1 files changed, 260 insertions, 176 deletions
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 3bf9839f5916..2a8d09ad17ff 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -21,6 +21,7 @@
 #include <net/iw_handler.h>
 #include "ieee80211_i.h"
+#include "driver-ops.h"
 #include "mesh.h"
 #define IEEE80211_PROBE_DELAY (HZ / 33)
@@ -202,18 +203,6 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb,
        return RX_QUEUED;
 }
-void ieee80211_scan_failed(struct ieee80211_local *local)
-{
-        if (WARN_ON(!local->scan_req))
-                return;
-        /* notify cfg80211 about the failed scan */
-        if (local->scan_req != &local->int_scan_req)
-                cfg80211_scan_done(local->scan_req, true);
-        local->scan_req = NULL;
-}
 /*
 * inform AP that we will go to sleep so that it will buffer the frames
 * while we scan
@@ -253,7 +242,7 @@ static void ieee80211_scan_ps_disable(struct ieee80211_sub_if_data *sdata)
 {
        struct ieee80211_local *local = sdata->local;
-        if (!local->powersave)
+        if (!local->ps_sdata)
                ieee80211_send_nullfunc(local, sdata, 0);
        else {
                /*
@@ -274,51 +263,62 @@ static void ieee80211_scan_ps_disable(struct ieee80211_sub_if_data *sdata)
        }
 }
+static void ieee80211_restore_scan_ies(struct ieee80211_local *local)
+{
+        kfree(local->scan_req->ie);
+        local->scan_req->ie = local->orig_ies;
+        local->scan_req->ie_len = local->orig_ies_len;
+}
 void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
 {
        struct ieee80211_local *local = hw_to_local(hw);
        struct ieee80211_sub_if_data *sdata;
+        bool was_hw_scan;
-        if (WARN_ON(!local->hw_scanning && !local->sw_scanning))
+        mutex_lock(&local->scan_mtx);
+        if (WARN_ON(!local->hw_scanning && !local->sw_scanning)) {
+                mutex_unlock(&local->scan_mtx);
                return;
+        }
-        if (WARN_ON(!local->scan_req))
+        if (WARN_ON(!local->scan_req)) {
+                mutex_unlock(&local->scan_mtx);
                return;
+        }
+        if (local->hw_scanning)
+                ieee80211_restore_scan_ies(local);
        if (local->scan_req != &local->int_scan_req)
                cfg80211_scan_done(local->scan_req, aborted);
        local->scan_req = NULL;
-        local->last_scan_completed = jiffies;
+        was_hw_scan = local->hw_scanning;
+        local->hw_scanning = false;
+        local->sw_scanning = false;
+        local->scan_channel = NULL;
-        if (local->hw_scanning) {
+        /* we only have to protect scan_req and hw/sw scan */
-                local->hw_scanning = false;
+        mutex_unlock(&local->scan_mtx);
-                /*
-                 * Somebody might have requested channel change during scan
-                 * that we won't have acted upon, try now. ieee80211_hw_config
-                 * will set the flag based on actual changes.
-                 */
-                ieee80211_hw_config(local, 0);
-                goto done;
-        }
-        local->sw_scanning = false;
        ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
+        if (was_hw_scan)
+                goto done;
        netif_tx_lock_bh(local->mdev);
        netif_addr_lock(local->mdev);
        local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC;
-        local->ops->configure_filter(local_to_hw(local),
+        drv_configure_filter(local, FIF_BCN_PRBRESP_PROMISC,
-                                     FIF_BCN_PRBRESP_PROMISC,
+                             &local->filter_flags,
-                                     &local->filter_flags,
+                             local->mdev->mc_count,
-                                     local->mdev->mc_count,
+                             local->mdev->mc_list);
-                                     local->mdev->mc_list);
        netif_addr_unlock(local->mdev);
        netif_tx_unlock_bh(local->mdev);
-        if (local->ops->sw_scan_complete)
+        drv_sw_scan_complete(local);
-                local->ops->sw_scan_complete(local_to_hw(local));
        mutex_lock(&local->iflist_mtx);
        list_for_each_entry(sdata, &local->interfaces, list) {
@@ -338,18 +338,160 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
                if (sdata->vif.type == NL80211_IFTYPE_AP ||
                    sdata->vif.type == NL80211_IFTYPE_ADHOC ||
                    sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
-                        ieee80211_if_config(sdata,
+                        ieee80211_bss_info_change_notify(
-                                            IEEE80211_IFCC_BEACON_ENABLED);
+                                sdata, BSS_CHANGED_BEACON_ENABLED);
        }
        mutex_unlock(&local->iflist_mtx);
 done:
+        ieee80211_recalc_idle(local);
        ieee80211_mlme_notify_scan_completed(local);
        ieee80211_ibss_notify_scan_completed(local);
        ieee80211_mesh_notify_scan_completed(local);
 }
 EXPORT_SYMBOL(ieee80211_scan_completed);
+static int ieee80211_start_sw_scan(struct ieee80211_local *local)
+{
+        struct ieee80211_sub_if_data *sdata;
+        /*
+         * Hardware/driver doesn't support hw_scan, so use software
+         * scanning instead. First send a nullfunc frame with power save
+         * bit on so that AP will buffer the frames for us while we are not
+         * listening, then send probe requests to each channel and wait for
+         * the responses. After all channels are scanned, tune back to the
+         * original channel and send a nullfunc frame with power save bit
+         * off to trigger the AP to send us all the buffered frames.
