]>
Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
6039f6d2 JM |
2 | /* |
3 | * cfg80211 MLME SAP interface | |
4 | * | |
5 | * Copyright (c) 2009, Jouni Malinen <j@w1.fi> | |
33d8783c | 6 | * Copyright (c) 2015 Intel Deutschland GmbH |
6039f6d2 JM |
7 | */ |
8 | ||
9 | #include <linux/kernel.h> | |
10 | #include <linux/module.h> | |
c6fb08aa | 11 | #include <linux/etherdevice.h> |
6039f6d2 JM |
12 | #include <linux/netdevice.h> |
13 | #include <linux/nl80211.h> | |
5a0e3ad6 | 14 | #include <linux/slab.h> |
a9a11622 | 15 | #include <linux/wireless.h> |
6039f6d2 | 16 | #include <net/cfg80211.h> |
a9a11622 | 17 | #include <net/iw_handler.h> |
6039f6d2 JM |
18 | #include "core.h" |
19 | #include "nl80211.h" | |
e35e4d28 HG |
20 | #include "rdev-ops.h" |
21 | ||
6039f6d2 | 22 | |
6ff57cf8 | 23 | void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss, |
b0b6aa2c | 24 | const u8 *buf, size_t len, int uapsd_queues) |
6039f6d2 | 25 | { |
6829c878 JB |
26 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
27 | struct wiphy *wiphy = wdev->wiphy; | |
f26cbf40 | 28 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); |
6829c878 | 29 | struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; |
5349a0f7 VK |
30 | struct cfg80211_connect_resp_params cr; |
31 | ||
32 | memset(&cr, 0, sizeof(cr)); | |
33 | cr.status = (int)le16_to_cpu(mgmt->u.assoc_resp.status_code); | |
34 | cr.bssid = mgmt->bssid; | |
35 | cr.bss = bss; | |
36 | cr.resp_ie = mgmt->u.assoc_resp.variable; | |
37 | cr.resp_ie_len = | |
38 | len - offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); | |
39 | cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED; | |
6829c878 | 40 | |
4ee3e063 | 41 | trace_cfg80211_send_rx_assoc(dev, bss); |
cb0b4beb | 42 | |
f401a6f7 JB |
43 | /* |
44 | * This is a bit of a hack, we don't notify userspace of | |
45 | * a (re-)association reply if we tried to send a reassoc | |
46 | * and got a reject -- we only try again with an assoc | |
47 | * frame instead of reassoc. | |
48 | */ | |
5349a0f7 | 49 | if (cfg80211_sme_rx_assoc_resp(wdev, cr.status)) { |
f1940c57 | 50 | cfg80211_unhold_bss(bss_from_pub(bss)); |
5b112d3d | 51 | cfg80211_put_bss(wiphy, bss); |
8d61ffa5 | 52 | return; |
95de817b | 53 | } |
f401a6f7 | 54 | |
b0b6aa2c | 55 | nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues); |
ceca7b71 | 56 | /* update current_bss etc., consumes the bss reference */ |
5349a0f7 | 57 | __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS); |
6039f6d2 | 58 | } |
6ff57cf8 | 59 | EXPORT_SYMBOL(cfg80211_rx_assoc_resp); |
6039f6d2 | 60 | |
ceca7b71 JB |
61 | static void cfg80211_process_auth(struct wireless_dev *wdev, |
62 | const u8 *buf, size_t len) | |
63 | { | |
f26cbf40 | 64 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); |
ceca7b71 JB |
65 | |
66 | nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL); | |
67 | cfg80211_sme_rx_auth(wdev, buf, len); | |
68 | } | |
69 | ||
70 | static void cfg80211_process_deauth(struct wireless_dev *wdev, | |
6ff57cf8 | 71 | const u8 *buf, size_t len) |
6039f6d2 | 72 | { |
f26cbf40 | 73 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); |
6829c878 | 74 | struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; |
19957bb3 | 75 | const u8 *bssid = mgmt->bssid; |
ceca7b71 JB |
76 | u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); |
77 | bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); | |
6829c878 | 78 | |
ceca7b71 | 79 | nl80211_send_deauth(rdev, wdev->netdev, buf, len, GFP_KERNEL); |
19957bb3 | 80 | |
ceca7b71 JB |
81 | if (!wdev->current_bss || |
82 | !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) | |
83 | return; | |
6829c878 | 84 | |
ceca7b71 JB |
85 | __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); |
86 | cfg80211_sme_deauth(wdev); | |
667503dd | 87 | } |
6039f6d2 | 88 | |
ceca7b71 | 89 | static void cfg80211_process_disassoc(struct wireless_dev *wdev, |
6ff57cf8 | 90 | const u8 *buf, size_t len) |
6039f6d2 | 91 | { |
f26cbf40 | 92 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); |
6829c878 | 93 | struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; |
19957bb3 | 94 | const u8 *bssid = mgmt->bssid; |
ceca7b71 JB |
95 | u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); |
96 | bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); | |
