1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * cfg80211 MLME SAP interface 4 * 5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi> 6 * Copyright (c) 2015 Intel Deutschland GmbH 7 * Copyright (C) 2019 Intel Corporation 8 */ 9 10 #include <linux/kernel.h> 11 #include <linux/module.h> 12 #include <linux/etherdevice.h> 13 #include <linux/netdevice.h> 14 #include <linux/nl80211.h> 15 #include <linux/slab.h> 16 #include <linux/wireless.h> 17 #include <net/cfg80211.h> 18 #include <net/iw_handler.h> 19 #include "core.h" 20 #include "nl80211.h" 21 #include "rdev-ops.h" 22 23 24 void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss, 25 const u8 *buf, size_t len, int uapsd_queues, 26 const u8 *req_ies, size_t req_ies_len) 27 { 28 struct wireless_dev *wdev = dev->ieee80211_ptr; 29 struct wiphy *wiphy = wdev->wiphy; 30 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 31 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 32 struct cfg80211_connect_resp_params cr; 33 const u8 *resp_ie = mgmt->u.assoc_resp.variable; 34 size_t resp_ie_len = len - offsetof(struct ieee80211_mgmt, 35 u.assoc_resp.variable); 36 37 if (bss->channel->band == NL80211_BAND_S1GHZ) { 38 resp_ie = (u8 *)&mgmt->u.s1g_assoc_resp.variable; 39 resp_ie_len = len - offsetof(struct ieee80211_mgmt, 40 u.s1g_assoc_resp.variable); 41 } 42 43 memset(&cr, 0, sizeof(cr)); 44 cr.status = (int)le16_to_cpu(mgmt->u.assoc_resp.status_code); 45 cr.bssid = mgmt->bssid; 46 cr.bss = bss; 47 cr.req_ie = req_ies; 48 cr.req_ie_len = req_ies_len; 49 cr.resp_ie = resp_ie; 50 cr.resp_ie_len = resp_ie_len; 51 cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED; 52 53 trace_cfg80211_send_rx_assoc(dev, bss); 54 55 /* 56 * This is a bit of a hack, we don't notify userspace of 57 * a (re-)association reply if we tried to send a reassoc 58 * and got a reject -- we only try again with an assoc 59 * frame instead of reassoc. 60 */ 61 if (cfg80211_sme_rx_assoc_resp(wdev, cr.status)) { 62 cfg80211_unhold_bss(bss_from_pub(bss)); 63 cfg80211_put_bss(wiphy, bss); 64 return; 65 } 66 67 nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues, 68 req_ies, req_ies_len); 69 /* update current_bss etc., consumes the bss reference */ 70 __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS); 71 } 72 EXPORT_SYMBOL(cfg80211_rx_assoc_resp); 73 74 static void cfg80211_process_auth(struct wireless_dev *wdev, 75 const u8 *buf, size_t len) 76 { 77 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 78 79 nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL); 80 cfg80211_sme_rx_auth(wdev, buf, len); 81 } 82 83 static void cfg80211_process_deauth(struct wireless_dev *wdev, 84 const u8 *buf, size_t len) 85 { 86 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 87 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 88 const u8 *bssid = mgmt->bssid; 89 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 90 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 91 92 nl80211_send_deauth(rdev, wdev->netdev, buf, len, GFP_KERNEL); 93 94 if (!wdev->current_bss || 95 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 96 return; 97 98 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 99 cfg80211_sme_deauth(wdev); 100 } 101 102 static void cfg80211_process_disassoc(struct wireless_dev *wdev, 103 const u8 *buf, size_t len) 104 { 105 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 106 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 