1
2
3
4
5
6
7
8
9
10#include <linux/kernel.h>
11#include <linux/module.h>
12#include <linux/etherdevice.h>
13#include <linux/netdevice.h>
14#include <linux/nl80211.h>
15#include <linux/slab.h>
16#include <linux/wireless.h>
17#include <net/cfg80211.h>
18#include <net/iw_handler.h>
19#include "core.h"
20#include "nl80211.h"
21#include "rdev-ops.h"
22
23
24void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss,
25 const u8 *buf, size_t len, int uapsd_queues,
26 const u8 *req_ies, size_t req_ies_len)
27{
28 struct wireless_dev *wdev = dev->ieee80211_ptr;
29 struct wiphy *wiphy = wdev->wiphy;
30 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
31 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
32 struct cfg80211_connect_resp_params cr;
33 const u8 *resp_ie = mgmt->u.assoc_resp.variable;
34 size_t resp_ie_len = len - offsetof(struct ieee80211_mgmt,
35 u.assoc_resp.variable);
36
37 if (bss->channel->band == NL80211_BAND_S1GHZ) {
38 resp_ie = (u8 *)&mgmt->u.s1g_assoc_resp.variable;
39 resp_ie_len = len - offsetof(struct ieee80211_mgmt,
40 u.s1g_assoc_resp.variable);
41 }
42
43 memset(&cr, 0, sizeof(cr));
44 cr.status = (int)le16_to_cpu(mgmt->u.assoc_resp.status_code);
45 cr.bssid = mgmt->bssid;
46 cr.bss = bss;
47 cr.req_ie = req_ies;
48 cr.req_ie_len = req_ies_len;
49 cr.resp_ie = resp_ie;
50 cr.resp_ie_len = resp_ie_len;
51 cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED;
52
53 trace_cfg80211_send_rx_assoc(dev, bss);
54
55
56
57
58
59
60
61 if (cfg80211_sme_rx_assoc_resp(wdev, cr.status)) {
62 cfg80211_unhold_bss(bss_from_pub(bss));
63 cfg80211_put_bss(wiphy, bss);
64 return;
65 }
66
67 nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues,
68 req_ies, req_ies_len);
69
70 __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS);
71}
72EXPORT_SYMBOL(cfg80211_rx_assoc_resp);
73
74static void cfg80211_process_auth(struct wireless_dev *wdev,
75 const u8 *buf, size_t len)
76{
77 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
78
79 nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL);
80 cfg80211_sme_rx_auth(wdev, buf, len);
81}
82
83static void cfg80211_process_deauth(struct wireless_dev *wdev,
84 const u8 *buf, size_t len,
85 bool reconnect)
86{
87 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
88 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
89 const u8 *bssid = mgmt->bssid;
90 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
91 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
92
93 nl80211_send_deauth(rdev, wdev->netdev, buf, len, reconnect, GFP_KERNEL);
94
95 if (!wdev->current_bss ||
96 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
97 return;
98
99 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
100 cfg80211_sme_deauth(wdev);
101}
102
103static void cfg80211_process_disassoc(struct wireless_dev *wdev,
104 const u8 *buf, size_t len,
105 bool reconnect)
106{
107 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
108 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
109 const u8 *bssid = mgmt->bssid;
110 u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
111 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
112
113 nl80211_send_disassoc(rdev, wdev->netdev, buf, len, reconnect,
114 GFP_KERNEL);
115
116 if (WARN_ON(!wdev->current_bss ||
117 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
118 return;
119
120 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
121 cfg80211_sme_disassoc(wdev);
122}
123
124void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len)
125{
126 struct wireless_dev *wdev = dev->ieee80211_ptr;
127 struct ieee80211_mgmt *mgmt = (void *)buf;
128
129 ASSERT_WDEV_LOCK(wdev);
130
