xref: /openbmc/linux/net/wireless/sme.c (revision b6dcefde)
1 /*
2  * SME code for cfg80211's connect emulation.
3  *
4  * Copyright 2009	Johannes Berg <johannes@sipsolutions.net>
5  * Copyright (C) 2009   Intel Corporation. All rights reserved.
6  */
7 
8 #include <linux/etherdevice.h>
9 #include <linux/if_arp.h>
10 #include <linux/workqueue.h>
11 #include <linux/wireless.h>
12 #include <net/iw_handler.h>
13 #include <net/cfg80211.h>
14 #include <net/rtnetlink.h>
15 #include "nl80211.h"
16 #include "reg.h"
17 
18 struct cfg80211_conn {
19 	struct cfg80211_connect_params params;
20 	/* these are sub-states of the _CONNECTING sme_state */
21 	enum {
22 		CFG80211_CONN_IDLE,
23 		CFG80211_CONN_SCANNING,
24 		CFG80211_CONN_SCAN_AGAIN,
25 		CFG80211_CONN_AUTHENTICATE_NEXT,
26 		CFG80211_CONN_AUTHENTICATING,
27 		CFG80211_CONN_ASSOCIATE_NEXT,
28 		CFG80211_CONN_ASSOCIATING,
29 		CFG80211_CONN_DEAUTH_ASSOC_FAIL,
30 	} state;
31 	u8 bssid[ETH_ALEN], prev_bssid[ETH_ALEN];
32 	u8 *ie;
33 	size_t ie_len;
34 	bool auto_auth, prev_bssid_valid;
35 };
36 
37 
38 static int cfg80211_conn_scan(struct wireless_dev *wdev)
39 {
40 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
41 	struct cfg80211_scan_request *request;
42 	int n_channels, err;
43 
44 	ASSERT_RTNL();
45 	ASSERT_RDEV_LOCK(rdev);
46 	ASSERT_WDEV_LOCK(wdev);
47 
48 	if (rdev->scan_req)
49 		return -EBUSY;
50 
51 	if (wdev->conn->params.channel) {
52 		n_channels = 1;
53 	} else {
54 		enum ieee80211_band band;
55 		n_channels = 0;
56 
57 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
58 			if (!wdev->wiphy->bands[band])
59 				continue;
60 			n_channels += wdev->wiphy->bands[band]->n_channels;
61 		}
62 	}
63 	request = kzalloc(sizeof(*request) + sizeof(request->ssids[0]) +
64 			  sizeof(request->channels[0]) * n_channels,
65 			  GFP_KERNEL);
66 	if (!request)
67 		return -ENOMEM;
68 
69 	if (wdev->conn->params.channel)
70 		request->channels[0] = wdev->conn->params.channel;
71 	else {
72 		int i = 0, j;
73 		enum ieee80211_band band;
74 
75 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
76 			if (!wdev->wiphy->bands[band])
77 				continue;
78 			for (j = 0; j < wdev->wiphy->bands[band]->n_channels;
79 			     i++, j++)
80 				request->channels[i] =
81 					&wdev->wiphy->bands[band]->channels[j];
82 		}
83 	}
84 	request->n_channels = n_channels;
85 	request->ssids = (void *)&request->channels[n_channels];
86 	request->n_ssids = 1;
87 
88 	memcpy(request->ssids[0].ssid, wdev->conn->params.ssid,
89 		wdev->conn->params.ssid_len);
90 	request->ssids[0].ssid_len = wdev->conn->params.ssid_len;
91 
92 	request->dev = wdev->netdev;
93 	request->wiphy = &rdev->wiphy;
94 
95 	rdev->scan_req = request;
96 
97 	err = rdev->ops->scan(wdev->wiphy, wdev->netdev, request);
98 	if (!err) {
99 		wdev->conn->state = CFG80211_CONN_SCANNING;
100 		nl80211_send_scan_start(rdev, wdev->netdev);
101 		dev_hold(wdev->netdev);
102 	} else {
103 		rdev->scan_req = NULL;
104 		kfree(request);
105 	}
106 	return err;
107 }
108 
109 static int cfg80211_conn_do_work(struct wireless_dev *wdev)
110 {
111 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
112 	struct cfg80211_connect_params *params;
113 	const u8 *prev_bssid = NULL;
114 	int err;
115 
116 	ASSERT_WDEV_LOCK(wdev);
117 
118 	if (!wdev->conn)
119 		return 0;
120 
121 	params = &wdev->conn->params;
122 
123 	switch (wdev->conn->state) {
124 	case CFG80211_CONN_SCAN_AGAIN:
125 		return cfg80211_conn_scan(wdev);
126 	case CFG80211_CONN_AUTHENTICATE_NEXT:
127 		BUG_ON(!rdev->ops->auth);
128 		wdev->conn->state = CFG80211_CONN_AUTHENTICATING;
129 		return __cfg80211_mlme_auth(rdev, wdev->netdev,
130 					    params->channel, params->auth_type,
131 					    params->bssid,
132 					    params->ssid, params->ssid_len,
133 					    NULL, 0,
134 					    params->key, params->key_len,
135 					    params->key_idx);
136 	case CFG80211_CONN_ASSOCIATE_NEXT:
137 		BUG_ON(!rdev->ops->assoc);
138 		wdev->conn->state = CFG80211_CONN_ASSOCIATING;
139 		if (wdev->conn->prev_bssid_valid)
140 			prev_bssid = wdev->conn->prev_bssid;
141 		err = __cfg80211_mlme_assoc(rdev, wdev->netdev,
142 					    params->channel, params->bssid,
143 					    prev_bssid,
144 					    params->ssid, params->ssid_len,
145 					    params->ie, params->ie_len,
146 					    false, &params->crypto);
147 		if (err)
148 			__cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
149 					       NULL, 0,
150 					       WLAN_REASON_DEAUTH_LEAVING);
151 		return err;
152 	case CFG80211_CONN_DEAUTH_ASSOC_FAIL:
153 		__cfg80211_mlme_deauth(rdev, wdev->netdev, params->bssid,
154 				       NULL, 0,
155 				       WLAN_REASON_DEAUTH_LEAVING);
156 		/* return an error so that we call __cfg80211_connect_result() */
157 		return -EINVAL;
158 	default:
159 		return 0;
160 	}
161 }
162 
163 void cfg80211_conn_work(struct work_struct *work)
164 {
165 	struct cfg80211_registered_device *rdev =
166 		container_of(work, struct cfg80211_registered_device, conn_work);
167 	struct wireless_dev *wdev;
168 	u8 bssid_buf[ETH_ALEN], *bssid = NULL;
169 
170 	rtnl_lock();
171 	cfg80211_lock_rdev(rdev);
172 	mutex_lock(&rdev->devlist_mtx);
173 
174 	list_for_each_entry(wdev, &rdev->netdev_list, list) {
175 		wdev_lock(wdev);
176 		if (!netif_running(wdev->netdev)) {
177 			wdev_unlock(wdev);
178 			continue;
179 		}
180 		if (wdev->sme_state != CFG80211_SME_CONNECTING) {
181 			wdev_unlock(wdev);
182 			continue;
183 		}
184 		if (wdev->conn->params.bssid) {
185 			memcpy(bssid_buf, wdev->conn->params.bssid, ETH_ALEN);
186 			bssid = bssid_buf;
187 		}
188 		if (cfg80211_conn_do_work(wdev))
189 			__cfg80211_connect_result(
190 					wdev->netdev, bssid,
191 					NULL, 0, NULL, 0,
192 					WLAN_STATUS_UNSPECIFIED_FAILURE,
193 					false, NULL);
194 		wdev_unlock(wdev);
195 	}
196 
197 	mutex_unlock(&rdev->devlist_mtx);
198 	cfg80211_unlock_rdev(rdev);
199 	rtnl_unlock();
200 }
201 
202 static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev)
203 {
204 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
205 	struct cfg80211_bss *bss;
206 	u16 capa = WLAN_CAPABILITY_ESS;
207 
208 	ASSERT_WDEV_LOCK(wdev);
209 
210 	if (wdev->conn->params.privacy)
211 		capa |= WLAN_CAPABILITY_PRIVACY;
212 
213 	bss = cfg80211_get_bss(wdev->wiphy, NULL, wdev->conn->params.bssid,
214 			       wdev->conn->params.ssid,
215 			       wdev->conn->params.ssid_len,
216 			       WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY,
217 			       capa);
218 	if (!bss)
219 		return NULL;
220 
221 	memcpy(wdev->conn->bssid, bss->bssid, ETH_ALEN);
222 	wdev->conn->params.bssid = wdev->conn->bssid;
223 	wdev->conn->params.channel = bss->channel;
224 	wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
225 	schedule_work(&rdev->conn_work);
226 
227 	return bss;
228 }
229 
230 static void __cfg80211_sme_scan_done(struct net_device *dev)
231 {
