1 /*
2  * Marvell Wireless LAN device driver: management IE handling- setting and
3  * deleting IE.
4  *
5  * Copyright (C) 2012-2014, Marvell International Ltd.
6  *
7  * This software file (the "File") is distributed by Marvell International
8  * Ltd. under the terms of the GNU General Public License Version 2, June 1991
9  * (the "License").  You may use, redistribute and/or modify this File in
10  * accordance with the terms and conditions of the License, a copy of which
11  * is available by writing to the Free Software Foundation, Inc.,
12  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
13  * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
14  *
15  * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
17  * ARE EXPRESSLY DISCLAIMED.  The License provides additional details about
18  * this warranty disclaimer.
19  */
20 
21 #include "main.h"
22 
23 /* This function checks if current IE index is used by any on other interface.
24  * Return: -1: yes, current IE index is used by someone else.
25  *          0: no, current IE index is NOT used by other interface.
26  */
27 static int
28 mwifiex_ie_index_used_by_other_intf(struct mwifiex_private *priv, u16 idx)
29 {
30 	int i;
31 	struct mwifiex_adapter *adapter = priv->adapter;
32 	struct mwifiex_ie *ie;
33 
34 	for (i = 0; i < adapter->priv_num; i++) {
35 		if (adapter->priv[i] != priv) {
36 			ie = &adapter->priv[i]->mgmt_ie[idx];
37 			if (ie->mgmt_subtype_mask && ie->ie_length)
38 				return -1;
39 		}
40 	}
41 
42 	return 0;
43 }
44 
45 /* Get unused IE index. This index will be used for setting new IE */
46 static int
47 mwifiex_ie_get_autoidx(struct mwifiex_private *priv, u16 subtype_mask,
48 		       struct mwifiex_ie *ie, u16 *index)
49 {
50 	u16 mask, len, i;
51 
52 	for (i = 0; i < priv->adapter->max_mgmt_ie_index; i++) {
53 		mask = le16_to_cpu(priv->mgmt_ie[i].mgmt_subtype_mask);
54 		len = le16_to_cpu(ie->ie_length);
55 
56 		if (mask == MWIFIEX_AUTO_IDX_MASK)
57 			continue;
58 
59 		if (mask == subtype_mask) {
60 			if (len > IEEE_MAX_IE_SIZE)
61 				continue;
62 
63 			*index = i;
64 			return 0;
65 		}
66 
67 		if (!priv->mgmt_ie[i].ie_length) {
68 			if (mwifiex_ie_index_used_by_other_intf(priv, i))
69 				continue;
70 
71 			*index = i;
72 			return 0;
73 		}
74 	}
75 
76 	return -1;
77 }
78 
79 /* This function prepares IE data buffer for command to be sent to FW */
80 static int
81 mwifiex_update_autoindex_ies(struct mwifiex_private *priv,
82 			     struct mwifiex_ie_list *ie_list)
83 {
84 	u16 travel_len, index, mask;
85 	s16 input_len, tlv_len;
86 	struct mwifiex_ie *ie;
87 	u8 *tmp;
88 
89 	input_len = le16_to_cpu(ie_list->len);
90 	travel_len = sizeof(struct mwifiex_ie_types_header);
91 
92 	ie_list->len = 0;
93 
94 	while (input_len >= sizeof(struct mwifiex_ie_types_header)) {
95 		ie = (struct mwifiex_ie *)(((u8 *)ie_list) + travel_len);
96 		tlv_len = le16_to_cpu(ie->ie_length);
97 		travel_len += tlv_len + MWIFIEX_IE_HDR_SIZE;
98 
99 		if (input_len < tlv_len + MWIFIEX_IE_HDR_SIZE)
100 			return -1;
101 		index = le16_to_cpu(ie->ie_index);
102 		mask = le16_to_cpu(ie->mgmt_subtype_mask);
103 
104 		if (index == MWIFIEX_AUTO_IDX_MASK) {
105 			/* automatic addition */
106 			if (mwifiex_ie_get_autoidx(priv, mask, ie, &index))
107 				return -1;
108 			if (index == MWIFIEX_AUTO_IDX_MASK)
109 				return -1;
110 
111 			tmp = (u8 *)&priv->mgmt_ie[index].ie_buffer;
112 			memcpy(tmp, &ie->ie_buffer, le16_to_cpu(ie->ie_length));
113 			priv->mgmt_ie[index].ie_length = ie->ie_length;
114 			priv->mgmt_ie[index].ie_index = cpu_to_le16(index);
115 			priv->mgmt_ie[index].mgmt_subtype_mask =
116 							cpu_to_le16(mask);
117 
118 			ie->ie_index = cpu_to_le16(index);
119 		} else {
120 			if (mask != MWIFIEX_DELETE_MASK)
121 				return -1;
122 			/*
123 			 * Check if this index is being used on any
124 			 * other interface.