131 trace_cfg80211_rx_mlme_mgmt(dev, buf, len);
132
133 if (WARN_ON(len < 2))
134 return;
135
136 if (ieee80211_is_auth(mgmt->frame_control))
137 cfg80211_process_auth(wdev, buf, len);
138 else if (ieee80211_is_deauth(mgmt->frame_control))
139 cfg80211_process_deauth(wdev, buf, len, false);
140 else if (ieee80211_is_disassoc(mgmt->frame_control))
141 cfg80211_process_disassoc(wdev, buf, len, false);
142}
143EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt);
144
145void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr)
146{
147 struct wireless_dev *wdev = dev->ieee80211_ptr;
148 struct wiphy *wiphy = wdev->wiphy;
149 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
150
151 trace_cfg80211_send_auth_timeout(dev, addr);
152
153 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL);
154 cfg80211_sme_auth_timeout(wdev);
155}
156EXPORT_SYMBOL(cfg80211_auth_timeout);
157
158void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss)
159{
160 struct wireless_dev *wdev = dev->ieee80211_ptr;
161 struct wiphy *wiphy = wdev->wiphy;
162 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
163
164 trace_cfg80211_send_assoc_timeout(dev, bss->bssid);
165
166 nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL);
167 cfg80211_sme_assoc_timeout(wdev);
168
169 cfg80211_unhold_bss(bss_from_pub(bss));
170 cfg80211_put_bss(wiphy, bss);
171}
172EXPORT_SYMBOL(cfg80211_assoc_timeout);
173
174void cfg80211_abandon_assoc(struct net_device *dev, struct cfg80211_bss *bss)
175{
176 struct wireless_dev *wdev = dev->ieee80211_ptr;
177 struct wiphy *wiphy = wdev->wiphy;
178
179 cfg80211_sme_abandon_assoc(wdev);
180
181 cfg80211_unhold_bss(bss_from_pub(bss));
182 cfg80211_put_bss(wiphy, bss);
183}
184EXPORT_SYMBOL(cfg80211_abandon_assoc);
185
186void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len,
187 bool reconnect)
188{
189 struct wireless_dev *wdev = dev->ieee80211_ptr;
190 struct ieee80211_mgmt *mgmt = (void *)buf;
191
192 ASSERT_WDEV_LOCK(wdev);
193
194 trace_cfg80211_tx_mlme_mgmt(dev, buf, len, reconnect);
195
196 if (WARN_ON(len < 2))
197 return;
198
199 if (ieee80211_is_deauth(mgmt->frame_control))
200 cfg80211_process_deauth(wdev, buf, len, reconnect);
201 else
202 cfg80211_process_disassoc(wdev, buf, len, reconnect);
203}
204EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt);
205
206void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr,
207 enum nl80211_key_type key_type, int key_id,
208 const u8 *tsc, gfp_t gfp)
209{
210 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
211 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
212#ifdef CONFIG_CFG80211_WEXT
213 union iwreq_data wrqu;
214 char *buf = kmalloc(128, gfp);
215
216 if (buf) {
217 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
218 "keyid=%d %scast addr=%pM)", key_id,
219 key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni",
220 addr);
221 memset(&wrqu, 0, sizeof(wrqu));
222 wrqu.data.length = strlen(buf);
223 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
224 kfree(buf);
225 }
226#endif
227
228 trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc);
229 nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp);
230}
231EXPORT_SYMBOL(cfg80211_michael_mic_failure);
232
233
234int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
235 struct net_device *dev,
236 struct ieee80211_channel *chan,
237 enum nl80211_auth_type auth_type,
238 const u8 *bssid,
239 const u8 *ssid, int ssid_len,
240 const u8 *ie, int ie_len,
241 const u8 *key, int key_len, int key_idx,
242 const u8 *auth_data, int auth_data_len)
243{
244 struct wireless_dev *wdev = dev->ieee80211_ptr;
245 struct cfg80211_auth_request req = {
246 .ie = ie,
