]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blob - net/mac80211/scan.c
projects / mirror_ubuntu-jammy-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
mac80211: split ieee80211_send_probe_req()
[mirror_ubuntu-jammy-kernel.git] / net / mac80211 / scan.c
1 /*
2 * Scanning implementation
3 *
4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2013-2015 Intel Mobile Communications GmbH
10 * Copyright 2016-2017 Intel Deutschland GmbH
11 *
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License version 2 as
14 * published by the Free Software Foundation.
15 */
16
17 #include <linux/if_arp.h>
18 #include <linux/etherdevice.h>
19 #include <linux/rtnetlink.h>
20 #include <net/sch_generic.h>
21 #include <linux/slab.h>
22 #include <linux/export.h>
23 #include <net/mac80211.h>
24
25 #include "ieee80211_i.h"
26 #include "driver-ops.h"
27 #include "mesh.h"
28
29 #define IEEE80211_PROBE_DELAY (HZ / 33)
30 #define IEEE80211_CHANNEL_TIME (HZ / 33)
31 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 9)
32
33 void ieee80211_rx_bss_put(struct ieee80211_local *local,
34 struct ieee80211_bss *bss)
35 {
36 if (!bss)
37 return;
38 cfg80211_put_bss(local->hw.wiphy,
39 container_of((void *)bss, struct cfg80211_bss, priv));
40 }
41
42 static bool is_uapsd_supported(struct ieee802_11_elems *elems)
43 {
44 u8 qos_info;
45
46 if (elems->wmm_info && elems->wmm_info_len == 7
47 && elems->wmm_info[5] == 1)
48 qos_info = elems->wmm_info[6];
49 else if (elems->wmm_param && elems->wmm_param_len == 24
50 && elems->wmm_param[5] == 1)
51 qos_info = elems->wmm_param[6];
52 else
53 /* no valid wmm information or parameter element found */
54 return false;
55
56 return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD;
57 }
58
59 struct ieee80211_bss *
60 ieee80211_bss_info_update(struct ieee80211_local *local,
61 struct ieee80211_rx_status *rx_status,
62 struct ieee80211_mgmt *mgmt, size_t len,
63 struct ieee802_11_elems *elems,
64 struct ieee80211_channel *channel)
65 {
66 bool beacon = ieee80211_is_beacon(mgmt->frame_control);
67 struct cfg80211_bss *cbss;
68 struct ieee80211_bss *bss;
69 int clen, srlen;
70 struct cfg80211_inform_bss bss_meta = {
71 .boottime_ns = rx_status->boottime_ns,
72 };
73 bool signal_valid;
74 struct ieee80211_sub_if_data *scan_sdata;
75
76 if (rx_status->flag & RX_FLAG_NO_SIGNAL_VAL)
77 bss_meta.signal = 0; /* invalid signal indication */
78 else if (ieee80211_hw_check(&local->hw, SIGNAL_DBM))
79 bss_meta.signal = rx_status->signal * 100;
80 else if (ieee80211_hw_check(&local->hw, SIGNAL_UNSPEC))
81 bss_meta.signal = (rx_status->signal * 100) / local->hw.max_signal;
82
83 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_20;
84 if (rx_status->bw == RATE_INFO_BW_5)
85 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_5;
86 else if (rx_status->bw == RATE_INFO_BW_10)
87 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_10;
88
89 bss_meta.chan = channel;
90
91 rcu_read_lock();
92 scan_sdata = rcu_dereference(local->scan_sdata);
93 if (scan_sdata && scan_sdata->vif.type == NL80211_IFTYPE_STATION &&
94 scan_sdata->vif.bss_conf.assoc &&
95 ieee80211_have_rx_timestamp(rx_status)) {
96 bss_meta.parent_tsf =
97 ieee80211_calculate_rx_timestamp(local, rx_status,
98 len + FCS_LEN, 24);
99 ether_addr_copy(bss_meta.parent_bssid,
100 scan_sdata->vif.bss_conf.bssid);
101 }
102 rcu_read_unlock();
103
104 cbss = cfg80211_inform_bss_frame_data(local->hw.wiphy, &bss_meta,
105 mgmt, len, GFP_ATOMIC);
106 if (!cbss)
107 return NULL;
108 /* In case the signal is invalid update the status */
109 signal_valid = abs(channel->center_freq - cbss->channel->center_freq)
110 <= local->hw.wiphy->max_adj_channel_rssi_comp;
111 if (!signal_valid)
112 rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL;
113
114 bss = (void *)cbss->priv;
115
116 if (beacon)
117 bss->device_ts_beacon = rx_status->device_timestamp;
118 else
119 bss->device_ts_presp = rx_status->device_timestamp;
120
121 if (elems->parse_error) {
122 if (beacon)
123 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON;
124 else
125 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_PROBE_RESP;
126 } else {
127 if (beacon)
128 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_BEACON;
129 else
130 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_PROBE_RESP;
131 }
132
133 /* save the ERP value so that it is available at association time */
134 if (elems->erp_info && (!elems->parse_error ||
135 !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) {
136 bss->erp_value = elems->erp_info[0];
137 bss->has_erp_value = true;
138 if (!elems->parse_error)
139 bss->valid_data |= IEEE80211_BSS_VALID_ERP;
140 }
141
142 /* replace old supported rates if we get new values */
143 if (!elems->parse_error ||
144 !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) {
145 srlen = 0;
146 if (elems->supp_rates) {
147 clen = IEEE80211_MAX_SUPP_RATES;
148 if (clen > elems->supp_rates_len)