+         *
+         * Note that while local->sw_scanning is true everything else but
+         * nullfunc frames and probe requests will be dropped in
+         * ieee80211_tx_h_check_assoc().
+         */
+        drv_sw_scan_start(local);
+        mutex_lock(&local->iflist_mtx);
+        list_for_each_entry(sdata, &local->interfaces, list) {
+                if (!netif_running(sdata->dev))
+                        continue;
+                /* disable beaconing */
+                if (sdata->vif.type == NL80211_IFTYPE_AP ||
+                    sdata->vif.type == NL80211_IFTYPE_ADHOC ||
+                    sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
+                        ieee80211_bss_info_change_notify(
+                                sdata, BSS_CHANGED_BEACON_ENABLED);
+                if (sdata->vif.type == NL80211_IFTYPE_STATION) {
+                        if (sdata->u.mgd.flags & IEEE80211_STA_ASSOCIATED) {
+                                netif_tx_stop_all_queues(sdata->dev);
+                                ieee80211_scan_ps_enable(sdata);
+                        }
+                } else
+                        netif_tx_stop_all_queues(sdata->dev);
+        }
+        mutex_unlock(&local->iflist_mtx);
+        local->scan_state = SCAN_SET_CHANNEL;
+        local->scan_channel_idx = 0;
+        netif_addr_lock_bh(local->mdev);
+        local->filter_flags |= FIF_BCN_PRBRESP_PROMISC;
+        drv_configure_filter(local, FIF_BCN_PRBRESP_PROMISC,
+                             &local->filter_flags,
+                             local->mdev->mc_count,
+                             local->mdev->mc_list);
+        netif_addr_unlock_bh(local->mdev);
+        /* TODO: start scan as soon as all nullfunc frames are ACKed */
+        queue_delayed_work(local->hw.workqueue, &local->scan_work,
+                           IEEE80211_CHANNEL_TIME);
+        return 0;
+}
+static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
+                                  struct cfg80211_scan_request *req)
+{
+        struct ieee80211_local *local = sdata->local;
+        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
+        int rc;
+        if (local->scan_req)
+                return -EBUSY;
+        if (local->ops->hw_scan) {
+                u8 *ies;
+                int ielen;
+                ies = kmalloc(2 + IEEE80211_MAX_SSID_LEN +
+                              local->scan_ies_len + req->ie_len, GFP_KERNEL);
+                if (!ies)
+                        return -ENOMEM;
+                ielen = ieee80211_build_preq_ies(local, ies,
+                                                 req->ie, req->ie_len);
+                local->orig_ies = req->ie;
+                local->orig_ies_len = req->ie_len;
+                req->ie = ies;
+                req->ie_len = ielen;
+        }
+        local->scan_req = req;
+        local->scan_sdata = sdata;
+        if (req != &local->int_scan_req &&
+            sdata->vif.type == NL80211_IFTYPE_STATION &&
+            (ifmgd->state == IEEE80211_STA_MLME_DIRECT_PROBE ||
+             ifmgd->state == IEEE80211_STA_MLME_AUTHENTICATE ||
+             ifmgd->state == IEEE80211_STA_MLME_ASSOCIATE)) {
+                /* actually wait for the assoc to finish/time out */
+                set_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request);
+                return 0;
+        }
+        if (local->ops->hw_scan)
+                local->hw_scanning = true;
+        else
+                local->sw_scanning = true;
+        /*
+         * Kicking off the scan need not be protected,
+         * only the scan variable stuff, since now
+         * local->scan_req is assigned and other callers
+         * will abort their scan attempts.
+         *
+         * This avoids getting a scan_mtx -> iflist_mtx
+         * dependency, so that the scan completed calls
+         * have more locking freedom.
+         */
+        ieee80211_recalc_idle(local);
+        mutex_unlock(&local->scan_mtx);
+        if (local->ops->hw_scan)
+                rc = drv_hw_scan(local, local->scan_req);
+        else
+                rc = ieee80211_start_sw_scan(local);
+        mutex_lock(&local->scan_mtx);
+        if (rc) {
+                if (local->ops->hw_scan) {
+                        local->hw_scanning = false;
+                        ieee80211_restore_scan_ies(local);
+                } else
+                        local->sw_scanning = false;
+                ieee80211_recalc_idle(local);
+                local->scan_req = NULL;
+                local->scan_sdata = NULL;
+        }
+        return rc;
+}
 void ieee80211_scan_work(struct work_struct *work)
 {
        struct ieee80211_local *local =
@@ -359,17 +501,41 @@ void ieee80211_scan_work(struct work_struct *work)
        int skip, i;
        unsigned long next_delay = 0;
+        mutex_lock(&local->scan_mtx);
+        if (!sdata || !local->scan_req) {
+                mutex_unlock(&local->scan_mtx);
+                return;
+        }
+        if (local->scan_req && !(local->sw_scanning || local->hw_scanning)) {
+                struct cfg80211_scan_request *req = local->scan_req;
+                int rc;
+                local->scan_req = NULL;
+                rc = __ieee80211_start_scan(sdata, req);
+                mutex_unlock(&local->scan_mtx);
+                if (rc)
+                        ieee80211_scan_completed(&local->hw, true);
+                return;
+        }
+        mutex_unlock(&local->scan_mtx);
        /*
         * Avoid re-scheduling when the sdata is going away.