6829c878 | 97 | |
ceca7b71 | 98 | nl80211_send_disassoc(rdev, wdev->netdev, buf, len, GFP_KERNEL); |
a3b8b056 | 99 | |
ceca7b71 JB |
100 | if (WARN_ON(!wdev->current_bss || |
101 | !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) | |
596a07c1 | 102 | return; |
6829c878 | 103 | |
ceca7b71 JB |
104 | __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); |
105 | cfg80211_sme_disassoc(wdev); | |
667503dd | 106 | } |
1965c853 | 107 | |
6ff57cf8 JB |
108 | void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) |
109 | { | |
110 | struct wireless_dev *wdev = dev->ieee80211_ptr; | |
6ff57cf8 JB |
111 | struct ieee80211_mgmt *mgmt = (void *)buf; |
112 | ||
113 | ASSERT_WDEV_LOCK(wdev); | |
114 | ||
115 | trace_cfg80211_rx_mlme_mgmt(dev, buf, len); | |
116 | ||
117 | if (WARN_ON(len < 2)) | |
118 | return; | |
119 | ||
ceca7b71 JB |
120 | if (ieee80211_is_auth(mgmt->frame_control)) |
121 | cfg80211_process_auth(wdev, buf, len); | |
122 | else if (ieee80211_is_deauth(mgmt->frame_control)) | |
123 | cfg80211_process_deauth(wdev, buf, len); | |
124 | else if (ieee80211_is_disassoc(mgmt->frame_control)) | |
125 | cfg80211_process_disassoc(wdev, buf, len); | |
6ff57cf8 JB |
126 | } |
127 | EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt); | |
128 | ||
129 | void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr) | |
a58ce43f JB |
130 | { |
131 | struct wireless_dev *wdev = dev->ieee80211_ptr; | |
132 | struct wiphy *wiphy = wdev->wiphy; | |
f26cbf40 | 133 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); |
a58ce43f | 134 | |
4ee3e063 | 135 | trace_cfg80211_send_auth_timeout(dev, addr); |
a58ce43f JB |
136 | |
137 | nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL); | |
ceca7b71 | 138 | cfg80211_sme_auth_timeout(wdev); |
1965c853 | 139 | } |
6ff57cf8 | 140 | EXPORT_SYMBOL(cfg80211_auth_timeout); |
1965c853 | 141 | |
959867fa | 142 | void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss) |
1965c853 | 143 | { |
6829c878 JB |
144 | struct wireless_dev *wdev = dev->ieee80211_ptr; |
145 | struct wiphy *wiphy = wdev->wiphy; | |
f26cbf40 | 146 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); |
19957bb3 | 147 | |
959867fa | 148 | trace_cfg80211_send_assoc_timeout(dev, bss->bssid); |
cb0b4beb | 149 | |
959867fa | 150 | nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL); |
ceca7b71 | 151 | cfg80211_sme_assoc_timeout(wdev); |
959867fa | 152 | |
f1940c57 | 153 | cfg80211_unhold_bss(bss_from_pub(bss)); |
959867fa | 154 | cfg80211_put_bss(wiphy, bss); |
1965c853 | 155 | } |
6ff57cf8 JB |
156 | EXPORT_SYMBOL(cfg80211_assoc_timeout); |
157 | ||
e6f462df JB |
158 | void cfg80211_abandon_assoc(struct net_device *dev, struct cfg80211_bss *bss) |
159 | { | |
160 | struct wireless_dev *wdev = dev->ieee80211_ptr; | |
161 | struct wiphy *wiphy = wdev->wiphy; | |
162 | ||
163 | cfg80211_sme_abandon_assoc(wdev); | |
164 | ||
165 | cfg80211_unhold_bss(bss_from_pub(bss)); | |
166 | cfg80211_put_bss(wiphy, bss); | |
167 | } | |
168 | EXPORT_SYMBOL(cfg80211_abandon_assoc); | |
169 | ||
6ff57cf8 JB |
170 | void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) |
171 | { | |
172 | struct wireless_dev *wdev = dev->ieee80211_ptr; | |
173 | struct ieee80211_mgmt *mgmt = (void *)buf; | |
174 | ||
175 | ASSERT_WDEV_LOCK(wdev); | |
176 | ||
177 | trace_cfg80211_tx_mlme_mgmt(dev, buf, len); | |
178 | ||
179 | if (WARN_ON(len < 2)) | |
180 | return; | |
181 | ||
182 | if (ieee80211_is_deauth(mgmt->frame_control)) | |
ceca7b71 | 183 | cfg80211_process_deauth(wdev, buf, len); |
6ff57cf8 | 184 | else |
ceca7b71 | 185 | cfg80211_process_disassoc(wdev, buf, len); |
6ff57cf8 JB |
186 | } |
187 | EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt); | |
1965c853 | 188 | |
a3b8b056 JM |
189 | void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr, |
190 | enum nl80211_key_type key_type, int key_id, | |
e6d6e342 | 191 | const u8 *tsc, gfp_t gfp) |
a3b8b056 JM |
192 | { |
193 | struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; | |
f26cbf40 | 194 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); |
3d23e349 | 195 | #ifdef CONFIG_CFG80211_WEXT |
f58d4ed9 | 196 | union iwreq_data wrqu; |
e6d6e342 | 197 | char *buf = kmalloc(128, gfp); |
f58d4ed9 JB |
198 | |
199 | if (buf) { | |
200 | sprintf(buf, "MLME-MICHAELMICFAILURE.indication(" | |