149 clen = elems->supp_rates_len;
150 memcpy(bss->supp_rates, elems->supp_rates, clen);
151 srlen += clen;
152 }
153 if (elems->ext_supp_rates) {
154 clen = IEEE80211_MAX_SUPP_RATES - srlen;
155 if (clen > elems->ext_supp_rates_len)
156 clen = elems->ext_supp_rates_len;
157 memcpy(bss->supp_rates + srlen, elems->ext_supp_rates,
158 clen);
159 srlen += clen;
160 }
161 if (srlen) {
162 bss->supp_rates_len = srlen;
163 if (!elems->parse_error)
164 bss->valid_data |= IEEE80211_BSS_VALID_RATES;
165 }
166 }
167
168 if (!elems->parse_error ||
169 !(bss->valid_data & IEEE80211_BSS_VALID_WMM)) {
170 bss->wmm_used = elems->wmm_param || elems->wmm_info;
171 bss->uapsd_supported = is_uapsd_supported(elems);
172 if (!elems->parse_error)
173 bss->valid_data |= IEEE80211_BSS_VALID_WMM;
174 }
175
176 if (beacon) {
177 struct ieee80211_supported_band *sband =
178 local->hw.wiphy->bands[rx_status->band];
179 if (!(rx_status->encoding == RX_ENC_HT) &&
180 !(rx_status->encoding == RX_ENC_VHT))
181 bss->beacon_rate =
182 &sband->bitrates[rx_status->rate_idx];
183 }
184
185 return bss;
186 }
187
188 static bool ieee80211_scan_accept_presp(struct ieee80211_sub_if_data *sdata,
189 u32 scan_flags, const u8 *da)
190 {
191 if (!sdata)
192 return false;
193 /* accept broadcast for OCE */
194 if (scan_flags & NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP &&
195 is_broadcast_ether_addr(da))
196 return true;
197 if (scan_flags & NL80211_SCAN_FLAG_RANDOM_ADDR)
198 return true;
199 return ether_addr_equal(da, sdata->vif.addr);
200 }
201
202 void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb)
203 {
204 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
205 struct ieee80211_sub_if_data *sdata1, *sdata2;
206 struct ieee80211_mgmt *mgmt = (void *)skb->data;
207 struct ieee80211_bss *bss;
208 u8 *elements;
209 struct ieee80211_channel *channel;
210 size_t baselen;
211 struct ieee802_11_elems elems;
212
213 if (skb->len < 24 ||
214 (!ieee80211_is_probe_resp(mgmt->frame_control) &&
215 !ieee80211_is_beacon(mgmt->frame_control)))
216 return;
217
218 sdata1 = rcu_dereference(local->scan_sdata);
219 sdata2 = rcu_dereference(local->sched_scan_sdata);
220
221 if (likely(!sdata1 && !sdata2))
222 return;
223
224 if (ieee80211_is_probe_resp(mgmt->frame_control)) {
225 struct cfg80211_scan_request *scan_req;
226 struct cfg80211_sched_scan_request *sched_scan_req;
227 u32 scan_req_flags = 0, sched_scan_req_flags = 0;
228
229 scan_req = rcu_dereference(local->scan_req);
230 sched_scan_req = rcu_dereference(local->sched_scan_req);
231
232 if (scan_req)
233 scan_req_flags = scan_req->flags;
234
235 if (sched_scan_req)
236 sched_scan_req_flags = sched_scan_req->flags;
237
238 /* ignore ProbeResp to foreign address or non-bcast (OCE)
239 * unless scanning with randomised address
240 */
241 if (!ieee80211_scan_accept_presp(sdata1, scan_req_flags,
242 mgmt->da) &&
243 !ieee80211_scan_accept_presp(sdata2, sched_scan_req_flags,
244 mgmt->da))
245 return;
246
247 elements = mgmt->u.probe_resp.variable;
248 baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
249 } else {
250 baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable);
251 elements = mgmt->u.beacon.variable;
252 }
253
254 if (baselen > skb->len)
255 return;
256
257 ieee802_11_parse_elems(elements, skb->len - baselen, false, &elems);
258
259 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq);
260
261 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
262 return;
263
264 bss = ieee80211_bss_info_update(local, rx_status,
265 mgmt, skb->len, &elems,
266 channel);
267 if (bss)
268 ieee80211_rx_bss_put(local, bss);
269 }
270
271 static void
272 ieee80211_prepare_scan_chandef(struct cfg80211_chan_def *chandef,
273 enum nl80211_bss_scan_width scan_width)
274 {
275 memset(chandef, 0, sizeof(*chandef));
276 switch (scan_width) {
277 case NL80211_BSS_CHAN_WIDTH_5:
278 chandef->width = NL80211_CHAN_WIDTH_5;
279 break;
280 case NL80211_BSS_CHAN_WIDTH_10:
281 chandef->width = NL80211_CHAN_WIDTH_10;
282 break;
283 default:
284 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
285 break;
286 }
287 }
288
289 /* return false if no more work */
290 static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
291 {
292 struct cfg80211_scan_request *req;
293 struct cfg80211_chan_def chandef;
294 u8 bands_used = 0;
295 int i, ielen, n_chans;
296
297 req = rcu_dereference_protected(local->scan_req,
298 lockdep_is_held(&local->mtx));
299
300 if (test_bit(SCAN_HW_CANCELLED, &local->scanning))
301 return false;
302
303 if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) {
304 for (i = 0; i < req->n_channels; i++) {
305 local->hw_scan_req->req.channels[i] = req->channels[i];
306 bands_used |= BIT(req->channels[i]->band);
307 }
308
309 n_chans = req->n_channels;
310 } else {
311 do {
312 if (local->hw_scan_band == NUM_NL80211_BANDS)
313 return false;
314
315 n_chans = 0;
316
317 for (i = 0; i < req->n_channels; i++) {