         */
-        if (!netif_running(sdata->dev))
+        if (!netif_running(sdata->dev)) {
+                ieee80211_scan_completed(&local->hw, true);
                return;
+        }
        switch (local->scan_state) {
        case SCAN_SET_CHANNEL:
                /* if no more bands/channels left, complete scan */
                if (local->scan_channel_idx >= local->scan_req->n_channels) {
-                        ieee80211_scan_completed(local_to_hw(local), false);
+                        ieee80211_scan_completed(&local->hw, false);
                        return;
                }
                skip = 0;
@@ -393,24 +559,39 @@ void ieee80211_scan_work(struct work_struct *work)
                if (skip)
                        break;
-                next_delay = IEEE80211_PROBE_DELAY +
+                /*
-                             usecs_to_jiffies(local->hw.channel_change_time);
+                 * Probe delay is used to update the NAV, cf. 11.1.3.2.2
+                 * (which unfortunately doesn't say _why_ step a) is done,
+                 * but it waits for the probe delay or until a frame is
+                 * received - and the received frame would update the NAV).
+                 * For now, we do not support waiting until a frame is
+                 * received.
+                 *
+                 * In any case, it is not necessary for a passive scan.
+                 */
+                if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN ||
+                    !local->scan_req->n_ssids) {
+                        next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
+                        break;
+                }
+                next_delay = IEEE80211_PROBE_DELAY;
                local->scan_state = SCAN_SEND_PROBE;
                break;
        case SCAN_SEND_PROBE:
-                next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
-                local->scan_state = SCAN_SET_CHANNEL;
-                if (local->scan_channel->flags & IEEE80211_CHAN_PASSIVE_SCAN ||
-                    !local->scan_req->n_ssids)
-                        break;
                for (i = 0; i < local->scan_req->n_ssids; i++)
                        ieee80211_send_probe_req(
                                sdata, NULL,
                                local->scan_req->ssids[i].ssid,
                                local->scan_req->ssids[i].ssid_len,
                                local->scan_req->ie, local->scan_req->ie_len);
+                /*
+                 * After sending probe requests, wait for probe responses
+                 * on the channel.
+                 */
                next_delay = IEEE80211_CHANNEL_TIME;
+                local->scan_state = SCAN_SET_CHANNEL;
                break;
        }
@@ -418,150 +599,53 @@ void ieee80211_scan_work(struct work_struct *work)
                           next_delay);
 }
+int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
-int ieee80211_start_scan(struct ieee80211_sub_if_data *scan_sdata,
+                           struct cfg80211_scan_request *req)
-                         struct cfg80211_scan_request *req)
 {
-        struct ieee80211_local *local = scan_sdata->local;
+        int res;
-        struct ieee80211_sub_if_data *sdata;
-        if (!req)
-                return -EINVAL;
-        if (local->scan_req && local->scan_req != req)
-                return -EBUSY;
-        local->scan_req = req;
-        /* MLME-SCAN.request (page 118)  page 144 (11.1.3.1)
-         * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
-         * BSSID: MACAddress
-         * SSID
-         * ScanType: ACTIVE, PASSIVE
-         * ProbeDelay: delay (in microseconds) to be used prior to transmitting
-         *    a Probe frame during active scanning
-         * ChannelList
-         * MinChannelTime (>= ProbeDelay), in TU
-         * MaxChannelTime: (>= MinChannelTime), in TU
-         */
-         /* MLME-SCAN.confirm
-          * BSSDescriptionSet
-          * ResultCode: SUCCESS, INVALID_PARAMETERS
-         */
-        if (local->sw_scanning || local->hw_scanning) {
-                if (local->scan_sdata == scan_sdata)
-                        return 0;
-                return -EBUSY;
-        }
-        if (local->ops->hw_scan) {
-                int rc;
-                local->hw_scanning = true;
-                rc = local->ops->hw_scan(local_to_hw(local), req);
-                if (rc) {
-                        local->hw_scanning = false;
-                        return rc;
-                }
-                local->scan_sdata = scan_sdata;
-                return 0;
-        }
-        /*
-         * Hardware/driver doesn't support hw_scan, so use software
-         * scanning instead. First send a nullfunc frame with power save
-         * bit on so that AP will buffer the frames for us while we are not
-         * listening, then send probe requests to each channel and wait for
-         * the responses. After all channels are scanned, tune back to the
-         * original channel and send a nullfunc frame with power save bit
-         * off to trigger the AP to send us all the buffered frames.
-         *
-         * Note that while local->sw_scanning is true everything else but
-         * nullfunc frames and probe requests will be dropped in
-         * ieee80211_tx_h_check_assoc().
