From 341203e78943236d4a8e4ca58d6a236195f0652e Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 2 Feb 2019 01:16:31 +0200 Subject: [PATCH 01/38] mac80211_hwsim: Support boottime in scan results This makes the age information for cfg80211 scan results more accurate and fixes issues with wpa_supplicant dropping "old" scan results (e.g., "wlan0: Own scan request started a scan in 0.000456 seconds") that looked like would have been received before a scan started due to the inaccuracy of the default timing mechanism for calculating the BSS entry age. This makes hwsim test cases significantly more robust to run. Signed-off-by: Jouni Malinen Signed-off-by: Johannes Berg --- drivers/net/wireless/mac80211_hwsim.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c index 320edcac4699..87be2b18063a 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -1273,10 +1273,12 @@ static bool mac80211_hwsim_tx_frame_no_nl(struct ieee80211_hw *hw, * probably doesn't really matter. */ if (ieee80211_is_beacon(hdr->frame_control) || - ieee80211_is_probe_resp(hdr->frame_control)) + ieee80211_is_probe_resp(hdr->frame_control)) { + rx_status.boottime_ns = ktime_get_boot_ns(); now = data->abs_bcn_ts; - else + } else { now = mac80211_hwsim_get_tsf_raw(); + } /* Copy skb to all enabled radios that are on the current frequency */ spin_lock(&hwsim_radio_lock); From 0f3b07f027f87a38ebe5c436490095df762819be Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 7 Feb 2019 21:44:41 +0100 Subject: [PATCH 02/38] cfg80211: add and use strongly typed element iteration macros Rather than always iterating elements from frames with pure u8 pointers, add a type "struct element" that encapsulates the id/datalen/data format of them. Then, add the element iteration macros * for_each_element * for_each_element_id * for_each_element_extid which take, as their first 'argument', such a structure and iterate through a given u8 array interpreting it as elements. While at it and since we'll need it, also add * for_each_subelement * for_each_subelement_id * for_each_subelement_extid which instead of taking data/length just take an outer element and use its data/datalen. Also add for_each_element_completed() to determine if any of the loops above completed, i.e. it was able to parse all of the elements successfully and no data remained. Use for_each_element_id() in cfg80211_find_ie_match() as the first user of this. Signed-off-by: Johannes Berg --- include/linux/ieee80211.h | 53 +++++++++++++++++++++++++++++++++++++++ net/wireless/scan.c | 14 +++++------ 2 files changed, 59 insertions(+), 8 deletions(-) diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index 3b04e72315e1..4e3a4e293348 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -3243,4 +3243,57 @@ static inline bool ieee80211_action_contains_tpc(struct sk_buff *skb) return true; } +struct element { + u8 id; + u8 datalen; + u8 data[]; +}; + +/* element iteration helpers */ +#define for_each_element(element, _data, _datalen) \ + for (element = (void *)(_data); \ + (u8 *)(_data) + (_datalen) - (u8 *)element >= \ + sizeof(*element) && \ + (u8 *)(_data) + (_datalen) - (u8 *)element >= \ + sizeof(*element) + element->datalen; \ + element = (void *)(element->data + element->datalen)) + +#define for_each_element_id(element, _id, data, datalen) \ + for_each_element(element, data, datalen) \ + if (element->id == (_id)) + +#define for_each_element_extid(element, extid, data, datalen) \ + for_each_element(element, data, datalen) \ + if (element->id == WLAN_EID_EXTENSION && \ + element->datalen > 0 && \ + element->data[0] == (extid)) + +#define for_each_subelement(sub, element) \ + for_each_element(sub, (element)->data, (element)->datalen) + +#define for_each_subelement_id(sub, id, element) \ + for_each_element_id(sub, id, (element)->data, (element)->datalen) + +#define for_each_subelement_extid(sub, extid, element) \ + for_each_element_extid(sub, extid, (element)->data, (element)->datalen) + +/** + * for_each_element_completed - determine if element parsing consumed all data + * @element: element pointer after for_each_element() or friends + * @data: same data pointer as passed to for_each_element() or friends + * @datalen: same data length as passed to for_each_element() or friends + * + * This function returns %true if all the data was parsed or considered + * while walking the elements. Only use this if your for_each_element() + * loop cannot be broken out of, otherwise it always returns %false. + * + * If some data was malformed, this returns %false since the last parsed + * element will not fill the whole remaining data. + */ +static inline bool for_each_element_completed(const struct element *element, + const void *data, size_t datalen) +{ + return (u8 *)element == (u8 *)data + datalen; +} + #endif /* LINUX_IEEE80211_H */ diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 5123667f4569..c7f64bb9c581 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -484,6 +484,8 @@ const u8 *cfg80211_find_ie_match(u8 eid, const u8 *ies, int len, const u8 *match, int match_len, int match_offset) { + const struct element *elem; + /* match_offset can't be smaller than 2, unless match_len is * zero, in which case match_offset must be zero as well. */ @@ -491,14 +493,10 @@ const u8 *cfg80211_find_ie_match(u8 eid, const u8 *ies, int len, (!match_len && match_offset))) return NULL; - while (len >= 2 && len >= ies[1] + 2) { - if ((ies[0] == eid) && - (ies[1] + 2 >= match_offset + match_len) && - !memcmp(ies + match_offset, match, match_len)) - return ies; - - len -= ies[1] + 2; - ies += ies[1] + 2; + for_each_element_id(elem, eid, ies, len) { + if (elem->datalen >= match_offset - 2 + match_len && + !memcmp(elem->data + match_offset - 2, match, match_len)) + return (void *)elem; } return NULL; From 4abb52a46e7336c1e568a53761c8b7a81bbaaeaf Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Wed, 16 Jan 2019 12:14:41 +0200 Subject: [PATCH 03/38] mac80211: pass bssids to elements parsing function In multiple BSSID, we have nested IEs inside the multiple BSSID IE, that override the external ones for that specific BSS. As preparation for supporting that, pass 2 BSSIDs to the parse function, the transmitter, and the selected BSSID, so it can know which IEs to choose. If the selected BSSID is NULL, the outer ones will be applied. Change ieee80211_bss_info_update to parse elements itself, instead of receiving them parsed, so we have the relevant bss entry in hand. Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg --- net/mac80211/ibss.c | 8 ++-- net/mac80211/ieee80211_i.h | 13 ++++--- net/mac80211/mesh.c | 10 +++-- net/mac80211/mesh_hwmp.c | 3 +- net/mac80211/mesh_plink.c | 4 +- net/mac80211/mlme.c | 45 +++++++++++++---------- net/mac80211/scan.c | 75 ++++++++++++++++++++------------------ net/mac80211/tdls.c | 6 ++- net/mac80211/util.c | 3 +- 9 files changed, 95 insertions(+), 72 deletions(-) diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c index 0d704e8d7078..4e4507115cf3 100644 --- a/net/mac80211/ibss.c +++ b/net/mac80211/ibss.c @@ -8,6 +8,7 @@ * Copyright 2009, Johannes Berg * Copyright 2013-2014 Intel Mobile Communications GmbH * Copyright(c) 2016 Intel Deutschland GmbH + * Copyright(c) 2018-2019 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -1124,8 +1125,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, ieee80211_update_sta_info(sdata, mgmt, len, rx_status, elems, channel); - bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, - channel); + bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel); if (!bss) return; @@ -1604,7 +1604,7 @@ void ieee80211_rx_mgmt_probe_beacon(struct ieee80211_sub_if_data *sdata, return; ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, - false, &elems); + false, &elems, mgmt->bssid, NULL); ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); } @@ -1654,7 +1654,7 @@ void ieee80211_ibss_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, ieee802_11_parse_elems( mgmt->u.action.u.chan_switch.variable, - ies_len, true, &elems); + ies_len, true, &elems, mgmt->bssid, NULL); if (elems.parse_error) break; diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 056b16bce3b0..cc3f833db022 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -4,7 +4,7 @@ * Copyright 2006-2007 Jiri Benc * Copyright 2007-2010 Johannes Berg * Copyright 2013-2015 Intel Mobile Communications GmbH - * Copyright (C) 2018 Intel Corporation + * Copyright (C) 2018-2019 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -1672,7 +1672,6 @@ ieee80211_bss_info_update(struct ieee80211_local *local, struct ieee80211_rx_status *rx_status, struct ieee80211_mgmt *mgmt, size_t len, - struct ieee802_11_elems *elems, struct ieee80211_channel *channel); void ieee80211_rx_bss_put(struct ieee80211_local *local, struct ieee80211_bss *bss); @@ -1956,12 +1955,16 @@ static inline void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata, u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, struct ieee802_11_elems *elems, - u64 filter, u32 crc); + u64 filter, u32 crc, u8 *transmitter_bssid, + u8 *bss_bssid); static inline void ieee802_11_parse_elems(const u8 *start, size_t len, bool action, - struct ieee802_11_elems *elems) + struct ieee802_11_elems *elems, + u8 *transmitter_bssid, + u8 *bss_bssid) { - ieee802_11_parse_elems_crc(start, len, action, elems, 0, 0); + ieee802_11_parse_elems_crc(start, len, action, elems, 0, 0, + transmitter_bssid, bss_bssid); } diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index c90452aa0c42..766e5e5bab8a 100644 --- a/net/mac80211/mesh.c +++ b/net/mac80211/mesh.c @@ -1,6 +1,6 @@ /* * Copyright (c) 2008, 2009 open80211s Ltd. - * Copyright (C) 2018 Intel Corporation + * Copyright (C) 2018 - 2019 Intel Corporation * Authors: Luis Carlos Cobo * Javier Cardona * @@ -1106,7 +1106,8 @@ ieee80211_mesh_rx_probe_req(struct ieee80211_sub_if_data *sdata, if (baselen > len) return; - ieee802_11_parse_elems(pos, len - baselen, false, &elems); + ieee802_11_parse_elems(pos, len - baselen, false, &elems, mgmt->bssid, + NULL); if (!elems.mesh_id) return; @@ -1170,7 +1171,7 @@ static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata, return; ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, - false, &elems); + false, &elems, mgmt->bssid, NULL); /* ignore non-mesh or secure / unsecure mismatch */ if ((!elems.mesh_id || !elems.mesh_config) || @@ -1306,7 +1307,8 @@ static void mesh_rx_csa_frame(struct ieee80211_sub_if_data *sdata, pos = mgmt->u.action.u.chan_switch.variable; baselen = offsetof(struct ieee80211_mgmt, u.action.u.chan_switch.variable); - ieee802_11_parse_elems(pos, len - baselen, true, &elems); + ieee802_11_parse_elems(pos, len - baselen, true, &elems, + mgmt->bssid, NULL); ifmsh->chsw_ttl = elems.mesh_chansw_params_ie->mesh_ttl; if (!--ifmsh->chsw_ttl) diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c index e00284afdda5..f7517668e77a 100644 --- a/net/mac80211/mesh_hwmp.c +++ b/net/mac80211/mesh_hwmp.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2008, 2009 open80211s Ltd. + * Copyright (C) 2019 Intel Corporation * Author: Luis Carlos Cobo * * This program is free software; you can redistribute it and/or modify @@ -926,7 +927,7 @@ void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata, baselen = (u8 *) mgmt->u.action.u.mesh_action.variable - (u8 *) mgmt; ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable, - len - baselen, false, &elems); + len - baselen, false, &elems, mgmt->bssid, NULL); if (elems.preq) { if (elems.preq_len != 37) diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c index 33055c8ed37e..8afd0ece94c9 100644 --- a/net/mac80211/mesh_plink.c +++ b/net/mac80211/mesh_plink.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2008, 2009 open80211s Ltd. + * Copyright (C) 2019 Intel Corporation * Author: Luis Carlos Cobo * * This program is free software; you can redistribute it and/or modify @@ -1214,6 +1215,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, if (baselen > len) return; } - ieee802_11_parse_elems(baseaddr, len - baselen, true, &elems); + ieee802_11_parse_elems(baseaddr, len - baselen, true, &elems, + mgmt->bssid, NULL); mesh_process_plink_frame(sdata, mgmt, &elems, rx_status); } diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 687821567287..1f41f760bd22 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -2762,7 +2762,8 @@ static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, u32 tx_flags = 0; pos = mgmt->u.auth.variable; - ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); + ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems, + mgmt->bssid, auth_data->bss->bssid); if (!elems.challenge) return; auth_data->expected_transaction = 4; @@ -3130,7 +3131,8 @@ static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, } pos = mgmt->u.assoc_resp.variable; - ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); + ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems, + mgmt->bssid, assoc_data->bss->bssid); if (!elems.supp_rates) { sdata_info(sdata, "no SuppRates element in AssocResp\n"); @@ -3167,7 +3169,9 @@ static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, return false; ieee802_11_parse_elems(bss_ies->data, bss_ies->len, - false, &bss_elems); + false, &bss_elems, + mgmt->bssid, + assoc_data->bss->bssid); if (assoc_data->wmm && !elems.wmm_param && bss_elems.wmm_param) { elems.wmm_param = bss_elems.wmm_param; @@ -3464,7 +3468,8 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, return; pos = mgmt->u.assoc_resp.variable; - ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems); + ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems, + mgmt->bssid, assoc_data->bss->bssid); if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && elems.timeout_int && @@ -3521,8 +3526,7 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, struct ieee80211_mgmt *mgmt, size_t len, - struct ieee80211_rx_status *rx_status, - struct ieee802_11_elems *elems) + struct ieee80211_rx_status *rx_status) { struct ieee80211_local *local = sdata->local; struct ieee80211_bss *bss; @@ -3534,8 +3538,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, if (!channel) return; - bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, - channel); + bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, channel); if (bss) { sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; ieee80211_rx_bss_put(local, bss); @@ -3550,7 +3553,6 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, struct ieee80211_if_managed *ifmgd; struct ieee80211_rx_status *rx_status = (void *) skb->cb; size_t baselen, len = skb->len; - struct ieee802_11_elems elems; ifmgd = &sdata->u.mgd; @@ -3563,10 +3565,7 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata, if (baselen > len) return; - ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, - false, &elems); - - ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); + ieee80211_rx_bss_info(sdata, mgmt, len, rx_status); if (ifmgd->associated && ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) @@ -3736,9 +3735,11 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { ieee802_11_parse_elems(mgmt->u.beacon.variable, - len - baselen, false, &elems); + len - baselen, false, &elems, + mgmt->bssid, + ifmgd->assoc_data->bss->bssid); - ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); + ieee80211_rx_bss_info(sdata, mgmt, len, rx_status); if (elems.tim && !elems.parse_error) { const struct ieee80211_tim_ie *tim_ie = elems.tim; ifmgd->dtim_period = tim_ie->dtim_period; @@ -3787,7 +3788,8 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, len - baselen, false, &elems, - care_about_ies, ncrc); + care_about_ies, ncrc, + mgmt->bssid, bssid); if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) && ieee80211_check_tim(elems.tim, elems.tim_len, ifmgd->aid)) { @@ -3871,7 +3873,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, ifmgd->beacon_crc = ncrc; ifmgd->beacon_crc_valid = true; - ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); + ieee80211_rx_bss_info(sdata, mgmt, len, rx_status); ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, rx_status->device_timestamp, @@ -3992,9 +3994,10 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, if (ies_len < 0) break; + /* CSA IE cannot be overridden, no need for BSSID */ ieee802_11_parse_elems( mgmt->u.action.u.chan_switch.variable, - ies_len, true, &elems); + ies_len, true, &elems, mgmt->bssid, NULL); if (elems.parse_error) break; @@ -4011,9 +4014,13 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, if (ies_len < 0) break; + /* + * extended CSA IE can't be overridden, no need for + * BSSID + */ ieee802_11_parse_elems( mgmt->u.action.u.ext_chan_switch.variable, - ies_len, true, &elems); + ies_len, true, &elems, mgmt->bssid, NULL); if (elems.parse_error) break; diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 95413413f98c..b58f75da9c84 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -8,6 +8,7 @@ * Copyright 2007, Michael Wu * Copyright 2013-2015 Intel Mobile Communications GmbH * Copyright 2016-2017 Intel Deutschland GmbH + * Copyright (C) 2018-2019 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -61,7 +62,6 @@ struct ieee80211_bss * ieee80211_bss_info_update(struct ieee80211_local *local, struct ieee80211_rx_status *rx_status, struct ieee80211_mgmt *mgmt, size_t len, - struct ieee802_11_elems *elems, struct ieee80211_channel *channel) { bool beacon = ieee80211_is_beacon(mgmt->frame_control); @@ -73,6 +73,9 @@ ieee80211_bss_info_update(struct ieee80211_local *local, }; bool signal_valid; struct ieee80211_sub_if_data *scan_sdata; + struct ieee802_11_elems elems; + size_t baselen; + u8 *elements; if (rx_status->flag & RX_FLAG_NO_SIGNAL_VAL) bss_meta.signal = 0; /* invalid signal indication */ @@ -106,6 +109,22 @@ ieee80211_bss_info_update(struct ieee80211_local *local, mgmt, len, GFP_ATOMIC); if (!cbss) return NULL; + + if (ieee80211_is_probe_resp(mgmt->frame_control)) { + elements = mgmt->u.probe_resp.variable; + baselen = offsetof(struct ieee80211_mgmt, + u.probe_resp.variable); + } else { + baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable); + elements = mgmt->u.beacon.variable; + } + + if (baselen > len) + return NULL; + + ieee802_11_parse_elems(elements, len - baselen, false, &elems, + mgmt->bssid, cbss->bssid); + /* In case the signal is invalid update the status */ signal_valid = abs(channel->center_freq - cbss->channel->center_freq) <= local->hw.wiphy->max_adj_channel_rssi_comp; @@ -119,7 +138,7 @@ ieee80211_bss_info_update(struct ieee80211_local *local, else bss->device_ts_presp = rx_status->device_timestamp; - if (elems->parse_error) { + if (elems.parse_error) { if (beacon) bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON; else @@ -132,45 +151,45 @@ ieee80211_bss_info_update(struct ieee80211_local *local, } /* save the ERP value so that it is available at association time */ - if (elems->erp_info && (!elems->parse_error || - !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) { - bss->erp_value = elems->erp_info[0]; + if (elems.erp_info && (!elems.parse_error || + !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) { + bss->erp_value = elems.erp_info[0]; bss->has_erp_value = true; - if (!elems->parse_error) + if (!elems.parse_error) bss->valid_data |= IEEE80211_BSS_VALID_ERP; } /* replace old supported rates if we get new values */ - if (!elems->parse_error || + if (!elems.parse_error || !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) { srlen = 0; - if (elems->supp_rates) { + if (elems.supp_rates) { clen = IEEE80211_MAX_SUPP_RATES; - if (clen > elems->supp_rates_len) - clen = elems->supp_rates_len; - memcpy(bss->supp_rates, elems->supp_rates, clen); + if (clen > elems.supp_rates_len) + clen = elems.supp_rates_len; + memcpy(bss->supp_rates, elems.supp_rates, clen); srlen += clen; } - if (elems->ext_supp_rates) { + if (elems.ext_supp_rates) { clen = IEEE80211_MAX_SUPP_RATES - srlen; - if (clen > elems->ext_supp_rates_len) - clen = elems->ext_supp_rates_len; - memcpy(bss->supp_rates + srlen, elems->ext_supp_rates, + if (clen > elems.ext_supp_rates_len) + clen = elems.ext_supp_rates_len; + memcpy(bss->supp_rates + srlen, elems.ext_supp_rates, clen); srlen += clen; } if (srlen) { bss->supp_rates_len = srlen; - if (!elems->parse_error) + if (!elems.parse_error) bss->valid_data |= IEEE80211_BSS_VALID_RATES; } } - if (!elems->parse_error || + if (!elems.parse_error || !(bss->valid_data & IEEE80211_BSS_VALID_WMM)) { - bss->wmm_used = elems->wmm_param || elems->wmm_info; - bss->uapsd_supported = is_uapsd_supported(elems); - if (!elems->parse_error) + bss->wmm_used = elems.wmm_param || elems.wmm_info; + bss->uapsd_supported = is_uapsd_supported(&elems); + if (!elems.parse_error) bss->valid_data |= IEEE80211_BSS_VALID_WMM; } @@ -206,10 +225,7 @@ void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb) struct ieee80211_sub_if_data *sdata1, *sdata2; struct ieee80211_mgmt *mgmt = (void *)skb->data; struct ieee80211_bss *bss; - u8 *elements; struct ieee80211_channel *channel; - size_t baselen; - struct ieee802_11_elems elems; if (skb->len < 24 || (!ieee80211_is_probe_resp(mgmt->frame_control) && @@ -244,26 +260,15 @@ void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb) !ieee80211_scan_accept_presp(sdata2, sched_scan_req_flags, mgmt->da)) return; - - elements = mgmt->u.probe_resp.variable; - baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable); - } else { - baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable); - elements = mgmt->u.beacon.variable; } - if (baselen > skb->len) - return; - - ieee802_11_parse_elems(elements, skb->len - baselen, false, &elems); - channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq); if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) return; bss = ieee80211_bss_info_update(local, rx_status, - mgmt, skb->len, &elems, + mgmt, skb->len, channel); if (bss) ieee80211_rx_bss_put(local, bss); diff --git a/net/mac80211/tdls.c b/net/mac80211/tdls.c index 6c647f425e05..d30690d79a58 100644 --- a/net/mac80211/tdls.c +++ b/net/mac80211/tdls.c @@ -5,6 +5,7 @@ * Copyright 2014, Intel Corporation * Copyright 2014 Intel Mobile Communications GmbH * Copyright 2015 - 2016 Intel Deutschland GmbH + * Copyright (C) 2019 Intel Corporation * * This file is GPLv2 as found in COPYING. */ @@ -1716,7 +1717,8 @@ ieee80211_process_tdls_channel_switch_resp(struct ieee80211_sub_if_data *sdata, } ieee802_11_parse_elems(tf->u.chan_switch_resp.variable, - skb->len - baselen, false, &elems); + skb->len - baselen, false, &elems, + NULL, NULL); if (elems.parse_error) { tdls_dbg(sdata, "Invalid IEs in TDLS channel switch resp\n"); ret = -EINVAL; @@ -1828,7 +1830,7 @@ ieee80211_process_tdls_channel_switch_req(struct ieee80211_sub_if_data *sdata, } ieee802_11_parse_elems(tf->u.chan_switch_req.variable, - skb->len - baselen, false, &elems); + skb->len - baselen, false, &elems, NULL, NULL); if (elems.parse_error) { tdls_dbg(sdata, "Invalid IEs in TDLS channel switch req\n"); return -EINVAL; diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 7fa9ba197c26..77882ca327de 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -893,7 +893,8 @@ EXPORT_SYMBOL(ieee80211_queue_delayed_work); u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, struct ieee802_11_elems *elems, - u64 filter, u32 crc) + u64 filter, u32 crc, u8 *transmitter_bssid, + u8 *bss_bssid) { struct element *elem; bool calc_crc = filter != 0; From fcea7db50467e72338beb262fe6342ed01643399 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Wed, 16 Jan 2019 20:35:38 +0200 Subject: [PATCH 04/38] mac80211: move the bss update from elements to an helper This will allow iterating over multiple BSSs inside cfg80211_bss, in case of multiple BSSID. Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg --- net/mac80211/scan.c | 150 +++++++++++++++++++++++--------------------- 1 file changed, 80 insertions(+), 70 deletions(-) diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index b58f75da9c84..20211cbc63f4 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -58,6 +58,85 @@ static bool is_uapsd_supported(struct ieee802_11_elems *elems) return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD; } +static void +ieee80211_update_bss_from_elems(struct ieee80211_local *local, + struct ieee80211_bss *bss, + struct ieee802_11_elems *elems, + struct ieee80211_rx_status *rx_status, + bool beacon) +{ + int clen, srlen; + + if (beacon) + bss->device_ts_beacon = rx_status->device_timestamp; + else + bss->device_ts_presp = rx_status->device_timestamp; + + if (elems->parse_error) { + if (beacon) + bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON; + else + bss->corrupt_data |= IEEE80211_BSS_CORRUPT_PROBE_RESP; + } else { + if (beacon) + bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_BEACON; + else + bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_PROBE_RESP; + } + + /* save the ERP value so that it is available at association time */ + if (elems->erp_info && (!elems->parse_error || + !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) { + bss->erp_value = elems->erp_info[0]; + bss->has_erp_value = true; + if (!elems->parse_error) + bss->valid_data |= IEEE80211_BSS_VALID_ERP; + } + + /* replace old supported rates if we get new values */ + if (!elems->parse_error || + !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) { + srlen = 0; + if (elems->supp_rates) { + clen = IEEE80211_MAX_SUPP_RATES; + if (clen > elems->supp_rates_len) + clen = elems->supp_rates_len; + memcpy(bss->supp_rates, elems->supp_rates, clen); + srlen += clen; + } + if (elems->ext_supp_rates) { + clen = IEEE80211_MAX_SUPP_RATES - srlen; + if (clen > elems->ext_supp_rates_len) + clen = elems->ext_supp_rates_len; + memcpy(bss->supp_rates + srlen, elems->ext_supp_rates, + clen); + srlen += clen; + } + if (srlen) { + bss->supp_rates_len = srlen; + if (!elems->parse_error) + bss->valid_data |= IEEE80211_BSS_VALID_RATES; + } + } + + if (!elems->parse_error || + !(bss->valid_data & IEEE80211_BSS_VALID_WMM)) { + bss->wmm_used = elems->wmm_param || elems->wmm_info; + bss->uapsd_supported = is_uapsd_supported(elems); + if (!elems->parse_error) + bss->valid_data |= IEEE80211_BSS_VALID_WMM; + } + + if (beacon) { + struct ieee80211_supported_band *sband = + local->hw.wiphy->bands[rx_status->band]; + if (!(rx_status->encoding == RX_ENC_HT) && + !(rx_status->encoding == RX_ENC_VHT)) + bss->beacon_rate = + &sband->bitrates[rx_status->rate_idx]; + } +} + struct ieee80211_bss * ieee80211_bss_info_update(struct ieee80211_local *local, struct ieee80211_rx_status *rx_status, @@ -67,7 +146,6 @@ ieee80211_bss_info_update(struct ieee80211_local *local, bool beacon = ieee80211_is_beacon(mgmt->frame_control); struct cfg80211_bss *cbss; struct ieee80211_bss *bss; - int clen, srlen; struct cfg80211_inform_bss bss_meta = { .boottime_ns = rx_status->boottime_ns, }; @@ -132,75 +210,7 @@ ieee80211_bss_info_update(struct ieee80211_local *local, rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL; bss = (void *)cbss->priv; - - if (beacon) - bss->device_ts_beacon = rx_status->device_timestamp; - else - bss->device_ts_presp = rx_status->device_timestamp; - - if (elems.parse_error) { - if (beacon) - bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON; - else - bss->corrupt_data |= IEEE80211_BSS_CORRUPT_PROBE_RESP; - } else { - if (beacon) - bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_BEACON; - else - bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_PROBE_RESP; - } - - /* save the ERP value so that it is available at association time */ - if (elems.erp_info && (!elems.parse_error || - !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) { - bss->erp_value = elems.erp_info[0]; - bss->has_erp_value = true; - if (!elems.parse_error) - bss->valid_data |= IEEE80211_BSS_VALID_ERP; - } - - /* replace old supported rates if we get new values */ - if (!elems.parse_error || - !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) { - srlen = 0; - if (elems.supp_rates) { - clen = IEEE80211_MAX_SUPP_RATES; - if (clen > elems.supp_rates_len) - clen = elems.supp_rates_len; - memcpy(bss->supp_rates, elems.supp_rates, clen); - srlen += clen; - } - if (elems.ext_supp_rates) { - clen = IEEE80211_MAX_SUPP_RATES - srlen; - if (clen > elems.ext_supp_rates_len) - clen = elems.ext_supp_rates_len; - memcpy(bss->supp_rates + srlen, elems.ext_supp_rates, - clen); - srlen += clen; - } - if (srlen) { - bss->supp_rates_len = srlen; - if (!elems.parse_error) - bss->valid_data |= IEEE80211_BSS_VALID_RATES; - } - } - - if (!elems.parse_error || - !(bss->valid_data & IEEE80211_BSS_VALID_WMM)) { - bss->wmm_used = elems.wmm_param || elems.wmm_info; - bss->uapsd_supported = is_uapsd_supported(&elems); - if (!elems.parse_error) - bss->valid_data |= IEEE80211_BSS_VALID_WMM; - } - - if (beacon) { - struct ieee80211_supported_band *sband = - local->hw.wiphy->bands[rx_status->band]; - if (!(rx_status->encoding == RX_ENC_HT) && - !(rx_status->encoding == RX_ENC_VHT)) - bss->beacon_rate = - &sband->bitrates[rx_status->rate_idx]; - } + ieee80211_update_bss_from_elems(local, bss, &elems, rx_status, beacon); return bss; } From 0b8fb8235be8be99a197e8d948fc0a2df8dc261a Mon Sep 17 00:00:00 2001 From: Peng Xu Date: Mon, 21 Jan 2019 12:14:57 +0200 Subject: [PATCH 05/38] cfg80211: Parsing of Multiple BSSID information in scanning This extends cfg80211 BSS table processing to be able to parse Multiple BSSID element from Beacon and Probe Response frames and to update the BSS profiles in internal database for non-transmitted BSSs. Signed-off-by: Peng Xu Signed-off-by: Sara Sharon Signed-off-by: Jouni Malinen Signed-off-by: Johannes Berg --- net/wireless/core.h | 3 +- net/wireless/scan.c | 508 ++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 472 insertions(+), 39 deletions(-) diff --git a/net/wireless/core.h b/net/wireless/core.h index c5d6f3418601..a50b92ac77a1 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h @@ -3,7 +3,7 @@ * Wireless configuration interface internals. * * Copyright 2006-2010 Johannes Berg - * Copyright (C) 2018 Intel Corporation + * Copyright (C) 2018-2019 Intel Corporation */ #ifndef __NET_WIRELESS_CORE_H #define __NET_WIRELESS_CORE_H @@ -152,6 +152,7 @@ extern int cfg80211_rdev_list_generation; struct cfg80211_internal_bss { struct list_head list; struct list_head hidden_list; + struct list_head nontrans_list; struct rb_node rbn; u64 ts_boottime; unsigned long ts; diff --git a/net/wireless/scan.c b/net/wireless/scan.c index d2c9ca5f4f57..531c2e56413f 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -5,6 +5,7 @@ * Copyright 2008 Johannes Berg * Copyright 2013-2014 Intel Mobile Communications GmbH * Copyright 2016 Intel Deutschland GmbH + * Copyright (C) 2018-2019 Intel Corporation */ #include #include @@ -150,6 +151,7 @@ static bool __cfg80211_unlink_bss(struct cfg80211_registered_device *rdev, } list_del_init(&bss->list); + list_del_init(&bss->nontrans_list); rb_erase(&bss->rbn, &rdev->bss_tree); rdev->bss_entries--; WARN_ONCE((rdev->bss_entries == 0) ^ list_empty(&rdev->bss_list), @@ -159,6 +161,172 @@ static bool __cfg80211_unlink_bss(struct cfg80211_registered_device *rdev, return true; } +static void cfg80211_gen_new_bssid(const u8 *bssid, u8 max_bssid, + u8 mbssid_index, u8 *new_bssid_addr) +{ + u64 bssid_tmp, new_bssid = 0; + u64 lsb_n; + + bssid_tmp = ether_addr_to_u64(bssid); + + lsb_n = bssid_tmp & ((1 << max_bssid) - 1); + new_bssid = bssid_tmp; + new_bssid &= ~((1 << max_bssid) - 1); + new_bssid |= (lsb_n + mbssid_index) % (1 << max_bssid); + + u64_to_ether_addr(new_bssid, new_bssid_addr); +} + +static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, + const u8 *subelement, size_t subie_len, + u8 *new_ie, gfp_t gfp) +{ + u8 *pos, *tmp; + const u8 *tmp_old, *tmp_new; + u8 *sub_copy; + + /* copy subelement as we need to change its content to + * mark an ie after it is processed. + */ + sub_copy = kmalloc(subie_len, gfp); + if (!sub_copy) + return 0; + memcpy(sub_copy, subelement, subie_len); + + pos = &new_ie[0]; + + /* set new ssid */ + tmp_new = cfg80211_find_ie(WLAN_EID_SSID, sub_copy, subie_len); + if (tmp_new) { + memcpy(pos, tmp_new, tmp_new[1] + 2); + pos += (tmp_new[1] + 2); + } + + /* go through IEs in ie (skip SSID) and subelement, + * merge them into new_ie + */ + tmp_old = cfg80211_find_ie(WLAN_EID_SSID, ie, ielen); + tmp_old = (tmp_old) ? tmp_old + tmp_old[1] + 2 : ie; + + while (tmp_old + tmp_old[1] + 2 - ie <= ielen) { + if (tmp_old[0] == 0) { + tmp_old++; + continue; + } + + tmp = (u8 *)cfg80211_find_ie(tmp_old[0], sub_copy, subie_len); + if (!tmp) { + /* ie in old ie but not in subelement */ + if (tmp_old[0] != WLAN_EID_MULTIPLE_BSSID) { + memcpy(pos, tmp_old, tmp_old[1] + 2); + pos += tmp_old[1] + 2; + } + } else { + /* ie in transmitting ie also in subelement, + * copy from subelement and flag the ie in subelement + * as copied (by setting eid field to 0xff). For + * vendor ie, compare OUI + type + subType to + * determine if they are the same ie. + */ + if (tmp_old[0] == WLAN_EID_VENDOR_SPECIFIC) { + if (!memcmp(tmp_old + 2, tmp + 2, 5)) { + /* same vendor ie, copy from + * subelement + */ + memcpy(pos, tmp, tmp[1] + 2); + pos += tmp[1] + 2; + tmp[0] = 0xff; + } else { + memcpy(pos, tmp_old, tmp_old[1] + 2); + pos += tmp_old[1] + 2; + } + } else { + /* copy ie from subelement into new ie */ + memcpy(pos, tmp, tmp[1] + 2); + pos += tmp[1] + 2; + tmp[0] = 0xff; + } + } + + if (tmp_old + tmp_old[1] + 2 - ie == ielen) + break; + + tmp_old += tmp_old[1] + 2; + } + + /* go through subelement again to check if there is any ie not + * copied to new ie, skip ssid, capability, bssid-index ie + */ + tmp_new = sub_copy; + while (tmp_new + tmp_new[1] + 2 - sub_copy <= subie_len) { + if (!(tmp_new[0] == WLAN_EID_NON_TX_BSSID_CAP || + tmp_new[0] == WLAN_EID_SSID || + tmp_new[0] == WLAN_EID_MULTI_BSSID_IDX || + tmp_new[0] == 0xff)) { + memcpy(pos, tmp_new, tmp_new[1] + 2); + pos += tmp_new[1] + 2; + } + if (tmp_new + tmp_new[1] + 2 - sub_copy == subie_len) + break; + tmp_new += tmp_new[1] + 2; + } + + kfree(sub_copy); + return pos - new_ie; +} + +static bool is_bss(struct cfg80211_bss *a, const u8 *bssid, + const u8 *ssid, size_t ssid_len) +{ + const struct cfg80211_bss_ies *ies; + const u8 *ssidie; + + if (bssid && !ether_addr_equal(a->bssid, bssid)) + return false; + + if (!ssid) + return true; + + ies = rcu_access_pointer(a->ies); + if (!ies) + return false; + ssidie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len); + if (!ssidie) + return false; + if (ssidie[1] != ssid_len) + return false; + return memcmp(ssidie + 2, ssid, ssid_len) == 0; +} + +static int +cfg80211_add_nontrans_list(struct cfg80211_internal_bss *trans_bss, + struct cfg80211_internal_bss *nontrans_bss) +{ + const u8 *ssid; + size_t ssid_len; + struct cfg80211_internal_bss *bss = NULL; + + rcu_read_lock(); + ssid = ieee80211_bss_get_ie(&nontrans_bss->pub, WLAN_EID_SSID); + if (!ssid) { + rcu_read_unlock(); + return -EINVAL; + } + ssid_len = ssid[1]; + ssid = ssid + 2; + rcu_read_unlock(); + + /* check if nontrans_bss is in the list */ + list_for_each_entry(bss, &trans_bss->nontrans_list, nontrans_list) { + if (is_bss(&bss->pub, nontrans_bss->pub.bssid, ssid, ssid_len)) + return 0; + } + + /* add to the list */ + list_add_tail(&nontrans_bss->nontrans_list, &trans_bss->nontrans_list); + return 0; +} + static void __cfg80211_bss_expire(struct cfg80211_registered_device *rdev, unsigned long expire_time) { @@ -518,29 +686,6 @@ const struct element *cfg80211_find_vendor_elem(unsigned int oui, int oui_type, } EXPORT_SYMBOL(cfg80211_find_vendor_elem); -static bool is_bss(struct cfg80211_bss *a, const u8 *bssid, - const u8 *ssid, size_t ssid_len) -{ - const struct cfg80211_bss_ies *ies; - const u8 *ssidie; - - if (bssid && !ether_addr_equal(a->bssid, bssid)) - return false; - - if (!ssid) - return true; - - ies = rcu_access_pointer(a->ies); - if (!ies) - return false; - ssidie = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len); - if (!ssidie) - return false; - if (ssidie[1] != ssid_len) - return false; - return memcmp(ssidie + 2, ssid, ssid_len) == 0; -} - /** * enum bss_compare_mode - BSS compare mode * @BSS_CMP_REGULAR: regular compare mode (for insertion and normal find) @@ -1002,6 +1147,7 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev, memcpy(new, tmp, sizeof(*new)); new->refcount = 1; INIT_LIST_HEAD(&new->hidden_list); + INIT_LIST_HEAD(&new->nontrans_list); if (rcu_access_pointer(tmp->pub.proberesp_ies)) { hidden = rb_find_bss(rdev, tmp, BSS_CMP_HIDE_ZLEN); @@ -1123,17 +1269,19 @@ cfg80211_get_bss_channel(struct wiphy *wiphy, const u8 *ie, size_t ielen, } /* Returned bss is reference counted and must be cleaned up appropriately. */ -struct cfg80211_bss * -cfg80211_inform_bss_data(struct wiphy *wiphy, - struct cfg80211_inform_bss *data, - enum cfg80211_bss_frame_type ftype, - const u8 *bssid, u64 tsf, u16 capability, - u16 beacon_interval, const u8 *ie, size_t ielen, - gfp_t gfp) +static struct cfg80211_bss * +cfg80211_inform_single_bss_data(struct wiphy *wiphy, + struct cfg80211_inform_bss *data, + enum cfg80211_bss_frame_type ftype, + const u8 *bssid, u64 tsf, u16 capability, + u16 beacon_interval, const u8 *ie, size_t ielen, + struct cfg80211_bss *trans_bss, + gfp_t gfp) { + struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); struct cfg80211_bss_ies *ies; struct ieee80211_channel *channel; - struct cfg80211_internal_bss tmp = {}, *res; + struct cfg80211_internal_bss tmp = {}, *res, *trans_internal; int bss_type; bool signal_valid; @@ -1202,19 +1350,252 @@ cfg80211_inform_bss_data(struct wiphy *wiphy, regulatory_hint_found_beacon(wiphy, channel, gfp); } + if (trans_bss) { + /* this is a nontransmitting bss, we need to add it to + * transmitting bss' list if it is not there + */ + trans_internal = container_of(trans_bss, + struct cfg80211_internal_bss, + pub); + if (cfg80211_add_nontrans_list(trans_internal, res)) { + if (__cfg80211_unlink_bss(rdev, res)) + rdev->bss_generation++; + } + } + trace_cfg80211_return_bss(&res->pub); /* cfg80211_bss_update gives us a referenced result */ return &res->pub; } + +static void cfg80211_parse_mbssid_data(struct wiphy *wiphy, + struct cfg80211_inform_bss *data, + enum cfg80211_bss_frame_type ftype, + const u8 *bssid, u64 tsf, + u16 beacon_interval, const u8 *ie, + size_t ielen, + struct cfg80211_bss *trans_bss, + gfp_t gfp) +{ + const u8 *pos, *subelement, *mbssid_end_pos; + const u8 *tmp, *mbssid_index_ie; + size_t subie_len, new_ie_len; + u8 new_bssid[ETH_ALEN]; + u8 *new_ie; + u16 capability; + struct cfg80211_bss *bss; + + if (!trans_bss) + return; + if (!cfg80211_find_ie(WLAN_EID_MULTIPLE_BSSID, ie, ielen)) + return; + + pos = ie; + + new_ie = kmalloc(IEEE80211_MAX_DATA_LEN, gfp); + if (!new_ie) + return; + + while (pos < ie + ielen + 2) { + tmp = cfg80211_find_ie(WLAN_EID_MULTIPLE_BSSID, pos, + ielen - (pos - ie)); + if (!tmp) + break; + + mbssid_end_pos = tmp + tmp[1] + 2; + /* Skip Element ID, Len, MaxBSSID Indicator */ + if (tmp[1] < 4) + break; + for (subelement = tmp + 3; subelement < mbssid_end_pos - 1; + subelement += 2 + subelement[1]) { + subie_len = subelement[1]; + if (mbssid_end_pos - subelement < 2 + subie_len) + break; + if (subelement[0] != 0 || subelement[1] < 4) { + /* not a valid BSS profile */ + continue; + } + + if (subelement[2] != WLAN_EID_NON_TX_BSSID_CAP || + subelement[3] != 2) { + /* The first element within the Nontransmitted + * BSSID Profile is not the Nontransmitted + * BSSID Capability element. + */ + continue; + } + + /* found a Nontransmitted BSSID Profile */ + mbssid_index_ie = cfg80211_find_ie + (WLAN_EID_MULTI_BSSID_IDX, + subelement + 2, subie_len); + if (!mbssid_index_ie || mbssid_index_ie[1] < 1 || + mbssid_index_ie[2] == 0) { + /* No valid Multiple BSSID-Index element */ + continue; + } + + cfg80211_gen_new_bssid(bssid, tmp[2], + mbssid_index_ie[2], + new_bssid); + memset(new_ie, 0, IEEE80211_MAX_DATA_LEN); + new_ie_len = cfg80211_gen_new_ie(ie, ielen, + subelement + 2, + subie_len, new_ie, + gfp); + if (!new_ie_len) + continue; + + capability = le16_to_cpup((const __le16 *) + &subelement[4]); + bss = cfg80211_inform_single_bss_data(wiphy, data, + ftype, + new_bssid, tsf, + capability, + beacon_interval, + new_ie, + new_ie_len, + trans_bss, gfp); + if (!bss) + break; + cfg80211_put_bss(wiphy, bss); + } + + pos = mbssid_end_pos; + } + + kfree(new_ie); +} + +struct cfg80211_bss * +cfg80211_inform_bss_data(struct wiphy *wiphy, + struct cfg80211_inform_bss *data, + enum cfg80211_bss_frame_type ftype, + const u8 *bssid, u64 tsf, u16 capability, + u16 beacon_interval, const u8 *ie, size_t ielen, + gfp_t gfp) +{ + struct cfg80211_bss *res; + + res = cfg80211_inform_single_bss_data(wiphy, data, ftype, bssid, tsf, + capability, beacon_interval, ie, + ielen, NULL, gfp); + cfg80211_parse_mbssid_data(wiphy, data, ftype, bssid, tsf, + beacon_interval, ie, ielen, res, gfp); + return res; +} EXPORT_SYMBOL(cfg80211_inform_bss_data); -/* cfg80211_inform_bss_width_frame helper */ -struct cfg80211_bss * -cfg80211_inform_bss_frame_data(struct wiphy *wiphy, - struct cfg80211_inform_bss *data, - struct ieee80211_mgmt *mgmt, size_t len, - gfp_t gfp) +static void +cfg80211_parse_mbssid_frame_data(struct wiphy *wiphy, + struct cfg80211_inform_bss *data, + struct ieee80211_mgmt *mgmt, size_t len, + struct cfg80211_bss *trans_bss, + gfp_t gfp) +{ + enum cfg80211_bss_frame_type ftype; + const u8 *ie = mgmt->u.probe_resp.variable; + size_t ielen = len - offsetof(struct ieee80211_mgmt, + u.probe_resp.variable); + ftype = ieee80211_is_beacon(mgmt->frame_control) ? + CFG80211_BSS_FTYPE_BEACON : CFG80211_BSS_FTYPE_PRESP; + + cfg80211_parse_mbssid_data(wiphy, data, ftype, mgmt->bssid, + le64_to_cpu(mgmt->u.probe_resp.timestamp), + le16_to_cpu(mgmt->u.probe_resp.beacon_int), + ie, ielen, trans_bss, gfp); +} + +static void +cfg80211_update_notlisted_nontrans(struct wiphy *wiphy, + struct cfg80211_internal_bss *nontrans_bss, + struct ieee80211_mgmt *mgmt, size_t len, + gfp_t gfp) +{ + u8 *ie, *new_ie, *pos; + const u8 *nontrans_ssid, *trans_ssid, *mbssid; + size_t ielen = len - offsetof(struct ieee80211_mgmt, + u.probe_resp.variable); + size_t new_ie_len; + struct cfg80211_bss_ies *new_ies; + const struct cfg80211_bss_ies *old; + u8 cpy_len; + + ie = mgmt->u.probe_resp.variable; + + new_ie_len = ielen; + trans_ssid = cfg80211_find_ie(WLAN_EID_SSID, ie, ielen); + if (!trans_ssid) + return; + new_ie_len -= trans_ssid[1]; + mbssid = cfg80211_find_ie(WLAN_EID_MULTIPLE_BSSID, ie, ielen); + if (!mbssid) + return; + new_ie_len -= mbssid[1]; + rcu_read_lock(); + nontrans_ssid = ieee80211_bss_get_ie(&nontrans_bss->pub, WLAN_EID_SSID); + if (!nontrans_ssid) { + rcu_read_unlock(); + return; + } + new_ie_len += nontrans_ssid[1]; + rcu_read_unlock(); + + /* generate new ie for nontrans BSS + * 1. replace SSID with nontrans BSS' SSID + * 2. skip MBSSID IE + */ + new_ie = kzalloc(new_ie_len, gfp); + if (!new_ie) + return; + new_ies = kzalloc(sizeof(*new_ies) + new_ie_len, gfp); + if (!new_ies) { + kfree(new_ie); + return; + } + + pos = new_ie; + + /* copy the nontransmitted SSID */ + cpy_len = nontrans_ssid[1] + 2; + memcpy(pos, nontrans_ssid, cpy_len); + pos += cpy_len; + /* copy the IEs between SSID and MBSSID */ + cpy_len = trans_ssid[1] + 2; + memcpy(pos, (trans_ssid + cpy_len), (mbssid - (trans_ssid + cpy_len))); + pos += (mbssid - (trans_ssid + cpy_len)); + /* copy the IEs after MBSSID */ + cpy_len = mbssid[1] + 2; + memcpy(pos, mbssid + cpy_len, ((ie + ielen) - (mbssid + cpy_len))); + + /* update ie */ + new_ies->len = new_ie_len; + new_ies->tsf = le64_to_cpu(mgmt->u.probe_resp.timestamp); + new_ies->from_beacon = ieee80211_is_beacon(mgmt->frame_control); + memcpy(new_ies->data, new_ie, new_ie_len); + if (ieee80211_is_probe_resp(mgmt->frame_control)) { + old = rcu_access_pointer(nontrans_bss->pub.proberesp_ies); + rcu_assign_pointer(nontrans_bss->pub.proberesp_ies, new_ies); + rcu_assign_pointer(nontrans_bss->pub.ies, new_ies); + if (old) + kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); + } else { + old = rcu_access_pointer(nontrans_bss->pub.beacon_ies); + rcu_assign_pointer(nontrans_bss->pub.beacon_ies, new_ies); + rcu_assign_pointer(nontrans_bss->pub.ies, new_ies); + if (old) + kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); + } +} + +/* cfg80211_inform_bss_width_frame helper */ +static struct cfg80211_bss * +cfg80211_inform_single_bss_frame_data(struct wiphy *wiphy, + struct cfg80211_inform_bss *data, + struct ieee80211_mgmt *mgmt, size_t len, + struct cfg80211_bss *trans_bss, + gfp_t gfp) { struct cfg80211_internal_bss tmp = {}, *res; struct cfg80211_bss_ies *ies; @@ -1293,6 +1674,50 @@ cfg80211_inform_bss_frame_data(struct wiphy *wiphy, /* cfg80211_bss_update gives us a referenced result */ return &res->pub; } + +struct cfg80211_bss * +cfg80211_inform_bss_frame_data(struct wiphy *wiphy, + struct cfg80211_inform_bss *data, + struct ieee80211_mgmt *mgmt, size_t len, + gfp_t gfp) +{ + struct cfg80211_bss *res; + struct cfg80211_internal_bss *trans_bss, *tmp_bss; + const u8 *ie = mgmt->u.probe_resp.variable; + const struct cfg80211_bss_ies *ies1, *ies2; + size_t ielen = len - offsetof(struct ieee80211_mgmt, + u.probe_resp.variable); + + res = cfg80211_inform_single_bss_frame_data(wiphy, data, mgmt, + len, NULL, gfp); + if (!res || !cfg80211_find_ie(WLAN_EID_MULTIPLE_BSSID, ie, ielen)) + return res; + + /* process each non-transmitting bss */ + cfg80211_parse_mbssid_frame_data(wiphy, data, mgmt, len, res, gfp); + + /* check if the res has other nontransmitting bss which is not + * in MBSSID IE + */ + ies1 = rcu_access_pointer(res->ies); + trans_bss = container_of(res, struct cfg80211_internal_bss, pub); + if (!trans_bss) + return res; + + /* go through nontrans_list, if the timestamp of the BSS is + * earlier than the timestamp of the transmitting BSS then + * update it + */ + list_for_each_entry(tmp_bss, &trans_bss->nontrans_list, + nontrans_list) { + ies2 = rcu_access_pointer(tmp_bss->pub.ies); + if (ies2->tsf < ies1->tsf) + cfg80211_update_notlisted_nontrans(wiphy, tmp_bss, + mgmt, len, gfp); + } + + return res; +} EXPORT_SYMBOL(cfg80211_inform_bss_frame_data); void cfg80211_ref_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) @@ -1330,7 +1755,7 @@ EXPORT_SYMBOL(cfg80211_put_bss); void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) { struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); - struct cfg80211_internal_bss *bss; + struct cfg80211_internal_bss *bss, *nontrans_bss, *tmp; if (WARN_ON(!pub)) return; @@ -1339,6 +1764,13 @@ void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) spin_lock_bh(&rdev->bss_lock); if (!list_empty(&bss->list)) { + list_for_each_entry_safe(nontrans_bss, tmp, + &bss->nontrans_list, + nontrans_list) { + if (__cfg80211_unlink_bss(rdev, nontrans_bss)) + rdev->bss_generation++; + } + if (__cfg80211_unlink_bss(rdev, bss)) rdev->bss_generation++; } From 1c8745f3ec6f46f5fa99dbcdf92381144ae1b37f Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 7 Feb 2019 22:36:33 +0100 Subject: [PATCH 06/38] cfg80211: use for_each_element() for multi-bssid parsing Use the new for_each_element() helper here, we cannot use for_each_subelement() since we have a fixed 1 byte before the subelements start. While at it, also fix le16_to_cpup() to be get_unaligned_le16() since we don't know anything about alignment. Signed-off-by: Johannes Berg --- net/wireless/scan.c | 47 +++++++++++++++------------------------------ 1 file changed, 15 insertions(+), 32 deletions(-) diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 531c2e56413f..54feb7741c26 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -1377,9 +1377,9 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy, struct cfg80211_bss *trans_bss, gfp_t gfp) { - const u8 *pos, *subelement, *mbssid_end_pos; - const u8 *tmp, *mbssid_index_ie; - size_t subie_len, new_ie_len; + const u8 *mbssid_index_ie; + const struct element *elem, *sub; + size_t new_ie_len; u8 new_bssid[ETH_ALEN]; u8 *new_ie; u16 capability; @@ -1390,34 +1390,21 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy, if (!cfg80211_find_ie(WLAN_EID_MULTIPLE_BSSID, ie, ielen)) return; - pos = ie; - new_ie = kmalloc(IEEE80211_MAX_DATA_LEN, gfp); if (!new_ie) return; - while (pos < ie + ielen + 2) { - tmp = cfg80211_find_ie(WLAN_EID_MULTIPLE_BSSID, pos, - ielen - (pos - ie)); - if (!tmp) - break; - - mbssid_end_pos = tmp + tmp[1] + 2; - /* Skip Element ID, Len, MaxBSSID Indicator */ - if (tmp[1] < 4) - break; - for (subelement = tmp + 3; subelement < mbssid_end_pos - 1; - subelement += 2 + subelement[1]) { - subie_len = subelement[1]; - if (mbssid_end_pos - subelement < 2 + subie_len) - break; - if (subelement[0] != 0 || subelement[1] < 4) { + for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID, ie, ielen) { + if (elem->datalen < 4) + continue; + for_each_element(sub, elem->data + 1, elem->datalen - 1) { + if (sub->id != 0 || sub->datalen < 4) { /* not a valid BSS profile */ continue; } - if (subelement[2] != WLAN_EID_NON_TX_BSSID_CAP || - subelement[3] != 2) { + if (sub->data[0] != WLAN_EID_NON_TX_BSSID_CAP || + sub->data[1] != 2) { /* The first element within the Nontransmitted * BSSID Profile is not the Nontransmitted * BSSID Capability element. @@ -1428,26 +1415,24 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy, /* found a Nontransmitted BSSID Profile */ mbssid_index_ie = cfg80211_find_ie (WLAN_EID_MULTI_BSSID_IDX, - subelement + 2, subie_len); + sub->data, sub->datalen); if (!mbssid_index_ie || mbssid_index_ie[1] < 1 || mbssid_index_ie[2] == 0) { /* No valid Multiple BSSID-Index element */ continue; } - cfg80211_gen_new_bssid(bssid, tmp[2], + cfg80211_gen_new_bssid(bssid, elem->data[0], mbssid_index_ie[2], new_bssid); memset(new_ie, 0, IEEE80211_MAX_DATA_LEN); - new_ie_len = cfg80211_gen_new_ie(ie, ielen, - subelement + 2, - subie_len, new_ie, + new_ie_len = cfg80211_gen_new_ie(ie, ielen, sub->data, + sub->datalen, new_ie, gfp); if (!new_ie_len) continue; - capability = le16_to_cpup((const __le16 *) - &subelement[4]); + capability = get_unaligned_le16(sub->data + 2); bss = cfg80211_inform_single_bss_data(wiphy, data, ftype, new_bssid, tsf, @@ -1460,8 +1445,6 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy, break; cfg80211_put_bss(wiphy, bss); } - - pos = mbssid_end_pos; } kfree(new_ie); From a3584f56de1c808d4383a275b4a74467b19e5645 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Mon, 21 Jan 2019 12:22:21 +0200 Subject: [PATCH 07/38] cfg80211: Properly track transmitting and non-transmitting BSS When holding data of the non-transmitting BSS, we need to keep the transmitting BSS data on. Otherwise it will be released, and release the non-transmitting BSS with it. Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg --- net/wireless/core.h | 12 ++++++++++++ net/wireless/scan.c | 36 ++++++++++++++++++++++++++++++++++-- 2 files changed, 46 insertions(+), 2 deletions(-) diff --git a/net/wireless/core.h b/net/wireless/core.h index a50b92ac77a1..c20c75df60f5 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h @@ -153,6 +153,7 @@ struct cfg80211_internal_bss { struct list_head list; struct list_head hidden_list; struct list_head nontrans_list; + struct cfg80211_bss *transmitted_bss; struct rb_node rbn; u64 ts_boottime; unsigned long ts; @@ -183,12 +184,23 @@ static inline struct cfg80211_internal_bss *bss_from_pub(struct cfg80211_bss *pu static inline void cfg80211_hold_bss(struct cfg80211_internal_bss *bss) { atomic_inc(&bss->hold); + if (bss->transmitted_bss) { + bss = container_of(bss->transmitted_bss, + struct cfg80211_internal_bss, pub); + atomic_inc(&bss->hold); + } } static inline void cfg80211_unhold_bss(struct cfg80211_internal_bss *bss) { int r = atomic_dec_return(&bss->hold); WARN_ON(r < 0); + if (bss->transmitted_bss) { + bss = container_of(bss->transmitted_bss, + struct cfg80211_internal_bss, pub); + r = atomic_dec_return(&bss->hold); + WARN_ON(r < 0); + } } diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 54feb7741c26..d5950a23e619 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -110,6 +110,12 @@ static inline void bss_ref_get(struct cfg80211_registered_device *rdev, pub); bss->refcount++; } + if (bss->transmitted_bss) { + bss = container_of(bss->transmitted_bss, + struct cfg80211_internal_bss, + pub); + bss->refcount++; + } } static inline void bss_ref_put(struct cfg80211_registered_device *rdev, @@ -126,6 +132,18 @@ static inline void bss_ref_put(struct cfg80211_registered_device *rdev, if (hbss->refcount == 0) bss_free(hbss); } + + if (bss->transmitted_bss) { + struct cfg80211_internal_bss *tbss; + + tbss = container_of(bss->transmitted_bss, + struct cfg80211_internal_bss, + pub); + tbss->refcount--; + if (tbss->refcount == 0) + bss_free(tbss); + } + bss->refcount--; if (bss->refcount == 0) bss_free(bss); @@ -1024,6 +1042,7 @@ static bool cfg80211_combine_bsses(struct cfg80211_registered_device *rdev, static struct cfg80211_internal_bss * cfg80211_bss_update(struct cfg80211_registered_device *rdev, struct cfg80211_internal_bss *tmp, + struct cfg80211_bss *trans_bss, bool signal_valid) { struct cfg80211_internal_bss *found = NULL; @@ -1181,6 +1200,17 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev, goto drop; } + /* This must be before the call to bss_ref_get */ + if (trans_bss) { + struct cfg80211_internal_bss *pbss = + container_of(trans_bss, + struct cfg80211_internal_bss, + pub); + + new->transmitted_bss = trans_bss; + bss_ref_get(rdev, pbss); + } + list_add_tail(&new->list, &rdev->bss_list); rdev->bss_entries++; rb_insert_bss(rdev, new); @@ -1336,7 +1366,8 @@ cfg80211_inform_single_bss_data(struct wiphy *wiphy, signal_valid = abs(data->chan->center_freq - channel->center_freq) <= wiphy->max_adj_channel_rssi_comp; - res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid); + res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, trans_bss, + signal_valid); if (!res) return NULL; @@ -1639,7 +1670,8 @@ cfg80211_inform_single_bss_frame_data(struct wiphy *wiphy, signal_valid = abs(data->chan->center_freq - channel->center_freq) <= wiphy->max_adj_channel_rssi_comp; - res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid); + res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, trans_bss, + signal_valid); if (!res) return NULL; From 7011ba583f425780ab1ee52f41161a0171197365 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Mon, 21 Jan 2019 12:25:59 +0200 Subject: [PATCH 08/38] cfg80211: Move Multiple BSS info to struct cfg80211_bss to be visible Previously the transmitted BSS and the non-trasmitted BSS list were defined in struct cfg80211_internal_bss. Move them to struct cfg80211_bss since mac80211 needs this info. Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg --- include/net/cfg80211.h | 4 ++- net/wireless/core.h | 10 +++--- net/wireless/scan.c | 80 ++++++++++++++++++++---------------------- 3 files changed, 46 insertions(+), 48 deletions(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index c077de7fbd8a..86de6b62a44b 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -6,7 +6,7 @@ * Copyright 2006-2010 Johannes Berg * Copyright 2013-2014 Intel Mobile Communications GmbH * Copyright 2015-2017 Intel Deutschland GmbH - * Copyright (C) 2018 Intel Corporation + * Copyright (C) 2018-2019 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -2049,6 +2049,8 @@ struct cfg80211_bss { const struct cfg80211_bss_ies __rcu *proberesp_ies; struct cfg80211_bss *hidden_beacon_bss; + struct cfg80211_bss *transmitted_bss; + struct list_head nontrans_list; s32 signal; diff --git a/net/wireless/core.h b/net/wireless/core.h index c20c75df60f5..f257a2b32ba4 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h @@ -152,8 +152,6 @@ extern int cfg80211_rdev_list_generation; struct cfg80211_internal_bss { struct list_head list; struct list_head hidden_list; - struct list_head nontrans_list; - struct cfg80211_bss *transmitted_bss; struct rb_node rbn; u64 ts_boottime; unsigned long ts; @@ -184,8 +182,8 @@ static inline struct cfg80211_internal_bss *bss_from_pub(struct cfg80211_bss *pu static inline void cfg80211_hold_bss(struct cfg80211_internal_bss *bss) { atomic_inc(&bss->hold); - if (bss->transmitted_bss) { - bss = container_of(bss->transmitted_bss, + if (bss->pub.transmitted_bss) { + bss = container_of(bss->pub.transmitted_bss, struct cfg80211_internal_bss, pub); atomic_inc(&bss->hold); } @@ -195,8 +193,8 @@ static inline void cfg80211_unhold_bss(struct cfg80211_internal_bss *bss) { int r = atomic_dec_return(&bss->hold); WARN_ON(r < 0); - if (bss->transmitted_bss) { - bss = container_of(bss->transmitted_bss, + if (bss->pub.transmitted_bss) { + bss = container_of(bss->pub.transmitted_bss, struct cfg80211_internal_bss, pub); r = atomic_dec_return(&bss->hold); WARN_ON(r < 0); diff --git a/net/wireless/scan.c b/net/wireless/scan.c index d5950a23e619..325323a842d8 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -110,8 +110,8 @@ static inline void bss_ref_get(struct cfg80211_registered_device *rdev, pub); bss->refcount++; } - if (bss->transmitted_bss) { - bss = container_of(bss->transmitted_bss, + if (bss->pub.transmitted_bss) { + bss = container_of(bss->pub.transmitted_bss, struct cfg80211_internal_bss, pub); bss->refcount++; @@ -133,10 +133,10 @@ static inline void bss_ref_put(struct cfg80211_registered_device *rdev, bss_free(hbss); } - if (bss->transmitted_bss) { + if (bss->pub.transmitted_bss) { struct cfg80211_internal_bss *tbss; - tbss = container_of(bss->transmitted_bss, + tbss = container_of(bss->pub.transmitted_bss, struct cfg80211_internal_bss, pub); tbss->refcount--; @@ -169,7 +169,7 @@ static bool __cfg80211_unlink_bss(struct cfg80211_registered_device *rdev, } list_del_init(&bss->list); - list_del_init(&bss->nontrans_list); + list_del_init(&bss->pub.nontrans_list); rb_erase(&bss->rbn, &rdev->bss_tree); rdev->bss_entries--; WARN_ONCE((rdev->bss_entries == 0) ^ list_empty(&rdev->bss_list), @@ -317,15 +317,15 @@ static bool is_bss(struct cfg80211_bss *a, const u8 *bssid, } static int -cfg80211_add_nontrans_list(struct cfg80211_internal_bss *trans_bss, - struct cfg80211_internal_bss *nontrans_bss) +cfg80211_add_nontrans_list(struct cfg80211_bss *trans_bss, + struct cfg80211_bss *nontrans_bss) { const u8 *ssid; size_t ssid_len; - struct cfg80211_internal_bss *bss = NULL; + struct cfg80211_bss *bss = NULL; rcu_read_lock(); - ssid = ieee80211_bss_get_ie(&nontrans_bss->pub, WLAN_EID_SSID); + ssid = ieee80211_bss_get_ie(nontrans_bss, WLAN_EID_SSID); if (!ssid) { rcu_read_unlock(); return -EINVAL; @@ -336,7 +336,7 @@ cfg80211_add_nontrans_list(struct cfg80211_internal_bss *trans_bss, /* check if nontrans_bss is in the list */ list_for_each_entry(bss, &trans_bss->nontrans_list, nontrans_list) { - if (is_bss(&bss->pub, nontrans_bss->pub.bssid, ssid, ssid_len)) + if (is_bss(bss, nontrans_bss->bssid, ssid, ssid_len)) return 0; } @@ -1166,7 +1166,7 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev, memcpy(new, tmp, sizeof(*new)); new->refcount = 1; INIT_LIST_HEAD(&new->hidden_list); - INIT_LIST_HEAD(&new->nontrans_list); + INIT_LIST_HEAD(&new->pub.nontrans_list); if (rcu_access_pointer(tmp->pub.proberesp_ies)) { hidden = rb_find_bss(rdev, tmp, BSS_CMP_HIDE_ZLEN); @@ -1207,7 +1207,7 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev, struct cfg80211_internal_bss, pub); - new->transmitted_bss = trans_bss; + new->pub.transmitted_bss = trans_bss; bss_ref_get(rdev, pbss); } @@ -1311,7 +1311,7 @@ cfg80211_inform_single_bss_data(struct wiphy *wiphy, struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); struct cfg80211_bss_ies *ies; struct ieee80211_channel *channel; - struct cfg80211_internal_bss tmp = {}, *res, *trans_internal; + struct cfg80211_internal_bss tmp = {}, *res; int bss_type; bool signal_valid; @@ -1385,10 +1385,7 @@ cfg80211_inform_single_bss_data(struct wiphy *wiphy, /* this is a nontransmitting bss, we need to add it to * transmitting bss' list if it is not there */ - trans_internal = container_of(trans_bss, - struct cfg80211_internal_bss, - pub); - if (cfg80211_add_nontrans_list(trans_internal, res)) { + if (cfg80211_add_nontrans_list(trans_bss, &res->pub)) { if (__cfg80211_unlink_bss(rdev, res)) rdev->bss_generation++; } @@ -1523,7 +1520,7 @@ cfg80211_parse_mbssid_frame_data(struct wiphy *wiphy, static void cfg80211_update_notlisted_nontrans(struct wiphy *wiphy, - struct cfg80211_internal_bss *nontrans_bss, + struct cfg80211_bss *nontrans_bss, struct ieee80211_mgmt *mgmt, size_t len, gfp_t gfp) { @@ -1548,7 +1545,7 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy, return; new_ie_len -= mbssid[1]; rcu_read_lock(); - nontrans_ssid = ieee80211_bss_get_ie(&nontrans_bss->pub, WLAN_EID_SSID); + nontrans_ssid = ieee80211_bss_get_ie(nontrans_bss, WLAN_EID_SSID); if (!nontrans_ssid) { rcu_read_unlock(); return; @@ -1589,15 +1586,15 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy, new_ies->from_beacon = ieee80211_is_beacon(mgmt->frame_control); memcpy(new_ies->data, new_ie, new_ie_len); if (ieee80211_is_probe_resp(mgmt->frame_control)) { - old = rcu_access_pointer(nontrans_bss->pub.proberesp_ies); - rcu_assign_pointer(nontrans_bss->pub.proberesp_ies, new_ies); - rcu_assign_pointer(nontrans_bss->pub.ies, new_ies); + old = rcu_access_pointer(nontrans_bss->proberesp_ies); + rcu_assign_pointer(nontrans_bss->proberesp_ies, new_ies); + rcu_assign_pointer(nontrans_bss->ies, new_ies); if (old) kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); } else { - old = rcu_access_pointer(nontrans_bss->pub.beacon_ies); - rcu_assign_pointer(nontrans_bss->pub.beacon_ies, new_ies); - rcu_assign_pointer(nontrans_bss->pub.ies, new_ies); + old = rcu_access_pointer(nontrans_bss->beacon_ies); + rcu_assign_pointer(nontrans_bss->beacon_ies, new_ies); + rcu_assign_pointer(nontrans_bss->ies, new_ies); if (old) kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); } @@ -1696,8 +1693,7 @@ cfg80211_inform_bss_frame_data(struct wiphy *wiphy, struct ieee80211_mgmt *mgmt, size_t len, gfp_t gfp) { - struct cfg80211_bss *res; - struct cfg80211_internal_bss *trans_bss, *tmp_bss; + struct cfg80211_bss *res, *tmp_bss; const u8 *ie = mgmt->u.probe_resp.variable; const struct cfg80211_bss_ies *ies1, *ies2; size_t ielen = len - offsetof(struct ieee80211_mgmt, @@ -1715,17 +1711,14 @@ cfg80211_inform_bss_frame_data(struct wiphy *wiphy, * in MBSSID IE */ ies1 = rcu_access_pointer(res->ies); - trans_bss = container_of(res, struct cfg80211_internal_bss, pub); - if (!trans_bss) - return res; /* go through nontrans_list, if the timestamp of the BSS is * earlier than the timestamp of the transmitting BSS then * update it */ - list_for_each_entry(tmp_bss, &trans_bss->nontrans_list, + list_for_each_entry(tmp_bss, &res->nontrans_list, nontrans_list) { - ies2 = rcu_access_pointer(tmp_bss->pub.ies); + ies2 = rcu_access_pointer(tmp_bss->ies); if (ies2->tsf < ies1->tsf) cfg80211_update_notlisted_nontrans(wiphy, tmp_bss, mgmt, len, gfp); @@ -1770,7 +1763,8 @@ EXPORT_SYMBOL(cfg80211_put_bss); void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) { struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); - struct cfg80211_internal_bss *bss, *nontrans_bss, *tmp; + struct cfg80211_internal_bss *bss, *tmp1; + struct cfg80211_bss *nontrans_bss, *tmp; if (WARN_ON(!pub)) return; @@ -1778,17 +1772,21 @@ void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub) bss = container_of(pub, struct cfg80211_internal_bss, pub); spin_lock_bh(&rdev->bss_lock); - if (!list_empty(&bss->list)) { - list_for_each_entry_safe(nontrans_bss, tmp, - &bss->nontrans_list, - nontrans_list) { - if (__cfg80211_unlink_bss(rdev, nontrans_bss)) - rdev->bss_generation++; - } + if (list_empty(&bss->list)) + goto out; - if (__cfg80211_unlink_bss(rdev, bss)) + list_for_each_entry_safe(nontrans_bss, tmp, + &pub->nontrans_list, + nontrans_list) { + tmp1 = container_of(nontrans_bss, + struct cfg80211_internal_bss, pub); + if (__cfg80211_unlink_bss(rdev, tmp1)) rdev->bss_generation++; } + + if (__cfg80211_unlink_bss(rdev, bss)) + rdev->bss_generation++; +out: spin_unlock_bh(&rdev->bss_lock); } EXPORT_SYMBOL(cfg80211_unlink_bss); From 213ed579d38ef47c55694a4a411926af3dfc6558 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Wed, 16 Jan 2019 23:02:03 +0200 Subject: [PATCH 09/38] cfg80211: parse multi-bssid only if HW supports it Parsing and exposing nontransmitted APs is problematic when underlying HW doesn't support it. Do it only if driver indicated support. Allow HE restriction as well, since the HE spec defined the exact manner that Multiple BSSID set should behave. APs that not support the HE spec will have less predictable Multiple BSSID set support/behavior Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg --- include/net/cfg80211.h | 8 ++++++++ net/wireless/scan.c | 11 ++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 86de6b62a44b..67aeb7199617 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -4315,6 +4315,11 @@ struct cfg80211_pmsr_capabilities { * @txq_memory_limit: configuration internal TX queue memory limit * @txq_quantum: configuration of internal TX queue scheduler quantum * + * @support_mbssid: can HW support association with nontransmitted AP + * @support_only_he_mbssid: don't parse MBSSID elements if it is not + * HE AP, in order to avoid compatibility issues. + * @support_mbssid must be set for this to have any effect. + * * @pmsr_capa: peer measurement capabilities */ struct wiphy { @@ -4455,6 +4460,9 @@ struct wiphy { u32 txq_memory_limit; u32 txq_quantum; + u8 support_mbssid:1, + support_only_he_mbssid:1; + const struct cfg80211_pmsr_capabilities *pmsr_capa; char priv[0] __aligned(NETDEV_ALIGN); diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 325323a842d8..ab0f0178ee0e 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -1417,6 +1417,11 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy, return; if (!cfg80211_find_ie(WLAN_EID_MULTIPLE_BSSID, ie, ielen)) return; + if (!wiphy->support_mbssid) + return; + if (wiphy->support_only_he_mbssid && + !cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ie, ielen)) + return; new_ie = kmalloc(IEEE80211_MAX_DATA_LEN, gfp); if (!new_ie) @@ -1701,7 +1706,11 @@ cfg80211_inform_bss_frame_data(struct wiphy *wiphy, res = cfg80211_inform_single_bss_frame_data(wiphy, data, mgmt, len, NULL, gfp); - if (!res || !cfg80211_find_ie(WLAN_EID_MULTIPLE_BSSID, ie, ielen)) + if (!res || !wiphy->support_mbssid || + !cfg80211_find_ie(WLAN_EID_MULTIPLE_BSSID, ie, ielen)) + return res; + if (wiphy->support_only_he_mbssid && + !cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ie, ielen)) return res; /* process each non-transmitting bss */ From c17e28d1bcd357219264aaab37d5daba8181f9d3 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 7 Feb 2019 22:18:19 +0100 Subject: [PATCH 10/38] mac80211: use element iteration macro in parsing Instead of open-coding the element walk, use the new macro. Signed-off-by: Johannes Berg --- net/mac80211/util.c | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/net/mac80211/util.c b/net/mac80211/util.c index d0eb38b890aa..7fa9ba197c26 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -895,8 +895,7 @@ u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, struct ieee802_11_elems *elems, u64 filter, u32 crc) { - size_t left = len; - const u8 *pos = start; + struct element *elem; bool calc_crc = filter != 0; DECLARE_BITMAP(seen_elems, 256); const u8 *ie; @@ -906,18 +905,11 @@ u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, elems->ie_start = start; elems->total_len = len; - while (left >= 2) { - u8 id, elen; + for_each_element(elem, start, len) { bool elem_parse_failed; - - id = *pos++; - elen = *pos++; - left -= 2; - - if (elen > left) { - elems->parse_error = true; - break; - } + u8 id = elem->id; + u8 elen = elem->datalen; + const u8 *pos = elem->data; switch (id) { case WLAN_EID_SSID: @@ -960,8 +952,6 @@ u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, */ if (test_bit(id, seen_elems)) { elems->parse_error = true; - left -= elen; - pos += elen; continue; } break; @@ -1244,12 +1234,9 @@ u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, elems->parse_error = true; else __set_bit(id, seen_elems); - - left -= elen; - pos += elen; } - if (left != 0) + if (!for_each_element_completed(elem, start, len)) elems->parse_error = true; return crc; From 7ece9c372b21635120e7ab5ea3fc41ce9892ead8 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Wed, 16 Jan 2019 21:26:25 +0200 Subject: [PATCH 11/38] cfg80211: make BSSID generation function inline This will enable reuse by mac80211. Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg --- include/net/cfg80211.h | 23 +++++++++++++++++++++++ net/wireless/scan.c | 16 ---------------- 2 files changed, 23 insertions(+), 16 deletions(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 67aeb7199617..c33ebc41d797 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -5461,6 +5461,29 @@ cfg80211_inform_bss_frame(struct wiphy *wiphy, return cfg80211_inform_bss_frame_data(wiphy, &data, mgmt, len, gfp); } +/** + * cfg80211_gen_new_bssid - generate a nontransmitted BSSID for multi-BSSID + * @bssid: transmitter BSSID + * @max_bssid: max BSSID indicator, taken from Multiple BSSID element + * @mbssid_index: BSSID index, taken from Multiple BSSID index element + * @new_bssid_addr: address of the resulting BSSID + */ +static inline void cfg80211_gen_new_bssid(const u8 *bssid, u8 max_bssid, + u8 mbssid_index, u8 *new_bssid_addr) +{ + u64 bssid_tmp, new_bssid; + u64 lsb_n; + + bssid_tmp = ether_addr_to_u64(bssid); + + lsb_n = bssid_tmp & ((1 << max_bssid) - 1); + new_bssid = bssid_tmp; + new_bssid &= ~((1 << max_bssid) - 1); + new_bssid |= (lsb_n + mbssid_index) % (1 << max_bssid); + + u64_to_ether_addr(new_bssid, new_bssid_addr); +} + /** * enum cfg80211_bss_frame_type - frame type that the BSS data came from * @CFG80211_BSS_FTYPE_UNKNOWN: driver doesn't know whether the data is diff --git a/net/wireless/scan.c b/net/wireless/scan.c index ab0f0178ee0e..f1b06e9c1038 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -179,22 +179,6 @@ static bool __cfg80211_unlink_bss(struct cfg80211_registered_device *rdev, return true; } -static void cfg80211_gen_new_bssid(const u8 *bssid, u8 max_bssid, - u8 mbssid_index, u8 *new_bssid_addr) -{ - u64 bssid_tmp, new_bssid = 0; - u64 lsb_n; - - bssid_tmp = ether_addr_to_u64(bssid); - - lsb_n = bssid_tmp & ((1 << max_bssid) - 1); - new_bssid = bssid_tmp; - new_bssid &= ~((1 << max_bssid) - 1); - new_bssid |= (lsb_n + mbssid_index) % (1 << max_bssid); - - u64_to_ether_addr(new_bssid, new_bssid_addr); -} - static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, const u8 *subelement, size_t subie_len, u8 *new_ie, gfp_t gfp) From 49a68e0d88890060a2b9b6c6ad1ec53eb50abccf Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 7 Feb 2019 23:26:38 +0100 Subject: [PATCH 12/38] cfg80211: add various struct element finding helpers We currently have a number of helpers to find elements that just return a u8 *, change those to return a struct element and add inlines to deal with the u8 * compatibility. Note that the match behaviour is changed to start the natch at the data, so conversion from _ie_match to _elem_match need to be done carefully. Signed-off-by: Johannes Berg --- include/net/cfg80211.h | 137 ++++++++++++++++++++++++++++++++++++++--- net/wireless/scan.c | 39 +++++------- net/wireless/util.c | 6 +- 3 files changed, 149 insertions(+), 33 deletions(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 7f2739a90bdb..c077de7fbd8a 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -2063,15 +2063,29 @@ struct cfg80211_bss { }; /** - * ieee80211_bss_get_ie - find IE with given ID + * ieee80211_bss_get_elem - find element with given ID * @bss: the bss to search - * @ie: the IE ID + * @id: the element ID * * Note that the return value is an RCU-protected pointer, so * rcu_read_lock() must be held when calling this function. * Return: %NULL if not found. */ -const u8 *ieee80211_bss_get_ie(struct cfg80211_bss *bss, u8 ie); +const struct element *ieee80211_bss_get_elem(struct cfg80211_bss *bss, u8 id); + +/** + * ieee80211_bss_get_ie - find IE with given ID + * @bss: the bss to search + * @id: the element ID + * + * Note that the return value is an RCU-protected pointer, so + * rcu_read_lock() must be held when calling this function. + * Return: %NULL if not found. + */ +static inline const u8 *ieee80211_bss_get_ie(struct cfg80211_bss *bss, u8 id) +{ + return (void *)ieee80211_bss_get_elem(bss, id); +} /** @@ -4999,6 +5013,33 @@ void ieee80211_amsdu_to_8023s(struct sk_buff *skb, struct sk_buff_head *list, unsigned int cfg80211_classify8021d(struct sk_buff *skb, struct cfg80211_qos_map *qos_map); +/** + * cfg80211_find_elem_match - match information element and byte array in data + * + * @eid: element ID + * @ies: data consisting of IEs + * @len: length of data + * @match: byte array to match + * @match_len: number of bytes in the match array + * @match_offset: offset in the IE data where the byte array should match. + * Note the difference to cfg80211_find_ie_match() which considers + * the offset to start from the element ID byte, but here we take + * the data portion instead. + * + * Return: %NULL if the element ID could not be found or if + * the element is invalid (claims to be longer than the given + * data) or if the byte array doesn't match; otherwise return the + * requested element struct. + * + * Note: There are no checks on the element length other than + * having to fit into the given data and being large enough for the + * byte array to match. + */ +const struct element * +cfg80211_find_elem_match(u8 eid, const u8 *ies, unsigned int len, + const u8 *match, unsigned int match_len, + unsigned int match_offset); + /** * cfg80211_find_ie_match - match information element and byte array in data * @@ -5023,9 +5064,44 @@ unsigned int cfg80211_classify8021d(struct sk_buff *skb, * having to fit into the given data and being large enough for the * byte array to match. */ -const u8 *cfg80211_find_ie_match(u8 eid, const u8 *ies, int len, - const u8 *match, int match_len, - int match_offset); +static inline const u8 * +cfg80211_find_ie_match(u8 eid, const u8 *ies, unsigned int len, + const u8 *match, unsigned int match_len, + unsigned int match_offset) +{ + /* match_offset can't be smaller than 2, unless match_len is + * zero, in which case match_offset must be zero as well. + */ + if (WARN_ON((match_len && match_offset < 2) || + (!match_len && match_offset))) + return NULL; + + return (void *)cfg80211_find_elem_match(eid, ies, len, + match, match_len, + match_offset ? + match_offset - 2 : 0); +} + +/** + * cfg80211_find_elem - find information element in data + * + * @eid: element ID + * @ies: data consisting of IEs + * @len: length of data + * + * Return: %NULL if the element ID could not be found or if + * the element is invalid (claims to be longer than the given + * data) or if the byte array doesn't match; otherwise return the + * requested element struct. + * + * Note: There are no checks on the element length other than + * having to fit into the given data. + */ +static inline const struct element * +cfg80211_find_elem(u8 eid, const u8 *ies, int len) +{ + return cfg80211_find_elem_match(eid, ies, len, NULL, 0, 0); +} /** * cfg80211_find_ie - find information element in data @@ -5047,6 +5123,28 @@ static inline const u8 *cfg80211_find_ie(u8 eid, const u8 *ies, int len) return cfg80211_find_ie_match(eid, ies, len, NULL, 0, 0); } +/** + * cfg80211_find_ext_elem - find information element with EID Extension in data + * + * @ext_eid: element ID Extension + * @ies: data consisting of IEs + * @len: length of data + * + * Return: %NULL if the etended element could not be found or if + * the element is invalid (claims to be longer than the given + * data) or if the byte array doesn't match; otherwise return the + * requested element struct. + * + * Note: There are no checks on the element length other than + * having to fit into the given data. + */ +static inline const struct element * +cfg80211_find_ext_elem(u8 ext_eid, const u8 *ies, int len) +{ + return cfg80211_find_elem_match(WLAN_EID_EXTENSION, ies, len, + &ext_eid, 1, 0); +} + /** * cfg80211_find_ext_ie - find information element with EID Extension in data * @@ -5068,6 +5166,25 @@ static inline const u8 *cfg80211_find_ext_ie(u8 ext_eid, const u8 *ies, int len) &ext_eid, 1, 2); } +/** + * cfg80211_find_vendor_elem - find vendor specific information element in data + * + * @oui: vendor OUI + * @oui_type: vendor-specific OUI type (must be < 0xff), negative means any + * @ies: data consisting of IEs + * @len: length of data + * + * Return: %NULL if the vendor specific element ID could not be found or if the + * element is invalid (claims to be longer than the given data); otherwise + * return the element structure for the requested element. + * + * Note: There are no checks on the element length other than having to fit into + * the given data. + */ +const struct element *cfg80211_find_vendor_elem(unsigned int oui, int oui_type, + const u8 *ies, + unsigned int len); + /** * cfg80211_find_vendor_ie - find vendor specific information element in data * @@ -5084,8 +5201,12 @@ static inline const u8 *cfg80211_find_ext_ie(u8 ext_eid, const u8 *ies, int len) * Note: There are no checks on the element length other than having to fit into * the given data. */ -const u8 *cfg80211_find_vendor_ie(unsigned int oui, int oui_type, - const u8 *ies, int len); +static inline const u8 * +cfg80211_find_vendor_ie(unsigned int oui, int oui_type, + const u8 *ies, unsigned int len) +{ + return (void *)cfg80211_find_vendor_elem(oui, oui_type, ies, len); +} /** * cfg80211_send_layer2_update - send layer 2 update frame diff --git a/net/wireless/scan.c b/net/wireless/scan.c index c7f64bb9c581..d2c9ca5f4f57 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -480,48 +480,43 @@ void cfg80211_bss_expire(struct cfg80211_registered_device *rdev) __cfg80211_bss_expire(rdev, jiffies - IEEE80211_SCAN_RESULT_EXPIRE); } -const u8 *cfg80211_find_ie_match(u8 eid, const u8 *ies, int len, - const u8 *match, int match_len, - int match_offset) +const struct element * +cfg80211_find_elem_match(u8 eid, const u8 *ies, unsigned int len, + const u8 *match, unsigned int match_len, + unsigned int match_offset) { const struct element *elem; - /* match_offset can't be smaller than 2, unless match_len is - * zero, in which case match_offset must be zero as well. - */ - if (WARN_ON((match_len && match_offset < 2) || - (!match_len && match_offset))) - return NULL; - for_each_element_id(elem, eid, ies, len) { - if (elem->datalen >= match_offset - 2 + match_len && - !memcmp(elem->data + match_offset - 2, match, match_len)) - return (void *)elem; + if (elem->datalen >= match_offset + match_len && + !memcmp(elem->data + match_offset, match, match_len)) + return elem; } return NULL; } -EXPORT_SYMBOL(cfg80211_find_ie_match); +EXPORT_SYMBOL(cfg80211_find_elem_match); -const u8 *cfg80211_find_vendor_ie(unsigned int oui, int oui_type, - const u8 *ies, int len) +const struct element *cfg80211_find_vendor_elem(unsigned int oui, int oui_type, + const u8 *ies, + unsigned int len) { - const u8 *ie; + const struct element *elem; u8 match[] = { oui >> 16, oui >> 8, oui, oui_type }; int match_len = (oui_type < 0) ? 3 : sizeof(match); if (WARN_ON(oui_type > 0xff)) return NULL; - ie = cfg80211_find_ie_match(WLAN_EID_VENDOR_SPECIFIC, ies, len, - match, match_len, 2); + elem = cfg80211_find_elem_match(WLAN_EID_VENDOR_SPECIFIC, ies, len, + match, match_len, 0); - if (ie && (ie[1] < 4)) + if (!elem || elem->datalen < 4) return NULL; - return ie; + return elem; } -EXPORT_SYMBOL(cfg80211_find_vendor_ie); +EXPORT_SYMBOL(cfg80211_find_vendor_elem); static bool is_bss(struct cfg80211_bss *a, const u8 *bssid, const u8 *ssid, size_t ssid_len) diff --git a/net/wireless/util.c b/net/wireless/util.c index cd48cdd582c0..61fa33d0019e 100644 --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -776,7 +776,7 @@ unsigned int cfg80211_classify8021d(struct sk_buff *skb, } EXPORT_SYMBOL(cfg80211_classify8021d); -const u8 *ieee80211_bss_get_ie(struct cfg80211_bss *bss, u8 ie) +const struct element *ieee80211_bss_get_elem(struct cfg80211_bss *bss, u8 id) { const struct cfg80211_bss_ies *ies; @@ -784,9 +784,9 @@ const u8 *ieee80211_bss_get_ie(struct cfg80211_bss *bss, u8 ie) if (!ies) return NULL; - return cfg80211_find_ie(ie, ies->data, ies->len); + return cfg80211_find_elem(id, ies->data, ies->len); } -EXPORT_SYMBOL(ieee80211_bss_get_ie); +EXPORT_SYMBOL(ieee80211_bss_get_elem); void cfg80211_upload_connect_keys(struct wireless_dev *wdev) { From 0cd01efb03396c5368b1a32eed0ccb2aa453bdc8 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Tue, 22 Jan 2019 09:50:50 +0200 Subject: [PATCH 13/38] cfg80211: save multi-bssid properties When the new IEs are generated, the multiple BSSID elements are not saved. Save aside properties that are needed later for PS. Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg --- include/net/cfg80211.h | 5 +++ net/wireless/scan.c | 69 +++++++++++++++++++++++++++++------------- 2 files changed, 53 insertions(+), 21 deletions(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index c33ebc41d797..76efdc3a2200 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -2038,6 +2038,8 @@ struct cfg80211_bss_ies { * @signal: signal strength value (type depends on the wiphy's signal_type) * @chains: bitmask for filled values in @chain_signal. * @chain_signal: per-chain signal strength of last received BSS in dBm. + * @bssid_index: index in the multiple BSS set + * @max_bssid_indicator: max number of members in the BSS set * @priv: private area for driver use, has at least wiphy->bss_priv_size bytes */ struct cfg80211_bss { @@ -2061,6 +2063,9 @@ struct cfg80211_bss { u8 chains; s8 chain_signal[IEEE80211_MAX_CHAINS]; + u8 bssid_index; + u8 max_bssid_indicator; + u8 priv[0] __aligned(sizeof(void *)); }; diff --git a/net/wireless/scan.c b/net/wireless/scan.c index f1b06e9c1038..387e5f868684 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -1022,11 +1022,16 @@ static bool cfg80211_combine_bsses(struct cfg80211_registered_device *rdev, return true; } +struct cfg80211_non_tx_bss { + struct cfg80211_bss *tx_bss; + u8 max_bssid_indicator; + u8 bssid_index; +}; + /* Returned bss is reference counted and must be cleaned up appropriately. */ static struct cfg80211_internal_bss * cfg80211_bss_update(struct cfg80211_registered_device *rdev, struct cfg80211_internal_bss *tmp, - struct cfg80211_bss *trans_bss, bool signal_valid) { struct cfg80211_internal_bss *found = NULL; @@ -1126,6 +1131,8 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev, memcpy(found->pub.chain_signal, tmp->pub.chain_signal, IEEE80211_MAX_CHAINS); ether_addr_copy(found->parent_bssid, tmp->parent_bssid); + found->pub.max_bssid_indicator = tmp->pub.max_bssid_indicator; + found->pub.bssid_index = tmp->pub.bssid_index; } else { struct cfg80211_internal_bss *new; struct cfg80211_internal_bss *hidden; @@ -1185,13 +1192,13 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev, } /* This must be before the call to bss_ref_get */ - if (trans_bss) { + if (tmp->pub.transmitted_bss) { struct cfg80211_internal_bss *pbss = - container_of(trans_bss, + container_of(tmp->pub.transmitted_bss, struct cfg80211_internal_bss, pub); - new->pub.transmitted_bss = trans_bss; + new->pub.transmitted_bss = tmp->pub.transmitted_bss; bss_ref_get(rdev, pbss); } @@ -1289,7 +1296,7 @@ cfg80211_inform_single_bss_data(struct wiphy *wiphy, enum cfg80211_bss_frame_type ftype, const u8 *bssid, u64 tsf, u16 capability, u16 beacon_interval, const u8 *ie, size_t ielen, - struct cfg80211_bss *trans_bss, + struct cfg80211_non_tx_bss *non_tx_data, gfp_t gfp) { struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); @@ -1318,6 +1325,11 @@ cfg80211_inform_single_bss_data(struct wiphy *wiphy, tmp.pub.beacon_interval = beacon_interval; tmp.pub.capability = capability; tmp.ts_boottime = data->boottime_ns; + if (non_tx_data) { + tmp.pub.transmitted_bss = non_tx_data->tx_bss; + tmp.pub.bssid_index = non_tx_data->bssid_index; + tmp.pub.max_bssid_indicator = non_tx_data->max_bssid_indicator; + } /* * If we do not know here whether the IEs are from a Beacon or Probe @@ -1350,8 +1362,7 @@ cfg80211_inform_single_bss_data(struct wiphy *wiphy, signal_valid = abs(data->chan->center_freq - channel->center_freq) <= wiphy->max_adj_channel_rssi_comp; - res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, trans_bss, - signal_valid); + res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid); if (!res) return NULL; @@ -1365,11 +1376,12 @@ cfg80211_inform_single_bss_data(struct wiphy *wiphy, regulatory_hint_found_beacon(wiphy, channel, gfp); } - if (trans_bss) { + if (non_tx_data && non_tx_data->tx_bss) { /* this is a nontransmitting bss, we need to add it to * transmitting bss' list if it is not there */ - if (cfg80211_add_nontrans_list(trans_bss, &res->pub)) { + if (cfg80211_add_nontrans_list(non_tx_data->tx_bss, + &res->pub)) { if (__cfg80211_unlink_bss(rdev, res)) rdev->bss_generation++; } @@ -1386,7 +1398,7 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy, const u8 *bssid, u64 tsf, u16 beacon_interval, const u8 *ie, size_t ielen, - struct cfg80211_bss *trans_bss, + struct cfg80211_non_tx_bss *non_tx_data, gfp_t gfp) { const u8 *mbssid_index_ie; @@ -1397,7 +1409,7 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy, u16 capability; struct cfg80211_bss *bss; - if (!trans_bss) + if (!non_tx_data) return; if (!cfg80211_find_ie(WLAN_EID_MULTIPLE_BSSID, ie, ielen)) return; @@ -1439,8 +1451,12 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy, continue; } - cfg80211_gen_new_bssid(bssid, elem->data[0], - mbssid_index_ie[2], + non_tx_data->bssid_index = mbssid_index_ie[2]; + non_tx_data->max_bssid_indicator = elem->data[0]; + + cfg80211_gen_new_bssid(bssid, + non_tx_data->max_bssid_indicator, + non_tx_data->bssid_index, new_bssid); memset(new_ie, 0, IEEE80211_MAX_DATA_LEN); new_ie_len = cfg80211_gen_new_ie(ie, ielen, sub->data, @@ -1457,7 +1473,8 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy, beacon_interval, new_ie, new_ie_len, - trans_bss, gfp); + non_tx_data, + gfp); if (!bss) break; cfg80211_put_bss(wiphy, bss); @@ -1476,12 +1493,15 @@ cfg80211_inform_bss_data(struct wiphy *wiphy, gfp_t gfp) { struct cfg80211_bss *res; + struct cfg80211_non_tx_bss non_tx_data; res = cfg80211_inform_single_bss_data(wiphy, data, ftype, bssid, tsf, capability, beacon_interval, ie, ielen, NULL, gfp); + non_tx_data.tx_bss = res; cfg80211_parse_mbssid_data(wiphy, data, ftype, bssid, tsf, - beacon_interval, ie, ielen, res, gfp); + beacon_interval, ie, ielen, &non_tx_data, + gfp); return res; } EXPORT_SYMBOL(cfg80211_inform_bss_data); @@ -1490,7 +1510,7 @@ static void cfg80211_parse_mbssid_frame_data(struct wiphy *wiphy, struct cfg80211_inform_bss *data, struct ieee80211_mgmt *mgmt, size_t len, - struct cfg80211_bss *trans_bss, + struct cfg80211_non_tx_bss *non_tx_data, gfp_t gfp) { enum cfg80211_bss_frame_type ftype; @@ -1504,7 +1524,7 @@ cfg80211_parse_mbssid_frame_data(struct wiphy *wiphy, cfg80211_parse_mbssid_data(wiphy, data, ftype, mgmt->bssid, le64_to_cpu(mgmt->u.probe_resp.timestamp), le16_to_cpu(mgmt->u.probe_resp.beacon_int), - ie, ielen, trans_bss, gfp); + ie, ielen, non_tx_data, gfp); } static void @@ -1594,7 +1614,7 @@ static struct cfg80211_bss * cfg80211_inform_single_bss_frame_data(struct wiphy *wiphy, struct cfg80211_inform_bss *data, struct ieee80211_mgmt *mgmt, size_t len, - struct cfg80211_bss *trans_bss, + struct cfg80211_non_tx_bss *non_tx_data, gfp_t gfp) { struct cfg80211_internal_bss tmp = {}, *res; @@ -1653,11 +1673,15 @@ cfg80211_inform_single_bss_frame_data(struct wiphy *wiphy, tmp.pub.chains = data->chains; memcpy(tmp.pub.chain_signal, data->chain_signal, IEEE80211_MAX_CHAINS); ether_addr_copy(tmp.parent_bssid, data->parent_bssid); + if (non_tx_data) { + tmp.pub.transmitted_bss = non_tx_data->tx_bss; + tmp.pub.bssid_index = non_tx_data->bssid_index; + tmp.pub.max_bssid_indicator = non_tx_data->max_bssid_indicator; + } signal_valid = abs(data->chan->center_freq - channel->center_freq) <= wiphy->max_adj_channel_rssi_comp; - res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, trans_bss, - signal_valid); + res = cfg80211_bss_update(wiphy_to_rdev(wiphy), &tmp, signal_valid); if (!res) return NULL; @@ -1687,6 +1711,7 @@ cfg80211_inform_bss_frame_data(struct wiphy *wiphy, const struct cfg80211_bss_ies *ies1, *ies2; size_t ielen = len - offsetof(struct ieee80211_mgmt, u.probe_resp.variable); + struct cfg80211_non_tx_bss non_tx_data; res = cfg80211_inform_single_bss_frame_data(wiphy, data, mgmt, len, NULL, gfp); @@ -1697,8 +1722,10 @@ cfg80211_inform_bss_frame_data(struct wiphy *wiphy, !cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ie, ielen)) return res; + non_tx_data.tx_bss = res; /* process each non-transmitting bss */ - cfg80211_parse_mbssid_frame_data(wiphy, data, mgmt, len, res, gfp); + cfg80211_parse_mbssid_frame_data(wiphy, data, mgmt, len, + &non_tx_data, gfp); /* check if the res has other nontransmitting bss which is not * in MBSSID IE From 9f308616b6176b6dc470e6eb3569a09b100a823a Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 7 Feb 2019 23:39:19 +0100 Subject: [PATCH 14/38] nl80211: use for_each_element() in validate_ie_attr() This makes for much simpler code, simply walk through all the elements and check that the last one found ends with the end of the data. This works because if any element is malformed the walk is aborted, we end up with a mismatch. Signed-off-by: Johannes Berg --- net/wireless/nl80211.c | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index a3cc039b9f55..5d85f6032f84 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -203,29 +203,17 @@ cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info) static int validate_ie_attr(const struct nlattr *attr, struct netlink_ext_ack *extack) { - const u8 *pos; - int len; + const u8 *data = nla_data(attr); + unsigned int len = nla_len(attr); + struct element *elem; - pos = nla_data(attr); - len = nla_len(attr); - - while (len) { - u8 elemlen; - - if (len < 2) - goto error; - len -= 2; - - elemlen = pos[1]; - if (elemlen > len) - goto error; - - len -= elemlen; - pos += 2 + elemlen; + for_each_element(elem, data, len) { + /* nothing */ } - return 0; -error: + if (for_each_element_completed(elem, data, len)) + return 0; + NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements"); return -EINVAL; } From 78ac51f81532c1e361a31ac112c1fea470ea9036 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Wed, 16 Jan 2019 18:22:56 +0200 Subject: [PATCH 15/38] mac80211: support multi-bssid Add support for multi-bssid. This includes: - Parsing multi-bssid element - Overriding DTIM values - Taking into account in various places the inner BSSID instead of transmitter BSSID - Save aside some multi-bssid properties needed by drivers Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg --- include/linux/ieee80211.h | 34 +++++++++- include/net/mac80211.h | 15 +++++ net/mac80211/ieee80211_i.h | 7 +++ net/mac80211/mlme.c | 125 ++++++++++++++++++++++++++----------- net/mac80211/scan.c | 11 +++- net/mac80211/util.c | 111 +++++++++++++++++++++++++++++--- 6 files changed, 255 insertions(+), 48 deletions(-) diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index 4e3a4e293348..7479f0bd50e1 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -8,7 +8,7 @@ * Copyright (c) 2006, Michael Wu * Copyright (c) 2013 - 2014 Intel Mobile Communications GmbH * Copyright (c) 2016 - 2017 Intel Deutschland GmbH - * Copyright (c) 2018 Intel Corporation + * Copyright (c) 2018 - 2019 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -2475,6 +2475,7 @@ enum ieee80211_eid_ext { WLAN_EID_EXT_HE_OPERATION = 36, WLAN_EID_EXT_UORA = 37, WLAN_EID_EXT_HE_MU_EDCA = 38, + WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION = 55, }; /* Action category code */ @@ -2691,6 +2692,9 @@ enum ieee80211_tdls_actioncode { #define WLAN_EXT_CAPA10_TWT_REQUESTER_SUPPORT BIT(5) #define WLAN_EXT_CAPA10_TWT_RESPONDER_SUPPORT BIT(6) +/* Defines support for enhanced multi-bssid advertisement*/ +#define WLAN_EXT_CAPA11_EMA_SUPPORT BIT(1) + /* TDLS specific payload type in the LLC/SNAP header */ #define WLAN_TDLS_SNAP_RFTYPE 0x2 @@ -2882,6 +2886,34 @@ enum ieee80211_sa_query_action { WLAN_ACTION_SA_QUERY_RESPONSE = 1, }; +/** + * struct ieee80211_bssid_index + * + * This structure refers to "Multiple BSSID-index element" + * + * @bssid_index: BSSID index + * @dtim_period: optional, overrides transmitted BSS dtim period + * @dtim_count: optional, overrides transmitted BSS dtim count + */ +struct ieee80211_bssid_index { + u8 bssid_index; + u8 dtim_period; + u8 dtim_count; +}; + +/** + * struct ieee80211_multiple_bssid_configuration + * + * This structure refers to "Multiple BSSID Configuration element" + * + * @bssid_count: total number of active BSSIDs in the set + * @profile_periodicity: the least number of beacon frames need to be received + * in order to discover all the nontransmitted BSSIDs in the set. + */ +struct ieee80211_multiple_bssid_configuration { + u8 bssid_count; + u8 profile_periodicity; +}; #define SUITE(oui, id) (((oui) << 8) | (id)) diff --git a/include/net/mac80211.h b/include/net/mac80211.h index de866a7253c9..b0e364f50285 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -591,6 +591,14 @@ struct ieee80211_ftm_responder_params { * @ftm_responder: whether to enable or disable fine timing measurement FTM * responder functionality. * @ftmr_params: configurable lci/civic parameter when enabling FTM responder. + * @nontransmitted: this BSS is a nontransmitted BSS profile + * @transmitter_bssid: the address of transmitter AP + * @bssid_index: index inside the multiple BSSID set + * @bssid_indicator: 2^bssid_indicator is the maximum number of APs in set + * @ema_ap: AP supports enhancements of discovery and advertisement of + * nontransmitted BSSIDs + * @profile_periodicity: the least number of beacon frames need to be received + * in order to discover all the nontransmitted BSSIDs in the set. */ struct ieee80211_bss_conf { const u8 *bssid; @@ -644,6 +652,13 @@ struct ieee80211_bss_conf { bool protected_keep_alive; bool ftm_responder; struct ieee80211_ftm_responder_params *ftmr_params; + /* Multiple BSSID data */ + bool nontransmitted; + u8 transmitter_bssid[ETH_ALEN]; + u8 bssid_index; + u8 bssid_indicator; + bool ema_ap; + u8 profile_periodicity; }; /** diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index cc3f833db022..5795eef98771 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -1495,6 +1495,12 @@ struct ieee802_11_elems { const struct ieee80211_sec_chan_offs_ie *sec_chan_offs; struct ieee80211_mesh_chansw_params_ie *mesh_chansw_params_ie; const struct ieee80211_bss_max_idle_period_ie *max_idle_period_ie; + const struct ieee80211_multiple_bssid_configuration *mbssid_config_ie; + const struct ieee80211_bssid_index *bssid_index; + const u8 *nontransmitted_bssid_profile; + u8 max_bssid_indicator; + u8 dtim_count; + u8 dtim_period; /* length of them, respectively */ u8 ext_capab_len; @@ -1513,6 +1519,7 @@ struct ieee802_11_elems { u8 prep_len; u8 perr_len; u8 country_elem_len; + u8 bssid_index_len; /* whether a parse error occurred while retrieving these elements */ bool parse_error; diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 1f41f760bd22..64b6ddb67456 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -3308,6 +3308,14 @@ static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata, /* TODO: OPEN: what happens if BSS color disable is set? */ } + if (cbss->transmitted_bss) { + bss_conf->nontransmitted = true; + ether_addr_copy(bss_conf->transmitter_bssid, + cbss->transmitted_bss->bssid); + bss_conf->bssid_indicator = cbss->max_bssid_indicator; + bss_conf->bssid_index = cbss->bssid_index; + } + /* * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data * in their association response, so ignore that data for our own @@ -3692,6 +3700,16 @@ static void ieee80211_handle_beacon_sig(struct ieee80211_sub_if_data *sdata, } } +static bool ieee80211_rx_our_beacon(const u8 *tx_bssid, + struct cfg80211_bss *bss) +{ + if (ether_addr_equal(tx_bssid, bss->bssid)) + return true; + if (!bss->transmitted_bss) + return false; + return ether_addr_equal(tx_bssid, bss->transmitted_bss->bssid); +} + static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, struct ieee80211_mgmt *mgmt, size_t len, struct ieee80211_rx_status *rx_status) @@ -3733,17 +3751,16 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, rcu_read_unlock(); if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && - ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { + ieee80211_rx_our_beacon(mgmt->bssid, ifmgd->assoc_data->bss)) { ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, false, &elems, mgmt->bssid, ifmgd->assoc_data->bss->bssid); ieee80211_rx_bss_info(sdata, mgmt, len, rx_status); - if (elems.tim && !elems.parse_error) { - const struct ieee80211_tim_ie *tim_ie = elems.tim; - ifmgd->dtim_period = tim_ie->dtim_period; - } + + if (elems.dtim_period) + ifmgd->dtim_period = elems.dtim_period; ifmgd->have_beacon = true; ifmgd->assoc_data->need_beacon = false; if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) { @@ -3751,12 +3768,17 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, le64_to_cpu(mgmt->u.beacon.timestamp); sdata->vif.bss_conf.sync_device_ts = rx_status->device_timestamp; - if (elems.tim) - sdata->vif.bss_conf.sync_dtim_count = - elems.tim->dtim_count; - else - sdata->vif.bss_conf.sync_dtim_count = 0; + sdata->vif.bss_conf.sync_dtim_count = elems.dtim_count; } + + if (elems.mbssid_config_ie) + bss_conf->profile_periodicity = + elems.mbssid_config_ie->profile_periodicity; + + if (elems.ext_capab_len >= 11 && + (elems.ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT)) + bss_conf->ema_ap = true; + /* continue assoc process */ ifmgd->assoc_data->timeout = jiffies; ifmgd->assoc_data->timeout_started = true; @@ -3765,7 +3787,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, } if (!ifmgd->associated || - !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) + !ieee80211_rx_our_beacon(mgmt->bssid, ifmgd->associated)) return; bssid = ifmgd->associated->bssid; @@ -3861,11 +3883,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, le64_to_cpu(mgmt->u.beacon.timestamp); sdata->vif.bss_conf.sync_device_ts = rx_status->device_timestamp; - if (elems.tim) - sdata->vif.bss_conf.sync_dtim_count = - elems.tim->dtim_count; - else - sdata->vif.bss_conf.sync_dtim_count = 0; + sdata->vif.bss_conf.sync_dtim_count = elems.dtim_count; } if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) @@ -3891,10 +3909,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, */ if (!ifmgd->have_beacon) { /* a few bogus AP send dtim_period = 0 or no TIM IE */ - if (elems.tim) - bss_conf->dtim_period = elems.tim->dtim_period ?: 1; - else - bss_conf->dtim_period = 1; + bss_conf->dtim_period = elems.dtim_period ?: 1; changed |= BSS_CHANGED_BEACON_INFO; ifmgd->have_beacon = true; @@ -4761,6 +4776,40 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, return ret; } +static bool ieee80211_get_dtim(const struct cfg80211_bss_ies *ies, + u8 *dtim_count, u8 *dtim_period) +{ + const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len); + const u8 *idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, ies->data, + ies->len); + const struct ieee80211_tim_ie *tim = NULL; + const struct ieee80211_bssid_index *idx; + bool valid = tim_ie && tim_ie[1] >= 2; + + if (valid) + tim = (void *)(tim_ie + 2); + + if (dtim_count) + *dtim_count = valid ? tim->dtim_count : 0; + + if (dtim_period) + *dtim_period = valid ? tim->dtim_period : 0; + + /* Check if value is overridden by non-transmitted profile */ + if (!idx_ie || idx_ie[1] < 3) + return valid; + + idx = (void *)(idx_ie + 2); + + if (dtim_count) + *dtim_count = idx->dtim_count; + + if (dtim_period) + *dtim_period = idx->dtim_period; + + return true; +} + static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, struct cfg80211_bss *cbss, bool assoc, bool override) @@ -4852,17 +4901,13 @@ static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, rcu_read_lock(); ies = rcu_dereference(cbss->beacon_ies); if (ies) { - const u8 *tim_ie; - sdata->vif.bss_conf.sync_tsf = ies->tsf; sdata->vif.bss_conf.sync_device_ts = bss->device_ts_beacon; - tim_ie = cfg80211_find_ie(WLAN_EID_TIM, - ies->data, ies->len); - if (tim_ie && tim_ie[1] >= 2) - sdata->vif.bss_conf.sync_dtim_count = tim_ie[2]; - else - sdata->vif.bss_conf.sync_dtim_count = 0; + + ieee80211_get_dtim(ies, + &sdata->vif.bss_conf.sync_dtim_count, + NULL); } else if (!ieee80211_hw_check(&sdata->local->hw, TIMING_BEACON_ONLY)) { ies = rcu_dereference(cbss->proberesp_ies); @@ -5332,17 +5377,12 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, assoc_data->timeout_started = true; assoc_data->need_beacon = true; } else if (beacon_ies) { - const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM, - beacon_ies->data, - beacon_ies->len); + const u8 *ie; u8 dtim_count = 0; - if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) { - const struct ieee80211_tim_ie *tim; - tim = (void *)(tim_ie + 2); - ifmgd->dtim_period = tim->dtim_period; - dtim_count = tim->dtim_count; - } + ieee80211_get_dtim(beacon_ies, &dtim_count, + &ifmgd->dtim_period); + ifmgd->have_beacon = true; assoc_data->timeout = jiffies; assoc_data->timeout_started = true; @@ -5353,6 +5393,17 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, bss->device_ts_beacon; sdata->vif.bss_conf.sync_dtim_count = dtim_count; } + + ie = cfg80211_find_ext_ie(WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION, + beacon_ies->data, beacon_ies->len); + if (ie && ie[1] >= 3) + sdata->vif.bss_conf.profile_periodicity = ie[4]; + + ie = cfg80211_find_ie(WLAN_EID_EXT_CAPABILITY, + beacon_ies->data, beacon_ies->len); + if (ie && ie[1] >= 11 && + (ie[10] & WLAN_EXT_CAPA11_EMA_SUPPORT)) + sdata->vif.bss_conf.ema_ap = true; } else { assoc_data->timeout = jiffies; assoc_data->timeout_started = true; diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 20211cbc63f4..0cf066700623 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -144,8 +144,8 @@ ieee80211_bss_info_update(struct ieee80211_local *local, struct ieee80211_channel *channel) { bool beacon = ieee80211_is_beacon(mgmt->frame_control); - struct cfg80211_bss *cbss; - struct ieee80211_bss *bss; + struct cfg80211_bss *cbss, *non_tx_cbss; + struct ieee80211_bss *bss, *non_tx_bss; struct cfg80211_inform_bss bss_meta = { .boottime_ns = rx_status->boottime_ns, }; @@ -212,6 +212,13 @@ ieee80211_bss_info_update(struct ieee80211_local *local, bss = (void *)cbss->priv; ieee80211_update_bss_from_elems(local, bss, &elems, rx_status, beacon); + list_for_each_entry(non_tx_cbss, &cbss->nontrans_list, nontrans_list) { + non_tx_bss = (void *)non_tx_cbss->priv; + + ieee80211_update_bss_from_elems(local, non_tx_bss, &elems, + rx_status, beacon); + } + return bss; } diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 77882ca327de..8349c91250ef 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -891,20 +891,18 @@ void ieee80211_queue_delayed_work(struct ieee80211_hw *hw, } EXPORT_SYMBOL(ieee80211_queue_delayed_work); -u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, - struct ieee802_11_elems *elems, - u64 filter, u32 crc, u8 *transmitter_bssid, - u8 *bss_bssid) +static u32 +_ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, + struct ieee802_11_elems *elems, + u64 filter, u32 crc, u8 *transmitter_bssid, + u8 *bss_bssid) { - struct element *elem; + const struct element *elem, *sub; bool calc_crc = filter != 0; DECLARE_BITMAP(seen_elems, 256); const u8 *ie; bitmap_zero(seen_elems, 256); - memset(elems, 0, sizeof(*elems)); - elems->ie_start = start; - elems->total_len = len; for_each_element(elem, start, len) { bool elem_parse_failed; @@ -1210,6 +1208,57 @@ u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, if (elen >= sizeof(*elems->max_idle_period_ie)) elems->max_idle_period_ie = (void *)pos; break; + case WLAN_EID_MULTIPLE_BSSID: + if (!bss_bssid || !transmitter_bssid || elen < 4) + break; + + elems->max_bssid_indicator = pos[0]; + + for_each_element(sub, pos + 1, elen - 1) { + u8 sub_len = sub->datalen; + u8 new_bssid[ETH_ALEN]; + const u8 *index; + + /* + * we only expect the "non-transmitted BSSID + * profile" subelement (subelement id 0) + */ + if (sub->id != 0 || sub->datalen < 4) { + /* not a valid BSS profile */ + continue; + } + + if (sub->data[0] != WLAN_EID_NON_TX_BSSID_CAP || + sub->data[1] != 2) { + /* The first element of the + * Nontransmitted BSSID Profile is not + * the Nontransmitted BSSID Capability + * element. + */ + continue; + } + + /* found a Nontransmitted BSSID Profile */ + index = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX, + sub->data, sub_len); + if (!index || index[1] < 1 || index[2] == 0) { + /* Invalid MBSSID Index element */ + continue; + } + + cfg80211_gen_new_bssid(transmitter_bssid, + pos[0], + index[2], + new_bssid); + if (ether_addr_equal(new_bssid, bss_bssid)) { + elems->nontransmitted_bssid_profile = + (void *)sub; + elems->bssid_index_len = index[1]; + elems->bssid_index = (void *)&index[2]; + break; + } + } + break; case WLAN_EID_EXTENSION: if (pos[0] == WLAN_EID_EXT_HE_MU_EDCA && elen >= (sizeof(*elems->mu_edca_param_set) + 1)) { @@ -1225,6 +1274,10 @@ u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, elems->he_operation = (void *)&pos[1]; } else if (pos[0] == WLAN_EID_EXT_UORA && elen >= 1) { elems->uora_element = (void *)&pos[1]; + } else if (pos[0] == + WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION && + elen == 3) { + elems->mbssid_config_ie = (void *)&pos[1]; } break; default: @@ -1243,6 +1296,48 @@ u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, return crc; } +u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, + struct ieee802_11_elems *elems, + u64 filter, u32 crc, u8 *transmitter_bssid, + u8 *bss_bssid) +{ + memset(elems, 0, sizeof(*elems)); + elems->ie_start = start; + elems->total_len = len; + + crc = _ieee802_11_parse_elems_crc(start, len, action, elems, filter, + crc, transmitter_bssid, bss_bssid); + + /* Override with nontransmitted profile, if found */ + if (transmitter_bssid && elems->nontransmitted_bssid_profile) { + const u8 *profile = elems->nontransmitted_bssid_profile; + + _ieee802_11_parse_elems_crc(&profile[2], profile[1], + action, elems, 0, 0, + transmitter_bssid, bss_bssid); + } + + if (elems->tim && !elems->parse_error) { + const struct ieee80211_tim_ie *tim_ie = elems->tim; + + elems->dtim_period = tim_ie->dtim_period; + elems->dtim_count = tim_ie->dtim_count; + } + + /* Override DTIM period and count if needed */ + if (elems->bssid_index && + elems->bssid_index_len >= + offsetofend(struct ieee80211_bssid_index, dtim_period)) + elems->dtim_period = elems->bssid_index->dtim_period; + + if (elems->bssid_index && + elems->bssid_index_len >= + offsetofend(struct ieee80211_bssid_index, dtim_count)) + elems->dtim_count = elems->bssid_index->dtim_count; + + return crc; +} + void ieee80211_regulatory_limit_wmm_params(struct ieee80211_sub_if_data *sdata, struct ieee80211_tx_queue_params *qparam, int ac) From caf56338c22f00098bf2acd646b0ddc691c80c24 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Wed, 16 Jan 2019 23:03:25 +0200 Subject: [PATCH 16/38] mac80211: indicate support for multiple BSSID Set multi-bssid support flags according to driver support. Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg --- include/linux/ieee80211.h | 5 +++++ include/net/mac80211.h | 7 +++++++ net/mac80211/debugfs.c | 4 +++- net/mac80211/main.c | 13 ++++++++++++- net/mac80211/mlme.c | 15 +++++++++++++++ 5 files changed, 42 insertions(+), 2 deletions(-) diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index 7479f0bd50e1..8da5ba97328f 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -2657,6 +2657,11 @@ enum ieee80211_tdls_actioncode { */ #define WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING BIT(2) +/* Multiple BSSID capability is set in the 6th bit of 3rd byte of the + * @WLAN_EID_EXT_CAPABILITY information element + */ +#define WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT BIT(6) + /* TDLS capabilities in the the 4th byte of @WLAN_EID_EXT_CAPABILITY */ #define WLAN_EXT_CAPA4_TDLS_BUFFER_STA BIT(4) #define WLAN_EXT_CAPA4_TDLS_PEER_PSM BIT(5) diff --git a/include/net/mac80211.h b/include/net/mac80211.h index b0e364f50285..97aed7b1ba5d 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -2234,6 +2234,11 @@ struct ieee80211_txq { * @IEEE80211_HW_TX_STATUS_NO_AMPDU_LEN: Driver does not report accurate A-MPDU * length in tx status information * + * @IEEE80211_HW_SUPPORTS_MULTI_BSSID: Hardware supports multi BSSID + * + * @IEEE80211_HW_SUPPORTS_ONLY_HE_MULTI_BSSID: Hardware supports multi BSSID + * only for HE APs. Applies if @IEEE80211_HW_SUPPORTS_MULTI_BSSID is set. + * * @NUM_IEEE80211_HW_FLAGS: number of hardware flags, used for sizing arrays */ enum ieee80211_hw_flags { @@ -2283,6 +2288,8 @@ enum ieee80211_hw_flags { IEEE80211_HW_SUPPORTS_VHT_EXT_NSS_BW, IEEE80211_HW_STA_MMPDU_TXQ, IEEE80211_HW_TX_STATUS_NO_AMPDU_LEN, + IEEE80211_HW_SUPPORTS_MULTI_BSSID, + IEEE80211_HW_SUPPORTS_ONLY_HE_MULTI_BSSID, /* keep last, obviously */ NUM_IEEE80211_HW_FLAGS diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c index 343ad0a915e4..2d43bc127043 100644 --- a/net/mac80211/debugfs.c +++ b/net/mac80211/debugfs.c @@ -3,7 +3,7 @@ * * Copyright 2007 Johannes Berg * Copyright 2013-2014 Intel Mobile Communications GmbH - * Copyright (C) 2018 Intel Corporation + * Copyright (C) 2018 - 2019 Intel Corporation * * GPLv2 * @@ -219,6 +219,8 @@ static const char *hw_flag_names[] = { FLAG(SUPPORTS_VHT_EXT_NSS_BW), FLAG(STA_MMPDU_TXQ), FLAG(TX_STATUS_NO_AMPDU_LEN), + FLAG(SUPPORTS_MULTI_BSSID), + FLAG(SUPPORTS_ONLY_HE_MULTI_BSSID), #undef FLAG }; diff --git a/net/mac80211/main.c b/net/mac80211/main.c index 71005b6dfcd1..5055aeba5c5a 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -4,7 +4,7 @@ * Copyright 2006-2007 Jiri Benc * Copyright 2013-2014 Intel Mobile Communications GmbH * Copyright (C) 2017 Intel Deutschland GmbH - * Copyright (C) 2018 Intel Corporation + * Copyright (C) 2018 - 2019 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -1112,6 +1112,17 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) if (ieee80211_hw_check(&local->hw, CHANCTX_STA_CSA)) local->ext_capa[0] |= WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING; + /* mac80211 supports multi BSSID, if the driver supports it */ + if (ieee80211_hw_check(&local->hw, SUPPORTS_MULTI_BSSID)) { + local->hw.wiphy->support_mbssid = true; + if (ieee80211_hw_check(&local->hw, + SUPPORTS_ONLY_HE_MULTI_BSSID)) + local->hw.wiphy->support_only_he_mbssid = true; + else + local->ext_capa[2] |= + WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT; + } + local->hw.wiphy->max_num_csa_counters = IEEE80211_MAX_CSA_COUNTERS_NUM; result = wiphy_register(local->hw.wiphy); diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 64b6ddb67456..a49fbb3f3ed7 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -813,6 +813,21 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) } } + /* Set MBSSID support for HE AP if needed */ + if (ieee80211_hw_check(&local->hw, SUPPORTS_ONLY_HE_MULTI_BSSID) && + !(ifmgd->flags & IEEE80211_STA_DISABLE_HE) && assoc_data->ie_len) { + struct element *elem; + + /* we know it's writable, cast away the const */ + elem = (void *)cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY, + assoc_data->ie, + assoc_data->ie_len); + + /* We can probably assume both always true */ + if (elem && elem->datalen >= 3) + elem->data[2] |= WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT; + } + /* if present, add any custom IEs that go before HT */ if (assoc_data->ie_len) { static const u8 before_ht[] = { From c17fe043a3b79255c6cbe76aafb594849fac0005 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Tue, 29 Jan 2019 14:00:58 +0200 Subject: [PATCH 17/38] cfg80211: fix the IE inheritance of extension IEs Extension IEs have ID 255 followed by extension ID. Current code is buggy in handling it in two ways: 1. When checking if IE is in the frame, it uses just the ID, which for extension elements is too broad. 2. It uses 0xFF to mark copied IEs, which will result in not copying extension IEs from the subelement. Fix both issue. Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg --- net/wireless/scan.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 387e5f868684..46ecb10e85fb 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -216,7 +216,13 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, continue; } - tmp = (u8 *)cfg80211_find_ie(tmp_old[0], sub_copy, subie_len); + if (tmp_old[0] == WLAN_EID_EXTENSION) + tmp = (u8 *)cfg80211_find_ext_ie(tmp_old[2], sub_copy, + subie_len); + else + tmp = (u8 *)cfg80211_find_ie(tmp_old[0], sub_copy, + subie_len); + if (!tmp) { /* ie in old ie but not in subelement */ if (tmp_old[0] != WLAN_EID_MULTIPLE_BSSID) { @@ -226,8 +232,9 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, } else { /* ie in transmitting ie also in subelement, * copy from subelement and flag the ie in subelement - * as copied (by setting eid field to 0xff). For - * vendor ie, compare OUI + type + subType to + * as copied (by setting eid field to WLAN_EID_SSID, + * which is skipped anyway). + * For vendor ie, compare OUI + type + subType to * determine if they are the same ie. */ if (tmp_old[0] == WLAN_EID_VENDOR_SPECIFIC) { @@ -237,7 +244,7 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, */ memcpy(pos, tmp, tmp[1] + 2); pos += tmp[1] + 2; - tmp[0] = 0xff; + tmp[0] = WLAN_EID_SSID; } else { memcpy(pos, tmp_old, tmp_old[1] + 2); pos += tmp_old[1] + 2; @@ -246,7 +253,7 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, /* copy ie from subelement into new ie */ memcpy(pos, tmp, tmp[1] + 2); pos += tmp[1] + 2; - tmp[0] = 0xff; + tmp[0] = WLAN_EID_SSID; } } @@ -263,8 +270,7 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, while (tmp_new + tmp_new[1] + 2 - sub_copy <= subie_len) { if (!(tmp_new[0] == WLAN_EID_NON_TX_BSSID_CAP || tmp_new[0] == WLAN_EID_SSID || - tmp_new[0] == WLAN_EID_MULTI_BSSID_IDX || - tmp_new[0] == 0xff)) { + tmp_new[0] == WLAN_EID_MULTI_BSSID_IDX)) { memcpy(pos, tmp_new, tmp_new[1] + 2); pos += tmp_new[1] + 2; } From bede8d2996475017918364ec3d0d2bc1558659e1 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Wed, 30 Jan 2019 08:48:21 +0200 Subject: [PATCH 18/38] cfg80211: fix memory leak of new_ie new_ie is used as a temporary storage for the generation of the new elements. However, after copying from it the memory wasn't freed and leaked. Free it. Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg --- net/wireless/scan.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 46ecb10e85fb..287518c6caa4 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -1576,10 +1576,8 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy, if (!new_ie) return; new_ies = kzalloc(sizeof(*new_ies) + new_ie_len, gfp); - if (!new_ies) { - kfree(new_ie); - return; - } + if (!new_ies) + goto out_free; pos = new_ie; @@ -1613,6 +1611,9 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy, if (old) kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); } + +out_free: + kfree(new_ie); } /* cfg80211_inform_bss_width_frame helper */ From 040bda85b5dff5790f6ebe562e0b6ca09c851440 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 7 Dec 2018 14:10:50 +0200 Subject: [PATCH 19/38] mac80211_hwsim: Declare support for Multi-BSSID This can be used to test cfg80211 support for Multi-BSSID scan result parsing. Signed-off-by: Jouni Malinen Signed-off-by: Johannes Berg --- drivers/net/wireless/mac80211_hwsim.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c index 87be2b18063a..e8e359c80ad0 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -2801,6 +2801,7 @@ static int mac80211_hwsim_new_radio(struct genl_info *info, ieee80211_hw_set(hw, TDLS_WIDER_BW); if (rctbl) ieee80211_hw_set(hw, SUPPORTS_RC_TABLE); + ieee80211_hw_set(hw, SUPPORTS_MULTI_BSSID); hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS | WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL | From 851ae31d34063deb1eae49f5d797a12a5557e832 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Fri, 8 Feb 2019 14:12:25 +0100 Subject: [PATCH 20/38] cfg80211: add missing kernel-doc for multi-BSSID fields Add the missing kernel-doc for the new multi-BSSID fields in struct cfg80211_bss. Signed-off-by: Johannes Berg --- include/net/cfg80211.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 76efdc3a2200..b61b71f369c7 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -2035,6 +2035,10 @@ struct cfg80211_bss_ies { * a BSS that hides the SSID in its beacon, this points to the BSS struct * that holds the beacon data. @beacon_ies is still valid, of course, and * points to the same data as hidden_beacon_bss->beacon_ies in that case. + * @transmitted_bss: pointer to the transmitted BSS, if this is a + * non-transmitted one (multi-BSSID support) + * @nontrans_list: list of non-transmitted BSS, if this is a transmitted one + * (multi-BSSID support) * @signal: signal strength value (type depends on the wiphy's signal_type) * @chains: bitmask for filled values in @chain_signal. * @chain_signal: per-chain signal strength of last received BSS in dBm. From 61edb116cab9bf7d623e31bf7455a82bc042c087 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Fri, 8 Feb 2019 17:56:33 +0100 Subject: [PATCH 21/38] ieee80211: fix for_each_element_extid() The data/datalen argument names cannot be used as those are also the struct element names, fix that. Signed-off-by: Johannes Berg --- include/linux/ieee80211.