1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Off-channel operation helpers 4 * 5 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> 6 * Copyright 2004, Instant802 Networks, Inc. 7 * Copyright 2005, Devicescape Software, Inc. 8 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 9 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 10 * Copyright 2009 Johannes Berg <johannes@sipsolutions.net> 11 * Copyright (C) 2019, 2022-2023 Intel Corporation 12 */ 13#include <linux/export.h> 14#include <net/mac80211.h> 15#include "ieee80211_i.h" 16#include "driver-ops.h" 17 18/* 19 * Tell our hardware to disable PS. 20 * Optionally inform AP that we will go to sleep so that it will buffer 21 * the frames while we are doing off-channel work. This is optional 22 * because we *may* be doing work on-operating channel, and want our 23 * hardware unconditionally awake, but still let the AP send us normal frames. 24 */ 25static void ieee80211_offchannel_ps_enable(struct ieee80211_sub_if_data *sdata) 26{ 27 struct ieee80211_local *local = sdata->local; 28 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 29 bool offchannel_ps_enabled = false; 30 31 /* FIXME: what to do when local->pspolling is true? */ 32 33 del_timer_sync(&local->dynamic_ps_timer); 34 del_timer_sync(&ifmgd->bcn_mon_timer); 35 del_timer_sync(&ifmgd->conn_mon_timer); 36 37 cancel_work_sync(&local->dynamic_ps_enable_work); 38 39 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 40 offchannel_ps_enabled = true; 41 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 42 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 43 } 44 45 if (!offchannel_ps_enabled || 46 !ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) 47 /* 48 * If power save was enabled, no need to send a nullfunc 49 * frame because AP knows that we are sleeping. But if the 50 * hardware is creating the nullfunc frame for power save 51 * status (ie. IEEE80211_HW_PS_NULLFUNC_STACK is not 52 * enabled) and power save was enabled, the firmware just 53 * sent a null frame with power save disabled. So we need 54 * to send a new nullfunc frame to inform the AP that we 55 * are again sleeping. 56 */ 57 ieee80211_send_nullfunc(local, sdata, true); 58} 59 60/* inform AP that we are awake again */ 61static void ieee80211_offchannel_ps_disable(struct ieee80211_sub_if_data *sdata) 62{ 63 struct ieee80211_local *local = sdata->local; 64 65 if (!local->ps_sdata) 66 ieee80211_send_nullfunc(local, sdata, false); 67 else if (local->hw.conf.dynamic_ps_timeout > 0) { 68 /* 69 * the dynamic_ps_timer had been running before leaving the 70 * operating channel, restart the timer now and send a nullfunc 71 * frame to inform the AP that we are awake so that AP sends 72 * the buffered packets (if any). 73 */ 74 ieee80211_send_nullfunc(local, sdata, false); 75 mod_timer(&local->dynamic_ps_timer, jiffies + 76 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout)); 77 } 78 79 ieee80211_sta_reset_beacon_monitor(sdata); 80 ieee80211_sta_reset_conn_monitor(sdata); 81} 82 83void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local) 84{ 85 struct ieee80211_sub_if_data *sdata; 86 87 if (WARN_ON(local->use_chanctx)) 88 return; 89 90 /* 91 * notify the AP about us leaving the channel and stop all 92 * STA interfaces. 