1 /*
2 * Marvell Wireless LAN device driver: scan ioctl and command handling
3 *
4 * Copyright (C) 2011, Marvell International Ltd.
5 *
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
13 *
14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
16 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
17 * this warranty disclaimer.
18 */
19
20 #include "decl.h"
21 #include "ioctl.h"
22 #include "util.h"
23 #include "fw.h"
24 #include "main.h"
25 #include "11n.h"
26 #include "cfg80211.h"
27
28 /* The maximum number of channels the firmware can scan per command */
29 #define MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN 14
30
31 #define MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD 4
32 #define MWIFIEX_LIMIT_1_CHANNEL_PER_SCAN_CMD 15
33 #define MWIFIEX_LIMIT_2_CHANNELS_PER_SCAN_CMD 27
34 #define MWIFIEX_LIMIT_3_CHANNELS_PER_SCAN_CMD 35
35
36 /* Memory needed to store a max sized Channel List TLV for a firmware scan */
37 #define CHAN_TLV_MAX_SIZE (sizeof(struct mwifiex_ie_types_header) \
38 + (MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN \
39 *sizeof(struct mwifiex_chan_scan_param_set)))
40
41 /* Memory needed to store supported rate */
42 #define RATE_TLV_MAX_SIZE (sizeof(struct mwifiex_ie_types_rates_param_set) \
43 + HOSTCMD_SUPPORTED_RATES)
44
45 /* Memory needed to store a max number/size WildCard SSID TLV for a firmware
46 scan */
47 #define WILDCARD_SSID_TLV_MAX_SIZE \
48 (MWIFIEX_MAX_SSID_LIST_LENGTH * \
49 (sizeof(struct mwifiex_ie_types_wildcard_ssid_params) \
50 + IEEE80211_MAX_SSID_LEN))
51
52 /* Maximum memory needed for a mwifiex_scan_cmd_config with all TLVs at max */
53 #define MAX_SCAN_CFG_ALLOC (sizeof(struct mwifiex_scan_cmd_config) \
54 + sizeof(struct mwifiex_ie_types_num_probes) \
55 + sizeof(struct mwifiex_ie_types_htcap) \
56 + CHAN_TLV_MAX_SIZE \
57 + RATE_TLV_MAX_SIZE \
58 + WILDCARD_SSID_TLV_MAX_SIZE)
59
60
61 union mwifiex_scan_cmd_config_tlv {
62 /* Scan configuration (variable length) */
63 struct mwifiex_scan_cmd_config config;
64 /* Max allocated block */
65 u8 config_alloc_buf[MAX_SCAN_CFG_ALLOC];
66 };
67
68 enum cipher_suite {
69 CIPHER_SUITE_TKIP,
70 CIPHER_SUITE_CCMP,
71 CIPHER_SUITE_MAX
72 };
73 static u8 mwifiex_wpa_oui[CIPHER_SUITE_MAX][4] = {
74 { 0x00, 0x50, 0xf2, 0x02 }, /* TKIP */
75 { 0x00, 0x50, 0xf2, 0x04 }, /* AES */
76 };
77 static u8 mwifiex_rsn_oui[CIPHER_SUITE_MAX][4] = {
78 { 0x00, 0x0f, 0xac, 0x02 }, /* TKIP */
79 { 0x00, 0x0f, 0xac, 0x04 }, /* AES */
80 };
81
82 /*
83 * This function parses a given IE for a given OUI.
84 *
85 * This is used to parse a WPA/RSN IE to find if it has
86 * a given oui in PTK.
87 */
88 static u8
mwifiex_search_oui_in_ie(struct ie_body * iebody,u8 * oui)89 mwifiex_search_oui_in_ie(struct ie_body *iebody, u8 *oui)
90 {
91 u8 count;
92
93 count = iebody->ptk_cnt[0];
94
95 /* There could be multiple OUIs for PTK hence
96 1) Take the length.
97 2) Check all the OUIs for AES.
98 3) If one of them is AES then pass success. */
99 while (count) {
100 if (!memcmp(iebody->ptk_body, oui, sizeof(iebody->ptk_body)))
101 return MWIFIEX_OUI_PRESENT;
102
103 --count;
104 if (count)
105 iebody = (struct ie_body *) ((u8 *) iebody +
106 sizeof(iebody->ptk_body));
107 }
108
109 pr_debug("info: %s: OUI is not found in PTK\n", __func__);
110 return MWIFIEX_OUI_NOT_PRESENT;
111 }
112
113 /*
114 * This function checks if a given OUI is present in a RSN IE.
115 *
116 * The function first checks if a RSN IE is present or not in the
117 * BSS descriptor. It tries to locate the OUI only if such an IE is
118 * present.
119 */
120 static u8
mwifiex_is_rsn_oui_present(struct mwifiex_bssdescriptor * bss_desc,u32 cipher)121 mwifiex_is_rsn_oui_present(struct mwifiex_bssdescriptor *bss_desc, u32 cipher)
122 {
123 u8 *oui;
124 struct ie_body *iebody;
125 u8 ret = MWIFIEX_OUI_NOT_PRESENT;
126
127 if (((bss_desc->bcn_rsn_ie) && ((*(bss_desc->bcn_rsn_ie)).
128 ieee_hdr.element_id == WLAN_EID_RSN))) {
129 iebody = (struct ie_body *)
130 (((u8 *) bss_desc->bcn_rsn_ie->data) +
131 RSN_GTK_OUI_OFFSET);
132 oui = &mwifiex_rsn_oui[cipher][0];
133 ret = mwifiex_search_oui_in_ie(iebody, oui);
134 if (ret)
135 return ret;
136 }
137 return ret;
138 }
139
140 /*
141 * This function checks if a given OUI is present in a WPA IE.
142 *
143 * The function first checks if a WPA IE is present or not in the
144 * BSS descriptor. It tries to locate the OUI only if such an IE is
145 * present.
146 */
147 static u8
mwifiex_is_wpa_oui_present(struct mwifiex_bssdescriptor * bss_desc,u32 cipher)148 mwifiex_is_wpa_oui_present(struct mwifiex_bssdescriptor *bss_desc, u32 cipher)
149 {
150 u8 *oui;
151 struct ie_body *iebody;
152 u8 ret = MWIFIEX_OUI_NOT_PRESENT;
153
154 if (((bss_desc->bcn_wpa_ie) &&
155 ((*(bss_desc->bcn_wpa_ie)).vend_hdr.element_id ==
156 WLAN_EID_VENDOR_SPECIFIC))) {
157 iebody = (struct ie_body *) bss_desc->bcn_wpa_ie->data;
158 oui = &mwifiex_wpa_oui[cipher][0];
159 ret = mwifiex_search_oui_in_ie(iebody, oui);
160 if (ret)
161 return ret;
162 }
163 return ret;
164 }
165
166 /*
167 * This function compares two SSIDs and checks if they match.
168 */
169 s32
mwifiex_ssid_cmp(struct cfg80211_ssid * ssid1,struct cfg80211_ssid * ssid2)170 mwifiex_ssid_cmp(struct cfg80211_ssid *ssid1, struct cfg80211_ssid *ssid2)
171 {
172 if (!ssid1 || !ssid2 || (ssid1->ssid_len != ssid2->ssid_len))
173 return -1;
174 return memcmp(ssid1->ssid, ssid2->ssid, ssid1->ssid_len);
175 }
176
177 /*
178 * This function checks if wapi is enabled in driver and scanned network is
179 * compatible with it.
180 */
181 static bool
mwifiex_is_bss_wapi(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)182 mwifiex_is_bss_wapi(struct mwifiex_private *priv,
183 struct mwifiex_bssdescriptor *bss_desc)
184 {
185 if (priv->sec_info.wapi_enabled &&
186 (bss_desc->bcn_wapi_ie &&
187 ((*(bss_desc->bcn_wapi_ie)).ieee_hdr.element_id ==
188 WLAN_EID_BSS_AC_ACCESS_DELAY))) {
189 return true;
190 }
191 return false;
192 }
193
194 /*
195 * This function checks if driver is configured with no security mode and
196 * scanned network is compatible with it.
197 */
198 static bool
mwifiex_is_bss_no_sec(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)199 mwifiex_is_bss_no_sec(struct mwifiex_private *priv,
200 struct mwifiex_bssdescriptor *bss_desc)
201 {
202 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
203 !priv->sec_info.wpa2_enabled && ((!bss_desc->bcn_wpa_ie) ||
204 ((*(bss_desc->bcn_wpa_ie)).vend_hdr.element_id !=
205 WLAN_EID_VENDOR_SPECIFIC)) &&
206 ((!bss_desc->bcn_rsn_ie) ||
207 ((*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id !=
208 WLAN_EID_RSN)) &&
209 !priv->sec_info.encryption_mode && !bss_desc->privacy) {
210 return true;
211 }
212 return false;
213 }
214
215 /*
216 * This function checks if static WEP is enabled in driver and scanned network
217 * is compatible with it.
218 */
219 static bool
mwifiex_is_bss_static_wep(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)220 mwifiex_is_bss_static_wep(struct mwifiex_private *priv,
221 struct mwifiex_bssdescriptor *bss_desc)
222 {
223 if (priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
224 !priv->sec_info.wpa2_enabled && bss_desc->privacy) {
225 return true;
226 }
227 return false;
228 }
229
230 /*
231 * This function checks if wpa is enabled in driver and scanned network is
232 * compatible with it.
233 */
234 static bool
mwifiex_is_bss_wpa(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)235 mwifiex_is_bss_wpa(struct mwifiex_private *priv,
236 struct mwifiex_bssdescriptor *bss_desc)
237 {
238 if (!priv->sec_info.wep_enabled && priv->sec_info.wpa_enabled &&
239 !priv->sec_info.wpa2_enabled && ((bss_desc->bcn_wpa_ie) &&
240 ((*(bss_desc->bcn_wpa_ie)).
241 vend_hdr.element_id == WLAN_EID_VENDOR_SPECIFIC))
242 /*
243 * Privacy bit may NOT be set in some APs like
244 * LinkSys WRT54G && bss_desc->privacy
245 */
246 ) {
247 dev_dbg(priv->adapter->dev, "info: %s: WPA:"
248 " wpa_ie=%#x wpa2_ie=%#x WEP=%s WPA=%s WPA2=%s "
249 "EncMode=%#x privacy=%#x\n", __func__,
250 (bss_desc->bcn_wpa_ie) ?
251 (*(bss_desc->bcn_wpa_ie)).
252 vend_hdr.element_id : 0,
253 (bss_desc->bcn_rsn_ie) ?
254 (*(bss_desc->bcn_rsn_ie)).
255 ieee_hdr.element_id : 0,
256 (priv->sec_info.wep_enabled) ? "e" : "d",
257 (priv->sec_info.wpa_enabled) ? "e" : "d",
258 (priv->sec_info.wpa2_enabled) ? "e" : "d",
259 priv->sec_info.encryption_mode,
260 bss_desc->privacy);
261 return true;
262 }
263 return false;
264 }
265
266 /*
267 * This function checks if wpa2 is enabled in driver and scanned network is
268 * compatible with it.
