scan.c revision 37e0838117084eb957fdf124bf555f4b9933a5a5
1/* 2 * cfg80211 scan result handling 3 * 4 * Copyright 2008 Johannes Berg <johannes@sipsolutions.net> 5 */ 6#include <linux/kernel.h> 7#include <linux/slab.h> 8#include <linux/module.h> 9#include <linux/netdevice.h> 10#include <linux/wireless.h> 11#include <linux/nl80211.h> 12#include <linux/etherdevice.h> 13#include <net/arp.h> 14#include <net/cfg80211.h> 15#include <net/cfg80211-wext.h> 16#include <net/iw_handler.h> 17#include "core.h" 18#include "nl80211.h" 19#include "wext-compat.h" 20#include "rdev-ops.h" 21 22#define IEEE80211_SCAN_RESULT_EXPIRE (30 * HZ) 23 24static void bss_release(struct kref *ref) 25{ 26 struct cfg80211_bss_ies *ies; 27 struct cfg80211_internal_bss *bss; 28 29 bss = container_of(ref, struct cfg80211_internal_bss, ref); 30 31 if (WARN_ON(atomic_read(&bss->hold))) 32 return; 33 34 ies = (void *)rcu_access_pointer(bss->pub.beacon_ies); 35 if (ies) 36 kfree_rcu(ies, rcu_head); 37 ies = (void *)rcu_access_pointer(bss->pub.proberesp_ies); 38 if (ies) 39 kfree_rcu(ies, rcu_head); 40 41 kfree(bss); 42} 43 44/* must hold dev->bss_lock! */ 45static void __cfg80211_unlink_bss(struct cfg80211_registered_device *dev, 46 struct cfg80211_internal_bss *bss) 47{ 48 list_del_init(&bss->list); 49 rb_erase(&bss->rbn, &dev->bss_tree); 50 kref_put(&bss->ref, bss_release); 51} 52 53/* must hold dev->bss_lock! */ 54static void __cfg80211_bss_expire(struct cfg80211_registered_device *dev, 55 unsigned long expire_time) 56{ 57 struct cfg80211_internal_bss *bss, *tmp; 58 bool expired = false; 59 60 list_for_each_entry_safe(bss, tmp, &dev->bss_list, list) { 61 if (atomic_read(&bss->hold)) 62 continue; 63 if (!time_after(expire_time, bss->ts)) 64 continue; 65 66 __cfg80211_unlink_bss(dev, bss); 67 expired = true; 68 } 69 70 if (expired) 71 dev->bss_generation++; 72} 73 74void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak) 75{ 76 struct cfg80211_scan_request *request; 77 struct wireless_dev *wdev; 78#ifdef CONFIG_CFG80211_WEXT 79 union iwreq_data wrqu; 80#endif 81 82 ASSERT_RDEV_LOCK(rdev); 83 84 request = rdev->scan_req; 85 86 if (!request) 87 return; 88 89 wdev = request->wdev; 90 91 /* 92 * This must be before sending the other events! 93 * Otherwise, wpa_supplicant gets completely confused with 94 * wext events. 95 */ 96 if (wdev->netdev) 97 cfg80211_sme_scan_done(wdev->netdev); 98 99 if (request->aborted) { 100 nl80211_send_scan_aborted(rdev, wdev); 101 } else { 102 if (request->flags & NL80211_SCAN_FLAG_FLUSH) { 103 /* flush entries from previous scans */ 104 spin_lock_bh(&rdev->bss_lock); 105 __cfg80211_bss_expire(rdev, request->scan_start); 106 spin_unlock_bh(&rdev->bss_lock); 107 } 108 nl80211_send_scan_done(rdev, wdev); 109 } 110 111#ifdef CONFIG_CFG80211_WEXT 112 if (wdev->netdev && !request->aborted) { 113 memset(&wrqu, 0, sizeof(wrqu)); 114 115 wireless_send_event(wdev->netdev, SIOCGIWSCAN, &wrqu, NULL); 116 } 117#endif 118 119 if (wdev->netdev) 120 dev_put(wdev->netdev); 121 122 rdev->scan_req = NULL; 123 124 /* 125 * OK. If this is invoked with "leak" then we can't 126 * free this ... but we've cleaned it up anyway. The 127 * driver failed to call the scan_done callback, so 128 * all bets are off, it might still be trying to use 129 * the scan request or not ... if it accesses the dev 130 * in there (it shouldn't anyway) then it may crash. 131 */ 132 if (!leak) 133 kfree(request); 134} 135 136void __cfg80211_scan_done(struct work_struct *wk) 137{ 138 struct cfg80211_registered_device *rdev; 139 140 rdev = container_of(wk, struct cfg80211_registered_device, 141 scan_done_wk); 142 143 cfg80211_lock_rdev(rdev); 144 ___cfg80211_scan_done(rdev, false); 145 cfg80211_unlock_rdev(rdev); 146} 147 148void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted) 149{ 150 trace_cfg80211_scan_done(request, aborted); 151 WARN_ON(request != wiphy_to_dev(request->wiphy)->scan_req); 152 153 request->aborted = aborted; 154 queue_work(cfg80211_wq, &wiphy_to_dev(request->wiphy)->scan_done_wk); 155} 156EXPORT_SYMBOL(cfg80211_scan_done); 157 158void __cfg80211_sched_scan_results(struct work_struct *wk) 159{ 160 struct cfg80211_registered_device *rdev; 161 struct cfg80211_sched_scan_request *request; 162 163 rdev = container_of(wk, struct cfg80211_registered_device, 164 sched_scan_results_wk); 165 166 request = rdev->sched_scan_req; 167 168 mutex_lock(&rdev->sched_scan_mtx); 169 170 /* we don't have sched_scan_req anymore if the scan is stopping */ 171 if (request) { 172 if (request->flags & NL80211_SCAN_FLAG_FLUSH) { 173 /* flush entries from previous scans */ 174 spin_lock_bh(&rdev->bss_lock); 175 __cfg80211_bss_expire(rdev, request->scan_start); 176 spin_unlock_bh(&rdev->bss_lock); 177 request->scan_start = 178 jiffies + msecs_to_jiffies(request->interval); 179 } 180 nl80211_send_sched_scan_results(rdev, request->dev); 181 } 182 183 mutex_unlock(&rdev->sched_scan_mtx); 184} 185 186void cfg80211_sched_scan_results(struct wiphy *wiphy) 187{ 188 trace_cfg80211_sched_scan_results(wiphy); 189 /* ignore if we're not scanning */ 190 if (wiphy_to_dev(wiphy)->sched_scan_req) 191 queue_work(cfg80211_wq, 192 &wiphy_to_dev(wiphy)->sched_scan_results_wk); 193} 194EXPORT_SYMBOL(cfg80211_sched_scan_results); 195 196void cfg80211_sched_scan_stopped(struct wiphy *wiphy) 197{ 198 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 199 200 trace_cfg80211_sched_scan_stopped(wiphy); 201 202 mutex_lock(&rdev->sched_scan_mtx); 203 __cfg80211_stop_sched_scan(rdev, true); 204 mutex_unlock(&rdev->sched_scan_mtx); 205} 206EXPORT_SYMBOL(cfg80211_sched_scan_stopped); 207 208int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev, 209 bool driver_initiated) 210{ 211 struct net_device *dev; 212 213 lockdep_assert_held(&rdev->sched_scan_mtx); 214 215 if (!rdev->sched_scan_req) 216 return -ENOENT; 217 218 dev = rdev->sched_scan_req->dev; 219 220 if (!driver_initiated) { 221 int err = rdev_sched_scan_stop(rdev, dev); 222 if (err) 223 return err; 224 } 225 226 nl80211_send_sched_scan(rdev, dev, NL80211_CMD_SCHED_SCAN_STOPPED); 227 228 kfree(rdev->sched_scan_req); 229 rdev->sched_scan_req = NULL; 230 231 return 0; 232} 233 234/* must hold dev->bss_lock! */ 235void cfg80211_bss_age(struct cfg80211_registered_device *dev, 236 unsigned long age_secs) 237{ 238 struct cfg80211_internal_bss *bss; 239 unsigned long age_jiffies = msecs_to_jiffies(age_secs * MSEC_PER_SEC); 240 241 list_for_each_entry(bss, &dev->bss_list, list) 242 bss->ts -= age_jiffies; 243} 244 245void cfg80211_bss_expire(struct cfg80211_registered_device *dev) 246{ 247 __cfg80211_bss_expire(dev, jiffies - IEEE80211_SCAN_RESULT_EXPIRE); 248} 249 250const u8 *cfg80211_find_ie(u8 eid, const u8 *ies, int len) 251{ 252 while (len > 2 && ies[0] != eid) { 253 len -= ies[1] + 2; 254 ies += ies[1] + 2; 255 } 256 if (len < 2) 257 return NULL; 258 if (len < 2 + ies[1]) 259 return NULL; 260 return ies; 261} 262EXPORT_SYMBOL(cfg80211_find_ie); 263 264const u8 *cfg80211_find_vendor_ie(unsigned int oui, u8 oui_type, 265 const u8 *ies, int len) 266{ 267 struct ieee80211_vendor_ie *ie; 268 const u8 *pos = ies, *end = ies + len; 269 int ie_oui; 270 271 while (pos < end) { 272 pos = cfg80211_find_ie(WLAN_EID_VENDOR_SPECIFIC, pos, 273 end - pos); 274 if (!pos) 275 return NULL; 276 277 if (end - pos < sizeof(*ie)) 278 return NULL; 279 280 ie = (struct ieee80211_vendor_ie *)pos; 281 ie_oui = ie->oui[0] << 16 | ie->oui[1] << 8 | ie->oui[2]; 282 if (ie_oui == oui && ie->oui_type == oui_type) 283 return pos; 284 285 pos += 2 + ie->len; 286 } 287 return NULL; 288} 289EXPORT_SYMBOL(cfg80211_find_vendor_ie); 290 291static bool is_bss(struct cfg80211_bss *a, const u8 *bssid, 292 const u8 *ssid, size_t ssid_len) 293{ 294 const struct cfg80211_bss_ies *ies; 295 const u8 *ssidie; 296 297 if (bssid && !ether_addr_equal(a->bssid, bssid)) 298 return false; 299 300 if (!ssid) 301 return true; 302 303 ies = rcu_access_pointer(a->ies); 304 if (!ies) 305 return false; 306 ssidie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len); 307 if (!ssidie) 308 return false; 309 if (ssidie[1] != ssid_len) 310 return false; 311 return memcmp(ssidie + 2, ssid, ssid_len) == 0; 312} 313 314/** 315 * enum bss_compare_mode - BSS compare mode 316 * @BSS_CMP_REGULAR: regular compare mode (for insertion and normal find) 317 * @BSS_CMP_HIDE_ZLEN: find hidden SSID with zero-length mode 318 * @BSS_CMP_HIDE_NUL: find hidden SSID with NUL-ed out mode 319 */ 320enum bss_compare_mode { 321 BSS_CMP_REGULAR, 322 BSS_CMP_HIDE_ZLEN, 323 BSS_CMP_HIDE_NUL, 324}; 325 326static int cmp_bss(struct cfg80211_bss *a, 327 struct cfg80211_bss *b, 328 enum bss_compare_mode mode) 329{ 330 const struct cfg80211_bss_ies *a_ies, *b_ies; 331 const u8 *ie1 = NULL; 332 const u8 *ie2 = NULL; 333 int i, r; 334 335 if (a->channel != b->channel) 336 return b->channel->center_freq - a->channel->center_freq; 337 338 a_ies = rcu_access_pointer(a->ies); 339 if (!a_ies) 340 return -1; 341 b_ies = rcu_access_pointer(b->ies); 342 if (!b_ies) 343 return 1; 344 345 if (WLAN_CAPABILITY_IS_STA_BSS(a->capability)) 346 ie1 = cfg80211_find_ie(WLAN_EID_MESH_ID, 