247 .ie_len = ie_len,
248 .auth_data = auth_data,
249 .auth_data_len = auth_data_len,
250 .auth_type = auth_type,
251 .key = key,
252 .key_len = key_len,
253 .key_idx = key_idx,
254 };
255 int err;
256
257 ASSERT_WDEV_LOCK(wdev);
258
259 if (auth_type == NL80211_AUTHTYPE_SHARED_KEY)
260 if (!key || !key_len || key_idx < 0 || key_idx > 3)
261 return -EINVAL;
262
263 if (wdev->current_bss &&
264 ether_addr_equal(bssid, wdev->current_bss->pub.bssid))
265 return -EALREADY;
266
267 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
268 IEEE80211_BSS_TYPE_ESS,
269 IEEE80211_PRIVACY_ANY);
270 if (!req.bss)
271 return -ENOENT;
272
273 err = rdev_auth(rdev, dev, &req);
274
275 cfg80211_put_bss(&rdev->wiphy, req.bss);
276 return err;
277}
278
279
280void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa,
281 const struct ieee80211_ht_cap *ht_capa_mask)
282{
283 int i;
284 u8 *p1, *p2;
285 if (!ht_capa_mask) {
286 memset(ht_capa, 0, sizeof(*ht_capa));
287 return;
288 }
289
290 p1 = (u8*)(ht_capa);
291 p2 = (u8*)(ht_capa_mask);
292 for (i = 0; i < sizeof(*ht_capa); i++)
293 p1[i] &= p2[i];
294}
295
296
297void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa,
298 const struct ieee80211_vht_cap *vht_capa_mask)
299{
300 int i;
301 u8 *p1, *p2;
302 if (!vht_capa_mask) {
303 memset(vht_capa, 0, sizeof(*vht_capa));
304 return;
305 }
306
307 p1 = (u8*)(vht_capa);
308 p2 = (u8*)(vht_capa_mask);
309 for (i = 0; i < sizeof(*vht_capa); i++)
310 p1[i] &= p2[i];
311}
312
313int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
314 struct net_device *dev,
315 struct ieee80211_channel *chan,
316 const u8 *bssid,
317 const u8 *ssid, int ssid_len,
318 struct cfg80211_assoc_request *req)
319{
320 struct wireless_dev *wdev = dev->ieee80211_ptr;
321 int err;
322
323 ASSERT_WDEV_LOCK(wdev);
324
325 if (wdev->current_bss &&
326 (!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid,
327 req->prev_bssid)))
328 return -EALREADY;
329
330 cfg80211_oper_and_ht_capa(&req->ht_capa_mask,
331 rdev->wiphy.ht_capa_mod_mask);
332 cfg80211_oper_and_vht_capa(&req->vht_capa_mask,
333 rdev->wiphy.vht_capa_mod_mask);
334
335 req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
336 IEEE80211_BSS_TYPE_ESS,
337 IEEE80211_PRIVACY_ANY);
338 if (!req->bss)
339 return -ENOENT;
340
341 err = rdev_assoc(rdev, dev, req);
342 if (!err)
343 cfg80211_hold_bss(bss_from_pub(req->bss));
344 else
345 cfg80211_put_bss(&rdev->wiphy, req->bss);
346
347 return err;
348}
349
350int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
351 struct net_device *dev, const u8 *bssid,
352 const u8 *ie, int ie_len, u16 reason,
353 bool local_state_change)
354{
355 struct wireless_dev *wdev = dev->ieee80211_ptr;
356 struct cfg80211_deauth_request req = {
357 .bssid = bssid,
358 .reason_code = reason,
359 .ie = ie,
360 .ie_len = ie_len,
361 .local_state_change = local_state_change,
362 };
363
364 ASSERT_WDEV_LOCK(wdev);
365
366 if (local_state_change &&
367 (!wdev->current_bss ||
368 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
369 return 0;
370
371 if (ether_addr_equal(wdev->disconnect_bssid, bssid) ||
372 (wdev->current_bss &&
373 ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
374 wdev->conn_owner_nlportid = 0;
375
376 return rdev_deauth(rdev, dev, &req);
377}
378
379int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
380 struct net_device *dev, const u8 *bssid,
381 const u8 *ie, int ie_len, u16 reason,
382 bool local_state_change)
383{
384 struct wireless_dev *wdev = dev->ieee80211_ptr;
385 struct cfg80211_disassoc_request req = {
386 .reason_code = reason,
387 .local_state_change = local_state_change,
388 .ie = ie,
389 .ie_len = ie_len,
390 };
391 int err;
