1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * cfg80211 MLME SAP interface 4 * 5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi> 6 * Copyright (c) 2015 Intel Deutschland GmbH 7 * Copyright (C) 2019 Intel Corporation 8 */ 9 10 #include <linux/kernel.h> 11 #include <linux/module.h> 12 #include <linux/etherdevice.h> 13 #include <linux/netdevice.h> 14 #include <linux/nl80211.h> 15 #include <linux/slab.h> 16 #include <linux/wireless.h> 17 #include <net/cfg80211.h> 18 #include <net/iw_handler.h> 19 #include "core.h" 20 #include "nl80211.h" 21 #include "rdev-ops.h" 22 23 24 void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss, 25 const u8 *buf, size_t len, int uapsd_queues, 26 const u8 *req_ies, size_t req_ies_len) 27 { 28 struct wireless_dev *wdev = dev->ieee80211_ptr; 29 struct wiphy *wiphy = wdev->wiphy; 30 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 31 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 32 struct cfg80211_connect_resp_params cr; 33 34 memset(&cr, 0, sizeof(cr)); 35 cr.status = (int)le16_to_cpu(mgmt->u.assoc_resp.status_code); 36 cr.bssid = mgmt->bssid; 37 cr.bss = bss; 38 cr.req_ie = req_ies; 39 cr.req_ie_len = req_ies_len; 40 cr.resp_ie = mgmt->u.assoc_resp.variable; 41 cr.resp_ie_len = 42 len - offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); 43 cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED; 44 45 trace_cfg80211_send_rx_assoc(dev, bss); 46 47 /* 48 * This is a bit of a hack, we don't notify userspace of 49 * a (re-)association reply if we tried to send a reassoc 50 * and got a reject -- we only try again with an assoc 51 * frame instead of reassoc. 52 */ 53 if (cfg80211_sme_rx_assoc_resp(wdev, cr.status)) { 54 cfg80211_unhold_bss(bss_from_pub(bss)); 55 cfg80211_put_bss(wiphy, bss); 56 return; 57 } 58 59 nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues, 60 req_ies, req_ies_len); 61 /* update current_bss etc., consumes the bss reference */ 62 __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS); 63 } 64 EXPORT_SYMBOL(cfg80211_rx_assoc_resp); 65 66 static void cfg80211_process_auth(struct wireless_dev *wdev, 67 const u8 *buf, size_t len) 68 { 69 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 70 71 nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL); 72 cfg80211_sme_rx_auth(wdev, buf, len); 73 } 74 75 static void cfg80211_process_deauth(struct wireless_dev *wdev, 76 const u8 *buf, size_t len) 77 { 78 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 79 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 80 const u8 *bssid = mgmt->bssid; 81 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 82 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 83 84 nl80211_send_deauth(rdev, wdev->netdev, buf, len, GFP_KERNEL); 85 86 if (!wdev->current_bss || 87 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 88 return; 89 90 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 91 cfg80211_sme_deauth(wdev); 92 } 93 94 static void cfg80211_process_disassoc(struct wireless_dev *wdev, 95 const u8 *buf, size_t len) 96 { 97 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 98 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 99 const u8 *bssid = mgmt->bssid; 100 u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 101 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 102 103 nl80211_send_disassoc(rdev, wdev->netdev, buf, len, GFP_KERNEL); 104 105 if (WARN_ON(!wdev->current_bss || 106 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 107 return; 108 109 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 110 cfg80211_sme_disassoc(wdev); 111 } 112 113 void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) 114 { 115 struct wireless_dev *wdev = dev->ieee80211_ptr; 116 struct ieee80211_mgmt *mgmt = (void *)buf; 117 118 ASSERT_WDEV_LOCK(wdev); 119 120 trace_cfg80211_rx_mlme_mgmt(dev, buf, len); 121 122 if (WARN_ON(len < 2)) 123 return; 124 125 if (ieee80211_is_auth(mgmt->frame_control)) 126 cfg80211_process_auth(wdev, buf, len); 127 else if (ieee80211_is_deauth(mgmt->frame_control)) 128 cfg80211_process_deauth(wdev, buf, len); 129 else if (ieee80211_is_disassoc(mgmt->frame_control)) 130 cfg80211_process_disassoc(wdev, buf, len); 131 } 132 EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt); 133 134 void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr) 135 { 136 struct wireless_dev *wdev = dev->ieee80211_ptr; 137 struct wiphy *wiphy = wdev->wiphy; 138 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 139 140 trace_cfg80211_send_auth_timeout(dev, addr); 141 142 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL); 143 cfg80211_sme_auth_timeout(wdev); 144 } 145 EXPORT_SYMBOL(cfg80211_auth_timeout); 146 147 void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss) 148 { 149 struct wireless_dev *wdev = dev->ieee80211_ptr; 150 struct wiphy *wiphy = wdev->wiphy; 151 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 152 153 trace_cfg80211_send_assoc_timeout(dev, bss->bssid); 154 155 nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL); 156 cfg80211_sme_assoc_timeout(wdev); 157 158 cfg80211_unhold_bss(bss_from_pub(bss)); 159 cfg80211_put_bss(wiphy, bss); 160 } 161 EXPORT_SYMBOL(cfg80211_assoc_timeout); 162 163 void cfg80211_abandon_assoc(struct net_device *dev, struct cfg80211_bss *bss) 164 { 165 struct wireless_dev *wdev = dev->ieee80211_ptr; 166 struct wiphy *wiphy = wdev->wiphy; 167 168 cfg80211_sme_abandon_assoc(wdev); 169 170 cfg80211_unhold_bss(bss_from_pub(bss)); 171 cfg80211_put_bss(wiphy, bss); 172 } 173 EXPORT_SYMBOL(cfg80211_abandon_assoc); 174 175 void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) 176 { 177 struct wireless_dev *wdev = dev->ieee80211_ptr; 178 struct ieee80211_mgmt *mgmt = (void *)buf; 179 180 ASSERT_WDEV_LOCK(wdev); 181 182 trace_cfg80211_tx_mlme_mgmt(dev, buf, len); 183 184 if (WARN_ON(len < 2)) 185 return; 186 187 if (ieee80211_is_deauth(mgmt->frame_control)) 188 cfg80211_process_deauth(wdev, buf, len); 189 else 190 cfg80211_process_disassoc(wdev, buf, len); 191 } 192 EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt); 193 194 void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr, 195 enum nl80211_key_type key_type, int key_id, 196 const u8 *tsc, gfp_t gfp) 197 { 198 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 199 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 200 #ifdef CONFIG_CFG80211_WEXT 201 union iwreq_data wrqu; 202 char *buf = kmalloc(128, gfp); 203 204 if (buf) { 205 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(" 206 "keyid=%d %scast addr=%pM)", key_id, 207 key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni", 208 addr); 209 memset(&wrqu, 0, sizeof(wrqu)); 210 wrqu.data.length = strlen(buf); 211 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); 212 kfree(buf); 213 } 214 #endif 215 216 trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc); 217 nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp); 218 } 219 EXPORT_SYMBOL(cfg80211_michael_mic_failure); 220 221 /* some MLME handling for userspace SME */ 222 int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, 223 struct net_device *dev, 224 struct ieee80211_channel *chan, 225 enum nl80211_auth_type auth_type, 226 const u8 *bssid, 227 const u8 *ssid, int ssid_len, 228 const u8 *ie, int ie_len, 229 const u8 *key, int key_len, int key_idx, 230 const u8 *auth_data, int auth_data_len) 231 { 232 struct wireless_dev *wdev = dev->ieee80211_ptr; 233 struct cfg80211_auth_request req = { 234 .ie = ie, 235 .ie_len = ie_len, 236 .auth_data = auth_data, 237 .auth_data_len = auth_data_len, 238 .auth_type = auth_type, 239 .key = key, 240 .key_len = key_len, 241 .key_idx = key_idx, 242 }; 243 int err; 244 245 ASSERT_WDEV_LOCK(wdev); 246 247 if (auth_type == NL80211_AUTHTYPE_SHARED_KEY) 