1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * NXP Wireless LAN device driver: scan ioctl and command handling 4 * 5 * Copyright 2011-2020 NXP 6 */ 7 8 #include "decl.h" 9 #include "ioctl.h" 10 #include "util.h" 11 #include "fw.h" 12 #include "main.h" 13 #include "11n.h" 14 #include "cfg80211.h" 15 16 /* The maximum number of channels the firmware can scan per command */ 17 #define MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN 14 18 19 #define MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD 4 20 21 /* Memory needed to store a max sized Channel List TLV for a firmware scan */ 22 #define CHAN_TLV_MAX_SIZE (sizeof(struct mwifiex_ie_types_header) \ 23 + (MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN \ 24 *sizeof(struct mwifiex_chan_scan_param_set))) 25 26 /* Memory needed to store supported rate */ 27 #define RATE_TLV_MAX_SIZE (sizeof(struct mwifiex_ie_types_rates_param_set) \ 28 + HOSTCMD_SUPPORTED_RATES) 29 30 /* Memory needed to store a max number/size WildCard SSID TLV for a firmware 31 scan */ 32 #define WILDCARD_SSID_TLV_MAX_SIZE \ 33 (MWIFIEX_MAX_SSID_LIST_LENGTH * \ 34 (sizeof(struct mwifiex_ie_types_wildcard_ssid_params) \ 35 + IEEE80211_MAX_SSID_LEN)) 36 37 /* Maximum memory needed for a mwifiex_scan_cmd_config with all TLVs at max */ 38 #define MAX_SCAN_CFG_ALLOC (sizeof(struct mwifiex_scan_cmd_config) \ 39 + sizeof(struct mwifiex_ie_types_num_probes) \ 40 + sizeof(struct mwifiex_ie_types_htcap) \ 41 + CHAN_TLV_MAX_SIZE \ 42 + RATE_TLV_MAX_SIZE \ 43 + WILDCARD_SSID_TLV_MAX_SIZE) 44 45 46 union mwifiex_scan_cmd_config_tlv { 47 /* Scan configuration (variable length) */ 48 struct mwifiex_scan_cmd_config config; 49 /* Max allocated block */ 50 u8 config_alloc_buf[MAX_SCAN_CFG_ALLOC]; 51 }; 52 53 enum cipher_suite { 54 CIPHER_SUITE_TKIP, 55 CIPHER_SUITE_CCMP, 56 CIPHER_SUITE_MAX 57 }; 58 static u8 mwifiex_wpa_oui[CIPHER_SUITE_MAX][4] = { 59 { 0x00, 0x50, 0xf2, 0x02 }, /* TKIP */ 60 { 0x00, 0x50, 0xf2, 0x04 }, /* AES */ 61 }; 62 static u8 mwifiex_rsn_oui[CIPHER_SUITE_MAX][4] = { 63 { 0x00, 0x0f, 0xac, 0x02 }, /* TKIP */ 64 { 0x00, 0x0f, 0xac, 0x04 }, /* AES */ 65 }; 66 67 static void _dbg_security_flags(int log_level,const char * func,const char * desc,struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)68 _dbg_security_flags(int log_level, const char *func, const char *desc, 69 struct mwifiex_private *priv, 70 struct mwifiex_bssdescriptor *bss_desc) 71 { 72 _mwifiex_dbg(priv->adapter, log_level, 73 "info: %s: %s:\twpa_ie=%#x wpa2_ie=%#x WEP=%s WPA=%s WPA2=%s\tEncMode=%#x privacy=%#x\n", 74 func, desc, 75 bss_desc->bcn_wpa_ie ? 76 bss_desc->bcn_wpa_ie->vend_hdr.element_id : 0, 77 bss_desc->bcn_rsn_ie ? 78 bss_desc->bcn_rsn_ie->ieee_hdr.element_id : 0, 79 priv->sec_info.wep_enabled ? "e" : "d", 80 priv->sec_info.wpa_enabled ? "e" : "d", 81 priv->sec_info.wpa2_enabled ? "e" : "d", 82 priv->sec_info.encryption_mode, 83 bss_desc->privacy); 84 } 85 #define dbg_security_flags(mask, desc, priv, bss_desc) \ 86 _dbg_security_flags(MWIFIEX_DBG_##mask, desc, __func__, priv, bss_desc) 87 88 static bool has_ieee_hdr(struct ieee_types_generic * ie,u8 key)89 has_ieee_hdr(struct ieee_types_generic *ie, u8 key) 90 { 91 return (ie && ie->ieee_hdr.element_id == key); 92 } 93 94 static bool has_vendor_hdr(struct ieee_types_vendor_specific * ie,u8 key)95 has_vendor_hdr(struct ieee_types_vendor_specific *ie, u8 key) 96 { 97 return (ie && ie->vend_hdr.element_id == key); 98 } 99 100 /* 101 * This function parses a given IE for a given OUI. 102 * 103 * This is used to parse a WPA/RSN IE to find if it has 104 * a given oui in PTK. 105 */ 106 static u8 mwifiex_search_oui_in_ie(struct ie_body * iebody,u8 * oui)107 mwifiex_search_oui_in_ie(struct ie_body *iebody, u8 *oui) 108 { 109 u8 count; 110 111 count = iebody->ptk_cnt[0]; 112 113 /* There could be multiple OUIs for PTK hence 114 1) Take the length. 115 2) Check all the OUIs for AES. 116 3) If one of them is AES then pass success. */ 117 while (count) { 118 if (!memcmp(iebody->ptk_body, oui, sizeof(iebody->ptk_body))) 119 return MWIFIEX_OUI_PRESENT; 120 121 --count; 122 if (count) 123 iebody = (struct ie_body *) ((u8 *) iebody + 124 sizeof(iebody->ptk_body)); 125 } 126 127 pr_debug("info: %s: OUI is not found in PTK\n", __func__); 128 return MWIFIEX_OUI_NOT_PRESENT; 129 } 130 131 /* 132 * This function checks if a given OUI is present in a RSN IE. 133 * 134 * The function first checks if a RSN IE is present or not in the 135 * BSS descriptor. It tries to locate the OUI only if such an IE is 136 * present. 137 */ 138 static u8 mwifiex_is_rsn_oui_present(struct mwifiex_bssdescriptor * bss_desc,u32 cipher)139 mwifiex_is_rsn_oui_present(struct mwifiex_bssdescriptor *bss_desc, u32 cipher) 140 { 141 u8 *oui; 142 struct ie_body *iebody; 143 u8 ret = MWIFIEX_OUI_NOT_PRESENT; 144 145 if (has_ieee_hdr(bss_desc->bcn_rsn_ie, WLAN_EID_RSN)) { 146 iebody = (struct ie_body *) 147 (((u8 *) bss_desc->bcn_rsn_ie->data) + 148 RSN_GTK_OUI_OFFSET); 149 oui = &mwifiex_rsn_oui[cipher][0]; 150 ret = mwifiex_search_oui_in_ie(iebody, oui); 151 if (ret) 152 return ret; 153 } 154 return ret; 155 } 156 157 /* 158 * This function checks if a given OUI is present in a WPA IE. 159 * 160 * The function first checks if a WPA IE is present or not in the 161 * BSS descriptor. It tries to locate the OUI only if such an IE is 162 * present. 163 */ 164 static u8 mwifiex_is_wpa_oui_present(struct mwifiex_bssdescriptor * bss_desc,u32 cipher)165 mwifiex_is_wpa_oui_present(struct mwifiex_bssdescriptor *bss_desc, u32 cipher) 166 { 167 u8 *oui; 168 struct ie_body *iebody; 169 u8 ret = MWIFIEX_OUI_NOT_PRESENT; 170 171 if (has_vendor_hdr(bss_desc->bcn_wpa_ie, WLAN_EID_VENDOR_SPECIFIC)) { 172 iebody = (struct ie_body *)((u8 *)bss_desc->bcn_wpa_ie->data + 173 WPA_GTK_OUI_OFFSET); 174 oui = &mwifiex_wpa_oui[cipher][0]; 175 ret = mwifiex_search_oui_in_ie(iebody, oui); 176 if (ret) 177 return ret; 178 } 179 return ret; 180 } 181 182 /* 183 * This function checks if wapi is enabled in driver and scanned network is 184 * compatible with it. 185 */ 186 static bool mwifiex_is_bss_wapi(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)187 mwifiex_is_bss_wapi(struct mwifiex_private *priv, 188 struct mwifiex_bssdescriptor *bss_desc) 189 { 190 if (priv->sec_info.wapi_enabled && 191 has_ieee_hdr(bss_desc->bcn_wapi_ie, WLAN_EID_BSS_AC_ACCESS_DELAY)) 192 return true; 193 return false; 194 } 195 196 /* 197 * This function checks if driver is configured with no security mode and 198 * scanned network is compatible with it. 199 */ 200 static bool mwifiex_is_bss_no_sec(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)201 mwifiex_is_bss_no_sec(struct mwifiex_private *priv, 202 struct mwifiex_bssdescriptor *bss_desc) 203 { 204 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled && 205 !priv->sec_info.wpa2_enabled && 206 !has_vendor_hdr(bss_desc->bcn_wpa_ie, WLAN_EID_VENDOR_SPECIFIC) && 207 !has_ieee_hdr(bss_desc->bcn_rsn_ie, WLAN_EID_RSN) && 208 !priv->sec_info.encryption_mode && !bss_desc->privacy) { 209 return true; 210 } 211 return false; 212 } 213 214 /* 215 * This function checks if static WEP is enabled in driver and scanned network 216 * is compatible with it. 217 */ 218 static bool mwifiex_is_bss_static_wep(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)219 mwifiex_is_bss_static_wep(struct mwifiex_private *priv, 220 struct mwifiex_bssdescriptor *bss_desc) 221 { 222 if (priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled && 223 !priv->sec_info.wpa2_enabled && bss_desc->privacy) { 224 return true; 225 } 226 return false; 227 } 228 229 /* 230 * This function checks if wpa is enabled in driver and scanned network is 231 * compatible with it. 232 */ 233 static bool mwifiex_is_bss_wpa(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)234 mwifiex_is_bss_wpa(struct mwifiex_private *priv, 235 struct mwifiex_bssdescriptor *bss_desc) 236 { 237 if (!priv->sec_info.wep_enabled && priv->sec_info.wpa_enabled && 238 !priv->sec_info.wpa2_enabled && 239 has_vendor_hdr(bss_desc->bcn_wpa_ie, WLAN_EID_VENDOR_SPECIFIC) 240 /* 241 * Privacy bit may NOT be set in some APs like 242 * LinkSys WRT54G && bss_desc->privacy 243 */ 244 ) { 245 dbg_security_flags(INFO, "WPA", priv, bss_desc); 246 return true; 247 } 248 return false; 249 } 250 251 /* 252 * This function checks if wpa2 is enabled in driver and scanned network is 253 * compatible with it. 254 */ 255 static bool mwifiex_is_bss_wpa2(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)256 mwifiex_is_bss_wpa2(struct mwifiex_private *priv, 257 struct mwifiex_bssdescriptor *bss_desc) 258 { 259 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled && 260 priv->sec_info.wpa2_enabled && 261 has_ieee_hdr(bss_desc->bcn_rsn_ie, WLAN_EID_RSN)) { 262 /* 263 * Privacy bit may NOT be set in some APs like 264 * LinkSys WRT54G && bss_desc->privacy 265 */ 266 dbg_security_flags(INFO, "WAP2", priv, bss_desc); 267 return true; 268 } 269 return false; 270 } 271 272 /* 273 * This function checks if adhoc AES is enabled in driver and scanned network is 274 * compatible with it. 275 */ 276 static bool mwifiex_is_bss_adhoc_aes(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)277 mwifiex_is_bss_adhoc_aes(struct mwifiex_private *priv, 278 struct mwifiex_bssdescriptor *bss_desc) 279 { 280 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled && 281 !priv->sec_info.wpa2_enabled && 282 !has_vendor_hdr(bss_desc->bcn_wpa_ie, WLAN_EID_VENDOR_SPECIFIC) && 283 !has_ieee_hdr(bss_desc->bcn_rsn_ie, WLAN_EID_RSN) && 284 !priv->sec_info.encryption_mode && bss_desc->privacy) { 285 return true; 286 } 287 return false; 288 } 289 290 /* 291 * This function checks if dynamic WEP is enabled in driver and scanned network 292 * is compatible with it. 293 */ 294 static bool mwifiex_is_bss_dynamic_wep(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)295 mwifiex_is_bss_dynamic_wep(struct mwifiex_private *priv, 296 struct mwifiex_bssdescriptor *bss_desc) 297 { 298 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled && 299 !priv->sec_info.wpa2_enabled && 300 !has_vendor_hdr(bss_desc->bcn_wpa_ie, WLAN_EID_VENDOR_SPECIFIC) && 301 !has_ieee_hdr(bss_desc->bcn_rsn_ie, WLAN_EID_RSN) && 302 priv->sec_info.encryption_mode && bss_desc->privacy) { 303 dbg_security_flags(INFO, "dynamic", priv, bss_desc); 304 return true; 305 } 306 return false; 307 } 308 309 /* 310 * This function checks if a scanned network is compatible with the driver 311 * settings. 312 * 313 * WEP WPA WPA2 ad-hoc encrypt Network 314 * enabled enabled enabled AES mode Privacy WPA WPA2 Compatible 315 * 0 0 0 0 NONE 0 0 0 yes No security 316 * 0 1 0 0 x 1x 1 x yes WPA (disable 317 * HT if no AES) 318 * 0 0 1 0 x 1x x 1 yes WPA2 (disable 319 * HT if no AES) 320 * 0 0 0 1 NONE 1 0 0 yes Ad-hoc AES 321 * 1 0 0 0 NONE 1 0 0 yes Static WEP 322 * (disable HT) 323 * 0 0 0 0 !=NONE 1 0 0 yes Dynamic WEP 324 * 325 * Compatibility is not matched while roaming, except for mode. 326 */ 327 static s32 mwifiex_is_network_compatible(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc,u32 mode)328 mwifiex_is_network_compatible(struct mwifiex_private *priv, 329 struct mwifiex_bssdescriptor *bss_desc, u32 mode) 330 { 331 struct mwifiex_adapter *adapter = priv->adapter; 332 333 bss_desc->disable_11n = false; 334 335 /* Don't check for compatibility if roaming */ 336 if (priv->media_connected && 337 (priv->bss_mode == NL80211_IFTYPE_STATION) && 338 (bss_desc->bss_mode == NL80211_IFTYPE_STATION)) 339 return 0; 340 341 if (priv->wps.session_enable) { 342 mwifiex_dbg(adapter, IOCTL, 343 "info: return success directly in WPS period\n"); 344 return 0; 345 } 346 347 if (bss_desc->chan_sw_ie_present) { 348 mwifiex_dbg(adapter, INFO, 349 "Don't connect to AP with WLAN_EID_CHANNEL_SWITCH\n"); 350 return -1; 351 } 352 353 if (mwifiex_is_bss_wapi(priv, bss_desc)) { 354 mwifiex_dbg(adapter, INFO, 355 "info: return success for WAPI AP\n"); 356 return 0; 357 } 358 359 if (bss_desc->bss_mode == mode) { 360 if (mwifiex_is_bss_no_sec(priv, bss_desc)) { 361 /* No security */ 362 return 0; 363 } else if (mwifiex_is_bss_static_wep(priv, bss_desc)) { 364 /* Static WEP enabled */ 365 mwifiex_dbg(adapter, INFO, 366 "info: Disable 11n in WEP mode.