-         */
-        local->sw_scanning = true;
-        if (local->ops->sw_scan_start)
-                local->ops->sw_scan_start(local_to_hw(local));
-        mutex_lock(&local->iflist_mtx);
+        mutex_lock(&sdata->local->scan_mtx);
-        list_for_each_entry(sdata, &local->interfaces, list) {
+        res = __ieee80211_start_scan(sdata, req);
-                if (!netif_running(sdata->dev))
+        mutex_unlock(&sdata->local->scan_mtx);
-                        continue;
-                /* disable beaconing */
+        return res;
-                if (sdata->vif.type == NL80211_IFTYPE_AP ||
+}
-                    sdata->vif.type == NL80211_IFTYPE_ADHOC ||
-                    sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
-                        ieee80211_if_config(sdata,
-                                            IEEE80211_IFCC_BEACON_ENABLED);
-                if (sdata->vif.type == NL80211_IFTYPE_STATION) {
+int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
-                        if (sdata->u.mgd.flags & IEEE80211_STA_ASSOCIATED) {
+                                    const u8 *ssid, u8 ssid_len)
-                                netif_tx_stop_all_queues(sdata->dev);
+{
-                                ieee80211_scan_ps_enable(sdata);
+        struct ieee80211_local *local = sdata->local;
-                        }
+        int ret = -EBUSY;
-                } else
-                        netif_tx_stop_all_queues(sdata->dev);
-        }
-        mutex_unlock(&local->iflist_mtx);
-        local->scan_state = SCAN_SET_CHANNEL;
+        mutex_lock(&local->scan_mtx);
-        local->scan_channel_idx = 0;
-        local->scan_sdata = scan_sdata;
-        local->scan_req = req;
-        netif_addr_lock_bh(local->mdev);
+        /* busy scanning */
-        local->filter_flags |= FIF_BCN_PRBRESP_PROMISC;
+        if (local->scan_req)
-        local->ops->configure_filter(local_to_hw(local),
+                goto unlock;
-                                     FIF_BCN_PRBRESP_PROMISC,
-                                     &local->filter_flags,
-                                     local->mdev->mc_count,
-                                     local->mdev->mc_list);
-        netif_addr_unlock_bh(local->mdev);
-        /* TODO: start scan as soon as all nullfunc frames are ACKed */
+        memcpy(local->int_scan_req.ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN);
-        queue_delayed_work(local->hw.workqueue, &local->scan_work,
+        local->int_scan_req.ssids[0].ssid_len = ssid_len;
-                           IEEE80211_CHANNEL_TIME);
-        return 0;
+        ret = __ieee80211_start_scan(sdata, &sdata->local->int_scan_req);
+ unlock:
+        mutex_unlock(&local->scan_mtx);
+        return ret;
 }
+void ieee80211_scan_cancel(struct ieee80211_local *local)
-int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
-                           struct cfg80211_scan_request *req)
 {
-        struct ieee80211_local *local = sdata->local;
+        bool swscan;
-        struct ieee80211_if_managed *ifmgd;
-        if (!req)
-                return -EINVAL;
-        if (local->scan_req && local->scan_req != req)
+        cancel_delayed_work_sync(&local->scan_work);
-                return -EBUSY;
-        local->scan_req = req;
-        if (sdata->vif.type != NL80211_IFTYPE_STATION)
-                return ieee80211_start_scan(sdata, req);
        /*
-         * STA has a state machine that might need to defer scanning
+         * Only call this function when a scan can't be
-         * while it's trying to associate/authenticate, therefore we
+         * queued -- mostly at suspend under RTNL.
-         * queue it up to the state machine in that case.
         */
+        mutex_lock(&local->scan_mtx);
+        swscan = local->sw_scanning;
+        mutex_unlock(&local->scan_mtx);
-        if (local->sw_scanning || local->hw_scanning) {
+        if (swscan)
-                if (local->scan_sdata == sdata)
+                ieee80211_scan_completed(&local->hw, true);
-                        return 0;
-                return -EBUSY;
-        }
-        ifmgd = &sdata->u.mgd;
-        set_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request);
-        queue_work(local->hw.workqueue, &ifmgd->work);
-        return 0;
 }

diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 3bf9839f5916..2a8d09ad17ff 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c
@@ -21,6 +21,7 @@
21	#include <net/iw_handler.h>	21	#include <net/iw_handler.h>
22		22
23	#include "ieee80211_i.h"	23	#include "ieee80211_i.h"
		24	#include "driver-ops.h"
24	#include "mesh.h"	25	#include "mesh.h"
25		26
26	#define IEEE80211_PROBE_DELAY (HZ / 33)	27	#define IEEE80211_PROBE_DELAY (HZ / 33)
@@ -202,18 +203,6 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data sdata, struct sk_buff skb,
202	return RX_QUEUED;	203	return RX_QUEUED;
203	}	204	}
204		205
205	void ieee80211_scan_failed(struct ieee80211_local *local)
206	{
207	if (WARN_ON(!local->scan_req))
208	return;
209
210	/* notify cfg80211 about the failed scan */
211	if (local->scan_req != &local->int_scan_req)
212	cfg80211_scan_done(local->scan_req, true);
213
214	local->scan_req = NULL;
215	}
216
217	/*	206	/*
218	* inform AP that we will go to sleep so that it will buffer the frames	207	* inform AP that we will go to sleep so that it will buffer the frames
219	* while we scan	208	* while we scan
