mlme.c (30479B)
1// SPDX-License-Identifier: GPL-2.0 2/* 3 * cfg80211 MLME SAP interface 4 * 5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi> 6 * Copyright (c) 2015 Intel Deutschland GmbH 7 * Copyright (C) 2019-2020 Intel Corporation 8 */ 9 10#include <linux/kernel.h> 11#include <linux/module.h> 12#include <linux/etherdevice.h> 13#include <linux/netdevice.h> 14#include <linux/nl80211.h> 15#include <linux/slab.h> 16#include <linux/wireless.h> 17#include <net/cfg80211.h> 18#include <net/iw_handler.h> 19#include "core.h" 20#include "nl80211.h" 21#include "rdev-ops.h" 22 23 24void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss, 25 const u8 *buf, size_t len, int uapsd_queues, 26 const u8 *req_ies, size_t req_ies_len) 27{ 28 struct wireless_dev *wdev = dev->ieee80211_ptr; 29 struct wiphy *wiphy = wdev->wiphy; 30 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 31 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 32 struct cfg80211_connect_resp_params cr; 33 const u8 *resp_ie = mgmt->u.assoc_resp.variable; 34 size_t resp_ie_len = len - offsetof(struct ieee80211_mgmt, 35 u.assoc_resp.variable); 36 37 if (bss->channel->band == NL80211_BAND_S1GHZ) { 38 resp_ie = (u8 *)&mgmt->u.s1g_assoc_resp.variable; 39 resp_ie_len = len - offsetof(struct ieee80211_mgmt, 40 u.s1g_assoc_resp.variable); 41 } 42 43 memset(&cr, 0, sizeof(cr)); 44 cr.status = (int)le16_to_cpu(mgmt->u.assoc_resp.status_code); 45 cr.bssid = mgmt->bssid; 46 cr.bss = bss; 47 cr.req_ie = req_ies; 48 cr.req_ie_len = req_ies_len; 49 cr.resp_ie = resp_ie; 50 cr.resp_ie_len = resp_ie_len; 51 cr.timeout_reason = NL80211_TIMEOUT_UNSPECIFIED; 52 53 trace_cfg80211_send_rx_assoc(dev, bss); 54 55 /* 56 * This is a bit of a hack, we don't notify userspace of 57 * a (re-)association reply if we tried to send a reassoc 58 * and got a reject -- we only try again with an assoc 59 * frame instead of reassoc. 60 */ 61 if (cfg80211_sme_rx_assoc_resp(wdev, cr.status)) { 62 cfg80211_unhold_bss(bss_from_pub(bss)); 63 cfg80211_put_bss(wiphy, bss); 64 return; 65 } 66 67 nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues, 68 req_ies, req_ies_len); 69 /* update current_bss etc., consumes the bss reference */ 70 __cfg80211_connect_result(dev, &cr, cr.status == WLAN_STATUS_SUCCESS); 71} 72EXPORT_SYMBOL(cfg80211_rx_assoc_resp); 73 74static void cfg80211_process_auth(struct wireless_dev *wdev, 75 const u8 *buf, size_t len) 76{ 77 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 78 79 nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL); 80 cfg80211_sme_rx_auth(wdev, buf, len); 81} 82 83static void cfg80211_process_deauth(struct wireless_dev *wdev, 84 const u8 *buf, size_t len, 85 bool reconnect) 86{ 87 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 88 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 89 const u8 *bssid = mgmt->bssid; 90 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 91 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 92 93 nl80211_send_deauth(rdev, wdev->netdev, buf, len, reconnect, GFP_KERNEL); 94 95 if (!wdev->current_bss || 96 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 97 return; 98 99 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 100 cfg80211_sme_deauth(wdev); 101} 102 103static void cfg80211_process_disassoc(struct wireless_dev *wdev, 104 const u8 *buf, size_t len, 105 bool reconnect) 106{ 107 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 108 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 109 const u8 *bssid = mgmt->bssid; 110 u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 111 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 112 113 nl80211_send_disassoc(rdev, wdev->netdev, buf, len, reconnect, 114 GFP_KERNEL); 115 116 if (WARN_ON(!wdev->current_bss || 117 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 118 return; 119 120 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 121 cfg80211_sme_disassoc(wdev); 122} 123 124void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) 125{ 126 struct