107 const u8 *bssid = mgmt->bssid; 108 u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 109 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 110 111 nl80211_send_disassoc(rdev, wdev->netdev, buf, len, GFP_KERNEL); 112 113 if (WARN_ON(!wdev->current_bss || 114 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 115 return; 116 117 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 118 cfg80211_sme_disassoc(wdev); 119 } 120 121 void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) 122 { 123 struct wireless_dev *wdev = dev->ieee80211_ptr; 124 struct ieee80211_mgmt *mgmt = (void *)buf; 125 126 ASSERT_WDEV_LOCK(wdev); 127 128 trace_cfg80211_rx_mlme_mgmt(dev, buf, len); 129 130 if (WARN_ON(len < 2)) 131 return; 132 133 if (ieee80211_is_auth(mgmt->frame_control)) 134 cfg80211_process_auth(wdev, buf, len); 135 else if (ieee80211_is_deauth(mgmt->frame_control)) 136 cfg80211_process_deauth(wdev, buf, len); 137 else if (ieee80211_is_disassoc(mgmt->frame_control)) 138 cfg80211_process_disassoc(wdev, buf, len); 139 } 140 EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt); 141 142 void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr) 143 { 144 struct wireless_dev *wdev = dev->ieee80211_ptr; 145 struct wiphy *wiphy = wdev->wiphy; 146 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 147 148 trace_cfg80211_send_auth_timeout(dev, addr); 149 150 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL); 151 cfg80211_sme_auth_timeout(wdev); 152 } 153 EXPORT_SYMBOL(cfg80211_auth_timeout); 154 155 void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss) 156 { 157 struct wireless_dev *wdev = dev->ieee80211_ptr; 158 struct wiphy *wiphy = wdev->wiphy; 159 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 160 161 trace_cfg80211_send_assoc_timeout(dev, bss->bssid); 162 163 nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL); 164 cfg80211_sme_assoc_timeout(wdev); 165 166 cfg80211_unhold_bss(bss_from_pub(bss)); 167 cfg80211_put_bss(wiphy, bss); 168 } 169 EXPORT_SYMBOL(cfg80211_assoc_timeout); 170 171 void cfg80211_abandon_assoc(struct net_device *dev, struct cfg80211_bss *bss) 172 { 173 struct wireless_dev *wdev = dev->ieee80211_ptr; 174 struct wiphy *wiphy = wdev->wiphy; 175 176 cfg80211_sme_abandon_assoc(wdev); 177 178 cfg80211_unhold_bss(bss_from_pub(bss)); 179 cfg80211_put_bss(wiphy, bss); 180 } 181 EXPORT_SYMBOL(cfg80211_abandon_assoc); 182 183 void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) 184 { 185 struct wireless_dev *wdev = dev->ieee80211_ptr; 186 struct ieee80211_mgmt *mgmt = (void *)buf; 187 188 ASSERT_WDEV_LOCK(wdev); 189 190 trace_cfg80211_tx_mlme_mgmt(dev, buf, len); 191 192 if (WARN_ON(len < 2)) 193 return; 194 195 if (ieee80211_is_deauth(mgmt->frame_control)) 196 cfg80211_process_deauth(wdev, buf, len); 197 else 198 cfg80211_process_disassoc(wdev, buf, len); 199 } 200 EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt); 201 202 void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr, 203 enum nl80211_key_type key_type, int key_id, 204 const u8 *tsc, gfp_t gfp) 205 { 206 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 207 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 208 #ifdef CONFIG_CFG80211_WEXT 209 union iwreq_data wrqu; 210 char *buf = kmalloc(128, gfp); 211 212 if (buf) { 213 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(" 214 "keyid=%d %scast addr=%pM)", key_id, 215 