1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Scanning implementation
4 *
5 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
6 * Copyright 2004, Instant802 Networks, Inc.
7 * Copyright 2005, Devicescape Software, Inc.
8 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
9 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
10 * Copyright 2013-2015 Intel Mobile Communications GmbH
11 * Copyright 2016-2017 Intel Deutschland GmbH
12 * Copyright (C) 2018-2019 Intel Corporation
13 */
14
15 #include <linux/if_arp.h>
16 #include <linux/etherdevice.h>
17 #include <linux/rtnetlink.h>
18 #include <net/sch_generic.h>
19 #include <linux/slab.h>
20 #include <linux/export.h>
21 #include <linux/random.h>
22 #include <net/mac80211.h>
23
24 #include "ieee80211_i.h"
25 #include "driver-ops.h"
26 #include "mesh.h"
27
28 #define IEEE80211_PROBE_DELAY (HZ / 33)
29 #define IEEE80211_CHANNEL_TIME (HZ / 33)
30 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 9)
31
ieee80211_rx_bss_put(struct ieee80211_local * local,struct ieee80211_bss * bss)32 void ieee80211_rx_bss_put(struct ieee80211_local *local,
33 struct ieee80211_bss *bss)
34 {
35 if (!bss)
36 return;
37 cfg80211_put_bss(local->hw.wiphy,
38 container_of((void *)bss, struct cfg80211_bss, priv));
39 }
40
is_uapsd_supported(struct ieee802_11_elems * elems)41 static bool is_uapsd_supported(struct ieee802_11_elems *elems)
42 {
43 u8 qos_info;
44
45 if (elems->wmm_info && elems->wmm_info_len == 7
46 && elems->wmm_info[5] == 1)
47 qos_info = elems->wmm_info[6];
48 else if (elems->wmm_param && elems->wmm_param_len == 24
49 && elems->wmm_param[5] == 1)
50 qos_info = elems->wmm_param[6];
51 else
52 /* no valid wmm information or parameter element found */
53 return false;
54
55 return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD;
56 }
57
58 static void
ieee80211_update_bss_from_elems(struct ieee80211_local * local,struct ieee80211_bss * bss,struct ieee802_11_elems * elems,struct ieee80211_rx_status * rx_status,bool beacon)59 ieee80211_update_bss_from_elems(struct ieee80211_local *local,
60 struct ieee80211_bss *bss,
61 struct ieee802_11_elems *elems,
62 struct ieee80211_rx_status *rx_status,
63 bool beacon)
64 {
65 int clen, srlen;
66
67 if (beacon)
68 bss->device_ts_beacon = rx_status->device_timestamp;
69 else
70 bss->device_ts_presp = rx_status->device_timestamp;
71
72 if (elems->parse_error) {
73 if (beacon)
74 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON;
75 else
76 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_PROBE_RESP;
77 } else {
78 if (beacon)
79 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_BEACON;
80 else
81 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_PROBE_RESP;
82 }
83
84 /* save the ERP value so that it is available at association time */
85 if (elems->erp_info && (!elems->parse_error ||
86 !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) {
87 bss->erp_value = elems->erp_info[0];
88 bss->has_erp_value = true;
89 if (!elems->parse_error)
90 bss->valid_data |= IEEE80211_BSS_VALID_ERP;
91 }
92
93 /* replace old supported rates if we get new values */
94 if (!elems->parse_error ||
95 !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) {
96 srlen = 0;
97 if (elems->supp_rates) {
98 clen = IEEE80211_MAX_SUPP_RATES;
99 if (clen > elems->supp_rates_len)
100 clen = elems->supp_rates_len;
101 memcpy(bss->supp_rates, elems->supp_rates, clen);
102 srlen += clen;
103 }
104 if (elems->ext_supp_rates) {
105 clen = IEEE80211_MAX_SUPP_RATES - srlen;
106 if (clen > elems->ext_supp_rates_len)
107 clen = elems->ext_supp_rates_len;
108 memcpy(bss->supp_rates + srlen, elems->ext_supp_rates,
109 clen);
110 srlen += clen;
111 }
112 if (srlen) {
113 bss->supp_rates_len = srlen;
114 if (!elems->parse_error)
115 bss->valid_data |= IEEE80211_BSS_VALID_RATES;
116 }
117 }
118
119 if (!elems->parse_error ||
120 !(bss->valid_data & IEEE80211_BSS_VALID_WMM)) {
121 bss->wmm_used = elems->wmm_param || elems->wmm_info;
122 bss->uapsd_supported = is_uapsd_supported(elems);
123 if (!elems->parse_error)
124 bss->valid_data |= IEEE80211_BSS_VALID_WMM;
125 }
126
127 if (beacon) {
128 struct ieee80211_supported_band *sband =
129 local->hw.wiphy->bands[rx_status->band];
130 if (!(rx_status->encoding == RX_ENC_HT) &&
131 !(rx_status->encoding == RX_ENC_VHT))
132 bss->beacon_rate =
133 &sband->bitrates[rx_status->rate_idx];
134 }
135 }
136
137 struct ieee80211_bss *
ieee80211_bss_info_update(struct ieee80211_local * local,struct ieee80211_rx_status * rx_status,struct ieee80211_mgmt * mgmt,size_t len,struct ieee80211_channel * channel)138 ieee80211_bss_info_update(struct ieee80211_local *local,
139 struct ieee80211_rx_status *rx_status,
140 struct ieee80211_mgmt *mgmt, size_t len,
141 struct ieee80211_channel *channel)
142 {
143 bool beacon = ieee80211_is_beacon(mgmt->frame_control);
144 struct cfg80211_bss *cbss, *non_tx_cbss;
145 struct ieee80211_bss *bss, *non_tx_bss;
146 struct cfg80211_inform_bss bss_meta = {
147 .boottime_ns = rx_status->boottime_ns,
148 };
149 bool signal_valid;
150 struct ieee80211_sub_if_data *scan_sdata;
151 struct ieee802_11_elems elems;
152 size_t baselen;
153 u8 *elements;
154
155 if (rx_status->flag & RX_FLAG_NO_SIGNAL_VAL)
156 bss_meta.signal = 0; /* invalid signal indication */
157 else if (ieee80211_hw_check(&local->hw, SIGNAL_DBM))
158 bss_meta.signal = rx_status->signal * 100;
159 else if (ieee80211_hw_check(&local->hw, SIGNAL_UNSPEC))
160 bss_meta.signal = (rx_status->signal * 100) / local->hw.max_signal;
161
162 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_20;
163 if (rx_status->bw == RATE_INFO_BW_5)
164 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_5;