wireless_dev *wdev = dev->ieee80211_ptr; 127 struct ieee80211_mgmt *mgmt = (void *)buf; 128 129 ASSERT_WDEV_LOCK(wdev); 130 131 trace_cfg80211_rx_mlme_mgmt(dev, buf, len); 132 133 if (WARN_ON(len < 2)) 134 return; 135 136 if (ieee80211_is_auth(mgmt->frame_control)) 137 cfg80211_process_auth(wdev, buf, len); 138 else if (ieee80211_is_deauth(mgmt->frame_control)) 139 cfg80211_process_deauth(wdev, buf, len, false); 140 else if (ieee80211_is_disassoc(mgmt->frame_control)) 141 cfg80211_process_disassoc(wdev, buf, len, false); 142} 143EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt); 144 145void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr) 146{ 147 struct wireless_dev *wdev = dev->ieee80211_ptr; 148 struct wiphy *wiphy = wdev->wiphy; 149 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 150 151 trace_cfg80211_send_auth_timeout(dev, addr); 152 153 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL); 154 cfg80211_sme_auth_timeout(wdev); 155} 156EXPORT_SYMBOL(cfg80211_auth_timeout); 157 158void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss) 159{ 160 struct wireless_dev *wdev = dev->ieee80211_ptr; 161 struct wiphy *wiphy = wdev->wiphy; 162 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 163 164 trace_cfg80211_send_assoc_timeout(dev, bss->bssid); 165 166 nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL); 167 cfg80211_sme_assoc_timeout(wdev); 168 169 cfg80211_unhold_bss(bss_from_pub(bss)); 170 cfg80211_put_bss(wiphy, bss); 171} 172EXPORT_SYMBOL(cfg80211_assoc_timeout); 173 174void cfg80211_abandon_assoc(struct net_device *dev, struct cfg80211_bss *bss) 175{ 176 struct wireless_dev *wdev = dev->ieee80211_ptr; 177 struct wiphy *wiphy = wdev->wiphy; 178 179 cfg80211_sme_abandon_assoc(wdev); 180 181 cfg80211_unhold_bss(bss_from_pub(bss)); 182 cfg80211_put_bss(wiphy, bss); 183} 184EXPORT_SYMBOL(cfg80211_abandon_assoc); 185 186void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len, 187 bool reconnect) 188{ 189 struct wireless_dev *wdev = dev->ieee80211_ptr; 190 struct ieee80211_mgmt *mgmt = (void *)buf; 191 192 ASSERT_WDEV_LOCK(wdev); 193 194 trace_cfg80211_tx_mlme_mgmt(dev, buf, len, reconnect); 195 196 if (WARN_ON(len < 2)) 197 return; 198 199 if (ieee80211_is_deauth(mgmt->frame_control)) 200 cfg80211_process_deauth(wdev, buf, len, reconnect); 201 else 202 cfg80211_process_disassoc(wdev, buf, len, reconnect); 203} 204EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt); 205 206void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr, 207 enum nl80211_key_type key_type, int key_id, 208 const u8 *tsc, gfp_t gfp) 209{ 210 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 211 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 212#ifdef CONFIG_CFG80211_WEXT 213 union iwreq_data wrqu; 214 char *buf = kmalloc(128, gfp); 215 216 if (buf) { 217 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(" 218 "keyid=%d %scast addr=%pM)", key_id, 219 key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni", 220 addr); 221 memset(&wrqu, 0, sizeof(wrqu)); 222 wrqu.data.length = strlen(buf); 223 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); 224 kfree(buf); 225 } 226#endif 227 228 trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc); 229 nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp); 230} 231EXPORT_SYMBOL(cfg80211_michael_mic_failure); 232 233/* some MLME handling for userspace SME */ 234int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, 235 struct net_device *dev, 236 struct ieee80211_channel *chan, 237 enum nl80211_auth_type auth_type, 238 const u8 *bssid, 239 const u8 *ssid, int ssid_len, 240 const u8 *ie, int ie_len, 241 const u8 *key, int key_len, int key_idx, 242 const u8 *auth_data, int auth_data_len) 243{ 244 struct wireless_dev *wdev = dev->ieee80211_ptr; 245 struct cfg80211_auth_request req = { 246 .ie = ie, 247 .ie_len = ie_len, 248 .auth_data = auth_data, 249 .auth_data_len = auth_data_len, 250 .auth_type = auth_type, 251 .key = key, 252 .key_len = key_len, 253 .key_idx = key_idx, 