@@ -253,7 +242,7 @@ static void ieee80211_scan_ps_disable(struct ieee80211_sub_if_data *sdata)
253	{	242	{
254	struct ieee80211_local *local = sdata->local;	243	struct ieee80211_local *local = sdata->local;
255		244
256	if (!local->powersave)	245	if (!local->ps_sdata)
257	ieee80211_send_nullfunc(local, sdata, 0);	246	ieee80211_send_nullfunc(local, sdata, 0);
258	else {	247	else {
259	/*	248	/*
@@ -274,51 +263,62 @@ static void ieee80211_scan_ps_disable(struct ieee80211_sub_if_data *sdata)
274	}	263	}
275	}	264	}
276		265
		266	static void ieee80211_restore_scan_ies(struct ieee80211_local *local)
		267	{
		268	kfree(local->scan_req->ie);
		269	local->scan_req->ie = local->orig_ies;
		270	local->scan_req->ie_len = local->orig_ies_len;
		271	}
		272
277	void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)	273	void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
278	{	274	{
279	struct ieee80211_local *local = hw_to_local(hw);	275	struct ieee80211_local *local = hw_to_local(hw);
280	struct ieee80211_sub_if_data *sdata;	276	struct ieee80211_sub_if_data *sdata;
		277	bool was_hw_scan;
281		278
282	if (WARN_ON(!local->hw_scanning && !local->sw_scanning))	279	mutex_lock(&local->scan_mtx);
		280
		281	if (WARN_ON(!local->hw_scanning && !local->sw_scanning)) {
		282	mutex_unlock(&local->scan_mtx);
283	return;	283	return;
		284	}
284		285
285	if (WARN_ON(!local->scan_req))	286	if (WARN_ON(!local->scan_req)) {
		287	mutex_unlock(&local->scan_mtx);
286	return;	288	return;
		289	}
		290
		291	if (local->hw_scanning)
		292	ieee80211_restore_scan_ies(local);
287		293
288	if (local->scan_req != &local->int_scan_req)	294	if (local->scan_req != &local->int_scan_req)
289	cfg80211_scan_done(local->scan_req, aborted);	295	cfg80211_scan_done(local->scan_req, aborted);
290	local->scan_req = NULL;	296	local->scan_req = NULL;
291		297
292	local->last_scan_completed = jiffies;	298	was_hw_scan = local->hw_scanning;
		299	local->hw_scanning = false;
		300	local->sw_scanning = false;
		301	local->scan_channel = NULL;
293		302
294	if (local->hw_scanning) {	303	/* we only have to protect scan_req and hw/sw scan */
295	local->hw_scanning = false;	304	mutex_unlock(&local->scan_mtx);
296	/*
297	* Somebody might have requested channel change during scan
298	* that we won't have acted upon, try now. ieee80211_hw_config
299	* will set the flag based on actual changes.
300	*/
301	ieee80211_hw_config(local, 0);
302	goto done;
303	}
304		305
305	local->sw_scanning = false;
306	ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);	306	ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
		307	if (was_hw_scan)
		308	goto done;
307		309
308	netif_tx_lock_bh(local->mdev);	310	netif_tx_lock_bh(local->mdev);
309	netif_addr_lock(local->mdev);	311	netif_addr_lock(local->mdev);
310	local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC;	312	local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC;
311	local->ops->configure_filter(local_to_hw(local),	313	drv_configure_filter(local, FIF_BCN_PRBRESP_PROMISC,
312	FIF_BCN_PRBRESP_PROMISC,	314	&local->filter_flags,
313	&local->filter_flags,	315	local->mdev->mc_count,
314	local->mdev->mc_count,	316	local->mdev->mc_list);
315	local->mdev->mc_list);
316		317
317	netif_addr_unlock(local->mdev);	318	netif_addr_unlock(local->mdev);
318	netif_tx_unlock_bh(local->mdev);	319	netif_tx_unlock_bh(local->mdev);
319		320
320	if (local->ops->sw_scan_complete)	321	drv_sw_scan_complete(local);
321	local->ops->sw_scan_complete(local_to_hw(local));
322		322
323	mutex_lock(&local->iflist_mtx);	323	mutex_lock(&local->iflist_mtx);
324	list_for_each_entry(sdata, &local->interfaces, list) {	324	list_for_each_entry(sdata, &local->interfaces, list) {
@@ -338,18 +338,160 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
338	if (sdata->vif.type == NL80211_IFTYPE_AP \|\|	338	if (sdata->vif.type == NL80211_IFTYPE_AP \|\|
339	sdata->vif.type == NL80211_IFTYPE_ADHOC \|\|	339	sdata->vif.type == NL80211_IFTYPE_ADHOC \|\|
340	sdata->vif.type == NL80211_IFTYPE_MESH_POINT)	340	sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
341	ieee80211_if_config(sdata,	341	ieee80211_bss_info_change_notify(
342	IEEE80211_IFCC_BEACON_ENABLED);	342	sdata, BSS_CHANGED_BEACON_ENABLED);
343	}	343	}
344	mutex_unlock(&local->iflist_mtx);	344	mutex_unlock(&local->iflist_mtx);
345		345
346	done:	346	done:
		347	ieee80211_recalc_idle(local);
347	ieee80211_mlme_notify_scan_completed(local);	348	ieee80211_mlme_notify_scan_completed(local);
348	ieee80211_ibss_notify_scan_completed(local);	349	ieee80211_ibss_notify_scan_completed(local);
349	ieee80211_mesh_notify_scan_completed(local);	350	ieee80211_mesh_notify_scan_completed(local);
350	}	351	}
351	EXPORT_SYMBOL(ieee80211_scan_completed);	352	EXPORT_SYMBOL(ieee80211_scan_completed);
352		353
		354	static int ieee80211_start_sw_scan(struct ieee80211_local *local)
		355	{
		356	struct ieee80211_sub_if_data *sdata;
		357
		358	/*
		359	* Hardware/driver doesn't support hw_scan, so use software
		360	* scanning instead. First send a nullfunc frame with power save
		361	* bit on so that AP will buffer the frames for us while we are not
		362	* listening, then send probe requests to each channel and wait for
		363	* the responses. After all channels are scanned, tune back to the
		364	* original channel and send a nullfunc frame with power save bit
		365	* off to trigger the AP to send us all the buffered frames.
