1 /* 2 * cfg80211 MLME SAP interface 3 * 4 * Copyright (c) 2009, Jouni Malinen <j@w1.fi> 5 * Copyright (c) 2015 Intel Deutschland GmbH 6 */ 7 8 #include <linux/kernel.h> 9 #include <linux/module.h> 10 #include <linux/etherdevice.h> 11 #include <linux/netdevice.h> 12 #include <linux/nl80211.h> 13 #include <linux/slab.h> 14 #include <linux/wireless.h> 15 #include <net/cfg80211.h> 16 #include <net/iw_handler.h> 17 #include "core.h" 18 #include "nl80211.h" 19 #include "rdev-ops.h" 20 21 22 void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss, 23 const u8 *buf, size_t len, int uapsd_queues) 24 { 25 struct wireless_dev *wdev = dev->ieee80211_ptr; 26 struct wiphy *wiphy = wdev->wiphy; 27 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 28 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 29 u8 *ie = mgmt->u.assoc_resp.variable; 30 int ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); 31 u16 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 32 33 trace_cfg80211_send_rx_assoc(dev, bss); 34 35 /* 36 * This is a bit of a hack, we don't notify userspace of 37 * a (re-)association reply if we tried to send a reassoc 38 * and got a reject -- we only try again with an assoc 39 * frame instead of reassoc. 40 */ 41 if (cfg80211_sme_rx_assoc_resp(wdev, status_code)) { 42 cfg80211_unhold_bss(bss_from_pub(bss)); 43 cfg80211_put_bss(wiphy, bss); 44 return; 45 } 46 47 nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues); 48 /* update current_bss etc., consumes the bss reference */ 49 __cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, ie, len - ieoffs, 50 status_code, 51 status_code == WLAN_STATUS_SUCCESS, bss, 52 NL80211_TIMEOUT_UNSPECIFIED); 53 } 54 EXPORT_SYMBOL(cfg80211_rx_assoc_resp); 55 56 static void cfg80211_process_auth(struct wireless_dev *wdev, 57 const u8 *buf, size_t len) 58 { 59 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 60 61 nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL); 62 cfg80211_sme_rx_auth(wdev, buf, len); 63 } 64 65 static void cfg80211_process_deauth(struct wireless_dev *wdev, 66 const u8 *buf, size_t len) 67 { 68 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 69 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 70 const u8 *bssid = mgmt->bssid; 71 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 72 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 73 74 nl80211_send_deauth(rdev, wdev->netdev, buf, len, GFP_KERNEL); 75 76 if (!wdev->current_bss || 77 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 78 return; 79 80 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 81 cfg80211_sme_deauth(wdev); 82 } 83 84 static void cfg80211_process_disassoc(struct wireless_dev *wdev, 85 const u8 *buf, size_t len) 86 { 87 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 88 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 89 const u8 *bssid = mgmt->bssid; 90 u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 91 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 92 93 nl80211_send_disassoc(rdev, wdev->netdev, buf, len, GFP_KERNEL); 94 95 if (WARN_ON(!wdev->current_bss || 96 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 97 return; 98 99 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 100 cfg80211_sme_disassoc(wdev); 101 } 102 103 void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) 104 { 105 struct wireless_dev *wdev = dev->ieee80211_ptr; 106 struct ieee80211_mgmt *mgmt = (void *)buf; 