\n"); 367 bss_desc->disable_11n = true; 368 return 0; 369 } else if (mwifiex_is_bss_wpa(priv, bss_desc)) { 370 /* WPA enabled */ 371 if (((priv->adapter->config_bands & BAND_GN || 372 priv->adapter->config_bands & BAND_AN) && 373 bss_desc->bcn_ht_cap) && 374 !mwifiex_is_wpa_oui_present(bss_desc, 375 CIPHER_SUITE_CCMP)) { 376 377 if (mwifiex_is_wpa_oui_present 378 (bss_desc, CIPHER_SUITE_TKIP)) { 379 mwifiex_dbg(adapter, INFO, 380 "info: Disable 11n if AES\t" 381 "is not supported by AP\n"); 382 bss_desc->disable_11n = true; 383 } else { 384 return -1; 385 } 386 } 387 return 0; 388 } else if (mwifiex_is_bss_wpa2(priv, bss_desc)) { 389 /* WPA2 enabled */ 390 if (((priv->adapter->config_bands & BAND_GN || 391 priv->adapter->config_bands & BAND_AN) && 392 bss_desc->bcn_ht_cap) && 393 !mwifiex_is_rsn_oui_present(bss_desc, 394 CIPHER_SUITE_CCMP)) { 395 396 if (mwifiex_is_rsn_oui_present 397 (bss_desc, CIPHER_SUITE_TKIP)) { 398 mwifiex_dbg(adapter, INFO, 399 "info: Disable 11n if AES\t" 400 "is not supported by AP\n"); 401 bss_desc->disable_11n = true; 402 } else { 403 return -1; 404 } 405 } 406 return 0; 407 } else if (mwifiex_is_bss_adhoc_aes(priv, bss_desc)) { 408 /* Ad-hoc AES enabled */ 409 return 0; 410 } else if (mwifiex_is_bss_dynamic_wep(priv, bss_desc)) { 411 /* Dynamic WEP enabled */ 412 return 0; 413 } 414 415 /* Security doesn't match */ 416 dbg_security_flags(ERROR, "failed", priv, bss_desc); 417 return -1; 418 } 419 420 /* Mode doesn't match */ 421 return -1; 422 } 423 424 /* 425 * This function creates a channel list for the driver to scan, based 426 * on region/band information. 427 * 428 * This routine is used for any scan that is not provided with a 429 * specific channel list to scan. 430 */ 431 static int mwifiex_scan_create_channel_list(struct mwifiex_private * priv,const struct mwifiex_user_scan_cfg * user_scan_in,struct mwifiex_chan_scan_param_set * scan_chan_list,u8 filtered_scan)432 mwifiex_scan_create_channel_list(struct mwifiex_private *priv, 433 const struct mwifiex_user_scan_cfg 434 *user_scan_in, 435 struct mwifiex_chan_scan_param_set 436 *scan_chan_list, 437 u8 filtered_scan) 438 { 439 enum nl80211_band band; 440 struct ieee80211_supported_band *sband; 441 struct ieee80211_channel *ch; 442 struct mwifiex_adapter *adapter = priv->adapter; 443 int chan_idx = 0, i; 444 445 for (band = 0; (band < NUM_NL80211_BANDS) ; band++) { 446 447 if (!priv->wdev.wiphy->bands[band]) 448 continue; 449 450 sband = priv->wdev.wiphy->bands[band]; 451 452 for (i = 0; (i < sband->n_channels) ; i++) { 453 ch = &sband->channels[i]; 454 if (ch->flags & IEEE80211_CHAN_DISABLED) 455 continue; 456 scan_chan_list[chan_idx].radio_type = band; 457 458 if (user_scan_in && 459 user_scan_in->chan_list[0].scan_time) 460 scan_chan_list[chan_idx].max_scan_time = 461 cpu_to_le16((u16) user_scan_in-> 462 chan_list[0].scan_time); 463 else if ((ch->flags & IEEE80211_CHAN_NO_IR) || 464 (ch->flags & IEEE80211_CHAN_RADAR)) 465 scan_chan_list[chan_idx].max_scan_time = 466 cpu_to_le16(adapter->passive_scan_time); 467 else 468 scan_chan_list[chan_idx].max_scan_time = 469 cpu_to_le16(adapter->active_scan_time); 470 471 if (ch->flags & IEEE80211_CHAN_NO_IR) 472 scan_chan_list[chan_idx].chan_scan_mode_bitmap 473 |= (MWIFIEX_PASSIVE_SCAN | 474 MWIFIEX_HIDDEN_SSID_REPORT); 475 else 476 scan_chan_list[chan_idx].chan_scan_mode_bitmap 477 &= ~MWIFIEX_PASSIVE_SCAN; 478 scan_chan_list[chan_idx].chan_number = 479 (u32) ch->hw_value; 480 481 scan_chan_list[chan_idx].chan_scan_mode_bitmap 482 |= MWIFIEX_DISABLE_CHAN_FILT; 483 484 if (filtered_scan && 485 !((ch->flags & IEEE80211_CHAN_NO_IR) || 486 (ch->flags & IEEE80211_CHAN_RADAR))) 487 scan_chan_list[chan_idx].max_scan_time = 488 cpu_to_le16(adapter->specific_scan_time); 489 490 chan_idx++; 491 } 492 493 } 494 return chan_idx; 495 } 496 497 /* This function creates a channel list tlv for bgscan config, based 498 * on region/band information. 499 */ 500 static int mwifiex_bgscan_create_channel_list(struct mwifiex_private * priv,const struct mwifiex_bg_scan_cfg * bgscan_cfg_in,struct mwifiex_chan_scan_param_set * scan_chan_list)501 mwifiex_bgscan_create_channel_list(struct mwifiex_private *priv, 502 const struct mwifiex_bg_scan_cfg 503 *bgscan_cfg_in, 504 struct mwifiex_chan_scan_param_set 505 *scan_chan_list) 506 { 507 enum nl80211_band band; 508 struct ieee80211_supported_band *sband; 509 struct ieee80211_channel *ch; 510 struct mwifiex_adapter *adapter = priv->adapter; 511 int chan_idx = 0, i; 512 513 for (band = 0; (band < NUM_NL80211_BANDS); band++) { 514 if (!priv->wdev.wiphy->bands[band]) 515 continue; 516 517 sband = priv->wdev.wiphy->bands[band]; 518 519 for (i = 0; (i < sband->n_channels) ; i++) { 520 ch = &sband->channels[i]; 521 if (ch->flags & IEEE80211_CHAN_DISABLED) 522 continue; 523 scan_chan_list[chan_idx].radio_type = band; 524 525 if (bgscan_cfg_in->chan_list[0].scan_time) 526 scan_chan_list[chan_idx].max_scan_time = 527 cpu_to_le16((u16)bgscan_cfg_in-> 528 chan_list[0].scan_time); 529 else if (ch->flags & IEEE80211_CHAN_NO_IR) 530 scan_chan_list[chan_idx].max_scan_time = 531 cpu_to_le16(adapter->passive_scan_time); 532 else 533 scan_chan_list[chan_idx].max_scan_time = 534 cpu_to_le16(adapter-> 535 specific_scan_time); 536 537 if (ch->flags & IEEE80211_CHAN_NO_IR) 538 scan_chan_list[chan_idx].chan_scan_mode_bitmap 539 |= MWIFIEX_PASSIVE_SCAN; 540 else 541 scan_chan_list[chan_idx].chan_scan_mode_bitmap 542 &= ~MWIFIEX_PASSIVE_SCAN; 543 544 scan_chan_list[chan_idx].chan_number = 545 (u32)ch->hw_value; 546 chan_idx++; 547 } 548 } 549 return chan_idx; 550 } 551 552 /* This function appends rate TLV to scan config command. */ 553 static int mwifiex_append_rate_tlv(struct mwifiex_private * priv,struct mwifiex_scan_cmd_config * scan_cfg_out,u8 radio)554 mwifiex_append_rate_tlv(struct mwifiex_private *priv, 555 struct mwifiex_scan_cmd_config *scan_cfg_out, 556 u8 radio) 557 { 558 struct mwifiex_ie_types_rates_param_set *rates_tlv; 559 u8 rates[MWIFIEX_SUPPORTED_RATES], *tlv_pos; 560 u32 rates_size; 561 562 memset(rates, 0, sizeof(rates)); 563 564 tlv_pos = (u8 *)scan_cfg_out->tlv_buf + scan_cfg_out->tlv_buf_len; 565 566 if (priv->scan_request) 567 rates_size = mwifiex_get_rates_from_cfg80211(priv, rates, 568 radio); 569 else 570 rates_size = mwifiex_get_supported_rates(priv, rates); 571 572 mwifiex_dbg(priv->adapter, CMD, 573 "info: SCAN_CMD: Rates size = %d\n", 574 rates_size); 575 rates_tlv = (struct mwifiex_ie_types_rates_param_set *)tlv_pos; 576 rates_tlv->header.type = cpu_to_le16(WLAN_EID_SUPP_RATES); 577 rates_tlv->header.len = cpu_to_le16((u16) rates_size); 578 memcpy(rates_tlv->rates, rates, rates_size); 579 scan_cfg_out->tlv_buf_len += sizeof(rates_tlv->header) + rates_size; 580 581 return rates_size; 582 } 583 584 /* 585 * This function constructs and sends multiple scan config commands to 586 * the firmware. 587 * 588 * Previous routines in the code flow have created a scan command configuration 589 * with any requested TLVs. This function splits the channel TLV into maximum 590 * channels supported per scan lists and sends the portion of the channel TLV, 591 * along with the other TLVs, to the firmware. 592 */ 593 static int mwifiex_scan_channel_list(struct mwifiex_private * priv,u32 max_chan_per_scan,u8 filtered_scan,struct mwifiex_scan_cmd_config * scan_cfg_out,struct mwifiex_ie_types_chan_list_param_set * chan_tlv_out,struct mwifiex_chan_scan_param_set * scan_chan_list)594 mwifiex_scan_channel_list(struct mwifiex_private *priv, 595 u32 max_chan_per_scan, u8 filtered_scan, 596 struct mwifiex_scan_cmd_config *scan_cfg_out, 597 struct mwifiex_ie_types_chan_list_param_set 598 *chan_tlv_out, 599 struct mwifiex_chan_scan_param_set *scan_chan_list) 600 { 601 struct mwifiex_adapter *adapter = priv->adapter; 602 int ret = 0; 603 struct mwifiex_chan_scan_param_set *tmp_chan_list; 604 u32 tlv_idx, rates_size, cmd_no; 605 u32 total_scan_time; 606 u32 done_early; 607 u8 radio_type; 608 609 if (!scan_cfg_out || !chan_tlv_out || !scan_chan_list) { 610 mwifiex_dbg(priv->adapter, ERROR, 611 "info: Scan: Null detect: %p, %p, %p\n", 612 scan_cfg_out, chan_tlv_out, scan_chan_list); 613 return -1; 614 } 615 616 /* Check csa channel expiry before preparing scan list */ 617 mwifiex_11h_get_csa_closed_channel(priv); 618 619 chan_tlv_out->header.type = cpu_to_le16(TLV_TYPE_CHANLIST); 620 621 /* Set the temp channel struct pointer to the start of the desired 622 list */ 623 tmp_chan_list = scan_chan_list; 624 625 /* Loop through the desired channel list, sending a new firmware scan 626 commands for each max_chan_per_scan channels (or for 1,6,11 627 individually if configured accordingly) */ 628 while (tmp_chan_list->chan_number) { 629 630 tlv_idx = 0; 631 total_scan_time = 0; 632 radio_type = 0; 633 chan_tlv_out->header.len = 0; 634 done_early = false; 635 636 /* 637 * Construct the Channel TLV for the scan command. Continue to 638 * insert channel TLVs until: 639 * - the tlv_idx hits the maximum configured per scan command 640 * - the next channel to insert is 0 (end of desired channel 641 * list) 642 * - done_early is set (controlling individual scanning of 643 * 1,6,11) 644 */ 645 while (tlv_idx < max_chan_per_scan && 646 tmp_chan_list->chan_number && !done_early) { 647 648 if (tmp_chan_list->chan_number == priv->csa_chan) { 649 tmp_chan_list++; 650 continue; 651 } 652 653 radio_type = tmp_chan_list->radio_type; 654 mwifiex_dbg(priv->adapter, INFO, 655 "info: Scan: Chan(%3d), Radio(%d),\t" 656 "Mode(%d, %d), Dur(%d)\n", 657 tmp_chan_list->chan_number, 658 tmp_chan_list->radio_type, 659 tmp_chan_list->chan_scan_mode_bitmap 660 & MWIFIEX_PASSIVE_SCAN, 661 (tmp_chan_list->chan_scan_mode_bitmap 662 & MWIFIEX_DISABLE_CHAN_FILT) >> 1, 663 le16_to_cpu(tmp_chan_list->max_scan_time)); 664 665 /* Copy the current channel TLV to the command being 666 prepared */ 667 memcpy(&chan_tlv_out->chan_scan_param[tlv_idx], 668 tmp_chan_list, 669 sizeof(*chan_tlv_out->chan_scan_param)); 670 671 /* Increment the TLV header length by the size 672 appended */ 673 le16_unaligned_add_cpu(&chan_tlv_out->header.len, 674 sizeof(*chan_tlv_out->chan_scan_param)); 675 676 /* 677 * The tlv buffer length is set to the number of bytes 678 * of the between the channel tlv pointer and the start 679 * of the tlv buffer. This compensates for any TLVs 680 * that were appended before the channel list. 681 */ 682 scan_cfg_out->tlv_buf_len = (u32) ((u8 *) chan_tlv_out - 683 scan_cfg_out->tlv_buf); 684 685 /* Add the size of the channel tlv header and the data 686 length */ 687 scan_cfg_out->tlv_buf_len += 688 (sizeof(chan_tlv_out->header) 689 + le16_to_cpu(chan_tlv_out->header.len)); 690 691 /* Increment the index to the channel tlv we are 692 constructing */ 693 tlv_idx++; 694 695 /* Count the total scan time per command */ 696 total_scan_time += 697 le16_to_cpu(tmp_chan_list->max_scan_time); 698 699 done_early = false; 700 701 /* Stop the loop if the *current* channel is in the 702 1,6,11 set and we are not filtering on a BSSID 703 or SSID. */ 704 if (!filtered_scan && 705 (tmp_chan_list->chan_number == 1 || 706 tmp_chan_list->chan_number == 6 || 707 tmp_chan_list->chan_number == 11)) 708 done_early = true; 709 710 /* Increment the tmp pointer to the next channel to 711 be scanned */ 712 tmp_chan_list++; 713 714 /* Stop the loop if the *next* channel is in the 1,6,11 715 set. This will cause it to be the only channel 716 scanned on the next interation */ 717 if (!filtered_scan && 718 (tmp_chan_list->chan_number == 1 || 719 tmp_chan_list->chan_number == 6 || 720 tmp_chan_list->chan_number == 11)) 721 done_early = true; 722 } 723 724 /* The total scan time should be less than scan command timeout 725 value */ 726 if (total_scan_time > MWIFIEX_MAX_TOTAL_SCAN_TIME) { 727 mwifiex_dbg(priv->adapter, ERROR, 728 "total scan time %dms\t" 729 "is over limit (%dms), scan skipped\n", 730 total_scan_time, 731 MWIFIEX_MAX_TOTAL_SCAN_TIME); 732 ret = -1; 733 break; 734 } 735 736 rates_size = mwifiex_append_rate_tlv(priv, scan_cfg_out, 737 radio_type); 738 739 /* Send the scan command to the firmware with the specified 740 cfg */ 741 if (priv->adapter->ext_scan) 742 cmd_no = HostCmd_CMD_802_11_SCAN_EXT; 743 else 744 cmd_no = HostCmd_CMD_802_11_SCAN; 745 746 ret = mwifiex_send_cmd(priv, cmd_no, HostCmd_ACT_GEN_SET, 747 0, scan_cfg_out, false); 748 749 /* rate IE is updated per scan command but same starting 750 * pointer is used each time so that rate IE from earlier 751 * scan_cfg_out->buf is overwritten with new one. 752 */ 753 scan_cfg_out->tlv_buf_len -= 754 sizeof(struct mwifiex_ie_types_header) + rates_size; 755 756 if (ret) { 757 mwifiex_cancel_pending_scan_cmd(adapter); 758 break; 759 } 760 } 761 762 if (ret) 763 return -1; 764 765 return 0; 766 } 767 768 /* 769 * This function constructs a scan command configuration structure to use 770 * in scan commands. 