318 if (req->channels[i]->band !=
319 local->hw_scan_band)
320 continue;
321 local->hw_scan_req->req.channels[n_chans] =
322 req->channels[i];
323 n_chans++;
324 bands_used |= BIT(req->channels[i]->band);
325 }
326
327 local->hw_scan_band++;
328 } while (!n_chans);
329 }
330
331 local->hw_scan_req->req.n_channels = n_chans;
332 ieee80211_prepare_scan_chandef(&chandef, req->scan_width);
333
334 ielen = ieee80211_build_preq_ies(local,
335 (u8 *)local->hw_scan_req->req.ie,
336 local->hw_scan_ies_bufsize,
337 &local->hw_scan_req->ies,
338 req->ie, req->ie_len,
339 bands_used, req->rates, &chandef, 0);
340 local->hw_scan_req->req.ie_len = ielen;
341 local->hw_scan_req->req.no_cck = req->no_cck;
342 ether_addr_copy(local->hw_scan_req->req.mac_addr, req->mac_addr);
343 ether_addr_copy(local->hw_scan_req->req.mac_addr_mask,
344 req->mac_addr_mask);
345 ether_addr_copy(local->hw_scan_req->req.bssid, req->bssid);
346
347 return true;
348 }
349
350 static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
351 {
352 struct ieee80211_local *local = hw_to_local(hw);
353 bool hw_scan = local->ops->hw_scan;
354 bool was_scanning = local->scanning;
355 struct cfg80211_scan_request *scan_req;
356 struct ieee80211_sub_if_data *scan_sdata;
357 struct ieee80211_sub_if_data *sdata;
358
359 lockdep_assert_held(&local->mtx);
360
361 /*
362 * It's ok to abort a not-yet-running scan (that
363 * we have one at all will be verified by checking
364 * local->scan_req next), but not to complete it
365 * successfully.
366 */
367 if (WARN_ON(!local->scanning && !aborted))
368 aborted = true;
369
370 if (WARN_ON(!local->scan_req))
371 return;
372
373 if (hw_scan && !aborted &&
374 !ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS) &&
375 ieee80211_prep_hw_scan(local)) {
376 int rc;
377
378 rc = drv_hw_scan(local,
379 rcu_dereference_protected(local->scan_sdata,
380 lockdep_is_held(&local->mtx)),
381 local->hw_scan_req);
382
383 if (rc == 0)
384 return;
385
386 /* HW scan failed and is going to be reported as aborted,
387 * so clear old scan info.
388 */
389 memset(&local->scan_info, 0, sizeof(local->scan_info));
390 aborted = true;
391 }
392
393 kfree(local->hw_scan_req);
394 local->hw_scan_req = NULL;
395
396 scan_req = rcu_dereference_protected(local->scan_req,
397 lockdep_is_held(&local->mtx));
398
399 if (scan_req != local->int_scan_req) {
400 local->scan_info.aborted = aborted;
401 cfg80211_scan_done(scan_req, &local->scan_info);
402 }
403 RCU_INIT_POINTER(local->scan_req, NULL);
404
405 scan_sdata = rcu_dereference_protected(local->scan_sdata,
406 lockdep_is_held(&local->mtx));
407 RCU_INIT_POINTER(local->scan_sdata, NULL);
408
409 local->scanning = 0;
410 local->scan_chandef.chan = NULL;
411
412 /* Set power back to normal operating levels. */
413 ieee80211_hw_config(local, 0);
414
415 if (!hw_scan) {
416 ieee80211_configure_filter(local);
417 drv_sw_scan_complete(local, scan_sdata);
418 ieee80211_offchannel_return(local);
419 }
420
421 ieee80211_recalc_idle(local);
422
423 ieee80211_mlme_notify_scan_completed(local);
424 ieee80211_ibss_notify_scan_completed(local);
425
426 /* Requeue all the work that might have been ignored while
427 * the scan was in progress; if there was none this will
428 * just be a no-op for the particular interface.
429 */
430 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
431 if (ieee80211_sdata_running(sdata))
432 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
433 }
434
435 if (was_scanning)
436 ieee80211_start_next_roc(local);
437 }
438
439 void ieee80211_scan_completed(struct ieee80211_hw *hw,
440 struct cfg80211_scan_info *info)
441 {
442 struct ieee80211_local *local = hw_to_local(hw);
443
444 trace_api_scan_completed(local, info->aborted);
445
446 set_bit(SCAN_COMPLETED, &local->scanning);
447 if (info->aborted)
448 set_bit(SCAN_ABORTED, &local->scanning);
449
450 memcpy(&local->scan_info, info, sizeof(*info));
451
452 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0);
453 }
454 EXPORT_SYMBOL(ieee80211_scan_completed);
455
456 static int ieee80211_start_sw_scan(struct ieee80211_local *local,
457 struct ieee80211_sub_if_data *sdata)
458 {
459 /* Software scan is not supported in multi-channel cases */
460 if (local->use_chanctx)
461 return -EOPNOTSUPP;
462
463 /*
464 * Hardware/driver doesn't support hw_scan, so use software
465 * scanning instead. First send a nullfunc frame with power save
466 * bit on so that AP will buffer the frames for us while we are not
467 * listening, then send probe requests to each channel and wait for
468 * the responses. After all channels are scanned, tune back to the
469 * original channel and send a nullfunc frame with power save bit
470 * off to trigger the AP to send us all the buffered frames.
471 *
472 * Note that while local->sw_scanning is true everything else but
473 * nullfunc frames and probe requests will be dropped in
474 * ieee80211_tx_h_check_assoc().
