_i.h" 27#include "rate.h" 28#include "driver-ops.h" 29 30#define IEEE80211_AUTH_TIMEOUT (HZ / 5) 31#define IEEE80211_AUTH_MAX_TRIES 3 32#define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 33#define IEEE80211_ASSOC_MAX_TRIES 3 34 35enum work_action { 36 WORK_ACT_MISMATCH, 37 WORK_ACT_NONE, 38 WORK_ACT_TIMEOUT, 39 WORK_ACT_DONE, 40}; 41 42 43/* utils */ 44static inline void ASSERT_WORK_MTX(struct ieee80211_local *local) 45{ 46 lockdep_assert_held(&local->mtx); 47} 48 49/* 50 * We can have multiple work items (and connection probing) 51 * scheduling this timer, but we need to take care to only 52 * reschedule it when it should fire _earlier_ than it was 53 * asked for before, or if it's not pending right now. This 54 * function ensures that. Note that it then is required to 55 * run this function for all timeouts after the first one 56 * has happened -- the work that runs from this timer will 57 * do that. 58 */ 59static void run_again(struct ieee80211_local *local, 60 unsigned long timeout) 61{ 62 ASSERT_WORK_MTX(local); 63 64 if (!timer_pending(&local->work_timer) || 65 time_before(timeout, local->work_timer.expires)) 66 mod_timer(&local->work_timer, timeout); 67} 68 69void free_work(struct ieee80211_work *wk) 70{ 71 kfree_rcu(wk, rcu_head); 72} 73 74static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 75 struct ieee80211_supported_band *sband, 76 u32 *rates) 77{ 78 int i, j, count; 79 *rates = 0; 80 count = 0; 81 for (i = 0; i < supp_rates_len; i++) { 82 int rate = (supp_rates[i] & 0x7F) * 5; 83 84 for (j = 0; j < sband->n_bitrates; j++) 85 if (sband->bitrates[j].bitrate == rate) { 86 *rates |= BIT(j); 87 count++; 88 break; 89 } 90 } 91 92 return count; 93} 94 95/* frame sending functions */ 96 97static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata, 98 struct sk_buff *skb, const u8 *ht_info_ie, 99 struct ieee80211_supported_band *sband, 100 struct ieee80211_channel *channel, 101 enum ieee80211_smps_mode smps) 102{ 103 struct ieee80211_ht_info *ht_info; 104 u8 *pos; 105 u32 flags = channel->flags; 106 u16 cap; 107 struct ieee80211_sta_ht_cap ht_cap; 108 109 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap)); 110 111 if (!sband->ht_cap.ht_supported) 112 return; 113 114 if (!ht_info_ie) 115 return; 116 117 if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info)) 118 return; 119 120 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap)); 121 ieee80211_apply_htcap_overrides(sdata, &ht_cap); 122 123 ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2); 124 125 /* determine capability flags */ 126 cap = ht_cap.cap; 127 128 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 129 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 130 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 131 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 132 cap &= ~IEEE80211_HT_CAP_SGI_40; 133 } 134 break; 135 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 136 if (flags & IEEE80211_CHAN_NO_HT40MINUS) { 137 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 138 cap &= ~IEEE80211_HT_CAP_SGI_40; 139 } 140 break; 141 } 142 143 /* set SM PS mode properly */ 144 cap &= ~IEEE80211_HT_CAP_SM_PS; 145 switch (smps) { 146 case IEEE80211_SMPS_AUTOMATIC: 147 case IEEE80211_SMPS_NUM_MODES: 148 WARN_ON(1); 149 case IEEE80211_SMPS_OFF: 150 cap |= WLAN_HT_CAP_SM_PS_DISABLED << 151 IEEE80211_HT_CAP_SM_PS_SHIFT; 152 break; 153 case IEEE80211_SMPS_STATIC: 154 cap |= WLAN_HT_CAP_SM_PS_STATIC << 155 IEEE80211_HT_CAP_SM_PS_SHIFT; 156 break; 157 case IEEE80211_SMPS_DYNAMIC: 158 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC << 159 IEEE80211_HT_CAP_SM_PS_SHIFT; 160 break; 161 } 162 163 /* reserve and fill IE */ 164 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2); 165 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap); 166} 167 168static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata, 169 struct ieee80211_work *wk) 170{ 171 struct ieee80211_local *local = sdata->local; 172 struct sk_buff *skb; 173 struct ieee80211_mgmt *mgmt; 174 u8 *pos, qos_info; 175 size_t offset = 0, noffset; 176 int i, count, rates_len, supp_rates_len; 177 u16 capab; 178 struct ieee80211_supported_band *sband; 179 u32 rates = 0; 180 181 sband = local->hw.wiphy->bands[wk->chan->band]; 182 183 if (wk->assoc.supp_rates_len) { 184 /* 185 * Get all rates supported by the device and the AP as 186 * some APs don't like getting a superset of their rates 187 * in the association request (e.g. D-Link DAP 1353 in 188 * b-only mode)... 