771 * 772 * Application layer or other functions can invoke network scanning 773 * with a scan configuration supplied in a user scan configuration structure. 774 * This structure is used as the basis of one or many scan command configuration 775 * commands that are sent to the command processing module and eventually to the 776 * firmware. 777 * 778 * This function creates a scan command configuration structure based on the 779 * following user supplied parameters (if present): 780 * - SSID filter 781 * - BSSID filter 782 * - Number of Probes to be sent 783 * - Channel list 784 * 785 * If the SSID or BSSID filter is not present, the filter is disabled/cleared. 786 * If the number of probes is not set, adapter default setting is used. 787 */ 788 static void mwifiex_config_scan(struct mwifiex_private * priv,const struct mwifiex_user_scan_cfg * user_scan_in,struct mwifiex_scan_cmd_config * scan_cfg_out,struct mwifiex_ie_types_chan_list_param_set ** chan_list_out,struct mwifiex_chan_scan_param_set * scan_chan_list,u8 * max_chan_per_scan,u8 * filtered_scan,u8 * scan_current_only)789 mwifiex_config_scan(struct mwifiex_private *priv, 790 const struct mwifiex_user_scan_cfg *user_scan_in, 791 struct mwifiex_scan_cmd_config *scan_cfg_out, 792 struct mwifiex_ie_types_chan_list_param_set **chan_list_out, 793 struct mwifiex_chan_scan_param_set *scan_chan_list, 794 u8 *max_chan_per_scan, u8 *filtered_scan, 795 u8 *scan_current_only) 796 { 797 struct mwifiex_adapter *adapter = priv->adapter; 798 struct mwifiex_ie_types_num_probes *num_probes_tlv; 799 struct mwifiex_ie_types_scan_chan_gap *chan_gap_tlv; 800 struct mwifiex_ie_types_random_mac *random_mac_tlv; 801 struct mwifiex_ie_types_wildcard_ssid_params *wildcard_ssid_tlv; 802 struct mwifiex_ie_types_bssid_list *bssid_tlv; 803 u8 *tlv_pos; 804 u32 num_probes; 805 u32 ssid_len; 806 u32 chan_idx; 807 u32 scan_type; 808 u16 scan_dur; 809 u8 channel; 810 u8 radio_type; 811 int i; 812 u8 ssid_filter; 813 struct mwifiex_ie_types_htcap *ht_cap; 814 struct mwifiex_ie_types_bss_mode *bss_mode; 815 816 /* The tlv_buf_len is calculated for each scan command. The TLVs added 817 in this routine will be preserved since the routine that sends the 818 command will append channelTLVs at *chan_list_out. The difference 819 between the *chan_list_out and the tlv_buf start will be used to 820 calculate the size of anything we add in this routine. */ 821 scan_cfg_out->tlv_buf_len = 0; 822 823 /* Running tlv pointer. Assigned to chan_list_out at end of function 824 so later routines know where channels can be added to the command 825 buf */ 826 tlv_pos = scan_cfg_out->tlv_buf; 827 828 /* Initialize the scan as un-filtered; the flag is later set to TRUE 829 below if a SSID or BSSID filter is sent in the command */ 830 *filtered_scan = false; 831 832 /* Initialize the scan as not being only on the current channel. If 833 the channel list is customized, only contains one channel, and is 834 the active channel, this is set true and data flow is not halted. */ 835 *scan_current_only = false; 836 837 if (user_scan_in) { 838 u8 tmpaddr[ETH_ALEN]; 839 840 /* Default the ssid_filter flag to TRUE, set false under 841 certain wildcard conditions and qualified by the existence 842 of an SSID list before marking the scan as filtered */ 843 ssid_filter = true; 844 845 /* Set the BSS type scan filter, use Adapter setting if 846 unset */ 847 scan_cfg_out->bss_mode = 848 (u8)(user_scan_in->bss_mode ?: adapter->scan_mode); 849 850 /* Set the number of probes to send, use Adapter setting 851 if unset */ 852 num_probes = user_scan_in->num_probes ?: adapter->scan_probes; 853 854 /* 855 * Set the BSSID filter to the incoming configuration, 856 * if non-zero. If not set, it will remain disabled 857 * (all zeros). 858 */ 859 memcpy(scan_cfg_out->specific_bssid, 860 user_scan_in->specific_bssid, 861 sizeof(scan_cfg_out->specific_bssid)); 862 863 memcpy(tmpaddr, scan_cfg_out->specific_bssid, ETH_ALEN); 864 865 if (adapter->ext_scan && 866 !is_zero_ether_addr(tmpaddr)) { 867 bssid_tlv = 868 (struct mwifiex_ie_types_bssid_list *)tlv_pos; 869 bssid_tlv->header.type = cpu_to_le16(TLV_TYPE_BSSID); 870 bssid_tlv->header.len = cpu_to_le16(ETH_ALEN); 871 memcpy(bssid_tlv->bssid, user_scan_in->specific_bssid, 872 ETH_ALEN); 873 tlv_pos += sizeof(struct mwifiex_ie_types_bssid_list); 874 } 875 876 for (i = 0; i < user_scan_in->num_ssids; i++) { 877 ssid_len = user_scan_in->ssid_list[i].ssid_len; 878 879 wildcard_ssid_tlv = 880 (struct mwifiex_ie_types_wildcard_ssid_params *) 881 tlv_pos; 882 wildcard_ssid_tlv->header.type = 883 cpu_to_le16(TLV_TYPE_WILDCARDSSID); 884 wildcard_ssid_tlv->header.len = cpu_to_le16( 885 (u16) (ssid_len + sizeof(wildcard_ssid_tlv-> 886 max_ssid_length))); 887 888 /* 889 * max_ssid_length = 0 tells firmware to perform 890 * specific scan for the SSID filled, whereas 891 * max_ssid_length = IEEE80211_MAX_SSID_LEN is for 892 * wildcard scan. 893 */ 894 if (ssid_len) 895 wildcard_ssid_tlv->max_ssid_length = 0; 896 else 897 wildcard_ssid_tlv->max_ssid_length = 898 IEEE80211_MAX_SSID_LEN; 899 900 if (!memcmp(user_scan_in->ssid_list[i].ssid, 901 "DIRECT-", 7)) 902 wildcard_ssid_tlv->max_ssid_length = 0xfe; 903 904 memcpy(wildcard_ssid_tlv->ssid, 905 user_scan_in->ssid_list[i].ssid, ssid_len); 906 907 tlv_pos += (sizeof(wildcard_ssid_tlv->header) 908 + le16_to_cpu(wildcard_ssid_tlv->header.len)); 909 910 mwifiex_dbg(adapter, INFO, 911 "info: scan: ssid[%d]: %s, %d\n", 912 i, wildcard_ssid_tlv->ssid, 913 wildcard_ssid_tlv->max_ssid_length); 914 915 /* Empty wildcard ssid with a maxlen will match many or 916 potentially all SSIDs (maxlen == 32), therefore do 917 not treat the scan as 918 filtered. */ 919 if (!ssid_len && wildcard_ssid_tlv->max_ssid_length) 920 ssid_filter = false; 921 } 922 923 /* 924 * The default number of channels sent in the command is low to 925 * ensure the response buffer from the firmware does not 926 * truncate scan results. That is not an issue with an SSID 927 * or BSSID filter applied to the scan results in the firmware. 928 */ 929 memcpy(tmpaddr, scan_cfg_out->specific_bssid, ETH_ALEN); 930 if ((i && ssid_filter) || 931 !is_zero_ether_addr(tmpaddr)) 932 *filtered_scan = true; 933 934 if (user_scan_in->scan_chan_gap) { 935 mwifiex_dbg(adapter, INFO, 936 "info: scan: channel gap = %d\n", 937 user_scan_in->scan_chan_gap); 938 *max_chan_per_scan = 939 MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN; 940 941 chan_gap_tlv = (void *)tlv_pos; 942 chan_gap_tlv->header.type = 943 cpu_to_le16(TLV_TYPE_SCAN_CHANNEL_GAP); 944 chan_gap_tlv->header.len = 945 cpu_to_le16(sizeof(chan_gap_tlv->chan_gap)); 946 chan_gap_tlv->chan_gap = 947 cpu_to_le16((user_scan_in->scan_chan_gap)); 948 tlv_pos += 949 sizeof(struct mwifiex_ie_types_scan_chan_gap); 950 } 951 952 if (!is_zero_ether_addr(user_scan_in->random_mac)) { 953 random_mac_tlv = (void *)tlv_pos; 954 random_mac_tlv->header.type = 955 cpu_to_le16(TLV_TYPE_RANDOM_MAC); 956 random_mac_tlv->header.len = 957 cpu_to_le16(sizeof(random_mac_tlv->mac)); 958 ether_addr_copy(random_mac_tlv->mac, 959 user_scan_in->random_mac); 960 tlv_pos += 961 sizeof(struct mwifiex_ie_types_random_mac); 962 } 963 } else { 964 scan_cfg_out->bss_mode = (u8) adapter->scan_mode; 965 num_probes = adapter->scan_probes; 966 } 967 968 /* 969 * If a specific BSSID or SSID is used, the number of channels in the 970 * scan command will be increased to the absolute maximum. 971 */ 972 if (*filtered_scan) { 973 *max_chan_per_scan = MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN; 974 } else { 975 if (!priv->media_connected) 976 *max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD; 977 else 978 *max_chan_per_scan = 979 MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD / 2; 980 } 981 982 if (adapter->ext_scan) { 983 bss_mode = (struct mwifiex_ie_types_bss_mode *)tlv_pos; 984 bss_mode->header.type = cpu_to_le16(TLV_TYPE_BSS_MODE); 985 bss_mode->header.len = cpu_to_le16(sizeof(bss_mode->bss_mode)); 986 bss_mode->bss_mode = scan_cfg_out->bss_mode; 987 tlv_pos += sizeof(bss_mode->header) + 988 le16_to_cpu(bss_mode->header.len); 989 } 990 991 /* If the input config or adapter has the number of Probes set, 992 add tlv */ 993 if (num_probes) { 994 995 mwifiex_dbg(adapter, INFO, 996 "info: scan: num_probes = %d\n", 997 num_probes); 998 999 num_probes_tlv = (struct mwifiex_ie_types_num_probes *) tlv_pos; 1000 num_probes_tlv->header.type = cpu_to_le16(TLV_TYPE_NUMPROBES); 1001 num_probes_tlv->header.len = 1002 cpu_to_le16(sizeof(num_probes_tlv->num_probes)); 1003 num_probes_tlv->num_probes = cpu_to_le16((u16) num_probes); 1004 1005 tlv_pos += sizeof(num_probes_tlv->header) + 1006 le16_to_cpu(num_probes_tlv->header.len); 1007 1008 } 1009 1010 if (ISSUPP_11NENABLED(priv->adapter->fw_cap_info) && 1011 (priv->adapter->config_bands & BAND_GN || 1012 priv->adapter->config_bands & BAND_AN)) { 1013 ht_cap = (struct mwifiex_ie_types_htcap *) tlv_pos; 1014 memset(ht_cap, 0, sizeof(struct mwifiex_ie_types_htcap)); 1015 ht_cap->header.type = cpu_to_le16(WLAN_EID_HT_CAPABILITY); 1016 ht_cap->header.len = 1017 cpu_to_le16(sizeof(struct ieee80211_ht_cap)); 1018 radio_type = 1019 mwifiex_band_to_radio_type(priv->adapter->config_bands); 1020 mwifiex_fill_cap_info(priv, radio_type, &ht_cap->ht_cap); 1021 tlv_pos += sizeof(struct mwifiex_ie_types_htcap); 1022 } 1023 1024 /* Append vendor specific IE TLV */ 1025 mwifiex_cmd_append_vsie_tlv(priv, MWIFIEX_VSIE_MASK_SCAN, &tlv_pos); 1026 1027 /* 1028 * Set the output for the channel TLV to the address in the tlv buffer 1029 * past any TLVs that were added in this function (SSID, num_probes). 1030 * Channel TLVs will be added past this for each scan command, 1031 * preserving the TLVs that were previously added. 1032 */ 1033 *chan_list_out = 1034 (struct mwifiex_ie_types_chan_list_param_set *) tlv_pos; 1035 1036 if (user_scan_in && user_scan_in->chan_list[0].chan_number) { 1037 1038 mwifiex_dbg(adapter, INFO, 1039 "info: Scan: Using supplied channel list\n"); 1040 1041 for (chan_idx = 0; 1042 chan_idx < MWIFIEX_USER_SCAN_CHAN_MAX && 1043 user_scan_in->chan_list[chan_idx].chan_number; 1044 chan_idx++) { 1045 1046 channel = user_scan_in->chan_list[chan_idx].chan_number; 1047 scan_chan_list[chan_idx].chan_number = channel; 1048 1049 radio_type = 1050 user_scan_in->chan_list[chan_idx].radio_type; 1051 scan_chan_list[chan_idx].radio_type = radio_type; 1052 1053 scan_type = user_scan_in->chan_list[chan_idx].scan_type; 1054 1055 if (scan_type == MWIFIEX_SCAN_TYPE_PASSIVE) 1056 scan_chan_list[chan_idx].chan_scan_mode_bitmap 1057 |= (MWIFIEX_PASSIVE_SCAN | 1058 MWIFIEX_HIDDEN_SSID_REPORT); 1059 else 1060 scan_chan_list[chan_idx].chan_scan_mode_bitmap 1061 &= ~MWIFIEX_PASSIVE_SCAN; 1062 1063 scan_chan_list[chan_idx].chan_scan_mode_bitmap 1064 |= MWIFIEX_DISABLE_CHAN_FILT; 1065 1066 if (user_scan_in->chan_list[chan_idx].scan_time) { 1067 scan_dur = (u16) user_scan_in-> 1068 chan_list[chan_idx].scan_time; 1069 } else { 1070 if (scan_type == MWIFIEX_SCAN_TYPE_PASSIVE) 1071 scan_dur = adapter->passive_scan_time; 1072 else if (*filtered_scan) 1073 scan_dur = adapter->specific_scan_time; 1074 else 1075 scan_dur = adapter->active_scan_time; 1076 } 1077 1078 scan_chan_list[chan_idx].min_scan_time = 1079 cpu_to_le16(scan_dur); 1080 scan_chan_list[chan_idx].max_scan_time = 1081 cpu_to_le16(scan_dur); 1082 } 1083 1084 /* Check if we are only scanning the current channel */ 1085 if ((chan_idx == 1) && 1086 (user_scan_in->chan_list[0].chan_number == 1087 priv->curr_bss_params.bss_descriptor.channel)) { 1088 *scan_current_only = true; 1089 mwifiex_dbg(adapter, INFO, 1090 "info: Scan: Scanning current channel only\n"); 1091 } 1092 } else { 1093 mwifiex_dbg(adapter, INFO, 1094 "info: Scan: Creating full region channel list\n"); 1095 mwifiex_scan_create_channel_list(priv, user_scan_in, 1096 scan_chan_list, 1097 *filtered_scan); 1098 } 1099 1100 } 1101 1102 /* 1103 * This function inspects the scan response buffer for pointers to 1104 * expected TLVs. 1105 * 1106 * TLVs can be included at the end of the scan response BSS information. 