linux/net/wireless/mlme.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * cfg80211 MLME SAP interface
   4 *
   5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
   6 * Copyright (c) 2015           Intel Deutschland GmbH
   7 * Copyright (C) 2019-2020 Intel Corporation
   8 */
   9
  10#include <linux/kernel.h>
  11#include <linux/module.h>
  12#include <linux/etherdevice.h>
  13#include <linux/netdevice.h>
  14#include <linux/nl80211.h>
  15#include <linux/slab.h>
  16#include <linux/wireless.h>
  17#include <net/cfg80211.h>
  18#include <net/iw_handler.h>
  19#include "core.h"
  20#include "nl80211.h"
  21#include "rdev-ops.h"
  22
  23
  24void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss,
  25                            const u8 *buf, size_t len, int uapsd_queues,
  26                            const u8 *req_ies, size_t req_ies_len)
  27{
  28        struct wireless_dev *wdev = dev->ieee80211_ptr;
  29        struct wiphy *wiphy = wdev->wiphy;
  30        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  31        struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
  32        struct cfg80211_connect_resp_params cr;
  33        const u8 *resp_ie = mgmt->u.assoc_resp.variable;
  34        size_t resp_ie_len = len - offsetof(struct ieee80211_mgmt,
  35                                            u.assoc_resp.variable);
  36
  37        if (bss->channel->band == NL80211_BAND_S1GHZ) {
  38                resp_ie = (u8 *)&mgmt->u.s1g_assoc_resp.variable;
  39                resp_ie_len = len - offsetof(struct ieee80211_mgmt,
  40                                             u.s1g_assoc_resp.variable);
  41        }
  42
  43        memset(&cr, 0, sizeof(cr));
  44        cr.status = (int)le16_to_cpu(mgmt->u.assoc_resp.status_code);
  45        cr.bssid = mgmt->bssid;
  46        cr.bss = bss;
  47        cr.req_ie = req_ies;
  48        cr.req_ie_len = req_ies_len;
  49        cr.resp_ie = resp_ie;
  50        cr.resp_ie_len = resp_ie_len;
  51        cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED;
  52
  53        trace_cfg80211_send_rx_assoc(dev, bss);
  54
  55        /*
  56         * This is a bit of a hack, we don't notify userspace of
  57         * a (re-)association reply if we tried to send a reassoc
  58         * and got a reject -- we only try again with an assoc
  59         * frame instead of reassoc.
  60         */
  61        if (cfg80211_sme_rx_assoc_resp(wdev, cr.status)) {
  62                cfg80211_unhold_bss(bss_from_pub(bss));
  63                cfg80211_put_bss(wiphy, bss);
  64                return;
  65        }
  66
  67        nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues,
  68                              req_ies, req_ies_len);
  69        /* update current_bss etc., consumes the bss reference */
  70        __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS);
  71}
  72EXPORT_SYMBOL(cfg80211_rx_assoc_resp);
  73
  74static void cfg80211_process_auth(struct wireless_dev *wdev,
  75                                  const u8 *buf, size_t len)
  76{
  77        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
  78
  79        nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL);
  80        cfg80211_sme_rx_auth(wdev, buf, len);
  81}
  82
  83static void cfg80211_process_deauth(struct wireless_dev *wdev,
  84                                    const u8 *buf, size_t len,
  85                                    bool reconnect)
  86{
  87        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
  88        struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
  89        const u8 *bssid = mgmt->bssid;
  90        u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
  91        bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
  92
  93        nl80211_send_deauth(rdev, wdev->netdev, buf, len, reconnect, GFP_KERNEL);
  94
  95        if (!wdev->current_bss ||
  96            !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
  97                return;
  98
  99        __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
 100        cfg80211_sme_deauth(wdev);
 101}
 102
 103static void cfg80211_process_disassoc(struct wireless_dev *wdev,
 104                                      const u8 *buf, size_t len,
 105                                      bool reconnect)
 106{
 107        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
 108        struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
 109        const u8 *bssid = mgmt->bssid;
 110        u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
 111        bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
 112
 113        nl80211_send_disassoc(rdev, wdev->netdev, buf, len, reconnect,
 114                              GFP_KERNEL);