189 */ 190 rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates, 191 wk->assoc.supp_rates_len, 192 sband, &rates); 193 } else { 194 /* 195 * In case AP not provide any supported rates information 196 * before association, we send information element(s) with 197 * all rates that we support. 198 */ 199 rates = ~0; 200 rates_len = sband->n_bitrates; 201 } 202 203 skb = alloc_skb(local->hw.extra_tx_headroom + 204 sizeof(*mgmt) + /* bit too much but doesn't matter */ 205 2 + wk->assoc.ssid_len + /* SSID */ 206 4 + rates_len + /* (extended) rates */ 207 4 + /* power capability */ 208 2 + 2 * sband->n_channels + /* supported channels */ 209 2 + sizeof(struct ieee80211_ht_cap) + /* HT */ 210 wk->ie_len + /* extra IEs */ 211 9, /* WMM */ 212 GFP_KERNEL); 213 if (!skb) 214 return; 215 216 skb_reserve(skb, local->hw.extra_tx_headroom); 217 218 capab = WLAN_CAPABILITY_ESS; 219 220 if (sband->band == IEEE80211_BAND_2GHZ) { 221 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)) 222 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 223 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)) 224 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 225 } 226 227 if (wk->assoc.capability & WLAN_CAPABILITY_PRIVACY) 228 capab |= WLAN_CAPABILITY_PRIVACY; 229 230 if ((wk->assoc.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) && 231 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)) 232 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 233 234 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 235 memset(mgmt, 0, 24); 236 memcpy(mgmt->da, wk->filter_ta, ETH_ALEN); 237 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 238 memcpy(mgmt->bssid, wk->filter_ta, ETH_ALEN); 239 240 if (!is_zero_ether_addr(wk->assoc.prev_bssid)) { 241 skb_put(skb, 10); 242 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 243 IEEE80211_STYPE_REASSOC_REQ); 244 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 245 mgmt->u.reassoc_req.listen_interval = 246 cpu_to_le16(local->hw.conf.listen_interval); 247 memcpy(mgmt->u.reassoc_req.current_ap, wk->assoc.prev_bssid, 248 ETH_ALEN); 249 } else { 250 skb_put(skb, 4); 251 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 252 IEEE80211_STYPE_ASSOC_REQ); 253 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 254 mgmt->u.assoc_req.listen_interval = 255 cpu_to_le16(local->hw.conf.listen_interval); 256 } 257 258 /* SSID */ 259 pos = skb_put(skb, 2 + wk->assoc.ssid_len); 260 *pos++ = WLAN_EID_SSID; 261 *pos++ = wk->assoc.ssid_len; 262 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len); 263 264 /* add all rates which were marked to be used above */ 265 supp_rates_len = rates_len; 266 if (supp_rates_len > 8) 267 supp_rates_len = 8; 268 269 pos = skb_put(skb, supp_rates_len + 2); 270 *pos++ = WLAN_EID_SUPP_RATES; 271 *pos++ = supp_rates_len; 272 273 count = 0; 274 for (i = 0; i < sband->n_bitrates; i++) { 275 if (BIT(i) & rates) { 276 int rate = sband->bitrates[i].bitrate; 277 *pos++ = (u8) (rate / 5); 278 if (++count == 8) 279 break; 280 } 281 } 282 283 if (rates_len > count) { 284 pos = skb_put(skb, rates_len - count + 2); 285 *pos++ = WLAN_EID_EXT_SUPP_RATES; 286 *pos++ = rates_len - count; 287 288 for (i++; i < sband->n_bitrates; i++) { 289 if (BIT(i) & rates) { 290 int rate = sband->bitrates[i].bitrate; 291 *pos++ = (u8) (rate / 5); 292 } 293 } 294 } 295 296 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) { 297 /* 1. power capabilities */ 298 pos = skb_put(skb, 4); 299 *pos++ = WLAN_EID_PWR_CAPABILITY; 300 *pos++ = 2; 301 *pos++ = 0; /* min