		366	*
		367	* Note that while local->sw_scanning is true everything else but
		368	* nullfunc frames and probe requests will be dropped in
		369	* ieee80211_tx_h_check_assoc().
		370	*/
		371	drv_sw_scan_start(local);
		372
		373	mutex_lock(&local->iflist_mtx);
		374	list_for_each_entry(sdata, &local->interfaces, list) {
		375	if (!netif_running(sdata->dev))
		376	continue;
		377
		378	/* disable beaconing */
		379	if (sdata->vif.type == NL80211_IFTYPE_AP \|\|
		380	sdata->vif.type == NL80211_IFTYPE_ADHOC \|\|
		381	sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
		382	ieee80211_bss_info_change_notify(
		383	sdata, BSS_CHANGED_BEACON_ENABLED);
		384
		385	if (sdata->vif.type == NL80211_IFTYPE_STATION) {
		386	if (sdata->u.mgd.flags & IEEE80211_STA_ASSOCIATED) {
		387	netif_tx_stop_all_queues(sdata->dev);
		388	ieee80211_scan_ps_enable(sdata);
		389	}
		390	} else
		391	netif_tx_stop_all_queues(sdata->dev);
		392	}
		393	mutex_unlock(&local->iflist_mtx);
		394
		395	local->scan_state = SCAN_SET_CHANNEL;
		396	local->scan_channel_idx = 0;
		397
		398	netif_addr_lock_bh(local->mdev);
		399	local->filter_flags \|= FIF_BCN_PRBRESP_PROMISC;
		400	drv_configure_filter(local, FIF_BCN_PRBRESP_PROMISC,
		401	&local->filter_flags,
		402	local->mdev->mc_count,
		403	local->mdev->mc_list);
		404	netif_addr_unlock_bh(local->mdev);
		405
		406	/* TODO: start scan as soon as all nullfunc frames are ACKed */
		407	queue_delayed_work(local->hw.workqueue, &local->scan_work,
		408	IEEE80211_CHANNEL_TIME);
		409
		410	return 0;
		411	}
		412
		413
		414	static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
		415	struct cfg80211_scan_request *req)
		416	{
		417	struct ieee80211_local *local = sdata->local;
		418	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
		419	int rc;
		420
		421	if (local->scan_req)
		422	return -EBUSY;
		423
		424	if (local->ops->hw_scan) {
		425	u8 *ies;
		426	int ielen;
		427
		428	ies = kmalloc(2 + IEEE80211_MAX_SSID_LEN +
		429	local->scan_ies_len + req->ie_len, GFP_KERNEL);
		430	if (!ies)
		431	return -ENOMEM;
		432
		433	ielen = ieee80211_build_preq_ies(local, ies,
		434	req->ie, req->ie_len);
		435	local->orig_ies = req->ie;
		436	local->orig_ies_len = req->ie_len;
		437	req->ie = ies;
		438	req->ie_len = ielen;
		439	}
		440
		441	local->scan_req = req;
		442	local->scan_sdata = sdata;
		443
		444	if (req != &local->int_scan_req &&
		445	sdata->vif.type == NL80211_IFTYPE_STATION &&
		446	(ifmgd->state == IEEE80211_STA_MLME_DIRECT_PROBE \|\|
		447	ifmgd->state == IEEE80211_STA_MLME_AUTHENTICATE \|\|
		448	ifmgd->state == IEEE80211_STA_MLME_ASSOCIATE)) {
		449	/* actually wait for the assoc to finish/time out */
		450	set_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request);
		451	return 0;
		452	}
		453
		454	if (local->ops->hw_scan)
		455	local->hw_scanning = true;
		456	else
		457	local->sw_scanning = true;
		458	/*
		459	* Kicking off the scan need not be protected,
		460	* only the scan variable stuff, since now
		461	* local->scan_req is assigned and other callers
		462	* will abort their scan attempts.
		463	*
		464	* This avoids getting a scan_mtx -> iflist_mtx
		465	* dependency, so that the scan completed calls
		466	* have more locking freedom.
		467	*/
		468
		469	ieee80211_recalc_idle(local);
		470	mutex_unlock(&local->scan_mtx);
		471
		472	if (local->ops->hw_scan)
		473	rc = drv_hw_scan(local, local->scan_req);
		474	else
		475	rc = ieee80211_start_sw_scan(local);
		476
		477	mutex_lock(&local->scan_mtx);
		478
		479	if (rc) {
		480	if (local->ops->hw_scan) {
		481	local->hw_scanning = false;
		482	ieee80211_restore_scan_ies(local);
		483	} else
		484	local->sw_scanning = false;
		485
		486	ieee80211_recalc_idle(local);
		487
		488	local->scan_req = NULL;
		489	local->scan_sdata = NULL;
		490	}
		491
		492	return rc;
		493	}
		494
353	void ieee80211_scan_work(struct work_struct *work)	495	void ieee80211_scan_work(struct work_struct *work)
354	{	496	{
355	struct ieee80211_local *local =	497	struct ieee80211_local *local =
@@ -359,17 +501,41 @@ void ieee80211_scan_work(struct work_struct *work)
359	int skip, i;	501	int skip, i;
360	unsigned long next_delay = 0;	502	unsigned long next_delay = 0;
361		503
		504	mutex_lock(&local->scan_mtx);
		505	if (!sdata \|\| !local->scan_req) {
		506	mutex_unlock(&local->scan_mtx);
		507	return;
		508	}
		509
		510	if (local->scan_req && !(local->sw_scanning \|\| local->hw_scanning)) {
		511	struct cfg80211_scan_request *req = local->scan_req;
		512	int rc;
		513
		514	local->scan_req = NULL;
		515
		516	rc = __ieee80211_start_scan(sdata, req);
		517	mutex_unlock(&local->scan_mtx);
		518
		519	if (rc)
		520	ieee80211_scan_completed(&local->hw, true);
		521	return;
		522	}
		523
		524	mutex_unlock(&local->scan_mtx);
		525
362	/*	526	/*
363	* Avoid re-scheduling when the sdata is going away.	527	* Avoid re-scheduling when the sdata is going away.