165 else if (rx_status->bw == RATE_INFO_BW_10)
166 bss_meta.scan_width = NL80211_BSS_CHAN_WIDTH_10;
167
168 bss_meta.chan = channel;
169
170 rcu_read_lock();
171 scan_sdata = rcu_dereference(local->scan_sdata);
172 if (scan_sdata && scan_sdata->vif.type == NL80211_IFTYPE_STATION &&
173 scan_sdata->vif.bss_conf.assoc &&
174 ieee80211_have_rx_timestamp(rx_status)) {
175 bss_meta.parent_tsf =
176 ieee80211_calculate_rx_timestamp(local, rx_status,
177 len + FCS_LEN, 24);
178 ether_addr_copy(bss_meta.parent_bssid,
179 scan_sdata->vif.bss_conf.bssid);
180 }
181 rcu_read_unlock();
182
183 cbss = cfg80211_inform_bss_frame_data(local->hw.wiphy, &bss_meta,
184 mgmt, len, GFP_ATOMIC);
185 if (!cbss)
186 return NULL;
187
188 if (ieee80211_is_probe_resp(mgmt->frame_control)) {
189 elements = mgmt->u.probe_resp.variable;
190 baselen = offsetof(struct ieee80211_mgmt,
191 u.probe_resp.variable);
192 } else {
193 baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable);
194 elements = mgmt->u.beacon.variable;
195 }
196
197 if (baselen > len)
198 return NULL;
199
200 ieee802_11_parse_elems(elements, len - baselen, false, &elems,
201 mgmt->bssid, cbss->bssid);
202
203 /* In case the signal is invalid update the status */
204 signal_valid = abs(channel->center_freq - cbss->channel->center_freq)
205 <= local->hw.wiphy->max_adj_channel_rssi_comp;
206 if (!signal_valid)
207 rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL;
208
209 bss = (void *)cbss->priv;
210 ieee80211_update_bss_from_elems(local, bss, &elems, rx_status, beacon);
211
212 list_for_each_entry(non_tx_cbss, &cbss->nontrans_list, nontrans_list) {
213 non_tx_bss = (void *)non_tx_cbss->priv;
214
215 ieee80211_update_bss_from_elems(local, non_tx_bss, &elems,
216 rx_status, beacon);
217 }
218
219 kfree(elems.nontx_profile);
220
221 return bss;
222 }
223
ieee80211_scan_accept_presp(struct ieee80211_sub_if_data * sdata,u32 scan_flags,const u8 * da)224 static bool ieee80211_scan_accept_presp(struct ieee80211_sub_if_data *sdata,
225 u32 scan_flags, const u8 *da)
226 {
227 if (!sdata)
228 return false;
229 /* accept broadcast for OCE */
230 if (scan_flags & NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP &&
231 is_broadcast_ether_addr(da))
232 return true;
233 if (scan_flags & NL80211_SCAN_FLAG_RANDOM_ADDR)
234 return true;
235 return ether_addr_equal(da, sdata->vif.addr);
236 }
237
ieee80211_scan_rx(struct ieee80211_local * local,struct sk_buff * skb)238 void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb)
239 {
240 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
241 struct ieee80211_sub_if_data *sdata1, *sdata2;
242 struct ieee80211_mgmt *mgmt = (void *)skb->data;
243 struct ieee80211_bss *bss;
244 struct ieee80211_channel *channel;
245
246 if (skb->len < 24 ||
247 (!ieee80211_is_probe_resp(mgmt->frame_control) &&
248 !ieee80211_is_beacon(mgmt->frame_control)))
249 return;
250
251 sdata1 = rcu_dereference(local->scan_sdata);
252 sdata2 = rcu_dereference(local->sched_scan_sdata);
253
254 if (likely(!sdata1 && !sdata2))
255 return;
256
257 if (test_and_clear_bit(SCAN_BEACON_WAIT, &local->scanning)) {
258 /*
259 * we were passive scanning because of radar/no-IR, but
260 * the beacon/proberesp rx gives us an opportunity to upgrade
261 * to active scan
262 */
263 set_bit(SCAN_BEACON_DONE, &local->scanning);
264 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0);
265 }
266
267 if (ieee80211_is_probe_resp(mgmt->frame_control)) {
268 struct cfg80211_scan_request *scan_req;
269 struct cfg80211_sched_scan_request *sched_scan_req;
270 u32 scan_req_flags = 0, sched_scan_req_flags = 0;
271
272 scan_req = rcu_dereference(local->scan_req);
273 sched_scan_req = rcu_dereference(local->sched_scan_req);
274
275 if (scan_req)
276 scan_req_flags = scan_req->flags;
277
278 if (sched_scan_req)
279 sched_scan_req_flags = sched_scan_req->flags;
280
281 /* ignore ProbeResp to foreign address or non-bcast (OCE)
282 * unless scanning with randomised address
283 */
284 if (!ieee80211_scan_accept_presp(sdata1, scan_req_flags,
285 mgmt->da) &&
286 !ieee80211_scan_accept_presp(sdata2, sched_scan_req_flags,
287 mgmt->da))
288 return;
289 }
290
291 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq);
292
293 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
294 return;
295
296 bss = ieee80211_bss_info_update(local, rx_status,
297 mgmt, skb->len,
298 channel);
299 if (bss)
300 ieee80211_rx_bss_put(local, bss);
301 }
302
303 static void
ieee80211_prepare_scan_chandef(struct cfg80211_chan_def * chandef,enum nl80211_bss_scan_width scan_width)304 ieee80211_prepare_scan_chandef(struct cfg80211_chan_def *chandef,
305 enum nl80211_bss_scan_width scan_width)
306 {
307 memset(chandef, 0, sizeof(*chandef));
308 switch (scan_width) {
309 case NL80211_BSS_CHAN_WIDTH_5:
310 chandef->width = NL80211_CHAN_WIDTH_5;
311 break;
312 case NL80211_BSS_CHAN_WIDTH_10:
313 chandef->width = NL80211_CHAN_WIDTH_10;
314 break;
315 default:
316 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
317 break;
318 }
319 }
320
321 /* return false if no more work */
ieee80211_prep_hw_scan(struct ieee80211_sub_if_data * sdata)322 static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata)
323 {
324 struct ieee80211_local *local = sdata->local;
325 struct cfg80211_scan_request *req;
326 struct cfg80211_chan_def chandef;
327 u8 bands_used = 0;
328 int i, ielen, n_chans;
329 u32 flags = 0;
330
331 req = rcu_dereference_protected(local->scan_req,
332 lockdep_is_held(&local->mtx));
333
334 if (test_bit(SCAN_HW_CANCELLED, &local->scanning))
335 return false;
336
337 if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) {