tx power */ 302 *pos++ = wk->chan->max_power; /* max tx power */ 303 304 /* 2. supported channels */ 305 /* TODO: get this in reg domain format */ 306 pos = skb_put(skb, 2 * sband->n_channels + 2); 307 *pos++ = WLAN_EID_SUPPORTED_CHANNELS; 308 *pos++ = 2 * sband->n_channels; 309 for (i = 0; i < sband->n_channels; i++) { 310 *pos++ = ieee80211_frequency_to_channel( 311 sband->channels[i].center_freq); 312 *pos++ = 1; /* one channel in the subband*/ 313 } 314 } 315 316 /* if present, add any custom IEs that go before HT */ 317 if (wk->ie_len && wk->ie) { 318 static const u8 before_ht[] = { 319 WLAN_EID_SSID, 320 WLAN_EID_SUPP_RATES, 321 WLAN_EID_EXT_SUPP_RATES, 322 WLAN_EID_PWR_CAPABILITY, 323 WLAN_EID_SUPPORTED_CHANNELS, 324 WLAN_EID_RSN, 325 WLAN_EID_QOS_CAPA, 326 WLAN_EID_RRM_ENABLED_CAPABILITIES, 327 WLAN_EID_MOBILITY_DOMAIN, 328 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 329 }; 330 noffset = ieee80211_ie_split(wk->ie, wk->ie_len, 331 before_ht, ARRAY_SIZE(before_ht), 332 offset); 333 pos = skb_put(skb, noffset - offset); 334 memcpy(pos, wk->ie + offset, noffset - offset); 335 offset = noffset; 336 } 337 338 if (wk->assoc.use_11n && wk->assoc.wmm_used && 339 local->hw.queues >= 4) 340 ieee80211_add_ht_ie(sdata, skb, wk->assoc.ht_information_ie, 341 sband, wk->chan, wk->assoc.smps); 342 343 /* if present, add any custom non-vendor IEs that go after HT */ 344 if (wk->ie_len && wk->ie) { 345 noffset = ieee80211_ie_split_vendor(wk->ie, wk->ie_len, 346 offset); 347 pos = skb_put(skb, noffset - offset); 348 memcpy(pos, wk->ie + offset, noffset - offset); 349 offset = noffset; 350 } 351 352 if (wk->assoc.wmm_used && local->hw.queues >= 4) { 353 if (wk->assoc.uapsd_used) { 354 qos_info = local->uapsd_queues; 355 qos_info |= (local->uapsd_max_sp_len << 356 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT); 357 } else { 358 qos_info = 0; 359 } 360 361 pos = skb_put(skb, 9); 362 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 363 *pos++ = 7; /* len */ 364 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 365 *pos++ = 0x50; 366 *pos++ = 0xf2; 367 *pos++ = 2; /* WME */ 368 *pos++ = 0; /* WME info */ 369 *pos++ = 1; /* WME ver */ 370 *pos++ = qos_info; 371 } 372 373 /* add any remaining custom (i.e. vendor specific here) IEs */ 374 if (wk->ie_len && wk->ie) { 375 noffset = wk->ie_len; 376 pos = skb_put(skb, noffset - offset); 377 memcpy(pos, wk->ie + offset, noffset - offset); 378 } 379 380 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 381 ieee80211_tx_skb(sdata, skb); 382} 383 384static void ieee80211_remove_auth_bss(struct ieee80211_local *local, 385 struct ieee80211_work *wk) 386{ 387 struct cfg80211_bss *cbss; 388 u16 capa_val = WLAN_CAPABILITY_ESS; 389 390 if (wk->probe_auth.privacy) 391 capa_val |= WLAN_CAPABILITY_PRIVACY; 392 393 cbss = cfg80211_get_bss(local->hw.wiphy, wk->chan, wk->filter_ta, 394 wk->probe_auth.ssid, wk->probe_auth.ssid_len, 395 WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY, 396 capa_val); 397 if (!cbss) 398 return; 399 400 cfg80211_unlink_bss(local->hw.wiphy, cbss); 401 cfg80211_put_bss(cbss); 402} 403 404static enum work_action __must_check 405ieee80211_direct_probe(struct ieee80211_work *wk) 406{ 407 struct ieee80211_sub_if_data *sdata = wk->sdata; 408 struct ieee80211_local *local = sdata->local; 409 410 if (!wk->probe_auth.synced) { 411 int ret = drv_tx_sync(local, sdata, wk->filter_ta, 412 IEEE80211_TX_SYNC_AUTH); 413 if (ret) 414 return WORK_ACT_TIMEOUT; 415 } 416 wk->probe_auth.synced = true; 417 418 wk->probe_auth.tries++; 419 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) { 420 printk(KERN_DEBUG "%s: direct probe to %pM timed out\n", 421 sdata->name, wk->filter_ta); 422 423 /* 424 * Most likely AP is not in the range so remove the 425 * bss struct for that AP. 426 */ 427 ieee80211_remove_auth_bss(local, wk); 428 429 return WORK_ACT_TIMEOUT; 430 } 431 432 printk(KERN_DEBUG "%s: direct probe to %pM (try %d/%i)\n", 433 sdata->name, wk->filter_ta, wk->probe_auth.tries, 434 IEEE80211_AUTH_MAX_TRIES); 435 436 /* 437 * Direct probe is sent to broadcast address as some APs 438 * will not answer to direct packet in unassociated state. 