364	*/	528	*/
365	if (!netif_running(sdata->dev))	529	if (!netif_running(sdata->dev)) {
		530	ieee80211_scan_completed(&local->hw, true);
366	return;	531	return;
		532	}
367		533
368	switch (local->scan_state) {	534	switch (local->scan_state) {
369	case SCAN_SET_CHANNEL:	535	case SCAN_SET_CHANNEL:
370	/* if no more bands/channels left, complete scan */	536	/* if no more bands/channels left, complete scan */
371	if (local->scan_channel_idx >= local->scan_req->n_channels) {	537	if (local->scan_channel_idx >= local->scan_req->n_channels) {
372	ieee80211_scan_completed(local_to_hw(local), false);	538	ieee80211_scan_completed(&local->hw, false);
373	return;	539	return;
374	}	540	}
375	skip = 0;	541	skip = 0;
@@ -393,24 +559,39 @@ void ieee80211_scan_work(struct work_struct *work)
393	if (skip)	559	if (skip)
394	break;	560	break;
395		561
396	next_delay = IEEE80211_PROBE_DELAY +	562	/*
397	usecs_to_jiffies(local->hw.channel_change_time);	563	* Probe delay is used to update the NAV, cf. 11.1.3.2.2
		564	* (which unfortunately doesn't say _why_ step a) is done,
		565	* but it waits for the probe delay or until a frame is
		566	* received - and the received frame would update the NAV).
		567	* For now, we do not support waiting until a frame is
		568	* received.
		569	*
		570	* In any case, it is not necessary for a passive scan.
		571	*/
		572	if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN \|\|
		573	!local->scan_req->n_ssids) {
		574	next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
		575	break;
		576	}
		577
		578	next_delay = IEEE80211_PROBE_DELAY;
398	local->scan_state = SCAN_SEND_PROBE;	579	local->scan_state = SCAN_SEND_PROBE;
399	break;	580	break;
400	case SCAN_SEND_PROBE:	581	case SCAN_SEND_PROBE:
401	next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
402	local->scan_state = SCAN_SET_CHANNEL;
403
404	if (local->scan_channel->flags & IEEE80211_CHAN_PASSIVE_SCAN \|\|
405	!local->scan_req->n_ssids)
406	break;
407	for (i = 0; i < local->scan_req->n_ssids; i++)	582	for (i = 0; i < local->scan_req->n_ssids; i++)
408	ieee80211_send_probe_req(	583	ieee80211_send_probe_req(
409	sdata, NULL,	584	sdata, NULL,
410	local->scan_req->ssids[i].ssid,	585	local->scan_req->ssids[i].ssid,
411	local->scan_req->ssids[i].ssid_len,	586	local->scan_req->ssids[i].ssid_len,
412	local->scan_req->ie, local->scan_req->ie_len);	587	local->scan_req->ie, local->scan_req->ie_len);
		588
		589	/*
		590	* After sending probe requests, wait for probe responses
		591	* on the channel.
		592	*/
413	next_delay = IEEE80211_CHANNEL_TIME;	593	next_delay = IEEE80211_CHANNEL_TIME;
		594	local->scan_state = SCAN_SET_CHANNEL;
414	break;	595	break;
415	}	596	}
416		597
@@ -418,150 +599,53 @@ void ieee80211_scan_work(struct work_struct *work)
418	next_delay);	599	next_delay);
419	}	600	}
420		601
421		602	int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
422	int ieee80211_start_scan(struct ieee80211_sub_if_data *scan_sdata,	603	struct cfg80211_scan_request *req)
423	struct cfg80211_scan_request *req)
424	{	604	{
425	struct ieee80211_local *local = scan_sdata->local;	605	int res;
426	struct ieee80211_sub_if_data *sdata;
427
428	if (!req)
429	return -EINVAL;
430
431	if (local->scan_req && local->scan_req != req)
432	return -EBUSY;
433
434	local->scan_req = req;
435
436	/* MLME-SCAN.request (page 118) page 144 (11.1.3.1)
437	* BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
438	* BSSID: MACAddress
439	* SSID
440	* ScanType: ACTIVE, PASSIVE
441	* ProbeDelay: delay (in microseconds) to be used prior to transmitting
442	* a Probe frame during active scanning
443	* ChannelList
444	* MinChannelTime (>= ProbeDelay), in TU
445	* MaxChannelTime: (>= MinChannelTime), in TU
446	*/
447
448	/* MLME-SCAN.confirm
449	* BSSDescriptionSet
450	* ResultCode: SUCCESS, INVALID_PARAMETERS
451	*/
452
453	if (local->sw_scanning \|\| local->hw_scanning) {
454	if (local->scan_sdata == scan_sdata)
455	return 0;
456	return -EBUSY;
457	}
458
459	if (local->ops->hw_scan) {
460	int rc;
461
462	local->hw_scanning = true;
463	rc = local->ops->hw_scan(local_to_hw(local), req);
464	if (rc) {
465	local->hw_scanning = false;
466	return rc;
467	}
468	local->scan_sdata = scan_sdata;
469	return 0;
470	}
471
472	/*
473	* Hardware/driver doesn't support hw_scan, so use software
474	* scanning instead. First send a nullfunc frame with power save
475	* bit on so that AP will buffer the frames for us while we are not
476	* listening, then send probe requests to each channel and wait for
477	* the responses. After all channels are scanned, tune back to the
478	* original channel and send a nullfunc frame with power save bit
479	* off to trigger the AP to send us all the buffered frames.
