1
2
3
4
5
6
7
8
9
10#include <linux/kernel.h>
11#include <linux/module.h>
12#include <linux/etherdevice.h>
13#include <linux/netdevice.h>
14#include <linux/nl80211.h>
15#include <linux/slab.h>
16#include <linux/wireless.h>
17#include <net/cfg80211.h>
18#include <net/iw_handler.h>
19#include "core.h"
20#include "nl80211.h"
21#include "rdev-ops.h"
22
23
24void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss,
25 const u8 *buf, size_t len, int uapsd_queues,
26 const u8 *req_ies, size_t req_ies_len)
27{
28 struct wireless_dev *wdev = dev->ieee80211_ptr;
29 struct wiphy *wiphy = wdev->wiphy;
30 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
31 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
32 struct cfg80211_connect_resp_params cr;
33 const u8 *resp_ie = mgmt->u.assoc_resp.variable;
34 size_t resp_ie_len = len - offsetof(struct ieee80211_mgmt,
35 u.assoc_resp.variable);
36
37 if (bss->channel->band == NL80211_BAND_S1GHZ) {
38 resp_ie = (u8 *)&mgmt->u.s1g_assoc_resp.variable;
39 resp_ie_len = len - offsetof(struct ieee80211_mgmt,
40 u.s1g_assoc_resp.variable);
41 }
42
43 memset(&cr, 0, sizeof(cr));
44 cr.status = (int)le16_to_cpu(mgmt->u.assoc_resp.status_code);
45 cr.bssid = mgmt->bssid;
46 cr.bss = bss;
47 cr.req_ie = req_ies;
48 cr.req_ie_len = req_ies_len;
49 cr.resp_ie = resp_ie;
50 cr.resp_ie_len = resp_ie_len;
51 cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED;
52
53 trace_cfg80211_send_rx_assoc(dev, bss);
54
55
56
57
58
59
60
61 if (cfg80211_sme_rx_assoc_resp(wdev, cr.status)) {
62 cfg80211_unhold_bss(bss_from_pub(bss));
63 cfg80211_put_bss(wiphy, bss);
64 return;
65 }
66
67 nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues,
68 req_ies, req_ies_len);
69
70 __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS);
71}
72EXPORT_SYMBOL(cfg80211_rx_assoc_resp);
73
74static void cfg80211_process_auth(struct wireless_dev *wdev,
75 const u8 *buf, size_t len)
76{
77 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
78
79 nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL);
80 cfg80211_sme_rx_auth(wdev, buf, len);
81}
82
83static void cfg80211_process_deauth(struct wireless_dev *wdev,
84 const u8 *buf, size_t len,
85 bool reconnect)
86{
87 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
88 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
89 const u8 *bssid = mgmt->bssid;
90 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
91 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
92
93 nl80211_send_deauth(rdev, wdev->netdev, buf, len, reconnect, GFP_KERNEL);
94
95 if (!wdev->current_bss ||
96 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
97 return;
98
99 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
100 cfg80211_sme_deauth(wdev);
101}
102
103static void cfg80211_process_disassoc(struct wireless_dev *wdev,
104 const u8 *buf, size_t len,
105 bool reconnect)
106{
107 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
108 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
109 const u8 *bssid = mgmt->bssid;
110 u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
111 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
112
113 nl80211_send_disassoc(rdev, wdev->netdev, buf, len, reconnect,
114 GFP_KERNEL);
115
116 if (WARN_ON(!wdev->current_bss ||
117 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
118 return;
119
120 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
121 cfg80211_sme_disassoc(wdev);
122}
123
124void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len)
125{
126 struct wireless_dev *wdev = dev->ieee80211_ptr;
127 struct ieee80211_mgmt *mgmt = (void *)buf;
128
129 ASSERT_WDEV_LOCK(wdev);
130
131 trace_cfg80211_rx_mlme_mgmt(dev, buf, len);