125 			 */
126 			if (mwifiex_ie_index_used_by_other_intf(priv, index))
127 				return -1;
128 
129 			ie->ie_length = 0;
130 			memcpy(&priv->mgmt_ie[index], ie,
131 			       sizeof(struct mwifiex_ie));
132 		}
133 
134 		le16_unaligned_add_cpu(&ie_list->len,
135 				       le16_to_cpu(
136 					    priv->mgmt_ie[index].ie_length) +
137 				       MWIFIEX_IE_HDR_SIZE);
138 		input_len -= tlv_len + MWIFIEX_IE_HDR_SIZE;
139 	}
140 
141 	if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP)
142 		return mwifiex_send_cmd(priv, HostCmd_CMD_UAP_SYS_CONFIG,
143 					HostCmd_ACT_GEN_SET,
144 					UAP_CUSTOM_IE_I, ie_list, true);
145 
146 	return 0;
147 }
148 
149 /* Copy individual custom IEs for beacon, probe response and assoc response
150  * and prepare single structure for IE setting.
151  * This function also updates allocated IE indices from driver.
152  */
153 static int
154 mwifiex_update_uap_custom_ie(struct mwifiex_private *priv,
155 			     struct mwifiex_ie *beacon_ie, u16 *beacon_idx,
156 			     struct mwifiex_ie *pr_ie, u16 *probe_idx,
157 			     struct mwifiex_ie *ar_ie, u16 *assoc_idx)
158 {
159 	struct mwifiex_ie_list *ap_custom_ie;
160 	u8 *pos;
161 	u16 len;
162 	int ret;
163 
164 	ap_custom_ie = kzalloc(sizeof(*ap_custom_ie), GFP_KERNEL);
165 	if (!ap_custom_ie)
166 		return -ENOMEM;
167 
168 	ap_custom_ie->type = cpu_to_le16(TLV_TYPE_MGMT_IE);
169 	pos = (u8 *)ap_custom_ie->ie_list;
170 
171 	if (beacon_ie) {
172 		len = sizeof(struct mwifiex_ie) - IEEE_MAX_IE_SIZE +
173 		      le16_to_cpu(beacon_ie->ie_length);
174 		memcpy(pos, beacon_ie, len);
175 		pos += len;
176 		le16_unaligned_add_cpu(&ap_custom_ie->len, len);
177 	}
178 	if (pr_ie) {
179 		len = sizeof(struct mwifiex_ie) - IEEE_MAX_IE_SIZE +
180 		      le16_to_cpu(pr_ie->ie_length);
181 		memcpy(pos, pr_ie, len);
182 		pos += len;
183 		le16_unaligned_add_cpu(&ap_custom_ie->len, len);
184 	}
185 	if (ar_ie) {
186 		len = sizeof(struct mwifiex_ie) - IEEE_MAX_IE_SIZE +
187 		      le16_to_cpu(ar_ie->ie_length);
188 		memcpy(pos, ar_ie, len);
189 		pos += len;
190 		le16_unaligned_add_cpu(&ap_custom_ie->len, len);
191 	}
192 
193 	ret = mwifiex_update_autoindex_ies(priv, ap_custom_ie);
194 
195 	pos = (u8 *)(&ap_custom_ie->ie_list[0].ie_index);
196 	if (beacon_ie && *beacon_idx == MWIFIEX_AUTO_IDX_MASK) {
197 		/* save beacon ie index after auto-indexing */
198 		*beacon_idx = le16_to_cpu(ap_custom_ie->ie_list[0].ie_index);
199 		len = sizeof(*beacon_ie) - IEEE_MAX_IE_SIZE +
200 		      le16_to_cpu(beacon_ie->ie_length);
201 		pos += len;
202 	}
203 	if (pr_ie && le16_to_cpu(pr_ie->ie_index) == MWIFIEX_AUTO_IDX_MASK) {
204 		/* save probe resp ie index after auto-indexing */
205 		*probe_idx = *((u16 *)pos);
206 		len = sizeof(*pr_ie) - IEEE_MAX_IE_SIZE +
207 		      le16_to_cpu(pr_ie->ie_length);
208 		pos += len;
209 	}
210 	if (ar_ie && le16_to_cpu(ar_ie->ie_index) == MWIFIEX_AUTO_IDX_MASK)
211 		/* save assoc resp ie index after auto-indexing */
212 		*assoc_idx = *((u16 *)pos);
213 
214 	kfree(ap_custom_ie);
215 	return ret;
216 }
217 
218 /* This function checks if the vendor specified IE is present in passed buffer
219  * and copies it to mwifiex_ie structure.