201 | "keyid=%d %scast addr=%pM)", key_id, | |
202 | key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni", | |
203 | addr); | |
204 | memset(&wrqu, 0, sizeof(wrqu)); | |
205 | wrqu.data.length = strlen(buf); | |
206 | wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); | |
207 | kfree(buf); | |
208 | } | |
209 | #endif | |
210 | ||
4ee3e063 | 211 | trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc); |
e6d6e342 | 212 | nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp); |
a3b8b056 JM |
213 | } |
214 | EXPORT_SYMBOL(cfg80211_michael_mic_failure); | |
19957bb3 JB |
215 | |
216 | /* some MLME handling for userspace SME */ | |
91bf9b26 JB |
217 | int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, |
218 | struct net_device *dev, | |
219 | struct ieee80211_channel *chan, | |
220 | enum nl80211_auth_type auth_type, | |
221 | const u8 *bssid, | |
222 | const u8 *ssid, int ssid_len, | |
223 | const u8 *ie, int ie_len, | |
224 | const u8 *key, int key_len, int key_idx, | |
11b6b5a4 | 225 | const u8 *auth_data, int auth_data_len) |
19957bb3 JB |
226 | { |
227 | struct wireless_dev *wdev = dev->ieee80211_ptr; | |
7ade7036 JB |
228 | struct cfg80211_auth_request req = { |
229 | .ie = ie, | |
230 | .ie_len = ie_len, | |
11b6b5a4 JM |
231 | .auth_data = auth_data, |
232 | .auth_data_len = auth_data_len, | |
7ade7036 JB |
233 | .auth_type = auth_type, |
234 | .key = key, | |
235 | .key_len = key_len, | |
236 | .key_idx = key_idx, | |
237 | }; | |
95de817b | 238 | int err; |
19957bb3 | 239 | |
667503dd JB |
240 | ASSERT_WDEV_LOCK(wdev); |
241 | ||
fffd0934 | 242 | if (auth_type == NL80211_AUTHTYPE_SHARED_KEY) |
b6b5555b | 243 | if (!key || !key_len || key_idx < 0 || key_idx > 3) |
fffd0934 JB |
244 | return -EINVAL; |
245 | ||
0a9b5e17 | 246 | if (wdev->current_bss && |
ac422d3c | 247 | ether_addr_equal(bssid, wdev->current_bss->pub.bssid)) |
0a9b5e17 JB |
248 | return -EALREADY; |
249 | ||
19957bb3 | 250 | req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, |
6eb18137 DL |
251 | IEEE80211_BSS_TYPE_ESS, |
252 | IEEE80211_PRIVACY_ANY); | |
19957bb3 JB |
253 | if (!req.bss) |
254 | return -ENOENT; | |
255 | ||
e35e4d28 | 256 | err = rdev_auth(rdev, dev, &req); |
19957bb3 | 257 | |
5b112d3d | 258 | cfg80211_put_bss(&rdev->wiphy, req.bss); |
19957bb3 JB |
259 | return err; |
260 | } | |
261 | ||
7e7c8926 BG |
262 | /* Do a logical ht_capa &= ht_capa_mask. */ |
263 | void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa, | |
264 | const struct ieee80211_ht_cap *ht_capa_mask) | |
265 | { | |
266 | int i; | |
267 | u8 *p1, *p2; | |
268 | if (!ht_capa_mask) { | |
269 | memset(ht_capa, 0, sizeof(*ht_capa)); | |
270 | return; | |
271 | } | |
272 | ||
273 | p1 = (u8*)(ht_capa); | |
274 | p2 = (u8*)(ht_capa_mask); | |
275 | for (i = 0; i<sizeof(*ht_capa); i++) | |
276 | p1[i] &= p2[i]; | |
277 | } | |
278 | ||
ee2aca34 JB |
279 | /* Do a logical ht_capa &= ht_capa_mask. */ |
280 | void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa, | |
281 | const struct ieee80211_vht_cap *vht_capa_mask) | |
282 | { | |
283 | int i; | |
284 | u8 *p1, *p2; | |
285 | if (!vht_capa_mask) { | |
286 | memset(vht_capa, 0, sizeof(*vht_capa)); | |
287 | return; | |
288 | } | |
289 | ||
290 | p1 = (u8*)(vht_capa); | |
291 | p2 = (u8*)(vht_capa_mask); | |
292 | for (i = 0; i < sizeof(*vht_capa); i++) | |
293 | p1[i] &= p2[i]; | |
294 | } | |
295 | ||
91bf9b26 JB |
296 | int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev, |
297 | struct net_device *dev, | |
298 | struct ieee80211_channel *chan, | |
299 | const u8 *bssid, | |
300 | const u8 *ssid, int ssid_len, | |
301 | struct cfg80211_assoc_request *req) | |
19957bb3 JB |
302 | { |
303 | struct wireless_dev *wdev = dev->ieee80211_ptr; | |
95de817b | 304 | int err; |
19957bb3 | 305 | |
667503dd JB |
306 | ASSERT_WDEV_LOCK(wdev); |
307 | ||
ceca7b71 JB |
308 | if (wdev->current_bss && |
309 | (!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid, | |
310 | req->prev_bssid))) | |
19957bb3 JB |
311 | return -EALREADY; |
312 | ||
f62fab73 | 313 | cfg80211_oper_and_ht_capa(&req->ht_capa_mask, |
7e7c8926 | 314 | rdev->wiphy.ht_capa_mod_mask); |
f62fab73 | 315 | cfg80211_oper_and_vht_capa(&req->vht_capa_mask, |
ee2aca34 | 316 | rdev->wiphy.vht_capa_mod_mask); |
7e7c8926 | 317 | |