1107 * 1108 * Data in the buffer is parsed pointers to TLVs that can potentially 1109 * be passed back in the response. 1110 */ 1111 static void mwifiex_ret_802_11_scan_get_tlv_ptrs(struct mwifiex_adapter * adapter,struct mwifiex_ie_types_data * tlv,u32 tlv_buf_size,u32 req_tlv_type,struct mwifiex_ie_types_data ** tlv_data)1112 mwifiex_ret_802_11_scan_get_tlv_ptrs(struct mwifiex_adapter *adapter, 1113 struct mwifiex_ie_types_data *tlv, 1114 u32 tlv_buf_size, u32 req_tlv_type, 1115 struct mwifiex_ie_types_data **tlv_data) 1116 { 1117 struct mwifiex_ie_types_data *current_tlv; 1118 u32 tlv_buf_left; 1119 u32 tlv_type; 1120 u32 tlv_len; 1121 1122 current_tlv = tlv; 1123 tlv_buf_left = tlv_buf_size; 1124 *tlv_data = NULL; 1125 1126 mwifiex_dbg(adapter, INFO, 1127 "info: SCAN_RESP: tlv_buf_size = %d\n", 1128 tlv_buf_size); 1129 1130 while (tlv_buf_left >= sizeof(struct mwifiex_ie_types_header)) { 1131 1132 tlv_type = le16_to_cpu(current_tlv->header.type); 1133 tlv_len = le16_to_cpu(current_tlv->header.len); 1134 1135 if (sizeof(tlv->header) + tlv_len > tlv_buf_left) { 1136 mwifiex_dbg(adapter, ERROR, 1137 "SCAN_RESP: TLV buffer corrupt\n"); 1138 break; 1139 } 1140 1141 if (req_tlv_type == tlv_type) { 1142 switch (tlv_type) { 1143 case TLV_TYPE_TSFTIMESTAMP: 1144 mwifiex_dbg(adapter, INFO, 1145 "info: SCAN_RESP: TSF\t" 1146 "timestamp TLV, len = %d\n", 1147 tlv_len); 1148 *tlv_data = current_tlv; 1149 break; 1150 case TLV_TYPE_CHANNELBANDLIST: 1151 mwifiex_dbg(adapter, INFO, 1152 "info: SCAN_RESP: channel\t" 1153 "band list TLV, len = %d\n", 1154 tlv_len); 1155 *tlv_data = current_tlv; 1156 break; 1157 default: 1158 mwifiex_dbg(adapter, ERROR, 1159 "SCAN_RESP: unhandled TLV = %d\n", 1160 tlv_type); 1161 /* Give up, this seems corrupted */ 1162 return; 1163 } 1164 } 1165 1166 if (*tlv_data) 1167 break; 1168 1169 1170 tlv_buf_left -= (sizeof(tlv->header) + tlv_len); 1171 current_tlv = 1172 (struct mwifiex_ie_types_data *) (current_tlv->data + 1173 tlv_len); 1174 1175 } /* while */ 1176 } 1177 1178 /* 1179 * This function parses provided beacon buffer and updates 1180 * respective fields in bss descriptor structure. 1181 */ mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter * adapter,struct mwifiex_bssdescriptor * bss_entry)1182 int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter, 1183 struct mwifiex_bssdescriptor *bss_entry) 1184 { 1185 u8 element_id; 1186 struct ieee_types_fh_param_set *fh_param_set; 1187 struct ieee_types_ds_param_set *ds_param_set; 1188 struct ieee_types_cf_param_set *cf_param_set; 1189 struct ieee_types_ibss_param_set *ibss_param_set; 1190 u8 *current_ptr; 1191 u8 *rate; 1192 u8 element_len; 1193 u16 total_ie_len; 1194 u8 bytes_to_copy; 1195 u8 rate_size; 1196 u8 found_data_rate_ie; 1197 u32 bytes_left; 1198 struct ieee_types_vendor_specific *vendor_ie; 1199 const u8 wpa_oui[4] = { 0x00, 0x50, 0xf2, 0x01 }; 1200 const u8 wmm_oui[4] = { 0x00, 0x50, 0xf2, 0x02 }; 1201 1202 found_data_rate_ie = false; 1203 rate_size = 0; 1204 current_ptr = bss_entry->beacon_buf; 1205 bytes_left = bss_entry->beacon_buf_size; 1206 1207 /* Process variable IE */ 1208 while (bytes_left >= 2) { 1209 element_id = *current_ptr; 1210 element_len = *(current_ptr + 1); 1211 total_ie_len = element_len + sizeof(struct ieee_types_header); 1212 1213 if (bytes_left < total_ie_len) { 1214 mwifiex_dbg(adapter, ERROR, 1215 "err: InterpretIE: in processing\t" 1216 "IE, bytes left < IE length\n"); 1217 return -EINVAL; 1218 } 1219 switch (element_id) { 1220 case WLAN_EID_SSID: 1221 if (element_len > IEEE80211_MAX_SSID_LEN) 1222 return -EINVAL; 1223 bss_entry->ssid.ssid_len = element_len; 1224 memcpy(bss_entry->ssid.ssid, (current_ptr + 2), 1225 element_len); 1226 mwifiex_dbg(adapter, INFO, 1227 "info: InterpretIE: ssid: %-32s\n", 1228 bss_entry->ssid.ssid); 1229 break; 1230 1231 case WLAN_EID_SUPP_RATES: 1232 if (element_len > MWIFIEX_SUPPORTED_RATES) 1233 return -EINVAL; 1234 memcpy(bss_entry->data_rates, current_ptr + 2, 1235 element_len); 1236 memcpy(bss_entry->supported_rates, current_ptr + 2, 1237 element_len); 1238 rate_size = element_len; 1239 found_data_rate_ie = true; 1240 break; 1241 1242 case WLAN_EID_FH_PARAMS: 1243 if (total_ie_len < sizeof(*fh_param_set)) 1244 return -EINVAL; 1245 fh_param_set = 1246 (struct ieee_types_fh_param_set *) current_ptr; 1247 memcpy(&bss_entry->phy_param_set.fh_param_set, 1248 fh_param_set, 1249 sizeof(struct ieee_types_fh_param_set)); 1250 break; 1251 1252 case WLAN_EID_DS_PARAMS: 1253 if (total_ie_len < sizeof(*ds_param_set)) 1254 return -EINVAL; 1255 ds_param_set = 1256 (struct ieee_types_ds_param_set *) current_ptr; 1257 1258 bss_entry->channel = ds_param_set->current_chan; 1259 1260 memcpy(&bss_entry->phy_param_set.ds_param_set, 1261 ds_param_set, 1262 sizeof(struct ieee_types_ds_param_set)); 1263 break; 1264 1265 case WLAN_EID_CF_PARAMS: 1266 if (total_ie_len < sizeof(*cf_param_set)) 1267 return -EINVAL; 1268 cf_param_set = 1269 (struct ieee_types_cf_param_set *) current_ptr; 1270 memcpy(&bss_entry->ss_param_set.cf_param_set, 1271 cf_param_set, 1272 sizeof(struct ieee_types_cf_param_set)); 1273 break; 1274 1275 case WLAN_EID_IBSS_PARAMS: 1276 if (total_ie_len < sizeof(*ibss_param_set)) 1277 return -EINVAL; 1278 ibss_param_set = 1279 (struct ieee_types_ibss_param_set *) 1280 current_ptr; 1281 memcpy(&bss_entry->ss_param_set.ibss_param_set, 1282 ibss_param_set, 1283 sizeof(struct ieee_types_ibss_param_set)); 1284 break; 1285 1286 case WLAN_EID_ERP_INFO: 1287 if (!element_len) 1288 return -EINVAL; 1289 bss_entry->erp_flags = *(current_ptr + 2); 1290 break; 1291 1292 case WLAN_EID_PWR_CONSTRAINT: 1293 if (!element_len) 1294 return -EINVAL; 1295 bss_entry->local_constraint = *(current_ptr + 2); 1296 bss_entry->sensed_11h = true; 1297 break; 1298 1299 case WLAN_EID_CHANNEL_SWITCH: 1300 bss_entry->chan_sw_ie_present = true; 1301 fallthrough; 1302 case WLAN_EID_PWR_CAPABILITY: 1303 case WLAN_EID_TPC_REPORT: 1304 case WLAN_EID_QUIET: 1305 bss_entry->sensed_11h = true; 1306 break; 1307 1308 case WLAN_EID_EXT_SUPP_RATES: 1309 /* 1310 * Only process extended supported rate 1311 * if data rate is already found. 1312 * Data rate IE should come before 1313 * extended supported rate IE 1314 */ 1315 if (found_data_rate_ie) { 1316 if ((element_len + rate_size) > 1317 MWIFIEX_SUPPORTED_RATES) 1318 bytes_to_copy = 1319 (MWIFIEX_SUPPORTED_RATES - 1320 rate_size); 1321 else 1322 bytes_to_copy = element_len; 1323 1324 rate = (u8 *) bss_entry->data_rates; 1325 rate += rate_size; 1326 memcpy(rate, current_ptr + 2, bytes_to_copy); 1327 1328 rate = (u8 *) bss_entry->supported_rates; 1329 rate += rate_size; 1330 memcpy(rate, current_ptr + 2, bytes_to_copy); 1331 } 1332 break; 1333 1334 case WLAN_EID_VENDOR_SPECIFIC: 1335 vendor_ie = (struct ieee_types_vendor_specific *) 1336 current_ptr; 1337 1338 /* 802.11 requires at least 3-byte OUI. */ 1339 if (element_len < sizeof(vendor_ie->vend_hdr.oui.oui)) 1340 return -EINVAL; 1341 1342 /* Not long enough for a match? Skip it. */ 1343 if (element_len < sizeof(wpa_oui)) 1344 break; 1345 1346 if (!memcmp(&vendor_ie->vend_hdr.oui, wpa_oui, 1347 sizeof(wpa_oui))) { 1348 bss_entry->bcn_wpa_ie = 1349 (struct ieee_types_vendor_specific *) 1350 current_ptr; 1351 bss_entry->wpa_offset = (u16) 1352 (current_ptr - bss_entry->beacon_buf); 1353 } else if (!memcmp(&vendor_ie->vend_hdr.oui, wmm_oui, 1354 sizeof(wmm_oui))) { 1355 if (total_ie_len == 1356 sizeof(struct ieee_types_wmm_parameter) || 1357 total_ie_len == 1358 sizeof(struct ieee_types_wmm_info)) 1359 /* 1360 * Only accept and copy the WMM IE if 1361 * it matches the size expected for the 1362 * WMM Info IE or the WMM Parameter IE. 1363 */ 1364 memcpy((u8 *) &bss_entry->wmm_ie, 1365 current_ptr, total_ie_len); 1366 } 1367 break; 1368 case WLAN_EID_RSN: 1369 bss_entry->bcn_rsn_ie = 1370 (struct ieee_types_generic *) current_ptr; 1371 bss_entry->rsn_offset = (u16) (current_ptr - 1372 bss_entry->beacon_buf); 1373 break; 1374 case WLAN_EID_RSNX: 1375 bss_entry->bcn_rsnx_ie = 1376 (struct ieee_types_generic *)current_ptr; 1377 bss_entry->rsnx_offset = 1378 (u16)(current_ptr - bss_entry->beacon_buf); 1379 break; 1380 case WLAN_EID_BSS_AC_ACCESS_DELAY: 1381 bss_entry->bcn_wapi_ie = 1382 (struct ieee_types_generic *) current_ptr; 1383 bss_entry->wapi_offset = (u16) (current_ptr - 1384 bss_entry->beacon_buf); 1385 break; 1386 case WLAN_EID_HT_CAPABILITY: 1387 bss_entry->bcn_ht_cap = (struct ieee80211_ht_cap *) 1388 (current_ptr + 1389 sizeof(struct ieee_types_header)); 1390 bss_entry->ht_cap_offset = (u16) (current_ptr + 1391 sizeof(struct ieee_types_header) - 1392 bss_entry->beacon_buf); 1393 break; 1394 case WLAN_EID_HT_OPERATION: 1395 bss_entry->bcn_ht_oper = 1396 (struct ieee80211_ht_operation *)(current_ptr + 1397 sizeof(struct ieee_types_header)); 1398 bss_entry->ht_info_offset = (u16) (current_ptr + 1399 sizeof(struct ieee_types_header) - 1400 bss_entry->beacon_buf); 1401 break; 1402 case WLAN_EID_VHT_CAPABILITY: 1403 bss_entry->disable_11ac = false; 1404 bss_entry->bcn_vht_cap = 1405 (void *)(current_ptr + 1406 sizeof(struct ieee_types_header)); 1407 bss_entry->vht_cap_offset = 1408 (u16)((u8 *)bss_entry->bcn_vht_cap - 1409 bss_entry->beacon_buf); 1410 break; 1411 case WLAN_EID_VHT_OPERATION: 1412 bss_entry->bcn_vht_oper = 1413 (void *)(current_ptr + 1414 sizeof(struct ieee_types_header)); 1415 bss_entry->vht_info_offset = 1416 (u16)((u8 *)bss_entry->bcn_vht_oper - 1417 bss_entry->beacon_buf); 1418 break; 1419 case WLAN_EID_BSS_COEX_2040: 1420 bss_entry->bcn_bss_co_2040 = current_ptr; 1421 bss_entry->bss_co_2040_offset = 1422 (u16) (current_ptr - bss_entry->beacon_buf); 1423 break; 1424 case WLAN_EID_EXT_CAPABILITY: 1425 bss_entry->bcn_ext_cap = current_ptr; 1426 bss_entry->ext_cap_offset = 1427 (u16) (current_ptr - bss_entry->beacon_buf); 1428 break; 1429 case WLAN_EID_OPMODE_NOTIF: 1430 bss_entry->oper_mode = (void *)current_ptr; 1431 bss_entry->oper_mode_offset = 1432 (u16)((u8 *)bss_entry->oper_mode - 1433 bss_entry->beacon_buf); 1434 break; 1435 default: 1436 break; 1437 } 1438 1439 current_ptr += total_ie_len; 1440 bytes_left -= total_ie_len; 1441 1442 } /* while (bytes_left > 2) */ 1443 return 0; 1444 } 1445 1446 /* 1447 * This function converts radio type scan parameter to a band configuration 1448 * to be used in join command. 1449 */ 1450 static u8 mwifiex_radio_type_to_band(u8 radio_type)1451 mwifiex_radio_type_to_band(u8 radio_type) 1452 { 1453 switch (radio_type) { 1454 case HostCmd_SCAN_RADIO_TYPE_A: 1455 return BAND_A; 1456 case HostCmd_SCAN_RADIO_TYPE_BG: 1457 default: 1458 return BAND_G; 1459 } 1460 } 1461 1462 /* 1463 * This is an internal function used to start a scan based on an input 1464 * configuration. 1465 * 1466 * This uses the input user scan configuration information when provided in 1467 * order to send the appropriate scan commands to firmware to populate or 1468 * update the internal driver scan table. 1469 */ mwifiex_scan_networks(struct mwifiex_private * priv,const struct mwifiex_user_scan_cfg * user_scan_in)1470 int mwifiex_scan_networks(struct mwifiex_private *priv, 1471 const struct mwifiex_user_scan_cfg *user_scan_in) 1472 { 1473 int ret; 1474 struct mwifiex_adapter *adapter = priv->adapter; 1475 struct cmd_ctrl_node *cmd_node; 1476 union mwifiex_scan_cmd_config_tlv *scan_cfg_out; 1477 struct mwifiex_ie_types_chan_list_param_set *chan_list_out; 1478 struct mwifiex_chan_scan_param_set *scan_chan_list; 1479 u8 filtered_scan; 1480 u8 scan_current_chan_only; 1481 u8 max_chan_per_scan; 1482 1483 if (adapter->scan_processing) { 1484 mwifiex_dbg(adapter, WARN, 1485 "cmd: Scan already in process...