269 */
270 static bool
mwifiex_is_bss_wpa2(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)271 mwifiex_is_bss_wpa2(struct mwifiex_private *priv,
272 struct mwifiex_bssdescriptor *bss_desc)
273 {
274 if (!priv->sec_info.wep_enabled &&
275 !priv->sec_info.wpa_enabled &&
276 priv->sec_info.wpa2_enabled &&
277 ((bss_desc->bcn_rsn_ie) &&
278 ((*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id == WLAN_EID_RSN))) {
279 /*
280 * Privacy bit may NOT be set in some APs like
281 * LinkSys WRT54G && bss_desc->privacy
282 */
283 dev_dbg(priv->adapter->dev, "info: %s: WPA2: "
284 " wpa_ie=%#x wpa2_ie=%#x WEP=%s WPA=%s WPA2=%s "
285 "EncMode=%#x privacy=%#x\n", __func__,
286 (bss_desc->bcn_wpa_ie) ?
287 (*(bss_desc->bcn_wpa_ie)).
288 vend_hdr.element_id : 0,
289 (bss_desc->bcn_rsn_ie) ?
290 (*(bss_desc->bcn_rsn_ie)).
291 ieee_hdr.element_id : 0,
292 (priv->sec_info.wep_enabled) ? "e" : "d",
293 (priv->sec_info.wpa_enabled) ? "e" : "d",
294 (priv->sec_info.wpa2_enabled) ? "e" : "d",
295 priv->sec_info.encryption_mode,
296 bss_desc->privacy);
297 return true;
298 }
299 return false;
300 }
301
302 /*
303 * This function checks if adhoc AES is enabled in driver and scanned network is
304 * compatible with it.
305 */
306 static bool
mwifiex_is_bss_adhoc_aes(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)307 mwifiex_is_bss_adhoc_aes(struct mwifiex_private *priv,
308 struct mwifiex_bssdescriptor *bss_desc)
309 {
310 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
311 !priv->sec_info.wpa2_enabled &&
312 ((!bss_desc->bcn_wpa_ie) ||
313 ((*(bss_desc->bcn_wpa_ie)).
314 vend_hdr.element_id != WLAN_EID_VENDOR_SPECIFIC)) &&
315 ((!bss_desc->bcn_rsn_ie) ||
316 ((*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id != WLAN_EID_RSN)) &&
317 !priv->sec_info.encryption_mode && bss_desc->privacy) {
318 return true;
319 }
320 return false;
321 }
322
323 /*
324 * This function checks if dynamic WEP is enabled in driver and scanned network
325 * is compatible with it.
326 */
327 static bool
mwifiex_is_bss_dynamic_wep(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)328 mwifiex_is_bss_dynamic_wep(struct mwifiex_private *priv,
329 struct mwifiex_bssdescriptor *bss_desc)
330 {
331 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
332 !priv->sec_info.wpa2_enabled &&
333 ((!bss_desc->bcn_wpa_ie) ||
334 ((*(bss_desc->bcn_wpa_ie)).
335 vend_hdr.element_id != WLAN_EID_VENDOR_SPECIFIC)) &&
336 ((!bss_desc->bcn_rsn_ie) ||
337 ((*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id != WLAN_EID_RSN)) &&
338 priv->sec_info.encryption_mode && bss_desc->privacy) {
339 dev_dbg(priv->adapter->dev, "info: %s: dynamic "
340 "WEP: wpa_ie=%#x wpa2_ie=%#x "
341 "EncMode=%#x privacy=%#x\n",
342 __func__,
343 (bss_desc->bcn_wpa_ie) ?
344 (*(bss_desc->bcn_wpa_ie)).
345 vend_hdr.element_id : 0,
346 (bss_desc->bcn_rsn_ie) ?
347 (*(bss_desc->bcn_rsn_ie)).
348 ieee_hdr.element_id : 0,
349 priv->sec_info.encryption_mode,
350 bss_desc->privacy);
351 return true;
352 }
353 return false;
354 }
355
356 /*
357 * This function checks if a scanned network is compatible with the driver
358 * settings.
359 *
360 * WEP WPA WPA2 ad-hoc encrypt Network
361 * enabled enabled enabled AES mode Privacy WPA WPA2 Compatible
362 * 0 0 0 0 NONE 0 0 0 yes No security
363 * 0 1 0 0 x 1x 1 x yes WPA (disable
364 * HT if no AES)
365 * 0 0 1 0 x 1x x 1 yes WPA2 (disable
366 * HT if no AES)
367 * 0 0 0 1 NONE 1 0 0 yes Ad-hoc AES
368 * 1 0 0 0 NONE 1 0 0 yes Static WEP
369 * (disable HT)
370 * 0 0 0 0 !=NONE 1 0 0 yes Dynamic WEP
371 *
372 * Compatibility is not matched while roaming, except for mode.
373 */
374 static s32
mwifiex_is_network_compatible(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc,u32 mode)375 mwifiex_is_network_compatible(struct mwifiex_private *priv,
376 struct mwifiex_bssdescriptor *bss_desc, u32 mode)
377 {
378 struct mwifiex_adapter *adapter = priv->adapter;
379
380 bss_desc->disable_11n = false;
381
382 /* Don't check for compatibility if roaming */
383 if (priv->media_connected &&
384 (priv->bss_mode == NL80211_IFTYPE_STATION) &&
385 (bss_desc->bss_mode == NL80211_IFTYPE_STATION))
386 return 0;
387
388 if (priv->wps.session_enable) {
389 dev_dbg(adapter->dev,
390 "info: return success directly in WPS period\n");
391 return 0;
392 }
393
394 if (mwifiex_is_bss_wapi(priv, bss_desc)) {
395 dev_dbg(adapter->dev, "info: return success for WAPI AP\n");
396 return 0;
397 }
398
399 if (bss_desc->bss_mode == mode) {
400 if (mwifiex_is_bss_no_sec(priv, bss_desc)) {
401 /* No security */
402 return 0;
403 } else if (mwifiex_is_bss_static_wep(priv, bss_desc)) {
404 /* Static WEP enabled */
405 dev_dbg(adapter->dev, "info: Disable 11n in WEP mode.\n");
406 bss_desc->disable_11n = true;
407 return 0;
408 } else if (mwifiex_is_bss_wpa(priv, bss_desc)) {
409 /* WPA enabled */
410 if (((priv->adapter->config_bands & BAND_GN ||
411 priv->adapter->config_bands & BAND_AN) &&
412 bss_desc->bcn_ht_cap) &&
413 !mwifiex_is_wpa_oui_present(bss_desc,
414 CIPHER_SUITE_CCMP)) {
415
416 if (mwifiex_is_wpa_oui_present
417 (bss_desc, CIPHER_SUITE_TKIP)) {
418 dev_dbg(adapter->dev,
419 "info: Disable 11n if AES "
420 "is not supported by AP\n");
421 bss_desc->disable_11n = true;
422 } else {
423 return -1;
424 }
425 }
426 return 0;
427 } else if (mwifiex_is_bss_wpa2(priv, bss_desc)) {
428 /* WPA2 enabled */
429 if (((priv->adapter->config_bands & BAND_GN ||
430 priv->adapter->config_bands & BAND_AN) &&
431 bss_desc->bcn_ht_cap) &&
432 !mwifiex_is_rsn_oui_present(bss_desc,
433 CIPHER_SUITE_CCMP)) {
434
435 if (mwifiex_is_rsn_oui_present
436 (bss_desc, CIPHER_SUITE_TKIP)) {
437 dev_dbg(adapter->dev,
438 "info: Disable 11n if AES "
439 "is not supported by AP\n");
440 bss_desc->disable_11n = true;
441 } else {
442 return -1;
443 }
444 }
445 return 0;
446 } else if (mwifiex_is_bss_adhoc_aes(priv, bss_desc)) {
447 /* Ad-hoc AES enabled */
448 return 0;
449 } else if (mwifiex_is_bss_dynamic_wep(priv, bss_desc)) {
450 /* Dynamic WEP enabled */
451 return 0;
452 }
453
454 /* Security doesn't match */
455 dev_dbg(adapter->dev,
456 "info: %s: failed: wpa_ie=%#x wpa2_ie=%#x WEP=%s "
457 "WPA=%s WPA2=%s EncMode=%#x privacy=%#x\n", __func__,
458 (bss_desc->bcn_wpa_ie) ?
459 (*(bss_desc->bcn_wpa_ie)).vend_hdr.element_id : 0,
460 (bss_desc->bcn_rsn_ie) ?
461 (*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id : 0,
462 (priv->sec_info.wep_enabled) ? "e" : "d",
463 (priv->sec_info.wpa_enabled) ? "e" : "d",
464 (priv->sec_info.wpa2_enabled) ? "e" : "d",
465 priv->sec_info.encryption_mode, bss_desc->privacy);
466 return -1;
467 }
468
469 /* Mode doesn't match */
470 return -1;
471 }
472
473 /*
474 * This function creates a channel list for the driver to scan, based
475 * on region/band information.
476 *
477 * This routine is used for any scan that is not provided with a
478 * specific channel list to scan.
479 */
480 static int
mwifiex_scan_create_channel_list(struct mwifiex_private * priv,const struct mwifiex_user_scan_cfg * user_scan_in,struct mwifiex_chan_scan_param_set * scan_chan_list,u8 filtered_scan)481 mwifiex_scan_create_channel_list(struct mwifiex_private *priv,
482 const struct mwifiex_user_scan_cfg
483 *user_scan_in,
484 struct mwifiex_chan_scan_param_set
485 *scan_chan_list,
486 u8 filtered_scan)
487 {
488 enum ieee80211_band band;
489 struct ieee80211_supported_band *sband;
490 struct ieee80211_channel *ch;
491 struct mwifiex_adapter *adapter = priv->adapter;
492 int chan_idx = 0, i;
493
494 for (band = 0; (band < IEEE80211_NUM_BANDS) ; band++) {
495
496 if (!priv->wdev->wiphy->bands[band])
497 continue;
498
499 sband = priv->wdev->wiphy->bands[band];
500
501 for (i = 0; (i < sband->n_channels) ; i++) {
502 ch = &sband->channels[i];
503 if (ch->flags & IEEE80211_CHAN_DISABLED)
504 continue;
505 scan_chan_list[chan_idx].radio_type = band;
506
507 if (user_scan_in &&
508 user_scan_in->chan_list[0].scan_time)
509 scan_chan_list[chan_idx].max_scan_time =
510 cpu_to_le16((u16) user_scan_in->
511 chan_list[0].scan_time);
512 else if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
513 scan_chan_list[chan_idx].max_scan_time =
514 cpu_to_le16(adapter->passive_scan_time);
515 else
516 scan_chan_list[chan_idx].max_scan_time =
517 cpu_to_le16(adapter->active_scan_time);
518
519 if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
520 scan_chan_list[chan_idx].chan_scan_mode_bitmap
521 |= MWIFIEX_PASSIVE_SCAN;
522 else
523 scan_chan_list[chan_idx].chan_scan_mode_bitmap
524 &= ~MWIFIEX_PASSIVE_SCAN;
525 scan_chan_list[chan_idx].chan_number =
526 (u32) ch->hw_value;
527 if (filtered_scan) {
528 scan_chan_list[chan_idx].max_scan_time =
529 cpu_to_le16(adapter->specific_scan_time);
530 scan_chan_list[chan_idx].chan_scan_mode_bitmap
531 |= MWIFIEX_DISABLE_CHAN_FILT;
532 }
533 chan_idx++;
534 }
535
536 }
537 return chan_idx;
538 }
539
540 /*
541 * This function constructs and sends multiple scan config commands to
542 * the firmware.