347 a_ies->data, a_ies->len); 348 if (WLAN_CAPABILITY_IS_STA_BSS(b->capability)) 349 ie2 = cfg80211_find_ie(WLAN_EID_MESH_ID, 350 b_ies->data, b_ies->len); 351 if (ie1 && ie2) { 352 int mesh_id_cmp; 353 354 if (ie1[1] == ie2[1]) 355 mesh_id_cmp = memcmp(ie1 + 2, ie2 + 2, ie1[1]); 356 else 357 mesh_id_cmp = ie2[1] - ie1[1]; 358 359 ie1 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG, 360 a_ies->data, a_ies->len); 361 ie2 = cfg80211_find_ie(WLAN_EID_MESH_CONFIG, 362 b_ies->data, b_ies->len); 363 if (ie1 && ie2) { 364 if (mesh_id_cmp) 365 return mesh_id_cmp; 366 if (ie1[1] != ie2[1]) 367 return ie2[1] - ie1[1]; 368 return memcmp(ie1 + 2, ie2 + 2, ie1[1]); 369 } 370 } 371 372 /* 373 * we can't use compare_ether_addr here since we need a < > operator. 374 * The binary return value of compare_ether_addr isn't enough 375 */ 376 r = memcmp(a->bssid, b->bssid, sizeof(a->bssid)); 377 if (r) 378 return r; 379 380 ie1 = cfg80211_find_ie(WLAN_EID_SSID, a_ies->data, a_ies->len); 381 ie2 = cfg80211_find_ie(WLAN_EID_SSID, b_ies->data, b_ies->len); 382 383 if (!ie1 && !ie2) 384 return 0; 385 386 /* 387 * Note that with "hide_ssid", the function returns a match if 388 * the already-present BSS ("b") is a hidden SSID beacon for 389 * the new BSS ("a"). 390 */ 391 392 /* sort missing IE before (left of) present IE */ 393 if (!ie1) 394 return -1; 395 if (!ie2) 396 return 1; 397 398 switch (mode) { 399 case BSS_CMP_HIDE_ZLEN: 400 /* 401 * In ZLEN mode we assume the BSS entry we're 402 * looking for has a zero-length SSID. So if 403 * the one we're looking at right now has that, 404 * return 0. Otherwise, return the difference 405 * in length, but since we're looking for the 406 * 0-length it's really equivalent to returning 407 * the length of the one we're looking at. 408 * 409 * No content comparison is needed as we assume 410 * the content length is zero. 411 */ 412 return ie2[1]; 413 case BSS_CMP_REGULAR: 414 default: 415 /* sort by length first, then by contents */ 416 if (ie1[1] != ie2[1]) 417 return ie2[1] - ie1[1]; 418 return memcmp(ie1 + 2, ie2 + 2, ie1[1]); 419 case BSS_CMP_HIDE_NUL: 420 if (ie1[1] != ie2[1]) 421 return ie2[1] - ie1[1]; 422 /* this is equivalent to memcmp(zeroes, ie2 + 2, len) */ 423 for (i = 0; i < ie2[1]; i++) 424 if (ie2[i + 2]) 425 return -1; 426 return 0; 427 } 428} 429 430struct cfg80211_bss *cfg80211_get_bss(struct wiphy *wiphy, 431 struct ieee80211_channel *channel, 432 const u8 *bssid, 433 const u8 *ssid, size_t ssid_len, 434 u16 capa_mask, u16 capa_val) 435{ 436 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy); 437 struct cfg80211_internal_bss *bss, *res = NULL; 438 unsigned long now = jiffies; 439 440 trace_cfg80211_get_bss(wiphy, channel, bssid, ssid, ssid_len, capa_mask, 441 capa_val); 442 443 spin_lock_bh(&dev->bss_lock); 444 445 list_for_each_entry(bss, &dev->bss_list, list) { 446 if ((bss->pub.capability & capa_mask) != capa_val) 447 continue; 448 if (channel && bss->pub.channel != channel) 449 continue; 450 /* Don't get expired BSS structs */ 451 if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) && 452 !atomic_read(&bss->hold)) 453 continue; 454 if (is_bss(&bss->pub, bssid, ssid, ssid_len)) { 455 res = bss; 456 kref_get(&res->ref); 457 break; 458 } 459 } 460 461 spin_unlock_bh(&dev->bss_lock); 462 if (!res) 463 return NULL; 464 trace_cfg80211_return_bss(&res->pub); 465 return &res->pub; 466} 467EXPORT_SYMBOL(cfg80211_get_bss); 468 469static void rb_insert_bss(struct cfg80211_registered_device *dev, 470 struct cfg80211_internal_bss *bss) 471{ 472 struct rb_node **p = &dev->bss_tree.rb_node; 473 struct rb_node *parent = NULL; 474 struct cfg80211_internal_bss *tbss; 475 int cmp; 476 477 while (*p) { 478 parent = *p; 479 tbss = rb_entry(parent, struct cfg80211_internal_bss, rbn); 480 481 cmp = cmp_bss(&bss->pub, &tbss->pub, BSS_CMP_REGULAR); 482 483 if (WARN_ON(!cmp)) { 484 /* will sort of leak this BSS */ 485 return; 486 } 487 488 if (cmp < 0) 489 p = &(*p)->rb_left; 490 else 491 p = &(*p)->rb_right; 492 } 493 494 rb_link_node(&bss->rbn, parent, p); 495 rb_insert_color(&bss->rbn, &dev->bss_tree); 496} 497 498static struct cfg80211_internal_bss * 499rb_find_bss(struct cfg80211_registered_device *dev, 500 struct cfg80211_internal_bss *res, 501 enum bss_compare_mode mode) 502{ 503 struct rb_node *n = dev->bss_tree.rb_node; 504 struct cfg80211_internal_bss *bss; 505 int r; 506 507 while (n) { 508 bss = rb_entry(n, struct cfg80211_internal_bss, rbn); 509 r = cmp_bss(&res->pub, &bss->pub, mode); 510 511 if (r == 0) 512 return bss; 513 else if (r < 0) 514 n = n->rb_left; 515 else 516 n = n->rb_right; 517 } 518 519 return NULL; 520} 521 522static void 523copy_hidden_ies(struct cfg80211_internal_bss *res, 524 struct cfg80211_internal_bss *hidden) 525{ 526 const struct cfg80211_bss_ies *ies; 527 528 if (rcu_access_pointer(res->pub.beacon_ies)) 529 return; 530 531 ies = rcu_access_pointer(hidden->pub.beacon_ies); 532 if (WARN_ON(!ies)) 533 return; 534 535 ies = kmemdup(ies, sizeof(*ies) + ies->len, GFP_ATOMIC); 536 if (unlikely(!ies)) 537 return; 538 rcu_assign_pointer(res->pub.beacon_ies, ies); 539} 540 541static struct cfg80211_internal_bss * 542cfg80211_bss_update(struct cfg80211_registered_device *dev, 543 struct cfg80211_internal_bss *tmp) 544{ 545 struct cfg80211_internal_bss *found = NULL; 546 547 if (WARN_ON(!tmp->pub.channel)) 548 return NULL; 549 550 tmp->ts = jiffies; 551 552 spin_lock_bh(&dev->bss_lock); 553 554 if (WARN_ON(!rcu_access_pointer(tmp->pub.ies))) { 555 spin_unlock_bh(&dev->bss_lock); 556 return NULL; 557 } 558 559 found = rb_find_bss(dev, tmp, BSS_CMP_REGULAR); 560 561 if (found) { 562 found->pub.beacon_interval = tmp->pub.beacon_interval; 563 found->pub.tsf = tmp->pub.tsf; 564 found->pub.signal = tmp->pub.signal; 565 found->pub.capability = tmp->pub.capability; 566 found->ts = tmp->ts; 567 568 /* Update IEs */ 569 if (rcu_access_pointer(tmp->pub.proberesp_ies)) { 570 const struct cfg80211_bss_ies *old; 571 572 old = rcu_access_pointer(found->pub.proberesp_ies); 573 574 rcu_assign_pointer(found->pub.proberesp_ies, 575 tmp->pub.proberesp_ies); 576 /* Override possible earlier Beacon frame IEs */ 577 rcu_assign_pointer(found->pub.ies, 578 tmp->pub.proberesp_ies); 579 if (old) 580 kfree_rcu((struct cfg80211_bss_ies *)old, 581 rcu_head); 582 } else if (rcu_access_pointer(tmp->pub.beacon_ies)) { 583 const struct cfg80211_bss_ies *old, *ies; 584 585 old = rcu_access_pointer(found->pub.beacon_ies); 586 ies = rcu_access_pointer(found->pub.ies); 587 588 rcu_assign_pointer(found->pub.beacon_ies, 589 tmp->pub.beacon_ies); 590 591 /* Override IEs if they were from a beacon before */ 592 if (old == ies) 593 rcu_assign_pointer(found->pub.ies, 594 tmp->pub.beacon_ies); 595 596 if (old) 597 kfree_rcu((struct cfg80211_bss_ies *)old, 598 rcu_head); 599 } 600 } else { 601 struct cfg80211_internal_bss *new; 602 struct cfg80211_internal_bss *hidden; 603 struct cfg80211_bss_ies *ies; 604 605 /* First check if the beacon is a probe response from 606 * a hidden bss. If so, copy beacon ies (with nullified 607 * ssid) into the probe response bss entry (with real ssid). 608 * It is required basically for PSM implementation 609 * (probe responses do not contain tim ie) */ 610 611 /* TODO: The code is not trying to update existing probe 612 * response bss entries when beacon ies are 613 * getting changed. */ 614 hidden = rb_find_bss(dev, tmp, BSS_CMP_HIDE_ZLEN); 615 if (hidden) { 616 copy_hidden_ies(tmp, hidden); 617 } else { 618 hidden = rb_find_bss(dev, tmp, BSS_CMP_HIDE_NUL); 619 if (hidden) 620 copy_hidden_ies(tmp, hidden); 621 } 622 623 /* 624 * create a copy -- the "res" variable that is passed in 625 * is allocated on the stack since it's not needed in the 626 * more common case of an update 627 */ 628 new = kzalloc(sizeof(*new) + dev->wiphy.bss_priv_size, 629 GFP_ATOMIC); 630 if (!new) { 631 ies = (void *)rcu_dereference(tmp->pub.beacon_ies); 632 if (ies) 633 kfree_rcu(ies, rcu_head); 634 ies = (void *)rcu_dereference(tmp->pub.proberesp_ies); 635 if (ies) 636 kfree_rcu(ies, rcu_head); 637 spin_unlock_bh(&dev->bss_lock); 638 return NULL; 639 } 640 memcpy(new, tmp, sizeof(*new)); 641 kref_init(&new->ref); 642 list_add_tail(&new->list, &dev->bss_list); 643 rb_insert_bss(dev, new); 644 found = new; 645 } 646 647 dev->bss_generation++; 648 spin_unlock_bh(&dev->bss_lock); 649 650 kref_get(&found->ref); 651 return found; 652} 653 654static struct ieee80211_channel * 655cfg80211_get_bss_channel(struct wiphy *wiphy, const u8 *ie, size_t ielen, 656 struct ieee80211_channel *channel) 657{ 658 const u8 *tmp; 659 u32 freq; 660 int channel_number = -1; 661 662 tmp = cfg80211_find_ie(WLAN_EID_DS_PARAMS, ie, ielen); 663 if (tmp && tmp[1] == 1) { 664 channel_number = tmp[2]; 665 } else { 666 tmp = cfg80211_find_ie(WLAN_EID_HT_OPERATION, ie, ielen); 667 if (tmp && tmp[1] >= sizeof(struct ieee80211_ht_operation)) { 668 struct ieee80211_ht_operation *htop = (void *)(tmp + 2); 669 670 channel_number = htop->primary_chan; 671 } 672 } 673 674 if (channel_number < 0) 675 return channel; 676 677 freq = ieee80211_channel_to_frequency(channel_number, channel->band); 