linux/net/wireless/mlme.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * cfg80211 MLME SAP interface
   4 *
   5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
   6 * Copyright (c) 2015           Intel Deutschland GmbH
   7 * Copyright (C) 2019-2020 Intel Corporation
   8 */
   9
  10#include <linux/kernel.h>
  11#include <linux/module.h>
  12#include <linux/etherdevice.h>
  13#include <linux/netdevice.h>
  14#include <linux/nl80211.h>
  15#include <linux/slab.h>
  16#include <linux/wireless.h>
  17#include <net/cfg80211.h>
  18#include <net/iw_handler.h>
  19#include "core.h"
  20#include "nl80211.h"
  21#include "rdev-ops.h"
  22
  23
  24void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss,
  25                            const u8 *buf, size_t len, int uapsd_queues,
  26                            const u8 *req_ies, size_t req_ies_len)
  27{
  28        struct wireless_dev *wdev = dev->ieee80211_ptr;
  29        struct wiphy *wiphy = wdev->wiphy;
  30        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
  31        struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
  32        struct cfg80211_connect_resp_params cr;
  33        const u8 *resp_ie = mgmt->u.assoc_resp.variable;
  34        size_t resp_ie_len = len - offsetof(struct ieee80211_mgmt,
  35                                            u.assoc_resp.variable);
  36
  37        if (bss->channel->band == NL80211_BAND_S1GHZ) {
  38                resp_ie = (u8 *)&mgmt->u.s1g_assoc_resp.variable;
  39                resp_ie_len = len - offsetof(struct ieee80211_mgmt,
  40                                             u.s1g_assoc_resp.variable);
  41        }
  42
  43        memset(&cr, 0, sizeof(cr));
  44        cr.status = (int)le16_to_cpu(mgmt->u.assoc_resp.status_code);
  45        cr.bssid = mgmt->bssid;
  46        cr.bss = bss;
  47        cr.req_ie = req_ies;
  48        cr.req_ie_len = req_ies_len;
  49        cr.resp_ie = resp_ie;
  50        cr.resp_ie_len = resp_ie_len;
  51        cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED;
  52
  53        trace_cfg80211_send_rx_assoc(dev, bss);
  54
  55        /*
  56         * This is a bit of a hack, we don't notify userspace of
  57         * a (re-)association reply if we tried to send a reassoc
  58         * and got a reject -- we only try again with an assoc
  59         * frame instead of reassoc.
  60         */
  61        if (cfg80211_sme_rx_assoc_resp(wdev, cr.status)) {
  62                cfg80211_unhold_bss(bss_from_pub(bss));
  63                cfg80211_put_bss(wiphy, bss);
  64                return;
  65        }
  66
  67        nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues,
  68                              req_ies, req_ies_len);
  69        /* update current_bss etc., consumes the bss reference */
  70        __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS);
  71}
  72EXPORT_SYMBOL(cfg80211_rx_assoc_resp);
  73
  74static void cfg80211_process_auth(struct wireless_dev *wdev,
  75                                  const u8 *buf, size_t len)
  76{
  77        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
  78
  79        nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL);
  80        cfg80211_sme_rx_auth(wdev, buf, len);
  81}
  82
  83static void cfg80211_process_deauth(struct wireless_dev *wdev,
  84                                    const u8 *buf, size_t len,
  85                                    bool reconnect)
  86{
  87        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
  88        struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
  89        const u8 *bssid = mgmt->bssid;
  90        u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
  91        bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
  92
  93        nl80211_send_deauth(rdev, wdev->netdev, buf, len, reconnect, GFP_KERNEL);
  94
  95        if (!wdev->current_bss ||
  96            !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
  97                return;
  98
  99        __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
 100        cfg80211_sme_deauth(wdev);
 101}
 102
 103static void cfg80211_process_disassoc(struct wireless_dev *wdev,
 104                                      const u8 *buf, size_t len,
 105                                      bool reconnect)
 106{
 107        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
 108        struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
 109        const u8 *bssid = mgmt->bssid;
 110        u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
 111        bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
 112
 113        nl80211_send_disassoc(rdev, wdev->netdev, buf, len, reconnect,
 114                              GFP_KERNEL);