107 108 ASSERT_WDEV_LOCK(wdev); 109 110 trace_cfg80211_rx_mlme_mgmt(dev, buf, len); 111 112 if (WARN_ON(len < 2)) 113 return; 114 115 if (ieee80211_is_auth(mgmt->frame_control)) 116 cfg80211_process_auth(wdev, buf, len); 117 else if (ieee80211_is_deauth(mgmt->frame_control)) 118 cfg80211_process_deauth(wdev, buf, len); 119 else if (ieee80211_is_disassoc(mgmt->frame_control)) 120 cfg80211_process_disassoc(wdev, buf, len); 121 } 122 EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt); 123 124 void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr) 125 { 126 struct wireless_dev *wdev = dev->ieee80211_ptr; 127 struct wiphy *wiphy = wdev->wiphy; 128 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 129 130 trace_cfg80211_send_auth_timeout(dev, addr); 131 132 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL); 133 cfg80211_sme_auth_timeout(wdev); 134 } 135 EXPORT_SYMBOL(cfg80211_auth_timeout); 136 137 void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss) 138 { 139 struct wireless_dev *wdev = dev->ieee80211_ptr; 140 struct wiphy *wiphy = wdev->wiphy; 141 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 142 143 trace_cfg80211_send_assoc_timeout(dev, bss->bssid); 144 145 nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL); 146 cfg80211_sme_assoc_timeout(wdev); 147 148 cfg80211_unhold_bss(bss_from_pub(bss)); 149 cfg80211_put_bss(wiphy, bss); 150 } 151 EXPORT_SYMBOL(cfg80211_assoc_timeout); 152 153 void cfg80211_abandon_assoc(struct net_device *dev, struct cfg80211_bss *bss) 154 { 155 struct wireless_dev *wdev = dev->ieee80211_ptr; 156 struct wiphy *wiphy = wdev->wiphy; 157 158 cfg80211_sme_abandon_assoc(wdev); 159 160 cfg80211_unhold_bss(bss_from_pub(bss)); 161 cfg80211_put_bss(wiphy, bss); 162 } 163 EXPORT_SYMBOL(cfg80211_abandon_assoc); 164 165 void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) 166 { 167 struct wireless_dev *wdev = dev->ieee80211_ptr; 168 struct ieee80211_mgmt *mgmt = (void *)buf; 169 170 ASSERT_WDEV_LOCK(wdev); 171 172 trace_cfg80211_tx_mlme_mgmt(dev, buf, len); 173 174 if (WARN_ON(len < 2)) 175 return; 176 177 if (ieee80211_is_deauth(mgmt->frame_control)) 178 cfg80211_process_deauth(wdev, buf, len); 179 else 180 cfg80211_process_disassoc(wdev, buf, len); 181 } 182 EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt); 183 184 void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr, 185 enum nl80211_key_type key_type, int key_id, 186 const u8 *tsc, gfp_t gfp) 187 { 188 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 189 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 190 #ifdef CONFIG_CFG80211_WEXT 191 union iwreq_data wrqu; 192 char *buf = kmalloc(128, gfp); 193 194 if (buf) { 195 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(" 196 "keyid=%d %scast addr=%pM)", key_id, 197 key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni", 198 addr); 199 memset(&wrqu, 0, sizeof(wrqu)); 200 wrqu.data.length = strlen(buf); 201 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); 202 kfree(buf); 203 } 204 #endif 205 206 trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc); 207 nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp); 208 } 209 EXPORT_SYMBOL(cfg80211_michael_mic_failure); 210 211 /* some MLME handling for userspace SME */ 212 int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, 213 struct net_device *dev, 214 struct ieee80211_channel *chan, 215 enum nl80211_auth_type auth_type, 216 const u8 *bssid, 