key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni", 216 addr); 217 memset(&wrqu, 0, sizeof(wrqu)); 218 wrqu.data.length = strlen(buf); 219 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); 220 kfree(buf); 221 } 222 #endif 223 224 trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc); 225 nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp); 226 } 227 EXPORT_SYMBOL(cfg80211_michael_mic_failure); 228 229 /* some MLME handling for userspace SME */ 230 int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, 231 struct net_device *dev, 232 struct ieee80211_channel *chan, 233 enum nl80211_auth_type auth_type, 234 const u8 *bssid, 235 const u8 *ssid, int ssid_len, 236 const u8 *ie, int ie_len, 237 const u8 *key, int key_len, int key_idx, 238 const u8 *auth_data, int auth_data_len) 239 { 240 struct wireless_dev *wdev = dev->ieee80211_ptr; 241 struct cfg80211_auth_request req = { 242 .ie = ie, 243 .ie_len = ie_len, 244 .auth_data = auth_data, 245 .auth_data_len = auth_data_len, 246 .auth_type = auth_type, 247 .key = key, 248 .key_len = key_len, 249 .key_idx = key_idx, 250 }; 251 int err; 252 253 ASSERT_WDEV_LOCK(wdev); 254 255 if (auth_type == NL80211_AUTHTYPE_SHARED_KEY) 256 if (!key || !key_len || key_idx < 0 || key_idx > 3) 257 return -EINVAL; 258 259 if (wdev->current_bss && 260 ether_addr_equal(bssid, wdev->current_bss->pub.bssid)) 261 return -EALREADY; 262 263 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 264 IEEE80211_BSS_TYPE_ESS, 265 IEEE80211_PRIVACY_ANY); 266 if (!req.bss) 267 return -ENOENT; 268 269 err = rdev_auth(rdev, dev, &req); 270 271 cfg80211_put_bss(&rdev->wiphy, req.bss); 272 return err; 273 } 274 275 /* Do a logical ht_capa &= ht_capa_mask. */ 276 void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa, 277 const struct ieee80211_ht_cap *ht_capa_mask) 278 { 279 int i; 280 u8 *p1, *p2; 281 if (!ht_capa_mask) { 282 memset(ht_capa, 0, sizeof(*ht_capa)); 283 return; 284 } 285 286 p1 = (u8*)(ht_capa); 287 p2 = (u8*)(ht_capa_mask); 288 for (i = 0; i < sizeof(*ht_capa); i++) 289 p1[i] &= p2[i]; 290 } 291 292 /* Do a logical vht_capa &= vht_capa_mask. */ 293 void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa, 294 const struct ieee80211_vht_cap *vht_capa_mask) 295 { 296 int i; 297 u8 *p1, *p2; 298 if (!vht_capa_mask) { 299 memset(vht_capa, 0, sizeof(*vht_capa)); 300 return; 301 } 302 303 p1 = (u8*)(vht_capa); 304 p2 = (u8*)(vht_capa_mask); 305 for (i = 0; i < sizeof(*vht_capa); i++) 306 p1[i] &= p2[i]; 307 } 308 309 int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev, 310 struct net_device *dev, 311 struct ieee80211_channel *chan, 312 const u8 *bssid, 313 const u8 *ssid, int ssid_len, 314 struct cfg80211_assoc_request *req) 315 { 316 struct wireless_dev *wdev = dev->ieee80211_ptr; 317 int err; 318 319 ASSERT_WDEV_LOCK(wdev); 320 321 if (wdev->current_bss && 322 (!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid, 323 req->prev_bssid))) 324 return -EALREADY; 325 326 cfg80211_oper_and_ht_capa(&req->ht_capa_mask, 327 rdev->wiphy.ht_capa_mod_mask); 328 cfg80211_oper_and_vht_capa(&req->vht_capa_mask, 329 rdev->wiphy.vht_capa_mod_mask); 330 331 req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 332 IEEE80211_BSS_TYPE_ESS, 333 IEEE80211_PRIVACY_ANY); 334 if (!req->bss) 335 return -ENOENT; 336 337 err = rdev_assoc(rdev, dev, req); 338 if (!err) 339 cfg80211_hold_bss(bss_from_pub(req->bss)); 340 else 341 cfg80211_put_bss(&rdev->wiphy, req->bss); 