392
393 ASSERT_WDEV_LOCK(wdev);
394
395 if (!wdev->current_bss)
396 return -ENOTCONN;
397
398 if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
399 req.bss = &wdev->current_bss->pub;
400 else
401 return -ENOTCONN;
402
403 err = rdev_disassoc(rdev, dev, &req);
404 if (err)
405 return err;
406
407
408 WARN_ON(wdev->current_bss);
409 return 0;
410}
411
412void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,
413 struct net_device *dev)
414{
415 struct wireless_dev *wdev = dev->ieee80211_ptr;
416 u8 bssid[ETH_ALEN];
417
418 ASSERT_WDEV_LOCK(wdev);
419
420 if (!rdev->ops->deauth)
421 return;
422
423 if (!wdev->current_bss)
424 return;
425
426 memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN);
427 cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
428 WLAN_REASON_DEAUTH_LEAVING, false);
429}
430
431struct cfg80211_mgmt_registration {
432 struct list_head list;
433 struct wireless_dev *wdev;
434
435 u32 nlportid;
436
437 int match_len;
438
439 __le16 frame_type;
440
441 bool multicast_rx;
442
443 u8 match[];
444};
445
446static void cfg80211_mgmt_registrations_update(struct wireless_dev *wdev)
447{
448 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
449 struct wireless_dev *tmp;
450 struct cfg80211_mgmt_registration *reg;
451 struct mgmt_frame_regs upd = {};
452
453 lockdep_assert_held(&rdev->wiphy.mtx);
454
455 spin_lock_bh(&wdev->mgmt_registrations_lock);
456 if (!wdev->mgmt_registrations_need_update) {
457 spin_unlock_bh(&wdev->mgmt_registrations_lock);
458 return;
459 }
460
461 rcu_read_lock();
462 list_for_each_entry_rcu(tmp, &rdev->wiphy.wdev_list, list) {
463 list_for_each_entry(reg, &tmp->mgmt_registrations, list) {
464 u32 mask = BIT(le16_to_cpu(reg->frame_type) >> 4);
465 u32 mcast_mask = 0;
466
467 if (reg->multicast_rx)
468 mcast_mask = mask;
469
470 upd.global_stypes |= mask;
471 upd.global_mcast_stypes |= mcast_mask;
472
473 if (tmp == wdev) {
474 upd.interface_stypes |= mask;
475 upd.interface_mcast_stypes |= mcast_mask;
476 }
477 }
478 }
479 rcu_read_unlock();
480
481 wdev->mgmt_registrations_need_update = 0;
482 spin_unlock_bh(&wdev->mgmt_registrations_lock);
483
484 rdev_update_mgmt_frame_registrations(rdev, wdev, &upd);
485}
486
487void cfg80211_mgmt_registrations_update_wk(struct work_struct *wk)
488{
489 struct cfg80211_registered_device *rdev;
490 struct wireless_dev *wdev;
491
492 rdev = container_of(wk, struct cfg80211_registered_device,
493 mgmt_registrations_update_wk);
494
495 wiphy_lock(&rdev->wiphy);
496 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list)
497 cfg80211_mgmt_registrations_update(wdev);
498 wiphy_unlock(&rdev->wiphy);
499}
500
501int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid,
502 u16 frame_type, const u8 *match_data,
503 int match_len, bool multicast_rx,
504 struct netlink_ext_ack *extack)
505{
506 struct cfg80211_mgmt_registration *reg, *nreg;
507 int err = 0;
508 u16 mgmt_type;
509 bool update_multicast = false;
510
511 if (!wdev->wiphy->mgmt_stypes)
512 return -EOPNOTSUPP;
513
514 if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) {
515 NL_SET_ERR_MSG(extack, "frame type not management");
516 return -EINVAL;
517 }
518
519 if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) {
520 NL_SET_ERR_MSG(extack, "Invalid frame type");
521 return -EINVAL;
522 }
523
524 mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4;
525 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) {
526 NL_SET_ERR_MSG(extack,
527 "Registration to specific type not supported");
528 return -EINVAL;
529 }
530
531
532
533
534
535
536
537
538
539 if (wdev->iftype == NL80211_IFTYPE_STATION &&
540 (frame_type & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_AUTH &&