217 const u8 *ssid, int ssid_len, 218 const u8 *ie, int ie_len, 219 const u8 *key, int key_len, int key_idx, 220 const u8 *auth_data, int auth_data_len) 221 { 222 struct wireless_dev *wdev = dev->ieee80211_ptr; 223 struct cfg80211_auth_request req = { 224 .ie = ie, 225 .ie_len = ie_len, 226 .auth_data = auth_data, 227 .auth_data_len = auth_data_len, 228 .auth_type = auth_type, 229 .key = key, 230 .key_len = key_len, 231 .key_idx = key_idx, 232 }; 233 int err; 234 235 ASSERT_WDEV_LOCK(wdev); 236 237 if (auth_type == NL80211_AUTHTYPE_SHARED_KEY) 238 if (!key || !key_len || key_idx < 0 || key_idx > 3) 239 return -EINVAL; 240 241 if (wdev->current_bss && 242 ether_addr_equal(bssid, wdev->current_bss->pub.bssid)) 243 return -EALREADY; 244 245 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 246 IEEE80211_BSS_TYPE_ESS, 247 IEEE80211_PRIVACY_ANY); 248 if (!req.bss) 249 return -ENOENT; 250 251 err = rdev_auth(rdev, dev, &req); 252 253 cfg80211_put_bss(&rdev->wiphy, req.bss); 254 return err; 255 } 256 257 /* Do a logical ht_capa &= ht_capa_mask. */ 258 void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa, 259 const struct ieee80211_ht_cap *ht_capa_mask) 260 { 261 int i; 262 u8 *p1, *p2; 263 if (!ht_capa_mask) { 264 memset(ht_capa, 0, sizeof(*ht_capa)); 265 return; 266 } 267 268 p1 = (u8*)(ht_capa); 269 p2 = (u8*)(ht_capa_mask); 270 for (i = 0; i<sizeof(*ht_capa); i++) 271 p1[i] &= p2[i]; 272 } 273 274 /* Do a logical ht_capa &= ht_capa_mask. */ 275 void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa, 276 const struct ieee80211_vht_cap *vht_capa_mask) 277 { 278 int i; 279 u8 *p1, *p2; 280 if (!vht_capa_mask) { 281 memset(vht_capa, 0, sizeof(*vht_capa)); 282 return; 283 } 284 285 p1 = (u8*)(vht_capa); 286 p2 = (u8*)(vht_capa_mask); 287 for (i = 0; i < sizeof(*vht_capa); i++) 288 p1[i] &= p2[i]; 289 } 290 291 int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev, 292 struct net_device *dev, 293 struct ieee80211_channel *chan, 294 const u8 *bssid, 295 const u8 *ssid, int ssid_len, 296 struct cfg80211_assoc_request *req) 297 { 298 struct wireless_dev *wdev = dev->ieee80211_ptr; 299 int err; 300 301 ASSERT_WDEV_LOCK(wdev); 302 303 if (wdev->current_bss && 304 (!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid, 305 req->prev_bssid))) 306 return -EALREADY; 307 308 cfg80211_oper_and_ht_capa(&req->ht_capa_mask, 309 rdev->wiphy.ht_capa_mod_mask); 310 cfg80211_oper_and_vht_capa(&req->vht_capa_mask, 311 rdev->wiphy.vht_capa_mod_mask); 312 313 req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 314 IEEE80211_BSS_TYPE_ESS, 315 IEEE80211_PRIVACY_ANY); 316 if (!req->bss) 317 return -ENOENT; 318 319 err = rdev_assoc(rdev, dev, req); 320 if (!err) 321 cfg80211_hold_bss(bss_from_pub(req->bss)); 322 else 323 cfg80211_put_bss(&rdev->wiphy, req->bss); 324 325 return err; 326 } 327 328 int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, 329 struct net_device *dev, const u8 *bssid, 330 const u8 *ie, int ie_len, u16 reason, 331 bool local_state_change) 332 { 333 struct wireless_dev *wdev = dev->ieee80211_ptr; 334 struct cfg80211_deauth_request req = { 335 .bssid = bssid, 336 .reason_code = reason, 337 .ie = ie, 338 .ie_len = ie_len, 339 .local_state_change = local_state_change, 340 }; 341 342 ASSERT_WDEV_LOCK(wdev); 343 344 if (local_state_change && 345 (!wdev->current_bss || 346 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 347 return 0; 348 349 if (ether_addr_equal(wdev->disconnect_bssid, bssid) || 350 (wdev->current_bss && 351 ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 352 wdev->conn_owner_nlportid = 0; 353 354 return rdev_deauth(rdev, dev, &req); 355 } 356 357 int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev, 358 struct net_device *dev, const u8 *bssid, 359 const u8 *ie, int ie_len, u16 reason, 360 bool local_state_change) 361 { 362 struct wireless_dev *wdev = dev->ieee80211_ptr; 363 struct cfg80211_disassoc_request req = { 364 .reason_code = reason, 365 .local_state_change = local_state_change, 366 .ie = ie, 367 .ie_len = ie_len, 368 }; 369 int err; 370 371 ASSERT_WDEV_LOCK(wdev); 372 373 if (!wdev->current_bss) 374 return -ENOTCONN; 375 376 if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 377 req.bss = &wdev->current_bss->pub; 378 else 379 return -ENOTCONN; 380 381 err = rdev_disassoc(rdev, dev, &req); 382 if (err) 383 return err; 384 385 /* driver should have reported the disassoc */ 386 WARN_ON(wdev->current_bss); 387 return 0; 388 } 389 390 void cfg80211_mlme_down(struct cfg80211_registered_device *rdev, 391 struct net_device *dev) 392 { 393 struct wireless_dev *wdev = dev->ieee80211_ptr; 394 u8 bssid[ETH_ALEN]; 395 396 ASSERT_WDEV_LOCK(wdev); 397 398 if (!rdev->ops->deauth) 399 return; 400 401 if (!wdev->current_bss) 402 return; 403 404 memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN); 405 cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0, 406 WLAN_REASON_DEAUTH_LEAVING, false); 407 } 408 409 struct cfg80211_mgmt_registration { 410 struct list_head list; 411 struct wireless_dev *wdev; 412 413 u32 nlportid; 414 415 int match_len; 416 417 __le16 frame_type; 418 419 u8 match[]; 420 }; 421 422 static void 423 cfg80211_process_mlme_unregistrations(struct cfg80211_registered_device *rdev) 424 { 425 struct cfg80211_mgmt_registration *reg; 426 427 ASSERT_RTNL(); 428 429 spin_lock_bh(&rdev->mlme_unreg_lock); 430 while ((reg = list_first_entry_or_null(&rdev->mlme_unreg, 431 struct cfg80211_mgmt_registration, 432 list))) { 433 list_del(®->list); 434 spin_unlock_bh(&rdev->mlme_unreg_lock); 435 436 if (rdev->ops->mgmt_frame_register) { 437 u16 frame_type = le16_to_cpu(reg->frame_type); 438 439 rdev_mgmt_frame_register(rdev, reg->wdev, 440 frame_type, false); 441 } 442 443 kfree(reg); 444 445 spin_lock_bh(&rdev->mlme_unreg_lock); 446 } 447 spin_unlock_bh(&rdev->mlme_unreg_lock); 448 } 449 450 void cfg80211_mlme_unreg_wk(struct work_struct *wk) 451 { 452 struct cfg80211_registered_device *rdev; 453 454 rdev = container_of(wk, struct cfg80211_registered_device, 455 mlme_unreg_wk); 456 457 rtnl_lock(); 458 cfg80211_process_mlme_unregistrations(rdev); 459 rtnl_unlock(); 460 } 461 462 int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid, 463 u16 frame_type, const u8 *match_data, 464 int match_len) 465 { 466 struct wiphy *wiphy = wdev->wiphy; 467 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 468 struct cfg80211_mgmt_registration *reg, *nreg; 469 int err = 0; 470 u16 mgmt_type; 471 472 if (!wdev->wiphy->mgmt_stypes) 473 return -EOPNOTSUPP; 474 475 if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) 476 return -EINVAL; 477 478 if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) 479 return -EINVAL; 480 481 mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4; 482 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) 483 return -EINVAL; 484 485 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL); 486 