439 */ 440 ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid, 441 wk->probe_auth.ssid_len, NULL, 0, 442 (u32) -1, true, false); 443 444 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 445 run_again(local, wk->timeout); 446 447 return WORK_ACT_NONE; 448} 449 450 451static enum work_action __must_check 452ieee80211_authenticate(struct ieee80211_work *wk) 453{ 454 struct ieee80211_sub_if_data *sdata = wk->sdata; 455 struct ieee80211_local *local = sdata->local; 456 457 if (!wk->probe_auth.synced) { 458 int ret = drv_tx_sync(local, sdata, wk->filter_ta, 459 IEEE80211_TX_SYNC_AUTH); 460 if (ret) 461 return WORK_ACT_TIMEOUT; 462 } 463 wk->probe_auth.synced = true; 464 465 wk->probe_auth.tries++; 466 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) { 467 printk(KERN_DEBUG "%s: authentication with %pM" 468 " timed out\n", sdata->name, wk->filter_ta); 469 470 /* 471 * Most likely AP is not in the range so remove the 472 * bss struct for that AP. 473 */ 474 ieee80211_remove_auth_bss(local, wk); 475 476 return WORK_ACT_TIMEOUT; 477 } 478 479 printk(KERN_DEBUG "%s: authenticate with %pM (try %d)\n", 480 sdata->name, wk->filter_ta, wk->probe_auth.tries); 481 482 ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie, 483 wk->ie_len, wk->filter_ta, NULL, 0, 0); 484 wk->probe_auth.transaction = 2; 485 486 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; 487 run_again(local, wk->timeout); 488 489 return WORK_ACT_NONE; 490} 491 492static enum work_action __must_check 493ieee80211_associate(struct ieee80211_work *wk) 494{ 495 struct ieee80211_sub_if_data *sdata = wk->sdata; 496 struct ieee80211_local *local = sdata->local; 497 498 if (!wk->assoc.synced) { 499 int ret = drv_tx_sync(local, sdata, wk->filter_ta, 500 IEEE80211_TX_SYNC_ASSOC); 501 if (ret) 502 return WORK_ACT_TIMEOUT; 503 } 504 wk->assoc.synced = true; 505 506 wk->assoc.tries++; 507 if (wk->assoc.tries > IEEE80211_ASSOC_MAX_TRIES) { 508 printk(KERN_DEBUG "%s: association with %pM" 509 " timed out\n", 510 sdata->name, wk->filter_ta); 511 512 /* 513 * Most likely AP is not in the range so remove the 514 * bss struct for that AP. 515 */ 516 if (wk->assoc.bss) 517 cfg80211_unlink_bss(local->hw.wiphy, wk->assoc.bss); 518 519 return WORK_ACT_TIMEOUT; 520 } 521 522 printk(KERN_DEBUG "%s: associate with %pM (try %d)\n", 523 sdata->name, wk->filter_ta, wk->assoc.tries); 524 ieee80211_send_assoc(sdata, wk); 525 526 wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT; 527 run_again(local, wk->timeout); 528 529 return WORK_ACT_NONE; 530} 531 532static enum work_action __must_check 533ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk) 534{ 535 /* 536 * First time we run, do nothing -- the generic code will 537 * have switched to the right channel etc. 538 */ 539 if (!wk->started) { 540 wk->timeout = jiffies + msecs_to_jiffies(wk->remain.duration); 541 542 cfg80211_ready_on_channel(wk->sdata->dev, (unsigned long) wk, 543 wk->chan, wk->chan_type, 544 wk->remain.duration, GFP_KERNEL); 545 546 return WORK_ACT_NONE; 547 } 548 549 return WORK_ACT_TIMEOUT; 550} 551 552static enum work_action __must_check 553ieee80211_offchannel_tx(struct ieee80211_work *wk) 554{ 555 if (!wk->started) { 556 wk->timeout = jiffies + msecs_to_jiffies(wk->offchan_tx.wait); 557 558 /* 559 * After this, offchan_tx.frame remains but now is no 560 * longer a valid pointer -- we still need it as the 561 * cookie for canceling this work/status matching. 562 */ 563 ieee80211_tx_skb(wk->sdata, wk->offchan_tx.frame); 564 565 return WORK_ACT_NONE; 566 } 567 568 return WORK_ACT_TIMEOUT; 569} 570 571static enum work_action __must_check 572ieee80211_assoc_beacon_wait(struct ieee80211_work *wk) 573{ 574 if (wk->started) 575 return WORK_ACT_TIMEOUT; 576 577 /* 578 * Wait up to one beacon interval ... 