248 if (!key || !key_len || key_idx < 0 || key_idx > 3) 249 return -EINVAL; 250 251 if (wdev->current_bss && 252 ether_addr_equal(bssid, wdev->current_bss->pub.bssid)) 253 return -EALREADY; 254 255 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 256 IEEE80211_BSS_TYPE_ESS, 257 IEEE80211_PRIVACY_ANY); 258 if (!req.bss) 259 return -ENOENT; 260 261 err = rdev_auth(rdev, dev, &req); 262 263 cfg80211_put_bss(&rdev->wiphy, req.bss); 264 return err; 265 } 266 267 /* Do a logical ht_capa &= ht_capa_mask. */ 268 void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa, 269 const struct ieee80211_ht_cap *ht_capa_mask) 270 { 271 int i; 272 u8 *p1, *p2; 273 if (!ht_capa_mask) { 274 memset(ht_capa, 0, sizeof(*ht_capa)); 275 return; 276 } 277 278 p1 = (u8*)(ht_capa); 279 p2 = (u8*)(ht_capa_mask); 280 for (i = 0; i < sizeof(*ht_capa); i++) 281 p1[i] &= p2[i]; 282 } 283 284 /* Do a logical vht_capa &= vht_capa_mask. */ 285 void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa, 286 const struct ieee80211_vht_cap *vht_capa_mask) 287 { 288 int i; 289 u8 *p1, *p2; 290 if (!vht_capa_mask) { 291 memset(vht_capa, 0, sizeof(*vht_capa)); 292 return; 293 } 294 295 p1 = (u8*)(vht_capa); 296 p2 = (u8*)(vht_capa_mask); 297 for (i = 0; i < sizeof(*vht_capa); i++) 298 p1[i] &= p2[i]; 299 } 300 301 int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev, 302 struct net_device *dev, 303 struct ieee80211_channel *chan, 304 const u8 *bssid, 305 const u8 *ssid, int ssid_len, 306 struct cfg80211_assoc_request *req) 307 { 308 struct wireless_dev *wdev = dev->ieee80211_ptr; 309 int err; 310 311 ASSERT_WDEV_LOCK(wdev); 312 313 if (wdev->current_bss && 314 (!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid, 315 req->prev_bssid))) 316 return -EALREADY; 317 318 cfg80211_oper_and_ht_capa(&req->ht_capa_mask, 319 rdev->wiphy.ht_capa_mod_mask); 320 cfg80211_oper_and_vht_capa(&req->vht_capa_mask, 321 rdev->wiphy.vht_capa_mod_mask); 322 323 req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 324 IEEE80211_BSS_TYPE_ESS, 325 IEEE80211_PRIVACY_ANY); 326 if (!req->bss) 327 return -ENOENT; 328 329 err = rdev_assoc(rdev, dev, req); 330 if (!err) 331 cfg80211_hold_bss(bss_from_pub(req->bss)); 332 else 333 cfg80211_put_bss(&rdev->wiphy, req->bss); 334 335 return err; 336 } 337 338 int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, 339 struct net_device *dev, const u8 *bssid, 340 const u8 *ie, int ie_len, u16 reason, 341 bool local_state_change) 342 { 343 struct wireless_dev *wdev = dev->ieee80211_ptr; 344 struct cfg80211_deauth_request req = { 345 .bssid = bssid, 346 .reason_code = reason, 347 .ie = ie, 348 .ie_len = ie_len, 349 .local_state_change = local_state_change, 350 }; 351 352 ASSERT_WDEV_LOCK(wdev); 353 354 if (local_state_change && 355 (!wdev->current_bss || 356 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 357 return 0; 358 359 if (ether_addr_equal(wdev->disconnect_bssid, bssid) || 360 (wdev->current_bss && 361 ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 362 wdev->conn_owner_nlportid = 0; 363 364 return rdev_deauth(rdev, dev, &req); 365 } 366 367 int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev, 368 struct net_device *dev, const u8 *bssid, 369 const u8 *ie, int ie_len, u16 reason, 370 bool local_state_change) 371 { 372 struct wireless_dev *wdev = dev->ieee80211_ptr; 373 struct cfg80211_disassoc_request req = { 374 .reason_code = reason, 375 .local_state_change = local_state_change, 376 .ie = ie, 377 .ie_len = ie_len, 378 }; 379 int err; 380 381 ASSERT_WDEV_LOCK(wdev); 382 383 if (!wdev->current_bss) 384 return -ENOTCONN; 385 386 if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 387 req.bss = &wdev->current_bss->pub; 388 else 389 return -ENOTCONN; 390 391 err = rdev_disassoc(rdev, dev, &req); 392 if (err) 393 return err; 394 395 /* driver should have reported the disassoc */ 396 