 115
 116        if (WARN_ON(!wdev->current_bss ||
 117                    !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
 118                return;
 119
 120        __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
 121        cfg80211_sme_disassoc(wdev);
 122}
 123
 124void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len)
 125{
 126        struct wireless_dev *wdev = dev->ieee80211_ptr;
 127        struct ieee80211_mgmt *mgmt = (void *)buf;
 128
 129        ASSERT_WDEV_LOCK(wdev);
 130
 131        trace_cfg80211_rx_mlme_mgmt(dev, buf, len);
 132
 133        if (WARN_ON(len < 2))
 134                return;
 135
 136        if (ieee80211_is_auth(mgmt->frame_control))
 137                cfg80211_process_auth(wdev, buf, len);
 138        else if (ieee80211_is_deauth(mgmt->frame_control))
 139                cfg80211_process_deauth(wdev, buf, len, false);
 140        else if (ieee80211_is_disassoc(mgmt->frame_control))
 141                cfg80211_process_disassoc(wdev, buf, len, false);
 142}
 143EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt);
 144
 145void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr)
 146{
 147        struct wireless_dev *wdev = dev->ieee80211_ptr;
 148        struct wiphy *wiphy = wdev->wiphy;
 149        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 150
 151        trace_cfg80211_send_auth_timeout(dev, addr);
 152
 153        nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL);
 154        cfg80211_sme_auth_timeout(wdev);
 155}
 156EXPORT_SYMBOL(cfg80211_auth_timeout);
 157
 158void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss)
 159{
 160        struct wireless_dev *wdev = dev->ieee80211_ptr;
 161        struct wiphy *wiphy = wdev->wiphy;
 162        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 163
 164        trace_cfg80211_send_assoc_timeout(dev, bss->bssid);
 165
 166        nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL);
 167        cfg80211_sme_assoc_timeout(wdev);
 168
 169        cfg80211_unhold_bss(bss_from_pub(bss));
 170        cfg80211_put_bss(wiphy, bss);
 171}
 172EXPORT_SYMBOL(cfg80211_assoc_timeout);
 173
 174void cfg80211_abandon_assoc(struct net_device *dev, struct cfg80211_bss *bss)
 175{
 176        struct wireless_dev *wdev = dev->ieee80211_ptr;
 177        struct wiphy *wiphy = wdev->wiphy;
 178
 179        cfg80211_sme_abandon_assoc(wdev);
 180
 181        cfg80211_unhold_bss(bss_from_pub(bss));
 182        cfg80211_put_bss(wiphy, bss);
 183}
 184EXPORT_SYMBOL(cfg80211_abandon_assoc);
 185
 186void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len,
 187                           bool reconnect)
 188{
 189        struct wireless_dev *wdev = dev->ieee80211_ptr;
 190        struct ieee80211_mgmt *mgmt = (void *)buf;
 191
 192        ASSERT_WDEV_LOCK(wdev);
 193
 194        trace_cfg80211_tx_mlme_mgmt(dev, buf, len, reconnect);
 195
 196        if (WARN_ON(len < 2))
 197                return;
 198
 199        if (ieee80211_is_deauth(mgmt->frame_control))
 200                cfg80211_process_deauth(wdev, buf, len, reconnect);
 201        else
 202                cfg80211_process_disassoc(wdev, buf, len, reconnect);
 203}
 204EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt);
 205
 206void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr,
 207                                  enum nl80211_key_type key_type, int key_id,
 208                                  const u8 *tsc, gfp_t gfp)
 209{
 210        struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
 211        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 212#ifdef CONFIG_CFG80211_WEXT
 213        union iwreq_data wrqu;
 214        char *buf = kmalloc(128, gfp);
 215
 216        if (buf) {
 217                sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
 218                        "keyid=%d %scast addr=%pM)", key_id,
 219                        key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni",
 220                        addr);
 221                memset(&wrqu, 0, sizeof(wrqu));
 222                wrqu.data.length = strlen(buf);
 223                wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
 224                kfree(buf);
 225        }
 226#endif
 227
 228        trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc);
 229        nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp);
 230}
 231EXPORT_SYMBOL(cfg80211_michael_mic_failure);
 232
 233/* some MLME handling for userspace SME */
 234int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
 235                       struct net_device *dev,
 236                       struct ieee80211_channel *chan,
 237                       enum nl80211_auth_type auth_type,