 115
 116        if (WARN_ON(!wdev->current_bss ||
 117                    !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
 118                return;
 119
 120        __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap);
 121        cfg80211_sme_disassoc(wdev);
 122}
 123
 124void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len)
 125{
 126        struct wireless_dev *wdev = dev->ieee80211_ptr;
 127        struct ieee80211_mgmt *mgmt = (void *)buf;
 128
 129        ASSERT_WDEV_LOCK(wdev);
 130
 131        trace_cfg80211_rx_mlme_mgmt(dev, buf, len);
 132
 133        if (WARN_ON(len < 2))
 134                return;
 135
 136        if (ieee80211_is_auth(mgmt->frame_control))
 137                cfg80211_process_auth(wdev, buf, len);
 138        else if (ieee80211_is_deauth(mgmt->frame_control))
 139                cfg80211_process_deauth(wdev, buf, len, false);
 140        else if (ieee80211_is_disassoc(mgmt->frame_control))
 141                cfg80211_process_disassoc(wdev, buf, len, false);
 142}
 143EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt);
 144
 145void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr)
 146{
 147        struct wireless_dev *wdev = dev->ieee80211_ptr;
 148        struct wiphy *wiphy = wdev->wiphy;
 149        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 150
 151        trace_cfg80211_send_auth_timeout(dev, addr);
 152
 153        nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL);
 154        cfg80211_sme_auth_timeout(wdev);
 155}
 156EXPORT_SYMBOL(cfg80211_auth_timeout);
 157
 158void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss)
 159{
 160        struct wireless_dev *wdev = dev->ieee80211_ptr;
 161        struct wiphy *wiphy = wdev->wiphy;
 162        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 163
 164        trace_cfg80211_send_assoc_timeout(dev, bss->bssid);
 165
 166        nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL);
 167        cfg80211_sme_assoc_timeout(wdev);
 168
 169        cfg80211_unhold_bss(bss_from_pub(bss));
 170        cfg80211_put_bss(wiphy, bss);
 171}
 172EXPORT_SYMBOL(cfg80211_assoc_timeout);
 173
 174void cfg80211_abandon_assoc(struct net_device *dev, struct cfg80211_bss *bss)
 175{
 176        struct wireless_dev *wdev = dev->ieee80211_ptr;
 177        struct wiphy *wiphy = wdev->wiphy;
 178
 179        cfg80211_sme_abandon_assoc(wdev);
 180
 181        cfg80211_unhold_bss(bss_from_pub(bss));
 182        cfg80211_put_bss(wiphy, bss);
 183}
 184EXPORT_SYMBOL(cfg80211_abandon_assoc);
 185
 186void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len,
 187                           bool reconnect)
 188{
 189        struct wireless_dev *wdev = dev->ieee80211_ptr;
 190        struct ieee80211_mgmt *mgmt = (void *)buf;
 191
 192        ASSERT_WDEV_LOCK(wdev);
 193
 194        trace_cfg80211_tx_mlme_mgmt(dev, buf, len, reconnect);
 195
 196        if (WARN_ON(len < 2))
 197                return;
 198
 199        if (ieee80211_is_deauth(mgmt->frame_control))
 200                cfg80211_process_deauth(wdev, buf, len, reconnect);
 201        else
 202                cfg80211_process_disassoc(wdev, buf, len, reconnect);
 203}
 204EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt);
 205
 206void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr,
 207                                  enum nl80211_key_type key_type, int key_id,
 208                                  const u8 *tsc, gfp_t gfp)
 209{
 210        struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
 211        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 212#ifdef CONFIG_CFG80211_WEXT
 213        union iwreq_data wrqu;
 214        char *buf = kmalloc(128, gfp);
 215
 216        if (buf) {
 217                sprintf(buf, "MLME-MICHAELMICFAILURE.indication("
 218                        "keyid=%d %scast addr=%pM)", key_id,
 219                        key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni",
 220                        addr);
 221                memset(&wrqu, 0, sizeof(wrqu));
 222                wrqu.data.length = strlen(buf);
 223                wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
 224                kfree(buf);
 225        }
 226#endif
 227
 228        trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc);
 229        nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp);
 230}
 231EXPORT_SYMBOL(cfg80211_michael_mic_failure);
 232
 233/* some MLME handling for userspace SME */
 234int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
 235                       struct net_device *dev,
 236                       struct ieee80211_channel *chan,
 237                       enum nl80211_auth_type auth_type,
 238                       const u8 *bssid,
