drivers/net/wireless/quantenna/qtnfmac/event.c

   1 /*
   2  * Copyright (c) 2015-2016 Quantenna Communications, Inc.
   3  * All rights reserved.
   4  *
   5  * This program is free software; you can redistribute it and/or
   6  * modify it under the terms of the GNU General Public License
   7  * as published by the Free Software Foundation; either version 2
   8  * of the License, or (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13  * GNU General Public License for more details.
  14  *
  15  */
  16
  17 #include <linux/kernel.h>
  18 #include <linux/module.h>
  19 #include <linux/slab.h>
  20
  21 #include "cfg80211.h"
  22 #include "core.h"
  23 #include "qlink.h"
  24 #include "bus.h"
  25 #include "trans.h"
  26 #include "util.h"
  27 #include "event.h"
  28
  29 static int
  30 qtnf_event_handle_sta_assoc(struct qtnf_wmac *mac, struct qtnf_vif *vif,
  31                             const struct qlink_event_sta_assoc *sta_assoc,
  32                             u16 len)
  33 {
  34         const u8 *sta_addr;
  35         u16 frame_control;
  36         struct station_info sinfo = { 0 };
  37         size_t payload_len;
  38         u16 tlv_type;
  39         u16 tlv_value_len;
  40         size_t tlv_full_len;
  41         const struct qlink_tlv_hdr *tlv;
  42
  43         if (unlikely(len < sizeof(*sta_assoc))) {
  44                 pr_err("VIF%u.%u: payload is too short (%u < %zu)\n",
  45                        mac->macid, vif->vifid, len, sizeof(*sta_assoc));
  46                 return -EINVAL;
  47         }
  48
  49         if (vif->wdev.iftype != NL80211_IFTYPE_AP) {
  50                 pr_err("VIF%u.%u: STA_ASSOC event when not in AP mode\n",
  51                        mac->macid, vif->vifid);
  52                 return -EPROTO;
  53         }
  54
  55         if (!(vif->bss_status & QTNF_STATE_AP_START)) {
  56                 pr_err("VIF%u.%u: STA_ASSOC event when AP is not started\n",
  57                        mac->macid, vif->vifid);
  58                 return -EPROTO;
  59         }
  60
  61         sta_addr = sta_assoc->sta_addr;
  62         frame_control = le16_to_cpu(sta_assoc->frame_control);
  63
  64         pr_debug("VIF%u.%u: MAC:%pM FC:%x\n", mac->macid, vif->vifid, sta_addr,
  65                  frame_control);
  66
  67         qtnf_sta_list_add(&vif->sta_list, sta_addr);
  68
  69         sinfo.assoc_req_ies = NULL;
  70         sinfo.assoc_req_ies_len = 0;
  71
  72         payload_len = len - sizeof(*sta_assoc);
  73         tlv = (struct qlink_tlv_hdr *)sta_assoc->ies;
  74
  75         while (payload_len >= sizeof(struct qlink_tlv_hdr)) {
  76                 tlv_type = le16_to_cpu(tlv->type);
  77                 tlv_value_len = le16_to_cpu(tlv->len);
  78                 tlv_full_len = tlv_value_len + sizeof(struct qlink_tlv_hdr);
  79
  80                 if (tlv_full_len > payload_len) {
  81                         pr_warn("VIF%u.%u: malformed TLV 0x%.2X; LEN: %u\n",
  82                                 mac->macid, vif->vifid, tlv_type,
  83                                 tlv_value_len);
  84                         return -EINVAL;
  85                 }
  86
  87                 if (tlv_type == QTN_TLV_ID_IE_SET) {
  88                         sinfo.assoc_req_ies = tlv->val;
  89                         sinfo.assoc_req_ies_len = tlv_value_len;
  90                 }
  91
  92                 payload_len -= tlv_full_len;
  93                 tlv = (struct qlink_tlv_hdr *)(tlv->val + tlv_value_len);
  94         }
  95
  96         if (payload_len) {
  97                 pr_warn("VIF%u.%u: malformed TLV buf; bytes left: %zu\n",
  98                         mac->macid, vif->vifid, payload_len);
  99                 return -EINVAL;
 100         }
 101
 102         cfg80211_new_sta(vif->netdev, sta_assoc->sta_addr, &sinfo,
 103                          GFP_KERNEL);
 104
 105         return 0;
 106 }
 107
 108 static int
 109 qtnf_event_handle_sta_deauth(struct qtnf_wmac *mac, struct qtnf_vif *vif,