678 channel = ieee80211_get_channel(wiphy, freq); 679 if (!channel) 680 return NULL; 681 if (channel->flags & IEEE80211_CHAN_DISABLED) 682 return NULL; 683 return channel; 684} 685 686struct cfg80211_bss* 687cfg80211_inform_bss(struct wiphy *wiphy, 688 struct ieee80211_channel *channel, 689 const u8 *bssid, u64 tsf, u16 capability, 690 u16 beacon_interval, const u8 *ie, size_t ielen, 691 s32 signal, gfp_t gfp) 692{ 693 struct cfg80211_bss_ies *ies; 694 struct cfg80211_internal_bss tmp = {}, *res; 695 696 if (WARN_ON(!wiphy)) 697 return NULL; 698 699 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC && 700 (signal < 0 || signal > 100))) 701 return NULL; 702 703 channel = cfg80211_get_bss_channel(wiphy, ie, ielen, channel); 704 if (!channel) 705 return NULL; 706 707 memcpy(tmp.pub.bssid, bssid, ETH_ALEN); 708 tmp.pub.channel = channel; 709 tmp.pub.signal = signal; 710 tmp.pub.tsf = tsf; 711 tmp.pub.beacon_interval = beacon_interval; 712 tmp.pub.capability = capability; 713 /* 714 * Since we do not know here whether the IEs are from a Beacon or Probe 715 * Response frame, we need to pick one of the options and only use it 716 * with the driver that does not provide the full Beacon/Probe Response 717 * frame. Use Beacon frame pointer to avoid indicating that this should 718 * override the iies pointer should we have received an earlier 719 * indication of Probe Response data. 720 * 721 * The initial buffer for the IEs is allocated with the BSS entry and 722 * is located after the private area. 723 */ 724 ies = kmalloc(sizeof(*ies) + ielen, gfp); 725 if (!ies) 726 return NULL; 727 ies->len = ielen; 728 memcpy(ies->data, ie, ielen); 729 730 rcu_assign_pointer(tmp.pub.beacon_ies, ies); 731 rcu_assign_pointer(tmp.pub.ies, ies); 732 733 res = cfg80211_bss_update(wiphy_to_dev(wiphy), &tmp); 734 if (!res) 735 return NULL; 736 737 if (res->pub.capability & WLAN_CAPABILITY_ESS) 738 regulatory_hint_found_beacon(wiphy, channel, gfp); 739 740 trace_cfg80211_return_bss(&res->pub); 741 /* cfg80211_bss_update gives us a referenced result */ 742 return &res->pub; 743} 744EXPORT_SYMBOL(cfg80211_inform_bss); 745 746struct cfg80211_bss * 747cfg80211_inform_bss_frame(struct wiphy *wiphy, 748 struct ieee80211_channel *channel, 749 struct ieee80211_mgmt *mgmt, size_t len, 750 s32 signal, gfp_t gfp) 751{ 752 struct cfg80211_internal_bss tmp = {}, *res; 753 struct cfg80211_bss_ies *ies; 754 size_t ielen = len - offsetof(struct ieee80211_mgmt, 755 u.probe_resp.variable); 756 757 BUILD_BUG_ON(offsetof(struct ieee80211_mgmt, u.probe_resp.variable) != 758 offsetof(struct ieee80211_mgmt, u.beacon.variable)); 759 760 trace_cfg80211_inform_bss_frame(wiphy, channel, mgmt, len, signal); 761 762 if (WARN_ON(!mgmt)) 763 return NULL; 764 765 if (WARN_ON(!wiphy)) 766 return NULL; 767 768 if (WARN_ON(wiphy->signal_type == CFG80211_SIGNAL_TYPE_UNSPEC && 769 (signal < 0 || signal > 100))) 770 return NULL; 771 772 if (WARN_ON(len < offsetof(struct ieee80211_mgmt, u.probe_resp.variable))) 773 return NULL; 774 775 channel = cfg80211_get_bss_channel(wiphy, mgmt->u.beacon.variable, 776 ielen, channel); 777 if (!channel) 778 return NULL; 779 780 ies = kmalloc(sizeof(*ies) + ielen, gfp); 781 if (!ies) 782 return NULL; 783 ies->len = ielen; 784 memcpy(ies->data, mgmt->u.probe_resp.variable, ielen); 785 786 if (ieee80211_is_probe_resp(mgmt->frame_control)) 787 rcu_assign_pointer(tmp.pub.proberesp_ies, ies); 788 else 789 rcu_assign_pointer(tmp.pub.beacon_ies, ies); 790 rcu_assign_pointer(tmp.pub.ies, ies); 791 792 memcpy(tmp.pub.bssid, mgmt->bssid, ETH_ALEN); 793 tmp.pub.channel = channel; 794 tmp.pub.signal = signal; 795 tmp.pub.tsf = le64_to_cpu(mgmt->u.probe_resp.timestamp); 796 tmp.pub.beacon_interval = le16_to_cpu(mgmt->u.probe_resp.beacon_int); 797 tmp.pub.capability = le16_to_cpu(mgmt->u.probe_resp.capab_info); 798 799 res = cfg80211_bss_update(wiphy_to_dev(wiphy), &tmp); 800 if (!res) 801 return NULL; 802 803 if (res->pub.capability & WLAN_CAPABILITY_ESS) 804 regulatory_hint_found_beacon(wiphy, channel, gfp); 805 806 trace_cfg80211_return_bss(&res->pub); 807 /* cfg80211_bss_update gives us a referenced result */ 808 return &res->pub; 809} 810EXPORT_SYMBOL(cfg80211_inform_bss_frame); 811 812void cfg80211_ref_bss(struct cfg80211_bss *pub) 813{ 814 struct cfg80211_internal_bss *bss; 815 816 if (!pub) 817 return; 818 819 bss = container_of(pub, struct cfg80211_internal_bss, pub); 820 kref_get(&bss->ref); 821} 822EXPORT_SYMBOL(cfg80211_ref_bss); 823 824void cfg80211_put_bss(struct cfg80211_bss *pub) 825{ 