 238                       const u8 *bssid,
 239                       const u8 *ssid, int ssid_len,
 240                       const u8 *ie, int ie_len,
 241                       const u8 *key, int key_len, int key_idx,
 242                       const u8 *auth_data, int auth_data_len)
 243{
 244        struct wireless_dev *wdev = dev->ieee80211_ptr;
 245        struct cfg80211_auth_request req = {
 246                .ie = ie,
 247                .ie_len = ie_len,
 248                .auth_data = auth_data,
 249                .auth_data_len = auth_data_len,
 250                .auth_type = auth_type,
 251                .key = key,
 252                .key_len = key_len,
 253                .key_idx = key_idx,
 254        };
 255        int err;
 256
 257        ASSERT_WDEV_LOCK(wdev);
 258
 259        if (auth_type == NL80211_AUTHTYPE_SHARED_KEY)
 260                if (!key || !key_len || key_idx < 0 || key_idx > 3)
 261                        return -EINVAL;
 262
 263        if (wdev->current_bss &&
 264            ether_addr_equal(bssid, wdev->current_bss->pub.bssid))
 265                return -EALREADY;
 266
 267        req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
 268                                   IEEE80211_BSS_TYPE_ESS,
 269                                   IEEE80211_PRIVACY_ANY);
 270        if (!req.bss)
 271                return -ENOENT;
 272
 273        err = rdev_auth(rdev, dev, &req);
 274
 275        cfg80211_put_bss(&rdev->wiphy, req.bss);
 276        return err;
 277}
 278
 279/*  Do a logical ht_capa &= ht_capa_mask.  */
 280void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa,
 281                               const struct ieee80211_ht_cap *ht_capa_mask)
 282{
 283        int i;
 284        u8 *p1, *p2;
 285        if (!ht_capa_mask) {
 286                memset(ht_capa, 0, sizeof(*ht_capa));
 287                return;
 288        }
 289
 290        p1 = (u8*)(ht_capa);
 291        p2 = (u8*)(ht_capa_mask);
 292        for (i = 0; i < sizeof(*ht_capa); i++)
 293                p1[i] &= p2[i];
 294}
 295
 296/*  Do a logical vht_capa &= vht_capa_mask.  */
 297void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa,
 298                                const struct ieee80211_vht_cap *vht_capa_mask)
 299{
 300        int i;
 301        u8 *p1, *p2;
 302        if (!vht_capa_mask) {
 303                memset(vht_capa, 0, sizeof(*vht_capa));
 304                return;
 305        }
 306
 307        p1 = (u8*)(vht_capa);
 308        p2 = (u8*)(vht_capa_mask);
 309        for (i = 0; i < sizeof(*vht_capa); i++)
 310                p1[i] &= p2[i];
 311}
 312
 313int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
 314                        struct net_device *dev,
 315                        struct ieee80211_channel *chan,
 316                        const u8 *bssid,
 317                        const u8 *ssid, int ssid_len,
 318                        struct cfg80211_assoc_request *req)
 319{
 320        struct wireless_dev *wdev = dev->ieee80211_ptr;
 321        int err;
 322
 323        ASSERT_WDEV_LOCK(wdev);
 324
 325        if (wdev->current_bss &&
 326            (!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid,
 327                                                   req->prev_bssid)))
 328                return -EALREADY;
 329
 330        cfg80211_oper_and_ht_capa(&req->ht_capa_mask,
 331                                  rdev->wiphy.ht_capa_mod_mask);
 332        cfg80211_oper_and_vht_capa(&req->vht_capa_mask,
 333                                   rdev->wiphy.vht_capa_mod_mask);
 334
 335        req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
 336                                    IEEE80211_BSS_TYPE_ESS,
 337                                    IEEE80211_PRIVACY_ANY);
 338        if (!req->bss)
 339                return -ENOENT;
 340
 341        err = rdev_assoc(rdev, dev, req);
 342        if (!err)
 343                cfg80211_hold_bss(bss_from_pub(req->bss));
 344        else
 345                cfg80211_put_bss(&rdev->wiphy, req->bss);
 346
 347        return err;
 348}
 349
 350int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
 351                         struct net_device *dev, const u8 *bssid,
 352                         const u8 *ie, int ie_len, u16 reason,
 353                         bool local_state_change)
 354{
 355        struct wireless_dev *wdev = dev->ieee80211_ptr;
 356        struct cfg80211_deauth_request req = {
 357                .bssid = bssid,
 358                .reason_code = reason,
 359                .ie = ie,
 360                .ie_len = ie_len,
 361                .local_state_change = local_state_change,
 362        };
 363
 364        ASSERT_WDEV_LOCK(wdev);
 365
 366        if (local_state_change &&
