1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * SME code for cfg80211 4 * both driver SME event handling and the SME implementation 5 * (for nl80211's connect() and wext) 6 * 7 * Copyright 2009 Johannes Berg <johannes@sipsolutions.net> 8 * Copyright (C) 2009, 2020, 2022-2023 Intel Corporation. All rights reserved. 9 * Copyright 2017 Intel Deutschland GmbH 10 */ 11 12 #include <linux/etherdevice.h> 13 #include <linux/if_arp.h> 14 #include <linux/slab.h> 15 #include <linux/workqueue.h> 16 #include <linux/wireless.h> 17 #include <linux/export.h> 18 #include <net/iw_handler.h> 19 #include <net/cfg80211.h> 20 #include <net/rtnetlink.h> 21 #include "nl80211.h" 22 #include "reg.h" 23 #include "rdev-ops.h" 24 25 /* 26 * Software SME in cfg80211, using auth/assoc/deauth calls to the 27 * driver. This is for implementing nl80211's connect/disconnect 28 * and wireless extensions (if configured.) 29 */ 30 31 struct cfg80211_conn { 32 struct cfg80211_connect_params params; 33 /* these are sub-states of the _CONNECTING sme_state */ 34 enum { 35 CFG80211_CONN_SCANNING, 36 CFG80211_CONN_SCAN_AGAIN, 37 CFG80211_CONN_AUTHENTICATE_NEXT, 38 CFG80211_CONN_AUTHENTICATING, 39 CFG80211_CONN_AUTH_FAILED_TIMEOUT, 40 CFG80211_CONN_ASSOCIATE_NEXT, 41 CFG80211_CONN_ASSOCIATING, 42 CFG80211_CONN_ASSOC_FAILED, 43 CFG80211_CONN_ASSOC_FAILED_TIMEOUT, 44 CFG80211_CONN_DEAUTH, 45 CFG80211_CONN_ABANDON, 46 CFG80211_CONN_CONNECTED, 47 } state; 48 u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN]; 49 const u8 *ie; 50 size_t ie_len; 51 bool auto_auth, prev_bssid_valid; 52 }; 53 54 static void cfg80211_sme_free(struct wireless_dev *wdev) 55 { 56 if (!wdev->conn) 57 return; 58 59 kfree(wdev->conn->ie); 60 kfree(wdev->conn); 61 wdev->conn = NULL; 62 } 63 64 static int cfg80211_conn_scan(struct wireless_dev *wdev) 65 { 66 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 67 struct cfg80211_scan_request *request; 68 int n_channels, err; 69 70 ASSERT_WDEV_LOCK(wdev); 71 72 if (rdev->scan_req || rdev->scan_msg) 73 return -EBUSY; 74 75 if (wdev->conn->params.channel) 76 n_channels = 1; 77 else 78 n_channels = ieee80211_get_num_supported_channels(wdev->wiphy); 79 80 request = kzalloc(sizeof(*request) + sizeof(request->ssids[0]) + 81 sizeof(request->channels[0]) * n_channels, 82 GFP_KERNEL); 83 if (!request) 84 return -ENOMEM; 85 86 if (wdev->conn->params.channel) { 87 enum nl80211_band band = wdev->conn->params.channel->band; 88 struct ieee80211_supported_band *sband = 89 wdev->wiphy->bands[band]; 90 91 if (!sband) { 92 kfree(request); 93 return -EINVAL; 94 } 95 request->channels[0] = wdev->conn->params.channel; 96 request->rates[band] = (1 << sband->n_bitrates) - 1; 97 } else { 98 int i = 0, j; 99 enum nl80211_band band; 100 struct ieee80211_supported_band *bands; 101 struct ieee80211_channel *channel; 102 103 for (band = 0; band < NUM_NL80211_BANDS; band++) { 104 bands = wdev->wiphy->bands[band]; 105 if (!bands) 106 continue; 107 for (j = 0; j < bands->n_channels; j++) { 108 channel = &bands->channels[j]; 109 if (channel->flags & IEEE80211_CHAN_DISABLED) 110 continue; 111 request->channels[i++] = channel; 112 } 113 request->rates[band] = (1 << bands->n_bitrates) - 1; 114 } 115 n_channels = i; 116 } 117 request->n_channels = n_channels; 118 request->ssids = (void *)request + 119 struct_size(request, channels, n_channels); 120 request->n_ssids = 1; 121 122 memcpy(request->ssids[0].ssid, wdev->conn->params.ssid, 123 wdev->conn->params.ssid_len); 124 request->ssids[0].ssid_len = wdev->conn->params.ssid_len; 125 126 eth_broadcast_addr(request->bssid); 127 128 request->wdev = wdev; 129 request->wiphy = &rdev->wiphy; 130 request->scan_start = jiffies; 131 132 rdev->scan_req = request; 133 134 err = rdev_scan(rdev, request); 135 if (!err) { 136 wdev->conn->state = CFG80211_CONN_SCANNING; 137 nl80211_send_scan_start(rdev, wdev); 138 dev_hold(wdev->netdev); 139 } else { 140 rdev->scan_req = NULL; 141 kfree(request); 142 } 143 return err; 144 } 145 146 static int cfg80211_conn_do_work(struct wireless_dev *wdev, 147 enum nl80211_timeout_reason *treason) 148 { 149 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 150 struct cfg80211_connect_params *params; 151 struct cfg80211_auth_request auth_req = {}; 152 struct cfg80211_assoc_request req = {}; 153 int err; 154 155 ASSERT_WDEV_LOCK(wdev); 156 157 if (!wdev->conn) 158 return 0; 159 160 params = &wdev->conn->params; 161 162 switch (wdev->conn->state) { 163 case CFG80211_CONN_SCANNING: 164 /* didn't find it during scan ... */ 165 return -ENOENT; 166 case CFG80211_CONN_SCAN_AGAIN: 167 return cfg80211_conn_scan(wdev); 168 case CFG80211_CONN_AUTHENTICATE_NEXT: 169 if (WARN_ON(!rdev->ops->auth)) 170 return -EOPNOTSUPP; 171 wdev->conn->state = CFG80211_CONN_AUTHENTICATING; 172 auth_req.key = params->key; 173 auth_req.key_len = params->key_len; 174 auth_req.key_idx = params->key_idx; 175 auth_req.auth_type = params->auth_type; 176 auth_req.bss = cfg80211_get_bss(&rdev->wiphy, params->channel, 177 params->bssid, 178 params->ssid, params->ssid_len, 179 IEEE80211_BSS_TYPE_ESS, 180 IEEE80211_PRIVACY_ANY); 181 auth_req.link_id = -1; 182 err = cfg80211_mlme_auth(rdev, wdev->netdev, &auth_req); 183 cfg80211_put_bss(&rdev->wiphy, auth_req.bss); 184 return err; 185 case CFG80211_CONN_AUTH_FAILED_TIMEOUT: 186 *treason = NL80211_TIMEOUT_AUTH; 187 return -ENOTCONN; 188 case CFG80211_CONN_ASSOCIATE_NEXT: 189 if (WARN_ON(!rdev->ops->assoc)) 190 return -EOPNOTSUPP; 191 wdev->conn->state = CFG80211_CONN_ASSOCIATING; 192 if (wdev->conn->prev_bssid_valid) 193 req.prev_bssid = wdev->conn->prev_bssid; 194 req.ie = params->ie; 195 req.ie_len = params->ie_len; 196 req.use_mfp = params->mfp != NL80211_MFP_NO; 197 req.crypto = params->crypto; 198 req.flags = params->flags; 199 req.ht_capa = params->ht_capa; 200 req.ht_capa_mask = params->ht_capa_mask; 201 req.vht_capa = params->vht_capa; 202 req.vht_capa_mask = params->vht_capa_mask; 203 req.link_id = -1; 204 205 req.bss = cfg80211_get_bss(&rdev->wiphy, params->channel, 206 params->bssid, 207 params->ssid, params->ssid_len, 208 IEEE80211_BSS_TYPE_ESS, 209 IEEE80211_PRIVACY_ANY); 210 if (!req.bss) { 211 err = -ENOENT; 212 } else { 213 err = cfg80211_mlme_assoc(rdev, wdev->netdev, &req); 214 cfg80211_put_bss(&rdev->wiphy, req.bss); 215 } 216 217 if (err) 218 cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, 219 NULL, 0, 220 WLAN_REASON_DEAUTH_LEAVING, 221 false); 222 return err; 223 case CFG80211_CONN_ASSOC_FAILED_TIMEOUT: 224 *treason = NL80211_TIMEOUT_ASSOC; 225 fallthrough; 226 case CFG80211_CONN_ASSOC_FAILED: 227 cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, 228 NULL, 0, 229 WLAN_REASON_DEAUTH_LEAVING, false); 230 return -ENOTCONN; 231 case CFG80211_CONN_DEAUTH: 232 cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid, 233 NULL, 0, 234 WLAN_REASON_DEAUTH_LEAVING, false); 235 fallthrough; 236 case CFG80211_CONN_ABANDON: 237 /* free directly, disconnected event already sent */ 238 cfg80211_sme_free(wdev); 239 return 0; 240 default: 241 return 0; 242 } 243 } 244 245 void cfg80211_conn_work(struct work_struct *work) 246 { 247 struct cfg80211_registered_device *rdev = 248 container_of(work, struct cfg80211_registered_device, conn_work); 249 struct wireless_dev *wdev; 250 u8 bssid_buf[ETH_ALEN], *bssid = NULL; 251 enum nl80211_timeout_reason treason; 252 253 wiphy_lock(&rdev->wiphy); 254 255 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 256 if (!wdev->netdev) 257 continue; 258 259 wdev_lock(wdev); 260 if (!netif_running(wdev->netdev)) { 261 wdev_unlock(wdev); 262 continue; 263 } 264 if (!wdev->conn || 265 wdev->conn->state == CFG80211_CONN_CONNECTED) { 266 wdev_unlock(wdev); 267 continue; 268 } 269 if (wdev->conn->params.bssid) { 270 memcpy(bssid_buf, wdev->conn->params.bssid, ETH_ALEN); 271 bssid = bssid_buf; 272 } 273 treason = NL80211_TIMEOUT_UNSPECIFIED; 274 if (cfg80211_conn_do_work(wdev, &treason)) { 275 struct cfg80211_connect_resp_params cr; 276 277 memset(&cr, 0, sizeof(cr)); 278 cr.status = -1; 279 cr.links[0].bssid = bssid; 280 cr.timeout_reason = treason; 281 __cfg80211_connect_result(wdev->netdev, &cr, false); 282 } 283 wdev_unlock(wdev); 284 } 285 286 wiphy_unlock(&rdev->wiphy); 287 } 288 289 static void cfg80211_step_auth_next(struct cfg80211_conn *conn, 290 struct cfg80211_bss *bss) 291 { 292 memcpy(conn->bssid, bss->bssid, ETH_ALEN); 293 conn->params.bssid = conn->bssid; 294 conn->params.channel = bss->channel; 295 conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; 296 } 297 298 /* Returned bss is reference counted and must be cleaned up appropriately. */ 299 static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev) 300 { 301 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 302 struct cfg80211_bss *bss; 303 304 ASSERT_WDEV_LOCK(wdev); 305 306 bss = cfg80211_get_bss(wdev->wiphy, wdev->conn->params.channel, 307 wdev->conn->params.bssid, 308 wdev->conn->params.ssid, 309 wdev->conn->params.ssid_len, 310 wdev->conn_bss_type, 311 IEEE80211_PRIVACY(wdev->conn->params.privacy)); 312 if (!bss) 313 return NULL; 314 315 cfg80211_step_auth_next(wdev->conn, bss); 316 schedule_work(&rdev->conn_work); 317 318 return bss; 319 } 320 321 static void __cfg80211_sme_scan_done(struct net_device *dev) 322 { 323 struct wireless_dev *wdev = dev->ieee80211_ptr; 324 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 325 struct cfg80211_bss *bss; 326 327 ASSERT_WDEV_LOCK(wdev); 328 329 if (!wdev->conn) 330 return; 331 332 if (wdev->conn->state != CFG80211_CONN_SCANNING && 333 wdev->conn->state != CFG80211_CONN_SCAN_AGAIN) 334 return; 335 336 bss = cfg80211_get_conn_bss(wdev); 337 if (bss) 338 cfg80211_put_bss(&rdev->wiphy, bss); 339 else 340 schedule_work(&rdev->conn_work); 341 } 342 343 void cfg80211_sme_scan_done(struct net_device *dev) 344 { 345 struct wireless_dev *wdev = dev->ieee80211_ptr; 346 347 wdev_lock(wdev); 348 __cfg80211_sme_scan_done(dev); 349 wdev_unlock(wdev); 350 } 351 352 void cfg80211_sme_rx_auth(struct wireless_dev *wdev, const u8 *buf, size_t len) 353 { 354 struct wiphy *wiphy = wdev->wiphy; 355 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 356 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 357 u16 status_code = le16_to_cpu(mgmt->u.auth.status_code); 358 359 ASSERT_WDEV_LOCK(wdev); 360 361 if (!wdev->conn || wdev->conn->state == CFG80211_CONN_CONNECTED) 362 return; 363 364 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG && 365 wdev->conn->auto_auth && 366 wdev->conn->params.auth_type != NL80211_AUTHTYPE_NETWORK_EAP) { 367 /* select automatically between only open, shared, leap */ 368 switch (wdev->conn->params.auth_type) { 369 case NL80211_AUTHTYPE_OPEN_SYSTEM: 370 if (wdev->connect_keys) 371 wdev->conn->params.auth_type = 372 NL80211_AUTHTYPE_SHARED_KEY; 373 else 374 wdev->conn->params.auth_type = 375 NL80211_AUTHTYPE_NETWORK_EAP; 376 break; 377 case NL80211_AUTHTYPE_SHARED_KEY: 378 wdev->conn->params.auth_type = 379 NL80211_AUTHTYPE_NETWORK_EAP; 380 break; 381 default: 382 /* huh? */ 383 wdev->conn->params.auth_type = 384 NL80211_AUTHTYPE_OPEN_SYSTEM; 385 break; 386 } 387 wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT; 388 schedule_work(&rdev->conn_work); 389 } else if (status_code != WLAN_STATUS_SUCCESS) { 390 struct cfg80211_connect_resp_params cr; 391 392 memset(&cr, 0, sizeof(cr)); 393 cr.status = status_code; 394 cr.links[0].bssid = mgmt->bssid; 395 cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED; 396 __cfg80211_connect_result(wdev->netdev, &cr, false); 397 } else if (wdev->conn->state == CFG80211_CONN_AUTHENTICATING) { 398 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT; 399 schedule_work(&rdev->conn_work); 400 } 401 } 402 403 bool cfg80211_sme_rx_assoc_resp(struct wireless_dev *wdev, u16 status) 404 { 405 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 406 407 if (!wdev->conn) 408 return false; 409 410 if (status == WLAN_STATUS_SUCCESS) { 411 wdev->conn->state = CFG80211_CONN_CONNECTED; 412 return false; 413 } 414 415 if (wdev->conn->prev_bssid_valid) { 416 /* 417 * Some stupid APs don't accept reassoc, so we 418 * need to fall back to trying regular assoc; 419 * return true so no event is sent to userspace. 