| 1 | // SPDX-License-Identifier: GPL-2.0-only |
|---|---|
| 2 | /* |
| 3 | * Scanning implementation |
| 4 | * |
| 5 | * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> |
| 6 | * Copyright 2004, Instant802 Networks, Inc. |
| 7 | * Copyright 2005, Devicescape Software, Inc. |
| 8 | * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> |
| 9 | * Copyright 2007, Michael Wu <flamingice@sourmilk.net> |
| 10 | * Copyright 2013-2015 Intel Mobile Communications GmbH |
| 11 | * Copyright 2016-2017 Intel Deutschland GmbH |
| 12 | * Copyright (C) 2018-2025 Intel Corporation |
| 13 | */ |
| 14 | |
| 15 | #include <linux/if_arp.h> |
| 16 | #include <linux/etherdevice.h> |
| 17 | #include <linux/rtnetlink.h> |
| 18 | #include <net/sch_generic.h> |
| 19 | #include <linux/slab.h> |
| 20 | #include <linux/export.h> |
| 21 | #include <linux/random.h> |
| 22 | #include <net/mac80211.h> |
| 23 | |
| 24 | #include "ieee80211_i.h" |
| 25 | #include "driver-ops.h" |
| 26 | #include "mesh.h" |
| 27 | |
| 28 | #define IEEE80211_PROBE_DELAY (HZ / 33) |
| 29 | #define IEEE80211_CHANNEL_TIME (HZ / 33) |
| 30 | #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 9) |
| 31 | |
| 32 | void ieee80211_rx_bss_put(struct ieee80211_local *local, |
| 33 | struct ieee80211_bss *bss) |
| 34 | { |
| 35 | if (!bss) |
| 36 | return; |
| 37 | cfg80211_put_bss(wiphy: local->hw.wiphy, |
| 38 | container_of((void *)bss, struct cfg80211_bss, priv)); |
| 39 | } |
| 40 | |
| 41 | static bool is_uapsd_supported(struct ieee802_11_elems *elems) |
| 42 | { |
| 43 | u8 qos_info; |
| 44 | |
| 45 | if (elems->wmm_info && elems->wmm_info_len == 7 |
| 46 | && elems->wmm_info[5] == 1) |
| 47 | qos_info = elems->wmm_info[6]; |
| 48 | else if (elems->wmm_param && elems->wmm_param_len == 24 |
| 49 | && elems->wmm_param[5] == 1) |
| 50 | qos_info = elems->wmm_param[6]; |
| 51 | else |
| 52 | /* no valid wmm information or parameter element found */ |
| 53 | return false; |
| 54 | |
| 55 | return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD; |
| 56 | } |
| 57 | |
| 58 | struct inform_bss_update_data { |
| 59 | struct ieee80211_rx_status *rx_status; |
| 60 | bool beacon; |
| 61 | }; |
| 62 | |
| 63 | void ieee80211_inform_bss(struct wiphy *wiphy, |
| 64 | struct cfg80211_bss *cbss, |
| 65 | const struct cfg80211_bss_ies *ies, |
| 66 | void *data) |
| 67 | { |
| 68 | struct ieee80211_local *local = wiphy_priv(wiphy); |
| 69 | struct inform_bss_update_data *update_data = data; |
| 70 | struct ieee80211_bss *bss = (void *)cbss->priv; |
| 71 | struct ieee80211_rx_status *rx_status; |
| 72 | struct ieee802_11_elems *elems; |
| 73 | int clen, srlen; |
| 74 | |
| 75 | /* This happens while joining an IBSS */ |
| 76 | if (!update_data) |
| 77 | return; |
| 78 | |
| 79 | elems = ieee802_11_parse_elems(start: ies->data, len: ies->len, action: false, NULL); |
| 80 | if (!elems) |
| 81 | return; |
| 82 | |
| 83 | rx_status = update_data->rx_status; |
| 84 | |
| 85 | if (update_data->beacon) |
| 86 | bss->device_ts_beacon = rx_status->device_timestamp; |
| 87 | else |
| 88 | bss->device_ts_presp = rx_status->device_timestamp; |
| 89 | |
| 90 | if (elems->parse_error) { |
| 91 | if (update_data->beacon) |
| 92 | bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON; |
| 93 | else |
| 94 | bss->corrupt_data |= IEEE80211_BSS_CORRUPT_PROBE_RESP; |
| 95 | } else { |
| 96 | if (update_data->beacon) |
| 97 | bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_BEACON; |
| 98 | else |
| 99 | bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_PROBE_RESP; |
| 100 | } |
| 101 | |
| 102 | /* save the ERP value so that it is available at association time */ |
| 103 | if (elems->erp_info && (!elems->parse_error || |
| 104 | !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) { |
| 105 | bss->erp_value = elems->erp_info[0]; |
| 106 | bss->has_erp_value = true; |
| 107 | if (!elems->parse_error) |
| 108 | bss->valid_data |= IEEE80211_BSS_VALID_ERP; |
| 109 | } |
| 110 | |
| 111 | /* replace old supported rates if we get new values */ |
| 112 | if (!elems->parse_error || |
| 113 | !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) { |
| 114 | srlen = 0; |
| 115 | if (elems->supp_rates) { |
| 116 | clen = IEEE80211_MAX_SUPP_RATES; |
| 117 | if (clen > elems->supp_rates_len) |
| 118 | clen = elems->supp_rates_len; |
| 119 | memcpy(to: bss->supp_rates, from: elems->supp_rates, len: clen); |
| 120 | srlen += clen; |
| 121 | } |
| 122 | if (elems->ext_supp_rates) { |
| 123 | clen = IEEE80211_MAX_SUPP_RATES - srlen; |
| 124 | if (clen > elems->ext_supp_rates_len) |
| 125 | clen = elems->ext_supp_rates_len; |
| 126 | memcpy(to: bss->supp_rates + srlen, from: elems->ext_supp_rates, |
| 127 | len: clen); |
| 128 | srlen += clen; |
| 129 | } |
| 130 | if (srlen) { |
| 131 | bss->supp_rates_len = srlen; |
| 132 | if (!elems->parse_error) |
| 133 | bss->valid_data |= IEEE80211_BSS_VALID_RATES; |
| 134 | } |
| 135 | } |
| 136 | |
| 137 | if (!elems->parse_error || |
| 138 | !(bss->valid_data & IEEE80211_BSS_VALID_WMM)) { |
| 139 | bss->wmm_used = elems->wmm_param || elems->wmm_info; |
| 140 | bss->uapsd_supported = is_uapsd_supported(elems); |
| 141 | if (!elems->parse_error) |
| 142 | bss->valid_data |= IEEE80211_BSS_VALID_WMM; |
| 143 | } |
| 144 | |
| 145 | if (update_data->beacon) { |
| 146 | struct ieee80211_supported_band *sband = |
| 147 | local->hw.wiphy->bands[rx_status->band]; |
| 148 | if (!(rx_status->encoding == RX_ENC_HT) && |
| 149 | !(rx_status->encoding == RX_ENC_VHT)) |
| 150 | bss->beacon_rate = |
| 151 | &sband->bitrates[rx_status->rate_idx]; |
| 152 | } |
| 153 | |
| 154 | if (elems->vht_cap_elem) |
| 155 | bss->vht_cap_info = |
| 156 | le32_to_cpu(elems->vht_cap_elem->vht_cap_info); |
| 157 | else |
| 158 | bss->vht_cap_info = 0; |
| 159 | |
| 160 | kfree(objp: elems); |
| 161 | } |
| 162 | |
| 163 | struct ieee80211_bss * |
| 164 | ieee80211_bss_info_update(struct ieee80211_local *local, |
| 165 | struct ieee80211_rx_status *rx_status, |
| 166 | struct ieee80211_mgmt *mgmt, size_t len, |
| 167 | struct ieee80211_channel *channel) |
| 168 | { |
| 169 | bool beacon = ieee80211_is_beacon(fc: mgmt->frame_control) || |
| 170 | ieee80211_is_s1g_beacon(fc: mgmt->frame_control); |
| 171 | struct cfg80211_bss *cbss; |
| 172 | struct inform_bss_update_data update_data = { |
| 173 | .rx_status = rx_status, |
| 174 | .beacon = beacon, |
| 175 | }; |
| 176 | struct cfg80211_inform_bss bss_meta = { |
| 177 | .boottime_ns = rx_status->boottime_ns, |
| 178 | .drv_data = (void *)&update_data, |
| 179 | }; |
| 180 | bool signal_valid; |
| 181 | struct ieee80211_sub_if_data *scan_sdata; |
| 182 | |
| 183 | if (rx_status->flag & RX_FLAG_NO_SIGNAL_VAL) |
| 184 | bss_meta.signal = 0; /* invalid signal indication */ |