342 343 return err; 344 } 345 346 int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, 347 struct net_device *dev, const u8 *bssid, 348 const u8 *ie, int ie_len, u16 reason, 349 bool local_state_change) 350 { 351 struct wireless_dev *wdev = dev->ieee80211_ptr; 352 struct cfg80211_deauth_request req = { 353 .bssid = bssid, 354 .reason_code = reason, 355 .ie = ie, 356 .ie_len = ie_len, 357 .local_state_change = local_state_change, 358 }; 359 360 ASSERT_WDEV_LOCK(wdev); 361 362 if (local_state_change && 363 (!wdev->current_bss || 364 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 365 return 0; 366 367 if (ether_addr_equal(wdev->disconnect_bssid, bssid) || 368 (wdev->current_bss && 369 ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 370 wdev->conn_owner_nlportid = 0; 371 372 return rdev_deauth(rdev, dev, &req); 373 } 374 375 int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev, 376 struct net_device *dev, const u8 *bssid, 377 const u8 *ie, int ie_len, u16 reason, 378 bool local_state_change) 379 { 380 struct wireless_dev *wdev = dev->ieee80211_ptr; 381 struct cfg80211_disassoc_request req = { 382 .reason_code = reason, 383 .local_state_change = local_state_change, 384 .ie = ie, 385 .ie_len = ie_len, 386 }; 387 int err; 388 389 ASSERT_WDEV_LOCK(wdev); 390 391 if (!wdev->current_bss) 392 return -ENOTCONN; 393 394 if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 395 req.bss = &wdev->current_bss->pub; 396 else 397 return -ENOTCONN; 398 399 err = rdev_disassoc(rdev, dev, &req); 400 if (err) 401 return err; 402 403 /* driver should have reported the disassoc */ 404 WARN_ON(wdev->current_bss); 405 return 0; 406 } 407 408 void cfg80211_mlme_down(struct cfg80211_registered_device *rdev, 409 struct net_device *dev) 410 { 411 struct wireless_dev *wdev = dev->ieee80211_ptr; 412 u8 bssid[ETH_ALEN]; 413 414 ASSERT_WDEV_LOCK(wdev); 415 416 if (!rdev->ops->deauth) 417 return; 418 419 if (!wdev->current_bss) 420 return; 421 422 memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN); 423 cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0, 424 WLAN_REASON_DEAUTH_LEAVING, false); 425 } 426 427 struct cfg80211_mgmt_registration { 428 struct list_head list; 429 struct wireless_dev *wdev; 430 431 u32 nlportid; 432 433 int match_len; 434 435 __le16 frame_type; 436 437 bool multicast_rx; 438 439 u8 match[]; 440 }; 441 442 static void cfg80211_mgmt_registrations_update(struct wireless_dev *wdev) 443 { 444 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 445 struct wireless_dev *tmp; 446 struct cfg80211_mgmt_registration *reg; 447 struct mgmt_frame_regs upd = {}; 448 449 ASSERT_RTNL(); 450 451 spin_lock_bh(&wdev->mgmt_registrations_lock); 452 if (!wdev->mgmt_registrations_need_update) { 453 spin_unlock_bh(&wdev->mgmt_registrations_lock); 454 return; 455 } 456 457 rcu_read_lock(); 458 list_for_each_entry_rcu(tmp, &rdev->wiphy.wdev_list, list) { 459 list_for_each_entry(reg, &tmp->mgmt_registrations, list) { 460 u32 mask = BIT(le16_to_cpu(reg->frame_type) >> 4); 461 u32 mcast_mask = 0; 462 463 if (reg->multicast_rx) 464 mcast_mask = mask; 465 466 upd.global_stypes |= mask; 467 upd.global_mcast_stypes |= mcast_mask; 468 469 if (tmp == wdev) { 470 upd.interface_stypes |= mask; 471 upd.interface_mcast_stypes |= mcast_mask; 472 } 473 } 474 } 475 rcu_read_unlock(); 476 477 wdev->mgmt_registrations_need_update = 0; 478 spin_unlock_bh(&wdev->mgmt_registrations_lock); 