if (!nreg) 487 return -ENOMEM; 488 489 spin_lock_bh(&wdev->mgmt_registrations_lock); 490 491 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 492 int mlen = min(match_len, reg->match_len); 493 494 if (frame_type != le16_to_cpu(reg->frame_type)) 495 continue; 496 497 if (memcmp(reg->match, match_data, mlen) == 0) { 498 err = -EALREADY; 499 break; 500 } 501 } 502 503 if (err) { 504 kfree(nreg); 505 goto out; 506 } 507 508 memcpy(nreg->match, match_data, match_len); 509 nreg->match_len = match_len; 510 nreg->nlportid = snd_portid; 511 nreg->frame_type = cpu_to_le16(frame_type); 512 nreg->wdev = wdev; 513 list_add(&nreg->list, &wdev->mgmt_registrations); 514 spin_unlock_bh(&wdev->mgmt_registrations_lock); 515 516 /* process all unregistrations to avoid driver confusion */ 517 cfg80211_process_mlme_unregistrations(rdev); 518 519 if (rdev->ops->mgmt_frame_register) 520 rdev_mgmt_frame_register(rdev, wdev, frame_type, true); 521 522 return 0; 523 524 out: 525 spin_unlock_bh(&wdev->mgmt_registrations_lock); 526 527 return err; 528 } 529 530 void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid) 531 { 532 struct wiphy *wiphy = wdev->wiphy; 533 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 534 struct cfg80211_mgmt_registration *reg, *tmp; 535 536 spin_lock_bh(&wdev->mgmt_registrations_lock); 537 538 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 539 if (reg->nlportid != nlportid) 540 continue; 541 542 list_del(®->list); 543 spin_lock(&rdev->mlme_unreg_lock); 544 list_add_tail(®->list, &rdev->mlme_unreg); 545 spin_unlock(&rdev->mlme_unreg_lock); 546 547 schedule_work(&rdev->mlme_unreg_wk); 548 } 549 550 spin_unlock_bh(&wdev->mgmt_registrations_lock); 551 552 if (nlportid && rdev->crit_proto_nlportid == nlportid) { 553 rdev->crit_proto_nlportid = 0; 554 rdev_crit_proto_stop(rdev, wdev); 555 } 556 557 if (nlportid == wdev->ap_unexpected_nlportid) 558 wdev->ap_unexpected_nlportid = 0; 559 } 560 561 void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev) 562 { 563 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 564 565 spin_lock_bh(&wdev->mgmt_registrations_lock); 566 spin_lock(&rdev->mlme_unreg_lock); 567 list_splice_tail_init(&wdev->mgmt_registrations, &rdev->mlme_unreg); 568 spin_unlock(&rdev->mlme_unreg_lock); 569 spin_unlock_bh(&wdev->mgmt_registrations_lock); 570 571 cfg80211_process_mlme_unregistrations(rdev); 572 } 573 574 int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, 575 struct wireless_dev *wdev, 576 struct cfg80211_mgmt_tx_params *params, u64 *cookie) 577 { 578 const struct ieee80211_mgmt *mgmt; 579 u16 stype; 580 581 if (!wdev->wiphy->mgmt_stypes) 582 return -EOPNOTSUPP; 583 584 if (!rdev->ops->mgmt_tx) 585 return -EOPNOTSUPP; 586 587 if (params->len < 24 + 1) 588 return -EINVAL; 589 590 mgmt = (const struct ieee80211_mgmt *)params->buf; 591 592 if (!ieee80211_is_mgmt(mgmt->frame_control)) 593 return -EINVAL; 594 595 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; 596 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4))) 597 return -EINVAL; 598 599 if (ieee80211_is_action(mgmt->frame_control) && 600 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { 601 int err = 0; 602 603 wdev_lock(wdev); 604 605 switch (wdev->iftype) { 606 case NL80211_IFTYPE_ADHOC: 607 case NL80211_IFTYPE_STATION: 608 case NL80211_IFTYPE_P2P_CLIENT: 609 if (!wdev->current_bss) { 610 err = -ENOTCONN; 611 break; 612 } 613 614 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 