579 * should this be more if we miss one? 580 */ 581 printk(KERN_DEBUG "%s: waiting for beacon from %pM\n", 582 wk->sdata->name, wk->filter_ta); 583 wk->timeout = TU_TO_EXP_TIME(wk->assoc.bss->beacon_interval); 584 return WORK_ACT_NONE; 585} 586 587static void ieee80211_auth_challenge(struct ieee80211_work *wk, 588 struct ieee80211_mgmt *mgmt, 589 size_t len) 590{ 591 struct ieee80211_sub_if_data *sdata = wk->sdata; 592 u8 *pos; 593 struct ieee802_11_elems elems; 594 595 pos = mgmt->u.auth.variable; 596 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 597 if (!elems.challenge) 598 return; 599 ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm, 600 elems.challenge - 2, elems.challenge_len + 2, 601 wk->filter_ta, wk->probe_auth.key, 602 wk->probe_auth.key_len, wk->probe_auth.key_idx); 603 wk->probe_auth.transaction = 4; 604} 605 606static enum work_action __must_check 607ieee80211_rx_mgmt_auth(struct ieee80211_work *wk, 608 struct ieee80211_mgmt *mgmt, size_t len) 609{ 610 u16 auth_alg, auth_transaction, status_code; 611 612 if (wk->type != IEEE80211_WORK_AUTH) 613 return WORK_ACT_MISMATCH; 614 615 if (len < 24 + 6) 616 return WORK_ACT_NONE; 617 618 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 619 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 620 status_code = le16_to_cpu(mgmt->u.auth.status_code); 621 622 if (auth_alg != wk->probe_auth.algorithm || 623 auth_transaction != wk->probe_auth.transaction) 624 return WORK_ACT_NONE; 625 626 if (status_code != WLAN_STATUS_SUCCESS) { 627 printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n", 628 wk->sdata->name, mgmt->sa, status_code); 629 return WORK_ACT_DONE; 630 } 631 632 switch (wk->probe_auth.algorithm) { 633 case WLAN_AUTH_OPEN: 634 case WLAN_AUTH_LEAP: 635 case WLAN_AUTH_FT: 636 break; 637 case WLAN_AUTH_SHARED_KEY: 638 if (wk->probe_auth.transaction != 4) { 639 ieee80211_auth_challenge(wk, mgmt, len); 640 /* need another frame */ 641 return WORK_ACT_NONE; 642 } 643 break; 644 default: 645 WARN_ON(1); 646 return WORK_ACT_NONE; 647 } 648 649 printk(KERN_DEBUG "%s: authenticated\n", wk->sdata->name); 650 return WORK_ACT_DONE; 651} 652 653static enum work_action __must_check 654ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk, 655 struct ieee80211_mgmt *mgmt, size_t len, 656 bool reassoc) 657{ 658 struct ieee80211_sub_if_data *sdata = wk->sdata; 659 struct ieee80211_local *local = sdata->local; 660 u16 capab_info, status_code, aid; 661 struct ieee802_11_elems elems; 662 u8 *pos; 663 664 if (wk->type != IEEE80211_WORK_ASSOC) 665 return WORK_ACT_MISMATCH; 666 667 /* 668 * AssocResp and ReassocResp have identical structure, so process both 669 * of them in this function. 670 */ 671 672 if (len < 24 + 6) 673 return WORK_ACT_NONE; 674 675 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 676 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 677 aid = le16_to_cpu(mgmt->u.assoc_resp.aid); 678 679 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x " 680 "status=%d aid=%d)\n", 681 sdata->name, reassoc ? "Rea" : "A", mgmt->sa, 682 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 683 684 pos = mgmt->u.assoc_resp.variable; 685 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 686 687 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 688 elems.timeout_int && elems.timeout_int_len == 5 && 689 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 690 u32 tu, ms; 691 tu = get_unaligned_le32(elems.timeout_int + 1); 692 ms = tu * 1024 / 1000; 693 printk(KERN_DEBUG "%s: %pM rejected association temporarily; " 694 "comeback duration %u TU (%u ms)\n", 695 sdata->name, mgmt->sa, tu, ms); 696 wk->timeout = jiffies + msecs_to_jiffies(ms); 697 if (ms > IEEE80211_ASSOC_TIMEOUT) 698 run_again(local, wk->timeout); 699 return WORK_ACT_NONE; 700 } 701 702 if (status_code != WLAN_STATUS_SUCCESS) 703 printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n", 704 sdata->name, mgmt->sa, status_code); 705 else 706 printk(KERN_DEBUG "%s: associated\n", sdata->name); 707 708 return WORK_ACT_DONE; 709} 710 711static enum work_action __must_check 712ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk, 