475 */
476 drv_sw_scan_start(local, sdata, local->scan_addr);
477
478 local->leave_oper_channel_time = jiffies;
479 local->next_scan_state = SCAN_DECISION;
480 local->scan_channel_idx = 0;
481
482 ieee80211_offchannel_stop_vifs(local);
483
484 /* ensure nullfunc is transmitted before leaving operating channel */
485 ieee80211_flush_queues(local, NULL, false);
486
487 ieee80211_configure_filter(local);
488
489 /* We need to set power level at maximum rate for scanning. */
490 ieee80211_hw_config(local, 0);
491
492 ieee80211_queue_delayed_work(&local->hw,
493 &local->scan_work, 0);
494
495 return 0;
496 }
497
498 static bool ieee80211_can_scan(struct ieee80211_local *local,
499 struct ieee80211_sub_if_data *sdata)
500 {
501 if (ieee80211_is_radar_required(local))
502 return false;
503
504 if (!list_empty(&local->roc_list))
505 return false;
506
507 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
508 sdata->u.mgd.flags & IEEE80211_STA_CONNECTION_POLL)
509 return false;
510
511 return true;
512 }
513
514 void ieee80211_run_deferred_scan(struct ieee80211_local *local)
515 {
516 lockdep_assert_held(&local->mtx);
517
518 if (!local->scan_req || local->scanning)
519 return;
520
521 if (!ieee80211_can_scan(local,
522 rcu_dereference_protected(
523 local->scan_sdata,
524 lockdep_is_held(&local->mtx))))
525 return;
526
527 ieee80211_queue_delayed_work(&local->hw, &local->scan_work,
528 round_jiffies_relative(0));
529 }
530
531 static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata,
532 const u8 *src, const u8 *dst,
533 const u8 *ssid, size_t ssid_len,
534 const u8 *ie, size_t ie_len,
535 u32 ratemask, u32 flags, u32 tx_flags,
536 struct ieee80211_channel *channel)
537 {
538 struct sk_buff *skb;
539
540 skb = ieee80211_build_probe_req(sdata, src, dst, ratemask, channel,
541 ssid, ssid_len,
542 ie, ie_len, flags);
543 if (skb) {
544 IEEE80211_SKB_CB(skb)->flags |= tx_flags;
545 ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band);
546 }
547 }
548
549 static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
550 unsigned long *next_delay)
551 {
552 int i;
553 struct ieee80211_sub_if_data *sdata;
554 struct cfg80211_scan_request *scan_req;
555 enum nl80211_band band = local->hw.conf.chandef.chan->band;
556 u32 tx_flags;
557
558 scan_req = rcu_dereference_protected(local->scan_req,
559 lockdep_is_held(&local->mtx));
560
561 tx_flags = IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
562 if (scan_req->no_cck)
563 tx_flags |= IEEE80211_TX_CTL_NO_CCK_RATE;
564
565 sdata = rcu_dereference_protected(local->scan_sdata,
566 lockdep_is_held(&local->mtx));
567
568 for (i = 0; i < scan_req->n_ssids; i++)
569 ieee80211_send_scan_probe_req(
570 sdata, local->scan_addr, scan_req->bssid,
571 scan_req->ssids[i].ssid, scan_req->ssids[i].ssid_len,
572 scan_req->ie, scan_req->ie_len,
573 scan_req->rates[band], 0,
574 tx_flags, local->hw.conf.chandef.chan);
575
576 /*
577 * After sending probe requests, wait for probe responses
578 * on the channel.
579 */
580 *next_delay = IEEE80211_CHANNEL_TIME;
581 local->next_scan_state = SCAN_DECISION;
582 }
583
584 static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
585 struct cfg80211_scan_request *req)
586 {
587 struct ieee80211_local *local = sdata->local;
588 int rc;
589
590 lockdep_assert_held(&local->mtx);
591
592 if (local->scan_req || ieee80211_is_radar_required(local))
593 return -EBUSY;
594
595 if (!ieee80211_can_scan(local, sdata)) {
596 /* wait for the work to finish/time out */
597 rcu_assign_pointer(local->scan_req, req);
598 rcu_assign_pointer(local->scan_sdata, sdata);
599 return 0;
600 }
601
602 if (local->ops->hw_scan) {
603 u8 *ies;
604
605 local->hw_scan_ies_bufsize = local->scan_ies_len + req->ie_len;
606
607 if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) {
608 int i, n_bands = 0;
609 u8 bands_counted = 0;
610
611 for (i = 0; i < req->n_channels; i++) {
612 if (bands_counted & BIT(req->channels[i]->band))
613 continue;
614 bands_counted |= BIT(req->channels[i]->band);
615 n_bands++;
616 }
617
618 local->hw_scan_ies_bufsize *= n_bands;
619 }
620
621 local->hw_scan_req = kmalloc(
622 sizeof(*local->hw_scan_req) +
623 req->n_channels * sizeof(req->channels[0]) +
624 local->hw_scan_ies_bufsize, GFP_KERNEL);
625 if (!local->hw_scan_req)
626 return -ENOMEM;
627
628 local->hw_scan_req->req.ssids = req->ssids;
629 local->hw_scan_req->req.n_ssids = req->n_ssids;
630 ies = (u8 *)local->hw_scan_req +
631 sizeof(*local->hw_scan_req) +
632 req->n_channels * sizeof(req->channels[0]);
633 local->hw_scan_req->req.ie = ies;
634 local->hw_scan_req->req.flags = req->flags;
635 eth_broadcast_addr(local->hw_scan_req->req.bssid);
636 local->hw_scan_req->req.duration = req->duration;
637 local->hw_scan_req->req.duration_mandatory =
638 req->duration_mandatory;
639
640 local->hw_scan_band = 0;
641
642 /*
643 * After allocating local->hw_scan_req, we must
644 * go through until ieee80211_prep_hw_scan(), so
645 * anything that might be changed here and leave
646 * this function early must not go after this
647 * allocation.