| 185 | else if (ieee80211_hw_check(&local->hw, SIGNAL_DBM)) |
| 186 | bss_meta.signal = rx_status->signal * 100; |
| 187 | else if (ieee80211_hw_check(&local->hw, SIGNAL_UNSPEC)) |
| 188 | bss_meta.signal = (rx_status->signal * 100) / local->hw.max_signal; |
| 189 | |
| 190 | bss_meta.chan = channel; |
| 191 | |
| 192 | rcu_read_lock(); |
| 193 | scan_sdata = rcu_dereference(local->scan_sdata); |
| 194 | if (scan_sdata && scan_sdata->vif.type == NL80211_IFTYPE_STATION && |
| 195 | scan_sdata->vif.cfg.assoc && |
| 196 | ieee80211_have_rx_timestamp(status: rx_status)) { |
| 197 | struct ieee80211_bss_conf *link_conf = NULL; |
| 198 | |
| 199 | /* for an MLO connection, set the TSF data only in case we have |
| 200 | * an indication on which of the links the frame was received |
| 201 | */ |
| 202 | if (ieee80211_vif_is_mld(vif: &scan_sdata->vif)) { |
| 203 | if (rx_status->link_valid) { |
| 204 | s8 link_id = rx_status->link_id; |
| 205 | |
| 206 | link_conf = |
| 207 | rcu_dereference(scan_sdata->vif.link_conf[link_id]); |
| 208 | } |
| 209 | } else { |
| 210 | link_conf = &scan_sdata->vif.bss_conf; |
| 211 | } |
| 212 | |
| 213 | if (link_conf) { |
| 214 | bss_meta.parent_tsf = |
| 215 | ieee80211_calculate_rx_timestamp(local, |
| 216 | status: rx_status, |
| 217 | mpdu_len: len + FCS_LEN, |
| 218 | mpdu_offset: 24); |
| 219 | |
| 220 | ether_addr_copy(dst: bss_meta.parent_bssid, |
| 221 | src: link_conf->bssid); |
| 222 | } |
| 223 | } |
| 224 | rcu_read_unlock(); |
| 225 | |
| 226 | cbss = cfg80211_inform_bss_frame_data(wiphy: local->hw.wiphy, data: &bss_meta, |
| 227 | mgmt, len, GFP_ATOMIC); |
| 228 | if (!cbss) |
| 229 | return NULL; |
| 230 | |
| 231 | /* In case the signal is invalid update the status */ |
| 232 | signal_valid = channel == cbss->channel; |
| 233 | if (!signal_valid) |
| 234 | rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL; |
| 235 | |
| 236 | return (void *)cbss->priv; |
| 237 | } |
| 238 | |
| 239 | static bool ieee80211_scan_accept_presp(struct ieee80211_sub_if_data *sdata, |
| 240 | struct ieee80211_channel *channel, |
| 241 | u32 scan_flags, const u8 *da) |
| 242 | { |
| 243 | struct ieee80211_link_data *link_sdata; |
| 244 | u8 link_id; |
| 245 | |
| 246 | if (!sdata) |
| 247 | return false; |
| 248 | |
| 249 | /* accept broadcast on 6 GHz and for OCE */ |
| 250 | if (is_broadcast_ether_addr(addr: da) && |
| 251 | (channel->band == NL80211_BAND_6GHZ || |
| 252 | scan_flags & NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP)) |
| 253 | return true; |
| 254 | |
| 255 | if (scan_flags & NL80211_SCAN_FLAG_RANDOM_ADDR) |
| 256 | return true; |
| 257 | |
| 258 | if (ether_addr_equal(addr1: da, addr2: sdata->vif.addr)) |
| 259 | return true; |
| 260 | |
| 261 | for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { |
| 262 | link_sdata = rcu_dereference(sdata->link[link_id]); |
| 263 | if (!link_sdata) |
| 264 | continue; |
| 265 | |
| 266 | if (ether_addr_equal(addr1: da, addr2: link_sdata->conf->addr)) |
| 267 | return true; |
| 268 | } |
| 269 | |
| 270 | return false; |
| 271 | } |
| 272 | |
| 273 | void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb) |
| 274 | { |
| 275 | struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); |
| 276 | struct ieee80211_mgmt *mgmt = (void *)skb->data; |
| 277 | struct ieee80211_bss *bss; |
| 278 | struct ieee80211_channel *channel; |
| 279 | struct ieee80211_ext *ext; |
| 280 | size_t min_hdr_len = offsetof(struct ieee80211_mgmt, |
| 281 | u.probe_resp.variable); |
| 282 | |
| 283 | if (!ieee80211_is_probe_resp(fc: mgmt->frame_control) && |
| 284 | !ieee80211_is_beacon(fc: mgmt->frame_control) && |
| 285 | !ieee80211_is_s1g_beacon(fc: mgmt->frame_control)) |
| 286 | return; |
| 287 | |
| 288 | if (ieee80211_is_s1g_beacon(fc: mgmt->frame_control)) { |
| 289 | ext = (struct ieee80211_ext *)mgmt; |
| 290 | min_hdr_len = |
| 291 | offsetof(struct ieee80211_ext, u.s1g_beacon.variable) + |
| 292 | ieee80211_s1g_optional_len(fc: ext->frame_control); |
| 293 | } |
| 294 | |
| 295 | if (skb->len < min_hdr_len) |
| 296 | return; |
| 297 | |
| 298 | if (test_and_clear_bit(nr: SCAN_BEACON_WAIT, addr: &local->scanning)) { |
| 299 | /* |
| 300 | * we were passive scanning because of radar/no-IR, but |
| 301 | * the beacon/proberesp rx gives us an opportunity to upgrade |
| 302 | * to active scan |
| 303 | */ |
| 304 | set_bit(nr: SCAN_BEACON_DONE, addr: &local->scanning); |
| 305 | wiphy_delayed_work_queue(wiphy: local->hw.wiphy, dwork: &local->scan_work, delay: 0); |
| 306 | } |
| 307 | |
| 308 | channel = ieee80211_get_channel_khz(wiphy: local->hw.wiphy, |
| 309 | freq: ieee80211_rx_status_to_khz(rx_status)); |
| 310 | |
| 311 | if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) |
| 312 | return; |
| 313 | |
| 314 | if (ieee80211_is_probe_resp(fc: mgmt->frame_control)) { |
| 315 | struct ieee80211_sub_if_data *sdata1, *sdata2; |
| 316 | struct cfg80211_scan_request *scan_req; |
| 317 | struct cfg80211_sched_scan_request *sched_scan_req; |
| 318 | u32 scan_req_flags = 0, sched_scan_req_flags = 0; |
| 319 | |
| 320 | sdata1 = rcu_dereference(local->scan_sdata); |
| 321 | sdata2 = rcu_dereference(local->sched_scan_sdata); |
| 322 | |
| 323 | if (likely(!sdata1 && !sdata2)) |
| 324 | return; |
| 325 | |
| 326 | scan_req = rcu_dereference(local->scan_req); |
| 327 | sched_scan_req = rcu_dereference(local->sched_scan_req); |
| 328 | |
| 329 | if (scan_req) |
| 330 | scan_req_flags = scan_req->flags; |
| 331 | |
| 332 | if (sched_scan_req) |
| 333 | sched_scan_req_flags = sched_scan_req->flags; |
| 334 | |
| 335 | /* ignore ProbeResp to foreign address or non-bcast (OCE) |
| 336 | * unless scanning with randomised address |
| 337 | */ |
| 338 | if (!ieee80211_scan_accept_presp(sdata: sdata1, channel, |
| 339 | scan_flags: scan_req_flags, |
| 340 | da: mgmt->da) && |
| 341 | !ieee80211_scan_accept_presp(sdata: sdata2, channel, |
| 342 | scan_flags: sched_scan_req_flags, |
| 343 | da: mgmt->da)) |
| 344 | return; |
| 345 | } else { |
| 346 | /* Beacons are expected only with broadcast address */ |
| 347 | if (!is_broadcast_ether_addr(addr: mgmt->da)) |
| 348 | return; |
| 349 | } |
| 350 | |
| 351 | /* Do not update the BSS table in case of only monitor interfaces */ |
| 352 | if (local->open_count == local->monitors) |
| 353 | return; |
| 354 | |
| 355 | bss = ieee80211_bss_info_update(local, rx_status, |
| 356 | mgmt, len: skb->len, |
| 357 | channel); |
| 358 | if (bss) |
| 359 | ieee80211_rx_bss_put(local, bss); |
| 360 | } |
| 361 | |
| 362 | static void ieee80211_prepare_scan_chandef(struct cfg80211_chan_def *chandef) |
| 363 | { |
| 364 | memset(s: chandef, c: 0, n: sizeof(*chandef)); |
| 365 | |
| 366 | chandef->width = NL80211_CHAN_WIDTH_20_NOHT; |
| 367 | } |
| 368 | |
| 369 | /* return false if no more work */ |