713 struct ieee80211_mgmt *mgmt, size_t len, 714 struct ieee80211_rx_status *rx_status) 715{ 716 struct ieee80211_sub_if_data *sdata = wk->sdata; 717 struct ieee80211_local *local = sdata->local; 718 size_t baselen; 719 720 ASSERT_WORK_MTX(local); 721 722 if (wk->type != IEEE80211_WORK_DIRECT_PROBE) 723 return WORK_ACT_MISMATCH; 724 725 if (len < 24 + 12) 726 return WORK_ACT_NONE; 727 728 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 729 if (baselen > len) 730 return WORK_ACT_NONE; 731 732 printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name); 733 return WORK_ACT_DONE; 734} 735 736static enum work_action __must_check 737ieee80211_rx_mgmt_beacon(struct ieee80211_work *wk, 738 struct ieee80211_mgmt *mgmt, size_t len) 739{ 740 struct ieee80211_sub_if_data *sdata = wk->sdata; 741 struct ieee80211_local *local = sdata->local; 742 743 ASSERT_WORK_MTX(local); 744 745 if (wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT) 746 return WORK_ACT_MISMATCH; 747 748 if (len < 24 + 12) 749 return WORK_ACT_NONE; 750 751 printk(KERN_DEBUG "%s: beacon received\n", sdata->name); 752 return WORK_ACT_DONE; 753} 754 755static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local, 756 struct sk_buff *skb) 757{ 758 struct ieee80211_rx_status *rx_status; 759 struct ieee80211_mgmt *mgmt; 760 struct ieee80211_work *wk; 761 enum work_action rma = WORK_ACT_NONE; 762 u16 fc; 763 764 rx_status = (struct ieee80211_rx_status *) skb->cb; 765 mgmt = (struct ieee80211_mgmt *) skb->data; 766 fc = le16_to_cpu(mgmt->frame_control); 767 768 mutex_lock(&local->mtx); 769 770 list_for_each_entry(wk, &local->work_list, list) { 771 const u8 *bssid = NULL; 772 773 switch (wk->type) { 774 case IEEE80211_WORK_DIRECT_PROBE: 775 case IEEE80211_WORK_AUTH: 776 case IEEE80211_WORK_ASSOC: 777 case IEEE80211_WORK_ASSOC_BEACON_WAIT: 778 bssid = wk->filter_ta; 779 break; 780 default: 781 continue; 782 } 783 784 /* 785 * Before queuing, we already verified mgmt->sa, 786 * so this is needed just for matching. 787 */ 788 if (compare_ether_addr(bssid, mgmt->bssid)) 789 continue; 790 791 switch (fc & IEEE80211_FCTL_STYPE) { 792 case IEEE80211_STYPE_BEACON: 793 rma = ieee80211_rx_mgmt_beacon(wk, mgmt, skb->len); 794 break; 795 case IEEE80211_STYPE_PROBE_RESP: 796 rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len, 797 rx_status); 798 break; 799 case IEEE80211_STYPE_AUTH: 800 rma = ieee80211_rx_mgmt_auth(wk, mgmt, skb->len); 801 break; 802 case IEEE80211_STYPE_ASSOC_RESP: 803 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt, 804 skb->len, false); 805 break; 806 case IEEE80211_STYPE_REASSOC_RESP: 807 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt, 808 skb->len, true); 809 break; 810 default: 811 WARN_ON(1); 812 rma = WORK_ACT_NONE; 813 } 814 815 /* 816 * We've either received an unexpected frame, or we have 817 * multiple work items and need to match the frame to the 818 * right one. 819 */ 820 if (rma == WORK_ACT_MISMATCH) 821 continue; 822 823 /* 824 * We've processed this frame for that work, so it can't 825 * belong to another work struct. 826 * NB: this is also required for correctness for 'rma'! 827 */ 828 break; 829 } 830 831 switch (rma) { 832 case WORK_ACT_MISMATCH: 833 /* ignore this unmatched frame */ 834 break; 835 case WORK_ACT_NONE: 836 break; 837 case WORK_ACT_DONE: 838 list_del_rcu(&wk->list); 839 break; 840 default: 841 WARN(1, "unexpected: %d", rma); 842 } 843 844 mutex_unlock(&local->mtx); 845 846 if (rma != WORK_ACT_DONE) 847 goto out; 848 849 switch (wk->done(wk, skb)) { 850 case WORK_DONE_DESTROY: 851 free_work(wk); 852 break; 853 case WORK_DONE_REQUEUE: 854 synchronize_rcu(); 855 wk->started = false; /* restart */ 856 mutex_lock(&local->mtx); 857 list_add_tail(&wk->list, &local->work_list); 858 mutex_unlock(&local->mtx); 859 } 860 861 out: 862 kfree_skb(skb); 863} 864 865static void ieee80211_work_timer(unsigned long data) 866{ 867 struct ieee80211_local *local = (void *) data; 868 869 if (local->quiescing) 870 return; 871 872 ieee80211_queue_work(&local->hw, &local->work_work); 