420 */ 421 wdev->conn->prev_bssid_valid = false; 422 wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT; 423 schedule_work(&rdev->conn_work); 424 return true; 425 } 426 427 wdev->conn->state = CFG80211_CONN_ASSOC_FAILED; 428 schedule_work(&rdev->conn_work); 429 return false; 430 } 431 432 void cfg80211_sme_deauth(struct wireless_dev *wdev) 433 { 434 cfg80211_sme_free(wdev); 435 } 436 437 void cfg80211_sme_auth_timeout(struct wireless_dev *wdev) 438 { 439 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 440 441 if (!wdev->conn) 442 return; 443 444 wdev->conn->state = CFG80211_CONN_AUTH_FAILED_TIMEOUT; 445 schedule_work(&rdev->conn_work); 446 } 447 448 void cfg80211_sme_disassoc(struct wireless_dev *wdev) 449 { 450 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 451 452 if (!wdev->conn) 453 return; 454 455 wdev->conn->state = CFG80211_CONN_DEAUTH; 456 schedule_work(&rdev->conn_work); 457 } 458 459 void cfg80211_sme_assoc_timeout(struct wireless_dev *wdev) 460 { 461 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 462 463 if (!wdev->conn) 464 return; 465 466 wdev->conn->state = CFG80211_CONN_ASSOC_FAILED_TIMEOUT; 467 schedule_work(&rdev->conn_work); 468 } 469 470 void cfg80211_sme_abandon_assoc(struct wireless_dev *wdev) 471 { 472 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 473 474 if (!wdev->conn) 475 return; 476 477 wdev->conn->state = CFG80211_CONN_ABANDON; 478 schedule_work(&rdev->conn_work); 479 } 480 481 static void cfg80211_wdev_release_bsses(struct wireless_dev *wdev) 482 { 483 unsigned int link; 484 485 for_each_valid_link(wdev, link) { 486 if (!wdev->links[link].client.current_bss) 487 continue; 488 cfg80211_unhold_bss(wdev->links[link].client.current_bss); 489 cfg80211_put_bss(wdev->wiphy, 490 &wdev->links[link].client.current_bss->pub); 491 wdev->links[link].client.current_bss = NULL; 492 } 493 } 494 495 void cfg80211_wdev_release_link_bsses(struct wireless_dev *wdev, u16 link_mask) 496 { 497 unsigned int link; 498 499 for_each_valid_link(wdev, link) { 500 if (!wdev->links[link].client.current_bss || 501 !(link_mask & BIT(link))) 502 continue; 503 cfg80211_unhold_bss(wdev->links[link].client.current_bss); 504 cfg80211_put_bss(wdev->wiphy, 505 &wdev->links[link].client.current_bss->pub); 506 wdev->links[link].client.current_bss = NULL; 507 } 508 } 509 510 static int cfg80211_sme_get_conn_ies(struct wireless_dev *wdev, 511 const u8 *ies, size_t ies_len, 512 const u8 **out_ies, size_t *out_ies_len) 513 { 514 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 515 u8 *buf; 516 size_t offs; 517 518 if (!rdev->wiphy.extended_capabilities_len || 519 (ies && cfg80211_find_ie(WLAN_EID_EXT_CAPABILITY, ies, ies_len))) { 520 *out_ies = kmemdup(ies, ies_len, GFP_KERNEL); 521 if (!*out_ies) 522 return -ENOMEM; 523 *out_ies_len = ies_len; 524 return 0; 525 } 526 527 buf = kmalloc(ies_len + rdev->wiphy.extended_capabilities_len + 2, 528 GFP_KERNEL); 529 if (!buf) 530 return -ENOMEM; 531 532 if (ies_len) { 533 static const u8 before_extcapa[] = { 534 /* not listing IEs expected to be created by driver */ 535 WLAN_EID_RSN, 536 WLAN_EID_QOS_CAPA, 537 WLAN_EID_RRM_ENABLED_CAPABILITIES, 538 WLAN_EID_MOBILITY_DOMAIN, 539 WLAN_EID_SUPPORTED_REGULATORY_CLASSES, 540 WLAN_EID_BSS_COEX_2040, 541 }; 542 543 offs = ieee80211_ie_split(ies, ies_len, before_extcapa, 544 ARRAY_SIZE(before_extcapa), 0); 545 memcpy(buf, ies, offs); 546 /* leave a whole for extended capabilities IE */ 547 memcpy(buf + offs + rdev->wiphy.extended_capabilities_len + 2, 548 ies + offs, ies_len - offs); 549 } else { 550 offs = 0; 551 } 552 553 /* place extended capabilities IE (with only driver capabilities) */ 554 buf[offs] = WLAN_EID_EXT_CAPABILITY; 555 buf[offs + 1] = rdev->wiphy.extended_capabilities_len; 556 memcpy(buf + offs + 2, 557 rdev->wiphy.extended_capabilities, 558 rdev->wiphy.extended_capabilities_len); 559 560 *out_ies = buf; 561 *out_ies_len = ies_len + rdev->wiphy.extended_capabilities_len + 2; 562 563 return 0; 564 } 565 566 static int cfg80211_sme_connect(struct wireless_dev *wdev, 567 struct cfg80211_connect_params *connect, 568 const u8 *prev_bssid) 569 { 570 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 571 struct cfg80211_bss *bss; 572 int err; 573 574 if (!rdev->ops->auth || !rdev->ops->assoc) 575 return -EOPNOTSUPP; 576 577 cfg80211_wdev_release_bsses(wdev); 578 579 if (wdev->connected) { 580 cfg80211_sme_free(wdev); 581 wdev->connected = false; 582 } 583 584 if (wdev->conn) 585 return -EINPROGRESS; 586 587 wdev->conn = kzalloc(sizeof(*wdev->conn), GFP_KERNEL); 588 if (!wdev->conn) 589 return -ENOMEM; 590 591 /* 592 * Copy all parameters, and treat explicitly IEs, BSSID, SSID. 593 */ 594 memcpy(&wdev->conn->params, connect, sizeof(*connect)); 595 if (connect->bssid) { 596 wdev->conn->params.bssid = wdev->conn->bssid; 597 memcpy(wdev->conn->bssid, connect->bssid, ETH_ALEN); 598 } 599 600 if (cfg80211_sme_get_conn_ies(wdev, connect->ie, connect->ie_len, 601 &wdev->conn->ie, 602 &wdev->conn->params.ie_len)) { 603 kfree(wdev->conn); 604 wdev->conn = NULL; 605 return -ENOMEM; 606 } 607 wdev->conn->params.ie = wdev->conn->ie; 608 609 if (connect->auth_type == NL80211_AUTHTYPE_AUTOMATIC) { 610 wdev->conn->auto_auth = true; 611 /* start with open system ... should mostly work */ 612 wdev->conn->params.auth_type = 613 NL80211_AUTHTYPE_OPEN_SYSTEM; 614 } else { 615 wdev->conn->auto_auth = false; 616 } 617 618 wdev->conn->params.ssid = wdev->u.client.ssid; 619 wdev->conn->params.ssid_len = wdev->u.client.ssid_len; 620 621 /* see