479 480 rdev_update_mgmt_frame_registrations(rdev, wdev, &upd); 481 } 482 483 void cfg80211_mgmt_registrations_update_wk(struct work_struct *wk) 484 { 485 struct cfg80211_registered_device *rdev; 486 struct wireless_dev *wdev; 487 488 rdev = container_of(wk, struct cfg80211_registered_device, 489 mgmt_registrations_update_wk); 490 491 rtnl_lock(); 492 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) 493 cfg80211_mgmt_registrations_update(wdev); 494 rtnl_unlock(); 495 } 496 497 int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid, 498 u16 frame_type, const u8 *match_data, 499 int match_len, bool multicast_rx, 500 struct netlink_ext_ack *extack) 501 { 502 struct cfg80211_mgmt_registration *reg, *nreg; 503 int err = 0; 504 u16 mgmt_type; 505 bool update_multicast = false; 506 507 if (!wdev->wiphy->mgmt_stypes) 508 return -EOPNOTSUPP; 509 510 if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) { 511 NL_SET_ERR_MSG(extack, "frame type not management"); 512 return -EINVAL; 513 } 514 515 if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) { 516 NL_SET_ERR_MSG(extack, "Invalid frame type"); 517 return -EINVAL; 518 } 519 520 mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4; 521 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) { 522 NL_SET_ERR_MSG(extack, 523 "Registration to specific type not supported"); 524 return -EINVAL; 525 } 526 527 /* 528 * To support Pre Association Security Negotiation (PASN), registration 529 * for authentication frames should be supported. However, as some 530 * versions of the user space daemons wrongly register to all types of 531 * authentication frames (which might result in unexpected behavior) 532 * allow such registration if the request is for a specific 533 * authentication algorithm number. 534 */ 535 if (wdev->iftype == NL80211_IFTYPE_STATION && 536 (frame_type & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_AUTH && 537 !(match_data && match_len >= 2)) { 538 NL_SET_ERR_MSG(extack, 539 "Authentication algorithm number required"); 540 return -EINVAL; 541 } 542 543 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL); 544 if (!nreg) 545 return -ENOMEM; 546 547 spin_lock_bh(&wdev->mgmt_registrations_lock); 548 549 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 550 int mlen = min(match_len, reg->match_len); 551 552 if (frame_type != le16_to_cpu(reg->frame_type)) 553 continue; 554 555 if (memcmp(reg->match, match_data, mlen) == 0) { 556 if (reg->multicast_rx != multicast_rx) { 557 update_multicast = true; 558 reg->multicast_rx = multicast_rx; 559 break; 560 } 561 NL_SET_ERR_MSG(extack, "Match already configured"); 562 err = -EALREADY; 563 break; 564 } 565 } 566 567 if (err) 568 goto out; 569 570 if (update_multicast) { 571 kfree(nreg); 572 } else { 573 memcpy(nreg->match, match_data, match_len); 574 nreg->match_len = match_len; 575 nreg->nlportid = snd_portid; 576 nreg->frame_type = cpu_to_le16(frame_type); 577 nreg->wdev = wdev; 578 nreg->multicast_rx = multicast_rx; 579 list_add(&nreg->list, &wdev->mgmt_registrations); 580 } 581 wdev->mgmt_registrations_need_update = 1; 582 spin_unlock_bh(&wdev->mgmt_registrations_lock); 583 584 cfg80211_mgmt_registrations_update(wdev); 585 586 return 0; 587 588 out: 589 kfree(nreg); 590 spin_unlock_bh(&wdev->mgmt_registrations_lock); 591 592 return err; 593 } 594 595 void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid) 596 { 597 struct wiphy *wiphy = wdev->wiphy; 598 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 599 struct cfg80211_mgmt_registration *reg, *tmp; 600 601 spin_lock_bh(&wdev->mgmt_registrations_lock); 602 603 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 604 if (reg->nlportid != nlportid) 605 continue; 606 607 list_del(®->list); 608 kfree(reg); 609 610 wdev->mgmt_registrations_need_update = 1; 611 schedule_work(&rdev->mgmt_registrations_update_wk); 612 } 613 614 spin_unlock_bh(&wdev->mgmt_registrations_lock); 615 616 if (nlportid && rdev->crit_proto_nlportid == nlportid) { 617 rdev->crit_proto_nlportid = 0; 618 rdev_crit_proto_stop(rdev, wdev); 619 } 620 621 if (nlportid == wdev->ap_unexpected_nlportid) 622 wdev->ap_unexpected_nlportid = 0; 623 } 624 625 void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev) 626 { 627 struct cfg80211_mgmt_registration *reg, *tmp; 628 629 spin_lock_bh(&wdev->mgmt_registrations_lock); 630 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 631 list_del(®->list); 632 kfree(reg); 633 } 634 wdev->mgmt_registrations_need_update = 1; 635 spin_unlock_bh(&wdev->mgmt_registrations_lock); 636 637 cfg80211_mgmt_registrations_update(wdev); 638 } 639 640 int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, 641 struct wireless_dev *wdev, 642 struct cfg80211_mgmt_tx_params *params, u64 *cookie) 643 { 644 const struct ieee80211_mgmt *mgmt; 645 u16 stype; 646 647 if (!wdev->wiphy->mgmt_stypes) 648 return -EOPNOTSUPP; 649 650 if (!rdev->ops->mgmt_tx) 651 return -EOPNOTSUPP; 652 653 if (params->len < 24 + 1) 654 return -EINVAL; 655 656 mgmt = (const struct ieee80211_mgmt *)params->buf; 657 658 if (!ieee80211_is_mgmt(mgmt->frame_control)) 659 return -EINVAL; 660 661 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; 662 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4))) 663 return -EINVAL; 664 665 if (ieee80211_is_action(mgmt->frame_control) && 666 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { 667 int err = 0; 668 669 wdev_lock(wdev); 670 671 switch (wdev->iftype) { 672 case NL80211_IFTYPE_ADHOC: 673 case NL80211_IFTYPE_STATION: 674 case NL80211_IFTYPE_P2P_CLIENT: 675 if (!wdev->current_bss) { 676 err = -ENOTCONN; 677 break; 678 } 679 680 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 681 mgmt->bssid)) { 682 err = -ENOTCONN; 683 break; 684 } 685 686 /* 687 * check for IBSS DA must be done by driver as 688 * cfg80211 doesn't track the stations 689 */ 690 if (wdev->iftype == NL80211_IFTYPE_ADHOC) 691 break; 692 693 /* for station, check that DA is the AP */ 694 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 695 mgmt->da)) { 696 err = -ENOTCONN; 697 break; 698 } 699 break; 700 case NL80211_IFTYPE_AP: 701 case NL80211_IFTYPE_P2P_GO: 702 case NL80211_IFTYPE_AP_VLAN: 703 if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev))) 704 err = -EINVAL; 705 break; 706 case NL80211_IFTYPE_MESH_POINT: 707 if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) { 708 err = -EINVAL; 709 break; 710 } 711 /* 712 * check for mesh DA must be done by driver as 713 * cfg80211 doesn't track the stations 714 */ 715 break; 716 case NL80211_IFTYPE_P2P_DEVICE: 717 /* 718 * fall through, P2P device only supports 719 * public action frames 720 */ 721 case NL80211_IFTYPE_NAN: 722 default: 723 err = -EOPNOTSUPP; 724 break; 725 } 726 wdev_unlock(wdev); 727 728 if (err) 729 return err; 730 } 731 732 if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) { 733 /* Allow