1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * spectrum management
4 *
5 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
6 * Copyright 2002-2005, Instant802 Networks, Inc.
7 * Copyright 2005-2006, Devicescape Software, Inc.
8 * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
9 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
10 * Copyright 2007-2008, Intel Corporation
11 * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
12 * Copyright (C) 2018, 2020, 2022-2023 Intel Corporation
13 */
14
15#include <linux/ieee80211.h>
16#include <net/cfg80211.h>
17#include <net/mac80211.h>
18#include "ieee80211_i.h"
19#include "sta_info.h"
20#include "wme.h"
21
22static bool
23wbcs_elem_to_chandef(const struct ieee80211_wide_bw_chansw_ie *wbcs_elem,
24		     struct cfg80211_chan_def *chandef)
25{
26	u8 ccfs0 = wbcs_elem->new_center_freq_seg0;
27	u8 ccfs1 = wbcs_elem->new_center_freq_seg1;
28	u32 cf0 = ieee80211_channel_to_frequency(ccfs0, chandef->chan->band);
29	u32 cf1 = ieee80211_channel_to_frequency(ccfs1, chandef->chan->band);
30
31	switch (wbcs_elem->new_channel_width) {
32	case IEEE80211_VHT_CHANWIDTH_160MHZ:
33		/* deprecated encoding */
34		chandef->width = NL80211_CHAN_WIDTH_160;
35		chandef->center_freq1 = cf0;
36		break;
37	case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
38		/* deprecated encoding */
39		chandef->width = NL80211_CHAN_WIDTH_80P80;
40		chandef->center_freq1 = cf0;
41		chandef->center_freq2 = cf1;
42		break;
43	case IEEE80211_VHT_CHANWIDTH_80MHZ:
44		chandef->width = NL80211_CHAN_WIDTH_80;
45		chandef->center_freq1 = cf0;
46
47		if (ccfs1) {
48			u8 diff = abs(ccfs0 - ccfs1);
49
50			if (diff == 8) {
51				chandef->width = NL80211_CHAN_WIDTH_160;
52				chandef->center_freq1 = cf1;
53			} else if (diff > 8) {
54				chandef->width = NL80211_CHAN_WIDTH_80P80;
55				chandef->center_freq2 = cf1;
56			}
57		}
58		break;
59	case IEEE80211_VHT_CHANWIDTH_USE_HT:
60	default:
61		/* If the WBCS Element is present, new channel bandwidth is
62		 * at least 40 MHz.
63		 */
64		chandef->width = NL80211_CHAN_WIDTH_40;
65		chandef->center_freq1 = cf0;
66		break;
67	}
68
69	return cfg80211_chandef_valid(chandef);
70}
71
72static void
73validate_chandef_by_ht_vht_oper(struct ieee80211_sub_if_data *sdata,
74				struct ieee80211_conn_settings *conn,
75				u32 vht_cap_info,
76				struct cfg80211_chan_def *chandef)
77{
78	u32 control_freq, center_freq1, center_freq2;
79	enum nl80211_chan_width chan_width;
80	struct ieee80211_ht_operation ht_oper;
81	struct ieee80211_vht_operation vht_oper;
82
83	if (conn->mode < IEEE80211_CONN_MODE_HT ||
84	    conn->bw_limit < IEEE80211_CONN_BW_LIMIT_40) {
85		chandef->chan = NULL;
86		return;
87	}
88
89	control_freq = chandef->chan->center_freq;
90	center_freq1 = chandef->center_freq1;
91	center_freq2 = chandef->center_freq2;
92	chan_width = chandef->width;
93
94	ht_oper.primary_chan = ieee80211_frequency_to_channel(control_freq);
95	if (control_freq != center_freq1)
96		ht_oper.ht_param = control_freq > center_freq1 ?