826 struct cfg80211_internal_bss *bss; 827 828 if (!pub) 829 return; 830 831 bss = container_of(pub, struct cfg80211_internal_bss, pub); 832 kref_put(&bss->ref, bss_release); 833} 834EXPORT_SYMBOL(cfg80211_put_bss); 835 836void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) 837{ 838 struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy); 839 struct cfg80211_internal_bss *bss; 840 841 if (WARN_ON(!pub)) 842 return; 843 844 bss = container_of(pub, struct cfg80211_internal_bss, pub); 845 846 spin_lock_bh(&dev->bss_lock); 847 if (!list_empty(&bss->list)) { 848 __cfg80211_unlink_bss(dev, bss); 849 dev->bss_generation++; 850 } 851 spin_unlock_bh(&dev->bss_lock); 852} 853EXPORT_SYMBOL(cfg80211_unlink_bss); 854 855#ifdef CONFIG_CFG80211_WEXT 856int cfg80211_wext_siwscan(struct net_device *dev, 857 struct iw_request_info *info, 858 union iwreq_data *wrqu, char *extra) 859{ 860 struct cfg80211_registered_device *rdev; 861 struct wiphy *wiphy; 862 struct iw_scan_req *wreq = NULL; 863 struct cfg80211_scan_request *creq = NULL; 864 int i, err, n_channels = 0; 865 enum ieee80211_band band; 866 867 if (!netif_running(dev)) 868 return -ENETDOWN; 869 870 if (wrqu->data.length == sizeof(struct iw_scan_req)) 871 wreq = (struct iw_scan_req *)extra; 872 873 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex); 874 875 if (IS_ERR(rdev)) 876 return PTR_ERR(rdev); 877 878 if (rdev->scan_req) { 879 err = -EBUSY; 880 goto out; 881 } 882 883 wiphy = &rdev->wiphy; 884 885 /* Determine number of channels, needed to allocate creq */ 886 if (wreq && wreq->num_channels) 887 n_channels = wreq->num_channels; 888 else { 889 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 890 if (wiphy->bands[band]) 891 n_channels += wiphy->bands[band]->n_channels; 892 } 893 894 creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) + 895 n_channels * sizeof(void *), 896 GFP_ATOMIC); 897 if (!creq) { 898 err = -ENOMEM; 899 goto out; 900 } 901 902 creq->wiphy = wiphy; 903 creq->wdev = dev->ieee80211_ptr; 904 /* SSIDs come after channels */ 905 creq->ssids = (void *)&creq->channels[n_channels]; 906 creq->n_channels = n_channels; 907 creq->n_ssids = 1; 908 creq->scan_start = jiffies; 909 910 /* translate "Scan on frequencies" request */ 911 i = 0; 912 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 913 int j; 914 915 if (!wiphy->bands[band]) 916 continue; 917 918 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 919 /* ignore disabled channels */ 920 if (wiphy->bands[band]->channels[j].flags & 921 IEEE80211_CHAN_DISABLED) 922 continue; 923 924 /* If we have a wireless request structure and the 925 * wireless request specifies frequencies, then search 926 * for the matching hardware channel. 927 */ 928 if (wreq && wreq->num_channels) { 929 int k; 930 int wiphy_freq = wiphy->bands[band]->channels[j].center_freq; 931 for (k = 0; k < wreq->num_channels; k++) { 932 int wext_freq = cfg80211_wext_freq(wiphy, &wreq->channel_list[k]); 933 if (wext_freq == wiphy_freq) 934 goto wext_freq_found; 935 } 936 goto wext_freq_not_found; 937 } 938 939 wext_freq_found: 940 creq->channels[i] = &wiphy->bands[band]->channels[j]; 941 i++; 942 wext_freq_not_found: ; 943 } 944 } 945 /* No channels found? */ 946 if (!i) { 947 err = -EINVAL; 948 goto out; 949 } 950 951 /* Set real number of channels specified in creq->channels[] */ 952 creq->n_channels = i; 953 954 /* translate "Scan for SSID" request */ 955 if (wreq) { 956 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) { 957 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) { 958 err = -EINVAL; 959 goto out; 960 } 961 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len); 962 creq->ssids[0].ssid_len = wreq->essid_len; 963 } 964 if (wreq->scan_type == IW_SCAN_TYPE_PASSIVE) 965 creq->n_ssids = 0; 966 } 967 968 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 969 if (wiphy->bands[i]) 970 creq->rates[i] = (1 << wiphy->bands[i]->n_bitrates) - 1; 971 972 rdev->scan_req = creq; 973 err = rdev_scan(rdev, creq); 974 if (err) { 975 rdev->scan_req = NULL; 976 /* creq will be freed below */ 977 } else { 978 nl80211_send_scan_start(rdev, dev->ieee80211_ptr); 979 /* creq now owned by driver */ 980 creq = NULL; 981 dev_hold(dev); 982 } 983 out: 984 kfree(creq); 985 cfg80211_unlock_rdev(rdev); 986 return err; 987} 988EXPORT_SYMBOL_GPL(cfg80211_wext_siwscan); 989 990static void ieee80211_scan_add_ies(struct iw_request_info *info, 991 const struct cfg80211_bss_ies *ies, 992 char **current_ev, char *end_buf) 993{ 994 const u8 *pos, *end, *next; 995 struct iw_event iwe; 996 997 if (!ies) 998 return; 999 1000 /* 1001 * If needed, fragment the IEs buffer (at IE boundaries) into short 1002 * enough fragments to fit into IW_GENERIC_IE_MAX octet messages. 