254 }; 255 int err; 256 257 ASSERT_WDEV_LOCK(wdev); 258 259 if (auth_type == NL80211_AUTHTYPE_SHARED_KEY) 260 if (!key || !key_len || key_idx < 0 || key_idx > 3) 261 return -EINVAL; 262 263 if (wdev->current_bss && 264 ether_addr_equal(bssid, wdev->current_bss->pub.bssid)) 265 return -EALREADY; 266 267 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 268 IEEE80211_BSS_TYPE_ESS, 269 IEEE80211_PRIVACY_ANY); 270 if (!req.bss) 271 return -ENOENT; 272 273 err = rdev_auth(rdev, dev, &req); 274 275 cfg80211_put_bss(&rdev->wiphy, req.bss); 276 return err; 277} 278 279/* Do a logical ht_capa &= ht_capa_mask. */ 280void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa, 281 const struct ieee80211_ht_cap *ht_capa_mask) 282{ 283 int i; 284 u8 *p1, *p2; 285 if (!ht_capa_mask) { 286 memset(ht_capa, 0, sizeof(*ht_capa)); 287 return; 288 } 289 290 p1 = (u8*)(ht_capa); 291 p2 = (u8*)(ht_capa_mask); 292 for (i = 0; i < sizeof(*ht_capa); i++) 293 p1[i] &= p2[i]; 294} 295 296/* Do a logical vht_capa &= vht_capa_mask. */ 297void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa, 298 const struct ieee80211_vht_cap *vht_capa_mask) 299{ 300 int i; 301 u8 *p1, *p2; 302 if (!vht_capa_mask) { 303 memset(vht_capa, 0, sizeof(*vht_capa)); 304 return; 305 } 306 307 p1 = (u8*)(vht_capa); 308 p2 = (u8*)(vht_capa_mask); 309 for (i = 0; i < sizeof(*vht_capa); i++) 310 p1[i] &= p2[i]; 311} 312 313int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev, 314 struct net_device *dev, 315 struct ieee80211_channel *chan, 316 const u8 *bssid, 317 const u8 *ssid, int ssid_len, 318 struct cfg80211_assoc_request *req) 319{ 320 struct wireless_dev *wdev = dev->ieee80211_ptr; 321 int err; 322 323 ASSERT_WDEV_LOCK(wdev); 324 325 if (wdev->current_bss && 326 (!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid, 327 req->prev_bssid))) 328 return -EALREADY; 329 330 cfg80211_oper_and_ht_capa(&req->ht_capa_mask, 331 rdev->wiphy.ht_capa_mod_mask); 332 cfg80211_oper_and_vht_capa(&req->vht_capa_mask, 333 rdev->wiphy.vht_capa_mod_mask); 334 335 req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 336 IEEE80211_BSS_TYPE_ESS, 337 IEEE80211_PRIVACY_ANY); 338 if (!req->bss) 339 return -ENOENT; 340 341 err = rdev_assoc(rdev, dev, req); 342 if (!err) 343 cfg80211_hold_bss(bss_from_pub(req->bss)); 344 else 345 cfg80211_put_bss(&rdev->wiphy, req->bss); 346 347 return err; 348} 349 350int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, 351 struct net_device *dev, const u8 *bssid, 352 const u8 *ie, int ie_len, u16 reason, 353 bool local_state_change) 354{ 355 struct wireless_dev *wdev = dev->ieee80211_ptr; 356 struct cfg80211_deauth_request req = { 357 .bssid = bssid, 358 .reason_code = reason, 359 .ie = ie, 360 .ie_len = ie_len, 361 .local_state_change = local_state_change, 362 }; 363 364 ASSERT_WDEV_LOCK(wdev); 365 366 if (local_state_change && 367 (!wdev->current_bss || 368 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 369 return 0; 370 371 if (ether_addr_equal(wdev->disconnect_bssid, bssid) || 372 (wdev->current_bss && 373 ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 374 wdev->conn_owner_nlportid = 0; 375 376 return rdev_deauth(rdev, dev, &req); 377} 378 379int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev, 380 struct net_device *dev, const u8 *bssid, 381 const u8 *ie, int ie_len, u16 reason, 382 bool local_state_change) 383{ 384 struct wireless_dev *wdev = dev->ieee80211_ptr; 385 struct cfg80211_disassoc_request req = { 386 .reason_code = reason, 387 .local_state_change = local_state_change, 388 .ie = ie, 389 .ie_len = ie_len, 390 }; 391 int err; 392 393 ASSERT_WDEV_LOCK(wdev); 394 395 if (!wdev->current_bss) 396 return -ENOTCONN; 397 398 if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 399 req.bss = &wdev->current_bss->pub; 400 else 401 return -ENOTCONN; 402 403 err = rdev_disassoc(rdev, dev, &req); 404 if (err) 405 return err; 406 407 /* driver should have reported the disassoc */ 408 WARN_ON(wdev->current_bss); 409 return 0; 410} 411 412void