 110                              const struct qlink_event_sta_deauth *sta_deauth,
 111                              u16 len)
 112 {
 113         const u8 *sta_addr;
 114         u16 reason;
 115
 116         if (unlikely(len < sizeof(*sta_deauth))) {
 117                 pr_err("VIF%u.%u: payload is too short (%u < %zu)\n",
 118                        mac->macid, vif->vifid, len,
 119                        sizeof(struct qlink_event_sta_deauth));
 120                 return -EINVAL;
 121         }
 122
 123         if (vif->wdev.iftype != NL80211_IFTYPE_AP) {
 124                 pr_err("VIF%u.%u: STA_DEAUTH event when not in AP mode\n",
 125                        mac->macid, vif->vifid);
 126                 return -EPROTO;
 127         }
 128
 129         if (!(vif->bss_status & QTNF_STATE_AP_START)) {
 130                 pr_err("VIF%u.%u: STA_DEAUTH event when AP is not started\n",
 131                        mac->macid, vif->vifid);
 132                 return -EPROTO;
 133         }
 134
 135         sta_addr = sta_deauth->sta_addr;
 136         reason = le16_to_cpu(sta_deauth->reason);
 137
 138         pr_debug("VIF%u.%u: MAC:%pM reason:%x\n", mac->macid, vif->vifid,
 139                  sta_addr, reason);
 140
 141         if (qtnf_sta_list_del(&vif->sta_list, sta_addr))
 142                 cfg80211_del_sta(vif->netdev, sta_deauth->sta_addr,
 143                                  GFP_KERNEL);
 144
 145         return 0;
 146 }
 147
 148 static int
 149 qtnf_event_handle_bss_join(struct qtnf_vif *vif,
 150                            const struct qlink_event_bss_join *join_info,
 151                            u16 len)
 152 {
 153         if (unlikely(len < sizeof(*join_info))) {
 154                 pr_err("VIF%u.%u: payload is too short (%u < %zu)\n",
 155                        vif->mac->macid, vif->vifid, len,
 156                        sizeof(struct qlink_event_bss_join));
 157                 return -EINVAL;
 158         }
 159
 160         if (vif->wdev.iftype != NL80211_IFTYPE_STATION) {
 161                 pr_err("VIF%u.%u: BSS_JOIN event when not in STA mode\n",
 162                        vif->mac->macid, vif->vifid);
 163                 return -EPROTO;
 164         }
 165
 166         if (vif->sta_state != QTNF_STA_CONNECTING) {
 167                 pr_err("VIF%u.%u: BSS_JOIN event when STA is not connecting\n",
 168                        vif->mac->macid, vif->vifid);
 169                 return -EPROTO;
 170         }
 171
 172         pr_debug("VIF%u.%u: BSSID:%pM\n", vif->mac->macid, vif->vifid,
 173                  join_info->bssid);
 174
 175         cfg80211_connect_result(vif->netdev, join_info->bssid, NULL, 0, NULL,
 176                                 0, le16_to_cpu(join_info->status), GFP_KERNEL);
 177
 178         if (le16_to_cpu(join_info->status) == WLAN_STATUS_SUCCESS) {
 179                 vif->sta_state = QTNF_STA_CONNECTED;
 180                 netif_carrier_on(vif->netdev);
 181         } else {
 182                 vif->sta_state = QTNF_STA_DISCONNECTED;
 183         }
 184
 185         return 0;
 186 }
 187
 188 static int
 189 qtnf_event_handle_bss_leave(struct qtnf_vif *vif,
 190                             const struct qlink_event_bss_leave *leave_info,
 191                             u16 len)
 192 {
 193         if (unlikely(len < sizeof(*leave_info))) {
 194                 pr_err("VIF%u.%u: payload is too short (%u < %zu)\n",
 195                        vif->mac->macid, vif->vifid, len,
 196                        sizeof(struct qlink_event_bss_leave));
 197                 return -EINVAL;
 198         }
 199
 200         if (vif->wdev.iftype != NL80211_IFTYPE_STATION) {
 201                 pr_err("VIF%u.%u: BSS_LEAVE event when not in STA mode\n",
 202                        vif->mac->macid, vif->vifid);
 203                 return -EPROTO;
 204         }
 205
 206         if (vif->sta_state != QTNF_STA_CONNECTED) {
 207                 pr_err("VIF%u.%u: BSS_LEAVE event when STA is not connected\n",
 208                        vif->mac->macid, vif->vifid);
 209                 return -EPROTO;