 367            (!wdev->current_bss ||
 368             !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
 369                return 0;
 370
 371        if (ether_addr_equal(wdev->disconnect_bssid, bssid) ||
 372            (wdev->current_bss &&
 373             ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
 374                wdev->conn_owner_nlportid = 0;
 375
 376        return rdev_deauth(rdev, dev, &req);
 377}
 378
 379int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
 380                           struct net_device *dev, const u8 *bssid,
 381                           const u8 *ie, int ie_len, u16 reason,
 382                           bool local_state_change)
 383{
 384        struct wireless_dev *wdev = dev->ieee80211_ptr;
 385        struct cfg80211_disassoc_request req = {
 386                .reason_code = reason,
 387                .local_state_change = local_state_change,
 388                .ie = ie,
 389                .ie_len = ie_len,
 390        };
 391        int err;
 392
 393        ASSERT_WDEV_LOCK(wdev);
 394
 395        if (!wdev->current_bss)
 396                return -ENOTCONN;
 397
 398        if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
 399                req.bss = &wdev->current_bss->pub;
 400        else
 401                return -ENOTCONN;
 402
 403        err = rdev_disassoc(rdev, dev, &req);
 404        if (err)
 405                return err;
 406
 407        /* driver should have reported the disassoc */
 408        WARN_ON(wdev->current_bss);
 409        return 0;
 410}
 411
 412void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,
 413                        struct net_device *dev)
 414{
 415        struct wireless_dev *wdev = dev->ieee80211_ptr;
 416        u8 bssid[ETH_ALEN];
 417
 418        ASSERT_WDEV_LOCK(wdev);
 419
 420        if (!rdev->ops->deauth)
 421                return;
 422
 423        if (!wdev->current_bss)
 424                return;
 425
 426        memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN);
 427        cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
 428                             WLAN_REASON_DEAUTH_LEAVING, false);
 429}
 430
 431struct cfg80211_mgmt_registration {
 432        struct list_head list;
 433        struct wireless_dev *wdev;
 434
 435        u32 nlportid;
 436
 437        int match_len;
 438
 439        __le16 frame_type;
 440
 441        bool multicast_rx;
 442
 443        u8 match[];
 444};
 445
 446static void cfg80211_mgmt_registrations_update(struct wireless_dev *wdev)
 447{
 448        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
 449        struct wireless_dev *tmp;
 450        struct cfg80211_mgmt_registration *reg;
 451        struct mgmt_frame_regs upd = {};
 452
 453        lockdep_assert_held(&rdev->wiphy.mtx);
 454
 455        spin_lock_bh(&wdev->mgmt_registrations_lock);
 456        if (!wdev->mgmt_registrations_need_update) {
 457                spin_unlock_bh(&wdev->mgmt_registrations_lock);
 458                return;
 459        }
 460
 461        rcu_read_lock();
 462        list_for_each_entry_rcu(tmp, &rdev->wiphy.wdev_list, list) {
 463                list_for_each_entry(reg, &tmp->mgmt_registrations, list) {
 464                        u32 mask = BIT(le16_to_cpu(reg->frame_type) >> 4);
 465                        u32 mcast_mask = 0;
 466
 467                        if (reg->multicast_rx)
 468                                mcast_mask = mask;
 469
 470                        upd.global_stypes |= mask;
 471                        upd.global_mcast_stypes |= mcast_mask;
 472
 473                        if (tmp == wdev) {
 474                                upd.interface_stypes |= mask;
 475                                upd.interface_mcast_stypes |= mcast_mask;
 476                        }
 477                }
 478        }
 479        rcu_read_unlock();
 480
 481        wdev->mgmt_registrations_need_update = 0;
 482        spin_unlock_bh(&wdev->mgmt_registrations_lock);
 483
 484        rdev_update_mgmt_frame_registrations(rdev, wdev, &upd);
 485}
 486
 487void cfg80211_mgmt_registrations_update_wk(struct work_struct *wk)
 488{
 489        struct cfg80211_registered_device *rdev;
 490        struct wireless_dev *wdev;
 491
 492        rdev = container_of(wk, struct cfg80211_registered_device,
 493                            mgmt_registrations_update_wk);
 494
 495        wiphy_lock(&rdev->wiphy);
 496        list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list)
 497                cfg80211_mgmt_registrations_update(wdev);
 498        wiphy_unlock(&rdev->wiphy);
 499}
 500
 501int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid,
 502                                u16 frame_type, const u8 *match_data,