cfg80211_mlme_down(struct cfg80211_registered_device *rdev, 413 struct net_device *dev) 414{ 415 struct wireless_dev *wdev = dev->ieee80211_ptr; 416 u8 bssid[ETH_ALEN]; 417 418 ASSERT_WDEV_LOCK(wdev); 419 420 if (!rdev->ops->deauth) 421 return; 422 423 if (!wdev->current_bss) 424 return; 425 426 memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN); 427 cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0, 428 WLAN_REASON_DEAUTH_LEAVING, false); 429} 430 431struct cfg80211_mgmt_registration { 432 struct list_head list; 433 struct wireless_dev *wdev; 434 435 u32 nlportid; 436 437 int match_len; 438 439 __le16 frame_type; 440 441 bool multicast_rx; 442 443 u8 match[]; 444}; 445 446static void cfg80211_mgmt_registrations_update(struct wireless_dev *wdev) 447{ 448 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 449 struct wireless_dev *tmp; 450 struct cfg80211_mgmt_registration *reg; 451 struct mgmt_frame_regs upd = {}; 452 453 lockdep_assert_held(&rdev->wiphy.mtx); 454 455 spin_lock_bh(&rdev->mgmt_registrations_lock); 456 if (!wdev->mgmt_registrations_need_update) { 457 spin_unlock_bh(&rdev->mgmt_registrations_lock); 458 return; 459 } 460 461 rcu_read_lock(); 462 list_for_each_entry_rcu(tmp, &rdev->wiphy.wdev_list, list) { 463 list_for_each_entry(reg, &tmp->mgmt_registrations, list) { 464 u32 mask = BIT(le16_to_cpu(reg->frame_type) >> 4); 465 u32 mcast_mask = 0; 466 467 if (reg->multicast_rx) 468 mcast_mask = mask; 469 470 upd.global_stypes |= mask; 471 upd.global_mcast_stypes |= mcast_mask; 472 473 if (tmp == wdev) { 474 upd.interface_stypes |= mask; 475 upd.interface_mcast_stypes |= mcast_mask; 476 } 477 } 478 } 479 rcu_read_unlock(); 480 481 wdev->mgmt_registrations_need_update = 0; 482 spin_unlock_bh(&rdev->mgmt_registrations_lock); 483 484 rdev_update_mgmt_frame_registrations(rdev, wdev, &upd); 485} 486 487void cfg80211_mgmt_registrations_update_wk(struct work_struct *wk) 488{ 489 struct cfg80211_registered_device *rdev; 490 struct wireless_dev *wdev; 491 492 rdev = container_of(wk, struct cfg80211_registered_device, 493 mgmt_registrations_update_wk); 494 495 wiphy_lock(&rdev->wiphy); 496 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) 497 cfg80211_mgmt_registrations_update(wdev); 498 wiphy_unlock(&rdev->wiphy); 499} 500 501int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid, 502 u16 frame_type, const u8 *match_data, 503 int match_len, bool multicast_rx, 504 struct netlink_ext_ack *extack) 505{ 506 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 507 struct cfg80211_mgmt_registration *reg, *nreg; 508 int err = 0; 509 u16 mgmt_type; 510 bool update_multicast = false; 511 512 if (!wdev->wiphy->mgmt_stypes) 513 return -EOPNOTSUPP; 514 515 if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) { 516 NL_SET_ERR_MSG(extack, "frame type not management"); 517 return -EINVAL; 518 } 519 520 if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) { 521 NL_SET_ERR_MSG(extack, "Invalid frame type"); 522 return -EINVAL; 523 } 524 525 mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4; 526 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) { 527 NL_SET_ERR_MSG(extack, 528 "Registration to specific type not supported"); 529 return -EINVAL; 530 } 531 532 /* 533 * To support Pre Association Security Negotiation (PASN), registration 534 * for authentication frames should be supported. However, as some 535 * versions of the user space daemons wrongly register to all types of 536 * authentication frames (which might result in unexpected behavior) 537 * allow such registration if the request is for a specific 538 * authentication algorithm number. 539 */ 540 if (wdev->iftype == NL80211_IFTYPE_STATION && 541 (frame_type & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_AUTH && 542 !