WARN_ON(wdev->current_bss); 397 return 0; 398 } 399 400 void cfg80211_mlme_down(struct cfg80211_registered_device *rdev, 401 struct net_device *dev) 402 { 403 struct wireless_dev *wdev = dev->ieee80211_ptr; 404 u8 bssid[ETH_ALEN]; 405 406 ASSERT_WDEV_LOCK(wdev); 407 408 if (!rdev->ops->deauth) 409 return; 410 411 if (!wdev->current_bss) 412 return; 413 414 memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN); 415 cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0, 416 WLAN_REASON_DEAUTH_LEAVING, false); 417 } 418 419 struct cfg80211_mgmt_registration { 420 struct list_head list; 421 struct wireless_dev *wdev; 422 423 u32 nlportid; 424 425 int match_len; 426 427 __le16 frame_type; 428 429 bool multicast_rx; 430 431 u8 match[]; 432 }; 433 434 static void cfg80211_mgmt_registrations_update(struct wireless_dev *wdev) 435 { 436 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 437 struct wireless_dev *tmp; 438 struct cfg80211_mgmt_registration *reg; 439 struct mgmt_frame_regs upd = {}; 440 441 ASSERT_RTNL(); 442 443 spin_lock_bh(&wdev->mgmt_registrations_lock); 444 if (!wdev->mgmt_registrations_need_update) { 445 spin_unlock_bh(&wdev->mgmt_registrations_lock); 446 return; 447 } 448 449 rcu_read_lock(); 450 list_for_each_entry_rcu(tmp, &rdev->wiphy.wdev_list, list) { 451 list_for_each_entry(reg, &tmp->mgmt_registrations, list) { 452 u32 mask = BIT(le16_to_cpu(reg->frame_type) >> 4); 453 u32 mcast_mask = 0; 454 455 if (reg->multicast_rx) 456 mcast_mask = mask; 457 458 upd.global_stypes |= mask; 459 upd.global_mcast_stypes |= mcast_mask; 460 461 if (tmp == wdev) { 462 upd.interface_stypes |= mask; 463 upd.interface_mcast_stypes |= mcast_mask; 464 } 465 } 466 } 467 rcu_read_unlock(); 468 469 wdev->mgmt_registrations_need_update = 0; 470 spin_unlock_bh(&wdev->mgmt_registrations_lock); 471 472 rdev_update_mgmt_frame_registrations(rdev, wdev, &upd); 473 } 474 475 void cfg80211_mgmt_registrations_update_wk(struct work_struct *wk) 476 { 477 struct cfg80211_registered_device *rdev; 478 struct wireless_dev *wdev; 479 480 rdev = container_of(wk, struct cfg80211_registered_device, 481 mgmt_registrations_update_wk); 482 483 rtnl_lock(); 484 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) 485 cfg80211_mgmt_registrations_update(wdev); 486 rtnl_unlock(); 487 } 488 489 int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid, 490 u16 frame_type, const u8 *match_data, 491 int match_len, bool multicast_rx, 492 struct netlink_ext_ack *extack) 493 { 494 struct cfg80211_mgmt_registration *reg, *nreg; 495 int err = 0; 496 u16 mgmt_type; 497 bool update_multicast = false; 498 499 if (!wdev->wiphy->mgmt_stypes) 500 return -EOPNOTSUPP; 501 502 if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) { 503 NL_SET_ERR_MSG(extack, "frame type not management"); 504 return -EINVAL; 505 } 506 507 if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) { 508 NL_SET_ERR_MSG(extack, "Invalid frame type"); 509 return -EINVAL; 510 } 511 512 mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4; 513 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) { 514 NL_SET_ERR_MSG(extack, 515 "Registration to specific type not supported"); 516 return -EINVAL; 517 } 518 519 /* 520 * To support Pre Association Security Negotiation (PASN), registration 521 * for authentication frames should be supported. However, as some 522 * versions of the user space daemons wrongly register to all types of 523 * authentication frames (which might result in unexpected behavior) 524 * allow such registration if the request is for a specific 525 * authentication algorithm number. 526 */ 527 if (wdev->iftype == NL80211_IFTYPE_STATION && 528 (frame_type & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_AUTH && 529 !