 239                       const u8 *ssid, int ssid_len,
 240                       const u8 *ie, int ie_len,
 241                       const u8 *key, int key_len, int key_idx,
 242                       const u8 *auth_data, int auth_data_len)
 243{
 244        struct wireless_dev *wdev = dev->ieee80211_ptr;
 245        struct cfg80211_auth_request req = {
 246                .ie = ie,
 247                .ie_len = ie_len,
 248                .auth_data = auth_data,
 249                .auth_data_len = auth_data_len,
 250                .auth_type = auth_type,
 251                .key = key,
 252                .key_len = key_len,
 253                .key_idx = key_idx,
 254        };
 255        int err;
 256
 257        ASSERT_WDEV_LOCK(wdev);
 258
 259        if (auth_type == NL80211_AUTHTYPE_SHARED_KEY)
 260                if (!key || !key_len || key_idx < 0 || key_idx > 3)
 261                        return -EINVAL;
 262
 263        if (wdev->current_bss &&
 264            ether_addr_equal(bssid, wdev->current_bss->pub.bssid))
 265                return -EALREADY;
 266
 267        req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
 268                                   IEEE80211_BSS_TYPE_ESS,
 269                                   IEEE80211_PRIVACY_ANY);
 270        if (!req.bss)
 271                return -ENOENT;
 272
 273        err = rdev_auth(rdev, dev, &req);
 274
 275        cfg80211_put_bss(&rdev->wiphy, req.bss);
 276        return err;
 277}
 278
 279/*  Do a logical ht_capa &= ht_capa_mask.  */
 280void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa,
 281                               const struct ieee80211_ht_cap *ht_capa_mask)
 282{
 283        int i;
 284        u8 *p1, *p2;
 285        if (!ht_capa_mask) {
 286                memset(ht_capa, 0, sizeof(*ht_capa));
 287                return;
 288        }
 289
 290        p1 = (u8*)(ht_capa);
 291        p2 = (u8*)(ht_capa_mask);
 292        for (i = 0; i < sizeof(*ht_capa); i++)
 293                p1[i] &= p2[i];
 294}
 295
 296/*  Do a logical vht_capa &= vht_capa_mask.  */
 297void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa,
 298                                const struct ieee80211_vht_cap *vht_capa_mask)
 299{
 300        int i;
 301        u8 *p1, *p2;
 302        if (!vht_capa_mask) {
 303                memset(vht_capa, 0, sizeof(*vht_capa));
 304                return;
 305        }
 306
 307        p1 = (u8*)(vht_capa);
 308        p2 = (u8*)(vht_capa_mask);
 309        for (i = 0; i < sizeof(*vht_capa); i++)
 310                p1[i] &= p2[i];
 311}
 312
 313int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
 314                        struct net_device *dev,
 315                        struct ieee80211_channel *chan,
 316                        const u8 *bssid,
 317                        const u8 *ssid, int ssid_len,
 318                        struct cfg80211_assoc_request *req)
 319{
 320        struct wireless_dev *wdev = dev->ieee80211_ptr;
 321        int err;
 322
 323        ASSERT_WDEV_LOCK(wdev);
 324
 325        if (wdev->current_bss &&
 326            (!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid,
 327                                                   req->prev_bssid)))
 328                return -EALREADY;
 329
 330        cfg80211_oper_and_ht_capa(&req->ht_capa_mask,
 331                                  rdev->wiphy.ht_capa_mod_mask);
 332        cfg80211_oper_and_vht_capa(&req->vht_capa_mask,
 333                                   rdev->wiphy.vht_capa_mod_mask);
 334
 335        req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
 336                                    IEEE80211_BSS_TYPE_ESS,
 337                                    IEEE80211_PRIVACY_ANY);
 338        if (!req->bss)
 339                return -ENOENT;
 340
 341        err = rdev_assoc(rdev, dev, req);
 342        if (!err)
 343                cfg80211_hold_bss(bss_from_pub(req->bss));
 344        else
 345                cfg80211_put_bss(&rdev->wiphy, req->bss);
 346
 347        return err;
 348}
 349
 350int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
 351                         struct net_device *dev, const u8 *bssid,
 352                         const u8 *ie, int ie_len, u16 reason,
 353                         bool local_state_change)
 354{
 355        struct wireless_dev *wdev = dev->ieee80211_ptr;
 356        struct cfg80211_deauth_request req = {
 357                .bssid = bssid,
 358                .reason_code = reason,
 359                .ie = ie,
 360                .ie_len = ie_len,
 361                .local_state_change = local_state_change,
 362        };
 363
 364        ASSERT_WDEV_LOCK(wdev);
 365
 366        if (local_state_change &&
 367            (!wdev->current_bss ||