random TA to be used with Public Action frames if the 734 * driver has indicated support for this. Otherwise, only allow 735 * the local address to be used. 736 */ 737 if (!ieee80211_is_action(mgmt->frame_control) || 738 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) 739 return -EINVAL; 740 if (!wdev->current_bss && 741 !wiphy_ext_feature_isset( 742 &rdev->wiphy, 743 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA)) 744 return -EINVAL; 745 if (wdev->current_bss && 746 !wiphy_ext_feature_isset( 747 &rdev->wiphy, 748 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED)) 749 return -EINVAL; 750 } 751 752 /* Transmit the Action frame as requested by user space */ 753 return rdev_mgmt_tx(rdev, wdev, params, cookie); 754 } 755 756 bool cfg80211_rx_mgmt_khz(struct wireless_dev *wdev, int freq, int sig_dbm, 757 const u8 *buf, size_t len, u32 flags) 758 { 759 struct wiphy *wiphy = wdev->wiphy; 760 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 761 struct cfg80211_mgmt_registration *reg; 762 const struct ieee80211_txrx_stypes *stypes = 763 &wiphy->mgmt_stypes[wdev->iftype]; 764 struct ieee80211_mgmt *mgmt = (void *)buf; 765 const u8 *data; 766 int data_len; 767 bool result = false; 768 __le16 ftype = mgmt->frame_control & 769 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE); 770 u16 stype; 771 772 trace_cfg80211_rx_mgmt(wdev, freq, sig_dbm); 773 stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4; 774 775 if (!(stypes->rx & BIT(stype))) { 776 trace_cfg80211_return_bool(false); 777 return false; 778 } 779 780 data = buf + ieee80211_hdrlen(mgmt->frame_control); 781 data_len = len - ieee80211_hdrlen(mgmt->frame_control); 782 783 spin_lock_bh(&wdev->mgmt_registrations_lock); 784 785 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 786 if (reg->frame_type != ftype) 787 continue; 788 789 if (reg->match_len > data_len) 790 continue; 791 792 if (memcmp(reg->match, data, reg->match_len)) 793 continue; 794 795 /* found match! */ 796 797 /* Indicate the received Action frame to user space */ 798 if (nl80211_send_mgmt(rdev, wdev, reg->nlportid, 799 freq, sig_dbm, 800 buf, len, flags, GFP_ATOMIC)) 801 continue; 802 803 result = true; 804 break; 805 } 806 807 spin_unlock_bh(&wdev->mgmt_registrations_lock); 808 809 trace_cfg80211_return_bool(result); 810 return result; 811 } 812 EXPORT_SYMBOL(cfg80211_rx_mgmt_khz); 813 814 void cfg80211_sched_dfs_chan_update(struct cfg80211_registered_device *rdev) 815 { 816 cancel_delayed_work(&rdev->dfs_update_channels_wk); 817 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 0); 818 } 819 820 void cfg80211_dfs_channels_update_work(struct work_struct *work) 821 { 822 struct delayed_work *delayed_work = to_delayed_work(work); 823 struct cfg80211_registered_device *rdev; 824 struct cfg80211_chan_def chandef; 825 struct ieee80211_supported_band *sband; 826 struct ieee80211_channel *c; 827 struct wiphy *wiphy; 828 bool check_again = false; 829 unsigned long timeout, next_time = 0; 830 unsigned long time_dfs_update; 831 enum nl80211_radar_event radar_event; 832 int bandid, i; 833 834 rdev = container_of(delayed_work, struct cfg80211_registered_device, 835 dfs_update_channels_wk); 836 wiphy = &rdev->wiphy; 837 838 rtnl_lock(); 839 for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) { 840 sband = wiphy->bands[bandid]; 841 if (!sband) 842 continue; 843 844 for (i = 0; i < sband->n_channels; i++) { 845 c = &sband->channels[i]; 846 847 if (!