| 370 | static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata) |
| 371 | { |
| 372 | struct ieee80211_local *local = sdata->local; |
| 373 | struct cfg80211_scan_request *req; |
| 374 | struct cfg80211_chan_def chandef; |
| 375 | u8 bands_used = 0; |
| 376 | int i, ielen; |
| 377 | u32 *n_chans; |
| 378 | u32 flags = 0; |
| 379 | |
| 380 | req = rcu_dereference_protected(local->scan_req, |
| 381 | lockdep_is_held(&local->hw.wiphy->mtx)); |
| 382 | |
| 383 | if (test_bit(SCAN_HW_CANCELLED, &local->scanning)) |
| 384 | return false; |
| 385 | |
| 386 | if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { |
| 387 | local->hw_scan_req->req.n_channels = req->n_channels; |
| 388 | |
| 389 | for (i = 0; i < req->n_channels; i++) { |
| 390 | local->hw_scan_req->req.channels[i] = req->channels[i]; |
| 391 | bands_used |= BIT(req->channels[i]->band); |
| 392 | } |
| 393 | } else { |
| 394 | do { |
| 395 | if (local->hw_scan_band == NUM_NL80211_BANDS) |
| 396 | return false; |
| 397 | |
| 398 | n_chans = &local->hw_scan_req->req.n_channels; |
| 399 | *n_chans = 0; |
| 400 | |
| 401 | for (i = 0; i < req->n_channels; i++) { |
| 402 | if (req->channels[i]->band != |
| 403 | local->hw_scan_band) |
| 404 | continue; |
| 405 | local->hw_scan_req->req.channels[(*n_chans)++] = |
| 406 | req->channels[i]; |
| 407 | |
| 408 | bands_used |= BIT(req->channels[i]->band); |
| 409 | } |
| 410 | |
| 411 | local->hw_scan_band++; |
| 412 | } while (!*n_chans); |
| 413 | } |
| 414 | |
| 415 | ieee80211_prepare_scan_chandef(chandef: &chandef); |
| 416 | |
| 417 | if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) |
| 418 | flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; |
| 419 | |
| 420 | ielen = ieee80211_build_preq_ies(sdata, |
| 421 | buffer: (u8 *)local->hw_scan_req->req.ie, |
| 422 | buffer_len: local->hw_scan_ies_bufsize, |
| 423 | ie_desc: &local->hw_scan_req->ies, |
| 424 | ie: req->ie, ie_len: req->ie_len, |
| 425 | bands_used, rate_masks: req->rates, chandef: &chandef, |
| 426 | flags); |
| 427 | if (ielen < 0) |
| 428 | return false; |
| 429 | local->hw_scan_req->req.ie_len = ielen; |
| 430 | local->hw_scan_req->req.no_cck = req->no_cck; |
| 431 | ether_addr_copy(dst: local->hw_scan_req->req.mac_addr, src: req->mac_addr); |
| 432 | ether_addr_copy(dst: local->hw_scan_req->req.mac_addr_mask, |
| 433 | src: req->mac_addr_mask); |
| 434 | ether_addr_copy(dst: local->hw_scan_req->req.bssid, src: req->bssid); |
| 435 | |
| 436 | return true; |
| 437 | } |
| 438 | |
| 439 | static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) |
| 440 | { |
| 441 | struct ieee80211_local *local = hw_to_local(hw); |
| 442 | bool hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning); |
| 443 | bool was_scanning = local->scanning; |
| 444 | struct cfg80211_scan_request *scan_req; |
| 445 | struct ieee80211_sub_if_data *scan_sdata; |
| 446 | struct ieee80211_sub_if_data *sdata; |
| 447 | |
| 448 | lockdep_assert_wiphy(local->hw.wiphy); |
| 449 | |
| 450 | /* |
| 451 | * It's ok to abort a not-yet-running scan (that |
| 452 | * we have one at all will be verified by checking |
| 453 | * local->scan_req next), but not to complete it |
| 454 | * successfully. |
| 455 | */ |
| 456 | if (WARN_ON(!local->scanning && !aborted)) |
| 457 | aborted = true; |
| 458 | |
| 459 | if (WARN_ON(!local->scan_req)) |
| 460 | return; |
| 461 | |
| 462 | scan_sdata = rcu_dereference_protected(local->scan_sdata, |
| 463 | lockdep_is_held(&local->hw.wiphy->mtx)); |
| 464 | |
| 465 | if (hw_scan && !aborted && |
| 466 | !ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS) && |
| 467 | ieee80211_prep_hw_scan(sdata: scan_sdata)) { |
| 468 | int rc; |
| 469 | |
| 470 | rc = drv_hw_scan(local, |
| 471 | rcu_dereference_protected(local->scan_sdata, |
| 472 | lockdep_is_held(&local->hw.wiphy->mtx)), |
| 473 | req: local->hw_scan_req); |
| 474 | |
| 475 | if (rc == 0) |
| 476 | return; |
| 477 | |
| 478 | /* HW scan failed and is going to be reported as aborted, |
| 479 | * so clear old scan info. |
| 480 | */ |
| 481 | memset(s: &local->scan_info, c: 0, n: sizeof(local->scan_info)); |
| 482 | aborted = true; |
| 483 | } |
| 484 | |
| 485 | kfree(objp: local->hw_scan_req); |
| 486 | local->hw_scan_req = NULL; |
| 487 | |
| 488 | scan_req = rcu_dereference_protected(local->scan_req, |
| 489 | lockdep_is_held(&local->hw.wiphy->mtx)); |
| 490 | |
| 491 | RCU_INIT_POINTER(local->scan_req, NULL); |
| 492 | RCU_INIT_POINTER(local->scan_sdata, NULL); |
| 493 | |
| 494 | local->scanning = 0; |
| 495 | local->scan_chandef.chan = NULL; |
| 496 | |
| 497 | synchronize_rcu(); |
| 498 | |
| 499 | if (scan_req != local->int_scan_req) { |
| 500 | local->scan_info.aborted = aborted; |
| 501 | cfg80211_scan_done(request: scan_req, info: &local->scan_info); |
| 502 | } |
| 503 | |
| 504 | /* Set power back to normal operating levels. */ |
| 505 | ieee80211_hw_conf_chan(local); |
| 506 | |
| 507 | if (!hw_scan && was_scanning) { |
| 508 | ieee80211_configure_filter(local); |
| 509 | drv_sw_scan_complete(local, sdata: scan_sdata); |
| 510 | ieee80211_offchannel_return(local); |
| 511 | } |
| 512 | |
| 513 | ieee80211_recalc_idle(local); |
| 514 | |
| 515 | ieee80211_mlme_notify_scan_completed(local); |
| 516 | ieee80211_ibss_notify_scan_completed(local); |
| 517 | |
| 518 | /* Requeue all the work that might have been ignored while |
| 519 | * the scan was in progress; if there was none this will |
| 520 | * just be a no-op for the particular interface. |
| 521 | */ |
| 522 | list_for_each_entry(sdata, &local->interfaces, list) { |
| 523 | if (ieee80211_sdata_running(sdata)) |
| 524 | wiphy_work_queue(wiphy: sdata->local->hw.wiphy, work: &sdata->work); |
| 525 | } |
| 526 | |
| 527 | if (was_scanning) |
| 528 | ieee80211_start_next_roc(local); |
| 529 | } |
| 530 | |
| 531 | void ieee80211_scan_completed(struct ieee80211_hw *hw, |
| 532 | struct cfg80211_scan_info *info) |
| 533 | { |
| 534 | struct ieee80211_local *local = hw_to_local(hw); |
| 535 | |
| 536 | trace_api_scan_completed(local, aborted: info->aborted); |
| 537 | |
| 538 | set_bit(nr: SCAN_COMPLETED, addr: &local->scanning); |
| 539 | if (info->aborted) |
| 540 | set_bit(nr: SCAN_ABORTED, addr: &local->scanning); |
| 541 | |
| 542 | memcpy(to: &local->scan_info, from: info, len: sizeof(*info)); |
| 543 | |
| 544 | wiphy_delayed_work_queue(wiphy: local->hw.wiphy, dwork: &local->scan_work, delay: 0); |
| 545 | } |
| 546 | EXPORT_SYMBOL(ieee80211_scan_completed); |
| 547 | |
| 548 | static int ieee80211_start_sw_scan(struct ieee80211_local *local, |
| 549 | struct ieee80211_sub_if_data *sdata) |
| 550 | { |
| 551 | /* Software scan is not supported in multi-channel cases */ |
| 552 | if (!local->emulate_chanctx) |
| 553 | return -EOPNOTSUPP; |
| 554 | |
| 555 | /* |