543 *
544 * Previous routines in the code flow have created a scan command configuration
545 * with any requested TLVs. This function splits the channel TLV into maximum
546 * channels supported per scan lists and sends the portion of the channel TLV,
547 * along with the other TLVs, to the firmware.
548 */
549 static int
mwifiex_scan_channel_list(struct mwifiex_private * priv,u32 max_chan_per_scan,u8 filtered_scan,struct mwifiex_scan_cmd_config * scan_cfg_out,struct mwifiex_ie_types_chan_list_param_set * chan_tlv_out,struct mwifiex_chan_scan_param_set * scan_chan_list)550 mwifiex_scan_channel_list(struct mwifiex_private *priv,
551 u32 max_chan_per_scan, u8 filtered_scan,
552 struct mwifiex_scan_cmd_config *scan_cfg_out,
553 struct mwifiex_ie_types_chan_list_param_set
554 *chan_tlv_out,
555 struct mwifiex_chan_scan_param_set *scan_chan_list)
556 {
557 int ret = 0;
558 struct mwifiex_chan_scan_param_set *tmp_chan_list;
559 struct mwifiex_chan_scan_param_set *start_chan;
560
561 u32 tlv_idx;
562 u32 total_scan_time;
563 u32 done_early;
564
565 if (!scan_cfg_out || !chan_tlv_out || !scan_chan_list) {
566 dev_dbg(priv->adapter->dev,
567 "info: Scan: Null detect: %p, %p, %p\n",
568 scan_cfg_out, chan_tlv_out, scan_chan_list);
569 return -1;
570 }
571
572 chan_tlv_out->header.type = cpu_to_le16(TLV_TYPE_CHANLIST);
573
574 /* Set the temp channel struct pointer to the start of the desired
575 list */
576 tmp_chan_list = scan_chan_list;
577
578 /* Loop through the desired channel list, sending a new firmware scan
579 commands for each max_chan_per_scan channels (or for 1,6,11
580 individually if configured accordingly) */
581 while (tmp_chan_list->chan_number) {
582
583 tlv_idx = 0;
584 total_scan_time = 0;
585 chan_tlv_out->header.len = 0;
586 start_chan = tmp_chan_list;
587 done_early = false;
588
589 /*
590 * Construct the Channel TLV for the scan command. Continue to
591 * insert channel TLVs until:
592 * - the tlv_idx hits the maximum configured per scan command
593 * - the next channel to insert is 0 (end of desired channel
594 * list)
595 * - done_early is set (controlling individual scanning of
596 * 1,6,11)
597 */
598 while (tlv_idx < max_chan_per_scan &&
599 tmp_chan_list->chan_number && !done_early) {
600
601 dev_dbg(priv->adapter->dev,
602 "info: Scan: Chan(%3d), Radio(%d),"
603 " Mode(%d, %d), Dur(%d)\n",
604 tmp_chan_list->chan_number,
605 tmp_chan_list->radio_type,
606 tmp_chan_list->chan_scan_mode_bitmap
607 & MWIFIEX_PASSIVE_SCAN,
608 (tmp_chan_list->chan_scan_mode_bitmap
609 & MWIFIEX_DISABLE_CHAN_FILT) >> 1,
610 le16_to_cpu(tmp_chan_list->max_scan_time));
611
612 /* Copy the current channel TLV to the command being
613 prepared */
614 memcpy(chan_tlv_out->chan_scan_param + tlv_idx,
615 tmp_chan_list,
616 sizeof(chan_tlv_out->chan_scan_param));
617
618 /* Increment the TLV header length by the size
619 appended */
620 le16_add_cpu(&chan_tlv_out->header.len,
621 sizeof(chan_tlv_out->chan_scan_param));
622
623 /*
624 * The tlv buffer length is set to the number of bytes
625 * of the between the channel tlv pointer and the start
626 * of the tlv buffer. This compensates for any TLVs
627 * that were appended before the channel list.
628 */
629 scan_cfg_out->tlv_buf_len = (u32) ((u8 *) chan_tlv_out -
630 scan_cfg_out->tlv_buf);
631
632 /* Add the size of the channel tlv header and the data
633 length */
634 scan_cfg_out->tlv_buf_len +=
635 (sizeof(chan_tlv_out->header)
636 + le16_to_cpu(chan_tlv_out->header.len));
637
638 /* Increment the index to the channel tlv we are
639 constructing */
640 tlv_idx++;
641
642 /* Count the total scan time per command */
643 total_scan_time +=
644 le16_to_cpu(tmp_chan_list->max_scan_time);
645
646 done_early = false;
647
648 /* Stop the loop if the *current* channel is in the
649 1,6,11 set and we are not filtering on a BSSID
650 or SSID. */
651 if (!filtered_scan &&
652 (tmp_chan_list->chan_number == 1 ||
653 tmp_chan_list->chan_number == 6 ||
654 tmp_chan_list->chan_number == 11))
655 done_early = true;
656
657 /* Increment the tmp pointer to the next channel to
658 be scanned */
659 tmp_chan_list++;
660
661 /* Stop the loop if the *next* channel is in the 1,6,11
662 set. This will cause it to be the only channel
663 scanned on the next interation */
664 if (!filtered_scan &&
665 (tmp_chan_list->chan_number == 1 ||
666 tmp_chan_list->chan_number == 6 ||
667 tmp_chan_list->chan_number == 11))
668 done_early = true;
669 }
670
671 /* The total scan time should be less than scan command timeout
672 value */
673 if (total_scan_time > MWIFIEX_MAX_TOTAL_SCAN_TIME) {
674 dev_err(priv->adapter->dev, "total scan time %dms"
675 " is over limit (%dms), scan skipped\n",
676 total_scan_time, MWIFIEX_MAX_TOTAL_SCAN_TIME);
677 ret = -1;
678 break;
679 }
680
681 priv->adapter->scan_channels = start_chan;
682
683 /* Send the scan command to the firmware with the specified
684 cfg */
685 ret = mwifiex_send_cmd_async(priv, HostCmd_CMD_802_11_SCAN,
686 HostCmd_ACT_GEN_SET, 0,
687 scan_cfg_out);
688 if (ret)
689 break;
690 }
691
692 if (ret)
693 return -1;
694
695 return 0;
696 }
697
698 /*
699 * This function constructs a scan command configuration structure to use
700 * in scan commands.
701 *
702 * Application layer or other functions can invoke network scanning
703 * with a scan configuration supplied in a user scan configuration structure.
704 * This structure is used as the basis of one or many scan command configuration
705 * commands that are sent to the command processing module and eventually to the
706 * firmware.
707 *
708 * This function creates a scan command configuration structure based on the
709 * following user supplied parameters (if present):
710 * - SSID filter
711 * - BSSID filter
712 * - Number of Probes to be sent
713 * - Channel list
714 *
715 * If the SSID or BSSID filter is not present, the filter is disabled/cleared.
716 * If the number of probes is not set, adapter default setting is used.
717 */
718 static void
mwifiex_config_scan(struct mwifiex_private * priv,const struct mwifiex_user_scan_cfg * user_scan_in,struct mwifiex_scan_cmd_config * scan_cfg_out,struct mwifiex_ie_types_chan_list_param_set ** chan_list_out,struct mwifiex_chan_scan_param_set * scan_chan_list,u8 * max_chan_per_scan,u8 * filtered_scan,u8 * scan_current_only)719 mwifiex_config_scan(struct mwifiex_private *priv,
720 const struct mwifiex_user_scan_cfg *user_scan_in,
721 struct mwifiex_scan_cmd_config *scan_cfg_out,
722 struct mwifiex_ie_types_chan_list_param_set **chan_list_out,
723 struct mwifiex_chan_scan_param_set *scan_chan_list,
724 u8 *max_chan_per_scan, u8 *filtered_scan,
725 u8 *scan_current_only)
726 {
727 struct mwifiex_adapter *adapter = priv->adapter;
728 struct mwifiex_ie_types_num_probes *num_probes_tlv;
729 struct mwifiex_ie_types_wildcard_ssid_params *wildcard_ssid_tlv;
730 struct mwifiex_ie_types_rates_param_set *rates_tlv;
731 u8 *tlv_pos;
732 u32 num_probes;
733 u32 ssid_len;
734 u32 chan_idx;
735 u32 chan_num;
736 u32 scan_type;
737 u16 scan_dur;
738 u8 channel;
739 u8 radio_type;
740 int i;
741 u8 ssid_filter;
742 u8 rates[MWIFIEX_SUPPORTED_RATES];
743 u32 rates_size;
744 struct mwifiex_ie_types_htcap *ht_cap;
745
746 /* The tlv_buf_len is calculated for each scan command. The TLVs added
747 in this routine will be preserved since the routine that sends the
748 command will append channelTLVs at *chan_list_out. The difference
749 between the *chan_list_out and the tlv_buf start will be used to
750 calculate the size of anything we add in this routine. */
751 scan_cfg_out->tlv_buf_len = 0;
752
753 /* Running tlv pointer. Assigned to chan_list_out at end of function
754 so later routines know where channels can be added to the command
755 buf */
756 tlv_pos = scan_cfg_out->tlv_buf;
757
758 /* Initialize the scan as un-filtered; the flag is later set to TRUE
759 below if a SSID or BSSID filter is sent in the command */
760 *filtered_scan = false;
761
762 /* Initialize the scan as not being only on the current channel. If
763 the channel list is customized, only contains one channel, and is
764 the active channel, this is set true and data flow is not halted. */
765 *scan_current_only = false;
766
767 if (user_scan_in) {
768
769 /* Default the ssid_filter flag to TRUE, set false under
770 certain wildcard conditions and qualified by the existence
771 of an SSID list before marking the scan as filtered */
772 ssid_filter = true;
773
774 /* Set the BSS type scan filter, use Adapter setting if
775 unset */
776 scan_cfg_out->bss_mode =
777 (user_scan_in->bss_mode ? (u8) user_scan_in->
778 bss_mode : (u8) adapter->scan_mode);
779
780 /* Set the number of probes to send, use Adapter setting
781 if unset */
782 num_probes =
783 (user_scan_in->num_probes ? user_scan_in->
784 num_probes : adapter->scan_probes);
785
786 /*
787 * Set the BSSID filter to the incoming configuration,
788 * if non-zero. If not set, it will remain disabled
789 * (all zeros).