97			IEEE80211_HT_PARAM_CHA_SEC_BELOW :
98			IEEE80211_HT_PARAM_CHA_SEC_ABOVE;
99	else
100		ht_oper.ht_param = IEEE80211_HT_PARAM_CHA_SEC_NONE;
101
102	ieee80211_chandef_ht_oper(&ht_oper, chandef);
103
104	if (conn->mode < IEEE80211_CONN_MODE_VHT)
105		return;
106
107	vht_oper.center_freq_seg0_idx =
108		ieee80211_frequency_to_channel(center_freq1);
109	vht_oper.center_freq_seg1_idx = center_freq2 ?
110		ieee80211_frequency_to_channel(center_freq2) : 0;
111
112	switch (chan_width) {
113	case NL80211_CHAN_WIDTH_320:
114		WARN_ON(1);
115		break;
116	case NL80211_CHAN_WIDTH_160:
117		vht_oper.chan_width = IEEE80211_VHT_CHANWIDTH_80MHZ;
118		vht_oper.center_freq_seg1_idx = vht_oper.center_freq_seg0_idx;
119		vht_oper.center_freq_seg0_idx +=
120			control_freq < center_freq1 ? -8 : 8;
121		break;
122	case NL80211_CHAN_WIDTH_80P80:
123		vht_oper.chan_width = IEEE80211_VHT_CHANWIDTH_80MHZ;
124		break;
125	case NL80211_CHAN_WIDTH_80:
126		vht_oper.chan_width = IEEE80211_VHT_CHANWIDTH_80MHZ;
127		break;
128	default:
129		vht_oper.chan_width = IEEE80211_VHT_CHANWIDTH_USE_HT;
130		break;
131	}
132
133	ht_oper.operation_mode =
134		le16_encode_bits(vht_oper.center_freq_seg1_idx,
135				 IEEE80211_HT_OP_MODE_CCFS2_MASK);
136
137	if (!ieee80211_chandef_vht_oper(&sdata->local->hw, vht_cap_info,
138					&vht_oper, &ht_oper, chandef))
139		chandef->chan = NULL;
140}
141
142static void
143validate_chandef_by_6ghz_he_eht_oper(struct ieee80211_sub_if_data *sdata,
144				     struct ieee80211_conn_settings *conn,
145				     struct cfg80211_chan_def *chandef)
146{
147	struct ieee80211_local *local = sdata->local;
148	u32 control_freq, center_freq1, center_freq2;
149	enum nl80211_chan_width chan_width;
150	struct {
151		struct ieee80211_he_operation _oper;
152		struct ieee80211_he_6ghz_oper _6ghz_oper;
153	} __packed he;
154	struct {
155		struct ieee80211_eht_operation _oper;
156		struct ieee80211_eht_operation_info _oper_info;
157	} __packed eht;
158
159	if (conn->mode < IEEE80211_CONN_MODE_HE) {
160		chandef->chan = NULL;
161		return;
162	}
163
164	control_freq = chandef->chan->center_freq;
165	center_freq1 = chandef->center_freq1;
166	center_freq2 = chandef->center_freq2;
167	chan_width = chandef->width;
168
169	he._oper.he_oper_params =
170		le32_encode_bits(1, IEEE80211_HE_OPERATION_6GHZ_OP_INFO);
171	he._6ghz_oper.primary =
172		ieee80211_frequency_to_channel(control_freq);
173	he._6ghz_oper.ccfs0 = ieee80211_frequency_to_channel(center_freq1);
174	he._6ghz_oper.ccfs1 = center_freq2 ?