132
133 if (WARN_ON(len < 2))
134 return;
135
136 if (ieee80211_is_auth(mgmt->frame_control))
137 cfg80211_process_auth(wdev, buf, len);
138 else if (ieee80211_is_deauth(mgmt->frame_control))
139 cfg80211_process_deauth(wdev, buf, len, false);
140 else if (ieee80211_is_disassoc(mgmt->frame_control))
141 cfg80211_process_disassoc(wdev, buf, len, false);
142}
143EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt);
144
145void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr)
146{
147 struct wireless_dev *wdev = dev->ieee80211_ptr;
148 struct wiphy *wiphy = wdev->wiphy;
149 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
150
151 trace_cfg80211_send_auth_timeout(dev, addr);
152
153 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL);
154 cfg80211_sme_auth_timeout(wdev);
155}
156EXPORT_SYMBOL(cfg80211_auth_timeout);
157
158void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss)
159{
160 struct wireless_dev *wdev = dev->ieee80211_ptr;
161 struct wiphy *wiphy = wdev->wiphy;
162 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
163
164 trace_cfg80211_send_assoc_timeout(dev, bss->bssid);
165
166 nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL);
167 cfg80211_sme_assoc_timeout(wdev);
168
169 cfg80211_unhold_bss(bss_from_pub(bss));
170 cfg80211_put_bss(wiphy, bss);
171}
172EXPORT_SYMBOL(cfg80211_assoc_timeout);
173
174void cfg80211_abandon_assoc(struct net_device *dev, struct cfg80211_bss *bss)
175{
176 struct wireless_dev *wdev = dev->ieee80211_ptr;
177 struct wiphy *wiphy = wdev->wiphy;
178
179 cfg80211_sme_abandon_assoc(wdev);
180
181 cfg80211_unhold_bss(bss_from_pub(bss));
182 cfg80211_put_bss(wiphy, bss);
183}
184EXPORT_SYMBOL(cfg80211_abandon_assoc);
185
186void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len,
187 bool reconnect)
188{
189 struct wireless_dev *wdev = dev->ieee80211_ptr;
190 struct ieee80211_mgmt *mgmt = (void *)buf;
191
192 ASSERT_WDEV_LOCK(wdev);
193
194 trace_cfg80211_tx_mlme_mgmt(dev, buf, len, reconnect);
195
196 if (WARN_ON(len < 2))
197 return;
198
199 if (ieee80211_is_deauth(mgmt->frame_control))
200 cfg80211_process_deauth(wdev, buf, len, reconnect);
201 else
202 cfg80211_process_disassoc(wdev, buf, len, reconnect);
203}
204EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt);
205
206void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr,
207 enum nl80211_key_type key_type, int key_id,
208 const u8 *tsc, gfp_t gfp)
209{
210 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
211 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
212#ifdef CONFIG_CFG80211_WEXT
213 union iwreq_data wrqu;
214 char *buf = kmalloc(128, gfp);
215
216 if (buf) {
217 sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
218 "keyid=%d %scast addr=%pM)", key_id,
219 key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni",
220 addr);
221 memset(&wrqu, 0, sizeof(wrqu));
222 wrqu.data.length = strlen(buf);
223 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
224 kfree(buf);
225 }
226#endif
227
228 trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc);
229 nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp);
230}
231EXPORT_SYMBOL(cfg80211_michael_mic_failure);
232
233
234int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
235 struct net_device *dev,
236 struct ieee80211_channel *chan,
237 enum nl80211_auth_type auth_type,
238 const u8 *bssid,
239 const u8 *ssid, int ssid_len,
240 const u8 *ie, int ie_len,
241 const u8 *key, int key_len, int key_idx,
242 const u8 *auth_data, int auth_data_len)
243{
244 struct wireless_dev *wdev = dev->ieee80211_ptr;
245 struct cfg80211_auth_request req = {
246 .ie = ie,
247 .ie_len = ie_len,
248 .auth_data = auth_data,