(match_data && match_len >= 2)) { 543 NL_SET_ERR_MSG(extack, 544 "Authentication algorithm number required"); 545 return -EINVAL; 546 } 547 548 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL); 549 if (!nreg) 550 return -ENOMEM; 551 552 spin_lock_bh(&rdev->mgmt_registrations_lock); 553 554 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 555 int mlen = min(match_len, reg->match_len); 556 557 if (frame_type != le16_to_cpu(reg->frame_type)) 558 continue; 559 560 if (memcmp(reg->match, match_data, mlen) == 0) { 561 if (reg->multicast_rx != multicast_rx) { 562 update_multicast = true; 563 reg->multicast_rx = multicast_rx; 564 break; 565 } 566 NL_SET_ERR_MSG(extack, "Match already configured"); 567 err = -EALREADY; 568 break; 569 } 570 } 571 572 if (err) 573 goto out; 574 575 if (update_multicast) { 576 kfree(nreg); 577 } else { 578 memcpy(nreg->match, match_data, match_len); 579 nreg->match_len = match_len; 580 nreg->nlportid = snd_portid; 581 nreg->frame_type = cpu_to_le16(frame_type); 582 nreg->wdev = wdev; 583 nreg->multicast_rx = multicast_rx; 584 list_add(&nreg->list, &wdev->mgmt_registrations); 585 } 586 wdev->mgmt_registrations_need_update = 1; 587 spin_unlock_bh(&rdev->mgmt_registrations_lock); 588 589 cfg80211_mgmt_registrations_update(wdev); 590 591 return 0; 592 593 out: 594 kfree(nreg); 595 spin_unlock_bh(&rdev->mgmt_registrations_lock); 596 597 return err; 598} 599 600void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid) 601{ 602 struct wiphy *wiphy = wdev->wiphy; 603 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 604 struct cfg80211_mgmt_registration *reg, *tmp; 605 606 spin_lock_bh(&rdev->mgmt_registrations_lock); 607 608 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 609 if (reg->nlportid != nlportid) 610 continue; 611 612 list_del(®->list); 613 kfree(reg); 614 615 wdev->mgmt_registrations_need_update = 1; 616 schedule_work(&rdev->mgmt_registrations_update_wk); 617 } 618 619 spin_unlock_bh(&rdev->mgmt_registrations_lock); 620 621 if (nlportid && rdev->crit_proto_nlportid == nlportid) { 622 rdev->crit_proto_nlportid = 0; 623 rdev_crit_proto_stop(rdev, wdev); 624 } 625 626 if (nlportid == wdev->ap_unexpected_nlportid) 627 wdev->ap_unexpected_nlportid = 0; 628} 629 630void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev) 631{ 632 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 633 struct cfg80211_mgmt_registration *reg, *tmp; 634 635 spin_lock_bh(&rdev->mgmt_registrations_lock); 636 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 637 list_del(®->list); 638 kfree(reg); 639 } 640 wdev->mgmt_registrations_need_update = 1; 641 spin_unlock_bh(&rdev->mgmt_registrations_lock); 642 643 cfg80211_mgmt_registrations_update(wdev); 644} 645 646int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, 647 struct wireless_dev *wdev, 648 struct cfg80211_mgmt_tx_params *params, u64 *cookie) 649{ 650 const struct ieee80211_mgmt *mgmt; 651 u16 stype; 652 653 if (!wdev->wiphy->mgmt_stypes) 654 return -EOPNOTSUPP; 655 656 if (!rdev->ops->mgmt_tx) 657 return -EOPNOTSUPP; 658 659 if (params->len < 24 + 1) 660 return -EINVAL; 661 662 mgmt = (const struct ieee80211_mgmt *)params->buf; 663 664 if (!ieee80211_is_mgmt(mgmt->frame_control)) 665 return -EINVAL; 666 667 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; 668 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4))) 669 return -EINVAL; 670 671 if (ieee80211_is_action(mgmt->frame_control) && 672 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { 673 int err = 0; 674 675 wdev_lock(wdev); 676 677 switch (wdev->iftype) { 678 case NL80211_IFTYPE_ADHOC: 679 case NL80211_IFTYPE_STATION: 680 case NL80211_IFTYPE_P2P_CLIENT: 681 if (!wdev->current_bss) { 682 err = -ENOTCONN; 683 break; 684 } 685 686 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 687 mgmt->bssid)) { 688 err = -ENOTCONN; 689 break; 690 } 691 692 /* 693 * check for IBSS DA must be done by driver as 694 * cfg80211 doesn't track the stations 695 */ 696 if (wdev->iftype == NL80211_IFTYPE_ADHOC) 697 break; 698 699 /* for station, check that DA is the AP */ 700 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 701 mgmt->da)) { 702 err = -ENOTCONN; 703 break; 704 } 705 break; 706 case NL80211_IFTYPE_AP: 707 case NL80211_IFTYPE_P2P_GO: 708 case