541 !(match_data && match_len >= 2)) {
542 NL_SET_ERR_MSG(extack,
543 "Authentication algorithm number required");
544 return -EINVAL;
545 }
546
547 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL);
548 if (!nreg)
549 return -ENOMEM;
550
551 spin_lock_bh(&wdev->mgmt_registrations_lock);
552
553 list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
554 int mlen = min(match_len, reg->match_len);
555
556 if (frame_type != le16_to_cpu(reg->frame_type))
557 continue;
558
559 if (memcmp(reg->match, match_data, mlen) == 0) {
560 if (reg->multicast_rx != multicast_rx) {
561 update_multicast = true;
562 reg->multicast_rx = multicast_rx;
563 break;
564 }
565 NL_SET_ERR_MSG(extack, "Match already configured");
566 err = -EALREADY;
567 break;
568 }
569 }
570
571 if (err)
572 goto out;
573
574 if (update_multicast) {
575 kfree(nreg);
576 } else {
577 memcpy(nreg->match, match_data, match_len);
578 nreg->match_len = match_len;
579 nreg->nlportid = snd_portid;
580 nreg->frame_type = cpu_to_le16(frame_type);
581 nreg->wdev = wdev;
582 nreg->multicast_rx = multicast_rx;
583 list_add(&nreg->list, &wdev->mgmt_registrations);
584 }
585 wdev->mgmt_registrations_need_update = 1;
586 spin_unlock_bh(&wdev->mgmt_registrations_lock);
587
588 cfg80211_mgmt_registrations_update(wdev);
589
590 return 0;
591
592 out:
593 kfree(nreg);
594 spin_unlock_bh(&wdev->mgmt_registrations_lock);
595
596 return err;
597}
598
599void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid)
600{
601 struct wiphy *wiphy = wdev->wiphy;
602 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
603 struct cfg80211_mgmt_registration *reg, *tmp;
604
605 spin_lock_bh(&wdev->mgmt_registrations_lock);
606
607 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
608 if (reg->nlportid != nlportid)
609 continue;
610
611 list_del(®->list);
612 kfree(reg);
613
614 wdev->mgmt_registrations_need_update = 1;
615 schedule_work(&rdev->mgmt_registrations_update_wk);
616 }
617
618 spin_unlock_bh(&wdev->mgmt_registrations_lock);
619
620 if (nlportid && rdev->crit_proto_nlportid == nlportid) {
621 rdev->crit_proto_nlportid = 0;
622 rdev_crit_proto_stop(rdev, wdev);
623 }
624
625 if (nlportid == wdev->ap_unexpected_nlportid)
626 wdev->ap_unexpected_nlportid = 0;
627}
628
629void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev)
630{
631 struct cfg80211_mgmt_registration *reg, *tmp;
632
633 spin_lock_bh(&wdev->mgmt_registrations_lock);
634 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
635 list_del(®->list);
636 kfree(reg);
637 }
638 wdev->mgmt_registrations_need_update = 1;
639 spin_unlock_bh(&wdev->mgmt_registrations_lock);
640
641 cfg80211_mgmt_registrations_update(wdev);
642}
643
644int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
645 struct wireless_dev *wdev,
646 struct cfg80211_mgmt_tx_params *params, u64 *cookie)
647{
648 const struct ieee80211_mgmt *mgmt;
649 u16 stype;
650
651 if (!wdev->wiphy->mgmt_stypes)
652 return -EOPNOTSUPP;
653
654 if (!rdev->ops->mgmt_tx)
655 return -EOPNOTSUPP;
656
657 if (params->len < 24 + 1)
658 return -EINVAL;
659
660 mgmt = (const struct ieee80211_mgmt *)params->buf;
661
662 if (!ieee80211_is_mgmt(mgmt->frame_control))
663 return -EINVAL;
664
665 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
666 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4)))
667 return -EINVAL;
668
669 if (ieee80211_is_action(mgmt->frame_control) &&
670 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
671 int err = 0;
672
673 wdev_lock(wdev);
674
675 switch (wdev->iftype) {
676 case NL80211_IFTYPE_ADHOC:
677 case NL80211_IFTYPE_STATION:
678 case NL80211_IFTYPE_P2P_CLIENT:
679 if (!wdev->current_bss) {
680 err = -ENOTCONN;
681 break;
682 }
683
684 if (!ether_addr_equal(wdev->current_bss->pub.bssid,
685 mgmt->bssid)) {
686 err = -ENOTCONN;
687 break;
688 }
689
690
691
692
693
694 if (wdev->iftype == NL80211_IFTYPE_ADHOC)
695 break;
696
697
698 if (!ether_addr_equal(wdev->current_bss->pub.bssid,
699 mgmt->da)) {
700 err = -ENOTCONN;
701 break;
702 }
703 break;
704 case NL80211_IFTYPE_AP:
705 case NL80211_IFTYPE_P2P_GO:
706 case NL80211_IFTYPE_AP_VLAN:
707 if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev)))
708 err = -EINVAL;
709 break;
710 case NL80211_IFTYPE_MESH_POINT:
711 if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) {
712 err = -EINVAL;
713 break;
714 }
715
716
717
718
719 break;
720 case NL80211_IFTYPE_P2P_DEVICE:
721
722
723
724
725 case NL80211_IFTYPE_NAN:
726 default:
727 err = -EOPNOTSUPP;
728 break;
729 }
730 wdev_unlock(wdev);
731
732 if (err)
733 return err;
734 }
735
736 if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) {
737
738
739
740
741 if (!ieee80211_is_action(mgmt->frame_control) ||
742 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC)
743 return -EINVAL;
744 if (!wdev->current_bss &&
745 !wiphy_ext_feature_isset(
746 &rdev->wiphy,
747 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA))
748 return -EINVAL;
749 if (wdev->current_bss &&
750 !wiphy_ext_feature_isset(
751 &rdev->wiphy,
752 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED))
753 return -EINVAL;
754 }
755
756
757 return rdev_mgmt_tx(rdev, wdev, params, cookie);
758}
759
760bool cfg80211_rx_mgmt_khz(struct wireless_dev *wdev, int freq, int sig_dbm,
761 const u8 *buf, size_t len, u32 flags)
762{
763 struct wiphy *wiphy = wdev->wiphy;
764 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
765 struct cfg80211_mgmt_registration *reg;
766 const struct ieee80211_txrx_stypes *stypes =
767 &wiphy->mgmt_stypes[wdev->iftype];
768 struct ieee80211_mgmt *mgmt = (void *)buf;
769 const u8 *data;
770 int data_len;
771 bool result = false;
772 __le16 ftype = mgmt->frame_control &
773 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE);
774 u16 stype;
775
776 trace_cfg80211_rx_mgmt(wdev, freq, sig_dbm);
777 stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4;
778
779 if (!(stypes->rx & BIT(stype))) {
780 trace_cfg80211_return_bool(false);
781 return false;
782 }
783
784 data = buf + ieee80211_hdrlen(mgmt->frame_control);
785 data_len = len - ieee80211_hdrlen(mgmt->frame_control);
786
787 spin_lock_bh(&wdev->mgmt_registrations_lock);
788
789 list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
790 if (reg->frame_type != ftype)
791 continue;
792
793 if (reg->match_len > data_len)
794 continue;
795
796 if (memcmp(reg->match, data, reg->match_len))
797 continue;
798
799
800
801
802 if (nl80211_send_mgmt(rdev, wdev, reg->nlportid,
803 freq, sig_dbm,
804 buf, len, flags, GFP_ATOMIC))
805 continue;
806
807 result = true;
808 break;
809 }
810
811 spin_unlock_bh(&wdev->mgmt_registrations_lock);
812
813 trace_cfg80211_return_bool(result);
814 return result;
815}
816EXPORT_SYMBOL(cfg80211_rx_mgmt_khz);
817
818void cfg80211_sched_dfs_chan_update(struct cfg80211_registered_device *rdev)
819{
820 cancel_delayed_work(&rdev->dfs_update_channels_wk);
821 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 0);
822}
823
824void cfg80211_dfs_channels_update_work(struct work_struct *work)
825{
826 struct delayed_work *delayed_work = to_delayed_work(work);
827 struct cfg80211_registered_device *rdev;
828 struct cfg80211_chan_def chandef;
829 struct ieee80211_supported_band *sband;
830 struct ieee80211_channel *c;
831 struct wiphy *wiphy;
832 bool check_again = false;