1003 */ 1004 pos = ies->data; 1005 end = pos + ies->len; 1006 1007 while (end - pos > IW_GENERIC_IE_MAX) { 1008 next = pos + 2 + pos[1]; 1009 while (next + 2 + next[1] - pos < IW_GENERIC_IE_MAX) 1010 next = next + 2 + next[1]; 1011 1012 memset(&iwe, 0, sizeof(iwe)); 1013 iwe.cmd = IWEVGENIE; 1014 iwe.u.data.length = next - pos; 1015 *current_ev = iwe_stream_add_point(info, *current_ev, 1016 end_buf, &iwe, 1017 (void *)pos); 1018 1019 pos = next; 1020 } 1021 1022 if (end > pos) { 1023 memset(&iwe, 0, sizeof(iwe)); 1024 iwe.cmd = IWEVGENIE; 1025 iwe.u.data.length = end - pos; 1026 *current_ev = iwe_stream_add_point(info, *current_ev, 1027 end_buf, &iwe, 1028 (void *)pos); 1029 } 1030} 1031 1032static inline unsigned int elapsed_jiffies_msecs(unsigned long start) 1033{ 1034 unsigned long end = jiffies; 1035 1036 if (end >= start) 1037 return jiffies_to_msecs(end - start); 1038 1039 return jiffies_to_msecs(end + (MAX_JIFFY_OFFSET - start) + 1); 1040} 1041 1042static char * 1043ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info, 1044 struct cfg80211_internal_bss *bss, char *current_ev, 1045 char *end_buf) 1046{ 1047 const struct cfg80211_bss_ies *ies; 1048 struct iw_event iwe; 1049 const u8 *ie; 1050 u8 *buf, *cfg, *p; 1051 int rem, i, sig; 1052 bool ismesh = false; 1053 1054 memset(&iwe, 0, sizeof(iwe)); 1055 iwe.cmd = SIOCGIWAP; 1056 iwe.u.ap_addr.sa_family = ARPHRD_ETHER; 1057 memcpy(iwe.u.ap_addr.sa_data, bss->pub.bssid, ETH_ALEN); 1058 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe, 1059 IW_EV_ADDR_LEN); 1060 1061 memset(&iwe, 0, sizeof(iwe)); 1062 iwe.cmd = SIOCGIWFREQ; 1063 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->pub.channel->center_freq); 1064 iwe.u.freq.e = 0; 1065 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe, 1066 IW_EV_FREQ_LEN); 1067 1068 memset(&iwe, 0, sizeof(iwe)); 1069 iwe.cmd = SIOCGIWFREQ; 1070 iwe.u.freq.m = bss->pub.channel->center_freq; 1071 iwe.u.freq.e = 6; 1072 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe, 1073 IW_EV_FREQ_LEN); 1074 1075 if (wiphy->signal_type != CFG80211_SIGNAL_TYPE_NONE) { 1076 memset(&iwe, 0, sizeof(iwe)); 1077 iwe.cmd = IWEVQUAL; 1078 iwe.u.qual.updated = IW_QUAL_LEVEL_UPDATED | 1079 IW_QUAL_NOISE_INVALID | 1080 IW_QUAL_QUAL_UPDATED; 1081 switch (wiphy->signal_type) { 1082 case CFG80211_SIGNAL_TYPE_MBM: 1083 sig = bss->pub.signal / 100; 1084 iwe.u.qual.level = sig; 1085 iwe.u.qual.updated |= IW_QUAL_DBM; 1086 if (sig < -110) /* rather bad */ 1087 sig = -110; 1088 else if (sig > -40) /* perfect */ 1089 sig = -40; 1090 /* will give a range of 0 .. 70 */ 1091 iwe.u.qual.qual = sig + 110; 1092 break; 1093 case CFG80211_SIGNAL_TYPE_UNSPEC: 1094 iwe.u.qual.level = bss->pub.signal; 1095 /* will give range 0 .. 100 */ 1096 iwe.u.qual.qual = bss->pub.signal; 1097 break; 1098 default: 1099 /* not reached */ 1100 break; 1101 } 1102 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 1103 &iwe, IW_EV_QUAL_LEN); 1104 } 1105 1106 memset(&iwe, 0, sizeof(iwe)); 1107 iwe.cmd = SIOCGIWENCODE; 1108 if (bss->pub.capability & WLAN_CAPABILITY_PRIVACY) 1109 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY; 1110 else 1111 iwe.u.data.flags = IW_ENCODE_DISABLED; 1112 iwe.u.data.length = 0; 1113 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1114 &iwe, ""); 1115 1116 rcu_read_lock(); 1117 ies = rcu_dereference(bss->pub.ies); 1118 if (ies) { 1119 rem = ies->len; 1120 ie = ies->data; 1121 } else { 1122 rem = 0; 1123 ie = NULL; 1124 } 1125 1126 while (ies && rem >= 2) { 1127 /* invalid data */ 1128 if (ie[1] > rem - 2) 1129 break; 1130 1131 switch (ie[0]) { 1132 case WLAN_EID_SSID: 1133 memset(&iwe, 0, sizeof(iwe)); 1134 iwe.cmd = SIOCGIWESSID; 1135 iwe.u.data.length = ie[1]; 1136 iwe.u.data.flags = 1; 1137 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1138 &iwe, (u8 *)ie + 2); 1139 break; 1140 case WLAN_EID_MESH_ID: 1141 memset(&iwe, 0, sizeof(iwe)); 1142 iwe.cmd = SIOCGIWESSID; 1143 iwe.u.data.length = ie[1]; 1144 iwe.u.data.flags = 1; 1145 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1146 &iwe, (u8 *)ie + 2); 1147 break; 1148 case WLAN_EID_MESH_CONFIG: 1149 ismesh = true; 1150 if (ie[1] != sizeof(struct ieee80211_meshconf_ie)) 1151 break; 1152 buf = kmalloc(50, GFP_ATOMIC); 1153 if (!buf) 1154 break; 1155 cfg = (u8 *)ie + 2; 1156 memset(&iwe, 0, sizeof(iwe)); 1157 iwe.cmd = IWEVCUSTOM; 1158 sprintf(buf, "Mesh