790 */
791 memcpy(scan_cfg_out->specific_bssid,
792 user_scan_in->specific_bssid,
793 sizeof(scan_cfg_out->specific_bssid));
794
795 for (i = 0; i < user_scan_in->num_ssids; i++) {
796 ssid_len = user_scan_in->ssid_list[i].ssid_len;
797
798 wildcard_ssid_tlv =
799 (struct mwifiex_ie_types_wildcard_ssid_params *)
800 tlv_pos;
801 wildcard_ssid_tlv->header.type =
802 cpu_to_le16(TLV_TYPE_WILDCARDSSID);
803 wildcard_ssid_tlv->header.len = cpu_to_le16(
804 (u16) (ssid_len + sizeof(wildcard_ssid_tlv->
805 max_ssid_length)));
806
807 /*
808 * max_ssid_length = 0 tells firmware to perform
809 * specific scan for the SSID filled, whereas
810 * max_ssid_length = IEEE80211_MAX_SSID_LEN is for
811 * wildcard scan.
812 */
813 if (ssid_len)
814 wildcard_ssid_tlv->max_ssid_length = 0;
815 else
816 wildcard_ssid_tlv->max_ssid_length =
817 IEEE80211_MAX_SSID_LEN;
818
819 memcpy(wildcard_ssid_tlv->ssid,
820 user_scan_in->ssid_list[i].ssid, ssid_len);
821
822 tlv_pos += (sizeof(wildcard_ssid_tlv->header)
823 + le16_to_cpu(wildcard_ssid_tlv->header.len));
824
825 dev_dbg(adapter->dev, "info: scan: ssid[%d]: %s, %d\n",
826 i, wildcard_ssid_tlv->ssid,
827 wildcard_ssid_tlv->max_ssid_length);
828
829 /* Empty wildcard ssid with a maxlen will match many or
830 potentially all SSIDs (maxlen == 32), therefore do
831 not treat the scan as
832 filtered. */
833 if (!ssid_len && wildcard_ssid_tlv->max_ssid_length)
834 ssid_filter = false;
835 }
836
837 /*
838 * The default number of channels sent in the command is low to
839 * ensure the response buffer from the firmware does not
840 * truncate scan results. That is not an issue with an SSID
841 * or BSSID filter applied to the scan results in the firmware.
842 */
843 if ((i && ssid_filter) ||
844 !is_zero_ether_addr(scan_cfg_out->specific_bssid))
845 *filtered_scan = true;
846 } else {
847 scan_cfg_out->bss_mode = (u8) adapter->scan_mode;
848 num_probes = adapter->scan_probes;
849 }
850
851 /*
852 * If a specific BSSID or SSID is used, the number of channels in the
853 * scan command will be increased to the absolute maximum.
854 */
855 if (*filtered_scan)
856 *max_chan_per_scan = MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;
857 else
858 *max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD;
859
860 /* If the input config or adapter has the number of Probes set,
861 add tlv */
862 if (num_probes) {
863
864 dev_dbg(adapter->dev, "info: scan: num_probes = %d\n",
865 num_probes);
866
867 num_probes_tlv = (struct mwifiex_ie_types_num_probes *) tlv_pos;
868 num_probes_tlv->header.type = cpu_to_le16(TLV_TYPE_NUMPROBES);
869 num_probes_tlv->header.len =
870 cpu_to_le16(sizeof(num_probes_tlv->num_probes));
871 num_probes_tlv->num_probes = cpu_to_le16((u16) num_probes);
872
873 tlv_pos += sizeof(num_probes_tlv->header) +
874 le16_to_cpu(num_probes_tlv->header.len);
875
876 }
877
878 /* Append rates tlv */
879 memset(rates, 0, sizeof(rates));
880
881 rates_size = mwifiex_get_supported_rates(priv, rates);
882
883 rates_tlv = (struct mwifiex_ie_types_rates_param_set *) tlv_pos;
884 rates_tlv->header.type = cpu_to_le16(WLAN_EID_SUPP_RATES);
885 rates_tlv->header.len = cpu_to_le16((u16) rates_size);
886 memcpy(rates_tlv->rates, rates, rates_size);
887 tlv_pos += sizeof(rates_tlv->header) + rates_size;
888
889 dev_dbg(adapter->dev, "info: SCAN_CMD: Rates size = %d\n", rates_size);
890
891 if (ISSUPP_11NENABLED(priv->adapter->fw_cap_info) &&
892 (priv->adapter->config_bands & BAND_GN ||
893 priv->adapter->config_bands & BAND_AN)) {
894 ht_cap = (struct mwifiex_ie_types_htcap *) tlv_pos;
895 memset(ht_cap, 0, sizeof(struct mwifiex_ie_types_htcap));
896 ht_cap->header.type = cpu_to_le16(WLAN_EID_HT_CAPABILITY);
897 ht_cap->header.len =
898 cpu_to_le16(sizeof(struct ieee80211_ht_cap));
899 radio_type =
900 mwifiex_band_to_radio_type(priv->adapter->config_bands);
901 mwifiex_fill_cap_info(priv, radio_type, ht_cap);
902 tlv_pos += sizeof(struct mwifiex_ie_types_htcap);
903 }
904
905 /* Append vendor specific IE TLV */
906 mwifiex_cmd_append_vsie_tlv(priv, MWIFIEX_VSIE_MASK_SCAN, &tlv_pos);
907
908 /*
909 * Set the output for the channel TLV to the address in the tlv buffer
910 * past any TLVs that were added in this function (SSID, num_probes).
911 * Channel TLVs will be added past this for each scan command,
912 * preserving the TLVs that were previously added.
913 */
914 *chan_list_out =
915 (struct mwifiex_ie_types_chan_list_param_set *) tlv_pos;
916
917 if (user_scan_in && user_scan_in->chan_list[0].chan_number) {
918
919 dev_dbg(adapter->dev, "info: Scan: Using supplied channel list\n");
920
921 for (chan_idx = 0;
922 chan_idx < MWIFIEX_USER_SCAN_CHAN_MAX &&
923 user_scan_in->chan_list[chan_idx].chan_number;
924 chan_idx++) {
925
926 channel = user_scan_in->chan_list[chan_idx].chan_number;
927 (scan_chan_list + chan_idx)->chan_number = channel;
928
929 radio_type =
930 user_scan_in->chan_list[chan_idx].radio_type;
931 (scan_chan_list + chan_idx)->radio_type = radio_type;
932
933 scan_type = user_scan_in->chan_list[chan_idx].scan_type;
934
935 if (scan_type == MWIFIEX_SCAN_TYPE_PASSIVE)
936 (scan_chan_list +
937 chan_idx)->chan_scan_mode_bitmap
938 |= MWIFIEX_PASSIVE_SCAN;
939 else
940 (scan_chan_list +
941 chan_idx)->chan_scan_mode_bitmap
942 &= ~MWIFIEX_PASSIVE_SCAN;
943
944 if (*filtered_scan)
945 (scan_chan_list +
946 chan_idx)->chan_scan_mode_bitmap
947 |= MWIFIEX_DISABLE_CHAN_FILT;
948
949 if (user_scan_in->chan_list[chan_idx].scan_time) {
950 scan_dur = (u16) user_scan_in->
951 chan_list[chan_idx].scan_time;
952 } else {
953 if (scan_type == MWIFIEX_SCAN_TYPE_PASSIVE)
954 scan_dur = adapter->passive_scan_time;
955 else if (*filtered_scan)
956 scan_dur = adapter->specific_scan_time;
957 else
958 scan_dur = adapter->active_scan_time;
959 }
960
961 (scan_chan_list + chan_idx)->min_scan_time =
962 cpu_to_le16(scan_dur);
963 (scan_chan_list + chan_idx)->max_scan_time =
964 cpu_to_le16(scan_dur);
965 }
966
967 /* Check if we are only scanning the current channel */
968 if ((chan_idx == 1) &&
969 (user_scan_in->chan_list[0].chan_number ==
970 priv->curr_bss_params.bss_descriptor.channel)) {
971 *scan_current_only = true;
972 dev_dbg(adapter->dev,
973 "info: Scan: Scanning current channel only\n");
974 }
975 chan_num = chan_idx;
976 } else {
977 dev_dbg(adapter->dev,
978 "info: Scan: Creating full region channel list\n");
979 chan_num = mwifiex_scan_create_channel_list(priv, user_scan_in,
980 scan_chan_list,
981 *filtered_scan);
982 }
983
984 /*
985 * In associated state we will reduce the number of channels scanned per
986 * scan command to avoid any traffic delay/loss. This number is decided
987 * based on total number of channels to be scanned due to constraints
988 * of command buffers.
989 */
990 if (priv->media_connected) {
991 if (chan_num < MWIFIEX_LIMIT_1_CHANNEL_PER_SCAN_CMD)
992 *max_chan_per_scan = 1;
993 else if (chan_num < MWIFIEX_LIMIT_2_CHANNELS_PER_SCAN_CMD)
994 *max_chan_per_scan = 2;
995 else if (chan_num < MWIFIEX_LIMIT_3_CHANNELS_PER_SCAN_CMD)
996 *max_chan_per_scan = 3;
997 else
998 *max_chan_per_scan = 4;
999 }
1000 }
1001
1002 /*
1003 * This function inspects the scan response buffer for pointers to
1004 * expected TLVs.
1005 *
1006 * TLVs can be included at the end of the scan response BSS information.
1007 *
1008 * Data in the buffer is parsed pointers to TLVs that can potentially
1009 * be passed back in the response.
