1 /* 2 * cfg80211 MLME SAP interface 3 * 4 * Copyright (c) 2009, Jouni Malinen <j@w1.fi> 5 * Copyright (c) 2015 Intel Deutschland GmbH 6 */ 7 8 #include <linux/kernel.h> 9 #include <linux/module.h> 10 #include <linux/etherdevice.h> 11 #include <linux/netdevice.h> 12 #include <linux/nl80211.h> 13 #include <linux/slab.h> 14 #include <linux/wireless.h> 15 #include <net/cfg80211.h> 16 #include <net/iw_handler.h> 17 #include "core.h" 18 #include "nl80211.h" 19 #include "rdev-ops.h" 20 21 22 void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss, 23 const u8 *buf, size_t len, int uapsd_queues) 24 { 25 struct wireless_dev *wdev = dev->ieee80211_ptr; 26 struct wiphy *wiphy = wdev->wiphy; 27 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 28 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 29 u8 *ie = mgmt->u.assoc_resp.variable; 30 int ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); 31 u16 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 32 33 trace_cfg80211_send_rx_assoc(dev, bss); 34 35 /* 36 * This is a bit of a hack, we don't notify userspace of 37 * a (re-)association reply if we tried to send a reassoc 38 * and got a reject -- we only try again with an assoc 39 * frame instead of reassoc. 40 */ 41 if (cfg80211_sme_rx_assoc_resp(wdev, status_code)) { 42 cfg80211_unhold_bss(bss_from_pub(bss)); 43 cfg80211_put_bss(wiphy, bss); 44 return; 45 } 46 47 nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues); 48 /* update current_bss etc., consumes the bss reference */ 49 __cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, ie, len - ieoffs, 50 status_code, 51 status_code == WLAN_STATUS_SUCCESS, bss); 52 } 53 EXPORT_SYMBOL(cfg80211_rx_assoc_resp); 54 55 static void cfg80211_process_auth(struct wireless_dev *wdev, 56 const u8 *buf, size_t len) 57 { 58 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 59 60 nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL); 61 cfg80211_sme_rx_auth(wdev, buf, len); 62 } 63 64 static void cfg80211_process_deauth(struct wireless_dev *wdev, 65 const u8 *buf, size_t len) 66 { 67 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 68 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 69 const u8 *bssid = mgmt->bssid; 70 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 71 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 72 73 nl80211_send_deauth(rdev, wdev->netdev, buf, len, GFP_KERNEL); 74 75 if (!wdev->current_bss || 76 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 77 return; 78 79 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 80 cfg80211_sme_deauth(wdev); 81 } 82 83 static void cfg80211_process_disassoc(struct wireless_dev *wdev, 84 const u8 *buf, size_t len) 85 { 86 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 87 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 88 const u8 *bssid = mgmt->bssid; 89 u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 90 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 91 92 nl80211_send_disassoc(rdev, wdev->netdev, buf, len, GFP_KERNEL); 93 94 if (WARN_ON(!wdev->current_bss || 95 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 96 return; 97 98 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 99 cfg80211_sme_disassoc(wdev); 100 } 101 102 void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) 103 { 104 struct wireless_dev *wdev = dev->ieee80211_ptr; 105 struct ieee80211_mgmt *mgmt = (void *)buf; 106 107 ASSERT_WDEV_LOCK(wdev); 108 109 trace_cfg80211_rx_mlme_mgmt(dev, buf, len); 110 111 if (WARN_ON(len < 2)) 112 return; 113 114 if (ieee80211_is_auth(mgmt->frame_control)) 115 cfg80211_process_auth(wdev, buf, len); 116 else if (ieee80211_is_deauth(mgmt->frame_control)) 117 cfg80211_process_deauth(wdev, buf, len); 118 else if (ieee80211_is_disassoc(mgmt->frame_control)) 119 cfg80211_process_disassoc(wdev, buf, len); 120 } 121 EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt); 