 503                                int match_len, bool multicast_rx,
 504                                struct netlink_ext_ack *extack)
 505{
 506        struct cfg80211_mgmt_registration *reg, *nreg;
 507        int err = 0;
 508        u16 mgmt_type;
 509        bool update_multicast = false;
 510
 511        if (!wdev->wiphy->mgmt_stypes)
 512                return -EOPNOTSUPP;
 513
 514        if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) {
 515                NL_SET_ERR_MSG(extack, "frame type not management");
 516                return -EINVAL;
 517        }
 518
 519        if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) {
 520                NL_SET_ERR_MSG(extack, "Invalid frame type");
 521                return -EINVAL;
 522        }
 523
 524        mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4;
 525        if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) {
 526                NL_SET_ERR_MSG(extack,
 527                               "Registration to specific type not supported");
 528                return -EINVAL;
 529        }
 530
 531        /*
 532         * To support Pre Association Security Negotiation (PASN), registration
 533         * for authentication frames should be supported. However, as some
 534         * versions of the user space daemons wrongly register to all types of
 535         * authentication frames (which might result in unexpected behavior)
 536         * allow such registration if the request is for a specific
 537         * authentication algorithm number.
 538         */
 539        if (wdev->iftype == NL80211_IFTYPE_STATION &&
 540            (frame_type & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_AUTH &&
 541            !(match_data && match_len >= 2)) {
 542                NL_SET_ERR_MSG(extack,
 543                               "Authentication algorithm number required");
 544                return -EINVAL;
 545        }
 546
 547        nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL);
 548        if (!nreg)
 549                return -ENOMEM;
 550
 551        spin_lock_bh(&wdev->mgmt_registrations_lock);
 552
 553        list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
 554                int mlen = min(match_len, reg->match_len);
 555
 556                if (frame_type != le16_to_cpu(reg->frame_type))
 557                        continue;
 558
 559                if (memcmp(reg->match, match_data, mlen) == 0) {
 560                        if (reg->multicast_rx != multicast_rx) {
 561                                update_multicast = true;
 562                                reg->multicast_rx = multicast_rx;
 563                                break;
 564                        }
 565                        NL_SET_ERR_MSG(extack, "Match already configured");
 566                        err = -EALREADY;
 567                        break;
 568                }
 569        }
 570
 571        if (err)
 572                goto out;
 573
 574        if (update_multicast) {
 575                kfree(nreg);
 576        } else {
 577                memcpy(nreg->match, match_data, match_len);
 578                nreg->match_len = match_len;
 579                nreg->nlportid = snd_portid;
 580                nreg->frame_type = cpu_to_le16(frame_type);
 581                nreg->wdev = wdev;
 582                nreg->multicast_rx = multicast_rx;
 583                list_add(&nreg->list, &wdev->mgmt_registrations);
 584        }
 585        wdev->mgmt_registrations_need_update = 1;
 586        spin_unlock_bh(&wdev->mgmt_registrations_lock);
 587
 588        cfg80211_mgmt_registrations_update(wdev);
 589
 590        return 0;
 591
 592 out:
 593        kfree(nreg);
 594        spin_unlock_bh(&wdev->mgmt_registrations_lock);
 595
 596        return err;
 597}
 598
 599void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid)
 600{
 601        struct wiphy *wiphy = wdev->wiphy;
 602        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 603        struct cfg80211_mgmt_registration *reg, *tmp;
 604
 605        spin_lock_bh(&wdev->mgmt_registrations_lock);
 606
 607        list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
 608                if (reg->nlportid != nlportid)
 609                        continue;
 610
 611                list_del(&reg->list);
 612                kfree(reg);
 613
 614                wdev->mgmt_registrations_need_update = 1;
 615                schedule_work(&rdev->mgmt_registrations_update_wk);
 616        }
 617
 618        spin_unlock_bh(&wdev->mgmt_registrations_lock);
 619
 620        if (nlportid && rdev->crit_proto_nlportid == nlportid) {
 621                rdev->crit_proto_nlportid = 0;
 622                rdev_crit_proto_stop(rdev, wdev);