175		ieee80211_frequency_to_channel(center_freq2) : 0;
176
177	switch (chan_width) {
178	case NL80211_CHAN_WIDTH_320:
179		he._6ghz_oper.ccfs1 = he._6ghz_oper.ccfs0;
180		he._6ghz_oper.ccfs0 += control_freq < center_freq1 ? -16 : 16;
181		he._6ghz_oper.control = IEEE80211_EHT_OPER_CHAN_WIDTH_320MHZ;
182		break;
183	case NL80211_CHAN_WIDTH_160:
184		he._6ghz_oper.ccfs1 = he._6ghz_oper.ccfs0;
185		he._6ghz_oper.ccfs0 += control_freq < center_freq1 ? -8 : 8;
186		fallthrough;
187	case NL80211_CHAN_WIDTH_80P80:
188		he._6ghz_oper.control =
189			IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH_160MHZ;
190		break;
191	case NL80211_CHAN_WIDTH_80:
192		he._6ghz_oper.control =
193			IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH_80MHZ;
194		break;
195	case NL80211_CHAN_WIDTH_40:
196		he._6ghz_oper.control =
197			IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH_40MHZ;
198		break;
199	default:
200		he._6ghz_oper.control =
201			IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH_20MHZ;
202		break;
203	}
204
205	if (conn->mode < IEEE80211_CONN_MODE_EHT) {
206		if (!ieee80211_chandef_he_6ghz_oper(local, &he._oper,
207						    NULL, chandef))
208			chandef->chan = NULL;
209	} else {
210		eht._oper.params = IEEE80211_EHT_OPER_INFO_PRESENT;
211		eht._oper_info.control = he._6ghz_oper.control;
212		eht._oper_info.ccfs0 = he._6ghz_oper.ccfs0;
213		eht._oper_info.ccfs1 = he._6ghz_oper.ccfs1;
214
215		if (!ieee80211_chandef_he_6ghz_oper(local, &he._oper,
216						    &eht._oper, chandef))
217			chandef->chan = NULL;
218	}
219}
220
221int ieee80211_parse_ch_switch_ie(struct ieee80211_sub_if_data *sdata,
222				 struct ieee802_11_elems *elems,
223				 enum nl80211_band current_band,
224				 u32 vht_cap_info,
225				 struct ieee80211_conn_settings *conn,
226				 u8 *bssid,
227				 struct ieee80211_csa_ie *csa_ie)
228{
229	enum nl80211_band new_band = current_band;
230	int new_freq;
231	u8 new_chan_no = 0, new_op_class = 0;
232	struct ieee80211_channel *new_chan;
233	struct cfg80211_chan_def new_chandef = {};
234	const struct ieee80211_sec_chan_offs_ie *sec_chan_offs;
235	const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie;
236	const struct ieee80211_bandwidth_indication *bwi;
237	const struct ieee80211_ext_chansw_ie *ext_chansw_elem;
238	int secondary_channel_offset = -1;
239
240	memset(csa_ie, 0, sizeof(*csa_ie));
241
242	sec_chan_offs = elems->sec_chan_offs;
243	wide_bw_chansw_ie = elems->wide_bw_chansw_ie;
244	bwi = elems->bandwidth_indication;
245	ext_chansw_elem = elems->ext_chansw_ie;
246
247	if (conn->mode < IEEE80211_CONN_MODE_HT ||
248	    conn->bw_limit < IEEE80211_CONN_BW_LIMIT_40) {
249		sec_chan_offs = NULL;
250		wide_bw_chansw_ie = NULL;
251	}
252
253	if (conn->mode < IEEE80211_CONN_MODE_VHT)
254		wide_bw_chansw_ie = NULL;
255
256	if (ext_chansw_elem) {
257		new_op_class = ext_chansw_elem->new_operating_class;
258
259		if (!ieee80211_operating_class_to_band(new_op_class, &new_band)) {
260			new_op_class = 0;
261			sdata_info(sdata, "cannot understand ECSA IE operating class, %d, ignoring\n",
262				   ext_chansw_elem->new_operating_class);
263		} else {
264			new_chan_no = ext_chansw_elem->new_ch_num;
265			csa_ie->count = ext_chansw_elem->count;
266			csa_ie->mode = ext_chansw_elem->mode;
267		}
268	}
269
270	if (!new_op_class && elems->ch_switch_ie) {