\n"); 1486 return -EBUSY; 1487 } 1488 1489 if (priv->scan_block) { 1490 mwifiex_dbg(adapter, WARN, 1491 "cmd: Scan is blocked during association...\n"); 1492 return -EBUSY; 1493 } 1494 1495 if (test_bit(MWIFIEX_SURPRISE_REMOVED, &adapter->work_flags) || 1496 test_bit(MWIFIEX_IS_CMD_TIMEDOUT, &adapter->work_flags)) { 1497 mwifiex_dbg(adapter, ERROR, 1498 "Ignore scan. Card removed or firmware in bad state\n"); 1499 return -EFAULT; 1500 } 1501 1502 spin_lock_bh(&adapter->mwifiex_cmd_lock); 1503 adapter->scan_processing = true; 1504 spin_unlock_bh(&adapter->mwifiex_cmd_lock); 1505 1506 scan_cfg_out = kzalloc(sizeof(union mwifiex_scan_cmd_config_tlv), 1507 GFP_KERNEL); 1508 if (!scan_cfg_out) { 1509 ret = -ENOMEM; 1510 goto done; 1511 } 1512 1513 scan_chan_list = kcalloc(MWIFIEX_USER_SCAN_CHAN_MAX, 1514 sizeof(struct mwifiex_chan_scan_param_set), 1515 GFP_KERNEL); 1516 if (!scan_chan_list) { 1517 kfree(scan_cfg_out); 1518 ret = -ENOMEM; 1519 goto done; 1520 } 1521 1522 mwifiex_config_scan(priv, user_scan_in, &scan_cfg_out->config, 1523 &chan_list_out, scan_chan_list, &max_chan_per_scan, 1524 &filtered_scan, &scan_current_chan_only); 1525 1526 ret = mwifiex_scan_channel_list(priv, max_chan_per_scan, filtered_scan, 1527 &scan_cfg_out->config, chan_list_out, 1528 scan_chan_list); 1529 1530 /* Get scan command from scan_pending_q and put to cmd_pending_q */ 1531 if (!ret) { 1532 spin_lock_bh(&adapter->scan_pending_q_lock); 1533 if (!list_empty(&adapter->scan_pending_q)) { 1534 cmd_node = list_first_entry(&adapter->scan_pending_q, 1535 struct cmd_ctrl_node, list); 1536 list_del(&cmd_node->list); 1537 spin_unlock_bh(&adapter->scan_pending_q_lock); 1538 mwifiex_insert_cmd_to_pending_q(adapter, cmd_node); 1539 queue_work(adapter->workqueue, &adapter->main_work); 1540 1541 /* Perform internal scan synchronously */ 1542 if (!priv->scan_request) { 1543 mwifiex_dbg(adapter, INFO, 1544 "wait internal scan\n"); 1545 mwifiex_wait_queue_complete(adapter, cmd_node); 1546 } 1547 } else { 1548 spin_unlock_bh(&adapter->scan_pending_q_lock); 1549 } 1550 } 1551 1552 kfree(scan_cfg_out); 1553 kfree(scan_chan_list); 1554 done: 1555 if (ret) { 1556 spin_lock_bh(&adapter->mwifiex_cmd_lock); 1557 adapter->scan_processing = false; 1558 spin_unlock_bh(&adapter->mwifiex_cmd_lock); 1559 } 1560 return ret; 1561 } 1562 1563 /* 1564 * This function prepares a scan command to be sent to the firmware. 1565 * 1566 * This uses the scan command configuration sent to the command processing 1567 * module in command preparation stage to configure a scan command structure 1568 * to send to firmware. 1569 * 1570 * The fixed fields specifying the BSS type and BSSID filters as well as a 1571 * variable number/length of TLVs are sent in the command to firmware. 1572 * 1573 * Preparation also includes - 1574 * - Setting command ID, and proper size 1575 * - Ensuring correct endian-ness 1576 */ mwifiex_cmd_802_11_scan(struct host_cmd_ds_command * cmd,struct mwifiex_scan_cmd_config * scan_cfg)1577 int mwifiex_cmd_802_11_scan(struct host_cmd_ds_command *cmd, 1578 struct mwifiex_scan_cmd_config *scan_cfg) 1579 { 1580 struct host_cmd_ds_802_11_scan *scan_cmd = &cmd->params.scan; 1581 1582 /* Set fixed field variables in scan command */ 1583 scan_cmd->bss_mode = scan_cfg->bss_mode; 1584 memcpy(scan_cmd->bssid, scan_cfg->specific_bssid, 1585 sizeof(scan_cmd->bssid)); 1586 memcpy(scan_cmd->tlv_buffer, scan_cfg->tlv_buf, scan_cfg->tlv_buf_len); 1587 1588 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_SCAN); 1589 1590 /* Size is equal to the sizeof(fixed portions) + the TLV len + header */ 1591 cmd->size = cpu_to_le16((u16) (sizeof(scan_cmd->bss_mode) 1592 + sizeof(scan_cmd->bssid) 1593 + scan_cfg->tlv_buf_len + S_DS_GEN)); 1594 1595 return 0; 1596 } 1597 1598 /* 1599 * This function checks compatibility of requested network with current 1600 * driver settings. 1601 */ mwifiex_check_network_compatibility(struct mwifiex_private * priv,struct mwifiex_bssdescriptor * bss_desc)1602 int mwifiex_check_network_compatibility(struct mwifiex_private *priv, 1603 struct mwifiex_bssdescriptor *bss_desc) 1604 { 1605 int ret = -1; 1606 1607 if (!bss_desc) 1608 return -1; 1609 1610 if ((mwifiex_get_cfp(priv, (u8) bss_desc->bss_band, 1611 (u16) bss_desc->channel, 0))) { 1612 switch (priv->bss_mode) { 1613 case NL80211_IFTYPE_STATION: 1614 case NL80211_IFTYPE_ADHOC: 1615 ret = mwifiex_is_network_compatible(priv, bss_desc, 1616 priv->bss_mode); 1617 if (ret) 1618 mwifiex_dbg(priv->adapter, ERROR, 1619 "Incompatible network settings\n"); 1620 break; 1621 default: 1622 ret = 0; 1623 } 1624 } 1625 1626 return ret; 1627 } 1628 1629 /* This function checks if SSID string contains all zeroes or length is zero */ mwifiex_is_hidden_ssid(struct cfg80211_ssid * ssid)1630 static bool mwifiex_is_hidden_ssid(struct cfg80211_ssid *ssid) 1631 { 1632 int idx; 1633 1634 for (idx = 0; idx < ssid->ssid_len; idx++) { 1635 if (ssid->ssid[idx]) 1636 return false; 1637 } 1638 1639 return true; 1640 } 1641 1642 /* This function checks if any hidden SSID found in passive scan channels 1643 * and save those channels for specific SSID active scan 1644 */ mwifiex_save_hidden_ssid_channels(struct mwifiex_private * priv,struct cfg80211_bss * bss)1645 static int mwifiex_save_hidden_ssid_channels(struct mwifiex_private *priv, 1646 struct cfg80211_bss *bss) 1647 { 1648 struct mwifiex_bssdescriptor *bss_desc; 1649 int ret; 1650 int chid; 1651 1652 /* Allocate and fill new bss descriptor */ 1653 bss_desc = kzalloc(sizeof(*bss_desc), GFP_KERNEL); 1654 if (!bss_desc) 1655 return -ENOMEM; 1656 1657 ret = mwifiex_fill_new_bss_desc(priv, bss, bss_desc); 1658 if (ret) 1659 goto done; 1660 1661 if (mwifiex_is_hidden_ssid(&bss_desc->ssid)) { 1662 mwifiex_dbg(priv->adapter, INFO, "found hidden SSID\n"); 1663 for (chid = 0 ; chid < MWIFIEX_USER_SCAN_CHAN_MAX; chid++) { 1664 if (priv->hidden_chan[chid].chan_number == 1665 bss->channel->hw_value) 1666 break; 1667 1668 if (!priv->hidden_chan[chid].chan_number) { 1669 priv->hidden_chan[chid].chan_number = 1670 bss->channel->hw_value; 1671 priv->hidden_chan[chid].radio_type = 1672 bss->channel->band; 1673 priv->hidden_chan[chid].scan_type = 1674 MWIFIEX_SCAN_TYPE_ACTIVE; 1675 break; 1676 } 1677 } 1678 } 1679 1680 done: 1681 /* beacon_ie buffer was allocated in function 1682 * mwifiex_fill_new_bss_desc(). Free it now. 1683 */ 1684 kfree(bss_desc->beacon_buf); 1685 kfree(bss_desc); 1686 return 0; 1687 } 1688 mwifiex_update_curr_bss_params(struct mwifiex_private * priv,struct cfg80211_bss * bss)1689 static int mwifiex_update_curr_bss_params(struct mwifiex_private *priv, 1690 struct cfg80211_bss *bss) 1691 { 1692 struct mwifiex_bssdescriptor *bss_desc; 1693 int ret; 1694 1695 /* Allocate and fill new bss descriptor */ 1696 bss_desc = kzalloc(sizeof(struct mwifiex_bssdescriptor), GFP_KERNEL); 1697 if (!bss_desc) 1698 return -ENOMEM; 1699 1700 ret = mwifiex_fill_new_bss_desc(priv, bss, bss_desc); 1701 if (ret) 1702 goto done; 1703 1704 ret = mwifiex_check_network_compatibility(priv, bss_desc); 1705 if (ret) 1706 goto done; 1707 1708 spin_lock_bh(&priv->curr_bcn_buf_lock); 1709 /* Make a copy of current BSSID descriptor */ 1710 memcpy(&priv->curr_bss_params.bss_descriptor, bss_desc, 1711 sizeof(priv->curr_bss_params.bss_descriptor)); 1712 1713 /* The contents of beacon_ie will be copied to its own buffer 1714 * in mwifiex_save_curr_bcn() 1715 */ 1716 mwifiex_save_curr_bcn(priv); 1717 spin_unlock_bh(&priv->curr_bcn_buf_lock); 1718 1719 done: 1720 /* beacon_ie buffer was allocated in function 1721 * mwifiex_fill_new_bss_desc(). Free it now. 1722 */ 1723 kfree(bss_desc->beacon_buf); 1724 kfree(bss_desc); 1725 return 0; 1726 } 1727 1728 static int mwifiex_parse_single_response_buf(struct mwifiex_private * priv,u8 ** bss_info,u32 * bytes_left,u64 fw_tsf,u8 * radio_type,bool ext_scan,s32 rssi_val)1729 mwifiex_parse_single_response_buf(struct mwifiex_private *priv, u8 **bss_info, 1730 u32 *bytes_left, u64 fw_tsf, u8 *radio_type, 1731 bool ext_scan, s32 rssi_val) 1732 { 1733 struct mwifiex_adapter *adapter = priv->adapter; 1734 struct mwifiex_chan_freq_power *cfp; 1735 struct cfg80211_bss *bss; 1736 u8 bssid[ETH_ALEN]; 1737 s32 rssi; 1738 const u8 *ie_buf; 1739 size_t ie_len; 1740 u16 channel = 0; 1741 u16 beacon_size = 0; 1742 u32 curr_bcn_bytes; 1743 u32 freq; 1744 u16 beacon_period; 1745 u16 cap_info_bitmap; 1746 u8 *current_ptr; 1747 u64 timestamp; 1748 struct mwifiex_fixed_bcn_param *bcn_param; 1749 struct mwifiex_bss_priv *bss_priv; 1750 1751 if (*bytes_left >= sizeof(beacon_size)) { 1752 /* Extract & convert beacon size from command buffer */ 1753 beacon_size = get_unaligned_le16((*bss_info)); 1754 *bytes_left -= sizeof(beacon_size); 1755 *bss_info += sizeof(beacon_size); 1756 } 1757 1758 if (!beacon_size || beacon_size > *bytes_left) { 1759 *bss_info += *bytes_left; 1760 *bytes_left = 0; 1761 return -EFAULT; 1762 } 1763 1764 /* Initialize the current working beacon pointer for this BSS 1765 * iteration 1766 */ 1767 current_ptr = *bss_info; 1768 1769 /* Advance the return beacon pointer past the current beacon */ 1770 *bss_info += beacon_size; 1771 *bytes_left -= beacon_size; 1772 1773 curr_bcn_bytes = beacon_size; 1774 1775 /* First 5 fields are bssid, RSSI(for legacy scan only), 1776 * time stamp, beacon interval, and capability information 1777 */ 1778 if (curr_bcn_bytes < ETH_ALEN + sizeof(u8) + 1779 sizeof(struct mwifiex_fixed_bcn_param)) { 1780 mwifiex_dbg(adapter, ERROR, 1781 "InterpretIE: not enough bytes left\n"); 1782 return -EFAULT; 1783 } 1784 1785 memcpy(bssid, current_ptr, ETH_ALEN); 1786 current_ptr += ETH_ALEN; 1787 curr_bcn_bytes -= ETH_ALEN; 1788 1789 if (!ext_scan) { 1790 rssi = (s32) *current_ptr; 1791 rssi = (-rssi) * 100; /* Convert dBm to mBm */ 1792 current_ptr += sizeof(u8); 1793 curr_bcn_bytes -= sizeof(u8); 1794 mwifiex_dbg(adapter, INFO, 1795 "info: InterpretIE: RSSI=%d\n", rssi); 1796 } else { 1797 rssi = rssi_val; 1798 } 1799 1800 bcn_param = (struct mwifiex_fixed_bcn_param *)current_ptr; 1801 current_ptr += sizeof(*bcn_param); 1802 curr_bcn_bytes -= sizeof(*bcn_param); 1803 1804 timestamp = le64_to_cpu(bcn_param->timestamp); 1805 beacon_period = le16_to_cpu(bcn_param->beacon_period); 1806 1807 cap_info_bitmap = le16_to_cpu(bcn_param->cap_info_bitmap); 1808 mwifiex_dbg(adapter, INFO, 1809 "info: InterpretIE: capabilities=0x%X\n", 1810 cap_info_bitmap); 1811 1812 /* Rest of the current buffer are IE's */ 1813 ie_buf = current_ptr; 1814 ie_len = curr_bcn_bytes; 1815 mwifiex_dbg(adapter, INFO, 1816 "info: InterpretIE: IELength for this AP = %d\n", 1817 curr_bcn_bytes); 1818 1819 while (curr_bcn_bytes >= sizeof(struct ieee_types_header)) { 1820 u8 element_id, element_len; 1821 1822 element_id = *current_ptr; 1823 element_len = *(current_ptr + 1); 1824 if (curr_bcn_bytes < element_len + 1825 sizeof(struct ieee_types_header)) { 1826 mwifiex_dbg(adapter, ERROR, 1827 "%s: bytes left < IE length\n", __func__); 1828 return -EFAULT; 1829 } 1830 if (element_id == WLAN_EID_DS_PARAMS) { 1831 channel = *(current_ptr + 1832 sizeof(struct ieee_types_header)); 1833 break; 1834 } 1835 1836 current_ptr += element_len + sizeof(struct ieee_types_header); 1837 curr_bcn_bytes -= element_len + 1838 sizeof(struct ieee_types_header); 1839 } 1840 1841 if (channel) { 1842 struct ieee80211_channel *chan; 1843 u8 band; 1844 1845 /* Skip entry if on csa closed channel */ 1846 if (channel == priv->csa_chan) { 1847 mwifiex_dbg(adapter, WARN, 1848 "Dropping entry on csa closed channel\n"); 1849 return 0; 1850 } 1851 1852 band = BAND_G; 1853 if (radio_type) 1854 band = mwifiex_radio_type_to_band(*radio_type & 1855 (BIT(0) | BIT(1))); 1856 1857 cfp = mwifiex_get_cfp(priv, band, channel, 0); 1858 1859 freq = cfp ? cfp->freq : 0; 1860 1861 chan = ieee80211_get_channel(priv->wdev.wiphy, freq); 1862 1863 if (chan && !