1 /* 2 * cfg80211 MLME SAP interface 3 * 4 * Copyright (c) 2009, Jouni Malinen <j@w1.fi> 5 * Copyright (c) 2015 Intel Deutschland GmbH 6 */ 7 8 #include <linux/kernel.h> 9 #include <linux/module.h> 10 #include <linux/etherdevice.h> 11 #include <linux/netdevice.h> 12 #include <linux/nl80211.h> 13 #include <linux/slab.h> 14 #include <linux/wireless.h> 15 #include <net/cfg80211.h> 16 #include <net/iw_handler.h> 17 #include "core.h" 18 #include "nl80211.h" 19 #include "rdev-ops.h" 20 21 22 void cfg80211_rx_assoc_resp(struct net_device *dev, struct cfg80211_bss *bss, 23 const u8 *buf, size_t len, int uapsd_queues) 24 { 25 struct wireless_dev *wdev = dev->ieee80211_ptr; 26 struct wiphy *wiphy = wdev->wiphy; 27 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 28 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 29 u8 *ie = mgmt->u.assoc_resp.variable; 30 int ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); 31 u16 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 32 33 trace_cfg80211_send_rx_assoc(dev, bss); 34 35 /* 36 * This is a bit of a hack, we don't notify userspace of 37 * a (re-)association reply if we tried to send a reassoc 38 * and got a reject -- we only try again with an assoc 39 * frame instead of reassoc. 40 */ 41 if (cfg80211_sme_rx_assoc_resp(wdev, status_code)) { 42 cfg80211_unhold_bss(bss_from_pub(bss)); 43 cfg80211_put_bss(wiphy, bss); 44 return; 45 } 46 47 nl80211_send_rx_assoc(rdev, dev, buf, len, GFP_KERNEL, uapsd_queues); 48 /* update current_bss etc., consumes the bss reference */ 49 __cfg80211_connect_result(dev, mgmt->bssid, NULL, 0, ie, len - ieoffs, 50 status_code, 51 status_code == WLAN_STATUS_SUCCESS, bss); 52 } 53 EXPORT_SYMBOL(cfg80211_rx_assoc_resp); 54 55 static void cfg80211_process_auth(struct wireless_dev *wdev, 56 const u8 *buf, size_t len) 57 { 58 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 59 60 nl80211_send_rx_auth(rdev, wdev->netdev, buf, len, GFP_KERNEL); 61 cfg80211_sme_rx_auth(wdev, buf, len); 62 } 63 64 static void cfg80211_process_deauth(struct wireless_dev *wdev, 65 const u8 *buf, size_t len) 66 { 67 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 68 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 69 const u8 *bssid = mgmt->bssid; 70 u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 71 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 72 73 nl80211_send_deauth(rdev, wdev->netdev, buf, len, GFP_KERNEL); 74 75 if (!wdev->current_bss || 76 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 77 return; 78 79 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 80 cfg80211_sme_deauth(wdev); 81 } 82 83 static void cfg80211_process_disassoc(struct wireless_dev *wdev, 84 const u8 *buf, size_t len) 85 { 86 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 87 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 88 const u8 *bssid = mgmt->bssid; 89 u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 90 bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr); 91 92 nl80211_send_disassoc(rdev, wdev->netdev, buf, len, GFP_KERNEL); 93 94 if (WARN_ON(!wdev->current_bss || 95 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 96 return; 97 98 __cfg80211_disconnected(wdev->netdev, NULL, 0, reason_code, from_ap); 99 cfg80211_sme_disassoc(wdev); 100 } 101 102 