271		new_chan_no = elems->ch_switch_ie->new_ch_num;
272		csa_ie->count = elems->ch_switch_ie->count;
273		csa_ie->mode = elems->ch_switch_ie->mode;
274	}
275
276	/* nothing here we understand */
277	if (!new_chan_no)
278		return 1;
279
280	/* Mesh Channel Switch Parameters Element */
281	if (elems->mesh_chansw_params_ie) {
282		csa_ie->ttl = elems->mesh_chansw_params_ie->mesh_ttl;
283		csa_ie->mode = elems->mesh_chansw_params_ie->mesh_flags;
284		csa_ie->pre_value = le16_to_cpu(
285				elems->mesh_chansw_params_ie->mesh_pre_value);
286
287		if (elems->mesh_chansw_params_ie->mesh_flags &
288				WLAN_EID_CHAN_SWITCH_PARAM_REASON)
289			csa_ie->reason_code = le16_to_cpu(
290				elems->mesh_chansw_params_ie->mesh_reason);
291	}
292
293	new_freq = ieee80211_channel_to_frequency(new_chan_no, new_band);
294	new_chan = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq);
295	if (!new_chan || new_chan->flags & IEEE80211_CHAN_DISABLED) {
296		sdata_info(sdata,
297			   "BSS %pM switches to unsupported channel (%d MHz), disconnecting\n",
298			   bssid, new_freq);
299		return -EINVAL;
300	}
301
302	if (sec_chan_offs) {
303		secondary_channel_offset = sec_chan_offs->sec_chan_offs;
304	} else if (conn->mode >= IEEE80211_CONN_MODE_HT) {
305		/* If the secondary channel offset IE is not present,
306		 * we can't know what's the post-CSA offset, so the
307		 * best we can do is use 20MHz.
308		*/
309		secondary_channel_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE;
310	}
311
312	switch (secondary_channel_offset) {
313	default:
314		/* secondary_channel_offset was present but is invalid */
315	case IEEE80211_HT_PARAM_CHA_SEC_NONE:
316		cfg80211_chandef_create(&csa_ie->chanreq.oper, new_chan,
317					NL80211_CHAN_HT20);
318		break;
319	case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
320		cfg80211_chandef_create(&csa_ie->chanreq.oper, new_chan,
321					NL80211_CHAN_HT40PLUS);
322		break;
323	case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
324		cfg80211_chandef_create(&csa_ie->chanreq.oper, new_chan,
325					NL80211_CHAN_HT40MINUS);
326		break;
327	case -1:
328		cfg80211_chandef_create(&csa_ie->chanreq.oper, new_chan,
329					NL80211_CHAN_NO_HT);
330		/* keep width for 5/10 MHz channels */
331		switch (sdata->vif.bss_conf.chanreq.oper.width) {
332		case NL80211_CHAN_WIDTH_5:
333		case NL80211_CHAN_WIDTH_10:
334			csa_ie->chanreq.oper.width =
335				sdata->vif.bss_conf.chanreq.oper.width;
336			break;
337		default:
338			break;
339		}
340		break;
341	}
342
343	/* parse one of the Elements to build a new chandef */
344	memset(&new_chandef, 0, sizeof(new_chandef));
345	new_chandef.chan = new_chan;
346	if (bwi) {
347		/* start with the CSA one */
348		new_chandef = csa_ie->chanreq.oper;
349		/* and update the width accordingly */
350		ieee80211_chandef_eht_oper(&bwi->info, &new_chandef);
351	} else if (!wide_bw_chansw_ie || !wbcs_elem_to_chandef(wide_bw_chansw_ie,
352							       &new_chandef)) {
353		if (!ieee80211_operating_class_to_chandef(new_op_class, new_chan,
354							  &new_chandef))
355			new_chandef = csa_ie->chanreq.oper;
356	}
357
358	/* check if the new chandef fits the capabilities */
359	if (new_band == NL80211_BAND_6GHZ)
360		validate_chandef_by_6ghz_he_eht_oper(sdata, conn, &new_chandef);
361	else
362		validate_chandef_by_ht_vht_oper(sdata, conn, vht_cap_info,