232 	struct wireless_dev *wdev = dev->ieee80211_ptr;
233 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
234 	struct cfg80211_bss *bss;
235 
236 	ASSERT_WDEV_LOCK(wdev);
237 
238 	if (wdev->sme_state != CFG80211_SME_CONNECTING)
239 		return;
240 
241 	if (!wdev->conn)
242 		return;
243 
244 	if (wdev->conn->state != CFG80211_CONN_SCANNING &&
245 	    wdev->conn->state != CFG80211_CONN_SCAN_AGAIN)
246 		return;
247 
248 	bss = cfg80211_get_conn_bss(wdev);
249 	if (bss) {
250 		cfg80211_put_bss(bss);
251 	} else {
252 		/* not found */
253 		if (wdev->conn->state == CFG80211_CONN_SCAN_AGAIN)
254 			schedule_work(&rdev->conn_work);
255 		else
256 			__cfg80211_connect_result(
257 					wdev->netdev,
258 					wdev->conn->params.bssid,
259 					NULL, 0, NULL, 0,
260 					WLAN_STATUS_UNSPECIFIED_FAILURE,
261 					false, NULL);
262 	}
263 }
264 
265 void cfg80211_sme_scan_done(struct net_device *dev)
266 {
267 	struct wireless_dev *wdev = dev->ieee80211_ptr;
268 
269 	mutex_lock(&wiphy_to_dev(wdev->wiphy)->devlist_mtx);
270 	wdev_lock(wdev);
271 	__cfg80211_sme_scan_done(dev);
272 	wdev_unlock(wdev);
273 	mutex_unlock(&wiphy_to_dev(wdev->wiphy)->devlist_mtx);
274 }
275 
276 void cfg80211_sme_rx_auth(struct net_device *dev,
277 			  const u8 *buf, size_t len)
278 {
279 	struct wireless_dev *wdev = dev->ieee80211_ptr;
280 	struct wiphy *wiphy = wdev->wiphy;
281 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
282 	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
283 	u16 status_code = le16_to_cpu(mgmt->u.auth.status_code);
284 
285 	ASSERT_WDEV_LOCK(wdev);
286 
287 	/* should only RX auth frames when connecting */
288 	if (wdev->sme_state != CFG80211_SME_CONNECTING)
289 		return;
290 
291 	if (WARN_ON(!wdev->conn))
292 		return;
293 
294 	if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG &&
295 	    wdev->conn->auto_auth &&
296 	    wdev->conn->params.auth_type != NL80211_AUTHTYPE_NETWORK_EAP) {
297 		/* select automatically between only open, shared, leap */
298 		switch (wdev->conn->params.auth_type) {
299 		case NL80211_AUTHTYPE_OPEN_SYSTEM:
300 			if (wdev->connect_keys)
301 				wdev->conn->params.auth_type =
302 					NL80211_AUTHTYPE_SHARED_KEY;
303 			else
304 				wdev->conn->params.auth_type =
305 					NL80211_AUTHTYPE_NETWORK_EAP;
306 			break;
307 		case NL80211_AUTHTYPE_SHARED_KEY:
308 			wdev->conn->params.auth_type =
309 				NL80211_AUTHTYPE_NETWORK_EAP;
310 			break;
311 		default:
312 			/* huh? */
313 			wdev->conn->params.auth_type =
314 				NL80211_AUTHTYPE_OPEN_SYSTEM;
315 			break;
316 		}
317 		wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
318 		schedule_work(&rdev->conn_work);
319 	} else if (status_code != WLAN_STATUS_SUCCESS) {
320 		__cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, NULL, 0,
321 					  status_code, false, NULL);
322 	} else if (wdev->sme_state == CFG80211_SME_CONNECTING &&
323 		 wdev->conn->state == CFG80211_CONN_AUTHENTICATING) {
324 		wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT;
325 		schedule_work(&rdev->conn_work);
326 	}
327 }
328 
329 bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev)
330 {
331 	struct wiphy *wiphy = wdev->wiphy;
332 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
333 
334 	if (WARN_ON(!wdev->conn))
335 		return false;
336 
337 	if (!wdev->conn->prev_bssid_valid)
338 		return false;
339 
340 	/*
341 	 * Some stupid APs don't accept reassoc, so we
342 	 * need to fall back to trying regular assoc.