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index 8da5ba97328f..3c9dfcada45f 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -3299,8 +3299,8 @@ struct element { for_each_element(element, data, datalen) \ if (element->id == (_id)) -#define for_each_element_extid(element, extid, data, datalen) \ - for_each_element(element, data, datalen) \ +#define for_each_element_extid(element, extid, _data, _datalen) \ + for_each_element(element, _data, _datalen) \ if (element->id == WLAN_EID_EXTENSION && \ element->datalen > 0 && \ element->data[0] == (extid)) From e646a0257b64dbef9d168e0f90daafa3fc1a83af Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 5 Feb 2019 21:08:29 +0100 Subject: [PATCH 22/38] cfg80211: restore regulatory without calling userspace Jouni reports that in some cases it is possible that getting disconnected (or stopping AP, after previous patches) results in further operations hitting the window within the regulatory core restoring the regdomain to the defaults. The reason for this is that we have to call out to CRDA or otherwise do some asynchronous work, and thus can't do the restore atomically. However, we've previously seen all the data we need to do the restore, so we can hang on to that data and use it later for the restore. This makes the whole thing happen within a single locked section and thus atomic. However, we can't *always* do this - there are unfortunately cases where the restore needs to re-request, because this is also used (abused?) as an error recovery process, so make the new behaviour optional and only use it when doing a regular restore as described above. Reported-by: Jouni Malinen Signed-off-by: Johannes Berg --- net/wireless/reg.c | 73 ++++++++++++++++++++++++++++++++++++---------- net/wireless/reg.h | 2 ++ 2 files changed, 60 insertions(+), 15 deletions(-) diff --git a/net/wireless/reg.c b/net/wireless/reg.c index adfa58fa6536..2f1bf91eb226 100644 --- a/net/wireless/reg.c +++ b/net/wireless/reg.c @@ -5,7 +5,7 @@ * Copyright 2008-2011 Luis R. Rodriguez * Copyright 2013-2014 Intel Mobile Communications GmbH * Copyright 2017 Intel Deutschland GmbH - * Copyright (C) 2018 Intel Corporation + * Copyright (C) 2018 - 2019 Intel Corporation * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -131,7 +131,8 @@ static spinlock_t reg_indoor_lock; /* Used to track the userspace process controlling the indoor setting */ static u32 reg_is_indoor_portid; -static void restore_regulatory_settings(bool reset_user); +static void restore_regulatory_settings(bool reset_user, bool cached); +static void print_regdomain(const struct ieee80211_regdomain *rd); static const struct ieee80211_regdomain *get_cfg80211_regdom(void) { @@ -263,6 +264,7 @@ static const struct ieee80211_regdomain *cfg80211_world_regdom = static char *ieee80211_regdom = "00"; static char user_alpha2[2]; +static const struct ieee80211_regdomain *cfg80211_user_regdom; module_param(ieee80211_regdom, charp, 0444); MODULE_PARM_DESC(ieee80211_regdom, "IEEE 802.11 regulatory domain code"); @@ -445,6 +447,15 @@ reg_copy_regd(const struct ieee80211_regdomain *src_regd) return regd; } +static void cfg80211_save_user_regdom(const struct ieee80211_regdomain *rd) +{ + ASSERT_RTNL(); + + if (!IS_ERR(cfg80211_user_regdom)) + kfree(cfg80211_user_regdom); + cfg80211_user_regdom = reg_copy_regd(rd); +} + struct reg_regdb_apply_request { struct list_head list; const struct ieee80211_regdomain *regdom; @@ -510,7 +521,7 @@ static void crda_timeout_work(struct work_struct *work) pr_debug("Timeout while waiting for CRDA to reply, restoring regulatory settings\n"); rtnl_lock(); reg_crda_timeouts++; - restore_regulatory_settings(true); + restore_regulatory_settings(true, false); rtnl_unlock(); } @@ -1044,7 +1055,7 @@ static void regdb_fw_cb(const struct firmware *fw, void *context) } if (restore) - restore_regulatory_settings(true); + restore_regulatory_settings(true, false); rtnl_unlock(); @@ -3117,7 +3128,7 @@ static void restore_custom_reg_settings(struct wiphy *wiphy) * keep their own regulatory domain on wiphy->regd so that does does * not need to be remembered. */ -static void restore_regulatory_settings(bool reset_user) +static void restore_regulatory_settings(bool reset_user, bool cached) { char alpha2[2]; char world_alpha2[2]; @@ -3176,15 +3187,41 @@ static void restore_regulatory_settings(bool reset_user) restore_custom_reg_settings(&rdev->wiphy); } - regulatory_hint_core(world_alpha2); + if (cached && (!is_an_alpha2(alpha2) || + !IS_ERR_OR_NULL(cfg80211_user_regdom))) { + reset_regdomains(false, cfg80211_world_regdom); + update_all_wiphy_regulatory(NL80211_REGDOM_SET_BY_CORE); + print_regdomain(get_cfg80211_regdom()); + nl80211_send_reg_change_event(&core_request_world); + reg_set_request_processed(); - /* - * This restores the ieee80211_regdom module parameter - * preference or the last user requested regulatory - * settings, user regulatory settings takes precedence. - */ - if (is_an_alpha2(alpha2)) - regulatory_hint_user(alpha2, NL80211_USER_REG_HINT_USER); + if (is_an_alpha2(alpha2) && + !regulatory_hint_user(alpha2, NL80211_USER_REG_HINT_USER)) { + struct regulatory_request *ureq; + + spin_lock(®_requests_lock); + ureq = list_last_entry(®_requests_list, + struct regulatory_request, + list); + list_del(&ureq->list); + spin_unlock(®_requests_lock); + + notify_self_managed_wiphys(ureq); + reg_update_last_request(ureq); + set_regdom(reg_copy_regd(cfg80211_user_regdom), + REGD_SOURCE_CACHED); + } + } else { + regulatory_hint_core(world_alpha2); + + /* + * This restores the ieee80211_regdom module parameter + * preference or the last user requested regulatory + * settings, user regulatory settings takes precedence. + */ + if (is_an_alpha2(alpha2)) + regulatory_hint_user(alpha2, NL80211_USER_REG_HINT_USER); + } spin_lock(®_requests_lock); list_splice_tail_init(&tmp_reg_req_list, ®_requests_list); @@ -3244,7 +3281,7 @@ void regulatory_hint_disconnect(void) } pr_debug("All devices are disconnected, going to restore regulatory settings\n"); - restore_regulatory_settings(false); + restore_regulatory_settings(false, true); } static bool freq_is_chan_12_13_14(u32 freq) @@ -3561,6 +3598,9 @@ int set_regdom(const struct ieee80211_regdomain *rd, bool user_reset = false; int r; + if (IS_ERR_OR_NULL(rd)) + return -ENODATA; + if (!reg_is_valid_request(rd->alpha2)) { kfree(rd); return -EINVAL; @@ -3577,6 +3617,7 @@ int set_regdom(const struct ieee80211_regdomain *rd, r = reg_set_rd_core(rd); break; case NL80211_REGDOM_SET_BY_USER: + cfg80211_save_user_regdom(rd); r = reg_set_rd_user(rd, lr); user_reset = true; break; @@ -3599,7 +3640,7 @@ int set_regdom(const struct ieee80211_regdomain *rd, break; default: /* Back to world regulatory in case of errors */ - restore_regulatory_settings(user_reset); + restore_regulatory_settings(user_reset, false); } kfree(rd); @@ -3935,6 +3976,8 @@ void regulatory_exit(void) if (!IS_ERR_OR_NULL(regdb)) kfree(regdb); + if (!IS_ERR_OR_NULL(cfg80211_user_regdom)) + kfree(cfg80211_user_regdom); free_regdb_keyring(); } diff --git a/net/wireless/reg.h b/net/wireless/reg.h index 9ceeb5f3a7cb..504133d76de4 100644 --- a/net/wireless/reg.h +++ b/net/wireless/reg.h @@ -5,6 +5,7 @@ /* * Copyright 2008-2011 Luis R. Rodriguez + * Copyright (C) 2019 Intel Corporation * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -22,6 +23,7 @@ enum ieee80211_regd_source { REGD_SOURCE_INTERNAL_DB, REGD_SOURCE_CRDA, + REGD_SOURCE_CACHED, }; extern const struct ieee80211_regdomain __rcu *cfg80211_regdomain; From 7388afe09143210f555bdd6c75035e9acc1fab96 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 11 Feb 2019 16:29:04 +0200 Subject: [PATCH 23/38] cfg80211: Use const more consistently in for_each_element macros Enforce the first argument to be a correct type of a pointer to struct element and avoid unnecessary typecasts from const to non-const pointers (the change in validate_ie_attr() is needed to make this part work). In addition, avoid signed/unsigned comparison within for_each_element() and mark struct element packed just in case. Signed-off-by: Jouni Malinen Signed-off-by: Johannes Berg --- include/linux/ieee80211.h | 18 +++++++++--------- net/wireless/nl80211.c | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index 3c9dfcada45f..6cbaed4d7a6b 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -3284,16 +3284,16 @@ struct element { u8 id; u8 datalen; u8 data[]; -}; +} __packed; /* element iteration helpers */ -#define for_each_element(element, _data, _datalen) \ - for (element = (void *)(_data); \ - (u8 *)(_data) + (_datalen) - (u8 *)element >= \ - sizeof(*element) && \ - (u8 *)(_data) + (_datalen) - (u8 *)element >= \ - sizeof(*element) + element->datalen; \ - element = (void *)(element->data + element->datalen)) +#define for_each_element(_elem, _data, _datalen) \ + for (_elem = (const struct element *)(_data); \ + (const u8 *)(_data) + (_datalen) - (const u8 *)_elem >= \ + (int)sizeof(*_elem) && \ + (const u8 *)(_data) + (_datalen) - (const u8 *)_elem >= \ + (int)sizeof(*_elem) + _elem->datalen; \ + _elem = (const struct element *)(_elem->data + _elem->datalen)) #define for_each_element_id(element, _id, data, datalen) \ for_each_element(element, data, datalen) \ @@ -3330,7 +3330,7 @@ struct element { static inline bool for_each_element_completed(const struct element *element, const void *data, size_t datalen) { - return (u8 *)element == (u8 *)data + datalen; + return (const u8 *)element == (const u8 *)data + datalen; } #endif /* LINUX_IEEE80211_H */ diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 5d85f6032f84..80878b431584 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -205,7 +205,7 @@ static int validate_ie_attr(const struct nlattr *attr, { const u8 *data = nla_data(attr); unsigned int len = nla_len(attr); - struct element *elem; + const struct element *elem; for_each_element(elem, data, len) { /* nothing */ From 5d4071abd9a1e2b417beef31aaf7d45999e4882e Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 11 Feb 2019 16:03:12 +0100 Subject: [PATCH 24/38] cfg80211: fix and clean up cfg80211_gen_new_bssid() Fix cfg80211_gen_new_bssid() to not rely on u64 modulo arithmetic, which isn't needed since we really just want to mask there. Also, clean it up to calculate the mask only once and use GENMASK_ULL() instead of open-coding the mask calculation. Signed-off-by: Johannes Berg --- include/net/cfg80211.h | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index b61b71f369c7..f81677f2f051 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -5475,22 +5475,20 @@ cfg80211_inform_bss_frame(struct wiphy *wiphy, * @bssid: transmitter BSSID * @max_bssid: max BSSID indicator, taken from Multiple BSSID element * @mbssid_index: BSSID index, taken from Multiple BSSID index element - * @new_bssid_addr: address of the resulting BSSID + * @new_bssid: calculated nontransmitted BSSID */ static inline void cfg80211_gen_new_bssid(const u8 *bssid, u8 max_bssid, - u8 mbssid_index, u8 *new_bssid_addr) + u8 mbssid_index, u8 *new_bssid) { - u64 bssid_tmp, new_bssid; - u64 lsb_n; + u64 bssid_u64 = ether_addr_to_u64(bssid); + u64 mask = GENMASK_ULL(max_bssid - 1, 0); + u64 new_bssid_u64; - bssid_tmp = ether_addr_to_u64(bssid); + new_bssid_u64 = bssid_u64 & ~mask; - lsb_n = bssid_tmp & ((1 << max_bssid) - 1); - new_bssid = bssid_tmp; - new_bssid &= ~((1 << max_bssid) - 1); - new_bssid |= (lsb_n + mbssid_index) % (1 << max_bssid); + new_bssid_u64 |= ((bssid_u64 & mask) + mbssid_index) & mask; - u64_to_ether_addr(new_bssid, new_bssid_addr); + u64_to_ether_addr(new_bssid_u64, new_bssid); } /** From f440b125450dfc65ce0386eb231da2f663c45ca0 Mon Sep 17 00:00:00 2001 From: Cody Schuffelen Date: Wed, 6 Feb 2019 15:54:15 -0800 Subject: [PATCH 25/38] virt_wifi: Remove REGULATORY_WIPHY_SELF_MANAGED REGULATORY_WIPHY_SELF_MANAGED as set here breaks NL80211_CMD_GET_REG, because it expects the wiphy to do regulatory management. Since virt_wifi does not do regulatory management, this triggers a WARN_ON in NL80211_CMD_GET_REG and fails the netlink command. Removing REGULATORY_WIPHY_SELF_MANAGED fixes the problem and the virtual wireless network continues to work. Signed-off-by: Cody Schuffelen Acked-by: Alistair Strachan Acked-by: Greg Hartman Signed-off-by: Johannes Berg --- drivers/net/wireless/virt_wifi.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/net/wireless/virt_wifi.c b/drivers/net/wireless/virt_wifi.c index 71044c6cfd8c..606999f102eb 100644 --- a/drivers/net/wireless/virt_wifi.c +++ b/drivers/net/wireless/virt_wifi.c @@ -360,7 +360,6 @@ static struct wiphy *virt_wifi_make_wiphy(void) wiphy->bands[NL80211_BAND_5GHZ] = &band_5ghz; wiphy->bands[NL80211_BAND_60GHZ] = NULL; - wiphy->regulatory_flags = REGULATORY_WIPHY_SELF_MANAGED; wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION); priv = wiphy_priv(wiphy); From 767637416e218d2d3ba7e1697b8a72a375797866 Mon Sep 17 00:00:00 2001 From: Mao Wenan Date: Sat, 16 Feb 2019 17:47:10 +0800 Subject: [PATCH 26/38] cfg80211: pmsr: use eth_broadcast_addr() to assign broadcast address This patch is to use eth_broadcast_addr() to assign broadcast address insetad of memset(). Signed-off-by: Mao Wenan Signed-off-by: Johannes Berg --- net/wireless/pmsr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/wireless/pmsr.c b/net/wireless/pmsr.c index de9286703280..21139b82749f 100644 --- a/net/wireless/pmsr.c +++ b/net/wireless/pmsr.c @@ -258,7 +258,7 @@ int nl80211_pmsr_start(struct sk_buff *skb, struct genl_info *info) } else { memcpy(req->mac_addr, nla_data(info->attrs[NL80211_ATTR_MAC]), ETH_ALEN); - memset(req->mac_addr_mask, 0xff, ETH_ALEN); + eth_broadcast_addr(req->mac_addr_mask); } idx = 0; From 4d9ec73d2b78daf70477aadc50eb4d2186c8b62f Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 15 Feb 2019 02:14:33 +0200 Subject: [PATCH 27/38] cfg80211: Report Association Request frame IEs in association events This extends the NL80211_CMD_ASSOCIATE event case to report NL80211_ATTR_REQ_IE similarly to what is already done with the NL80211_CMD_CONNECT events if the driver provides this information. In practice, this adds (Re)Association Request frame information element reporting to mac80211 drivers for the cases where user space SME is used. This provides more information for user space to figure out which capabilities were negotiated for the association. For example, this can be used to determine whether HT, VHT, or HE is used. Signed-off-by: Jouni Malinen Signed-off-by: Johannes Berg --- include/net/cfg80211.h | 7 +++++-- net/mac80211/ieee80211_i.h | 6 ++++++ net/mac80211/mlme.c | 14 ++++++++++++-- net/wireless/mlme.c | 8 ++++++-- net/wireless/nl80211.c | 24 +++++++++++++++--------- net/wireless/nl80211.h | 3 ++- 6 files changed, 46 insertions(+), 16 deletions(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index f81677f2f051..7a29b709077f 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -5676,10 +5676,12 @@ void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr); * @dev: network device * @bss: the BSS that association was requested with, ownership of the pointer * moves to cfg80211 in this call - * @buf: authentication frame (header + body) + * @buf: (Re)Association Response frame (header + body) * @len: length of the frame data * @uapsd_queues: bitmap of queues configured for uapsd. Same format * as the AC bitmap in the QoS info field + * @req_ies: information elements from the (Re)Association Request frame + * @req_ies_len: length of req_ies data * * After being asked to associate via cfg80211_ops::assoc() the driver must * call either this function or cfg80211_auth_timeout(). @@ -5689,7 +5691,8 @@ void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr); void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss, const u8 *buf, size_t len, - int uapsd_queues); + int uapsd_queues, + const u8 *req_ies, size_t req_ies_len); /** * cfg80211_assoc_timeout - notification of timed out association diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 5795eef98771..afce50da6fd6 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -556,6 +556,12 @@ struct ieee80211_if_managed { * get stuck in a downgraded situation and flush takes forever. */ struct delayed_work tx_tspec_wk; + + /* Information elements from the last transmitted (Re)Association + * Request frame. + */ + u8 *assoc_req_ies; + size_t assoc_req_ies_len; }; struct ieee80211_if_ibss { diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index a49fbb3f3ed7..df5d4b90616d 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -644,7 +644,7 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data; struct sk_buff *skb; struct ieee80211_mgmt *mgmt; - u8 *pos, qos_info; + u8 *pos, qos_info, *ie_start; size_t offset = 0, noffset; int i, count, rates_len, supp_rates_len, shift; u16 capab; @@ -752,6 +752,7 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) /* SSID */ pos = skb_put(skb, 2 + assoc_data->ssid_len); + ie_start = pos; *pos++ = WLAN_EID_SSID; *pos++ = assoc_data->ssid_len; memcpy(pos, assoc_data->ssid, assoc_data->ssid_len); @@ -976,6 +977,11 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) return; } + pos = skb_tail_pointer(skb); + kfree(ifmgd->assoc_req_ies); + ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC); + ifmgd->assoc_req_ies_len = pos - ie_start; + drv_mgd_prepare_tx(local, sdata, 0); IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; @@ -3544,7 +3550,8 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, uapsd_queues |= ieee80211_ac_to_qos_mask[ac]; } - cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len, uapsd_queues); + cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len, uapsd_queues, + ifmgd->assoc_req_ies, ifmgd->assoc_req_ies_len); } static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, @@ -5576,6 +5583,9 @@ void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata) ifmgd->teardown_skb = NULL; ifmgd->orig_teardown_skb = NULL; } + kfree(ifmgd->assoc_req_ies); + ifmgd->assoc_req_ies = NULL; + ifmgd->assoc_req_ies_len = 0; spin_unlock_bh(&ifmgd->teardown_lock); del_timer_sync(&ifmgd->timer); sdata_unlock(sdata); diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c index 1615e503f8e3..f9462010575f 100644 --- a/net/wireless/mlme.c +++ b/net/wireless/mlme.c @@ -21,7 +21,8 @@ void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss, - const u8 *buf, size_t len, int uapsd_queues) + const u8 *buf, size_t len, int uapsd_queues, + const u8 *req_ies, size_t req_ies_len) { struct wireless_dev *wdev = dev->ieee80211_ptr; struct wiphy *wiphy = wdev->wiphy; @@ -33,6 +34,8 @@ void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss, cr.status = (int)le16_to_cpu(mgmt->u.assoc_resp.status_code); cr.bssid = mgmt->bssid; cr.bss = bss; + cr.req_ie = req_ies; + cr.req_ie_len = req_ies_len; cr.resp_ie = mgmt->u.assoc_resp.variable; cr.resp_ie_len = len - offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); @@ -52,7 +55,8 @@ void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss, return; } - nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues); + nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues, + req_ies, req_ies_len); /* update current_bss etc., consumes the bss reference */ __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS); } diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 80878b431584..d5badbbb28a3 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -14491,12 +14491,13 @@ static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, struct net_device *netdev, const u8 *buf, size_t len, enum nl80211_commands cmd, gfp_t gfp, - int uapsd_queues) + int uapsd_queues, const u8 *req_ies, + size_t req_ies_len) { struct sk_buff *msg; void *hdr; - msg = nlmsg_new(100 + len, gfp); + msg = nlmsg_new(100 + len + req_ies_len, gfp); if (!msg) return; @@ -14508,7 +14509,9 @@ static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || - nla_put(msg, NL80211_ATTR_FRAME, len, buf)) + nla_put(msg, NL80211_ATTR_FRAME, len, buf) || + (req_ies && + nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies))) goto nla_put_failure; if (uapsd_queues >= 0) { @@ -14539,15 +14542,17 @@ void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, size_t len, gfp_t gfp) { nl80211_send_mlme_event(rdev, netdev, buf, len, - NL80211_CMD_AUTHENTICATE, gfp, -1); + NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0); } void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, struct net_device *netdev, const u8 *buf, - size_t len, gfp_t gfp, int uapsd_queues) + size_t len, gfp_t gfp, int uapsd_queues, + const u8 *req_ies, size_t req_ies_len) { nl80211_send_mlme_event(rdev, netdev, buf, len, - NL80211_CMD_ASSOCIATE, gfp, uapsd_queues); + NL80211_CMD_ASSOCIATE, gfp, uapsd_queues, + req_ies, req_ies_len); } void nl80211_send_deauth(struct cfg80211_registered_device *rdev, @@ -14555,7 +14560,7 @@ void nl80211_send_deauth(struct cfg80211_registered_device *rdev, size_t len, gfp_t gfp) { nl80211_send_mlme_event(rdev, netdev, buf, len, - NL80211_CMD_DEAUTHENTICATE, gfp, -1); + NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0); } void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, @@ -14563,7 +14568,7 @@ void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, size_t len, gfp_t gfp) { nl80211_send_mlme_event(rdev, netdev, buf, len, - NL80211_CMD_DISASSOCIATE, gfp, -1); + NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0); } void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf, @@ -14584,7 +14589,8 @@ void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf, cmd = NL80211_CMD_UNPROT_DISASSOCIATE; trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len); - nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1); + nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1, + NULL, 0); } EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt); diff --git a/net/wireless/nl80211.h b/net/wireless/nl80211.h index 531c82dcba6b..a41e94a49a89 100644 --- a/net/wireless/nl80211.h +++ b/net/wireless/nl80211.h @@ -67,7 +67,8 @@ void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, struct net_device *netdev, const u8 *buf, size_t len, gfp_t gfp, - int uapsd_queues); + int uapsd_queues, + const u8 *req_ies, size_t req_ies_len); void nl80211_send_deauth(struct cfg80211_registered_device *rdev, struct net_device *netdev, const u8 *buf, size_t len, gfp_t gfp); From ee145775c1eb84bb76e71639425ec44c654fb868 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Wed, 6 Feb 2019 13:17:09 +0200 Subject: [PATCH 28/38] mac80211: support max channel switch time element 2018 REVmd of the spec introduces the max channel switch time element which is optionally included in beacons/probes when there is a channel switch / extended channel switch element. The value represents the maximum delay between the time the AP transmitted the last beacon in current channel and the expected time of the first beacon in the new channel, in TU. Parse the value and pass it to the driver. Signed-off-by: Sara Sharon Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg --- include/linux/ieee80211.h | 1 + include/net/mac80211.h | 4 ++++ net/mac80211/ieee80211_i.h | 2 ++ net/mac80211/mlme.c | 1 + net/mac80211/spectmgmt.c | 6 ++++++ net/mac80211/util.c | 4 ++++ 6 files changed, 18 insertions(+) diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index 6cbaed4d7a6b..d9650ae2b4f7 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -2475,6 +2475,7 @@ enum ieee80211_eid_ext { WLAN_EID_EXT_HE_OPERATION = 36, WLAN_EID_EXT_UORA = 37, WLAN_EID_EXT_HE_MU_EDCA = 38, + WLAN_EID_EXT_MAX_CHANNEL_SWITCH_TIME = 52, WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION = 55, }; diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 97aed7b1ba5d..3fb38d2bdb4f 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -1519,6 +1519,9 @@ struct ieee80211_conf { * scheduled channel switch, as indicated by the AP. * @chandef: the new channel to switch to * @count: the number of TBTT's until the channel switch event + * @delay: maximum delay between the time the AP transmitted the last beacon in + * current channel and the expected time of the first beacon in the new + * channel, expressed in TU. */ struct ieee80211_channel_switch { u64 timestamp; @@ -1526,6 +1529,7 @@ struct ieee80211_channel_switch { bool block_tx; struct cfg80211_chan_def chandef; u8 count; + u32 delay; }; /** diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index afce50da6fd6..e170f986d226 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -1453,6 +1453,7 @@ struct ieee80211_csa_ie { u8 ttl; u16 pre_value; u16 reason_code; + u32 max_switch_time; }; /* Parsed Information Elements */ @@ -1493,6 +1494,7 @@ struct ieee802_11_elems { const struct ieee80211_channel_sw_ie *ch_switch_ie; const struct ieee80211_ext_chansw_ie *ext_chansw_ie; const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie; + const u8 *max_channel_switch_time; const u8 *country_elem; const u8 *pwr_constr_elem; const u8 *cisco_dtpc_elem; diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index df5d4b90616d..1b4938d100d5 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -1352,6 +1352,7 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, ch_switch.block_tx = csa_ie.mode; ch_switch.chandef = csa_ie.chandef; ch_switch.count = csa_ie.count; + ch_switch.delay = csa_ie.max_switch_time; if (drv_pre_channel_switch(sdata, &ch_switch)) { sdata_info(sdata, diff --git a/net/mac80211/spectmgmt.c b/net/mac80211/spectmgmt.c index 4e4902bdbef8..3c644f14dd59 100644 --- a/net/mac80211/spectmgmt.c +++ b/net/mac80211/spectmgmt.c @@ -177,6 +177,12 @@ int ieee80211_parse_ch_switch_ie(struct ieee80211_sub_if_data *sdata, csa_ie->chandef = new_vht_chandef; } + if (elems->max_channel_switch_time) + csa_ie->max_switch_time = + (elems->max_channel_switch_time[0] << 0) | + (elems->max_channel_switch_time[1] << 8) | + (elems->max_channel_switch_time[2] << 16); + return 0; } diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 8349c91250ef..3f5a704d1ab0 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -1274,6 +1274,10 @@ _ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, elems->he_operation = (void *)&pos[1]; } else if (pos[0] == WLAN_EID_EXT_UORA && elen >= 1) { elems->uora_element = (void *)&pos[1]; + } else if (pos[0] == + WLAN_EID_EXT_MAX_CHANNEL_SWITCH_TIME && + elen == 4) { + elems->max_channel_switch_time = pos + 1; } else if (pos[0] == WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION && elen == 3) { From b9cc81d827ed13502ca9c8523361be26ca1d7220 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Wed, 6 Feb 2019 13:17:10 +0200 Subject: [PATCH 29/38] mac80211: abort CSA if beacon does not include CSA IEs In case we receive a beacon without CSA IE while we are in the middle of channel switch - abort the operation. Signed-off-by: Sara Sharon Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg --- include/net/mac80211.h | 5 +++++ net/mac80211/driver-ops.h | 14 +++++++++++++ net/mac80211/mlme.c | 43 +++++++++++++++++++++++++++++++++------ net/mac80211/trace.h | 6 ++++++ 4 files changed, 62 insertions(+), 6 deletions(-) diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 3fb38d2bdb4f..aef7174a7c65 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -3643,6 +3643,9 @@ enum ieee80211_reconfig_type { * @post_channel_switch: This is an optional callback that is called * after a channel switch procedure is completed, allowing the * driver to go back to a normal configuration. + * @abort_channel_switch: This is an optional callback that is called + * when channel switch procedure was completed, allowing the + * driver to go back to a normal configuration. * * @join_ibss: Join an IBSS (on an IBSS interface); this is called after all * information in bss_conf is set up and the beacon can be retrieved. A @@ -3946,6 +3949,8 @@ struct ieee80211_ops { int (*post_channel_switch)(struct ieee80211_hw *hw, struct ieee80211_vif *vif); + void (*abort_channel_switch)(struct ieee80211_hw *hw, + struct ieee80211_vif *vif); int (*join_ibss)(struct ieee80211_hw *hw, struct ieee80211_vif *vif); void (*leave_ibss)(struct ieee80211_hw *hw, struct ieee80211_vif *vif); diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h index ba3c07b10cd0..e069122595d0 100644 --- a/net/mac80211/driver-ops.h +++ b/net/mac80211/driver-ops.h @@ -1052,6 +1052,20 @@ drv_post_channel_switch(struct ieee80211_sub_if_data *sdata) return ret; } +static inline void +drv_abort_channel_switch(struct ieee80211_sub_if_data *sdata) +{ + struct ieee80211_local *local = sdata->local; + + if (!check_sdata_in_driver(sdata)) + return; + + trace_drv_abort_channel_switch(local, sdata); + + if (local->ops->abort_channel_switch) + local->ops->abort_channel_switch(&local->hw, &sdata->vif); +} + static inline int drv_join_ibss(struct ieee80211_local *local, struct ieee80211_sub_if_data *sdata) { diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 1b4938d100d5..28a275ec6700 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -1258,6 +1258,32 @@ static void ieee80211_chswitch_timer(struct timer_list *t) ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); } +static void +ieee80211_sta_abort_chanswitch(struct ieee80211_sub_if_data *sdata) +{ + struct ieee80211_local *local = sdata->local; + + if (!local->ops->abort_channel_switch) + return; + + mutex_lock(&local->mtx); + + mutex_lock(&local->chanctx_mtx); + ieee80211_vif_unreserve_chanctx(sdata); + mutex_unlock(&local->chanctx_mtx); + + if (sdata->csa_block_tx) + ieee80211_wake_vif_queues(local, sdata, + IEEE80211_QUEUE_STOP_REASON_CSA); + + sdata->csa_block_tx = false; + sdata->vif.csa_active = false; + + mutex_unlock(&local->mtx); + + drv_abort_channel_switch(sdata); +} + static void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, u64 timestamp, u32 device_timestamp, @@ -1282,19 +1308,24 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, if (local->scanning) return; - /* disregard subsequent announcements if we are already processing */ - if (sdata->vif.csa_active) - return; - current_band = cbss->channel->band; res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band, ifmgd->flags, ifmgd->associated->bssid, &csa_ie); - if (res < 0) + if (res < 0) { ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work); - if (res) return; + } + + if (res && beacon && sdata->vif.csa_active && + !ifmgd->csa_waiting_bcn) { + ieee80211_sta_abort_chanswitch(sdata); + return; + } else if (sdata->vif.csa_active || res) { + /* disregard subsequent announcements if already processing */ + return; + } if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef, IEEE80211_CHAN_DISABLED)) { diff --git a/net/mac80211/trace.h b/net/mac80211/trace.h index 35ea0dcb55e6..c1e203fe281e 100644 --- a/net/mac80211/trace.h +++ b/net/mac80211/trace.h @@ -2452,6 +2452,12 @@ DEFINE_EVENT(local_sdata_evt, drv_post_channel_switch, TP_ARGS(local, sdata) ); +DEFINE_EVENT(local_sdata_evt, drv_abort_channel_switch, + TP_PROTO(struct ieee80211_local *local, + struct ieee80211_sub_if_data *sdata), + TP_ARGS(local, sdata) +); + TRACE_EVENT(drv_get_txpower, TP_PROTO(struct ieee80211_local *local, struct ieee80211_sub_if_data *sdata, From 2ff5e52e7836f1851f25304e0b2ee09cd9e7962e Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 6 Feb 2019 13:17:11 +0200 Subject: [PATCH 30/38] radiotap: add 0-length PSDU "not captured" type This type was defined in radiotap but we didn't add it to the header file, add it now. Signed-off-by: Johannes Berg --- include/net/ieee80211_radiotap.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/net/ieee80211_radiotap.h b/include/net/ieee80211_radiotap.h index 8014153bdd49..6674412f9270 100644 --- a/include/net/ieee80211_radiotap.h +++ b/include/net/ieee80211_radiotap.h @@ -1,6 +1,6 @@ /* * Copyright (c) 2017 Intel Deutschland GmbH - * Copyright (c) 2018 Intel Corporation + * Copyright (c) 2018-2019 Intel Corporation * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -343,6 +343,7 @@ struct ieee80211_radiotap_lsig { enum ieee80211_radiotap_zero_len_psdu_type { IEEE80211_RADIOTAP_ZERO_LEN_PSDU_SOUNDING = 0, + IEEE80211_RADIOTAP_ZERO_LEN_PSDU_NOT_CAPTURED = 1, IEEE80211_RADIOTAP_ZERO_LEN_PSDU_VENDOR = 0xff, }; From c15353be91902fa6cde08d4bf325d089895d65e8 Mon Sep 17 00:00:00 2001 From: Liad Kaufman Date: Wed, 6 Feb 2019 13:17:13 +0200 Subject: [PATCH 31/38] mac80211: fix position of vendor_data read The ieee80211_vendor_radiotap was read from the beginning of the skb->data regardless of the existence of other elements in radiotap that would cause it to move to another position. Fix this by taking into account where it really should be. Signed-off-by: Liad Kaufman Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg --- net/mac80211/rx.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index bb4d71efb6fb..c97018dd17fe 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -5,7 +5,7 @@ * Copyright 2007-2010 Johannes Berg * Copyright 2013-2014 Intel Mobile Communications GmbH * Copyright(c) 2015 - 2017 Intel Deutschland GmbH - * Copyright (C) 2018 Intel Corporation + * Copyright (C) 2018-2019 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -208,7 +208,24 @@ ieee80211_rx_radiotap_hdrlen(struct ieee80211_local *local, } if (status->flag & RX_FLAG_RADIOTAP_VENDOR_DATA) { - struct ieee80211_vendor_radiotap *rtap = (void *)skb->data; + struct ieee80211_vendor_radiotap *rtap; + int vendor_data_offset = 0; + + /* + * The position to look at depends on the existence (or non- + * existence) of other elements, so take that into account... + */ + if (status->flag & RX_FLAG_RADIOTAP_HE) + vendor_data_offset += + sizeof(struct ieee80211_radiotap_he); + if (status->flag & RX_FLAG_RADIOTAP_HE_MU) + vendor_data_offset += + sizeof(struct ieee80211_radiotap_he_mu); + if (status->flag & RX_FLAG_RADIOTAP_LSIG) + vendor_data_offset += + sizeof(struct ieee80211_radiotap_lsig); + + rtap = (void *)&skb->data[vendor_data_offset]; /* alignment for fixed 6-byte vendor data header */ len = ALIGN(len, 2); From fafd2bce5a5821b8902b11ab24dffa47dfdbd2d0 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Wed, 6 Feb 2019 13:17:15 +0200 Subject: [PATCH 32/38] mac80211: notify driver on subsequent CSA beacons Some drivers may want to track further the CSA beacons, for example to compensate for buggy APs that change the beacon count or quiet mode during CSA flow. Signed-off-by: Sara Sharon Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg --- include/net/mac80211.h | 9 +++++++-- net/mac80211/driver-ops.h | 17 ++++++++++++++++- net/mac80211/mlme.c | 27 +++++++++++++++----------- net/mac80211/trace.h | 40 +++++++++++++++++++++++++++++++++++++-- 4 files changed, 77 insertions(+), 16 deletions(-) diff --git a/include/net/mac80211.h b/include/net/mac80211.h index aef7174a7c65..ac2ed8ec662b 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -6,7 +6,7 @@ * Copyright 2007-2010 Johannes Berg * Copyright 2013-2014 Intel Mobile Communications GmbH * Copyright (C) 2015 - 2017 Intel Deutschland GmbH - * Copyright (C) 2018 Intel Corporation + * Copyright (C) 2018 - 2019 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -3646,7 +3646,9 @@ enum ieee80211_reconfig_type { * @abort_channel_switch: This is an optional callback that is called * when channel switch procedure was completed, allowing the * driver to go back to a normal configuration. - * + * @channel_switch_rx_beacon: This is an optional callback that is called + * when channel switch procedure is in progress and additional beacon with + * CSA IE was received, allowing driver to track changes in count. * @join_ibss: Join an IBSS (on an IBSS interface); this is called after all * information in bss_conf is set up and the beacon can be retrieved. A * channel context is bound before this is called. @@ -3951,6 +3953,9 @@ struct ieee80211_ops { struct ieee80211_vif *vif); void (*abort_channel_switch)(struct ieee80211_hw *hw, struct ieee80211_vif *vif); + void (*channel_switch_rx_beacon)(struct ieee80211_hw *hw, + struct ieee80211_vif *vif, + struct ieee80211_channel_switch *ch_switch); int (*join_ibss)(struct ieee80211_hw *hw, struct ieee80211_vif *vif); void (*leave_ibss)(struct ieee80211_hw *hw, struct ieee80211_vif *vif); diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h index e069122595d0..28d022a3eee3 100644 --- a/net/mac80211/driver-ops.h +++ b/net/mac80211/driver-ops.h @@ -2,7 +2,7 @@ /* * Portions of this file * Copyright(c) 2016 Intel Deutschland GmbH -* Copyright (C) 2018 Intel Corporation +* Copyright (C) 2018 - 2019 Intel Corporation */ #ifndef __MAC80211_DRIVER_OPS @@ -1066,6 +1066,21 @@ drv_abort_channel_switch(struct ieee80211_sub_if_data *sdata) local->ops->abort_channel_switch(&local->hw, &sdata->vif); } +static inline void +drv_channel_switch_rx_beacon(struct ieee80211_sub_if_data *sdata, + struct ieee80211_channel_switch *ch_switch) +{ + struct ieee80211_local *local = sdata->local; + + if (!check_sdata_in_driver(sdata)) + return; + + trace_drv_channel_switch_rx_beacon(local, sdata, ch_switch); + if (local->ops->channel_switch_rx_beacon) + local->ops->channel_switch_rx_beacon(&local->hw, &sdata->vif, + ch_switch); +} + static inline int drv_join_ibss(struct ieee80211_local *local, struct ieee80211_sub_if_data *sdata) { diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 28a275ec6700..411656614e9a 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -7,7 +7,7 @@ * Copyright 2007, Michael Wu * Copyright 2013-2014 Intel Mobile Communications GmbH * Copyright (C) 2015 - 2017 Intel Deutschland GmbH - * Copyright (C) 2018 Intel Corporation + * Copyright (C) 2018 - 2019 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -1312,15 +1312,27 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, res = ieee80211_parse_ch_switch_ie(sdata, elems, current_band, ifmgd->flags, ifmgd->associated->bssid, &csa_ie); + + if (!res) { + ch_switch.timestamp = timestamp; + ch_switch.device_timestamp = device_timestamp; + ch_switch.block_tx = csa_ie.mode; + ch_switch.chandef = csa_ie.chandef; + ch_switch.count = csa_ie.count; + ch_switch.delay = csa_ie.max_switch_time; + } + if (res < 0) { ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work); return; } - if (res && beacon && sdata->vif.csa_active && - !ifmgd->csa_waiting_bcn) { - ieee80211_sta_abort_chanswitch(sdata); + if (beacon && sdata->vif.csa_active && !ifmgd->csa_waiting_bcn) { + if (res) + ieee80211_sta_abort_chanswitch(sdata); + else + drv_channel_switch_rx_beacon(sdata, &ch_switch); return; } else if (sdata->vif.csa_active || res) { /* disregard subsequent announcements if already processing */ @@ -1378,13 +1390,6 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, goto drop_connection; } - ch_switch.timestamp = timestamp; - ch_switch.device_timestamp = device_timestamp; - ch_switch.block_tx = csa_ie.mode; - ch_switch.chandef = csa_ie.chandef; - ch_switch.count = csa_ie.count; - ch_switch.delay = csa_ie.max_switch_time; - if (drv_pre_channel_switch(sdata, &ch_switch)) { sdata_info(sdata, "preparing for channel switch failed, disconnecting\n"); diff --git a/net/mac80211/trace.h b/net/mac80211/trace.h index c1e203fe281e..8ba70d26b82e 100644 --- a/net/mac80211/trace.h +++ b/net/mac80211/trace.h @@ -1,8 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 */ /* * Portions of this file -* Copyright(c) 2016 Intel Deutschland GmbH -* Copyright (C) 2018 Intel Corporation +* Copyright(c) 2016-2017 Intel Deutschland GmbH +* Copyright (C) 2018 - 2019 Intel Corporation */ #if !defined(__MAC80211_DRIVER_TRACE) || defined(TRACE_HEADER_MULTI_READ) @@ -2458,6 +2458,42 @@ DEFINE_EVENT(local_sdata_evt, drv_abort_channel_switch, TP_ARGS(local, sdata) ); +TRACE_EVENT(drv_channel_switch_rx_beacon, + TP_PROTO(struct ieee80211_local *local, + struct ieee80211_sub_if_data *sdata, + struct ieee80211_channel_switch *ch_switch), + + TP_ARGS(local, sdata, ch_switch), + + TP_STRUCT__entry( + LOCAL_ENTRY + VIF_ENTRY + CHANDEF_ENTRY + __field(u64, timestamp) + __field(u32, device_timestamp) + __field(bool, block_tx) + __field(u8, count) + ), + + TP_fast_assign( + LOCAL_ASSIGN; + VIF_ASSIGN; + CHANDEF_ASSIGN(&ch_switch->chandef) + __entry->timestamp = ch_switch->timestamp; + __entry->device_timestamp = ch_switch->device_timestamp; + __entry->block_tx = ch_switch->block_tx; + __entry->count = ch_switch->count; + ), + + TP_printk( + LOCAL_PR_FMT VIF_PR_FMT + " received a channel switch beacon to " + CHANDEF_PR_FMT " count:%d block_tx:%d timestamp:%llu", + LOCAL_PR_ARG, VIF_PR_ARG, CHANDEF_PR_ARG, __entry->count, + __entry->block_tx, __entry->timestamp + ) +); + TRACE_EVENT(drv_get_txpower, TP_PROTO(struct ieee80211_local *local, struct ieee80211_sub_if_data *sdata, From 9792875ccd4788b3e0939cb3a74e24c0b349f591 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Wed, 6 Feb 2019 13:17:16 +0200 Subject: [PATCH 33/38] mac80211: allow CSA to self with immediate quiet Currently, due to some buggy APs that continue to include CSA IEs after the switch, we ignore CSA to same channel. However, some other APs may do CSA to self in order to have immediate quiet. Allow it. Do it only for beacons. Signed-off-by: Sara Sharon Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg --- net/mac80211/mlme.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 411656614e9a..e20456c2d6fb 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -1353,7 +1353,8 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, } if (cfg80211_chandef_identical(&csa_ie.chandef, - &sdata->vif.bss_conf.chandef)) { + &sdata->vif.bss_conf.chandef) && + (!csa_ie.mode || !beacon)) { if (ifmgd->csa_ignored_same_chan) return; sdata_info(sdata, From 7976b1e9e3bfdd7ed1cfb21afc4a195655017f13 Mon Sep 17 00:00:00 2001 From: Sara Sharon Date: Wed, 6 Feb 2019 13:17:17 +0200 Subject: [PATCH 34/38] mac80211: ignore quiet mode in probe Some buggy APs keep the CSA IE in probes after the channel switch was completed and can silence us for no good reason. Apply quiet mode only from beacons. If there is real channel switch going on, we will see the beacon anyway. Signed-off-by: Sara Sharon Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg --- net/mac80211/mlme.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index e20456c2d6fb..2dbcf5d5512e 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -1316,7 +1316,7 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, if (!res) { ch_switch.timestamp = timestamp; ch_switch.device_timestamp = device_timestamp; - ch_switch.block_tx = csa_ie.mode; + ch_switch.block_tx = beacon ? csa_ie.mode : 0; ch_switch.chandef = csa_ie.chandef; ch_switch.count = csa_ie.count; ch_switch.delay = csa_ie.max_switch_time; @@ -1409,7 +1409,7 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, sdata->vif.csa_active = true; sdata->csa_chandef = csa_ie.chandef; - sdata->csa_block_tx = csa_ie.mode; + sdata->csa_block_tx = ch_switch.block_tx; ifmgd->csa_ignored_same_chan = false; if (sdata->csa_block_tx) @@ -1443,7 +1443,7 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, * reset when the disconnection worker runs. */ sdata->vif.csa_active = true; - sdata->csa_block_tx = csa_ie.mode; + sdata->csa_block_tx = ch_switch.block_tx; ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work); mutex_unlock(&local->chanctx_mtx); From 55c1fdf0d6c57e02c2279e0ba0c6f8ec502b46df Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 6 Feb 2019 13:17:19 +0200 Subject: [PATCH 35/38] cfg80211: allow sending vendor events unicast Sometimes, we may want to transport higher bandwidth data through vendor events, and in that case sending it multicast is a bad idea. Allow vendor events to be unicast. Signed-off-by: Johannes Berg --- include/net/cfg80211.h | 49 ++++++++++++++++++++++++++++++++++++++++-- net/wireless/nl80211.c | 30 ++++++++++++++++++++------ 2 files changed, 71 insertions(+), 8 deletions(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 7a29b709077f..bb307a11ee63 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -5854,6 +5854,7 @@ struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy, struct wireless_dev *wdev, enum nl80211_commands cmd, enum nl80211_attrs attr, + unsigned int portid, int vendor_event_idx, int approxlen, gfp_t gfp); @@ -5903,6 +5904,15 @@ cfg80211_vendor_cmd_alloc_reply_skb(struct wiphy *wiphy, int approxlen) */ int cfg80211_vendor_cmd_reply(struct sk_buff *skb); +/** + * cfg80211_vendor_cmd_get_sender + * @wiphy: the wiphy + * + * Return the current netlink port ID in a vendor command handler. + * Valid to call only there. + */ +unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy); + /** * cfg80211_vendor_event_alloc - allocate vendor-specific event skb * @wiphy: the wiphy @@ -5930,7 +5940,42 @@ cfg80211_vendor_event_alloc(struct wiphy *wiphy, struct wireless_dev *wdev, { return __cfg80211_alloc_event_skb(wiphy, wdev, NL80211_CMD_VENDOR, NL80211_ATTR_VENDOR_DATA, - event_idx, approxlen, gfp); + 0, event_idx, approxlen, gfp); +} + +/** + * cfg80211_vendor_event_alloc_ucast - alloc unicast vendor-specific event skb + * @wiphy: the wiphy + * @wdev: the wireless device + * @event_idx: index of the vendor event in the wiphy's vendor_events + * @portid: port ID of the receiver + * @approxlen: an upper bound of the length of the data that will + * be put into the skb + * @gfp: allocation flags + * + * This function allocates and pre-fills an skb for an event to send to + * a specific (userland) socket. This socket would previously have been + * obtained by cfg80211_vendor_cmd_get_sender(), and the caller MUST take + * care to register a netlink notifier to see when the socket closes. + * + * If wdev != NULL, both the ifindex and identifier of the specified + * wireless device are added to the event message before the vendor data + * attribute. + * + * When done filling the skb, call cfg80211_vendor_event() with the + * skb to send the event. + * + * Return: An allocated and pre-filled skb. %NULL if any errors happen. + */ +static inline struct sk_buff * +cfg80211_vendor_event_alloc_ucast(struct wiphy *wiphy, + struct wireless_dev *wdev, + unsigned int portid, int approxlen, + int event_idx, gfp_t gfp) +{ + return __cfg80211_alloc_event_skb(wiphy, wdev, NL80211_CMD_VENDOR, + NL80211_ATTR_VENDOR_DATA, + portid, event_idx, approxlen, gfp); } /** @@ -6030,7 +6075,7 @@ static inline struct sk_buff * cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, int approxlen, gfp_t gfp) { return __cfg80211_alloc_event_skb(wiphy, NULL, NL80211_CMD_TESTMODE, - NL80211_ATTR_TESTDATA, -1, + NL80211_ATTR_TESTDATA, 0, -1, approxlen, gfp); } diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index d5badbbb28a3..c5df5211d29a 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -4,7 +4,7 @@ * Copyright 2006-2010 Johannes Berg * Copyright 2013-2014 Intel Mobile Communications GmbH * Copyright 2015-2017 Intel Deutschland GmbH - * Copyright (C) 2018 Intel Corporation + * Copyright (C) 2018-2019 Intel Corporation */ #include @@ -9306,6 +9306,7 @@ struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy, struct wireless_dev *wdev, enum nl80211_commands cmd, enum nl80211_attrs attr, + unsigned int portid, int vendor_event_idx, int approxlen, gfp_t gfp) { @@ -9329,7 +9330,7 @@ struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy, return NULL; } - return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0, + return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0, cmd, attr, info, gfp); } EXPORT_SYMBOL(__cfg80211_alloc_event_skb); @@ -9338,6 +9339,7 @@ void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp) { struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; void *hdr = ((void **)skb->cb)[1]; + struct nlmsghdr *nlhdr = nlmsg_hdr(skb); struct nlattr *data = ((void **)skb->cb)[2]; enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE; @@ -9347,11 +9349,16 @@ void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp) nla_nest_end(skb, data); genlmsg_end(skb, hdr); - if (data->nla_type == NL80211_ATTR_VENDOR_DATA) - mcgrp = NL80211_MCGRP_VENDOR; + if (nlhdr->nlmsg_pid) { + genlmsg_unicast(wiphy_net(&rdev->wiphy), skb, + nlhdr->nlmsg_pid); + } else { + if (data->nla_type == NL80211_ATTR_VENDOR_DATA) + mcgrp = NL80211_MCGRP_VENDOR; - genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0, - mcgrp, gfp); + genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), + skb, 0, mcgrp, gfp); + } } EXPORT_SYMBOL(__cfg80211_send_event_skb); @@ -12736,6 +12743,17 @@ int cfg80211_vendor_cmd_reply(struct sk_buff *skb) } EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply); +unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy) +{ + struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); + + if (WARN_ON(!rdev->cur_cmd_info)) + return 0; + + return rdev->cur_cmd_info->snd_portid; +} +EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender); + static int nl80211_set_qos_map(struct sk_buff *skb, struct genl_info *info) { From 77ff2c6b49843b01adef1f80abb091753e4c9c65 Mon Sep 17 00:00:00 2001 From: Liad Kaufman Date: Wed, 6 Feb 2019 13:17:20 +0200 Subject: [PATCH 36/38] mac80211: update HE IEs to D3.3 Update element names and new fields according to D3.3 of the HE spec. Signed-off-by: Liad Kaufman Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg --- .../net/wireless/intel/iwlwifi/fw/api/mac.h | 26 ++++++++- .../wireless/intel/iwlwifi/iwl-nvm-parse.c | 58 +++++++------------ .../net/wireless/intel/iwlwifi/mvm/mac80211.c | 40 +++++++++++++ include/linux/ieee80211.h | 22 ++++--- net/mac80211/debugfs_sta.c | 35 +++++++---- 5 files changed, 125 insertions(+), 56 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/fw/api/mac.h b/drivers/net/wireless/intel/iwlwifi/fw/api/mac.h index 7a3f7b7e6358..941c50477003 100644 --- a/drivers/net/wireless/intel/iwlwifi/fw/api/mac.h +++ b/drivers/net/wireless/intel/iwlwifi/fw/api/mac.h @@ -7,7 +7,7 @@ * * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved. * Copyright(c) 2017 Intel Deutschland GmbH - * Copyright(c) 2018 Intel Corporation + * Copyright(c) 2018 - 2019 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of version 2 of the GNU General Public License as @@ -29,7 +29,7 @@ * * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved. * Copyright(c) 2017 Intel Deutschland GmbH - * Copyright(c) 2018 Intel Corporation + * Copyright(c) 2018 - 2019 Intel Corporation * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -433,6 +433,28 @@ struct iwl_he_backoff_conf { __le16 mu_time; } __packed; /* AC_QOS_DOT11AX_API_S */ +/** + * enum iwl_he_pkt_ext_constellations - PPE constellation indices + * @IWL_HE_PKT_EXT_BPSK: BPSK + * @IWL_HE_PKT_EXT_QPSK: QPSK + * @IWL_HE_PKT_EXT_16QAM: 16-QAM + * @IWL_HE_PKT_EXT_64QAM: 64-QAM + * @IWL_HE_PKT_EXT_256QAM: 256-QAM + * @IWL_HE_PKT_EXT_1024QAM: 1024-QAM + * @IWL_HE_PKT_EXT_RESERVED: reserved value + * @IWL_HE_PKT_EXT_NONE: not defined + */ +enum iwl_he_pkt_ext_constellations { + IWL_HE_PKT_EXT_BPSK = 0, + IWL_HE_PKT_EXT_QPSK, + IWL_HE_PKT_EXT_16QAM, + IWL_HE_PKT_EXT_64QAM, + IWL_HE_PKT_EXT_256QAM, + IWL_HE_PKT_EXT_1024QAM, + IWL_HE_PKT_EXT_RESERVED, + IWL_HE_PKT_EXT_NONE, +}; + #define MAX_HE_SUPP_NSS 2 #define MAX_HE_CHANNEL_BW_INDX 4 diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c b/drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c index d9afedc3d1d9..e1178b09c4d5 100644 --- a/drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c +++ b/drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c @@ -479,7 +479,6 @@ static struct ieee80211_sband_iftype_data iwl_he_capa[] = { IEEE80211_HE_MAC_CAP1_MULTI_TID_AGG_RX_QOS_8, .mac_cap_info[2] = IEEE80211_HE_MAC_CAP2_32BIT_BA_BITMAP | - IEEE80211_HE_MAC_CAP2_MU_CASCADING | IEEE80211_HE_MAC_CAP2_ACK_EN, .mac_cap_info[3] = IEEE80211_HE_MAC_CAP3_OMI_CONTROL | @@ -490,7 +489,9 @@ static struct ieee80211_sband_iftype_data iwl_he_capa[] = { .mac_cap_info[5] = IEEE80211_HE_MAC_CAP5_MULTI_TID_AGG_TX_QOS_B40 | IEEE80211_HE_MAC_CAP5_MULTI_TID_AGG_TX_QOS_B41 | - IEEE80211_HE_MAC_CAP5_UL_2x996_TONE_RU, + IEEE80211_HE_MAC_CAP5_UL_2x996_TONE_RU | + IEEE80211_HE_MAC_CAP5_HE_DYNAMIC_SM_PS | + IEEE80211_HE_MAC_CAP5_HT_VHT_TRIG_FRAME_RX, .phy_cap_info[0] = IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G | IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G | @@ -498,18 +499,13 @@ static struct ieee80211_sband_iftype_data iwl_he_capa[] = { .phy_cap_info[1] = IEEE80211_HE_PHY_CAP1_PREAMBLE_PUNC_RX_MASK | IEEE80211_HE_PHY_CAP1_DEVICE_CLASS_A | - IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD | - IEEE80211_HE_PHY_CAP1_MIDAMBLE_RX_TX_MAX_NSTS, + IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD, .phy_cap_info[2] = - IEEE80211_HE_PHY_CAP2_NDP_4x_LTF_AND_3_2US | - IEEE80211_HE_PHY_CAP2_STBC_TX_UNDER_80MHZ | - IEEE80211_HE_PHY_CAP2_STBC_RX_UNDER_80MHZ | - IEEE80211_HE_PHY_CAP2_UL_MU_FULL_MU_MIMO | - IEEE80211_HE_PHY_CAP2_UL_MU_PARTIAL_MU_MIMO, + IEEE80211_HE_PHY_CAP2_NDP_4x_LTF_AND_3_2US, .phy_cap_info[3] = - IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_TX_BPSK | + IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_TX_NO_DCM | IEEE80211_HE_PHY_CAP3_DCM_MAX_TX_NSS_1 | - IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_RX_BPSK | + IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_RX_NO_DCM | IEEE80211_HE_PHY_CAP3_DCM_MAX_RX_NSS_1, .phy_cap_info[4] = IEEE80211_HE_PHY_CAP4_SU_BEAMFORMEE | @@ -517,16 +513,8 @@ static struct ieee80211_sband_iftype_data iwl_he_capa[] = { IEEE80211_HE_PHY_CAP4_BEAMFORMEE_MAX_STS_UNDER_80MHZ_8, .phy_cap_info[5] = IEEE80211_HE_PHY_CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_2 | - IEEE80211_HE_PHY_CAP5_BEAMFORMEE_NUM_SND_DIM_ABOVE_80MHZ_2 | - IEEE80211_HE_PHY_CAP5_NG16_SU_FEEDBACK | - IEEE80211_HE_PHY_CAP5_NG16_MU_FEEDBACK, + IEEE80211_HE_PHY_CAP5_BEAMFORMEE_NUM_SND_DIM_ABOVE_80MHZ_2, .phy_cap_info[6] = - IEEE80211_HE_PHY_CAP6_CODEBOOK_SIZE_42_SU | - IEEE80211_HE_PHY_CAP6_CODEBOOK_SIZE_75_MU | - IEEE80211_HE_PHY_CAP6_TRIG_SU_BEAMFORMER_FB | - IEEE80211_HE_PHY_CAP6_TRIG_MU_BEAMFORMER_FB | - IEEE80211_HE_PHY_CAP6_TRIG_CQI_FB | - IEEE80211_HE_PHY_CAP6_PARTIAL_BANDWIDTH_DL_MUMIMO | IEEE80211_HE_PHY_CAP6_PPE_THRESHOLD_PRESENT, .phy_cap_info[7] = IEEE80211_HE_PHY_CAP7_POWER_BOOST_FACTOR_AR | @@ -537,11 +525,12 @@ static struct ieee80211_sband_iftype_data iwl_he_capa[] = { IEEE80211_HE_PHY_CAP8_20MHZ_IN_40MHZ_HE_PPDU_IN_2G | IEEE80211_HE_PHY_CAP8_20MHZ_IN_160MHZ_HE_PPDU | IEEE80211_HE_PHY_CAP8_80MHZ_IN_160MHZ_HE_PPDU | - IEEE80211_HE_PHY_CAP8_DCM_MAX_BW_160_OR_80P80_MHZ, + IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_2x996, .phy_cap_info[9] = IEEE80211_HE_PHY_CAP9_NON_TRIGGERED_CQI_FEEDBACK | IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_COMP_SIGB | - IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_NON_COMP_SIGB, + IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_NON_COMP_SIGB | + IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_RESERVED, }, /* * Set default Tx/Rx HE MCS NSS Support field. @@ -576,28 +565,26 @@ static struct ieee80211_sband_iftype_data iwl_he_capa[] = { IEEE80211_HE_MAC_CAP1_MULTI_TID_AGG_RX_QOS_8, .mac_cap_info[2] = IEEE80211_HE_MAC_CAP2_BSR | - IEEE80211_HE_MAC_CAP2_MU_CASCADING | IEEE80211_HE_MAC_CAP2_ACK_EN, .mac_cap_info[3] = IEEE80211_HE_MAC_CAP3_OMI_CONTROL | IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2, .mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMDSU_IN_AMPDU, + .mac_cap_info[5] = + IEEE80211_HE_MAC_CAP5_UL_2x996_TONE_RU, .phy_cap_info[0] = IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G | IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G | IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G, .phy_cap_info[1] = - IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD | - IEEE80211_HE_PHY_CAP1_MIDAMBLE_RX_TX_MAX_NSTS, + IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD, .phy_cap_info[2] = - IEEE80211_HE_PHY_CAP2_NDP_4x_LTF_AND_3_2US | - IEEE80211_HE_PHY_CAP2_STBC_TX_UNDER_80MHZ | - IEEE80211_HE_PHY_CAP2_STBC_RX_UNDER_80MHZ, + IEEE80211_HE_PHY_CAP2_NDP_4x_LTF_AND_3_2US, .phy_cap_info[3] = - IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_TX_BPSK | + IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_TX_NO_DCM | IEEE80211_HE_PHY_CAP3_DCM_MAX_TX_NSS_1 | - IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_RX_BPSK | + IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_RX_NO_DCM | IEEE80211_HE_PHY_CAP3_DCM_MAX_RX_NSS_1, .phy_cap_info[4] = IEEE80211_HE_PHY_CAP4_SU_BEAMFORMEE | @@ -605,12 +592,8 @@ static struct ieee80211_sband_iftype_data iwl_he_capa[] = { IEEE80211_HE_PHY_CAP4_BEAMFORMEE_MAX_STS_UNDER_80MHZ_8, .phy_cap_info[5] = IEEE80211_HE_PHY_CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_2 | - IEEE80211_HE_PHY_CAP5_BEAMFORMEE_NUM_SND_DIM_ABOVE_80MHZ_2 | - IEEE80211_HE_PHY_CAP5_NG16_SU_FEEDBACK | - IEEE80211_HE_PHY_CAP5_NG16_MU_FEEDBACK, + IEEE80211_HE_PHY_CAP5_BEAMFORMEE_NUM_SND_DIM_ABOVE_80MHZ_2, .phy_cap_info[6] = - IEEE80211_HE_PHY_CAP6_CODEBOOK_SIZE_42_SU | - IEEE80211_HE_PHY_CAP6_CODEBOOK_SIZE_75_MU | IEEE80211_HE_PHY_CAP6_PPE_THRESHOLD_PRESENT, .phy_cap_info[7] = IEEE80211_HE_PHY_CAP7_HE_SU_MU_PPDU_4XLTF_AND_08_US_GI | @@ -620,10 +603,11 @@ static struct ieee80211_sband_iftype_data iwl_he_capa[] = { IEEE80211_HE_PHY_CAP8_20MHZ_IN_40MHZ_HE_PPDU_IN_2G | IEEE80211_HE_PHY_CAP8_20MHZ_IN_160MHZ_HE_PPDU | IEEE80211_HE_PHY_CAP8_80MHZ_IN_160MHZ_HE_PPDU | - IEEE80211_HE_PHY_CAP8_DCM_MAX_BW_160_OR_80P80_MHZ, + IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_2x996, .phy_cap_info[9] = IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_COMP_SIGB | - IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_NON_COMP_SIGB, + IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_NON_COMP_SIGB | + IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_RESERVED, }, /* * Set default Tx/Rx HE MCS NSS Support field. diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c index 97dc464379d2..47d65adfa3e0 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c @@ -2076,6 +2076,46 @@ static void iwl_mvm_cfg_he_sta(struct iwl_mvm *mvm, } flags |= STA_CTXT_HE_PACKET_EXT; + } else if ((sta->he_cap.he_cap_elem.phy_cap_info[9] & + IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_MASK) != + IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_RESERVED) { + int low_th = -1; + int high_th = -1; + + /* Take the PPE thresholds from the nominal padding info */ + switch (sta->he_cap.he_cap_elem.phy_cap_info[9] & + IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_MASK) { + case IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_0US: + low_th = IWL_HE_PKT_EXT_NONE; + high_th = IWL_HE_PKT_EXT_NONE; + break; + case IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_8US: + low_th = IWL_HE_PKT_EXT_BPSK; + high_th = IWL_HE_PKT_EXT_NONE; + break; + case IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_16US: + low_th = IWL_HE_PKT_EXT_NONE; + high_th = IWL_HE_PKT_EXT_BPSK; + break; + } + + /* Set the PPE thresholds accordingly */ + if (low_th >= 0 && high_th >= 0) { + u8 ***pkt_ext_qam = + (void *)sta_ctxt_cmd.pkt_ext.pkt_ext_qam_th; + + for (i = 0; i < MAX_HE_SUPP_NSS; i++) { + u8 bw; + + for (bw = 0; bw < MAX_HE_CHANNEL_BW_INDX; + bw++) { + pkt_ext_qam[i][bw][0] = low_th; + pkt_ext_qam[i][bw][1] = high_th; + } + } + + flags |= STA_CTXT_HE_PACKET_EXT; + } } rcu_read_unlock(); diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index d9650ae2b4f7..353fb722ab98 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -1803,6 +1803,9 @@ int ieee80211_get_vht_max_nss(struct ieee80211_vht_cap *cap, #define IEEE80211_HE_MAC_CAP5_SUBCHAN_SELECVITE_TRANSMISSION 0x04 #define IEEE80211_HE_MAC_CAP5_UL_2x996_TONE_RU 0x08 #define IEEE80211_HE_MAC_CAP5_OM_CTRL_UL_MU_DATA_DIS_RX 0x10 +#define IEEE80211_HE_MAC_CAP5_HE_DYNAMIC_SM_PS 0x20 +#define IEEE80211_HE_MAC_CAP5_PUNCTURED_SOUNDING 0x40 +#define IEEE80211_HE_MAC_CAP5_HT_VHT_TRIG_FRAME_RX 0x80 /* 802.11ax HE PHY capabilities */ #define IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G 0x02 @@ -1926,11 +1929,11 @@ int ieee80211_get_vht_max_nss(struct ieee80211_vht_cap *cap, #define IEEE80211_HE_PHY_CAP8_80MHZ_IN_160MHZ_HE_PPDU 0x08 #define IEEE80211_HE_PHY_CAP8_HE_ER_SU_1XLTF_AND_08_US_GI 0x10 #define IEEE80211_HE_PHY_CAP8_MIDAMBLE_RX_TX_2X_AND_1XLTF 0x20 -#define IEEE80211_HE_PHY_CAP8_DCM_MAX_BW_20MHZ 0x00 -#define IEEE80211_HE_PHY_CAP8_DCM_MAX_BW_40MHZ 0x40 -#define IEEE80211_HE_PHY_CAP8_DCM_MAX_BW_80MHZ 0x80 -#define IEEE80211_HE_PHY_CAP8_DCM_MAX_BW_160_OR_80P80_MHZ 0xc0 -#define IEEE80211_HE_PHY_CAP8_DCM_MAX_BW_MASK 0xc0 +#define IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_242 0x00 +#define IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_484 0x40 +#define IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_996 0x80 +#define IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_2x996 0xc0 +#define IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_MASK 0xc0 #define IEEE80211_HE_PHY_CAP9_LONGER_THAN_16_SIGB_OFDM_SYM 0x01 #define IEEE80211_HE_PHY_CAP9_NON_TRIGGERED_CQI_FEEDBACK 0x02 @@ -1938,6 +1941,11 @@ int ieee80211_get_vht_max_nss(struct ieee80211_vht_cap *cap, #define IEEE80211_HE_PHY_CAP9_RX_1024_QAM_LESS_THAN_242_TONE_RU 0x08 #define IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_COMP_SIGB 0x10 #define IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_NON_COMP_SIGB 0x20 +#define IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_0US 0x00 +#define IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_8US 0x40 +#define IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_16US 0x80 +#define IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_RESERVED 0xc0 +#define IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_MASK 0xc0 /* 802.11ax HE TX/RX MCS NSS Support */ #define IEEE80211_TX_RX_MCS_NSS_SUPP_HIGHEST_MCS_POS (3) @@ -2016,7 +2024,7 @@ ieee80211_he_ppe_size(u8 ppe_thres_hdr, const u8 *phy_cap_info) #define IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK 0x00003ff0 #define IEEE80211_HE_OPERATION_RTS_THRESHOLD_OFFSET 4 #define IEEE80211_HE_OPERATION_VHT_OPER_INFO 0x00004000 -#define IEEE80211_HE_OPERATION_CO_LOCATED_BSS 0x00008000 +#define IEEE80211_HE_OPERATION_CO_HOSTED_BSS 0x00008000 #define IEEE80211_HE_OPERATION_ER_SU_DISABLE 0x00010000 #define IEEE80211_HE_OPERATION_BSS_COLOR_MASK 0x3f000000 #define IEEE80211_HE_OPERATION_BSS_COLOR_OFFSET 24 @@ -2046,7 +2054,7 @@ ieee80211_he_oper_size(const u8 *he_oper_ie) he_oper_params = le32_to_cpu(he_oper->he_oper_params); if (he_oper_params & IEEE80211_HE_OPERATION_VHT_OPER_INFO) oper_len += 3; - if (he_oper_params & IEEE80211_HE_OPERATION_CO_LOCATED_BSS) + if (he_oper_params & IEEE80211_HE_OPERATION_CO_HOSTED_BSS) oper_len++; /* Add the first byte (extension ID) to the total length */ diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c index 3aa618dcc58e..8e921281e0d5 100644 --- a/net/mac80211/debugfs_sta.c +++ b/net/mac80211/debugfs_sta.c @@ -4,7 +4,7 @@ * Copyright 2007 Johannes Berg * Copyright 2013-2014 Intel Mobile Communications GmbH * Copyright(c) 2016 Intel Deutschland GmbH - * Copyright (C) 2018 Intel Corporation + * Copyright (C) 2018 - 2019 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -685,6 +685,9 @@ static ssize_t sta_he_capa_read(struct file *file, char __user *userbuf, "SUBCHAN-SELECVITE-TRANSMISSION"); PFLAG(MAC, 5, UL_2x996_TONE_RU, "UL-2x996-TONE-RU"); PFLAG(MAC, 5, OM_CTRL_UL_MU_DATA_DIS_RX, "OM-CTRL-UL-MU-DATA-DIS-RX"); + PFLAG(MAC, 5, HE_DYNAMIC_SM_PS, "HE-DYNAMIC-SM-PS"); + PFLAG(MAC, 5, PUNCTURED_SOUNDING, "PUNCTURED-SOUNDING"); + PFLAG(MAC, 5, HT_VHT_TRIG_FRAME_RX, "HT-VHT-TRIG-FRAME-RX"); cap = hec->he_cap_elem.phy_cap_info; p += scnprintf(p, buf_sz + buf - p, @@ -819,18 +822,18 @@ static ssize_t sta_he_capa_read(struct file *file, char __user *userbuf, PFLAG(PHY, 8, MIDAMBLE_RX_TX_2X_AND_1XLTF, "MIDAMBLE-RX-TX-2X-AND-1XLTF"); - switch (cap[8] & IEEE80211_HE_PHY_CAP8_DCM_MAX_BW_MASK) { - case IEEE80211_HE_PHY_CAP8_DCM_MAX_BW_20MHZ: - PRINT("DDCM-MAX-BW-20MHZ"); + switch (cap[8] & IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_MASK) { + case IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_242: + PRINT("DCM-MAX-RU-242"); break; - case IEEE80211_HE_PHY_CAP8_DCM_MAX_BW_40MHZ: - PRINT("DCM-MAX-BW-40MHZ"); + case IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_484: + PRINT("DCM-MAX-RU-484"); break; - case IEEE80211_HE_PHY_CAP8_DCM_MAX_BW_80MHZ: - PRINT("DCM-MAX-BW-80MHZ"); + case IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_996: + PRINT("DCM-MAX-RU-996"); break; - case IEEE80211_HE_PHY_CAP8_DCM_MAX_BW_160_OR_80P80_MHZ: - PRINT("DCM-MAX-BW-160-OR-80P80-MHZ"); + case IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_2x996: + PRINT("DCM-MAX-RU-2x996"); break; } @@ -847,6 +850,18 @@ static ssize_t sta_he_capa_read(struct file *file, char __user *userbuf, PFLAG(PHY, 9, RX_FULL_BW_SU_USING_MU_WITH_NON_COMP_SIGB, "RX-FULL-BW-SU-USING-MU-WITH-NON-COMP-SIGB"); + switch (cap[9] & IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_MASK) { + case IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_0US: + PRINT("NOMINAL-PACKET-PADDING-0US"); + break; + case IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_8US: + PRINT("NOMINAL-PACKET-PADDING-8US"); + break; + case IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_16US: + PRINT("NOMINAL-PACKET-PADDING-16US"); + break; + } + #undef PFLAG_RANGE_DEFAULT #undef PFLAG_RANGE #undef PFLAG From 3692293163b8ba1f28bad0e4a7ddf4fa0a7fd34d Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 14 Feb 2019 22:03:26 +0800 Subject: [PATCH 37/38] mac80211: Use rhashtable_lookup_get_insert_fast instead of racy code The code in mesh_path_add tries to handle the case where a duplicate entry is added to the rhashtable by doing a lookup after a failed insertion. It also tries to handle races by repeating the insertion should the lookup fail. This is now unnecessary as we have rhashtable API functions that can directly return the mathcing object. Signed-off-by: Herbert Xu Signed-off-by: Johannes Berg --- net/mac80211/mesh_pathtbl.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c index 88a6d5e18ccc..95eb5064fa91 100644 --- a/net/mac80211/mesh_pathtbl.c +++ b/net/mac80211/mesh_pathtbl.c @@ -404,7 +404,6 @@ struct mesh_path *mesh_path_add(struct ieee80211_sub_if_data *sdata, { struct mesh_table *tbl; struct mesh_path *mpath, *new_mpath; - int ret; if (ether_addr_equal(dst, sdata->vif.addr)) /* never add ourselves as neighbours */ @@ -422,25 +421,18 @@ struct mesh_path *mesh_path_add(struct ieee80211_sub_if_data *sdata, tbl = sdata->u.mesh.mesh_paths; spin_lock_bh(&tbl->walk_lock); - do { - ret = rhashtable_lookup_insert_fast(&tbl->rhead, - &new_mpath->rhash, - mesh_rht_params); - - if (ret == -EEXIST) - mpath = rhashtable_lookup_fast(&tbl->rhead, - dst, - mesh_rht_params); - else if (!ret) - hlist_add_head(&new_mpath->walk_list, &tbl->walk_head); - } while (unlikely(ret == -EEXIST && !mpath)); + mpath = rhashtable_lookup_get_insert_fast(&tbl->rhead, + &new_mpath->rhash, + mesh_rht_params); + if (!mpath) + hlist_add_head(&new_mpath->walk_list, &tbl->walk_head); spin_unlock_bh(&tbl->walk_lock); - if (ret) { + if (mpath) { kfree(new_mpath); - if (ret != -EEXIST) - return ERR_PTR(ret); + if (IS_ERR(mpath)) + return mpath; new_mpath = mpath; } From 6c4128f658571b2dc7e01058ad09a8e947bc0159 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 14 Feb 2019 22:03:27 +0800 Subject: [PATCH 38/38] rhashtable: Remove obsolete rhashtable_walk_init function The rhashtable_walk_init function has been obsolete for more than two years. This patch finally converts its last users over to rhashtable_walk_enter and removes it. Signed-off-by: Herbert Xu Signed-off-by: Johannes Berg --- include/linux/rhashtable.h | 8 -------- lib/rhashtable.c | 2 +- lib/test_rhashtable.c | 9 ++------- net/ipv6/ila/ila_xlat.c | 15 +++------------ net/netlink/af_netlink.c | 10 +--------- 5 files changed, 7 insertions(+), 37 deletions(-) diff --git a/include/linux/rhashtable.h b/include/linux/rhashtable.h index 20f9c6af7473..ae9c0f71f311 100644 --- a/include/linux/rhashtable.h +++ b/include/linux/rhashtable.h @@ -1113,14 +1113,6 @@ static inline int rhashtable_replace_fast( return err; } -/* Obsolete function, do not use in new code. */ -static inline int rhashtable_walk_init(struct rhashtable *ht, - struct rhashtable_iter *iter, gfp_t gfp) -{ - rhashtable_walk_enter(ht, iter); - return 0; -} - /** * rhltable_walk_enter - Initialise an iterator * @hlt: Table to walk over diff --git a/lib/rhashtable.c b/lib/rhashtable.c index 852ffa5160f1..0a105d4af166 100644 --- a/lib/rhashtable.c +++ b/lib/rhashtable.c @@ -682,7 +682,7 @@ EXPORT_SYMBOL_GPL(rhashtable_walk_enter); * rhashtable_walk_exit - Free an iterator * @iter: Hash table Iterator * - * This function frees resources allocated by rhashtable_walk_init. + * This function frees resources allocated by rhashtable_walk_enter. */ void rhashtable_walk_exit(struct rhashtable_iter *iter) { diff --git a/lib/test_rhashtable.c b/lib/test_rhashtable.c index 2c0c53a99734..3bd2e91bfc29 100644 --- a/lib/test_rhashtable.c +++ b/lib/test_rhashtable.c @@ -177,16 +177,11 @@ static int __init test_rht_lookup(struct rhashtable *ht, struct test_obj *array, static void test_bucket_stats(struct rhashtable *ht, unsigned int entries) { - unsigned int err, total = 0, chain_len = 0; + unsigned int total = 0, chain_len = 0; struct rhashtable_iter hti; struct rhash_head *pos; - err = rhashtable_walk_init(ht, &hti, GFP_KERNEL); - if (err) { - pr_warn("Test failed: allocation error"); - return; - } - + rhashtable_walk_enter(ht, &hti); rhashtable_walk_start(&hti); while ((pos = rhashtable_walk_next(&hti))) { diff --git a/net/ipv6/ila/ila_xlat.c b/net/ipv6/ila/ila_xlat.c index 17c455ff69ff..ae6cd4cef8db 100644 --- a/net/ipv6/ila/ila_xlat.c +++ b/net/ipv6/ila/ila_xlat.c @@ -385,10 +385,7 @@ int ila_xlat_nl_cmd_flush(struct sk_buff *skb, struct genl_info *info) spinlock_t *lock; int ret; - ret = rhashtable_walk_init(&ilan->xlat.rhash_table, &iter, GFP_KERNEL); - if (ret) - goto done; - + rhashtable_walk_enter(&ilan->xlat.rhash_table, &iter); rhashtable_walk_start(&iter); for (;;) { @@ -509,23 +506,17 @@ int ila_xlat_nl_dump_start(struct netlink_callback *cb) struct net *net = sock_net(cb->skb->sk); struct ila_net *ilan = net_generic(net, ila_net_id); struct ila_dump_iter *iter; - int ret; iter = kmalloc(sizeof(*iter), GFP_KERNEL); if (!iter) return -ENOMEM; - ret = rhashtable_walk_init(&ilan->xlat.rhash_table, &iter->rhiter, - GFP_KERNEL); - if (ret) { - kfree(iter); - return ret; - } + rhashtable_walk_enter(&ilan->xlat.rhash_table, &iter->rhiter); iter->skip = 0; cb->args[0] = (long)iter; - return ret; + return 0; } int ila_xlat_nl_dump_done(struct netlink_callback *cb) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 8fa35df94c07..f28e937320a3 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -2549,15 +2549,7 @@ struct nl_seq_iter { static int netlink_walk_start(struct nl_seq_iter *iter) { - int err; - - err = rhashtable_walk_init(&nl_table[iter->link].hash, &iter->hti, - GFP_KERNEL); - if (err) { - iter->link = MAX_LINKS; - return err; - } - + rhashtable_walk_enter(&nl_table[iter->link].hash, &iter->hti); rhashtable_walk_start(&iter->hti); return 0;