NL80211_IFTYPE_AP_VLAN: 709 if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev))) 710 err = -EINVAL; 711 break; 712 case NL80211_IFTYPE_MESH_POINT: 713 if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) { 714 err = -EINVAL; 715 break; 716 } 717 /* 718 * check for mesh DA must be done by driver as 719 * cfg80211 doesn't track the stations 720 */ 721 break; 722 case NL80211_IFTYPE_P2P_DEVICE: 723 /* 724 * fall through, P2P device only supports 725 * public action frames 726 */ 727 case NL80211_IFTYPE_NAN: 728 default: 729 err = -EOPNOTSUPP; 730 break; 731 } 732 wdev_unlock(wdev); 733 734 if (err) 735 return err; 736 } 737 738 if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) { 739 /* Allow random TA to be used with Public Action frames if the 740 * driver has indicated support for this. Otherwise, only allow 741 * the local address to be used. 742 */ 743 if (!ieee80211_is_action(mgmt->frame_control) || 744 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) 745 return -EINVAL; 746 if (!wdev->current_bss && 747 !wiphy_ext_feature_isset( 748 &rdev->wiphy, 749 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA)) 750 return -EINVAL; 751 if (wdev->current_bss && 752 !wiphy_ext_feature_isset( 753 &rdev->wiphy, 754 NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED)) 755 return -EINVAL; 756 } 757 758 /* Transmit the Action frame as requested by user space */ 759 return rdev_mgmt_tx(rdev, wdev, params, cookie); 760} 761 762bool cfg80211_rx_mgmt_khz(struct wireless_dev *wdev, int freq, int sig_dbm, 763 const u8 *buf, size_t len, u32 flags) 764{ 765 struct wiphy *wiphy = wdev->wiphy; 766 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 767 struct cfg80211_mgmt_registration *reg; 768 const struct ieee80211_txrx_stypes *stypes = 769 &wiphy->mgmt_stypes[wdev->iftype]; 770 struct ieee80211_mgmt *mgmt = (void *)buf; 771 const u8 *data; 772 int data_len; 773 bool result = false; 774 __le16 ftype = mgmt->frame_control & 775 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE); 776 u16 stype; 777 778 trace_cfg80211_rx_mgmt(wdev, freq, sig_dbm); 779 stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4; 780 781 if (!(stypes->rx & BIT(stype))) { 782 trace_cfg80211_return_bool(false); 783 return false; 784 } 785 786 data = buf + ieee80211_hdrlen(mgmt->frame_control); 787 data_len = len - ieee80211_hdrlen(mgmt->frame_control); 788 789 spin_lock_bh(&rdev->mgmt_registrations_lock); 790 791 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 792 if (reg->frame_type != ftype) 793 continue; 794 795 if (reg->match_len > data_len) 796 continue; 797 798 if (memcmp(reg->match, data, reg->match_len)) 799 continue; 800 801 /* found match! */ 802 803 /* Indicate the received Action frame to user space */ 804 if (nl80211_send_mgmt(rdev, wdev, reg->nlportid, 805 freq, sig_dbm, 806 buf, len, flags, GFP_ATOMIC)) 807 continue; 808 809 result = true; 810 break; 811 } 812 813 spin_unlock_bh(&rdev->mgmt_registrations_lock); 814 815 trace_cfg80211_return_bool(result); 816 return result; 817} 818EXPORT_SYMBOL(cfg80211_rx_mgmt_khz); 819 820void cfg80211_sched_dfs_chan_update(struct cfg80211_registered_device *rdev) 821{ 822 cancel_delayed_work(&rdev->dfs_update_channels_wk); 823 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 0); 824} 825 826void cfg80211_dfs_channels_update_work(struct work_struct *work) 827{ 828 struct delayed_work *delayed_work = to_delayed_work(work); 829 struct cfg80211_registered_device *rdev; 830 struct cfg80211_chan_def chandef; 831 struct ieee80211_supported_band *sband; 832 struct ieee80211_channel *c; 833 struct wiphy *wiphy; 834 bool check_again = false; 835 unsigned long timeout, next_time = 0; 836 unsigned long time_dfs_update; 837 enum nl80211_radar_event radar_event; 838 int bandid, i; 839 840 rdev = container_of(delayed_work, struct cfg80211_registered_device, 841 dfs_update_channels_wk); 842 wiphy = &rdev->wiphy; 843 844 rtnl_lock(); 845 for (bandid = 0; bandid < NUM_NL80211_BANDS; bandid++) { 846 sband = wiphy->bands[bandid]; 847 if (!sband) 848 continue; 849 850 for (i = 0; i < sband->n_channels; i++) { 851 c = &sband->channels[i]; 852 853 if (!