93 */ 94 95 /* 96 * Stop queues and transmit all frames queued by the driver 97 * before sending nullfunc to enable powersave at the AP. 98 */ 99 ieee80211_stop_queues_by_reason(&local->hw, IEEE80211_MAX_QUEUE_MAP, 100 IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL, 101 false); 102 ieee80211_flush_queues(local, NULL, false); 103 104 mutex_lock(&local->iflist_mtx); 105 list_for_each_entry(sdata, &local->interfaces, list) { 106 if (!ieee80211_sdata_running(sdata)) 107 continue; 108 109 if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE || 110 sdata->vif.type == NL80211_IFTYPE_NAN) 111 continue; 112 113 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) 114 set_bit(SDATA_STATE_OFFCHANNEL, &sdata->state); 115 116 /* Check to see if we should disable beaconing. */ 117 if (sdata->vif.bss_conf.enable_beacon) { 118 set_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, 119 &sdata->state); 120 sdata->vif.bss_conf.enable_beacon = false; 121 ieee80211_link_info_change_notify( 122 sdata, &sdata->deflink, 123 BSS_CHANGED_BEACON_ENABLED); 124 } 125 126 if (sdata->vif.type == NL80211_IFTYPE_STATION && 127 sdata->u.mgd.associated) 128 ieee80211_offchannel_ps_enable(sdata); 129 } 130 mutex_unlock(&local->iflist_mtx); 131} 132 133void ieee80211_offchannel_return(struct ieee80211_local *local) 134{ 135 struct ieee80211_sub_if_data *sdata; 136 137 if (WARN_ON(local->use_chanctx)) 138 return; 139 140 mutex_lock(&local->iflist_mtx); 141 list_for_each_entry(sdata, &local->interfaces, list) { 142 if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE) 143 continue; 144 145 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) 146 clear_bit(SDATA_STATE_OFFCHANNEL, &sdata->state); 147 148 if (!ieee80211_sdata_running(sdata)) 149 continue; 150 151 /* Tell AP we're back */ 152 if (sdata->vif.type == NL80211_IFTYPE_STATION && 153 sdata->u.mgd.associated) 154 ieee80211_offchannel_ps_disable(sdata); 155 156 if (test_and_clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, 157 &sdata->state)) { 158 sdata->vif.bss_conf.enable_beacon = true; 159 ieee80211_link_info_change_notify( 160 sdata, &sdata->deflink, 161 BSS_CHANGED_BEACON_ENABLED); 162 } 163 } 164 mutex_unlock(&local->iflist_mtx); 165 166 ieee80211_wake_queues_by_reason(&local->hw, IEEE80211_MAX_QUEUE_MAP, 167 IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL, 168 false); 169} 170 171static void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc) 172{ 173 /* was never transmitted */ 174 if (roc->frame) { 175 cfg80211_mgmt_tx_status(&roc->sdata->wdev, roc->mgmt_tx_cookie, 176 roc->frame->data, roc->frame->len, 177 false, GFP_KERNEL); 178 ieee80211_free_txskb(&roc->sdata->local->hw, roc->frame); 179 } 180 181 if (!roc->mgmt_tx_cookie) 182 cfg80211_remain_on_channel_expired(&roc->sdata->wdev, 183 roc->cookie, roc->chan, 184 GFP_KERNEL); 185 else 186 cfg80211_tx_mgmt_expired(&roc->sdata->wdev, 187 roc->mgmt_tx_cookie, 188 roc->chan, GFP_KERNEL); 189 190 list_del(&roc->list); 191 kfree(roc); 192} 193 194static unsigned long ieee80211_end_finished_rocs(struct ieee80211_local *local, 195 unsigned long now) 196{ 197 struct ieee80211_roc_work *roc, *tmp; 198 long remaining_dur_min = LONG_MAX; 199 200 lockdep_assert_held(&local->mtx); 201 202 list_for_each_entry_safe(roc, tmp, &local->roc_list, list) { 203 long remaining; 204 205 if (!roc->started) 206 break; 207 208 remaining = roc->start_time + 209 msecs_to_jiffies(roc->duration) - 210 now; 211 212 /* In case of HW ROC, it is possible that the HW finished the 213 * ROC session before the actual requested time. In such a case 214 * end the ROC session (disregarding the remaining time). 