 210         }
 211
 212         pr_debug("VIF%u.%u: disconnected\n", vif->mac->macid, vif->vifid);
 213
 214         cfg80211_disconnected(vif->netdev, le16_to_cpu(leave_info->reason),
 215                               NULL, 0, 0, GFP_KERNEL);
 216
 217         vif->sta_state = QTNF_STA_DISCONNECTED;
 218         netif_carrier_off(vif->netdev);
 219
 220         return 0;
 221 }
 222
 223 static int
 224 qtnf_event_handle_mgmt_received(struct qtnf_vif *vif,
 225                                 const struct qlink_event_rxmgmt *rxmgmt,
 226                                 u16 len)
 227 {
 228         const size_t min_len = sizeof(*rxmgmt) +
 229                                sizeof(struct ieee80211_hdr_3addr);
 230         const struct ieee80211_hdr_3addr *frame = (void *)rxmgmt->frame_data;
 231         const u16 frame_len = len - sizeof(*rxmgmt);
 232         enum nl80211_rxmgmt_flags flags = 0;
 233
 234         if (unlikely(len < min_len)) {
 235                 pr_err("VIF%u.%u: payload is too short (%u < %zu)\n",
 236                        vif->mac->macid, vif->vifid, len, min_len);
 237                 return -EINVAL;
 238         }
 239
 240         if (le32_to_cpu(rxmgmt->flags) & QLINK_RXMGMT_FLAG_ANSWERED)
 241                 flags |= NL80211_RXMGMT_FLAG_ANSWERED;
 242
 243         pr_debug("%s LEN:%u FC:%.4X SA:%pM\n", vif->netdev->name, frame_len,
 244                  le16_to_cpu(frame->frame_control), frame->addr2);
 245
 246         cfg80211_rx_mgmt(&vif->wdev, le32_to_cpu(rxmgmt->freq),
 247                          le32_to_cpu(rxmgmt->sig_dbm), rxmgmt->frame_data,
 248                          frame_len, flags);
 249
 250         return 0;
 251 }
 252
 253 static int
 254 qtnf_event_handle_scan_results(struct qtnf_vif *vif,
 255                                const struct qlink_event_scan_result *sr,
 256                                u16 len)
 257 {
 258         struct cfg80211_bss *bss;
 259         struct ieee80211_channel *channel;
 260         struct wiphy *wiphy = priv_to_wiphy(vif->mac);
 261         enum cfg80211_bss_frame_type frame_type;
 262         size_t payload_len;
 263         u16 tlv_type;
 264         u16 tlv_value_len;
 265         size_t tlv_full_len;
 266         const struct qlink_tlv_hdr *tlv;
 267
 268         const u8 *ies = NULL;
 269         size_t ies_len = 0;
 270
 271         if (len < sizeof(*sr)) {
 272                 pr_err("VIF%u.%u: payload is too short\n", vif->mac->macid,
 273                        vif->vifid);
 274                 return -EINVAL;
 275         }
 276
 277         channel = ieee80211_get_channel(wiphy, le16_to_cpu(sr->freq));
 278         if (!channel) {
 279                 pr_err("VIF%u.%u: channel at %u MHz not found\n",
 280                        vif->mac->macid, vif->vifid, le16_to_cpu(sr->freq));
 281                 return -EINVAL;
 282         }
 283
 284         switch (sr->frame_type) {
 285         case QLINK_BSS_FTYPE_BEACON:
 286                 frame_type = CFG80211_BSS_FTYPE_BEACON;
 287                 break;
 288         case QLINK_BSS_FTYPE_PRESP:
 289                 frame_type = CFG80211_BSS_FTYPE_PRESP;
 290                 break;
 291         default:
 292                 frame_type = CFG80211_BSS_FTYPE_UNKNOWN;
 293         }
 294
 295         payload_len = len - sizeof(*sr);
 296         tlv = (struct qlink_tlv_hdr *)sr->payload;
 297
 298         while (payload_len >= sizeof(struct qlink_tlv_hdr)) {
 299                 tlv_type = le16_to_cpu(tlv->type);
 300                 tlv_value_len = le16_to_cpu(tlv->len);
 301                 tlv_full_len = tlv_value_len + sizeof(struct qlink_tlv_hdr);
 302
 303                 if (tlv_full_len > payload_len) {
 304                         pr_warn("VIF%u.%u: malformed TLV 0x%.2X; LEN: %u\n",
 305                                 vif->mac->macid, vif->vifid, tlv_type,
 306                                 tlv_value_len);
 307                         return -EINVAL;
 308                 }
 309
 310                 if (tlv_type == QTN_TLV_ID_IE_SET) {