338 for (i = 0; i < req->n_channels; i++) {
339 local->hw_scan_req->req.channels[i] = req->channels[i];
340 bands_used |= BIT(req->channels[i]->band);
341 }
342
343 n_chans = req->n_channels;
344 } else {
345 do {
346 if (local->hw_scan_band == NUM_NL80211_BANDS)
347 return false;
348
349 n_chans = 0;
350
351 for (i = 0; i < req->n_channels; i++) {
352 if (req->channels[i]->band !=
353 local->hw_scan_band)
354 continue;
355 local->hw_scan_req->req.channels[n_chans] =
356 req->channels[i];
357 n_chans++;
358 bands_used |= BIT(req->channels[i]->band);
359 }
360
361 local->hw_scan_band++;
362 } while (!n_chans);
363 }
364
365 local->hw_scan_req->req.n_channels = n_chans;
366 ieee80211_prepare_scan_chandef(&chandef, req->scan_width);
367
368 if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT)
369 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT;
370
371 ielen = ieee80211_build_preq_ies(sdata,
372 (u8 *)local->hw_scan_req->req.ie,
373 local->hw_scan_ies_bufsize,
374 &local->hw_scan_req->ies,
375 req->ie, req->ie_len,
376 bands_used, req->rates, &chandef,
377 flags);
378 local->hw_scan_req->req.ie_len = ielen;
379 local->hw_scan_req->req.no_cck = req->no_cck;
380 ether_addr_copy(local->hw_scan_req->req.mac_addr, req->mac_addr);
381 ether_addr_copy(local->hw_scan_req->req.mac_addr_mask,
382 req->mac_addr_mask);
383 ether_addr_copy(local->hw_scan_req->req.bssid, req->bssid);
384
385 return true;
386 }
387
__ieee80211_scan_completed(struct ieee80211_hw * hw,bool aborted)388 static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
389 {
390 struct ieee80211_local *local = hw_to_local(hw);
391 bool hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
392 bool was_scanning = local->scanning;
393 struct cfg80211_scan_request *scan_req;
394 struct ieee80211_sub_if_data *scan_sdata;
395 struct ieee80211_sub_if_data *sdata;
396
397 lockdep_assert_held(&local->mtx);
398
399 /*
400 * It's ok to abort a not-yet-running scan (that
401 * we have one at all will be verified by checking
402 * local->scan_req next), but not to complete it
403 * successfully.
404 */
405 if (WARN_ON(!local->scanning && !aborted))
406 aborted = true;
407
408 if (WARN_ON(!local->scan_req))
409 return;
410
411 scan_sdata = rcu_dereference_protected(local->scan_sdata,
412 lockdep_is_held(&local->mtx));
413
414 if (hw_scan && !aborted &&
415 !ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS) &&
416 ieee80211_prep_hw_scan(scan_sdata)) {
417 int rc;
418
419 rc = drv_hw_scan(local,
420 rcu_dereference_protected(local->scan_sdata,
421 lockdep_is_held(&local->mtx)),
422 local->hw_scan_req);
423
424 if (rc == 0)
425 return;
426
427 /* HW scan failed and is going to be reported as aborted,
428 * so clear old scan info.
429 */
430 memset(&local->scan_info, 0, sizeof(local->scan_info));
431 aborted = true;
432 }
433
434 kfree(local->hw_scan_req);
435 local->hw_scan_req = NULL;
436
437 scan_req = rcu_dereference_protected(local->scan_req,
438 lockdep_is_held(&local->mtx));
439
440 RCU_INIT_POINTER(local->scan_req, NULL);
441 RCU_INIT_POINTER(local->scan_sdata, NULL);
442
443 local->scanning = 0;
444 local->scan_chandef.chan = NULL;
445
446 synchronize_rcu();
447
448 if (scan_req != local->int_scan_req) {
449 local->scan_info.aborted = aborted;
450 cfg80211_scan_done(scan_req, &local->scan_info);
451 }
452
453 /* Set power back to normal operating levels. */
454 ieee80211_hw_config(local, 0);
455
456 if (!hw_scan) {
457 ieee80211_configure_filter(local);
458 drv_sw_scan_complete(local, scan_sdata);
459 ieee80211_offchannel_return(local);
460 }
461
462 ieee80211_recalc_idle(local);
463
464 ieee80211_mlme_notify_scan_completed(local);
465 ieee80211_ibss_notify_scan_completed(local);
466
467 /* Requeue all the work that might have been ignored while
468 * the scan was in progress; if there was none this will
469 * just be a no-op for the particular interface.
470 */
471 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
472 if (ieee80211_sdata_running(sdata))
473 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
474 }
475
476 if (was_scanning)
477 ieee80211_start_next_roc(local);
478 }
479
ieee80211_scan_completed(struct ieee80211_hw * hw,struct cfg80211_scan_info * info)480 void ieee80211_scan_completed(struct ieee80211_hw *hw,
481 struct cfg80211_scan_info *info)
482 {
483 struct ieee80211_local *local = hw_to_local(hw);
484
485 trace_api_scan_completed(local, info->aborted);
486
487 set_bit(SCAN_COMPLETED, &local->scanning);
488 if (info->aborted)
489 set_bit(SCAN_ABORTED, &local->scanning);
490
491 memcpy(&local->scan_info, info, sizeof(*info));
492
493 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0);
494 }
495 EXPORT_SYMBOL(ieee80211_scan_completed);
496
ieee80211_start_sw_scan(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)497 static int ieee80211_start_sw_scan(struct ieee80211_local *local,
498 struct ieee80211_sub_if_data *sdata)
499 {
500 /* Software scan is not supported in multi-channel cases */
501 if (local->use_chanctx)
502 return -EOPNOTSUPP;
503
504 /*
505 * Hardware/driver doesn't support hw_scan, so use software
506 * scanning instead. First send a nullfunc frame with power save
507 * bit on so that AP will buffer the frames for us while we are not
508 * listening, then send probe requests to each channel and wait for
509 * the responses. After all channels are scanned, tune back to the
510 * original channel and send a nullfunc frame with power save bit
511 * off to trigger the AP to send us all the buffered frames.
512 *
513 * Note that while local->sw_scanning is true everything else but
514 * nullfunc frames and probe requests will be dropped in
515 * ieee80211_tx_h_check_assoc().