615 mgmt->bssid)) { 616 err = -ENOTCONN; 617 break; 618 } 619 620 /* 621 * check for IBSS DA must be done by driver as 622 * cfg80211 doesn't track the stations 623 */ 624 if (wdev->iftype == NL80211_IFTYPE_ADHOC) 625 break; 626 627 /* for station, check that DA is the AP */ 628 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 629 mgmt->da)) { 630 err = -ENOTCONN; 631 break; 632 } 633 break; 634 case NL80211_IFTYPE_AP: 635 case NL80211_IFTYPE_P2P_GO: 636 case NL80211_IFTYPE_AP_VLAN: 637 if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev))) 638 err = -EINVAL; 639 break; 640 case NL80211_IFTYPE_MESH_POINT: 641 if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) { 642 err = -EINVAL; 643 break; 644 } 645 /* 646 * check for mesh DA must be done by driver as 647 * cfg80211 doesn't track the stations 648 */ 649 break; 650 case NL80211_IFTYPE_P2P_DEVICE: 651 /* 652 * fall through, P2P device only supports 653 * public action frames 654 */ 655 case NL80211_IFTYPE_NAN: 656 default: 657 err = -EOPNOTSUPP; 658 break; 659 } 660 wdev_unlock(wdev); 661 662 if (err) 663 return err; 664 } 665 666 if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) { 667 /* Allow random TA to be used with Public Action frames if the 668 * driver has indicated support for this. Otherwise, only allow 669 * the local address to be used. 670 */ 671 if (!ieee80211_is_action(mgmt->frame_control) || 672 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) 673 return -EINVAL; 674 if (!wdev->current_bss && 675 !wiphy_ext_feature_isset( 676 &rdev->wiphy, 677 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA)) 678 return -EINVAL; 679 if (wdev->current_bss && 680 !wiphy_ext_feature_isset( 681 &rdev->wiphy, 682 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED)) 683 return -EINVAL; 684 } 685 686 /* Transmit the Action frame as requested by user space */ 687 return rdev_mgmt_tx(rdev, wdev, params, cookie); 688 } 689 690 bool cfg80211_rx_mgmt(struct wireless_dev *wdev, int freq, int sig_mbm, 691 const u8 *buf, size_t len, u32 flags) 692 { 693 struct wiphy *wiphy = wdev->wiphy; 694 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 695 struct cfg80211_mgmt_registration *reg; 696 const struct ieee80211_txrx_stypes *stypes = 697 &wiphy->mgmt_stypes[wdev->iftype]; 698 struct ieee80211_mgmt *mgmt = (void *)buf; 699 const u8 *data; 700 int data_len; 701 bool result = false; 702 __le16 ftype = mgmt->frame_control & 703 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE); 704 u16 stype; 705 706 trace_cfg80211_rx_mgmt(wdev, freq, sig_mbm); 707 stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4; 708 709 if (!(stypes->rx & BIT(stype))) { 710 trace_cfg80211_return_bool(false); 711 return false; 712 } 713 714 data = buf + ieee80211_hdrlen(mgmt->frame_control); 715 data_len = len - ieee80211_hdrlen(mgmt->frame_control); 716 717 spin_lock_bh(&wdev->mgmt_registrations_lock); 718 719 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 720 if (reg->frame_type != ftype) 721 continue; 722 723 if (reg->match_len > data_len) 724 continue; 725 726 if (memcmp(reg->match, data, reg->match_len)) 727 continue; 728 729 /* found match! */ 730 731 /* Indicate the received Action frame to user space */ 732 if (nl80211_send_mgmt(rdev, wdev, reg->nlportid, 733 freq, sig_mbm, 734 buf, len, flags, GFP_ATOMIC)) 735 continue; 736 737 result = true; 738 break; 739 } 740 741 spin_unlock_bh(&wdev->mgmt_registrations_lock); 