249 .auth_data_len = auth_data_len,
250 .auth_type = auth_type,
251 .key = key,
252 .key_len = key_len,
253 .key_idx = key_idx,
254 };
255 int err;
256
257 ASSERT_WDEV_LOCK(wdev);
258
259 if (auth_type == NL80211_AUTHTYPE_SHARED_KEY)
260 if (!key || !key_len || key_idx < 0 || key_idx > 3)
261 return -EINVAL;
262
263 if (wdev->current_bss &&
264 ether_addr_equal(bssid, wdev->current_bss->pub.bssid))
265 return -EALREADY;
266
267 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
268 IEEE80211_BSS_TYPE_ESS,
269 IEEE80211_PRIVACY_ANY);
270 if (!req.bss)
271 return -ENOENT;
272
273 err = rdev_auth(rdev, dev, &req);
274
275 cfg80211_put_bss(&rdev->wiphy, req.bss);
276 return err;
277}
278
279
280void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa,
281 const struct ieee80211_ht_cap *ht_capa_mask)
282{
283 int i;
284 u8 *p1, *p2;
285 if (!ht_capa_mask) {
286 memset(ht_capa, 0, sizeof(*ht_capa));
287 return;
288 }
289
290 p1 = (u8*)(ht_capa);
291 p2 = (u8*)(ht_capa_mask);
292 for (i = 0; i < sizeof(*ht_capa); i++)
293 p1[i] &= p2[i];
294}
295
296
297void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa,
298 const struct ieee80211_vht_cap *vht_capa_mask)
299{
300 int i;
301 u8 *p1, *p2;
302 if (!vht_capa_mask) {
303 memset(vht_capa, 0, sizeof(*vht_capa));
304 return;
305 }
306
307 p1 = (u8*)(vht_capa);
308 p2 = (u8*)(vht_capa_mask);
309 for (i = 0; i < sizeof(*vht_capa); i++)
310 p1[i] &= p2[i];
311}
312
313int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
314 struct net_device *dev,
315 struct ieee80211_channel *chan,
316 const u8 *bssid,
317 const u8 *ssid, int ssid_len,
318 struct cfg80211_assoc_request *req)
319{
320 struct wireless_dev *wdev = dev->ieee80211_ptr;
321 int err;
322
323 ASSERT_WDEV_LOCK(wdev);
324
325 if (wdev->current_bss &&
326 (!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid,
327 req->prev_bssid)))
328 return -EALREADY;
329
330 cfg80211_oper_and_ht_capa(&req->ht_capa_mask,
331 rdev->wiphy.ht_capa_mod_mask);
332 cfg80211_oper_and_vht_capa(&req->vht_capa_mask,
333 rdev->wiphy.vht_capa_mod_mask);
334
335 req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
336 IEEE80211_BSS_TYPE_ESS,
337 IEEE80211_PRIVACY_ANY);
338 if (!req->bss)
339 return -ENOENT;
340
341 err = rdev_assoc(rdev, dev, req);
342 if (!err)
343 cfg80211_hold_bss(bss_from_pub(req->bss));
344 else
345 cfg80211_put_bss(&rdev->wiphy, req->bss);
346
347 return err;
348}
349
350int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
351 struct net_device *dev, const u8 *bssid,
352 const u8 *ie, int ie_len, u16 reason,
353 bool local_state_change)
354{
355 struct wireless_dev *wdev = dev->ieee80211_ptr;
356 struct cfg80211_deauth_request req = {
357 .bssid = bssid,
358 .reason_code = reason,
359 .ie = ie,
360 .ie_len = ie_len,
361 .local_state_change = local_state_change,
362 };
363
364 ASSERT_WDEV_LOCK(wdev);
365
366 if (local_state_change &&
367 (!wdev->current_bss ||
368 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
369 return 0;
370
371 if (ether_addr_equal(wdev->disconnect_bssid, bssid) ||
372 (wdev->current_bss &&
373 ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
374 wdev->conn_owner_nlportid = 0;
375
376 return rdev_deauth(rdev, dev, &req);
377}
378
379int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
380 struct net_device *dev, const u8 *bssid,
381 const u8 *ie, int ie_len, u16 reason,
382 bool local_state_change)
383{
384 struct wireless_dev *wdev = dev->ieee80211_ptr;
385 struct cfg80211_disassoc_request req = {
386 .reason_code = reason,
387 .local_state_change = local_state_change,
388 .ie = ie,
389 .ie_len = ie_len,
390 };
391 int err;
392
393 ASSERT_WDEV_LOCK(wdev);
394