 368             !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
 369                return 0;
 370
 371        if (ether_addr_equal(wdev->disconnect_bssid, bssid) ||
 372            (wdev->current_bss &&
 373             ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
 374                wdev->conn_owner_nlportid = 0;
 375
 376        return rdev_deauth(rdev, dev, &req);
 377}
 378
 379int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev,
 380                           struct net_device *dev, const u8 *bssid,
 381                           const u8 *ie, int ie_len, u16 reason,
 382                           bool local_state_change)
 383{
 384        struct wireless_dev *wdev = dev->ieee80211_ptr;
 385        struct cfg80211_disassoc_request req = {
 386                .reason_code = reason,
 387                .local_state_change = local_state_change,
 388                .ie = ie,
 389                .ie_len = ie_len,
 390        };
 391        int err;
 392
 393        ASSERT_WDEV_LOCK(wdev);
 394
 395        if (!wdev->current_bss)
 396                return -ENOTCONN;
 397
 398        if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
 399                req.bss = &wdev->current_bss->pub;
 400        else
 401                return -ENOTCONN;
 402
 403        err = rdev_disassoc(rdev, dev, &req);
 404        if (err)
 405                return err;
 406
 407        /* driver should have reported the disassoc */
 408        WARN_ON(wdev->current_bss);
 409        return 0;
 410}
 411
 412void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,
 413                        struct net_device *dev)
 414{
 415        struct wireless_dev *wdev = dev->ieee80211_ptr;
 416        u8 bssid[ETH_ALEN];
 417
 418        ASSERT_WDEV_LOCK(wdev);
 419
 420        if (!rdev->ops->deauth)
 421                return;
 422
 423        if (!wdev->current_bss)
 424                return;
 425
 426        memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN);
 427        cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
 428                             WLAN_REASON_DEAUTH_LEAVING, false);
 429}
 430
 431struct cfg80211_mgmt_registration {
 432        struct list_head list;
 433        struct wireless_dev *wdev;
 434
 435        u32 nlportid;
 436
 437        int match_len;
 438
 439        __le16 frame_type;
 440
 441        bool multicast_rx;
 442
 443        u8 match[];
 444};
 445
 446static void cfg80211_mgmt_registrations_update(struct wireless_dev *wdev)
 447{
 448        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
 449        struct wireless_dev *tmp;
 450        struct cfg80211_mgmt_registration *reg;
 451        struct mgmt_frame_regs upd = {};
 452
 453        lockdep_assert_held(&rdev->wiphy.mtx);
 454
 455        spin_lock_bh(&rdev->mgmt_registrations_lock);
 456        if (!wdev->mgmt_registrations_need_update) {
 457                spin_unlock_bh(&rdev->mgmt_registrations_lock);
 458                return;
 459        }
 460
 461        rcu_read_lock();
 462        list_for_each_entry_rcu(tmp, &rdev->wiphy.wdev_list, list) {
 463                list_for_each_entry(reg, &tmp->mgmt_registrations, list) {
 464                        u32 mask = BIT(le16_to_cpu(reg->frame_type) >> 4);
 465                        u32 mcast_mask = 0;
 466
 467                        if (reg->multicast_rx)
 468                                mcast_mask = mask;
 469
 470                        upd.global_stypes |= mask;
 471                        upd.global_mcast_stypes |= mcast_mask;
 472
 473                        if (tmp == wdev) {
 474                                upd.interface_stypes |= mask;
 475                                upd.interface_mcast_stypes |= mcast_mask;
 476                        }
 477                }
 478        }
 479        rcu_read_unlock();
 480
 481        wdev->mgmt_registrations_need_update = 0;
 482        spin_unlock_bh(&rdev->mgmt_registrations_lock);
 483
 484        rdev_update_mgmt_frame_registrations(rdev, wdev, &upd);
 485}
 486
 487void cfg80211_mgmt_registrations_update_wk(struct work_struct *wk)
 488{
 489        struct cfg80211_registered_device *rdev;
 490        struct wireless_dev *wdev;
 491
 492        rdev = container_of(wk, struct cfg80211_registered_device,
 493                            mgmt_registrations_update_wk);
 494
 495        wiphy_lock(&rdev->wiphy);
 496        list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list)
 497                cfg80211_mgmt_registrations_update(wdev);
 498        wiphy_unlock(&rdev->wiphy);
 499}
 500
 501int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid,
 502                                u16 frame_type, const u8 *match_data,
 503                                int match_len, bool multicast_rx,