(c->flags & IEEE80211_CHAN_RADAR)) 848 continue; 849 850 if (c->dfs_state != NL80211_DFS_UNAVAILABLE && 851 c->dfs_state != NL80211_DFS_AVAILABLE) 852 continue; 853 854 if (c->dfs_state == NL80211_DFS_UNAVAILABLE) { 855 time_dfs_update = IEEE80211_DFS_MIN_NOP_TIME_MS; 856 radar_event = NL80211_RADAR_NOP_FINISHED; 857 } else { 858 if (regulatory_pre_cac_allowed(wiphy) || 859 cfg80211_any_wiphy_oper_chan(wiphy, c)) 860 continue; 861 862 time_dfs_update = REG_PRE_CAC_EXPIRY_GRACE_MS; 863 radar_event = NL80211_RADAR_PRE_CAC_EXPIRED; 864 } 865 866 timeout = c->dfs_state_entered + 867 msecs_to_jiffies(time_dfs_update); 868 869 if (time_after_eq(jiffies, timeout)) { 870 c->dfs_state = NL80211_DFS_USABLE; 871 c->dfs_state_entered = jiffies; 872 873 cfg80211_chandef_create(&chandef, c, 874 NL80211_CHAN_NO_HT); 875 876 nl80211_radar_notify(rdev, &chandef, 877 radar_event, NULL, 878 GFP_ATOMIC); 879 880 regulatory_propagate_dfs_state(wiphy, &chandef, 881 c->dfs_state, 882 radar_event); 883 continue; 884 } 885 886 if (!check_again) 887 next_time = timeout - jiffies; 888 else 889 next_time = min(next_time, timeout - jiffies); 890 check_again = true; 891 } 892 } 893 rtnl_unlock(); 894 895 /* reschedule if there are other channels waiting to be cleared again */ 896 if (check_again) 897 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 898 next_time); 899 } 900 901 902 void cfg80211_radar_event(struct wiphy *wiphy, 903 struct cfg80211_chan_def *chandef, 904 gfp_t gfp) 905 { 906 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 907 908 trace_cfg80211_radar_event(wiphy, chandef); 909 910 /* only set the chandef supplied channel to unavailable, in 911 * case the radar is detected on only one of multiple channels 912 * spanned by the chandef. 913 */ 914 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE); 915 916 cfg80211_sched_dfs_chan_update(rdev); 917 918 nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp); 919 920 memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def)); 921 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk); 922 } 923 EXPORT_SYMBOL(cfg80211_radar_event); 924 925 void cfg80211_cac_event(struct net_device *netdev, 926 const struct cfg80211_chan_def *chandef, 927 enum nl80211_radar_event event, gfp_t gfp) 928 { 929 struct wireless_dev *wdev = netdev->ieee80211_ptr; 930 struct wiphy *wiphy = wdev->wiphy; 931 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 932 unsigned long timeout; 933 934 trace_cfg80211_cac_event(netdev, event); 935 936 if (WARN_ON(!wdev->cac_started && event != NL80211_RADAR_CAC_STARTED)) 937 return; 938 939 if (WARN_ON(!wdev->chandef.chan)) 940 return; 941 942 switch (event) { 943 case NL80211_RADAR_CAC_FINISHED: 944 timeout = wdev->cac_start_time + 945 msecs_to_jiffies(wdev->cac_time_ms); 946 WARN_ON(!time_after_eq(jiffies, timeout)); 947 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE); 948 memcpy(&rdev->cac_done_chandef, chandef, 949 sizeof(struct cfg80211_chan_def)); 950 queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk); 951 cfg80211_sched_dfs_chan_update(rdev); 952 fallthrough; 953 case NL80211_RADAR_CAC_ABORTED: 954 wdev->cac_started = false; 955 break; 956 case NL80211_RADAR_CAC_STARTED: 957 wdev->cac_started = true; 958 break; 959 default: 960 WARN_ON(1); 961 return; 962 } 963 964 nl80211_radar_notify(rdev, chandef, event, netdev, gfp); 965 } 966 EXPORT_SYMBOL(cfg80211_cac_event); 967