395 if (!wdev->current_bss)
396 return -ENOTCONN;
397
398 if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
399 req.bss = &wdev->current_bss->pub;
400 else
401 return -ENOTCONN;
402
403 err = rdev_disassoc(rdev, dev, &req);
404 if (err)
405 return err;
406
407
408 WARN_ON(wdev->current_bss);
409 return 0;
410}
411
412void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,
413 struct net_device *dev)
414{
415 struct wireless_dev *wdev = dev->ieee80211_ptr;
416 u8 bssid[ETH_ALEN];
417
418 ASSERT_WDEV_LOCK(wdev);
419
420 if (!rdev->ops->deauth)
421 return;
422
423 if (!wdev->current_bss)
424 return;
425
426 memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN);
427 cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
428 WLAN_REASON_DEAUTH_LEAVING, false);
429}
430
431struct cfg80211_mgmt_registration {
432 struct list_head list;
433 struct wireless_dev *wdev;
434
435 u32 nlportid;
436
437 int match_len;
438
439 __le16 frame_type;
440
441 bool multicast_rx;
442
443 u8 match[];
444};
445
446static void cfg80211_mgmt_registrations_update(struct wireless_dev *wdev)
447{
448 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
449 struct wireless_dev *tmp;
450 struct cfg80211_mgmt_registration *reg;
451 struct mgmt_frame_regs upd = {};
452
453 lockdep_assert_held(&rdev->wiphy.mtx);
454
455 spin_lock_bh(&rdev->mgmt_registrations_lock);
456 if (!wdev->mgmt_registrations_need_update) {
457 spin_unlock_bh(&rdev->mgmt_registrations_lock);
458 return;
459 }
460
461 rcu_read_lock();
462 list_for_each_entry_rcu(tmp, &rdev->wiphy.wdev_list, list) {
463 list_for_each_entry(reg, &tmp->mgmt_registrations, list) {
464 u32 mask = BIT(le16_to_cpu(reg->frame_type) >> 4);
465 u32 mcast_mask = 0;
466
467 if (reg->multicast_rx)
468 mcast_mask = mask;
469
470 upd.global_stypes |= mask;
471 upd.global_mcast_stypes |= mcast_mask;
472
473 if (tmp == wdev) {
474 upd.interface_stypes |= mask;
475 upd.interface_mcast_stypes |= mcast_mask;
476 }
477 }
478 }
479 rcu_read_unlock();
480
481 wdev->mgmt_registrations_need_update = 0;
482 spin_unlock_bh(&rdev->mgmt_registrations_lock);
483
484 rdev_update_mgmt_frame_registrations(rdev, wdev, &upd);
485}
486
487void cfg80211_mgmt_registrations_update_wk(struct work_struct *wk)
488{
489 struct cfg80211_registered_device *rdev;
490 struct wireless_dev *wdev;
491
492 rdev = container_of(wk, struct cfg80211_registered_device,
493 mgmt_registrations_update_wk);
494
495 wiphy_lock(&rdev->wiphy);
496 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list)
497 cfg80211_mgmt_registrations_update(wdev);
498 wiphy_unlock(&rdev->wiphy);
499}
500
501int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid,
502 u16 frame_type, const u8 *match_data,
503 int match_len, bool multicast_rx,
504 struct netlink_ext_ack *extack)
505{
506 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
507 struct cfg80211_mgmt_registration *reg, *nreg;
508 int err = 0;
509 u16 mgmt_type;
510 bool update_multicast = false;
511
512 if (!wdev->wiphy->mgmt_stypes)
513 return -EOPNOTSUPP;
514
515 if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) {
516 NL_SET_ERR_MSG(extack, "frame type not management");
517 return -EINVAL;
518 }
519
520 if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) {
521 NL_SET_ERR_MSG(extack, "Invalid frame type");
522 return -EINVAL;
523 }
524
525 mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4;
526 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) {
527 NL_SET_ERR_MSG(extack,
528 "Registration to specific type not supported");
529 return -EINVAL;
530 }
531
532
533
534
535
536
537
538
539
540 if (wdev->iftype == NL80211_IFTYPE_STATION &&
541 (frame_type & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_AUTH &&