(match_data && match_len >= 2)) { 530 NL_SET_ERR_MSG(extack, 531 "Authentication algorithm number required"); 532 return -EINVAL; 533 } 534 535 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL); 536 if (!nreg) 537 return -ENOMEM; 538 539 spin_lock_bh(&wdev->mgmt_registrations_lock); 540 541 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 542 int mlen = min(match_len, reg->match_len); 543 544 if (frame_type != le16_to_cpu(reg->frame_type)) 545 continue; 546 547 if (memcmp(reg->match, match_data, mlen) == 0) { 548 if (reg->multicast_rx != multicast_rx) { 549 update_multicast = true; 550 reg->multicast_rx = multicast_rx; 551 break; 552 } 553 NL_SET_ERR_MSG(extack, "Match already configured"); 554 err = -EALREADY; 555 break; 556 } 557 } 558 559 if (err) 560 goto out; 561 562 if (update_multicast) { 563 kfree(nreg); 564 } else { 565 memcpy(nreg->match, match_data, match_len); 566 nreg->match_len = match_len; 567 nreg->nlportid = snd_portid; 568 nreg->frame_type = cpu_to_le16(frame_type); 569 nreg->wdev = wdev; 570 nreg->multicast_rx = multicast_rx; 571 list_add(&nreg->list, &wdev->mgmt_registrations); 572 } 573 wdev->mgmt_registrations_need_update = 1; 574 spin_unlock_bh(&wdev->mgmt_registrations_lock); 575 576 cfg80211_mgmt_registrations_update(wdev); 577 578 return 0; 579 580 out: 581 kfree(nreg); 582 spin_unlock_bh(&wdev->mgmt_registrations_lock); 583 584 return err; 585 } 586 587 void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid) 588 { 589 struct wiphy *wiphy = wdev->wiphy; 590 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 591 struct cfg80211_mgmt_registration *reg, *tmp; 592 593 spin_lock_bh(&wdev->mgmt_registrations_lock); 594 595 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 596 if (reg->nlportid != nlportid) 597 continue; 598 599 list_del(®->list); 600 kfree(reg); 601 602 wdev->mgmt_registrations_need_update = 1; 603 schedule_work(&rdev->mgmt_registrations_update_wk); 604 } 605 606 spin_unlock_bh(&wdev->mgmt_registrations_lock); 607 608 if (nlportid && rdev->crit_proto_nlportid == nlportid) { 609 rdev->crit_proto_nlportid = 0; 610 rdev_crit_proto_stop(rdev, wdev); 611 } 612 613 if (nlportid == wdev->ap_unexpected_nlportid) 614 wdev->ap_unexpected_nlportid = 0; 615 } 616 617 void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev) 618 { 619 struct cfg80211_mgmt_registration *reg, *tmp; 620 621 spin_lock_bh(&wdev->mgmt_registrations_lock); 622 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 623 list_del(®->list); 624 kfree(reg); 625 } 626 wdev->mgmt_registrations_need_update = 1; 627 spin_unlock_bh(&wdev->mgmt_registrations_lock); 628 629 cfg80211_mgmt_registrations_update(wdev); 630 } 631 632 int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, 633 struct wireless_dev *wdev, 634 struct cfg80211_mgmt_tx_params *params, u64 *cookie) 635 { 636 const struct ieee80211_mgmt *mgmt; 637 u16 stype; 638 639 if (!wdev->wiphy->mgmt_stypes) 640 return -EOPNOTSUPP; 641 642 if (!rdev->ops->mgmt_tx) 643 return -EOPNOTSUPP; 644 645 if (params->len < 24 + 1) 646 return -EINVAL; 647 648 mgmt = (const struct ieee80211_mgmt *)params->buf; 649 650 if (!ieee80211_is_mgmt(mgmt->frame_control)) 651 return -EINVAL; 652 653 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; 654 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4))) 655 return -EINVAL; 656 657 if (ieee80211_is_action(mgmt->frame_control) && 658 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { 659 int err = 0; 660 661 wdev_lock(wdev); 662 663 switch (wdev->iftype) { 664 case NL80211_IFTYPE_ADHOC: 665 case NL80211_IFTYPE_STATION: 666 case NL80211_IFTYPE_P2P_CLIENT: 667 if (!wdev->current_bss) { 668 err = -ENOTCONN; 669 break; 670 } 671 672 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 673 mgmt->bssid)) { 674 err = -ENOTCONN; 675 break; 676 } 677 678 /* 679 * check for IBSS DA must be done by driver as 680 * cfg80211 doesn't track the stations 681 */ 682 if (wdev->iftype == NL80211_IFTYPE_ADHOC) 683 break; 684 685 /* for station, check that DA is the AP */ 686 