 504                                struct netlink_ext_ack *extack)
 505{
 506        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
 507        struct cfg80211_mgmt_registration *reg, *nreg;
 508        int err = 0;
 509        u16 mgmt_type;
 510        bool update_multicast = false;
 511
 512        if (!wdev->wiphy->mgmt_stypes)
 513                return -EOPNOTSUPP;
 514
 515        if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) {
 516                NL_SET_ERR_MSG(extack, "frame type not management");
 517                return -EINVAL;
 518        }
 519
 520        if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) {
 521                NL_SET_ERR_MSG(extack, "Invalid frame type");
 522                return -EINVAL;
 523        }
 524
 525        mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4;
 526        if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) {
 527                NL_SET_ERR_MSG(extack,
 528                               "Registration to specific type not supported");
 529                return -EINVAL;
 530        }
 531
 532        /*
 533         * To support Pre Association Security Negotiation (PASN), registration
 534         * for authentication frames should be supported. However, as some
 535         * versions of the user space daemons wrongly register to all types of
 536         * authentication frames (which might result in unexpected behavior)
 537         * allow such registration if the request is for a specific
 538         * authentication algorithm number.
 539         */
 540        if (wdev->iftype == NL80211_IFTYPE_STATION &&
 541            (frame_type & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_AUTH &&
 542            !(match_data && match_len >= 2)) {
 543                NL_SET_ERR_MSG(extack,
 544                               "Authentication algorithm number required");
 545                return -EINVAL;
 546        }
 547
 548        nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL);
 549        if (!nreg)
 550                return -ENOMEM;
 551
 552        spin_lock_bh(&rdev->mgmt_registrations_lock);
 553
 554        list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
 555                int mlen = min(match_len, reg->match_len);
 556
 557                if (frame_type != le16_to_cpu(reg->frame_type))
 558                        continue;
 559
 560                if (memcmp(reg->match, match_data, mlen) == 0) {
 561                        if (reg->multicast_rx != multicast_rx) {
 562                                update_multicast = true;
 563                                reg->multicast_rx = multicast_rx;
 564                                break;
 565                        }
 566                        NL_SET_ERR_MSG(extack, "Match already configured");
 567                        err = -EALREADY;
 568                        break;
 569                }
 570        }
 571
 572        if (err)
 573                goto out;
 574
 575        if (update_multicast) {
 576                kfree(nreg);
 577        } else {
 578                memcpy(nreg->match, match_data, match_len);
 579                nreg->match_len = match_len;
 580                nreg->nlportid = snd_portid;
 581                nreg->frame_type = cpu_to_le16(frame_type);
 582                nreg->wdev = wdev;
 583                nreg->multicast_rx = multicast_rx;
 584                list_add(&nreg->list, &wdev->mgmt_registrations);
 585        }
 586        wdev->mgmt_registrations_need_update = 1;
 587        spin_unlock_bh(&rdev->mgmt_registrations_lock);
 588
 589        cfg80211_mgmt_registrations_update(wdev);
 590
 591        return 0;
 592
 593 out:
 594        kfree(nreg);
 595        spin_unlock_bh(&rdev->mgmt_registrations_lock);
 596
 597        return err;
 598}
 599
 600void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid)
 601{
 602        struct wiphy *wiphy = wdev->wiphy;
 603        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 604        struct cfg80211_mgmt_registration *reg, *tmp;
 605
 606        spin_lock_bh(&rdev->mgmt_registrations_lock);
 607
 608        list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
 609                if (reg->nlportid != nlportid)
 610                        continue;
 611
 612                list_del(&reg->list);
 613                kfree(reg);
 614
 615                wdev->mgmt_registrations_need_update = 1;
 616                schedule_work(&rdev->mgmt_registrations_update_wk);
 617        }
 618
 619        spin_unlock_bh(&rdev->mgmt_registrations_lock);
 620
 621        if (nlportid && rdev->crit_proto_nlportid == nlportid) {
 622                rdev->crit_proto_nlportid = 0;
 623                rdev_crit_proto_stop(rdev, wdev);
 624        }
 625