(chan->flags & IEEE80211_CHAN_DISABLED)) { 1864 bss = cfg80211_inform_bss(priv->wdev.wiphy, 1865 chan, CFG80211_BSS_FTYPE_UNKNOWN, 1866 bssid, timestamp, 1867 cap_info_bitmap, beacon_period, 1868 ie_buf, ie_len, rssi, GFP_ATOMIC); 1869 if (bss) { 1870 bss_priv = (struct mwifiex_bss_priv *)bss->priv; 1871 bss_priv->band = band; 1872 bss_priv->fw_tsf = fw_tsf; 1873 if (priv->media_connected && 1874 !memcmp(bssid, priv->curr_bss_params. 1875 bss_descriptor.mac_address, 1876 ETH_ALEN)) 1877 mwifiex_update_curr_bss_params(priv, 1878 bss); 1879 1880 if ((chan->flags & IEEE80211_CHAN_RADAR) || 1881 (chan->flags & IEEE80211_CHAN_NO_IR)) { 1882 mwifiex_dbg(adapter, INFO, 1883 "radar or passive channel %d\n", 1884 channel); 1885 mwifiex_save_hidden_ssid_channels(priv, 1886 bss); 1887 } 1888 1889 cfg80211_put_bss(priv->wdev.wiphy, bss); 1890 } 1891 } 1892 } else { 1893 mwifiex_dbg(adapter, WARN, "missing BSS channel IE\n"); 1894 } 1895 1896 return 0; 1897 } 1898 mwifiex_complete_scan(struct mwifiex_private * priv)1899 static void mwifiex_complete_scan(struct mwifiex_private *priv) 1900 { 1901 struct mwifiex_adapter *adapter = priv->adapter; 1902 1903 adapter->survey_idx = 0; 1904 if (adapter->curr_cmd->wait_q_enabled) { 1905 adapter->cmd_wait_q.status = 0; 1906 if (!priv->scan_request) { 1907 mwifiex_dbg(adapter, INFO, 1908 "complete internal scan\n"); 1909 mwifiex_complete_cmd(adapter, adapter->curr_cmd); 1910 } 1911 } 1912 } 1913 1914 /* This function checks if any hidden SSID found in passive scan channels 1915 * and do specific SSID active scan for those channels 1916 */ 1917 static int mwifiex_active_scan_req_for_passive_chan(struct mwifiex_private * priv)1918 mwifiex_active_scan_req_for_passive_chan(struct mwifiex_private *priv) 1919 { 1920 int ret; 1921 struct mwifiex_adapter *adapter = priv->adapter; 1922 u8 id = 0; 1923 struct mwifiex_user_scan_cfg *user_scan_cfg; 1924 1925 if (adapter->active_scan_triggered || !priv->scan_request || 1926 priv->scan_aborting) { 1927 adapter->active_scan_triggered = false; 1928 return 0; 1929 } 1930 1931 if (!priv->hidden_chan[0].chan_number) { 1932 mwifiex_dbg(adapter, INFO, "No BSS with hidden SSID found on DFS channels\n"); 1933 return 0; 1934 } 1935 user_scan_cfg = kzalloc(sizeof(*user_scan_cfg), GFP_KERNEL); 1936 1937 if (!user_scan_cfg) 1938 return -ENOMEM; 1939 1940 for (id = 0; id < MWIFIEX_USER_SCAN_CHAN_MAX; id++) { 1941 if (!priv->hidden_chan[id].chan_number) 1942 break; 1943 memcpy(&user_scan_cfg->chan_list[id], 1944 &priv->hidden_chan[id], 1945 sizeof(struct mwifiex_user_scan_chan)); 1946 } 1947 1948 adapter->active_scan_triggered = true; 1949 if (priv->scan_request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) 1950 ether_addr_copy(user_scan_cfg->random_mac, 1951 priv->scan_request->mac_addr); 1952 user_scan_cfg->num_ssids = priv->scan_request->n_ssids; 1953 user_scan_cfg->ssid_list = priv->scan_request->ssids; 1954 1955 ret = mwifiex_scan_networks(priv, user_scan_cfg); 1956 kfree(user_scan_cfg); 1957 1958 memset(&priv->hidden_chan, 0, sizeof(priv->hidden_chan)); 1959 1960 if (ret) { 1961 dev_err(priv->adapter->dev, "scan failed: %d\n", ret); 1962 return ret; 1963 } 1964 1965 return 0; 1966 } mwifiex_check_next_scan_command(struct mwifiex_private * priv)1967 static void mwifiex_check_next_scan_command(struct mwifiex_private *priv) 1968 { 1969 struct mwifiex_adapter *adapter = priv->adapter; 1970 struct cmd_ctrl_node *cmd_node; 1971 1972 spin_lock_bh(&adapter->scan_pending_q_lock); 1973 if (list_empty(&adapter->scan_pending_q)) { 1974 spin_unlock_bh(&adapter->scan_pending_q_lock); 1975 1976 spin_lock_bh(&adapter->mwifiex_cmd_lock); 1977 adapter->scan_processing = false; 1978 spin_unlock_bh(&adapter->mwifiex_cmd_lock); 1979 1980 mwifiex_active_scan_req_for_passive_chan(priv); 1981 1982 if (!adapter->ext_scan) 1983 mwifiex_complete_scan(priv); 1984 1985 if (priv->scan_request) { 1986 struct cfg80211_scan_info info = { 1987 .aborted = false, 1988 }; 1989 1990 mwifiex_dbg(adapter, INFO, 1991 "info: notifying scan done\n"); 1992 cfg80211_scan_done(priv->scan_request, &info); 1993 priv->scan_request = NULL; 1994 priv->scan_aborting = false; 1995 } else { 1996 priv->scan_aborting = false; 1997 mwifiex_dbg(adapter, INFO, 1998 "info: scan already aborted\n"); 1999 } 2000 } else if ((priv->scan_aborting && !priv->scan_request) || 2001 priv->scan_block) { 2002 spin_unlock_bh(&adapter->scan_pending_q_lock); 2003 2004 mwifiex_cancel_pending_scan_cmd(adapter); 2005 2006 spin_lock_bh(&adapter->mwifiex_cmd_lock); 2007 adapter->scan_processing = false; 2008 spin_unlock_bh(&adapter->mwifiex_cmd_lock); 2009 2010 if (!adapter->active_scan_triggered) { 2011 if (priv->scan_request) { 2012 struct cfg80211_scan_info info = { 2013 .aborted = true, 2014 }; 2015 2016 mwifiex_dbg(adapter, INFO, 2017 "info: aborting scan\n"); 2018 cfg80211_scan_done(priv->scan_request, &info); 2019 priv->scan_request = NULL; 2020 priv->scan_aborting = false; 2021 } else { 2022 priv->scan_aborting = false; 2023 mwifiex_dbg(adapter, INFO, 2024 "info: scan already aborted\n"); 2025 } 2026 } 2027 } else { 2028 /* Get scan command from scan_pending_q and put to 2029 * cmd_pending_q 2030 */ 2031 cmd_node = list_first_entry(&adapter->scan_pending_q, 2032 struct cmd_ctrl_node, list); 2033 list_del(&cmd_node->list); 2034 spin_unlock_bh(&adapter->scan_pending_q_lock); 2035 mwifiex_insert_cmd_to_pending_q(adapter, cmd_node); 2036 } 2037 2038 return; 2039 } 2040 mwifiex_cancel_scan(struct mwifiex_adapter * adapter)2041 void mwifiex_cancel_scan(struct mwifiex_adapter *adapter) 2042 { 2043 struct mwifiex_private *priv; 2044 int i; 2045 2046 mwifiex_cancel_pending_scan_cmd(adapter); 2047 2048 if (adapter->scan_processing) { 2049 spin_lock_bh(&adapter->mwifiex_cmd_lock); 2050 adapter->scan_processing = false; 2051 spin_unlock_bh(&adapter->mwifiex_cmd_lock); 2052 for (i = 0; i < adapter->priv_num; i++) { 2053 priv = adapter->priv[i]; 2054 if (priv->scan_request) { 2055 struct cfg80211_scan_info info = { 2056 .aborted = true, 2057 }; 2058 2059 mwifiex_dbg(adapter, INFO, 2060 "info: aborting scan\n"); 2061 cfg80211_scan_done(priv->scan_request, &info); 2062 priv->scan_request = NULL; 2063 priv->scan_aborting = false; 2064 } 2065 } 2066 } 2067 } 2068 2069 /* 2070 * This function handles the command response of scan. 2071 * 2072 * The response buffer for the scan command has the following 2073 * memory layout: 2074 * 2075 * .-------------------------------------------------------------. 2076 * | Header (4 * sizeof(t_u16)): Standard command response hdr | 2077 * .-------------------------------------------------------------. 2078 * | BufSize (t_u16) : sizeof the BSS Description data | 2079 * .-------------------------------------------------------------. 2080 * | NumOfSet (t_u8) : Number of BSS Descs returned | 2081 * .-------------------------------------------------------------. 2082 * | BSSDescription data (variable, size given in BufSize) | 2083 * .-------------------------------------------------------------. 2084 * | TLV data (variable, size calculated using Header->Size, | 2085 * | BufSize and sizeof the fixed fields above) | 2086 * .-------------------------------------------------------------. 2087 */ mwifiex_ret_802_11_scan(struct mwifiex_private * priv,struct host_cmd_ds_command * resp)2088 int mwifiex_ret_802_11_scan(struct mwifiex_private *priv, 2089 struct host_cmd_ds_command *resp) 2090 { 2091 int ret = 0; 2092 struct mwifiex_adapter *adapter = priv->adapter; 2093 struct host_cmd_ds_802_11_scan_rsp *scan_rsp; 2094 struct mwifiex_ie_types_data *tlv_data; 2095 struct mwifiex_ie_types_tsf_timestamp *tsf_tlv; 2096 u8 *bss_info; 2097 u32 scan_resp_size; 2098 u32 bytes_left; 2099 u32 idx; 2100 u32 tlv_buf_size; 2101 struct mwifiex_ie_types_chan_band_list_param_set *chan_band_tlv; 2102 struct chan_band_param_set *chan_band; 2103 u8 is_bgscan_resp; 2104 __le64 fw_tsf = 0; 2105 u8 *radio_type; 2106 struct cfg80211_wowlan_nd_match *pmatch; 2107 struct cfg80211_sched_scan_request *nd_config = NULL; 2108 2109 is_bgscan_resp = (le16_to_cpu(resp->command) 2110 == HostCmd_CMD_802_11_BG_SCAN_QUERY); 2111 if (is_bgscan_resp) 2112 scan_rsp = &resp->params.bg_scan_query_resp.scan_resp; 2113 else 2114 scan_rsp = &resp->params.scan_resp; 2115 2116 2117 if (scan_rsp->number_of_sets > MWIFIEX_MAX_AP) { 2118 mwifiex_dbg(adapter, ERROR, 2119 "SCAN_RESP: too many AP returned (%d)\n", 2120 scan_rsp->number_of_sets); 2121 ret = -1; 2122 goto check_next_scan; 2123 } 2124 2125 /* Check csa channel expiry before parsing scan response */ 2126 mwifiex_11h_get_csa_closed_channel(priv); 2127 2128 bytes_left = le16_to_cpu(scan_rsp->bss_descript_size); 2129 mwifiex_dbg(adapter, INFO, 2130 "info: SCAN_RESP: bss_descript_size %d\n", 2131 bytes_left); 2132 2133 scan_resp_size = le16_to_cpu(resp->size); 2134 2135 mwifiex_dbg(adapter, INFO, 2136 "info: SCAN_RESP: returned %d APs before parsing\n", 2137 scan_rsp->number_of_sets); 2138 2139 bss_info = scan_rsp->bss_desc_and_tlv_buffer; 2140 2141 /* 2142 * The size of the TLV buffer is equal to the entire command response 2143 * size (scan_resp_size) minus the fixed fields (sizeof()'s), the 2144 * BSS Descriptions (bss_descript_size as bytesLef) and the command 2145 * response header (S_DS_GEN) 2146 */ 2147 tlv_buf_size = scan_resp_size - (bytes_left 2148 + sizeof(scan_rsp->bss_descript_size) 2149 + sizeof(scan_rsp->number_of_sets) 2150 + S_DS_GEN); 2151 2152 tlv_data = (struct mwifiex_ie_types_data *) (scan_rsp-> 2153 bss_desc_and_tlv_buffer + 2154 bytes_left); 2155 2156 /* Search the TLV buffer space in the scan response for any valid 2157 TLVs */ 2158 mwifiex_ret_802_11_scan_get_tlv_ptrs(adapter, tlv_data, tlv_buf_size, 2159 TLV_TYPE_TSFTIMESTAMP, 2160 (struct mwifiex_ie_types_data **) 2161 &tsf_tlv); 2162 2163 /* Search the TLV buffer space in the scan response for any valid 2164 TLVs */ 2165 mwifiex_ret_802_11_scan_get_tlv_ptrs(adapter, tlv_data, tlv_buf_size, 2166 TLV_TYPE_CHANNELBANDLIST, 2167 (struct mwifiex_ie_types_data **) 2168 &chan_band_tlv); 2169 2170 #ifdef CONFIG_PM 2171 if (priv->wdev.wiphy->wowlan_config) 2172 nd_config = priv->wdev.wiphy->wowlan_config->nd_config; 2173 #endif 2174 2175 if (nd_config) { 2176 adapter->nd_info = 2177 kzalloc(struct_size(adapter->nd_info, matches, 2178 scan_rsp->number_of_sets), 2179 GFP_ATOMIC); 2180 2181 if (adapter->nd_info) 2182 adapter->nd_info->n_matches = scan_rsp->number_of_sets; 2183 } 2184 2185 for (idx = 0; idx < scan_rsp->number_of_sets && bytes_left; idx++) { 2186 /* 2187 * If the TSF TLV was appended to the scan results, save this 2188 * entry's TSF value in the fw_tsf field. It is the firmware's 2189 * TSF value at the time the beacon or probe response was 2190 * received. 2191 */ 2192 if (tsf_tlv) 2193 memcpy(&fw_tsf, &tsf_tlv->tsf_data[idx * TSF_DATA_SIZE], 2194 sizeof(fw_tsf)); 2195 2196 if (chan_band_tlv) { 2197 chan_band = &chan_band_tlv->chan_band_param[idx]; 2198 radio_type = &chan_band->radio_type; 2199 } else { 2200 radio_type = NULL; 2201 } 2202 2203 if (chan_band_tlv && adapter->nd_info) { 2204 adapter->nd_info->matches[idx] = 2205 kzalloc(sizeof(*pmatch) + sizeof(u32), 2206 GFP_ATOMIC); 2207 2208 pmatch = adapter->nd_info->matches[idx]; 2209 2210 if (pmatch) { 2211 pmatch->n_channels = 1; 2212 pmatch->channels[0] = chan_band->chan_number; 2213 } 2214 } 2215 2216 ret = mwifiex_parse_single_response_buf(priv, &bss_info, 2217 &bytes_left, 2218 le64_to_cpu(fw_tsf), 2219 radio_type, false, 0); 2220 if (ret) 2221 goto check_next_scan; 2222 } 2223 2224 check_next_scan: 2225 mwifiex_check_next_scan_command(priv); 2226 return ret; 2227 } 2228 2229 /* 2230 * This function prepares an extended scan command to be sent to the firmware 2231 * 2232 * This uses the scan command configuration sent to the command processing 2233 * module in command preparation stage to configure a extended scan command 2234 * structure to send to firmware. 