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 687 mgmt->da)) { 688 err = -ENOTCONN; 689 break; 690 } 691 break; 692 case NL80211_IFTYPE_AP: 693 case NL80211_IFTYPE_P2P_GO: 694 case NL80211_IFTYPE_AP_VLAN: 695 if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev))) 696 err = -EINVAL; 697 break; 698 case NL80211_IFTYPE_MESH_POINT: 699 if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) { 700 err = -EINVAL; 701 break; 702 } 703 /* 704 * check for mesh DA must be done by driver as 705 * cfg80211 doesn't track the stations 706 */ 707 break; 708 case NL80211_IFTYPE_P2P_DEVICE: 709 /* 710 * fall through, P2P device only supports 711 * public action frames 712 */ 713 case NL80211_IFTYPE_NAN: 714 default: 715 err = -EOPNOTSUPP; 716 break; 717 } 718 wdev_unlock(wdev); 719 720 if (err) 721 return err; 722 } 723 724 if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) { 725 /* Allow random TA to be used with Public Action frames if the 726 * driver has indicated support for this. Otherwise, only allow 727 * the local address to be used. 728 */ 729 if (!ieee80211_is_action(mgmt->frame_control) || 730 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) 731 return -EINVAL; 732 if (!wdev->current_bss && 733 !wiphy_ext_feature_isset( 734 &rdev->wiphy, 735 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA)) 736 return -EINVAL; 737 if (wdev->current_bss && 738 !wiphy_ext_feature_isset( 739 &rdev->wiphy, 740 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED)) 741 return -EINVAL; 742 } 743 744 /* Transmit the Action frame as requested by user space */ 745 return rdev_mgmt_tx(rdev, wdev, params, cookie); 746 } 747 748 bool cfg80211_rx_mgmt_khz(struct wireless_dev *wdev, int freq, int sig_dbm, 749 const u8 *buf, size_t len, u32 flags) 750 { 751 struct wiphy *wiphy = wdev->wiphy; 752 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 753 struct cfg80211_mgmt_registration *reg; 754 const struct ieee80211_txrx_stypes *stypes = 755 &wiphy->mgmt_stypes[wdev->iftype]; 756 struct ieee80211_mgmt *mgmt = (void *)buf; 757 const u8 *data; 758 int data_len; 759 bool result = false; 760 __le16 ftype = mgmt->frame_control & 761 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE); 762 u16 stype; 763 764 trace_cfg80211_rx_mgmt(wdev, freq, sig_dbm); 765 stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4; 766 767 if (!(stypes->rx & BIT(stype))) { 768 trace_cfg80211_return_bool(false); 769 return false; 770 } 771 772 data = buf + ieee80211_hdrlen(mgmt->frame_control); 773 data_len = len - ieee80211_hdrlen(mgmt->frame_control); 774 775 spin_lock_bh(&wdev->mgmt_registrations_lock); 776 777 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 778 if (reg->frame_type != ftype) 779 continue; 780 781 if (reg->match_len > data_len) 782 continue; 783 784 if (memcmp(reg->match, data, reg->match_len)) 785 continue; 786 787 /* found match! */ 788 789 /* Indicate the received Action frame to user space */ 790 if (nl80211_send_mgmt(rdev, wdev, reg->nlportid, 791 freq, sig_dbm, 792 buf, len, flags, GFP_ATOMIC)) 793 continue; 794 795 result = true; 796 break; 797 } 798 799 spin_unlock_bh(&wdev->mgmt_registrations_lock); 800 801 trace_cfg80211_return_bool(result); 802 return result; 803 } 804 EXPORT_SYMBOL(cfg80211_rx_mgmt_khz); 805 806 void cfg80211_sched_dfs_chan_update(struct cfg80211_registered_device *rdev) 807 { 808 cancel_delayed_work(&rdev->dfs_update_channels_wk); 809 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 0); 810 } 811 812 void cfg80211_dfs_channels_update_work(struct work_struct *work) 813 { 814 struct delayed_work *delayed_work = to_delayed_work(work); 815 struct cfg80211_registered_device *rdev; 816 struct cfg80211_chan_def chandef; 817 struct ieee80211_supported_band *sband; 818 struct ieee80211_channel *c; 819 struct wiphy *wiphy; 820 bool check_again = false; 821 unsigned long timeout, next_time = 0; 822 unsigned long time_dfs_update; 823 enum nl80211_radar_event radar_event; 824 int bandid, i; 825 826 rdev = container_of(delayed_work, struct cfg80211_registered_device, 827 dfs_update_channels_wk); 828 wiphy = &rdev->wiphy; 829 830 rtnl_lock(); 831 for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) { 832 sband = wiphy->bands[bandid]; 833 if (!sband) 834 continue; 835 836 for (i = 0; i < sband->n_channels; i++) { 837 c = &sband->channels[i]; 838 839 if (!