f62fab73 | 318 | req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, |
6eb18137 DL |
319 | IEEE80211_BSS_TYPE_ESS, |
320 | IEEE80211_PRIVACY_ANY); | |
ceca7b71 | 321 | if (!req->bss) |
19957bb3 JB |
322 | return -ENOENT; |
323 | ||
f62fab73 | 324 | err = rdev_assoc(rdev, dev, req); |
f1940c57 JB |
325 | if (!err) |
326 | cfg80211_hold_bss(bss_from_pub(req->bss)); | |
73de86a3 | 327 | else |
f62fab73 | 328 | cfg80211_put_bss(&rdev->wiphy, req->bss); |
19957bb3 | 329 | |
19957bb3 JB |
330 | return err; |
331 | } | |
332 | ||
91bf9b26 JB |
333 | int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, |
334 | struct net_device *dev, const u8 *bssid, | |
335 | const u8 *ie, int ie_len, u16 reason, | |
336 | bool local_state_change) | |
19957bb3 JB |
337 | { |
338 | struct wireless_dev *wdev = dev->ieee80211_ptr; | |
95de817b JB |
339 | struct cfg80211_deauth_request req = { |
340 | .bssid = bssid, | |
341 | .reason_code = reason, | |
342 | .ie = ie, | |
343 | .ie_len = ie_len, | |
6863255b | 344 | .local_state_change = local_state_change, |
95de817b | 345 | }; |
19957bb3 | 346 | |
667503dd JB |
347 | ASSERT_WDEV_LOCK(wdev); |
348 | ||
ceca7b71 JB |
349 | if (local_state_change && |
350 | (!wdev->current_bss || | |
351 | !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) | |
95de817b | 352 | return 0; |
19957bb3 | 353 | |
bd2522b1 AZ |
354 | if (ether_addr_equal(wdev->disconnect_bssid, bssid) || |
355 | (wdev->current_bss && | |
356 | ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) | |
357 | wdev->conn_owner_nlportid = 0; | |
358 | ||
e35e4d28 | 359 | return rdev_deauth(rdev, dev, &req); |
19957bb3 JB |
360 | } |
361 | ||
91bf9b26 JB |
362 | int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev, |
363 | struct net_device *dev, const u8 *bssid, | |
364 | const u8 *ie, int ie_len, u16 reason, | |
365 | bool local_state_change) | |
19957bb3 JB |
366 | { |
367 | struct wireless_dev *wdev = dev->ieee80211_ptr; | |
7ade7036 JB |
368 | struct cfg80211_disassoc_request req = { |
369 | .reason_code = reason, | |
370 | .local_state_change = local_state_change, | |
371 | .ie = ie, | |
372 | .ie_len = ie_len, | |
373 | }; | |
ceca7b71 | 374 | int err; |
19957bb3 | 375 | |
667503dd JB |
376 | ASSERT_WDEV_LOCK(wdev); |
377 | ||
ceca7b71 | 378 | if (!wdev->current_bss) |
f9d6b402 JB |
379 | return -ENOTCONN; |
380 | ||
ac422d3c | 381 | if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) |
19957bb3 JB |
382 | req.bss = &wdev->current_bss->pub; |
383 | else | |
384 | return -ENOTCONN; | |
385 | ||
ceca7b71 JB |
386 | err = rdev_disassoc(rdev, dev, &req); |
387 | if (err) | |
388 | return err; | |
389 | ||
390 | /* driver should have reported the disassoc */ | |
391 | WARN_ON(wdev->current_bss); | |
392 | return 0; | |
667503dd JB |
393 | } |
394 | ||
19957bb3 JB |
395 | void cfg80211_mlme_down(struct cfg80211_registered_device *rdev, |
396 | struct net_device *dev) | |
397 | { | |
398 | struct wireless_dev *wdev = dev->ieee80211_ptr; | |
95de817b | 399 | u8 bssid[ETH_ALEN]; |
19957bb3 | 400 | |
667503dd JB |
401 | ASSERT_WDEV_LOCK(wdev); |
402 | ||
19957bb3 JB |
403 | if (!rdev->ops->deauth) |
404 | return; | |
405 | ||
95de817b JB |
406 | if (!wdev->current_bss) |
407 | return; | |
19957bb3 | 408 | |
95de817b | 409 | memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN); |
ceca7b71 JB |
410 | cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0, |
411 | WLAN_REASON_DEAUTH_LEAVING, false); | |
19957bb3 | 412 | } |
9588bbd5 | 413 | |
2e161f78 | 414 | struct cfg80211_mgmt_registration { |
026331c4 | 415 | struct list_head list; |
33d8783c | 416 | struct wireless_dev *wdev; |
026331c4 | 417 | |
15e47304 | 418 | u32 nlportid; |
026331c4 JM |
419 | |
420 | int match_len; | |
421 | ||
2e161f78 JB |
422 | __le16 frame_type; |
423 | ||
026331c4 JM |
424 | u8 match[]; |
425 | }; | |
426 | ||
33d8783c JB |
427 | static void |
428 | cfg80211_process_mlme_unregistrations(struct cfg80211_registered_device *rdev) | |
429 | { | |
430 | struct cfg80211_mgmt_registration *reg; | |
431 | ||
432 | ASSERT_RTNL(); | |
433 | ||
434 | spin_lock_bh(&rdev->mlme_unreg_lock); | |
435 | while ((reg = list_first_entry_or_null(&rdev->mlme_unreg, | |
436 | struct cfg80211_mgmt_registration, | |
437 | list))) { | |
438 | list_del(®->list); | |