122 123 void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr) 124 { 125 struct wireless_dev *wdev = dev->ieee80211_ptr; 126 struct wiphy *wiphy = wdev->wiphy; 127 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 128 129 trace_cfg80211_send_auth_timeout(dev, addr); 130 131 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL); 132 cfg80211_sme_auth_timeout(wdev); 133 } 134 EXPORT_SYMBOL(cfg80211_auth_timeout); 135 136 void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss) 137 { 138 struct wireless_dev *wdev = dev->ieee80211_ptr; 139 struct wiphy *wiphy = wdev->wiphy; 140 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 141 142 trace_cfg80211_send_assoc_timeout(dev, bss->bssid); 143 144 nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL); 145 cfg80211_sme_assoc_timeout(wdev); 146 147 cfg80211_unhold_bss(bss_from_pub(bss)); 148 cfg80211_put_bss(wiphy, bss); 149 } 150 EXPORT_SYMBOL(cfg80211_assoc_timeout); 151 152 void cfg80211_abandon_assoc(struct net_device *dev, struct cfg80211_bss *bss) 153 { 154 struct wireless_dev *wdev = dev->ieee80211_ptr; 155 struct wiphy *wiphy = wdev->wiphy; 156 157 cfg80211_sme_abandon_assoc(wdev); 158 159 cfg80211_unhold_bss(bss_from_pub(bss)); 160 cfg80211_put_bss(wiphy, bss); 161 } 162 EXPORT_SYMBOL(cfg80211_abandon_assoc); 163 164 void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) 165 { 166 struct wireless_dev *wdev = dev->ieee80211_ptr; 167 struct ieee80211_mgmt *mgmt = (void *)buf; 168 169 ASSERT_WDEV_LOCK(wdev); 170 171 trace_cfg80211_tx_mlme_mgmt(dev, buf, len); 172 173 if (WARN_ON(len < 2)) 174 return; 175 176 if (ieee80211_is_deauth(mgmt->frame_control)) 177 cfg80211_process_deauth(wdev, buf, len); 178 else 179 cfg80211_process_disassoc(wdev, buf, len); 180 } 181 EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt); 182 183 void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr, 184 enum nl80211_key_type key_type, int key_id, 185 const u8 *tsc, gfp_t gfp) 186 { 187 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 188 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 189 #ifdef CONFIG_CFG80211_WEXT 190 union iwreq_data wrqu; 191 char *buf = kmalloc(128, gfp); 192 193 if (buf) { 194 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(" 195 "keyid=%d %scast addr=%pM)", key_id, 196 key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni", 197 addr); 198 memset(&wrqu, 0, sizeof(wrqu)); 199 wrqu.data.length = strlen(buf); 200 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); 201 kfree(buf); 202 } 203 #endif 204 205 trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc); 206 nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp); 207 } 208 EXPORT_SYMBOL(cfg80211_michael_mic_failure); 209 210 /* some MLME handling for userspace SME */ 211 int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, 212 struct net_device *dev, 213 struct ieee80211_channel *chan, 214 enum nl80211_auth_type auth_type, 215 const u8 *bssid, 216 const u8 *ssid, int ssid_len, 217 const u8 *ie, int ie_len, 218 const u8 *key, int key_len, int key_idx, 219 const u8 *auth_data, int auth_data_len) 220 { 221 struct wireless_dev *wdev = dev->ieee80211_ptr; 222 struct cfg80211_auth_request req = { 223 .ie = ie, 224 .ie_len = ie_len, 225 .auth_data = auth_data, 226 .auth_data_len = auth_data_len, 227 .auth_type = auth_type, 228 .key = key, 229 .key_len = key_len, 230 .key_idx = key_idx, 231 }; 232 int err; 233 234 ASSERT_WDEV_LOCK(wdev); 235 236 if (auth_type == NL80211_AUTHTYPE_SHARED_KEY) 237 if (!key || !key_len || key_idx < 0 || key_idx > 3) 238 return -EINVAL; 239 240 if (wdev->current_bss && 241 ether_addr_equal(bssid, wdev->current_bss->pub.bssid)) 242 return -EALREADY; 243 244 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 245 IEEE80211_BSS_TYPE_ESS, 246 IEEE80211_PRIVACY_ANY); 247 if (!req.bss) 248 return -ENOENT; 249 250 