516 */
517 drv_sw_scan_start(local, sdata, local->scan_addr);
518
519 local->leave_oper_channel_time = jiffies;
520 local->next_scan_state = SCAN_DECISION;
521 local->scan_channel_idx = 0;
522
523 ieee80211_offchannel_stop_vifs(local);
524
525 /* ensure nullfunc is transmitted before leaving operating channel */
526 ieee80211_flush_queues(local, NULL, false);
527
528 ieee80211_configure_filter(local);
529
530 /* We need to set power level at maximum rate for scanning. */
531 ieee80211_hw_config(local, 0);
532
533 ieee80211_queue_delayed_work(&local->hw,
534 &local->scan_work, 0);
535
536 return 0;
537 }
538
__ieee80211_can_leave_ch(struct ieee80211_sub_if_data * sdata)539 static bool __ieee80211_can_leave_ch(struct ieee80211_sub_if_data *sdata)
540 {
541 struct ieee80211_local *local = sdata->local;
542 struct ieee80211_sub_if_data *sdata_iter;
543
544 if (!ieee80211_is_radar_required(local))
545 return true;
546
547 if (!regulatory_pre_cac_allowed(local->hw.wiphy))
548 return false;
549
550 mutex_lock(&local->iflist_mtx);
551 list_for_each_entry(sdata_iter, &local->interfaces, list) {
552 if (sdata_iter->wdev.cac_started) {
553 mutex_unlock(&local->iflist_mtx);
554 return false;
555 }
556 }
557 mutex_unlock(&local->iflist_mtx);
558
559 return true;
560 }
561
ieee80211_can_scan(struct ieee80211_local * local,struct ieee80211_sub_if_data * sdata)562 static bool ieee80211_can_scan(struct ieee80211_local *local,
563 struct ieee80211_sub_if_data *sdata)
564 {
565 if (!__ieee80211_can_leave_ch(sdata))
566 return false;
567
568 if (!list_empty(&local->roc_list))
569 return false;
570
571 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
572 sdata->u.mgd.flags & IEEE80211_STA_CONNECTION_POLL)
573 return false;
574
575 return true;
576 }
577
ieee80211_run_deferred_scan(struct ieee80211_local * local)578 void ieee80211_run_deferred_scan(struct ieee80211_local *local)
579 {
580 lockdep_assert_held(&local->mtx);
581
582 if (!local->scan_req || local->scanning)
583 return;
584
585 if (!ieee80211_can_scan(local,
586 rcu_dereference_protected(
587 local->scan_sdata,
588 lockdep_is_held(&local->mtx))))
589 return;
590
591 ieee80211_queue_delayed_work(&local->hw, &local->scan_work,
592 round_jiffies_relative(0));
593 }
594
ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data * sdata,const u8 * src,const u8 * dst,const u8 * ssid,size_t ssid_len,const u8 * ie,size_t ie_len,u32 ratemask,u32 flags,u32 tx_flags,struct ieee80211_channel * channel)595 static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata,
596 const u8 *src, const u8 *dst,
597 const u8 *ssid, size_t ssid_len,
598 const u8 *ie, size_t ie_len,
599 u32 ratemask, u32 flags, u32 tx_flags,
600 struct ieee80211_channel *channel)
601 {
602 struct sk_buff *skb;
603 u32 txdata_flags = 0;
604
605 skb = ieee80211_build_probe_req(sdata, src, dst, ratemask, channel,
606 ssid, ssid_len,
607 ie, ie_len, flags);
608
609 if (skb) {
610 if (flags & IEEE80211_PROBE_FLAG_RANDOM_SN) {
611 struct ieee80211_hdr *hdr = (void *)skb->data;
612 u16 sn = get_random_u32();
613
614 txdata_flags |= IEEE80211_TX_NO_SEQNO;
615 hdr->seq_ctrl =
616 cpu_to_le16(IEEE80211_SN_TO_SEQ(sn));
617 }
618 IEEE80211_SKB_CB(skb)->flags |= tx_flags;
619 ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band,
620 txdata_flags);
621 }
622 }
623
ieee80211_scan_state_send_probe(struct ieee80211_local * local,unsigned long * next_delay)624 static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
625 unsigned long *next_delay)
626 {
627 int i;
628 struct ieee80211_sub_if_data *sdata;
629 struct cfg80211_scan_request *scan_req;
630 enum nl80211_band band = local->hw.conf.chandef.chan->band;
631 u32 flags = 0, tx_flags;
632
633 scan_req = rcu_dereference_protected(local->scan_req,
634 lockdep_is_held(&local->mtx));
635
636 tx_flags = IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
637 if (scan_req->no_cck)
638 tx_flags |= IEEE80211_TX_CTL_NO_CCK_RATE;
639 if (scan_req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT)
640 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT;
641 if (scan_req->flags & NL80211_SCAN_FLAG_RANDOM_SN)
642 flags |= IEEE80211_PROBE_FLAG_RANDOM_SN;
643
644 sdata = rcu_dereference_protected(local->scan_sdata,
645 lockdep_is_held(&local->mtx));
646
647 for (i = 0; i < scan_req->n_ssids; i++)
648 ieee80211_send_scan_probe_req(
649 sdata, local->scan_addr, scan_req->bssid,
650 scan_req->ssids[i].ssid, scan_req->ssids[i].ssid_len,
651 scan_req->ie, scan_req->ie_len,
652 scan_req->rates[band], flags,
653 tx_flags, local->hw.conf.chandef.chan);
654
655 /*
656 * After sending probe requests, wait for probe responses
657 * on the channel.
658 */
659 *next_delay = IEEE80211_CHANNEL_TIME;
660 local->next_scan_state = SCAN_DECISION;
661 }
662
__ieee80211_start_scan(struct ieee80211_sub_if_data * sdata,struct cfg80211_scan_request * req)663 static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
664 struct cfg80211_scan_request *req)
665 {
666 struct ieee80211_local *local = sdata->local;
667 bool hw_scan = local->ops->hw_scan;
668 int rc;
669
670 lockdep_assert_held(&local->mtx);
671
672 if (local->scan_req)
673 return -EBUSY;
674
675 if (!__ieee80211_can_leave_ch(sdata))
676 return -EBUSY;
677
678 if (!ieee80211_can_scan(local, sdata)) {
679 /* wait for the work to finish/time out */
680 rcu_assign_pointer(local->scan_req, req);
681 rcu_assign_pointer(local->scan_sdata, sdata);
682 return 0;
683 }
684
685 again:
686 if (hw_scan) {
687 u8 *ies;
688
689 local->hw_scan_ies_bufsize = local->scan_ies_len + req->ie_len;
690
691 if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) {
692 int i, n_bands = 0;
693 u8 bands_counted = 0;
694
695 for (i = 0; i < req->n_channels; i++) {
696 if (bands_counted & BIT(req->channels[i]->band))
697 continue;
698 bands_counted |= BIT(req->channels[i]->band);
699 n_bands++;
700 }
701
702 local->hw_scan_ies_bufsize *= n_bands;
703 }
704
705 local->hw_scan_req = kmalloc(
706 sizeof(*local->hw_scan_req) +
707 req->n_channels * sizeof(req->channels[0]) +
708 local->hw_scan_ies_bufsize, GFP_KERNEL);
709 if (!local->hw_scan_req)
710 return -ENOMEM;
711
712 local->hw_scan_req->req.ssids = req->ssids;
713 local->hw_scan_req->req.n_ssids = req->n_ssids;
714 ies = (u8 *)local->hw_scan_req +
715 sizeof(*local->hw_scan_req) +
716 req->n_channels * sizeof(req->channels[0]);
717 local->hw_scan_req->req.ie = ies;
718 local->hw_scan_req->req.flags = req->flags;
719 eth_broadcast_addr(local->hw_scan_req->req.bssid);
720 local->hw_scan_req->req.duration = req->duration;
721 local->hw_scan_req->req.duration_mandatory =
722 req->duration_mandatory;
723
724 local->hw_scan_band = 0;
725
726 /*
727 * After allocating local->hw_scan_req, we must
728 * go through until ieee80211_prep_hw_scan(), so
729 * anything that might be changed here and leave
730 * this function early must not go after this
731 * allocation.