2235 */ mwifiex_cmd_802_11_scan_ext(struct mwifiex_private * priv,struct host_cmd_ds_command * cmd,void * data_buf)2236 int mwifiex_cmd_802_11_scan_ext(struct mwifiex_private *priv, 2237 struct host_cmd_ds_command *cmd, 2238 void *data_buf) 2239 { 2240 struct host_cmd_ds_802_11_scan_ext *ext_scan = &cmd->params.ext_scan; 2241 struct mwifiex_scan_cmd_config *scan_cfg = data_buf; 2242 2243 memcpy(ext_scan->tlv_buffer, scan_cfg->tlv_buf, scan_cfg->tlv_buf_len); 2244 2245 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_SCAN_EXT); 2246 2247 /* Size is equal to the sizeof(fixed portions) + the TLV len + header */ 2248 cmd->size = cpu_to_le16((u16)(sizeof(ext_scan->reserved) 2249 + scan_cfg->tlv_buf_len + S_DS_GEN)); 2250 2251 return 0; 2252 } 2253 2254 /* This function prepares an background scan config command to be sent 2255 * to the firmware 2256 */ mwifiex_cmd_802_11_bg_scan_config(struct mwifiex_private * priv,struct host_cmd_ds_command * cmd,void * data_buf)2257 int mwifiex_cmd_802_11_bg_scan_config(struct mwifiex_private *priv, 2258 struct host_cmd_ds_command *cmd, 2259 void *data_buf) 2260 { 2261 struct host_cmd_ds_802_11_bg_scan_config *bgscan_config = 2262 &cmd->params.bg_scan_config; 2263 struct mwifiex_bg_scan_cfg *bgscan_cfg_in = data_buf; 2264 u8 *tlv_pos = bgscan_config->tlv; 2265 u8 num_probes; 2266 u32 ssid_len, chan_idx, scan_type, scan_dur, chan_num; 2267 int i; 2268 struct mwifiex_ie_types_num_probes *num_probes_tlv; 2269 struct mwifiex_ie_types_repeat_count *repeat_count_tlv; 2270 struct mwifiex_ie_types_min_rssi_threshold *rssi_threshold_tlv; 2271 struct mwifiex_ie_types_bgscan_start_later *start_later_tlv; 2272 struct mwifiex_ie_types_wildcard_ssid_params *wildcard_ssid_tlv; 2273 struct mwifiex_ie_types_chan_list_param_set *chan_list_tlv; 2274 struct mwifiex_chan_scan_param_set *temp_chan; 2275 2276 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_BG_SCAN_CONFIG); 2277 cmd->size = cpu_to_le16(sizeof(*bgscan_config) + S_DS_GEN); 2278 2279 bgscan_config->action = cpu_to_le16(bgscan_cfg_in->action); 2280 bgscan_config->enable = bgscan_cfg_in->enable; 2281 bgscan_config->bss_type = bgscan_cfg_in->bss_type; 2282 bgscan_config->scan_interval = 2283 cpu_to_le32(bgscan_cfg_in->scan_interval); 2284 bgscan_config->report_condition = 2285 cpu_to_le32(bgscan_cfg_in->report_condition); 2286 2287 /* stop sched scan */ 2288 if (!bgscan_config->enable) 2289 return 0; 2290 2291 bgscan_config->chan_per_scan = bgscan_cfg_in->chan_per_scan; 2292 2293 num_probes = (bgscan_cfg_in->num_probes ? bgscan_cfg_in-> 2294 num_probes : priv->adapter->scan_probes); 2295 2296 if (num_probes) { 2297 num_probes_tlv = (struct mwifiex_ie_types_num_probes *)tlv_pos; 2298 num_probes_tlv->header.type = cpu_to_le16(TLV_TYPE_NUMPROBES); 2299 num_probes_tlv->header.len = 2300 cpu_to_le16(sizeof(num_probes_tlv->num_probes)); 2301 num_probes_tlv->num_probes = cpu_to_le16((u16)num_probes); 2302 2303 tlv_pos += sizeof(num_probes_tlv->header) + 2304 le16_to_cpu(num_probes_tlv->header.len); 2305 } 2306 2307 if (bgscan_cfg_in->repeat_count) { 2308 repeat_count_tlv = 2309 (struct mwifiex_ie_types_repeat_count *)tlv_pos; 2310 repeat_count_tlv->header.type = 2311 cpu_to_le16(TLV_TYPE_REPEAT_COUNT); 2312 repeat_count_tlv->header.len = 2313 cpu_to_le16(sizeof(repeat_count_tlv->repeat_count)); 2314 repeat_count_tlv->repeat_count = 2315 cpu_to_le16(bgscan_cfg_in->repeat_count); 2316 2317 tlv_pos += sizeof(repeat_count_tlv->header) + 2318 le16_to_cpu(repeat_count_tlv->header.len); 2319 } 2320 2321 if (bgscan_cfg_in->rssi_threshold) { 2322 rssi_threshold_tlv = 2323 (struct mwifiex_ie_types_min_rssi_threshold *)tlv_pos; 2324 rssi_threshold_tlv->header.type = 2325 cpu_to_le16(TLV_TYPE_RSSI_LOW); 2326 rssi_threshold_tlv->header.len = 2327 cpu_to_le16(sizeof(rssi_threshold_tlv->rssi_threshold)); 2328 rssi_threshold_tlv->rssi_threshold = 2329 cpu_to_le16(bgscan_cfg_in->rssi_threshold); 2330 2331 tlv_pos += sizeof(rssi_threshold_tlv->header) + 2332 le16_to_cpu(rssi_threshold_tlv->header.len); 2333 } 2334 2335 for (i = 0; i < bgscan_cfg_in->num_ssids; i++) { 2336 ssid_len = bgscan_cfg_in->ssid_list[i].ssid.ssid_len; 2337 2338 wildcard_ssid_tlv = 2339 (struct mwifiex_ie_types_wildcard_ssid_params *)tlv_pos; 2340 wildcard_ssid_tlv->header.type = 2341 cpu_to_le16(TLV_TYPE_WILDCARDSSID); 2342 wildcard_ssid_tlv->header.len = cpu_to_le16( 2343 (u16)(ssid_len + sizeof(wildcard_ssid_tlv-> 2344 max_ssid_length))); 2345 2346 /* max_ssid_length = 0 tells firmware to perform 2347 * specific scan for the SSID filled, whereas 2348 * max_ssid_length = IEEE80211_MAX_SSID_LEN is for 2349 * wildcard scan. 2350 */ 2351 if (ssid_len) 2352 wildcard_ssid_tlv->max_ssid_length = 0; 2353 else 2354 wildcard_ssid_tlv->max_ssid_length = 2355 IEEE80211_MAX_SSID_LEN; 2356 2357 memcpy(wildcard_ssid_tlv->ssid, 2358 bgscan_cfg_in->ssid_list[i].ssid.ssid, ssid_len); 2359 2360 tlv_pos += (sizeof(wildcard_ssid_tlv->header) 2361 + le16_to_cpu(wildcard_ssid_tlv->header.len)); 2362 } 2363 2364 chan_list_tlv = (struct mwifiex_ie_types_chan_list_param_set *)tlv_pos; 2365 2366 if (bgscan_cfg_in->chan_list[0].chan_number) { 2367 dev_dbg(priv->adapter->dev, "info: bgscan: Using supplied channel list\n"); 2368 2369 chan_list_tlv->header.type = cpu_to_le16(TLV_TYPE_CHANLIST); 2370 2371 for (chan_idx = 0; 2372 chan_idx < MWIFIEX_BG_SCAN_CHAN_MAX && 2373 bgscan_cfg_in->chan_list[chan_idx].chan_number; 2374 chan_idx++) { 2375 temp_chan = &chan_list_tlv->chan_scan_param[chan_idx]; 2376 2377 /* Increment the TLV header length by size appended */ 2378 le16_unaligned_add_cpu(&chan_list_tlv->header.len, 2379 sizeof(*chan_list_tlv->chan_scan_param)); 2380 2381 temp_chan->chan_number = 2382 bgscan_cfg_in->chan_list[chan_idx].chan_number; 2383 temp_chan->radio_type = 2384 bgscan_cfg_in->chan_list[chan_idx].radio_type; 2385 2386 scan_type = 2387 bgscan_cfg_in->chan_list[chan_idx].scan_type; 2388 2389 if (scan_type == MWIFIEX_SCAN_TYPE_PASSIVE) 2390 temp_chan->chan_scan_mode_bitmap 2391 |= MWIFIEX_PASSIVE_SCAN; 2392 else 2393 temp_chan->chan_scan_mode_bitmap 2394 &= ~MWIFIEX_PASSIVE_SCAN; 2395 2396 if (bgscan_cfg_in->chan_list[chan_idx].scan_time) { 2397 scan_dur = (u16)bgscan_cfg_in-> 2398 chan_list[chan_idx].scan_time; 2399 } else { 2400 scan_dur = (scan_type == 2401 MWIFIEX_SCAN_TYPE_PASSIVE) ? 2402 priv->adapter->passive_scan_time : 2403 priv->adapter->specific_scan_time; 2404 } 2405 2406 temp_chan->min_scan_time = cpu_to_le16(scan_dur); 2407 temp_chan->max_scan_time = cpu_to_le16(scan_dur); 2408 } 2409 } else { 2410 dev_dbg(priv->adapter->dev, 2411 "info: bgscan: Creating full region channel list\n"); 2412 chan_num = 2413 mwifiex_bgscan_create_channel_list(priv, bgscan_cfg_in, 2414 chan_list_tlv-> 2415 chan_scan_param); 2416 le16_unaligned_add_cpu(&chan_list_tlv->header.len, 2417 chan_num * 2418 sizeof(*chan_list_tlv->chan_scan_param)); 2419 } 2420 2421 tlv_pos += (sizeof(chan_list_tlv->header) 2422 + le16_to_cpu(chan_list_tlv->header.len)); 2423 2424 if (bgscan_cfg_in->start_later) { 2425 start_later_tlv = 2426 (struct mwifiex_ie_types_bgscan_start_later *)tlv_pos; 2427 start_later_tlv->header.type = 2428 cpu_to_le16(TLV_TYPE_BGSCAN_START_LATER); 2429 start_later_tlv->header.len = 2430 cpu_to_le16(sizeof(start_later_tlv->start_later)); 2431 start_later_tlv->start_later = 2432 cpu_to_le16(bgscan_cfg_in->start_later); 2433 2434 tlv_pos += sizeof(start_later_tlv->header) + 2435 le16_to_cpu(start_later_tlv->header.len); 2436 } 2437 2438 /* Append vendor specific IE TLV */ 2439 mwifiex_cmd_append_vsie_tlv(priv, MWIFIEX_VSIE_MASK_BGSCAN, &tlv_pos); 2440 2441 le16_unaligned_add_cpu(&cmd->size, tlv_pos - bgscan_config->tlv); 2442 2443 return 0; 2444 } 2445 mwifiex_stop_bg_scan(struct mwifiex_private * priv)2446 int mwifiex_stop_bg_scan(struct mwifiex_private *priv) 2447 { 2448 struct mwifiex_bg_scan_cfg *bgscan_cfg; 2449 2450 if (!priv->sched_scanning) { 2451 dev_dbg(priv->adapter->dev, "bgscan already stopped!\n"); 2452 return 0; 2453 } 2454 2455 bgscan_cfg = kzalloc(sizeof(*bgscan_cfg), GFP_KERNEL); 2456 if (!bgscan_cfg) 2457 return -ENOMEM; 2458 2459 bgscan_cfg->bss_type = MWIFIEX_BSS_MODE_INFRA; 2460 bgscan_cfg->action = MWIFIEX_BGSCAN_ACT_SET; 2461 bgscan_cfg->enable = false; 2462 2463 if (mwifiex_send_cmd(priv, HostCmd_CMD_802_11_BG_SCAN_CONFIG, 2464 HostCmd_ACT_GEN_SET, 0, bgscan_cfg, true)) { 2465 kfree(bgscan_cfg); 2466 return -EFAULT; 2467 } 2468 2469 kfree(bgscan_cfg); 2470 priv->sched_scanning = false; 2471 2472 return 0; 2473 } 2474 2475 static void mwifiex_update_chan_statistics(struct mwifiex_private * priv,struct mwifiex_ietypes_chanstats * tlv_stat)2476 mwifiex_update_chan_statistics(struct mwifiex_private *priv, 2477 struct mwifiex_ietypes_chanstats *tlv_stat) 2478 { 2479 struct mwifiex_adapter *adapter = priv->adapter; 2480 u8 i, num_chan; 2481 struct mwifiex_fw_chan_stats *fw_chan_stats; 2482 struct mwifiex_chan_stats chan_stats; 2483 2484 fw_chan_stats = (void *)((u8 *)tlv_stat + 2485 sizeof(struct mwifiex_ie_types_header)); 2486 num_chan = le16_to_cpu(tlv_stat->header.len) / 2487 sizeof(struct mwifiex_chan_stats); 2488 2489 for (i = 0 ; i < num_chan; i++) { 2490 if (adapter->survey_idx >= adapter->num_in_chan_stats) { 2491 mwifiex_dbg(adapter, WARN, 2492 "FW reported too many channel results (max %d)\n", 2493 adapter->num_in_chan_stats); 2494 return; 2495 } 2496 chan_stats.chan_num = fw_chan_stats->chan_num; 2497 chan_stats.bandcfg = fw_chan_stats->bandcfg; 2498 chan_stats.flags = fw_chan_stats->flags; 2499 chan_stats.noise = fw_chan_stats->noise; 2500 chan_stats.total_bss = le16_to_cpu(fw_chan_stats->total_bss); 2501 chan_stats.cca_scan_dur = 2502 le16_to_cpu(fw_chan_stats->cca_scan_dur); 2503 chan_stats.cca_busy_dur = 2504 le16_to_cpu(fw_chan_stats->cca_busy_dur); 2505 mwifiex_dbg(adapter, INFO, 2506 "chan=%d, noise=%d, total_network=%d scan_duration=%d, busy_duration=%d\n", 2507 chan_stats.chan_num, 2508 chan_stats.noise, 2509 chan_stats.total_bss, 2510 chan_stats.cca_scan_dur, 2511 chan_stats.cca_busy_dur); 2512 memcpy(&adapter->chan_stats[adapter->survey_idx++], &chan_stats, 2513 sizeof(struct mwifiex_chan_stats)); 2514 fw_chan_stats++; 2515 } 2516 } 2517 2518 /* This function handles the command response of extended scan */ mwifiex_ret_802_11_scan_ext(struct mwifiex_private * priv,struct host_cmd_ds_command * resp)2519 int mwifiex_ret_802_11_scan_ext(struct mwifiex_private *priv, 2520 struct host_cmd_ds_command *resp) 2521 { 2522 struct mwifiex_adapter *adapter = priv->adapter; 2523 struct host_cmd_ds_802_11_scan_ext *ext_scan_resp; 2524 struct mwifiex_ie_types_header *tlv; 2525 struct mwifiex_ietypes_chanstats *tlv_stat; 2526 u16 buf_left, type, len; 2527 2528 struct host_cmd_ds_command *cmd_ptr; 2529 struct cmd_ctrl_node *cmd_node; 2530 bool complete_scan = false; 2531 2532 mwifiex_dbg(adapter, INFO, "info: EXT scan returns successfully\n"); 2533 2534 ext_scan_resp = &resp->params.ext_scan; 2535 2536 tlv = (void *)ext_scan_resp->tlv_buffer; 2537 buf_left = le16_to_cpu(resp->size) - (sizeof(*ext_scan_resp) + S_DS_GEN); 2538 2539 while (buf_left >= sizeof(struct mwifiex_ie_types_header)) { 2540 type = le16_to_cpu(tlv->type); 2541 len = le16_to_cpu(tlv->len); 2542 2543 if (buf_left < (sizeof(struct mwifiex_ie_types_header) + len)) { 2544 mwifiex_dbg(adapter, ERROR, 2545 "error processing scan response TLVs"); 2546 break; 2547 } 2548 2549 switch (type) { 2550 case TLV_TYPE_CHANNEL_STATS: 2551 tlv_stat = (void *)tlv; 2552 mwifiex_update_chan_statistics(priv, tlv_stat); 2553 break; 2554 default: 2555 break; 2556 } 2557 2558 buf_left -= len + sizeof(struct mwifiex_ie_types_header); 2559 tlv = (void *)((u8 *)tlv + len + 2560 sizeof(struct mwifiex_ie_types_header)); 2561 } 2562 2563 spin_lock_bh(&adapter->cmd_pending_q_lock); 2564 spin_lock_bh(&adapter->scan_pending_q_lock); 2565 if (list_empty(&adapter->scan_pending_q)) { 2566 complete_scan = true; 2567 list_for_each_entry(cmd_node, &adapter->cmd_pending_q, list) { 2568 cmd_ptr = (void *)cmd_node->cmd_skb->data; 2569 if (le16_to_cpu(cmd_ptr->command) == 2570 HostCmd_CMD_802_11_SCAN_EXT) { 2571 mwifiex_dbg(adapter, INFO, 2572 "Scan pending in command pending list"); 2573 complete_scan = false; 2574 break; 2575 } 2576 } 2577 } 2578 spin_unlock_bh(&adapter->scan_pending_q_lock); 2579 spin_unlock_bh(&adapter->cmd_pending_q_lock); 2580 2581 if (complete_scan) 2582 mwifiex_complete_scan(priv); 2583 2584 return 0; 2585 } 2586 2587 /* This function This function handles the event extended scan report. It 2588 * parses extended scan results and informs to cfg80211 stack. 