1010 */
1011 static void
mwifiex_ret_802_11_scan_get_tlv_ptrs(struct mwifiex_adapter * adapter,struct mwifiex_ie_types_data * tlv,u32 tlv_buf_size,u32 req_tlv_type,struct mwifiex_ie_types_data ** tlv_data)1012 mwifiex_ret_802_11_scan_get_tlv_ptrs(struct mwifiex_adapter *adapter,
1013 struct mwifiex_ie_types_data *tlv,
1014 u32 tlv_buf_size, u32 req_tlv_type,
1015 struct mwifiex_ie_types_data **tlv_data)
1016 {
1017 struct mwifiex_ie_types_data *current_tlv;
1018 u32 tlv_buf_left;
1019 u32 tlv_type;
1020 u32 tlv_len;
1021
1022 current_tlv = tlv;
1023 tlv_buf_left = tlv_buf_size;
1024 *tlv_data = NULL;
1025
1026 dev_dbg(adapter->dev, "info: SCAN_RESP: tlv_buf_size = %d\n",
1027 tlv_buf_size);
1028
1029 while (tlv_buf_left >= sizeof(struct mwifiex_ie_types_header)) {
1030
1031 tlv_type = le16_to_cpu(current_tlv->header.type);
1032 tlv_len = le16_to_cpu(current_tlv->header.len);
1033
1034 if (sizeof(tlv->header) + tlv_len > tlv_buf_left) {
1035 dev_err(adapter->dev, "SCAN_RESP: TLV buffer corrupt\n");
1036 break;
1037 }
1038
1039 if (req_tlv_type == tlv_type) {
1040 switch (tlv_type) {
1041 case TLV_TYPE_TSFTIMESTAMP:
1042 dev_dbg(adapter->dev, "info: SCAN_RESP: TSF "
1043 "timestamp TLV, len = %d\n", tlv_len);
1044 *tlv_data = current_tlv;
1045 break;
1046 case TLV_TYPE_CHANNELBANDLIST:
1047 dev_dbg(adapter->dev, "info: SCAN_RESP: channel"
1048 " band list TLV, len = %d\n", tlv_len);
1049 *tlv_data = current_tlv;
1050 break;
1051 default:
1052 dev_err(adapter->dev,
1053 "SCAN_RESP: unhandled TLV = %d\n",
1054 tlv_type);
1055 /* Give up, this seems corrupted */
1056 return;
1057 }
1058 }
1059
1060 if (*tlv_data)
1061 break;
1062
1063
1064 tlv_buf_left -= (sizeof(tlv->header) + tlv_len);
1065 current_tlv =
1066 (struct mwifiex_ie_types_data *) (current_tlv->data +
1067 tlv_len);
1068
1069 } /* while */
1070 }
1071
1072 /*
1073 * This function parses provided beacon buffer and updates
1074 * respective fields in bss descriptor structure.
1075 */
mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter * adapter,struct mwifiex_bssdescriptor * bss_entry)1076 int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter,
1077 struct mwifiex_bssdescriptor *bss_entry)
1078 {
1079 int ret = 0;
1080 u8 element_id;
1081 struct ieee_types_fh_param_set *fh_param_set;
1082 struct ieee_types_ds_param_set *ds_param_set;
1083 struct ieee_types_cf_param_set *cf_param_set;
1084 struct ieee_types_ibss_param_set *ibss_param_set;
1085 u8 *current_ptr;
1086 u8 *rate;
1087 u8 element_len;
1088 u16 total_ie_len;
1089 u8 bytes_to_copy;
1090 u8 rate_size;
1091 u8 found_data_rate_ie;
1092 u32 bytes_left;
1093 struct ieee_types_vendor_specific *vendor_ie;
1094 const u8 wpa_oui[4] = { 0x00, 0x50, 0xf2, 0x01 };
1095 const u8 wmm_oui[4] = { 0x00, 0x50, 0xf2, 0x02 };
1096
1097 found_data_rate_ie = false;
1098 rate_size = 0;
1099 current_ptr = bss_entry->beacon_buf;
1100 bytes_left = bss_entry->beacon_buf_size;
1101
1102 /* Process variable IE */
1103 while (bytes_left >= 2) {
1104 element_id = *current_ptr;
1105 element_len = *(current_ptr + 1);
1106 total_ie_len = element_len + sizeof(struct ieee_types_header);
1107
1108 if (bytes_left < total_ie_len) {
1109 dev_err(adapter->dev, "err: InterpretIE: in processing"
1110 " IE, bytes left < IE length\n");
1111 return -1;
1112 }
1113 switch (element_id) {
1114 case WLAN_EID_SSID:
1115 bss_entry->ssid.ssid_len = element_len;
1116 memcpy(bss_entry->ssid.ssid, (current_ptr + 2),
1117 element_len);
1118 dev_dbg(adapter->dev,
1119 "info: InterpretIE: ssid: %-32s\n",
1120 bss_entry->ssid.ssid);
1121 break;
1122
1123 case WLAN_EID_SUPP_RATES:
1124 memcpy(bss_entry->data_rates, current_ptr + 2,
1125 element_len);
1126 memcpy(bss_entry->supported_rates, current_ptr + 2,
1127 element_len);
1128 rate_size = element_len;
1129 found_data_rate_ie = true;
1130 break;
1131
1132 case WLAN_EID_FH_PARAMS:
1133 fh_param_set =
1134 (struct ieee_types_fh_param_set *) current_ptr;
1135 memcpy(&bss_entry->phy_param_set.fh_param_set,
1136 fh_param_set,
1137 sizeof(struct ieee_types_fh_param_set));
1138 break;
1139
1140 case WLAN_EID_DS_PARAMS:
1141 ds_param_set =
1142 (struct ieee_types_ds_param_set *) current_ptr;
1143
1144 bss_entry->channel = ds_param_set->current_chan;
1145
1146 memcpy(&bss_entry->phy_param_set.ds_param_set,
1147 ds_param_set,
1148 sizeof(struct ieee_types_ds_param_set));
1149 break;
1150
1151 case WLAN_EID_CF_PARAMS:
1152 cf_param_set =
1153 (struct ieee_types_cf_param_set *) current_ptr;
1154 memcpy(&bss_entry->ss_param_set.cf_param_set,
1155 cf_param_set,
1156 sizeof(struct ieee_types_cf_param_set));
1157 break;
1158
1159 case WLAN_EID_IBSS_PARAMS:
1160 ibss_param_set =
1161 (struct ieee_types_ibss_param_set *)
1162 current_ptr;
1163 memcpy(&bss_entry->ss_param_set.ibss_param_set,
1164 ibss_param_set,
1165 sizeof(struct ieee_types_ibss_param_set));
1166 break;
1167
1168 case WLAN_EID_ERP_INFO:
1169 bss_entry->erp_flags = *(current_ptr + 2);
1170 break;
1171
1172 case WLAN_EID_EXT_SUPP_RATES:
1173 /*
1174 * Only process extended supported rate
1175 * if data rate is already found.
1176 * Data rate IE should come before
1177 * extended supported rate IE
1178 */
1179 if (found_data_rate_ie) {
1180 if ((element_len + rate_size) >
1181 MWIFIEX_SUPPORTED_RATES)
1182 bytes_to_copy =
1183 (MWIFIEX_SUPPORTED_RATES -
1184 rate_size);
1185 else
1186 bytes_to_copy = element_len;
1187
1188 rate = (u8 *) bss_entry->data_rates;
1189 rate += rate_size;
1190 memcpy(rate, current_ptr + 2, bytes_to_copy);
1191
1192 rate = (u8 *) bss_entry->supported_rates;
1193 rate += rate_size;
1194 memcpy(rate, current_ptr + 2, bytes_to_copy);
1195 }
1196 break;
1197
1198 case WLAN_EID_VENDOR_SPECIFIC:
1199 vendor_ie = (struct ieee_types_vendor_specific *)
1200 current_ptr;
1201
1202 if (!memcmp
1203 (vendor_ie->vend_hdr.oui, wpa_oui,
1204 sizeof(wpa_oui))) {
1205 bss_entry->bcn_wpa_ie =
1206 (struct ieee_types_vendor_specific *)
1207 current_ptr;
1208 bss_entry->wpa_offset = (u16)
1209 (current_ptr - bss_entry->beacon_buf);
1210 } else if (!memcmp(vendor_ie->vend_hdr.oui, wmm_oui,
1211 sizeof(wmm_oui))) {
1212 if (total_ie_len ==
1213 sizeof(struct ieee_types_wmm_parameter) ||
1214 total_ie_len ==
1215 sizeof(struct ieee_types_wmm_info))
1216 /*
1217 * Only accept and copy the WMM IE if
1218 * it matches the size expected for the
1219 * WMM Info IE or the WMM Parameter IE.
1220 */
1221 memcpy((u8 *) &bss_entry->wmm_ie,
1222 current_ptr, total_ie_len);
1223 }
1224 break;
1225 case WLAN_EID_RSN:
1226 bss_entry->bcn_rsn_ie =
1227 (struct ieee_types_generic *) current_ptr;
1228 bss_entry->rsn_offset = (u16) (current_ptr -
1229 bss_entry->beacon_buf);
1230 break;
1231 case WLAN_EID_BSS_AC_ACCESS_DELAY:
1232 bss_entry->bcn_wapi_ie =
1233 (struct ieee_types_generic *) current_ptr;
1234 bss_entry->wapi_offset = (u16) (current_ptr -
1235 bss_entry->beacon_buf);
1236 break;
1237 case WLAN_EID_HT_CAPABILITY:
1238 bss_entry->bcn_ht_cap = (struct ieee80211_ht_cap *)
1239 (current_ptr +
1240 sizeof(struct ieee_types_header));
1241 bss_entry->ht_cap_offset = (u16) (current_ptr +
1242 sizeof(struct ieee_types_header) -
1243 bss_entry->beacon_buf);
1244 break;
1245 case WLAN_EID_HT_OPERATION:
1246 bss_entry->bcn_ht_oper =
1247 (struct ieee80211_ht_operation *)(current_ptr +
1248 sizeof(struct ieee_types_header));
1249 bss_entry->ht_info_offset = (u16) (current_ptr +
1250 sizeof(struct ieee_types_header) -
1251 bss_entry->beacon_buf);
1252 break;
1253 case WLAN_EID_VHT_CAPABILITY:
1254 bss_entry->disable_11ac = false;
1255 bss_entry->bcn_vht_cap =
1256 (void *)(current_ptr +
1257 sizeof(struct ieee_types_header));
1258 bss_entry->vht_cap_offset =
1259 (u16)((u8 *)bss_entry->bcn_vht_cap -
1260 bss_entry->beacon_buf);
1261 break;
1262 case WLAN_EID_VHT_OPERATION:
1263 bss_entry->bcn_vht_oper =
1264 (void *)(current_ptr +
1265 sizeof(struct ieee_types_header));
1266 bss_entry->vht_info_offset =
1267 (u16)((u8 *)bss_entry->bcn_vht_oper -
1268 bss_entry->beacon_buf);
1269 break;
1270 case WLAN_EID_BSS_COEX_2040:
1271 bss_entry->bcn_bss_co_2040 = current_ptr +
1272 sizeof(struct ieee_types_header);
1273 bss_entry->bss_co_2040_offset = (u16) (current_ptr +
1274 sizeof(struct ieee_types_header) -
1275 bss_entry->beacon_buf);
1276 break;
1277 case WLAN_EID_EXT_CAPABILITY:
1278 bss_entry->bcn_ext_cap = current_ptr +
1279 sizeof(struct ieee_types_header);
1280 bss_entry->ext_cap_offset = (u16) (current_ptr +
1281 sizeof(struct ieee_types_header) -
1282 bss_entry->beacon_buf);
1283 break;
1284 case WLAN_EID_OPMODE_NOTIF:
1285 bss_entry->oper_mode =
1286 (void *)(current_ptr +
1287 sizeof(struct ieee_types_header));
1288 bss_entry->oper_mode_offset =
1289 (u16)((u8 *)bss_entry->oper_mode -
1290 bss_entry->beacon_buf);
1291 break;
1292 default:
1293 break;
1294 }
1295
1296 current_ptr += element_len + 2;
1297
1298 /* Need to account for IE ID and IE Len */
1299 bytes_left -= (element_len + 2);
1300
1301 } /* while (bytes_left > 2) */
1302 return ret;
1303 }
1304
1305 /*
1306 * This function converts radio type scan parameter to a band configuration
1307 * to be used in join command.