void cfg80211_rx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) 103 { 104 struct wireless_dev *wdev = dev->ieee80211_ptr; 105 struct ieee80211_mgmt *mgmt = (void *)buf; 106 107 ASSERT_WDEV_LOCK(wdev); 108 109 trace_cfg80211_rx_mlme_mgmt(dev, buf, len); 110 111 if (WARN_ON(len < 2)) 112 return; 113 114 if (ieee80211_is_auth(mgmt->frame_control)) 115 cfg80211_process_auth(wdev, buf, len); 116 else if (ieee80211_is_deauth(mgmt->frame_control)) 117 cfg80211_process_deauth(wdev, buf, len); 118 else if (ieee80211_is_disassoc(mgmt->frame_control)) 119 cfg80211_process_disassoc(wdev, buf, len); 120 } 121 EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt); 122 123 void cfg80211_auth_timeout(struct net_device *dev, const u8 *addr) 124 { 125 struct wireless_dev *wdev = dev->ieee80211_ptr; 126 struct wiphy *wiphy = wdev->wiphy; 127 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 128 129 trace_cfg80211_send_auth_timeout(dev, addr); 130 131 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL); 132 cfg80211_sme_auth_timeout(wdev); 133 } 134 EXPORT_SYMBOL(cfg80211_auth_timeout); 135 136 void cfg80211_assoc_timeout(struct net_device *dev, struct cfg80211_bss *bss) 137 { 138 struct wireless_dev *wdev = dev->ieee80211_ptr; 139 struct wiphy *wiphy = wdev->wiphy; 140 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 141 142 trace_cfg80211_send_assoc_timeout(dev, bss->bssid); 143 144 nl80211_send_assoc_timeout(rdev, dev, bss->bssid, GFP_KERNEL); 145 cfg80211_sme_assoc_timeout(wdev); 146 147 cfg80211_unhold_bss(bss_from_pub(bss)); 148 cfg80211_put_bss(wiphy, bss); 149 } 150 EXPORT_SYMBOL(cfg80211_assoc_timeout); 151 152 void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len) 153 { 154 struct wireless_dev *wdev = dev->ieee80211_ptr; 155 struct ieee80211_mgmt *mgmt = (void *)buf; 156 157 ASSERT_WDEV_LOCK(wdev); 158 159 trace_cfg80211_tx_mlme_mgmt(dev, buf, len); 160 161 if (WARN_ON(len < 2)) 162 return; 163 164 if (ieee80211_is_deauth(mgmt->frame_control)) 165 cfg80211_process_deauth(wdev, buf, len); 166 else 167 cfg80211_process_disassoc(wdev, buf, len); 168 } 169 EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt); 170 171 void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr, 172 enum nl80211_key_type key_type, int key_id, 173 const u8 *tsc, gfp_t gfp) 174 { 175 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 176 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 177 #ifdef CONFIG_CFG80211_WEXT 178 union iwreq_data wrqu; 179 char *buf = kmalloc(128, gfp); 180 181 if (buf) { 182 sprintf(buf, "MLME-MICHAELMICFAILURE.indication(" 183 "keyid=%d %scast addr=%pM)", key_id, 184 key_type == NL80211_KEYTYPE_GROUP ? "broad" : "uni", 185 addr); 186 memset(&wrqu, 0, sizeof(wrqu)); 187 wrqu.data.length = strlen(buf); 188 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); 189 kfree(buf); 190 } 191 #endif 192 193 trace_cfg80211_michael_mic_failure(dev, addr, key_type, key_id, tsc); 194 nl80211_michael_mic_failure(rdev, dev, addr, key_type, key_id, tsc, gfp); 195 } 196 EXPORT_SYMBOL(cfg80211_michael_mic_failure); 197 198 /* some MLME handling for userspace SME */ 199 int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, 200 struct net_device *dev, 201 struct ieee80211_channel *chan, 202 enum nl80211_auth_type auth_type, 203 