 623        }
 624
 625        if (nlportid == wdev->ap_unexpected_nlportid)
 626                wdev->ap_unexpected_nlportid = 0;
 627}
 628
 629void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev)
 630{
 631        struct cfg80211_mgmt_registration *reg, *tmp;
 632
 633        spin_lock_bh(&wdev->mgmt_registrations_lock);
 634        list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
 635                list_del(&reg->list);
 636                kfree(reg);
 637        }
 638        wdev->mgmt_registrations_need_update = 1;
 639        spin_unlock_bh(&wdev->mgmt_registrations_lock);
 640
 641        cfg80211_mgmt_registrations_update(wdev);
 642}
 643
 644int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
 645                          struct wireless_dev *wdev,
 646                          struct cfg80211_mgmt_tx_params *params, u64 *cookie)
 647{
 648        const struct ieee80211_mgmt *mgmt;
 649        u16 stype;
 650
 651        if (!wdev->wiphy->mgmt_stypes)
 652                return -EOPNOTSUPP;
 653
 654        if (!rdev->ops->mgmt_tx)
 655                return -EOPNOTSUPP;
 656
 657        if (params->len < 24 + 1)
 658                return -EINVAL;
 659
 660        mgmt = (const struct ieee80211_mgmt *)params->buf;
 661
 662        if (!ieee80211_is_mgmt(mgmt->frame_control))
 663                return -EINVAL;
 664
 665        stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
 666        if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4)))
 667                return -EINVAL;
 668
 669        if (ieee80211_is_action(mgmt->frame_control) &&
 670            mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
 671                int err = 0;
 672
 673                wdev_lock(wdev);
 674
 675                switch (wdev->iftype) {
 676                case NL80211_IFTYPE_ADHOC:
 677                case NL80211_IFTYPE_STATION:
 678                case NL80211_IFTYPE_P2P_CLIENT:
 679                        if (!wdev->current_bss) {
 680                                err = -ENOTCONN;
 681                                break;
 682                        }
 683
 684                        if (!ether_addr_equal(wdev->current_bss->pub.bssid,
 685                                              mgmt->bssid)) {
 686                                err = -ENOTCONN;
 687                                break;
 688                        }
 689
 690                        /*
 691                         * check for IBSS DA must be done by driver as
 692                         * cfg80211 doesn't track the stations
 693                         */
 694                        if (wdev->iftype == NL80211_IFTYPE_ADHOC)
 695                                break;
 696
 697                        /* for station, check that DA is the AP */
 698                        if (!ether_addr_equal(wdev->current_bss->pub.bssid,
 699                                              mgmt->da)) {
 700                                err = -ENOTCONN;
 701                                break;
 702                        }
 703                        break;
 704                case NL80211_IFTYPE_AP:
 705                case NL80211_IFTYPE_P2P_GO:
 706                case NL80211_IFTYPE_AP_VLAN:
 707                        if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev)))
 708                                err = -EINVAL;
 709                        break;
 710                case NL80211_IFTYPE_MESH_POINT:
 711                        if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) {
 712                                err = -EINVAL;
 713                                break;
 714                        }
 715                        /*
 716                         * check for mesh DA must be done by driver as
 717                         * cfg80211 doesn't track the stations
 718                         */
 719                        break;
 720                case NL80211_IFTYPE_P2P_DEVICE:
 721                        /*
 722                         * fall through, P2P device only supports
 723                         * public action frames
 724                         */
 725                case NL80211_IFTYPE_NAN:
 726                default:
 727                        err = -EOPNOTSUPP;
 728                        break;
 729                }
 730                wdev_unlock(wdev);
 731
 732                if (err)
 733                        return err;
 734        }
 735
 736        if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) {
 737                /* Allow random TA to be used with Public Action frames if the
 738                 * driver has indicated support for this. Otherwise, only allow
 739                 * the local address to be used.