1308 */
1309 static u8
mwifiex_radio_type_to_band(u8 radio_type)1310 mwifiex_radio_type_to_band(u8 radio_type)
1311 {
1312 switch (radio_type) {
1313 case HostCmd_SCAN_RADIO_TYPE_A:
1314 return BAND_A;
1315 case HostCmd_SCAN_RADIO_TYPE_BG:
1316 default:
1317 return BAND_G;
1318 }
1319 }
1320
1321 /*
1322 * This is an internal function used to start a scan based on an input
1323 * configuration.
1324 *
1325 * This uses the input user scan configuration information when provided in
1326 * order to send the appropriate scan commands to firmware to populate or
1327 * update the internal driver scan table.
1328 */
mwifiex_scan_networks(struct mwifiex_private * priv,const struct mwifiex_user_scan_cfg * user_scan_in)1329 int mwifiex_scan_networks(struct mwifiex_private *priv,
1330 const struct mwifiex_user_scan_cfg *user_scan_in)
1331 {
1332 int ret;
1333 struct mwifiex_adapter *adapter = priv->adapter;
1334 struct cmd_ctrl_node *cmd_node;
1335 union mwifiex_scan_cmd_config_tlv *scan_cfg_out;
1336 struct mwifiex_ie_types_chan_list_param_set *chan_list_out;
1337 struct mwifiex_chan_scan_param_set *scan_chan_list;
1338 u8 filtered_scan;
1339 u8 scan_current_chan_only;
1340 u8 max_chan_per_scan;
1341 unsigned long flags;
1342
1343 if (adapter->scan_processing) {
1344 dev_err(adapter->dev, "cmd: Scan already in process...\n");
1345 return -EBUSY;
1346 }
1347
1348 if (priv->scan_block) {
1349 dev_err(adapter->dev,
1350 "cmd: Scan is blocked during association...\n");
1351 return -EBUSY;
1352 }
1353
1354 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
1355 adapter->scan_processing = true;
1356 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
1357
1358 scan_cfg_out = kzalloc(sizeof(union mwifiex_scan_cmd_config_tlv),
1359 GFP_KERNEL);
1360 if (!scan_cfg_out) {
1361 ret = -ENOMEM;
1362 goto done;
1363 }
1364
1365 scan_chan_list = kcalloc(MWIFIEX_USER_SCAN_CHAN_MAX,
1366 sizeof(struct mwifiex_chan_scan_param_set),
1367 GFP_KERNEL);
1368 if (!scan_chan_list) {
1369 kfree(scan_cfg_out);
1370 ret = -ENOMEM;
1371 goto done;
1372 }
1373
1374 mwifiex_config_scan(priv, user_scan_in, &scan_cfg_out->config,
1375 &chan_list_out, scan_chan_list, &max_chan_per_scan,
1376 &filtered_scan, &scan_current_chan_only);
1377
1378 ret = mwifiex_scan_channel_list(priv, max_chan_per_scan, filtered_scan,
1379 &scan_cfg_out->config, chan_list_out,
1380 scan_chan_list);
1381
1382 /* Get scan command from scan_pending_q and put to cmd_pending_q */
1383 if (!ret) {
1384 spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
1385 if (!list_empty(&adapter->scan_pending_q)) {
1386 cmd_node = list_first_entry(&adapter->scan_pending_q,
1387 struct cmd_ctrl_node, list);
1388 list_del(&cmd_node->list);
1389 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1390 flags);
1391 mwifiex_insert_cmd_to_pending_q(adapter, cmd_node,
1392 true);
1393 queue_work(adapter->workqueue, &adapter->main_work);
1394
1395 /* Perform internal scan synchronously */
1396 if (!priv->scan_request) {
1397 dev_dbg(adapter->dev, "wait internal scan\n");
1398 mwifiex_wait_queue_complete(adapter, cmd_node);
1399 }
1400 } else {
1401 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1402 flags);
1403 }
1404 }
1405
1406 kfree(scan_cfg_out);
1407 kfree(scan_chan_list);
1408 done:
1409 if (ret) {
1410 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
1411 adapter->scan_processing = false;
1412 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
1413 }
1414 return ret;
1415 }
1416
1417 /*
1418 * This function prepares a scan command to be sent to the firmware.
1419 *
1420 * This uses the scan command configuration sent to the command processing
1421 * module in command preparation stage to configure a scan command structure
1422 * to send to firmware.
1423 *
1424 * The fixed fields specifying the BSS type and BSSID filters as well as a
1425 * variable number/length of TLVs are sent in the command to firmware.
1426 *
1427 * Preparation also includes -
1428 * - Setting command ID, and proper size
1429 * - Ensuring correct endian-ness
1430 */
mwifiex_cmd_802_11_scan(struct host_cmd_ds_command * cmd,struct mwifiex_scan_cmd_config * scan_cfg)1431 int mwifiex_cmd_802_11_scan(struct host_cmd_ds_command *cmd,
1432 struct mwifiex_scan_cmd_config *scan_cfg)
1433 {
1434 struct host_cmd_ds_802_11_scan *scan_cmd = &cmd->params.scan;
1435
1436 /* Set fixed field variables in scan command */
1437 scan_cmd->bss_mode = scan_cfg->bss_mode;
1438 memcpy(scan_cmd->bssid, scan_cfg->specific_bssid,
1439 sizeof(scan_cmd->bssid));
1440 memcpy(scan_cmd->tlv_buffer, scan_cfg->tlv_buf, scan_cfg->tlv_buf_len);
1441
1442 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_SCAN);
1443
1444 /* Size is equal to the sizeof(fixed portions) + the TLV len + header */
1445 cmd->size = cpu_to_le16((u16) (sizeof(scan_cmd->bss_mode)
1446 + sizeof(scan_cmd->bssid)
1447 + scan_cfg->tlv_buf_len + S_DS_GEN));
1448
1449 return 0;
1450 }
1451
1452 /*
1453 * This function checks compatibility of requested network with current
1454 * driver settings.
1455 */
mwifiex_check_network_compatibility(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)1456 int mwifiex_check_network_compatibility(struct mwifiex_private *priv,
1457 struct mwifiex_bssdescriptor *bss_desc)
1458 {
1459 int ret = -1;
1460
1461 if (!bss_desc)
1462 return -1;
1463
1464 if ((mwifiex_get_cfp(priv, (u8) bss_desc->bss_band,
1465 (u16) bss_desc->channel, 0))) {
1466 switch (priv->bss_mode) {
1467 case NL80211_IFTYPE_STATION:
1468 case NL80211_IFTYPE_ADHOC:
1469 ret = mwifiex_is_network_compatible(priv, bss_desc,
1470 priv->bss_mode);
1471 if (ret)
1472 dev_err(priv->adapter->dev,
1473 "Incompatible network settings\n");
1474 break;
1475 default:
1476 ret = 0;
1477 }
1478 }
1479
1480 return ret;
1481 }
1482
mwifiex_update_curr_bss_params(struct mwifiex_private * priv,struct cfg80211_bss * bss)1483 static int mwifiex_update_curr_bss_params(struct mwifiex_private *priv,
1484 struct cfg80211_bss *bss)
1485 {
1486 struct mwifiex_bssdescriptor *bss_desc;
1487 int ret;
1488 unsigned long flags;
1489
1490 /* Allocate and fill new bss descriptor */
1491 bss_desc = kzalloc(sizeof(struct mwifiex_bssdescriptor), GFP_KERNEL);
1492 if (!bss_desc)
1493 return -ENOMEM;
1494
1495 ret = mwifiex_fill_new_bss_desc(priv, bss, bss_desc);
1496 if (ret)
1497 goto done;
1498
1499 ret = mwifiex_check_network_compatibility(priv, bss_desc);
1500 if (ret)
1501 goto done;
1502
1503 spin_lock_irqsave(&priv->curr_bcn_buf_lock, flags);
1504 /* Make a copy of current BSSID descriptor */
1505 memcpy(&priv->curr_bss_params.bss_descriptor, bss_desc,
1506 sizeof(priv->curr_bss_params.bss_descriptor));
1507
1508 /* The contents of beacon_ie will be copied to its own buffer
1509 * in mwifiex_save_curr_bcn()
1510 */
1511 mwifiex_save_curr_bcn(priv);
1512 spin_unlock_irqrestore(&priv->curr_bcn_buf_lock, flags);
1513
1514 done:
1515 /* beacon_ie buffer was allocated in function
1516 * mwifiex_fill_new_bss_desc(). Free it now.
1517 */
1518 kfree(bss_desc->beacon_buf);
1519 kfree(bss_desc);
1520 return 0;
1521 }
1522
1523 /*
1524 * This function handles the command response of scan.
1525 *
1526 * The response buffer for the scan command has the following
1527 * memory layout:
1528 *
1529 * .-------------------------------------------------------------.
1530 * | Header (4 * sizeof(t_u16)): Standard command response hdr |
1531 * .-------------------------------------------------------------.
1532 * | BufSize (t_u16) : sizeof the BSS Description data |
1533 * .-------------------------------------------------------------.
1534 * | NumOfSet (t_u8) : Number of BSS Descs returned |
1535 * .-------------------------------------------------------------.
1536 * | BSSDescription data (variable, size given in BufSize) |
1537 * .-------------------------------------------------------------.
1538 * | TLV data (variable, size calculated using Header->Size, |
1539 * | BufSize and sizeof the fixed fields above) |
1540 * .-------------------------------------------------------------.