648 */
649 }
650
651 rcu_assign_pointer(local->scan_req, req);
652 rcu_assign_pointer(local->scan_sdata, sdata);
653
654 if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)
655 get_random_mask_addr(local->scan_addr,
656 req->mac_addr,
657 req->mac_addr_mask);
658 else
659 memcpy(local->scan_addr, sdata->vif.addr, ETH_ALEN);
660
661 if (local->ops->hw_scan) {
662 __set_bit(SCAN_HW_SCANNING, &local->scanning);
663 } else if ((req->n_channels == 1) &&
664 (req->channels[0] == local->_oper_chandef.chan)) {
665 /*
666 * If we are scanning only on the operating channel
667 * then we do not need to stop normal activities
668 */
669 unsigned long next_delay;
670
671 __set_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning);
672
673 ieee80211_recalc_idle(local);
674
675 /* Notify driver scan is starting, keep order of operations
676 * same as normal software scan, in case that matters. */
677 drv_sw_scan_start(local, sdata, local->scan_addr);
678
679 ieee80211_configure_filter(local); /* accept probe-responses */
680
681 /* We need to ensure power level is at max for scanning. */
682 ieee80211_hw_config(local, 0);
683
684 if ((req->channels[0]->flags & (IEEE80211_CHAN_NO_IR |
685 IEEE80211_CHAN_RADAR)) ||
686 !req->n_ssids) {
687 next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
688 } else {
689 ieee80211_scan_state_send_probe(local, &next_delay);
690 next_delay = IEEE80211_CHANNEL_TIME;
691 }
692
693 /* Now, just wait a bit and we are all done! */
694 ieee80211_queue_delayed_work(&local->hw, &local->scan_work,
695 next_delay);
696 return 0;
697 } else {
698 /* Do normal software scan */
699 __set_bit(SCAN_SW_SCANNING, &local->scanning);
700 }
701
702 ieee80211_recalc_idle(local);
703
704 if (local->ops->hw_scan) {
705 WARN_ON(!ieee80211_prep_hw_scan(local));
706 rc = drv_hw_scan(local, sdata, local->hw_scan_req);
707 } else {
708 rc = ieee80211_start_sw_scan(local, sdata);
709 }
710
711 if (rc) {
712 kfree(local->hw_scan_req);
713 local->hw_scan_req = NULL;
714 local->scanning = 0;
715
716 ieee80211_recalc_idle(local);
717
718 local->scan_req = NULL;
719 RCU_INIT_POINTER(local->scan_sdata, NULL);
720 }
721
722 return rc;
723 }
724
725 static unsigned long
726 ieee80211_scan_get_channel_time(struct ieee80211_channel *chan)
727 {
728 /*
729 * TODO: channel switching also consumes quite some time,
730 * add that delay as well to get a better estimation
731 */
732 if (chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR))
733 return IEEE80211_PASSIVE_CHANNEL_TIME;
734 return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME;
735 }
736
737 static void ieee80211_scan_state_decision(struct ieee80211_local *local,
738 unsigned long *next_delay)
739 {
740 bool associated = false;
741 bool tx_empty = true;
742 bool bad_latency;
743 struct ieee80211_sub_if_data *sdata;
744 struct ieee80211_channel *next_chan;
745 enum mac80211_scan_state next_scan_state;
746 struct cfg80211_scan_request *scan_req;
747
748 /*
749 * check if at least one STA interface is associated,
750 * check if at least one STA interface has pending tx frames
751 * and grab the lowest used beacon interval
752 */
753 mutex_lock(&local->iflist_mtx);
754 list_for_each_entry(sdata, &local->interfaces, list) {
755 if (!ieee80211_sdata_running(sdata))
756 continue;
757
758 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
759 if (sdata->u.mgd.associated) {
760 associated = true;
761
762 if (!qdisc_all_tx_empty(sdata->dev)) {
763 tx_empty = false;
764 break;
765 }
766 }
767 }
768 }
769 mutex_unlock(&local->iflist_mtx);
770
771 scan_req = rcu_dereference_protected(local->scan_req,
772 lockdep_is_held(&local->mtx));
773
774 next_chan = scan_req->channels[local->scan_channel_idx];
775
776 /*
777 * we're currently scanning a different channel, let's
778 * see if we can scan another channel without interfering
779 * with the current traffic situation.
780 *
781 * Keep good latency, do not stay off-channel more than 125 ms.
782 */
783
784 bad_latency = time_after(jiffies +
785 ieee80211_scan_get_channel_time(next_chan),
786 local->leave_oper_channel_time + HZ / 8);
787
788 if (associated && !tx_empty) {
789 if (scan_req->flags & NL80211_SCAN_FLAG_LOW_PRIORITY)
790 next_scan_state = SCAN_ABORT;
791 else
792 next_scan_state = SCAN_SUSPEND;
793 } else if (associated && bad_latency) {
794 next_scan_state = SCAN_SUSPEND;
795 } else {
796 next_scan_state = SCAN_SET_CHANNEL;
797 }
798
799 local->next_scan_state = next_scan_state;
800
801 *next_delay = 0;
802 }
803
804 static void ieee80211_scan_state_set_channel(struct ieee80211_local *local,
805 unsigned long *next_delay)
806 {
807 int skip;
808 struct ieee80211_channel *chan;
809 enum nl80211_bss_scan_width oper_scan_width;
810 struct cfg80211_scan_request *scan_req;
811
812 scan_req = rcu_dereference_protected(local->scan_req,
813 lockdep_is_held(&local->mtx));
814
815 skip = 0;
816 chan = scan_req->channels[local->scan_channel_idx];
817
818 local->scan_chandef.chan = chan;
819 local->scan_chandef.center_freq1 = chan->center_freq;
820 local->scan_chandef.center_freq2 = 0;
821 switch (scan_req->scan_width) {
822 case NL80211_BSS_CHAN_WIDTH_5:
823 local->scan_chandef.width = NL80211_CHAN_WIDTH_5;
824 break;
825 case NL80211_BSS_CHAN_WIDTH_10:
826 local->scan_chandef.width = NL80211_CHAN_WIDTH_10;
827 break;
828 case NL80211_BSS_CHAN_WIDTH_20:
829 /* If scanning on oper channel, use whatever channel-type
830 * is currently in use.