732 */
733 }
734
735 rcu_assign_pointer(local->scan_req, req);
736 rcu_assign_pointer(local->scan_sdata, sdata);
737
738 if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)
739 get_random_mask_addr(local->scan_addr,
740 req->mac_addr,
741 req->mac_addr_mask);
742 else
743 memcpy(local->scan_addr, sdata->vif.addr, ETH_ALEN);
744
745 if (hw_scan) {
746 __set_bit(SCAN_HW_SCANNING, &local->scanning);
747 } else if ((req->n_channels == 1) &&
748 (req->channels[0] == local->_oper_chandef.chan)) {
749 /*
750 * If we are scanning only on the operating channel
751 * then we do not need to stop normal activities
752 */
753 unsigned long next_delay;
754
755 __set_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning);
756
757 ieee80211_recalc_idle(local);
758
759 /* Notify driver scan is starting, keep order of operations
760 * same as normal software scan, in case that matters. */
761 drv_sw_scan_start(local, sdata, local->scan_addr);
762
763 ieee80211_configure_filter(local); /* accept probe-responses */
764
765 /* We need to ensure power level is at max for scanning. */
766 ieee80211_hw_config(local, 0);
767
768 if ((req->channels[0]->flags & (IEEE80211_CHAN_NO_IR |
769 IEEE80211_CHAN_RADAR)) ||
770 !req->n_ssids) {
771 next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
772 if (req->n_ssids)
773 set_bit(SCAN_BEACON_WAIT, &local->scanning);
774 } else {
775 ieee80211_scan_state_send_probe(local, &next_delay);
776 next_delay = IEEE80211_CHANNEL_TIME;
777 }
778
779 /* Now, just wait a bit and we are all done! */
780 ieee80211_queue_delayed_work(&local->hw, &local->scan_work,
781 next_delay);
782 return 0;
783 } else {
784 /* Do normal software scan */
785 __set_bit(SCAN_SW_SCANNING, &local->scanning);
786 }
787
788 ieee80211_recalc_idle(local);
789
790 if (hw_scan) {
791 WARN_ON(!ieee80211_prep_hw_scan(sdata));
792 rc = drv_hw_scan(local, sdata, local->hw_scan_req);
793 } else {
794 rc = ieee80211_start_sw_scan(local, sdata);
795 }
796
797 if (rc) {
798 kfree(local->hw_scan_req);
799 local->hw_scan_req = NULL;
800 local->scanning = 0;
801
802 ieee80211_recalc_idle(local);
803
804 local->scan_req = NULL;
805 RCU_INIT_POINTER(local->scan_sdata, NULL);
806 }
807
808 if (hw_scan && rc == 1) {
809 /*
810 * we can't fall back to software for P2P-GO
811 * as it must update NoA etc.
812 */
813 if (ieee80211_vif_type_p2p(&sdata->vif) ==
814 NL80211_IFTYPE_P2P_GO)
815 return -EOPNOTSUPP;
816 hw_scan = false;
817 goto again;
818 }
819
820 return rc;
821 }
822
823 static unsigned long
ieee80211_scan_get_channel_time(struct ieee80211_channel * chan)824 ieee80211_scan_get_channel_time(struct ieee80211_channel *chan)
825 {
826 /*
827 * TODO: channel switching also consumes quite some time,
828 * add that delay as well to get a better estimation
829 */
830 if (chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR))
831 return IEEE80211_PASSIVE_CHANNEL_TIME;
832 return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME;
833 }
834
ieee80211_scan_state_decision(struct ieee80211_local * local,unsigned long * next_delay)835 static void ieee80211_scan_state_decision(struct ieee80211_local *local,
836 unsigned long *next_delay)
837 {
838 bool associated = false;
839 bool tx_empty = true;
840 bool bad_latency;
841 struct ieee80211_sub_if_data *sdata;
842 struct ieee80211_channel *next_chan;
843 enum mac80211_scan_state next_scan_state;
844 struct cfg80211_scan_request *scan_req;
845
846 /*
847 * check if at least one STA interface is associated,
848 * check if at least one STA interface has pending tx frames
849 * and grab the lowest used beacon interval
850 */
851 mutex_lock(&local->iflist_mtx);
852 list_for_each_entry(sdata, &local->interfaces, list) {
853 if (!ieee80211_sdata_running(sdata))
854 continue;
855
856 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
857 if (sdata->u.mgd.associated) {
858 associated = true;
859
860 if (!qdisc_all_tx_empty(sdata->dev)) {
861 tx_empty = false;
862 break;
863 }
864 }
865 }
866 }
867 mutex_unlock(&local->iflist_mtx);
868
869 scan_req = rcu_dereference_protected(local->scan_req,
870 lockdep_is_held(&local->mtx));
871
872 next_chan = scan_req->channels[local->scan_channel_idx];
873
874 /*
875 * we're currently scanning a different channel, let's
876 * see if we can scan another channel without interfering
877 * with the current traffic situation.
878 *
879 * Keep good latency, do not stay off-channel more than 125 ms.