 311                         ies = tlv->val;
 312                         ies_len = tlv_value_len;
 313                 }
 314
 315                 payload_len -= tlv_full_len;
 316                 tlv = (struct qlink_tlv_hdr *)(tlv->val + tlv_value_len);
 317         }
 318
 319         if (payload_len) {
 320                 pr_warn("VIF%u.%u: malformed TLV buf; bytes left: %zu\n",
 321                         vif->mac->macid, vif->vifid, payload_len);
 322                 return -EINVAL;
 323         }
 324
 325         bss = cfg80211_inform_bss(wiphy, channel, frame_type,
 326                                   sr->bssid, get_unaligned_le64(&sr->tsf),
 327                                   le16_to_cpu(sr->capab),
 328                                   le16_to_cpu(sr->bintval), ies, ies_len,
 329                                   sr->signal, GFP_KERNEL);
 330         if (!bss)
 331                 return -ENOMEM;
 332
 333         cfg80211_put_bss(wiphy, bss);
 334
 335         return 0;
 336 }
 337
 338 static int
 339 qtnf_event_handle_scan_complete(struct qtnf_wmac *mac,
 340                                 const struct qlink_event_scan_complete *status,
 341                                 u16 len)
 342 {
 343         if (len < sizeof(*status)) {
 344                 pr_err("MAC%u: payload is too short\n", mac->macid);
 345                 return -EINVAL;
 346         }
 347
 348         qtnf_scan_done(mac, le32_to_cpu(status->flags) & QLINK_SCAN_ABORTED);
 349
 350         return 0;
 351 }
 352
 353 static int
 354 qtnf_event_handle_freq_change(struct qtnf_wmac *mac,
 355                               const struct qlink_event_freq_change *data,
 356                               u16 len)
 357 {
 358         struct wiphy *wiphy = priv_to_wiphy(mac);
 359         struct cfg80211_chan_def chandef;
 360         struct ieee80211_channel *chan;
 361         struct qtnf_vif *vif;
 362         int freq;
 363         int i;
 364
 365         if (len < sizeof(*data)) {
 366                 pr_err("payload is too short\n");
 367                 return -EINVAL;
 368         }
 369
 370         freq = le32_to_cpu(data->freq);
 371         chan = ieee80211_get_channel(wiphy, freq);
 372         if (!chan) {
 373                 pr_err("channel at %d MHz not found\n", freq);
 374                 return -EINVAL;
 375         }
 376
 377         pr_debug("MAC%d switch to new channel %u MHz\n", mac->macid, freq);
 378
 379         if (mac->status & QTNF_MAC_CSA_ACTIVE) {
 380                 mac->status &= ~QTNF_MAC_CSA_ACTIVE;
 381                 if (chan->hw_value != mac->csa_chandef.chan->hw_value)
 382                         pr_warn("unexpected switch to %u during CSA to %u\n",
 383                                 chan->hw_value,
 384                                 mac->csa_chandef.chan->hw_value);
 385         }
 386
 387         /* FIXME: need to figure out proper nl80211_channel_type value */
 388         cfg80211_chandef_create(&chandef, chan, NL80211_CHAN_HT20);
 389         /* fall-back to minimal safe chandef description */
 390         if (!cfg80211_chandef_valid(&chandef))
 391                 cfg80211_chandef_create(&chandef, chan, NL80211_CHAN_HT20);
 392
 393         memcpy(&mac->chandef, &chandef, sizeof(mac->chandef));
 394
 395         for (i = 0; i < QTNF_MAX_INTF; i++) {
 396                 vif = &mac->iflist[i];
 397                 if (vif->wdev.iftype == NL80211_IFTYPE_UNSPECIFIED)
 398                         continue;
 399
 400                 if (vif->netdev) {
 401                         mutex_lock(&vif->wdev.mtx);
 402                         cfg80211_ch_switch_notify(vif->netdev, &chandef);
 403                         mutex_unlock(&vif->wdev.mtx);
 404                 }
 405         }
 406
 407         return 0;
 408 }
 409
 410 static int qtnf_event_parse(struct qtnf_wmac *mac,
 411                             const struct sk_buff *event_skb)
 412 {
 413         const struct qlink_event *event;
 414         struct qtnf_vif *vif = NULL;
 415         int ret = -1;