(c->flags & IEEE80211_CHAN_RADAR)) 854 continue; 855 856 if (c->dfs_state != NL80211_DFS_UNAVAILABLE && 857 c->dfs_state != NL80211_DFS_AVAILABLE) 858 continue; 859 860 if (c->dfs_state == NL80211_DFS_UNAVAILABLE) { 861 time_dfs_update = IEEE80211_DFS_MIN_NOP_TIME_MS; 862 radar_event = NL80211_RADAR_NOP_FINISHED; 863 } else { 864 if (regulatory_pre_cac_allowed(wiphy) || 865 cfg80211_any_wiphy_oper_chan(wiphy, c)) 866 continue; 867 868 time_dfs_update = REG_PRE_CAC_EXPIRY_GRACE_MS; 869 radar_event = NL80211_RADAR_PRE_CAC_EXPIRED; 870 } 871 872 timeout = c->dfs_state_entered + 873 msecs_to_jiffies(time_dfs_update); 874 875 if (time_after_eq(jiffies, timeout)) { 876 c->dfs_state = NL80211_DFS_USABLE; 877 c->dfs_state_entered = jiffies; 878 879 cfg80211_chandef_create(&chandef, c, 880 NL80211_CHAN_NO_HT); 881 882 nl80211_radar_notify(rdev, &chandef, 883 radar_event, NULL, 884 GFP_ATOMIC); 885 886 regulatory_propagate_dfs_state(wiphy, &chandef, 887 c->dfs_state, 888 radar_event); 889 continue; 890 } 891 892 if (!check_again) 893 next_time = timeout - jiffies; 894 else 895 next_time = min(next_time, timeout - jiffies); 896 check_again = true; 897 } 898 } 899 rtnl_unlock(); 900 901 /* reschedule if there are other channels waiting to be cleared again */ 902 if (check_again) 903 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 904 next_time); 905} 906 907 908void __cfg80211_radar_event(struct wiphy *wiphy, 909 struct cfg80211_chan_def *chandef, 910 bool offchan, gfp_t gfp) 911{ 912 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 913 914 trace_cfg80211_radar_event(wiphy, chandef, offchan); 915 916 /* only set the chandef supplied channel to unavailable, in 917 * case the radar is detected on only one of multiple channels 918 * spanned by the chandef. 919 */ 920 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE); 921 922 if (offchan) 923 queue_work(cfg80211_wq, &rdev->background_cac_abort_wk); 924 925 cfg80211_sched_dfs_chan_update(rdev); 926 927 nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp); 928 929 memcpy(&rdev->radar_chandef, chandef, sizeof(struct cfg80211_chan_def)); 930 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk); 931} 932EXPORT_SYMBOL(__cfg80211_radar_event); 933 934void cfg80211_cac_event(struct net_device *netdev, 935 const struct cfg80211_chan_def *chandef, 936 enum nl80211_radar_event event, gfp_t gfp) 937{ 938 struct wireless_dev *wdev = netdev->ieee80211_ptr; 939 struct wiphy *wiphy = wdev->wiphy; 940 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 941 unsigned long timeout; 942 943 trace_cfg80211_cac_event(netdev, event); 944 945 if (WARN_ON(!wdev->cac_started && event != NL80211_RADAR_CAC_STARTED)) 946 return; 947 948 if (WARN_ON(!wdev->chandef.chan)) 949 return; 950 951 switch (event) { 952 case NL80211_RADAR_CAC_FINISHED: 953 timeout = wdev->cac_start_time + 954 msecs_to_jiffies(wdev->cac_time_ms); 955 WARN_ON(!time_after_eq(jiffies, timeout)); 956 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE); 957 memcpy(&rdev->cac_done_chandef, chandef, 958 sizeof(struct cfg80211_chan_def)); 959 queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk); 960 cfg80211_sched_dfs_chan_update(rdev); 961 fallthrough; 962 case NL80211_RADAR_CAC_ABORTED: 963 wdev->cac_started = false; 964 break; 965 case NL80211_RADAR_CAC_STARTED: 966 wdev->cac_started = true; 967 break; 968 default: 969 WARN_ON(1); 970 return; 971 } 972 973 nl80211_radar_notify(rdev, chandef, event, netdev, gfp); 974} 975EXPORT_SYMBOL(cfg80211_cac_event); 976 977static void 978__cfg80211_background_cac_event(struct cfg80211_registered_device *rdev, 979 struct wireless_dev *wdev, 980 const struct cfg80211_chan_def *chandef, 981 enum nl80211_radar_event event) 982{ 983 struct wiphy *wiphy = &rdev->wiphy; 984 struct net_device *netdev; 985 986 lockdep_assert_wiphy(&rdev->wiphy); 987 988 if (!cfg80211_chandef_valid(chandef)) 