542 !(match_data && match_len >= 2)) {
543 NL_SET_ERR_MSG(extack,
544 "Authentication algorithm number required");
545 return -EINVAL;
546 }
547
548 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL);
549 if (!nreg)
550 return -ENOMEM;
551
552 spin_lock_bh(&rdev->mgmt_registrations_lock);
553
554 list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
555 int mlen = min(match_len, reg->match_len);
556
557 if (frame_type != le16_to_cpu(reg->frame_type))
558 continue;
559
560 if (memcmp(reg->match, match_data, mlen) == 0) {
561 if (reg->multicast_rx != multicast_rx) {
562 update_multicast = true;
563 reg->multicast_rx = multicast_rx;
564 break;
565 }
566 NL_SET_ERR_MSG(extack, "Match already configured");
567 err = -EALREADY;
568 break;
569 }
570 }
571
572 if (err)
573 goto out;
574
575 if (update_multicast) {
576 kfree(nreg);
577 } else {
578 memcpy(nreg->match, match_data, match_len);
579 nreg->match_len = match_len;
580 nreg->nlportid = snd_portid;
581 nreg->frame_type = cpu_to_le16(frame_type);
582 nreg->wdev = wdev;
583 nreg->multicast_rx = multicast_rx;
584 list_add(&nreg->list, &wdev->mgmt_registrations);
585 }
586 wdev->mgmt_registrations_need_update = 1;
587 spin_unlock_bh(&rdev->mgmt_registrations_lock);
588
589 cfg80211_mgmt_registrations_update(wdev);
590
591 return 0;
592
593 out:
594 kfree(nreg);
595 spin_unlock_bh(&rdev->mgmt_registrations_lock);
596
597 return err;
598}
599
600void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid)
601{
602 struct wiphy *wiphy = wdev->wiphy;
603 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
604 struct cfg80211_mgmt_registration *reg, *tmp;
605
606 spin_lock_bh(&rdev->mgmt_registrations_lock);
607
608 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
609 if (reg->nlportid != nlportid)
610 continue;
611
612 list_del(®->list);
613 kfree(reg);
614
615 wdev->mgmt_registrations_need_update = 1;
616 schedule_work(&rdev->mgmt_registrations_update_wk);
617 }
618
619 spin_unlock_bh(&rdev->mgmt_registrations_lock);
620
621 if (nlportid && rdev->crit_proto_nlportid == nlportid) {
622 rdev->crit_proto_nlportid = 0;
623 rdev_crit_proto_stop(rdev, wdev);
624 }
625
626 if (nlportid == wdev->ap_unexpected_nlportid)
627 wdev->ap_unexpected_nlportid = 0;
628}
629
630void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev)
631{
632 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
633 struct cfg80211_mgmt_registration *reg, *tmp;
634
635 spin_lock_bh(&rdev->mgmt_registrations_lock);
636 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
637 list_del(®->list);
638 kfree(reg);
639 }
640 wdev->mgmt_registrations_need_update = 1;
641 spin_unlock_bh(&rdev->mgmt_registrations_lock);
642
643 cfg80211_mgmt_registrations_update(wdev);
644}
645
646int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
647 struct wireless_dev *wdev,
648 struct cfg80211_mgmt_tx_params *params, u64 *cookie)
649{
650 const struct ieee80211_mgmt *mgmt;
651 u16 stype;
652
653 if (!wdev->wiphy->mgmt_stypes)
654 return -EOPNOTSUPP;
655
656 if (!rdev->ops->mgmt_tx)
657 return -EOPNOTSUPP;
658
659 if (params->len < 24 + 1)
660 return -EINVAL;
661
662 mgmt = (const struct ieee80211_mgmt *)params->buf;
663
664 if (!ieee80211_is_mgmt(mgmt->frame_control))
665 return -EINVAL;
666
667 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
668 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4)))
669 return -EINVAL;
670
671 if (ieee80211_is_action(mgmt->frame_control) &&
672 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
673 int err = 0;
674
675 wdev_lock(wdev);
676
677 switch (wdev->iftype) {
678 case NL80211_IFTYPE_ADHOC:
679 case NL80211_IFTYPE_STATION:
680 case NL80211_IFTYPE_P2P_CLIENT:
681 if (!wdev->current_bss) {
682 err = -ENOTCONN;
683 break;
684 }
685
686 if (!ether_addr_equal(wdev->current_bss->pub.bssid,
687 mgmt->bssid)) {
688 err = -ENOTCONN;
689 break;
690 }
691
692
693
694
695
696 if (wdev->iftype == NL80211_IFTYPE_ADHOC)
697 break;
698
699
700 if (!ether_addr_equal(wdev->current_bss->pub.bssid,
701 mgmt->da)) {
702 err = -ENOTCONN;
703 break;
704 }
705 break;
706 case NL80211_IFTYPE_AP:
707 case NL80211_IFTYPE_P2P_GO:
708 case NL80211_IFTYPE_AP_VLAN:
709 if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev)))
710 err = -EINVAL;
711 break;
712 case NL80211_IFTYPE_MESH_POINT:
713 if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) {
714 err = -EINVAL;
715 break;
716 }
717
718
719
720
721 break;
722 case NL80211_IFTYPE_P2P_DEVICE:
723
724
725
726
727 case NL80211_IFTYPE_NAN:
728 default:
729 err = -EOPNOTSUPP;
730 break;
731 }
732 wdev_unlock(wdev);
733
734 if (err)
735 return err;
736 }
737
738 if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) {
739
740
741
742
743 if (!ieee80211_is_action(mgmt->frame_control) ||
744 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC)
745 return -EINVAL;
746 if (!wdev->current_bss &&
747 !wiphy_ext_feature_isset(
748 &rdev->wiphy,
749 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA))
750 return -EINVAL;
751 if (wdev->current_bss &&
752 !wiphy_ext_feature_isset(
753 &rdev->wiphy,
754 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED))
755 return -EINVAL;
756 }
757
758
759 return rdev_mgmt_tx(rdev, wdev, params, cookie);
760}
761
762bool cfg80211_rx_mgmt_khz(struct wireless_dev *wdev, int freq, int sig_dbm,
763 const u8 *buf, size_t len, u32 flags)
764{
765 struct wiphy *wiphy = wdev->wiphy;
766 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
767 struct cfg80211_mgmt_registration *reg;
768 const struct ieee80211_txrx_stypes *stypes =
769 &wiphy->mgmt_stypes[wdev->iftype];
770 struct ieee80211_mgmt *mgmt = (void *)buf;
771 const u8 *data;
772 int data_len;
773 bool result = false;
774 __le16 ftype = mgmt->frame_control &
775 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE);
776 u16 stype;
777
778 trace_cfg80211_rx_mgmt(wdev, freq, sig_dbm);
779 stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4;
780
781 if (!(stypes->rx & BIT(stype))) {
782 trace_cfg80211_return_bool(false);
783 return false;
784 }
785
786 data = buf + ieee80211_hdrlen(mgmt->frame_control);
787 data_len = len - ieee80211_hdrlen(mgmt->frame_control);
788
789 spin_lock_bh(&rdev->mgmt_registrations_lock);
790
791 list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
792 if (reg->frame_type != ftype)
793 continue;
794
795 if (reg->match_len > data_len)
796 continue;
797
798 if (memcmp(reg->match, data, reg->match_len))
799 continue;
800
801
802
803
804 if (nl80211_send_mgmt(rdev, wdev, reg->nlportid,
805 freq, sig_dbm,
806 buf, len, flags, GFP_ATOMIC))
807 continue;
808
809 result = true;
810 break;
811 }
812
813 spin_unlock_bh(&rdev->mgmt_registrations_lock);
814
815 trace_cfg80211_return_bool(result);
816 return result;
817}
818EXPORT_SYMBOL(cfg80211_rx_mgmt_khz);
819
820void cfg80211_sched_dfs_chan_update(struct cfg80211_registered_device *rdev)
821{
822 cancel_delayed_work(&rdev->dfs_update_channels_wk);
823 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 0);
824}
825
826void cfg80211_dfs_channels_update_work(struct work_struct *work)
827{
828 struct delayed_work *delayed_work = to_delayed_work(work);
829 struct cfg80211_registered_device *rdev;
830 struct cfg80211_chan_def chandef;
831 struct ieee80211_supported_band *sband;
832 struct ieee80211_channel *c;
833 struct wiphy *wiphy;
834 bool check_again = false;