| 556 | * Hardware/driver doesn't support hw_scan, so use software |
| 557 | * scanning instead. First send a nullfunc frame with power save |
| 558 | * bit on so that AP will buffer the frames for us while we are not |
| 559 | * listening, then send probe requests to each channel and wait for |
| 560 | * the responses. After all channels are scanned, tune back to the |
| 561 | * original channel and send a nullfunc frame with power save bit |
| 562 | * off to trigger the AP to send us all the buffered frames. |
| 563 | * |
| 564 | * Note that while local->sw_scanning is true everything else but |
| 565 | * nullfunc frames and probe requests will be dropped in |
| 566 | * ieee80211_tx_h_check_assoc(). |
| 567 | */ |
| 568 | drv_sw_scan_start(local, sdata, mac_addr: local->scan_addr); |
| 569 | |
| 570 | local->leave_oper_channel_time = jiffies; |
| 571 | local->next_scan_state = SCAN_DECISION; |
| 572 | local->scan_channel_idx = 0; |
| 573 | |
| 574 | ieee80211_offchannel_stop_vifs(local); |
| 575 | |
| 576 | /* ensure nullfunc is transmitted before leaving operating channel */ |
| 577 | ieee80211_flush_queues(local, NULL, drop: false); |
| 578 | |
| 579 | ieee80211_configure_filter(local); |
| 580 | |
| 581 | /* We need to set power level at maximum rate for scanning. */ |
| 582 | ieee80211_hw_conf_chan(local); |
| 583 | |
| 584 | wiphy_delayed_work_queue(wiphy: local->hw.wiphy, dwork: &local->scan_work, delay: 0); |
| 585 | |
| 586 | return 0; |
| 587 | } |
| 588 | |
| 589 | static bool __ieee80211_can_leave_ch(struct ieee80211_sub_if_data *sdata, |
| 590 | struct cfg80211_scan_request *req) |
| 591 | { |
| 592 | struct ieee80211_local *local = sdata->local; |
| 593 | struct ieee80211_sub_if_data *sdata_iter; |
| 594 | unsigned int link_id; |
| 595 | |
| 596 | lockdep_assert_wiphy(local->hw.wiphy); |
| 597 | |
| 598 | if (!ieee80211_is_radar_required(local, req)) |
| 599 | return true; |
| 600 | |
| 601 | if (!regulatory_pre_cac_allowed(wiphy: local->hw.wiphy)) |
| 602 | return false; |
| 603 | |
| 604 | list_for_each_entry(sdata_iter, &local->interfaces, list) { |
| 605 | for_each_valid_link(&sdata_iter->wdev, link_id) |
| 606 | if (sdata_iter->wdev.links[link_id].cac_started) |
| 607 | return false; |
| 608 | } |
| 609 | |
| 610 | return true; |
| 611 | } |
| 612 | |
| 613 | static bool ieee80211_can_scan(struct ieee80211_local *local, |
| 614 | struct ieee80211_sub_if_data *sdata, |
| 615 | struct cfg80211_scan_request *req) |
| 616 | { |
| 617 | if (!__ieee80211_can_leave_ch(sdata, req)) |
| 618 | return false; |
| 619 | |
| 620 | if (!list_empty(head: &local->roc_list)) |
| 621 | return false; |
| 622 | |
| 623 | if (sdata->vif.type == NL80211_IFTYPE_STATION && |
| 624 | sdata->u.mgd.flags & IEEE80211_STA_CONNECTION_POLL) |
| 625 | return false; |
| 626 | |
| 627 | return true; |
| 628 | } |
| 629 | |
| 630 | void ieee80211_run_deferred_scan(struct ieee80211_local *local) |
| 631 | { |
| 632 | struct cfg80211_scan_request *req; |
| 633 | |
| 634 | lockdep_assert_wiphy(local->hw.wiphy); |
| 635 | |
| 636 | if (!local->scan_req || local->scanning) |
| 637 | return; |
| 638 | |
| 639 | req = wiphy_dereference(local->hw.wiphy, local->scan_req); |
| 640 | if (!ieee80211_can_scan(local, |
| 641 | rcu_dereference_protected( |
| 642 | local->scan_sdata, |
| 643 | lockdep_is_held(&local->hw.wiphy->mtx)), |
| 644 | req)) |
| 645 | return; |
| 646 | |
| 647 | wiphy_delayed_work_queue(wiphy: local->hw.wiphy, dwork: &local->scan_work, |
| 648 | delay: round_jiffies_relative(j: 0)); |
| 649 | } |
| 650 | |
| 651 | static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata, |
| 652 | const u8 *src, const u8 *dst, |
| 653 | const u8 *ssid, size_t ssid_len, |
| 654 | const u8 *ie, size_t ie_len, |
| 655 | u32 ratemask, u32 flags, u32 tx_flags, |
| 656 | struct ieee80211_channel *channel) |
| 657 | { |
| 658 | struct sk_buff *skb; |
| 659 | |
| 660 | skb = ieee80211_build_probe_req(sdata, src, dst, ratemask, chan: channel, |
| 661 | ssid, ssid_len, |
| 662 | ie, ie_len, flags); |
| 663 | |
| 664 | if (skb) { |
| 665 | if (flags & IEEE80211_PROBE_FLAG_RANDOM_SN) { |
| 666 | struct ieee80211_hdr *hdr = (void *)skb->data; |
| 667 | struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); |
| 668 | u16 sn = get_random_u16(); |
| 669 | |
| 670 | info->control.flags |= IEEE80211_TX_CTRL_NO_SEQNO; |
| 671 | hdr->seq_ctrl = |
| 672 | cpu_to_le16(IEEE80211_SN_TO_SEQ(sn)); |
| 673 | } |
| 674 | IEEE80211_SKB_CB(skb)->flags |= tx_flags; |
| 675 | IEEE80211_SKB_CB(skb)->control.flags |= IEEE80211_TX_CTRL_DONT_USE_RATE_MASK; |
| 676 | ieee80211_tx_skb_tid_band(sdata, skb, tid: 7, band: channel->band); |
| 677 | } |
| 678 | } |
| 679 | |
| 680 | static void ieee80211_scan_state_send_probe(struct ieee80211_local *local, |
| 681 | unsigned long *next_delay) |
| 682 | { |
| 683 | int i; |
| 684 | struct ieee80211_sub_if_data *sdata; |
| 685 | struct cfg80211_scan_request *scan_req; |
| 686 | enum nl80211_band band = local->hw.conf.chandef.chan->band; |
| 687 | u32 flags = 0, tx_flags; |
| 688 | |
| 689 | scan_req = rcu_dereference_protected(local->scan_req, |
| 690 | lockdep_is_held(&local->hw.wiphy->mtx)); |
| 691 | |
| 692 | tx_flags = IEEE80211_TX_INTFL_OFFCHAN_TX_OK; |
| 693 | if (scan_req->no_cck) |
| 694 | tx_flags |= IEEE80211_TX_CTL_NO_CCK_RATE; |
| 695 | if (scan_req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) |
| 696 | flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; |
| 697 | if (scan_req->flags & NL80211_SCAN_FLAG_RANDOM_SN) |
| 698 | flags |= IEEE80211_PROBE_FLAG_RANDOM_SN; |
| 699 | |
| 700 | sdata = rcu_dereference_protected(local->scan_sdata, |
| 701 | lockdep_is_held(&local->hw.wiphy->mtx)); |
| 702 | |
| 703 | for (i = 0; i < scan_req->n_ssids; i++) |
| 704 | ieee80211_send_scan_probe_req( |
| 705 | sdata, src: local->scan_addr, dst: scan_req->bssid, |
| 706 | ssid: scan_req->ssids[i].ssid, ssid_len: scan_req->ssids[i].ssid_len, |
| 707 | ie: scan_req->ie, ie_len: scan_req->ie_len, |
| 708 | ratemask: scan_req->rates[band], flags, |
| 709 | tx_flags, channel: local->hw.conf.chandef.chan); |
| 710 | |
| 711 | /* |
| 712 | * After sending probe requests, wait for probe responses |
| 713 | * on the channel. |
| 714 | */ |
| 715 | *next_delay = msecs_to_jiffies(m: scan_req->duration) > |
| 716 | IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME ? |
| 717 | msecs_to_jiffies(m: scan_req->duration) - IEEE80211_PROBE_DELAY : |
| 718 | IEEE80211_CHANNEL_TIME; |
| 719 | local->next_scan_state = SCAN_DECISION; |
| 720 | } |
| 721 | |
| 722 | static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata, |
| 723 | struct cfg80211_scan_request *req) |
| 724 | { |
| 725 | struct ieee80211_local *local = sdata->local; |
| 726 | bool hw_scan = local->ops->hw_scan; |
| 727 | int rc; |