343 	 */
344 	wdev->conn->prev_bssid_valid = false;
345 	wdev->conn->state = CFG80211_CONN_ASSOCIATE_NEXT;
346 	schedule_work(&rdev->conn_work);
347 
348 	return true;
349 }
350 
351 void cfg80211_sme_failed_assoc(struct wireless_dev *wdev)
352 {
353 	struct wiphy *wiphy = wdev->wiphy;
354 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
355 
356 	wdev->conn->state = CFG80211_CONN_DEAUTH_ASSOC_FAIL;
357 	schedule_work(&rdev->conn_work);
358 }
359 
360 void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
361 			       const u8 *req_ie, size_t req_ie_len,
362 			       const u8 *resp_ie, size_t resp_ie_len,
363 			       u16 status, bool wextev,
364 			       struct cfg80211_bss *bss)
365 {
366 	struct wireless_dev *wdev = dev->ieee80211_ptr;
367 	u8 *country_ie;
368 #ifdef CONFIG_CFG80211_WEXT
369 	union iwreq_data wrqu;
370 #endif
371 
372 	ASSERT_WDEV_LOCK(wdev);
373 
374 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION))
375 		return;
376 
377 	if (wdev->sme_state != CFG80211_SME_CONNECTING)
378 		return;
379 
380 	nl80211_send_connect_result(wiphy_to_dev(wdev->wiphy), dev,
381 				    bssid, req_ie, req_ie_len,
382 				    resp_ie, resp_ie_len,
383 				    status, GFP_KERNEL);
384 
385 #ifdef CONFIG_CFG80211_WEXT
386 	if (wextev) {
387 		if (req_ie && status == WLAN_STATUS_SUCCESS) {
388 			memset(&wrqu, 0, sizeof(wrqu));
389 			wrqu.data.length = req_ie_len;
390 			wireless_send_event(dev, IWEVASSOCREQIE, &wrqu, req_ie);
391 		}
392 
393 		if (resp_ie && status == WLAN_STATUS_SUCCESS) {
394 			memset(&wrqu, 0, sizeof(wrqu));
395 			wrqu.data.length = resp_ie_len;
396 			wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu, resp_ie);
397 		}
398 
399 		memset(&wrqu, 0, sizeof(wrqu));
400 		wrqu.ap_addr.sa_family = ARPHRD_ETHER;
401 		if (bssid && status == WLAN_STATUS_SUCCESS) {
402 			memcpy(wrqu.ap_addr.sa_data, bssid, ETH_ALEN);
403 			memcpy(wdev->wext.prev_bssid, bssid, ETH_ALEN);
404 			wdev->wext.prev_bssid_valid = true;
405 		}
406 		wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
407 	}
408 #endif
409 
410 	if (wdev->current_bss) {
411 		cfg80211_unhold_bss(wdev->current_bss);
412 		cfg80211_put_bss(&wdev->current_bss->pub);
413 		wdev->current_bss = NULL;
414 	}
415 
416 	if (wdev->conn)
417 		wdev->conn->state = CFG80211_CONN_IDLE;
418 
419 	if (status != WLAN_STATUS_SUCCESS) {
420 		wdev->sme_state = CFG80211_SME_IDLE;
421 		if (wdev->conn)
422 			kfree(wdev->conn->ie);
423 		kfree(wdev->conn);
424 		wdev->conn = NULL;
425 		kfree(wdev->connect_keys);
426 		wdev->connect_keys = NULL;
427 		wdev->ssid_len = 0;
428 		return;
429 	}
430 
431 	if (!bss)
432 		bss = cfg80211_get_bss(wdev->wiphy, NULL, bssid,
433 				       wdev->ssid, wdev->ssid_len,
434 				       WLAN_CAPABILITY_ESS,
435 				       WLAN_CAPABILITY_ESS);
436 
437 	if (WARN_ON(!bss))
438 		return;
439 
440 	cfg80211_hold_bss(bss_from_pub(bss));
441 	wdev->current_bss = bss_from_pub(bss);
442 
443 	wdev->sme_state = CFG80211_SME_CONNECTED;
444 	cfg80211_upload_connect_keys(wdev);
445 
446 	country_ie = (u8 *) ieee80211_bss_get_ie(bss, WLAN_EID_COUNTRY);
447 
448 	if (!country_ie)
449 		return;
450 
451 	/*
452 	 * ieee80211_bss_get_ie() ensures we can access:
453 	 * - country_ie + 2, the start of the country ie data, and
454 	 * - and country_ie[1] which is the IE length
455 	 */
456 	regulatory_hint_11d(wdev->wiphy,
457 			    country_ie + 2,
458 			    country_ie[1]);
459 }
460 
461 void cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
462 			     const u8 *req_ie, size_t req_ie_len,
463 			     const u8 *resp_ie, size_t resp_ie_len,
464 			     u16 status, gfp_t gfp)
465 {
466 	struct wireless_dev *wdev = dev->ieee80211_ptr;
467 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
468 	struct cfg80211_event *ev;
469 	unsigned long flags;
470 
471 	CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTING);
472 
473 	ev = kzalloc(sizeof(*ev) + req_ie_len + resp_ie_len, gfp);
474 	if (!ev)
475 		return;
476 
477 	ev->type = EVENT_CONNECT_RESULT;
478 	if (bssid)
479 		memcpy(ev->cr.bssid, bssid, ETH_ALEN);
480 	ev->cr.req_ie = ((u8 *)ev) + sizeof(*ev);
481 	ev->cr.req_ie_len = req_ie_len;
482 	memcpy((void *)ev->cr.req_ie, req_ie, req_ie_len);
483 	ev->cr.resp_ie = ((u8 *)ev) + sizeof(*ev) + req_ie_len;
484 	ev->cr.resp_ie_len = resp_ie_len;
485 	memcpy((void *)ev->cr.resp_ie, resp_ie, resp_ie_len);
486 	ev->cr.status = status;
487 
488 	spin_lock_irqsave(&wdev->event_lock, flags);
489 	list_add_tail(&ev->list, &wdev->event_list);