 626        if (nlportid == wdev->ap_unexpected_nlportid)
 627                wdev->ap_unexpected_nlportid = 0;
 628}
 629
 630void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev)
 631{
 632        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
 633        struct cfg80211_mgmt_registration *reg, *tmp;
 634
 635        spin_lock_bh(&rdev->mgmt_registrations_lock);
 636        list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
 637                list_del(&reg->list);
 638                kfree(reg);
 639        }
 640        wdev->mgmt_registrations_need_update = 1;
 641        spin_unlock_bh(&rdev->mgmt_registrations_lock);
 642
 643        cfg80211_mgmt_registrations_update(wdev);
 644}
 645
 646int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
 647                          struct wireless_dev *wdev,
 648                          struct cfg80211_mgmt_tx_params *params, u64 *cookie)
 649{
 650        const struct ieee80211_mgmt *mgmt;
 651        u16 stype;
 652
 653        if (!wdev->wiphy->mgmt_stypes)
 654                return -EOPNOTSUPP;
 655
 656        if (!rdev->ops->mgmt_tx)
 657                return -EOPNOTSUPP;
 658
 659        if (params->len < 24 + 1)
 660                return -EINVAL;
 661
 662        mgmt = (const struct ieee80211_mgmt *)params->buf;
 663
 664        if (!ieee80211_is_mgmt(mgmt->frame_control))
 665                return -EINVAL;
 666
 667        stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
 668        if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4)))
 669                return -EINVAL;
 670
 671        if (ieee80211_is_action(mgmt->frame_control) &&
 672            mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
 673                int err = 0;
 674
 675                wdev_lock(wdev);
 676
 677                switch (wdev->iftype) {
 678                case NL80211_IFTYPE_ADHOC:
 679                case NL80211_IFTYPE_STATION:
 680                case NL80211_IFTYPE_P2P_CLIENT:
 681                        if (!wdev->current_bss) {
 682                                err = -ENOTCONN;
 683                                break;
 684                        }
 685
 686                        if (!ether_addr_equal(wdev->current_bss->pub.bssid,
 687                                              mgmt->bssid)) {
 688                                err = -ENOTCONN;
 689                                break;
 690                        }
 691
 692                        /*
 693                         * check for IBSS DA must be done by driver as
 694                         * cfg80211 doesn't track the stations
 695                         */
 696                        if (wdev->iftype == NL80211_IFTYPE_ADHOC)
 697                                break;
 698
 699                        /* for station, check that DA is the AP */
 700                        if (!ether_addr_equal(wdev->current_bss->pub.bssid,
 701                                              mgmt->da)) {
 702                                err = -ENOTCONN;
 703                                break;
 704                        }
 705                        break;
 706                case NL80211_IFTYPE_AP:
 707                case NL80211_IFTYPE_P2P_GO:
 708                case NL80211_IFTYPE_AP_VLAN:
 709                        if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev)))
 710                                err = -EINVAL;
 711                        break;
 712                case NL80211_IFTYPE_MESH_POINT:
 713                        if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) {
 714                                err = -EINVAL;
 715                                break;
 716                        }
 717                        /*
 718                         * check for mesh DA must be done by driver as
 719                         * cfg80211 doesn't track the stations
 720                         */
 721                        break;
 722                case NL80211_IFTYPE_P2P_DEVICE:
 723                        /*
 724                         * fall through, P2P device only supports
 725                         * public action frames
 726                         */
 727                case NL80211_IFTYPE_NAN:
 728                default:
 729                        err = -EOPNOTSUPP;
 730                        break;
 731                }
 732                wdev_unlock(wdev);
 733
 734                if (err)
 735                        return err;
 736        }
 737
 738        if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) {
 739                /* Allow random TA to be used with Public Action frames if the
 740                 * driver has indicated support for this. Otherwise, only allow
 741                 * the local address to be used.