439 | spin_unlock_bh(&rdev->mlme_unreg_lock); | |
440 | ||
441 | if (rdev->ops->mgmt_frame_register) { | |
442 | u16 frame_type = le16_to_cpu(reg->frame_type); | |
443 | ||
444 | rdev_mgmt_frame_register(rdev, reg->wdev, | |
445 | frame_type, false); | |
446 | } | |
447 | ||
448 | kfree(reg); | |
449 | ||
450 | spin_lock_bh(&rdev->mlme_unreg_lock); | |
451 | } | |
452 | spin_unlock_bh(&rdev->mlme_unreg_lock); | |
453 | } | |
454 | ||
455 | void cfg80211_mlme_unreg_wk(struct work_struct *wk) | |
456 | { | |
457 | struct cfg80211_registered_device *rdev; | |
458 | ||
459 | rdev = container_of(wk, struct cfg80211_registered_device, | |
460 | mlme_unreg_wk); | |
461 | ||
462 | rtnl_lock(); | |
463 | cfg80211_process_mlme_unregistrations(rdev); | |
464 | rtnl_unlock(); | |
465 | } | |
466 | ||
15e47304 | 467 | int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid, |
2e161f78 JB |
468 | u16 frame_type, const u8 *match_data, |
469 | int match_len) | |
026331c4 | 470 | { |
271733cf | 471 | struct wiphy *wiphy = wdev->wiphy; |
f26cbf40 | 472 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); |
2e161f78 | 473 | struct cfg80211_mgmt_registration *reg, *nreg; |
026331c4 | 474 | int err = 0; |
2e161f78 JB |
475 | u16 mgmt_type; |
476 | ||
477 | if (!wdev->wiphy->mgmt_stypes) | |
478 | return -EOPNOTSUPP; | |
479 | ||
480 | if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) | |
481 | return -EINVAL; | |
482 | ||
483 | if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) | |
484 | return -EINVAL; | |
485 | ||
486 | mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4; | |
487 | if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) | |
488 | return -EINVAL; | |
026331c4 JM |
489 | |
490 | nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL); | |
491 | if (!nreg) | |
492 | return -ENOMEM; | |
493 | ||
2e161f78 | 494 | spin_lock_bh(&wdev->mgmt_registrations_lock); |
026331c4 | 495 | |
2e161f78 | 496 | list_for_each_entry(reg, &wdev->mgmt_registrations, list) { |
026331c4 JM |
497 | int mlen = min(match_len, reg->match_len); |
498 | ||
2e161f78 JB |
499 | if (frame_type != le16_to_cpu(reg->frame_type)) |
500 | continue; | |
501 | ||
026331c4 JM |
502 | if (memcmp(reg->match, match_data, mlen) == 0) { |
503 | err = -EALREADY; | |
504 | break; | |
505 | } | |
506 | } | |
507 | ||
508 | if (err) { | |
509 | kfree(nreg); | |
510 | goto out; | |
511 | } | |
512 | ||
513 | memcpy(nreg->match, match_data, match_len); | |
514 | nreg->match_len = match_len; | |
15e47304 | 515 | nreg->nlportid = snd_portid; |
2e161f78 | 516 | nreg->frame_type = cpu_to_le16(frame_type); |
33d8783c | 517 | nreg->wdev = wdev; |
2e161f78 | 518 | list_add(&nreg->list, &wdev->mgmt_registrations); |
33d8783c JB |
519 | spin_unlock_bh(&wdev->mgmt_registrations_lock); |
520 | ||
521 | /* process all unregistrations to avoid driver confusion */ | |
522 | cfg80211_process_mlme_unregistrations(rdev); | |
026331c4 | 523 | |
271733cf | 524 | if (rdev->ops->mgmt_frame_register) |
e35e4d28 | 525 | rdev_mgmt_frame_register(rdev, wdev, frame_type, true); |
271733cf | 526 | |
33d8783c JB |
527 | return 0; |
528 | ||
026331c4 | 529 | out: |
2e161f78 | 530 | spin_unlock_bh(&wdev->mgmt_registrations_lock); |
271733cf | 531 | |
026331c4 JM |
532 | return err; |
533 | } | |
534 | ||
15e47304 | 535 | void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid) |
026331c4 | 536 | { |
271733cf | 537 | struct wiphy *wiphy = wdev->wiphy; |
f26cbf40 | 538 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); |
2e161f78 | 539 | struct cfg80211_mgmt_registration *reg, *tmp; |
026331c4 | 540 | |
2e161f78 | 541 | spin_lock_bh(&wdev->mgmt_registrations_lock); |
026331c4 | 542 | |
2e161f78 | 543 | list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { |
15e47304 | 544 | if (reg->nlportid != nlportid) |
271733cf JB |
545 | continue; |
546 | ||
271733cf | 547 | list_del(®->list); |
33d8783c JB |
548 | spin_lock(&rdev->mlme_unreg_lock); |
549 | list_add_tail(®->list, &rdev->mlme_unreg); | |
550 | spin_unlock(&rdev->mlme_unreg_lock); | |
551 | ||
552 | schedule_work(&rdev->mlme_unreg_wk); | |
026331c4 JM |
553 | } |
554 | ||
2e161f78 | 555 | spin_unlock_bh(&wdev->mgmt_registrations_lock); |
28946da7 | 556 | |
5de17984 AS |
557 | if (nlportid && rdev->crit_proto_nlportid == nlportid) { |
558 | rdev->crit_proto_nlportid = 0; | |