const u8 *bssid, 204 const u8 *ssid, int ssid_len, 205 const u8 *ie, int ie_len, 206 const u8 *key, int key_len, int key_idx, 207 const u8 *sae_data, int sae_data_len) 208 { 209 struct wireless_dev *wdev = dev->ieee80211_ptr; 210 struct cfg80211_auth_request req = { 211 .ie = ie, 212 .ie_len = ie_len, 213 .sae_data = sae_data, 214 .sae_data_len = sae_data_len, 215 .auth_type = auth_type, 216 .key = key, 217 .key_len = key_len, 218 .key_idx = key_idx, 219 }; 220 int err; 221 222 ASSERT_WDEV_LOCK(wdev); 223 224 if (auth_type == NL80211_AUTHTYPE_SHARED_KEY) 225 if (!key || !key_len || key_idx < 0 || key_idx > 4) 226 return -EINVAL; 227 228 if (wdev->current_bss && 229 ether_addr_equal(bssid, wdev->current_bss->pub.bssid)) 230 return -EALREADY; 231 232 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 233 IEEE80211_BSS_TYPE_ESS, 234 IEEE80211_PRIVACY_ANY); 235 if (!req.bss) 236 return -ENOENT; 237 238 err = rdev_auth(rdev, dev, &req); 239 240 cfg80211_put_bss(&rdev->wiphy, req.bss); 241 return err; 242 } 243 244 /* Do a logical ht_capa &= ht_capa_mask. */ 245 void cfg80211_oper_and_ht_capa(struct ieee80211_ht_cap *ht_capa, 246 const struct ieee80211_ht_cap *ht_capa_mask) 247 { 248 int i; 249 u8 *p1, *p2; 250 if (!ht_capa_mask) { 251 memset(ht_capa, 0, sizeof(*ht_capa)); 252 return; 253 } 254 255 p1 = (u8*)(ht_capa); 256 p2 = (u8*)(ht_capa_mask); 257 for (i = 0; i<sizeof(*ht_capa); i++) 258 p1[i] &= p2[i]; 259 } 260 261 /* Do a logical ht_capa &= ht_capa_mask. */ 262 void cfg80211_oper_and_vht_capa(struct ieee80211_vht_cap *vht_capa, 263 const struct ieee80211_vht_cap *vht_capa_mask) 264 { 265 int i; 266 u8 *p1, *p2; 267 if (!vht_capa_mask) { 268 memset(vht_capa, 0, sizeof(*vht_capa)); 269 return; 270 } 271 272 p1 = (u8*)(vht_capa); 273 p2 = (u8*)(vht_capa_mask); 274 for (i = 0; i < sizeof(*vht_capa); i++) 275 p1[i] &= p2[i]; 276 } 277 278 int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev, 279 struct net_device *dev, 280 struct ieee80211_channel *chan, 281 const u8 *bssid, 282 const u8 *ssid, int ssid_len, 283 struct cfg80211_assoc_request *req) 284 { 285 struct wireless_dev *wdev = dev->ieee80211_ptr; 286 int err; 287 288 ASSERT_WDEV_LOCK(wdev); 289 290 if (wdev->current_bss && 291 (!req->prev_bssid || !ether_addr_equal(wdev->current_bss->pub.bssid, 292 req->prev_bssid))) 293 return -EALREADY; 294 295 cfg80211_oper_and_ht_capa(&req->ht_capa_mask, 296 rdev->wiphy.ht_capa_mod_mask); 297 cfg80211_oper_and_vht_capa(&req->vht_capa_mask, 298 rdev->wiphy.vht_capa_mod_mask); 299 300 req->bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 301 IEEE80211_BSS_TYPE_ESS, 302 IEEE80211_PRIVACY_ANY); 303 if (!req->bss) 304 return -ENOENT; 305 306 err = rdev_assoc(rdev, dev, req); 307 if (!err) 308 cfg80211_hold_bss(bss_from_pub(req->bss)); 309 else 310 cfg80211_put_bss(&rdev->wiphy, req->bss); 311 312 return err; 313 } 314 315 int cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev, 316 struct net_device *dev, const u8 *bssid, 317 const u8 *ie, int ie_len, u16 reason, 318 bool local_state_change) 319 { 320 struct wireless_dev *wdev = dev->ieee80211_ptr; 321 struct cfg80211_deauth_request req = { 322 .bssid = bssid, 323 .reason_code = reason, 324 .ie = ie, 325 .ie_len = ie_len, 326 .local_state_change = local_state_change, 327 }; 328 329 