 740                 */
 741                if (!ieee80211_is_action(mgmt->frame_control) ||
 742                    mgmt->u.action.category != WLAN_CATEGORY_PUBLIC)
 743                        return -EINVAL;
 744                if (!wdev->current_bss &&
 745                    !wiphy_ext_feature_isset(
 746                            &rdev->wiphy,
 747                            NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA))
 748                        return -EINVAL;
 749                if (wdev->current_bss &&
 750                    !wiphy_ext_feature_isset(
 751                            &rdev->wiphy,
 752                            NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED))
 753                        return -EINVAL;
 754        }
 755
 756        /* Transmit the Action frame as requested by user space */
 757        return rdev_mgmt_tx(rdev, wdev, params, cookie);
 758}
 759
 760bool cfg80211_rx_mgmt_khz(struct wireless_dev *wdev, int freq, int sig_dbm,
 761                          const u8 *buf, size_t len, u32 flags)
 762{
 763        struct wiphy *wiphy = wdev->wiphy;
 764        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 765        struct cfg80211_mgmt_registration *reg;
 766        const struct ieee80211_txrx_stypes *stypes =
 767                &wiphy->mgmt_stypes[wdev->iftype];
 768        struct ieee80211_mgmt *mgmt = (void *)buf;
 769        const u8 *data;
 770        int data_len;
 771        bool result = false;
 772        __le16 ftype = mgmt->frame_control &
 773                cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE);
 774        u16 stype;
 775
 776        trace_cfg80211_rx_mgmt(wdev, freq, sig_dbm);
 777        stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4;
 778
 779        if (!(stypes->rx & BIT(stype))) {
 780                trace_cfg80211_return_bool(false);
 781                return false;
 782        }
 783
 784        data = buf + ieee80211_hdrlen(mgmt->frame_control);
 785        data_len = len - ieee80211_hdrlen(mgmt->frame_control);
 786
 787        spin_lock_bh(&wdev->mgmt_registrations_lock);
 788
 789        list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
 790                if (reg->frame_type != ftype)
 791                        continue;
 792
 793                if (reg->match_len > data_len)
 794                        continue;
 795
 796                if (memcmp(reg->match, data, reg->match_len))
 797                        continue;
 798
 799                /* found match! */
 800
 801                /* Indicate the received Action frame to user space */
 802                if (nl80211_send_mgmt(rdev, wdev, reg->nlportid,
 803                                      freq, sig_dbm,
 804                                      buf, len, flags, GFP_ATOMIC))
 805                        continue;
 806
 807                result = true;
 808                break;
 809        }
 810
 811        spin_unlock_bh(&wdev->mgmt_registrations_lock);
 812
 813        trace_cfg80211_return_bool(result);
 814        return result;
 815}
 816EXPORT_SYMBOL(cfg80211_rx_mgmt_khz);
 817
 818void cfg80211_sched_dfs_chan_update(struct cfg80211_registered_device *rdev)
 819{
 820        cancel_delayed_work(&rdev->dfs_update_channels_wk);
 821        queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 0);
 822}
 823
 824void cfg80211_dfs_channels_update_work(struct work_struct *work)
 825{
 826        struct delayed_work *delayed_work = to_delayed_work(work);
 827        struct cfg80211_registered_device *rdev;
 828        struct cfg80211_chan_def chandef;
 829        struct ieee80211_supported_band *sband;
 830        struct ieee80211_channel *c;
 831        struct wiphy *wiphy;
 832        bool check_again = false;
 833        unsigned long timeout, next_time = 0;
 834        unsigned long time_dfs_update;
 835        enum nl80211_radar_event radar_event;
 836        int bandid, i;
 837
 838        rdev = container_of(delayed_work, struct cfg80211_registered_device,
 839                            dfs_update_channels_wk);
 840        wiphy = &rdev->wiphy;
 841
 842        rtnl_lock();
 843        for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) {
 844                sband = wiphy->bands[bandid];
 845                if (!sband)
 846                        continue;
 847
 848                for (i = 0; i < sband->n_channels; i++) {
 849                        c = &sband->channels[i];
 850
 851                        if (!(c->flags & IEEE80211_CHAN_RADAR))
 852                                continue;
 853
 854                        if (c->dfs_state != NL80211_DFS_UNAVAILABLE &&
 855                            c->dfs_state != NL80211_DFS_AVAILABLE)
 856                                continue;
 857
 858                        if (c->dfs_state == NL80211_DFS_UNAVAILABLE) {