490 	spin_unlock_irqrestore(&wdev->event_lock, flags);
491 	queue_work(cfg80211_wq, &rdev->event_work);
492 }
493 EXPORT_SYMBOL(cfg80211_connect_result);
494 
495 void __cfg80211_roamed(struct wireless_dev *wdev, const u8 *bssid,
496 		       const u8 *req_ie, size_t req_ie_len,
497 		       const u8 *resp_ie, size_t resp_ie_len)
498 {
499 	struct cfg80211_bss *bss;
500 #ifdef CONFIG_CFG80211_WEXT
501 	union iwreq_data wrqu;
502 #endif
503 
504 	ASSERT_WDEV_LOCK(wdev);
505 
506 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION))
507 		return;
508 
509 	if (wdev->sme_state != CFG80211_SME_CONNECTED)
510 		return;
511 
512 	/* internal error -- how did we get to CONNECTED w/o BSS? */
513 	if (WARN_ON(!wdev->current_bss)) {
514 		return;
515 	}
516 
517 	cfg80211_unhold_bss(wdev->current_bss);
518 	cfg80211_put_bss(&wdev->current_bss->pub);
519 	wdev->current_bss = NULL;
520 
521 	bss = cfg80211_get_bss(wdev->wiphy, NULL, bssid,
522 			       wdev->ssid, wdev->ssid_len,
523 			       WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS);
524 
525 	if (WARN_ON(!bss))
526 		return;
527 
528 	cfg80211_hold_bss(bss_from_pub(bss));
529 	wdev->current_bss = bss_from_pub(bss);
530 
531 	nl80211_send_roamed(wiphy_to_dev(wdev->wiphy), wdev->netdev, bssid,
532 			    req_ie, req_ie_len, resp_ie, resp_ie_len,
533 			    GFP_KERNEL);
534 
535 #ifdef CONFIG_CFG80211_WEXT
536 	if (req_ie) {
537 		memset(&wrqu, 0, sizeof(wrqu));
538 		wrqu.data.length = req_ie_len;
539 		wireless_send_event(wdev->netdev, IWEVASSOCREQIE,
540 				    &wrqu, req_ie);
541 	}
542 
543 	if (resp_ie) {
544 		memset(&wrqu, 0, sizeof(wrqu));
545 		wrqu.data.length = resp_ie_len;
546 		wireless_send_event(wdev->netdev, IWEVASSOCRESPIE,
547 				    &wrqu, resp_ie);
548 	}
549 
550 	memset(&wrqu, 0, sizeof(wrqu));
551 	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
552 	memcpy(wrqu.ap_addr.sa_data, bssid, ETH_ALEN);
553 	memcpy(wdev->wext.prev_bssid, bssid, ETH_ALEN);
554 	wdev->wext.prev_bssid_valid = true;
555 	wireless_send_event(wdev->netdev, SIOCGIWAP, &wrqu, NULL);
556 #endif
557 }
558 
559 void cfg80211_roamed(struct net_device *dev, const u8 *bssid,
560 		     const u8 *req_ie, size_t req_ie_len,
561 		     const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
562 {
563 	struct wireless_dev *wdev = dev->ieee80211_ptr;
564 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
565 	struct cfg80211_event *ev;
566 	unsigned long flags;
567 
568 	CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTED);
569 
570 	ev = kzalloc(sizeof(*ev) + req_ie_len + resp_ie_len, gfp);
571 	if (!ev)
572 		return;
573 
574 	ev->type = EVENT_ROAMED;
575 	memcpy(ev->rm.bssid, bssid, ETH_ALEN);
576 	ev->rm.req_ie = ((u8 *)ev) + sizeof(*ev);
577 	ev->rm.req_ie_len = req_ie_len;
578 	memcpy((void *)ev->rm.req_ie, req_ie, req_ie_len);
579 	ev->rm.resp_ie = ((u8 *)ev) + sizeof(*ev) + req_ie_len;
580 	ev->rm.resp_ie_len = resp_ie_len;
581 	memcpy((void *)ev->rm.resp_ie, resp_ie, resp_ie_len);
582 
583 	spin_lock_irqsave(&wdev->event_lock, flags);
584 	list_add_tail(&ev->list, &wdev->event_list);
585 	spin_unlock_irqrestore(&wdev->event_lock, flags);
586 	queue_work(cfg80211_wq, &rdev->event_work);
587 }
588 EXPORT_SYMBOL(cfg80211_roamed);
589 
590 void __cfg80211_disconnected(struct net_device *dev, const u8 *ie,
591 			     size_t ie_len, u16 reason, bool from_ap)
592 {
593 	struct wireless_dev *wdev = dev->ieee80211_ptr;
594 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
595 	int i;
596 #ifdef CONFIG_CFG80211_WEXT
597 	union iwreq_data wrqu;
598 #endif
599 
600 	ASSERT_WDEV_LOCK(wdev);
601 
602 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION))
603 		return;
604 
605 	if (wdev->sme_state != CFG80211_SME_CONNECTED)
606 		return;
607 
608 	if (wdev->current_bss) {
609 		cfg80211_unhold_bss(wdev->current_bss);
610 		cfg80211_put_bss(&wdev->current_bss->pub);
611 	}
612 
613 	wdev->current_bss = NULL;
614 	wdev->sme_state = CFG80211_SME_IDLE;
615 	wdev->ssid_len = 0;
616 
617 	if (wdev->conn) {
618 		const u8 *bssid;
619 		int ret;
620 
621 		kfree(wdev->conn->ie);
622 		wdev->conn->ie = NULL;
623 		kfree(wdev->conn);
624 		wdev->conn = NULL;
625 
626 		/*
627 		 * If this disconnect was due to a disassoc, we
628 		 * we might still have an auth BSS around. For
629 		 * the userspace SME that's currently expected,
630 		 * but for the kernel SME (nl80211 CONNECT or
631 		 * wireless extensions) we want to clear up all
632 		 * state.