742 743 trace_cfg80211_return_bool(result); 744 return result; 745 } 746 EXPORT_SYMBOL(cfg80211_rx_mgmt); 747 748 void cfg80211_dfs_channels_update_work(struct work_struct *work) 749 { 750 struct delayed_work *delayed_work = to_delayed_work(work); 751 struct cfg80211_registered_device *rdev; 752 struct cfg80211_chan_def chandef; 753 struct ieee80211_supported_band *sband; 754 struct ieee80211_channel *c; 755 struct wiphy *wiphy; 756 bool check_again = false; 757 unsigned long timeout, next_time = 0; 758 int bandid, i; 759 760 rdev = container_of(delayed_work, struct cfg80211_registered_device, 761 dfs_update_channels_wk); 762 wiphy = &rdev->wiphy; 763 764 rtnl_lock(); 765 for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) { 766 sband = wiphy->bands[bandid]; 767 if (!sband) 768 continue; 769 770 for (i = 0; i < sband->n_channels; i++) { 771 c = &sband->channels[i]; 772 773 if (c->dfs_state != NL80211_DFS_UNAVAILABLE) 774 continue; 775 776 timeout = c->dfs_state_entered + msecs_to_jiffies( 777 IEEE80211_DFS_MIN_NOP_TIME_MS); 778 779 if (time_after_eq(jiffies, timeout)) { 780 c->dfs_state = NL80211_DFS_USABLE; 781 c->dfs_state_entered = jiffies; 782 783 cfg80211_chandef_create(&chandef, c, 784 NL80211_CHAN_NO_HT); 785 786 nl80211_radar_notify(rdev, &chandef, 787 NL80211_RADAR_NOP_FINISHED, 788 NULL, GFP_ATOMIC); 789 continue; 790 } 791 792 if (!check_again) 793 next_time = timeout - jiffies; 794 else 795 next_time = min(next_time, timeout - jiffies); 796 check_again = true; 797 } 798 } 799 rtnl_unlock(); 800 801 /* reschedule if there are other channels waiting to be cleared again */ 802 if (check_again) 803 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 804 next_time); 805 } 806 807 808 void cfg80211_radar_event(struct wiphy *wiphy, 809 struct cfg80211_chan_def *chandef, 810 gfp_t gfp) 811 { 812 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 813 unsigned long timeout; 814 815 trace_cfg80211_radar_event(wiphy, chandef); 816 817 /* only set the chandef supplied channel to unavailable, in 818 * case the radar is detected on only one of multiple channels 819 * spanned by the chandef. 820 */ 821 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE); 822 823 timeout = msecs_to_jiffies(IEEE80211_DFS_MIN_NOP_TIME_MS); 824 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 825 timeout); 826 827 nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp); 828 } 829 EXPORT_SYMBOL(cfg80211_radar_event); 830 831 void cfg80211_cac_event(struct net_device *netdev, 832 const struct cfg80211_chan_def *chandef, 833 enum nl80211_radar_event event, gfp_t gfp) 834 { 835 struct wireless_dev *wdev = netdev->ieee80211_ptr; 836 struct wiphy *wiphy = wdev->wiphy; 837 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 838 unsigned long timeout; 839 840 trace_cfg80211_cac_event(netdev, event); 841 842 if (WARN_ON(!wdev->cac_started)) 843 return; 844 845 if (WARN_ON(!wdev->chandef.chan)) 846 return; 847 848 switch (event) { 849 case NL80211_RADAR_CAC_FINISHED: 850 timeout = wdev->cac_start_time + 851 msecs_to_jiffies(wdev->cac_time_ms); 852 WARN_ON(!time_after_eq(jiffies, timeout)); 853 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE); 854 break; 855 case NL80211_RADAR_CAC_ABORTED: 856 break; 857 default: 858 WARN_ON(1); 859 return; 860 } 861 wdev->cac_started = false; 862 863 nl80211_radar_notify(rdev, chandef, event, netdev, gfp); 864 } 865 EXPORT_SYMBOL(cfg80211_cac_event); 866