835 unsigned long timeout, next_time = 0;
836 unsigned long time_dfs_update;
837 enum nl80211_radar_event radar_event;
838 int bandid, i;
839
840 rdev = container_of(delayed_work, struct cfg80211_registered_device,
841 dfs_update_channels_wk);
842 wiphy = &rdev->wiphy;
843
844 rtnl_lock();
845 for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) {
846 sband = wiphy->bands[bandid];
847 if (!sband)
848 continue;
849
850 for (i = 0; i < sband->n_channels; i++) {
851 c = &sband->channels[i];
852
853 if (!(c->flags & IEEE80211_CHAN_RADAR))
854 continue;
855
856 if (c->dfs_state != NL80211_DFS_UNAVAILABLE &&
857 c->dfs_state != NL80211_DFS_AVAILABLE)
858 continue;
859
860 if (c->dfs_state == NL80211_DFS_UNAVAILABLE) {
861 time_dfs_update = IEEE80211_DFS_MIN_NOP_TIME_MS;
862 radar_event = NL80211_RADAR_NOP_FINISHED;
863 } else {
864 if (regulatory_pre_cac_allowed(wiphy) ||
865 cfg80211_any_wiphy_oper_chan(wiphy, c))
866 continue;
867
868 time_dfs_update = REG_PRE_CAC_EXPIRY_GRACE_MS;
869 radar_event = NL80211_RADAR_PRE_CAC_EXPIRED;
870 }
871
872 timeout = c->dfs_state_entered +
873 msecs_to_jiffies(time_dfs_update);
874
875 if (time_after_eq(jiffies, timeout)) {
876 c->dfs_state = NL80211_DFS_USABLE;
877 c->dfs_state_entered = jiffies;
878
879 cfg80211_chandef_create(&chandef, c,
880 NL80211_CHAN_NO_HT);
881
882 nl80211_radar_notify(rdev, &chandef,
883 radar_event, NULL,
884 GFP_ATOMIC);
885
886 regulatory_propagate_dfs_state(wiphy, &chandef,
887 c->dfs_state,
888 radar_event);
889 continue;
890 }
891
892 if (!check_again)
893 next_time = timeout - jiffies;
894 else
895 next_time = min(next_time, timeout - jiffies);
896 check_again = true;
897 }
898 }
899 rtnl_unlock();
900
901
902 if (check_again)
903 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk,
904 next_time);
905}
906
907
908void cfg80211_radar_event(struct wiphy *wiphy,
909 struct cfg80211_chan_def *chandef,
910 gfp_t gfp)
911{
912 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
913
914 trace_cfg80211_radar_event(wiphy, chandef);
915
916
917
918
919
920 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE);
921
922 cfg80211_sched_dfs_chan_update(rdev);
923
924 nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp);
925
926 memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def));
927 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
928}
929EXPORT_SYMBOL(cfg80211_radar_event);
930
931void cfg80211_cac_event(struct net_device *netdev,
932 const struct cfg80211_chan_def *chandef,
933 enum nl80211_radar_event event, gfp_t gfp)
934{
935 struct wireless_dev *wdev = netdev->ieee80211_ptr;
936 struct wiphy *wiphy = wdev->wiphy;
937 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
938 unsigned long timeout;
939
940 trace_cfg80211_cac_event(netdev, event);
941
942 if (WARN_ON(!wdev->cac_started && event != NL80211_RADAR_CAC_STARTED))
943 return;
944
945 if (WARN_ON(!wdev->chandef.chan))
946 return;
947
948 switch (event) {
949 case NL80211_RADAR_CAC_FINISHED:
950 timeout = wdev->cac_start_time +
951 msecs_to_jiffies(wdev->cac_time_ms);
952 WARN_ON(!time_after_eq(jiffies, timeout));
953 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
954 memcpy(&rdev->cac_done_chandef, chandef,
955 sizeof(struct cfg80211_chan_def));
956 queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk);
957 cfg80211_sched_dfs_chan_update(rdev);
958 fallthrough;
959 case NL80211_RADAR_CAC_ABORTED:
960 wdev->cac_started = false;
961 break;
962 case NL80211_RADAR_CAC_STARTED:
963 wdev->cac_started = true;
964 break;
965 default:
966 WARN_ON(1);
967 return;
968 }
969
970 nl80211_radar_notify(rdev, chandef, event, netdev, gfp);
971}
972EXPORT_SYMBOL(cfg80211_cac_event);
973