559 | rdev_crit_proto_stop(rdev, wdev); | |
560 | } | |
561 | ||
15e47304 EB |
562 | if (nlportid == wdev->ap_unexpected_nlportid) |
563 | wdev->ap_unexpected_nlportid = 0; | |
026331c4 JM |
564 | } |
565 | ||
2e161f78 | 566 | void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev) |
026331c4 | 567 | { |
33d8783c | 568 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); |
026331c4 | 569 | |
2e161f78 | 570 | spin_lock_bh(&wdev->mgmt_registrations_lock); |
33d8783c JB |
571 | spin_lock(&rdev->mlme_unreg_lock); |
572 | list_splice_tail_init(&wdev->mgmt_registrations, &rdev->mlme_unreg); | |
573 | spin_unlock(&rdev->mlme_unreg_lock); | |
2e161f78 | 574 | spin_unlock_bh(&wdev->mgmt_registrations_lock); |
33d8783c JB |
575 | |
576 | cfg80211_process_mlme_unregistrations(rdev); | |
026331c4 JM |
577 | } |
578 | ||
2e161f78 | 579 | int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, |
71bbc994 | 580 | struct wireless_dev *wdev, |
b176e629 | 581 | struct cfg80211_mgmt_tx_params *params, u64 *cookie) |
026331c4 | 582 | { |
026331c4 | 583 | const struct ieee80211_mgmt *mgmt; |
2e161f78 JB |
584 | u16 stype; |
585 | ||
586 | if (!wdev->wiphy->mgmt_stypes) | |
587 | return -EOPNOTSUPP; | |
026331c4 | 588 | |
2e161f78 | 589 | if (!rdev->ops->mgmt_tx) |
026331c4 | 590 | return -EOPNOTSUPP; |
2e161f78 | 591 | |
b176e629 | 592 | if (params->len < 24 + 1) |
026331c4 JM |
593 | return -EINVAL; |
594 | ||
b176e629 | 595 | mgmt = (const struct ieee80211_mgmt *)params->buf; |
2e161f78 JB |
596 | |
597 | if (!ieee80211_is_mgmt(mgmt->frame_control)) | |
026331c4 | 598 | return -EINVAL; |
2e161f78 JB |
599 | |
600 | stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; | |
601 | if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4))) | |
602 | return -EINVAL; | |
603 | ||
604 | if (ieee80211_is_action(mgmt->frame_control) && | |
605 | mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { | |
663fcafd JB |
606 | int err = 0; |
607 | ||
fe100acd JB |
608 | wdev_lock(wdev); |
609 | ||
663fcafd JB |
610 | switch (wdev->iftype) { |
611 | case NL80211_IFTYPE_ADHOC: | |
612 | case NL80211_IFTYPE_STATION: | |
613 | case NL80211_IFTYPE_P2P_CLIENT: | |
614 | if (!wdev->current_bss) { | |
615 | err = -ENOTCONN; | |
616 | break; | |
617 | } | |
618 | ||
ac422d3c JP |
619 | if (!ether_addr_equal(wdev->current_bss->pub.bssid, |
620 | mgmt->bssid)) { | |
663fcafd JB |
621 | err = -ENOTCONN; |
622 | break; | |
623 | } | |
624 | ||
625 | /* | |
626 | * check for IBSS DA must be done by driver as | |
627 | * cfg80211 doesn't track the stations | |
628 | */ | |
629 | if (wdev->iftype == NL80211_IFTYPE_ADHOC) | |
630 | break; | |
fe100acd | 631 | |
663fcafd | 632 | /* for station, check that DA is the AP */ |
ac422d3c JP |
633 | if (!ether_addr_equal(wdev->current_bss->pub.bssid, |
634 | mgmt->da)) { | |
663fcafd JB |
635 | err = -ENOTCONN; |
636 | break; | |
637 | } | |
638 | break; | |
639 | case NL80211_IFTYPE_AP: | |
640 | case NL80211_IFTYPE_P2P_GO: | |
641 | case NL80211_IFTYPE_AP_VLAN: | |
98104fde | 642 | if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev))) |
663fcafd JB |
643 | err = -EINVAL; |
644 | break; | |
0778a6a3 | 645 | case NL80211_IFTYPE_MESH_POINT: |
ac422d3c | 646 | if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) { |
0778a6a3 JC |
647 | err = -EINVAL; |
648 | break; | |
649 | } | |
650 | /* | |
651 | * check for mesh DA must be done by driver as | |
652 | * cfg80211 doesn't track the stations | |
653 | */ | |
654 | break; | |
98104fde JB |
655 | case NL80211_IFTYPE_P2P_DEVICE: |
656 | /* | |
657 | * fall through, P2P device only supports | |
658 | * public action frames | |
659 | */ | |
cb3b7d87 | 660 | case NL80211_IFTYPE_NAN: |
663fcafd JB |
661 | default: |
662 | err = -EOPNOTSUPP; | |
663 | break; | |
664 | } | |
fe100acd | 665 | wdev_unlock(wdev); |
663fcafd JB |
666 | |
667 | if (err) | |
668 | return err; | |
026331c4 JM |
669 | } |
670 | ||
ab5bb2d5 | 671 | if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) { |
672 | /* Allow random TA to be used with Public Action frames if the | |
673 | * driver has indicated support for this. Otherwise, only allow | |
674 | * the local address to be used. | |
675 | */ | |
676 | if (!ieee80211_is_action(mgmt->frame_control) || | |
677 | mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) | |