831 */
832 oper_scan_width = cfg80211_chandef_to_scan_width(
833 &local->_oper_chandef);
834 if (chan == local->_oper_chandef.chan &&
835 oper_scan_width == scan_req->scan_width)
836 local->scan_chandef = local->_oper_chandef;
837 else
838 local->scan_chandef.width = NL80211_CHAN_WIDTH_20_NOHT;
839 break;
840 }
841
842 if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL))
843 skip = 1;
844
845 /* advance state machine to next channel/band */
846 local->scan_channel_idx++;
847
848 if (skip) {
849 /* if we skip this channel return to the decision state */
850 local->next_scan_state = SCAN_DECISION;
851 return;
852 }
853
854 /*
855 * Probe delay is used to update the NAV, cf. 11.1.3.2.2
856 * (which unfortunately doesn't say _why_ step a) is done,
857 * but it waits for the probe delay or until a frame is
858 * received - and the received frame would update the NAV).
859 * For now, we do not support waiting until a frame is
860 * received.
861 *
862 * In any case, it is not necessary for a passive scan.
863 */
864 if ((chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) ||
865 !scan_req->n_ssids) {
866 *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
867 local->next_scan_state = SCAN_DECISION;
868 return;
869 }
870
871 /* active scan, send probes */
872 *next_delay = IEEE80211_PROBE_DELAY;
873 local->next_scan_state = SCAN_SEND_PROBE;
874 }
875
876 static void ieee80211_scan_state_suspend(struct ieee80211_local *local,
877 unsigned long *next_delay)
878 {
879 /* switch back to the operating channel */
880 local->scan_chandef.chan = NULL;
881 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
882
883 /* disable PS */
884 ieee80211_offchannel_return(local);
885
886 *next_delay = HZ / 5;
887 /* afterwards, resume scan & go to next channel */
888 local->next_scan_state = SCAN_RESUME;
889 }
890
891 static void ieee80211_scan_state_resume(struct ieee80211_local *local,
892 unsigned long *next_delay)
893 {
894 ieee80211_offchannel_stop_vifs(local);
895
896 if (local->ops->flush) {
897 ieee80211_flush_queues(local, NULL, false);
898 *next_delay = 0;
899 } else
900 *next_delay = HZ / 10;
901
902 /* remember when we left the operating channel */
903 local->leave_oper_channel_time = jiffies;
904
905 /* advance to the next channel to be scanned */
906 local->next_scan_state = SCAN_SET_CHANNEL;
907 }
908
909 void ieee80211_scan_work(struct work_struct *work)
910 {
911 struct ieee80211_local *local =
912 container_of(work, struct ieee80211_local, scan_work.work);
913 struct ieee80211_sub_if_data *sdata;
914 struct cfg80211_scan_request *scan_req;
915 unsigned long next_delay = 0;
916 bool aborted;
917
918 mutex_lock(&local->mtx);
919
920 if (!ieee80211_can_run_worker(local)) {
921 aborted = true;
922 goto out_complete;
923 }
924
925 sdata = rcu_dereference_protected(local->scan_sdata,
926 lockdep_is_held(&local->mtx));
927 scan_req = rcu_dereference_protected(local->scan_req,
928 lockdep_is_held(&local->mtx));
929
930 /* When scanning on-channel, the first-callback means completed. */
931 if (test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning)) {
932 aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning);
933 goto out_complete;
934 }
935
936 if (test_and_clear_bit(SCAN_COMPLETED, &local->scanning)) {
937 aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning);
938 goto out_complete;
939 }
940
941 if (!sdata || !scan_req)
942 goto out;
943
944 if (!local->scanning) {
945 int rc;
946
947 RCU_INIT_POINTER(local->scan_req, NULL);
948 RCU_INIT_POINTER(local->scan_sdata, NULL);
949
950 rc = __ieee80211_start_scan(sdata, scan_req);
951 if (rc) {
952 /* need to complete scan in cfg80211 */
953 rcu_assign_pointer(local->scan_req, scan_req);
954 aborted = true;
955 goto out_complete;
956 } else
957 goto out;
958 }
959
960 /*
961 * as long as no delay is required advance immediately
962 * without scheduling a new work
963 */
964 do {
965 if (!ieee80211_sdata_running(sdata)) {
966 aborted = true;
967 goto out_complete;
968 }
969
970 switch (local->next_scan_state) {
971 case SCAN_DECISION:
972 /* if no more bands/channels left, complete scan */
973 if (local->scan_channel_idx >= scan_req->n_channels) {
974 aborted = false;
975 goto out_complete;
976 }
977 ieee80211_scan_state_decision(local, &next_delay);
978 break;
979 case SCAN_SET_CHANNEL:
980 ieee80211_scan_state_set_channel(local, &next_delay);
981 break;
982 case SCAN_SEND_PROBE:
983 ieee80211_scan_state_send_probe(local, &next_delay);
984 break;
985 case SCAN_SUSPEND:
986 ieee80211_scan_state_suspend(local, &next_delay);
987 break;
988 case SCAN_RESUME:
989 ieee80211_scan_state_resume(local, &next_delay);
990 break;
991 case SCAN_ABORT:
992 aborted = true;
993 goto out_complete;
994 }
995 } while (next_delay == 0);
996
997 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
998 goto out;
999
1000 out_complete:
1001 __ieee80211_scan_completed(&local->hw, aborted);
1002 out:
1003 mutex_unlock(&local->mtx);
1004 }
1005
1006 int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
1007 struct cfg80211_scan_request *req)
1008 {
1009 int res;
1010
1011 mutex_lock(&sdata->local->mtx);
1012 res = __ieee80211_start_scan(sdata, req);
1013 mutex_unlock(&sdata->local->mtx);
1014
1015 return res;
1016 }
1017
1018 int ieee80211_request_ibss_scan(struct ieee80211_sub_if_data *sdata,
1019 const u8 *ssid, u8 ssid_len,
1020 struct ieee80211_channel **channels,
1021 unsigned int n_channels,
1022 enum nl80211_bss_scan_width scan_width)
1023 {
1024 struct ieee80211_local *local = sdata->local;
1025 int ret = -EBUSY, i, n_ch = 0;
1026 enum nl80211_band band;
1027
1028 mutex_lock(&local->mtx);
1029
1030 /* busy scanning */
1031 if (local->scan_req)
1032 goto unlock;
1033
1034 /* fill internal scan request */
1035 if (!channels) {
1036 int max_n;
1037
1038 for (band = 0; band < NUM_NL80211_BANDS; band++) {
1039 if (!local->hw.wiphy->bands[band])
1040 continue;
1041
1042 max_n = local->hw.wiphy->bands[band]->n_channels;
1043 for (i = 0; i < max_n; i++) {
1044 struct ieee80211_channel *tmp_ch =
1045 &local->hw.wiphy->bands[band]->channels[i];
1046
1047 if (tmp_ch->flags & (IEEE80211_CHAN_NO_IR |
1048 IEEE80211_CHAN_DISABLED))
1049 continue;
1050
1051 local->int_scan_req->channels[n_ch] = tmp_ch;
1052 n_ch++;
1053 }
1054 }
1055
1056 if (WARN_ON_ONCE(n_ch == 0))
1057 goto unlock;
1058
1059 local->int_scan_req->n_channels = n_ch;
1060 } else {
1061 for (i = 0; i < n_channels; i++) {
1062 if (channels[i]->flags & (IEEE80211_CHAN_NO_IR |
1063 IEEE80211_CHAN_DISABLED))
1064 continue;
1065
1066 local->int_scan_req->channels[n_ch] = channels[i];
1067 n_ch++;
1068 }
1069
1070 if (WARN_ON_ONCE(n_ch == 0))
1071 goto unlock;
1072
1073 local->int_scan_req->n_channels = n_ch;
1074 }
1075
1076 local->int_scan_req->ssids = &local->scan_ssid;
1077 local->int_scan_req->n_ssids = 1;
1078 local->int_scan_req->scan_width = scan_width;
1079 memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN);
1080 local->int_scan_req->ssids[0].ssid_len = ssid_len;
1081
1082 ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req);
1083 unlock:
1084 mutex_unlock(&local->mtx);
1085 return ret;
1086 }
1087
1088 /*
1089 * Only call this function when a scan can't be queued -- under RTNL.
1090 */
1091 void ieee80211_scan_cancel(struct ieee80211_local *local)
1092 {
1093 /*
1094 * We are canceling software scan, or deferred scan that was not
1095 * yet really started (see __ieee80211_start_scan ).
1096 *
1097 * Regarding hardware scan:
1098 * - we can not call __ieee80211_scan_completed() as when
1099 * SCAN_HW_SCANNING bit is set this function change
1100 * local->hw_scan_req to operate on 5G band, what race with
1101 * driver which can use local->hw_scan_req
1102 *
1103 * - we can not cancel scan_work since driver can schedule it
1104 * by ieee80211_scan_completed(..., true) to finish scan
1105 *
1106 * Hence we only call the cancel_hw_scan() callback, but the low-level
1107 * driver is still responsible for calling ieee80211_scan_completed()
1108 * after the scan was completed/aborted.
1109 */
1110
1111 mutex_lock(&local->mtx);
1112 if (!local->scan_req)
1113 goto out;
1114
1115 /*
1116 * We have a scan running and the driver already reported completion,
1117 * but the worker hasn't run yet or is stuck on the mutex - mark it as
1118 * cancelled.
1119 */
1120 if (test_bit(SCAN_HW_SCANNING, &local->scanning) &&
1121 test_bit(SCAN_COMPLETED, &local->scanning)) {
1122 set_bit(SCAN_HW_CANCELLED, &local->scanning);
1123 goto out;
1124 }
1125
1126 if (test_bit(SCAN_HW_SCANNING, &local->scanning)) {
1127 /*
1128 * Make sure that __ieee80211_scan_completed doesn't trigger a
1129 * scan on another band.
1130 */
1131 set_bit(SCAN_HW_CANCELLED, &local->scanning);
1132 if (local->ops->cancel_hw_scan)
1133 drv_cancel_hw_scan(local,
1134 rcu_dereference_protected(local->scan_sdata,
1135 lockdep_is_held(&local->mtx)));
1136 goto out;
1137 }
1138
1139 /*
1140 * If the work is currently running, it must be blocked on
1141 * the mutex, but we'll set scan_sdata = NULL and it'll
1142 * simply exit once it acquires the mutex.