err = rdev_auth(rdev, dev, &req); 251 252 cfg80211_put_bss(&rdev->wiphy, req.bss); 253 return err; 254 } 255 256 /* Do a logical ht_capa &= ht_capa_mask. */ 257 void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa, 258 const struct ieee80211_ht_cap *ht_capa_mask) 259 { 260 int i; 261 u8 *p1, *p2; 262 if (!ht_capa_mask) { 263 memset(ht_capa, 0, sizeof(*ht_capa)); 264 return; 265 } 266 267 p1 = (u8*)(ht_capa); 268 p2 = (u8*)(ht_capa_mask); 269 for (i = 0; i<sizeof(*ht_capa); i++) 270 p1[i] &= p2[i]; 271 } 272 273 /* Do a logical ht_capa &= ht_capa_mask. */ 274 void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa, 275 const struct ieee80211_vht_cap *vht_capa_mask) 276 { 277 int i; 278 u8 *p1, *p2; 279 if (!vht_capa_mask) { 280 memset(vht_capa, 0, sizeof(*vht_capa)); 281 return; 282 } 283 284 p1 = (u8*)(vht_capa); 285 p2 = (u8*)(vht_capa_mask); 286 for (i = 0; i < sizeof(*vht_capa); i++) 287 p1[i] &= p2[i]; 288 } 289 290 int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev, 291 struct net_device *dev, 292 struct ieee80211_channel *chan, 293 const u8 *bssid, 294 const u8 *ssid, int ssid_len, 295 struct cfg80211_assoc_request *req) 296 { 297 struct wireless_dev *wdev = dev->ieee80211_ptr; 298 int err; 299 300 ASSERT_WDEV_LOCK(wdev); 301 302 if (wdev->current_bss && 303 (!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid, 304 req->prev_bssid))) 305 return -EALREADY; 306 307 cfg80211_oper_and_ht_capa(&req->ht_capa_mask, 308 rdev->wiphy.ht_capa_mod_mask); 309 cfg80211_oper_and_vht_capa(&req->vht_capa_mask, 310 rdev->wiphy.vht_capa_mod_mask); 311 312 req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 313 IEEE80211_BSS_TYPE_ESS, 314 IEEE80211_PRIVACY_ANY); 315 if (!req->bss) 316 return -ENOENT; 317 318 err = rdev_assoc(rdev, dev, req); 319 if (!err) 320 cfg80211_hold_bss(bss_from_pub(req->bss)); 321 else 322 cfg80211_put_bss(&rdev->wiphy, req->bss); 323 324 return err; 325 } 326 327 int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, 328 struct net_device *dev, const u8 *bssid, 329 const u8 *ie, int ie_len, u16 reason, 330 bool local_state_change) 331 { 332 struct wireless_dev *wdev = dev->ieee80211_ptr; 333 struct cfg80211_deauth_request req = { 334 .bssid = bssid, 335 .reason_code = reason, 336 .ie = ie, 337 .ie_len = ie_len, 338 .local_state_change = local_state_change, 339 }; 340 341 ASSERT_WDEV_LOCK(wdev); 342 343 if (local_state_change && 344 (!wdev->current_bss || 345 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 346 return 0; 347 348 return rdev_deauth(rdev, dev, &req); 349 } 350 351 int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev, 352 struct net_device *dev, const u8 *bssid, 353 const u8 *ie, int ie_len, u16 reason, 354 bool local_state_change) 355 { 356 struct wireless_dev *wdev = dev->ieee80211_ptr; 357 struct cfg80211_disassoc_request req = { 358 .reason_code = reason, 359 .local_state_change = local_state_change, 360 .ie = ie, 361 .ie_len = ie_len, 362 }; 363 int err; 364 365 ASSERT_WDEV_LOCK(wdev); 366 367 if (!wdev->current_bss) 368 return -ENOTCONN; 369 370 if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 371 req.bss = &wdev->current_bss->pub; 372 else 373 return -ENOTCONN; 374 375 err = rdev_disassoc(rdev, dev, &req); 376 if (err) 377 return err; 378 379 /* driver should have reported the disassoc */ 380 WARN_ON(wdev->current_bss); 381 return 0; 382 } 383 384 void cfg80211_mlme_down(struct cfg80211_registered_device *rdev, 385 struct net_device *dev) 386 { 387 struct wireless_dev *wdev = dev->ieee80211_ptr; 388 u8 bssid[ETH_ALEN]; 389 390 ASSERT_WDEV_LOCK(wdev); 391 392 if (!rdev->ops->deauth) 393 return; 394 395 if (!wdev->current_bss) 396 return; 397 398 memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN); 399 cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0, 400 WLAN_REASON_DEAUTH_LEAVING, false); 401 } 402 403 struct cfg80211_mgmt_registration { 404 struct list_head list; 405 struct wireless_dev *wdev; 406 407 u32 nlportid; 408 409 int match_len; 410 411 __le16 frame_type; 412 413 u8 match[]; 414 }; 415 416 static void 417 cfg80211_process_mlme_unregistrations(struct cfg80211_registered_device *rdev) 418 { 419 struct cfg80211_mgmt_registration *reg; 420 421 ASSERT_RTNL(); 422 423 spin_lock_bh(&rdev->mlme_unreg_lock); 424 while ((reg = list_first_entry_or_null(&rdev->mlme_unreg, 425 struct cfg80211_mgmt_registration, 426 list))) { 427 list_del(®->list); 428 spin_unlock_bh(&rdev->mlme_unreg_lock); 429 430 if (rdev->ops->mgmt_frame_register) { 431 u16 frame_type = le16_to_cpu(reg->frame_type); 432 433 rdev_mgmt_frame_register(rdev, reg->wdev, 434 frame_type, false); 435 } 436 437 kfree(reg); 438 439 spin_lock_bh(&rdev->mlme_unreg_lock); 440 } 441 spin_unlock_bh(&rdev->mlme_unreg_lock); 442 } 443 444 void cfg80211_mlme_unreg_wk(struct work_struct *wk) 445 { 446 struct cfg80211_registered_device *rdev; 447 448 rdev = container_of(wk, struct cfg80211_registered_device, 449 mlme_unreg_wk); 450 451 rtnl_lock(); 452 cfg80211_process_mlme_unregistrations(rdev); 453 rtnl_unlock(); 454 } 455 456 int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid, 457 u16 frame_type, const u8 *match_data, 458 int match_len) 459 { 460 struct wiphy *wiphy = wdev->wiphy; 461 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 462 struct cfg80211_mgmt_registration *reg, *nreg; 463 int err = 0; 464 u16 mgmt_type; 465 466 if (!wdev->wiphy->mgmt_stypes) 467 return -EOPNOTSUPP; 468 469 if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) 470 return -EINVAL; 471 472 if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) 473 return -EINVAL; 474 475 mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4; 476 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) 477 return -EINVAL; 478 479 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL); 480 if (!nreg) 481 return -ENOMEM; 482 483 spin_lock_bh(&wdev->mgmt_registrations_lock); 484 485 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 486 int mlen = min(match_len, reg->match_len); 487 488 if (frame_type != le16_to_cpu(reg->frame_type)) 489 continue; 490 491 if (memcmp(reg->match, match_data, mlen) == 0) { 492 err = -EALREADY; 493 break; 494 } 495 } 496 497 if (err) { 498 kfree(nreg); 499 goto out; 500 } 501 502 memcpy(nreg->match, match_data, match_len); 503 nreg->match_len = match_len; 504 nreg->nlportid = snd_portid; 505 nreg->frame_type = cpu_to_le16(frame_type); 506 nreg->wdev = wdev; 507 list_add(&nreg->list, &wdev->mgmt_registrations); 508 spin_unlock_bh(&wdev->mgmt_registrations_lock); 509 510 /* process all unregistrations to avoid driver confusion */ 511 cfg80211_process_mlme_unregistrations(rdev); 512 513 if (rdev->ops->mgmt_frame_register) 514 rdev_mgmt_frame_register(rdev, wdev, frame_type, true); 515 516 return 0; 517 518 out: 519 spin_unlock_bh(&wdev->mgmt_registrations_lock); 520 521 return err; 522 } 523 524 void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid) 525 { 526 struct wiphy *wiphy = wdev->wiphy; 527 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 528 struct cfg80211_mgmt_registration *reg, *tmp; 529 530 spin_lock_bh(&wdev->mgmt_registrations_lock); 531 532 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 533 if (reg->nlportid != nlportid) 534 continue; 535 536 list_del(®->list); 537 spin_lock(&rdev->mlme_unreg_lock); 538 list_add_tail(®->list, &rdev->mlme_unreg); 539 spin_unlock(&rdev->mlme_unreg_lock); 540 541 schedule_work(&rdev->mlme_unreg_wk); 542 } 543 544 spin_unlock_bh(&wdev->mgmt_registrations_lock); 545 546 if (nlportid && rdev->crit_proto_nlportid == nlportid) { 547 rdev->crit_proto_nlportid = 0; 548 rdev_crit_proto_stop(rdev, wdev); 549 } 550 551 if (nlportid == wdev->ap_unexpected_nlportid) 552 wdev->ap_unexpected_nlportid = 0; 553 } 554 555 