2589 */ mwifiex_handle_event_ext_scan_report(struct mwifiex_private * priv,void * buf)2590 int mwifiex_handle_event_ext_scan_report(struct mwifiex_private *priv, 2591 void *buf) 2592 { 2593 int ret = 0; 2594 struct mwifiex_adapter *adapter = priv->adapter; 2595 u8 *bss_info; 2596 u32 bytes_left, bytes_left_for_tlv, idx; 2597 u16 type, len; 2598 struct mwifiex_ie_types_data *tlv; 2599 struct mwifiex_ie_types_bss_scan_rsp *scan_rsp_tlv; 2600 struct mwifiex_ie_types_bss_scan_info *scan_info_tlv; 2601 u8 *radio_type; 2602 u64 fw_tsf = 0; 2603 s32 rssi = 0; 2604 struct mwifiex_event_scan_result *event_scan = buf; 2605 u8 num_of_set = event_scan->num_of_set; 2606 u8 *scan_resp = buf + sizeof(struct mwifiex_event_scan_result); 2607 u16 scan_resp_size = le16_to_cpu(event_scan->buf_size); 2608 2609 if (num_of_set > MWIFIEX_MAX_AP) { 2610 mwifiex_dbg(adapter, ERROR, 2611 "EXT_SCAN: Invalid number of AP returned (%d)!!\n", 2612 num_of_set); 2613 ret = -1; 2614 goto check_next_scan; 2615 } 2616 2617 bytes_left = scan_resp_size; 2618 mwifiex_dbg(adapter, INFO, 2619 "EXT_SCAN: size %d, returned %d APs...", 2620 scan_resp_size, num_of_set); 2621 mwifiex_dbg_dump(adapter, CMD_D, "EXT_SCAN buffer:", buf, 2622 scan_resp_size + 2623 sizeof(struct mwifiex_event_scan_result)); 2624 2625 tlv = (struct mwifiex_ie_types_data *)scan_resp; 2626 2627 for (idx = 0; idx < num_of_set && bytes_left; idx++) { 2628 type = le16_to_cpu(tlv->header.type); 2629 len = le16_to_cpu(tlv->header.len); 2630 if (bytes_left < sizeof(struct mwifiex_ie_types_header) + len) { 2631 mwifiex_dbg(adapter, ERROR, 2632 "EXT_SCAN: Error bytes left < TLV length\n"); 2633 break; 2634 } 2635 scan_rsp_tlv = NULL; 2636 scan_info_tlv = NULL; 2637 bytes_left_for_tlv = bytes_left; 2638 2639 /* BSS response TLV with beacon or probe response buffer 2640 * at the initial position of each descriptor 2641 */ 2642 if (type != TLV_TYPE_BSS_SCAN_RSP) 2643 break; 2644 2645 bss_info = (u8 *)tlv; 2646 scan_rsp_tlv = (struct mwifiex_ie_types_bss_scan_rsp *)tlv; 2647 tlv = (struct mwifiex_ie_types_data *)(tlv->data + len); 2648 bytes_left_for_tlv -= 2649 (len + sizeof(struct mwifiex_ie_types_header)); 2650 2651 while (bytes_left_for_tlv >= 2652 sizeof(struct mwifiex_ie_types_header) && 2653 le16_to_cpu(tlv->header.type) != TLV_TYPE_BSS_SCAN_RSP) { 2654 type = le16_to_cpu(tlv->header.type); 2655 len = le16_to_cpu(tlv->header.len); 2656 if (bytes_left_for_tlv < 2657 sizeof(struct mwifiex_ie_types_header) + len) { 2658 mwifiex_dbg(adapter, ERROR, 2659 "EXT_SCAN: Error in processing TLV,\t" 2660 "bytes left < TLV length\n"); 2661 scan_rsp_tlv = NULL; 2662 bytes_left_for_tlv = 0; 2663 continue; 2664 } 2665 switch (type) { 2666 case TLV_TYPE_BSS_SCAN_INFO: 2667 scan_info_tlv = 2668 (struct mwifiex_ie_types_bss_scan_info *)tlv; 2669 if (len != 2670 sizeof(struct mwifiex_ie_types_bss_scan_info) - 2671 sizeof(struct mwifiex_ie_types_header)) { 2672 bytes_left_for_tlv = 0; 2673 continue; 2674 } 2675 break; 2676 default: 2677 break; 2678 } 2679 tlv = (struct mwifiex_ie_types_data *)(tlv->data + len); 2680 bytes_left -= 2681 (len + sizeof(struct mwifiex_ie_types_header)); 2682 bytes_left_for_tlv -= 2683 (len + sizeof(struct mwifiex_ie_types_header)); 2684 } 2685 2686 if (!scan_rsp_tlv) 2687 break; 2688 2689 /* Advance pointer to the beacon buffer length and 2690 * update the bytes count so that the function 2691 * wlan_interpret_bss_desc_with_ie() can handle the 2692 * scan buffer withut any change 2693 */ 2694 bss_info += sizeof(u16); 2695 bytes_left -= sizeof(u16); 2696 2697 if (scan_info_tlv) { 2698 rssi = (s32)(s16)(le16_to_cpu(scan_info_tlv->rssi)); 2699 rssi *= 100; /* Convert dBm to mBm */ 2700 mwifiex_dbg(adapter, INFO, 2701 "info: InterpretIE: RSSI=%d\n", rssi); 2702 fw_tsf = le64_to_cpu(scan_info_tlv->tsf); 2703 radio_type = &scan_info_tlv->radio_type; 2704 } else { 2705 radio_type = NULL; 2706 } 2707 ret = mwifiex_parse_single_response_buf(priv, &bss_info, 2708 &bytes_left, fw_tsf, 2709 radio_type, true, rssi); 2710 if (ret) 2711 goto check_next_scan; 2712 } 2713 2714 check_next_scan: 2715 if (!event_scan->more_event) 2716 mwifiex_check_next_scan_command(priv); 2717 2718 return ret; 2719 } 2720 2721 /* 2722 * This function prepares command for background scan query. 2723 * 2724 * Preparation includes - 2725 * - Setting command ID and proper size 2726 * - Setting background scan flush parameter 2727 * - Ensuring correct endian-ness 2728 */ mwifiex_cmd_802_11_bg_scan_query(struct host_cmd_ds_command * cmd)2729 int mwifiex_cmd_802_11_bg_scan_query(struct host_cmd_ds_command *cmd) 2730 { 2731 struct host_cmd_ds_802_11_bg_scan_query *bg_query = 2732 &cmd->params.bg_scan_query; 2733 2734 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_BG_SCAN_QUERY); 2735 cmd->size = cpu_to_le16(sizeof(struct host_cmd_ds_802_11_bg_scan_query) 2736 + S_DS_GEN); 2737 2738 bg_query->flush = 1; 2739 2740 return 0; 2741 } 2742 2743 /* 2744 * This function inserts scan command node to the scan pending queue. 2745 */ 2746 void mwifiex_queue_scan_cmd(struct mwifiex_private * priv,struct cmd_ctrl_node * cmd_node)2747 mwifiex_queue_scan_cmd(struct mwifiex_private *priv, 2748 struct cmd_ctrl_node *cmd_node) 2749 { 2750 struct mwifiex_adapter *adapter = priv->adapter; 2751 2752 cmd_node->wait_q_enabled = true; 2753 cmd_node->condition = &adapter->scan_wait_q_woken; 2754 spin_lock_bh(&adapter->scan_pending_q_lock); 2755 list_add_tail(&cmd_node->list, &adapter->scan_pending_q); 2756 spin_unlock_bh(&adapter->scan_pending_q_lock); 2757 } 2758 2759 /* 2760 * This function sends a scan command for all available channels to the 2761 * firmware, filtered on a specific SSID. 2762 */ mwifiex_scan_specific_ssid(struct mwifiex_private * priv,struct cfg80211_ssid * req_ssid)2763 static int mwifiex_scan_specific_ssid(struct mwifiex_private *priv, 2764 struct cfg80211_ssid *req_ssid) 2765 { 2766 struct mwifiex_adapter *adapter = priv->adapter; 2767 int ret; 2768 struct mwifiex_user_scan_cfg *scan_cfg; 2769 2770 if (adapter->scan_processing) { 2771 mwifiex_dbg(adapter, WARN, 2772 "cmd: Scan already in process...\n"); 2773 return -EBUSY; 2774 } 2775 2776 if (priv->scan_block) { 2777 mwifiex_dbg(adapter, WARN, 2778 "cmd: Scan is blocked during association...\n"); 2779 return -EBUSY; 2780 } 2781 2782 scan_cfg = kzalloc(sizeof(struct mwifiex_user_scan_cfg), GFP_KERNEL); 2783 if (!scan_cfg) 2784 return -ENOMEM; 2785 2786 scan_cfg->ssid_list = req_ssid; 2787 scan_cfg->num_ssids = 1; 2788 2789 ret = mwifiex_scan_networks(priv, scan_cfg); 2790 2791 kfree(scan_cfg); 2792 return ret; 2793 } 2794 2795 /* 2796 * Sends IOCTL request to start a scan. 2797 * 2798 * This function allocates the IOCTL request buffer, fills it 2799 * with requisite parameters and calls the IOCTL handler. 2800 * 2801 * Scan command can be issued for both normal scan and specific SSID 2802 * scan, depending upon whether an SSID is provided or not. 2803 */ mwifiex_request_scan(struct mwifiex_private * priv,struct cfg80211_ssid * req_ssid)2804 int mwifiex_request_scan(struct mwifiex_private *priv, 2805 struct cfg80211_ssid *req_ssid) 2806 { 2807 int ret; 2808 2809 if (mutex_lock_interruptible(&priv->async_mutex)) { 2810 mwifiex_dbg(priv->adapter, ERROR, 2811 "%s: acquire semaphore fail\n", 2812 __func__); 2813 return -1; 2814 } 2815 2816 priv->adapter->scan_wait_q_woken = false; 2817 2818 if (req_ssid && req_ssid->ssid_len != 0) 2819 /* Specific SSID scan */ 2820 ret = mwifiex_scan_specific_ssid(priv, req_ssid); 2821 else 2822 /* Normal scan */ 2823 ret = mwifiex_scan_networks(priv, NULL); 2824 2825 mutex_unlock(&priv->async_mutex); 2826 2827 return ret; 2828 } 2829 2830 /* 2831 * This function appends the vendor specific IE TLV to a buffer. 2832 */ 2833 int mwifiex_cmd_append_vsie_tlv(struct mwifiex_private * priv,u16 vsie_mask,u8 ** buffer)2834 mwifiex_cmd_append_vsie_tlv(struct mwifiex_private *priv, 2835 u16 vsie_mask, u8 **buffer) 2836 { 2837 int id, ret_len = 0; 2838 struct mwifiex_ie_types_vendor_param_set *vs_param_set; 2839 2840 if (!buffer) 2841 return 0; 2842 if (!(*buffer)) 2843 return 0; 2844 2845 /* 2846 * Traverse through the saved vendor specific IE array and append 2847 * the selected(scan/assoc/adhoc) IE as TLV to the command 2848 */ 2849 for (id = 0; id < MWIFIEX_MAX_VSIE_NUM; id++) { 2850 if (priv->vs_ie[id].mask & vsie_mask) { 2851 vs_param_set = 2852 (struct mwifiex_ie_types_vendor_param_set *) 2853 *buffer; 2854 vs_param_set->header.type = 2855 cpu_to_le16(TLV_TYPE_PASSTHROUGH); 2856 vs_param_set->header.len = 2857 cpu_to_le16((((u16) priv->vs_ie[id].ie[1]) 2858 & 0x00FF) + 2); 2859 if (le16_to_cpu(vs_param_set->header.len) > 2860 MWIFIEX_MAX_VSIE_LEN) { 2861 mwifiex_dbg(priv->adapter, ERROR, 2862 "Invalid param length!\n"); 2863 break; 2864 } 2865 2866 memcpy(vs_param_set->ie, priv->vs_ie[id].ie, 2867 le16_to_cpu(vs_param_set->header.len)); 2868 *buffer += le16_to_cpu(vs_param_set->header.len) + 2869 sizeof(struct mwifiex_ie_types_header); 2870 ret_len += le16_to_cpu(vs_param_set->header.len) + 2871 sizeof(struct mwifiex_ie_types_header); 2872 } 2873 } 2874 return ret_len; 2875 } 2876 2877 /* 2878 * This function saves a beacon buffer of the current BSS descriptor. 2879 * 2880 * The current beacon buffer is saved so that it can be restored in the 2881 * following cases that makes the beacon buffer not to contain the current 2882 * ssid's beacon buffer. 2883 * - The current ssid was not found somehow in the last scan. 2884 * - The current ssid was the last entry of the scan table and overloaded. 2885 */ 2886 void mwifiex_save_curr_bcn(struct mwifiex_private * priv)2887 mwifiex_save_curr_bcn(struct mwifiex_private *priv) 2888 { 2889 struct mwifiex_bssdescriptor *curr_bss = 2890 &priv->curr_bss_params.bss_descriptor; 2891 2892 if (!curr_bss->beacon_buf_size) 2893 return; 2894 2895 /* allocate beacon buffer at 1st time; or if it's size has changed */ 2896 if (!priv->curr_bcn_buf || 2897 priv->curr_bcn_size != curr_bss->beacon_buf_size) { 2898 priv->curr_bcn_size = curr_bss->beacon_buf_size; 2899 2900 kfree(priv->curr_bcn_buf); 2901 priv->curr_bcn_buf = kmalloc(curr_bss->beacon_buf_size, 2902 GFP_ATOMIC); 2903 if (!priv->curr_bcn_buf) 2904 return; 2905 } 2906 2907 memcpy(priv->curr_bcn_buf, curr_bss->beacon_buf, 2908 curr_bss->beacon_buf_size); 2909 mwifiex_dbg(priv->adapter, INFO, 2910 "info: current beacon saved %d\n", 2911 priv->curr_bcn_size); 2912 2913 curr_bss->beacon_buf = priv->curr_bcn_buf; 2914 2915 /* adjust the pointers in the current BSS descriptor */ 2916 if (curr_bss->bcn_wpa_ie) 2917 curr_bss->bcn_wpa_ie = 2918 (struct ieee_types_vendor_specific *) 2919 (curr_bss->beacon_buf + 2920 curr_bss->wpa_offset); 2921 2922 if (curr_bss->bcn_rsn_ie) 2923 curr_bss->bcn_rsn_ie = (struct ieee_types_generic *) 2924 (curr_bss->beacon_buf + 2925 curr_bss->rsn_offset); 2926 2927 if (curr_bss->bcn_ht_cap) 2928 curr_bss->bcn_ht_cap = (struct ieee80211_ht_cap *) 2929 (curr_bss->beacon_buf + 2930 curr_bss->ht_cap_offset); 2931 2932 if (curr_bss->bcn_ht_oper) 2933 curr_bss->bcn_ht_oper = (struct ieee80211_ht_operation *) 2934 (curr_bss->beacon_buf + 2935 curr_bss->ht_info_offset); 2936 2937 if (curr_bss->bcn_vht_cap) 2938 curr_bss->bcn_vht_cap = (void *)(curr_bss->beacon_buf + 2939 curr_bss->vht_cap_offset); 2940 2941 if (curr_bss->bcn_vht_oper) 2942 curr_bss->bcn_vht_oper = (void *)(curr_bss->beacon_buf + 2943 curr_bss->vht_info_offset); 2944 2945 if (curr_bss->bcn_bss_co_2040) 2946 curr_bss->bcn_bss_co_2040 = 2947 (curr_bss->beacon_buf + curr_bss->bss_co_2040_offset); 2948 2949 if (curr_bss->bcn_ext_cap) 2950 curr_bss->bcn_ext_cap = curr_bss->beacon_buf + 2951 curr_bss->ext_cap_offset; 2952 2953 if (curr_bss->oper_mode) 2954 curr_bss->oper_mode = (void *)(curr_bss->beacon_buf + 2955 curr_bss->oper_mode_offset); 2956 } 2957 2958 /* 2959 * This function frees the current BSS descriptor beacon buffer. 2960 */ 2961 void mwifiex_free_curr_bcn(struct mwifiex_private * priv)2962 mwifiex_free_curr_bcn(struct mwifiex_private *priv) 2963 { 2964 kfree(priv->curr_bcn_buf); 2965 priv->curr_bcn_buf = NULL; 2966 } 2967