ASSERT_WDEV_LOCK(wdev); 330 331 if (local_state_change && 332 (!wdev->current_bss || 333 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))) 334 return 0; 335 336 return rdev_deauth(rdev, dev, &req); 337 } 338 339 int cfg80211_mlme_disassoc(struct cfg80211_registered_device *rdev, 340 struct net_device *dev, const u8 *bssid, 341 const u8 *ie, int ie_len, u16 reason, 342 bool local_state_change) 343 { 344 struct wireless_dev *wdev = dev->ieee80211_ptr; 345 struct cfg80211_disassoc_request req = { 346 .reason_code = reason, 347 .local_state_change = local_state_change, 348 .ie = ie, 349 .ie_len = ie_len, 350 }; 351 int err; 352 353 ASSERT_WDEV_LOCK(wdev); 354 355 if (!wdev->current_bss) 356 return -ENOTCONN; 357 358 if (ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) 359 req.bss = &wdev->current_bss->pub; 360 else 361 return -ENOTCONN; 362 363 err = rdev_disassoc(rdev, dev, &req); 364 if (err) 365 return err; 366 367 /* driver should have reported the disassoc */ 368 WARN_ON(wdev->current_bss); 369 return 0; 370 } 371 372 void cfg80211_mlme_down(struct cfg80211_registered_device *rdev, 373 struct net_device *dev) 374 { 375 struct wireless_dev *wdev = dev->ieee80211_ptr; 376 u8 bssid[ETH_ALEN]; 377 378 ASSERT_WDEV_LOCK(wdev); 379 380 if (!rdev->ops->deauth) 381 return; 382 383 if (!wdev->current_bss) 384 return; 385 386 memcpy(bssid, wdev->current_bss->pub.bssid, ETH_ALEN); 387 cfg80211_mlme_deauth(rdev, dev, bssid, NULL, 0, 388 WLAN_REASON_DEAUTH_LEAVING, false); 389 } 390 391 struct cfg80211_mgmt_registration { 392 struct list_head list; 393 struct wireless_dev *wdev; 394 395 u32 nlportid; 396 397 int match_len; 398 399 __le16 frame_type; 400 401 u8 match[]; 402 }; 403 404 static void 405 cfg80211_process_mlme_unregistrations(struct cfg80211_registered_device *rdev) 406 { 407 struct cfg80211_mgmt_registration *reg; 408 409 ASSERT_RTNL(); 410 411 spin_lock_bh(&rdev->mlme_unreg_lock); 412 while ((reg = list_first_entry_or_null(&rdev->mlme_unreg, 413 struct cfg80211_mgmt_registration, 414 list))) { 415 list_del(®->list); 416 spin_unlock_bh(&rdev->mlme_unreg_lock); 417 418 if (rdev->ops->mgmt_frame_register) { 419 u16 frame_type = le16_to_cpu(reg->frame_type); 420 421 rdev_mgmt_frame_register(rdev, reg->wdev, 422 frame_type, false); 423 } 424 425 kfree(reg); 426 427 spin_lock_bh(&rdev->mlme_unreg_lock); 428 } 429 spin_unlock_bh(&rdev->mlme_unreg_lock); 430 } 431 432 void cfg80211_mlme_unreg_wk(struct work_struct *wk) 433 { 434 struct cfg80211_registered_device *rdev; 435 436 rdev = container_of(wk, struct cfg80211_registered_device, 437 mlme_unreg_wk); 438 439 rtnl_lock(); 440 cfg80211_process_mlme_unregistrations(rdev); 441 rtnl_unlock(); 442 } 443 444 int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_portid, 445 u16 frame_type, const u8 *match_data, 446 int match_len) 447 { 448 struct wiphy *wiphy = wdev->wiphy; 449 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 450 struct cfg80211_mgmt_registration *reg, *nreg; 451 int err = 0; 452 u16 mgmt_type; 453 454 if (!wdev->wiphy->mgmt_stypes) 455 return -EOPNOTSUPP; 456 457 if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) 458 return -EINVAL; 459 460 if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) 461 return -EINVAL; 462 463 mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4; 