220  * Function takes pointer to struct mwifiex_ie pointer as argument.
221  * If the vendor specified IE is present then memory is allocated for
222  * mwifiex_ie pointer and filled in with IE. Caller should take care of freeing
223  * this memory.
224  */
225 static int mwifiex_update_vs_ie(const u8 *ies, int ies_len,
226 				struct mwifiex_ie **ie_ptr, u16 mask,
227 				unsigned int oui, u8 oui_type)
228 {
229 	struct ieee_types_header *vs_ie;
230 	struct mwifiex_ie *ie = *ie_ptr;
231 	const u8 *vendor_ie;
232 
233 	vendor_ie = cfg80211_find_vendor_ie(oui, oui_type, ies, ies_len);
234 	if (vendor_ie) {
235 		if (!*ie_ptr) {
236 			*ie_ptr = kzalloc(sizeof(struct mwifiex_ie),
237 					  GFP_KERNEL);
238 			if (!*ie_ptr)
239 				return -ENOMEM;
240 			ie = *ie_ptr;
241 		}
242 
243 		vs_ie = (struct ieee_types_header *)vendor_ie;
244 		memcpy(ie->ie_buffer + le16_to_cpu(ie->ie_length),
245 		       vs_ie, vs_ie->len + 2);
246 		le16_unaligned_add_cpu(&ie->ie_length, vs_ie->len + 2);
247 		ie->mgmt_subtype_mask = cpu_to_le16(mask);
248 		ie->ie_index = cpu_to_le16(MWIFIEX_AUTO_IDX_MASK);
249 	}
250 
251 	*ie_ptr = ie;
252 	return 0;
253 }
254 
255 /* This function parses beacon IEs, probe response IEs, association response IEs
256  * from cfg80211_ap_settings->beacon and sets these IE to FW.
257  */
258 static int mwifiex_set_mgmt_beacon_data_ies(struct mwifiex_private *priv,
259 					    struct cfg80211_beacon_data *data)
260 {
261 	struct mwifiex_ie *beacon_ie = NULL, *pr_ie = NULL, *ar_ie = NULL;
262 	u16 beacon_idx = MWIFIEX_AUTO_IDX_MASK, pr_idx = MWIFIEX_AUTO_IDX_MASK;
263 	u16 ar_idx = MWIFIEX_AUTO_IDX_MASK;
264 	int ret = 0;
265 
266 	if (data->beacon_ies && data->beacon_ies_len) {
267 		mwifiex_update_vs_ie(data->beacon_ies, data->beacon_ies_len,
268 				     &beacon_ie, MGMT_MASK_BEACON,
269 				     WLAN_OUI_MICROSOFT,
270 				     WLAN_OUI_TYPE_MICROSOFT_WPS);
271 		mwifiex_update_vs_ie(data->beacon_ies, data->beacon_ies_len,
272 				     &beacon_ie, MGMT_MASK_BEACON,
273 				     WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P);
274 	}
275 
276 	if (data->proberesp_ies && data->proberesp_ies_len) {
277 		mwifiex_update_vs_ie(data->proberesp_ies,
278 				     data->proberesp_ies_len, &pr_ie,
279 				     MGMT_MASK_PROBE_RESP, WLAN_OUI_MICROSOFT,
280 				     WLAN_OUI_TYPE_MICROSOFT_WPS);
281 		mwifiex_update_vs_ie(data->proberesp_ies,
282 				     data->proberesp_ies_len, &pr_ie,
283 				     MGMT_MASK_PROBE_RESP,
284 				     WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P);
285 	}
286 
287 	if (data->assocresp_ies && data->assocresp_ies_len) {
288 		mwifiex_update_vs_ie(data->assocresp_ies,
289 				     data->assocresp_ies_len, &ar_ie,
290 				     MGMT_MASK_ASSOC_RESP |
291 				     MGMT_MASK_REASSOC_RESP,
292 				     WLAN_OUI_MICROSOFT,
293 				     WLAN_OUI_TYPE_MICROSOFT_WPS);
294 		mwifiex_update_vs_ie(data->assocresp_ies,
295 				     data->assocresp_ies_len, &ar_ie,
296 				     MGMT_MASK_ASSOC_RESP |
297 				     MGMT_MASK_REASSOC_RESP, WLAN_OUI_WFA,
298 				     WLAN_OUI_TYPE_WFA_P2P);
299 	}
300 
301 	if (beacon_ie || pr_ie || ar_ie) {
302 		ret = mwifiex_update_uap_custom_ie(priv, beacon_ie,
303 						   &beacon_idx, pr_ie,
304 						   &pr_idx, ar_ie, &ar_idx);
305 		if (ret)
306 			goto done;
307 	}
308 
309 	priv->beacon_idx = beacon_idx;
310 	priv->proberesp_idx = pr_idx;
311 	priv->assocresp_idx = ar_idx;
312 
313 done:
314 	kfree(beacon_ie);
315 	kfree(pr_ie);
316 	kfree(ar_ie);
317 
318 	return ret;
319 }
320 
321 /* This function parses  head and tail IEs, from cfg80211_beacon_data and sets
322  * these IE to FW.