480	*
481	* Note that while local->sw_scanning is true everything else but
482	* nullfunc frames and probe requests will be dropped in
483	* ieee80211_tx_h_check_assoc().
484	*/
485	local->sw_scanning = true;
486	if (local->ops->sw_scan_start)
487	local->ops->sw_scan_start(local_to_hw(local));
488		606
489	mutex_lock(&local->iflist_mtx);	607	mutex_lock(&sdata->local->scan_mtx);
490	list_for_each_entry(sdata, &local->interfaces, list) {	608	res = __ieee80211_start_scan(sdata, req);
491	if (!netif_running(sdata->dev))	609	mutex_unlock(&sdata->local->scan_mtx);
492	continue;
493		610
494	/* disable beaconing */	611	return res;
495	if (sdata->vif.type == NL80211_IFTYPE_AP \|\|	612	}
496	sdata->vif.type == NL80211_IFTYPE_ADHOC \|\|
497	sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
498	ieee80211_if_config(sdata,
499	IEEE80211_IFCC_BEACON_ENABLED);
500		613
501	if (sdata->vif.type == NL80211_IFTYPE_STATION) {	614	int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
502	if (sdata->u.mgd.flags & IEEE80211_STA_ASSOCIATED) {	615	const u8 *ssid, u8 ssid_len)
503	netif_tx_stop_all_queues(sdata->dev);	616	{
504	ieee80211_scan_ps_enable(sdata);	617	struct ieee80211_local *local = sdata->local;
505	}	618	int ret = -EBUSY;
506	} else
507	netif_tx_stop_all_queues(sdata->dev);
508	}
509	mutex_unlock(&local->iflist_mtx);
510		619
511	local->scan_state = SCAN_SET_CHANNEL;	620	mutex_lock(&local->scan_mtx);
512	local->scan_channel_idx = 0;
513	local->scan_sdata = scan_sdata;
514	local->scan_req = req;
515		621
516	netif_addr_lock_bh(local->mdev);	622	/* busy scanning */
517	local->filter_flags \|= FIF_BCN_PRBRESP_PROMISC;	623	if (local->scan_req)
518	local->ops->configure_filter(local_to_hw(local),	624	goto unlock;
519	FIF_BCN_PRBRESP_PROMISC,
520	&local->filter_flags,
521	local->mdev->mc_count,
522	local->mdev->mc_list);
523	netif_addr_unlock_bh(local->mdev);
524		625
525	/* TODO: start scan as soon as all nullfunc frames are ACKed */	626	memcpy(local->int_scan_req.ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN);
526	queue_delayed_work(local->hw.workqueue, &local->scan_work,	627	local->int_scan_req.ssids[0].ssid_len = ssid_len;
527	IEEE80211_CHANNEL_TIME);
528		628
529	return 0;	629	ret = __ieee80211_start_scan(sdata, &sdata->local->int_scan_req);
		630	unlock:
		631	mutex_unlock(&local->scan_mtx);
		632	return ret;
530	}	633	}
531		634
532		635	void ieee80211_scan_cancel(struct ieee80211_local *local)
533	int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
534	struct cfg80211_scan_request *req)
535	{	636	{
536	struct ieee80211_local *local = sdata->local;	637	bool swscan;
537	struct ieee80211_if_managed *ifmgd;
538
539	if (!req)
540	return -EINVAL;
541		638
542	if (local->scan_req && local->scan_req != req)	639	cancel_delayed_work_sync(&local->scan_work);
543	return -EBUSY;
544
545	local->scan_req = req;
546
547	if (sdata->vif.type != NL80211_IFTYPE_STATION)
548	return ieee80211_start_scan(sdata, req);
549		640
550	/*	641	/*
551	* STA has a state machine that might need to defer scanning	642	* Only call this function when a scan can't be
552	* while it's trying to associate/authenticate, therefore we	643	* queued -- mostly at suspend under RTNL.
553	* queue it up to the state machine in that case.
554	*/	644	*/
		645	mutex_lock(&local->scan_mtx);
		646	swscan = local->sw_scanning;
		647	mutex_unlock(&local->scan_mtx);
555		648
556	if (local->sw_scanning \|\| local->hw_scanning) {	649	if (swscan)
557	if (local->scan_sdata == sdata)	650	ieee80211_scan_completed(&local->hw, true);
558	return 0;
559	return -EBUSY;
560	}
561
562	ifmgd = &sdata->u.mgd;
563	set_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request);
564	queue_work(local->hw.workqueue, &ifmgd->work);
565
566	return 0;
567	}	651	}