880 */
881
882 bad_latency = time_after(jiffies +
883 ieee80211_scan_get_channel_time(next_chan),
884 local->leave_oper_channel_time + HZ / 8);
885
886 if (associated && !tx_empty) {
887 if (scan_req->flags & NL80211_SCAN_FLAG_LOW_PRIORITY)
888 next_scan_state = SCAN_ABORT;
889 else
890 next_scan_state = SCAN_SUSPEND;
891 } else if (associated && bad_latency) {
892 next_scan_state = SCAN_SUSPEND;
893 } else {
894 next_scan_state = SCAN_SET_CHANNEL;
895 }
896
897 local->next_scan_state = next_scan_state;
898
899 *next_delay = 0;
900 }
901
ieee80211_scan_state_set_channel(struct ieee80211_local * local,unsigned long * next_delay)902 static void ieee80211_scan_state_set_channel(struct ieee80211_local *local,
903 unsigned long *next_delay)
904 {
905 int skip;
906 struct ieee80211_channel *chan;
907 enum nl80211_bss_scan_width oper_scan_width;
908 struct cfg80211_scan_request *scan_req;
909
910 scan_req = rcu_dereference_protected(local->scan_req,
911 lockdep_is_held(&local->mtx));
912
913 skip = 0;
914 chan = scan_req->channels[local->scan_channel_idx];
915
916 local->scan_chandef.chan = chan;
917 local->scan_chandef.center_freq1 = chan->center_freq;
918 local->scan_chandef.center_freq2 = 0;
919 switch (scan_req->scan_width) {
920 case NL80211_BSS_CHAN_WIDTH_5:
921 local->scan_chandef.width = NL80211_CHAN_WIDTH_5;
922 break;
923 case NL80211_BSS_CHAN_WIDTH_10:
924 local->scan_chandef.width = NL80211_CHAN_WIDTH_10;
925 break;
926 case NL80211_BSS_CHAN_WIDTH_20:
927 /* If scanning on oper channel, use whatever channel-type
928 * is currently in use.
929 */
930 oper_scan_width = cfg80211_chandef_to_scan_width(
931 &local->_oper_chandef);
932 if (chan == local->_oper_chandef.chan &&
933 oper_scan_width == scan_req->scan_width)
934 local->scan_chandef = local->_oper_chandef;
935 else
936 local->scan_chandef.width = NL80211_CHAN_WIDTH_20_NOHT;
937 break;
938 }
939
940 if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL))
941 skip = 1;
942
943 /* advance state machine to next channel/band */
944 local->scan_channel_idx++;
945
946 if (skip) {
947 /* if we skip this channel return to the decision state */
948 local->next_scan_state = SCAN_DECISION;
949 return;
950 }
951
952 /*
953 * Probe delay is used to update the NAV, cf. 11.1.3.2.2
954 * (which unfortunately doesn't say _why_ step a) is done,
955 * but it waits for the probe delay or until a frame is
956 * received - and the received frame would update the NAV).
957 * For now, we do not support waiting until a frame is
958 * received.
959 *
960 * In any case, it is not necessary for a passive scan.
961 */
962 if ((chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) ||
963 !scan_req->n_ssids) {
964 *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
965 local->next_scan_state = SCAN_DECISION;
966 if (scan_req->n_ssids)
967 set_bit(SCAN_BEACON_WAIT, &local->scanning);
968 return;
969 }
970
971 /* active scan, send probes */
972 *next_delay = IEEE80211_PROBE_DELAY;
973 local->next_scan_state = SCAN_SEND_PROBE;
974 }
975
ieee80211_scan_state_suspend(struct ieee80211_local * local,unsigned long * next_delay)976 static void ieee80211_scan_state_suspend(struct ieee80211_local *local,
977 unsigned long *next_delay)
978 {
979 /* switch back to the operating channel */
980 local->scan_chandef.chan = NULL;
981 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
982
983 /* disable PS */
984 ieee80211_offchannel_return(local);
985
986 *next_delay = HZ / 5;
987 /* afterwards, resume scan & go to next channel */
988 local->next_scan_state = SCAN_RESUME;
989 }
990
ieee80211_scan_state_resume(struct ieee80211_local * local,unsigned long * next_delay)991 static void ieee80211_scan_state_resume(struct ieee80211_local *local,
992 unsigned long *next_delay)
993 {
994 ieee80211_offchannel_stop_vifs(local);
995
996 if (local->ops->flush) {
997 ieee80211_flush_queues(local, NULL, false);
998 *next_delay = 0;
999 } else
1000 *next_delay = HZ / 10;
1001
1002 /* remember when we left the operating channel */
1003 local->leave_oper_channel_time = jiffies;
1004
1005 /* advance to the next channel to be scanned */
1006 local->next_scan_state = SCAN_SET_CHANNEL;
1007 }
1008
ieee80211_scan_work(struct work_struct * work)1009 void ieee80211_scan_work(struct work_struct *work)
1010 {
1011 struct ieee80211_local *local =
1012 container_of(work, struct ieee80211_local, scan_work.work);
1013 struct ieee80211_sub_if_data *sdata;
1014 struct cfg80211_scan_request *scan_req;
1015 unsigned long next_delay = 0;
1016 bool aborted;
1017
1018 mutex_lock(&local->mtx);
1019
1020 if (!ieee80211_can_run_worker(local)) {
1021 aborted = true;
1022 goto out_complete;
1023 }
1024
1025 sdata = rcu_dereference_protected(local->scan_sdata,
1026 lockdep_is_held(&local->mtx));
1027 scan_req = rcu_dereference_protected(local->scan_req,
1028 lockdep_is_held(&local->mtx));
1029
1030 /* When scanning on-channel, the first-callback means completed. */
1031 if (test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning)) {
1032 aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning);
1033 goto out_complete;
1034 }
1035
1036 if (test_and_clear_bit(SCAN_COMPLETED, &local->scanning)) {
1037 aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning);
1038 goto out_complete;
1039 }
1040
1041 if (!sdata || !scan_req)
1042 goto out;
1043
1044 if (!local->scanning) {
1045 int rc;
1046
1047 RCU_INIT_POINTER(local->scan_req, NULL);
1048 RCU_INIT_POINTER(local->scan_sdata, NULL);
1049
1050 rc = __ieee80211_start_scan(sdata, scan_req);
1051 if (rc) {
1052 /* need to complete scan in cfg80211 */
1053 rcu_assign_pointer(local->scan_req, scan_req);
1054 aborted = true;
1055 goto out_complete;
1056 } else
1057 goto out;
1058 }
1059
1060 clear_bit(SCAN_BEACON_WAIT, &local->scanning);
1061
1062 /*