323  */
324 static int mwifiex_uap_parse_tail_ies(struct mwifiex_private *priv,
325 				      struct cfg80211_beacon_data *info)
326 {
327 	struct mwifiex_ie *gen_ie;
328 	struct ieee_types_header *hdr;
329 	struct ieee80211_vendor_ie *vendorhdr;
330 	u16 gen_idx = MWIFIEX_AUTO_IDX_MASK, ie_len = 0;
331 	int left_len, parsed_len = 0;
332 	unsigned int token_len;
333 	int err = 0;
334 
335 	if (!info->tail || !info->tail_len)
336 		return 0;
337 
338 	gen_ie = kzalloc(sizeof(*gen_ie), GFP_KERNEL);
339 	if (!gen_ie)
340 		return -ENOMEM;
341 
342 	left_len = info->tail_len;
343 
344 	/* Many IEs are generated in FW by parsing bss configuration.
345 	 * Let's not add them here; else we may end up duplicating these IEs
346 	 */
347 	while (left_len > sizeof(struct ieee_types_header)) {
348 		hdr = (void *)(info->tail + parsed_len);
349 		token_len = hdr->len + sizeof(struct ieee_types_header);
350 		if (token_len > left_len) {
351 			err = -EINVAL;
352 			goto out;
353 		}
354 
355 		switch (hdr->element_id) {
356 		case WLAN_EID_SSID:
357 		case WLAN_EID_SUPP_RATES:
358 		case WLAN_EID_COUNTRY:
359 		case WLAN_EID_PWR_CONSTRAINT:
360 		case WLAN_EID_ERP_INFO:
361 		case WLAN_EID_EXT_SUPP_RATES:
362 		case WLAN_EID_HT_CAPABILITY:
363 		case WLAN_EID_HT_OPERATION:
364 		case WLAN_EID_VHT_CAPABILITY:
365 		case WLAN_EID_VHT_OPERATION:
366 			break;
367 		case WLAN_EID_VENDOR_SPECIFIC:
368 			/* Skip only Microsoft WMM IE */
369 			if (cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
370 						    WLAN_OUI_TYPE_MICROSOFT_WMM,
371 						    (const u8 *)hdr,
372 						    token_len))
373 				break;
374 			/* fall through */
375 		default:
376 			if (ie_len + token_len > IEEE_MAX_IE_SIZE) {
377 				err = -EINVAL;
378 				goto out;
379 			}
380 			memcpy(gen_ie->ie_buffer + ie_len, hdr, token_len);
381 			ie_len += token_len;
382 			break;
383 		}
384 		left_len -= token_len;
385 		parsed_len += token_len;
386 	}
387 
388 	/* parse only WPA vendor IE from tail, WMM IE is configured by
389 	 * bss_config command
390 	 */
391 	vendorhdr = (void *)cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
392 						    WLAN_OUI_TYPE_MICROSOFT_WPA,
393 						    info->tail, info->tail_len);
394 	if (vendorhdr) {
395 		token_len = vendorhdr->len + sizeof(struct ieee_types_header);
396 		if (ie_len + token_len > IEEE_MAX_IE_SIZE) {
397 			err = -EINVAL;
398 			goto out;
399 		}
400 		memcpy(gen_ie->ie_buffer + ie_len, vendorhdr, token_len);
401 		ie_len += token_len;
402 	}
403 
404 	if (!ie_len)
405 		goto out;
406 
407 	gen_ie->ie_index = cpu_to_le16(gen_idx);
408 	gen_ie->mgmt_subtype_mask = cpu_to_le16(MGMT_MASK_BEACON |
409 						MGMT_MASK_PROBE_RESP |
410 						MGMT_MASK_ASSOC_RESP);
411 	gen_ie->ie_length = cpu_to_le16(ie_len);
412 
413 	if (mwifiex_update_uap_custom_ie(priv, gen_ie, &gen_idx, NULL, NULL,
414 					 NULL, NULL)) {
415 		err = -EINVAL;
416 		goto out;
417 	}
418 
419 	priv->gen_idx = gen_idx;
420 
421  out:
422 	kfree(gen_ie);
423 	return err;
424 }
425 
426 /* This function parses different IEs-head & tail IEs, beacon IEs,
427  * probe response IEs, association response IEs from cfg80211_ap_settings
428  * function and sets these IE to FW.