| 728 | |
| 729 | lockdep_assert_wiphy(local->hw.wiphy); |
| 730 | |
| 731 | if (local->scan_req) |
| 732 | return -EBUSY; |
| 733 | |
| 734 | /* For an MLO connection, if a link ID was specified, validate that it |
| 735 | * is indeed active. |
| 736 | */ |
| 737 | if (ieee80211_vif_is_mld(vif: &sdata->vif) && req->tsf_report_link_id >= 0 && |
| 738 | !(sdata->vif.active_links & BIT(req->tsf_report_link_id))) |
| 739 | return -EINVAL; |
| 740 | |
| 741 | if (!__ieee80211_can_leave_ch(sdata, req)) |
| 742 | return -EBUSY; |
| 743 | |
| 744 | if (!ieee80211_can_scan(local, sdata, req)) { |
| 745 | /* wait for the work to finish/time out */ |
| 746 | rcu_assign_pointer(local->scan_req, req); |
| 747 | rcu_assign_pointer(local->scan_sdata, sdata); |
| 748 | return 0; |
| 749 | } |
| 750 | |
| 751 | again: |
| 752 | if (hw_scan) { |
| 753 | u8 *ies; |
| 754 | |
| 755 | local->hw_scan_ies_bufsize = local->scan_ies_len + req->ie_len; |
| 756 | |
| 757 | if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { |
| 758 | int i, n_bands = 0; |
| 759 | u8 bands_counted = 0; |
| 760 | |
| 761 | for (i = 0; i < req->n_channels; i++) { |
| 762 | if (bands_counted & BIT(req->channels[i]->band)) |
| 763 | continue; |
| 764 | bands_counted |= BIT(req->channels[i]->band); |
| 765 | n_bands++; |
| 766 | } |
| 767 | |
| 768 | local->hw_scan_ies_bufsize *= n_bands; |
| 769 | } |
| 770 | |
| 771 | local->hw_scan_req = kmalloc(struct_size(local->hw_scan_req, |
| 772 | req.channels, |
| 773 | req->n_channels) + |
| 774 | local->hw_scan_ies_bufsize, |
| 775 | GFP_KERNEL); |
| 776 | if (!local->hw_scan_req) |
| 777 | return -ENOMEM; |
| 778 | |
| 779 | local->hw_scan_req->req.ssids = req->ssids; |
| 780 | local->hw_scan_req->req.n_ssids = req->n_ssids; |
| 781 | /* None of the channels are actually set |
| 782 | * up but let UBSAN know the boundaries. |
| 783 | */ |
| 784 | local->hw_scan_req->req.n_channels = req->n_channels; |
| 785 | |
| 786 | ies = (u8 *)local->hw_scan_req + |
| 787 | sizeof(*local->hw_scan_req) + |
| 788 | req->n_channels * sizeof(req->channels[0]); |
| 789 | local->hw_scan_req->req.ie = ies; |
| 790 | local->hw_scan_req->req.flags = req->flags; |
| 791 | eth_broadcast_addr(addr: local->hw_scan_req->req.bssid); |
| 792 | local->hw_scan_req->req.duration = req->duration; |
| 793 | local->hw_scan_req->req.duration_mandatory = |
| 794 | req->duration_mandatory; |
| 795 | local->hw_scan_req->req.tsf_report_link_id = |
| 796 | req->tsf_report_link_id; |
| 797 | |
| 798 | local->hw_scan_band = 0; |
| 799 | local->hw_scan_req->req.n_6ghz_params = req->n_6ghz_params; |
| 800 | local->hw_scan_req->req.scan_6ghz_params = |
| 801 | req->scan_6ghz_params; |
| 802 | local->hw_scan_req->req.scan_6ghz = req->scan_6ghz; |
| 803 | local->hw_scan_req->req.first_part = req->first_part; |
| 804 | |
| 805 | /* |
| 806 | * After allocating local->hw_scan_req, we must |
| 807 | * go through until ieee80211_prep_hw_scan(), so |
| 808 | * anything that might be changed here and leave |
| 809 | * this function early must not go after this |
| 810 | * allocation. |
| 811 | */ |
| 812 | } |
| 813 | |
| 814 | rcu_assign_pointer(local->scan_req, req); |
| 815 | rcu_assign_pointer(local->scan_sdata, sdata); |
| 816 | |
| 817 | if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) |
| 818 | get_random_mask_addr(buf: local->scan_addr, |
| 819 | addr: req->mac_addr, |
| 820 | mask: req->mac_addr_mask); |
| 821 | else |
| 822 | memcpy(to: local->scan_addr, from: sdata->vif.addr, ETH_ALEN); |
| 823 | |
| 824 | if (hw_scan) { |
| 825 | __set_bit(SCAN_HW_SCANNING, &local->scanning); |
| 826 | } else if ((req->n_channels == 1) && |
| 827 | (req->channels[0] == local->hw.conf.chandef.chan)) { |
| 828 | /* |
| 829 | * If we are scanning only on the operating channel |
| 830 | * then we do not need to stop normal activities |
| 831 | */ |
| 832 | unsigned long next_delay; |
| 833 | |
| 834 | __set_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning); |
| 835 | |
| 836 | ieee80211_recalc_idle(local); |
| 837 | |
| 838 | /* Notify driver scan is starting, keep order of operations |
| 839 | * same as normal software scan, in case that matters. */ |
| 840 | drv_sw_scan_start(local, sdata, mac_addr: local->scan_addr); |
| 841 | |
| 842 | ieee80211_configure_filter(local); /* accept probe-responses */ |
| 843 | |
| 844 | /* We need to ensure power level is at max for scanning. */ |
| 845 | ieee80211_hw_conf_chan(local); |
| 846 | |
| 847 | if ((req->channels[0]->flags & (IEEE80211_CHAN_NO_IR | |
| 848 | IEEE80211_CHAN_RADAR)) || |
| 849 | !req->n_ssids) { |
| 850 | next_delay = IEEE80211_PASSIVE_CHANNEL_TIME; |
| 851 | if (req->n_ssids) |
| 852 | set_bit(nr: SCAN_BEACON_WAIT, addr: &local->scanning); |
| 853 | } else { |
| 854 | ieee80211_scan_state_send_probe(local, next_delay: &next_delay); |
| 855 | next_delay = IEEE80211_CHANNEL_TIME; |
| 856 | } |
| 857 | |
| 858 | /* Now, just wait a bit and we are all done! */ |
| 859 | wiphy_delayed_work_queue(wiphy: local->hw.wiphy, dwork: &local->scan_work, |
| 860 | delay: next_delay); |
| 861 | return 0; |
| 862 | } else { |
| 863 | /* Do normal software scan */ |
| 864 | __set_bit(SCAN_SW_SCANNING, &local->scanning); |
| 865 | } |
| 866 | |
| 867 | ieee80211_recalc_idle(local); |
| 868 | |
| 869 | if (hw_scan) { |
| 870 | WARN_ON(!ieee80211_prep_hw_scan(sdata)); |
| 871 | rc = drv_hw_scan(local, sdata, req: local->hw_scan_req); |
| 872 | } else { |
| 873 | rc = ieee80211_start_sw_scan(local, sdata); |
| 874 | } |
| 875 | |
| 876 | if (rc) { |
| 877 | kfree(objp: local->hw_scan_req); |
| 878 | local->hw_scan_req = NULL; |
| 879 | local->scanning = 0; |
| 880 | |
| 881 | ieee80211_recalc_idle(local); |
| 882 | |
| 883 | local->scan_req = NULL; |
| 884 | RCU_INIT_POINTER(local->scan_sdata, NULL); |
| 885 | } |
| 886 | |
| 887 | if (hw_scan && rc == 1) { |
| 888 | /* |
| 889 | * we can't fall back to software for P2P-GO |
| 890 | * as it must update NoA etc. |
| 891 | */ |
| 892 | if (ieee80211_vif_type_p2p(vif: &sdata->vif) == |
| 893 | NL80211_IFTYPE_P2P_GO) |
| 894 | return -EOPNOTSUPP; |
| 895 | hw_scan = false; |
| 896 | goto again; |
| 897 | } |
| 898 | |
| 899 | return rc; |
| 900 | } |
| 901 | |
| 902 | static unsigned long |
| 903 | ieee80211_scan_get_channel_time(struct ieee80211_channel *chan) |
| 904 | { |
| 905 | /* |
| 906 | * TODO: channel switching also consumes quite some time, |
| 907 | * add that delay as well to get a better estimation |
| 908 | */ |
| 909 | if (chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) |
| 910 | return IEEE80211_PASSIVE_CHANNEL_TIME; |
| 911 | return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME; |
| 912 | } |
| 913 | |
| 914 | static void ieee80211_scan_state_decision(struct ieee80211_local *local, |