633 		 */
634 		for (i = 0; i < MAX_AUTH_BSSES; i++) {
635 			if (!wdev->auth_bsses[i])
636 				continue;
637 			bssid = wdev->auth_bsses[i]->pub.bssid;
638 			ret = __cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0,
639 						WLAN_REASON_DEAUTH_LEAVING);
640 			WARN(ret, "deauth failed: %d\n", ret);
641 		}
642 	}
643 
644 	nl80211_send_disconnected(rdev, dev, reason, ie, ie_len, from_ap);
645 
646 	/*
647 	 * Delete all the keys ... pairwise keys can't really
648 	 * exist any more anyway, but default keys might.
649 	 */
650 	if (rdev->ops->del_key)
651 		for (i = 0; i < 6; i++)
652 			rdev->ops->del_key(wdev->wiphy, dev, i, NULL);
653 
654 #ifdef CONFIG_CFG80211_WEXT
655 	memset(&wrqu, 0, sizeof(wrqu));
656 	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
657 	wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
658 	wdev->wext.connect.ssid_len = 0;
659 #endif
660 }
661 
662 void cfg80211_disconnected(struct net_device *dev, u16 reason,
663 			   u8 *ie, size_t ie_len, gfp_t gfp)
664 {
665 	struct wireless_dev *wdev = dev->ieee80211_ptr;
666 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
667 	struct cfg80211_event *ev;
668 	unsigned long flags;
669 
670 	CFG80211_DEV_WARN_ON(wdev->sme_state != CFG80211_SME_CONNECTED);
671 
672 	ev = kzalloc(sizeof(*ev) + ie_len, gfp);
673 	if (!ev)
674 		return;
675 
676 	ev->type = EVENT_DISCONNECTED;
677 	ev->dc.ie = ((u8 *)ev) + sizeof(*ev);
678 	ev->dc.ie_len = ie_len;
679 	memcpy((void *)ev->dc.ie, ie, ie_len);
680 	ev->dc.reason = reason;
681 
682 	spin_lock_irqsave(&wdev->event_lock, flags);
683 	list_add_tail(&ev->list, &wdev->event_list);
684 	spin_unlock_irqrestore(&wdev->event_lock, flags);
685 	queue_work(cfg80211_wq, &rdev->event_work);
686 }
687 EXPORT_SYMBOL(cfg80211_disconnected);
688 
689 int __cfg80211_connect(struct cfg80211_registered_device *rdev,
690 		       struct net_device *dev,
691 		       struct cfg80211_connect_params *connect,
692 		       struct cfg80211_cached_keys *connkeys,
693 		       const u8 *prev_bssid)
694 {
695 	struct wireless_dev *wdev = dev->ieee80211_ptr;
696 	struct ieee80211_channel *chan;
697 	struct cfg80211_bss *bss = NULL;
698 	int err;
699 
700 	ASSERT_WDEV_LOCK(wdev);
701 
702 	if (wdev->sme_state != CFG80211_SME_IDLE)
703 		return -EALREADY;
704 
705 	chan = rdev_fixed_channel(rdev, wdev);
706 	if (chan && chan != connect->channel)
707 		return -EBUSY;
708 
709 	if (WARN_ON(wdev->connect_keys)) {
710 		kfree(wdev->connect_keys);
711 		wdev->connect_keys = NULL;
712 	}
713 
714 	if (connkeys && connkeys->def >= 0) {
715 		int idx;
716 		u32 cipher;
717 
718 		idx = connkeys->def;
719 		cipher = connkeys->params[idx].cipher;
720 		/* If given a WEP key we may need it for shared key auth */
721 		if (cipher == WLAN_CIPHER_SUITE_WEP40 ||
722 		    cipher == WLAN_CIPHER_SUITE_WEP104) {
723 			connect->key_idx = idx;
724 			connect->key = connkeys->params[idx].key;
725 			connect->key_len = connkeys->params[idx].key_len;
726 
727 			/*
728 			 * If ciphers are not set (e.g. when going through
729 			 * iwconfig), we have to set them appropriately here.