1541 */
mwifiex_ret_802_11_scan(struct mwifiex_private * priv,struct host_cmd_ds_command * resp)1542 int mwifiex_ret_802_11_scan(struct mwifiex_private *priv,
1543 struct host_cmd_ds_command *resp)
1544 {
1545 int ret = 0;
1546 struct mwifiex_adapter *adapter = priv->adapter;
1547 struct cmd_ctrl_node *cmd_node;
1548 struct host_cmd_ds_802_11_scan_rsp *scan_rsp;
1549 struct mwifiex_ie_types_data *tlv_data;
1550 struct mwifiex_ie_types_tsf_timestamp *tsf_tlv;
1551 u8 *bss_info;
1552 u32 scan_resp_size;
1553 u32 bytes_left;
1554 u32 idx;
1555 u32 tlv_buf_size;
1556 struct mwifiex_chan_freq_power *cfp;
1557 struct mwifiex_ie_types_chan_band_list_param_set *chan_band_tlv;
1558 struct chan_band_param_set *chan_band;
1559 u8 is_bgscan_resp;
1560 unsigned long flags;
1561 struct cfg80211_bss *bss;
1562
1563 is_bgscan_resp = (le16_to_cpu(resp->command)
1564 == HostCmd_CMD_802_11_BG_SCAN_QUERY);
1565 if (is_bgscan_resp)
1566 scan_rsp = &resp->params.bg_scan_query_resp.scan_resp;
1567 else
1568 scan_rsp = &resp->params.scan_resp;
1569
1570
1571 if (scan_rsp->number_of_sets > MWIFIEX_MAX_AP) {
1572 dev_err(adapter->dev, "SCAN_RESP: too many AP returned (%d)\n",
1573 scan_rsp->number_of_sets);
1574 ret = -1;
1575 goto check_next_scan;
1576 }
1577
1578 bytes_left = le16_to_cpu(scan_rsp->bss_descript_size);
1579 dev_dbg(adapter->dev, "info: SCAN_RESP: bss_descript_size %d\n",
1580 bytes_left);
1581
1582 scan_resp_size = le16_to_cpu(resp->size);
1583
1584 dev_dbg(adapter->dev,
1585 "info: SCAN_RESP: returned %d APs before parsing\n",
1586 scan_rsp->number_of_sets);
1587
1588 bss_info = scan_rsp->bss_desc_and_tlv_buffer;
1589
1590 /*
1591 * The size of the TLV buffer is equal to the entire command response
1592 * size (scan_resp_size) minus the fixed fields (sizeof()'s), the
1593 * BSS Descriptions (bss_descript_size as bytesLef) and the command
1594 * response header (S_DS_GEN)
1595 */
1596 tlv_buf_size = scan_resp_size - (bytes_left
1597 + sizeof(scan_rsp->bss_descript_size)
1598 + sizeof(scan_rsp->number_of_sets)
1599 + S_DS_GEN);
1600
1601 tlv_data = (struct mwifiex_ie_types_data *) (scan_rsp->
1602 bss_desc_and_tlv_buffer +
1603 bytes_left);
1604
1605 /* Search the TLV buffer space in the scan response for any valid
1606 TLVs */
1607 mwifiex_ret_802_11_scan_get_tlv_ptrs(adapter, tlv_data, tlv_buf_size,
1608 TLV_TYPE_TSFTIMESTAMP,
1609 (struct mwifiex_ie_types_data **)
1610 &tsf_tlv);
1611
1612 /* Search the TLV buffer space in the scan response for any valid
1613 TLVs */
1614 mwifiex_ret_802_11_scan_get_tlv_ptrs(adapter, tlv_data, tlv_buf_size,
1615 TLV_TYPE_CHANNELBANDLIST,
1616 (struct mwifiex_ie_types_data **)
1617 &chan_band_tlv);
1618
1619 for (idx = 0; idx < scan_rsp->number_of_sets && bytes_left; idx++) {
1620 u8 bssid[ETH_ALEN];
1621 s32 rssi;
1622 const u8 *ie_buf;
1623 size_t ie_len;
1624 u16 channel = 0;
1625 u64 fw_tsf = 0;
1626 u16 beacon_size = 0;
1627 u32 curr_bcn_bytes;
1628 u32 freq;
1629 u16 beacon_period;
1630 u16 cap_info_bitmap;
1631 u8 *current_ptr;
1632 u64 timestamp;
1633 struct mwifiex_bcn_param *bcn_param;
1634 struct mwifiex_bss_priv *bss_priv;
1635
1636 if (bytes_left >= sizeof(beacon_size)) {
1637 /* Extract & convert beacon size from command buffer */
1638 memcpy(&beacon_size, bss_info, sizeof(beacon_size));
1639 bytes_left -= sizeof(beacon_size);
1640 bss_info += sizeof(beacon_size);
1641 }
1642
1643 if (!beacon_size || beacon_size > bytes_left) {
1644 bss_info += bytes_left;
1645 bytes_left = 0;
1646 ret = -1;
1647 goto check_next_scan;
1648 }
1649
1650 /* Initialize the current working beacon pointer for this BSS
1651 * iteration */
1652 current_ptr = bss_info;
1653
1654 /* Advance the return beacon pointer past the current beacon */
1655 bss_info += beacon_size;
1656 bytes_left -= beacon_size;
1657
1658 curr_bcn_bytes = beacon_size;
1659
1660 /*
1661 * First 5 fields are bssid, RSSI, time stamp, beacon interval,
1662 * and capability information
1663 */
1664 if (curr_bcn_bytes < sizeof(struct mwifiex_bcn_param)) {
1665 dev_err(adapter->dev,
1666 "InterpretIE: not enough bytes left\n");
1667 continue;
1668 }
1669 bcn_param = (struct mwifiex_bcn_param *)current_ptr;
1670 current_ptr += sizeof(*bcn_param);
1671 curr_bcn_bytes -= sizeof(*bcn_param);
1672
1673 memcpy(bssid, bcn_param->bssid, ETH_ALEN);
1674
1675 rssi = (s32) bcn_param->rssi;
1676 rssi = (-rssi) * 100; /* Convert dBm to mBm */
1677 dev_dbg(adapter->dev, "info: InterpretIE: RSSI=%d\n", rssi);
1678
1679 timestamp = le64_to_cpu(bcn_param->timestamp);
1680 beacon_period = le16_to_cpu(bcn_param->beacon_period);
1681
1682 cap_info_bitmap = le16_to_cpu(bcn_param->cap_info_bitmap);
1683 dev_dbg(adapter->dev, "info: InterpretIE: capabilities=0x%X\n",
1684 cap_info_bitmap);
1685
1686 /* Rest of the current buffer are IE's */
1687 ie_buf = current_ptr;
1688 ie_len = curr_bcn_bytes;
1689 dev_dbg(adapter->dev,
1690 "info: InterpretIE: IELength for this AP = %d\n",
1691 curr_bcn_bytes);
1692
1693 while (curr_bcn_bytes >= sizeof(struct ieee_types_header)) {
1694 u8 element_id, element_len;
1695
1696 element_id = *current_ptr;
1697 element_len = *(current_ptr + 1);
1698 if (curr_bcn_bytes < element_len +
1699 sizeof(struct ieee_types_header)) {
1700 dev_err(priv->adapter->dev,
1701 "%s: bytes left < IE length\n",
1702 __func__);
1703 goto check_next_scan;
1704 }
1705 if (element_id == WLAN_EID_DS_PARAMS) {
1706 channel = *(current_ptr + sizeof(struct ieee_types_header));
1707 break;
1708 }
1709
1710 current_ptr += element_len +
1711 sizeof(struct ieee_types_header);
1712 curr_bcn_bytes -= element_len +
1713 sizeof(struct ieee_types_header);
1714 }
1715
1716 /*
1717 * If the TSF TLV was appended to the scan results, save this
1718 * entry's TSF value in the fw_tsf field. It is the firmware's
1719 * TSF value at the time the beacon or probe response was
1720 * received.
1721 */
1722 if (tsf_tlv)
1723 memcpy(&fw_tsf, &tsf_tlv->tsf_data[idx * TSF_DATA_SIZE],
1724 sizeof(fw_tsf));
1725
1726 if (channel) {
1727 struct ieee80211_channel *chan;
1728 u8 band;
1729
1730 band = BAND_G;
1731 if (chan_band_tlv) {
1732 chan_band =
1733 &chan_band_tlv->chan_band_param[idx];
1734 band = mwifiex_radio_type_to_band(
1735 chan_band->radio_type
1736 & (BIT(0) | BIT(1)));
1737 }
1738
1739 cfp = mwifiex_get_cfp(priv, band, channel, 0);
1740
1741 freq = cfp ? cfp->freq : 0;
1742
1743 chan = ieee80211_get_channel(priv->wdev->wiphy, freq);
1744
1745 if (chan && !(chan->flags & IEEE80211_CHAN_DISABLED)) {
1746 bss = cfg80211_inform_bss(priv->wdev->wiphy,
1747 chan, bssid, timestamp,
1748 cap_info_bitmap, beacon_period,
1749 ie_buf, ie_len, rssi, GFP_KERNEL);
1750 bss_priv = (struct mwifiex_bss_priv *)bss->priv;
1751 bss_priv->band = band;
1752 bss_priv->fw_tsf = fw_tsf;
1753 if (priv->media_connected &&
1754 !memcmp(bssid,
1755 priv->curr_bss_params.bss_descriptor
1756 .mac_address, ETH_ALEN))
1757 mwifiex_update_curr_bss_params(priv,
1758 bss);
1759 cfg80211_put_bss(priv->wdev->wiphy, bss);
1760 }
1761 } else {
1762 dev_dbg(adapter->dev, "missing BSS channel IE\n");
1763 }
1764 }
1765
1766 check_next_scan:
1767 spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
1768 if (list_empty(&adapter->scan_pending_q)) {
1769 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
1770 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
1771 adapter->scan_processing = false;
1772 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
1773
1774 /* Need to indicate IOCTL complete */
1775 if (adapter->curr_cmd->wait_q_enabled) {
1776 adapter->cmd_wait_q.status = 0;
1777 if (!priv->scan_request) {
1778 dev_dbg(adapter->dev,
1779 "complete internal scan\n");
1780 mwifiex_complete_cmd(adapter,
1781 adapter->curr_cmd);
1782 }
1783 }
1784 if (priv->report_scan_result)
1785 priv->report_scan_result = false;
1786
1787 if (priv->user_scan_cfg) {
1788 if (priv->scan_request) {
1789 dev_dbg(priv->adapter->dev,
1790 "info: notifying scan done\n");
1791 cfg80211_scan_done(priv->scan_request, 0);
1792 priv->scan_request = NULL;
1793 } else {
1794 dev_dbg(priv->adapter->dev,
1795 "info: scan already aborted\n");
1796 }
1797
1798 kfree(priv->user_scan_cfg);
1799 priv->user_scan_cfg = NULL;
1800 }
1801 } else {
1802 if (priv->user_scan_cfg && !priv->scan_request) {
1803 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1804 flags);
1805 adapter->scan_delay_cnt = MWIFIEX_MAX_SCAN_DELAY_CNT;
1806 mod_timer(&priv->scan_delay_timer, jiffies);
1807 dev_dbg(priv->adapter->dev,
1808 "info: %s: triggerring scan abort\n", __func__);
1809 } else if (!mwifiex_wmm_lists_empty(adapter) &&
1810 (priv->scan_request && (priv->scan_request->flags &
1811 NL80211_SCAN_FLAG_LOW_PRIORITY))) {
1812 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1813 flags);
1814 adapter->scan_delay_cnt = 1;
1815 mod_timer(&priv->scan_delay_timer, jiffies +
1816 msecs_to_jiffies(MWIFIEX_SCAN_DELAY_MSEC));
1817 dev_dbg(priv->adapter->dev,
1818 "info: %s: deferring scan\n", __func__);
1819 } else {
1820 /* Get scan command from scan_pending_q and put to
1821 cmd_pending_q */
1822 cmd_node = list_first_entry(&adapter->scan_pending_q,
1823 struct cmd_ctrl_node, list);
1824 list_del(&cmd_node->list);
1825 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1826 flags);
1827 mwifiex_insert_cmd_to_pending_q(adapter, cmd_node,
1828 true);
1829 }
1830 }
1831
1832 return ret;
1833 }
1834
1835 /*
1836 * This function prepares command for background scan query.