void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev) 556 { 557 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 558 559 spin_lock_bh(&wdev->mgmt_registrations_lock); 560 spin_lock(&rdev->mlme_unreg_lock); 561 list_splice_tail_init(&wdev->mgmt_registrations, &rdev->mlme_unreg); 562 spin_unlock(&rdev->mlme_unreg_lock); 563 spin_unlock_bh(&wdev->mgmt_registrations_lock); 564 565 cfg80211_process_mlme_unregistrations(rdev); 566 } 567 568 int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, 569 struct wireless_dev *wdev, 570 struct cfg80211_mgmt_tx_params *params, u64 *cookie) 571 { 572 const struct ieee80211_mgmt *mgmt; 573 u16 stype; 574 575 if (!wdev->wiphy->mgmt_stypes) 576 return -EOPNOTSUPP; 577 578 if (!rdev->ops->mgmt_tx) 579 return -EOPNOTSUPP; 580 581 if (params->len < 24 + 1) 582 return -EINVAL; 583 584 mgmt = (const struct ieee80211_mgmt *)params->buf; 585 586 if (!ieee80211_is_mgmt(mgmt->frame_control)) 587 return -EINVAL; 588 589 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; 590 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4))) 591 return -EINVAL; 592 593 if (ieee80211_is_action(mgmt->frame_control) && 594 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { 595 int err = 0; 596 597 wdev_lock(wdev); 598 599 switch (wdev->iftype) { 600 case NL80211_IFTYPE_ADHOC: 601 case NL80211_IFTYPE_STATION: 602 case NL80211_IFTYPE_P2P_CLIENT: 603 if (!wdev->current_bss) { 604 err = -ENOTCONN; 605 break; 606 } 607 608 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 609 mgmt->bssid)) { 610 err = -ENOTCONN; 611 break; 612 } 613 614 /* 615 * check for IBSS DA must be done by driver as 616 * cfg80211 doesn't track the stations 617 */ 618 if (wdev->iftype == NL80211_IFTYPE_ADHOC) 619 break; 620 621 /* for station, check that DA is the AP */ 622 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 623 mgmt->da)) { 624 err = -ENOTCONN; 625 break; 626 } 627 break; 628 case NL80211_IFTYPE_AP: 629 case NL80211_IFTYPE_P2P_GO: 630 case NL80211_IFTYPE_AP_VLAN: 631 if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev))) 632 err = -EINVAL; 633 break; 634 case NL80211_IFTYPE_MESH_POINT: 635 if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) { 636 err = -EINVAL; 637 break; 638 } 639 /* 640 * check for mesh DA must be done by driver as 641 * cfg80211 doesn't track the stations 642 */ 643 break; 644 case NL80211_IFTYPE_P2P_DEVICE: 645 /* 646 * fall through, P2P device only supports 647 * public action frames 648 */ 649 case NL80211_IFTYPE_NAN: 650 default: 651 err = -EOPNOTSUPP; 652 break; 653 } 654 wdev_unlock(wdev); 655 656 if (err) 657 return err; 658 } 659 660 if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) 661 return -EINVAL; 662 663 /* Transmit the Action frame as requested by user space */ 664 return rdev_mgmt_tx(rdev, wdev, params, cookie); 665 } 666 667 bool cfg80211_rx_mgmt(struct wireless_dev *wdev, int freq, int sig_mbm, 668 const u8 *buf, size_t len, u32 flags) 669 { 670 struct wiphy *wiphy = wdev->wiphy; 671 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 672 struct cfg80211_mgmt_registration *reg; 673 const struct ieee80211_txrx_stypes *stypes = 674 &wiphy->mgmt_stypes[wdev->iftype]; 675 struct ieee80211_mgmt *mgmt = (void *)buf; 676 const u8 *data; 677 int data_len; 678 bool result = false; 679 __le16 ftype = mgmt->frame_control & 680 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE); 681 u16 stype; 682 683 trace_cfg80211_rx_mgmt(wdev, freq, sig_mbm); 684 stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4; 685 686 if (!