873} 874 875static void ieee80211_work_work(struct work_struct *work) 876{ 877 struct ieee80211_local *local = 878 container_of(work, struct ieee80211_local, work_work); 879 struct sk_buff *skb; 880 struct ieee80211_work *wk, *tmp; 881 LIST_HEAD(free_work); 882 enum work_action rma; 883 bool remain_off_channel = false; 884 885 if (local->scanning) 886 return; 887 888 /* 889 * ieee80211_queue_work() should have picked up most cases, 890 * here we'll pick the rest. 891 */ 892 if (WARN(local->suspended, "work scheduled while going to suspend\n")) 893 return; 894 895 /* first process frames to avoid timing out while a frame is pending */ 896 while ((skb = skb_dequeue(&local->work_skb_queue))) 897 ieee80211_work_rx_queued_mgmt(local, skb); 898 899 mutex_lock(&local->mtx); 900 901 ieee80211_recalc_idle(local); 902 903 list_for_each_entry_safe(wk, tmp, &local->work_list, list) { 904 bool started = wk->started; 905 906 /* mark work as started if it's on the current off-channel */ 907 if (!started && local->tmp_channel && 908 wk->chan == local->tmp_channel && 909 wk->chan_type == local->tmp_channel_type) { 910 started = true; 911 wk->timeout = jiffies; 912 } 913 914 if (!started && !local->tmp_channel) { 915 ieee80211_offchannel_stop_vifs(local, true); 916 917 local->tmp_channel = wk->chan; 918 local->tmp_channel_type = wk->chan_type; 919 920 ieee80211_hw_config(local, 0); 921 922 started = true; 923 wk->timeout = jiffies; 924 } 925 926 /* don't try to work with items that aren't started */ 927 if (!started) 928 continue; 929 930 if (time_is_after_jiffies(wk->timeout)) { 931 /* 932 * This work item isn't supposed to be worked on 933 * right now, but take care to adjust the timer 934 * properly. 935 */ 936 run_again(local, wk->timeout); 937 continue; 938 } 939 940 switch (wk->type) { 941 default: 942 WARN_ON(1); 943 /* nothing */ 944 rma = WORK_ACT_NONE; 945 break; 946 case IEEE80211_WORK_ABORT: 947 rma = WORK_ACT_TIMEOUT; 948 break; 949 case IEEE80211_WORK_DIRECT_PROBE: 950 rma = ieee80211_direct_probe(wk); 951 break; 952 case IEEE80211_WORK_AUTH: 953 rma = ieee80211_authenticate(wk); 954 break; 955 case IEEE80211_WORK_ASSOC: 956 rma = ieee80211_associate(wk); 957 break; 958 case IEEE80211_WORK_REMAIN_ON_CHANNEL: 959 rma = ieee80211_remain_on_channel_timeout(wk); 960 break; 961 case IEEE80211_WORK_OFFCHANNEL_TX: 962 rma = ieee80211_offchannel_tx(wk); 963 break; 964 case IEEE80211_WORK_ASSOC_BEACON_WAIT: 965 rma = ieee80211_assoc_beacon_wait(wk); 966 break; 967 } 968 969 wk->started = started; 970 971 switch (rma) { 972 case WORK_ACT_NONE: 973 /* might have changed the timeout */ 974 run_again(local, wk->timeout); 975 break; 976 case WORK_ACT_TIMEOUT: 977 list_del_rcu(&wk->list); 978 synchronize_rcu(); 979 list_add(&wk->list, &free_work); 980 break; 981 default: 982 WARN(1, "unexpected: %d", rma); 983 } 984 } 985 986 list_for_each_entry(wk, &local->work_list, list) { 987 if (!wk->started) 988 continue; 989 if (wk->chan != local->tmp_channel || 990 wk->chan_type != local->tmp_channel_type) 991 continue; 992 remain_off_channel = true; 993 } 994 995 if (!remain_off_channel && local->tmp_channel) { 996 local->tmp_channel = NULL; 997 ieee80211_hw_config(local, 0); 998 999 ieee80211_offchannel_return(local, true); 1000 1001 /* give connection some time to breathe */ 1002 run_again(local, jiffies + HZ/2); 1003 } 1004 1005 if (list_empty(&local->work_list) && local->scan_req && 1006 !local->scanning) 1007 ieee80211_queue_delayed_work(&local->hw, 1008 &local->scan_work, 1009 round_jiffies_relative(0)); 1010 1011 ieee80211_recalc_idle(local); 1012 1013 mutex_unlock(&local->mtx); 1014 1015 list_for_each_entry_safe(wk, tmp, &free_work, list) { 1016 wk->done(wk, NULL); 1017 list_del(&wk->list); 1018 kfree(wk); 1019 } 1020} 1021 1022void ieee80211_add_work(struct ieee80211_work *wk) 1023{ 1024 struct ieee80211_local *local; 1025 1026 if (WARN_ON(!wk->chan)) 1027 return; 1028 1029 if (WARN_ON(!wk->sdata)) 1030 return; 1031 1032 if (WARN_ON(!wk->done)) 1033 return; 1034 