(c->flags & IEEE80211_CHAN_RADAR)) 840 continue; 841 842 if (c->dfs_state != NL80211_DFS_UNAVAILABLE && 843 c->dfs_state != NL80211_DFS_AVAILABLE) 844 continue; 845 846 if (c->dfs_state == NL80211_DFS_UNAVAILABLE) { 847 time_dfs_update = IEEE80211_DFS_MIN_NOP_TIME_MS; 848 radar_event = NL80211_RADAR_NOP_FINISHED; 849 } else { 850 if (regulatory_pre_cac_allowed(wiphy) || 851 cfg80211_any_wiphy_oper_chan(wiphy, c)) 852 continue; 853 854 time_dfs_update = REG_PRE_CAC_EXPIRY_GRACE_MS; 855 radar_event = NL80211_RADAR_PRE_CAC_EXPIRED; 856 } 857 858 timeout = c->dfs_state_entered + 859 msecs_to_jiffies(time_dfs_update); 860 861 if (time_after_eq(jiffies, timeout)) { 862 c->dfs_state = NL80211_DFS_USABLE; 863 c->dfs_state_entered = jiffies; 864 865 cfg80211_chandef_create(&chandef, c, 866 NL80211_CHAN_NO_HT); 867 868 nl80211_radar_notify(rdev, &chandef, 869 radar_event, NULL, 870 GFP_ATOMIC); 871 872 regulatory_propagate_dfs_state(wiphy, &chandef, 873 c->dfs_state, 874 radar_event); 875 continue; 876 } 877 878 if (!check_again) 879 next_time = timeout - jiffies; 880 else 881 next_time = min(next_time, timeout - jiffies); 882 check_again = true; 883 } 884 } 885 rtnl_unlock(); 886 887 /* reschedule if there are other channels waiting to be cleared again */ 888 if (check_again) 889 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 890 next_time); 891 } 892 893 894 void cfg80211_radar_event(struct wiphy *wiphy, 895 struct cfg80211_chan_def *chandef, 896 gfp_t gfp) 897 { 898 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 899 900 trace_cfg80211_radar_event(wiphy, chandef); 901 902 /* only set the chandef supplied channel to unavailable, in 903 * case the radar is detected on only one of multiple channels 904 * spanned by the chandef. 905 */ 906 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE); 907 908 cfg80211_sched_dfs_chan_update(rdev); 909 910 nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp); 911 912 memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def)); 913 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk); 914 } 915 EXPORT_SYMBOL(cfg80211_radar_event); 916 917 void cfg80211_cac_event(struct net_device *netdev, 918 const struct cfg80211_chan_def *chandef, 919 enum nl80211_radar_event event, gfp_t gfp) 920 { 921 struct wireless_dev *wdev = netdev->ieee80211_ptr; 922 struct wiphy *wiphy = wdev->wiphy; 923 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 924 unsigned long timeout; 925 926 trace_cfg80211_cac_event(netdev, event); 927 928 if (WARN_ON(!wdev->cac_started && event != NL80211_RADAR_CAC_STARTED)) 929 return; 930 931 if (WARN_ON(!wdev->chandef.chan)) 932 return; 933 934 switch (event) { 935 case NL80211_RADAR_CAC_FINISHED: 936 timeout = wdev->cac_start_time + 937 msecs_to_jiffies(wdev->cac_time_ms); 938 WARN_ON(!time_after_eq(jiffies, timeout)); 939 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE); 940 memcpy(&rdev->cac_done_chandef, chandef, 941 sizeof(struct cfg80211_chan_def)); 942 queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk); 943 cfg80211_sched_dfs_chan_update(rdev); 944 fallthrough; 945 case NL80211_RADAR_CAC_ABORTED: 946 wdev->cac_started = false; 947 break; 948 case NL80211_RADAR_CAC_STARTED: 949 wdev->cac_started = true; 950 break; 951 default: 952 WARN_ON(1); 953 return; 954 } 955 956 nl80211_radar_notify(rdev, chandef, event, netdev, gfp); 957 } 958 EXPORT_SYMBOL(cfg80211_cac_event); 959