| 915 | unsigned long *next_delay) |
| 916 | { |
| 917 | bool associated = false; |
| 918 | bool tx_empty = true; |
| 919 | bool bad_latency; |
| 920 | struct ieee80211_sub_if_data *sdata; |
| 921 | struct ieee80211_channel *next_chan; |
| 922 | enum mac80211_scan_state next_scan_state; |
| 923 | struct cfg80211_scan_request *scan_req; |
| 924 | |
| 925 | lockdep_assert_wiphy(local->hw.wiphy); |
| 926 | |
| 927 | /* |
| 928 | * check if at least one STA interface is associated, |
| 929 | * check if at least one STA interface has pending tx frames |
| 930 | * and grab the lowest used beacon interval |
| 931 | */ |
| 932 | list_for_each_entry(sdata, &local->interfaces, list) { |
| 933 | if (!ieee80211_sdata_running(sdata)) |
| 934 | continue; |
| 935 | |
| 936 | if (sdata->vif.type == NL80211_IFTYPE_STATION) { |
| 937 | if (sdata->u.mgd.associated) { |
| 938 | associated = true; |
| 939 | |
| 940 | if (!qdisc_all_tx_empty(dev: sdata->dev)) { |
| 941 | tx_empty = false; |
| 942 | break; |
| 943 | } |
| 944 | } |
| 945 | } |
| 946 | } |
| 947 | |
| 948 | scan_req = rcu_dereference_protected(local->scan_req, |
| 949 | lockdep_is_held(&local->hw.wiphy->mtx)); |
| 950 | |
| 951 | next_chan = scan_req->channels[local->scan_channel_idx]; |
| 952 | |
| 953 | /* |
| 954 | * we're currently scanning a different channel, let's |
| 955 | * see if we can scan another channel without interfering |
| 956 | * with the current traffic situation. |
| 957 | * |
| 958 | * Keep good latency, do not stay off-channel more than 125 ms. |
| 959 | */ |
| 960 | |
| 961 | bad_latency = time_after(jiffies + |
| 962 | ieee80211_scan_get_channel_time(next_chan), |
| 963 | local->leave_oper_channel_time + HZ / 8); |
| 964 | |
| 965 | if (associated && !tx_empty) { |
| 966 | if (scan_req->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) |
| 967 | next_scan_state = SCAN_ABORT; |
| 968 | else |
| 969 | next_scan_state = SCAN_SUSPEND; |
| 970 | } else if (associated && bad_latency) { |
| 971 | next_scan_state = SCAN_SUSPEND; |
| 972 | } else { |
| 973 | next_scan_state = SCAN_SET_CHANNEL; |
| 974 | } |
| 975 | |
| 976 | local->next_scan_state = next_scan_state; |
| 977 | |
| 978 | *next_delay = 0; |
| 979 | } |
| 980 | |
| 981 | static void ieee80211_scan_state_set_channel(struct ieee80211_local *local, |
| 982 | unsigned long *next_delay) |
| 983 | { |
| 984 | int skip; |
| 985 | struct ieee80211_channel *chan; |
| 986 | struct cfg80211_scan_request *scan_req; |
| 987 | |
| 988 | scan_req = rcu_dereference_protected(local->scan_req, |
| 989 | lockdep_is_held(&local->hw.wiphy->mtx)); |
| 990 | |
| 991 | skip = 0; |
| 992 | chan = scan_req->channels[local->scan_channel_idx]; |
| 993 | |
| 994 | local->scan_chandef.chan = chan; |
| 995 | local->scan_chandef.center_freq1 = chan->center_freq; |
| 996 | local->scan_chandef.freq1_offset = chan->freq_offset; |
| 997 | local->scan_chandef.center_freq2 = 0; |
| 998 | |
| 999 | /* For S1G, only scan the 1MHz primaries. */ |
| 1000 | if (chan->band == NL80211_BAND_S1GHZ) { |
| 1001 | local->scan_chandef.width = NL80211_CHAN_WIDTH_1; |
| 1002 | local->scan_chandef.s1g_primary_2mhz = false; |
| 1003 | goto set_channel; |
| 1004 | } |
| 1005 | |
| 1006 | /* |
| 1007 | * If scanning on oper channel, use whatever channel-type |
| 1008 | * is currently in use. |
| 1009 | */ |
| 1010 | if (chan == local->hw.conf.chandef.chan) |
| 1011 | local->scan_chandef = local->hw.conf.chandef; |
| 1012 | else |
| 1013 | local->scan_chandef.width = NL80211_CHAN_WIDTH_20_NOHT; |
| 1014 | |
| 1015 | set_channel: |
| 1016 | if (ieee80211_hw_conf_chan(local)) |
| 1017 | skip = 1; |
| 1018 | |
| 1019 | /* advance state machine to next channel/band */ |
| 1020 | local->scan_channel_idx++; |
| 1021 | |
| 1022 | if (skip) { |
| 1023 | /* if we skip this channel return to the decision state */ |
| 1024 | local->next_scan_state = SCAN_DECISION; |
| 1025 | return; |
| 1026 | } |
| 1027 | |
| 1028 | /* |
| 1029 | * Probe delay is used to update the NAV, cf. 11.1.3.2.2 |
| 1030 | * (which unfortunately doesn't say _why_ step a) is done, |
| 1031 | * but it waits for the probe delay or until a frame is |
| 1032 | * received - and the received frame would update the NAV). |
| 1033 | * For now, we do not support waiting until a frame is |
| 1034 | * received. |
| 1035 | * |
| 1036 | * In any case, it is not necessary for a passive scan. |
| 1037 | */ |
| 1038 | if ((chan->flags & (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR)) || |
| 1039 | !scan_req->n_ssids) { |
| 1040 | *next_delay = max(msecs_to_jiffies(scan_req->duration), |
| 1041 | IEEE80211_PASSIVE_CHANNEL_TIME); |
| 1042 | local->next_scan_state = SCAN_DECISION; |
| 1043 | if (scan_req->n_ssids) |
| 1044 | set_bit(nr: SCAN_BEACON_WAIT, addr: &local->scanning); |
| 1045 | return; |
| 1046 | } |
| 1047 | |
| 1048 | /* active scan, send probes */ |
| 1049 | *next_delay = IEEE80211_PROBE_DELAY; |
| 1050 | local->next_scan_state = SCAN_SEND_PROBE; |
| 1051 | } |
| 1052 | |
| 1053 | static void ieee80211_scan_state_suspend(struct ieee80211_local *local, |
| 1054 | unsigned long *next_delay) |
| 1055 | { |
| 1056 | /* switch back to the operating channel */ |
| 1057 | local->scan_chandef.chan = NULL; |
| 1058 | ieee80211_hw_conf_chan(local); |
| 1059 | |
| 1060 | /* disable PS */ |
| 1061 | ieee80211_offchannel_return(local); |
| 1062 | |
| 1063 | *next_delay = HZ / 5; |
| 1064 | /* afterwards, resume scan & go to next channel */ |
| 1065 | local->next_scan_state = SCAN_RESUME; |
| 1066 | } |
| 1067 | |
| 1068 | static void ieee80211_scan_state_resume(struct ieee80211_local *local, |
| 1069 | unsigned long *next_delay) |
| 1070 | { |
| 1071 | ieee80211_offchannel_stop_vifs(local); |
| 1072 | |
| 1073 | if (local->ops->flush) { |
| 1074 | ieee80211_flush_queues(local, NULL, drop: false); |
| 1075 | *next_delay = 0; |
| 1076 | } else |
| 1077 | *next_delay = HZ / 10; |
| 1078 | |
| 1079 | /* remember when we left the operating channel */ |
| 1080 | local->leave_oper_channel_time = jiffies; |
| 1081 | |
| 1082 | /* advance to the next channel to be scanned */ |
| 1083 | local->next_scan_state = SCAN_SET_CHANNEL; |
| 1084 | } |
| 1085 | |
| 1086 | void ieee80211_scan_work(struct wiphy *wiphy, struct wiphy_work *work) |
| 1087 | { |
| 1088 | struct ieee80211_local *local = |
| 1089 | container_of(work, struct ieee80211_local, scan_work.work); |
| 1090 | struct ieee80211_sub_if_data *sdata; |
| 1091 | struct cfg80211_scan_request *scan_req; |
| 1092 | unsigned long next_delay = 0; |
| 1093 | bool aborted; |
| 1094 | |
| 1095 | lockdep_assert_wiphy(local->hw.wiphy); |
| 1096 | |
| 1097 | if (!ieee80211_can_run_worker(local)) { |
| 1098 | aborted = true; |
| 1099 | goto out_complete; |
| 1100 | } |
| 1101 | |
| 1102 | sdata = rcu_dereference_protected(local->scan_sdata, |