989 return; 990 991 if (!rdev->background_radar_wdev) 992 return; 993 994 switch (event) { 995 case NL80211_RADAR_CAC_FINISHED: 996 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE); 997 memcpy(&rdev->cac_done_chandef, chandef, sizeof(*chandef)); 998 queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk); 999 cfg80211_sched_dfs_chan_update(rdev); 1000 wdev = rdev->background_radar_wdev; 1001 break; 1002 case NL80211_RADAR_CAC_ABORTED: 1003 if (!cancel_delayed_work(&rdev->background_cac_done_wk)) 1004 return; 1005 wdev = rdev->background_radar_wdev; 1006 break; 1007 case NL80211_RADAR_CAC_STARTED: 1008 break; 1009 default: 1010 return; 1011 } 1012 1013 netdev = wdev ? wdev->netdev : NULL; 1014 nl80211_radar_notify(rdev, chandef, event, netdev, GFP_KERNEL); 1015} 1016 1017static void 1018cfg80211_background_cac_event(struct cfg80211_registered_device *rdev, 1019 const struct cfg80211_chan_def *chandef, 1020 enum nl80211_radar_event event) 1021{ 1022 wiphy_lock(&rdev->wiphy); 1023 __cfg80211_background_cac_event(rdev, rdev->background_radar_wdev, 1024 chandef, event); 1025 wiphy_unlock(&rdev->wiphy); 1026} 1027 1028void cfg80211_background_cac_done_wk(struct work_struct *work) 1029{ 1030 struct delayed_work *delayed_work = to_delayed_work(work); 1031 struct cfg80211_registered_device *rdev; 1032 1033 rdev = container_of(delayed_work, struct cfg80211_registered_device, 1034 background_cac_done_wk); 1035 cfg80211_background_cac_event(rdev, &rdev->background_radar_chandef, 1036 NL80211_RADAR_CAC_FINISHED); 1037} 1038 1039void cfg80211_background_cac_abort_wk(struct work_struct *work) 1040{ 1041 struct cfg80211_registered_device *rdev; 1042 1043 rdev = container_of(work, struct cfg80211_registered_device, 1044 background_cac_abort_wk); 1045 cfg80211_background_cac_event(rdev, &rdev->background_radar_chandef, 1046 NL80211_RADAR_CAC_ABORTED); 1047} 1048 1049void cfg80211_background_cac_abort(struct wiphy *wiphy) 1050{ 1051 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 1052 1053 queue_work(cfg80211_wq, &rdev->background_cac_abort_wk); 1054} 1055EXPORT_SYMBOL(cfg80211_background_cac_abort); 1056 1057int 1058cfg80211_start_background_radar_detection(struct cfg80211_registered_device *rdev, 1059 struct wireless_dev *wdev, 1060 struct cfg80211_chan_def *chandef) 1061{ 1062 unsigned int cac_time_ms; 1063 int err; 1064 1065 lockdep_assert_wiphy(&rdev->wiphy); 1066 1067 if (!wiphy_ext_feature_isset(&rdev->wiphy, 1068 NL80211_EXT_FEATURE_RADAR_BACKGROUND)) 1069 return -EOPNOTSUPP; 1070 1071 /* Offchannel chain already locked by another wdev */ 1072 if (rdev->background_radar_wdev && rdev->background_radar_wdev != wdev) 1073 return -EBUSY; 1074 1075 /* CAC already in progress on the offchannel chain */ 1076 if (rdev->background_radar_wdev == wdev && 1077 delayed_work_pending(&rdev->background_cac_done_wk)) 1078 return -EBUSY; 1079 1080 err = rdev_set_radar_background(rdev, chandef); 1081 if (err) 1082 return err; 1083 1084 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, chandef); 1085 if (!cac_time_ms) 1086 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS; 1087 1088 rdev->background_radar_chandef = *chandef; 1089 rdev->background_radar_wdev = wdev; /* Get offchain ownership */ 1090 1091 __cfg80211_background_cac_event(rdev, wdev, chandef, 1092 NL80211_RADAR_CAC_STARTED); 1093 queue_delayed_work(cfg80211_wq, &rdev->background_cac_done_wk, 1094 msecs_to_jiffies(cac_time_ms)); 1095 1096 return 0; 1097} 1098 1099void cfg80211_stop_background_radar_detection(struct wireless_dev *wdev) 1100{ 1101 struct wiphy *wiphy = wdev->wiphy; 1102 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 1103 1104 lockdep_assert_wiphy(wiphy); 1105 1106 if (wdev != rdev->background_radar_wdev) 1107 return; 1108 1109 rdev_set_radar_background(rdev, NULL); 1110 rdev->background_radar_wdev = NULL; /* Release offchain ownership */ 1111 1112 __cfg80211_background_cac_event(rdev, wdev, 1113 &rdev->background_radar_chandef, 1114 NL80211_RADAR_CAC_ABORTED); 1115}