215 */ 216 if (roc->abort || roc->hw_begun || remaining <= 0) 217 ieee80211_roc_notify_destroy(roc); 218 else 219 remaining_dur_min = min(remaining_dur_min, remaining); 220 } 221 222 return remaining_dur_min; 223} 224 225static bool ieee80211_recalc_sw_work(struct ieee80211_local *local, 226 unsigned long now) 227{ 228 long dur = ieee80211_end_finished_rocs(local, now); 229 230 if (dur == LONG_MAX) 231 return false; 232 233 wiphy_delayed_work_queue(local->hw.wiphy, &local->roc_work, dur); 234 return true; 235} 236 237static void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc, 238 unsigned long start_time) 239{ 240 if (WARN_ON(roc->notified)) 241 return; 242 243 roc->start_time = start_time; 244 roc->started = true; 245 246 if (roc->mgmt_tx_cookie) { 247 if (!WARN_ON(!roc->frame)) { 248 ieee80211_tx_skb_tid_band(roc->sdata, roc->frame, 7, 249 roc->chan->band); 250 roc->frame = NULL; 251 } 252 } else { 253 cfg80211_ready_on_channel(&roc->sdata->wdev, roc->cookie, 254 roc->chan, roc->req_duration, 255 GFP_KERNEL); 256 } 257 258 roc->notified = true; 259} 260 261static void ieee80211_hw_roc_start(struct wiphy *wiphy, struct wiphy_work *work) 262{ 263 struct ieee80211_local *local = 264 container_of(work, struct ieee80211_local, hw_roc_start); 265 struct ieee80211_roc_work *roc; 266 267 mutex_lock(&local->mtx); 268 269 list_for_each_entry(roc, &local->roc_list, list) { 270 if (!roc->started) 271 break; 272 273 roc->hw_begun = true; 274 ieee80211_handle_roc_started(roc, local->hw_roc_start_time); 275 } 276 277 mutex_unlock(&local->mtx); 278} 279 280void ieee80211_ready_on_channel(struct ieee80211_hw *hw) 281{ 282 struct ieee80211_local *local = hw_to_local(hw); 283 284 local->hw_roc_start_time = jiffies; 285 286 trace_api_ready_on_channel(local); 287 288 wiphy_work_queue(hw->wiphy, &local->hw_roc_start); 289} 290EXPORT_SYMBOL_GPL(ieee80211_ready_on_channel); 291 292static void _ieee80211_start_next_roc(struct ieee80211_local *local) 293{ 294 struct ieee80211_roc_work *roc, *tmp; 295 enum ieee80211_roc_type type; 296 u32 min_dur, max_dur; 297 298 lockdep_assert_held(&local->mtx); 299 300 if (WARN_ON(list_empty(&local->roc_list))) 301 return; 302 303 roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work, 304 list); 305 306 if (WARN_ON(roc->started)) 307 return; 308 309 min_dur = roc->duration; 310 max_dur = roc->duration; 311 type = roc->type; 312 313 list_for_each_entry(tmp, &local->roc_list, list) { 314 if (tmp == roc) 315 continue; 316 if (tmp->sdata != roc->sdata || tmp->chan != roc->chan) 317 break; 318 max_dur = max(tmp->duration, max_dur); 319 min_dur = min(tmp->duration, min_dur); 320 type = max(tmp->type, type); 321 } 322 323 if (local->ops->remain_on_channel) { 324 int ret = drv_remain_on_channel(local, roc->sdata, roc->chan, 325 max_dur, type); 326 327 if (ret) { 328 wiphy_warn(local->hw.wiphy, 329 "failed to start next HW ROC (%d)\n", ret); 330 /* 331 * queue the work struct again to avoid recursion 332 * when multiple failures occur 333 */ 334 list_for_each_entry(tmp, &local->roc_list, list) { 335 if (tmp->sdata != roc->sdata || 336 tmp->chan != roc->chan) 337 break; 338 tmp->started = true; 339 tmp->abort = true; 340 } 341 wiphy_work_queue(local->hw.wiphy, &local->hw_roc_done); 342 return; 343 } 344 345 /* we'll notify about the start once the HW calls back */ 346 list_for_each_entry(tmp, &local->roc_list, list) { 347 if (tmp->sdata != roc->sdata || tmp->chan != roc->chan) 348 break; 349 tmp->started = true; 350 } 351 } else { 352 /* If actually operating on the desired channel (with at least 353 * 20 MHz channel width) don't stop all the operations but still 354 * treat it as though the ROC operation started properly, so 355 * other ROC operations won't interfere with this one. 356 */ 357 roc->on_channel = roc->chan == local->_oper_chandef.chan && 358 local->_oper_chandef.width != NL80211_CHAN_WIDTH_5 && 359 local->_oper_chandef.width != NL80211_CHAN_WIDTH_10; 360 361 /* start this ROC */ 362 