1063 * as long as no delay is required advance immediately
1064 * without scheduling a new work
1065 */
1066 do {
1067 if (!ieee80211_sdata_running(sdata)) {
1068 aborted = true;
1069 goto out_complete;
1070 }
1071
1072 if (test_and_clear_bit(SCAN_BEACON_DONE, &local->scanning) &&
1073 local->next_scan_state == SCAN_DECISION)
1074 local->next_scan_state = SCAN_SEND_PROBE;
1075
1076 switch (local->next_scan_state) {
1077 case SCAN_DECISION:
1078 /* if no more bands/channels left, complete scan */
1079 if (local->scan_channel_idx >= scan_req->n_channels) {
1080 aborted = false;
1081 goto out_complete;
1082 }
1083 ieee80211_scan_state_decision(local, &next_delay);
1084 break;
1085 case SCAN_SET_CHANNEL:
1086 ieee80211_scan_state_set_channel(local, &next_delay);
1087 break;
1088 case SCAN_SEND_PROBE:
1089 ieee80211_scan_state_send_probe(local, &next_delay);
1090 break;
1091 case SCAN_SUSPEND:
1092 ieee80211_scan_state_suspend(local, &next_delay);
1093 break;
1094 case SCAN_RESUME:
1095 ieee80211_scan_state_resume(local, &next_delay);
1096 break;
1097 case SCAN_ABORT:
1098 aborted = true;
1099 goto out_complete;
1100 }
1101 } while (next_delay == 0);
1102
1103 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
1104 goto out;
1105
1106 out_complete:
1107 __ieee80211_scan_completed(&local->hw, aborted);
1108 out:
1109 mutex_unlock(&local->mtx);
1110 }
1111
ieee80211_request_scan(struct ieee80211_sub_if_data * sdata,struct cfg80211_scan_request * req)1112 int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
1113 struct cfg80211_scan_request *req)
1114 {
1115 int res;
1116
1117 mutex_lock(&sdata->local->mtx);
1118 res = __ieee80211_start_scan(sdata, req);
1119 mutex_unlock(&sdata->local->mtx);
1120
1121 return res;
1122 }
1123
ieee80211_request_ibss_scan(struct ieee80211_sub_if_data * sdata,const u8 * ssid,u8 ssid_len,struct ieee80211_channel ** channels,unsigned int n_channels,enum nl80211_bss_scan_width scan_width)1124 int ieee80211_request_ibss_scan(struct ieee80211_sub_if_data *sdata,
1125 const u8 *ssid, u8 ssid_len,
1126 struct ieee80211_channel **channels,
1127 unsigned int n_channels,
1128 enum nl80211_bss_scan_width scan_width)
1129 {
1130 struct ieee80211_local *local = sdata->local;
1131 int ret = -EBUSY, i, n_ch = 0;
1132 enum nl80211_band band;
1133
1134 mutex_lock(&local->mtx);
1135
1136 /* busy scanning */
1137 if (local->scan_req)
1138 goto unlock;
1139
1140 /* fill internal scan request */
1141 if (!channels) {
1142 int max_n;
1143
1144 for (band = 0; band < NUM_NL80211_BANDS; band++) {
1145 if (!local->hw.wiphy->bands[band])
1146 continue;
1147
1148 max_n = local->hw.wiphy->bands[band]->n_channels;
1149 for (i = 0; i < max_n; i++) {
1150 struct ieee80211_channel *tmp_ch =
1151 &local->hw.wiphy->bands[band]->channels[i];
1152
1153 if (tmp_ch->flags & (IEEE80211_CHAN_NO_IR |
1154 IEEE80211_CHAN_DISABLED))
1155 continue;
1156
1157 local->int_scan_req->channels[n_ch] = tmp_ch;
1158 n_ch++;
1159 }
1160 }
1161
1162 if (WARN_ON_ONCE(n_ch == 0))
1163 goto unlock;
1164
1165 local->int_scan_req->n_channels = n_ch;
1166 } else {
1167 for (i = 0; i < n_channels; i++) {
1168 if (channels[i]->flags & (IEEE80211_CHAN_NO_IR |
1169 IEEE80211_CHAN_DISABLED))
1170 continue;
1171
1172 local->int_scan_req->channels[n_ch] = channels[i];
1173 n_ch++;
1174 }
1175
1176 if (WARN_ON_ONCE(n_ch == 0))
1177 goto unlock;
1178
1179 local->int_scan_req->n_channels = n_ch;
1180 }
1181
1182 local->int_scan_req->ssids = &local->scan_ssid;
1183 local->int_scan_req->n_ssids = 1;
1184 local->int_scan_req->scan_width = scan_width;
1185 memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN);
1186 local->int_scan_req->ssids[0].ssid_len = ssid_len;
1187
1188 ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req);
1189 unlock:
1190 mutex_unlock(&local->mtx);
1191 return ret;
1192 }
1193
1194 /*
1195 * Only call this function when a scan can't be queued -- under RTNL.
1196 */
ieee80211_scan_cancel(struct ieee80211_local * local)1197 void ieee80211_scan_cancel(struct ieee80211_local *local)
1198 {
1199 /*
1200 * We are canceling software scan, or deferred scan that was not
1201 * yet really started (see __ieee80211_start_scan ).
1202 *
1203 * Regarding hardware scan:
1204 * - we can not call __ieee80211_scan_completed() as when
1205 * SCAN_HW_SCANNING bit is set this function change
1206 * local->hw_scan_req to operate on 5G band, what race with
1207 * driver which can use local->hw_scan_req
1208 *
1209 * - we can not cancel scan_work since driver can schedule it
1210 * by ieee80211_scan_completed(..., true) to finish scan
1211 *
1212 * Hence we only call the cancel_hw_scan() callback, but the low-level
1213 * driver is still responsible for calling ieee80211_scan_completed()
1214 * after the scan was completed/aborted.
1215 */
1216
1217 mutex_lock(&local->mtx);
1218 if (!local->scan_req)
1219 goto out;
1220
1221 /*
1222 * We have a scan running and the driver already reported completion,
1223 * but the worker hasn't run yet or is stuck on the mutex - mark it as
1224 * cancelled.
1225 */
1226 if (test_bit(SCAN_HW_SCANNING, &local->scanning) &&
1227 test_bit(SCAN_COMPLETED, &local->scanning)) {
1228 set_bit(SCAN_HW_CANCELLED, &local->scanning);
1229 goto out;
1230 }
1231
1232 if (test_bit(SCAN_HW_SCANNING, &local->scanning)) {
1233 /*
1234 * Make sure that __ieee80211_scan_completed doesn't trigger a
1235 * scan on another band.
1236 */
1237 set_bit(SCAN_HW_CANCELLED, &local->scanning);
1238 if (local->ops->cancel_hw_scan)
1239 drv_cancel_hw_scan(local,
1240 rcu_dereference_protected(local->scan_sdata,
1241 lockdep_is_held(&local->mtx)));
1242 goto out;
1243 }
1244
1245 /*
1246 * If the work is currently running, it must be blocked on
1247 * the mutex, but we'll set scan_sdata = NULL and it'll
1248 * simply exit once it acquires the mutex.