 859                                time_dfs_update = IEEE80211_DFS_MIN_NOP_TIME_MS;
 860                                radar_event = NL80211_RADAR_NOP_FINISHED;
 861                        } else {
 862                                if (regulatory_pre_cac_allowed(wiphy) ||
 863                                    cfg80211_any_wiphy_oper_chan(wiphy, c))
 864                                        continue;
 865
 866                                time_dfs_update = REG_PRE_CAC_EXPIRY_GRACE_MS;
 867                                radar_event = NL80211_RADAR_PRE_CAC_EXPIRED;
 868                        }
 869
 870                        timeout = c->dfs_state_entered +
 871                                  msecs_to_jiffies(time_dfs_update);
 872
 873                        if (time_after_eq(jiffies, timeout)) {
 874                                c->dfs_state = NL80211_DFS_USABLE;
 875                                c->dfs_state_entered = jiffies;
 876
 877                                cfg80211_chandef_create(&chandef, c,
 878                                                        NL80211_CHAN_NO_HT);
 879
 880                                nl80211_radar_notify(rdev, &chandef,
 881                                                     radar_event, NULL,
 882                                                     GFP_ATOMIC);
 883
 884                                regulatory_propagate_dfs_state(wiphy, &chandef,
 885                                                               c->dfs_state,
 886                                                               radar_event);
 887                                continue;
 888                        }
 889
 890                        if (!check_again)
 891                                next_time = timeout - jiffies;
 892                        else
 893                                next_time = min(next_time, timeout - jiffies);
 894                        check_again = true;
 895                }
 896        }
 897        rtnl_unlock();
 898
 899        /* reschedule if there are other channels waiting to be cleared again */
 900        if (check_again)
 901                queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk,
 902                                   next_time);
 903}
 904
 905
 906void cfg80211_radar_event(struct wiphy *wiphy,
 907                          struct cfg80211_chan_def *chandef,
 908                          gfp_t gfp)
 909{
 910        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 911
 912        trace_cfg80211_radar_event(wiphy, chandef);
 913
 914        /* only set the chandef supplied channel to unavailable, in
 915         * case the radar is detected on only one of multiple channels
 916         * spanned by the chandef.
 917         */
 918        cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE);
 919
 920        cfg80211_sched_dfs_chan_update(rdev);
 921
 922        nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp);
 923
 924        memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def));
 925        queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
 926}
 927EXPORT_SYMBOL(cfg80211_radar_event);
 928
 929void cfg80211_cac_event(struct net_device *netdev,
 930                        const struct cfg80211_chan_def *chandef,
 931                        enum nl80211_radar_event event, gfp_t gfp)
 932{
 933        struct wireless_dev *wdev = netdev->ieee80211_ptr;
 934        struct wiphy *wiphy = wdev->wiphy;
 935        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 936        unsigned long timeout;
 937
 938        trace_cfg80211_cac_event(netdev, event);
 939
 940        if (WARN_ON(!wdev->cac_started && event != NL80211_RADAR_CAC_STARTED))
 941                return;
 942
 943        if (WARN_ON(!wdev->chandef.chan))
 944                return;
 945
 946        switch (event) {
 947        case NL80211_RADAR_CAC_FINISHED:
 948                timeout = wdev->cac_start_time +
 949                          msecs_to_jiffies(wdev->cac_time_ms);
 950                WARN_ON(!time_after_eq(jiffies, timeout));
 951                cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
 952                memcpy(&rdev->cac_done_chandef, chandef,
 953                       sizeof(struct cfg80211_chan_def));
 954                queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk);
 955                cfg80211_sched_dfs_chan_update(rdev);
 956                fallthrough;
 957        case NL80211_RADAR_CAC_ABORTED:
 958                wdev->cac_started = false;
 959                break;
 960        case NL80211_RADAR_CAC_STARTED:
 961                wdev->cac_started = true;
 962                break;
 963        default:
 964                WARN_ON(1);
 965                return;
 966        }
 967
 968        nl80211_radar_notify(rdev, chandef, event, netdev, gfp);
 969}
 970EXPORT_SYMBOL(cfg80211_cac_event);
 971