1035 if (WARN_ON(!ieee80211_sdata_running(wk->sdata))) 1036 return; 1037 1038 wk->started = false; 1039 1040 local = wk->sdata->local; 1041 mutex_lock(&local->mtx); 1042 list_add_tail(&wk->list, &local->work_list); 1043 mutex_unlock(&local->mtx); 1044 1045 ieee80211_queue_work(&local->hw, &local->work_work); 1046} 1047 1048void ieee80211_work_init(struct ieee80211_local *local) 1049{ 1050 INIT_LIST_HEAD(&local->work_list); 1051 setup_timer(&local->work_timer, ieee80211_work_timer, 1052 (unsigned long)local); 1053 INIT_WORK(&local->work_work, ieee80211_work_work); 1054 skb_queue_head_init(&local->work_skb_queue); 1055} 1056 1057void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata) 1058{ 1059 struct ieee80211_local *local = sdata->local; 1060 struct ieee80211_work *wk; 1061 bool cleanup = false; 1062 1063 mutex_lock(&local->mtx); 1064 list_for_each_entry(wk, &local->work_list, list) { 1065 if (wk->sdata != sdata) 1066 continue; 1067 cleanup = true; 1068 wk->type = IEEE80211_WORK_ABORT; 1069 wk->started = true; 1070 wk->timeout = jiffies; 1071 } 1072 mutex_unlock(&local->mtx); 1073 1074 /* run cleanups etc. */ 1075 if (cleanup) 1076 ieee80211_work_work(&local->work_work); 1077 1078 mutex_lock(&local->mtx); 1079 list_for_each_entry(wk, &local->work_list, list) { 1080 if (wk->sdata != sdata) 1081 continue; 1082 WARN_ON(1); 1083 break; 1084 } 1085 mutex_unlock(&local->mtx); 1086} 1087 1088ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata, 1089 struct sk_buff *skb) 1090{ 1091 struct ieee80211_local *local = sdata->local; 1092 struct ieee80211_mgmt *mgmt; 1093 struct ieee80211_work *wk; 1094 u16 fc; 1095 1096 if (skb->len < 24) 1097 return RX_DROP_MONITOR; 1098 1099 mgmt = (struct ieee80211_mgmt *) skb->data; 1100 fc = le16_to_cpu(mgmt->frame_control); 1101 1102 list_for_each_entry_rcu(wk, &local->work_list, list) { 1103 if (sdata != wk->sdata) 1104 continue; 1105 if (compare_ether_addr(wk->filter_ta, mgmt->sa)) 1106 continue; 1107 if (compare_ether_addr(wk->filter_ta, mgmt->bssid)) 1108 continue; 1109 1110 switch (fc & IEEE80211_FCTL_STYPE) { 1111 case IEEE80211_STYPE_AUTH: 1112 case IEEE80211_STYPE_PROBE_RESP: 1113 case IEEE80211_STYPE_ASSOC_RESP: 1114 case IEEE80211_STYPE_REASSOC_RESP: 1115 case IEEE80211_STYPE_BEACON: 1116 skb_queue_tail(&local->work_skb_queue, skb); 1117 ieee80211_queue_work(&local->hw, &local->work_work); 1118 return RX_QUEUED; 1119 } 1120 } 1121 1122 return RX_CONTINUE; 1123} 1124 1125static enum work_done_result ieee80211_remain_done(struct ieee80211_work *wk, 1126 struct sk_buff *skb) 1127{ 1128 /* 1129 * We are done serving the remain-on-channel command. 1130 */ 1131 cfg80211_remain_on_channel_expired(wk->sdata->dev, (unsigned long) wk, 1132 wk->chan, wk->chan_type, 1133 GFP_KERNEL); 1134 1135 return WORK_DONE_DESTROY; 1136} 1137 1138int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata, 1139 struct ieee80211_channel *chan, 1140 enum nl80211_channel_type channel_type, 1141 unsigned int duration, u64 *cookie) 1142{ 1143 struct ieee80211_work *wk; 1144 1145 wk = kzalloc(sizeof(*wk), GFP_KERNEL); 1146 if (!wk) 1147 return -ENOMEM; 1148 1149 wk->type = IEEE80211_WORK_REMAIN_ON_CHANNEL; 1150 wk->chan = chan; 1151 wk->chan_type = channel_type; 1152 wk->sdata = sdata; 1153 wk->done = ieee80211_remain_done; 1154 1155 wk->remain.duration = duration; 1156 1157 *cookie = (unsigned long) wk; 1158 1159 ieee80211_add_work(wk); 1160 1161 return 0; 1162} 1163 1164int ieee80211_wk_cancel_remain_on_channel(struct ieee80211_sub_if_data *sdata, 1165 u64 cookie) 1166{ 1167 struct ieee80211_local *local = sdata->local; 1168 struct ieee80211_work *wk, *tmp; 1169 bool found = false; 1170 1171 mutex_lock(&local->mtx); 1172 list_for_each_entry_safe(wk, tmp, &local->work_list, list) { 1173 if ((unsigned long) wk == cookie) { 1174 wk->timeout = jiffies; 1175 found = true; 1176 break; 1177 } 1178 } 1179 mutex_unlock(&local->mtx); 1180 1181 if (!found) 1182 return -ENOENT; 1183 1184 ieee80211_queue_work(&local->hw, &local->work_work); 1185 1186 return 0; 1187}