ieee80211_recalc_idle(local); 363 364 if (!roc->on_channel) { 365 ieee80211_offchannel_stop_vifs(local); 366 367 local->tmp_channel = roc->chan; 368 ieee80211_hw_config(local, 0); 369 } 370 371 wiphy_delayed_work_queue(local->hw.wiphy, &local->roc_work, 372 msecs_to_jiffies(min_dur)); 373 374 /* tell userspace or send frame(s) */ 375 list_for_each_entry(tmp, &local->roc_list, list) { 376 if (tmp->sdata != roc->sdata || tmp->chan != roc->chan) 377 break; 378 379 tmp->on_channel = roc->on_channel; 380 ieee80211_handle_roc_started(tmp, jiffies); 381 } 382 } 383} 384 385void ieee80211_start_next_roc(struct ieee80211_local *local) 386{ 387 struct ieee80211_roc_work *roc; 388 389 lockdep_assert_held(&local->mtx); 390 391 if (list_empty(&local->roc_list)) { 392 ieee80211_run_deferred_scan(local); 393 return; 394 } 395 396 /* defer roc if driver is not started (i.e. during reconfig) */ 397 if (local->in_reconfig) 398 return; 399 400 roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work, 401 list); 402 403 if (WARN_ON_ONCE(roc->started)) 404 return; 405 406 if (local->ops->remain_on_channel) { 407 _ieee80211_start_next_roc(local); 408 } else { 409 /* delay it a bit */ 410 wiphy_delayed_work_queue(local->hw.wiphy, &local->roc_work, 411 round_jiffies_relative(HZ / 2)); 412 } 413} 414 415static void __ieee80211_roc_work(struct ieee80211_local *local) 416{ 417 struct ieee80211_roc_work *roc; 418 bool on_channel; 419 420 lockdep_assert_held(&local->mtx); 421 422 if (WARN_ON(local->ops->remain_on_channel)) 423 return; 424 425 roc = list_first_entry_or_null(&local->roc_list, 426 struct ieee80211_roc_work, list); 427 if (!roc) 428 return; 429 430 if (!roc->started) { 431 WARN_ON(local->use_chanctx); 432 _ieee80211_start_next_roc(local); 433 } else { 434 on_channel = roc->on_channel; 435 if (ieee80211_recalc_sw_work(local, jiffies)) 436 return; 437 438 /* careful - roc pointer became invalid during recalc */ 439 440 if (!on_channel) { 441 ieee80211_flush_queues(local, NULL, false); 442 443 local->tmp_channel = NULL; 444 ieee80211_hw_config(local, 0); 445 446 ieee80211_offchannel_return(local); 447 } 448 449 ieee80211_recalc_idle(local); 450 ieee80211_start_next_roc(local); 451 } 452} 453 454static void ieee80211_roc_work(struct wiphy *wiphy, struct wiphy_work *work) 455{ 456 struct ieee80211_local *local = 457 container_of(work, struct ieee80211_local, roc_work.work); 458 459 mutex_lock(&local->mtx); 460 __ieee80211_roc_work(local); 461 mutex_unlock(&local->mtx); 462} 463 464static void ieee80211_hw_roc_done(struct wiphy *wiphy, struct wiphy_work *work) 465{ 466 struct ieee80211_local *local = 467 container_of(work, struct ieee80211_local, hw_roc_done); 468 469 mutex_lock(&local->mtx); 470 471 ieee80211_end_finished_rocs(local, jiffies); 472 473 /* if there's another roc, start it now */ 474 ieee80211_start_next_roc(local); 475 476 mutex_unlock(&local->mtx); 477} 478 479void ieee80211_remain_on_channel_expired(struct ieee80211_hw *hw) 480{ 481 struct ieee80211_local *local = hw_to_local(hw); 482 483 trace_api_remain_on_channel_expired(local); 484 485 wiphy_work_queue(hw->wiphy, &local->hw_roc_done); 486} 487EXPORT_SYMBOL_GPL(ieee80211_remain_on_channel_expired); 488 489static bool 490ieee80211_coalesce_hw_started_roc(struct ieee80211_local *local, 491 struct ieee80211_roc_work *new_roc, 492 struct ieee80211_roc_work *cur_roc) 493{ 494 unsigned long now = jiffies; 495 unsigned long remaining; 496 497 if (WARN_ON(!cur_roc->started)) 498 return false; 499 500 /* if it was scheduled in the hardware, but not started yet, 501 * we can only combine if the older one had a longer duration 502 */ 503 if (!cur_roc->hw_begun && new_roc->duration > cur_roc->duration) 504 return false; 505 506 remaining = cur_roc->start_time + 507 msecs_to_jiffies(cur_roc->duration) - 508 now; 509 510 /* if it doesn't fit entirely, schedule a new one */ 511 if (new_roc->duration > jiffies_to_msecs(remaining)) 512 return false; 513 514 /* add just after the current one so we combine their finish later */ 515 list_add(&new_roc->list, &cur_roc->list); 516 517 /* if the existing one has already begun then let this one also 518 * begin, otherwise they'll both be marked properly by the work 519 * struct that runs once the driver notifies us of the beginning 520 */ 521 if (cur_roc->hw_begun) { 522 new_roc->hw_begun = true; 523 ieee80211_handle_roc_started(new_roc, now); 524 } 525 526 return true; 527} 528 529static int ieee80211_start_roc_work(struct ieee80211_local *local, 530 struct ieee80211_sub_if_data *sdata, 531 struct ieee80211_channel *channel, 532 unsigned int duration, u64 *cookie, 533 struct sk_buff *txskb, 534 enum ieee80211_roc_type type) 535{ 536 struct ieee80211_roc_work *roc, *tmp; 537 bool queued = false, combine_started = true; 538 int ret; 539 540 lockdep_assert_held(&local->mtx); 541 542 if (channel->freq_offset) 543 /* this may work, but is untested */ 544 return -EOPNOTSUPP; 545 546 if (local->use_chanctx && !local->ops->remain_on_channel) 547 return -EOPNOTSUPP; 548 549 roc = kzalloc(sizeof(*roc), GFP_KERNEL); 550 if (!roc) 551 return -ENOMEM; 552 553 /* 554 * If the duration is zero, then the driver 555 * wouldn't actually do anything. Set it to 556 * 10 for now. 557 * 558 * TODO: cancel the off-channel operation 559 * when we get the SKB's TX status and 560 * the wait time was zero before. 561 */ 562 if (!duration) 563 duration = 10; 564 565 roc->chan = channel; 566 roc->duration = duration; 567 roc->req_duration = duration; 568 roc->frame = txskb; 569 roc->type = type; 570 roc->sdata = sdata; 571 572 /* 573 * cookie is either the roc cookie (for normal roc) 574 * or the SKB (for mgmt TX) 575 */ 576 if (!txskb) { 577 roc->cookie = ieee80211_mgmt_tx_cookie(local); 578 *cookie = roc->cookie; 579 } else { 580 roc->mgmt_tx_cookie = *cookie; 581 } 582 583 /* if there's no need to queue, handle it immediately */ 584 if (list_empty(&local->roc_list) && 585 !local->scanning && !ieee80211_is_radar_required(local)) { 586 /* if not HW assist, just queue & schedule work */ 587 if (!local->ops->remain_on_channel) { 588 list_add_tail(&roc->list, &local->roc_list); 589 wiphy_delayed_work_queue(local->hw.wiphy, 590 &local->roc_work, 0); 591 } else { 592 /* otherwise actually kick it off here 593 * (for error handling) 594 */ 595 ret = drv_remain_on_channel(local, sdata, channel, 596 duration, type); 597 if (ret) { 598 kfree(roc); 599 return ret; 600 } 601 roc->started = true; 602 list_add_tail(&roc->list, &local->roc_list); 603 } 604 605 return 0; 606 } 607 608 /* otherwise handle queueing */ 609 610 list_for_each_entry(tmp, &local->roc_list, list) { 611 if (tmp->chan != channel || tmp->sdata != sdata) 612 continue; 613 614 /* 615 * Extend this ROC if possible: If it hasn't started, add 616 * just after the new one to combine. 