363						&new_chandef);
364
365	/* if data is there validate the bandwidth & use it */
366	if (new_chandef.chan) {
367		if (conn->bw_limit < IEEE80211_CONN_BW_LIMIT_320 &&
368		    new_chandef.width == NL80211_CHAN_WIDTH_320)
369			ieee80211_chandef_downgrade(&new_chandef, NULL);
370
371		if (conn->bw_limit < IEEE80211_CONN_BW_LIMIT_160 &&
372		    (new_chandef.width == NL80211_CHAN_WIDTH_80P80 ||
373		     new_chandef.width == NL80211_CHAN_WIDTH_160))
374			ieee80211_chandef_downgrade(&new_chandef, NULL);
375
376		if (!cfg80211_chandef_compatible(&new_chandef,
377						 &csa_ie->chanreq.oper)) {
378			sdata_info(sdata,
379				   "BSS %pM: CSA has inconsistent channel data, disconnecting\n",
380				   bssid);
381			return -EINVAL;
382		}
383
384		csa_ie->chanreq.oper = new_chandef;
385	}
386
387	if (elems->max_channel_switch_time)
388		csa_ie->max_switch_time =
389			(elems->max_channel_switch_time[0] << 0) |
390			(elems->max_channel_switch_time[1] <<  8) |
391			(elems->max_channel_switch_time[2] << 16);
392
393	return 0;
394}
395
396static void ieee80211_send_refuse_measurement_request(struct ieee80211_sub_if_data *sdata,
397					struct ieee80211_msrment_ie *request_ie,
398					const u8 *da, const u8 *bssid,
399					u8 dialog_token)
400{
401	struct ieee80211_local *local = sdata->local;
402	struct sk_buff *skb;
403	struct ieee80211_mgmt *msr_report;
404
405	skb = dev_alloc_skb(sizeof(*msr_report) + local->hw.extra_tx_headroom +
406				sizeof(struct ieee80211_msrment_ie));
407	if (!skb)
408		return;
409
410	skb_reserve(skb, local->hw.extra_tx_headroom);
411	msr_report = skb_put_zero(skb, 24);
412	memcpy(msr_report->da, da, ETH_ALEN);
413	memcpy(msr_report->sa, sdata->vif.addr, ETH_ALEN);
414	memcpy(msr_report->bssid, bssid, ETH_ALEN);
415	msr_report->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
416						IEEE80211_STYPE_ACTION);
417
418	skb_put(skb, 1 + sizeof(msr_report->u.action.u.measurement));
419	msr_report->u.action.category = WLAN_CATEGORY_SPECTRUM_MGMT;
420	msr_report->u.action.u.measurement.action_code =
421				WLAN_ACTION_SPCT_MSR_RPRT;
422	msr_report->u.action.u.measurement.dialog_token = dialog_token;
423
424	msr_report->u.action.u.measurement.element_id = WLAN_EID_MEASURE_REPORT;
425	msr_report->u.action.u.measurement.length =
426			sizeof(struct ieee80211_msrment_ie);
427
428	memset(&msr_report->u.action.u.measurement.msr_elem, 0,
429		sizeof(struct ieee80211_msrment_ie));
430	msr_report->u.action.u.measurement.msr_elem.token = request_ie->token;
431	msr_report->u.action.u.measurement.msr_elem.mode |=
432			IEEE80211_SPCT_MSR_RPRT_MODE_REFUSED;
433	msr_report->u.action.u.measurement.msr_elem.type = request_ie->type;
434
435	ieee80211_tx_skb(sdata, skb);
436}
437
438void ieee80211_process_measurement_req(struct ieee80211_sub_if_data *sdata,
439				       struct ieee80211_mgmt *mgmt,
440				       size_t len)
441{
442	/*
443	 * Ignoring measurement request is spec violation.
444	 * Mandatory measurements must be reported optional
445	 * measurements might be refused or reported incapable
446	 * For now just refuse
447	 * TODO: Answer basic measurement as unmeasured
448	 */
449	ieee80211_send_refuse_measurement_request(sdata,
450			&mgmt->u.action.u.measurement.msr_elem,
451			mgmt->sa, mgmt->bssid,
452			mgmt->u.action.u.measurement.dialog_token);
453}
454