1143 */
1144 cancel_delayed_work(&local->scan_work);
1145 /* and clean up */
1146 memset(&local->scan_info, 0, sizeof(local->scan_info));
1147 __ieee80211_scan_completed(&local->hw, true);
1148 out:
1149 mutex_unlock(&local->mtx);
1150 }
1151
1152 int __ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
1153 struct cfg80211_sched_scan_request *req)
1154 {
1155 struct ieee80211_local *local = sdata->local;
1156 struct ieee80211_scan_ies sched_scan_ies = {};
1157 struct cfg80211_chan_def chandef;
1158 int ret, i, iebufsz, num_bands = 0;
1159 u32 rate_masks[NUM_NL80211_BANDS] = {};
1160 u8 bands_used = 0;
1161 u8 *ie;
1162
1163 iebufsz = local->scan_ies_len + req->ie_len;
1164
1165 lockdep_assert_held(&local->mtx);
1166
1167 if (!local->ops->sched_scan_start)
1168 return -ENOTSUPP;
1169
1170 for (i = 0; i < NUM_NL80211_BANDS; i++) {
1171 if (local->hw.wiphy->bands[i]) {
1172 bands_used |= BIT(i);
1173 rate_masks[i] = (u32) -1;
1174 num_bands++;
1175 }
1176 }
1177
1178 ie = kzalloc(num_bands * iebufsz, GFP_KERNEL);
1179 if (!ie) {
1180 ret = -ENOMEM;
1181 goto out;
1182 }
1183
1184 ieee80211_prepare_scan_chandef(&chandef, req->scan_width);
1185
1186 ieee80211_build_preq_ies(local, ie, num_bands * iebufsz,
1187 &sched_scan_ies, req->ie,
1188 req->ie_len, bands_used, rate_masks, &chandef,
1189 0);
1190
1191 ret = drv_sched_scan_start(local, sdata, req, &sched_scan_ies);
1192 if (ret == 0) {
1193 rcu_assign_pointer(local->sched_scan_sdata, sdata);
1194 rcu_assign_pointer(local->sched_scan_req, req);
1195 }
1196
1197 kfree(ie);
1198
1199 out:
1200 if (ret) {
1201 /* Clean in case of failure after HW restart or upon resume. */
1202 RCU_INIT_POINTER(local->sched_scan_sdata, NULL);
1203 RCU_INIT_POINTER(local->sched_scan_req, NULL);
1204 }
1205
1206 return ret;
1207 }
1208
1209 int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
1210 struct cfg80211_sched_scan_request *req)
1211 {
1212 struct ieee80211_local *local = sdata->local;
1213 int ret;
1214
1215 mutex_lock(&local->mtx);
1216
1217 if (rcu_access_pointer(local->sched_scan_sdata)) {
1218 mutex_unlock(&local->mtx);
1219 return -EBUSY;
1220 }
1221
1222 ret = __ieee80211_request_sched_scan_start(sdata, req);
1223
1224 mutex_unlock(&local->mtx);
1225 return ret;
1226 }
1227
1228 int ieee80211_request_sched_scan_stop(struct ieee80211_local *local)
1229 {
1230 struct ieee80211_sub_if_data *sched_scan_sdata;
1231 int ret = -ENOENT;
1232
1233 mutex_lock(&local->mtx);
1234
1235 if (!local->ops->sched_scan_stop) {
1236 ret = -ENOTSUPP;
1237 goto out;
1238 }
1239
1240 /* We don't want to restart sched scan anymore. */
1241 RCU_INIT_POINTER(local->sched_scan_req, NULL);
1242
1243 sched_scan_sdata = rcu_dereference_protected(local->sched_scan_sdata,
1244 lockdep_is_held(&local->mtx));
1245 if (sched_scan_sdata) {
1246 ret = drv_sched_scan_stop(local, sched_scan_sdata);
1247 if (!ret)
1248 RCU_INIT_POINTER(local->sched_scan_sdata, NULL);
1249 }
1250 out:
1251 mutex_unlock(&local->mtx);
1252
1253 return ret;
1254 }
1255
1256 void ieee80211_sched_scan_results(struct ieee80211_hw *hw)
1257 {
1258 struct ieee80211_local *local = hw_to_local(hw);
1259
1260 trace_api_sched_scan_results(local);
1261
1262 cfg80211_sched_scan_results(hw->wiphy, 0);
1263 }
1264 EXPORT_SYMBOL(ieee80211_sched_scan_results);
1265
1266 void ieee80211_sched_scan_end(struct ieee80211_local *local)
1267 {
1268 mutex_lock(&local->mtx);
1269
1270 if (!rcu_access_pointer(local->sched_scan_sdata)) {
1271 mutex_unlock(&local->mtx);
1272 return;
1273 }
1274
1275 RCU_INIT_POINTER(local->sched_scan_sdata, NULL);
1276
1277 /* If sched scan was aborted by the driver. */
1278 RCU_INIT_POINTER(local->sched_scan_req, NULL);
1279
1280 mutex_unlock(&local->mtx);
1281
1282 cfg80211_sched_scan_stopped(local->hw.wiphy, 0);
1283 }
1284
1285 void ieee80211_sched_scan_stopped_work(struct work_struct *work)
1286 {
1287 struct ieee80211_local *local =
1288 container_of(work, struct ieee80211_local,
1289 sched_scan_stopped_work);
1290
1291 ieee80211_sched_scan_end(local);
1292 }
1293
1294 void ieee80211_sched_scan_stopped(struct ieee80211_hw *hw)
1295 {
1296 struct ieee80211_local *local = hw_to_local(hw);
1297
1298 trace_api_sched_scan_stopped(local);
1299
1300 /*
1301 * this shouldn't really happen, so for simplicity
1302 * simply ignore it, and let mac80211 reconfigure
1303 * the sched scan later on.
1304 */
1305 if (local->in_reconfig)
1306 return;
1307
1308 schedule_work(&local->sched_scan_stopped_work);
1309 }
1310 EXPORT_SYMBOL(ieee80211_sched_scan_stopped);
Ubuntu Jammy Linux kernel mirror