617 */ 618 if (!tmp->started) { 619 list_add(&roc->list, &tmp->list); 620 queued = true; 621 break; 622 } 623 624 if (!combine_started) 625 continue; 626 627 if (!local->ops->remain_on_channel) { 628 /* If there's no hardware remain-on-channel, and 629 * doing so won't push us over the maximum r-o-c 630 * we allow, then we can just add the new one to 631 * the list and mark it as having started now. 632 * If it would push over the limit, don't try to 633 * combine with other started ones (that haven't 634 * been running as long) but potentially sort it 635 * with others that had the same fate. 636 */ 637 unsigned long now = jiffies; 638 u32 elapsed = jiffies_to_msecs(now - tmp->start_time); 639 struct wiphy *wiphy = local->hw.wiphy; 640 u32 max_roc = wiphy->max_remain_on_channel_duration; 641 642 if (elapsed + roc->duration > max_roc) { 643 combine_started = false; 644 continue; 645 } 646 647 list_add(&roc->list, &tmp->list); 648 queued = true; 649 roc->on_channel = tmp->on_channel; 650 ieee80211_handle_roc_started(roc, now); 651 ieee80211_recalc_sw_work(local, now); 652 break; 653 } 654 655 queued = ieee80211_coalesce_hw_started_roc(local, roc, tmp); 656 if (queued) 657 break; 658 /* if it wasn't queued, perhaps it can be combined with 659 * another that also couldn't get combined previously, 660 * but no need to check for already started ones, since 661 * that can't work. 662 */ 663 combine_started = false; 664 } 665 666 if (!queued) 667 list_add_tail(&roc->list, &local->roc_list); 668 669 return 0; 670} 671 672int ieee80211_remain_on_channel(struct wiphy *wiphy, struct wireless_dev *wdev, 673 struct ieee80211_channel *chan, 674 unsigned int duration, u64 *cookie) 675{ 676 struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev); 677 struct ieee80211_local *local = sdata->local; 678 int ret; 679 680 mutex_lock(&local->mtx); 681 ret = ieee80211_start_roc_work(local, sdata, chan, 682 duration, cookie, NULL, 683 IEEE80211_ROC_TYPE_NORMAL); 684 mutex_unlock(&local->mtx); 685 686 return ret; 687} 688 689static int ieee80211_cancel_roc(struct ieee80211_local *local, 690 u64 cookie, bool mgmt_tx) 691{ 692 struct ieee80211_roc_work *roc, *tmp, *found = NULL; 693 int ret; 694 695 if (!cookie) 696 return -ENOENT; 697 698 wiphy_work_flush(local->hw.wiphy, &local->hw_roc_start); 699 700 mutex_lock(&local->mtx); 701 list_for_each_entry_safe(roc, tmp, &local->roc_list, list) { 702 if (!mgmt_tx && roc->cookie != cookie) 703 continue; 704 else if (mgmt_tx && roc->mgmt_tx_cookie != cookie) 705 continue; 706 707 found = roc; 708 break; 709 } 710 711 if (!found) { 712 mutex_unlock(&local->mtx); 713 return -ENOENT; 714 } 715 716 if (!found->started) { 717 ieee80211_roc_notify_destroy(found); 718 goto out_unlock; 719 } 720 721 if (local->ops->remain_on_channel) { 722 ret = drv_cancel_remain_on_channel(local, roc->sdata); 723 if (WARN_ON_ONCE(ret)) { 724 mutex_unlock(&local->mtx); 725 return ret; 726 } 727 728 /* TODO: 729 * if multiple items were combined here then we really shouldn't 730 * cancel them all - we should wait for as much time as needed 731 * for the longest remaining one, and only then cancel ... 732 */ 733 list_for_each_entry_safe(roc, tmp, &local->roc_list, list) { 734 if (!roc->started) 735 break; 736 if (roc == found) 737 found = NULL; 738 ieee80211_roc_notify_destroy(roc); 739 } 740 741 /* that really must not happen - it was started */ 742 WARN_ON(found); 743 744 ieee80211_start_next_roc(local); 745 } else { 746 /* go through work struct to return to the operating channel */ 747 found->abort = true; 748 wiphy_delayed_work_queue(local->hw.wiphy, &local->roc_work, 0); 749 } 750 751 out_unlock: 752 mutex_unlock(&local->mtx); 753 754 return 0; 755} 756 757int ieee80211_cancel_remain_on_channel(struct wiphy *wiphy, 758 struct wireless_dev *wdev, u64 cookie) 759{ 760 struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev); 761 struct ieee80211_local *local = sdata->local; 762 763 return ieee80211_cancel_roc(local, cookie, false); 764} 765 766int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev, 767 struct cfg80211_mgmt_tx_params *params, u64 *cookie) 