 416         u16 event_id;
 417         u16 event_len;
 418
 419         event = (const struct qlink_event *)event_skb->data;
 420         event_id = le16_to_cpu(event->event_id);
 421         event_len = le16_to_cpu(event->mhdr.len);
 422
 423         if (likely(event->vifid < QTNF_MAX_INTF)) {
 424                 vif = &mac->iflist[event->vifid];
 425         } else {
 426                 pr_err("invalid vif(%u)\n", event->vifid);
 427                 return -EINVAL;
 428         }
 429
 430         switch (event_id) {
 431         case QLINK_EVENT_STA_ASSOCIATED:
 432                 ret = qtnf_event_handle_sta_assoc(mac, vif, (const void *)event,
 433                                                   event_len);
 434                 break;
 435         case QLINK_EVENT_STA_DEAUTH:
 436                 ret = qtnf_event_handle_sta_deauth(mac, vif,
 437                                                    (const void *)event,
 438                                                    event_len);
 439                 break;
 440         case QLINK_EVENT_MGMT_RECEIVED:
 441                 ret = qtnf_event_handle_mgmt_received(vif, (const void *)event,
 442                                                       event_len);
 443                 break;
 444         case QLINK_EVENT_SCAN_RESULTS:
 445                 ret = qtnf_event_handle_scan_results(vif, (const void *)event,
 446                                                      event_len);
 447                 break;
 448         case QLINK_EVENT_SCAN_COMPLETE:
 449                 ret = qtnf_event_handle_scan_complete(mac, (const void *)event,
 450                                                       event_len);
 451                 break;
 452         case QLINK_EVENT_BSS_JOIN:
 453                 ret = qtnf_event_handle_bss_join(vif, (const void *)event,
 454                                                  event_len);
 455                 break;
 456         case QLINK_EVENT_BSS_LEAVE:
 457                 ret = qtnf_event_handle_bss_leave(vif, (const void *)event,
 458                                                   event_len);
 459                 break;
 460         case QLINK_EVENT_FREQ_CHANGE:
 461                 ret = qtnf_event_handle_freq_change(mac, (const void *)event,
 462                                                     event_len);
 463                 break;
 464         default:
 465                 pr_warn("unknown event type: %x\n", event_id);
 466                 break;
 467         }
 468
 469         return ret;
 470 }
 471
 472 static int qtnf_event_process_skb(struct qtnf_bus *bus,
 473                                   const struct sk_buff *skb)
 474 {
 475         const struct qlink_event *event;
 476         struct qtnf_wmac *mac;
 477         int res;
 478
 479         if (unlikely(!skb || skb->len < sizeof(*event))) {
 480                 pr_err("invalid event buffer\n");
 481                 return -EINVAL;
 482         }
 483
 484         event = (struct qlink_event *)skb->data;
 485
 486         mac = qtnf_core_get_mac(bus, event->macid);
 487
 488         pr_debug("new event id:%x len:%u mac:%u vif:%u\n",
 489                  le16_to_cpu(event->event_id), le16_to_cpu(event->mhdr.len),
 490                  event->macid, event->vifid);
 491
 492         if (unlikely(!mac))
 493                 return -ENXIO;
 494
 495         qtnf_bus_lock(bus);
 496         res = qtnf_event_parse(mac, skb);
 497         qtnf_bus_unlock(bus);
 498
 499         return res;
 500 }
 501
 502 void qtnf_event_work_handler(struct work_struct *work)
 503 {
 504         struct qtnf_bus *bus = container_of(work, struct qtnf_bus, event_work);
 505         struct sk_buff_head *event_queue = &bus->trans.event_queue;
 506         struct sk_buff *current_event_skb = skb_dequeue(event_queue);
 507
 508         while (current_event_skb) {
 509                 qtnf_event_process_skb(bus, current_event_skb);
 510                 dev_kfree_skb_any(current_event_skb);
 511                 current_event_skb = skb_dequeue(event_queue);
 512         }
 513 }