Network Path Selection Protocol ID: " 1159 "0x%02X", cfg[0]); 1160 iwe.u.data.length = strlen(buf); 1161 current_ev = iwe_stream_add_point(info, current_ev, 1162 end_buf, 1163 &iwe, buf); 1164 sprintf(buf, "Path Selection Metric ID: 0x%02X", 1165 cfg[1]); 1166 iwe.u.data.length = strlen(buf); 1167 current_ev = iwe_stream_add_point(info, current_ev, 1168 end_buf, 1169 &iwe, buf); 1170 sprintf(buf, "Congestion Control Mode ID: 0x%02X", 1171 cfg[2]); 1172 iwe.u.data.length = strlen(buf); 1173 current_ev = iwe_stream_add_point(info, current_ev, 1174 end_buf, 1175 &iwe, buf); 1176 sprintf(buf, "Synchronization ID: 0x%02X", cfg[3]); 1177 iwe.u.data.length = strlen(buf); 1178 current_ev = iwe_stream_add_point(info, current_ev, 1179 end_buf, 1180 &iwe, buf); 1181 sprintf(buf, "Authentication ID: 0x%02X", cfg[4]); 1182 iwe.u.data.length = strlen(buf); 1183 current_ev = iwe_stream_add_point(info, current_ev, 1184 end_buf, 1185 &iwe, buf); 1186 sprintf(buf, "Formation Info: 0x%02X", cfg[5]); 1187 iwe.u.data.length = strlen(buf); 1188 current_ev = iwe_stream_add_point(info, current_ev, 1189 end_buf, 1190 &iwe, buf); 1191 sprintf(buf, "Capabilities: 0x%02X", cfg[6]); 1192 iwe.u.data.length = strlen(buf); 1193 current_ev = iwe_stream_add_point(info, current_ev, 1194 end_buf, 1195 &iwe, buf); 1196 kfree(buf); 1197 break; 1198 case WLAN_EID_SUPP_RATES: 1199 case WLAN_EID_EXT_SUPP_RATES: 1200 /* display all supported rates in readable format */ 1201 p = current_ev + iwe_stream_lcp_len(info); 1202 1203 memset(&iwe, 0, sizeof(iwe)); 1204 iwe.cmd = SIOCGIWRATE; 1205 /* Those two flags are ignored... */ 1206 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0; 1207 1208 for (i = 0; i < ie[1]; i++) { 1209 iwe.u.bitrate.value = 1210 ((ie[i + 2] & 0x7f) * 500000); 1211 p = iwe_stream_add_value(info, current_ev, p, 1212 end_buf, &iwe, IW_EV_PARAM_LEN); 1213 } 1214 current_ev = p; 1215 break; 1216 } 1217 rem -= ie[1] + 2; 1218 ie += ie[1] + 2; 1219 } 1220 1221 if (bss->pub.capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) || 1222 ismesh) { 1223 memset(&iwe, 0, sizeof(iwe)); 1224 iwe.cmd = SIOCGIWMODE; 1225 if (ismesh) 1226 iwe.u.mode = IW_MODE_MESH; 1227 else if (bss->pub.capability & WLAN_CAPABILITY_ESS) 1228 iwe.u.mode = IW_MODE_MASTER; 1229 else 1230 iwe.u.mode = IW_MODE_ADHOC; 1231 current_ev = iwe_stream_add_event(info, current_ev, end_buf, 1232 &iwe, IW_EV_UINT_LEN); 1233 } 1234 1235 buf = kmalloc(30, GFP_ATOMIC); 1236 if (buf) { 1237 memset(&iwe, 0, sizeof(iwe)); 1238 iwe.cmd = IWEVCUSTOM; 1239 sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->pub.tsf)); 1240 iwe.u.data.length = strlen(buf); 1241 current_ev = iwe_stream_add_point(info, current_ev, end_buf, 1242 &iwe, buf); 1243 memset(&iwe, 0, sizeof(iwe)); 1244 iwe.cmd = IWEVCUSTOM; 1245 sprintf(buf, " Last beacon: %ums ago", 1246 elapsed_jiffies_msecs(bss->ts)); 1247 iwe.u.data.length = strlen(buf); 1248 current_ev = iwe_stream_add_point(info, current_ev, 1249 end_buf, &iwe, buf); 1250 kfree(buf); 1251 } 1252 1253 ieee80211_scan_add_ies(info, ies, ¤t_ev, end_buf); 1254 rcu_read_unlock(); 1255 1256 return current_ev; 1257} 1258 1259 1260static int ieee80211_scan_results(struct cfg80211_registered_device *dev, 1261 struct iw_request_info *info, 1262 char *buf, size_t len) 1263{ 1264 char *current_ev = buf; 1265 char *end_buf = buf + len; 1266 struct cfg80211_internal_bss *bss; 1267 1268 spin_lock_bh(&dev->bss_lock); 1269 cfg80211_bss_expire(dev); 1270 1271 list_for_each_entry(bss, &dev->bss_list, list) { 1272 if (buf + len - current_ev <= IW_EV_ADDR_LEN) { 1273 spin_unlock_bh(&dev->bss_lock); 1274 return -E2BIG; 1275 } 1276 current_ev = ieee80211_bss(&dev->wiphy, info, bss, 1277 current_ev, end_buf); 1278 } 1279 spin_unlock_bh(&dev->bss_lock); 1280 return current_ev - buf; 1281} 1282 1283 1284int cfg80211_wext_giwscan(struct net_device *dev, 1285 struct iw_request_info *info, 1286 struct iw_point *data, char *extra) 1287{ 1288 struct cfg80211_registered_device *rdev; 1289 int res; 1290 1291 if (!netif_running(dev)) 1292 return -ENETDOWN; 1293 1294 rdev = cfg80211_get_dev_from_ifindex(dev_net(dev), dev->ifindex); 1295 1296 if (IS_ERR(rdev)) 1297 return PTR_ERR(rdev); 1298 1299 if (rdev->scan_req) { 1300 res = -EAGAIN; 1301 goto out; 1302 } 1303 1304 res = ieee80211_scan_results(rdev, info, extra, data->length); 1305 data->length = 0; 1306 if (res >= 0) { 1307 data->length = res; 1308 res = 0; 1309 } 1310 1311 out: 1312 cfg80211_unlock_rdev(rdev); 1313 return res; 1314} 1315EXPORT_SYMBOL_GPL(cfg80211_wext_giwscan); 1316#endif 1317