464 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type))) 465 return -EINVAL; 466 467 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL); 468 if (!nreg) 469 return -ENOMEM; 470 471 spin_lock_bh(&wdev->mgmt_registrations_lock); 472 473 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 474 int mlen = min(match_len, reg->match_len); 475 476 if (frame_type != le16_to_cpu(reg->frame_type)) 477 continue; 478 479 if (memcmp(reg->match, match_data, mlen) == 0) { 480 err = -EALREADY; 481 break; 482 } 483 } 484 485 if (err) { 486 kfree(nreg); 487 goto out; 488 } 489 490 memcpy(nreg->match, match_data, match_len); 491 nreg->match_len = match_len; 492 nreg->nlportid = snd_portid; 493 nreg->frame_type = cpu_to_le16(frame_type); 494 nreg->wdev = wdev; 495 list_add(&nreg->list, &wdev->mgmt_registrations); 496 spin_unlock_bh(&wdev->mgmt_registrations_lock); 497 498 /* process all unregistrations to avoid driver confusion */ 499 cfg80211_process_mlme_unregistrations(rdev); 500 501 if (rdev->ops->mgmt_frame_register) 502 rdev_mgmt_frame_register(rdev, wdev, frame_type, true); 503 504 return 0; 505 506 out: 507 spin_unlock_bh(&wdev->mgmt_registrations_lock); 508 509 return err; 510 } 511 512 void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid) 513 { 514 struct wiphy *wiphy = wdev->wiphy; 515 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 516 struct cfg80211_mgmt_registration *reg, *tmp; 517 518 spin_lock_bh(&wdev->mgmt_registrations_lock); 519 520 list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) { 521 if (reg->nlportid != nlportid) 522 continue; 523 524 list_del(®->list); 525 spin_lock(&rdev->mlme_unreg_lock); 526 list_add_tail(®->list, &rdev->mlme_unreg); 527 spin_unlock(&rdev->mlme_unreg_lock); 528 529 schedule_work(&rdev->mlme_unreg_wk); 530 } 531 532 spin_unlock_bh(&wdev->mgmt_registrations_lock); 533 534 if (nlportid && rdev->crit_proto_nlportid == nlportid) { 535 rdev->crit_proto_nlportid = 0; 536 rdev_crit_proto_stop(rdev, wdev); 537 } 538 539 if (nlportid == wdev->ap_unexpected_nlportid) 540 wdev->ap_unexpected_nlportid = 0; 541 } 542 543 void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev) 544 { 545 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 546 547 spin_lock_bh(&wdev->mgmt_registrations_lock); 548 spin_lock(&rdev->mlme_unreg_lock); 549 list_splice_tail_init(&wdev->mgmt_registrations, &rdev->mlme_unreg); 550 spin_unlock(&rdev->mlme_unreg_lock); 551 spin_unlock_bh(&wdev->mgmt_registrations_lock); 552 553 cfg80211_process_mlme_unregistrations(rdev); 554 } 555 556 int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, 557 struct wireless_dev *wdev, 558 struct cfg80211_mgmt_tx_params *params, u64 *cookie) 559 { 560 const struct ieee80211_mgmt *mgmt; 561 u16 stype; 562 563 if (!wdev->wiphy->mgmt_stypes) 564 return -EOPNOTSUPP; 565 566 if (!rdev->ops->mgmt_tx) 567 return -EOPNOTSUPP; 568 569 if (params->len < 24 + 1) 570 return -EINVAL; 571 572 mgmt = (const struct ieee80211_mgmt *)params->buf; 573 574 if (!ieee80211_is_mgmt(mgmt->frame_control)) 575 return -EINVAL; 576 577 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; 578 if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4))) 579 return -EINVAL; 580 581 if (ieee80211_is_action(mgmt->frame_control) && 582 mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) { 583 int err = 0; 584 585 wdev_lock(wdev); 586 587 switch (wdev->iftype) { 588 case NL80211_IFTYPE_ADHOC: 589 case NL80211_IFTYPE_STATION: 590 case NL80211_IFTYPE_P2P_CLIENT: 591 if (!wdev->current_bss) { 592 err = -ENOTCONN; 593 break; 594 } 595 596 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 597 mgmt->bssid)) { 598 err = -ENOTCONN; 599 break; 600 } 601 602 /* 603 * check for IBSS DA must be done by driver as 604 * cfg80211 doesn't track the stations 605 */ 606 if (wdev->iftype == NL80211_IFTYPE_ADHOC) 607 break; 608 609 /* for station, check that DA is the AP */ 610 if (!ether_addr_equal(wdev->current_bss->pub.bssid, 611 mgmt->da)) { 612 err = -ENOTCONN; 613 break; 614 } 615 break; 616 case NL80211_IFTYPE_AP: 617 case NL80211_IFTYPE_P2P_GO: 618 case NL80211_IFTYPE_AP_VLAN: 619 if (!ether_addr_equal(mgmt->bssid, wdev_address(wdev))) 620 err = -EINVAL; 621 break; 622 case NL80211_IFTYPE_MESH_POINT: 623 if (!ether_addr_equal(mgmt->sa, mgmt->bssid)) { 624 err = -EINVAL; 625 break; 626 } 627 /* 628 * check for mesh DA must be done by driver as 629 * cfg80211 doesn't track the stations 630 */ 631 break; 632 case NL80211_IFTYPE_P2P_DEVICE: 633 /* 634 * fall through, P2P device only supports 635 * public action frames 636 */ 637 default: 638 err = -EOPNOTSUPP; 639 break; 640 } 641 wdev_unlock(wdev); 642 643 if (err) 644 return err; 645 } 646 647 if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) 648 return -EINVAL; 649 650 /* Transmit the Action frame as requested by user space */ 651 return rdev_mgmt_tx(rdev, wdev, params, cookie); 652 } 653 654 bool cfg80211_rx_mgmt(struct wireless_dev *wdev, int freq, int sig_mbm, 655 const u8 *buf, size_t len, u32 flags) 656 { 657 struct wiphy *wiphy = wdev->wiphy; 658 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 659 struct cfg80211_mgmt_registration *reg; 660 const struct ieee80211_txrx_stypes *stypes = 661 &wiphy->mgmt_stypes[wdev->iftype]; 662 struct ieee80211_mgmt *mgmt = (void *)buf; 663 const u8 *data; 664 int data_len; 665 bool result = false; 666 __le16 ftype = mgmt->frame_control & 667 cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE); 668 u16 stype; 669 670 trace_cfg80211_rx_mgmt(wdev, freq, sig_mbm); 671 stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4; 672 673 if (!(stypes->rx & BIT(stype))) { 674 trace_cfg80211_return_bool(false); 675 return false; 676 } 677 678 data = buf + ieee80211_hdrlen(mgmt->frame_control); 679 data_len = len - ieee80211_hdrlen(mgmt->frame_control); 680 681 spin_lock_bh(&wdev->mgmt_registrations_lock); 682 683 list_for_each_entry(reg, &wdev->mgmt_registrations, list) { 684 if (reg->frame_type != ftype) 685 continue; 686 687 if (reg->match_len > data_len) 688 continue; 689 690 if (memcmp(reg->match, data, reg->match_len)) 691 continue; 692 693 /* found match! */ 694 695 /* Indicate the received Action frame to user space */ 696 if (nl80211_send_mgmt(rdev, wdev, reg->nlportid, 697 freq, sig_mbm, 698 buf, len, flags, GFP_ATOMIC)) 699 continue; 700 701 result = true; 702 break; 703 } 704 705 spin_unlock_bh(&wdev->mgmt_registrations_lock); 706 707 trace_cfg80211_return_bool(result); 708 return result; 709 } 710 EXPORT_SYMBOL(cfg80211_rx_mgmt); 711 712 void cfg80211_dfs_channels_update_work(struct work_struct *work) 