678 | return -EINVAL; | |
679 | if (!wdev->current_bss && | |
680 | !wiphy_ext_feature_isset( | |
681 | &rdev->wiphy, | |
682 | NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA)) | |
683 | return -EINVAL; | |
684 | if (wdev->current_bss && | |
685 | !wiphy_ext_feature_isset( | |
686 | &rdev->wiphy, | |
687 | NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED)) | |
688 | return -EINVAL; | |
689 | } | |
026331c4 JM |
690 | |
691 | /* Transmit the Action frame as requested by user space */ | |
b176e629 | 692 | return rdev_mgmt_tx(rdev, wdev, params, cookie); |
026331c4 JM |
693 | } |
694 | ||
71bbc994 | 695 | bool cfg80211_rx_mgmt(struct wireless_dev *wdev, int freq, int sig_mbm, |
970fdfa8 | 696 | const u8 *buf, size_t len, u32 flags) |
026331c4 | 697 | { |
026331c4 | 698 | struct wiphy *wiphy = wdev->wiphy; |
f26cbf40 | 699 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); |
2e161f78 JB |
700 | struct cfg80211_mgmt_registration *reg; |
701 | const struct ieee80211_txrx_stypes *stypes = | |
702 | &wiphy->mgmt_stypes[wdev->iftype]; | |
703 | struct ieee80211_mgmt *mgmt = (void *)buf; | |
704 | const u8 *data; | |
705 | int data_len; | |
026331c4 | 706 | bool result = false; |
2e161f78 JB |
707 | __le16 ftype = mgmt->frame_control & |
708 | cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE); | |
709 | u16 stype; | |
026331c4 | 710 | |
4ee3e063 | 711 | trace_cfg80211_rx_mgmt(wdev, freq, sig_mbm); |
2e161f78 | 712 | stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4; |
026331c4 | 713 | |
4ee3e063 BL |
714 | if (!(stypes->rx & BIT(stype))) { |
715 | trace_cfg80211_return_bool(false); | |
2e161f78 | 716 | return false; |
4ee3e063 | 717 | } |
026331c4 | 718 | |
2e161f78 JB |
719 | data = buf + ieee80211_hdrlen(mgmt->frame_control); |
720 | data_len = len - ieee80211_hdrlen(mgmt->frame_control); | |
721 | ||
722 | spin_lock_bh(&wdev->mgmt_registrations_lock); | |
723 | ||
724 | list_for_each_entry(reg, &wdev->mgmt_registrations, list) { | |
725 | if (reg->frame_type != ftype) | |
726 | continue; | |
026331c4 | 727 | |
2e161f78 | 728 | if (reg->match_len > data_len) |
026331c4 JM |
729 | continue; |
730 | ||
2e161f78 | 731 | if (memcmp(reg->match, data, reg->match_len)) |
026331c4 JM |
732 | continue; |
733 | ||
734 | /* found match! */ | |
735 | ||
736 | /* Indicate the received Action frame to user space */ | |
15e47304 | 737 | if (nl80211_send_mgmt(rdev, wdev, reg->nlportid, |
804483e9 | 738 | freq, sig_mbm, |
970fdfa8 | 739 | buf, len, flags, GFP_ATOMIC)) |
026331c4 JM |
740 | continue; |
741 | ||
742 | result = true; | |
743 | break; | |
744 | } | |
745 | ||
2e161f78 | 746 | spin_unlock_bh(&wdev->mgmt_registrations_lock); |
026331c4 | 747 | |
4ee3e063 | 748 | trace_cfg80211_return_bool(result); |
026331c4 JM |
749 | return result; |
750 | } | |
2e161f78 | 751 | EXPORT_SYMBOL(cfg80211_rx_mgmt); |
026331c4 | 752 | |
b35a51c7 VT |
753 | void cfg80211_sched_dfs_chan_update(struct cfg80211_registered_device *rdev) |
754 | { | |
755 | cancel_delayed_work(&rdev->dfs_update_channels_wk); | |
756 | queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 0); | |
757 | } | |
758 | ||
04f39047 SW |
759 | void cfg80211_dfs_channels_update_work(struct work_struct *work) |
760 | { | |
a85a7e28 | 761 | struct delayed_work *delayed_work = to_delayed_work(work); |
04f39047 SW |
762 | struct cfg80211_registered_device *rdev; |
763 | struct cfg80211_chan_def chandef; | |
764 | struct ieee80211_supported_band *sband; | |
765 | struct ieee80211_channel *c; | |
766 | struct wiphy *wiphy; | |
767 | bool check_again = false; | |
768 | unsigned long timeout, next_time = 0; | |
b35a51c7 VT |
769 | unsigned long time_dfs_update; |
770 | enum nl80211_radar_event radar_event; | |
04f39047 SW |
771 | int bandid, i; |
772 | ||
04f39047 SW |
773 | rdev = container_of(delayed_work, struct cfg80211_registered_device, |
774 | dfs_update_channels_wk); | |
775 | wiphy = &rdev->wiphy; | |
776 | ||
5fe231e8 | 777 | rtnl_lock(); |
57fbcce3 | 778 | for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) { |
04f39047 SW |
779 | sband = wiphy->bands[bandid]; |
780 | if (!sband) | |
781 | continue; | |
782 | ||
783 | for (i = 0; i < sband->n_channels; i++) { | |
784 | c = &sband->channels[i]; | |
785 | ||
b35a51c7 VT |