if we have the bss already */ 622 bss = cfg80211_get_bss(wdev->wiphy, wdev->conn->params.channel, 623 wdev->conn->params.bssid, 624 wdev->conn->params.ssid, 625 wdev->conn->params.ssid_len, 626 wdev->conn_bss_type, 627 IEEE80211_PRIVACY(wdev->conn->params.privacy)); 628 629 if (prev_bssid) { 630 memcpy(wdev->conn->prev_bssid, prev_bssid, ETH_ALEN); 631 wdev->conn->prev_bssid_valid = true; 632 } 633 634 /* we're good if we have a matching bss struct */ 635 if (bss) { 636 enum nl80211_timeout_reason treason; 637 638 cfg80211_step_auth_next(wdev->conn, bss); 639 err = cfg80211_conn_do_work(wdev, &treason); 640 cfg80211_put_bss(wdev->wiphy, bss); 641 } else { 642 /* otherwise we'll need to scan for the AP first */ 643 err = cfg80211_conn_scan(wdev); 644 645 /* 646 * If we can't scan right now, then we need to scan again 647 * after the current scan finished, since the parameters 648 * changed (unless we find a good AP anyway). 649 */ 650 if (err == -EBUSY) { 651 err = 0; 652 wdev->conn->state = CFG80211_CONN_SCAN_AGAIN; 653 } 654 } 655 656 if (err) 657 cfg80211_sme_free(wdev); 658 659 return err; 660 } 661 662 static int cfg80211_sme_disconnect(struct wireless_dev *wdev, u16 reason) 663 { 664 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 665 int err; 666 667 if (!wdev->conn) 668 return 0; 669 670 if (!rdev->ops->deauth) 671 return -EOPNOTSUPP; 672 673 if (wdev->conn->state == CFG80211_CONN_SCANNING || 674 wdev->conn->state == CFG80211_CONN_SCAN_AGAIN) { 675 err = 0; 676 goto out; 677 } 678 679 /* wdev->conn->params.bssid must be set if > SCANNING */ 680 err = cfg80211_mlme_deauth(rdev, wdev->netdev, 681 wdev->conn->params.bssid, 682 NULL, 0, reason, false); 683 out: 684 cfg80211_sme_free(wdev); 685 return err; 686 } 687 688 /* 689 * code shared for in-device and software SME 690 */ 691 692 static bool cfg80211_is_all_idle(void) 693 { 694 struct cfg80211_registered_device *rdev; 695 struct wireless_dev *wdev; 696 bool is_all_idle = true; 697 698 /* 699 * All devices must be idle as otherwise if you are actively 700 * scanning some new beacon hints could be learned and would 701 * count as new regulatory hints. 702 * Also if there is any other active beaconing interface we 703 * need not issue a disconnect hint and reset any info such 704 * as chan dfs state, etc. 705 */ 706 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 707 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 708 wdev_lock(wdev); 709 if (wdev->conn || wdev->connected || 710 cfg80211_beaconing_iface_active(wdev)) 711 is_all_idle = false; 712 wdev_unlock(wdev); 713 } 714 } 715 716 return is_all_idle; 717 } 718 719 static void disconnect_work(struct work_struct *work) 720 { 721 rtnl_lock(); 722 if (cfg80211_is_all_idle()) 723 regulatory_hint_disconnect(); 724 rtnl_unlock(); 725 } 726 727 DECLARE_WORK(cfg80211_disconnect_work, disconnect_work); 728 729 static void 730 cfg80211_connect_result_release_bsses(struct wireless_dev *wdev, 731 struct cfg80211_connect_resp_params *cr) 732 { 733 unsigned int link; 734 735 for_each_valid_link(cr, link) { 736 if (!cr->links[link].bss) 737 continue; 738 cfg80211_unhold_bss(bss_from_pub(cr->links[link].bss)); 739 cfg80211_put_bss(wdev->wiphy, cr->links[link].bss); 740 } 741 } 742 743 /* 744 * API calls for drivers implementing connect/disconnect and 745 * SME event handling 746 */ 747 748 /* This method must consume bss one way or another */ 749 void __cfg80211_connect_result(struct net_device *dev, 750 struct cfg80211_connect_resp_params *cr, 751 bool wextev) 752 { 753 struct wireless_dev *wdev = dev->ieee80211_ptr; 754 const struct element *country_elem = NULL; 755 const struct element *ssid; 756 const u8 *country_data; 757 u8 country_datalen; 758 #ifdef CONFIG_CFG80211_WEXT 759 union iwreq_data wrqu; 760 #endif 761 unsigned int link; 762 const u8 *connected_addr; 763 bool bss_not_found = false; 764 765 ASSERT_WDEV_LOCK(wdev); 766 767 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && 768 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) 769 goto out; 770 771 if (cr->valid_links) { 772 if (WARN_ON(!cr->ap_mld_addr)) 773 goto out; 774 775 for_each_valid_link(cr, link) { 776 if (WARN_ON(!cr->links[link].addr)) 777 goto out; 778 } 779 780 if (WARN_ON(wdev->connect_keys)) 781 goto out; 782 } 783 784 wdev->unprot_beacon_reported = 0; 785 nl80211_send_connect_result(wiphy_to_rdev(wdev->wiphy), dev, cr, 786 GFP_KERNEL); 787 connected_addr = cr->valid_links ? cr->ap_mld_addr : cr->links[0].bssid; 788 789 #ifdef CONFIG_CFG80211_WEXT 790 if (wextev && !cr->valid_links) { 791 if (cr->req_ie && cr->status == WLAN_STATUS_SUCCESS) { 792 memset(&wrqu, 0, sizeof(wrqu)); 793 wrqu.data.length = cr->req_ie_len; 794 wireless_send_event(dev, IWEVASSOCREQIE, &wrqu, 795 cr->req_ie); 796 } 797 798 if (cr->resp_ie && cr->status == WLAN_STATUS_SUCCESS) { 799 memset(&wrqu, 0, sizeof(wrqu)); 800 wrqu.data.length = cr->resp_ie_len; 801 wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu, 802 cr->resp_ie); 803 } 804 805 memset(&wrqu, 0, sizeof(wrqu)); 806 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 807 if (connected_addr && cr->status == WLAN_STATUS_SUCCESS) { 808 memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN); 809 memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN); 810 wdev->wext.prev_bssid_valid = true; 811 } 812 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL); 813 } 814 #endif 815 816 if (cr->status == WLAN_STATUS_SUCCESS) { 817 if (!wiphy_to_rdev(wdev->wiphy)->ops->connect) { 818 for_each_valid_link(cr, link) { 819 if (WARN_ON_ONCE(!cr->links[link].bss)) 820 break; 821 } 822 } 823 824 for_each_valid_link(cr, link) { 825 /* don't do extra lookups for failures */ 826 if (cr->links[link].status != WLAN_STATUS_SUCCESS) 827 continue; 828 829 if (cr->links[link].bss) 830 continue; 831 832 cr->links[link].bss = 833 cfg80211_get_bss(wdev->wiphy, NULL, 834 cr->links[link].bssid, 