833 unsigned long timeout, next_time = 0;
834 unsigned long time_dfs_update;
835 enum nl80211_radar_event radar_event;
836 int bandid, i;
837
838 rdev = container_of(delayed_work, struct cfg80211_registered_device,
839 dfs_update_channels_wk);
840 wiphy = &rdev->wiphy;
841
842 rtnl_lock();
843 for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) {
844 sband = wiphy->bands[bandid];
845 if (!sband)
846 continue;
847
848 for (i = 0; i < sband->n_channels; i++) {
849 c = &sband->channels[i];
850
851 if (!(c->flags & IEEE80211_CHAN_RADAR))
852 continue;
853
854 if (c->dfs_state != NL80211_DFS_UNAVAILABLE &&
855 c->dfs_state != NL80211_DFS_AVAILABLE)
856 continue;
857
858 if (c->dfs_state == NL80211_DFS_UNAVAILABLE) {
859 time_dfs_update = IEEE80211_DFS_MIN_NOP_TIME_MS;
860 radar_event = NL80211_RADAR_NOP_FINISHED;
861 } else {
862 if (regulatory_pre_cac_allowed(wiphy) ||
863 cfg80211_any_wiphy_oper_chan(wiphy, c))
864 continue;
865
866 time_dfs_update = REG_PRE_CAC_EXPIRY_GRACE_MS;
867 radar_event = NL80211_RADAR_PRE_CAC_EXPIRED;
868 }
869
870 timeout = c->dfs_state_entered +
871 msecs_to_jiffies(time_dfs_update);
872
873 if (time_after_eq(jiffies, timeout)) {
874 c->dfs_state = NL80211_DFS_USABLE;
875 c->dfs_state_entered = jiffies;
876
877 cfg80211_chandef_create(&chandef, c,
878 NL80211_CHAN_NO_HT);
879
880 nl80211_radar_notify(rdev, &chandef,
881 radar_event, NULL,
882 GFP_ATOMIC);
883
884 regulatory_propagate_dfs_state(wiphy, &chandef,
885 c->dfs_state,
886 radar_event);
887 continue;
888 }
889
890 if (!check_again)
891 next_time = timeout - jiffies;
892 else
893 next_time = min(next_time, timeout - jiffies);
894 check_again = true;
895 }
896 }
897 rtnl_unlock();
898
899
900 if (check_again)
901 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk,
902 next_time);
903}
904
905
906void cfg80211_radar_event(struct wiphy *wiphy,
907 struct cfg80211_chan_def *chandef,
908 gfp_t gfp)
909{
910 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
911
912 trace_cfg80211_radar_event(wiphy, chandef);
913
914
915
916
917
918 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE);
919
920 cfg80211_sched_dfs_chan_update(rdev);
921
922 nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp);
923
924 memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def));
925 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
926}
927EXPORT_SYMBOL(cfg80211_radar_event);
928
929void cfg80211_cac_event(struct net_device *netdev,
930 const struct cfg80211_chan_def *chandef,
931 enum nl80211_radar_event event, gfp_t gfp)
932{
933 struct wireless_dev *wdev = netdev->ieee80211_ptr;
934 struct wiphy *wiphy = wdev->wiphy;
935 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
936 unsigned long timeout;
937
938 trace_cfg80211_cac_event(netdev, event);
939
940 if (WARN_ON(!wdev->cac_started && event != NL80211_RADAR_CAC_STARTED))
941 return;
942
943 if (WARN_ON(!wdev->chandef.chan))
944 return;
945
946 switch (event) {
947 case NL80211_RADAR_CAC_FINISHED:
948 timeout = wdev->cac_start_time +
949 msecs_to_jiffies(wdev->cac_time_ms);
950 WARN_ON(!time_after_eq(jiffies, timeout));
951 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
952 memcpy(&rdev->cac_done_chandef, chandef,
953 sizeof(struct cfg80211_chan_def));
954 queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk);
955 cfg80211_sched_dfs_chan_update(rdev);
956 fallthrough;
957 case NL80211_RADAR_CAC_ABORTED:
958 wdev->cac_started = false;
959 break;
960 case NL80211_RADAR_CAC_STARTED:
961 wdev->cac_started = true;
962 break;
963 default:
964 WARN_ON(1);
965 return;
966 }
967
968 nl80211_radar_notify(rdev, chandef, event, netdev, gfp);
969}
970EXPORT_SYMBOL(cfg80211_cac_event);
971