786 | if (!(c->flags & IEEE80211_CHAN_RADAR)) |
787 | continue; | |
788 | ||
789 | if (c->dfs_state != NL80211_DFS_UNAVAILABLE && | |
790 | c->dfs_state != NL80211_DFS_AVAILABLE) | |
04f39047 SW |
791 | continue; |
792 | ||
b35a51c7 VT |
793 | if (c->dfs_state == NL80211_DFS_UNAVAILABLE) { |
794 | time_dfs_update = IEEE80211_DFS_MIN_NOP_TIME_MS; | |
795 | radar_event = NL80211_RADAR_NOP_FINISHED; | |
796 | } else { | |
797 | if (regulatory_pre_cac_allowed(wiphy) || | |
798 | cfg80211_any_wiphy_oper_chan(wiphy, c)) | |
799 | continue; | |
800 | ||
801 | time_dfs_update = REG_PRE_CAC_EXPIRY_GRACE_MS; | |
802 | radar_event = NL80211_RADAR_PRE_CAC_EXPIRED; | |
803 | } | |
804 | ||
805 | timeout = c->dfs_state_entered + | |
806 | msecs_to_jiffies(time_dfs_update); | |
04f39047 SW |
807 | |
808 | if (time_after_eq(jiffies, timeout)) { | |
809 | c->dfs_state = NL80211_DFS_USABLE; | |
bbe09bbc MK |
810 | c->dfs_state_entered = jiffies; |
811 | ||
04f39047 SW |
812 | cfg80211_chandef_create(&chandef, c, |
813 | NL80211_CHAN_NO_HT); | |
814 | ||
815 | nl80211_radar_notify(rdev, &chandef, | |
b35a51c7 VT |
816 | radar_event, NULL, |
817 | GFP_ATOMIC); | |
89766727 VT |
818 | |
819 | regulatory_propagate_dfs_state(wiphy, &chandef, | |
820 | c->dfs_state, | |
821 | radar_event); | |
04f39047 SW |
822 | continue; |
823 | } | |
824 | ||
825 | if (!check_again) | |
826 | next_time = timeout - jiffies; | |
827 | else | |
828 | next_time = min(next_time, timeout - jiffies); | |
829 | check_again = true; | |
830 | } | |
831 | } | |
5fe231e8 | 832 | rtnl_unlock(); |
04f39047 SW |
833 | |
834 | /* reschedule if there are other channels waiting to be cleared again */ | |
835 | if (check_again) | |
836 | queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, | |
837 | next_time); | |
838 | } | |
839 | ||
840 | ||
841 | void cfg80211_radar_event(struct wiphy *wiphy, | |
842 | struct cfg80211_chan_def *chandef, | |
843 | gfp_t gfp) | |
844 | { | |
f26cbf40 | 845 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); |
04f39047 SW |
846 | |
847 | trace_cfg80211_radar_event(wiphy, chandef); | |
848 | ||
849 | /* only set the chandef supplied channel to unavailable, in | |
850 | * case the radar is detected on only one of multiple channels | |
851 | * spanned by the chandef. | |
852 | */ | |
853 | cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE); | |
854 | ||
b35a51c7 | 855 | cfg80211_sched_dfs_chan_update(rdev); |
04f39047 SW |
856 | |
857 | nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp); | |
89766727 VT |
858 | |
859 | memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def)); | |
860 | queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk); | |
04f39047 SW |
861 | } |
862 | EXPORT_SYMBOL(cfg80211_radar_event); | |
863 | ||
864 | void cfg80211_cac_event(struct net_device *netdev, | |
d2859df5 | 865 | const struct cfg80211_chan_def *chandef, |
04f39047 SW |
866 | enum nl80211_radar_event event, gfp_t gfp) |
867 | { | |
868 | struct wireless_dev *wdev = netdev->ieee80211_ptr; | |
869 | struct wiphy *wiphy = wdev->wiphy; | |
f26cbf40 | 870 | struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); |
04f39047 SW |
871 | unsigned long timeout; |
872 | ||
873 | trace_cfg80211_cac_event(netdev, event); | |
874 | ||
875 | if (WARN_ON(!wdev->cac_started)) | |
876 | return; | |
877 | ||
9e0e2961 | 878 | if (WARN_ON(!wdev->chandef.chan)) |
04f39047 SW |
879 | return; |
880 | ||
04f39047 SW |
881 | switch (event) { |
882 | case NL80211_RADAR_CAC_FINISHED: | |
883 | timeout = wdev->cac_start_time + | |
31559f35 | 884 | msecs_to_jiffies(wdev->cac_time_ms); |
04f39047 | 885 | WARN_ON(!time_after_eq(jiffies, timeout)); |
d2859df5 | 886 | cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE); |
89766727 VT |
887 | memcpy(&rdev->cac_done_chandef, chandef, |
888 | sizeof(struct cfg80211_chan_def)); | |
889 | queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk); | |
b35a51c7 | 890 | cfg80211_sched_dfs_chan_update(rdev); |
04f39047 SW |
891 | break; |
892 | case NL80211_RADAR_CAC_ABORTED: | |
893 | break; | |
894 | default: | |
895 | WARN_ON(1); | |
896 | return; | |
897 | } | |
898 | wdev->cac_started = false; | |
899 | ||
d2859df5 | 900 | nl80211_radar_notify(rdev, chandef, event, netdev, gfp); |
04f39047 SW |
901 | } |
902 | EXPORT_SYMBOL(cfg80211_cac_event); |