429  */
430 int mwifiex_set_mgmt_ies(struct mwifiex_private *priv,
431 			 struct cfg80211_beacon_data *info)
432 {
433 	int ret;
434 
435 	ret = mwifiex_uap_parse_tail_ies(priv, info);
436 
437 	if (ret)
438 		return ret;
439 
440 	return mwifiex_set_mgmt_beacon_data_ies(priv, info);
441 }
442 
443 /* This function removes management IE set */
444 int mwifiex_del_mgmt_ies(struct mwifiex_private *priv)
445 {
446 	struct mwifiex_ie *beacon_ie = NULL, *pr_ie = NULL;
447 	struct mwifiex_ie *ar_ie = NULL, *gen_ie = NULL;
448 	int ret = 0;
449 
450 	if (priv->gen_idx != MWIFIEX_AUTO_IDX_MASK) {
451 		gen_ie = kmalloc(sizeof(*gen_ie), GFP_KERNEL);
452 		if (!gen_ie)
453 			return -ENOMEM;
454 
455 		gen_ie->ie_index = cpu_to_le16(priv->gen_idx);
456 		gen_ie->mgmt_subtype_mask = cpu_to_le16(MWIFIEX_DELETE_MASK);
457 		gen_ie->ie_length = 0;
458 		if (mwifiex_update_uap_custom_ie(priv, gen_ie, &priv->gen_idx,
459 						 NULL, &priv->proberesp_idx,
460 						 NULL, &priv->assocresp_idx)) {
461 			ret = -1;
462 			goto done;
463 		}
464 
465 		priv->gen_idx = MWIFIEX_AUTO_IDX_MASK;
466 	}
467 
468 	if (priv->beacon_idx != MWIFIEX_AUTO_IDX_MASK) {
469 		beacon_ie = kmalloc(sizeof(struct mwifiex_ie), GFP_KERNEL);
470 		if (!beacon_ie) {
471 			ret = -ENOMEM;
472 			goto done;
473 		}
474 		beacon_ie->ie_index = cpu_to_le16(priv->beacon_idx);
475 		beacon_ie->mgmt_subtype_mask = cpu_to_le16(MWIFIEX_DELETE_MASK);
476 		beacon_ie->ie_length = 0;
477 	}
478 	if (priv->proberesp_idx != MWIFIEX_AUTO_IDX_MASK) {
479 		pr_ie = kmalloc(sizeof(struct mwifiex_ie), GFP_KERNEL);
480 		if (!pr_ie) {
481 			ret = -ENOMEM;
482 			goto done;
483 		}
484 		pr_ie->ie_index = cpu_to_le16(priv->proberesp_idx);
485 		pr_ie->mgmt_subtype_mask = cpu_to_le16(MWIFIEX_DELETE_MASK);
486 		pr_ie->ie_length = 0;
487 	}
488 	if (priv->assocresp_idx != MWIFIEX_AUTO_IDX_MASK) {
489 		ar_ie = kmalloc(sizeof(struct mwifiex_ie), GFP_KERNEL);
490 		if (!ar_ie) {
491 			ret = -ENOMEM;
492 			goto done;
493 		}
494 		ar_ie->ie_index = cpu_to_le16(priv->assocresp_idx);
495 		ar_ie->mgmt_subtype_mask = cpu_to_le16(MWIFIEX_DELETE_MASK);
496 		ar_ie->ie_length = 0;
497 	}
498 
499 	if (beacon_ie || pr_ie || ar_ie)
500 		ret = mwifiex_update_uap_custom_ie(priv,
501 						   beacon_ie, &priv->beacon_idx,
502 						   pr_ie, &priv->proberesp_idx,
503 						   ar_ie, &priv->assocresp_idx);
504 
505 done:
506 	kfree(gen_ie);
507 	kfree(beacon_ie);
508 	kfree(pr_ie);
509 	kfree(ar_ie);
510 
511 	return ret;
512 }
513