730 			 */
731 			if (connect->crypto.cipher_group == 0)
732 				connect->crypto.cipher_group = cipher;
733 
734 			if (connect->crypto.n_ciphers_pairwise == 0) {
735 				connect->crypto.n_ciphers_pairwise = 1;
736 				connect->crypto.ciphers_pairwise[0] = cipher;
737 			}
738 		}
739 	}
740 
741 	if (!rdev->ops->connect) {
742 		if (!rdev->ops->auth || !rdev->ops->assoc)
743 			return -EOPNOTSUPP;
744 
745 		if (WARN_ON(wdev->conn))
746 			return -EINPROGRESS;
747 
748 		wdev->conn = kzalloc(sizeof(*wdev->conn), GFP_KERNEL);
749 		if (!wdev->conn)
750 			return -ENOMEM;
751 
752 		/*
753 		 * Copy all parameters, and treat explicitly IEs, BSSID, SSID.
754 		 */
755 		memcpy(&wdev->conn->params, connect, sizeof(*connect));
756 		if (connect->bssid) {
757 			wdev->conn->params.bssid = wdev->conn->bssid;
758 			memcpy(wdev->conn->bssid, connect->bssid, ETH_ALEN);
759 		}
760 
761 		if (connect->ie) {
762 			wdev->conn->ie = kmemdup(connect->ie, connect->ie_len,
763 						GFP_KERNEL);
764 			wdev->conn->params.ie = wdev->conn->ie;
765 			if (!wdev->conn->ie) {
766 				kfree(wdev->conn);
767 				wdev->conn = NULL;
768 				return -ENOMEM;
769 			}
770 		}
771 
772 		if (connect->auth_type == NL80211_AUTHTYPE_AUTOMATIC) {
773 			wdev->conn->auto_auth = true;
774 			/* start with open system ... should mostly work */
775 			wdev->conn->params.auth_type =
776 				NL80211_AUTHTYPE_OPEN_SYSTEM;
777 		} else {
778 			wdev->conn->auto_auth = false;
779 		}
780 
781 		memcpy(wdev->ssid, connect->ssid, connect->ssid_len);
782 		wdev->ssid_len = connect->ssid_len;
783 		wdev->conn->params.ssid = wdev->ssid;
784 		wdev->conn->params.ssid_len = connect->ssid_len;
785 
786 		/* see if we have the bss already */
787 		bss = cfg80211_get_conn_bss(wdev);
788 
789 		wdev->sme_state = CFG80211_SME_CONNECTING;
790 		wdev->connect_keys = connkeys;
791 
792 		if (prev_bssid) {
793 			memcpy(wdev->conn->prev_bssid, prev_bssid, ETH_ALEN);
794 			wdev->conn->prev_bssid_valid = true;
795 		}
796 
797 		/* we're good if we have a matching bss struct */
798 		if (bss) {
799 			wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
800 			err = cfg80211_conn_do_work(wdev);
801 			cfg80211_put_bss(bss);
802 		} else {
803 			/* otherwise we'll need to scan for the AP first */
804 			err = cfg80211_conn_scan(wdev);
805 			/*
806 			 * If we can't scan right now, then we need to scan again
807 			 * after the current scan finished, since the parameters
808 			 * changed (unless we find a good AP anyway).