1249 */
1250 cancel_delayed_work(&local->scan_work);
1251 /* and clean up */
1252 memset(&local->scan_info, 0, sizeof(local->scan_info));
1253 __ieee80211_scan_completed(&local->hw, true);
1254 out:
1255 mutex_unlock(&local->mtx);
1256 }
1257
__ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data * sdata,struct cfg80211_sched_scan_request * req)1258 int __ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
1259 struct cfg80211_sched_scan_request *req)
1260 {
1261 struct ieee80211_local *local = sdata->local;
1262 struct ieee80211_scan_ies sched_scan_ies = {};
1263 struct cfg80211_chan_def chandef;
1264 int ret, i, iebufsz, num_bands = 0;
1265 u32 rate_masks[NUM_NL80211_BANDS] = {};
1266 u8 bands_used = 0;
1267 u8 *ie;
1268 u32 flags = 0;
1269
1270 iebufsz = local->scan_ies_len + req->ie_len;
1271
1272 lockdep_assert_held(&local->mtx);
1273
1274 if (!local->ops->sched_scan_start)
1275 return -ENOTSUPP;
1276
1277 for (i = 0; i < NUM_NL80211_BANDS; i++) {
1278 if (local->hw.wiphy->bands[i]) {
1279 bands_used |= BIT(i);
1280 rate_masks[i] = (u32) -1;
1281 num_bands++;
1282 }
1283 }
1284
1285 if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT)
1286 flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT;
1287
1288 ie = kcalloc(iebufsz, num_bands, GFP_KERNEL);
1289 if (!ie) {
1290 ret = -ENOMEM;
1291 goto out;
1292 }
1293
1294 ieee80211_prepare_scan_chandef(&chandef, req->scan_width);
1295
1296 ieee80211_build_preq_ies(sdata, ie, num_bands * iebufsz,
1297 &sched_scan_ies, req->ie,
1298 req->ie_len, bands_used, rate_masks, &chandef,
1299 flags);
1300
1301 ret = drv_sched_scan_start(local, sdata, req, &sched_scan_ies);
1302 if (ret == 0) {
1303 rcu_assign_pointer(local->sched_scan_sdata, sdata);
1304 rcu_assign_pointer(local->sched_scan_req, req);
1305 }
1306
1307 kfree(ie);
1308
1309 out:
1310 if (ret) {
1311 /* Clean in case of failure after HW restart or upon resume. */
1312 RCU_INIT_POINTER(local->sched_scan_sdata, NULL);
1313 RCU_INIT_POINTER(local->sched_scan_req, NULL);
1314 }
1315
1316 return ret;
1317 }
1318
ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data * sdata,struct cfg80211_sched_scan_request * req)1319 int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
1320 struct cfg80211_sched_scan_request *req)
1321 {
1322 struct ieee80211_local *local = sdata->local;
1323 int ret;
1324
1325 mutex_lock(&local->mtx);
1326
1327 if (rcu_access_pointer(local->sched_scan_sdata)) {
1328 mutex_unlock(&local->mtx);
1329 return -EBUSY;
1330 }
1331
1332 ret = __ieee80211_request_sched_scan_start(sdata, req);
1333
1334 mutex_unlock(&local->mtx);
1335 return ret;
1336 }
1337
ieee80211_request_sched_scan_stop(struct ieee80211_local * local)1338 int ieee80211_request_sched_scan_stop(struct ieee80211_local *local)
1339 {
1340 struct ieee80211_sub_if_data *sched_scan_sdata;
1341 int ret = -ENOENT;
1342
1343 mutex_lock(&local->mtx);
1344
1345 if (!local->ops->sched_scan_stop) {
1346 ret = -ENOTSUPP;
1347 goto out;
1348 }
1349
1350 /* We don't want to restart sched scan anymore. */
1351 RCU_INIT_POINTER(local->sched_scan_req, NULL);
1352
1353 sched_scan_sdata = rcu_dereference_protected(local->sched_scan_sdata,
1354 lockdep_is_held(&local->mtx));
1355 if (sched_scan_sdata) {
1356 ret = drv_sched_scan_stop(local, sched_scan_sdata);
1357 if (!ret)
1358 RCU_INIT_POINTER(local->sched_scan_sdata, NULL);
1359 }
1360 out:
1361 mutex_unlock(&local->mtx);
1362
1363 return ret;
1364 }
1365
ieee80211_sched_scan_results(struct ieee80211_hw * hw)1366 void ieee80211_sched_scan_results(struct ieee80211_hw *hw)
1367 {
1368 struct ieee80211_local *local = hw_to_local(hw);
1369
1370 trace_api_sched_scan_results(local);
1371
1372 cfg80211_sched_scan_results(hw->wiphy, 0);
1373 }
1374 EXPORT_SYMBOL(ieee80211_sched_scan_results);
1375
ieee80211_sched_scan_end(struct ieee80211_local * local)1376 void ieee80211_sched_scan_end(struct ieee80211_local *local)
1377 {
1378 mutex_lock(&local->mtx);
1379
1380 if (!rcu_access_pointer(local->sched_scan_sdata)) {
1381 mutex_unlock(&local->mtx);
1382 return;
1383 }
1384
1385 RCU_INIT_POINTER(local->sched_scan_sdata, NULL);
1386
1387 /* If sched scan was aborted by the driver. */
1388 RCU_INIT_POINTER(local->sched_scan_req, NULL);
1389
1390 mutex_unlock(&local->mtx);
1391
1392 cfg80211_sched_scan_stopped(local->hw.wiphy, 0);
1393 }
1394
ieee80211_sched_scan_stopped_work(struct work_struct * work)1395 void ieee80211_sched_scan_stopped_work(struct work_struct *work)
1396 {
1397 struct ieee80211_local *local =
1398 container_of(work, struct ieee80211_local,
1399 sched_scan_stopped_work);
1400
1401 ieee80211_sched_scan_end(local);
1402 }
1403
ieee80211_sched_scan_stopped(struct ieee80211_hw * hw)1404 void ieee80211_sched_scan_stopped(struct ieee80211_hw *hw)
1405 {
1406 struct ieee80211_local *local = hw_to_local(hw);
1407
1408 trace_api_sched_scan_stopped(local);
1409
1410 /*
1411 * this shouldn't really happen, so for simplicity
1412 * simply ignore it, and let mac80211 reconfigure
1413 * the sched scan later on.
1414 */
1415 if (local->in_reconfig)
1416 return;
1417
1418 schedule_work(&local->sched_scan_stopped_work);
1419 }
1420 EXPORT_SYMBOL(ieee80211_sched_scan_stopped);
1421