1837 *
1838 * Preparation includes -
1839 * - Setting command ID and proper size
1840 * - Setting background scan flush parameter
1841 * - Ensuring correct endian-ness
1842 */
mwifiex_cmd_802_11_bg_scan_query(struct host_cmd_ds_command * cmd)1843 int mwifiex_cmd_802_11_bg_scan_query(struct host_cmd_ds_command *cmd)
1844 {
1845 struct host_cmd_ds_802_11_bg_scan_query *bg_query =
1846 &cmd->params.bg_scan_query;
1847
1848 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_BG_SCAN_QUERY);
1849 cmd->size = cpu_to_le16(sizeof(struct host_cmd_ds_802_11_bg_scan_query)
1850 + S_DS_GEN);
1851
1852 bg_query->flush = 1;
1853
1854 return 0;
1855 }
1856
1857 /*
1858 * This function inserts scan command node to the scan pending queue.
1859 */
1860 void
mwifiex_queue_scan_cmd(struct mwifiex_private * priv,struct cmd_ctrl_node * cmd_node)1861 mwifiex_queue_scan_cmd(struct mwifiex_private *priv,
1862 struct cmd_ctrl_node *cmd_node)
1863 {
1864 struct mwifiex_adapter *adapter = priv->adapter;
1865 unsigned long flags;
1866
1867 cmd_node->wait_q_enabled = true;
1868 cmd_node->condition = &adapter->scan_wait_q_woken;
1869 spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
1870 list_add_tail(&cmd_node->list, &adapter->scan_pending_q);
1871 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
1872 }
1873
1874 /*
1875 * This function sends a scan command for all available channels to the
1876 * firmware, filtered on a specific SSID.
1877 */
mwifiex_scan_specific_ssid(struct mwifiex_private * priv,struct cfg80211_ssid * req_ssid)1878 static int mwifiex_scan_specific_ssid(struct mwifiex_private *priv,
1879 struct cfg80211_ssid *req_ssid)
1880 {
1881 struct mwifiex_adapter *adapter = priv->adapter;
1882 int ret;
1883 struct mwifiex_user_scan_cfg *scan_cfg;
1884
1885 if (adapter->scan_processing) {
1886 dev_err(adapter->dev, "cmd: Scan already in process...\n");
1887 return -EBUSY;
1888 }
1889
1890 if (priv->scan_block) {
1891 dev_err(adapter->dev,
1892 "cmd: Scan is blocked during association...\n");
1893 return -EBUSY;
1894 }
1895
1896 scan_cfg = kzalloc(sizeof(struct mwifiex_user_scan_cfg), GFP_KERNEL);
1897 if (!scan_cfg)
1898 return -ENOMEM;
1899
1900 scan_cfg->ssid_list = req_ssid;
1901 scan_cfg->num_ssids = 1;
1902
1903 ret = mwifiex_scan_networks(priv, scan_cfg);
1904
1905 kfree(scan_cfg);
1906 return ret;
1907 }
1908
1909 /*
1910 * Sends IOCTL request to start a scan.
1911 *
1912 * This function allocates the IOCTL request buffer, fills it
1913 * with requisite parameters and calls the IOCTL handler.
1914 *
1915 * Scan command can be issued for both normal scan and specific SSID
1916 * scan, depending upon whether an SSID is provided or not.
1917 */
mwifiex_request_scan(struct mwifiex_private * priv,struct cfg80211_ssid * req_ssid)1918 int mwifiex_request_scan(struct mwifiex_private *priv,
1919 struct cfg80211_ssid *req_ssid)
1920 {
1921 int ret;
1922
1923 if (down_interruptible(&priv->async_sem)) {
1924 dev_err(priv->adapter->dev, "%s: acquire semaphore\n",
1925 __func__);
1926 return -1;
1927 }
1928
1929 priv->adapter->scan_wait_q_woken = false;
1930
1931 if (req_ssid && req_ssid->ssid_len != 0)
1932 /* Specific SSID scan */
1933 ret = mwifiex_scan_specific_ssid(priv, req_ssid);
1934 else
1935 /* Normal scan */
1936 ret = mwifiex_scan_networks(priv, NULL);
1937
1938 up(&priv->async_sem);
1939
1940 return ret;
1941 }
1942
1943 /*
1944 * This function appends the vendor specific IE TLV to a buffer.
1945 */
1946 int
mwifiex_cmd_append_vsie_tlv(struct mwifiex_private * priv,u16 vsie_mask,u8 ** buffer)1947 mwifiex_cmd_append_vsie_tlv(struct mwifiex_private *priv,
1948 u16 vsie_mask, u8 **buffer)
1949 {
1950 int id, ret_len = 0;
1951 struct mwifiex_ie_types_vendor_param_set *vs_param_set;
1952
1953 if (!buffer)
1954 return 0;
1955 if (!(*buffer))
1956 return 0;
1957
1958 /*
1959 * Traverse through the saved vendor specific IE array and append
1960 * the selected(scan/assoc/adhoc) IE as TLV to the command
1961 */
1962 for (id = 0; id < MWIFIEX_MAX_VSIE_NUM; id++) {
1963 if (priv->vs_ie[id].mask & vsie_mask) {
1964 vs_param_set =
1965 (struct mwifiex_ie_types_vendor_param_set *)
1966 *buffer;
1967 vs_param_set->header.type =
1968 cpu_to_le16(TLV_TYPE_PASSTHROUGH);
1969 vs_param_set->header.len =
1970 cpu_to_le16((((u16) priv->vs_ie[id].ie[1])
1971 & 0x00FF) + 2);
1972 memcpy(vs_param_set->ie, priv->vs_ie[id].ie,
1973 le16_to_cpu(vs_param_set->header.len));
1974 *buffer += le16_to_cpu(vs_param_set->header.len) +
1975 sizeof(struct mwifiex_ie_types_header);
1976 ret_len += le16_to_cpu(vs_param_set->header.len) +
1977 sizeof(struct mwifiex_ie_types_header);
1978 }
1979 }
1980 return ret_len;
1981 }
1982
1983 /*
1984 * This function saves a beacon buffer of the current BSS descriptor.
1985 *
1986 * The current beacon buffer is saved so that it can be restored in the
1987 * following cases that makes the beacon buffer not to contain the current
1988 * ssid's beacon buffer.
1989 * - The current ssid was not found somehow in the last scan.
1990 * - The current ssid was the last entry of the scan table and overloaded.
1991 */
1992 void
mwifiex_save_curr_bcn(struct mwifiex_private * priv)1993 mwifiex_save_curr_bcn(struct mwifiex_private *priv)
1994 {
1995 struct mwifiex_bssdescriptor *curr_bss =
1996 &priv->curr_bss_params.bss_descriptor;
1997
1998 if (!curr_bss->beacon_buf_size)
1999 return;
2000
2001 /* allocate beacon buffer at 1st time; or if it's size has changed */
2002 if (!priv->curr_bcn_buf ||
2003 priv->curr_bcn_size != curr_bss->beacon_buf_size) {
2004 priv->curr_bcn_size = curr_bss->beacon_buf_size;
2005
2006 kfree(priv->curr_bcn_buf);
2007 priv->curr_bcn_buf = kmalloc(curr_bss->beacon_buf_size,
2008 GFP_ATOMIC);
2009 if (!priv->curr_bcn_buf)
2010 return;
2011 }
2012
2013 memcpy(priv->curr_bcn_buf, curr_bss->beacon_buf,
2014 curr_bss->beacon_buf_size);
2015 dev_dbg(priv->adapter->dev, "info: current beacon saved %d\n",
2016 priv->curr_bcn_size);
2017
2018 curr_bss->beacon_buf = priv->curr_bcn_buf;
2019
2020 /* adjust the pointers in the current BSS descriptor */
2021 if (curr_bss->bcn_wpa_ie)
2022 curr_bss->bcn_wpa_ie =
2023 (struct ieee_types_vendor_specific *)
2024 (curr_bss->beacon_buf +
2025 curr_bss->wpa_offset);
2026
2027 if (curr_bss->bcn_rsn_ie)
2028 curr_bss->bcn_rsn_ie = (struct ieee_types_generic *)
2029 (curr_bss->beacon_buf +
2030 curr_bss->rsn_offset);
2031
2032 if (curr_bss->bcn_ht_cap)
2033 curr_bss->bcn_ht_cap = (struct ieee80211_ht_cap *)
2034 (curr_bss->beacon_buf +
2035 curr_bss->ht_cap_offset);
2036
2037 if (curr_bss->bcn_ht_oper)
2038 curr_bss->bcn_ht_oper = (struct ieee80211_ht_operation *)
2039 (curr_bss->beacon_buf +
2040 curr_bss->ht_info_offset);
2041
2042 if (curr_bss->bcn_vht_cap)
2043 curr_bss->bcn_ht_cap = (void *)(curr_bss->beacon_buf +
2044 curr_bss->vht_cap_offset);
2045
2046 if (curr_bss->bcn_vht_oper)
2047 curr_bss->bcn_ht_oper = (void *)(curr_bss->beacon_buf +
2048 curr_bss->vht_info_offset);
2049
2050 if (curr_bss->bcn_bss_co_2040)
2051 curr_bss->bcn_bss_co_2040 =
2052 (curr_bss->beacon_buf + curr_bss->bss_co_2040_offset);
2053
2054 if (curr_bss->bcn_ext_cap)
2055 curr_bss->bcn_ext_cap = curr_bss->beacon_buf +
2056 curr_bss->ext_cap_offset;
2057
2058 if (curr_bss->oper_mode)
2059 curr_bss->oper_mode = (void *)(curr_bss->beacon_buf +
2060 curr_bss->oper_mode_offset);
2061 }
2062
2063 /*
2064 * This function frees the current BSS descriptor beacon buffer.
2065 */
2066 void
mwifiex_free_curr_bcn(struct mwifiex_private * priv)2067 mwifiex_free_curr_bcn(struct mwifiex_private *priv)
2068 {
2069 kfree(priv->curr_bcn_buf);
2070 priv->curr_bcn_buf = NULL;
2071 }
2072