835 wdev->u.client.ssid, 836 wdev->u.client.ssid_len, 837 wdev->conn_bss_type, 838 IEEE80211_PRIVACY_ANY); 839 if (!cr->links[link].bss) { 840 bss_not_found = true; 841 break; 842 } 843 cfg80211_hold_bss(bss_from_pub(cr->links[link].bss)); 844 } 845 } 846 847 cfg80211_wdev_release_bsses(wdev); 848 849 if (cr->status != WLAN_STATUS_SUCCESS) { 850 kfree_sensitive(wdev->connect_keys); 851 wdev->connect_keys = NULL; 852 wdev->u.client.ssid_len = 0; 853 wdev->conn_owner_nlportid = 0; 854 cfg80211_connect_result_release_bsses(wdev, cr); 855 cfg80211_sme_free(wdev); 856 return; 857 } 858 859 if (WARN_ON(bss_not_found)) { 860 cfg80211_connect_result_release_bsses(wdev, cr); 861 return; 862 } 863 864 memset(wdev->links, 0, sizeof(wdev->links)); 865 for_each_valid_link(cr, link) { 866 if (cr->links[link].status == WLAN_STATUS_SUCCESS) 867 continue; 868 cr->valid_links &= ~BIT(link); 869 /* don't require bss pointer for failed links */ 870 if (!cr->links[link].bss) 871 continue; 872 cfg80211_unhold_bss(bss_from_pub(cr->links[link].bss)); 873 cfg80211_put_bss(wdev->wiphy, cr->links[link].bss); 874 } 875 wdev->valid_links = cr->valid_links; 876 for_each_valid_link(cr, link) 877 wdev->links[link].client.current_bss = 878 bss_from_pub(cr->links[link].bss); 879 wdev->connected = true; 880 ether_addr_copy(wdev->u.client.connected_addr, connected_addr); 881 if (cr->valid_links) { 882 for_each_valid_link(cr, link) 883 memcpy(wdev->links[link].addr, cr->links[link].addr, 884 ETH_ALEN); 885 } 886 887 cfg80211_upload_connect_keys(wdev); 888 889 rcu_read_lock(); 890 for_each_valid_link(cr, link) { 891 country_elem = 892 ieee80211_bss_get_elem(cr->links[link].bss, 893 WLAN_EID_COUNTRY); 894 if (country_elem) 895 break; 896 } 897 if (!country_elem) { 898 rcu_read_unlock(); 899 return; 900 } 901 902 country_datalen = country_elem->datalen; 903 country_data = kmemdup(country_elem->data, country_datalen, GFP_ATOMIC); 904 rcu_read_unlock(); 905 906 if (!country_data) 907 return; 908 909 regulatory_hint_country_ie(wdev->wiphy, 910 cr->links[link].bss->channel->band, 911 country_data, country_datalen); 912 kfree(country_data); 913 914 if (!wdev->u.client.ssid_len) { 915 rcu_read_lock(); 916 for_each_valid_link(cr, link) { 917 ssid = ieee80211_bss_get_elem(cr->links[link].bss, 918 WLAN_EID_SSID); 919 920 if (!ssid || !ssid->datalen) 921 continue; 922 923 memcpy(wdev->u.client.ssid, ssid->data, ssid->datalen); 924 wdev->u.client.ssid_len = ssid->datalen; 925 break; 926 } 927 rcu_read_unlock(); 928 } 929 930 return; 931 out: 932 for_each_valid_link(cr, link) 933 cfg80211_put_bss(wdev->wiphy, cr->links[link].bss); 934 } 935 936 static void cfg80211_update_link_bss(struct wireless_dev *wdev, 937 struct cfg80211_bss **bss) 938 { 939 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 940 struct cfg80211_internal_bss *ibss; 941 942 if (!*bss) 943 return; 944 945 ibss = bss_from_pub(*bss); 946 if (list_empty(&ibss->list)) { 947 struct cfg80211_bss *found = NULL, *tmp = *bss; 948 949 found = cfg80211_get_bss(wdev->wiphy, NULL, 950 (*bss)->bssid, 951 wdev->u.client.ssid, 952 wdev->u.client.ssid_len, 953 wdev->conn_bss_type, 954 IEEE80211_PRIVACY_ANY); 955 if (found) { 956 /* The same BSS is already updated so use it 957 * instead, as it has latest info. 958 */ 959 *bss = found; 960 } else { 961 /* Update with BSS provided by driver, it will 962 * be freshly added and ref cnted, we can free 963 * the old one. 964 * 965 * signal_valid can be false, as we are not 966 * expecting the BSS to be found. 967 * 968 * keep the old timestamp to avoid confusion 969 */ 970 cfg80211_bss_update(rdev, ibss, false, 971 ibss->ts); 972 } 973 974 cfg80211_put_bss(wdev->wiphy, tmp); 975 } 976 } 977 978 /* Consumes bss object(s) one way or another */ 979 void cfg80211_connect_done(struct net_device *dev, 980 struct cfg80211_connect_resp_params *params, 981 gfp_t gfp) 982 { 983 struct wireless_dev *wdev = dev->ieee80211_ptr; 984 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 985 struct cfg80211_event *ev; 986 unsigned long flags; 987 u8 *next; 988 size_t link_info_size = 0; 989 unsigned int link; 990 991 for_each_valid_link(params, link) { 992 cfg80211_update_link_bss(wdev, ¶ms->links[link].bss); 993 link_info_size += params->links[link].bssid ? ETH_ALEN : 0; 994 link_info_size += params->links[link].addr ? ETH_ALEN : 0; 995 } 996 997 ev = kzalloc(sizeof(*ev) + (params->ap_mld_addr ? ETH_ALEN : 0) + 998 params->req_ie_len + params->resp_ie_len + 999 params->fils.kek_len + params->fils.pmk_len + 1000 (params->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size, 1001 gfp); 1002 1003 if (!ev) { 1004 for_each_valid_link(params, link) 1005 cfg80211_put_bss(wdev->wiphy, 1006 params->links[link].bss); 1007 return; 1008 } 1009 1010 ev->type = EVENT_CONNECT_RESULT; 1011 next = ((u8 *)ev) + sizeof(*ev); 1012 if (params->ap_mld_addr) { 1013 ev->cr.ap_mld_addr = next; 1014 memcpy((void *)ev->cr.ap_mld_addr, params->ap_mld_addr, 1015 ETH_ALEN); 1016 next += ETH_ALEN; 1017 } 1018 if (params->req_ie_len) { 1019 ev->cr.req_ie = next; 1020 ev->cr.req_ie_len = params->req_ie_len; 1021 memcpy((void *)ev->cr.req_ie, params->req_ie, 1022 params->req_ie_len); 1023 next += params->req_ie_len; 1024 } 1025 if (params->resp_ie_len) { 1026 ev->cr.resp_ie = next; 1027 ev->cr.resp_ie_len = params->resp_ie_len; 1028 memcpy((void *)ev->cr.resp_ie, params->resp_ie, 1029 params->resp_ie_len); 1030 next += params->resp_ie_len; 1031 } 1032 if (params->fils.kek_len) { 1033 ev->cr.fils.kek = next; 1034 ev->cr.fils.kek_len = params->fils.kek_len; 1035 memcpy((void *)ev->cr.fils.kek, params->fils.kek, 1036 params->fils.kek_len); 1037 next += params->fils.kek_len; 1038 } 1039 if (params->fils.pmk_len) { 1040 ev->cr.fils.pmk = next; 1041 ev->cr.fils.pmk_len = params->fils.pmk_len; 1042 memcpy((void *)ev->cr.fils.pmk, params->fils.pmk, 1043 params->fils.pmk_len); 1044 next += params->fils.pmk_len; 1045 } 1046 if (params->fils.pmkid) { 1047 ev->cr.fils.pmkid = next; 1048 memcpy((void *)ev->cr.fils.pmkid, params->fils.pmkid, 1049 WLAN_PMKID_LEN); 1050 next += WLAN_PMKID_LEN; 1051 } 1052 ev->cr.fils.update_erp_next_seq_num = params->fils.update_erp_next_seq_num; 1053 if (params->fils.update_erp_next_seq_num) 1054 ev->cr.fils.erp_next_seq_num = params->fils.erp_next_seq_num; 1055 ev->cr.valid_links = params->valid_links; 1056 for_each_valid_link(params, link) { 1057 if (params->links[link].bss) 1058 cfg80211_hold_bss( 1059 bss_from_pub(params->links[link].bss)); 1060 ev->cr.links[link].bss = params->links[link].bss; 1061 ev->cr.links[link].status = params->links[link].status; 1062 1063 if (params->links[link].addr) { 1064 ev->cr.links[link].addr = next; 1065 memcpy((void *)ev->cr.links[link].addr, 1066 params->links[link].addr, 1067 ETH_ALEN); 1068 next += ETH_ALEN; 1069 } 1070 if (params->links[link].bssid) { 1071 ev->cr.links[link].bssid = next; 1072 memcpy((void *)ev->cr.links[link].bssid, 1073 params->links[link].bssid, 1074 ETH_ALEN); 1075 next += ETH_ALEN; 1076 } 1077 } 1078 ev->cr.status = params->status; 1079 ev->cr.timeout_reason = params->timeout_reason; 1080 1081 spin_lock_irqsave(&wdev->event_lock, flags); 1082 list_add_tail(&ev->list, &wdev->event_list); 1083 spin_unlock_irqrestore(&wdev->event_lock, flags); 1084 queue_work(cfg80211_wq, &rdev->event_work); 1085 } 1086 EXPORT_SYMBOL(cfg80211_connect_done); 1087 1088 /* Consumes bss object one way or another */ 1089 void __cfg80211_roamed(struct wireless_dev *wdev, 1090 struct cfg80211_roam_info *info) 1091 { 1092 #ifdef CONFIG_CFG80211_WEXT 1093 union iwreq_data wrqu; 1094 #endif 1095 unsigned int link; 1096 const u8 *connected_addr; 1097 1098 ASSERT_WDEV_LOCK(wdev); 1099 1100 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && 1101 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) 1102 goto out; 1103 1104 if (WARN_ON(!wdev->connected)) 1105 goto out; 1106 1107 if (info->valid_links) { 1108 if (WARN_ON(!info->ap_mld_addr)) 1109 goto out; 1110 1111 for_each_valid_link(info, link) { 1112 if (WARN_ON(!info->links[link].addr)) 1113 goto out; 1114 } 1115 } 1116 1117 cfg80211_wdev_release_bsses(wdev); 1118 1119 for_each_valid_link(info, link) { 1120 if (WARN_ON(!info->links[link].bss)) 1121 goto out; 1122 } 1123 1124 memset(wdev->links, 0, sizeof(wdev->links)); 1125 wdev->valid_links = info->valid_links; 1126 for_each_valid_link(info, link) { 1127 cfg80211_hold_bss(bss_from_pub(info->links[link].bss)); 1128 wdev->links[link].client.current_bss = 1129 bss_from_pub(info->links[link].bss); 1130 } 1131 1132 connected_addr = info->valid_links ? 1133 info->ap_mld_addr : 1134 info->links[0].bss->bssid; 1135 ether_addr_copy(wdev->u.client.connected_addr, connected_addr); 1136 if (info->valid_links) { 1137 for_each_valid_link(info, link) 1138 memcpy(wdev->links[link].addr, info->links[link].addr, 1139 ETH_ALEN); 1140 } 1141 wdev->unprot_beacon_reported = 0; 1142 nl80211_send_roamed(wiphy_to_rdev(wdev->wiphy), 1143 wdev->netdev, info, GFP_KERNEL); 1144 1145 #ifdef CONFIG_CFG80211_WEXT 1146 if (!info->valid_links) { 1147 if (info->req_ie) { 1148 memset(&wrqu, 0, sizeof(wrqu)); 1149 wrqu.data.length = info->req_ie_len; 1150 wireless_send_event(wdev->netdev, IWEVASSOCREQIE, 1151 &wrqu, info->req_ie); 1152 } 1153 1154 if (info->resp_ie) { 1155 memset(&wrqu, 0, sizeof(wrqu)); 1156 wrqu.data.length = info->resp_ie_len; 1157 wireless_send_event(wdev->netdev, IWEVASSOCRESPIE, 1158 &wrqu, info->resp_ie); 1159 } 1160 1161 memset(&wrqu, 0, sizeof(wrqu)); 1162 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 1163 memcpy(wrqu.ap_addr.sa_data, connected_addr, ETH_ALEN); 1164 memcpy(wdev->wext.prev_bssid, connected_addr, ETH_ALEN); 1165 wdev->wext.prev_bssid_valid = true; 1166 wireless_send_event(wdev->netdev, SIOCGIWAP, &wrqu, NULL); 1167 } 1168 #endif 1169 1170 return; 1171 out: 1172 for_each_valid_link(info, link) 1173 cfg80211_put_bss(wdev->wiphy, info->links[link].bss); 1174 } 1175 1176 /* Consumes info->links.bss object(s) one way or another */ 1177 void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info, 1178 gfp_t gfp) 1179 { 1180 struct wireless_dev *wdev = dev->ieee80211_ptr; 1181 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 1182 struct cfg80211_event *ev; 1183 unsigned long flags; 1184 u8 *next; 1185 unsigned int link; 1186 size_t link_info_size = 0; 1187 bool bss_not_found = false; 1188 1189 for_each_valid_link(info, link) { 1190 link_info_size += info->links[link].addr ? ETH_ALEN : 0; 1191 link_info_size += info->links[link].bssid ? ETH_ALEN : 0; 1192 1193 if (info->links[link].bss) 1194 continue; 1195 1196 info->links[link].bss = 1197 cfg80211_get_bss(wdev->wiphy, 1198 info->links[link].channel, 1199 info->links[link].bssid, 1200 wdev->u.client.ssid, 1201 wdev->u.client.ssid_len, 1202 wdev->conn_bss_type, 1203 IEEE80211_PRIVACY_ANY); 1204 1205 if (!info->links[link].bss) { 1206 bss_not_found = true; 1207 break; 1208 } 1209 } 1210 1211 if (WARN_ON(bss_not_found)) 1212 goto out; 1213 1214 ev = kzalloc(sizeof(*ev) + info->req_ie_len + info->resp_ie_len + 1215 info->fils.kek_len + info->fils.pmk_len + 1216 (info->fils.pmkid ? WLAN_PMKID_LEN : 0) + 1217 (info->ap_mld_addr ? ETH_ALEN : 0) + link_info_size, gfp); 1218 if (!ev) 1219 goto out; 1220 1221 ev->type = EVENT_ROAMED; 1222 next = ((u8 *)ev) + sizeof(*ev); 1223 if (info->req_ie_len) { 1224 ev->rm.req_ie = next; 1225 ev->rm.req_ie_len = info->req_ie_len; 1226 memcpy((void *)ev->rm.req_ie, info->req_ie, info->req_ie_len); 1227 next += info->req_ie_len; 1228 } 1229 if (info->resp_ie_len) { 1230 ev->rm.resp_ie = next; 1231 ev->rm.resp_ie_len = info->resp_ie_len; 1232 memcpy((void *)ev->rm.resp_ie, info->resp_ie, 1233 info->resp_ie_len); 1234 next += info->resp_ie_len; 1235 } 1236 if (info->fils.kek_len) { 1237 ev->rm.fils.kek = next; 1238 ev->rm.fils.kek_len = info->fils.kek_len; 1239 memcpy((void *)ev->rm.fils.kek, info->fils.kek, 1240 info->fils.kek_len); 1241 next += info->fils.kek_len; 1242 } 1243 if (info->fils.pmk_len) { 1244 ev->rm.fils.pmk = next; 1245 ev->rm.fils.pmk_len = info->fils.pmk_len; 1246 memcpy((void *)ev->rm.fils.pmk, info->fils.pmk, 1247 info->fils.pmk_len); 1248 next += info->fils.pmk_len; 1249 } 1250 if (info->fils.pmkid) { 1251 ev->rm.fils.pmkid = next; 1252 memcpy((void *)ev->rm.fils.pmkid, info->fils.pmkid, 1253 WLAN_PMKID_LEN); 1254 next += WLAN_PMKID_LEN; 1255 } 1256 ev->rm.fils.update_erp_next_seq_num = info->fils.update_erp_next_seq_num; 1257 if (info->fils.update_erp_next_seq_num) 1258 ev->rm.fils.erp_next_seq_num = info->fils.erp_next_seq_num; 1259 if (info->ap_mld_addr) { 1260 ev->rm.ap_mld_addr = next; 1261 memcpy((void *)ev->rm.ap_mld_addr, info->ap_mld_addr, 1262 ETH_ALEN); 1263 next += ETH_ALEN; 1264 } 1265 ev->rm.valid_links = info->valid_links; 1266 for_each_valid_link(info, link) { 1267 ev->rm.links[link].bss = info->links[link].bss; 1268 1269 if (info->links[link].addr) { 1270 ev->rm.links[link].addr = next; 1271 memcpy((void *)ev->rm.links[link].addr, 1272 info->links[link].addr, 1273 ETH_ALEN); 1274 next += ETH_ALEN; 1275 } 1276 1277 if (info->links[link].bssid) { 1278 ev->rm.links[link].bssid = next; 1279 memcpy((void *)ev->rm.links[link].bssid, 1280 info->links[link].bssid, 1281 ETH_ALEN); 1282 next += ETH_ALEN; 1283 } 1284 } 1285 1286 spin_lock_irqsave(&wdev->event_lock, flags); 1287 list_add_tail(&ev->list, &wdev->event_list); 1288 spin_unlock_irqrestore(&wdev->event_lock, flags); 1289 queue_work(cfg80211_wq, &rdev->event_work); 1290 1291 return; 1292 out: 1293 for_each_valid_link(info, link) 1294 cfg80211_put_bss(wdev->wiphy, info->links[link].bss); 1295 1296 } 1297 EXPORT_SYMBOL(cfg80211_roamed); 1298 1299 void __cfg80211_port_authorized(struct wireless_dev *wdev, const u8 *bssid, 1300 const u8 *td_bitmap, u8 td_bitmap_len) 1301 { 1302 ASSERT_WDEV_LOCK(wdev); 1303 1304 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && 1305 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) 1306 return; 1307 1308 if (WARN_ON(!wdev->connected) || 1309 WARN_ON(!ether_addr_equal(wdev->u.client.connected_addr, bssid))) 1310 return; 1311 1312 nl80211_send_port_authorized(wiphy_to_rdev(wdev->wiphy), wdev->netdev, 1313 bssid, td_bitmap, td_bitmap_len); 1314 } 1315 1316 void cfg80211_port_authorized(struct net_device *dev, const u8 *bssid, 1317 const u8 *td_bitmap, u8 td_bitmap_len, gfp_t gfp) 1318 { 1319 struct wireless_dev *wdev = dev->ieee80211_ptr; 1320 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 1321 struct cfg80211_event *ev; 1322 unsigned long flags; 1323 1324 if (WARN_ON(!bssid)) 1325 return; 1326 1327 ev = kzalloc(sizeof(*ev) + td_bitmap_len, gfp); 1328 if (!ev) 1329 return; 1330 1331 ev->type = EVENT_PORT_AUTHORIZED; 1332 memcpy(ev->pa.bssid, bssid, ETH_ALEN); 1333 ev->pa.td_bitmap = ((u8 *)ev) + sizeof(*ev); 1334 ev->pa.td_bitmap_len = td_bitmap_len; 1335 memcpy((void *)ev->pa.td_bitmap, td_bitmap, td_bitmap_len); 1336 1337 /* 1338 * Use the wdev event list so that if there are pending 1339 * connected/roamed events, they will be reported first. 1340 */ 1341 spin_lock_irqsave(&wdev->event_lock, flags); 1342 list_add_tail(&ev->list, &wdev->event_list); 1343 spin_unlock_irqrestore(&wdev->event_lock, flags); 1344 queue_work(cfg80211_wq, &rdev->event_work); 1345 } 1346 EXPORT_SYMBOL(cfg80211_port_authorized); 1347 1348 void __cfg80211_disconnected(struct net_device *dev, const u8 *ie, 1349 size_t ie_len, u16 reason, bool from_ap) 1350 { 1351 struct wireless_dev *wdev = dev->ieee80211_ptr; 1352 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 1353 int i; 1354 #ifdef CONFIG_CFG80211_WEXT 1355 union iwreq_data wrqu; 1356 #endif 1357 1358 ASSERT_WDEV_LOCK(wdev); 1359 1360 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && 1361 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) 1362 return; 1363 1364 cfg80211_wdev_release_bsses(wdev); 1365 wdev->connected = false; 1366 wdev->u.client.ssid_len = 0; 1367 wdev->conn_owner_nlportid = 0; 1368 kfree_sensitive(wdev->connect_keys); 1369 wdev->connect_keys = NULL; 1370 1371 nl80211_send_disconnected(rdev, dev, reason, ie, ie_len, from_ap); 1372 1373 /* stop critical protocol if supported */ 1374 if (rdev->ops->crit_proto_stop && rdev->crit_proto_nlportid) { 1375 rdev->crit_proto_nlportid = 0; 1376 rdev_crit_proto_stop(rdev, wdev); 1377 } 1378 1379 /* 1380 * Delete all the keys ... pairwise keys can't really 1381 * exist any more anyway, but default keys might. 1382 */ 1383 if (rdev->ops->del_key) { 1384 int max_key_idx = 5; 1385 1386 if (wiphy_ext_feature_isset( 1387 wdev->wiphy, 1388 NL80211_EXT_FEATURE_BEACON_PROTECTION) || 1389 wiphy_ext_feature_isset( 1390 wdev->wiphy, 1391 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT)) 1392 max_key_idx = 7; 1393 for (i = 0; i <= max_key_idx; i++) 1394 rdev_del_key(rdev, dev, -1, i, false, NULL); 1395 } 1396 1397 rdev_set_qos_map(rdev, dev, NULL); 1398 1399 #ifdef CONFIG_CFG80211_WEXT 1400 memset(&wrqu, 0, sizeof(wrqu)); 1401 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 1402 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL); 1403 wdev->wext.connect.ssid_len = 0; 1404 #endif 1405 1406 schedule_work(&cfg80211_disconnect_work); 1407 } 1408 1409 void cfg80211_disconnected(struct net_device *dev, u16 reason, 1410 const u8 *ie, size_t ie_len, 1411 bool locally_generated, gfp_t gfp) 1412 { 1413 struct wireless_dev *wdev = dev->ieee80211_ptr; 1414 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 1415 struct cfg80211_event *ev; 1416 unsigned long flags; 1417 1418 ev = kzalloc(sizeof(*ev) + ie_len, gfp); 1419 if (!ev) 1420 return; 1421 1422 ev->type = EVENT_DISCONNECTED; 1423 ev->dc.ie = ((u8 *)ev) + sizeof(*ev); 1424 ev->dc.ie_len = ie_len; 1425 memcpy((void *)ev->dc.ie, ie, ie_len); 1426 