809 			 */
810 			if (err == -EBUSY) {
811 				err = 0;
812 				wdev->conn->state = CFG80211_CONN_SCAN_AGAIN;
813 			}
814 		}
815 		if (err) {
816 			kfree(wdev->conn->ie);
817 			kfree(wdev->conn);
818 			wdev->conn = NULL;
819 			wdev->sme_state = CFG80211_SME_IDLE;
820 			wdev->connect_keys = NULL;
821 			wdev->ssid_len = 0;
822 		}
823 
824 		return err;
825 	} else {
826 		wdev->sme_state = CFG80211_SME_CONNECTING;
827 		wdev->connect_keys = connkeys;
828 		err = rdev->ops->connect(&rdev->wiphy, dev, connect);
829 		if (err) {
830 			wdev->connect_keys = NULL;
831 			wdev->sme_state = CFG80211_SME_IDLE;
832 			return err;
833 		}
834 
835 		memcpy(wdev->ssid, connect->ssid, connect->ssid_len);
836 		wdev->ssid_len = connect->ssid_len;
837 
838 		return 0;
839 	}
840 }
841 
842 int cfg80211_connect(struct cfg80211_registered_device *rdev,
843 		     struct net_device *dev,
844 		     struct cfg80211_connect_params *connect,
845 		     struct cfg80211_cached_keys *connkeys)
846 {
847 	int err;
848 
849 	mutex_lock(&rdev->devlist_mtx);
850 	wdev_lock(dev->ieee80211_ptr);
851 	err = __cfg80211_connect(rdev, dev, connect, connkeys, NULL);
852 	wdev_unlock(dev->ieee80211_ptr);
853 	mutex_unlock(&rdev->devlist_mtx);
854 
855 	return err;
856 }
857 
858 int __cfg80211_disconnect(struct cfg80211_registered_device *rdev,
859 			  struct net_device *dev, u16 reason, bool wextev)
860 {
861 	struct wireless_dev *wdev = dev->ieee80211_ptr;
862 	int err;
863 
864 	ASSERT_WDEV_LOCK(wdev);
865 
866 	if (wdev->sme_state == CFG80211_SME_IDLE)
867 		return -EINVAL;
868 
869 	kfree(wdev->connect_keys);
870 	wdev->connect_keys = NULL;
871 
872 	if (!rdev->ops->disconnect) {
873 		if (!rdev->ops->deauth)
874 			return -EOPNOTSUPP;
875 
876 		/* was it connected by userspace SME? */
877 		if (!wdev->conn) {
878 			cfg80211_mlme_down(rdev, dev);
879 			return 0;
880 		}
881 
882 		if (wdev->sme_state == CFG80211_SME_CONNECTING &&
883 		    (wdev->conn->state == CFG80211_CONN_SCANNING ||
884 		     wdev->conn->state == CFG80211_CONN_SCAN_AGAIN)) {
885 			wdev->sme_state = CFG80211_SME_IDLE;
886 			kfree(wdev->conn->ie);
887 			kfree(wdev->conn);
888 			wdev->conn = NULL;
889 			wdev->ssid_len = 0;
890 			return 0;
891 		}
892 
893 		/* wdev->conn->params.bssid must be set if > SCANNING */
894 		err = __cfg80211_mlme_deauth(rdev, dev,
895 					     wdev->conn->params.bssid,
896 					     NULL, 0, reason);
897 		if (err)
898 			return err;
899 	} else {
900 		err = rdev->ops->disconnect(&rdev->wiphy, dev, reason);
901 		if (err)
902 			return err;
903 	}
904 
905 	if (wdev->sme_state == CFG80211_SME_CONNECTED)
906 		__cfg80211_disconnected(dev, NULL, 0, 0, false);
907 	else if (wdev->sme_state == CFG80211_SME_CONNECTING)
908 		__cfg80211_connect_result(dev, NULL, NULL, 0, NULL, 0,
909 					  WLAN_STATUS_UNSPECIFIED_FAILURE,
910 					  wextev, NULL);
911 
912 	return 0;
913 }
914 
915 int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
916 			struct net_device *dev,
917 			u16 reason, bool wextev)
918 {
919 	int err;
920 
921 	wdev_lock(dev->ieee80211_ptr);
922 	err = __cfg80211_disconnect(rdev, dev, reason, wextev);
923 	wdev_unlock(dev->ieee80211_ptr);
924 
925 	return err;
926 }
927 
928 void cfg80211_sme_disassoc(struct net_device *dev, int idx)
929 {
930 	struct wireless_dev *wdev = dev->ieee80211_ptr;
931 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
932 	u8 bssid[ETH_ALEN];
933 
934 	ASSERT_WDEV_LOCK(wdev);
935 
936 	if (!wdev->conn)
937 		return;
938 
939 	if (wdev->conn->state == CFG80211_CONN_IDLE)
940 		return;
941 
942 	/*
943 	 * Ok, so the association was made by this SME -- we don't
944 	 * want it any more so deauthenticate too.
945 	 */
946 
947 	if (!wdev->auth_bsses[idx])
948 		return;
949 
950 	memcpy(bssid, wdev->auth_bsses[idx]->pub.bssid, ETH_ALEN);
951 	if (__cfg80211_mlme_deauth(rdev, dev, bssid,
952 				   NULL, 0, WLAN_REASON_DEAUTH_LEAVING)) {
953 		/* whatever -- assume gone anyway */
954 		cfg80211_unhold_bss(wdev->auth_bsses[idx]);
955 		cfg80211_put_bss(&wdev->auth_bsses[idx]->pub);
956 		wdev->auth_bsses[idx] = NULL;
957 	}
958 }
959