 742                 */
 743                if (!ieee80211_is_action(mgmt->frame_control) ||
 744                    mgmt->u.action.category != WLAN_CATEGORY_PUBLIC)
 745                        return -EINVAL;
 746                if (!wdev->current_bss &&
 747                    !wiphy_ext_feature_isset(
 748                            &rdev->wiphy,
 749                            NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA))
 750                        return -EINVAL;
 751                if (wdev->current_bss &&
 752                    !wiphy_ext_feature_isset(
 753                            &rdev->wiphy,
 754                            NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED))
 755                        return -EINVAL;
 756        }
 757
 758        /* Transmit the Action frame as requested by user space */
 759        return rdev_mgmt_tx(rdev, wdev, params, cookie);
 760}
 761
 762bool cfg80211_rx_mgmt_khz(struct wireless_dev *wdev, int freq, int sig_dbm,
 763                          const u8 *buf, size_t len, u32 flags)
 764{
 765        struct wiphy *wiphy = wdev->wiphy;
 766        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 767        struct cfg80211_mgmt_registration *reg;
 768        const struct ieee80211_txrx_stypes *stypes =
 769                &wiphy->mgmt_stypes[wdev->iftype];
 770        struct ieee80211_mgmt *mgmt = (void *)buf;
 771        const u8 *data;
 772        int data_len;
 773        bool result = false;
 774        __le16 ftype = mgmt->frame_control &
 775                cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE);
 776        u16 stype;
 777
 778        trace_cfg80211_rx_mgmt(wdev, freq, sig_dbm);
 779        stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4;
 780
 781        if (!(stypes->rx & BIT(stype))) {
 782                trace_cfg80211_return_bool(false);
 783                return false;
 784        }
 785
 786        data = buf + ieee80211_hdrlen(mgmt->frame_control);
 787        data_len = len - ieee80211_hdrlen(mgmt->frame_control);
 788
 789        spin_lock_bh(&rdev->mgmt_registrations_lock);
 790
 791        list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
 792                if (reg->frame_type != ftype)
 793                        continue;
 794
 795                if (reg->match_len > data_len)
 796                        continue;
 797
 798                if (memcmp(reg->match, data, reg->match_len))
 799                        continue;
 800
 801                /* found match! */
 802
 803                /* Indicate the received Action frame to user space */
 804                if (nl80211_send_mgmt(rdev, wdev, reg->nlportid,
 805                                      freq, sig_dbm,
 806                                      buf, len, flags, GFP_ATOMIC))
 807                        continue;
 808
 809                result = true;
 810                break;
 811        }
 812
 813        spin_unlock_bh(&rdev->mgmt_registrations_lock);
 814
 815        trace_cfg80211_return_bool(result);
 816        return result;
 817}
 818EXPORT_SYMBOL(cfg80211_rx_mgmt_khz);
 819
 820void cfg80211_sched_dfs_chan_update(struct cfg80211_registered_device *rdev)
 821{
 822        cancel_delayed_work(&rdev->dfs_update_channels_wk);
 823        queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 0);
 824}
 825
 826void cfg80211_dfs_channels_update_work(struct work_struct *work)
 827{
 828        struct delayed_work *delayed_work = to_delayed_work(work);
 829        struct cfg80211_registered_device *rdev;
 830        struct cfg80211_chan_def chandef;
 831        struct ieee80211_supported_band *sband;
 832        struct ieee80211_channel *c;
 833        struct wiphy *wiphy;
 834        bool check_again = false;
 835        unsigned long timeout, next_time = 0;
 836        unsigned long time_dfs_update;
 837        enum nl80211_radar_event radar_event;
 838        int bandid, i;
 839
 840        rdev = container_of(delayed_work, struct cfg80211_registered_device,
 841                            dfs_update_channels_wk);
 842        wiphy = &rdev->wiphy;
 843
 844        rtnl_lock();
 845        for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) {
 846                sband = wiphy->bands[bandid];
 847                if (!sband)
 848                        continue;
 849
 850                for (i = 0; i < sband->n_channels; i++) {
 851                        c = &sband->channels[i];
 852
 853                        if (!(c->flags & IEEE80211_CHAN_RADAR))
 854                                continue;
 855
 856                        if (c->dfs_state != NL80211_DFS_UNAVAILABLE &&
 857                            c->dfs_state != NL80211_DFS_AVAILABLE)
 858                                continue;
 859
 860                        if (c->dfs_state == NL80211_DFS_UNAVAILABLE) {