| 1103 | lockdep_is_held(&local->hw.wiphy->mtx)); |
| 1104 | scan_req = rcu_dereference_protected(local->scan_req, |
| 1105 | lockdep_is_held(&local->hw.wiphy->mtx)); |
| 1106 | |
| 1107 | /* When scanning on-channel, the first-callback means completed. */ |
| 1108 | if (test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning)) { |
| 1109 | aborted = test_and_clear_bit(nr: SCAN_ABORTED, addr: &local->scanning); |
| 1110 | goto out_complete; |
| 1111 | } |
| 1112 | |
| 1113 | if (test_and_clear_bit(nr: SCAN_COMPLETED, addr: &local->scanning)) { |
| 1114 | aborted = test_and_clear_bit(nr: SCAN_ABORTED, addr: &local->scanning); |
| 1115 | goto out_complete; |
| 1116 | } |
| 1117 | |
| 1118 | if (!sdata || !scan_req) |
| 1119 | return; |
| 1120 | |
| 1121 | if (!local->scanning) { |
| 1122 | int rc; |
| 1123 | |
| 1124 | RCU_INIT_POINTER(local->scan_req, NULL); |
| 1125 | RCU_INIT_POINTER(local->scan_sdata, NULL); |
| 1126 | |
| 1127 | rc = __ieee80211_start_scan(sdata, req: scan_req); |
| 1128 | if (!rc) |
| 1129 | return; |
| 1130 | /* need to complete scan in cfg80211 */ |
| 1131 | rcu_assign_pointer(local->scan_req, scan_req); |
| 1132 | aborted = true; |
| 1133 | goto out_complete; |
| 1134 | } |
| 1135 | |
| 1136 | clear_bit(nr: SCAN_BEACON_WAIT, addr: &local->scanning); |
| 1137 | |
| 1138 | /* |
| 1139 | * as long as no delay is required advance immediately |
| 1140 | * without scheduling a new work |
| 1141 | */ |
| 1142 | do { |
| 1143 | if (!ieee80211_sdata_running(sdata)) { |
| 1144 | aborted = true; |
| 1145 | goto out_complete; |
| 1146 | } |
| 1147 | |
| 1148 | if (test_and_clear_bit(nr: SCAN_BEACON_DONE, addr: &local->scanning) && |
| 1149 | local->next_scan_state == SCAN_DECISION) |
| 1150 | local->next_scan_state = SCAN_SEND_PROBE; |
| 1151 | |
| 1152 | switch (local->next_scan_state) { |
| 1153 | case SCAN_DECISION: |
| 1154 | /* if no more bands/channels left, complete scan */ |
| 1155 | if (local->scan_channel_idx >= scan_req->n_channels) { |
| 1156 | aborted = false; |
| 1157 | goto out_complete; |
| 1158 | } |
| 1159 | ieee80211_scan_state_decision(local, next_delay: &next_delay); |
| 1160 | break; |
| 1161 | case SCAN_SET_CHANNEL: |
| 1162 | ieee80211_scan_state_set_channel(local, next_delay: &next_delay); |
| 1163 | break; |
| 1164 | case SCAN_SEND_PROBE: |
| 1165 | ieee80211_scan_state_send_probe(local, next_delay: &next_delay); |
| 1166 | break; |
| 1167 | case SCAN_SUSPEND: |
| 1168 | ieee80211_scan_state_suspend(local, next_delay: &next_delay); |
| 1169 | break; |
| 1170 | case SCAN_RESUME: |
| 1171 | ieee80211_scan_state_resume(local, next_delay: &next_delay); |
| 1172 | break; |
| 1173 | case SCAN_ABORT: |
| 1174 | aborted = true; |
| 1175 | goto out_complete; |
| 1176 | } |
| 1177 | } while (next_delay == 0); |
| 1178 | |
| 1179 | wiphy_delayed_work_queue(wiphy: local->hw.wiphy, dwork: &local->scan_work, |
| 1180 | delay: next_delay); |
| 1181 | return; |
| 1182 | |
| 1183 | out_complete: |
| 1184 | __ieee80211_scan_completed(hw: &local->hw, aborted); |
| 1185 | } |
| 1186 | |
| 1187 | int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata, |
| 1188 | struct cfg80211_scan_request *req) |
| 1189 | { |
| 1190 | lockdep_assert_wiphy(sdata->local->hw.wiphy); |
| 1191 | |
| 1192 | return __ieee80211_start_scan(sdata, req); |
| 1193 | } |
| 1194 | |
| 1195 | int ieee80211_request_ibss_scan(struct ieee80211_sub_if_data *sdata, |
| 1196 | const u8 *ssid, u8 ssid_len, |
| 1197 | struct ieee80211_channel **channels, |
| 1198 | unsigned int n_channels) |
| 1199 | { |
| 1200 | struct ieee80211_local *local = sdata->local; |
| 1201 | int i, n_ch = 0; |
| 1202 | enum nl80211_band band; |
| 1203 | |
| 1204 | lockdep_assert_wiphy(local->hw.wiphy); |
| 1205 | |
| 1206 | /* busy scanning */ |
| 1207 | if (local->scan_req) |
| 1208 | return -EBUSY; |
| 1209 | |
| 1210 | /* fill internal scan request */ |
| 1211 | if (!channels) { |
| 1212 | int max_n; |
| 1213 | |
| 1214 | for (band = 0; band < NUM_NL80211_BANDS; band++) { |
| 1215 | if (!local->hw.wiphy->bands[band] || |
| 1216 | band == NL80211_BAND_6GHZ || |
| 1217 | band == NL80211_BAND_S1GHZ) |
| 1218 | continue; |
| 1219 | |
| 1220 | max_n = local->hw.wiphy->bands[band]->n_channels; |
| 1221 | for (i = 0; i < max_n; i++) { |
| 1222 | struct ieee80211_channel *tmp_ch = |
| 1223 | &local->hw.wiphy->bands[band]->channels[i]; |
| 1224 | |
| 1225 | if (tmp_ch->flags & (IEEE80211_CHAN_NO_IR | |
| 1226 | IEEE80211_CHAN_DISABLED) || |
| 1227 | !cfg80211_wdev_channel_allowed(wdev: &sdata->wdev, |
| 1228 | chan: tmp_ch)) |
| 1229 | continue; |
| 1230 | |
| 1231 | local->int_scan_req->channels[n_ch] = tmp_ch; |
| 1232 | n_ch++; |
| 1233 | } |
| 1234 | } |
| 1235 | |
| 1236 | if (WARN_ON_ONCE(n_ch == 0)) |
| 1237 | return -EINVAL; |
| 1238 | |
| 1239 | local->int_scan_req->n_channels = n_ch; |
| 1240 | } else { |
| 1241 | for (i = 0; i < n_channels; i++) { |
| 1242 | if (channels[i]->flags & (IEEE80211_CHAN_NO_IR | |
| 1243 | IEEE80211_CHAN_DISABLED) || |
| 1244 | !cfg80211_wdev_channel_allowed(wdev: &sdata->wdev, |
| 1245 | chan: channels[i])) |
| 1246 | continue; |
| 1247 | |
| 1248 | local->int_scan_req->channels[n_ch] = channels[i]; |
| 1249 | n_ch++; |
| 1250 | } |
| 1251 | |
| 1252 | if (n_ch == 0) |
| 1253 | return -EINVAL; |
| 1254 | |
| 1255 | local->int_scan_req->n_channels = n_ch; |
| 1256 | } |
| 1257 | |
| 1258 | local->int_scan_req->ssids = &local->scan_ssid; |
| 1259 | local->int_scan_req->n_ssids = 1; |
| 1260 | memcpy(to: local->int_scan_req->ssids[0].ssid, from: ssid, IEEE80211_MAX_SSID_LEN); |
| 1261 | local->int_scan_req->ssids[0].ssid_len = ssid_len; |
| 1262 | |
| 1263 | return __ieee80211_start_scan(sdata, req: sdata->local->int_scan_req); |
| 1264 | } |
| 1265 | |
| 1266 | void ieee80211_scan_cancel(struct ieee80211_local *local) |
| 1267 | { |
| 1268 | /* ensure a new scan cannot be queued */ |
| 1269 | lockdep_assert_wiphy(local->hw.wiphy); |
| 1270 | |
| 1271 | /* |
| 1272 | * We are canceling software scan, or deferred scan that was not |
| 1273 | * yet really started (see __ieee80211_start_scan ). |
| 1274 | * |
| 1275 | * Regarding hardware scan: |
| 1276 | * - we can not call __ieee80211_scan_completed() as when |
| 1277 | * SCAN_HW_SCANNING bit is set this function change |
| 1278 | * local->hw_scan_req to operate on 5G band, what race with |
| 1279 | * driver which can use local->hw_scan_req |
| 1280 | * |
| 1281 | * - we can not cancel scan_work since driver can schedule it |
| 1282 | * by ieee80211_scan_completed(..., true) to finish scan |
| 1283 | * |
| 1284 | * Hence we only call the cancel_hw_scan() callback, but the low-level |
| 1285 | * driver is still responsible for calling ieee80211_scan_completed() |
| 1286 | * after the scan was completed/aborted. |
| 1287 | */ |