768{ 769 struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev); 770 struct ieee80211_local *local = sdata->local; 771 struct sk_buff *skb; 772 struct sta_info *sta = NULL; 773 const struct ieee80211_mgmt *mgmt = (void *)params->buf; 774 bool need_offchan = false; 775 bool mlo_sta = false; 776 int link_id = -1; 777 u32 flags; 778 int ret; 779 u8 *data; 780 781 if (params->dont_wait_for_ack) 782 flags = IEEE80211_TX_CTL_NO_ACK; 783 else 784 flags = IEEE80211_TX_INTFL_NL80211_FRAME_TX | 785 IEEE80211_TX_CTL_REQ_TX_STATUS; 786 787 if (params->no_cck) 788 flags |= IEEE80211_TX_CTL_NO_CCK_RATE; 789 790 switch (sdata->vif.type) { 791 case NL80211_IFTYPE_ADHOC: 792 if (!sdata->vif.cfg.ibss_joined) 793 need_offchan = true; 794#ifdef CONFIG_MAC80211_MESH 795 fallthrough; 796 case NL80211_IFTYPE_MESH_POINT: 797 if (ieee80211_vif_is_mesh(&sdata->vif) && 798 !sdata->u.mesh.mesh_id_len) 799 need_offchan = true; 800#endif 801 fallthrough; 802 case NL80211_IFTYPE_AP: 803 case NL80211_IFTYPE_AP_VLAN: 804 case NL80211_IFTYPE_P2P_GO: 805 if (sdata->vif.type != NL80211_IFTYPE_ADHOC && 806 !ieee80211_vif_is_mesh(&sdata->vif) && 807 !sdata->bss->active) 808 need_offchan = true; 809 810 rcu_read_lock(); 811 sta = sta_info_get_bss(sdata, mgmt->da); 812 mlo_sta = sta && sta->sta.mlo; 813 814 if (!ieee80211_is_action(mgmt->frame_control) || 815 mgmt->u.action.category == WLAN_CATEGORY_PUBLIC || 816 mgmt->u.action.category == WLAN_CATEGORY_SELF_PROTECTED || 817 mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) { 818 rcu_read_unlock(); 819 break; 820 } 821 822 if (!sta) { 823 rcu_read_unlock(); 824 return -ENOLINK; 825 } 826 if (params->link_id >= 0 && 827 !(sta->sta.valid_links & BIT(params->link_id))) { 828 rcu_read_unlock(); 829 return -ENOLINK; 830 } 831 link_id = params->link_id; 832 rcu_read_unlock(); 833 break; 834 case NL80211_IFTYPE_STATION: 835 case NL80211_IFTYPE_P2P_CLIENT: 836 sdata_lock(sdata); 837 if (!sdata->u.mgd.associated || 838 (params->offchan && params->wait && 839 local->ops->remain_on_channel && 840 memcmp(sdata->vif.cfg.ap_addr, mgmt->bssid, ETH_ALEN))) 841 need_offchan = true; 842 sdata_unlock(sdata); 843 break; 844 case NL80211_IFTYPE_P2P_DEVICE: 845 need_offchan = true; 846 break; 847 case NL80211_IFTYPE_NAN: 848 default: 849 return -EOPNOTSUPP; 850 } 851 852 /* configurations requiring offchan cannot work if no channel has been 853 * specified 854 */ 855 if (need_offchan && !params->chan) 856 return -EINVAL; 857 858 mutex_lock(&local->mtx); 859 860 /* Check if the operating channel is the requested channel */ 861 if (!params->chan && mlo_sta) { 862 need_offchan = false; 863 } else if (!need_offchan) { 864 struct ieee80211_chanctx_conf *chanctx_conf = NULL; 865 int i; 866 867 rcu_read_lock(); 868 /* Check all the links first */ 869 for (i = 0; i < ARRAY_SIZE(sdata->vif.link_conf); i++) { 870 struct ieee80211_bss_conf *conf; 871 872 conf = rcu_dereference(sdata->vif.link_conf[i]); 873 if (!conf) 874 continue; 875 876 chanctx_conf = rcu_dereference(conf->chanctx_conf); 877 if (!chanctx_conf) 878 continue; 879 880 if (mlo_sta && params->chan == chanctx_conf->def.chan && 881 ether_addr_equal(sdata->vif.addr, mgmt->sa)) { 882 link_id = i; 883 break; 884 } 885 886 if (ether_addr_equal(conf->addr, mgmt->sa)) 887 break; 888 889 chanctx_conf = NULL; 890 } 891 892 if (chanctx_conf) { 893 need_offchan = params->chan && 894 (params->chan != 895 chanctx_conf->def.chan); 896 } else { 897 need_offchan = true; 898 } 899 rcu_read_unlock(); 900 } 901 902 if (need_offchan && !params->offchan) { 903 ret = -EBUSY; 904 goto out_unlock; 905 } 906 907 skb = dev_alloc_skb(local->hw.extra_tx_headroom + params->len); 908 if (!skb) { 909 ret = -ENOMEM; 910 goto out_unlock; 911 } 912 skb_reserve(skb, local->hw.extra_tx_headroom); 913 914 data = skb_put_data(skb, params->buf, params->len); 915 916 /* Update CSA counters */ 917 if (sdata->vif.bss_conf.csa_active && 918 (sdata->vif.type == NL80211_IFTYPE_AP || 919 sdata->vif.type == NL80211_IFTYPE_MESH_POINT || 920 sdata->vif.type == NL80211_IFTYPE_ADHOC) && 921 params->n_csa_offsets) { 922 int i; 923 struct beacon_data *beacon = NULL; 924 925 rcu_read_lock(); 926 927 if (sdata->vif.type == NL80211_IFTYPE_AP) 928 beacon = rcu_dereference(sdata->deflink.u.ap.beacon); 929 else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) 930 beacon = rcu_dereference(sdata->u.ibss.presp); 931 else if (ieee80211_vif_is_mesh(&sdata->vif)) 932 beacon = rcu_dereference(sdata->u.mesh.beacon); 933 934 if (beacon) 935 for (i = 0; i < params->n_csa_offsets; i++) 936 data[params->csa_offsets[i]] = 937 beacon->cntdwn_current_counter; 938 939 rcu_read_unlock(); 940 } 941 942 IEEE80211_SKB_CB(skb)->flags = flags; 943 944 skb->dev = sdata->dev; 945 946 if (!params->dont_wait_for_ack) { 947 /* make a copy to preserve the frame contents 948 * in case of encryption. 949 */ 950 ret = ieee80211_attach_ack_skb(local, skb, cookie, GFP_KERNEL); 951 if (ret) { 952 kfree_skb(skb); 953 goto out_unlock; 954 } 955 } else { 956 /* Assign a dummy non-zero cookie, it's not sent to 957 * userspace in this case but we rely on its value 958 * internally in the need_offchan case to distinguish 959 * mgmt-tx from remain-on-channel. 960 */ 961 *cookie = 0xffffffff; 962 } 963 964 if (!need_offchan) { 965 ieee80211_tx_skb_tid(sdata, skb, 7, link_id); 966 ret = 0; 967 goto out_unlock; 968 } 969 970 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_TX_OFFCHAN | 971 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 972 if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL)) 973 IEEE80211_SKB_CB(skb)->hw_queue = 974 local->hw.offchannel_tx_hw_queue; 975 976 /* This will handle all kinds of coalescing and immediate TX */ 977 ret = ieee80211_start_roc_work(local, sdata, params->chan, 978 params->wait, cookie, skb, 979 IEEE80211_ROC_TYPE_MGMT_TX); 980 if (ret) 981 ieee80211_free_txskb(&local->hw, skb); 982 out_unlock: 983 mutex_unlock(&local->mtx); 984 return ret; 985} 986 987int ieee80211_mgmt_tx_cancel_wait(struct wiphy *wiphy, 988 struct wireless_dev *wdev, u64 cookie) 989{ 990 struct ieee80211_local *local = wiphy_priv(wiphy); 991 992 return ieee80211_cancel_roc(local, cookie, true); 993} 994 995void ieee80211_roc_setup(struct ieee80211_local *local) 996{ 997 wiphy_work_init(&local->hw_roc_start, ieee80211_hw_roc_start); 998 wiphy_work_init(&local->hw_roc_done, ieee80211_hw_roc_done); 999 wiphy_delayed_work_init(&local->roc_work, ieee80211_roc_work); 1000 INIT_LIST_HEAD(&local->roc_list); 1001} 1002 1003void ieee80211_roc_purge(struct ieee80211_local *local, 1004 struct ieee80211_sub_if_data *sdata) 1005{ 1006 struct ieee80211_roc_work *roc, *tmp; 1007 bool work_to_do = false; 1008 1009 mutex_lock(&local->mtx); 1010 list_for_each_entry_safe(roc, tmp, &local->roc_list, list) { 1011 if (sdata && roc->sdata != sdata) 1012 continue; 1013 1014 if (roc->started) { 1015 if (local->ops->remain_on_channel) { 1016 /* can race, so ignore return value */ 1017 drv_cancel_remain_on_channel(local, roc->sdata); 1018 ieee80211_roc_notify_destroy(roc); 1019 } else { 1020 roc->abort = true; 1021 work_to_do = true; 1022 } 1023 } else { 1024 ieee80211_roc_notify_destroy(roc); 1025 } 1026 } 1027 if (work_to_do) 1028 __ieee80211_roc_work(local); 1029 mutex_unlock(&local->mtx); 1030} 1031