 861                                time_dfs_update = IEEE80211_DFS_MIN_NOP_TIME_MS;
 862                                radar_event = NL80211_RADAR_NOP_FINISHED;
 863                        } else {
 864                                if (regulatory_pre_cac_allowed(wiphy) ||
 865                                    cfg80211_any_wiphy_oper_chan(wiphy, c))
 866                                        continue;
 867
 868                                time_dfs_update = REG_PRE_CAC_EXPIRY_GRACE_MS;
 869                                radar_event = NL80211_RADAR_PRE_CAC_EXPIRED;
 870                        }
 871
 872                        timeout = c->dfs_state_entered +
 873                                  msecs_to_jiffies(time_dfs_update);
 874
 875                        if (time_after_eq(jiffies, timeout)) {
 876                                c->dfs_state = NL80211_DFS_USABLE;
 877                                c->dfs_state_entered = jiffies;
 878
 879                                cfg80211_chandef_create(&chandef, c,
 880                                                        NL80211_CHAN_NO_HT);
 881
 882                                nl80211_radar_notify(rdev, &chandef,
 883                                                     radar_event, NULL,
 884                                                     GFP_ATOMIC);
 885
 886                                regulatory_propagate_dfs_state(wiphy, &chandef,
 887                                                               c->dfs_state,
 888                                                               radar_event);
 889                                continue;
 890                        }
 891
 892                        if (!check_again)
 893                                next_time = timeout - jiffies;
 894                        else
 895                                next_time = min(next_time, timeout - jiffies);
 896                        check_again = true;
 897                }
 898        }
 899        rtnl_unlock();
 900
 901        /* reschedule if there are other channels waiting to be cleared again */
 902        if (check_again)
 903                queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk,
 904                                   next_time);
 905}
 906
 907
 908void cfg80211_radar_event(struct wiphy *wiphy,
 909                          struct cfg80211_chan_def *chandef,
 910                          gfp_t gfp)
 911{
 912        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 913
 914        trace_cfg80211_radar_event(wiphy, chandef);
 915
 916        /* only set the chandef supplied channel to unavailable, in
 917         * case the radar is detected on only one of multiple channels
 918         * spanned by the chandef.
 919         */
 920        cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE);
 921
 922        cfg80211_sched_dfs_chan_update(rdev);
 923
 924        nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp);
 925
 926        memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def));
 927        queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
 928}
 929EXPORT_SYMBOL(cfg80211_radar_event);
 930
 931void cfg80211_cac_event(struct net_device *netdev,
 932                        const struct cfg80211_chan_def *chandef,
 933                        enum nl80211_radar_event event, gfp_t gfp)
 934{
 935        struct wireless_dev *wdev = netdev->ieee80211_ptr;
 936        struct wiphy *wiphy = wdev->wiphy;
 937        struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
 938        unsigned long timeout;
 939
 940        trace_cfg80211_cac_event(netdev, event);
 941
 942        if (WARN_ON(!wdev->cac_started && event != NL80211_RADAR_CAC_STARTED))
 943                return;
 944
 945        if (WARN_ON(!wdev->chandef.chan))
 946                return;
 947
 948        switch (event) {
 949        case NL80211_RADAR_CAC_FINISHED:
 950                timeout = wdev->cac_start_time +
 951                          msecs_to_jiffies(wdev->cac_time_ms);
 952                WARN_ON(!time_after_eq(jiffies, timeout));
 953                cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE);
 954                memcpy(&rdev->cac_done_chandef, chandef,
 955                       sizeof(struct cfg80211_chan_def));
 956                queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk);
 957                cfg80211_sched_dfs_chan_update(rdev);
 958                fallthrough;
 959        case NL80211_RADAR_CAC_ABORTED:
 960                wdev->cac_started = false;
 961                break;
 962        case NL80211_RADAR_CAC_STARTED:
 963                wdev->cac_started = true;
 964                break;
 965        default:
 966                WARN_ON(1);
 967                return;
 968        }
 969
 970        nl80211_radar_notify(rdev, chandef, event, netdev, gfp);
 971}
 972EXPORT_SYMBOL(cfg80211_cac_event);
 973