| 1288 | |
| 1289 | if (!local->scan_req) |
| 1290 | return; |
| 1291 | |
| 1292 | /* |
| 1293 | * We have a scan running and the driver already reported completion, |
| 1294 | * but the worker hasn't run yet or is stuck on the mutex - mark it as |
| 1295 | * cancelled. |
| 1296 | */ |
| 1297 | if (test_bit(SCAN_HW_SCANNING, &local->scanning) && |
| 1298 | test_bit(SCAN_COMPLETED, &local->scanning)) { |
| 1299 | set_bit(nr: SCAN_HW_CANCELLED, addr: &local->scanning); |
| 1300 | return; |
| 1301 | } |
| 1302 | |
| 1303 | if (test_bit(SCAN_HW_SCANNING, &local->scanning)) { |
| 1304 | /* |
| 1305 | * Make sure that __ieee80211_scan_completed doesn't trigger a |
| 1306 | * scan on another band. |
| 1307 | */ |
| 1308 | set_bit(nr: SCAN_HW_CANCELLED, addr: &local->scanning); |
| 1309 | if (local->ops->cancel_hw_scan) |
| 1310 | drv_cancel_hw_scan(local, |
| 1311 | rcu_dereference_protected(local->scan_sdata, |
| 1312 | lockdep_is_held(&local->hw.wiphy->mtx))); |
| 1313 | return; |
| 1314 | } |
| 1315 | |
| 1316 | wiphy_delayed_work_cancel(wiphy: local->hw.wiphy, dwork: &local->scan_work); |
| 1317 | /* and clean up */ |
| 1318 | memset(s: &local->scan_info, c: 0, n: sizeof(local->scan_info)); |
| 1319 | __ieee80211_scan_completed(hw: &local->hw, aborted: true); |
| 1320 | } |
| 1321 | |
| 1322 | int __ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata, |
| 1323 | struct cfg80211_sched_scan_request *req) |
| 1324 | { |
| 1325 | struct ieee80211_local *local = sdata->local; |
| 1326 | struct ieee80211_scan_ies sched_scan_ies = {}; |
| 1327 | struct cfg80211_chan_def chandef; |
| 1328 | int ret, i, iebufsz, num_bands = 0; |
| 1329 | u32 rate_masks[NUM_NL80211_BANDS] = {}; |
| 1330 | u8 bands_used = 0; |
| 1331 | u8 *ie; |
| 1332 | u32 flags = 0; |
| 1333 | |
| 1334 | lockdep_assert_wiphy(local->hw.wiphy); |
| 1335 | |
| 1336 | iebufsz = local->scan_ies_len + req->ie_len; |
| 1337 | |
| 1338 | if (!local->ops->sched_scan_start) |
| 1339 | return -EOPNOTSUPP; |
| 1340 | |
| 1341 | for (i = 0; i < NUM_NL80211_BANDS; i++) { |
| 1342 | if (local->hw.wiphy->bands[i]) { |
| 1343 | bands_used |= BIT(i); |
| 1344 | rate_masks[i] = (u32) -1; |
| 1345 | num_bands++; |
| 1346 | } |
| 1347 | } |
| 1348 | |
| 1349 | if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) |
| 1350 | flags |= IEEE80211_PROBE_FLAG_MIN_CONTENT; |
| 1351 | |
| 1352 | ie = kcalloc(iebufsz, num_bands, GFP_KERNEL); |
| 1353 | if (!ie) { |
| 1354 | ret = -ENOMEM; |
| 1355 | goto out; |
| 1356 | } |
| 1357 | |
| 1358 | ieee80211_prepare_scan_chandef(chandef: &chandef); |
| 1359 | |
| 1360 | ret = ieee80211_build_preq_ies(sdata, buffer: ie, buffer_len: num_bands * iebufsz, |
| 1361 | ie_desc: &sched_scan_ies, ie: req->ie, |
| 1362 | ie_len: req->ie_len, bands_used, rate_masks, |
| 1363 | chandef: &chandef, flags); |
| 1364 | if (ret < 0) |
| 1365 | goto error; |
| 1366 | |
| 1367 | ret = drv_sched_scan_start(local, sdata, req, ies: &sched_scan_ies); |
| 1368 | if (ret == 0) { |
| 1369 | rcu_assign_pointer(local->sched_scan_sdata, sdata); |
| 1370 | rcu_assign_pointer(local->sched_scan_req, req); |
| 1371 | } |
| 1372 | |
| 1373 | error: |
| 1374 | kfree(objp: ie); |
| 1375 | out: |
| 1376 | if (ret) { |
| 1377 | /* Clean in case of failure after HW restart or upon resume. */ |
| 1378 | RCU_INIT_POINTER(local->sched_scan_sdata, NULL); |
| 1379 | RCU_INIT_POINTER(local->sched_scan_req, NULL); |
| 1380 | } |
| 1381 | |
| 1382 | return ret; |
| 1383 | } |
| 1384 | |
| 1385 | int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata, |
| 1386 | struct cfg80211_sched_scan_request *req) |
| 1387 | { |
| 1388 | struct ieee80211_local *local = sdata->local; |
| 1389 | |
| 1390 | lockdep_assert_wiphy(local->hw.wiphy); |
| 1391 | |
| 1392 | if (rcu_access_pointer(local->sched_scan_sdata)) |
| 1393 | return -EBUSY; |
| 1394 | |
| 1395 | return __ieee80211_request_sched_scan_start(sdata, req); |
| 1396 | } |
| 1397 | |
| 1398 | int ieee80211_request_sched_scan_stop(struct ieee80211_local *local) |
| 1399 | { |
| 1400 | struct ieee80211_sub_if_data *sched_scan_sdata; |
| 1401 | int ret = -ENOENT; |
| 1402 | |
| 1403 | lockdep_assert_wiphy(local->hw.wiphy); |
| 1404 | |
| 1405 | if (!local->ops->sched_scan_stop) |
| 1406 | return -EOPNOTSUPP; |
| 1407 | |
| 1408 | /* We don't want to restart sched scan anymore. */ |
| 1409 | RCU_INIT_POINTER(local->sched_scan_req, NULL); |
| 1410 | |
| 1411 | sched_scan_sdata = rcu_dereference_protected(local->sched_scan_sdata, |
| 1412 | lockdep_is_held(&local->hw.wiphy->mtx)); |
| 1413 | if (sched_scan_sdata) { |
| 1414 | ret = drv_sched_scan_stop(local, sdata: sched_scan_sdata); |
| 1415 | if (!ret) |
| 1416 | RCU_INIT_POINTER(local->sched_scan_sdata, NULL); |
| 1417 | } |
| 1418 | |
| 1419 | return ret; |
| 1420 | } |
| 1421 | |
| 1422 | void ieee80211_sched_scan_results(struct ieee80211_hw *hw) |
| 1423 | { |
| 1424 | struct ieee80211_local *local = hw_to_local(hw); |
| 1425 | |
| 1426 | trace_api_sched_scan_results(local); |
| 1427 | |
| 1428 | cfg80211_sched_scan_results(wiphy: hw->wiphy, reqid: 0); |
| 1429 | } |
| 1430 | EXPORT_SYMBOL(ieee80211_sched_scan_results); |
| 1431 | |
| 1432 | void ieee80211_sched_scan_end(struct ieee80211_local *local) |
| 1433 | { |
| 1434 | lockdep_assert_wiphy(local->hw.wiphy); |
| 1435 | |
| 1436 | if (!rcu_access_pointer(local->sched_scan_sdata)) |
| 1437 | return; |
| 1438 | |
| 1439 | RCU_INIT_POINTER(local->sched_scan_sdata, NULL); |
| 1440 | |
| 1441 | /* If sched scan was aborted by the driver. */ |
| 1442 | RCU_INIT_POINTER(local->sched_scan_req, NULL); |
| 1443 | |
| 1444 | cfg80211_sched_scan_stopped_locked(wiphy: local->hw.wiphy, reqid: 0); |
| 1445 | } |
| 1446 | |
| 1447 | void ieee80211_sched_scan_stopped_work(struct wiphy *wiphy, |
| 1448 | struct wiphy_work *work) |
| 1449 | { |
| 1450 | struct ieee80211_local *local = |
| 1451 | container_of(work, struct ieee80211_local, |
| 1452 | sched_scan_stopped_work); |
| 1453 | |
| 1454 | ieee80211_sched_scan_end(local); |
| 1455 | } |
| 1456 | |
| 1457 | void ieee80211_sched_scan_stopped(struct ieee80211_hw *hw) |
| 1458 | { |
| 1459 | struct ieee80211_local *local = hw_to_local(hw); |
| 1460 | |
| 1461 | trace_api_sched_scan_stopped(local); |
| 1462 | |
| 1463 | /* |
| 1464 | * this shouldn't really happen, so for simplicity |
| 1465 | * simply ignore it, and let mac80211 reconfigure |
| 1466 | * the sched scan later on. |
| 1467 | */ |
| 1468 | if (local->in_reconfig) |
| 1469 | return; |
| 1470 | |
| 1471 | wiphy_work_queue(wiphy: hw->wiphy, work: &local->sched_scan_stopped_work); |
| 1472 | } |
| 1473 | EXPORT_SYMBOL(ieee80211_sched_scan_stopped); |
| 1474 |
Generated on 2025-Oct-12 from project Linux revision 6.17.0 (67029a49db6c)
Powered by 
Code Browser 2.1
Generator usage only permitted with license.