ev->dc.reason = reason; 1427 ev->dc.locally_generated = locally_generated; 1428 1429 spin_lock_irqsave(&wdev->event_lock, flags); 1430 list_add_tail(&ev->list, &wdev->event_list); 1431 spin_unlock_irqrestore(&wdev->event_lock, flags); 1432 queue_work(cfg80211_wq, &rdev->event_work); 1433 } 1434 EXPORT_SYMBOL(cfg80211_disconnected); 1435 1436 /* 1437 * API calls for nl80211/wext compatibility code 1438 */ 1439 int cfg80211_connect(struct cfg80211_registered_device *rdev, 1440 struct net_device *dev, 1441 struct cfg80211_connect_params *connect, 1442 struct cfg80211_cached_keys *connkeys, 1443 const u8 *prev_bssid) 1444 { 1445 struct wireless_dev *wdev = dev->ieee80211_ptr; 1446 int err; 1447 1448 ASSERT_WDEV_LOCK(wdev); 1449 1450 /* 1451 * If we have an ssid_len, we're trying to connect or are 1452 * already connected, so reject a new SSID unless it's the 1453 * same (which is the case for re-association.) 1454 */ 1455 if (wdev->u.client.ssid_len && 1456 (wdev->u.client.ssid_len != connect->ssid_len || 1457 memcmp(wdev->u.client.ssid, connect->ssid, wdev->u.client.ssid_len))) 1458 return -EALREADY; 1459 1460 /* 1461 * If connected, reject (re-)association unless prev_bssid 1462 * matches the current BSSID. 1463 */ 1464 if (wdev->connected) { 1465 if (!prev_bssid) 1466 return -EALREADY; 1467 if (!ether_addr_equal(prev_bssid, 1468 wdev->u.client.connected_addr)) 1469 return -ENOTCONN; 1470 } 1471 1472 /* 1473 * Reject if we're in the process of connecting with WEP, 1474 * this case isn't very interesting and trying to handle 1475 * it would make the code much more complex. 1476 */ 1477 if (wdev->connect_keys) 1478 return -EINPROGRESS; 1479 1480 cfg80211_oper_and_ht_capa(&connect->ht_capa_mask, 1481 rdev->wiphy.ht_capa_mod_mask); 1482 cfg80211_oper_and_vht_capa(&connect->vht_capa_mask, 1483 rdev->wiphy.vht_capa_mod_mask); 1484 1485 if (connkeys && connkeys->def >= 0) { 1486 int idx; 1487 u32 cipher; 1488 1489 idx = connkeys->def; 1490 cipher = connkeys->params[idx].cipher; 1491 /* If given a WEP key we may need it for shared key auth */ 1492 if (cipher == WLAN_CIPHER_SUITE_WEP40 || 1493 cipher == WLAN_CIPHER_SUITE_WEP104) { 1494 connect->key_idx = idx; 1495 connect->key = connkeys->params[idx].key; 1496 connect->key_len = connkeys->params[idx].key_len; 1497 1498 /* 1499 * If ciphers are not set (e.g. when going through 1500 * iwconfig), we have to set them appropriately here. 1501 */ 1502 if (connect->crypto.cipher_group == 0) 1503 connect->crypto.cipher_group = cipher; 1504 1505 if (connect->crypto.n_ciphers_pairwise == 0) { 1506 connect->crypto.n_ciphers_pairwise = 1; 1507 connect->crypto.ciphers_pairwise[0] = cipher; 1508 } 1509 } 1510 } else { 1511 if (WARN_ON(connkeys)) 1512 return -EINVAL; 1513 1514 /* connect can point to wdev->wext.connect which 1515 * can hold key data from a previous connection 1516 */ 1517 connect->key = NULL; 1518 connect->key_len = 0; 1519 connect->key_idx = 0; 1520 } 1521 1522 wdev->connect_keys = connkeys; 1523 memcpy(wdev->u.client.ssid, connect->ssid, connect->ssid_len); 1524 wdev->u.client.ssid_len = connect->ssid_len; 1525 1526 wdev->conn_bss_type = connect->pbss ? IEEE80211_BSS_TYPE_PBSS : 1527 IEEE80211_BSS_TYPE_ESS; 1528 1529 if (!rdev->ops->connect) 1530 err = cfg80211_sme_connect(wdev, connect, prev_bssid); 1531 else 1532 err = rdev_connect(rdev, dev, connect); 1533 1534 if (err) { 1535 wdev->connect_keys = NULL; 1536 /* 1537 * This could be reassoc getting refused, don't clear 1538 * ssid_len in that case. 1539 */ 1540 if (!wdev->connected) 1541 wdev->u.client.ssid_len = 0; 1542 return err; 1543 } 1544 1545 return 0; 1546 } 1547 1548 int cfg80211_disconnect(struct cfg80211_registered_device *rdev, 1549 struct net_device *dev, u16 reason, bool wextev) 1550 { 1551 struct wireless_dev *wdev = dev->ieee80211_ptr; 1552 int err = 0; 1553 1554 ASSERT_WDEV_LOCK(wdev); 1555 1556 kfree_sensitive(wdev->connect_keys); 1557 wdev->connect_keys = NULL; 1558 1559 wdev->conn_owner_nlportid = 0; 1560 1561 if (wdev->conn) 1562 err = cfg80211_sme_disconnect(wdev, reason); 1563 else if (!rdev->ops->disconnect) 1564 cfg80211_mlme_down(rdev, dev); 1565 else if (wdev->u.client.ssid_len) 1566 err = rdev_disconnect(rdev, dev, reason); 1567 1568 /* 1569 * Clear ssid_len unless we actually were fully connected, 1570 * in which case cfg80211_disconnected() will take care of 1571 * this later. 1572 */ 1573 if (!wdev->connected) 1574 wdev->u.client.ssid_len = 0; 1575 1576 return err; 1577 } 1578 1579 /* 1580 * Used to clean up after the connection / connection attempt owner socket 1581 * disconnects 1582 */ 1583 void cfg80211_autodisconnect_wk(struct work_struct *work) 1584 { 1585 struct wireless_dev *wdev = 1586 container_of(work, struct wireless_dev, disconnect_wk); 1587 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 1588 1589 wiphy_lock(wdev->wiphy); 1590 wdev_lock(wdev); 1591 1592 if (wdev->conn_owner_nlportid) { 1593 switch (wdev->iftype) { 1594 case NL80211_IFTYPE_ADHOC: 1595 __cfg80211_leave_ibss(rdev, wdev->netdev, false); 1596 break; 1597 case NL80211_IFTYPE_AP: 1598 case NL80211_IFTYPE_P2P_GO: 1599 __cfg80211_stop_ap(rdev, wdev->netdev, -1, false); 1600 break; 1601 case NL80211_IFTYPE_MESH_POINT: 1602 __cfg80211_leave_mesh(rdev, wdev->netdev); 1603 break; 1604 case NL80211_IFTYPE_STATION: 1605 case NL80211_IFTYPE_P2P_CLIENT: 1606 /* 1607 * Use disconnect_bssid if still connecting and 1608 * ops->disconnect not implemented. Otherwise we can 1609 * use cfg80211_disconnect. 1610 */ 1611 if (rdev->ops->disconnect || wdev->connected) 1612 cfg80211_disconnect(rdev, wdev->netdev, 1613 WLAN_REASON_DEAUTH_LEAVING, 1614 true); 1615 else 1616 cfg80211_mlme_deauth(rdev, wdev->netdev, 1617 wdev->disconnect_bssid, 1618 NULL, 0, 1619 WLAN_REASON_DEAUTH_LEAVING, 1620 false); 1621 break; 1622 default: 1623 break; 1624 } 1625 } 1626 1627 wdev_unlock(wdev); 1628 wiphy_unlock(wdev->wiphy); 1629 } 1630