(stypes->rx & BIT(stype))) { 687 trace_cfg80211_return_bool(false); 688 return false; 689 } 690 691 data = buf + ieee80211_hdrlen(mgmt->frame_control); 692 data_len = len - ieee80211_hdrlen(mgmt->frame_control); 693 694 spin_lock_bh(&wdev->mgmt_registrations_lock); 695 696 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 697 if (reg->frame_type != ftype) 698 continue; 699 700 if (reg->match_len > data_len) 701 continue; 702 703 if (memcmp(reg->match, data, reg->match_len)) 704 continue; 705 706 /* found match! */ 707 708 /* Indicate the received Action frame to user space */ 709 if (nl80211_send_mgmt(rdev, wdev, reg->nlportid, 710 freq, sig_mbm, 711 buf, len, flags, GFP_ATOMIC)) 712 continue; 713 714 result = true; 715 break; 716 } 717 718 spin_unlock_bh(&wdev->mgmt_registrations_lock); 719 720 trace_cfg80211_return_bool(result); 721 return result; 722 } 723 EXPORT_SYMBOL(cfg80211_rx_mgmt); 724 725 void cfg80211_dfs_channels_update_work(struct work_struct *work) 726 { 727 struct delayed_work *delayed_work = to_delayed_work(work); 728 struct cfg80211_registered_device *rdev; 729 struct cfg80211_chan_def chandef; 730 struct ieee80211_supported_band *sband; 731 struct ieee80211_channel *c; 732 struct wiphy *wiphy; 733 bool check_again = false; 734 unsigned long timeout, next_time = 0; 735 int bandid, i; 736 737 rdev = container_of(delayed_work, struct cfg80211_registered_device, 738 dfs_update_channels_wk); 739 wiphy = &rdev->wiphy; 740 741 rtnl_lock(); 742 for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) { 743 sband = wiphy->bands[bandid]; 744 if (!sband) 745 continue; 746 747 for (i = 0; i < sband->n_channels; i++) { 748 c = &sband->channels[i]; 749 750 if (c->dfs_state != NL80211_DFS_UNAVAILABLE) 751 continue; 752 753 timeout = c->dfs_state_entered + msecs_to_jiffies( 754 IEEE80211_DFS_MIN_NOP_TIME_MS); 755 756 if (time_after_eq(jiffies, timeout)) { 757 c->dfs_state = NL80211_DFS_USABLE; 758 c->dfs_state_entered = jiffies; 759 760 cfg80211_chandef_create(&chandef, c, 761 NL80211_CHAN_NO_HT); 762 763 nl80211_radar_notify(rdev, &chandef, 764 NL80211_RADAR_NOP_FINISHED, 765 NULL, GFP_ATOMIC); 766 continue; 767 } 768 769 if (!check_again) 770 next_time = timeout - jiffies; 771 else 772 next_time = min(next_time, timeout - jiffies); 773 check_again = true; 774 } 775 } 776 rtnl_unlock(); 777 778 /* reschedule if there are other channels waiting to be cleared again */ 779 if (check_again) 780 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 781 next_time); 782 } 783 784 785 void cfg80211_radar_event(struct wiphy *wiphy, 786 struct cfg80211_chan_def *chandef, 787 gfp_t gfp) 788 { 789 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 790 unsigned long timeout; 791 792 trace_cfg80211_radar_event(wiphy, chandef); 793 794 /* only set the chandef supplied channel to unavailable, in 795 * case the radar is detected on only one of multiple channels 796 * spanned by the chandef. 797 */ 798 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE); 799 800 timeout = msecs_to_jiffies(IEEE80211_DFS_MIN_NOP_TIME_MS); 801 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 802 timeout); 803 804 nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp); 805 } 806 EXPORT_SYMBOL(cfg80211_radar_event); 807 808 void cfg80211_cac_event(struct net_device *netdev, 809 const struct cfg80211_chan_def *chandef, 810 enum nl80211_radar_event event, gfp_t gfp) 811 { 812 struct wireless_dev *wdev = netdev->ieee80211_ptr; 813 struct wiphy *wiphy = wdev->wiphy; 814 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 815 unsigned long timeout; 816 817 trace_cfg80211_cac_event(netdev, event); 818 819 if (WARN_ON(!wdev->cac_started)) 820 return; 821 822 if (WARN_ON(!wdev->chandef.chan)) 823 return; 824 825 switch (event) { 826 case NL80211_RADAR_CAC_FINISHED: 827 timeout = wdev->cac_start_time + 828 msecs_to_jiffies(wdev->cac_time_ms); 829 WARN_ON(!time_after_eq(jiffies, timeout)); 830 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE); 831 break; 832 case NL80211_RADAR_CAC_ABORTED: 833 break; 834 default: 835 WARN_ON(1); 836 return; 837 } 838 wdev->cac_started = false; 839 840 nl80211_radar_notify(rdev, chandef, event, netdev, gfp); 841 } 842 EXPORT_SYMBOL(cfg80211_cac_event); 843