713 { 714 struct delayed_work *delayed_work = to_delayed_work(work); 715 struct cfg80211_registered_device *rdev; 716 struct cfg80211_chan_def chandef; 717 struct ieee80211_supported_band *sband; 718 struct ieee80211_channel *c; 719 struct wiphy *wiphy; 720 bool check_again = false; 721 unsigned long timeout, next_time = 0; 722 int bandid, i; 723 724 rdev = container_of(delayed_work, struct cfg80211_registered_device, 725 dfs_update_channels_wk); 726 wiphy = &rdev->wiphy; 727 728 rtnl_lock(); 729 for (bandid = 0; bandid < IEEE80211_NUM_BANDS; bandid++) { 730 sband = wiphy->bands[bandid]; 731 if (!sband) 732 continue; 733 734 for (i = 0; i < sband->n_channels; i++) { 735 c = &sband->channels[i]; 736 737 if (c->dfs_state != NL80211_DFS_UNAVAILABLE) 738 continue; 739 740 timeout = c->dfs_state_entered + msecs_to_jiffies( 741 IEEE80211_DFS_MIN_NOP_TIME_MS); 742 743 if (time_after_eq(jiffies, timeout)) { 744 c->dfs_state = NL80211_DFS_USABLE; 745 c->dfs_state_entered = jiffies; 746 747 cfg80211_chandef_create(&chandef, c, 748 NL80211_CHAN_NO_HT); 749 750 nl80211_radar_notify(rdev, &chandef, 751 NL80211_RADAR_NOP_FINISHED, 752 NULL, GFP_ATOMIC); 753 continue; 754 } 755 756 if (!check_again) 757 next_time = timeout - jiffies; 758 else 759 next_time = min(next_time, timeout - jiffies); 760 check_again = true; 761 } 762 } 763 rtnl_unlock(); 764 765 /* reschedule if there are other channels waiting to be cleared again */ 766 if (check_again) 767 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 768 next_time); 769 } 770 771 772 void cfg80211_radar_event(struct wiphy *wiphy, 773 struct cfg80211_chan_def *chandef, 774 gfp_t gfp) 775 { 776 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 777 unsigned long timeout; 778 779 trace_cfg80211_radar_event(wiphy, chandef); 780 781 /* only set the chandef supplied channel to unavailable, in 782 * case the radar is detected on only one of multiple channels 783 * spanned by the chandef. 784 */ 785 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_UNAVAILABLE); 786 787 timeout = msecs_to_jiffies(IEEE80211_DFS_MIN_NOP_TIME_MS); 788 queue_delayed_work(cfg80211_wq, &rdev->dfs_update_channels_wk, 789 timeout); 790 791 nl80211_radar_notify(rdev, chandef, NL80211_RADAR_DETECTED, NULL, gfp); 792 } 793 EXPORT_SYMBOL(cfg80211_radar_event); 794 795 void cfg80211_cac_event(struct net_device *netdev, 796 const struct cfg80211_chan_def *chandef, 797 enum nl80211_radar_event event, gfp_t gfp) 798 { 799 struct wireless_dev *wdev = netdev->ieee80211_ptr; 800 struct wiphy *wiphy = wdev->wiphy; 801 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 802 unsigned long timeout; 803 804 trace_cfg80211_cac_event(netdev, event); 805 806 if (WARN_ON(!wdev->cac_started)) 807 return; 808 809 if (WARN_ON(!wdev->chandef.chan)) 810 return; 811 812 switch (event) { 813 case NL80211_RADAR_CAC_FINISHED: 814 timeout = wdev->cac_start_time + 815 msecs_to_jiffies(wdev->cac_time_ms); 816 WARN_ON(!time_after_eq(jiffies, timeout)); 817 cfg80211_set_dfs_state(wiphy, chandef, NL80211_DFS_AVAILABLE); 818 break; 819 case NL80211_RADAR_CAC_ABORTED: 820 break; 821 default: 822 WARN_ON(1); 823 return; 824 } 825 wdev->cac_started = false; 826 827 nl80211_radar_notify(rdev, chandef, event, netdev, gfp); 828 } 829 EXPORT_SYMBOL(cfg80211_cac_event); 830